From 27ac046d8a534dc691e86f43d94192f50cd54254 Mon Sep 17 00:00:00 2001
From: Phillip Webb <pwebb@vmware.com>
Date: Wed, 5 Aug 2020 17:24:50 -0700
Subject: [PATCH 01/84] Rename *Test.java -> *Tests.java

Rename a few test classes that accidentally ended in `Test` instead of
`Tests`.

Issue gh-8945
---
 .../{AclClassIdUtilsTest.java => AclClassIdUtilsTests.java} | 2 +-
 ....java => LdapAuthenticationProviderConfigurerTests.java} | 2 +-
 ...nTest.java => ServerHttpSecurityConfigurationTests.java} | 2 +-
 ...anTest.java => UserDetailsResourceFactoryBeanTests.java} | 2 +-
 .../security/config/http/FormLoginConfigTests.java          | 6 +++---
 .../{WebConfigUtilsTest.java => WebConfigUtilsTests.java}   | 2 +-
 ...ssorTest.java => MessageSecurityPostProcessorTests.java} | 2 +-
 .../security/config/http/FormLoginConfigTests-UsingSpel.xml | 6 +++---
 ...RsaKeyConvertersTest.java => RsaKeyConvertersTests.java} | 2 +-
 ...a => BouncyCastleAesBytesEncryptorEquivalencyTests.java} | 2 +-
 ...torTest.java => BouncyCastleAesBytesEncryptorTests.java} | 2 +-
 ...dMessageMatcherTest.java => AndMessageMatcherTests.java} | 2 +-
 ...OrMessageMatcherTest.java => OrMessageMatcherTests.java} | 2 +-
 ...RegistrationsTest.java => ClientRegistrationsTests.java} | 2 +-
 ...AuthorizationCodeAuthenticationTokenConverterTests.java} | 2 +-
 ...java => MapOAuth2AccessTokenResponseConverterTests.java} | 2 +-
 ...java => OAuth2AccessTokenResponseMapConverterTests.java} | 2 +-
 ...adExchangeMatcherReactiveAuthorizationManagerTests.java} | 2 +-
 ...etadataFilterTest.java => Saml2MetadataFilterTests.java} | 2 +-
 .../debug/{DebugFilterTest.java => DebugFilterTests.java}   | 2 +-
 ...ReactivePreAuthenticatedAuthenticationManagerTests.java} | 2 +-
 21 files changed, 25 insertions(+), 25 deletions(-)
 rename acl/src/test/java/org/springframework/security/acls/jdbc/{AclClassIdUtilsTest.java => AclClassIdUtilsTests.java} (99%)
 rename config/src/test/java/org/springframework/security/config/annotation/authentication/configurers/ldap/{LdapAuthenticationProviderConfigurerTest.java => LdapAuthenticationProviderConfigurerTests.java} (96%)
 rename config/src/test/java/org/springframework/security/config/annotation/web/reactive/{ServerHttpSecurityConfigurationTest.java => ServerHttpSecurityConfigurationTests.java} (97%)
 rename config/src/test/java/org/springframework/security/config/core/userdetails/{UserDetailsResourceFactoryBeanTest.java => UserDetailsResourceFactoryBeanTests.java} (98%)
 rename config/src/test/java/org/springframework/security/config/http/{WebConfigUtilsTest.java => WebConfigUtilsTests.java} (97%)
 rename config/src/test/java/org/springframework/security/config/websocket/{MessageSecurityPostProcessorTest.java => MessageSecurityPostProcessorTests.java} (96%)
 rename core/src/test/java/org/springframework/security/converter/{RsaKeyConvertersTest.java => RsaKeyConvertersTests.java} (99%)
 rename crypto/src/test/java/org/springframework/security/crypto/encrypt/{BouncyCastleAesBytesEncryptorEquivalencyTest.java => BouncyCastleAesBytesEncryptorEquivalencyTests.java} (98%)
 rename crypto/src/test/java/org/springframework/security/crypto/encrypt/{BouncyCastleAesBytesEncryptorTest.java => BouncyCastleAesBytesEncryptorTests.java} (98%)
 rename messaging/src/test/java/org/springframework/security/messaging/util/matcher/{AndMessageMatcherTest.java => AndMessageMatcherTests.java} (98%)
 rename messaging/src/test/java/org/springframework/security/messaging/util/matcher/{OrMessageMatcherTest.java => OrMessageMatcherTests.java} (98%)
 rename oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/{ClientRegistrationsTest.java => ClientRegistrationsTests.java} (99%)
 rename oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/{ServerOAuth2AuthorizationCodeAuthenticationTokenConverterTest.java => ServerOAuth2AuthorizationCodeAuthenticationTokenConverterTests.java} (99%)
 rename oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/{MapOAuth2AccessTokenResponseConverterTest.java => MapOAuth2AccessTokenResponseConverterTests.java} (98%)
 rename oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/{OAuth2AccessTokenResponseMapConverterTest.java => OAuth2AccessTokenResponseMapConverterTests.java} (98%)
 rename rsocket/src/test/java/org/springframework/security/rsocket/authorization/{PayloadExchangeMatcherReactiveAuthorizationManagerTest.java => PayloadExchangeMatcherReactiveAuthorizationManagerTests.java} (99%)
 rename saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/{Saml2MetadataFilterTest.java => Saml2MetadataFilterTests.java} (99%)
 rename web/src/test/java/org/springframework/security/web/debug/{DebugFilterTest.java => DebugFilterTests.java} (99%)
 rename web/src/test/java/org/springframework/security/web/server/authentication/{ReactivePreAuthenticatedAuthenticationManagerTest.java => ReactivePreAuthenticatedAuthenticationManagerTests.java} (98%)

diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/AclClassIdUtilsTest.java b/acl/src/test/java/org/springframework/security/acls/jdbc/AclClassIdUtilsTests.java
similarity index 99%
rename from acl/src/test/java/org/springframework/security/acls/jdbc/AclClassIdUtilsTest.java
rename to acl/src/test/java/org/springframework/security/acls/jdbc/AclClassIdUtilsTests.java
index 5dd2e36f31..d41341c466 100644
--- a/acl/src/test/java/org/springframework/security/acls/jdbc/AclClassIdUtilsTest.java
+++ b/acl/src/test/java/org/springframework/security/acls/jdbc/AclClassIdUtilsTests.java
@@ -37,7 +37,7 @@ import static org.mockito.BDDMockito.given;
  * @author paulwheeler
  */
 @RunWith(MockitoJUnitRunner.class)
-public class AclClassIdUtilsTest {
+public class AclClassIdUtilsTests {
 
 	private static final Long DEFAULT_IDENTIFIER = 999L;
 	private static final BigInteger BIGINT_IDENTIFIER = new BigInteger("999");
diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/configurers/ldap/LdapAuthenticationProviderConfigurerTest.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/configurers/ldap/LdapAuthenticationProviderConfigurerTests.java
similarity index 96%
rename from config/src/test/java/org/springframework/security/config/annotation/authentication/configurers/ldap/LdapAuthenticationProviderConfigurerTest.java
rename to config/src/test/java/org/springframework/security/config/annotation/authentication/configurers/ldap/LdapAuthenticationProviderConfigurerTests.java
index f3f33a91d9..b8b98509e6 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/authentication/configurers/ldap/LdapAuthenticationProviderConfigurerTest.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/configurers/ldap/LdapAuthenticationProviderConfigurerTests.java
@@ -24,7 +24,7 @@ import org.springframework.security.core.authority.mapping.SimpleAuthorityMapper
 
 import static org.assertj.core.api.Assertions.assertThat;
 
-public class LdapAuthenticationProviderConfigurerTest {
+public class LdapAuthenticationProviderConfigurerTests {
 
 	private LdapAuthenticationProviderConfigurer<AuthenticationManagerBuilder> configurer;
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfigurationTest.java b/config/src/test/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfigurationTests.java
similarity index 97%
rename from config/src/test/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfigurationTest.java
rename to config/src/test/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfigurationTests.java
index 31c07cc2e0..c7ae2e2d78 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfigurationTest.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfigurationTests.java
@@ -30,7 +30,7 @@ import static org.assertj.core.api.Assertions.assertThat;
  *
  * @author Eleftheria Stein
  */
-public class ServerHttpSecurityConfigurationTest {
+public class ServerHttpSecurityConfigurationTests {
 	@Rule
 	public final SpringTestRule spring = new SpringTestRule();
 
diff --git a/config/src/test/java/org/springframework/security/config/core/userdetails/UserDetailsResourceFactoryBeanTest.java b/config/src/test/java/org/springframework/security/config/core/userdetails/UserDetailsResourceFactoryBeanTests.java
similarity index 98%
rename from config/src/test/java/org/springframework/security/config/core/userdetails/UserDetailsResourceFactoryBeanTest.java
rename to config/src/test/java/org/springframework/security/config/core/userdetails/UserDetailsResourceFactoryBeanTests.java
index 8b53fc0e34..6317995e78 100644
--- a/config/src/test/java/org/springframework/security/config/core/userdetails/UserDetailsResourceFactoryBeanTest.java
+++ b/config/src/test/java/org/springframework/security/config/core/userdetails/UserDetailsResourceFactoryBeanTests.java
@@ -35,7 +35,7 @@ import static org.assertj.core.api.AssertionsForClassTypes.assertThatThrownBy;
  * @since 5.0
  */
 @RunWith(MockitoJUnitRunner.class)
-public class UserDetailsResourceFactoryBeanTest {
+public class UserDetailsResourceFactoryBeanTests {
 	@Mock
 	ResourceLoader resourceLoader;
 
diff --git a/config/src/test/java/org/springframework/security/config/http/FormLoginConfigTests.java b/config/src/test/java/org/springframework/security/config/http/FormLoginConfigTests.java
index 1fd9c265e2..56bbe0b062 100644
--- a/config/src/test/java/org/springframework/security/config/http/FormLoginConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/FormLoginConfigTests.java
@@ -95,16 +95,16 @@ public class FormLoginConfigTests {
 				.param("username", "user")
 				.param("password", "password")
 				.with(csrf()))
-				.andExpect(redirectedUrl(WebConfigUtilsTest.URL + "/default"));
+				.andExpect(redirectedUrl(WebConfigUtilsTests.URL + "/default"));
 
 		this.mvc.perform(post("/login")
 				.param("username", "user")
 				.param("password", "wrong")
 				.with(csrf()))
-				.andExpect(redirectedUrl(WebConfigUtilsTest.URL + "/failure"));
+				.andExpect(redirectedUrl(WebConfigUtilsTests.URL + "/failure"));
 
 		this.mvc.perform(get("/"))
-				.andExpect(redirectedUrl("http://localhost" + WebConfigUtilsTest.URL + "/login"));
+				.andExpect(redirectedUrl("http://localhost" + WebConfigUtilsTests.URL + "/login"));
 	}
 
 	@Test
diff --git a/config/src/test/java/org/springframework/security/config/http/WebConfigUtilsTest.java b/config/src/test/java/org/springframework/security/config/http/WebConfigUtilsTests.java
similarity index 97%
rename from config/src/test/java/org/springframework/security/config/http/WebConfigUtilsTest.java
rename to config/src/test/java/org/springframework/security/config/http/WebConfigUtilsTests.java
index 0eb0023f65..532fea1706 100644
--- a/config/src/test/java/org/springframework/security/config/http/WebConfigUtilsTest.java
+++ b/config/src/test/java/org/springframework/security/config/http/WebConfigUtilsTests.java
@@ -26,7 +26,7 @@ import org.springframework.beans.factory.xml.ParserContext;
 
 @RunWith(PowerMockRunner.class)
 @PrepareOnlyThisForTest(ParserContext.class)
-public class WebConfigUtilsTest {
+public class WebConfigUtilsTests {
 	public final static String URL = "/url";
 
 	@Mock
diff --git a/config/src/test/java/org/springframework/security/config/websocket/MessageSecurityPostProcessorTest.java b/config/src/test/java/org/springframework/security/config/websocket/MessageSecurityPostProcessorTests.java
similarity index 96%
rename from config/src/test/java/org/springframework/security/config/websocket/MessageSecurityPostProcessorTest.java
rename to config/src/test/java/org/springframework/security/config/websocket/MessageSecurityPostProcessorTests.java
index e05ee31365..cf8a615684 100644
--- a/config/src/test/java/org/springframework/security/config/websocket/MessageSecurityPostProcessorTest.java
+++ b/config/src/test/java/org/springframework/security/config/websocket/MessageSecurityPostProcessorTests.java
@@ -20,7 +20,7 @@ import org.springframework.beans.factory.support.BeanDefinitionRegistry;
 import org.springframework.beans.factory.support.GenericBeanDefinition;
 import org.springframework.beans.factory.support.SimpleBeanDefinitionRegistry;
 
-public class MessageSecurityPostProcessorTest {
+public class MessageSecurityPostProcessorTests {
 
 	private WebSocketMessageBrokerSecurityBeanDefinitionParser.MessageSecurityPostProcessor postProcessor =
 		new WebSocketMessageBrokerSecurityBeanDefinitionParser.MessageSecurityPostProcessor("id", false);
diff --git a/config/src/test/resources/org/springframework/security/config/http/FormLoginConfigTests-UsingSpel.xml b/config/src/test/resources/org/springframework/security/config/http/FormLoginConfigTests-UsingSpel.xml
index 7cc3784f25..8146964536 100644
--- a/config/src/test/resources/org/springframework/security/config/http/FormLoginConfigTests-UsingSpel.xml
+++ b/config/src/test/resources/org/springframework/security/config/http/FormLoginConfigTests-UsingSpel.xml
@@ -27,9 +27,9 @@
 	<http auto-config="true" use-expressions="false">
 		<intercept-url pattern="/**" access="ROLE_USER"/>
 		<form-login
-				default-target-url="#{T(org.springframework.security.config.http.WebConfigUtilsTest).URL}/default"
-				authentication-failure-url="#{T(org.springframework.security.config.http.WebConfigUtilsTest).URL}/failure"
-				login-page="#{T(org.springframework.security.config.http.WebConfigUtilsTest).URL}/login"/>
+				default-target-url="#{T(org.springframework.security.config.http.WebConfigUtilsTests).URL}/default"
+				authentication-failure-url="#{T(org.springframework.security.config.http.WebConfigUtilsTests).URL}/failure"
+				login-page="#{T(org.springframework.security.config.http.WebConfigUtilsTests).URL}/login"/>
 	</http>
 
 	<b:import resource="userservice.xml"/>
diff --git a/core/src/test/java/org/springframework/security/converter/RsaKeyConvertersTest.java b/core/src/test/java/org/springframework/security/converter/RsaKeyConvertersTests.java
similarity index 99%
rename from core/src/test/java/org/springframework/security/converter/RsaKeyConvertersTest.java
rename to core/src/test/java/org/springframework/security/converter/RsaKeyConvertersTests.java
index f1ba277e12..90a4450149 100644
--- a/core/src/test/java/org/springframework/security/converter/RsaKeyConvertersTest.java
+++ b/core/src/test/java/org/springframework/security/converter/RsaKeyConvertersTests.java
@@ -32,7 +32,7 @@ import org.springframework.core.convert.converter.Converter;
 /**
  * Tests for {@link RsaKeyConverters}
  */
-public class RsaKeyConvertersTest {
+public class RsaKeyConvertersTests {
 	private static final String PKCS8_PRIVATE_KEY = "-----BEGIN PRIVATE KEY-----\n" +
 			"MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCMk7CKSTfu3QoV\n" +
 			"HoPVXxwZO+qweztd36cVWYqGOZinrOR2crWFu50AgR2CsdIH0+cqo7F4Vx7/3O8i\n" +
diff --git a/crypto/src/test/java/org/springframework/security/crypto/encrypt/BouncyCastleAesBytesEncryptorEquivalencyTest.java b/crypto/src/test/java/org/springframework/security/crypto/encrypt/BouncyCastleAesBytesEncryptorEquivalencyTests.java
similarity index 98%
rename from crypto/src/test/java/org/springframework/security/crypto/encrypt/BouncyCastleAesBytesEncryptorEquivalencyTest.java
rename to crypto/src/test/java/org/springframework/security/crypto/encrypt/BouncyCastleAesBytesEncryptorEquivalencyTests.java
index 548b3791af..d4c5c73e72 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/encrypt/BouncyCastleAesBytesEncryptorEquivalencyTest.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/encrypt/BouncyCastleAesBytesEncryptorEquivalencyTests.java
@@ -27,7 +27,7 @@ import org.springframework.security.crypto.encrypt.AesBytesEncryptor.CipherAlgor
 import org.springframework.security.crypto.keygen.BytesKeyGenerator;
 import org.springframework.security.crypto.keygen.KeyGenerators;
 
-public class BouncyCastleAesBytesEncryptorEquivalencyTest {
+public class BouncyCastleAesBytesEncryptorEquivalencyTests {
 
 	private byte[] testData;
 	private String password;
diff --git a/crypto/src/test/java/org/springframework/security/crypto/encrypt/BouncyCastleAesBytesEncryptorTest.java b/crypto/src/test/java/org/springframework/security/crypto/encrypt/BouncyCastleAesBytesEncryptorTests.java
similarity index 98%
rename from crypto/src/test/java/org/springframework/security/crypto/encrypt/BouncyCastleAesBytesEncryptorTest.java
rename to crypto/src/test/java/org/springframework/security/crypto/encrypt/BouncyCastleAesBytesEncryptorTests.java
index 3efe507387..f4bd049c33 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/encrypt/BouncyCastleAesBytesEncryptorTest.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/encrypt/BouncyCastleAesBytesEncryptorTests.java
@@ -25,7 +25,7 @@ import org.junit.Test;
 import org.springframework.security.crypto.codec.Hex;
 import org.springframework.security.crypto.keygen.KeyGenerators;
 
-public class BouncyCastleAesBytesEncryptorTest {
+public class BouncyCastleAesBytesEncryptorTests {
 
 	private byte[] testData;
 	private String password;
diff --git a/messaging/src/test/java/org/springframework/security/messaging/util/matcher/AndMessageMatcherTest.java b/messaging/src/test/java/org/springframework/security/messaging/util/matcher/AndMessageMatcherTests.java
similarity index 98%
rename from messaging/src/test/java/org/springframework/security/messaging/util/matcher/AndMessageMatcherTest.java
rename to messaging/src/test/java/org/springframework/security/messaging/util/matcher/AndMessageMatcherTests.java
index a765f18e77..f0d3777729 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/util/matcher/AndMessageMatcherTest.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/util/matcher/AndMessageMatcherTests.java
@@ -29,7 +29,7 @@ import org.mockito.junit.MockitoJUnitRunner;
 import org.springframework.messaging.Message;
 
 @RunWith(MockitoJUnitRunner.class)
-public class AndMessageMatcherTest {
+public class AndMessageMatcherTests {
 	@Mock
 	private MessageMatcher<Object> delegate;
 
diff --git a/messaging/src/test/java/org/springframework/security/messaging/util/matcher/OrMessageMatcherTest.java b/messaging/src/test/java/org/springframework/security/messaging/util/matcher/OrMessageMatcherTests.java
similarity index 98%
rename from messaging/src/test/java/org/springframework/security/messaging/util/matcher/OrMessageMatcherTest.java
rename to messaging/src/test/java/org/springframework/security/messaging/util/matcher/OrMessageMatcherTests.java
index 0e132cffe5..8f4843ab43 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/util/matcher/OrMessageMatcherTest.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/util/matcher/OrMessageMatcherTests.java
@@ -29,7 +29,7 @@ import org.mockito.junit.MockitoJUnitRunner;
 import org.springframework.messaging.Message;
 
 @RunWith(MockitoJUnitRunner.class)
-public class OrMessageMatcherTest {
+public class OrMessageMatcherTests {
 	@Mock
 	private MessageMatcher<Object> delegate;
 
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationsTest.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationsTests.java
similarity index 99%
rename from oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationsTest.java
rename to oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationsTests.java
index 03677717b1..2f3a239738 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationsTest.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationsTests.java
@@ -42,7 +42,7 @@ import static org.assertj.core.api.Assertions.assertThatThrownBy;
  * @author Rafiullah Hamedy
  * @since 5.1
  */
-public class ClientRegistrationsTest {
+public class ClientRegistrationsTests {
 
 	/**
 	 * Contains all optional parameters that are found in ClientRegistration
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizationCodeAuthenticationTokenConverterTest.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizationCodeAuthenticationTokenConverterTests.java
similarity index 99%
rename from oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizationCodeAuthenticationTokenConverterTest.java
rename to oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizationCodeAuthenticationTokenConverterTests.java
index 9f921392d8..feb4ab5d7c 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizationCodeAuthenticationTokenConverterTest.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizationCodeAuthenticationTokenConverterTests.java
@@ -47,7 +47,7 @@ import static org.mockito.Mockito.when;
  * @since 5.1
  */
 @RunWith(MockitoJUnitRunner.class)
-public class ServerOAuth2AuthorizationCodeAuthenticationTokenConverterTest {
+public class ServerOAuth2AuthorizationCodeAuthenticationTokenConverterTests {
 	@Mock
 	private ReactiveClientRegistrationRepository clientRegistrationRepository;
 
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/MapOAuth2AccessTokenResponseConverterTest.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/MapOAuth2AccessTokenResponseConverterTests.java
similarity index 98%
rename from oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/MapOAuth2AccessTokenResponseConverterTest.java
rename to oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/MapOAuth2AccessTokenResponseConverterTests.java
index 56dd03f83f..6af7ed499d 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/MapOAuth2AccessTokenResponseConverterTest.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/MapOAuth2AccessTokenResponseConverterTests.java
@@ -32,7 +32,7 @@ import org.springframework.security.oauth2.core.OAuth2RefreshToken;
  *
  * @author Nikita Konev
  */
-public class MapOAuth2AccessTokenResponseConverterTest {
+public class MapOAuth2AccessTokenResponseConverterTests {
 
 	private MapOAuth2AccessTokenResponseConverter messageConverter;
 
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseMapConverterTest.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseMapConverterTests.java
similarity index 98%
rename from oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseMapConverterTest.java
rename to oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseMapConverterTests.java
index cdeb3dd73d..980155b6c9 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseMapConverterTest.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseMapConverterTests.java
@@ -31,7 +31,7 @@ import org.springframework.security.oauth2.core.OAuth2AccessToken;
  *
  * @author Nikita Konev
  */
-public class OAuth2AccessTokenResponseMapConverterTest {
+public class OAuth2AccessTokenResponseMapConverterTests {
 
 	private OAuth2AccessTokenResponseMapConverter messageConverter;
 
diff --git a/rsocket/src/test/java/org/springframework/security/rsocket/authorization/PayloadExchangeMatcherReactiveAuthorizationManagerTest.java b/rsocket/src/test/java/org/springframework/security/rsocket/authorization/PayloadExchangeMatcherReactiveAuthorizationManagerTests.java
similarity index 99%
rename from rsocket/src/test/java/org/springframework/security/rsocket/authorization/PayloadExchangeMatcherReactiveAuthorizationManagerTest.java
rename to rsocket/src/test/java/org/springframework/security/rsocket/authorization/PayloadExchangeMatcherReactiveAuthorizationManagerTests.java
index 03a614b792..2a0fceafe3 100644
--- a/rsocket/src/test/java/org/springframework/security/rsocket/authorization/PayloadExchangeMatcherReactiveAuthorizationManagerTest.java
+++ b/rsocket/src/test/java/org/springframework/security/rsocket/authorization/PayloadExchangeMatcherReactiveAuthorizationManagerTests.java
@@ -37,7 +37,7 @@ import static org.mockito.Mockito.when;
  * @author Rob Winch
  */
 @RunWith(MockitoJUnitRunner.class)
-public class PayloadExchangeMatcherReactiveAuthorizationManagerTest {
+public class PayloadExchangeMatcherReactiveAuthorizationManagerTests {
 
 	@Mock
 	private ReactiveAuthorizationManager<PayloadExchangeAuthorizationContext> authz;
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilterTest.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilterTests.java
similarity index 99%
rename from saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilterTest.java
rename to saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilterTests.java
index 4c490bd284..658afcbd96 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilterTest.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilterTests.java
@@ -39,7 +39,7 @@ import static org.springframework.security.saml2.provider.service.registration.T
 /**
  * Tests for {@link Saml2MetadataFilter}
  */
-public class Saml2MetadataFilterTest {
+public class Saml2MetadataFilterTests {
 
 	RelyingPartyRegistrationRepository repository;
 	Saml2MetadataResolver resolver;
diff --git a/web/src/test/java/org/springframework/security/web/debug/DebugFilterTest.java b/web/src/test/java/org/springframework/security/web/debug/DebugFilterTests.java
similarity index 99%
rename from web/src/test/java/org/springframework/security/web/debug/DebugFilterTest.java
rename to web/src/test/java/org/springframework/security/web/debug/DebugFilterTests.java
index 7570448e5e..728630334f 100644
--- a/web/src/test/java/org/springframework/security/web/debug/DebugFilterTest.java
+++ b/web/src/test/java/org/springframework/security/web/debug/DebugFilterTests.java
@@ -48,7 +48,7 @@ import org.springframework.test.util.ReflectionTestUtils;
  */
 @RunWith(PowerMockRunner.class)
 @PrepareOnlyThisForTest(Logger.class)
-public class DebugFilterTest {
+public class DebugFilterTests {
 	@Captor
 	private ArgumentCaptor<HttpServletRequest> requestCaptor;
 	@Captor
diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/ReactivePreAuthenticatedAuthenticationManagerTest.java b/web/src/test/java/org/springframework/security/web/server/authentication/ReactivePreAuthenticatedAuthenticationManagerTests.java
similarity index 98%
rename from web/src/test/java/org/springframework/security/web/server/authentication/ReactivePreAuthenticatedAuthenticationManagerTest.java
rename to web/src/test/java/org/springframework/security/web/server/authentication/ReactivePreAuthenticatedAuthenticationManagerTests.java
index 16925d7b9e..9dacbd93a6 100644
--- a/web/src/test/java/org/springframework/security/web/server/authentication/ReactivePreAuthenticatedAuthenticationManagerTest.java
+++ b/web/src/test/java/org/springframework/security/web/server/authentication/ReactivePreAuthenticatedAuthenticationManagerTests.java
@@ -39,7 +39,7 @@ import static org.mockito.Mockito.when;
  * @author Alexey Nesterov
  * @since 5.2
  */
-public class ReactivePreAuthenticatedAuthenticationManagerTest {
+public class ReactivePreAuthenticatedAuthenticationManagerTests {
 
 	private ReactiveUserDetailsService mockUserDetailsService
 			= mock(ReactiveUserDetailsService.class);

From 103d822e46e7df613e37d2ee619df2dc348153b6 Mon Sep 17 00:00:00 2001
From: Phillip Webb <pwebb@vmware.com>
Date: Thu, 23 Jul 2020 12:40:37 -0700
Subject: [PATCH 02/84] Add noformat blocks around http config

Find `http` config using a regex search of `^\s*https*$` and protect
them against formatting.

Issue gh-8945
---
 .../WebSecurityConfigurerAdapter.java         |  4 +--
 .../web/configurers/X509Configurer.java       |  4 +--
 .../WebFluxSecurityConfiguration.java         |  6 ++++
 .../config/web/server/ServerHttpSecurity.java |  4 +++
 .../annotation/issue50/SecurityConfig.java    |  8 ++---
 .../annotation/sec2758/Sec2758Tests.java      |  2 ++
 ...RequestMatcherRegistryAnyMatcherTests.java | 10 ++++++
 ...mpleWebSecurityConfigurerAdapterTests.java |  6 ++++
 .../web/builders/HttpConfigurationTests.java  |  6 ++++
 .../web/builders/NamespaceHttpTests.java      | 36 +++++++++++++++++++
 .../configuration/EnableWebSecurityTests.java |  2 ++
 .../WebSecurityConfigurationTests.java        | 24 +++++++++++++
 .../configurers/AnonymousConfigurerTests.java |  2 ++
 .../configurers/FormLoginConfigurerTests.java |  2 ++
 .../HttpSecurityAntMatchersTests.java         |  4 +++
 .../configurers/HttpSecurityLogoutTests.java  |  2 ++
 .../LogoutConfigurerClearSiteDataTests.java   |  2 ++
 .../configurers/NamespaceHttpBasicTests.java  |  8 +++++
 .../NamespaceHttpCustomFilterTests.java       | 10 ++++++
 .../NamespaceHttpExpressionHandlerTests.java  |  3 +-
 .../NamespaceHttpFormLoginTests.java          |  7 +++-
 .../NamespaceHttpHeadersTests.java            | 20 +++++++++++
 .../NamespaceHttpInterceptUrlTests.java       |  2 ++
 .../configurers/NamespaceHttpJeeTests.java    |  4 +++
 .../configurers/NamespaceHttpLogoutTests.java |  5 ++-
 .../NamespaceHttpOpenIDLoginTests.java        | 10 ++++--
 .../NamespaceHttpPortMappingsTests.java       |  2 ++
 .../NamespaceHttpRequestCacheTests.java       |  4 +++
 ...aceHttpServerAccessDeniedHandlerTests.java |  4 +++
 .../configurers/NamespaceHttpX509Tests.java   | 12 +++++++
 .../NamespaceSessionManagementTests.java      | 14 ++++++++
 .../configurers/PermitAllSupportTests.java    |  4 +++
 .../PortMapperConfigurerTests.java            |  2 ++
 .../RequestCacheConfigurerTests.java          |  2 ++
 ...ionManagementConfigurerServlet31Tests.java |  4 +--
 ...rerSessionAuthenticationStrategyTests.java |  4 +--
 ...tConfigurerSessionCreationPolicyTests.java |  2 ++
 ...onfigurerTransientAuthenticationTests.java |  5 ++-
 .../client/OAuth2ClientConfigurerTests.java   |  2 ++
 .../client/OAuth2LoginConfigurerTests.java    | 22 ++++++++++++
 .../OAuth2ResourceServerConfigurerTests.java  |  6 ++--
 .../saml2/Saml2LoginConfigurerTests.java      |  4 +++
 .../core/GrantedAuthorityDefaultsJcTests.java |  2 ++
 .../customconfigurer/CustomConfigurer.java    |  6 ++--
 .../CustomHttpSecurityConfigurerTests.java    |  4 +++
 .../web/server/OAuth2ClientSpecTests.java     |  6 ++++
 .../config/web/server/OAuth2LoginTests.java   | 10 ++++--
 .../server/OAuth2ResourceServerSpecTests.java |  6 +---
 .../web/servlet/request/Sec2935Tests.java     |  2 ++
 ...rocessorsAuthenticationStatelessTests.java |  5 ++-
 ...equestPostProcessorsOAuth2ClientTests.java |  2 ++
 ...RequestPostProcessorsOAuth2LoginTests.java |  2 ++
 ...vcRequestPostProcessorsOidcLoginTests.java |  2 ++
 ...RequestPostProcessorsOpaqueTokenTests.java |  2 ++
 ...sorsTestSecurityContextStatelessTests.java |  5 ++-
 .../csrf/CustomCsrfShowcaseTests.java         |  4 +--
 .../CustomConfigAuthenticationTests.java      |  4 +--
 ...oginRequestBuilderAuthenticationTests.java |  4 +--
 .../DefaultfSecurityRequestsTests.java        |  4 +--
 .../secured/SecurityRequestsTests.java        |  4 +--
 .../secured/WithUserAuthenticationTests.java  |  4 +--
 ...WithUserClassLevelAuthenticationTests.java |  4 +--
 .../WithUserDetailsAuthenticationTests.java   |  4 +--
 ...rDetailsClassLevelAuthenticationTests.java |  4 +--
 .../test/web/support/WebTestUtilsTests.java   |  8 ++---
 65 files changed, 325 insertions(+), 59 deletions(-)

diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurerAdapter.java b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurerAdapter.java
index 4667967f99..6f3819549f 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurerAdapter.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurerAdapter.java
@@ -357,18 +357,18 @@ public abstract class WebSecurityConfigurerAdapter implements
 	 * @param http the {@link HttpSecurity} to modify
 	 * @throws Exception if an error occurs
 	 */
-	// @formatter:off
 	protected void configure(HttpSecurity http) throws Exception {
 		logger.debug("Using default configure(HttpSecurity). If subclassed this will potentially override subclass configure(HttpSecurity).");
 
+		// @formatter:off
 		http
 			.authorizeRequests()
 				.anyRequest().authenticated()
 				.and()
 			.formLogin().and()
 			.httpBasic();
+		// @formatter:on
 	}
-	// @formatter:on
 
 	/**
 	 * Gets the ApplicationContext
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/X509Configurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/X509Configurer.java
index 7b35c367ad..55d56086ed 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/X509Configurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/X509Configurer.java
@@ -169,17 +169,17 @@ public final class X509Configurer<H extends HttpSecurityBuilder<H>> extends
 		return this;
 	}
 
-	// @formatter:off
 	@Override
 	public void init(H http) {
 		PreAuthenticatedAuthenticationProvider authenticationProvider = new PreAuthenticatedAuthenticationProvider();
 		authenticationProvider.setPreAuthenticatedUserDetailsService(getAuthenticationUserDetailsService(http));
 
+		// @formatter:off
 		http
 			.authenticationProvider(authenticationProvider)
 			.setSharedObject(AuthenticationEntryPoint.class, new Http403ForbiddenEntryPoint());
+		// @formatter:on
 	}
-	// @formatter:on
 
 	@Override
 	public void configure(H http) {
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/reactive/WebFluxSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/web/reactive/WebFluxSecurityConfiguration.java
index 7fa4b1c6dd..368d99c015 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/reactive/WebFluxSecurityConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/reactive/WebFluxSecurityConfiguration.java
@@ -96,16 +96,20 @@ class WebFluxSecurityConfiguration {
 	 * @return
 	 */
 	private SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
+		// @formatter:off
 		http
 			.authorizeExchange()
 				.anyExchange().authenticated();
+		// @formatter:on
 
 		if (isOAuth2Present && OAuth2ClasspathGuard.shouldConfigure(this.context)) {
 			OAuth2ClasspathGuard.configure(this.context, http);
 		} else {
+			// @formatter:off
 			http
 				.httpBasic().and()
 				.formLogin();
+			// @formatter:on
 		}
 
 		SecurityWebFilterChain result = http.build();
@@ -114,9 +118,11 @@ class WebFluxSecurityConfiguration {
 
 	private static class OAuth2ClasspathGuard {
 		static void configure(ApplicationContext context, ServerHttpSecurity http) {
+			// @formatter:off
 			http
 				.oauth2Login().and()
 				.oauth2Client();
+			// @formatter:on
 		}
 
 		static boolean shouldConfigure(ApplicationContext context) {
diff --git a/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java b/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java
index 8334fce3eb..63fc32a93c 100644
--- a/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java
+++ b/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java
@@ -1812,6 +1812,7 @@ public class ServerHttpSecurity {
 
 		private void registerDefaultCsrfOverride(ServerHttpSecurity http) {
 			if ( http.csrf != null && !http.csrf.specifiedRequireCsrfProtectionMatcher ) {
+				// @formatter:off
 				http
 					.csrf()
 					.requireCsrfProtectionMatcher(
@@ -1819,6 +1820,7 @@ public class ServerHttpSecurity {
 									CsrfWebFilter.DEFAULT_CSRF_MATCHER,
 									new NegatedServerWebExchangeMatcher(
 											this.authenticationConverterServerWebExchangeMatcher)));
+				// @formatter:on
 			}
 		}
 
@@ -1920,8 +1922,10 @@ public class ServerHttpSecurity {
 				AuthenticationWebFilter oauth2 = new BearerTokenAuthenticationWebFilter(authenticationManager);
 				oauth2.setServerAuthenticationConverter(bearerTokenConverter);
 				oauth2.setAuthenticationFailureHandler(new ServerAuthenticationEntryPointFailureHandler(entryPoint));
+				// @formatter:off
 				http
 					.addFilterAt(oauth2, SecurityWebFiltersOrder.AUTHENTICATION);
+				// @formatter:on
 			}
 
 			protected ReactiveJwtDecoder getJwtDecoder() {
diff --git a/config/src/test/java/org/springframework/security/config/annotation/issue50/SecurityConfig.java b/config/src/test/java/org/springframework/security/config/annotation/issue50/SecurityConfig.java
index 6c9e56e5c6..b7051ebe51 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/issue50/SecurityConfig.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/issue50/SecurityConfig.java
@@ -45,22 +45,22 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
 	@Autowired
 	private UserRepository myUserRepository;
 
-	// @formatter:off
 	@Override
 	protected void configure(AuthenticationManagerBuilder auth) {
+		// @formatter:off
 		auth
 			.authenticationProvider(authenticationProvider());
+		// @formatter:on
 	}
-	// @formatter:on
 
-	// @formatter:off
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
+		// @formatter:off
 		http
 			.authorizeRequests()
 				.antMatchers("/*").permitAll();
+		// @formatter:on
 	}
-	// @formatter:on
 
 	@Bean
 	@Override
diff --git a/config/src/test/java/org/springframework/security/config/annotation/sec2758/Sec2758Tests.java b/config/src/test/java/org/springframework/security/config/annotation/sec2758/Sec2758Tests.java
index 9cf8126e3e..53441757f8 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/sec2758/Sec2758Tests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/sec2758/Sec2758Tests.java
@@ -96,9 +96,11 @@ public class Sec2758Tests {
 
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.authorizeRequests()
 					.anyRequest().access("hasAnyRole('CUSTOM')");
+			// @formatter:on
 		}
 
 		@Bean
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistryAnyMatcherTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistryAnyMatcherTests.java
index e0124a570f..b2694200b0 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistryAnyMatcherTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistryAnyMatcherTests.java
@@ -35,10 +35,12 @@ public class AbstractRequestMatcherRegistryAnyMatcherTests{
 	@EnableWebSecurity
 	static class AntMatchersAfterAnyRequestConfig extends WebSecurityConfigurerAdapter {
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.authorizeRequests()
 				.anyRequest().authenticated()
 				.antMatchers("/demo/**").permitAll();
+			// @formatter:on
 
 		}
 	}
@@ -51,10 +53,12 @@ public class AbstractRequestMatcherRegistryAnyMatcherTests{
 	@EnableWebSecurity
 	static class MvcMatchersAfterAnyRequestConfig extends WebSecurityConfigurerAdapter {
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.authorizeRequests()
 				.anyRequest().authenticated()
 				.mvcMatchers("/demo/**").permitAll();
+			// @formatter:on
 
 		}
 	}
@@ -67,10 +71,12 @@ public class AbstractRequestMatcherRegistryAnyMatcherTests{
 	@EnableWebSecurity
 	static class RegexMatchersAfterAnyRequestConfig extends WebSecurityConfigurerAdapter {
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.authorizeRequests()
 				.anyRequest().authenticated()
 				.regexMatchers(".*").permitAll();
+			// @formatter:on
 
 		}
 	}
@@ -83,10 +89,12 @@ public class AbstractRequestMatcherRegistryAnyMatcherTests{
 	@EnableWebSecurity
 	static class AnyRequestAfterItselfConfig extends WebSecurityConfigurerAdapter {
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.authorizeRequests()
 				.anyRequest().authenticated()
 				.anyRequest().permitAll();
+			// @formatter:on
 
 		}
 	}
@@ -99,10 +107,12 @@ public class AbstractRequestMatcherRegistryAnyMatcherTests{
 	@EnableWebSecurity
 	static class RequestMatchersAfterAnyRequestConfig extends WebSecurityConfigurerAdapter {
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.authorizeRequests()
 				.anyRequest().authenticated()
 				.requestMatchers(new AntPathRequestMatcher("/**")).permitAll();
+			// @formatter:on
 
 		}
 	}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/SampleWebSecurityConfigurerAdapterTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/SampleWebSecurityConfigurerAdapterTests.java
index b8304f9e13..218f261433 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/SampleWebSecurityConfigurerAdapterTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/SampleWebSecurityConfigurerAdapterTests.java
@@ -218,6 +218,7 @@ public class SampleWebSecurityConfigurerAdapterTests {
 
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.authorizeRequests()
 					.antMatchers("/signup", "/about").permitAll()
@@ -227,6 +228,7 @@ public class SampleWebSecurityConfigurerAdapterTests {
 					.loginPage("/login")
 						// set permitAll for all URLs associated with Form Login
 						.permitAll();
+			// @formatter:on
 		}
 
 		@Override
@@ -354,6 +356,7 @@ public class SampleWebSecurityConfigurerAdapterTests {
 		@Order(1)
 		public static class ApiWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {
 			protected void configure(HttpSecurity http) throws Exception {
+				// @formatter:off
 				http
 					.antMatcher("/api/**")
 						.authorizeRequests()
@@ -361,6 +364,7 @@ public class SampleWebSecurityConfigurerAdapterTests {
 							.antMatchers("/api/**").hasRole("USER")
 							.and()
 						.httpBasic();
+				// @formatter:on
 			}
 		}
 
@@ -375,6 +379,7 @@ public class SampleWebSecurityConfigurerAdapterTests {
 
 			@Override
 			protected void configure(HttpSecurity http) throws Exception {
+				// @formatter:off
 				http
 					.authorizeRequests()
 						.antMatchers("/signup", "/about").permitAll()
@@ -383,6 +388,7 @@ public class SampleWebSecurityConfigurerAdapterTests {
 					.formLogin()
 						.loginPage("/login")
 							.permitAll();
+				// @formatter:on
 			}
 		}
 	}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/builders/HttpConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/builders/HttpConfigurationTests.java
index dbeda6bdd2..00fa2b4e96 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/builders/HttpConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/builders/HttpConfigurationTests.java
@@ -68,8 +68,10 @@ public class HttpConfigurationTests {
 	static class UnregisteredFilterConfig extends WebSecurityConfigurerAdapter {
 
 		protected void configure(HttpSecurity http) {
+			// @formatter:off
 			http
 				.addFilter(new UnregisteredFilter());
+			// @formatter:on
 		}
 
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
@@ -105,8 +107,10 @@ public class HttpConfigurationTests {
 		static CasAuthenticationFilter CAS_AUTHENTICATION_FILTER;
 
 		protected void configure(HttpSecurity http) {
+			// @formatter:off
 			http
 				.addFilter(CAS_AUTHENTICATION_FILTER);
+			// @formatter:on
 		}
 	}
 
@@ -124,6 +128,7 @@ public class HttpConfigurationTests {
 	static class RequestMatcherRegistryConfigs extends WebSecurityConfigurerAdapter {
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.requestMatchers()
 					.antMatchers("/api/**")
@@ -133,6 +138,7 @@ public class HttpConfigurationTests {
 					.antMatchers("/**").hasRole("USER")
 					.and()
 				.httpBasic();
+			// @formatter:on
 		}
 	}
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/builders/NamespaceHttpTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/builders/NamespaceHttpTests.java
index d219a50dbe..d94e54403e 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/builders/NamespaceHttpTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/builders/NamespaceHttpTests.java
@@ -94,10 +94,12 @@ public class NamespaceHttpTests {
 
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.authorizeRequests()
 					.anyRequest().permitAll()
 				.accessDecisionManager(ACCESS_DECISION_MANAGER);
+			// @formatter:on
 		}
 	}
 
@@ -114,6 +116,7 @@ public class NamespaceHttpTests {
 	static class AccessDeniedPageConfig extends WebSecurityConfigurerAdapter {
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.authorizeRequests()
 					.antMatchers("/admin").hasRole("ADMIN")
@@ -121,6 +124,7 @@ public class NamespaceHttpTests {
 					.and()
 				.exceptionHandling()
 					.accessDeniedPage("/AccessDeniedPage");
+			// @formatter:on
 		}
 	}
 
@@ -145,11 +149,13 @@ public class NamespaceHttpTests {
 
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.authorizeRequests()
 					.anyRequest().authenticated()
 					.and()
 				.formLogin();
+			// @formatter:on
 		}
 	}
 
@@ -168,12 +174,14 @@ public class NamespaceHttpTests {
 	static class CreateSessionAlwaysConfig extends WebSecurityConfigurerAdapter {
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.authorizeRequests()
 					.anyRequest().permitAll()
 					.and()
 				.sessionManagement()
 					.sessionCreationPolicy(SessionCreationPolicy.ALWAYS);
+			// @formatter:on
 		}
 	}
 
@@ -191,12 +199,14 @@ public class NamespaceHttpTests {
 	static class CreateSessionStatelessConfig extends WebSecurityConfigurerAdapter {
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.authorizeRequests()
 					.anyRequest().permitAll()
 					.and()
 				.sessionManagement()
 					.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
+			// @formatter:on
 		}
 	}
 
@@ -220,6 +230,7 @@ public class NamespaceHttpTests {
 	static class IfRequiredConfig extends WebSecurityConfigurerAdapter {
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.authorizeRequests()
 					.antMatchers("/unsecure").permitAll()
@@ -229,6 +240,7 @@ public class NamespaceHttpTests {
 					.sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
 					.and()
 				.formLogin();
+			// @formatter:on
 		}
 	}
 
@@ -246,12 +258,14 @@ public class NamespaceHttpTests {
 	static class CreateSessionNeverConfig extends WebSecurityConfigurerAdapter {
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.authorizeRequests()
 					.anyRequest().anonymous()
 					.and()
 				.sessionManagement()
 					.sessionCreationPolicy(SessionCreationPolicy.NEVER);
+			// @formatter:on
 		}
 	}
 
@@ -268,6 +282,7 @@ public class NamespaceHttpTests {
 	static class EntryPointRefConfig extends WebSecurityConfigurerAdapter {
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.authorizeRequests()
 					.anyRequest().authenticated()
@@ -276,6 +291,7 @@ public class NamespaceHttpTests {
 					.authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/entry-point"))
 					.and()
 				.formLogin();
+			// @formatter:on
 		}
 	}
 
@@ -299,8 +315,10 @@ public class NamespaceHttpTests {
 	static class JaasApiProvisionConfig extends WebSecurityConfigurerAdapter {
 		@Override
 		protected void configure(HttpSecurity http) {
+			// @formatter:off
 			http
 				.addFilter(new JaasApiIntegrationFilter());
+			// @formatter:on
 		}
 	}
 
@@ -317,12 +335,14 @@ public class NamespaceHttpTests {
 	static class RealmConfig extends WebSecurityConfigurerAdapter {
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.authorizeRequests()
 					.anyRequest().authenticated()
 					.and()
 				.httpBasic()
 					.realmName("RealmConfig");
+			// @formatter:on
 		}
 	}
 
@@ -341,8 +361,10 @@ public class NamespaceHttpTests {
 	static class RequestMatcherAntConfig extends WebSecurityConfigurerAdapter {
 		@Override
 		protected void configure(HttpSecurity http) {
+			// @formatter:off
 			http
 				.antMatcher("/api/**");
+			// @formatter:on
 		}
 	}
 
@@ -361,8 +383,10 @@ public class NamespaceHttpTests {
 	static class RequestMatcherRegexConfig extends WebSecurityConfigurerAdapter {
 		@Override
 		protected void configure(HttpSecurity http) {
+			// @formatter:off
 			http
 				.regexMatcher("/regex/.*");
+			// @formatter:on
 		}
 	}
 
@@ -381,8 +405,10 @@ public class NamespaceHttpTests {
 	static class RequestMatcherRefConfig extends WebSecurityConfigurerAdapter {
 		@Override
 		protected void configure(HttpSecurity http) {
+			// @formatter:off
 			http
 				.requestMatcher(new MyRequestMatcher());
+			// @formatter:on
 		}
 
 		static class MyRequestMatcher implements RequestMatcher {
@@ -439,6 +465,7 @@ public class NamespaceHttpTests {
 	static class SecurityContextRepoConfig extends WebSecurityConfigurerAdapter {
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.authorizeRequests()
 					.anyRequest().authenticated()
@@ -447,6 +474,7 @@ public class NamespaceHttpTests {
 					.securityContextRepository(new NullSecurityContextRepository())
 					.and()
 				.formLogin();
+			// @formatter:on
 		}
 
 		@Override
@@ -470,12 +498,14 @@ public class NamespaceHttpTests {
 	static class ServletApiProvisionConfig extends WebSecurityConfigurerAdapter {
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.authorizeRequests()
 					.anyRequest().permitAll()
 					.and()
 				.servletApi()
 					.disable();
+			// @formatter:on
 		}
 	}
 
@@ -492,9 +522,11 @@ public class NamespaceHttpTests {
 	static class ServletApiProvisionDefaultsConfig extends WebSecurityConfigurerAdapter {
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.authorizeRequests()
 					.anyRequest().permitAll();
+			// @formatter:on
 		}
 	}
 
@@ -525,11 +557,13 @@ public class NamespaceHttpTests {
 
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.authorizeRequests()
 					.antMatchers("/users**", "/sessions/**").hasRole("USER")
 					.antMatchers("/signup").permitAll()
 					.anyRequest().hasRole("USER");
+			// @formatter:on
 		}
 
 		@Override
@@ -560,11 +594,13 @@ public class NamespaceHttpTests {
 
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.apply(new UrlAuthorizationConfigurer<>(getApplicationContext())).getRegistry()
 					.antMatchers("/users**", "/sessions/**").hasRole("USER")
 					.antMatchers("/signup").hasRole("ANONYMOUS")
 					.anyRequest().hasRole("USER");
+			// @formatter:on
 		}
 
 		@Override
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/EnableWebSecurityTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/EnableWebSecurityTests.java
index 180dcac62b..fd77bea5d5 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/EnableWebSecurityTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/EnableWebSecurityTests.java
@@ -77,11 +77,13 @@ public class EnableWebSecurityTests {
 
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.authorizeRequests()
 					.antMatchers("/*").hasRole("USER")
 					.and()
 				.formLogin();
+			// @formatter:on
 		}
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurationTests.java
index 29dab5ac05..6f27f16b18 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurationTests.java
@@ -127,10 +127,12 @@ public class WebSecurityConfigurationTests {
 
 			@Override
 			protected void configure(HttpSecurity http) throws Exception {
+				// @formatter:off
 				http
 					.antMatcher("/role1/**")
 					.authorizeRequests()
 						.anyRequest().hasRole("1");
+				// @formatter:on
 			}
 		}
 
@@ -139,10 +141,12 @@ public class WebSecurityConfigurationTests {
 		static class WebConfigurer2 extends WebSecurityConfigurerAdapter {
 			@Override
 			protected void configure(HttpSecurity http) throws Exception {
+				// @formatter:off
 				http
 					.antMatcher("/role2/**")
 					.authorizeRequests()
 						.anyRequest().hasRole("2");
+				// @formatter:on
 			}
 		}
 
@@ -151,10 +155,12 @@ public class WebSecurityConfigurationTests {
 		static class WebConfigurer3 extends WebSecurityConfigurerAdapter {
 			@Override
 			protected void configure(HttpSecurity http) throws Exception {
+				// @formatter:off
 				http
 					.antMatcher("/role3/**")
 					.authorizeRequests()
 						.anyRequest().hasRole("3");
+				// @formatter:on
 			}
 		}
 
@@ -163,9 +169,11 @@ public class WebSecurityConfigurationTests {
 
 			@Override
 			protected void configure(HttpSecurity http) throws Exception {
+				// @formatter:off
 				http
 					.authorizeRequests()
 						.anyRequest().hasRole("4");
+				// @formatter:on
 			}
 		}
 	}
@@ -258,10 +266,12 @@ public class WebSecurityConfigurationTests {
 		static class WebConfigurer1 extends WebSecurityConfigurerAdapter {
 			@Override
 			protected void configure(HttpSecurity http) throws Exception {
+				// @formatter:off
 				http
 					.antMatcher("/role1/**")
 						.authorizeRequests()
 							.anyRequest().hasRole("1");
+				// @formatter:on
 			}
 		}
 
@@ -269,10 +279,12 @@ public class WebSecurityConfigurationTests {
 		static class WebConfigurer2 extends WebSecurityConfigurerAdapter {
 			@Override
 			protected void configure(HttpSecurity http) throws Exception {
+				// @formatter:off
 				http
 					.antMatcher("/role2/**")
 						.authorizeRequests()
 							.anyRequest().hasRole("2");
+				// @formatter:on
 			}
 		}
 	}
@@ -319,10 +331,12 @@ public class WebSecurityConfigurationTests {
 
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.authorizeRequests()
 					.anyRequest().authenticated()
 					.expressionHandler(EXPRESSION_HANDLER);
+			// @formatter:on
 		}
 	}
 
@@ -357,9 +371,11 @@ public class WebSecurityConfigurationTests {
 	static class WebSecurityExpressionHandlerDefaultsConfig extends WebSecurityConfigurerAdapter {
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.authorizeRequests()
 					.anyRequest().authenticated();
+			// @formatter:on
 		}
 	}
 
@@ -436,9 +452,11 @@ public class WebSecurityConfigurationTests {
 	static class WebInvocationPrivilegeEvaluatorDefaultsConfig extends WebSecurityConfigurerAdapter {
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.authorizeRequests()
 					.anyRequest().authenticated();
+			// @formatter:on
 		}
 	}
 
@@ -475,9 +493,11 @@ public class WebSecurityConfigurationTests {
 	static class DefaultExpressionHandlerSetsBeanResolverConfig extends WebSecurityConfigurerAdapter {
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.authorizeRequests()
 					.anyRequest().access("request.method == 'GET' ? @b.grant() : @b.deny()");
+			// @formatter:on
 		}
 
 		@RestController
@@ -571,10 +591,12 @@ public class WebSecurityConfigurationTests {
 
 			@Override
 			protected void configure(HttpSecurity http) throws Exception {
+				// @formatter:off
 				http
 						.antMatcher("/anonymous/**")
 						.authorizeRequests()
 						.anyRequest().anonymous();
+				// @formatter:on
 			}
 		}
 
@@ -583,9 +605,11 @@ public class WebSecurityConfigurationTests {
 
 			@Override
 			protected void configure(HttpSecurity http) throws Exception {
+				// @formatter:off
 				http
 						.authorizeRequests()
 						.anyRequest().authenticated();
+				// @formatter:on
 			}
 		}
 	}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AnonymousConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AnonymousConfigurerTests.java
index 11d80e02d8..fca1d0ab8e 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AnonymousConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AnonymousConfigurerTests.java
@@ -60,12 +60,14 @@ public class AnonymousConfigurerTests {
 
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.anonymous()
 					.key("key")
 					.principal("principal")
 					.and()
 				.anonymous();
+			// @formatter:on
 		}
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/FormLoginConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/FormLoginConfigurerTests.java
index 991e598581..736cc130a6 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/FormLoginConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/FormLoginConfigurerTests.java
@@ -83,10 +83,12 @@ public class FormLoginConfigurerTests {
 
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.formLogin().and()
 				.requestCache()
 					.requestCache(this.requestCache);
+			// @formatter:on
 		}
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityAntMatchersTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityAntMatchersTests.java
index 1fc9ec3dbf..29184b43ec 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityAntMatchersTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityAntMatchersTests.java
@@ -78,12 +78,14 @@ public class HttpSecurityAntMatchersTests {
 	@Configuration
 	static class AntMatchersNoPatternsConfig extends WebSecurityConfigurerAdapter {
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.requestMatchers()
 					.antMatchers(HttpMethod.POST)
 					.and()
 				.authorizeRequests()
 					.anyRequest().denyAll();
+			// @formatter:on
 		}
 
 		@Override
@@ -108,6 +110,7 @@ public class HttpSecurityAntMatchersTests {
 	@Configuration
 	static class AntMatchersEmptyPatternsConfig extends WebSecurityConfigurerAdapter {
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.requestMatchers()
 					.antMatchers("/never/")
@@ -115,6 +118,7 @@ public class HttpSecurityAntMatchersTests {
 					.and()
 				.authorizeRequests()
 					.anyRequest().denyAll();
+			// @formatter:on
 		}
 
 		@Override
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityLogoutTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityLogoutTests.java
index 315a85a74b..673705ef3a 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityLogoutTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityLogoutTests.java
@@ -85,10 +85,12 @@ public class HttpSecurityLogoutTests {
 	@Configuration
 	static class ClearAuthenticationFalseConfig extends WebSecurityConfigurerAdapter {
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.csrf().disable()
 				.logout()
 					.clearAuthentication(false);
+			// @formatter:on
 		}
 
 		@Override
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurerClearSiteDataTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurerClearSiteDataTests.java
index a46fdaba66..79d32b7467 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurerClearSiteDataTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurerClearSiteDataTests.java
@@ -97,9 +97,11 @@ public class LogoutConfigurerClearSiteDataTests {
 	static class HttpLogoutConfig extends WebSecurityConfigurerAdapter {
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.logout()
 					.addLogoutHandler(new HeaderWriterLogoutHandler(new ClearSiteDataHeaderWriter(SOURCE)));
+			// @formatter:on
 		}
 	}
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpBasicTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpBasicTests.java
index 9a66e356fd..967b12d8ea 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpBasicTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpBasicTests.java
@@ -95,11 +95,13 @@ public class NamespaceHttpBasicTests {
 	@EnableWebSecurity
 	static class HttpBasicConfig extends WebSecurityConfigurerAdapter {
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.authorizeRequests()
 					.anyRequest().hasRole("USER")
 					.and()
 				.httpBasic();
+			// @formatter:on
 		}
 	}
 
@@ -151,11 +153,13 @@ public class NamespaceHttpBasicTests {
 	static class CustomHttpBasicConfig extends WebSecurityConfigurerAdapter {
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.authorizeRequests()
 					.anyRequest().hasRole("USER")
 					.and()
 				.httpBasic().realmName("Custom Realm");
+			// @formatter:on
 		}
 	}
 
@@ -207,9 +211,11 @@ public class NamespaceHttpBasicTests {
 
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.httpBasic()
 					.authenticationDetailsSource(this.authenticationDetailsSource);
+			// @formatter:on
 		}
 
 		@Bean
@@ -278,12 +284,14 @@ public class NamespaceHttpBasicTests {
 
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.authorizeRequests()
 					.anyRequest().hasRole("USER")
 					.and()
 				.httpBasic()
 					.authenticationEntryPoint(this.authenticationEntryPoint);
+			// @formatter:on
 		}
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpCustomFilterTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpCustomFilterTests.java
index b4d07cc1ab..8e23245742 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpCustomFilterTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpCustomFilterTests.java
@@ -67,9 +67,11 @@ public class NamespaceHttpCustomFilterTests {
 	@EnableWebSecurity
 	static class CustomFilterBeforeConfig extends WebSecurityConfigurerAdapter {
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.addFilterBefore(new CustomFilter(), UsernamePasswordAuthenticationFilter.class)
 				.formLogin();
+			// @formatter:on
 		}
 	}
 
@@ -82,9 +84,11 @@ public class NamespaceHttpCustomFilterTests {
 	@EnableWebSecurity
 	static class CustomFilterAfterConfig extends WebSecurityConfigurerAdapter {
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.addFilterAfter(new CustomFilter(), UsernamePasswordAuthenticationFilter.class)
 				.formLogin();
+			// @formatter:on
 		}
 	}
 
@@ -102,10 +106,12 @@ public class NamespaceHttpCustomFilterTests {
 		}
 
 		protected void configure(HttpSecurity http) {
+			// @formatter:off
 			http
 				// this works so long as the CustomFilter extends one of the standard filters
 				// if not, use addFilterBefore or addFilterAfter
 				.addFilter(new CustomFilter());
+			// @formatter:on
 		}
 	}
 
@@ -124,8 +130,10 @@ public class NamespaceHttpCustomFilterTests {
 		}
 
 		protected void configure(HttpSecurity http) {
+			// @formatter:off
 			http
 				.addFilterAt(new OtherCustomFilter(), UsernamePasswordAuthenticationFilter.class);
+			// @formatter:on
 		}
 	}
 
@@ -147,11 +155,13 @@ public class NamespaceHttpCustomFilterTests {
 
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.authorizeRequests()
 					.anyRequest().hasRole("USER")
 					.and()
 				.addFilterBefore(new CustomFilter(), UsernamePasswordAuthenticationFilter.class);
+			// @formatter:on
 		}
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpExpressionHandlerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpExpressionHandlerTests.java
index c031809554..3c5af7d6e9 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpExpressionHandlerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpExpressionHandlerTests.java
@@ -86,11 +86,12 @@ public class NamespaceHttpExpressionHandlerTests {
 		protected void configure(HttpSecurity http) throws Exception {
 			DefaultWebSecurityExpressionHandler handler = new DefaultWebSecurityExpressionHandler();
 			handler.setExpressionParser(expressionParser());
-
+			// @formatter:off
 			http
 				.authorizeRequests()
 					.expressionHandler(handler)
 					.anyRequest().access("hasRole('USER')");
+			// @formatter:on
 		}
 
 		@Bean
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFormLoginTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFormLoginTests.java
index f33623f1ce..553033215c 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFormLoginTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFormLoginTests.java
@@ -90,11 +90,13 @@ public class NamespaceHttpFormLoginTests {
 
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.authorizeRequests()
 					.anyRequest().hasRole("USER")
 					.and()
 				.formLogin();
+			// @formatter:on
 		}
 	}
 
@@ -120,6 +122,7 @@ public class NamespaceHttpFormLoginTests {
 	static class FormLoginCustomConfig extends WebSecurityConfigurerAdapter {
 		protected void configure(HttpSecurity http) throws Exception {
 			boolean alwaysUseDefaultSuccess = true;
+			// @formatter:off
 			http
 				.authorizeRequests()
 					.anyRequest().hasRole("USER")
@@ -131,6 +134,7 @@ public class NamespaceHttpFormLoginTests {
 					.failureUrl("/authentication/login?failed") // form-login@authentication-failure-url
 					.loginProcessingUrl("/authentication/login/process") // form-login@login-processing-url
 					.defaultSuccessUrl("/default", alwaysUseDefaultSuccess); // form-login@default-target-url / form-login@always-use-default-target
+			// @formatter:on
 		}
 	}
 
@@ -159,7 +163,7 @@ public class NamespaceHttpFormLoginTests {
 			SavedRequestAwareAuthenticationSuccessHandler successHandler =
 					new SavedRequestAwareAuthenticationSuccessHandler();
 			successHandler.setDefaultTargetUrl("/custom/targetUrl");
-
+			// @formatter:off
 			http
 				.authorizeRequests()
 					.anyRequest().hasRole("USER")
@@ -170,6 +174,7 @@ public class NamespaceHttpFormLoginTests {
 					.successHandler(successHandler) // form-login@authentication-success-handler-ref
 					.authenticationDetailsSource(authenticationDetailsSource()) // form-login@authentication-details-source-ref
 					.and();
+			// @formatter:on
 		}
 
 		@Bean
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpHeadersTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpHeadersTests.java
index 6496668b7d..22a29ce700 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpHeadersTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpHeadersTests.java
@@ -77,8 +77,10 @@ public class NamespaceHttpHeadersTests {
 	static class HeadersDefaultConfig extends WebSecurityConfigurerAdapter {
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.headers();
+			// @formatter:on
 		}
 	}
 
@@ -94,10 +96,12 @@ public class NamespaceHttpHeadersTests {
 	static class HeadersCacheControlConfig extends WebSecurityConfigurerAdapter {
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.headers()
 					.defaultsDisabled()
 					.cacheControl();
+			// @formatter:on
 		}
 	}
 
@@ -113,10 +117,12 @@ public class NamespaceHttpHeadersTests {
 	static class HstsConfig extends WebSecurityConfigurerAdapter {
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.headers()
 					.defaultsDisabled()
 					.httpStrictTransportSecurity();
+			// @formatter:on
 		}
 	}
 
@@ -132,6 +138,7 @@ public class NamespaceHttpHeadersTests {
 	static class HstsCustomConfig extends WebSecurityConfigurerAdapter {
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.headers()
 					// hsts@request-matcher-ref, hsts@max-age-seconds, hsts@include-subdomains
@@ -140,6 +147,7 @@ public class NamespaceHttpHeadersTests {
 						.requestMatcher(AnyRequestMatcher.INSTANCE)
 						.maxAgeInSeconds(15768000)
 						.includeSubDomains(false);
+			// @formatter:on
 		}
 	}
 
@@ -155,12 +163,14 @@ public class NamespaceHttpHeadersTests {
 	static class FrameOptionsSameOriginConfig extends WebSecurityConfigurerAdapter {
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.headers()
 					// frame-options@policy=SAMEORIGIN
 					.defaultsDisabled()
 					.frameOptions()
 						.sameOrigin();
+			// @formatter:on
 		}
 	}
 
@@ -178,12 +188,14 @@ public class NamespaceHttpHeadersTests {
 	static class FrameOptionsAllowFromConfig extends WebSecurityConfigurerAdapter {
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.headers()
 					// frame-options@ref
 					.defaultsDisabled()
 					.addHeaderWriter(new XFrameOptionsHeaderWriter(
 							new StaticAllowFromStrategy(URI.create("https://example.com"))));
+			// @formatter:on
 		}
 	}
 
@@ -199,11 +211,13 @@ public class NamespaceHttpHeadersTests {
 	static class XssProtectionConfig extends WebSecurityConfigurerAdapter {
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.headers()
 					// xss-protection
 					.defaultsDisabled()
 					.xssProtection();
+			// @formatter:on
 		}
 	}
 
@@ -219,6 +233,7 @@ public class NamespaceHttpHeadersTests {
 	static class XssProtectionCustomConfig extends WebSecurityConfigurerAdapter {
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.headers()
 					// xss-protection@enabled and xss-protection@block
@@ -226,6 +241,7 @@ public class NamespaceHttpHeadersTests {
 					.xssProtection()
 						.xssProtectionEnabled(true)
 						.block(false);
+			// @formatter:on
 		}
 	}
 
@@ -241,11 +257,13 @@ public class NamespaceHttpHeadersTests {
 	static class ContentTypeOptionsConfig extends WebSecurityConfigurerAdapter {
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.headers()
 					// content-type-options
 					.defaultsDisabled()
 					.contentTypeOptions();
+			// @formatter:on
 		}
 	}
 
@@ -263,10 +281,12 @@ public class NamespaceHttpHeadersTests {
 	static class HeaderRefConfig extends WebSecurityConfigurerAdapter {
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.headers()
 					.defaultsDisabled()
 					.addHeaderWriter(new StaticHeadersWriter("customHeaderName", "customHeaderValue"));
+			// @formatter:on
 		}
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpInterceptUrlTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpInterceptUrlTests.java
index 26fcdfcac6..76aa167d30 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpInterceptUrlTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpInterceptUrlTests.java
@@ -120,6 +120,7 @@ public class NamespaceHttpInterceptUrlTests {
 
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.authorizeRequests()
 					// the line below is similar to intercept-url@pattern:
@@ -142,6 +143,7 @@ public class NamespaceHttpInterceptUrlTests {
 					// the line below is similar to intercept-url@requires-channel="http":
 					//    <intercept-url pattern="/**" requires-channel="http"/>
 					.anyRequest().requiresInsecure();
+			// @formatter:on
 		}
 
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpJeeTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpJeeTests.java
index ed06b41183..f9841f024a 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpJeeTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpJeeTests.java
@@ -83,12 +83,14 @@ public class NamespaceHttpJeeTests {
 
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.authorizeRequests()
 					.anyRequest().hasRole("user")
 					.and()
 				.jee()
 					.mappableRoles("user", "admin");
+			// @formatter:on
 		}
 	}
 
@@ -120,6 +122,7 @@ public class NamespaceHttpJeeTests {
 
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.authorizeRequests()
 					.anyRequest().hasRole("user")
@@ -127,6 +130,7 @@ public class NamespaceHttpJeeTests {
 				.jee()
 					.mappableAuthorities("ROLE_user", "ROLE_admin")
 					.authenticatedUserDetailsService(this.authenticationUserDetailsService);
+			// @formatter:on
 		}
 
 		@Bean
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpLogoutTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpLogoutTests.java
index f0edd6301c..6a74081ee4 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpLogoutTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpLogoutTests.java
@@ -122,12 +122,14 @@ public class NamespaceHttpLogoutTests {
 	static class CustomHttpLogoutConfig extends WebSecurityConfigurerAdapter {
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.logout()
 					.deleteCookies("remove") // logout@delete-cookies
 					.invalidateHttpSession(false) // logout@invalidate-session=false (default is true)
 					.logoutUrl("/custom-logout") // logout@logout-url (default is /logout)
 					.logoutSuccessUrl("/logout-success"); // logout@success-url (default is /login?logout)
+			// @formatter:on
 		}
 	}
 
@@ -182,10 +184,11 @@ public class NamespaceHttpLogoutTests {
 			SimpleUrlLogoutSuccessHandler logoutSuccessHandler =
 					new SimpleUrlLogoutSuccessHandler();
 			logoutSuccessHandler.setDefaultTargetUrl("/SuccessHandlerRefHttpLogoutConfig");
-
+			// @formatter:off
 			http
 				.logout()
 					.logoutSuccessHandler(logoutSuccessHandler);
+			// @formatter:on
 		}
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpOpenIDLoginTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpOpenIDLoginTests.java
index c2be226617..04bbe88d51 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpOpenIDLoginTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpOpenIDLoginTests.java
@@ -97,12 +97,14 @@ public class NamespaceHttpOpenIDLoginTests {
 	static class OpenIDLoginConfig extends WebSecurityConfigurerAdapter {
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.authorizeRequests()
 					.anyRequest().hasRole("USER")
 					.and()
 				.openidLogin()
 					.permitAll();
+			// @formatter:on
 		}
 	}
 
@@ -159,6 +161,7 @@ public class NamespaceHttpOpenIDLoginTests {
 
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.authorizeRequests()
 					.anyRequest().hasRole("USER")
@@ -191,6 +194,7 @@ public class NamespaceHttpOpenIDLoginTests {
 							.and()
 						.and()
 					.permitAll();
+			// @formatter:on
 		}
 	}
 
@@ -209,6 +213,7 @@ public class NamespaceHttpOpenIDLoginTests {
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			boolean alwaysUseDefaultSuccess = true;
+			// @formatter:off
 			http
 				.authorizeRequests()
 					.anyRequest().hasRole("USER")
@@ -219,6 +224,7 @@ public class NamespaceHttpOpenIDLoginTests {
 					.failureUrl("/authentication/login?failed") // openid-login@authentication-failure-url
 					.loginProcessingUrl("/authentication/login/process") // openid-login@login-processing-url
 					.defaultSuccessUrl("/default", alwaysUseDefaultSuccess); // openid-login@default-target-url / openid-login@always-use-default-target
+			// @formatter:on
 		}
 	}
 
@@ -267,7 +273,7 @@ public class NamespaceHttpOpenIDLoginTests {
 			SavedRequestAwareAuthenticationSuccessHandler handler =
 					new SavedRequestAwareAuthenticationSuccessHandler();
 			handler.setDefaultTargetUrl("/custom/targetUrl");
-
+			// @formatter:off
 			http
 				.authorizeRequests()
 					.anyRequest().hasRole("USER")
@@ -285,7 +291,7 @@ public class NamespaceHttpOpenIDLoginTests {
 							return filter;
 						}
 					});
-
+			// @formatter:on
 		}
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpPortMappingsTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpPortMappingsTests.java
index cd246b87f7..f742f4c9e9 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpPortMappingsTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpPortMappingsTests.java
@@ -64,6 +64,7 @@ public class NamespaceHttpPortMappingsTests {
 
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.authorizeRequests()
 					.anyRequest().hasRole("USER")
@@ -74,6 +75,7 @@ public class NamespaceHttpPortMappingsTests {
 				.requiresChannel()
 					.antMatchers("/login", "/secured/**").requiresSecure()
 					.anyRequest().requiresInsecure();
+			// @formatter:on
 		}
 
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpRequestCacheTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpRequestCacheTests.java
index 9d1cf59ef4..ac895fc284 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpRequestCacheTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpRequestCacheTests.java
@@ -67,12 +67,14 @@ public class NamespaceHttpRequestCacheTests {
 	@EnableWebSecurity
 	static class RequestCacheRefConfig extends WebSecurityConfigurerAdapter {
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.authorizeRequests()
 					.anyRequest().authenticated()
 					.and()
 				.requestCache()
 					.requestCache(requestCache());
+			// @formatter:on
 		}
 
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
@@ -104,9 +106,11 @@ public class NamespaceHttpRequestCacheTests {
 	@EnableWebSecurity
 	static class DefaultRequestCacheRefConfig extends WebSecurityConfigurerAdapter {
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.authorizeRequests()
 					.anyRequest().authenticated();
+			// @formatter:on
 		}
 
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpServerAccessDeniedHandlerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpServerAccessDeniedHandlerTests.java
index 0aea788b3d..94c07da54c 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpServerAccessDeniedHandlerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpServerAccessDeniedHandlerTests.java
@@ -70,12 +70,14 @@ public class NamespaceHttpServerAccessDeniedHandlerTests {
 	@EnableWebSecurity
 	static class AccessDeniedPageConfig extends WebSecurityConfigurerAdapter {
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.authorizeRequests()
 					.anyRequest().denyAll()
 					.and()
 				.exceptionHandling()
 					.accessDeniedPage("/AccessDeniedPageConfig");
+			// @formatter:on
 		}
 	}
 
@@ -121,12 +123,14 @@ public class NamespaceHttpServerAccessDeniedHandlerTests {
 	@EnableWebSecurity
 	static class AccessDeniedHandlerRefConfig extends WebSecurityConfigurerAdapter {
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.authorizeRequests()
 					.anyRequest().denyAll()
 					.and()
 				.exceptionHandling()
 					.accessDeniedHandler(accessDeniedHandler());
+			// @formatter:on
 		}
 
 		@Bean
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpX509Tests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpX509Tests.java
index beaeb1f73a..6f9d7d7cc4 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpX509Tests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpX509Tests.java
@@ -88,11 +88,13 @@ public class NamespaceHttpX509Tests {
 
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.authorizeRequests()
 					.anyRequest().hasRole("USER")
 					.and()
 				.x509();
+			// @formatter:on
 		}
 	}
 
@@ -119,12 +121,14 @@ public class NamespaceHttpX509Tests {
 
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.authorizeRequests()
 					.anyRequest().hasRole("USER")
 					.and()
 				.x509()
 					.authenticationDetailsSource(authenticationDetailsSource());
+			// @formatter:on
 		}
 
 		@Bean
@@ -155,12 +159,14 @@ public class NamespaceHttpX509Tests {
 
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.authorizeRequests()
 					.anyRequest().hasRole("USER")
 					.and()
 				.x509()
 					.subjectPrincipalRegex("CN=(.*?)@example.com(?:,|$)");
+			// @formatter:on
 		}
 	}
 
@@ -184,12 +190,14 @@ public class NamespaceHttpX509Tests {
 
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.authorizeRequests()
 					.anyRequest().hasRole("USER")
 					.and()
 				.x509()
 					.x509PrincipalExtractor(this::extractCommonName);
+			// @formatter:on
 		}
 
 		private String extractCommonName(X509Certificate certificate) {
@@ -221,12 +229,14 @@ public class NamespaceHttpX509Tests {
 
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.authorizeRequests()
 					.anyRequest().hasRole("USER")
 					.and()
 				.x509()
 					.userDetailsService(username -> USER);
+			// @formatter:on
 		}
 	}
 
@@ -248,12 +258,14 @@ public class NamespaceHttpX509Tests {
 		}
 
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.authorizeRequests()
 					.anyRequest().hasRole("USER")
 					.and()
 				.x509()
 					.authenticationUserDetailsService(authentication -> USER);
+			// @formatter:on
 		}
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceSessionManagementTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceSessionManagementTests.java
index e3a1f6bde0..e163d7946e 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceSessionManagementTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceSessionManagementTests.java
@@ -174,6 +174,7 @@ public class NamespaceSessionManagementTests {
 
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.authorizeRequests()
 					.anyRequest().authenticated()
@@ -187,6 +188,7 @@ public class NamespaceSessionManagementTests {
 						.maxSessionsPreventsLogin(true) // session-management/concurrency-control@error-if-maximum-exceeded
 						.expiredUrl("/expired-session") // session-management/concurrency-control@expired-url
 						.sessionRegistry(sessionRegistry()); // session-management/concurrency-control@session-registry-ref
+			// @formatter:on
 		}
 
 		@Bean
@@ -219,9 +221,11 @@ public class NamespaceSessionManagementTests {
 
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.sessionManagement()
 					.invalidSessionStrategy(invalidSessionStrategy());
+			// @formatter:on
 		}
 
 		@Bean
@@ -250,11 +254,13 @@ public class NamespaceSessionManagementTests {
 
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.sessionManagement()
 					.sessionAuthenticationStrategy(sessionAuthenticationStrategy()) // session-management@session-authentication-strategy-ref
 					.and()
 				.httpBasic();
+			// @formatter:on
 		}
 
 		@Bean
@@ -283,11 +289,13 @@ public class NamespaceSessionManagementTests {
 	static class SFPNoneSessionManagementConfig extends WebSecurityConfigurerAdapter {
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.sessionManagement()
 					.sessionAuthenticationStrategy(new NullAuthenticatedSessionStrategy())
 					.and()
 				.httpBasic();
+			// @formatter:on
 		}
 	}
 
@@ -314,10 +322,12 @@ public class NamespaceSessionManagementTests {
 	static class SFPMigrateSessionManagementConfig extends WebSecurityConfigurerAdapter {
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.sessionManagement()
 					.and()
 				.httpBasic();
+			// @formatter:on
 		}
 	}
 
@@ -338,10 +348,12 @@ public class NamespaceSessionManagementTests {
 	static class SFPPostProcessedConfig extends WebSecurityConfigurerAdapter {
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.sessionManagement()
 					.and()
 				.httpBasic();
+			// @formatter:on
 		}
 
 		@Bean
@@ -373,11 +385,13 @@ public class NamespaceSessionManagementTests {
 	static class SFPNewSessionSessionManagementConfig extends WebSecurityConfigurerAdapter {
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.sessionManagement()
 					.sessionFixation().newSession()
 					.and()
 				.httpBasic();
+			// @formatter:on
 		}
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/PermitAllSupportTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/PermitAllSupportTests.java
index eda13cb8b2..be0d8b9cd2 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/PermitAllSupportTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/PermitAllSupportTests.java
@@ -63,6 +63,7 @@ public class PermitAllSupportTests {
 	static class PermitAllConfig extends WebSecurityConfigurerAdapter {
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.authorizeRequests()
 					.anyRequest().authenticated()
@@ -70,6 +71,7 @@ public class PermitAllSupportTests {
 				.formLogin()
 					.loginPage("/xyz").permitAll()
 					.loginProcessingUrl("/abc?def").permitAll();
+			// @formatter:on
 		}
 	}
 
@@ -85,9 +87,11 @@ public class PermitAllSupportTests {
 
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.formLogin()
 					.permitAll();
+			// @formatter:on
 		}
 	}
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/PortMapperConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/PortMapperConfigurerTests.java
index bd68d2ecec..715e079c9e 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/PortMapperConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/PortMapperConfigurerTests.java
@@ -54,6 +54,7 @@ public class PortMapperConfigurerTests {
 
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.requiresChannel()
 					.anyRequest().requiresSecure()
@@ -62,6 +63,7 @@ public class PortMapperConfigurerTests {
 					.http(543).mapsTo(123)
 					.and()
 				.portMapper();
+			// @formatter:on
 		}
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestCacheConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestCacheConfigurerTests.java
index c2ec1211f5..5b22f8662f 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestCacheConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestCacheConfigurerTests.java
@@ -260,11 +260,13 @@ public class RequestCacheConfigurerTests {
 
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.authorizeRequests()
 					.anyRequest().authenticated()
 					.and()
 				.formLogin();
+			// @formatter:on
 		}
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerServlet31Tests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerServlet31Tests.java
index 3c5d5725db..f9d5a64972 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerServlet31Tests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerServlet31Tests.java
@@ -103,15 +103,15 @@ public class SessionManagementConfigurerServlet31Tests {
 	@EnableWebSecurity
 	static class SessionManagementDefaultSessionFixationServlet31Config extends
 			WebSecurityConfigurerAdapter {
-		// @formatter:off
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.formLogin()
 					.and()
 				.sessionManagement();
+			// @formatter:on
 		}
-		// @formatter:on
 
 		// @formatter:off
 		@Override
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerSessionAuthenticationStrategyTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerSessionAuthenticationStrategyTests.java
index 519b4a9703..6d4b39966f 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerSessionAuthenticationStrategyTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerSessionAuthenticationStrategyTests.java
@@ -60,16 +60,16 @@ public class SessionManagementConfigurerSessionAuthenticationStrategyTests {
 	static class CustomSessionAuthenticationStrategyConfig extends WebSecurityConfigurerAdapter {
 		static SessionAuthenticationStrategy customSessionAuthenticationStrategy = mock(SessionAuthenticationStrategy.class);
 
-		// @formatter:off
 		@Override
 		public void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.formLogin()
 					.and()
 				.sessionManagement()
 					.sessionAuthenticationStrategy(customSessionAuthenticationStrategy);
+			// @formatter:on
 		}
-		// @formatter:on
 
 		// @formatter:off
 		@Override
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerSessionCreationPolicyTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerSessionCreationPolicyTests.java
index aaea0b4343..c3412a840a 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerSessionCreationPolicyTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerSessionCreationPolicyTests.java
@@ -80,8 +80,10 @@ public class SessionManagementConfigurerSessionCreationPolicyTests {
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			super.configure(http);
+			// @formatter:off
 			http
 					.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
+			// @formatter:on
 
 			http.setSharedObject(SessionCreationPolicy.class, SessionCreationPolicy.ALWAYS);
 		}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTransientAuthenticationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTransientAuthenticationTests.java
index 184943bec6..98d863223d 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTransientAuthenticationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTransientAuthenticationTests.java
@@ -70,9 +70,10 @@ public class SessionManagementConfigurerTransientAuthenticationTests {
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			super.configure(http);
-
+			// @formatter:off
 			http
 				.csrf().disable();
+			// @formatter:on
 		}
 
 		@Override
@@ -86,8 +87,10 @@ public class SessionManagementConfigurerTransientAuthenticationTests {
 	static class AlwaysCreateSessionConfig extends WithTransientAuthenticationConfig {
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.ALWAYS);
+			// @formatter:on
 		}
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerTests.java
index 43e934c6bf..c2944260aa 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerTests.java
@@ -268,6 +268,7 @@ public class OAuth2ClientConfigurerTests {
 	static class OAuth2ClientConfig extends WebSecurityConfigurerAdapter {
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.authorizeRequests()
 					.anyRequest().authenticated()
@@ -279,6 +280,7 @@ public class OAuth2ClientConfigurerTests {
 					.authorizationCodeGrant()
 						.authorizationRequestResolver(authorizationRequestResolver)
 						.accessTokenResponseClient(accessTokenResponseClient);
+			// @formatter:on
 		}
 
 		@Bean
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurerTests.java
index 48274c5e08..7daea6e6c6 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurerTests.java
@@ -617,10 +617,12 @@ public class OAuth2LoginConfigurerTests {
 
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.oauth2Login()
 					.clientRegistrationRepository(
 						new InMemoryClientRegistrationRepository(GOOGLE_CLIENT_REGISTRATION));
+			// @formatter:on
 			super.configure(http);
 		}
 
@@ -658,12 +660,14 @@ public class OAuth2LoginConfigurerTests {
 	static class OAuth2LoginConfigCustomWithConfigurer extends CommonWebSecurityConfigurerAdapter {
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.oauth2Login()
 					.clientRegistrationRepository(
 							new InMemoryClientRegistrationRepository(GOOGLE_CLIENT_REGISTRATION))
 					.userInfoEndpoint()
 						.userAuthoritiesMapper(createGrantedAuthoritiesMapper());
+			// @formatter:on
 			super.configure(http);
 		}
 	}
@@ -672,8 +676,10 @@ public class OAuth2LoginConfigurerTests {
 	static class OAuth2LoginConfigCustomWithBeanRegistration extends CommonWebSecurityConfigurerAdapter {
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.oauth2Login();
+			// @formatter:on
 			super.configure(http);
 		}
 
@@ -692,6 +698,7 @@ public class OAuth2LoginConfigurerTests {
 	static class OAuth2LoginConfigCustomUserServiceBeanRegistration extends WebSecurityConfigurerAdapter {
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.authorizeRequests()
 					.anyRequest().authenticated()
@@ -702,6 +709,7 @@ public class OAuth2LoginConfigurerTests {
 				.oauth2Login()
 					.tokenEndpoint()
 						.accessTokenResponseClient(createOauth2AccessTokenResponseClient());
+			// @formatter:on
 		}
 
 		@Bean
@@ -739,11 +747,13 @@ public class OAuth2LoginConfigurerTests {
 	static class OAuth2LoginConfigLoginProcessingUrl extends CommonWebSecurityConfigurerAdapter {
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.oauth2Login()
 					.clientRegistrationRepository(
 						new InMemoryClientRegistrationRepository(GOOGLE_CLIENT_REGISTRATION))
 					.loginProcessingUrl("/login/oauth2/*");
+			// @formatter:on
 			super.configure(http);
 		}
 	}
@@ -757,11 +767,13 @@ public class OAuth2LoginConfigurerTests {
 
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.oauth2Login()
 					.clientRegistrationRepository(this.clientRegistrationRepository)
 					.authorizationEndpoint()
 						.authorizationRequestResolver(this.resolver);
+			// @formatter:on
 			super.configure(http);
 		}
 	}
@@ -775,6 +787,7 @@ public class OAuth2LoginConfigurerTests {
 
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.oauth2Login(oauth2Login ->
 					oauth2Login
@@ -784,6 +797,7 @@ public class OAuth2LoginConfigurerTests {
 								.authorizationRequestResolver(this.resolver)
 						)
 				);
+			// @formatter:on
 			super.configure(http);
 		}
 	}
@@ -792,11 +806,13 @@ public class OAuth2LoginConfigurerTests {
 	static class OAuth2LoginConfigMultipleClients extends CommonWebSecurityConfigurerAdapter {
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 					.oauth2Login()
 					.clientRegistrationRepository(
 							new InMemoryClientRegistrationRepository(
 									GOOGLE_CLIENT_REGISTRATION, GITHUB_CLIENT_REGISTRATION));
+			// @formatter:on
 			super.configure(http);
 		}
 	}
@@ -805,11 +821,13 @@ public class OAuth2LoginConfigurerTests {
 	static class OAuth2LoginConfigCustomLoginPage extends CommonWebSecurityConfigurerAdapter {
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 					.oauth2Login()
 					.clientRegistrationRepository(
 							new InMemoryClientRegistrationRepository(GOOGLE_CLIENT_REGISTRATION))
 					.loginPage("/custom-login");
+			// @formatter:on
 			super.configure(http);
 		}
 	}
@@ -835,9 +853,11 @@ public class OAuth2LoginConfigurerTests {
 	static class OAuth2LoginConfigWithOidcLogoutSuccessHandler extends CommonWebSecurityConfigurerAdapter {
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.logout()
 					.logoutSuccessHandler(oidcLogoutSuccessHandler());
+			// @formatter:on
 			super.configure(http);
 		}
 
@@ -859,6 +879,7 @@ public class OAuth2LoginConfigurerTests {
 	private static abstract class CommonWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.authorizeRequests()
 					.anyRequest().authenticated()
@@ -873,6 +894,7 @@ public class OAuth2LoginConfigurerTests {
 					.userInfoEndpoint()
 						.userService(createOauth2UserService())
 						.oidcUserService(createOidcUserService());
+			// @formatter:on
 		}
 
 		@Bean
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java
index cf552a6ece..957c383d96 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java
@@ -1761,7 +1761,6 @@ public class OAuth2ResourceServerConfigurerTests {
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
-
 			http
 				.authorizeRequests()
 					.anyRequest().authenticated()
@@ -1769,7 +1768,6 @@ public class OAuth2ResourceServerConfigurerTests {
 				.oauth2ResourceServer()
 					.jwt()
 						.jwtAuthenticationConverter(getJwtAuthenticationConverter());
-
 			// @formatter:on
 		}
 
@@ -1783,7 +1781,6 @@ public class OAuth2ResourceServerConfigurerTests {
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
-
 			http
 				.authorizeRequests()
 					.antMatchers("/requires-read-scope").access("hasAuthority('message:read')")
@@ -1791,7 +1788,6 @@ public class OAuth2ResourceServerConfigurerTests {
 				.oauth2ResourceServer()
 					.jwt()
 						.jwtAuthenticationConverter(getJwtAuthenticationConverter());
-
 			// @formatter:on
 		}
 
@@ -2255,6 +2251,7 @@ public class OAuth2ResourceServerConfigurerTests {
 					.jwt()
 						.and()
 					.opaqueToken();
+			// @formatter:on
 		}
 	}
 
@@ -2306,6 +2303,7 @@ public class OAuth2ResourceServerConfigurerTests {
 				.oauth2ResourceServer()
 					.authenticationManagerResolver(mock(AuthenticationManagerResolver.class))
 					.opaqueToken();
+			// @formatter:on
 		}
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurerTests.java
index d4be974be4..598f5bf09c 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurerTests.java
@@ -300,11 +300,13 @@ public class Saml2LoginConfigurerTests {
 
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.authorizeRequests(authz -> authz
 						.anyRequest().authenticated()
 				)
 				.saml2Login(withDefaults());
+			// @formatter:on
 		}
 
 		@Bean
@@ -319,11 +321,13 @@ public class Saml2LoginConfigurerTests {
 
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.authorizeRequests(authz -> authz
 					.anyRequest().authenticated()
 				)
 				.saml2Login(saml2 -> {});
+			// @formatter:on
 		}
 
 		@Bean
diff --git a/config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsJcTests.java b/config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsJcTests.java
index c26ec69d11..d62e1f8821 100644
--- a/config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsJcTests.java
+++ b/config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsJcTests.java
@@ -165,9 +165,11 @@ public class GrantedAuthorityDefaultsJcTests {
 
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.authorizeRequests()
 					.anyRequest().access("hasRole('USER')");
+			// @formatter:on
 		}
 
 		@Bean
diff --git a/config/src/test/java/org/springframework/security/config/http/customconfigurer/CustomConfigurer.java b/config/src/test/java/org/springframework/security/config/http/customconfigurer/CustomConfigurer.java
index d377d0dc35..cf2f5bace0 100644
--- a/config/src/test/java/org/springframework/security/config/http/customconfigurer/CustomConfigurer.java
+++ b/config/src/test/java/org/springframework/security/config/http/customconfigurer/CustomConfigurer.java
@@ -42,17 +42,19 @@ public class CustomConfigurer extends SecurityConfigurerAdapter<DefaultSecurityF
 		// autowire this bean
 		ApplicationContext context = http.getSharedObject(ApplicationContext.class);
 		context.getAutowireCapableBeanFactory().autowireBean(this);
-
+		// @formatter:off
 		http
 			.authorizeRequests()
 				.antMatchers(permitAllPattern).permitAll()
 				.anyRequest().authenticated();
-
+		// @formatter:on
 		if (http.getConfigurer(FormLoginConfigurer.class) == null) {
 			// only apply if formLogin() was not invoked by the user
+			// @formatter:off
 			http
 				.formLogin()
 					.loginPage(loginPage);
+			// @formatter:on
 		}
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/http/customconfigurer/CustomHttpSecurityConfigurerTests.java b/config/src/test/java/org/springframework/security/config/http/customconfigurer/CustomHttpSecurityConfigurerTests.java
index ad4c1d331c..6a989c535b 100644
--- a/config/src/test/java/org/springframework/security/config/http/customconfigurer/CustomHttpSecurityConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/customconfigurer/CustomHttpSecurityConfigurerTests.java
@@ -120,9 +120,11 @@ public class CustomHttpSecurityConfigurerTests {
 
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.apply(customConfigurer())
 					.loginPage("/custom");
+			// @formatter:on
 		}
 
 		@Bean
@@ -142,12 +144,14 @@ public class CustomHttpSecurityConfigurerTests {
 
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.apply(customConfigurer())
 					.and()
 				.csrf().disable()
 				.formLogin()
 					.loginPage("/other");
+			// @formatter:on
 		}
 
 		@Bean
diff --git a/config/src/test/java/org/springframework/security/config/web/server/OAuth2ClientSpecTests.java b/config/src/test/java/org/springframework/security/config/web/server/OAuth2ClientSpecTests.java
index 0ea9c446da..11cc82e2d6 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/OAuth2ClientSpecTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/OAuth2ClientSpecTests.java
@@ -117,8 +117,10 @@ public class OAuth2ClientSpecTests {
 	static class Config {
 		@Bean
 		SecurityWebFilterChain springSecurity(ServerHttpSecurity http) {
+			// @formatter:off
 			http
 				.oauth2Client();
+			// @formatter:on
 			return http.build();
 		}
 
@@ -208,6 +210,7 @@ public class OAuth2ClientSpecTests {
 
 		@Bean
 		public SecurityWebFilterChain springSecurityFilter(ServerHttpSecurity http) {
+			// @formatter:off
 			http
 				.oauth2Client()
 					.authenticationConverter(this.authenticationConverter)
@@ -215,6 +218,7 @@ public class OAuth2ClientSpecTests {
 					.authorizationRequestRepository(this.authorizationRequestRepository)
 					.and()
 				.requestCache(c -> c.requestCache(this.requestCache));
+			// @formatter:on
 			return http.build();
 		}
 	}
@@ -274,6 +278,7 @@ public class OAuth2ClientSpecTests {
 
 		@Bean
 		public SecurityWebFilterChain springSecurityFilter(ServerHttpSecurity http) {
+			// @formatter:off
 			http
 				.oauth2Client(oauth2Client ->
 					oauth2Client
@@ -281,6 +286,7 @@ public class OAuth2ClientSpecTests {
 						.authenticationManager(this.manager)
 						.authorizationRequestRepository(this.authorizationRequestRepository))
 				.requestCache(c -> c.requestCache(this.requestCache));
+			// @formatter:on
 			return http.build();
 		}
 	}
diff --git a/config/src/test/java/org/springframework/security/config/web/server/OAuth2LoginTests.java b/config/src/test/java/org/springframework/security/config/web/server/OAuth2LoginTests.java
index b1e5662a3e..d8ab7c8481 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/OAuth2LoginTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/OAuth2LoginTests.java
@@ -253,12 +253,14 @@ public class OAuth2LoginTests {
 
 		@Bean
 		SecurityWebFilterChain springSecurity(ServerHttpSecurity http) {
+			// @formatter:off
 			http
 				.requestCache()
 					.requestCache(this.requestCache)
 					.and()
 				.oauth2Login()
 					.authorizationRequestRepository(this.authorizationRequestRepository);
+			// @formatter:on
 			return http.build();
 		}
 
@@ -395,6 +397,7 @@ public class OAuth2LoginTests {
 
 		@Bean
 		public SecurityWebFilterChain springSecurityFilter(ServerHttpSecurity http) {
+			// @formatter:off
 			http
 				.authorizeExchange()
 					.anyExchange().authenticated()
@@ -406,6 +409,7 @@ public class OAuth2LoginTests {
 					.authorizationRequestResolver(resolver)
 					.authenticationSuccessHandler(successHandler)
 					.authenticationFailureHandler(failureHandler);
+			// @formatter:on
 			return http.build();
 		}
 	}
@@ -474,6 +478,7 @@ public class OAuth2LoginTests {
 
 		@Bean
 		public SecurityWebFilterChain springSecurityFilter(ServerHttpSecurity http) {
+			// @formatter:off
 			http
 				.authorizeExchange(exchanges ->
 					exchanges
@@ -487,6 +492,7 @@ public class OAuth2LoginTests {
 						.authorizationRequestResolver(resolver)
 						.authenticationSuccessHandler(successHandler)
 				);
+			// @formatter:on
 			return http.build();
 		}
 	}
@@ -715,7 +721,7 @@ public class OAuth2LoginTests {
 
 		@Bean
 		public SecurityWebFilterChain springSecurity(ServerHttpSecurity http) {
-
+			// @formatter:off
 			http
 				.csrf().disable()
 				.logout()
@@ -726,7 +732,7 @@ public class OAuth2LoginTests {
 									new InMemoryReactiveClientRegistrationRepository(this.withLogout)))
 					.and()
 				.securityContextRepository(this.repository);
-
+			// @formatter:on
 			return http.build();
 		}
 
diff --git a/config/src/test/java/org/springframework/security/config/web/server/OAuth2ResourceServerSpecTests.java b/config/src/test/java/org/springframework/security/config/web/server/OAuth2ResourceServerSpecTests.java
index 943fe62d71..f0e1f3765a 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/OAuth2ResourceServerSpecTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/OAuth2ResourceServerSpecTests.java
@@ -486,8 +486,6 @@ public class OAuth2ResourceServerSpecTests {
 					.jwt()
 						.publicKey(publicKey());
 			// @formatter:on
-
-
 			return http.build();
 		}
 	}
@@ -511,7 +509,6 @@ public class OAuth2ResourceServerSpecTests {
 						)
 				);
 			// @formatter:on
-
 			return http.build();
 		}
 	}
@@ -533,8 +530,6 @@ public class OAuth2ResourceServerSpecTests {
 					.jwt()
 						.publicKey(this.key);
 			// @formatter:on
-
-
 			return http.build();
 		}
 	}
@@ -877,6 +872,7 @@ public class OAuth2ResourceServerSpecTests {
 				.oauth2ResourceServer()
 					.authenticationManagerResolver(mock(ReactiveAuthenticationManagerResolver.class))
 					.opaqueToken();
+			// @formatter:on
 
 			return http.build();
 		}
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/Sec2935Tests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/Sec2935Tests.java
index 03499732a8..58633511ce 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/Sec2935Tests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/Sec2935Tests.java
@@ -148,12 +148,14 @@ public class Sec2935Tests {
 
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.authorizeRequests()
 					.antMatchers("/admin/**").hasRole("ADMIN")
 					.anyRequest().authenticated()
 					.and()
 				.httpBasic();
+			// @formatter:on
 		}
 
 		@Autowired
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsAuthenticationStatelessTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsAuthenticationStatelessTests.java
index d0a00f5cdd..e4d84b99d9 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsAuthenticationStatelessTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsAuthenticationStatelessTests.java
@@ -72,16 +72,15 @@ public class SecurityMockMvcRequestPostProcessorsAuthenticationStatelessTests {
 	@EnableWebMvc
 	static class Config extends WebSecurityConfigurerAdapter {
 
-		// @formatter:off
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			super.configure(http);
-
+			// @formatter:off
 			http
 				.sessionManagement()
 					.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
+			// @formatter:on
 		}
-		// @formatter:on
 
 		// @formatter:off
 		@Autowired
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOAuth2ClientTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOAuth2ClientTests.java
index 13450d318f..0f2b0e75ff 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOAuth2ClientTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOAuth2ClientTests.java
@@ -165,11 +165,13 @@ public class SecurityMockMvcRequestPostProcessorsOAuth2ClientTests {
 	static class OAuth2ClientConfig extends WebSecurityConfigurerAdapter {
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.authorizeRequests(authz -> authz
 					.anyRequest().permitAll()
 				)
 				.oauth2Client();
+			// @formatter:on
 		}
 
 		@Bean
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOAuth2LoginTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOAuth2LoginTests.java
index 52e8941eaf..deb4d0bb9d 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOAuth2LoginTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOAuth2LoginTests.java
@@ -167,11 +167,13 @@ public class SecurityMockMvcRequestPostProcessorsOAuth2LoginTests {
 	static class OAuth2LoginConfig extends WebSecurityConfigurerAdapter {
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.authorizeRequests(authorize -> authorize
 					.mvcMatchers("/admin/**").hasAuthority("SCOPE_admin")
 					.anyRequest().hasAuthority("SCOPE_read")
 				).oauth2Login();
+			// @formatter:on
 		}
 
 		@Bean
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOidcLoginTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOidcLoginTests.java
index 4728d78a4d..6171c335f5 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOidcLoginTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOidcLoginTests.java
@@ -173,12 +173,14 @@ public class SecurityMockMvcRequestPostProcessorsOidcLoginTests {
 	static class OAuth2LoginConfig extends WebSecurityConfigurerAdapter {
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.authorizeRequests()
 					.mvcMatchers("/admin/**").hasAuthority("SCOPE_admin")
 					.anyRequest().hasAuthority("SCOPE_read")
 					.and()
 				.oauth2Login();
+			// @formatter:on
 		}
 
 		@Bean
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOpaqueTokenTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOpaqueTokenTests.java
index 041a4d2e0f..572b672e81 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOpaqueTokenTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOpaqueTokenTests.java
@@ -130,6 +130,7 @@ public class SecurityMockMvcRequestPostProcessorsOpaqueTokenTests {
 	static class OAuth2LoginConfig extends WebSecurityConfigurerAdapter {
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.authorizeRequests()
 					.mvcMatchers("/admin/**").hasAuthority("SCOPE_admin")
@@ -138,6 +139,7 @@ public class SecurityMockMvcRequestPostProcessorsOpaqueTokenTests {
 				.oauth2ResourceServer()
 					.opaqueToken()
 						.introspector(mock(OpaqueTokenIntrospector.class));
+			// @formatter:on
 		}
 
 		@RestController
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsTestSecurityContextStatelessTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsTestSecurityContextStatelessTests.java
index a82709e4ad..b957c7c98e 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsTestSecurityContextStatelessTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsTestSecurityContextStatelessTests.java
@@ -72,16 +72,15 @@ public class SecurityMockMvcRequestPostProcessorsTestSecurityContextStatelessTes
 	@EnableWebMvc
 	static class Config extends WebSecurityConfigurerAdapter {
 
-		// @formatter:off
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			super.configure(http);
-
+			// @formatter:off
 			http
 				.sessionManagement()
 					.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
+			// @formatter:on
 		}
-		// @formatter:on
 
 		// @formatter:off
 		@Autowired
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/CustomCsrfShowcaseTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/CustomCsrfShowcaseTests.java
index dfcdf91bfc..8ce1ec6637 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/CustomCsrfShowcaseTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/CustomCsrfShowcaseTests.java
@@ -74,14 +74,14 @@ public class CustomCsrfShowcaseTests {
 	@EnableWebMvc
 	static class Config extends WebSecurityConfigurerAdapter {
 
-		// @formatter:off
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.csrf()
 					.csrfTokenRepository(repo());
+			// @formatter:on
 		}
-		// @formatter:on
 
 		// @formatter:off
 		@Autowired
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomConfigAuthenticationTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomConfigAuthenticationTests.java
index c2a45bc74e..eedcc107fc 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomConfigAuthenticationTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomConfigAuthenticationTests.java
@@ -91,9 +91,9 @@ public class CustomConfigAuthenticationTests {
 	@EnableWebMvc
 	static class Config extends WebSecurityConfigurerAdapter {
 
-		// @formatter:off
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.authorizeRequests()
 					.anyRequest().authenticated()
@@ -105,8 +105,8 @@ public class CustomConfigAuthenticationTests {
 					.usernameParameter("user")
 					.passwordParameter("pass")
 					.loginPage("/authenticate");
+			// @formatter:on
 		}
-		// @formatter:on
 
 		// @formatter:off
 		@Bean
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomLoginRequestBuilderAuthenticationTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomLoginRequestBuilderAuthenticationTests.java
index 820f66d49a..821efe3b88 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomLoginRequestBuilderAuthenticationTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomLoginRequestBuilderAuthenticationTests.java
@@ -81,9 +81,9 @@ public class CustomLoginRequestBuilderAuthenticationTests {
 	@EnableWebMvc
 	static class Config extends WebSecurityConfigurerAdapter {
 
-		// @formatter:off
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.authorizeRequests()
 					.anyRequest().authenticated()
@@ -92,8 +92,8 @@ public class CustomLoginRequestBuilderAuthenticationTests {
 					.usernameParameter("user")
 					.passwordParameter("pass")
 					.loginPage("/authenticate");
+			// @formatter:on
 		}
-		// @formatter:on
 
 		// @formatter:off
 		@Bean
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/DefaultfSecurityRequestsTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/DefaultfSecurityRequestsTests.java
index ea580da186..a1bf100d43 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/DefaultfSecurityRequestsTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/DefaultfSecurityRequestsTests.java
@@ -85,17 +85,17 @@ public class DefaultfSecurityRequestsTests {
 	@EnableWebMvc
 	static class Config extends WebSecurityConfigurerAdapter {
 
-		// @formatter:off
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.authorizeRequests()
 					.antMatchers("/admin/**").hasRole("ADMIN")
 					.anyRequest().authenticated()
 					.and()
 				.httpBasic();
+			// @formatter:on
 		}
-		// @formatter:on
 
 		// @formatter:off
 		@Autowired
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/SecurityRequestsTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/SecurityRequestsTests.java
index e1bb963c04..226197aa38 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/SecurityRequestsTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/SecurityRequestsTests.java
@@ -103,17 +103,17 @@ public class SecurityRequestsTests {
 	@EnableWebMvc
 	static class Config extends WebSecurityConfigurerAdapter {
 
-		// @formatter:off
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.authorizeRequests()
 					.antMatchers("/admin/**").hasRole("ADMIN")
 					.anyRequest().authenticated()
 					.and()
 				.formLogin();
+			// @formatter:on
 		}
-		// @formatter:on
 
 		// @formatter:off
 		@Autowired
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserAuthenticationTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserAuthenticationTests.java
index 46b6df9861..cfdc27f7af 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserAuthenticationTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserAuthenticationTests.java
@@ -87,17 +87,17 @@ public class WithUserAuthenticationTests {
 	@EnableWebMvc
 	static class Config extends WebSecurityConfigurerAdapter {
 
-		// @formatter:off
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.authorizeRequests()
 					.antMatchers("/admin/**").hasRole("ADMIN")
 					.anyRequest().authenticated()
 					.and()
 				.formLogin();
+			// @formatter:on
 		}
-		// @formatter:on
 
 		// @formatter:off
 		@Autowired
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserClassLevelAuthenticationTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserClassLevelAuthenticationTests.java
index 7ebb3e4c51..951245aa12 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserClassLevelAuthenticationTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserClassLevelAuthenticationTests.java
@@ -87,17 +87,17 @@ public class WithUserClassLevelAuthenticationTests {
 	@EnableWebMvc
 	static class Config extends WebSecurityConfigurerAdapter {
 
-		// @formatter:off
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.authorizeRequests()
 					.antMatchers("/admin/**").hasRole("ADMIN")
 					.anyRequest().authenticated()
 					.and()
 				.httpBasic();
+			// @formatter:on
 		}
-		// @formatter:on
 
 		// @formatter:off
 		@Autowired
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserDetailsAuthenticationTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserDetailsAuthenticationTests.java
index 75ea96fcdd..5d89232bc8 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserDetailsAuthenticationTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserDetailsAuthenticationTests.java
@@ -79,17 +79,17 @@ public class WithUserDetailsAuthenticationTests {
 	@EnableWebMvc
 	static class Config extends WebSecurityConfigurerAdapter {
 
-		// @formatter:off
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.authorizeRequests()
 					.antMatchers("/admin/**").hasRole("ADMIN")
 					.anyRequest().authenticated()
 					.and()
 				.formLogin();
+			// @formatter:on
 		}
-		// @formatter:on
 
 		@Bean
 		@Override
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserDetailsClassLevelAuthenticationTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserDetailsClassLevelAuthenticationTests.java
index 56b2f324b8..23c19d12b6 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserDetailsClassLevelAuthenticationTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserDetailsClassLevelAuthenticationTests.java
@@ -79,17 +79,17 @@ public class WithUserDetailsClassLevelAuthenticationTests {
 	@EnableWebMvc
 	static class Config extends WebSecurityConfigurerAdapter {
 
-		// @formatter:off
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.authorizeRequests()
 					.antMatchers("/admin/**").hasRole("ADMIN")
 					.anyRequest().authenticated()
 					.and()
 				.formLogin();
+			// @formatter:on
 		}
-		// @formatter:on
 
 		@Bean
 		@Override
diff --git a/test/src/test/java/org/springframework/security/test/web/support/WebTestUtilsTests.java b/test/src/test/java/org/springframework/security/test/web/support/WebTestUtilsTests.java
index c7aead4ed9..914eb046b5 100644
--- a/test/src/test/java/org/springframework/security/test/web/support/WebTestUtilsTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/support/WebTestUtilsTests.java
@@ -189,29 +189,29 @@ public class WebTestUtilsTests {
 		static CsrfTokenRepository CSRF_REPO;
 		static SecurityContextRepository CONTEXT_REPO;
 
-		// @formatter:off
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
 			http
 				.csrf()
 					.csrfTokenRepository(CSRF_REPO)
 					.and()
 				.securityContext()
 					.securityContextRepository(CONTEXT_REPO);
+			// @formatter:on
 		}
-		// @formatter:on
 	}
 
 	@EnableWebSecurity
 	static class PartialSecurityConfig extends WebSecurityConfigurerAdapter {
 
-		// @formatter:off
 		@Override
 		public void configure(HttpSecurity http) {
+			// @formatter:off
 			http
 				.antMatcher("/willnotmatchthis");
+			// @formatter:on
 		}
-		// @formatter:on
 	}
 
 	@Configuration

From 63b5998fadd3c3e016106a43a68bc3d827966356 Mon Sep 17 00:00:00 2001
From: Phillip Webb <pwebb@vmware.com>
Date: Thu, 23 Jul 2020 12:58:41 -0700
Subject: [PATCH 03/84] Add noformat blocks around auth config

Find `auth` config using a regex search of `^\s*auths*$` and protect
them against formatting.

Issue gh-8945
---
 ...onProviderBuilderSecurityBuilderTests.java | 28 +++++++++----------
 ...AuthenticationProviderConfigurerTests.java | 14 ++++++----
 ...dapAuthenticationProviderTestsConfigs.java | 16 +++++------
 .../AuthenticationManagerBuilderTests.java    |  4 +++
 .../BaseAuthenticationConfig.java             |  2 ++
 .../NamespaceAuthenticationManagerTests.java  |  6 ++++
 .../NamespaceAuthenticationProviderTests.java |  4 +++
 .../NamespaceJdbcUserServiceTests.java        |  4 +++
 .../NamespacePasswordEncoderTests.java        |  6 ++++
 .../PasswordEncoderConfigurerTests.java       |  8 +++---
 .../AuthenticationConfigurationTests.java     |  2 ++
 ...lobalMethodSecurityConfigurationTests.java |  2 ++
 ...SampleEnableGlobalMethodSecurityTests.java |  4 +++
 ...mpleWebSecurityConfigurerAdapterTests.java |  6 ++++
 ...curityConfigurerAdapterPowermockTests.java |  2 ++
 .../WebSecurityConfigurerAdapterTests.java    | 10 +++++++
 .../web/builders/HttpConfigurationTests.java  |  2 ++
 .../web/builders/NamespaceHttpTests.java      |  2 ++
 ...icationPrincipalArgumentResolverTests.java |  2 ++
 .../configuration/EnableWebSecurityTests.java |  2 ++
 .../HttpSecurityAntMatchersTests.java         |  4 +++
 .../configurers/HttpSecurityLogoutTests.java  |  2 ++
 .../NamespaceHttpExpressionHandlerTests.java  |  2 ++
 .../NamespaceHttpInterceptUrlTests.java       |  2 ++
 .../NamespaceHttpPortMappingsTests.java       |  2 ++
 .../NamespaceHttpRequestCacheTests.java       |  4 +++
 .../configurers/NamespaceHttpX509Tests.java   | 10 +++++++
 .../configurers/NamespaceRememberMeTests.java |  2 ++
 ...ionManagementConfigurerServlet31Tests.java |  4 +--
 ...rerSessionAuthenticationStrategyTests.java |  4 +--
 ...onfigurerTransientAuthenticationTests.java |  2 ++
 .../core/GrantedAuthorityDefaultsJcTests.java |  2 ++
 .../showcase/WithMockUserParentTests.java     |  4 +--
 .../context/showcase/WithMockUserTests.java   |  4 +--
 .../showcase/WithUserDetailsTests.java        |  4 +--
 ...rocessorsAuthenticationStatelessTests.java |  4 +--
 ...sorsTestSecurityContextStatelessTests.java |  4 +--
 .../showcase/csrf/CsrfShowcaseTests.java      |  4 +--
 .../csrf/CustomCsrfShowcaseTests.java         |  4 +--
 .../csrf/DefaultCsrfShowcaseTests.java        |  4 +--
 .../DefaultfSecurityRequestsTests.java        |  4 +--
 .../secured/SecurityRequestsTests.java        |  4 +--
 .../secured/WithUserAuthenticationTests.java  |  4 +--
 ...WithUserClassLevelAuthenticationTests.java |  4 +--
 .../WithUserDetailsAuthenticationTests.java   |  4 +--
 ...rDetailsClassLevelAuthenticationTests.java |  4 +--
 46 files changed, 158 insertions(+), 64 deletions(-)

diff --git a/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/LdapAuthenticationProviderBuilderSecurityBuilderTests.java b/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/LdapAuthenticationProviderBuilderSecurityBuilderTests.java
index 9ff0675bc2..42736b22e4 100644
--- a/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/LdapAuthenticationProviderBuilderSecurityBuilderTests.java
+++ b/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/LdapAuthenticationProviderBuilderSecurityBuilderTests.java
@@ -74,14 +74,14 @@ public class LdapAuthenticationProviderBuilderSecurityBuilderTests {
 
 	@EnableWebSecurity
 	static class DefaultLdapConfig extends BaseLdapProviderConfig {
-		// @formatter:off
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
 			auth
 				.ldapAuthentication()
 					.contextSource(contextSource())
 					.userDnPatterns("uid={0},ou=people");
+			// @formatter:on
 		}
-		// @formatter:on
 	}
 
 	@Test
@@ -94,15 +94,15 @@ public class LdapAuthenticationProviderBuilderSecurityBuilderTests {
 
 	@EnableWebSecurity
 	static class GroupRolesConfig extends BaseLdapProviderConfig {
-		// @formatter:off
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
 			auth
 				.ldapAuthentication()
 					.contextSource(contextSource())
 					.userDnPatterns("uid={0},ou=people")
 					.groupRoleAttribute("group");
+			// @formatter:on
 		}
-		// @formatter:on
 	}
 
 	@Test
@@ -115,15 +115,15 @@ public class LdapAuthenticationProviderBuilderSecurityBuilderTests {
 
 	@EnableWebSecurity
 	static class GroupSearchConfig extends BaseLdapProviderConfig {
-		// @formatter:off
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
 			auth
 				.ldapAuthentication()
 					.contextSource(contextSource())
 					.userDnPatterns("uid={0},ou=people")
 					.groupSearchFilter("ou=groupName");
+			// @formatter:on
 		}
-		// @formatter:on
 	}
 
 	@Test
@@ -137,16 +137,16 @@ public class LdapAuthenticationProviderBuilderSecurityBuilderTests {
 
 	@EnableWebSecurity
 	static class GroupSubtreeSearchConfig extends BaseLdapProviderConfig {
-		// @formatter:off
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
 			auth
 				.ldapAuthentication()
 					.contextSource(contextSource())
 					.userDnPatterns("uid={0},ou=people")
 					.groupSearchFilter("ou=groupName")
 					.groupSearchSubtree(true);
+			// @formatter:on
 		}
-		// @formatter:on
 	}
 
 	@Test
@@ -159,15 +159,15 @@ public class LdapAuthenticationProviderBuilderSecurityBuilderTests {
 
 	@EnableWebSecurity
 	static class RolePrefixConfig extends BaseLdapProviderConfig {
-		// @formatter:off
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
 			auth
 				.ldapAuthentication()
 					.contextSource(contextSource())
 					.userDnPatterns("uid={0},ou=people")
 					.rolePrefix("role_");
+			// @formatter:on
 		}
-		// @formatter:on
 	}
 
 	@Test
@@ -180,16 +180,16 @@ public class LdapAuthenticationProviderBuilderSecurityBuilderTests {
 
 	@EnableWebSecurity
 	static class BindAuthenticationConfig extends BaseLdapServerConfig {
-		// @formatter:off
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
 			auth
 				.ldapAuthentication()
 					.contextSource(contextSource())
 					.groupSearchBase("ou=groups")
 					.groupSearchFilter("(member={0})")
 					.userDnPatterns("uid={0},ou=people");
+			// @formatter:on
 		}
-		// @formatter:on
 	}
 
 	// SEC-2472
@@ -203,8 +203,8 @@ public class LdapAuthenticationProviderBuilderSecurityBuilderTests {
 
 	@EnableWebSecurity
 	static class PasswordEncoderConfig extends BaseLdapServerConfig {
-		// @formatter:off
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
 			auth
 				.ldapAuthentication()
 					.contextSource(contextSource())
@@ -212,8 +212,8 @@ public class LdapAuthenticationProviderBuilderSecurityBuilderTests {
 					.groupSearchBase("ou=groups")
 					.groupSearchFilter("(member={0})")
 					.userDnPatterns("uid={0},ou=people");
+			// @formatter:on
 		}
-		// @formatter:on
 	}
 
 	private LdapAuthenticationProvider ldapProvider() {
diff --git a/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/LdapAuthenticationProviderConfigurerTests.java b/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/LdapAuthenticationProviderConfigurerTests.java
index 3cf29d6338..ab5960f1c4 100644
--- a/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/LdapAuthenticationProviderConfigurerTests.java
+++ b/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/LdapAuthenticationProviderConfigurerTests.java
@@ -83,8 +83,8 @@ public class LdapAuthenticationProviderConfigurerTests {
 
 	@EnableWebSecurity
 	static class MultiLdapAuthenticationProvidersConfig extends WebSecurityConfigurerAdapter {
-		// @formatter:off
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
 			auth
 				.ldapAuthentication()
 					.groupSearchBase("ou=groups")
@@ -95,14 +95,14 @@ public class LdapAuthenticationProviderConfigurerTests {
 					.groupSearchBase("ou=groups")
 					.groupSearchFilter("(member={0})")
 					.userDnPatterns("uid={0},ou=people");
+			// @formatter:on
 		}
-		// @formatter:on
 	}
 
 	@EnableWebSecurity
 	static class MultiLdapWithCustomRolePrefixAuthenticationProvidersConfig extends WebSecurityConfigurerAdapter {
-		// @formatter:off
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
 			auth
 				.ldapAuthentication()
 					.groupSearchBase("ou=groups")
@@ -115,14 +115,15 @@ public class LdapAuthenticationProviderConfigurerTests {
 					.groupSearchFilter("(member={0})")
 					.userDnPatterns("uid={0},ou=people")
 					.rolePrefix("RUOLO_");
+			// @formatter:on
 		}
-		// @formatter:on
 	}
 
 	@EnableWebSecurity
 	static class LdapWithRandomPortConfig extends WebSecurityConfigurerAdapter {
 		@Override
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
 			auth
 				.ldapAuthentication()
 					.groupSearchBase("ou=groups")
@@ -130,20 +131,21 @@ public class LdapAuthenticationProviderConfigurerTests {
 					.userDnPatterns("uid={0},ou=people")
 					.contextSource()
 						.port(0);
+			// @formatter:on
 		}
 	}
 
 	@EnableWebSecurity
 	static class GroupSubtreeSearchConfig extends BaseLdapProviderConfig {
-		// @formatter:off
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
 			auth
 				.ldapAuthentication()
 					.groupSearchBase("ou=groups")
 					.groupSearchFilter("(member={0})")
 					.groupSearchSubtree(true)
 					.userDnPatterns("uid={0},ou=people");
+			// @formatter:on
 		}
-		// @formatter:on
 	}
 }
diff --git a/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/NamespaceLdapAuthenticationProviderTestsConfigs.java b/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/NamespaceLdapAuthenticationProviderTestsConfigs.java
index c349ce6a1b..d73fb3a801 100644
--- a/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/NamespaceLdapAuthenticationProviderTestsConfigs.java
+++ b/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/NamespaceLdapAuthenticationProviderTestsConfigs.java
@@ -29,21 +29,21 @@ import org.springframework.security.ldap.userdetails.PersonContextMapper;
 public class NamespaceLdapAuthenticationProviderTestsConfigs {
 	@EnableWebSecurity
 	static class LdapAuthenticationProviderConfig extends WebSecurityConfigurerAdapter {
-		// @formatter:off
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
 			auth
 				.ldapAuthentication()
 					.groupSearchBase("ou=groups")
 					.userDnPatterns("uid={0},ou=people"); // ldap-server@user-dn-pattern
+			// @formatter:on
 		}
-		// @formatter:on
 	}
 
 	@EnableWebSecurity
 	static class CustomLdapAuthenticationProviderConfig extends
 			WebSecurityConfigurerAdapter {
-		// @formatter:off
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
 			auth
 				.ldapAuthentication()
 					.groupRoleAttribute("cn") // ldap-authentication-provider@group-role-attribute
@@ -63,28 +63,28 @@ public class NamespaceLdapAuthenticationProviderTestsConfigs {
 						.root("dc=springframework,dc=org") // ldap-server@root
 						// .url("ldap://localhost:33389/dc-springframework,dc=org") this overrides root and port and is used for external
 						;
+			// @formatter:on
 		}
-		// @formatter:on
 	}
 
 	@EnableWebSecurity
 	static class CustomAuthoritiesPopulatorConfig extends WebSecurityConfigurerAdapter {
 		static LdapAuthoritiesPopulator LAP;
 
-		// @formatter:off
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
 			auth
 				.ldapAuthentication()
 					.userSearchFilter("(uid={0})")
 					.ldapAuthoritiesPopulator(LAP);
+			// @formatter:on
 		}
-		// @formatter:on
 	}
 
 	@EnableWebSecurity
 	static class PasswordCompareLdapConfig extends WebSecurityConfigurerAdapter {
-		// @formatter:off
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
 			auth
 				.ldapAuthentication()
 					.groupSearchBase("ou=groups")
@@ -92,7 +92,7 @@ public class NamespaceLdapAuthenticationProviderTestsConfigs {
 					.passwordCompare()
 						.passwordEncoder(new BCryptPasswordEncoder()) // ldap-authentication-provider/password-compare/password-encoder@ref
 						.passwordAttribute("userPassword"); // ldap-authentication-provider/password-compare@password-attribute
+			// @formatter:on
 		}
-		// @formatter:on
 	}
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/AuthenticationManagerBuilderTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/AuthenticationManagerBuilderTests.java
index 6b02c0cb3f..6fac5b0e29 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/authentication/AuthenticationManagerBuilderTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/AuthenticationManagerBuilderTests.java
@@ -113,9 +113,11 @@ public class AuthenticationManagerBuilderTests {
 	static class PasswordEncoderGlobalConfig extends WebSecurityConfigurerAdapter {
 		@Autowired
 		void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
 			auth
 				.inMemoryAuthentication()
 				.withUser("user").password("password").roles("USER");
+			// @formatter:on
 		}
 
 		@Bean
@@ -139,9 +141,11 @@ public class AuthenticationManagerBuilderTests {
 	@EnableWebSecurity
 	static class PasswordEncoderConfig extends WebSecurityConfigurerAdapter {
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
 			auth
 				.inMemoryAuthentication()
 				.withUser("user").password("password").roles("USER");
+			// @formatter:on
 		}
 
 		@Bean
diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/BaseAuthenticationConfig.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/BaseAuthenticationConfig.java
index 172d463d46..b2546aee46 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/authentication/BaseAuthenticationConfig.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/BaseAuthenticationConfig.java
@@ -28,9 +28,11 @@ import org.springframework.security.config.annotation.authentication.builders.Au
 public class BaseAuthenticationConfig {
 	@Autowired
 	protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+		// @formatter:off
 		auth
 			.inMemoryAuthentication()
 				.withUser("user").password("password").roles("USER").and()
 				.withUser("admin").password("password").roles("USER", "ADMIN");
+		// @formatter:on
 	}
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationManagerTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationManagerTests.java
index 31c48eca29..cab352ce61 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationManagerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationManagerTests.java
@@ -55,9 +55,11 @@ public class NamespaceAuthenticationManagerTests {
 	static class EraseCredentialsTrueDefaultConfig extends WebSecurityConfigurerAdapter {
 		@Autowired
 		public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
 			auth
 				.inMemoryAuthentication()
 					.withUser(PasswordEncodedUser.user());
+			// @formatter:on
 		}
 	}
 
@@ -77,10 +79,12 @@ public class NamespaceAuthenticationManagerTests {
 	static class EraseCredentialsFalseConfig extends WebSecurityConfigurerAdapter {
 		@Override
 		public void configure(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
 			auth
 				.eraseCredentials(false)
 				.inMemoryAuthentication()
 				.withUser(PasswordEncodedUser.user());
+			// @formatter:on
 		}
 	}
 
@@ -97,10 +101,12 @@ public class NamespaceAuthenticationManagerTests {
 	static class GlobalEraseCredentialsFalseConfig extends WebSecurityConfigurerAdapter {
 		@Autowired
 		public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
 			auth
 				.eraseCredentials(false)
 				.inMemoryAuthentication()
 				.withUser(PasswordEncodedUser.user());
+			// @formatter:on
 		}
 	}
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationProviderTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationProviderTests.java
index b26b9fc2c6..d4ec0812ca 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationProviderTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationProviderTests.java
@@ -56,8 +56,10 @@ public class NamespaceAuthenticationProviderTests {
 	@EnableWebSecurity
 	static class AuthenticationProviderRefConfig extends WebSecurityConfigurerAdapter {
 		protected void configure(AuthenticationManagerBuilder auth) {
+			// @formatter:off
 			auth
 				.authenticationProvider(authenticationProvider());
+			// @formatter:on
 		}
 
 		@Bean
@@ -80,8 +82,10 @@ public class NamespaceAuthenticationProviderTests {
 	@EnableWebSecurity
 	static class UserServiceRefConfig extends WebSecurityConfigurerAdapter {
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
 			auth
 				.userDetailsService(userDetailsService());
+			// @formatter:on
 		}
 
 		@Bean
diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceJdbcUserServiceTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceJdbcUserServiceTests.java
index b1242b5a3f..8e17e22a47 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceJdbcUserServiceTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceJdbcUserServiceTests.java
@@ -63,11 +63,13 @@ public class NamespaceJdbcUserServiceTests {
 		private DataSource dataSource;
 
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
 			auth
 				.jdbcAuthentication()
 					.withDefaultSchema()
 					.withUser(PasswordEncodedUser.user())
 					.dataSource(this.dataSource); // jdbc-user-service@data-source-ref
+			// @formatter:on
 		}
 	}
 
@@ -94,6 +96,7 @@ public class NamespaceJdbcUserServiceTests {
 		private DataSource dataSource;
 
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
 			auth
 				.jdbcAuthentication()
 				// jdbc-user-service@dataSource
@@ -108,6 +111,7 @@ public class NamespaceJdbcUserServiceTests {
 				.groupAuthoritiesByUsername(JdbcUserDetailsManager.DEF_GROUP_AUTHORITIES_BY_USERNAME_QUERY)
 				// jdbc-user-service@role-prefix
 				.rolePrefix("ROLE_");
+			// @formatter:on
 
 		}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespacePasswordEncoderTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespacePasswordEncoderTests.java
index d8c2ce0ccc..61a34154e5 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespacePasswordEncoderTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespacePasswordEncoderTests.java
@@ -61,10 +61,12 @@ public class NamespacePasswordEncoderTests {
 		@Override
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
 			BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
+			// @formatter:off
 			auth
 				.inMemoryAuthentication()
 				.withUser("user").password(encoder.encode("password")).roles("USER").and()
 				.passwordEncoder(encoder);
+			// @formatter:on
 		}
 	}
 
@@ -82,12 +84,14 @@ public class NamespacePasswordEncoderTests {
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
 
 			BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
+			// @formatter:off
 			auth
 				.jdbcAuthentication()
 				.withDefaultSchema()
 				.dataSource(dataSource())
 				.withUser("user").password(encoder.encode("password")).roles("USER").and()
 				.passwordEncoder(encoder);
+			// @formatter:on
 		}
 
 		@Bean
@@ -116,9 +120,11 @@ public class NamespacePasswordEncoderTests {
 				.roles("USER")
 				.build();
 			InMemoryUserDetailsManager uds = new InMemoryUserDetailsManager(user);
+			// @formatter:off
 			auth
 				.userDetailsService(uds)
 				.passwordEncoder(encoder);
+			// @formatter:on
 		}
 
 		@Bean
diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/PasswordEncoderConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/PasswordEncoderConfigurerTests.java
index e145d411c5..2b2287b4f2 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/authentication/PasswordEncoderConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/PasswordEncoderConfigurerTests.java
@@ -49,15 +49,15 @@ public class PasswordEncoderConfigurerTests {
 
 	@EnableWebSecurity
 	static class PasswordEncoderConfig extends WebSecurityConfigurerAdapter {
-		// @formatter:off
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
 			BCryptPasswordEncoder encoder = passwordEncoder();
+			// @formatter:off
 			auth
 				.inMemoryAuthentication()
 					.withUser("user").password(encoder.encode("password")).roles("USER").and()
 					.passwordEncoder(encoder);
+			// @formatter:on
 		}
-		// @formatter:on
 
 		@Override
 		protected void configure(HttpSecurity http) {
@@ -80,15 +80,15 @@ public class PasswordEncoderConfigurerTests {
 	@EnableWebSecurity
 	static class PasswordEncoderNoAuthManagerLoadsConfig extends
 		WebSecurityConfigurerAdapter {
-		// @formatter:off
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
 			BCryptPasswordEncoder encoder = passwordEncoder();
+			// @formatter:off
 			auth
 				.inMemoryAuthentication()
 					.withUser("user").password(encoder.encode("password")).roles("USER").and()
 					.passwordEncoder(encoder);
+			// @formatter:on
 		}
-		// @formatter:on
 
 		@Bean
 		public BCryptPasswordEncoder passwordEncoder() {
diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationTests.java
index 3ba459170f..14546c85f7 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationTests.java
@@ -241,9 +241,11 @@ public class AuthenticationConfigurationTests {
 	static class ConfiguresInMemoryConfigurerAdapter extends GlobalAuthenticationConfigurerAdapter {
 
 		public void init(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
 			auth
 				.inMemoryAuthentication()
 					.withUser(PasswordEncodedUser.user());
+			// @formatter:on
 		}
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfigurationTests.java
index 221a63d24c..902af21b20 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfigurationTests.java
@@ -134,8 +134,10 @@ public class GlobalMethodSecurityConfigurationTests {
 	public static class InMemoryAuthWithGlobalMethodSecurityConfig extends GlobalMethodSecurityConfiguration {
 		@Override
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
 			auth
 				.inMemoryAuthentication();
+			// @formatter:on
 		}
 
 		@Bean
diff --git a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/SampleEnableGlobalMethodSecurityTests.java b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/SampleEnableGlobalMethodSecurityTests.java
index ea690af732..13ffa15645 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/SampleEnableGlobalMethodSecurityTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/SampleEnableGlobalMethodSecurityTests.java
@@ -74,10 +74,12 @@ public class SampleEnableGlobalMethodSecurityTests {
 
 		@Autowired
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
 			auth
 				.inMemoryAuthentication()
 					.withUser("user").password("password").roles("USER").and()
 					.withUser("admin").password("password").roles("USER", "ADMIN");
+			// @formatter:on
 		}
 	}
 
@@ -109,10 +111,12 @@ public class SampleEnableGlobalMethodSecurityTests {
 
 		@Override
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
 			auth
 				.inMemoryAuthentication()
 				.withUser("user").password("password").roles("USER").and()
 				.withUser("admin").password("password").roles("USER", "ADMIN");
+			// @formatter:on
 		}
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/SampleWebSecurityConfigurerAdapterTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/SampleWebSecurityConfigurerAdapterTests.java
index 218f261433..760152d496 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/SampleWebSecurityConfigurerAdapterTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/SampleWebSecurityConfigurerAdapterTests.java
@@ -135,9 +135,11 @@ public class SampleWebSecurityConfigurerAdapterTests {
 	public static class HelloWorldWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
 		@Override
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
 			auth
 				.inMemoryAuthentication()
 					.withUser(PasswordEncodedUser.user());
+			// @formatter:on
 		}
 	}
 
@@ -233,10 +235,12 @@ public class SampleWebSecurityConfigurerAdapterTests {
 
 		@Override
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
 			auth
 				.inMemoryAuthentication()
 					.withUser(PasswordEncodedUser.user())
 					.withUser(PasswordEncodedUser.admin());
+			// @formatter:on
 		}
 	}
 
@@ -346,10 +350,12 @@ public class SampleWebSecurityConfigurerAdapterTests {
 	public static class SampleMultiHttpSecurityConfig {
 		@Autowired
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
 			auth
 				.inMemoryAuthentication()
 					.withUser(PasswordEncodedUser.user())
 					.withUser(PasswordEncodedUser.admin());
+			// @formatter:on
 		}
 
 		@Configuration
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterPowermockTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterPowermockTests.java
index c35cdb39fe..a0643fcf3f 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterPowermockTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterPowermockTests.java
@@ -146,9 +146,11 @@ public class WebSecurityConfigurerAdapterPowermockTests {
 
 		@Override
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
 			auth
 					.inMemoryAuthentication()
 					.withUser(PasswordEncodedUser.user());
+			// @formatter:on
 		}
 
 		@Override
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterTests.java
index 8f784aa513..4d8bf244d1 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterTests.java
@@ -96,9 +96,11 @@ public class WebSecurityConfigurerAdapterTests {
 
 		@Override
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
 			auth
 				.inMemoryAuthentication()
 					.withUser(PasswordEncodedUser.user());
+			// @formatter:on
 		}
 
 		@Override
@@ -125,9 +127,11 @@ public class WebSecurityConfigurerAdapterTests {
 
 		@Override
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
 			auth
 				.inMemoryAuthentication()
 					.withUser(PasswordEncodedUser.user());
+			// @formatter:on
 		}
 
 		@Override
@@ -152,9 +156,11 @@ public class WebSecurityConfigurerAdapterTests {
 	static class InMemoryConfigureProtectedConfig extends WebSecurityConfigurerAdapter {
 		@Override
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
 			auth
 				.inMemoryAuthentication()
 					.withUser(PasswordEncodedUser.user());
+			// @formatter:on
 		}
 
 		@Override
@@ -180,9 +186,11 @@ public class WebSecurityConfigurerAdapterTests {
 	static class InMemoryConfigureGlobalConfig extends WebSecurityConfigurerAdapter {
 		@Autowired
 		public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
 			auth
 				.inMemoryAuthentication()
 					.withUser(PasswordEncodedUser.user());
+			// @formatter:on
 		}
 
 		@Override
@@ -283,9 +291,11 @@ public class WebSecurityConfigurerAdapterTests {
 
 		@Override
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
 			auth
 				.inMemoryAuthentication()
 					.withUser(PasswordEncodedUser.user());
+			// @formatter:on
 		}
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/builders/HttpConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/builders/HttpConfigurationTests.java
index 00fa2b4e96..620abd0367 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/builders/HttpConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/builders/HttpConfigurationTests.java
@@ -75,9 +75,11 @@ public class HttpConfigurationTests {
 		}
 
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
 			auth
 				.inMemoryAuthentication()
 					.withUser(PasswordEncodedUser.user());
+			// @formatter:on
 		}
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/builders/NamespaceHttpTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/builders/NamespaceHttpTests.java
index d94e54403e..a5a33c4fe5 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/builders/NamespaceHttpTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/builders/NamespaceHttpTests.java
@@ -479,9 +479,11 @@ public class NamespaceHttpTests {
 
 		@Override
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
 			auth
 				.inMemoryAuthentication()
 					.withUser(PasswordEncodedUser.user());
+			// @formatter:on
 		}
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/AuthenticationPrincipalArgumentResolverTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/AuthenticationPrincipalArgumentResolverTests.java
index 9392335bb8..021865f318 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/AuthenticationPrincipalArgumentResolverTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/AuthenticationPrincipalArgumentResolverTests.java
@@ -79,8 +79,10 @@ public class AuthenticationPrincipalArgumentResolverTests {
 	static class Config {
 		@Autowired
 		public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
 			auth
 				.inMemoryAuthentication();
+			// @formatter:off
 		}
 
 		@Bean
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/EnableWebSecurityTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/EnableWebSecurityTests.java
index fd77bea5d5..35dac47b9c 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/EnableWebSecurityTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/EnableWebSecurityTests.java
@@ -64,9 +64,11 @@ public class EnableWebSecurityTests {
 	static class SecurityConfig extends WebSecurityConfigurerAdapter {
 		@Override
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
 			auth
 				.inMemoryAuthentication()
 					.withUser(PasswordEncodedUser.user());
+			// @formatter:on
 		}
 
 		@Bean
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityAntMatchersTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityAntMatchersTests.java
index 29184b43ec..45836760f6 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityAntMatchersTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityAntMatchersTests.java
@@ -90,8 +90,10 @@ public class HttpSecurityAntMatchersTests {
 
 		@Override
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
 			auth
 				.inMemoryAuthentication();
+			// @formatter:on
 		}
 	}
 
@@ -123,8 +125,10 @@ public class HttpSecurityAntMatchersTests {
 
 		@Override
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
 			auth
 				.inMemoryAuthentication();
+			// @formatter:on
 		}
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityLogoutTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityLogoutTests.java
index 673705ef3a..e7a80a6e7b 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityLogoutTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityLogoutTests.java
@@ -95,8 +95,10 @@ public class HttpSecurityLogoutTests {
 
 		@Override
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
 			auth
 				.inMemoryAuthentication();
+			// @formatter:on
 		}
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpExpressionHandlerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpExpressionHandlerTests.java
index 3c5af7d6e9..7bea9d6eac 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpExpressionHandlerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpExpressionHandlerTests.java
@@ -77,9 +77,11 @@ public class NamespaceHttpExpressionHandlerTests {
 
 		@Override
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
 			auth
 				.inMemoryAuthentication()
 					.withUser("rod").password("password").roles("USER", "ADMIN");
+			// @formatter:on
 		}
 
 		@Override
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpInterceptUrlTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpInterceptUrlTests.java
index 76aa167d30..bea987ff28 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpInterceptUrlTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpInterceptUrlTests.java
@@ -147,10 +147,12 @@ public class NamespaceHttpInterceptUrlTests {
 		}
 
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
 			auth
 				.inMemoryAuthentication()
 					.withUser("user").password("password").roles("USER").and()
 					.withUser("admin").password("password").roles("USER", "ADMIN");
+			// @formatter:on
 		}
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpPortMappingsTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpPortMappingsTests.java
index f742f4c9e9..062d561a06 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpPortMappingsTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpPortMappingsTests.java
@@ -79,10 +79,12 @@ public class NamespaceHttpPortMappingsTests {
 		}
 
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
 			auth
 				.inMemoryAuthentication()
 					.withUser("user").password("password").roles("USER").and()
 					.withUser("admin").password("password").roles("USER", "ADMIN");
+			// @formatter:on
 		}
 	}
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpRequestCacheTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpRequestCacheTests.java
index ac895fc284..4504f74d6f 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpRequestCacheTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpRequestCacheTests.java
@@ -78,10 +78,12 @@ public class NamespaceHttpRequestCacheTests {
 		}
 
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
 			auth
 					.inMemoryAuthentication()
 					.withUser(PasswordEncodedUser.user())
 					.withUser(PasswordEncodedUser.admin());
+			// @formatter:on
 		}
 
 		@Bean
@@ -114,10 +116,12 @@ public class NamespaceHttpRequestCacheTests {
 		}
 
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
 			auth
 				.inMemoryAuthentication()
 					.withUser(PasswordEncodedUser.user())
 					.withUser(PasswordEncodedUser.admin());
+			// @formatter:on
 		}
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpX509Tests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpX509Tests.java
index 6f9d7d7cc4..f77c04facd 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpX509Tests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpX509Tests.java
@@ -81,9 +81,11 @@ public class NamespaceHttpX509Tests {
 	public static class X509Config extends WebSecurityConfigurerAdapter {
 		@Override
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
 			auth
 				.inMemoryAuthentication()
 					.withUser("rod").password("password").roles("USER", "ADMIN");
+			// @formatter:on
 		}
 
 		@Override
@@ -114,9 +116,11 @@ public class NamespaceHttpX509Tests {
 	static class AuthenticationDetailsSourceRefConfig extends WebSecurityConfigurerAdapter {
 		@Override
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
 			auth
 				.inMemoryAuthentication()
 					.withUser("rod").password("password").roles("USER", "ADMIN");
+			// @formatter:on
 		}
 
 		@Override
@@ -152,9 +156,11 @@ public class NamespaceHttpX509Tests {
 	public static class SubjectPrincipalRegexConfig extends WebSecurityConfigurerAdapter {
 		@Override
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
 			auth
 				.inMemoryAuthentication()
 					.withUser("rod").password("password").roles("USER", "ADMIN");
+			// @formatter:on
 		}
 
 		@Override
@@ -183,9 +189,11 @@ public class NamespaceHttpX509Tests {
 	public static class CustomPrincipalExtractorConfig extends WebSecurityConfigurerAdapter {
 		@Override
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
 			auth
 				.inMemoryAuthentication()
 					.withUser("rod@example.com").password("password").roles("USER", "ADMIN");
+			// @formatter:on
 		}
 
 		@Override
@@ -222,9 +230,11 @@ public class NamespaceHttpX509Tests {
 	public static class UserDetailsServiceRefConfig extends WebSecurityConfigurerAdapter {
 		@Override
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
 			auth
 				.inMemoryAuthentication()
 					.withUser("rod").password("password").roles("USER", "ADMIN");
+			// @formatter:on
 		}
 
 		@Override
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceRememberMeTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceRememberMeTests.java
index b1e03fe1d7..41673a98cb 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceRememberMeTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceRememberMeTests.java
@@ -441,8 +441,10 @@ public class NamespaceRememberMeTests {
 
 		@Override
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
 			auth
 				.userDetailsService(USERDETAILS_SERVICE);
+			// @formatter:on
 		}
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerServlet31Tests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerServlet31Tests.java
index f9d5a64972..cd8d78f5bf 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerServlet31Tests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerServlet31Tests.java
@@ -113,14 +113,14 @@ public class SessionManagementConfigurerServlet31Tests {
 			// @formatter:on
 		}
 
-		// @formatter:off
 		@Override
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
 			auth
 				.inMemoryAuthentication()
 					.withUser(PasswordEncodedUser.user());
+			// @formatter:on
 		}
-		// @formatter:on
 	}
 
 	private void loadConfig(Class<?>... classes) {
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerSessionAuthenticationStrategyTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerSessionAuthenticationStrategyTests.java
index 6d4b39966f..eb8f2d0e02 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerSessionAuthenticationStrategyTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerSessionAuthenticationStrategyTests.java
@@ -71,13 +71,13 @@ public class SessionManagementConfigurerSessionAuthenticationStrategyTests {
 			// @formatter:on
 		}
 
-		// @formatter:off
 		@Override
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
 			auth
 				.inMemoryAuthentication()
 					.withUser(PasswordEncodedUser.user());
+			// @formatter:on
 		}
-		// @formatter:on
 	}
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTransientAuthenticationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTransientAuthenticationTests.java
index 98d863223d..b8f99f009c 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTransientAuthenticationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTransientAuthenticationTests.java
@@ -78,8 +78,10 @@ public class SessionManagementConfigurerTransientAuthenticationTests {
 
 		@Override
 		protected void configure(AuthenticationManagerBuilder auth) {
+			// @formatter:off
 			auth
 				.authenticationProvider(new TransientAuthenticationProvider());
+			// @formatter:on
 		}
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsJcTests.java b/config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsJcTests.java
index d62e1f8821..dcf6e5995f 100644
--- a/config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsJcTests.java
+++ b/config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsJcTests.java
@@ -158,9 +158,11 @@ public class GrantedAuthorityDefaultsJcTests {
 
 		@Autowired
 		public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
 			auth
 				.inMemoryAuthentication()
 					.withUser("user").password("password").roles("USER");
+			// @formatter:on
 		}
 
 		@Override
diff --git a/test/src/test/java/org/springframework/security/test/context/showcase/WithMockUserParentTests.java b/test/src/test/java/org/springframework/security/test/context/showcase/WithMockUserParentTests.java
index 0f25882073..a15edc44d6 100644
--- a/test/src/test/java/org/springframework/security/test/context/showcase/WithMockUserParentTests.java
+++ b/test/src/test/java/org/springframework/security/test/context/showcase/WithMockUserParentTests.java
@@ -48,13 +48,13 @@ public class WithMockUserParentTests extends WithMockUserParent {
 	@EnableGlobalMethodSecurity(prePostEnabled = true)
 	@ComponentScan(basePackageClasses = HelloMessageService.class)
 	static class Config {
-		// @formatter:off
 		@Autowired
 		public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
 			auth
 				.inMemoryAuthentication()
 					.withUser("user").password("password").roles("USER");
+			// @formatter:on
 		}
-		// @formatter:on
 	}
 }
\ No newline at end of file
diff --git a/test/src/test/java/org/springframework/security/test/context/showcase/WithMockUserTests.java b/test/src/test/java/org/springframework/security/test/context/showcase/WithMockUserTests.java
index eafe930b31..a525f310b5 100644
--- a/test/src/test/java/org/springframework/security/test/context/showcase/WithMockUserTests.java
+++ b/test/src/test/java/org/springframework/security/test/context/showcase/WithMockUserTests.java
@@ -77,13 +77,13 @@ public class WithMockUserTests {
 	@EnableGlobalMethodSecurity(prePostEnabled = true)
 	@ComponentScan(basePackageClasses = HelloMessageService.class)
 	static class Config {
-		// @formatter:off
 		@Autowired
 		public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
 			auth
 				.inMemoryAuthentication()
 					.withUser("user").password("password").roles("USER");
+			// @formatter:on
 		}
-		// @formatter:on
 	}
 }
\ No newline at end of file
diff --git a/test/src/test/java/org/springframework/security/test/context/showcase/WithUserDetailsTests.java b/test/src/test/java/org/springframework/security/test/context/showcase/WithUserDetailsTests.java
index 55a8af3d38..8143f4f01a 100644
--- a/test/src/test/java/org/springframework/security/test/context/showcase/WithUserDetailsTests.java
+++ b/test/src/test/java/org/springframework/security/test/context/showcase/WithUserDetailsTests.java
@@ -77,13 +77,13 @@ public class WithUserDetailsTests {
 	@EnableGlobalMethodSecurity(prePostEnabled = true)
 	@ComponentScan(basePackageClasses = HelloMessageService.class)
 	static class Config {
-		// @formatter:off
 		@Autowired
 		public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
 			auth
 					.userDetailsService(myUserDetailsService());
+			// @formatter:on
 		}
-		// @formatter:on
 
 		@Bean
 		public UserDetailsService myUserDetailsService() {
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsAuthenticationStatelessTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsAuthenticationStatelessTests.java
index e4d84b99d9..51c92c5032 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsAuthenticationStatelessTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsAuthenticationStatelessTests.java
@@ -82,13 +82,13 @@ public class SecurityMockMvcRequestPostProcessorsAuthenticationStatelessTests {
 			// @formatter:on
 		}
 
-		// @formatter:off
 		@Autowired
 		public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
 			auth
 				.inMemoryAuthentication();
+			// @formatter:on
 		}
-		// @formatter:on
 
 		@RestController
 		static class Controller {
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsTestSecurityContextStatelessTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsTestSecurityContextStatelessTests.java
index b957c7c98e..cc01f37ac1 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsTestSecurityContextStatelessTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsTestSecurityContextStatelessTests.java
@@ -82,13 +82,13 @@ public class SecurityMockMvcRequestPostProcessorsTestSecurityContextStatelessTes
 			// @formatter:on
 		}
 
-		// @formatter:off
 		@Autowired
 		public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
 			auth
 				.inMemoryAuthentication();
+			// @formatter:on
 		}
-		// @formatter:on
 
 		@RestController
 		static class Controller {
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/CsrfShowcaseTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/CsrfShowcaseTests.java
index bf5f71edfe..b61a4247ef 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/CsrfShowcaseTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/CsrfShowcaseTests.java
@@ -75,13 +75,13 @@ public class CsrfShowcaseTests {
 		protected void configure(HttpSecurity http) {
 		}
 
-		// @formatter:off
 		@Autowired
 		public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
 			auth
 				.inMemoryAuthentication()
 					.withUser("user").password("password").roles("USER");
+			// @formatter:on
 		}
-		// @formatter:on
 	}
 }
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/CustomCsrfShowcaseTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/CustomCsrfShowcaseTests.java
index 8ce1ec6637..ad66e089a1 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/CustomCsrfShowcaseTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/CustomCsrfShowcaseTests.java
@@ -83,14 +83,14 @@ public class CustomCsrfShowcaseTests {
 			// @formatter:on
 		}
 
-		// @formatter:off
 		@Autowired
 		public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
 			auth
 				.inMemoryAuthentication()
 					.withUser("user").password("password").roles("USER");
+			// @formatter:on
 		}
-		// @formatter:on
 
 		@Bean
 		public CsrfTokenRepository repo() {
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/DefaultCsrfShowcaseTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/DefaultCsrfShowcaseTests.java
index 4554ca660d..42081d209f 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/DefaultCsrfShowcaseTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/DefaultCsrfShowcaseTests.java
@@ -70,13 +70,13 @@ public class DefaultCsrfShowcaseTests {
 		protected void configure(HttpSecurity http) {
 		}
 
-		// @formatter:off
 		@Autowired
 		public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
 			auth
 				.inMemoryAuthentication()
 					.withUser("user").password("password").roles("USER");
+			// @formatter:on
 		}
-		// @formatter:on
 	}
 }
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/DefaultfSecurityRequestsTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/DefaultfSecurityRequestsTests.java
index a1bf100d43..31858ba6d6 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/DefaultfSecurityRequestsTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/DefaultfSecurityRequestsTests.java
@@ -97,13 +97,13 @@ public class DefaultfSecurityRequestsTests {
 			// @formatter:on
 		}
 
-		// @formatter:off
 		@Autowired
 		public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
 			auth
 				.inMemoryAuthentication()
 					.withUser("user").password("password").roles("USER");
+			// @formatter:on
 		}
-		// @formatter:on
 	}
 }
\ No newline at end of file
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/SecurityRequestsTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/SecurityRequestsTests.java
index 226197aa38..4514754ff5 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/SecurityRequestsTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/SecurityRequestsTests.java
@@ -115,14 +115,14 @@ public class SecurityRequestsTests {
 			// @formatter:on
 		}
 
-		// @formatter:off
 		@Autowired
 		public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
 			auth
 				.inMemoryAuthentication()
 					.withUser("user").password("password").roles("USER");
+			// @formatter:on
 		}
-		// @formatter:on
 
 		@Override
 		@Bean
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserAuthenticationTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserAuthenticationTests.java
index cfdc27f7af..4a58ac6bde 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserAuthenticationTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserAuthenticationTests.java
@@ -99,13 +99,13 @@ public class WithUserAuthenticationTests {
 			// @formatter:on
 		}
 
-		// @formatter:off
 		@Autowired
 		public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
 			auth
 				.inMemoryAuthentication()
 					.withUser("user").password("password").roles("USER");
+			// @formatter:on
 		}
-		// @formatter:on
 	}
 }
\ No newline at end of file
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserClassLevelAuthenticationTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserClassLevelAuthenticationTests.java
index 951245aa12..a0bd420579 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserClassLevelAuthenticationTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserClassLevelAuthenticationTests.java
@@ -99,13 +99,13 @@ public class WithUserClassLevelAuthenticationTests {
 			// @formatter:on
 		}
 
-		// @formatter:off
 		@Autowired
 		public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
 			auth
 				.inMemoryAuthentication()
 					.withUser("user").password("password").roles("USER");
+			// @formatter:on
 		}
-		// @formatter:on
 	}
 }
\ No newline at end of file
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserDetailsAuthenticationTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserDetailsAuthenticationTests.java
index 5d89232bc8..be7234f3ef 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserDetailsAuthenticationTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserDetailsAuthenticationTests.java
@@ -97,14 +97,14 @@ public class WithUserDetailsAuthenticationTests {
 			return super.userDetailsServiceBean();
 		}
 
-		// @formatter:off
 		@Autowired
 		public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
 			auth
 				.inMemoryAuthentication()
 					.withUser("user").password("password").roles("USER").and()
 					.withUser("admin").password("password").roles("USER", "ADMIN");
+			// @formatter:on
 		}
-		// @formatter:on
 	}
 }
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserDetailsClassLevelAuthenticationTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserDetailsClassLevelAuthenticationTests.java
index 23c19d12b6..9c34d662df 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserDetailsClassLevelAuthenticationTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserDetailsClassLevelAuthenticationTests.java
@@ -97,14 +97,14 @@ public class WithUserDetailsClassLevelAuthenticationTests {
 			return super.userDetailsServiceBean();
 		}
 
-		// @formatter:off
 		@Autowired
 		public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
 			auth
 				.inMemoryAuthentication()
 					.withUser("user").password("password").roles("USER").and()
 					.withUser("admin").password("password").roles("USER", "ADMIN");
+			// @formatter:on
 		}
-		// @formatter:on
 	}
 }

From 6979125ccf3d169f47ea8e6f4b6e1007a0a213ba Mon Sep 17 00:00:00 2001
From: Phillip Webb <pwebb@vmware.com>
Date: Thu, 23 Jul 2020 13:05:15 -0700
Subject: [PATCH 04/84] Add noformat blocks around User.withUsername

Find `User.withUsername` calls and protect them against formatting.

Issue gh-8945
---
 .../core/userdetails/UserDetailsMapFactoryBean.java    |  2 ++
 .../authentication/NamespacePasswordEncoderTests.java  |  2 ++
 .../web/reactive/EnableWebFluxSecurityTests.java       |  2 ++
 .../UserDetailsResourceFactoryBeanTests.java           |  3 ++-
 ...veUserDetailsServiceAuthenticationManagerTests.java |  4 ++++
 ...lsRepositoryReactiveAuthenticationManagerTests.java | 10 ++++++++--
 .../MapReactiveUserDetailsServiceTests.java            |  2 ++
 .../security/core/userdetails/UserTests.java           |  4 ++++
 8 files changed, 26 insertions(+), 3 deletions(-)

diff --git a/config/src/main/java/org/springframework/security/config/core/userdetails/UserDetailsMapFactoryBean.java b/config/src/main/java/org/springframework/security/config/core/userdetails/UserDetailsMapFactoryBean.java
index 0048eb7e4e..f455fd7363 100644
--- a/config/src/main/java/org/springframework/security/config/core/userdetails/UserDetailsMapFactoryBean.java
+++ b/config/src/main/java/org/springframework/security/config/core/userdetails/UserDetailsMapFactoryBean.java
@@ -67,12 +67,14 @@ public class UserDetailsMapFactoryBean implements FactoryBean<Collection<UserDet
 				throw new IllegalStateException("The entry with username '" + name
 					+ "' and value '" + property + "' could not be converted to a UserDetails.");
 			}
+			// @formatter:off
 			UserDetails user = User.withUsername(name)
 				.password(attr.getPassword())
 				.disabled(!attr.isEnabled())
 				.authorities(attr.getAuthorities())
 				.build();
 			users.add(user);
+			// @formatter:on
 		} return users;
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespacePasswordEncoderTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespacePasswordEncoderTests.java
index 61a34154e5..e4ed142b39 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespacePasswordEncoderTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespacePasswordEncoderTests.java
@@ -114,11 +114,13 @@ public class NamespacePasswordEncoderTests {
 		@Override
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
 			BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
+			// @formatter:off
 			UserDetails user = User.withUsername("user")
 				.passwordEncoder(encoder::encode)
 				.password("password")
 				.roles("USER")
 				.build();
+			// @formatter:on
 			InMemoryUserDetailsManager uds = new InMemoryUserDetailsManager(user);
 			// @formatter:off
 			auth
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurityTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurityTests.java
index 4be1c2b325..2c43f59c57 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurityTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurityTests.java
@@ -255,10 +255,12 @@ public class EnableWebFluxSecurityTests {
 	static class MapReactiveUserDetailsServiceConfig {
 		@Bean
 		public MapReactiveUserDetailsService userDetailsService() {
+			// @formatter:off
 			return new MapReactiveUserDetailsService(User.withUsername("user")
 					.password("{noop}password")
 					.roles("USER")
 					.build()
+			// @formatter:on
 			);
 		}
 	}
diff --git a/config/src/test/java/org/springframework/security/config/core/userdetails/UserDetailsResourceFactoryBeanTests.java b/config/src/test/java/org/springframework/security/config/core/userdetails/UserDetailsResourceFactoryBeanTests.java
index 6317995e78..f02f51d137 100644
--- a/config/src/test/java/org/springframework/security/config/core/userdetails/UserDetailsResourceFactoryBeanTests.java
+++ b/config/src/test/java/org/springframework/security/config/core/userdetails/UserDetailsResourceFactoryBeanTests.java
@@ -92,11 +92,12 @@ public class UserDetailsResourceFactoryBeanTests {
 
 	private void assertLoaded() throws Exception {
 		Collection<UserDetails> users = factory.getObject();
-
+		// @formatter:off
 		UserDetails expectedUser = User.withUsername("user")
 			.password("password")
 			.authorities("ROLE_USER")
 			.build();
+		// @formatter:on
 		assertThat(users).containsExactly(expectedUser);
 	}
 }
diff --git a/core/src/test/java/org/springframework/security/authentication/ReactiveUserDetailsServiceAuthenticationManagerTests.java b/core/src/test/java/org/springframework/security/authentication/ReactiveUserDetailsServiceAuthenticationManagerTests.java
index 73011471b0..d6352818cc 100644
--- a/core/src/test/java/org/springframework/security/authentication/ReactiveUserDetailsServiceAuthenticationManagerTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/ReactiveUserDetailsServiceAuthenticationManagerTests.java
@@ -76,10 +76,12 @@ public class ReactiveUserDetailsServiceAuthenticationManagerTests {
 
 	@Test
 	public void authenticateWhenPasswordNotEqualThenBadCredentials() {
+		// @formatter:off
 		UserDetails user = PasswordEncodedUser.withUsername(this.username)
 			.password(this.password)
 			.roles("USER")
 			.build();
+		// @formatter:on
 		when(repository.findByUsername(user.getUsername())).thenReturn(Mono.just(user));
 
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(username, this.password + "INVALID");
@@ -93,10 +95,12 @@ public class ReactiveUserDetailsServiceAuthenticationManagerTests {
 
 	@Test
 	public void authenticateWhenSuccessThenSuccess() {
+		// @formatter:off
 		UserDetails user = PasswordEncodedUser.withUsername(this.username)
 			.password(this.password)
 			.roles("USER")
 			.build();
+		// @formatter:on
 		when(repository.findByUsername(user.getUsername())).thenReturn(Mono.just(user));
 
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(username, password);
diff --git a/core/src/test/java/org/springframework/security/authentication/UserDetailsRepositoryReactiveAuthenticationManagerTests.java b/core/src/test/java/org/springframework/security/authentication/UserDetailsRepositoryReactiveAuthenticationManagerTests.java
index 793edd5db3..937b61edb2 100644
--- a/core/src/test/java/org/springframework/security/authentication/UserDetailsRepositoryReactiveAuthenticationManagerTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/UserDetailsRepositoryReactiveAuthenticationManagerTests.java
@@ -59,10 +59,12 @@ public class UserDetailsRepositoryReactiveAuthenticationManagerTests {
 	@Mock
 	private UserDetailsChecker postAuthenticationChecks;
 
+	// @formatter:off
 	private UserDetails user = User.withUsername("user")
 		.password("password")
 		.roles("USER")
 		.build();
+	// @formatter:on
 
 	private UserDetailsRepositoryReactiveAuthenticationManager manager;
 
@@ -176,12 +178,13 @@ public class UserDetailsRepositoryReactiveAuthenticationManagerTests {
 	@Test(expected = AccountExpiredException.class)
 	public void authenticateWhenAccountExpiredThenException() {
 		this.manager.setPasswordEncoder(this.encoder);
-
+		// @formatter:off
 		UserDetails expiredUser = User.withUsername("user")
 				.password("password")
 				.roles("USER")
 				.accountExpired(true)
 				.build();
+		// @formatter:on
 		when(this.userDetailsService.findByUsername(any())).thenReturn(Mono.just(expiredUser));
 
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(
@@ -193,12 +196,13 @@ public class UserDetailsRepositoryReactiveAuthenticationManagerTests {
 	@Test(expected = LockedException.class)
 	public void authenticateWhenAccountLockedThenException() {
 		this.manager.setPasswordEncoder(this.encoder);
-
+		// @formatter:off
 		UserDetails lockedUser = User.withUsername("user")
 				.password("password")
 				.roles("USER")
 				.accountLocked(true)
 				.build();
+		// @formatter:on
 		when(this.userDetailsService.findByUsername(any())).thenReturn(Mono.just(lockedUser));
 
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(
@@ -211,11 +215,13 @@ public class UserDetailsRepositoryReactiveAuthenticationManagerTests {
 	public void authenticateWhenAccountDisabledThenException() {
 		this.manager.setPasswordEncoder(this.encoder);
 
+		// @formatter:off
 		UserDetails disabledUser = User.withUsername("user")
 				.password("password")
 				.roles("USER")
 				.disabled(true)
 				.build();
+		// @formatter:on
 		when(this.userDetailsService.findByUsername(any())).thenReturn(Mono.just(disabledUser));
 
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(
diff --git a/core/src/test/java/org/springframework/security/core/userdetails/MapReactiveUserDetailsServiceTests.java b/core/src/test/java/org/springframework/security/core/userdetails/MapReactiveUserDetailsServiceTests.java
index 97154ac416..3bf1fd7007 100644
--- a/core/src/test/java/org/springframework/security/core/userdetails/MapReactiveUserDetailsServiceTests.java
+++ b/core/src/test/java/org/springframework/security/core/userdetails/MapReactiveUserDetailsServiceTests.java
@@ -27,10 +27,12 @@ import org.junit.Test;
 import reactor.core.publisher.Mono;
 
 public class MapReactiveUserDetailsServiceTests {
+	// @formatter:off
 	private static final UserDetails USER_DETAILS = User.withUsername("user")
 			.password("password")
 			.roles("USER")
 			.build();
+	// @formatter:on
 
 	private MapReactiveUserDetailsService users = new MapReactiveUserDetailsService(Arrays.asList(USER_DETAILS));
 
diff --git a/core/src/test/java/org/springframework/security/core/userdetails/UserTests.java b/core/src/test/java/org/springframework/security/core/userdetails/UserTests.java
index 00478f6474..36f4ce417e 100644
--- a/core/src/test/java/org/springframework/security/core/userdetails/UserTests.java
+++ b/core/src/test/java/org/springframework/security/core/userdetails/UserTests.java
@@ -203,11 +203,13 @@ public class UserTests {
 
 	@Test
 	public void withUsernameWhenPasswordAndPasswordEncoderThenEncodes() {
+		// @formatter:off
 		UserDetails withEncodedPassword = User.withUsername("user")
 			.passwordEncoder(p -> p + "encoded")
 			.password("password")
 			.roles("USER")
 			.build();
+		// @formatter:on
 
 		assertThat(withEncodedPassword.getPassword()).isEqualTo("passwordencoded");
 	}
@@ -215,12 +217,14 @@ public class UserTests {
 	@Test
 	public void withUsernameWhenPasswordAndPasswordEncoderTwiceThenEncodesOnce() {
 		Function<String, String> encoder = p -> p + "encoded";
+		// @formatter:off
 		UserDetails withEncodedPassword = User.withUsername("user")
 			.passwordEncoder(encoder)
 			.password("password")
 			.passwordEncoder(encoder)
 			.roles("USER")
 			.build();
+		// @formatter:on
 
 		assertThat(withEncodedPassword.getPassword()).isEqualTo("passwordencoded");
 	}

From 8e092f8d2cc8d33fef9905703cc87c3deef5d678 Mon Sep 17 00:00:00 2001
From: Phillip Webb <pwebb@vmware.com>
Date: Thu, 23 Jul 2020 13:23:10 -0700
Subject: [PATCH 05/84] Add noformat blocks around withDefaultPasswordEncoder

Find `withDefaultPasswordEncoder` calls and protect them against
formatting.

Issue gh-8945
---
 .../config/annotation/rsocket/HelloRSocketITests.java         | 2 ++
 .../rsocket/RSocketMessageHandlerConnectionITests.java        | 3 ++-
 .../annotation/rsocket/RSocketMessageHandlerITests.java       | 2 ++
 .../config/annotation/rsocket/SimpleAuthenticationITests.java | 2 ++
 .../web/configurers/ExceptionHandlingConfigurerTests.java     | 2 ++
 .../annotation/web/configurers/HttpBasicConfigurerTests.java  | 2 ++
 .../annotation/web/configurers/NamespaceHttpBasicTests.java   | 2 ++
 .../web/configurers/NamespaceHttpCustomFilterTests.java       | 2 ++
 .../web/configurers/NamespaceHttpFormLoginTests.java          | 2 ++
 .../web/configurers/NamespaceHttpOpenIDLoginTests.java        | 2 ++
 .../annotation/web/configurers/NamespaceRememberMeTests.java  | 2 ++
 .../web/configurers/NamespaceSessionManagementTests.java      | 2 ++
 .../annotation/web/configurers/RememberMeConfigurerTests.java | 2 ++
 .../web/configurers/RequestCacheConfigurerTests.java          | 2 ++
 .../server/resource/OAuth2ResourceServerConfigurerTests.java  | 4 ++++
 .../servlet/response/SecurityMockMvcResultMatchersTests.java  | 4 ++--
 .../SecurityMockWithAuthoritiesMvcResultMatchersTests.java    | 4 ++--
 .../test/web/servlet/showcase/login/AuthenticationTests.java  | 4 ++--
 18 files changed, 38 insertions(+), 7 deletions(-)

diff --git a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/HelloRSocketITests.java b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/HelloRSocketITests.java
index 876e22d2a5..624332b308 100644
--- a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/HelloRSocketITests.java
+++ b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/HelloRSocketITests.java
@@ -147,11 +147,13 @@ public class HelloRSocketITests {
 
 		@Bean
 		MapReactiveUserDetailsService uds() {
+			// @formatter:off
 			UserDetails rob = User.withDefaultPasswordEncoder()
 					.username("rob")
 					.password("password")
 					.roles("USER", "ADMIN")
 					.build();
+			// @formatter:on
 			return new MapReactiveUserDetailsService(rob);
 		}
 	}
diff --git a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerConnectionITests.java b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerConnectionITests.java
index 269bcbb951..66cafbebef 100644
--- a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerConnectionITests.java
+++ b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerConnectionITests.java
@@ -268,6 +268,7 @@ public class RSocketMessageHandlerConnectionITests {
 
 		@Bean
 		MapReactiveUserDetailsService uds() {
+			// @formatter:off
 			UserDetails admin = User.withDefaultPasswordEncoder()
 					.username("admin")
 					.password("password")
@@ -278,12 +279,12 @@ public class RSocketMessageHandlerConnectionITests {
 					.password("password")
 					.roles("USER", "SETUP")
 					.build();
-
 			UserDetails evil = User.withDefaultPasswordEncoder()
 					.username("evil")
 					.password("password")
 					.roles("EVIL")
 					.build();
+			// @formatter:on
 			return new MapReactiveUserDetailsService(admin, user, evil);
 		}
 
diff --git a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerITests.java b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerITests.java
index 19f5e1010c..0256651580 100644
--- a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerITests.java
+++ b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerITests.java
@@ -237,6 +237,7 @@ public class RSocketMessageHandlerITests {
 
 		@Bean
 		MapReactiveUserDetailsService uds() {
+			// @formatter:off
 			UserDetails rob = User.withDefaultPasswordEncoder()
 					.username("rob")
 					.password("password")
@@ -247,6 +248,7 @@ public class RSocketMessageHandlerITests {
 					.password("password")
 					.roles("USER")
 					.build();
+			// @formatter:on
 			return new MapReactiveUserDetailsService(rob, rossen);
 		}
 
diff --git a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/SimpleAuthenticationITests.java b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/SimpleAuthenticationITests.java
index 9c9f4607c3..1e01b26cd8 100644
--- a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/SimpleAuthenticationITests.java
+++ b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/SimpleAuthenticationITests.java
@@ -165,11 +165,13 @@ public class SimpleAuthenticationITests {
 
 		@Bean
 		MapReactiveUserDetailsService uds() {
+			// @formatter:off
 			UserDetails rob = User.withDefaultPasswordEncoder()
 					.username("rob")
 					.password("password")
 					.roles("USER", "ADMIN")
 					.build();
+			// @formatter:on
 			return new MapReactiveUserDetailsService(rob);
 		}
 	}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurerTests.java
index bd452d0090..5b4ea82259 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurerTests.java
@@ -251,12 +251,14 @@ public class ExceptionHandlingConfigurerTests {
 
 		@Bean
 		public InMemoryUserDetailsManager userDetailsManager() {
+			// @formatter:off
 			return new InMemoryUserDetailsManager(User.withDefaultPasswordEncoder()
 				.username("user")
 				.password("password")
 				.roles("USER")
 				.build()
 			);
+			// @formatter:off
 		}
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpBasicConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpBasicConfigurerTests.java
index 4a33b440e5..455621bedb 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpBasicConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpBasicConfigurerTests.java
@@ -259,11 +259,13 @@ public class HttpBasicConfigurerTests {
 		@Bean
 		public UserDetailsService userDetailsService() {
 			return new InMemoryUserDetailsManager(
+					// @formatter:off
 					User.withDefaultPasswordEncoder()
 							.username("user")
 							.password("password")
 							.roles("USER")
 							.build()
+					// @formatter:on
 			);
 		}
 	}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpBasicTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpBasicTests.java
index 967b12d8ea..30239fcf54 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpBasicTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpBasicTests.java
@@ -83,11 +83,13 @@ public class NamespaceHttpBasicTests {
 		@Bean
 		public UserDetailsService userDetailsService() {
 			return new InMemoryUserDetailsManager(
+				// @formatter:off
 				User.withDefaultPasswordEncoder()
 					.username("user")
 					.password("password")
 					.roles("USER")
 					.build()
+				// @formatter:on
 			);
 		}
 	}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpCustomFilterTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpCustomFilterTests.java
index 8e23245742..9c504e0c8f 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpCustomFilterTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpCustomFilterTests.java
@@ -170,11 +170,13 @@ public class NamespaceHttpCustomFilterTests {
 		@Bean
 		public UserDetailsService userDetailsService() {
 			return new InMemoryUserDetailsManager(
+					// @formatter:off
 					User.withDefaultPasswordEncoder()
 							.username("user")
 							.password("password")
 							.roles("USER")
 							.build());
+					// @formatter:on
 		}
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFormLoginTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFormLoginTests.java
index 553033215c..04fd811943 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFormLoginTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFormLoginTests.java
@@ -188,11 +188,13 @@ public class NamespaceHttpFormLoginTests {
 		@Bean
 		public UserDetailsService userDetailsService() {
 			return new InMemoryUserDetailsManager(
+					// @formatter:off
 					User.withDefaultPasswordEncoder()
 							.username("user")
 							.password("password")
 							.roles("USER")
 							.build());
+					// @formatter:on
 		}
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpOpenIDLoginTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpOpenIDLoginTests.java
index 04bbe88d51..7687bab5d5 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpOpenIDLoginTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpOpenIDLoginTests.java
@@ -300,11 +300,13 @@ public class NamespaceHttpOpenIDLoginTests {
 		@Bean
 		public UserDetailsService userDetailsService() {
 			return new InMemoryUserDetailsManager(
+					// @formatter:off
 					User.withDefaultPasswordEncoder()
 							.username("user")
 							.password("password")
 							.roles("USER")
 							.build());
+					// @formatter:on
 		}
 	}
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceRememberMeTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceRememberMeTests.java
index 41673a98cb..b46aab6f9b 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceRememberMeTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceRememberMeTests.java
@@ -499,11 +499,13 @@ public class NamespaceRememberMeTests {
 		@Bean
 		public UserDetailsService userDetailsService() {
 			return new InMemoryUserDetailsManager(
+					// @formatter:off
 					User.withDefaultPasswordEncoder()
 							.username("user")
 							.password("password")
 							.roles("USER")
 							.build());
+					// @formatter:on
 		}
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceSessionManagementTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceSessionManagementTests.java
index e163d7946e..21ba2ef19d 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceSessionManagementTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceSessionManagementTests.java
@@ -413,11 +413,13 @@ public class NamespaceSessionManagementTests {
 		@Bean
 		UserDetailsService userDetailsService() {
 			return new InMemoryUserDetailsManager(
+					// @formatter:off
 					User.withDefaultPasswordEncoder()
 							.username("user")
 							.password("password")
 							.roles("USER")
 							.build());
+					// @formatter:on
 		}
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurerTests.java
index 1cba7745fe..2988162ff0 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurerTests.java
@@ -190,11 +190,13 @@ public class RememberMeConfigurerTests {
 		@Bean
 		public UserDetailsService userDetailsService() {
 			return new InMemoryUserDetailsManager(
+					// @formatter:off
 					User.withDefaultPasswordEncoder()
 							.username("user")
 							.password("password")
 							.roles("USER")
 							.build()
+					// @formatter:on
 			);
 		}
 	}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestCacheConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestCacheConfigurerTests.java
index 5b22f8662f..3647b0210a 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestCacheConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestCacheConfigurerTests.java
@@ -399,12 +399,14 @@ public class RequestCacheConfigurerTests {
 
 		@Bean
 		public InMemoryUserDetailsManager userDetailsManager() {
+			// @formatter:off
 			return new InMemoryUserDetailsManager(User.withDefaultPasswordEncoder()
 					.username("user")
 					.password("password")
 					.roles("USER")
 					.build()
 			);
+			// @formatter:on
 		}
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java
index 957c383d96..a830d226c1 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java
@@ -1746,11 +1746,13 @@ public class OAuth2ResourceServerConfigurerTests {
 		@Bean
 		public UserDetailsService userDetailsService() {
 			return new InMemoryUserDetailsManager(
+					// @formatter:off
 					org.springframework.security.core.userdetails.User.withDefaultPasswordEncoder()
 							.username("basic-user")
 							.password("basic-password")
 							.roles("USER")
 							.build());
+					// @formatter:on
 		}
 	}
 
@@ -1819,11 +1821,13 @@ public class OAuth2ResourceServerConfigurerTests {
 		@Bean
 		public UserDetailsService userDetailsService() {
 			return new InMemoryUserDetailsManager(
+					// @formatter:off
 					org.springframework.security.core.userdetails.User.withDefaultPasswordEncoder()
 							.username("basic-user")
 							.password("basic-password")
 							.roles("USER")
 							.build());
+					// @formatter:on
 		}
 	}
 
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/response/SecurityMockMvcResultMatchersTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/response/SecurityMockMvcResultMatchersTests.java
index 9a63cfe4fa..fdb23bcf24 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/response/SecurityMockMvcResultMatchersTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/response/SecurityMockMvcResultMatchersTests.java
@@ -100,13 +100,13 @@ public class SecurityMockMvcResultMatchersTests {
 	@EnableWebMvc
 	static class Config extends WebSecurityConfigurerAdapter {
 
-		// @formatter:off
 		@Bean
 		public UserDetailsService userDetailsService() {
+			// @formatter:off
 			UserDetails user = User.withDefaultPasswordEncoder().username("user").password("password").roles("USER", "SELLER").build();
+			// @formatter:on
 			return new InMemoryUserDetailsManager(user);
 		}
-		// @formatter:on
 
 		@RestController
 		static class Controller {
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/response/SecurityMockWithAuthoritiesMvcResultMatchersTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/response/SecurityMockWithAuthoritiesMvcResultMatchersTests.java
index 5f4b7af1f9..5753a20f98 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/response/SecurityMockWithAuthoritiesMvcResultMatchersTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/response/SecurityMockWithAuthoritiesMvcResultMatchersTests.java
@@ -80,13 +80,13 @@ public class SecurityMockWithAuthoritiesMvcResultMatchersTests {
 	@EnableWebMvc
 	static class Config extends WebSecurityConfigurerAdapter {
 
-		// @formatter:off
 		@Bean
 		public UserDetailsService userDetailsService() {
+			// @formatter:off
 			UserDetails user = User.withDefaultPasswordEncoder().username("user").password("password").roles("ADMIN", "SELLER").build();
 			return new InMemoryUserDetailsManager(user);
+			// @formatter:on
 		}
-		// @formatter:on
 
 		@RestController
 		static class Controller {
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/AuthenticationTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/AuthenticationTests.java
index 660872ea58..bc445ea770 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/AuthenticationTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/AuthenticationTests.java
@@ -90,12 +90,12 @@ public class AuthenticationTests {
 	@EnableWebSecurity
 	@EnableWebMvc
 	static class Config extends WebSecurityConfigurerAdapter {
-		// @formatter:off
 		@Bean
 		public UserDetailsService userDetailsService() {
+			// @formatter:off
 			UserDetails user = User.withDefaultPasswordEncoder().username("user").password("password").roles("USER").build();
 			return new InMemoryUserDetailsManager(user);
+			// @formatter:on
 		}
-		// @formatter:on
 	}
 }

From 9caa39e3701be9a3fa778c6c1a2b3564cd126bfb Mon Sep 17 00:00:00 2001
From: Phillip Webb <pwebb@vmware.com>
Date: Thu, 23 Jul 2020 14:55:09 -0700
Subject: [PATCH 06/84] Fix malformed formatter-on/off javadoc

Remove the formatter-on/formatter-off comments from Javadoc examples
so that they don't confuse checkstyle. The comments are not necessary
in the Javadoc since `pre` blocks are not formatted in the same
way as code.

Issue gh-8945
---
 .../security/config/annotation/rsocket/RSocketSecurity.java | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/config/src/main/java/org/springframework/security/config/annotation/rsocket/RSocketSecurity.java b/config/src/main/java/org/springframework/security/config/annotation/rsocket/RSocketSecurity.java
index 8ab04005e8..d36acdbc44 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/rsocket/RSocketSecurity.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/rsocket/RSocketSecurity.java
@@ -56,7 +56,6 @@ import java.util.List;
  * <pre class="code">
  * &#064;EnableRSocketSecurity
  * public class SecurityConfig {
- *     // @formatter:off
  *     &#064;Bean
  *     PayloadSocketAcceptorInterceptor rsocketInterceptor(RSocketSecurity rsocket) {
  *         rsocket
@@ -66,9 +65,7 @@ import java.util.List;
  *             );
  *         return rsocket.build();
  *     }
- *     // @formatter:on
  *
- *     // @formatter:off
  *     &#064;Bean
  *     public MapReactiveUserDetailsService userDetailsService() {
  *          UserDetails user = User.withDefaultPasswordEncoder()
@@ -78,7 +75,6 @@ import java.util.List;
  *               .build();
  *          return new MapReactiveUserDetailsService(user);
  *     }
- *     // @formatter:on
  * }
  * </pre>
  *
@@ -87,7 +83,6 @@ import java.util.List;
  * <pre class="code">
  * &#064;EnableRSocketSecurity
  * public class SecurityConfig {
- *     // @formatter:off
  *     &#064;Bean
  *     PayloadSocketAcceptorInterceptor rsocketInterceptor(RSocketSecurity rsocket) {
  *         rsocket
@@ -102,7 +97,6 @@ import java.util.List;
  *             );
  *         return rsocket.build();
  *     }
- *     // @formatter:on
  * }
  * </pre>
  * @author Rob Winch

From 81d9c6cac552d95c3455960d0fae61afb68990ee Mon Sep 17 00:00:00 2001
From: Phillip Webb <pwebb@vmware.com>
Date: Thu, 23 Jul 2020 14:15:24 -0700
Subject: [PATCH 07/84] Add spring-javaformat plugin

Add spring-javaformat plugin but disable it for all sample projects.

Issue gh-8945
---
 build.gradle      | 13 ++++++++++++-
 gradle.properties |  1 +
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/build.gradle b/build.gradle
index ace768def7..66c2497d07 100644
--- a/build.gradle
+++ b/build.gradle
@@ -1,6 +1,7 @@
 buildscript {
 	dependencies {
 		classpath 'io.spring.gradle:spring-build-conventions:0.0.33.RELEASE'
+		classpath "io.spring.javaformat:spring-javaformat-gradle-plugin:$springJavaformatVersion"
 		classpath "org.springframework.boot:spring-boot-gradle-plugin:$springBootVersion"
 		classpath 'io.spring.nohttp:nohttp-gradle:0.0.5.RELEASE'
 		classpath "io.freefair.gradle:aspectj-plugin:5.0.1"
@@ -34,12 +35,22 @@ subprojects {
 	plugins.withType(JavaPlugin) {
 		project.sourceCompatibility='1.8'
 	}
-
 	tasks.withType(JavaCompile) {
 		options.encoding = "UTF-8"
 	}
 }
 
+allprojects {
+	apply plugin: 'io.spring.javaformat'
+	if (project.name.contains('sample')) {
+		tasks.whenTaskAdded { task ->
+			if (task.name.contains('format') || task.name.contains('checkFormat')) {
+				task.enabled = false
+			}
+		}
+	}
+}
+
 nohttp {
 	allowlistFile = project.file("etc/nohttp/allowlist.lines")
 }
diff --git a/gradle.properties b/gradle.properties
index 8030f9eddc..aca683ccc0 100644
--- a/gradle.properties
+++ b/gradle.properties
@@ -1,5 +1,6 @@
 aspectjVersion=1.9.3
 gaeVersion=1.9.80
+springJavaformatVersion=0.0.24
 springBootVersion=2.4.0-M1
 version=5.4.0-SNAPSHOT
 kotlinVersion=1.3.72

From b7fc18262d86a8ceb390a6b5649d1ecc50245f08 Mon Sep 17 00:00:00 2001
From: Phillip Webb <pwebb@vmware.com>
Date: Mon, 10 Aug 2020 16:39:17 -0500
Subject: [PATCH 08/84] Reformat code using spring-javaformat

Run `./gradlew format` to reformat all java files.

Issue gh-8945
---
 .../security/acls/AclEntryVoter.java          |   45 +-
 .../acls/AclPermissionCacheOptimizer.java     |    8 +-
 .../security/acls/AclPermissionEvaluator.java |   33 +-
 .../afterinvocation/AbstractAclProvider.java  |   24 +-
 ...InvocationCollectionFilteringProvider.java |   26 +-
 .../AclEntryAfterInvocationProvider.java      |   25 +-
 .../acls/afterinvocation/ArrayFilterer.java   |   10 +-
 .../afterinvocation/CollectionFilterer.java   |    6 +-
 .../acls/afterinvocation/Filterer.java        |    5 +-
 .../acls/afterinvocation/package-info.java    |    5 +-
 .../acls/domain/AbstractPermission.java       |    4 +-
 .../acls/domain/AccessControlEntryImpl.java   |   25 +-
 .../acls/domain/AclAuthorizationStrategy.java |    4 +
 .../domain/AclAuthorizationStrategyImpl.java  |   16 +-
 .../acls/domain/AclFormattingUtils.java       |   14 +-
 .../security/acls/domain/AclImpl.java         |  103 +-
 .../security/acls/domain/AuditLogger.java     |    2 +
 .../security/acls/domain/BasePermission.java  |    6 +
 .../acls/domain/ConsoleAuditLogger.java       |    2 +
 .../acls/domain/CumulativePermission.java     |    6 +-
 .../acls/domain/DefaultPermissionFactory.java |    8 +-
 .../DefaultPermissionGrantingStrategy.java    |   23 +-
 .../acls/domain/EhCacheBasedAclCache.java     |   13 +-
 .../acls/domain/GrantedAuthoritySid.java      |    8 +-
 .../domain/IdentityUnavailableException.java  |    4 +-
 .../acls/domain/ObjectIdentityImpl.java       |   17 +-
 .../ObjectIdentityRetrievalStrategyImpl.java  |    5 +-
 .../acls/domain/PermissionFactory.java        |    3 +-
 .../security/acls/domain/PrincipalSid.java    |    2 +
 .../acls/domain/SidRetrievalStrategyImpl.java |    1 +
 .../acls/domain/SpringCacheBasedAclCache.java |   13 +-
 .../security/acls/domain/package-info.java    |    1 -
 .../security/acls/jdbc/AclClassIdUtils.java   |   43 +-
 .../acls/jdbc/BasicLookupStrategy.java        |  200 ++--
 .../security/acls/jdbc/JdbcAclService.java    |   50 +-
 .../acls/jdbc/JdbcMutableAclService.java      |  105 +-
 .../security/acls/jdbc/LookupStrategy.java    |    4 +-
 .../security/acls/jdbc/package-info.java      |    1 -
 .../acls/model/AccessControlEntry.java        |    8 +-
 .../security/acls/model/Acl.java              |   15 +-
 .../security/acls/model/AclCache.java         |    2 +
 .../acls/model/AclDataAccessException.java    |    3 +-
 .../security/acls/model/AclService.java       |   22 +-
 .../acls/model/AlreadyExistsException.java    |    4 +-
 .../model/AuditableAccessControlEntry.java    |    2 +
 .../security/acls/model/AuditableAcl.java     |    2 +
 .../acls/model/ChildrenExistException.java    |    4 +-
 .../security/acls/model/MutableAcl.java       |    9 +-
 .../acls/model/MutableAclService.java         |   12 +-
 .../acls/model/NotFoundException.java         |    4 +-
 .../security/acls/model/ObjectIdentity.java   |    5 +-
 .../acls/model/ObjectIdentityGenerator.java   |    1 -
 .../ObjectIdentityRetrievalStrategy.java      |    2 +
 .../security/acls/model/OwnershipAcl.java     |    2 +
 .../security/acls/model/Permission.java       |    6 +-
 .../model/PermissionGrantingStrategy.java     |    7 +-
 .../security/acls/model/Sid.java              |    5 +-
 .../acls/model/SidRetrievalStrategy.java      |    2 +
 .../acls/model/UnloadedSidException.java      |    4 +-
 .../security/acls/model/package-info.java     |    4 +-
 .../security/acls/package-info.java           |   12 +-
 .../acls/AclFormattingUtilsTests.java         |   32 +-
 .../AclPermissionCacheOptimizerTests.java     |    3 +-
 .../acls/AclPermissionEvaluatorTests.java     |    2 +-
 .../security/acls/TargetObjectWithUUID.java   |    1 +
 ...ationCollectionFilteringProviderTests.java |   21 +-
 .../AclEntryAfterInvocationProviderTests.java |   66 +-
 .../domain/AccessControlImplEntryTests.java   |   46 +-
 .../AclAuthorizationStrategyImplTests.java    |   11 +-
 .../security/acls/domain/AclImplTests.java    |  303 ++---
 .../AclImplementationSecurityCheckTests.java  |  144 +--
 .../acls/domain/AuditLoggerTests.java         |    5 +
 .../acls/domain/ObjectIdentityImplTests.java  |    8 +-
 ...ectIdentityRetrievalStrategyImplTests.java |    2 +
 .../security/acls/domain/PermissionTests.java |   53 +-
 .../acls/domain/SpecialPermission.java        |    3 +
 .../AbstractBasicLookupStrategyTests.java     |   61 +-
 .../acls/jdbc/AclClassIdUtilsTests.java       |    6 +-
 .../acls/jdbc/BasicLookupStrategyTests.java   |    3 +-
 .../BasicLookupStrategyTestsDbHelper.java     |    9 +-
 ...icLookupStrategyWithAclClassTypeTests.java |   26 +-
 .../security/acls/jdbc/DatabaseSeeder.java    |    2 +
 .../acls/jdbc/EhCacheBasedAclCacheTests.java  |   60 +-
 .../acls/jdbc/JdbcAclServiceTests.java        |   26 +-
 .../acls/jdbc/JdbcMutableAclServiceTests.java |   93 +-
 ...cMutableAclServiceTestsWithAclClassId.java |   22 +-
 .../jdbc/SpringCacheBasedAclCacheTests.java   |   51 +-
 .../security/acls/sid/CustomSid.java          |    2 +
 .../acls/sid/SidRetrievalStrategyTests.java   |    8 +-
 .../security/acls/sid/SidTests.java           |   52 +-
 .../aspect/AnnotationSecurityAspectTests.java |   43 +-
 .../security/cas/SamlServiceProperties.java   |    1 +
 .../security/cas/ServiceProperties.java       |    9 +-
 .../CasAssertionAuthenticationToken.java      |    1 +
 .../CasAuthenticationProvider.java            |   76 +-
 .../CasAuthenticationToken.java               |   73 +-
 .../EhCacheBasedTicketCache.java              |    9 +-
 .../NullStatelessTicketCache.java             |    2 +-
 .../SpringCacheBasedTicketCache.java          |   11 +-
 .../authentication/StatelessTicketCache.java  |   10 +-
 .../cas/authentication/package-info.java      |    4 +-
 .../cas/jackson2/AssertionImplMixin.java      |   25 +-
 .../jackson2/AttributePrincipalImplMixin.java |   22 +-
 .../jackson2/CasAuthenticationTokenMixin.java |   17 +-
 .../cas/jackson2/CasJackson2Module.java       |   14 +-
 .../security/cas/package-info.java            |    4 +-
 ...bstractCasAssertionUserDetailsService.java |    6 +-
 ...AssertionAttributesUserDetailsService.java |   22 +-
 .../cas/web/CasAuthenticationEntryPoint.java  |   33 +-
 .../cas/web/CasAuthenticationFilter.java      |   82 +-
 .../DefaultServiceAuthenticationDetails.java  |   14 +-
 .../ServiceAuthenticationDetails.java         |    3 +-
 .../ServiceAuthenticationDetailsSource.java   |   17 +-
 .../cas/web/authentication/package-info.java  |    1 -
 .../security/cas/web/package-info.java        |    1 -
 .../AbstractStatelessTicketCacheTests.java    |    4 +-
 .../CasAuthenticationProviderTests.java       |   36 +-
 .../CasAuthenticationTokenTests.java          |   86 +-
 .../EhCacheBasedTicketCacheTests.java         |    2 +
 .../NullStatelessTicketCacheTests.java        |    1 +
 .../SpringCacheBasedTicketCacheTests.java     |    5 +-
 .../CasAuthenticationTokenMixinTests.java     |   53 +-
 ...tionAttributesUserDetailsServiceTests.java |    7 +-
 .../web/CasAuthenticationEntryPointTests.java |   14 +-
 .../cas/web/CasAuthenticationFilterTests.java |   27 +-
 .../cas/web/ServicePropertiesTests.java       |    2 +
 ...aultServiceAuthenticationDetailsTests.java |   39 +-
 ...onProviderBuilderSecurityBuilderTests.java |   39 +-
 ...AuthenticationProviderConfigurerTests.java |   21 +-
 ...espaceLdapAuthenticationProviderTests.java |   12 +-
 ...dapAuthenticationProviderTestsConfigs.java |   13 +-
 .../annotation/rsocket/HelloHandler.java      |   20 +-
 .../rsocket/HelloRSocketITests.java           |   43 +-
 .../config/annotation/rsocket/JwtITests.java  |   63 +-
 ...RSocketMessageHandlerConnectionITests.java |  151 +--
 .../rsocket/RSocketMessageHandlerITests.java  |  116 +-
 .../rsocket/SimpleAuthenticationITests.java   |   52 +-
 ...LdapProviderBeanDefinitionParserTests.java |  106 +-
 .../LdapServerBeanDefinitionParserTests.java  |   17 +-
 ...pUserServiceBeanDefinitionParserTests.java |   36 +-
 .../security/config/BeanIds.java              |   25 +-
 .../security/config/Customizer.java           |    6 +-
 .../config/DebugBeanDefinitionParser.java     |    5 +-
 .../security/config/Elements.java             |   52 +
 .../config/SecurityNamespaceHandler.java      |   55 +-
 .../AbstractConfiguredSecurityBuilder.java    |   42 +-
 .../annotation/AbstractSecurityBuilder.java   |    6 +-
 .../annotation/AlreadyBuiltException.java     |    1 +
 .../annotation/ObjectPostProcessor.java       |    3 +-
 .../config/annotation/SecurityBuilder.java    |    3 +-
 .../config/annotation/SecurityConfigurer.java |    6 +-
 .../annotation/SecurityConfigurerAdapter.java |   22 +-
 .../ProviderManagerBuilder.java               |   10 +-
 .../AuthenticationManagerBuilder.java         |   55 +-
 .../AuthenticationConfiguration.java          |   93 +-
 .../EnableGlobalAuthentication.java           |    1 +
 ...GlobalAuthenticationConfigurerAdapter.java |    5 +-
 ...ticationProviderBeanManagerConfigurer.java |   29 +-
 ...alizeUserDetailsBeanManagerConfigurer.java |   21 +-
 .../LdapAuthenticationProviderConfigurer.java |  122 +-
 .../InMemoryUserDetailsManagerConfigurer.java |    2 +-
 .../JdbcUserDetailsManagerConfigurer.java     |   17 +-
 .../UserDetailsManagerConfigurer.java         |   24 +-
 .../AbstractDaoAuthenticationConfigurer.java  |    8 +-
 .../DaoAuthenticationConfigurer.java          |    5 +-
 .../UserDetailsAwareConfigurer.java           |    2 +-
 .../UserDetailsServiceConfigurer.java         |    2 +-
 ...utowireBeanFactoryObjectPostProcessor.java |   20 +-
 .../ObjectPostProcessorConfiguration.java     |    5 +-
 .../EnableGlobalMethodSecurity.java           |    8 +-
 .../EnableReactiveMethodSecurity.java         |   21 +-
 ...thodSecurityAspectJAutoProxyRegistrar.java |   16 +-
 .../GlobalMethodSecurityConfiguration.java    |  114 +-
 .../GlobalMethodSecuritySelector.java         |   21 +-
 .../Jsr250MetadataSourceConfiguration.java    |    1 +
 ...ecurityMetadataSourceAdvisorRegistrar.java |   19 +-
 .../ReactiveMethodSecurityConfiguration.java  |   17 +-
 .../ReactiveMethodSecuritySelector.java       |   18 +-
 .../rsocket/EnableRSocketSecurity.java        |    4 +-
 .../rsocket/PayloadInterceptorOrder.java      |    8 +-
 .../annotation/rsocket/RSocketSecurity.java   |   67 +-
 .../rsocket/RSocketSecurityConfiguration.java |   12 +-
 ...ocketAcceptorInterceptorConfiguration.java |   20 +-
 .../web/AbstractRequestMatcherRegistry.java   |   55 +-
 .../annotation/web/HttpSecurityBuilder.java   |   25 +-
 .../annotation/web/WebSecurityConfigurer.java |    8 +-
 .../web/builders/FilterComparator.java        |   43 +-
 .../annotation/web/builders/HttpSecurity.java |  597 +++++-----
 .../annotation/web/builders/WebSecurity.java  |   98 +-
 ...edWebSecurityConfigurersIgnoreParents.java |    7 +-
 .../web/configuration/EnableWebSecurity.java  |    7 +-
 .../HttpSecurityConfiguration.java            |   33 +-
 .../OAuth2ClientConfiguration.java            |   41 +-
 .../configuration/OAuth2ImportSelector.java   |   19 +-
 .../SecurityReactorContextConfiguration.java  |   30 +-
 .../SpringWebMvcImportSelector.java           |    4 +-
 .../WebMvcSecurityConfiguration.java          |    8 +-
 .../WebSecurityConfiguration.java             |   28 +-
 .../WebSecurityConfigurerAdapter.java         |  161 ++-
 ...bstractAuthenticationFilterConfigurer.java |   79 +-
 ...ConfigAttributeRequestMatcherRegistry.java |   23 +-
 .../configurers/AbstractHttpConfigurer.java   |    2 +-
 .../AbstractInterceptUrlConfigurer.java       |   37 +-
 .../web/configurers/AnonymousConfigurer.java  |   30 +-
 .../ChannelSecurityConfigurer.java            |   36 +-
 .../web/configurers/CorsConfigurer.java       |   38 +-
 .../web/configurers/CsrfConfigurer.java       |   87 +-
 .../DefaultLoginPageConfigurer.java           |   14 +-
 .../ExceptionHandlingConfigurer.java          |   46 +-
 .../ExpressionUrlAuthorizationConfigurer.java |   87 +-
 .../web/configurers/FormLoginConfigurer.java  |   10 +-
 .../web/configurers/HeadersConfigurer.java    |  262 ++---
 .../web/configurers/HttpBasicConfigurer.java  |   64 +-
 .../web/configurers/JeeConfigurer.java        |   35 +-
 .../web/configurers/LogoutConfigurer.java     |   79 +-
 .../web/configurers/PermitAllSupport.java     |   23 +-
 .../web/configurers/PortMapperConfigurer.java |   10 +-
 .../web/configurers/RememberMeConfigurer.java |   99 +-
 .../configurers/RequestCacheConfigurer.java   |   16 +-
 .../SecurityContextConfigurer.java            |   17 +-
 .../web/configurers/ServletApiConfigurer.java |   24 +-
 .../SessionManagementConfigurer.java          |  157 ++-
 .../UrlAuthorizationConfigurer.java           |   59 +-
 .../web/configurers/X509Configurer.java       |   31 +-
 .../client/ImplicitGrantConfigurer.java       |   31 +-
 .../oauth2/client/OAuth2ClientConfigurer.java |   82 +-
 .../client/OAuth2ClientConfigurerUtils.java   |   55 +-
 .../oauth2/client/OAuth2LoginConfigurer.java  |  263 +++--
 .../OAuth2ResourceServerConfigurer.java       |  145 +--
 .../openid/OpenIDLoginConfigurer.java         |   75 +-
 .../saml2/Saml2LoginConfigurer.java           |  132 +--
 ...MessageSecurityMetadataSourceRegistry.java |   96 +-
 .../web/reactive/EnableWebFluxSecurity.java   |    5 +-
 .../ReactiveOAuth2ClientImportSelector.java   |   24 +-
 .../ServerHttpSecurityConfiguration.java      |   22 +-
 .../WebFluxSecurityConfiguration.java         |   13 +-
 .../configuration/EnableWebMvcSecurity.java   |    2 +-
 .../WebMvcSecurityConfiguration.java          |    7 +-
 ...urityWebSocketMessageBrokerConfigurer.java |   49 +-
 ...serDetailsServiceBeanDefinitionParser.java |   33 +-
 ...enticationManagerBeanDefinitionParser.java |   66 +-
 .../AuthenticationManagerFactoryBean.java     |   14 +-
 ...nticationProviderBeanDefinitionParser.java |   31 +-
 .../JdbcUserServiceBeanDefinitionParser.java  |   14 +-
 .../authentication/PasswordEncoderParser.java |   13 +-
 .../UserServiceBeanDefinitionParser.java      |   19 +-
 .../config/authentication/package-info.java   |    1 -
 .../config/core/GrantedAuthorityDefaults.java |    2 +-
 ...UserDetailsServiceResourceFactoryBean.java |   39 +-
 .../UserDetailsMapFactoryBean.java            |   12 +-
 .../UserDetailsResourceFactoryBean.java       |   35 +-
 .../RsaKeyConversionServicePostProcessor.java |   27 +-
 ...SecurityDebugBeanFactoryPostProcessor.java |   23 +-
 .../http/AuthenticationConfigBuilder.java     |  357 +++---
 .../config/http/ChannelAttributeFactory.java  |    7 +-
 .../config/http/CorsBeanDefinitionParser.java |    6 +-
 .../config/http/CsrfBeanDefinitionParser.java |   70 +-
 .../http/DefaultFilterChainValidator.java     |   58 +-
 .../http/FilterChainBeanDefinitionParser.java |    8 +-
 ...FilterChainMapBeanDefinitionDecorator.java |   36 +-
 ...nvocationSecurityMetadataSourceParser.java |  103 +-
 .../http/FormLoginBeanDefinitionParser.java   |  102 +-
 .../GrantedAuthorityDefaultsParserUtils.java  |   19 +-
 ...HandlerMappingIntrospectorFactoryBean.java |   12 +-
 .../http/HeadersBeanDefinitionParser.java     |  164 ++-
 .../config/http/HttpConfigurationBuilder.java |  275 +++--
 .../HttpFirewallBeanDefinitionParser.java     |   13 +-
 .../HttpSecurityBeanDefinitionParser.java     |  148 +--
 .../http/LogoutBeanDefinitionParser.java      |   24 +-
 .../security/config/http/MatcherType.java     |    9 +-
 .../OAuth2ClientBeanDefinitionParser.java     |   44 +-
 ...OAuth2ClientBeanDefinitionParserUtils.java |   22 +-
 ...uth2ClientWebMvcSecurityPostProcessor.java |   14 +-
 .../http/OAuth2LoginBeanDefinitionParser.java |   87 +-
 ...th2ResourceServerBeanDefinitionParser.java |  119 +-
 .../PortMappingsBeanDefinitionParser.java     |   15 +-
 .../http/RememberMeBeanDefinitionParser.java  |   61 +-
 .../security/config/http/SecurityFilters.java |   45 +-
 .../config/http/SessionCreationPolicy.java    |    2 +
 .../http/UserDetailsServiceFactoryBean.java   |   21 +-
 .../security/config/http/WebConfigUtils.java  |    8 +-
 .../security/config/http/package-info.java    |    1 -
 .../ContextSourceSettingPostProcessor.java    |   30 +-
 .../LdapProviderBeanDefinitionParser.java     |   49 +-
 .../ldap/LdapServerBeanDefinitionParser.java  |   44 +-
 .../LdapUserServiceBeanDefinitionParser.java  |   69 +-
 .../security/config/ldap/package-info.java    |    1 -
 ...balMethodSecurityBeanDefinitionParser.java |  266 ++---
 ...terceptMethodsBeanDefinitionDecorator.java |   32 +-
 .../config/method/MethodConfigUtils.java      |   14 +-
 ...ityMetadataSourceBeanDefinitionParser.java |   12 +-
 .../method/ProtectPointcutPostProcessor.java  |   40 +-
 .../security/config/method/package-info.java  |    4 +-
 ...ientRegistrationsBeanDefinitionParser.java |   68 +-
 .../oauth2/client/CommonOAuth2Provider.java   |   20 +-
 .../security/config/package-info.java         |    5 +-
 ...UserDetailsManagerResourceFactoryBean.java |   41 +-
 ...tractServerWebExchangeMatcherRegistry.java |   52 +-
 .../web/server/SecurityWebFiltersOrder.java   |   20 +-
 .../config/web/server/ServerHttpSecurity.java | 1015 +++++++++--------
 ...ageBrokerSecurityBeanDefinitionParser.java |   86 +-
 .../BeanNameCollectingPostProcessor.java      |    9 +-
 .../security/CollectingAppListener.java       |    5 +
 .../security/config/ConfigTestUtils.java      |    9 +-
 .../security/config/DataSourcePopulator.java  |    8 +-
 .../config/FilterChainProxyConfigTests.java   |   35 +-
 .../config/InvalidConfigurationTests.java     |    5 +-
 .../config/MockAfterInvocationProvider.java   |    5 +-
 .../security/config/MockEventListener.java    |    5 +-
 .../config/MockTransactionManager.java        |    5 +-
 .../MockUserServiceBeanPostProcessor.java     |   10 +-
 .../PostProcessedMockUserDetailsService.java  |    2 +
 .../config/SecurityNamespaceHandlerTests.java |   39 +-
 .../security/config/TestBusinessBean.java     |    1 +
 .../security/config/TestBusinessBeanImpl.java |    5 +-
 .../config/TransactionalTestBusinessBean.java |    2 +
 .../ConcereteSecurityConfigurerAdapter.java   |    5 +-
 .../annotation/ObjectPostProcessorTests.java  |    9 +-
 ...SecurityConfigurerAdapterClosureTests.java |    8 +-
 .../SecurityConfigurerAdapterTests.java       |    4 +
 .../AuthenticationManagerBuilderTests.java    |   43 +-
 .../BaseAuthenticationConfig.java             |    4 +-
 .../NamespaceAuthenticationManagerTests.java  |   18 +-
 .../NamespaceAuthenticationProviderTests.java |   11 +-
 .../NamespaceJdbcUserServiceTests.java        |   21 +-
 .../NamespacePasswordEncoderTests.java        |   16 +-
 .../PasswordEncoderConfigurerTests.java       |   11 +-
 ...thenticationConfigurationPublishTests.java |    6 +-
 .../AuthenticationConfigurationTests.java     |  253 ++--
 .../EnableGlobalAuthenticationTests.java      |   12 +-
 ...AuthenticationProviderConfigurerTests.java |    1 +
 .../UserDetailsManagerConfigurerTests.java    |   45 +-
 .../AroundMethodInterceptor.java              |    2 +
 ...reBeanFactoryObjectPostProcessorTests.java |    9 +-
 .../configuration/MyAdvisedBean.java          |    1 +
 .../annotation/issue50/ApplicationConfig.java |    2 +
 .../annotation/issue50/Issue50Tests.java      |   11 +-
 .../annotation/issue50/SecurityConfig.java    |    8 +-
 .../annotation/issue50/domain/User.java       |    3 +-
 .../issue50/repo/UserRepository.java          |    1 +
 .../method/configuration/Authz.java           |    4 +-
 .../DelegatingReactiveMessageService.java     |   38 +-
 .../EnableReactiveMethodSecurityTests.java    |  259 ++---
 ...lobalMethodSecurityConfigurationTests.java |  139 ++-
 .../configuration/MethodSecurityService.java  |    2 +
 .../MethodSecurityServiceConfig.java          |    2 +
 .../MethodSecurityServiceImpl.java            |    1 +
 ...lMethodSecurityExpressionHandlerTests.java |   22 +-
 .../NamespaceGlobalMethodSecurityTests.java   |  205 ++--
 .../configuration/ReactiveMessageService.java |   14 +
 ...ctiveMethodSecurityConfigurationTests.java |   41 +-
 ...SampleEnableGlobalMethodSecurityTests.java |   29 +-
 .../annotation/sec2758/Sec2758Tests.java      |   24 +-
 ...bstractConfiguredSecurityBuilderTests.java |   34 +-
 ...RequestMatcherRegistryAnyMatcherTests.java |   15 +-
 .../AbstractRequestMatcherRegistryTests.java  |    3 +
 .../web/HttpSecurityHeadersTests.java         |   31 +-
 ...mpleWebSecurityConfigurerAdapterTests.java |   38 +-
 ...curityConfigurerAdapterPowermockTests.java |   33 +-
 .../WebSecurityConfigurerAdapterTests.java    |  119 +-
 .../web/builders/HttpConfigurationTests.java  |   26 +-
 .../web/builders/NamespaceHttpTests.java      |  151 ++-
 .../web/builders/WebSecurityTests.java        |   19 +-
 ...icationPrincipalArgumentResolverTests.java |   14 +-
 .../configuration/EnableWebSecurityTests.java |   29 +-
 .../HttpSecurityConfigurationTests.java       |   91 +-
 .../OAuth2ClientConfigurationTests.java       |   70 +-
 .../web/configuration/Sec2515Tests.java       |   12 +-
 ...ntextConfigurationResourceServerTests.java |   43 +-
 ...urityReactorContextConfigurationTests.java |  129 +--
 .../WebMvcSecurityConfigurationTests.java     |   15 +-
 .../WebSecurityConfigurationTests.java        |  149 +--
 .../configuration/sec2377/Sec2377Tests.java   |    4 +-
 ...gAttributeRequestMatcherRegistryTests.java |   17 +-
 .../configurers/AnonymousConfigurerTests.java |   22 +-
 .../configurers/AuthorizeRequestsTests.java   |   93 +-
 .../ChannelSecurityConfigurerTests.java       |   25 +-
 .../web/configurers/CorsConfigurerTests.java  |   77 +-
 ...onfigurerIgnoringRequestMatchersTests.java |   62 +-
 .../CsrfConfigurerNoWebMvcTests.java          |    6 +
 .../web/configurers/CsrfConfigurerTests.java  |  223 ++--
 .../web/configurers/DefaultFiltersTests.java  |   21 +-
 .../DefaultLoginPageConfigurerTests.java      |  389 +++----
 ...ingConfigurerAccessDeniedHandlerTests.java |   50 +-
 .../ExceptionHandlingConfigurerTests.java     |   95 +-
 ...essionUrlAuthorizationConfigurerTests.java |  291 +++--
 .../configurers/FormLoginConfigurerTests.java |  143 ++-
 .../HeadersConfigurerEagerHeadersTests.java   |   29 +-
 .../configurers/HeadersConfigurerTests.java   |  170 +--
 .../configurers/HttpBasicConfigurerTests.java |   45 +-
 .../HttpSecurityAntMatchersTests.java         |    8 +-
 .../configurers/HttpSecurityLogoutTests.java  |    9 +-
 .../HttpSecurityRequestMatchersTests.java     |   65 +-
 .../web/configurers/Issue55Tests.java         |   26 +-
 .../web/configurers/JeeConfigurerTests.java   |   68 +-
 .../LogoutConfigurerClearSiteDataTests.java   |   17 +-
 .../configurers/LogoutConfigurerTests.java    |  131 +--
 .../web/configurers/NamespaceDebugTests.java  |    6 +-
 .../NamespaceHttpAnonymousTests.java          |   50 +-
 .../configurers/NamespaceHttpBasicTests.java  |  101 +-
 .../NamespaceHttpCustomFilterTests.java       |   38 +-
 .../NamespaceHttpExpressionHandlerTests.java  |   12 +-
 .../NamespaceHttpFirewallTests.java           |   19 +-
 .../NamespaceHttpFormLoginTests.java          |   55 +-
 .../NamespaceHttpHeadersTests.java            |   46 +-
 .../NamespaceHttpInterceptUrlTests.java       |   37 +-
 .../configurers/NamespaceHttpJeeTests.java    |   37 +-
 .../configurers/NamespaceHttpLogoutTests.java |   56 +-
 .../NamespaceHttpOpenIDLoginTests.java        |   81 +-
 .../NamespaceHttpPortMappingsTests.java       |    9 +-
 .../NamespaceHttpRequestCacheTests.java       |   12 +-
 ...aceHttpServerAccessDeniedHandlerTests.java |   35 +-
 .../configurers/NamespaceHttpX509Tests.java   |   55 +-
 .../configurers/NamespaceRememberMeTests.java |  150 +--
 .../NamespaceSessionManagementTests.java      |  155 ++-
 .../configurers/PermitAllSupportTests.java    |   16 +-
 .../PortMapperConfigurerTests.java            |   16 +-
 .../RememberMeConfigurerTests.java            |  137 +--
 .../RequestCacheConfigurerTests.java          |  180 ++-
 .../RequestMatcherConfigurerTests.java        |   15 +-
 .../SecurityContextConfigurerTests.java       |   24 +-
 .../ServletApiConfigurerTests.java            |   69 +-
 ...ionManagementConfigurerServlet31Tests.java |   21 +-
 ...rerSessionAuthenticationStrategyTests.java |   10 +-
 ...tConfigurerSessionCreationPolicyTests.java |   23 +-
 .../SessionManagementConfigurerTests.java     |  115 +-
 ...onfigurerTransientAuthenticationTests.java |   14 +-
 .../UrlAuthorizationConfigurerTests.java      |   34 +-
 .../configurers/UrlAuthorizationsTests.java   |   52 +-
 .../web/configurers/X509ConfigurerTests.java  |   29 +-
 .../client/OAuth2ClientConfigurerTests.java   |  132 +--
 .../client/OAuth2LoginConfigurerTests.java    |  227 ++--
 .../OAuth2ResourceServerConfigurerTests.java  |  784 ++++++-------
 .../openid/OpenIDLoginConfigurerTests.java    |   88 +-
 .../saml2/Saml2LoginConfigurerTests.java      |  142 +--
 .../saml2/TestSaml2Credentials.java           |  123 +-
 ...geSecurityMetadataSourceRegistryTests.java |  111 +-
 .../reactive/EnableWebFluxSecurityTests.java  |  214 ++--
 ...erverHttpSecurityConfigurationBuilder.java |    9 +-
 .../ServerHttpSecurityConfigurationTests.java |    3 +
 .../WebFluxSecurityConfigurationTests.java    |    3 +
 ...SocketMessageBrokerConfigurerDocTests.java |   17 +-
 ...WebSocketMessageBrokerConfigurerTests.java |  125 +-
 ...cutorSubscribableChannelPostProcessor.java |    7 +-
 ...uthenticationConfigurationGh3935Tests.java |   22 +-
 ...ationManagerBeanDefinitionParserTests.java |   53 +-
 ...tionProviderBeanDefinitionParserTests.java |   91 +-
 ...cUserServiceBeanDefinitionParserTests.java |   67 +-
 .../PasswordEncoderParserTests.java           |   19 +-
 .../UserServiceBeanDefinitionParserTests.java |   45 +-
 .../core/GrantedAuthorityDefaultsJcTests.java |    8 +-
 .../GrantedAuthorityDefaultsXmlTests.java     |    5 +
 .../config/core/HelloWorldMessageService.java |    1 +
 .../security/config/core/MessageService.java  |    3 +
 ...ceFactoryBeanPropertiesResourceITests.java |   11 +-
 ...yBeanPropertiesResourceLocationITests.java |    8 +-
 ...erviceResourceFactoryBeanStringITests.java |    8 +-
 .../UserDetailsResourceFactoryBeanTests.java  |   18 +-
 ...eyConversionServicePostProcessorTests.java |   83 +-
 .../config/debug/AuthProviderDependency.java  |    1 +
 ...ityDebugBeanFactoryPostProcessorTests.java |    6 +-
 .../debug/TestAuthenticationProvider.java     |    6 +-
 .../security/config/doc/Attribute.java        |    6 +-
 .../security/config/doc/Element.java          |   68 +-
 .../config/doc/SpringSecurityXsdParser.java   |   62 +-
 .../security/config/doc/XmlNode.java          |   21 +-
 .../security/config/doc/XmlParser.java        |    5 +-
 .../security/config/doc/XmlSupport.java       |    4 +-
 .../config/doc/XsdDocumentedTests.java        |  216 ++--
 .../config/http/AccessDeniedConfigTests.java  |   24 +-
 .../http/CsrfBeanDefinitionParserTests.java   |    5 +-
 .../security/config/http/CsrfConfigTests.java |  354 ++----
 .../DefaultFilterChainValidatorTests.java     |   33 +-
 ...tadataSourceBeanDefinitionParserTests.java |   34 +-
 .../FormLoginBeanDefinitionParserTests.java   |  254 ++---
 .../config/http/FormLoginConfigTests.java     |  107 +-
 .../security/config/http/HttpConfigTests.java |   25 +-
 .../config/http/HttpCorsConfigTests.java      |   52 +-
 .../config/http/HttpHeadersConfigTests.java   |  478 +++-----
 .../config/http/HttpInterceptUrlTests.java    |   20 +-
 .../config/http/InterceptUrlConfigTests.java  |  130 +--
 .../config/http/MiscHttpConfigTests.java      |  369 +++---
 .../http/MultiHttpBlockConfigTests.java       |   37 +-
 .../config/http/NamespaceHttpBasicTests.java  |    7 +-
 ...OAuth2ClientBeanDefinitionParserTests.java |   78 +-
 .../OAuth2LoginBeanDefinitionParserTests.java |   91 +-
 ...sourceServerBeanDefinitionParserTests.java |  480 +++-----
 .../config/http/OpenIDConfigTests.java        |   77 +-
 .../http/PlaceHolderAndELConfigTests.java     |   70 +-
 .../config/http/RememberMeConfigTests.java    |  146 +--
 ...yContextHolderAwareRequestConfigTests.java |   94 +-
 .../http/SecurityFiltersAssertions.java       |    9 +-
 ...SessionManagementConfigServlet31Tests.java |   33 +-
 .../http/SessionManagementConfigTests.java    |  257 ++---
 ...entConfigTransientAuthenticationTests.java |   14 +-
 .../config/http/WebConfigUtilsTests.java      |    5 +-
 .../customconfigurer/CustomConfigurer.java    |    9 +-
 .../CustomHttpSecurityConfigurerTests.java    |    6 +
 .../security/config/method/Contact.java       |    2 +
 .../config/method/ContactPermission.java      |    4 +-
 ...thodSecurityBeanDefinitionParserTests.java |  156 ++-
 ...ptMethodsBeanDefinitionDecoratorTests.java |   20 +-
 ...tationDrivenBeanDefinitionParserTests.java |   20 +-
 .../method/PreAuthorizeServiceImpl.java       |    6 +-
 .../config/method/PreAuthorizeTests.java      |   15 +-
 .../security/config/method/Sec2196Tests.java  |   12 +-
 .../config/method/SecuredAdminRole.java       |    4 +-
 ...tationDrivenBeanDefinitionParserTests.java |   15 +-
 .../config/method/SecuredServiceImpl.java     |   12 +-
 .../security/config/method/SecuredTests.java  |    9 +-
 .../method/TestPermissionEvaluator.java       |    7 +-
 ...lobalMethodSecurityConfigurationTests.java |    8 +
 .../sec2136/JpaPermissionEvaluator.java       |   10 +-
 .../config/method/sec2136/Sec2136Tests.java   |    2 +-
 .../config/method/sec2499/Sec2499Tests.java   |    6 +-
 ...egistrationsBeanDefinitionParserTests.java |  113 +-
 .../client/CommonOAuth2ProviderTests.java     |   80 +-
 ...ceFactoryBeanPropertiesResourceITests.java |    5 +-
 ...yBeanPropertiesResourceLocationITests.java |    5 +-
 ...anagerResourceFactoryBeanStringITests.java |    5 +-
 .../config/test/SpringTestContext.java        |   27 +-
 .../security/config/test/SpringTestRule.java  |    8 +-
 .../AuthenticationTestConfiguration.java      |    2 +
 ...activeAuthenticationTestConfiguration.java |    2 +
 .../util/InMemoryXmlApplicationContext.java   |    5 +-
 .../InMemoryXmlWebApplicationContext.java     |    4 +-
 .../server/AuthorizeExchangeSpecTests.java    |  107 +-
 .../config/web/server/CorsSpecTests.java      |   23 +-
 .../server/ExceptionHandlingSpecTests.java    |  182 +--
 .../config/web/server/FormLoginTests.java     |  340 ++----
 .../config/web/server/HeaderSpecTests.java    |  144 +--
 .../web/server/HttpsRedirectSpecTests.java    |   73 +-
 .../config/web/server/LogoutSpecTests.java    |  194 +---
 .../web/server/OAuth2ClientSpecTests.java     |   94 +-
 .../config/web/server/OAuth2LoginTests.java   |  249 ++--
 .../server/OAuth2ResourceServerSpecTests.java |  263 ++---
 .../config/web/server/RequestCacheTests.java  |  101 +-
 .../web/server/ServerHttpSecurityTests.java   |  273 ++---
 .../web/server/TestingServerHttpSecurity.java |    5 +-
 .../MessageSecurityPostProcessorTests.java    |    5 +-
 .../WebSocketMessageBrokerConfigTests.java    |   76 +-
 .../server/HtmlUnitWebTestClient.java         |   72 +-
 .../server/MockWebResponseBuilder.java        |   13 +-
 .../WebTestClientHtmlUnitDriverBuilder.java   |    5 +-
 ...bTestClientHtmlUnitDriverBuilderTests.java |   42 +-
 .../server/WebTestClientWebConnection.java    |   16 +-
 ...SecurityInterceptorWithAopConfigTests.java |   42 +-
 .../access/AccessDecisionManager.java         |   13 +-
 .../security/access/AccessDecisionVoter.java  |   13 +-
 .../access/AccessDeniedException.java         |    4 +-
 .../access/AfterInvocationProvider.java       |   11 +-
 .../access/AuthorizationServiceException.java |    4 +-
 .../security/access/ConfigAttribute.java      |    3 +-
 .../access/PermissionCacheOptimizer.java      |    3 +-
 .../security/access/PermissionEvaluator.java  |   11 +-
 .../security/access/SecurityConfig.java       |    5 +-
 .../access/SecurityMetadataSource.java        |   11 +-
 .../AnnotationMetadataExtractor.java          |    1 +
 .../Jsr250MethodSecurityMetadataSource.java   |    8 +-
 .../annotation/Jsr250SecurityConfig.java      |    8 +-
 .../access/annotation/Jsr250Voter.java        |    7 +-
 .../security/access/annotation/Secured.java   |    6 +-
 ...curedAnnotationSecurityMetadataSource.java |   19 +-
 .../event/AbstractAuthorizationEvent.java     |    3 +-
 ...uthenticationCredentialsNotFoundEvent.java |   10 +-
 .../event/AuthorizationFailureEvent.java      |   17 +-
 .../access/event/AuthorizedEvent.java         |   10 +-
 .../security/access/event/LoggerListener.java |   25 +-
 .../access/event/PublicInvocationEvent.java   |    3 +-
 .../security/access/event/package-info.java   |    1 -
 .../AbstractSecurityExpressionHandler.java    |   28 +-
 .../DenyAllPermissionEvaluator.java           |   15 +-
 .../access/expression/ExpressionUtils.java    |    4 +-
 .../expression/SecurityExpressionHandler.java |    2 +
 .../SecurityExpressionOperations.java         |   10 +-
 .../expression/SecurityExpressionRoot.java    |   26 +-
 ...tExpressionBasedMethodConfigAttribute.java |   20 +-
 ...efaultMethodSecurityExpressionHandler.java |   82 +-
 ...essionBasedAnnotationAttributeFactory.java |   44 +-
 .../ExpressionBasedPostInvocationAdvice.java  |   23 +-
 .../ExpressionBasedPreInvocationAdvice.java   |   28 +-
 .../MethodSecurityEvaluationContext.java      |    5 +-
 .../MethodSecurityExpressionHandler.java      |    6 +-
 .../MethodSecurityExpressionOperations.java   |    2 +
 .../method/MethodSecurityExpressionRoot.java  |    8 +-
 .../PostInvocationExpressionAttribute.java    |   20 +-
 .../PreInvocationExpressionAttribute.java     |   21 +-
 .../expression/method/package-info.java       |    1 -
 .../access/expression/package-info.java       |    7 +-
 .../hierarchicalroles/NullRoleHierarchy.java  |    1 -
 .../hierarchicalroles/RoleHierarchy.java      |    1 -
 .../RoleHierarchyAuthoritiesMapper.java       |    5 +-
 .../hierarchicalroles/RoleHierarchyImpl.java  |   58 +-
 .../hierarchicalroles/RoleHierarchyUtils.java |   10 +-
 .../hierarchicalroles/package-info.java       |    1 -
 .../AbstractSecurityInterceptor.java          |  131 +--
 .../intercept/AfterInvocationManager.java     |   14 +-
 .../AfterInvocationProviderManager.java       |   23 +-
 .../intercept/InterceptorStatusToken.java     |   10 +-
 .../MethodInvocationPrivilegeEvaluator.java   |   20 +-
 .../access/intercept/NullRunAsManager.java    |    5 +-
 .../RunAsImplAuthenticationProvider.java      |   15 +-
 .../access/intercept/RunAsManager.java        |   11 +-
 .../access/intercept/RunAsManagerImpl.java    |   17 +-
 .../access/intercept/RunAsUserToken.java      |    7 +-
 .../MethodSecurityInterceptor.java            |    8 +-
 .../MethodSecurityMetadataSourceAdvisor.java  |   43 +-
 .../intercept/aopalliance/package-info.java   |    4 +-
 .../intercept/aspectj/AspectJCallback.java    |    2 +
 .../AspectJMethodSecurityInterceptor.java     |    7 +-
 .../aspectj/MethodInvocationAdapter.java      |   10 +-
 .../intercept/aspectj/package-info.java       |    4 +-
 .../access/intercept/package-info.java        |   30 +-
 ...tFallbackMethodSecurityMetadataSource.java |    8 +-
 .../AbstractMethodSecurityMetadataSource.java |    4 +-
 ...elegatingMethodSecurityMetadataSource.java |   31 +-
 .../MapBasedMethodSecurityMetadataSource.java |   70 +-
 .../method/MethodSecurityMetadataSource.java  |    2 +
 .../security/access/method/P.java             |    1 +
 .../security/access/method/package-info.java  |    5 +-
 .../security/access/package-info.java         |    9 +-
 .../access/prepost/PostAuthorize.java         |    2 +
 .../security/access/prepost/PostFilter.java   |    2 +
 .../prepost/PostInvocationAdviceProvider.java |   13 +-
 .../prepost/PostInvocationAttribute.java      |    4 +-
 .../PostInvocationAuthorizationAdvice.java    |    4 +-
 .../security/access/prepost/PreAuthorize.java |    2 +
 .../security/access/prepost/PreFilter.java    |    2 +
 .../prepost/PreInvocationAttribute.java       |    4 +-
 .../PreInvocationAuthorizationAdvice.java     |    9 +-
 ...PreInvocationAuthorizationAdviceVoter.java |   11 +-
 ...rePostAdviceReactiveMethodInterceptor.java |   53 +-
 ...ePostAnnotationSecurityMetadataSource.java |   51 +-
 .../PrePostInvocationAttributeFactory.java    |    9 +-
 .../security/access/prepost/package-info.java |    9 +-
 .../vote/AbstractAccessDecisionManager.java   |   14 +-
 .../access/vote/AbstractAclVoter.java         |    7 +-
 .../access/vote/AffirmativeBased.java         |   11 +-
 .../access/vote/AuthenticatedVoter.java       |   30 +-
 .../security/access/vote/ConsensusBased.java  |   19 +-
 .../access/vote/RoleHierarchyVoter.java       |    8 +-
 .../security/access/vote/RoleVoter.java       |   14 +-
 .../security/access/vote/UnanimousBased.java  |   12 +-
 .../security/access/vote/package-info.java    |    1 -
 .../AbstractAuthenticationToken.java          |   25 +-
 ...rDetailsReactiveAuthenticationManager.java |   57 +-
 .../AccountExpiredException.java              |    4 +-
 .../AccountStatusException.java               |    2 +
 .../AccountStatusUserDetailsChecker.java      |   20 +-
 .../AnonymousAuthenticationProvider.java      |   16 +-
 .../AnonymousAuthenticationToken.java         |   22 +-
 ...nticationCredentialsNotFoundException.java |    4 +-
 .../AuthenticationDetailsSource.java          |    4 +-
 .../AuthenticationEventPublisher.java         |    5 +-
 .../authentication/AuthenticationManager.java |    8 +-
 .../AuthenticationManagerResolver.java        |    4 +-
 .../AuthenticationProvider.java               |   10 +-
 .../AuthenticationServiceException.java       |    4 +-
 .../AuthenticationTrustResolver.java          |    6 +-
 .../AuthenticationTrustResolverImpl.java      |    3 +
 .../BadCredentialsException.java              |    4 +-
 .../CachingUserDetailsService.java            |    7 +-
 .../CredentialsExpiredException.java          |    4 +-
 .../DefaultAuthenticationEventPublisher.java  |  102 +-
 ...legatingReactiveAuthenticationManager.java |   20 +-
 .../authentication/DisabledException.java     |    4 +-
 .../InsufficientAuthenticationException.java  |    4 +-
 ...nternalAuthenticationServiceException.java |    4 +-
 .../authentication/LockedException.java       |    4 +-
 .../authentication/ProviderManager.java       |   85 +-
 .../ProviderNotFoundException.java            |    3 +-
 .../ReactiveAuthenticationManager.java        |    2 +-
 .../ReactiveAuthenticationManagerAdapter.java |   26 +-
 ...ReactiveAuthenticationManagerResolver.java |    5 +-
 .../RememberMeAuthenticationProvider.java     |   17 +-
 .../RememberMeAuthenticationToken.java        |   24 +-
 .../TestingAuthenticationProvider.java        |    5 +-
 .../TestingAuthenticationToken.java           |   10 +-
 ...positoryReactiveAuthenticationManager.java |    7 +-
 .../UsernamePasswordAuthenticationToken.java  |    3 +-
 ...ractUserDetailsAuthenticationProvider.java |   90 +-
 .../dao/DaoAuthenticationProvider.java        |   39 +-
 .../authentication/dao/package-info.java      |    1 -
 .../event/AbstractAuthenticationEvent.java    |    3 +-
 .../AbstractAuthenticationFailureEvent.java   |    8 +-
 ...henticationFailureBadCredentialsEvent.java |    8 +-
 ...icationFailureCredentialsExpiredEvent.java |    5 +-
 .../AuthenticationFailureDisabledEvent.java   |    8 +-
 .../AuthenticationFailureExpiredEvent.java    |    5 +-
 .../AuthenticationFailureLockedEvent.java     |    5 +-
 ...nticationFailureProviderNotFoundEvent.java |    5 +-
 ...henticationFailureProxyUntrustedEvent.java |    8 +-
 ...nticationFailureServiceExceptionEvent.java |    5 +-
 .../event/AuthenticationSuccessEvent.java     |    2 +
 ...InteractiveAuthenticationSuccessEvent.java |    6 +-
 .../authentication/event/LoggerListener.java  |   11 +-
 .../authentication/event/package-info.java    |    9 +-
 .../AbstractJaasAuthenticationProvider.java   |   85 +-
 .../authentication/jaas/AuthorityGranter.java |    4 +-
 .../DefaultJaasAuthenticationProvider.java    |    9 +-
 .../jaas/DefaultLoginExceptionResolver.java   |    2 +
 .../JaasAuthenticationCallbackHandler.java    |   19 +-
 .../jaas/JaasAuthenticationProvider.java      |   30 +-
 .../jaas/JaasAuthenticationToken.java         |    8 +-
 .../jaas/JaasGrantedAuthority.java            |    3 +-
 .../jaas/JaasNameCallbackHandler.java         |   12 +-
 .../jaas/JaasPasswordCallbackHandler.java     |   15 +-
 .../jaas/LoginExceptionResolver.java          |    4 +-
 .../jaas/SecurityContextLoginModule.java      |   19 +-
 .../jaas/event/JaasAuthenticationEvent.java   |    4 +-
 .../event/JaasAuthenticationFailedEvent.java  |    2 +
 .../event/JaasAuthenticationSuccessEvent.java |    2 +
 .../jaas/event/package-info.java              |    5 +-
 .../jaas/memory/InMemoryConfiguration.java    |   15 +-
 .../jaas/memory/package-info.java             |    1 -
 .../authentication/jaas/package-info.java     |    1 -
 .../security/authentication/package-info.java |   13 +-
 .../rcp/RemoteAuthenticationException.java    |    2 +-
 .../rcp/RemoteAuthenticationManager.java      |    9 +-
 .../rcp/RemoteAuthenticationManagerImpl.java  |   12 +-
 .../rcp/RemoteAuthenticationProvider.java     |   21 +-
 .../authentication/rcp/package-info.java      |    4 +-
 ...enticatedReactiveAuthorizationManager.java |   13 +-
 ...AuthorityReactiveAuthorizationManager.java |   17 +-
 .../authorization/AuthorizationDecision.java  |    2 +
 .../ReactiveAuthorizationManager.java         |   16 +-
 ...tractDelegatingSecurityContextSupport.java |    2 +-
 .../DelegatingSecurityContextCallable.java    |   34 +-
 .../DelegatingSecurityContextExecutor.java    |   10 +-
 ...egatingSecurityContextExecutorService.java |   24 +-
 .../DelegatingSecurityContextRunnable.java    |   19 +-
 ...curityContextScheduledExecutorService.java |   23 +-
 .../DelegatingApplicationListener.java        |    9 +-
 .../security/converter/RsaKeyConverters.java  |   54 +-
 .../security/core/AuthenticatedPrincipal.java |   16 +-
 .../security/core/Authentication.java         |    9 +-
 .../core/AuthenticationException.java         |    2 -
 .../security/core/ComparableVersion.java      |   37 +-
 .../security/core/CredentialsContainer.java   |    2 +
 .../security/core/GrantedAuthority.java       |    3 +-
 .../core/SpringSecurityCoreVersion.java       |   19 +-
 .../core/SpringSecurityMessageSource.java     |    2 +
 .../security/core/Transient.java              |    7 +-
 .../annotation/AuthenticationPrincipal.java   |    3 +-
 .../annotation/CurrentSecurityContext.java    |   19 +-
 .../core/authority/AuthorityUtils.java        |   13 +-
 .../GrantedAuthoritiesContainer.java          |    2 +
 .../authority/SimpleGrantedAuthority.java     |    1 +
 .../Attributes2GrantedAuthoritiesMapper.java  |    6 +-
 .../mapping/GrantedAuthoritiesMapper.java     |    5 +-
 ...edAttributes2GrantedAuthoritiesMapper.java |   44 +-
 .../mapping/MappableAttributesRetriever.java  |    3 +-
 .../mapping/NullAuthoritiesMapper.java        |    5 +-
 ...leAttributes2GrantedAuthoritiesMapper.java |    9 +-
 .../mapping/SimpleAuthorityMapper.java        |   20 +-
 .../SimpleMappableAttributesRetriever.java    |    1 +
 .../core/authority/mapping/package-info.java  |    5 +-
 .../security/core/authority/package-info.java |    1 -
 .../GlobalSecurityContextHolderStrategy.java  |    2 +
 ...eadLocalSecurityContextHolderStrategy.java |    6 +-
 .../ReactiveSecurityContextHolder.java        |    8 +-
 .../core/context/SecurityContext.java         |    4 +-
 .../core/context/SecurityContextHolder.java   |   16 +-
 .../SecurityContextHolderStrategy.java        |    5 +-
 .../core/context/SecurityContextImpl.java     |    4 +-
 ...eadLocalSecurityContextHolderStrategy.java |    6 +-
 .../security/core/context/package-info.java   |   16 +-
 .../security/core/package-info.java           |    5 +-
 .../AnnotationParameterNameDiscoverer.java    |   28 +-
 ...efaultSecurityParameterNameDiscoverer.java |   14 +-
 .../security/core/parameters/P.java           |    1 +
 .../core/session/AbstractSessionEvent.java    |    1 +
 .../core/session/SessionCreationEvent.java    |    1 +
 .../core/session/SessionDestroyedEvent.java   |    2 +-
 .../core/session/SessionIdChangedEvent.java   |   10 +-
 .../core/session/SessionInformation.java      |    4 +
 .../core/session/SessionRegistry.java         |   13 +-
 .../core/session/SessionRegistryImpl.java     |   44 +-
 .../security/core/session/package-info.java   |   10 +-
 .../security/core/token/DefaultToken.java     |   10 +-
 .../KeyBasedPersistenceTokenService.java      |   24 +-
 .../core/token/SecureRandomFactoryBean.java   |    4 +-
 .../core/token/Sha512DigestUtils.java         |    5 -
 .../security/core/token/Token.java            |    4 +-
 .../security/core/token/TokenService.java     |    4 +-
 .../security/core/token/package-info.java     |    1 -
 .../AuthenticationUserDetailsService.java     |    2 +-
 .../MapReactiveUserDetailsService.java        |   16 +-
 .../ReactiveUserDetailsPasswordService.java   |    3 +-
 .../ReactiveUserDetailsService.java           |    1 +
 .../security/core/userdetails/User.java       |  111 +-
 .../security/core/userdetails/UserCache.java  |    7 +-
 .../core/userdetails/UserDetails.java         |   13 +-
 .../UserDetailsByNameServiceWrapper.java      |    8 +-
 .../core/userdetails/UserDetailsChecker.java  |    3 +-
 .../UserDetailsPasswordService.java           |    7 +-
 .../core/userdetails/UserDetailsService.java  |    6 +-
 .../UsernameNotFoundException.java            |    4 +-
 .../cache/EhCacheBasedUserCache.java          |    6 +-
 .../core/userdetails/cache/NullUserCache.java |    2 +
 .../cache/SpringCacheBasedUserCache.java      |    1 +
 .../core/userdetails/cache/package-info.java  |    4 +-
 .../core/userdetails/jdbc/JdbcDaoImpl.java    |  101 +-
 .../core/userdetails/jdbc/package-info.java   |    1 -
 .../userdetails/memory/UserAttribute.java     |   10 +-
 .../memory/UserAttributeEditor.java           |    2 +
 .../core/userdetails/memory/package-info.java |    1 -
 .../core/userdetails/package-info.java        |   10 +-
 .../AnonymousAuthenticationTokenMixin.java    |   21 +-
 .../BadCredentialsExceptionMixin.java         |   16 +-
 .../security/jackson2/CoreJackson2Module.java |   26 +-
 .../RememberMeAuthenticationTokenMixin.java   |   23 +-
 .../jackson2/SecurityJackson2Modules.java     |   95 +-
 .../jackson2/SimpleGrantedAuthorityMixin.java |    6 +-
 .../UnmodifiableListDeserializer.java         |    4 +-
 .../jackson2/UnmodifiableListMixin.java       |    4 +-
 .../jackson2/UnmodifiableSetDeserializer.java |    4 +-
 .../jackson2/UnmodifiableSetMixin.java        |    8 +-
 .../security/jackson2/UserDeserializer.java   |   27 +-
 .../security/jackson2/UserMixin.java          |   13 +-
 ...sswordAuthenticationTokenDeserializer.java |   39 +-
 ...rnamePasswordAuthenticationTokenMixin.java |   13 +-
 .../security/provisioning/GroupManager.java   |    6 +-
 .../InMemoryUserDetailsManager.java           |   29 +-
 .../provisioning/JdbcUserDetailsManager.java  |  151 +--
 .../security/provisioning/MutableUser.java    |    3 +-
 .../provisioning/MutableUserDetails.java      |    1 -
 .../provisioning/UserDetailsManager.java      |    1 -
 .../security/provisioning/package-info.java   |    5 +-
 ...SecurityContextSchedulingTaskExecutor.java |   13 +-
 ...elegatingSecurityContextTaskScheduler.java |    6 +-
 ...atingSecurityContextAsyncTaskExecutor.java |   14 +-
 ...DelegatingSecurityContextTaskExecutor.java |   13 +-
 .../security/util/FieldUtils.java             |   16 +-
 .../security/util/InMemoryResource.java       |    3 +
 .../security/util/MethodInvocationUtils.java  |   18 +-
 .../security/util/SimpleMethodInvocation.java |    4 +
 .../security/util/package-info.java           |    8 +-
 .../security/ITargetObject.java               |    2 +
 .../security/OtherTargetObject.java           |    2 +
 .../security/PopulatedDatabase.java           |   44 +-
 .../security/TargetObject.java                |   13 +-
 .../security/TestDataSource.java              |    2 +
 ...ticationCredentialsNotFoundEventTests.java |    8 +-
 .../AuthorizationFailureEventTests.java       |   16 +-
 .../security/access/AuthorizedEventTests.java |    7 +-
 .../security/access/SecurityConfigTests.java  |    4 +-
 .../access/annotation/BusinessService.java    |    1 +
 .../annotation/BusinessServiceImpl.java       |    2 +-
 .../security/access/annotation/Entity.java    |    2 +
 ...xpressionProtectedBusinessServiceImpl.java |    1 +
 .../annotation/Jsr250BusinessServiceImpl.java |    2 +-
 ...r250MethodSecurityMetadataSourceTests.java |   52 +-
 .../access/annotation/Jsr250VoterTests.java   |   22 +-
 ...AnnotationSecurityMetadataSourceTests.java |   80 +-
 .../annotation/sec2150/CrudRepository.java    |    1 +
 .../sec2150/MethodInvocationFactory.java      |    5 +-
 .../annotation/sec2150/PersonRepository.java  |    1 +
 ...bstractSecurityExpressionHandlerTests.java |   17 +-
 .../SecurityExpressionRootTests.java          |    7 +-
 ...tMethodSecurityExpressionHandlerTests.java |   32 +-
 ...pressionBasedPreInvocationAdviceTests.java |   74 +-
 .../method/MethodExpressionVoterTests.java    |   71 +-
 .../MethodSecurityEvaluationContextTests.java |   17 +-
 .../MethodSecurityExpressionRootTests.java    |   10 +-
 ...AnnotationSecurityMetadataSourceTests.java |  105 +-
 .../expression/method/SecurityRules.java      |    2 +
 .../HierarchicalRolesTestHelper.java          |   12 +-
 .../RoleHierarchyAuthoritiesMapperTests.java  |    4 +-
 .../RoleHierarchyImplTests.java               |  183 ++-
 .../RoleHierarchyUtilsTests.java              |    2 +
 .../hierarchicalroles/TestHelperTests.java    |  149 +--
 .../AbstractSecurityInterceptorTests.java     |   15 +-
 .../AfterInvocationProviderManagerTests.java  |   75 +-
 .../InterceptorStatusTokenTests.java          |    1 +
 .../intercept/NullRunAsManagerTests.java      |    2 +
 .../RunAsImplAuthenticationProviderTests.java |   10 +-
 .../intercept/RunAsManagerImplTests.java      |   20 +-
 .../access/intercept/RunAsUserTokenTests.java |   18 +-
 .../MethodSecurityInterceptorTests.java       |   63 +-
 ...hodSecurityMetadataSourceAdvisorTests.java |   16 +-
 ...AspectJMethodSecurityInterceptorTests.java |   31 +-
 ...asedMethodSecurityMetadataSourceTests.java |    8 +
 ...thodInvocationPrivilegeEvaluatorTests.java |   22 +-
 .../method/MockMethodInvocation.java          |   10 +-
 ...tingMethodSecurityMetadataSourceTests.java |    9 +-
 ...vocationAuthorizationAdviceVoterTests.java |    3 +
 .../AbstractAccessDecisionManagerTests.java   |   12 +-
 .../access/vote/AbstractAclVoterTests.java    |   11 +-
 .../access/vote/AffirmativeBasedTests.java    |   31 +-
 .../access/vote/AuthenticatedVoterTests.java  |   52 +-
 .../access/vote/ConsensusBasedTests.java      |    7 +-
 .../security/access/vote/DenyAgainVoter.java  |    4 +-
 .../security/access/vote/DenyVoter.java       |    5 +-
 .../access/vote/RoleHierarchyVoterTests.java  |    7 +-
 .../security/access/vote/RoleVoterTests.java  |    9 +-
 .../access/vote/SomeDomainObject.java         |    2 +
 .../access/vote/SomeDomainObjectManager.java  |    2 +
 .../access/vote/UnanimousBasedTests.java      |   13 +-
 .../AbstractAuthenticationTokenTests.java     |   47 +-
 .../AuthenticationTrustResolverImplTests.java |   33 +-
 ...aultAuthenticationEventPublisherTests.java |   72 +-
 ...ingReactiveAuthenticationManagerTests.java |   26 +-
 .../authentication/ProviderManagerTests.java  |   81 +-
 ...tiveAuthenticationManagerAdapterTests.java |    7 +-
 ...ailsServiceAuthenticationManagerTests.java |   35 +-
 .../authentication/TestAuthentication.java    |    1 +
 .../TestingAuthenticationProviderTests.java   |    8 +-
 .../TestingAuthenticationTokenTests.java      |   12 +-
 ...oryReactiveAuthenticationManagerTests.java |   43 +-
 ...rnamePasswordAuthenticationTokenTests.java |    8 +-
 .../AnonymousAuthenticationProviderTests.java |   28 +-
 .../AnonymousAuthenticationTokenTests.java    |   44 +-
 .../dao/DaoAuthenticationProviderTests.java   |  146 +--
 .../authentication/dao/MockUserCache.java     |    2 +
 .../event/AuthenticationEventTests.java       |    9 +-
 .../event/LoggerListenerTests.java            |   10 +-
 ...efaultJaasAuthenticationProviderTests.java |   23 +-
 .../jaas/JaasAuthenticationProviderTests.java |   63 +-
 .../authentication/jaas/JaasEventCheck.java   |    3 +
 .../jaas/JaasGrantedAuthorityTests.java       |    8 +-
 .../authentication/jaas/Sec760Tests.java      |   24 +-
 .../jaas/SecurityContextLoginModuleTests.java |   31 +-
 .../jaas/TestAuthorityGranter.java            |    3 +-
 .../jaas/TestCallbackHandler.java             |    2 +
 .../authentication/jaas/TestLoginModule.java  |   10 +-
 .../memory/InMemoryConfigurationTests.java    |   43 +-
 .../RemoteAuthenticationManagerImplTests.java |    8 +-
 .../RemoteAuthenticationProviderTests.java    |   29 +-
 ...RememberMeAuthenticationProviderTests.java |   27 +-
 .../RememberMeAuthenticationTokenTests.java   |   38 +-
 ...atedReactiveAuthorizationManagerTests.java |    9 +-
 ...rityReactiveAuthorizationManagerTests.java |   10 +-
 ...ngSecurityContextExecutorServiceTests.java |   25 +-
 ...elegatingSecurityContextExecutorTests.java |    6 +-
 ...yContextScheduledExecutorServiceTests.java |   28 +-
 ...tDelegatingSecurityContextTestSupport.java |   19 +-
 ...ngSecurityContextExecutorServiceTests.java |    5 +-
 ...elegatingSecurityContextExecutorTests.java |    4 +-
 ...yContextScheduledExecutorServiceTests.java |    4 +-
 ...elegatingSecurityContextCallableTests.java |   17 +-
 ...elegatingSecurityContextRunnableTests.java |   11 +-
 ...DelegatingSecurityContextSupportTests.java |   11 +-
 ...ngSecurityContextExecutorServiceTests.java |    5 +-
 ...elegatingSecurityContextExecutorTests.java |    4 +-
 ...yContextScheduledExecutorServiceTests.java |    8 +-
 .../DelegatingApplicationListenerTests.java   |    1 +
 .../converter/RsaKeyConvertersTests.java      |  100 +-
 .../security/core/JavaVersionTests.java       |    2 +-
 .../core/SpringSecurityCoreVersionTests.java  |    7 +-
 .../SpringSecurityMessageSourceTests.java     |   13 +-
 .../core/authority/AuthorityUtilsTests.java   |    1 +
 ...ributes2GrantedAuthoritiesMapperTests.java |   30 +-
 .../mapping/SimpleAuthoritiesMapperTests.java |   15 +-
 .../SimpleMappableRolesRetrieverTests.java    |    7 +-
 ...leRoles2GrantedAuthoritiesMapperTests.java |   13 +-
 .../ReactiveSecurityContextHolderTests.java   |   48 +-
 .../context/SecurityContextHolderTests.java   |    4 +-
 .../context/SecurityContextImplTests.java     |    1 +
 ...nnotationParameterNameDiscovererTests.java |   91 +-
 ...tSecurityParameterNameDiscovererTests.java |   20 +-
 .../core/session/SessionInformationTests.java |    4 +-
 .../session/SessionRegistryImplTests.java     |   17 +-
 .../core/token/DefaultTokenTests.java         |    2 +
 .../KeyBasedPersistenceTokenServiceTests.java |    1 +
 .../token/SecureRandomFactoryBeanTests.java   |    5 +-
 .../MapReactiveUserDetailsServiceTests.java   |    3 +-
 .../userdetails/MockUserDetailsService.java   |    9 +-
 .../core/userdetails/PasswordEncodedUser.java |    8 +-
 .../UserDetailsByNameServiceWrapperTests.java |   12 +-
 .../security/core/userdetails/UserTests.java  |   36 +-
 .../cache/EhCacheBasedUserCacheTests.java     |    5 +-
 .../userdetails/cache/NullUserCacheTests.java |    1 +
 .../cache/SpringCacheBasedUserCacheTests.java |    2 +
 .../userdetails/jdbc/JdbcDaoImplTests.java    |   16 +-
 .../memory/UserAttributeEditorTests.java      |    1 +
 .../security/jackson2/AbstractMixinTests.java |    2 +
 ...nonymousAuthenticationTokenMixinTests.java |   21 +-
 .../BadCredentialsExceptionMixinTests.java    |    1 +
 ...memberMeAuthenticationTokenMixinTests.java |   26 +-
 .../jackson2/SecurityContextMixinTests.java   |    4 +-
 .../SecurityJackson2ModulesTests.java         |   24 +-
 .../SimpleGrantedAuthorityMixinTests.java     |    1 +
 .../jackson2/UserDeserializerTests.java       |   13 +-
 ...PasswordAuthenticationTokenMixinTests.java |   68 +-
 .../InMemoryUserDetailsManagerTests.java      |    9 +-
 .../JdbcUserDetailsManagerTests.java          |   55 +-
 ...ityContextSchedulingTaskExecutorTests.java |    5 +-
 ...ityContextSchedulingTaskExecutorTests.java |    5 +-
 ...tingSecurityContextTaskSchedulerTests.java |    5 +-
 ...ityContextSchedulingTaskExecutorTests.java |    8 +-
 ...SecurityContextAsyncTaskExecutorTests.java |    6 +-
 ...SecurityContextAsyncTaskExecutorTests.java |    4 +-
 ...atingSecurityContextTaskExecutorTests.java |    5 +-
 ...SecurityContextAsyncTaskExecutorTests.java |    7 +-
 ...atingSecurityContextTaskExecutorTests.java |    8 +-
 .../security/util/FieldUtilsTests.java        |    7 +-
 .../security/util/InMemoryResourceTests.java  |    1 +
 .../util/MethodInvocationUtilsTests.java      |   23 +-
 .../crypto/argon2/Argon2EncodingUtils.java    |   91 +-
 .../crypto/argon2/Argon2PasswordEncoder.java  |   37 +-
 .../security/crypto/bcrypt/BCrypt.java        |  700 +++++-------
 .../crypto/bcrypt/BCryptPasswordEncoder.java  |   33 +-
 .../security/crypto/codec/Base64.java         |  142 +--
 .../security/crypto/codec/Hex.java            |    9 +-
 .../security/crypto/codec/Utf8.java           |    2 +
 .../security/crypto/codec/package-info.java   |    1 -
 .../crypto/encrypt/AesBytesEncryptor.java     |   41 +-
 .../BouncyCastleAesBytesEncryptor.java        |    8 +-
 .../BouncyCastleAesCbcBytesEncryptor.java     |   13 +-
 .../BouncyCastleAesGcmBytesEncryptor.java     |   12 +-
 .../crypto/encrypt/BytesEncryptor.java        |    1 +
 .../security/crypto/encrypt/CipherUtils.java  |   22 +-
 .../security/crypto/encrypt/Encryptors.java   |   21 +-
 .../encrypt/HexEncodingTextEncryptor.java     |    1 +
 .../factory/PasswordEncoderFactories.java     |   21 +-
 .../keygen/Base64StringKeyGenerator.java      |    4 +
 .../crypto/keygen/BytesKeyGenerator.java      |    1 +
 .../keygen/HexEncodingStringKeyGenerator.java |    1 +
 .../security/crypto/keygen/KeyGenerators.java |    2 +
 .../crypto/keygen/StringKeyGenerator.java     |    1 +
 .../password/AbstractPasswordEncoder.java     |    1 +
 .../password/DelegatingPasswordEncoder.java   |   47 +-
 .../security/crypto/password/Digester.java    |    1 +
 .../password/LdapShaPasswordEncoder.java      |   24 +-
 .../security/crypto/password/Md4.java         |   12 +-
 .../crypto/password/Md4PasswordEncoder.java   |   30 +-
 .../MessageDigestPasswordEncoder.java         |   16 +-
 .../crypto/password/NoOpPasswordEncoder.java  |   10 +-
 .../crypto/password/PasswordEncoder.java      |    2 +-
 .../crypto/password/PasswordEncoderUtils.java |    4 +-
 .../password/Pbkdf2PasswordEncoder.java       |   33 +-
 .../password/StandardPasswordEncoder.java     |    8 +-
 .../crypto/scrypt/SCryptPasswordEncoder.java  |   56 +-
 .../argon2/Argon2EncodingUtilsTests.java      |   72 +-
 .../argon2/Argon2PasswordEncoderTests.java    |    7 +-
 .../bcrypt/BCryptPasswordEncoderTests.java    |   21 +-
 .../security/crypto/bcrypt/BCryptTests.java   |   31 +-
 .../security/crypto/codec/Base64Tests.java    |    7 +-
 .../security/crypto/codec/HexTests.java       |    7 +-
 .../security/crypto/codec/Utf8Tests.java      |    1 +
 .../encrypt/AesBytesEncryptorTests.java       |    6 +-
 ...stleAesBytesEncryptorEquivalencyTests.java |   19 +-
 .../BouncyCastleAesBytesEncryptorTests.java   |    9 +-
 .../crypto/encrypt/CryptoAssumptions.java     |   10 +-
 .../crypto/encrypt/EncryptorsTests.java       |    9 +-
 .../PasswordEncoderFactoriesTests.java        |    1 +
 .../keygen/Base64StringKeyGeneratorTests.java |    2 +
 .../DelegatingPasswordEncoderTests.java       |   28 +-
 .../password/LdapShaPasswordEncoderTests.java |    2 +
 .../password/Md4PasswordEncoderTests.java     |    3 +-
 .../MessageDigestPasswordEncoderTests.java    |    4 +-
 .../password/PasswordEncoderUtilsTests.java   |    1 +
 .../password/Pbkdf2PasswordEncoderTests.java  |   15 +-
 .../scrypt/SCryptPasswordEncoderTests.java    |    2 +-
 .../crypto/util/EncodingUtilsTests.java       |   19 +-
 .../SecurityEvaluationContextExtension.java   |    6 +-
 ...curityEvaluationContextExtensionTests.java |   14 +-
 ...amespaceWithMultipleInterceptorsTests.java |    7 +-
 .../HttpPathParameterStrippingTests.java      |   11 +-
 .../integration/MultiAnnotationTests.java     |   11 +-
 .../SEC933ApplicationContextTests.java        |    1 +
 .../SEC936ApplicationContextTests.java        |    9 +-
 .../integration/StubUserRepository.java       |    1 +
 .../PythonInterpreterBasedSecurityTests.java  |    5 +-
 .../FilterChainPerformanceTests.java          |   19 +-
 .../ProtectPointcutPerformanceTests.java      |    7 +-
 .../integration/UserDetailsServiceImpl.java   |    1 +
 .../MultiAnnotationService.java               |    1 +
 .../multiannotation/PreAuthorizeService.java  |    2 +-
 .../PreAuthorizeServiceImpl.java              |    2 +
 .../multiannotation/SecuredService.java       |    3 +-
 .../multiannotation/SecuredServiceImpl.java   |    3 +-
 ...PythonInterpreterPostInvocationAdvice.java |    9 +-
 .../PythonInterpreterPreInvocationAdvice.java |   14 +-
 ...thonInterpreterPreInvocationAttribute.java |    2 +
 ...eterPrePostInvocationAttributeFactory.java |   12 +-
 .../AbstractWebServerIntegrationTests.java    |    7 +-
 .../integration/BasicAuthenticationTests.java |   16 +-
 .../ConcurrentSessionManagementTests.java     |   57 +-
 .../security/itest/web/TestController.java    |    1 +
 .../ldap/ApacheDsContainerConfig.java         |    7 +-
 ...faultSpringSecurityContextSourceTests.java |   48 +-
 .../SpringSecurityLdapTemplateITests.java     |   49 +-
 .../BindAuthenticatorTests.java               |   48 +-
 .../PasswordComparisonAuthenticatorTests.java |   26 +-
 .../FilterBasedLdapUserSearchTests.java       |   22 +-
 .../ldap/server/ApacheDSContainerTests.java   |   39 +-
 .../server/ApacheDSEmbeddedLdifTests.java     |   13 +-
 .../server/UnboundIdContainerLdifTests.java   |   25 +-
 .../ldap/server/UnboundIdContainerTests.java  |   12 +-
 .../DefaultLdapAuthoritiesPopulatorTests.java |   62 +-
 ...UserDetailsManagerModifyPasswordTests.java |   19 +-
 .../LdapUserDetailsManagerTests.java          |   22 +-
 .../NestedLdapAuthoritiesPopulatorTests.java  |   63 +-
 .../ldap/DefaultLdapUsernameToDnMapper.java   |    3 +
 .../DefaultSpringSecurityContextSource.java   |   10 +-
 .../security/ldap/LdapEncoder.java            |  486 ++++----
 .../security/ldap/LdapUsernameToDnMapper.java |    2 +
 .../security/ldap/LdapUtils.java              |   19 +-
 .../ldap/SpringSecurityLdapTemplate.java      |   85 +-
 .../AbstractLdapAuthenticationProvider.java   |   57 +-
 .../AbstractLdapAuthenticator.java            |   14 +-
 .../authentication/BindAuthenticator.java     |   28 +-
 .../LdapAuthenticationProvider.java           |   35 +-
 .../authentication/LdapAuthenticator.java     |    4 +-
 .../ldap/authentication/LdapEncoder.java      |  486 ++++----
 .../NullLdapAuthoritiesPopulator.java         |    6 +-
 .../PasswordComparisonAuthenticator.java      |   28 +-
 .../SpringSecurityAuthenticationSource.java   |   15 +-
 ...etailsServiceLdapAuthoritiesPopulator.java |   10 +-
 ...ctiveDirectoryAuthenticationException.java |    5 +-
 ...veDirectoryLdapAuthenticationProvider.java |  103 +-
 .../ldap/authentication/package-info.java     |   12 +-
 .../security/ldap/package-info.java           |    1 -
 .../PasswordPolicyAwareContextSource.java     |   16 +-
 .../ldap/ppolicy/PasswordPolicyControl.java   |    5 +-
 .../PasswordPolicyControlExtractor.java       |    4 +-
 .../ppolicy/PasswordPolicyControlFactory.java |    4 +-
 .../ldap/ppolicy/PasswordPolicyData.java      |    2 +
 .../ppolicy/PasswordPolicyErrorStatus.java    |   29 +-
 .../ldap/ppolicy/PasswordPolicyException.java |    2 +
 .../PasswordPolicyResponseControl.java        |   56 +-
 .../security/ldap/ppolicy/package-info.java   |    8 +-
 .../search/FilterBasedLdapUserSearch.java     |   45 +-
 .../security/ldap/search/LdapUserSearch.java  |    4 +-
 .../security/ldap/search/package-info.java    |    4 +-
 .../ldap/server/ApacheDSContainer.java        |   60 +-
 .../ldap/server/UnboundIdContainer.java       |   10 +-
 .../security/ldap/server/package-info.java    |    4 +-
 .../DefaultLdapAuthoritiesPopulator.java      |   43 +-
 .../ldap/userdetails/InetOrgPerson.java       |   24 +-
 .../InetOrgPersonContextMapper.java           |    4 +-
 .../userdetails/LdapAuthoritiesPopulator.java |    7 +-
 .../ldap/userdetails/LdapAuthority.java       |    9 +-
 .../ldap/userdetails/LdapUserDetails.java     |    3 +-
 .../ldap/userdetails/LdapUserDetailsImpl.java |   19 +-
 .../userdetails/LdapUserDetailsManager.java   |  143 ++-
 .../userdetails/LdapUserDetailsMapper.java    |   22 +-
 .../userdetails/LdapUserDetailsService.java   |   18 +-
 .../NestedLdapAuthoritiesPopulator.java       |   40 +-
 .../security/ldap/userdetails/Person.java     |    6 +
 .../ldap/userdetails/PersonContextMapper.java |    1 +
 .../userdetails/UserDetailsContextMapper.java |    2 +-
 .../ldap/userdetails/package-info.java        |    1 -
 .../security/ldap/LdapUtilsTests.java         |   35 +-
 ...ringSecurityAuthenticationSourceTests.java |   15 +-
 .../ldap/SpringSecurityLdapTemplateTests.java |   11 +-
 .../LdapAuthenticationProviderTests.java      |   93 +-
 .../ldap/authentication/MockUserSearch.java   |    4 +-
 ...swordComparisonAuthenticatorMockTests.java |   17 +-
 ...ectoryLdapAuthenticationProviderTests.java |  148 +--
 .../ppolicy/OpenLDAPIntegrationTestSuite.java |    2 +
 ...PasswordPolicyAwareContextSourceTests.java |   23 +-
 .../PasswordPolicyControlFactoryTests.java    |    4 +-
 .../PasswordPolicyResponseControlTests.java   |   14 +-
 .../ldap/userdetails/InetOrgPersonTests.java  |   17 +-
 .../ldap/userdetails/LdapAuthorityTests.java  |    5 +-
 .../LdapUserDetailsMapperTests.java           |   14 +-
 .../LdapUserDetailsServiceTests.java          |   22 +-
 ...sServiceLdapAuthoritiesPopulatorTests.java |    7 +-
 ...faultMessageSecurityExpressionHandler.java |   12 +-
 .../EvaluationContextPostProcessor.java       |   17 +-
 ...dMessageSecurityMetadataSourceFactory.java |   12 +-
 .../MessageExpressionConfigAttribute.java     |   13 +-
 .../expression/MessageExpressionVoter.java    |   17 +-
 .../MessageSecurityExpressionRoot.java        |    1 +
 .../intercept/ChannelSecurityInterceptor.java |   12 +-
 .../DefaultMessageSecurityMetadataSource.java |   12 +-
 .../MessageSecurityMetadataSource.java        |    2 +-
 ...thenticationPrincipalArgumentResolver.java |   23 +-
 .../SecurityContextChannelInterceptor.java    |   24 +-
 ...thenticationPrincipalArgumentResolver.java |   49 +-
 ...urrentSecurityContextArgumentResolver.java |   55 +-
 .../AbstractMessageMatcherComposite.java      |    7 +-
 .../util/matcher/AndMessageMatcher.java       |    4 +-
 .../util/matcher/MessageMatcher.java          |    1 +
 .../util/matcher/OrMessageMatcher.java        |    4 +-
 .../SimpDestinationMessageMatcher.java        |   53 +-
 .../util/matcher/SimpMessageTypeMatcher.java  |    3 +-
 .../web/csrf/CsrfChannelInterceptor.java      |    8 +-
 .../server/CsrfTokenHandshakeInterceptor.java |   11 +-
 ...MessageSecurityExpressionHandlerTests.java |   30 +-
 ...ageSecurityMetadataSourceFactoryTests.java |   15 +-
 ...MessageExpressionConfigAttributeTests.java |    5 +-
 .../MessageExpressionVoterTests.java          |   47 +-
 .../ChannelSecurityInterceptorTests.java      |   33 +-
 ...ultMessageSecurityMetadataSourceTests.java |    9 +-
 ...icationPrincipalArgumentResolverTests.java |   58 +-
 ...ecurityContextChannelInterceptorTests.java |   54 +-
 .../handler/invocation/ResolvableMethod.java  |  164 ++-
 ...icationPrincipalArgumentResolverTests.java |   27 +-
 ...tSecurityContextArgumentResolverTests.java |   30 +-
 .../util/matcher/AndMessageMatcherTests.java  |    2 +
 .../util/matcher/OrMessageMatcherTests.java   |    2 +
 .../SimpDestinationMessageMatcherTests.java   |   40 +-
 .../matcher/SimpMessageTypeMatcherTests.java  |   14 +-
 .../web/csrf/CsrfChannelInterceptorTests.java |    5 +-
 .../CsrfTokenHandshakeInterceptorTests.java   |    3 +-
 ...ionCodeOAuth2AuthorizedClientProvider.java |   26 +-
 ...eactiveOAuth2AuthorizedClientProvider.java |   32 +-
 ...tServiceOAuth2AuthorizedClientManager.java |  159 +--
 ...ReactiveOAuth2AuthorizedClientManager.java |  173 +--
 .../client/ClientAuthorizationException.java  |   14 +-
 .../ClientAuthorizationRequiredException.java |   10 +-
 ...entialsOAuth2AuthorizedClientProvider.java |   63 +-
 ...eactiveOAuth2AuthorizedClientProvider.java |   60 +-
 ...egatingOAuth2AuthorizedClientProvider.java |   24 +-
 ...eactiveOAuth2AuthorizedClientProvider.java |   37 +-
 ...InMemoryOAuth2AuthorizedClientService.java |   26 +-
 ...ReactiveOAuth2AuthorizedClientService.java |   20 +-
 .../JdbcOAuth2AuthorizedClientService.java    |  182 +--
 .../client/OAuth2AuthorizationContext.java    |   70 +-
 .../OAuth2AuthorizationFailureHandler.java    |   23 +-
 .../OAuth2AuthorizationSuccessHandler.java    |   26 +-
 .../oauth2/client/OAuth2AuthorizeRequest.java |   64 +-
 .../oauth2/client/OAuth2AuthorizedClient.java |   26 +-
 .../client/OAuth2AuthorizedClientId.java      |    5 +-
 .../client/OAuth2AuthorizedClientManager.java |   35 +-
 .../OAuth2AuthorizedClientProvider.java       |   21 +-
 ...OAuth2AuthorizedClientProviderBuilder.java |  142 ++-
 .../client/OAuth2AuthorizedClientService.java |   27 +-
 ...asswordOAuth2AuthorizedClientProvider.java |   83 +-
 ...eactiveOAuth2AuthorizedClientProvider.java |   84 +-
 ...tiveOAuth2AuthorizationFailureHandler.java |   26 +-
 ...tiveOAuth2AuthorizationSuccessHandler.java |   21 +-
 ...ReactiveOAuth2AuthorizedClientManager.java |   37 +-
 ...eactiveOAuth2AuthorizedClientProvider.java |   21 +-
 ...OAuth2AuthorizedClientProviderBuilder.java |  160 +--
 ...ReactiveOAuth2AuthorizedClientService.java |   33 +-
 ...shTokenOAuth2AuthorizedClientProvider.java |   71 +-
 ...eactiveOAuth2AuthorizedClientProvider.java |   76 +-
 ...ientOAuth2AuthorizationFailureHandler.java |  117 +-
 ...tiveOAuth2AuthorizationFailureHandler.java |  122 +-
 .../RegisteredOAuth2AuthorizedClient.java     |   15 +-
 .../OAuth2AuthenticationToken.java            |   29 +-
 ...thorizationCodeAuthenticationProvider.java |   60 +-
 ...2AuthorizationCodeAuthenticationToken.java |   41 +-
 ...tionCodeReactiveAuthenticationManager.java |   54 +-
 .../OAuth2LoginAuthenticationProvider.java    |   88 +-
 .../OAuth2LoginAuthenticationToken.java       |   47 +-
 ...th2LoginReactiveAuthenticationManager.java |   91 +-
 .../client/authentication/package-info.java   |    4 +-
 ...stractOAuth2AuthorizationGrantRequest.java |   13 +-
 ...activeOAuth2AccessTokenResponseClient.java |   94 +-
 ...tAuthorizationCodeTokenResponseClient.java |   68 +-
 ...tClientCredentialsTokenResponseClient.java |   68 +-
 .../DefaultPasswordTokenResponseClient.java   |   65 +-
 ...efaultRefreshTokenTokenResponseClient.java |   64 +-
 ...sAuthorizationCodeTokenResponseClient.java |   63 +-
 .../OAuth2AccessTokenResponseClient.java      |   35 +-
 .../OAuth2AuthorizationCodeGrantRequest.java  |   20 +-
 ...zationCodeGrantRequestEntityConverter.java |   27 +-
 ...2AuthorizationGrantRequestEntityUtils.java |   10 +-
 .../OAuth2ClientCredentialsGrantRequest.java  |   15 +-
 ...redentialsGrantRequestEntityConverter.java |   24 +-
 .../endpoint/OAuth2PasswordGrantRequest.java  |   16 +-
 ...h2PasswordGrantRequestEntityConverter.java |   21 +-
 .../OAuth2RefreshTokenGrantRequest.java       |   26 +-
 ...freshTokenGrantRequestEntityConverter.java |   19 +-
 ...activeOAuth2AccessTokenResponseClient.java |   34 +-
 ...eAuthorizationCodeTokenResponseClient.java |   30 +-
 ...eClientCredentialsTokenResponseClient.java |   22 +-
 ...ntReactivePasswordTokenResponseClient.java |   27 +-
 ...activeRefreshTokenTokenResponseClient.java |   32 +-
 .../oauth2/client/endpoint/package-info.java  |    4 +-
 .../http/OAuth2ErrorResponseErrorHandler.java |   13 +-
 .../ClientRegistrationDeserializer.java       |   35 +-
 .../jackson2/ClientRegistrationMixin.java     |    5 +-
 .../jackson2/DefaultOAuth2UserMixin.java      |    4 +-
 .../client/jackson2/DefaultOidcUserMixin.java |    9 +-
 .../oauth2/client/jackson2/JsonNodeUtils.java |   10 +-
 .../jackson2/OAuth2AccessTokenMixin.java      |   10 +-
 .../OAuth2AuthenticationExceptionMixin.java   |    8 +-
 .../OAuth2AuthenticationTokenMixin.java       |    6 +-
 ...Auth2AuthorizationRequestDeserializer.java |   27 +-
 .../OAuth2AuthorizationRequestMixin.java      |    1 +
 .../jackson2/OAuth2AuthorizedClientMixin.java |    4 +-
 .../jackson2/OAuth2ClientJackson2Module.java  |   45 +-
 .../client/jackson2/OAuth2ErrorMixin.java     |    7 +-
 .../jackson2/OAuth2RefreshTokenMixin.java     |    5 +-
 .../jackson2/OAuth2UserAuthorityMixin.java    |    4 +-
 .../client/jackson2/OidcIdTokenMixin.java     |    8 +-
 .../jackson2/OidcUserAuthorityMixin.java      |    7 +-
 .../client/jackson2/OidcUserInfoMixin.java    |    1 +
 .../oauth2/client/jackson2/StdConverters.java |   30 +-
 .../jackson2/UnmodifiableMapDeserializer.java |    1 +
 .../client/jackson2/UnmodifiableMapMixin.java |    6 +-
 .../DefaultOidcIdTokenValidatorFactory.java   |    6 +-
 ...thorizationCodeAuthenticationProvider.java |  141 ++-
 ...tionCodeReactiveAuthenticationManager.java |  134 ++-
 .../OidcIdTokenDecoderFactory.java            |  124 +-
 .../authentication/OidcIdTokenValidator.java  |   44 +-
 .../ReactiveOidcIdTokenDecoderFactory.java    |  122 +-
 .../oidc/authentication/package-info.java     |    4 +-
 .../OidcReactiveOAuth2UserService.java        |  102 +-
 .../client/oidc/userinfo/OidcUserRequest.java |   15 +-
 .../oidc/userinfo/OidcUserRequestUtils.java   |   34 +-
 .../client/oidc/userinfo/OidcUserService.java |   97 +-
 .../client/oidc/userinfo/package-info.java    |    4 +-
 ...dcClientInitiatedLogoutSuccessHandler.java |   32 +-
 ...ntInitiatedServerLogoutSuccessHandler.java |   61 +-
 .../registration/ClientRegistration.java      |  209 ++--
 .../ClientRegistrationRepository.java         |   13 +-
 .../registration/ClientRegistrations.java     |  155 +--
 .../InMemoryClientRegistrationRepository.java |   25 +-
 ...yReactiveClientRegistrationRepository.java |   16 +-
 .../ReactiveClientRegistrationRepository.java |   13 +-
 .../client/registration/package-info.java     |    3 +-
 .../CustomUserTypesOAuth2UserService.java     |   46 +-
 .../userinfo/DefaultOAuth2UserService.java    |   91 +-
 .../DefaultReactiveOAuth2UserService.java     |  105 +-
 .../userinfo/DelegatingOAuth2UserService.java |   22 +-
 .../client/userinfo/OAuth2UserRequest.java    |   18 +-
 .../OAuth2UserRequestEntityConverter.java     |   21 +-
 .../client/userinfo/OAuth2UserService.java    |   18 +-
 .../userinfo/ReactiveOAuth2UserService.java   |   18 +-
 .../oauth2/client/userinfo/package-info.java  |    4 +-
 ...cipalOAuth2AuthorizedClientRepository.java |   66 +-
 .../web/AuthorizationRequestRepository.java   |   38 +-
 ...ultOAuth2AuthorizationRequestResolver.java |  138 ++-
 .../DefaultOAuth2AuthorizedClientManager.java |  171 +--
 ...ReactiveOAuth2AuthorizedClientManager.java |  248 ++--
 ...nOAuth2AuthorizationRequestRepository.java |   27 +-
 ...ssionOAuth2AuthorizedClientRepository.java |   22 +-
 .../OAuth2AuthorizationCodeGrantFilter.java   |  138 ++-
 ...th2AuthorizationRequestRedirectFilter.java |  131 ++-
 .../OAuth2AuthorizationRequestResolver.java   |   23 +-
 .../web/OAuth2AuthorizationResponseUtils.java |   25 +-
 .../web/OAuth2AuthorizedClientRepository.java |   39 +-
 .../web/OAuth2LoginAuthenticationFilter.java  |  145 +--
 ...Auth2AuthorizedClientArgumentResolver.java |  107 +-
 ...uthorizedClientExchangeFilterFunction.java |  578 +++++-----
 ...uthorizedClientExchangeFilterFunction.java |  465 ++++----
 ...Auth2AuthorizedClientArgumentResolver.java |   60 +-
 ...erverOAuth2AuthorizedClientRepository.java |   53 +-
 ...verOAuth2AuthorizationRequestResolver.java |  151 +--
 ...OAuth2AuthorizationCodeGrantWebFilter.java |  158 +--
 ...AuthorizationRequestRedirectWebFilter.java |   80 +-
 .../OAuth2AuthorizationResponseUtils.java     |   25 +-
 .../ServerAuthorizationRequestRepository.java |   30 +-
 ...ationCodeAuthenticationTokenConverter.java |   45 +-
 ...verOAuth2AuthorizationRequestResolver.java |   23 +-
 ...erverOAuth2AuthorizedClientRepository.java |   35 +-
 ...erverOAuth2AuthorizedClientRepository.java |   18 +-
 ...2ServerAuthorizationRequestRepository.java |   89 +-
 ...erverOAuth2AuthorizedClientRepository.java |   56 +-
 .../OAuth2LoginAuthenticationWebFilter.java   |   25 +-
 ...deOAuth2AuthorizedClientProviderTests.java |   27 +-
 ...veOAuth2AuthorizedClientProviderTests.java |   27 +-
 ...iceOAuth2AuthorizedClientManagerTests.java |  173 +--
 ...iveOAuth2AuthorizedClientManagerTests.java |  285 +++--
 ...lsOAuth2AuthorizedClientProviderTests.java |   73 +-
 ...veOAuth2AuthorizedClientProviderTests.java |   76 +-
 ...ngOAuth2AuthorizedClientProviderTests.java |   17 +-
 ...veOAuth2AuthorizedClientProviderTests.java |   33 +-
 ...oryOAuth2AuthorizedClientServiceTests.java |   64 +-
 ...iveOAuth2AuthorizedClientServiceTests.java |  114 +-
 ...dbcOAuth2AuthorizedClientServiceTests.java |  281 ++---
 .../OAuth2AuthorizationContextTests.java      |   29 +-
 .../client/OAuth2AuthorizeRequestTests.java   |   48 +-
 .../client/OAuth2AuthorizedClientIdTests.java |    7 +-
 ...2AuthorizedClientProviderBuilderTests.java |  141 +--
 .../client/OAuth2AuthorizedClientTests.java   |    8 +-
 ...rdOAuth2AuthorizedClientProviderTests.java |  120 +-
 ...veOAuth2AuthorizedClientProviderTests.java |  123 +-
 ...2AuthorizedClientProviderBuilderTests.java |  159 +--
 ...enOAuth2AuthorizedClientProviderTests.java |  106 +-
 ...veOAuth2AuthorizedClientProviderTests.java |  112 +-
 .../OAuth2AuthenticationTokenTests.java       |    8 +-
 ...zationCodeAuthenticationProviderTests.java |   29 +-
 ...orizationCodeAuthenticationTokenTests.java |   29 +-
 ...odeReactiveAuthenticationManagerTests.java |   21 +-
 ...Auth2LoginAuthenticationProviderTests.java |   87 +-
 .../OAuth2LoginAuthenticationTokenTests.java  |   39 +-
 ...ginReactiveAuthenticationManagerTests.java |   74 +-
 .../TestOAuth2AuthenticationTokens.java       |    1 +
 ...AuthorizationCodeAuthenticationTokens.java |    1 +
 ...orizationCodeTokenResponseClientTests.java |  183 ++-
 ...ntCredentialsTokenResponseClientTests.java |  180 ++-
 ...faultPasswordTokenResponseClientTests.java |   75 +-
 ...tRefreshTokenTokenResponseClientTests.java |   76 +-
 ...orizationCodeTokenResponseClientTests.java |  183 ++-
 ...nCodeGrantRequestEntityConverterTests.java |   88 +-
 ...th2AuthorizationCodeGrantRequestTests.java |    7 +-
 ...tialsGrantRequestEntityConverterTests.java |   24 +-
 ...th2ClientCredentialsGrantRequestTests.java |   31 +-
 ...swordGrantRequestEntityConverterTests.java |   18 +-
 .../OAuth2PasswordGrantRequestTests.java      |   23 +-
 ...TokenGrantRequestEntityConverterTests.java |   24 +-
 .../OAuth2RefreshTokenGrantRequestTests.java  |   13 +-
 ...orizationCodeTokenResponseClientTests.java |  299 +++--
 ...ntCredentialsTokenResponseClientTests.java |   72 +-
 ...ctivePasswordTokenResponseClientTests.java |   76 +-
 ...eRefreshTokenTokenResponseClientTests.java |   75 +-
 .../OAuth2ErrorResponseErrorHandlerTests.java |   14 +-
 ...uth2AuthenticationExceptionMixinTests.java |   37 +-
 .../OAuth2AuthenticationTokenMixinTests.java  |   98 +-
 .../OAuth2AuthorizationRequestMixinTests.java |   57 +-
 .../OAuth2AuthorizedClientMixinTests.java     |  138 +--
 ...zationCodeAuthenticationProviderTests.java |  121 +-
 ...odeReactiveAuthenticationManagerTests.java |  102 +-
 .../OidcIdTokenDecoderFactoryTests.java       |   40 +-
 .../OidcIdTokenValidatorTests.java            |   90 +-
 ...eactiveOidcIdTokenDecoderFactoryTests.java |   40 +-
 .../OidcReactiveOAuth2UserServiceTests.java   |   43 +-
 .../oidc/userinfo/OidcUserRequestTests.java   |   14 +-
 .../userinfo/OidcUserRequestUtilsTests.java   |    9 +-
 .../oidc/userinfo/OidcUserServiceTests.java   |  227 ++--
 ...entInitiatedLogoutSuccessHandlerTests.java |   65 +-
 ...tiatedServerLogoutSuccessHandlerTests.java |   60 +-
 .../registration/ClientRegistrationTests.java |  618 ++++------
 .../ClientRegistrationsTests.java             |  200 ++--
 ...moryClientRegistrationRepositoryTests.java |    2 +
 ...tiveClientRegistrationRepositoryTests.java |    6 +-
 .../registration/TestClientRegistrations.java |   46 +-
 ...CustomUserTypesOAuth2UserServiceTests.java |   63 +-
 .../DefaultOAuth2UserServiceTests.java        |  169 ++-
 ...DefaultReactiveOAuth2UserServiceTests.java |  113 +-
 .../DelegatingOAuth2UserServiceTests.java     |   12 +-
 ...OAuth2UserRequestEntityConverterTests.java |   36 +-
 .../userinfo/OAuth2UserRequestTests.java      |   26 +-
 ...OAuth2AuthorizedClientRepositoryTests.java |   38 +-
 ...uth2AuthorizationRequestResolverTests.java |  242 ++--
 ...ultOAuth2AuthorizedClientManagerTests.java |  233 ++--
 ...iveOAuth2AuthorizedClientManagerTests.java |  325 +++---
 ...h2AuthorizationRequestRepositoryTests.java |  134 ++-
 ...OAuth2AuthorizedClientRepositoryTests.java |  120 +-
 ...uth2AuthorizationCodeGrantFilterTests.java |  105 +-
 ...thorizationRequestRedirectFilterTests.java |  160 ++-
 .../OAuth2LoginAuthenticationFilterTests.java |  142 ++-
 ...AuthorizedClientArgumentResolverTests.java |  183 +--
 .../function/client/MockExchangeFunction.java |    2 +
 ...zedClientExchangeFilterFunctionITests.java |  224 ++--
 ...izedClientExchangeFilterFunctionTests.java |  500 ++++----
 ...zedClientExchangeFilterFunctionITests.java |  168 ++-
 ...izedClientExchangeFilterFunctionTests.java |  369 +++---
 ...AuthorizedClientArgumentResolverTests.java |   62 +-
 ...OAuth2AuthorizedClientRepositoryTests.java |   49 +-
 ...uth2AuthorizationRequestResolverTests.java |  134 +--
 ...2AuthorizationCodeGrantWebFilterTests.java |  159 ++-
 ...rizationRequestRedirectWebFilterTests.java |   74 +-
 ...CodeAuthenticationTokenConverterTests.java |   59 +-
 ...OAuth2AuthorizedClientRepositoryTests.java |   74 +-
 ...erAuthorizationRequestRepositoryTests.java |  145 +--
 ...OAuth2AuthorizedClientRepositoryTests.java |  119 +-
 ...uth2LoginAuthenticationWebFilterTests.java |   43 +-
 .../oauth2/core/AbstractOAuth2Token.java      |   16 +-
 .../oauth2/core/AuthenticationMethod.java     |   14 +-
 .../oauth2/core/AuthorizationGrantType.java   |   29 +-
 .../security/oauth2/core/ClaimAccessor.java   |   76 +-
 .../core/ClientAuthenticationMethod.java      |   12 +-
 .../DefaultOAuth2AuthenticatedPrincipal.java  |   16 +-
 .../core/DelegatingOAuth2TokenValidator.java  |   12 +-
 .../oauth2/core/OAuth2AccessToken.java        |   42 +-
 .../core/OAuth2AuthenticatedPrincipal.java    |   12 +-
 .../core/OAuth2AuthenticationException.java   |   22 +-
 .../core/OAuth2AuthorizationException.java    |    7 +-
 .../security/oauth2/core/OAuth2Error.java     |   24 +-
 .../oauth2/core/OAuth2ErrorCodes.java         |   73 +-
 .../oauth2/core/OAuth2RefreshToken.java       |   16 +-
 .../oauth2/core/OAuth2TokenValidator.java     |    6 +-
 .../core/OAuth2TokenValidatorResult.java      |   10 +-
 .../converter/ClaimConversionService.java     |   12 +-
 .../core/converter/ClaimTypeConverter.java    |    6 +-
 .../converter/ObjectToBooleanConverter.java   |    1 +
 .../converter/ObjectToInstantConverter.java   |    7 +-
 .../ObjectToListStringConverter.java          |    8 +-
 .../ObjectToMapStringObjectConverter.java     |    5 +-
 .../converter/ObjectToStringConverter.java    |    1 +
 .../core/converter/ObjectToURLConverter.java  |    4 +-
 ...MapOAuth2AccessTokenResponseConverter.java |   35 +-
 .../endpoint/OAuth2AccessTokenResponse.java   |   53 +-
 ...OAuth2AccessTokenResponseMapConverter.java |    8 +-
 .../endpoint/OAuth2AuthorizationExchange.java |   18 +-
 .../endpoint/OAuth2AuthorizationRequest.java  |  142 ++-
 .../endpoint/OAuth2AuthorizationResponse.java |   52 +-
 .../OAuth2AuthorizationResponseType.java      |   23 +-
 .../core/endpoint/OAuth2ParameterNames.java   |   13 +-
 .../core/endpoint/PkceParameterNames.java     |    8 +-
 .../oauth2/core/endpoint/package-info.java    |    4 +-
 .../http/converter/HttpMessageConverters.java |   14 +-
 ...cessTokenResponseHttpMessageConverter.java |   76 +-
 .../OAuth2ErrorHttpMessageConverter.java      |   66 +-
 .../core/oidc/AddressStandardClaim.java       |   24 +-
 .../oidc/DefaultAddressStandardClaim.java     |   43 +-
 .../core/oidc/IdTokenClaimAccessor.java       |   32 +-
 .../oauth2/core/oidc/IdTokenClaimNames.java   |   14 +-
 .../oauth2/core/oidc/OidcIdToken.java         |   49 +-
 .../security/oauth2/core/oidc/OidcScopes.java |   20 +-
 .../oauth2/core/oidc/OidcUserInfo.java        |   54 +-
 .../core/oidc/StandardClaimAccessor.java      |   56 +-
 .../oauth2/core/oidc/StandardClaimNames.java  |   27 +-
 .../oidc/endpoint/OidcParameterNames.java     |    8 +-
 .../core/oidc/user/DefaultOidcUser.java       |   31 +-
 .../oauth2/core/oidc/user/OidcUser.java       |   28 +-
 .../core/oidc/user/OidcUserAuthority.java     |   25 +-
 .../oauth2/core/oidc/user/package-info.java   |    3 +-
 .../security/oauth2/core/package-info.java    |    3 +-
 .../oauth2/core/user/DefaultOAuth2User.java   |   31 +-
 .../security/oauth2/core/user/OAuth2User.java |   23 +-
 .../oauth2/core/user/OAuth2UserAuthority.java |   11 +-
 ...Auth2AccessTokenResponseBodyExtractor.java |   45 +-
 .../function/OAuth2BodyExtractors.java        |    5 +-
 .../core/AuthenticationMethodTests.java       |    1 +
 .../core/AuthorizationGrantTypeTests.java     |    1 +
 .../oauth2/core/ClaimAccessorTests.java       |   27 +-
 .../core/ClientAuthenticationMethodTests.java |    1 +
 ...aultOAuth2AuthenticatedPrincipalTests.java |   24 +-
 .../DelegatingOAuth2TokenValidatorTests.java  |   61 +-
 .../oauth2/core/OAuth2AccessTokenTests.java   |   12 +-
 .../oauth2/core/OAuth2ErrorTests.java         |    4 +
 .../core/OAuth2TokenValidatorResultTests.java |    5 +-
 .../oauth2/core/TestOAuth2AccessTokens.java   |   13 +-
 .../oauth2/core/TestOAuth2RefreshTokens.java  |    2 +
 .../ClaimConversionServiceTests.java          |    8 +-
 .../converter/ClaimTypeConverterTests.java    |   16 +-
 ...uth2AccessTokenResponseConverterTests.java |    2 +-
 ...2AccessTokenResponseMapConverterTests.java |   19 +-
 .../OAuth2AccessTokenResponseTests.java       |   97 +-
 .../OAuth2AuthorizationExchangeTests.java     |    5 +-
 .../OAuth2AuthorizationRequestTests.java      |  241 ++--
 .../OAuth2AuthorizationResponseTests.java     |   64 +-
 .../OAuth2AuthorizationResponseTypeTests.java |    1 +
 .../TestOAuth2AccessTokenResponses.java       |    8 +-
 .../TestOAuth2AuthorizationExchanges.java     |    1 +
 .../TestOAuth2AuthorizationRequests.java      |    8 +-
 .../TestOAuth2AuthorizationResponses.java     |    4 +-
 ...okenResponseHttpMessageConverterTests.java |  100 +-
 .../OAuth2ErrorHttpMessageConverterTests.java |   36 +-
 .../DefaultAddressStandardClaimTests.java     |   18 +-
 .../core/oidc/OidcIdTokenBuilderTests.java    |   50 +-
 .../oauth2/core/oidc/OidcIdTokenTests.java    |   31 +-
 .../core/oidc/OidcUserInfoBuilderTests.java   |   31 +-
 .../oauth2/core/oidc/OidcUserInfoTests.java   |   40 +
 .../oauth2/core/oidc/TestOidcIdTokens.java    |   10 +-
 .../core/oidc/user/DefaultOidcUserTests.java  |   28 +-
 .../oidc/user/OidcUserAuthorityTests.java     |   15 +-
 .../oauth2/core/oidc/user/TestOidcUsers.java  |   24 +-
 .../core/user/DefaultOAuth2UserTests.java     |    9 +-
 .../core/user/OAuth2UserAuthorityTests.java   |    3 +
 .../oauth2/core/user/TestOAuth2Users.java     |    8 +-
 .../function/OAuth2BodyExtractorsTests.java   |   31 +-
 .../oauth2/jose/jws/JwsAlgorithm.java         |   16 +-
 .../oauth2/jose/jws/JwsAlgorithms.java        |   16 +-
 .../oauth2/jose/jws/MacAlgorithm.java         |   20 +-
 .../oauth2/jose/jws/SignatureAlgorithm.java   |   19 +-
 .../security/oauth2/jwt/BadJwtException.java  |    7 +-
 .../security/oauth2/jwt/Jwt.java              |   52 +-
 .../security/oauth2/jwt/JwtClaimAccessor.java |   46 +-
 .../security/oauth2/jwt/JwtClaimNames.java    |   19 +-
 .../oauth2/jwt/JwtClaimValidator.java         |   25 +-
 .../security/oauth2/jwt/JwtDecoder.java       |   32 +-
 .../oauth2/jwt/JwtDecoderFactory.java         |   10 +-
 .../JwtDecoderProviderConfigurationUtils.java |   44 +-
 .../security/oauth2/jwt/JwtDecoders.java      |   90 +-
 .../security/oauth2/jwt/JwtException.java     |    3 +-
 .../oauth2/jwt/JwtIssuerValidator.java        |    2 +-
 .../oauth2/jwt/JwtTimestampValidator.java     |   24 +-
 .../oauth2/jwt/JwtValidationException.java    |    9 +-
 .../security/oauth2/jwt/JwtValidators.java    |   24 +-
 .../jwt/MappedJwtClaimSetConverter.java       |   32 +-
 .../security/oauth2/jwt/NimbusJwtDecoder.java |  200 ++--
 .../jwt/NimbusJwtDecoderJwkSupport.java       |   39 +-
 .../oauth2/jwt/NimbusReactiveJwtDecoder.java  |  229 ++--
 .../oauth2/jwt/ReactiveJWKSource.java         |    3 +
 .../oauth2/jwt/ReactiveJWKSourceAdapter.java  |    3 +
 .../oauth2/jwt/ReactiveJwtDecoder.java        |   31 +-
 .../oauth2/jwt/ReactiveJwtDecoderFactory.java |   11 +-
 .../oauth2/jwt/ReactiveJwtDecoders.java       |   93 +-
 .../oauth2/jwt/ReactiveRemoteJWKSource.java   |   20 +-
 .../oauth2/jwt/SingleKeyJWSKeySelector.java   |    3 +
 .../security/oauth2/jose/TestKeys.java        |   81 +-
 .../oauth2/jose/jws/MacAlgorithmTests.java    |    1 +
 .../jose/jws/SignatureAlgorithmTests.java     |    1 +
 .../security/oauth2/jwt/JwtBuilderTests.java  |   82 +-
 .../oauth2/jwt/JwtClaimValidatorTests.java    |   16 +-
 .../security/oauth2/jwt/JwtDecodersTests.java |  107 +-
 .../oauth2/jwt/JwtIssuerValidatorTests.java   |   14 +-
 .../security/oauth2/jwt/JwtTests.java         |   28 +-
 .../jwt/JwtTimestampValidatorTests.java       |   34 +-
 .../jwt/MappedJwtClaimSetConverterTests.java  |   29 +-
 .../jwt/NimbusJwtDecoderJwkSupportTests.java  |   47 +-
 .../oauth2/jwt/NimbusJwtDecoderTests.java     |  236 ++--
 .../jwt/NimbusReactiveJwtDecoderTests.java    |  209 ++--
 .../oauth2/jwt/ReactiveJwtDecodersTests.java  |   92 +-
 .../jwt/ReactiveRemoteJWKSourceTests.java     |   31 +-
 .../security/oauth2/jwt/TestJwts.java         |   18 +-
 .../BearerTokenAuthenticationToken.java       |   17 +-
 .../server/resource/BearerTokenError.java     |   44 +-
 .../resource/BearerTokenErrorCodes.java       |   19 +-
 .../server/resource/BearerTokenErrors.java    |   49 +-
 .../resource/InvalidBearerTokenException.java |   13 +-
 ...bstractOAuth2TokenAuthenticationToken.java |   28 +-
 .../BearerTokenAuthentication.java            |    9 +-
 .../JwtAuthenticationConverter.java           |   21 +-
 .../JwtAuthenticationProvider.java            |   34 +-
 .../JwtAuthenticationToken.java               |    9 +-
 ...JwtBearerTokenAuthenticationConverter.java |   21 +-
 .../JwtGrantedAuthoritiesConverter.java       |   24 +-
 ...wtIssuerAuthenticationManagerResolver.java |   68 +-
 ...ReactiveAuthenticationManagerResolver.java |   96 +-
 .../JwtReactiveAuthenticationManager.java     |   25 +-
 .../OpaqueTokenAuthenticationProvider.java    |   41 +-
 ...queTokenReactiveAuthenticationManager.java |   59 +-
 .../ReactiveJwtAuthenticationConverter.java   |   21 +-
 ...tiveJwtAuthenticationConverterAdapter.java |    2 +
 ...JwtGrantedAuthoritiesConverterAdapter.java |   13 +-
 .../resource/authentication/package-info.java |    3 +-
 .../BadOpaqueTokenException.java              |    7 +-
 .../NimbusOpaqueTokenIntrospector.java        |   40 +-
 ...NimbusReactiveOpaqueTokenIntrospector.java |   58 +-
 ...h2IntrospectionAuthenticatedPrincipal.java |   29 +-
 .../OAuth2IntrospectionClaimAccessor.java     |   36 +-
 .../OAuth2IntrospectionClaimNames.java        |   10 +-
 .../OAuth2IntrospectionException.java         |    2 +
 .../OpaqueTokenIntrospector.java              |   11 +-
 .../ReactiveOpaqueTokenIntrospector.java      |   11 +-
 .../BearerTokenAuthenticationEntryPoint.java  |   27 +-
 .../web/BearerTokenAuthenticationFilter.java  |   44 +-
 .../resource/web/BearerTokenResolver.java     |   14 +-
 .../web/DefaultBearerTokenResolver.java       |   29 +-
 .../web/HeaderBearerTokenResolver.java        |    1 +
 .../BearerTokenAccessDeniedHandler.java       |   29 +-
 .../BearerTokenServerAccessDeniedHandler.java |   26 +-
 .../ServerBearerExchangeFilterFunction.java   |   31 +-
 .../ServletBearerExchangeFilterFunction.java  |   44 +-
 ...erTokenServerAuthenticationEntryPoint.java |   16 +-
 ...verBearerTokenAuthenticationConverter.java |   48 +-
 .../TestOAuth2AuthenticatedPrincipals.java    |   13 +-
 .../BearerTokenAuthenticationTokenTests.java  |    8 +-
 .../resource/BearerTokenErrorTests.java       |   33 +-
 .../resource/BearerTokenErrorsTests.java      |    2 +
 ...icationEventPublisherBearerTokenTests.java |    5 +-
 .../BearerTokenAuthenticationTests.java       |   42 +-
 .../JwtAuthenticationConverterTests.java      |   15 +-
 .../JwtAuthenticationProviderTests.java       |   26 +-
 .../JwtAuthenticationTokenTests.java          |    4 +-
 ...arerTokenAuthenticationConverterTests.java |   32 +-
 .../JwtGrantedAuthoritiesConverterTests.java  |   54 +-
 ...uerAuthenticationManagerResolverTests.java |   72 +-
 ...iveAuthenticationManagerResolverTests.java |   83 +-
 ...JwtReactiveAuthenticationManagerTests.java |   18 +-
 ...paqueTokenAuthenticationProviderTests.java |   32 +-
 ...kenReactiveAuthenticationManagerTests.java |   38 +-
 ...wtAuthenticationConverterAdapterTests.java |   27 +-
 ...activeJwtAuthenticationConverterTests.java |   12 +-
 ...antedAuthoritiesConverterAdapterTests.java |   19 +-
 .../TestBearerTokenAuthentications.java       |   17 +-
 .../NimbusOpaqueTokenIntrospectorTests.java   |  184 ++-
 ...sReactiveOpaqueTokenIntrospectorTests.java |  115 +-
 ...rospectionAuthenticatedPrincipalTests.java |   49 +-
 ...rerTokenAuthenticationEntryPointTests.java |   55 +-
 .../BearerTokenAuthenticationFilterTests.java |   85 +-
 .../web/DefaultBearerTokenResolverTests.java  |    3 +
 .../web/HeaderBearerTokenResolverTests.java   |   13 +-
 .../resource/web/MockExchangeFunction.java    |    2 +
 .../BearerTokenAccessDeniedHandlerTests.java  |   20 +-
 ...erTokenServerAccessDeniedHandlerTests.java |   23 +-
 ...rverBearerExchangeFilterFunctionTests.java |   33 +-
 ...vletBearerExchangeFilterFunctionTests.java |   38 +-
 ...enServerAuthenticationEntryPointTests.java |   18 +-
 ...arerTokenAuthenticationConverterTests.java |   85 +-
 .../AuthenticationCancelledException.java     |    7 +-
 .../security/openid/AxFetchListFactory.java   |    7 +-
 .../openid/NullAxFetchListFactory.java        |    7 +-
 .../security/openid/OpenID4JavaConsumer.java  |   63 +-
 .../security/openid/OpenIDAttribute.java      |   13 +-
 .../openid/OpenIDAuthenticationFilter.java    |   39 +-
 .../openid/OpenIDAuthenticationProvider.java  |   37 +-
 .../openid/OpenIDAuthenticationStatus.java    |    7 +-
 .../openid/OpenIDAuthenticationToken.java     |   20 +-
 .../security/openid/OpenIDConsumer.java       |   13 +-
 .../openid/OpenIDConsumerException.java       |    7 +-
 .../openid/RegexBasedAxFetchListFactory.java  |    6 +-
 .../security/openid/package-info.java         |    1 -
 .../security/openid/MockOpenIDConsumer.java   |   13 +-
 .../openid/OpenID4JavaConsumerTests.java      |   72 +-
 .../OpenIDAuthenticationFilterTests.java      |   21 +-
 .../OpenIDAuthenticationProviderTests.java    |   48 +-
 .../security/remoting/dns/DnsResolver.java    |   13 +-
 .../remoting/dns/JndiDnsResolver.java         |   28 +-
 .../security/remoting/dns/package-info.java   |    1 -
 ...ationSimpleHttpInvokerRequestExecutor.java |   17 +-
 .../remoting/httpinvoker/package-info.java    |    7 +-
 .../security/remoting/package-info.java       |    1 -
 .../ContextPropagatingRemoteInvocation.java   |   22 +-
 ...extPropagatingRemoteInvocationFactory.java |    2 +
 .../security/remoting/rmi/package-info.java   |    9 +-
 .../remoting/dns/JndiDnsResolverTests.java    |   30 +-
 ...SimpleHttpInvokerRequestExecutorTests.java |   12 +-
 ...ntextPropagatingRemoteInvocationTests.java |   24 +-
 .../security/rsocket/api/PayloadExchange.java |    2 +
 .../rsocket/api/PayloadExchangeType.java      |   15 +-
 .../rsocket/api/PayloadInterceptor.java       |    8 +-
 .../rsocket/api/PayloadInterceptorChain.java  |    6 +-
 .../AnonymousPayloadInterceptor.java          |   27 +-
 ...uthenticationPayloadExchangeConverter.java |   29 +-
 .../AuthenticationPayloadInterceptor.java     |   16 +-
 ...uthenticationPayloadExchangeConverter.java |   17 +-
 .../BearerPayloadExchangeConverter.java       |   13 +-
 ...ayloadExchangeAuthenticationConverter.java |    3 +
 .../AuthorizationPayloadInterceptor.java      |   11 +-
 ...geMatcherReactiveAuthorizationManager.java |   24 +-
 .../core/ContextPayloadInterceptorChain.java  |   15 +-
 .../rsocket/core/DefaultPayloadExchange.java  |    1 +
 .../core/PayloadInterceptorRSocket.java       |   59 +-
 .../rsocket/core/PayloadSocketAcceptor.java   |   18 +-
 .../PayloadSocketAcceptorInterceptor.java     |    8 +-
 .../SecuritySocketAcceptorInterceptor.java    |    7 +-
 .../metadata/BasicAuthenticationDecoder.java  |   61 +-
 .../metadata/BasicAuthenticationEncoder.java  |   25 +-
 .../BearerTokenAuthenticationEncoder.java     |   29 +-
 .../rsocket/metadata/BearerTokenMetadata.java |   13 +-
 .../metadata/SimpleAuthenticationEncoder.java |   30 +-
 .../metadata/UsernamePasswordMetadata.java    |    9 +-
 .../PayloadExchangeAuthorizationContext.java  |    3 +
 .../util/matcher/PayloadExchangeMatcher.java  |    8 +-
 .../matcher/PayloadExchangeMatcherEntry.java  |    3 +
 .../util/matcher/PayloadExchangeMatchers.java |   13 +-
 .../matcher/RoutePayloadExchangeMatcher.java  |   17 +-
 .../AnonymousPayloadInterceptorTests.java     |   20 +-
 ...AuthenticationPayloadInterceptorChain.java |    2 +
 ...AuthenticationPayloadInterceptorTests.java |   54 +-
 .../AuthorizationPayloadInterceptorTests.java |   37 +-
 ...cherReactiveAuthorizationManagerTests.java |   57 +-
 .../CaptureSecurityContextSocketAcceptor.java |    9 +-
 .../core/PayloadInterceptorRSocketTests.java  |  125 +-
 ...PayloadSocketAcceptorInterceptorTests.java |   11 +-
 .../core/PayloadSocketAcceptorTests.java      |   25 +-
 .../BasicAuthenticationDecoderTests.java      |   10 +-
 .../RoutePayloadExchangeMatcherTests.java     |   13 +-
 .../core/OpenSamlInitializationService.java   |   75 +-
 .../security/saml2/core/Saml2Error.java       |   16 +-
 .../security/saml2/core/Saml2ErrorCodes.java  |   72 +-
 .../saml2/core/Saml2X509Credential.java       |   67 +-
 .../credentials/Saml2X509Credential.java      |   75 +-
 .../AbstractSaml2AuthenticationRequest.java   |   51 +-
 .../DefaultSaml2AuthenticatedPrincipal.java   |    2 +
 .../OpenSamlAuthenticationProvider.java       |  235 ++--
 .../OpenSamlAuthenticationRequestFactory.java |  129 +--
 .../Saml2AuthenticatedPrincipal.java          |    5 +-
 .../authentication/Saml2Authentication.java   |   16 +-
 .../Saml2AuthenticationException.java         |   63 +-
 .../Saml2AuthenticationRequest.java           |   75 +-
 .../Saml2AuthenticationRequestContext.java    |   55 +-
 .../Saml2AuthenticationRequestFactory.java    |  108 +-
 .../Saml2AuthenticationToken.java             |   56 +-
 .../service/authentication/Saml2Error.java    |   15 +-
 .../authentication/Saml2ErrorCodes.java       |   72 +-
 .../Saml2PostAuthenticationRequest.java       |   35 +-
 .../Saml2RedirectAuthenticationRequest.java   |   43 +-
 .../service/authentication/Saml2Utils.java    |    4 +-
 .../metadata/OpenSamlMetadataResolver.java    |   25 +-
 .../metadata/Saml2MetadataResolver.java       |    6 +-
 ...oryRelyingPartyRegistrationRepository.java |    7 +-
 ...gistrationBuilderHttpMessageConverter.java |   53 +-
 .../RelyingPartyRegistration.java             |  482 ++++----
 .../RelyingPartyRegistrationRepository.java   |    5 +-
 .../RelyingPartyRegistrations.java            |   21 +-
 .../registration/Saml2MessageBinding.java     |   15 +-
 .../Saml2WebSsoAuthenticationFilter.java      |   40 +-
 ...aml2WebSsoAuthenticationRequestFilter.java |  114 +-
 ...faultRelyingPartyRegistrationResolver.java |   41 +-
 ...2AuthenticationRequestContextResolver.java |   27 +-
 ...2AuthenticationRequestContextResolver.java |    9 +-
 .../Saml2AuthenticationTokenConverter.java    |   18 +-
 .../service/web/Saml2MetadataFilter.java      |   10 +-
 .../OpenSamlInitializationServiceTests.java   |    6 +-
 .../security/saml2/core/Saml2Utils.java       |    3 +-
 .../saml2/core/Saml2X509CredentialTests.java  |   64 +-
 .../saml2/core/TestSaml2X509Credentials.java  |  171 ++-
 .../credentials/Saml2X509CredentialTests.java |   65 +-
 .../credentials/TestSaml2X509Credentials.java |  171 ++-
 ...faultSaml2AuthenticatedPrincipalTests.java |    7 +-
 .../OpenSamlAuthenticationProviderTests.java  |   71 +-
 ...SamlAuthenticationRequestFactoryTests.java |   87 +-
 ...aml2AuthenticationRequestFactoryTests.java |   23 +-
 .../authentication/TestOpenSamlObjects.java   |   60 +-
 ...estSaml2AuthenticationRequestContexts.java |    6 +-
 .../OpenSamlMetadataResolverTests.java        |   24 +-
 ...ationBuilderHttpMessageConverterTests.java |   98 +-
 .../RelyingPartyRegistrationTests.java        |   60 +-
 .../RelyingPartyRegistrationsTests.java       |  149 +--
 .../TestRelyingPartyRegistrations.java        |   30 +-
 .../Saml2WebSsoAuthenticationFilterTests.java |    7 +-
 ...ebSsoAuthenticationRequestFilterTests.java |  112 +-
 ...RelyingPartyRegistrationResolverTests.java |   15 +-
 ...enticationRequestContextResolverTests.java |   33 +-
 ...aml2AuthenticationTokenConverterTests.java |   31 +-
 .../service/web/Saml2MetadataFilterTests.java |   17 +-
 .../security/taglibs/TagLibConfig.java        |    3 +-
 .../taglibs/authz/AbstractAuthorizeTag.java   |   53 +-
 .../taglibs/authz/AccessControlListTag.java   |   22 +-
 .../taglibs/authz/AuthenticationTag.java      |    5 +
 .../taglibs/authz/JspAuthorizeTag.java        |   12 +-
 .../security/taglibs/authz/package-info.java  |    1 -
 .../taglibs/csrf/AbstractCsrfTag.java         |    4 +-
 .../security/taglibs/csrf/CsrfInputTag.java   |    4 +-
 .../taglibs/csrf/CsrfMetaTagsTag.java         |    8 +-
 .../security/taglibs/package-info.java        |    1 -
 .../security/taglibs/TldTests.java            |    5 +-
 .../authz/AbstractAuthorizeTagTests.java      |   16 +-
 .../authz/AccessControlListTagTests.java      |   12 +-
 .../taglibs/authz/AuthenticationTagTests.java |   25 +-
 .../taglibs/authz/AuthorizeTagTests.java      |   31 +-
 .../taglibs/csrf/AbstractCsrfTagTests.java    |   29 +-
 .../taglibs/csrf/CsrfInputTagTests.java       |   14 +-
 .../taglibs/csrf/CsrfMetaTagsTagTests.java    |   21 +-
 .../context/TestSecurityContextHolder.java    |   11 +-
 .../SecurityTestExecutionListeners.java       |   14 +-
 .../DelegatingTestExecutionListener.java      |    4 +-
 .../ReactorContextTestExecutionListener.java  |   25 +-
 .../context/support/TestExecutionEvent.java   |   11 +-
 .../context/support/WithAnonymousUser.java    |   16 +-
 ...thAnonymousUserSecurityContextFactory.java |    9 +-
 .../test/context/support/WithMockUser.java    |    7 +-
 .../WithMockUserSecurityContextFactory.java   |   27 +-
 .../context/support/WithSecurityContext.java  |    2 +-
 .../support/WithSecurityContextFactory.java   |    3 +-
 ...hSecurityContextTestExecutionListener.java |   68 +-
 .../test/context/support/WithUserDetails.java |    8 +-
 ...WithUserDetailsSecurityContextFactory.java |   35 +-
 .../server/SecurityMockServerConfigurers.java |  450 ++++----
 .../SecurityMockMvcRequestBuilders.java       |   54 +-
 .../SecurityMockMvcRequestPostProcessors.java |  473 ++++----
 .../SecurityMockMvcResultMatchers.java        |   63 +-
 .../setup/SecurityMockMvcConfigurer.java      |   38 +-
 .../setup/SecurityMockMvcConfigurers.java     |    8 +-
 .../test/web/support/WebTestUtils.java        |   34 +-
 .../TestSecurityContextHolderTests.java       |    1 +
 .../SecurityTestExecutionListenerTests.java   |   11 +-
 .../context/showcase/CustomUserDetails.java   |    4 +
 .../context/showcase/WithMockCustomUser.java  |    3 +-
 ...hMockCustomUserSecurityContextFactory.java |   12 +-
 .../showcase/WithMockUserParentTests.java     |    3 +
 .../context/showcase/WithMockUserTests.java   |    7 +-
 .../showcase/WithUserDetailsTests.java        |   10 +-
 .../showcase/service/HelloMessageService.java |    4 +-
 .../showcase/service/MessageService.java      |    2 +
 ...ctorContextTestExecutionListenerTests.java |   79 +-
 .../support/WithAnonymousUserTests.java       |   12 +-
 ...thMockUserSecurityContextFactoryTests.java |   16 +-
 .../context/support/WithMockUserTests.java    |   14 +-
 ...ityContextTestExcecutionListenerTests.java |   27 +-
 ...rityContextTestExecutionListenerTests.java |   24 +-
 ...serDetailsSecurityContextFactoryTests.java |   22 +-
 .../context/support/WithUserDetailsTests.java |   16 +-
 .../AbstractMockServerConfigurersTests.java   |   12 +-
 ...yMockServerConfigurerOpaqueTokenTests.java |   67 +-
 ...tyMockServerConfigurersAnnotatedTests.java |   97 +-
 ...kServerConfigurersClassAnnotatedTests.java |   35 +-
 ...SecurityMockServerConfigurersJwtTests.java |   80 +-
 ...ockServerConfigurersOAuth2ClientTests.java |   99 +-
 ...MockServerConfigurersOAuth2LoginTests.java |  107 +-
 ...tyMockServerConfigurersOidcLoginTests.java |  114 +-
 .../SecurityMockServerConfigurersTests.java   |  108 +-
 .../web/servlet/request/Sec2935Tests.java     |   78 +-
 ...yMockMvcRequestBuildersFormLoginTests.java |   30 +-
 ...MockMvcRequestBuildersFormLogoutTests.java |   34 +-
 ...rocessorsAuthenticationStatelessTests.java |    4 +
 ...uestPostProcessorsAuthenticationTests.java |    9 +-
 ...RequestPostProcessorsCertificateTests.java |   12 +-
 ...estPostProcessorsCsrfDebugFilterTests.java |    3 +
 ...MockMvcRequestPostProcessorsCsrfTests.java |   18 +-
 ...ckMvcRequestPostProcessorsDigestTests.java |   25 +-
 ...yMockMvcRequestPostProcessorsJwtTests.java |   35 +-
 ...equestPostProcessorsOAuth2ClientTests.java |   59 +-
 ...RequestPostProcessorsOAuth2LoginTests.java |   75 +-
 ...vcRequestPostProcessorsOidcLoginTests.java |   67 +-
 ...RequestPostProcessorsOpaqueTokenTests.java |   44 +-
 ...estPostProcessorsSecurityContextTests.java |    9 +-
 ...sorsTestSecurityContextStatelessTests.java |    7 +-
 ...ostProcessorsTestSecurityContextTests.java |    9 +-
 ...RequestPostProcessorsUserDetailsTests.java |   12 +-
 ...MockMvcRequestPostProcessorsUserTests.java |   46 +-
 .../web/servlet/response/Gh3409Tests.java     |    2 +
 .../SecurityMockMvcResultMatchersTests.java   |   15 +-
 ...WithAuthoritiesMvcResultMatchersTests.java |   11 +-
 .../setup/SecurityMockMvcConfigurerTests.java |   16 +-
 .../SecurityMockMvcConfigurersTests.java      |   33 +-
 .../showcase/csrf/CsrfShowcaseTests.java      |    2 +
 .../csrf/CustomCsrfShowcaseTests.java         |    6 +-
 .../csrf/DefaultCsrfShowcaseTests.java        |    6 +-
 .../showcase/login/AuthenticationTests.java   |   21 +-
 .../CustomConfigAuthenticationTests.java      |   17 +-
 ...oginRequestBuilderAuthenticationTests.java |   15 +-
 .../DefaultfSecurityRequestsTests.java        |    9 +-
 .../secured/SecurityRequestsTests.java        |   13 +-
 .../showcase/secured/WithAdminRob.java        |    3 +-
 .../secured/WithUserAuthenticationTests.java  |   11 +-
 ...WithUserClassLevelAuthenticationTests.java |    6 +-
 .../WithUserDetailsAuthenticationTests.java   |    7 +-
 ...rDetailsClassLevelAuthenticationTests.java |    8 +-
 .../test/web/support/WebTestUtilsTests.java   |   47 +-
 .../web/AuthenticationEntryPoint.java         |    7 +-
 .../security/web/DefaultRedirectStrategy.java |    8 +-
 .../web/DefaultSecurityFilterChain.java       |    5 +-
 .../security/web/FilterChainProxy.java        |   62 +-
 .../security/web/FilterInvocation.java        |   51 +-
 .../security/web/PortMapper.java              |    6 +-
 .../security/web/PortMapperImpl.java          |   13 +-
 .../security/web/PortResolver.java            |    4 +-
 .../security/web/PortResolverImpl.java        |    2 +
 .../security/web/RedirectStrategy.java        |    4 +-
 .../security/web/SecurityFilterChain.java     |    3 +-
 .../security/web/WebAttributes.java           |    6 +-
 .../web/access/AccessDeniedHandler.java       |    9 +-
 .../web/access/AccessDeniedHandlerImpl.java   |   13 +-
 ...efaultWebInvocationPrivilegeEvaluator.java |   28 +-
 .../access/DelegatingAccessDeniedHandler.java |    8 +-
 .../access/ExceptionTranslationFilter.java    |   75 +-
 ...tMatcherDelegatingAccessDeniedHandler.java |   17 +-
 .../WebInvocationPrivilegeEvaluator.java      |    3 +-
 .../channel/AbstractRetryEntryPoint.java      |   15 +-
 .../channel/ChannelDecisionManager.java       |    7 +-
 .../channel/ChannelDecisionManagerImpl.java   |    9 +-
 .../web/access/channel/ChannelEntryPoint.java |    6 +-
 .../channel/ChannelProcessingFilter.java      |   21 +-
 .../web/access/channel/ChannelProcessor.java  |    7 +-
 .../channel/InsecureChannelProcessor.java     |    6 +-
 .../channel/RetryWithHttpEntryPoint.java      |    1 +
 .../channel/RetryWithHttpsEntryPoint.java     |    1 +
 .../channel/SecureChannelProcessor.java       |    9 +-
 .../web/access/channel/package-info.java      |    1 -
 ...ariableEvaluationContextPostProcessor.java |    3 +-
 .../DefaultWebSecurityExpressionHandler.java  |   24 +-
 .../DelegatingEvaluationContext.java          |    2 +
 .../EvaluationContextPostProcessor.java       |   18 +-
 ...ilterInvocationSecurityMetadataSource.java |   44 +-
 .../WebExpressionConfigAttribute.java         |    9 +-
 .../access/expression/WebExpressionVoter.java |   18 +-
 .../expression/WebSecurityExpressionRoot.java |    3 +-
 .../web/access/expression/package-info.java   |    1 -
 ...ilterInvocationSecurityMetadataSource.java |   16 +-
 ...ilterInvocationSecurityMetadataSource.java |    1 +
 .../intercept/FilterSecurityInterceptor.java  |   17 +-
 .../web/access/intercept/RequestKey.java      |    3 +
 .../web/access/intercept/package-info.java    |    1 -
 .../security/web/access/package-info.java     |    1 -
 ...bstractAuthenticationProcessingFilter.java |  111 +-
 ...AuthenticationTargetUrlRequestHandler.java |   34 +-
 .../AnonymousAuthenticationFilter.java        |   21 +-
 .../AuthenticationConverter.java              |   11 +-
 ...uthenticationEntryPointFailureHandler.java |    1 +
 .../AuthenticationFailureHandler.java         |    6 +-
 .../authentication/AuthenticationFilter.java  |   35 +-
 .../AuthenticationSuccessHandler.java         |   15 +-
 .../DelegatingAuthenticationEntryPoint.java   |    9 +-
 ...elegatingAuthenticationFailureHandler.java |   12 +-
 ...onMappingAuthenticationFailureHandler.java |   18 +-
 .../ForwardAuthenticationFailureHandler.java  |  107 +-
 .../ForwardAuthenticationSuccessHandler.java  |  105 +-
 .../Http403ForbiddenEntryPoint.java           |    7 +-
 .../authentication/HttpStatusEntryPoint.java  |    3 +-
 .../LoginUrlAuthenticationEntryPoint.java     |   41 +-
 .../NullRememberMeServices.java               |    5 +-
 .../authentication/RememberMeServices.java    |   16 +-
 ...uestAwareAuthenticationSuccessHandler.java |   51 +-
 ...SimpleUrlAuthenticationFailureHandler.java |   26 +-
 ...SimpleUrlAuthenticationSuccessHandler.java |   11 +-
 .../UsernamePasswordAuthenticationFilter.java |   33 +-
 .../WebAuthenticationDetails.java             |    6 +-
 .../WebAuthenticationDetailsSource.java       |    5 +-
 .../logout/CompositeLogoutHandler.java        |    9 +-
 .../logout/CookieClearingLogoutHandler.java   |   17 +-
 .../DelegatingLogoutSuccessHandler.java       |  149 ++-
 .../logout/ForwardLogoutSuccessHandler.java   |    7 +-
 .../logout/HeaderWriterLogoutHandler.java     |    7 +-
 ...tpStatusReturningLogoutSuccessHandler.java |    5 +-
 .../authentication/logout/LogoutFilter.java   |   17 +-
 .../authentication/logout/LogoutHandler.java  |    6 +-
 .../logout/LogoutSuccessHandler.java          |    4 +-
 .../logout/SecurityContextLogoutHandler.java  |    9 +-
 .../logout/SimpleUrlLogoutSuccessHandler.java |    8 +-
 .../authentication/logout/package-info.java   |    1 -
 .../web/authentication/package-info.java      |    1 -
 ...tractPreAuthenticatedProcessingFilter.java |   64 +-
 ...reAuthenticatedAuthenticationProvider.java |   27 +-
 .../PreAuthenticatedAuthenticationToken.java  |    3 +-
 ...enticatedCredentialsNotFoundException.java |    2 +-
 ...dGrantedAuthoritiesUserDetailsService.java |   17 +-
 ...edAuthoritiesWebAuthenticationDetails.java |    9 +-
 .../RequestAttributeAuthenticationFilter.java |   21 +-
 .../RequestHeaderAuthenticationFilter.java    |   20 +-
 ...ticatedWebAuthenticationDetailsSource.java |   29 +-
 .../J2eePreAuthenticatedProcessingFilter.java |    7 +-
 .../WebXmlMappableAttributesRetriever.java    |   18 +-
 .../preauth/j2ee/package-info.java            |    6 +-
 .../authentication/preauth/package-info.java  |    5 +-
 .../DefaultWASUsernameAndGroupsExtractor.java |   75 +-
 .../WASUsernameAndGroupsExtractor.java        |    1 +
 ...pherePreAuthenticatedProcessingFilter.java |    5 +-
 ...ticatedWebAuthenticationDetailsSource.java |   17 +-
 .../preauth/websphere/package-info.java       |    1 -
 .../x509/SubjectDnX509PrincipalExtractor.java |   17 +-
 .../x509/X509AuthenticationFilter.java        |    5 +-
 .../preauth/x509/X509PrincipalExtractor.java  |    1 +
 .../preauth/x509/package-info.java            |    6 +-
 .../AbstractRememberMeServices.java           |   94 +-
 .../rememberme/CookieTheftException.java      |    2 +
 .../InMemoryTokenRepositoryImpl.java          |    9 +-
 .../rememberme/InvalidCookieException.java    |    2 +
 .../rememberme/JdbcTokenRepositoryImpl.java   |   31 +-
 .../rememberme/PersistentRememberMeToken.java |    8 +-
 ...ersistentTokenBasedRememberMeServices.java |   71 +-
 .../rememberme/PersistentTokenRepository.java |    1 -
 .../RememberMeAuthenticationException.java    |    3 +-
 .../RememberMeAuthenticationFilter.java       |   45 +-
 .../TokenBasedRememberMeServices.java         |   47 +-
 .../rememberme/package-info.java              |    5 +-
 ...ractSessionFixationProtectionStrategy.java |   33 +-
 ...ChangeSessionIdAuthenticationStrategy.java |    4 +-
 ...ompositeSessionAuthenticationStrategy.java |   20 +-
 ...tSessionControlAuthenticationStrategy.java |   45 +-
 .../NullAuthenticatedSessionStrategy.java     |    9 +-
 ...RegisterSessionAuthenticationStrategy.java |   13 +-
 .../SessionAuthenticationStrategy.java        |    5 +-
 .../SessionFixationProtectionEvent.java       |    8 +-
 .../SessionFixationProtectionStrategy.java    |   10 +-
 .../authentication/session/package-info.java  |    4 +-
 .../AuthenticationSwitchUserEvent.java        |    6 +-
 .../SwitchUserAuthorityChanger.java           |    8 +-
 .../switchuser/SwitchUserFilter.java          |  113 +-
 .../SwitchUserGrantedAuthority.java           |    4 +-
 .../switchuser/package-info.java              |    1 -
 .../ui/DefaultLoginPageGeneratingFilter.java  |  140 +--
 .../ui/DefaultLogoutPageGeneratingFilter.java |   41 +-
 .../web/authentication/ui/package-info.java   |    6 +-
 .../www/BasicAuthenticationConverter.java     |   13 +-
 .../www/BasicAuthenticationEntryPoint.java    |    4 +-
 .../www/BasicAuthenticationFilter.java        |   43 +-
 .../authentication/www/DigestAuthUtils.java   |   26 +-
 .../www/DigestAuthenticationEntryPoint.java   |   21 +-
 .../www/DigestAuthenticationFilter.java       |  168 ++-
 .../www/NonceExpiredException.java            |    4 +-
 .../web/authentication/www/package-info.java  |    4 +-
 .../annotation/AuthenticationPrincipal.java   |    6 +-
 ...thenticationPrincipalArgumentResolver.java |   33 +-
 ...ractSecurityWebApplicationInitializer.java |   45 +-
 .../context/HttpRequestResponseHolder.java    |    6 +-
 .../HttpSessionSecurityContextRepository.java |   93 +-
 .../NullSecurityContextRepository.java        |    3 +-
 ...ContextOnUpdateOrErrorResponseWrapper.java |    9 +-
 .../SecurityContextPersistenceFilter.java     |   10 +-
 .../context/SecurityContextRepository.java    |    9 +-
 .../security/web/context/package-info.java    |    4 +-
 ...yContextCallableProcessingInterceptor.java |    8 +-
 .../WebAsyncManagerIntegrationFilter.java     |    5 +-
 .../SecurityWebApplicationContextUtils.java   |   25 +-
 .../web/csrf/CookieCsrfTokenRepository.java   |   51 +-
 .../web/csrf/CsrfAuthenticationStrategy.java  |    6 +-
 .../security/web/csrf/CsrfException.java      |    1 +
 .../security/web/csrf/CsrfFilter.java         |   35 +-
 .../security/web/csrf/CsrfLogoutHandler.java  |    5 +-
 .../security/web/csrf/CsrfToken.java          |    2 -
 .../web/csrf/CsrfTokenRepository.java         |    8 +-
 .../security/web/csrf/DefaultCsrfToken.java   |    1 +
 .../csrf/HttpSessionCsrfTokenRepository.java  |   16 +-
 .../web/csrf/InvalidCsrfTokenException.java   |   11 +-
 .../web/csrf/LazyCsrfTokenRepository.java     |   22 +-
 .../web/csrf/MissingCsrfTokenException.java   |    1 +
 .../security/web/debug/DebugFilter.java       |   29 +-
 .../security/web/debug/Logger.java            |    2 +
 .../web/firewall/DefaultHttpFirewall.java     |   56 +-
 .../DefaultRequestRejectedHandler.java        |    5 +-
 .../web/firewall/FirewalledRequest.java       |    3 +-
 .../web/firewall/FirewalledResponse.java      |    6 +-
 .../security/web/firewall/HttpFirewall.java   |    6 +-
 .../HttpStatusRequestRejectedHandler.java     |    5 +-
 .../firewall/RequestRejectedException.java    |    2 +
 .../web/firewall/RequestRejectedHandler.java  |    7 +-
 .../security/web/firewall/RequestWrapper.java |   22 +-
 .../web/firewall/StrictHttpFirewall.java      |  310 +++--
 .../security/web/header/Header.java           |    3 +-
 .../security/web/header/HeaderWriter.java     |    3 +-
 .../web/header/HeaderWriterFilter.java        |   35 +-
 .../writers/CacheControlHeadersWriter.java    |   11 +-
 .../writers/ClearSiteDataHeaderWriter.java    |   40 +-
 .../header/writers/CompositeHeaderWriter.java |    4 +-
 .../ContentSecurityPolicyHeaderWriter.java    |   55 +-
 .../DelegatingRequestMatcherHeaderWriter.java |   10 +-
 .../writers/FeaturePolicyHeaderWriter.java    |    2 -
 .../web/header/writers/HpkpHeaderWriter.java  |  132 ++-
 .../web/header/writers/HstsHeaderWriter.java  |   47 +-
 .../writers/ReferrerPolicyHeaderWriter.java   |   29 +-
 .../header/writers/StaticHeadersWriter.java   |    1 +
 .../XContentTypeOptionsHeaderWriter.java      |    1 +
 .../writers/XXssProtectionHeaderWriter.java   |    7 +-
 ...ractRequestParameterAllowFromStrategy.java |    9 +-
 .../frameoptions/AllowFromStrategy.java       |    8 +-
 .../frameoptions/RegExpAllowFromStrategy.java |   11 +-
 .../frameoptions/StaticAllowFromStrategy.java |    7 +-
 .../WhiteListedAllowFromStrategy.java         |   10 +-
 .../XFrameOptionsHeaderWriter.java            |   25 +-
 .../security/web/http/SecurityHeaders.java    |    7 +-
 .../web/jaasapi/JaasApiIntegrationFilter.java |   16 +-
 .../security/web/jaasapi/package-info.java    |    3 +-
 .../web/jackson2/CookieDeserializer.java      |   10 +-
 .../security/web/jackson2/CookieMixin.java    |    1 +
 .../web/jackson2/DefaultCsrfTokenMixin.java   |   12 +-
 .../jackson2/DefaultSavedRequestMixin.java    |    7 +-
 ...icatedAuthenticationTokenDeserializer.java |   30 +-
 ...AuthenticatedAuthenticationTokenMixin.java |   13 +-
 .../web/jackson2/SavedCookieMixin.java        |   15 +-
 .../WebAuthenticationDetailsMixin.java        |    6 +-
 .../web/jackson2/WebJackson2Module.java       |   17 +-
 .../jackson2/WebServletJackson2Module.java    |   15 +-
 ...thenticationPrincipalArgumentResolver.java |   28 +-
 .../annotation/CsrfTokenArgumentResolver.java |   20 +-
 ...urrentSecurityContextArgumentResolver.java |   36 +-
 .../security/web/package-info.java            |    4 +-
 ...thenticationPrincipalArgumentResolver.java |   26 +-
 ...urrentSecurityContextArgumentResolver.java |   20 +-
 .../view/CsrfRequestDataValueProcessor.java   |   14 +-
 .../web/savedrequest/CookieRequestCache.java  |   33 +-
 .../web/savedrequest/DefaultSavedRequest.java |   64 +-
 .../security/web/savedrequest/Enumerator.java |   11 +-
 .../web/savedrequest/FastHttpDateFormat.java  |   13 +-
 .../savedrequest/HttpSessionRequestCache.java |   25 +-
 .../web/savedrequest/NullRequestCache.java    |    6 +-
 .../web/savedrequest/RequestCache.java        |    7 +-
 .../savedrequest/RequestCacheAwareFilter.java |   11 +-
 .../web/savedrequest/SavedCookie.java         |   18 +-
 .../web/savedrequest/SavedRequest.java        |    1 +
 .../SavedRequestAwareWrapper.java             |    3 +
 .../web/savedrequest/SimpleSavedRequest.java  |    6 +-
 .../web/savedrequest/package-info.java        |   10 +-
 .../server/DefaultServerRedirectStrategy.java |    7 +-
 ...egatingServerAuthenticationEntryPoint.java |   51 +-
 .../server/MatcherSecurityWebFilterChain.java |   10 +-
 .../web/server/SecurityWebFilterChain.java    |   10 +-
 .../ServerAuthenticationEntryPoint.java       |    5 +-
 ...erverFormLoginAuthenticationConverter.java |   13 +-
 ...erverHttpBasicAuthenticationConverter.java |   17 +-
 .../web/server/ServerRedirectStrategy.java    |    4 +-
 .../web/server/WebFilterChainProxy.java       |   15 +-
 .../web/server/WebFilterExchange.java         |    8 +-
 .../AnonymousAuthenticationWebFilter.java     |   48 +-
 ...tionConverterServerWebExchangeMatcher.java |   12 +-
 .../AuthenticationWebFilter.java              |  129 ++-
 ...ingServerAuthenticationSuccessHandler.java |   11 +-
 ...tpBasicServerAuthenticationEntryPoint.java |    7 +-
 .../HttpStatusServerEntryPoint.java           |    2 +
 ...PreAuthenticatedAuthenticationManager.java |   31 +-
 ...edirectServerAuthenticationEntryPoint.java |    7 +-
 ...ectServerAuthenticationFailureHandler.java |    8 +-
 ...ectServerAuthenticationSuccessHandler.java |   24 +-
 .../ServerAuthenticationConverter.java        |   10 +-
 ...uthenticationEntryPointFailureHandler.java |   18 +-
 .../ServerAuthenticationFailureHandler.java   |    2 +
 .../ServerAuthenticationSuccessHandler.java   |    6 +-
 ...erverFormLoginAuthenticationConverter.java |    1 +
 ...erverHttpBasicAuthenticationConverter.java |    5 +-
 .../ServerX509AuthenticationConverter.java    |    9 +-
 .../authentication/SwitchUserWebFilter.java   |  144 ++-
 ...ainServerAuthenticationSuccessHandler.java |    8 +-
 .../logout/DelegatingServerLogoutHandler.java |    7 +-
 .../HeaderWriterServerLogoutHandler.java      |   14 +-
 ...usReturningServerLogoutSuccessHandler.java |   20 +-
 .../logout/LogoutWebFilter.java               |   46 +-
 .../RedirectServerLogoutSuccessHandler.java   |    6 +-
 .../SecurityContextServerLogoutHandler.java   |   16 +-
 .../logout/ServerLogoutHandler.java           |    3 +
 .../logout/ServerLogoutSuccessHandler.java    |    5 +-
 .../authorization/AuthorizationContext.java   |    3 +
 .../authorization/AuthorizationWebFilter.java |   30 +-
 ...elegatingReactiveAuthorizationManager.java |   32 +-
 .../ExceptionTranslationWebFilter.java        |   24 +-
 .../HttpStatusServerAccessDeniedHandler.java  |   17 +-
 .../ServerAccessDeniedHandler.java            |    2 +-
 ...geDelegatingServerAccessDeniedHandler.java |   50 +-
 .../NoOpServerSecurityContextRepository.java  |   12 +-
 .../context/ReactorContextWebFilter.java      |   14 +-
 .../SecurityContextServerWebExchange.java     |    6 +-
 ...rityContextServerWebExchangeWebFilter.java |    4 +-
 .../ServerSecurityContextRepository.java      |    2 +
 ...essionServerSecurityContextRepository.java |   55 +-
 .../csrf/CookieServerCsrfTokenRepository.java |   23 +-
 .../web/server/csrf/CsrfException.java        |    1 +
 .../server/csrf/CsrfServerLogoutHandler.java  |    8 +-
 .../security/web/server/csrf/CsrfToken.java   |    1 -
 .../web/server/csrf/CsrfWebFilter.java        |   82 +-
 .../web/server/csrf/DefaultCsrfToken.java     |    1 +
 .../csrf/ServerCsrfTokenRepository.java       |    5 +-
 .../WebSessionServerCsrfTokenRepository.java  |   29 +-
 .../CacheControlServerHttpHeadersWriter.java  |    8 +-
 .../ClearSiteDataServerHttpHeadersWriter.java |   43 +-
 .../CompositeServerHttpHeadersWriter.java     |    8 +-
 ...SecurityPolicyServerHttpHeadersWriter.java |    6 +-
 ...entTypeOptionsServerHttpHeadersWriter.java |   10 +-
 .../FeaturePolicyServerHttpHeadersWriter.java |    7 +-
 .../header/HttpHeaderWriterWebFilter.java     |    1 +
 ...ReferrerPolicyServerHttpHeadersWriter.java |    3 +-
 .../header/ServerHttpHeadersWriter.java       |    4 +-
 .../header/StaticServerHttpHeadersWriter.java |   14 +-
 ...nsportSecurityServerHttpHeadersWriter.java |   25 +-
 ...entTypeOptionsServerHttpHeadersWriter.java |   10 +-
 .../XFrameOptionsServerHttpHeadersWriter.java |   27 +-
 ...XXssProtectionServerHttpHeadersWriter.java |   21 +-
 .../jackson2/DefaultCsrfServerTokenMixin.java |   17 +-
 .../jackson2/WebServerJackson2Module.java     |   13 +-
 .../CookieServerRequestCache.java             |   45 +-
 .../savedrequest/NoOpServerRequestCache.java  |   12 +-
 .../savedrequest/ServerRequestCache.java      |    5 +-
 .../ServerRequestCacheWebFilter.java          |    8 +-
 .../WebSessionServerRequestCache.java         |   58 +-
 .../transport/HttpsRedirectWebFilter.java     |   26 +-
 .../ui/LoginPageGeneratingWebFilter.java      |   64 +-
 .../ui/LogoutPageGeneratingWebFilter.java     |   62 +-
 .../matcher/AndServerWebExchangeMatcher.java  |   42 +-
 .../MediaTypeServerWebExchangeMatcher.java    |   27 +-
 .../NegatedServerWebExchangeMatcher.java      |   32 +-
 .../matcher/OrServerWebExchangeMatcher.java   |   41 +-
 ...PatternParserServerWebExchangeMatcher.java |   40 +-
 .../matcher/ServerWebExchangeMatcher.java     |    8 +-
 .../ServerWebExchangeMatcherEntry.java        |    4 +
 .../matcher/ServerWebExchangeMatchers.java    |    8 +-
 .../csrf/CsrfRequestDataValueProcessor.java   |    8 +-
 .../util/matcher/MvcRequestMatcher.java       |   16 +-
 .../HttpServlet3RequestFactory.java           |   59 +-
 .../servletapi/HttpServletRequestFactory.java |    1 +
 ...curityContextHolderAwareRequestFilter.java |   12 +-
 ...urityContextHolderAwareRequestWrapper.java |   13 +-
 .../security/web/servletapi/package-info.java |    7 +-
 .../web/session/ConcurrentSessionFilter.java  |   57 +-
 .../web/session/HttpSessionCreatedEvent.java  |    2 +
 .../session/HttpSessionDestroyedEvent.java    |    2 +
 .../session/HttpSessionEventPublisher.java    |    5 +-
 .../session/HttpSessionIdChangedEvent.java    |    7 +-
 .../InvalidSessionAccessDeniedHandler.java    |    5 +-
 .../SessionInformationExpiredEvent.java       |    7 +-
 .../SessionInformationExpiredStrategy.java    |    4 +-
 .../web/session/SessionManagementFilter.java  |   36 +-
 .../SimpleRedirectInvalidSessionStrategy.java |   15 +-
 ...rectSessionInformationExpiredStrategy.java |   13 +-
 .../security/web/session/package-info.java    |    1 -
 .../web/util/OnCommittedResponseWrapper.java  |   10 +-
 .../security/web/util/RedirectUrlBuilder.java |    8 +
 .../security/web/util/TextEscapeUtils.java    |   10 +-
 .../security/web/util/ThrowableAnalyzer.java  |   31 +-
 .../web/util/ThrowableCauseExtractor.java     |    4 +-
 .../security/web/util/UrlUtils.java           |   23 +-
 .../web/util/matcher/AndRequestMatcher.java   |    7 +-
 .../util/matcher/AntPathRequestMatcher.java   |   60 +-
 .../web/util/matcher/AnyRequestMatcher.java   |    2 +
 .../web/util/matcher/ELRequestMatcher.java    |    3 +-
 .../web/util/matcher/IpAddressMatcher.java    |    7 +-
 .../util/matcher/MediaTypeRequestMatcher.java |   27 +-
 .../util/matcher/NegatedRequestMatcher.java   |    2 +
 .../web/util/matcher/OrRequestMatcher.java    |    8 +-
 .../web/util/matcher/RegexRequestMatcher.java |   17 +-
 .../matcher/RequestHeaderRequestMatcher.java  |   12 +-
 .../web/util/matcher/RequestMatcher.java      |   37 +-
 .../matcher/RequestVariablesExtractor.java    |    5 +-
 .../security/web/util/package-info.java       |    1 -
 .../security/MockFilterConfig.java            |    3 +-
 .../security/MockPortResolver.java            |    3 +
 .../reactive/server/WebTestClientBuilder.java |    5 +-
 .../web/reactive/server/WebTestHandler.java   |    8 +-
 .../web/DefaultRedirectStrategyTests.java     |   18 +-
 .../security/web/FilterChainProxyTests.java   |   79 +-
 .../security/web/FilterInvocationTests.java   |    9 +-
 .../security/web/PortMapperImplTests.java     |   19 +-
 .../security/web/PortResolverImplTests.java   |    1 +
 ...tWebInvocationPrivilegeEvaluatorTests.java |   35 +-
 .../DelegatingAccessDeniedHandlerTests.java   |   18 +-
 .../ExceptionTranslationFilterTests.java      |   69 +-
 ...herDelegatingAccessDeniedHandlerTests.java |    5 +
 .../ChannelDecisionManagerImplTests.java      |   29 +-
 .../channel/ChannelProcessingFilterTests.java |   56 +-
 .../InsecureChannelProcessorTests.java        |   17 +-
 .../channel/RetryWithHttpEntryPointTests.java |   21 +-
 .../RetryWithHttpsEntryPointTests.java        |   19 +-
 .../channel/SecureChannelProcessorTests.java  |   17 +-
 ...leEvaluationContextPostProcessorTests.java |   13 +-
 ...aultWebSecurityExpressionHandlerTests.java |   16 +-
 .../DelegatingEvaluationContextTests.java     |    3 +
 ...InvocationSecurityMetadataSourceTests.java |   10 +-
 .../expression/WebExpressionVoterTests.java   |   34 +-
 .../WebSecurityExpressionRootTests.java       |   10 +-
 ...InvocationSecurityMetadataSourceTests.java |   28 +-
 .../FilterSecurityInterceptorTests.java       |   31 +-
 .../web/access/intercept/RequestKeyTests.java |    5 +-
 ...ctAuthenticationProcessingFilterTests.java |   87 +-
 .../AnonymousAuthenticationFilterTests.java   |   28 +-
 .../AuthenticationFilterTests.java            |   41 +-
 ...DefaultLoginPageGeneratingFilterTests.java |   57 +-
 ...gAuthenticationEntryPointContextTests.java |   11 +-
 ...legatingAuthenticationEntryPointTests.java |    3 +
 ...pingAuthenticationFailureHandlerTests.java |   10 +-
 ...rwardAuthenticaionSuccessHandlerTests.java |  117 +-
 ...wardAuthenticationFailureHandlerTests.java |  120 +-
 .../HttpStatusEntryPointTests.java            |    4 +-
 ...LoginUrlAuthenticationEntryPointTests.java |   41 +-
 ...wareAuthenticationSuccessHandlerTests.java |    1 +
 ...eUrlAuthenticationFailureHandlerTests.java |   13 +-
 ...eUrlAuthenticationSuccessHandlerTests.java |   15 +-
 ...namePasswordAuthenticationFilterTests.java |   63 +-
 .../logout/CompositeLogoutHandlerTests.java   |   24 +-
 .../CookieClearingLogoutHandlerTests.java     |    6 +-
 .../DelegatingLogoutSuccessHandlerTests.java  |   29 +-
 .../HeaderWriterLogoutHandlerTests.java       |    5 +-
 .../logout/LogoutHandlerTests.java            |    2 +
 ...cessEventPublishingLogoutHandlerTests.java |    2 +
 .../SecurityContextLogoutHandlerTests.java    |   15 +-
 .../SimpleUrlLogoutSuccessHandlerTests.java   |    1 -
 ...PreAuthenticatedProcessingFilterTests.java |   96 +-
 .../Http403ForbiddenEntryPointTests.java      |    8 +-
 ...henticatedAuthenticationProviderTests.java |   34 +-
 ...AuthenticatedAuthenticationTokenTests.java |   17 +-
 ...tedAuthoritiesUserDetailsServiceTests.java |   18 +-
 ...horitiesWebAuthenticationDetailsTests.java |    6 +-
 ...estAttributeAuthenticationFilterTests.java |   22 +-
 ...equestHeaderAuthenticationFilterTests.java |   12 +-
 ...edWebAuthenticationDetailsSourceTests.java |   21 +-
 ...PreAuthenticatedProcessingFilterTests.java |   14 +-
 .../WebXmlJ2eeDefinedRolesRetrieverTests.java |    4 +-
 ...PreAuthenticatedProcessingFilterTests.java |   16 +-
 .../SubjectDnX509PrincipalExtractorTests.java |   11 +-
 .../preauth/x509/X509TestUtils.java           |    9 +-
 .../AbstractRememberMeServicesTests.java      |   74 +-
 .../JdbcTokenRepositoryImplTests.java         |   61 +-
 .../NullRememberMeServicesTests.java          |    2 +
 ...tentTokenBasedRememberMeServicesTests.java |   55 +-
 .../RememberMeAuthenticationFilterTests.java  |   43 +-
 .../TokenBasedRememberMeServicesTests.java    |   99 +-
 ...eSessionIdAuthenticationStrategyTests.java |    1 +
 ...iteSessionAuthenticationStrategyTests.java |   11 +-
 ...ionControlAuthenticationStrategyTests.java |   49 +-
 ...terSessionAuthenticationStrategyTests.java |    5 +-
 .../switchuser/SwitchUserFilterTests.java     |   75 +-
 .../SwitchUserGrantedAuthorityTests.java      |    8 +-
 ...efaultLogoutPageGeneratingFilterTests.java |   51 +-
 .../BasicAuthenticationConverterTests.java    |    1 +
 .../BasicAuthenticationEntryPointTests.java   |    4 +-
 .../www/BasicAuthenticationFilterTests.java   |   95 +-
 .../www/DigestAuthUtilsTests.java             |   36 +-
 .../DigestAuthenticationEntryPointTests.java  |   14 +-
 .../www/DigestAuthenticationFilterTests.java  |  246 ++--
 ...icationPrincipalArgumentResolverTests.java |   58 +-
 .../ConcurrentSessionFilterTests.java         |   64 +-
 ...ecurityWebApplicationInitializerTests.java |  161 ++-
 ...SessionSecurityContextRepositoryTests.java |  241 ++--
 ...xtOnUpdateOrErrorResponseWrapperTests.java |   16 +-
 ...SecurityContextPersistenceFilterTests.java |   26 +-
 ...extCallableProcessingInterceptorTests.java |    5 +-
 ...WebAsyncManagerIntegrationFilterTests.java |   49 +-
 .../csrf/CookieCsrfTokenRepositoryTests.java  |   61 +-
 .../csrf/CsrfAuthenticationStrategyTests.java |   63 +-
 .../security/web/csrf/CsrfFilterTests.java    |  161 +--
 .../web/csrf/CsrfLogoutHandlerTests.java      |    4 +-
 .../web/csrf/DefaultCsrfTokenTests.java       |    4 +
 .../HttpSessionCsrfTokenRepositoryTests.java  |    6 +-
 .../csrf/LazyCsrfTokenRepositoryTests.java    |    7 +-
 .../csrf/MissingCsrfTokenExceptionTests.java  |    1 -
 .../security/web/debug/DebugFilterTests.java  |   22 +-
 .../firewall/DefaultHttpFirewallTests.java    |   15 +-
 .../DefaultRequestRejectedHandlerTests.java   |    9 +-
 .../web/firewall/FirewalledResponseTests.java |    4 +
 ...HttpStatusRequestRejectedHandlerTests.java |   10 +-
 .../web/firewall/RequestWrapperTests.java     |    2 +
 .../web/firewall/StrictHttpFirewallTests.java |   30 +-
 .../web/header/HeaderWriterFilterTests.java   |   30 +-
 .../CacheControlHeadersWriterTests.java       |   15 +-
 .../ClearSiteDataHeaderWriterTests.java       |    9 +-
 .../writers/CompositeHeaderWriterTests.java   |    4 +-
 ...ontentSecurityPolicyHeaderWriterTests.java |   24 +-
 ...gatingRequestMatcherHeaderWriterTests.java |    2 +
 .../FeaturePolicyHeaderWriterTests.java       |   11 +-
 .../header/writers/HpkpHeaderWriterTests.java |   25 +-
 .../header/writers/HstsHeaderWriterTests.java |   27 +-
 .../ReferrerPolicyHeaderWriterTests.java      |    4 +
 .../writers/StaticHeaderWriterTests.java      |   26 +-
 .../XContentTypeOptionsHeaderWriterTests.java |    4 +-
 .../XXssProtectionHeaderWriterTests.java      |    1 +
 ...equestParameterAllowFromStrategyTests.java |   22 +-
 .../FrameOptionsHeaderWriterTests.java        |   11 +-
 .../RegExpAllowFromStrategyTests.java         |    8 +-
 .../StaticAllowFromStrategyTests.java         |    1 +
 .../XFrameOptionsHeaderWriterTests.java       |    7 +-
 .../JaasApiIntegrationFilterTests.java        |   35 +-
 .../web/jackson2/AbstractMixinTests.java      |    1 +
 .../web/jackson2/CookieMixinTests.java        |    1 +
 .../jackson2/DefaultCsrfTokenMixinTests.java  |    1 +
 .../DefaultSavedRequestMixinTests.java        |   16 +-
 ...nticatedAuthenticationTokenMixinTests.java |   14 +-
 .../web/jackson2/SavedCookieMixinTests.java   |    2 +
 .../WebAuthenticationDetailsMixinTests.java   |   10 +-
 .../security/web/method/ResolvableMethod.java |  145 ++-
 ...icationPrincipalArgumentResolverTests.java |   77 +-
 .../CsrfTokenArgumentResolverTests.java       |   17 +-
 ...tSecurityContextArgumentResolverTests.java |   94 +-
 ...icationPrincipalArgumentResolverTests.java |   56 +-
 ...tSecurityContextArgumentResolverTests.java |  152 ++-
 .../CsrfRequestDataValueProcessorTests.java   |   25 +-
 .../savedrequest/CookieRequestCacheTests.java |    6 +-
 .../DefaultSavedRequestTests.java             |   10 +-
 .../HttpSessionRequestCacheTests.java         |   34 +-
 .../RequestCacheAwareFilterTests.java         |   10 +-
 .../web/savedrequest/SavedCookieTests.java    |    2 +
 .../SavedRequestAwareWrapperTests.java        |   24 +-
 .../savedrequest/SimpleSavedRequestTests.java |    4 +-
 .../DefaultServerRedirectStrategyTests.java   |   10 +-
 ...ngServerAuthenticationEntryPointTests.java |   25 +-
 .../web/server/WebFilterChainProxyTests.java  |   12 +-
 .../web/server/WebFilterExchangeTests.java    |    7 +-
 ...AnonymousAuthenticationWebFilterTests.java |   19 +-
 ...onverterServerWebExchangeMatcherTests.java |   10 +-
 .../AuthenticationWebFilterTests.java         |  205 ++--
 ...rverAuthenticationSuccessHandlerTests.java |   35 +-
 ...icServerAuthenticationEntryPointTests.java |   21 +-
 .../HttpStatusServerEntryPointTests.java      |   11 +-
 ...thenticatedAuthenticationManagerTests.java |   17 +-
 ...ctServerAuthenticationEntryPointTests.java |   16 +-
 ...rverAuthenticationFailureHandlerTests.java |   19 +-
 ...rverAuthenticationSuccessHandlerTests.java |   21 +-
 ...ticationEntryPointFailureHandlerTests.java |    4 +
 ...FormLoginAuthenticationConverterTests.java |    2 +
 ...HttpBasicAuthenticationConverterTests.java |   23 +-
 ...erverX509AuthenticationConverterTests.java |    2 +
 .../SwitchUserWebFilterTests.java             |  234 ++--
 .../DelegatingServerLogoutHandlerTests.java   |   36 +-
 .../HeaderWriterServerLogoutHandlerTests.java |    1 +
 ...urningServerLogoutSuccessHandlerTests.java |    6 +-
 .../logout/LogoutWebFilterTests.java          |   32 +-
 .../AuthorizationWebFilterTests.java          |   69 +-
 ...tingReactiveAuthorizationManagerTests.java |   19 +-
 .../ExceptionTranslationWebFilterTests.java   |   38 +-
 ...pStatusServerAccessDeniedHandlerTests.java |    4 +
 ...egatingServerAccessDeniedHandlerTests.java |    5 +
 ...pServerSecurityContextRepositoryTests.java |    9 +-
 .../context/ReactorContextWebFilterTests.java |   23 +-
 ...ontextServerWebExchangeWebFilterTests.java |   53 +-
 ...nServerSecurityContextRepositoryTests.java |    4 +-
 .../CookieServerCsrfTokenRepositoryTests.java |   19 +-
 .../csrf/CsrfServerLogoutHandlerTests.java    |   13 +-
 .../web/server/csrf/CsrfWebFilterTests.java   |  151 +--
 ...SessionServerCsrfTokenRepositoryTests.java |   21 +-
 ...heControlServerHttpHeadersWriterTests.java |   15 +-
 ...rSiteDataServerHttpHeadersWriterTests.java |   33 +-
 ...CompositeServerHttpHeadersWriterTests.java |   38 +-
 ...ityPolicyServerHttpHeadersWriterTests.java |   20 +-
 ...urePolicyServerHttpHeadersWriterTests.java |    6 +-
 .../HttpHeaderWriterWebFilterTests.java       |    6 +-
 ...rerPolicyServerHttpHeadersWriterTests.java |    7 +-
 .../StaticServerHttpHeadersWriterTests.java   |   35 +-
 ...tSecurityServerHttpHeadersWriterTests.java |    2 +
 ...peOptionsServerHttpHeadersWriterTests.java |    8 +-
 ...meOptionsServerHttpHeadersWriterTests.java |    1 +
 ...rotectionServerHttpHeadersWriterTests.java |    1 +
 .../DefaultCsrfServerTokenMixinTests.java     |    1 +
 .../CookieServerRequestCacheTests.java        |   26 +-
 .../ServerRequestCacheWebFilterTests.java     |    2 +
 .../WebSessionServerRequestCacheTests.java    |   14 +-
 .../HttpsRedirectWebFilterTests.java          |   17 +-
 .../ui/LoginPageGeneratingWebFilterTests.java |    5 +-
 .../AndServerWebExchangeMatcherTests.java     |    3 +
 ...ediaTypeServerWebExchangeMatcherTests.java |    5 +-
 .../NegatedServerWebExchangeMatcherTests.java |    3 +
 .../OrServerWebExchangeMatcherTests.java      |    5 +-
 ...hMatcherServerWebExchangeMatcherTests.java |    6 +
 .../ServerWebExchangeMatchersTests.java       |   18 +-
 .../CsrfRequestDataValueProcessorTests.java   |   18 +-
 .../util/matcher/MvcRequestMatcherTests.java  |   55 +-
 ...yContextHolderAwareRequestFilterTests.java |  103 +-
 ...ContextHolderAwareRequestWrapperTests.java |   39 +-
 ...ultSessionAuthenticationStrategyTests.java |   47 +-
 .../HttpSessionDestroyedEventTests.java       |    2 +-
 .../HttpSessionEventPublisherTests.java       |   16 +-
 .../web/session/MockApplicationListener.java  |    4 +
 .../SessionInformationExpiredEventTests.java  |    6 +-
 .../session/SessionManagementFilterTests.java |   28 +-
 .../util/OnCommittedResponseWrapperTests.java |   18 +-
 .../web/util/TextEscapeUtilsTests.java        |    4 +-
 .../web/util/ThrowableAnalyzerTests.java      |   47 +-
 .../security/web/util/UrlUtilsTests.java      |    1 -
 .../util/matcher/AndRequestMatcherTests.java  |    5 +-
 .../matcher/AntPathRequestMatcherTests.java   |   40 +-
 .../util/matcher/ELRequestMatcherTests.java   |   13 +-
 .../util/matcher/IpAddressMatcherTests.java   |   15 +-
 ...diaTypeRequestMatcherRequestHCNSTests.java |   30 +-
 .../matcher/MediaTypeRequestMatcherTests.java |   64 +-
 .../matcher/NegatedRequestMatcherTests.java   |    3 +-
 .../util/matcher/OrRequestMatcherTests.java   |    5 +-
 .../matcher/RegexRequestMatcherTests.java     |    4 +-
 .../RequestHeaderRequestMatcherTests.java     |   21 +-
 2487 files changed, 41506 insertions(+), 46548 deletions(-)

diff --git a/acl/src/main/java/org/springframework/security/acls/AclEntryVoter.java b/acl/src/main/java/org/springframework/security/acls/AclEntryVoter.java
index 0d5ebcc4e4..80f38fd296 100644
--- a/acl/src/main/java/org/springframework/security/acls/AclEntryVoter.java
+++ b/acl/src/main/java/org/springframework/security/acls/AclEntryVoter.java
@@ -92,10 +92,10 @@ import org.springframework.util.StringUtils;
  * <p>
  * All comparisons and prefixes are case sensitive.
  *
- *
  * @author Ben Alex
  */
 public class AclEntryVoter extends AbstractAclVoter {
+
 	// ~ Static fields/initializers
 	// =====================================================================================
 
@@ -105,23 +105,26 @@ public class AclEntryVoter extends AbstractAclVoter {
 	// ================================================================================================
 
 	private AclService aclService;
+
 	private ObjectIdentityRetrievalStrategy objectIdentityRetrievalStrategy = new ObjectIdentityRetrievalStrategyImpl();
+
 	private SidRetrievalStrategy sidRetrievalStrategy = new SidRetrievalStrategyImpl();
+
 	private String internalMethod;
+
 	private String processConfigAttribute;
+
 	private List<Permission> requirePermission;
 
 	// ~ Constructors
 	// ===================================================================================================
 
-	public AclEntryVoter(AclService aclService, String processConfigAttribute,
-			Permission[] requirePermission) {
+	public AclEntryVoter(AclService aclService, String processConfigAttribute, Permission[] requirePermission) {
 		Assert.notNull(processConfigAttribute, "A processConfigAttribute is mandatory");
 		Assert.notNull(aclService, "An AclService is mandatory");
 
 		if ((requirePermission == null) || (requirePermission.length == 0)) {
-			throw new IllegalArgumentException(
-					"One or more requirePermission entries is mandatory");
+			throw new IllegalArgumentException("One or more requirePermission entries is mandatory");
 		}
 
 		this.aclService = aclService;
@@ -138,7 +141,6 @@ public class AclEntryVoter extends AbstractAclVoter {
 	 * evaluation. This is useful if a domain object contains a parent that an ACL
 	 * evaluation should be targeted for, instead of the child domain object (which
 	 * perhaps is being created and as such does not yet have any ACL permissions)
-	 *
 	 * @return <code>null</code> to use the domain object, or the name of a method (that
 	 * requires no arguments) that should be invoked to obtain an <code>Object</code>
 	 * which will be the domain object used for ACL evaluation
@@ -155,10 +157,8 @@ public class AclEntryVoter extends AbstractAclVoter {
 		return processConfigAttribute;
 	}
 
-	public void setObjectIdentityRetrievalStrategy(
-			ObjectIdentityRetrievalStrategy objectIdentityRetrievalStrategy) {
-		Assert.notNull(objectIdentityRetrievalStrategy,
-				"ObjectIdentityRetrievalStrategy required");
+	public void setObjectIdentityRetrievalStrategy(ObjectIdentityRetrievalStrategy objectIdentityRetrievalStrategy) {
+		Assert.notNull(objectIdentityRetrievalStrategy, "ObjectIdentityRetrievalStrategy required");
 		this.objectIdentityRetrievalStrategy = objectIdentityRetrievalStrategy;
 	}
 
@@ -168,12 +168,10 @@ public class AclEntryVoter extends AbstractAclVoter {
 	}
 
 	public boolean supports(ConfigAttribute attribute) {
-		return (attribute.getAttribute() != null)
-				&& attribute.getAttribute().equals(getProcessConfigAttribute());
+		return (attribute.getAttribute() != null) && attribute.getAttribute().equals(getProcessConfigAttribute());
 	}
 
-	public int vote(Authentication authentication, MethodInvocation object,
-			Collection<ConfigAttribute> attributes) {
+	public int vote(Authentication authentication, MethodInvocation object, Collection<ConfigAttribute> attributes) {
 
 		for (ConfigAttribute attr : attributes) {
 
@@ -201,30 +199,25 @@ public class AclEntryVoter extends AbstractAclVoter {
 					domainObject = method.invoke(domainObject);
 				}
 				catch (NoSuchMethodException nsme) {
-					throw new AuthorizationServiceException("Object of class '"
-							+ domainObject.getClass()
-							+ "' does not provide the requested internalMethod: "
-							+ internalMethod);
+					throw new AuthorizationServiceException("Object of class '" + domainObject.getClass()
+							+ "' does not provide the requested internalMethod: " + internalMethod);
 				}
 				catch (IllegalAccessException iae) {
 					logger.debug("IllegalAccessException", iae);
 
 					throw new AuthorizationServiceException(
-							"Problem invoking internalMethod: " + internalMethod
-									+ " for object: " + domainObject);
+							"Problem invoking internalMethod: " + internalMethod + " for object: " + domainObject);
 				}
 				catch (InvocationTargetException ite) {
 					logger.debug("InvocationTargetException", ite);
 
 					throw new AuthorizationServiceException(
-							"Problem invoking internalMethod: " + internalMethod
-									+ " for object: " + domainObject);
+							"Problem invoking internalMethod: " + internalMethod + " for object: " + domainObject);
 				}
 			}
 
 			// Obtain the OID applicable to the domain object
-			ObjectIdentity objectIdentity = objectIdentityRetrievalStrategy
-					.getObjectIdentity(domainObject);
+			ObjectIdentity objectIdentity = objectIdentityRetrievalStrategy.getObjectIdentity(domainObject);
 
 			// Obtain the SIDs applicable to the principal
 			List<Sid> sids = sidRetrievalStrategy.getSids(authentication);
@@ -253,7 +246,8 @@ public class AclEntryVoter extends AbstractAclVoter {
 				}
 				else {
 					if (logger.isDebugEnabled()) {
-						logger.debug("Voting to deny access - ACLs returned, but insufficient permissions for this principal");
+						logger.debug(
+								"Voting to deny access - ACLs returned, but insufficient permissions for this principal");
 					}
 
 					return ACCESS_DENIED;
@@ -271,4 +265,5 @@ public class AclEntryVoter extends AbstractAclVoter {
 		// No configuration attribute matched, so abstain
 		return ACCESS_ABSTAIN;
 	}
+
 }
diff --git a/acl/src/main/java/org/springframework/security/acls/AclPermissionCacheOptimizer.java b/acl/src/main/java/org/springframework/security/acls/AclPermissionCacheOptimizer.java
index de440a5115..1b87dea11a 100644
--- a/acl/src/main/java/org/springframework/security/acls/AclPermissionCacheOptimizer.java
+++ b/acl/src/main/java/org/springframework/security/acls/AclPermissionCacheOptimizer.java
@@ -38,9 +38,13 @@ import org.springframework.security.core.Authentication;
  * @since 3.1
  */
 public class AclPermissionCacheOptimizer implements PermissionCacheOptimizer {
+
 	private final Log logger = LogFactory.getLog(getClass());
+
 	private final AclService aclService;
+
 	private SidRetrievalStrategy sidRetrievalStrategy = new SidRetrievalStrategyImpl();
+
 	private ObjectIdentityRetrievalStrategy oidRetrievalStrategy = new ObjectIdentityRetrievalStrategyImpl();
 
 	public AclPermissionCacheOptimizer(AclService aclService) {
@@ -71,12 +75,12 @@ public class AclPermissionCacheOptimizer implements PermissionCacheOptimizer {
 		aclService.readAclsById(oidsToCache, sids);
 	}
 
-	public void setObjectIdentityRetrievalStrategy(
-			ObjectIdentityRetrievalStrategy objectIdentityRetrievalStrategy) {
+	public void setObjectIdentityRetrievalStrategy(ObjectIdentityRetrievalStrategy objectIdentityRetrievalStrategy) {
 		this.oidRetrievalStrategy = objectIdentityRetrievalStrategy;
 	}
 
 	public void setSidRetrievalStrategy(SidRetrievalStrategy sidRetrievalStrategy) {
 		this.sidRetrievalStrategy = sidRetrievalStrategy;
 	}
+
 }
diff --git a/acl/src/main/java/org/springframework/security/acls/AclPermissionEvaluator.java b/acl/src/main/java/org/springframework/security/acls/AclPermissionEvaluator.java
index b6d362a305..7cdfab8286 100644
--- a/acl/src/main/java/org/springframework/security/acls/AclPermissionEvaluator.java
+++ b/acl/src/main/java/org/springframework/security/acls/AclPermissionEvaluator.java
@@ -51,9 +51,13 @@ public class AclPermissionEvaluator implements PermissionEvaluator {
 	private final Log logger = LogFactory.getLog(getClass());
 
 	private final AclService aclService;
+
 	private ObjectIdentityRetrievalStrategy objectIdentityRetrievalStrategy = new ObjectIdentityRetrievalStrategyImpl();
+
 	private ObjectIdentityGenerator objectIdentityGenerator = new ObjectIdentityRetrievalStrategyImpl();
+
 	private SidRetrievalStrategy sidRetrievalStrategy = new SidRetrievalStrategyImpl();
+
 	private PermissionFactory permissionFactory = new DefaultPermissionFactory();
 
 	public AclPermissionEvaluator(AclService aclService) {
@@ -65,28 +69,24 @@ public class AclPermissionEvaluator implements PermissionEvaluator {
 	 * the ACL configuration. If the domain object is null, returns false (this can always
 	 * be overridden using a null check in the expression itself).
 	 */
-	public boolean hasPermission(Authentication authentication, Object domainObject,
-			Object permission) {
+	public boolean hasPermission(Authentication authentication, Object domainObject, Object permission) {
 		if (domainObject == null) {
 			return false;
 		}
 
-		ObjectIdentity objectIdentity = objectIdentityRetrievalStrategy
-				.getObjectIdentity(domainObject);
+		ObjectIdentity objectIdentity = objectIdentityRetrievalStrategy.getObjectIdentity(domainObject);
 
 		return checkPermission(authentication, objectIdentity, permission);
 	}
 
-	public boolean hasPermission(Authentication authentication, Serializable targetId,
-			String targetType, Object permission) {
-		ObjectIdentity objectIdentity = objectIdentityGenerator.createObjectIdentity(
-				targetId, targetType);
-
-		return checkPermission(authentication, objectIdentity, permission);
-	}
-
-	private boolean checkPermission(Authentication authentication, ObjectIdentity oid,
+	public boolean hasPermission(Authentication authentication, Serializable targetId, String targetType,
 			Object permission) {
+		ObjectIdentity objectIdentity = objectIdentityGenerator.createObjectIdentity(targetId, targetType);
+
+		return checkPermission(authentication, objectIdentity, permission);
+	}
+
+	private boolean checkPermission(Authentication authentication, ObjectIdentity oid, Object permission) {
 		// Obtain the SIDs applicable to the principal
 		List<Sid> sids = sidRetrievalStrategy.getSids(authentication);
 		List<Permission> requiredPermission = resolvePermission(permission);
@@ -94,8 +94,7 @@ public class AclPermissionEvaluator implements PermissionEvaluator {
 		final boolean debug = logger.isDebugEnabled();
 
 		if (debug) {
-			logger.debug("Checking permission '" + permission + "' for object '" + oid
-					+ "'");
+			logger.debug("Checking permission '" + permission + "' for object '" + oid + "'");
 		}
 
 		try {
@@ -157,8 +156,7 @@ public class AclPermissionEvaluator implements PermissionEvaluator {
 		throw new IllegalArgumentException("Unsupported permission: " + permission);
 	}
 
-	public void setObjectIdentityRetrievalStrategy(
-			ObjectIdentityRetrievalStrategy objectIdentityRetrievalStrategy) {
+	public void setObjectIdentityRetrievalStrategy(ObjectIdentityRetrievalStrategy objectIdentityRetrievalStrategy) {
 		this.objectIdentityRetrievalStrategy = objectIdentityRetrievalStrategy;
 	}
 
@@ -173,4 +171,5 @@ public class AclPermissionEvaluator implements PermissionEvaluator {
 	public void setPermissionFactory(PermissionFactory permissionFactory) {
 		this.permissionFactory = permissionFactory;
 	}
+
 }
diff --git a/acl/src/main/java/org/springframework/security/acls/afterinvocation/AbstractAclProvider.java b/acl/src/main/java/org/springframework/security/acls/afterinvocation/AbstractAclProvider.java
index 4e7db49438..96956db09b 100644
--- a/acl/src/main/java/org/springframework/security/acls/afterinvocation/AbstractAclProvider.java
+++ b/acl/src/main/java/org/springframework/security/acls/afterinvocation/AbstractAclProvider.java
@@ -40,14 +40,20 @@ import org.springframework.util.Assert;
  * @author Ben Alex
  */
 public abstract class AbstractAclProvider implements AfterInvocationProvider {
+
 	// ~ Instance fields
 	// ================================================================================================
 
 	protected final AclService aclService;
+
 	protected Class<?> processDomainObjectClass = Object.class;
+
 	protected ObjectIdentityRetrievalStrategy objectIdentityRetrievalStrategy = new ObjectIdentityRetrievalStrategyImpl();
+
 	protected SidRetrievalStrategy sidRetrievalStrategy = new SidRetrievalStrategyImpl();
+
 	protected String processConfigAttribute;
+
 	protected final List<Permission> requirePermission;
 
 	// ~ Constructors
@@ -59,8 +65,7 @@ public abstract class AbstractAclProvider implements AfterInvocationProvider {
 		Assert.notNull(aclService, "An AclService is mandatory");
 
 		if (requirePermission == null || requirePermission.isEmpty()) {
-			throw new IllegalArgumentException(
-					"One or more requirePermission entries is mandatory");
+			throw new IllegalArgumentException("One or more requirePermission entries is mandatory");
 		}
 
 		this.aclService = aclService;
@@ -77,8 +82,7 @@ public abstract class AbstractAclProvider implements AfterInvocationProvider {
 
 	protected boolean hasPermission(Authentication authentication, Object domainObject) {
 		// Obtain the OID applicable to the domain object
-		ObjectIdentity objectIdentity = objectIdentityRetrievalStrategy
-				.getObjectIdentity(domainObject);
+		ObjectIdentity objectIdentity = objectIdentityRetrievalStrategy.getObjectIdentity(domainObject);
 
 		// Obtain the SIDs applicable to the principal
 		List<Sid> sids = sidRetrievalStrategy.getSids(authentication);
@@ -94,10 +98,8 @@ public abstract class AbstractAclProvider implements AfterInvocationProvider {
 		}
 	}
 
-	public void setObjectIdentityRetrievalStrategy(
-			ObjectIdentityRetrievalStrategy objectIdentityRetrievalStrategy) {
-		Assert.notNull(objectIdentityRetrievalStrategy,
-				"ObjectIdentityRetrievalStrategy required");
+	public void setObjectIdentityRetrievalStrategy(ObjectIdentityRetrievalStrategy objectIdentityRetrievalStrategy) {
+		Assert.notNull(objectIdentityRetrievalStrategy, "ObjectIdentityRetrievalStrategy required");
 		this.objectIdentityRetrievalStrategy = objectIdentityRetrievalStrategy;
 	}
 
@@ -107,8 +109,7 @@ public abstract class AbstractAclProvider implements AfterInvocationProvider {
 	}
 
 	public void setProcessDomainObjectClass(Class<?> processDomainObjectClass) {
-		Assert.notNull(processDomainObjectClass,
-				"processDomainObjectClass cannot be set to null");
+		Assert.notNull(processDomainObjectClass, "processDomainObjectClass cannot be set to null");
 		this.processDomainObjectClass = processDomainObjectClass;
 	}
 
@@ -124,12 +125,11 @@ public abstract class AbstractAclProvider implements AfterInvocationProvider {
 	/**
 	 * This implementation supports any type of class, because it does not query the
 	 * presented secure object.
-	 *
 	 * @param clazz the secure object
-	 *
 	 * @return always <code>true</code>
 	 */
 	public boolean supports(Class<?> clazz) {
 		return true;
 	}
+
 }
diff --git a/acl/src/main/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationCollectionFilteringProvider.java b/acl/src/main/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationCollectionFilteringProvider.java
index 2e7e2a35ed..bf73dc8c70 100644
--- a/acl/src/main/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationCollectionFilteringProvider.java
+++ b/acl/src/main/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationCollectionFilteringProvider.java
@@ -60,13 +60,12 @@ import org.springframework.security.core.Authentication;
  * @author Ben Alex
  * @author Paulo Neves
  */
-public class AclEntryAfterInvocationCollectionFilteringProvider extends
-		AbstractAclProvider {
+public class AclEntryAfterInvocationCollectionFilteringProvider extends AbstractAclProvider {
+
 	// ~ Static fields/initializers
 	// =====================================================================================
 
-	protected static final Log logger = LogFactory
-			.getLog(AclEntryAfterInvocationCollectionFilteringProvider.class);
+	protected static final Log logger = LogFactory.getLog(AclEntryAfterInvocationCollectionFilteringProvider.class);
 
 	// ~ Constructors
 	// ===================================================================================================
@@ -80,9 +79,8 @@ public class AclEntryAfterInvocationCollectionFilteringProvider extends
 	// ========================================================================================================
 
 	@SuppressWarnings("unchecked")
-	public Object decide(Authentication authentication, Object object,
-			Collection<ConfigAttribute> config, Object returnedObject)
-			throws AccessDeniedException {
+	public Object decide(Authentication authentication, Object object, Collection<ConfigAttribute> config,
+			Object returnedObject) throws AccessDeniedException {
 
 		if (returnedObject == null) {
 			logger.debug("Return object is null, skipping");
@@ -105,19 +103,15 @@ public class AclEntryAfterInvocationCollectionFilteringProvider extends
 				filterer = new ArrayFilterer((Object[]) returnedObject);
 			}
 			else {
-				throw new AuthorizationServiceException(
-						"A Collection or an array (or null) was required as the "
-								+ "returnedObject, but the returnedObject was: "
-								+ returnedObject);
+				throw new AuthorizationServiceException("A Collection or an array (or null) was required as the "
+						+ "returnedObject, but the returnedObject was: " + returnedObject);
 			}
 
 			// Locate unauthorised Collection elements
 			for (Object domainObject : filterer) {
 				// Ignore nulls or entries which aren't instances of the configured domain
 				// object class
-				if (domainObject == null
-						|| !getProcessDomainObjectClass().isAssignableFrom(
-								domainObject.getClass())) {
+				if (domainObject == null || !getProcessDomainObjectClass().isAssignableFrom(domainObject.getClass())) {
 					continue;
 				}
 
@@ -125,8 +119,7 @@ public class AclEntryAfterInvocationCollectionFilteringProvider extends
 					filterer.remove(domainObject);
 
 					if (logger.isDebugEnabled()) {
-						logger.debug("Principal is NOT authorised for element: "
-								+ domainObject);
+						logger.debug("Principal is NOT authorised for element: " + domainObject);
 					}
 				}
 			}
@@ -136,4 +129,5 @@ public class AclEntryAfterInvocationCollectionFilteringProvider extends
 
 		return returnedObject;
 	}
+
 }
diff --git a/acl/src/main/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationProvider.java b/acl/src/main/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationProvider.java
index 9a27f21572..f816868e6d 100644
--- a/acl/src/main/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationProvider.java
+++ b/acl/src/main/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationProvider.java
@@ -58,13 +58,12 @@ import org.springframework.security.core.SpringSecurityMessageSource;
  * <p>
  * All comparisons and prefixes are case sensitive.
  */
-public class AclEntryAfterInvocationProvider extends AbstractAclProvider implements
-		MessageSourceAware {
+public class AclEntryAfterInvocationProvider extends AbstractAclProvider implements MessageSourceAware {
+
 	// ~ Static fields/initializers
 	// =====================================================================================
 
-	protected static final Log logger = LogFactory
-			.getLog(AclEntryAfterInvocationProvider.class);
+	protected static final Log logger = LogFactory.getLog(AclEntryAfterInvocationProvider.class);
 
 	// ~ Instance fields
 	// ================================================================================================
@@ -74,22 +73,20 @@ public class AclEntryAfterInvocationProvider extends AbstractAclProvider impleme
 	// ~ Constructors
 	// ===================================================================================================
 
-	public AclEntryAfterInvocationProvider(AclService aclService,
-			List<Permission> requirePermission) {
+	public AclEntryAfterInvocationProvider(AclService aclService, List<Permission> requirePermission) {
 		this(aclService, "AFTER_ACL_READ", requirePermission);
 	}
 
-	public AclEntryAfterInvocationProvider(AclService aclService,
-			String processConfigAttribute, List<Permission> requirePermission) {
+	public AclEntryAfterInvocationProvider(AclService aclService, String processConfigAttribute,
+			List<Permission> requirePermission) {
 		super(aclService, processConfigAttribute, requirePermission);
 	}
 
 	// ~ Methods
 	// ========================================================================================================
 
-	public Object decide(Authentication authentication, Object object,
-			Collection<ConfigAttribute> config, Object returnedObject)
-			throws AccessDeniedException {
+	public Object decide(Authentication authentication, Object object, Collection<ConfigAttribute> config,
+			Object returnedObject) throws AccessDeniedException {
 
 		if (returnedObject == null) {
 			// AclManager interface contract prohibits nulls
@@ -117,9 +114,8 @@ public class AclEntryAfterInvocationProvider extends AbstractAclProvider impleme
 
 			logger.debug("Denying access");
 
-			throw new AccessDeniedException(messages.getMessage(
-					"AclEntryAfterInvocationProvider.noPermission", new Object[] {
-							authentication.getName(), returnedObject },
+			throw new AccessDeniedException(messages.getMessage("AclEntryAfterInvocationProvider.noPermission",
+					new Object[] { authentication.getName(), returnedObject },
 					"Authentication {0} has NO permissions to the domain object {1}"));
 		}
 
@@ -129,4 +125,5 @@ public class AclEntryAfterInvocationProvider extends AbstractAclProvider impleme
 	public void setMessageSource(MessageSource messageSource) {
 		this.messages = new MessageSourceAccessor(messageSource);
 	}
+
 }
diff --git a/acl/src/main/java/org/springframework/security/acls/afterinvocation/ArrayFilterer.java b/acl/src/main/java/org/springframework/security/acls/afterinvocation/ArrayFilterer.java
index 1ffc3c7049..ed7e8031a7 100644
--- a/acl/src/main/java/org/springframework/security/acls/afterinvocation/ArrayFilterer.java
+++ b/acl/src/main/java/org/springframework/security/acls/afterinvocation/ArrayFilterer.java
@@ -32,6 +32,7 @@ import org.apache.commons.logging.LogFactory;
  * @author Paulo Neves
  */
 class ArrayFilterer<T> implements Filterer<T> {
+
 	// ~ Static fields/initializers
 	// =====================================================================================
 
@@ -41,6 +42,7 @@ class ArrayFilterer<T> implements Filterer<T> {
 	// ================================================================================================
 
 	private final Set<T> removeList;
+
 	private final T[] list;
 
 	// ~ Constructors
@@ -67,8 +69,7 @@ class ArrayFilterer<T> implements Filterer<T> {
 		// Recreate an array of same type and filter the removed objects.
 		int originalSize = list.length;
 		int sizeOfResultingList = originalSize - removeList.size();
-		T[] filtered = (T[]) Array.newInstance(list.getClass().getComponentType(),
-				sizeOfResultingList);
+		T[] filtered = (T[]) Array.newInstance(list.getClass().getComponentType(), sizeOfResultingList);
 
 		for (int i = 0, j = 0; i < list.length; i++) {
 			T object = list[i];
@@ -80,8 +81,8 @@ class ArrayFilterer<T> implements Filterer<T> {
 		}
 
 		if (logger.isDebugEnabled()) {
-			logger.debug("Original array contained " + originalSize
-					+ " elements; now contains " + sizeOfResultingList + " elements");
+			logger.debug("Original array contained " + originalSize + " elements; now contains " + sizeOfResultingList
+					+ " elements");
 		}
 
 		return filtered;
@@ -119,4 +120,5 @@ class ArrayFilterer<T> implements Filterer<T> {
 	public void remove(T object) {
 		removeList.add(object);
 	}
+
 }
diff --git a/acl/src/main/java/org/springframework/security/acls/afterinvocation/CollectionFilterer.java b/acl/src/main/java/org/springframework/security/acls/afterinvocation/CollectionFilterer.java
index b937dd32d0..9d5fb816d7 100644
--- a/acl/src/main/java/org/springframework/security/acls/afterinvocation/CollectionFilterer.java
+++ b/acl/src/main/java/org/springframework/security/acls/afterinvocation/CollectionFilterer.java
@@ -31,6 +31,7 @@ import java.util.Set;
  * @author Paulo Neves
  */
 class CollectionFilterer<T> implements Filterer<T> {
+
 	// ~ Static fields/initializers
 	// =====================================================================================
 
@@ -77,8 +78,8 @@ class CollectionFilterer<T> implements Filterer<T> {
 		}
 
 		if (logger.isDebugEnabled()) {
-			logger.debug("Original collection contained " + originalSize
-					+ " elements; now contains " + collection.size() + " elements");
+			logger.debug("Original collection contained " + originalSize + " elements; now contains "
+					+ collection.size() + " elements");
 		}
 
 		return collection;
@@ -99,4 +100,5 @@ class CollectionFilterer<T> implements Filterer<T> {
 	public void remove(T object) {
 		removeList.add(object);
 	}
+
 }
diff --git a/acl/src/main/java/org/springframework/security/acls/afterinvocation/Filterer.java b/acl/src/main/java/org/springframework/security/acls/afterinvocation/Filterer.java
index 2f9b35b575..019e206731 100644
--- a/acl/src/main/java/org/springframework/security/acls/afterinvocation/Filterer.java
+++ b/acl/src/main/java/org/springframework/security/acls/afterinvocation/Filterer.java
@@ -25,27 +25,26 @@ import java.util.Iterator;
  * @author Paulo Neves
  */
 interface Filterer<T> extends Iterable<T> {
+
 	// ~ Methods
 	// ========================================================================================================
 
 	/**
 	 * Gets the filtered collection or array.
-	 *
 	 * @return the filtered collection or array
 	 */
 	Object getFilteredObject();
 
 	/**
 	 * Returns an iterator over the filtered collection or array.
-	 *
 	 * @return an Iterator
 	 */
 	Iterator<T> iterator();
 
 	/**
 	 * Removes the given object from the resulting list.
-	 *
 	 * @param object the object to be removed
 	 */
 	void remove(T object);
+
 }
diff --git a/acl/src/main/java/org/springframework/security/acls/afterinvocation/package-info.java b/acl/src/main/java/org/springframework/security/acls/afterinvocation/package-info.java
index ab6c3e4251..57897ef56f 100644
--- a/acl/src/main/java/org/springframework/security/acls/afterinvocation/package-info.java
+++ b/acl/src/main/java/org/springframework/security/acls/afterinvocation/package-info.java
@@ -14,8 +14,7 @@
  * limitations under the License.
  */
 /**
- * After-invocation providers for collection and array filtering. Consider using a {@code PostFilter} annotation in
- * preference.
+ * After-invocation providers for collection and array filtering. Consider using a
+ * {@code PostFilter} annotation in preference.
  */
 package org.springframework.security.acls.afterinvocation;
-
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/AbstractPermission.java b/acl/src/main/java/org/springframework/security/acls/domain/AbstractPermission.java
index ce679f4b49..9afd5a22c3 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/AbstractPermission.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/AbstractPermission.java
@@ -29,6 +29,7 @@ public abstract class AbstractPermission implements Permission {
 	// ================================================================================================
 
 	protected final char code;
+
 	protected int mask;
 
 	// ~ Constructors
@@ -36,7 +37,6 @@ public abstract class AbstractPermission implements Permission {
 	/**
 	 * Sets the permission mask and uses the '*' character to represent active bits when
 	 * represented as a bit pattern string.
-	 *
 	 * @param mask the integer bit mask for the permission
 	 */
 	protected AbstractPermission(int mask) {
@@ -46,7 +46,6 @@ public abstract class AbstractPermission implements Permission {
 
 	/**
 	 * Sets the permission mask and uses the specified character for active bits.
-	 *
 	 * @param mask the integer bit mask for the permission
 	 * @param code the character to print for each active bit in the mask (see
 	 * {@link Permission#getPattern()})
@@ -88,4 +87,5 @@ public abstract class AbstractPermission implements Permission {
 	public final int hashCode() {
 		return this.mask;
 	}
+
 }
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/AccessControlEntryImpl.java b/acl/src/main/java/org/springframework/security/acls/domain/AccessControlEntryImpl.java
index fb41f101d6..c6702efa94 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/AccessControlEntryImpl.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/AccessControlEntryImpl.java
@@ -30,25 +30,30 @@ import java.io.Serializable;
  *
  * @author Ben Alex
  */
-public class AccessControlEntryImpl implements AccessControlEntry,
-		AuditableAccessControlEntry {
+public class AccessControlEntryImpl implements AccessControlEntry, AuditableAccessControlEntry {
+
 	// ~ Instance fields
 	// ================================================================================================
 
 	private final Acl acl;
+
 	private Permission permission;
+
 	private final Serializable id;
+
 	private final Sid sid;
+
 	private boolean auditFailure = false;
+
 	private boolean auditSuccess = false;
+
 	private final boolean granting;
 
 	// ~ Constructors
 	// ===================================================================================================
 
-	public AccessControlEntryImpl(Serializable id, Acl acl, Sid sid,
-			Permission permission, boolean granting, boolean auditSuccess,
-			boolean auditFailure) {
+	public AccessControlEntryImpl(Serializable id, Acl acl, Sid sid, Permission permission, boolean granting,
+			boolean auditSuccess, boolean auditFailure) {
 		Assert.notNull(acl, "Acl required");
 		Assert.notNull(sid, "Sid required");
 		Assert.notNull(permission, "Permission required");
@@ -93,8 +98,7 @@ public class AccessControlEntryImpl implements AccessControlEntry,
 			}
 			else {
 				// Both this.acl.objectIdentity and rhs.acl.objectIdentity are non-null
-				if (!this.acl.getObjectIdentity()
-						.equals(rhs.getAcl().getObjectIdentity())) {
+				if (!this.acl.getObjectIdentity().equals(rhs.getAcl().getObjectIdentity())) {
 					return false;
 				}
 			}
@@ -118,10 +122,8 @@ public class AccessControlEntryImpl implements AccessControlEntry,
 			}
 		}
 
-		if ((this.auditFailure != rhs.isAuditFailure())
-				|| (this.auditSuccess != rhs.isAuditSuccess())
-				|| (this.granting != rhs.isGranting())
-				|| !this.permission.equals(rhs.getPermission())
+		if ((this.auditFailure != rhs.isAuditFailure()) || (this.auditSuccess != rhs.isAuditSuccess())
+				|| (this.granting != rhs.isGranting()) || !this.permission.equals(rhs.getPermission())
 				|| !this.sid.equals(rhs.getSid())) {
 			return false;
 		}
@@ -202,4 +204,5 @@ public class AccessControlEntryImpl implements AccessControlEntry,
 
 		return sb.toString();
 	}
+
 }
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/AclAuthorizationStrategy.java b/acl/src/main/java/org/springframework/security/acls/domain/AclAuthorizationStrategy.java
index 0ac6d86fd5..5c94ab46cc 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/AclAuthorizationStrategy.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/AclAuthorizationStrategy.java
@@ -25,15 +25,19 @@ import org.springframework.security.acls.model.Acl;
  * @author Ben Alex
  */
 public interface AclAuthorizationStrategy {
+
 	// ~ Static fields/initializers
 	// =====================================================================================
 
 	int CHANGE_OWNERSHIP = 0;
+
 	int CHANGE_AUDITING = 1;
+
 	int CHANGE_GENERAL = 2;
 
 	// ~ Methods
 	// ========================================================================================================
 
 	void securityCheck(Acl acl, int changeType);
+
 }
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/AclAuthorizationStrategyImpl.java b/acl/src/main/java/org/springframework/security/acls/domain/AclAuthorizationStrategyImpl.java
index 47693fc023..2ad9004121 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/AclAuthorizationStrategyImpl.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/AclAuthorizationStrategyImpl.java
@@ -45,12 +45,16 @@ import java.util.Set;
  * @author Ben Alex
  */
 public class AclAuthorizationStrategyImpl implements AclAuthorizationStrategy {
+
 	// ~ Instance fields
 	// ================================================================================================
 
 	private final GrantedAuthority gaGeneralChanges;
+
 	private final GrantedAuthority gaModifyAuditing;
+
 	private final GrantedAuthority gaTakeOwnership;
+
 	private SidRetrievalStrategy sidRetrievalStrategy = new SidRetrievalStrategyImpl();
 
 	// ~ Constructors
@@ -59,7 +63,6 @@ public class AclAuthorizationStrategyImpl implements AclAuthorizationStrategy {
 	/**
 	 * Constructor. The only mandatory parameter relates to the system-wide
 	 * {@link GrantedAuthority} instances that can be held to always permit ACL changes.
-	 *
 	 * @param auths the <code>GrantedAuthority</code>s that have special permissions
 	 * (index 0 is the authority needed to change ownership, index 1 is the authority
 	 * needed to modify auditing details, index 2 is the authority needed to change other
@@ -86,14 +89,11 @@ public class AclAuthorizationStrategyImpl implements AclAuthorizationStrategy {
 	public void securityCheck(Acl acl, int changeType) {
 		if ((SecurityContextHolder.getContext() == null)
 				|| (SecurityContextHolder.getContext().getAuthentication() == null)
-				|| !SecurityContextHolder.getContext().getAuthentication()
-						.isAuthenticated()) {
-			throw new AccessDeniedException(
-					"Authenticated principal required to operate with ACLs");
+				|| !SecurityContextHolder.getContext().getAuthentication().isAuthenticated()) {
+			throw new AccessDeniedException("Authenticated principal required to operate with ACLs");
 		}
 
-		Authentication authentication = SecurityContextHolder.getContext()
-				.getAuthentication();
+		Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
 
 		// Check if authorized by virtue of ACL ownership
 		Sid currentUser = createCurrentUser(authentication);
@@ -138,7 +138,6 @@ public class AclAuthorizationStrategyImpl implements AclAuthorizationStrategy {
 
 	/**
 	 * Creates a principal-like sid from the authentication information.
-	 *
 	 * @param authentication the authentication information that can provide principal and
 	 * thus the sid's id will be dependant on the value inside
 	 * @return a sid with the ID taken from the authentication information
@@ -151,4 +150,5 @@ public class AclAuthorizationStrategyImpl implements AclAuthorizationStrategy {
 		Assert.notNull(sidRetrievalStrategy, "SidRetrievalStrategy required");
 		this.sidRetrievalStrategy = sidRetrievalStrategy;
 	}
+
 }
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/AclFormattingUtils.java b/acl/src/main/java/org/springframework/security/acls/domain/AclFormattingUtils.java
index c9809204ae..aedb5b8e5e 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/AclFormattingUtils.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/AclFormattingUtils.java
@@ -70,9 +70,7 @@ public abstract class AclFormattingUtils {
 	 * bit being denoted by character '*'.
 	 * <p>
 	 * Inactive bits will be denoted by character {@link Permission#RESERVED_OFF}.
-	 *
 	 * @param i the integer bit mask to print the active bits for
-	 *
 	 * @return a 32-character representation of the bit mask
 	 */
 	public static String printBinary(int i) {
@@ -84,22 +82,17 @@ public abstract class AclFormattingUtils {
 	 * bit being denoted by the passed character.
 	 * <p>
 	 * Inactive bits will be denoted by character {@link Permission#RESERVED_OFF}.
-	 *
 	 * @param mask the integer bit mask to print the active bits for
 	 * @param code the character to print when an active bit is detected
-	 *
 	 * @return a 32-character representation of the bit mask
 	 */
 	public static String printBinary(int mask, char code) {
-		Assert.doesNotContain(Character.toString(code),
-				Character.toString(Permission.RESERVED_ON),
+		Assert.doesNotContain(Character.toString(code), Character.toString(Permission.RESERVED_ON),
 				() -> Permission.RESERVED_ON + " is a reserved character code");
-		Assert.doesNotContain(Character.toString(code),
-				Character.toString(Permission.RESERVED_OFF),
+		Assert.doesNotContain(Character.toString(code), Character.toString(Permission.RESERVED_OFF),
 				() -> Permission.RESERVED_OFF + " is a reserved character code");
 
-		return printBinary(mask, Permission.RESERVED_ON, Permission.RESERVED_OFF)
-				.replace(Permission.RESERVED_ON, code);
+		return printBinary(mask, Permission.RESERVED_ON, Permission.RESERVED_OFF).replace(Permission.RESERVED_ON, code);
 	}
 
 	private static String printBinary(int i, char on, char off) {
@@ -109,4 +102,5 @@ public abstract class AclFormattingUtils {
 
 		return temp2.replace('0', off).replace('1', on);
 	}
+
 }
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/AclImpl.java b/acl/src/main/java/org/springframework/security/acls/domain/AclImpl.java
index 472b33eaf4..c5860b233a 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/AclImpl.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/AclImpl.java
@@ -38,18 +38,27 @@ import org.springframework.util.Assert;
  * @author Ben Alex
  */
 public class AclImpl implements Acl, MutableAcl, AuditableAcl, OwnershipAcl {
+
 	// ~ Instance fields
 	// ================================================================================================
 
 	private Acl parentAcl;
+
 	private transient AclAuthorizationStrategy aclAuthorizationStrategy;
+
 	private transient PermissionGrantingStrategy permissionGrantingStrategy;
+
 	private final List<AccessControlEntry> aces = new ArrayList<>();
+
 	private ObjectIdentity objectIdentity;
+
 	private Serializable id;
+
 	private Sid owner; // OwnershipAcl
+
 	private List<Sid> loadedSids = null; // includes all SIDs the WHERE clause covered,
 											// even if there was no ACE for a SID
+
 	private boolean entriesInheriting = true;
 
 	// ~ Constructors
@@ -59,14 +68,13 @@ public class AclImpl implements Acl, MutableAcl, AuditableAcl, OwnershipAcl {
 	 * Minimal constructor, which should be used
 	 * {@link org.springframework.security.acls.model.MutableAclService#createAcl(ObjectIdentity)}
 	 * .
-	 *
 	 * @param objectIdentity the object identity this ACL relates to (required)
 	 * @param id the primary key assigned to this ACL (required)
 	 * @param aclAuthorizationStrategy authorization strategy (required)
 	 * @param auditLogger audit logger (required)
 	 */
-	public AclImpl(ObjectIdentity objectIdentity, Serializable id,
-			AclAuthorizationStrategy aclAuthorizationStrategy, AuditLogger auditLogger) {
+	public AclImpl(ObjectIdentity objectIdentity, Serializable id, AclAuthorizationStrategy aclAuthorizationStrategy,
+			AuditLogger auditLogger) {
 		Assert.notNull(objectIdentity, "Object Identity required");
 		Assert.notNull(id, "Id required");
 		Assert.notNull(aclAuthorizationStrategy, "AclAuthorizationStrategy required");
@@ -74,14 +82,12 @@ public class AclImpl implements Acl, MutableAcl, AuditableAcl, OwnershipAcl {
 		this.objectIdentity = objectIdentity;
 		this.id = id;
 		this.aclAuthorizationStrategy = aclAuthorizationStrategy;
-		this.permissionGrantingStrategy = new DefaultPermissionGrantingStrategy(
-				auditLogger);
+		this.permissionGrantingStrategy = new DefaultPermissionGrantingStrategy(auditLogger);
 	}
 
 	/**
 	 * Full constructor, which should be used by persistence tools that do not provide
 	 * field-level access features.
-	 *
 	 * @param objectIdentity the object identity this ACL relates to
 	 * @param id the primary key assigned to this ACL
 	 * @param aclAuthorizationStrategy authorization strategy
@@ -93,10 +99,9 @@ public class AclImpl implements Acl, MutableAcl, AuditableAcl, OwnershipAcl {
 	 * @param entriesInheriting if ACEs from the parent should inherit into this ACL
 	 * @param owner the owner (required)
 	 */
-	public AclImpl(ObjectIdentity objectIdentity, Serializable id,
-			AclAuthorizationStrategy aclAuthorizationStrategy,
-			PermissionGrantingStrategy grantingStrategy, Acl parentAcl,
-			List<Sid> loadedSids, boolean entriesInheriting, Sid owner) {
+	public AclImpl(ObjectIdentity objectIdentity, Serializable id, AclAuthorizationStrategy aclAuthorizationStrategy,
+			PermissionGrantingStrategy grantingStrategy, Acl parentAcl, List<Sid> loadedSids, boolean entriesInheriting,
+			Sid owner) {
 		Assert.notNull(objectIdentity, "Object Identity required");
 		Assert.notNull(id, "Id required");
 		Assert.notNull(aclAuthorizationStrategy, "AclAuthorizationStrategy required");
@@ -125,8 +130,7 @@ public class AclImpl implements Acl, MutableAcl, AuditableAcl, OwnershipAcl {
 
 	@Override
 	public void deleteAce(int aceIndex) throws NotFoundException {
-		aclAuthorizationStrategy.securityCheck(this,
-				AclAuthorizationStrategy.CHANGE_GENERAL);
+		aclAuthorizationStrategy.securityCheck(this, AclAuthorizationStrategy.CHANGE_GENERAL);
 		verifyAceIndexExists(aceIndex);
 
 		synchronized (aces) {
@@ -139,30 +143,26 @@ public class AclImpl implements Acl, MutableAcl, AuditableAcl, OwnershipAcl {
 			throw new NotFoundException("aceIndex must be greater than or equal to zero");
 		}
 		if (aceIndex >= this.aces.size()) {
-			throw new NotFoundException(
-					"aceIndex must refer to an index of the AccessControlEntry list. "
-							+ "List size is " + aces.size() + ", index was " + aceIndex);
+			throw new NotFoundException("aceIndex must refer to an index of the AccessControlEntry list. "
+					+ "List size is " + aces.size() + ", index was " + aceIndex);
 		}
 	}
 
 	@Override
-	public void insertAce(int atIndexLocation, Permission permission, Sid sid,
-			boolean granting) throws NotFoundException {
-		aclAuthorizationStrategy.securityCheck(this,
-				AclAuthorizationStrategy.CHANGE_GENERAL);
+	public void insertAce(int atIndexLocation, Permission permission, Sid sid, boolean granting)
+			throws NotFoundException {
+		aclAuthorizationStrategy.securityCheck(this, AclAuthorizationStrategy.CHANGE_GENERAL);
 		Assert.notNull(permission, "Permission required");
 		Assert.notNull(sid, "Sid required");
 		if (atIndexLocation < 0) {
-			throw new NotFoundException(
-					"atIndexLocation must be greater than or equal to zero");
+			throw new NotFoundException("atIndexLocation must be greater than or equal to zero");
 		}
 		if (atIndexLocation > this.aces.size()) {
 			throw new NotFoundException(
 					"atIndexLocation must be less than or equal to the size of the AccessControlEntry collection");
 		}
 
-		AccessControlEntryImpl ace = new AccessControlEntryImpl(null, this, sid,
-				permission, granting, false, false);
+		AccessControlEntryImpl ace = new AccessControlEntryImpl(null, this, sid, permission, granting, false, false);
 
 		synchronized (aces) {
 			this.aces.add(atIndexLocation, ace);
@@ -193,14 +193,13 @@ public class AclImpl implements Acl, MutableAcl, AuditableAcl, OwnershipAcl {
 
 	/**
 	 * Delegates to the {@link PermissionGrantingStrategy}.
-	 *
 	 * @throws UnloadedSidException if the passed SIDs are unknown to this ACL because the
 	 * ACL was only loaded for a subset of SIDs
 	 * @see DefaultPermissionGrantingStrategy
 	 */
 	@Override
-	public boolean isGranted(List<Permission> permission, List<Sid> sids,
-			boolean administrativeMode) throws NotFoundException, UnloadedSidException {
+	public boolean isGranted(List<Permission> permission, List<Sid> sids, boolean administrativeMode)
+			throws NotFoundException, UnloadedSidException {
 		Assert.notEmpty(permission, "Permissions required");
 		Assert.notEmpty(sids, "SIDs required");
 
@@ -208,8 +207,7 @@ public class AclImpl implements Acl, MutableAcl, AuditableAcl, OwnershipAcl {
 			throw new UnloadedSidException("ACL was not loaded for one or more SID");
 		}
 
-		return permissionGrantingStrategy.isGranted(this, permission, sids,
-				administrativeMode);
+		return permissionGrantingStrategy.isGranted(this, permission, sids, administrativeMode);
 	}
 
 	@Override
@@ -243,15 +241,13 @@ public class AclImpl implements Acl, MutableAcl, AuditableAcl, OwnershipAcl {
 
 	@Override
 	public void setEntriesInheriting(boolean entriesInheriting) {
-		aclAuthorizationStrategy.securityCheck(this,
-				AclAuthorizationStrategy.CHANGE_GENERAL);
+		aclAuthorizationStrategy.securityCheck(this, AclAuthorizationStrategy.CHANGE_GENERAL);
 		this.entriesInheriting = entriesInheriting;
 	}
 
 	@Override
 	public void setOwner(Sid newOwner) {
-		aclAuthorizationStrategy.securityCheck(this,
-				AclAuthorizationStrategy.CHANGE_OWNERSHIP);
+		aclAuthorizationStrategy.securityCheck(this, AclAuthorizationStrategy.CHANGE_OWNERSHIP);
 		Assert.notNull(newOwner, "Owner required");
 		this.owner = newOwner;
 	}
@@ -263,10 +259,8 @@ public class AclImpl implements Acl, MutableAcl, AuditableAcl, OwnershipAcl {
 
 	@Override
 	public void setParent(Acl newParent) {
-		aclAuthorizationStrategy.securityCheck(this,
-				AclAuthorizationStrategy.CHANGE_GENERAL);
-		Assert.isTrue(newParent == null || !newParent.equals(this),
-				"Cannot be the parent of yourself");
+		aclAuthorizationStrategy.securityCheck(this, AclAuthorizationStrategy.CHANGE_GENERAL);
+		Assert.isTrue(newParent == null || !newParent.equals(this), "Cannot be the parent of yourself");
 		this.parentAcl = newParent;
 	}
 
@@ -277,8 +271,7 @@ public class AclImpl implements Acl, MutableAcl, AuditableAcl, OwnershipAcl {
 
 	@Override
 	public void updateAce(int aceIndex, Permission permission) throws NotFoundException {
-		aclAuthorizationStrategy.securityCheck(this,
-				AclAuthorizationStrategy.CHANGE_GENERAL);
+		aclAuthorizationStrategy.securityCheck(this, AclAuthorizationStrategy.CHANGE_GENERAL);
 		verifyAceIndexExists(aceIndex);
 
 		synchronized (aces) {
@@ -289,8 +282,7 @@ public class AclImpl implements Acl, MutableAcl, AuditableAcl, OwnershipAcl {
 
 	@Override
 	public void updateAuditing(int aceIndex, boolean auditSuccess, boolean auditFailure) {
-		aclAuthorizationStrategy.securityCheck(this,
-				AclAuthorizationStrategy.CHANGE_AUDITING);
+		aclAuthorizationStrategy.securityCheck(this, AclAuthorizationStrategy.CHANGE_AUDITING);
 		verifyAceIndexExists(aceIndex);
 
 		synchronized (aces) {
@@ -306,26 +298,19 @@ public class AclImpl implements Acl, MutableAcl, AuditableAcl, OwnershipAcl {
 			AclImpl rhs = (AclImpl) obj;
 			if (this.aces.equals(rhs.aces)) {
 				if ((this.parentAcl == null && rhs.parentAcl == null)
-						|| (this.parentAcl != null && this.parentAcl
-								.equals(rhs.parentAcl))) {
+						|| (this.parentAcl != null && this.parentAcl.equals(rhs.parentAcl))) {
 					if ((this.objectIdentity == null && rhs.objectIdentity == null)
-							|| (this.objectIdentity != null && this.objectIdentity
-									.equals(rhs.objectIdentity))) {
-						if ((this.id == null && rhs.id == null)
-								|| (this.id != null && this.id.equals(rhs.id))) {
+							|| (this.objectIdentity != null && this.objectIdentity.equals(rhs.objectIdentity))) {
+						if ((this.id == null && rhs.id == null) || (this.id != null && this.id.equals(rhs.id))) {
 							if ((this.owner == null && rhs.owner == null)
-									|| (this.owner != null && this.owner
-											.equals(rhs.owner))) {
+									|| (this.owner != null && this.owner.equals(rhs.owner))) {
 								if (this.entriesInheriting == rhs.entriesInheriting) {
 									if ((this.loadedSids == null && rhs.loadedSids == null)) {
 										return true;
 									}
-									if (this.loadedSids != null
-											&& (this.loadedSids.size() == rhs.loadedSids
-													.size())) {
+									if (this.loadedSids != null && (this.loadedSids.size() == rhs.loadedSids.size())) {
 										for (int i = 0; i < this.loadedSids.size(); i++) {
-											if (!this.loadedSids.get(i).equals(
-													rhs.loadedSids.get(i))) {
+											if (!this.loadedSids.get(i).equals(rhs.loadedSids.get(i))) {
 												return false;
 											}
 										}
@@ -345,9 +330,8 @@ public class AclImpl implements Acl, MutableAcl, AuditableAcl, OwnershipAcl {
 	public int hashCode() {
 		int result = this.parentAcl != null ? this.parentAcl.hashCode() : 0;
 		result = 31 * result + this.aclAuthorizationStrategy.hashCode();
-		result = 31 * result + (this.permissionGrantingStrategy != null ?
-			this.permissionGrantingStrategy.hashCode() :
-			0);
+		result = 31 * result
+				+ (this.permissionGrantingStrategy != null ? this.permissionGrantingStrategy.hashCode() : 0);
 		result = 31 * result + (this.aces != null ? this.aces.hashCode() : 0);
 		result = 31 * result + this.objectIdentity.hashCode();
 		result = 31 * result + this.id.hashCode();
@@ -382,12 +366,9 @@ public class AclImpl implements Acl, MutableAcl, AuditableAcl, OwnershipAcl {
 		}
 
 		sb.append("inheriting: ").append(this.entriesInheriting).append("; ");
-		sb.append("parent: ").append(
-				(this.parentAcl == null) ? "Null" : this.parentAcl.getObjectIdentity()
-						.toString());
+		sb.append("parent: ").append((this.parentAcl == null) ? "Null" : this.parentAcl.getObjectIdentity().toString());
 		sb.append("; ");
-		sb.append("aclAuthorizationStrategy: ").append(this.aclAuthorizationStrategy)
-				.append("; ");
+		sb.append("aclAuthorizationStrategy: ").append(this.aclAuthorizationStrategy).append("; ");
 		sb.append("permissionGrantingStrategy: ").append(this.permissionGrantingStrategy);
 		sb.append("]");
 
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/AuditLogger.java b/acl/src/main/java/org/springframework/security/acls/domain/AuditLogger.java
index ff5bb69733..4c08537e07 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/AuditLogger.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/AuditLogger.java
@@ -24,8 +24,10 @@ import org.springframework.security.acls.model.AccessControlEntry;
  *
  */
 public interface AuditLogger {
+
 	// ~ Methods
 	// ========================================================================================================
 
 	void logIfNeeded(boolean granted, AccessControlEntry ace);
+
 }
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/BasePermission.java b/acl/src/main/java/org/springframework/security/acls/domain/BasePermission.java
index 02981215f8..c0bc3ce92b 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/BasePermission.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/BasePermission.java
@@ -28,10 +28,15 @@ import org.springframework.security.acls.model.Permission;
  * @author Ben Alex
  */
 public class BasePermission extends AbstractPermission {
+
 	public static final Permission READ = new BasePermission(1 << 0, 'R'); // 1
+
 	public static final Permission WRITE = new BasePermission(1 << 1, 'W'); // 2
+
 	public static final Permission CREATE = new BasePermission(1 << 2, 'C'); // 4
+
 	public static final Permission DELETE = new BasePermission(1 << 3, 'D'); // 8
+
 	public static final Permission ADMINISTRATION = new BasePermission(1 << 4, 'A'); // 16
 
 	protected BasePermission(int mask) {
@@ -41,4 +46,5 @@ public class BasePermission extends AbstractPermission {
 	protected BasePermission(int mask, char code) {
 		super(mask, code);
 	}
+
 }
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/ConsoleAuditLogger.java b/acl/src/main/java/org/springframework/security/acls/domain/ConsoleAuditLogger.java
index 1ceac22e15..f4eaaeb8da 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/ConsoleAuditLogger.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/ConsoleAuditLogger.java
@@ -26,6 +26,7 @@ import org.springframework.util.Assert;
  * @author Ben Alex
  */
 public class ConsoleAuditLogger implements AuditLogger {
+
 	// ~ Methods
 	// ========================================================================================================
 
@@ -43,4 +44,5 @@ public class ConsoleAuditLogger implements AuditLogger {
 			}
 		}
 	}
+
 }
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/CumulativePermission.java b/acl/src/main/java/org/springframework/security/acls/domain/CumulativePermission.java
index 49e2c55af4..c120868ea8 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/CumulativePermission.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/CumulativePermission.java
@@ -37,8 +37,7 @@ public class CumulativePermission extends AbstractPermission {
 
 	public CumulativePermission clear(Permission permission) {
 		this.mask &= ~permission.getMask();
-		this.pattern = AclFormattingUtils.demergePatterns(this.pattern,
-				permission.getPattern());
+		this.pattern = AclFormattingUtils.demergePatterns(this.pattern, permission.getPattern());
 
 		return this;
 	}
@@ -52,8 +51,7 @@ public class CumulativePermission extends AbstractPermission {
 
 	public CumulativePermission set(Permission permission) {
 		this.mask |= permission.getMask();
-		this.pattern = AclFormattingUtils.mergePatterns(this.pattern,
-				permission.getPattern());
+		this.pattern = AclFormattingUtils.mergePatterns(this.pattern, permission.getPattern());
 
 		return this;
 	}
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/DefaultPermissionFactory.java b/acl/src/main/java/org/springframework/security/acls/domain/DefaultPermissionFactory.java
index 8061a916b5..a830067997 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/DefaultPermissionFactory.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/DefaultPermissionFactory.java
@@ -38,7 +38,9 @@ import org.springframework.util.Assert;
  * @since 2.0.3
  */
 public class DefaultPermissionFactory implements PermissionFactory {
+
 	private final Map<Integer, Permission> registeredPermissionsByInteger = new HashMap<>();
+
 	private final Map<String, Permission> registeredPermissionsByName = new HashMap<>();
 
 	/**
@@ -57,7 +59,6 @@ public class DefaultPermissionFactory implements PermissionFactory {
 
 	/**
 	 * Registers a map of named <tt>Permission</tt> instances.
-	 *
 	 * @param namedPermissions the map of <tt>Permission</tt>s, keyed by name.
 	 */
 	public DefaultPermissionFactory(Map<String, ? extends Permission> namedPermissions) {
@@ -71,7 +72,6 @@ public class DefaultPermissionFactory implements PermissionFactory {
 	 * <p>
 	 * These permissions will be registered under the name of the field. See
 	 * {@link BasePermission} for an example.
-	 *
 	 * @param clazz a {@link Permission} class with public static fields to register
 	 */
 	protected void registerPublicPermissions(Class<? extends Permission> clazz) {
@@ -130,8 +130,8 @@ public class DefaultPermissionFactory implements PermissionFactory {
 				Permission p = registeredPermissionsByInteger.get(permissionToCheck);
 
 				if (p == null) {
-					throw new IllegalStateException("Mask '" + permissionToCheck
-							+ "' does not have a corresponding static Permission");
+					throw new IllegalStateException(
+							"Mask '" + permissionToCheck + "' does not have a corresponding static Permission");
 				}
 				permission.set(p);
 			}
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/DefaultPermissionGrantingStrategy.java b/acl/src/main/java/org/springframework/security/acls/domain/DefaultPermissionGrantingStrategy.java
index 3f54678873..18027573d5 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/DefaultPermissionGrantingStrategy.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/DefaultPermissionGrantingStrategy.java
@@ -61,20 +61,17 @@ public class DefaultPermissionGrantingStrategy implements PermissionGrantingStra
 	 * decide how to handle the permission check. Similarly, if any of the SID arguments
 	 * presented to the method were not loaded by the ACL,
 	 * <code>UnloadedSidException</code> will be thrown.
-	 *
 	 * @param permission the exact permissions to scan for (order is important)
 	 * @param sids the exact SIDs to scan for (order is important)
 	 * @param administrativeMode if <code>true</code> denotes the query is for
 	 * administrative purposes and no auditing will be undertaken
-	 *
 	 * @return <code>true</code> if one of the permissions has been granted,
 	 * <code>false</code> if one of the permissions has been specifically revoked
-	 *
 	 * @throws NotFoundException if an exact ACE for one of the permission bit masks and
 	 * SID combination could not be found
 	 */
-	public boolean isGranted(Acl acl, List<Permission> permission, List<Sid> sids,
-			boolean administrativeMode) throws NotFoundException {
+	public boolean isGranted(Acl acl, List<Permission> permission, List<Sid> sids, boolean administrativeMode)
+			throws NotFoundException {
 
 		final List<AccessControlEntry> aces = acl.getEntries();
 
@@ -87,8 +84,7 @@ public class DefaultPermissionGrantingStrategy implements PermissionGrantingStra
 
 				for (AccessControlEntry ace : aces) {
 
-					if (isGranted(ace, p)
-							&& ace.getSid().equals(sid)) {
+					if (isGranted(ace, p) && ace.getSid().equals(sid)) {
 						// Found a matching ACE, so its authorization decision will
 						// prevail
 						if (ace.isGranting()) {
@@ -137,24 +133,21 @@ public class DefaultPermissionGrantingStrategy implements PermissionGrantingStra
 		}
 		else {
 			// We either have no parent, or we're the uppermost parent
-			throw new NotFoundException(
-					"Unable to locate a matching ACE for passed permissions and SIDs");
+			throw new NotFoundException("Unable to locate a matching ACE for passed permissions and SIDs");
 		}
 	}
 
 	/**
-	 * Compares an ACE Permission to the given Permission.
-	 * By default, we compare the Permission masks for exact match.
-	 * Subclasses of this strategy can override this behavior and implement
-	 * more sophisticated comparisons, e.g. a bitwise comparison for ACEs that grant access.
-	 * <pre>{@code
+	 * Compares an ACE Permission to the given Permission. By default, we compare the
+	 * Permission masks for exact match. Subclasses of this strategy can override this
+	 * behavior and implement more sophisticated comparisons, e.g. a bitwise comparison
+	 * for ACEs that grant access. <pre>{@code
 	 * if (ace.isGranting() && p.getMask() != 0) {
 	 *    return (ace.getPermission().getMask() & p.getMask()) != 0;
 	 * } else {
 	 *    return ace.getPermission().getMask() == p.getMask();
 	 * }
 	 * }</pre>
-	 *
 	 * @param ace the ACE from the Acl holding the mask.
 	 * @param p the Permission we are checking against.
 	 * @return true, if the respective masks are considered to be equal.
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/EhCacheBasedAclCache.java b/acl/src/main/java/org/springframework/security/acls/domain/EhCacheBasedAclCache.java
index 6cf4658e35..2d5a3cb779 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/EhCacheBasedAclCache.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/EhCacheBasedAclCache.java
@@ -38,18 +38,20 @@ import org.springframework.util.Assert;
  * @author Ben Alex
  */
 public class EhCacheBasedAclCache implements AclCache {
+
 	// ~ Instance fields
 	// ================================================================================================
 
 	private final Ehcache cache;
+
 	private PermissionGrantingStrategy permissionGrantingStrategy;
+
 	private AclAuthorizationStrategy aclAuthorizationStrategy;
 
 	// ~ Constructors
 	// ===================================================================================================
 
-	public EhCacheBasedAclCache(Ehcache cache,
-			PermissionGrantingStrategy permissionGrantingStrategy,
+	public EhCacheBasedAclCache(Ehcache cache, PermissionGrantingStrategy permissionGrantingStrategy,
 			AclAuthorizationStrategy aclAuthorizationStrategy) {
 		Assert.notNull(cache, "Cache required");
 		Assert.notNull(permissionGrantingStrategy, "PermissionGrantingStrategy required");
@@ -144,10 +146,8 @@ public class EhCacheBasedAclCache implements AclCache {
 
 	private MutableAcl initializeTransientFields(MutableAcl value) {
 		if (value instanceof AclImpl) {
-			FieldUtils.setProtectedFieldValue("aclAuthorizationStrategy", value,
-					this.aclAuthorizationStrategy);
-			FieldUtils.setProtectedFieldValue("permissionGrantingStrategy", value,
-					this.permissionGrantingStrategy);
+			FieldUtils.setProtectedFieldValue("aclAuthorizationStrategy", value, this.aclAuthorizationStrategy);
+			FieldUtils.setProtectedFieldValue("permissionGrantingStrategy", value, this.permissionGrantingStrategy);
 		}
 
 		if (value.getParentAcl() != null) {
@@ -159,4 +159,5 @@ public class EhCacheBasedAclCache implements AclCache {
 	public void clearCache() {
 		cache.removeAll();
 	}
+
 }
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/GrantedAuthoritySid.java b/acl/src/main/java/org/springframework/security/acls/domain/GrantedAuthoritySid.java
index c8bf8ad20a..16155f03ee 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/GrantedAuthoritySid.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/GrantedAuthoritySid.java
@@ -31,6 +31,7 @@ import org.springframework.util.Assert;
  * @author Ben Alex
  */
 public class GrantedAuthoritySid implements Sid {
+
 	// ~ Instance fields
 	// ================================================================================================
 
@@ -46,8 +47,7 @@ public class GrantedAuthoritySid implements Sid {
 
 	public GrantedAuthoritySid(GrantedAuthority grantedAuthority) {
 		Assert.notNull(grantedAuthority, "GrantedAuthority required");
-		Assert.notNull(
-				grantedAuthority.getAuthority(),
+		Assert.notNull(grantedAuthority.getAuthority(),
 				"This Sid is only compatible with GrantedAuthoritys that provide a non-null getAuthority()");
 		this.grantedAuthority = grantedAuthority.getAuthority();
 	}
@@ -63,8 +63,7 @@ public class GrantedAuthoritySid implements Sid {
 
 		// Delegate to getGrantedAuthority() to perform actual comparison (both should be
 		// identical)
-		return ((GrantedAuthoritySid) object).getGrantedAuthority().equals(
-				this.getGrantedAuthority());
+		return ((GrantedAuthoritySid) object).getGrantedAuthority().equals(this.getGrantedAuthority());
 	}
 
 	@Override
@@ -80,4 +79,5 @@ public class GrantedAuthoritySid implements Sid {
 	public String toString() {
 		return "GrantedAuthoritySid[" + this.grantedAuthority + "]";
 	}
+
 }
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/IdentityUnavailableException.java b/acl/src/main/java/org/springframework/security/acls/domain/IdentityUnavailableException.java
index 5157646e1e..9b1f2dc933 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/IdentityUnavailableException.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/IdentityUnavailableException.java
@@ -21,12 +21,12 @@ package org.springframework.security.acls.domain;
  * @author Ben Alex
  */
 public class IdentityUnavailableException extends RuntimeException {
+
 	// ~ Constructors
 	// ===================================================================================================
 
 	/**
 	 * Constructs an <code>IdentityUnavailableException</code> with the specified message.
-	 *
 	 * @param msg the detail message
 	 */
 	public IdentityUnavailableException(String msg) {
@@ -36,11 +36,11 @@ public class IdentityUnavailableException extends RuntimeException {
 	/**
 	 * Constructs an <code>IdentityUnavailableException</code> with the specified message
 	 * and root cause.
-	 *
 	 * @param msg the detail message
 	 * @param t root cause
 	 */
 	public IdentityUnavailableException(String msg, Throwable t) {
 		super(msg, t);
 	}
+
 }
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/ObjectIdentityImpl.java b/acl/src/main/java/org/springframework/security/acls/domain/ObjectIdentityImpl.java
index 484b43a3a6..249a8b37ce 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/ObjectIdentityImpl.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/ObjectIdentityImpl.java
@@ -31,10 +31,12 @@ import org.springframework.util.ClassUtils;
  * @author Ben Alex
  */
 public class ObjectIdentityImpl implements ObjectIdentity {
+
 	// ~ Instance fields
 	// ================================================================================================
 
 	private final String type;
+
 	private Serializable identifier;
 
 	// ~ Constructors
@@ -66,9 +68,7 @@ public class ObjectIdentityImpl implements ObjectIdentity {
 	 * <p>
 	 * The class name of the object passed will be considered the {@link #type}, so if
 	 * more control is required, a different constructor should be used.
-	 *
 	 * @param object the domain object instance to create an identity for.
-	 *
 	 * @throws IdentityUnavailableException if identity could not be extracted
 	 */
 	public ObjectIdentityImpl(Object object) throws IdentityUnavailableException {
@@ -84,13 +84,11 @@ public class ObjectIdentityImpl implements ObjectIdentity {
 			result = method.invoke(object);
 		}
 		catch (Exception e) {
-			throw new IdentityUnavailableException(
-					"Could not extract identity from object " + object, e);
+			throw new IdentityUnavailableException("Could not extract identity from object " + object, e);
 		}
 
 		Assert.notNull(result, "getId() is required to return a non-null value");
-		Assert.isInstanceOf(Serializable.class, result,
-				"Getter must provide a return value of type Serializable");
+		Assert.isInstanceOf(Serializable.class, result, "Getter must provide a return value of type Serializable");
 		this.identifier = (Serializable) result;
 	}
 
@@ -105,9 +103,7 @@ public class ObjectIdentityImpl implements ObjectIdentity {
 	 * <p>
 	 * Numeric identities (Integer and Long values) are considered equal if they are
 	 * numerically equal. Other serializable types are evaluated using a simple equality.
-	 *
 	 * @param arg0 object to compare
-	 *
 	 * @return <code>true</code> if the presented object matches this object
 	 */
 	@Override
@@ -120,8 +116,7 @@ public class ObjectIdentityImpl implements ObjectIdentity {
 
 		if (identifier instanceof Number && other.identifier instanceof Number) {
 			// Integers and Longs with same value should be considered equal
-			if (((Number) identifier).longValue() != ((Number) other.identifier)
-					.longValue()) {
+			if (((Number) identifier).longValue() != ((Number) other.identifier).longValue()) {
 				return false;
 			}
 		}
@@ -147,7 +142,6 @@ public class ObjectIdentityImpl implements ObjectIdentity {
 
 	/**
 	 * Important so caching operates properly.
-	 *
 	 * @return the hash
 	 */
 	@Override
@@ -166,4 +160,5 @@ public class ObjectIdentityImpl implements ObjectIdentity {
 
 		return sb.toString();
 	}
+
 }
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/ObjectIdentityRetrievalStrategyImpl.java b/acl/src/main/java/org/springframework/security/acls/domain/ObjectIdentityRetrievalStrategyImpl.java
index 2fe0538c80..a789719b94 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/ObjectIdentityRetrievalStrategyImpl.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/ObjectIdentityRetrievalStrategyImpl.java
@@ -29,8 +29,8 @@ import org.springframework.security.acls.model.ObjectIdentityRetrievalStrategy;
  *
  * @author Ben Alex
  */
-public class ObjectIdentityRetrievalStrategyImpl implements
-		ObjectIdentityRetrievalStrategy, ObjectIdentityGenerator {
+public class ObjectIdentityRetrievalStrategyImpl implements ObjectIdentityRetrievalStrategy, ObjectIdentityGenerator {
+
 	// ~ Methods
 	// ========================================================================================================
 
@@ -41,4 +41,5 @@ public class ObjectIdentityRetrievalStrategyImpl implements
 	public ObjectIdentity createObjectIdentity(Serializable id, String type) {
 		return new ObjectIdentityImpl(type, id);
 	}
+
 }
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/PermissionFactory.java b/acl/src/main/java/org/springframework/security/acls/domain/PermissionFactory.java
index 5d99deb201..cad03adcd9 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/PermissionFactory.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/PermissionFactory.java
@@ -32,9 +32,7 @@ public interface PermissionFactory {
 	/**
 	 * Dynamically creates a <code>CumulativePermission</code> or
 	 * <code>BasePermission</code> representing the active bits in the passed mask.
-	 *
 	 * @param mask to build
-	 *
 	 * @return a Permission representing the requested object
 	 */
 	Permission buildFromMask(int mask);
@@ -42,4 +40,5 @@ public interface PermissionFactory {
 	Permission buildFromName(String name);
 
 	List<Permission> buildFromNames(List<String> names);
+
 }
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/PrincipalSid.java b/acl/src/main/java/org/springframework/security/acls/domain/PrincipalSid.java
index 2680b669c0..5f89653a1d 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/PrincipalSid.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/PrincipalSid.java
@@ -31,6 +31,7 @@ import org.springframework.util.Assert;
  * @author Ben Alex
  */
 public class PrincipalSid implements Sid {
+
 	// ~ Instance fields
 	// ================================================================================================
 
@@ -78,4 +79,5 @@ public class PrincipalSid implements Sid {
 	public String toString() {
 		return "PrincipalSid[" + this.principal + "]";
 	}
+
 }
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/SidRetrievalStrategyImpl.java b/acl/src/main/java/org/springframework/security/acls/domain/SidRetrievalStrategyImpl.java
index 2cf19291e6..d5611c505b 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/SidRetrievalStrategyImpl.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/SidRetrievalStrategyImpl.java
@@ -67,4 +67,5 @@ public class SidRetrievalStrategyImpl implements SidRetrievalStrategy {
 
 		return sids;
 	}
+
 }
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/SpringCacheBasedAclCache.java b/acl/src/main/java/org/springframework/security/acls/domain/SpringCacheBasedAclCache.java
index 67410e9643..d14c3c85f5 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/SpringCacheBasedAclCache.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/SpringCacheBasedAclCache.java
@@ -39,18 +39,20 @@ import java.io.Serializable;
  * @since 3.2
  */
 public class SpringCacheBasedAclCache implements AclCache {
+
 	// ~ Instance fields
 	// ================================================================================================
 
 	private final Cache cache;
+
 	private PermissionGrantingStrategy permissionGrantingStrategy;
+
 	private AclAuthorizationStrategy aclAuthorizationStrategy;
 
 	// ~ Constructors
 	// ===================================================================================================
 
-	public SpringCacheBasedAclCache(Cache cache,
-			PermissionGrantingStrategy permissionGrantingStrategy,
+	public SpringCacheBasedAclCache(Cache cache, PermissionGrantingStrategy permissionGrantingStrategy,
 			AclAuthorizationStrategy aclAuthorizationStrategy) {
 		Assert.notNull(cache, "Cache required");
 		Assert.notNull(permissionGrantingStrategy, "PermissionGrantingStrategy required");
@@ -120,10 +122,8 @@ public class SpringCacheBasedAclCache implements AclCache {
 
 	private MutableAcl initializeTransientFields(MutableAcl value) {
 		if (value instanceof AclImpl) {
-			FieldUtils.setProtectedFieldValue("aclAuthorizationStrategy", value,
-					this.aclAuthorizationStrategy);
-			FieldUtils.setProtectedFieldValue("permissionGrantingStrategy", value,
-					this.permissionGrantingStrategy);
+			FieldUtils.setProtectedFieldValue("aclAuthorizationStrategy", value, this.aclAuthorizationStrategy);
+			FieldUtils.setProtectedFieldValue("permissionGrantingStrategy", value, this.permissionGrantingStrategy);
 		}
 
 		if (value.getParentAcl() != null) {
@@ -135,4 +135,5 @@ public class SpringCacheBasedAclCache implements AclCache {
 	public void clearCache() {
 		cache.clear();
 	}
+
 }
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/package-info.java b/acl/src/main/java/org/springframework/security/acls/domain/package-info.java
index ff0f6f62b7..8af64c8a7d 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/package-info.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/package-info.java
@@ -17,4 +17,3 @@
  * Basic implementation of access control lists (ACLs) interfaces.
  */
 package org.springframework.security.acls.domain;
-
diff --git a/acl/src/main/java/org/springframework/security/acls/jdbc/AclClassIdUtils.java b/acl/src/main/java/org/springframework/security/acls/jdbc/AclClassIdUtils.java
index 65b5d80f54..27b132d1ad 100644
--- a/acl/src/main/java/org/springframework/security/acls/jdbc/AclClassIdUtils.java
+++ b/acl/src/main/java/org/springframework/security/acls/jdbc/AclClassIdUtils.java
@@ -31,12 +31,16 @@ import org.springframework.security.acls.model.ObjectIdentity;
 import org.springframework.util.Assert;
 
 /**
- * Utility class for helping convert database representations of {@link ObjectIdentity#getIdentifier()} into
- * the correct Java type as specified by <code>acl_class.class_id_type</code>.
+ * Utility class for helping convert database representations of
+ * {@link ObjectIdentity#getIdentifier()} into the correct Java type as specified by
+ * <code>acl_class.class_id_type</code>.
+ *
  * @author paulwheeler
  */
 class AclClassIdUtils {
+
 	private static final String DEFAULT_CLASS_ID_TYPE_COLUMN_NAME = "class_id_type";
+
 	private static final Log log = LogFactory.getLog(AclClassIdUtils.class);
 
 	private ConversionService conversionService;
@@ -54,19 +58,20 @@ class AclClassIdUtils {
 	}
 
 	/**
-	 * Converts the raw type from the database into the right Java type. For most applications the 'raw type' will be Long, for some applications
-	 * it could be String.
+	 * Converts the raw type from the database into the right Java type. For most
+	 * applications the 'raw type' will be Long, for some applications it could be String.
 	 * @param identifier The identifier from the database
-	 * @param resultSet  Result set of the query
+	 * @param resultSet Result set of the query
 	 * @return The identifier in the appropriate target Java type. Typically Long or UUID.
 	 * @throws SQLException
 	 */
 	Serializable identifierFrom(Serializable identifier, ResultSet resultSet) throws SQLException {
 		if (isString(identifier) && hasValidClassIdType(resultSet)
-			&& canConvertFromStringTo(classIdTypeFrom(resultSet))) {
+				&& canConvertFromStringTo(classIdTypeFrom(resultSet))) {
 
 			identifier = convertFromStringTo((String) identifier, classIdTypeFrom(resultSet));
-		} else {
+		}
+		else {
 			// Assume it should be a Long type
 			identifier = convertToLong(identifier);
 		}
@@ -78,13 +83,14 @@ class AclClassIdUtils {
 		boolean hasClassIdType = false;
 		try {
 			hasClassIdType = classIdTypeFrom(resultSet) != null;
-		} catch (SQLException e) {
+		}
+		catch (SQLException e) {
 			log.debug("Unable to obtain the class id type", e);
 		}
 		return hasClassIdType;
 	}
 
-	private <T  extends Serializable> Class<T> classIdTypeFrom(ResultSet resultSet) throws SQLException {
+	private <T extends Serializable> Class<T> classIdTypeFrom(ResultSet resultSet) throws SQLException {
 		return classIdTypeFrom(resultSet.getString(DEFAULT_CLASS_ID_TYPE_COLUMN_NAME));
 	}
 
@@ -93,7 +99,8 @@ class AclClassIdUtils {
 		if (className != null) {
 			try {
 				targetType = Class.forName(className);
-			} catch (ClassNotFoundException e) {
+			}
+			catch (ClassNotFoundException e) {
 				log.debug("Unable to find class id type on classpath", e);
 			}
 		}
@@ -109,18 +116,21 @@ class AclClassIdUtils {
 	}
 
 	/**
-	 * Converts to a {@link Long}, attempting to use the {@link ConversionService} if available.
-	 * @param identifier    The identifier
+	 * Converts to a {@link Long}, attempting to use the {@link ConversionService} if
+	 * available.
+	 * @param identifier The identifier
 	 * @return Long version of the identifier
 	 * @throws NumberFormatException if the string cannot be parsed to a long.
-	 * @throws org.springframework.core.convert.ConversionException if a conversion exception occurred
+	 * @throws org.springframework.core.convert.ConversionException if a conversion
+	 * exception occurred
 	 * @throws IllegalArgumentException if targetType is null
 	 */
 	private Long convertToLong(Serializable identifier) {
 		Long idAsLong;
 		if (conversionService.canConvert(identifier.getClass(), Long.class)) {
 			idAsLong = conversionService.convert(identifier, Long.class);
-		} else {
+		}
+		else {
 			idAsLong = Long.valueOf(identifier.toString());
 		}
 		return idAsLong;
@@ -136,6 +146,7 @@ class AclClassIdUtils {
 	}
 
 	private static class StringToLongConverter implements Converter<String, Long> {
+
 		@Override
 		public Long convert(String identifierAsString) {
 			if (identifierAsString == null) {
@@ -145,9 +156,11 @@ class AclClassIdUtils {
 			}
 			return Long.parseLong(identifierAsString);
 		}
+
 	}
 
 	private static class StringToUUIDConverter implements Converter<String, UUID> {
+
 		@Override
 		public UUID convert(String identifierAsString) {
 			if (identifierAsString == null) {
@@ -157,5 +170,7 @@ class AclClassIdUtils {
 			}
 			return UUID.fromString(identifierAsString);
 		}
+
 	}
+
 }
diff --git a/acl/src/main/java/org/springframework/security/acls/jdbc/BasicLookupStrategy.java b/acl/src/main/java/org/springframework/security/acls/jdbc/BasicLookupStrategy.java
index ebd32632a7..6cad36f01a 100644
--- a/acl/src/main/java/org/springframework/security/acls/jdbc/BasicLookupStrategy.java
+++ b/acl/src/main/java/org/springframework/security/acls/jdbc/BasicLookupStrategy.java
@@ -68,9 +68,9 @@ import org.springframework.util.Assert;
  * as it is likely to change in future releases and therefore subclassing is unsupported.
  * <p>
  * There are two SQL queries executed, one in the <tt>lookupPrimaryKeys</tt> method and
- * one in <tt>lookupObjectIdentities</tt>. These are built from the same select and
- * "order by" clause, using a different where clause in each case. In order to use custom
- * schema or column names, each of these SQL clauses can be customized, but they must be
+ * one in <tt>lookupObjectIdentities</tt>. These are built from the same select and "order
+ * by" clause, using a different where clause in each case. In order to use custom schema
+ * or column names, each of these SQL clauses can be customized, but they must be
  * consistent with each other and with the expected result set generated by the the
  * default values.
  *
@@ -79,21 +79,14 @@ import org.springframework.util.Assert;
 public class BasicLookupStrategy implements LookupStrategy {
 
 	private final static String DEFAULT_SELECT_CLAUSE_COLUMNS = "select acl_object_identity.object_id_identity, "
-			+ "acl_entry.ace_order,  "
-			+ "acl_object_identity.id as acl_id, "
-			+ "acl_object_identity.parent_object, "
-			+ "acl_object_identity.entries_inheriting, "
-			+ "acl_entry.id as ace_id, "
-			+ "acl_entry.mask,  "
-			+ "acl_entry.granting,  "
-			+ "acl_entry.audit_success, "
-			+ "acl_entry.audit_failure,  "
-			+ "acl_sid.principal as ace_principal, "
-			+ "acl_sid.sid as ace_sid,  "
-			+ "acli_sid.principal as acl_principal, "
-			+ "acli_sid.sid as acl_sid, "
-			+ "acl_class.class ";
+			+ "acl_entry.ace_order,  " + "acl_object_identity.id as acl_id, " + "acl_object_identity.parent_object, "
+			+ "acl_object_identity.entries_inheriting, " + "acl_entry.id as ace_id, " + "acl_entry.mask,  "
+			+ "acl_entry.granting,  " + "acl_entry.audit_success, " + "acl_entry.audit_failure,  "
+			+ "acl_sid.principal as ace_principal, " + "acl_sid.sid as ace_sid,  "
+			+ "acli_sid.principal as acl_principal, " + "acli_sid.sid as acl_sid, " + "acl_class.class ";
+
 	private final static String DEFAULT_SELECT_CLAUSE_ACL_CLASS_ID_TYPE_COLUMN = ", acl_class.class_id_type  ";
+
 	private final static String DEFAULT_SELECT_CLAUSE_FROM = "from acl_object_identity "
 			+ "left join acl_sid acli_sid on acli_sid.id = acl_object_identity.owner_sid "
 			+ "left join acl_class on acl_class.id = acl_object_identity.object_id_class   "
@@ -102,8 +95,8 @@ public class BasicLookupStrategy implements LookupStrategy {
 
 	public final static String DEFAULT_SELECT_CLAUSE = DEFAULT_SELECT_CLAUSE_COLUMNS + DEFAULT_SELECT_CLAUSE_FROM;
 
-	public final static String DEFAULT_ACL_CLASS_ID_SELECT_CLAUSE = DEFAULT_SELECT_CLAUSE_COLUMNS +
-		DEFAULT_SELECT_CLAUSE_ACL_CLASS_ID_TYPE_COLUMN + DEFAULT_SELECT_CLAUSE_FROM;
+	public final static String DEFAULT_ACL_CLASS_ID_SELECT_CLAUSE = DEFAULT_SELECT_CLAUSE_COLUMNS
+			+ DEFAULT_SELECT_CLAUSE_ACL_CLASS_ID_TYPE_COLUMN + DEFAULT_SELECT_CLAUSE_FROM;
 
 	private final static String DEFAULT_LOOKUP_KEYS_WHERE_CLAUSE = "(acl_object_identity.id = ?)";
 
@@ -116,20 +109,28 @@ public class BasicLookupStrategy implements LookupStrategy {
 	// ================================================================================================
 
 	private final AclAuthorizationStrategy aclAuthorizationStrategy;
+
 	private PermissionFactory permissionFactory = new DefaultPermissionFactory();
+
 	private final AclCache aclCache;
+
 	private final PermissionGrantingStrategy grantingStrategy;
+
 	private final JdbcTemplate jdbcTemplate;
+
 	private int batchSize = 50;
 
 	private final Field fieldAces = FieldUtils.getField(AclImpl.class, "aces");
-	private final Field fieldAcl = FieldUtils.getField(AccessControlEntryImpl.class,
-			"acl");
+
+	private final Field fieldAcl = FieldUtils.getField(AccessControlEntryImpl.class, "acl");
 
 	// SQL Customization fields
 	private String selectClause = DEFAULT_SELECT_CLAUSE;
+
 	private String lookupPrimaryKeysWhereClause = DEFAULT_LOOKUP_KEYS_WHERE_CLAUSE;
+
 	private String lookupObjectIdentitiesWhereClause = DEFAULT_LOOKUP_IDENTITIES_WHERE_CLAUSE;
+
 	private String orderByClause = DEFAULT_ORDER_BY_CLAUSE;
 
 	private AclClassIdUtils aclClassIdUtils;
@@ -139,28 +140,24 @@ public class BasicLookupStrategy implements LookupStrategy {
 
 	/**
 	 * Constructor accepting mandatory arguments
-	 *
 	 * @param dataSource to access the database
 	 * @param aclCache the cache where fully-loaded elements can be stored
 	 * @param aclAuthorizationStrategy authorization strategy (required)
 	 */
 	public BasicLookupStrategy(DataSource dataSource, AclCache aclCache,
 			AclAuthorizationStrategy aclAuthorizationStrategy, AuditLogger auditLogger) {
-		this(dataSource, aclCache, aclAuthorizationStrategy,
-				new DefaultPermissionGrantingStrategy(auditLogger));
+		this(dataSource, aclCache, aclAuthorizationStrategy, new DefaultPermissionGrantingStrategy(auditLogger));
 	}
 
 	/**
 	 * Creates a new instance
-	 *
 	 * @param dataSource to access the database
 	 * @param aclCache the cache where fully-loaded elements can be stored
 	 * @param aclAuthorizationStrategy authorization strategy (required)
 	 * @param grantingStrategy the PermissionGrantingStrategy
 	 */
 	public BasicLookupStrategy(DataSource dataSource, AclCache aclCache,
-			AclAuthorizationStrategy aclAuthorizationStrategy,
-			PermissionGrantingStrategy grantingStrategy) {
+			AclAuthorizationStrategy aclAuthorizationStrategy, PermissionGrantingStrategy grantingStrategy) {
 		Assert.notNull(dataSource, "DataSource required");
 		Assert.notNull(aclCache, "AclCache required");
 		Assert.notNull(aclAuthorizationStrategy, "AclAuthorizationStrategy required");
@@ -184,8 +181,8 @@ public class BasicLookupStrategy implements LookupStrategy {
 
 		final String endSql = orderByClause;
 
-		StringBuilder sqlStringBldr = new StringBuilder(startSql.length()
-				+ endSql.length() + requiredRepetitions * (repeatingSql.length() + 4));
+		StringBuilder sqlStringBldr = new StringBuilder(
+				startSql.length() + endSql.length() + requiredRepetitions * (repeatingSql.length() + 4));
 		sqlStringBldr.append(startSql);
 
 		for (int i = 1; i <= requiredRepetitions; i++) {
@@ -216,8 +213,7 @@ public class BasicLookupStrategy implements LookupStrategy {
 			fieldAcl.set(ace, acl);
 		}
 		catch (IllegalAccessException e) {
-			throw new IllegalStateException(
-					"Could not or set AclImpl on AccessControlEntryImpl fields", e);
+			throw new IllegalStateException("Could not or set AclImpl on AccessControlEntryImpl fields", e);
 		}
 	}
 
@@ -233,27 +229,24 @@ public class BasicLookupStrategy implements LookupStrategy {
 	/**
 	 * Locates the primary key IDs specified in "findNow", adding AclImpl instances with
 	 * StubAclParents to the "acls" Map.
-	 *
 	 * @param acls the AclImpls (with StubAclParents)
 	 * @param findNow Long-based primary keys to retrieve
 	 * @param sids
 	 */
-	private void lookupPrimaryKeys(final Map<Serializable, Acl> acls,
-			final Set<Long> findNow, final List<Sid> sids) {
+	private void lookupPrimaryKeys(final Map<Serializable, Acl> acls, final Set<Long> findNow, final List<Sid> sids) {
 		Assert.notNull(acls, "ACLs are required");
 		Assert.notEmpty(findNow, "Items to find now required");
 
 		String sql = computeRepeatingSql(lookupPrimaryKeysWhereClause, findNow.size());
 
-		Set<Long> parentsToLookup = jdbcTemplate.query(sql,
-				ps -> {
-					int i = 0;
+		Set<Long> parentsToLookup = jdbcTemplate.query(sql, ps -> {
+			int i = 0;
 
-					for (Long toFind : findNow) {
-						i++;
-						ps.setLong(i, toFind);
-					}
-				}, new ProcessResultSet(acls, sids));
+			for (Long toFind : findNow) {
+				i++;
+				ps.setLong(i, toFind);
+			}
+		}, new ProcessResultSet(acls, sids));
 
 		// Lookup the parents, now that our JdbcTemplate has released the database
 		// connection (SEC-547)
@@ -271,28 +264,25 @@ public class BasicLookupStrategy implements LookupStrategy {
 	 * develop a custom {@link LookupStrategy} implementation instead.
 	 * <p>
 	 * The implementation works in batch sizes specified by {@link #batchSize}.
-	 *
 	 * @param objects the identities to lookup (required)
 	 * @param sids the SIDs for which identities are required (ignored by this
 	 * implementation)
-	 *
 	 * @return a <tt>Map</tt> where keys represent the {@link ObjectIdentity} of the
 	 * located {@link Acl} and values are the located {@link Acl} (never <tt>null</tt>
 	 * although some entries may be missing; this method should not throw
 	 * {@link NotFoundException}, as a chain of {@link LookupStrategy}s may be used to
 	 * automatically create entries if required)
 	 */
-	public final Map<ObjectIdentity, Acl> readAclsById(List<ObjectIdentity> objects,
-			List<Sid> sids) {
+	public final Map<ObjectIdentity, Acl> readAclsById(List<ObjectIdentity> objects, List<Sid> sids) {
 		Assert.isTrue(batchSize >= 1, "BatchSize must be >= 1");
 		Assert.notEmpty(objects, "Objects to lookup required");
 
 		// Map<ObjectIdentity,Acl>
 		Map<ObjectIdentity, Acl> result = new HashMap<>(); // contains
-																				// FULLY
-																				// loaded
-																				// Acl
-																				// objects
+															// FULLY
+															// loaded
+															// Acl
+															// objects
 
 		Set<ObjectIdentity> currentBatchToLoad = new HashSet<>();
 
@@ -330,11 +320,9 @@ public class BasicLookupStrategy implements LookupStrategy {
 			}
 
 			// Is it time to load from JDBC the currentBatchToLoad?
-			if ((currentBatchToLoad.size() == this.batchSize)
-					|| ((i + 1) == objects.size())) {
+			if ((currentBatchToLoad.size() == this.batchSize) || ((i + 1) == objects.size())) {
 				if (currentBatchToLoad.size() > 0) {
-					Map<ObjectIdentity, Acl> loadedBatch = lookupObjectIdentities(
-							currentBatchToLoad, sids);
+					Map<ObjectIdentity, Acl> loadedBatch = lookupObjectIdentities(currentBatchToLoad, sids);
 
 					// Add loaded batch (all elements 100% initialized) to results
 					result.putAll(loadedBatch);
@@ -364,37 +352,35 @@ public class BasicLookupStrategy implements LookupStrategy {
 	 * properly-configured parent ACLs.
 	 *
 	 */
-	private Map<ObjectIdentity, Acl> lookupObjectIdentities(
-			final Collection<ObjectIdentity> objectIdentities, List<Sid> sids) {
+	private Map<ObjectIdentity, Acl> lookupObjectIdentities(final Collection<ObjectIdentity> objectIdentities,
+			List<Sid> sids) {
 		Assert.notEmpty(objectIdentities, "Must provide identities to lookup");
 
 		final Map<Serializable, Acl> acls = new HashMap<>(); // contains
-																				// Acls
-																				// with
-																				// StubAclParents
+																// Acls
+																// with
+																// StubAclParents
 
 		// Make the "acls" map contain all requested objectIdentities
 		// (including markers to each parent in the hierarchy)
-		String sql = computeRepeatingSql(lookupObjectIdentitiesWhereClause,
-				objectIdentities.size());
+		String sql = computeRepeatingSql(lookupObjectIdentitiesWhereClause, objectIdentities.size());
 
-		Set<Long> parentsToLookup = jdbcTemplate.query(sql,
-				ps -> {
-					int i = 0;
-					for (ObjectIdentity oid : objectIdentities) {
-						// Determine prepared statement values for this iteration
-						String type = oid.getType();
+		Set<Long> parentsToLookup = jdbcTemplate.query(sql, ps -> {
+			int i = 0;
+			for (ObjectIdentity oid : objectIdentities) {
+				// Determine prepared statement values for this iteration
+				String type = oid.getType();
 
-						// No need to check for nulls, as guaranteed non-null by
-						// ObjectIdentity.getIdentifier() interface contract
-						String identifier = oid.getIdentifier().toString();
+				// No need to check for nulls, as guaranteed non-null by
+				// ObjectIdentity.getIdentifier() interface contract
+				String identifier = oid.getIdentifier().toString();
 
-						// Inject values
-						ps.setString((2 * i) + 1, identifier);
-						ps.setString((2 * i) + 2, type);
-						i++;
-					}
-				}, new ProcessResultSet(acls, sids));
+				// Inject values
+				ps.setString((2 * i) + 1, identifier);
+				ps.setString((2 * i) + 2, type);
+				i++;
+			}
+		}, new ProcessResultSet(acls, sids));
 
 		// Lookup the parents, now that our JdbcTemplate has released the database
 		// connection (SEC-547)
@@ -406,10 +392,8 @@ public class BasicLookupStrategy implements LookupStrategy {
 		Map<ObjectIdentity, Acl> resultMap = new HashMap<>();
 
 		for (Acl inputAcl : acls.values()) {
-			Assert.isInstanceOf(AclImpl.class, inputAcl,
-					"Map should have contained an AclImpl");
-			Assert.isInstanceOf(Long.class, ((AclImpl) inputAcl).getId(),
-					"Acl.getId() must be Long");
+			Assert.isInstanceOf(AclImpl.class, inputAcl, "Map should have contained an AclImpl");
+			Assert.isInstanceOf(Long.class, ((AclImpl) inputAcl).getId(), "Acl.getId() must be Long");
 
 			Acl result = convert(acls, (Long) ((AclImpl) inputAcl).getId());
 			resultMap.put(result.getObjectIdentity(), result);
@@ -422,7 +406,6 @@ public class BasicLookupStrategy implements LookupStrategy {
 	 * The final phase of converting the <code>Map</code> of <code>AclImpl</code>
 	 * instances which contain <code>StubAclParent</code>s into proper, valid
 	 * <code>AclImpl</code>s with correct ACL parents.
-	 *
 	 * @param inputMap the unconverted <code>AclImpl</code>s
 	 * @param currentIdentity the current<code>Acl</code> that we wish to convert (this
 	 * may be
@@ -434,8 +417,7 @@ public class BasicLookupStrategy implements LookupStrategy {
 
 		// Retrieve this Acl from the InputMap
 		Acl uncastAcl = inputMap.get(currentIdentity);
-		Assert.isInstanceOf(AclImpl.class, uncastAcl,
-				"The inputMap contained a non-AclImpl");
+		Assert.isInstanceOf(AclImpl.class, uncastAcl, "The inputMap contained a non-AclImpl");
 
 		AclImpl inputAcl = (AclImpl) uncastAcl;
 
@@ -448,9 +430,8 @@ public class BasicLookupStrategy implements LookupStrategy {
 		}
 
 		// Now we have the parent (if there is one), create the true AclImpl
-		AclImpl result = new AclImpl(inputAcl.getObjectIdentity(),
-				inputAcl.getId(), aclAuthorizationStrategy, grantingStrategy,
-				parent, null, inputAcl.isEntriesInheriting(), inputAcl.getOwner());
+		AclImpl result = new AclImpl(inputAcl.getObjectIdentity(), inputAcl.getId(), aclAuthorizationStrategy,
+				grantingStrategy, parent, null, inputAcl.isEntriesInheriting(), inputAcl.getOwner());
 
 		// Copy the "aces" from the input to the destination
 
@@ -477,7 +458,6 @@ public class BasicLookupStrategy implements LookupStrategy {
 
 	/**
 	 * Creates a particular implementation of {@link Sid} depending on the arguments.
-	 *
 	 * @param sid the name of the sid representing its unique identifier. In typical ACL
 	 * database schema it's located in table {@code acl_sid} table, {@code sid} column.
 	 * @param isPrincipal whether it's a user or granted authority like role
@@ -496,7 +476,6 @@ public class BasicLookupStrategy implements LookupStrategy {
 	 * Sets the {@code PermissionFactory} instance which will be used to convert loaded
 	 * permission data values to {@code Permission}s. A {@code DefaultPermissionFactory}
 	 * will be used by default.
-	 *
 	 * @param permissionFactory
 	 */
 	public final void setPermissionFactory(PermissionFactory permissionFactory) {
@@ -510,7 +489,6 @@ public class BasicLookupStrategy implements LookupStrategy {
 	/**
 	 * The SQL for the select clause. If customizing in order to modify column names,
 	 * schema etc, the other SQL customization fields must also be set to match.
-	 *
 	 * @param selectClause the select clause, which defaults to
 	 * {@link #DEFAULT_SELECT_CLAUSE}.
 	 */
@@ -528,8 +506,7 @@ public class BasicLookupStrategy implements LookupStrategy {
 	/**
 	 * The SQL for the where clause used in the <tt>lookupObjectIdentities</tt> method.
 	 */
-	public final void setLookupObjectIdentitiesWhereClause(
-			String lookupObjectIdentitiesWhereClause) {
+	public final void setLookupObjectIdentitiesWhereClause(String lookupObjectIdentitiesWhereClause) {
 		this.lookupObjectIdentitiesWhereClause = lookupObjectIdentitiesWhereClause;
 	}
 
@@ -542,8 +519,9 @@ public class BasicLookupStrategy implements LookupStrategy {
 
 	public final void setAclClassIdSupported(boolean aclClassIdSupported) {
 		if (aclClassIdSupported) {
-			Assert.isTrue(this.selectClause.equals(DEFAULT_SELECT_CLAUSE), "Cannot set aclClassIdSupported and override the select clause; "
-				+ "just override the select clause");
+			Assert.isTrue(this.selectClause.equals(DEFAULT_SELECT_CLAUSE),
+					"Cannot set aclClassIdSupported and override the select clause; "
+							+ "just override the select clause");
 			this.selectClause = DEFAULT_ACL_CLASS_ID_SELECT_CLAUSE;
 		}
 	}
@@ -556,7 +534,9 @@ public class BasicLookupStrategy implements LookupStrategy {
 	// ==================================================================================================
 
 	private class ProcessResultSet implements ResultSetExtractor<Set<Long>> {
+
 		private final Map<Serializable, Acl> acls;
+
 		private final List<Sid> sids;
 
 		ProcessResultSet(Map<Serializable, Acl> acls, List<Sid> sids) {
@@ -612,15 +592,12 @@ public class BasicLookupStrategy implements LookupStrategy {
 		/**
 		 * Accepts the current <code>ResultSet</code> row, and converts it into an
 		 * <code>AclImpl</code> that contains a <code>StubAclParent</code>
-		 *
 		 * @param acls the Map we should add the converted Acl to
 		 * @param rs the ResultSet focused on a current row
-		 *
 		 * @throws SQLException if something goes wrong converting values
 		 * @throws ConversionException if can't convert to the desired Java type
 		 */
-		private void convertCurrentResultIntoObject(Map<Serializable, Acl> acls,
-				ResultSet rs) throws SQLException {
+		private void convertCurrentResultIntoObject(Map<Serializable, Acl> acls, ResultSet rs) throws SQLException {
 			Long id = rs.getLong("acl_id");
 
 			// If we already have an ACL for this ID, just create the ACE
@@ -629,11 +606,11 @@ public class BasicLookupStrategy implements LookupStrategy {
 			if (acl == null) {
 				// Make an AclImpl and pop it into the Map
 
-				// If the Java type is a String, check to see if we can convert it to the target id type, e.g. UUID.
+				// If the Java type is a String, check to see if we can convert it to the
+				// target id type, e.g. UUID.
 				Serializable identifier = (Serializable) rs.getObject("object_id_identity");
 				identifier = aclClassIdUtils.identifierFrom(identifier, rs);
-				ObjectIdentity objectIdentity = new ObjectIdentityImpl(
-					rs.getString("class"), identifier);
+				ObjectIdentity objectIdentity = new ObjectIdentityImpl(rs.getString("class"), identifier);
 
 				Acl parentAcl = null;
 				long parentAclId = rs.getLong("parent_object");
@@ -643,11 +620,10 @@ public class BasicLookupStrategy implements LookupStrategy {
 				}
 
 				boolean entriesInheriting = rs.getBoolean("entries_inheriting");
-				Sid owner = createSid(rs.getBoolean("acl_principal"),
-						rs.getString("acl_sid"));
+				Sid owner = createSid(rs.getBoolean("acl_principal"), rs.getString("acl_sid"));
 
-				acl = new AclImpl(objectIdentity, id, aclAuthorizationStrategy,
-						grantingStrategy, parentAcl, null, entriesInheriting, owner);
+				acl = new AclImpl(objectIdentity, id, aclAuthorizationStrategy, grantingStrategy, parentAcl, null,
+						entriesInheriting, owner);
 
 				acls.put(id, acl);
 			}
@@ -657,8 +633,7 @@ public class BasicLookupStrategy implements LookupStrategy {
 			// ACE_SID)
 			if (rs.getString("ace_sid") != null) {
 				Long aceId = rs.getLong("ace_id");
-				Sid recipient = createSid(rs.getBoolean("ace_principal"),
-						rs.getString("ace_sid"));
+				Sid recipient = createSid(rs.getBoolean("ace_principal"), rs.getString("ace_sid"));
 
 				int mask = rs.getInt("mask");
 				Permission permission = permissionFactory.buildFromMask(mask);
@@ -666,8 +641,8 @@ public class BasicLookupStrategy implements LookupStrategy {
 				boolean auditSuccess = rs.getBoolean("audit_success");
 				boolean auditFailure = rs.getBoolean("audit_failure");
 
-				AccessControlEntryImpl ace = new AccessControlEntryImpl(aceId, acl,
-						recipient, permission, granting, auditSuccess, auditFailure);
+				AccessControlEntryImpl ace = new AccessControlEntryImpl(aceId, acl, recipient, permission, granting,
+						auditSuccess, auditFailure);
 
 				// Field acesField = FieldUtils.getField(AclImpl.class, "aces");
 				List<AccessControlEntryImpl> aces = readAces((AclImpl) acl);
@@ -678,9 +653,11 @@ public class BasicLookupStrategy implements LookupStrategy {
 				}
 			}
 		}
+
 	}
 
 	private static class StubAclParent implements Acl {
+
 		private final Long id;
 
 		StubAclParent(Long id) {
@@ -711,14 +688,15 @@ public class BasicLookupStrategy implements LookupStrategy {
 			throw new UnsupportedOperationException("Stub only");
 		}
 
-		public boolean isGranted(List<Permission> permission, List<Sid> sids,
-				boolean administrativeMode) throws NotFoundException,
-				UnloadedSidException {
+		public boolean isGranted(List<Permission> permission, List<Sid> sids, boolean administrativeMode)
+				throws NotFoundException, UnloadedSidException {
 			throw new UnsupportedOperationException("Stub only");
 		}
 
 		public boolean isSidLoaded(List<Sid> sids) {
 			throw new UnsupportedOperationException("Stub only");
 		}
+
 	}
+
 }
diff --git a/acl/src/main/java/org/springframework/security/acls/jdbc/JdbcAclService.java b/acl/src/main/java/org/springframework/security/acls/jdbc/JdbcAclService.java
index f2cb89f909..2286bac911 100644
--- a/acl/src/main/java/org/springframework/security/acls/jdbc/JdbcAclService.java
+++ b/acl/src/main/java/org/springframework/security/acls/jdbc/JdbcAclService.java
@@ -45,18 +45,26 @@ import org.springframework.util.Assert;
  * @author Ben Alex
  */
 public class JdbcAclService implements AclService {
+
 	// ~ Static fields/initializers
 	// =====================================================================================
 
 	protected static final Log log = LogFactory.getLog(JdbcAclService.class);
+
 	private static final String DEFAULT_SELECT_ACL_CLASS_COLUMNS = "class.class as class";
-	private static final String DEFAULT_SELECT_ACL_CLASS_COLUMNS_WITH_ID_TYPE = DEFAULT_SELECT_ACL_CLASS_COLUMNS + ", class.class_id_type as class_id_type";
-	private static final String DEFAULT_SELECT_ACL_WITH_PARENT_SQL = "select obj.object_id_identity as obj_id, " + DEFAULT_SELECT_ACL_CLASS_COLUMNS
+
+	private static final String DEFAULT_SELECT_ACL_CLASS_COLUMNS_WITH_ID_TYPE = DEFAULT_SELECT_ACL_CLASS_COLUMNS
+			+ ", class.class_id_type as class_id_type";
+
+	private static final String DEFAULT_SELECT_ACL_WITH_PARENT_SQL = "select obj.object_id_identity as obj_id, "
+			+ DEFAULT_SELECT_ACL_CLASS_COLUMNS
 			+ " from acl_object_identity obj, acl_object_identity parent, acl_class class "
 			+ "where obj.parent_object = parent.id and obj.object_id_class = class.id "
 			+ "and parent.object_id_identity = ? and parent.object_id_class = ("
 			+ "select id FROM acl_class where acl_class.class = ?)";
-	private static final String DEFAULT_SELECT_ACL_WITH_PARENT_SQL_WITH_CLASS_ID_TYPE = "select obj.object_id_identity as obj_id, " + DEFAULT_SELECT_ACL_CLASS_COLUMNS_WITH_ID_TYPE
+
+	private static final String DEFAULT_SELECT_ACL_WITH_PARENT_SQL_WITH_CLASS_ID_TYPE = "select obj.object_id_identity as obj_id, "
+			+ DEFAULT_SELECT_ACL_CLASS_COLUMNS_WITH_ID_TYPE
 			+ " from acl_object_identity obj, acl_object_identity parent, acl_class class "
 			+ "where obj.parent_object = parent.id and obj.object_id_class = class.id "
 			+ "and parent.object_id_identity = ? and parent.object_id_class = ("
@@ -66,9 +74,13 @@ public class JdbcAclService implements AclService {
 	// ================================================================================================
 
 	protected final JdbcOperations jdbcOperations;
+
 	private final LookupStrategy lookupStrategy;
+
 	private boolean aclClassIdSupported;
+
 	private String findChildrenSql = DEFAULT_SELECT_ACL_WITH_PARENT_SQL;
+
 	private AclClassIdUtils aclClassIdUtils;
 
 	// ~ Constructors
@@ -91,13 +103,12 @@ public class JdbcAclService implements AclService {
 
 	public List<ObjectIdentity> findChildren(ObjectIdentity parentIdentity) {
 		Object[] args = { parentIdentity.getIdentifier().toString(), parentIdentity.getType() };
-		List<ObjectIdentity> objects = jdbcOperations.query(findChildrenSql, args,
-				(rs, rowNum) -> {
-					String javaType = rs.getString("class");
-					Serializable identifier = (Serializable) rs.getObject("obj_id");
-					identifier = aclClassIdUtils.identifierFrom(identifier, rs);
-					return new ObjectIdentityImpl(javaType, identifier);
-				});
+		List<ObjectIdentity> objects = jdbcOperations.query(findChildrenSql, args, (rs, rowNum) -> {
+			String javaType = rs.getString("class");
+			Serializable identifier = (Serializable) rs.getObject("obj_id");
+			identifier = aclClassIdUtils.identifierFrom(identifier, rs);
+			return new ObjectIdentityImpl(javaType, identifier);
+		});
 
 		if (objects.isEmpty()) {
 			return null;
@@ -106,8 +117,7 @@ public class JdbcAclService implements AclService {
 		return objects;
 	}
 
-	public Acl readAclById(ObjectIdentity object, List<Sid> sids)
-			throws NotFoundException {
+	public Acl readAclById(ObjectIdentity object, List<Sid> sids) throws NotFoundException {
 		Map<ObjectIdentity, Acl> map = readAclsById(Collections.singletonList(object), sids);
 		Assert.isTrue(map.containsKey(object),
 				() -> "There should have been an Acl entry for ObjectIdentity " + object);
@@ -119,22 +129,19 @@ public class JdbcAclService implements AclService {
 		return readAclById(object, null);
 	}
 
-	public Map<ObjectIdentity, Acl> readAclsById(List<ObjectIdentity> objects)
-			throws NotFoundException {
+	public Map<ObjectIdentity, Acl> readAclsById(List<ObjectIdentity> objects) throws NotFoundException {
 		return readAclsById(objects, null);
 	}
 
-	public Map<ObjectIdentity, Acl> readAclsById(List<ObjectIdentity> objects,
-			List<Sid> sids) throws NotFoundException {
+	public Map<ObjectIdentity, Acl> readAclsById(List<ObjectIdentity> objects, List<Sid> sids)
+			throws NotFoundException {
 		Map<ObjectIdentity, Acl> result = lookupStrategy.readAclsById(objects, sids);
 
 		// Check every requested object identity was found (throw NotFoundException if
 		// needed)
 		for (ObjectIdentity oid : objects) {
 			if (!result.containsKey(oid)) {
-				throw new NotFoundException(
-						"Unable to find ACL information for object identity '" + oid
-								+ "'");
+				throw new NotFoundException("Unable to find ACL information for object identity '" + oid + "'");
 			}
 		}
 
@@ -143,7 +150,6 @@ public class JdbcAclService implements AclService {
 
 	/**
 	 * Allows customization of the SQL query used to find child object identities.
-	 *
 	 * @param findChildrenSql
 	 */
 	public void setFindChildrenQuery(String findChildrenSql) {
@@ -156,7 +162,8 @@ public class JdbcAclService implements AclService {
 			// Change the default children select if it hasn't been overridden
 			if (this.findChildrenSql.equals(DEFAULT_SELECT_ACL_WITH_PARENT_SQL)) {
 				this.findChildrenSql = DEFAULT_SELECT_ACL_WITH_PARENT_SQL_WITH_CLASS_ID_TYPE;
-			} else {
+			}
+			else {
 				log.debug("Find children statement has already been overridden, so not overridding the default");
 			}
 		}
@@ -169,4 +176,5 @@ public class JdbcAclService implements AclService {
 	protected boolean isAclClassIdSupported() {
 		return aclClassIdSupported;
 	}
+
 }
diff --git a/acl/src/main/java/org/springframework/security/acls/jdbc/JdbcMutableAclService.java b/acl/src/main/java/org/springframework/security/acls/jdbc/JdbcMutableAclService.java
index 6625abdc5d..3654dc7f3f 100644
--- a/acl/src/main/java/org/springframework/security/acls/jdbc/JdbcMutableAclService.java
+++ b/acl/src/main/java/org/springframework/security/acls/jdbc/JdbcMutableAclService.java
@@ -58,39 +58,52 @@ import org.springframework.util.Assert;
  * @author Johannes Zlattinger
  */
 public class JdbcMutableAclService extends JdbcAclService implements MutableAclService {
+
 	private static final String DEFAULT_INSERT_INTO_ACL_CLASS = "insert into acl_class (class) values (?)";
+
 	private static final String DEFAULT_INSERT_INTO_ACL_CLASS_WITH_ID = "insert into acl_class (class, class_id_type) values (?, ?)";
+
 	// ~ Instance fields
 	// ================================================================================================
 
 	private boolean foreignKeysInDatabase = true;
+
 	private final AclCache aclCache;
+
 	private String deleteEntryByObjectIdentityForeignKey = "delete from acl_entry where acl_object_identity=?";
+
 	private String deleteObjectIdentityByPrimaryKey = "delete from acl_object_identity where id=?";
+
 	private String classIdentityQuery = "call identity()";
+
 	private String sidIdentityQuery = "call identity()";
+
 	private String insertClass = DEFAULT_INSERT_INTO_ACL_CLASS;
+
 	private String insertEntry = "insert into acl_entry "
 			+ "(acl_object_identity, ace_order, sid, mask, granting, audit_success, audit_failure)"
 			+ "values (?, ?, ?, ?, ?, ?, ?)";
+
 	private String insertObjectIdentity = "insert into acl_object_identity "
-			+ "(object_id_class, object_id_identity, owner_sid, entries_inheriting) "
-			+ "values (?, ?, ?, ?)";
+			+ "(object_id_class, object_id_identity, owner_sid, entries_inheriting) " + "values (?, ?, ?, ?)";
+
 	private String insertSid = "insert into acl_sid (principal, sid) values (?, ?)";
+
 	private String selectClassPrimaryKey = "select id from acl_class where class=?";
+
 	private String selectObjectIdentityPrimaryKey = "select acl_object_identity.id from acl_object_identity, acl_class "
 			+ "where acl_object_identity.object_id_class = acl_class.id and acl_class.class=? "
 			+ "and acl_object_identity.object_id_identity = ?";
+
 	private String selectSidPrimaryKey = "select id from acl_sid where principal=? and sid=?";
+
 	private String updateObjectIdentity = "update acl_object_identity set "
-			+ "parent_object = ?, owner_sid = ?, entries_inheriting = ?"
-			+ " where id = ?";
+			+ "parent_object = ?, owner_sid = ?, entries_inheriting = ?" + " where id = ?";
 
 	// ~ Constructors
 	// ===================================================================================================
 
-	public JdbcMutableAclService(DataSource dataSource, LookupStrategy lookupStrategy,
-			AclCache aclCache) {
+	public JdbcMutableAclService(DataSource dataSource, LookupStrategy lookupStrategy, AclCache aclCache) {
 		super(dataSource, lookupStrategy);
 		Assert.notNull(aclCache, "AclCache required");
 		this.aclCache = aclCache;
@@ -99,14 +112,12 @@ public class JdbcMutableAclService extends JdbcAclService implements MutableAclS
 	// ~ Methods
 	// ========================================================================================================
 
-	public MutableAcl createAcl(ObjectIdentity objectIdentity)
-			throws AlreadyExistsException {
+	public MutableAcl createAcl(ObjectIdentity objectIdentity) throws AlreadyExistsException {
 		Assert.notNull(objectIdentity, "Object Identity required");
 
 		// Check this object identity hasn't already been persisted
 		if (retrieveObjectIdentityPrimaryKey(objectIdentity) != null) {
-			throw new AlreadyExistsException("Object identity '" + objectIdentity
-					+ "' already exists");
+			throw new AlreadyExistsException("Object identity '" + objectIdentity + "' already exists");
 		}
 
 		// Need to retrieve the current principal, in order to know who "owns" this ACL
@@ -128,7 +139,6 @@ public class JdbcMutableAclService extends JdbcAclService implements MutableAclS
 	/**
 	 * Creates a new row in acl_entry for every ACE defined in the passed MutableAcl
 	 * object.
-	 *
 	 * @param acl containing the ACEs to insert
 	 */
 	protected void createEntries(final MutableAcl acl) {
@@ -142,8 +152,7 @@ public class JdbcMutableAclService extends JdbcAclService implements MutableAclS
 
 			public void setValues(PreparedStatement stmt, int i) throws SQLException {
 				AccessControlEntry entry_ = acl.getEntries().get(i);
-				Assert.isTrue(entry_ instanceof AccessControlEntryImpl,
-						"Unknown ACE class");
+				Assert.isTrue(entry_ instanceof AccessControlEntryImpl, "Unknown ACE class");
 				AccessControlEntryImpl entry = (AccessControlEntryImpl) entry_;
 
 				stmt.setLong(1, (Long) acl.getId());
@@ -161,7 +170,6 @@ public class JdbcMutableAclService extends JdbcAclService implements MutableAclS
 	 * Creates an entry in the acl_object_identity table for the passed ObjectIdentity.
 	 * The Sid is also necessary, as acl_object_identity has defined the sid column as
 	 * non-null.
-	 *
 	 * @param object to represent an acl_object_identity for
 	 * @param owner for the SID column (will be created if there is no acl_sid entry for
 	 * this particular Sid already)
@@ -169,22 +177,18 @@ public class JdbcMutableAclService extends JdbcAclService implements MutableAclS
 	protected void createObjectIdentity(ObjectIdentity object, Sid owner) {
 		Long sidId = createOrRetrieveSidPrimaryKey(owner, true);
 		Long classId = createOrRetrieveClassPrimaryKey(object.getType(), true, object.getIdentifier().getClass());
-		jdbcOperations.update(insertObjectIdentity, classId, object.getIdentifier().toString(), sidId,
-				Boolean.TRUE);
+		jdbcOperations.update(insertObjectIdentity, classId, object.getIdentifier().toString(), sidId, Boolean.TRUE);
 	}
 
 	/**
 	 * Retrieves the primary key from {@code acl_class}, creating a new row if needed and
 	 * the {@code allowCreate} property is {@code true}.
-	 *
 	 * @param type to find or create an entry for (often the fully-qualified class name)
 	 * @param allowCreate true if creation is permitted if not found
-	 *
 	 * @return the primary key or null if not found
 	 */
 	protected Long createOrRetrieveClassPrimaryKey(String type, boolean allowCreate, Class idType) {
-		List<Long> classIds = jdbcOperations.queryForList(selectClassPrimaryKey,
-				new Object[] { type }, Long.class);
+		List<Long> classIds = jdbcOperations.queryForList(selectClassPrimaryKey, new Object[] { type }, Long.class);
 
 		if (!classIds.isEmpty()) {
 			return classIds.get(0);
@@ -193,11 +197,11 @@ public class JdbcMutableAclService extends JdbcAclService implements MutableAclS
 		if (allowCreate) {
 			if (!isAclClassIdSupported()) {
 				jdbcOperations.update(insertClass, type);
-			} else {
+			}
+			else {
 				jdbcOperations.update(insertClass, type, idType.getCanonicalName());
 			}
-			Assert.isTrue(TransactionSynchronizationManager.isSynchronizationActive(),
-					"Transaction must be running");
+			Assert.isTrue(TransactionSynchronizationManager.isSynchronizationActive(), "Transaction must be running");
 			return jdbcOperations.queryForObject(classIdentityQuery, Long.class);
 		}
 
@@ -207,12 +211,9 @@ public class JdbcMutableAclService extends JdbcAclService implements MutableAclS
 	/**
 	 * Retrieves the primary key from acl_sid, creating a new row if needed and the
 	 * allowCreate property is true.
-	 *
 	 * @param sid to find or create
 	 * @param allowCreate true if creation is permitted if not found
-	 *
 	 * @return the primary key or null if not found
-	 *
 	 * @throws IllegalArgumentException if the <tt>Sid</tt> is not a recognized
 	 * implementation.
 	 */
@@ -244,11 +245,10 @@ public class JdbcMutableAclService extends JdbcAclService implements MutableAclS
 	 * @param allowCreate true if creation is permitted if not found
 	 * @return the primary key or null if not found
 	 */
-	protected Long createOrRetrieveSidPrimaryKey(String sidName, boolean sidIsPrincipal,
-			boolean allowCreate) {
+	protected Long createOrRetrieveSidPrimaryKey(String sidName, boolean sidIsPrincipal, boolean allowCreate) {
 
-		List<Long> sidIds = jdbcOperations.queryForList(selectSidPrimaryKey, new Object[] {
-				sidIsPrincipal, sidName }, Long.class);
+		List<Long> sidIds = jdbcOperations.queryForList(selectSidPrimaryKey, new Object[] { sidIsPrincipal, sidName },
+				Long.class);
 
 		if (!sidIds.isEmpty()) {
 			return sidIds.get(0);
@@ -256,19 +256,16 @@ public class JdbcMutableAclService extends JdbcAclService implements MutableAclS
 
 		if (allowCreate) {
 			jdbcOperations.update(insertSid, sidIsPrincipal, sidName);
-			Assert.isTrue(TransactionSynchronizationManager.isSynchronizationActive(),
-					"Transaction must be running");
+			Assert.isTrue(TransactionSynchronizationManager.isSynchronizationActive(), "Transaction must be running");
 			return jdbcOperations.queryForObject(sidIdentityQuery, Long.class);
 		}
 
 		return null;
 	}
 
-	public void deleteAcl(ObjectIdentity objectIdentity, boolean deleteChildren)
-			throws ChildrenExistException {
+	public void deleteAcl(ObjectIdentity objectIdentity, boolean deleteChildren) throws ChildrenExistException {
 		Assert.notNull(objectIdentity, "Object Identity required");
-		Assert.notNull(objectIdentity.getIdentifier(),
-				"Object Identity doesn't provide an identifier");
+		Assert.notNull(objectIdentity.getIdentifier(), "Object Identity doesn't provide an identifier");
 
 		if (deleteChildren) {
 			List<ObjectIdentity> children = findChildren(objectIdentity);
@@ -285,8 +282,8 @@ public class JdbcMutableAclService extends JdbcAclService implements MutableAclS
 				// We generally don't do this, in the interests of deadlock management
 				List<ObjectIdentity> children = findChildren(objectIdentity);
 				if (children != null) {
-					throw new ChildrenExistException("Cannot delete '" + objectIdentity
-							+ "' (has " + children.size() + " children)");
+					throw new ChildrenExistException(
+							"Cannot delete '" + objectIdentity + "' (has " + children.size() + " children)");
 				}
 			}
 		}
@@ -306,7 +303,6 @@ public class JdbcMutableAclService extends JdbcAclService implements MutableAclS
 	/**
 	 * Deletes all ACEs defined in the acl_entry table belonging to the presented
 	 * ObjectIdentity primary key.
-	 *
 	 * @param oidPrimaryKey the rows in acl_entry to delete
 	 */
 	protected void deleteEntries(Long oidPrimaryKey) {
@@ -319,7 +315,6 @@ public class JdbcMutableAclService extends JdbcAclService implements MutableAclS
 	 * <p>
 	 * We do not delete any entries from acl_class, even if no classes are using that
 	 * class any longer. This is a deadlock avoidance approach.
-	 *
 	 * @param oidPrimaryKey to delete the acl_object_identity
 	 */
 	protected void deleteObjectIdentity(Long oidPrimaryKey) {
@@ -331,15 +326,13 @@ public class JdbcMutableAclService extends JdbcAclService implements MutableAclS
 	 * Retrieves the primary key from the acl_object_identity table for the passed
 	 * ObjectIdentity. Unlike some other methods in this implementation, this method will
 	 * NOT create a row (use {@link #createObjectIdentity(ObjectIdentity, Sid)} instead).
-	 *
 	 * @param oid to find
-	 *
 	 * @return the object identity or null if not found
 	 */
 	protected Long retrieveObjectIdentityPrimaryKey(ObjectIdentity oid) {
 		try {
-			return jdbcOperations.queryForObject(selectObjectIdentityPrimaryKey, Long.class,
-					oid.getType(), oid.getIdentifier().toString());
+			return jdbcOperations.queryForObject(selectObjectIdentityPrimaryKey, Long.class, oid.getType(),
+					oid.getIdentifier().toString());
 		}
 		catch (DataAccessException notFound) {
 			return null;
@@ -387,29 +380,25 @@ public class JdbcMutableAclService extends JdbcAclService implements MutableAclS
 	 * Updates an existing acl_object_identity row, with new information presented in the
 	 * passed MutableAcl object. Also will create an acl_sid entry if needed for the Sid
 	 * that owns the MutableAcl.
-	 *
 	 * @param acl to modify (a row must already exist in acl_object_identity)
-	 *
 	 * @throws NotFoundException if the ACL could not be found to update.
 	 */
 	protected void updateObjectIdentity(MutableAcl acl) {
 		Long parentId = null;
 
 		if (acl.getParentAcl() != null) {
-			Assert.isInstanceOf(ObjectIdentityImpl.class, acl.getParentAcl()
-					.getObjectIdentity(),
+			Assert.isInstanceOf(ObjectIdentityImpl.class, acl.getParentAcl().getObjectIdentity(),
 					"Implementation only supports ObjectIdentityImpl");
 
-			ObjectIdentityImpl oii = (ObjectIdentityImpl) acl.getParentAcl()
-					.getObjectIdentity();
+			ObjectIdentityImpl oii = (ObjectIdentityImpl) acl.getParentAcl().getObjectIdentity();
 			parentId = retrieveObjectIdentityPrimaryKey(oii);
 		}
 
 		Assert.notNull(acl.getOwner(), "Owner is required in this implementation");
 
 		Long ownerSid = createOrRetrieveSidPrimaryKey(acl.getOwner(), true);
-		int count = jdbcOperations.update(updateObjectIdentity, parentId, ownerSid,
-				acl.isEntriesInheriting(), acl.getId());
+		int count = jdbcOperations.update(updateObjectIdentity, parentId, ownerSid, acl.isEntriesInheriting(),
+				acl.getId());
 
 		if (count != 1) {
 			throw new NotFoundException("Unable to locate ACL to update");
@@ -419,7 +408,6 @@ public class JdbcMutableAclService extends JdbcAclService implements MutableAclS
 	/**
 	 * Sets the query that will be used to retrieve the identity of a newly created row in
 	 * the <tt>acl_class</tt> table.
-	 *
 	 * @param classIdentityQuery the query, which should return the identifier. Defaults
 	 * to <tt>call identity()</tt>
 	 */
@@ -431,7 +419,6 @@ public class JdbcMutableAclService extends JdbcAclService implements MutableAclS
 	/**
 	 * Sets the query that will be used to retrieve the identity of a newly created row in
 	 * the <tt>acl_sid</tt> table.
-	 *
 	 * @param sidIdentityQuery the query, which should return the identifier. Defaults to
 	 * <tt>call identity()</tt>
 	 */
@@ -440,13 +427,11 @@ public class JdbcMutableAclService extends JdbcAclService implements MutableAclS
 		this.sidIdentityQuery = sidIdentityQuery;
 	}
 
-	public void setDeleteEntryByObjectIdentityForeignKeySql(
-			String deleteEntryByObjectIdentityForeignKey) {
+	public void setDeleteEntryByObjectIdentityForeignKeySql(String deleteEntryByObjectIdentityForeignKey) {
 		this.deleteEntryByObjectIdentityForeignKey = deleteEntryByObjectIdentityForeignKey;
 	}
 
-	public void setDeleteObjectIdentityByPrimaryKeySql(
-			String deleteObjectIdentityByPrimaryKey) {
+	public void setDeleteObjectIdentityByPrimaryKeySql(String deleteObjectIdentityByPrimaryKey) {
 		this.deleteObjectIdentityByPrimaryKey = deleteObjectIdentityByPrimaryKey;
 	}
 
@@ -498,9 +483,11 @@ public class JdbcMutableAclService extends JdbcAclService implements MutableAclS
 			// Change the default insert if it hasn't been overridden
 			if (this.insertClass.equals(DEFAULT_INSERT_INTO_ACL_CLASS)) {
 				this.insertClass = DEFAULT_INSERT_INTO_ACL_CLASS_WITH_ID;
-			} else {
+			}
+			else {
 				log.debug("Insert class statement has already been overridden, so not overridding the default");
 			}
 		}
 	}
+
 }
diff --git a/acl/src/main/java/org/springframework/security/acls/jdbc/LookupStrategy.java b/acl/src/main/java/org/springframework/security/acls/jdbc/LookupStrategy.java
index dc8a11d419..98243dda75 100644
--- a/acl/src/main/java/org/springframework/security/acls/jdbc/LookupStrategy.java
+++ b/acl/src/main/java/org/springframework/security/acls/jdbc/LookupStrategy.java
@@ -29,16 +29,15 @@ import java.util.Map;
  * @author Ben Alex
  */
 public interface LookupStrategy {
+
 	// ~ Methods
 	// ========================================================================================================
 
 	/**
 	 * Perform database-specific optimized lookup.
-	 *
 	 * @param objects the identities to lookup (required)
 	 * @param sids the SIDs for which identities are required (may be <tt>null</tt> -
 	 * implementations may elect not to provide SID optimisations)
-	 *
 	 * @return a <tt>Map</tt> where keys represent the {@link ObjectIdentity} of the
 	 * located {@link Acl} and values are the located {@link Acl} (never <tt>null</tt>
 	 * although some entries may be missing; this method should not throw
@@ -46,4 +45,5 @@ public interface LookupStrategy {
 	 * automatically create entries if required)
 	 */
 	Map<ObjectIdentity, Acl> readAclsById(List<ObjectIdentity> objects, List<Sid> sids);
+
 }
diff --git a/acl/src/main/java/org/springframework/security/acls/jdbc/package-info.java b/acl/src/main/java/org/springframework/security/acls/jdbc/package-info.java
index 154bf41bfc..0293449a4b 100644
--- a/acl/src/main/java/org/springframework/security/acls/jdbc/package-info.java
+++ b/acl/src/main/java/org/springframework/security/acls/jdbc/package-info.java
@@ -17,4 +17,3 @@
  * JDBC-based persistence of ACL information
  */
 package org.springframework.security.acls.jdbc;
-
diff --git a/acl/src/main/java/org/springframework/security/acls/model/AccessControlEntry.java b/acl/src/main/java/org/springframework/security/acls/model/AccessControlEntry.java
index a1bd103c9b..b0241f0b78 100644
--- a/acl/src/main/java/org/springframework/security/acls/model/AccessControlEntry.java
+++ b/acl/src/main/java/org/springframework/security/acls/model/AccessControlEntry.java
@@ -29,6 +29,7 @@ import java.io.Serializable;
  *
  */
 public interface AccessControlEntry extends Serializable {
+
 	// ~ Methods
 	// ========================================================================================================
 
@@ -36,7 +37,6 @@ public interface AccessControlEntry extends Serializable {
 
 	/**
 	 * Obtains an identifier that represents this ACE.
-	 *
 	 * @return the identifier, or <code>null</code> if unsaved
 	 */
 	Serializable getId();
@@ -46,10 +46,10 @@ public interface AccessControlEntry extends Serializable {
 	Sid getSid();
 
 	/**
-	 * Indicates the permission is being granted to the relevant Sid. If false,
-	 * indicates the permission is being revoked/blocked.
-	 *
+	 * Indicates the permission is being granted to the relevant Sid. If false, indicates
+	 * the permission is being revoked/blocked.
 	 * @return true if being granted, false otherwise
 	 */
 	boolean isGranting();
+
 }
diff --git a/acl/src/main/java/org/springframework/security/acls/model/Acl.java b/acl/src/main/java/org/springframework/security/acls/model/Acl.java
index de48e3a929..9174cd6b15 100644
--- a/acl/src/main/java/org/springframework/security/acls/model/Acl.java
+++ b/acl/src/main/java/org/springframework/security/acls/model/Acl.java
@@ -63,7 +63,6 @@ public interface Acl extends Serializable {
 	 * subset of <tt>Sid</tt>s. The caller is responsible for correctly handling the
 	 * result if only a subset of <tt>Sid</tt>s is represented.
 	 * </p>
-	 *
 	 * @return the list of entries represented by the <tt>Acl</tt>, or <tt>null</tt> if
 	 * there are no entries presently associated with this <tt>Acl</tt>.
 	 */
@@ -72,7 +71,6 @@ public interface Acl extends Serializable {
 	/**
 	 * Obtains the domain object this <tt>Acl</tt> provides entries for. This is immutable
 	 * once an <tt>Acl</tt> is created.
-	 *
 	 * @return the object identity (never <tt>null</tt>)
 	 */
 	ObjectIdentity getObjectIdentity();
@@ -80,7 +78,6 @@ public interface Acl extends Serializable {
 	/**
 	 * Determines the owner of the <tt>Acl</tt>. The meaning of ownership varies by
 	 * implementation and is unspecified.
-	 *
 	 * @return the owner (may be <tt>null</tt> if the implementation does not use
 	 * ownership concepts)
 	 */
@@ -102,7 +99,6 @@ public interface Acl extends Serializable {
 	 * subset of <tt>Sid</tt>s. The caller is responsible for correctly handling the
 	 * result if only a subset of <tt>Sid</tt>s is represented.
 	 * </p>
-	 *
 	 * @return the parent <tt>Acl</tt> (may be <tt>null</tt> if this <tt>Acl</tt> does not
 	 * have a parent)
 	 */
@@ -118,7 +114,6 @@ public interface Acl extends Serializable {
 	 * parent for navigation purposes. Thus, this method denotes whether or not the
 	 * navigation relationship also extends to the actual inheritance of entries.
 	 * </p>
-	 *
 	 * @return <tt>true</tt> if parent ACL entries inherit into the current <tt>Acl</tt>
 	 */
 	boolean isEntriesInheriting();
@@ -158,7 +153,6 @@ public interface Acl extends Serializable {
 	 * authorization decision for a {@link Sid} that was never loaded in this <tt>Acl</tt>
 	 * .
 	 * </p>
-	 *
 	 * @param permission the permission or permissions required (at least one entry
 	 * required)
 	 * @param sids the security identities held by the principal (at least one entry
@@ -166,17 +160,15 @@ public interface Acl extends Serializable {
 	 * @param administrativeMode if <tt>true</tt> denotes the query is for administrative
 	 * purposes and no logging or auditing (if supported by the implementation) should be
 	 * undertaken
-	 *
 	 * @return <tt>true</tt> if authorization is granted
-	 *
 	 * @throws NotFoundException MUST be thrown if an implementation cannot make an
 	 * authoritative authorization decision, usually because there is no ACL information
 	 * for this particular permission and/or SID
 	 * @throws UnloadedSidException thrown if the <tt>Acl</tt> does not have details for
 	 * one or more of the <tt>Sid</tt>s passed as arguments
 	 */
-	boolean isGranted(List<Permission> permission, List<Sid> sids,
-			boolean administrativeMode) throws NotFoundException, UnloadedSidException;
+	boolean isGranted(List<Permission> permission, List<Sid> sids, boolean administrativeMode)
+			throws NotFoundException, UnloadedSidException;
 
 	/**
 	 * For efficiency reasons an <tt>Acl</tt> may be loaded and <em>not</em> contain
@@ -191,12 +183,11 @@ public interface Acl extends Serializable {
 	 * all <tt>Sid</tt>s. This method denotes whether or not the specified <tt>Sid</tt>s
 	 * have been loaded or not.
 	 * </p>
-	 *
 	 * @param sids one or more security identities the caller is interest in knowing
 	 * whether this <tt>Sid</tt> supports
-	 *
 	 * @return <tt>true</tt> if every passed <tt>Sid</tt> is represented by this
 	 * <tt>Acl</tt> instance
 	 */
 	boolean isSidLoaded(List<Sid> sids);
+
 }
diff --git a/acl/src/main/java/org/springframework/security/acls/model/AclCache.java b/acl/src/main/java/org/springframework/security/acls/model/AclCache.java
index 7c23e5f999..85df6e14ea 100644
--- a/acl/src/main/java/org/springframework/security/acls/model/AclCache.java
+++ b/acl/src/main/java/org/springframework/security/acls/model/AclCache.java
@@ -26,6 +26,7 @@ import java.io.Serializable;
  *
  */
 public interface AclCache {
+
 	// ~ Methods
 	// ========================================================================================================
 
@@ -40,4 +41,5 @@ public interface AclCache {
 	void putInCache(MutableAcl acl);
 
 	void clearCache();
+
 }
diff --git a/acl/src/main/java/org/springframework/security/acls/model/AclDataAccessException.java b/acl/src/main/java/org/springframework/security/acls/model/AclDataAccessException.java
index 090cecc49f..dc363d1318 100644
--- a/acl/src/main/java/org/springframework/security/acls/model/AclDataAccessException.java
+++ b/acl/src/main/java/org/springframework/security/acls/model/AclDataAccessException.java
@@ -26,7 +26,6 @@ public abstract class AclDataAccessException extends RuntimeException {
 	/**
 	 * Constructs an <code>AclDataAccessException</code> with the specified message and
 	 * root cause.
-	 *
 	 * @param msg the detail message
 	 * @param cause the root cause
 	 */
@@ -37,10 +36,10 @@ public abstract class AclDataAccessException extends RuntimeException {
 	/**
 	 * Constructs an <code>AclDataAccessException</code> with the specified message and no
 	 * root cause.
-	 *
 	 * @param msg the detail message
 	 */
 	public AclDataAccessException(String msg) {
 		super(msg);
 	}
+
 }
diff --git a/acl/src/main/java/org/springframework/security/acls/model/AclService.java b/acl/src/main/java/org/springframework/security/acls/model/AclService.java
index 462d33d7f2..b0df3f0cd8 100644
--- a/acl/src/main/java/org/springframework/security/acls/model/AclService.java
+++ b/acl/src/main/java/org/springframework/security/acls/model/AclService.java
@@ -24,15 +24,14 @@ import java.util.Map;
  * @author Ben Alex
  */
 public interface AclService {
+
 	// ~ Methods
 	// ========================================================================================================
 
 	/**
 	 * Locates all object identities that use the specified parent. This is useful for
 	 * administration tools.
-	 *
 	 * @param parentIdentity to locate children of
-	 *
 	 * @return the children (or <tt>null</tt> if none were found)
 	 */
 	List<ObjectIdentity> findChildren(ObjectIdentity parentIdentity);
@@ -44,12 +43,9 @@ public interface AclService {
 	 * implementation's potential ability to filter <tt>Acl</tt> entries based on a
 	 * {@link Sid} parameter.
 	 * </p>
-	 *
 	 * @param object to locate an {@link Acl} for
-	 *
 	 * @return the {@link Acl} for the requested {@link ObjectIdentity} (never
 	 * <tt>null</tt>)
-	 *
 	 * @throws NotFoundException if an {@link Acl} was not found for the requested
 	 * {@link ObjectIdentity}
 	 */
@@ -57,14 +53,11 @@ public interface AclService {
 
 	/**
 	 * Same as {@link #readAclsById(List, List)} except it returns only a single Acl.
-	 *
 	 * @param object to locate an {@link Acl} for
 	 * @param sids the security identities for which {@link Acl} information is required
 	 * (may be <tt>null</tt> to denote all entries)
-	 *
 	 * @return the {@link Acl} for the requested {@link ObjectIdentity} (never
 	 * <tt>null</tt>)
-	 *
 	 * @throws NotFoundException if an {@link Acl} was not found for the requested
 	 * {@link ObjectIdentity}
 	 */
@@ -76,17 +69,13 @@ public interface AclService {
 	 * The returned map is keyed on the passed objects, with the values being the
 	 * <tt>Acl</tt> instances. Any unknown objects will not have a map key.
 	 * </p>
-	 *
 	 * @param objects the objects to find {@link Acl} information for
-	 *
 	 * @return a map with exactly one element for each {@link ObjectIdentity} passed as an
 	 * argument (never <tt>null</tt>)
-	 *
 	 * @throws NotFoundException if an {@link Acl} was not found for each requested
 	 * {@link ObjectIdentity}
 	 */
-	Map<ObjectIdentity, Acl> readAclsById(List<ObjectIdentity> objects)
-			throws NotFoundException;
+	Map<ObjectIdentity, Acl> readAclsById(List<ObjectIdentity> objects) throws NotFoundException;
 
 	/**
 	 * Obtains all the <tt>Acl</tt>s that apply for the passed <tt>Object</tt>s, but only
@@ -103,17 +92,14 @@ public interface AclService {
 	 * <tt>Acl</tt> instances. Any unknown objects (or objects for which the interested
 	 * <tt>Sid</tt>s do not have entries) will not have a map key.
 	 * </p>
-	 *
 	 * @param objects the objects to find {@link Acl} information for
 	 * @param sids the security identities for which {@link Acl} information is required
 	 * (may be <tt>null</tt> to denote all entries)
-	 *
 	 * @return a map with exactly one element for each {@link ObjectIdentity} passed as an
 	 * argument (never <tt>null</tt>)
-	 *
 	 * @throws NotFoundException if an {@link Acl} was not found for each requested
 	 * {@link ObjectIdentity}
 	 */
-	Map<ObjectIdentity, Acl> readAclsById(List<ObjectIdentity> objects, List<Sid> sids)
-			throws NotFoundException;
+	Map<ObjectIdentity, Acl> readAclsById(List<ObjectIdentity> objects, List<Sid> sids) throws NotFoundException;
+
 }
diff --git a/acl/src/main/java/org/springframework/security/acls/model/AlreadyExistsException.java b/acl/src/main/java/org/springframework/security/acls/model/AlreadyExistsException.java
index d611ab11ee..d0d7818e60 100644
--- a/acl/src/main/java/org/springframework/security/acls/model/AlreadyExistsException.java
+++ b/acl/src/main/java/org/springframework/security/acls/model/AlreadyExistsException.java
@@ -21,12 +21,12 @@ package org.springframework.security.acls.model;
  * @author Ben Alex
  */
 public class AlreadyExistsException extends AclDataAccessException {
+
 	// ~ Constructors
 	// ===================================================================================================
 
 	/**
 	 * Constructs an <code>AlreadyExistsException</code> with the specified message.
-	 *
 	 * @param msg the detail message
 	 */
 	public AlreadyExistsException(String msg) {
@@ -36,11 +36,11 @@ public class AlreadyExistsException extends AclDataAccessException {
 	/**
 	 * Constructs an <code>AlreadyExistsException</code> with the specified message and
 	 * root cause.
-	 *
 	 * @param msg the detail message
 	 * @param t root cause
 	 */
 	public AlreadyExistsException(String msg, Throwable t) {
 		super(msg, t);
 	}
+
 }
diff --git a/acl/src/main/java/org/springframework/security/acls/model/AuditableAccessControlEntry.java b/acl/src/main/java/org/springframework/security/acls/model/AuditableAccessControlEntry.java
index 30ea235690..1790e38276 100644
--- a/acl/src/main/java/org/springframework/security/acls/model/AuditableAccessControlEntry.java
+++ b/acl/src/main/java/org/springframework/security/acls/model/AuditableAccessControlEntry.java
@@ -22,10 +22,12 @@ package org.springframework.security.acls.model;
  *
  */
 public interface AuditableAccessControlEntry extends AccessControlEntry {
+
 	// ~ Methods
 	// ========================================================================================================
 
 	boolean isAuditFailure();
 
 	boolean isAuditSuccess();
+
 }
diff --git a/acl/src/main/java/org/springframework/security/acls/model/AuditableAcl.java b/acl/src/main/java/org/springframework/security/acls/model/AuditableAcl.java
index ddf31a954d..9311aac46e 100644
--- a/acl/src/main/java/org/springframework/security/acls/model/AuditableAcl.java
+++ b/acl/src/main/java/org/springframework/security/acls/model/AuditableAcl.java
@@ -22,8 +22,10 @@ package org.springframework.security.acls.model;
  *
  */
 public interface AuditableAcl extends MutableAcl {
+
 	// ~ Methods
 	// ========================================================================================================
 
 	void updateAuditing(int aceIndex, boolean auditSuccess, boolean auditFailure);
+
 }
diff --git a/acl/src/main/java/org/springframework/security/acls/model/ChildrenExistException.java b/acl/src/main/java/org/springframework/security/acls/model/ChildrenExistException.java
index 514258ec07..d127e8523f 100644
--- a/acl/src/main/java/org/springframework/security/acls/model/ChildrenExistException.java
+++ b/acl/src/main/java/org/springframework/security/acls/model/ChildrenExistException.java
@@ -21,12 +21,12 @@ package org.springframework.security.acls.model;
  * @author Ben Alex
  */
 public class ChildrenExistException extends AclDataAccessException {
+
 	// ~ Constructors
 	// ===================================================================================================
 
 	/**
 	 * Constructs an <code>ChildrenExistException</code> with the specified message.
-	 *
 	 * @param msg the detail message
 	 */
 	public ChildrenExistException(String msg) {
@@ -36,11 +36,11 @@ public class ChildrenExistException extends AclDataAccessException {
 	/**
 	 * Constructs an <code>ChildrenExistException</code> with the specified message and
 	 * root cause.
-	 *
 	 * @param msg the detail message
 	 * @param t root cause
 	 */
 	public ChildrenExistException(String msg, Throwable t) {
 		super(msg, t);
 	}
+
 }
diff --git a/acl/src/main/java/org/springframework/security/acls/model/MutableAcl.java b/acl/src/main/java/org/springframework/security/acls/model/MutableAcl.java
index 0e91c66e25..717824b513 100644
--- a/acl/src/main/java/org/springframework/security/acls/model/MutableAcl.java
+++ b/acl/src/main/java/org/springframework/security/acls/model/MutableAcl.java
@@ -26,6 +26,7 @@ import java.io.Serializable;
  * @author Ben Alex
  */
 public interface MutableAcl extends Acl {
+
 	// ~ Methods
 	// ========================================================================================================
 
@@ -33,34 +34,30 @@ public interface MutableAcl extends Acl {
 
 	/**
 	 * Obtains an identifier that represents this <tt>MutableAcl</tt>.
-	 *
 	 * @return the identifier, or <tt>null</tt> if unsaved
 	 */
 	Serializable getId();
 
-	void insertAce(int atIndexLocation, Permission permission, Sid sid, boolean granting)
-			throws NotFoundException;
+	void insertAce(int atIndexLocation, Permission permission, Sid sid, boolean granting) throws NotFoundException;
 
 	/**
 	 * Changes the present owner to a different owner.
-	 *
 	 * @param newOwner the new owner (mandatory; cannot be null)
 	 */
 	void setOwner(Sid newOwner);
 
 	/**
 	 * Change the value returned by {@link Acl#isEntriesInheriting()}.
-	 *
 	 * @param entriesInheriting the new value
 	 */
 	void setEntriesInheriting(boolean entriesInheriting);
 
 	/**
 	 * Changes the parent of this ACL.
-	 *
 	 * @param newParent the new parent
 	 */
 	void setParent(Acl newParent);
 
 	void updateAce(int aceIndex, Permission permission) throws NotFoundException;
+
 }
diff --git a/acl/src/main/java/org/springframework/security/acls/model/MutableAclService.java b/acl/src/main/java/org/springframework/security/acls/model/MutableAclService.java
index 7b14f99e40..0c1536529a 100644
--- a/acl/src/main/java/org/springframework/security/acls/model/MutableAclService.java
+++ b/acl/src/main/java/org/springframework/security/acls/model/MutableAclService.java
@@ -21,41 +21,35 @@ package org.springframework.security.acls.model;
  * @author Ben Alex
  */
 public interface MutableAclService extends AclService {
+
 	// ~ Methods
 	// ========================================================================================================
 
 	/**
 	 * Creates an empty <code>Acl</code> object in the database. It will have no entries.
 	 * The returned object will then be used to add entries.
-	 *
 	 * @param objectIdentity the object identity to create
-	 *
 	 * @return an ACL object with its ID set
-	 *
 	 * @throws AlreadyExistsException if the passed object identity already has a record
 	 */
 	MutableAcl createAcl(ObjectIdentity objectIdentity) throws AlreadyExistsException;
 
 	/**
 	 * Removes the specified entry from the database.
-	 *
 	 * @param objectIdentity the object identity to remove
 	 * @param deleteChildren whether to cascade the delete to children
-	 *
 	 * @throws ChildrenExistException if the deleteChildren argument was
 	 * <code>false</code> but children exist
 	 */
-	void deleteAcl(ObjectIdentity objectIdentity, boolean deleteChildren)
-			throws ChildrenExistException;
+	void deleteAcl(ObjectIdentity objectIdentity, boolean deleteChildren) throws ChildrenExistException;
 
 	/**
 	 * Changes an existing <code>Acl</code> in the database.
-	 *
 	 * @param acl to modify
-	 *
 	 * @throws NotFoundException if the relevant record could not be found (did you
 	 * remember to use {@link #createAcl(ObjectIdentity)} to create the object, rather
 	 * than creating it with the <code>new</code> keyword?)
 	 */
 	MutableAcl updateAcl(MutableAcl acl) throws NotFoundException;
+
 }
diff --git a/acl/src/main/java/org/springframework/security/acls/model/NotFoundException.java b/acl/src/main/java/org/springframework/security/acls/model/NotFoundException.java
index e470d61292..7e1450dedf 100644
--- a/acl/src/main/java/org/springframework/security/acls/model/NotFoundException.java
+++ b/acl/src/main/java/org/springframework/security/acls/model/NotFoundException.java
@@ -21,12 +21,12 @@ package org.springframework.security.acls.model;
  * @author Ben Alex
  */
 public class NotFoundException extends AclDataAccessException {
+
 	// ~ Constructors
 	// ===================================================================================================
 
 	/**
 	 * Constructs an <code>NotFoundException</code> with the specified message.
-	 *
 	 * @param msg the detail message
 	 */
 	public NotFoundException(String msg) {
@@ -36,11 +36,11 @@ public class NotFoundException extends AclDataAccessException {
 	/**
 	 * Constructs an <code>NotFoundException</code> with the specified message and root
 	 * cause.
-	 *
 	 * @param msg the detail message
 	 * @param t root cause
 	 */
 	public NotFoundException(String msg, Throwable t) {
 		super(msg, t);
 	}
+
 }
diff --git a/acl/src/main/java/org/springframework/security/acls/model/ObjectIdentity.java b/acl/src/main/java/org/springframework/security/acls/model/ObjectIdentity.java
index 2edf7cd2e1..5e5d9d8e37 100644
--- a/acl/src/main/java/org/springframework/security/acls/model/ObjectIdentity.java
+++ b/acl/src/main/java/org/springframework/security/acls/model/ObjectIdentity.java
@@ -32,12 +32,12 @@ import java.io.Serializable;
  * @author Ben Alex
  */
 public interface ObjectIdentity extends Serializable {
+
 	// ~ Methods
 	// ========================================================================================================
 
 	/**
 	 * @param obj to be compared
-	 *
 	 * @return <tt>true</tt> if the objects are equal, <tt>false</tt> otherwise
 	 * @see Object#equals(Object)
 	 */
@@ -53,7 +53,6 @@ public interface ObjectIdentity extends Serializable {
 	 * identifier with business meaning, as that business meaning may change in the future
 	 * such change will cascade to the ACL subsystem data.
 	 * </p>
-	 *
 	 * @return the identifier (unique within this <tt>type</tt>; never <tt>null</tt>)
 	 */
 	Serializable getIdentifier();
@@ -62,7 +61,6 @@ public interface ObjectIdentity extends Serializable {
 	 * Obtains the "type" metadata for the domain object. This will often be a Java type
 	 * name (an interface or a class) &ndash; traditionally it is the name of the domain
 	 * object implementation class.
-	 *
 	 * @return the "type" of the domain object (never <tt>null</tt>).
 	 */
 	String getType();
@@ -72,4 +70,5 @@ public interface ObjectIdentity extends Serializable {
 	 * @see Object#hashCode()
 	 */
 	int hashCode();
+
 }
diff --git a/acl/src/main/java/org/springframework/security/acls/model/ObjectIdentityGenerator.java b/acl/src/main/java/org/springframework/security/acls/model/ObjectIdentityGenerator.java
index 1814295874..b78059c8f1 100644
--- a/acl/src/main/java/org/springframework/security/acls/model/ObjectIdentityGenerator.java
+++ b/acl/src/main/java/org/springframework/security/acls/model/ObjectIdentityGenerator.java
@@ -30,7 +30,6 @@ import java.io.Serializable;
 public interface ObjectIdentityGenerator {
 
 	/**
-	 *
 	 * @param id the identifier of the domain object, not null
 	 * @param type the type of the object (often a class name), not null
 	 * @return the identity constructed using the supplied identifier and type
diff --git a/acl/src/main/java/org/springframework/security/acls/model/ObjectIdentityRetrievalStrategy.java b/acl/src/main/java/org/springframework/security/acls/model/ObjectIdentityRetrievalStrategy.java
index cd1b53031e..da817471b1 100644
--- a/acl/src/main/java/org/springframework/security/acls/model/ObjectIdentityRetrievalStrategy.java
+++ b/acl/src/main/java/org/springframework/security/acls/model/ObjectIdentityRetrievalStrategy.java
@@ -24,8 +24,10 @@ package org.springframework.security.acls.model;
  *
  */
 public interface ObjectIdentityRetrievalStrategy {
+
 	// ~ Methods
 	// ========================================================================================================
 
 	ObjectIdentity getObjectIdentity(Object domainObject);
+
 }
diff --git a/acl/src/main/java/org/springframework/security/acls/model/OwnershipAcl.java b/acl/src/main/java/org/springframework/security/acls/model/OwnershipAcl.java
index edda240b19..856bd2f3b4 100644
--- a/acl/src/main/java/org/springframework/security/acls/model/OwnershipAcl.java
+++ b/acl/src/main/java/org/springframework/security/acls/model/OwnershipAcl.java
@@ -25,8 +25,10 @@ package org.springframework.security.acls.model;
  * @author Ben Alex
  */
 public interface OwnershipAcl extends MutableAcl {
+
 	// ~ Methods
 	// ========================================================================================================
 
 	void setOwner(Sid newOwner);
+
 }
diff --git a/acl/src/main/java/org/springframework/security/acls/model/Permission.java b/acl/src/main/java/org/springframework/security/acls/model/Permission.java
index 68beec8568..ea44686f29 100644
--- a/acl/src/main/java/org/springframework/security/acls/model/Permission.java
+++ b/acl/src/main/java/org/springframework/security/acls/model/Permission.java
@@ -23,11 +23,14 @@ import java.io.Serializable;
  * @author Ben Alex
  */
 public interface Permission extends Serializable {
+
 	// ~ Static fields/initializers
 	// =====================================================================================
 
 	char RESERVED_ON = '~';
+
 	char RESERVED_OFF = '.';
+
 	String THIRTY_TWO_RESERVED_OFF = "................................";
 
 	// ~ Methods
@@ -35,7 +38,6 @@ public interface Permission extends Serializable {
 
 	/**
 	 * Returns the bits that represents the permission.
-	 *
 	 * @return the bits that represent the permission
 	 */
 	int getMask();
@@ -56,8 +58,8 @@ public interface Permission extends Serializable {
 	 * This method is only used for user interface and logging purposes. It is not used in
 	 * any permission calculations. Therefore, duplication of characters within the output
 	 * is permitted.
-	 *
 	 * @return a 32-character bit pattern
 	 */
 	String getPattern();
+
 }
diff --git a/acl/src/main/java/org/springframework/security/acls/model/PermissionGrantingStrategy.java b/acl/src/main/java/org/springframework/security/acls/model/PermissionGrantingStrategy.java
index 14c8185c18..f9d5ffe351 100644
--- a/acl/src/main/java/org/springframework/security/acls/model/PermissionGrantingStrategy.java
+++ b/acl/src/main/java/org/springframework/security/acls/model/PermissionGrantingStrategy.java
@@ -27,10 +27,9 @@ import java.util.List;
 public interface PermissionGrantingStrategy {
 
 	/**
-	 * Returns true if the supplied strategy decides that the supplied {@code Acl}
-	 * grants access based on the supplied list of permissions and sids.
+	 * Returns true if the supplied strategy decides that the supplied {@code Acl} grants
+	 * access based on the supplied list of permissions and sids.
 	 */
-	boolean isGranted(Acl acl, List<Permission> permission, List<Sid> sids,
-			boolean administrativeMode);
+	boolean isGranted(Acl acl, List<Permission> permission, List<Sid> sids, boolean administrativeMode);
 
 }
diff --git a/acl/src/main/java/org/springframework/security/acls/model/Sid.java b/acl/src/main/java/org/springframework/security/acls/model/Sid.java
index 134fc0ed7a..4ced8b26f7 100644
--- a/acl/src/main/java/org/springframework/security/acls/model/Sid.java
+++ b/acl/src/main/java/org/springframework/security/acls/model/Sid.java
@@ -31,15 +31,14 @@ import java.io.Serializable;
  * @author Ben Alex
  */
 public interface Sid extends Serializable {
+
 	// ~ Methods
 	// ========================================================================================================
 
 	/**
 	 * Refer to the <code>java.lang.Object</code> documentation for the interface
 	 * contract.
-	 *
 	 * @param obj to be compared
-	 *
 	 * @return <code>true</code> if the objects are equal, <code>false</code> otherwise
 	 */
 	boolean equals(Object obj);
@@ -47,8 +46,8 @@ public interface Sid extends Serializable {
 	/**
 	 * Refer to the <code>java.lang.Object</code> documentation for the interface
 	 * contract.
-	 *
 	 * @return a hash code representation of this object
 	 */
 	int hashCode();
+
 }
diff --git a/acl/src/main/java/org/springframework/security/acls/model/SidRetrievalStrategy.java b/acl/src/main/java/org/springframework/security/acls/model/SidRetrievalStrategy.java
index 3f605440c0..24397ea1cc 100644
--- a/acl/src/main/java/org/springframework/security/acls/model/SidRetrievalStrategy.java
+++ b/acl/src/main/java/org/springframework/security/acls/model/SidRetrievalStrategy.java
@@ -27,8 +27,10 @@ import org.springframework.security.core.Authentication;
  * @author Ben Alex
  */
 public interface SidRetrievalStrategy {
+
 	// ~ Methods
 	// ========================================================================================================
 
 	List<Sid> getSids(Authentication authentication);
+
 }
diff --git a/acl/src/main/java/org/springframework/security/acls/model/UnloadedSidException.java b/acl/src/main/java/org/springframework/security/acls/model/UnloadedSidException.java
index b692ad79ca..f48b60e11b 100644
--- a/acl/src/main/java/org/springframework/security/acls/model/UnloadedSidException.java
+++ b/acl/src/main/java/org/springframework/security/acls/model/UnloadedSidException.java
@@ -23,12 +23,12 @@ package org.springframework.security.acls.model;
  * @author Ben Alex
  */
 public class UnloadedSidException extends AclDataAccessException {
+
 	// ~ Constructors
 	// ===================================================================================================
 
 	/**
 	 * Constructs an <code>NotFoundException</code> with the specified message.
-	 *
 	 * @param msg the detail message
 	 */
 	public UnloadedSidException(String msg) {
@@ -38,11 +38,11 @@ public class UnloadedSidException extends AclDataAccessException {
 	/**
 	 * Constructs an <code>NotFoundException</code> with the specified message and root
 	 * cause.
-	 *
 	 * @param msg the detail message
 	 * @param t root cause
 	 */
 	public UnloadedSidException(String msg, Throwable t) {
 		super(msg, t);
 	}
+
 }
diff --git a/acl/src/main/java/org/springframework/security/acls/model/package-info.java b/acl/src/main/java/org/springframework/security/acls/model/package-info.java
index c6f8389ae9..7b06410450 100644
--- a/acl/src/main/java/org/springframework/security/acls/model/package-info.java
+++ b/acl/src/main/java/org/springframework/security/acls/model/package-info.java
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 /**
- * Interfaces and shared classes to manage access control lists (ACLs) for domain object instances.
+ * Interfaces and shared classes to manage access control lists (ACLs) for domain object
+ * instances.
  */
 package org.springframework.security.acls.model;
-
diff --git a/acl/src/main/java/org/springframework/security/acls/package-info.java b/acl/src/main/java/org/springframework/security/acls/package-info.java
index 75d4de804f..7b764596d5 100644
--- a/acl/src/main/java/org/springframework/security/acls/package-info.java
+++ b/acl/src/main/java/org/springframework/security/acls/package-info.java
@@ -14,11 +14,13 @@
  * limitations under the License.
  */
 /**
- * The Spring Security ACL package which implements instance-based security for domain objects.
+ * The Spring Security ACL package which implements instance-based security for domain
+ * objects.
  * <p>
- * Consider using the annotation based approach ({@code @PreAuthorize}, {@code @PostFilter} annotations) combined
- * with a {@link org.springframework.security.acls.AclPermissionEvaluator} in preference to the older and more verbose
- * attribute/voter/after-invocation approach from versions before Spring Security 3.0.
+ * Consider using the annotation based approach ({@code @PreAuthorize},
+ * {@code @PostFilter} annotations) combined with a
+ * {@link org.springframework.security.acls.AclPermissionEvaluator} in preference to the
+ * older and more verbose attribute/voter/after-invocation approach from versions before
+ * Spring Security 3.0.
  */
 package org.springframework.security.acls;
-
diff --git a/acl/src/test/java/org/springframework/security/acls/AclFormattingUtilsTests.java b/acl/src/test/java/org/springframework/security/acls/AclFormattingUtilsTests.java
index acf951ef06..87fcd2e0e9 100644
--- a/acl/src/test/java/org/springframework/security/acls/AclFormattingUtilsTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/AclFormattingUtilsTests.java
@@ -66,13 +66,11 @@ public class AclFormattingUtilsTests {
 	public final void testDemergePatterns() {
 		String original = "...........................A...R";
 		String removeBits = "...............................R";
-		assertThat(AclFormattingUtils.demergePatterns(original, removeBits)).isEqualTo(
-				"...........................A....");
+		assertThat(AclFormattingUtils.demergePatterns(original, removeBits))
+				.isEqualTo("...........................A....");
 
-		assertThat(AclFormattingUtils.demergePatterns("ABCDEF", "......")).isEqualTo(
-				"ABCDEF");
-		assertThat(AclFormattingUtils.demergePatterns("ABCDEF", "GHIJKL")).isEqualTo(
-				"......");
+		assertThat(AclFormattingUtils.demergePatterns("ABCDEF", "......")).isEqualTo("ABCDEF");
+		assertThat(AclFormattingUtils.demergePatterns("ABCDEF", "GHIJKL")).isEqualTo("......");
 	}
 
 	@Test
@@ -109,19 +107,15 @@ public class AclFormattingUtilsTests {
 	public final void testMergePatterns() {
 		String original = "...............................R";
 		String extraBits = "...........................A....";
-		assertThat(AclFormattingUtils.mergePatterns(original, extraBits)).isEqualTo(
-				"...........................A...R");
+		assertThat(AclFormattingUtils.mergePatterns(original, extraBits)).isEqualTo("...........................A...R");
 
-		assertThat(AclFormattingUtils.mergePatterns("ABCDEF", "......")).isEqualTo(
-				"ABCDEF");
-		assertThat(AclFormattingUtils.mergePatterns("ABCDEF", "GHIJKL")).isEqualTo(
-				"GHIJKL");
+		assertThat(AclFormattingUtils.mergePatterns("ABCDEF", "......")).isEqualTo("ABCDEF");
+		assertThat(AclFormattingUtils.mergePatterns("ABCDEF", "GHIJKL")).isEqualTo("GHIJKL");
 	}
 
 	@Test
 	public final void testBinaryPrints() {
-		assertThat(AclFormattingUtils.printBinary(15)).isEqualTo(
-				"............................****");
+		assertThat(AclFormattingUtils.printBinary(15)).isEqualTo("............................****");
 
 		try {
 			AclFormattingUtils.printBinary(15, Permission.RESERVED_ON);
@@ -137,19 +131,17 @@ public class AclFormattingUtilsTests {
 		catch (IllegalArgumentException notExpected) {
 		}
 
-		assertThat(AclFormattingUtils.printBinary(15, 'x')).isEqualTo(
-				"............................xxxx");
+		assertThat(AclFormattingUtils.printBinary(15, 'x')).isEqualTo("............................xxxx");
 	}
 
 	@Test
 	public void testPrintBinaryNegative() {
-		assertThat(AclFormattingUtils.printBinary(0x80000000)).isEqualTo(
-				"*...............................");
+		assertThat(AclFormattingUtils.printBinary(0x80000000)).isEqualTo("*...............................");
 	}
 
 	@Test
 	public void testPrintBinaryMinusOne() {
-		assertThat(AclFormattingUtils.printBinary(0xffffffff)).isEqualTo(
-				"********************************");
+		assertThat(AclFormattingUtils.printBinary(0xffffffff)).isEqualTo("********************************");
 	}
+
 }
diff --git a/acl/src/test/java/org/springframework/security/acls/AclPermissionCacheOptimizerTests.java b/acl/src/test/java/org/springframework/security/acls/AclPermissionCacheOptimizerTests.java
index d499a79ca7..f922d20c9c 100644
--- a/acl/src/test/java/org/springframework/security/acls/AclPermissionCacheOptimizerTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/AclPermissionCacheOptimizerTests.java
@@ -44,8 +44,7 @@ public class AclPermissionCacheOptimizerTests {
 		pco.setObjectIdentityRetrievalStrategy(oidStrat);
 		pco.setSidRetrievalStrategy(sidStrat);
 		Object[] dos = { new Object(), null, new Object() };
-		ObjectIdentity[] oids = { new ObjectIdentityImpl("A", "1"),
-				new ObjectIdentityImpl("A", "2") };
+		ObjectIdentity[] oids = { new ObjectIdentityImpl("A", "1"), new ObjectIdentityImpl("A", "2") };
 		when(oidStrat.getObjectIdentity(dos[0])).thenReturn(oids[0]);
 		when(oidStrat.getObjectIdentity(dos[2])).thenReturn(oids[1]);
 
diff --git a/acl/src/test/java/org/springframework/security/acls/AclPermissionEvaluatorTests.java b/acl/src/test/java/org/springframework/security/acls/AclPermissionEvaluatorTests.java
index 47df332908..148083b750 100644
--- a/acl/src/test/java/org/springframework/security/acls/AclPermissionEvaluatorTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/AclPermissionEvaluatorTests.java
@@ -30,7 +30,6 @@ import org.springframework.security.acls.model.SidRetrievalStrategy;
 import org.springframework.security.core.Authentication;
 
 /**
- *
  * @author Luke Taylor
  * @since 3.0
  */
@@ -74,4 +73,5 @@ public class AclPermissionEvaluatorTests {
 
 		Locale.setDefault(systemLocale);
 	}
+
 }
diff --git a/acl/src/test/java/org/springframework/security/acls/TargetObjectWithUUID.java b/acl/src/test/java/org/springframework/security/acls/TargetObjectWithUUID.java
index 426956f7ea..11b297257d 100644
--- a/acl/src/test/java/org/springframework/security/acls/TargetObjectWithUUID.java
+++ b/acl/src/test/java/org/springframework/security/acls/TargetObjectWithUUID.java
@@ -33,4 +33,5 @@ public final class TargetObjectWithUUID {
 	public void setId(UUID id) {
 		this.id = id;
 	}
+
 }
diff --git a/acl/src/test/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationCollectionFilteringProviderTests.java b/acl/src/test/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationCollectionFilteringProviderTests.java
index b85b01d3dd..f9a1c8f4b6 100644
--- a/acl/src/test/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationCollectionFilteringProviderTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationCollectionFilteringProviderTests.java
@@ -15,7 +15,6 @@
  */
 package org.springframework.security.acls.afterinvocation;
 
-
 import static org.assertj.core.api.Assertions.*;
 
 import static org.mockito.Mockito.*;
@@ -36,14 +35,13 @@ import java.util.List;
  */
 @SuppressWarnings({ "unchecked" })
 public class AclEntryAfterInvocationCollectionFilteringProviderTests {
+
 	@Test
 	public void objectsAreRemovedIfPermissionDenied() {
 		AclService service = mock(AclService.class);
 		Acl acl = mock(Acl.class);
-		when(acl.isGranted(any(), any(), anyBoolean())).thenReturn(
-				false);
-		when(service.readAclById(any(), any())).thenReturn(
-				acl);
+		when(acl.isGranted(any(), any(), anyBoolean())).thenReturn(false);
+		when(service.readAclById(any(), any())).thenReturn(acl);
 		AclEntryAfterInvocationCollectionFilteringProvider provider = new AclEntryAfterInvocationCollectionFilteringProvider(
 				service, Arrays.asList(mock(Permission.class)));
 		provider.setObjectIdentityRetrievalStrategy(mock(ObjectIdentityRetrievalStrategy.class));
@@ -51,8 +49,8 @@ public class AclEntryAfterInvocationCollectionFilteringProviderTests {
 		provider.setSidRetrievalStrategy(mock(SidRetrievalStrategy.class));
 
 		Object returned = provider.decide(mock(Authentication.class), new Object(),
-				SecurityConfig.createList("AFTER_ACL_COLLECTION_READ"), new ArrayList(
-						Arrays.asList(new Object(), new Object())));
+				SecurityConfig.createList("AFTER_ACL_COLLECTION_READ"),
+				new ArrayList(Arrays.asList(new Object(), new Object())));
 		assertThat(returned).isInstanceOf(List.class);
 		assertThat(((List) returned)).isEmpty();
 		returned = provider.decide(mock(Authentication.class), new Object(),
@@ -68,10 +66,8 @@ public class AclEntryAfterInvocationCollectionFilteringProviderTests {
 				mock(AclService.class), Arrays.asList(mock(Permission.class)));
 		Object returned = new Object();
 
-		assertThat(returned)
-			.isSameAs(
-				provider.decide(mock(Authentication.class), new Object(),
-						Collections.<ConfigAttribute> emptyList(), returned));
+		assertThat(returned).isSameAs(provider.decide(mock(Authentication.class), new Object(),
+				Collections.<ConfigAttribute>emptyList(), returned));
 	}
 
 	@Test
@@ -81,8 +77,7 @@ public class AclEntryAfterInvocationCollectionFilteringProviderTests {
 				service, Arrays.asList(mock(Permission.class)));
 
 		assertThat(provider.decide(mock(Authentication.class), new Object(),
-				SecurityConfig.createList("AFTER_ACL_COLLECTION_READ"), null))
-				.isNull();
+				SecurityConfig.createList("AFTER_ACL_COLLECTION_READ"), null)).isNull();
 		verify(service, never()).readAclById(any(ObjectIdentity.class), any(List.class));
 	}
 
diff --git a/acl/src/test/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationProviderTests.java b/acl/src/test/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationProviderTests.java
index 322bb3d11f..a541f72215 100644
--- a/acl/src/test/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationProviderTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationProviderTests.java
@@ -44,74 +44,59 @@ public class AclEntryAfterInvocationProviderTests {
 		}
 		catch (IllegalArgumentException expected) {
 		}
-		new AclEntryAfterInvocationProvider(mock(AclService.class),
-				Collections.<Permission> emptyList());
+		new AclEntryAfterInvocationProvider(mock(AclService.class), Collections.<Permission>emptyList());
 	}
 
 	@Test
 	public void accessIsAllowedIfPermissionIsGranted() {
 		AclService service = mock(AclService.class);
 		Acl acl = mock(Acl.class);
-		when(acl.isGranted(any(List.class), any(List.class), anyBoolean())).thenReturn(
-				true);
-		when(service.readAclById(any(), any())).thenReturn(
-				acl);
-		AclEntryAfterInvocationProvider provider = new AclEntryAfterInvocationProvider(
-				service, Arrays.asList(mock(Permission.class)));
+		when(acl.isGranted(any(List.class), any(List.class), anyBoolean())).thenReturn(true);
+		when(service.readAclById(any(), any())).thenReturn(acl);
+		AclEntryAfterInvocationProvider provider = new AclEntryAfterInvocationProvider(service,
+				Arrays.asList(mock(Permission.class)));
 		provider.setMessageSource(new SpringSecurityMessageSource());
 		provider.setObjectIdentityRetrievalStrategy(mock(ObjectIdentityRetrievalStrategy.class));
 		provider.setProcessDomainObjectClass(Object.class);
 		provider.setSidRetrievalStrategy(mock(SidRetrievalStrategy.class));
 		Object returned = new Object();
 
-		assertThat(
-				returned)
-			.isSameAs(
-				provider.decide(mock(Authentication.class), new Object(),
-						SecurityConfig.createList("AFTER_ACL_READ"), returned));
+		assertThat(returned).isSameAs(provider.decide(mock(Authentication.class), new Object(),
+				SecurityConfig.createList("AFTER_ACL_READ"), returned));
 	}
 
 	@Test
 	public void accessIsGrantedIfNoAttributesDefined() {
-		AclEntryAfterInvocationProvider provider = new AclEntryAfterInvocationProvider(
-				mock(AclService.class), Arrays.asList(mock(Permission.class)));
+		AclEntryAfterInvocationProvider provider = new AclEntryAfterInvocationProvider(mock(AclService.class),
+				Arrays.asList(mock(Permission.class)));
 		Object returned = new Object();
 
-		assertThat(
-				returned)
-			.isSameAs(
-				provider.decide(mock(Authentication.class), new Object(),
-						Collections.<ConfigAttribute> emptyList(), returned));
+		assertThat(returned).isSameAs(provider.decide(mock(Authentication.class), new Object(),
+				Collections.<ConfigAttribute>emptyList(), returned));
 	}
 
 	@Test
 	public void accessIsGrantedIfObjectTypeNotSupported() {
-		AclEntryAfterInvocationProvider provider = new AclEntryAfterInvocationProvider(
-				mock(AclService.class), Arrays.asList(mock(Permission.class)));
+		AclEntryAfterInvocationProvider provider = new AclEntryAfterInvocationProvider(mock(AclService.class),
+				Arrays.asList(mock(Permission.class)));
 		provider.setProcessDomainObjectClass(String.class);
 		// Not a String
 		Object returned = new Object();
 
-		assertThat(
-				returned)
-			.isSameAs(
-				provider.decide(mock(Authentication.class), new Object(),
-						SecurityConfig.createList("AFTER_ACL_READ"), returned));
+		assertThat(returned).isSameAs(provider.decide(mock(Authentication.class), new Object(),
+				SecurityConfig.createList("AFTER_ACL_READ"), returned));
 	}
 
 	@Test(expected = AccessDeniedException.class)
 	public void accessIsDeniedIfPermissionIsNotGranted() {
 		AclService service = mock(AclService.class);
 		Acl acl = mock(Acl.class);
-		when(acl.isGranted(any(List.class), any(List.class), anyBoolean())).thenReturn(
-				false);
+		when(acl.isGranted(any(List.class), any(List.class), anyBoolean())).thenReturn(false);
 		// Try a second time with no permissions found
-		when(acl.isGranted(any(), any(List.class), anyBoolean())).thenThrow(
-				new NotFoundException(""));
-		when(service.readAclById(any(), any())).thenReturn(
-				acl);
-		AclEntryAfterInvocationProvider provider = new AclEntryAfterInvocationProvider(
-				service, Arrays.asList(mock(Permission.class)));
+		when(acl.isGranted(any(), any(List.class), anyBoolean())).thenThrow(new NotFoundException(""));
+		when(service.readAclById(any(), any())).thenReturn(acl);
+		AclEntryAfterInvocationProvider provider = new AclEntryAfterInvocationProvider(service,
+				Arrays.asList(mock(Permission.class)));
 		provider.setProcessConfigAttribute("MY_ATTRIBUTE");
 		provider.setMessageSource(new SpringSecurityMessageSource());
 		provider.setObjectIdentityRetrievalStrategy(mock(ObjectIdentityRetrievalStrategy.class));
@@ -119,8 +104,7 @@ public class AclEntryAfterInvocationProviderTests {
 		provider.setSidRetrievalStrategy(mock(SidRetrievalStrategy.class));
 		try {
 			provider.decide(mock(Authentication.class), new Object(),
-					SecurityConfig.createList("UNSUPPORTED", "MY_ATTRIBUTE"),
-					new Object());
+					SecurityConfig.createList("UNSUPPORTED", "MY_ATTRIBUTE"), new Object());
 			fail("Expected Exception");
 		}
 		catch (AccessDeniedException expected) {
@@ -133,12 +117,12 @@ public class AclEntryAfterInvocationProviderTests {
 	@Test
 	public void nullReturnObjectIsIgnored() {
 		AclService service = mock(AclService.class);
-		AclEntryAfterInvocationProvider provider = new AclEntryAfterInvocationProvider(
-				service, Arrays.asList(mock(Permission.class)));
+		AclEntryAfterInvocationProvider provider = new AclEntryAfterInvocationProvider(service,
+				Arrays.asList(mock(Permission.class)));
 
 		assertThat(provider.decide(mock(Authentication.class), new Object(),
-				SecurityConfig.createList("AFTER_ACL_COLLECTION_READ"), null))
-			.isNull();
+				SecurityConfig.createList("AFTER_ACL_COLLECTION_READ"), null)).isNull();
 		verify(service, never()).readAclById(any(ObjectIdentity.class), any(List.class));
 	}
+
 }
diff --git a/acl/src/test/java/org/springframework/security/acls/domain/AccessControlImplEntryTests.java b/acl/src/test/java/org/springframework/security/acls/domain/AccessControlImplEntryTests.java
index bbf33dfef4..0def085888 100644
--- a/acl/src/test/java/org/springframework/security/acls/domain/AccessControlImplEntryTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/domain/AccessControlImplEntryTests.java
@@ -39,8 +39,8 @@ public class AccessControlImplEntryTests {
 	public void testConstructorRequiredFields() {
 		// Check Acl field is present
 		try {
-			new AccessControlEntryImpl(null, null, new PrincipalSid("johndoe"),
-					BasePermission.ADMINISTRATION, true, true, true);
+			new AccessControlEntryImpl(null, null, new PrincipalSid("johndoe"), BasePermission.ADMINISTRATION, true,
+					true, true);
 			fail("It should have thrown IllegalArgumentException");
 		}
 		catch (IllegalArgumentException expected) {
@@ -48,8 +48,7 @@ public class AccessControlImplEntryTests {
 
 		// Check Sid field is present
 		try {
-			new AccessControlEntryImpl(null, mock(Acl.class), null,
-					BasePermission.ADMINISTRATION, true, true, true);
+			new AccessControlEntryImpl(null, mock(Acl.class), null, BasePermission.ADMINISTRATION, true, true, true);
 			fail("It should have thrown IllegalArgumentException");
 		}
 		catch (IllegalArgumentException expected) {
@@ -57,8 +56,7 @@ public class AccessControlImplEntryTests {
 
 		// Check Permission field is present
 		try {
-			new AccessControlEntryImpl(null, mock(Acl.class),
-					new PrincipalSid("johndoe"), null, true, true, true);
+			new AccessControlEntryImpl(null, mock(Acl.class), new PrincipalSid("johndoe"), null, true, true, true);
 			fail("It should have thrown IllegalArgumentException");
 		}
 		catch (IllegalArgumentException expected) {
@@ -71,8 +69,8 @@ public class AccessControlImplEntryTests {
 		Sid sid = new PrincipalSid("johndoe");
 
 		// Create a sample entry
-		AccessControlEntry ace = new AccessControlEntryImpl(1L, mockAcl,
-				sid, BasePermission.ADMINISTRATION, true, true, true);
+		AccessControlEntry ace = new AccessControlEntryImpl(1L, mockAcl, sid, BasePermission.ADMINISTRATION, true, true,
+				true);
 
 		// and check every get() method
 		assertThat(ace.getId()).isEqualTo(1L);
@@ -92,26 +90,26 @@ public class AccessControlImplEntryTests {
 		when(mockAcl.getObjectIdentity()).thenReturn(oid);
 		Sid sid = new PrincipalSid("johndoe");
 
-		AccessControlEntry ace = new AccessControlEntryImpl(1L, mockAcl,
-				sid, BasePermission.ADMINISTRATION, true, true, true);
+		AccessControlEntry ace = new AccessControlEntryImpl(1L, mockAcl, sid, BasePermission.ADMINISTRATION, true, true,
+				true);
 
 		assertThat(ace).isNotNull();
 		assertThat(ace).isNotEqualTo(100L);
 		assertThat(ace).isEqualTo(ace);
-		assertThat(ace).isEqualTo(new AccessControlEntryImpl(1L, mockAcl, sid,
+		assertThat(ace).isEqualTo(
+				new AccessControlEntryImpl(1L, mockAcl, sid, BasePermission.ADMINISTRATION, true, true, true));
+		assertThat(ace).isNotEqualTo(
+				new AccessControlEntryImpl(2L, mockAcl, sid, BasePermission.ADMINISTRATION, true, true, true));
+		assertThat(ace).isNotEqualTo(new AccessControlEntryImpl(1L, mockAcl, new PrincipalSid("scott"),
 				BasePermission.ADMINISTRATION, true, true, true));
-		assertThat(ace).isNotEqualTo(new AccessControlEntryImpl(2L, mockAcl, sid,
-				BasePermission.ADMINISTRATION, true, true, true));
-		assertThat(ace).isNotEqualTo(new AccessControlEntryImpl(1L, mockAcl,
-				new PrincipalSid("scott"), BasePermission.ADMINISTRATION, true, true,
-				true));
-		assertThat(ace).isNotEqualTo(new AccessControlEntryImpl(1L, mockAcl, sid,
-				BasePermission.WRITE, true, true, true));
-		assertThat(ace).isNotEqualTo(new AccessControlEntryImpl(1L, mockAcl, sid,
-				BasePermission.ADMINISTRATION, false, true, true));
-		assertThat(ace).isNotEqualTo(new AccessControlEntryImpl(1L, mockAcl, sid,
-				BasePermission.ADMINISTRATION, true, false, true));
-		assertThat(ace).isNotEqualTo(new AccessControlEntryImpl(1L, mockAcl, sid,
-				BasePermission.ADMINISTRATION, true, true, false));
+		assertThat(ace)
+				.isNotEqualTo(new AccessControlEntryImpl(1L, mockAcl, sid, BasePermission.WRITE, true, true, true));
+		assertThat(ace).isNotEqualTo(
+				new AccessControlEntryImpl(1L, mockAcl, sid, BasePermission.ADMINISTRATION, false, true, true));
+		assertThat(ace).isNotEqualTo(
+				new AccessControlEntryImpl(1L, mockAcl, sid, BasePermission.ADMINISTRATION, true, false, true));
+		assertThat(ace).isNotEqualTo(
+				new AccessControlEntryImpl(1L, mockAcl, sid, BasePermission.ADMINISTRATION, true, true, false));
 	}
+
 }
diff --git a/acl/src/test/java/org/springframework/security/acls/domain/AclAuthorizationStrategyImplTests.java b/acl/src/test/java/org/springframework/security/acls/domain/AclAuthorizationStrategyImplTests.java
index 0e8d7c12ff..348122d0c4 100644
--- a/acl/src/test/java/org/springframework/security/acls/domain/AclAuthorizationStrategyImplTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/domain/AclAuthorizationStrategyImplTests.java
@@ -15,7 +15,6 @@
  */
 package org.springframework.security.acls.domain;
 
-
 import java.util.Arrays;
 
 import org.junit.After;
@@ -31,21 +30,24 @@ import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.context.SecurityContextHolder;
 
 /**
- *
  * @author Rob Winch
  *
  */
 @RunWith(MockitoJUnitRunner.class)
 public class AclAuthorizationStrategyImplTests {
+
 	@Mock
 	Acl acl;
+
 	GrantedAuthority authority;
+
 	AclAuthorizationStrategyImpl strategy;
 
 	@Before
 	public void setup() {
 		authority = new SimpleGrantedAuthority("ROLE_AUTH");
-		TestingAuthenticationToken authentication = new TestingAuthenticationToken("foo", "bar", Arrays.asList(authority));
+		TestingAuthenticationToken authentication = new TestingAuthenticationToken("foo", "bar",
+				Arrays.asList(authority));
 		authentication.setAuthenticated(true);
 		SecurityContextHolder.getContext().setAuthentication(authentication);
 	}
@@ -64,9 +66,12 @@ public class AclAuthorizationStrategyImplTests {
 
 	@SuppressWarnings("serial")
 	class CustomAuthority implements GrantedAuthority {
+
 		@Override
 		public String getAuthority() {
 			return authority.getAuthority();
 		}
+
 	}
+
 }
diff --git a/acl/src/test/java/org/springframework/security/acls/domain/AclImplTests.java b/acl/src/test/java/org/springframework/security/acls/domain/AclImplTests.java
index 7313048d20..fddbe66610 100644
--- a/acl/src/test/java/org/springframework/security/acls/domain/AclImplTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/domain/AclImplTests.java
@@ -35,20 +35,31 @@ import java.util.*;
  * @author Andrei Stefan
  */
 public class AclImplTests {
+
 	private static final String TARGET_CLASS = "org.springframework.security.acls.TargetObject";
+
 	private static final List<Permission> READ = Arrays.asList(BasePermission.READ);
+
 	private static final List<Permission> WRITE = Arrays.asList(BasePermission.WRITE);
+
 	private static final List<Permission> CREATE = Arrays.asList(BasePermission.CREATE);
+
 	private static final List<Permission> DELETE = Arrays.asList(BasePermission.DELETE);
+
 	private static final List<Sid> SCOTT = Arrays.asList((Sid) new PrincipalSid("scott"));
+
 	private static final List<Sid> BEN = Arrays.asList((Sid) new PrincipalSid("ben"));
 
-	Authentication auth = new TestingAuthenticationToken("joe", "ignored",
-			"ROLE_ADMINISTRATOR");
+	Authentication auth = new TestingAuthenticationToken("joe", "ignored", "ROLE_ADMINISTRATOR");
+
 	AclAuthorizationStrategy authzStrategy;
+
 	PermissionGrantingStrategy pgs;
+
 	AuditLogger mockAuditLogger;
+
 	ObjectIdentity objectIdentity = new ObjectIdentityImpl(TARGET_CLASS, 100);
+
 	private DefaultPermissionFactory permissionFactory;
 
 	// ~ Methods
@@ -72,8 +83,7 @@ public class AclImplTests {
 	@Test(expected = IllegalArgumentException.class)
 	public void constructorsRejectNullObjectIdentity() {
 		try {
-			new AclImpl(null, 1, authzStrategy, pgs, null, null, true, new PrincipalSid(
-					"joe"));
+			new AclImpl(null, 1, authzStrategy, pgs, null, null, true, new PrincipalSid("joe"));
 			fail("Should have thrown IllegalArgumentException");
 		}
 		catch (IllegalArgumentException expected) {
@@ -84,8 +94,7 @@ public class AclImplTests {
 	@Test(expected = IllegalArgumentException.class)
 	public void constructorsRejectNullId() {
 		try {
-			new AclImpl(objectIdentity, null, authzStrategy, pgs, null, null, true,
-					new PrincipalSid("joe"));
+			new AclImpl(objectIdentity, null, authzStrategy, pgs, null, null, true, new PrincipalSid("joe"));
 			fail("Should have thrown IllegalArgumentException");
 		}
 		catch (IllegalArgumentException expected) {
@@ -97,8 +106,8 @@ public class AclImplTests {
 	@Test(expected = IllegalArgumentException.class)
 	public void constructorsRejectNullAclAuthzStrategy() {
 		try {
-			new AclImpl(objectIdentity, 1, null, new DefaultPermissionGrantingStrategy(
-					mockAuditLogger), null, null, true, new PrincipalSid("joe"));
+			new AclImpl(objectIdentity, 1, null, new DefaultPermissionGrantingStrategy(mockAuditLogger), null, null,
+					true, new PrincipalSid("joe"));
 			fail("It should have thrown IllegalArgumentException");
 		}
 		catch (IllegalArgumentException expected) {
@@ -108,8 +117,7 @@ public class AclImplTests {
 
 	@Test
 	public void insertAceRejectsNullParameters() {
-		MutableAcl acl = new AclImpl(objectIdentity, 1, authzStrategy, pgs, null, null,
-				true, new PrincipalSid("joe"));
+		MutableAcl acl = new AclImpl(objectIdentity, 1, authzStrategy, pgs, null, null, true, new PrincipalSid("joe"));
 		try {
 			acl.insertAce(0, null, new GrantedAuthoritySid("ROLE_IGNORED"), true);
 			fail("It should have thrown IllegalArgumentException");
@@ -126,8 +134,7 @@ public class AclImplTests {
 
 	@Test
 	public void insertAceAddsElementAtCorrectIndex() {
-		MutableAcl acl = new AclImpl(objectIdentity, 1, authzStrategy, pgs, null, null,
-				true, new PrincipalSid("joe"));
+		MutableAcl acl = new AclImpl(objectIdentity, 1, authzStrategy, pgs, null, null, true, new PrincipalSid("joe"));
 		MockAclService service = new MockAclService();
 
 		// Insert one permission
@@ -137,8 +144,7 @@ public class AclImplTests {
 		assertThat(acl.getEntries()).hasSize(1);
 		assertThat(acl).isEqualTo(acl.getEntries().get(0).getAcl());
 		assertThat(BasePermission.READ).isEqualTo(acl.getEntries().get(0).getPermission());
-		assertThat(acl.getEntries().get(0).getSid()).isEqualTo(new GrantedAuthoritySid(
-				"ROLE_TEST1"));
+		assertThat(acl.getEntries().get(0).getSid()).isEqualTo(new GrantedAuthoritySid("ROLE_TEST1"));
 
 		// Add a second permission
 		acl.insertAce(1, BasePermission.READ, new GrantedAuthoritySid("ROLE_TEST2"), true);
@@ -147,44 +153,36 @@ public class AclImplTests {
 		assertThat(acl.getEntries()).hasSize(2);
 		assertThat(acl).isEqualTo(acl.getEntries().get(1).getAcl());
 		assertThat(BasePermission.READ).isEqualTo(acl.getEntries().get(1).getPermission());
-		assertThat(acl.getEntries().get(1).getSid()).isEqualTo(new GrantedAuthoritySid(
-				"ROLE_TEST2"));
+		assertThat(acl.getEntries().get(1).getSid()).isEqualTo(new GrantedAuthoritySid("ROLE_TEST2"));
 
 		// Add a third permission, after the first one
-		acl.insertAce(1, BasePermission.WRITE, new GrantedAuthoritySid("ROLE_TEST3"),
-				false);
+		acl.insertAce(1, BasePermission.WRITE, new GrantedAuthoritySid("ROLE_TEST3"), false);
 		service.updateAcl(acl);
 		assertThat(acl.getEntries()).hasSize(3);
 		// Check the third entry was added between the two existent ones
 		assertThat(BasePermission.READ).isEqualTo(acl.getEntries().get(0).getPermission());
-		assertThat(acl.getEntries().get(0).getSid()).isEqualTo(new GrantedAuthoritySid(
-				"ROLE_TEST1"));
+		assertThat(acl.getEntries().get(0).getSid()).isEqualTo(new GrantedAuthoritySid("ROLE_TEST1"));
 		assertThat(BasePermission.WRITE).isEqualTo(acl.getEntries().get(1).getPermission());
-		assertThat(acl.getEntries().get(1).getSid()).isEqualTo( new GrantedAuthoritySid(
-				"ROLE_TEST3"));
+		assertThat(acl.getEntries().get(1).getSid()).isEqualTo(new GrantedAuthoritySid("ROLE_TEST3"));
 		assertThat(BasePermission.READ).isEqualTo(acl.getEntries().get(2).getPermission());
-		assertThat(acl.getEntries().get(2).getSid()).isEqualTo(new GrantedAuthoritySid(
-				"ROLE_TEST2"));
+		assertThat(acl.getEntries().get(2).getSid()).isEqualTo(new GrantedAuthoritySid("ROLE_TEST2"));
 	}
 
 	@Test(expected = NotFoundException.class)
 	public void insertAceFailsForNonExistentElement() {
-		MutableAcl acl = new AclImpl(objectIdentity, 1, authzStrategy, pgs, null, null,
-				true, new PrincipalSid("joe"));
+		MutableAcl acl = new AclImpl(objectIdentity, 1, authzStrategy, pgs, null, null, true, new PrincipalSid("joe"));
 		MockAclService service = new MockAclService();
 
 		// Insert one permission
 		acl.insertAce(0, BasePermission.READ, new GrantedAuthoritySid("ROLE_TEST1"), true);
 		service.updateAcl(acl);
 
-		acl.insertAce(55, BasePermission.READ, new GrantedAuthoritySid("ROLE_TEST2"),
-				true);
+		acl.insertAce(55, BasePermission.READ, new GrantedAuthoritySid("ROLE_TEST2"), true);
 	}
 
 	@Test
 	public void deleteAceKeepsInitialOrdering() {
-		MutableAcl acl = new AclImpl(objectIdentity, 1, authzStrategy, pgs, null, null,
-				true, new PrincipalSid("joe"));
+		MutableAcl acl = new AclImpl(objectIdentity, 1, authzStrategy, pgs, null, null, true, new PrincipalSid("joe"));
 		MockAclService service = new MockAclService();
 
 		// Add several permissions
@@ -197,20 +195,16 @@ public class AclImplTests {
 		// kept
 		acl.deleteAce(0);
 		assertThat(acl.getEntries()).hasSize(2);
-		assertThat(acl.getEntries().get(0).getSid()).isEqualTo(new GrantedAuthoritySid(
-				"ROLE_TEST2"));
-		assertThat(acl.getEntries().get(1).getSid()).isEqualTo(new GrantedAuthoritySid(
-				"ROLE_TEST3"));
+		assertThat(acl.getEntries().get(0).getSid()).isEqualTo(new GrantedAuthoritySid("ROLE_TEST2"));
+		assertThat(acl.getEntries().get(1).getSid()).isEqualTo(new GrantedAuthoritySid("ROLE_TEST3"));
 
 		// Add one more permission and remove the permission in the middle
 		acl.insertAce(2, BasePermission.READ, new GrantedAuthoritySid("ROLE_TEST4"), true);
 		service.updateAcl(acl);
 		acl.deleteAce(1);
 		assertThat(acl.getEntries()).hasSize(2);
-		assertThat(acl.getEntries().get(0).getSid()).isEqualTo(new GrantedAuthoritySid(
-				"ROLE_TEST2"));
-		assertThat(acl.getEntries().get(1).getSid()).isEqualTo(new GrantedAuthoritySid(
-				"ROLE_TEST4"));
+		assertThat(acl.getEntries().get(0).getSid()).isEqualTo(new GrantedAuthoritySid("ROLE_TEST2"));
+		assertThat(acl.getEntries().get(1).getSid()).isEqualTo(new GrantedAuthoritySid("ROLE_TEST4"));
 
 		// Remove remaining permissions
 		acl.deleteAce(1);
@@ -221,10 +215,9 @@ public class AclImplTests {
 	@Test
 	public void deleteAceFailsForNonExistentElement() {
 		AclAuthorizationStrategyImpl strategy = new AclAuthorizationStrategyImpl(
-				new SimpleGrantedAuthority("ROLE_OWNERSHIP"), new SimpleGrantedAuthority(
-						"ROLE_AUDITING"), new SimpleGrantedAuthority("ROLE_GENERAL"));
-		MutableAcl acl = new AclImpl(objectIdentity, (1), strategy, pgs, null, null,
-				true, new PrincipalSid("joe"));
+				new SimpleGrantedAuthority("ROLE_OWNERSHIP"), new SimpleGrantedAuthority("ROLE_AUDITING"),
+				new SimpleGrantedAuthority("ROLE_GENERAL"));
+		MutableAcl acl = new AclImpl(objectIdentity, (1), strategy, pgs, null, null, true, new PrincipalSid("joe"));
 		try {
 			acl.deleteAce(99);
 			fail("It should have thrown NotFoundException");
@@ -235,8 +228,7 @@ public class AclImplTests {
 
 	@Test
 	public void isGrantingRejectsEmptyParameters() {
-		MutableAcl acl = new AclImpl(objectIdentity, 1, authzStrategy, pgs, null, null,
-				true, new PrincipalSid("joe"));
+		MutableAcl acl = new AclImpl(objectIdentity, 1, authzStrategy, pgs, null, null, true, new PrincipalSid("joe"));
 		Sid ben = new PrincipalSid("ben");
 		try {
 			acl.isGranted(new ArrayList<>(0), Arrays.asList(ben), false);
@@ -254,28 +246,23 @@ public class AclImplTests {
 
 	@Test
 	public void isGrantingGrantsAccessForAclWithNoParent() {
-		Authentication auth = new TestingAuthenticationToken("ben", "ignored",
-				"ROLE_GENERAL", "ROLE_GUEST");
+		Authentication auth = new TestingAuthenticationToken("ben", "ignored", "ROLE_GENERAL", "ROLE_GUEST");
 		auth.setAuthenticated(true);
 		SecurityContextHolder.getContext().setAuthentication(auth);
 		ObjectIdentity rootOid = new ObjectIdentityImpl(TARGET_CLASS, 100);
 
 		// Create an ACL which owner is not the authenticated principal
-		MutableAcl rootAcl = new AclImpl(rootOid, 1, authzStrategy, pgs, null, null,
-				false, new PrincipalSid("joe"));
+		MutableAcl rootAcl = new AclImpl(rootOid, 1, authzStrategy, pgs, null, null, false, new PrincipalSid("joe"));
 
 		// Grant some permissions
 		rootAcl.insertAce(0, BasePermission.READ, new PrincipalSid("ben"), false);
 		rootAcl.insertAce(1, BasePermission.WRITE, new PrincipalSid("scott"), true);
 		rootAcl.insertAce(2, BasePermission.WRITE, new PrincipalSid("rod"), false);
-		rootAcl.insertAce(3, BasePermission.WRITE, new GrantedAuthoritySid(
-				"WRITE_ACCESS_ROLE"), true);
+		rootAcl.insertAce(3, BasePermission.WRITE, new GrantedAuthoritySid("WRITE_ACCESS_ROLE"), true);
 
 		// Check permissions granting
-		List<Permission> permissions = Arrays.asList(BasePermission.READ,
-				BasePermission.CREATE);
-		List<Sid> sids = Arrays.asList(new PrincipalSid("ben"), new GrantedAuthoritySid(
-				"ROLE_GUEST"));
+		List<Permission> permissions = Arrays.asList(BasePermission.READ, BasePermission.CREATE);
+		List<Sid> sids = Arrays.asList(new PrincipalSid("ben"), new GrantedAuthoritySid("ROLE_GUEST"));
 		assertThat(rootAcl.isGranted(permissions, sids, false)).isFalse();
 		try {
 			rootAcl.isGranted(permissions, SCOTT, false);
@@ -284,14 +271,14 @@ public class AclImplTests {
 		catch (NotFoundException expected) {
 		}
 		assertThat(rootAcl.isGranted(WRITE, SCOTT, false)).isTrue();
-		assertThat(rootAcl.isGranted(WRITE, Arrays.asList(new PrincipalSid("rod"),
-				new GrantedAuthoritySid("WRITE_ACCESS_ROLE")), false)).isFalse();
-		assertThat(rootAcl.isGranted(WRITE, Arrays.asList(new GrantedAuthoritySid(
-				"WRITE_ACCESS_ROLE"), new PrincipalSid("rod")), false)).isTrue();
+		assertThat(rootAcl.isGranted(WRITE,
+				Arrays.asList(new PrincipalSid("rod"), new GrantedAuthoritySid("WRITE_ACCESS_ROLE")), false)).isFalse();
+		assertThat(rootAcl.isGranted(WRITE,
+				Arrays.asList(new GrantedAuthoritySid("WRITE_ACCESS_ROLE"), new PrincipalSid("rod")), false)).isTrue();
 		try {
 			// Change the type of the Sid and check the granting process
-			rootAcl.isGranted(WRITE, Arrays.asList(new GrantedAuthoritySid("rod"),
-					new PrincipalSid("WRITE_ACCESS_ROLE")), false);
+			rootAcl.isGranted(WRITE,
+					Arrays.asList(new GrantedAuthoritySid("rod"), new PrincipalSid("WRITE_ACCESS_ROLE")), false);
 			fail("It should have thrown NotFoundException");
 		}
 		catch (NotFoundException expected) {
@@ -300,8 +287,7 @@ public class AclImplTests {
 
 	@Test
 	public void isGrantingGrantsAccessForInheritableAcls() {
-		Authentication auth = new TestingAuthenticationToken("ben", "ignored",
-				"ROLE_GENERAL");
+		Authentication auth = new TestingAuthenticationToken("ben", "ignored", "ROLE_GENERAL");
 		auth.setAuthenticated(true);
 		SecurityContextHolder.getContext().setAuthentication(auth);
 		ObjectIdentity grandParentOid = new ObjectIdentityImpl(TARGET_CLASS, 100);
@@ -312,16 +298,11 @@ public class AclImplTests {
 
 		// Create ACLs
 		PrincipalSid joe = new PrincipalSid("joe");
-		MutableAcl grandParentAcl = new AclImpl(grandParentOid, 1, authzStrategy, pgs,
-				null, null, false, joe);
-		MutableAcl parentAcl1 = new AclImpl(parentOid1, 2, authzStrategy, pgs, null,
-				null, true, joe);
-		MutableAcl parentAcl2 = new AclImpl(parentOid2, 3, authzStrategy, pgs, null,
-				null, true, joe);
-		MutableAcl childAcl1 = new AclImpl(childOid1, 4, authzStrategy, pgs, null, null,
-				true, joe);
-		MutableAcl childAcl2 = new AclImpl(childOid2, 4, authzStrategy, pgs, null, null,
-				false, joe);
+		MutableAcl grandParentAcl = new AclImpl(grandParentOid, 1, authzStrategy, pgs, null, null, false, joe);
+		MutableAcl parentAcl1 = new AclImpl(parentOid1, 2, authzStrategy, pgs, null, null, true, joe);
+		MutableAcl parentAcl2 = new AclImpl(parentOid2, 3, authzStrategy, pgs, null, null, true, joe);
+		MutableAcl childAcl1 = new AclImpl(childOid1, 4, authzStrategy, pgs, null, null, true, joe);
+		MutableAcl childAcl2 = new AclImpl(childOid2, 4, authzStrategy, pgs, null, null, false, joe);
 
 		// Create hierarchies
 		childAcl2.setParent(childAcl1);
@@ -330,13 +311,10 @@ public class AclImplTests {
 		parentAcl1.setParent(grandParentAcl);
 
 		// Add some permissions
-		grandParentAcl.insertAce(0, BasePermission.READ, new GrantedAuthoritySid(
-				"ROLE_USER_READ"), true);
+		grandParentAcl.insertAce(0, BasePermission.READ, new GrantedAuthoritySid("ROLE_USER_READ"), true);
 		grandParentAcl.insertAce(1, BasePermission.WRITE, new PrincipalSid("ben"), true);
-		grandParentAcl
-				.insertAce(2, BasePermission.DELETE, new PrincipalSid("ben"), false);
-		grandParentAcl.insertAce(3, BasePermission.DELETE, new PrincipalSid("scott"),
-				true);
+		grandParentAcl.insertAce(2, BasePermission.DELETE, new PrincipalSid("ben"), false);
+		grandParentAcl.insertAce(3, BasePermission.DELETE, new PrincipalSid("scott"), true);
 		parentAcl1.insertAce(0, BasePermission.READ, new PrincipalSid("scott"), true);
 		parentAcl1.insertAce(1, BasePermission.DELETE, new PrincipalSid("scott"), false);
 		parentAcl2.insertAce(0, BasePermission.CREATE, new PrincipalSid("ben"), true);
@@ -344,8 +322,7 @@ public class AclImplTests {
 
 		// Check granting process for parent1
 		assertThat(parentAcl1.isGranted(READ, SCOTT, false)).isTrue();
-		assertThat(parentAcl1.isGranted(READ,
-				Arrays.asList((Sid) new GrantedAuthoritySid("ROLE_USER_READ")), false))
+		assertThat(parentAcl1.isGranted(READ, Arrays.asList((Sid) new GrantedAuthoritySid("ROLE_USER_READ")), false))
 				.isTrue();
 		assertThat(parentAcl1.isGranted(WRITE, BEN, false)).isTrue();
 		assertThat(parentAcl1.isGranted(DELETE, BEN, false)).isFalse();
@@ -358,8 +335,7 @@ public class AclImplTests {
 
 		// Check granting process for child1
 		assertThat(childAcl1.isGranted(CREATE, SCOTT, false)).isTrue();
-		assertThat(childAcl1.isGranted(READ,
-				Arrays.asList((Sid) new GrantedAuthoritySid("ROLE_USER_READ")), false))
+		assertThat(childAcl1.isGranted(READ, Arrays.asList((Sid) new GrantedAuthoritySid("ROLE_USER_READ")), false))
 				.isTrue();
 		assertThat(childAcl1.isGranted(DELETE, BEN, false)).isFalse();
 
@@ -372,8 +348,7 @@ public class AclImplTests {
 		catch (NotFoundException expected) {
 		}
 		try {
-			childAcl2.isGranted(CREATE,
-					Arrays.asList((Sid) new PrincipalSid("joe")), false);
+			childAcl2.isGranted(CREATE, Arrays.asList((Sid) new PrincipalSid("joe")), false);
 			fail("It should have thrown NotFoundException");
 		}
 		catch (NotFoundException expected) {
@@ -382,18 +357,14 @@ public class AclImplTests {
 
 	@Test
 	public void updatedAceValuesAreCorrectlyReflectedInAcl() {
-		Authentication auth = new TestingAuthenticationToken("ben", "ignored",
-				"ROLE_GENERAL");
+		Authentication auth = new TestingAuthenticationToken("ben", "ignored", "ROLE_GENERAL");
 		auth.setAuthenticated(true);
 		SecurityContextHolder.getContext().setAuthentication(auth);
-		MutableAcl acl = new AclImpl(objectIdentity, 1, authzStrategy, pgs, null, null,
-				false, new PrincipalSid("joe"));
+		MutableAcl acl = new AclImpl(objectIdentity, 1, authzStrategy, pgs, null, null, false, new PrincipalSid("joe"));
 		MockAclService service = new MockAclService();
 
-		acl.insertAce(0, BasePermission.READ, new GrantedAuthoritySid("ROLE_USER_READ"),
-				true);
-		acl.insertAce(1, BasePermission.WRITE, new GrantedAuthoritySid("ROLE_USER_READ"),
-				true);
+		acl.insertAce(0, BasePermission.READ, new GrantedAuthoritySid("ROLE_USER_READ"), true);
+		acl.insertAce(1, BasePermission.WRITE, new GrantedAuthoritySid("ROLE_USER_READ"), true);
 		acl.insertAce(2, BasePermission.CREATE, new PrincipalSid("ben"), true);
 		service.updateAcl(acl);
 
@@ -414,32 +385,20 @@ public class AclImplTests {
 
 	@Test
 	public void auditableEntryFlagsAreUpdatedCorrectly() {
-		Authentication auth = new TestingAuthenticationToken("ben", "ignored",
-				"ROLE_AUDITING", "ROLE_GENERAL");
+		Authentication auth = new TestingAuthenticationToken("ben", "ignored", "ROLE_AUDITING", "ROLE_GENERAL");
 		auth.setAuthenticated(true);
 		SecurityContextHolder.getContext().setAuthentication(auth);
-		MutableAcl acl = new AclImpl(objectIdentity, 1, authzStrategy, pgs, null, null,
-				false, new PrincipalSid("joe"));
+		MutableAcl acl = new AclImpl(objectIdentity, 1, authzStrategy, pgs, null, null, false, new PrincipalSid("joe"));
 		MockAclService service = new MockAclService();
 
-		acl.insertAce(0, BasePermission.READ, new GrantedAuthoritySid("ROLE_USER_READ"),
-				true);
-		acl.insertAce(1, BasePermission.WRITE, new GrantedAuthoritySid("ROLE_USER_READ"),
-				true);
+		acl.insertAce(0, BasePermission.READ, new GrantedAuthoritySid("ROLE_USER_READ"), true);
+		acl.insertAce(1, BasePermission.WRITE, new GrantedAuthoritySid("ROLE_USER_READ"), true);
 		service.updateAcl(acl);
 
-		assertThat(((AuditableAccessControlEntry) acl.getEntries().get(0))
-				.isAuditFailure())
-			.isFalse();
-		assertThat(((AuditableAccessControlEntry) acl.getEntries().get(1))
-				.isAuditFailure())
-			.isFalse();
-		assertThat(((AuditableAccessControlEntry) acl.getEntries().get(0))
-				.isAuditSuccess())
-			.isFalse();
-		assertThat(((AuditableAccessControlEntry) acl.getEntries().get(1))
-				.isAuditSuccess())
-			.isFalse();
+		assertThat(((AuditableAccessControlEntry) acl.getEntries().get(0)).isAuditFailure()).isFalse();
+		assertThat(((AuditableAccessControlEntry) acl.getEntries().get(1)).isAuditFailure()).isFalse();
+		assertThat(((AuditableAccessControlEntry) acl.getEntries().get(0)).isAuditSuccess()).isFalse();
+		assertThat(((AuditableAccessControlEntry) acl.getEntries().get(1)).isAuditSuccess()).isFalse();
 
 		// Change each permission
 		((AuditableAcl) acl).updateAuditing(0, true, true);
@@ -452,21 +411,16 @@ public class AclImplTests {
 
 	@Test
 	public void gettersAndSettersAreConsistent() {
-		Authentication auth = new TestingAuthenticationToken("ben", "ignored",
-				"ROLE_GENERAL");
+		Authentication auth = new TestingAuthenticationToken("ben", "ignored", "ROLE_GENERAL");
 		auth.setAuthenticated(true);
 		SecurityContextHolder.getContext().setAuthentication(auth);
 		ObjectIdentity identity = new ObjectIdentityImpl(TARGET_CLASS, (100));
 		ObjectIdentity identity2 = new ObjectIdentityImpl(TARGET_CLASS, (101));
-		MutableAcl acl = new AclImpl(identity, 1, authzStrategy, pgs, null, null, true,
-				new PrincipalSid("joe"));
-		MutableAcl parentAcl = new AclImpl(identity2, 2, authzStrategy, pgs, null, null,
-				true, new PrincipalSid("joe"));
+		MutableAcl acl = new AclImpl(identity, 1, authzStrategy, pgs, null, null, true, new PrincipalSid("joe"));
+		MutableAcl parentAcl = new AclImpl(identity2, 2, authzStrategy, pgs, null, null, true, new PrincipalSid("joe"));
 		MockAclService service = new MockAclService();
-		acl.insertAce(0, BasePermission.READ, new GrantedAuthoritySid("ROLE_USER_READ"),
-				true);
-		acl.insertAce(1, BasePermission.WRITE, new GrantedAuthoritySid("ROLE_USER_READ"),
-				true);
+		acl.insertAce(0, BasePermission.READ, new GrantedAuthoritySid("ROLE_USER_READ"), true);
+		acl.insertAce(1, BasePermission.WRITE, new GrantedAuthoritySid("ROLE_USER_READ"), true);
 		service.updateAcl(acl);
 
 		assertThat(1).isEqualTo(acl.getId());
@@ -488,50 +442,43 @@ public class AclImplTests {
 
 	@Test
 	public void isSidLoadedBehavesAsExpected() {
-		List<Sid> loadedSids = Arrays.asList(new PrincipalSid("ben"),
-				new GrantedAuthoritySid("ROLE_IGNORED"));
-		MutableAcl acl = new AclImpl(objectIdentity, 1, authzStrategy, pgs, null,
-				loadedSids, true, new PrincipalSid("joe"));
+		List<Sid> loadedSids = Arrays.asList(new PrincipalSid("ben"), new GrantedAuthoritySid("ROLE_IGNORED"));
+		MutableAcl acl = new AclImpl(objectIdentity, 1, authzStrategy, pgs, null, loadedSids, true,
+				new PrincipalSid("joe"));
 
 		assertThat(acl.isSidLoaded(loadedSids)).isTrue();
-		assertThat(acl.isSidLoaded(Arrays.asList(new GrantedAuthoritySid("ROLE_IGNORED"),
-				new PrincipalSid("ben"))))
-			.isTrue();
-		assertThat(acl.isSidLoaded(Arrays.asList((Sid) new GrantedAuthoritySid(
-				"ROLE_IGNORED"))))
-			.isTrue();
+		assertThat(acl.isSidLoaded(Arrays.asList(new GrantedAuthoritySid("ROLE_IGNORED"), new PrincipalSid("ben"))))
+				.isTrue();
+		assertThat(acl.isSidLoaded(Arrays.asList((Sid) new GrantedAuthoritySid("ROLE_IGNORED")))).isTrue();
 		assertThat(acl.isSidLoaded(BEN)).isTrue();
 		assertThat(acl.isSidLoaded(null)).isTrue();
 		assertThat(acl.isSidLoaded(new ArrayList<>(0))).isTrue();
-		assertThat(acl.isSidLoaded(Arrays.asList(new GrantedAuthoritySid(
-				"ROLE_IGNORED"), new GrantedAuthoritySid("ROLE_IGNORED"))))
-			.isTrue();
-		assertThat(acl.isSidLoaded(Arrays.asList(new GrantedAuthoritySid(
-				"ROLE_GENERAL"), new GrantedAuthoritySid("ROLE_IGNORED"))))
-			.isFalse();
-		assertThat(acl.isSidLoaded(Arrays.asList(new GrantedAuthoritySid(
-				"ROLE_IGNORED"), new GrantedAuthoritySid("ROLE_GENERAL"))))
-			.isFalse();
+		assertThat(acl.isSidLoaded(
+				Arrays.asList(new GrantedAuthoritySid("ROLE_IGNORED"), new GrantedAuthoritySid("ROLE_IGNORED"))))
+						.isTrue();
+		assertThat(acl.isSidLoaded(
+				Arrays.asList(new GrantedAuthoritySid("ROLE_GENERAL"), new GrantedAuthoritySid("ROLE_IGNORED"))))
+						.isFalse();
+		assertThat(acl.isSidLoaded(
+				Arrays.asList(new GrantedAuthoritySid("ROLE_IGNORED"), new GrantedAuthoritySid("ROLE_GENERAL"))))
+						.isFalse();
 	}
 
 	@Test(expected = NotFoundException.class)
 	public void insertAceRaisesNotFoundExceptionForIndexLessThanZero() {
-		AclImpl acl = new AclImpl(objectIdentity, 1, authzStrategy, pgs, null, null,
-				true, new PrincipalSid("joe"));
+		AclImpl acl = new AclImpl(objectIdentity, 1, authzStrategy, pgs, null, null, true, new PrincipalSid("joe"));
 		acl.insertAce(-1, mock(Permission.class), mock(Sid.class), true);
 	}
 
 	@Test(expected = NotFoundException.class)
 	public void deleteAceRaisesNotFoundExceptionForIndexLessThanZero() {
-		AclImpl acl = new AclImpl(objectIdentity, 1, authzStrategy, pgs, null, null,
-				true, new PrincipalSid("joe"));
+		AclImpl acl = new AclImpl(objectIdentity, 1, authzStrategy, pgs, null, null, true, new PrincipalSid("joe"));
 		acl.deleteAce(-1);
 	}
 
 	@Test(expected = NotFoundException.class)
 	public void insertAceRaisesNotFoundExceptionForIndexGreaterThanSize() {
-		AclImpl acl = new AclImpl(objectIdentity, 1, authzStrategy, pgs, null, null,
-				true, new PrincipalSid("joe"));
+		AclImpl acl = new AclImpl(objectIdentity, 1, authzStrategy, pgs, null, null, true, new PrincipalSid("joe"));
 		// Insert at zero, OK.
 		acl.insertAce(0, mock(Permission.class), mock(Sid.class), true);
 		// Size is now 1
@@ -541,8 +488,7 @@ public class AclImplTests {
 	// SEC-1151
 	@Test(expected = NotFoundException.class)
 	public void deleteAceRaisesNotFoundExceptionForIndexEqualToSize() {
-		AclImpl acl = new AclImpl(objectIdentity, 1, authzStrategy, pgs, null, null,
-				true, new PrincipalSid("joe"));
+		AclImpl acl = new AclImpl(objectIdentity, 1, authzStrategy, pgs, null, null, true, new PrincipalSid("joe"));
 		acl.insertAce(0, mock(Permission.class), mock(Sid.class), true);
 		// Size is now 1
 		acl.deleteAce(1);
@@ -551,11 +497,9 @@ public class AclImplTests {
 	// SEC-1795
 	@Test
 	public void changingParentIsSuccessful() {
-		AclImpl parentAcl = new AclImpl(objectIdentity, 1L, authzStrategy,
-				mockAuditLogger);
+		AclImpl parentAcl = new AclImpl(objectIdentity, 1L, authzStrategy, mockAuditLogger);
 		AclImpl childAcl = new AclImpl(objectIdentity, 2L, authzStrategy, mockAuditLogger);
-		AclImpl changeParentAcl = new AclImpl(objectIdentity, 3L, authzStrategy,
-				mockAuditLogger);
+		AclImpl changeParentAcl = new AclImpl(objectIdentity, 3L, authzStrategy, mockAuditLogger);
 
 		childAcl.setParent(parentAcl);
 		childAcl.setParent(changeParentAcl);
@@ -566,9 +510,9 @@ public class AclImplTests {
 	public void maskPermissionGrantingStrategy() {
 		DefaultPermissionGrantingStrategy maskPgs = new MaskPermissionGrantingStrategy(mockAuditLogger);
 		MockAclService service = new MockAclService();
-		AclImpl acl = new AclImpl(objectIdentity, 1, authzStrategy, maskPgs, null, null,
-				true, new PrincipalSid("joe"));
-		Permission permission = permissionFactory.buildFromMask(BasePermission.READ.getMask() | BasePermission.WRITE.getMask());
+		AclImpl acl = new AclImpl(objectIdentity, 1, authzStrategy, maskPgs, null, null, true, new PrincipalSid("joe"));
+		Permission permission = permissionFactory
+				.buildFromMask(BasePermission.READ.getMask() | BasePermission.WRITE.getMask());
 		Sid sid = new PrincipalSid("ben");
 		acl.insertAce(0, permission, sid, true);
 		service.updateAcl(acl);
@@ -579,20 +523,20 @@ public class AclImplTests {
 
 	@Test
 	public void hashCodeWithoutStackOverFlow() throws Exception {
-		//given
+		// given
 		Sid sid = new PrincipalSid("pSid");
 		ObjectIdentity oid = new ObjectIdentityImpl("type", 1);
 		AclAuthorizationStrategy authStrategy = new AclAuthorizationStrategyImpl(new SimpleGrantedAuthority("role"));
 		PermissionGrantingStrategy grantingStrategy = new DefaultPermissionGrantingStrategy(new ConsoleAuditLogger());
 
-				AclImpl acl = new AclImpl(oid, 1L, authStrategy, grantingStrategy, null, null, false, sid);
+		AclImpl acl = new AclImpl(oid, 1L, authStrategy, grantingStrategy, null, null, false, sid);
 		AccessControlEntryImpl ace = new AccessControlEntryImpl(1L, acl, sid, BasePermission.READ, true, true, true);
 
-				Field fieldAces = FieldUtils.getField(AclImpl.class, "aces");
+		Field fieldAces = FieldUtils.getField(AclImpl.class, "aces");
 		fieldAces.setAccessible(true);
 		List<AccessControlEntryImpl> aces = (List<AccessControlEntryImpl>) fieldAces.get(acl);
 		aces.add(ace);
-		//when - then none StackOverFlowError been raised
+		// when - then none StackOverFlowError been raised
 		ace.hashCode();
 	}
 
@@ -600,6 +544,7 @@ public class AclImplTests {
 	// ==================================================================================================
 
 	private static class MaskPermissionGrantingStrategy extends DefaultPermissionGrantingStrategy {
+
 		MaskPermissionGrantingStrategy(AuditLogger auditLogger) {
 			super(auditLogger);
 		}
@@ -611,25 +556,24 @@ public class AclImplTests {
 			}
 			return super.isGranted(ace, p);
 		}
+
 	}
 
 	private class MockAclService implements MutableAclService {
-		public MutableAcl createAcl(ObjectIdentity objectIdentity)
-				throws AlreadyExistsException {
+
+		public MutableAcl createAcl(ObjectIdentity objectIdentity) throws AlreadyExistsException {
 			return null;
 		}
 
-		public void deleteAcl(ObjectIdentity objectIdentity, boolean deleteChildren)
-				throws ChildrenExistException {
+		public void deleteAcl(ObjectIdentity objectIdentity, boolean deleteChildren) throws ChildrenExistException {
 		}
 
 		/*
 		 * Mock implementation that populates the aces list with fully initialized
 		 * AccessControlEntries
 		 *
-		 * @see
-		 * org.springframework.security.acls.MutableAclService#updateAcl(org.springframework
-		 * .security.acls.MutableAcl)
+		 * @see org.springframework.security.acls.MutableAclService#updateAcl(org.
+		 * springframework .security.acls.MutableAcl)
 		 */
 		@SuppressWarnings("unchecked")
 		public MutableAcl updateAcl(MutableAcl acl) throws NotFoundException {
@@ -645,9 +589,8 @@ public class AclImplTests {
 					AccessControlEntry ac = oldAces.get(i);
 					// Just give an ID to all this acl's aces, rest of the fields are just
 					// copied
-					newAces.add(new AccessControlEntryImpl((i + 1), ac.getAcl(), ac
-							.getSid(), ac.getPermission(), ac.isGranting(),
-							((AuditableAccessControlEntry) ac).isAuditSuccess(),
+					newAces.add(new AccessControlEntryImpl((i + 1), ac.getAcl(), ac.getSid(), ac.getPermission(),
+							ac.isGranting(), ((AuditableAccessControlEntry) ac).isAuditSuccess(),
 							((AuditableAccessControlEntry) ac).isAuditFailure()));
 				}
 			}
@@ -666,19 +609,19 @@ public class AclImplTests {
 			return null;
 		}
 
-		public Acl readAclById(ObjectIdentity object, List<Sid> sids)
+		public Acl readAclById(ObjectIdentity object, List<Sid> sids) throws NotFoundException {
+			return null;
+		}
+
+		public Map<ObjectIdentity, Acl> readAclsById(List<ObjectIdentity> objects) throws NotFoundException {
+			return null;
+		}
+
+		public Map<ObjectIdentity, Acl> readAclsById(List<ObjectIdentity> objects, List<Sid> sids)
 				throws NotFoundException {
 			return null;
 		}
 
-		public Map<ObjectIdentity, Acl> readAclsById(List<ObjectIdentity> objects)
-				throws NotFoundException {
-			return null;
-		}
-
-		public Map<ObjectIdentity, Acl> readAclsById(List<ObjectIdentity> objects,
-				List<Sid> sids) throws NotFoundException {
-			return null;
-		}
 	}
+
 }
diff --git a/acl/src/test/java/org/springframework/security/acls/domain/AclImplementationSecurityCheckTests.java b/acl/src/test/java/org/springframework/security/acls/domain/AclImplementationSecurityCheckTests.java
index 0eab9940ac..a20536c691 100644
--- a/acl/src/test/java/org/springframework/security/acls/domain/AclImplementationSecurityCheckTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/domain/AclImplementationSecurityCheckTests.java
@@ -35,6 +35,7 @@ import org.springframework.security.core.context.SecurityContextHolder;
  * @author Andrei Stefan
  */
 public class AclImplementationSecurityCheckTests {
+
 	private static final String TARGET_CLASS = "org.springframework.security.acls.TargetObject";
 
 	// ~ Methods
@@ -52,50 +53,42 @@ public class AclImplementationSecurityCheckTests {
 
 	@Test
 	public void testSecurityCheckNoACEs() {
-		Authentication auth = new TestingAuthenticationToken("user", "password",
-				"ROLE_GENERAL", "ROLE_AUDITING", "ROLE_OWNERSHIP");
+		Authentication auth = new TestingAuthenticationToken("user", "password", "ROLE_GENERAL", "ROLE_AUDITING",
+				"ROLE_OWNERSHIP");
 		auth.setAuthenticated(true);
 		SecurityContextHolder.getContext().setAuthentication(auth);
 
 		ObjectIdentity identity = new ObjectIdentityImpl(TARGET_CLASS, 100L);
 		AclAuthorizationStrategy aclAuthorizationStrategy = new AclAuthorizationStrategyImpl(
-				new SimpleGrantedAuthority("ROLE_OWNERSHIP"), new SimpleGrantedAuthority(
-						"ROLE_AUDITING"), new SimpleGrantedAuthority("ROLE_GENERAL"));
+				new SimpleGrantedAuthority("ROLE_OWNERSHIP"), new SimpleGrantedAuthority("ROLE_AUDITING"),
+				new SimpleGrantedAuthority("ROLE_GENERAL"));
 
-		Acl acl = new AclImpl(identity, 1L, aclAuthorizationStrategy,
-				new ConsoleAuditLogger());
+		Acl acl = new AclImpl(identity, 1L, aclAuthorizationStrategy, new ConsoleAuditLogger());
 
-		aclAuthorizationStrategy.securityCheck(acl,
-				AclAuthorizationStrategy.CHANGE_GENERAL);
-		aclAuthorizationStrategy.securityCheck(acl,
-				AclAuthorizationStrategy.CHANGE_AUDITING);
-		aclAuthorizationStrategy.securityCheck(acl,
-				AclAuthorizationStrategy.CHANGE_OWNERSHIP);
+		aclAuthorizationStrategy.securityCheck(acl, AclAuthorizationStrategy.CHANGE_GENERAL);
+		aclAuthorizationStrategy.securityCheck(acl, AclAuthorizationStrategy.CHANGE_AUDITING);
+		aclAuthorizationStrategy.securityCheck(acl, AclAuthorizationStrategy.CHANGE_OWNERSHIP);
 
 		// Create another authorization strategy
 		AclAuthorizationStrategy aclAuthorizationStrategy2 = new AclAuthorizationStrategyImpl(
-				new SimpleGrantedAuthority("ROLE_ONE"), new SimpleGrantedAuthority(
-						"ROLE_TWO"), new SimpleGrantedAuthority("ROLE_THREE"));
-		Acl acl2 = new AclImpl(identity, 1L, aclAuthorizationStrategy2,
-				new ConsoleAuditLogger());
+				new SimpleGrantedAuthority("ROLE_ONE"), new SimpleGrantedAuthority("ROLE_TWO"),
+				new SimpleGrantedAuthority("ROLE_THREE"));
+		Acl acl2 = new AclImpl(identity, 1L, aclAuthorizationStrategy2, new ConsoleAuditLogger());
 		// Check access in case the principal has no authorization rights
 		try {
-			aclAuthorizationStrategy2.securityCheck(acl2,
-					AclAuthorizationStrategy.CHANGE_GENERAL);
+			aclAuthorizationStrategy2.securityCheck(acl2, AclAuthorizationStrategy.CHANGE_GENERAL);
 			fail("It should have thrown NotFoundException");
 		}
 		catch (NotFoundException expected) {
 		}
 		try {
-			aclAuthorizationStrategy2.securityCheck(acl2,
-					AclAuthorizationStrategy.CHANGE_AUDITING);
+			aclAuthorizationStrategy2.securityCheck(acl2, AclAuthorizationStrategy.CHANGE_AUDITING);
 			fail("It should have thrown NotFoundException");
 		}
 		catch (NotFoundException expected) {
 		}
 		try {
-			aclAuthorizationStrategy2.securityCheck(acl2,
-					AclAuthorizationStrategy.CHANGE_OWNERSHIP);
+			aclAuthorizationStrategy2.securityCheck(acl2, AclAuthorizationStrategy.CHANGE_OWNERSHIP);
 			fail("It should have thrown NotFoundException");
 		}
 		catch (NotFoundException expected) {
@@ -105,54 +98,46 @@ public class AclImplementationSecurityCheckTests {
 	@Test
 	public void testSecurityCheckWithMultipleACEs() {
 		// Create a simple authentication with ROLE_GENERAL
-		Authentication auth = new TestingAuthenticationToken("user", "password",
-				"ROLE_GENERAL");
+		Authentication auth = new TestingAuthenticationToken("user", "password", "ROLE_GENERAL");
 		auth.setAuthenticated(true);
 		SecurityContextHolder.getContext().setAuthentication(auth);
 
 		ObjectIdentity identity = new ObjectIdentityImpl(TARGET_CLASS, 100L);
 		// Authorization strategy will require a different role for each access
 		AclAuthorizationStrategy aclAuthorizationStrategy = new AclAuthorizationStrategyImpl(
-				new SimpleGrantedAuthority("ROLE_OWNERSHIP"), new SimpleGrantedAuthority(
-						"ROLE_AUDITING"), new SimpleGrantedAuthority("ROLE_GENERAL"));
+				new SimpleGrantedAuthority("ROLE_OWNERSHIP"), new SimpleGrantedAuthority("ROLE_AUDITING"),
+				new SimpleGrantedAuthority("ROLE_GENERAL"));
 
 		// Let's give the principal the ADMINISTRATION permission, without
 		// granting access
-		MutableAcl aclFirstDeny = new AclImpl(identity, 1L,
-				aclAuthorizationStrategy, new ConsoleAuditLogger());
-		aclFirstDeny.insertAce(0, BasePermission.ADMINISTRATION, new PrincipalSid(auth),
-				false);
+		MutableAcl aclFirstDeny = new AclImpl(identity, 1L, aclAuthorizationStrategy, new ConsoleAuditLogger());
+		aclFirstDeny.insertAce(0, BasePermission.ADMINISTRATION, new PrincipalSid(auth), false);
 
 		// The CHANGE_GENERAL test should pass as the principal has ROLE_GENERAL
-		aclAuthorizationStrategy.securityCheck(aclFirstDeny,
-				AclAuthorizationStrategy.CHANGE_GENERAL);
+		aclAuthorizationStrategy.securityCheck(aclFirstDeny, AclAuthorizationStrategy.CHANGE_GENERAL);
 
 		// The CHANGE_AUDITING and CHANGE_OWNERSHIP should fail since the
 		// principal doesn't have these authorities,
 		// nor granting access
 		try {
-			aclAuthorizationStrategy.securityCheck(aclFirstDeny,
-					AclAuthorizationStrategy.CHANGE_AUDITING);
+			aclAuthorizationStrategy.securityCheck(aclFirstDeny, AclAuthorizationStrategy.CHANGE_AUDITING);
 			fail("It should have thrown AccessDeniedException");
 		}
 		catch (AccessDeniedException expected) {
 		}
 		try {
-			aclAuthorizationStrategy.securityCheck(aclFirstDeny,
-					AclAuthorizationStrategy.CHANGE_OWNERSHIP);
+			aclAuthorizationStrategy.securityCheck(aclFirstDeny, AclAuthorizationStrategy.CHANGE_OWNERSHIP);
 			fail("It should have thrown AccessDeniedException");
 		}
 		catch (AccessDeniedException expected) {
 		}
 
 		// Add granting access to this principal
-		aclFirstDeny.insertAce(1, BasePermission.ADMINISTRATION, new PrincipalSid(auth),
-				true);
+		aclFirstDeny.insertAce(1, BasePermission.ADMINISTRATION, new PrincipalSid(auth), true);
 		// and try again for CHANGE_AUDITING - the first ACE's granting flag
 		// (false) will deny this access
 		try {
-			aclAuthorizationStrategy.securityCheck(aclFirstDeny,
-					AclAuthorizationStrategy.CHANGE_AUDITING);
+			aclAuthorizationStrategy.securityCheck(aclFirstDeny, AclAuthorizationStrategy.CHANGE_AUDITING);
 			fail("It should have thrown AccessDeniedException");
 		}
 		catch (AccessDeniedException expected) {
@@ -160,23 +145,18 @@ public class AclImplementationSecurityCheckTests {
 
 		// Create another ACL and give the principal the ADMINISTRATION
 		// permission, with granting access
-		MutableAcl aclFirstAllow = new AclImpl(identity, 1L,
-				aclAuthorizationStrategy, new ConsoleAuditLogger());
-		aclFirstAllow.insertAce(0, BasePermission.ADMINISTRATION, new PrincipalSid(auth),
-				true);
+		MutableAcl aclFirstAllow = new AclImpl(identity, 1L, aclAuthorizationStrategy, new ConsoleAuditLogger());
+		aclFirstAllow.insertAce(0, BasePermission.ADMINISTRATION, new PrincipalSid(auth), true);
 
 		// The CHANGE_AUDITING test should pass as there is one ACE with
 		// granting access
 
-		aclAuthorizationStrategy.securityCheck(aclFirstAllow,
-				AclAuthorizationStrategy.CHANGE_AUDITING);
+		aclAuthorizationStrategy.securityCheck(aclFirstAllow, AclAuthorizationStrategy.CHANGE_AUDITING);
 
 		// Add a deny ACE and test again for CHANGE_AUDITING
-		aclFirstAllow.insertAce(1, BasePermission.ADMINISTRATION, new PrincipalSid(auth),
-				false);
+		aclFirstAllow.insertAce(1, BasePermission.ADMINISTRATION, new PrincipalSid(auth), false);
 		try {
-			aclAuthorizationStrategy.securityCheck(aclFirstAllow,
-					AclAuthorizationStrategy.CHANGE_AUDITING);
+			aclAuthorizationStrategy.securityCheck(aclFirstAllow, AclAuthorizationStrategy.CHANGE_AUDITING);
 
 		}
 		catch (AccessDeniedException notExpected) {
@@ -184,11 +164,9 @@ public class AclImplementationSecurityCheckTests {
 		}
 
 		// Create an ACL with no ACE
-		MutableAcl aclNoACE = new AclImpl(identity, 1L,
-				aclAuthorizationStrategy, new ConsoleAuditLogger());
+		MutableAcl aclNoACE = new AclImpl(identity, 1L, aclAuthorizationStrategy, new ConsoleAuditLogger());
 		try {
-			aclAuthorizationStrategy.securityCheck(aclNoACE,
-					AclAuthorizationStrategy.CHANGE_AUDITING);
+			aclAuthorizationStrategy.securityCheck(aclNoACE, AclAuthorizationStrategy.CHANGE_AUDITING);
 			fail("It should have thrown NotFoundException");
 		}
 		catch (NotFoundException expected) {
@@ -196,8 +174,7 @@ public class AclImplementationSecurityCheckTests {
 		}
 		// and still grant access for CHANGE_GENERAL
 		try {
-			aclAuthorizationStrategy.securityCheck(aclNoACE,
-					AclAuthorizationStrategy.CHANGE_GENERAL);
+			aclAuthorizationStrategy.securityCheck(aclNoACE, AclAuthorizationStrategy.CHANGE_GENERAL);
 
 		}
 		catch (NotFoundException expected) {
@@ -208,31 +185,26 @@ public class AclImplementationSecurityCheckTests {
 	@Test
 	public void testSecurityCheckWithInheritableACEs() {
 		// Create a simple authentication with ROLE_GENERAL
-		Authentication auth = new TestingAuthenticationToken("user", "password",
-				"ROLE_GENERAL");
+		Authentication auth = new TestingAuthenticationToken("user", "password", "ROLE_GENERAL");
 		auth.setAuthenticated(true);
 		SecurityContextHolder.getContext().setAuthentication(auth);
 
 		ObjectIdentity identity = new ObjectIdentityImpl(TARGET_CLASS, 100);
 		// Authorization strategy will require a different role for each access
 		AclAuthorizationStrategy aclAuthorizationStrategy = new AclAuthorizationStrategyImpl(
-				new SimpleGrantedAuthority("ROLE_ONE"), new SimpleGrantedAuthority(
-						"ROLE_TWO"), new SimpleGrantedAuthority("ROLE_GENERAL"));
+				new SimpleGrantedAuthority("ROLE_ONE"), new SimpleGrantedAuthority("ROLE_TWO"),
+				new SimpleGrantedAuthority("ROLE_GENERAL"));
 
 		// Let's give the principal an ADMINISTRATION permission, with granting
 		// access
-		MutableAcl parentAcl = new AclImpl(identity, 1, aclAuthorizationStrategy,
-				new ConsoleAuditLogger());
-		parentAcl.insertAce(0, BasePermission.ADMINISTRATION, new PrincipalSid(auth),
-				true);
-		MutableAcl childAcl = new AclImpl(identity, 2, aclAuthorizationStrategy,
-				new ConsoleAuditLogger());
+		MutableAcl parentAcl = new AclImpl(identity, 1, aclAuthorizationStrategy, new ConsoleAuditLogger());
+		parentAcl.insertAce(0, BasePermission.ADMINISTRATION, new PrincipalSid(auth), true);
+		MutableAcl childAcl = new AclImpl(identity, 2, aclAuthorizationStrategy, new ConsoleAuditLogger());
 
 		// Check against the 'child' acl, which doesn't offer any authorization
 		// rights on CHANGE_OWNERSHIP
 		try {
-			aclAuthorizationStrategy.securityCheck(childAcl,
-					AclAuthorizationStrategy.CHANGE_OWNERSHIP);
+			aclAuthorizationStrategy.securityCheck(childAcl, AclAuthorizationStrategy.CHANGE_OWNERSHIP);
 			fail("It should have thrown NotFoundException");
 		}
 		catch (NotFoundException expected) {
@@ -244,8 +216,7 @@ public class AclImplementationSecurityCheckTests {
 		childAcl.setParent(parentAcl);
 		childAcl.setEntriesInheriting(true);
 		try {
-			aclAuthorizationStrategy.securityCheck(childAcl,
-					AclAuthorizationStrategy.CHANGE_OWNERSHIP);
+			aclAuthorizationStrategy.securityCheck(childAcl, AclAuthorizationStrategy.CHANGE_OWNERSHIP);
 
 		}
 		catch (NotFoundException expected) {
@@ -253,18 +224,14 @@ public class AclImplementationSecurityCheckTests {
 		}
 
 		// Create a root parent and link it to the middle parent
-		MutableAcl rootParentAcl = new AclImpl(identity, 1, aclAuthorizationStrategy,
-				new ConsoleAuditLogger());
-		parentAcl = new AclImpl(identity, 1, aclAuthorizationStrategy,
-				new ConsoleAuditLogger());
-		rootParentAcl.insertAce(0, BasePermission.ADMINISTRATION, new PrincipalSid(auth),
-				true);
+		MutableAcl rootParentAcl = new AclImpl(identity, 1, aclAuthorizationStrategy, new ConsoleAuditLogger());
+		parentAcl = new AclImpl(identity, 1, aclAuthorizationStrategy, new ConsoleAuditLogger());
+		rootParentAcl.insertAce(0, BasePermission.ADMINISTRATION, new PrincipalSid(auth), true);
 		parentAcl.setEntriesInheriting(true);
 		parentAcl.setParent(rootParentAcl);
 		childAcl.setParent(parentAcl);
 		try {
-			aclAuthorizationStrategy.securityCheck(childAcl,
-					AclAuthorizationStrategy.CHANGE_OWNERSHIP);
+			aclAuthorizationStrategy.securityCheck(childAcl, AclAuthorizationStrategy.CHANGE_OWNERSHIP);
 
 		}
 		catch (NotFoundException expected) {
@@ -274,39 +241,36 @@ public class AclImplementationSecurityCheckTests {
 
 	@Test
 	public void testSecurityCheckPrincipalOwner() {
-		Authentication auth = new TestingAuthenticationToken("user", "password",
-				"ROLE_ONE");
+		Authentication auth = new TestingAuthenticationToken("user", "password", "ROLE_ONE");
 		auth.setAuthenticated(true);
 		SecurityContextHolder.getContext().setAuthentication(auth);
 
 		ObjectIdentity identity = new ObjectIdentityImpl(TARGET_CLASS, 100);
 		AclAuthorizationStrategy aclAuthorizationStrategy = new AclAuthorizationStrategyImpl(
-				new SimpleGrantedAuthority("ROLE_OWNERSHIP"), new SimpleGrantedAuthority(
-						"ROLE_AUDITING"), new SimpleGrantedAuthority("ROLE_GENERAL"));
+				new SimpleGrantedAuthority("ROLE_OWNERSHIP"), new SimpleGrantedAuthority("ROLE_AUDITING"),
+				new SimpleGrantedAuthority("ROLE_GENERAL"));
 
 		Acl acl = new AclImpl(identity, 1, aclAuthorizationStrategy,
-				new DefaultPermissionGrantingStrategy(new ConsoleAuditLogger()), null,
-				null, false, new PrincipalSid(auth));
+				new DefaultPermissionGrantingStrategy(new ConsoleAuditLogger()), null, null, false,
+				new PrincipalSid(auth));
 		try {
-			aclAuthorizationStrategy.securityCheck(acl,
-					AclAuthorizationStrategy.CHANGE_GENERAL);
+			aclAuthorizationStrategy.securityCheck(acl, AclAuthorizationStrategy.CHANGE_GENERAL);
 		}
 		catch (AccessDeniedException notExpected) {
 			fail("It shouldn't have thrown AccessDeniedException");
 		}
 		try {
-			aclAuthorizationStrategy.securityCheck(acl,
-					AclAuthorizationStrategy.CHANGE_AUDITING);
+			aclAuthorizationStrategy.securityCheck(acl, AclAuthorizationStrategy.CHANGE_AUDITING);
 			fail("It shouldn't have thrown AccessDeniedException");
 		}
 		catch (NotFoundException expected) {
 		}
 		try {
-			aclAuthorizationStrategy.securityCheck(acl,
-					AclAuthorizationStrategy.CHANGE_OWNERSHIP);
+			aclAuthorizationStrategy.securityCheck(acl, AclAuthorizationStrategy.CHANGE_OWNERSHIP);
 		}
 		catch (AccessDeniedException notExpected) {
 			fail("It shouldn't have thrown AccessDeniedException");
 		}
 	}
+
 }
diff --git a/acl/src/test/java/org/springframework/security/acls/domain/AuditLoggerTests.java b/acl/src/test/java/org/springframework/security/acls/domain/AuditLoggerTests.java
index 001e0450e3..3cd3daba23 100644
--- a/acl/src/test/java/org/springframework/security/acls/domain/AuditLoggerTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/domain/AuditLoggerTests.java
@@ -33,11 +33,15 @@ import org.springframework.security.acls.model.AuditableAccessControlEntry;
  * @author Andrei Stefan
  */
 public class AuditLoggerTests {
+
 	// ~ Instance fields
 	// ================================================================================================
 	private PrintStream console;
+
 	private ByteArrayOutputStream bytes = new ByteArrayOutputStream();
+
 	private ConsoleAuditLogger logger;
+
 	private AuditableAccessControlEntry ace;
 
 	// ~ Methods
@@ -92,4 +96,5 @@ public class AuditLoggerTests {
 		logger.logIfNeeded(false, ace);
 		assertThat(bytes.toString()).startsWith("DENIED due to ACE");
 	}
+
 }
diff --git a/acl/src/test/java/org/springframework/security/acls/domain/ObjectIdentityImplTests.java b/acl/src/test/java/org/springframework/security/acls/domain/ObjectIdentityImplTests.java
index 93adac3837..a66c933441 100644
--- a/acl/src/test/java/org/springframework/security/acls/domain/ObjectIdentityImplTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/domain/ObjectIdentityImplTests.java
@@ -141,8 +141,7 @@ public class ObjectIdentityImplTests {
 		assertThat(obj).isNotEqualTo("DIFFERENT_OBJECT_TYPE");
 		assertThat(obj).isNotEqualTo(new ObjectIdentityImpl(DOMAIN_CLASS, 2L));
 		assertThat(obj).isNotEqualTo(new ObjectIdentityImpl(
-						"org.springframework.security.acls.domain.ObjectIdentityImplTests$MockOtherIdDomainObject",
-				1L));
+				"org.springframework.security.acls.domain.ObjectIdentityImplTests$MockOtherIdDomainObject", 1L));
 		assertThat(new ObjectIdentityImpl(DOMAIN_CLASS, 1L)).isEqualTo(obj);
 		assertThat(new ObjectIdentityImpl(mockObj)).isEqualTo(obj);
 	}
@@ -182,6 +181,7 @@ public class ObjectIdentityImplTests {
 	// ==================================================================================================
 
 	private class MockIdDomainObject {
+
 		private Object id;
 
 		public Object getId() {
@@ -191,9 +191,11 @@ public class ObjectIdentityImplTests {
 		public void setId(Object id) {
 			this.id = id;
 		}
+
 	}
 
 	private class MockOtherIdDomainObject {
+
 		private Object id;
 
 		public Object getId() {
@@ -203,5 +205,7 @@ public class ObjectIdentityImplTests {
 		public void setId(Object id) {
 			this.id = id;
 		}
+
 	}
+
 }
diff --git a/acl/src/test/java/org/springframework/security/acls/domain/ObjectIdentityRetrievalStrategyImplTests.java b/acl/src/test/java/org/springframework/security/acls/domain/ObjectIdentityRetrievalStrategyImplTests.java
index 67e068c947..7164690017 100644
--- a/acl/src/test/java/org/springframework/security/acls/domain/ObjectIdentityRetrievalStrategyImplTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/domain/ObjectIdentityRetrievalStrategyImplTests.java
@@ -56,5 +56,7 @@ public class ObjectIdentityRetrievalStrategyImplTests {
 		public void setId(Object id) {
 			this.id = id;
 		}
+
 	}
+
 }
diff --git a/acl/src/test/java/org/springframework/security/acls/domain/PermissionTests.java b/acl/src/test/java/org/springframework/security/acls/domain/PermissionTests.java
index f71c50755d..af6f1ed928 100644
--- a/acl/src/test/java/org/springframework/security/acls/domain/PermissionTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/domain/PermissionTests.java
@@ -45,14 +45,10 @@ public class PermissionTests {
 	public void expectedIntegerValues() {
 		assertThat(BasePermission.READ.getMask()).isEqualTo(1);
 		assertThat(BasePermission.ADMINISTRATION.getMask()).isEqualTo(16);
-		assertThat(
-				new CumulativePermission().set(BasePermission.READ)
-						.set(BasePermission.WRITE).set(BasePermission.CREATE).getMask())
-				.isEqualTo(7);
-		assertThat(
-				new CumulativePermission().set(BasePermission.READ)
-						.set(BasePermission.ADMINISTRATION).getMask())
-			.isEqualTo(17);
+		assertThat(new CumulativePermission().set(BasePermission.READ).set(BasePermission.WRITE)
+				.set(BasePermission.CREATE).getMask()).isEqualTo(7);
+		assertThat(new CumulativePermission().set(BasePermission.READ).set(BasePermission.ADMINISTRATION).getMask())
+				.isEqualTo(17);
 	}
 
 	@Test
@@ -65,33 +61,28 @@ public class PermissionTests {
 	public void stringConversion() {
 		permissionFactory.registerPublicPermissions(SpecialPermission.class);
 
-		assertThat(BasePermission.READ.toString())
-			.isEqualTo("BasePermission[...............................R=1]");
+		assertThat(BasePermission.READ.toString()).isEqualTo("BasePermission[...............................R=1]");
+
+		assertThat(BasePermission.ADMINISTRATION.toString())
+				.isEqualTo("BasePermission[...........................A....=16]");
+
+		assertThat(new CumulativePermission().set(BasePermission.READ).toString())
+				.isEqualTo("CumulativePermission[...............................R=1]");
 
 		assertThat(
-				BasePermission.ADMINISTRATION.toString())
-			.isEqualTo("BasePermission[...........................A....=16]");
+				new CumulativePermission().set(SpecialPermission.ENTER).set(BasePermission.ADMINISTRATION).toString())
+						.isEqualTo("CumulativePermission[..........................EA....=48]");
 
-		assertThat(
-				new CumulativePermission().set(BasePermission.READ).toString())
-			.isEqualTo("CumulativePermission[...............................R=1]");
+		assertThat(new CumulativePermission().set(BasePermission.ADMINISTRATION).set(BasePermission.READ).toString())
+				.isEqualTo("CumulativePermission[...........................A...R=17]");
 
-		assertThat(new CumulativePermission().set(SpecialPermission.ENTER)
-						.set(BasePermission.ADMINISTRATION).toString())
-			.isEqualTo("CumulativePermission[..........................EA....=48]");
+		assertThat(new CumulativePermission().set(BasePermission.ADMINISTRATION).set(BasePermission.READ)
+				.clear(BasePermission.ADMINISTRATION).toString())
+						.isEqualTo("CumulativePermission[...............................R=1]");
 
-		assertThat(new CumulativePermission().set(BasePermission.ADMINISTRATION)
-						.set(BasePermission.READ).toString())
-			.isEqualTo("CumulativePermission[...........................A...R=17]");
-
-		assertThat(new CumulativePermission().set(BasePermission.ADMINISTRATION)
-						.set(BasePermission.READ).clear(BasePermission.ADMINISTRATION)
-						.toString())
-			.isEqualTo("CumulativePermission[...............................R=1]");
-
-		assertThat(new CumulativePermission().set(BasePermission.ADMINISTRATION)
-						.set(BasePermission.READ).clear(BasePermission.ADMINISTRATION)
-						.clear(BasePermission.READ).toString())
-			.isEqualTo("CumulativePermission[................................=0]");
+		assertThat(new CumulativePermission().set(BasePermission.ADMINISTRATION).set(BasePermission.READ)
+				.clear(BasePermission.ADMINISTRATION).clear(BasePermission.READ).toString())
+						.isEqualTo("CumulativePermission[................................=0]");
 	}
+
 }
diff --git a/acl/src/test/java/org/springframework/security/acls/domain/SpecialPermission.java b/acl/src/test/java/org/springframework/security/acls/domain/SpecialPermission.java
index 0aedb10afe..c6ebb59d02 100644
--- a/acl/src/test/java/org/springframework/security/acls/domain/SpecialPermission.java
+++ b/acl/src/test/java/org/springframework/security/acls/domain/SpecialPermission.java
@@ -23,10 +23,13 @@ import org.springframework.security.acls.model.Permission;
  * @author Ben Alex
  */
 public class SpecialPermission extends BasePermission {
+
 	public static final Permission ENTER = new SpecialPermission(1 << 5, 'E'); // 32
+
 	public static final Permission LEAVE = new SpecialPermission(1 << 6, 'L');
 
 	protected SpecialPermission(int mask, char code) {
 		super(mask, code);
 	}
+
 }
diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/AbstractBasicLookupStrategyTests.java b/acl/src/test/java/org/springframework/security/acls/jdbc/AbstractBasicLookupStrategyTests.java
index a2cefecab5..7c95c5dfbf 100644
--- a/acl/src/test/java/org/springframework/security/acls/jdbc/AbstractBasicLookupStrategyTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/jdbc/AbstractBasicLookupStrategyTests.java
@@ -47,15 +47,20 @@ import javax.sql.DataSource;
 public abstract class AbstractBasicLookupStrategyTests {
 
 	protected static final Sid BEN_SID = new PrincipalSid("ben");
+
 	protected static final String TARGET_CLASS = TargetObject.class.getName();
+
 	protected static final String TARGET_CLASS_WITH_UUID = TargetObjectWithUUID.class.getName();
+
 	protected static final UUID OBJECT_IDENTITY_UUID = UUID.randomUUID();
+
 	protected static final Long OBJECT_IDENTITY_LONG_AS_UUID = 110L;
 
 	// ~ Instance fields
 	// ================================================================================================
 
 	private BasicLookupStrategy strategy;
+
 	private static CacheManager cacheManager;
 
 	// ~ Methods
@@ -80,44 +85,41 @@ public abstract class AbstractBasicLookupStrategyTests {
 	@Before
 	public void populateDatabase() {
 		String query = "INSERT INTO acl_sid(ID,PRINCIPAL,SID) VALUES (1,1,'ben');"
-			+ "INSERT INTO acl_class(ID,CLASS) VALUES (2,'" + TARGET_CLASS + "');"
-			+ "INSERT INTO acl_object_identity(ID,OBJECT_ID_CLASS,OBJECT_ID_IDENTITY,PARENT_OBJECT,OWNER_SID,ENTRIES_INHERITING) VALUES (1,2,100,null,1,1);"
-			+ "INSERT INTO acl_object_identity(ID,OBJECT_ID_CLASS,OBJECT_ID_IDENTITY,PARENT_OBJECT,OWNER_SID,ENTRIES_INHERITING) VALUES (2,2,101,1,1,1);"
-			+ "INSERT INTO acl_object_identity(ID,OBJECT_ID_CLASS,OBJECT_ID_IDENTITY,PARENT_OBJECT,OWNER_SID,ENTRIES_INHERITING) VALUES (3,2,102,2,1,1);"
-			+ "INSERT INTO acl_entry(ID,ACL_OBJECT_IDENTITY,ACE_ORDER,SID,MASK,GRANTING,AUDIT_SUCCESS,AUDIT_FAILURE) VALUES (1,1,0,1,1,1,0,0);"
-			+ "INSERT INTO acl_entry(ID,ACL_OBJECT_IDENTITY,ACE_ORDER,SID,MASK,GRANTING,AUDIT_SUCCESS,AUDIT_FAILURE) VALUES (2,1,1,1,2,0,0,0);"
-			+ "INSERT INTO acl_entry(ID,ACL_OBJECT_IDENTITY,ACE_ORDER,SID,MASK,GRANTING,AUDIT_SUCCESS,AUDIT_FAILURE) VALUES (3,2,0,1,8,1,0,0);"
-			+ "INSERT INTO acl_entry(ID,ACL_OBJECT_IDENTITY,ACE_ORDER,SID,MASK,GRANTING,AUDIT_SUCCESS,AUDIT_FAILURE) VALUES (4,3,0,1,8,0,0,0);";
+				+ "INSERT INTO acl_class(ID,CLASS) VALUES (2,'" + TARGET_CLASS + "');"
+				+ "INSERT INTO acl_object_identity(ID,OBJECT_ID_CLASS,OBJECT_ID_IDENTITY,PARENT_OBJECT,OWNER_SID,ENTRIES_INHERITING) VALUES (1,2,100,null,1,1);"
+				+ "INSERT INTO acl_object_identity(ID,OBJECT_ID_CLASS,OBJECT_ID_IDENTITY,PARENT_OBJECT,OWNER_SID,ENTRIES_INHERITING) VALUES (2,2,101,1,1,1);"
+				+ "INSERT INTO acl_object_identity(ID,OBJECT_ID_CLASS,OBJECT_ID_IDENTITY,PARENT_OBJECT,OWNER_SID,ENTRIES_INHERITING) VALUES (3,2,102,2,1,1);"
+				+ "INSERT INTO acl_entry(ID,ACL_OBJECT_IDENTITY,ACE_ORDER,SID,MASK,GRANTING,AUDIT_SUCCESS,AUDIT_FAILURE) VALUES (1,1,0,1,1,1,0,0);"
+				+ "INSERT INTO acl_entry(ID,ACL_OBJECT_IDENTITY,ACE_ORDER,SID,MASK,GRANTING,AUDIT_SUCCESS,AUDIT_FAILURE) VALUES (2,1,1,1,2,0,0,0);"
+				+ "INSERT INTO acl_entry(ID,ACL_OBJECT_IDENTITY,ACE_ORDER,SID,MASK,GRANTING,AUDIT_SUCCESS,AUDIT_FAILURE) VALUES (3,2,0,1,8,1,0,0);"
+				+ "INSERT INTO acl_entry(ID,ACL_OBJECT_IDENTITY,ACE_ORDER,SID,MASK,GRANTING,AUDIT_SUCCESS,AUDIT_FAILURE) VALUES (4,3,0,1,8,0,0,0);";
 		getJdbcTemplate().execute(query);
 	}
 
 	@Before
 	public void initializeBeans() {
 		strategy = new BasicLookupStrategy(getDataSource(), aclCache(), aclAuthStrategy(),
-			new DefaultPermissionGrantingStrategy(new ConsoleAuditLogger()));
+				new DefaultPermissionGrantingStrategy(new ConsoleAuditLogger()));
 		strategy.setPermissionFactory(new DefaultPermissionFactory());
 	}
 
 	protected AclAuthorizationStrategy aclAuthStrategy() {
-		return new AclAuthorizationStrategyImpl(
-			new SimpleGrantedAuthority("ROLE_ADMINISTRATOR"));
+		return new AclAuthorizationStrategyImpl(new SimpleGrantedAuthority("ROLE_ADMINISTRATOR"));
 	}
 
 	protected EhCacheBasedAclCache aclCache() {
-		return new EhCacheBasedAclCache(getCache(),
-			new DefaultPermissionGrantingStrategy(new ConsoleAuditLogger()),
-			new AclAuthorizationStrategyImpl(new SimpleGrantedAuthority("ROLE_USER")));
+		return new EhCacheBasedAclCache(getCache(), new DefaultPermissionGrantingStrategy(new ConsoleAuditLogger()),
+				new AclAuthorizationStrategyImpl(new SimpleGrantedAuthority("ROLE_USER")));
 	}
 
-
 	@After
 	public void emptyDatabase() {
 		String query = "DELETE FROM acl_entry;" + "DELETE FROM acl_object_identity WHERE ID = 9;"
-			+ "DELETE FROM acl_object_identity WHERE ID = 8;" + "DELETE FROM acl_object_identity WHERE ID = 7;"
-			+ "DELETE FROM acl_object_identity WHERE ID = 6;" + "DELETE FROM acl_object_identity WHERE ID = 5;"
-			+ "DELETE FROM acl_object_identity WHERE ID = 4;" + "DELETE FROM acl_object_identity WHERE ID = 3;"
-			+ "DELETE FROM acl_object_identity WHERE ID = 2;" + "DELETE FROM acl_object_identity WHERE ID = 1;"
-			+ "DELETE FROM acl_class;" + "DELETE FROM acl_sid;";
+				+ "DELETE FROM acl_object_identity WHERE ID = 8;" + "DELETE FROM acl_object_identity WHERE ID = 7;"
+				+ "DELETE FROM acl_object_identity WHERE ID = 6;" + "DELETE FROM acl_object_identity WHERE ID = 5;"
+				+ "DELETE FROM acl_object_identity WHERE ID = 4;" + "DELETE FROM acl_object_identity WHERE ID = 3;"
+				+ "DELETE FROM acl_object_identity WHERE ID = 2;" + "DELETE FROM acl_object_identity WHERE ID = 1;"
+				+ "DELETE FROM acl_class;" + "DELETE FROM acl_sid;";
 		getJdbcTemplate().execute(query);
 	}
 
@@ -135,7 +137,7 @@ public abstract class AbstractBasicLookupStrategyTests {
 		ObjectIdentity childOid = new ObjectIdentityImpl(TARGET_CLASS, 102);
 
 		Map<ObjectIdentity, Acl> map = this.strategy
-			.readAclsById(Arrays.asList(topParentOid, middleParentOid, childOid), null);
+				.readAclsById(Arrays.asList(topParentOid, middleParentOid, childOid), null);
 		checkEntries(topParentOid, middleParentOid, childOid, map);
 	}
 
@@ -151,7 +153,7 @@ public abstract class AbstractBasicLookupStrategyTests {
 		// Let's empty the database to force acls retrieval from cache
 		emptyDatabase();
 		Map<ObjectIdentity, Acl> map = this.strategy
-			.readAclsById(Arrays.asList(topParentOid, middleParentOid, childOid), null);
+				.readAclsById(Arrays.asList(topParentOid, middleParentOid, childOid), null);
 
 		checkEntries(topParentOid, middleParentOid, childOid, map);
 	}
@@ -166,12 +168,12 @@ public abstract class AbstractBasicLookupStrategyTests {
 		// acls
 		this.strategy.setBatchSize(1);
 		Map<ObjectIdentity, Acl> map = this.strategy
-			.readAclsById(Arrays.asList(topParentOid, middleParentOid, childOid), null);
+				.readAclsById(Arrays.asList(topParentOid, middleParentOid, childOid), null);
 		checkEntries(topParentOid, middleParentOid, childOid, map);
 	}
 
 	private void checkEntries(ObjectIdentity topParentOid, ObjectIdentity middleParentOid, ObjectIdentity childOid,
-		Map<ObjectIdentity, Acl> map) {
+			Map<ObjectIdentity, Acl> map) {
 		assertThat(map).hasSize(3);
 
 		MutableAcl topParent = (MutableAcl) map.get(topParentOid);
@@ -268,10 +270,10 @@ public abstract class AbstractBasicLookupStrategyTests {
 	@Test
 	public void testReadAllObjectIdentitiesWhenLastElementIsAlreadyCached() {
 		String query = "INSERT INTO acl_object_identity(ID,OBJECT_ID_CLASS,OBJECT_ID_IDENTITY,PARENT_OBJECT,OWNER_SID,ENTRIES_INHERITING) VALUES (6,2,105,null,1,1);"
-			+ "INSERT INTO acl_object_identity(ID,OBJECT_ID_CLASS,OBJECT_ID_IDENTITY,PARENT_OBJECT,OWNER_SID,ENTRIES_INHERITING) VALUES (7,2,106,6,1,1);"
-			+ "INSERT INTO acl_object_identity(ID,OBJECT_ID_CLASS,OBJECT_ID_IDENTITY,PARENT_OBJECT,OWNER_SID,ENTRIES_INHERITING) VALUES (8,2,107,6,1,1);"
-			+ "INSERT INTO acl_object_identity(ID,OBJECT_ID_CLASS,OBJECT_ID_IDENTITY,PARENT_OBJECT,OWNER_SID,ENTRIES_INHERITING) VALUES (9,2,108,7,1,1);"
-			+ "INSERT INTO acl_entry(ID,ACL_OBJECT_IDENTITY,ACE_ORDER,SID,MASK,GRANTING,AUDIT_SUCCESS,AUDIT_FAILURE) VALUES (7,6,0,1,1,1,0,0)";
+				+ "INSERT INTO acl_object_identity(ID,OBJECT_ID_CLASS,OBJECT_ID_IDENTITY,PARENT_OBJECT,OWNER_SID,ENTRIES_INHERITING) VALUES (7,2,106,6,1,1);"
+				+ "INSERT INTO acl_object_identity(ID,OBJECT_ID_CLASS,OBJECT_ID_IDENTITY,PARENT_OBJECT,OWNER_SID,ENTRIES_INHERITING) VALUES (8,2,107,6,1,1);"
+				+ "INSERT INTO acl_object_identity(ID,OBJECT_ID_CLASS,OBJECT_ID_IDENTITY,PARENT_OBJECT,OWNER_SID,ENTRIES_INHERITING) VALUES (9,2,108,7,1,1);"
+				+ "INSERT INTO acl_entry(ID,ACL_OBJECT_IDENTITY,ACE_ORDER,SID,MASK,GRANTING,AUDIT_SUCCESS,AUDIT_FAILURE) VALUES (7,6,0,1,1,1,0,0)";
 		getJdbcTemplate().execute(query);
 
 		ObjectIdentity grandParentOid = new ObjectIdentityImpl(TARGET_CLASS, 104L);
@@ -302,7 +304,8 @@ public abstract class AbstractBasicLookupStrategyTests {
 		try {
 			foundAcls = strategy.readAclsById(allOids, sids);
 
-		} catch (NotFoundException notExpected) {
+		}
+		catch (NotFoundException notExpected) {
 			fail("It shouldn't have thrown NotFoundException");
 		}
 
diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/AclClassIdUtilsTests.java b/acl/src/test/java/org/springframework/security/acls/jdbc/AclClassIdUtilsTests.java
index d41341c466..ecc16ffa3d 100644
--- a/acl/src/test/java/org/springframework/security/acls/jdbc/AclClassIdUtilsTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/jdbc/AclClassIdUtilsTests.java
@@ -15,7 +15,6 @@
  */
 package org.springframework.security.acls.jdbc;
 
-
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
@@ -34,17 +33,21 @@ import static org.mockito.BDDMockito.given;
 
 /**
  * Tests for {@link AclClassIdUtils}.
+ *
  * @author paulwheeler
  */
 @RunWith(MockitoJUnitRunner.class)
 public class AclClassIdUtilsTests {
 
 	private static final Long DEFAULT_IDENTIFIER = 999L;
+
 	private static final BigInteger BIGINT_IDENTIFIER = new BigInteger("999");
+
 	private static final String DEFAULT_IDENTIFIER_AS_STRING = DEFAULT_IDENTIFIER.toString();
 
 	@Mock
 	private ResultSet resultSet;
+
 	@Mock
 	private ConversionService conversionService;
 
@@ -172,4 +175,5 @@ public class AclClassIdUtilsTests {
 		// when
 		aclClassIdUtils.setConversionService(null);
 	}
+
 }
diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/BasicLookupStrategyTests.java b/acl/src/test/java/org/springframework/security/acls/jdbc/BasicLookupStrategyTests.java
index 4f5f7c13a7..2116fdb0bf 100644
--- a/acl/src/test/java/org/springframework/security/acls/jdbc/BasicLookupStrategyTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/jdbc/BasicLookupStrategyTests.java
@@ -28,8 +28,8 @@ import org.springframework.jdbc.core.JdbcTemplate;
  * @author Paul Wheeler
  */
 public class BasicLookupStrategyTests extends AbstractBasicLookupStrategyTests {
-	private static final BasicLookupStrategyTestsDbHelper DATABASE_HELPER = new BasicLookupStrategyTestsDbHelper();
 
+	private static final BasicLookupStrategyTestsDbHelper DATABASE_HELPER = new BasicLookupStrategyTestsDbHelper();
 
 	@BeforeClass
 	public static void createDatabase() throws Exception {
@@ -50,4 +50,5 @@ public class BasicLookupStrategyTests extends AbstractBasicLookupStrategyTests {
 	public DataSource getDataSource() {
 		return DATABASE_HELPER.getDataSource();
 	}
+
 }
diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/BasicLookupStrategyTestsDbHelper.java b/acl/src/test/java/org/springframework/security/acls/jdbc/BasicLookupStrategyTestsDbHelper.java
index 8c1f7042dc..c181522900 100644
--- a/acl/src/test/java/org/springframework/security/acls/jdbc/BasicLookupStrategyTestsDbHelper.java
+++ b/acl/src/test/java/org/springframework/security/acls/jdbc/BasicLookupStrategyTestsDbHelper.java
@@ -23,15 +23,20 @@ import org.springframework.util.FileCopyUtils;
 
 /**
  * Helper class to initialize the database for BasicLookupStrategyTests.
+ *
  * @author Andrei Stefan
  * @author Paul Wheeler
  */
 public class BasicLookupStrategyTestsDbHelper {
+
 	private static final String ACL_SCHEMA_SQL_FILE = "createAclSchema.sql";
+
 	private static final String ACL_SCHEMA_SQL_FILE_WITH_ACL_CLASS_ID = "createAclSchemaWithAclClassIdType.sql";
 
 	private SingleConnectionDataSource dataSource;
+
 	private JdbcTemplate jdbcTemplate;
+
 	private boolean withAclClassIdType;
 
 	public BasicLookupStrategyTestsDbHelper() {
@@ -48,7 +53,8 @@ public class BasicLookupStrategyTestsDbHelper {
 		if (!withAclClassIdType) {
 			connectionUrl = "jdbc:hsqldb:mem:lookupstrategytest";
 			sqlClassPathResource = ACL_SCHEMA_SQL_FILE;
-		} else {
+		}
+		else {
 			connectionUrl = "jdbc:hsqldb:mem:lookupstrategytestWithAclClassIdType";
 			sqlClassPathResource = ACL_SCHEMA_SQL_FILE_WITH_ACL_CLASS_ID;
 
@@ -69,4 +75,5 @@ public class BasicLookupStrategyTestsDbHelper {
 	public SingleConnectionDataSource getDataSource() {
 		return dataSource;
 	}
+
 }
diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/BasicLookupStrategyWithAclClassTypeTests.java b/acl/src/test/java/org/springframework/security/acls/jdbc/BasicLookupStrategyWithAclClassTypeTests.java
index 60ca2508f7..9ac5360675 100644
--- a/acl/src/test/java/org/springframework/security/acls/jdbc/BasicLookupStrategyWithAclClassTypeTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/jdbc/BasicLookupStrategyWithAclClassTypeTests.java
@@ -71,7 +71,7 @@ public class BasicLookupStrategyWithAclClassTypeTests extends AbstractBasicLooku
 	public void initializeBeans() {
 		super.initializeBeans();
 		uuidEnabledStrategy = new BasicLookupStrategy(getDataSource(), aclCache(), aclAuthStrategy(),
-			new DefaultPermissionGrantingStrategy(new ConsoleAuditLogger()));
+				new DefaultPermissionGrantingStrategy(new ConsoleAuditLogger()));
 		uuidEnabledStrategy.setPermissionFactory(new DefaultPermissionFactory());
 		uuidEnabledStrategy.setAclClassIdSupported(true);
 		uuidEnabledStrategy.setConversionService(new DefaultConversionService());
@@ -79,22 +79,22 @@ public class BasicLookupStrategyWithAclClassTypeTests extends AbstractBasicLooku
 
 	@Before
 	public void populateDatabaseForAclClassTypeTests() {
-		String query = "INSERT INTO acl_class(ID,CLASS,CLASS_ID_TYPE) VALUES (3,'"
-			+ TARGET_CLASS_WITH_UUID
-			+ "', 'java.util.UUID');"
-			+ "INSERT INTO acl_object_identity(ID,OBJECT_ID_CLASS,OBJECT_ID_IDENTITY,PARENT_OBJECT,OWNER_SID,ENTRIES_INHERITING) VALUES (4,3,'"
-			+ OBJECT_IDENTITY_UUID.toString() + "',null,1,1);"
-			+ "INSERT INTO acl_object_identity(ID,OBJECT_ID_CLASS,OBJECT_ID_IDENTITY,PARENT_OBJECT,OWNER_SID,ENTRIES_INHERITING) VALUES (5,3,'"
-			+ OBJECT_IDENTITY_LONG_AS_UUID + "',null,1,1);"
-			+ "INSERT INTO acl_entry(ID,ACL_OBJECT_IDENTITY,ACE_ORDER,SID,MASK,GRANTING,AUDIT_SUCCESS,AUDIT_FAILURE) VALUES (5,4,0,1,8,0,0,0);"
-			+ "INSERT INTO acl_entry(ID,ACL_OBJECT_IDENTITY,ACE_ORDER,SID,MASK,GRANTING,AUDIT_SUCCESS,AUDIT_FAILURE) VALUES (6,5,0,1,8,0,0,0);";
+		String query = "INSERT INTO acl_class(ID,CLASS,CLASS_ID_TYPE) VALUES (3,'" + TARGET_CLASS_WITH_UUID
+				+ "', 'java.util.UUID');"
+				+ "INSERT INTO acl_object_identity(ID,OBJECT_ID_CLASS,OBJECT_ID_IDENTITY,PARENT_OBJECT,OWNER_SID,ENTRIES_INHERITING) VALUES (4,3,'"
+				+ OBJECT_IDENTITY_UUID.toString() + "',null,1,1);"
+				+ "INSERT INTO acl_object_identity(ID,OBJECT_ID_CLASS,OBJECT_ID_IDENTITY,PARENT_OBJECT,OWNER_SID,ENTRIES_INHERITING) VALUES (5,3,'"
+				+ OBJECT_IDENTITY_LONG_AS_UUID + "',null,1,1);"
+				+ "INSERT INTO acl_entry(ID,ACL_OBJECT_IDENTITY,ACE_ORDER,SID,MASK,GRANTING,AUDIT_SUCCESS,AUDIT_FAILURE) VALUES (5,4,0,1,8,0,0,0);"
+				+ "INSERT INTO acl_entry(ID,ACL_OBJECT_IDENTITY,ACE_ORDER,SID,MASK,GRANTING,AUDIT_SUCCESS,AUDIT_FAILURE) VALUES (6,5,0,1,8,0,0,0);";
 		DATABASE_HELPER.getJdbcTemplate().execute(query);
 	}
 
 	@Test
 	public void testReadObjectIdentityUsingUuidType() {
 		ObjectIdentity oid = new ObjectIdentityImpl(TARGET_CLASS_WITH_UUID, OBJECT_IDENTITY_UUID);
-		Map<ObjectIdentity, Acl> foundAcls = uuidEnabledStrategy.readAclsById(Arrays.asList(oid), Arrays.asList(BEN_SID));
+		Map<ObjectIdentity, Acl> foundAcls = uuidEnabledStrategy.readAclsById(Arrays.asList(oid),
+				Arrays.asList(BEN_SID));
 		Assert.assertEquals(1, foundAcls.size());
 		Assert.assertNotNull(foundAcls.get(oid));
 	}
@@ -102,7 +102,8 @@ public class BasicLookupStrategyWithAclClassTypeTests extends AbstractBasicLooku
 	@Test
 	public void testReadObjectIdentityUsingLongTypeWithConversionServiceEnabled() {
 		ObjectIdentity oid = new ObjectIdentityImpl(TARGET_CLASS, 100L);
-		Map<ObjectIdentity, Acl> foundAcls = uuidEnabledStrategy.readAclsById(Arrays.asList(oid), Arrays.asList(BEN_SID));
+		Map<ObjectIdentity, Acl> foundAcls = uuidEnabledStrategy.readAclsById(Arrays.asList(oid),
+				Arrays.asList(BEN_SID));
 		Assert.assertEquals(1, foundAcls.size());
 		Assert.assertNotNull(foundAcls.get(oid));
 	}
@@ -112,4 +113,5 @@ public class BasicLookupStrategyWithAclClassTypeTests extends AbstractBasicLooku
 		ObjectIdentity oid = new ObjectIdentityImpl(TARGET_CLASS_WITH_UUID, OBJECT_IDENTITY_LONG_AS_UUID);
 		uuidEnabledStrategy.readAclsById(Arrays.asList(oid), Arrays.asList(BEN_SID));
 	}
+
 }
diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/DatabaseSeeder.java b/acl/src/test/java/org/springframework/security/acls/jdbc/DatabaseSeeder.java
index d8170b3081..4533e58966 100644
--- a/acl/src/test/java/org/springframework/security/acls/jdbc/DatabaseSeeder.java
+++ b/acl/src/test/java/org/springframework/security/acls/jdbc/DatabaseSeeder.java
@@ -32,6 +32,7 @@ import javax.sql.DataSource;
  * @author Ben Alex
  */
 public class DatabaseSeeder {
+
 	// ~ Constructors
 	// ===================================================================================================
 
@@ -43,4 +44,5 @@ public class DatabaseSeeder {
 		String sql = new String(FileCopyUtils.copyToByteArray(resource.getInputStream()));
 		template.execute(sql);
 	}
+
 }
diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/EhCacheBasedAclCacheTests.java b/acl/src/test/java/org/springframework/security/acls/jdbc/EhCacheBasedAclCacheTests.java
index 1e90a4ddc0..7cec850f45 100644
--- a/acl/src/test/java/org/springframework/security/acls/jdbc/EhCacheBasedAclCacheTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/jdbc/EhCacheBasedAclCacheTests.java
@@ -54,10 +54,12 @@ import org.springframework.test.util.ReflectionTestUtils;
  */
 @RunWith(MockitoJUnitRunner.class)
 public class EhCacheBasedAclCacheTests {
+
 	private static final String TARGET_CLASS = "org.springframework.security.acls.TargetObject";
 
 	@Mock
 	private Ehcache cache;
+
 	@Captor
 	private ArgumentCaptor<Element> element;
 
@@ -67,17 +69,15 @@ public class EhCacheBasedAclCacheTests {
 
 	@Before
 	public void setup() {
-		myCache = new EhCacheBasedAclCache(cache, new DefaultPermissionGrantingStrategy(
-				new ConsoleAuditLogger()), new AclAuthorizationStrategyImpl(
-				new SimpleGrantedAuthority("ROLE_USER")));
+		myCache = new EhCacheBasedAclCache(cache, new DefaultPermissionGrantingStrategy(new ConsoleAuditLogger()),
+				new AclAuthorizationStrategyImpl(new SimpleGrantedAuthority("ROLE_USER")));
 
 		ObjectIdentity identity = new ObjectIdentityImpl(TARGET_CLASS, 100L);
 		AclAuthorizationStrategy aclAuthorizationStrategy = new AclAuthorizationStrategyImpl(
-				new SimpleGrantedAuthority("ROLE_OWNERSHIP"), new SimpleGrantedAuthority(
-						"ROLE_AUDITING"), new SimpleGrantedAuthority("ROLE_GENERAL"));
+				new SimpleGrantedAuthority("ROLE_OWNERSHIP"), new SimpleGrantedAuthority("ROLE_AUDITING"),
+				new SimpleGrantedAuthority("ROLE_GENERAL"));
 
-		acl = new AclImpl(identity, 1L, aclAuthorizationStrategy,
-				new ConsoleAuditLogger());
+		acl = new AclImpl(identity, 1L, aclAuthorizationStrategy, new ConsoleAuditLogger());
 	}
 
 	@After
@@ -87,9 +87,8 @@ public class EhCacheBasedAclCacheTests {
 
 	@Test(expected = IllegalArgumentException.class)
 	public void constructorRejectsNullParameters() {
-		new EhCacheBasedAclCache(null, new DefaultPermissionGrantingStrategy(
-				new ConsoleAuditLogger()), new AclAuthorizationStrategyImpl(
-				new SimpleGrantedAuthority("ROLE_USER")));
+		new EhCacheBasedAclCache(null, new DefaultPermissionGrantingStrategy(new ConsoleAuditLogger()),
+				new AclAuthorizationStrategyImpl(new SimpleGrantedAuthority("ROLE_USER")));
 	}
 
 	@Test
@@ -152,12 +151,10 @@ public class EhCacheBasedAclCacheTests {
 
 		assertThat(retrieved).isEqualTo(acl);
 
-		Object retrieved1 = FieldUtils.getProtectedFieldValue("aclAuthorizationStrategy",
-				retrieved);
+		Object retrieved1 = FieldUtils.getProtectedFieldValue("aclAuthorizationStrategy", retrieved);
 		assertThat(retrieved1).isNull();
 
-		Object retrieved2 = FieldUtils.getProtectedFieldValue(
-				"permissionGrantingStrategy", retrieved);
+		Object retrieved2 = FieldUtils.getProtectedFieldValue("permissionGrantingStrategy", retrieved);
 		assertThat(retrieved2).isNull();
 	}
 
@@ -175,25 +172,21 @@ public class EhCacheBasedAclCacheTests {
 		verify(cache, times(2)).put(element.capture());
 		assertThat(element.getValue().getKey()).isEqualTo(acl.getId());
 		assertThat(element.getValue().getObjectValue()).isEqualTo(acl);
-		assertThat(element.getAllValues().get(0).getKey()).isEqualTo(
-				acl.getObjectIdentity());
+		assertThat(element.getAllValues().get(0).getKey()).isEqualTo(acl.getObjectIdentity());
 		assertThat(element.getAllValues().get(0).getObjectValue()).isEqualTo(acl);
 	}
 
 	@Test
 	public void putInCacheAclWithParent() {
-		Authentication auth = new TestingAuthenticationToken("user", "password",
-				"ROLE_GENERAL");
+		Authentication auth = new TestingAuthenticationToken("user", "password", "ROLE_GENERAL");
 		auth.setAuthenticated(true);
 		SecurityContextHolder.getContext().setAuthentication(auth);
 
-		ObjectIdentity identityParent = new ObjectIdentityImpl(TARGET_CLASS,
-				2L);
+		ObjectIdentity identityParent = new ObjectIdentityImpl(TARGET_CLASS, 2L);
 		AclAuthorizationStrategy aclAuthorizationStrategy = new AclAuthorizationStrategyImpl(
-				new SimpleGrantedAuthority("ROLE_OWNERSHIP"), new SimpleGrantedAuthority(
-						"ROLE_AUDITING"), new SimpleGrantedAuthority("ROLE_GENERAL"));
-		MutableAcl parentAcl = new AclImpl(identityParent, 2L,
-				aclAuthorizationStrategy, new ConsoleAuditLogger());
+				new SimpleGrantedAuthority("ROLE_OWNERSHIP"), new SimpleGrantedAuthority("ROLE_AUDITING"),
+				new SimpleGrantedAuthority("ROLE_GENERAL"));
+		MutableAcl parentAcl = new AclImpl(identityParent, 2L, aclAuthorizationStrategy, new ConsoleAuditLogger());
 		acl.setParent(parentAcl);
 
 		myCache.putInCache(acl);
@@ -233,10 +226,8 @@ public class EhCacheBasedAclCacheTests {
 
 		MutableAcl fromCache = myCache.getFromCache(acl.getId());
 
-		assertThat(ReflectionTestUtils.getField(fromCache, "aclAuthorizationStrategy"))
-				.isNotNull();
-		assertThat(ReflectionTestUtils.getField(fromCache, "permissionGrantingStrategy"))
-				.isNotNull();
+		assertThat(ReflectionTestUtils.getField(fromCache, "aclAuthorizationStrategy")).isNotNull();
+		assertThat(ReflectionTestUtils.getField(fromCache, "permissionGrantingStrategy")).isNotNull();
 	}
 
 	@Test
@@ -248,8 +239,7 @@ public class EhCacheBasedAclCacheTests {
 
 	@Test
 	public void getFromCacheObjectIdentityPopulatesTransient() {
-		when(cache.get(acl.getObjectIdentity()))
-				.thenReturn(new Element(acl.getId(), acl));
+		when(cache.get(acl.getObjectIdentity())).thenReturn(new Element(acl.getId(), acl));
 
 		myCache.putInCache(acl);
 
@@ -258,16 +248,13 @@ public class EhCacheBasedAclCacheTests {
 
 		MutableAcl fromCache = myCache.getFromCache(acl.getObjectIdentity());
 
-		assertThat(ReflectionTestUtils.getField(fromCache, "aclAuthorizationStrategy"))
-				.isNotNull();
-		assertThat(ReflectionTestUtils.getField(fromCache, "permissionGrantingStrategy"))
-				.isNotNull();
+		assertThat(ReflectionTestUtils.getField(fromCache, "aclAuthorizationStrategy")).isNotNull();
+		assertThat(ReflectionTestUtils.getField(fromCache, "permissionGrantingStrategy")).isNotNull();
 	}
 
 	@Test
 	public void evictCacheSerializable() {
-		when(cache.get(acl.getObjectIdentity()))
-				.thenReturn(new Element(acl.getId(), acl));
+		when(cache.get(acl.getObjectIdentity())).thenReturn(new Element(acl.getId(), acl));
 
 		myCache.evictFromCache(acl.getObjectIdentity());
 
@@ -284,4 +271,5 @@ public class EhCacheBasedAclCacheTests {
 		verify(cache).remove(acl.getId());
 		verify(cache).remove(acl.getObjectIdentity());
 	}
+
 }
diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcAclServiceTests.java b/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcAclServiceTests.java
index b039e4d656..2ce64f73c2 100644
--- a/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcAclServiceTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcAclServiceTests.java
@@ -41,8 +41,7 @@ import static org.mockito.ArgumentMatchers.*;
 import static org.mockito.Mockito.when;
 
 /**
- * Unit and Integration tests the ACL JdbcAclService using an
- * in-memory database.
+ * Unit and Integration tests the ACL JdbcAclService using an in-memory database.
  *
  * @author Nena Raab
  */
@@ -61,6 +60,7 @@ public class JdbcAclServiceTests {
 	JdbcOperations jdbcOperations;
 
 	private JdbcAclService aclServiceIntegration;
+
 	private JdbcAclService aclService;
 
 	@Before
@@ -72,9 +72,7 @@ public class JdbcAclServiceTests {
 	@Before
 	public void setUpEmbeddedDatabase() {
 		embeddedDatabase = new EmbeddedDatabaseBuilder()//
-				.addScript("createAclSchemaWithAclClassIdType.sql")
-				.addScript("db/sql/test_data_hierarchy.sql")
-				.build();
+				.addScript("createAclSchemaWithAclClassIdType.sql").addScript("db/sql/test_data_hierarchy.sql").build();
 	}
 
 	@After
@@ -86,9 +84,7 @@ public class JdbcAclServiceTests {
 	@Test(expected = NotFoundException.class)
 	public void readAclByIdMissingAcl() {
 		Map<ObjectIdentity, Acl> result = new HashMap<>();
-		when(
-				lookupStrategy.readAclsById(anyList(),
-						anyList())).thenReturn(result);
+		when(lookupStrategy.readAclsById(anyList(), anyList())).thenReturn(result);
 		ObjectIdentity objectIdentity = new ObjectIdentityImpl(Object.class, 1);
 		List<Sid> sids = Arrays.<Sid>asList(new PrincipalSid("user"));
 
@@ -99,10 +95,8 @@ public class JdbcAclServiceTests {
 	public void findOneChildren() {
 		List<ObjectIdentity> result = new ArrayList<>();
 		result.add(new ObjectIdentityImpl(Object.class, "5577"));
-		Object[] args = {"1", "org.springframework.security.acls.jdbc.JdbcAclServiceTests$MockLongIdDomainObject"};
-		when(
-				jdbcOperations.query(anyString(),
-						aryEq(args), any(RowMapper.class))).thenReturn(result);
+		Object[] args = { "1", "org.springframework.security.acls.jdbc.JdbcAclServiceTests$MockLongIdDomainObject" };
+		when(jdbcOperations.query(anyString(), aryEq(args), any(RowMapper.class))).thenReturn(result);
 		ObjectIdentity objectIdentity = new ObjectIdentityImpl(MockLongIdDomainObject.class, 1L);
 
 		List<ObjectIdentity> objectIdentities = aclService.findChildren(objectIdentity);
@@ -170,10 +164,12 @@ public class JdbcAclServiceTests {
 		List<ObjectIdentity> objectIdentities = aclServiceIntegration.findChildren(objectIdentity);
 		assertThat(objectIdentities.size()).isEqualTo(1);
 		assertThat(objectIdentities.get(0).getType()).isEqualTo("costcenter");
-		assertThat(objectIdentities.get(0).getIdentifier()).isEqualTo(UUID.fromString("25d93b3f-c3aa-4814-9d5e-c7c96ced7762"));
+		assertThat(objectIdentities.get(0).getIdentifier())
+				.isEqualTo(UUID.fromString("25d93b3f-c3aa-4814-9d5e-c7c96ced7762"));
 	}
 
 	private class MockLongIdDomainObject {
+
 		private Object id;
 
 		public Object getId() {
@@ -183,9 +179,11 @@ public class JdbcAclServiceTests {
 		public void setId(Object id) {
 			this.id = id;
 		}
+
 	}
 
 	private class MockUntypedIdDomainObject {
+
 		private Object id;
 
 		public Object getId() {
@@ -195,5 +193,7 @@ public class JdbcAclServiceTests {
 		public void setId(Object id) {
 			this.id = id;
 		}
+
 	}
+
 }
diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTests.java b/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTests.java
index 0e54ed8f58..0d80c92051 100644
--- a/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTests.java
@@ -62,36 +62,38 @@ import org.springframework.transaction.annotation.Transactional;
  * @author Andrei Stefan
  */
 @ContextConfiguration(locations = { "/jdbcMutableAclServiceTests-context.xml" })
-public class JdbcMutableAclServiceTests extends
-		AbstractTransactionalJUnit4SpringContextTests {
+public class JdbcMutableAclServiceTests extends AbstractTransactionalJUnit4SpringContextTests {
+
 	// ~ Constant fields
 	// ================================================================================================
 
 	private static final String TARGET_CLASS = TargetObject.class.getName();
 
-	private final Authentication auth = new TestingAuthenticationToken("ben", "ignored",
-			"ROLE_ADMINISTRATOR");
+	private final Authentication auth = new TestingAuthenticationToken("ben", "ignored", "ROLE_ADMINISTRATOR");
 
 	public static final String SELECT_ALL_CLASSES = "SELECT * FROM acl_class WHERE class = ?";
 
 	// ~ Instance fields
 	// ================================================================================================
 
-	private final ObjectIdentity topParentOid = new ObjectIdentityImpl(TARGET_CLASS,
-			100L);
-	private final ObjectIdentity middleParentOid = new ObjectIdentityImpl(TARGET_CLASS,
-			101L);
-	private final ObjectIdentity childOid = new ObjectIdentityImpl(TARGET_CLASS,
-			102L);
+	private final ObjectIdentity topParentOid = new ObjectIdentityImpl(TARGET_CLASS, 100L);
+
+	private final ObjectIdentity middleParentOid = new ObjectIdentityImpl(TARGET_CLASS, 101L);
+
+	private final ObjectIdentity childOid = new ObjectIdentityImpl(TARGET_CLASS, 102L);
 
 	@Autowired
 	private JdbcMutableAclService jdbcMutableAclService;
+
 	@Autowired
 	private AclCache aclCache;
+
 	@Autowired
 	private LookupStrategy lookupStrategy;
+
 	@Autowired
 	private DataSource dataSource;
+
 	@Autowired
 	private JdbcTemplate jdbcTemplate;
 
@@ -166,8 +168,8 @@ public class JdbcMutableAclServiceTests extends
 		jdbcMutableAclService.updateAcl(child);
 
 		// Let's check if we can read them back correctly
-		Map<ObjectIdentity, Acl> map = jdbcMutableAclService.readAclsById(Arrays.asList(
-			getTopParentOid(), getMiddleParentOid(), getChildOid()));
+		Map<ObjectIdentity, Acl> map = jdbcMutableAclService
+				.readAclsById(Arrays.asList(getTopParentOid(), getMiddleParentOid(), getChildOid()));
 		assertThat(map).hasSize(3);
 
 		// Replace our current objects with their retrieved versions
@@ -257,8 +259,9 @@ public class JdbcMutableAclServiceTests extends
 		}
 
 		// Check the permissions are as they should be
-		assertThat(child.isGranted(delete, pSid, true)).isFalse(); // as earlier permission
-															// overrode
+		assertThat(child.isGranted(delete, pSid, true)).isFalse(); // as earlier
+																	// permission
+		// overrode
 		assertThat(child.isGranted(Arrays.asList(BasePermission.CREATE), pSid, true)).isTrue();
 
 		// Now check the first ACE (index 0) really is DELETE for our Sid and is
@@ -360,8 +363,7 @@ public class JdbcMutableAclServiceTests extends
 	@Transactional
 	public void createAclForADuplicateDomainObject() {
 		SecurityContextHolder.getContext().setAuthentication(auth);
-		ObjectIdentity duplicateOid = new ObjectIdentityImpl(TARGET_CLASS,
-				100L);
+		ObjectIdentity duplicateOid = new ObjectIdentityImpl(TARGET_CLASS, 100L);
 		jdbcMutableAclService.createAcl(duplicateOid);
 		// Try to add the same object second time
 		try {
@@ -419,11 +421,8 @@ public class JdbcMutableAclServiceTests extends
 
 		// Remove the child and check all related database rows were removed accordingly
 		jdbcMutableAclService.deleteAcl(getChildOid(), false);
-		assertThat(
-				jdbcTemplate.queryForList(SELECT_ALL_CLASSES,
-						new Object[] { getTargetClass() })).hasSize(1);
-		assertThat(jdbcTemplate.queryForList("select * from acl_object_identity")
-				).isEmpty();
+		assertThat(jdbcTemplate.queryForList(SELECT_ALL_CLASSES, new Object[] { getTargetClass() })).hasSize(1);
+		assertThat(jdbcTemplate.queryForList("select * from acl_object_identity")).isEmpty();
 		assertThat(jdbcTemplate.queryForList("select * from acl_entry")).isEmpty();
 
 		// Check the cache
@@ -439,8 +438,7 @@ public class JdbcMutableAclServiceTests extends
 		ObjectIdentity oid = new ObjectIdentityImpl(TARGET_CLASS, 101);
 		jdbcMutableAclService.createAcl(oid);
 
-		assertThat(jdbcMutableAclService.readAclById(new ObjectIdentityImpl(
-				TARGET_CLASS, 101L))).isNotNull();
+		assertThat(jdbcMutableAclService.readAclById(new ObjectIdentityImpl(TARGET_CLASS, 101L))).isNotNull();
 	}
 
 	/**
@@ -449,8 +447,7 @@ public class JdbcMutableAclServiceTests extends
 	@Test
 	@Transactional
 	public void childrenAreClearedFromCacheWhenParentIsUpdated() {
-		Authentication auth = new TestingAuthenticationToken("ben", "ignored",
-				"ROLE_ADMINISTRATOR");
+		Authentication auth = new TestingAuthenticationToken("ben", "ignored", "ROLE_ADMINISTRATOR");
 		auth.setAuthenticated(true);
 		SecurityContextHolder.getContext().setAuthentication(auth);
 
@@ -474,7 +471,8 @@ public class JdbcMutableAclServiceTests extends
 		child = (MutableAcl) jdbcMutableAclService.readAclById(childOid);
 		parent = (MutableAcl) child.getParentAcl();
 
-		assertThat(parent.getEntries()).hasSize(2).withFailMessage("Fails because child has a stale reference to its parent");
+		assertThat(parent.getEntries()).hasSize(2)
+				.withFailMessage("Fails because child has a stale reference to its parent");
 		assertThat(parent.getEntries().get(0).getPermission().getMask()).isEqualTo(1);
 		assertThat(parent.getEntries().get(0).getSid()).isEqualTo(new PrincipalSid("ben"));
 		assertThat(parent.getEntries().get(1).getPermission().getMask()).isEqualTo(1);
@@ -487,34 +485,28 @@ public class JdbcMutableAclServiceTests extends
 	@Test
 	@Transactional
 	public void childrenAreClearedFromCacheWhenParentisUpdated2() {
-		Authentication auth = new TestingAuthenticationToken("system", "secret",
-				"ROLE_IGNORED");
+		Authentication auth = new TestingAuthenticationToken("system", "secret", "ROLE_IGNORED");
 		SecurityContextHolder.getContext().setAuthentication(auth);
-		ObjectIdentityImpl rootObject = new ObjectIdentityImpl(TARGET_CLASS,
-				1L);
+		ObjectIdentityImpl rootObject = new ObjectIdentityImpl(TARGET_CLASS, 1L);
 
 		MutableAcl parent = jdbcMutableAclService.createAcl(rootObject);
-		MutableAcl child = jdbcMutableAclService.createAcl(new ObjectIdentityImpl(
-				TARGET_CLASS, 2L));
+		MutableAcl child = jdbcMutableAclService.createAcl(new ObjectIdentityImpl(TARGET_CLASS, 2L));
 		child.setParent(parent);
 		jdbcMutableAclService.updateAcl(child);
 
-		parent.insertAce(0, BasePermission.ADMINISTRATION, new GrantedAuthoritySid(
-				"ROLE_ADMINISTRATOR"), true);
+		parent.insertAce(0, BasePermission.ADMINISTRATION, new GrantedAuthoritySid("ROLE_ADMINISTRATOR"), true);
 		jdbcMutableAclService.updateAcl(parent);
 
 		parent.insertAce(1, BasePermission.DELETE, new PrincipalSid("terry"), true);
 		jdbcMutableAclService.updateAcl(parent);
 
-		child = (MutableAcl) jdbcMutableAclService.readAclById(new ObjectIdentityImpl(
-				TARGET_CLASS, 2L));
+		child = (MutableAcl) jdbcMutableAclService.readAclById(new ObjectIdentityImpl(TARGET_CLASS, 2L));
 
 		parent = (MutableAcl) child.getParentAcl();
 
 		assertThat(parent.getEntries()).hasSize(2);
 		assertThat(parent.getEntries().get(0).getPermission().getMask()).isEqualTo(16);
-		assertThat(parent.getEntries()
-				.get(0).getSid()).isEqualTo(new GrantedAuthoritySid("ROLE_ADMINISTRATOR"));
+		assertThat(parent.getEntries().get(0).getSid()).isEqualTo(new GrantedAuthoritySid("ROLE_ADMINISTRATOR"));
 		assertThat(parent.getEntries().get(1).getPermission().getMask()).isEqualTo(8);
 		assertThat(parent.getEntries().get(1).getSid()).isEqualTo(new PrincipalSid("terry"));
 	}
@@ -522,18 +514,15 @@ public class JdbcMutableAclServiceTests extends
 	@Test
 	@Transactional
 	public void cumulativePermissions() {
-		Authentication auth = new TestingAuthenticationToken("ben", "ignored",
-				"ROLE_ADMINISTRATOR");
+		Authentication auth = new TestingAuthenticationToken("ben", "ignored", "ROLE_ADMINISTRATOR");
 		auth.setAuthenticated(true);
 		SecurityContextHolder.getContext().setAuthentication(auth);
 
-		ObjectIdentity topParentOid = new ObjectIdentityImpl(TARGET_CLASS,
-				110L);
+		ObjectIdentity topParentOid = new ObjectIdentityImpl(TARGET_CLASS, 110L);
 		MutableAcl topParent = jdbcMutableAclService.createAcl(topParentOid);
 
 		// Add an ACE permission entry
-		Permission cm = new CumulativePermission().set(BasePermission.READ).set(
-				BasePermission.ADMINISTRATION);
+		Permission cm = new CumulativePermission().set(BasePermission.READ).set(BasePermission.ADMINISTRATION);
 		assertThat(cm.getMask()).isEqualTo(17);
 		Sid benSid = new PrincipalSid(auth);
 		topParent.insertAce(0, cm, benSid, true);
@@ -551,15 +540,12 @@ public class JdbcMutableAclServiceTests extends
 
 	@Test
 	public void testProcessingCustomSid() {
-		CustomJdbcMutableAclService customJdbcMutableAclService = spy(new CustomJdbcMutableAclService(
-				dataSource, lookupStrategy, aclCache));
+		CustomJdbcMutableAclService customJdbcMutableAclService = spy(
+				new CustomJdbcMutableAclService(dataSource, lookupStrategy, aclCache));
 		CustomSid customSid = new CustomSid("Custom sid");
-		when(
-				customJdbcMutableAclService.createOrRetrieveSidPrimaryKey("Custom sid",
-						false, false)).thenReturn(1L);
+		when(customJdbcMutableAclService.createOrRetrieveSidPrimaryKey("Custom sid", false, false)).thenReturn(1L);
 
-		Long result = customJdbcMutableAclService.createOrRetrieveSidPrimaryKey(
-				customSid, false);
+		Long result = customJdbcMutableAclService.createOrRetrieveSidPrimaryKey(customSid, false);
 
 		assertThat(new Long(1L)).isEqualTo(result);
 	}
@@ -570,8 +556,7 @@ public class JdbcMutableAclServiceTests extends
 	 */
 	private class CustomJdbcMutableAclService extends JdbcMutableAclService {
 
-		private CustomJdbcMutableAclService(DataSource dataSource,
-				LookupStrategy lookupStrategy, AclCache aclCache) {
+		private CustomJdbcMutableAclService(DataSource dataSource, LookupStrategy lookupStrategy, AclCache aclCache) {
 			super(dataSource, lookupStrategy, aclCache);
 		}
 
@@ -591,6 +576,7 @@ public class JdbcMutableAclServiceTests extends
 			}
 			return createOrRetrieveSidPrimaryKey(sidName, isPrincipal, allowCreate);
 		}
+
 	}
 
 	protected Authentication getAuth() {
@@ -600,4 +586,5 @@ public class JdbcMutableAclServiceTests extends
 	protected JdbcMutableAclService getJdbcMutableAclService() {
 		return jdbcMutableAclService;
 	}
+
 }
diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTestsWithAclClassId.java b/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTestsWithAclClassId.java
index 1d45b033aa..397dfc4820 100644
--- a/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTestsWithAclClassId.java
+++ b/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTestsWithAclClassId.java
@@ -28,20 +28,21 @@ import org.springframework.test.context.ContextConfiguration;
 import org.springframework.transaction.annotation.Transactional;
 
 /**
- * Integration tests the ACL system using ACL class id type of UUID and using an in-memory database.
+ * Integration tests the ACL system using ACL class id type of UUID and using an in-memory
+ * database.
+ *
  * @author Paul Wheeler
  */
-@ContextConfiguration(locations = {"/jdbcMutableAclServiceTestsWithAclClass-context.xml"})
+@ContextConfiguration(locations = { "/jdbcMutableAclServiceTestsWithAclClass-context.xml" })
 public class JdbcMutableAclServiceTestsWithAclClassId extends JdbcMutableAclServiceTests {
 
 	private static final String TARGET_CLASS_WITH_UUID = TargetObjectWithUUID.class.getName();
 
-	private final ObjectIdentity topParentOid = new ObjectIdentityImpl(TARGET_CLASS_WITH_UUID,
-		UUID.randomUUID());
-	private final ObjectIdentity middleParentOid = new ObjectIdentityImpl(TARGET_CLASS_WITH_UUID,
-		UUID.randomUUID());
-	private final ObjectIdentity childOid = new ObjectIdentityImpl(TARGET_CLASS_WITH_UUID,
-		UUID.randomUUID());
+	private final ObjectIdentity topParentOid = new ObjectIdentityImpl(TARGET_CLASS_WITH_UUID, UUID.randomUUID());
+
+	private final ObjectIdentity middleParentOid = new ObjectIdentityImpl(TARGET_CLASS_WITH_UUID, UUID.randomUUID());
+
+	private final ObjectIdentity childOid = new ObjectIdentityImpl(TARGET_CLASS_WITH_UUID, UUID.randomUUID());
 
 	@Override
 	protected String getSqlClassPathResource() {
@@ -77,7 +78,8 @@ public class JdbcMutableAclServiceTestsWithAclClassId extends JdbcMutableAclServ
 		ObjectIdentity oid = new ObjectIdentityImpl(TARGET_CLASS_WITH_UUID, id);
 		getJdbcMutableAclService().createAcl(oid);
 
-		assertThat(getJdbcMutableAclService().readAclById(new ObjectIdentityImpl(
-			TARGET_CLASS_WITH_UUID, id))).isNotNull();
+		assertThat(getJdbcMutableAclService().readAclById(new ObjectIdentityImpl(TARGET_CLASS_WITH_UUID, id)))
+				.isNotNull();
 	}
+
 }
diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/SpringCacheBasedAclCacheTests.java b/acl/src/test/java/org/springframework/security/acls/jdbc/SpringCacheBasedAclCacheTests.java
index 4d9de2f556..6b9368af6c 100644
--- a/acl/src/test/java/org/springframework/security/acls/jdbc/SpringCacheBasedAclCacheTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/jdbc/SpringCacheBasedAclCacheTests.java
@@ -41,6 +41,7 @@ import static org.assertj.core.api.Assertions.*;
  * @author Marten Deinum
  */
 public class SpringCacheBasedAclCacheTests {
+
 	private static final String TARGET_CLASS = "org.springframework.security.acls.TargetObject";
 
 	private static CacheManager cacheManager;
@@ -76,16 +77,14 @@ public class SpringCacheBasedAclCacheTests {
 		Map realCache = (Map) cache.getNativeCache();
 		ObjectIdentity identity = new ObjectIdentityImpl(TARGET_CLASS, 100L);
 		AclAuthorizationStrategy aclAuthorizationStrategy = new AclAuthorizationStrategyImpl(
-				new SimpleGrantedAuthority("ROLE_OWNERSHIP"), new SimpleGrantedAuthority(
-						"ROLE_AUDITING"), new SimpleGrantedAuthority("ROLE_GENERAL"));
+				new SimpleGrantedAuthority("ROLE_OWNERSHIP"), new SimpleGrantedAuthority("ROLE_AUDITING"),
+				new SimpleGrantedAuthority("ROLE_GENERAL"));
 		AuditLogger auditLogger = new ConsoleAuditLogger();
 
-		PermissionGrantingStrategy permissionGrantingStrategy = new DefaultPermissionGrantingStrategy(
-				auditLogger);
-		SpringCacheBasedAclCache myCache = new SpringCacheBasedAclCache(cache,
-				permissionGrantingStrategy, aclAuthorizationStrategy);
-		MutableAcl acl = new AclImpl(identity, 1L, aclAuthorizationStrategy,
-				auditLogger);
+		PermissionGrantingStrategy permissionGrantingStrategy = new DefaultPermissionGrantingStrategy(auditLogger);
+		SpringCacheBasedAclCache myCache = new SpringCacheBasedAclCache(cache, permissionGrantingStrategy,
+				aclAuthorizationStrategy);
+		MutableAcl acl = new AclImpl(identity, 1L, aclAuthorizationStrategy, auditLogger);
 
 		assertThat(realCache).isEmpty();
 		myCache.putInCache(acl);
@@ -96,8 +95,7 @@ public class SpringCacheBasedAclCacheTests {
 
 		// Put another object in cache
 		ObjectIdentity identity2 = new ObjectIdentityImpl(TARGET_CLASS, 101L);
-		MutableAcl acl2 = new AclImpl(identity2, 2L,
-				aclAuthorizationStrategy, new ConsoleAuditLogger());
+		MutableAcl acl2 = new AclImpl(identity2, 2L, aclAuthorizationStrategy, new ConsoleAuditLogger());
 
 		myCache.putInCache(acl2);
 
@@ -123,28 +121,23 @@ public class SpringCacheBasedAclCacheTests {
 		Cache cache = getCache();
 		Map realCache = (Map) cache.getNativeCache();
 
-		Authentication auth = new TestingAuthenticationToken("user", "password",
-				"ROLE_GENERAL");
+		Authentication auth = new TestingAuthenticationToken("user", "password", "ROLE_GENERAL");
 		auth.setAuthenticated(true);
 		SecurityContextHolder.getContext().setAuthentication(auth);
 
 		ObjectIdentity identity = new ObjectIdentityImpl(TARGET_CLASS, 1L);
-		ObjectIdentity identityParent = new ObjectIdentityImpl(TARGET_CLASS,
-				2L);
+		ObjectIdentity identityParent = new ObjectIdentityImpl(TARGET_CLASS, 2L);
 		AclAuthorizationStrategy aclAuthorizationStrategy = new AclAuthorizationStrategyImpl(
-				new SimpleGrantedAuthority("ROLE_OWNERSHIP"), new SimpleGrantedAuthority(
-						"ROLE_AUDITING"), new SimpleGrantedAuthority("ROLE_GENERAL"));
+				new SimpleGrantedAuthority("ROLE_OWNERSHIP"), new SimpleGrantedAuthority("ROLE_AUDITING"),
+				new SimpleGrantedAuthority("ROLE_GENERAL"));
 		AuditLogger auditLogger = new ConsoleAuditLogger();
 
-		PermissionGrantingStrategy permissionGrantingStrategy = new DefaultPermissionGrantingStrategy(
-				auditLogger);
-		SpringCacheBasedAclCache myCache = new SpringCacheBasedAclCache(cache,
-				permissionGrantingStrategy, aclAuthorizationStrategy);
+		PermissionGrantingStrategy permissionGrantingStrategy = new DefaultPermissionGrantingStrategy(auditLogger);
+		SpringCacheBasedAclCache myCache = new SpringCacheBasedAclCache(cache, permissionGrantingStrategy,
+				aclAuthorizationStrategy);
 
-		MutableAcl acl = new AclImpl(identity, 1L, aclAuthorizationStrategy,
-				auditLogger);
-		MutableAcl parentAcl = new AclImpl(identityParent, 2L,
-				aclAuthorizationStrategy, auditLogger);
+		MutableAcl acl = new AclImpl(identity, 1L, aclAuthorizationStrategy, auditLogger);
+		MutableAcl parentAcl = new AclImpl(identityParent, 2L, aclAuthorizationStrategy, auditLogger);
 
 		acl.setParent(parentAcl);
 
@@ -156,16 +149,14 @@ public class SpringCacheBasedAclCacheTests {
 		AclImpl aclFromCache = (AclImpl) myCache.getFromCache(1L);
 		assertThat(aclFromCache).isEqualTo(acl);
 		// SEC-951 check transient fields are set on parent
-		assertThat(FieldUtils.getFieldValue(aclFromCache.getParentAcl(),
-				"aclAuthorizationStrategy")).isNotNull();
-		assertThat(FieldUtils.getFieldValue(aclFromCache.getParentAcl(),
-				"permissionGrantingStrategy")).isNotNull();
+		assertThat(FieldUtils.getFieldValue(aclFromCache.getParentAcl(), "aclAuthorizationStrategy")).isNotNull();
+		assertThat(FieldUtils.getFieldValue(aclFromCache.getParentAcl(), "permissionGrantingStrategy")).isNotNull();
 		assertThat(myCache.getFromCache(identity)).isEqualTo(acl);
 		assertThat(FieldUtils.getFieldValue(aclFromCache, "aclAuthorizationStrategy")).isNotNull();
 		AclImpl parentAclFromCache = (AclImpl) myCache.getFromCache(2L);
 		assertThat(parentAclFromCache).isEqualTo(parentAcl);
-		assertThat(FieldUtils.getFieldValue(parentAclFromCache,
-				"aclAuthorizationStrategy")).isNotNull();
+		assertThat(FieldUtils.getFieldValue(parentAclFromCache, "aclAuthorizationStrategy")).isNotNull();
 		assertThat(myCache.getFromCache(identityParent)).isEqualTo(parentAcl);
 	}
+
 }
diff --git a/acl/src/test/java/org/springframework/security/acls/sid/CustomSid.java b/acl/src/test/java/org/springframework/security/acls/sid/CustomSid.java
index 21226f1888..c872258518 100644
--- a/acl/src/test/java/org/springframework/security/acls/sid/CustomSid.java
+++ b/acl/src/test/java/org/springframework/security/acls/sid/CustomSid.java
@@ -19,6 +19,7 @@ import org.springframework.security.acls.model.Sid;
 
 /**
  * This class is example of custom {@link Sid} implementation
+ *
  * @author Mikhail Stryzhonok
  */
 public class CustomSid implements Sid {
@@ -36,4 +37,5 @@ public class CustomSid implements Sid {
 	public void setSid(String sid) {
 		this.sid = sid;
 	}
+
 }
diff --git a/acl/src/test/java/org/springframework/security/acls/sid/SidRetrievalStrategyTests.java b/acl/src/test/java/org/springframework/security/acls/sid/SidRetrievalStrategyTests.java
index ba61b41d01..8972dfa378 100644
--- a/acl/src/test/java/org/springframework/security/acls/sid/SidRetrievalStrategyTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/sid/SidRetrievalStrategyTests.java
@@ -39,8 +39,8 @@ import org.springframework.security.core.authority.AuthorityUtils;
  */
 @SuppressWarnings("unchecked")
 public class SidRetrievalStrategyTests {
-	Authentication authentication = new TestingAuthenticationToken("scott", "password",
-			"A", "B", "C");
+
+	Authentication authentication = new TestingAuthenticationToken("scott", "password", "A", "B", "C");
 
 	// ~ Methods
 	// ========================================================================================================
@@ -69,8 +69,7 @@ public class SidRetrievalStrategyTests {
 	public void roleHierarchyIsUsedWhenSet() {
 		RoleHierarchy rh = mock(RoleHierarchy.class);
 		List rhAuthorities = AuthorityUtils.createAuthorityList("D");
-		when(rh.getReachableGrantedAuthorities(anyCollection()))
-				.thenReturn(rhAuthorities);
+		when(rh.getReachableGrantedAuthorities(anyCollection())).thenReturn(rhAuthorities);
 		SidRetrievalStrategy strat = new SidRetrievalStrategyImpl(rh);
 
 		List<Sid> sids = strat.getSids(authentication);
@@ -79,4 +78,5 @@ public class SidRetrievalStrategyTests {
 		assertThat(sids.get(0) instanceof PrincipalSid).isTrue();
 		assertThat(((GrantedAuthoritySid) sids.get(1)).getGrantedAuthority()).isEqualTo("D");
 	}
+
 }
diff --git a/acl/src/test/java/org/springframework/security/acls/sid/SidTests.java b/acl/src/test/java/org/springframework/security/acls/sid/SidTests.java
index b65c1cb906..fe11171182 100644
--- a/acl/src/test/java/org/springframework/security/acls/sid/SidTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/sid/SidTests.java
@@ -67,16 +67,14 @@ public class SidTests {
 		}
 
 		try {
-			Authentication authentication = new TestingAuthenticationToken(null,
-					"password");
+			Authentication authentication = new TestingAuthenticationToken(null, "password");
 			new PrincipalSid(authentication);
 			fail("It should have thrown IllegalArgumentException");
 		}
 		catch (IllegalArgumentException expected) {
 		}
 
-		Authentication authentication = new TestingAuthenticationToken("johndoe",
-				"password");
+		Authentication authentication = new TestingAuthenticationToken("johndoe", "password");
 		new PrincipalSid(authentication);
 		// throws no exception
 	}
@@ -140,18 +138,15 @@ public class SidTests {
 
 	@Test
 	public void testPrincipalSidEquals() {
-		Authentication authentication = new TestingAuthenticationToken("johndoe",
-				"password");
+		Authentication authentication = new TestingAuthenticationToken("johndoe", "password");
 		Sid principalSid = new PrincipalSid(authentication);
 
 		assertThat(principalSid.equals(null)).isFalse();
 		assertThat(principalSid.equals("DIFFERENT_TYPE_OBJECT")).isFalse();
 		assertThat(principalSid.equals(principalSid)).isTrue();
 		assertThat(principalSid.equals(new PrincipalSid(authentication))).isTrue();
-		assertThat(principalSid.equals(new PrincipalSid(
-				new TestingAuthenticationToken("johndoe", null)))).isTrue();
-		assertThat(principalSid.equals(new PrincipalSid(
-				new TestingAuthenticationToken("scott", null)))).isFalse();
+		assertThat(principalSid.equals(new PrincipalSid(new TestingAuthenticationToken("johndoe", null)))).isTrue();
+		assertThat(principalSid.equals(new PrincipalSid(new TestingAuthenticationToken("scott", null)))).isFalse();
 		assertThat(principalSid.equals(new PrincipalSid("johndoe"))).isTrue();
 		assertThat(principalSid.equals(new PrincipalSid("scott"))).isFalse();
 	}
@@ -165,27 +160,22 @@ public class SidTests {
 		assertThat(gaSid.equals("DIFFERENT_TYPE_OBJECT")).isFalse();
 		assertThat(gaSid.equals(gaSid)).isTrue();
 		assertThat(gaSid.equals(new GrantedAuthoritySid(ga))).isTrue();
-		assertThat(gaSid.equals(new GrantedAuthoritySid(
-				new SimpleGrantedAuthority("ROLE_TEST")))).isTrue();
-		assertThat(gaSid.equals(new GrantedAuthoritySid(
-				new SimpleGrantedAuthority("ROLE_NOT_EQUAL")))).isFalse();
+		assertThat(gaSid.equals(new GrantedAuthoritySid(new SimpleGrantedAuthority("ROLE_TEST")))).isTrue();
+		assertThat(gaSid.equals(new GrantedAuthoritySid(new SimpleGrantedAuthority("ROLE_NOT_EQUAL")))).isFalse();
 		assertThat(gaSid.equals(new GrantedAuthoritySid("ROLE_TEST"))).isTrue();
 		assertThat(gaSid.equals(new GrantedAuthoritySid("ROLE_NOT_EQUAL"))).isFalse();
 	}
 
 	@Test
 	public void testPrincipalSidHashCode() {
-		Authentication authentication = new TestingAuthenticationToken("johndoe",
-				"password");
+		Authentication authentication = new TestingAuthenticationToken("johndoe", "password");
 		Sid principalSid = new PrincipalSid(authentication);
 
 		assertThat(principalSid.hashCode()).isEqualTo("johndoe".hashCode());
-		assertThat(principalSid.hashCode()).isEqualTo(
-				new PrincipalSid("johndoe").hashCode());
-		assertThat(principalSid.hashCode()).isNotEqualTo(
-				new PrincipalSid("scott").hashCode());
-		assertThat(principalSid.hashCode()).isNotEqualTo(new PrincipalSid(
-				new TestingAuthenticationToken("scott", "password")).hashCode());
+		assertThat(principalSid.hashCode()).isEqualTo(new PrincipalSid("johndoe").hashCode());
+		assertThat(principalSid.hashCode()).isNotEqualTo(new PrincipalSid("scott").hashCode());
+		assertThat(principalSid.hashCode())
+				.isNotEqualTo(new PrincipalSid(new TestingAuthenticationToken("scott", "password")).hashCode());
 	}
 
 	@Test
@@ -194,18 +184,15 @@ public class SidTests {
 		Sid gaSid = new GrantedAuthoritySid(ga);
 
 		assertThat(gaSid.hashCode()).isEqualTo("ROLE_TEST".hashCode());
-		assertThat(gaSid.hashCode()).isEqualTo(
-				new GrantedAuthoritySid("ROLE_TEST").hashCode());
-		assertThat(gaSid.hashCode()).isNotEqualTo(
-				new GrantedAuthoritySid("ROLE_TEST_2").hashCode());
-		assertThat(gaSid.hashCode()).isNotEqualTo(new GrantedAuthoritySid(
-				new SimpleGrantedAuthority("ROLE_TEST_2")).hashCode());
+		assertThat(gaSid.hashCode()).isEqualTo(new GrantedAuthoritySid("ROLE_TEST").hashCode());
+		assertThat(gaSid.hashCode()).isNotEqualTo(new GrantedAuthoritySid("ROLE_TEST_2").hashCode());
+		assertThat(gaSid.hashCode())
+				.isNotEqualTo(new GrantedAuthoritySid(new SimpleGrantedAuthority("ROLE_TEST_2")).hashCode());
 	}
 
 	@Test
 	public void testGetters() {
-		Authentication authentication = new TestingAuthenticationToken("johndoe",
-				"password");
+		Authentication authentication = new TestingAuthenticationToken("johndoe", "password");
 		PrincipalSid principalSid = new PrincipalSid(authentication);
 		GrantedAuthority ga = new SimpleGrantedAuthority("ROLE_TEST");
 		GrantedAuthoritySid gaSid = new GrantedAuthoritySid(ga);
@@ -243,6 +230,7 @@ public class SidTests {
 	}
 
 	static class CustomAuthenticationToken extends AbstractAuthenticationToken {
+
 		private CustomToken principal;
 
 		CustomAuthenticationToken(CustomToken principal, Collection<GrantedAuthority> authorities) {
@@ -264,9 +252,11 @@ public class SidTests {
 		public String getName() {
 			return principal.getName();
 		}
+
 	}
 
 	static class CustomToken {
+
 		private String name;
 
 		CustomToken(String name) {
@@ -276,5 +266,7 @@ public class SidTests {
 		String getName() {
 			return name;
 		}
+
 	}
+
 }
diff --git a/aspects/src/test/java/org/springframework/security/access/intercept/aspectj/aspect/AnnotationSecurityAspectTests.java b/aspects/src/test/java/org/springframework/security/access/intercept/aspectj/aspect/AnnotationSecurityAspectTests.java
index f0d7570722..90ff2b7db6 100644
--- a/aspects/src/test/java/org/springframework/security/access/intercept/aspectj/aspect/AnnotationSecurityAspectTests.java
+++ b/aspects/src/test/java/org/springframework/security/access/intercept/aspectj/aspect/AnnotationSecurityAspectTests.java
@@ -50,36 +50,37 @@ import org.springframework.security.authentication.TestingAuthenticationToken;
 import org.springframework.security.core.context.SecurityContextHolder;
 
 /**
- *
  * @author Luke Taylor
  * @since 3.0.3
  */
 public class AnnotationSecurityAspectTests {
+
 	private AffirmativeBased adm;
+
 	private @Mock AuthenticationManager authman;
-	private TestingAuthenticationToken anne = new TestingAuthenticationToken("anne", "",
-			"ROLE_A");
+
+	private TestingAuthenticationToken anne = new TestingAuthenticationToken("anne", "", "ROLE_A");
+
 	// private TestingAuthenticationToken bob = new TestingAuthenticationToken("bob", "",
 	// "ROLE_B");
 	private AspectJMethodSecurityInterceptor interceptor;
+
 	private SecuredImpl secured = new SecuredImpl();
+
 	private SecuredImplSubclass securedSub = new SecuredImplSubclass();
+
 	private PrePostSecured prePostSecured = new PrePostSecured();
 
 	@Before
 	public final void setUp() {
 		MockitoAnnotations.initMocks(this);
 		interceptor = new AspectJMethodSecurityInterceptor();
-		AccessDecisionVoter[] voters = new AccessDecisionVoter[] {
-				new RoleVoter(),
-				new PreInvocationAuthorizationAdviceVoter(
-						new ExpressionBasedPreInvocationAdvice()) };
-		adm = new AffirmativeBased(
-				Arrays.<AccessDecisionVoter<? extends Object>> asList(voters));
+		AccessDecisionVoter[] voters = new AccessDecisionVoter[] { new RoleVoter(),
+				new PreInvocationAuthorizationAdviceVoter(new ExpressionBasedPreInvocationAdvice()) };
+		adm = new AffirmativeBased(Arrays.<AccessDecisionVoter<? extends Object>>asList(voters));
 		interceptor.setAccessDecisionManager(adm);
 		interceptor.setAuthenticationManager(authman);
-		interceptor
-				.setSecurityMetadataSource(new SecuredAnnotationSecurityMetadataSource());
+		interceptor.setSecurityMetadataSource(new SecuredAnnotationSecurityMetadataSource());
 		AnnotationSecurityAspect secAspect = AnnotationSecurityAspect.aspectOf();
 		secAspect.setSecurityInterceptor(interceptor);
 	}
@@ -151,23 +152,25 @@ public class AnnotationSecurityAspectTests {
 
 	private void configureForElAnnotations() {
 		DefaultMethodSecurityExpressionHandler eh = new DefaultMethodSecurityExpressionHandler();
-		interceptor
-				.setSecurityMetadataSource(new PrePostAnnotationSecurityMetadataSource(
-						new ExpressionBasedAnnotationAttributeFactory(eh)));
+		interceptor.setSecurityMetadataSource(
+				new PrePostAnnotationSecurityMetadataSource(new ExpressionBasedAnnotationAttributeFactory(eh)));
 		interceptor.setAccessDecisionManager(adm);
 		AfterInvocationProviderManager aim = new AfterInvocationProviderManager();
-		aim.setProviders(Arrays.asList(new PostInvocationAdviceProvider(
-				new ExpressionBasedPostInvocationAdvice(eh))));
+		aim.setProviders(Arrays.asList(new PostInvocationAdviceProvider(new ExpressionBasedPostInvocationAdvice(eh))));
 		interceptor.setAfterInvocationManager(aim);
 	}
+
 }
 
 interface SecuredInterface {
+
 	@Secured("ROLE_X")
 	void securedMethod();
+
 }
 
 class SecuredImpl implements SecuredInterface {
+
 	// Not really secured because AspectJ doesn't inherit annotations from interfaces
 	public void securedMethod() {
 	}
@@ -188,18 +191,22 @@ class SecuredImpl implements SecuredInterface {
 	public void publicCallsPrivate() {
 		privateMethod();
 	}
+
 }
 
 class SecuredImplSubclass extends SecuredImpl {
+
 	protected void protectedMethod() {
 	}
 
 	public void publicCallsPrivate() {
 		super.publicCallsPrivate();
 	}
+
 }
 
 class PrePostSecured {
+
 	@PreAuthorize("denyAll")
 	public void denyAllMethod() {
 	}
@@ -207,8 +214,8 @@ class PrePostSecured {
 	@PostFilter("filterObject.startsWith('a')")
 	public List<String> postFilterMethod() {
 		ArrayList<String> objects = new ArrayList<>();
-		objects.addAll(Arrays.asList(new String[] { "apple", "banana", "aubergine",
-				"orange" }));
+		objects.addAll(Arrays.asList(new String[] { "apple", "banana", "aubergine", "orange" }));
 		return objects;
 	}
+
 }
diff --git a/cas/src/main/java/org/springframework/security/cas/SamlServiceProperties.java b/cas/src/main/java/org/springframework/security/cas/SamlServiceProperties.java
index 6be415859e..c20e352e73 100644
--- a/cas/src/main/java/org/springframework/security/cas/SamlServiceProperties.java
+++ b/cas/src/main/java/org/springframework/security/cas/SamlServiceProperties.java
@@ -32,4 +32,5 @@ public final class SamlServiceProperties extends ServiceProperties {
 		super.setArtifactParameter(DEFAULT_SAML_ARTIFACT_PARAMETER);
 		super.setServiceParameter(DEFAULT_SAML_SERVICE_PARAMETER);
 	}
+
 }
diff --git a/cas/src/main/java/org/springframework/security/cas/ServiceProperties.java b/cas/src/main/java/org/springframework/security/cas/ServiceProperties.java
index e63742222c..85bab3cc0e 100644
--- a/cas/src/main/java/org/springframework/security/cas/ServiceProperties.java
+++ b/cas/src/main/java/org/springframework/security/cas/ServiceProperties.java
@@ -65,7 +65,6 @@ public class ServiceProperties implements InitializingBean {
 	 * <pre>
 	 * https://www.mycompany.com/application/login/cas
 	 * </pre>
-	 *
 	 * @return the URL of the service the user is authenticating to
 	 */
 	public final String getService() {
@@ -81,7 +80,6 @@ public class ServiceProperties implements InitializingBean {
 	 * ticket was generated as a consequence of an explicit login. High security
 	 * applications would probably set this to <code>true</code>. Defaults to
 	 * <code>false</code>, providing automated single sign on.
-	 *
 	 * @return whether to send the <code>renew</code> parameter to CAS
 	 */
 	public final boolean isSendRenew() {
@@ -103,7 +101,6 @@ public class ServiceProperties implements InitializingBean {
 	/**
 	 * Configures the Request Parameter to look for when attempting to see if a CAS ticket
 	 * was sent from the server.
-	 *
 	 * @param artifactParameter the id to use. Default is "ticket".
 	 */
 	public final void setArtifactParameter(final String artifactParameter) {
@@ -113,7 +110,6 @@ public class ServiceProperties implements InitializingBean {
 	/**
 	 * Configures the Request parameter to look for when attempting to send a request to
 	 * CAS.
-	 *
 	 * @return the service parameter to use. Default is "service".
 	 */
 	public final String getServiceParameter() {
@@ -132,11 +128,10 @@ public class ServiceProperties implements InitializingBean {
 	 * If true, then any non-null artifact (ticket) should be authenticated. Additionally,
 	 * the service will be determined dynamically in order to ensure the service matches
 	 * the expected value for this artifact.
-	 *
 	 * @param authenticateAllArtifacts
 	 */
-	public final void setAuthenticateAllArtifacts(
-			final boolean authenticateAllArtifacts) {
+	public final void setAuthenticateAllArtifacts(final boolean authenticateAllArtifacts) {
 		this.authenticateAllArtifacts = authenticateAllArtifacts;
 	}
+
 }
diff --git a/cas/src/main/java/org/springframework/security/cas/authentication/CasAssertionAuthenticationToken.java b/cas/src/main/java/org/springframework/security/cas/authentication/CasAssertionAuthenticationToken.java
index af82fa1183..ffc2ad4703 100644
--- a/cas/src/main/java/org/springframework/security/cas/authentication/CasAssertionAuthenticationToken.java
+++ b/cas/src/main/java/org/springframework/security/cas/authentication/CasAssertionAuthenticationToken.java
@@ -53,4 +53,5 @@ public final class CasAssertionAuthenticationToken extends AbstractAuthenticatio
 	public Assertion getAssertion() {
 		return this.assertion;
 	}
+
 }
diff --git a/cas/src/main/java/org/springframework/security/cas/authentication/CasAuthenticationProvider.java b/cas/src/main/java/org/springframework/security/cas/authentication/CasAuthenticationProvider.java
index 226a786d6b..e40696fb94 100644
--- a/cas/src/main/java/org/springframework/security/cas/authentication/CasAuthenticationProvider.java
+++ b/cas/src/main/java/org/springframework/security/cas/authentication/CasAuthenticationProvider.java
@@ -54,8 +54,8 @@ import org.springframework.util.Assert;
  * @author Ben Alex
  * @author Scott Battaglia
  */
-public class CasAuthenticationProvider implements AuthenticationProvider,
-		InitializingBean, MessageSourceAware {
+public class CasAuthenticationProvider implements AuthenticationProvider, InitializingBean, MessageSourceAware {
+
 	// ~ Static fields/initializers
 	// =====================================================================================
 
@@ -67,67 +67,65 @@ public class CasAuthenticationProvider implements AuthenticationProvider,
 	private AuthenticationUserDetailsService<CasAssertionAuthenticationToken> authenticationUserDetailsService;
 
 	private final UserDetailsChecker userDetailsChecker = new AccountStatusUserDetailsChecker();
+
 	protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
+
 	private StatelessTicketCache statelessTicketCache = new NullStatelessTicketCache();
+
 	private String key;
+
 	private TicketValidator ticketValidator;
+
 	private ServiceProperties serviceProperties;
+
 	private GrantedAuthoritiesMapper authoritiesMapper = new NullAuthoritiesMapper();
 
 	// ~ Methods
 	// ========================================================================================================
 
 	public void afterPropertiesSet() {
-		Assert.notNull(this.authenticationUserDetailsService,
-				"An authenticationUserDetailsService must be set");
+		Assert.notNull(this.authenticationUserDetailsService, "An authenticationUserDetailsService must be set");
 		Assert.notNull(this.ticketValidator, "A ticketValidator must be set");
 		Assert.notNull(this.statelessTicketCache, "A statelessTicketCache must be set");
-		Assert.hasText(
-				this.key,
+		Assert.hasText(this.key,
 				"A Key is required so CasAuthenticationProvider can identify tokens it previously authenticated");
 		Assert.notNull(this.messages, "A message source must be set");
 	}
 
-	public Authentication authenticate(Authentication authentication)
-			throws AuthenticationException {
+	public Authentication authenticate(Authentication authentication) throws AuthenticationException {
 		if (!supports(authentication.getClass())) {
 			return null;
 		}
 
 		if (authentication instanceof UsernamePasswordAuthenticationToken
-				&& (!CasAuthenticationFilter.CAS_STATEFUL_IDENTIFIER
-						.equals(authentication.getPrincipal().toString()) && !CasAuthenticationFilter.CAS_STATELESS_IDENTIFIER
-						.equals(authentication.getPrincipal().toString()))) {
+				&& (!CasAuthenticationFilter.CAS_STATEFUL_IDENTIFIER.equals(authentication.getPrincipal().toString())
+						&& !CasAuthenticationFilter.CAS_STATELESS_IDENTIFIER
+								.equals(authentication.getPrincipal().toString()))) {
 			// UsernamePasswordAuthenticationToken not CAS related
 			return null;
 		}
 
 		// If an existing CasAuthenticationToken, just check we created it
 		if (authentication instanceof CasAuthenticationToken) {
-			if (this.key.hashCode() == ((CasAuthenticationToken) authentication)
-					.getKeyHash()) {
+			if (this.key.hashCode() == ((CasAuthenticationToken) authentication).getKeyHash()) {
 				return authentication;
 			}
 			else {
-				throw new BadCredentialsException(
-						messages.getMessage("CasAuthenticationProvider.incorrectKey",
-								"The presented CasAuthenticationToken does not contain the expected key"));
+				throw new BadCredentialsException(messages.getMessage("CasAuthenticationProvider.incorrectKey",
+						"The presented CasAuthenticationToken does not contain the expected key"));
 			}
 		}
 
 		// Ensure credentials are presented
-		if ((authentication.getCredentials() == null)
-				|| "".equals(authentication.getCredentials())) {
-			throw new BadCredentialsException(messages.getMessage(
-					"CasAuthenticationProvider.noServiceTicket",
+		if ((authentication.getCredentials() == null) || "".equals(authentication.getCredentials())) {
+			throw new BadCredentialsException(messages.getMessage("CasAuthenticationProvider.noServiceTicket",
 					"Failed to provide a CAS service ticket to validate"));
 		}
 
 		boolean stateless = false;
 
 		if (authentication instanceof UsernamePasswordAuthenticationToken
-				&& CasAuthenticationFilter.CAS_STATELESS_IDENTIFIER.equals(authentication
-						.getPrincipal())) {
+				&& CasAuthenticationFilter.CAS_STATELESS_IDENTIFIER.equals(authentication.getPrincipal())) {
 			stateless = true;
 		}
 
@@ -135,8 +133,7 @@ public class CasAuthenticationProvider implements AuthenticationProvider,
 
 		if (stateless) {
 			// Try to obtain from cache
-			result = statelessTicketCache.getByTicketId(authentication.getCredentials()
-					.toString());
+			result = statelessTicketCache.getByTicketId(authentication.getCredentials().toString());
 		}
 
 		if (result == null) {
@@ -152,17 +149,14 @@ public class CasAuthenticationProvider implements AuthenticationProvider,
 		return result;
 	}
 
-	private CasAuthenticationToken authenticateNow(final Authentication authentication)
-			throws AuthenticationException {
+	private CasAuthenticationToken authenticateNow(final Authentication authentication) throws AuthenticationException {
 		try {
-			final Assertion assertion = this.ticketValidator.validate(authentication
-					.getCredentials().toString(), getServiceUrl(authentication));
+			final Assertion assertion = this.ticketValidator.validate(authentication.getCredentials().toString(),
+					getServiceUrl(authentication));
 			final UserDetails userDetails = loadUserByAssertion(assertion);
 			userDetailsChecker.check(userDetails);
-			return new CasAuthenticationToken(this.key, userDetails,
-					authentication.getCredentials(),
-					authoritiesMapper.mapAuthorities(userDetails.getAuthorities()),
-					userDetails, assertion);
+			return new CasAuthenticationToken(this.key, userDetails, authentication.getCredentials(),
+					authoritiesMapper.mapAuthorities(userDetails.getAuthorities()), userDetails, assertion);
 		}
 		catch (final TicketValidationException e) {
 			throw new BadCredentialsException(e.getMessage(), e);
@@ -174,15 +168,13 @@ public class CasAuthenticationProvider implements AuthenticationProvider,
 	 * {@link ServiceAuthenticationDetails}, then
 	 * {@link ServiceAuthenticationDetails#getServiceUrl()} is used. Otherwise, the
 	 * {@link ServiceProperties#getService()} is used.
-	 *
 	 * @param authentication
 	 * @return
 	 */
 	private String getServiceUrl(Authentication authentication) {
 		String serviceUrl;
 		if (authentication.getDetails() instanceof ServiceAuthenticationDetails) {
-			serviceUrl = ((ServiceAuthenticationDetails) authentication.getDetails())
-					.getServiceUrl();
+			serviceUrl = ((ServiceAuthenticationDetails) authentication.getDetails()).getServiceUrl();
 		}
 		else if (serviceProperties == null) {
 			throw new IllegalStateException(
@@ -205,13 +197,11 @@ public class CasAuthenticationProvider implements AuthenticationProvider,
 	 * Template method for retrieving the UserDetails based on the assertion. Default is
 	 * to call configured userDetailsService and pass the username. Deployers can override
 	 * this method and retrieve the user based on any criteria they desire.
-	 *
 	 * @param assertion The CAS Assertion.
 	 * @return the UserDetails.
 	 */
 	protected UserDetails loadUserByAssertion(final Assertion assertion) {
-		final CasAssertionAuthenticationToken token = new CasAssertionAuthenticationToken(
-				assertion, "");
+		final CasAssertionAuthenticationToken token = new CasAssertionAuthenticationToken(assertion, "");
 		return this.authenticationUserDetailsService.loadUserDetails(token);
 	}
 
@@ -220,8 +210,7 @@ public class CasAuthenticationProvider implements AuthenticationProvider,
 	 * Sets the UserDetailsService to use. This is a convenience method to invoke
 	 */
 	public void setUserDetailsService(final UserDetailsService userDetailsService) {
-		this.authenticationUserDetailsService = new UserDetailsByNameServiceWrapper(
-				userDetailsService);
+		this.authenticationUserDetailsService = new UserDetailsByNameServiceWrapper(userDetailsService);
 	}
 
 	public void setAuthenticationUserDetailsService(
@@ -266,10 +255,9 @@ public class CasAuthenticationProvider implements AuthenticationProvider,
 	}
 
 	public boolean supports(final Class<?> authentication) {
-		return (UsernamePasswordAuthenticationToken.class
-				.isAssignableFrom(authentication))
+		return (UsernamePasswordAuthenticationToken.class.isAssignableFrom(authentication))
 				|| (CasAuthenticationToken.class.isAssignableFrom(authentication))
-				|| (CasAssertionAuthenticationToken.class
-						.isAssignableFrom(authentication));
+				|| (CasAssertionAuthenticationToken.class.isAssignableFrom(authentication));
 	}
+
 }
diff --git a/cas/src/main/java/org/springframework/security/cas/authentication/CasAuthenticationToken.java b/cas/src/main/java/org/springframework/security/cas/authentication/CasAuthenticationToken.java
index d3d0827133..3483b640cc 100644
--- a/cas/src/main/java/org/springframework/security/cas/authentication/CasAuthenticationToken.java
+++ b/cas/src/main/java/org/springframework/security/cas/authentication/CasAuthenticationToken.java
@@ -32,17 +32,20 @@ import org.springframework.util.Assert;
  * @author Ben Alex
  * @author Scott Battaglia
  */
-public class CasAuthenticationToken extends AbstractAuthenticationToken implements
-		Serializable {
+public class CasAuthenticationToken extends AbstractAuthenticationToken implements Serializable {
 
 	private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
 
 	// ~ Instance fields
 	// ================================================================================================
 	private final Object credentials;
+
 	private final Object principal;
+
 	private final UserDetails userDetails;
+
 	private final int keyHash;
+
 	private final Assertion assertion;
 
 	// ~ Constructors
@@ -50,60 +53,53 @@ public class CasAuthenticationToken extends AbstractAuthenticationToken implemen
 
 	/**
 	 * Constructor.
-	 *
-	 * @param key         to identify if this object made by a given
-	 *                    {@link CasAuthenticationProvider}
-	 * @param principal   typically the UserDetails object (cannot be <code>null</code>)
+	 * @param key to identify if this object made by a given
+	 * {@link CasAuthenticationProvider}
+	 * @param principal typically the UserDetails object (cannot be <code>null</code>)
 	 * @param credentials the service/proxy ticket ID from CAS (cannot be
-	 *                    <code>null</code>)
+	 * <code>null</code>)
 	 * @param authorities the authorities granted to the user (from the
-	 *                    {@link org.springframework.security.core.userdetails.UserDetailsService}) (cannot
-	 *                    be <code>null</code>)
+	 * {@link org.springframework.security.core.userdetails.UserDetailsService}) (cannot
+	 * be <code>null</code>)
 	 * @param userDetails the user details (from the
-	 *                    {@link org.springframework.security.core.userdetails.UserDetailsService}) (cannot
-	 *                    be <code>null</code>)
-	 * @param assertion   the assertion returned from the CAS servers. It contains the
-	 *                    principal and how to obtain a proxy ticket for the user.
+	 * {@link org.springframework.security.core.userdetails.UserDetailsService}) (cannot
+	 * be <code>null</code>)
+	 * @param assertion the assertion returned from the CAS servers. It contains the
+	 * principal and how to obtain a proxy ticket for the user.
 	 * @throws IllegalArgumentException if a <code>null</code> was passed
 	 */
-	public CasAuthenticationToken(final String key, final Object principal,
-								final Object credentials,
-								final Collection<? extends GrantedAuthority> authorities,
-								final UserDetails userDetails, final Assertion assertion) {
+	public CasAuthenticationToken(final String key, final Object principal, final Object credentials,
+			final Collection<? extends GrantedAuthority> authorities, final UserDetails userDetails,
+			final Assertion assertion) {
 		this(extractKeyHash(key), principal, credentials, authorities, userDetails, assertion);
 	}
 
 	/**
 	 * Private constructor for Jackson Deserialization support
-	 *
-	 * @param keyHash     hashCode of provided key to identify if this object made by a given
-	 *                    {@link CasAuthenticationProvider}
-	 * @param principal   typically the UserDetails object (cannot be <code>null</code>)
+	 * @param keyHash hashCode of provided key to identify if this object made by a given
+	 * {@link CasAuthenticationProvider}
+	 * @param principal typically the UserDetails object (cannot be <code>null</code>)
 	 * @param credentials the service/proxy ticket ID from CAS (cannot be
-	 *                    <code>null</code>)
+	 * <code>null</code>)
 	 * @param authorities the authorities granted to the user (from the
-	 *                    {@link org.springframework.security.core.userdetails.UserDetailsService}) (cannot
-	 *                    be <code>null</code>)
+	 * {@link org.springframework.security.core.userdetails.UserDetailsService}) (cannot
+	 * be <code>null</code>)
 	 * @param userDetails the user details (from the
-	 *                    {@link org.springframework.security.core.userdetails.UserDetailsService}) (cannot
-	 *                    be <code>null</code>)
-	 * @param assertion   the assertion returned from the CAS servers. It contains the
-	 *                    principal and how to obtain a proxy ticket for the user.
+	 * {@link org.springframework.security.core.userdetails.UserDetailsService}) (cannot
+	 * be <code>null</code>)
+	 * @param assertion the assertion returned from the CAS servers. It contains the
+	 * principal and how to obtain a proxy ticket for the user.
 	 * @throws IllegalArgumentException if a <code>null</code> was passed
 	 * @since 4.2
 	 */
-	private CasAuthenticationToken(final Integer keyHash, final Object principal,
-									final Object credentials,
-									final Collection<? extends GrantedAuthority> authorities,
-									final UserDetails userDetails, final Assertion assertion) {
+	private CasAuthenticationToken(final Integer keyHash, final Object principal, final Object credentials,
+			final Collection<? extends GrantedAuthority> authorities, final UserDetails userDetails,
+			final Assertion assertion) {
 		super(authorities);
 
-		if ((principal == null)
-				|| "".equals(principal) || (credentials == null)
-				|| "".equals(credentials) || (authorities == null)
-				|| (userDetails == null) || (assertion == null)) {
-			throw new IllegalArgumentException(
-					"Cannot pass null or empty values to constructor");
+		if ((principal == null) || "".equals(principal) || (credentials == null) || "".equals(credentials)
+				|| (authorities == null) || (userDetails == null) || (assertion == null)) {
+			throw new IllegalArgumentException("Cannot pass null or empty values to constructor");
 		}
 
 		this.keyHash = keyHash;
@@ -187,4 +183,5 @@ public class CasAuthenticationToken extends AbstractAuthenticationToken implemen
 
 		return (sb.toString());
 	}
+
 }
diff --git a/cas/src/main/java/org/springframework/security/cas/authentication/EhCacheBasedTicketCache.java b/cas/src/main/java/org/springframework/security/cas/authentication/EhCacheBasedTicketCache.java
index e424d512de..7840387422 100644
--- a/cas/src/main/java/org/springframework/security/cas/authentication/EhCacheBasedTicketCache.java
+++ b/cas/src/main/java/org/springframework/security/cas/authentication/EhCacheBasedTicketCache.java
@@ -25,12 +25,13 @@ import org.springframework.beans.factory.InitializingBean;
 import org.springframework.util.Assert;
 
 /**
- * Caches tickets using a Spring IoC defined <a
- * href="https://www.ehcache.org/">EHCACHE</a>.
+ * Caches tickets using a Spring IoC defined
+ * <a href="https://www.ehcache.org/">EHCACHE</a>.
  *
  * @author Ben Alex
  */
 public class EhCacheBasedTicketCache implements StatelessTicketCache, InitializingBean {
+
 	// ~ Static fields/initializers
 	// =====================================================================================
 
@@ -52,8 +53,7 @@ public class EhCacheBasedTicketCache implements StatelessTicketCache, Initializi
 		final Element element = cache.get(serviceTicket);
 
 		if (logger.isDebugEnabled()) {
-			logger.debug("Cache hit: " + (element != null) + "; service ticket: "
-					+ serviceTicket);
+			logger.debug("Cache hit: " + (element != null) + "; service ticket: " + serviceTicket);
 		}
 
 		return element == null ? null : (CasAuthenticationToken) element.getValue();
@@ -88,4 +88,5 @@ public class EhCacheBasedTicketCache implements StatelessTicketCache, Initializi
 	public void setCache(final Ehcache cache) {
 		this.cache = cache;
 	}
+
 }
diff --git a/cas/src/main/java/org/springframework/security/cas/authentication/NullStatelessTicketCache.java b/cas/src/main/java/org/springframework/security/cas/authentication/NullStatelessTicketCache.java
index b33518114b..e5aafe8235 100644
--- a/cas/src/main/java/org/springframework/security/cas/authentication/NullStatelessTicketCache.java
+++ b/cas/src/main/java/org/springframework/security/cas/authentication/NullStatelessTicketCache.java
@@ -24,7 +24,6 @@ package org.springframework.security.cas.authentication;
  * are not using the stateless session management.
  *
  * @author Scott Battaglia
- *
  * @see CasAuthenticationProvider
  */
 public final class NullStatelessTicketCache implements StatelessTicketCache {
@@ -56,4 +55,5 @@ public final class NullStatelessTicketCache implements StatelessTicketCache {
 	public void removeTicketFromCache(final String serviceTicket) {
 		// nothing to do
 	}
+
 }
diff --git a/cas/src/main/java/org/springframework/security/cas/authentication/SpringCacheBasedTicketCache.java b/cas/src/main/java/org/springframework/security/cas/authentication/SpringCacheBasedTicketCache.java
index 171792448d..01549d55bd 100644
--- a/cas/src/main/java/org/springframework/security/cas/authentication/SpringCacheBasedTicketCache.java
+++ b/cas/src/main/java/org/springframework/security/cas/authentication/SpringCacheBasedTicketCache.java
@@ -28,11 +28,11 @@ import org.springframework.util.Assert;
  *
  */
 public class SpringCacheBasedTicketCache implements StatelessTicketCache {
+
 	// ~ Static fields/initializers
 	// =====================================================================================
 
-	private static final Log logger = LogFactory
-			.getLog(SpringCacheBasedTicketCache.class);
+	private static final Log logger = LogFactory.getLog(SpringCacheBasedTicketCache.class);
 
 	// ~ Instance fields
 	// ================================================================================================
@@ -51,12 +51,10 @@ public class SpringCacheBasedTicketCache implements StatelessTicketCache {
 	// ========================================================================================================
 
 	public CasAuthenticationToken getByTicketId(final String serviceTicket) {
-		final Cache.ValueWrapper element = serviceTicket != null ? cache
-				.get(serviceTicket) : null;
+		final Cache.ValueWrapper element = serviceTicket != null ? cache.get(serviceTicket) : null;
 
 		if (logger.isDebugEnabled()) {
-			logger.debug("Cache hit: " + (element != null) + "; service ticket: "
-					+ serviceTicket);
+			logger.debug("Cache hit: " + (element != null) + "; service ticket: " + serviceTicket);
 		}
 
 		return element == null ? null : (CasAuthenticationToken) element.get();
@@ -83,4 +81,5 @@ public class SpringCacheBasedTicketCache implements StatelessTicketCache {
 	public void removeTicketFromCache(final String serviceTicket) {
 		cache.evict(serviceTicket);
 	}
+
 }
diff --git a/cas/src/main/java/org/springframework/security/cas/authentication/StatelessTicketCache.java b/cas/src/main/java/org/springframework/security/cas/authentication/StatelessTicketCache.java
index 7c848f19a4..b17fd05ae0 100644
--- a/cas/src/main/java/org/springframework/security/cas/authentication/StatelessTicketCache.java
+++ b/cas/src/main/java/org/springframework/security/cas/authentication/StatelessTicketCache.java
@@ -59,6 +59,7 @@ package org.springframework.security.cas.authentication;
  * @author Ben Alex
  */
 public interface StatelessTicketCache {
+
 	// ~ Methods ================================================================
 
 	/**
@@ -68,7 +69,6 @@ public interface StatelessTicketCache {
 	 * <P>
 	 * If not found, returns a <code>null</code><code>CasAuthenticationToken</code>.
 	 * </p>
-	 *
 	 * @return the fully populated authentication token
 	 */
 	CasAuthenticationToken getByTicketId(String serviceTicket);
@@ -80,7 +80,6 @@ public interface StatelessTicketCache {
 	 * The {@link CasAuthenticationToken#getCredentials()} method is used to retrieve the
 	 * service ticket number.
 	 * </p>
-	 *
 	 * @param token to be added to the cache
 	 */
 	void putTicketInCache(CasAuthenticationToken token);
@@ -91,10 +90,9 @@ public interface StatelessTicketCache {
 	 *
 	 * <P>
 	 * Implementations should use {@link CasAuthenticationToken#getCredentials()} to
-	 * obtain the ticket and then delegate to the
-	 * {@link #removeTicketFromCache(String)} method.
+	 * obtain the ticket and then delegate to the {@link #removeTicketFromCache(String)}
+	 * method.
 	 * </p>
-	 *
 	 * @param token to be removed
 	 */
 	void removeTicketFromCache(CasAuthenticationToken token);
@@ -107,8 +105,8 @@ public interface StatelessTicketCache {
 	 * This is in case applications wish to provide a session termination capability for
 	 * their stateless clients.
 	 * </p>
-	 *
 	 * @param serviceTicket to be removed
 	 */
 	void removeTicketFromCache(String serviceTicket);
+
 }
diff --git a/cas/src/main/java/org/springframework/security/cas/authentication/package-info.java b/cas/src/main/java/org/springframework/security/cas/authentication/package-info.java
index 240f124bb9..c951b0f08b 100644
--- a/cas/src/main/java/org/springframework/security/cas/authentication/package-info.java
+++ b/cas/src/main/java/org/springframework/security/cas/authentication/package-info.java
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 /**
- * An {@code AuthenticationProvider} that can process CAS service tickets and proxy tickets.
+ * An {@code AuthenticationProvider} that can process CAS service tickets and proxy
+ * tickets.
  */
 package org.springframework.security.cas.authentication;
-
diff --git a/cas/src/main/java/org/springframework/security/cas/jackson2/AssertionImplMixin.java b/cas/src/main/java/org/springframework/security/cas/jackson2/AssertionImplMixin.java
index 3085f92d95..ae16b228c0 100644
--- a/cas/src/main/java/org/springframework/security/cas/jackson2/AssertionImplMixin.java
+++ b/cas/src/main/java/org/springframework/security/cas/jackson2/AssertionImplMixin.java
@@ -23,31 +23,32 @@ import java.util.Date;
 import java.util.Map;
 
 /**
- * Helps in jackson deserialization of class {@link org.jasig.cas.client.validation.AssertionImpl}, which is
- * used with {@link org.springframework.security.cas.authentication.CasAuthenticationToken}.
- * To use this class we need to register with {@link com.fasterxml.jackson.databind.ObjectMapper}. Type information
- * will be stored in @class property.
+ * Helps in jackson deserialization of class
+ * {@link org.jasig.cas.client.validation.AssertionImpl}, which is used with
+ * {@link org.springframework.security.cas.authentication.CasAuthenticationToken}. To use
+ * this class we need to register with
+ * {@link com.fasterxml.jackson.databind.ObjectMapper}. Type information will be stored
+ * in @class property.
  * <p>
  * <pre>
  *     ObjectMapper mapper = new ObjectMapper();
  *     mapper.registerModule(new CasJackson2Module());
  * </pre>
  *
- *
  * @author Jitendra Singh
  * @see CasJackson2Module
  * @see org.springframework.security.jackson2.SecurityJackson2Modules
  * @since 4.2
  */
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY)
-@JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY,
-		getterVisibility = JsonAutoDetect.Visibility.NONE, isGetterVisibility = JsonAutoDetect.Visibility.NONE)
+@JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE,
+		isGetterVisibility = JsonAutoDetect.Visibility.NONE)
 @JsonIgnoreProperties(ignoreUnknown = true)
 class AssertionImplMixin {
 
 	/**
-	 * Mixin Constructor helps in deserialize {@link org.jasig.cas.client.validation.AssertionImpl}
-	 *
+	 * Mixin Constructor helps in deserialize
+	 * {@link org.jasig.cas.client.validation.AssertionImpl}
 	 * @param principal the Principal to associate with the Assertion.
 	 * @param validFromDate when the assertion is valid from.
 	 * @param validUntilDate when the assertion is valid to.
@@ -56,7 +57,9 @@ class AssertionImplMixin {
 	 */
 	@JsonCreator
 	AssertionImplMixin(@JsonProperty("principal") AttributePrincipal principal,
-								@JsonProperty("validFromDate") Date validFromDate, @JsonProperty("validUntilDate") Date validUntilDate,
-								@JsonProperty("authenticationDate") Date authenticationDate, @JsonProperty("attributes") Map<String, Object> attributes){
+			@JsonProperty("validFromDate") Date validFromDate, @JsonProperty("validUntilDate") Date validUntilDate,
+			@JsonProperty("authenticationDate") Date authenticationDate,
+			@JsonProperty("attributes") Map<String, Object> attributes) {
 	}
+
 }
diff --git a/cas/src/main/java/org/springframework/security/cas/jackson2/AttributePrincipalImplMixin.java b/cas/src/main/java/org/springframework/security/cas/jackson2/AttributePrincipalImplMixin.java
index ddc326704f..ca4e28d805 100644
--- a/cas/src/main/java/org/springframework/security/cas/jackson2/AttributePrincipalImplMixin.java
+++ b/cas/src/main/java/org/springframework/security/cas/jackson2/AttributePrincipalImplMixin.java
@@ -22,9 +22,10 @@ import org.jasig.cas.client.proxy.ProxyRetriever;
 import java.util.Map;
 
 /**
- * Helps in deserialize {@link org.jasig.cas.client.authentication.AttributePrincipalImpl} which is used with
- * {@link org.springframework.security.cas.authentication.CasAuthenticationToken}. Type information will be stored
- * in property named @class.
+ * Helps in deserialize {@link org.jasig.cas.client.authentication.AttributePrincipalImpl}
+ * which is used with
+ * {@link org.springframework.security.cas.authentication.CasAuthenticationToken}. Type
+ * information will be stored in property named @class.
  * <p>
  * <pre>
  *     ObjectMapper mapper = new ObjectMapper();
@@ -43,16 +44,19 @@ import java.util.Map;
 class AttributePrincipalImplMixin {
 
 	/**
-	 * Mixin Constructor helps in deserialize {@link org.jasig.cas.client.authentication.AttributePrincipalImpl}
-	 *
+	 * Mixin Constructor helps in deserialize
+	 * {@link org.jasig.cas.client.authentication.AttributePrincipalImpl}
 	 * @param name the unique identifier for the principal.
 	 * @param attributes the key/value pairs for this principal.
 	 * @param proxyGrantingTicket the ticket associated with this principal.
-	 * @param proxyRetriever the ProxyRetriever implementation to call back to the CAS server.
+	 * @param proxyRetriever the ProxyRetriever implementation to call back to the CAS
+	 * server.
 	 */
 	@JsonCreator
-	AttributePrincipalImplMixin(@JsonProperty("name") String name, @JsonProperty("attributes") Map<String, Object> attributes,
-										@JsonProperty("proxyGrantingTicket") String proxyGrantingTicket,
-										@JsonProperty("proxyRetriever") ProxyRetriever proxyRetriever) {
+	AttributePrincipalImplMixin(@JsonProperty("name") String name,
+			@JsonProperty("attributes") Map<String, Object> attributes,
+			@JsonProperty("proxyGrantingTicket") String proxyGrantingTicket,
+			@JsonProperty("proxyRetriever") ProxyRetriever proxyRetriever) {
 	}
+
 }
diff --git a/cas/src/main/java/org/springframework/security/cas/jackson2/CasAuthenticationTokenMixin.java b/cas/src/main/java/org/springframework/security/cas/jackson2/CasAuthenticationTokenMixin.java
index dba9e0521e..bf7dacde49 100644
--- a/cas/src/main/java/org/springframework/security/cas/jackson2/CasAuthenticationTokenMixin.java
+++ b/cas/src/main/java/org/springframework/security/cas/jackson2/CasAuthenticationTokenMixin.java
@@ -26,11 +26,12 @@ import org.springframework.security.core.userdetails.UserDetails;
 import java.util.Collection;
 
 /**
- * Mixin class which helps in deserialize {@link org.springframework.security.cas.authentication.CasAuthenticationToken}
- * using jackson. Two more dependent classes needs to register along with this mixin class.
+ * Mixin class which helps in deserialize
+ * {@link org.springframework.security.cas.authentication.CasAuthenticationToken} using
+ * jackson. Two more dependent classes needs to register along with this mixin class.
  * <ol>
- * 		<li>{@link org.springframework.security.cas.jackson2.AssertionImplMixin}</li>
- *      <li>{@link org.springframework.security.cas.jackson2.AttributePrincipalImplMixin}</li>
+ * <li>{@link org.springframework.security.cas.jackson2.AssertionImplMixin}</li>
+ * <li>{@link org.springframework.security.cas.jackson2.AttributePrincipalImplMixin}</li>
  * </ol>
  *
  * <p>
@@ -53,7 +54,6 @@ class CasAuthenticationTokenMixin {
 
 	/**
 	 * Mixin Constructor helps in deserialize {@link CasAuthenticationToken}
-	 *
 	 * @param keyHash hashCode of provided key to identify if this object made by a given
 	 * {@link CasAuthenticationProvider}
 	 * @param principal typically the UserDetails object (cannot be <code>null</code>)
@@ -70,8 +70,9 @@ class CasAuthenticationTokenMixin {
 	 */
 	@JsonCreator
 	CasAuthenticationTokenMixin(@JsonProperty("keyHash") Integer keyHash, @JsonProperty("principal") Object principal,
-										@JsonProperty("credentials") Object credentials,
-										@JsonProperty("authorities") Collection<? extends GrantedAuthority> authorities,
-										@JsonProperty("userDetails") UserDetails userDetails, @JsonProperty("assertion") Assertion assertion) {
+			@JsonProperty("credentials") Object credentials,
+			@JsonProperty("authorities") Collection<? extends GrantedAuthority> authorities,
+			@JsonProperty("userDetails") UserDetails userDetails, @JsonProperty("assertion") Assertion assertion) {
 	}
+
 }
diff --git a/cas/src/main/java/org/springframework/security/cas/jackson2/CasJackson2Module.java b/cas/src/main/java/org/springframework/security/cas/jackson2/CasJackson2Module.java
index 5d2e99370d..2042e967fa 100644
--- a/cas/src/main/java/org/springframework/security/cas/jackson2/CasJackson2Module.java
+++ b/cas/src/main/java/org/springframework/security/cas/jackson2/CasJackson2Module.java
@@ -24,16 +24,17 @@ import org.springframework.security.cas.authentication.CasAuthenticationToken;
 import org.springframework.security.jackson2.SecurityJackson2Modules;
 
 /**
- * Jackson module for spring-security-cas. This module register {@link AssertionImplMixin},
- * {@link AttributePrincipalImplMixin} and {@link CasAuthenticationTokenMixin}. If no default typing enabled by default then
- * it'll enable it because typing info is needed to properly serialize/deserialize objects. In order to use this module just
- * add this module into your ObjectMapper configuration.
+ * Jackson module for spring-security-cas. This module register
+ * {@link AssertionImplMixin}, {@link AttributePrincipalImplMixin} and
+ * {@link CasAuthenticationTokenMixin}. If no default typing enabled by default then it'll
+ * enable it because typing info is needed to properly serialize/deserialize objects. In
+ * order to use this module just add this module into your ObjectMapper configuration.
  *
  * <pre>
  *     ObjectMapper mapper = new ObjectMapper();
  *     mapper.registerModule(new CasJackson2Module());
- * </pre>
- * <b>Note: use {@link SecurityJackson2Modules#getModules(ClassLoader)} to get list of all security modules on the classpath.</b>
+ * </pre> <b>Note: use {@link SecurityJackson2Modules#getModules(ClassLoader)} to get list
+ * of all security modules on the classpath.</b>
  *
  * @author Jitendra Singh.
  * @see org.springframework.security.jackson2.SecurityJackson2Modules
@@ -52,4 +53,5 @@ public class CasJackson2Module extends SimpleModule {
 		context.setMixInAnnotations(AttributePrincipalImpl.class, AttributePrincipalImplMixin.class);
 		context.setMixInAnnotations(CasAuthenticationToken.class, CasAuthenticationTokenMixin.class);
 	}
+
 }
diff --git a/cas/src/main/java/org/springframework/security/cas/package-info.java b/cas/src/main/java/org/springframework/security/cas/package-info.java
index 8ce8a88b5a..87b0b093f8 100644
--- a/cas/src/main/java/org/springframework/security/cas/package-info.java
+++ b/cas/src/main/java/org/springframework/security/cas/package-info.java
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 /**
- * Spring Security support for Jasig's Central Authentication Service (<a href="https://www.jasig.org/cas">CAS</a>).
+ * Spring Security support for Jasig's Central Authentication Service
+ * (<a href="https://www.jasig.org/cas">CAS</a>).
  */
 package org.springframework.security.cas;
-
diff --git a/cas/src/main/java/org/springframework/security/cas/userdetails/AbstractCasAssertionUserDetailsService.java b/cas/src/main/java/org/springframework/security/cas/userdetails/AbstractCasAssertionUserDetailsService.java
index bb4770eb05..235c5fadfd 100644
--- a/cas/src/main/java/org/springframework/security/cas/userdetails/AbstractCasAssertionUserDetailsService.java
+++ b/cas/src/main/java/org/springframework/security/cas/userdetails/AbstractCasAssertionUserDetailsService.java
@@ -28,8 +28,8 @@ import org.springframework.security.core.userdetails.UserDetails;
  * @author Scott Battaglia
  * @since 3.0
  */
-public abstract class AbstractCasAssertionUserDetailsService implements
-		AuthenticationUserDetailsService<CasAssertionAuthenticationToken> {
+public abstract class AbstractCasAssertionUserDetailsService
+		implements AuthenticationUserDetailsService<CasAssertionAuthenticationToken> {
 
 	public final UserDetails loadUserDetails(final CasAssertionAuthenticationToken token) {
 		return loadUserDetails(token.getAssertion());
@@ -39,10 +39,10 @@ public abstract class AbstractCasAssertionUserDetailsService implements
 	 * Protected template method for construct a
 	 * {@link org.springframework.security.core.userdetails.UserDetails} via the supplied
 	 * CAS assertion.
-	 *
 	 * @param assertion the assertion to use to construct the new UserDetails. CANNOT be
 	 * NULL.
 	 * @return the newly constructed UserDetails.
 	 */
 	protected abstract UserDetails loadUserDetails(Assertion assertion);
+
 }
diff --git a/cas/src/main/java/org/springframework/security/cas/userdetails/GrantedAuthorityFromAssertionAttributesUserDetailsService.java b/cas/src/main/java/org/springframework/security/cas/userdetails/GrantedAuthorityFromAssertionAttributesUserDetailsService.java
index 93f03eeabe..d160a6c091 100644
--- a/cas/src/main/java/org/springframework/security/cas/userdetails/GrantedAuthorityFromAssertionAttributesUserDetailsService.java
+++ b/cas/src/main/java/org/springframework/security/cas/userdetails/GrantedAuthorityFromAssertionAttributesUserDetailsService.java
@@ -34,8 +34,8 @@ import java.util.ArrayList;
  * @author Scott Battaglia
  * @since 3.0
  */
-public final class GrantedAuthorityFromAssertionAttributesUserDetailsService extends
-		AbstractCasAssertionUserDetailsService {
+public final class GrantedAuthorityFromAssertionAttributesUserDetailsService
+		extends AbstractCasAssertionUserDetailsService {
 
 	private static final String NON_EXISTENT_PASSWORD_VALUE = "NO_PASSWORD";
 
@@ -43,11 +43,9 @@ public final class GrantedAuthorityFromAssertionAttributesUserDetailsService ext
 
 	private boolean convertToUpperCase = true;
 
-	public GrantedAuthorityFromAssertionAttributesUserDetailsService(
-			final String[] attributes) {
+	public GrantedAuthorityFromAssertionAttributesUserDetailsService(final String[] attributes) {
 		Assert.notNull(attributes, "attributes cannot be null.");
-		Assert.isTrue(attributes.length > 0,
-				"At least one attribute is required to retrieve roles from.");
+		Assert.isTrue(attributes.length > 0, "At least one attribute is required to retrieve roles from.");
 		this.attributes = attributes;
 	}
 
@@ -68,29 +66,27 @@ public final class GrantedAuthorityFromAssertionAttributesUserDetailsService ext
 
 				for (final Object o : list) {
 					grantedAuthorities.add(new SimpleGrantedAuthority(
-							this.convertToUpperCase ? o.toString().toUpperCase() : o
-									.toString()));
+							this.convertToUpperCase ? o.toString().toUpperCase() : o.toString()));
 				}
 
 			}
 			else {
 				grantedAuthorities.add(new SimpleGrantedAuthority(
-						this.convertToUpperCase ? value.toString().toUpperCase() : value
-								.toString()));
+						this.convertToUpperCase ? value.toString().toUpperCase() : value.toString()));
 			}
 
 		}
 
-		return new User(assertion.getPrincipal().getName(), NON_EXISTENT_PASSWORD_VALUE,
-				true, true, true, true, grantedAuthorities);
+		return new User(assertion.getPrincipal().getName(), NON_EXISTENT_PASSWORD_VALUE, true, true, true, true,
+				grantedAuthorities);
 	}
 
 	/**
 	 * Converts the returned attribute values to uppercase values.
-	 *
 	 * @param convertToUpperCase true if it should convert, false otherwise.
 	 */
 	public void setConvertToUpperCase(final boolean convertToUpperCase) {
 		this.convertToUpperCase = convertToUpperCase;
 	}
+
 }
diff --git a/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationEntryPoint.java b/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationEntryPoint.java
index 9742fde7d5..4e8d8a63f3 100644
--- a/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationEntryPoint.java
+++ b/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationEntryPoint.java
@@ -42,8 +42,8 @@ import org.springframework.util.Assert;
  * @author Ben Alex
  * @author Scott Battaglia
  */
-public class CasAuthenticationEntryPoint implements AuthenticationEntryPoint,
-		InitializingBean {
+public class CasAuthenticationEntryPoint implements AuthenticationEntryPoint, InitializingBean {
+
 	// ~ Instance fields
 	// ================================================================================================
 	private ServiceProperties serviceProperties;
@@ -67,12 +67,10 @@ public class CasAuthenticationEntryPoint implements AuthenticationEntryPoint,
 	public void afterPropertiesSet() {
 		Assert.hasLength(this.loginUrl, "loginUrl must be specified");
 		Assert.notNull(this.serviceProperties, "serviceProperties must be specified");
-		Assert.notNull(this.serviceProperties.getService(),
-				"serviceProperties.getService() cannot be null.");
+		Assert.notNull(this.serviceProperties.getService(), "serviceProperties.getService() cannot be null.");
 	}
 
-	public final void commence(final HttpServletRequest servletRequest,
-			final HttpServletResponse response,
+	public final void commence(final HttpServletRequest servletRequest, final HttpServletResponse response,
 			final AuthenticationException authenticationException) throws IOException {
 
 		final String urlEncodedService = createServiceUrl(servletRequest, response);
@@ -90,42 +88,34 @@ public class CasAuthenticationEntryPoint implements AuthenticationEntryPoint,
 	 * @param response the HttpServlet Response
 	 * @return the constructed service url. CANNOT be NULL.
 	 */
-	protected String createServiceUrl(final HttpServletRequest request,
-			final HttpServletResponse response) {
-		return CommonUtils.constructServiceUrl(null, response,
-				this.serviceProperties.getService(), null,
-				this.serviceProperties.getArtifactParameter(),
-				this.encodeServiceUrlWithSessionId);
+	protected String createServiceUrl(final HttpServletRequest request, final HttpServletResponse response) {
+		return CommonUtils.constructServiceUrl(null, response, this.serviceProperties.getService(), null,
+				this.serviceProperties.getArtifactParameter(), this.encodeServiceUrlWithSessionId);
 	}
 
 	/**
 	 * Constructs the Url for Redirection to the CAS server. Default implementation relies
 	 * on the CAS client to do the bulk of the work.
-	 *
 	 * @param serviceUrl the service url that should be included.
 	 * @return the redirect url. CANNOT be NULL.
 	 */
 	protected String createRedirectUrl(final String serviceUrl) {
-		return CommonUtils.constructRedirectUrl(this.loginUrl,
-				this.serviceProperties.getServiceParameter(), serviceUrl,
+		return CommonUtils.constructRedirectUrl(this.loginUrl, this.serviceProperties.getServiceParameter(), serviceUrl,
 				this.serviceProperties.isSendRenew(), false);
 	}
 
 	/**
 	 * Template method for you to do your own pre-processing before the redirect occurs.
-	 *
 	 * @param request the HttpServletRequest
 	 * @param response the HttpServletResponse
 	 */
-	protected void preCommence(final HttpServletRequest request,
-			final HttpServletResponse response) {
+	protected void preCommence(final HttpServletRequest request, final HttpServletResponse response) {
 
 	}
 
 	/**
 	 * The enterprise-wide CAS login URL. Usually something like
 	 * <code>https://www.mycompany.com/cas/login</code>.
-	 *
 	 * @return the enterprise-wide CAS login URL
 	 */
 	public final String getLoginUrl() {
@@ -146,12 +136,10 @@ public class CasAuthenticationEntryPoint implements AuthenticationEntryPoint,
 
 	/**
 	 * Sets whether to encode the service url with the session id or not.
-	 *
 	 * @param encodeServiceUrlWithSessionId whether to encode the service url with the
 	 * session id or not.
 	 */
-	public final void setEncodeServiceUrlWithSessionId(
-			final boolean encodeServiceUrlWithSessionId) {
+	public final void setEncodeServiceUrlWithSessionId(final boolean encodeServiceUrlWithSessionId) {
 		this.encodeServiceUrlWithSessionId = encodeServiceUrlWithSessionId;
 	}
 
@@ -163,4 +151,5 @@ public class CasAuthenticationEntryPoint implements AuthenticationEntryPoint,
 	protected boolean getEncodeServiceUrlWithSessionId() {
 		return this.encodeServiceUrlWithSessionId;
 	}
+
 }
diff --git a/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationFilter.java b/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationFilter.java
index 7ff21e2480..e88e85b0cb 100644
--- a/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationFilter.java
+++ b/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationFilter.java
@@ -45,7 +45,8 @@ import org.springframework.util.Assert;
 
 /**
  * Processes a CAS service ticket, obtains proxy granting tickets, and processes proxy
- * tickets. <h2>Service Tickets</h2>
+ * tickets.
+ * <h2>Service Tickets</h2>
  * <p>
  * A service ticket consists of an opaque ticket string. It arrives at this filter by the
  * user's browser successfully authenticating using CAS, and then receiving a HTTP
@@ -171,10 +172,13 @@ import org.springframework.util.Assert;
  * @author Rob Winch
  */
 public class CasAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
+
 	// ~ Static fields/initializers
 	// =====================================================================================
 
-	/** Used to identify a CAS request for a stateful user agent, such as a web browser. */
+	/**
+	 * Used to identify a CAS request for a stateful user agent, such as a web browser.
+	 */
 	public static final String CAS_STATEFUL_IDENTIFIER = "_cas_stateful_";
 
 	/**
@@ -213,48 +217,41 @@ public class CasAuthenticationFilter extends AbstractAuthenticationProcessingFil
 	// ========================================================================================================
 
 	@Override
-	protected final void successfulAuthentication(HttpServletRequest request,
-			HttpServletResponse response, FilterChain chain, Authentication authResult)
-			throws IOException, ServletException {
-		boolean continueFilterChain = proxyTicketRequest(
-				serviceTicketRequest(request, response), request);
+	protected final void successfulAuthentication(HttpServletRequest request, HttpServletResponse response,
+			FilterChain chain, Authentication authResult) throws IOException, ServletException {
+		boolean continueFilterChain = proxyTicketRequest(serviceTicketRequest(request, response), request);
 		if (!continueFilterChain) {
 			super.successfulAuthentication(request, response, chain, authResult);
 			return;
 		}
 
 		if (logger.isDebugEnabled()) {
-			logger.debug("Authentication success. Updating SecurityContextHolder to contain: "
-					+ authResult);
+			logger.debug("Authentication success. Updating SecurityContextHolder to contain: " + authResult);
 		}
 
 		SecurityContextHolder.getContext().setAuthentication(authResult);
 
 		// Fire event
 		if (this.eventPublisher != null) {
-			eventPublisher.publishEvent(new InteractiveAuthenticationSuccessEvent(
-					authResult, this.getClass()));
+			eventPublisher.publishEvent(new InteractiveAuthenticationSuccessEvent(authResult, this.getClass()));
 		}
 
 		chain.doFilter(request, response);
 	}
 
 	@Override
-	public Authentication attemptAuthentication(final HttpServletRequest request,
-			final HttpServletResponse response) throws AuthenticationException,
-			IOException {
+	public Authentication attemptAuthentication(final HttpServletRequest request, final HttpServletResponse response)
+			throws AuthenticationException, IOException {
 		// if the request is a proxy request process it and return null to indicate the
 		// request has been processed
 		if (proxyReceptorRequest(request)) {
 			logger.debug("Responding to proxy receptor request");
-			CommonUtils.readAndRespondToProxyReceptorRequest(request, response,
-					this.proxyGrantingTicketStorage);
+			CommonUtils.readAndRespondToProxyReceptorRequest(request, response, this.proxyGrantingTicketStorage);
 			return null;
 		}
 
 		final boolean serviceTicketRequest = serviceTicketRequest(request, response);
-		final String username = serviceTicketRequest ? CAS_STATEFUL_IDENTIFIER
-				: CAS_STATELESS_IDENTIFIER;
+		final String username = serviceTicketRequest ? CAS_STATEFUL_IDENTIFIER : CAS_STATELESS_IDENTIFIER;
 		String password = obtainArtifact(request);
 
 		if (password == null) {
@@ -262,8 +259,8 @@ public class CasAuthenticationFilter extends AbstractAuthenticationProcessingFil
 			password = "";
 		}
 
-		final UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(
-				username, password);
+		final UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username,
+				password);
 
 		authRequest.setDetails(authenticationDetailsSource.buildDetails(request));
 
@@ -282,8 +279,7 @@ public class CasAuthenticationFilter extends AbstractAuthenticationProcessingFil
 	/**
 	 * Overridden to provide proxying capabilities.
 	 */
-	protected boolean requiresAuthentication(final HttpServletRequest request,
-			final HttpServletResponse response) {
+	protected boolean requiresAuthentication(final HttpServletRequest request, final HttpServletResponse response) {
 		final boolean serviceTicketRequest = serviceTicketRequest(request, response);
 		final boolean result = serviceTicketRequest || proxyReceptorRequest(request)
 				|| (proxyTicketRequest(serviceTicketRequest, request));
@@ -297,8 +293,7 @@ public class CasAuthenticationFilter extends AbstractAuthenticationProcessingFil
 	 * Sets the {@link AuthenticationFailureHandler} for proxy requests.
 	 * @param proxyFailureHandler
 	 */
-	public final void setProxyAuthenticationFailureHandler(
-			AuthenticationFailureHandler proxyFailureHandler) {
+	public final void setProxyAuthenticationFailureHandler(AuthenticationFailureHandler proxyFailureHandler) {
 		Assert.notNull(proxyFailureHandler, "proxyFailureHandler cannot be null");
 		this.proxyFailureHandler = proxyFailureHandler;
 	}
@@ -308,18 +303,15 @@ public class CasAuthenticationFilter extends AbstractAuthenticationProcessingFil
 	 * proxy ticket authentication failures and service ticket failures.
 	 */
 	@Override
-	public final void setAuthenticationFailureHandler(
-			AuthenticationFailureHandler failureHandler) {
-		super.setAuthenticationFailureHandler(new CasAuthenticationFailureHandler(
-				failureHandler));
+	public final void setAuthenticationFailureHandler(AuthenticationFailureHandler failureHandler) {
+		super.setAuthenticationFailureHandler(new CasAuthenticationFailureHandler(failureHandler));
 	}
 
 	public final void setProxyReceptorUrl(final String proxyReceptorUrl) {
 		this.proxyReceptorMatcher = new AntPathRequestMatcher("/**" + proxyReceptorUrl);
 	}
 
-	public final void setProxyGrantingTicketStorage(
-			final ProxyGrantingTicketStorage proxyGrantingTicketStorage) {
+	public final void setProxyGrantingTicketStorage(final ProxyGrantingTicketStorage proxyGrantingTicketStorage) {
 		this.proxyGrantingTicketStorage = proxyGrantingTicketStorage;
 	}
 
@@ -335,8 +327,7 @@ public class CasAuthenticationFilter extends AbstractAuthenticationProcessingFil
 	 * @param response
 	 * @return
 	 */
-	private boolean serviceTicketRequest(final HttpServletRequest request,
-			final HttpServletResponse response) {
+	private boolean serviceTicketRequest(final HttpServletRequest request, final HttpServletResponse response) {
 		boolean result = super.requiresAuthentication(request, response);
 		if (logger.isDebugEnabled()) {
 			logger.debug("serviceTicketRequest = " + result);
@@ -349,13 +340,11 @@ public class CasAuthenticationFilter extends AbstractAuthenticationProcessingFil
 	 * @param request
 	 * @return
 	 */
-	private boolean proxyTicketRequest(final boolean serviceTicketRequest,
-			final HttpServletRequest request) {
+	private boolean proxyTicketRequest(final boolean serviceTicketRequest, final HttpServletRequest request) {
 		if (serviceTicketRequest) {
 			return false;
 		}
-		final boolean result = authenticateAllArtifacts
-				&& obtainArtifact(request) != null && !authenticated();
+		final boolean result = authenticateAllArtifacts && obtainArtifact(request) != null && !authenticated();
 		if (logger.isDebugEnabled()) {
 			logger.debug("proxyTicketRequest = " + result);
 		}
@@ -367,8 +356,7 @@ public class CasAuthenticationFilter extends AbstractAuthenticationProcessingFil
 	 * @return
 	 */
 	private boolean authenticated() {
-		Authentication authentication = SecurityContextHolder.getContext()
-				.getAuthentication();
+		Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
 		return authentication != null && authentication.isAuthenticated()
 				&& !(authentication instanceof AnonymousAuthenticationToken);
 	}
@@ -379,8 +367,7 @@ public class CasAuthenticationFilter extends AbstractAuthenticationProcessingFil
 	 * @return
 	 */
 	private boolean proxyReceptorRequest(final HttpServletRequest request) {
-		final boolean result = proxyReceptorConfigured()
-				&& proxyReceptorMatcher.matches(request);
+		final boolean result = proxyReceptorConfigured() && proxyReceptorMatcher.matches(request);
 		if (logger.isDebugEnabled()) {
 			logger.debug("proxyReceptorRequest = " + result);
 		}
@@ -390,12 +377,10 @@ public class CasAuthenticationFilter extends AbstractAuthenticationProcessingFil
 	/**
 	 * Determines if the {@link CasAuthenticationFilter} is configured to handle the proxy
 	 * receptor requests.
-	 *
 	 * @return
 	 */
 	private boolean proxyReceptorConfigured() {
-		final boolean result = this.proxyGrantingTicketStorage != null
-				&& proxyReceptorMatcher != null;
+		final boolean result = this.proxyGrantingTicketStorage != null && proxyReceptorMatcher != null;
 		if (logger.isDebugEnabled()) {
 			logger.debug("proxyReceptorConfigured = " + result);
 		}
@@ -413,6 +398,7 @@ public class CasAuthenticationFilter extends AbstractAuthenticationProcessingFil
 	 * @author Rob Winch
 	 */
 	private class CasAuthenticationFailureHandler implements AuthenticationFailureHandler {
+
 		private final AuthenticationFailureHandler serviceTicketFailureHandler;
 
 		CasAuthenticationFailureHandler(AuthenticationFailureHandler failureHandler) {
@@ -420,16 +406,16 @@ public class CasAuthenticationFilter extends AbstractAuthenticationProcessingFil
 			this.serviceTicketFailureHandler = failureHandler;
 		}
 
-		public void onAuthenticationFailure(HttpServletRequest request,
-				HttpServletResponse response, AuthenticationException exception)
-				throws IOException, ServletException {
+		public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
+				AuthenticationException exception) throws IOException, ServletException {
 			if (serviceTicketRequest(request, response)) {
-				serviceTicketFailureHandler.onAuthenticationFailure(request, response,
-						exception);
+				serviceTicketFailureHandler.onAuthenticationFailure(request, response, exception);
 			}
 			else {
 				proxyFailureHandler.onAuthenticationFailure(request, response, exception);
 			}
 		}
+
 	}
+
 }
diff --git a/cas/src/main/java/org/springframework/security/cas/web/authentication/DefaultServiceAuthenticationDetails.java b/cas/src/main/java/org/springframework/security/cas/web/authentication/DefaultServiceAuthenticationDetails.java
index cac9cd1643..271359abc1 100644
--- a/cas/src/main/java/org/springframework/security/cas/web/authentication/DefaultServiceAuthenticationDetails.java
+++ b/cas/src/main/java/org/springframework/security/cas/web/authentication/DefaultServiceAuthenticationDetails.java
@@ -34,6 +34,7 @@ import org.springframework.util.Assert;
  */
 final class DefaultServiceAuthenticationDetails extends WebAuthenticationDetails
 		implements ServiceAuthenticationDetails {
+
 	private static final long serialVersionUID = 6192409090610517700L;
 
 	// ~ Instance fields
@@ -52,14 +53,14 @@ final class DefaultServiceAuthenticationDetails extends WebAuthenticationDetails
 	 * string from containing the artifact name and value. This can be created using
 	 * {@link #createArtifactPattern(String)}.
 	 */
-	DefaultServiceAuthenticationDetails(String casService, HttpServletRequest request,
-			Pattern artifactPattern) throws MalformedURLException {
+	DefaultServiceAuthenticationDetails(String casService, HttpServletRequest request, Pattern artifactPattern)
+			throws MalformedURLException {
 		super(request);
 		URL casServiceUrl = new URL(casService);
 		int port = getServicePort(casServiceUrl);
 		final String query = getQueryString(request, artifactPattern);
-		this.serviceUrl = UrlUtils.buildFullRequestUrl(casServiceUrl.getProtocol(),
-				casServiceUrl.getHost(), port, request.getRequestURI(), query);
+		this.serviceUrl = UrlUtils.buildFullRequestUrl(casServiceUrl.getProtocol(), casServiceUrl.getHost(), port,
+				request.getRequestURI(), query);
 	}
 
 	// ~ Methods
@@ -109,8 +110,7 @@ final class DefaultServiceAuthenticationDetails extends WebAuthenticationDetails
 	 * @return the query String minus the artifactParameterName and the corresponding
 	 * value.
 	 */
-	private String getQueryString(final HttpServletRequest request,
-			final Pattern artifactPattern) {
+	private String getQueryString(final HttpServletRequest request, final Pattern artifactPattern) {
 		final String query = request.getQueryString();
 		if (query == null) {
 			return null;
@@ -127,7 +127,6 @@ final class DefaultServiceAuthenticationDetails extends WebAuthenticationDetails
 	 * Creates a {@link Pattern} that can be passed into the constructor. This allows the
 	 * {@link Pattern} to be reused for every instance of
 	 * {@link DefaultServiceAuthenticationDetails}.
-	 *
 	 * @param artifactParameterName
 	 * @return
 	 */
@@ -150,4 +149,5 @@ final class DefaultServiceAuthenticationDetails extends WebAuthenticationDetails
 		}
 		return port;
 	}
+
 }
\ No newline at end of file
diff --git a/cas/src/main/java/org/springframework/security/cas/web/authentication/ServiceAuthenticationDetails.java b/cas/src/main/java/org/springframework/security/cas/web/authentication/ServiceAuthenticationDetails.java
index 80f9e23803..5bf790dcc1 100644
--- a/cas/src/main/java/org/springframework/security/cas/web/authentication/ServiceAuthenticationDetails.java
+++ b/cas/src/main/java/org/springframework/security/cas/web/authentication/ServiceAuthenticationDetails.java
@@ -28,15 +28,14 @@ import org.springframework.security.core.Authentication;
  * {@link ServiceProperties#getService()}.
  *
  * @author Rob Winch
- *
  * @see ServiceAuthenticationDetailsSource
  */
 public interface ServiceAuthenticationDetails extends Serializable {
 
 	/**
 	 * Gets the absolute service url (i.e. https://example.com/service/).
-	 *
 	 * @return the service url. Cannot be <code>null</code>.
 	 */
 	String getServiceUrl();
+
 }
\ No newline at end of file
diff --git a/cas/src/main/java/org/springframework/security/cas/web/authentication/ServiceAuthenticationDetailsSource.java b/cas/src/main/java/org/springframework/security/cas/web/authentication/ServiceAuthenticationDetailsSource.java
index c323bb491b..1e3c0ecbcc 100644
--- a/cas/src/main/java/org/springframework/security/cas/web/authentication/ServiceAuthenticationDetailsSource.java
+++ b/cas/src/main/java/org/springframework/security/cas/web/authentication/ServiceAuthenticationDetailsSource.java
@@ -34,8 +34,9 @@ import org.springframework.util.Assert;
  *
  * @author Rob Winch
  */
-public class ServiceAuthenticationDetailsSource implements
-		AuthenticationDetailsSource<HttpServletRequest, ServiceAuthenticationDetails> {
+public class ServiceAuthenticationDetailsSource
+		implements AuthenticationDetailsSource<HttpServletRequest, ServiceAuthenticationDetails> {
+
 	// ~ Instance fields
 	// ================================================================================================
 
@@ -49,7 +50,6 @@ public class ServiceAuthenticationDetailsSource implements
 	/**
 	 * Creates an implementation that uses the specified ServiceProperties and the default
 	 * CAS artifactParameterName.
-	 *
 	 * @param serviceProperties The ServiceProperties to use to construct the serviceUrl.
 	 */
 	public ServiceAuthenticationDetailsSource(ServiceProperties serviceProperties) {
@@ -58,18 +58,15 @@ public class ServiceAuthenticationDetailsSource implements
 
 	/**
 	 * Creates an implementation that uses the specified artifactParameterName
-	 *
 	 * @param serviceProperties The ServiceProperties to use to construct the serviceUrl.
 	 * @param artifactParameterName the artifactParameterName that is removed from the
 	 * current URL. The result becomes the service url. Cannot be null and cannot be an
 	 * empty String.
 	 */
-	public ServiceAuthenticationDetailsSource(ServiceProperties serviceProperties,
-			String artifactParameterName) {
+	public ServiceAuthenticationDetailsSource(ServiceProperties serviceProperties, String artifactParameterName) {
 		Assert.notNull(serviceProperties, "serviceProperties cannot be null");
 		this.serviceProperties = serviceProperties;
-		this.artifactPattern = DefaultServiceAuthenticationDetails
-				.createArtifactPattern(artifactParameterName);
+		this.artifactPattern = DefaultServiceAuthenticationDetails.createArtifactPattern(artifactParameterName);
 	}
 
 	// ~ Methods
@@ -82,11 +79,11 @@ public class ServiceAuthenticationDetailsSource implements
 	 */
 	public ServiceAuthenticationDetails buildDetails(HttpServletRequest context) {
 		try {
-			return new DefaultServiceAuthenticationDetails(
-					serviceProperties.getService(), context, artifactPattern);
+			return new DefaultServiceAuthenticationDetails(serviceProperties.getService(), context, artifactPattern);
 		}
 		catch (MalformedURLException e) {
 			throw new RuntimeException(e);
 		}
 	}
+
 }
\ No newline at end of file
diff --git a/cas/src/main/java/org/springframework/security/cas/web/authentication/package-info.java b/cas/src/main/java/org/springframework/security/cas/web/authentication/package-info.java
index b7be180138..f774c00ef9 100644
--- a/cas/src/main/java/org/springframework/security/cas/web/authentication/package-info.java
+++ b/cas/src/main/java/org/springframework/security/cas/web/authentication/package-info.java
@@ -18,4 +18,3 @@
  * credentials using CAS.
  */
 package org.springframework.security.cas.web.authentication;
-
diff --git a/cas/src/main/java/org/springframework/security/cas/web/package-info.java b/cas/src/main/java/org/springframework/security/cas/web/package-info.java
index 21781af725..b37f7e89f2 100644
--- a/cas/src/main/java/org/springframework/security/cas/web/package-info.java
+++ b/cas/src/main/java/org/springframework/security/cas/web/package-info.java
@@ -17,4 +17,3 @@
  * Authenticates standard web browser users via CAS.
  */
 package org.springframework.security.cas.web;
-
diff --git a/cas/src/test/java/org/springframework/security/cas/authentication/AbstractStatelessTicketCacheTests.java b/cas/src/test/java/org/springframework/security/cas/authentication/AbstractStatelessTicketCacheTests.java
index ec009058a7..c31b9f9aa3 100644
--- a/cas/src/test/java/org/springframework/security/cas/authentication/AbstractStatelessTicketCacheTests.java
+++ b/cas/src/test/java/org/springframework/security/cas/authentication/AbstractStatelessTicketCacheTests.java
@@ -25,7 +25,6 @@ import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.core.userdetails.User;
 
 /**
- *
  * @author Scott Battaglia
  * @since 2.0
  *
@@ -41,8 +40,7 @@ public abstract class AbstractStatelessTicketCacheTests {
 		final Assertion assertion = new AssertionImpl("rod");
 
 		return new CasAuthenticationToken("key", user, "ST-0-ER94xMJmn6pha35CQRoZ",
-				AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO"), user,
-				assertion);
+				AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO"), user, assertion);
 	}
 
 }
diff --git a/cas/src/test/java/org/springframework/security/cas/authentication/CasAuthenticationProviderTests.java b/cas/src/test/java/org/springframework/security/cas/authentication/CasAuthenticationProviderTests.java
index c39fdf8cfd..dca51ceddf 100644
--- a/cas/src/test/java/org/springframework/security/cas/authentication/CasAuthenticationProviderTests.java
+++ b/cas/src/test/java/org/springframework/security/cas/authentication/CasAuthenticationProviderTests.java
@@ -49,6 +49,7 @@ import java.util.*;
  */
 @SuppressWarnings("unchecked")
 public class CasAuthenticationProviderTests {
+
 	// ~ Methods
 	// ========================================================================================================
 
@@ -99,10 +100,8 @@ public class CasAuthenticationProviderTests {
 		CasAuthenticationToken casResult = (CasAuthenticationToken) result;
 		assertThat(casResult.getPrincipal()).isEqualTo(makeUserDetailsFromAuthoritiesPopulator());
 		assertThat(casResult.getCredentials()).isEqualTo("ST-123");
-		assertThat(casResult.getAuthorities()).contains(
-				new SimpleGrantedAuthority("ROLE_A"));
-		assertThat(casResult.getAuthorities()).contains(
-				new SimpleGrantedAuthority("ROLE_B"));
+		assertThat(casResult.getAuthorities()).contains(new SimpleGrantedAuthority("ROLE_A"));
+		assertThat(casResult.getAuthorities()).contains(new SimpleGrantedAuthority("ROLE_B"));
 		assertThat(casResult.getKeyHash()).isEqualTo(cap.getKey().hashCode());
 		assertThat(casResult.getDetails()).isEqualTo("details");
 
@@ -159,8 +158,7 @@ public class CasAuthenticationProviderTests {
 		ServiceAuthenticationDetails details = mock(ServiceAuthenticationDetails.class);
 		when(details.getServiceUrl()).thenReturn(serviceUrl);
 		TicketValidator validator = mock(TicketValidator.class);
-		when(validator.validate(any(String.class), any(String.class))).thenReturn(
-				new AssertionImpl("rod"));
+		when(validator.validate(any(String.class), any(String.class))).thenReturn(new AssertionImpl("rod"));
 
 		ServiceProperties serviceProperties = makeServiceProperties();
 		serviceProperties.setAuthenticateAllArtifacts(true);
@@ -186,8 +184,7 @@ public class CasAuthenticationProviderTests {
 		ServiceAuthenticationDetails details = mock(ServiceAuthenticationDetails.class);
 		when(details.getServiceUrl()).thenReturn(serviceUrl);
 		TicketValidator validator = mock(TicketValidator.class);
-		when(validator.validate(any(String.class), any(String.class))).thenReturn(
-				new AssertionImpl("rod"));
+		when(validator.validate(any(String.class), any(String.class))).thenReturn(new AssertionImpl("rod"));
 
 		ServiceProperties serviceProperties = makeServiceProperties();
 		serviceProperties.setAuthenticateAllArtifacts(true);
@@ -271,8 +268,7 @@ public class CasAuthenticationProviderTests {
 		cap.setServiceProperties(makeServiceProperties());
 		cap.afterPropertiesSet();
 
-		CasAuthenticationToken token = new CasAuthenticationToken("WRONG_KEY",
-				makeUserDetails(), "credentials",
+		CasAuthenticationToken token = new CasAuthenticationToken("WRONG_KEY", makeUserDetails(), "credentials",
 				AuthorityUtils.createAuthorityList("XX"), makeUserDetails(), assertion);
 
 		cap.authenticate(token);
@@ -347,8 +343,7 @@ public class CasAuthenticationProviderTests {
 		cap.setServiceProperties(makeServiceProperties());
 		cap.afterPropertiesSet();
 
-		TestingAuthenticationToken token = new TestingAuthenticationToken("user",
-				"password", "ROLE_A");
+		TestingAuthenticationToken token = new TestingAuthenticationToken("user", "password", "ROLE_A");
 		assertThat(cap.supports(TestingAuthenticationToken.class)).isFalse();
 
 		// Try it anyway
@@ -356,8 +351,7 @@ public class CasAuthenticationProviderTests {
 	}
 
 	@Test
-	public void ignoresUsernamePasswordAuthenticationTokensWithoutCasIdentifiersAsPrincipal()
-			throws Exception {
+	public void ignoresUsernamePasswordAuthenticationTokensWithoutCasIdentifiersAsPrincipal() throws Exception {
 		CasAuthenticationProvider cap = new CasAuthenticationProvider();
 		cap.setAuthenticationUserDetailsService(new MockAuthoritiesPopulator());
 		cap.setKey("qwerty");
@@ -366,9 +360,8 @@ public class CasAuthenticationProviderTests {
 		cap.setServiceProperties(makeServiceProperties());
 		cap.afterPropertiesSet();
 
-		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(
-				"some_normal_user", "password",
-				AuthorityUtils.createAuthorityList("ROLE_A"));
+		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("some_normal_user",
+				"password", AuthorityUtils.createAuthorityList("ROLE_A"));
 		assertThat(cap.authenticate(token)).isNull();
 	}
 
@@ -384,13 +377,14 @@ public class CasAuthenticationProviderTests {
 
 	private class MockAuthoritiesPopulator implements AuthenticationUserDetailsService {
 
-		public UserDetails loadUserDetails(final Authentication token)
-				throws UsernameNotFoundException {
+		public UserDetails loadUserDetails(final Authentication token) throws UsernameNotFoundException {
 			return makeUserDetailsFromAuthoritiesPopulator();
 		}
+
 	}
 
 	private class MockStatelessTicketCache implements StatelessTicketCache {
+
 		private Map<String, CasAuthenticationToken> cache = new HashMap<>();
 
 		public CasAuthenticationToken getByTicketId(String serviceTicket) {
@@ -408,9 +402,11 @@ public class CasAuthenticationProviderTests {
 		public void removeTicketFromCache(String serviceTicket) {
 			throw new UnsupportedOperationException("mock method not implemented");
 		}
+
 	}
 
 	private class MockTicketValidator implements TicketValidator {
+
 		private boolean returnTicket;
 
 		MockTicketValidator(boolean returnTicket) {
@@ -423,5 +419,7 @@ public class CasAuthenticationProviderTests {
 			}
 			throw new BadCredentialsException("As requested from mock");
 		}
+
 	}
+
 }
diff --git a/cas/src/test/java/org/springframework/security/cas/authentication/CasAuthenticationTokenTests.java b/cas/src/test/java/org/springframework/security/cas/authentication/CasAuthenticationTokenTests.java
index 920b8d9c18..c9a9e0c526 100644
--- a/cas/src/test/java/org/springframework/security/cas/authentication/CasAuthenticationTokenTests.java
+++ b/cas/src/test/java/org/springframework/security/cas/authentication/CasAuthenticationTokenTests.java
@@ -39,8 +39,7 @@ import org.springframework.security.core.userdetails.UserDetails;
  */
 public class CasAuthenticationTokenTests {
 
-	private final List<GrantedAuthority> ROLES = AuthorityUtils.createAuthorityList(
-			"ROLE_ONE", "ROLE_TWO");
+	private final List<GrantedAuthority> ROLES = AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO");
 
 	private UserDetails makeUserDetails() {
 		return makeUserDetails("user");
@@ -54,40 +53,35 @@ public class CasAuthenticationTokenTests {
 	public void testConstructorRejectsNulls() {
 		final Assertion assertion = new AssertionImpl("test");
 		try {
-			new CasAuthenticationToken(null, makeUserDetails(), "Password", ROLES,
-					makeUserDetails(), assertion);
+			new CasAuthenticationToken(null, makeUserDetails(), "Password", ROLES, makeUserDetails(), assertion);
 			fail("Should have thrown IllegalArgumentException");
 		}
 		catch (IllegalArgumentException expected) {
 		}
 
 		try {
-			new CasAuthenticationToken("key", null, "Password", ROLES, makeUserDetails(),
-					assertion);
+			new CasAuthenticationToken("key", null, "Password", ROLES, makeUserDetails(), assertion);
 			fail("Should have thrown IllegalArgumentException");
 		}
 		catch (IllegalArgumentException expected) {
 		}
 
 		try {
-			new CasAuthenticationToken("key", makeUserDetails(), null, ROLES,
-					makeUserDetails(), assertion);
+			new CasAuthenticationToken("key", makeUserDetails(), null, ROLES, makeUserDetails(), assertion);
 			fail("Should have thrown IllegalArgumentException");
 		}
 		catch (IllegalArgumentException expected) {
 		}
 
 		try {
-			new CasAuthenticationToken("key", makeUserDetails(), "Password", ROLES,
-					makeUserDetails(), null);
+			new CasAuthenticationToken("key", makeUserDetails(), "Password", ROLES, makeUserDetails(), null);
 			fail("Should have thrown IllegalArgumentException");
 		}
 		catch (IllegalArgumentException expected) {
 		}
 
 		try {
-			new CasAuthenticationToken("key", makeUserDetails(), "Password", ROLES, null,
-					assertion);
+			new CasAuthenticationToken("key", makeUserDetails(), "Password", ROLES, null, assertion);
 			fail("Should have thrown IllegalArgumentException");
 		}
 		catch (IllegalArgumentException expected) {
@@ -95,8 +89,7 @@ public class CasAuthenticationTokenTests {
 
 		try {
 			new CasAuthenticationToken("key", makeUserDetails(), "Password",
-					AuthorityUtils.createAuthorityList("ROLE_1", null), makeUserDetails(),
-					assertion);
+					AuthorityUtils.createAuthorityList("ROLE_1", null), makeUserDetails(), assertion);
 			fail("Should have thrown IllegalArgumentException");
 		}
 		catch (IllegalArgumentException expected) {
@@ -113,11 +106,11 @@ public class CasAuthenticationTokenTests {
 	public void testEqualsWhenEqual() {
 		final Assertion assertion = new AssertionImpl("test");
 
-		CasAuthenticationToken token1 = new CasAuthenticationToken("key",
-				makeUserDetails(), "Password", ROLES, makeUserDetails(), assertion);
+		CasAuthenticationToken token1 = new CasAuthenticationToken("key", makeUserDetails(), "Password", ROLES,
+				makeUserDetails(), assertion);
 
-		CasAuthenticationToken token2 = new CasAuthenticationToken("key",
-				makeUserDetails(), "Password", ROLES, makeUserDetails(), assertion);
+		CasAuthenticationToken token2 = new CasAuthenticationToken("key", makeUserDetails(), "Password", ROLES,
+				makeUserDetails(), assertion);
 
 		assertThat(token2).isEqualTo(token1);
 	}
@@ -126,18 +119,15 @@ public class CasAuthenticationTokenTests {
 	public void testGetters() {
 		// Build the proxy list returned in the ticket from CAS
 		final Assertion assertion = new AssertionImpl("test");
-		CasAuthenticationToken token = new CasAuthenticationToken("key",
-				makeUserDetails(), "Password", ROLES, makeUserDetails(), assertion);
+		CasAuthenticationToken token = new CasAuthenticationToken("key", makeUserDetails(), "Password", ROLES,
+				makeUserDetails(), assertion);
 		assertThat(token.getKeyHash()).isEqualTo("key".hashCode());
 		assertThat(token.getPrincipal()).isEqualTo(makeUserDetails());
 		assertThat(token.getCredentials()).isEqualTo("Password");
-		assertThat(token.getAuthorities()).contains(
-				new SimpleGrantedAuthority("ROLE_ONE"));
-		assertThat(token.getAuthorities()).contains(
-				new SimpleGrantedAuthority("ROLE_TWO"));
+		assertThat(token.getAuthorities()).contains(new SimpleGrantedAuthority("ROLE_ONE"));
+		assertThat(token.getAuthorities()).contains(new SimpleGrantedAuthority("ROLE_TWO"));
 		assertThat(token.getAssertion()).isEqualTo(assertion);
-		assertThat(token.getUserDetails().getUsername()).isEqualTo(
-				makeUserDetails().getUsername());
+		assertThat(token.getUserDetails().getUsername()).isEqualTo(makeUserDetails().getUsername());
 	}
 
 	@Test
@@ -155,12 +145,11 @@ public class CasAuthenticationTokenTests {
 	public void testNotEqualsDueToAbstractParentEqualsCheck() {
 		final Assertion assertion = new AssertionImpl("test");
 
-		CasAuthenticationToken token1 = new CasAuthenticationToken("key",
-				makeUserDetails(), "Password", ROLES, makeUserDetails(), assertion);
+		CasAuthenticationToken token1 = new CasAuthenticationToken("key", makeUserDetails(), "Password", ROLES,
+				makeUserDetails(), assertion);
 
-		CasAuthenticationToken token2 = new CasAuthenticationToken("key",
-				makeUserDetails("OTHER_NAME"), "Password", ROLES, makeUserDetails(),
-				assertion);
+		CasAuthenticationToken token2 = new CasAuthenticationToken("key", makeUserDetails("OTHER_NAME"), "Password",
+				ROLES, makeUserDetails(), assertion);
 
 		assertThat(!token1.equals(token2)).isTrue();
 	}
@@ -169,11 +158,10 @@ public class CasAuthenticationTokenTests {
 	public void testNotEqualsDueToDifferentAuthenticationClass() {
 		final Assertion assertion = new AssertionImpl("test");
 
-		CasAuthenticationToken token1 = new CasAuthenticationToken("key",
-				makeUserDetails(), "Password", ROLES, makeUserDetails(), assertion);
+		CasAuthenticationToken token1 = new CasAuthenticationToken("key", makeUserDetails(), "Password", ROLES,
+				makeUserDetails(), assertion);
 
-		UsernamePasswordAuthenticationToken token2 = new UsernamePasswordAuthenticationToken(
-				"Test", "Password", ROLES);
+		UsernamePasswordAuthenticationToken token2 = new UsernamePasswordAuthenticationToken("Test", "Password", ROLES);
 		assertThat(!token1.equals(token2)).isTrue();
 	}
 
@@ -181,11 +169,11 @@ public class CasAuthenticationTokenTests {
 	public void testNotEqualsDueToKey() {
 		final Assertion assertion = new AssertionImpl("test");
 
-		CasAuthenticationToken token1 = new CasAuthenticationToken("key",
-				makeUserDetails(), "Password", ROLES, makeUserDetails(), assertion);
+		CasAuthenticationToken token1 = new CasAuthenticationToken("key", makeUserDetails(), "Password", ROLES,
+				makeUserDetails(), assertion);
 
-		CasAuthenticationToken token2 = new CasAuthenticationToken("DIFFERENT_KEY",
-				makeUserDetails(), "Password", ROLES, makeUserDetails(), assertion);
+		CasAuthenticationToken token2 = new CasAuthenticationToken("DIFFERENT_KEY", makeUserDetails(), "Password",
+				ROLES, makeUserDetails(), assertion);
 
 		assertThat(!token1.equals(token2)).isTrue();
 	}
@@ -195,11 +183,11 @@ public class CasAuthenticationTokenTests {
 		final Assertion assertion = new AssertionImpl("test");
 		final Assertion assertion2 = new AssertionImpl("test");
 
-		CasAuthenticationToken token1 = new CasAuthenticationToken("key",
-				makeUserDetails(), "Password", ROLES, makeUserDetails(), assertion);
+		CasAuthenticationToken token1 = new CasAuthenticationToken("key", makeUserDetails(), "Password", ROLES,
+				makeUserDetails(), assertion);
 
-		CasAuthenticationToken token2 = new CasAuthenticationToken("key",
-				makeUserDetails(), "Password", ROLES, makeUserDetails(), assertion2);
+		CasAuthenticationToken token2 = new CasAuthenticationToken("key", makeUserDetails(), "Password", ROLES,
+				makeUserDetails(), assertion2);
 
 		assertThat(!token1.equals(token2)).isTrue();
 	}
@@ -207,8 +195,8 @@ public class CasAuthenticationTokenTests {
 	@Test
 	public void testSetAuthenticated() {
 		final Assertion assertion = new AssertionImpl("test");
-		CasAuthenticationToken token = new CasAuthenticationToken("key",
-				makeUserDetails(), "Password", ROLES, makeUserDetails(), assertion);
+		CasAuthenticationToken token = new CasAuthenticationToken("key", makeUserDetails(), "Password", ROLES,
+				makeUserDetails(), assertion);
 		assertThat(token.isAuthenticated()).isTrue();
 		token.setAuthenticated(false);
 		assertThat(!token.isAuthenticated()).isTrue();
@@ -217,10 +205,10 @@ public class CasAuthenticationTokenTests {
 	@Test
 	public void testToString() {
 		final Assertion assertion = new AssertionImpl("test");
-		CasAuthenticationToken token = new CasAuthenticationToken("key",
-				makeUserDetails(), "Password", ROLES, makeUserDetails(), assertion);
+		CasAuthenticationToken token = new CasAuthenticationToken("key", makeUserDetails(), "Password", ROLES,
+				makeUserDetails(), assertion);
 		String result = token.toString();
-		assertThat(
-				result.lastIndexOf("Credentials (Service/Proxy Ticket):") != -1).isTrue();
+		assertThat(result.lastIndexOf("Credentials (Service/Proxy Ticket):") != -1).isTrue();
 	}
+
 }
diff --git a/cas/src/test/java/org/springframework/security/cas/authentication/EhCacheBasedTicketCacheTests.java b/cas/src/test/java/org/springframework/security/cas/authentication/EhCacheBasedTicketCacheTests.java
index d50013caed..05885f146c 100644
--- a/cas/src/test/java/org/springframework/security/cas/authentication/EhCacheBasedTicketCacheTests.java
+++ b/cas/src/test/java/org/springframework/security/cas/authentication/EhCacheBasedTicketCacheTests.java
@@ -34,6 +34,7 @@ import static org.assertj.core.api.Assertions.*;
  * @author Ben Alex
  */
 public class EhCacheBasedTicketCacheTests extends AbstractStatelessTicketCacheTests {
+
 	private static CacheManager cacheManager;
 
 	// ~ Methods
@@ -87,4 +88,5 @@ public class EhCacheBasedTicketCacheTests extends AbstractStatelessTicketCacheTe
 		cache.setCache(myCache);
 		assertThat(cache.getCache()).isEqualTo(myCache);
 	}
+
 }
diff --git a/cas/src/test/java/org/springframework/security/cas/authentication/NullStatelessTicketCacheTests.java b/cas/src/test/java/org/springframework/security/cas/authentication/NullStatelessTicketCacheTests.java
index 1643bb0394..a1d84cd1dd 100644
--- a/cas/src/test/java/org/springframework/security/cas/authentication/NullStatelessTicketCacheTests.java
+++ b/cas/src/test/java/org/springframework/security/cas/authentication/NullStatelessTicketCacheTests.java
@@ -44,4 +44,5 @@ public class NullStatelessTicketCacheTests extends AbstractStatelessTicketCacheT
 		cache.putTicketInCache(token);
 		assertThat(cache.getByTicketId((String) token.getCredentials())).isNull();
 	}
+
 }
diff --git a/cas/src/test/java/org/springframework/security/cas/authentication/SpringCacheBasedTicketCacheTests.java b/cas/src/test/java/org/springframework/security/cas/authentication/SpringCacheBasedTicketCacheTests.java
index 57ccf6136c..51b703617d 100644
--- a/cas/src/test/java/org/springframework/security/cas/authentication/SpringCacheBasedTicketCacheTests.java
+++ b/cas/src/test/java/org/springframework/security/cas/authentication/SpringCacheBasedTicketCacheTests.java
@@ -31,6 +31,7 @@ import static org.assertj.core.api.Assertions.*;
  * @since 3.2
  */
 public class SpringCacheBasedTicketCacheTests extends AbstractStatelessTicketCacheTests {
+
 	private static CacheManager cacheManager;
 
 	// ~ Methods
@@ -44,8 +45,7 @@ public class SpringCacheBasedTicketCacheTests extends AbstractStatelessTicketCac
 
 	@Test
 	public void testCacheOperation() throws Exception {
-		SpringCacheBasedTicketCache cache = new SpringCacheBasedTicketCache(
-				cacheManager.getCache("castickets"));
+		SpringCacheBasedTicketCache cache = new SpringCacheBasedTicketCache(cacheManager.getCache("castickets"));
 
 		final CasAuthenticationToken token = getToken();
 
@@ -66,4 +66,5 @@ public class SpringCacheBasedTicketCacheTests extends AbstractStatelessTicketCac
 	public void testStartupDetectsMissingCache() throws Exception {
 		new SpringCacheBasedTicketCache(null);
 	}
+
 }
diff --git a/cas/src/test/java/org/springframework/security/cas/jackson2/CasAuthenticationTokenMixinTests.java b/cas/src/test/java/org/springframework/security/cas/jackson2/CasAuthenticationTokenMixinTests.java
index 933be2cf14..45956f171e 100644
--- a/cas/src/test/java/org/springframework/security/cas/jackson2/CasAuthenticationTokenMixinTests.java
+++ b/cas/src/test/java/org/springframework/security/cas/jackson2/CasAuthenticationTokenMixinTests.java
@@ -47,15 +47,20 @@ import static org.assertj.core.api.Assertions.assertThat;
 public class CasAuthenticationTokenMixinTests {
 
 	private static final String KEY = "casKey";
+
 	private static final String PASSWORD = "\"1234\"";
+
 	private static final Date START_DATE = new Date();
+
 	private static final Date END_DATE = new Date();
 
 	public static final String AUTHORITY_JSON = "{\"@class\": \"org.springframework.security.core.authority.SimpleGrantedAuthority\", \"authority\": \"ROLE_USER\"}";
 
-	public static final String AUTHORITIES_SET_JSON = "[\"java.util.Collections$UnmodifiableSet\", [" + AUTHORITY_JSON + "]]";
+	public static final String AUTHORITIES_SET_JSON = "[\"java.util.Collections$UnmodifiableSet\", [" + AUTHORITY_JSON
+			+ "]]";
 
-	public static final String AUTHORITIES_ARRAYLIST_JSON = "[\"java.util.Collections$UnmodifiableRandomAccessList\", [" + AUTHORITY_JSON + "]]";
+	public static final String AUTHORITIES_ARRAYLIST_JSON = "[\"java.util.Collections$UnmodifiableRandomAccessList\", ["
+			+ AUTHORITY_JSON + "]]";
 
 	// @formatter:off
 	public static final String USER_JSON = "{"
@@ -71,29 +76,18 @@ public class CasAuthenticationTokenMixinTests {
 	// @formatter:on
 
 	private static final String CAS_TOKEN_JSON = "{"
-		+ "\"@class\": \"org.springframework.security.cas.authentication.CasAuthenticationToken\", "
-		+ "\"keyHash\": " + KEY.hashCode() + ","
-		+ "\"principal\": " + USER_JSON + ", "
-		+ "\"credentials\": " + PASSWORD + ", "
-		+ "\"authorities\": " + AUTHORITIES_ARRAYLIST_JSON + ","
-		+ "\"userDetails\": " + USER_JSON +","
-		+ "\"authenticated\": true, "
-		+ "\"details\": null,"
-		+ "\"assertion\": {"
-			+ "\"@class\": \"org.jasig.cas.client.validation.AssertionImpl\", "
-			+ "\"principal\": {"
-				+ "\"@class\": \"org.jasig.cas.client.authentication.AttributePrincipalImpl\", "
-				+ "\"name\": \"assertName\", "
-				+ "\"attributes\": {\"@class\": \"java.util.Collections$EmptyMap\"}, "
-				+ "\"proxyGrantingTicket\": null, "
-				+ "\"proxyRetriever\": null"
-			+ "}, "
+			+ "\"@class\": \"org.springframework.security.cas.authentication.CasAuthenticationToken\", "
+			+ "\"keyHash\": " + KEY.hashCode() + "," + "\"principal\": " + USER_JSON + ", " + "\"credentials\": "
+			+ PASSWORD + ", " + "\"authorities\": " + AUTHORITIES_ARRAYLIST_JSON + "," + "\"userDetails\": " + USER_JSON
+			+ "," + "\"authenticated\": true, " + "\"details\": null," + "\"assertion\": {"
+			+ "\"@class\": \"org.jasig.cas.client.validation.AssertionImpl\", " + "\"principal\": {"
+			+ "\"@class\": \"org.jasig.cas.client.authentication.AttributePrincipalImpl\", "
+			+ "\"name\": \"assertName\", " + "\"attributes\": {\"@class\": \"java.util.Collections$EmptyMap\"}, "
+			+ "\"proxyGrantingTicket\": null, " + "\"proxyRetriever\": null" + "}, "
 			+ "\"validFromDate\": [\"java.util.Date\", " + START_DATE.getTime() + "], "
 			+ "\"validUntilDate\": [\"java.util.Date\", " + END_DATE.getTime() + "],"
 			+ "\"authenticationDate\": [\"java.util.Date\", " + START_DATE.getTime() + "], "
-			+ "\"attributes\": {\"@class\": \"java.util.Collections$EmptyMap\"}" +
-		"}"
-	+ "}";
+			+ "\"attributes\": {\"@class\": \"java.util.Collections$EmptyMap\"}" + "}" + "}";
 
 	private static final String CAS_TOKEN_CLEARED_JSON = CAS_TOKEN_JSON.replaceFirst(PASSWORD, "null");
 
@@ -114,7 +108,8 @@ public class CasAuthenticationTokenMixinTests {
 	}
 
 	@Test
-	public void serializeCasAuthenticationTestAfterEraseCredentialInvoked() throws JsonProcessingException, JSONException {
+	public void serializeCasAuthenticationTestAfterEraseCredentialInvoked()
+			throws JsonProcessingException, JSONException {
 		CasAuthenticationToken token = createCasAuthenticationToken();
 		token.eraseCredentials();
 		String actualJson = mapper.writeValueAsString(token);
@@ -137,9 +132,8 @@ public class CasAuthenticationTokenMixinTests {
 		assertThat(token.getUserDetails()).isNotNull().isInstanceOf(User.class);
 		assertThat(token.getAssertion()).isNotNull().isInstanceOf(AssertionImpl.class);
 		assertThat(token.getKeyHash()).isEqualTo(KEY.hashCode());
-		assertThat(token.getUserDetails().getAuthorities())
-			.extracting(GrantedAuthority::getAuthority)
-			.containsOnly("ROLE_USER");
+		assertThat(token.getUserDetails().getAuthorities()).extracting(GrantedAuthority::getAuthority)
+				.containsOnly("ROLE_USER");
 		assertThat(token.getAssertion().getAuthenticationDate()).isEqualTo(START_DATE);
 		assertThat(token.getAssertion().getValidFromDate()).isEqualTo(START_DATE);
 		assertThat(token.getAssertion().getValidUntilDate()).isEqualTo(END_DATE);
@@ -149,9 +143,12 @@ public class CasAuthenticationTokenMixinTests {
 
 	private CasAuthenticationToken createCasAuthenticationToken() {
 		User principal = new User("admin", "1234", Collections.singletonList(new SimpleGrantedAuthority("ROLE_USER")));
-		Collection<? extends GrantedAuthority> authorities = Collections.singletonList(new SimpleGrantedAuthority("ROLE_USER"));
-		Assertion assertion = new AssertionImpl(new AttributePrincipalImpl("assertName"), START_DATE, END_DATE, START_DATE, Collections.<String, Object>emptyMap());
+		Collection<? extends GrantedAuthority> authorities = Collections
+				.singletonList(new SimpleGrantedAuthority("ROLE_USER"));
+		Assertion assertion = new AssertionImpl(new AttributePrincipalImpl("assertName"), START_DATE, END_DATE,
+				START_DATE, Collections.<String, Object>emptyMap());
 		return new CasAuthenticationToken(KEY, principal, principal.getPassword(), authorities,
 				new User("admin", "1234", authorities), assertion);
 	}
+
 }
diff --git a/cas/src/test/java/org/springframework/security/cas/userdetails/GrantedAuthorityFromAssertionAttributesUserDetailsServiceTests.java b/cas/src/test/java/org/springframework/security/cas/userdetails/GrantedAuthorityFromAssertionAttributesUserDetailsServiceTests.java
index b4cbad40cf..071863d884 100644
--- a/cas/src/test/java/org/springframework/security/cas/userdetails/GrantedAuthorityFromAssertionAttributesUserDetailsServiceTests.java
+++ b/cas/src/test/java/org/springframework/security/cas/userdetails/GrantedAuthorityFromAssertionAttributesUserDetailsServiceTests.java
@@ -53,11 +53,10 @@ public class GrantedAuthorityFromAssertionAttributesUserDetailsServiceTests {
 		when(assertion.getPrincipal()).thenReturn(principal);
 		when(principal.getAttributes()).thenReturn(attributes);
 		when(principal.getName()).thenReturn("somebody");
-		CasAssertionAuthenticationToken token = new CasAssertionAuthenticationToken(
-				assertion, "ticket");
+		CasAssertionAuthenticationToken token = new CasAssertionAuthenticationToken(assertion, "ticket");
 		UserDetails user = uds.loadUserDetails(token);
 		Set<String> roles = AuthorityUtils.authorityListToSet(user.getAuthorities());
-		assertThat(roles).containsExactlyInAnyOrder(
-				"role_a1", "role_a2", "role_b", "role_c");
+		assertThat(roles).containsExactlyInAnyOrder("role_a1", "role_a2", "role_b", "role_c");
 	}
+
 }
diff --git a/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationEntryPointTests.java b/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationEntryPointTests.java
index 35d3f7fdc6..05da9f1fef 100644
--- a/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationEntryPointTests.java
+++ b/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationEntryPointTests.java
@@ -59,8 +59,7 @@ public class CasAuthenticationEntryPointTests {
 			fail("Should have thrown IllegalArgumentException");
 		}
 		catch (IllegalArgumentException expected) {
-			assertThat(expected.getMessage()).isEqualTo(
-					"serviceProperties must be specified");
+			assertThat(expected.getMessage()).isEqualTo("serviceProperties must be specified");
 		}
 	}
 
@@ -92,9 +91,9 @@ public class CasAuthenticationEntryPointTests {
 		ep.afterPropertiesSet();
 		ep.commence(request, response, null);
 
-		assertThat("https://cas/login?service=" + URLEncoder.encode(
-				"https://mycompany.com/bigWebApp/login/cas", "UTF-8")).isEqualTo(
-						response.getRedirectedUrl());
+		assertThat(
+				"https://cas/login?service=" + URLEncoder.encode("https://mycompany.com/bigWebApp/login/cas", "UTF-8"))
+						.isEqualTo(response.getRedirectedUrl());
 	}
 
 	@Test
@@ -115,7 +114,8 @@ public class CasAuthenticationEntryPointTests {
 		ep.afterPropertiesSet();
 		ep.commence(request, response, null);
 		assertThat("https://cas/login?service="
-				+ URLEncoder.encode("https://mycompany.com/bigWebApp/login/cas", "UTF-8")
-				+ "&renew=true").isEqualTo(response.getRedirectedUrl());
+				+ URLEncoder.encode("https://mycompany.com/bigWebApp/login/cas", "UTF-8") + "&renew=true")
+						.isEqualTo(response.getRedirectedUrl());
 	}
+
 }
diff --git a/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationFilterTests.java b/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationFilterTests.java
index 700e24240f..848ba5d36b 100644
--- a/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationFilterTests.java
+++ b/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationFilterTests.java
@@ -44,6 +44,7 @@ import static org.mockito.Mockito.*;
  * @author Rob Winch
  */
 public class CasAuthenticationFilterTests {
+
 	// ~ Methods
 	// ========================================================================================================
 
@@ -71,8 +72,7 @@ public class CasAuthenticationFilterTests {
 
 		assertThat(filter.requiresAuthentication(request, new MockHttpServletResponse())).isTrue();
 
-		Authentication result = filter.attemptAuthentication(request,
-				new MockHttpServletResponse());
+		Authentication result = filter.attemptAuthentication(request, new MockHttpServletResponse());
 		assertThat(result != null).isTrue();
 	}
 
@@ -83,8 +83,7 @@ public class CasAuthenticationFilterTests {
 			throw new BadCredentialsException("Rejected");
 		});
 
-		filter.attemptAuthentication(new MockHttpServletRequest(),
-				new MockHttpServletResponse());
+		filter.attemptAuthentication(new MockHttpServletRequest(), new MockHttpServletResponse());
 	}
 
 	@Test
@@ -134,15 +133,13 @@ public class CasAuthenticationFilterTests {
 		assertThat(filter.requiresAuthentication(request, response)).isFalse();
 		request.setParameter(properties.getArtifactParameter(), "value");
 		assertThat(filter.requiresAuthentication(request, response)).isTrue();
-		SecurityContextHolder.getContext().setAuthentication(
-				new AnonymousAuthenticationToken("key", "principal", AuthorityUtils
-						.createAuthorityList("ROLE_ANONYMOUS")));
+		SecurityContextHolder.getContext().setAuthentication(new AnonymousAuthenticationToken("key", "principal",
+				AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS")));
 		assertThat(filter.requiresAuthentication(request, response)).isTrue();
-		SecurityContextHolder.getContext().setAuthentication(
-				new TestingAuthenticationToken("un", "principal"));
+		SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken("un", "principal"));
 		assertThat(filter.requiresAuthentication(request, response)).isTrue();
-		SecurityContextHolder.getContext().setAuthentication(
-				new TestingAuthenticationToken("un", "principal", "ROLE_ANONYMOUS"));
+		SecurityContextHolder.getContext()
+				.setAuthentication(new TestingAuthenticationToken("un", "principal", "ROLE_ANONYMOUS"));
 		assertThat(filter.requiresAuthentication(request, response)).isFalse();
 	}
 
@@ -162,8 +159,7 @@ public class CasAuthenticationFilterTests {
 	public void testDoFilterAuthenticateAll() throws Exception {
 		AuthenticationSuccessHandler successHandler = mock(AuthenticationSuccessHandler.class);
 		AuthenticationManager manager = mock(AuthenticationManager.class);
-		Authentication authentication = new TestingAuthenticationToken("un", "pwd",
-				"ROLE_USER");
+		Authentication authentication = new TestingAuthenticationToken("un", "pwd", "ROLE_USER");
 		when(manager.authenticate(any(Authentication.class))).thenReturn(authentication);
 		ServiceProperties serviceProperties = new ServiceProperties();
 		serviceProperties.setAuthenticateAllArtifacts(true);
@@ -181,8 +177,8 @@ public class CasAuthenticationFilterTests {
 		filter.afterPropertiesSet();
 
 		filter.doFilter(request, response, chain);
-		assertThat(SecurityContextHolder
-				.getContext().getAuthentication()).isNotNull().withFailMessage("Authentication should not be null");
+		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull()
+				.withFailMessage("Authentication should not be null");
 		verify(chain).doFilter(request, response);
 		verifyZeroInteractions(successHandler);
 
@@ -209,4 +205,5 @@ public class CasAuthenticationFilterTests {
 		filter.doFilter(request, response, chain);
 		verifyZeroInteractions(chain);
 	}
+
 }
diff --git a/cas/src/test/java/org/springframework/security/cas/web/ServicePropertiesTests.java b/cas/src/test/java/org/springframework/security/cas/web/ServicePropertiesTests.java
index b9ddcf1942..e19ea137b6 100644
--- a/cas/src/test/java/org/springframework/security/cas/web/ServicePropertiesTests.java
+++ b/cas/src/test/java/org/springframework/security/cas/web/ServicePropertiesTests.java
@@ -28,6 +28,7 @@ import org.springframework.security.cas.ServiceProperties;
  * @author Ben Alex
  */
 public class ServicePropertiesTests {
+
 	// ~ Methods
 	// ========================================================================================================
 
@@ -75,4 +76,5 @@ public class ServicePropertiesTests {
 			sp.afterPropertiesSet();
 		}
 	}
+
 }
diff --git a/cas/src/test/java/org/springframework/security/cas/web/authentication/DefaultServiceAuthenticationDetailsTests.java b/cas/src/test/java/org/springframework/security/cas/web/authentication/DefaultServiceAuthenticationDetailsTests.java
index 3343a2bbb2..f96d4ace8a 100644
--- a/cas/src/test/java/org/springframework/security/cas/web/authentication/DefaultServiceAuthenticationDetailsTests.java
+++ b/cas/src/test/java/org/springframework/security/cas/web/authentication/DefaultServiceAuthenticationDetailsTests.java
@@ -30,13 +30,16 @@ import org.springframework.security.web.util.UrlUtils;
 import static org.assertj.core.api.Assertions.assertThat;
 
 /**
- *
  * @author Rob Winch
  */
 public class DefaultServiceAuthenticationDetailsTests {
+
 	private DefaultServiceAuthenticationDetails details;
+
 	private MockHttpServletRequest request;
+
 	private Pattern artifactPattern;
+
 	private String casServiceUrl;
 
 	private ConfigurableApplicationContext context;
@@ -63,17 +66,14 @@ public class DefaultServiceAuthenticationDetailsTests {
 
 	@Test
 	public void getServiceUrlNullQuery() throws Exception {
-		this.details = new DefaultServiceAuthenticationDetails(this.casServiceUrl,
-				this.request, this.artifactPattern);
-		assertThat(this.details.getServiceUrl())
-				.isEqualTo(UrlUtils.buildFullRequestUrl(this.request));
+		this.details = new DefaultServiceAuthenticationDetails(this.casServiceUrl, this.request, this.artifactPattern);
+		assertThat(this.details.getServiceUrl()).isEqualTo(UrlUtils.buildFullRequestUrl(this.request));
 	}
 
 	@Test
 	public void getServiceUrlTicketOnlyParam() throws Exception {
 		this.request.setQueryString("ticket=123");
-		this.details = new DefaultServiceAuthenticationDetails(this.casServiceUrl,
-				this.request, this.artifactPattern);
+		this.details = new DefaultServiceAuthenticationDetails(this.casServiceUrl, this.request, this.artifactPattern);
 		String serviceUrl = this.details.getServiceUrl();
 		this.request.setQueryString(null);
 		assertThat(serviceUrl).isEqualTo(UrlUtils.buildFullRequestUrl(this.request));
@@ -82,8 +82,7 @@ public class DefaultServiceAuthenticationDetailsTests {
 	@Test
 	public void getServiceUrlTicketFirstMultiParam() throws Exception {
 		this.request.setQueryString("ticket=123&other=value");
-		this.details = new DefaultServiceAuthenticationDetails(this.casServiceUrl,
-				this.request, this.artifactPattern);
+		this.details = new DefaultServiceAuthenticationDetails(this.casServiceUrl, this.request, this.artifactPattern);
 		String serviceUrl = this.details.getServiceUrl();
 		this.request.setQueryString("other=value");
 		assertThat(serviceUrl).isEqualTo(UrlUtils.buildFullRequestUrl(this.request));
@@ -92,8 +91,7 @@ public class DefaultServiceAuthenticationDetailsTests {
 	@Test
 	public void getServiceUrlTicketLastMultiParam() throws Exception {
 		this.request.setQueryString("other=value&ticket=123");
-		this.details = new DefaultServiceAuthenticationDetails(this.casServiceUrl,
-				this.request, this.artifactPattern);
+		this.details = new DefaultServiceAuthenticationDetails(this.casServiceUrl, this.request, this.artifactPattern);
 		String serviceUrl = this.details.getServiceUrl();
 		this.request.setQueryString("other=value");
 		assertThat(serviceUrl).isEqualTo(UrlUtils.buildFullRequestUrl(this.request));
@@ -102,8 +100,7 @@ public class DefaultServiceAuthenticationDetailsTests {
 	@Test
 	public void getServiceUrlTicketMiddleMultiParam() throws Exception {
 		this.request.setQueryString("other=value&ticket=123&last=this");
-		this.details = new DefaultServiceAuthenticationDetails(this.casServiceUrl,
-				this.request, this.artifactPattern);
+		this.details = new DefaultServiceAuthenticationDetails(this.casServiceUrl, this.request, this.artifactPattern);
 		String serviceUrl = this.details.getServiceUrl();
 		this.request.setQueryString("other=value&last=this");
 		assertThat(serviceUrl).isEqualTo(UrlUtils.buildFullRequestUrl(this.request));
@@ -113,10 +110,8 @@ public class DefaultServiceAuthenticationDetailsTests {
 	public void getServiceUrlDoesNotUseHostHeader() throws Exception {
 		this.casServiceUrl = "https://example.com/j_spring_security_cas";
 		this.request.setServerName("evil.com");
-		this.details = new DefaultServiceAuthenticationDetails(this.casServiceUrl,
-				this.request, this.artifactPattern);
-		assertThat(this.details.getServiceUrl())
-				.isEqualTo("https://example.com/cas-sample/secure/");
+		this.details = new DefaultServiceAuthenticationDetails(this.casServiceUrl, this.request, this.artifactPattern);
+		assertThat(this.details.getServiceUrl()).isEqualTo("https://example.com/cas-sample/secure/");
 	}
 
 	@Test
@@ -125,15 +120,13 @@ public class DefaultServiceAuthenticationDetailsTests {
 		this.request.setServerName("evil.com");
 		ServiceAuthenticationDetails details = loadServiceAuthenticationDetails(
 				"defaultserviceauthenticationdetails-explicit.xml");
-		assertThat(details.getServiceUrl())
-				.isEqualTo("https://example.com/cas-sample/secure/");
+		assertThat(details.getServiceUrl()).isEqualTo("https://example.com/cas-sample/secure/");
 	}
 
-	private ServiceAuthenticationDetails loadServiceAuthenticationDetails(
-			String resourceName) {
+	private ServiceAuthenticationDetails loadServiceAuthenticationDetails(String resourceName) {
 		this.context = new GenericXmlApplicationContext(getClass(), resourceName);
-		ServiceAuthenticationDetailsSource source = this.context
-				.getBean(ServiceAuthenticationDetailsSource.class);
+		ServiceAuthenticationDetailsSource source = this.context.getBean(ServiceAuthenticationDetailsSource.class);
 		return source.buildDetails(this.request);
 	}
+
 }
diff --git a/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/LdapAuthenticationProviderBuilderSecurityBuilderTests.java b/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/LdapAuthenticationProviderBuilderSecurityBuilderTests.java
index 42736b22e4..330d52a351 100644
--- a/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/LdapAuthenticationProviderBuilderSecurityBuilderTests.java
+++ b/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/LdapAuthenticationProviderBuilderSecurityBuilderTests.java
@@ -49,6 +49,7 @@ import static org.springframework.security.test.web.servlet.request.SecurityMock
 import static org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.authenticated;
 
 public class LdapAuthenticationProviderBuilderSecurityBuilderTests {
+
 	@Rule
 	public final SpringTestRule spring = new SpringTestRule();
 
@@ -74,6 +75,7 @@ public class LdapAuthenticationProviderBuilderSecurityBuilderTests {
 
 	@EnableWebSecurity
 	static class DefaultLdapConfig extends BaseLdapProviderConfig {
+
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
 			// @formatter:off
 			auth
@@ -82,6 +84,7 @@ public class LdapAuthenticationProviderBuilderSecurityBuilderTests {
 					.userDnPatterns("uid={0},ou=people");
 			// @formatter:on
 		}
+
 	}
 
 	@Test
@@ -89,11 +92,13 @@ public class LdapAuthenticationProviderBuilderSecurityBuilderTests {
 		this.spring.register(GroupRolesConfig.class).autowire();
 		LdapAuthenticationProvider provider = ldapProvider();
 
-		assertThat(ReflectionTestUtils.getField(getAuthoritiesPopulator(provider), "groupRoleAttribute")).isEqualTo("group");
+		assertThat(ReflectionTestUtils.getField(getAuthoritiesPopulator(provider), "groupRoleAttribute"))
+				.isEqualTo("group");
 	}
 
 	@EnableWebSecurity
 	static class GroupRolesConfig extends BaseLdapProviderConfig {
+
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
 			// @formatter:off
 			auth
@@ -103,6 +108,7 @@ public class LdapAuthenticationProviderBuilderSecurityBuilderTests {
 					.groupRoleAttribute("group");
 			// @formatter:on
 		}
+
 	}
 
 	@Test
@@ -110,11 +116,13 @@ public class LdapAuthenticationProviderBuilderSecurityBuilderTests {
 		this.spring.register(GroupSearchConfig.class).autowire();
 		LdapAuthenticationProvider provider = ldapProvider();
 
-		assertThat(ReflectionTestUtils.getField(getAuthoritiesPopulator(provider), "groupSearchFilter")).isEqualTo("ou=groupName");
+		assertThat(ReflectionTestUtils.getField(getAuthoritiesPopulator(provider), "groupSearchFilter"))
+				.isEqualTo("ou=groupName");
 	}
 
 	@EnableWebSecurity
 	static class GroupSearchConfig extends BaseLdapProviderConfig {
+
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
 			// @formatter:off
 			auth
@@ -124,6 +132,7 @@ public class LdapAuthenticationProviderBuilderSecurityBuilderTests {
 					.groupSearchFilter("ou=groupName");
 			// @formatter:on
 		}
+
 	}
 
 	@Test
@@ -137,6 +146,7 @@ public class LdapAuthenticationProviderBuilderSecurityBuilderTests {
 
 	@EnableWebSecurity
 	static class GroupSubtreeSearchConfig extends BaseLdapProviderConfig {
+
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
 			// @formatter:off
 			auth
@@ -147,6 +157,7 @@ public class LdapAuthenticationProviderBuilderSecurityBuilderTests {
 					.groupSearchSubtree(true);
 			// @formatter:on
 		}
+
 	}
 
 	@Test
@@ -159,6 +170,7 @@ public class LdapAuthenticationProviderBuilderSecurityBuilderTests {
 
 	@EnableWebSecurity
 	static class RolePrefixConfig extends BaseLdapProviderConfig {
+
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
 			// @formatter:off
 			auth
@@ -168,18 +180,20 @@ public class LdapAuthenticationProviderBuilderSecurityBuilderTests {
 					.rolePrefix("role_");
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void bindAuthentication() throws Exception {
 		this.spring.register(BindAuthenticationConfig.class).autowire();
 
-		this.mockMvc.perform(formLogin().user("bob").password("bobspassword"))
-				.andExpect(authenticated().withUsername("bob").withAuthorities(singleton(new SimpleGrantedAuthority("ROLE_DEVELOPERS"))));
+		this.mockMvc.perform(formLogin().user("bob").password("bobspassword")).andExpect(authenticated()
+				.withUsername("bob").withAuthorities(singleton(new SimpleGrantedAuthority("ROLE_DEVELOPERS"))));
 	}
 
 	@EnableWebSecurity
 	static class BindAuthenticationConfig extends BaseLdapServerConfig {
+
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
 			// @formatter:off
 			auth
@@ -190,6 +204,7 @@ public class LdapAuthenticationProviderBuilderSecurityBuilderTests {
 					.userDnPatterns("uid={0},ou=people");
 			// @formatter:on
 		}
+
 	}
 
 	// SEC-2472
@@ -197,12 +212,13 @@ public class LdapAuthenticationProviderBuilderSecurityBuilderTests {
 	public void canUseCryptoPasswordEncoder() throws Exception {
 		this.spring.register(PasswordEncoderConfig.class).autowire();
 
-		this.mockMvc.perform(formLogin().user("bcrypt").password("password"))
-				.andExpect(authenticated().withUsername("bcrypt").withAuthorities(singleton(new SimpleGrantedAuthority("ROLE_DEVELOPERS"))));
+		this.mockMvc.perform(formLogin().user("bcrypt").password("password")).andExpect(authenticated()
+				.withUsername("bcrypt").withAuthorities(singleton(new SimpleGrantedAuthority("ROLE_DEVELOPERS"))));
 	}
 
 	@EnableWebSecurity
 	static class PasswordEncoderConfig extends BaseLdapServerConfig {
+
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
 			// @formatter:off
 			auth
@@ -214,10 +230,12 @@ public class LdapAuthenticationProviderBuilderSecurityBuilderTests {
 					.userDnPatterns("uid={0},ou=people");
 			// @formatter:on
 		}
+
 	}
 
 	private LdapAuthenticationProvider ldapProvider() {
-		return ((List<LdapAuthenticationProvider>) ReflectionTestUtils.getField(authenticationManager, "providers")).get(0);
+		return ((List<LdapAuthenticationProvider>) ReflectionTestUtils.getField(authenticationManager, "providers"))
+				.get(0);
 	}
 
 	private LdapAuthoritiesPopulator getAuthoritiesPopulator(LdapAuthenticationProvider provider) {
@@ -230,12 +248,15 @@ public class LdapAuthenticationProviderBuilderSecurityBuilderTests {
 
 	@EnableWebSecurity
 	static abstract class BaseLdapServerConfig extends BaseLdapProviderConfig {
+
 		@Bean
 		public ApacheDSContainer ldapServer() throws Exception {
-			ApacheDSContainer apacheDSContainer = new ApacheDSContainer("dc=springframework,dc=org", "classpath:/test-server.ldif");
+			ApacheDSContainer apacheDSContainer = new ApacheDSContainer("dc=springframework,dc=org",
+					"classpath:/test-server.ldif");
 			apacheDSContainer.setPort(getPort());
 			return apacheDSContainer;
 		}
+
 	}
 
 	@EnableWebSecurity
@@ -260,6 +281,7 @@ public class LdapAuthenticationProviderBuilderSecurityBuilderTests {
 		}
 
 		abstract protected void configure(AuthenticationManagerBuilder auth) throws Exception;
+
 	}
 
 	static Integer port;
@@ -272,4 +294,5 @@ public class LdapAuthenticationProviderBuilderSecurityBuilderTests {
 		}
 		return port;
 	}
+
 }
diff --git a/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/LdapAuthenticationProviderConfigurerTests.java b/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/LdapAuthenticationProviderConfigurerTests.java
index ab5960f1c4..d634ac6f85 100644
--- a/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/LdapAuthenticationProviderConfigurerTests.java
+++ b/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/LdapAuthenticationProviderConfigurerTests.java
@@ -34,6 +34,7 @@ import static org.springframework.security.test.web.servlet.request.SecurityMock
 import static org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.authenticated;
 
 public class LdapAuthenticationProviderConfigurerTests {
+
 	@Rule
 	public final SpringTestRule spring = new SpringTestRule();
 
@@ -41,7 +42,8 @@ public class LdapAuthenticationProviderConfigurerTests {
 	private MockMvc mockMvc;
 
 	@Test
-	public void authenticationManagerSupportMultipleDefaultLdapContextsWithPortsDynamicallyAllocated() throws Exception {
+	public void authenticationManagerSupportMultipleDefaultLdapContextsWithPortsDynamicallyAllocated()
+			throws Exception {
 		this.spring.register(MultiLdapAuthenticationProvidersConfig.class).autowire();
 
 		this.mockMvc.perform(formLogin().user("bob").password("bobspassword"))
@@ -52,16 +54,16 @@ public class LdapAuthenticationProviderConfigurerTests {
 	public void authenticationManagerSupportMultipleLdapContextWithDefaultRolePrefix() throws Exception {
 		this.spring.register(MultiLdapAuthenticationProvidersConfig.class).autowire();
 
-		this.mockMvc.perform(formLogin().user("bob").password("bobspassword"))
-				.andExpect(authenticated().withUsername("bob").withAuthorities(singleton(new SimpleGrantedAuthority("ROLE_DEVELOPERS"))));
+		this.mockMvc.perform(formLogin().user("bob").password("bobspassword")).andExpect(authenticated()
+				.withUsername("bob").withAuthorities(singleton(new SimpleGrantedAuthority("ROLE_DEVELOPERS"))));
 	}
 
 	@Test
 	public void authenticationManagerSupportMultipleLdapContextWithCustomRolePrefix() throws Exception {
 		this.spring.register(MultiLdapWithCustomRolePrefixAuthenticationProvidersConfig.class).autowire();
 
-		this.mockMvc.perform(formLogin().user("bob").password("bobspassword"))
-				.andExpect(authenticated().withUsername("bob").withAuthorities(singleton(new SimpleGrantedAuthority("ROL_DEVELOPERS"))));
+		this.mockMvc.perform(formLogin().user("bob").password("bobspassword")).andExpect(authenticated()
+				.withUsername("bob").withAuthorities(singleton(new SimpleGrantedAuthority("ROL_DEVELOPERS"))));
 	}
 
 	@Test
@@ -83,6 +85,7 @@ public class LdapAuthenticationProviderConfigurerTests {
 
 	@EnableWebSecurity
 	static class MultiLdapAuthenticationProvidersConfig extends WebSecurityConfigurerAdapter {
+
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
 			// @formatter:off
 			auth
@@ -97,10 +100,12 @@ public class LdapAuthenticationProviderConfigurerTests {
 					.userDnPatterns("uid={0},ou=people");
 			// @formatter:on
 		}
+
 	}
 
 	@EnableWebSecurity
 	static class MultiLdapWithCustomRolePrefixAuthenticationProvidersConfig extends WebSecurityConfigurerAdapter {
+
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
 			// @formatter:off
 			auth
@@ -117,10 +122,12 @@ public class LdapAuthenticationProviderConfigurerTests {
 					.rolePrefix("RUOLO_");
 			// @formatter:on
 		}
+
 	}
 
 	@EnableWebSecurity
 	static class LdapWithRandomPortConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
 			// @formatter:off
@@ -133,10 +140,12 @@ public class LdapAuthenticationProviderConfigurerTests {
 						.port(0);
 			// @formatter:on
 		}
+
 	}
 
 	@EnableWebSecurity
 	static class GroupSubtreeSearchConfig extends BaseLdapProviderConfig {
+
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
 			// @formatter:off
 			auth
@@ -147,5 +156,7 @@ public class LdapAuthenticationProviderConfigurerTests {
 					.userDnPatterns("uid={0},ou=people");
 			// @formatter:on
 		}
+
 	}
+
 }
diff --git a/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/NamespaceLdapAuthenticationProviderTests.java b/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/NamespaceLdapAuthenticationProviderTests.java
index 527d0f0462..da053c6e12 100644
--- a/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/NamespaceLdapAuthenticationProviderTests.java
+++ b/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/NamespaceLdapAuthenticationProviderTests.java
@@ -64,14 +64,15 @@ public class NamespaceLdapAuthenticationProviderTests {
 	public void ldapAuthenticationProviderCustom() throws Exception {
 		this.spring.register(CustomLdapAuthenticationProviderConfig.class).autowire();
 
-		this.mockMvc.perform(formLogin().user("bob").password("bobspassword"))
-				.andExpect(authenticated().withAuthorities(Collections.singleton(new SimpleGrantedAuthority("PREFIX_DEVELOPERS"))));
+		this.mockMvc.perform(formLogin().user("bob").password("bobspassword")).andExpect(authenticated()
+				.withAuthorities(Collections.singleton(new SimpleGrantedAuthority("PREFIX_DEVELOPERS"))));
 	}
 
 	// SEC-2490
 	@Test
 	public void ldapAuthenticationProviderCustomLdapAuthoritiesPopulator() throws Exception {
-		LdapContextSource contextSource = new DefaultSpringSecurityContextSource("ldap://blah.example.com:789/dc=springframework,dc=org");
+		LdapContextSource contextSource = new DefaultSpringSecurityContextSource(
+				"ldap://blah.example.com:789/dc=springframework,dc=org");
 		CustomAuthoritiesPopulatorConfig.LAP = new DefaultLdapAuthoritiesPopulator(contextSource, null) {
 			@Override
 			protected Set<GrantedAuthority> getAdditionalRoles(DirContextOperations user, String username) {
@@ -81,8 +82,8 @@ public class NamespaceLdapAuthenticationProviderTests {
 
 		this.spring.register(CustomAuthoritiesPopulatorConfig.class).autowire();
 
-		this.mockMvc.perform(formLogin().user("bob").password("bobspassword"))
-				.andExpect(authenticated().withAuthorities(Collections.singleton(new SimpleGrantedAuthority("ROLE_EXTRA"))));
+		this.mockMvc.perform(formLogin().user("bob").password("bobspassword")).andExpect(
+				authenticated().withAuthorities(Collections.singleton(new SimpleGrantedAuthority("ROLE_EXTRA"))));
 	}
 
 	@Test
@@ -92,4 +93,5 @@ public class NamespaceLdapAuthenticationProviderTests {
 		this.mockMvc.perform(formLogin().user("bcrypt").password("password"))
 				.andExpect(authenticated().withUsername("bcrypt"));
 	}
+
 }
diff --git a/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/NamespaceLdapAuthenticationProviderTestsConfigs.java b/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/NamespaceLdapAuthenticationProviderTestsConfigs.java
index d73fb3a801..7a1959f23e 100644
--- a/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/NamespaceLdapAuthenticationProviderTestsConfigs.java
+++ b/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/NamespaceLdapAuthenticationProviderTestsConfigs.java
@@ -27,8 +27,10 @@ import org.springframework.security.ldap.userdetails.PersonContextMapper;
  *
  */
 public class NamespaceLdapAuthenticationProviderTestsConfigs {
+
 	@EnableWebSecurity
 	static class LdapAuthenticationProviderConfig extends WebSecurityConfigurerAdapter {
+
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
 			// @formatter:off
 			auth
@@ -37,11 +39,12 @@ public class NamespaceLdapAuthenticationProviderTestsConfigs {
 					.userDnPatterns("uid={0},ou=people"); // ldap-server@user-dn-pattern
 			// @formatter:on
 		}
+
 	}
 
 	@EnableWebSecurity
-	static class CustomLdapAuthenticationProviderConfig extends
-			WebSecurityConfigurerAdapter {
+	static class CustomLdapAuthenticationProviderConfig extends WebSecurityConfigurerAdapter {
+
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
 			// @formatter:off
 			auth
@@ -65,10 +68,12 @@ public class NamespaceLdapAuthenticationProviderTestsConfigs {
 						;
 			// @formatter:on
 		}
+
 	}
 
 	@EnableWebSecurity
 	static class CustomAuthoritiesPopulatorConfig extends WebSecurityConfigurerAdapter {
+
 		static LdapAuthoritiesPopulator LAP;
 
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
@@ -79,10 +84,12 @@ public class NamespaceLdapAuthenticationProviderTestsConfigs {
 					.ldapAuthoritiesPopulator(LAP);
 			// @formatter:on
 		}
+
 	}
 
 	@EnableWebSecurity
 	static class PasswordCompareLdapConfig extends WebSecurityConfigurerAdapter {
+
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
 			// @formatter:off
 			auth
@@ -94,5 +101,7 @@ public class NamespaceLdapAuthenticationProviderTestsConfigs {
 						.passwordAttribute("userPassword"); // ldap-authentication-provider/password-compare@password-attribute
 			// @formatter:on
 		}
+
 	}
+
 }
diff --git a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/HelloHandler.java b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/HelloHandler.java
index 501822a65c..b5b6b28347 100644
--- a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/HelloHandler.java
+++ b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/HelloHandler.java
@@ -27,15 +27,15 @@ public class HelloHandler implements SocketAcceptor {
 
 	@Override
 	public Mono<RSocket> accept(ConnectionSetupPayload setup, RSocket sendingSocket) {
-		return Mono.just(
-				new AbstractRSocket() {
-					@Override
-					public Mono<Payload> requestResponse(Payload payload) {
-						String data = payload.getDataUtf8();
-						payload.release();
-						System.out.println("Got " + data);
-						return Mono.just(ByteBufPayload.create("Hello " + data));
-					}
-				});
+		return Mono.just(new AbstractRSocket() {
+			@Override
+			public Mono<Payload> requestResponse(Payload payload) {
+				String data = payload.getDataUtf8();
+				payload.release();
+				System.out.println("Got " + data);
+				return Mono.just(ByteBufPayload.create("Hello " + data));
+			}
+		});
 	}
+
 }
diff --git a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/HelloRSocketITests.java b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/HelloRSocketITests.java
index 624332b308..44e7c9199f 100644
--- a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/HelloRSocketITests.java
+++ b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/HelloRSocketITests.java
@@ -53,6 +53,7 @@ import static org.assertj.core.api.Assertions.assertThatCode;
 @ContextConfiguration
 @RunWith(SpringRunner.class)
 public class HelloRSocketITests {
+
 	@Autowired
 	RSocketMessageHandler handler;
 
@@ -68,13 +69,9 @@ public class HelloRSocketITests {
 
 	@Before
 	public void setup() {
-		this.server = RSocketFactory.receive()
-				.frameDecoder(PayloadDecoder.ZERO_COPY)
-				.addSocketAcceptorPlugin(this.interceptor)
-				.acceptor(this.handler.responder())
-				.transport(TcpServerTransport.create("localhost", 0))
-				.start()
-				.block();
+		this.server = RSocketFactory.receive().frameDecoder(PayloadDecoder.ZERO_COPY)
+				.addSocketAcceptorPlugin(this.interceptor).acceptor(this.handler.responder())
+				.transport(TcpServerTransport.create("localhost", 0)).start().block();
 	}
 
 	@After
@@ -86,20 +83,14 @@ public class HelloRSocketITests {
 
 	@Test
 	public void retrieveMonoWhenSecureThenDenied() throws Exception {
-		this.requester = RSocketRequester.builder()
-				.rsocketStrategies(this.handler.getRSocketStrategies())
-				.connectTcp("localhost", this.server.address().getPort())
-				.block();
+		this.requester = RSocketRequester.builder().rsocketStrategies(this.handler.getRSocketStrategies())
+				.connectTcp("localhost", this.server.address().getPort()).block();
 
 		String data = "rob";
-		assertThatCode(() -> this.requester.route("secure.retrieve-mono")
-				.data(data)
-				.retrieveMono(String.class)
-				.block()
-			)
-			.isNotNull();
+		assertThatCode(() -> this.requester.route("secure.retrieve-mono").data(data).retrieveMono(String.class).block())
+				.isNotNull();
 		// FIXME: https://github.com/rsocket/rsocket-java/issues/686
-		//			.isInstanceOf(RejectedSetupException.class);
+		// .isInstanceOf(RejectedSetupException.class);
 		assertThat(this.controller.payloads).isEmpty();
 	}
 
@@ -109,14 +100,11 @@ public class HelloRSocketITests {
 		this.requester = RSocketRequester.builder()
 				.setupMetadata(credentials, UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE)
 				.rsocketStrategies(this.handler.getRSocketStrategies())
-				.connectTcp("localhost", this.server.address().getPort())
-				.block();
+				.connectTcp("localhost", this.server.address().getPort()).block();
 		String data = "rob";
 		String hiRob = this.requester.route("secure.retrieve-mono")
-				.metadata(credentials, UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE)
-				.data(data)
-				.retrieveMono(String.class)
-				.block();
+				.metadata(credentials, UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE).data(data)
+				.retrieveMono(String.class).block();
 
 		assertThat(hiRob).isEqualTo("Hi rob");
 		assertThat(this.controller.payloads).containsOnly(data);
@@ -140,9 +128,7 @@ public class HelloRSocketITests {
 
 		@Bean
 		public RSocketStrategies rsocketStrategies() {
-			return RSocketStrategies.builder()
-					.encoder(new BasicAuthenticationEncoder())
-					.build();
+			return RSocketStrategies.builder().encoder(new BasicAuthenticationEncoder()).build();
 		}
 
 		@Bean
@@ -156,10 +142,12 @@ public class HelloRSocketITests {
 			// @formatter:on
 			return new MapReactiveUserDetailsService(rob);
 		}
+
 	}
 
 	@Controller
 	static class ServerController {
+
 		private List<String> payloads = new ArrayList<>();
 
 		@MessageMapping("**")
@@ -171,6 +159,7 @@ public class HelloRSocketITests {
 		private void add(String p) {
 			this.payloads.add(p);
 		}
+
 	}
 
 }
diff --git a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/JwtITests.java b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/JwtITests.java
index 6b08f11ffd..4a836e737b 100644
--- a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/JwtITests.java
+++ b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/JwtITests.java
@@ -62,6 +62,7 @@ import static org.mockito.Mockito.when;
 @ContextConfiguration
 @RunWith(SpringRunner.class)
 public class JwtITests {
+
 	@Autowired
 	RSocketMessageHandler handler;
 
@@ -80,13 +81,9 @@ public class JwtITests {
 
 	@Before
 	public void setup() {
-		this.server = RSocketFactory.receive()
-				.frameDecoder(PayloadDecoder.ZERO_COPY)
-				.addSocketAcceptorPlugin(this.interceptor)
-				.acceptor(this.handler.responder())
-				.transport(TcpServerTransport.create("localhost", 0))
-				.start()
-				.block();
+		this.server = RSocketFactory.receive().frameDecoder(PayloadDecoder.ZERO_COPY)
+				.addSocketAcceptorPlugin(this.interceptor).acceptor(this.handler.responder())
+				.transport(TcpServerTransport.create("localhost", 0)).start().block();
 	}
 
 	@After
@@ -98,18 +95,13 @@ public class JwtITests {
 
 	@Test
 	public void routeWhenBearerThenAuthorized() {
-		BearerTokenMetadata credentials =
-				new BearerTokenMetadata("token");
+		BearerTokenMetadata credentials = new BearerTokenMetadata("token");
 		when(this.decoder.decode(any())).thenReturn(Mono.just(jwt()));
 		this.requester = requester()
 				.setupMetadata(credentials.getToken(), BearerTokenMetadata.BEARER_AUTHENTICATION_MIME_TYPE)
-				.connectTcp(this.server.address().getHostName(), this.server.address().getPort())
-				.block();
+				.connectTcp(this.server.address().getHostName(), this.server.address().getPort()).block();
 
-		String hiRob = this.requester.route("secure.retrieve-mono")
-				.data("rob")
-				.retrieveMono(String.class)
-				.block();
+		String hiRob = this.requester.route("secure.retrieve-mono").data("rob").retrieveMono(String.class).block();
 
 		assertThat(hiRob).isEqualTo("Hi rob");
 	}
@@ -118,36 +110,25 @@ public class JwtITests {
 	public void routeWhenAuthenticationBearerThenAuthorized() {
 		MimeType authenticationMimeType = MimeTypeUtils.parseMimeType(MESSAGE_RSOCKET_AUTHENTICATION.getString());
 
-		BearerTokenMetadata credentials =
-				new BearerTokenMetadata("token");
+		BearerTokenMetadata credentials = new BearerTokenMetadata("token");
 		when(this.decoder.decode(any())).thenReturn(Mono.just(jwt()));
-		this.requester = requester()
-				.setupMetadata(credentials, authenticationMimeType)
-				.connectTcp(this.server.address().getHostName(), this.server.address().getPort())
-				.block();
+		this.requester = requester().setupMetadata(credentials, authenticationMimeType)
+				.connectTcp(this.server.address().getHostName(), this.server.address().getPort()).block();
 
-		String hiRob = this.requester.route("secure.retrieve-mono")
-				.data("rob")
-				.retrieveMono(String.class)
-				.block();
+		String hiRob = this.requester.route("secure.retrieve-mono").data("rob").retrieveMono(String.class).block();
 
 		assertThat(hiRob).isEqualTo("Hi rob");
 	}
 
 	private Jwt jwt() {
-		return TestJwts.jwt()
-				.claim(IdTokenClaimNames.ISS, "https://issuer.example.com")
-				.claim(IdTokenClaimNames.SUB, "rob")
-				.claim(IdTokenClaimNames.AUD, Arrays.asList("client-id"))
-				.build();
+		return TestJwts.jwt().claim(IdTokenClaimNames.ISS, "https://issuer.example.com")
+				.claim(IdTokenClaimNames.SUB, "rob").claim(IdTokenClaimNames.AUD, Arrays.asList("client-id")).build();
 	}
 
 	private RSocketRequester.Builder requester() {
-		return RSocketRequester.builder()
-				.rsocketStrategies(this.handler.getRSocketStrategies());
+		return RSocketRequester.builder().rsocketStrategies(this.handler.getRSocketStrategies());
 	}
 
-
 	@Configuration
 	@EnableRSocketSecurity
 	static class Config {
@@ -166,20 +147,13 @@ public class JwtITests {
 
 		@Bean
 		public RSocketStrategies rsocketStrategies() {
-			return RSocketStrategies.builder()
-					.encoder(new BearerTokenAuthenticationEncoder())
-					.build();
+			return RSocketStrategies.builder().encoder(new BearerTokenAuthenticationEncoder()).build();
 		}
 
 		@Bean
 		PayloadSocketAcceptorInterceptor rsocketInterceptor(RSocketSecurity rsocket) {
-			rsocket
-				.authorizePayload(authorize ->
-					authorize
-						.anyRequest().authenticated()
-						.anyExchange().permitAll()
-				)
-				.jwt(Customizer.withDefaults());
+			rsocket.authorizePayload(authorize -> authorize.anyRequest().authenticated().anyExchange().permitAll())
+					.jwt(Customizer.withDefaults());
 			return rsocket.build();
 		}
 
@@ -187,16 +161,19 @@ public class JwtITests {
 		ReactiveJwtDecoder jwtDecoder() {
 			return mock(ReactiveJwtDecoder.class);
 		}
+
 	}
 
 	@Controller
 	static class ServerController {
+
 		private List<String> payloads = new ArrayList<>();
 
 		@MessageMapping("**")
 		String connect(String payload) {
 			return "Hi " + payload;
 		}
+
 	}
 
 }
diff --git a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerConnectionITests.java b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerConnectionITests.java
index 66cafbebef..6c852eb6f5 100644
--- a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerConnectionITests.java
+++ b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerConnectionITests.java
@@ -59,6 +59,7 @@ import static org.assertj.core.api.Assertions.assertThatCode;
 @ContextConfiguration
 @RunWith(SpringRunner.class)
 public class RSocketMessageHandlerConnectionITests {
+
 	@Autowired
 	RSocketMessageHandler handler;
 
@@ -74,13 +75,9 @@ public class RSocketMessageHandlerConnectionITests {
 
 	@Before
 	public void setup() {
-		this.server = RSocketFactory.receive()
-				.frameDecoder(PayloadDecoder.ZERO_COPY)
-				.addSocketAcceptorPlugin(this.interceptor)
-				.acceptor(this.handler.responder())
-				.transport(TcpServerTransport.create("localhost", 0))
-				.start()
-				.block();
+		this.server = RSocketFactory.receive().frameDecoder(PayloadDecoder.ZERO_COPY)
+				.addSocketAcceptorPlugin(this.interceptor).acceptor(this.handler.responder())
+				.transport(TcpServerTransport.create("localhost", 0)).start().block();
 	}
 
 	@After
@@ -92,17 +89,11 @@ public class RSocketMessageHandlerConnectionITests {
 
 	@Test
 	public void routeWhenAuthorized() {
-		UsernamePasswordMetadata credentials =
-				new UsernamePasswordMetadata("user", "password");
-		this.requester = requester()
-				.setupMetadata(credentials, UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE)
-				.connectTcp(this.server.address().getHostName(), this.server.address().getPort())
-				.block();
+		UsernamePasswordMetadata credentials = new UsernamePasswordMetadata("user", "password");
+		this.requester = requester().setupMetadata(credentials, UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE)
+				.connectTcp(this.server.address().getHostName(), this.server.address().getPort()).block();
 
-		String hiRob = this.requester.route("secure.retrieve-mono")
-				.data("rob")
-				.retrieveMono(String.class)
-				.block();
+		String hiRob = this.requester.route("secure.retrieve-mono").data("rob").retrieveMono(String.class).block();
 
 		assertThat(hiRob).isEqualTo("Hi rob");
 	}
@@ -110,16 +101,11 @@ public class RSocketMessageHandlerConnectionITests {
 	@Test
 	public void routeWhenNotAuthorized() {
 		UsernamePasswordMetadata credentials = new UsernamePasswordMetadata("user", "password");
-		this.requester = requester()
-				.setupMetadata(credentials, UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE)
-				.connectTcp(this.server.address().getHostName(), this.server.address().getPort())
-				.block();
+		this.requester = requester().setupMetadata(credentials, UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE)
+				.connectTcp(this.server.address().getHostName(), this.server.address().getPort()).block();
 
-		assertThatCode(() -> this.requester.route("secure.admin.retrieve-mono")
-				.data("data")
-				.retrieveMono(String.class)
-				.block())
-			.isInstanceOf(ApplicationErrorException.class);
+		assertThatCode(() -> this.requester.route("secure.admin.retrieve-mono").data("data").retrieveMono(String.class)
+				.block()).isInstanceOf(ApplicationErrorException.class);
 	}
 
 	@Test
@@ -127,14 +113,12 @@ public class RSocketMessageHandlerConnectionITests {
 		UsernamePasswordMetadata connectCredentials = new UsernamePasswordMetadata("user", "password");
 		this.requester = requester()
 				.setupMetadata(connectCredentials, UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE)
-				.connectTcp(this.server.address().getHostName(), this.server.address().getPort())
-				.block();
+				.connectTcp(this.server.address().getHostName(), this.server.address().getPort()).block();
 
 		String hiRob = this.requester.route("secure.admin.retrieve-mono")
-				.metadata(new UsernamePasswordMetadata("admin", "password"), UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE)
-				.data("rob")
-				.retrieveMono(String.class)
-				.block();
+				.metadata(new UsernamePasswordMetadata("admin", "password"),
+						UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE)
+				.data("rob").retrieveMono(String.class).block();
 
 		assertThat(hiRob).isEqualTo("Hi rob");
 	}
@@ -144,105 +128,75 @@ public class RSocketMessageHandlerConnectionITests {
 		UsernamePasswordMetadata connectCredentials = new UsernamePasswordMetadata("user", "password");
 		this.requester = requester()
 				.setupMetadata(connectCredentials, UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE)
-				.connectTcp(this.server.address().getHostName(), this.server.address().getPort())
-				.block();
+				.connectTcp(this.server.address().getHostName(), this.server.address().getPort()).block();
 
 		String hiUser = this.requester.route("secure.authority.retrieve-mono")
-				.metadata(new UsernamePasswordMetadata("admin", "password"), UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE)
-				.data("Felipe")
-				.retrieveMono(String.class)
-				.block();
+				.metadata(new UsernamePasswordMetadata("admin", "password"),
+						UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE)
+				.data("Felipe").retrieveMono(String.class).block();
 
 		assertThat(hiUser).isEqualTo("Hi Felipe");
 	}
 
 	@Test
 	public void connectWhenNotAuthenticated() {
-		this.requester = requester()
-				.connectTcp(this.server.address().getHostName(), this.server.address().getPort())
+		this.requester = requester().connectTcp(this.server.address().getHostName(), this.server.address().getPort())
 				.block();
 
-		assertThatCode(() -> this.requester.route("retrieve-mono")
-				.data("data")
-				.retrieveMono(String.class)
-				.block())
+		assertThatCode(() -> this.requester.route("retrieve-mono").data("data").retrieveMono(String.class).block())
 				.isNotNull();
 		// FIXME: https://github.com/rsocket/rsocket-java/issues/686
-		//			.isInstanceOf(RejectedSetupException.class);
+		// .isInstanceOf(RejectedSetupException.class);
 	}
 
 	@Test
 	public void connectWhenNotAuthorized() {
 		UsernamePasswordMetadata credentials = new UsernamePasswordMetadata("evil", "password");
-		this.requester = requester()
-				.setupMetadata(credentials, UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE)
-				.connectTcp(this.server.address().getHostName(), this.server.address().getPort())
-				.block();
+		this.requester = requester().setupMetadata(credentials, UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE)
+				.connectTcp(this.server.address().getHostName(), this.server.address().getPort()).block();
 
-		assertThatCode(() -> this.requester.route("retrieve-mono")
-				.data("data")
-				.retrieveMono(String.class)
-				.block())
-			.isNotNull();
-//		 FIXME: https://github.com/rsocket/rsocket-java/issues/686
-//			.isInstanceOf(RejectedSetupException.class);
+		assertThatCode(() -> this.requester.route("retrieve-mono").data("data").retrieveMono(String.class).block())
+				.isNotNull();
+		// FIXME: https://github.com/rsocket/rsocket-java/issues/686
+		// .isInstanceOf(RejectedSetupException.class);
 	}
 
 	@Test
 	public void connectionDenied() {
 		UsernamePasswordMetadata credentials = new UsernamePasswordMetadata("user", "password");
-		this.requester = requester()
-				.setupMetadata(credentials, UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE)
-				.connectTcp(this.server.address().getHostName(), this.server.address().getPort())
-				.block();
+		this.requester = requester().setupMetadata(credentials, UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE)
+				.connectTcp(this.server.address().getHostName(), this.server.address().getPort()).block();
 
-		assertThatCode(() -> this.requester.route("prohibit")
-				.data("data")
-				.retrieveMono(String.class)
-				.block())
+		assertThatCode(() -> this.requester.route("prohibit").data("data").retrieveMono(String.class).block())
 				.isInstanceOf(ApplicationErrorException.class);
 	}
 
 	@Test
 	public void connectWithAnyRole() {
-		UsernamePasswordMetadata credentials =
-				new UsernamePasswordMetadata("user", "password");
-		this.requester = requester()
-				.setupMetadata(credentials, UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE)
-				.connectTcp(this.server.address().getHostName(), this.server.address().getPort())
-				.block();
+		UsernamePasswordMetadata credentials = new UsernamePasswordMetadata("user", "password");
+		this.requester = requester().setupMetadata(credentials, UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE)
+				.connectTcp(this.server.address().getHostName(), this.server.address().getPort()).block();
 
-		String hiRob = this.requester.route("anyroute")
-				.data("rob")
-				.retrieveMono(String.class)
-				.block();
+		String hiRob = this.requester.route("anyroute").data("rob").retrieveMono(String.class).block();
 
 		assertThat(hiRob).isEqualTo("Hi rob");
 	}
 
 	@Test
 	public void connectWithAnyAuthority() {
-		UsernamePasswordMetadata credentials =
-				new UsernamePasswordMetadata("admin", "password");
-		this.requester = requester()
-				.setupMetadata(credentials, UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE)
-				.connectTcp(this.server.address().getHostName(), this.server.address().getPort())
-				.block();
+		UsernamePasswordMetadata credentials = new UsernamePasswordMetadata("admin", "password");
+		this.requester = requester().setupMetadata(credentials, UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE)
+				.connectTcp(this.server.address().getHostName(), this.server.address().getPort()).block();
 
-		String hiEbert = this.requester.route("management.users")
-				.data("admin")
-				.retrieveMono(String.class)
-				.block();
+		String hiEbert = this.requester.route("management.users").data("admin").retrieveMono(String.class).block();
 
 		assertThat(hiEbert).isEqualTo("Hi admin");
 	}
 
 	private RSocketRequester.Builder requester() {
-		return RSocketRequester.builder()
-				.rsocketStrategies(this.handler.getRSocketStrategies());
+		return RSocketRequester.builder().rsocketStrategies(this.handler.getRSocketStrategies());
 	}
 
-
 	@Configuration
 	@EnableRSocketSecurity
 	static class Config {
@@ -261,9 +215,7 @@ public class RSocketMessageHandlerConnectionITests {
 
 		@Bean
 		public RSocketStrategies rsocketStrategies() {
-			return RSocketStrategies.builder()
-					.encoder(new BasicAuthenticationEncoder())
-					.build();
+			return RSocketStrategies.builder().encoder(new BasicAuthenticationEncoder()).build();
 		}
 
 		@Bean
@@ -290,30 +242,25 @@ public class RSocketMessageHandlerConnectionITests {
 
 		@Bean
 		PayloadSocketAcceptorInterceptor rsocketInterceptor(RSocketSecurity rsocket) {
-			rsocket
-				.authorizePayload(authorize ->
-					authorize
-						.setup().hasRole("SETUP")
-						.route("secure.admin.*").hasRole("ADMIN")
-						.route("secure.**").hasRole("USER")
-						.route("secure.authority.*").hasAuthority("ROLE_USER")
-						.route("management.*").hasAnyAuthority("ROLE_ADMIN")
-						.route("prohibit").denyAll()
-						.anyRequest().permitAll()
-				)
-				.basicAuthentication(Customizer.withDefaults());
+			rsocket.authorizePayload(authorize -> authorize.setup().hasRole("SETUP").route("secure.admin.*")
+					.hasRole("ADMIN").route("secure.**").hasRole("USER").route("secure.authority.*")
+					.hasAuthority("ROLE_USER").route("management.*").hasAnyAuthority("ROLE_ADMIN").route("prohibit")
+					.denyAll().anyRequest().permitAll()).basicAuthentication(Customizer.withDefaults());
 			return rsocket.build();
 		}
+
 	}
 
 	@Controller
 	static class ServerController {
+
 		private List<String> payloads = new ArrayList<>();
 
 		@MessageMapping("**")
 		String connect(String payload) {
 			return "Hi " + payload;
 		}
+
 	}
 
 }
diff --git a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerITests.java b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerITests.java
index 0256651580..fcb8202a58 100644
--- a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerITests.java
+++ b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerITests.java
@@ -59,6 +59,7 @@ import static org.assertj.core.api.Assertions.assertThatCode;
 @ContextConfiguration
 @RunWith(SpringRunner.class)
 public class RSocketMessageHandlerITests {
+
 	@Autowired
 	RSocketMessageHandler handler;
 
@@ -74,19 +75,15 @@ public class RSocketMessageHandlerITests {
 
 	@Before
 	public void setup() {
-		this.server = RSocketFactory.receive()
-				.frameDecoder(PayloadDecoder.ZERO_COPY)
-				.addSocketAcceptorPlugin(this.interceptor)
-				.acceptor(this.handler.responder())
-				.transport(TcpServerTransport.create("localhost", 0))
-				.start()
-				.block();
+		this.server = RSocketFactory.receive().frameDecoder(PayloadDecoder.ZERO_COPY)
+				.addSocketAcceptorPlugin(this.interceptor).acceptor(this.handler.responder())
+				.transport(TcpServerTransport.create("localhost", 0)).start().block();
 
 		this.requester = RSocketRequester.builder()
-				//				.rsocketFactory(factory -> factory.addRequesterPlugin(payloadInterceptor))
+				// .rsocketFactory(factory ->
+				// factory.addRequesterPlugin(payloadInterceptor))
 				.rsocketStrategies(this.handler.getRSocketStrategies())
-				.connectTcp("localhost", this.server.address().getPort())
-				.block();
+				.connectTcp("localhost", this.server.address().getPort()).block();
 	}
 
 	@After
@@ -99,12 +96,8 @@ public class RSocketMessageHandlerITests {
 	@Test
 	public void retrieveMonoWhenSecureThenDenied() throws Exception {
 		String data = "rob";
-		assertThatCode(() -> this.requester.route("secure.retrieve-mono")
-				.data(data)
-				.retrieveMono(String.class)
-				.block()
-			).isInstanceOf(ApplicationErrorException.class)
-			.hasMessageContaining("Access Denied");
+		assertThatCode(() -> this.requester.route("secure.retrieve-mono").data(data).retrieveMono(String.class).block())
+				.isInstanceOf(ApplicationErrorException.class).hasMessageContaining("Access Denied");
 
 		assertThat(this.controller.payloads).isEmpty();
 	}
@@ -114,12 +107,9 @@ public class RSocketMessageHandlerITests {
 		String data = "rob";
 		UsernamePasswordMetadata credentials = new UsernamePasswordMetadata("invalid", "password");
 		assertThatCode(() -> this.requester.route("secure.retrieve-mono")
-				.metadata(credentials, UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE)
-				.data(data)
-				.retrieveMono(String.class)
-				.block()
-			).isInstanceOf(ApplicationErrorException.class)
-			.hasMessageContaining("Invalid Credentials");
+				.metadata(credentials, UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE).data(data)
+				.retrieveMono(String.class).block()).isInstanceOf(ApplicationErrorException.class)
+						.hasMessageContaining("Invalid Credentials");
 
 		assertThat(this.controller.payloads).isEmpty();
 	}
@@ -129,10 +119,8 @@ public class RSocketMessageHandlerITests {
 		String data = "rob";
 		UsernamePasswordMetadata credentials = new UsernamePasswordMetadata("rob", "password");
 		String hiRob = this.requester.route("secure.retrieve-mono")
-				.metadata(credentials, UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE)
-				.data(data)
-				.retrieveMono(String.class)
-				.block();
+				.metadata(credentials, UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE).data(data)
+				.retrieveMono(String.class).block();
 
 		assertThat(hiRob).isEqualTo("Hi rob");
 		assertThat(this.controller.payloads).containsOnly(data);
@@ -141,10 +129,7 @@ public class RSocketMessageHandlerITests {
 	@Test
 	public void retrieveMonoWhenPublicThenGranted() throws Exception {
 		String data = "rob";
-		String hiRob = this.requester.route("retrieve-mono")
-				.data(data)
-				.retrieveMono(String.class)
-				.block();
+		String hiRob = this.requester.route("retrieve-mono").data(data).retrieveMono(String.class).block();
 
 		assertThat(hiRob).isEqualTo("Hi rob");
 		assertThat(this.controller.payloads).containsOnly(data);
@@ -153,13 +138,9 @@ public class RSocketMessageHandlerITests {
 	@Test
 	public void retrieveFluxWhenDataFluxAndSecureThenDenied() throws Exception {
 		Flux<String> data = Flux.just("a", "b", "c");
-		assertThatCode(() -> this.requester.route("secure.retrieve-flux")
-				.data(data, String.class)
-				.retrieveFlux(String.class)
-				.collectList()
-				.block()
-			).isInstanceOf(ApplicationErrorException.class)
-			.hasMessageContaining("Access Denied");
+		assertThatCode(() -> this.requester.route("secure.retrieve-flux").data(data, String.class)
+				.retrieveFlux(String.class).collectList().block()).isInstanceOf(ApplicationErrorException.class)
+						.hasMessageContaining("Access Denied");
 
 		assertThat(this.controller.payloads).isEmpty();
 	}
@@ -167,11 +148,8 @@ public class RSocketMessageHandlerITests {
 	@Test
 	public void retrieveFluxWhenDataFluxAndPublicThenGranted() throws Exception {
 		Flux<String> data = Flux.just("a", "b", "c");
-		List<String> hi = this.requester.route("retrieve-flux")
-				.data(data, String.class)
-				.retrieveFlux(String.class)
-				.collectList()
-				.block();
+		List<String> hi = this.requester.route("retrieve-flux").data(data, String.class).retrieveFlux(String.class)
+				.collectList().block();
 
 		assertThat(hi).containsOnly("hello a", "hello b", "hello c");
 		assertThat(this.controller.payloads).containsOnlyElementsOf(data.collectList().block());
@@ -180,13 +158,9 @@ public class RSocketMessageHandlerITests {
 	@Test
 	public void retrieveFluxWhenDataStringAndSecureThenDenied() throws Exception {
 		String data = "a";
-		assertThatCode(() -> this.requester.route("secure.hello")
-				.data(data)
-				.retrieveFlux(String.class)
-				.collectList()
-				.block()
-			).isInstanceOf(ApplicationErrorException.class)
-			.hasMessageContaining("Access Denied");
+		assertThatCode(
+				() -> this.requester.route("secure.hello").data(data).retrieveFlux(String.class).collectList().block())
+						.isInstanceOf(ApplicationErrorException.class).hasMessageContaining("Access Denied");
 
 		assertThat(this.controller.payloads).isEmpty();
 	}
@@ -194,10 +168,7 @@ public class RSocketMessageHandlerITests {
 	@Test
 	public void sendWhenSecureThenDenied() throws Exception {
 		String data = "hi";
-		this.requester.route("secure.send")
-				.data(data)
-				.send()
-				.block();
+		this.requester.route("secure.send").data(data).send().block();
 
 		assertThat(this.controller.payloads).isEmpty();
 	}
@@ -205,10 +176,7 @@ public class RSocketMessageHandlerITests {
 	@Test
 	public void sendWhenPublicThenGranted() throws Exception {
 		String data = "hi";
-		this.requester.route("send")
-				.data(data)
-				.send()
-				.block();
+		this.requester.route("send").data(data).send().block();
 		assertThat(this.controller.awaitPayloads()).containsOnly("hi");
 	}
 
@@ -230,9 +198,7 @@ public class RSocketMessageHandlerITests {
 
 		@Bean
 		public RSocketStrategies rsocketStrategies() {
-			return RSocketStrategies.builder()
-					.encoder(new BasicAuthenticationEncoder())
-					.build();
+			return RSocketStrategies.builder().encoder(new BasicAuthenticationEncoder()).build();
 		}
 
 		@Bean
@@ -254,40 +220,35 @@ public class RSocketMessageHandlerITests {
 
 		@Bean
 		PayloadSocketAcceptorInterceptor rsocketInterceptor(RSocketSecurity rsocket) {
-			rsocket
-					.authorizePayload(authorize -> {
-						authorize
-								.route("secure.*").authenticated()
-								.anyExchange().permitAll();
-					})
-					.basicAuthentication(Customizer.withDefaults());
+			rsocket.authorizePayload(authorize -> {
+				authorize.route("secure.*").authenticated().anyExchange().permitAll();
+			}).basicAuthentication(Customizer.withDefaults());
 			return rsocket.build();
 		}
+
 	}
 
 	@Controller
 	static class ServerController {
+
 		private List<String> payloads = new ArrayList<>();
 
-		@MessageMapping({"secure.retrieve-mono", "retrieve-mono"})
+		@MessageMapping({ "secure.retrieve-mono", "retrieve-mono" })
 		String retrieveMono(String payload) {
 			add(payload);
 			return "Hi " + payload;
 		}
 
-		@MessageMapping({"secure.retrieve-flux", "retrieve-flux"})
+		@MessageMapping({ "secure.retrieve-flux", "retrieve-flux" })
 		Flux<String> retrieveFlux(Flux<String> payload) {
-			return payload.doOnNext(this::add)
-					.map(p -> "hello " + p);
+			return payload.doOnNext(this::add).map(p -> "hello " + p);
 		}
 
-		@MessageMapping({"secure.send", "send"})
+		@MessageMapping({ "secure.send", "send" })
 		Mono<Void> send(Mono<String> payload) {
-			return payload
-					.doOnNext(this::add)
-					.then(Mono.fromRunnable(() -> {
-						doNotifyAll();
-					}));
+			return payload.doOnNext(this::add).then(Mono.fromRunnable(() -> {
+				doNotifyAll();
+			}));
 		}
 
 		private synchronized void doNotifyAll() {
@@ -302,6 +263,7 @@ public class RSocketMessageHandlerITests {
 		private void add(String p) {
 			this.payloads.add(p);
 		}
+
 	}
 
 }
diff --git a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/SimpleAuthenticationITests.java b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/SimpleAuthenticationITests.java
index 1e01b26cd8..0600efbc1b 100644
--- a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/SimpleAuthenticationITests.java
+++ b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/SimpleAuthenticationITests.java
@@ -59,6 +59,7 @@ import static org.assertj.core.api.Assertions.assertThatCode;
 @ContextConfiguration
 @RunWith(SpringRunner.class)
 public class SimpleAuthenticationITests {
+
 	@Autowired
 	RSocketMessageHandler handler;
 
@@ -74,13 +75,9 @@ public class SimpleAuthenticationITests {
 
 	@Before
 	public void setup() {
-		this.server = RSocketFactory.receive()
-				.frameDecoder(PayloadDecoder.ZERO_COPY)
-				.addSocketAcceptorPlugin(this.interceptor)
-				.acceptor(this.handler.responder())
-				.transport(TcpServerTransport.create("localhost", 0))
-				.start()
-				.block();
+		this.server = RSocketFactory.receive().frameDecoder(PayloadDecoder.ZERO_COPY)
+				.addSocketAcceptorPlugin(this.interceptor).acceptor(this.handler.responder())
+				.transport(TcpServerTransport.create("localhost", 0)).start().block();
 	}
 
 	@After
@@ -92,18 +89,12 @@ public class SimpleAuthenticationITests {
 
 	@Test
 	public void retrieveMonoWhenSecureThenDenied() throws Exception {
-		this.requester = RSocketRequester.builder()
-				.rsocketStrategies(this.handler.getRSocketStrategies())
-				.connectTcp("localhost", this.server.address().getPort())
-				.block();
+		this.requester = RSocketRequester.builder().rsocketStrategies(this.handler.getRSocketStrategies())
+				.connectTcp("localhost", this.server.address().getPort()).block();
 
 		String data = "rob";
-		assertThatCode(() -> this.requester.route("secure.retrieve-mono")
-				.data(data)
-				.retrieveMono(String.class)
-				.block()
-			)
-			.isInstanceOf(ApplicationErrorException.class);
+		assertThatCode(() -> this.requester.route("secure.retrieve-mono").data(data).retrieveMono(String.class).block())
+				.isInstanceOf(ApplicationErrorException.class);
 		assertThat(this.controller.payloads).isEmpty();
 	}
 
@@ -112,17 +103,12 @@ public class SimpleAuthenticationITests {
 		MimeType authenticationMimeType = MimeTypeUtils.parseMimeType(MESSAGE_RSOCKET_AUTHENTICATION.getString());
 
 		UsernamePasswordMetadata credentials = new UsernamePasswordMetadata("rob", "password");
-		this.requester = RSocketRequester.builder()
-				.setupMetadata(credentials, authenticationMimeType)
+		this.requester = RSocketRequester.builder().setupMetadata(credentials, authenticationMimeType)
 				.rsocketStrategies(this.handler.getRSocketStrategies())
-				.connectTcp("localhost", this.server.address().getPort())
-				.block();
+				.connectTcp("localhost", this.server.address().getPort()).block();
 		String data = "rob";
-		String hiRob = this.requester.route("secure.retrieve-mono")
-				.metadata(credentials, authenticationMimeType)
-				.data(data)
-				.retrieveMono(String.class)
-				.block();
+		String hiRob = this.requester.route("secure.retrieve-mono").metadata(credentials, authenticationMimeType)
+				.data(data).retrieveMono(String.class).block();
 
 		assertThat(hiRob).isEqualTo("Hi rob");
 		assertThat(this.controller.payloads).containsOnly(data);
@@ -146,19 +132,12 @@ public class SimpleAuthenticationITests {
 
 		@Bean
 		public RSocketStrategies rsocketStrategies() {
-			return RSocketStrategies.builder()
-					.encoder(new SimpleAuthenticationEncoder())
-					.build();
+			return RSocketStrategies.builder().encoder(new SimpleAuthenticationEncoder()).build();
 		}
 
 		@Bean
 		PayloadSocketAcceptorInterceptor rsocketInterceptor(RSocketSecurity rsocket) {
-			rsocket
-					.authorizePayload(authorize ->
-							authorize
-									.anyRequest().authenticated()
-									.anyExchange().permitAll()
-					)
+			rsocket.authorizePayload(authorize -> authorize.anyRequest().authenticated().anyExchange().permitAll())
 					.simpleAuthentication(Customizer.withDefaults());
 			return rsocket.build();
 		}
@@ -174,10 +153,12 @@ public class SimpleAuthenticationITests {
 			// @formatter:on
 			return new MapReactiveUserDetailsService(rob);
 		}
+
 	}
 
 	@Controller
 	static class ServerController {
+
 		private List<String> payloads = new ArrayList<>();
 
 		@MessageMapping("**")
@@ -189,6 +170,7 @@ public class SimpleAuthenticationITests {
 		private void add(String p) {
 			this.payloads.add(p);
 		}
+
 	}
 
 }
diff --git a/config/src/integration-test/java/org/springframework/security/config/ldap/LdapProviderBeanDefinitionParserTests.java b/config/src/integration-test/java/org/springframework/security/config/ldap/LdapProviderBeanDefinitionParserTests.java
index f2a954fed1..d2ae81bdc7 100644
--- a/config/src/integration-test/java/org/springframework/security/config/ldap/LdapProviderBeanDefinitionParserTests.java
+++ b/config/src/integration-test/java/org/springframework/security/config/ldap/LdapProviderBeanDefinitionParserTests.java
@@ -35,6 +35,7 @@ import org.springframework.security.ldap.userdetails.InetOrgPersonContextMapper;
 import static org.assertj.core.api.Assertions.assertThat;
 
 public class LdapProviderBeanDefinitionParserTests {
+
 	InMemoryXmlApplicationContext appCtx;
 
 	@After
@@ -48,13 +49,13 @@ public class LdapProviderBeanDefinitionParserTests {
 	@Test
 	public void simpleProviderAuthenticatesCorrectly() {
 		appCtx = new InMemoryXmlApplicationContext("<ldap-server ldif='classpath:test-server.ldif' port='0'/>"
-				+ "<authentication-manager>"
-				+ "  <ldap-authentication-provider group-search-filter='member={0}' />"
-				+ "</authentication-manager>"
-		);
+				+ "<authentication-manager>" + "  <ldap-authentication-provider group-search-filter='member={0}' />"
+				+ "</authentication-manager>");
 
-		AuthenticationManager authenticationManager = appCtx.getBean(BeanIds.AUTHENTICATION_MANAGER, AuthenticationManager.class);
-		Authentication auth = authenticationManager.authenticate(new UsernamePasswordAuthenticationToken("ben", "benspassword"));
+		AuthenticationManager authenticationManager = appCtx.getBean(BeanIds.AUTHENTICATION_MANAGER,
+				AuthenticationManager.class);
+		Authentication auth = authenticationManager
+				.authenticate(new UsernamePasswordAuthenticationToken("ben", "benspassword"));
 		UserDetails ben = (UserDetails) auth.getPrincipal();
 		assertThat(ben.getAuthorities()).hasSize(3);
 	}
@@ -62,39 +63,32 @@ public class LdapProviderBeanDefinitionParserTests {
 	@Test
 	public void multipleProvidersAreSupported() {
 		appCtx = new InMemoryXmlApplicationContext("<ldap-server ldif='classpath:test-server.ldif' port='0'/>"
-				+ "<authentication-manager>"
-				+ "  <ldap-authentication-provider group-search-filter='member={0}' />"
+				+ "<authentication-manager>" + "  <ldap-authentication-provider group-search-filter='member={0}' />"
 				+ "  <ldap-authentication-provider group-search-filter='uniqueMember={0}' />"
-				+ "</authentication-manager>"
-		);
+				+ "</authentication-manager>");
 
 		ProviderManager providerManager = appCtx.getBean(BeanIds.AUTHENTICATION_MANAGER, ProviderManager.class);
 		assertThat(providerManager.getProviders()).hasSize(2);
-		assertThat(providerManager.getProviders())
-				.extracting("authoritiesPopulator.groupSearchFilter")
+		assertThat(providerManager.getProviders()).extracting("authoritiesPopulator.groupSearchFilter")
 				.containsExactly("member={0}", "uniqueMember={0}");
 	}
 
 	@Test(expected = ApplicationContextException.class)
 	public void missingServerEltCausesConfigException() {
-		new InMemoryXmlApplicationContext("<authentication-manager>"
-				+ "  <ldap-authentication-provider />"
-				+ "</authentication-manager>"
-		);
+		new InMemoryXmlApplicationContext(
+				"<authentication-manager>" + "  <ldap-authentication-provider />" + "</authentication-manager>");
 	}
 
 	@Test
 	public void supportsPasswordComparisonAuthentication() {
 		appCtx = new InMemoryXmlApplicationContext("<ldap-server ldif='classpath:test-server.ldif' port='0'/>"
-				+ "<authentication-manager>"
-				+ "  <ldap-authentication-provider user-dn-pattern='uid={0},ou=people'>"
-				+ "    <password-compare />"
-				+ "  </ldap-authentication-provider>"
-				+ "</authentication-manager>"
-		);
+				+ "<authentication-manager>" + "  <ldap-authentication-provider user-dn-pattern='uid={0},ou=people'>"
+				+ "    <password-compare />" + "  </ldap-authentication-provider>" + "</authentication-manager>");
 
-		AuthenticationManager authenticationManager = appCtx.getBean(BeanIds.AUTHENTICATION_MANAGER, AuthenticationManager.class);
-		Authentication auth = authenticationManager.authenticate(new UsernamePasswordAuthenticationToken("ben", "benspassword"));
+		AuthenticationManager authenticationManager = appCtx.getBean(BeanIds.AUTHENTICATION_MANAGER,
+				AuthenticationManager.class);
+		Authentication auth = authenticationManager
+				.authenticate(new UsernamePasswordAuthenticationToken("ben", "benspassword"));
 
 		assertThat(auth).isNotNull();
 	}
@@ -102,17 +96,13 @@ public class LdapProviderBeanDefinitionParserTests {
 	@Test
 	public void supportsPasswordComparisonAuthenticationWithPasswordEncoder() {
 		appCtx = new InMemoryXmlApplicationContext("<ldap-server ldif='classpath:test-server.ldif' port='0'/>"
-				+ "<authentication-manager>"
-				+ "  <ldap-authentication-provider user-dn-pattern='uid={0},ou=people'>"
-				+ "    <password-compare password-attribute='uid'>"
-				+ "      <password-encoder ref='passwordEncoder' />"
-				+ "    </password-compare>"
-				+ "  </ldap-authentication-provider>"
-				+ "</authentication-manager>"
-				+ "<b:bean id='passwordEncoder' class='org.springframework.security.crypto.password.NoOpPasswordEncoder' factory-method='getInstance' />"
-		);
+				+ "<authentication-manager>" + "  <ldap-authentication-provider user-dn-pattern='uid={0},ou=people'>"
+				+ "    <password-compare password-attribute='uid'>" + "      <password-encoder ref='passwordEncoder' />"
+				+ "    </password-compare>" + "  </ldap-authentication-provider>" + "</authentication-manager>"
+				+ "<b:bean id='passwordEncoder' class='org.springframework.security.crypto.password.NoOpPasswordEncoder' factory-method='getInstance' />");
 
-		AuthenticationManager authenticationManager = appCtx.getBean(BeanIds.AUTHENTICATION_MANAGER, AuthenticationManager.class);
+		AuthenticationManager authenticationManager = appCtx.getBean(BeanIds.AUTHENTICATION_MANAGER,
+				AuthenticationManager.class);
 		Authentication auth = authenticationManager.authenticate(new UsernamePasswordAuthenticationToken("ben", "ben"));
 
 		assertThat(auth).isNotNull();
@@ -122,34 +112,30 @@ public class LdapProviderBeanDefinitionParserTests {
 	@Test
 	public void supportsCryptoPasswordEncoder() {
 		appCtx = new InMemoryXmlApplicationContext("<ldap-server ldif='classpath:test-server.ldif' port='0'/>"
-				+ "<authentication-manager>"
-				+ "  <ldap-authentication-provider user-dn-pattern='uid={0},ou=people'>"
-				+ "    <password-compare>"
-				+ "      <password-encoder ref='pe' />"
-				+ "    </password-compare>"
-				+ "  </ldap-authentication-provider>"
-				+ "</authentication-manager>"
-				+ "<b:bean id='pe' class='org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder' />"
-		);
+				+ "<authentication-manager>" + "  <ldap-authentication-provider user-dn-pattern='uid={0},ou=people'>"
+				+ "    <password-compare>" + "      <password-encoder ref='pe' />" + "    </password-compare>"
+				+ "  </ldap-authentication-provider>" + "</authentication-manager>"
+				+ "<b:bean id='pe' class='org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder' />");
 
-		AuthenticationManager authenticationManager = appCtx.getBean(BeanIds.AUTHENTICATION_MANAGER, AuthenticationManager.class);
-		Authentication auth = authenticationManager.authenticate(new UsernamePasswordAuthenticationToken("bcrypt", "password"));
+		AuthenticationManager authenticationManager = appCtx.getBean(BeanIds.AUTHENTICATION_MANAGER,
+				AuthenticationManager.class);
+		Authentication auth = authenticationManager
+				.authenticate(new UsernamePasswordAuthenticationToken("bcrypt", "password"));
 
 		assertThat(auth).isNotNull();
 	}
 
 	@Test
 	public void inetOrgContextMapperIsSupported() {
-		appCtx = new InMemoryXmlApplicationContext("<ldap-server url='ldap://127.0.0.1:343/dc=springframework,dc=org' port='0'/>"
-				+ "<authentication-manager>"
-				+ "  <ldap-authentication-provider user-details-class='inetOrgPerson' />"
-				+ "</authentication-manager>"
-		);
+		appCtx = new InMemoryXmlApplicationContext(
+				"<ldap-server url='ldap://127.0.0.1:343/dc=springframework,dc=org' port='0'/>"
+						+ "<authentication-manager>"
+						+ "  <ldap-authentication-provider user-details-class='inetOrgPerson' />"
+						+ "</authentication-manager>");
 
 		ProviderManager providerManager = appCtx.getBean(BeanIds.AUTHENTICATION_MANAGER, ProviderManager.class);
 		assertThat(providerManager.getProviders()).hasSize(1);
-		assertThat(providerManager.getProviders())
-				.extracting("userDetailsContextMapper")
+		assertThat(providerManager.getProviders()).extracting("userDetailsContextMapper")
 				.allSatisfy(contextMapper -> assertThat(contextMapper).isInstanceOf(InetOrgPersonContextMapper.class));
 	}
 
@@ -157,22 +143,20 @@ public class LdapProviderBeanDefinitionParserTests {
 	public void ldapAuthenticationProviderWorksWithPlaceholders() {
 		System.setProperty("udp", "people");
 		System.setProperty("gsf", "member");
-		appCtx = new InMemoryXmlApplicationContext("<ldap-server />"
-				+ "<authentication-manager>"
+		appCtx = new InMemoryXmlApplicationContext("<ldap-server />" + "<authentication-manager>"
 				+ "  <ldap-authentication-provider user-dn-pattern='uid={0},ou=${udp}' group-search-filter='${gsf}={0}' />"
 				+ "</authentication-manager>"
-				+ "<b:bean id='org.springframework.beans.factory.config.PropertyPlaceholderConfigurer' class='org.springframework.beans.factory.config.PropertyPlaceholderConfigurer' />"
-		);
+				+ "<b:bean id='org.springframework.beans.factory.config.PropertyPlaceholderConfigurer' class='org.springframework.beans.factory.config.PropertyPlaceholderConfigurer' />");
 
 		ProviderManager providerManager = appCtx.getBean(BeanIds.AUTHENTICATION_MANAGER, ProviderManager.class);
 		assertThat(providerManager.getProviders()).hasSize(1);
 
 		AuthenticationProvider authenticationProvider = providerManager.getProviders().get(0);
-		assertThat(authenticationProvider)
-				.extracting("authenticator.userDnFormat")
-				.satisfies(messageFormats -> assertThat(messageFormats).isEqualTo(new MessageFormat[]{new MessageFormat("uid={0},ou=people")}));
-		assertThat(authenticationProvider)
-				.extracting("authoritiesPopulator.groupSearchFilter")
+		assertThat(authenticationProvider).extracting("authenticator.userDnFormat")
+				.satisfies(messageFormats -> assertThat(messageFormats)
+						.isEqualTo(new MessageFormat[] { new MessageFormat("uid={0},ou=people") }));
+		assertThat(authenticationProvider).extracting("authoritiesPopulator.groupSearchFilter")
 				.satisfies(searchFilter -> assertThat(searchFilter).isEqualTo("member={0}"));
 	}
+
 }
diff --git a/config/src/integration-test/java/org/springframework/security/config/ldap/LdapServerBeanDefinitionParserTests.java b/config/src/integration-test/java/org/springframework/security/config/ldap/LdapServerBeanDefinitionParserTests.java
index 564352400b..5eaa5a9a9e 100644
--- a/config/src/integration-test/java/org/springframework/security/config/ldap/LdapServerBeanDefinitionParserTests.java
+++ b/config/src/integration-test/java/org/springframework/security/config/ldap/LdapServerBeanDefinitionParserTests.java
@@ -35,6 +35,7 @@ import static org.assertj.core.api.Assertions.assertThat;
  * @author Rob Winch
  */
 public class LdapServerBeanDefinitionParserTests {
+
 	InMemoryXmlApplicationContext appCtx;
 
 	@After
@@ -47,8 +48,7 @@ public class LdapServerBeanDefinitionParserTests {
 
 	@Test
 	public void embeddedServerCreationContainsExpectedContextSourceAndData() {
-		appCtx = new InMemoryXmlApplicationContext(
-				"<ldap-server ldif='classpath:test-server.ldif' port='0'/>");
+		appCtx = new InMemoryXmlApplicationContext("<ldap-server ldif='classpath:test-server.ldif' port='0'/>");
 
 		DefaultSpringSecurityContextSource contextSource = (DefaultSpringSecurityContextSource) appCtx
 				.getBean(BeanIds.CONTEXT_SOURCE);
@@ -62,18 +62,14 @@ public class LdapServerBeanDefinitionParserTests {
 	public void useOfUrlAttributeCreatesCorrectContextSource() throws Exception {
 		int port = getDefaultPort();
 		// Create second "server" with a url pointing at embedded one
-		appCtx = new InMemoryXmlApplicationContext(
-				"<ldap-server ldif='classpath:test-server.ldif' port='"
-						+ port
-						+ "'/>"
-						+ "<ldap-server ldif='classpath:test-server.ldif' id='blah' url='ldap://127.0.0.1:"
-						+ port + "/dc=springframework,dc=org' />");
+		appCtx = new InMemoryXmlApplicationContext("<ldap-server ldif='classpath:test-server.ldif' port='" + port
+				+ "'/>" + "<ldap-server ldif='classpath:test-server.ldif' id='blah' url='ldap://127.0.0.1:" + port
+				+ "/dc=springframework,dc=org' />");
 
 		// Check the default context source is still there.
 		appCtx.getBean(BeanIds.CONTEXT_SOURCE);
 
-		DefaultSpringSecurityContextSource contextSource = (DefaultSpringSecurityContextSource) appCtx
-				.getBean("blah");
+		DefaultSpringSecurityContextSource contextSource = (DefaultSpringSecurityContextSource) appCtx.getBean("blah");
 
 		// Check data is loaded as before
 		LdapTemplate template = new LdapTemplate(contextSource);
@@ -104,4 +100,5 @@ public class LdapServerBeanDefinitionParserTests {
 			return server.getLocalPort();
 		}
 	}
+
 }
diff --git a/config/src/integration-test/java/org/springframework/security/config/ldap/LdapUserServiceBeanDefinitionParserTests.java b/config/src/integration-test/java/org/springframework/security/config/ldap/LdapUserServiceBeanDefinitionParserTests.java
index caff4c8757..36b8921c69 100644
--- a/config/src/integration-test/java/org/springframework/security/config/ldap/LdapUserServiceBeanDefinitionParserTests.java
+++ b/config/src/integration-test/java/org/springframework/security/config/ldap/LdapUserServiceBeanDefinitionParserTests.java
@@ -48,6 +48,7 @@ import static org.springframework.security.config.ldap.LdapUserServiceBeanDefini
  * @author Eddú Meléndez
  */
 public class LdapUserServiceBeanDefinitionParserTests {
+
 	private InMemoryXmlApplicationContext appCtx;
 
 	@After
@@ -65,17 +66,20 @@ public class LdapUserServiceBeanDefinitionParserTests {
 		assertThat(InetOrgPersonContextMapper.class.getName()).isEqualTo(INET_ORG_PERSON_MAPPER_CLASS);
 		assertThat(LdapUserDetailsMapper.class.getName()).isEqualTo(LDAP_USER_MAPPER_CLASS);
 		assertThat(DefaultLdapAuthoritiesPopulator.class.getName()).isEqualTo(LDAP_AUTHORITIES_POPULATOR_CLASS);
-		assertThat(new LdapUserServiceBeanDefinitionParser().getBeanClassName(mock(Element.class))).isEqualTo(LdapUserDetailsService.class.getName());
+		assertThat(new LdapUserServiceBeanDefinitionParser().getBeanClassName(mock(Element.class)))
+				.isEqualTo(LdapUserDetailsService.class.getName());
 	}
 
 	@Test
 	public void minimalConfigurationIsParsedOk() {
-		setContext("<ldap-user-service user-search-filter='(uid={0})' /><ldap-server ldif='classpath:test-server.ldif' url='ldap://127.0.0.1:343/dc=springframework,dc=org' />");
+		setContext(
+				"<ldap-user-service user-search-filter='(uid={0})' /><ldap-server ldif='classpath:test-server.ldif' url='ldap://127.0.0.1:343/dc=springframework,dc=org' />");
 	}
 
 	@Test
 	public void userServiceReturnsExpectedData() {
-		setContext("<ldap-user-service id='ldapUDS' user-search-filter='(uid={0})' group-search-filter='member={0}' /><ldap-server ldif='classpath:test-server.ldif'/>");
+		setContext(
+				"<ldap-user-service id='ldapUDS' user-search-filter='(uid={0})' group-search-filter='member={0}' /><ldap-server ldif='classpath:test-server.ldif'/>");
 
 		UserDetailsService uds = (UserDetailsService) appCtx.getBean("ldapUDS");
 		UserDetails ben = uds.loadUserByUsername("ben");
@@ -87,8 +91,7 @@ public class LdapUserServiceBeanDefinitionParserTests {
 
 	@Test
 	public void differentUserSearchBaseWorksAsExpected() {
-		setContext("<ldap-user-service id='ldapUDS' "
-				+ "       user-search-base='ou=otherpeople' "
+		setContext("<ldap-user-service id='ldapUDS' " + "       user-search-base='ou=otherpeople' "
 				+ "       user-search-filter='(cn={0})' "
 				+ "       group-search-filter='member={0}' /><ldap-server ldif='classpath:test-server.ldif'/>");
 
@@ -100,11 +103,9 @@ public class LdapUserServiceBeanDefinitionParserTests {
 
 	@Test
 	public void rolePrefixIsSupported() {
-		setContext("<ldap-user-service id='ldapUDS' "
-				+ "     user-search-filter='(uid={0})' "
+		setContext("<ldap-user-service id='ldapUDS' " + "     user-search-filter='(uid={0})' "
 				+ "     group-search-filter='member={0}' role-prefix='PREFIX_'/>"
-				+ "<ldap-user-service id='ldapUDSNoPrefix' "
-				+ "     user-search-filter='(uid={0})' "
+				+ "<ldap-user-service id='ldapUDSNoPrefix' " + "     user-search-filter='(uid={0})' "
 				+ "     group-search-filter='member={0}' role-prefix='none'/><ldap-server ldif='classpath:test-server.ldif'/>");
 
 		UserDetailsService uds = (UserDetailsService) appCtx.getBean("ldapUDS");
@@ -118,7 +119,8 @@ public class LdapUserServiceBeanDefinitionParserTests {
 
 	@Test
 	public void differentGroupRoleAttributeWorksAsExpected() {
-		setContext("<ldap-user-service id='ldapUDS' user-search-filter='(uid={0})' group-role-attribute='ou' group-search-filter='member={0}' /><ldap-server ldif='classpath:test-server.ldif'/>");
+		setContext(
+				"<ldap-user-service id='ldapUDS' user-search-filter='(uid={0})' group-role-attribute='ou' group-search-filter='member={0}' /><ldap-server ldif='classpath:test-server.ldif'/>");
 
 		UserDetailsService uds = (UserDetailsService) appCtx.getBean("ldapUDS");
 		UserDetails ben = uds.loadUserByUsername("ben");
@@ -131,11 +133,11 @@ public class LdapUserServiceBeanDefinitionParserTests {
 
 	@Test
 	public void isSupportedByAuthenticationProviderElement() {
-		setContext("<ldap-server url='ldap://127.0.0.1:343/dc=springframework,dc=org' ldif='classpath:test-server.ldif'/>"
-				+ "<authentication-manager>"
-				+ "  <authentication-provider>"
-				+ "    <ldap-user-service user-search-filter='(uid={0})' />"
-				+ "  </authentication-provider>" + "</authentication-manager>");
+		setContext(
+				"<ldap-server url='ldap://127.0.0.1:343/dc=springframework,dc=org' ldif='classpath:test-server.ldif'/>"
+						+ "<authentication-manager>" + "  <authentication-provider>"
+						+ "    <ldap-user-service user-search-filter='(uid={0})' />" + "  </authentication-provider>"
+						+ "</authentication-manager>");
 	}
 
 	@Test
@@ -160,8 +162,7 @@ public class LdapUserServiceBeanDefinitionParserTests {
 	public void externalContextMapperIsSupported() {
 		setContext("<ldap-server id='someServer' ldif='classpath:test-server.ldif'/>"
 				+ "<ldap-user-service id='ldapUDS' user-search-filter='(uid={0})' user-context-mapper-ref='mapper'/>"
-				+ "<b:bean id='mapper' class='"
-				+ InetOrgPersonContextMapper.class.getName() + "'/>");
+				+ "<b:bean id='mapper' class='" + InetOrgPersonContextMapper.class.getName() + "'/>");
 
 		UserDetailsService uds = (UserDetailsService) appCtx.getBean("ldapUDS");
 		UserDetails ben = uds.loadUserByUsername("ben");
@@ -171,4 +172,5 @@ public class LdapUserServiceBeanDefinitionParserTests {
 	private void setContext(String context) {
 		appCtx = new InMemoryXmlApplicationContext(context);
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/BeanIds.java b/config/src/main/java/org/springframework/security/config/BeanIds.java
index 85027d2c73..4cdeddcd7f 100644
--- a/config/src/main/java/org/springframework/security/config/BeanIds.java
+++ b/config/src/main/java/org/springframework/security/config/BeanIds.java
@@ -25,6 +25,7 @@ package org.springframework.security.config;
  * @author Luke Taylor
  */
 public abstract class BeanIds {
+
 	private static final String PREFIX = "org.springframework.security.";
 
 	/**
@@ -36,26 +37,26 @@ public abstract class BeanIds {
 	/** External alias for FilterChainProxy bean, for use in web.xml files */
 	public static final String SPRING_SECURITY_FILTER_CHAIN = "springSecurityFilterChain";
 
-	public static final String CONTEXT_SOURCE_SETTING_POST_PROCESSOR = PREFIX
-			+ "contextSettingPostProcessor";
+	public static final String CONTEXT_SOURCE_SETTING_POST_PROCESSOR = PREFIX + "contextSettingPostProcessor";
 
 	public static final String USER_DETAILS_SERVICE = PREFIX + "userDetailsService";
-	public static final String USER_DETAILS_SERVICE_FACTORY = PREFIX
-			+ "userDetailsServiceFactory";
 
-	public static final String METHOD_ACCESS_MANAGER = PREFIX
-			+ "defaultMethodAccessManager";
+	public static final String USER_DETAILS_SERVICE_FACTORY = PREFIX + "userDetailsServiceFactory";
+
+	public static final String METHOD_ACCESS_MANAGER = PREFIX + "defaultMethodAccessManager";
 
 	public static final String FILTER_CHAIN_PROXY = PREFIX + "filterChainProxy";
+
 	public static final String FILTER_CHAINS = PREFIX + "filterChains";
 
-	public static final String METHOD_SECURITY_METADATA_SOURCE_ADVISOR = PREFIX
-			+ "methodSecurityMetadataSourceAdvisor";
-	public static final String EMBEDDED_APACHE_DS = PREFIX
-			+ "apacheDirectoryServerContainer";
-	public static final String EMBEDDED_UNBOUNDID = PREFIX
-			+ "unboundidServerContainer";
+	public static final String METHOD_SECURITY_METADATA_SOURCE_ADVISOR = PREFIX + "methodSecurityMetadataSourceAdvisor";
+
+	public static final String EMBEDDED_APACHE_DS = PREFIX + "apacheDirectoryServerContainer";
+
+	public static final String EMBEDDED_UNBOUNDID = PREFIX + "unboundidServerContainer";
+
 	public static final String CONTEXT_SOURCE = PREFIX + "securityContextSource";
 
 	public static final String DEBUG_FILTER = PREFIX + "debugFilter";
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/Customizer.java b/config/src/main/java/org/springframework/security/config/Customizer.java
index 048ec1f3e0..8433a3c7de 100644
--- a/config/src/main/java/org/springframework/security/config/Customizer.java
+++ b/config/src/main/java/org/springframework/security/config/Customizer.java
@@ -28,17 +28,17 @@ public interface Customizer<T> {
 
 	/**
 	 * Performs the customizations on the input argument.
-	 *
 	 * @param t the input argument
 	 */
 	void customize(T t);
 
 	/**
 	 * Returns a {@link Customizer} that does not alter the input argument.
-	 *
 	 * @return a {@link Customizer} that does not alter the input argument.
 	 */
 	static <T> Customizer<T> withDefaults() {
-		return t -> {};
+		return t -> {
+		};
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/DebugBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/DebugBeanDefinitionParser.java
index e7327e5ab0..bbbf44a87d 100644
--- a/config/src/main/java/org/springframework/security/config/DebugBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/DebugBeanDefinitionParser.java
@@ -26,11 +26,12 @@ import org.w3c.dom.Element;
  * @author Luke Taylor
  */
 public class DebugBeanDefinitionParser implements BeanDefinitionParser {
+
 	public BeanDefinition parse(Element element, ParserContext parserContext) {
-		RootBeanDefinition debugPP = new RootBeanDefinition(
-				SecurityDebugBeanFactoryPostProcessor.class);
+		RootBeanDefinition debugPP = new RootBeanDefinition(SecurityDebugBeanFactoryPostProcessor.class);
 		parserContext.getReaderContext().registerWithGeneratedName(debugPP);
 
 		return null;
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/Elements.java b/config/src/main/java/org/springframework/security/config/Elements.java
index 35a4d0fa17..9f7cee5862 100644
--- a/config/src/main/java/org/springframework/security/config/Elements.java
+++ b/config/src/main/java/org/springframework/security/config/Elements.java
@@ -23,61 +23,113 @@ package org.springframework.security.config;
 public abstract class Elements {
 
 	public static final String ACCESS_DENIED_HANDLER = "access-denied-handler";
+
 	public static final String AUTHENTICATION_MANAGER = "authentication-manager";
+
 	public static final String AFTER_INVOCATION_PROVIDER = "after-invocation-provider";
+
 	public static final String USER_SERVICE = "user-service";
+
 	public static final String JDBC_USER_SERVICE = "jdbc-user-service";
+
 	public static final String FILTER_CHAIN_MAP = "filter-chain-map";
+
 	public static final String INTERCEPT_METHODS = "intercept-methods";
+
 	public static final String INTERCEPT_URL = "intercept-url";
+
 	public static final String AUTHENTICATION_PROVIDER = "authentication-provider";
+
 	public static final String HTTP = "http";
+
 	public static final String LDAP_PROVIDER = "ldap-authentication-provider";
+
 	public static final String LDAP_SERVER = "ldap-server";
+
 	public static final String LDAP_USER_SERVICE = "ldap-user-service";
+
 	public static final String PROTECT_POINTCUT = "protect-pointcut";
+
 	public static final String EXPRESSION_HANDLER = "expression-handler";
+
 	public static final String INVOCATION_HANDLING = "pre-post-annotation-handling";
+
 	public static final String INVOCATION_ATTRIBUTE_FACTORY = "invocation-attribute-factory";
+
 	public static final String PRE_INVOCATION_ADVICE = "pre-invocation-advice";
+
 	public static final String POST_INVOCATION_ADVICE = "post-invocation-advice";
+
 	public static final String PROTECT = "protect";
+
 	public static final String SESSION_MANAGEMENT = "session-management";
+
 	public static final String CONCURRENT_SESSIONS = "concurrency-control";
+
 	public static final String LOGOUT = "logout";
+
 	public static final String FORM_LOGIN = "form-login";
+
 	public static final String OPENID_LOGIN = "openid-login";
+
 	public static final String OPENID_ATTRIBUTE_EXCHANGE = "attribute-exchange";
+
 	public static final String OPENID_ATTRIBUTE = "openid-attribute";
+
 	public static final String BASIC_AUTH = "http-basic";
+
 	public static final String REMEMBER_ME = "remember-me";
+
 	public static final String ANONYMOUS = "anonymous";
+
 	public static final String FILTER_CHAIN = "filter-chain";
+
 	public static final String GLOBAL_METHOD_SECURITY = "global-method-security";
+
 	public static final String PASSWORD_ENCODER = "password-encoder";
+
 	public static final String PORT_MAPPINGS = "port-mappings";
+
 	public static final String PORT_MAPPING = "port-mapping";
+
 	public static final String CUSTOM_FILTER = "custom-filter";
+
 	public static final String REQUEST_CACHE = "request-cache";
+
 	public static final String X509 = "x509";
+
 	public static final String JEE = "jee";
+
 	public static final String FILTER_SECURITY_METADATA_SOURCE = "filter-security-metadata-source";
+
 	public static final String METHOD_SECURITY_METADATA_SOURCE = "method-security-metadata-source";
+
 	public static final String LDAP_PASSWORD_COMPARE = "password-compare";
+
 	public static final String DEBUG = "debug";
+
 	public static final String HTTP_FIREWALL = "http-firewall";
+
 	public static final String HEADERS = "headers";
+
 	public static final String CORS = "cors";
+
 	public static final String CSRF = "csrf";
 
 	public static final String OAUTH2_RESOURCE_SERVER = "oauth2-resource-server";
+
 	public static final String JWT = "jwt";
+
 	public static final String OPAQUE_TOKEN = "opaque-token";
 
 	public static final String WEBSOCKET_MESSAGE_BROKER = "websocket-message-broker";
+
 	public static final String INTERCEPT_MESSAGE = "intercept-message";
 
 	public static final String OAUTH2_LOGIN = "oauth2-login";
+
 	public static final String OAUTH2_CLIENT = "oauth2-client";
+
 	public static final String CLIENT_REGISTRATIONS = "client-registrations";
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/SecurityNamespaceHandler.java b/config/src/main/java/org/springframework/security/config/SecurityNamespaceHandler.java
index fc044e24e2..b92ff3f560 100644
--- a/config/src/main/java/org/springframework/security/config/SecurityNamespaceHandler.java
+++ b/config/src/main/java/org/springframework/security/config/SecurityNamespaceHandler.java
@@ -59,11 +59,17 @@ import org.springframework.util.ClassUtils;
  * @since 2.0
  */
 public final class SecurityNamespaceHandler implements NamespaceHandler {
+
 	private static final String FILTER_CHAIN_PROXY_CLASSNAME = "org.springframework.security.web.FilterChainProxy";
+
 	private static final String MESSAGE_CLASSNAME = "org.springframework.messaging.Message";
+
 	private final Log logger = LogFactory.getLog(getClass());
+
 	private final Map<String, BeanDefinitionParser> parsers = new HashMap<>();
+
 	private final BeanDefinitionDecorator interceptMethodsBDD = new InterceptMethodsBeanDefinitionDecorator();
+
 	private BeanDefinitionDecorator filterChainMapBDD;
 
 	public SecurityNamespaceHandler() {
@@ -86,10 +92,10 @@ public final class SecurityNamespaceHandler implements NamespaceHandler {
 
 	public BeanDefinition parse(Element element, ParserContext pc) {
 		if (!namespaceMatchesVersion(element)) {
-			pc.getReaderContext()
-					.fatal("You cannot use a spring-security-2.0.xsd or spring-security-3.0.xsd or spring-security-3.1.xsd schema or spring-security-3.2.xsd schema or spring-security-4.0.xsd schema "
+			pc.getReaderContext().fatal(
+					"You cannot use a spring-security-2.0.xsd or spring-security-3.0.xsd or spring-security-3.1.xsd schema or spring-security-3.2.xsd schema or spring-security-4.0.xsd schema "
 							+ "with Spring Security 5.4. Please update your schema declarations to the 5.4 schema.",
-							element);
+					element);
 		}
 		String name = pc.getDelegate().getLocalName(element);
 		BeanDefinitionParser parser = parsers.get(name);
@@ -100,10 +106,8 @@ public final class SecurityNamespaceHandler implements NamespaceHandler {
 		}
 
 		if (parser == null) {
-			if (Elements.HTTP.equals(name)
-					|| Elements.FILTER_SECURITY_METADATA_SOURCE.equals(name)
-					|| Elements.FILTER_CHAIN_MAP.equals(name)
-					|| Elements.FILTER_CHAIN.equals(name)) {
+			if (Elements.HTTP.equals(name) || Elements.FILTER_SECURITY_METADATA_SOURCE.equals(name)
+					|| Elements.FILTER_CHAIN_MAP.equals(name) || Elements.FILTER_CHAIN.equals(name)) {
 				reportMissingWebClasses(name, pc, element);
 			}
 			else {
@@ -116,8 +120,7 @@ public final class SecurityNamespaceHandler implements NamespaceHandler {
 		return parser.parse(element, pc);
 	}
 
-	public BeanDefinitionHolder decorate(Node node, BeanDefinitionHolder definition,
-			ParserContext pc) {
+	public BeanDefinitionHolder decorate(Node node, BeanDefinitionHolder definition, ParserContext pc) {
 		String name = pc.getDelegate().getLocalName(node);
 
 		// We only handle elements
@@ -143,16 +146,13 @@ public final class SecurityNamespaceHandler implements NamespaceHandler {
 	}
 
 	private void reportUnsupportedNodeType(String name, ParserContext pc, Node node) {
-		pc.getReaderContext().fatal(
-				"Security namespace does not support decoration of "
-						+ (node instanceof Element ? "element" : "attribute") + " ["
-						+ name + "]", node);
+		pc.getReaderContext().fatal("Security namespace does not support decoration of "
+				+ (node instanceof Element ? "element" : "attribute") + " [" + name + "]", node);
 	}
 
 	private void reportMissingWebClasses(String nodeName, ParserContext pc, Node node) {
 		String errorMessage = "The classes from the spring-security-web jar "
-				+ "(or one of its dependencies) are not available. You need these to use <"
-				+ nodeName + ">";
+				+ "(or one of its dependencies) are not available. You need these to use <" + nodeName + ">";
 		try {
 			ClassUtils.forName(FILTER_CHAIN_PROXY_CLASSNAME, getClass().getClassLoader());
 			// no details available
@@ -175,31 +175,24 @@ public final class SecurityNamespaceHandler implements NamespaceHandler {
 		parsers.put(Elements.LDAP_USER_SERVICE, new LdapUserServiceBeanDefinitionParser());
 		parsers.put(Elements.USER_SERVICE, new UserServiceBeanDefinitionParser());
 		parsers.put(Elements.JDBC_USER_SERVICE, new JdbcUserServiceBeanDefinitionParser());
-		parsers.put(Elements.AUTHENTICATION_PROVIDER,
-				new AuthenticationProviderBeanDefinitionParser());
-		parsers.put(Elements.GLOBAL_METHOD_SECURITY,
-				new GlobalMethodSecurityBeanDefinitionParser());
-		parsers.put(Elements.AUTHENTICATION_MANAGER,
-				new AuthenticationManagerBeanDefinitionParser());
-		parsers.put(Elements.METHOD_SECURITY_METADATA_SOURCE,
-				new MethodSecurityMetadataSourceBeanDefinitionParser());
+		parsers.put(Elements.AUTHENTICATION_PROVIDER, new AuthenticationProviderBeanDefinitionParser());
+		parsers.put(Elements.GLOBAL_METHOD_SECURITY, new GlobalMethodSecurityBeanDefinitionParser());
+		parsers.put(Elements.AUTHENTICATION_MANAGER, new AuthenticationManagerBeanDefinitionParser());
+		parsers.put(Elements.METHOD_SECURITY_METADATA_SOURCE, new MethodSecurityMetadataSourceBeanDefinitionParser());
 
 		// Only load the web-namespace parsers if the web classes are available
-		if (ClassUtils.isPresent(FILTER_CHAIN_PROXY_CLASSNAME, getClass()
-				.getClassLoader())) {
+		if (ClassUtils.isPresent(FILTER_CHAIN_PROXY_CLASSNAME, getClass().getClassLoader())) {
 			parsers.put(Elements.DEBUG, new DebugBeanDefinitionParser());
 			parsers.put(Elements.HTTP, new HttpSecurityBeanDefinitionParser());
 			parsers.put(Elements.HTTP_FIREWALL, new HttpFirewallBeanDefinitionParser());
-			parsers.put(Elements.FILTER_SECURITY_METADATA_SOURCE,
-					new FilterInvocationSecurityMetadataSourceParser());
+			parsers.put(Elements.FILTER_SECURITY_METADATA_SOURCE, new FilterInvocationSecurityMetadataSourceParser());
 			parsers.put(Elements.FILTER_CHAIN, new FilterChainBeanDefinitionParser());
 			filterChainMapBDD = new FilterChainMapBeanDefinitionDecorator();
 			parsers.put(Elements.CLIENT_REGISTRATIONS, new ClientRegistrationsBeanDefinitionParser());
 		}
 
 		if (ClassUtils.isPresent(MESSAGE_CLASSNAME, getClass().getClassLoader())) {
-			parsers.put(Elements.WEBSOCKET_MESSAGE_BROKER,
-					new WebSocketMessageBrokerSecurityBeanDefinitionParser());
+			parsers.put(Elements.WEBSOCKET_MESSAGE_BROKER, new WebSocketMessageBrokerSecurityBeanDefinitionParser());
 		}
 	}
 
@@ -212,7 +205,6 @@ public final class SecurityNamespaceHandler implements NamespaceHandler {
 	 * using 3.0 as an error too. It might be an error to declare spring-security.xsd as
 	 * an alias, but you are only going to find that out when one of the sub parsers
 	 * breaks.
-	 *
 	 * @param element the element that is to be parsed next
 	 * @return true if we find a schema declaration that matches
 	 */
@@ -222,8 +214,7 @@ public final class SecurityNamespaceHandler implements NamespaceHandler {
 	}
 
 	private boolean matchesVersionInternal(Element element) {
-		String schemaLocation = element.getAttributeNS(
-				"http://www.w3.org/2001/XMLSchema-instance", "schemaLocation");
+		String schemaLocation = element.getAttributeNS("http://www.w3.org/2001/XMLSchema-instance", "schemaLocation");
 		return schemaLocation.matches("(?m).*spring-security-5\\.4.*.xsd.*")
 				|| schemaLocation.matches("(?m).*spring-security.xsd.*")
 				|| !schemaLocation.matches("(?m).*spring-security.*");
diff --git a/config/src/main/java/org/springframework/security/config/annotation/AbstractConfiguredSecurityBuilder.java b/config/src/main/java/org/springframework/security/config/annotation/AbstractConfiguredSecurityBuilder.java
index 34fe85cb2c..5e9b198ffc 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/AbstractConfiguredSecurityBuilder.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/AbstractConfiguredSecurityBuilder.java
@@ -45,17 +45,17 @@ import org.springframework.web.filter.DelegatingFilterProxy;
  * </p>
  *
  * @see WebSecurity
- *
  * @author Rob Winch
- *
  * @param <O> The object that this builder returns
  * @param <B> The type of this builder (that is returned by the base class)
  */
 public abstract class AbstractConfiguredSecurityBuilder<O, B extends SecurityBuilder<O>>
 		extends AbstractSecurityBuilder<O> {
+
 	private final Log logger = LogFactory.getLog(getClass());
 
 	private final LinkedHashMap<Class<? extends SecurityConfigurer<O, B>>, List<SecurityConfigurer<O, B>>> configurers = new LinkedHashMap<>();
+
 	private final List<SecurityConfigurer<O, B>> configurersAddedInInitializing = new ArrayList<>();
 
 	private final Map<Class<?>, Object> sharedObjects = new HashMap<>();
@@ -70,11 +70,9 @@ public abstract class AbstractConfiguredSecurityBuilder<O, B extends SecurityBui
 	 * Creates a new instance with the provided {@link ObjectPostProcessor}. This post
 	 * processor must support Object since there are many types of objects that may be
 	 * post processed.
-	 *
 	 * @param objectPostProcessor the {@link ObjectPostProcessor} to use
 	 */
-	protected AbstractConfiguredSecurityBuilder(
-			ObjectPostProcessor<Object> objectPostProcessor) {
+	protected AbstractConfiguredSecurityBuilder(ObjectPostProcessor<Object> objectPostProcessor) {
 		this(objectPostProcessor, false);
 	}
 
@@ -82,13 +80,11 @@ public abstract class AbstractConfiguredSecurityBuilder<O, B extends SecurityBui
 	 * Creates a new instance with the provided {@link ObjectPostProcessor}. This post
 	 * processor must support Object since there are many types of objects that may be
 	 * post processed.
-	 *
 	 * @param objectPostProcessor the {@link ObjectPostProcessor} to use
 	 * @param allowConfigurersOfSameType if true, will not override other
 	 * {@link SecurityConfigurer}'s when performing apply
 	 */
-	protected AbstractConfiguredSecurityBuilder(
-			ObjectPostProcessor<Object> objectPostProcessor,
+	protected AbstractConfiguredSecurityBuilder(ObjectPostProcessor<Object> objectPostProcessor,
 			boolean allowConfigurersOfSameType) {
 		Assert.notNull(objectPostProcessor, "objectPostProcessor cannot be null");
 		this.objectPostProcessor = objectPostProcessor;
@@ -98,7 +94,6 @@ public abstract class AbstractConfiguredSecurityBuilder<O, B extends SecurityBui
 	/**
 	 * Similar to {@link #build()} and {@link #getObject()} but checks the state to
 	 * determine if {@link #build()} needs to be called first.
-	 *
 	 * @return the result of {@link #build()} or {@link #getObject()}. If an error occurs
 	 * while building, returns null.
 	 */
@@ -120,14 +115,12 @@ public abstract class AbstractConfiguredSecurityBuilder<O, B extends SecurityBui
 	/**
 	 * Applies a {@link SecurityConfigurerAdapter} to this {@link SecurityBuilder} and
 	 * invokes {@link SecurityConfigurerAdapter#setBuilder(SecurityBuilder)}.
-	 *
 	 * @param configurer
 	 * @return the {@link SecurityConfigurerAdapter} for further customizations
 	 * @throws Exception
 	 */
 	@SuppressWarnings("unchecked")
-	public <C extends SecurityConfigurerAdapter<O, B>> C apply(C configurer)
-			throws Exception {
+	public <C extends SecurityConfigurerAdapter<O, B>> C apply(C configurer) throws Exception {
 		configurer.addObjectPostProcessor(objectPostProcessor);
 		configurer.setBuilder((B) this);
 		add(configurer);
@@ -138,7 +131,6 @@ public abstract class AbstractConfiguredSecurityBuilder<O, B extends SecurityBui
 	 * Applies a {@link SecurityConfigurer} to this {@link SecurityBuilder} overriding any
 	 * {@link SecurityConfigurer} of the exact same class. Note that object hierarchies
 	 * are not considered.
-	 *
 	 * @param configurer
 	 * @return the {@link SecurityConfigurerAdapter} for further customizations
 	 * @throws Exception
@@ -150,7 +142,6 @@ public abstract class AbstractConfiguredSecurityBuilder<O, B extends SecurityBui
 
 	/**
 	 * Sets an object that is shared by multiple {@link SecurityConfigurer}.
-	 *
 	 * @param sharedType the Class to key the shared object by.
 	 * @param object the Object to store
 	 */
@@ -161,7 +152,6 @@ public abstract class AbstractConfiguredSecurityBuilder<O, B extends SecurityBui
 
 	/**
 	 * Gets a shared Object. Note that object heirarchies are not considered.
-	 *
 	 * @param sharedType the type of the shared Object
 	 * @return the shared Object or null if it is not found
 	 */
@@ -181,7 +171,6 @@ public abstract class AbstractConfiguredSecurityBuilder<O, B extends SecurityBui
 	/**
 	 * Adds {@link SecurityConfigurer} ensuring that it is allowed and invoking
 	 * {@link SecurityConfigurer#init(SecurityBuilder)} immediately if necessary.
-	 *
 	 * @param configurer the {@link SecurityConfigurer} to add
 	 */
 	@SuppressWarnings("unchecked")
@@ -192,11 +181,9 @@ public abstract class AbstractConfiguredSecurityBuilder<O, B extends SecurityBui
 				.getClass();
 		synchronized (configurers) {
 			if (buildState.isConfigured()) {
-				throw new IllegalStateException("Cannot apply " + configurer
-						+ " to already built object");
+				throw new IllegalStateException("Cannot apply " + configurer + " to already built object");
 			}
-			List<SecurityConfigurer<O, B>> configs = allowConfigurersOfSameType ? this.configurers
-					.get(clazz) : null;
+			List<SecurityConfigurer<O, B>> configs = allowConfigurersOfSameType ? this.configurers.get(clazz) : null;
 			if (configs == null) {
 				configs = new ArrayList<>(1);
 			}
@@ -211,7 +198,6 @@ public abstract class AbstractConfiguredSecurityBuilder<O, B extends SecurityBui
 	/**
 	 * Gets all the {@link SecurityConfigurer} instances by its class name or an empty
 	 * List if not found. Note that object hierarchies are not considered.
-	 *
 	 * @param clazz the {@link SecurityConfigurer} class to look for
 	 * @return a list of {@link SecurityConfigurer}s for further customization
 	 */
@@ -227,7 +213,6 @@ public abstract class AbstractConfiguredSecurityBuilder<O, B extends SecurityBui
 	/**
 	 * Removes all the {@link SecurityConfigurer} instances by its class name or an empty
 	 * List if not found. Note that object hierarchies are not considered.
-	 *
 	 * @param clazz the {@link SecurityConfigurer} class to look for
 	 * @return a list of {@link SecurityConfigurer}s for further customization
 	 */
@@ -243,7 +228,6 @@ public abstract class AbstractConfiguredSecurityBuilder<O, B extends SecurityBui
 	/**
 	 * Gets the {@link SecurityConfigurer} by its class name or <code>null</code> if not
 	 * found. Note that object hierarchies are not considered.
-	 *
 	 * @param clazz
 	 * @return the {@link SecurityConfigurer} for further customizations
 	 */
@@ -254,8 +238,7 @@ public abstract class AbstractConfiguredSecurityBuilder<O, B extends SecurityBui
 			return null;
 		}
 		if (configs.size() != 1) {
-			throw new IllegalStateException("Only one configurer expected for type "
-					+ clazz + ", but got " + configs);
+			throw new IllegalStateException("Only one configurer expected for type " + clazz + ", but got " + configs);
 		}
 		return (C) configs.get(0);
 	}
@@ -263,7 +246,6 @@ public abstract class AbstractConfiguredSecurityBuilder<O, B extends SecurityBui
 	/**
 	 * Removes and returns the {@link SecurityConfigurer} by its class name or
 	 * <code>null</code> if not found. Note that object hierarchies are not considered.
-	 *
 	 * @param clazz
 	 * @return
 	 */
@@ -274,8 +256,7 @@ public abstract class AbstractConfiguredSecurityBuilder<O, B extends SecurityBui
 			return null;
 		}
 		if (configs.size() != 1) {
-			throw new IllegalStateException("Only one configurer expected for type "
-					+ clazz + ", but got " + configs);
+			throw new IllegalStateException("Only one configurer expected for type " + clazz + ", but got " + configs);
 		}
 		return (C) configs.get(0);
 	}
@@ -295,7 +276,6 @@ public abstract class AbstractConfiguredSecurityBuilder<O, B extends SecurityBui
 	/**
 	 * Performs post processing of an object. The default is to delegate to the
 	 * {@link ObjectPostProcessor}.
-	 *
 	 * @param object the Object to post process
 	 * @return the possibly modified Object to use
 	 */
@@ -357,7 +337,6 @@ public abstract class AbstractConfiguredSecurityBuilder<O, B extends SecurityBui
 
 	/**
 	 * Subclasses must implement this method to build the object that is being returned.
-	 *
 	 * @return the Object to be buit or null if the implementation allows it
 	 */
 	protected abstract O performBuild() throws Exception;
@@ -409,6 +388,7 @@ public abstract class AbstractConfiguredSecurityBuilder<O, B extends SecurityBui
 	 * @since 3.2
 	 */
 	private enum BuildState {
+
 		/**
 		 * This is the state before the {@link Builder#build()} is invoked
 		 */
@@ -457,5 +437,7 @@ public abstract class AbstractConfiguredSecurityBuilder<O, B extends SecurityBui
 		public boolean isConfigured() {
 			return order >= CONFIGURING.order;
 		}
+
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/AbstractSecurityBuilder.java b/config/src/main/java/org/springframework/security/config/annotation/AbstractSecurityBuilder.java
index 2f4c4022fe..afaeebd92a 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/AbstractSecurityBuilder.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/AbstractSecurityBuilder.java
@@ -22,11 +22,11 @@ import java.util.concurrent.atomic.AtomicBoolean;
  * time.
  *
  * @param <O> the type of Object that is being built
- *
  * @author Rob Winch
  *
  */
 public abstract class AbstractSecurityBuilder<O> implements SecurityBuilder<O> {
+
 	private AtomicBoolean building = new AtomicBoolean();
 
 	private O object;
@@ -47,7 +47,6 @@ public abstract class AbstractSecurityBuilder<O> implements SecurityBuilder<O> {
 	/**
 	 * Gets the object that was built. If it has not been built yet an Exception is
 	 * thrown.
-	 *
 	 * @return the Object that was built
 	 */
 	public final O getObject() {
@@ -59,10 +58,9 @@ public abstract class AbstractSecurityBuilder<O> implements SecurityBuilder<O> {
 
 	/**
 	 * Subclasses should implement this to perform the build.
-	 *
 	 * @return the object that should be returned by {@link #build()}.
-	 *
 	 * @throws Exception if an error occurs
 	 */
 	protected abstract O doBuild() throws Exception;
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/AlreadyBuiltException.java b/config/src/main/java/org/springframework/security/config/annotation/AlreadyBuiltException.java
index b84bbff45e..b50484c4ea 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/AlreadyBuiltException.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/AlreadyBuiltException.java
@@ -28,4 +28,5 @@ public class AlreadyBuiltException extends IllegalStateException {
 	}
 
 	private static final long serialVersionUID = -5891004752785553015L;
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/ObjectPostProcessor.java b/config/src/main/java/org/springframework/security/config/annotation/ObjectPostProcessor.java
index ca07992749..4218081cdb 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/ObjectPostProcessor.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/ObjectPostProcessor.java
@@ -25,7 +25,6 @@ import org.springframework.beans.factory.InitializingBean;
  * {@link DisposableBean#destroy()} has been invoked.
  *
  * @param <T> the bound of the types of Objects this {@link ObjectPostProcessor} supports.
- *
  * @author Rob Winch
  * @since 3.2
  */
@@ -34,9 +33,9 @@ public interface ObjectPostProcessor<T> {
 	/**
 	 * Initialize the object possibly returning a modified instance that should be used
 	 * instead.
-	 *
 	 * @param object the object to initialize
 	 * @return the initialized version of the object
 	 */
 	<O extends T> O postProcess(O object);
+
 }
\ No newline at end of file
diff --git a/config/src/main/java/org/springframework/security/config/annotation/SecurityBuilder.java b/config/src/main/java/org/springframework/security/config/annotation/SecurityBuilder.java
index 1f097537c0..3340250675 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/SecurityBuilder.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/SecurityBuilder.java
@@ -20,16 +20,15 @@ package org.springframework.security.config.annotation;
  *
  * @author Rob Winch
  * @since 3.2
- *
  * @param <O> The type of the Object being built
  */
 public interface SecurityBuilder<O> {
 
 	/**
 	 * Builds the object and returns it or null.
-	 *
 	 * @return the Object to be built or null if the implementation allows it.
 	 * @throws Exception if an error occurred when building the Object
 	 */
 	O build() throws Exception;
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/SecurityConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/SecurityConfigurer.java
index 4ddba28274..13564216ea 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/SecurityConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/SecurityConfigurer.java
@@ -22,20 +22,18 @@ package org.springframework.security.config.annotation;
  * {@link #configure(SecurityBuilder)} method is invoked.
  *
  * @see AbstractConfiguredSecurityBuilder
- *
  * @author Rob Winch
- *
  * @param <O> The object being built by the {@link SecurityBuilder} B
  * @param <B> The {@link SecurityBuilder} that builds objects of type O. This is also the
  * {@link SecurityBuilder} that is being configured.
  */
 public interface SecurityConfigurer<O, B extends SecurityBuilder<O>> {
+
 	/**
 	 * Initialize the {@link SecurityBuilder}. Here only shared state should be created
 	 * and modified, but not properties on the {@link SecurityBuilder} used for building
 	 * the object. This ensures that the {@link #configure(SecurityBuilder)} method uses
 	 * the correct shared objects when building. Configurers should be applied here.
-	 *
 	 * @param builder
 	 * @throws Exception
 	 */
@@ -44,9 +42,9 @@ public interface SecurityConfigurer<O, B extends SecurityBuilder<O>> {
 	/**
 	 * Configure the {@link SecurityBuilder} by setting the necessary properties on the
 	 * {@link SecurityBuilder}.
-	 *
 	 * @param builder
 	 * @throws Exception
 	 */
 	void configure(B builder) throws Exception;
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/SecurityConfigurerAdapter.java b/config/src/main/java/org/springframework/security/config/annotation/SecurityConfigurerAdapter.java
index d5ca809c64..87e0876002 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/SecurityConfigurerAdapter.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/SecurityConfigurerAdapter.java
@@ -29,13 +29,12 @@ import org.springframework.core.annotation.AnnotationAwareOrderComparator;
  *
  * @author Rob Winch
  * @author Wallace Wadge
- *
  * @param <O> The Object being built by B
  * @param <B> The Builder that is building O and is configured by
  * {@link SecurityConfigurerAdapter}
  */
-public abstract class SecurityConfigurerAdapter<O, B extends SecurityBuilder<O>>
-		implements SecurityConfigurer<O, B> {
+public abstract class SecurityConfigurerAdapter<O, B extends SecurityBuilder<O>> implements SecurityConfigurer<O, B> {
+
 	private B securityBuilder;
 
 	private CompositeObjectPostProcessor objectPostProcessor = new CompositeObjectPostProcessor();
@@ -49,7 +48,6 @@ public abstract class SecurityConfigurerAdapter<O, B extends SecurityBuilder<O>>
 	/**
 	 * Return the {@link SecurityBuilder} when done using the {@link SecurityConfigurer}.
 	 * This is useful for method chaining.
-	 *
 	 * @return the {@link SecurityBuilder} for further customizations
 	 */
 	public B and() {
@@ -58,7 +56,6 @@ public abstract class SecurityConfigurerAdapter<O, B extends SecurityBuilder<O>>
 
 	/**
 	 * Gets the {@link SecurityBuilder}. Cannot be null.
-	 *
 	 * @return the {@link SecurityBuilder}
 	 * @throws IllegalStateException if {@link SecurityBuilder} is null
 	 */
@@ -72,7 +69,6 @@ public abstract class SecurityConfigurerAdapter<O, B extends SecurityBuilder<O>>
 	/**
 	 * Performs post processing of an object. The default is to delegate to the
 	 * {@link ObjectPostProcessor}.
-	 *
 	 * @param object the Object to post process
 	 * @return the possibly modified Object to use
 	 */
@@ -85,7 +81,6 @@ public abstract class SecurityConfigurerAdapter<O, B extends SecurityBuilder<O>>
 	 * Adds an {@link ObjectPostProcessor} to be used for this
 	 * {@link SecurityConfigurerAdapter}. The default implementation does nothing to the
 	 * object.
-	 *
 	 * @param objectPostProcessor the {@link ObjectPostProcessor} to use
 	 */
 	public void addObjectPostProcessor(ObjectPostProcessor<?> objectPostProcessor) {
@@ -95,7 +90,6 @@ public abstract class SecurityConfigurerAdapter<O, B extends SecurityBuilder<O>>
 	/**
 	 * Sets the {@link SecurityBuilder} to be used. This is automatically set when using
 	 * {@link AbstractConfiguredSecurityBuilder#apply(SecurityConfigurerAdapter)}
-	 *
 	 * @param builder the {@link SecurityBuilder} to set
 	 */
 	public void setBuilder(B builder) {
@@ -108,16 +102,15 @@ public abstract class SecurityConfigurerAdapter<O, B extends SecurityBuilder<O>>
 	 *
 	 * @author Rob Winch
 	 */
-	private static final class CompositeObjectPostProcessor implements
-			ObjectPostProcessor<Object> {
+	private static final class CompositeObjectPostProcessor implements ObjectPostProcessor<Object> {
+
 		private List<ObjectPostProcessor<?>> postProcessors = new ArrayList<>();
 
 		@SuppressWarnings({ "rawtypes", "unchecked" })
 		public Object postProcess(Object object) {
 			for (ObjectPostProcessor opp : postProcessors) {
 				Class<?> oppClass = opp.getClass();
-				Class<?> oppType = GenericTypeResolver.resolveTypeArgument(oppClass,
-						ObjectPostProcessor.class);
+				Class<?> oppType = GenericTypeResolver.resolveTypeArgument(oppClass, ObjectPostProcessor.class);
 				if (oppType == null || oppType.isAssignableFrom(object.getClass())) {
 					object = opp.postProcess(object);
 				}
@@ -130,11 +123,12 @@ public abstract class SecurityConfigurerAdapter<O, B extends SecurityBuilder<O>>
 		 * @param objectPostProcessor the {@link ObjectPostProcessor} to add
 		 * @return true if the {@link ObjectPostProcessor} was added, else false
 		 */
-		private boolean addObjectPostProcessor(
-				ObjectPostProcessor<?> objectPostProcessor) {
+		private boolean addObjectPostProcessor(ObjectPostProcessor<?> objectPostProcessor) {
 			boolean result = this.postProcessors.add(objectPostProcessor);
 			postProcessors.sort(AnnotationAwareOrderComparator.INSTANCE);
 			return result;
 		}
+
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/authentication/ProviderManagerBuilder.java b/config/src/main/java/org/springframework/security/config/annotation/authentication/ProviderManagerBuilder.java
index aab2e9eab6..6240d764c0 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/authentication/ProviderManagerBuilder.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/authentication/ProviderManagerBuilder.java
@@ -24,11 +24,10 @@ import org.springframework.security.config.annotation.SecurityBuilder;
  * Interface for operating on a SecurityBuilder that creates a {@link ProviderManager}
  *
  * @author Rob Winch
- *
  * @param <B> the type of the {@link SecurityBuilder}
  */
-public interface ProviderManagerBuilder<B extends ProviderManagerBuilder<B>> extends
-		SecurityBuilder<AuthenticationManager> {
+public interface ProviderManagerBuilder<B extends ProviderManagerBuilder<B>>
+		extends SecurityBuilder<AuthenticationManager> {
 
 	/**
 	 * Add authentication based upon the custom {@link AuthenticationProvider} that is
@@ -36,10 +35,11 @@ public interface ProviderManagerBuilder<B extends ProviderManagerBuilder<B>> ext
 	 * customizations must be done externally and the {@link ProviderManagerBuilder} is
 	 * returned immediately.
 	 *
-	 * Note that an Exception is thrown if an error occurs when adding the {@link AuthenticationProvider}.
-	 *
+	 * Note that an Exception is thrown if an error occurs when adding the
+	 * {@link AuthenticationProvider}.
 	 * @return a {@link ProviderManagerBuilder} to allow further authentication to be
 	 * provided to the {@link ProviderManagerBuilder}
 	 */
 	B authenticationProvider(AuthenticationProvider authenticationProvider);
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/authentication/builders/AuthenticationManagerBuilder.java b/config/src/main/java/org/springframework/security/config/annotation/authentication/builders/AuthenticationManagerBuilder.java
index 36b4a97a28..3052cfa2c7 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/authentication/builders/AuthenticationManagerBuilder.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/authentication/builders/AuthenticationManagerBuilder.java
@@ -48,15 +48,19 @@ import org.springframework.util.Assert;
  * @since 3.2
  */
 public class AuthenticationManagerBuilder
-		extends
-		AbstractConfiguredSecurityBuilder<AuthenticationManager, AuthenticationManagerBuilder>
+		extends AbstractConfiguredSecurityBuilder<AuthenticationManager, AuthenticationManagerBuilder>
 		implements ProviderManagerBuilder<AuthenticationManagerBuilder> {
+
 	private final Log logger = LogFactory.getLog(getClass());
 
 	private AuthenticationManager parentAuthenticationManager;
+
 	private List<AuthenticationProvider> authenticationProviders = new ArrayList<>();
+
 	private UserDetailsService defaultUserDetailsService;
+
 	private Boolean eraseCredentials;
+
 	private AuthenticationEventPublisher eventPublisher;
 
 	/**
@@ -71,18 +75,15 @@ public class AuthenticationManagerBuilder
 	 * Allows providing a parent {@link AuthenticationManager} that will be tried if this
 	 * {@link AuthenticationManager} was unable to attempt to authenticate the provided
 	 * {@link Authentication}.
-	 *
 	 * @param authenticationManager the {@link AuthenticationManager} that should be used
 	 * if the current {@link AuthenticationManager} was unable to attempt to authenticate
 	 * the provided {@link Authentication}.
 	 * @return the {@link AuthenticationManagerBuilder} for further adding types of
 	 * authentication
 	 */
-	public AuthenticationManagerBuilder parentAuthenticationManager(
-			AuthenticationManager authenticationManager) {
+	public AuthenticationManagerBuilder parentAuthenticationManager(AuthenticationManager authenticationManager) {
 		if (authenticationManager instanceof ProviderManager) {
-			eraseCredentials(((ProviderManager) authenticationManager)
-					.isEraseCredentialsAfterAuthentication());
+			eraseCredentials(((ProviderManager) authenticationManager).isEraseCredentialsAfterAuthentication());
 		}
 		this.parentAuthenticationManager = authenticationManager;
 		return this;
@@ -90,20 +91,16 @@ public class AuthenticationManagerBuilder
 
 	/**
 	 * Sets the {@link AuthenticationEventPublisher}
-	 *
 	 * @param eventPublisher the {@link AuthenticationEventPublisher} to use
 	 * @return the {@link AuthenticationManagerBuilder} for further customizations
 	 */
-	public AuthenticationManagerBuilder authenticationEventPublisher(
-			AuthenticationEventPublisher eventPublisher) {
+	public AuthenticationManagerBuilder authenticationEventPublisher(AuthenticationEventPublisher eventPublisher) {
 		Assert.notNull(eventPublisher, "AuthenticationEventPublisher cannot be null");
 		this.eventPublisher = eventPublisher;
 		return this;
 	}
 
 	/**
-	 *
-	 *
 	 * @param eraseCredentials true if {@link AuthenticationManager} should clear the
 	 * credentials from the {@link Authentication} object after authenticating
 	 * @return the {@link AuthenticationManagerBuilder} for further customizations
@@ -124,7 +121,6 @@ public class AuthenticationManagerBuilder
 	 * {@link UserDetailsService}'s may override this {@link UserDetailsService} as the
 	 * default.
 	 * </p>
-	 *
 	 * @return a {@link InMemoryUserDetailsManagerConfigurer} to allow customization of
 	 * the in memory authentication
 	 * @throws Exception if an error occurs when adding the in memory authentication
@@ -141,8 +137,8 @@ public class AuthenticationManagerBuilder
 	 *
 	 * <p>
 	 * When using with a persistent data store, it is best to add users external of
-	 * configuration using something like <a href="https://flywaydb.org/">Flyway</a> or <a
-	 * href="https://www.liquibase.org/">Liquibase</a> to create the schema and adding
+	 * configuration using something like <a href="https://flywaydb.org/">Flyway</a> or
+	 * <a href="https://www.liquibase.org/">Liquibase</a> to create the schema and adding
 	 * users to ensure these steps are only done once and that the optimal SQL is used.
 	 * </p>
 	 *
@@ -154,13 +150,11 @@ public class AuthenticationManagerBuilder
 	 * "https://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/#user-schema"
 	 * >User Schema</a> section of the reference for the default schema.
 	 * </p>
-	 *
 	 * @return a {@link JdbcUserDetailsManagerConfigurer} to allow customization of the
 	 * JDBC authentication
 	 * @throws Exception if an error occurs when adding the JDBC authentication
 	 */
-	public JdbcUserDetailsManagerConfigurer<AuthenticationManagerBuilder> jdbcAuthentication()
-			throws Exception {
+	public JdbcUserDetailsManagerConfigurer<AuthenticationManagerBuilder> jdbcAuthentication() throws Exception {
 		return apply(new JdbcUserDetailsManagerConfigurer<>());
 	}
 
@@ -175,7 +169,6 @@ public class AuthenticationManagerBuilder
 	 * {@link UserDetailsService}'s may override this {@link UserDetailsService} as the
 	 * default.
 	 * </p>
-	 *
 	 * @return a {@link DaoAuthenticationConfigurer} to allow customization of the DAO
 	 * authentication
 	 * @throws Exception if an error occurs when adding the {@link UserDetailsService}
@@ -184,8 +177,7 @@ public class AuthenticationManagerBuilder
 	public <T extends UserDetailsService> DaoAuthenticationConfigurer<AuthenticationManagerBuilder, T> userDetailsService(
 			T userDetailsService) throws Exception {
 		this.defaultUserDetailsService = userDetailsService;
-		return apply(new DaoAuthenticationConfigurer<>(
-				userDetailsService));
+		return apply(new DaoAuthenticationConfigurer<>(userDetailsService));
 	}
 
 	/**
@@ -196,13 +188,11 @@ public class AuthenticationManagerBuilder
 	 * <p>
 	 * This method <b>does NOT</b> ensure that a {@link UserDetailsService} is available
 	 * for the {@link #getDefaultUserDetailsService()} method.
-	 *
 	 * @return a {@link LdapAuthenticationProviderConfigurer} to allow customization of
 	 * the LDAP authentication
 	 * @throws Exception if an error occurs when adding the LDAP authentication
 	 */
-	public LdapAuthenticationProviderConfigurer<AuthenticationManagerBuilder> ldapAuthentication()
-			throws Exception {
+	public LdapAuthenticationProviderConfigurer<AuthenticationManagerBuilder> ldapAuthentication() throws Exception {
 		return apply(new LdapAuthenticationProviderConfigurer<>());
 	}
 
@@ -216,13 +206,12 @@ public class AuthenticationManagerBuilder
 	 * This method <b>does NOT</b> ensure that the {@link UserDetailsService} is available
 	 * for the {@link #getDefaultUserDetailsService()} method.
 	 *
-	 * Note that an {@link Exception} might be thrown if an error occurs when adding the {@link AuthenticationProvider}.
-	 *
+	 * Note that an {@link Exception} might be thrown if an error occurs when adding the
+	 * {@link AuthenticationProvider}.
 	 * @return a {@link AuthenticationManagerBuilder} to allow further authentication to
 	 * be provided to the {@link AuthenticationManagerBuilder}
 	 */
-	public AuthenticationManagerBuilder authenticationProvider(
-			AuthenticationProvider authenticationProvider) {
+	public AuthenticationManagerBuilder authenticationProvider(AuthenticationProvider authenticationProvider) {
 		this.authenticationProviders.add(authenticationProvider);
 		return this;
 	}
@@ -233,8 +222,7 @@ public class AuthenticationManagerBuilder
 			logger.debug("No authenticationProviders and no parentAuthenticationManager defined. Returning null.");
 			return null;
 		}
-		ProviderManager providerManager = new ProviderManager(authenticationProviders,
-				parentAuthenticationManager);
+		ProviderManager providerManager = new ProviderManager(authenticationProviders, parentAuthenticationManager);
 		if (eraseCredentials != null) {
 			providerManager.setEraseCredentialsAfterAuthentication(eraseCredentials);
 		}
@@ -257,8 +245,8 @@ public class AuthenticationManagerBuilder
 	 * {@link SecurityConfigurer} that is last could check this method and provide a
 	 * default configuration in the {@link SecurityConfigurer#configure(SecurityBuilder)}
 	 * method.
-	 *
-	 * @return true, if {@link AuthenticationManagerBuilder} is configured, otherwise false
+	 * @return true, if {@link AuthenticationManagerBuilder} is configured, otherwise
+	 * false
 	 */
 	public boolean isConfigured() {
 		return !authenticationProviders.isEmpty() || parentAuthenticationManager != null;
@@ -267,7 +255,6 @@ public class AuthenticationManagerBuilder
 	/**
 	 * Gets the default {@link UserDetailsService} for the
 	 * {@link AuthenticationManagerBuilder}. The result may be null in some circumstances.
-	 *
 	 * @return the default {@link UserDetailsService} for the
 	 * {@link AuthenticationManagerBuilder}
 	 */
@@ -278,7 +265,6 @@ public class AuthenticationManagerBuilder
 	/**
 	 * Captures the {@link UserDetailsService} from any {@link UserDetailsAwareConfigurer}
 	 * .
-	 *
 	 * @param configurer the {@link UserDetailsAwareConfigurer} to capture the
 	 * {@link UserDetailsService} from.
 	 * @return the {@link UserDetailsAwareConfigurer} for further customizations
@@ -289,4 +275,5 @@ public class AuthenticationManagerBuilder
 		this.defaultUserDetailsService = configurer.getUserDetailsService();
 		return super.apply(configurer);
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfiguration.java
index a9a7b088af..26232408cc 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfiguration.java
@@ -68,18 +68,19 @@ public class AuthenticationConfiguration {
 
 	private boolean authenticationManagerInitialized;
 
-	private List<GlobalAuthenticationConfigurerAdapter> globalAuthConfigurers = Collections
-			.emptyList();
+	private List<GlobalAuthenticationConfigurerAdapter> globalAuthConfigurers = Collections.emptyList();
 
 	private ObjectPostProcessor<Object> objectPostProcessor;
 
 	@Bean
-	public AuthenticationManagerBuilder authenticationManagerBuilder(
-			ObjectPostProcessor<Object> objectPostProcessor, ApplicationContext context) {
+	public AuthenticationManagerBuilder authenticationManagerBuilder(ObjectPostProcessor<Object> objectPostProcessor,
+			ApplicationContext context) {
 		LazyPasswordEncoder defaultPasswordEncoder = new LazyPasswordEncoder(context);
-		AuthenticationEventPublisher authenticationEventPublisher = getBeanOrNull(context, AuthenticationEventPublisher.class);
+		AuthenticationEventPublisher authenticationEventPublisher = getBeanOrNull(context,
+				AuthenticationEventPublisher.class);
 
-		DefaultPasswordEncoderAuthenticationManagerBuilder result = new DefaultPasswordEncoderAuthenticationManagerBuilder(objectPostProcessor, defaultPasswordEncoder);
+		DefaultPasswordEncoderAuthenticationManagerBuilder result = new DefaultPasswordEncoderAuthenticationManagerBuilder(
+				objectPostProcessor, defaultPasswordEncoder);
 		if (authenticationEventPublisher != null) {
 			result.authenticationEventPublisher(authenticationEventPublisher);
 		}
@@ -93,12 +94,14 @@ public class AuthenticationConfiguration {
 	}
 
 	@Bean
-	public static InitializeUserDetailsBeanManagerConfigurer initializeUserDetailsBeanManagerConfigurer(ApplicationContext context) {
+	public static InitializeUserDetailsBeanManagerConfigurer initializeUserDetailsBeanManagerConfigurer(
+			ApplicationContext context) {
 		return new InitializeUserDetailsBeanManagerConfigurer(context);
 	}
 
 	@Bean
-	public static InitializeAuthenticationProviderBeanManagerConfigurer initializeAuthenticationProviderBeanManagerConfigurer(ApplicationContext context) {
+	public static InitializeAuthenticationProviderBeanManagerConfigurer initializeAuthenticationProviderBeanManagerConfigurer(
+			ApplicationContext context) {
 		return new InitializeAuthenticationProviderBeanManagerConfigurer(context);
 	}
 
@@ -126,8 +129,7 @@ public class AuthenticationConfiguration {
 	}
 
 	@Autowired(required = false)
-	public void setGlobalAuthenticationConfigurers(
-			List<GlobalAuthenticationConfigurerAdapter> configurers) {
+	public void setGlobalAuthenticationConfigurers(List<GlobalAuthenticationConfigurerAdapter> configurers) {
 		configurers.sort(AnnotationAwareOrderComparator.INSTANCE);
 		this.globalAuthConfigurers = configurers;
 	}
@@ -145,8 +147,8 @@ public class AuthenticationConfiguration {
 	@SuppressWarnings("unchecked")
 	private <T> T lazyBean(Class<T> interfaceName) {
 		LazyInitTargetSource lazyTargetSource = new LazyInitTargetSource();
-		String[] beanNamesForType = BeanFactoryUtils.beanNamesForTypeIncludingAncestors(
-				applicationContext, interfaceName);
+		String[] beanNamesForType = BeanFactoryUtils.beanNamesForTypeIncludingAncestors(applicationContext,
+				interfaceName);
 		if (beanNamesForType.length == 0) {
 			return null;
 		}
@@ -154,12 +156,13 @@ public class AuthenticationConfiguration {
 		if (beanNamesForType.length > 1) {
 			List<String> primaryBeanNames = getPrimaryBeanNames(beanNamesForType);
 
-			Assert.isTrue(primaryBeanNames.size() != 0, () -> "Found " + beanNamesForType.length
-					+ " beans for type " + interfaceName + ", but none marked as primary");
-			Assert.isTrue(primaryBeanNames.size() == 1, () -> "Found " + primaryBeanNames.size()
-					+ " beans for type " + interfaceName + " marked as primary");
+			Assert.isTrue(primaryBeanNames.size() != 0, () -> "Found " + beanNamesForType.length + " beans for type "
+					+ interfaceName + ", but none marked as primary");
+			Assert.isTrue(primaryBeanNames.size() == 1, () -> "Found " + primaryBeanNames.size() + " beans for type "
+					+ interfaceName + " marked as primary");
 			beanName = primaryBeanNames.get(0);
-		} else {
+		}
+		else {
 			beanName = beanNamesForType[0];
 		}
 
@@ -177,8 +180,8 @@ public class AuthenticationConfiguration {
 			return Collections.emptyList();
 		}
 		for (String beanName : beanNamesForType) {
-			if (((ConfigurableApplicationContext) applicationContext).getBeanFactory()
-					.getBeanDefinition(beanName).isPrimary()) {
+			if (((ConfigurableApplicationContext) applicationContext).getBeanFactory().getBeanDefinition(beanName)
+					.isPrimary()) {
 				list.add(beanName);
 			}
 		}
@@ -192,16 +195,17 @@ public class AuthenticationConfiguration {
 	private static <T> T getBeanOrNull(ApplicationContext applicationContext, Class<T> type) {
 		try {
 			return applicationContext.getBean(type);
-		} catch(NoSuchBeanDefinitionException notFound) {
+		}
+		catch (NoSuchBeanDefinitionException notFound) {
 			return null;
 		}
 	}
 
-	private static class EnableGlobalAuthenticationAutowiredConfigurer extends
-			GlobalAuthenticationConfigurerAdapter {
+	private static class EnableGlobalAuthenticationAutowiredConfigurer extends GlobalAuthenticationConfigurerAdapter {
+
 		private final ApplicationContext context;
-		private static final Log logger = LogFactory
-				.getLog(EnableGlobalAuthenticationAutowiredConfigurer.class);
+
+		private static final Log logger = LogFactory.getLog(EnableGlobalAuthenticationAutowiredConfigurer.class);
 
 		EnableGlobalAuthenticationAutowiredConfigurer(ApplicationContext context) {
 			this.context = context;
@@ -209,12 +213,12 @@ public class AuthenticationConfiguration {
 
 		@Override
 		public void init(AuthenticationManagerBuilder auth) {
-			Map<String, Object> beansWithAnnotation = context
-					.getBeansWithAnnotation(EnableGlobalAuthentication.class);
+			Map<String, Object> beansWithAnnotation = context.getBeansWithAnnotation(EnableGlobalAuthentication.class);
 			if (logger.isDebugEnabled()) {
 				logger.debug("Eagerly initializing " + beansWithAnnotation);
 			}
 		}
+
 	}
 
 	/**
@@ -225,8 +229,11 @@ public class AuthenticationConfiguration {
 	 * @since 4.1.1
 	 */
 	static final class AuthenticationManagerDelegator implements AuthenticationManager {
+
 		private AuthenticationManagerBuilder delegateBuilder;
+
 		private AuthenticationManager delegate;
+
 		private final Object delegateMonitor = new Object();
 
 		AuthenticationManagerDelegator(AuthenticationManagerBuilder delegateBuilder) {
@@ -235,8 +242,7 @@ public class AuthenticationConfiguration {
 		}
 
 		@Override
-		public Authentication authenticate(Authentication authentication)
-				throws AuthenticationException {
+		public Authentication authenticate(Authentication authentication) throws AuthenticationException {
 			if (this.delegate != null) {
 				return this.delegate.authenticate(authentication);
 			}
@@ -255,46 +261,46 @@ public class AuthenticationConfiguration {
 		public String toString() {
 			return "AuthenticationManagerDelegator [delegate=" + this.delegate + "]";
 		}
+
 	}
 
 	static class DefaultPasswordEncoderAuthenticationManagerBuilder extends AuthenticationManagerBuilder {
+
 		private PasswordEncoder defaultPasswordEncoder;
 
 		/**
 		 * Creates a new instance
-		 *
 		 * @param objectPostProcessor the {@link ObjectPostProcessor} instance to use.
 		 */
-		DefaultPasswordEncoderAuthenticationManagerBuilder(
-			ObjectPostProcessor<Object> objectPostProcessor, PasswordEncoder defaultPasswordEncoder) {
+		DefaultPasswordEncoderAuthenticationManagerBuilder(ObjectPostProcessor<Object> objectPostProcessor,
+				PasswordEncoder defaultPasswordEncoder) {
 			super(objectPostProcessor);
 			this.defaultPasswordEncoder = defaultPasswordEncoder;
 		}
 
 		@Override
 		public InMemoryUserDetailsManagerConfigurer<AuthenticationManagerBuilder> inMemoryAuthentication()
-			throws Exception {
-			return super.inMemoryAuthentication()
-				.passwordEncoder(this.defaultPasswordEncoder);
+				throws Exception {
+			return super.inMemoryAuthentication().passwordEncoder(this.defaultPasswordEncoder);
 		}
 
 		@Override
-		public JdbcUserDetailsManagerConfigurer<AuthenticationManagerBuilder> jdbcAuthentication()
-			throws Exception {
-			return super.jdbcAuthentication()
-				.passwordEncoder(this.defaultPasswordEncoder);
+		public JdbcUserDetailsManagerConfigurer<AuthenticationManagerBuilder> jdbcAuthentication() throws Exception {
+			return super.jdbcAuthentication().passwordEncoder(this.defaultPasswordEncoder);
 		}
 
 		@Override
 		public <T extends UserDetailsService> DaoAuthenticationConfigurer<AuthenticationManagerBuilder, T> userDetailsService(
-			T userDetailsService) throws Exception {
-			return super.userDetailsService(userDetailsService)
-				.passwordEncoder(this.defaultPasswordEncoder);
+				T userDetailsService) throws Exception {
+			return super.userDetailsService(userDetailsService).passwordEncoder(this.defaultPasswordEncoder);
 		}
+
 	}
 
 	static class LazyPasswordEncoder implements PasswordEncoder {
+
 		private ApplicationContext applicationContext;
+
 		private PasswordEncoder passwordEncoder;
 
 		LazyPasswordEncoder(ApplicationContext applicationContext) {
@@ -307,8 +313,7 @@ public class AuthenticationConfiguration {
 		}
 
 		@Override
-		public boolean matches(CharSequence rawPassword,
-			String encodedPassword) {
+		public boolean matches(CharSequence rawPassword, String encodedPassword) {
 			return getPasswordEncoder().matches(rawPassword, encodedPassword);
 		}
 
@@ -333,5 +338,7 @@ public class AuthenticationConfiguration {
 		public String toString() {
 			return getPasswordEncoder().toString();
 		}
+
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/EnableGlobalAuthentication.java b/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/EnableGlobalAuthentication.java
index 4a41eb75bf..78f8b11757 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/EnableGlobalAuthentication.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/EnableGlobalAuthentication.java
@@ -87,4 +87,5 @@ import org.springframework.security.config.annotation.web.servlet.configuration.
 @Import(AuthenticationConfiguration.class)
 @Configuration
 public @interface EnableGlobalAuthentication {
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/GlobalAuthenticationConfigurerAdapter.java b/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/GlobalAuthenticationConfigurerAdapter.java
index c3d6e253d4..cf349a0bf0 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/GlobalAuthenticationConfigurerAdapter.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/GlobalAuthenticationConfigurerAdapter.java
@@ -31,12 +31,13 @@ import org.springframework.security.config.annotation.authentication.configurati
  * @author Rob Winch
  */
 @Order(100)
-public abstract class GlobalAuthenticationConfigurerAdapter implements
-		SecurityConfigurer<AuthenticationManager, AuthenticationManagerBuilder> {
+public abstract class GlobalAuthenticationConfigurerAdapter
+		implements SecurityConfigurer<AuthenticationManager, AuthenticationManagerBuilder> {
 
 	public void init(AuthenticationManagerBuilder auth) throws Exception {
 	}
 
 	public void configure(AuthenticationManagerBuilder auth) throws Exception {
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/InitializeAuthenticationProviderBeanManagerConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/InitializeAuthenticationProviderBeanManagerConfigurer.java
index 6aa64b8dfa..499ad2b748 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/InitializeAuthenticationProviderBeanManagerConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/InitializeAuthenticationProviderBeanManagerConfigurer.java
@@ -21,26 +21,23 @@ import org.springframework.security.authentication.AuthenticationProvider;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 
 /**
- * Lazily initializes the global authentication with an {@link AuthenticationProvider} if it is
- * not yet configured and there is only a single Bean of that type.
+ * Lazily initializes the global authentication with an {@link AuthenticationProvider} if
+ * it is not yet configured and there is only a single Bean of that type.
  *
  * @author Rob Winch
  * @since 4.1
  */
 @Order(InitializeAuthenticationProviderBeanManagerConfigurer.DEFAULT_ORDER)
-class InitializeAuthenticationProviderBeanManagerConfigurer
-		extends GlobalAuthenticationConfigurerAdapter {
+class InitializeAuthenticationProviderBeanManagerConfigurer extends GlobalAuthenticationConfigurerAdapter {
 
-	static final int DEFAULT_ORDER = InitializeUserDetailsBeanManagerConfigurer.DEFAULT_ORDER
-			- 100;
+	static final int DEFAULT_ORDER = InitializeUserDetailsBeanManagerConfigurer.DEFAULT_ORDER - 100;
 
 	private final ApplicationContext context;
 
 	/**
 	 * @param context the ApplicationContext to look up beans.
 	 */
-	InitializeAuthenticationProviderBeanManagerConfigurer(
-			ApplicationContext context) {
+	InitializeAuthenticationProviderBeanManagerConfigurer(ApplicationContext context) {
 		this.context = context;
 	}
 
@@ -49,25 +46,24 @@ class InitializeAuthenticationProviderBeanManagerConfigurer
 		auth.apply(new InitializeAuthenticationProviderManagerConfigurer());
 	}
 
-	class InitializeAuthenticationProviderManagerConfigurer
-			extends GlobalAuthenticationConfigurerAdapter {
+	class InitializeAuthenticationProviderManagerConfigurer extends GlobalAuthenticationConfigurerAdapter {
+
 		@Override
 		public void configure(AuthenticationManagerBuilder auth) {
 			if (auth.isConfigured()) {
 				return;
 			}
-			AuthenticationProvider authenticationProvider = getBeanOrNull(
-					AuthenticationProvider.class);
+			AuthenticationProvider authenticationProvider = getBeanOrNull(AuthenticationProvider.class);
 			if (authenticationProvider == null) {
 				return;
 			}
 
-
 			auth.authenticationProvider(authenticationProvider);
 		}
 
 		/**
-		 * @return a bean of the requested class if there's just a single registered component, null otherwise.
+		 * @return a bean of the requested class if there's just a single registered
+		 * component, null otherwise.
 		 */
 		private <T> T getBeanOrNull(Class<T> type) {
 			String[] beanNames = InitializeAuthenticationProviderBeanManagerConfigurer.this.context
@@ -76,8 +72,9 @@ class InitializeAuthenticationProviderBeanManagerConfigurer
 				return null;
 			}
 
-			return InitializeAuthenticationProviderBeanManagerConfigurer.this.context
-					.getBean(beanNames[0], type);
+			return InitializeAuthenticationProviderBeanManagerConfigurer.this.context.getBean(beanNames[0], type);
 		}
+
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/InitializeUserDetailsBeanManagerConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/InitializeUserDetailsBeanManagerConfigurer.java
index 14013dbf0d..b1aa40b345 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/InitializeUserDetailsBeanManagerConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/InitializeUserDetailsBeanManagerConfigurer.java
@@ -33,8 +33,7 @@ import org.springframework.security.core.userdetails.UserDetailsPasswordService;
  * @since 4.1
  */
 @Order(InitializeUserDetailsBeanManagerConfigurer.DEFAULT_ORDER)
-class InitializeUserDetailsBeanManagerConfigurer
-		extends GlobalAuthenticationConfigurerAdapter {
+class InitializeUserDetailsBeanManagerConfigurer extends GlobalAuthenticationConfigurerAdapter {
 
 	static final int DEFAULT_ORDER = Ordered.LOWEST_PRECEDENCE - 5000;
 
@@ -52,15 +51,14 @@ class InitializeUserDetailsBeanManagerConfigurer
 		auth.apply(new InitializeUserDetailsManagerConfigurer());
 	}
 
-	class InitializeUserDetailsManagerConfigurer
-			extends GlobalAuthenticationConfigurerAdapter {
+	class InitializeUserDetailsManagerConfigurer extends GlobalAuthenticationConfigurerAdapter {
+
 		@Override
 		public void configure(AuthenticationManagerBuilder auth) throws Exception {
 			if (auth.isConfigured()) {
 				return;
 			}
-			UserDetailsService userDetailsService = getBeanOrNull(
-					UserDetailsService.class);
+			UserDetailsService userDetailsService = getBeanOrNull(UserDetailsService.class);
 			if (userDetailsService == null) {
 				return;
 			}
@@ -82,17 +80,18 @@ class InitializeUserDetailsBeanManagerConfigurer
 		}
 
 		/**
-		 * @return a bean of the requested class if there's just a single registered component, null otherwise.
+		 * @return a bean of the requested class if there's just a single registered
+		 * component, null otherwise.
 		 */
 		private <T> T getBeanOrNull(Class<T> type) {
-			String[] beanNames = InitializeUserDetailsBeanManagerConfigurer.this.context
-					.getBeanNamesForType(type);
+			String[] beanNames = InitializeUserDetailsBeanManagerConfigurer.this.context.getBeanNamesForType(type);
 			if (beanNames.length != 1) {
 				return null;
 			}
 
-			return InitializeUserDetailsBeanManagerConfigurer.this.context
-					.getBean(beanNames[0], type);
+			return InitializeUserDetailsBeanManagerConfigurer.this.context.getBean(beanNames[0], type);
 		}
+
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/ldap/LdapAuthenticationProviderConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/ldap/LdapAuthenticationProviderConfigurer.java
index 9c6e2bae85..2e3514057c 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/ldap/LdapAuthenticationProviderConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/ldap/LdapAuthenticationProviderConfigurer.java
@@ -52,27 +52,41 @@ import org.springframework.util.ClassUtils;
  * Configures LDAP {@link AuthenticationProvider} in the {@link ProviderManagerBuilder}.
  *
  * @param <B> the {@link ProviderManagerBuilder} type that this is configuring.
- *
  * @author Rob Winch
  * @author Eddú Meléndez
  * @since 3.2
  */
 public class LdapAuthenticationProviderConfigurer<B extends ProviderManagerBuilder<B>>
 		extends SecurityConfigurerAdapter<AuthenticationManager, B> {
+
 	private String groupRoleAttribute = "cn";
+
 	private String groupSearchBase = "";
+
 	private boolean groupSearchSubtree = false;
+
 	private String groupSearchFilter = "(uniqueMember={0})";
+
 	private String rolePrefix = "ROLE_";
+
 	private String userSearchBase = ""; // only for search
+
 	private String userSearchFilter = null; // "uid={0}"; // only for search
+
 	private String[] userDnPatterns;
+
 	private BaseLdapPathContextSource contextSource;
+
 	private ContextSourceBuilder contextSourceBuilder = new ContextSourceBuilder();
+
 	private UserDetailsContextMapper userDetailsContextMapper;
+
 	private PasswordEncoder passwordEncoder;
+
 	private String passwordAttribute;
+
 	private LdapAuthoritiesPopulator ldapAuthoritiesPopulator;
+
 	private GrantedAuthoritiesMapper authoritiesMapper;
 
 	private LdapAuthenticationProvider build() throws Exception {
@@ -81,19 +95,17 @@ public class LdapAuthenticationProviderConfigurer<B extends ProviderManagerBuild
 
 		LdapAuthoritiesPopulator authoritiesPopulator = getLdapAuthoritiesPopulator();
 
-		LdapAuthenticationProvider ldapAuthenticationProvider = new LdapAuthenticationProvider(
-				ldapAuthenticator, authoritiesPopulator);
+		LdapAuthenticationProvider ldapAuthenticationProvider = new LdapAuthenticationProvider(ldapAuthenticator,
+				authoritiesPopulator);
 		ldapAuthenticationProvider.setAuthoritiesMapper(getAuthoritiesMapper());
 		if (userDetailsContextMapper != null) {
-			ldapAuthenticationProvider
-					.setUserDetailsContextMapper(userDetailsContextMapper);
+			ldapAuthenticationProvider.setUserDetailsContextMapper(userDetailsContextMapper);
 		}
 		return ldapAuthenticationProvider;
 	}
 
 	/**
 	 * Specifies the {@link LdapAuthoritiesPopulator}.
-	 *
 	 * @param ldapAuthoritiesPopulator the {@link LdapAuthoritiesPopulator} the default is
 	 * {@link DefaultLdapAuthoritiesPopulator}
 	 * @return the {@link LdapAuthenticationProviderConfigurer} for further customizations
@@ -106,12 +118,10 @@ public class LdapAuthenticationProviderConfigurer<B extends ProviderManagerBuild
 
 	/**
 	 * Adds an {@link ObjectPostProcessor} for this class.
-	 *
 	 * @param objectPostProcessor
 	 * @return the {@link ChannelSecurityConfigurer} for further customizations
 	 */
-	public LdapAuthenticationProviderConfigurer<B> withObjectPostProcessor(
-			ObjectPostProcessor<?> objectPostProcessor) {
+	public LdapAuthenticationProviderConfigurer<B> withObjectPostProcessor(ObjectPostProcessor<?> objectPostProcessor) {
 		addObjectPostProcessor(objectPostProcessor);
 		return this;
 	}
@@ -119,7 +129,6 @@ public class LdapAuthenticationProviderConfigurer<B extends ProviderManagerBuild
 	/**
 	 * Gets the {@link LdapAuthoritiesPopulator} and defaults to
 	 * {@link DefaultLdapAuthoritiesPopulator}
-	 *
 	 * @return the {@link LdapAuthoritiesPopulator}
 	 */
 	private LdapAuthoritiesPopulator getLdapAuthoritiesPopulator() {
@@ -127,8 +136,8 @@ public class LdapAuthenticationProviderConfigurer<B extends ProviderManagerBuild
 			return ldapAuthoritiesPopulator;
 		}
 
-		DefaultLdapAuthoritiesPopulator defaultAuthoritiesPopulator = new DefaultLdapAuthoritiesPopulator(
-				contextSource, groupSearchBase);
+		DefaultLdapAuthoritiesPopulator defaultAuthoritiesPopulator = new DefaultLdapAuthoritiesPopulator(contextSource,
+				groupSearchBase);
 		defaultAuthoritiesPopulator.setGroupRoleAttribute(groupRoleAttribute);
 		defaultAuthoritiesPopulator.setGroupSearchFilter(groupSearchFilter);
 		defaultAuthoritiesPopulator.setSearchSubtree(groupSearchSubtree);
@@ -138,24 +147,24 @@ public class LdapAuthenticationProviderConfigurer<B extends ProviderManagerBuild
 		return defaultAuthoritiesPopulator;
 	}
 
-
 	/**
 	 * Specifies the {@link GrantedAuthoritiesMapper}.
-	 *
-	 * @param grantedAuthoritiesMapper the {@link GrantedAuthoritiesMapper} the default is {@link SimpleAuthorityMapper}
+	 * @param grantedAuthoritiesMapper the {@link GrantedAuthoritiesMapper} the default is
+	 * {@link SimpleAuthorityMapper}
 	 * @return the {@link LdapAuthenticationProviderConfigurer} for further customizations
 	 *
 	 * @author Tony Dalbrekt
 	 * @since 4.1.1
 	 */
-	public LdapAuthenticationProviderConfigurer<B> authoritiesMapper(GrantedAuthoritiesMapper grantedAuthoritiesMapper) {
+	public LdapAuthenticationProviderConfigurer<B> authoritiesMapper(
+			GrantedAuthoritiesMapper grantedAuthoritiesMapper) {
 		this.authoritiesMapper = grantedAuthoritiesMapper;
 		return this;
 	}
 
 	/**
-	 * Gets the {@link GrantedAuthoritiesMapper} and defaults to {@link SimpleAuthorityMapper}.
-	 *
+	 * Gets the {@link GrantedAuthoritiesMapper} and defaults to
+	 * {@link SimpleAuthorityMapper}.
 	 * @return the {@link GrantedAuthoritiesMapper}
 	 * @throws Exception if errors in {@link SimpleAuthorityMapper#afterPropertiesSet()}
 	 */
@@ -173,12 +182,10 @@ public class LdapAuthenticationProviderConfigurer<B extends ProviderManagerBuild
 
 	/**
 	 * Creates the {@link LdapAuthenticator} to use
-	 *
 	 * @param contextSource the {@link BaseLdapPathContextSource} to use
 	 * @return the {@link LdapAuthenticator} to use
 	 */
-	private LdapAuthenticator createLdapAuthenticator(
-			BaseLdapPathContextSource contextSource) {
+	private LdapAuthenticator createLdapAuthenticator(BaseLdapPathContextSource contextSource) {
 		AbstractLdapAuthenticator ldapAuthenticator = passwordEncoder == null ? createBindAuthenticator(contextSource)
 				: createPasswordCompareAuthenticator(contextSource);
 		LdapUserSearch userSearch = createUserSearch();
@@ -193,14 +200,12 @@ public class LdapAuthenticationProviderConfigurer<B extends ProviderManagerBuild
 
 	/**
 	 * Creates {@link PasswordComparisonAuthenticator}
-	 *
 	 * @param contextSource the {@link BaseLdapPathContextSource} to use
 	 * @return
 	 */
 	private PasswordComparisonAuthenticator createPasswordCompareAuthenticator(
 			BaseLdapPathContextSource contextSource) {
-		PasswordComparisonAuthenticator ldapAuthenticator = new PasswordComparisonAuthenticator(
-				contextSource);
+		PasswordComparisonAuthenticator ldapAuthenticator = new PasswordComparisonAuthenticator(contextSource);
 		if (passwordAttribute != null) {
 			ldapAuthenticator.setPasswordAttributeName(passwordAttribute);
 		}
@@ -210,12 +215,10 @@ public class LdapAuthenticationProviderConfigurer<B extends ProviderManagerBuild
 
 	/**
 	 * Creates a {@link BindAuthenticator}
-	 *
 	 * @param contextSource the {@link BaseLdapPathContextSource} to use
 	 * @return the {@link BindAuthenticator} to use
 	 */
-	private BindAuthenticator createBindAuthenticator(
-			BaseLdapPathContextSource contextSource) {
+	private BindAuthenticator createBindAuthenticator(BaseLdapPathContextSource contextSource) {
 		return new BindAuthenticator(contextSource);
 	}
 
@@ -223,20 +226,17 @@ public class LdapAuthenticationProviderConfigurer<B extends ProviderManagerBuild
 		if (userSearchFilter == null) {
 			return null;
 		}
-		return new FilterBasedLdapUserSearch(userSearchBase, userSearchFilter,
-				contextSource);
+		return new FilterBasedLdapUserSearch(userSearchBase, userSearchFilter, contextSource);
 	}
 
 	/**
 	 * Specifies the {@link BaseLdapPathContextSource} to be used. If not specified, an
 	 * embedded LDAP server will be created using {@link #contextSource()}.
-	 *
 	 * @param contextSource the {@link BaseLdapPathContextSource} to use
 	 * @return the {@link LdapAuthenticationProviderConfigurer} for further customizations
 	 * @see #contextSource()
 	 */
-	public LdapAuthenticationProviderConfigurer<B> contextSource(
-			BaseLdapPathContextSource contextSource) {
+	public LdapAuthenticationProviderConfigurer<B> contextSource(BaseLdapPathContextSource contextSource) {
 		this.contextSource = contextSource;
 		return this;
 	}
@@ -244,7 +244,6 @@ public class LdapAuthenticationProviderConfigurer<B extends ProviderManagerBuild
 	/**
 	 * Allows easily configuring of a {@link BaseLdapPathContextSource} with defaults
 	 * pointing to an embedded LDAP server that is created.
-	 *
 	 * @return the {@link ContextSourceBuilder} for further customizations
 	 */
 	public ContextSourceBuilder contextSource() {
@@ -254,7 +253,6 @@ public class LdapAuthenticationProviderConfigurer<B extends ProviderManagerBuild
 	/**
 	 * Specifies the {@link org.springframework.security.crypto.password.PasswordEncoder}
 	 * to be used when authenticating with password comparison.
-	 *
 	 * @param passwordEncoder the
 	 * {@link org.springframework.security.crypto.password.PasswordEncoder} to use
 	 * @return the {@link LdapAuthenticationProviderConfigurer} for further customization
@@ -273,12 +271,10 @@ public class LdapAuthenticationProviderConfigurer<B extends ProviderManagerBuild
 	 * property of AbstractLdapAuthenticator. The value is a specific pattern used to
 	 * build the user's DN, for example "uid={0},ou=people". The key "{0}" must be present
 	 * and will be substituted with the username.
-	 *
 	 * @param userDnPatterns the LDAP patterns for finding the usernames
 	 * @return the {@link LdapAuthenticationProviderConfigurer} for further customizations
 	 */
-	public LdapAuthenticationProviderConfigurer<B> userDnPatterns(
-			String... userDnPatterns) {
+	public LdapAuthenticationProviderConfigurer<B> userDnPatterns(String... userDnPatterns) {
 		this.userDnPatterns = userDnPatterns;
 		return this;
 	}
@@ -287,7 +283,6 @@ public class LdapAuthenticationProviderConfigurer<B extends ProviderManagerBuild
 	 * Allows explicit customization of the loaded user object by specifying a
 	 * UserDetailsContextMapper bean which will be called with the context information
 	 * from the user's directory entry.
-	 *
 	 * @param userDetailsContextMapper the {@link UserDetailsContextMapper} to use
 	 * @return the {@link LdapAuthenticationProviderConfigurer} for further customizations
 	 *
@@ -306,8 +301,7 @@ public class LdapAuthenticationProviderConfigurer<B extends ProviderManagerBuild
 	 * @param groupRoleAttribute the attribute name that maps a group to a role.
 	 * @return the {@link LdapAuthenticationProviderConfigurer} for further customizations
 	 */
-	public LdapAuthenticationProviderConfigurer<B> groupRoleAttribute(
-			String groupRoleAttribute) {
+	public LdapAuthenticationProviderConfigurer<B> groupRoleAttribute(String groupRoleAttribute) {
 		this.groupRoleAttribute = groupRoleAttribute;
 		return this;
 	}
@@ -323,11 +317,10 @@ public class LdapAuthenticationProviderConfigurer<B extends ProviderManagerBuild
 	}
 
 	/**
-	 * If set to true, a subtree scope search will be performed for group membership. If false a
-	 * single-level search is used.
-	 *
+	 * If set to true, a subtree scope search will be performed for group membership. If
+	 * false a single-level search is used.
 	 * @param searchSubtree set to true to enable searching of the entire tree below the
-	 *                      <tt>groupSearchBase</tt>.
+	 * <tt>groupSearchBase</tt>.
 	 * @return the {@link LdapAuthenticationProviderConfigurer} for further customizations
 	 */
 	public LdapAuthenticationProviderConfigurer<B> groupSearchSubtree(boolean groupSearchSubtree) {
@@ -338,12 +331,10 @@ public class LdapAuthenticationProviderConfigurer<B extends ProviderManagerBuild
 	/**
 	 * The LDAP filter to search for groups. Defaults to "(uniqueMember={0})". The
 	 * substituted parameter is the DN of the user.
-	 *
 	 * @param groupSearchFilter the LDAP filter to search for groups
 	 * @return the {@link LdapAuthenticationProviderConfigurer} for further customizations
 	 */
-	public LdapAuthenticationProviderConfigurer<B> groupSearchFilter(
-			String groupSearchFilter) {
+	public LdapAuthenticationProviderConfigurer<B> groupSearchFilter(String groupSearchFilter) {
 		this.groupSearchFilter = groupSearchFilter;
 		return this;
 	}
@@ -351,7 +342,6 @@ public class LdapAuthenticationProviderConfigurer<B extends ProviderManagerBuild
 	/**
 	 * A non-empty string prefix that will be added as a prefix to the existing roles. The
 	 * default is "ROLE_".
-	 *
 	 * @param rolePrefix the prefix to be added to the roles that are loaded.
 	 * @return the {@link LdapAuthenticationProviderConfigurer} for further customizations
 	 * @see SimpleAuthorityMapper#setPrefix(String)
@@ -364,7 +354,6 @@ public class LdapAuthenticationProviderConfigurer<B extends ProviderManagerBuild
 	/**
 	 * Search base for user searches. Defaults to "". Only used with
 	 * {@link #userSearchFilter(String)}.
-	 *
 	 * @param userSearchBase search base for user searches
 	 * @return the {@link LdapAuthenticationProviderConfigurer} for further customizations
 	 */
@@ -376,12 +365,10 @@ public class LdapAuthenticationProviderConfigurer<B extends ProviderManagerBuild
 	/**
 	 * The LDAP filter used to search for users (optional). For example "(uid={0})". The
 	 * substituted parameter is the user's login name.
-	 *
 	 * @param userSearchFilter the LDAP filter used to search for users
 	 * @return the {@link LdapAuthenticationProviderConfigurer} for further customizations
 	 */
-	public LdapAuthenticationProviderConfigurer<B> userSearchFilter(
-			String userSearchFilter) {
+	public LdapAuthenticationProviderConfigurer<B> userSearchFilter(String userSearchFilter) {
 		this.userSearchFilter = userSearchFilter;
 		return this;
 	}
@@ -413,7 +400,6 @@ public class LdapAuthenticationProviderConfigurer<B extends ProviderManagerBuild
 		/**
 		 * The attribute in the directory which contains the user password. Defaults to
 		 * "userPassword".
-		 *
 		 * @param passwordAttribute the attribute in the directory which contains the user
 		 * password
 		 * @return the {@link PasswordCompareConfigurer} for further customizations
@@ -426,7 +412,6 @@ public class LdapAuthenticationProviderConfigurer<B extends ProviderManagerBuild
 		/**
 		 * Allows obtaining a reference to the
 		 * {@link LdapAuthenticationProviderConfigurer} for further customizations
-		 *
 		 * @return attribute in the directory which contains the user password
 		 */
 		public LdapAuthenticationProviderConfigurer<B> and() {
@@ -435,6 +420,7 @@ public class LdapAuthenticationProviderConfigurer<B extends ProviderManagerBuild
 
 		private PasswordCompareConfigurer() {
 		}
+
 	}
 
 	/**
@@ -446,23 +432,30 @@ public class LdapAuthenticationProviderConfigurer<B extends ProviderManagerBuild
 	 * @since 3.2
 	 */
 	public final class ContextSourceBuilder {
+
 		private static final String APACHEDS_CLASSNAME = "org.apache.directory.server.core.DefaultDirectoryService";
+
 		private static final String UNBOUNDID_CLASSNAME = "com.unboundid.ldap.listener.InMemoryDirectoryServer";
 
 		private static final int DEFAULT_PORT = 33389;
+
 		private static final int RANDOM_PORT = 0;
 
 		private String ldif = "classpath*:*.ldif";
+
 		private String managerPassword;
+
 		private String managerDn;
+
 		private Integer port;
+
 		private String root = "dc=springframework,dc=org";
+
 		private String url;
 
 		/**
 		 * Specifies an ldif to load at startup for an embedded LDAP server. This only
 		 * loads if using an embedded instance. The default is "classpath*:*.ldif".
-		 *
 		 * @param ldif the ldif to load at startup for an embedded LDAP server.
 		 * @return the {@link ContextSourceBuilder} for further customization
 		 */
@@ -475,7 +468,6 @@ public class LdapAuthenticationProviderConfigurer<B extends ProviderManagerBuild
 		 * Username (DN) of the "manager" user identity (i.e. "uid=admin,ou=system") which
 		 * will be used to authenticate to a (non-embedded) LDAP server. If omitted,
 		 * anonymous access will be used.
-		 *
 		 * @param managerDn the username (DN) of the "manager" user identity used to
 		 * authenticate to a LDAP server.
 		 * @return the {@link ContextSourceBuilder} for further customization
@@ -500,8 +492,8 @@ public class LdapAuthenticationProviderConfigurer<B extends ProviderManagerBuild
 		 * The port to connect to LDAP to (the default is 33389 or random available port
 		 * if unavailable).
 		 *
-		 * Supplying 0 as the port indicates that a random available port should be selected.
-		 *
+		 * Supplying 0 as the port indicates that a random available port should be
+		 * selected.
 		 * @param port the port to connect to
 		 * @return the {@link ContextSourceBuilder} for further customization
 		 */
@@ -513,7 +505,6 @@ public class LdapAuthenticationProviderConfigurer<B extends ProviderManagerBuild
 		/**
 		 * Optional root suffix for the embedded LDAP server. Default is
 		 * "dc=springframework,dc=org"
-		 *
 		 * @param root root suffix for the embedded LDAP server
 		 * @return the {@link ContextSourceBuilder} for further customization
 		 */
@@ -525,7 +516,6 @@ public class LdapAuthenticationProviderConfigurer<B extends ProviderManagerBuild
 		/**
 		 * Specifies the ldap server URL when not using the embedded LDAP server. For
 		 * example, "ldaps://ldap.example.com:33389/dc=myco,dc=org".
-		 *
 		 * @param url the ldap server URL
 		 * @return the {@link ContextSourceBuilder} for further customization
 		 */
@@ -537,7 +527,6 @@ public class LdapAuthenticationProviderConfigurer<B extends ProviderManagerBuild
 		/**
 		 * Gets the {@link LdapAuthenticationProviderConfigurer} for further
 		 * customizations
-		 *
 		 * @return the {@link LdapAuthenticationProviderConfigurer} for further
 		 * customizations
 		 */
@@ -550,13 +539,11 @@ public class LdapAuthenticationProviderConfigurer<B extends ProviderManagerBuild
 				startEmbeddedLdapServer();
 			}
 
-			DefaultSpringSecurityContextSource contextSource = new DefaultSpringSecurityContextSource(
-					getProviderUrl());
+			DefaultSpringSecurityContextSource contextSource = new DefaultSpringSecurityContextSource(getProviderUrl());
 			if (managerDn != null) {
 				contextSource.setUserDn(managerDn);
 				if (managerPassword == null) {
-					throw new IllegalStateException(
-							"managerPassword is required if managerDn is supplied");
+					throw new IllegalStateException("managerPassword is required if managerDn is supplied");
 				}
 				contextSource.setPassword(managerPassword);
 			}
@@ -592,7 +579,8 @@ public class LdapAuthenticationProviderConfigurer<B extends ProviderManagerBuild
 		private int getDefaultPort() {
 			try (ServerSocket serverSocket = new ServerSocket(DEFAULT_PORT)) {
 				return serverSocket.getLocalPort();
-			} catch (IOException e) {
+			}
+			catch (IOException e) {
 				return RANDOM_PORT;
 			}
 		}
@@ -606,6 +594,7 @@ public class LdapAuthenticationProviderConfigurer<B extends ProviderManagerBuild
 
 		private ContextSourceBuilder() {
 		}
+
 	}
 
 	private BaseLdapPathContextSource getContextSource() throws Exception {
@@ -622,4 +611,5 @@ public class LdapAuthenticationProviderConfigurer<B extends ProviderManagerBuild
 		return new PasswordCompareConfigurer().passwordAttribute("password")
 				.passwordEncoder(NoOpPasswordEncoder.getInstance());
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/provisioning/InMemoryUserDetailsManagerConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/provisioning/InMemoryUserDetailsManagerConfigurer.java
index 12782d8bcc..f5a3591e03 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/provisioning/InMemoryUserDetailsManagerConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/provisioning/InMemoryUserDetailsManagerConfigurer.java
@@ -27,7 +27,6 @@ import org.springframework.security.provisioning.InMemoryUserDetailsManager;
  * authentication.
  *
  * @param <B> the type of the {@link ProviderManagerBuilder} that is being configured
- *
  * @author Rob Winch
  * @since 3.2
  */
@@ -40,4 +39,5 @@ public class InMemoryUserDetailsManagerConfigurer<B extends ProviderManagerBuild
 	public InMemoryUserDetailsManagerConfigurer() {
 		super(new InMemoryUserDetailsManager(new ArrayList<>()));
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/provisioning/JdbcUserDetailsManagerConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/provisioning/JdbcUserDetailsManagerConfigurer.java
index 035bd7877f..89928fb6e6 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/provisioning/JdbcUserDetailsManagerConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/provisioning/JdbcUserDetailsManagerConfigurer.java
@@ -40,7 +40,6 @@ import org.springframework.security.provisioning.JdbcUserDetailsManager;
  * methods have reasonable defaults.
  *
  * @param <B> the type of the {@link ProviderManagerBuilder} that is being configured
- *
  * @author Rob Winch
  * @since 3.2
  */
@@ -61,9 +60,9 @@ public class JdbcUserDetailsManagerConfigurer<B extends ProviderManagerBuilder<B
 
 	/**
 	 * Populates the {@link DataSource} to be used. This is the only required attribute.
-	 *
 	 * @param dataSource the {@link DataSource} to be used. Cannot be null.
-	 * @return The {@link JdbcUserDetailsManagerConfigurer} used for additional customizations
+	 * @return The {@link JdbcUserDetailsManagerConfigurer} used for additional
+	 * customizations
 	 */
 	public JdbcUserDetailsManagerConfigurer<B> dataSource(DataSource dataSource) {
 		this.dataSource = dataSource;
@@ -94,7 +93,6 @@ public class JdbcUserDetailsManagerConfigurer<B extends ProviderManagerBuilder<B
 	 * <code>
 	 *     select username,authority from authorities where username = ?
 	 * </code>
-	 *
 	 * @param query The query to use for selecting the username, authority by username.
 	 * Must contain a single parameter for the username.
 	 * @return The {@link JdbcUserDetailsManagerConfigurer} used for additional
@@ -116,7 +114,6 @@ public class JdbcUserDetailsManagerConfigurer<B extends ProviderManagerBuilder<B
 	 *     where
 	 *         gm.username = ? and g.id = ga.group_id and g.id = gm.group_id
 	 * </code>
-	 *
 	 * @param query The query to use for selecting the authorities by group. Must contain
 	 * a single parameter for the username.
 	 * @return The {@link JdbcUserDetailsManagerConfigurer} used for additional
@@ -132,9 +129,9 @@ public class JdbcUserDetailsManagerConfigurer<B extends ProviderManagerBuilder<B
 	/**
 	 * A non-empty string prefix that will be added to role strings loaded from persistent
 	 * storage (default is "").
-	 *
 	 * @param rolePrefix
-	 * @return The {@link JdbcUserDetailsManagerConfigurer} used for additional customizations
+	 * @return The {@link JdbcUserDetailsManagerConfigurer} used for additional
+	 * customizations
 	 */
 	public JdbcUserDetailsManagerConfigurer<B> rolePrefix(String rolePrefix) {
 		getUserDetailsService().setRolePrefix(rolePrefix);
@@ -143,7 +140,6 @@ public class JdbcUserDetailsManagerConfigurer<B extends ProviderManagerBuilder<B
 
 	/**
 	 * Defines the {@link UserCache} to use
-	 *
 	 * @param userCache the {@link UserCache} to use
 	 * @return the {@link JdbcUserDetailsManagerConfigurer} for further customizations
 	 */
@@ -167,13 +163,11 @@ public class JdbcUserDetailsManagerConfigurer<B extends ProviderManagerBuilder<B
 
 	/**
 	 * Populates the default schema that allows users and authorities to be stored.
-	 *
 	 * @return The {@link JdbcUserDetailsManagerConfigurer} used for additional
 	 * customizations
 	 */
 	public JdbcUserDetailsManagerConfigurer<B> withDefaultSchema() {
-		this.initScripts.add(new ClassPathResource(
-				"org/springframework/security/core/userdetails/jdbc/users.ddl"));
+		this.initScripts.add(new ClassPathResource("org/springframework/security/core/userdetails/jdbc/users.ddl"));
 		return this;
 	}
 
@@ -189,4 +183,5 @@ public class JdbcUserDetailsManagerConfigurer<B extends ProviderManagerBuilder<B
 		dsi.setDataSource(dataSource);
 		return dsi;
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/provisioning/UserDetailsManagerConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/provisioning/UserDetailsManagerConfigurer.java
index 0ae53f7e63..d6681aa70d 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/provisioning/UserDetailsManagerConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/provisioning/UserDetailsManagerConfigurer.java
@@ -34,7 +34,6 @@ import org.springframework.security.provisioning.UserDetailsManager;
  *
  * @param <B> the type of the {@link SecurityBuilder} that is being configured
  * @param <C> the type of {@link UserDetailsManagerConfigurer}
- *
  * @author Rob Winch
  * @since 3.2
  */
@@ -51,7 +50,6 @@ public class UserDetailsManagerConfigurer<B extends ProviderManagerBuilder<B>, C
 
 	/**
 	 * Populates the users that have been added.
-	 *
 	 * @throws Exception
 	 */
 	@Override
@@ -67,7 +65,6 @@ public class UserDetailsManagerConfigurer<B extends ProviderManagerBuilder<B>, C
 	/**
 	 * Allows adding a user to the {@link UserDetailsManager} that is being created. This
 	 * method can be invoked multiple times to add multiple users.
-	 *
 	 * @param userDetails the user to add. Cannot be null.
 	 * @return the {@link UserDetailsBuilder} for further customizations
 	 */
@@ -80,7 +77,6 @@ public class UserDetailsManagerConfigurer<B extends ProviderManagerBuilder<B>, C
 	/**
 	 * Allows adding a user to the {@link UserDetailsManager} that is being created. This
 	 * method can be invoked multiple times to add multiple users.
-	 *
 	 * @param userBuilder the user to add. Cannot be null.
 	 * @return the {@link UserDetailsBuilder} for further customizations
 	 */
@@ -93,7 +89,6 @@ public class UserDetailsManagerConfigurer<B extends ProviderManagerBuilder<B>, C
 	/**
 	 * Allows adding a user to the {@link UserDetailsManager} that is being created. This
 	 * method can be invoked multiple times to add multiple users.
-	 *
 	 * @param username the username for the user being added. Cannot be null.
 	 * @return the {@link UserDetailsBuilder} for further customizations
 	 */
@@ -110,7 +105,9 @@ public class UserDetailsManagerConfigurer<B extends ProviderManagerBuilder<B>, C
 	 * should provided. The remaining attributes have reasonable defaults.
 	 */
 	public class UserDetailsBuilder {
+
 		private UserBuilder user;
+
 		private final C builder;
 
 		/**
@@ -122,9 +119,8 @@ public class UserDetailsManagerConfigurer<B extends ProviderManagerBuilder<B>, C
 		}
 
 		/**
-		 * Returns the {@link UserDetailsManagerConfigurer} for method chaining (i.e. to add
-		 * another user)
-		 *
+		 * Returns the {@link UserDetailsManagerConfigurer} for method chaining (i.e. to
+		 * add another user)
 		 * @return the {@link UserDetailsManagerConfigurer} for method chaining
 		 */
 		public C and() {
@@ -133,7 +129,6 @@ public class UserDetailsManagerConfigurer<B extends ProviderManagerBuilder<B>, C
 
 		/**
 		 * Populates the username. This attribute is required.
-		 *
 		 * @param username the username. Cannot be null.
 		 * @return the {@link UserDetailsBuilder} for method chaining (i.e. to populate
 		 * additional attributes for this user)
@@ -145,7 +140,6 @@ public class UserDetailsManagerConfigurer<B extends ProviderManagerBuilder<B>, C
 
 		/**
 		 * Populates the password. This attribute is required.
-		 *
 		 * @param password the password. Cannot be null.
 		 * @return the {@link UserDetailsBuilder} for method chaining (i.e. to populate
 		 * additional attributes for this user)
@@ -174,7 +168,6 @@ public class UserDetailsManagerConfigurer<B extends ProviderManagerBuilder<B>, C
 		 * This attribute is required, but can also be populated with
 		 * {@link #authorities(String...)}.
 		 * </p>
-		 *
 		 * @param roles the roles for this user (i.e. USER, ADMIN, etc). Cannot be null,
 		 * contain null values or start with "ROLE_"
 		 * @return the {@link UserDetailsBuilder} for method chaining (i.e. to populate
@@ -187,7 +180,6 @@ public class UserDetailsManagerConfigurer<B extends ProviderManagerBuilder<B>, C
 
 		/**
 		 * Populates the authorities. This attribute is required.
-		 *
 		 * @param authorities the authorities for this user. Cannot be null, or contain
 		 * null values
 		 * @return the {@link UserDetailsBuilder} for method chaining (i.e. to populate
@@ -201,7 +193,6 @@ public class UserDetailsManagerConfigurer<B extends ProviderManagerBuilder<B>, C
 
 		/**
 		 * Populates the authorities. This attribute is required.
-		 *
 		 * @param authorities the authorities for this user. Cannot be null, or contain
 		 * null values
 		 * @return the {@link UserDetailsBuilder} for method chaining (i.e. to populate
@@ -215,7 +206,6 @@ public class UserDetailsManagerConfigurer<B extends ProviderManagerBuilder<B>, C
 
 		/**
 		 * Populates the authorities. This attribute is required.
-		 *
 		 * @param authorities the authorities for this user (i.e. ROLE_USER, ROLE_ADMIN,
 		 * etc). Cannot be null, or contain null values
 		 * @return the {@link UserDetailsBuilder} for method chaining (i.e. to populate
@@ -229,7 +219,6 @@ public class UserDetailsManagerConfigurer<B extends ProviderManagerBuilder<B>, C
 
 		/**
 		 * Defines if the account is expired or not. Default is false.
-		 *
 		 * @param accountExpired true if the account is expired, false otherwise
 		 * @return the {@link UserDetailsBuilder} for method chaining (i.e. to populate
 		 * additional attributes for this user)
@@ -241,7 +230,6 @@ public class UserDetailsManagerConfigurer<B extends ProviderManagerBuilder<B>, C
 
 		/**
 		 * Defines if the account is locked or not. Default is false.
-		 *
 		 * @param accountLocked true if the account is locked, false otherwise
 		 * @return the {@link UserDetailsBuilder} for method chaining (i.e. to populate
 		 * additional attributes for this user)
@@ -253,7 +241,6 @@ public class UserDetailsManagerConfigurer<B extends ProviderManagerBuilder<B>, C
 
 		/**
 		 * Defines if the credentials are expired or not. Default is false.
-		 *
 		 * @param credentialsExpired true if the credentials are expired, false otherwise
 		 * @return the {@link UserDetailsBuilder} for method chaining (i.e. to populate
 		 * additional attributes for this user)
@@ -265,7 +252,6 @@ public class UserDetailsManagerConfigurer<B extends ProviderManagerBuilder<B>, C
 
 		/**
 		 * Defines if the account is disabled or not. Default is false.
-		 *
 		 * @param disabled true if the account is disabled, false otherwise
 		 * @return the {@link UserDetailsBuilder} for method chaining (i.e. to populate
 		 * additional attributes for this user)
@@ -278,5 +264,7 @@ public class UserDetailsManagerConfigurer<B extends ProviderManagerBuilder<B>, C
 		UserDetails build() {
 			return this.user.build();
 		}
+
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/userdetails/AbstractDaoAuthenticationConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/userdetails/AbstractDaoAuthenticationConfigurer.java
index 0cf004160f..ebc2fa8e36 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/userdetails/AbstractDaoAuthenticationConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/userdetails/AbstractDaoAuthenticationConfigurer.java
@@ -28,7 +28,6 @@ import org.springframework.security.core.userdetails.UserDetailsPasswordService;
  *
  * @author Rob Winch
  * @since 3.2
- *
  * @param <B> the type of the {@link SecurityBuilder}
  * @param <C> the type of {@link AbstractDaoAuthenticationConfigurer} this is
  * @param <U> The type of {@link UserDetailsService} that is being used
@@ -36,12 +35,13 @@ import org.springframework.security.core.userdetails.UserDetailsPasswordService;
  */
 abstract class AbstractDaoAuthenticationConfigurer<B extends ProviderManagerBuilder<B>, C extends AbstractDaoAuthenticationConfigurer<B, C, U>, U extends UserDetailsService>
 		extends UserDetailsAwareConfigurer<B, U> {
+
 	private DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
+
 	private final U userDetailsService;
 
 	/**
 	 * Creates a new instance
-	 *
 	 * @param userDetailsService
 	 */
 	protected AbstractDaoAuthenticationConfigurer(U userDetailsService) {
@@ -54,7 +54,6 @@ abstract class AbstractDaoAuthenticationConfigurer<B extends ProviderManagerBuil
 
 	/**
 	 * Adds an {@link ObjectPostProcessor} for this class.
-	 *
 	 * @param objectPostProcessor
 	 * @return the {@link AbstractDaoAuthenticationConfigurer} for further customizations
 	 */
@@ -67,7 +66,6 @@ abstract class AbstractDaoAuthenticationConfigurer<B extends ProviderManagerBuil
 	/**
 	 * Allows specifying the {@link PasswordEncoder} to use with the
 	 * {@link DaoAuthenticationProvider}. The default is to use plain text.
-	 *
 	 * @param passwordEncoder The {@link PasswordEncoder} to use.
 	 * @return the {@link AbstractDaoAuthenticationConfigurer} for further customizations
 	 */
@@ -91,11 +89,11 @@ abstract class AbstractDaoAuthenticationConfigurer<B extends ProviderManagerBuil
 	/**
 	 * Gets the {@link UserDetailsService} that is used with the
 	 * {@link DaoAuthenticationProvider}
-	 *
 	 * @return the {@link UserDetailsService} that is used with the
 	 * {@link DaoAuthenticationProvider}
 	 */
 	public U getUserDetailsService() {
 		return userDetailsService;
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/userdetails/DaoAuthenticationConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/userdetails/DaoAuthenticationConfigurer.java
index e138b948ab..0a29a8b057 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/userdetails/DaoAuthenticationConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/userdetails/DaoAuthenticationConfigurer.java
@@ -24,14 +24,12 @@ import org.springframework.security.core.userdetails.UserDetailsService;
  *
  * @author Rob Winch
  * @since 3.2
- *
  * @param <B> The type of {@link ProviderManagerBuilder} this is
  * @param <U> The type of {@link UserDetailsService} that is being used
  *
  */
 public class DaoAuthenticationConfigurer<B extends ProviderManagerBuilder<B>, U extends UserDetailsService>
-		extends
-		AbstractDaoAuthenticationConfigurer<B, DaoAuthenticationConfigurer<B, U>, U> {
+		extends AbstractDaoAuthenticationConfigurer<B, DaoAuthenticationConfigurer<B, U>, U> {
 
 	/**
 	 * Creates a new instance
@@ -40,4 +38,5 @@ public class DaoAuthenticationConfigurer<B extends ProviderManagerBuilder<B>, U
 	public DaoAuthenticationConfigurer(U userDetailsService) {
 		super(userDetailsService);
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/userdetails/UserDetailsAwareConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/userdetails/UserDetailsAwareConfigurer.java
index 7ba27523ec..ee2dc6eac4 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/userdetails/UserDetailsAwareConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/userdetails/UserDetailsAwareConfigurer.java
@@ -26,7 +26,6 @@ import org.springframework.security.core.userdetails.UserDetailsService;
  * value with {@link AuthenticationManagerBuilder}.
  *
  * @author Rob Winch
- *
  * @param <B> the type of the {@link ProviderManagerBuilder}
  * @param <U> the type of {@link UserDetailsService}
  */
@@ -38,4 +37,5 @@ public abstract class UserDetailsAwareConfigurer<B extends ProviderManagerBuilde
 	 * @return the {@link UserDetailsService} or null if it is not available
 	 */
 	public abstract U getUserDetailsService();
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/userdetails/UserDetailsServiceConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/userdetails/UserDetailsServiceConfigurer.java
index 0b9e09cf03..a5dbdd7a56 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/userdetails/UserDetailsServiceConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/userdetails/UserDetailsServiceConfigurer.java
@@ -25,7 +25,6 @@ import org.springframework.security.core.userdetails.UserDetailsService;
  *
  * @author Rob Winch
  * @since 3.2
- *
  * @param <B> the type of the {@link ProviderManagerBuilder}
  * @param <C> the {@link UserDetailsServiceConfigurer} (or this)
  * @param <U> the type of UserDetailsService being used to allow for returning the
@@ -55,4 +54,5 @@ public class UserDetailsServiceConfigurer<B extends ProviderManagerBuilder<B>, C
 	 */
 	protected void initUserDetailsService() throws Exception {
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/configuration/AutowireBeanFactoryObjectPostProcessor.java b/config/src/main/java/org/springframework/security/config/annotation/configuration/AutowireBeanFactoryObjectPostProcessor.java
index 813e05684c..5844af0506 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/configuration/AutowireBeanFactoryObjectPostProcessor.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/configuration/AutowireBeanFactoryObjectPostProcessor.java
@@ -39,13 +39,16 @@ import org.springframework.util.Assert;
  */
 final class AutowireBeanFactoryObjectPostProcessor
 		implements ObjectPostProcessor<Object>, DisposableBean, SmartInitializingSingleton {
+
 	private final Log logger = LogFactory.getLog(getClass());
+
 	private final AutowireCapableBeanFactory autowireBeanFactory;
+
 	private final List<DisposableBean> disposableBeans = new ArrayList<>();
+
 	private final List<SmartInitializingSingleton> smartSingletons = new ArrayList<>();
 
-	AutowireBeanFactoryObjectPostProcessor(
-			AutowireCapableBeanFactory autowireBeanFactory) {
+	AutowireBeanFactoryObjectPostProcessor(AutowireCapableBeanFactory autowireBeanFactory) {
 		Assert.notNull(autowireBeanFactory, "autowireBeanFactory cannot be null");
 		this.autowireBeanFactory = autowireBeanFactory;
 	}
@@ -64,13 +67,11 @@ final class AutowireBeanFactoryObjectPostProcessor
 		}
 		T result = null;
 		try {
-			result = (T) this.autowireBeanFactory.initializeBean(object,
-					object.toString());
+			result = (T) this.autowireBeanFactory.initializeBean(object, object.toString());
 		}
 		catch (RuntimeException e) {
 			Class<?> type = object.getClass();
-			throw new RuntimeException(
-					"Could not postProcess " + object + " of type " + type, e);
+			throw new RuntimeException("Could not postProcess " + object + " of type " + type, e);
 		}
 		this.autowireBeanFactory.autowireBean(object);
 		if (result instanceof DisposableBean) {
@@ -82,8 +83,11 @@ final class AutowireBeanFactoryObjectPostProcessor
 		return result;
 	}
 
-	/* (non-Javadoc)
-	 * @see org.springframework.beans.factory.SmartInitializingSingleton#afterSingletonsInstantiated()
+	/*
+	 * (non-Javadoc)
+	 *
+	 * @see org.springframework.beans.factory.SmartInitializingSingleton#
+	 * afterSingletonsInstantiated()
 	 */
 	@Override
 	public void afterSingletonsInstantiated() {
diff --git a/config/src/main/java/org/springframework/security/config/annotation/configuration/ObjectPostProcessorConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/configuration/ObjectPostProcessorConfiguration.java
index 3c61557c4c..3dcaa846b4 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/configuration/ObjectPostProcessorConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/configuration/ObjectPostProcessorConfiguration.java
@@ -31,7 +31,6 @@ import org.springframework.security.config.annotation.web.configuration.EnableWe
  *
  * @see EnableWebSecurity
  * @see EnableGlobalMethodSecurity
- *
  * @author Rob Winch
  * @since 3.2
  */
@@ -41,8 +40,8 @@ public class ObjectPostProcessorConfiguration {
 
 	@Bean
 	@Role(BeanDefinition.ROLE_INFRASTRUCTURE)
-	public ObjectPostProcessor<Object> objectPostProcessor(
-			AutowireCapableBeanFactory beanFactory) {
+	public ObjectPostProcessor<Object> objectPostProcessor(AutowireCapableBeanFactory beanFactory) {
 		return new AutowireBeanFactoryObjectPostProcessor(beanFactory);
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/EnableGlobalMethodSecurity.java b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/EnableGlobalMethodSecurity.java
index 7c1fbc49d0..61d4f33609 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/EnableGlobalMethodSecurity.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/EnableGlobalMethodSecurity.java
@@ -28,8 +28,8 @@ import org.springframework.security.config.annotation.authentication.configurati
 
 /**
  * <p>
- * Enables Spring Security global method security similar to the &lt;global-method-security&gt;
- * xml support.
+ * Enables Spring Security global method security similar to the
+ * &lt;global-method-security&gt; xml support.
  *
  * <p>
  * More advanced configurations may wish to extend
@@ -82,7 +82,6 @@ public @interface EnableGlobalMethodSecurity {
 	 * annotation will be upgraded to subclass proxying at the same time. This approach
 	 * has no negative impact in practice unless one is explicitly expecting one type of
 	 * proxy vs another, e.g. in tests.
-	 *
 	 * @return true if CGILIB proxies should be created instead of interface based
 	 * proxies, else false
 	 */
@@ -92,7 +91,6 @@ public @interface EnableGlobalMethodSecurity {
 	 * Indicate how security advice should be applied. The default is
 	 * {@link AdviceMode#PROXY}.
 	 * @see AdviceMode
-	 *
 	 * @return the {@link AdviceMode} to use
 	 */
 	AdviceMode mode() default AdviceMode.PROXY;
@@ -101,8 +99,8 @@ public @interface EnableGlobalMethodSecurity {
 	 * Indicate the ordering of the execution of the security advisor when multiple
 	 * advices are applied at a specific joinpoint. The default is
 	 * {@link Ordered#LOWEST_PRECEDENCE}.
-	 *
 	 * @return the order the security advisor should be applied
 	 */
 	int order() default Ordered.LOWEST_PRECEDENCE;
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/EnableReactiveMethodSecurity.java b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/EnableReactiveMethodSecurity.java
index 3d659bc4eb..11fcf66e80 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/EnableReactiveMethodSecurity.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/EnableReactiveMethodSecurity.java
@@ -36,16 +36,18 @@ import java.lang.annotation.Target;
 @Import({ ReactiveMethodSecuritySelector.class })
 @Configuration
 public @interface EnableReactiveMethodSecurity {
+
 	/**
-	 * Indicate whether subclass-based (CGLIB) proxies are to be created as opposed
-	 * to standard Java interface-based proxies. The default is {@code false}. <strong>
+	 * Indicate whether subclass-based (CGLIB) proxies are to be created as opposed to
+	 * standard Java interface-based proxies. The default is {@code false}. <strong>
 	 * Applicable only if {@link #mode()} is set to {@link AdviceMode#PROXY}</strong>.
-	 * <p>Note that setting this attribute to {@code true} will affect <em>all</em>
-	 * Spring-managed beans requiring proxying, not just those marked with {@code @Cacheable}.
-	 * For example, other beans marked with Spring's {@code @Transactional} annotation will
-	 * be upgraded to subclass proxying at the same time. This approach has no negative
-	 * impact in practice unless one is explicitly expecting one type of proxy vs another,
-	 * e.g. in tests.
+	 * <p>
+	 * Note that setting this attribute to {@code true} will affect <em>all</em>
+	 * Spring-managed beans requiring proxying, not just those marked with
+	 * {@code @Cacheable}. For example, other beans marked with Spring's
+	 * {@code @Transactional} annotation will be upgraded to subclass proxying at the same
+	 * time. This approach has no negative impact in practice unless one is explicitly
+	 * expecting one type of proxy vs another, e.g. in tests.
 	 */
 	boolean proxyTargetClass() default false;
 
@@ -53,7 +55,6 @@ public @interface EnableReactiveMethodSecurity {
 	 * Indicate how security advice should be applied. The default is
 	 * {@link AdviceMode#PROXY}.
 	 * @see AdviceMode
-	 *
 	 * @return the {@link AdviceMode} to use
 	 */
 	AdviceMode mode() default AdviceMode.PROXY;
@@ -62,8 +63,8 @@ public @interface EnableReactiveMethodSecurity {
 	 * Indicate the ordering of the execution of the security advisor when multiple
 	 * advices are applied at a specific joinpoint. The default is
 	 * {@link Ordered#LOWEST_PRECEDENCE}.
-	 *
 	 * @return the order the security advisor should be applied
 	 */
 	int order() default Ordered.LOWEST_PRECEDENCE;
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityAspectJAutoProxyRegistrar.java b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityAspectJAutoProxyRegistrar.java
index 392c58f3d8..0d2705d6f5 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityAspectJAutoProxyRegistrar.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityAspectJAutoProxyRegistrar.java
@@ -36,28 +36,24 @@ import org.springframework.core.type.AnnotationMetadata;
  * @author Rob Winch
  * @since 3.2
  */
-class GlobalMethodSecurityAspectJAutoProxyRegistrar implements
-		ImportBeanDefinitionRegistrar {
+class GlobalMethodSecurityAspectJAutoProxyRegistrar implements ImportBeanDefinitionRegistrar {
 
 	/**
 	 * Register, escalate, and configure the AspectJ auto proxy creator based on the value
 	 * of the @{@link EnableGlobalMethodSecurity#proxyTargetClass()} attribute on the
 	 * importing {@code @Configuration} class.
 	 */
-	public void registerBeanDefinitions(AnnotationMetadata importingClassMetadata,
-			BeanDefinitionRegistry registry) {
+	public void registerBeanDefinitions(AnnotationMetadata importingClassMetadata, BeanDefinitionRegistry registry) {
 
-		BeanDefinition interceptor = registry
-				.getBeanDefinition("methodSecurityInterceptor");
+		BeanDefinition interceptor = registry.getBeanDefinition("methodSecurityInterceptor");
 
-		BeanDefinitionBuilder aspect = BeanDefinitionBuilder
-				.rootBeanDefinition("org.springframework.security.access.intercept.aspectj.aspect.AnnotationSecurityAspect");
+		BeanDefinitionBuilder aspect = BeanDefinitionBuilder.rootBeanDefinition(
+				"org.springframework.security.access.intercept.aspectj.aspect.AnnotationSecurityAspect");
 		aspect.setFactoryMethod("aspectOf");
 		aspect.setRole(BeanDefinition.ROLE_INFRASTRUCTURE);
 		aspect.addPropertyValue("securityInterceptor", interceptor);
 
-		registry.registerBeanDefinition("annotationSecurityAspect$0",
-				aspect.getBeanDefinition());
+		registry.registerBeanDefinition("annotationSecurityAspect$0", aspect.getBeanDefinition());
 	}
 
 }
\ No newline at end of file
diff --git a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfiguration.java
index eb3207f823..244cac59b2 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfiguration.java
@@ -82,24 +82,31 @@ import org.springframework.util.Assert;
  */
 @Configuration(proxyBeanMethods = false)
 @Role(BeanDefinition.ROLE_INFRASTRUCTURE)
-public class GlobalMethodSecurityConfiguration
-		implements ImportAware, SmartInitializingSingleton, BeanFactoryAware {
-	private static final Log logger = LogFactory
-			.getLog(GlobalMethodSecurityConfiguration.class);
+public class GlobalMethodSecurityConfiguration implements ImportAware, SmartInitializingSingleton, BeanFactoryAware {
+
+	private static final Log logger = LogFactory.getLog(GlobalMethodSecurityConfiguration.class);
+
 	private ObjectPostProcessor<Object> objectPostProcessor = new ObjectPostProcessor<Object>() {
 		public <T> T postProcess(T object) {
 			throw new IllegalStateException(ObjectPostProcessor.class.getName()
-					+ " is a required bean. Ensure you have used @"
-					+ EnableGlobalMethodSecurity.class.getName());
+					+ " is a required bean. Ensure you have used @" + EnableGlobalMethodSecurity.class.getName());
 		}
 	};
+
 	private DefaultMethodSecurityExpressionHandler defaultMethodExpressionHandler = new DefaultMethodSecurityExpressionHandler();
+
 	private AuthenticationManager authenticationManager;
+
 	private AuthenticationManagerBuilder auth;
+
 	private boolean disableAuthenticationRegistry;
+
 	private AnnotationAttributes enableMethodSecurity;
+
 	private BeanFactory context;
+
 	private MethodSecurityExpressionHandler expressionHandler;
+
 	private MethodSecurityInterceptor methodSecurityInterceptor;
 
 	/**
@@ -117,19 +124,17 @@ public class GlobalMethodSecurityConfiguration
 	 * Subclasses can override this method to provide a different
 	 * {@link MethodInterceptor}.
 	 * </p>
-	 * @param methodSecurityMetadataSource the default {@link MethodSecurityMetadataSource}.
-	 *
+	 * @param methodSecurityMetadataSource the default
+	 * {@link MethodSecurityMetadataSource}.
 	 * @return the {@link MethodInterceptor}.
 	 */
 	@Bean
 	public MethodInterceptor methodSecurityInterceptor(MethodSecurityMetadataSource methodSecurityMetadataSource) {
-		this.methodSecurityInterceptor = isAspectJ()
-				? new AspectJMethodSecurityInterceptor()
+		this.methodSecurityInterceptor = isAspectJ() ? new AspectJMethodSecurityInterceptor()
 				: new MethodSecurityInterceptor();
 		methodSecurityInterceptor.setAccessDecisionManager(accessDecisionManager());
 		methodSecurityInterceptor.setAfterInvocationManager(afterInvocationManager());
-		methodSecurityInterceptor
-				.setSecurityMetadataSource(methodSecurityMetadataSource);
+		methodSecurityInterceptor.setSecurityMetadataSource(methodSecurityMetadataSource);
 		RunAsManager runAsManager = runAsManager();
 		if (runAsManager != null) {
 			methodSecurityInterceptor.setRunAsManager(runAsManager);
@@ -153,11 +158,9 @@ public class GlobalMethodSecurityConfiguration
 			throw new RuntimeException(e);
 		}
 
-		PermissionEvaluator permissionEvaluator = getSingleBeanOrNull(
-				PermissionEvaluator.class);
+		PermissionEvaluator permissionEvaluator = getSingleBeanOrNull(PermissionEvaluator.class);
 		if (permissionEvaluator != null) {
-			this.defaultMethodExpressionHandler
-					.setPermissionEvaluator(permissionEvaluator);
+			this.defaultMethodExpressionHandler.setPermissionEvaluator(permissionEvaluator);
 		}
 
 		RoleHierarchy roleHierarchy = getSingleBeanOrNull(RoleHierarchy.class);
@@ -165,24 +168,23 @@ public class GlobalMethodSecurityConfiguration
 			this.defaultMethodExpressionHandler.setRoleHierarchy(roleHierarchy);
 		}
 
-		AuthenticationTrustResolver trustResolver = getSingleBeanOrNull(
-				AuthenticationTrustResolver.class);
+		AuthenticationTrustResolver trustResolver = getSingleBeanOrNull(AuthenticationTrustResolver.class);
 		if (trustResolver != null) {
 			this.defaultMethodExpressionHandler.setTrustResolver(trustResolver);
 		}
 
-		GrantedAuthorityDefaults grantedAuthorityDefaults = getSingleBeanOrNull(
-				GrantedAuthorityDefaults.class);
+		GrantedAuthorityDefaults grantedAuthorityDefaults = getSingleBeanOrNull(GrantedAuthorityDefaults.class);
 		if (grantedAuthorityDefaults != null) {
-			this.defaultMethodExpressionHandler.setDefaultRolePrefix(
-					grantedAuthorityDefaults.getRolePrefix());
+			this.defaultMethodExpressionHandler.setDefaultRolePrefix(grantedAuthorityDefaults.getRolePrefix());
 		}
 	}
 
 	private <T> T getSingleBeanOrNull(Class<T> type) {
 		try {
 			return context.getBean(type);
-		} catch (NoSuchBeanDefinitionException e) {}
+		}
+		catch (NoSuchBeanDefinitionException e) {
+		}
 		return null;
 	}
 
@@ -195,14 +197,14 @@ public class GlobalMethodSecurityConfiguration
 
 	/**
 	 * Provide a custom {@link AfterInvocationManager} for the default implementation of
-	 * {@link #methodSecurityInterceptor(MethodSecurityMetadataSource)}. The default is null
-	 * if pre post is not enabled. Otherwise, it returns a {@link AfterInvocationProviderManager}.
+	 * {@link #methodSecurityInterceptor(MethodSecurityMetadataSource)}. The default is
+	 * null if pre post is not enabled. Otherwise, it returns a
+	 * {@link AfterInvocationProviderManager}.
 	 *
 	 * <p>
 	 * Subclasses should override this method to provide a custom
 	 * {@link AfterInvocationManager}
 	 * </p>
-	 *
 	 * @return the {@link AfterInvocationManager} to use
 	 */
 	protected AfterInvocationManager afterInvocationManager() {
@@ -210,8 +212,7 @@ public class GlobalMethodSecurityConfiguration
 			AfterInvocationProviderManager invocationProviderManager = new AfterInvocationProviderManager();
 			ExpressionBasedPostInvocationAdvice postAdvice = new ExpressionBasedPostInvocationAdvice(
 					getExpressionHandler());
-			PostInvocationAdviceProvider postInvocationAdviceProvider = new PostInvocationAdviceProvider(
-					postAdvice);
+			PostInvocationAdviceProvider postInvocationAdviceProvider = new PostInvocationAdviceProvider(postAdvice);
 			List<AfterInvocationProvider> afterInvocationProviders = new ArrayList<>();
 			afterInvocationProviders.add(postInvocationAdviceProvider);
 			invocationProviderManager.setProviders(afterInvocationProviders);
@@ -222,8 +223,8 @@ public class GlobalMethodSecurityConfiguration
 
 	/**
 	 * Provide a custom {@link RunAsManager} for the default implementation of
-	 * {@link #methodSecurityInterceptor(MethodSecurityMetadataSource)}. The default is null.
-	 *
+	 * {@link #methodSecurityInterceptor(MethodSecurityMetadataSource)}. The default is
+	 * null.
 	 * @return the {@link RunAsManager} to use
 	 */
 	protected RunAsManager runAsManager() {
@@ -239,24 +240,20 @@ public class GlobalMethodSecurityConfiguration
 	 * <li>{@link RoleVoter}</li>
 	 * <li>{@link AuthenticatedVoter}</li>
 	 * </ul>
-	 *
 	 * @return the {@link AccessDecisionManager} to use
 	 */
 	protected AccessDecisionManager accessDecisionManager() {
 		List<AccessDecisionVoter<?>> decisionVoters = new ArrayList<>();
 		if (prePostEnabled()) {
-			ExpressionBasedPreInvocationAdvice expressionAdvice =
-					new ExpressionBasedPreInvocationAdvice();
+			ExpressionBasedPreInvocationAdvice expressionAdvice = new ExpressionBasedPreInvocationAdvice();
 			expressionAdvice.setExpressionHandler(getExpressionHandler());
-			decisionVoters
-					.add(new PreInvocationAuthorizationAdviceVoter(expressionAdvice));
+			decisionVoters.add(new PreInvocationAuthorizationAdviceVoter(expressionAdvice));
 		}
 		if (jsr250Enabled()) {
 			decisionVoters.add(new Jsr250Voter());
 		}
 		RoleVoter roleVoter = new RoleVoter();
-		GrantedAuthorityDefaults grantedAuthorityDefaults =
-				getSingleBeanOrNull(GrantedAuthorityDefaults.class);
+		GrantedAuthorityDefaults grantedAuthorityDefaults = getSingleBeanOrNull(GrantedAuthorityDefaults.class);
 		if (grantedAuthorityDefaults != null) {
 			roleVoter.setRolePrefix(grantedAuthorityDefaults.getRolePrefix());
 		}
@@ -275,7 +272,6 @@ public class GlobalMethodSecurityConfiguration
 	 * Subclasses may override this method to provide a custom
 	 * {@link MethodSecurityExpressionHandler}
 	 * </p>
-	 *
 	 * @return the {@link MethodSecurityExpressionHandler} to use
 	 */
 	protected MethodSecurityExpressionHandler createExpressionHandler() {
@@ -285,7 +281,6 @@ public class GlobalMethodSecurityConfiguration
 	/**
 	 * Gets the {@link MethodSecurityExpressionHandler} or creates it using
 	 * {@link #expressionHandler}.
-	 *
 	 * @return a non {@code null} {@link MethodSecurityExpressionHandler}
 	 */
 	protected final MethodSecurityExpressionHandler getExpressionHandler() {
@@ -298,7 +293,6 @@ public class GlobalMethodSecurityConfiguration
 	/**
 	 * Provides a custom {@link MethodSecurityMetadataSource} that is registered with the
 	 * {@link #methodSecurityMetadataSource()}. Default is null.
-	 *
 	 * @return a custom {@link MethodSecurityMetadataSource} that is registered with the
 	 * {@link #methodSecurityMetadataSource()}
 	 */
@@ -312,7 +306,6 @@ public class GlobalMethodSecurityConfiguration
 	 * {@link #configure(AuthenticationManagerBuilder)}. If
 	 * {@link #configure(AuthenticationManagerBuilder)} was not overridden, then an
 	 * {@link AuthenticationManager} is attempted to be autowired by type.
-	 *
 	 * @return the {@link AuthenticationManager} to use
 	 */
 	protected AuthenticationManager authenticationManager() throws Exception {
@@ -323,8 +316,7 @@ public class GlobalMethodSecurityConfiguration
 			auth.authenticationEventPublisher(eventPublisher);
 			configure(auth);
 			if (disableAuthenticationRegistry) {
-				authenticationManager = getAuthenticationConfiguration()
-						.getAuthenticationManager();
+				authenticationManager = getAuthenticationConfiguration().getAuthenticationManager();
 			}
 			else {
 				authenticationManager = auth.build();
@@ -337,7 +329,6 @@ public class GlobalMethodSecurityConfiguration
 	 * Sub classes can override this method to register different types of authentication.
 	 * If not overridden, {@link #configure(AuthenticationManagerBuilder)} will attempt to
 	 * autowire by type.
-	 *
 	 * @param auth the {@link AuthenticationManagerBuilder} used to register different
 	 * authentication mechanisms for the global method security.
 	 * @throws Exception
@@ -351,7 +342,6 @@ public class GlobalMethodSecurityConfiguration
 	 * creates a {@link DelegatingMethodSecurityMetadataSource} based upon
 	 * {@link #customMethodSecurityMetadataSource()} and the attributes on
 	 * {@link EnableGlobalMethodSecurity}.
-	 *
 	 * @return the {@link MethodSecurityMetadataSource}
 	 */
 	@Bean
@@ -370,8 +360,8 @@ public class GlobalMethodSecurityConfiguration
 		boolean isJsr250Enabled = jsr250Enabled();
 
 		if (!isPrePostEnabled && !isSecuredEnabled && !isJsr250Enabled && !hasCustom) {
-			throw new IllegalStateException("In the composition of all global method configuration, " +
-					"no annotation support was actually activated");
+			throw new IllegalStateException("In the composition of all global method configuration, "
+					+ "no annotation support was actually activated");
 		}
 
 		if (isPrePostEnabled) {
@@ -381,12 +371,11 @@ public class GlobalMethodSecurityConfiguration
 			sources.add(new SecuredAnnotationSecurityMetadataSource());
 		}
 		if (isJsr250Enabled) {
-			GrantedAuthorityDefaults grantedAuthorityDefaults =
-					getSingleBeanOrNull(GrantedAuthorityDefaults.class);
-			Jsr250MethodSecurityMetadataSource jsr250MethodSecurityMetadataSource = this.context.getBean(Jsr250MethodSecurityMetadataSource.class);
+			GrantedAuthorityDefaults grantedAuthorityDefaults = getSingleBeanOrNull(GrantedAuthorityDefaults.class);
+			Jsr250MethodSecurityMetadataSource jsr250MethodSecurityMetadataSource = this.context
+					.getBean(Jsr250MethodSecurityMetadataSource.class);
 			if (grantedAuthorityDefaults != null) {
-				jsr250MethodSecurityMetadataSource.setDefaultRolePrefix(
-						grantedAuthorityDefaults.getRolePrefix());
+				jsr250MethodSecurityMetadataSource.setDefaultRolePrefix(grantedAuthorityDefaults.getRolePrefix());
 			}
 			sources.add(jsr250MethodSecurityMetadataSource);
 		}
@@ -396,7 +385,6 @@ public class GlobalMethodSecurityConfiguration
 	/**
 	 * Creates the {@link PreInvocationAuthorizationAdvice} to be used. The default is
 	 * {@link ExpressionBasedPreInvocationAdvice}.
-	 *
 	 * @return the {@link PreInvocationAuthorizationAdvice}
 	 */
 	@Bean
@@ -419,16 +407,13 @@ public class GlobalMethodSecurityConfiguration
 	@Autowired(required = false)
 	public void setObjectPostProcessor(ObjectPostProcessor<Object> objectPostProcessor) {
 		this.objectPostProcessor = objectPostProcessor;
-		this.defaultMethodExpressionHandler = objectPostProcessor
-				.postProcess(defaultMethodExpressionHandler);
+		this.defaultMethodExpressionHandler = objectPostProcessor.postProcess(defaultMethodExpressionHandler);
 	}
 
 	@Autowired(required = false)
-	public void setMethodSecurityExpressionHandler(
-			List<MethodSecurityExpressionHandler> handlers) {
+	public void setMethodSecurityExpressionHandler(List<MethodSecurityExpressionHandler> handlers) {
 		if (handlers.size() != 1) {
-			logger.debug("Not autowiring MethodSecurityExpressionHandler since size != 1. Got "
-					+ handlers);
+			logger.debug("Not autowiring MethodSecurityExpressionHandler since size != 1. Got " + handlers);
 			return;
 		}
 		this.expressionHandler = handlers.get(0);
@@ -466,14 +451,13 @@ public class GlobalMethodSecurityConfiguration
 	private AnnotationAttributes enableMethodSecurity() {
 		if (enableMethodSecurity == null) {
 			// if it is null look at this instance (i.e. a subclass was used)
-			EnableGlobalMethodSecurity methodSecurityAnnotation = AnnotationUtils
-					.findAnnotation(getClass(), EnableGlobalMethodSecurity.class);
-			Assert.notNull(methodSecurityAnnotation,
-					() -> EnableGlobalMethodSecurity.class.getName() + " is required");
-			Map<String, Object> methodSecurityAttrs = AnnotationUtils
-					.getAnnotationAttributes(methodSecurityAnnotation);
+			EnableGlobalMethodSecurity methodSecurityAnnotation = AnnotationUtils.findAnnotation(getClass(),
+					EnableGlobalMethodSecurity.class);
+			Assert.notNull(methodSecurityAnnotation, () -> EnableGlobalMethodSecurity.class.getName() + " is required");
+			Map<String, Object> methodSecurityAttrs = AnnotationUtils.getAnnotationAttributes(methodSecurityAnnotation);
 			this.enableMethodSecurity = AnnotationAttributes.fromMap(methodSecurityAttrs);
 		}
 		return this.enableMethodSecurity;
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecuritySelector.java b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecuritySelector.java
index 1ffa8256a2..da6bf1537f 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecuritySelector.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecuritySelector.java
@@ -38,26 +38,22 @@ final class GlobalMethodSecuritySelector implements ImportSelector {
 
 	public String[] selectImports(AnnotationMetadata importingClassMetadata) {
 		Class<EnableGlobalMethodSecurity> annoType = EnableGlobalMethodSecurity.class;
-		Map<String, Object> annotationAttributes = importingClassMetadata
-				.getAnnotationAttributes(annoType.getName(), false);
-		AnnotationAttributes attributes = AnnotationAttributes
-				.fromMap(annotationAttributes);
-		Assert.notNull(attributes, () -> String.format(
-				"@%s is not present on importing class '%s' as expected",
+		Map<String, Object> annotationAttributes = importingClassMetadata.getAnnotationAttributes(annoType.getName(),
+				false);
+		AnnotationAttributes attributes = AnnotationAttributes.fromMap(annotationAttributes);
+		Assert.notNull(attributes, () -> String.format("@%s is not present on importing class '%s' as expected",
 				annoType.getSimpleName(), importingClassMetadata.getClassName()));
 
 		// TODO would be nice if could use BeanClassLoaderAware (does not work)
-		Class<?> importingClass = ClassUtils
-				.resolveClassName(importingClassMetadata.getClassName(),
-						ClassUtils.getDefaultClassLoader());
+		Class<?> importingClass = ClassUtils.resolveClassName(importingClassMetadata.getClassName(),
+				ClassUtils.getDefaultClassLoader());
 		boolean skipMethodSecurityConfiguration = GlobalMethodSecurityConfiguration.class
 				.isAssignableFrom(importingClass);
 
 		AdviceMode mode = attributes.getEnum("mode");
 		boolean isProxy = AdviceMode.PROXY == mode;
-		String autoProxyClassName = isProxy ? AutoProxyRegistrar.class
-				.getName() : GlobalMethodSecurityAspectJAutoProxyRegistrar.class
-				.getName();
+		String autoProxyClassName = isProxy ? AutoProxyRegistrar.class.getName()
+				: GlobalMethodSecurityAspectJAutoProxyRegistrar.class.getName();
 
 		boolean jsr250Enabled = attributes.getBoolean("jsr250Enabled");
 
@@ -78,4 +74,5 @@ final class GlobalMethodSecuritySelector implements ImportSelector {
 
 		return classNames.toArray(new String[0]);
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/Jsr250MetadataSourceConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/Jsr250MetadataSourceConfiguration.java
index 5c98bf48fe..b2b534d0aa 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/Jsr250MetadataSourceConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/Jsr250MetadataSourceConfiguration.java
@@ -30,4 +30,5 @@ class Jsr250MetadataSourceConfiguration {
 	public Jsr250MethodSecurityMetadataSource jsr250MethodSecurityMetadataSource() {
 		return new Jsr250MethodSecurityMetadataSource();
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/MethodSecurityMetadataSourceAdvisorRegistrar.java b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/MethodSecurityMetadataSourceAdvisorRegistrar.java
index 8ef8f1e4af..a000487b95 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/MethodSecurityMetadataSourceAdvisorRegistrar.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/MethodSecurityMetadataSourceAdvisorRegistrar.java
@@ -24,24 +24,22 @@ import org.springframework.security.access.intercept.aopalliance.MethodSecurityM
 import org.springframework.util.MultiValueMap;
 
 /**
- * Creates Spring Security's MethodSecurityMetadataSourceAdvisor only when
- * using proxy based method security (i.e. do not do it when using ASPECTJ).
- * The conditional logic is controlled through {@link GlobalMethodSecuritySelector}.
+ * Creates Spring Security's MethodSecurityMetadataSourceAdvisor only when using proxy
+ * based method security (i.e. do not do it when using ASPECTJ). The conditional logic is
+ * controlled through {@link GlobalMethodSecuritySelector}.
  *
  * @author Rob Winch
  * @since 4.0.2
  * @see GlobalMethodSecuritySelector
  */
-class MethodSecurityMetadataSourceAdvisorRegistrar implements
-		ImportBeanDefinitionRegistrar {
+class MethodSecurityMetadataSourceAdvisorRegistrar implements ImportBeanDefinitionRegistrar {
 
 	/**
 	 * Register, escalate, and configure the AspectJ auto proxy creator based on the value
 	 * of the @{@link EnableGlobalMethodSecurity#proxyTargetClass()} attribute on the
 	 * importing {@code @Configuration} class.
 	 */
-	public void registerBeanDefinitions(AnnotationMetadata importingClassMetadata,
-			BeanDefinitionRegistry registry) {
+	public void registerBeanDefinitions(AnnotationMetadata importingClassMetadata, BeanDefinitionRegistry registry) {
 
 		BeanDefinitionBuilder advisor = BeanDefinitionBuilder
 				.rootBeanDefinition(MethodSecurityMetadataSourceAdvisor.class);
@@ -50,13 +48,14 @@ class MethodSecurityMetadataSourceAdvisorRegistrar implements
 		advisor.addConstructorArgReference("methodSecurityMetadataSource");
 		advisor.addConstructorArgValue("methodSecurityMetadataSource");
 
-		MultiValueMap<String, Object> attributes = importingClassMetadata.getAllAnnotationAttributes(EnableGlobalMethodSecurity.class.getName());
+		MultiValueMap<String, Object> attributes = importingClassMetadata
+				.getAllAnnotationAttributes(EnableGlobalMethodSecurity.class.getName());
 		Integer order = (Integer) attributes.getFirst("order");
 		if (order != null) {
 			advisor.addPropertyValue("order", order);
 		}
 
-		registry.registerBeanDefinition("metaDataSourceAdvisor",
-				advisor.getBeanDefinition());
+		registry.registerBeanDefinition("metaDataSourceAdvisor", advisor.getBeanDefinition());
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecurityConfiguration.java
index b1ba9ae5d8..ab77dab8af 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecurityConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecurityConfiguration.java
@@ -40,6 +40,7 @@ import java.util.Arrays;
  */
 @Configuration(proxyBeanMethods = false)
 class ReactiveMethodSecurityConfiguration implements ImportAware {
+
 	private int advisorOrder;
 
 	private GrantedAuthorityDefaults grantedAuthorityDefaults;
@@ -48,26 +49,27 @@ class ReactiveMethodSecurityConfiguration implements ImportAware {
 	@Role(BeanDefinition.ROLE_INFRASTRUCTURE)
 	public MethodSecurityMetadataSourceAdvisor methodSecurityInterceptor(AbstractMethodSecurityMetadataSource source) {
 		MethodSecurityMetadataSourceAdvisor advisor = new MethodSecurityMetadataSourceAdvisor(
-			"securityMethodInterceptor", source, "methodMetadataSource");
+				"securityMethodInterceptor", source, "methodMetadataSource");
 		advisor.setOrder(advisorOrder);
 		return advisor;
 	}
 
 	@Bean
 	@Role(BeanDefinition.ROLE_INFRASTRUCTURE)
-	public DelegatingMethodSecurityMetadataSource methodMetadataSource(MethodSecurityExpressionHandler methodSecurityExpressionHandler) {
+	public DelegatingMethodSecurityMetadataSource methodMetadataSource(
+			MethodSecurityExpressionHandler methodSecurityExpressionHandler) {
 		ExpressionBasedAnnotationAttributeFactory attributeFactory = new ExpressionBasedAnnotationAttributeFactory(
 				methodSecurityExpressionHandler);
 		PrePostAnnotationSecurityMetadataSource prePostSource = new PrePostAnnotationSecurityMetadataSource(
-			attributeFactory);
+				attributeFactory);
 		return new DelegatingMethodSecurityMetadataSource(Arrays.asList(prePostSource));
 	}
 
 	@Bean
-	public PrePostAdviceReactiveMethodInterceptor securityMethodInterceptor(AbstractMethodSecurityMetadataSource source, MethodSecurityExpressionHandler handler) {
+	public PrePostAdviceReactiveMethodInterceptor securityMethodInterceptor(AbstractMethodSecurityMetadataSource source,
+			MethodSecurityExpressionHandler handler) {
 
-		ExpressionBasedPostInvocationAdvice postAdvice = new ExpressionBasedPostInvocationAdvice(
-				handler);
+		ExpressionBasedPostInvocationAdvice postAdvice = new ExpressionBasedPostInvocationAdvice(handler);
 		ExpressionBasedPreInvocationAdvice preAdvice = new ExpressionBasedPreInvocationAdvice();
 		preAdvice.setExpressionHandler(handler);
 
@@ -86,7 +88,8 @@ class ReactiveMethodSecurityConfiguration implements ImportAware {
 
 	@Override
 	public void setImportMetadata(AnnotationMetadata importMetadata) {
-		this.advisorOrder = (int) importMetadata.getAnnotationAttributes(EnableReactiveMethodSecurity.class.getName()).get("order");
+		this.advisorOrder = (int) importMetadata.getAnnotationAttributes(EnableReactiveMethodSecurity.class.getName())
+				.get("order");
 	}
 
 	@Autowired(required = false)
diff --git a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecuritySelector.java b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecuritySelector.java
index 612432215e..43b7fd85a8 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecuritySelector.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecuritySelector.java
@@ -27,22 +27,23 @@ import java.util.List;
  * @author Rob Winch
  * @since 5.0
  */
-class ReactiveMethodSecuritySelector extends
-	AdviceModeImportSelector<EnableReactiveMethodSecurity> {
+class ReactiveMethodSecuritySelector extends AdviceModeImportSelector<EnableReactiveMethodSecurity> {
 
 	@Override
 	protected String[] selectImports(AdviceMode adviceMode) {
 		switch (adviceMode) {
-			case PROXY:
-				return getProxyImports();
-			default:
-				throw new IllegalStateException("AdviceMode " + adviceMode + " is not supported");
+		case PROXY:
+			return getProxyImports();
+		default:
+			throw new IllegalStateException("AdviceMode " + adviceMode + " is not supported");
 		}
 	}
 
 	/**
-	 * Return the imports to use if the {@link AdviceMode} is set to {@link AdviceMode#PROXY}.
-	 * <p>Take care of adding the necessary JSR-107 import if it is available.
+	 * Return the imports to use if the {@link AdviceMode} is set to
+	 * {@link AdviceMode#PROXY}.
+	 * <p>
+	 * Take care of adding the necessary JSR-107 import if it is available.
 	 */
 	private String[] getProxyImports() {
 		List<String> result = new ArrayList<>();
@@ -50,4 +51,5 @@ class ReactiveMethodSecuritySelector extends
 		result.add(ReactiveMethodSecurityConfiguration.class.getName());
 		return result.toArray(new String[0]);
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/rsocket/EnableRSocketSecurity.java b/config/src/main/java/org/springframework/security/config/annotation/rsocket/EnableRSocketSecurity.java
index 440186090f..a44636e121 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/rsocket/EnableRSocketSecurity.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/rsocket/EnableRSocketSecurity.java
@@ -36,4 +36,6 @@ import java.lang.annotation.Target;
 @Target(ElementType.TYPE)
 @Retention(RetentionPolicy.RUNTIME)
 @Import({ RSocketSecurityConfiguration.class, SecuritySocketAcceptorInterceptorConfiguration.class })
-public @interface EnableRSocketSecurity { }
+public @interface EnableRSocketSecurity {
+
+}
diff --git a/config/src/main/java/org/springframework/security/config/annotation/rsocket/PayloadInterceptorOrder.java b/config/src/main/java/org/springframework/security/config/annotation/rsocket/PayloadInterceptorOrder.java
index eba69bd9c5..f21d5b71eb 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/rsocket/PayloadInterceptorOrder.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/rsocket/PayloadInterceptorOrder.java
@@ -21,14 +21,15 @@ import org.springframework.security.config.Customizer;
 import org.springframework.security.rsocket.api.PayloadInterceptor;
 
 /**
- * The standard order for {@link PayloadInterceptor} to be
- * sorted. The actual values might change, so users should use the {@link #getOrder()} method to
- * calculate the position dynamically rather than copy values.
+ * The standard order for {@link PayloadInterceptor} to be sorted. The actual values might
+ * change, so users should use the {@link #getOrder()} method to calculate the position
+ * dynamically rather than copy values.
  *
  * @author Rob Winch
  * @since 5.2
  */
 public enum PayloadInterceptorOrder implements Ordered {
+
 	/**
 	 * Where basic authentication is placed.
 	 * @see RSocketSecurity#basicAuthentication(Customizer)
@@ -65,4 +66,5 @@ public enum PayloadInterceptorOrder implements Ordered {
 	public int getOrder() {
 		return this.order;
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/rsocket/RSocketSecurity.java b/config/src/main/java/org/springframework/security/config/annotation/rsocket/RSocketSecurity.java
index d36acdbc44..1428f0015a 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/rsocket/RSocketSecurity.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/rsocket/RSocketSecurity.java
@@ -99,6 +99,7 @@ import java.util.List;
  *     }
  * }
  * </pre>
+ *
  * @author Rob Winch
  * @author Jesús Ascama Arias
  * @author Luis Felipe Vega
@@ -123,12 +124,12 @@ public class RSocketSecurity {
 	private ReactiveAuthenticationManager authenticationManager;
 
 	/**
-	 * Adds a {@link PayloadInterceptor} to be used. This is typically only used
-	 * when using the DSL does not meet a users needs. In order to ensure the
-	 * {@link PayloadInterceptor} is done in the proper order the {@link PayloadInterceptor} should
-	 * either implement {@link org.springframework.core.Ordered} or be annotated with
+	 * Adds a {@link PayloadInterceptor} to be used. This is typically only used when
+	 * using the DSL does not meet a users needs. In order to ensure the
+	 * {@link PayloadInterceptor} is done in the proper order the
+	 * {@link PayloadInterceptor} should either implement
+	 * {@link org.springframework.core.Ordered} or be annotated with
 	 * {@link org.springframework.core.annotation.Order}.
-	 *
 	 * @param interceptor
 	 * @return the builder for additional customizations
 	 * @see PayloadInterceptorOrder
@@ -144,8 +145,9 @@ public class RSocketSecurity {
 	}
 
 	/**
-	 * Adds support for validating a username and password using
-	 * <a href="https://github.com/rsocket/rsocket/blob/5920ed374d008abb712cb1fd7c9d91778b2f4a68/Extensions/Security/Simple.md">Simple Authentication</a>
+	 * Adds support for validating a username and password using <a href=
+	 * "https://github.com/rsocket/rsocket/blob/5920ed374d008abb712cb1fd7c9d91778b2f4a68/Extensions/Security/Simple.md">Simple
+	 * Authentication</a>
 	 * @param simple a customizer
 	 * @return RSocketSecurity for additional configuration
 	 * @since 5.3
@@ -162,6 +164,7 @@ public class RSocketSecurity {
 	 * @since 5.3
 	 */
 	public class SimpleAuthenticationSpec {
+
 		private ReactiveAuthenticationManager authenticationManager;
 
 		public SimpleAuthenticationSpec authenticationManager(ReactiveAuthenticationManager authenticationManager) {
@@ -184,12 +187,13 @@ public class RSocketSecurity {
 			return result;
 		}
 
-		private SimpleAuthenticationSpec() {}
+		private SimpleAuthenticationSpec() {
+		}
+
 	}
 
 	/**
 	 * Adds authentication with BasicAuthenticationPayloadExchangeConverter.
-	 *
 	 * @param basic
 	 * @return
 	 * @deprecated Use {@link #simpleAuthentication(Customizer)}
@@ -204,6 +208,7 @@ public class RSocketSecurity {
 	}
 
 	public class BasicAuthenticationSpec {
+
 		private ReactiveAuthenticationManager authenticationManager;
 
 		public BasicAuthenticationSpec authenticationManager(ReactiveAuthenticationManager authenticationManager) {
@@ -225,7 +230,9 @@ public class RSocketSecurity {
 			return result;
 		}
 
-		private BasicAuthenticationSpec() {}
+		private BasicAuthenticationSpec() {
+		}
+
 	}
 
 	public RSocketSecurity jwt(Customizer<JwtSpec> jwt) {
@@ -237,6 +244,7 @@ public class RSocketSecurity {
 	}
 
 	public class JwtSpec {
+
 		private ReactiveAuthenticationManager authenticationManager;
 
 		public JwtSpec authenticationManager(ReactiveAuthenticationManager authenticationManager) {
@@ -269,7 +277,9 @@ public class RSocketSecurity {
 			return Arrays.asList(standard, legacy);
 		}
 
-		private JwtSpec() {}
+		private JwtSpec() {
+		}
+
 	}
 
 	public RSocketSecurity authorizePayload(Customizer<AuthorizePayloadsSpec> authorize) {
@@ -281,8 +291,7 @@ public class RSocketSecurity {
 	}
 
 	public PayloadSocketAcceptorInterceptor build() {
-		PayloadSocketAcceptorInterceptor interceptor = new PayloadSocketAcceptorInterceptor(
-				payloadInterceptors());
+		PayloadSocketAcceptorInterceptor interceptor = new PayloadSocketAcceptorInterceptor(payloadInterceptors());
 		RSocketMessageHandler handler = getBean(RSocketMessageHandler.class);
 		interceptor.setDefaultDataMimeType(handler.getDefaultDataMimeType());
 		interceptor.setDefaultMetadataMimeType(handler.getDefaultMetadataMimeType());
@@ -318,16 +327,17 @@ public class RSocketSecurity {
 
 	public class AuthorizePayloadsSpec {
 
-		private PayloadExchangeMatcherReactiveAuthorizationManager.Builder authzBuilder =
-				PayloadExchangeMatcherReactiveAuthorizationManager.builder();
+		private PayloadExchangeMatcherReactiveAuthorizationManager.Builder authzBuilder = PayloadExchangeMatcherReactiveAuthorizationManager
+				.builder();
 
 		public Access setup() {
 			return matcher(PayloadExchangeMatchers.setup());
 		}
 
 		/**
-		 * Matches if {@link org.springframework.security.rsocket.api.PayloadExchangeType#isRequest()} is true, else
-		 * not a match
+		 * Matches if
+		 * {@link org.springframework.security.rsocket.api.PayloadExchangeType#isRequest()}
+		 * is true, else not a match
 		 * @return the Access to set up the authorization rule.
 		 */
 		public Access anyRequest() {
@@ -350,10 +360,8 @@ public class RSocketSecurity {
 
 		public Access route(String pattern) {
 			RSocketMessageHandler handler = getBean(RSocketMessageHandler.class);
-			PayloadExchangeMatcher matcher = new RoutePayloadExchangeMatcher(
-					handler.getMetadataExtractor(),
-					handler.getRouteMatcher(),
-					pattern);
+			PayloadExchangeMatcher matcher = new RoutePayloadExchangeMatcher(handler.getMetadataExtractor(),
+					handler.getRouteMatcher(), pattern);
 			return matcher(matcher);
 		}
 
@@ -386,8 +394,7 @@ public class RSocketSecurity {
 			}
 
 			public AuthorizePayloadsSpec permitAll() {
-				return access((a, ctx) -> Mono
-						.just(new AuthorizationDecision(true)));
+				return access((a, ctx) -> Mono.just(new AuthorizationDecision(true)));
 			}
 
 			public AuthorizePayloadsSpec hasAnyAuthority(String... authorities) {
@@ -396,15 +403,17 @@ public class RSocketSecurity {
 
 			public AuthorizePayloadsSpec access(
 					ReactiveAuthorizationManager<PayloadExchangeAuthorizationContext> authorization) {
-				AuthorizePayloadsSpec.this.authzBuilder.add(new PayloadExchangeMatcherEntry<>(this.matcher, authorization));
+				AuthorizePayloadsSpec.this.authzBuilder
+						.add(new PayloadExchangeMatcherEntry<>(this.matcher, authorization));
 				return AuthorizePayloadsSpec.this;
 			}
 
 			public AuthorizePayloadsSpec denyAll() {
-				return access((a, ctx) -> Mono
-						.just(new AuthorizationDecision(false)));
+				return access((a, ctx) -> Mono.just(new AuthorizationDecision(false)));
 			}
+
 		}
+
 	}
 
 	private <T> T getBean(Class<T> beanClass) {
@@ -422,15 +431,15 @@ public class RSocketSecurity {
 		if (this.context == null) {
 			return null;
 		}
-		String[] names =  this.context.getBeanNamesForType(type);
+		String[] names = this.context.getBeanNamesForType(type);
 		if (names.length == 1) {
 			return (T) this.context.getBean(names[0]);
 		}
 		return null;
 	}
 
-	protected void setApplicationContext(ApplicationContext applicationContext)
-			throws BeansException {
+	protected void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
 		this.context = applicationContext;
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/rsocket/RSocketSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/rsocket/RSocketSecurityConfiguration.java
index fdf9bd31bc..9e6cfcb73d 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/rsocket/RSocketSecurityConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/rsocket/RSocketSecurityConfiguration.java
@@ -34,6 +34,7 @@ import org.springframework.security.crypto.password.PasswordEncoder;
 class RSocketSecurityConfiguration {
 
 	private static final String BEAN_NAME_PREFIX = "org.springframework.security.config.annotation.rsocket.RSocketSecurityConfiguration.";
+
 	private static final String RSOCKET_SECURITY_BEAN_NAME = BEAN_NAME_PREFIX + "rsocketSecurity";
 
 	private ReactiveAuthenticationManager authenticationManager;
@@ -43,8 +44,7 @@ class RSocketSecurityConfiguration {
 	private PasswordEncoder passwordEncoder;
 
 	@Autowired(required = false)
-	void setAuthenticationManager(
-			ReactiveAuthenticationManager authenticationManager) {
+	void setAuthenticationManager(ReactiveAuthenticationManager authenticationManager) {
 		this.authenticationManager = authenticationManager;
 	}
 
@@ -61,8 +61,7 @@ class RSocketSecurityConfiguration {
 	@Bean(name = RSOCKET_SECURITY_BEAN_NAME)
 	@Scope("prototype")
 	public RSocketSecurity rsocketSecurity(ApplicationContext context) {
-		RSocketSecurity security = new RSocketSecurity()
-			.authenticationManager(authenticationManager());
+		RSocketSecurity security = new RSocketSecurity().authenticationManager(authenticationManager());
 		security.setApplicationContext(context);
 		return security;
 	}
@@ -72,8 +71,8 @@ class RSocketSecurityConfiguration {
 			return this.authenticationManager;
 		}
 		if (this.reactiveUserDetailsService != null) {
-			UserDetailsRepositoryReactiveAuthenticationManager manager =
-					new UserDetailsRepositoryReactiveAuthenticationManager(this.reactiveUserDetailsService);
+			UserDetailsRepositoryReactiveAuthenticationManager manager = new UserDetailsRepositoryReactiveAuthenticationManager(
+					this.reactiveUserDetailsService);
 			if (this.passwordEncoder != null) {
 				manager.setPasswordEncoder(this.passwordEncoder);
 			}
@@ -81,4 +80,5 @@ class RSocketSecurityConfiguration {
 		}
 		return null;
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/rsocket/SecuritySocketAcceptorInterceptorConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/rsocket/SecuritySocketAcceptorInterceptorConfiguration.java
index cdd007d61e..57804f171f 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/rsocket/SecuritySocketAcceptorInterceptorConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/rsocket/SecuritySocketAcceptorInterceptorConfiguration.java
@@ -31,29 +31,25 @@ import org.springframework.security.rsocket.util.matcher.PayloadExchangeMatcher.
  */
 @Configuration(proxyBeanMethods = false)
 class SecuritySocketAcceptorInterceptorConfiguration {
+
 	@Bean
 	SecuritySocketAcceptorInterceptor securitySocketAcceptorInterceptor(
-			ObjectProvider<PayloadSocketAcceptorInterceptor> rsocketInterceptor, ObjectProvider<RSocketSecurity> rsocketSecurity) {
+			ObjectProvider<PayloadSocketAcceptorInterceptor> rsocketInterceptor,
+			ObjectProvider<RSocketSecurity> rsocketSecurity) {
 		PayloadSocketAcceptorInterceptor delegate = rsocketInterceptor
 				.getIfAvailable(() -> defaultInterceptor(rsocketSecurity));
 		return new SecuritySocketAcceptorInterceptor(delegate);
 	}
 
-	private PayloadSocketAcceptorInterceptor defaultInterceptor(
-			ObjectProvider<RSocketSecurity> rsocketSecurity) {
+	private PayloadSocketAcceptorInterceptor defaultInterceptor(ObjectProvider<RSocketSecurity> rsocketSecurity) {
 		RSocketSecurity rsocket = rsocketSecurity.getIfAvailable();
 		if (rsocket == null) {
 			throw new NoSuchBeanDefinitionException("No RSocketSecurity defined");
 		}
-		rsocket
-			.basicAuthentication(Customizer.withDefaults())
-			.simpleAuthentication(Customizer.withDefaults())
-			.authorizePayload(authz ->
-				authz
-					.setup().authenticated()
-					.anyRequest().authenticated()
-					.matcher(e -> MatchResult.match()).permitAll()
-			);
+		rsocket.basicAuthentication(Customizer.withDefaults()).simpleAuthentication(Customizer.withDefaults())
+				.authorizePayload(authz -> authz.setup().authenticated().anyRequest().authenticated()
+						.matcher(e -> MatchResult.match()).permitAll());
 		return rsocket.build();
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistry.java b/config/src/main/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistry.java
index 268c0e4a54..01956cfe07 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistry.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistry.java
@@ -36,14 +36,13 @@ import java.util.List;
  * A base class for registering {@link RequestMatcher}'s. For example, it might allow for
  * specifying which {@link RequestMatcher} require a certain level of authorization.
  *
- *
  * @param <C> The object that is returned or Chained after creating the RequestMatcher
- *
  * @author Rob Winch
  * @author Ankur Pathak
  * @since 3.2
  */
 public abstract class AbstractRequestMatcherRegistry<C> {
+
 	private static final String HANDLER_MAPPING_INTROSPECTOR_BEAN_NAME = "mvcHandlerMappingIntrospector";
 
 	private static final RequestMatcher ANY_REQUEST = AnyRequestMatcher.INSTANCE;
@@ -58,7 +57,6 @@ public abstract class AbstractRequestMatcherRegistry<C> {
 
 	/**
 	 * Gets the {@link ApplicationContext}
-	 *
 	 * @return the {@link ApplicationContext}
 	 */
 	protected final ApplicationContext getApplicationContext() {
@@ -67,7 +65,6 @@ public abstract class AbstractRequestMatcherRegistry<C> {
 
 	/**
 	 * Maps any request.
-	 *
 	 * @return the object that is chained after creating the {@link RequestMatcher}
 	 */
 	public C anyRequest() {
@@ -81,10 +78,7 @@ public abstract class AbstractRequestMatcherRegistry<C> {
 	 * Maps a {@link List} of
 	 * {@link org.springframework.security.web.util.matcher.AntPathRequestMatcher}
 	 * instances.
-	 *
-	 * @param method the {@link HttpMethod} to use for any
-	 * {@link HttpMethod}.
-	 *
+	 * @param method the {@link HttpMethod} to use for any {@link HttpMethod}.
 	 * @return the object that is chained after creating the {@link RequestMatcher}
 	 */
 	public C antMatchers(HttpMethod method) {
@@ -95,12 +89,11 @@ public abstract class AbstractRequestMatcherRegistry<C> {
 	 * Maps a {@link List} of
 	 * {@link org.springframework.security.web.util.matcher.AntPathRequestMatcher}
 	 * instances.
-	 *
 	 * @param method the {@link HttpMethod} to use or {@code null} for any
 	 * {@link HttpMethod}.
-	 * @param antPatterns the ant patterns to create. If {@code null} or empty, then matches on nothing.
+	 * @param antPatterns the ant patterns to create. If {@code null} or empty, then
+	 * matches on nothing.
 	 * {@link org.springframework.security.web.util.matcher.AntPathRequestMatcher} from
-	 *
 	 * @return the object that is chained after creating the {@link RequestMatcher}
 	 */
 	public C antMatchers(HttpMethod method, String... antPatterns) {
@@ -112,10 +105,8 @@ public abstract class AbstractRequestMatcherRegistry<C> {
 	 * Maps a {@link List} of
 	 * {@link org.springframework.security.web.util.matcher.AntPathRequestMatcher}
 	 * instances that do not care which {@link HttpMethod} is used.
-	 *
 	 * @param antPatterns the ant patterns to create
 	 * {@link org.springframework.security.web.util.matcher.AntPathRequestMatcher} from
-	 *
 	 * @return the object that is chained after creating the {@link RequestMatcher}
 	 */
 	public C antMatchers(String... antPatterns) {
@@ -134,7 +125,6 @@ public abstract class AbstractRequestMatcherRegistry<C> {
 	 * If the current request will not be processed by Spring MVC, a reasonable default
 	 * using the pattern as a ant pattern will be used.
 	 * </p>
-	 *
 	 * @param mvcPatterns the patterns to match on. The rules for matching are defined by
 	 * Spring MVC
 	 * @return the object that is chained after creating the {@link RequestMatcher}.
@@ -152,7 +142,6 @@ public abstract class AbstractRequestMatcherRegistry<C> {
 	 * If the current request will not be processed by Spring MVC, a reasonable default
 	 * using the pattern as a ant pattern will be used.
 	 * </p>
-	 *
 	 * @param method the HTTP method to match on
 	 * @param mvcPatterns the patterns to match on. The rules for matching are defined by
 	 * Spring MVC
@@ -162,23 +151,21 @@ public abstract class AbstractRequestMatcherRegistry<C> {
 
 	/**
 	 * Creates {@link MvcRequestMatcher} instances for the method and patterns passed in
-	 *
 	 * @param method the HTTP method to use or null if any should be used
 	 * @param mvcPatterns the Spring MVC patterns to match on
 	 * @return a List of {@link MvcRequestMatcher} instances
 	 */
-	protected final List<MvcRequestMatcher> createMvcMatchers(HttpMethod method,
-			String... mvcPatterns) {
+	protected final List<MvcRequestMatcher> createMvcMatchers(HttpMethod method, String... mvcPatterns) {
 		Assert.state(!this.anyRequestConfigured, "Can't configure mvcMatchers after anyRequest");
 		ObjectPostProcessor<Object> opp = this.context.getBean(ObjectPostProcessor.class);
 		if (!this.context.containsBean(HANDLER_MAPPING_INTROSPECTOR_BEAN_NAME)) {
-			throw new NoSuchBeanDefinitionException("A Bean named " + HANDLER_MAPPING_INTROSPECTOR_BEAN_NAME +" of type " + HandlerMappingIntrospector.class.getName()
-				+ " is required to use MvcRequestMatcher. Please ensure Spring Security & Spring MVC are configured in a shared ApplicationContext.");
+			throw new NoSuchBeanDefinitionException("A Bean named " + HANDLER_MAPPING_INTROSPECTOR_BEAN_NAME
+					+ " of type " + HandlerMappingIntrospector.class.getName()
+					+ " is required to use MvcRequestMatcher. Please ensure Spring Security & Spring MVC are configured in a shared ApplicationContext.");
 		}
 		HandlerMappingIntrospector introspector = this.context.getBean(HANDLER_MAPPING_INTROSPECTOR_BEAN_NAME,
-			HandlerMappingIntrospector.class);
-		List<MvcRequestMatcher> matchers = new ArrayList<>(
-				mvcPatterns.length);
+				HandlerMappingIntrospector.class);
+		List<MvcRequestMatcher> matchers = new ArrayList<>(mvcPatterns.length);
 		for (String mvcPattern : mvcPatterns) {
 			MvcRequestMatcher matcher = new MvcRequestMatcher(introspector, mvcPattern);
 			opp.postProcess(matcher);
@@ -195,12 +182,10 @@ public abstract class AbstractRequestMatcherRegistry<C> {
 	 * Maps a {@link List} of
 	 * {@link org.springframework.security.web.util.matcher.RegexRequestMatcher}
 	 * instances.
-	 *
 	 * @param method the {@link HttpMethod} to use or {@code null} for any
 	 * {@link HttpMethod}.
 	 * @param regexPatterns the regular expressions to create
 	 * {@link org.springframework.security.web.util.matcher.RegexRequestMatcher} from
-	 *
 	 * @return the object that is chained after creating the {@link RequestMatcher}
 	 */
 	public C regexMatchers(HttpMethod method, String... regexPatterns) {
@@ -212,10 +197,8 @@ public abstract class AbstractRequestMatcherRegistry<C> {
 	 * Create a {@link List} of
 	 * {@link org.springframework.security.web.util.matcher.RegexRequestMatcher} instances
 	 * that do not specify an {@link HttpMethod}.
-	 *
 	 * @param regexPatterns the regular expressions to create
 	 * {@link org.springframework.security.web.util.matcher.RegexRequestMatcher} from
-	 *
 	 * @return the object that is chained after creating the {@link RequestMatcher}
 	 */
 	public C regexMatchers(String... regexPatterns) {
@@ -226,9 +209,7 @@ public abstract class AbstractRequestMatcherRegistry<C> {
 	/**
 	 * Associates a list of {@link RequestMatcher} instances with the
 	 * {@link AbstractConfigAttributeRequestMatcherRegistry}
-	 *
 	 * @param requestMatchers the {@link RequestMatcher} instances
-	 *
 	 * @return the object that is chained after creating the {@link RequestMatcher}
 	 */
 	public C requestMatchers(RequestMatcher... requestMatchers) {
@@ -239,7 +220,6 @@ public abstract class AbstractRequestMatcherRegistry<C> {
 	/**
 	 * Subclasses should implement this method for returning the object that is chained to
 	 * the creation of the {@link RequestMatcher} instances.
-	 *
 	 * @param requestMatchers the {@link RequestMatcher} instances that were created
 	 * @return the chained Object for the subclass which allows association of something
 	 * else to the {@link RequestMatcher}
@@ -256,16 +236,13 @@ public abstract class AbstractRequestMatcherRegistry<C> {
 
 		/**
 		 * Create a {@link List} of {@link AntPathRequestMatcher} instances.
-		 *
 		 * @param httpMethod the {@link HttpMethod} to use or {@code null} for any
 		 * {@link HttpMethod}.
 		 * @param antPatterns the ant patterns to create {@link AntPathRequestMatcher}
 		 * from
-		 *
 		 * @return a {@link List} of {@link AntPathRequestMatcher} instances
 		 */
-		public static List<RequestMatcher> antMatchers(HttpMethod httpMethod,
-				String... antPatterns) {
+		public static List<RequestMatcher> antMatchers(HttpMethod httpMethod, String... antPatterns) {
 			String method = httpMethod == null ? null : httpMethod.toString();
 			List<RequestMatcher> matchers = new ArrayList<>();
 			for (String pattern : antPatterns) {
@@ -277,10 +254,8 @@ public abstract class AbstractRequestMatcherRegistry<C> {
 		/**
 		 * Create a {@link List} of {@link AntPathRequestMatcher} instances that do not
 		 * specify an {@link HttpMethod}.
-		 *
 		 * @param antPatterns the ant patterns to create {@link AntPathRequestMatcher}
 		 * from
-		 *
 		 * @return a {@link List} of {@link AntPathRequestMatcher} instances
 		 */
 		public static List<RequestMatcher> antMatchers(String... antPatterns) {
@@ -289,16 +264,13 @@ public abstract class AbstractRequestMatcherRegistry<C> {
 
 		/**
 		 * Create a {@link List} of {@link RegexRequestMatcher} instances.
-		 *
 		 * @param httpMethod the {@link HttpMethod} to use or {@code null} for any
 		 * {@link HttpMethod}.
 		 * @param regexPatterns the regular expressions to create
 		 * {@link RegexRequestMatcher} from
-		 *
 		 * @return a {@link List} of {@link RegexRequestMatcher} instances
 		 */
-		public static List<RequestMatcher> regexMatchers(HttpMethod httpMethod,
-				String... regexPatterns) {
+		public static List<RequestMatcher> regexMatchers(HttpMethod httpMethod, String... regexPatterns) {
 			String method = httpMethod == null ? null : httpMethod.toString();
 			List<RequestMatcher> matchers = new ArrayList<>();
 			for (String pattern : regexPatterns) {
@@ -310,10 +282,8 @@ public abstract class AbstractRequestMatcherRegistry<C> {
 		/**
 		 * Create a {@link List} of {@link RegexRequestMatcher} instances that do not
 		 * specify an {@link HttpMethod}.
-		 *
 		 * @param regexPatterns the regular expressions to create
 		 * {@link RegexRequestMatcher} from
-		 *
 		 * @return a {@link List} of {@link RegexRequestMatcher} instances
 		 */
 		public static List<RequestMatcher> regexMatchers(String... regexPatterns) {
@@ -322,6 +292,7 @@ public abstract class AbstractRequestMatcherRegistry<C> {
 
 		private RequestMatchers() {
 		}
+
 	}
 
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/HttpSecurityBuilder.java b/config/src/main/java/org/springframework/security/config/annotation/web/HttpSecurityBuilder.java
index 510f40cba6..61d69ad820 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/HttpSecurityBuilder.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/HttpSecurityBuilder.java
@@ -44,36 +44,29 @@ import org.springframework.security.web.session.ConcurrentSessionFilter;
 import org.springframework.security.web.session.SessionManagementFilter;
 
 /**
- *
  * @author Rob Winch
- *
  * @param <H>
  */
-public interface HttpSecurityBuilder<H extends HttpSecurityBuilder<H>> extends
-		SecurityBuilder<DefaultSecurityFilterChain> {
+public interface HttpSecurityBuilder<H extends HttpSecurityBuilder<H>>
+		extends SecurityBuilder<DefaultSecurityFilterChain> {
 
 	/**
 	 * Gets the {@link SecurityConfigurer} by its class name or <code>null</code> if not
 	 * found. Note that object hierarchies are not considered.
-	 *
 	 * @param clazz the Class of the {@link SecurityConfigurer} to attempt to get.
 	 */
-	<C extends SecurityConfigurer<DefaultSecurityFilterChain, H>> C getConfigurer(
-			Class<C> clazz);
+	<C extends SecurityConfigurer<DefaultSecurityFilterChain, H>> C getConfigurer(Class<C> clazz);
 
 	/**
 	 * Removes the {@link SecurityConfigurer} by its class name or <code>null</code> if
 	 * not found. Note that object hierarchies are not considered.
-	 *
 	 * @param clazz the Class of the {@link SecurityConfigurer} to attempt to remove.
 	 * @return the {@link SecurityConfigurer} that was removed or null if not found
 	 */
-	<C extends SecurityConfigurer<DefaultSecurityFilterChain, H>> C removeConfigurer(
-			Class<C> clazz);
+	<C extends SecurityConfigurer<DefaultSecurityFilterChain, H>> C removeConfigurer(Class<C> clazz);
 
 	/**
 	 * Sets an object that is shared by multiple {@link SecurityConfigurer}.
-	 *
 	 * @param sharedType the Class to key the shared object by.
 	 * @param object the Object to store
 	 */
@@ -81,7 +74,6 @@ public interface HttpSecurityBuilder<H extends HttpSecurityBuilder<H>> extends
 
 	/**
 	 * Gets a shared Object. Note that object heirarchies are not considered.
-	 *
 	 * @param sharedType the type of the shared Object
 	 * @return the shared Object or null if it is not found
 	 */
@@ -89,7 +81,6 @@ public interface HttpSecurityBuilder<H extends HttpSecurityBuilder<H>> extends
 
 	/**
 	 * Allows adding an additional {@link AuthenticationProvider} to be used
-	 *
 	 * @param authenticationProvider the {@link AuthenticationProvider} to be added
 	 * @return the {@link HttpSecurity} for further customizations
 	 */
@@ -97,7 +88,6 @@ public interface HttpSecurityBuilder<H extends HttpSecurityBuilder<H>> extends
 
 	/**
 	 * Allows adding an additional {@link UserDetailsService} to be used
-	 *
 	 * @param userDetailsService the {@link UserDetailsService} to be added
 	 * @return the {@link HttpSecurity} for further customizations
 	 */
@@ -108,7 +98,6 @@ public interface HttpSecurityBuilder<H extends HttpSecurityBuilder<H>> extends
 	 * known {@link Filter} instances are either a {@link Filter} listed in
 	 * {@link #addFilter(Filter)} or a {@link Filter} that has already been added using
 	 * {@link #addFilterAfter(Filter, Class)} or {@link #addFilterBefore(Filter, Class)}.
-	 *
 	 * @param filter the {@link Filter} to register after the type {@code afterFilter}
 	 * @param afterFilter the Class of the known {@link Filter}.
 	 * @return the {@link HttpSecurity} for further customizations
@@ -120,7 +109,6 @@ public interface HttpSecurityBuilder<H extends HttpSecurityBuilder<H>> extends
 	 * known {@link Filter} instances are either a {@link Filter} listed in
 	 * {@link #addFilter(Filter)} or a {@link Filter} that has already been added using
 	 * {@link #addFilterAfter(Filter, Class)} or {@link #addFilterBefore(Filter, Class)}.
-	 *
 	 * @param filter the {@link Filter} to register before the type {@code beforeFilter}
 	 * @param beforeFilter the Class of the known {@link Filter}.
 	 * @return the {@link HttpSecurity} for further customizations
@@ -140,7 +128,8 @@ public interface HttpSecurityBuilder<H extends HttpSecurityBuilder<H>> extends
 	 * <li>{@link LogoutFilter}</li>
 	 * <li>{@link X509AuthenticationFilter}</li>
 	 * <li>{@link AbstractPreAuthenticatedProcessingFilter}</li>
-	 * <li><a href="{@docRoot}/org/springframework/security/cas/web/CasAuthenticationFilter.html">CasAuthenticationFilter</a></li>
+	 * <li><a href="
+	 * {@docRoot}/org/springframework/security/cas/web/CasAuthenticationFilter.html">CasAuthenticationFilter</a></li>
 	 * <li>{@link UsernamePasswordAuthenticationFilter}</li>
 	 * <li>{@link OpenIDAuthenticationFilter}</li>
 	 * <li>{@link org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter}</li>
@@ -159,9 +148,9 @@ public interface HttpSecurityBuilder<H extends HttpSecurityBuilder<H>> extends
 	 * <li>{@link FilterSecurityInterceptor}</li>
 	 * <li>{@link SwitchUserFilter}</li>
 	 * </ul>
-	 *
 	 * @param filter the {@link Filter} to add
 	 * @return the {@link HttpSecurity} for further customizations
 	 */
 	H addFilter(Filter filter);
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/WebSecurityConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/WebSecurityConfigurer.java
index e97f2cf4da..68da8c63e9 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/WebSecurityConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/WebSecurityConfigurer.java
@@ -28,17 +28,15 @@ import org.springframework.security.web.SecurityFilterChain;
 /**
  * Allows customization to the {@link WebSecurity}. In most instances users will use
  * {@link EnableWebSecurity} and either create a {@link Configuration} that extends
- * {@link WebSecurityConfigurerAdapter} or expose a {@link SecurityFilterChain} bean.
- * Both will automatically be applied to the {@link WebSecurity} by the
+ * {@link WebSecurityConfigurerAdapter} or expose a {@link SecurityFilterChain} bean. Both
+ * will automatically be applied to the {@link WebSecurity} by the
  * {@link EnableWebSecurity} annotation.
  *
  * @see WebSecurityConfigurerAdapter
  * @see SecurityFilterChain
- *
  * @author Rob Winch
  * @since 3.2
  */
-public interface WebSecurityConfigurer<T extends SecurityBuilder<Filter>> extends
-		SecurityConfigurer<Filter, T> {
+public interface WebSecurityConfigurer<T extends SecurityBuilder<Filter>> extends SecurityConfigurer<Filter, T> {
 
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/builders/FilterComparator.java b/config/src/main/java/org/springframework/security/config/annotation/web/builders/FilterComparator.java
index 4b96267a59..f62ce4bafc 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/builders/FilterComparator.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/builders/FilterComparator.java
@@ -56,8 +56,11 @@ import org.springframework.web.filter.CorsFilter;
 
 @SuppressWarnings("serial")
 final class FilterComparator implements Comparator<Filter>, Serializable {
+
 	private static final int INITIAL_ORDER = 100;
+
 	private static final int ORDER_STEP = 100;
+
 	private final Map<String, Integer> filterToOrder = new HashMap<>();
 
 	FilterComparator() {
@@ -70,40 +73,35 @@ final class FilterComparator implements Comparator<Filter>, Serializable {
 		put(CorsFilter.class, order.next());
 		put(CsrfFilter.class, order.next());
 		put(LogoutFilter.class, order.next());
-		filterToOrder.put(
-			"org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter",
+		filterToOrder.put("org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter",
 				order.next());
 		filterToOrder.put(
 				"org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationRequestFilter",
 				order.next());
 		put(X509AuthenticationFilter.class, order.next());
 		put(AbstractPreAuthenticatedProcessingFilter.class, order.next());
-		filterToOrder.put("org.springframework.security.cas.web.CasAuthenticationFilter",
-				order.next());
-		filterToOrder.put(
-			"org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter",
+		filterToOrder.put("org.springframework.security.cas.web.CasAuthenticationFilter", order.next());
+		filterToOrder.put("org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter",
 				order.next());
 		filterToOrder.put(
 				"org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationFilter",
 				order.next());
 		put(UsernamePasswordAuthenticationFilter.class, order.next());
 		order.next(); // gh-8105
-		filterToOrder.put(
-				"org.springframework.security.openid.OpenIDAuthenticationFilter", order.next());
+		filterToOrder.put("org.springframework.security.openid.OpenIDAuthenticationFilter", order.next());
 		put(DefaultLoginPageGeneratingFilter.class, order.next());
 		put(DefaultLogoutPageGeneratingFilter.class, order.next());
 		put(ConcurrentSessionFilter.class, order.next());
 		put(DigestAuthenticationFilter.class, order.next());
-		filterToOrder.put(
-				"org.springframework.security.oauth2.server.resource.web.BearerTokenAuthenticationFilter", order.next());
+		filterToOrder.put("org.springframework.security.oauth2.server.resource.web.BearerTokenAuthenticationFilter",
+				order.next());
 		put(BasicAuthenticationFilter.class, order.next());
 		put(RequestCacheAwareFilter.class, order.next());
 		put(SecurityContextHolderAwareRequestFilter.class, order.next());
 		put(JaasApiIntegrationFilter.class, order.next());
 		put(RememberMeAuthenticationFilter.class, order.next());
 		put(AnonymousAuthenticationFilter.class, order.next());
-		filterToOrder.put(
-			"org.springframework.security.oauth2.client.web.OAuth2AuthorizationCodeGrantFilter",
+		filterToOrder.put("org.springframework.security.oauth2.client.web.OAuth2AuthorizationCodeGrantFilter",
 				order.next());
 		put(SessionManagementFilter.class, order.next());
 		put(ExceptionTranslationFilter.class, order.next());
@@ -119,7 +117,6 @@ final class FilterComparator implements Comparator<Filter>, Serializable {
 
 	/**
 	 * Determines if a particular {@link Filter} is registered to be sorted
-	 *
 	 * @param filter
 	 * @return
 	 */
@@ -134,12 +131,10 @@ final class FilterComparator implements Comparator<Filter>, Serializable {
 	 * @param afterFilter the {@link Filter} that is already registered and that
 	 * {@code filter} should be placed after.
 	 */
-	public void registerAfter(Class<? extends Filter> filter,
-			Class<? extends Filter> afterFilter) {
+	public void registerAfter(Class<? extends Filter> filter, Class<? extends Filter> afterFilter) {
 		Integer position = getOrder(afterFilter);
 		if (position == null) {
-			throw new IllegalArgumentException(
-					"Cannot register after unregistered Filter " + afterFilter);
+			throw new IllegalArgumentException("Cannot register after unregistered Filter " + afterFilter);
 		}
 
 		put(filter, position + 1);
@@ -151,12 +146,10 @@ final class FilterComparator implements Comparator<Filter>, Serializable {
 	 * @param atFilter the {@link Filter} that is already registered and that
 	 * {@code filter} should be placed at.
 	 */
-	public void registerAt(Class<? extends Filter> filter,
-			Class<? extends Filter> atFilter) {
+	public void registerAt(Class<? extends Filter> filter, Class<? extends Filter> atFilter) {
 		Integer position = getOrder(atFilter);
 		if (position == null) {
-			throw new IllegalArgumentException(
-					"Cannot register after unregistered Filter " + atFilter);
+			throw new IllegalArgumentException("Cannot register after unregistered Filter " + atFilter);
 		}
 
 		put(filter, position);
@@ -169,12 +162,10 @@ final class FilterComparator implements Comparator<Filter>, Serializable {
 	 * @param beforeFilter the {@link Filter} that is already registered and that
 	 * {@code filter} should be placed before.
 	 */
-	public void registerBefore(Class<? extends Filter> filter,
-			Class<? extends Filter> beforeFilter) {
+	public void registerBefore(Class<? extends Filter> filter, Class<? extends Filter> beforeFilter) {
 		Integer position = getOrder(beforeFilter);
 		if (position == null) {
-			throw new IllegalArgumentException(
-					"Cannot register after unregistered Filter " + beforeFilter);
+			throw new IllegalArgumentException("Cannot register after unregistered Filter " + beforeFilter);
 		}
 
 		put(filter, position - 1);
@@ -188,7 +179,6 @@ final class FilterComparator implements Comparator<Filter>, Serializable {
 	/**
 	 * Gets the order of a particular {@link Filter} class taking into consideration
 	 * superclasses.
-	 *
 	 * @param clazz the {@link Filter} class to determine the sort order
 	 * @return the sort order or null if not defined
 	 */
@@ -206,6 +196,7 @@ final class FilterComparator implements Comparator<Filter>, Serializable {
 	private static class Step {
 
 		private int value;
+
 		private final int stepSize;
 
 		Step(int initialValue, int stepSize) {
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java b/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java
index b056bdc898..e082f1fb57 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java
@@ -120,13 +120,15 @@ import javax.servlet.http.HttpServletRequest;
  * @since 3.2
  * @see EnableWebSecurity
  */
-public final class HttpSecurity extends
-		AbstractConfiguredSecurityBuilder<DefaultSecurityFilterChain, HttpSecurity>
-		implements SecurityBuilder<DefaultSecurityFilterChain>,
-		HttpSecurityBuilder<HttpSecurity> {
+public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<DefaultSecurityFilterChain, HttpSecurity>
+		implements SecurityBuilder<DefaultSecurityFilterChain>, HttpSecurityBuilder<HttpSecurity> {
+
 	private final RequestMatcherConfigurer requestMatcherConfigurer;
+
 	private List<Filter> filters = new ArrayList<>();
+
 	private RequestMatcher requestMatcher = AnyRequestMatcher.INSTANCE;
+
 	private FilterComparator comparator = new FilterComparator();
 
 	/**
@@ -139,17 +141,14 @@ public final class HttpSecurity extends
 	 */
 	@SuppressWarnings("unchecked")
 	public HttpSecurity(ObjectPostProcessor<Object> objectPostProcessor,
-			AuthenticationManagerBuilder authenticationBuilder,
-			Map<Class<?>, Object> sharedObjects) {
+			AuthenticationManagerBuilder authenticationBuilder, Map<Class<?>, Object> sharedObjects) {
 		super(objectPostProcessor);
 		Assert.notNull(authenticationBuilder, "authenticationBuilder cannot be null");
 		setSharedObject(AuthenticationManagerBuilder.class, authenticationBuilder);
-		for (Map.Entry<Class<?>, Object> entry : sharedObjects
-				.entrySet()) {
+		for (Map.Entry<Class<?>, Object> entry : sharedObjects.entrySet()) {
 			setSharedObject((Class<Object>) entry.getKey(), entry.getValue());
 		}
-		ApplicationContext context = (ApplicationContext) sharedObjects
-				.get(ApplicationContext.class);
+		ApplicationContext context = (ApplicationContext) sharedObjects.get(ApplicationContext.class);
 		this.requestMatcherConfigurer = new RequestMatcherConfigurer(context);
 	}
 
@@ -231,11 +230,11 @@ public final class HttpSecurity extends
 	 * 	}
 	 * }
 	 * </pre>
-	 *
 	 * @return the {@link OpenIDLoginConfigurer} for further customizations.
 	 * @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are
-	 *  <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to migrate</a>
-	 *  to <a href="https://openid.net/connect/">OpenID Connect</a>, which is supported by <code>spring-security-oauth2</code>.
+	 * <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to
+	 * migrate</a> to <a href="https://openid.net/connect/">OpenID Connect</a>, which is
+	 * supported by <code>spring-security-oauth2</code>.
 	 * @throws Exception
 	 * @see OpenIDLoginConfigurer
 	 */
@@ -354,24 +353,25 @@ public final class HttpSecurity extends
 	 * </pre>
 	 *
 	 * @see OpenIDLoginConfigurer
-	 *
-	 * @param openidLoginCustomizer the {@link Customizer} to provide more options for
-	 * the {@link OpenIDLoginConfigurer}
+	 * @param openidLoginCustomizer the {@link Customizer} to provide more options for the
+	 * {@link OpenIDLoginConfigurer}
 	 * @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are
-	 *  <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to migrate</a>
-	 *  to <a href="https://openid.net/connect/">OpenID Connect</a>, which is supported by <code>spring-security-oauth2</code>.
+	 * <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to
+	 * migrate</a> to <a href="https://openid.net/connect/">OpenID Connect</a>, which is
+	 * supported by <code>spring-security-oauth2</code>.
 	 * @return the {@link HttpSecurity} for further customizations
 	 * @throws Exception
 	 */
-	public HttpSecurity openidLogin(Customizer<OpenIDLoginConfigurer<HttpSecurity>> openidLoginCustomizer) throws Exception {
+	public HttpSecurity openidLogin(Customizer<OpenIDLoginConfigurer<HttpSecurity>> openidLoginCustomizer)
+			throws Exception {
 		openidLoginCustomizer.customize(getOrApply(new OpenIDLoginConfigurer<>()));
 		return HttpSecurity.this;
 	}
 
 	/**
 	 * Adds the Security headers to the response. This is activated by default when using
-	 * {@link WebSecurityConfigurerAdapter}'s default constructor. Accepting the
-	 * default provided by {@link WebSecurityConfigurerAdapter} or only invoking
+	 * {@link WebSecurityConfigurerAdapter}'s default constructor. Accepting the default
+	 * provided by {@link WebSecurityConfigurerAdapter} or only invoking
 	 * {@link #headers()} without invoking additional methods on it, is the equivalent of:
 	 *
 	 * <pre>
@@ -415,9 +415,9 @@ public final class HttpSecurity extends
 	 * </pre>
 	 *
 	 * You can enable only a few of the headers by first invoking
-	 * {@link HeadersConfigurer#defaultsDisabled()}
-	 * and then invoking the appropriate methods on the {@link #headers()} result.
-	 * For example, the following will enable {@link HeadersConfigurer#cacheControl()} and
+	 * {@link HeadersConfigurer#defaultsDisabled()} and then invoking the appropriate
+	 * methods on the {@link #headers()} result. For example, the following will enable
+	 * {@link HeadersConfigurer#cacheControl()} and
 	 * {@link HeadersConfigurer#frameOptions()} only.
 	 *
 	 * <pre>
@@ -439,8 +439,8 @@ public final class HttpSecurity extends
 	 * }
 	 * </pre>
 	 *
-	 * You can also choose to keep the defaults but explicitly disable a subset of headers.
-	 * For example, the following will enable all the default headers except
+	 * You can also choose to keep the defaults but explicitly disable a subset of
+	 * headers. For example, the following will enable all the default headers except
 	 * {@link HeadersConfigurer#frameOptions()}.
 	 *
 	 * <pre>
@@ -459,7 +459,6 @@ public final class HttpSecurity extends
 	 *     }
 	 * }
 	 * </pre>
-	 *
 	 * @return the {@link HeadersConfigurer} for further customizations
 	 * @throws Exception
 	 * @see HeadersConfigurer
@@ -474,8 +473,9 @@ public final class HttpSecurity extends
 	 *
 	 * <h2>Example Configurations</h2>
 	 *
-	 * Accepting the default provided by {@link WebSecurityConfigurerAdapter} or only invoking
-	 * {@link #headers()} without invoking additional methods on it, is the equivalent of:
+	 * Accepting the default provided by {@link WebSecurityConfigurerAdapter} or only
+	 * invoking {@link #headers()} without invoking additional methods on it, is the
+	 * equivalent of:
 	 *
 	 * <pre>
 	 * &#064;Configuration
@@ -513,9 +513,9 @@ public final class HttpSecurity extends
 	 * </pre>
 	 *
 	 * You can enable only a few of the headers by first invoking
-	 * {@link HeadersConfigurer#defaultsDisabled()}
-	 * and then invoking the appropriate methods on the {@link #headers()} result.
-	 * For example, the following will enable {@link HeadersConfigurer#cacheControl()} and
+	 * {@link HeadersConfigurer#defaultsDisabled()} and then invoking the appropriate
+	 * methods on the {@link #headers()} result. For example, the following will enable
+	 * {@link HeadersConfigurer#cacheControl()} and
 	 * {@link HeadersConfigurer#frameOptions()} only.
 	 *
 	 * <pre>
@@ -536,8 +536,8 @@ public final class HttpSecurity extends
 	 * }
 	 * </pre>
 	 *
-	 * You can also choose to keep the defaults but explicitly disable a subset of headers.
-	 * For example, the following will enable all the default headers except
+	 * You can also choose to keep the defaults but explicitly disable a subset of
+	 * headers. For example, the following will enable all the default headers except
 	 * {@link HeadersConfigurer#frameOptions()}.
 	 *
 	 * <pre>
@@ -554,9 +554,8 @@ public final class HttpSecurity extends
 	 *  		);
 	 * }
 	 * </pre>
-	 *
-	 * @param headersCustomizer the {@link Customizer} to provide more options for
-	 * the {@link HeadersConfigurer}
+	 * @param headersCustomizer the {@link Customizer} to provide more options for the
+	 * {@link HeadersConfigurer}
 	 * @return the {@link HttpSecurity} for further customizations
 	 * @throws Exception
 	 */
@@ -570,7 +569,6 @@ public final class HttpSecurity extends
 	 * provided, that {@link CorsFilter} is used. Else if corsConfigurationSource is
 	 * defined, then that {@link CorsConfiguration} is used. Otherwise, if Spring MVC is
 	 * on the classpath a {@link HandlerMappingIntrospector} is used.
-	 *
 	 * @return the {@link CorsConfigurer} for customizations
 	 * @throws Exception
 	 */
@@ -582,8 +580,8 @@ public final class HttpSecurity extends
 	 * Adds a {@link CorsFilter} to be used. If a bean by the name of corsFilter is
 	 * provided, that {@link CorsFilter} is used. Else if corsConfigurationSource is
 	 * defined, then that {@link CorsConfiguration} is used. Otherwise, if Spring MVC is
-	 * on the classpath a {@link HandlerMappingIntrospector} is used.
-	 * You can enable CORS using:
+	 * on the classpath a {@link HandlerMappingIntrospector} is used. You can enable CORS
+	 * using:
 	 *
 	 * <pre>
 	 * &#064;Configuration
@@ -597,9 +595,8 @@ public final class HttpSecurity extends
 	 *     }
 	 * }
 	 * </pre>
-	 *
-	 * @param corsCustomizer the {@link Customizer} to provide more options for
-	 * the {@link CorsConfigurer}
+	 * @param corsCustomizer the {@link Customizer} to provide more options for the
+	 * {@link CorsConfigurer}
 	 * @return the {@link HttpSecurity} for further customizations
 	 * @throws Exception
 	 */
@@ -652,7 +649,6 @@ public final class HttpSecurity extends
 	 * Alternatively,
 	 * {@link AbstractSecurityWebApplicationInitializer#enableHttpSessionEventPublisher()}
 	 * could return true.
-	 *
 	 * @return the {@link SessionManagementConfigurer} for further customizations
 	 * @throws Exception
 	 */
@@ -713,13 +709,13 @@ public final class HttpSecurity extends
 	 * Alternatively,
 	 * {@link AbstractSecurityWebApplicationInitializer#enableHttpSessionEventPublisher()}
 	 * could return true.
-	 *
-	 * @param sessionManagementCustomizer the {@link Customizer} to provide more options for
-	 * the {@link SessionManagementConfigurer}
+	 * @param sessionManagementCustomizer the {@link Customizer} to provide more options
+	 * for the {@link SessionManagementConfigurer}
 	 * @return the {@link HttpSecurity} for further customizations
 	 * @throws Exception
 	 */
-	public HttpSecurity sessionManagement(Customizer<SessionManagementConfigurer<HttpSecurity>> sessionManagementCustomizer) throws Exception {
+	public HttpSecurity sessionManagement(
+			Customizer<SessionManagementConfigurer<HttpSecurity>> sessionManagementCustomizer) throws Exception {
 		sessionManagementCustomizer.customize(getOrApply(new SessionManagementConfigurer<>()));
 		return HttpSecurity.this;
 	}
@@ -758,7 +754,6 @@ public final class HttpSecurity extends
 	 * 	}
 	 * }
 	 * </pre>
-	 *
 	 * @return the {@link PortMapperConfigurer} for further customizations
 	 * @throws Exception
 	 * @see #requiresChannel()
@@ -804,19 +799,20 @@ public final class HttpSecurity extends
 	 * </pre>
 	 *
 	 * @see #requiresChannel()
-	 * @param portMapperCustomizer the {@link Customizer} to provide more options for
-	 * the {@link PortMapperConfigurer}
+	 * @param portMapperCustomizer the {@link Customizer} to provide more options for the
+	 * {@link PortMapperConfigurer}
 	 * @return the {@link HttpSecurity} for further customizations
 	 * @throws Exception
 	 */
-	public HttpSecurity portMapper(Customizer<PortMapperConfigurer<HttpSecurity>> portMapperCustomizer) throws Exception {
+	public HttpSecurity portMapper(Customizer<PortMapperConfigurer<HttpSecurity>> portMapperCustomizer)
+			throws Exception {
 		portMapperCustomizer.customize(getOrApply(new PortMapperConfigurer<>()));
 		return HttpSecurity.this;
 	}
 
 	/**
-	 * Configures container based pre authentication. In this case, authentication
-	 * is managed by the Servlet Container.
+	 * Configures container based pre authentication. In this case, authentication is
+	 * managed by the Servlet Container.
 	 *
 	 * <h2>Example Configuration</h2>
 	 *
@@ -878,7 +874,6 @@ public final class HttpSecurity extends
 	 * Last you will need to configure your container to contain the user with the correct
 	 * roles. This configuration is specific to the Servlet Container, so consult your
 	 * Servlet Container's documentation.
-	 *
 	 * @return the {@link JeeConfigurer} for further customizations
 	 * @throws Exception
 	 */
@@ -887,8 +882,8 @@ public final class HttpSecurity extends
 	}
 
 	/**
-	 * Configures container based pre authentication. In this case, authentication
-	 * is managed by the Servlet Container.
+	 * Configures container based pre authentication. In this case, authentication is
+	 * managed by the Servlet Container.
 	 *
 	 * <h2>Example Configuration</h2>
 	 *
@@ -956,9 +951,8 @@ public final class HttpSecurity extends
 	 * Last you will need to configure your container to contain the user with the correct
 	 * roles. This configuration is specific to the Servlet Container, so consult your
 	 * Servlet Container's documentation.
-	 *
-	 * @param jeeCustomizer the {@link Customizer} to provide more options for
-	 * the {@link JeeConfigurer}
+	 * @param jeeCustomizer the {@link Customizer} to provide more options for the
+	 * {@link JeeConfigurer}
 	 * @return the {@link HttpSecurity} for further customizations
 	 * @throws Exception
 	 */
@@ -989,7 +983,6 @@ public final class HttpSecurity extends
 	 * 	}
 	 * }
 	 * </pre>
-	 *
 	 * @return the {@link X509Configurer} for further customizations
 	 * @throws Exception
 	 */
@@ -1022,9 +1015,8 @@ public final class HttpSecurity extends
 	 * 	}
 	 * }
 	 * </pre>
-	 *
-	 * @param x509Customizer the {@link Customizer} to provide more options for
-	 * the {@link X509Configurer}
+	 * @param x509Customizer the {@link Customizer} to provide more options for the
+	 * {@link X509Configurer}
 	 * @return the {@link HttpSecurity} for further customizations
 	 * @throws Exception
 	 */
@@ -1062,7 +1054,6 @@ public final class HttpSecurity extends
 	 * 	}
 	 * }
 	 * </pre>
-	 *
 	 * @return the {@link RememberMeConfigurer} for further customizations
 	 * @throws Exception
 	 */
@@ -1097,13 +1088,13 @@ public final class HttpSecurity extends
 	 * 	}
 	 * }
 	 * </pre>
-	 *
-	 * @param rememberMeCustomizer the {@link Customizer} to provide more options for
-	 * the {@link RememberMeConfigurer}
+	 * @param rememberMeCustomizer the {@link Customizer} to provide more options for the
+	 * {@link RememberMeConfigurer}
 	 * @return the {@link HttpSecurity} for further customizations
 	 * @throws Exception
 	 */
-	public HttpSecurity rememberMe(Customizer<RememberMeConfigurer<HttpSecurity>> rememberMeCustomizer) throws Exception {
+	public HttpSecurity rememberMe(Customizer<RememberMeConfigurer<HttpSecurity>> rememberMeCustomizer)
+			throws Exception {
 		rememberMeCustomizer.customize(getOrApply(new RememberMeConfigurer<>()));
 		return HttpSecurity.this;
 	}
@@ -1169,15 +1160,13 @@ public final class HttpSecurity extends
 	 * </pre>
 	 *
 	 * @see #requestMatcher(RequestMatcher)
-	 *
 	 * @return the {@link ExpressionUrlAuthorizationConfigurer} for further customizations
 	 * @throws Exception
 	 */
 	public ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry authorizeRequests()
 			throws Exception {
 		ApplicationContext context = getContext();
-		return getOrApply(new ExpressionUrlAuthorizationConfigurer<>(context))
-				.getRegistry();
+		return getOrApply(new ExpressionUrlAuthorizationConfigurer<>(context)).getRegistry();
 	}
 
 	/**
@@ -1251,17 +1240,17 @@ public final class HttpSecurity extends
 	 * </pre>
 	 *
 	 * @see #requestMatcher(RequestMatcher)
-	 *
-	 * @param authorizeRequestsCustomizer the {@link Customizer} to provide more options for
-	 * the {@link ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry}
+	 * @param authorizeRequestsCustomizer the {@link Customizer} to provide more options
+	 * for the {@link ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry}
 	 * @return the {@link HttpSecurity} for further customizations
 	 * @throws Exception
 	 */
-	public HttpSecurity authorizeRequests(Customizer<ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry> authorizeRequestsCustomizer)
+	public HttpSecurity authorizeRequests(
+			Customizer<ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry> authorizeRequestsCustomizer)
 			throws Exception {
 		ApplicationContext context = getContext();
-		authorizeRequestsCustomizer.customize(getOrApply(new ExpressionUrlAuthorizationConfigurer<>(context))
-				.getRegistry());
+		authorizeRequestsCustomizer
+				.customize(getOrApply(new ExpressionUrlAuthorizationConfigurer<>(context)).getRegistry());
 		return HttpSecurity.this;
 	}
 
@@ -1271,7 +1260,6 @@ public final class HttpSecurity extends
 	 * a login page. After authentication, Spring Security will redirect the user to the
 	 * originally requested protected page (/protected). This is automatically applied
 	 * when using {@link WebSecurityConfigurerAdapter}.
-	 *
 	 * @return the {@link RequestCacheConfigurer} for further customizations
 	 * @throws Exception
 	 */
@@ -1308,7 +1296,6 @@ public final class HttpSecurity extends
 	 * 	}
 	 * }
 	 * </pre>
-	 *
 	 * @param requestCacheCustomizer the {@link Customizer} to provide more options for
 	 * the {@link RequestCacheConfigurer}
 	 * @return the {@link HttpSecurity} for further customizations
@@ -1323,7 +1310,6 @@ public final class HttpSecurity extends
 	/**
 	 * Allows configuring exception handling. This is automatically applied when using
 	 * {@link WebSecurityConfigurerAdapter}.
-	 *
 	 * @return the {@link ExceptionHandlingConfigurer} for further customizations
 	 * @throws Exception
 	 */
@@ -1337,8 +1323,8 @@ public final class HttpSecurity extends
 	 *
 	 * <h2>Example Custom Configuration</h2>
 	 *
-	 * The following customization will ensure that users who are denied access are forwarded
-	 * to the page "/errors/access-denied".
+	 * The following customization will ensure that users who are denied access are
+	 * forwarded to the page "/errors/access-denied".
 	 *
 	 * <pre>
 	 * &#064;Configuration
@@ -1360,13 +1346,13 @@ public final class HttpSecurity extends
 	 * 	}
 	 * }
 	 * </pre>
-	 *
-	 * @param exceptionHandlingCustomizer the {@link Customizer} to provide more options for
-	 * the {@link ExceptionHandlingConfigurer}
+	 * @param exceptionHandlingCustomizer the {@link Customizer} to provide more options
+	 * for the {@link ExceptionHandlingConfigurer}
 	 * @return the {@link HttpSecurity} for further customizations
 	 * @throws Exception
 	 */
-	public HttpSecurity exceptionHandling(Customizer<ExceptionHandlingConfigurer<HttpSecurity>> exceptionHandlingCustomizer) throws Exception {
+	public HttpSecurity exceptionHandling(
+			Customizer<ExceptionHandlingConfigurer<HttpSecurity>> exceptionHandlingCustomizer) throws Exception {
 		exceptionHandlingCustomizer.customize(getOrApply(new ExceptionHandlingConfigurer<>()));
 		return HttpSecurity.this;
 	}
@@ -1375,7 +1361,6 @@ public final class HttpSecurity extends
 	 * Sets up management of the {@link SecurityContext} on the
 	 * {@link SecurityContextHolder} between {@link HttpServletRequest}'s. This is
 	 * automatically applied when using {@link WebSecurityConfigurerAdapter}.
-	 *
 	 * @return the {@link SecurityContextConfigurer} for further customizations
 	 * @throws Exception
 	 */
@@ -1405,13 +1390,13 @@ public final class HttpSecurity extends
 	 * 	}
 	 * }
 	 * </pre>
-	 *
 	 * @param securityContextCustomizer the {@link Customizer} to provide more options for
 	 * the {@link SecurityContextConfigurer}
 	 * @return the {@link HttpSecurity} for further customizations
 	 * @throws Exception
 	 */
-	public HttpSecurity securityContext(Customizer<SecurityContextConfigurer<HttpSecurity>> securityContextCustomizer) throws Exception {
+	public HttpSecurity securityContext(Customizer<SecurityContextConfigurer<HttpSecurity>> securityContextCustomizer)
+			throws Exception {
 		securityContextCustomizer.customize(getOrApply(new SecurityContextConfigurer<>()));
 		return HttpSecurity.this;
 	}
@@ -1420,7 +1405,6 @@ public final class HttpSecurity extends
 	 * Integrates the {@link HttpServletRequest} methods with the values found on the
 	 * {@link SecurityContext}. This is automatically applied when using
 	 * {@link WebSecurityConfigurerAdapter}.
-	 *
 	 * @return the {@link ServletApiConfigurer} for further customizations
 	 * @throws Exception
 	 */
@@ -1447,13 +1431,13 @@ public final class HttpSecurity extends
 	 * 	}
 	 * }
 	 * </pre>
-	 *
-	 * @param servletApiCustomizer the {@link Customizer} to provide more options for
-	 * the {@link ServletApiConfigurer}
+	 * @param servletApiCustomizer the {@link Customizer} to provide more options for the
+	 * {@link ServletApiConfigurer}
 	 * @return the {@link HttpSecurity} for further customizations
 	 * @throws Exception
 	 */
-	public HttpSecurity servletApi(Customizer<ServletApiConfigurer<HttpSecurity>> servletApiCustomizer) throws Exception {
+	public HttpSecurity servletApi(Customizer<ServletApiConfigurer<HttpSecurity>> servletApiCustomizer)
+			throws Exception {
 		servletApiCustomizer.customize(getOrApply(new ServletApiConfigurer<>()));
 		return HttpSecurity.this;
 	}
@@ -1476,7 +1460,6 @@ public final class HttpSecurity extends
 	 *     }
 	 * }
 	 * </pre>
-	 *
 	 * @return the {@link CsrfConfigurer} for further customizations
 	 * @throws Exception
 	 */
@@ -1502,9 +1485,8 @@ public final class HttpSecurity extends
 	 *     }
 	 * }
 	 * </pre>
-	 *
-	 * @param csrfCustomizer the {@link Customizer} to provide more options for
-	 * the {@link CsrfConfigurer}
+	 * @param csrfCustomizer the {@link Customizer} to provide more options for the
+	 * {@link CsrfConfigurer}
 	 * @return the {@link HttpSecurity} for further customizations
 	 * @throws Exception
 	 */
@@ -1547,7 +1529,6 @@ public final class HttpSecurity extends
 	 * 	}
 	 * }
 	 * </pre>
-	 *
 	 * @return the {@link LogoutConfigurer} for further customizations
 	 * @throws Exception
 	 */
@@ -1591,9 +1572,8 @@ public final class HttpSecurity extends
 	 * 	}
 	 * }
 	 * </pre>
-	 *
-	 * @param logoutCustomizer the {@link Customizer} to provide more options for
-	 * the {@link LogoutConfigurer}
+	 * @param logoutCustomizer the {@link Customizer} to provide more options for the
+	 * {@link LogoutConfigurer}
 	 * @return the {@link HttpSecurity} for further customizations
 	 * @throws Exception
 	 */
@@ -1665,7 +1645,6 @@ public final class HttpSecurity extends
 	 * 	}
 	 * }
 	 * </pre>
-	 *
 	 * @return the {@link AnonymousConfigurer} for further customizations
 	 * @throws Exception
 	 */
@@ -1736,9 +1715,8 @@ public final class HttpSecurity extends
 	 * 	}
 	 * }
 	 * </pre>
-	 *
-	 * @param anonymousCustomizer the {@link Customizer} to provide more options for
-	 * the {@link AnonymousConfigurer}
+	 * @param anonymousCustomizer the {@link Customizer} to provide more options for the
+	 * {@link AnonymousConfigurer}
 	 * @return the {@link HttpSecurity} for further customizations
 	 * @throws Exception
 	 */
@@ -1747,7 +1725,6 @@ public final class HttpSecurity extends
 		return HttpSecurity.this;
 	}
 
-
 	/**
 	 * Specifies to support form based authentication. If
 	 * {@link FormLoginConfigurer#loginPage(String)} is not specified a default login page
@@ -1804,7 +1781,6 @@ public final class HttpSecurity extends
 	 * </pre>
 	 *
 	 * @see FormLoginConfigurer#loginPage(String)
-	 *
 	 * @return the {@link FormLoginConfigurer} for further customizations
 	 * @throws Exception
 	 */
@@ -1868,9 +1844,8 @@ public final class HttpSecurity extends
 	 * </pre>
 	 *
 	 * @see FormLoginConfigurer#loginPage(String)
-	 *
-	 * @param formLoginCustomizer the {@link Customizer} to provide more options for
-	 * the {@link FormLoginConfigurer}
+	 * @param formLoginCustomizer the {@link Customizer} to provide more options for the
+	 * {@link FormLoginConfigurer}
 	 * @return the {@link HttpSecurity} for further customizations
 	 * @throws Exception
 	 */
@@ -1880,40 +1855,39 @@ public final class HttpSecurity extends
 	}
 
 	/**
-	 * Configures authentication support using an SAML 2.0 Service Provider.
-	 * <br>
+	 * Configures authentication support using an SAML 2.0 Service Provider. <br>
 	 * <br>
 	 *
-	 * The &quot;authentication flow&quot; is implemented using the <b>Web Browser SSO Profile, using POST and REDIRECT bindings</b>,
-	 * as documented in the <a target="_blank" href="https://docs.oasis-open.org/security/saml/">SAML V2.0 Core,Profiles and Bindings</a>
-	 * specifications.
-	 * <br>
+	 * The &quot;authentication flow&quot; is implemented using the <b>Web Browser SSO
+	 * Profile, using POST and REDIRECT bindings</b>, as documented in the
+	 * <a target="_blank" href="https://docs.oasis-open.org/security/saml/">SAML V2.0
+	 * Core,Profiles and Bindings</a> specifications. <br>
 	 * <br>
 	 *
-	 * As a prerequisite to using this feature, is that you have a SAML v2.0 Identity Provider to provide an assertion.
-	 * The representation of the Service Provider, the relying party, and the remote Identity Provider, the asserting party
-	 * is contained within {@link RelyingPartyRegistration}.
-	 * <br>
+	 * As a prerequisite to using this feature, is that you have a SAML v2.0 Identity
+	 * Provider to provide an assertion. The representation of the Service Provider, the
+	 * relying party, and the remote Identity Provider, the asserting party is contained
+	 * within {@link RelyingPartyRegistration}. <br>
 	 * <br>
 	 *
 	 * {@link RelyingPartyRegistration}(s) are composed within a
-	 * {@link RelyingPartyRegistrationRepository},
-	 * which is <b>required</b> and must be registered with the {@link ApplicationContext} or
-	 * configured via <code>saml2Login().relyingPartyRegistrationRepository(..)</code>.
-	 * <br>
+	 * {@link RelyingPartyRegistrationRepository}, which is <b>required</b> and must be
+	 * registered with the {@link ApplicationContext} or configured via
+	 * <code>saml2Login().relyingPartyRegistrationRepository(..)</code>. <br>
 	 * <br>
 	 *
-	 * The default configuration provides an auto-generated login page at <code>&quot;/login&quot;</code> and
-	 * redirects to <code>&quot;/login?error&quot;</code> when an authentication error occurs.
-	 * The login page will display each of the identity providers with a link
-	 * that is capable of initiating the &quot;authentication flow&quot;.
-	 * <br>
+	 * The default configuration provides an auto-generated login page at
+	 * <code>&quot;/login&quot;</code> and redirects to
+	 * <code>&quot;/login?error&quot;</code> when an authentication error occurs. The
+	 * login page will display each of the identity providers with a link that is capable
+	 * of initiating the &quot;authentication flow&quot;. <br>
 	 * <br>
 	 *
 	 * <p>
 	 * <h2>Example Configuration</h2>
 	 *
-	 * The following example shows the minimal configuration required, using SimpleSamlPhp as the Authentication Provider.
+	 * The following example shows the minimal configuration required, using SimpleSamlPhp
+	 * as the Authentication Provider.
 	 *
 	 * <pre>
 	 * &#064;Configuration
@@ -1971,40 +1945,39 @@ public final class HttpSecurity extends
 	}
 
 	/**
-	 * Configures authentication support using an SAML 2.0 Service Provider.
-	 * <br>
+	 * Configures authentication support using an SAML 2.0 Service Provider. <br>
 	 * <br>
 	 *
-	 * The &quot;authentication flow&quot; is implemented using the <b>Web Browser SSO Profile, using POST and REDIRECT bindings</b>,
-	 * as documented in the <a target="_blank" href="https://docs.oasis-open.org/security/saml/">SAML V2.0 Core,Profiles and Bindings</a>
-	 * specifications.
-	 * <br>
+	 * The &quot;authentication flow&quot; is implemented using the <b>Web Browser SSO
+	 * Profile, using POST and REDIRECT bindings</b>, as documented in the
+	 * <a target="_blank" href="https://docs.oasis-open.org/security/saml/">SAML V2.0
+	 * Core,Profiles and Bindings</a> specifications. <br>
 	 * <br>
 	 *
-	 * As a prerequisite to using this feature, is that you have a SAML v2.0 Identity Provider to provide an assertion.
-	 * The representation of the Service Provider, the relying party, and the remote Identity Provider, the asserting party
-	 * is contained within {@link RelyingPartyRegistration}.
-	 * <br>
+	 * As a prerequisite to using this feature, is that you have a SAML v2.0 Identity
+	 * Provider to provide an assertion. The representation of the Service Provider, the
+	 * relying party, and the remote Identity Provider, the asserting party is contained
+	 * within {@link RelyingPartyRegistration}. <br>
 	 * <br>
 	 *
 	 * {@link RelyingPartyRegistration}(s) are composed within a
-	 * {@link RelyingPartyRegistrationRepository},
-	 * which is <b>required</b> and must be registered with the {@link ApplicationContext} or
-	 * configured via <code>saml2Login().relyingPartyRegistrationRepository(..)</code>.
-	 * <br>
+	 * {@link RelyingPartyRegistrationRepository}, which is <b>required</b> and must be
+	 * registered with the {@link ApplicationContext} or configured via
+	 * <code>saml2Login().relyingPartyRegistrationRepository(..)</code>. <br>
 	 * <br>
 	 *
-	 * The default configuration provides an auto-generated login page at <code>&quot;/login&quot;</code> and
-	 * redirects to <code>&quot;/login?error&quot;</code> when an authentication error occurs.
-	 * The login page will display each of the identity providers with a link
-	 * that is capable of initiating the &quot;authentication flow&quot;.
-	 * <br>
+	 * The default configuration provides an auto-generated login page at
+	 * <code>&quot;/login&quot;</code> and redirects to
+	 * <code>&quot;/login?error&quot;</code> when an authentication error occurs. The
+	 * login page will display each of the identity providers with a link that is capable
+	 * of initiating the &quot;authentication flow&quot;. <br>
 	 * <br>
 	 *
 	 * <p>
 	 * <h2>Example Configuration</h2>
 	 *
-	 * The following example shows the minimal configuration required, using SimpleSamlPhp as the Authentication Provider.
+	 * The following example shows the minimal configuration required, using SimpleSamlPhp
+	 * as the Authentication Provider.
 	 *
 	 * <pre>
 	 * &#064;Configuration
@@ -2054,53 +2027,57 @@ public final class HttpSecurity extends
 	 * <p>
 	 *
 	 * @since 5.2
-	 * @param saml2LoginCustomizer the {@link Customizer} to provide more options for
-	 * the {@link Saml2LoginConfigurer}
+	 * @param saml2LoginCustomizer the {@link Customizer} to provide more options for the
+	 * {@link Saml2LoginConfigurer}
 	 * @return the {@link HttpSecurity} for further customizations
 	 * @throws Exception
 	 */
-	public HttpSecurity saml2Login(Customizer<Saml2LoginConfigurer<HttpSecurity>> saml2LoginCustomizer) throws Exception {
+	public HttpSecurity saml2Login(Customizer<Saml2LoginConfigurer<HttpSecurity>> saml2LoginCustomizer)
+			throws Exception {
 		saml2LoginCustomizer.customize(getOrApply(new Saml2LoginConfigurer<>()));
 		return HttpSecurity.this;
 	}
 
 	/**
-	 * Configures authentication support using an OAuth 2.0 and/or OpenID Connect 1.0 Provider.
-	 * <br>
+	 * Configures authentication support using an OAuth 2.0 and/or OpenID Connect 1.0
+	 * Provider. <br>
 	 * <br>
 	 *
-	 * The &quot;authentication flow&quot; is implemented using the <b>Authorization Code Grant</b>, as specified in the
-	 * <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1">OAuth 2.0 Authorization Framework</a>
-	 * and <a target="_blank" href="https://openid.net/specs/openid-connect-core-1_0.html#CodeFlowAuth">OpenID Connect Core 1.0</a>
-	 * specification.
-	 * <br>
+	 * The &quot;authentication flow&quot; is implemented using the <b>Authorization Code
+	 * Grant</b>, as specified in the
+	 * <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1">OAuth 2.0
+	 * Authorization Framework</a> and <a target="_blank" href=
+	 * "https://openid.net/specs/openid-connect-core-1_0.html#CodeFlowAuth">OpenID Connect
+	 * Core 1.0</a> specification. <br>
 	 * <br>
 	 *
-	 * As a prerequisite to using this feature, you must register a client with a provider.
-	 * The client registration information may than be used for configuring
-	 * a {@link org.springframework.security.oauth2.client.registration.ClientRegistration} using a
+	 * As a prerequisite to using this feature, you must register a client with a
+	 * provider. The client registration information may than be used for configuring a
+	 * {@link org.springframework.security.oauth2.client.registration.ClientRegistration}
+	 * using a
 	 * {@link org.springframework.security.oauth2.client.registration.ClientRegistration.Builder}.
 	 * <br>
 	 * <br>
 	 *
-	 * {@link org.springframework.security.oauth2.client.registration.ClientRegistration}(s) are composed within a
+	 * {@link org.springframework.security.oauth2.client.registration.ClientRegistration}(s)
+	 * are composed within a
 	 * {@link org.springframework.security.oauth2.client.registration.ClientRegistrationRepository},
-	 * which is <b>required</b> and must be registered with the {@link ApplicationContext} or
-	 * configured via <code>oauth2Login().clientRegistrationRepository(..)</code>.
-	 * <br>
+	 * which is <b>required</b> and must be registered with the {@link ApplicationContext}
+	 * or configured via <code>oauth2Login().clientRegistrationRepository(..)</code>. <br>
 	 * <br>
 	 *
-	 * The default configuration provides an auto-generated login page at <code>&quot;/login&quot;</code> and
-	 * redirects to <code>&quot;/login?error&quot;</code> when an authentication error occurs.
-	 * The login page will display each of the clients with a link
-	 * that is capable of initiating the &quot;authentication flow&quot;.
-	 * <br>
+	 * The default configuration provides an auto-generated login page at
+	 * <code>&quot;/login&quot;</code> and redirects to
+	 * <code>&quot;/login?error&quot;</code> when an authentication error occurs. The
+	 * login page will display each of the clients with a link that is capable of
+	 * initiating the &quot;authentication flow&quot;. <br>
 	 * <br>
 	 *
 	 * <p>
 	 * <h2>Example Configuration</h2>
 	 *
-	 * The following example shows the minimal configuration required, using Google as the Authentication Provider.
+	 * The following example shows the minimal configuration required, using Google as the
+	 * Authentication Provider.
 	 *
 	 * <pre>
 	 * &#064;Configuration
@@ -2143,11 +2120,16 @@ public final class HttpSecurity extends
 	 * </pre>
 	 *
 	 * <p>
-	 * For more advanced configuration, see {@link OAuth2LoginConfigurer} for available options to customize the defaults.
+	 * For more advanced configuration, see {@link OAuth2LoginConfigurer} for available
+	 * options to customize the defaults.
 	 *
 	 * @since 5.0
-	 * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1">Section 4.1 Authorization Code Grant</a>
-	 * @see <a target="_blank" href="https://openid.net/specs/openid-connect-core-1_0.html#CodeFlowAuth">Section 3.1 Authorization Code Flow</a>
+	 * @see <a target="_blank" href=
+	 * "https://tools.ietf.org/html/rfc6749#section-4.1">Section 4.1 Authorization Code
+	 * Grant</a>
+	 * @see <a target="_blank" href=
+	 * "https://openid.net/specs/openid-connect-core-1_0.html#CodeFlowAuth">Section 3.1
+	 * Authorization Code Flow</a>
 	 * @see org.springframework.security.oauth2.client.registration.ClientRegistration
 	 * @see org.springframework.security.oauth2.client.registration.ClientRegistrationRepository
 	 * @return the {@link OAuth2LoginConfigurer} for further customizations
@@ -2158,42 +2140,45 @@ public final class HttpSecurity extends
 	}
 
 	/**
-	 * Configures authentication support using an OAuth 2.0 and/or OpenID Connect 1.0 Provider.
-	 * <br>
+	 * Configures authentication support using an OAuth 2.0 and/or OpenID Connect 1.0
+	 * Provider. <br>
 	 * <br>
 	 *
-	 * The &quot;authentication flow&quot; is implemented using the <b>Authorization Code Grant</b>, as specified in the
-	 * <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1">OAuth 2.0 Authorization Framework</a>
-	 * and <a target="_blank" href="https://openid.net/specs/openid-connect-core-1_0.html#CodeFlowAuth">OpenID Connect Core 1.0</a>
-	 * specification.
-	 * <br>
+	 * The &quot;authentication flow&quot; is implemented using the <b>Authorization Code
+	 * Grant</b>, as specified in the
+	 * <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1">OAuth 2.0
+	 * Authorization Framework</a> and <a target="_blank" href=
+	 * "https://openid.net/specs/openid-connect-core-1_0.html#CodeFlowAuth">OpenID Connect
+	 * Core 1.0</a> specification. <br>
 	 * <br>
 	 *
-	 * As a prerequisite to using this feature, you must register a client with a provider.
-	 * The client registration information may than be used for configuring
-	 * a {@link org.springframework.security.oauth2.client.registration.ClientRegistration} using a
+	 * As a prerequisite to using this feature, you must register a client with a
+	 * provider. The client registration information may than be used for configuring a
+	 * {@link org.springframework.security.oauth2.client.registration.ClientRegistration}
+	 * using a
 	 * {@link org.springframework.security.oauth2.client.registration.ClientRegistration.Builder}.
 	 * <br>
 	 * <br>
 	 *
-	 * {@link org.springframework.security.oauth2.client.registration.ClientRegistration}(s) are composed within a
+	 * {@link org.springframework.security.oauth2.client.registration.ClientRegistration}(s)
+	 * are composed within a
 	 * {@link org.springframework.security.oauth2.client.registration.ClientRegistrationRepository},
-	 * which is <b>required</b> and must be registered with the {@link ApplicationContext} or
-	 * configured via <code>oauth2Login().clientRegistrationRepository(..)</code>.
-	 * <br>
+	 * which is <b>required</b> and must be registered with the {@link ApplicationContext}
+	 * or configured via <code>oauth2Login().clientRegistrationRepository(..)</code>. <br>
 	 * <br>
 	 *
-	 * The default configuration provides an auto-generated login page at <code>&quot;/login&quot;</code> and
-	 * redirects to <code>&quot;/login?error&quot;</code> when an authentication error occurs.
-	 * The login page will display each of the clients with a link
-	 * that is capable of initiating the &quot;authentication flow&quot;.
-	 * <br>
+	 * The default configuration provides an auto-generated login page at
+	 * <code>&quot;/login&quot;</code> and redirects to
+	 * <code>&quot;/login?error&quot;</code> when an authentication error occurs. The
+	 * login page will display each of the clients with a link that is capable of
+	 * initiating the &quot;authentication flow&quot;. <br>
 	 * <br>
 	 *
 	 * <p>
 	 * <h2>Example Configuration</h2>
 	 *
-	 * The following example shows the minimal configuration required, using Google as the Authentication Provider.
+	 * The following example shows the minimal configuration required, using Google as the
+	 * Authentication Provider.
 	 *
 	 * <pre>
 	 * &#064;Configuration
@@ -2237,19 +2222,24 @@ public final class HttpSecurity extends
 	 * </pre>
 	 *
 	 * <p>
-	 * For more advanced configuration, see {@link OAuth2LoginConfigurer} for available options to customize the defaults.
+	 * For more advanced configuration, see {@link OAuth2LoginConfigurer} for available
+	 * options to customize the defaults.
 	 *
-	 * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1">Section 4.1 Authorization Code Grant</a>
-	 * @see <a target="_blank" href="https://openid.net/specs/openid-connect-core-1_0.html#CodeFlowAuth">Section 3.1 Authorization Code Flow</a>
+	 * @see <a target="_blank" href=
+	 * "https://tools.ietf.org/html/rfc6749#section-4.1">Section 4.1 Authorization Code
+	 * Grant</a>
+	 * @see <a target="_blank" href=
+	 * "https://openid.net/specs/openid-connect-core-1_0.html#CodeFlowAuth">Section 3.1
+	 * Authorization Code Flow</a>
 	 * @see org.springframework.security.oauth2.client.registration.ClientRegistration
 	 * @see org.springframework.security.oauth2.client.registration.ClientRegistrationRepository
-	 *
-	 * @param oauth2LoginCustomizer the {@link Customizer} to provide more options for
-	 * the {@link OAuth2LoginConfigurer}
+	 * @param oauth2LoginCustomizer the {@link Customizer} to provide more options for the
+	 * {@link OAuth2LoginConfigurer}
 	 * @return the {@link HttpSecurity} for further customizations
 	 * @throws Exception
 	 */
-	public HttpSecurity oauth2Login(Customizer<OAuth2LoginConfigurer<HttpSecurity>> oauth2LoginCustomizer) throws Exception {
+	public HttpSecurity oauth2Login(Customizer<OAuth2LoginConfigurer<HttpSecurity>> oauth2LoginCustomizer)
+			throws Exception {
 		oauth2LoginCustomizer.customize(getOrApply(new OAuth2LoginConfigurer<>()));
 		return HttpSecurity.this;
 	}
@@ -2258,7 +2248,9 @@ public final class HttpSecurity extends
 	 * Configures OAuth 2.0 Client support.
 	 *
 	 * @since 5.1
-	 * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-1.1">OAuth 2.0 Authorization Framework</a>
+	 * @see <a target="_blank" href=
+	 * "https://tools.ietf.org/html/rfc6749#section-1.1">OAuth 2.0 Authorization
+	 * Framework</a>
 	 * @return the {@link OAuth2ClientConfigurer} for further customizations
 	 * @throws Exception
 	 */
@@ -2273,7 +2265,8 @@ public final class HttpSecurity extends
 	 *
 	 * <h2>Example Configuration</h2>
 	 *
-	 * The following example demonstrates how to enable OAuth 2.0 Client support for all endpoints.
+	 * The following example demonstrates how to enable OAuth 2.0 Client support for all
+	 * endpoints.
 	 *
 	 * <pre>
 	 * &#064;Configuration
@@ -2291,14 +2284,16 @@ public final class HttpSecurity extends
 	 * }
 	 * </pre>
 	 *
-	 * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-1.1">OAuth 2.0 Authorization Framework</a>
-	 *
+	 * @see <a target="_blank" href=
+	 * "https://tools.ietf.org/html/rfc6749#section-1.1">OAuth 2.0 Authorization
+	 * Framework</a>
 	 * @param oauth2ClientCustomizer the {@link Customizer} to provide more options for
 	 * the {@link OAuth2ClientConfigurer}
 	 * @return the {@link HttpSecurity} for further customizations
 	 * @throws Exception
 	 */
-	public HttpSecurity oauth2Client(Customizer<OAuth2ClientConfigurer<HttpSecurity>> oauth2ClientCustomizer) throws Exception {
+	public HttpSecurity oauth2Client(Customizer<OAuth2ClientConfigurer<HttpSecurity>> oauth2ClientCustomizer)
+			throws Exception {
 		oauth2ClientCustomizer.customize(getOrApply(new OAuth2ClientConfigurer<>()));
 		return HttpSecurity.this;
 	}
@@ -2307,12 +2302,15 @@ public final class HttpSecurity extends
 	 * Configures OAuth 2.0 Resource Server support.
 	 *
 	 * @since 5.1
-	 * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-1.1">OAuth 2.0 Authorization Framework</a>
+	 * @see <a target="_blank" href=
+	 * "https://tools.ietf.org/html/rfc6749#section-1.1">OAuth 2.0 Authorization
+	 * Framework</a>
 	 * @return the {@link OAuth2ResourceServerConfigurer} for further customizations
 	 * @throws Exception
 	 */
 	public OAuth2ResourceServerConfigurer<HttpSecurity> oauth2ResourceServer() throws Exception {
-		OAuth2ResourceServerConfigurer<HttpSecurity> configurer = getOrApply(new OAuth2ResourceServerConfigurer<>(getContext()));
+		OAuth2ResourceServerConfigurer<HttpSecurity> configurer = getOrApply(
+				new OAuth2ResourceServerConfigurer<>(getContext()));
 		this.postProcess(configurer);
 		return configurer;
 	}
@@ -2322,7 +2320,8 @@ public final class HttpSecurity extends
 	 *
 	 * <h2>Example Configuration</h2>
 	 *
-	 * The following example demonstrates how to configure a custom JWT authentication converter.
+	 * The following example demonstrates how to configure a custom JWT authentication
+	 * converter.
 	 *
 	 * <pre>
 	 * &#064;Configuration
@@ -2355,16 +2354,18 @@ public final class HttpSecurity extends
 	 * }
 	 * </pre>
 	 *
-	 * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-1.1">OAuth 2.0 Authorization Framework</a>
-	 *
-	 * @param oauth2ResourceServerCustomizer the {@link Customizer} to provide more options for
-	 * the {@link OAuth2ResourceServerConfigurer}
+	 * @see <a target="_blank" href=
+	 * "https://tools.ietf.org/html/rfc6749#section-1.1">OAuth 2.0 Authorization
+	 * Framework</a>
+	 * @param oauth2ResourceServerCustomizer the {@link Customizer} to provide more
+	 * options for the {@link OAuth2ResourceServerConfigurer}
 	 * @return the {@link HttpSecurity} for further customizations
 	 * @throws Exception
 	 */
-	public HttpSecurity oauth2ResourceServer(Customizer<OAuth2ResourceServerConfigurer<HttpSecurity>> oauth2ResourceServerCustomizer)
-			throws Exception {
-		OAuth2ResourceServerConfigurer<HttpSecurity> configurer = getOrApply(new OAuth2ResourceServerConfigurer<>(getContext()));
+	public HttpSecurity oauth2ResourceServer(
+			Customizer<OAuth2ResourceServerConfigurer<HttpSecurity>> oauth2ResourceServerCustomizer) throws Exception {
+		OAuth2ResourceServerConfigurer<HttpSecurity> configurer = getOrApply(
+				new OAuth2ResourceServerConfigurer<>(getContext()));
 		this.postProcess(configurer);
 		oauth2ResourceServerCustomizer.customize(configurer);
 		return HttpSecurity.this;
@@ -2379,8 +2380,8 @@ public final class HttpSecurity extends
 	 * The example below demonstrates how to require HTTPs for every request. Only
 	 * requiring HTTPS for some requests is supported, but not recommended since an
 	 * application that allows for HTTP introduces many security vulnerabilities. For one
-	 * such example, read about <a
-	 * href="https://en.wikipedia.org/wiki/Firesheep">Firesheep</a>.
+	 * such example, read about
+	 * <a href="https://en.wikipedia.org/wiki/Firesheep">Firesheep</a>.
 	 *
 	 * <pre>
 	 * &#064;Configuration
@@ -2399,16 +2400,12 @@ public final class HttpSecurity extends
 	 * 	}
 	 * }
 	 * </pre>
-	 *
-	 *
 	 * @return the {@link ChannelSecurityConfigurer} for further customizations
 	 * @throws Exception
 	 */
-	public ChannelSecurityConfigurer<HttpSecurity>.ChannelRequestMatcherRegistry requiresChannel()
-			throws Exception {
+	public ChannelSecurityConfigurer<HttpSecurity>.ChannelRequestMatcherRegistry requiresChannel() throws Exception {
 		ApplicationContext context = getContext();
-		return getOrApply(new ChannelSecurityConfigurer<>(context))
-				.getRegistry();
+		return getOrApply(new ChannelSecurityConfigurer<>(context)).getRegistry();
 	}
 
 	/**
@@ -2420,8 +2417,8 @@ public final class HttpSecurity extends
 	 * The example below demonstrates how to require HTTPs for every request. Only
 	 * requiring HTTPS for some requests is supported, but not recommended since an
 	 * application that allows for HTTP introduces many security vulnerabilities. For one
-	 * such example, read about <a
-	 * href="https://en.wikipedia.org/wiki/Firesheep">Firesheep</a>.
+	 * such example, read about
+	 * <a href="https://en.wikipedia.org/wiki/Firesheep">Firesheep</a>.
 	 *
 	 * <pre>
 	 * &#064;Configuration
@@ -2443,17 +2440,16 @@ public final class HttpSecurity extends
 	 * 	}
 	 * }
 	 * </pre>
-	 *
 	 * @param requiresChannelCustomizer the {@link Customizer} to provide more options for
 	 * the {@link ChannelSecurityConfigurer.ChannelRequestMatcherRegistry}
 	 * @return the {@link HttpSecurity} for further customizations
 	 * @throws Exception
 	 */
-	public HttpSecurity requiresChannel(Customizer<ChannelSecurityConfigurer<HttpSecurity>.ChannelRequestMatcherRegistry> requiresChannelCustomizer)
+	public HttpSecurity requiresChannel(
+			Customizer<ChannelSecurityConfigurer<HttpSecurity>.ChannelRequestMatcherRegistry> requiresChannelCustomizer)
 			throws Exception {
 		ApplicationContext context = getContext();
-		requiresChannelCustomizer.customize(getOrApply(new ChannelSecurityConfigurer<>(context))
-				.getRegistry());
+		requiresChannelCustomizer.customize(getOrApply(new ChannelSecurityConfigurer<>(context)).getRegistry());
 		return HttpSecurity.this;
 	}
 
@@ -2463,8 +2459,8 @@ public final class HttpSecurity extends
 	 * <h2>Example Configuration</h2>
 	 *
 	 * The example below demonstrates how to configure HTTP Basic authentication for an
-	 * application. The default realm is "Realm", but can be
-	 * customized using {@link HttpBasicConfigurer#realmName(String)}.
+	 * application. The default realm is "Realm", but can be customized using
+	 * {@link HttpBasicConfigurer#realmName(String)}.
 	 *
 	 * <pre>
 	 * &#064;Configuration
@@ -2482,7 +2478,6 @@ public final class HttpSecurity extends
 	 * 	}
 	 * }
 	 * </pre>
-	 *
 	 * @return the {@link HttpBasicConfigurer} for further customizations
 	 * @throws Exception
 	 */
@@ -2496,8 +2491,8 @@ public final class HttpSecurity extends
 	 * <h2>Example Configuration</h2>
 	 *
 	 * The example below demonstrates how to configure HTTP Basic authentication for an
-	 * application. The default realm is "Realm", but can be
-	 * customized using {@link HttpBasicConfigurer#realmName(String)}.
+	 * application. The default realm is "Realm", but can be customized using
+	 * {@link HttpBasicConfigurer#realmName(String)}.
 	 *
 	 * <pre>
 	 * &#064;Configuration
@@ -2515,9 +2510,8 @@ public final class HttpSecurity extends
 	 * 	}
 	 * }
 	 * </pre>
-	 *
-	 * @param httpBasicCustomizer the {@link Customizer} to provide more options for
-	 * the {@link HttpBasicConfigurer}
+	 * @param httpBasicCustomizer the {@link Customizer} to provide more options for the
+	 * {@link HttpBasicConfigurer}
 	 * @return the {@link HttpSecurity} for further customizations
 	 * @throws Exception
 	 */
@@ -2544,12 +2538,11 @@ public final class HttpSecurity extends
 	/*
 	 * (non-Javadoc)
 	 *
-	 * @see
-	 * org.springframework.security.config.annotation.web.HttpSecurityBuilder#authenticationProvider
+	 * @see org.springframework.security.config.annotation.web.HttpSecurityBuilder#
+	 * authenticationProvider
 	 * (org.springframework.security.authentication.AuthenticationProvider)
 	 */
-	public HttpSecurity authenticationProvider(
-			AuthenticationProvider authenticationProvider) {
+	public HttpSecurity authenticationProvider(AuthenticationProvider authenticationProvider) {
 		getAuthenticationRegistry().authenticationProvider(authenticationProvider);
 		return this;
 	}
@@ -2557,12 +2550,11 @@ public final class HttpSecurity extends
 	/*
 	 * (non-Javadoc)
 	 *
-	 * @see
-	 * org.springframework.security.config.annotation.web.HttpSecurityBuilder#userDetailsService
+	 * @see org.springframework.security.config.annotation.web.HttpSecurityBuilder#
+	 * userDetailsService
 	 * (org.springframework.security.core.userdetails.UserDetailsService)
 	 */
-	public HttpSecurity userDetailsService(UserDetailsService userDetailsService)
-			throws Exception {
+	public HttpSecurity userDetailsService(UserDetailsService userDetailsService) throws Exception {
 		getAuthenticationRegistry().userDetailsService(userDetailsService);
 		return this;
 	}
@@ -2574,9 +2566,8 @@ public final class HttpSecurity extends
 	/*
 	 * (non-Javadoc)
 	 *
-	 * @see
-	 * org.springframework.security.config.annotation.web.HttpSecurityBuilder#addFilterAfter(javax
-	 * .servlet.Filter, java.lang.Class)
+	 * @see org.springframework.security.config.annotation.web.HttpSecurityBuilder#
+	 * addFilterAfter(javax .servlet.Filter, java.lang.Class)
 	 */
 	public HttpSecurity addFilterAfter(Filter filter, Class<? extends Filter> afterFilter) {
 		comparator.registerAfter(filter.getClass(), afterFilter);
@@ -2586,12 +2577,10 @@ public final class HttpSecurity extends
 	/*
 	 * (non-Javadoc)
 	 *
-	 * @see
-	 * org.springframework.security.config.annotation.web.HttpSecurityBuilder#addFilterBefore(
-	 * javax.servlet.Filter, java.lang.Class)
+	 * @see org.springframework.security.config.annotation.web.HttpSecurityBuilder#
+	 * addFilterBefore( javax.servlet.Filter, java.lang.Class)
 	 */
-	public HttpSecurity addFilterBefore(Filter filter,
-			Class<? extends Filter> beforeFilter) {
+	public HttpSecurity addFilterBefore(Filter filter, Class<? extends Filter> beforeFilter) {
 		comparator.registerBefore(filter.getClass(), beforeFilter);
 		return addFilter(filter);
 	}
@@ -2600,16 +2589,14 @@ public final class HttpSecurity extends
 	 * (non-Javadoc)
 	 *
 	 * @see
-	 * org.springframework.security.config.annotation.web.HttpSecurityBuilder#addFilter(javax.
-	 * servlet.Filter)
+	 * org.springframework.security.config.annotation.web.HttpSecurityBuilder#addFilter(
+	 * javax. servlet.Filter)
 	 */
 	public HttpSecurity addFilter(Filter filter) {
 		Class<? extends Filter> filterClass = filter.getClass();
 		if (!comparator.isRegistered(filterClass)) {
-			throw new IllegalArgumentException(
-					"The Filter class "
-							+ filterClass.getName()
-							+ " does not have a registered order and cannot be added without a specified order. Consider using addFilterBefore or addFilterAfter instead.");
+			throw new IllegalArgumentException("The Filter class " + filterClass.getName()
+					+ " does not have a registered order and cannot be added without a specified order. Consider using addFilterBefore or addFilterAfter instead.");
 		}
 		this.filters.add(filter);
 		return this;
@@ -2628,7 +2615,6 @@ public final class HttpSecurity extends
 	 * deterministic. More concretely, registering multiple Filters in the same location
 	 * does not override existing Filters. Instead, do not register Filters you do not
 	 * want to use.
-	 *
 	 * @param filter the Filter to register
 	 * @param atFilter the location of another {@link Filter} that is already registered
 	 * (i.e. known) with Spring Security.
@@ -2643,14 +2629,15 @@ public final class HttpSecurity extends
 	 * Allows specifying which {@link HttpServletRequest} instances this
 	 * {@link HttpSecurity} will be invoked on. This method allows for easily invoking the
 	 * {@link HttpSecurity} for multiple different {@link RequestMatcher} instances. If
-	 * only a single {@link RequestMatcher} is necessary consider using {@link #mvcMatcher(String)},
-	 * {@link #antMatcher(String)}, {@link #regexMatcher(String)}, or
-	 * {@link #requestMatcher(RequestMatcher)}.
+	 * only a single {@link RequestMatcher} is necessary consider using
+	 * {@link #mvcMatcher(String)}, {@link #antMatcher(String)},
+	 * {@link #regexMatcher(String)}, or {@link #requestMatcher(RequestMatcher)}.
 	 *
 	 * <p>
-	 * Invoking {@link #requestMatchers()} will not override previous invocations of {@link #mvcMatcher(String)}},
-	 * {@link #requestMatchers()}, {@link #antMatcher(String)},
-	 * {@link #regexMatcher(String)}, and {@link #requestMatcher(RequestMatcher)}.
+	 * Invoking {@link #requestMatchers()} will not override previous invocations of
+	 * {@link #mvcMatcher(String)}}, {@link #requestMatchers()},
+	 * {@link #antMatcher(String)}, {@link #regexMatcher(String)}, and
+	 * {@link #requestMatcher(RequestMatcher)}.
 	 * </p>
 	 *
 	 * <h3>Example Configurations</h3>
@@ -2743,7 +2730,6 @@ public final class HttpSecurity extends
 	 * 	}
 	 * }
 	 * </pre>
-	 *
 	 * @return the {@link RequestMatcherConfigurer} for further customizations
 	 */
 	public RequestMatcherConfigurer requestMatchers() {
@@ -2754,14 +2740,15 @@ public final class HttpSecurity extends
 	 * Allows specifying which {@link HttpServletRequest} instances this
 	 * {@link HttpSecurity} will be invoked on. This method allows for easily invoking the
 	 * {@link HttpSecurity} for multiple different {@link RequestMatcher} instances. If
-	 * only a single {@link RequestMatcher} is necessary consider using {@link #mvcMatcher(String)},
-	 * {@link #antMatcher(String)}, {@link #regexMatcher(String)}, or
-	 * {@link #requestMatcher(RequestMatcher)}.
+	 * only a single {@link RequestMatcher} is necessary consider using
+	 * {@link #mvcMatcher(String)}, {@link #antMatcher(String)},
+	 * {@link #regexMatcher(String)}, or {@link #requestMatcher(RequestMatcher)}.
 	 *
 	 * <p>
-	 * Invoking {@link #requestMatchers()} will not override previous invocations of {@link #mvcMatcher(String)}},
-	 * {@link #requestMatchers()}, {@link #antMatcher(String)},
-	 * {@link #regexMatcher(String)}, and {@link #requestMatcher(RequestMatcher)}.
+	 * Invoking {@link #requestMatchers()} will not override previous invocations of
+	 * {@link #mvcMatcher(String)}}, {@link #requestMatchers()},
+	 * {@link #antMatcher(String)}, {@link #regexMatcher(String)}, and
+	 * {@link #requestMatcher(RequestMatcher)}.
 	 * </p>
 	 *
 	 * <h3>Example Configurations</h3>
@@ -2840,7 +2827,6 @@ public final class HttpSecurity extends
 	 * 	}
 	 * }
 	 * </pre>
-	 *
 	 * @param requestMatcherCustomizer the {@link Customizer} to provide more options for
 	 * the {@link RequestMatcherConfigurer}
 	 * @return the {@link HttpSecurity} for further customizations
@@ -2857,10 +2843,10 @@ public final class HttpSecurity extends
 	 *
 	 * <p>
 	 * Invoking {@link #requestMatcher(RequestMatcher)} will override previous invocations
-	 * of {@link #requestMatchers()}, {@link #mvcMatcher(String)}, {@link #antMatcher(String)},
-	 * {@link #regexMatcher(String)}, and {@link #requestMatcher(RequestMatcher)}.
+	 * of {@link #requestMatchers()}, {@link #mvcMatcher(String)},
+	 * {@link #antMatcher(String)}, {@link #regexMatcher(String)}, and
+	 * {@link #requestMatcher(RequestMatcher)}.
 	 * </p>
-	 *
 	 * @param requestMatcher the {@link RequestMatcher} to use (i.e. new
 	 * AntPathRequestMatcher("/admin/**","GET") )
 	 * @return the {@link HttpSecurity} for further customizations
@@ -2879,11 +2865,11 @@ public final class HttpSecurity extends
 	 * {@link #requestMatchers()} or {@link #requestMatcher(RequestMatcher)}.
 	 *
 	 * <p>
-	 * Invoking {@link #antMatcher(String)} will override previous invocations of {@link #mvcMatcher(String)}},
-	 * {@link #requestMatchers()}, {@link #antMatcher(String)},
-	 * {@link #regexMatcher(String)}, and {@link #requestMatcher(RequestMatcher)}.
+	 * Invoking {@link #antMatcher(String)} will override previous invocations of
+	 * {@link #mvcMatcher(String)}}, {@link #requestMatchers()},
+	 * {@link #antMatcher(String)}, {@link #regexMatcher(String)}, and
+	 * {@link #requestMatcher(RequestMatcher)}.
 	 * </p>
-	 *
 	 * @param antPattern the Ant Pattern to match on (i.e. "/admin/**")
 	 * @return the {@link HttpSecurity} for further customizations
 	 * @see AntPathRequestMatcher
@@ -2894,15 +2880,15 @@ public final class HttpSecurity extends
 
 	/**
 	 * Allows configuring the {@link HttpSecurity} to only be invoked when matching the
-	 * provided Spring MVC pattern. If more advanced configuration is necessary, consider using
-	 * {@link #requestMatchers()} or {@link #requestMatcher(RequestMatcher)}.
+	 * provided Spring MVC pattern. If more advanced configuration is necessary, consider
+	 * using {@link #requestMatchers()} or {@link #requestMatcher(RequestMatcher)}.
 	 *
 	 * <p>
-	 * Invoking {@link #mvcMatcher(String)} will override previous invocations of {@link #mvcMatcher(String)}},
-	 * {@link #requestMatchers()}, {@link #antMatcher(String)},
-	 * {@link #regexMatcher(String)}, and {@link #requestMatcher(RequestMatcher)}.
+	 * Invoking {@link #mvcMatcher(String)} will override previous invocations of
+	 * {@link #mvcMatcher(String)}}, {@link #requestMatchers()},
+	 * {@link #antMatcher(String)}, {@link #regexMatcher(String)}, and
+	 * {@link #requestMatcher(RequestMatcher)}.
 	 * </p>
-	 *
 	 * @param mvcPattern the Spring MVC Pattern to match on (i.e. "/admin/**")
 	 * @return the {@link HttpSecurity} for further customizations
 	 * @see MvcRequestMatcher
@@ -2918,11 +2904,11 @@ public final class HttpSecurity extends
 	 * {@link #requestMatchers()} or {@link #requestMatcher(RequestMatcher)}.
 	 *
 	 * <p>
-	 * Invoking {@link #regexMatcher(String)} will override previous invocations of {@link #mvcMatcher(String)}},
-	 * {@link #requestMatchers()}, {@link #antMatcher(String)},
-	 * {@link #regexMatcher(String)}, and {@link #requestMatcher(RequestMatcher)}.
+	 * Invoking {@link #regexMatcher(String)} will override previous invocations of
+	 * {@link #mvcMatcher(String)}}, {@link #requestMatchers()},
+	 * {@link #antMatcher(String)}, {@link #regexMatcher(String)}, and
+	 * {@link #requestMatcher(RequestMatcher)}.
 	 * </p>
-	 *
 	 * @param pattern the Regular Expression to match on (i.e. "/admin/.+")
 	 * @return the {@link HttpSecurity} for further customizations
 	 * @see RegexRequestMatcher
@@ -2945,8 +2931,7 @@ public final class HttpSecurity extends
 		 * @param matchers the {@link MvcRequestMatcher} instances to set the servlet path
 		 * on if {@link #servletPath(String)} is set.
 		 */
-		private MvcMatchersRequestMatcherConfigurer(ApplicationContext context,
-				List<MvcRequestMatcher> matchers) {
+		private MvcMatchersRequestMatcherConfigurer(ApplicationContext context, List<MvcRequestMatcher> matchers) {
 			super(context);
 			this.matchers = new ArrayList<>(matchers);
 		}
@@ -2966,8 +2951,7 @@ public final class HttpSecurity extends
 	 * @author Rob Winch
 	 * @since 3.2
 	 */
-	public class RequestMatcherConfigurer
-			extends AbstractRequestMatcherRegistry<RequestMatcherConfigurer> {
+	public class RequestMatcherConfigurer extends AbstractRequestMatcherRegistry<RequestMatcherConfigurer> {
 
 		protected List<RequestMatcher> matchers = new ArrayList<>();
 
@@ -2979,8 +2963,7 @@ public final class HttpSecurity extends
 		}
 
 		@Override
-		public MvcMatchersRequestMatcherConfigurer mvcMatchers(HttpMethod method,
-				String... mvcPatterns) {
+		public MvcMatchersRequestMatcherConfigurer mvcMatchers(HttpMethod method, String... mvcPatterns) {
 			List<MvcRequestMatcher> mvcMatchers = createMvcMatchers(method, mvcPatterns);
 			setMatchers(mvcMatchers);
 			return new MvcMatchersRequestMatcherConfigurer(getContext(), mvcMatchers);
@@ -2992,8 +2975,7 @@ public final class HttpSecurity extends
 		}
 
 		@Override
-		protected RequestMatcherConfigurer chainRequestMatchers(
-				List<RequestMatcher> requestMatchers) {
+		protected RequestMatcherConfigurer chainRequestMatchers(List<RequestMatcher> requestMatchers) {
 			setMatchers(requestMatchers);
 			return this;
 		}
@@ -3005,7 +2987,6 @@ public final class HttpSecurity extends
 
 		/**
 		 * Return the {@link HttpSecurity} for further customizations
-		 *
 		 * @return the {@link HttpSecurity} for further customizations
 		 */
 		public HttpSecurity and() {
@@ -3017,19 +2998,19 @@ public final class HttpSecurity extends
 	/**
 	 * If the {@link SecurityConfigurer} has already been specified get the original,
 	 * otherwise apply the new {@link SecurityConfigurerAdapter}.
-	 *
 	 * @param configurer the {@link SecurityConfigurer} to apply if one is not found for
 	 * this {@link SecurityConfigurer} class.
 	 * @return the current {@link SecurityConfigurer} for the configurer passed in
 	 * @throws Exception
 	 */
 	@SuppressWarnings("unchecked")
-	private <C extends SecurityConfigurerAdapter<DefaultSecurityFilterChain, HttpSecurity>> C getOrApply(
-			C configurer) throws Exception {
+	private <C extends SecurityConfigurerAdapter<DefaultSecurityFilterChain, HttpSecurity>> C getOrApply(C configurer)
+			throws Exception {
 		C existingConfig = (C) getConfigurer(configurer.getClass());
 		if (existingConfig != null) {
 			return existingConfig;
 		}
 		return apply(configurer);
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/builders/WebSecurity.java b/config/src/main/java/org/springframework/security/config/annotation/web/builders/WebSecurity.java
index 251556fcaf..1adc9465ec 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/builders/WebSecurity.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/builders/WebSecurity.java
@@ -74,14 +74,13 @@ import org.springframework.web.filter.DelegatingFilterProxy;
  *
  * @see EnableWebSecurity
  * @see WebSecurityConfiguration
- *
  * @author Rob Winch
  * @author Evgeniy Cheban
  * @since 3.2
  */
-public final class WebSecurity extends
-		AbstractConfiguredSecurityBuilder<Filter, WebSecurity> implements
-		SecurityBuilder<Filter>, ApplicationContextAware {
+public final class WebSecurity extends AbstractConfiguredSecurityBuilder<Filter, WebSecurity>
+		implements SecurityBuilder<Filter>, ApplicationContextAware {
+
 	private final Log logger = LogFactory.getLog(getClass());
 
 	private final List<RequestMatcher> ignoredRequests = new ArrayList<>();
@@ -118,12 +117,11 @@ public final class WebSecurity extends
 
 	/**
 	 * <p>
-	 * Allows adding {@link RequestMatcher} instances that Spring Security
-	 * should ignore. Web Security provided by Spring Security (including the
-	 * {@link SecurityContext}) will not be available on {@link HttpServletRequest} that
-	 * match. Typically the requests that are registered should be that of only static
-	 * resources. For requests that are dynamic, consider mapping the request to allow all
-	 * users instead.
+	 * Allows adding {@link RequestMatcher} instances that Spring Security should ignore.
+	 * Web Security provided by Spring Security (including the {@link SecurityContext})
+	 * will not be available on {@link HttpServletRequest} that match. Typically the
+	 * requests that are registered should be that of only static resources. For requests
+	 * that are dynamic, consider mapping the request to allow all users instead.
 	 * </p>
 	 *
 	 * Example Usage:
@@ -154,7 +152,6 @@ public final class WebSecurity extends
 	 * 		.antMatchers(&quot;/static/**&quot;);
 	 * // now both URLs that start with /resources/ and /static/ will be ignored
 	 * </pre>
-	 *
 	 * @return the {@link IgnoredRequestConfigurer} to use for registering request that
 	 * should be ignored
 	 */
@@ -165,7 +162,6 @@ public final class WebSecurity extends
 	/**
 	 * Allows customizing the {@link HttpFirewall}. The default is
 	 * {@link StrictHttpFirewall}.
-	 *
 	 * @param httpFirewall the custom {@link HttpFirewall}
 	 * @return the {@link WebSecurity} for further customizations
 	 */
@@ -176,10 +172,8 @@ public final class WebSecurity extends
 
 	/**
 	 * Controls debugging support for Spring Security.
-	 *
 	 * @param debugEnabled if true, enables debug support with Spring Security. Default is
 	 * false.
-	 *
 	 * @return the {@link WebSecurity} for further customization.
 	 * @see EnableWebSecurity#debug()
 	 */
@@ -197,7 +191,6 @@ public final class WebSecurity extends
 	 * Typically this method is invoked automatically within the framework from
 	 * {@link WebSecurityConfigurerAdapter#init(WebSecurity)}
 	 * </p>
-	 *
 	 * @param securityFilterChainBuilder the builder to use to create the
 	 * {@link SecurityFilterChain} instances
 	 * @return the {@link WebSecurity} for further customizations
@@ -209,15 +202,13 @@ public final class WebSecurity extends
 	}
 
 	/**
-	 * Set the {@link WebInvocationPrivilegeEvaluator} to be used. If this is not specified,
-	 * then a {@link DefaultWebInvocationPrivilegeEvaluator} will be created when
-	 * {@link #securityInterceptor(FilterSecurityInterceptor)} is non null.
-	 *
+	 * Set the {@link WebInvocationPrivilegeEvaluator} to be used. If this is not
+	 * specified, then a {@link DefaultWebInvocationPrivilegeEvaluator} will be created
+	 * when {@link #securityInterceptor(FilterSecurityInterceptor)} is non null.
 	 * @param privilegeEvaluator the {@link WebInvocationPrivilegeEvaluator} to use
 	 * @return the {@link WebSecurity} for further customizations
 	 */
-	public WebSecurity privilegeEvaluator(
-			WebInvocationPrivilegeEvaluator privilegeEvaluator) {
+	public WebSecurity privilegeEvaluator(WebInvocationPrivilegeEvaluator privilegeEvaluator) {
 		this.privilegeEvaluator = privilegeEvaluator;
 		return this;
 	}
@@ -225,12 +216,10 @@ public final class WebSecurity extends
 	/**
 	 * Set the {@link SecurityExpressionHandler} to be used. If this is not specified,
 	 * then a {@link DefaultWebSecurityExpressionHandler} will be used.
-	 *
 	 * @param expressionHandler the {@link SecurityExpressionHandler} to use
 	 * @return the {@link WebSecurity} for further customizations
 	 */
-	public WebSecurity expressionHandler(
-			SecurityExpressionHandler<FilterInvocation> expressionHandler) {
+	public WebSecurity expressionHandler(SecurityExpressionHandler<FilterInvocation> expressionHandler) {
 		Assert.notNull(expressionHandler, "expressionHandler cannot be null");
 		this.expressionHandler = expressionHandler;
 		return this;
@@ -269,7 +258,6 @@ public final class WebSecurity extends
 
 	/**
 	 * Executes the Runnable immediately after the build takes place
-	 *
 	 * @param postBuildAction
 	 * @return the {@link WebSecurity} for further customizations
 	 */
@@ -280,17 +268,14 @@ public final class WebSecurity extends
 
 	@Override
 	protected Filter performBuild() throws Exception {
-		Assert.state(
-				!securityFilterChainBuilders.isEmpty(),
+		Assert.state(!securityFilterChainBuilders.isEmpty(),
 				() -> "At least one SecurityBuilder<? extends SecurityFilterChain> needs to be specified. "
 						+ "Typically this is done by exposing a SecurityFilterChain bean "
 						+ "or by adding a @Configuration that extends WebSecurityConfigurerAdapter. "
-						+ "More advanced users can invoke "
-						+ WebSecurity.class.getSimpleName()
+						+ "More advanced users can invoke " + WebSecurity.class.getSimpleName()
 						+ ".addSecurityFilterChainBuilder directly");
 		int chainSize = ignoredRequests.size() + securityFilterChainBuilders.size();
-		List<SecurityFilterChain> securityFilterChains = new ArrayList<>(
-				chainSize);
+		List<SecurityFilterChain> securityFilterChains = new ArrayList<>(chainSize);
 		for (RequestMatcher ignoredRequest : ignoredRequests) {
 			securityFilterChains.add(new DefaultSecurityFilterChain(ignoredRequest));
 		}
@@ -308,8 +293,7 @@ public final class WebSecurity extends
 
 		Filter result = filterChainProxy;
 		if (debugEnabled) {
-			logger.warn("\n\n"
-					+ "********************************************************************\n"
+			logger.warn("\n\n" + "********************************************************************\n"
 					+ "**********        Security debugging is enabled.       *************\n"
 					+ "**********    This may include sensitive information.  *************\n"
 					+ "**********      Do not use in a production system!     *************\n"
@@ -326,12 +310,11 @@ public final class WebSecurity extends
 	 *
 	 * @author Rob Winch
 	 */
-	public final class MvcMatchersIgnoredRequestConfigurer
-			extends IgnoredRequestConfigurer {
+	public final class MvcMatchersIgnoredRequestConfigurer extends IgnoredRequestConfigurer {
+
 		private final List<MvcRequestMatcher> mvcMatchers;
 
-		private MvcMatchersIgnoredRequestConfigurer(ApplicationContext context,
-				List<MvcRequestMatcher> mvcMatchers) {
+		private MvcMatchersIgnoredRequestConfigurer(ApplicationContext context, List<MvcRequestMatcher> mvcMatchers) {
 			super(context);
 			this.mvcMatchers = mvcMatchers;
 		}
@@ -342,6 +325,7 @@ public final class WebSecurity extends
 			}
 			return this;
 		}
+
 	}
 
 	/**
@@ -351,20 +335,17 @@ public final class WebSecurity extends
 	 * @author Rob Winch
 	 * @since 3.2
 	 */
-	public class IgnoredRequestConfigurer
-			extends AbstractRequestMatcherRegistry<IgnoredRequestConfigurer> {
+	public class IgnoredRequestConfigurer extends AbstractRequestMatcherRegistry<IgnoredRequestConfigurer> {
 
 		private IgnoredRequestConfigurer(ApplicationContext context) {
 			setApplicationContext(context);
 		}
 
 		@Override
-		public MvcMatchersIgnoredRequestConfigurer mvcMatchers(HttpMethod method,
-				String... mvcPatterns) {
+		public MvcMatchersIgnoredRequestConfigurer mvcMatchers(HttpMethod method, String... mvcPatterns) {
 			List<MvcRequestMatcher> mvcMatchers = createMvcMatchers(method, mvcPatterns);
 			WebSecurity.this.ignoredRequests.addAll(mvcMatchers);
-			return new MvcMatchersIgnoredRequestConfigurer(getApplicationContext(),
-					mvcMatchers);
+			return new MvcMatchersIgnoredRequestConfigurer(getApplicationContext(), mvcMatchers);
 		}
 
 		@Override
@@ -373,8 +354,7 @@ public final class WebSecurity extends
 		}
 
 		@Override
-		protected IgnoredRequestConfigurer chainRequestMatchers(
-				List<RequestMatcher> requestMatchers) {
+		protected IgnoredRequestConfigurer chainRequestMatchers(List<RequestMatcher> requestMatchers) {
 			WebSecurity.this.ignoredRequests.addAll(requestMatchers);
 			return this;
 		}
@@ -385,29 +365,37 @@ public final class WebSecurity extends
 		public WebSecurity and() {
 			return WebSecurity.this;
 		}
+
 	}
 
 	@Override
-	public void setApplicationContext(ApplicationContext applicationContext)
-			throws BeansException {
-		this.defaultWebSecurityExpressionHandler
-				.setApplicationContext(applicationContext);
+	public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
+		this.defaultWebSecurityExpressionHandler.setApplicationContext(applicationContext);
 
 		try {
 			this.defaultWebSecurityExpressionHandler.setRoleHierarchy(applicationContext.getBean(RoleHierarchy.class));
-		} catch (NoSuchBeanDefinitionException e) {}
+		}
+		catch (NoSuchBeanDefinitionException e) {
+		}
 
 		try {
-			this.defaultWebSecurityExpressionHandler.setPermissionEvaluator(applicationContext.getBean(
-					PermissionEvaluator.class));
-		} catch(NoSuchBeanDefinitionException e) {}
+			this.defaultWebSecurityExpressionHandler
+					.setPermissionEvaluator(applicationContext.getBean(PermissionEvaluator.class));
+		}
+		catch (NoSuchBeanDefinitionException e) {
+		}
 
 		this.ignoredRequestRegistry = new IgnoredRequestConfigurer(applicationContext);
 		try {
 			this.httpFirewall = applicationContext.getBean(HttpFirewall.class);
-		} catch(NoSuchBeanDefinitionException e) {}
+		}
+		catch (NoSuchBeanDefinitionException e) {
+		}
 		try {
 			this.requestRejectedHandler = applicationContext.getBean(RequestRejectedHandler.class);
-		} catch(NoSuchBeanDefinitionException e) {}
+		}
+		catch (NoSuchBeanDefinitionException e) {
+		}
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/AutowiredWebSecurityConfigurersIgnoreParents.java b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/AutowiredWebSecurityConfigurersIgnoreParents.java
index 9195060ef1..012c0fec66 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/AutowiredWebSecurityConfigurersIgnoreParents.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/AutowiredWebSecurityConfigurersIgnoreParents.java
@@ -40,8 +40,7 @@ final class AutowiredWebSecurityConfigurersIgnoreParents {
 
 	private final ConfigurableListableBeanFactory beanFactory;
 
-	AutowiredWebSecurityConfigurersIgnoreParents(
-			ConfigurableListableBeanFactory beanFactory) {
+	AutowiredWebSecurityConfigurersIgnoreParents(ConfigurableListableBeanFactory beanFactory) {
 		Assert.notNull(beanFactory, "beanFactory cannot be null");
 		this.beanFactory = beanFactory;
 	}
@@ -49,11 +48,11 @@ final class AutowiredWebSecurityConfigurersIgnoreParents {
 	@SuppressWarnings({ "rawtypes", "unchecked" })
 	public List<SecurityConfigurer<Filter, WebSecurity>> getWebSecurityConfigurers() {
 		List<SecurityConfigurer<Filter, WebSecurity>> webSecurityConfigurers = new ArrayList<>();
-		Map<String, WebSecurityConfigurer> beansOfType = beanFactory
-				.getBeansOfType(WebSecurityConfigurer.class);
+		Map<String, WebSecurityConfigurer> beansOfType = beanFactory.getBeansOfType(WebSecurityConfigurer.class);
 		for (Entry<String, WebSecurityConfigurer> entry : beansOfType.entrySet()) {
 			webSecurityConfigurers.add(entry.getValue());
 		}
 		return webSecurityConfigurers;
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/EnableWebSecurity.java b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/EnableWebSecurity.java
index 9b6ccdbfa5..217ae581a3 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/EnableWebSecurity.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/EnableWebSecurity.java
@@ -72,10 +72,8 @@ import org.springframework.security.config.annotation.web.WebSecurityConfigurer;
 @Retention(value = java.lang.annotation.RetentionPolicy.RUNTIME)
 @Target(value = { java.lang.annotation.ElementType.TYPE })
 @Documented
-@Import({ WebSecurityConfiguration.class,
-		SpringWebMvcImportSelector.class,
-		OAuth2ImportSelector.class,
-		HttpSecurityConfiguration.class})
+@Import({ WebSecurityConfiguration.class, SpringWebMvcImportSelector.class, OAuth2ImportSelector.class,
+		HttpSecurityConfiguration.class })
 @EnableGlobalAuthentication
 @Configuration
 public @interface EnableWebSecurity {
@@ -85,4 +83,5 @@ public @interface EnableWebSecurity {
 	 * @return if true, enables debug support with Spring Security
 	 */
 	boolean debug() default false;
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfiguration.java
index 0b4ea90061..456f436ce1 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfiguration.java
@@ -42,7 +42,9 @@ import static org.springframework.security.config.Customizer.withDefaults;
  */
 @Configuration(proxyBeanMethods = false)
 class HttpSecurityConfiguration {
+
 	private static final String BEAN_NAME_PREFIX = "org.springframework.security.config.annotation.web.configuration.HttpSecurityConfiguration.";
+
 	private static final String HTTPSECURITY_BEAN_NAME = BEAN_NAME_PREFIX + "httpSecurity";
 
 	private ObjectPostProcessor<Object> objectPostProcessor;
@@ -64,8 +66,7 @@ class HttpSecurityConfiguration {
 	}
 
 	@Autowired
-	public void setAuthenticationConfiguration(
-			AuthenticationConfiguration authenticationConfiguration) {
+	public void setAuthenticationConfiguration(AuthenticationConfiguration authenticationConfiguration) {
 		this.authenticationConfiguration = authenticationConfiguration;
 	}
 
@@ -77,26 +78,18 @@ class HttpSecurityConfiguration {
 	@Bean(HTTPSECURITY_BEAN_NAME)
 	@Scope("prototype")
 	public HttpSecurity httpSecurity() throws Exception {
-		WebSecurityConfigurerAdapter.LazyPasswordEncoder passwordEncoder =
-				new WebSecurityConfigurerAdapter.LazyPasswordEncoder(this.context);
+		WebSecurityConfigurerAdapter.LazyPasswordEncoder passwordEncoder = new WebSecurityConfigurerAdapter.LazyPasswordEncoder(
+				this.context);
 
-		AuthenticationManagerBuilder authenticationBuilder =
-				new WebSecurityConfigurerAdapter.DefaultPasswordEncoderAuthenticationManagerBuilder(this.objectPostProcessor, passwordEncoder);
+		AuthenticationManagerBuilder authenticationBuilder = new WebSecurityConfigurerAdapter.DefaultPasswordEncoderAuthenticationManagerBuilder(
+				this.objectPostProcessor, passwordEncoder);
 		authenticationBuilder.parentAuthenticationManager(authenticationManager());
 
 		HttpSecurity http = new HttpSecurity(objectPostProcessor, authenticationBuilder, createSharedObjects());
-		http
-				.csrf(withDefaults())
-				.addFilter(new WebAsyncManagerIntegrationFilter())
-				.exceptionHandling(withDefaults())
-				.headers(withDefaults())
-				.sessionManagement(withDefaults())
-				.securityContext(withDefaults())
-				.requestCache(withDefaults())
-				.anonymous(withDefaults())
-				.servletApi(withDefaults())
-				.logout(withDefaults())
-				.apply(new DefaultLoginPageConfigurer<>());
+		http.csrf(withDefaults()).addFilter(new WebAsyncManagerIntegrationFilter()).exceptionHandling(withDefaults())
+				.headers(withDefaults()).sessionManagement(withDefaults()).securityContext(withDefaults())
+				.requestCache(withDefaults()).anonymous(withDefaults()).servletApi(withDefaults())
+				.logout(withDefaults()).apply(new DefaultLoginPageConfigurer<>());
 
 		return http;
 	}
@@ -104,7 +97,8 @@ class HttpSecurityConfiguration {
 	private AuthenticationManager authenticationManager() throws Exception {
 		if (this.authenticationManager != null) {
 			return this.authenticationManager;
-		} else {
+		}
+		else {
 			return this.authenticationConfiguration.getAuthenticationManager();
 		}
 	}
@@ -114,4 +108,5 @@ class HttpSecurityConfiguration {
 		sharedObjects.put(ApplicationContext.class, context);
 		return sharedObjects;
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfiguration.java
index 892fb394f0..09d5681d9d 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfiguration.java
@@ -53,20 +53,25 @@ final class OAuth2ClientConfiguration {
 
 		@Override
 		public String[] selectImports(AnnotationMetadata importingClassMetadata) {
-			boolean webmvcPresent = ClassUtils.isPresent(
-				"org.springframework.web.servlet.DispatcherServlet", getClass().getClassLoader());
+			boolean webmvcPresent = ClassUtils.isPresent("org.springframework.web.servlet.DispatcherServlet",
+					getClass().getClassLoader());
 
-			return webmvcPresent ?
-				new String[] { "org.springframework.security.config.annotation.web.configuration.OAuth2ClientConfiguration.OAuth2ClientWebMvcSecurityConfiguration" } :
-				new String[] {};
+			return webmvcPresent ? new String[] {
+					"org.springframework.security.config.annotation.web.configuration.OAuth2ClientConfiguration.OAuth2ClientWebMvcSecurityConfiguration" }
+					: new String[] {};
 		}
+
 	}
 
 	@Configuration(proxyBeanMethods = false)
 	static class OAuth2ClientWebMvcSecurityConfiguration implements WebMvcConfigurer {
+
 		private ClientRegistrationRepository clientRegistrationRepository;
+
 		private OAuth2AuthorizedClientRepository authorizedClientRepository;
+
 		private OAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest> accessTokenResponseClient;
+
 		private OAuth2AuthorizedClientManager authorizedClientManager;
 
 		@Override
@@ -92,7 +97,8 @@ final class OAuth2ClientConfiguration {
 		}
 
 		@Autowired(required = false)
-		void setAccessTokenResponseClient(OAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest> accessTokenResponseClient) {
+		void setAccessTokenResponseClient(
+				OAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest> accessTokenResponseClient) {
 			this.accessTokenResponseClient = accessTokenResponseClient;
 		}
 
@@ -111,25 +117,24 @@ final class OAuth2ClientConfiguration {
 			OAuth2AuthorizedClientManager authorizedClientManager = null;
 			if (this.clientRegistrationRepository != null && this.authorizedClientRepository != null) {
 				if (this.accessTokenResponseClient != null) {
-					OAuth2AuthorizedClientProvider authorizedClientProvider =
-							OAuth2AuthorizedClientProviderBuilder.builder()
-									.authorizationCode()
-									.refreshToken()
-									.clientCredentials(configurer ->
-											configurer.accessTokenResponseClient(this.accessTokenResponseClient))
-									.password()
-									.build();
-					DefaultOAuth2AuthorizedClientManager defaultAuthorizedClientManager =
-							new DefaultOAuth2AuthorizedClientManager(
-									this.clientRegistrationRepository, this.authorizedClientRepository);
+					OAuth2AuthorizedClientProvider authorizedClientProvider = OAuth2AuthorizedClientProviderBuilder
+							.builder().authorizationCode().refreshToken()
+							.clientCredentials(
+									configurer -> configurer.accessTokenResponseClient(this.accessTokenResponseClient))
+							.password().build();
+					DefaultOAuth2AuthorizedClientManager defaultAuthorizedClientManager = new DefaultOAuth2AuthorizedClientManager(
+							this.clientRegistrationRepository, this.authorizedClientRepository);
 					defaultAuthorizedClientManager.setAuthorizedClientProvider(authorizedClientProvider);
 					authorizedClientManager = defaultAuthorizedClientManager;
-				} else {
+				}
+				else {
 					authorizedClientManager = new DefaultOAuth2AuthorizedClientManager(
 							this.clientRegistrationRepository, this.authorizedClientRepository);
 				}
 			}
 			return authorizedClientManager;
 		}
+
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/OAuth2ImportSelector.java b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/OAuth2ImportSelector.java
index a999d5c7f8..863cf03dca 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/OAuth2ImportSelector.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/OAuth2ImportSelector.java
@@ -26,10 +26,11 @@ import org.springframework.util.ClassUtils;
  * Used by {@link EnableWebSecurity} to conditionally import:
  *
  * <ul>
- * 	<li>{@link OAuth2ClientConfiguration} when the {@code spring-security-oauth2-client} module is present on the classpath</li>
- * 	<li>{@link SecurityReactorContextConfiguration} when either the {@code spring-security-oauth2-client} or
- * 		{@code spring-security-oauth2-resource-server} module as well as the {@code spring-webflux} module
- * 		are present on the classpath</li>
+ * <li>{@link OAuth2ClientConfiguration} when the {@code spring-security-oauth2-client}
+ * module is present on the classpath</li>
+ * <li>{@link SecurityReactorContextConfiguration} when either the
+ * {@code spring-security-oauth2-client} or {@code spring-security-oauth2-resource-server}
+ * module as well as the {@code spring-webflux} module are present on the classpath</li>
  * </ul>
  *
  * @author Joe Grandja
@@ -45,7 +46,8 @@ final class OAuth2ImportSelector implements ImportSelector {
 		Set<String> imports = new LinkedHashSet<>();
 
 		boolean oauth2ClientPresent = ClassUtils.isPresent(
-				"org.springframework.security.oauth2.client.registration.ClientRegistration", getClass().getClassLoader());
+				"org.springframework.security.oauth2.client.registration.ClientRegistration",
+				getClass().getClassLoader());
 		if (oauth2ClientPresent) {
 			imports.add("org.springframework.security.config.annotation.web.configuration.OAuth2ClientConfiguration");
 		}
@@ -53,15 +55,18 @@ final class OAuth2ImportSelector implements ImportSelector {
 		boolean webfluxPresent = ClassUtils.isPresent(
 				"org.springframework.web.reactive.function.client.ExchangeFilterFunction", getClass().getClassLoader());
 		if (webfluxPresent && oauth2ClientPresent) {
-			imports.add("org.springframework.security.config.annotation.web.configuration.SecurityReactorContextConfiguration");
+			imports.add(
+					"org.springframework.security.config.annotation.web.configuration.SecurityReactorContextConfiguration");
 		}
 
 		boolean oauth2ResourceServerPresent = ClassUtils.isPresent(
 				"org.springframework.security.oauth2.server.resource.BearerTokenError", getClass().getClassLoader());
 		if (webfluxPresent && oauth2ResourceServerPresent) {
-			imports.add("org.springframework.security.config.annotation.web.configuration.SecurityReactorContextConfiguration");
+			imports.add(
+					"org.springframework.security.config.annotation.web.configuration.SecurityReactorContextConfiguration");
 		}
 
 		return imports.toArray(new String[0]);
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfiguration.java
index 8d76982c80..667ca07881 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfiguration.java
@@ -41,13 +41,13 @@ import java.util.function.Function;
 import static org.springframework.security.config.annotation.web.configuration.SecurityReactorContextConfiguration.SecurityReactorContextSubscriber.SECURITY_CONTEXT_ATTRIBUTES;
 
 /**
- * {@link Configuration} that (potentially) adds a "decorating" {@code Publisher}
- * for the last operator created in every {@code Mono} or {@code Flux}.
+ * {@link Configuration} that (potentially) adds a "decorating" {@code Publisher} for the
+ * last operator created in every {@code Mono} or {@code Flux}.
  *
  * <p>
- * The {@code Publisher} is solely responsible for adding
- * the current {@code HttpServletRequest}, {@code HttpServletResponse} and {@code Authentication}
- * to the Reactor {@code Context} so that it's accessible in every flow, if required.
+ * The {@code Publisher} is solely responsible for adding the current
+ * {@code HttpServletRequest}, {@code HttpServletResponse} and {@code Authentication} to
+ * the Reactor {@code Context} so that it's accessible in every flow, if required.
  *
  * @author Joe Grandja
  * @author Roman Matiushchenko
@@ -63,12 +63,13 @@ class SecurityReactorContextConfiguration {
 	}
 
 	static class SecurityReactorContextSubscriberRegistrar implements InitializingBean, DisposableBean {
+
 		private static final String SECURITY_REACTOR_CONTEXT_OPERATOR_KEY = "org.springframework.security.SECURITY_REACTOR_CONTEXT_OPERATOR";
 
 		@Override
 		public void afterPropertiesSet() throws Exception {
-			Function<? super Publisher<Object>, ? extends Publisher<Object>> lifter =
-					Operators.liftPublisher((pub, sub) -> createSubscriberIfNecessary(sub));
+			Function<? super Publisher<Object>, ? extends Publisher<Object>> lifter = Operators
+					.liftPublisher((pub, sub) -> createSubscriberIfNecessary(sub));
 
 			Hooks.onLastOperator(SECURITY_REACTOR_CONTEXT_OPERATOR_KEY, pub -> {
 				if (!contextAttributesAvailable()) {
@@ -93,8 +94,8 @@ class SecurityReactorContextConfiguration {
 		}
 
 		private static boolean contextAttributesAvailable() {
-			return SecurityContextHolder.getContext().getAuthentication() != null ||
-					RequestContextHolder.getRequestAttributes() instanceof ServletRequestAttributes;
+			return SecurityContextHolder.getContext().getAuthentication() != null
+					|| RequestContextHolder.getRequestAttributes() instanceof ServletRequestAttributes;
 		}
 
 		private static Map<Object, Object> getContextAttributes() {
@@ -104,7 +105,7 @@ class SecurityReactorContextConfiguration {
 			if (requestAttributes instanceof ServletRequestAttributes) {
 				ServletRequestAttributes servletRequestAttributes = (ServletRequestAttributes) requestAttributes;
 				servletRequest = servletRequestAttributes.getRequest();
-				servletResponse = servletRequestAttributes.getResponse();	// possible null
+				servletResponse = servletRequestAttributes.getResponse(); // possible null
 			}
 			Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
 			if (authentication == null && servletRequest == null) {
@@ -124,11 +125,15 @@ class SecurityReactorContextConfiguration {
 
 			return contextAttributes;
 		}
+
 	}
 
 	static class SecurityReactorContextSubscriber<T> implements CoreSubscriber<T> {
+
 		static final String SECURITY_CONTEXT_ATTRIBUTES = "org.springframework.security.SECURITY_CONTEXT_ATTRIBUTES";
+
 		private final CoreSubscriber<T> delegate;
+
 		private final Context context;
 
 		SecurityReactorContextSubscriber(CoreSubscriber<T> delegate, Map<Object, Object> attributes) {
@@ -137,7 +142,8 @@ class SecurityReactorContextConfiguration {
 			Context context;
 			if (currentContext.hasKey(SECURITY_CONTEXT_ATTRIBUTES)) {
 				context = currentContext;
-			} else {
+			}
+			else {
 				context = currentContext.put(SECURITY_CONTEXT_ATTRIBUTES, attributes);
 			}
 			this.context = context;
@@ -167,5 +173,7 @@ class SecurityReactorContextConfiguration {
 		public void onComplete() {
 			this.delegate.onComplete();
 		}
+
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/SpringWebMvcImportSelector.java b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/SpringWebMvcImportSelector.java
index 1516a3e3f0..93aa8279c5 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/SpringWebMvcImportSelector.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/SpringWebMvcImportSelector.java
@@ -36,12 +36,12 @@ class SpringWebMvcImportSelector implements ImportSelector {
 	 * springframework .core.type.AnnotationMetadata)
 	 */
 	public String[] selectImports(AnnotationMetadata importingClassMetadata) {
-		boolean webmvcPresent = ClassUtils.isPresent(
-				"org.springframework.web.servlet.DispatcherServlet",
+		boolean webmvcPresent = ClassUtils.isPresent("org.springframework.web.servlet.DispatcherServlet",
 				getClass().getClassLoader());
 		return webmvcPresent
 				? new String[] {
 						"org.springframework.security.config.annotation.web.configuration.WebMvcSecurityConfiguration" }
 				: new String[] {};
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebMvcSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebMvcSecurityConfiguration.java
index 312a1b170e..10751a034a 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebMvcSecurityConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebMvcSecurityConfiguration.java
@@ -35,8 +35,10 @@ import java.util.List;
 /**
  * Used to add a {@link RequestDataValueProcessor} for Spring MVC and Spring Security CSRF
  * integration. This configuration is added whenever {@link EnableWebMvc} is added by
- * <a href="{@docRoot}/org/springframework/security/config/annotation/web/configuration/SpringWebMvcImportSelector.html">SpringWebMvcImportSelector</a> and the DispatcherServlet is present on the
- * classpath. It also adds the {@link AuthenticationPrincipalArgumentResolver} as a
+ * <a href="
+ * {@docRoot}/org/springframework/security/config/annotation/web/configuration/SpringWebMvcImportSelector.html">SpringWebMvcImportSelector</a>
+ * and the DispatcherServlet is present on the classpath. It also adds the
+ * {@link AuthenticationPrincipalArgumentResolver} as a
  * {@link HandlerMethodArgumentResolver}.
  *
  * @author Rob Winch
@@ -44,6 +46,7 @@ import java.util.List;
  * @since 3.2
  */
 class WebMvcSecurityConfiguration implements WebMvcConfigurer, ApplicationContextAware {
+
 	private BeanResolver beanResolver;
 
 	@Override
@@ -70,4 +73,5 @@ class WebMvcSecurityConfiguration implements WebMvcConfigurer, ApplicationContex
 	public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
 		this.beanResolver = new BeanFactoryResolver(applicationContext.getAutowireCapableBeanFactory());
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.java
index 31e5e9f6ea..dc854bc4d7 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.java
@@ -49,7 +49,6 @@ import org.springframework.security.web.access.WebInvocationPrivilegeEvaluator;
 import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
 import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;
 
-
 /**
  * Uses a {@link WebSecurity} to create the {@link FilterChainProxy} that performs the web
  * based security for Spring Security. It then exports the necessary beans. Customizations
@@ -60,13 +59,13 @@ import org.springframework.security.web.context.AbstractSecurityWebApplicationIn
  *
  * @see EnableWebSecurity
  * @see WebSecurity
- *
  * @author Rob Winch
  * @author Keesun Baik
  * @since 3.2
  */
 @Configuration(proxyBeanMethods = false)
 public class WebSecurityConfiguration implements ImportAware, BeanClassLoaderAware {
+
 	private WebSecurity webSecurity;
 
 	private Boolean debugEnabled;
@@ -98,13 +97,11 @@ public class WebSecurityConfiguration implements ImportAware, BeanClassLoaderAwa
 	 */
 	@Bean(name = AbstractSecurityWebApplicationInitializer.DEFAULT_FILTER_NAME)
 	public Filter springSecurityFilterChain() throws Exception {
-		boolean hasConfigurers = webSecurityConfigurers != null
-				&& !webSecurityConfigurers.isEmpty();
+		boolean hasConfigurers = webSecurityConfigurers != null && !webSecurityConfigurers.isEmpty();
 		boolean hasFilterChain = !securityFilterChains.isEmpty();
 		if (hasConfigurers && hasFilterChain) {
 			throw new IllegalStateException(
-					"Found WebSecurityConfigurerAdapter as well as SecurityFilterChain." +
-							"Please select just one.");
+					"Found WebSecurityConfigurerAdapter as well as SecurityFilterChain." + "Please select just one.");
 		}
 		if (!hasConfigurers && !hasFilterChain) {
 			WebSecurityConfigurerAdapter adapter = objectObjectPostProcessor
@@ -138,7 +135,6 @@ public class WebSecurityConfiguration implements ImportAware, BeanClassLoaderAwa
 	/**
 	 * Sets the {@code <SecurityConfigurer<FilterChainProxy, WebSecurityBuilder>}
 	 * instances used to create the web configuration.
-	 *
 	 * @param objectPostProcessor the {@link ObjectPostProcessor} used to create a
 	 * {@link WebSecurity} instance
 	 * @param webSecurityConfigurers the
@@ -147,12 +143,10 @@ public class WebSecurityConfiguration implements ImportAware, BeanClassLoaderAwa
 	 * @throws Exception
 	 */
 	@Autowired(required = false)
-	public void setFilterChainProxySecurityConfigurer(
-			ObjectPostProcessor<Object> objectPostProcessor,
+	public void setFilterChainProxySecurityConfigurer(ObjectPostProcessor<Object> objectPostProcessor,
 			@Value("#{@autowiredWebSecurityConfigurersIgnoreParents.getWebSecurityConfigurers()}") List<SecurityConfigurer<Filter, WebSecurity>> webSecurityConfigurers)
 			throws Exception {
-		webSecurity = objectPostProcessor
-				.postProcess(new WebSecurity(objectPostProcessor));
+		webSecurity = objectPostProcessor.postProcess(new WebSecurity(objectPostProcessor));
 		if (debugEnabled != null) {
 			webSecurity.debug(debugEnabled);
 		}
@@ -164,10 +158,8 @@ public class WebSecurityConfiguration implements ImportAware, BeanClassLoaderAwa
 		for (SecurityConfigurer<Filter, WebSecurity> config : webSecurityConfigurers) {
 			Integer order = AnnotationAwareOrderComparator.lookupOrder(config);
 			if (previousOrder != null && previousOrder.equals(order)) {
-				throw new IllegalStateException(
-						"@Order on WebSecurityConfigurers must be unique. Order of "
-								+ order + " was already used on " + previousConfig + ", so it cannot be used on "
-								+ config + " too.");
+				throw new IllegalStateException("@Order on WebSecurityConfigurers must be unique. Order of " + order
+						+ " was already used on " + previousConfig + ", so it cannot be used on " + config + " too.");
 			}
 			previousOrder = order;
 			previousConfig = config;
@@ -204,6 +196,7 @@ public class WebSecurityConfiguration implements ImportAware, BeanClassLoaderAwa
 	 * @since 3.2
 	 */
 	private static class AnnotationAwareOrderComparator extends OrderComparator {
+
 		private static final AnnotationAwareOrderComparator INSTANCE = new AnnotationAwareOrderComparator();
 
 		@Override
@@ -224,6 +217,7 @@ public class WebSecurityConfiguration implements ImportAware, BeanClassLoaderAwa
 			}
 			return Ordered.LOWEST_PRECEDENCE;
 		}
+
 	}
 
 	/*
@@ -235,8 +229,7 @@ public class WebSecurityConfiguration implements ImportAware, BeanClassLoaderAwa
 	public void setImportMetadata(AnnotationMetadata importMetadata) {
 		Map<String, Object> enableWebSecurityAttrMap = importMetadata
 				.getAnnotationAttributes(EnableWebSecurity.class.getName());
-		AnnotationAttributes enableWebSecurityAttrs = AnnotationAttributes
-				.fromMap(enableWebSecurityAttrMap);
+		AnnotationAttributes enableWebSecurityAttrs = AnnotationAttributes.fromMap(enableWebSecurityAttrMap);
 		debugEnabled = enableWebSecurityAttrs.getBoolean("debug");
 		if (webSecurity != null) {
 			webSecurity.debug(debugEnabled);
@@ -253,4 +246,5 @@ public class WebSecurityConfiguration implements ImportAware, BeanClassLoaderAwa
 	public void setBeanClassLoader(ClassLoader classLoader) {
 		this.beanClassLoader = classLoader;
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurerAdapter.java b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurerAdapter.java
index 6f3819549f..1125884f2f 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurerAdapter.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurerAdapter.java
@@ -69,31 +69,30 @@ import org.springframework.web.accept.ContentNegotiationStrategy;
 import org.springframework.web.accept.HeaderContentNegotiationStrategy;
 
 /**
- * Provides a convenient base class for creating a {@link WebSecurityConfigurer}
- * instance. The implementation allows customization by overriding methods.
+ * Provides a convenient base class for creating a {@link WebSecurityConfigurer} instance.
+ * The implementation allows customization by overriding methods.
  *
  * <p>
- * Will automatically apply the result of looking up
- * {@link AbstractHttpConfigurer} from {@link SpringFactoriesLoader} to allow
- * developers to extend the defaults.
- * To do this, you must create a class that extends AbstractHttpConfigurer and then create a file in the classpath at "META-INF/spring.factories" that looks something like:
+ * Will automatically apply the result of looking up {@link AbstractHttpConfigurer} from
+ * {@link SpringFactoriesLoader} to allow developers to extend the defaults. To do this,
+ * you must create a class that extends AbstractHttpConfigurer and then create a file in
+ * the classpath at "META-INF/spring.factories" that looks something like:
  * </p>
  * <pre>
  * org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer = sample.MyClassThatExtendsAbstractHttpConfigurer
- * </pre>
- * If you have multiple classes that should be added you can use "," to separate the values. For example:
+ * </pre> If you have multiple classes that should be added you can use "," to separate
+ * the values. For example:
  *
  * <pre>
  * org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer = sample.MyClassThatExtendsAbstractHttpConfigurer, sample.OtherThatExtendsAbstractHttpConfigurer
  * </pre>
  *
  * @see EnableWebSecurity
- *
  * @author Rob Winch
  */
 @Order(100)
-public abstract class WebSecurityConfigurerAdapter implements
-		WebSecurityConfigurer<WebSecurity> {
+public abstract class WebSecurityConfigurerAdapter implements WebSecurityConfigurer<WebSecurity> {
+
 	private final Log logger = LogFactory.getLog(WebSecurityConfigurerAdapter.class);
 
 	private ApplicationContext context;
@@ -102,20 +101,27 @@ public abstract class WebSecurityConfigurerAdapter implements
 
 	private ObjectPostProcessor<Object> objectPostProcessor = new ObjectPostProcessor<Object>() {
 		public <T> T postProcess(T object) {
-			throw new IllegalStateException(
-					ObjectPostProcessor.class.getName()
-							+ " is a required bean. Ensure you have used @EnableWebSecurity and @Configuration");
+			throw new IllegalStateException(ObjectPostProcessor.class.getName()
+					+ " is a required bean. Ensure you have used @EnableWebSecurity and @Configuration");
 		}
 	};
 
 	private AuthenticationConfiguration authenticationConfiguration;
+
 	private AuthenticationManagerBuilder authenticationBuilder;
+
 	private AuthenticationManagerBuilder localConfigureAuthenticationBldr;
+
 	private boolean disableLocalConfigureAuthenticationBldr;
+
 	private boolean authenticationManagerInitialized;
+
 	private AuthenticationManager authenticationManager;
+
 	private AuthenticationTrustResolver trustResolver = new AuthenticationTrustResolverImpl();
+
 	private HttpSecurity http;
+
 	private boolean disableDefaults;
 
 	/**
@@ -129,7 +135,6 @@ public abstract class WebSecurityConfigurerAdapter implements
 	 * Creates an instance which allows specifying if the default configuration should be
 	 * enabled. Disabling the default configuration should be considered more advanced
 	 * usage as it requires more understanding of how the framework is implemented.
-	 *
 	 * @param disableDefaults true if the default configuration should be disabled, else
 	 * false
 	 */
@@ -176,7 +181,6 @@ public abstract class WebSecurityConfigurerAdapter implements
 	 * }
 	 *
 	 * </pre>
-	 *
 	 * @param auth the {@link AuthenticationManagerBuilder} to use
 	 * @throws Exception
 	 */
@@ -186,7 +190,6 @@ public abstract class WebSecurityConfigurerAdapter implements
 
 	/**
 	 * Creates the {@link HttpSecurity} or returns the current instance
-	 *
 	 * @return the {@link HttpSecurity}
 	 * @throws Exception
 	 */
@@ -203,8 +206,7 @@ public abstract class WebSecurityConfigurerAdapter implements
 		authenticationBuilder.parentAuthenticationManager(authenticationManager);
 		Map<Class<?>, Object> sharedObjects = createSharedObjects();
 
-		http = new HttpSecurity(objectPostProcessor, authenticationBuilder,
-				sharedObjects);
+		http = new HttpSecurity(objectPostProcessor, authenticationBuilder, sharedObjects);
 		if (!disableDefaults) {
 			// @formatter:off
 			http
@@ -221,8 +223,8 @@ public abstract class WebSecurityConfigurerAdapter implements
 				.logout();
 			// @formatter:on
 			ClassLoader classLoader = this.context.getClassLoader();
-			List<AbstractHttpConfigurer> defaultHttpConfigurers =
-					SpringFactoriesLoader.loadFactories(AbstractHttpConfigurer.class, classLoader);
+			List<AbstractHttpConfigurer> defaultHttpConfigurers = SpringFactoriesLoader
+					.loadFactories(AbstractHttpConfigurer.class, classLoader);
 
 			for (AbstractHttpConfigurer configurer : defaultHttpConfigurers) {
 				http.apply(configurer);
@@ -244,7 +246,6 @@ public abstract class WebSecurityConfigurerAdapter implements
 	 *     return super.authenticationManagerBean();
 	 * }
 	 * </pre>
-	 *
 	 * @return the {@link AuthenticationManager}
 	 * @throws Exception
 	 */
@@ -257,7 +258,6 @@ public abstract class WebSecurityConfigurerAdapter implements
 	 * {@link #configure(AuthenticationManagerBuilder)} method is overridden to use the
 	 * {@link AuthenticationManagerBuilder} that was passed in. Otherwise, autowire the
 	 * {@link AuthenticationManager} by type.
-	 *
 	 * @return the {@link AuthenticationManager} to use
 	 * @throws Exception
 	 */
@@ -265,8 +265,7 @@ public abstract class WebSecurityConfigurerAdapter implements
 		if (!authenticationManagerInitialized) {
 			configure(localConfigureAuthenticationBldr);
 			if (disableLocalConfigureAuthenticationBldr) {
-				authenticationManager = authenticationConfiguration
-						.getAuthenticationManager();
+				authenticationManager = authenticationConfiguration.getAuthenticationManager();
 			}
 			else {
 				authenticationManager = localConfigureAuthenticationBldr.build();
@@ -297,10 +296,8 @@ public abstract class WebSecurityConfigurerAdapter implements
 	 * @see #userDetailsService()
 	 */
 	public UserDetailsService userDetailsServiceBean() throws Exception {
-		AuthenticationManagerBuilder globalAuthBuilder = context
-				.getBean(AuthenticationManagerBuilder.class);
-		return new UserDetailsServiceDelegator(Arrays.asList(
-				localConfigureAuthenticationBldr, globalAuthBuilder));
+		AuthenticationManagerBuilder globalAuthBuilder = context.getBean(AuthenticationManagerBuilder.class);
+		return new UserDetailsServiceDelegator(Arrays.asList(localConfigureAuthenticationBldr, globalAuthBuilder));
 	}
 
 	/**
@@ -308,21 +305,17 @@ public abstract class WebSecurityConfigurerAdapter implements
 	 * {@link #userDetailsServiceBean()} without interacting with the
 	 * {@link ApplicationContext}. Developers should override this method when changing
 	 * the instance of {@link #userDetailsServiceBean()}.
-	 *
 	 * @return the {@link UserDetailsService} to use
 	 */
 	protected UserDetailsService userDetailsService() {
-		AuthenticationManagerBuilder globalAuthBuilder = context
-				.getBean(AuthenticationManagerBuilder.class);
-		return new UserDetailsServiceDelegator(Arrays.asList(
-				localConfigureAuthenticationBldr, globalAuthBuilder));
+		AuthenticationManagerBuilder globalAuthBuilder = context.getBean(AuthenticationManagerBuilder.class);
+		return new UserDetailsServiceDelegator(Arrays.asList(localConfigureAuthenticationBldr, globalAuthBuilder));
 	}
 
 	public void init(final WebSecurity web) throws Exception {
 		final HttpSecurity http = getHttp();
 		web.addSecurityFilterChainBuilder(http).postBuildAction(() -> {
-			FilterSecurityInterceptor securityInterceptor = http
-					.getSharedObject(FilterSecurityInterceptor.class);
+			FilterSecurityInterceptor securityInterceptor = http.getSharedObject(FilterSecurityInterceptor.class);
 			web.securityInterceptor(securityInterceptor);
 		});
 	}
@@ -350,15 +343,15 @@ public abstract class WebSecurityConfigurerAdapter implements
 	 * http.authorizeRequests().anyRequest().authenticated().and().formLogin().and().httpBasic();
 	 * </pre>
 	 *
-	 * Any endpoint that requires defense against common vulnerabilities can be specified here, including public ones.
-	 * See {@link HttpSecurity#authorizeRequests} and the `permitAll()` authorization rule
-	 * for more details on public endpoints.
-	 *
+	 * Any endpoint that requires defense against common vulnerabilities can be specified
+	 * here, including public ones. See {@link HttpSecurity#authorizeRequests} and the
+	 * `permitAll()` authorization rule for more details on public endpoints.
 	 * @param http the {@link HttpSecurity} to modify
 	 * @throws Exception if an error occurs
 	 */
 	protected void configure(HttpSecurity http) throws Exception {
-		logger.debug("Using default configure(HttpSecurity). If subclassed this will potentially override subclass configure(HttpSecurity).");
+		logger.debug(
+				"Using default configure(HttpSecurity). If subclassed this will potentially override subclass configure(HttpSecurity).");
 
 		// @formatter:off
 		http
@@ -385,8 +378,10 @@ public abstract class WebSecurityConfigurerAdapter implements
 		ObjectPostProcessor<Object> objectPostProcessor = context.getBean(ObjectPostProcessor.class);
 		LazyPasswordEncoder passwordEncoder = new LazyPasswordEncoder(context);
 
-		authenticationBuilder = new DefaultPasswordEncoderAuthenticationManagerBuilder(objectPostProcessor, passwordEncoder);
-		localConfigureAuthenticationBldr = new DefaultPasswordEncoderAuthenticationManagerBuilder(objectPostProcessor, passwordEncoder) {
+		authenticationBuilder = new DefaultPasswordEncoderAuthenticationManagerBuilder(objectPostProcessor,
+				passwordEncoder);
+		localConfigureAuthenticationBldr = new DefaultPasswordEncoderAuthenticationManagerBuilder(objectPostProcessor,
+				passwordEncoder) {
 			@Override
 			public AuthenticationManagerBuilder eraseCredentials(boolean eraseCredentials) {
 				authenticationBuilder.eraseCredentials(eraseCredentials);
@@ -394,7 +389,8 @@ public abstract class WebSecurityConfigurerAdapter implements
 			}
 
 			@Override
-			public AuthenticationManagerBuilder authenticationEventPublisher(AuthenticationEventPublisher eventPublisher) {
+			public AuthenticationManagerBuilder authenticationEventPublisher(
+					AuthenticationEventPublisher eventPublisher) {
 				authenticationBuilder.authenticationEventPublisher(eventPublisher);
 				return super.authenticationEventPublisher(eventPublisher);
 			}
@@ -407,8 +403,7 @@ public abstract class WebSecurityConfigurerAdapter implements
 	}
 
 	@Autowired(required = false)
-	public void setContentNegotationStrategy(
-			ContentNegotiationStrategy contentNegotiationStrategy) {
+	public void setContentNegotationStrategy(ContentNegotiationStrategy contentNegotiationStrategy) {
 		this.contentNegotiationStrategy = contentNegotiationStrategy;
 	}
 
@@ -418,8 +413,7 @@ public abstract class WebSecurityConfigurerAdapter implements
 	}
 
 	@Autowired
-	public void setAuthenticationConfiguration(
-			AuthenticationConfiguration authenticationConfiguration) {
+	public void setAuthenticationConfiguration(AuthenticationConfiguration authenticationConfiguration) {
 		this.authenticationConfiguration = authenticationConfiguration;
 	}
 
@@ -432,7 +426,6 @@ public abstract class WebSecurityConfigurerAdapter implements
 
 	/**
 	 * Creates the shared objects
-	 *
 	 * @return the shared Objects
 	 */
 	private Map<Class<?>, Object> createSharedObjects() {
@@ -453,21 +446,22 @@ public abstract class WebSecurityConfigurerAdapter implements
 	 * @since 3.2
 	 */
 	static final class UserDetailsServiceDelegator implements UserDetailsService {
+
 		private List<AuthenticationManagerBuilder> delegateBuilders;
+
 		private UserDetailsService delegate;
+
 		private final Object delegateMonitor = new Object();
 
 		UserDetailsServiceDelegator(List<AuthenticationManagerBuilder> delegateBuilders) {
 			if (delegateBuilders.contains(null)) {
 				throw new IllegalArgumentException(
-						"delegateBuilders cannot contain null values. Got "
-								+ delegateBuilders);
+						"delegateBuilders cannot contain null values. Got " + delegateBuilders);
 			}
 			this.delegateBuilders = delegateBuilders;
 		}
 
-		public UserDetails loadUserByUsername(String username)
-				throws UsernameNotFoundException {
+		public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
 			if (delegate != null) {
 				return delegate.loadUserByUsername(username);
 			}
@@ -490,6 +484,7 @@ public abstract class WebSecurityConfigurerAdapter implements
 
 			return delegate.loadUserByUsername(username);
 		}
+
 	}
 
 	/**
@@ -500,26 +495,26 @@ public abstract class WebSecurityConfigurerAdapter implements
 	 * @since 3.2
 	 */
 	static final class AuthenticationManagerDelegator implements AuthenticationManager {
+
 		private AuthenticationManagerBuilder delegateBuilder;
+
 		private AuthenticationManager delegate;
+
 		private final Object delegateMonitor = new Object();
+
 		private Set<String> beanNames;
 
-		AuthenticationManagerDelegator(AuthenticationManagerBuilder delegateBuilder,
-				ApplicationContext context) {
+		AuthenticationManagerDelegator(AuthenticationManagerBuilder delegateBuilder, ApplicationContext context) {
 			Assert.notNull(delegateBuilder, "delegateBuilder cannot be null");
-			Field parentAuthMgrField = ReflectionUtils.findField(
-					AuthenticationManagerBuilder.class, "parentAuthenticationManager");
+			Field parentAuthMgrField = ReflectionUtils.findField(AuthenticationManagerBuilder.class,
+					"parentAuthenticationManager");
 			ReflectionUtils.makeAccessible(parentAuthMgrField);
 			beanNames = getAuthenticationManagerBeanNames(context);
-			validateBeanCycle(
-					ReflectionUtils.getField(parentAuthMgrField, delegateBuilder),
-					beanNames);
+			validateBeanCycle(ReflectionUtils.getField(parentAuthMgrField, delegateBuilder), beanNames);
 			this.delegateBuilder = delegateBuilder;
 		}
 
-		public Authentication authenticate(Authentication authentication)
-				throws AuthenticationException {
+		public Authentication authenticate(Authentication authentication) throws AuthenticationException {
 			if (delegate != null) {
 				return delegate.authenticate(authentication);
 			}
@@ -534,11 +529,9 @@ public abstract class WebSecurityConfigurerAdapter implements
 			return delegate.authenticate(authentication);
 		}
 
-		private static Set<String> getAuthenticationManagerBeanNames(
-				ApplicationContext applicationContext) {
-			String[] beanNamesForType = BeanFactoryUtils
-					.beanNamesForTypeIncludingAncestors(applicationContext,
-							AuthenticationManager.class);
+		private static Set<String> getAuthenticationManagerBeanNames(ApplicationContext applicationContext) {
+			String[] beanNamesForType = BeanFactoryUtils.beanNamesForTypeIncludingAncestors(applicationContext,
+					AuthenticationManager.class);
 			return new HashSet<>(Arrays.asList(beanNamesForType));
 		}
 
@@ -558,46 +551,46 @@ public abstract class WebSecurityConfigurerAdapter implements
 				beanNames = Collections.emptySet();
 			}
 		}
+
 	}
 
 	static class DefaultPasswordEncoderAuthenticationManagerBuilder extends AuthenticationManagerBuilder {
+
 		private PasswordEncoder defaultPasswordEncoder;
 
 		/**
 		 * Creates a new instance
-		 *
 		 * @param objectPostProcessor the {@link ObjectPostProcessor} instance to use.
 		 */
-		DefaultPasswordEncoderAuthenticationManagerBuilder(
-			ObjectPostProcessor<Object> objectPostProcessor, PasswordEncoder defaultPasswordEncoder) {
+		DefaultPasswordEncoderAuthenticationManagerBuilder(ObjectPostProcessor<Object> objectPostProcessor,
+				PasswordEncoder defaultPasswordEncoder) {
 			super(objectPostProcessor);
 			this.defaultPasswordEncoder = defaultPasswordEncoder;
 		}
 
 		@Override
 		public InMemoryUserDetailsManagerConfigurer<AuthenticationManagerBuilder> inMemoryAuthentication()
-			throws Exception {
-			return super.inMemoryAuthentication()
-				.passwordEncoder(this.defaultPasswordEncoder);
+				throws Exception {
+			return super.inMemoryAuthentication().passwordEncoder(this.defaultPasswordEncoder);
 		}
 
 		@Override
-		public JdbcUserDetailsManagerConfigurer<AuthenticationManagerBuilder> jdbcAuthentication()
-			throws Exception {
-			return super.jdbcAuthentication()
-				.passwordEncoder(this.defaultPasswordEncoder);
+		public JdbcUserDetailsManagerConfigurer<AuthenticationManagerBuilder> jdbcAuthentication() throws Exception {
+			return super.jdbcAuthentication().passwordEncoder(this.defaultPasswordEncoder);
 		}
 
 		@Override
 		public <T extends UserDetailsService> DaoAuthenticationConfigurer<AuthenticationManagerBuilder, T> userDetailsService(
-			T userDetailsService) throws Exception {
-			return super.userDetailsService(userDetailsService)
-				.passwordEncoder(this.defaultPasswordEncoder);
+				T userDetailsService) throws Exception {
+			return super.userDetailsService(userDetailsService).passwordEncoder(this.defaultPasswordEncoder);
 		}
+
 	}
 
 	static class LazyPasswordEncoder implements PasswordEncoder {
+
 		private ApplicationContext applicationContext;
+
 		private PasswordEncoder passwordEncoder;
 
 		LazyPasswordEncoder(ApplicationContext applicationContext) {
@@ -610,8 +603,7 @@ public abstract class WebSecurityConfigurerAdapter implements
 		}
 
 		@Override
-		public boolean matches(CharSequence rawPassword,
-			String encodedPassword) {
+		public boolean matches(CharSequence rawPassword, String encodedPassword) {
 			return getPasswordEncoder().matches(rawPassword, encodedPassword);
 		}
 
@@ -635,7 +627,8 @@ public abstract class WebSecurityConfigurerAdapter implements
 		private <T> T getBeanOrNull(Class<T> type) {
 			try {
 				return this.applicationContext.getBean(type);
-			} catch(NoSuchBeanDefinitionException notFound) {
+			}
+			catch (NoSuchBeanDefinitionException notFound) {
 				return null;
 			}
 		}
@@ -644,5 +637,7 @@ public abstract class WebSecurityConfigurerAdapter implements
 		public String toString() {
 			return getPasswordEncoder().toString();
 		}
+
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractAuthenticationFilterConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractAuthenticationFilterConfigurer.java
index 0dfd232009..d9180e5c86 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractAuthenticationFilterConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractAuthenticationFilterConfigurer.java
@@ -51,11 +51,9 @@ import java.util.Collections;
  *
  * @see FormLoginConfigurer
  * @see OpenIDLoginConfigurer
- *
  * @param T refers to "this" for returning the current configurer
  * @param F refers to the {@link AbstractAuthenticationProcessingFilter} that is being
  * built
- *
  * @author Rob Winch
  * @since 3.2
  */
@@ -67,12 +65,15 @@ public abstract class AbstractAuthenticationFilterConfigurer<B extends HttpSecur
 	private AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource;
 
 	private SavedRequestAwareAuthenticationSuccessHandler defaultSuccessHandler = new SavedRequestAwareAuthenticationSuccessHandler();
+
 	private AuthenticationSuccessHandler successHandler = this.defaultSuccessHandler;
 
 	private LoginUrlAuthenticationEntryPoint authenticationEntryPoint;
 
 	private boolean customLoginPage;
+
 	private String loginPage;
+
 	private String loginProcessingUrl;
 
 	private AuthenticationFailureHandler failureHandler;
@@ -95,8 +96,7 @@ public abstract class AbstractAuthenticationFilterConfigurer<B extends HttpSecur
 	 * @param defaultLoginProcessingUrl the default URL to use for
 	 * {@link #loginProcessingUrl(String)}
 	 */
-	protected AbstractAuthenticationFilterConfigurer(F authenticationFilter,
-			String defaultLoginProcessingUrl) {
+	protected AbstractAuthenticationFilterConfigurer(F authenticationFilter, String defaultLoginProcessingUrl) {
 		this();
 		this.authFilter = authenticationFilter;
 		if (defaultLoginProcessingUrl != null) {
@@ -105,10 +105,9 @@ public abstract class AbstractAuthenticationFilterConfigurer<B extends HttpSecur
 	}
 
 	/**
-	 * Specifies where users will be redirected after authenticating successfully if
-	 * they have not visited a secured page prior to authenticating. This is a shortcut
-	 * for calling {@link #defaultSuccessUrl(String, boolean)}.
-	 *
+	 * Specifies where users will be redirected after authenticating successfully if they
+	 * have not visited a secured page prior to authenticating. This is a shortcut for
+	 * calling {@link #defaultSuccessUrl(String, boolean)}.
 	 * @param defaultSuccessUrl the default success url
 	 * @return the {@link FormLoginConfigurer} for additional customization
 	 */
@@ -117,11 +116,10 @@ public abstract class AbstractAuthenticationFilterConfigurer<B extends HttpSecur
 	}
 
 	/**
-	 * Specifies where users will be redirected after authenticating successfully if
-	 * they have not visited a secured page prior to authenticating or {@code alwaysUse}
-	 * is true. This is a shortcut for calling
+	 * Specifies where users will be redirected after authenticating successfully if they
+	 * have not visited a secured page prior to authenticating or {@code alwaysUse} is
+	 * true. This is a shortcut for calling
 	 * {@link #successHandler(AuthenticationSuccessHandler)}.
-	 *
 	 * @param defaultSuccessUrl the default success url
 	 * @param alwaysUse true if the {@code defaultSuccesUrl} should be used after
 	 * authentication despite if a protected page had been previously visited
@@ -137,14 +135,12 @@ public abstract class AbstractAuthenticationFilterConfigurer<B extends HttpSecur
 
 	/**
 	 * Specifies the URL to validate the credentials.
-	 *
 	 * @param loginProcessingUrl the URL to validate username and password
 	 * @return the {@link FormLoginConfigurer} for additional customization
 	 */
 	public T loginProcessingUrl(String loginProcessingUrl) {
 		this.loginProcessingUrl = loginProcessingUrl;
-		authFilter
-				.setRequiresAuthenticationRequestMatcher(createLoginProcessingUrlMatcher(loginProcessingUrl));
+		authFilter.setRequiresAuthenticationRequestMatcher(createLoginProcessingUrlMatcher(loginProcessingUrl));
 		return getSelf();
 	}
 
@@ -154,13 +150,11 @@ public abstract class AbstractAuthenticationFilterConfigurer<B extends HttpSecur
 	 * loginProcessingUrl
 	 * @return the {@link RequestMatcher} to use based upon the loginProcessingUrl
 	 */
-	protected abstract RequestMatcher createLoginProcessingUrlMatcher(
-			String loginProcessingUrl);
+	protected abstract RequestMatcher createLoginProcessingUrlMatcher(String loginProcessingUrl);
 
 	/**
 	 * Specifies a custom {@link AuthenticationDetailsSource}. The default is
 	 * {@link WebAuthenticationDetailsSource}.
-	 *
 	 * @param authenticationDetailsSource the custom {@link AuthenticationDetailsSource}
 	 * @return the {@link FormLoginConfigurer} for additional customization
 	 */
@@ -174,7 +168,6 @@ public abstract class AbstractAuthenticationFilterConfigurer<B extends HttpSecur
 	 * Specifies the {@link AuthenticationSuccessHandler} to be used. The default is
 	 * {@link SavedRequestAwareAuthenticationSuccessHandler} with no additional properties
 	 * set.
-	 *
 	 * @param successHandler the {@link AuthenticationSuccessHandler}.
 	 * @return the {@link FormLoginConfigurer} for additional customization
 	 */
@@ -192,9 +185,9 @@ public abstract class AbstractAuthenticationFilterConfigurer<B extends HttpSecur
 	}
 
 	/**
-	 * Ensures the urls for {@link #failureUrl(String)} as well as for the {@link HttpSecurityBuilder}, the
-	 * {@link #getLoginPage} and {@link #getLoginProcessingUrl} are granted access to any user.
-	 *
+	 * Ensures the urls for {@link #failureUrl(String)} as well as for the
+	 * {@link HttpSecurityBuilder}, the {@link #getLoginPage} and
+	 * {@link #getLoginProcessingUrl} are granted access to any user.
 	 * @param permitAll true to grant access to the URLs false to skip this step
 	 * @return the {@link FormLoginConfigurer} for additional customization
 	 */
@@ -207,14 +200,12 @@ public abstract class AbstractAuthenticationFilterConfigurer<B extends HttpSecur
 	 * The URL to send users if authentication fails. This is a shortcut for invoking
 	 * {@link #failureHandler(AuthenticationFailureHandler)}. The default is
 	 * "/login?error".
-	 *
 	 * @param authenticationFailureUrl the URL to send users if authentication fails (i.e.
 	 * "/login?error").
 	 * @return the {@link FormLoginConfigurer} for additional customization
 	 */
 	public final T failureUrl(String authenticationFailureUrl) {
-		T result = failureHandler(new SimpleUrlAuthenticationFailureHandler(
-				authenticationFailureUrl));
+		T result = failureHandler(new SimpleUrlAuthenticationFailureHandler(authenticationFailureUrl));
 		this.failureUrl = authenticationFailureUrl;
 		return result;
 	}
@@ -223,13 +214,11 @@ public abstract class AbstractAuthenticationFilterConfigurer<B extends HttpSecur
 	 * Specifies the {@link AuthenticationFailureHandler} to use when authentication
 	 * fails. The default is redirecting to "/login?error" using
 	 * {@link SimpleUrlAuthenticationFailureHandler}
-	 *
 	 * @param authenticationFailureHandler the {@link AuthenticationFailureHandler} to use
 	 * when authentication fails.
 	 * @return the {@link FormLoginConfigurer} for additional customization
 	 */
-	public final T failureHandler(
-			AuthenticationFailureHandler authenticationFailureHandler) {
+	public final T failureHandler(AuthenticationFailureHandler authenticationFailureHandler) {
 		this.failureUrl = null;
 		this.failureHandler = authenticationFailureHandler;
 		return getSelf();
@@ -249,25 +238,23 @@ public abstract class AbstractAuthenticationFilterConfigurer<B extends HttpSecur
 
 	@SuppressWarnings("unchecked")
 	protected final void registerAuthenticationEntryPoint(B http, AuthenticationEntryPoint authenticationEntryPoint) {
-		ExceptionHandlingConfigurer<B> exceptionHandling = http
-				.getConfigurer(ExceptionHandlingConfigurer.class);
+		ExceptionHandlingConfigurer<B> exceptionHandling = http.getConfigurer(ExceptionHandlingConfigurer.class);
 		if (exceptionHandling == null) {
 			return;
 		}
-		exceptionHandling.defaultAuthenticationEntryPointFor(
-				postProcess(authenticationEntryPoint), getAuthenticationEntryPointMatcher(http));
+		exceptionHandling.defaultAuthenticationEntryPointFor(postProcess(authenticationEntryPoint),
+				getAuthenticationEntryPointMatcher(http));
 	}
 
 	protected final RequestMatcher getAuthenticationEntryPointMatcher(B http) {
-		ContentNegotiationStrategy contentNegotiationStrategy = http
-				.getSharedObject(ContentNegotiationStrategy.class);
+		ContentNegotiationStrategy contentNegotiationStrategy = http.getSharedObject(ContentNegotiationStrategy.class);
 		if (contentNegotiationStrategy == null) {
 			contentNegotiationStrategy = new HeaderContentNegotiationStrategy();
 		}
 
-		MediaTypeRequestMatcher mediaMatcher = new MediaTypeRequestMatcher(
-				contentNegotiationStrategy, MediaType.APPLICATION_XHTML_XML,
-				new MediaType("image", "*"), MediaType.TEXT_HTML, MediaType.TEXT_PLAIN);
+		MediaTypeRequestMatcher mediaMatcher = new MediaTypeRequestMatcher(contentNegotiationStrategy,
+				MediaType.APPLICATION_XHTML_XML, new MediaType("image", "*"), MediaType.TEXT_HTML,
+				MediaType.TEXT_PLAIN);
 		mediaMatcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL));
 
 		RequestMatcher notXRequestedWith = new NegatedRequestMatcher(
@@ -288,8 +275,7 @@ public abstract class AbstractAuthenticationFilterConfigurer<B extends HttpSecur
 			this.defaultSuccessHandler.setRequestCache(requestCache);
 		}
 
-		authFilter.setAuthenticationManager(http
-				.getSharedObject(AuthenticationManager.class));
+		authFilter.setAuthenticationManager(http.getSharedObject(AuthenticationManager.class));
 		authFilter.setAuthenticationSuccessHandler(successHandler);
 		authFilter.setAuthenticationFailureHandler(failureHandler);
 		if (authenticationDetailsSource != null) {
@@ -300,8 +286,7 @@ public abstract class AbstractAuthenticationFilterConfigurer<B extends HttpSecur
 		if (sessionAuthenticationStrategy != null) {
 			authFilter.setSessionAuthenticationStrategy(sessionAuthenticationStrategy);
 		}
-		RememberMeServices rememberMeServices = http
-				.getSharedObject(RememberMeServices.class);
+		RememberMeServices rememberMeServices = http.getSharedObject(RememberMeServices.class);
 		if (rememberMeServices != null) {
 			authFilter.setRememberMeServices(rememberMeServices);
 		}
@@ -330,7 +315,6 @@ public abstract class AbstractAuthenticationFilterConfigurer<B extends HttpSecur
 	}
 
 	/**
-	 *
 	 * @return true if a custom login page has been specified, else false
 	 */
 	public final boolean isCustomLoginPage() {
@@ -339,7 +323,6 @@ public abstract class AbstractAuthenticationFilterConfigurer<B extends HttpSecur
 
 	/**
 	 * Gets the Authentication Filter
-	 *
 	 * @return the Authentication Filter
 	 */
 	protected final F getAuthenticationFilter() {
@@ -348,7 +331,6 @@ public abstract class AbstractAuthenticationFilterConfigurer<B extends HttpSecur
 
 	/**
 	 * Sets the Authentication Filter
-	 *
 	 * @param authFilter the Authentication Filter
 	 */
 	protected final void setAuthenticationFilter(F authFilter) {
@@ -357,7 +339,6 @@ public abstract class AbstractAuthenticationFilterConfigurer<B extends HttpSecur
 
 	/**
 	 * Gets the login page
-	 *
 	 * @return the login page
 	 */
 	protected final String getLoginPage() {
@@ -366,7 +347,6 @@ public abstract class AbstractAuthenticationFilterConfigurer<B extends HttpSecur
 
 	/**
 	 * Gets the Authentication Entry Point
-	 *
 	 * @return the Authentication Entry Point
 	 */
 	protected final AuthenticationEntryPoint getAuthenticationEntryPoint() {
@@ -376,7 +356,6 @@ public abstract class AbstractAuthenticationFilterConfigurer<B extends HttpSecur
 	/**
 	 * Gets the URL to submit an authentication request to (i.e. where username/password
 	 * must be submitted)
-	 *
 	 * @return the URL to submit an authentication request to
 	 */
 	protected final String getLoginProcessingUrl() {
@@ -385,7 +364,6 @@ public abstract class AbstractAuthenticationFilterConfigurer<B extends HttpSecur
 
 	/**
 	 * Gets the URL to send users to if authentication fails
-	 *
 	 * @return the URL to send users if authentication fails (e.g. "/login?error").
 	 */
 	protected final String getFailureUrl() {
@@ -394,7 +372,6 @@ public abstract class AbstractAuthenticationFilterConfigurer<B extends HttpSecur
 
 	/**
 	 * Updates the default values for authentication.
-	 *
 	 * @throws Exception
 	 */
 	protected final void updateAuthenticationDefaults() {
@@ -405,8 +382,7 @@ public abstract class AbstractAuthenticationFilterConfigurer<B extends HttpSecur
 			failureUrl(loginPage + "?error");
 		}
 
-		final LogoutConfigurer<B> logoutConfigurer = getBuilder().getConfigurer(
-				LogoutConfigurer.class);
+		final LogoutConfigurer<B> logoutConfigurer = getBuilder().getConfigurer(LogoutConfigurer.class);
 		if (logoutConfigurer != null && !logoutConfigurer.isCustomLogoutSuccess()) {
 			logoutConfigurer.logoutSuccessUrl(loginPage + "?logout");
 		}
@@ -434,4 +410,5 @@ public abstract class AbstractAuthenticationFilterConfigurer<B extends HttpSecur
 	private T getSelf() {
 		return (T) this;
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractConfigAttributeRequestMatcherRegistry.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractConfigAttributeRequestMatcherRegistry.java
index e7b0c48af1..758558e8a4 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractConfigAttributeRequestMatcherRegistry.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractConfigAttributeRequestMatcherRegistry.java
@@ -30,22 +30,20 @@ import org.springframework.security.web.util.matcher.RequestMatcher;
  *
  * @author Rob Winch
  * @since 3.2
- *
  * @param <C> The object that is returned or Chained after creating the RequestMatcher
- *
  * @see ChannelSecurityConfigurer
  * @see UrlAuthorizationConfigurer
  * @see ExpressionUrlAuthorizationConfigurer
  */
-public abstract class AbstractConfigAttributeRequestMatcherRegistry<C> extends
-		AbstractRequestMatcherRegistry<C> {
+public abstract class AbstractConfigAttributeRequestMatcherRegistry<C> extends AbstractRequestMatcherRegistry<C> {
+
 	private List<UrlMapping> urlMappings = new ArrayList<>();
+
 	private List<RequestMatcher> unmappedMatchers;
 
 	/**
 	 * Gets the {@link UrlMapping} added by subclasses in
 	 * {@link #chainRequestMatchers(java.util.List)}. May be empty.
-	 *
 	 * @return the {@link UrlMapping} added by subclasses in
 	 * {@link #chainRequestMatchers(java.util.List)}
 	 */
@@ -57,7 +55,6 @@ public abstract class AbstractConfigAttributeRequestMatcherRegistry<C> extends
 	 * Adds a {@link UrlMapping} added by subclasses in
 	 * {@link #chainRequestMatchers(java.util.List)} and resets the unmapped
 	 * {@link RequestMatcher}'s.
-	 *
 	 * @param urlMapping {@link UrlMapping} the mapping to add
 	 */
 	final void addMapping(UrlMapping urlMapping) {
@@ -68,7 +65,6 @@ public abstract class AbstractConfigAttributeRequestMatcherRegistry<C> extends
 	/**
 	 * Marks the {@link RequestMatcher}'s as unmapped and then calls
 	 * {@link #chainRequestMatchersInternal(List)}.
-	 *
 	 * @param requestMatchers the {@link RequestMatcher} instances that were created
 	 * @return the chained Object for the subclass which allows association of something
 	 * else to the {@link RequestMatcher}
@@ -81,7 +77,6 @@ public abstract class AbstractConfigAttributeRequestMatcherRegistry<C> extends
 	/**
 	 * Subclasses should implement this method for returning the object that is chained to
 	 * the creation of the {@link RequestMatcher} instances.
-	 *
 	 * @param requestMatchers the {@link RequestMatcher} instances that were created
 	 * @return the chained Object for the subclass which allows association of something
 	 * else to the {@link RequestMatcher}
@@ -91,7 +86,6 @@ public abstract class AbstractConfigAttributeRequestMatcherRegistry<C> extends
 	/**
 	 * Adds a {@link UrlMapping} added by subclasses in
 	 * {@link #chainRequestMatchers(java.util.List)} at a particular index.
-	 *
 	 * @param index the index to add a {@link UrlMapping}
 	 * @param urlMapping {@link UrlMapping} the mapping to add
 	 */
@@ -102,16 +96,13 @@ public abstract class AbstractConfigAttributeRequestMatcherRegistry<C> extends
 	/**
 	 * Creates the mapping of {@link RequestMatcher} to {@link Collection} of
 	 * {@link ConfigAttribute} instances
-	 *
 	 * @return the mapping of {@link RequestMatcher} to {@link Collection} of
 	 * {@link ConfigAttribute} instances. Cannot be null.
 	 */
 	final LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>> createRequestMap() {
 		if (unmappedMatchers != null) {
-			throw new IllegalStateException(
-					"An incomplete mapping was found for "
-							+ unmappedMatchers
-							+ ". Try completing it with something like requestUrls().<something>.hasRole('USER')");
+			throw new IllegalStateException("An incomplete mapping was found for " + unmappedMatchers
+					+ ". Try completing it with something like requestUrls().<something>.hasRole('USER')");
 		}
 
 		LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>> requestMap = new LinkedHashMap<>();
@@ -128,7 +119,9 @@ public abstract class AbstractConfigAttributeRequestMatcherRegistry<C> extends
 	 * {@link ConfigAttribute} instances
 	 */
 	static final class UrlMapping {
+
 		private RequestMatcher requestMatcher;
+
 		private Collection<ConfigAttribute> configAttrs;
 
 		UrlMapping(RequestMatcher requestMatcher, Collection<ConfigAttribute> configAttrs) {
@@ -143,5 +136,7 @@ public abstract class AbstractConfigAttributeRequestMatcherRegistry<C> extends
 		public Collection<ConfigAttribute> getConfigAttrs() {
 			return configAttrs;
 		}
+
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractHttpConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractHttpConfigurer.java
index 18c26b4236..7becadfb84 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractHttpConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractHttpConfigurer.java
@@ -35,7 +35,6 @@ public abstract class AbstractHttpConfigurer<T extends AbstractHttpConfigurer<T,
 	/**
 	 * Disables the {@link AbstractHttpConfigurer} by removing it. After doing so a fresh
 	 * version of the configuration can be applied.
-	 *
 	 * @return the {@link HttpSecurityBuilder} for additional customizations
 	 */
 	@SuppressWarnings("unchecked")
@@ -49,4 +48,5 @@ public abstract class AbstractHttpConfigurer<T extends AbstractHttpConfigurer<T,
 		addObjectPostProcessor(objectPostProcessor);
 		return (T) this;
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractInterceptUrlConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractInterceptUrlConfigurer.java
index 36f9f7b481..aa8bb0c8ab 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractInterceptUrlConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractInterceptUrlConfigurer.java
@@ -50,15 +50,11 @@ import org.springframework.security.web.access.intercept.FilterSecurityIntercept
  * The following shared objects are used:
  *
  * <ul>
- * <li>
- * {@link AuthenticationManager}
- * </li>
+ * <li>{@link AuthenticationManager}</li>
  * </ul>
  *
- *
  * @param <C> the AbstractInterceptUrlConfigurer
  * @param <H> the type of {@link HttpSecurityBuilder} that is being configured
- *
  * @author Rob Winch
  * @since 3.2
  * @see ExpressionUrlAuthorizationConfigurer
@@ -66,6 +62,7 @@ import org.springframework.security.web.access.intercept.FilterSecurityIntercept
  */
 abstract class AbstractInterceptUrlConfigurer<C extends AbstractInterceptUrlConfigurer<C, H>, H extends HttpSecurityBuilder<H>>
 		extends AbstractHttpConfigurer<C, H> {
+
 	private Boolean filterSecurityInterceptorOncePerRequest;
 
 	private AccessDecisionManager accessDecisionManager;
@@ -76,11 +73,10 @@ abstract class AbstractInterceptUrlConfigurer<C extends AbstractInterceptUrlConf
 		if (metadataSource == null) {
 			return;
 		}
-		FilterSecurityInterceptor securityInterceptor = createFilterSecurityInterceptor(
-				http, metadataSource, http.getSharedObject(AuthenticationManager.class));
+		FilterSecurityInterceptor securityInterceptor = createFilterSecurityInterceptor(http, metadataSource,
+				http.getSharedObject(AuthenticationManager.class));
 		if (filterSecurityInterceptorOncePerRequest != null) {
-			securityInterceptor
-					.setObserveOncePerRequest(filterSecurityInterceptorOncePerRequest);
+			securityInterceptor.setObserveOncePerRequest(filterSecurityInterceptorOncePerRequest);
 		}
 		securityInterceptor = postProcess(securityInterceptor);
 		http.addFilter(securityInterceptor);
@@ -91,9 +87,7 @@ abstract class AbstractInterceptUrlConfigurer<C extends AbstractInterceptUrlConf
 	 * Subclasses should implement this method to provide a
 	 * {@link FilterInvocationSecurityMetadataSource} for the
 	 * {@link FilterSecurityInterceptor}.
-	 *
 	 * @param http the builder to use
-	 *
 	 * @return the {@link FilterInvocationSecurityMetadataSource} to set on the
 	 * {@link FilterSecurityInterceptor}. Cannot be null.
 	 */
@@ -102,9 +96,7 @@ abstract class AbstractInterceptUrlConfigurer<C extends AbstractInterceptUrlConf
 	/**
 	 * Subclasses should implement this method to provide the {@link AccessDecisionVoter}
 	 * instances used to create the default {@link AccessDecisionManager}
-	 *
 	 * @param http the builder to use
-	 *
 	 * @return the {@link AccessDecisionVoter} instances used to create the default
 	 * {@link AccessDecisionManager}
 	 */
@@ -116,7 +108,6 @@ abstract class AbstractInterceptUrlConfigurer<C extends AbstractInterceptUrlConf
 		/**
 		 * Allows setting the {@link AccessDecisionManager}. If none is provided, a
 		 * default {@link AccessDecisionManager} is created.
-		 *
 		 * @param accessDecisionManager the {@link AccessDecisionManager} to use
 		 * @return the {@link AbstractInterceptUrlConfigurer} for further customization
 		 */
@@ -129,26 +120,24 @@ abstract class AbstractInterceptUrlConfigurer<C extends AbstractInterceptUrlConf
 		 * Allows setting if the {@link FilterSecurityInterceptor} should be only applied
 		 * once per request (i.e. if the filter intercepts on a forward, should it be
 		 * applied again).
-		 *
 		 * @param filterSecurityInterceptorOncePerRequest if the
 		 * {@link FilterSecurityInterceptor} should be only applied once per request
 		 * @return the {@link AbstractInterceptUrlConfigurer} for further customization
 		 */
-		public R filterSecurityInterceptorOncePerRequest(
-				boolean filterSecurityInterceptorOncePerRequest) {
+		public R filterSecurityInterceptorOncePerRequest(boolean filterSecurityInterceptorOncePerRequest) {
 			AbstractInterceptUrlConfigurer.this.filterSecurityInterceptorOncePerRequest = filterSecurityInterceptorOncePerRequest;
 			return getSelf();
 		}
 
 		/**
 		 * Returns a reference to the current object with a single suppression of the type
-		 *
 		 * @return a reference to the current object
 		 */
 		@SuppressWarnings("unchecked")
 		private R getSelf() {
 			return (R) this;
 		}
+
 	}
 
 	/**
@@ -162,11 +151,9 @@ abstract class AbstractInterceptUrlConfigurer<C extends AbstractInterceptUrlConf
 
 	/**
 	 * If currently null, creates a default {@link AccessDecisionManager} using
-	 * {@link #createDefaultAccessDecisionManager(HttpSecurityBuilder)}. Otherwise returns the
-	 * {@link AccessDecisionManager}.
-	 *
+	 * {@link #createDefaultAccessDecisionManager(HttpSecurityBuilder)}. Otherwise returns
+	 * the {@link AccessDecisionManager}.
 	 * @param http the builder to use
-	 *
 	 * @return the {@link AccessDecisionManager} to use
 	 */
 	private AccessDecisionManager getAccessDecisionManager(H http) {
@@ -178,7 +165,6 @@ abstract class AbstractInterceptUrlConfigurer<C extends AbstractInterceptUrlConf
 
 	/**
 	 * Creates the {@link FilterSecurityInterceptor}
-	 *
 	 * @param http the builder to use
 	 * @param metadataSource the {@link FilterInvocationSecurityMetadataSource} to use
 	 * @param authenticationManager the {@link AuthenticationManager} to use
@@ -186,8 +172,8 @@ abstract class AbstractInterceptUrlConfigurer<C extends AbstractInterceptUrlConf
 	 * @throws Exception
 	 */
 	private FilterSecurityInterceptor createFilterSecurityInterceptor(H http,
-			FilterInvocationSecurityMetadataSource metadataSource,
-			AuthenticationManager authenticationManager) throws Exception {
+			FilterInvocationSecurityMetadataSource metadataSource, AuthenticationManager authenticationManager)
+			throws Exception {
 		FilterSecurityInterceptor securityInterceptor = new FilterSecurityInterceptor();
 		securityInterceptor.setSecurityMetadataSource(metadataSource);
 		securityInterceptor.setAccessDecisionManager(getAccessDecisionManager(http));
@@ -195,4 +181,5 @@ abstract class AbstractInterceptUrlConfigurer<C extends AbstractInterceptUrlConf
 		securityInterceptor.afterPropertiesSet();
 		return securityInterceptor;
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AnonymousConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AnonymousConfigurer.java
index d597618b0e..0f9c2b99b3 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AnonymousConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AnonymousConfigurer.java
@@ -39,14 +39,18 @@ import org.springframework.security.web.authentication.AnonymousAuthenticationFi
  * @author Rob Winch
  * @since 3.2
  */
-public final class AnonymousConfigurer<H extends HttpSecurityBuilder<H>> extends
-		AbstractHttpConfigurer<AnonymousConfigurer<H>, H> {
+public final class AnonymousConfigurer<H extends HttpSecurityBuilder<H>>
+		extends AbstractHttpConfigurer<AnonymousConfigurer<H>, H> {
+
 	private String key;
+
 	private AuthenticationProvider authenticationProvider;
+
 	private AnonymousAuthenticationFilter authenticationFilter;
+
 	private Object principal = "anonymousUser";
-	private List<GrantedAuthority> authorities = AuthorityUtils
-			.createAuthorityList("ROLE_ANONYMOUS");
+
+	private List<GrantedAuthority> authorities = AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS");
 
 	/**
 	 * Creates a new instance
@@ -58,7 +62,6 @@ public final class AnonymousConfigurer<H extends HttpSecurityBuilder<H>> extends
 	/**
 	 * Sets the key to identify tokens created for anonymous authentication. Default is a
 	 * secure randomly generated key.
-	 *
 	 * @param key the key to identify tokens created for anonymous authentication. Default
 	 * is a secure randomly generated key.
 	 * @return the {@link AnonymousConfigurer} for further customization of anonymous
@@ -71,7 +74,6 @@ public final class AnonymousConfigurer<H extends HttpSecurityBuilder<H>> extends
 
 	/**
 	 * Sets the principal for {@link Authentication} objects of anonymous users
-	 *
 	 * @param principal used for the {@link Authentication} object of anonymous users
 	 * @return the {@link AnonymousConfigurer} for further customization of anonymous
 	 * authentication
@@ -84,7 +86,6 @@ public final class AnonymousConfigurer<H extends HttpSecurityBuilder<H>> extends
 	/**
 	 * Sets the {@link org.springframework.security.core.Authentication#getAuthorities()}
 	 * for anonymous users
-	 *
 	 * @param authorities Sets the
 	 * {@link org.springframework.security.core.Authentication#getAuthorities()} for
 	 * anonymous users
@@ -99,7 +100,6 @@ public final class AnonymousConfigurer<H extends HttpSecurityBuilder<H>> extends
 	/**
 	 * Sets the {@link org.springframework.security.core.Authentication#getAuthorities()}
 	 * for anonymous users
-	 *
 	 * @param authorities Sets the
 	 * {@link org.springframework.security.core.Authentication#getAuthorities()} for
 	 * anonymous users (i.e. "ROLE_ANONYMOUS")
@@ -114,15 +114,12 @@ public final class AnonymousConfigurer<H extends HttpSecurityBuilder<H>> extends
 	 * Sets the {@link AuthenticationProvider} used to validate an anonymous user. If this
 	 * is set, no attributes on the {@link AnonymousConfigurer} will be set on the
 	 * {@link AuthenticationProvider}.
-	 *
 	 * @param authenticationProvider the {@link AuthenticationProvider} used to validate
 	 * an anonymous user. Default is {@link AnonymousAuthenticationProvider}
-	 *
 	 * @return the {@link AnonymousConfigurer} for further customization of anonymous
 	 * authentication
 	 */
-	public AnonymousConfigurer<H> authenticationProvider(
-			AuthenticationProvider authenticationProvider) {
+	public AnonymousConfigurer<H> authenticationProvider(AuthenticationProvider authenticationProvider) {
 		this.authenticationProvider = authenticationProvider;
 		return this;
 	}
@@ -131,15 +128,12 @@ public final class AnonymousConfigurer<H extends HttpSecurityBuilder<H>> extends
 	 * Sets the {@link AnonymousAuthenticationFilter} used to populate an anonymous user.
 	 * If this is set, no attributes on the {@link AnonymousConfigurer} will be set on the
 	 * {@link AnonymousAuthenticationFilter}.
-	 *
 	 * @param authenticationFilter the {@link AnonymousAuthenticationFilter} used to
 	 * populate an anonymous user.
-	 *
 	 * @return the {@link AnonymousConfigurer} for further customization of anonymous
 	 * authentication
 	 */
-	public AnonymousConfigurer<H> authenticationFilter(
-			AnonymousAuthenticationFilter authenticationFilter) {
+	public AnonymousConfigurer<H> authenticationFilter(AnonymousAuthenticationFilter authenticationFilter) {
 		this.authenticationFilter = authenticationFilter;
 		return this;
 	}
@@ -150,8 +144,7 @@ public final class AnonymousConfigurer<H extends HttpSecurityBuilder<H>> extends
 			authenticationProvider = new AnonymousAuthenticationProvider(getKey());
 		}
 		if (authenticationFilter == null) {
-			authenticationFilter = new AnonymousAuthenticationFilter(getKey(), principal,
-					authorities);
+			authenticationFilter = new AnonymousAuthenticationFilter(getKey(), principal, authorities);
 		}
 		authenticationProvider = postProcess(authenticationProvider);
 		http.authenticationProvider(authenticationProvider);
@@ -169,4 +162,5 @@ public final class AnonymousConfigurer<H extends HttpSecurityBuilder<H>> extends
 		}
 		return key;
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ChannelSecurityConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ChannelSecurityConfigurer.java
index 1d3b99b5ef..6e32cbec24 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ChannelSecurityConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ChannelSecurityConfigurer.java
@@ -73,14 +73,16 @@ import org.springframework.security.web.util.matcher.RequestMatcher;
  * </ul>
  *
  * @param <H> the type of {@link HttpSecurityBuilder} that is being configured
- *
  * @author Rob Winch
  * @since 3.2
  */
-public final class ChannelSecurityConfigurer<H extends HttpSecurityBuilder<H>> extends
-		AbstractHttpConfigurer<ChannelSecurityConfigurer<H>, H> {
+public final class ChannelSecurityConfigurer<H extends HttpSecurityBuilder<H>>
+		extends AbstractHttpConfigurer<ChannelSecurityConfigurer<H>, H> {
+
 	private ChannelProcessingFilter channelFilter = new ChannelProcessingFilter();
+
 	private LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>> requestMap = new LinkedHashMap<>();
+
 	private List<ChannelProcessor> channelProcessors;
 
 	private final ChannelRequestMatcherRegistry REGISTRY;
@@ -133,15 +135,12 @@ public final class ChannelSecurityConfigurer<H extends HttpSecurityBuilder<H>> e
 		}
 		insecureChannelProcessor = postProcess(insecureChannelProcessor);
 		secureChannelProcessor = postProcess(secureChannelProcessor);
-		return Arrays.<ChannelProcessor> asList(insecureChannelProcessor,
-				secureChannelProcessor);
+		return Arrays.<ChannelProcessor>asList(insecureChannelProcessor, secureChannelProcessor);
 	}
 
-	private ChannelRequestMatcherRegistry addAttribute(String attribute,
-			List<? extends RequestMatcher> matchers) {
+	private ChannelRequestMatcherRegistry addAttribute(String attribute, List<? extends RequestMatcher> matchers) {
 		for (RequestMatcher matcher : matchers) {
-			Collection<ConfigAttribute> attrs = Arrays
-					.<ConfigAttribute> asList(new SecurityConfig(attribute));
+			Collection<ConfigAttribute> attrs = Arrays.<ConfigAttribute>asList(new SecurityConfig(attribute));
 			requestMap.put(matcher, attrs);
 		}
 		return REGISTRY;
@@ -155,8 +154,7 @@ public final class ChannelSecurityConfigurer<H extends HttpSecurityBuilder<H>> e
 		}
 
 		@Override
-		public MvcMatchersRequiresChannelUrl mvcMatchers(HttpMethod method,
-				String... mvcPatterns) {
+		public MvcMatchersRequiresChannelUrl mvcMatchers(HttpMethod method, String... mvcPatterns) {
 			List<MvcRequestMatcher> mvcMatchers = createMvcMatchers(method, mvcPatterns);
 			return new MvcMatchersRequiresChannelUrl(mvcMatchers);
 		}
@@ -167,19 +165,16 @@ public final class ChannelSecurityConfigurer<H extends HttpSecurityBuilder<H>> e
 		}
 
 		@Override
-		protected RequiresChannelUrl chainRequestMatchersInternal(
-				List<RequestMatcher> requestMatchers) {
+		protected RequiresChannelUrl chainRequestMatchersInternal(List<RequestMatcher> requestMatchers) {
 			return new RequiresChannelUrl(requestMatchers);
 		}
 
 		/**
 		 * Adds an {@link ObjectPostProcessor} for this class.
-		 *
 		 * @param objectPostProcessor
 		 * @return the {@link ChannelSecurityConfigurer} for further customizations
 		 */
-		public ChannelRequestMatcherRegistry withObjectPostProcessor(
-				ObjectPostProcessor<?> objectPostProcessor) {
+		public ChannelRequestMatcherRegistry withObjectPostProcessor(ObjectPostProcessor<?> objectPostProcessor) {
 			addObjectPostProcessor(objectPostProcessor);
 			return this;
 		}
@@ -190,8 +185,7 @@ public final class ChannelSecurityConfigurer<H extends HttpSecurityBuilder<H>> e
 		 * @param channelProcessors
 		 * @return the {@link ChannelSecurityConfigurer} for further customizations
 		 */
-		public ChannelRequestMatcherRegistry channelProcessors(
-				List<ChannelProcessor> channelProcessors) {
+		public ChannelRequestMatcherRegistry channelProcessors(List<ChannelProcessor> channelProcessors) {
 			ChannelSecurityConfigurer.this.channelProcessors = channelProcessors;
 			return this;
 		}
@@ -199,12 +193,12 @@ public final class ChannelSecurityConfigurer<H extends HttpSecurityBuilder<H>> e
 		/**
 		 * Return the {@link SecurityBuilder} when done using the
 		 * {@link SecurityConfigurer}. This is useful for method chaining.
-		 *
 		 * @return the type of {@link HttpSecurityBuilder} that is being configured
 		 */
 		public H and() {
 			return ChannelSecurityConfigurer.this.and();
 		}
+
 	}
 
 	public final class MvcMatchersRequiresChannelUrl extends RequiresChannelUrl {
@@ -219,9 +213,11 @@ public final class ChannelSecurityConfigurer<H extends HttpSecurityBuilder<H>> e
 			}
 			return this;
 		}
+
 	}
 
 	public class RequiresChannelUrl {
+
 		protected List<? extends RequestMatcher> requestMatchers;
 
 		private RequiresChannelUrl(List<? extends RequestMatcher> requestMatchers) {
@@ -239,5 +235,7 @@ public final class ChannelSecurityConfigurer<H extends HttpSecurityBuilder<H>> e
 		public ChannelRequestMatcherRegistry requires(String attribute) {
 			return addAttribute(attribute, requestMatchers);
 		}
+
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/CorsConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/CorsConfigurer.java
index 449061d49f..ccf9aa26ee 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/CorsConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/CorsConfigurer.java
@@ -36,11 +36,12 @@ import org.springframework.web.servlet.handler.HandlerMappingIntrospector;
  * @author Rob Winch
  * @since 4.1.1
  */
-public class CorsConfigurer<H extends HttpSecurityBuilder<H>>
-		extends AbstractHttpConfigurer<CorsConfigurer<H>, H> {
+public class CorsConfigurer<H extends HttpSecurityBuilder<H>> extends AbstractHttpConfigurer<CorsConfigurer<H>, H> {
 
 	private static final String HANDLER_MAPPING_INTROSPECTOR = "org.springframework.web.servlet.handler.HandlerMappingIntrospector";
+
 	private static final String CORS_CONFIGURATION_SOURCE_BEAN_NAME = "corsConfigurationSource";
+
 	private static final String CORS_FILTER_BEAN_NAME = "corsFilter";
 
 	private CorsConfigurationSource configurationSource;
@@ -53,8 +54,7 @@ public class CorsConfigurer<H extends HttpSecurityBuilder<H>>
 	public CorsConfigurer() {
 	}
 
-	public CorsConfigurer<H> configurationSource(
-			CorsConfigurationSource configurationSource) {
+	public CorsConfigurer<H> configurationSource(CorsConfigurationSource configurationSource) {
 		this.configurationSource = configurationSource;
 		return this;
 	}
@@ -65,9 +65,8 @@ public class CorsConfigurer<H extends HttpSecurityBuilder<H>>
 
 		CorsFilter corsFilter = getCorsFilter(context);
 		if (corsFilter == null) {
-			throw new IllegalStateException(
-					"Please configure either a " + CORS_FILTER_BEAN_NAME + " bean or a "
-							+ CORS_CONFIGURATION_SOURCE_BEAN_NAME + "bean.");
+			throw new IllegalStateException("Please configure either a " + CORS_FILTER_BEAN_NAME + " bean or a "
+					+ CORS_CONFIGURATION_SOURCE_BEAN_NAME + "bean.");
 		}
 		http.addFilter(corsFilter);
 	}
@@ -77,31 +76,29 @@ public class CorsConfigurer<H extends HttpSecurityBuilder<H>>
 			return new CorsFilter(this.configurationSource);
 		}
 
-		boolean containsCorsFilter = context
-				.containsBeanDefinition(CORS_FILTER_BEAN_NAME);
+		boolean containsCorsFilter = context.containsBeanDefinition(CORS_FILTER_BEAN_NAME);
 		if (containsCorsFilter) {
 			return context.getBean(CORS_FILTER_BEAN_NAME, CorsFilter.class);
 		}
 
-		boolean containsCorsSource = context
-				.containsBean(CORS_CONFIGURATION_SOURCE_BEAN_NAME);
+		boolean containsCorsSource = context.containsBean(CORS_CONFIGURATION_SOURCE_BEAN_NAME);
 		if (containsCorsSource) {
-			CorsConfigurationSource configurationSource = context.getBean(
-					CORS_CONFIGURATION_SOURCE_BEAN_NAME, CorsConfigurationSource.class);
+			CorsConfigurationSource configurationSource = context.getBean(CORS_CONFIGURATION_SOURCE_BEAN_NAME,
+					CorsConfigurationSource.class);
 			return new CorsFilter(configurationSource);
 		}
 
-		boolean mvcPresent = ClassUtils.isPresent(HANDLER_MAPPING_INTROSPECTOR,
-				context.getClassLoader());
+		boolean mvcPresent = ClassUtils.isPresent(HANDLER_MAPPING_INTROSPECTOR, context.getClassLoader());
 		if (mvcPresent) {
 			return MvcCorsFilter.getMvcCorsFilter(context);
 		}
 		return null;
 	}
 
-
 	static class MvcCorsFilter {
+
 		private static final String HANDLER_MAPPING_INTROSPECTOR_BEAN_NAME = "mvcHandlerMappingIntrospector";
+
 		/**
 		 * This needs to be isolated into a separate class as Spring MVC is an optional
 		 * dependency and will potentially cause ClassLoading issues
@@ -110,11 +107,16 @@ public class CorsConfigurer<H extends HttpSecurityBuilder<H>>
 		 */
 		private static CorsFilter getMvcCorsFilter(ApplicationContext context) {
 			if (!context.containsBean(HANDLER_MAPPING_INTROSPECTOR_BEAN_NAME)) {
-				throw new NoSuchBeanDefinitionException(HANDLER_MAPPING_INTROSPECTOR_BEAN_NAME, "A Bean named " + HANDLER_MAPPING_INTROSPECTOR_BEAN_NAME +" of type " + HandlerMappingIntrospector.class.getName()
+				throw new NoSuchBeanDefinitionException(HANDLER_MAPPING_INTROSPECTOR_BEAN_NAME, "A Bean named "
+						+ HANDLER_MAPPING_INTROSPECTOR_BEAN_NAME + " of type "
+						+ HandlerMappingIntrospector.class.getName()
 						+ " is required to use MvcRequestMatcher. Please ensure Spring Security & Spring MVC are configured in a shared ApplicationContext.");
 			}
-			HandlerMappingIntrospector mappingIntrospector = context.getBean(HANDLER_MAPPING_INTROSPECTOR_BEAN_NAME, HandlerMappingIntrospector.class);
+			HandlerMappingIntrospector mappingIntrospector = context.getBean(HANDLER_MAPPING_INTROSPECTOR_BEAN_NAME,
+					HandlerMappingIntrospector.class);
 			return new CorsFilter(mappingIntrospector);
 		}
+
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurer.java
index 33b34bcef5..5c2e4be582 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurer.java
@@ -78,11 +78,15 @@ import org.springframework.util.Assert;
  */
 public final class CsrfConfigurer<H extends HttpSecurityBuilder<H>>
 		extends AbstractHttpConfigurer<CsrfConfigurer<H>, H> {
-	private CsrfTokenRepository csrfTokenRepository = new LazyCsrfTokenRepository(
-			new HttpSessionCsrfTokenRepository());
+
+	private CsrfTokenRepository csrfTokenRepository = new LazyCsrfTokenRepository(new HttpSessionCsrfTokenRepository());
+
 	private RequestMatcher requireCsrfProtectionMatcher = CsrfFilter.DEFAULT_CSRF_MATCHER;
+
 	private List<RequestMatcher> ignoredCsrfProtectionMatchers = new ArrayList<>();
+
 	private SessionAuthenticationStrategy sessionAuthenticationStrategy;
+
 	private final ApplicationContext context;
 
 	/**
@@ -96,12 +100,10 @@ public final class CsrfConfigurer<H extends HttpSecurityBuilder<H>>
 	/**
 	 * Specify the {@link CsrfTokenRepository} to use. The default is an
 	 * {@link HttpSessionCsrfTokenRepository} wrapped by {@link LazyCsrfTokenRepository}.
-	 *
 	 * @param csrfTokenRepository the {@link CsrfTokenRepository} to use
 	 * @return the {@link CsrfConfigurer} for further customizations
 	 */
-	public CsrfConfigurer<H> csrfTokenRepository(
-			CsrfTokenRepository csrfTokenRepository) {
+	public CsrfConfigurer<H> csrfTokenRepository(CsrfTokenRepository csrfTokenRepository) {
 		Assert.notNull(csrfTokenRepository, "csrfTokenRepository cannot be null");
 		this.csrfTokenRepository = csrfTokenRepository;
 		return this;
@@ -111,14 +113,11 @@ public final class CsrfConfigurer<H extends HttpSecurityBuilder<H>>
 	 * Specify the {@link RequestMatcher} to use for determining when CSRF should be
 	 * applied. The default is to ignore GET, HEAD, TRACE, OPTIONS and process all other
 	 * requests.
-	 *
 	 * @param requireCsrfProtectionMatcher the {@link RequestMatcher} to use
 	 * @return the {@link CsrfConfigurer} for further customizations
 	 */
-	public CsrfConfigurer<H> requireCsrfProtectionMatcher(
-			RequestMatcher requireCsrfProtectionMatcher) {
-		Assert.notNull(requireCsrfProtectionMatcher,
-				"requireCsrfProtectionMatcher cannot be null");
+	public CsrfConfigurer<H> requireCsrfProtectionMatcher(RequestMatcher requireCsrfProtectionMatcher) {
+		Assert.notNull(requireCsrfProtectionMatcher, "requireCsrfProtectionMatcher cannot be null");
 		this.requireCsrfProtectionMatcher = requireCsrfProtectionMatcher;
 		return this;
 	}
@@ -148,8 +147,7 @@ public final class CsrfConfigurer<H extends HttpSecurityBuilder<H>>
 	 * @since 4.0
 	 */
 	public CsrfConfigurer<H> ignoringAntMatchers(String... antPatterns) {
-		return new IgnoreCsrfProtectionRegistry(this.context).antMatchers(antPatterns)
-				.and();
+		return new IgnoreCsrfProtectionRegistry(this.context).antMatchers(antPatterns).and();
 	}
 
 	/**
@@ -163,7 +161,8 @@ public final class CsrfConfigurer<H extends HttpSecurityBuilder<H>>
 	 * </p>
 	 * <ul>
 	 * <li>Any GET, HEAD, TRACE, OPTIONS (this is the default)</li>
-	 * <li>We also explicitly state to ignore any request that has a "X-Requested-With: XMLHttpRequest" header</li>
+	 * <li>We also explicitly state to ignore any request that has a "X-Requested-With:
+	 * XMLHttpRequest" header</li>
 	 * </ul>
 	 *
 	 * <pre>
@@ -177,8 +176,7 @@ public final class CsrfConfigurer<H extends HttpSecurityBuilder<H>>
 	 * @since 5.1
 	 */
 	public CsrfConfigurer<H> ignoringRequestMatchers(RequestMatcher... requestMatchers) {
-		return new IgnoreCsrfProtectionRegistry(this.context).requestMatchers(requestMatchers)
-				.and();
+		return new IgnoreCsrfProtectionRegistry(this.context).requestMatchers(requestMatchers).and();
 	}
 
 	/**
@@ -189,14 +187,13 @@ public final class CsrfConfigurer<H extends HttpSecurityBuilder<H>>
 	 *
 	 * @author Michael Vitz
 	 * @since 5.2
-	 *
-	 * @param sessionAuthenticationStrategy the {@link SessionAuthenticationStrategy} to use
+	 * @param sessionAuthenticationStrategy the {@link SessionAuthenticationStrategy} to
+	 * use
 	 * @return the {@link CsrfConfigurer} for further customizations
 	 */
 	public CsrfConfigurer<H> sessionAuthenticationStrategy(
 			SessionAuthenticationStrategy sessionAuthenticationStrategy) {
-		Assert.notNull(sessionAuthenticationStrategy,
-				"sessionAuthenticationStrategy cannot be null");
+		Assert.notNull(sessionAuthenticationStrategy, "sessionAuthenticationStrategy cannot be null");
 		this.sessionAuthenticationStrategy = sessionAuthenticationStrategy;
 		return this;
 	}
@@ -215,14 +212,11 @@ public final class CsrfConfigurer<H extends HttpSecurityBuilder<H>>
 		}
 		LogoutConfigurer<H> logoutConfigurer = http.getConfigurer(LogoutConfigurer.class);
 		if (logoutConfigurer != null) {
-			logoutConfigurer
-					.addLogoutHandler(new CsrfLogoutHandler(this.csrfTokenRepository));
+			logoutConfigurer.addLogoutHandler(new CsrfLogoutHandler(this.csrfTokenRepository));
 		}
-		SessionManagementConfigurer<H> sessionConfigurer = http
-				.getConfigurer(SessionManagementConfigurer.class);
+		SessionManagementConfigurer<H> sessionConfigurer = http.getConfigurer(SessionManagementConfigurer.class);
 		if (sessionConfigurer != null) {
-			sessionConfigurer.addSessionAuthenticationStrategy(
-					getSessionAuthenticationStrategy());
+			sessionConfigurer.addSessionAuthenticationStrategy(getSessionAuthenticationStrategy());
 		}
 		filter = postProcess(filter);
 		http.addFilter(filter);
@@ -231,7 +225,6 @@ public final class CsrfConfigurer<H extends HttpSecurityBuilder<H>>
 	/**
 	 * Gets the final {@link RequestMatcher} to use by combining the
 	 * {@link #requireCsrfProtectionMatcher(RequestMatcher)} and any {@link #ignore()}.
-	 *
 	 * @return the {@link RequestMatcher} to use
 	 */
 	private RequestMatcher getRequireCsrfProtectionMatcher() {
@@ -239,22 +232,19 @@ public final class CsrfConfigurer<H extends HttpSecurityBuilder<H>>
 			return this.requireCsrfProtectionMatcher;
 		}
 		return new AndRequestMatcher(this.requireCsrfProtectionMatcher,
-				new NegatedRequestMatcher(
-						new OrRequestMatcher(this.ignoredCsrfProtectionMatchers)));
+				new NegatedRequestMatcher(new OrRequestMatcher(this.ignoredCsrfProtectionMatchers)));
 	}
 
 	/**
 	 * Gets the default {@link AccessDeniedHandler} from the
 	 * {@link ExceptionHandlingConfigurer#getAccessDeniedHandler()} or create a
 	 * {@link AccessDeniedHandlerImpl} if not available.
-	 *
 	 * @param http the {@link HttpSecurityBuilder}
 	 * @return the {@link AccessDeniedHandler}
 	 */
 	@SuppressWarnings("unchecked")
 	private AccessDeniedHandler getDefaultAccessDeniedHandler(H http) {
-		ExceptionHandlingConfigurer<H> exceptionConfig = http
-				.getConfigurer(ExceptionHandlingConfigurer.class);
+		ExceptionHandlingConfigurer<H> exceptionConfig = http.getConfigurer(ExceptionHandlingConfigurer.class);
 		AccessDeniedHandler handler = null;
 		if (exceptionConfig != null) {
 			handler = exceptionConfig.getAccessDeniedHandler();
@@ -269,14 +259,12 @@ public final class CsrfConfigurer<H extends HttpSecurityBuilder<H>>
 	 * Gets the default {@link InvalidSessionStrategy} from the
 	 * {@link SessionManagementConfigurer#getInvalidSessionStrategy()} or null if not
 	 * available.
-	 *
 	 * @param http the {@link HttpSecurityBuilder}
 	 * @return the {@link InvalidSessionStrategy}
 	 */
 	@SuppressWarnings("unchecked")
 	private InvalidSessionStrategy getInvalidSessionStrategy(H http) {
-		SessionManagementConfigurer<H> sessionManagement = http
-				.getConfigurer(SessionManagementConfigurer.class);
+		SessionManagementConfigurer<H> sessionManagement = http.getConfigurer(SessionManagementConfigurer.class);
 		if (sessionManagement == null) {
 			return null;
 		}
@@ -292,14 +280,12 @@ public final class CsrfConfigurer<H extends HttpSecurityBuilder<H>>
 	 * {@link InvalidSessionAccessDeniedHandler} and the
 	 * {@link #getDefaultAccessDeniedHandler(HttpSecurityBuilder)}. Otherwise, only
 	 * {@link #getDefaultAccessDeniedHandler(HttpSecurityBuilder)} is used.
-	 *
 	 * @param http the {@link HttpSecurityBuilder}
 	 * @return the {@link AccessDeniedHandler}
 	 */
 	private AccessDeniedHandler createAccessDeniedHandler(H http) {
 		InvalidSessionStrategy invalidSessionStrategy = getInvalidSessionStrategy(http);
-		AccessDeniedHandler defaultAccessDeniedHandler = getDefaultAccessDeniedHandler(
-				http);
+		AccessDeniedHandler defaultAccessDeniedHandler = getDefaultAccessDeniedHandler(http);
 		if (invalidSessionStrategy == null) {
 			return defaultAccessDeniedHandler;
 		}
@@ -312,18 +298,18 @@ public final class CsrfConfigurer<H extends HttpSecurityBuilder<H>>
 	}
 
 	/**
-	 * Gets the {@link SessionAuthenticationStrategy} to use. If none was set by the user a
-	 * {@link CsrfAuthenticationStrategy} is created.
+	 * Gets the {@link SessionAuthenticationStrategy} to use. If none was set by the user
+	 * a {@link CsrfAuthenticationStrategy} is created.
 	 *
 	 * @author Michael Vitz
 	 * @since 5.2
-	 *
 	 * @return the {@link SessionAuthenticationStrategy}
 	 */
 	private SessionAuthenticationStrategy getSessionAuthenticationStrategy() {
 		if (sessionAuthenticationStrategy != null) {
 			return sessionAuthenticationStrategy;
-		} else {
+		}
+		else {
 			return new CsrfAuthenticationStrategy(this.csrfTokenRepository);
 		}
 	}
@@ -336,8 +322,7 @@ public final class CsrfConfigurer<H extends HttpSecurityBuilder<H>>
 	 * @author Rob Winch
 	 * @since 4.0
 	 */
-	private class IgnoreCsrfProtectionRegistry
-			extends AbstractRequestMatcherRegistry<IgnoreCsrfProtectionRegistry> {
+	private class IgnoreCsrfProtectionRegistry extends AbstractRequestMatcherRegistry<IgnoreCsrfProtectionRegistry> {
 
 		/**
 		 * @param context
@@ -347,12 +332,10 @@ public final class CsrfConfigurer<H extends HttpSecurityBuilder<H>>
 		}
 
 		@Override
-		public MvcMatchersIgnoreCsrfProtectionRegistry mvcMatchers(HttpMethod method,
-				String... mvcPatterns) {
+		public MvcMatchersIgnoreCsrfProtectionRegistry mvcMatchers(HttpMethod method, String... mvcPatterns) {
 			List<MvcRequestMatcher> mvcMatchers = createMvcMatchers(method, mvcPatterns);
 			CsrfConfigurer.this.ignoredCsrfProtectionMatchers.addAll(mvcMatchers);
-			return new MvcMatchersIgnoreCsrfProtectionRegistry(getApplicationContext(),
-					mvcMatchers);
+			return new MvcMatchersIgnoreCsrfProtectionRegistry(getApplicationContext(), mvcMatchers);
 		}
 
 		@Override
@@ -365,11 +348,11 @@ public final class CsrfConfigurer<H extends HttpSecurityBuilder<H>>
 		}
 
 		@Override
-		protected IgnoreCsrfProtectionRegistry chainRequestMatchers(
-				List<RequestMatcher> requestMatchers) {
+		protected IgnoreCsrfProtectionRegistry chainRequestMatchers(List<RequestMatcher> requestMatchers) {
 			CsrfConfigurer.this.ignoredCsrfProtectionMatchers.addAll(requestMatchers);
 			return this;
 		}
+
 	}
 
 	/**
@@ -378,8 +361,8 @@ public final class CsrfConfigurer<H extends HttpSecurityBuilder<H>>
 	 *
 	 * @author Rob Winch
 	 */
-	private final class MvcMatchersIgnoreCsrfProtectionRegistry
-			extends IgnoreCsrfProtectionRegistry {
+	private final class MvcMatchersIgnoreCsrfProtectionRegistry extends IgnoreCsrfProtectionRegistry {
+
 		private final List<MvcRequestMatcher> mvcMatchers;
 
 		private MvcMatchersIgnoreCsrfProtectionRegistry(ApplicationContext context,
@@ -394,5 +377,7 @@ public final class CsrfConfigurer<H extends HttpSecurityBuilder<H>>
 			}
 			return this;
 		}
+
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/DefaultLoginPageConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/DefaultLoginPageConfigurer.java
index 251c586f3e..92c09d6192 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/DefaultLoginPageConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/DefaultLoginPageConfigurer.java
@@ -49,7 +49,8 @@ import java.util.function.Function;
  *
  * <h2>Shared Objects Created</h2>
  *
- * No shared objects are created. isLogoutRequest <h2>Shared Objects Used</h2>
+ * No shared objects are created. isLogoutRequest
+ * <h2>Shared Objects Used</h2>
  *
  * The following shared objects are used:
  *
@@ -61,12 +62,11 @@ import java.util.function.Function;
  * </ul>
  *
  * @see WebSecurityConfigurerAdapter
- *
  * @author Rob Winch
  * @since 3.2
  */
-public final class DefaultLoginPageConfigurer<H extends HttpSecurityBuilder<H>> extends
-		AbstractHttpConfigurer<DefaultLoginPageConfigurer<H>, H> {
+public final class DefaultLoginPageConfigurer<H extends HttpSecurityBuilder<H>>
+		extends AbstractHttpConfigurer<DefaultLoginPageConfigurer<H>, H> {
 
 	private DefaultLoginPageGeneratingFilter loginPageGeneratingFilter = new DefaultLoginPageGeneratingFilter();
 
@@ -83,16 +83,14 @@ public final class DefaultLoginPageConfigurer<H extends HttpSecurityBuilder<H>>
 		};
 		this.loginPageGeneratingFilter.setResolveHiddenInputs(hiddenInputs);
 		this.logoutPageGeneratingFilter.setResolveHiddenInputs(hiddenInputs);
-		http.setSharedObject(DefaultLoginPageGeneratingFilter.class,
-				loginPageGeneratingFilter);
+		http.setSharedObject(DefaultLoginPageGeneratingFilter.class, loginPageGeneratingFilter);
 	}
 
 	@Override
 	@SuppressWarnings("unchecked")
 	public void configure(H http) {
 		AuthenticationEntryPoint authenticationEntryPoint = null;
-		ExceptionHandlingConfigurer<?> exceptionConf = http
-				.getConfigurer(ExceptionHandlingConfigurer.class);
+		ExceptionHandlingConfigurer<?> exceptionConf = http.getConfigurer(ExceptionHandlingConfigurer.class);
 		if (exceptionConf != null) {
 			authenticationEntryPoint = exceptionConf.getAuthenticationEntryPoint();
 		}
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurer.java
index d1741cf898..43b1a09ec3 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurer.java
@@ -62,8 +62,8 @@ import org.springframework.security.web.util.matcher.RequestMatcher;
  * @author Rob Winch
  * @since 3.2
  */
-public final class ExceptionHandlingConfigurer<H extends HttpSecurityBuilder<H>> extends
-		AbstractHttpConfigurer<ExceptionHandlingConfigurer<H>, H> {
+public final class ExceptionHandlingConfigurer<H extends HttpSecurityBuilder<H>>
+		extends AbstractHttpConfigurer<ExceptionHandlingConfigurer<H>, H> {
 
 	private AuthenticationEntryPoint authenticationEntryPoint;
 
@@ -83,7 +83,6 @@ public final class ExceptionHandlingConfigurer<H extends HttpSecurityBuilder<H>>
 	/**
 	 * Shortcut to specify the {@link AccessDeniedHandler} to be used is a specific error
 	 * page
-	 *
 	 * @param accessDeniedUrl the URL to the access denied page (i.e. /errors/401)
 	 * @return the {@link ExceptionHandlingConfigurer} for further customization
 	 * @see AccessDeniedHandlerImpl
@@ -97,32 +96,29 @@ public final class ExceptionHandlingConfigurer<H extends HttpSecurityBuilder<H>>
 
 	/**
 	 * Specifies the {@link AccessDeniedHandler} to be used
-	 *
 	 * @param accessDeniedHandler the {@link AccessDeniedHandler} to be used
 	 * @return the {@link ExceptionHandlingConfigurer} for further customization
 	 */
-	public ExceptionHandlingConfigurer<H> accessDeniedHandler(
-			AccessDeniedHandler accessDeniedHandler) {
+	public ExceptionHandlingConfigurer<H> accessDeniedHandler(AccessDeniedHandler accessDeniedHandler) {
 		this.accessDeniedHandler = accessDeniedHandler;
 		return this;
 	}
 
 	/**
-	 * Sets a default {@link AccessDeniedHandler} to be used which prefers being
-	 * invoked for the provided {@link RequestMatcher}. If only a single default
-	 * {@link AccessDeniedHandler} is specified, it will be what is used for the
-	 * default {@link AccessDeniedHandler}. If multiple default
-	 * {@link AccessDeniedHandler} instances are configured, then a
+	 * Sets a default {@link AccessDeniedHandler} to be used which prefers being invoked
+	 * for the provided {@link RequestMatcher}. If only a single default
+	 * {@link AccessDeniedHandler} is specified, it will be what is used for the default
+	 * {@link AccessDeniedHandler}. If multiple default {@link AccessDeniedHandler}
+	 * instances are configured, then a
 	 * {@link RequestMatcherDelegatingAccessDeniedHandler} will be used.
-	 *
 	 * @param deniedHandler the {@link AccessDeniedHandler} to use
 	 * @param preferredMatcher the {@link RequestMatcher} for this default
 	 * {@link AccessDeniedHandler}
 	 * @return the {@link ExceptionHandlingConfigurer} for further customizations
 	 * @since 5.1
 	 */
-	public ExceptionHandlingConfigurer<H> defaultAccessDeniedHandlerFor(
-			AccessDeniedHandler deniedHandler, RequestMatcher preferredMatcher) {
+	public ExceptionHandlingConfigurer<H> defaultAccessDeniedHandlerFor(AccessDeniedHandler deniedHandler,
+			RequestMatcher preferredMatcher) {
 		this.defaultDeniedHandlerMappings.put(preferredMatcher, deniedHandler);
 		return this;
 	}
@@ -141,12 +137,10 @@ public final class ExceptionHandlingConfigurer<H extends HttpSecurityBuilder<H>>
 	 * <p>
 	 * If that is not provided defaults to {@link Http403ForbiddenEntryPoint}.
 	 * </p>
-	 *
 	 * @param authenticationEntryPoint the {@link AuthenticationEntryPoint} to use
 	 * @return the {@link ExceptionHandlingConfigurer} for further customizations
 	 */
-	public ExceptionHandlingConfigurer<H> authenticationEntryPoint(
-			AuthenticationEntryPoint authenticationEntryPoint) {
+	public ExceptionHandlingConfigurer<H> authenticationEntryPoint(AuthenticationEntryPoint authenticationEntryPoint) {
 		this.authenticationEntryPoint = authenticationEntryPoint;
 		return this;
 	}
@@ -158,14 +152,13 @@ public final class ExceptionHandlingConfigurer<H extends HttpSecurityBuilder<H>>
 	 * default {@link AuthenticationEntryPoint}. If multiple default
 	 * {@link AuthenticationEntryPoint} instances are configured, then a
 	 * {@link DelegatingAuthenticationEntryPoint} will be used.
-	 *
 	 * @param entryPoint the {@link AuthenticationEntryPoint} to use
 	 * @param preferredMatcher the {@link RequestMatcher} for this default
 	 * {@link AuthenticationEntryPoint}
 	 * @return the {@link ExceptionHandlingConfigurer} for further customizations
 	 */
-	public ExceptionHandlingConfigurer<H> defaultAuthenticationEntryPointFor(
-			AuthenticationEntryPoint entryPoint, RequestMatcher preferredMatcher) {
+	public ExceptionHandlingConfigurer<H> defaultAuthenticationEntryPointFor(AuthenticationEntryPoint entryPoint,
+			RequestMatcher preferredMatcher) {
 		this.defaultEntryPointMappings.put(preferredMatcher, entryPoint);
 		return this;
 	}
@@ -180,7 +173,6 @@ public final class ExceptionHandlingConfigurer<H extends HttpSecurityBuilder<H>>
 
 	/**
 	 * Gets the {@link AccessDeniedHandler} that is configured.
-	 *
 	 * @return the {@link AccessDeniedHandler}
 	 */
 	AccessDeniedHandler getAccessDeniedHandler() {
@@ -190,8 +182,8 @@ public final class ExceptionHandlingConfigurer<H extends HttpSecurityBuilder<H>>
 	@Override
 	public void configure(H http) {
 		AuthenticationEntryPoint entryPoint = getAuthenticationEntryPoint(http);
-		ExceptionTranslationFilter exceptionTranslationFilter = new ExceptionTranslationFilter(
-				entryPoint, getRequestCache(http));
+		ExceptionTranslationFilter exceptionTranslationFilter = new ExceptionTranslationFilter(entryPoint,
+				getRequestCache(http));
 		AccessDeniedHandler deniedHandler = getAccessDeniedHandler(http);
 		exceptionTranslationFilter.setAccessDeniedHandler(deniedHandler);
 		exceptionTranslationFilter = postProcess(exceptionTranslationFilter);
@@ -235,8 +227,7 @@ public final class ExceptionHandlingConfigurer<H extends HttpSecurityBuilder<H>>
 		if (this.defaultDeniedHandlerMappings.size() == 1) {
 			return this.defaultDeniedHandlerMappings.values().iterator().next();
 		}
-		return new RequestMatcherDelegatingAccessDeniedHandler(
-				this.defaultDeniedHandlerMappings,
+		return new RequestMatcherDelegatingAccessDeniedHandler(this.defaultDeniedHandlerMappings,
 				new AccessDeniedHandlerImpl());
 	}
 
@@ -249,8 +240,7 @@ public final class ExceptionHandlingConfigurer<H extends HttpSecurityBuilder<H>>
 		}
 		DelegatingAuthenticationEntryPoint entryPoint = new DelegatingAuthenticationEntryPoint(
 				this.defaultEntryPointMappings);
-		entryPoint.setDefaultEntryPoint(this.defaultEntryPointMappings.values().iterator()
-				.next());
+		entryPoint.setDefaultEntryPoint(this.defaultEntryPointMappings.values().iterator().next());
 		return entryPoint;
 	}
 
@@ -259,7 +249,6 @@ public final class ExceptionHandlingConfigurer<H extends HttpSecurityBuilder<H>>
 	 * {@link #requestCache(org.springframework.security.web.savedrequest.RequestCache)},
 	 * then it is used. Otherwise, an attempt to find a {@link RequestCache} shared object
 	 * is made. If that fails, an {@link HttpSessionRequestCache} is used
-	 *
 	 * @param http the {@link HttpSecurity} to attempt to fined the shared object
 	 * @return the {@link RequestCache} to use
 	 */
@@ -270,4 +259,5 @@ public final class ExceptionHandlingConfigurer<H extends HttpSecurityBuilder<H>>
 		}
 		return new HttpSessionRequestCache();
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurer.java
index d1df31e7f5..1a6bdf8acb 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurer.java
@@ -46,7 +46,8 @@ import org.springframework.util.StringUtils;
  * Adds URL based authorization based upon SpEL expressions to an application. At least
  * one {@link org.springframework.web.bind.annotation.RequestMapping} needs to be mapped
  * to {@link ConfigAttribute}'s for this {@link SecurityContextConfigurer} to have
- * meaning. <h2>Security Filters</h2>
+ * meaning.
+ * <h2>Security Filters</h2>
  *
  * The following Filters are populated
  *
@@ -73,19 +74,23 @@ import org.springframework.util.StringUtils;
  * </ul>
  *
  * @param <H> the type of {@link HttpSecurityBuilder} that is being configured
- *
  * @author Rob Winch
  * @since 3.2
  * @see org.springframework.security.config.annotation.web.builders.HttpSecurity#authorizeRequests()
  */
 public final class ExpressionUrlAuthorizationConfigurer<H extends HttpSecurityBuilder<H>>
-		extends
-		AbstractInterceptUrlConfigurer<ExpressionUrlAuthorizationConfigurer<H>, H> {
+		extends AbstractInterceptUrlConfigurer<ExpressionUrlAuthorizationConfigurer<H>, H> {
+
 	static final String permitAll = "permitAll";
+
 	private static final String denyAll = "denyAll";
+
 	private static final String anonymous = "anonymous";
+
 	private static final String authenticated = "authenticated";
+
 	private static final String fullyAuthenticated = "fullyAuthenticated";
+
 	private static final String rememberMe = "rememberMe";
 
 	private final ExpressionInterceptUrlRegistry REGISTRY;
@@ -104,8 +109,7 @@ public final class ExpressionUrlAuthorizationConfigurer<H extends HttpSecurityBu
 		return REGISTRY;
 	}
 
-	public class ExpressionInterceptUrlRegistry
-			extends
+	public class ExpressionInterceptUrlRegistry extends
 			ExpressionUrlAuthorizationConfigurer<H>.AbstractInterceptUrlRegistry<ExpressionInterceptUrlRegistry, AuthorizedUrl> {
 
 		/**
@@ -126,15 +130,13 @@ public final class ExpressionUrlAuthorizationConfigurer<H extends HttpSecurityBu
 		}
 
 		@Override
-		protected final AuthorizedUrl chainRequestMatchersInternal(
-				List<RequestMatcher> requestMatchers) {
+		protected final AuthorizedUrl chainRequestMatchersInternal(List<RequestMatcher> requestMatchers) {
 			return new AuthorizedUrl(requestMatchers);
 		}
 
 		/**
 		 * Allows customization of the {@link SecurityExpressionHandler} to be used. The
 		 * default is {@link DefaultWebSecurityExpressionHandler}
-		 *
 		 * @param expressionHandler the {@link SecurityExpressionHandler} to be used
 		 * @return the {@link ExpressionUrlAuthorizationConfigurer} for further
 		 * customization.
@@ -147,13 +149,11 @@ public final class ExpressionUrlAuthorizationConfigurer<H extends HttpSecurityBu
 
 		/**
 		 * Adds an {@link ObjectPostProcessor} for this class.
-		 *
 		 * @param objectPostProcessor
 		 * @return the {@link ExpressionUrlAuthorizationConfigurer} for further
 		 * customizations
 		 */
-		public ExpressionInterceptUrlRegistry withObjectPostProcessor(
-				ObjectPostProcessor<?> objectPostProcessor) {
+		public ExpressionInterceptUrlRegistry withObjectPostProcessor(ObjectPostProcessor<?> objectPostProcessor) {
 			addObjectPostProcessor(objectPostProcessor);
 			return this;
 		}
@@ -167,7 +167,6 @@ public final class ExpressionUrlAuthorizationConfigurer<H extends HttpSecurityBu
 	/**
 	 * Allows registering multiple {@link RequestMatcher} instances to a collection of
 	 * {@link ConfigAttribute} instances
-	 *
 	 * @param requestMatchers the {@link RequestMatcher} instances to register to the
 	 * {@link ConfigAttribute} instances
 	 * @param configAttributes the {@link ConfigAttribute} to be mapped by the
@@ -176,8 +175,8 @@ public final class ExpressionUrlAuthorizationConfigurer<H extends HttpSecurityBu
 	private void interceptUrl(Iterable<? extends RequestMatcher> requestMatchers,
 			Collection<ConfigAttribute> configAttributes) {
 		for (RequestMatcher requestMatcher : requestMatchers) {
-			REGISTRY.addMapping(new AbstractConfigAttributeRequestMatcherRegistry.UrlMapping(
-					requestMatcher, configAttributes));
+			REGISTRY.addMapping(
+					new AbstractConfigAttributeRequestMatcherRegistry.UrlMapping(requestMatcher, configAttributes));
 		}
 	}
 
@@ -192,23 +191,19 @@ public final class ExpressionUrlAuthorizationConfigurer<H extends HttpSecurityBu
 	}
 
 	@Override
-	ExpressionBasedFilterInvocationSecurityMetadataSource createMetadataSource(
-			H http) {
-		LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>> requestMap = REGISTRY
-				.createRequestMap();
+	ExpressionBasedFilterInvocationSecurityMetadataSource createMetadataSource(H http) {
+		LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>> requestMap = REGISTRY.createRequestMap();
 		if (requestMap.isEmpty()) {
 			throw new IllegalStateException(
 					"At least one mapping is required (i.e. authorizeRequests().anyRequest().authenticated())");
 		}
-		return new ExpressionBasedFilterInvocationSecurityMetadataSource(requestMap,
-				getExpressionHandler(http));
+		return new ExpressionBasedFilterInvocationSecurityMetadataSource(requestMap, getExpressionHandler(http));
 	}
 
 	private SecurityExpressionHandler<FilterInvocation> getExpressionHandler(H http) {
 		if (expressionHandler == null) {
 			DefaultWebSecurityExpressionHandler defaultHandler = new DefaultWebSecurityExpressionHandler();
-			AuthenticationTrustResolver trustResolver = http
-					.getSharedObject(AuthenticationTrustResolver.class);
+			AuthenticationTrustResolver trustResolver = http.getSharedObject(AuthenticationTrustResolver.class);
 			if (trustResolver != null) {
 				defaultHandler.setTrustResolver(trustResolver);
 			}
@@ -218,14 +213,17 @@ public final class ExpressionUrlAuthorizationConfigurer<H extends HttpSecurityBu
 				if (roleHiearchyBeanNames.length == 1) {
 					defaultHandler.setRoleHierarchy(context.getBean(roleHiearchyBeanNames[0], RoleHierarchy.class));
 				}
-				String[] grantedAuthorityDefaultsBeanNames = context.getBeanNamesForType(GrantedAuthorityDefaults.class);
+				String[] grantedAuthorityDefaultsBeanNames = context
+						.getBeanNamesForType(GrantedAuthorityDefaults.class);
 				if (grantedAuthorityDefaultsBeanNames.length == 1) {
-					GrantedAuthorityDefaults grantedAuthorityDefaults = context.getBean(grantedAuthorityDefaultsBeanNames[0], GrantedAuthorityDefaults.class);
+					GrantedAuthorityDefaults grantedAuthorityDefaults = context
+							.getBean(grantedAuthorityDefaultsBeanNames[0], GrantedAuthorityDefaults.class);
 					defaultHandler.setDefaultRolePrefix(grantedAuthorityDefaults.getRolePrefix());
 				}
 				String[] permissionEvaluatorBeanNames = context.getBeanNamesForType(PermissionEvaluator.class);
 				if (permissionEvaluatorBeanNames.length == 1) {
-					PermissionEvaluator permissionEvaluator = context.getBean(permissionEvaluatorBeanNames[0], PermissionEvaluator.class);
+					PermissionEvaluator permissionEvaluator = context.getBean(permissionEvaluatorBeanNames[0],
+							PermissionEvaluator.class);
 					defaultHandler.setPermissionEvaluator(permissionEvaluator);
 				}
 			}
@@ -237,8 +235,7 @@ public final class ExpressionUrlAuthorizationConfigurer<H extends HttpSecurityBu
 	}
 
 	private static String hasAnyRole(String... authorities) {
-		String anyAuthorities = StringUtils.arrayToDelimitedString(authorities,
-				"','ROLE_");
+		String anyAuthorities = StringUtils.arrayToDelimitedString(authorities, "','ROLE_");
 		return "hasAnyRole('ROLE_" + anyAuthorities + "')";
 	}
 
@@ -246,8 +243,7 @@ public final class ExpressionUrlAuthorizationConfigurer<H extends HttpSecurityBu
 		Assert.notNull(role, "role cannot be null");
 		if (role.startsWith("ROLE_")) {
 			throw new IllegalArgumentException(
-					"role should not start with 'ROLE_' since it is automatically inserted. Got '"
-							+ role + "'");
+					"role should not start with 'ROLE_' since it is automatically inserted. Got '" + role + "'");
 		}
 		return "hasRole('ROLE_" + role + "')";
 	}
@@ -272,9 +268,9 @@ public final class ExpressionUrlAuthorizationConfigurer<H extends HttpSecurityBu
 	 * @author Rob Winch
 	 */
 	public class MvcMatchersAuthorizedUrl extends AuthorizedUrl {
+
 		/**
 		 * Creates a new instance
-		 *
 		 * @param requestMatchers the {@link RequestMatcher} instances to map
 		 */
 		private MvcMatchersAuthorizedUrl(List<MvcRequestMatcher> requestMatchers) {
@@ -287,15 +283,17 @@ public final class ExpressionUrlAuthorizationConfigurer<H extends HttpSecurityBu
 			}
 			return this;
 		}
+
 	}
 
 	public class AuthorizedUrl {
+
 		private List<? extends RequestMatcher> requestMatchers;
+
 		private boolean not;
 
 		/**
 		 * Creates a new instance
-		 *
 		 * @param requestMatchers the {@link RequestMatcher} instances to map
 		 */
 		private AuthorizedUrl(List<? extends RequestMatcher> requestMatchers) {
@@ -308,7 +306,6 @@ public final class ExpressionUrlAuthorizationConfigurer<H extends HttpSecurityBu
 
 		/**
 		 * Negates the following expression.
-		 *
 		 * @return the {@link ExpressionUrlAuthorizationConfigurer} for further
 		 * customization
 		 */
@@ -320,7 +317,6 @@ public final class ExpressionUrlAuthorizationConfigurer<H extends HttpSecurityBu
 		/**
 		 * Shortcut for specifying URLs require a particular role. If you do not want to
 		 * have "ROLE_" automatically inserted see {@link #hasAuthority(String)}.
-		 *
 		 * @param role the role to require (i.e. USER, ADMIN, etc). Note, it should not
 		 * start with "ROLE_" as this is automatically inserted.
 		 * @return the {@link ExpressionUrlAuthorizationConfigurer} for further
@@ -334,7 +330,6 @@ public final class ExpressionUrlAuthorizationConfigurer<H extends HttpSecurityBu
 		 * Shortcut for specifying URLs require any of a number of roles. If you do not
 		 * want to have "ROLE_" automatically inserted see
 		 * {@link #hasAnyAuthority(String...)}
-		 *
 		 * @param roles the roles to require (i.e. USER, ADMIN, etc). Note, it should not
 		 * start with "ROLE_" as this is automatically inserted.
 		 * @return the {@link ExpressionUrlAuthorizationConfigurer} for further
@@ -346,7 +341,6 @@ public final class ExpressionUrlAuthorizationConfigurer<H extends HttpSecurityBu
 
 		/**
 		 * Specify that URLs require a particular authority.
-		 *
 		 * @param authority the authority to require (i.e. ROLE_USER, ROLE_ADMIN, etc).
 		 * @return the {@link ExpressionUrlAuthorizationConfigurer} for further
 		 * customization
@@ -357,7 +351,6 @@ public final class ExpressionUrlAuthorizationConfigurer<H extends HttpSecurityBu
 
 		/**
 		 * Specify that URLs requires any of a number authorities.
-		 *
 		 * @param authorities the requests require at least one of the authorities (i.e.
 		 * "ROLE_USER","ROLE_ADMIN" would mean either "ROLE_USER" or "ROLE_ADMIN" is
 		 * required).
@@ -365,28 +358,24 @@ public final class ExpressionUrlAuthorizationConfigurer<H extends HttpSecurityBu
 		 * customization
 		 */
 		public ExpressionInterceptUrlRegistry hasAnyAuthority(String... authorities) {
-			return access(ExpressionUrlAuthorizationConfigurer
-					.hasAnyAuthority(authorities));
+			return access(ExpressionUrlAuthorizationConfigurer.hasAnyAuthority(authorities));
 		}
 
 		/**
 		 * Specify that URLs requires a specific IP Address or <a href=
 		 * "https://forum.spring.io/showthread.php?102783-How-to-use-hasIpAddress&p=343971#post343971"
 		 * >subnet</a>.
-		 *
 		 * @param ipaddressExpression the ipaddress (i.e. 192.168.1.79) or local subnet
 		 * (i.e. 192.168.0/24)
 		 * @return the {@link ExpressionUrlAuthorizationConfigurer} for further
 		 * customization
 		 */
 		public ExpressionInterceptUrlRegistry hasIpAddress(String ipaddressExpression) {
-			return access(ExpressionUrlAuthorizationConfigurer
-					.hasIpAddress(ipaddressExpression));
+			return access(ExpressionUrlAuthorizationConfigurer.hasIpAddress(ipaddressExpression));
 		}
 
 		/**
 		 * Specify that URLs are allowed by anyone.
-		 *
 		 * @return the {@link ExpressionUrlAuthorizationConfigurer} for further
 		 * customization
 		 */
@@ -396,7 +385,6 @@ public final class ExpressionUrlAuthorizationConfigurer<H extends HttpSecurityBu
 
 		/**
 		 * Specify that URLs are allowed by anonymous users.
-		 *
 		 * @return the {@link ExpressionUrlAuthorizationConfigurer} for further
 		 * customization
 		 */
@@ -406,7 +394,6 @@ public final class ExpressionUrlAuthorizationConfigurer<H extends HttpSecurityBu
 
 		/**
 		 * Specify that URLs are allowed by users that have been remembered.
-		 *
 		 * @return the {@link ExpressionUrlAuthorizationConfigurer} for further
 		 * customization
 		 * @see RememberMeConfigurer
@@ -417,7 +404,6 @@ public final class ExpressionUrlAuthorizationConfigurer<H extends HttpSecurityBu
 
 		/**
 		 * Specify that URLs are not allowed by anyone.
-		 *
 		 * @return the {@link ExpressionUrlAuthorizationConfigurer} for further
 		 * customization
 		 */
@@ -427,7 +413,6 @@ public final class ExpressionUrlAuthorizationConfigurer<H extends HttpSecurityBu
 
 		/**
 		 * Specify that URLs are allowed by any authenticated user.
-		 *
 		 * @return the {@link ExpressionUrlAuthorizationConfigurer} for further
 		 * customization
 		 */
@@ -438,7 +423,6 @@ public final class ExpressionUrlAuthorizationConfigurer<H extends HttpSecurityBu
 		/**
 		 * Specify that URLs are allowed by users who have authenticated and were not
 		 * "remembered".
-		 *
 		 * @return the {@link ExpressionUrlAuthorizationConfigurer} for further
 		 * customization
 		 * @see RememberMeConfigurer
@@ -449,9 +433,8 @@ public final class ExpressionUrlAuthorizationConfigurer<H extends HttpSecurityBu
 
 		/**
 		 * Allows specifying that URLs are secured by an arbitrary expression
-		 *
-		 * @param attribute the expression to secure the URLs (i.e.
-		 * "hasRole('ROLE_USER') and hasRole('ROLE_SUPER')")
+		 * @param attribute the expression to secure the URLs (i.e. "hasRole('ROLE_USER')
+		 * and hasRole('ROLE_SUPER')")
 		 * @return the {@link ExpressionUrlAuthorizationConfigurer} for further
 		 * customization
 		 */
@@ -462,5 +445,7 @@ public final class ExpressionUrlAuthorizationConfigurer<H extends HttpSecurityBu
 			interceptUrl(requestMatchers, SecurityConfig.createList(attribute));
 			return ExpressionUrlAuthorizationConfigurer.this.REGISTRY;
 		}
+
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/FormLoginConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/FormLoginConfigurer.java
index 1713bc0348..840ac4a12f 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/FormLoginConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/FormLoginConfigurer.java
@@ -172,8 +172,6 @@ public final class FormLoginConfigurer<H extends HttpSecurityBuilder<H>> extends
 	 * <li>/authenticate?error GET - redirect here for failed authentication attempts</li>
 	 * <li>/authenticate?logout GET - redirect here after successfully logging out</li>
 	 * </ul>
-	 *
-	 *
 	 * @param loginPage the login page to redirect to if authentication is required (i.e.
 	 * "/login")
 	 * @return the {@link FormLoginConfigurer} for additional customization
@@ -186,7 +184,6 @@ public final class FormLoginConfigurer<H extends HttpSecurityBuilder<H>> extends
 	/**
 	 * The HTTP parameter to look for the username when performing authentication. Default
 	 * is "username".
-	 *
 	 * @param usernameParameter the HTTP parameter to look for the username when
 	 * performing authentication
 	 * @return the {@link FormLoginConfigurer} for additional customization
@@ -199,7 +196,6 @@ public final class FormLoginConfigurer<H extends HttpSecurityBuilder<H>> extends
 	/**
 	 * The HTTP parameter to look for the password when performing authentication. Default
 	 * is "password".
-	 *
 	 * @param passwordParameter the HTTP parameter to look for the password when
 	 * performing authentication
 	 * @return the {@link FormLoginConfigurer} for additional customization
@@ -211,7 +207,6 @@ public final class FormLoginConfigurer<H extends HttpSecurityBuilder<H>> extends
 
 	/**
 	 * Forward Authentication Failure Handler
-	 *
 	 * @param forwardUrl the target URL in case of failure
 	 * @return the {@link FormLoginConfigurer} for additional customization
 	 */
@@ -222,7 +217,6 @@ public final class FormLoginConfigurer<H extends HttpSecurityBuilder<H>> extends
 
 	/**
 	 * Forward Authentication Success Handler
-	 *
 	 * @param forwardUrl the target URL in case of success
 	 * @return the {@link FormLoginConfigurer} for additional customization
 	 */
@@ -251,7 +245,6 @@ public final class FormLoginConfigurer<H extends HttpSecurityBuilder<H>> extends
 
 	/**
 	 * Gets the HTTP parameter that is used to submit the username.
-	 *
 	 * @return the HTTP parameter that is used to submit the username
 	 */
 	private String getUsernameParameter() {
@@ -260,7 +253,6 @@ public final class FormLoginConfigurer<H extends HttpSecurityBuilder<H>> extends
 
 	/**
 	 * Gets the HTTP parameter that is used to submit the password.
-	 *
 	 * @return the HTTP parameter that is used to submit the password
 	 */
 	private String getPasswordParameter() {
@@ -270,7 +262,6 @@ public final class FormLoginConfigurer<H extends HttpSecurityBuilder<H>> extends
 	/**
 	 * If available, initializes the {@link DefaultLoginPageGeneratingFilter} shared
 	 * object.
-	 *
 	 * @param http the {@link HttpSecurityBuilder} to use
 	 */
 	private void initDefaultLoginFilter(H http) {
@@ -285,4 +276,5 @@ public final class FormLoginConfigurer<H extends HttpSecurityBuilder<H>> extends
 			loginPageGeneratingFilter.setAuthenticationUrl(getLoginProcessingUrl());
 		}
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurer.java
index adcffa0648..0f6758a5c8 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurer.java
@@ -63,8 +63,9 @@ import org.springframework.util.Assert;
  * @author Vedran Pavic
  * @since 3.2
  */
-public class HeadersConfigurer<H extends HttpSecurityBuilder<H>> extends
-		AbstractHttpConfigurer<HeadersConfigurer<H>, H> {
+public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
+		extends AbstractHttpConfigurer<HeadersConfigurer<H>, H> {
+
 	private List<HeaderWriter> headerWriters = new ArrayList<>();
 
 	// --- default header writers ---
@@ -97,7 +98,6 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>> extends
 
 	/**
 	 * Adds a {@link HeaderWriter} instance
-	 *
 	 * @param headerWriter the {@link HeaderWriter} instance to add
 	 * @return the {@link HeadersConfigurer} for additional customizations
 	 */
@@ -108,14 +108,13 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>> extends
 	}
 
 	/**
-	 * Configures the {@link XContentTypeOptionsHeaderWriter} which inserts the <a href=
-	 * "https://msdn.microsoft.com/en-us/library/ie/gg622941(v=vs.85).aspx"
+	 * Configures the {@link XContentTypeOptionsHeaderWriter} which inserts the
+	 * <a href= "https://msdn.microsoft.com/en-us/library/ie/gg622941(v=vs.85).aspx"
 	 * >X-Content-Type-Options</a>:
 	 *
 	 * <pre>
 	 * X-Content-Type-Options: nosniff
 	 * </pre>
-	 *
 	 * @return the {@link ContentTypeOptionsConfig} for additional customizations
 	 */
 	public ContentTypeOptionsConfig contentTypeOptions() {
@@ -123,16 +122,15 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>> extends
 	}
 
 	/**
-	 * Configures the {@link XContentTypeOptionsHeaderWriter} which inserts the <a href=
-	 * "https://msdn.microsoft.com/en-us/library/ie/gg622941(v=vs.85).aspx"
+	 * Configures the {@link XContentTypeOptionsHeaderWriter} which inserts the
+	 * <a href= "https://msdn.microsoft.com/en-us/library/ie/gg622941(v=vs.85).aspx"
 	 * >X-Content-Type-Options</a>:
 	 *
 	 * <pre>
 	 * X-Content-Type-Options: nosniff
 	 * </pre>
-	 *
-	 * @param contentTypeOptionsCustomizer the {@link Customizer} to provide more options for
-	 * the {@link ContentTypeOptionsConfig}
+	 * @param contentTypeOptionsCustomizer the {@link Customizer} to provide more options
+	 * for the {@link ContentTypeOptionsConfig}
 	 * @return the {@link HeadersConfigurer} for additional customizations
 	 */
 	public HeadersConfigurer<H> contentTypeOptions(Customizer<ContentTypeOptionsConfig> contentTypeOptionsCustomizer) {
@@ -141,6 +139,7 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>> extends
 	}
 
 	public final class ContentTypeOptionsConfig {
+
 		private XContentTypeOptionsHeaderWriter writer;
 
 		private ContentTypeOptionsConfig() {
@@ -149,7 +148,6 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>> extends
 
 		/**
 		 * Removes the X-XSS-Protection header.
-		 *
 		 * @return {@link HeadersConfigurer} for additional customization.
 		 */
 		public HeadersConfigurer<H> disable() {
@@ -167,7 +165,6 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>> extends
 
 		/**
 		 * Ensures that Content Type Options is enabled
-		 *
 		 * @return the {@link ContentTypeOptionsConfig} for additional customization
 		 */
 		private ContentTypeOptionsConfig enable() {
@@ -176,6 +173,7 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>> extends
 			}
 			return this;
 		}
+
 	}
 
 	/**
@@ -186,7 +184,6 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>> extends
 	 * "https://blogs.msdn.com/b/ieinternals/archive/2011/01/31/controlling-the-internet-explorer-xss-filter-with-the-x-xss-protection-http-header.aspx"
 	 * >X-XSS-Protection header</a>
 	 * </p>
-	 *
 	 * @return the {@link XXssConfig} for additional customizations
 	 */
 	public XXssConfig xssProtection() {
@@ -201,9 +198,8 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>> extends
 	 * "https://blogs.msdn.com/b/ieinternals/archive/2011/01/31/controlling-the-internet-explorer-xss-filter-with-the-x-xss-protection-http-header.aspx"
 	 * >X-XSS-Protection header</a>
 	 * </p>
-	 *
-	 * @param xssCustomizer the {@link Customizer} to provide more options for
-	 * the {@link XXssConfig}
+	 * @param xssCustomizer the {@link Customizer} to provide more options for the
+	 * {@link XXssConfig}
 	 * @return the {@link HeadersConfigurer} for additional customizations
 	 */
 	public HeadersConfigurer<H> xssProtection(Customizer<XXssConfig> xssCustomizer) {
@@ -212,6 +208,7 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>> extends
 	}
 
 	public final class XXssConfig {
+
 		private XXssProtectionHeaderWriter writer;
 
 		private XXssConfig() {
@@ -221,7 +218,6 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>> extends
 		/**
 		 * If false, will not specify the mode as blocked. In this instance, any content
 		 * will be attempted to be fixed. If true, the content will be replaced with "#".
-		 *
 		 * @param enabled the new value
 		 */
 		public XXssConfig block(boolean enabled) {
@@ -236,7 +232,8 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>> extends
 		 * X-XSS-Protection: 1
 		 * </pre>
 		 *
-		 * or if {@link XXssProtectionHeaderWriter#setBlock(boolean)} of the given {@link XXssProtectionHeaderWriter} is true
+		 * or if {@link XXssProtectionHeaderWriter#setBlock(boolean)} of the given
+		 * {@link XXssProtectionHeaderWriter} is true
 		 *
 		 *
 		 * <pre>
@@ -249,7 +246,6 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>> extends
 		 * <pre>
 		 * X-XSS-Protection: 0
 		 * </pre>
-		 *
 		 * @param enabled the new value
 		 */
 		public XXssConfig xssProtectionEnabled(boolean enabled) {
@@ -259,7 +255,6 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>> extends
 
 		/**
 		 * Disables X-XSS-Protection header (does not include it)
-		 *
 		 * @return the {@link HeadersConfigurer} for additional configuration
 		 */
 		public HeadersConfigurer<H> disable() {
@@ -270,7 +265,6 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>> extends
 		/**
 		 * Allows completing configuration of X-XSS-Protection and continuing
 		 * configuration of headers.
-		 *
 		 * @return the {@link HeadersConfigurer} for additional configuration
 		 */
 		public HeadersConfigurer<H> and() {
@@ -279,7 +273,6 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>> extends
 
 		/**
 		 * Ensures the X-XSS-Protection header is enabled if it is not already.
-		 *
 		 * @return the {@link XXssConfig} for additional customization
 		 */
 		private XXssConfig enable() {
@@ -288,6 +281,7 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>> extends
 			}
 			return this;
 		}
+
 	}
 
 	/**
@@ -298,7 +292,6 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>> extends
 	 * <li>Pragma: no-cache</li>
 	 * <li>Expires: 0</li>
 	 * </ul>
-	 *
 	 * @return the {@link CacheControlConfig} for additional customizations
 	 */
 	public CacheControlConfig cacheControl() {
@@ -313,7 +306,6 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>> extends
 	 * <li>Pragma: no-cache</li>
 	 * <li>Expires: 0</li>
 	 * </ul>
-	 *
 	 * @param cacheControlCustomizer the {@link Customizer} to provide more options for
 	 * the {@link CacheControlConfig}
 	 * @return the {@link HeadersConfigurer} for additional customizations
@@ -324,6 +316,7 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>> extends
 	}
 
 	public final class CacheControlConfig {
+
 		private CacheControlHeadersWriter writer;
 
 		private CacheControlConfig() {
@@ -332,7 +325,6 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>> extends
 
 		/**
 		 * Disables Cache Control
-		 *
 		 * @return the {@link HeadersConfigurer} for additional configuration
 		 */
 		public HeadersConfigurer<H> disable() {
@@ -341,9 +333,8 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>> extends
 		}
 
 		/**
-		 * Allows completing configuration of Cache Control and continuing
-		 * configuration of headers.
-		 *
+		 * Allows completing configuration of Cache Control and continuing configuration
+		 * of headers.
 		 * @return the {@link HeadersConfigurer} for additional configuration
 		 */
 		public HeadersConfigurer<H> and() {
@@ -352,7 +343,6 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>> extends
 
 		/**
 		 * Ensures the Cache Control headers are enabled if they are not already.
-		 *
 		 * @return the {@link CacheControlConfig} for additional customization
 		 */
 		private CacheControlConfig enable() {
@@ -361,13 +351,13 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>> extends
 			}
 			return this;
 		}
+
 	}
 
 	/**
-	 * Allows customizing the {@link HstsHeaderWriter} which provides support for <a
-	 * href="https://tools.ietf.org/html/rfc6797">HTTP Strict Transport Security
+	 * Allows customizing the {@link HstsHeaderWriter} which provides support for
+	 * <a href="https://tools.ietf.org/html/rfc6797">HTTP Strict Transport Security
 	 * (HSTS)</a>.
-	 *
 	 * @return the {@link HstsConfig} for additional customizations
 	 */
 	public HstsConfig httpStrictTransportSecurity() {
@@ -375,12 +365,11 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>> extends
 	}
 
 	/**
-	 * Allows customizing the {@link HstsHeaderWriter} which provides support for <a
-	 * href="https://tools.ietf.org/html/rfc6797">HTTP Strict Transport Security
+	 * Allows customizing the {@link HstsHeaderWriter} which provides support for
+	 * <a href="https://tools.ietf.org/html/rfc6797">HTTP Strict Transport Security
 	 * (HSTS)</a>.
-	 *
-	 * @param hstsCustomizer the {@link Customizer} to provide more options for
-	 * the {@link HstsConfig}
+	 * @param hstsCustomizer the {@link Customizer} to provide more options for the
+	 * {@link HstsConfig}
 	 * @return the {@link HeadersConfigurer} for additional customizations
 	 */
 	public HeadersConfigurer<H> httpStrictTransportSecurity(Customizer<HstsConfig> hstsCustomizer) {
@@ -389,6 +378,7 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>> extends
 	}
 
 	public final class HstsConfig {
+
 		private HstsHeaderWriter writer;
 
 		private HstsConfig() {
@@ -403,11 +393,10 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>> extends
 		 *
 		 * <p>
 		 * This instructs browsers how long to remember to keep this domain as a known
-		 * HSTS Host. See <a
-		 * href="https://tools.ietf.org/html/rfc6797#section-6.1.1">Section 6.1.1</a> for
-		 * additional details.
+		 * HSTS Host. See
+		 * <a href="https://tools.ietf.org/html/rfc6797#section-6.1.1">Section 6.1.1</a>
+		 * for additional details.
 		 * </p>
-		 *
 		 * @param maxAgeInSeconds the maximum amount of time (in seconds) to consider this
 		 * domain as a known HSTS Host.
 		 * @throws IllegalArgumentException if maxAgeInSeconds is negative
@@ -422,7 +411,6 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>> extends
 		 * "Strict-Transport-Security" should be added. If true the header is added, else
 		 * the header is not added. By default the header is added when
 		 * {@link HttpServletRequest#isSecure()} returns true.
-		 *
 		 * @param requestMatcher the {@link RequestMatcher} to use.
 		 * @throws IllegalArgumentException if {@link RequestMatcher} is null
 		 */
@@ -440,7 +428,6 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>> extends
 		 * See <a href="https://tools.ietf.org/html/rfc6797#section-6.1.2">Section
 		 * 6.1.2</a> for additional details.
 		 * </p>
-		 *
 		 * @param includeSubDomains true to include subdomains, else false
 		 */
 		public HstsConfig includeSubDomains(boolean includeSubDomains) {
@@ -454,10 +441,9 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>> extends
 		 * </p>
 		 *
 		 * <p>
-		 * See <a href="https://hstspreload.org/">Website hstspreload.org</a>
-		 * for additional details.
+		 * See <a href="https://hstspreload.org/">Website hstspreload.org</a> for
+		 * additional details.
 		 * </p>
-		 *
 		 * @param preload true to include preload, else false
 		 * @since 5.2.0
 		 * @author Ankur Pathak
@@ -469,7 +455,6 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>> extends
 
 		/**
 		 * Disables Strict Transport Security
-		 *
 		 * @return the {@link HeadersConfigurer} for additional configuration
 		 */
 		public HeadersConfigurer<H> disable() {
@@ -480,7 +465,6 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>> extends
 		/**
 		 * Allows completing configuration of Strict Transport Security and continuing
 		 * configuration of headers.
-		 *
 		 * @return the {@link HeadersConfigurer} for additional configuration
 		 */
 		public HeadersConfigurer<H> and() {
@@ -489,7 +473,6 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>> extends
 
 		/**
 		 * Ensures that Strict-Transport-Security is enabled if it is not already
-		 *
 		 * @return the {@link HstsConfig} for additional customization
 		 */
 		private HstsConfig enable() {
@@ -498,11 +481,11 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>> extends
 			}
 			return this;
 		}
+
 	}
 
 	/**
 	 * Allows customizing the {@link XFrameOptionsHeaderWriter}.
-	 *
 	 * @return the {@link FrameOptionsConfig} for additional customizations
 	 */
 	public FrameOptionsConfig frameOptions() {
@@ -511,7 +494,6 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>> extends
 
 	/**
 	 * Allows customizing the {@link XFrameOptionsHeaderWriter}.
-	 *
 	 * @param frameOptionsCustomizer the {@link Customizer} to provide more options for
 	 * the {@link FrameOptionsConfig}
 	 * @return the {@link HeadersConfigurer} for additional customizations
@@ -522,6 +504,7 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>> extends
 	}
 
 	public final class FrameOptionsConfig {
+
 		private XFrameOptionsHeaderWriter writer;
 
 		private FrameOptionsConfig() {
@@ -530,7 +513,6 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>> extends
 
 		/**
 		 * Specify to DENY framing any content from this application.
-		 *
 		 * @return the {@link HeadersConfigurer} for additional customization.
 		 */
 		public HeadersConfigurer<H> deny() {
@@ -545,7 +527,6 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>> extends
 		 * example.com could frame the application, but evil.com could not frame the
 		 * application.
 		 * </p>
-		 *
 		 * @return the {@link HeadersConfigurer} for additional customization.
 		 */
 		public HeadersConfigurer<H> sameOrigin() {
@@ -555,7 +536,6 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>> extends
 
 		/**
 		 * Prevents the header from being added to the response.
-		 *
 		 * @return the {@link HeadersConfigurer} for additional configuration.
 		 */
 		public HeadersConfigurer<H> disable() {
@@ -565,7 +545,6 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>> extends
 
 		/**
 		 * Allows continuing customizing the headers configuration.
-		 *
 		 * @return the {@link HeadersConfigurer} for additional configuration
 		 */
 		public HeadersConfigurer<H> and() {
@@ -574,7 +553,6 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>> extends
 
 		/**
 		 * Enables FrameOptionsConfig if it is not already enabled.
-		 *
 		 * @return the FrameOptionsConfig for additional customization.
 		 */
 		private FrameOptionsConfig enable() {
@@ -583,12 +561,12 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>> extends
 			}
 			return this;
 		}
+
 	}
 
 	/**
-	 * Allows customizing the {@link HpkpHeaderWriter} which provides support for <a
-	 * href="https://tools.ietf.org/html/rfc7469">HTTP Public Key Pinning (HPKP)</a>.
-	 *
+	 * Allows customizing the {@link HpkpHeaderWriter} which provides support for
+	 * <a href="https://tools.ietf.org/html/rfc7469">HTTP Public Key Pinning (HPKP)</a>.
 	 * @return the {@link HpkpConfig} for additional customizations
 	 *
 	 * @since 4.1
@@ -598,11 +576,10 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>> extends
 	}
 
 	/**
-	 * Allows customizing the {@link HpkpHeaderWriter} which provides support for <a
-	 * href="https://tools.ietf.org/html/rfc7469">HTTP Public Key Pinning (HPKP)</a>.
-	 *
-	 * @param hpkpCustomizer the {@link Customizer} to provide more options for
-	 * the {@link HpkpConfig}
+	 * Allows customizing the {@link HpkpHeaderWriter} which provides support for
+	 * <a href="https://tools.ietf.org/html/rfc7469">HTTP Public Key Pinning (HPKP)</a>.
+	 * @param hpkpCustomizer the {@link Customizer} to provide more options for the
+	 * {@link HpkpConfig}
 	 * @return the {@link HeadersConfigurer} for additional customizations
 	 */
 	public HeadersConfigurer<H> httpPublicKeyPinning(Customizer<HpkpConfig> hpkpCustomizer) {
@@ -611,9 +588,11 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>> extends
 	}
 
 	public final class HpkpConfig {
+
 		private HpkpHeaderWriter writer;
 
-		private HpkpConfig() {}
+		private HpkpConfig() {
+		}
 
 		/**
 		 * <p>
@@ -621,12 +600,13 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>> extends
 		 * </p>
 		 *
 		 * <p>
-		 * The pin directive specifies a way for web host operators to indicate
-		 * a cryptographic identity that should be bound to a given web host.
-		 * See <a href="https://tools.ietf.org/html/rfc7469#section-2.1.1">Section 2.1.1</a> for additional details.
+		 * The pin directive specifies a way for web host operators to indicate a
+		 * cryptographic identity that should be bound to a given web host. See
+		 * <a href="https://tools.ietf.org/html/rfc7469#section-2.1.1">Section 2.1.1</a>
+		 * for additional details.
 		 * </p>
-		 *
-		 * @param pins the map of base64-encoded SPKI fingerprint &amp; cryptographic hash algorithm pairs.
+		 * @param pins the map of base64-encoded SPKI fingerprint &amp; cryptographic hash
+		 * algorithm pairs.
 		 * @throws IllegalArgumentException if pins is null
 		 */
 		public HpkpConfig withPins(Map<String, String> pins) {
@@ -636,37 +616,38 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>> extends
 
 		/**
 		 * <p>
-		 * Adds a list of SHA256 hashed pins for the pin- directive of the Public-Key-Pins header.
+		 * Adds a list of SHA256 hashed pins for the pin- directive of the Public-Key-Pins
+		 * header.
 		 * </p>
 		 *
 		 * <p>
-		 * The pin directive specifies a way for web host operators to indicate
-		 * a cryptographic identity that should be bound to a given web host.
-		 * See <a href="https://tools.ietf.org/html/rfc7469#section-2.1.1">Section 2.1.1</a> for additional details.
+		 * The pin directive specifies a way for web host operators to indicate a
+		 * cryptographic identity that should be bound to a given web host. See
+		 * <a href="https://tools.ietf.org/html/rfc7469#section-2.1.1">Section 2.1.1</a>
+		 * for additional details.
 		 * </p>
-		 *
 		 * @param pins a list of base64-encoded SPKI fingerprints.
 		 * @throws IllegalArgumentException if a pin is null
 		 */
-		public HpkpConfig addSha256Pins(String ... pins) {
+		public HpkpConfig addSha256Pins(String... pins) {
 			writer.addSha256Pins(pins);
 			return this;
 		}
 
 		/**
 		 * <p>
-		 * Sets the value (in seconds) for the max-age directive of the Public-Key-Pins header.
-		 * The default is 60 days.
+		 * Sets the value (in seconds) for the max-age directive of the Public-Key-Pins
+		 * header. The default is 60 days.
 		 * </p>
 		 *
 		 * <p>
-		 * This instructs browsers how long they should regard the host (from whom the message was received)
-		 * as a known pinned host. See <a href="https://tools.ietf.org/html/rfc7469#section-2.1.2">Section
-		 * 2.1.2</a> for additional details.
+		 * This instructs browsers how long they should regard the host (from whom the
+		 * message was received) as a known pinned host. See
+		 * <a href="https://tools.ietf.org/html/rfc7469#section-2.1.2">Section 2.1.2</a>
+		 * for additional details.
 		 * </p>
-		 *
-		 * @param maxAgeInSeconds the maximum amount of time (in seconds) to regard the host
-		 * as a known pinned host.
+		 * @param maxAgeInSeconds the maximum amount of time (in seconds) to regard the
+		 * host as a known pinned host.
 		 * @throws IllegalArgumentException if maxAgeInSeconds is negative
 		 */
 		public HpkpConfig maxAgeInSeconds(long maxAgeInSeconds) {
@@ -676,15 +657,14 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>> extends
 
 		/**
 		 * <p>
-		 * If true, the pinning policy applies to this pinned host as well as any subdomains
-		 * of the host's domain name. The default is false.
+		 * If true, the pinning policy applies to this pinned host as well as any
+		 * subdomains of the host's domain name. The default is false.
 		 * </p>
 		 *
 		 * <p>
-		 * See <a href="https://tools.ietf.org/html/rfc7469#section-2.1.3">Section 2.1.3</a>
-		 * for additional details.
+		 * See <a href="https://tools.ietf.org/html/rfc7469#section-2.1.3">Section
+		 * 2.1.3</a> for additional details.
 		 * </p>
-		 *
 		 * @param includeSubDomains true to include subdomains, else false
 		 */
 		public HpkpConfig includeSubDomains(boolean includeSubDomains) {
@@ -694,14 +674,14 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>> extends
 
 		/**
 		 * <p>
-		 * If true, the browser should not terminate the connection with the server. The default is true.
+		 * If true, the browser should not terminate the connection with the server. The
+		 * default is true.
 		 * </p>
 		 *
 		 * <p>
 		 * See <a href="https://tools.ietf.org/html/rfc7469#section-2.1">Section 2.1</a>
 		 * for additional details.
 		 * </p>
-		 *
 		 * @param reportOnly true to report only, else false
 		 */
 		public HpkpConfig reportOnly(boolean reportOnly) {
@@ -715,10 +695,9 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>> extends
 		 * </p>
 		 *
 		 * <p>
-		 * See <a href="https://tools.ietf.org/html/rfc7469#section-2.1.4">Section 2.1.4</a>
-		 * for additional details.
+		 * See <a href="https://tools.ietf.org/html/rfc7469#section-2.1.4">Section
+		 * 2.1.4</a> for additional details.
 		 * </p>
-		 *
 		 * @param reportUri the URI where the browser should send the report to.
 		 */
 		public HpkpConfig reportUri(URI reportUri) {
@@ -732,10 +711,9 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>> extends
 		 * </p>
 		 *
 		 * <p>
-		 * See <a href="https://tools.ietf.org/html/rfc7469#section-2.1.4">Section 2.1.4</a>
-		 * for additional details.
+		 * See <a href="https://tools.ietf.org/html/rfc7469#section-2.1.4">Section
+		 * 2.1.4</a> for additional details.
 		 * </p>
-		 *
 		 * @param reportUri the URI where the browser should send the report to.
 		 * @throws IllegalArgumentException if the reportUri is not a valid URI
 		 */
@@ -746,7 +724,6 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>> extends
 
 		/**
 		 * Prevents the header from being added to the response.
-		 *
 		 * @return the {@link HeadersConfigurer} for additional configuration.
 		 */
 		public HeadersConfigurer<H> disable() {
@@ -757,7 +734,6 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>> extends
 		/**
 		 * Allows completing configuration of Public Key Pinning and continuing
 		 * configuration of headers.
-		 *
 		 * @return the {@link HeadersConfigurer} for additional configuration
 		 */
 		public HeadersConfigurer<H> and() {
@@ -765,8 +741,8 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>> extends
 		}
 
 		/**
-		 * Ensures that Public-Key-Pins or Public-Key-Pins-Report-Only is enabled if it is not already
-		 *
+		 * Ensures that Public-Key-Pins or Public-Key-Pins-Report-Only is enabled if it is
+		 * not already
 		 * @return the {@link HstsConfig} for additional customization
 		 */
 		private HpkpConfig enable() {
@@ -775,25 +751,28 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>> extends
 			}
 			return this;
 		}
+
 	}
 
 	/**
 	 * <p>
-	 * Allows configuration for <a href="https://www.w3.org/TR/CSP2/">Content Security Policy (CSP) Level 2</a>.
+	 * Allows configuration for <a href="https://www.w3.org/TR/CSP2/">Content Security
+	 * Policy (CSP) Level 2</a>.
 	 * </p>
 	 *
 	 * <p>
-	 * Calling this method automatically enables (includes) the Content-Security-Policy header in the response
-	 * using the supplied security policy directive(s).
+	 * Calling this method automatically enables (includes) the Content-Security-Policy
+	 * header in the response using the supplied security policy directive(s).
 	 * </p>
 	 *
 	 * <p>
-	 * Configuration is provided to the {@link ContentSecurityPolicyHeaderWriter} which supports the writing
-	 * of the two headers as detailed in the W3C Candidate Recommendation:
+	 * Configuration is provided to the {@link ContentSecurityPolicyHeaderWriter} which
+	 * supports the writing of the two headers as detailed in the W3C Candidate
+	 * Recommendation:
 	 * </p>
 	 * <ul>
-	 * 	<li>Content-Security-Policy</li>
-	 * 	<li>Content-Security-Policy-Report-Only</li>
+	 * <li>Content-Security-Policy</li>
+	 * <li>Content-Security-Policy-Report-Only</li>
 	 * </ul>
 	 *
 	 * @see ContentSecurityPolicyHeaderWriter
@@ -802,28 +781,29 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>> extends
 	 * @throws IllegalArgumentException if policyDirectives is null or empty
 	 */
 	public ContentSecurityPolicyConfig contentSecurityPolicy(String policyDirectives) {
-		this.contentSecurityPolicy.writer =
-				new ContentSecurityPolicyHeaderWriter(policyDirectives);
+		this.contentSecurityPolicy.writer = new ContentSecurityPolicyHeaderWriter(policyDirectives);
 		return contentSecurityPolicy;
 	}
 
 	/**
 	 * <p>
-	 * Allows configuration for <a href="https://www.w3.org/TR/CSP2/">Content Security Policy (CSP) Level 2</a>.
+	 * Allows configuration for <a href="https://www.w3.org/TR/CSP2/">Content Security
+	 * Policy (CSP) Level 2</a>.
 	 * </p>
 	 *
 	 * <p>
-	 * Calling this method automatically enables (includes) the Content-Security-Policy header in the response
-	 * using the supplied security policy directive(s).
+	 * Calling this method automatically enables (includes) the Content-Security-Policy
+	 * header in the response using the supplied security policy directive(s).
 	 * </p>
 	 *
 	 * <p>
-	 * Configuration is provided to the {@link ContentSecurityPolicyHeaderWriter} which supports the writing
-	 * of the two headers as detailed in the W3C Candidate Recommendation:
+	 * Configuration is provided to the {@link ContentSecurityPolicyHeaderWriter} which
+	 * supports the writing of the two headers as detailed in the W3C Candidate
+	 * Recommendation:
 	 * </p>
 	 * <ul>
-	 * 	<li>Content-Security-Policy</li>
-	 * 	<li>Content-Security-Policy-Report-Only</li>
+	 * <li>Content-Security-Policy</li>
+	 * <li>Content-Security-Policy-Report-Only</li>
 	 * </ul>
 	 *
 	 * @see ContentSecurityPolicyHeaderWriter
@@ -831,7 +811,8 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>> extends
 	 * the {@link ContentSecurityPolicyConfig}
 	 * @return the {@link HeadersConfigurer} for additional customizations
 	 */
-	public HeadersConfigurer<H> contentSecurityPolicy(Customizer<ContentSecurityPolicyConfig> contentSecurityCustomizer) {
+	public HeadersConfigurer<H> contentSecurityPolicy(
+			Customizer<ContentSecurityPolicyConfig> contentSecurityCustomizer) {
 		this.contentSecurityPolicy.writer = new ContentSecurityPolicyHeaderWriter();
 		contentSecurityCustomizer.customize(this.contentSecurityPolicy);
 
@@ -839,6 +820,7 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>> extends
 	}
 
 	public final class ContentSecurityPolicyConfig {
+
 		private ContentSecurityPolicyHeaderWriter writer;
 
 		private ContentSecurityPolicyConfig() {
@@ -846,7 +828,6 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>> extends
 
 		/**
 		 * Sets the security policy directive(s) to be used in the response header.
-		 *
 		 * @param policyDirectives the security policy directive(s)
 		 * @return the {@link ContentSecurityPolicyConfig} for additional configuration
 		 * @throws IllegalArgumentException if policyDirectives is null or empty
@@ -857,8 +838,8 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>> extends
 		}
 
 		/**
-		 * Enables (includes) the Content-Security-Policy-Report-Only header in the response.
-		 *
+		 * Enables (includes) the Content-Security-Policy-Report-Only header in the
+		 * response.
 		 * @return the {@link ContentSecurityPolicyConfig} for additional configuration
 		 */
 		public ContentSecurityPolicyConfig reportOnly() {
@@ -869,7 +850,6 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>> extends
 		/**
 		 * Allows completing configuration of Content Security Policy and continuing
 		 * configuration of headers.
-		 *
 		 * @return the {@link HeadersConfigurer} for additional configuration
 		 */
 		public HeadersConfigurer<H> and() {
@@ -886,7 +866,6 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>> extends
 	 * <pre>
 	 * http.headers().defaultsDisabled().cacheControl();
 	 * </pre>
-	 *
 	 * @return the {@link HeadersConfigurer} for additional customization
 	 */
 	public HeadersConfigurer<H> defaultsDisabled() {
@@ -906,7 +885,6 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>> extends
 
 	/**
 	 * Creates the {@link HeaderWriter}
-	 *
 	 * @return the {@link HeaderWriter}
 	 */
 	private HeaderWriterFilter createHeaderWriterFilter() {
@@ -922,7 +900,6 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>> extends
 
 	/**
 	 * Gets the {@link HeaderWriter} instances and possibly initializes with the defaults.
-	 *
 	 * @return
 	 */
 	private List<HeaderWriter> getHeaderWriters() {
@@ -948,18 +925,21 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>> extends
 
 	/**
 	 * <p>
-	 * Allows configuration for <a href="https://www.w3.org/TR/referrer-policy/">Referrer Policy</a>.
+	 * Allows configuration for <a href="https://www.w3.org/TR/referrer-policy/">Referrer
+	 * Policy</a>.
 	 * </p>
 	 *
 	 * <p>
-	 * Configuration is provided to the {@link ReferrerPolicyHeaderWriter} which support the writing
-	 * of the header as detailed in the W3C Technical Report:
+	 * Configuration is provided to the {@link ReferrerPolicyHeaderWriter} which support
+	 * the writing of the header as detailed in the W3C Technical Report:
 	 * </p>
 	 * <ul>
-	 *  <li>Referrer-Policy</li>
+	 * <li>Referrer-Policy</li>
 	 * </ul>
 	 *
-	 * <p>Default value is:</p>
+	 * <p>
+	 * Default value is:
+	 * </p>
 	 *
 	 * <pre>
 	 * Referrer-Policy: no-referrer
@@ -976,15 +956,16 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>> extends
 
 	/**
 	 * <p>
-	 * Allows configuration for <a href="https://www.w3.org/TR/referrer-policy/">Referrer Policy</a>.
+	 * Allows configuration for <a href="https://www.w3.org/TR/referrer-policy/">Referrer
+	 * Policy</a>.
 	 * </p>
 	 *
 	 * <p>
-	 * Configuration is provided to the {@link ReferrerPolicyHeaderWriter} which support the writing
-	 * of the header as detailed in the W3C Technical Report:
+	 * Configuration is provided to the {@link ReferrerPolicyHeaderWriter} which support
+	 * the writing of the header as detailed in the W3C Technical Report:
 	 * </p>
 	 * <ul>
-	 *  <li>Referrer-Policy</li>
+	 * <li>Referrer-Policy</li>
 	 * </ul>
 	 *
 	 * @see ReferrerPolicyHeaderWriter
@@ -999,15 +980,16 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>> extends
 
 	/**
 	 * <p>
-	 * Allows configuration for <a href="https://www.w3.org/TR/referrer-policy/">Referrer Policy</a>.
+	 * Allows configuration for <a href="https://www.w3.org/TR/referrer-policy/">Referrer
+	 * Policy</a>.
 	 * </p>
 	 *
 	 * <p>
-	 * Configuration is provided to the {@link ReferrerPolicyHeaderWriter} which support the writing
-	 * of the header as detailed in the W3C Technical Report:
+	 * Configuration is provided to the {@link ReferrerPolicyHeaderWriter} which support
+	 * the writing of the header as detailed in the W3C Technical Report:
 	 * </p>
 	 * <ul>
-	 *  <li>Referrer-Policy</li>
+	 * <li>Referrer-Policy</li>
 	 * </ul>
 	 *
 	 * @see ReferrerPolicyHeaderWriter
@@ -1030,7 +1012,6 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>> extends
 
 		/**
 		 * Sets the policy to be used in the response header.
-		 *
 		 * @param policy a referrer policy
 		 * @return the {@link ReferrerPolicyConfig} for additional configuration
 		 * @throws IllegalArgumentException if policy is null
@@ -1076,7 +1057,6 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>> extends
 		/**
 		 * Allows completing configuration of Feature Policy and continuing configuration
 		 * of headers.
-		 *
 		 * @return the {@link HeadersConfigurer} for additional configuration
 		 */
 		public HeadersConfigurer<H> and() {
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HttpBasicConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HttpBasicConfigurer.java
index e4defae601..6bddc681af 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HttpBasicConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HttpBasicConfigurer.java
@@ -53,8 +53,7 @@ import org.springframework.web.accept.HeaderContentNegotiationStrategy;
  * The following Filters are populated
  *
  * <ul>
- * <li>
- * {@link BasicAuthenticationFilter}</li>
+ * <li>{@link BasicAuthenticationFilter}</li>
  * </ul>
  *
  * <h2>Shared Objects Created</h2>
@@ -77,16 +76,18 @@ import org.springframework.web.accept.HeaderContentNegotiationStrategy;
  * @author Rob Winch
  * @since 3.2
  */
-public final class HttpBasicConfigurer<B extends HttpSecurityBuilder<B>> extends
-		AbstractHttpConfigurer<HttpBasicConfigurer<B>, B> {
+public final class HttpBasicConfigurer<B extends HttpSecurityBuilder<B>>
+		extends AbstractHttpConfigurer<HttpBasicConfigurer<B>, B> {
 
-	private static final RequestHeaderRequestMatcher X_REQUESTED_WITH = new RequestHeaderRequestMatcher("X-Requested-With",
-			"XMLHttpRequest");
+	private static final RequestHeaderRequestMatcher X_REQUESTED_WITH = new RequestHeaderRequestMatcher(
+			"X-Requested-With", "XMLHttpRequest");
 
 	private static final String DEFAULT_REALM = "Realm";
 
 	private AuthenticationEntryPoint authenticationEntryPoint;
+
 	private AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource;
+
 	private BasicAuthenticationEntryPoint basicAuthEntryPoint = new BasicAuthenticationEntryPoint();
 
 	/**
@@ -99,8 +100,7 @@ public final class HttpBasicConfigurer<B extends HttpSecurityBuilder<B>> extends
 		LinkedHashMap<RequestMatcher, AuthenticationEntryPoint> entryPoints = new LinkedHashMap<>();
 		entryPoints.put(X_REQUESTED_WITH, new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED));
 
-		DelegatingAuthenticationEntryPoint defaultEntryPoint = new DelegatingAuthenticationEntryPoint(
-				entryPoints);
+		DelegatingAuthenticationEntryPoint defaultEntryPoint = new DelegatingAuthenticationEntryPoint(entryPoints);
 		defaultEntryPoint.setDefaultEntryPoint(this.basicAuthEntryPoint);
 		this.authenticationEntryPoint = defaultEntryPoint;
 	}
@@ -109,7 +109,6 @@ public final class HttpBasicConfigurer<B extends HttpSecurityBuilder<B>> extends
 	 * Allows easily changing the realm, but leaving the remaining defaults in place. If
 	 * {@link #authenticationEntryPoint(AuthenticationEntryPoint)} has been invoked,
 	 * invoking this method will result in an error.
-	 *
 	 * @param realmName the HTTP Basic realm to use
 	 * @return {@link HttpBasicConfigurer} for additional customization
 	 */
@@ -122,14 +121,11 @@ public final class HttpBasicConfigurer<B extends HttpSecurityBuilder<B>> extends
 	/**
 	 * The {@link AuthenticationEntryPoint} to be populated on
 	 * {@link BasicAuthenticationFilter} in the event that authentication fails. The
-	 * default to use {@link BasicAuthenticationEntryPoint} with the realm
-	 * "Realm".
-	 *
+	 * default to use {@link BasicAuthenticationEntryPoint} with the realm "Realm".
 	 * @param authenticationEntryPoint the {@link AuthenticationEntryPoint} to use
 	 * @return {@link HttpBasicConfigurer} for additional customization
 	 */
-	public HttpBasicConfigurer<B> authenticationEntryPoint(
-			AuthenticationEntryPoint authenticationEntryPoint) {
+	public HttpBasicConfigurer<B> authenticationEntryPoint(AuthenticationEntryPoint authenticationEntryPoint) {
 		this.authenticationEntryPoint = authenticationEntryPoint;
 		return this;
 	}
@@ -137,7 +133,6 @@ public final class HttpBasicConfigurer<B extends HttpSecurityBuilder<B>> extends
 	/**
 	 * Specifies a custom {@link AuthenticationDetailsSource} to use for basic
 	 * authentication. The default is {@link WebAuthenticationDetailsSource}.
-	 *
 	 * @param authenticationDetailsSource the custom {@link AuthenticationDetailsSource}
 	 * to use
 	 * @return {@link HttpBasicConfigurer} for additional customization
@@ -154,47 +149,43 @@ public final class HttpBasicConfigurer<B extends HttpSecurityBuilder<B>> extends
 	}
 
 	private void registerDefaults(B http) {
-		ContentNegotiationStrategy contentNegotiationStrategy = http
-				.getSharedObject(ContentNegotiationStrategy.class);
+		ContentNegotiationStrategy contentNegotiationStrategy = http.getSharedObject(ContentNegotiationStrategy.class);
 		if (contentNegotiationStrategy == null) {
 			contentNegotiationStrategy = new HeaderContentNegotiationStrategy();
 		}
 
-		MediaTypeRequestMatcher restMatcher = new MediaTypeRequestMatcher(
-				contentNegotiationStrategy, MediaType.APPLICATION_ATOM_XML,
-				MediaType.APPLICATION_FORM_URLENCODED, MediaType.APPLICATION_JSON,
-				MediaType.APPLICATION_OCTET_STREAM, MediaType.APPLICATION_XML,
-				MediaType.MULTIPART_FORM_DATA, MediaType.TEXT_XML);
+		MediaTypeRequestMatcher restMatcher = new MediaTypeRequestMatcher(contentNegotiationStrategy,
+				MediaType.APPLICATION_ATOM_XML, MediaType.APPLICATION_FORM_URLENCODED, MediaType.APPLICATION_JSON,
+				MediaType.APPLICATION_OCTET_STREAM, MediaType.APPLICATION_XML, MediaType.MULTIPART_FORM_DATA,
+				MediaType.TEXT_XML);
 		restMatcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL));
 
 		MediaTypeRequestMatcher allMatcher = new MediaTypeRequestMatcher(contentNegotiationStrategy, MediaType.ALL);
 		allMatcher.setUseEquals(true);
 
 		RequestMatcher notHtmlMatcher = new NegatedRequestMatcher(
-				new MediaTypeRequestMatcher(contentNegotiationStrategy,
-						MediaType.TEXT_HTML));
+				new MediaTypeRequestMatcher(contentNegotiationStrategy, MediaType.TEXT_HTML));
 		RequestMatcher restNotHtmlMatcher = new AndRequestMatcher(
 				Arrays.<RequestMatcher>asList(notHtmlMatcher, restMatcher));
 
-		RequestMatcher preferredMatcher = new OrRequestMatcher(Arrays.asList(X_REQUESTED_WITH, restNotHtmlMatcher, allMatcher));
+		RequestMatcher preferredMatcher = new OrRequestMatcher(
+				Arrays.asList(X_REQUESTED_WITH, restNotHtmlMatcher, allMatcher));
 
 		registerDefaultEntryPoint(http, preferredMatcher);
 		registerDefaultLogoutSuccessHandler(http, preferredMatcher);
 	}
 
 	private void registerDefaultEntryPoint(B http, RequestMatcher preferredMatcher) {
-		ExceptionHandlingConfigurer<B> exceptionHandling = http
-				.getConfigurer(ExceptionHandlingConfigurer.class);
+		ExceptionHandlingConfigurer<B> exceptionHandling = http.getConfigurer(ExceptionHandlingConfigurer.class);
 		if (exceptionHandling == null) {
 			return;
 		}
-		exceptionHandling.defaultAuthenticationEntryPointFor(
-				postProcess(this.authenticationEntryPoint), preferredMatcher);
+		exceptionHandling.defaultAuthenticationEntryPointFor(postProcess(this.authenticationEntryPoint),
+				preferredMatcher);
 	}
 
 	private void registerDefaultLogoutSuccessHandler(B http, RequestMatcher preferredMatcher) {
-		LogoutConfigurer<B> logout = http
-				.getConfigurer(LogoutConfigurer.class);
+		LogoutConfigurer<B> logout = http.getConfigurer(LogoutConfigurer.class);
 		if (logout == null) {
 			return;
 		}
@@ -204,13 +195,11 @@ public final class HttpBasicConfigurer<B extends HttpSecurityBuilder<B>> extends
 
 	@Override
 	public void configure(B http) {
-		AuthenticationManager authenticationManager = http
-				.getSharedObject(AuthenticationManager.class);
-		BasicAuthenticationFilter basicAuthenticationFilter = new BasicAuthenticationFilter(
-				authenticationManager, this.authenticationEntryPoint);
+		AuthenticationManager authenticationManager = http.getSharedObject(AuthenticationManager.class);
+		BasicAuthenticationFilter basicAuthenticationFilter = new BasicAuthenticationFilter(authenticationManager,
+				this.authenticationEntryPoint);
 		if (this.authenticationDetailsSource != null) {
-			basicAuthenticationFilter
-					.setAuthenticationDetailsSource(this.authenticationDetailsSource);
+			basicAuthenticationFilter.setAuthenticationDetailsSource(this.authenticationDetailsSource);
 		}
 		RememberMeServices rememberMeServices = http.getSharedObject(RememberMeServices.class);
 		if (rememberMeServices != null) {
@@ -219,4 +208,5 @@ public final class HttpBasicConfigurer<B extends HttpSecurityBuilder<B>> extends
 		basicAuthenticationFilter = postProcess(basicAuthenticationFilter);
 		http.addFilter(basicAuthenticationFilter);
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/JeeConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/JeeConfigurer.java
index 45abc6b156..67151567e6 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/JeeConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/JeeConfigurer.java
@@ -42,15 +42,13 @@ import org.springframework.security.web.authentication.preauth.j2ee.J2eePreAuthe
  * The following Filters are populated
  *
  * <ul>
- * <li>
- * {@link J2eePreAuthenticatedProcessingFilter}</li>
+ * <li>{@link J2eePreAuthenticatedProcessingFilter}</li>
  * </ul>
  *
  * <h2>Shared Objects Created</h2>
  *
  * <ul>
- * <li>
- * {@link AuthenticationEntryPoint} is populated with an
+ * <li>{@link AuthenticationEntryPoint} is populated with an
  * {@link Http403ForbiddenEntryPoint}</li>
  * <li>A {@link PreAuthenticatedAuthenticationProvider} is populated into
  * {@link HttpSecurity#authenticationProvider(org.springframework.security.authentication.AuthenticationProvider)}
@@ -68,10 +66,12 @@ import org.springframework.security.web.authentication.preauth.j2ee.J2eePreAuthe
  * @author Rob Winch
  * @since 3.2
  */
-public final class JeeConfigurer<H extends HttpSecurityBuilder<H>> extends
-		AbstractHttpConfigurer<JeeConfigurer<H>, H> {
+public final class JeeConfigurer<H extends HttpSecurityBuilder<H>> extends AbstractHttpConfigurer<JeeConfigurer<H>, H> {
+
 	private J2eePreAuthenticatedProcessingFilter j2eePreAuthenticatedProcessingFilter;
+
 	private AuthenticationUserDetailsService<PreAuthenticatedAuthenticationToken> authenticationUserDetailsService;
+
 	private Set<String> mappableRoles = new HashSet<>();
 
 	/**
@@ -91,7 +91,6 @@ public final class JeeConfigurer<H extends HttpSecurityBuilder<H>> extends
 	 * <p>
 	 * There are no default roles that are mapped.
 	 * </p>
-	 *
 	 * @param mappableRoles the roles to attempt to map to the {@link UserDetails} (i.e.
 	 * "ROLE_USER", "ROLE_ADMIN", etc).
 	 * @return the {@link JeeConfigurer} for further customizations
@@ -117,7 +116,6 @@ public final class JeeConfigurer<H extends HttpSecurityBuilder<H>> extends
 	 * <p>
 	 * There are no default roles that are mapped.
 	 * </p>
-	 *
 	 * @param mappableRoles the roles to attempt to map to the {@link UserDetails} (i.e.
 	 * "USER", "ADMIN", etc).
 	 * @return the {@link JeeConfigurer} for further customizations
@@ -142,7 +140,6 @@ public final class JeeConfigurer<H extends HttpSecurityBuilder<H>> extends
 	 * <p>
 	 * There are no default roles that are mapped.
 	 * </p>
-	 *
 	 * @param mappableRoles the roles to attempt to map to the {@link UserDetails}.
 	 * @return the {@link JeeConfigurer} for further customizations
 	 * @see SimpleMappableAttributesRetriever
@@ -156,7 +153,6 @@ public final class JeeConfigurer<H extends HttpSecurityBuilder<H>> extends
 	 * Specifies the {@link AuthenticationUserDetailsService} that is used with the
 	 * {@link PreAuthenticatedAuthenticationProvider}. The default is a
 	 * {@link PreAuthenticatedGrantedAuthoritiesUserDetailsService}.
-	 *
 	 * @param authenticatedUserDetailsService the {@link AuthenticationUserDetailsService}
 	 * to use.
 	 * @return the {@link JeeConfigurer} for further configuration
@@ -172,7 +168,6 @@ public final class JeeConfigurer<H extends HttpSecurityBuilder<H>> extends
 	 * {@link J2eePreAuthenticatedProcessingFilter} is provided, all of its attributes
 	 * must also be configured manually (i.e. all attributes populated in the
 	 * {@link JeeConfigurer} are not used).
-	 *
 	 * @param j2eePreAuthenticatedProcessingFilter the
 	 * {@link J2eePreAuthenticatedProcessingFilter} to use.
 	 * @return the {@link JeeConfigurer} for further configuration
@@ -194,8 +189,7 @@ public final class JeeConfigurer<H extends HttpSecurityBuilder<H>> extends
 	@Override
 	public void init(H http) {
 		PreAuthenticatedAuthenticationProvider authenticationProvider = new PreAuthenticatedAuthenticationProvider();
-		authenticationProvider
-				.setPreAuthenticatedUserDetailsService(getUserDetailsService());
+		authenticationProvider.setPreAuthenticatedUserDetailsService(getUserDetailsService());
 		authenticationProvider = postProcess(authenticationProvider);
 
 		// @formatter:off
@@ -207,8 +201,7 @@ public final class JeeConfigurer<H extends HttpSecurityBuilder<H>> extends
 
 	@Override
 	public void configure(H http) {
-		J2eePreAuthenticatedProcessingFilter filter = getFilter(http
-				.getSharedObject(AuthenticationManager.class));
+		J2eePreAuthenticatedProcessingFilter filter = getFilter(http.getSharedObject(AuthenticationManager.class));
 		http.addFilter(filter);
 	}
 
@@ -218,14 +211,11 @@ public final class JeeConfigurer<H extends HttpSecurityBuilder<H>> extends
 	 * @param authenticationManager the {@link AuthenticationManager} to use.
 	 * @return the {@link J2eePreAuthenticatedProcessingFilter} to use.
 	 */
-	private J2eePreAuthenticatedProcessingFilter getFilter(
-			AuthenticationManager authenticationManager) {
+	private J2eePreAuthenticatedProcessingFilter getFilter(AuthenticationManager authenticationManager) {
 		if (j2eePreAuthenticatedProcessingFilter == null) {
 			j2eePreAuthenticatedProcessingFilter = new J2eePreAuthenticatedProcessingFilter();
-			j2eePreAuthenticatedProcessingFilter
-					.setAuthenticationManager(authenticationManager);
-			j2eePreAuthenticatedProcessingFilter
-					.setAuthenticationDetailsSource(createWebAuthenticationDetailsSource());
+			j2eePreAuthenticatedProcessingFilter.setAuthenticationManager(authenticationManager);
+			j2eePreAuthenticatedProcessingFilter.setAuthenticationDetailsSource(createWebAuthenticationDetailsSource());
 			j2eePreAuthenticatedProcessingFilter = postProcess(j2eePreAuthenticatedProcessingFilter);
 		}
 
@@ -235,7 +225,6 @@ public final class JeeConfigurer<H extends HttpSecurityBuilder<H>> extends
 	/**
 	 * Gets the {@link AuthenticationUserDetailsService} that was specified or defaults to
 	 * {@link PreAuthenticatedGrantedAuthoritiesUserDetailsService}.
-	 *
 	 * @return the {@link AuthenticationUserDetailsService} to use
 	 */
 	private AuthenticationUserDetailsService<PreAuthenticatedAuthenticationToken> getUserDetailsService() {
@@ -247,7 +236,6 @@ public final class JeeConfigurer<H extends HttpSecurityBuilder<H>> extends
 	 * Creates the {@link J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource} to set
 	 * on the {@link J2eePreAuthenticatedProcessingFilter}. It is populated with a
 	 * {@link SimpleMappableAttributesRetriever}.
-	 *
 	 * @return the {@link J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource} to use.
 	 */
 	private J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource createWebAuthenticationDetailsSource() {
@@ -259,4 +247,5 @@ public final class JeeConfigurer<H extends HttpSecurityBuilder<H>> extends
 		detailsSource = postProcess(detailsSource);
 		return detailsSource;
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurer.java
index 4f5d09833f..da0028a54f 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurer.java
@@ -41,15 +41,15 @@ import org.springframework.util.Assert;
 
 /**
  * Adds logout support. Other {@link SecurityConfigurer} instances may invoke
- * {@link #addLogoutHandler(LogoutHandler)} in the {@link #init(HttpSecurityBuilder)} phase.
+ * {@link #addLogoutHandler(LogoutHandler)} in the {@link #init(HttpSecurityBuilder)}
+ * phase.
  *
  * <h2>Security Filters</h2>
  *
  * The following Filters are populated
  *
  * <ul>
- * <li>
- * {@link LogoutFilter}</li>
+ * <li>{@link LogoutFilter}</li>
  * </ul>
  *
  * <h2>Shared Objects Created</h2>
@@ -65,19 +65,26 @@ import org.springframework.util.Assert;
  * @since 3.2
  * @see RememberMeConfigurer
  */
-public final class LogoutConfigurer<H extends HttpSecurityBuilder<H>> extends
-		AbstractHttpConfigurer<LogoutConfigurer<H>, H> {
+public final class LogoutConfigurer<H extends HttpSecurityBuilder<H>>
+		extends AbstractHttpConfigurer<LogoutConfigurer<H>, H> {
+
 	private List<LogoutHandler> logoutHandlers = new ArrayList<>();
+
 	private SecurityContextLogoutHandler contextLogoutHandler = new SecurityContextLogoutHandler();
+
 	private String logoutSuccessUrl = "/login?logout";
+
 	private LogoutSuccessHandler logoutSuccessHandler;
+
 	private String logoutUrl = "/logout";
+
 	private RequestMatcher logoutRequestMatcher;
+
 	private boolean permitAll;
+
 	private boolean customLogoutSuccess;
 
-	private LinkedHashMap<RequestMatcher, LogoutSuccessHandler> defaultLogoutSuccessHandlerMappings =
-			new LinkedHashMap<>();
+	private LinkedHashMap<RequestMatcher, LogoutSuccessHandler> defaultLogoutSuccessHandlerMappings = new LinkedHashMap<>();
 
 	/**
 	 * Creates a new instance
@@ -87,10 +94,9 @@ public final class LogoutConfigurer<H extends HttpSecurityBuilder<H>> extends
 	}
 
 	/**
-	 * Adds a {@link LogoutHandler}.
-	 * {@link SecurityContextLogoutHandler} and {@link LogoutSuccessEventPublishingLogoutHandler} are added as
-	 * last {@link LogoutHandler} instances by default.
-	 *
+	 * Adds a {@link LogoutHandler}. {@link SecurityContextLogoutHandler} and
+	 * {@link LogoutSuccessEventPublishingLogoutHandler} are added as last
+	 * {@link LogoutHandler} instances by default.
 	 * @param logoutHandler the {@link LogoutHandler} to add
 	 * @return the {@link LogoutConfigurer} for further customization
 	 */
@@ -101,8 +107,10 @@ public final class LogoutConfigurer<H extends HttpSecurityBuilder<H>> extends
 	}
 
 	/**
-	 * Specifies if {@link SecurityContextLogoutHandler} should clear the {@link Authentication} at the time of logout.
-	 * @param clearAuthentication true {@link SecurityContextLogoutHandler} should clear the {@link Authentication} (default), or false otherwise.
+	 * Specifies if {@link SecurityContextLogoutHandler} should clear the
+	 * {@link Authentication} at the time of logout.
+	 * @param clearAuthentication true {@link SecurityContextLogoutHandler} should clear
+	 * the {@link Authentication} (default), or false otherwise.
 	 * @return the {@link LogoutConfigurer} for further customization
 	 */
 	public LogoutConfigurer<H> clearAuthentication(boolean clearAuthentication) {
@@ -110,7 +118,6 @@ public final class LogoutConfigurer<H extends HttpSecurityBuilder<H>> extends
 		return this;
 	}
 
-
 	/**
 	 * Configures {@link SecurityContextLogoutHandler} to invalidate the
 	 * {@link HttpSession} at the time of logout.
@@ -131,15 +138,14 @@ public final class LogoutConfigurer<H extends HttpSecurityBuilder<H>> extends
 	 *
 	 * <p>
 	 * It is considered best practice to use an HTTP POST on any action that changes state
-	 * (i.e. log out) to protect against <a
-	 * href="https://en.wikipedia.org/wiki/Cross-site_request_forgery">CSRF attacks</a>. If
-	 * you really want to use an HTTP GET, you can use
+	 * (i.e. log out) to protect against
+	 * <a href="https://en.wikipedia.org/wiki/Cross-site_request_forgery">CSRF
+	 * attacks</a>. If you really want to use an HTTP GET, you can use
 	 * <code>logoutRequestMatcher(new AntPathRequestMatcher(logoutUrl, "GET"));</code>
 	 * </p>
 	 *
 	 * @see #logoutRequestMatcher(RequestMatcher)
 	 * @see HttpSecurity#csrf()
-	 *
 	 * @param logoutUrl the URL that will invoke logout.
 	 * @return the {@link LogoutConfigurer} for further customization
 	 */
@@ -154,7 +160,6 @@ public final class LogoutConfigurer<H extends HttpSecurityBuilder<H>> extends
 	 * use {@link #logoutUrl(String)} which helps enforce good practices.
 	 *
 	 * @see #logoutUrl(String)
-	 *
 	 * @param logoutRequestMatcher the RequestMatcher used to determine if logout should
 	 * occur.
 	 * @return the {@link LogoutConfigurer} for further customization
@@ -168,7 +173,6 @@ public final class LogoutConfigurer<H extends HttpSecurityBuilder<H>> extends
 	 * The URL to redirect to after logout has occurred. The default is "/login?logout".
 	 * This is a shortcut for invoking {@link #logoutSuccessHandler(LogoutSuccessHandler)}
 	 * with a {@link SimpleUrlLogoutSuccessHandler}.
-	 *
 	 * @param logoutSuccessUrl the URL to redirect to after logout occurred
 	 * @return the {@link LogoutConfigurer} for further customization
 	 */
@@ -190,7 +194,6 @@ public final class LogoutConfigurer<H extends HttpSecurityBuilder<H>> extends
 	 * Allows specifying the names of cookies to be removed on logout success. This is a
 	 * shortcut to easily invoke {@link #addLogoutHandler(LogoutHandler)} with a
 	 * {@link CookieClearingLogoutHandler}.
-	 *
 	 * @param cookieNamesToClear the names of cookies to be removed on logout success.
 	 * @return the {@link LogoutConfigurer} for further customization
 	 */
@@ -201,13 +204,11 @@ public final class LogoutConfigurer<H extends HttpSecurityBuilder<H>> extends
 	/**
 	 * Sets the {@link LogoutSuccessHandler} to use. If this is specified,
 	 * {@link #logoutSuccessUrl(String)} is ignored.
-	 *
 	 * @param logoutSuccessHandler the {@link LogoutSuccessHandler} to use after a user
 	 * has been logged out.
 	 * @return the {@link LogoutConfigurer} for further customizations
 	 */
-	public LogoutConfigurer<H> logoutSuccessHandler(
-			LogoutSuccessHandler logoutSuccessHandler) {
+	public LogoutConfigurer<H> logoutSuccessHandler(LogoutSuccessHandler logoutSuccessHandler) {
 		this.logoutSuccessUrl = null;
 		this.customLogoutSuccess = true;
 		this.logoutSuccessHandler = logoutSuccessHandler;
@@ -217,18 +218,17 @@ public final class LogoutConfigurer<H extends HttpSecurityBuilder<H>> extends
 	/**
 	 * Sets a default {@link LogoutSuccessHandler} to be used which prefers being invoked
 	 * for the provided {@link RequestMatcher}. If no {@link LogoutSuccessHandler} is
-	 * specified a {@link SimpleUrlLogoutSuccessHandler} will be used.
-	 * If any default {@link LogoutSuccessHandler} instances are configured, then a
+	 * specified a {@link SimpleUrlLogoutSuccessHandler} will be used. If any default
+	 * {@link LogoutSuccessHandler} instances are configured, then a
 	 * {@link DelegatingLogoutSuccessHandler} will be used that defaults to a
 	 * {@link SimpleUrlLogoutSuccessHandler}.
-	 *
 	 * @param handler the {@link LogoutSuccessHandler} to use
 	 * @param preferredMatcher the {@link RequestMatcher} for this default
 	 * {@link LogoutSuccessHandler}
 	 * @return the {@link LogoutConfigurer} for further customizations
 	 */
-	public LogoutConfigurer<H> defaultLogoutSuccessHandlerFor(
-			LogoutSuccessHandler handler, RequestMatcher preferredMatcher) {
+	public LogoutConfigurer<H> defaultLogoutSuccessHandlerFor(LogoutSuccessHandler handler,
+			RequestMatcher preferredMatcher) {
 		Assert.notNull(handler, "handler cannot be null");
 		Assert.notNull(preferredMatcher, "preferredMatcher cannot be null");
 		this.defaultLogoutSuccessHandlerMappings.put(preferredMatcher, handler);
@@ -238,7 +238,6 @@ public final class LogoutConfigurer<H extends HttpSecurityBuilder<H>> extends
 	/**
 	 * Grants access to the {@link #logoutSuccessUrl(String)} and the
 	 * {@link #logoutUrl(String)} for every user.
-	 *
 	 * @param permitAll if true grants access, else nothing is done
 	 * @return the {@link LogoutConfigurer} for further customization.
 	 */
@@ -250,7 +249,6 @@ public final class LogoutConfigurer<H extends HttpSecurityBuilder<H>> extends
 	/**
 	 * Gets the {@link LogoutSuccessHandler} if not null, otherwise creates a new
 	 * {@link SimpleUrlLogoutSuccessHandler} using the {@link #logoutSuccessUrl(String)}.
-	 *
 	 * @return the {@link LogoutSuccessHandler} to use
 	 */
 	private LogoutSuccessHandler getLogoutSuccessHandler() {
@@ -267,7 +265,8 @@ public final class LogoutConfigurer<H extends HttpSecurityBuilder<H>> extends
 		if (defaultLogoutSuccessHandlerMappings.isEmpty()) {
 			return urlLogoutHandler;
 		}
-		DelegatingLogoutSuccessHandler successHandler = new DelegatingLogoutSuccessHandler(defaultLogoutSuccessHandlerMappings);
+		DelegatingLogoutSuccessHandler successHandler = new DelegatingLogoutSuccessHandler(
+				defaultLogoutSuccessHandlerMappings);
 		successHandler.setDefaultLogoutSuccessHandler(urlLogoutHandler);
 		return successHandler;
 	}
@@ -296,7 +295,6 @@ public final class LogoutConfigurer<H extends HttpSecurityBuilder<H>> extends
 	 * Returns true if the logout success has been customized via
 	 * {@link #logoutSuccessUrl(String)} or
 	 * {@link #logoutSuccessHandler(LogoutSuccessHandler)}.
-	 *
 	 * @return true if logout success handling has been customized, else false
 	 */
 	boolean isCustomLogoutSuccess() {
@@ -306,7 +304,6 @@ public final class LogoutConfigurer<H extends HttpSecurityBuilder<H>> extends
 	/**
 	 * Gets the logoutSuccesUrl or null if a
 	 * {@link #logoutSuccessHandler(LogoutSuccessHandler)} was configured.
-	 *
 	 * @return the logoutSuccessUrl
 	 */
 	private String getLogoutSuccessUrl() {
@@ -325,15 +322,13 @@ public final class LogoutConfigurer<H extends HttpSecurityBuilder<H>> extends
 	 * Creates the {@link LogoutFilter} using the {@link LogoutHandler} instances, the
 	 * {@link #logoutSuccessHandler(LogoutSuccessHandler)} and the
 	 * {@link #logoutUrl(String)}.
-	 *
 	 * @param http the builder to use
 	 * @return the {@link LogoutFilter} to use.
 	 */
 	private LogoutFilter createLogoutFilter(H http) {
 		logoutHandlers.add(contextLogoutHandler);
 		logoutHandlers.add(postProcess(new LogoutSuccessEventPublishingLogoutHandler()));
-		LogoutHandler[] handlers = logoutHandlers
-				.toArray(new LogoutHandler[0]);
+		LogoutHandler[] handlers = logoutHandlers.toArray(new LogoutHandler[0]);
 		LogoutFilter result = new LogoutFilter(getLogoutSuccessHandler(), handlers);
 		result.setLogoutRequestMatcher(getLogoutRequestMatcher(http));
 		result = postProcess(result);
@@ -349,13 +344,11 @@ public final class LogoutConfigurer<H extends HttpSecurityBuilder<H>> extends
 			this.logoutRequestMatcher = new AntPathRequestMatcher(this.logoutUrl, "POST");
 		}
 		else {
-			this.logoutRequestMatcher = new OrRequestMatcher(
-				new AntPathRequestMatcher(this.logoutUrl, "GET"),
-				new AntPathRequestMatcher(this.logoutUrl, "POST"),
-				new AntPathRequestMatcher(this.logoutUrl, "PUT"),
-				new AntPathRequestMatcher(this.logoutUrl, "DELETE")
-			);
+			this.logoutRequestMatcher = new OrRequestMatcher(new AntPathRequestMatcher(this.logoutUrl, "GET"),
+					new AntPathRequestMatcher(this.logoutUrl, "POST"), new AntPathRequestMatcher(this.logoutUrl, "PUT"),
+					new AntPathRequestMatcher(this.logoutUrl, "DELETE"));
 		}
 		return this.logoutRequestMatcher;
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/PermitAllSupport.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/PermitAllSupport.java
index c500e9e283..78ebe6417d 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/PermitAllSupport.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/PermitAllSupport.java
@@ -24,13 +24,13 @@ import org.springframework.security.web.util.matcher.RequestMatcher;
 
 /**
  * Configures non-null URL's to grant access to every URL
+ *
  * @author Rob Winch
  * @since 3.2
  */
 final class PermitAllSupport {
 
-	public static void permitAll(
-			HttpSecurityBuilder<? extends HttpSecurityBuilder<?>> http, String... urls) {
+	public static void permitAll(HttpSecurityBuilder<? extends HttpSecurityBuilder<?>> http, String... urls) {
 		for (String url : urls) {
 			if (url != null) {
 				permitAll(http, new ExactUrlRequestMatcher(url));
@@ -39,32 +39,25 @@ final class PermitAllSupport {
 	}
 
 	@SuppressWarnings("unchecked")
-	public static void permitAll(
-			HttpSecurityBuilder<? extends HttpSecurityBuilder<?>> http,
+	public static void permitAll(HttpSecurityBuilder<? extends HttpSecurityBuilder<?>> http,
 			RequestMatcher... requestMatchers) {
 		ExpressionUrlAuthorizationConfigurer<?> configurer = http
 				.getConfigurer(ExpressionUrlAuthorizationConfigurer.class);
 
 		if (configurer == null) {
-			throw new IllegalStateException(
-					"permitAll only works with HttpSecurity.authorizeRequests()");
+			throw new IllegalStateException("permitAll only works with HttpSecurity.authorizeRequests()");
 		}
 
 		for (RequestMatcher matcher : requestMatchers) {
 			if (matcher != null) {
-				configurer
-						.getRegistry()
-						.addMapping(
-								0,
-								new UrlMapping(
-										matcher,
-										SecurityConfig
-												.createList(ExpressionUrlAuthorizationConfigurer.permitAll)));
+				configurer.getRegistry().addMapping(0, new UrlMapping(matcher,
+						SecurityConfig.createList(ExpressionUrlAuthorizationConfigurer.permitAll)));
 			}
 		}
 	}
 
 	private final static class ExactUrlRequestMatcher implements RequestMatcher {
+
 		private String processUrl;
 
 		private ExactUrlRequestMatcher(String processUrl) {
@@ -92,8 +85,10 @@ final class PermitAllSupport {
 			sb.append("ExactUrl [processUrl='").append(processUrl).append("']");
 			return sb.toString();
 		}
+
 	}
 
 	private PermitAllSupport() {
 	}
+
 }
\ No newline at end of file
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/PortMapperConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/PortMapperConfigurer.java
index 74f77c1b57..983cc726b2 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/PortMapperConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/PortMapperConfigurer.java
@@ -31,9 +31,11 @@ import org.springframework.security.web.PortMapperImpl;
  * @author Rob Winch
  * @since 3.2
  */
-public final class PortMapperConfigurer<H extends HttpSecurityBuilder<H>> extends
-		AbstractHttpConfigurer<PortMapperConfigurer<H>, H> {
+public final class PortMapperConfigurer<H extends HttpSecurityBuilder<H>>
+		extends AbstractHttpConfigurer<PortMapperConfigurer<H>, H> {
+
 	private PortMapper portMapper;
+
 	private Map<String, String> httpsPortMappings = new HashMap<>();
 
 	/**
@@ -70,7 +72,6 @@ public final class PortMapperConfigurer<H extends HttpSecurityBuilder<H>> extend
 	 * Gets the {@link PortMapper} to use. If {@link #portMapper(PortMapper)} was not
 	 * invoked, builds a {@link PortMapperImpl} using the port mappings specified with
 	 * {@link #http(int)}.
-	 *
 	 * @return the {@link PortMapper} to use
 	 */
 	private PortMapper getPortMapper() {
@@ -90,6 +91,7 @@ public final class PortMapperConfigurer<H extends HttpSecurityBuilder<H>> extend
 	 * @since 3.2
 	 */
 	public final class HttpPortMapping {
+
 		private final int httpPort;
 
 		/**
@@ -110,5 +112,7 @@ public final class PortMapperConfigurer<H extends HttpSecurityBuilder<H>> extend
 			httpsPortMappings.put(String.valueOf(httpPort), String.valueOf(httpsPort));
 			return PortMapperConfigurer.this;
 		}
+
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurer.java
index 16e1cdfe51..878f11ed6c 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurer.java
@@ -79,21 +79,34 @@ import org.springframework.security.web.authentication.ui.DefaultLoginPageGenera
  */
 public final class RememberMeConfigurer<H extends HttpSecurityBuilder<H>>
 		extends AbstractHttpConfigurer<RememberMeConfigurer<H>, H> {
+
 	/**
 	 * The default name for remember me parameter name and remember me cookie name
 	 */
 	private static final String DEFAULT_REMEMBER_ME_NAME = "remember-me";
+
 	private AuthenticationSuccessHandler authenticationSuccessHandler;
+
 	private String key;
+
 	private RememberMeServices rememberMeServices;
+
 	private LogoutHandler logoutHandler;
+
 	private String rememberMeParameter = DEFAULT_REMEMBER_ME_NAME;
+
 	private String rememberMeCookieName = DEFAULT_REMEMBER_ME_NAME;
+
 	private String rememberMeCookieDomain;
+
 	private PersistentTokenRepository tokenRepository;
+
 	private UserDetailsService userDetailsService;
+
 	private Integer tokenValiditySeconds;
+
 	private Boolean useSecureCookie;
+
 	private Boolean alwaysRemember;
 
 	/**
@@ -104,7 +117,6 @@ public final class RememberMeConfigurer<H extends HttpSecurityBuilder<H>>
 
 	/**
 	 * Allows specifying how long (in seconds) a token is valid for
-	 *
 	 * @param tokenValiditySeconds
 	 * @return {@link RememberMeConfigurer} for further customization
 	 * @see AbstractRememberMeServices#setTokenValiditySeconds(int)
@@ -122,7 +134,6 @@ public final class RememberMeConfigurer<H extends HttpSecurityBuilder<H>>
 	 * By default the cookie will be secure if the request is secure. If you only want to
 	 * use remember-me over HTTPS (recommended) you should set this property to
 	 * {@code true}.
-	 *
 	 * @param useSecureCookie set to {@code true} to always user secure cookies,
 	 * {@code false} to disable their use.
 	 * @return the {@link RememberMeConfigurer} for further customization
@@ -140,13 +151,11 @@ public final class RememberMeConfigurer<H extends HttpSecurityBuilder<H>>
 	 * {@link HttpSecurity#getSharedObject(Class)} which is set when using
 	 * {@link WebSecurityConfigurerAdapter#configure(AuthenticationManagerBuilder)}.
 	 * Alternatively, one can populate {@link #rememberMeServices(RememberMeServices)}.
-	 *
 	 * @param userDetailsService the {@link UserDetailsService} to configure
 	 * @return the {@link RememberMeConfigurer} for further customization
 	 * @see AbstractRememberMeServices
 	 */
-	public RememberMeConfigurer<H> userDetailsService(
-			UserDetailsService userDetailsService) {
+	public RememberMeConfigurer<H> userDetailsService(UserDetailsService userDetailsService) {
 		this.userDetailsService = userDetailsService;
 		return this;
 	}
@@ -154,23 +163,19 @@ public final class RememberMeConfigurer<H extends HttpSecurityBuilder<H>>
 	/**
 	 * Specifies the {@link PersistentTokenRepository} to use. The default is to use
 	 * {@link TokenBasedRememberMeServices} instead.
-	 *
 	 * @param tokenRepository the {@link PersistentTokenRepository} to use
 	 * @return the {@link RememberMeConfigurer} for further customization
 	 */
-	public RememberMeConfigurer<H> tokenRepository(
-			PersistentTokenRepository tokenRepository) {
+	public RememberMeConfigurer<H> tokenRepository(PersistentTokenRepository tokenRepository) {
 		this.tokenRepository = tokenRepository;
 		return this;
 	}
 
 	/**
 	 * Sets the key to identify tokens created for remember me authentication. Default is
-	 * a secure randomly generated key.
-	 * If {@link #rememberMeServices(RememberMeServices)} is specified and is of type
-	 * {@link AbstractRememberMeServices}, then the default is the key set in
-	 * {@link AbstractRememberMeServices}.
-	 *
+	 * a secure randomly generated key. If {@link #rememberMeServices(RememberMeServices)}
+	 * is specified and is of type {@link AbstractRememberMeServices}, then the default is
+	 * the key set in {@link AbstractRememberMeServices}.
 	 * @param key the key to identify tokens created for remember me authentication
 	 * @return the {@link RememberMeConfigurer} for further customization
 	 */
@@ -181,7 +186,6 @@ public final class RememberMeConfigurer<H extends HttpSecurityBuilder<H>>
 
 	/**
 	 * The HTTP parameter used to indicate to remember the user at time of login.
-	 *
 	 * @param rememberMeParameter the HTTP parameter used to indicate to remember the user
 	 * @return the {@link RememberMeConfigurer} for further customization
 	 */
@@ -193,7 +197,6 @@ public final class RememberMeConfigurer<H extends HttpSecurityBuilder<H>>
 	/**
 	 * The name of cookie which store the token for remember me authentication. Defaults
 	 * to 'remember-me'.
-	 *
 	 * @param rememberMeCookieName the name of cookie which store the token for remember
 	 * me authentication
 	 * @return the {@link RememberMeConfigurer} for further customization
@@ -206,7 +209,6 @@ public final class RememberMeConfigurer<H extends HttpSecurityBuilder<H>>
 
 	/**
 	 * The domain name within which the remember me cookie is visible.
-	 *
 	 * @param rememberMeCookieDomain the domain name within which the remember me cookie
 	 * is visible.
 	 * @return the {@link RememberMeConfigurer} for further customization
@@ -224,7 +226,6 @@ public final class RememberMeConfigurer<H extends HttpSecurityBuilder<H>>
 	 * be invoked and the {@code doFilter()} method will return immediately, thus allowing
 	 * the application to redirect the user to a specific URL, regardless of what the
 	 * original request was for.
-	 *
 	 * @param authenticationSuccessHandler the strategy to invoke immediately before
 	 * returning from {@code doFilter()}.
 	 * @return {@link RememberMeConfigurer} for further customization
@@ -242,8 +243,7 @@ public final class RememberMeConfigurer<H extends HttpSecurityBuilder<H>>
 	 * @return the {@link RememberMeConfigurer} for further customizations
 	 * @see RememberMeServices
 	 */
-	public RememberMeConfigurer<H> rememberMeServices(
-			RememberMeServices rememberMeServices) {
+	public RememberMeConfigurer<H> rememberMeServices(RememberMeServices rememberMeServices) {
 		this.rememberMeServices = rememberMeServices;
 		return this;
 	}
@@ -253,7 +253,6 @@ public final class RememberMeConfigurer<H extends HttpSecurityBuilder<H>>
 	 * not set.
 	 * <p>
 	 * By default this will be set to {@code false}.
-	 *
 	 * @param alwaysRemember set to {@code true} to always trigger remember me,
 	 * {@code false} to use the remember-me parameter.
 	 * @return the {@link RememberMeConfigurer} for further customization
@@ -276,8 +275,7 @@ public final class RememberMeConfigurer<H extends HttpSecurityBuilder<H>>
 			logoutConfigurer.addLogoutHandler(this.logoutHandler);
 		}
 
-		RememberMeAuthenticationProvider authenticationProvider = new RememberMeAuthenticationProvider(
-				key);
+		RememberMeAuthenticationProvider authenticationProvider = new RememberMeAuthenticationProvider(key);
 		authenticationProvider = postProcess(authenticationProvider);
 		http.authenticationProvider(authenticationProvider);
 
@@ -287,24 +285,21 @@ public final class RememberMeConfigurer<H extends HttpSecurityBuilder<H>>
 	@Override
 	public void configure(H http) {
 		RememberMeAuthenticationFilter rememberMeFilter = new RememberMeAuthenticationFilter(
-				http.getSharedObject(AuthenticationManager.class),
-				this.rememberMeServices);
+				http.getSharedObject(AuthenticationManager.class), this.rememberMeServices);
 		if (this.authenticationSuccessHandler != null) {
-			rememberMeFilter
-					.setAuthenticationSuccessHandler(this.authenticationSuccessHandler);
+			rememberMeFilter.setAuthenticationSuccessHandler(this.authenticationSuccessHandler);
 		}
 		rememberMeFilter = postProcess(rememberMeFilter);
 		http.addFilter(rememberMeFilter);
 	}
 
 	/**
-	 * Validate rememberMeServices and rememberMeCookieName have not been set at
-	 * the same time.
+	 * Validate rememberMeServices and rememberMeCookieName have not been set at the same
+	 * time.
 	 */
 	private void validateInput() {
 		if (this.rememberMeServices != null && this.rememberMeCookieName != DEFAULT_REMEMBER_ME_NAME) {
-			throw new IllegalArgumentException("Can not set rememberMeCookieName " +
-					"and custom rememberMeServices.");
+			throw new IllegalArgumentException("Can not set rememberMeCookieName " + "and custom rememberMeServices.");
 		}
 	}
 
@@ -319,7 +314,6 @@ public final class RememberMeConfigurer<H extends HttpSecurityBuilder<H>>
 	/**
 	 * If available, initializes the {@link DefaultLoginPageGeneratingFilter} shared
 	 * object.
-	 *
 	 * @param http the {@link HttpSecurityBuilder} to use
 	 */
 	private void initDefaultLoginFilter(H http) {
@@ -337,17 +331,14 @@ public final class RememberMeConfigurer<H extends HttpSecurityBuilder<H>>
 	 * @return the {@link RememberMeServices} to use
 	 * @throws Exception
 	 */
-	private RememberMeServices getRememberMeServices(H http, String key)
-			throws Exception {
+	private RememberMeServices getRememberMeServices(H http, String key) throws Exception {
 		if (this.rememberMeServices != null) {
-			if (this.rememberMeServices instanceof LogoutHandler
-					&& this.logoutHandler == null) {
+			if (this.rememberMeServices instanceof LogoutHandler && this.logoutHandler == null) {
 				this.logoutHandler = (LogoutHandler) this.rememberMeServices;
 			}
 			return this.rememberMeServices;
 		}
-		AbstractRememberMeServices tokenRememberMeServices = createRememberMeServices(
-				http, key);
+		AbstractRememberMeServices tokenRememberMeServices = createRememberMeServices(http, key);
 		tokenRememberMeServices.setParameter(this.rememberMeParameter);
 		tokenRememberMeServices.setCookieName(this.rememberMeCookieName);
 		if (this.rememberMeCookieDomain != null) {
@@ -372,49 +363,41 @@ public final class RememberMeConfigurer<H extends HttpSecurityBuilder<H>>
 	 * Creates the {@link RememberMeServices} to use when none is provided. The result is
 	 * either {@link PersistentTokenRepository} (if a {@link PersistentTokenRepository} is
 	 * specified, else {@link TokenBasedRememberMeServices}.
-	 *
 	 * @param http the {@link HttpSecurity} to lookup shared objects
 	 * @param key the {@link #key(String)}
 	 * @return the {@link RememberMeServices} to use
 	 */
 	private AbstractRememberMeServices createRememberMeServices(H http, String key) {
-		return this.tokenRepository == null
-				? createTokenBasedRememberMeServices(http, key)
+		return this.tokenRepository == null ? createTokenBasedRememberMeServices(http, key)
 				: createPersistentRememberMeServices(http, key);
 	}
 
 	/**
 	 * Creates {@link TokenBasedRememberMeServices}
-	 *
 	 * @param http the {@link HttpSecurity} to lookup shared objects
 	 * @param key the {@link #key(String)}
 	 * @return the {@link TokenBasedRememberMeServices}
 	 */
-	private AbstractRememberMeServices createTokenBasedRememberMeServices(H http,
-			String key) {
+	private AbstractRememberMeServices createTokenBasedRememberMeServices(H http, String key) {
 		UserDetailsService userDetailsService = getUserDetailsService(http);
 		return new TokenBasedRememberMeServices(key, userDetailsService);
 	}
 
 	/**
 	 * Creates {@link PersistentTokenBasedRememberMeServices}
-	 *
 	 * @param http the {@link HttpSecurity} to lookup shared objects
 	 * @param key the {@link #key(String)}
 	 * @return the {@link PersistentTokenBasedRememberMeServices}
 	 */
-	private AbstractRememberMeServices createPersistentRememberMeServices(H http,
-			String key) {
+	private AbstractRememberMeServices createPersistentRememberMeServices(H http, String key) {
 		UserDetailsService userDetailsService = getUserDetailsService(http);
-		return new PersistentTokenBasedRememberMeServices(key, userDetailsService,
-				this.tokenRepository);
+		return new PersistentTokenBasedRememberMeServices(key, userDetailsService, this.tokenRepository);
 	}
 
 	/**
 	 * Gets the {@link UserDetailsService} to use. Either the explicitly configure
 	 * {@link UserDetailsService} from {@link #userDetailsService(UserDetailsService)} or
 	 * a shared object from {@link HttpSecurity#getSharedObject(Class)}.
-	 *
 	 * @param http {@link HttpSecurity} to get the shared {@link UserDetailsService}
 	 * @return the {@link UserDetailsService} to use
 	 */
@@ -423,31 +406,31 @@ public final class RememberMeConfigurer<H extends HttpSecurityBuilder<H>>
 			this.userDetailsService = http.getSharedObject(UserDetailsService.class);
 		}
 		if (this.userDetailsService == null) {
-			throw new IllegalStateException("userDetailsService cannot be null. Invoke "
-					+ RememberMeConfigurer.class.getSimpleName()
-					+ "#userDetailsService(UserDetailsService) or see its javadoc for alternative approaches.");
+			throw new IllegalStateException(
+					"userDetailsService cannot be null. Invoke " + RememberMeConfigurer.class.getSimpleName()
+							+ "#userDetailsService(UserDetailsService) or see its javadoc for alternative approaches.");
 		}
 		return this.userDetailsService;
 	}
 
 	/**
 	 * Gets the key to use for validating remember me tokens. If a value was passed into
-	 * {@link #key(String)}, then that is returned.
-	 * Alternatively, if a key was specified in the
-	 * {@link #rememberMeServices(RememberMeServices)}}, then that is returned.
-	 * If no key was specified in either of those cases, then a secure random string is
+	 * {@link #key(String)}, then that is returned. Alternatively, if a key was specified
+	 * in the {@link #rememberMeServices(RememberMeServices)}}, then that is returned. If
+	 * no key was specified in either of those cases, then a secure random string is
 	 * generated.
-	 *
 	 * @return the remember me key to use
 	 */
 	private String getKey() {
 		if (this.key == null) {
 			if (this.rememberMeServices instanceof AbstractRememberMeServices) {
 				this.key = ((AbstractRememberMeServices) rememberMeServices).getKey();
-			} else {
+			}
+			else {
 				this.key = UUID.randomUUID().toString();
 			}
 		}
 		return this.key;
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/RequestCacheConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/RequestCacheConfigurer.java
index 3ac5d73e89..b74c57c3ba 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/RequestCacheConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/RequestCacheConfigurer.java
@@ -69,8 +69,8 @@ import org.springframework.web.accept.HeaderContentNegotiationStrategy;
  * @since 3.2
  * @see RequestCache
  */
-public final class RequestCacheConfigurer<H extends HttpSecurityBuilder<H>> extends
-		AbstractHttpConfigurer<RequestCacheConfigurer<H>, H> {
+public final class RequestCacheConfigurer<H extends HttpSecurityBuilder<H>>
+		extends AbstractHttpConfigurer<RequestCacheConfigurer<H>, H> {
 
 	public RequestCacheConfigurer() {
 	}
@@ -79,7 +79,6 @@ public final class RequestCacheConfigurer<H extends HttpSecurityBuilder<H>> exte
 	 * Allows explicit configuration of the {@link RequestCache} to be used. Defaults to
 	 * try finding a {@link RequestCache} as a shared object. Then falls back to a
 	 * {@link HttpSessionRequestCache}.
-	 *
 	 * @param requestCache the explicit {@link RequestCache} to use
 	 * @return the {@link RequestCacheConfigurer} for further customization
 	 */
@@ -102,8 +101,7 @@ public final class RequestCacheConfigurer<H extends HttpSecurityBuilder<H>> exte
 	@Override
 	public void configure(H http) {
 		RequestCache requestCache = getRequestCache(http);
-		RequestCacheAwareFilter requestCacheFilter = new RequestCacheAwareFilter(
-				requestCache);
+		RequestCacheAwareFilter requestCacheFilter = new RequestCacheAwareFilter(requestCache);
 		requestCacheFilter = postProcess(requestCacheFilter);
 		http.addFilter(requestCacheFilter);
 	}
@@ -113,7 +111,6 @@ public final class RequestCacheConfigurer<H extends HttpSecurityBuilder<H>> exte
 	 * {@link #requestCache(org.springframework.security.web.savedrequest.RequestCache)},
 	 * then it is used. Otherwise, an attempt to find a {@link RequestCache} shared object
 	 * is made. If that fails, an {@link HttpSessionRequestCache} is used
-	 *
 	 * @param http the {@link HttpSecurity} to attempt to fined the shared object
 	 * @return the {@link RequestCache} to use
 	 */
@@ -138,15 +135,15 @@ public final class RequestCacheConfigurer<H extends HttpSecurityBuilder<H>> exte
 		}
 		try {
 			return context.getBean(type);
-		} catch (NoSuchBeanDefinitionException e) {
+		}
+		catch (NoSuchBeanDefinitionException e) {
 			return null;
 		}
 	}
 
 	@SuppressWarnings("unchecked")
 	private RequestMatcher createDefaultSavedRequestMatcher(H http) {
-		RequestMatcher notFavIcon = new NegatedRequestMatcher(new AntPathRequestMatcher(
-				"/**/favicon.*"));
+		RequestMatcher notFavIcon = new NegatedRequestMatcher(new AntPathRequestMatcher("/**/favicon.*"));
 
 		RequestMatcher notXRequestedWith = new NegatedRequestMatcher(
 				new RequestHeaderRequestMatcher("X-Requested-With", "XMLHttpRequest"));
@@ -177,4 +174,5 @@ public final class RequestCacheConfigurer<H extends HttpSecurityBuilder<H>> exte
 		mediaRequest.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL));
 		return new NegatedRequestMatcher(mediaRequest);
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/SecurityContextConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/SecurityContextConfigurer.java
index c514989fe9..0c5f9df8f1 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/SecurityContextConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/SecurityContextConfigurer.java
@@ -58,8 +58,8 @@ import org.springframework.security.web.context.SecurityContextRepository;
  * @author Rob Winch
  * @since 3.2
  */
-public final class SecurityContextConfigurer<H extends HttpSecurityBuilder<H>> extends
-		AbstractHttpConfigurer<SecurityContextConfigurer<H>, H> {
+public final class SecurityContextConfigurer<H extends HttpSecurityBuilder<H>>
+		extends AbstractHttpConfigurer<SecurityContextConfigurer<H>, H> {
 
 	/**
 	 * Creates a new instance
@@ -73,10 +73,8 @@ public final class SecurityContextConfigurer<H extends HttpSecurityBuilder<H>> e
 	 * @param securityContextRepository the {@link SecurityContextRepository} to use
 	 * @return the {@link HttpSecurity} for further customizations
 	 */
-	public SecurityContextConfigurer<H> securityContextRepository(
-			SecurityContextRepository securityContextRepository) {
-		getBuilder().setSharedObject(SecurityContextRepository.class,
-				securityContextRepository);
+	public SecurityContextConfigurer<H> securityContextRepository(SecurityContextRepository securityContextRepository) {
+		getBuilder().setSharedObject(SecurityContextRepository.class, securityContextRepository);
 		return this;
 	}
 
@@ -84,15 +82,13 @@ public final class SecurityContextConfigurer<H extends HttpSecurityBuilder<H>> e
 	@SuppressWarnings("unchecked")
 	public void configure(H http) {
 
-		SecurityContextRepository securityContextRepository = http
-				.getSharedObject(SecurityContextRepository.class);
+		SecurityContextRepository securityContextRepository = http.getSharedObject(SecurityContextRepository.class);
 		if (securityContextRepository == null) {
 			securityContextRepository = new HttpSessionSecurityContextRepository();
 		}
 		SecurityContextPersistenceFilter securityContextFilter = new SecurityContextPersistenceFilter(
 				securityContextRepository);
-		SessionManagementConfigurer<?> sessionManagement = http
-				.getConfigurer(SessionManagementConfigurer.class);
+		SessionManagementConfigurer<?> sessionManagement = http.getConfigurer(SessionManagementConfigurer.class);
 		SessionCreationPolicy sessionCreationPolicy = sessionManagement == null ? null
 				: sessionManagement.getSessionCreationPolicy();
 		if (SessionCreationPolicy.ALWAYS == sessionCreationPolicy) {
@@ -101,4 +97,5 @@ public final class SecurityContextConfigurer<H extends HttpSecurityBuilder<H>> e
 		securityContextFilter = postProcess(securityContextFilter);
 		http.addFilter(securityContextFilter);
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ServletApiConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ServletApiConfigurer.java
index 73dccbfea2..3175ac3f30 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ServletApiConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ServletApiConfigurer.java
@@ -57,8 +57,9 @@ import org.springframework.security.web.servletapi.SecurityContextHolderAwareReq
  * @author Rob Winch
  * @since 3.2
  */
-public final class ServletApiConfigurer<H extends HttpSecurityBuilder<H>> extends
-		AbstractHttpConfigurer<ServletApiConfigurer<H>, H> {
+public final class ServletApiConfigurer<H extends HttpSecurityBuilder<H>>
+		extends AbstractHttpConfigurer<ServletApiConfigurer<H>, H> {
+
 	private SecurityContextHolderAwareRequestFilter securityContextRequestFilter = new SecurityContextHolderAwareRequestFilter();
 
 	/**
@@ -76,20 +77,15 @@ public final class ServletApiConfigurer<H extends HttpSecurityBuilder<H>> extend
 	@Override
 	@SuppressWarnings("unchecked")
 	public void configure(H http) {
-		securityContextRequestFilter.setAuthenticationManager(http
-				.getSharedObject(AuthenticationManager.class));
-		ExceptionHandlingConfigurer<H> exceptionConf = http
-				.getConfigurer(ExceptionHandlingConfigurer.class);
+		securityContextRequestFilter.setAuthenticationManager(http.getSharedObject(AuthenticationManager.class));
+		ExceptionHandlingConfigurer<H> exceptionConf = http.getConfigurer(ExceptionHandlingConfigurer.class);
 		AuthenticationEntryPoint authenticationEntryPoint = exceptionConf == null ? null
 				: exceptionConf.getAuthenticationEntryPoint(http);
-		securityContextRequestFilter
-				.setAuthenticationEntryPoint(authenticationEntryPoint);
+		securityContextRequestFilter.setAuthenticationEntryPoint(authenticationEntryPoint);
 		LogoutConfigurer<H> logoutConf = http.getConfigurer(LogoutConfigurer.class);
-		List<LogoutHandler> logoutHandlers = logoutConf == null ? null : logoutConf
-				.getLogoutHandlers();
+		List<LogoutHandler> logoutHandlers = logoutConf == null ? null : logoutConf.getLogoutHandlers();
 		securityContextRequestFilter.setLogoutHandlers(logoutHandlers);
-		AuthenticationTrustResolver trustResolver = http
-				.getSharedObject(AuthenticationTrustResolver.class);
+		AuthenticationTrustResolver trustResolver = http.getSharedObject(AuthenticationTrustResolver.class);
 		if (trustResolver != null) {
 			securityContextRequestFilter.setTrustResolver(trustResolver);
 		}
@@ -97,11 +93,13 @@ public final class ServletApiConfigurer<H extends HttpSecurityBuilder<H>> extend
 		if (context != null) {
 			String[] grantedAuthorityDefaultsBeanNames = context.getBeanNamesForType(GrantedAuthorityDefaults.class);
 			if (grantedAuthorityDefaultsBeanNames.length == 1) {
-				GrantedAuthorityDefaults grantedAuthorityDefaults = context.getBean(grantedAuthorityDefaultsBeanNames[0], GrantedAuthorityDefaults.class);
+				GrantedAuthorityDefaults grantedAuthorityDefaults = context
+						.getBean(grantedAuthorityDefaultsBeanNames[0], GrantedAuthorityDefaults.class);
 				securityContextRequestFilter.setRolePrefix(grantedAuthorityDefaults.getRolePrefix());
 			}
 		}
 		securityContextRequestFilter = postProcess(securityContextRequestFilter);
 		http.addFilter(securityContextRequestFilter);
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurer.java
index 5d6d2c22f0..acc55108bd 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurer.java
@@ -98,21 +98,37 @@ import org.springframework.util.CollectionUtils;
  */
 public final class SessionManagementConfigurer<H extends HttpSecurityBuilder<H>>
 		extends AbstractHttpConfigurer<SessionManagementConfigurer<H>, H> {
+
 	private final SessionAuthenticationStrategy DEFAULT_SESSION_FIXATION_STRATEGY = createDefaultSessionFixationProtectionStrategy();
+
 	private SessionAuthenticationStrategy sessionFixationAuthenticationStrategy = this.DEFAULT_SESSION_FIXATION_STRATEGY;
+
 	private SessionAuthenticationStrategy sessionAuthenticationStrategy;
+
 	private SessionAuthenticationStrategy providedSessionAuthenticationStrategy;
+
 	private InvalidSessionStrategy invalidSessionStrategy;
+
 	private SessionInformationExpiredStrategy expiredSessionStrategy;
+
 	private List<SessionAuthenticationStrategy> sessionAuthenticationStrategies = new ArrayList<>();
+
 	private SessionRegistry sessionRegistry;
+
 	private Integer maximumSessions;
+
 	private String expiredUrl;
+
 	private boolean maxSessionsPreventsLogin;
+
 	private SessionCreationPolicy sessionPolicy;
+
 	private boolean enableSessionUrlRewriting;
+
 	private String invalidSessionUrl;
+
 	private String sessionAuthenticationErrorUrl;
+
 	private AuthenticationFailureHandler sessionAuthenticationFailureHandler;
 
 	/**
@@ -127,7 +143,6 @@ public final class SessionManagementConfigurer<H extends HttpSecurityBuilder<H>>
 	 * {@link SimpleRedirectInvalidSessionStrategy} configured with the attribute value.
 	 * When an invalid session ID is submitted, the strategy will be invoked, redirecting
 	 * to the configured URL.
-	 *
 	 * @param invalidSessionUrl the URL to redirect to when an invalid session is detected
 	 * @return the {@link SessionManagementConfigurer} for further customization
 	 */
@@ -144,8 +159,7 @@ public final class SessionManagementConfigurer<H extends HttpSecurityBuilder<H>>
 	 * submitted.
 	 * @return the {@link SessionManagementConfigurer} for further customization
 	 */
-	public SessionManagementConfigurer<H> invalidSessionStrategy(
-			InvalidSessionStrategy invalidSessionStrategy) {
+	public SessionManagementConfigurer<H> invalidSessionStrategy(InvalidSessionStrategy invalidSessionStrategy) {
 		Assert.notNull(invalidSessionStrategy, "invalidSessionStrategy");
 		this.invalidSessionStrategy = invalidSessionStrategy;
 		return this;
@@ -157,12 +171,10 @@ public final class SessionManagementConfigurer<H extends HttpSecurityBuilder<H>>
 	 * (402) error code will be returned to the client. Note that this attribute doesn't
 	 * apply if the error occurs during a form-based login, where the URL for
 	 * authentication failure will take precedence.
-	 *
 	 * @param sessionAuthenticationErrorUrl the URL to redirect to
 	 * @return the {@link SessionManagementConfigurer} for further customization
 	 */
-	public SessionManagementConfigurer<H> sessionAuthenticationErrorUrl(
-			String sessionAuthenticationErrorUrl) {
+	public SessionManagementConfigurer<H> sessionAuthenticationErrorUrl(String sessionAuthenticationErrorUrl) {
 		this.sessionAuthenticationErrorUrl = sessionAuthenticationErrorUrl;
 		return this;
 	}
@@ -173,7 +185,6 @@ public final class SessionManagementConfigurer<H extends HttpSecurityBuilder<H>>
 	 * (402) error code will be returned to the client. Note that this attribute doesn't
 	 * apply if the error occurs during a form-based login, where the URL for
 	 * authentication failure will take precedence.
-	 *
 	 * @param sessionAuthenticationFailureHandler the handler to use
 	 * @return the {@link SessionManagementConfigurer} for further customization
 	 */
@@ -188,14 +199,12 @@ public final class SessionManagementConfigurer<H extends HttpSecurityBuilder<H>>
 	 * {@link HttpServletResponse#encodeRedirectURL(String)} or
 	 * {@link HttpServletResponse#encodeURL(String)}, otherwise disallows HTTP sessions to
 	 * be included in the URL. This prevents leaking information to external domains.
-	 *
 	 * @param enableSessionUrlRewriting true if should allow the JSESSIONID to be
 	 * rewritten into the URLs, else false (default)
 	 * @return the {@link SessionManagementConfigurer} for further customization
 	 * @see HttpSessionSecurityContextRepository#setDisableUrlRewriting(boolean)
 	 */
-	public SessionManagementConfigurer<H> enableSessionUrlRewriting(
-			boolean enableSessionUrlRewriting) {
+	public SessionManagementConfigurer<H> enableSessionUrlRewriting(boolean enableSessionUrlRewriting) {
 		this.enableSessionUrlRewriting = enableSessionUrlRewriting;
 		return this;
 	}
@@ -208,26 +217,24 @@ public final class SessionManagementConfigurer<H extends HttpSecurityBuilder<H>>
 	 * @see SessionCreationPolicy
 	 * @throws IllegalArgumentException if {@link SessionCreationPolicy} is null.
 	 */
-	public SessionManagementConfigurer<H> sessionCreationPolicy(
-			SessionCreationPolicy sessionCreationPolicy) {
+	public SessionManagementConfigurer<H> sessionCreationPolicy(SessionCreationPolicy sessionCreationPolicy) {
 		Assert.notNull(sessionCreationPolicy, "sessionCreationPolicy cannot be null");
 		this.sessionPolicy = sessionCreationPolicy;
 		return this;
 	}
 
 	/**
-	 * Allows explicitly specifying the {@link SessionAuthenticationStrategy}.
-	 * The default is to use {@link ChangeSessionIdAuthenticationStrategy}.
-	 * If restricting the maximum number of sessions is configured, then
+	 * Allows explicitly specifying the {@link SessionAuthenticationStrategy}. The default
+	 * is to use {@link ChangeSessionIdAuthenticationStrategy}. If restricting the maximum
+	 * number of sessions is configured, then
 	 * {@link CompositeSessionAuthenticationStrategy} delegating to
-	 * {@link ConcurrentSessionControlAuthenticationStrategy},
-	 * the default OR supplied {@code SessionAuthenticationStrategy} and
+	 * {@link ConcurrentSessionControlAuthenticationStrategy}, the default OR supplied
+	 * {@code SessionAuthenticationStrategy} and
 	 * {@link RegisterSessionAuthenticationStrategy}.
 	 *
 	 * <p>
 	 * NOTE: Supplying a custom {@link SessionAuthenticationStrategy} will override the
 	 * default session fixation strategy.
-	 *
 	 * @param sessionAuthenticationStrategy
 	 * @return the {@link SessionManagementConfigurer} for further customizations
 	 */
@@ -240,7 +247,6 @@ public final class SessionManagementConfigurer<H extends HttpSecurityBuilder<H>>
 	/**
 	 * Adds an additional {@link SessionAuthenticationStrategy} to be used within the
 	 * {@link CompositeSessionAuthenticationStrategy}.
-	 *
 	 * @param sessionAuthenticationStrategy
 	 * @return the {@link SessionManagementConfigurer} for further customizations
 	 */
@@ -252,7 +258,6 @@ public final class SessionManagementConfigurer<H extends HttpSecurityBuilder<H>>
 
 	/**
 	 * Allows changing the default {@link SessionFixationProtectionStrategy}.
-	 *
 	 * @return the {@link SessionFixationConfigurer} for further customizations
 	 */
 	public SessionFixationConfigurer sessionFixation() {
@@ -261,12 +266,12 @@ public final class SessionManagementConfigurer<H extends HttpSecurityBuilder<H>>
 
 	/**
 	 * Allows configuring session fixation protection.
-	 *
 	 * @param sessionFixationCustomizer the {@link Customizer} to provide more options for
 	 * the {@link SessionFixationConfigurer}
 	 * @return the {@link SessionManagementConfigurer} for further customizations
 	 */
-	public SessionManagementConfigurer<H> sessionFixation(Customizer<SessionFixationConfigurer> sessionFixationCustomizer) {
+	public SessionManagementConfigurer<H> sessionFixation(
+			Customizer<SessionFixationConfigurer> sessionFixationCustomizer) {
 		sessionFixationCustomizer.customize(new SessionFixationConfigurer());
 		return this;
 	}
@@ -285,12 +290,12 @@ public final class SessionManagementConfigurer<H extends HttpSecurityBuilder<H>>
 	/**
 	 * Controls the maximum number of sessions for a user. The default is to allow any
 	 * number of users.
-	 *
-	 * @param sessionConcurrencyCustomizer the {@link Customizer} to provide more options for
-	 * the {@link ConcurrencyControlConfigurer}
+	 * @param sessionConcurrencyCustomizer the {@link Customizer} to provide more options
+	 * for the {@link ConcurrencyControlConfigurer}
 	 * @return the {@link SessionManagementConfigurer} for further customizations
 	 */
-	public SessionManagementConfigurer<H> sessionConcurrency(Customizer<ConcurrencyControlConfigurer> sessionConcurrencyCustomizer) {
+	public SessionManagementConfigurer<H> sessionConcurrency(
+			Customizer<ConcurrencyControlConfigurer> sessionConcurrencyCustomizer) {
 		sessionConcurrencyCustomizer.customize(new ConcurrencyControlConfigurer());
 		return this;
 	}
@@ -302,8 +307,7 @@ public final class SessionManagementConfigurer<H extends HttpSecurityBuilder<H>>
 	 */
 	private void setSessionFixationAuthenticationStrategy(
 			SessionAuthenticationStrategy sessionFixationAuthenticationStrategy) {
-		this.sessionFixationAuthenticationStrategy = postProcess(
-				sessionFixationAuthenticationStrategy);
+		this.sessionFixationAuthenticationStrategy = postProcess(sessionFixationAuthenticationStrategy);
 	}
 
 	/**
@@ -312,10 +316,10 @@ public final class SessionManagementConfigurer<H extends HttpSecurityBuilder<H>>
 	 * @author Rob Winch
 	 */
 	public final class SessionFixationConfigurer {
+
 		/**
 		 * Specifies that a new session should be created, but the session attributes from
 		 * the original {@link HttpSession} should not be retained.
-		 *
 		 * @return the {@link SessionManagementConfigurer} for further customizations
 		 */
 		public SessionManagementConfigurer<H> newSession() {
@@ -328,12 +332,10 @@ public final class SessionManagementConfigurer<H extends HttpSecurityBuilder<H>>
 		/**
 		 * Specifies that a new session should be created and the session attributes from
 		 * the original {@link HttpSession} should be retained.
-		 *
 		 * @return the {@link SessionManagementConfigurer} for further customizations
 		 */
 		public SessionManagementConfigurer<H> migrateSession() {
-			setSessionFixationAuthenticationStrategy(
-					new SessionFixationProtectionStrategy());
+			setSessionFixationAuthenticationStrategy(new SessionFixationProtectionStrategy());
 			return SessionManagementConfigurer.this;
 		}
 
@@ -342,12 +344,10 @@ public final class SessionManagementConfigurer<H extends HttpSecurityBuilder<H>>
 		 * should be used. When a session authenticates, the Servlet method
 		 * {@code HttpServletRequest#changeSessionId()} is called to change the session ID
 		 * and retain all session attributes.
-		 *
 		 * @return the {@link SessionManagementConfigurer} for further customizations
 		 */
 		public SessionManagementConfigurer<H> changeSessionId() {
-			setSessionFixationAuthenticationStrategy(
-					new ChangeSessionIdAuthenticationStrategy());
+			setSessionFixationAuthenticationStrategy(new ChangeSessionIdAuthenticationStrategy());
 			return SessionManagementConfigurer.this;
 		}
 
@@ -356,14 +356,13 @@ public final class SessionManagementConfigurer<H extends HttpSecurityBuilder<H>>
 		 * useful when utilizing other mechanisms for protecting against session fixation.
 		 * For example, if application container session fixation protection is already in
 		 * use. Otherwise, this option is not recommended.
-		 *
 		 * @return the {@link SessionManagementConfigurer} for further customizations
 		 */
 		public SessionManagementConfigurer<H> none() {
-			setSessionFixationAuthenticationStrategy(
-					new NullAuthenticatedSessionStrategy());
+			setSessionFixationAuthenticationStrategy(new NullAuthenticatedSessionStrategy());
 			return SessionManagementConfigurer.this;
 		}
+
 	}
 
 	/**
@@ -376,7 +375,6 @@ public final class SessionManagementConfigurer<H extends HttpSecurityBuilder<H>>
 		/**
 		 * Controls the maximum number of sessions for a user. The default is to allow any
 		 * number of users.
-		 *
 		 * @param maximumSessions the maximum number of sessions for a user
 		 * @return the {@link ConcurrencyControlConfigurer} for further customizations
 		 */
@@ -389,7 +387,6 @@ public final class SessionManagementConfigurer<H extends HttpSecurityBuilder<H>>
 		 * The URL to redirect to if a user tries to access a resource and their session
 		 * has been expired due to too many sessions for the current user. The default is
 		 * to write a simple error message to the response.
-		 *
 		 * @param expiredUrl the URL to redirect to
 		 * @return the {@link ConcurrencyControlConfigurer} for further customizations
 		 */
@@ -400,7 +397,6 @@ public final class SessionManagementConfigurer<H extends HttpSecurityBuilder<H>>
 
 		/**
 		 * Determines the behaviour when an expired session is detected.
-		 *
 		 * @param expiredSessionStrategy the {@link SessionInformationExpiredStrategy} to
 		 * use when an expired session is detected.
 		 * @return the {@link ConcurrencyControlConfigurer} for further customizations
@@ -419,13 +415,11 @@ public final class SessionManagementConfigurer<H extends HttpSecurityBuilder<H>>
 		 * {@link #expiredUrl(String)}. The advantage of this approach is if a user
 		 * accidentally does not log out, there is no need for an administrator to
 		 * intervene or wait till their session expires.
-		 *
 		 * @param maxSessionsPreventsLogin true to have an error at time of
 		 * authentication, else false (default)
 		 * @return the {@link ConcurrencyControlConfigurer} for further customizations
 		 */
-		public ConcurrencyControlConfigurer maxSessionsPreventsLogin(
-				boolean maxSessionsPreventsLogin) {
+		public ConcurrencyControlConfigurer maxSessionsPreventsLogin(boolean maxSessionsPreventsLogin) {
 			SessionManagementConfigurer.this.maxSessionsPreventsLogin = maxSessionsPreventsLogin;
 			return this;
 		}
@@ -433,19 +427,16 @@ public final class SessionManagementConfigurer<H extends HttpSecurityBuilder<H>>
 		/**
 		 * Controls the {@link SessionRegistry} implementation used. The default is
 		 * {@link SessionRegistryImpl} which is an in memory implementation.
-		 *
 		 * @param sessionRegistry the {@link SessionRegistry} to use
 		 * @return the {@link ConcurrencyControlConfigurer} for further customizations
 		 */
-		public ConcurrencyControlConfigurer sessionRegistry(
-				SessionRegistry sessionRegistry) {
+		public ConcurrencyControlConfigurer sessionRegistry(SessionRegistry sessionRegistry) {
 			SessionManagementConfigurer.this.sessionRegistry = sessionRegistry;
 			return this;
 		}
 
 		/**
 		 * Used to chain back to the {@link SessionManagementConfigurer}
-		 *
 		 * @return the {@link SessionManagementConfigurer} for further customizations
 		 */
 		public SessionManagementConfigurer<H> and() {
@@ -454,31 +445,27 @@ public final class SessionManagementConfigurer<H extends HttpSecurityBuilder<H>>
 
 		private ConcurrencyControlConfigurer() {
 		}
+
 	}
 
 	@Override
 	public void init(H http) {
-		SecurityContextRepository securityContextRepository = http
-				.getSharedObject(SecurityContextRepository.class);
+		SecurityContextRepository securityContextRepository = http.getSharedObject(SecurityContextRepository.class);
 		boolean stateless = isStateless();
 
 		if (securityContextRepository == null) {
 			if (stateless) {
-				http.setSharedObject(SecurityContextRepository.class,
-						new NullSecurityContextRepository());
+				http.setSharedObject(SecurityContextRepository.class, new NullSecurityContextRepository());
 			}
 			else {
 				HttpSessionSecurityContextRepository httpSecurityRepository = new HttpSessionSecurityContextRepository();
-				httpSecurityRepository
-						.setDisableUrlRewriting(!this.enableSessionUrlRewriting);
+				httpSecurityRepository.setDisableUrlRewriting(!this.enableSessionUrlRewriting);
 				httpSecurityRepository.setAllowSessionCreation(isAllowSessionCreation());
-				AuthenticationTrustResolver trustResolver = http
-						.getSharedObject(AuthenticationTrustResolver.class);
+				AuthenticationTrustResolver trustResolver = http.getSharedObject(AuthenticationTrustResolver.class);
 				if (trustResolver != null) {
 					httpSecurityRepository.setTrustResolver(trustResolver);
 				}
-				http.setSharedObject(SecurityContextRepository.class,
-						httpSecurityRepository);
+				http.setSharedObject(SecurityContextRepository.class, httpSecurityRepository);
 			}
 		}
 
@@ -488,21 +475,18 @@ public final class SessionManagementConfigurer<H extends HttpSecurityBuilder<H>>
 				http.setSharedObject(RequestCache.class, new NullRequestCache());
 			}
 		}
-		http.setSharedObject(SessionAuthenticationStrategy.class,
-				getSessionAuthenticationStrategy(http));
+		http.setSharedObject(SessionAuthenticationStrategy.class, getSessionAuthenticationStrategy(http));
 		http.setSharedObject(InvalidSessionStrategy.class, getInvalidSessionStrategy());
 	}
 
 	@Override
 	public void configure(H http) {
-		SecurityContextRepository securityContextRepository = http
-				.getSharedObject(SecurityContextRepository.class);
-		SessionManagementFilter sessionManagementFilter = new SessionManagementFilter(
-				securityContextRepository, getSessionAuthenticationStrategy(http));
+		SecurityContextRepository securityContextRepository = http.getSharedObject(SecurityContextRepository.class);
+		SessionManagementFilter sessionManagementFilter = new SessionManagementFilter(securityContextRepository,
+				getSessionAuthenticationStrategy(http));
 		if (this.sessionAuthenticationErrorUrl != null) {
 			sessionManagementFilter.setAuthenticationFailureHandler(
-					new SimpleUrlAuthenticationFailureHandler(
-							this.sessionAuthenticationErrorUrl));
+					new SimpleUrlAuthenticationFailureHandler(this.sessionAuthenticationErrorUrl));
 		}
 		InvalidSessionStrategy strategy = getInvalidSessionStrategy();
 		if (strategy != null) {
@@ -512,8 +496,7 @@ public final class SessionManagementConfigurer<H extends HttpSecurityBuilder<H>>
 		if (failureHandler != null) {
 			sessionManagementFilter.setAuthenticationFailureHandler(failureHandler);
 		}
-		AuthenticationTrustResolver trustResolver = http
-				.getSharedObject(AuthenticationTrustResolver.class);
+		AuthenticationTrustResolver trustResolver = http.getSharedObject(AuthenticationTrustResolver.class);
 		if (trustResolver != null) {
 			sessionManagementFilter.setTrustResolver(trustResolver);
 		}
@@ -534,7 +517,8 @@ public final class SessionManagementConfigurer<H extends HttpSecurityBuilder<H>>
 		ConcurrentSessionFilter concurrentSessionFilter;
 		if (expireStrategy == null) {
 			concurrentSessionFilter = new ConcurrentSessionFilter(sessionRegistry);
-		} else {
+		}
+		else {
 			concurrentSessionFilter = new ConcurrentSessionFilter(sessionRegistry, expireStrategy);
 		}
 		LogoutConfigurer<H> logoutConfigurer = http.getConfigurer(LogoutConfigurer.class);
@@ -551,7 +535,6 @@ public final class SessionManagementConfigurer<H extends HttpSecurityBuilder<H>>
 	 * Gets the {@link InvalidSessionStrategy} to use. If null and
 	 * {@link #invalidSessionUrl} is not null defaults to
 	 * {@link SimpleRedirectInvalidSessionStrategy}.
-	 *
 	 * @return the {@link InvalidSessionStrategy} to use
 	 */
 	InvalidSessionStrategy getInvalidSessionStrategy() {
@@ -563,8 +546,7 @@ public final class SessionManagementConfigurer<H extends HttpSecurityBuilder<H>>
 			return null;
 		}
 
-		this.invalidSessionStrategy = new SimpleRedirectInvalidSessionStrategy(
-					this.invalidSessionUrl);
+		this.invalidSessionStrategy = new SimpleRedirectInvalidSessionStrategy(this.invalidSessionUrl);
 		return this.invalidSessionStrategy;
 	}
 
@@ -577,8 +559,7 @@ public final class SessionManagementConfigurer<H extends HttpSecurityBuilder<H>>
 			return null;
 		}
 
-		this.expiredSessionStrategy = new SimpleRedirectSessionInformationExpiredStrategy(
-				this.expiredUrl);
+		this.expiredSessionStrategy = new SimpleRedirectSessionInformationExpiredStrategy(this.expiredUrl);
 		return this.expiredSessionStrategy;
 	}
 
@@ -605,10 +586,8 @@ public final class SessionManagementConfigurer<H extends HttpSecurityBuilder<H>>
 			return this.sessionPolicy;
 		}
 
-		SessionCreationPolicy sessionPolicy =
-				getBuilder().getSharedObject(SessionCreationPolicy.class);
-		return sessionPolicy == null ?
-				SessionCreationPolicy.IF_REQUIRED : sessionPolicy;
+		SessionCreationPolicy sessionPolicy = getBuilder().getSharedObject(SessionCreationPolicy.class);
+		return sessionPolicy == null ? SessionCreationPolicy.IF_REQUIRED : sessionPolicy;
 	}
 
 	/**
@@ -618,8 +597,7 @@ public final class SessionManagementConfigurer<H extends HttpSecurityBuilder<H>>
 	 */
 	private boolean isAllowSessionCreation() {
 		SessionCreationPolicy sessionPolicy = getSessionCreationPolicy();
-		return SessionCreationPolicy.ALWAYS == sessionPolicy
-				|| SessionCreationPolicy.IF_REQUIRED == sessionPolicy;
+		return SessionCreationPolicy.ALWAYS == sessionPolicy || SessionCreationPolicy.IF_REQUIRED == sessionPolicy;
 	}
 
 	/**
@@ -635,7 +613,6 @@ public final class SessionManagementConfigurer<H extends HttpSecurityBuilder<H>>
 	 * Gets the customized {@link SessionAuthenticationStrategy} if
 	 * {@link #sessionAuthenticationStrategy(SessionAuthenticationStrategy)} was
 	 * specified. Otherwise creates a default {@link SessionAuthenticationStrategy}.
-	 *
 	 * @return the {@link SessionAuthenticationStrategy} to use
 	 */
 	private SessionAuthenticationStrategy getSessionAuthenticationStrategy(H http) {
@@ -647,8 +624,7 @@ public final class SessionManagementConfigurer<H extends HttpSecurityBuilder<H>>
 		if (this.providedSessionAuthenticationStrategy == null) {
 			// If the user did not provide a SessionAuthenticationStrategy
 			// then default to sessionFixationAuthenticationStrategy
-			defaultSessionAuthenticationStrategy = postProcess(
-					this.sessionFixationAuthenticationStrategy);
+			defaultSessionAuthenticationStrategy = postProcess(this.sessionFixationAuthenticationStrategy);
 		}
 		else {
 			defaultSessionAuthenticationStrategy = this.providedSessionAuthenticationStrategy;
@@ -658,10 +634,8 @@ public final class SessionManagementConfigurer<H extends HttpSecurityBuilder<H>>
 			ConcurrentSessionControlAuthenticationStrategy concurrentSessionControlStrategy = new ConcurrentSessionControlAuthenticationStrategy(
 					sessionRegistry);
 			concurrentSessionControlStrategy.setMaximumSessions(this.maximumSessions);
-			concurrentSessionControlStrategy
-					.setExceptionIfMaximumExceeded(this.maxSessionsPreventsLogin);
-			concurrentSessionControlStrategy = postProcess(
-					concurrentSessionControlStrategy);
+			concurrentSessionControlStrategy.setExceptionIfMaximumExceeded(this.maxSessionsPreventsLogin);
+			concurrentSessionControlStrategy = postProcess(concurrentSessionControlStrategy);
 
 			RegisterSessionAuthenticationStrategy registerSessionStrategy = new RegisterSessionAuthenticationStrategy(
 					sessionRegistry);
@@ -690,14 +664,12 @@ public final class SessionManagementConfigurer<H extends HttpSecurityBuilder<H>>
 		return this.sessionRegistry;
 	}
 
-	private void registerDelegateApplicationListener(H http,
-			ApplicationListener<?> delegate) {
+	private void registerDelegateApplicationListener(H http, ApplicationListener<?> delegate) {
 		DelegatingApplicationListener delegating = getBeanOrNull(DelegatingApplicationListener.class);
 		if (delegating == null) {
 			return;
 		}
-		SmartApplicationListener smartListener = new GenericApplicationListenerAdapter(
-				delegate);
+		SmartApplicationListener smartListener = new GenericApplicationListenerAdapter(delegate);
 		delegating.addListener(smartListener);
 	}
 
@@ -714,7 +686,7 @@ public final class SessionManagementConfigurer<H extends HttpSecurityBuilder<H>>
 	 * @return the default {@link SessionAuthenticationStrategy} for session fixation
 	 */
 	private static SessionAuthenticationStrategy createDefaultSessionFixationProtectionStrategy() {
-			return new ChangeSessionIdAuthenticationStrategy();
+		return new ChangeSessionIdAuthenticationStrategy();
 	}
 
 	private <T> T getBeanOrNull(Class<T> type) {
@@ -729,4 +701,5 @@ public final class SessionManagementConfigurer<H extends HttpSecurityBuilder<H>>
 			return null;
 		}
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationConfigurer.java
index ec653cb5fb..7eb350a744 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationConfigurer.java
@@ -77,18 +77,17 @@ import org.springframework.util.Assert;
  * The following shared objects are used:
  *
  * <ul>
- * <li>
- * AuthenticationManager</li>
+ * <li>AuthenticationManager</li>
  * </ul>
  *
  * @param <H> the type of {@link HttpSecurityBuilder} that is being configured
- *
  * @author Rob Winch
  * @since 3.2
  * @see ExpressionUrlAuthorizationConfigurer
  */
-public final class UrlAuthorizationConfigurer<H extends HttpSecurityBuilder<H>> extends
-		AbstractInterceptUrlConfigurer<UrlAuthorizationConfigurer<H>, H> {
+public final class UrlAuthorizationConfigurer<H extends HttpSecurityBuilder<H>>
+		extends AbstractInterceptUrlConfigurer<UrlAuthorizationConfigurer<H>, H> {
+
 	private final StandardInterceptUrlRegistry REGISTRY;
 
 	public UrlAuthorizationConfigurer(ApplicationContext context) {
@@ -98,7 +97,6 @@ public final class UrlAuthorizationConfigurer<H extends HttpSecurityBuilder<H>>
 	/**
 	 * The StandardInterceptUrlRegistry is what users will interact with after applying
 	 * the {@link UrlAuthorizationConfigurer}.
-	 *
 	 * @return the {@link ExpressionUrlAuthorizationConfigurer} for further customizations
 	 */
 	public StandardInterceptUrlRegistry getRegistry() {
@@ -107,18 +105,15 @@ public final class UrlAuthorizationConfigurer<H extends HttpSecurityBuilder<H>>
 
 	/**
 	 * Adds an {@link ObjectPostProcessor} for this class.
-	 *
 	 * @param objectPostProcessor
 	 * @return the {@link UrlAuthorizationConfigurer} for further customizations
 	 */
-	public UrlAuthorizationConfigurer<H> withObjectPostProcessor(
-			ObjectPostProcessor<?> objectPostProcessor) {
+	public UrlAuthorizationConfigurer<H> withObjectPostProcessor(ObjectPostProcessor<?> objectPostProcessor) {
 		addObjectPostProcessor(objectPostProcessor);
 		return this;
 	}
 
-	public class StandardInterceptUrlRegistry
-			extends
+	public class StandardInterceptUrlRegistry extends
 			ExpressionUrlAuthorizationConfigurer<H>.AbstractInterceptUrlRegistry<StandardInterceptUrlRegistry, AuthorizedUrl> {
 
 		/**
@@ -129,8 +124,7 @@ public final class UrlAuthorizationConfigurer<H extends HttpSecurityBuilder<H>>
 		}
 
 		@Override
-		public MvcMatchersAuthorizedUrl mvcMatchers(HttpMethod method,
-				String... mvcPatterns) {
+		public MvcMatchersAuthorizedUrl mvcMatchers(HttpMethod method, String... mvcPatterns) {
 			return new MvcMatchersAuthorizedUrl(createMvcMatchers(method, mvcPatterns));
 		}
 
@@ -140,20 +134,17 @@ public final class UrlAuthorizationConfigurer<H extends HttpSecurityBuilder<H>>
 		}
 
 		@Override
-		protected final AuthorizedUrl chainRequestMatchersInternal(
-				List<RequestMatcher> requestMatchers) {
+		protected final AuthorizedUrl chainRequestMatchersInternal(List<RequestMatcher> requestMatchers) {
 			return new AuthorizedUrl(requestMatchers);
 		}
 
 		/**
 		 * Adds an {@link ObjectPostProcessor} for this class.
-		 *
 		 * @param objectPostProcessor
 		 * @return the {@link ExpressionUrlAuthorizationConfigurer} for further
 		 * customizations
 		 */
-		public StandardInterceptUrlRegistry withObjectPostProcessor(
-				ObjectPostProcessor<?> objectPostProcessor) {
+		public StandardInterceptUrlRegistry withObjectPostProcessor(ObjectPostProcessor<?> objectPostProcessor) {
 			addObjectPostProcessor(objectPostProcessor);
 			return this;
 		}
@@ -167,7 +158,6 @@ public final class UrlAuthorizationConfigurer<H extends HttpSecurityBuilder<H>>
 	/**
 	 * Creates the default {@link AccessDecisionVoter} instances used if an
 	 * {@link AccessDecisionManager} was not specified.
-	 *
 	 * @param http the builder to use
 	 */
 	@Override
@@ -182,13 +172,11 @@ public final class UrlAuthorizationConfigurer<H extends HttpSecurityBuilder<H>>
 	/**
 	 * Creates the {@link FilterInvocationSecurityMetadataSource} to use. The
 	 * implementation is a {@link DefaultFilterInvocationSecurityMetadataSource}.
-	 *
 	 * @param http the builder to use
 	 */
 	@Override
 	FilterInvocationSecurityMetadataSource createMetadataSource(H http) {
-		return new DefaultFilterInvocationSecurityMetadataSource(
-				REGISTRY.createRequestMap());
+		return new DefaultFilterInvocationSecurityMetadataSource(REGISTRY.createRequestMap());
 	}
 
 	/**
@@ -200,34 +188,29 @@ public final class UrlAuthorizationConfigurer<H extends HttpSecurityBuilder<H>>
 	 * by the {@link RequestMatcher} instances
 	 * @return the {@link ExpressionUrlAuthorizationConfigurer} for further customizations
 	 */
-	private StandardInterceptUrlRegistry addMapping(
-			Iterable<? extends RequestMatcher> requestMatchers,
+	private StandardInterceptUrlRegistry addMapping(Iterable<? extends RequestMatcher> requestMatchers,
 			Collection<ConfigAttribute> configAttributes) {
 		for (RequestMatcher requestMatcher : requestMatchers) {
-			REGISTRY.addMapping(new AbstractConfigAttributeRequestMatcherRegistry.UrlMapping(
-					requestMatcher, configAttributes));
+			REGISTRY.addMapping(
+					new AbstractConfigAttributeRequestMatcherRegistry.UrlMapping(requestMatcher, configAttributes));
 		}
 		return REGISTRY;
 	}
 
 	/**
 	 * Creates a String for specifying a user requires a role.
-	 *
 	 * @param role the role that should be required which is prepended with ROLE_
 	 * automatically (i.e. USER, ADMIN, etc). It should not start with ROLE_
 	 * @return the {@link ConfigAttribute} expressed as a String
 	 */
 	private static String hasRole(String role) {
-		Assert.isTrue(
-				!role.startsWith("ROLE_"),
-				() -> role
-						+ " should not start with ROLE_ since ROLE_ is automatically prepended when using hasRole. Consider using hasAuthority or access instead.");
+		Assert.isTrue(!role.startsWith("ROLE_"), () -> role
+				+ " should not start with ROLE_ since ROLE_ is automatically prepended when using hasRole. Consider using hasAuthority or access instead.");
 		return "ROLE_" + role;
 	}
 
 	/**
 	 * Creates a String for specifying that a user requires one of many roles.
-	 *
 	 * @param roles the roles that the user should have at least one of (i.e. ADMIN, USER,
 	 * etc). Each role should not start with ROLE_ since it is automatically prepended
 	 * already.
@@ -257,9 +240,9 @@ public final class UrlAuthorizationConfigurer<H extends HttpSecurityBuilder<H>>
 	 * @author Rob Winch
 	 */
 	public final class MvcMatchersAuthorizedUrl extends AuthorizedUrl {
+
 		/**
 		 * Creates a new instance
-		 *
 		 * @param requestMatchers the {@link RequestMatcher} instances to map
 		 */
 		private MvcMatchersAuthorizedUrl(List<MvcRequestMatcher> requestMatchers) {
@@ -273,6 +256,7 @@ public final class UrlAuthorizationConfigurer<H extends HttpSecurityBuilder<H>>
 			}
 			return this;
 		}
+
 	}
 
 	/**
@@ -283,6 +267,7 @@ public final class UrlAuthorizationConfigurer<H extends HttpSecurityBuilder<H>>
 	 * @since 3.2
 	 */
 	public class AuthorizedUrl {
+
 		private final List<? extends RequestMatcher> requestMatchers;
 
 		/**
@@ -291,14 +276,12 @@ public final class UrlAuthorizationConfigurer<H extends HttpSecurityBuilder<H>>
 		 * {@link ConfigAttribute} instances.
 		 */
 		private AuthorizedUrl(List<? extends RequestMatcher> requestMatchers) {
-			Assert.notEmpty(requestMatchers,
-					"requestMatchers must contain at least one value");
+			Assert.notEmpty(requestMatchers, "requestMatchers must contain at least one value");
 			this.requestMatchers = requestMatchers;
 		}
 
 		/**
 		 * Specifies a user requires a role.
-		 *
 		 * @param role the role that should be required which is prepended with ROLE_
 		 * automatically (i.e. USER, ADMIN, etc). It should not start with ROLE_ the
 		 * {@link UrlAuthorizationConfigurer} for further customization
@@ -309,7 +292,6 @@ public final class UrlAuthorizationConfigurer<H extends HttpSecurityBuilder<H>>
 
 		/**
 		 * Specifies that a user requires one of many roles.
-		 *
 		 * @param roles the roles that the user should have at least one of (i.e. ADMIN,
 		 * USER, etc). Each role should not start with ROLE_ since it is automatically
 		 * prepended already.
@@ -321,7 +303,6 @@ public final class UrlAuthorizationConfigurer<H extends HttpSecurityBuilder<H>>
 
 		/**
 		 * Specifies a user requires an authority.
-		 *
 		 * @param authority the authority that should be required
 		 * @return the {@link UrlAuthorizationConfigurer} for further customization
 		 */
@@ -360,5 +341,7 @@ public final class UrlAuthorizationConfigurer<H extends HttpSecurityBuilder<H>>
 		protected List<? extends RequestMatcher> getMatchers() {
 			return this.requestMatchers;
 		}
+
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/X509Configurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/X509Configurer.java
index 55d56086ed..6faa1649f3 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/X509Configurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/X509Configurer.java
@@ -53,8 +53,7 @@ import javax.servlet.http.HttpServletRequest;
  * The following shared objects are created
  *
  * <ul>
- * <li>
- * {@link AuthenticationEntryPoint} is populated with an
+ * <li>{@link AuthenticationEntryPoint} is populated with an
  * {@link Http403ForbiddenEntryPoint}</li>
  * <li>A {@link PreAuthenticatedAuthenticationProvider} is populated into
  * {@link HttpSecurity#authenticationProvider(org.springframework.security.authentication.AuthenticationProvider)}
@@ -73,11 +72,15 @@ import javax.servlet.http.HttpServletRequest;
  * @author Rob Winch
  * @since 3.2
  */
-public final class X509Configurer<H extends HttpSecurityBuilder<H>> extends
-		AbstractHttpConfigurer<X509Configurer<H>, H> {
+public final class X509Configurer<H extends HttpSecurityBuilder<H>>
+		extends AbstractHttpConfigurer<X509Configurer<H>, H> {
+
 	private X509AuthenticationFilter x509AuthenticationFilter;
+
 	private X509PrincipalExtractor x509PrincipalExtractor;
+
 	private AuthenticationUserDetailsService<PreAuthenticatedAuthenticationToken> authenticationUserDetailsService;
+
 	private AuthenticationDetailsSource<HttpServletRequest, PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails> authenticationDetailsSource;
 
 	/**
@@ -92,19 +95,16 @@ public final class X509Configurer<H extends HttpSecurityBuilder<H>> extends
 	 * Allows specifying the entire {@link X509AuthenticationFilter}. If this is
 	 * specified, the properties on {@link X509Configurer} will not be populated on the
 	 * {@link X509AuthenticationFilter}.
-	 *
 	 * @param x509AuthenticationFilter the {@link X509AuthenticationFilter} to use
 	 * @return the {@link X509Configurer} for further customizations
 	 */
-	public X509Configurer<H> x509AuthenticationFilter(
-			X509AuthenticationFilter x509AuthenticationFilter) {
+	public X509Configurer<H> x509AuthenticationFilter(X509AuthenticationFilter x509AuthenticationFilter) {
 		this.x509AuthenticationFilter = x509AuthenticationFilter;
 		return this;
 	}
 
 	/**
 	 * Specifies the {@link X509PrincipalExtractor}
-	 *
 	 * @param x509PrincipalExtractor the {@link X509PrincipalExtractor} to use
 	 * @return the {@link X509Configurer} to use
 	 */
@@ -115,7 +115,6 @@ public final class X509Configurer<H extends HttpSecurityBuilder<H>> extends
 
 	/**
 	 * Specifies the {@link AuthenticationDetailsSource}
-	 *
 	 * @param authenticationDetailsSource the {@link AuthenticationDetailsSource} to use
 	 * @return the {@link X509Configurer} to use
 	 */
@@ -129,7 +128,6 @@ public final class X509Configurer<H extends HttpSecurityBuilder<H>> extends
 	 * Shortcut for invoking
 	 * {@link #authenticationUserDetailsService(AuthenticationUserDetailsService)} with a
 	 * {@link UserDetailsByNameServiceWrapper}.
-	 *
 	 * @param userDetailsService the {@link UserDetailsService} to use
 	 * @return the {@link X509Configurer} for further customizations
 	 */
@@ -143,8 +141,8 @@ public final class X509Configurer<H extends HttpSecurityBuilder<H>> extends
 	 * Specifies the {@link AuthenticationUserDetailsService} to use. If not specified,
 	 * the shared {@link UserDetailsService} will be used to create a
 	 * {@link UserDetailsByNameServiceWrapper}.
-	 *
-	 * @param authenticationUserDetailsService the {@link AuthenticationUserDetailsService} to use
+	 * @param authenticationUserDetailsService the
+	 * {@link AuthenticationUserDetailsService} to use
 	 * @return the {@link X509Configurer} for further customizations
 	 */
 	public X509Configurer<H> authenticationUserDetailsService(
@@ -157,9 +155,8 @@ public final class X509Configurer<H extends HttpSecurityBuilder<H>> extends
 	 * Specifies the regex to extract the principal from the certificate. If not
 	 * specified, the default expression from {@link SubjectDnX509PrincipalExtractor} is
 	 * used.
-	 *
 	 * @param subjectPrincipalRegex the regex to extract the user principal from the
-	 *                              certificate (i.e. "CN=(.*?)(?:,|$)").
+	 * certificate (i.e. "CN=(.*?)(?:,|$)").
 	 * @return the {@link X509Configurer} for further customizations
 	 */
 	public X509Configurer<H> subjectPrincipalRegex(String subjectPrincipalRegex) {
@@ -183,8 +180,7 @@ public final class X509Configurer<H extends HttpSecurityBuilder<H>> extends
 
 	@Override
 	public void configure(H http) {
-		X509AuthenticationFilter filter = getFilter(http
-				.getSharedObject(AuthenticationManager.class));
+		X509AuthenticationFilter filter = getFilter(http.getSharedObject(AuthenticationManager.class));
 		http.addFilter(filter);
 	}
 
@@ -196,8 +192,7 @@ public final class X509Configurer<H extends HttpSecurityBuilder<H>> extends
 				x509AuthenticationFilter.setPrincipalExtractor(x509PrincipalExtractor);
 			}
 			if (authenticationDetailsSource != null) {
-				x509AuthenticationFilter
-						.setAuthenticationDetailsSource(authenticationDetailsSource);
+				x509AuthenticationFilter.setAuthenticationDetailsSource(authenticationDetailsSource);
 			}
 			x509AuthenticationFilter = postProcess(x509AuthenticationFilter);
 		}
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/ImplicitGrantConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/ImplicitGrantConfigurer.java
index ccfff084db..30d96b3b88 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/ImplicitGrantConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/ImplicitGrantConfigurer.java
@@ -48,26 +48,26 @@ import org.springframework.util.Assert;
  * <li>{@link ClientRegistrationRepository}</li>
  * </ul>
  *
- * @deprecated It is not recommended to use the implicit flow
- * due to the inherent risks of returning access tokens in an HTTP redirect
- * without any confirmation that it has been received by the client.
- * See reference <a target="_blank" href="https://oauth.net/2/grant-types/implicit/">OAuth 2.0 Implicit Grant</a>.
- *
+ * @deprecated It is not recommended to use the implicit flow due to the inherent risks of
+ * returning access tokens in an HTTP redirect without any confirmation that it has been
+ * received by the client. See reference
+ * <a target="_blank" href="https://oauth.net/2/grant-types/implicit/">OAuth 2.0 Implicit
+ * Grant</a>.
  * @author Joe Grandja
  * @since 5.0
  * @see OAuth2AuthorizationRequestRedirectFilter
  * @see ClientRegistrationRepository
  */
 @Deprecated
-public final class ImplicitGrantConfigurer<B extends HttpSecurityBuilder<B>> extends
-	AbstractHttpConfigurer<ImplicitGrantConfigurer<B>, B> {
+public final class ImplicitGrantConfigurer<B extends HttpSecurityBuilder<B>>
+		extends AbstractHttpConfigurer<ImplicitGrantConfigurer<B>, B> {
 
 	private String authorizationRequestBaseUri;
 
 	/**
 	 * Sets the base {@code URI} used for authorization requests.
-	 *
-	 * @param authorizationRequestBaseUri the base {@code URI} used for authorization requests
+	 * @param authorizationRequestBaseUri the base {@code URI} used for authorization
+	 * requests
 	 * @return the {@link ImplicitGrantConfigurer} for further configuration
 	 */
 	public ImplicitGrantConfigurer<B> authorizationRequestBaseUri(String authorizationRequestBaseUri) {
@@ -78,11 +78,11 @@ public final class ImplicitGrantConfigurer<B extends HttpSecurityBuilder<B>> ext
 
 	/**
 	 * Sets the repository of client registrations.
-	 *
 	 * @param clientRegistrationRepository the repository of client registrations
 	 * @return the {@link ImplicitGrantConfigurer} for further configuration
 	 */
-	public ImplicitGrantConfigurer<B> clientRegistrationRepository(ClientRegistrationRepository clientRegistrationRepository) {
+	public ImplicitGrantConfigurer<B> clientRegistrationRepository(
+			ClientRegistrationRepository clientRegistrationRepository) {
 		Assert.notNull(clientRegistrationRepository, "clientRegistrationRepository cannot be null");
 		this.getBuilder().setSharedObject(ClientRegistrationRepository.class, clientRegistrationRepository);
 		return this;
@@ -91,13 +91,14 @@ public final class ImplicitGrantConfigurer<B extends HttpSecurityBuilder<B>> ext
 	@Override
 	public void configure(B http) {
 		OAuth2AuthorizationRequestRedirectFilter authorizationRequestFilter = new OAuth2AuthorizationRequestRedirectFilter(
-			OAuth2ClientConfigurerUtils.getClientRegistrationRepository(this.getBuilder()), this.getAuthorizationRequestBaseUri());
+				OAuth2ClientConfigurerUtils.getClientRegistrationRepository(this.getBuilder()),
+				this.getAuthorizationRequestBaseUri());
 		http.addFilter(this.postProcess(authorizationRequestFilter));
 	}
 
 	private String getAuthorizationRequestBaseUri() {
-		return this.authorizationRequestBaseUri != null ?
-			this.authorizationRequestBaseUri :
-			OAuth2AuthorizationRequestRedirectFilter.DEFAULT_AUTHORIZATION_REQUEST_BASE_URI;
+		return this.authorizationRequestBaseUri != null ? this.authorizationRequestBaseUri
+				: OAuth2AuthorizationRequestRedirectFilter.DEFAULT_AUTHORIZATION_REQUEST_BASE_URI;
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurer.java
index af2f56e0cd..b504c8d6f8 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurer.java
@@ -43,13 +43,15 @@ import org.springframework.util.Assert;
  * The following configuration options are available:
  *
  * <ul>
- * <li>{@link #authorizationCodeGrant()} - support for the OAuth 2.0 Authorization Code Grant</li>
+ * <li>{@link #authorizationCodeGrant()} - support for the OAuth 2.0 Authorization Code
+ * Grant</li>
  * </ul>
  *
  * <p>
- * Defaults are provided for all configuration options with the only required configuration
- * being {@link #clientRegistrationRepository(ClientRegistrationRepository)}.
- * Alternatively, a {@link ClientRegistrationRepository} {@code @Bean} may be registered instead.
+ * Defaults are provided for all configuration options with the only required
+ * configuration being
+ * {@link #clientRegistrationRepository(ClientRegistrationRepository)}. Alternatively, a
+ * {@link ClientRegistrationRepository} {@code @Bean} may be registered instead.
  *
  * <h2>Security Filters</h2>
  *
@@ -87,18 +89,18 @@ import org.springframework.util.Assert;
  * @see OAuth2AuthorizedClientRepository
  * @see AbstractHttpConfigurer
  */
-public final class OAuth2ClientConfigurer<B extends HttpSecurityBuilder<B>> extends
-	AbstractHttpConfigurer<OAuth2ClientConfigurer<B>, B> {
+public final class OAuth2ClientConfigurer<B extends HttpSecurityBuilder<B>>
+		extends AbstractHttpConfigurer<OAuth2ClientConfigurer<B>, B> {
 
 	private AuthorizationCodeGrantConfigurer authorizationCodeGrantConfigurer = new AuthorizationCodeGrantConfigurer();
 
 	/**
 	 * Sets the repository of client registrations.
-	 *
 	 * @param clientRegistrationRepository the repository of client registrations
 	 * @return the {@link OAuth2ClientConfigurer} for further configuration
 	 */
-	public OAuth2ClientConfigurer<B> clientRegistrationRepository(ClientRegistrationRepository clientRegistrationRepository) {
+	public OAuth2ClientConfigurer<B> clientRegistrationRepository(
+			ClientRegistrationRepository clientRegistrationRepository) {
 		Assert.notNull(clientRegistrationRepository, "clientRegistrationRepository cannot be null");
 		this.getBuilder().setSharedObject(ClientRegistrationRepository.class, clientRegistrationRepository);
 		return this;
@@ -106,11 +108,11 @@ public final class OAuth2ClientConfigurer<B extends HttpSecurityBuilder<B>> exte
 
 	/**
 	 * Sets the repository for authorized client(s).
-	 *
 	 * @param authorizedClientRepository the authorized client repository
 	 * @return the {@link OAuth2ClientConfigurer} for further configuration
 	 */
-	public OAuth2ClientConfigurer<B> authorizedClientRepository(OAuth2AuthorizedClientRepository authorizedClientRepository) {
+	public OAuth2ClientConfigurer<B> authorizedClientRepository(
+			OAuth2AuthorizedClientRepository authorizedClientRepository) {
 		Assert.notNull(authorizedClientRepository, "authorizedClientRepository cannot be null");
 		this.getBuilder().setSharedObject(OAuth2AuthorizedClientRepository.class, authorizedClientRepository);
 		return this;
@@ -118,19 +120,19 @@ public final class OAuth2ClientConfigurer<B extends HttpSecurityBuilder<B>> exte
 
 	/**
 	 * Sets the service for authorized client(s).
-	 *
 	 * @param authorizedClientService the authorized client service
 	 * @return the {@link OAuth2ClientConfigurer} for further configuration
 	 */
 	public OAuth2ClientConfigurer<B> authorizedClientService(OAuth2AuthorizedClientService authorizedClientService) {
 		Assert.notNull(authorizedClientService, "authorizedClientService cannot be null");
-		this.authorizedClientRepository(new AuthenticatedPrincipalOAuth2AuthorizedClientRepository(authorizedClientService));
+		this.authorizedClientRepository(
+				new AuthenticatedPrincipalOAuth2AuthorizedClientRepository(authorizedClientService));
 		return this;
 	}
 
 	/**
-	 * Returns the {@link AuthorizationCodeGrantConfigurer} for configuring the OAuth 2.0 Authorization Code Grant.
-	 *
+	 * Returns the {@link AuthorizationCodeGrantConfigurer} for configuring the OAuth 2.0
+	 * Authorization Code Grant.
 	 * @return the {@link AuthorizationCodeGrantConfigurer}
 	 */
 	public AuthorizationCodeGrantConfigurer authorizationCodeGrant() {
@@ -139,12 +141,12 @@ public final class OAuth2ClientConfigurer<B extends HttpSecurityBuilder<B>> exte
 
 	/**
 	 * Configures the OAuth 2.0 Authorization Code Grant.
-	 *
-	 * @param authorizationCodeGrantCustomizer the {@link Customizer} to provide more options for
-	 * the {@link AuthorizationCodeGrantConfigurer}
+	 * @param authorizationCodeGrantCustomizer the {@link Customizer} to provide more
+	 * options for the {@link AuthorizationCodeGrantConfigurer}
 	 * @return the {@link OAuth2ClientConfigurer} for further customizations
 	 */
-	public OAuth2ClientConfigurer<B> authorizationCodeGrant(Customizer<AuthorizationCodeGrantConfigurer> authorizationCodeGrantCustomizer) {
+	public OAuth2ClientConfigurer<B> authorizationCodeGrant(
+			Customizer<AuthorizationCodeGrantConfigurer> authorizationCodeGrantCustomizer) {
 		authorizationCodeGrantCustomizer.customize(this.authorizationCodeGrantConfigurer);
 		return this;
 	}
@@ -153,8 +155,11 @@ public final class OAuth2ClientConfigurer<B extends HttpSecurityBuilder<B>> exte
 	 * Configuration options for the OAuth 2.0 Authorization Code Grant.
 	 */
 	public class AuthorizationCodeGrantConfigurer {
+
 		private OAuth2AuthorizationRequestResolver authorizationRequestResolver;
+
 		private AuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository;
+
 		private OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient;
 
 		private AuthorizationCodeGrantConfigurer() {
@@ -162,11 +167,12 @@ public final class OAuth2ClientConfigurer<B extends HttpSecurityBuilder<B>> exte
 
 		/**
 		 * Sets the resolver used for resolving {@link OAuth2AuthorizationRequest}'s.
-		 *
-		 * @param authorizationRequestResolver the resolver used for resolving {@link OAuth2AuthorizationRequest}'s
+		 * @param authorizationRequestResolver the resolver used for resolving
+		 * {@link OAuth2AuthorizationRequest}'s
 		 * @return the {@link AuthorizationCodeGrantConfigurer} for further configuration
 		 */
-		public AuthorizationCodeGrantConfigurer authorizationRequestResolver(OAuth2AuthorizationRequestResolver authorizationRequestResolver) {
+		public AuthorizationCodeGrantConfigurer authorizationRequestResolver(
+				OAuth2AuthorizationRequestResolver authorizationRequestResolver) {
 			Assert.notNull(authorizationRequestResolver, "authorizationRequestResolver cannot be null");
 			this.authorizationRequestResolver = authorizationRequestResolver;
 			return this;
@@ -174,8 +180,8 @@ public final class OAuth2ClientConfigurer<B extends HttpSecurityBuilder<B>> exte
 
 		/**
 		 * Sets the repository used for storing {@link OAuth2AuthorizationRequest}'s.
-		 *
-		 * @param authorizationRequestRepository the repository used for storing {@link OAuth2AuthorizationRequest}'s
+		 * @param authorizationRequestRepository the repository used for storing
+		 * {@link OAuth2AuthorizationRequest}'s
 		 * @return the {@link AuthorizationCodeGrantConfigurer} for further configuration
 		 */
 		public AuthorizationCodeGrantConfigurer authorizationRequestRepository(
@@ -187,9 +193,10 @@ public final class OAuth2ClientConfigurer<B extends HttpSecurityBuilder<B>> exte
 		}
 
 		/**
-		 * Sets the client used for requesting the access token credential from the Token Endpoint.
-		 *
-		 * @param accessTokenResponseClient the client used for requesting the access token credential from the Token Endpoint
+		 * Sets the client used for requesting the access token credential from the Token
+		 * Endpoint.
+		 * @param accessTokenResponseClient the client used for requesting the access
+		 * token credential from the Token Endpoint
 		 * @return the {@link AuthorizationCodeGrantConfigurer} for further configuration
 		 */
 		public AuthorizationCodeGrantConfigurer accessTokenResponseClient(
@@ -202,7 +209,6 @@ public final class OAuth2ClientConfigurer<B extends HttpSecurityBuilder<B>> exte
 
 		/**
 		 * Returns the {@link OAuth2ClientConfigurer} for further configuration.
-		 *
 		 * @return the {@link OAuth2ClientConfigurer}
 		 */
 		public OAuth2ClientConfigurer<B> and() {
@@ -210,25 +216,28 @@ public final class OAuth2ClientConfigurer<B extends HttpSecurityBuilder<B>> exte
 		}
 
 		private void init(B builder) {
-			OAuth2AuthorizationCodeAuthenticationProvider authorizationCodeAuthenticationProvider =
-					new OAuth2AuthorizationCodeAuthenticationProvider(getAccessTokenResponseClient());
+			OAuth2AuthorizationCodeAuthenticationProvider authorizationCodeAuthenticationProvider = new OAuth2AuthorizationCodeAuthenticationProvider(
+					getAccessTokenResponseClient());
 			builder.authenticationProvider(postProcess(authorizationCodeAuthenticationProvider));
 		}
 
 		private void configure(B builder) {
-			OAuth2AuthorizationRequestRedirectFilter authorizationRequestRedirectFilter = createAuthorizationRequestRedirectFilter(builder);
+			OAuth2AuthorizationRequestRedirectFilter authorizationRequestRedirectFilter = createAuthorizationRequestRedirectFilter(
+					builder);
 			builder.addFilter(postProcess(authorizationRequestRedirectFilter));
-			OAuth2AuthorizationCodeGrantFilter authorizationCodeGrantFilter = createAuthorizationCodeGrantFilter(builder);
+			OAuth2AuthorizationCodeGrantFilter authorizationCodeGrantFilter = createAuthorizationCodeGrantFilter(
+					builder);
 			builder.addFilter(postProcess(authorizationCodeGrantFilter));
 		}
 
 		private OAuth2AuthorizationRequestRedirectFilter createAuthorizationRequestRedirectFilter(B builder) {
 			OAuth2AuthorizationRequestResolver resolver = getAuthorizationRequestResolver();
-			OAuth2AuthorizationRequestRedirectFilter authorizationRequestRedirectFilter =
-					new OAuth2AuthorizationRequestRedirectFilter(resolver);
+			OAuth2AuthorizationRequestRedirectFilter authorizationRequestRedirectFilter = new OAuth2AuthorizationRequestRedirectFilter(
+					resolver);
 
 			if (this.authorizationRequestRepository != null) {
-				authorizationRequestRedirectFilter.setAuthorizationRequestRepository(this.authorizationRequestRepository);
+				authorizationRequestRedirectFilter
+						.setAuthorizationRequestRepository(this.authorizationRequestRepository);
 			}
 			RequestCache requestCache = builder.getSharedObject(RequestCache.class);
 			if (requestCache != null) {
@@ -251,8 +260,7 @@ public final class OAuth2ClientConfigurer<B extends HttpSecurityBuilder<B>> exte
 			AuthenticationManager authenticationManager = builder.getSharedObject(AuthenticationManager.class);
 			OAuth2AuthorizationCodeGrantFilter authorizationCodeGrantFilter = new OAuth2AuthorizationCodeGrantFilter(
 					OAuth2ClientConfigurerUtils.getClientRegistrationRepository(builder),
-					OAuth2ClientConfigurerUtils.getAuthorizedClientRepository(builder),
-					authenticationManager);
+					OAuth2ClientConfigurerUtils.getAuthorizedClientRepository(builder), authenticationManager);
 
 			if (this.authorizationRequestRepository != null) {
 				authorizationCodeGrantFilter.setAuthorizationRequestRepository(this.authorizationRequestRepository);
@@ -270,6 +278,7 @@ public final class OAuth2ClientConfigurer<B extends HttpSecurityBuilder<B>> exte
 			}
 			return new DefaultAuthorizationCodeTokenResponseClient();
 		}
+
 	}
 
 	@Override
@@ -281,4 +290,5 @@ public final class OAuth2ClientConfigurer<B extends HttpSecurityBuilder<B>> exte
 	public void configure(B builder) {
 		this.authorizationCodeGrantConfigurer.configure(builder);
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerUtils.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerUtils.java
index 046c607739..2c34dca9bf 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerUtils.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerUtils.java
@@ -41,7 +41,8 @@ final class OAuth2ClientConfigurerUtils {
 	}
 
 	static <B extends HttpSecurityBuilder<B>> ClientRegistrationRepository getClientRegistrationRepository(B builder) {
-		ClientRegistrationRepository clientRegistrationRepository = builder.getSharedObject(ClientRegistrationRepository.class);
+		ClientRegistrationRepository clientRegistrationRepository = builder
+				.getSharedObject(ClientRegistrationRepository.class);
 		if (clientRegistrationRepository == null) {
 			clientRegistrationRepository = getClientRegistrationRepositoryBean(builder);
 			builder.setSharedObject(ClientRegistrationRepository.class, clientRegistrationRepository);
@@ -49,12 +50,15 @@ final class OAuth2ClientConfigurerUtils {
 		return clientRegistrationRepository;
 	}
 
-	private static <B extends HttpSecurityBuilder<B>> ClientRegistrationRepository getClientRegistrationRepositoryBean(B builder) {
+	private static <B extends HttpSecurityBuilder<B>> ClientRegistrationRepository getClientRegistrationRepositoryBean(
+			B builder) {
 		return builder.getSharedObject(ApplicationContext.class).getBean(ClientRegistrationRepository.class);
 	}
 
-	static <B extends HttpSecurityBuilder<B>> OAuth2AuthorizedClientRepository getAuthorizedClientRepository(B builder) {
-		OAuth2AuthorizedClientRepository authorizedClientRepository = builder.getSharedObject(OAuth2AuthorizedClientRepository.class);
+	static <B extends HttpSecurityBuilder<B>> OAuth2AuthorizedClientRepository getAuthorizedClientRepository(
+			B builder) {
+		OAuth2AuthorizedClientRepository authorizedClientRepository = builder
+				.getSharedObject(OAuth2AuthorizedClientRepository.class);
 		if (authorizedClientRepository == null) {
 			authorizedClientRepository = getAuthorizedClientRepositoryBean(builder);
 			if (authorizedClientRepository == null) {
@@ -66,34 +70,45 @@ final class OAuth2ClientConfigurerUtils {
 		return authorizedClientRepository;
 	}
 
-	private static <B extends HttpSecurityBuilder<B>> OAuth2AuthorizedClientRepository getAuthorizedClientRepositoryBean(B builder) {
-		Map<String, OAuth2AuthorizedClientRepository> authorizedClientRepositoryMap = BeanFactoryUtils.beansOfTypeIncludingAncestors(
-				builder.getSharedObject(ApplicationContext.class), OAuth2AuthorizedClientRepository.class);
+	private static <B extends HttpSecurityBuilder<B>> OAuth2AuthorizedClientRepository getAuthorizedClientRepositoryBean(
+			B builder) {
+		Map<String, OAuth2AuthorizedClientRepository> authorizedClientRepositoryMap = BeanFactoryUtils
+				.beansOfTypeIncludingAncestors(builder.getSharedObject(ApplicationContext.class),
+						OAuth2AuthorizedClientRepository.class);
 		if (authorizedClientRepositoryMap.size() > 1) {
-			throw new NoUniqueBeanDefinitionException(OAuth2AuthorizedClientRepository.class, authorizedClientRepositoryMap.size(),
-					"Expected single matching bean of type '" + OAuth2AuthorizedClientRepository.class.getName() + "' but found " +
-							authorizedClientRepositoryMap.size() + ": " + StringUtils.collectionToCommaDelimitedString(authorizedClientRepositoryMap.keySet()));
+			throw new NoUniqueBeanDefinitionException(OAuth2AuthorizedClientRepository.class,
+					authorizedClientRepositoryMap.size(),
+					"Expected single matching bean of type '" + OAuth2AuthorizedClientRepository.class.getName()
+							+ "' but found " + authorizedClientRepositoryMap.size() + ": "
+							+ StringUtils.collectionToCommaDelimitedString(authorizedClientRepositoryMap.keySet()));
 		}
-		return (!authorizedClientRepositoryMap.isEmpty() ? authorizedClientRepositoryMap.values().iterator().next() : null);
+		return (!authorizedClientRepositoryMap.isEmpty() ? authorizedClientRepositoryMap.values().iterator().next()
+				: null);
 	}
 
-
-	private static <B extends HttpSecurityBuilder<B>> OAuth2AuthorizedClientService getAuthorizedClientService(B builder) {
+	private static <B extends HttpSecurityBuilder<B>> OAuth2AuthorizedClientService getAuthorizedClientService(
+			B builder) {
 		OAuth2AuthorizedClientService authorizedClientService = getAuthorizedClientServiceBean(builder);
 		if (authorizedClientService == null) {
-			authorizedClientService = new InMemoryOAuth2AuthorizedClientService(getClientRegistrationRepository(builder));
+			authorizedClientService = new InMemoryOAuth2AuthorizedClientService(
+					getClientRegistrationRepository(builder));
 		}
 		return authorizedClientService;
 	}
 
-	private static <B extends HttpSecurityBuilder<B>> OAuth2AuthorizedClientService getAuthorizedClientServiceBean(B builder) {
-		Map<String, OAuth2AuthorizedClientService> authorizedClientServiceMap = BeanFactoryUtils.beansOfTypeIncludingAncestors(
-				builder.getSharedObject(ApplicationContext.class), OAuth2AuthorizedClientService.class);
+	private static <B extends HttpSecurityBuilder<B>> OAuth2AuthorizedClientService getAuthorizedClientServiceBean(
+			B builder) {
+		Map<String, OAuth2AuthorizedClientService> authorizedClientServiceMap = BeanFactoryUtils
+				.beansOfTypeIncludingAncestors(builder.getSharedObject(ApplicationContext.class),
+						OAuth2AuthorizedClientService.class);
 		if (authorizedClientServiceMap.size() > 1) {
-			throw new NoUniqueBeanDefinitionException(OAuth2AuthorizedClientService.class, authorizedClientServiceMap.size(),
-				"Expected single matching bean of type '" + OAuth2AuthorizedClientService.class.getName() + "' but found " +
-					authorizedClientServiceMap.size() + ": " + StringUtils.collectionToCommaDelimitedString(authorizedClientServiceMap.keySet()));
+			throw new NoUniqueBeanDefinitionException(OAuth2AuthorizedClientService.class,
+					authorizedClientServiceMap.size(),
+					"Expected single matching bean of type '" + OAuth2AuthorizedClientService.class.getName()
+							+ "' but found " + authorizedClientServiceMap.size() + ": "
+							+ StringUtils.collectionToCommaDelimitedString(authorizedClientServiceMap.keySet()));
 		}
 		return (!authorizedClientServiceMap.isEmpty() ? authorizedClientServiceMap.values().iterator().next() : null);
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java
index 91c8f7f128..f30b3f0428 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java
@@ -79,17 +79,18 @@ import org.springframework.util.Assert;
 import org.springframework.util.ClassUtils;
 
 /**
- * An {@link AbstractHttpConfigurer} for OAuth 2.0 Login,
- * which leverages the OAuth 2.0 Authorization Code Grant Flow.
+ * An {@link AbstractHttpConfigurer} for OAuth 2.0 Login, which leverages the OAuth 2.0
+ * Authorization Code Grant Flow.
  *
  * <p>
- * OAuth 2.0 Login provides an application with the capability to have users log in
- * by using their existing account at an OAuth 2.0 or OpenID Connect 1.0 Provider.
+ * OAuth 2.0 Login provides an application with the capability to have users log in by
+ * using their existing account at an OAuth 2.0 or OpenID Connect 1.0 Provider.
  *
  * <p>
- * Defaults are provided for all configuration options with the only required configuration
- * being {@link #clientRegistrationRepository(ClientRegistrationRepository)}.
- * Alternatively, a {@link ClientRegistrationRepository} {@code @Bean} may be registered instead.
+ * Defaults are provided for all configuration options with the only required
+ * configuration being
+ * {@link #clientRegistrationRepository(ClientRegistrationRepository)}. Alternatively, a
+ * {@link ClientRegistrationRepository} {@code @Bean} may be registered instead.
  *
  * <h2>Security Filters</h2>
  *
@@ -118,8 +119,9 @@ import org.springframework.util.ClassUtils;
  * <li>{@link ClientRegistrationRepository}</li>
  * <li>{@link OAuth2AuthorizedClientRepository}</li>
  * <li>{@link GrantedAuthoritiesMapper}</li>
- * <li>{@link DefaultLoginPageGeneratingFilter} - if {@link #loginPage(String)} is not configured
- * and {@code DefaultLoginPageGeneratingFilter} is available, then a default login page will be made available</li>
+ * <li>{@link DefaultLoginPageGeneratingFilter} - if {@link #loginPage(String)} is not
+ * configured and {@code DefaultLoginPageGeneratingFilter} is available, then a default
+ * login page will be made available</li>
  * </ul>
  *
  * @author Joe Grandja
@@ -132,23 +134,28 @@ import org.springframework.util.ClassUtils;
  * @see OAuth2AuthorizedClientRepository
  * @see AbstractAuthenticationFilterConfigurer
  */
-public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> extends
-	AbstractAuthenticationFilterConfigurer<B, OAuth2LoginConfigurer<B>, OAuth2LoginAuthenticationFilter> {
+public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>
+		extends AbstractAuthenticationFilterConfigurer<B, OAuth2LoginConfigurer<B>, OAuth2LoginAuthenticationFilter> {
 
 	private final AuthorizationEndpointConfig authorizationEndpointConfig = new AuthorizationEndpointConfig();
+
 	private final TokenEndpointConfig tokenEndpointConfig = new TokenEndpointConfig();
+
 	private final RedirectionEndpointConfig redirectionEndpointConfig = new RedirectionEndpointConfig();
+
 	private final UserInfoEndpointConfig userInfoEndpointConfig = new UserInfoEndpointConfig();
+
 	private String loginPage;
+
 	private String loginProcessingUrl = OAuth2LoginAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI;
 
 	/**
 	 * Sets the repository of client registrations.
-	 *
 	 * @param clientRegistrationRepository the repository of client registrations
 	 * @return the {@link OAuth2LoginConfigurer} for further configuration
 	 */
-	public OAuth2LoginConfigurer<B> clientRegistrationRepository(ClientRegistrationRepository clientRegistrationRepository) {
+	public OAuth2LoginConfigurer<B> clientRegistrationRepository(
+			ClientRegistrationRepository clientRegistrationRepository) {
 		Assert.notNull(clientRegistrationRepository, "clientRegistrationRepository cannot be null");
 		this.getBuilder().setSharedObject(ClientRegistrationRepository.class, clientRegistrationRepository);
 		return this;
@@ -161,7 +168,8 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> exten
 	 * @param authorizedClientRepository the authorized client repository
 	 * @return the {@link OAuth2LoginConfigurer} for further configuration
 	 */
-	public OAuth2LoginConfigurer<B> authorizedClientRepository(OAuth2AuthorizedClientRepository authorizedClientRepository) {
+	public OAuth2LoginConfigurer<B> authorizedClientRepository(
+			OAuth2AuthorizedClientRepository authorizedClientRepository) {
 		Assert.notNull(authorizedClientRepository, "authorizedClientRepository cannot be null");
 		this.getBuilder().setSharedObject(OAuth2AuthorizedClientRepository.class, authorizedClientRepository);
 		return this;
@@ -169,13 +177,13 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> exten
 
 	/**
 	 * Sets the service for authorized client(s).
-	 *
 	 * @param authorizedClientService the authorized client service
 	 * @return the {@link OAuth2LoginConfigurer} for further configuration
 	 */
 	public OAuth2LoginConfigurer<B> authorizedClientService(OAuth2AuthorizedClientService authorizedClientService) {
 		Assert.notNull(authorizedClientService, "authorizedClientService cannot be null");
-		this.authorizedClientRepository(new AuthenticatedPrincipalOAuth2AuthorizedClientRepository(authorizedClientService));
+		this.authorizedClientRepository(
+				new AuthenticatedPrincipalOAuth2AuthorizedClientRepository(authorizedClientService));
 		return this;
 	}
 
@@ -194,8 +202,8 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> exten
 	}
 
 	/**
-	 * Returns the {@link AuthorizationEndpointConfig} for configuring the Authorization Server's Authorization Endpoint.
-	 *
+	 * Returns the {@link AuthorizationEndpointConfig} for configuring the Authorization
+	 * Server's Authorization Endpoint.
 	 * @return the {@link AuthorizationEndpointConfig}
 	 */
 	public AuthorizationEndpointConfig authorizationEndpoint() {
@@ -204,12 +212,12 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> exten
 
 	/**
 	 * Configures the Authorization Server's Authorization Endpoint.
-	 *
-	 * @param authorizationEndpointCustomizer the {@link Customizer} to provide more options for
-	 * the {@link AuthorizationEndpointConfig}
+	 * @param authorizationEndpointCustomizer the {@link Customizer} to provide more
+	 * options for the {@link AuthorizationEndpointConfig}
 	 * @return the {@link OAuth2LoginConfigurer} for further customizations
 	 */
-	public OAuth2LoginConfigurer<B> authorizationEndpoint(Customizer<AuthorizationEndpointConfig> authorizationEndpointCustomizer) {
+	public OAuth2LoginConfigurer<B> authorizationEndpoint(
+			Customizer<AuthorizationEndpointConfig> authorizationEndpointCustomizer) {
 		authorizationEndpointCustomizer.customize(this.authorizationEndpointConfig);
 		return this;
 	}
@@ -218,8 +226,11 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> exten
 	 * Configuration options for the Authorization Server's Authorization Endpoint.
 	 */
 	public class AuthorizationEndpointConfig {
+
 		private String authorizationRequestBaseUri;
+
 		private OAuth2AuthorizationRequestResolver authorizationRequestResolver;
+
 		private AuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository;
 
 		private AuthorizationEndpointConfig() {
@@ -227,8 +238,8 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> exten
 
 		/**
 		 * Sets the base {@code URI} used for authorization requests.
-		 *
-		 * @param authorizationRequestBaseUri the base {@code URI} used for authorization requests
+		 * @param authorizationRequestBaseUri the base {@code URI} used for authorization
+		 * requests
 		 * @return the {@link AuthorizationEndpointConfig} for further configuration
 		 */
 		public AuthorizationEndpointConfig baseUri(String authorizationRequestBaseUri) {
@@ -241,10 +252,12 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> exten
 		 * Sets the resolver used for resolving {@link OAuth2AuthorizationRequest}'s.
 		 *
 		 * @since 5.1
-		 * @param authorizationRequestResolver the resolver used for resolving {@link OAuth2AuthorizationRequest}'s
+		 * @param authorizationRequestResolver the resolver used for resolving
+		 * {@link OAuth2AuthorizationRequest}'s
 		 * @return the {@link AuthorizationEndpointConfig} for further configuration
 		 */
-		public AuthorizationEndpointConfig authorizationRequestResolver(OAuth2AuthorizationRequestResolver authorizationRequestResolver) {
+		public AuthorizationEndpointConfig authorizationRequestResolver(
+				OAuth2AuthorizationRequestResolver authorizationRequestResolver) {
 			Assert.notNull(authorizationRequestResolver, "authorizationRequestResolver cannot be null");
 			this.authorizationRequestResolver = authorizationRequestResolver;
 			return this;
@@ -252,11 +265,12 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> exten
 
 		/**
 		 * Sets the repository used for storing {@link OAuth2AuthorizationRequest}'s.
-		 *
-		 * @param authorizationRequestRepository the repository used for storing {@link OAuth2AuthorizationRequest}'s
+		 * @param authorizationRequestRepository the repository used for storing
+		 * {@link OAuth2AuthorizationRequest}'s
 		 * @return the {@link AuthorizationEndpointConfig} for further configuration
 		 */
-		public AuthorizationEndpointConfig authorizationRequestRepository(AuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository) {
+		public AuthorizationEndpointConfig authorizationRequestRepository(
+				AuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository) {
 			Assert.notNull(authorizationRequestRepository, "authorizationRequestRepository cannot be null");
 			this.authorizationRequestRepository = authorizationRequestRepository;
 			return this;
@@ -264,17 +278,17 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> exten
 
 		/**
 		 * Returns the {@link OAuth2LoginConfigurer} for further configuration.
-		 *
 		 * @return the {@link OAuth2LoginConfigurer}
 		 */
 		public OAuth2LoginConfigurer<B> and() {
 			return OAuth2LoginConfigurer.this;
 		}
+
 	}
 
 	/**
-	 * Returns the {@link TokenEndpointConfig} for configuring the Authorization Server's Token Endpoint.
-	 *
+	 * Returns the {@link TokenEndpointConfig} for configuring the Authorization Server's
+	 * Token Endpoint.
 	 * @return the {@link TokenEndpointConfig}
 	 */
 	public TokenEndpointConfig tokenEndpoint() {
@@ -283,7 +297,6 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> exten
 
 	/**
 	 * Configures the Authorization Server's Token Endpoint.
-	 *
 	 * @param tokenEndpointCustomizer the {@link Customizer} to provide more options for
 	 * the {@link TokenEndpointConfig}
 	 * @return the {@link OAuth2LoginConfigurer} for further customizations
@@ -298,19 +311,21 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> exten
 	 * Configuration options for the Authorization Server's Token Endpoint.
 	 */
 	public class TokenEndpointConfig {
+
 		private OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient;
 
 		private TokenEndpointConfig() {
 		}
 
 		/**
-		 * Sets the client used for requesting the access token credential from the Token Endpoint.
-		 *
-		 * @param accessTokenResponseClient the client used for requesting the access token credential from the Token Endpoint
+		 * Sets the client used for requesting the access token credential from the Token
+		 * Endpoint.
+		 * @param accessTokenResponseClient the client used for requesting the access
+		 * token credential from the Token Endpoint
 		 * @return the {@link TokenEndpointConfig} for further configuration
 		 */
 		public TokenEndpointConfig accessTokenResponseClient(
-			OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient) {
+				OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient) {
 
 			Assert.notNull(accessTokenResponseClient, "accessTokenResponseClient cannot be null");
 			this.accessTokenResponseClient = accessTokenResponseClient;
@@ -319,17 +334,17 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> exten
 
 		/**
 		 * Returns the {@link OAuth2LoginConfigurer} for further configuration.
-		 *
 		 * @return the {@link OAuth2LoginConfigurer}
 		 */
 		public OAuth2LoginConfigurer<B> and() {
 			return OAuth2LoginConfigurer.this;
 		}
+
 	}
 
 	/**
-	 * Returns the {@link RedirectionEndpointConfig} for configuring the Client's Redirection Endpoint.
-	 *
+	 * Returns the {@link RedirectionEndpointConfig} for configuring the Client's
+	 * Redirection Endpoint.
 	 * @return the {@link RedirectionEndpointConfig}
 	 */
 	public RedirectionEndpointConfig redirectionEndpoint() {
@@ -338,12 +353,12 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> exten
 
 	/**
 	 * Configures the Client's Redirection Endpoint.
-	 *
-	 * @param redirectionEndpointCustomizer the {@link Customizer} to provide more options for
-	 * the {@link RedirectionEndpointConfig}
+	 * @param redirectionEndpointCustomizer the {@link Customizer} to provide more options
+	 * for the {@link RedirectionEndpointConfig}
 	 * @return the {@link OAuth2LoginConfigurer} for further customizations
 	 */
-	public OAuth2LoginConfigurer<B> redirectionEndpoint(Customizer<RedirectionEndpointConfig> redirectionEndpointCustomizer) {
+	public OAuth2LoginConfigurer<B> redirectionEndpoint(
+			Customizer<RedirectionEndpointConfig> redirectionEndpointCustomizer) {
 		redirectionEndpointCustomizer.customize(this.redirectionEndpointConfig);
 		return this;
 	}
@@ -352,6 +367,7 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> exten
 	 * Configuration options for the Client's Redirection Endpoint.
 	 */
 	public class RedirectionEndpointConfig {
+
 		private String authorizationResponseBaseUri;
 
 		private RedirectionEndpointConfig() {
@@ -359,8 +375,8 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> exten
 
 		/**
 		 * Sets the {@code URI} where the authorization response will be processed.
-		 *
-		 * @param authorizationResponseBaseUri the {@code URI} where the authorization response will be processed
+		 * @param authorizationResponseBaseUri the {@code URI} where the authorization
+		 * response will be processed
 		 * @return the {@link RedirectionEndpointConfig} for further configuration
 		 */
 		public RedirectionEndpointConfig baseUri(String authorizationResponseBaseUri) {
@@ -371,17 +387,17 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> exten
 
 		/**
 		 * Returns the {@link OAuth2LoginConfigurer} for further configuration.
-		 *
 		 * @return the {@link OAuth2LoginConfigurer}
 		 */
 		public OAuth2LoginConfigurer<B> and() {
 			return OAuth2LoginConfigurer.this;
 		}
+
 	}
 
 	/**
-	 * Returns the {@link UserInfoEndpointConfig} for configuring the Authorization Server's UserInfo Endpoint.
-	 *
+	 * Returns the {@link UserInfoEndpointConfig} for configuring the Authorization
+	 * Server's UserInfo Endpoint.
 	 * @return the {@link UserInfoEndpointConfig}
 	 */
 	public UserInfoEndpointConfig userInfoEndpoint() {
@@ -390,9 +406,8 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> exten
 
 	/**
 	 * Configures the Authorization Server's UserInfo Endpoint.
-	 *
-	 * @param userInfoEndpointCustomizer the {@link Customizer} to provide more options for
-	 * the {@link UserInfoEndpointConfig}
+	 * @param userInfoEndpointCustomizer the {@link Customizer} to provide more options
+	 * for the {@link UserInfoEndpointConfig}
 	 * @return the {@link OAuth2LoginConfigurer} for further customizations
 	 */
 	public OAuth2LoginConfigurer<B> userInfoEndpoint(Customizer<UserInfoEndpointConfig> userInfoEndpointCustomizer) {
@@ -404,17 +419,21 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> exten
 	 * Configuration options for the Authorization Server's UserInfo Endpoint.
 	 */
 	public class UserInfoEndpointConfig {
+
 		private OAuth2UserService<OAuth2UserRequest, OAuth2User> userService;
+
 		private OAuth2UserService<OidcUserRequest, OidcUser> oidcUserService;
+
 		private Map<String, Class<? extends OAuth2User>> customUserTypes = new HashMap<>();
 
 		private UserInfoEndpointConfig() {
 		}
 
 		/**
-		 * Sets the OAuth 2.0 service used for obtaining the user attributes of the End-User from the UserInfo Endpoint.
-		 *
-		 * @param userService the OAuth 2.0 service used for obtaining the user attributes of the End-User from the UserInfo Endpoint
+		 * Sets the OAuth 2.0 service used for obtaining the user attributes of the
+		 * End-User from the UserInfo Endpoint.
+		 * @param userService the OAuth 2.0 service used for obtaining the user attributes
+		 * of the End-User from the UserInfo Endpoint
 		 * @return the {@link UserInfoEndpointConfig} for further configuration
 		 */
 		public UserInfoEndpointConfig userService(OAuth2UserService<OAuth2UserRequest, OAuth2User> userService) {
@@ -424,9 +443,10 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> exten
 		}
 
 		/**
-		 * Sets the OpenID Connect 1.0 service used for obtaining the user attributes of the End-User from the UserInfo Endpoint.
-		 *
-		 * @param oidcUserService the OpenID Connect 1.0 service used for obtaining the user attributes of the End-User from the UserInfo Endpoint
+		 * Sets the OpenID Connect 1.0 service used for obtaining the user attributes of
+		 * the End-User from the UserInfo Endpoint.
+		 * @param oidcUserService the OpenID Connect 1.0 service used for obtaining the
+		 * user attributes of the End-User from the UserInfo Endpoint
 		 * @return the {@link UserInfoEndpointConfig} for further configuration
 		 */
 		public UserInfoEndpointConfig oidcUserService(OAuth2UserService<OidcUserRequest, OidcUser> oidcUserService) {
@@ -436,17 +456,16 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> exten
 		}
 
 		/**
-		 * Sets a custom {@link OAuth2User} type and associates it to the provided
-		 * client {@link ClientRegistration#getRegistrationId() registration identifier}.
-		 *
+		 * Sets a custom {@link OAuth2User} type and associates it to the provided client
+		 * {@link ClientRegistration#getRegistrationId() registration identifier}.
 		 * @deprecated See {@link CustomUserTypesOAuth2UserService} for alternative usage.
-		 *
 		 * @param customUserType a custom {@link OAuth2User} type
 		 * @param clientRegistrationId the client registration identifier
 		 * @return the {@link UserInfoEndpointConfig} for further configuration
 		 */
 		@Deprecated
-		public UserInfoEndpointConfig customUserType(Class<? extends OAuth2User> customUserType, String clientRegistrationId) {
+		public UserInfoEndpointConfig customUserType(Class<? extends OAuth2User> customUserType,
+				String clientRegistrationId) {
 			Assert.notNull(customUserType, "customUserType cannot be null");
 			Assert.hasText(clientRegistrationId, "clientRegistrationId cannot be empty");
 			this.customUserTypes.put(clientRegistrationId, customUserType);
@@ -454,34 +473,34 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> exten
 		}
 
 		/**
-		 * Sets the {@link GrantedAuthoritiesMapper} used for mapping {@link OAuth2User#getAuthorities()}.
-		 *
-		 * @param userAuthoritiesMapper the {@link GrantedAuthoritiesMapper} used for mapping the user's authorities
+		 * Sets the {@link GrantedAuthoritiesMapper} used for mapping
+		 * {@link OAuth2User#getAuthorities()}.
+		 * @param userAuthoritiesMapper the {@link GrantedAuthoritiesMapper} used for
+		 * mapping the user's authorities
 		 * @return the {@link UserInfoEndpointConfig} for further configuration
 		 */
 		public UserInfoEndpointConfig userAuthoritiesMapper(GrantedAuthoritiesMapper userAuthoritiesMapper) {
 			Assert.notNull(userAuthoritiesMapper, "userAuthoritiesMapper cannot be null");
-			OAuth2LoginConfigurer.this.getBuilder().setSharedObject(GrantedAuthoritiesMapper.class, userAuthoritiesMapper);
+			OAuth2LoginConfigurer.this.getBuilder().setSharedObject(GrantedAuthoritiesMapper.class,
+					userAuthoritiesMapper);
 			return this;
 		}
 
 		/**
 		 * Returns the {@link OAuth2LoginConfigurer} for further configuration.
-		 *
 		 * @return the {@link OAuth2LoginConfigurer}
 		 */
 		public OAuth2LoginConfigurer<B> and() {
 			return OAuth2LoginConfigurer.this;
 		}
+
 	}
 
 	@Override
 	public void init(B http) throws Exception {
-		OAuth2LoginAuthenticationFilter authenticationFilter =
-			new OAuth2LoginAuthenticationFilter(
+		OAuth2LoginAuthenticationFilter authenticationFilter = new OAuth2LoginAuthenticationFilter(
 				OAuth2ClientConfigurerUtils.getClientRegistrationRepository(this.getBuilder()),
-				OAuth2ClientConfigurerUtils.getAuthorizedClientRepository(this.getBuilder()),
-				this.loginProcessingUrl);
+				OAuth2ClientConfigurerUtils.getAuthorizedClientRepository(this.getBuilder()), this.loginProcessingUrl);
 		this.setAuthenticationFilter(authenticationFilter);
 		super.loginProcessingUrl(this.loginProcessingUrl);
 
@@ -489,7 +508,8 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> exten
 			// Set custom login page
 			super.loginPage(this.loginPage);
 			super.init(http);
-		} else {
+		}
+		else {
 			Map<String, String> loginUrlToClientName = this.getLoginLinks();
 			if (loginUrlToClientName.size() == 1) {
 				// Setup auto-redirect to provider login page
@@ -498,33 +518,33 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> exten
 				this.updateAccessDefaults(http);
 				String providerLoginPage = loginUrlToClientName.keySet().iterator().next();
 				this.registerAuthenticationEntryPoint(http, this.getLoginEntryPoint(http, providerLoginPage));
-			} else {
+			}
+			else {
 				super.init(http);
 			}
 		}
 
-		OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient =
-			this.tokenEndpointConfig.accessTokenResponseClient;
+		OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient = this.tokenEndpointConfig.accessTokenResponseClient;
 		if (accessTokenResponseClient == null) {
 			accessTokenResponseClient = new DefaultAuthorizationCodeTokenResponseClient();
 		}
 
 		OAuth2UserService<OAuth2UserRequest, OAuth2User> oauth2UserService = getOAuth2UserService();
-		OAuth2LoginAuthenticationProvider oauth2LoginAuthenticationProvider =
-			new OAuth2LoginAuthenticationProvider(accessTokenResponseClient, oauth2UserService);
+		OAuth2LoginAuthenticationProvider oauth2LoginAuthenticationProvider = new OAuth2LoginAuthenticationProvider(
+				accessTokenResponseClient, oauth2UserService);
 		GrantedAuthoritiesMapper userAuthoritiesMapper = this.getGrantedAuthoritiesMapper();
 		if (userAuthoritiesMapper != null) {
 			oauth2LoginAuthenticationProvider.setAuthoritiesMapper(userAuthoritiesMapper);
 		}
 		http.authenticationProvider(this.postProcess(oauth2LoginAuthenticationProvider));
 
-		boolean oidcAuthenticationProviderEnabled = ClassUtils.isPresent(
-			"org.springframework.security.oauth2.jwt.JwtDecoder", this.getClass().getClassLoader());
+		boolean oidcAuthenticationProviderEnabled = ClassUtils
+				.isPresent("org.springframework.security.oauth2.jwt.JwtDecoder", this.getClass().getClassLoader());
 
 		if (oidcAuthenticationProviderEnabled) {
 			OAuth2UserService<OidcUserRequest, OidcUser> oidcUserService = getOidcUserService();
-			OidcAuthorizationCodeAuthenticationProvider oidcAuthorizationCodeAuthenticationProvider =
-				new OidcAuthorizationCodeAuthenticationProvider(accessTokenResponseClient, oidcUserService);
+			OidcAuthorizationCodeAuthenticationProvider oidcAuthorizationCodeAuthenticationProvider = new OidcAuthorizationCodeAuthenticationProvider(
+					accessTokenResponseClient, oidcUserService);
 			JwtDecoderFactory<ClientRegistration> jwtDecoderFactory = this.getJwtDecoderFactoryBean();
 			if (jwtDecoderFactory != null) {
 				oidcAuthorizationCodeAuthenticationProvider.setJwtDecoderFactory(jwtDecoderFactory);
@@ -533,7 +553,8 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> exten
 				oidcAuthorizationCodeAuthenticationProvider.setAuthoritiesMapper(userAuthoritiesMapper);
 			}
 			http.authenticationProvider(this.postProcess(oidcAuthorizationCodeAuthenticationProvider));
-		} else {
+		}
+		else {
 			http.authenticationProvider(new OidcAuthenticationRequestChecker());
 		}
 
@@ -547,18 +568,20 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> exten
 		if (this.authorizationEndpointConfig.authorizationRequestResolver != null) {
 			authorizationRequestFilter = new OAuth2AuthorizationRequestRedirectFilter(
 					this.authorizationEndpointConfig.authorizationRequestResolver);
-		} else {
+		}
+		else {
 			String authorizationRequestBaseUri = this.authorizationEndpointConfig.authorizationRequestBaseUri;
 			if (authorizationRequestBaseUri == null) {
 				authorizationRequestBaseUri = OAuth2AuthorizationRequestRedirectFilter.DEFAULT_AUTHORIZATION_REQUEST_BASE_URI;
 			}
 			authorizationRequestFilter = new OAuth2AuthorizationRequestRedirectFilter(
-					OAuth2ClientConfigurerUtils.getClientRegistrationRepository(this.getBuilder()), authorizationRequestBaseUri);
+					OAuth2ClientConfigurerUtils.getClientRegistrationRepository(this.getBuilder()),
+					authorizationRequestBaseUri);
 		}
 
 		if (this.authorizationEndpointConfig.authorizationRequestRepository != null) {
-			authorizationRequestFilter.setAuthorizationRequestRepository(
-				this.authorizationEndpointConfig.authorizationRequestRepository);
+			authorizationRequestFilter
+					.setAuthorizationRequestRepository(this.authorizationEndpointConfig.authorizationRequestRepository);
 		}
 		RequestCache requestCache = http.getSharedObject(RequestCache.class);
 		if (requestCache != null) {
@@ -571,8 +594,8 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> exten
 			authenticationFilter.setFilterProcessesUrl(this.redirectionEndpointConfig.authorizationResponseBaseUri);
 		}
 		if (this.authorizationEndpointConfig.authorizationRequestRepository != null) {
-			authenticationFilter.setAuthorizationRequestRepository(
-				this.authorizationEndpointConfig.authorizationRequestRepository);
+			authenticationFilter
+					.setAuthorizationRequestRepository(this.authorizationEndpointConfig.authorizationRequestRepository);
 		}
 		super.configure(http);
 	}
@@ -590,14 +613,15 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> exten
 			throw new NoUniqueBeanDefinitionException(type, names);
 		}
 		if (names.length == 1) {
-			return (JwtDecoderFactory<ClientRegistration>) this.getBuilder().getSharedObject(ApplicationContext.class).getBean(names[0]);
+			return (JwtDecoderFactory<ClientRegistration>) this.getBuilder().getSharedObject(ApplicationContext.class)
+					.getBean(names[0]);
 		}
 		return null;
 	}
 
 	private GrantedAuthoritiesMapper getGrantedAuthoritiesMapper() {
-		GrantedAuthoritiesMapper grantedAuthoritiesMapper =
-				this.getBuilder().getSharedObject(GrantedAuthoritiesMapper.class);
+		GrantedAuthoritiesMapper grantedAuthoritiesMapper = this.getBuilder()
+				.getSharedObject(GrantedAuthoritiesMapper.class);
 		if (grantedAuthoritiesMapper == null) {
 			grantedAuthoritiesMapper = this.getGrantedAuthoritiesMapperBean();
 			if (grantedAuthoritiesMapper != null) {
@@ -608,9 +632,8 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> exten
 	}
 
 	private GrantedAuthoritiesMapper getGrantedAuthoritiesMapperBean() {
-		Map<String, GrantedAuthoritiesMapper> grantedAuthoritiesMapperMap =
-				BeanFactoryUtils.beansOfTypeIncludingAncestors(
-						this.getBuilder().getSharedObject(ApplicationContext.class),
+		Map<String, GrantedAuthoritiesMapper> grantedAuthoritiesMapperMap = BeanFactoryUtils
+				.beansOfTypeIncludingAncestors(this.getBuilder().getSharedObject(ApplicationContext.class),
 						GrantedAuthoritiesMapper.class);
 		return (!grantedAuthoritiesMapperMap.isEmpty() ? grantedAuthoritiesMapperMap.values().iterator().next() : null);
 	}
@@ -619,7 +642,8 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> exten
 		if (this.userInfoEndpointConfig.oidcUserService != null) {
 			return this.userInfoEndpointConfig.oidcUserService;
 		}
-		ResolvableType type = ResolvableType.forClassWithGenerics(OAuth2UserService.class, OidcUserRequest.class, OidcUser.class);
+		ResolvableType type = ResolvableType.forClassWithGenerics(OAuth2UserService.class, OidcUserRequest.class,
+				OidcUser.class);
 		OAuth2UserService<OidcUserRequest, OidcUser> bean = getBeanOrNull(type);
 		if (bean == null) {
 			return new OidcUserService();
@@ -632,7 +656,8 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> exten
 		if (this.userInfoEndpointConfig.userService != null) {
 			return this.userInfoEndpointConfig.userService;
 		}
-		ResolvableType type = ResolvableType.forClassWithGenerics(OAuth2UserService.class, OAuth2UserRequest.class, OAuth2User.class);
+		ResolvableType type = ResolvableType.forClassWithGenerics(OAuth2UserService.class, OAuth2UserRequest.class,
+				OAuth2User.class);
 		OAuth2UserService<OAuth2UserRequest, OAuth2User> bean = getBeanOrNull(type);
 		if (bean == null) {
 			if (!this.userInfoEndpointConfig.customUserTypes.isEmpty()) {
@@ -640,7 +665,8 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> exten
 				userServices.add(new CustomUserTypesOAuth2UserService(this.userInfoEndpointConfig.customUserTypes));
 				userServices.add(new DefaultOAuth2UserService());
 				return new DelegatingOAuth2UserService<>(userServices);
-			} else {
+			}
+			else {
 				return new DefaultOAuth2UserService();
 			}
 		}
@@ -653,7 +679,7 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> exten
 		if (context == null) {
 			return null;
 		}
-		String[] names =  context.getBeanNamesForType(type);
+		String[] names = context.getBeanNamesForType(type);
 		if (names.length == 1) {
 			return (T) context.getBean(names[0]);
 		}
@@ -661,7 +687,8 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> exten
 	}
 
 	private void initDefaultLoginFilter(B http) {
-		DefaultLoginPageGeneratingFilter loginPageGeneratingFilter = http.getSharedObject(DefaultLoginPageGeneratingFilter.class);
+		DefaultLoginPageGeneratingFilter loginPageGeneratingFilter = http
+				.getSharedObject(DefaultLoginPageGeneratingFilter.class);
 		if (loginPageGeneratingFilter == null || this.isCustomLoginPage()) {
 			return;
 		}
@@ -675,8 +702,8 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> exten
 	@SuppressWarnings("unchecked")
 	private Map<String, String> getLoginLinks() {
 		Iterable<ClientRegistration> clientRegistrations = null;
-		ClientRegistrationRepository clientRegistrationRepository =
-				OAuth2ClientConfigurerUtils.getClientRegistrationRepository(this.getBuilder());
+		ClientRegistrationRepository clientRegistrationRepository = OAuth2ClientConfigurerUtils
+				.getClientRegistrationRepository(this.getBuilder());
 		ResolvableType type = ResolvableType.forInstance(clientRegistrationRepository).as(Iterable.class);
 		if (type != ResolvableType.NONE && ClientRegistration.class.isAssignableFrom(type.resolveGenerics()[0])) {
 			clientRegistrations = (Iterable<ClientRegistration>) clientRegistrationRepository;
@@ -685,13 +712,12 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> exten
 			return Collections.emptyMap();
 		}
 
-		String authorizationRequestBaseUri = this.authorizationEndpointConfig.authorizationRequestBaseUri != null ?
-				this.authorizationEndpointConfig.authorizationRequestBaseUri :
-				OAuth2AuthorizationRequestRedirectFilter.DEFAULT_AUTHORIZATION_REQUEST_BASE_URI;
+		String authorizationRequestBaseUri = this.authorizationEndpointConfig.authorizationRequestBaseUri != null
+				? this.authorizationEndpointConfig.authorizationRequestBaseUri
+				: OAuth2AuthorizationRequestRedirectFilter.DEFAULT_AUTHORIZATION_REQUEST_BASE_URI;
 		Map<String, String> loginUrlToClientName = new HashMap<>();
 		clientRegistrations.forEach(registration -> loginUrlToClientName.put(
-				authorizationRequestBaseUri + "/" + registration.getRegistrationId(),
-				registration.getClientName()));
+				authorizationRequestBaseUri + "/" + registration.getRegistrationId(), registration.getClientName()));
 
 		return loginUrlToClientName;
 	}
@@ -720,20 +746,19 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> exten
 
 		@Override
 		public Authentication authenticate(Authentication authentication) throws AuthenticationException {
-			OAuth2LoginAuthenticationToken authorizationCodeAuthentication =
-				(OAuth2LoginAuthenticationToken) authentication;
+			OAuth2LoginAuthenticationToken authorizationCodeAuthentication = (OAuth2LoginAuthenticationToken) authentication;
 
-			// Section 3.1.2.1 Authentication Request - https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
+			// Section 3.1.2.1 Authentication Request -
+			// https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
 			// scope
-			// 		REQUIRED. OpenID Connect requests MUST contain the "openid" scope value.
-			if (authorizationCodeAuthentication.getAuthorizationExchange()
-				.getAuthorizationRequest().getScopes().contains(OidcScopes.OPENID)) {
+			// REQUIRED. OpenID Connect requests MUST contain the "openid" scope value.
+			if (authorizationCodeAuthentication.getAuthorizationExchange().getAuthorizationRequest().getScopes()
+					.contains(OidcScopes.OPENID)) {
 
-				OAuth2Error oauth2Error = new OAuth2Error(
-					"oidc_provider_not_configured",
-					"An OpenID Connect Authentication Provider has not been configured. " +
-						"Check to ensure you include the dependency 'spring-security-oauth2-jose'.",
-					null);
+				OAuth2Error oauth2Error = new OAuth2Error("oidc_provider_not_configured",
+						"An OpenID Connect Authentication Provider has not been configured. "
+								+ "Check to ensure you include the dependency 'spring-security-oauth2-jose'.",
+						null);
 				throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
 			}
 
@@ -744,5 +769,7 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> exten
 		public boolean supports(Class<?> authentication) {
 			return OAuth2LoginAuthenticationToken.class.isAssignableFrom(authentication);
 		}
+
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurer.java
index e28f27e2f7..b37b21ee57 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurer.java
@@ -56,16 +56,19 @@ import static org.springframework.security.oauth2.jwt.NimbusJwtDecoder.withJwkSe
  *
  * An {@link AbstractHttpConfigurer} for OAuth 2.0 Resource Server Support.
  *
- * By default, this wires a {@link BearerTokenAuthenticationFilter}, which can be used to parse the request
- * for bearer tokens and make an authentication attempt.
+ * By default, this wires a {@link BearerTokenAuthenticationFilter}, which can be used to
+ * parse the request for bearer tokens and make an authentication attempt.
  *
  * <p>
  * The following configuration options are available:
  *
  * <ul>
- * <li>{@link #accessDeniedHandler(AccessDeniedHandler)}</li> - customizes how access denied errors are handled
- * <li>{@link #authenticationEntryPoint(AuthenticationEntryPoint)}</li> - customizes how authentication failures are handled
- * <li>{@link #bearerTokenResolver(BearerTokenResolver)} - customizes how to resolve a bearer token from the request</li>
+ * <li>{@link #accessDeniedHandler(AccessDeniedHandler)}</li> - customizes how access
+ * denied errors are handled
+ * <li>{@link #authenticationEntryPoint(AuthenticationEntryPoint)}</li> - customizes how
+ * authentication failures are handled
+ * <li>{@link #bearerTokenResolver(BearerTokenResolver)} - customizes how to resolve a
+ * bearer token from the request</li>
  * <li>{@link #jwt(Customizer)} - enables Jwt-encoded bearer token support</li>
  * <li>{@link #opaqueToken(Customizer)} - enables opaque bearer token support</li>
  * </ul>
@@ -74,33 +77,28 @@ import static org.springframework.security.oauth2.jwt.NimbusJwtDecoder.withJwkSe
  * When using {@link #jwt(Customizer)}, either
  *
  * <ul>
- * <li>
- * supply a Jwk Set Uri via {@link JwtConfigurer#jwkSetUri}, or
- * </li>
- * <li>
- * supply a {@link JwtDecoder} instance via {@link JwtConfigurer#decoder}, or
- * </li>
- * <li>
- * expose a {@link JwtDecoder} bean
- * </li>
+ * <li>supply a Jwk Set Uri via {@link JwtConfigurer#jwkSetUri}, or</li>
+ * <li>supply a {@link JwtDecoder} instance via {@link JwtConfigurer#decoder}, or</li>
+ * <li>expose a {@link JwtDecoder} bean</li>
  * </ul>
  *
  * Also with {@link #jwt(Customizer)} consider
  *
  * <ul>
- * <li>
- * customizing the conversion from a {@link Jwt} to an {@link org.springframework.security.core.Authentication} with
- * {@link JwtConfigurer#jwtAuthenticationConverter(Converter)}
- * </li>
+ * <li>customizing the conversion from a {@link Jwt} to an
+ * {@link org.springframework.security.core.Authentication} with
+ * {@link JwtConfigurer#jwtAuthenticationConverter(Converter)}</li>
  * </ul>
  *
  * <p>
- * When using {@link #opaqueToken(Customizer)}, supply an introspection endpoint and its authentication configuration
+ * When using {@link #opaqueToken(Customizer)}, supply an introspection endpoint and its
+ * authentication configuration
  * </p>
  *
  * <h2>Security Filters</h2>
  *
- * The following {@code Filter}s are populated when {@link #jwt(Customizer)} is configured:
+ * The following {@code Filter}s are populated when {@link #jwt(Customizer)} is
+ * configured:
  *
  * <ul>
  * <li>{@link BearerTokenAuthenticationFilter}</li>
@@ -130,19 +128,23 @@ import static org.springframework.security.oauth2.jwt.NimbusJwtDecoder.withJwkSe
  * @see NimbusJwtDecoder
  * @see AbstractHttpConfigurer
  */
-public final class OAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<H>> extends
-		AbstractHttpConfigurer<OAuth2ResourceServerConfigurer<H>, H> {
+public final class OAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<H>>
+		extends AbstractHttpConfigurer<OAuth2ResourceServerConfigurer<H>, H> {
 
 	private final ApplicationContext context;
 
 	private AuthenticationManagerResolver<HttpServletRequest> authenticationManagerResolver;
+
 	private BearerTokenResolver bearerTokenResolver;
 
 	private JwtConfigurer jwtConfigurer;
+
 	private OpaqueTokenConfigurer opaqueTokenConfigurer;
 
 	private AccessDeniedHandler accessDeniedHandler = new BearerTokenAccessDeniedHandler();
+
 	private AuthenticationEntryPoint authenticationEntryPoint = new BearerTokenAuthenticationEntryPoint();
+
 	private BearerTokenRequestMatcher requestMatcher = new BearerTokenRequestMatcher();
 
 	public OAuth2ResourceServerConfigurer(ApplicationContext context) {
@@ -162,8 +164,8 @@ public final class OAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<
 		return this;
 	}
 
-	public OAuth2ResourceServerConfigurer<H> authenticationManagerResolver
-			(AuthenticationManagerResolver<HttpServletRequest> authenticationManagerResolver) {
+	public OAuth2ResourceServerConfigurer<H> authenticationManagerResolver(
+			AuthenticationManagerResolver<HttpServletRequest> authenticationManagerResolver) {
 		Assert.notNull(authenticationManagerResolver, "authenticationManagerResolver cannot be null");
 		this.authenticationManagerResolver = authenticationManagerResolver;
 		return this;
@@ -176,7 +178,7 @@ public final class OAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<
 	}
 
 	public JwtConfigurer jwt() {
-		if ( this.jwtConfigurer == null ) {
+		if (this.jwtConfigurer == null) {
 			this.jwtConfigurer = new JwtConfigurer(this.context);
 		}
 
@@ -185,13 +187,12 @@ public final class OAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<
 
 	/**
 	 * Enables Jwt-encoded bearer token support.
-	 *
-	 * @param jwtCustomizer the {@link Customizer} to provide more options for
-	 * the {@link JwtConfigurer}
+	 * @param jwtCustomizer the {@link Customizer} to provide more options for the
+	 * {@link JwtConfigurer}
 	 * @return the {@link OAuth2ResourceServerConfigurer} for further customizations
 	 */
 	public OAuth2ResourceServerConfigurer<H> jwt(Customizer<JwtConfigurer> jwtCustomizer) {
-		if ( this.jwtConfigurer == null ) {
+		if (this.jwtConfigurer == null) {
 			this.jwtConfigurer = new JwtConfigurer(this.context);
 		}
 		jwtCustomizer.customize(this.jwtConfigurer);
@@ -208,9 +209,8 @@ public final class OAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<
 
 	/**
 	 * Enables opaque bearer token support.
-	 *
-	 * @param opaqueTokenCustomizer the {@link Customizer} to provide more options for
-	 * the {@link OpaqueTokenConfigurer}
+	 * @param opaqueTokenCustomizer the {@link Customizer} to provide more options for the
+	 * {@link OpaqueTokenConfigurer}
 	 * @return the {@link OAuth2ResourceServerConfigurer} for further customizations
 	 */
 	public OAuth2ResourceServerConfigurer<H> opaqueToken(Customizer<OpaqueTokenConfigurer> opaqueTokenCustomizer) {
@@ -257,28 +257,31 @@ public final class OAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<
 	private void validateConfiguration() {
 		if (this.authenticationManagerResolver == null) {
 			if (this.jwtConfigurer == null && this.opaqueTokenConfigurer == null) {
-				throw new IllegalStateException("Jwt and Opaque Token are the only supported formats for bearer tokens " +
-						"in Spring Security and neither was found. Make sure to configure JWT " +
-						"via http.oauth2ResourceServer().jwt() or Opaque Tokens via " +
-						"http.oauth2ResourceServer().opaqueToken().");
+				throw new IllegalStateException("Jwt and Opaque Token are the only supported formats for bearer tokens "
+						+ "in Spring Security and neither was found. Make sure to configure JWT "
+						+ "via http.oauth2ResourceServer().jwt() or Opaque Tokens via "
+						+ "http.oauth2ResourceServer().opaqueToken().");
 			}
 
 			if (this.jwtConfigurer != null && this.opaqueTokenConfigurer != null) {
-				throw new IllegalStateException("Spring Security only supports JWTs or Opaque Tokens, not both at the " +
-						"same time.");
+				throw new IllegalStateException(
+						"Spring Security only supports JWTs or Opaque Tokens, not both at the " + "same time.");
 			}
-		} else {
+		}
+		else {
 			if (this.jwtConfigurer != null || this.opaqueTokenConfigurer != null) {
-				throw new IllegalStateException("If an authenticationManagerResolver() is configured, then it takes " +
-						"precedence over any jwt() or opaqueToken() configuration.");
+				throw new IllegalStateException("If an authenticationManagerResolver() is configured, then it takes "
+						+ "precedence over any jwt() or opaqueToken() configuration.");
 			}
 		}
 	}
 
 	public class JwtConfigurer {
+
 		private final ApplicationContext context;
 
 		private AuthenticationManager authenticationManager;
+
 		private JwtDecoder decoder;
 
 		private Converter<Jwt, ? extends AbstractAuthenticationToken> jwtAuthenticationConverter;
@@ -303,8 +306,8 @@ public final class OAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<
 			return this;
 		}
 
-		public JwtConfigurer jwtAuthenticationConverter
-				(Converter<Jwt, ? extends AbstractAuthenticationToken> jwtAuthenticationConverter) {
+		public JwtConfigurer jwtAuthenticationConverter(
+				Converter<Jwt, ? extends AbstractAuthenticationToken> jwtAuthenticationConverter) {
 
 			this.jwtAuthenticationConverter = jwtAuthenticationConverter;
 			return this;
@@ -318,7 +321,8 @@ public final class OAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<
 			if (this.jwtAuthenticationConverter == null) {
 				if (this.context.getBeanNamesForType(JwtAuthenticationConverter.class).length > 0) {
 					this.jwtAuthenticationConverter = this.context.getBean(JwtAuthenticationConverter.class);
-				} else {
+				}
+				else {
 					this.jwtAuthenticationConverter = new JwtAuthenticationConverter();
 				}
 			}
@@ -327,7 +331,7 @@ public final class OAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<
 		}
 
 		JwtDecoder getJwtDecoder() {
-			if ( this.decoder == null ) {
+			if (this.decoder == null) {
 				return this.context.getBean(JwtDecoder.class);
 			}
 
@@ -340,11 +344,9 @@ public final class OAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<
 			}
 
 			JwtDecoder decoder = getJwtDecoder();
-			Converter<Jwt, ? extends AbstractAuthenticationToken> jwtAuthenticationConverter =
-					getJwtAuthenticationConverter();
+			Converter<Jwt, ? extends AbstractAuthenticationToken> jwtAuthenticationConverter = getJwtAuthenticationConverter();
 
-			JwtAuthenticationProvider provider =
-					new JwtAuthenticationProvider(decoder);
+			JwtAuthenticationProvider provider = new JwtAuthenticationProvider(decoder);
 			provider.setJwtAuthenticationConverter(jwtAuthenticationConverter);
 			return postProcess(provider);
 		}
@@ -356,15 +358,21 @@ public final class OAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<
 
 			return http.getSharedObject(AuthenticationManager.class);
 		}
+
 	}
 
 	public class OpaqueTokenConfigurer {
+
 		private final ApplicationContext context;
 
 		private AuthenticationManager authenticationManager;
+
 		private String introspectionUri;
+
 		private String clientId;
+
 		private String clientSecret;
+
 		private Supplier<OpaqueTokenIntrospector> introspector;
 
 		OpaqueTokenConfigurer(ApplicationContext context) {
@@ -380,8 +388,8 @@ public final class OAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<
 		public OpaqueTokenConfigurer introspectionUri(String introspectionUri) {
 			Assert.notNull(introspectionUri, "introspectionUri cannot be null");
 			this.introspectionUri = introspectionUri;
-			this.introspector = () ->
-					new NimbusOpaqueTokenIntrospector(this.introspectionUri, this.clientId, this.clientSecret);
+			this.introspector = () -> new NimbusOpaqueTokenIntrospector(this.introspectionUri, this.clientId,
+					this.clientSecret);
 			return this;
 		}
 
@@ -390,8 +398,8 @@ public final class OAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<
 			Assert.notNull(clientSecret, "clientSecret cannot be null");
 			this.clientId = clientId;
 			this.clientSecret = clientSecret;
-			this.introspector = () ->
-					new NimbusOpaqueTokenIntrospector(this.introspectionUri, this.clientId, this.clientSecret);
+			this.introspector = () -> new NimbusOpaqueTokenIntrospector(this.introspectionUri, this.clientId,
+					this.clientSecret);
 			return this;
 		}
 
@@ -423,35 +431,29 @@ public final class OAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<
 
 			return http.getSharedObject(AuthenticationManager.class);
 		}
+
 	}
 
 	private void registerDefaultAccessDeniedHandler(H http) {
-		ExceptionHandlingConfigurer<H> exceptionHandling = http
-				.getConfigurer(ExceptionHandlingConfigurer.class);
+		ExceptionHandlingConfigurer<H> exceptionHandling = http.getConfigurer(ExceptionHandlingConfigurer.class);
 		if (exceptionHandling == null) {
 			return;
 		}
 
-		exceptionHandling.defaultAccessDeniedHandlerFor(
-				this.accessDeniedHandler,
-				this.requestMatcher);
+		exceptionHandling.defaultAccessDeniedHandlerFor(this.accessDeniedHandler, this.requestMatcher);
 	}
 
 	private void registerDefaultEntryPoint(H http) {
-		ExceptionHandlingConfigurer<H> exceptionHandling = http
-				.getConfigurer(ExceptionHandlingConfigurer.class);
+		ExceptionHandlingConfigurer<H> exceptionHandling = http.getConfigurer(ExceptionHandlingConfigurer.class);
 		if (exceptionHandling == null) {
 			return;
 		}
 
-		exceptionHandling.defaultAuthenticationEntryPointFor(
-				this.authenticationEntryPoint,
-				this.requestMatcher);
+		exceptionHandling.defaultAuthenticationEntryPointFor(this.authenticationEntryPoint, this.requestMatcher);
 	}
 
 	private void registerDefaultCsrfOverride(H http) {
-		CsrfConfigurer<H> csrf = http
-				.getConfigurer(CsrfConfigurer.class);
+		CsrfConfigurer<H> csrf = http.getConfigurer(CsrfConfigurer.class);
 		if (csrf == null) {
 			return;
 		}
@@ -484,10 +486,11 @@ public final class OAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<
 	}
 
 	BearerTokenResolver getBearerTokenResolver() {
-		if ( this.bearerTokenResolver == null ) {
-			if ( this.context.getBeanNamesForType(BearerTokenResolver.class).length > 0 ) {
+		if (this.bearerTokenResolver == null) {
+			if (this.context.getBeanNamesForType(BearerTokenResolver.class).length > 0) {
 				this.bearerTokenResolver = this.context.getBean(BearerTokenResolver.class);
-			} else {
+			}
+			else {
 				this.bearerTokenResolver = new DefaultBearerTokenResolver();
 			}
 		}
@@ -496,13 +499,15 @@ public final class OAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<
 	}
 
 	private static final class BearerTokenRequestMatcher implements RequestMatcher {
+
 		private BearerTokenResolver bearerTokenResolver;
 
 		@Override
 		public boolean matches(HttpServletRequest request) {
 			try {
 				return this.bearerTokenResolver.resolve(request) != null;
-			} catch ( OAuth2AuthenticationException e ) {
+			}
+			catch (OAuth2AuthenticationException e) {
 				return false;
 			}
 		}
@@ -511,5 +516,7 @@ public final class OAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<
 			Assert.notNull(tokenResolver, "resolver cannot be null");
 			this.bearerTokenResolver = tokenResolver;
 		}
+
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurer.java
index 4fa74f0053..fd0ee07065 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurer.java
@@ -119,15 +119,20 @@ import org.springframework.security.web.util.matcher.RequestMatcher;
  *
  * @author Rob Winch
  * @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are
- *  <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to migrate</a>
- *  to <a href="https://openid.net/connect/">OpenID Connect</a>, which is supported by <code>spring-security-oauth2</code>.
+ * <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to
+ * migrate</a> to <a href="https://openid.net/connect/">OpenID Connect</a>, which is
+ * supported by <code>spring-security-oauth2</code>.
  * @since 3.2
  */
-public final class OpenIDLoginConfigurer<H extends HttpSecurityBuilder<H>> extends
-		AbstractAuthenticationFilterConfigurer<H, OpenIDLoginConfigurer<H>, OpenIDAuthenticationFilter> {
+public final class OpenIDLoginConfigurer<H extends HttpSecurityBuilder<H>>
+		extends AbstractAuthenticationFilterConfigurer<H, OpenIDLoginConfigurer<H>, OpenIDAuthenticationFilter> {
+
 	private OpenIDConsumer openIDConsumer;
+
 	private ConsumerManager consumerManager;
+
 	private AuthenticationUserDetailsService<OpenIDAuthenticationToken> authenticationUserDetailsService;
+
 	private List<AttributeExchangeConfigurer> attributeExchangeConfigurers = new ArrayList<>();
 
 	/**
@@ -139,29 +144,27 @@ public final class OpenIDLoginConfigurer<H extends HttpSecurityBuilder<H>> exten
 
 	/**
 	 * Sets up OpenID attribute exchange for OpenID's matching the specified pattern.
-	 *
 	 * @param identifierPattern the regular expression for matching on OpenID's (i.e.
 	 * "https://www.google.com/.*", ".*yahoo.com.*", etc)
 	 * @return a {@link AttributeExchangeConfigurer} for further customizations of the
 	 * attribute exchange
 	 */
 	public AttributeExchangeConfigurer attributeExchange(String identifierPattern) {
-		AttributeExchangeConfigurer attributeExchangeConfigurer = new AttributeExchangeConfigurer(
-				identifierPattern);
+		AttributeExchangeConfigurer attributeExchangeConfigurer = new AttributeExchangeConfigurer(identifierPattern);
 		this.attributeExchangeConfigurers.add(attributeExchangeConfigurer);
 		return attributeExchangeConfigurer;
 	}
 
 	/**
-	 * Sets up OpenID attribute exchange for OpenIDs matching the specified pattern.
-	 * The default pattern is &quot;.*&quot;, it can be specified using
+	 * Sets up OpenID attribute exchange for OpenIDs matching the specified pattern. The
+	 * default pattern is &quot;.*&quot;, it can be specified using
 	 * {@link AttributeExchangeConfigurer#identifierPattern(String)}
-	 *
-	 * @param attributeExchangeCustomizer the {@link Customizer} to provide more options for
-	 * the {@link AttributeExchangeConfigurer}
+	 * @param attributeExchangeCustomizer the {@link Customizer} to provide more options
+	 * for the {@link AttributeExchangeConfigurer}
 	 * @return a {@link OpenIDLoginConfigurer} for further customizations
 	 */
-	public OpenIDLoginConfigurer<H> attributeExchange(Customizer<AttributeExchangeConfigurer> attributeExchangeCustomizer) {
+	public OpenIDLoginConfigurer<H> attributeExchange(
+			Customizer<AttributeExchangeConfigurer> attributeExchangeCustomizer) {
 		AttributeExchangeConfigurer attributeExchangeConfigurer = new AttributeExchangeConfigurer(".*");
 		attributeExchangeCustomizer.customize(attributeExchangeConfigurer);
 		this.attributeExchangeConfigurers.add(attributeExchangeConfigurer);
@@ -171,7 +174,6 @@ public final class OpenIDLoginConfigurer<H extends HttpSecurityBuilder<H>> exten
 	/**
 	 * Allows specifying the {@link OpenIDConsumer} to be used. The default is using an
 	 * {@link OpenID4JavaConsumer}.
-	 *
 	 * @param consumer the {@link OpenIDConsumer} to be used
 	 * @return the {@link OpenIDLoginConfigurer} for further customizations
 	 */
@@ -188,7 +190,6 @@ public final class OpenIDLoginConfigurer<H extends HttpSecurityBuilder<H>> exten
 	 * This is a shortcut for specifying the {@link OpenID4JavaConsumer} with a specific
 	 * {@link ConsumerManager} on {@link #consumer(OpenIDConsumer)}.
 	 * </p>
-	 *
 	 * @param consumerManager the {@link ConsumerManager} to use. Cannot be null.
 	 * @return the {@link OpenIDLoginConfigurer} for further customizations
 	 */
@@ -201,7 +202,6 @@ public final class OpenIDLoginConfigurer<H extends HttpSecurityBuilder<H>> exten
 	 * The {@link AuthenticationUserDetailsService} to use. By default a
 	 * {@link UserDetailsByNameServiceWrapper} is used with the {@link UserDetailsService}
 	 * shared object found with {@link HttpSecurity#getSharedObject(Class)}.
-	 *
 	 * @param authenticationUserDetailsService the {@link AuthenticationDetailsSource} to
 	 * use
 	 * @return the {@link OpenIDLoginConfigurer} for further customizations
@@ -216,7 +216,6 @@ public final class OpenIDLoginConfigurer<H extends HttpSecurityBuilder<H>> exten
 	 * Specifies the URL used to authenticate OpenID requests. If the
 	 * {@link HttpServletRequest} matches this URL the {@link OpenIDAuthenticationFilter}
 	 * will attempt to authenticate the request. The default is "/login/openid".
-	 *
 	 * @param loginProcessingUrl the URL used to perform authentication
 	 * @return the {@link OpenIDLoginConfigurer} for additional customization
 	 */
@@ -267,7 +266,6 @@ public final class OpenIDLoginConfigurer<H extends HttpSecurityBuilder<H>> exten
 	 * <li>/authenticate?error GET - redirect here for failed authentication attempts</li>
 	 * <li>/authenticate?logout GET - redirect here after successfully logging out</li>
 	 * </ul>
-	 *
 	 * @param loginPage the login page to redirect to if authentication is required (i.e.
 	 * "/login")
 	 * @return the {@link FormLoginConfigurer} for additional customization
@@ -282,8 +280,7 @@ public final class OpenIDLoginConfigurer<H extends HttpSecurityBuilder<H>> exten
 		super.init(http);
 
 		OpenIDAuthenticationProvider authenticationProvider = new OpenIDAuthenticationProvider();
-		authenticationProvider.setAuthenticationUserDetailsService(
-				getAuthenticationUserDetailsService(http));
+		authenticationProvider.setAuthenticationUserDetailsService(getAuthenticationUserDetailsService(http));
 		authenticationProvider = postProcess(authenticationProvider);
 		http.authenticationProvider(authenticationProvider);
 
@@ -316,8 +313,7 @@ public final class OpenIDLoginConfigurer<H extends HttpSecurityBuilder<H>> exten
 	 */
 	private OpenIDConsumer getConsumer() throws ConsumerException {
 		if (this.openIDConsumer == null) {
-			this.openIDConsumer = new OpenID4JavaConsumer(getConsumerManager(),
-					attributesToFetchFactory());
+			this.openIDConsumer = new OpenID4JavaConsumer(getConsumerManager(), attributesToFetchFactory());
 		}
 		return this.openIDConsumer;
 	}
@@ -337,7 +333,6 @@ public final class OpenIDLoginConfigurer<H extends HttpSecurityBuilder<H>> exten
 	/**
 	 * Creates an {@link RegexBasedAxFetchListFactory} using the attributes populated by
 	 * {@link AttributeExchangeConfigurer}
-	 *
 	 * @return the {@link AxFetchListFactory} to use
 	 */
 	private AxFetchListFactory attributesToFetchFactory() {
@@ -352,23 +347,19 @@ public final class OpenIDLoginConfigurer<H extends HttpSecurityBuilder<H>> exten
 	 * Gets the {@link AuthenticationUserDetailsService} that was configured or defaults
 	 * to {@link UserDetailsByNameServiceWrapper} that uses a {@link UserDetailsService}
 	 * looked up using {@link HttpSecurity#getSharedObject(Class)}
-	 *
 	 * @param http the current {@link HttpSecurity}
 	 * @return the {@link AuthenticationUserDetailsService}.
 	 */
-	private AuthenticationUserDetailsService<OpenIDAuthenticationToken> getAuthenticationUserDetailsService(
-			H http) {
+	private AuthenticationUserDetailsService<OpenIDAuthenticationToken> getAuthenticationUserDetailsService(H http) {
 		if (this.authenticationUserDetailsService != null) {
 			return this.authenticationUserDetailsService;
 		}
-		return new UserDetailsByNameServiceWrapper<>(
-				http.getSharedObject(UserDetailsService.class));
+		return new UserDetailsByNameServiceWrapper<>(http.getSharedObject(UserDetailsService.class));
 	}
 
 	/**
 	 * If available, initializes the {@link DefaultLoginPageGeneratingFilter} shared
 	 * object.
-	 *
 	 * @param http the {@link HttpSecurityBuilder} to use
 	 */
 	private void initDefaultLoginFilter(H http) {
@@ -382,8 +373,8 @@ public final class OpenIDLoginConfigurer<H extends HttpSecurityBuilder<H>> exten
 				loginPageGeneratingFilter.setLoginPageUrl(getLoginPage());
 				loginPageGeneratingFilter.setFailureUrl(getFailureUrl());
 			}
-			loginPageGeneratingFilter.setOpenIDusernameParameter(
-					OpenIDAuthenticationFilter.DEFAULT_CLAIMED_IDENTITY_FIELD);
+			loginPageGeneratingFilter
+					.setOpenIDusernameParameter(OpenIDAuthenticationFilter.DEFAULT_CLAIMED_IDENTITY_FIELD);
 		}
 	}
 
@@ -393,8 +384,11 @@ public final class OpenIDLoginConfigurer<H extends HttpSecurityBuilder<H>> exten
 	 * @author Rob Winch
 	 */
 	public final class AttributeExchangeConfigurer {
+
 		private String identifier;
+
 		private List<OpenIDAttribute> attributes = new ArrayList<>();
+
 		private List<AttributeConfigurer> attributeConfigurers = new ArrayList<>();
 
 		/**
@@ -418,7 +412,6 @@ public final class OpenIDLoginConfigurer<H extends HttpSecurityBuilder<H>> exten
 		/**
 		 * Sets the regular expression for matching on OpenID's (i.e.
 		 * "https://www.google.com/.*", ".*yahoo.com.*", etc)
-		 *
 		 * @param identifierPattern the regular expression for matching on OpenID's
 		 * @return the {@link AttributeExchangeConfigurer} for further customization of
 		 * attribute exchange
@@ -453,9 +446,8 @@ public final class OpenIDLoginConfigurer<H extends HttpSecurityBuilder<H>> exten
 		}
 
 		/**
-		 * Adds an {@link OpenIDAttribute} named &quot;default-attribute&quot;.
-		 * The name can by updated using {@link AttributeConfigurer#name(String)}.
-		 *
+		 * Adds an {@link OpenIDAttribute} named &quot;default-attribute&quot;. The name
+		 * can by updated using {@link AttributeConfigurer#name(String)}.
 		 * @param attributeCustomizer the {@link Customizer} to provide more options for
 		 * the {@link AttributeConfigurer}
 		 * @return a {@link AttributeExchangeConfigurer} for further customizations
@@ -486,14 +478,18 @@ public final class OpenIDLoginConfigurer<H extends HttpSecurityBuilder<H>> exten
 		 * @since 3.2
 		 */
 		public final class AttributeConfigurer {
+
 			private String name;
+
 			private int count = 1;
+
 			private boolean required = false;
+
 			private String type;
 
 			/**
-			 * Creates a new instance named "default-attribute".
-			 * The name can by updated using {@link #name(String)}.
+			 * Creates a new instance named "default-attribute". The name can by updated
+			 * using {@link #name(String)}.
 			 *
 			 * @see AttributeExchangeConfigurer#attribute(String)
 			 */
@@ -525,7 +521,6 @@ public final class OpenIDLoginConfigurer<H extends HttpSecurityBuilder<H>> exten
 			 * <code>false</code>. Note that as outlined in the OpenID specification,
 			 * required attributes are not validated by the OpenID Provider. Developers
 			 * should perform any validation in custom code.
-			 *
 			 * @param required specifies the attribute is required
 			 * @return the {@link AttributeConfigurer} for further customization
 			 */
@@ -557,7 +552,6 @@ public final class OpenIDLoginConfigurer<H extends HttpSecurityBuilder<H>> exten
 			/**
 			 * Gets the {@link AttributeExchangeConfigurer} for further customization of
 			 * the attributes
-			 *
 			 * @return the {@link AttributeConfigurer}
 			 */
 			public AttributeExchangeConfigurer and() {
@@ -574,6 +568,9 @@ public final class OpenIDLoginConfigurer<H extends HttpSecurityBuilder<H>> exten
 				attribute.setRequired(this.required);
 				return attribute;
 			}
+
 		}
+
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurer.java
index ca7b6d2c08..acd115f157 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurer.java
@@ -50,17 +50,19 @@ import org.springframework.util.Assert;
 import static org.springframework.util.StringUtils.hasText;
 
 /**
- * An {@link AbstractHttpConfigurer} for SAML 2.0 Login,
- * which leverages the SAML 2.0 Web Browser Single Sign On (WebSSO) Flow.
+ * An {@link AbstractHttpConfigurer} for SAML 2.0 Login, which leverages the SAML 2.0 Web
+ * Browser Single Sign On (WebSSO) Flow.
  *
  * <p>
- * SAML 2.0 Login provides an application with the capability to have users log in
- * by using their existing account at an SAML 2.0 Identity Provider.
+ * SAML 2.0 Login provides an application with the capability to have users log in by
+ * using their existing account at an SAML 2.0 Identity Provider.
  *
  * <p>
- * Defaults are provided for all configuration options with the only required configuration
- * being {@link #relyingPartyRegistrationRepository(RelyingPartyRegistrationRepository)} .
- * Alternatively, a {@link RelyingPartyRegistrationRepository} {@code @Bean} may be registered instead.
+ * Defaults are provided for all configuration options with the only required
+ * configuration being
+ * {@link #relyingPartyRegistrationRepository(RelyingPartyRegistrationRepository)} .
+ * Alternatively, a {@link RelyingPartyRegistrationRepository} {@code @Bean} may be
+ * registered instead.
  *
  * <h2>Security Filters</h2>
  *
@@ -87,8 +89,9 @@ import static org.springframework.util.StringUtils.hasText;
  * <ul>
  * <li>{@link RelyingPartyRegistrationRepository} (required)</li>
  * <li>{@link Saml2AuthenticationRequestFactory} (optional)</li>
- * <li>{@link DefaultLoginPageGeneratingFilter} - if {@link #loginPage(String)} is not configured
- * and {@code DefaultLoginPageGeneratingFilter} is available, than a default login page will be made available</li>
+ * <li>{@link DefaultLoginPageGeneratingFilter} - if {@link #loginPage(String)} is not
+ * configured and {@code DefaultLoginPageGeneratingFilter} is available, than a default
+ * login page will be made available</li>
  * </ul>
  *
  * @since 5.2
@@ -98,8 +101,8 @@ import static org.springframework.util.StringUtils.hasText;
  * @see RelyingPartyRegistrationRepository
  * @see AbstractAuthenticationFilterConfigurer
  */
-public final class Saml2LoginConfigurer<B extends HttpSecurityBuilder<B>> extends
-		AbstractAuthenticationFilterConfigurer<B, Saml2LoginConfigurer<B>, Saml2WebSsoAuthenticationFilter> {
+public final class Saml2LoginConfigurer<B extends HttpSecurityBuilder<B>>
+		extends AbstractAuthenticationFilterConfigurer<B, Saml2LoginConfigurer<B>, Saml2WebSsoAuthenticationFilter> {
 
 	private String loginPage;
 
@@ -110,14 +113,15 @@ public final class Saml2LoginConfigurer<B extends HttpSecurityBuilder<B>> extend
 	private RelyingPartyRegistrationRepository relyingPartyRegistrationRepository;
 
 	private AuthenticationConverter authenticationConverter;
+
 	private AuthenticationManager authenticationManager;
 
 	private Saml2WebSsoAuthenticationFilter saml2WebSsoAuthenticationFilter;
 
 	/**
-	 * Use this {@link AuthenticationConverter} when converting incoming requests to an {@link Authentication}.
-	 * By default the {@link Saml2AuthenticationTokenConverter} is used.
-	 *
+	 * Use this {@link AuthenticationConverter} when converting incoming requests to an
+	 * {@link Authentication}. By default the {@link Saml2AuthenticationTokenConverter} is
+	 * used.
 	 * @param authenticationConverter the {@link AuthenticationConverter} to use
 	 * @return the {@link Saml2LoginConfigurer} for further configuration
 	 * @since 5.4
@@ -129,12 +133,13 @@ public final class Saml2LoginConfigurer<B extends HttpSecurityBuilder<B>> extend
 	}
 
 	/**
-	 * Allows a configuration of a {@link AuthenticationManager} to be used during SAML 2 authentication.
-	 * If none is specified, the system will create one inject it into the {@link Saml2WebSsoAuthenticationFilter}
+	 * Allows a configuration of a {@link AuthenticationManager} to be used during SAML 2
+	 * authentication. If none is specified, the system will create one inject it into the
+	 * {@link Saml2WebSsoAuthenticationFilter}
 	 * @param authenticationManager the authentication manager to be used
 	 * @return the {@link Saml2LoginConfigurer} for further configuration
-	 * @throws IllegalArgumentException if authenticationManager is null
-	 * 									configure the default manager
+	 * @throws IllegalArgumentException if authenticationManager is null configure the
+	 * default manager
 	 * @since 5.3
 	 */
 	public Saml2LoginConfigurer<B> authenticationManager(AuthenticationManager authenticationManager) {
@@ -144,8 +149,9 @@ public final class Saml2LoginConfigurer<B extends HttpSecurityBuilder<B>> extend
 	}
 
 	/**
-	 * Sets the {@code RelyingPartyRegistrationRepository} of relying parties, each party representing a
-	 * service provider, SP and this host, and identity provider, IDP pair that communicate with each other.
+	 * Sets the {@code RelyingPartyRegistrationRepository} of relying parties, each party
+	 * representing a service provider, SP and this host, and identity provider, IDP pair
+	 * that communicate with each other.
 	 * @param repo the repository of relying parties
 	 * @return the {@link Saml2LoginConfigurer} for further configuration
 	 */
@@ -186,15 +192,14 @@ public final class Saml2LoginConfigurer<B extends HttpSecurityBuilder<B>> extend
 	/**
 	 * {@inheritDoc}
 	 *
-	 * Initializes this filter chain for SAML 2 Login.
-	 * The following actions are taken:
+	 * Initializes this filter chain for SAML 2 Login. The following actions are taken:
 	 * <ul>
-	 *     <li>The WebSSO endpoint has CSRF disabled, typically {@code /login/saml2/sso}</li>
-	 *     <li>A {@link Saml2WebSsoAuthenticationFilter is configured}</li>
-	 *     <li>The {@code loginProcessingUrl} is set</li>
-	 *     <li>A custom login page is configured, <b>or</b></li>
-	 *     <li>A default login page with all SAML 2.0 Identity Providers is configured</li>
-	 *     <li>An {@link OpenSamlAuthenticationProvider} is configured</li>
+	 * <li>The WebSSO endpoint has CSRF disabled, typically {@code /login/saml2/sso}</li>
+	 * <li>A {@link Saml2WebSsoAuthenticationFilter is configured}</li>
+	 * <li>The {@code loginProcessingUrl} is set</li>
+	 * <li>A custom login page is configured, <b>or</b></li>
+	 * <li>A default login page with all SAML 2.0 Identity Providers is configured</li>
+	 * <li>An {@link OpenSamlAuthenticationProvider} is configured</li>
 	 * </ul>
 	 */
 	@Override
@@ -204,10 +209,8 @@ public final class Saml2LoginConfigurer<B extends HttpSecurityBuilder<B>> extend
 			this.relyingPartyRegistrationRepository = getSharedOrBean(http, RelyingPartyRegistrationRepository.class);
 		}
 
-		saml2WebSsoAuthenticationFilter = new Saml2WebSsoAuthenticationFilter(
-				getAuthenticationConverter(http),
-				this.loginProcessingUrl
-		);
+		saml2WebSsoAuthenticationFilter = new Saml2WebSsoAuthenticationFilter(getAuthenticationConverter(http),
+				this.loginProcessingUrl);
 		setAuthenticationFilter(saml2WebSsoAuthenticationFilter);
 		super.loginProcessingUrl(this.loginProcessingUrl);
 
@@ -215,12 +218,10 @@ public final class Saml2LoginConfigurer<B extends HttpSecurityBuilder<B>> extend
 			// Set custom login page
 			super.loginPage(this.loginPage);
 			super.init(http);
-		} else {
-			final Map<String, String> providerUrlMap =
-					getIdentityProviderUrlMap(
-							this.authenticationRequestEndpoint.filterProcessingUrl,
-							this.relyingPartyRegistrationRepository
-					);
+		}
+		else {
+			final Map<String, String> providerUrlMap = getIdentityProviderUrlMap(
+					this.authenticationRequestEndpoint.filterProcessingUrl, this.relyingPartyRegistrationRepository);
 
 			boolean singleProvider = providerUrlMap.size() == 1;
 			if (singleProvider) {
@@ -244,8 +245,9 @@ public final class Saml2LoginConfigurer<B extends HttpSecurityBuilder<B>> extend
 	/**
 	 * {@inheritDoc}
 	 *
-	 * During the {@code configure} phase, a {@link Saml2WebSsoAuthenticationRequestFilter}
-	 * is added to handle SAML 2.0 AuthNRequest redirects
+	 * During the {@code configure} phase, a
+	 * {@link Saml2WebSsoAuthenticationRequestFilter} is added to handle SAML 2.0
+	 * AuthNRequest redirects
 	 */
 	@Override
 	public void configure(B http) throws Exception {
@@ -278,43 +280,31 @@ public final class Saml2LoginConfigurer<B extends HttpSecurityBuilder<B>> extend
 			return;
 		}
 
-		csrf.ignoringRequestMatchers(
-				new AntPathRequestMatcher(loginProcessingUrl)
-		);
+		csrf.ignoringRequestMatchers(new AntPathRequestMatcher(loginProcessingUrl));
 	}
 
 	private void initDefaultLoginFilter(B http) {
-		DefaultLoginPageGeneratingFilter loginPageGeneratingFilter = http.getSharedObject(DefaultLoginPageGeneratingFilter.class);
+		DefaultLoginPageGeneratingFilter loginPageGeneratingFilter = http
+				.getSharedObject(DefaultLoginPageGeneratingFilter.class);
 		if (loginPageGeneratingFilter == null || this.isCustomLoginPage()) {
 			return;
 		}
 
 		loginPageGeneratingFilter.setSaml2LoginEnabled(true);
-		loginPageGeneratingFilter.setSaml2AuthenticationUrlToProviderName(
-				this.getIdentityProviderUrlMap(
-						this.authenticationRequestEndpoint.filterProcessingUrl,
-						this.relyingPartyRegistrationRepository
-				)
-		);
+		loginPageGeneratingFilter.setSaml2AuthenticationUrlToProviderName(this.getIdentityProviderUrlMap(
+				this.authenticationRequestEndpoint.filterProcessingUrl, this.relyingPartyRegistrationRepository));
 		loginPageGeneratingFilter.setLoginPageUrl(this.getLoginPage());
 		loginPageGeneratingFilter.setFailureUrl(this.getFailureUrl());
 	}
 
 	@SuppressWarnings("unchecked")
-	private Map<String, String> getIdentityProviderUrlMap(
-			String authRequestPrefixUrl,
-			RelyingPartyRegistrationRepository idpRepo
-	) {
+	private Map<String, String> getIdentityProviderUrlMap(String authRequestPrefixUrl,
+			RelyingPartyRegistrationRepository idpRepo) {
 		Map<String, String> idps = new LinkedHashMap<>();
 		if (idpRepo instanceof Iterable) {
 			Iterable<RelyingPartyRegistration> repo = (Iterable<RelyingPartyRegistration>) idpRepo;
-			repo.forEach(
-					p ->
-						idps.put(
-								authRequestPrefixUrl.replace("{registrationId}", p.getRegistrationId()),
-								p.getRegistrationId()
-						)
-			);
+			repo.forEach(p -> idps.put(authRequestPrefixUrl.replace("{registrationId}", p.getRegistrationId()),
+					p.getRegistrationId()));
 		}
 		return idps;
 	}
@@ -334,7 +324,9 @@ public final class Saml2LoginConfigurer<B extends HttpSecurityBuilder<B>> extend
 		}
 		try {
 			return context.getBean(clazz);
-		} catch (NoSuchBeanDefinitionException e) {}
+		}
+		catch (NoSuchBeanDefinitionException e) {
+		}
 		return null;
 	}
 
@@ -345,6 +337,7 @@ public final class Saml2LoginConfigurer<B extends HttpSecurityBuilder<B>> extend
 	}
 
 	private final class AuthenticationRequestEndpointConfig {
+
 		private String filterProcessingUrl = "/saml2/authenticate/{registrationId}";
 
 		private AuthenticationRequestEndpointConfig() {
@@ -354,27 +347,28 @@ public final class Saml2LoginConfigurer<B extends HttpSecurityBuilder<B>> extend
 			Saml2AuthenticationRequestFactory authenticationRequestResolver = getResolver(http);
 			Saml2AuthenticationRequestContextResolver contextResolver = getContextResolver(http);
 
-			return postProcess(new Saml2WebSsoAuthenticationRequestFilter(
-					contextResolver, authenticationRequestResolver));
+			return postProcess(
+					new Saml2WebSsoAuthenticationRequestFilter(contextResolver, authenticationRequestResolver));
 		}
 
 		private Saml2AuthenticationRequestFactory getResolver(B http) {
 			Saml2AuthenticationRequestFactory resolver = getSharedOrBean(http, Saml2AuthenticationRequestFactory.class);
-			if (resolver == null ) {
+			if (resolver == null) {
 				resolver = new OpenSamlAuthenticationRequestFactory();
 			}
 			return resolver;
 		}
 
 		private Saml2AuthenticationRequestContextResolver getContextResolver(B http) {
-			Saml2AuthenticationRequestContextResolver resolver = getBeanOrNull(http, Saml2AuthenticationRequestContextResolver.class);
+			Saml2AuthenticationRequestContextResolver resolver = getBeanOrNull(http,
+					Saml2AuthenticationRequestContextResolver.class);
 			if (resolver == null) {
-				return new DefaultSaml2AuthenticationRequestContextResolver(
-						new DefaultRelyingPartyRegistrationResolver(
-								Saml2LoginConfigurer.this.relyingPartyRegistrationRepository));
+				return new DefaultSaml2AuthenticationRequestContextResolver(new DefaultRelyingPartyRegistrationResolver(
+						Saml2LoginConfigurer.this.relyingPartyRegistrationRepository));
 			}
 			return resolver;
 		}
+
 	}
 
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistry.java b/config/src/main/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistry.java
index 79a476ede0..404bc89236 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistry.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistry.java
@@ -44,11 +44,17 @@ import org.springframework.util.StringUtils;
  * @author Rob Winch
  */
 public class MessageSecurityMetadataSourceRegistry {
+
 	private static final String permitAll = "permitAll";
+
 	private static final String denyAll = "denyAll";
+
 	private static final String anonymous = "anonymous";
+
 	private static final String authenticated = "authenticated";
+
 	private static final String fullyAuthenticated = "fullyAuthenticated";
+
 	private static final String rememberMe = "rememberMe";
 
 	private SecurityExpressionHandler<Message<Object>> expressionHandler = new DefaultMessageSecurityExpressionHandler<>();
@@ -61,7 +67,6 @@ public class MessageSecurityMetadataSourceRegistry {
 
 	/**
 	 * Maps any {@link Message} to a security expression.
-	 *
 	 * @return the Expression to associate
 	 */
 	public Constraint anyMessage() {
@@ -72,7 +77,6 @@ public class MessageSecurityMetadataSourceRegistry {
 	 * Maps any {@link Message} that has a null SimpMessageHeaderAccessor destination
 	 * header (i.e. CONNECT, CONNECT_ACK, HEARTBEAT, UNSUBSCRIBE, DISCONNECT,
 	 * DISCONNECT_ACK, OTHER)
-	 *
 	 * @return the Expression to associate
 	 */
 	public Constraint nullDestMatcher() {
@@ -81,7 +85,6 @@ public class MessageSecurityMetadataSourceRegistry {
 
 	/**
 	 * Maps a {@link List} of {@link SimpDestinationMessageMatcher} instances.
-	 *
 	 * @param typesToMatch the {@link SimpMessageType} instance to match on
 	 * @return the {@link Constraint} associated to the matchers.
 	 */
@@ -98,12 +101,10 @@ public class MessageSecurityMetadataSourceRegistry {
 	 * Maps a {@link List} of {@link SimpDestinationMessageMatcher} instances without
 	 * regard to the {@link SimpMessageType}. If no destination is found on the Message,
 	 * then the Matcher returns false.
-	 *
 	 * @param patterns the patterns to create
 	 * {@link org.springframework.security.messaging.util.matcher.SimpDestinationMessageMatcher}
 	 * from. Uses
 	 * {@link MessageSecurityMetadataSourceRegistry#simpDestPathMatcher(PathMatcher)} .
-	 *
 	 * @return the {@link Constraint} that is associated to the {@link MessageMatcher}
 	 * @see MessageSecurityMetadataSourceRegistry#simpDestPathMatcher(PathMatcher)
 	 */
@@ -115,12 +116,10 @@ public class MessageSecurityMetadataSourceRegistry {
 	 * Maps a {@link List} of {@link SimpDestinationMessageMatcher} instances that match
 	 * on {@code SimpMessageType.MESSAGE}. If no destination is found on the Message, then
 	 * the Matcher returns false.
-	 *
 	 * @param patterns the patterns to create
 	 * {@link org.springframework.security.messaging.util.matcher.SimpDestinationMessageMatcher}
 	 * from. Uses
 	 * {@link MessageSecurityMetadataSourceRegistry#simpDestPathMatcher(PathMatcher)}.
-	 *
 	 * @return the {@link Constraint} that is associated to the {@link MessageMatcher}
 	 * @see MessageSecurityMetadataSourceRegistry#simpDestPathMatcher(PathMatcher)
 	 */
@@ -132,12 +131,10 @@ public class MessageSecurityMetadataSourceRegistry {
 	 * Maps a {@link List} of {@link SimpDestinationMessageMatcher} instances that match
 	 * on {@code SimpMessageType.SUBSCRIBE}. If no destination is found on the Message,
 	 * then the Matcher returns false.
-	 *
 	 * @param patterns the patterns to create
 	 * {@link org.springframework.security.messaging.util.matcher.SimpDestinationMessageMatcher}
 	 * from. Uses
 	 * {@link MessageSecurityMetadataSourceRegistry#simpDestPathMatcher(PathMatcher)}.
-	 *
 	 * @return the {@link Constraint} that is associated to the {@link MessageMatcher}
 	 * @see MessageSecurityMetadataSourceRegistry#simpDestPathMatcher(PathMatcher)
 	 */
@@ -148,14 +145,12 @@ public class MessageSecurityMetadataSourceRegistry {
 	/**
 	 * Maps a {@link List} of {@link SimpDestinationMessageMatcher} instances. If no
 	 * destination is found on the Message, then the Matcher returns false.
-	 *
 	 * @param type the {@link SimpMessageType} to match on. If null, the
 	 * {@link SimpMessageType} is not considered for matching.
 	 * @param patterns the patterns to create
 	 * {@link org.springframework.security.messaging.util.matcher.SimpDestinationMessageMatcher}
 	 * from. Uses
 	 * {@link MessageSecurityMetadataSourceRegistry#simpDestPathMatcher(PathMatcher)}.
-	 *
 	 * @return the {@link Constraint} that is associated to the {@link MessageMatcher}
 	 * @see {@link MessageSecurityMetadataSourceRegistry#simpDestPathMatcher(PathMatcher)}
 	 */
@@ -171,13 +166,11 @@ public class MessageSecurityMetadataSourceRegistry {
 	 * The {@link PathMatcher} to be used with the
 	 * {@link MessageSecurityMetadataSourceRegistry#simpDestMatchers(String...)}. The
 	 * default is to use the default constructor of {@link AntPathMatcher}.
-	 *
 	 * @param pathMatcher the {@link PathMatcher} to use. Cannot be null.
 	 * @return the {@link MessageSecurityMetadataSourceRegistry} for further
 	 * customization.
 	 */
-	public MessageSecurityMetadataSourceRegistry simpDestPathMatcher(
-			PathMatcher pathMatcher) {
+	public MessageSecurityMetadataSourceRegistry simpDestPathMatcher(PathMatcher pathMatcher) {
 		Assert.notNull(pathMatcher, "pathMatcher cannot be null");
 		this.pathMatcher.setPathMatcher(pathMatcher);
 		this.defaultPathMatcher = false;
@@ -185,9 +178,10 @@ public class MessageSecurityMetadataSourceRegistry {
 	}
 
 	/**
-	 * Determines if the {@link #simpDestPathMatcher(PathMatcher)} has been explicitly set.
-	 *
-	 * @return true if {@link #simpDestPathMatcher(PathMatcher)} has been explicitly set, else false.
+	 * Determines if the {@link #simpDestPathMatcher(PathMatcher)} has been explicitly
+	 * set.
+	 * @return true if {@link #simpDestPathMatcher(PathMatcher)} has been explicitly set,
+	 * else false.
 	 */
 	protected boolean isSimpDestPathMatcherConfigured() {
 		return !this.defaultPathMatcher;
@@ -195,7 +189,6 @@ public class MessageSecurityMetadataSourceRegistry {
 
 	/**
 	 * Maps a {@link List} of {@link MessageMatcher} instances to a security expression.
-	 *
 	 * @param matchers the {@link MessageMatcher} instances to map.
 	 * @return The {@link Constraint} that is associated to the {@link MessageMatcher}
 	 * instances
@@ -209,14 +202,15 @@ public class MessageSecurityMetadataSourceRegistry {
 	}
 
 	/**
-	 * The {@link SecurityExpressionHandler} to be used. The
-	 * default is to use {@link DefaultMessageSecurityExpressionHandler}.
-	 *
-	 * @param expressionHandler the {@link SecurityExpressionHandler} to use. Cannot be null.
+	 * The {@link SecurityExpressionHandler} to be used. The default is to use
+	 * {@link DefaultMessageSecurityExpressionHandler}.
+	 * @param expressionHandler the {@link SecurityExpressionHandler} to use. Cannot be
+	 * null.
 	 * @return the {@link MessageSecurityMetadataSourceRegistry} for further
 	 * customization.
 	 */
-	public MessageSecurityMetadataSourceRegistry expressionHandler(SecurityExpressionHandler<Message<Object>> expressionHandler) {
+	public MessageSecurityMetadataSourceRegistry expressionHandler(
+			SecurityExpressionHandler<Message<Object>> expressionHandler) {
 		Assert.notNull(expressionHandler, "expressionHandler cannot be null");
 		this.expressionHandler = expressionHandler;
 		return this;
@@ -229,13 +223,11 @@ public class MessageSecurityMetadataSourceRegistry {
 	 * This is not exposed so as not to confuse users of the API, which should never
 	 * invoke this method.
 	 * </p>
-	 *
 	 * @return the {@link MessageSecurityMetadataSource} to use
 	 */
 	protected MessageSecurityMetadataSource createMetadataSource() {
 		LinkedHashMap<MessageMatcher<?>, String> matcherToExpression = new LinkedHashMap<>();
-		for (Map.Entry<MatcherBuilder, String> entry : this.matcherToExpression
-				.entrySet()) {
+		for (Map.Entry<MatcherBuilder, String> entry : this.matcherToExpression.entrySet()) {
 			matcherToExpression.put(entry.getKey().build(), entry.getValue());
 		}
 		return ExpressionBasedMessageSecurityMetadataSourceFactory
@@ -249,7 +241,6 @@ public class MessageSecurityMetadataSourceRegistry {
 	 * This is not exposed so as not to confuse users of the API, which should never need
 	 * to invoke this method.
 	 * </p>
-	 *
 	 * @return true if a mapping was added, else false
 	 */
 	protected boolean containsMapping() {
@@ -261,11 +252,11 @@ public class MessageSecurityMetadataSourceRegistry {
 	 * instances.
 	 */
 	public class Constraint {
+
 		private final List<? extends MatcherBuilder> messageMatchers;
 
 		/**
 		 * Creates a new instance
-		 *
 		 * @param messageMatchers the {@link MessageMatcher} instances to map to this
 		 * constraint
 		 */
@@ -278,7 +269,6 @@ public class MessageSecurityMetadataSourceRegistry {
 		 * Shortcut for specifying {@link Message} instances require a particular role. If
 		 * you do not want to have "ROLE_" automatically inserted see
 		 * {@link #hasAuthority(String)}.
-		 *
 		 * @param role the role to require (i.e. USER, ADMIN, etc). Note, it should not
 		 * start with "ROLE_" as this is automatically inserted.
 		 * @return the {@link MessageSecurityMetadataSourceRegistry} for further
@@ -292,7 +282,6 @@ public class MessageSecurityMetadataSourceRegistry {
 		 * Shortcut for specifying {@link Message} instances require any of a number of
 		 * roles. If you do not want to have "ROLE_" automatically inserted see
 		 * {@link #hasAnyAuthority(String...)}
-		 *
 		 * @param roles the roles to require (i.e. USER, ADMIN, etc). Note, it should not
 		 * start with "ROLE_" as this is automatically inserted.
 		 * @return the {@link MessageSecurityMetadataSourceRegistry} for further
@@ -304,7 +293,6 @@ public class MessageSecurityMetadataSourceRegistry {
 
 		/**
 		 * Specify that {@link Message} instances require a particular authority.
-		 *
 		 * @param authority the authority to require (i.e. ROLE_USER, ROLE_ADMIN, etc).
 		 * @return the {@link MessageSecurityMetadataSourceRegistry} for further
 		 * customization
@@ -315,22 +303,18 @@ public class MessageSecurityMetadataSourceRegistry {
 
 		/**
 		 * Specify that {@link Message} instances requires any of a number authorities.
-		 *
 		 * @param authorities the requests require at least one of the authorities (i.e.
 		 * "ROLE_USER","ROLE_ADMIN" would mean either "ROLE_USER" or "ROLE_ADMIN" is
 		 * required).
 		 * @return the {@link MessageSecurityMetadataSourceRegistry} for further
 		 * customization
 		 */
-		public MessageSecurityMetadataSourceRegistry hasAnyAuthority(
-				String... authorities) {
-			return access(MessageSecurityMetadataSourceRegistry
-					.hasAnyAuthority(authorities));
+		public MessageSecurityMetadataSourceRegistry hasAnyAuthority(String... authorities) {
+			return access(MessageSecurityMetadataSourceRegistry.hasAnyAuthority(authorities));
 		}
 
 		/**
 		 * Specify that Messages are allowed by anyone.
-		 *
 		 * @return the {@link MessageSecurityMetadataSourceRegistry} for further
 		 * customization
 		 */
@@ -340,7 +324,6 @@ public class MessageSecurityMetadataSourceRegistry {
 
 		/**
 		 * Specify that Messages are allowed by anonymous users.
-		 *
 		 * @return the {@link MessageSecurityMetadataSourceRegistry} for further
 		 * customization
 		 */
@@ -350,7 +333,6 @@ public class MessageSecurityMetadataSourceRegistry {
 
 		/**
 		 * Specify that Messages are allowed by users that have been remembered.
-		 *
 		 * @return the {@link MessageSecurityMetadataSourceRegistry} for further
 		 * customization
 		 * @see RememberMeConfigurer
@@ -361,7 +343,6 @@ public class MessageSecurityMetadataSourceRegistry {
 
 		/**
 		 * Specify that Messages are not allowed by anyone.
-		 *
 		 * @return the {@link MessageSecurityMetadataSourceRegistry} for further
 		 * customization
 		 */
@@ -371,7 +352,6 @@ public class MessageSecurityMetadataSourceRegistry {
 
 		/**
 		 * Specify that Messages are allowed by any authenticated user.
-		 *
 		 * @return the {@link MessageSecurityMetadataSourceRegistry} for further
 		 * customization
 		 */
@@ -382,7 +362,6 @@ public class MessageSecurityMetadataSourceRegistry {
 		/**
 		 * Specify that Messages are allowed by users who have authenticated and were not
 		 * "remembered".
-		 *
 		 * @return the {@link MessageSecurityMetadataSourceRegistry} for further
 		 * customization
 		 * @see RememberMeConfigurer
@@ -393,9 +372,8 @@ public class MessageSecurityMetadataSourceRegistry {
 
 		/**
 		 * Allows specifying that Messages are secured by an arbitrary expression
-		 *
-		 * @param attribute the expression to secure the URLs (i.e.
-		 * "hasRole('ROLE_USER') and hasRole('ROLE_SUPER')")
+		 * @param attribute the expression to secure the URLs (i.e. "hasRole('ROLE_USER')
+		 * and hasRole('ROLE_SUPER')")
 		 * @return the {@link MessageSecurityMetadataSourceRegistry} for further
 		 * customization
 		 */
@@ -405,11 +383,11 @@ public class MessageSecurityMetadataSourceRegistry {
 			}
 			return MessageSecurityMetadataSourceRegistry.this;
 		}
+
 	}
 
 	private static String hasAnyRole(String... authorities) {
-		String anyAuthorities = StringUtils.arrayToDelimitedString(authorities,
-				"','ROLE_");
+		String anyAuthorities = StringUtils.arrayToDelimitedString(authorities, "','ROLE_");
 		return "hasAnyRole('ROLE_" + anyAuthorities + "')";
 	}
 
@@ -417,8 +395,7 @@ public class MessageSecurityMetadataSourceRegistry {
 		Assert.notNull(role, "role cannot be null");
 		if (role.startsWith("ROLE_")) {
 			throw new IllegalArgumentException(
-					"role should not start with 'ROLE_' since it is automatically inserted. Got '"
-							+ role + "'");
+					"role should not start with 'ROLE_' since it is automatically inserted. Got '" + role + "'");
 		}
 		return "hasRole('ROLE_" + role + "')";
 	}
@@ -433,6 +410,7 @@ public class MessageSecurityMetadataSourceRegistry {
 	}
 
 	private static class PreBuiltMatcherBuilder implements MatcherBuilder {
+
 		private MessageMatcher<?> matcher;
 
 		private PreBuiltMatcherBuilder(MessageMatcher<?> matcher) {
@@ -442,10 +420,13 @@ public class MessageSecurityMetadataSourceRegistry {
 		public MessageMatcher<?> build() {
 			return matcher;
 		}
+
 	}
 
 	private class PathMatcherMessageMatcherBuilder implements MatcherBuilder {
+
 		private final String pattern;
+
 		private final SimpMessageType type;
 
 		private PathMatcherMessageMatcherBuilder(String pattern, SimpMessageType type) {
@@ -458,22 +439,21 @@ public class MessageSecurityMetadataSourceRegistry {
 				return new SimpDestinationMessageMatcher(pattern, pathMatcher);
 			}
 			else if (SimpMessageType.MESSAGE == type) {
-				return SimpDestinationMessageMatcher.createMessageMatcher(pattern,
-						pathMatcher);
+				return SimpDestinationMessageMatcher.createMessageMatcher(pattern, pathMatcher);
 			}
 			else if (SimpMessageType.SUBSCRIBE == type) {
-				return SimpDestinationMessageMatcher.createSubscribeMatcher(pattern,
-						pathMatcher);
+				return SimpDestinationMessageMatcher.createSubscribeMatcher(pattern, pathMatcher);
 			}
-			throw new IllegalStateException(type
-					+ " is not supported since it does not have a destination");
+			throw new IllegalStateException(type + " is not supported since it does not have a destination");
 		}
+
 	}
 
 	private interface MatcherBuilder {
-		MessageMatcher<?> build();
-	}
 
+		MessageMatcher<?> build();
+
+	}
 
 	static class DelegatingPathMatcher implements PathMatcher {
 
@@ -510,5 +490,7 @@ public class MessageSecurityMetadataSourceRegistry {
 		void setPathMatcher(PathMatcher pathMatcher) {
 			this.delegate = pathMatcher;
 		}
+
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurity.java b/config/src/main/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurity.java
index e3d812db50..c0f7ec0c9b 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurity.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurity.java
@@ -86,8 +86,9 @@ import java.lang.annotation.Target;
 @Retention(RetentionPolicy.RUNTIME)
 @Target(ElementType.TYPE)
 @Documented
-@Import({ServerHttpSecurityConfiguration.class, WebFluxSecurityConfiguration.class,
-		ReactiveOAuth2ClientImportSelector.class})
+@Import({ ServerHttpSecurityConfiguration.class, WebFluxSecurityConfiguration.class,
+		ReactiveOAuth2ClientImportSelector.class })
 @Configuration
 public @interface EnableWebFluxSecurity {
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/reactive/ReactiveOAuth2ClientImportSelector.java b/config/src/main/java/org/springframework/security/config/annotation/web/reactive/ReactiveOAuth2ClientImportSelector.java
index 4cf69de47c..af77f92b0f 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/reactive/ReactiveOAuth2ClientImportSelector.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/reactive/ReactiveOAuth2ClientImportSelector.java
@@ -48,15 +48,17 @@ final class ReactiveOAuth2ClientImportSelector implements ImportSelector {
 	@Override
 	public String[] selectImports(AnnotationMetadata importingClassMetadata) {
 		boolean oauth2ClientPresent = ClassUtils.isPresent(
-				"org.springframework.security.oauth2.client.registration.ClientRegistration", getClass().getClassLoader());
+				"org.springframework.security.oauth2.client.registration.ClientRegistration",
+				getClass().getClassLoader());
 
-		return oauth2ClientPresent ?
-			new String[] { "org.springframework.security.config.annotation.web.reactive.ReactiveOAuth2ClientImportSelector$OAuth2ClientWebFluxSecurityConfiguration" } :
-			new String[] {};
+		return oauth2ClientPresent ? new String[] {
+				"org.springframework.security.config.annotation.web.reactive.ReactiveOAuth2ClientImportSelector$OAuth2ClientWebFluxSecurityConfiguration" }
+				: new String[] {};
 	}
 
 	@Configuration(proxyBeanMethods = false)
 	static class OAuth2ClientWebFluxSecurityConfiguration implements WebFluxConfigurer {
+
 		private ReactiveClientRegistrationRepository clientRegistrationRepository;
 
 		private ServerOAuth2AuthorizedClientRepository authorizedClientRepository;
@@ -66,13 +68,8 @@ final class ReactiveOAuth2ClientImportSelector implements ImportSelector {
 		@Override
 		public void configureArgumentResolvers(ArgumentResolverConfigurer configurer) {
 			if (this.authorizedClientRepository != null && this.clientRegistrationRepository != null) {
-				ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider =
-						ReactiveOAuth2AuthorizedClientProviderBuilder.builder()
-								.authorizationCode()
-								.refreshToken()
-								.clientCredentials()
-								.password()
-								.build();
+				ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider = ReactiveOAuth2AuthorizedClientProviderBuilder
+						.builder().authorizationCode().refreshToken().clientCredentials().password().build();
 				DefaultReactiveOAuth2AuthorizedClientManager authorizedClientManager = new DefaultReactiveOAuth2AuthorizedClientManager(
 						this.clientRegistrationRepository, getAuthorizedClientRepository());
 				authorizedClientManager.setAuthorizedClientProvider(authorizedClientProvider);
@@ -81,8 +78,7 @@ final class ReactiveOAuth2ClientImportSelector implements ImportSelector {
 		}
 
 		@Autowired(required = false)
-		public void setClientRegistrationRepository(
-				ReactiveClientRegistrationRepository clientRegistrationRepository) {
+		public void setClientRegistrationRepository(ReactiveClientRegistrationRepository clientRegistrationRepository) {
 			this.clientRegistrationRepository = clientRegistrationRepository;
 		}
 
@@ -107,5 +103,7 @@ final class ReactiveOAuth2ClientImportSelector implements ImportSelector {
 			}
 			return null;
 		}
+
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfiguration.java
index b7d4b3e3c7..bfef35ed7a 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfiguration.java
@@ -45,7 +45,9 @@ import org.springframework.web.reactive.result.method.annotation.ArgumentResolve
  */
 @Configuration(proxyBeanMethods = false)
 class ServerHttpSecurityConfiguration {
+
 	private static final String BEAN_NAME_PREFIX = "org.springframework.security.config.annotation.web.reactive.HttpSecurityConfiguration.";
+
 	private static final String HTTPSECURITY_BEAN_NAME = BEAN_NAME_PREFIX + "httpSecurity";
 
 	private ReactiveAdapterRegistry adapterRegistry = new ReactiveAdapterRegistry();
@@ -100,7 +102,7 @@ class ServerHttpSecurityConfiguration {
 	@Bean
 	public AuthenticationPrincipalArgumentResolver authenticationPrincipalArgumentResolver() {
 		AuthenticationPrincipalArgumentResolver resolver = new AuthenticationPrincipalArgumentResolver(
-			this.adapterRegistry);
+				this.adapterRegistry);
 		if (this.beanFactory != null) {
 			resolver.setBeanResolver(new BeanFactoryResolver(this.beanFactory));
 		}
@@ -121,10 +123,7 @@ class ServerHttpSecurityConfiguration {
 	@Scope("prototype")
 	public ServerHttpSecurity httpSecurity() {
 		ContextAwareServerHttpSecurity http = new ContextAwareServerHttpSecurity();
-		return http
-			.authenticationManager(authenticationManager())
-			.headers().and()
-			.logout().and();
+		return http.authenticationManager(authenticationManager()).headers().and().logout().and();
 	}
 
 	private ReactiveAuthenticationManager authenticationManager() {
@@ -132,8 +131,8 @@ class ServerHttpSecurityConfiguration {
 			return this.authenticationManager;
 		}
 		if (this.reactiveUserDetailsService != null) {
-			UserDetailsRepositoryReactiveAuthenticationManager manager =
-				new UserDetailsRepositoryReactiveAuthenticationManager(this.reactiveUserDetailsService);
+			UserDetailsRepositoryReactiveAuthenticationManager manager = new UserDetailsRepositoryReactiveAuthenticationManager(
+					this.reactiveUserDetailsService);
 			if (this.passwordEncoder != null) {
 				manager.setPasswordEncoder(this.passwordEncoder);
 			}
@@ -143,12 +142,13 @@ class ServerHttpSecurityConfiguration {
 		return null;
 	}
 
-	private static class ContextAwareServerHttpSecurity extends ServerHttpSecurity implements
-			ApplicationContextAware {
+	private static class ContextAwareServerHttpSecurity extends ServerHttpSecurity implements ApplicationContextAware {
+
 		@Override
-		public void setApplicationContext(ApplicationContext applicationContext)
-				throws BeansException {
+		public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
 			super.setApplicationContext(applicationContext);
 		}
+
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/reactive/WebFluxSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/web/reactive/WebFluxSecurityConfiguration.java
index 368d99c015..559c38d578 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/reactive/WebFluxSecurityConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/reactive/WebFluxSecurityConfiguration.java
@@ -40,11 +40,13 @@ import org.springframework.web.reactive.result.view.AbstractView;
  */
 @Configuration(proxyBeanMethods = false)
 class WebFluxSecurityConfiguration {
+
 	public static final int WEB_FILTER_CHAIN_FILTER_ORDER = 0 - 100;
 
 	private static final String BEAN_NAME_PREFIX = "org.springframework.security.config.annotation.web.reactive.WebFluxSecurityConfiguration.";
 
-	private static final String SPRING_SECURITY_WEBFILTERCHAINFILTER_BEAN_NAME = BEAN_NAME_PREFIX + "WebFilterChainFilter";
+	private static final String SPRING_SECURITY_WEBFILTERCHAINFILTER_BEAN_NAME = BEAN_NAME_PREFIX
+			+ "WebFilterChainFilter";
 
 	public static final String REACTIVE_CLIENT_REGISTRATION_REPOSITORY_CLASSNAME = "org.springframework.security.oauth2.client.registration.ReactiveClientRegistrationRepository";
 
@@ -104,7 +106,8 @@ class WebFluxSecurityConfiguration {
 
 		if (isOAuth2Present && OAuth2ClasspathGuard.shouldConfigure(this.context)) {
 			OAuth2ClasspathGuard.configure(this.context, http);
-		} else {
+		}
+		else {
 			// @formatter:off
 			http
 				.httpBasic().and()
@@ -117,6 +120,7 @@ class WebFluxSecurityConfiguration {
 	}
 
 	private static class OAuth2ClasspathGuard {
+
 		static void configure(ApplicationContext context, ServerHttpSecurity http) {
 			// @formatter:off
 			http
@@ -127,8 +131,11 @@ class WebFluxSecurityConfiguration {
 
 		static boolean shouldConfigure(ApplicationContext context) {
 			ClassLoader loader = context.getClassLoader();
-			Class<?> reactiveClientRegistrationRepositoryClass = ClassUtils.resolveClassName(REACTIVE_CLIENT_REGISTRATION_REPOSITORY_CLASSNAME, loader);
+			Class<?> reactiveClientRegistrationRepositoryClass = ClassUtils
+					.resolveClassName(REACTIVE_CLIENT_REGISTRATION_REPOSITORY_CLASSNAME, loader);
 			return context.getBeanNamesForType(reactiveClientRegistrationRepositoryClass).length == 1;
 		}
+
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/servlet/configuration/EnableWebMvcSecurity.java b/config/src/main/java/org/springframework/security/config/annotation/web/servlet/configuration/EnableWebMvcSecurity.java
index 1afc2c710b..3c0d11f58c 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/servlet/configuration/EnableWebMvcSecurity.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/servlet/configuration/EnableWebMvcSecurity.java
@@ -26,7 +26,6 @@ import org.springframework.security.config.annotation.authentication.configurati
 /**
  * Add this annotation to an {@code @Configuration} class to have the Spring Security
  * configuration integrate with Spring MVC.
- *
  * @deprecated Use EnableWebSecurity instead which will automatically add the Spring MVC
  * related Security items.
  * @author Rob Winch
@@ -40,4 +39,5 @@ import org.springframework.security.config.annotation.authentication.configurati
 @Configuration
 @Deprecated
 public @interface EnableWebMvcSecurity {
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/servlet/configuration/WebMvcSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/web/servlet/configuration/WebMvcSecurityConfiguration.java
index ba1d7204fb..f8bd8f0d65 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/servlet/configuration/WebMvcSecurityConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/servlet/configuration/WebMvcSecurityConfiguration.java
@@ -30,8 +30,10 @@ import org.springframework.web.servlet.support.RequestDataValueProcessor;
 /**
  * Used to add a {@link RequestDataValueProcessor} for Spring MVC and Spring Security CSRF
  * integration. This configuration is added whenever {@link EnableWebMvc} is added by
- * <a href="{@docRoot}/org/springframework/security/config/annotation/web/configuration/SpringWebMvcImportSelector.html">SpringWebMvcImportSelector</a> and the DispatcherServlet is present on the
- * classpath. It also adds the {@link AuthenticationPrincipalArgumentResolver} as a
+ * <a href="
+ * {@docRoot}/org/springframework/security/config/annotation/web/configuration/SpringWebMvcImportSelector.html">SpringWebMvcImportSelector</a>
+ * and the DispatcherServlet is present on the classpath. It also adds the
+ * {@link AuthenticationPrincipalArgumentResolver} as a
  * {@link HandlerMethodArgumentResolver}.
  *
  * @deprecated This is applied internally using SpringWebMvcImportSelector
@@ -54,4 +56,5 @@ public class WebMvcSecurityConfiguration implements WebMvcConfigurer {
 	public RequestDataValueProcessor requestDataValueProcessor() {
 		return new CsrfRequestDataValueProcessor();
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurer.java
index 0bb45a614f..b048d19913 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurer.java
@@ -77,14 +77,14 @@ import org.springframework.web.socket.sockjs.transport.TransportHandlingSockJsSe
  * }
  * </pre>
  *
- *
  * @since 4.0
  * @author Rob Winch
  */
 @Order(Ordered.HIGHEST_PRECEDENCE + 100)
 @Import(ObjectPostProcessorConfiguration.class)
-public abstract class AbstractSecurityWebSocketMessageBrokerConfigurer extends
-		AbstractWebSocketMessageBrokerConfigurer implements SmartInitializingSingleton {
+public abstract class AbstractSecurityWebSocketMessageBrokerConfigurer extends AbstractWebSocketMessageBrokerConfigurer
+		implements SmartInitializingSingleton {
+
 	private final WebSocketMessageSecurityMetadataSourceRegistry inboundRegistry = new WebSocketMessageSecurityMetadataSourceRegistry();
 
 	private SecurityExpressionHandler<Message<Object>> defaultExpressionHandler = new DefaultMessageSecurityExpressionHandler<>();
@@ -117,7 +117,8 @@ public abstract class AbstractSecurityWebSocketMessageBrokerConfigurer extends
 	private PathMatcher getDefaultPathMatcher() {
 		try {
 			return context.getBean(SimpAnnotationMethodMessageHandler.class).getPathMatcher();
-		} catch(NoSuchBeanDefinitionException e) {
+		}
+		catch (NoSuchBeanDefinitionException e) {
 			return new AntPathMatcher();
 		}
 	}
@@ -131,7 +132,6 @@ public abstract class AbstractSecurityWebSocketMessageBrokerConfigurer extends
 	 * <p>
 	 * Subclasses can override this method to disable CSRF protection
 	 * </p>
-	 *
 	 * @return false if a CSRF token is required for connecting, else true
 	 */
 	protected boolean sameOriginDisabled() {
@@ -141,7 +141,6 @@ public abstract class AbstractSecurityWebSocketMessageBrokerConfigurer extends
 	/**
 	 * Allows subclasses to customize the configuration of the {@link ChannelRegistration}
 	 * .
-	 *
 	 * @param registration the {@link ChannelRegistration} to customize
 	 */
 	protected void customizeClientInboundChannel(ChannelRegistration registration) {
@@ -153,7 +152,8 @@ public abstract class AbstractSecurityWebSocketMessageBrokerConfigurer extends
 	}
 
 	@Bean
-	public ChannelSecurityInterceptor inboundChannelSecurity(MessageSecurityMetadataSource messageSecurityMetadataSource) {
+	public ChannelSecurityInterceptor inboundChannelSecurity(
+			MessageSecurityMetadataSource messageSecurityMetadataSource) {
 		ChannelSecurityInterceptor channelSecurityInterceptor = new ChannelSecurityInterceptor(
 				messageSecurityMetadataSource);
 		MessageExpressionVoter<Object> voter = new MessageExpressionVoter<>();
@@ -180,14 +180,13 @@ public abstract class AbstractSecurityWebSocketMessageBrokerConfigurer extends
 	}
 
 	/**
-	 *
 	 * @param messages
 	 */
 	protected void configureInbound(MessageSecurityMetadataSourceRegistry messages) {
 	}
 
-	private static class WebSocketMessageSecurityMetadataSourceRegistry extends
-			MessageSecurityMetadataSourceRegistry {
+	private static class WebSocketMessageSecurityMetadataSourceRegistry extends MessageSecurityMetadataSourceRegistry {
+
 		@Override
 		public MessageSecurityMetadataSource createMetadataSource() {
 			return super.createMetadataSource();
@@ -202,6 +201,7 @@ public abstract class AbstractSecurityWebSocketMessageBrokerConfigurer extends
 		protected boolean isSimpDestPathMatcherConfigured() {
 			return super.isSimpDestPathMatcherConfigured();
 		}
+
 	}
 
 	@Autowired
@@ -226,7 +226,7 @@ public abstract class AbstractSecurityWebSocketMessageBrokerConfigurer extends
 		defaultExpressionHandler = objectPostProcessor.postProcess(defaultExpressionHandler);
 	}
 
-	private  SecurityExpressionHandler<Message<Object>> getMessageExpressionHandler() {
+	private SecurityExpressionHandler<Message<Object>> getMessageExpressionHandler() {
 		if (expressionHandler == null) {
 			return defaultExpressionHandler;
 		}
@@ -239,8 +239,7 @@ public abstract class AbstractSecurityWebSocketMessageBrokerConfigurer extends
 		}
 
 		String beanName = "stompWebSocketHandlerMapping";
-		SimpleUrlHandlerMapping mapping = context.getBean(beanName,
-				SimpleUrlHandlerMapping.class);
+		SimpleUrlHandlerMapping mapping = context.getBean(beanName, SimpleUrlHandlerMapping.class);
 		Map<String, Object> mappings = mapping.getHandlerMap();
 		for (Object object : mappings.values()) {
 			if (object instanceof SockJsHttpRequestHandler) {
@@ -248,38 +247,31 @@ public abstract class AbstractSecurityWebSocketMessageBrokerConfigurer extends
 				SockJsService sockJsService = sockjsHandler.getSockJsService();
 				if (!(sockJsService instanceof TransportHandlingSockJsService)) {
 					throw new IllegalStateException(
-							"sockJsService must be instance of TransportHandlingSockJsService got "
-									+ sockJsService);
+							"sockJsService must be instance of TransportHandlingSockJsService got " + sockJsService);
 				}
 
 				TransportHandlingSockJsService transportHandlingSockJsService = (TransportHandlingSockJsService) sockJsService;
 				List<HandshakeInterceptor> handshakeInterceptors = transportHandlingSockJsService
 						.getHandshakeInterceptors();
-				List<HandshakeInterceptor> interceptorsToSet = new ArrayList<>(
-						handshakeInterceptors.size() + 1);
+				List<HandshakeInterceptor> interceptorsToSet = new ArrayList<>(handshakeInterceptors.size() + 1);
 				interceptorsToSet.add(new CsrfTokenHandshakeInterceptor());
 				interceptorsToSet.addAll(handshakeInterceptors);
 
-				transportHandlingSockJsService
-						.setHandshakeInterceptors(interceptorsToSet);
+				transportHandlingSockJsService.setHandshakeInterceptors(interceptorsToSet);
 			}
 			else if (object instanceof WebSocketHttpRequestHandler) {
 				WebSocketHttpRequestHandler handler = (WebSocketHttpRequestHandler) object;
-				List<HandshakeInterceptor> handshakeInterceptors = handler
-						.getHandshakeInterceptors();
-				List<HandshakeInterceptor> interceptorsToSet = new ArrayList<>(
-						handshakeInterceptors.size() + 1);
+				List<HandshakeInterceptor> handshakeInterceptors = handler.getHandshakeInterceptors();
+				List<HandshakeInterceptor> interceptorsToSet = new ArrayList<>(handshakeInterceptors.size() + 1);
 				interceptorsToSet.add(new CsrfTokenHandshakeInterceptor());
 				interceptorsToSet.addAll(handshakeInterceptors);
 
 				handler.setHandshakeInterceptors(interceptorsToSet);
 			}
 			else {
-				throw new IllegalStateException(
-						"Bean "
-								+ beanName
-								+ " is expected to contain mappings to either a SockJsHttpRequestHandler or a WebSocketHttpRequestHandler but got "
-								+ object);
+				throw new IllegalStateException("Bean " + beanName
+						+ " is expected to contain mappings to either a SockJsHttpRequestHandler or a WebSocketHttpRequestHandler but got "
+						+ object);
 			}
 		}
 
@@ -288,4 +280,5 @@ public abstract class AbstractSecurityWebSocketMessageBrokerConfigurer extends
 			inboundRegistry.simpDestPathMatcher(pathMatcher);
 		}
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/authentication/AbstractUserDetailsServiceBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/authentication/AbstractUserDetailsServiceBeanDefinitionParser.java
index ae1a6e9d21..915c41c698 100644
--- a/config/src/main/java/org/springframework/security/config/authentication/AbstractUserDetailsServiceBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/authentication/AbstractUserDetailsServiceBeanDefinitionParser.java
@@ -32,27 +32,25 @@ import org.w3c.dom.Element;
 /**
  * @author Luke Taylor
  */
-public abstract class AbstractUserDetailsServiceBeanDefinitionParser implements
-		BeanDefinitionParser {
+public abstract class AbstractUserDetailsServiceBeanDefinitionParser implements BeanDefinitionParser {
+
 	static final String CACHE_REF = "cache-ref";
+
 	public static final String CACHING_SUFFIX = ".caching";
 
 	protected abstract String getBeanClassName(Element element);
 
-	protected abstract void doParse(Element element, ParserContext parserContext,
-			BeanDefinitionBuilder builder);
+	protected abstract void doParse(Element element, ParserContext parserContext, BeanDefinitionBuilder builder);
 
 	public BeanDefinition parse(Element element, ParserContext parserContext) {
-		BeanDefinitionBuilder builder = BeanDefinitionBuilder
-				.rootBeanDefinition(getBeanClassName(element));
+		BeanDefinitionBuilder builder = BeanDefinitionBuilder.rootBeanDefinition(getBeanClassName(element));
 
 		doParse(element, parserContext, builder);
 
 		RootBeanDefinition userService = (RootBeanDefinition) builder.getBeanDefinition();
 		final String beanId = resolveId(element, userService, parserContext);
 
-		parserContext.registerBeanComponent(new BeanComponentDefinition(userService,
-				beanId));
+		parserContext.registerBeanComponent(new BeanComponentDefinition(userService, beanId));
 
 		String cacheRef = element.getAttribute(CACHE_REF);
 
@@ -62,18 +60,17 @@ public abstract class AbstractUserDetailsServiceBeanDefinitionParser implements
 					.rootBeanDefinition(CachingUserDetailsService.class);
 			cachingUSBuilder.addConstructorArgReference(beanId);
 
-			cachingUSBuilder.addPropertyValue("userCache", new RuntimeBeanReference(
-					cacheRef));
+			cachingUSBuilder.addPropertyValue("userCache", new RuntimeBeanReference(cacheRef));
 			BeanDefinition cachingUserService = cachingUSBuilder.getBeanDefinition();
-			parserContext.registerBeanComponent(new BeanComponentDefinition(
-					cachingUserService, beanId + CACHING_SUFFIX));
+			parserContext
+					.registerBeanComponent(new BeanComponentDefinition(cachingUserService, beanId + CACHING_SUFFIX));
 		}
 
 		return null;
 	}
 
-	private String resolveId(Element element, AbstractBeanDefinition definition,
-			ParserContext pc) throws BeanDefinitionStoreException {
+	private String resolveId(Element element, AbstractBeanDefinition definition, ParserContext pc)
+			throws BeanDefinitionStoreException {
 
 		String id = element.getAttribute("id");
 
@@ -83,8 +80,7 @@ public abstract class AbstractUserDetailsServiceBeanDefinitionParser implements
 				id = pc.getReaderContext().generateBeanName(definition);
 			}
 			BeanDefinition container = pc.getContainingBeanDefinition();
-			container.getPropertyValues().add("userDetailsService",
-					new RuntimeBeanReference(id));
+			container.getPropertyValues().add("userDetailsService", new RuntimeBeanReference(id));
 		}
 
 		if (StringUtils.hasText(id)) {
@@ -93,10 +89,11 @@ public abstract class AbstractUserDetailsServiceBeanDefinitionParser implements
 
 		// If top level, use the default name or throw an exception if already used
 		if (pc.getRegistry().containsBeanDefinition(BeanIds.USER_DETAILS_SERVICE)) {
-			throw new BeanDefinitionStoreException("No id supplied and another "
-					+ "bean is already registered as " + BeanIds.USER_DETAILS_SERVICE);
+			throw new BeanDefinitionStoreException(
+					"No id supplied and another " + "bean is already registered as " + BeanIds.USER_DETAILS_SERVICE);
 		}
 
 		return BeanIds.USER_DETAILS_SERVICE;
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParser.java
index 57342c9c81..94a57b106f 100644
--- a/config/src/main/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParser.java
@@ -48,8 +48,11 @@ import org.w3c.dom.NodeList;
  * @author Luke Taylor
  */
 public class AuthenticationManagerBeanDefinitionParser implements BeanDefinitionParser {
+
 	private static final String ATT_ALIAS = "alias";
+
 	private static final String ATT_REF = "ref";
+
 	private static final String ATT_ERASE_CREDENTIALS = "erase-credentials";
 
 	public BeanDefinition parse(Element element, ParserContext pc) {
@@ -57,23 +60,19 @@ public class AuthenticationManagerBeanDefinitionParser implements BeanDefinition
 
 		if (!StringUtils.hasText(id)) {
 			if (pc.getRegistry().containsBeanDefinition(BeanIds.AUTHENTICATION_MANAGER)) {
-				pc.getReaderContext().warning(
-						"Overriding globally registered AuthenticationManager",
+				pc.getReaderContext().warning("Overriding globally registered AuthenticationManager",
 						pc.extractSource(element));
 			}
 			id = BeanIds.AUTHENTICATION_MANAGER;
 		}
-		pc.pushContainingComponent(new CompositeComponentDefinition(element.getTagName(),
-				pc.extractSource(element)));
+		pc.pushContainingComponent(new CompositeComponentDefinition(element.getTagName(), pc.extractSource(element)));
 
-		BeanDefinitionBuilder providerManagerBldr = BeanDefinitionBuilder
-				.rootBeanDefinition(ProviderManager.class);
+		BeanDefinitionBuilder providerManagerBldr = BeanDefinitionBuilder.rootBeanDefinition(ProviderManager.class);
 
 		String alias = element.getAttribute(ATT_ALIAS);
 
 		List<BeanMetadataElement> providers = new ManagedList<>();
-		NamespaceHandlerResolver resolver = pc.getReaderContext()
-				.getNamespaceHandlerResolver();
+		NamespaceHandlerResolver resolver = pc.getReaderContext().getNamespaceHandlerResolver();
 
 		NodeList children = element.getChildNodes();
 
@@ -83,31 +82,26 @@ public class AuthenticationManagerBeanDefinitionParser implements BeanDefinition
 				Element providerElt = (Element) node;
 				if (StringUtils.hasText(providerElt.getAttribute(ATT_REF))) {
 					if (providerElt.getAttributes().getLength() > 1) {
-						pc.getReaderContext().error(
-								"authentication-provider element cannot be used with other attributes "
-										+ "when using 'ref' attribute",
-								pc.extractSource(element));
+						pc.getReaderContext()
+								.error("authentication-provider element cannot be used with other attributes "
+										+ "when using 'ref' attribute", pc.extractSource(element));
 					}
 					NodeList providerChildren = providerElt.getChildNodes();
 					for (int j = 0; j < providerChildren.getLength(); j++) {
 						if (providerChildren.item(j) instanceof Element) {
-							pc.getReaderContext().error(
-									"authentication-provider element cannot have child elements when used "
-											+ "with 'ref' attribute",
-									pc.extractSource(element));
+							pc.getReaderContext()
+									.error("authentication-provider element cannot have child elements when used "
+											+ "with 'ref' attribute", pc.extractSource(element));
 						}
 					}
-					providers.add(new RuntimeBeanReference(providerElt
-							.getAttribute(ATT_REF)));
+					providers.add(new RuntimeBeanReference(providerElt.getAttribute(ATT_REF)));
 				}
 				else {
-					BeanDefinition provider = resolver.resolve(
-							providerElt.getNamespaceURI()).parse(providerElt, pc);
-					Assert.notNull(provider, () -> "Parser for " + providerElt.getNodeName()
-							+ " returned a null bean definition");
+					BeanDefinition provider = resolver.resolve(providerElt.getNamespaceURI()).parse(providerElt, pc);
+					Assert.notNull(provider,
+							() -> "Parser for " + providerElt.getNodeName() + " returned a null bean definition");
 					String providerId = pc.getReaderContext().generateBeanName(provider);
-					pc.registerBeanComponent(new BeanComponentDefinition(provider,
-							providerId));
+					pc.registerBeanComponent(new BeanComponentDefinition(provider, providerId));
 					providers.add(new RuntimeBeanReference(providerId));
 				}
 			}
@@ -120,29 +114,24 @@ public class AuthenticationManagerBeanDefinitionParser implements BeanDefinition
 		providerManagerBldr.addConstructorArgValue(providers);
 
 		if ("false".equals(element.getAttribute(ATT_ERASE_CREDENTIALS))) {
-			providerManagerBldr.addPropertyValue("eraseCredentialsAfterAuthentication",
-					false);
+			providerManagerBldr.addPropertyValue("eraseCredentialsAfterAuthentication", false);
 		}
 
 		// Add the default event publisher
-		BeanDefinition publisher = new RootBeanDefinition(
-				DefaultAuthenticationEventPublisher.class);
+		BeanDefinition publisher = new RootBeanDefinition(DefaultAuthenticationEventPublisher.class);
 		String pubId = pc.getReaderContext().generateBeanName(publisher);
 		pc.registerBeanComponent(new BeanComponentDefinition(publisher, pubId));
 		providerManagerBldr.addPropertyReference("authenticationEventPublisher", pubId);
 
-		pc.registerBeanComponent(new BeanComponentDefinition(providerManagerBldr
-				.getBeanDefinition(), id));
+		pc.registerBeanComponent(new BeanComponentDefinition(providerManagerBldr.getBeanDefinition(), id));
 
 		if (StringUtils.hasText(alias)) {
 			pc.getRegistry().registerAlias(id, alias);
-			pc.getReaderContext().fireAliasRegistered(id, alias,
-					pc.extractSource(element));
+			pc.getReaderContext().fireAliasRegistered(id, alias, pc.extractSource(element));
 		}
 		if (!BeanIds.AUTHENTICATION_MANAGER.equals(id)) {
 			pc.getRegistry().registerAlias(id, BeanIds.AUTHENTICATION_MANAGER);
-			pc.getReaderContext().fireAliasRegistered(id, BeanIds.AUTHENTICATION_MANAGER,
-					pc.extractSource(element));
+			pc.getReaderContext().fireAliasRegistered(id, BeanIds.AUTHENTICATION_MANAGER, pc.extractSource(element));
 		}
 
 		pc.popAndRegisterContainingComponent();
@@ -156,15 +145,16 @@ public class AuthenticationManagerBeanDefinitionParser implements BeanDefinition
 	 * from the &lt;http&gt; namespace, such as OpenID, is expected to handle the
 	 * request).
 	 */
-	public static final class NullAuthenticationProvider implements
-			AuthenticationProvider {
-		public Authentication authenticate(Authentication authentication)
-				throws AuthenticationException {
+	public static final class NullAuthenticationProvider implements AuthenticationProvider {
+
+		public Authentication authenticate(Authentication authentication) throws AuthenticationException {
 			return null;
 		}
 
 		public boolean supports(Class<?> authentication) {
 			return false;
 		}
+
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/authentication/AuthenticationManagerFactoryBean.java b/config/src/main/java/org/springframework/security/config/authentication/AuthenticationManagerFactoryBean.java
index 2340bd4fc9..cb92f78bd6 100644
--- a/config/src/main/java/org/springframework/security/config/authentication/AuthenticationManagerFactoryBean.java
+++ b/config/src/main/java/org/springframework/security/config/authentication/AuthenticationManagerFactoryBean.java
@@ -38,9 +38,10 @@ import java.util.Arrays;
  * @author Luke Taylor
  * @since 3.0
  */
-public class AuthenticationManagerFactoryBean implements
-		FactoryBean<AuthenticationManager>, BeanFactoryAware {
+public class AuthenticationManagerFactoryBean implements FactoryBean<AuthenticationManager>, BeanFactoryAware {
+
 	private BeanFactory bf;
+
 	public static final String MISSING_BEAN_ERROR_MESSAGE = "Did you forget to add a global <authentication-manager> element "
 			+ "to your configuration (with child <authentication-provider> elements)? Alternatively you can use the "
 			+ "authentication-manager-ref attribute on your <http> and <global-method-security> elements.";
@@ -56,8 +57,7 @@ public class AuthenticationManagerFactoryBean implements
 
 			UserDetailsService uds = getBeanOrNull(UserDetailsService.class);
 			if (uds == null) {
-				throw new NoSuchBeanDefinitionException(BeanIds.AUTHENTICATION_MANAGER,
-					MISSING_BEAN_ERROR_MESSAGE);
+				throw new NoSuchBeanDefinitionException(BeanIds.AUTHENTICATION_MANAGER, MISSING_BEAN_ERROR_MESSAGE);
 			}
 
 			DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
@@ -67,7 +67,7 @@ public class AuthenticationManagerFactoryBean implements
 				provider.setPasswordEncoder(passwordEncoder);
 			}
 			provider.afterPropertiesSet();
-			return new ProviderManager(Arrays.<AuthenticationProvider> asList(provider));
+			return new ProviderManager(Arrays.<AuthenticationProvider>asList(provider));
 		}
 	}
 
@@ -86,8 +86,10 @@ public class AuthenticationManagerFactoryBean implements
 	private <T> T getBeanOrNull(Class<T> type) {
 		try {
 			return this.bf.getBean(type);
-		} catch (NoSuchBeanDefinitionException noUds) {
+		}
+		catch (NoSuchBeanDefinitionException noUds) {
 			return null;
 		}
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/authentication/AuthenticationProviderBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/authentication/AuthenticationProviderBeanDefinitionParser.java
index 6b56bff9e5..7792499a3c 100644
--- a/config/src/main/java/org/springframework/security/config/authentication/AuthenticationProviderBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/authentication/AuthenticationProviderBeanDefinitionParser.java
@@ -34,6 +34,7 @@ import org.w3c.dom.Element;
  * @author Luke Taylor
  */
 public class AuthenticationProviderBeanDefinitionParser implements BeanDefinitionParser {
+
 	private static final String ATT_USER_DETAILS_REF = "user-service-ref";
 
 	public BeanDefinition parse(Element element, ParserContext pc) {
@@ -45,35 +46,28 @@ public class AuthenticationProviderBeanDefinitionParser implements BeanDefinitio
 		PasswordEncoderParser pep = new PasswordEncoderParser(passwordEncoderElt, pc);
 		BeanMetadataElement passwordEncoder = pep.getPasswordEncoder();
 		if (passwordEncoder != null) {
-			authProvider.getPropertyValues()
-				.addPropertyValue("passwordEncoder", passwordEncoder);
+			authProvider.getPropertyValues().addPropertyValue("passwordEncoder", passwordEncoder);
 		}
 
-		Element userServiceElt = DomUtils.getChildElementByTagName(element,
-				Elements.USER_SERVICE);
+		Element userServiceElt = DomUtils.getChildElementByTagName(element, Elements.USER_SERVICE);
 		if (userServiceElt == null) {
-			userServiceElt = DomUtils.getChildElementByTagName(element,
-					Elements.JDBC_USER_SERVICE);
+			userServiceElt = DomUtils.getChildElementByTagName(element, Elements.JDBC_USER_SERVICE);
 		}
 		if (userServiceElt == null) {
-			userServiceElt = DomUtils.getChildElementByTagName(element,
-					Elements.LDAP_USER_SERVICE);
+			userServiceElt = DomUtils.getChildElementByTagName(element, Elements.LDAP_USER_SERVICE);
 		}
 
 		String ref = element.getAttribute(ATT_USER_DETAILS_REF);
 
 		if (StringUtils.hasText(ref)) {
 			if (userServiceElt != null) {
-				pc.getReaderContext().error(
-						"The " + ATT_USER_DETAILS_REF
-								+ " attribute cannot be used in combination with child"
-								+ "elements '" + Elements.USER_SERVICE + "', '"
-								+ Elements.JDBC_USER_SERVICE + "' or '"
+				pc.getReaderContext()
+						.error("The " + ATT_USER_DETAILS_REF + " attribute cannot be used in combination with child"
+								+ "elements '" + Elements.USER_SERVICE + "', '" + Elements.JDBC_USER_SERVICE + "' or '"
 								+ Elements.LDAP_USER_SERVICE + "'", element);
 			}
 
-			authProvider.getPropertyValues().add("userDetailsService",
-					new RuntimeBeanReference(ref));
+			authProvider.getPropertyValues().add("userDetailsService", new RuntimeBeanReference(ref));
 		}
 		else {
 			// Use the child elements to create the UserDetailsService
@@ -85,15 +79,14 @@ public class AuthenticationProviderBeanDefinitionParser implements BeanDefinitio
 			}
 
 			// Pinch the cache-ref from the UserDetailService element, if set.
-			String cacheRef = userServiceElt
-					.getAttribute(AbstractUserDetailsServiceBeanDefinitionParser.CACHE_REF);
+			String cacheRef = userServiceElt.getAttribute(AbstractUserDetailsServiceBeanDefinitionParser.CACHE_REF);
 
 			if (StringUtils.hasText(cacheRef)) {
-				authProvider.getPropertyValues().addPropertyValue("userCache",
-						new RuntimeBeanReference(cacheRef));
+				authProvider.getPropertyValues().addPropertyValue("userCache", new RuntimeBeanReference(cacheRef));
 			}
 		}
 
 		return authProvider;
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/authentication/JdbcUserServiceBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/authentication/JdbcUserServiceBeanDefinitionParser.java
index 18e35d3286..6387304a21 100644
--- a/config/src/main/java/org/springframework/security/config/authentication/JdbcUserServiceBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/authentication/JdbcUserServiceBeanDefinitionParser.java
@@ -25,8 +25,8 @@ import org.w3c.dom.Element;
 /**
  * @author Luke Taylor
  */
-public class JdbcUserServiceBeanDefinitionParser extends
-		AbstractUserDetailsServiceBeanDefinitionParser {
+public class JdbcUserServiceBeanDefinitionParser extends AbstractUserDetailsServiceBeanDefinitionParser {
+
 	static final String ATT_DATA_SOURCE = "data-source-ref";
 	static final String ATT_USERS_BY_USERNAME_QUERY = "users-by-username-query";
 	static final String ATT_AUTHORITIES_BY_USERNAME_QUERY = "authorities-by-username-query";
@@ -37,16 +37,14 @@ public class JdbcUserServiceBeanDefinitionParser extends
 		return "org.springframework.security.provisioning.JdbcUserDetailsManager";
 	}
 
-	protected void doParse(Element element, ParserContext parserContext,
-			BeanDefinitionBuilder builder) {
+	protected void doParse(Element element, ParserContext parserContext, BeanDefinitionBuilder builder) {
 		String dataSource = element.getAttribute(ATT_DATA_SOURCE);
 
 		if (dataSource != null) {
 			builder.addPropertyReference("dataSource", dataSource);
 		}
 		else {
-			parserContext.getReaderContext().error(
-					ATT_DATA_SOURCE + " is required for " + Elements.JDBC_USER_SERVICE,
+			parserContext.getReaderContext().error(ATT_DATA_SOURCE + " is required for " + Elements.JDBC_USER_SERVICE,
 					parserContext.extractSource(element));
 		}
 
@@ -69,8 +67,8 @@ public class JdbcUserServiceBeanDefinitionParser extends
 
 		if (StringUtils.hasText(groupAuthoritiesQuery)) {
 			builder.addPropertyValue("enableGroups", Boolean.TRUE);
-			builder.addPropertyValue("groupAuthoritiesByUsernameQuery",
-					groupAuthoritiesQuery);
+			builder.addPropertyValue("groupAuthoritiesByUsernameQuery", groupAuthoritiesQuery);
 		}
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/authentication/PasswordEncoderParser.java b/config/src/main/java/org/springframework/security/config/authentication/PasswordEncoderParser.java
index 0e16f1f1c6..0326fff96e 100644
--- a/config/src/main/java/org/springframework/security/config/authentication/PasswordEncoderParser.java
+++ b/config/src/main/java/org/springframework/security/config/authentication/PasswordEncoderParser.java
@@ -14,6 +14,7 @@
  * limitations under the License.
  */
 package org.springframework.security.config.authentication;
+
 import java.util.HashMap;
 import java.util.Map;
 
@@ -35,7 +36,9 @@ import org.w3c.dom.Element;
  * @author Luke Taylor
  */
 public class PasswordEncoderParser {
+
 	static final String ATT_REF = "ref";
+
 	public static final String ATT_HASH = "hash";
 	static final String ATT_BASE_64 = "base64";
 	static final String OPT_HASH_BCRYPT = "bcrypt";
@@ -76,20 +79,18 @@ public class PasswordEncoderParser {
 		}
 		else {
 			passwordEncoder = createPasswordEncoderBeanDefinition(hash, useBase64);
-			((RootBeanDefinition) passwordEncoder).setSource(parserContext
-					.extractSource(element));
+			((RootBeanDefinition) passwordEncoder).setSource(parserContext.extractSource(element));
 		}
 	}
 
-	public static BeanDefinition createPasswordEncoderBeanDefinition(String hash,
-			boolean useBase64) {
+	public static BeanDefinition createPasswordEncoderBeanDefinition(String hash, boolean useBase64) {
 		Class<?> beanClass = ENCODER_CLASSES.get(hash);
-		BeanDefinitionBuilder beanBldr = BeanDefinitionBuilder
-				.rootBeanDefinition(beanClass);
+		BeanDefinitionBuilder beanBldr = BeanDefinitionBuilder.rootBeanDefinition(beanClass);
 		return beanBldr.getBeanDefinition();
 	}
 
 	public BeanMetadataElement getPasswordEncoder() {
 		return passwordEncoder;
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/authentication/UserServiceBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/authentication/UserServiceBeanDefinitionParser.java
index 9394b24460..fc76ad0c9b 100644
--- a/config/src/main/java/org/springframework/security/config/authentication/UserServiceBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/authentication/UserServiceBeanDefinitionParser.java
@@ -38,8 +38,7 @@ import org.w3c.dom.Element;
  * @author Luke Taylor
  * @author Ben Alex
  */
-public class UserServiceBeanDefinitionParser extends
-		AbstractUserDetailsServiceBeanDefinitionParser {
+public class UserServiceBeanDefinitionParser extends AbstractUserDetailsServiceBeanDefinitionParser {
 
 	static final String ATT_PASSWORD = "password";
 	static final String ATT_NAME = "name";
@@ -56,8 +55,7 @@ public class UserServiceBeanDefinitionParser extends
 	}
 
 	@SuppressWarnings("unchecked")
-	protected void doParse(Element element, ParserContext parserContext,
-			BeanDefinitionBuilder builder) {
+	protected void doParse(Element element, ParserContext parserContext, BeanDefinitionBuilder builder) {
 		String userProperties = element.getAttribute(ATT_PROPERTIES);
 		List<Element> userElts = DomUtils.getChildElementsByTagName(element, ELT_USER);
 
@@ -76,10 +74,8 @@ public class UserServiceBeanDefinitionParser extends
 		}
 
 		if (CollectionUtils.isEmpty(userElts)) {
-			throw new BeanDefinitionStoreException(
-					"You must supply user definitions, either with <" + ELT_USER
-							+ "> child elements or a " + "properties file (using the '"
-							+ ATT_PROPERTIES + "' attribute)");
+			throw new BeanDefinitionStoreException("You must supply user definitions, either with <" + ELT_USER
+					+ "> child elements or a " + "properties file (using the '" + ATT_PROPERTIES + "' attribute)");
 		}
 
 		ManagedList<BeanDefinition> users = new ManagedList<>();
@@ -95,13 +91,11 @@ public class UserServiceBeanDefinitionParser extends
 
 			boolean locked = "true".equals(userElt.getAttribute(ATT_LOCKED));
 			boolean disabled = "true".equals(userElt.getAttribute(ATT_DISABLED));
-			BeanDefinitionBuilder authorities = BeanDefinitionBuilder
-					.rootBeanDefinition(AuthorityUtils.class);
+			BeanDefinitionBuilder authorities = BeanDefinitionBuilder.rootBeanDefinition(AuthorityUtils.class);
 			authorities.addConstructorArgValue(userElt.getAttribute(ATT_AUTHORITIES));
 			authorities.setFactoryMethod("commaSeparatedStringToAuthorityList");
 
-			BeanDefinitionBuilder user = BeanDefinitionBuilder
-					.rootBeanDefinition(User.class);
+			BeanDefinitionBuilder user = BeanDefinitionBuilder.rootBeanDefinition(User.class);
 			user.addConstructorArgValue(userName);
 			user.addConstructorArgValue(password);
 			user.addConstructorArgValue(!disabled);
@@ -128,4 +122,5 @@ public class UserServiceBeanDefinitionParser extends
 		}
 		return Long.toString(random.nextLong());
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/authentication/package-info.java b/config/src/main/java/org/springframework/security/config/authentication/package-info.java
index 8c0422b51c..d3fb6b02f5 100644
--- a/config/src/main/java/org/springframework/security/config/authentication/package-info.java
+++ b/config/src/main/java/org/springframework/security/config/authentication/package-info.java
@@ -17,4 +17,3 @@
  * Parsing of &lt;authentication-manager&gt; and related elements.
  */
 package org.springframework.security.config.authentication;
-
diff --git a/config/src/main/java/org/springframework/security/config/core/GrantedAuthorityDefaults.java b/config/src/main/java/org/springframework/security/config/core/GrantedAuthorityDefaults.java
index 62d548262d..0a479ad2ec 100644
--- a/config/src/main/java/org/springframework/security/config/core/GrantedAuthorityDefaults.java
+++ b/config/src/main/java/org/springframework/security/config/core/GrantedAuthorityDefaults.java
@@ -33,10 +33,10 @@ public final class GrantedAuthorityDefaults {
 
 	/**
 	 * The default prefix used with role based authorization. Default is "ROLE_".
-	 *
 	 * @return the default role prefix
 	 */
 	public String getRolePrefix() {
 		return this.rolePrefix;
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/core/userdetails/ReactiveUserDetailsServiceResourceFactoryBean.java b/config/src/main/java/org/springframework/security/config/core/userdetails/ReactiveUserDetailsServiceResourceFactoryBean.java
index 5f038883d6..7f9b9bd385 100644
--- a/config/src/main/java/org/springframework/security/config/core/userdetails/ReactiveUserDetailsServiceResourceFactoryBean.java
+++ b/config/src/main/java/org/springframework/security/config/core/userdetails/ReactiveUserDetailsServiceResourceFactoryBean.java
@@ -27,14 +27,16 @@ import org.springframework.security.util.InMemoryResource;
 import java.util.Collection;
 
 /**
- * Constructs an {@link MapReactiveUserDetailsService} from a resource using {@link UserDetailsResourceFactoryBean}.
+ * Constructs an {@link MapReactiveUserDetailsService} from a resource using
+ * {@link UserDetailsResourceFactoryBean}.
  *
  * @author Rob Winch
  * @since 5.0
  * @see UserDetailsResourceFactoryBean
  */
 public class ReactiveUserDetailsServiceResourceFactoryBean
-	implements ResourceLoaderAware, FactoryBean<MapReactiveUserDetailsService> {
+		implements ResourceLoaderAware, FactoryBean<MapReactiveUserDetailsService> {
+
 	private UserDetailsResourceFactoryBean userDetails = new UserDetailsResourceFactoryBean();
 
 	@Override
@@ -54,17 +56,18 @@ public class ReactiveUserDetailsServiceResourceFactoryBean
 	}
 
 	/**
-	 * Sets the location of a Resource that is a Properties file in the format defined in {@link UserDetailsResourceFactoryBean}.
-	 *
-	 * @param resourceLocation the location of the properties file that contains the users (i.e. "classpath:users.properties")
+	 * Sets the location of a Resource that is a Properties file in the format defined in
+	 * {@link UserDetailsResourceFactoryBean}.
+	 * @param resourceLocation the location of the properties file that contains the users
+	 * (i.e. "classpath:users.properties")
 	 */
 	public void setResourceLocation(String resourceLocation) {
 		this.userDetails.setResourceLocation(resourceLocation);
 	}
 
 	/**
-	 * Sets a Resource that is a Properties file in the format defined in {@link UserDetailsResourceFactoryBean}.
-	 *
+	 * Sets a Resource that is a Properties file in the format defined in
+	 * {@link UserDetailsResourceFactoryBean}.
 	 * @param resource the Resource to use
 	 */
 	public void setResource(Resource resource) {
@@ -72,10 +75,11 @@ public class ReactiveUserDetailsServiceResourceFactoryBean
 	}
 
 	/**
-	 * Create a ReactiveUserDetailsServiceResourceFactoryBean with the location of a Resource that is a Properties file in the
-	 * format defined in {@link UserDetailsResourceFactoryBean}.
-	 *
-	 * @param resourceLocation the location of the properties file that contains the users (i.e. "classpath:users.properties")
+	 * Create a ReactiveUserDetailsServiceResourceFactoryBean with the location of a
+	 * Resource that is a Properties file in the format defined in
+	 * {@link UserDetailsResourceFactoryBean}.
+	 * @param resourceLocation the location of the properties file that contains the users
+	 * (i.e. "classpath:users.properties")
 	 * @return the ReactiveUserDetailsServiceResourceFactoryBean
 	 */
 	public static ReactiveUserDetailsServiceResourceFactoryBean fromResourceLocation(String resourceLocation) {
@@ -85,10 +89,10 @@ public class ReactiveUserDetailsServiceResourceFactoryBean
 	}
 
 	/**
-	 * Create a ReactiveUserDetailsServiceResourceFactoryBean with a Resource that is a Properties file in the
-	 * format defined in {@link UserDetailsResourceFactoryBean}.
-	 *
-	 * @param propertiesResource the Resource that is a properties file that contains the users
+	 * Create a ReactiveUserDetailsServiceResourceFactoryBean with a Resource that is a
+	 * Properties file in the format defined in {@link UserDetailsResourceFactoryBean}.
+	 * @param propertiesResource the Resource that is a properties file that contains the
+	 * users
 	 * @return the ReactiveUserDetailsServiceResourceFactoryBean
 	 */
 	public static ReactiveUserDetailsServiceResourceFactoryBean fromResource(Resource propertiesResource) {
@@ -100,8 +104,8 @@ public class ReactiveUserDetailsServiceResourceFactoryBean
 	/**
 	 * Create a ReactiveUserDetailsServiceResourceFactoryBean with a String that is in the
 	 * format defined in {@link UserDetailsResourceFactoryBean}.
-	 *
-	 * @param users the users in the format defined in {@link UserDetailsResourceFactoryBean}
+	 * @param users the users in the format defined in
+	 * {@link UserDetailsResourceFactoryBean}
 	 * @return the ReactiveUserDetailsServiceResourceFactoryBean
 	 */
 	public static ReactiveUserDetailsServiceResourceFactoryBean fromString(String users) {
@@ -109,4 +113,5 @@ public class ReactiveUserDetailsServiceResourceFactoryBean
 		result.setResource(new InMemoryResource(users));
 		return result;
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/core/userdetails/UserDetailsMapFactoryBean.java b/config/src/main/java/org/springframework/security/config/core/userdetails/UserDetailsMapFactoryBean.java
index f455fd7363..633943f8c8 100644
--- a/config/src/main/java/org/springframework/security/config/core/userdetails/UserDetailsMapFactoryBean.java
+++ b/config/src/main/java/org/springframework/security/config/core/userdetails/UserDetailsMapFactoryBean.java
@@ -34,7 +34,8 @@ import java.util.Map;
  * username=password[,enabled|disabled],roles...
  * </code>
  * <p>
- * The enabled and disabled properties are optional with enabled being the default. For example:
+ * The enabled and disabled properties are optional with enabled being the default. For
+ * example:
  * <p>
  * <code>
  * user=password,ROLE_USER
@@ -46,6 +47,7 @@ import java.util.Map;
  * @since 5.0
  */
 public class UserDetailsMapFactoryBean implements FactoryBean<Collection<UserDetails>> {
+
 	private final Map<String, String> userProperties;
 
 	public UserDetailsMapFactoryBean(Map<String, String> userProperties) {
@@ -64,8 +66,8 @@ public class UserDetailsMapFactoryBean implements FactoryBean<Collection<UserDet
 			editor.setAsText(property);
 			UserAttribute attr = (UserAttribute) editor.getValue();
 			if (attr == null) {
-				throw new IllegalStateException("The entry with username '" + name
-					+ "' and value '" + property + "' could not be converted to a UserDetails.");
+				throw new IllegalStateException("The entry with username '" + name + "' and value '" + property
+						+ "' could not be converted to a UserDetails.");
 			}
 			// @formatter:off
 			UserDetails user = User.withUsername(name)
@@ -75,11 +77,13 @@ public class UserDetailsMapFactoryBean implements FactoryBean<Collection<UserDet
 				.build();
 			users.add(user);
 			// @formatter:on
-		} return users;
+		}
+		return users;
 	}
 
 	@Override
 	public Class<?> getObjectType() {
 		return Collection.class;
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/core/userdetails/UserDetailsResourceFactoryBean.java b/config/src/main/java/org/springframework/security/config/core/userdetails/UserDetailsResourceFactoryBean.java
index 850a72c10b..08b84253dd 100644
--- a/config/src/main/java/org/springframework/security/config/core/userdetails/UserDetailsResourceFactoryBean.java
+++ b/config/src/main/java/org/springframework/security/config/core/userdetails/UserDetailsResourceFactoryBean.java
@@ -37,7 +37,8 @@ import java.util.Properties;
  * username=password[,enabled|disabled],roles...
  * </code>
  *
- * The enabled and disabled properties are optional with enabled being the default. For example:
+ * The enabled and disabled properties are optional with enabled being the default. For
+ * example:
  *
  * <code>
  * user=password,ROLE_USER
@@ -49,6 +50,7 @@ import java.util.Properties;
  * @since 5.0
  */
 public class UserDetailsResourceFactoryBean implements ResourceLoaderAware, FactoryBean<Collection<UserDetails>> {
+
 	private ResourceLoader resourceLoader = new DefaultResourceLoader();
 
 	private String resourceLocation;
@@ -65,7 +67,7 @@ public class UserDetailsResourceFactoryBean implements ResourceLoaderAware, Fact
 	public Collection<UserDetails> getObject() throws Exception {
 		Properties userProperties = new Properties();
 		Resource resource = getPropertiesResource();
-		try(InputStream in = resource.getInputStream()){
+		try (InputStream in = resource.getInputStream()) {
 			userProperties.load(in);
 		}
 		return new UserDetailsMapFactoryBean((Map) userProperties).getObject();
@@ -77,17 +79,18 @@ public class UserDetailsResourceFactoryBean implements ResourceLoaderAware, Fact
 	}
 
 	/**
-	 * Sets the location of a Resource that is a Properties file in the format defined in {@link UserDetailsResourceFactoryBean}.
-	 *
-	 * @param resourceLocation the location of the properties file that contains the users (i.e. "classpath:users.properties")
+	 * Sets the location of a Resource that is a Properties file in the format defined in
+	 * {@link UserDetailsResourceFactoryBean}.
+	 * @param resourceLocation the location of the properties file that contains the users
+	 * (i.e. "classpath:users.properties")
 	 */
 	public void setResourceLocation(String resourceLocation) {
 		this.resourceLocation = resourceLocation;
 	}
 
 	/**
-	 * Sets a Resource that is a Properties file in the format defined in {@link UserDetailsResourceFactoryBean}.
-	 *
+	 * Sets a Resource that is a Properties file in the format defined in
+	 * {@link UserDetailsResourceFactoryBean}.
 	 * @param resource the Resource to use
 	 */
 	public void setResource(Resource resource) {
@@ -104,10 +107,10 @@ public class UserDetailsResourceFactoryBean implements ResourceLoaderAware, Fact
 	}
 
 	/**
-	 * Create a UserDetailsResourceFactoryBean with the location of a Resource that is a Properties file in the
-	 * format defined in {@link UserDetailsResourceFactoryBean}.
-	 *
-	 * @param resourceLocation the location of the properties file that contains the users (i.e. "classpath:users.properties")
+	 * Create a UserDetailsResourceFactoryBean with the location of a Resource that is a
+	 * Properties file in the format defined in {@link UserDetailsResourceFactoryBean}.
+	 * @param resourceLocation the location of the properties file that contains the users
+	 * (i.e. "classpath:users.properties")
 	 * @return the UserDetailsResourceFactoryBean
 	 */
 	public static UserDetailsResourceFactoryBean fromResourceLocation(String resourceLocation) {
@@ -117,10 +120,10 @@ public class UserDetailsResourceFactoryBean implements ResourceLoaderAware, Fact
 	}
 
 	/**
-	 * Create a UserDetailsResourceFactoryBean with a Resource that is a Properties file in the
-	 * format defined in {@link UserDetailsResourceFactoryBean}.
-	 *
-	 * @param propertiesResource the Resource that is a properties file that contains the users
+	 * Create a UserDetailsResourceFactoryBean with a Resource that is a Properties file
+	 * in the format defined in {@link UserDetailsResourceFactoryBean}.
+	 * @param propertiesResource the Resource that is a properties file that contains the
+	 * users
 	 * @return the UserDetailsResourceFactoryBean
 	 */
 	public static UserDetailsResourceFactoryBean fromResource(Resource propertiesResource) {
@@ -131,7 +134,6 @@ public class UserDetailsResourceFactoryBean implements ResourceLoaderAware, Fact
 
 	/**
 	 * Creates a UserDetailsResourceFactoryBean with a resource from the provided String
-	 *
 	 * @param users the string representing the users
 	 * @return the UserDetailsResourceFactoryBean
 	 */
@@ -139,4 +141,5 @@ public class UserDetailsResourceFactoryBean implements ResourceLoaderAware, Fact
 		InMemoryResource resource = new InMemoryResource(users);
 		return fromResource(resource);
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/crypto/RsaKeyConversionServicePostProcessor.java b/config/src/main/java/org/springframework/security/config/crypto/RsaKeyConversionServicePostProcessor.java
index b3cd7df87c..59edfcdd3d 100644
--- a/config/src/main/java/org/springframework/security/config/crypto/RsaKeyConversionServicePostProcessor.java
+++ b/config/src/main/java/org/springframework/security/config/crypto/RsaKeyConversionServicePostProcessor.java
@@ -39,12 +39,14 @@ import org.springframework.util.Assert;
 import org.springframework.util.StringUtils;
 
 /**
- * Adds {@link RsaKeyConverters} to the configured {@link ConversionService} or {@link PropertyEditor}s
+ * Adds {@link RsaKeyConverters} to the configured {@link ConversionService} or
+ * {@link PropertyEditor}s
  *
  * @author Josh Cummings
  * @since 5.2
  */
 public class RsaKeyConversionServicePostProcessor implements BeanFactoryPostProcessor {
+
 	private static final String CONVERSION_SERVICE_BEAN_NAME = "conversionService";
 
 	private ResourceLoader resourceLoader = new DefaultResourceLoader();
@@ -71,7 +73,8 @@ public class RsaKeyConversionServicePostProcessor implements BeanFactoryPostProc
 			ConverterRegistry registry = (ConverterRegistry) service;
 			registry.addConverter(String.class, RSAPrivateKey.class, pkcs8);
 			registry.addConverter(String.class, RSAPublicKey.class, x509);
-		} else {
+		}
+		else {
 			beanFactory.addPropertyEditorRegistrar(registry -> {
 				registry.registerCustomEditor(RSAPublicKey.class, new ConverterPropertyEditorAdapter<>(x509));
 				registry.registerCustomEditor(RSAPrivateKey.class, new ConverterPropertyEditorAdapter<>(pkcs8));
@@ -80,8 +83,8 @@ public class RsaKeyConversionServicePostProcessor implements BeanFactoryPostProc
 	}
 
 	private boolean hasUserDefinedConversionService(ConfigurableListableBeanFactory beanFactory) {
-		return beanFactory.containsBean(CONVERSION_SERVICE_BEAN_NAME) &&
-				beanFactory.isTypeMatch(CONVERSION_SERVICE_BEAN_NAME, ConversionService.class);
+		return beanFactory.containsBean(CONVERSION_SERVICE_BEAN_NAME)
+				&& beanFactory.isTypeMatch(CONVERSION_SERVICE_BEAN_NAME, ConversionService.class);
 	}
 
 	private Converter<String, RSAPrivateKey> pkcs8() {
@@ -97,8 +100,8 @@ public class RsaKeyConversionServicePostProcessor implements BeanFactoryPostProc
 	}
 
 	private Converter<String, InputStream> pemInputStreamConverter() {
-		return source -> source.startsWith("-----") ?
-				toInputStream(source) : toInputStream(this.resourceLoader.getResource(source));
+		return source -> source.startsWith("-----") ? toInputStream(source)
+				: toInputStream(this.resourceLoader.getResource(source));
 	}
 
 	private InputStream toInputStream(String raw) {
@@ -108,7 +111,8 @@ public class RsaKeyConversionServicePostProcessor implements BeanFactoryPostProc
 	private InputStream toInputStream(Resource resource) {
 		try {
 			return resource.getInputStream();
-		} catch (IOException e) {
+		}
+		catch (IOException e) {
 			throw new UncheckedIOException(e);
 		}
 	}
@@ -117,7 +121,8 @@ public class RsaKeyConversionServicePostProcessor implements BeanFactoryPostProc
 		return inputStream -> {
 			try (InputStream is = inputStream) {
 				return inputStreamKeyConverter.convert(is);
-			} catch (IOException e) {
+			}
+			catch (IOException e) {
 				throw new UncheckedIOException(e);
 			}
 		};
@@ -131,6 +136,7 @@ public class RsaKeyConversionServicePostProcessor implements BeanFactoryPostProc
 	}
 
 	private static class ConverterPropertyEditorAdapter<T> extends PropertyEditorSupport {
+
 		private final Converter<String, T> converter;
 
 		ConverterPropertyEditorAdapter(Converter<String, T> converter) {
@@ -146,9 +152,12 @@ public class RsaKeyConversionServicePostProcessor implements BeanFactoryPostProc
 		public void setAsText(String text) throws IllegalArgumentException {
 			if (StringUtils.hasText(text)) {
 				setValue(this.converter.convert(text));
-			} else {
+			}
+			else {
 				setValue(null);
 			}
 		}
+
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/debug/SecurityDebugBeanFactoryPostProcessor.java b/config/src/main/java/org/springframework/security/config/debug/SecurityDebugBeanFactoryPostProcessor.java
index ab365c3f00..e6c62bae48 100644
--- a/config/src/main/java/org/springframework/security/config/debug/SecurityDebugBeanFactoryPostProcessor.java
+++ b/config/src/main/java/org/springframework/security/config/debug/SecurityDebugBeanFactoryPostProcessor.java
@@ -30,14 +30,12 @@ import org.springframework.security.web.debug.DebugFilter;
  * @author Luke Taylor
  * @author Rob Winch
  */
-public class SecurityDebugBeanFactoryPostProcessor implements
-		BeanDefinitionRegistryPostProcessor {
+public class SecurityDebugBeanFactoryPostProcessor implements BeanDefinitionRegistryPostProcessor {
+
 	private final Log logger = LogFactory.getLog(getClass());
 
-	public void postProcessBeanDefinitionRegistry(BeanDefinitionRegistry registry)
-			throws BeansException {
-		logger.warn("\n\n"
-				+ "********************************************************************\n"
+	public void postProcessBeanDefinitionRegistry(BeanDefinitionRegistry registry) throws BeansException {
+		logger.warn("\n\n" + "********************************************************************\n"
 				+ "**********        Security debugging is enabled.       *************\n"
 				+ "**********    This may include sensitive information.  *************\n"
 				+ "**********      Do not use in a production system!     *************\n"
@@ -45,21 +43,18 @@ public class SecurityDebugBeanFactoryPostProcessor implements
 		// SPRING_SECURITY_FILTER_CHAIN does not exist yet since it is an alias that has
 		// not been processed, so use FILTER_CHAIN_PROXY
 		if (registry.containsBeanDefinition(BeanIds.FILTER_CHAIN_PROXY)) {
-			BeanDefinition fcpBeanDef = registry
-					.getBeanDefinition(BeanIds.FILTER_CHAIN_PROXY);
-			BeanDefinitionBuilder debugFilterBldr = BeanDefinitionBuilder
-					.genericBeanDefinition(DebugFilter.class);
+			BeanDefinition fcpBeanDef = registry.getBeanDefinition(BeanIds.FILTER_CHAIN_PROXY);
+			BeanDefinitionBuilder debugFilterBldr = BeanDefinitionBuilder.genericBeanDefinition(DebugFilter.class);
 			debugFilterBldr.addConstructorArgValue(fcpBeanDef);
 			// Remove the alias to SPRING_SECURITY_FILTER_CHAIN, so that it does not
 			// override the new
 			// SPRING_SECURITY_FILTER_CHAIN definition
 			registry.removeAlias(BeanIds.SPRING_SECURITY_FILTER_CHAIN);
-			registry.registerBeanDefinition(BeanIds.SPRING_SECURITY_FILTER_CHAIN,
-					debugFilterBldr.getBeanDefinition());
+			registry.registerBeanDefinition(BeanIds.SPRING_SECURITY_FILTER_CHAIN, debugFilterBldr.getBeanDefinition());
 		}
 	}
 
-	public void postProcessBeanFactory(ConfigurableListableBeanFactory beanFactory)
-			throws BeansException {
+	public void postProcessBeanFactory(ConfigurableListableBeanFactory beanFactory) throws BeansException {
 	}
+
 }
\ No newline at end of file
diff --git a/config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java b/config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java
index 3e82001c40..5dd453fca2 100644
--- a/config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java
+++ b/config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java
@@ -91,15 +91,19 @@ import static org.springframework.security.config.http.SecurityFilters.X509_FILT
  * @since 3.0
  */
 final class AuthenticationConfigBuilder {
+
 	private final Log logger = LogFactory.getLog(getClass());
 
 	private static final String ATT_REALM = "realm";
+
 	private static final String DEF_REALM = "Realm";
 
 	static final String OPEN_ID_AUTHENTICATION_PROCESSING_FILTER_CLASS = "org.springframework.security.openid.OpenIDAuthenticationFilter";
 	static final String OPEN_ID_AUTHENTICATION_PROVIDER_CLASS = "org.springframework.security.openid.OpenIDAuthenticationProvider";
+
 	private static final String OPEN_ID_CONSUMER_CLASS = "org.springframework.security.openid.OpenID4JavaConsumer";
 	static final String OPEN_ID_ATTRIBUTE_CLASS = "org.springframework.security.openid.OpenIDAttribute";
+
 	private static final String OPEN_ID_ATTRIBUTE_FACTORY_CLASS = "org.springframework.security.openid.RegexBasedAxFetchListFactory";
 	static final String AUTHENTICATION_PROCESSING_FILTER_CLASS = "org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter";
 
@@ -108,6 +112,7 @@ final class AuthenticationConfigBuilder {
 	private static final String ATT_AUTO_CONFIG = "auto-config";
 
 	private static final String ATT_ACCESS_DENIED_ERROR_PAGE = "error-page";
+
 	private static final String ATT_ENTRY_POINT_REF = "entry-point-ref";
 
 	private static final String ATT_USER_SERVICE_REF = "user-service-ref";
@@ -115,45 +120,74 @@ final class AuthenticationConfigBuilder {
 	private static final String ATT_KEY = "key";
 
 	private final Element httpElt;
+
 	private final ParserContext pc;
 
 	private final boolean autoConfig;
+
 	private final boolean allowSessionCreation;
 
 	private RootBeanDefinition anonymousFilter;
+
 	private BeanReference anonymousProviderRef;
+
 	private BeanDefinition rememberMeFilter;
+
 	private String rememberMeServicesId;
+
 	private BeanReference rememberMeProviderRef;
+
 	private BeanDefinition basicFilter;
+
 	private RuntimeBeanReference basicEntryPoint;
+
 	private BeanDefinition formEntryPoint;
+
 	private BeanDefinition openIDEntryPoint;
+
 	private BeanReference openIDProviderRef;
+
 	private String formFilterId = null;
+
 	private String openIDFilterId = null;
+
 	private BeanDefinition x509Filter;
+
 	private BeanReference x509ProviderRef;
+
 	private BeanDefinition jeeFilter;
+
 	private BeanReference jeeProviderRef;
+
 	private RootBeanDefinition preAuthEntryPoint;
+
 	private BeanMetadataElement mainEntryPoint;
+
 	private BeanMetadataElement accessDeniedHandler;
 
 	private BeanDefinition bearerTokenAuthenticationFilter;
 
 	private BeanDefinition logoutFilter;
+
 	@SuppressWarnings("rawtypes")
 	private ManagedList logoutHandlers;
+
 	private BeanDefinition loginPageGenerationFilter;
+
 	private BeanDefinition logoutPageGenerationFilter;
+
 	private BeanDefinition etf;
+
 	private final BeanReference requestCache;
+
 	private final BeanReference portMapper;
+
 	private final BeanReference portResolver;
+
 	private final BeanMetadataElement csrfLogoutHandler;
 
 	private String loginProcessingUrl;
+
 	private String openidLoginProcessingUrl;
 
 	private String formLoginPage;
@@ -161,34 +195,45 @@ final class AuthenticationConfigBuilder {
 	private String openIDLoginPage;
 
 	private boolean oauth2LoginEnabled;
+
 	private boolean defaultAuthorizedClientRepositoryRegistered;
+
 	private String oauth2LoginFilterId;
+
 	private BeanDefinition oauth2AuthorizationRequestRedirectFilter;
+
 	private BeanDefinition oauth2LoginEntryPoint;
+
 	private BeanReference oauth2LoginAuthenticationProviderRef;
+
 	private BeanReference oauth2LoginOidcAuthenticationProviderRef;
+
 	private BeanDefinition oauth2LoginLinks;
 
 	private boolean oauth2ClientEnabled;
+
 	private BeanDefinition authorizationRequestRedirectFilter;
+
 	private BeanDefinition authorizationCodeGrantFilter;
+
 	private BeanReference authorizationCodeAuthenticationProviderRef;
 
 	private final List<BeanReference> authenticationProviders = new ManagedList<>();
+
 	private final Map<BeanDefinition, BeanMetadataElement> defaultDeniedHandlerMappings = new ManagedMap<>();
+
 	private final Map<BeanDefinition, BeanMetadataElement> defaultEntryPointMappings = new ManagedMap<>();
+
 	private final List<BeanDefinition> csrfIgnoreRequestMatchers = new ManagedList<>();
 
-	AuthenticationConfigBuilder(Element element, boolean forceAutoConfig,
-			ParserContext pc, SessionCreationPolicy sessionPolicy,
-			BeanReference requestCache, BeanReference authenticationManager,
-			BeanReference sessionStrategy, BeanReference portMapper,
-			BeanReference portResolver, BeanMetadataElement csrfLogoutHandler) {
+	AuthenticationConfigBuilder(Element element, boolean forceAutoConfig, ParserContext pc,
+			SessionCreationPolicy sessionPolicy, BeanReference requestCache, BeanReference authenticationManager,
+			BeanReference sessionStrategy, BeanReference portMapper, BeanReference portResolver,
+			BeanMetadataElement csrfLogoutHandler) {
 		this.httpElt = element;
 		this.pc = pc;
 		this.requestCache = requestCache;
-		autoConfig = forceAutoConfig
-				| "true".equals(element.getAttribute(ATT_AUTO_CONFIG));
+		autoConfig = forceAutoConfig | "true".equals(element.getAttribute(ATT_AUTO_CONFIG));
 		this.allowSessionCreation = sessionPolicy != SessionCreationPolicy.NEVER
 				&& sessionPolicy != SessionCreationPolicy.STATELESS;
 		this.portMapper = portMapper;
@@ -214,8 +259,7 @@ final class AuthenticationConfigBuilder {
 
 		// Parse remember me before logout as RememberMeServices is also a LogoutHandler
 		// implementation.
-		Element rememberMeElt = DomUtils.getChildElementByTagName(httpElt,
-				Elements.REMEMBER_ME);
+		Element rememberMeElt = DomUtils.getChildElementByTagName(httpElt, Elements.REMEMBER_ME);
 
 		if (rememberMeElt != null) {
 			String key = rememberMeElt.getAttribute(ATT_KEY);
@@ -224,8 +268,8 @@ final class AuthenticationConfigBuilder {
 				key = createKey();
 			}
 
-			RememberMeBeanDefinitionParser rememberMeParser = new RememberMeBeanDefinitionParser(
-					key, authenticationManager);
+			RememberMeBeanDefinitionParser rememberMeParser = new RememberMeBeanDefinitionParser(key,
+					authenticationManager);
 			rememberMeFilter = rememberMeParser.parse(rememberMeElt, pc);
 			rememberMeServicesId = rememberMeParser.getRememberMeServicesId();
 			createRememberMeProvider(key);
@@ -233,8 +277,7 @@ final class AuthenticationConfigBuilder {
 	}
 
 	private void createRememberMeProvider(String key) {
-		RootBeanDefinition provider = new RootBeanDefinition(
-				RememberMeAuthenticationProvider.class);
+		RootBeanDefinition provider = new RootBeanDefinition(RememberMeAuthenticationProvider.class);
 		provider.setSource(rememberMeFilter.getSource());
 
 		provider.getConstructorArgumentValues().addGenericArgumentValue(key);
@@ -247,15 +290,13 @@ final class AuthenticationConfigBuilder {
 
 	void createFormLoginFilter(BeanReference sessionStrategy, BeanReference authManager) {
 
-		Element formLoginElt = DomUtils.getChildElementByTagName(httpElt,
-				Elements.FORM_LOGIN);
+		Element formLoginElt = DomUtils.getChildElementByTagName(httpElt, Elements.FORM_LOGIN);
 		RootBeanDefinition formFilter = null;
 
 		if (formLoginElt != null || autoConfig) {
-			FormLoginBeanDefinitionParser parser = new FormLoginBeanDefinitionParser(
-					"/login", "POST", AUTHENTICATION_PROCESSING_FILTER_CLASS,
-					requestCache, sessionStrategy, allowSessionCreation, portMapper,
-					portResolver);
+			FormLoginBeanDefinitionParser parser = new FormLoginBeanDefinitionParser("/login", "POST",
+					AUTHENTICATION_PROCESSING_FILTER_CLASS, requestCache, sessionStrategy, allowSessionCreation,
+					portMapper, portResolver);
 
 			parser.parse(formLoginElt, pc);
 			formFilter = parser.getFilterBean();
@@ -265,10 +306,8 @@ final class AuthenticationConfigBuilder {
 		}
 
 		if (formFilter != null) {
-			formFilter.getPropertyValues().addPropertyValue("allowSessionCreation",
-					allowSessionCreation);
-			formFilter.getPropertyValues().addPropertyValue("authenticationManager",
-					authManager);
+			formFilter.getPropertyValues().addPropertyValue("allowSessionCreation", allowSessionCreation);
+			formFilter.getPropertyValues().addPropertyValue("authenticationManager", authManager);
 
 			// Id is required by login page filter
 			formFilterId = pc.getReaderContext().generateBeanName(formFilter);
@@ -306,8 +345,7 @@ final class AuthenticationConfigBuilder {
 		oauth2LoginEntryPoint = parser.getOAuth2LoginAuthenticationEntryPoint();
 
 		// generate bean name to be registered
-		String oauth2LoginAuthProviderId = pc.getReaderContext()
-				.generateBeanName(oauth2LoginAuthProvider);
+		String oauth2LoginAuthProviderId = pc.getReaderContext().generateBeanName(oauth2LoginAuthProvider);
 		oauth2LoginFilterId = pc.getReaderContext().generateBeanName(oauth2LoginFilterBean);
 		String oauth2AuthorizationRequestRedirectFilterId = pc.getReaderContext()
 				.generateBeanName(oauth2AuthorizationRequestRedirectFilter);
@@ -315,8 +353,8 @@ final class AuthenticationConfigBuilder {
 
 		// register the component
 		pc.registerBeanComponent(new BeanComponentDefinition(oauth2LoginFilterBean, oauth2LoginFilterId));
-		pc.registerBeanComponent(new BeanComponentDefinition(
-				oauth2AuthorizationRequestRedirectFilter, oauth2AuthorizationRequestRedirectFilterId));
+		pc.registerBeanComponent(new BeanComponentDefinition(oauth2AuthorizationRequestRedirectFilter,
+				oauth2AuthorizationRequestRedirectFilterId));
 		pc.registerBeanComponent(new BeanComponentDefinition(oauth2LoginAuthProvider, oauth2LoginAuthProviderId));
 
 		oauth2LoginAuthenticationProviderRef = new RuntimeBeanReference(oauth2LoginAuthProviderId);
@@ -324,8 +362,8 @@ final class AuthenticationConfigBuilder {
 		// oidc provider
 		BeanDefinition oauth2LoginOidcAuthProvider = parser.getOAuth2LoginOidcAuthenticationProvider();
 		String oauth2LoginOidcAuthProviderId = pc.getReaderContext().generateBeanName(oauth2LoginOidcAuthProvider);
-		pc.registerBeanComponent(new BeanComponentDefinition(
-				oauth2LoginOidcAuthProvider, oauth2LoginOidcAuthProviderId));
+		pc.registerBeanComponent(
+				new BeanComponentDefinition(oauth2LoginOidcAuthProvider, oauth2LoginOidcAuthProviderId));
 		oauth2LoginOidcAuthenticationProviderRef = new RuntimeBeanReference(oauth2LoginOidcAuthProviderId);
 	}
 
@@ -336,8 +374,8 @@ final class AuthenticationConfigBuilder {
 		}
 		this.oauth2ClientEnabled = true;
 
-		OAuth2ClientBeanDefinitionParser parser = new OAuth2ClientBeanDefinitionParser(
-				requestCache, authenticationManager);
+		OAuth2ClientBeanDefinitionParser parser = new OAuth2ClientBeanDefinitionParser(requestCache,
+				authenticationManager);
 		parser.parse(oauth2ClientElt, this.pc);
 
 		BeanDefinition defaultAuthorizedClientRepository = parser.getDefaultAuthorizedClientRepository();
@@ -346,29 +384,30 @@ final class AuthenticationConfigBuilder {
 		this.authorizationRequestRedirectFilter = parser.getAuthorizationRequestRedirectFilter();
 		String authorizationRequestRedirectFilterId = pc.getReaderContext()
 				.generateBeanName(this.authorizationRequestRedirectFilter);
-		this.pc.registerBeanComponent(new BeanComponentDefinition(
-				this.authorizationRequestRedirectFilter, authorizationRequestRedirectFilterId));
+		this.pc.registerBeanComponent(new BeanComponentDefinition(this.authorizationRequestRedirectFilter,
+				authorizationRequestRedirectFilterId));
 
 		this.authorizationCodeGrantFilter = parser.getAuthorizationCodeGrantFilter();
 		String authorizationCodeGrantFilterId = pc.getReaderContext()
 				.generateBeanName(this.authorizationCodeGrantFilter);
-		this.pc.registerBeanComponent(new BeanComponentDefinition(
-				this.authorizationCodeGrantFilter, authorizationCodeGrantFilterId));
+		this.pc.registerBeanComponent(
+				new BeanComponentDefinition(this.authorizationCodeGrantFilter, authorizationCodeGrantFilterId));
 
 		BeanDefinition authorizationCodeAuthenticationProvider = parser.getAuthorizationCodeAuthenticationProvider();
 		String authorizationCodeAuthenticationProviderId = pc.getReaderContext()
 				.generateBeanName(authorizationCodeAuthenticationProvider);
-		this.pc.registerBeanComponent(new BeanComponentDefinition(
-				authorizationCodeAuthenticationProvider, authorizationCodeAuthenticationProviderId));
-		this.authorizationCodeAuthenticationProviderRef = new RuntimeBeanReference(authorizationCodeAuthenticationProviderId);
+		this.pc.registerBeanComponent(new BeanComponentDefinition(authorizationCodeAuthenticationProvider,
+				authorizationCodeAuthenticationProviderId));
+		this.authorizationCodeAuthenticationProviderRef = new RuntimeBeanReference(
+				authorizationCodeAuthenticationProviderId);
 	}
 
 	void registerDefaultAuthorizedClientRepositoryIfNecessary(BeanDefinition defaultAuthorizedClientRepository) {
 		if (!this.defaultAuthorizedClientRepositoryRegistered && defaultAuthorizedClientRepository != null) {
 			String authorizedClientRepositoryId = pc.getReaderContext()
 					.generateBeanName(defaultAuthorizedClientRepository);
-			this.pc.registerBeanComponent(new BeanComponentDefinition(
-					defaultAuthorizedClientRepository, authorizedClientRepositoryId));
+			this.pc.registerBeanComponent(
+					new BeanComponentDefinition(defaultAuthorizedClientRepository, authorizedClientRepositoryId));
 			this.defaultAuthorizedClientRepositoryRegistered = true;
 		}
 	}
@@ -378,16 +417,16 @@ final class AuthenticationConfigBuilder {
 			return;
 		}
 
-		boolean webmvcPresent = ClassUtils.isPresent("org.springframework.web.servlet.DispatcherServlet", getClass().getClassLoader());
+		boolean webmvcPresent = ClassUtils.isPresent("org.springframework.web.servlet.DispatcherServlet",
+				getClass().getClassLoader());
 		if (webmvcPresent) {
-			this.pc.getReaderContext().registerWithGeneratedName(
-					new RootBeanDefinition(OAuth2ClientWebMvcSecurityPostProcessor.class));
+			this.pc.getReaderContext()
+					.registerWithGeneratedName(new RootBeanDefinition(OAuth2ClientWebMvcSecurityPostProcessor.class));
 		}
 	}
 
 	void createOpenIDLoginFilter(BeanReference sessionStrategy, BeanReference authManager) {
-		Element openIDLoginElt = DomUtils.getChildElementByTagName(httpElt,
-				Elements.OPENID_LOGIN);
+		Element openIDLoginElt = DomUtils.getChildElementByTagName(httpElt, Elements.OPENID_LOGIN);
 		RootBeanDefinition openIDFilter = null;
 
 		if (openIDLoginElt != null) {
@@ -395,14 +434,11 @@ final class AuthenticationConfigBuilder {
 		}
 
 		if (openIDFilter != null) {
-			openIDFilter.getPropertyValues().addPropertyValue("allowSessionCreation",
-					allowSessionCreation);
-			openIDFilter.getPropertyValues().addPropertyValue("authenticationManager",
-					authManager);
+			openIDFilter.getPropertyValues().addPropertyValue("allowSessionCreation", allowSessionCreation);
+			openIDFilter.getPropertyValues().addPropertyValue("authenticationManager", authManager);
 			// Required by login page filter
 			openIDFilterId = pc.getReaderContext().generateBeanName(openIDFilter);
-			pc.registerBeanComponent(new BeanComponentDefinition(openIDFilter,
-					openIDFilterId));
+			pc.registerBeanComponent(new BeanComponentDefinition(openIDFilter, openIDFilterId));
 			injectRememberMeServicesRef(openIDFilter, rememberMeServicesId);
 
 			createOpenIDProvider();
@@ -412,18 +448,18 @@ final class AuthenticationConfigBuilder {
 	/**
 	 * Parses OpenID 1.0 and 2.0 - related parts of configuration xmls
 	 * @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are
-	 * <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to migrate</a>
-	 * to <a href="https://openid.net/connect/">OpenID Connect</a>, which is supported by <code>spring-security-oauth2</code>.
+	 * <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to
+	 * migrate</a> to <a href="https://openid.net/connect/">OpenID Connect</a>, which is
+	 * supported by <code>spring-security-oauth2</code>.
 	 * @param sessionStrategy sessionStrategy
 	 * @param openIDLoginElt the element from the xml file
 	 * @return the parsed filter as rootBeanDefinition
 	 */
-	private RootBeanDefinition parseOpenIDFilter( BeanReference sessionStrategy, Element openIDLoginElt ) {
+	private RootBeanDefinition parseOpenIDFilter(BeanReference sessionStrategy, Element openIDLoginElt) {
 		RootBeanDefinition openIDFilter;
-		FormLoginBeanDefinitionParser parser = new FormLoginBeanDefinitionParser(
-				"/login/openid", null,
-				OPEN_ID_AUTHENTICATION_PROCESSING_FILTER_CLASS, requestCache,
-				sessionStrategy, allowSessionCreation, portMapper, portResolver);
+		FormLoginBeanDefinitionParser parser = new FormLoginBeanDefinitionParser("/login/openid", null,
+				OPEN_ID_AUTHENTICATION_PROCESSING_FILTER_CLASS, requestCache, sessionStrategy, allowSessionCreation,
+				portMapper, portResolver);
 
 		parser.parse(openIDLoginElt, pc);
 		openIDFilter = parser.getFilterBean();
@@ -436,10 +472,8 @@ final class AuthenticationConfigBuilder {
 
 		if (!attrExElts.isEmpty()) {
 			// Set up the consumer with the required attribute list
-			BeanDefinitionBuilder consumerBldr = BeanDefinitionBuilder
-					.rootBeanDefinition(OPEN_ID_CONSUMER_CLASS);
-			BeanDefinitionBuilder axFactory = BeanDefinitionBuilder
-					.rootBeanDefinition(OPEN_ID_ATTRIBUTE_FACTORY_CLASS);
+			BeanDefinitionBuilder consumerBldr = BeanDefinitionBuilder.rootBeanDefinition(OPEN_ID_CONSUMER_CLASS);
+			BeanDefinitionBuilder axFactory = BeanDefinitionBuilder.rootBeanDefinition(OPEN_ID_ATTRIBUTE_FACTORY_CLASS);
 			ManagedMap<String, ManagedList<BeanDefinition>> axMap = new ManagedMap<>();
 
 			for (Element attrExElt : attrExElts) {
@@ -447,11 +481,8 @@ final class AuthenticationConfigBuilder {
 
 				if (!StringUtils.hasText(identifierMatch)) {
 					if (attrExElts.size() > 1) {
-						pc.getReaderContext().error(
-								"You must supply an identifier-match attribute if using more"
-										+ " than one "
-										+ Elements.OPENID_ATTRIBUTE_EXCHANGE
-										+ " element", attrExElt);
+						pc.getReaderContext().error("You must supply an identifier-match attribute if using more"
+								+ " than one " + Elements.OPENID_ATTRIBUTE_EXCHANGE + " element", attrExElt);
 					}
 					// Match anything
 					identifierMatch = ".*";
@@ -462,22 +493,19 @@ final class AuthenticationConfigBuilder {
 			axFactory.addConstructorArgValue(axMap);
 
 			consumerBldr.addConstructorArgValue(axFactory.getBeanDefinition());
-			openIDFilter.getPropertyValues().addPropertyValue("consumer",
-					consumerBldr.getBeanDefinition());
+			openIDFilter.getPropertyValues().addPropertyValue("consumer", consumerBldr.getBeanDefinition());
 		}
 		return openIDFilter;
 	}
 
 	private ManagedList<BeanDefinition> parseOpenIDAttributes(Element attrExElt) {
 		ManagedList<BeanDefinition> attributes = new ManagedList<>();
-		for (Element attElt : DomUtils.getChildElementsByTagName(attrExElt,
-				Elements.OPENID_ATTRIBUTE)) {
+		for (Element attElt : DomUtils.getChildElementsByTagName(attrExElt, Elements.OPENID_ATTRIBUTE)) {
 			String name = attElt.getAttribute("name");
 			String type = attElt.getAttribute("type");
 			String required = attElt.getAttribute("required");
 			String count = attElt.getAttribute("count");
-			BeanDefinitionBuilder attrBldr = BeanDefinitionBuilder
-					.rootBeanDefinition(OPEN_ID_ATTRIBUTE_CLASS);
+			BeanDefinitionBuilder attrBldr = BeanDefinitionBuilder.rootBeanDefinition(OPEN_ID_ATTRIBUTE_CLASS);
 			attrBldr.addConstructorArgValue(name);
 			attrBldr.addConstructorArgValue(type);
 			if (StringUtils.hasLength(required)) {
@@ -494,26 +522,22 @@ final class AuthenticationConfigBuilder {
 	}
 
 	private void createOpenIDProvider() {
-		Element openIDLoginElt = DomUtils.getChildElementByTagName(httpElt,
-				Elements.OPENID_LOGIN);
+		Element openIDLoginElt = DomUtils.getChildElementByTagName(httpElt, Elements.OPENID_LOGIN);
 		BeanDefinitionBuilder openIDProviderBuilder = BeanDefinitionBuilder
 				.rootBeanDefinition(OPEN_ID_AUTHENTICATION_PROVIDER_CLASS);
 
 		RootBeanDefinition uds = new RootBeanDefinition();
 		uds.setFactoryBeanName(BeanIds.USER_DETAILS_SERVICE_FACTORY);
 		uds.setFactoryMethodName("authenticationUserDetailsService");
-		uds.getConstructorArgumentValues().addGenericArgumentValue(
-				openIDLoginElt.getAttribute(ATT_USER_SERVICE_REF));
+		uds.getConstructorArgumentValues().addGenericArgumentValue(openIDLoginElt.getAttribute(ATT_USER_SERVICE_REF));
 
 		openIDProviderBuilder.addPropertyValue("authenticationUserDetailsService", uds);
 
 		BeanDefinition openIDProvider = openIDProviderBuilder.getBeanDefinition();
-		openIDProviderRef = new RuntimeBeanReference(pc.getReaderContext()
-				.registerWithGeneratedName(openIDProvider));
+		openIDProviderRef = new RuntimeBeanReference(pc.getReaderContext().registerWithGeneratedName(openIDProvider));
 	}
 
-	private void injectRememberMeServicesRef(RootBeanDefinition bean,
-			String rememberMeServicesId) {
+	private void injectRememberMeServicesRef(RootBeanDefinition bean, String rememberMeServicesId) {
 		if (rememberMeServicesId != null) {
 			bean.getPropertyValues().addPropertyValue("rememberMeServices",
 					new RuntimeBeanReference(rememberMeServicesId));
@@ -521,8 +545,7 @@ final class AuthenticationConfigBuilder {
 	}
 
 	void createBasicFilter(BeanReference authManager) {
-		Element basicAuthElt = DomUtils.getChildElementByTagName(httpElt,
-				Elements.BASIC_AUTH);
+		Element basicAuthElt = DomUtils.getChildElementByTagName(httpElt, Elements.BASIC_AUTH);
 
 		if (basicAuthElt == null && !autoConfig) {
 			// No basic auth, do nothing
@@ -534,15 +557,13 @@ final class AuthenticationConfigBuilder {
 			realm = DEF_REALM;
 		}
 
-		BeanDefinitionBuilder filterBuilder = BeanDefinitionBuilder
-				.rootBeanDefinition(BasicAuthenticationFilter.class);
+		BeanDefinitionBuilder filterBuilder = BeanDefinitionBuilder.rootBeanDefinition(BasicAuthenticationFilter.class);
 
 		String entryPointId;
 
 		if (basicAuthElt != null) {
 			if (StringUtils.hasText(basicAuthElt.getAttribute(ATT_ENTRY_POINT_REF))) {
-				basicEntryPoint = new RuntimeBeanReference(
-						basicAuthElt.getAttribute(ATT_ENTRY_POINT_REF));
+				basicEntryPoint = new RuntimeBeanReference(basicAuthElt.getAttribute(ATT_ENTRY_POINT_REF));
 			}
 
 			injectAuthenticationDetailsSource(basicAuthElt, filterBuilder);
@@ -550,8 +571,7 @@ final class AuthenticationConfigBuilder {
 		}
 
 		if (basicEntryPoint == null) {
-			RootBeanDefinition entryPoint = new RootBeanDefinition(
-					BasicAuthenticationEntryPoint.class);
+			RootBeanDefinition entryPoint = new RootBeanDefinition(BasicAuthenticationEntryPoint.class);
 			entryPoint.setSource(pc.extractSource(httpElt));
 			entryPoint.getPropertyValues().addPropertyValue("realmName", realm);
 			entryPointId = pc.getReaderContext().generateBeanName(entryPoint);
@@ -565,17 +585,16 @@ final class AuthenticationConfigBuilder {
 	}
 
 	void createBearerTokenAuthenticationFilter(BeanReference authManager) {
-		Element resourceServerElt = DomUtils.getChildElementByTagName(httpElt,
-				Elements.OAUTH2_RESOURCE_SERVER);
+		Element resourceServerElt = DomUtils.getChildElementByTagName(httpElt, Elements.OAUTH2_RESOURCE_SERVER);
 
 		if (resourceServerElt == null) {
 			// No resource server, do nothing
 			return;
 		}
 
-		OAuth2ResourceServerBeanDefinitionParser resourceServerBuilder =
-				new OAuth2ResourceServerBeanDefinitionParser(authManager, authenticationProviders,
-						defaultEntryPointMappings, defaultDeniedHandlerMappings, csrfIgnoreRequestMatchers);
+		OAuth2ResourceServerBeanDefinitionParser resourceServerBuilder = new OAuth2ResourceServerBeanDefinitionParser(
+				authManager, authenticationProviders, defaultEntryPointMappings, defaultDeniedHandlerMappings,
+				csrfIgnoreRequestMatchers);
 		bearerTokenAuthenticationFilter = resourceServerBuilder.parse(resourceServerElt, pc);
 	}
 
@@ -596,8 +615,7 @@ final class AuthenticationConfigBuilder {
 						.rootBeanDefinition(SubjectDnX509PrincipalExtractor.class);
 				extractor.addPropertyValue("subjectDnRegex", regex);
 
-				filterBuilder.addPropertyValue("principalExtractor",
-						extractor.getBeanDefinition());
+				filterBuilder.addPropertyValue("principalExtractor", extractor.getBeanDefinition());
 			}
 
 			injectAuthenticationDetailsSource(x509Elt, filterBuilder);
@@ -611,33 +629,26 @@ final class AuthenticationConfigBuilder {
 		x509Filter = filter;
 	}
 
-	private void injectAuthenticationDetailsSource(Element elt,
-			BeanDefinitionBuilder filterBuilder) {
-		String authDetailsSourceRef = elt
-				.getAttribute(AuthenticationConfigBuilder.ATT_AUTH_DETAILS_SOURCE_REF);
+	private void injectAuthenticationDetailsSource(Element elt, BeanDefinitionBuilder filterBuilder) {
+		String authDetailsSourceRef = elt.getAttribute(AuthenticationConfigBuilder.ATT_AUTH_DETAILS_SOURCE_REF);
 
 		if (StringUtils.hasText(authDetailsSourceRef)) {
-			filterBuilder.addPropertyReference("authenticationDetailsSource",
-					authDetailsSourceRef);
+			filterBuilder.addPropertyReference("authenticationDetailsSource", authDetailsSourceRef);
 		}
 	}
 
 	private void createX509Provider() {
 		Element x509Elt = DomUtils.getChildElementByTagName(httpElt, Elements.X509);
-		BeanDefinition provider = new RootBeanDefinition(
-				PreAuthenticatedAuthenticationProvider.class);
+		BeanDefinition provider = new RootBeanDefinition(PreAuthenticatedAuthenticationProvider.class);
 
 		RootBeanDefinition uds = new RootBeanDefinition();
 		uds.setFactoryBeanName(BeanIds.USER_DETAILS_SERVICE_FACTORY);
 		uds.setFactoryMethodName("authenticationUserDetailsService");
-		uds.getConstructorArgumentValues().addGenericArgumentValue(
-				x509Elt.getAttribute(ATT_USER_SERVICE_REF));
+		uds.getConstructorArgumentValues().addGenericArgumentValue(x509Elt.getAttribute(ATT_USER_SERVICE_REF));
 
-		provider.getPropertyValues().addPropertyValue(
-				"preAuthenticatedUserDetailsService", uds);
+		provider.getPropertyValues().addPropertyValue("preAuthenticatedUserDetailsService", uds);
 
-		x509ProviderRef = new RuntimeBeanReference(pc.getReaderContext()
-				.registerWithGeneratedName(provider));
+		x509ProviderRef = new RuntimeBeanReference(pc.getReaderContext().registerWithGeneratedName(provider));
 	}
 
 	private void createPrauthEntryPoint(Element source) {
@@ -662,23 +673,19 @@ final class AuthenticationConfigBuilder {
 			BeanDefinitionBuilder adsBldr = BeanDefinitionBuilder
 					.rootBeanDefinition(J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource.class);
 			adsBldr.addPropertyValue("userRoles2GrantedAuthoritiesMapper",
-					new RootBeanDefinition(
-							SimpleAttributes2GrantedAuthoritiesMapper.class));
+					new RootBeanDefinition(SimpleAttributes2GrantedAuthoritiesMapper.class));
 
 			String roles = jeeElt.getAttribute(ATT_MAPPABLE_ROLES);
 			Assert.hasLength(roles, "roles is expected to have length");
-			BeanDefinitionBuilder rolesBuilder = BeanDefinitionBuilder
-					.rootBeanDefinition(StringUtils.class);
+			BeanDefinitionBuilder rolesBuilder = BeanDefinitionBuilder.rootBeanDefinition(StringUtils.class);
 			rolesBuilder.addConstructorArgValue(roles);
 			rolesBuilder.setFactoryMethod("commaDelimitedListToSet");
 
-			RootBeanDefinition mappableRolesRetriever = new RootBeanDefinition(
-					SimpleMappableAttributesRetriever.class);
-			mappableRolesRetriever.getPropertyValues().addPropertyValue(
-					"mappableAttributes", rolesBuilder.getBeanDefinition());
+			RootBeanDefinition mappableRolesRetriever = new RootBeanDefinition(SimpleMappableAttributesRetriever.class);
+			mappableRolesRetriever.getPropertyValues().addPropertyValue("mappableAttributes",
+					rolesBuilder.getBeanDefinition());
 			adsBldr.addPropertyValue("mappableRolesRetriever", mappableRolesRetriever);
-			filterBuilder.addPropertyValue("authenticationDetailsSource",
-					adsBldr.getBeanDefinition());
+			filterBuilder.addPropertyValue("authenticationDetailsSource", adsBldr.getBeanDefinition());
 
 			filter = (RootBeanDefinition) filterBuilder.getBeanDefinition();
 
@@ -691,27 +698,22 @@ final class AuthenticationConfigBuilder {
 
 	private void createJeeProvider() {
 		Element jeeElt = DomUtils.getChildElementByTagName(httpElt, Elements.JEE);
-		BeanDefinition provider = new RootBeanDefinition(
-				PreAuthenticatedAuthenticationProvider.class);
+		BeanDefinition provider = new RootBeanDefinition(PreAuthenticatedAuthenticationProvider.class);
 
 		RootBeanDefinition uds;
 		if (StringUtils.hasText(jeeElt.getAttribute(ATT_USER_SERVICE_REF))) {
 			uds = new RootBeanDefinition();
 			uds.setFactoryBeanName(BeanIds.USER_DETAILS_SERVICE_FACTORY);
 			uds.setFactoryMethodName("authenticationUserDetailsService");
-			uds.getConstructorArgumentValues().addGenericArgumentValue(
-					jeeElt.getAttribute(ATT_USER_SERVICE_REF));
+			uds.getConstructorArgumentValues().addGenericArgumentValue(jeeElt.getAttribute(ATT_USER_SERVICE_REF));
 		}
 		else {
-			uds = new RootBeanDefinition(
-					PreAuthenticatedGrantedAuthoritiesUserDetailsService.class);
+			uds = new RootBeanDefinition(PreAuthenticatedGrantedAuthoritiesUserDetailsService.class);
 		}
 
-		provider.getPropertyValues().addPropertyValue(
-				"preAuthenticatedUserDetailsService", uds);
+		provider.getPropertyValues().addPropertyValue("preAuthenticatedUserDetailsService", uds);
 
-		jeeProviderRef = new RuntimeBeanReference(pc.getReaderContext()
-				.registerWithGeneratedName(provider));
+		jeeProviderRef = new RuntimeBeanReference(pc.getReaderContext().registerWithGeneratedName(provider));
 	}
 
 	void createLoginPageFilterIfNeeded() {
@@ -720,8 +722,7 @@ final class AuthenticationConfigBuilder {
 		// If no login page has been defined, add in the default page generator.
 		if (needLoginPage && formLoginPage == null && openIDLoginPage == null) {
 			logger.info("No login page configured. The default internal one will be used. Use the '"
-					+ FormLoginBeanDefinitionParser.ATT_LOGIN_PAGE
-					+ "' attribute to set the URL of the login page.");
+					+ FormLoginBeanDefinitionParser.ATT_LOGIN_PAGE + "' attribute to set the URL of the login page.");
 			BeanDefinitionBuilder loginPageFilter = BeanDefinitionBuilder
 					.rootBeanDefinition(DefaultLoginPageGeneratingFilter.class);
 			loginPageFilter.addPropertyValue("resolveHiddenInputs", new CsrfTokenHiddenInputFunction());
@@ -737,8 +738,7 @@ final class AuthenticationConfigBuilder {
 
 			if (openIDFilterId != null) {
 				loginPageFilter.addConstructorArgReference(openIDFilterId);
-				loginPageFilter.addPropertyValue("openIDauthenticationUrl",
-						openidLoginProcessingUrl);
+				loginPageFilter.addPropertyValue("openIDauthenticationUrl", openidLoginProcessingUrl);
 			}
 
 			if (oauth2LoginFilterId != null) {
@@ -759,8 +759,8 @@ final class AuthenticationConfigBuilder {
 			if (formLoginPage == null) {
 				formLoginPage = DefaultLoginPageGeneratingFilter.DEFAULT_LOGIN_PAGE_URL;
 			}
-			LogoutBeanDefinitionParser logoutParser = new LogoutBeanDefinitionParser(
-					formLoginPage, rememberMeServicesId, csrfLogoutHandler);
+			LogoutBeanDefinitionParser logoutParser = new LogoutBeanDefinitionParser(formLoginPage,
+					rememberMeServicesId, csrfLogoutHandler);
 			logoutFilter = logoutParser.parse(logoutElt, pc);
 			logoutHandlers = logoutParser.getLogoutHandlers();
 		}
@@ -774,8 +774,7 @@ final class AuthenticationConfigBuilder {
 				logoutHandlers.add(csrfLogoutHandler);
 			}
 			logoutHandlers.add(new RuntimeBeanReference(rememberMeServicesId));
-			logoutHandlers
-					.add(new RootBeanDefinition(SecurityContextLogoutHandler.class));
+			logoutHandlers.add(new RootBeanDefinition(SecurityContextLogoutHandler.class));
 		}
 
 		return logoutHandlers;
@@ -794,8 +793,7 @@ final class AuthenticationConfigBuilder {
 	}
 
 	void createAnonymousFilter() {
-		Element anonymousElt = DomUtils.getChildElementByTagName(httpElt,
-				Elements.ANONYMOUS);
+		Element anonymousElt = DomUtils.getChildElementByTagName(httpElt, Elements.ANONYMOUS);
 
 		if (anonymousElt != null && "false".equals(anonymousElt.getAttribute("enabled"))) {
 			return;
@@ -828,16 +826,13 @@ final class AuthenticationConfigBuilder {
 
 		anonymousFilter = new RootBeanDefinition(AnonymousAuthenticationFilter.class);
 		anonymousFilter.getConstructorArgumentValues().addIndexedArgumentValue(0, key);
-		anonymousFilter.getConstructorArgumentValues().addIndexedArgumentValue(1,
-				username);
+		anonymousFilter.getConstructorArgumentValues().addIndexedArgumentValue(1, username);
 		anonymousFilter.getConstructorArgumentValues().addIndexedArgumentValue(2,
 				AuthorityUtils.commaSeparatedStringToAuthorityList(grantedAuthority));
 		anonymousFilter.setSource(source);
 
-		RootBeanDefinition anonymousProviderBean = new RootBeanDefinition(
-				AnonymousAuthenticationProvider.class);
-		anonymousProviderBean.getConstructorArgumentValues().addIndexedArgumentValue(0,
-				key);
+		RootBeanDefinition anonymousProviderBean = new RootBeanDefinition(AnonymousAuthenticationProvider.class);
+		anonymousProviderBean.getConstructorArgumentValues().addIndexedArgumentValue(0, key);
 		anonymousProviderBean.setSource(anonymousFilter.getSource());
 		String id = pc.getReaderContext().generateBeanName(anonymousProviderBean);
 		pc.registerBeanComponent(new BeanComponentDefinition(anonymousProviderBean, id));
@@ -852,8 +847,7 @@ final class AuthenticationConfigBuilder {
 	}
 
 	void createExceptionTranslationFilter() {
-		BeanDefinitionBuilder etfBuilder = BeanDefinitionBuilder
-				.rootBeanDefinition(ExceptionTranslationFilter.class);
+		BeanDefinitionBuilder etfBuilder = BeanDefinitionBuilder.rootBeanDefinition(ExceptionTranslationFilter.class);
 		accessDeniedHandler = createAccessDeniedHandler(httpElt, pc);
 		etfBuilder.addPropertyValue("accessDeniedHandler", accessDeniedHandler);
 		assert requestCache != null;
@@ -864,10 +858,8 @@ final class AuthenticationConfigBuilder {
 		etf = etfBuilder.getBeanDefinition();
 	}
 
-	private BeanMetadataElement createAccessDeniedHandler(Element element,
-			ParserContext pc) {
-		Element accessDeniedElt = DomUtils.getChildElementByTagName(element,
-				Elements.ACCESS_DENIED_HANDLER);
+	private BeanMetadataElement createAccessDeniedHandler(Element element, ParserContext pc) {
+		Element accessDeniedElt = DomUtils.getChildElementByTagName(element, Elements.ACCESS_DENIED_HANDLER);
 		BeanDefinitionBuilder accessDeniedHandler = BeanDefinitionBuilder
 				.rootBeanDefinition(AccessDeniedHandlerImpl.class);
 
@@ -878,11 +870,9 @@ final class AuthenticationConfigBuilder {
 			if (StringUtils.hasText(errorPage)) {
 				if (StringUtils.hasText(ref)) {
 					pc.getReaderContext()
-							.error("The attribute "
-									+ ATT_ACCESS_DENIED_ERROR_PAGE
+							.error("The attribute " + ATT_ACCESS_DENIED_ERROR_PAGE
 									+ " cannot be used together with the 'ref' attribute within <"
-									+ Elements.ACCESS_DENIED_HANDLER + ">",
-									pc.extractSource(accessDeniedElt));
+									+ Elements.ACCESS_DENIED_HANDLER + ">", pc.extractSource(accessDeniedElt));
 
 				}
 				accessDeniedHandler.addPropertyValue("errorPage", errorPage);
@@ -904,8 +894,8 @@ final class AuthenticationConfigBuilder {
 		accessDeniedHandler = BeanDefinitionBuilder
 				.rootBeanDefinition(RequestMatcherDelegatingAccessDeniedHandler.class);
 		accessDeniedHandler.addConstructorArgValue(this.defaultDeniedHandlerMappings);
-		accessDeniedHandler.addConstructorArgValue
-				(BeanDefinitionBuilder.rootBeanDefinition(AccessDeniedHandlerImpl.class));
+		accessDeniedHandler
+				.addConstructorArgValue(BeanDefinitionBuilder.rootBeanDefinition(AccessDeniedHandlerImpl.class));
 
 		return accessDeniedHandler.getBeanDefinition();
 	}
@@ -929,12 +919,9 @@ final class AuthenticationConfigBuilder {
 			return delegatingEntryPoint.getBeanDefinition();
 		}
 
-		Element basicAuthElt = DomUtils.getChildElementByTagName(httpElt,
-				Elements.BASIC_AUTH);
-		Element formLoginElt = DomUtils.getChildElementByTagName(httpElt,
-				Elements.FORM_LOGIN);
-		Element openIDLoginElt = DomUtils.getChildElementByTagName(httpElt,
-				Elements.OPENID_LOGIN);
+		Element basicAuthElt = DomUtils.getChildElementByTagName(httpElt, Elements.BASIC_AUTH);
+		Element formLoginElt = DomUtils.getChildElementByTagName(httpElt, Elements.FORM_LOGIN);
+		Element openIDLoginElt = DomUtils.getChildElementByTagName(httpElt, Elements.OPENID_LOGIN);
 		// Basic takes precedence if explicit element is used and no others are configured
 		if (basicAuthElt != null && formLoginElt == null && openIDLoginElt == null && oauth2LoginEntryPoint == null) {
 			return basicEntryPoint;
@@ -946,17 +933,19 @@ final class AuthenticationConfigBuilder {
 
 		if (formLoginPage != null && openIDLoginPage != null) {
 			pc.getReaderContext().error(
-					"Only one login-page can be defined, either for OpenID or form-login, "
-							+ "but not both.", pc.extractSource(openIDLoginElt));
+					"Only one login-page can be defined, either for OpenID or form-login, " + "but not both.",
+					pc.extractSource(openIDLoginElt));
 		}
 
 		if (formFilterId != null && openIDLoginPage == null) {
 			// gh-6802
-			// If form login was enabled through element and Oauth2 login was enabled from element then use form login
+			// If form login was enabled through element and Oauth2 login was enabled from
+			// element then use form login
 			if (formLoginElt != null && oauth2LoginEntryPoint != null) {
 				return formEntryPoint;
 			}
-			// If form login was enabled through auto-config, and Oauth2 login was not enabled then use form login
+			// If form login was enabled through auto-config, and Oauth2 login was not
+			// enabled then use form login
 			if (oauth2LoginEntryPoint == null) {
 				return formEntryPoint;
 			}
@@ -977,11 +966,10 @@ final class AuthenticationConfigBuilder {
 			return oauth2LoginEntryPoint;
 		}
 
-		pc.getReaderContext()
-				.error("No AuthenticationEntryPoint could be established. Please "
-						+ "make sure you have a login mechanism configured through the namespace (such as form-login) or "
-						+ "specify a custom AuthenticationEntryPoint with the '"
-						+ ATT_ENTRY_POINT_REF + "' attribute ", pc.extractSource(httpElt));
+		pc.getReaderContext().error("No AuthenticationEntryPoint could be established. Please "
+				+ "make sure you have a login mechanism configured through the namespace (such as form-login) or "
+				+ "specify a custom AuthenticationEntryPoint with the '" + ATT_ENTRY_POINT_REF + "' attribute ",
+				pc.extractSource(httpElt));
 		return null;
 	}
 
@@ -990,11 +978,9 @@ final class AuthenticationConfigBuilder {
 			// Multiple <http> case
 			return;
 		}
-		RootBeanDefinition bean = new RootBeanDefinition(
-				UserDetailsServiceFactoryBean.class);
+		RootBeanDefinition bean = new RootBeanDefinition(UserDetailsServiceFactoryBean.class);
 		bean.setRole(BeanDefinition.ROLE_INFRASTRUCTURE);
-		pc.registerBeanComponent(new BeanComponentDefinition(bean,
-				BeanIds.USER_DETAILS_SERVICE_FACTORY));
+		pc.registerBeanComponent(new BeanComponentDefinition(bean, BeanIds.USER_DETAILS_SERVICE_FACTORY));
 	}
 
 	List<OrderDecorator> getFilters() {
@@ -1021,18 +1007,17 @@ final class AuthenticationConfigBuilder {
 		}
 
 		if (formFilterId != null) {
-			filters.add(new OrderDecorator(new RuntimeBeanReference(formFilterId),
-					FORM_LOGIN_FILTER));
+			filters.add(new OrderDecorator(new RuntimeBeanReference(formFilterId), FORM_LOGIN_FILTER));
 		}
 
 		if (oauth2LoginFilterId != null) {
 			filters.add(new OrderDecorator(new RuntimeBeanReference(oauth2LoginFilterId), OAUTH2_LOGIN_FILTER));
-			filters.add(new OrderDecorator(oauth2AuthorizationRequestRedirectFilter, OAUTH2_AUTHORIZATION_REQUEST_FILTER));
+			filters.add(
+					new OrderDecorator(oauth2AuthorizationRequestRedirectFilter, OAUTH2_AUTHORIZATION_REQUEST_FILTER));
 		}
 
 		if (openIDFilterId != null) {
-			filters.add(new OrderDecorator(new RuntimeBeanReference(openIDFilterId),
-					OPENID_FILTER));
+			filters.add(new OrderDecorator(new RuntimeBeanReference(openIDFilterId), OPENID_FILTER));
 		}
 
 		if (loginPageGenerationFilter != null) {
@@ -1049,7 +1034,8 @@ final class AuthenticationConfigBuilder {
 		}
 
 		if (authorizationCodeGrantFilter != null) {
-			filters.add(new OrderDecorator(authorizationRequestRedirectFilter, OAUTH2_AUTHORIZATION_REQUEST_FILTER.getOrder() + 1));
+			filters.add(new OrderDecorator(authorizationRequestRedirectFilter,
+					OAUTH2_AUTHORIZATION_REQUEST_FILTER.getOrder() + 1));
 			filters.add(new OrderDecorator(authorizationCodeGrantFilter, OAUTH2_AUTHORIZATION_CODE_GRANT_FILTER));
 		}
 
@@ -1098,8 +1084,7 @@ final class AuthenticationConfigBuilder {
 		return providers;
 	}
 
-	private static class CsrfTokenHiddenInputFunction implements
-		Function<HttpServletRequest, Map<String, String>> {
+	private static class CsrfTokenHiddenInputFunction implements Function<HttpServletRequest, Map<String, String>> {
 
 		@Override
 		public Map<String, String> apply(HttpServletRequest request) {
@@ -1109,5 +1094,7 @@ final class AuthenticationConfigBuilder {
 			}
 			return Collections.singletonMap(token.getParameterName(), token.getToken());
 		}
+
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/http/ChannelAttributeFactory.java b/config/src/main/java/org/springframework/security/config/http/ChannelAttributeFactory.java
index c926b83465..c967584e78 100644
--- a/config/src/main/java/org/springframework/security/config/http/ChannelAttributeFactory.java
+++ b/config/src/main/java/org/springframework/security/config/http/ChannelAttributeFactory.java
@@ -30,8 +30,11 @@ import org.springframework.security.web.access.channel.ChannelDecisionManagerImp
  * @since 3.0
  */
 public class ChannelAttributeFactory {
+
 	private static final String OPT_REQUIRES_HTTP = "http";
+
 	private static final String OPT_REQUIRES_HTTPS = "https";
+
 	private static final String OPT_ANY_CHANNEL = "any";
 
 	public static List<ConfigAttribute> createChannelAttributes(String requiredChannel) {
@@ -47,10 +50,10 @@ public class ChannelAttributeFactory {
 			channelConfigAttribute = ChannelDecisionManagerImpl.ANY_CHANNEL;
 		}
 		else {
-			throw new BeanCreationException("Unknown channel attribute "
-					+ requiredChannel);
+			throw new BeanCreationException("Unknown channel attribute " + requiredChannel);
 		}
 
 		return SecurityConfig.createList(channelConfigAttribute);
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/http/CorsBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/CorsBeanDefinitionParser.java
index b8c67e6c54..7dbbea8bf0 100644
--- a/config/src/main/java/org/springframework/security/config/http/CorsBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/CorsBeanDefinitionParser.java
@@ -33,9 +33,11 @@ import org.w3c.dom.Element;
  * @since 4.1.1
  */
 public class CorsBeanDefinitionParser {
+
 	private static final String HANDLER_MAPPING_INTROSPECTOR = "org.springframework.web.servlet.handler.HandlerMappingIntrospector";
 
 	private static final String ATT_SOURCE = "configuration-source-ref";
+
 	private static final String ATT_REF = "ref";
 
 	public BeanMetadataElement parse(Element element, ParserContext parserContext) {
@@ -64,12 +66,12 @@ public class CorsBeanDefinitionParser {
 			return new RuntimeBeanReference(configurationSourceRef);
 		}
 
-		boolean mvcPresent = ClassUtils.isPresent(HANDLER_MAPPING_INTROSPECTOR,
-				getClass().getClassLoader());
+		boolean mvcPresent = ClassUtils.isPresent(HANDLER_MAPPING_INTROSPECTOR, getClass().getClassLoader());
 		if (!mvcPresent) {
 			return null;
 		}
 
 		return new RootBeanDefinition(HandlerMappingIntrospectorFactoryBean.class);
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/http/CsrfBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/CsrfBeanDefinitionParser.java
index 9ef1fed832..46a2c99b03 100644
--- a/config/src/main/java/org/springframework/security/config/http/CsrfBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/CsrfBeanDefinitionParser.java
@@ -62,30 +62,31 @@ import org.springframework.util.StringUtils;
 public class CsrfBeanDefinitionParser implements BeanDefinitionParser {
 
 	private static final String REQUEST_DATA_VALUE_PROCESSOR = "requestDataValueProcessor";
+
 	private static final String DISPATCHER_SERVLET_CLASS_NAME = "org.springframework.web.servlet.DispatcherServlet";
+
 	private static final String ATT_MATCHER = "request-matcher-ref";
+
 	private static final String ATT_REPOSITORY = "token-repository-ref";
 
 	private String csrfRepositoryRef;
+
 	private BeanDefinition csrfFilter;
 
 	private String requestMatcherRef;
 
 	@Override
 	public BeanDefinition parse(Element element, ParserContext pc) {
-		boolean disabled = element != null
-				&& "true".equals(element.getAttribute("disabled"));
+		boolean disabled = element != null && "true".equals(element.getAttribute("disabled"));
 		if (disabled) {
 			return null;
 		}
-		boolean webmvcPresent = ClassUtils.isPresent(DISPATCHER_SERVLET_CLASS_NAME,
-				getClass().getClassLoader());
+		boolean webmvcPresent = ClassUtils.isPresent(DISPATCHER_SERVLET_CLASS_NAME, getClass().getClassLoader());
 		if (webmvcPresent) {
 			if (!pc.getRegistry().containsBeanDefinition(REQUEST_DATA_VALUE_PROCESSOR)) {
-				RootBeanDefinition beanDefinition = new RootBeanDefinition(
-						CsrfRequestDataValueProcessor.class);
-				BeanComponentDefinition componentDefinition = new BeanComponentDefinition(
-						beanDefinition, REQUEST_DATA_VALUE_PROCESSOR);
+				RootBeanDefinition beanDefinition = new RootBeanDefinition(CsrfRequestDataValueProcessor.class);
+				BeanComponentDefinition componentDefinition = new BeanComponentDefinition(beanDefinition,
+						REQUEST_DATA_VALUE_PROCESSOR);
 				pc.registerBeanComponent(componentDefinition);
 			}
 		}
@@ -97,19 +98,16 @@ public class CsrfBeanDefinitionParser implements BeanDefinitionParser {
 
 		if (!StringUtils.hasText(this.csrfRepositoryRef)) {
 
-			RootBeanDefinition csrfTokenRepository = new RootBeanDefinition(
-					HttpSessionCsrfTokenRepository.class);
+			RootBeanDefinition csrfTokenRepository = new RootBeanDefinition(HttpSessionCsrfTokenRepository.class);
 			BeanDefinitionBuilder lazyTokenRepository = BeanDefinitionBuilder
 					.rootBeanDefinition(LazyCsrfTokenRepository.class);
 			lazyTokenRepository.addConstructorArgValue(csrfTokenRepository);
-			this.csrfRepositoryRef = pc.getReaderContext()
-					.generateBeanName(lazyTokenRepository.getBeanDefinition());
-			pc.registerBeanComponent(new BeanComponentDefinition(
-					lazyTokenRepository.getBeanDefinition(), this.csrfRepositoryRef));
+			this.csrfRepositoryRef = pc.getReaderContext().generateBeanName(lazyTokenRepository.getBeanDefinition());
+			pc.registerBeanComponent(
+					new BeanComponentDefinition(lazyTokenRepository.getBeanDefinition(), this.csrfRepositoryRef));
 		}
 
-		BeanDefinitionBuilder builder = BeanDefinitionBuilder
-				.rootBeanDefinition(CsrfFilter.class);
+		BeanDefinitionBuilder builder = BeanDefinitionBuilder.rootBeanDefinition(CsrfFilter.class);
 		builder.addConstructorArgReference(this.csrfRepositoryRef);
 
 		if (StringUtils.hasText(this.requestMatcherRef)) {
@@ -122,16 +120,13 @@ public class CsrfBeanDefinitionParser implements BeanDefinitionParser {
 
 	/**
 	 * Populate the AccessDeniedHandler on the {@link CsrfFilter}
-	 *
 	 * @param invalidSessionStrategy the {@link InvalidSessionStrategy} to use
 	 * @param defaultDeniedHandler the {@link AccessDeniedHandler} to use
 	 */
-	void initAccessDeniedHandler(BeanDefinition invalidSessionStrategy,
-			BeanMetadataElement defaultDeniedHandler) {
-		BeanMetadataElement accessDeniedHandler = createAccessDeniedHandler(
-				invalidSessionStrategy, defaultDeniedHandler);
-		this.csrfFilter.getPropertyValues().addPropertyValue("accessDeniedHandler",
-				accessDeniedHandler);
+	void initAccessDeniedHandler(BeanDefinition invalidSessionStrategy, BeanMetadataElement defaultDeniedHandler) {
+		BeanMetadataElement accessDeniedHandler = createAccessDeniedHandler(invalidSessionStrategy,
+				defaultDeniedHandler);
+		this.csrfFilter.getPropertyValues().addPropertyValue("accessDeniedHandler", accessDeniedHandler);
 	}
 
 	/**
@@ -143,15 +138,12 @@ public class CsrfBeanDefinitionParser implements BeanDefinitionParser {
 	 * {@link InvalidSessionAccessDeniedHandler} and the
 	 * {@link #getDefaultAccessDeniedHandler(HttpSecurityBuilder)}. Otherwise, only
 	 * {@link #getDefaultAccessDeniedHandler(HttpSecurityBuilder)} is used.
-	 *
 	 * @param invalidSessionStrategy the {@link InvalidSessionStrategy} to use
 	 * @param defaultDeniedHandler the {@link AccessDeniedHandler} to use
-	 *
 	 * @return the {@link BeanMetadataElement} that is the {@link AccessDeniedHandler} to
 	 * populate on the {@link CsrfFilter}
 	 */
-	private BeanMetadataElement createAccessDeniedHandler(
-			BeanDefinition invalidSessionStrategy,
+	private BeanMetadataElement createAccessDeniedHandler(BeanDefinition invalidSessionStrategy,
 			BeanMetadataElement defaultDeniedHandler) {
 		if (invalidSessionStrategy == null) {
 			return defaultDeniedHandler;
@@ -160,8 +152,7 @@ public class CsrfBeanDefinitionParser implements BeanDefinitionParser {
 		BeanDefinitionBuilder invalidSessionHandlerBldr = BeanDefinitionBuilder
 				.rootBeanDefinition(InvalidSessionAccessDeniedHandler.class);
 		invalidSessionHandlerBldr.addConstructorArgValue(invalidSessionStrategy);
-		handlers.put(MissingCsrfTokenException.class,
-				invalidSessionHandlerBldr.getBeanDefinition());
+		handlers.put(MissingCsrfTokenException.class, invalidSessionHandlerBldr.getBeanDefinition());
 
 		BeanDefinitionBuilder deniedBldr = BeanDefinitionBuilder
 				.rootBeanDefinition(DelegatingAccessDeniedHandler.class);
@@ -190,29 +181,26 @@ public class CsrfBeanDefinitionParser implements BeanDefinitionParser {
 			BeanMetadataElement requestMatcher;
 			if (StringUtils.hasText(this.requestMatcherRef)) {
 				requestMatcher = new RuntimeBeanReference(this.requestMatcherRef);
-			} else {
+			}
+			else {
 				requestMatcher = new RootBeanDefinition(DefaultRequiresCsrfMatcher.class);
 			}
-			BeanDefinitionBuilder and = BeanDefinitionBuilder
-					.rootBeanDefinition(AndRequestMatcher.class);
-			BeanDefinitionBuilder negated = BeanDefinitionBuilder
-					.rootBeanDefinition(NegatedRequestMatcher.class);
-			BeanDefinitionBuilder or = BeanDefinitionBuilder
-					.rootBeanDefinition(OrRequestMatcher.class);
+			BeanDefinitionBuilder and = BeanDefinitionBuilder.rootBeanDefinition(AndRequestMatcher.class);
+			BeanDefinitionBuilder negated = BeanDefinitionBuilder.rootBeanDefinition(NegatedRequestMatcher.class);
+			BeanDefinitionBuilder or = BeanDefinitionBuilder.rootBeanDefinition(OrRequestMatcher.class);
 			or.addConstructorArgValue(requestMatchers);
 			negated.addConstructorArgValue(or.getBeanDefinition());
 			List<BeanMetadataElement> ands = new ManagedList<>();
 			ands.add(requestMatcher);
 			ands.add(negated.getBeanDefinition());
 			and.addConstructorArgValue(ands);
-			this.csrfFilter.getPropertyValues()
-					.add("requireCsrfProtectionMatcher", and.getBeanDefinition());
+			this.csrfFilter.getPropertyValues().add("requireCsrfProtectionMatcher", and.getBeanDefinition());
 		}
 	}
 
 	private static final class DefaultRequiresCsrfMatcher implements RequestMatcher {
-		private final HashSet<String> allowedMethods = new HashSet<>(
-				Arrays.asList("GET", "HEAD", "TRACE", "OPTIONS"));
+
+		private final HashSet<String> allowedMethods = new HashSet<>(Arrays.asList("GET", "HEAD", "TRACE", "OPTIONS"));
 
 		/*
 		 * (non-Javadoc)
@@ -225,5 +213,7 @@ public class CsrfBeanDefinitionParser implements BeanDefinitionParser {
 		public boolean matches(HttpServletRequest request) {
 			return !this.allowedMethods.contains(request.getMethod());
 		}
+
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/http/DefaultFilterChainValidator.java b/config/src/main/java/org/springframework/security/config/http/DefaultFilterChainValidator.java
index ac4ec37ed3..c6a70e0886 100644
--- a/config/src/main/java/org/springframework/security/config/http/DefaultFilterChainValidator.java
+++ b/config/src/main/java/org/springframework/security/config/http/DefaultFilterChainValidator.java
@@ -44,6 +44,7 @@ import org.springframework.security.web.util.matcher.RequestMatcher;
 import org.springframework.security.web.util.matcher.AnyRequestMatcher;
 
 public class DefaultFilterChainValidator implements FilterChainProxy.FilterChainValidator {
+
 	private final Log logger = LogFactory.getLog(getClass());
 
 	public void validate(FilterChainProxy fcp) {
@@ -53,8 +54,7 @@ public class DefaultFilterChainValidator implements FilterChainProxy.FilterChain
 		}
 
 		checkPathOrder(new ArrayList<>(fcp.getFilterChains()));
-		checkForDuplicateMatchers(new ArrayList<>(
-				fcp.getFilterChains()));
+		checkForDuplicateMatchers(new ArrayList<>(fcp.getFilterChains()));
 	}
 
 	private void checkPathOrder(List<SecurityFilterChain> filterChains) {
@@ -62,13 +62,11 @@ public class DefaultFilterChainValidator implements FilterChainProxy.FilterChain
 		Iterator<SecurityFilterChain> chains = filterChains.iterator();
 
 		while (chains.hasNext()) {
-			RequestMatcher matcher = ((DefaultSecurityFilterChain) chains.next())
-					.getRequestMatcher();
+			RequestMatcher matcher = ((DefaultSecurityFilterChain) chains.next()).getRequestMatcher();
 			if (AnyRequestMatcher.INSTANCE.equals(matcher) && chains.hasNext()) {
-				throw new IllegalArgumentException(
-						"A universal match pattern ('/**') is defined "
-								+ " before other patterns in the filter chain, causing them to be ignored. Please check the "
-								+ "ordering in your <security:http> namespace or FilterChainProxy bean configuration");
+				throw new IllegalArgumentException("A universal match pattern ('/**') is defined "
+						+ " before other patterns in the filter chain, causing them to be ignored. Please check the "
+						+ "ordering in your <security:http> namespace or FilterChainProxy bean configuration");
 			}
 		}
 	}
@@ -76,18 +74,13 @@ public class DefaultFilterChainValidator implements FilterChainProxy.FilterChain
 	private void checkForDuplicateMatchers(List<SecurityFilterChain> chains) {
 
 		while (chains.size() > 1) {
-			DefaultSecurityFilterChain chain = (DefaultSecurityFilterChain) chains
-					.remove(0);
+			DefaultSecurityFilterChain chain = (DefaultSecurityFilterChain) chains.remove(0);
 
 			for (SecurityFilterChain test : chains) {
-				if (chain.getRequestMatcher().equals(
-						((DefaultSecurityFilterChain) test).getRequestMatcher())) {
-					throw new IllegalArgumentException(
-							"The FilterChainProxy contains two filter chains using the"
-									+ " matcher "
-									+ chain.getRequestMatcher()
-									+ ". If you are using multiple <http> namespace "
-									+ "elements, you must use a 'pattern' attribute to define the request patterns to which they apply.");
+				if (chain.getRequestMatcher().equals(((DefaultSecurityFilterChain) test).getRequestMatcher())) {
+					throw new IllegalArgumentException("The FilterChainProxy contains two filter chains using the"
+							+ " matcher " + chain.getRequestMatcher() + ". If you are using multiple <http> namespace "
+							+ "elements, you must use a 'pattern' attribute to define the request patterns to which they apply.");
 				}
 			}
 		}
@@ -126,8 +119,8 @@ public class DefaultFilterChainValidator implements FilterChainProxy.FilterChain
 				for (int j = i + 1; j < filters.size(); j++) {
 					Filter f2 = filters.get(j);
 					if (clazz.isAssignableFrom(f2.getClass())) {
-						logger.warn("Possible error: Filters at position " + i + " and "
-								+ j + " are both " + "instances of " + clazz.getName());
+						logger.warn("Possible error: Filters at position " + i + " and " + j + " are both "
+								+ "instances of " + clazz.getName());
 						return;
 					}
 				}
@@ -139,20 +132,15 @@ public class DefaultFilterChainValidator implements FilterChainProxy.FilterChain
 	 * Checks for the common error of having a login page URL protected by the security
 	 * interceptor
 	 */
-	private void checkLoginPageIsntProtected(FilterChainProxy fcp,
-			List<Filter> filterStack) {
-		ExceptionTranslationFilter etf = getFilter(ExceptionTranslationFilter.class,
-				filterStack);
+	private void checkLoginPageIsntProtected(FilterChainProxy fcp, List<Filter> filterStack) {
+		ExceptionTranslationFilter etf = getFilter(ExceptionTranslationFilter.class, filterStack);
 
-		if (etf == null
-				|| !(etf.getAuthenticationEntryPoint() instanceof LoginUrlAuthenticationEntryPoint)) {
+		if (etf == null || !(etf.getAuthenticationEntryPoint() instanceof LoginUrlAuthenticationEntryPoint)) {
 			return;
 		}
 
-		String loginPage = ((LoginUrlAuthenticationEntryPoint) etf
-				.getAuthenticationEntryPoint()).getLoginFormUrl();
-		logger.info("Checking whether login URL '" + loginPage
-				+ "' is accessible with your configuration");
+		String loginPage = ((LoginUrlAuthenticationEntryPoint) etf.getAuthenticationEntryPoint()).getLoginFormUrl();
+		logger.info("Checking whether login URL '" + loginPage + "' is accessible with your configuration");
 		FilterInvocation loginRequest = new FilterInvocation(loginPage, "POST");
 		List<Filter> filters = null;
 
@@ -176,8 +164,7 @@ public class DefaultFilterChainValidator implements FilterChainProxy.FilterChain
 			return;
 		}
 
-		FilterSecurityInterceptor fsi = getFilter(FilterSecurityInterceptor.class,
-				filters);
+		FilterSecurityInterceptor fsi = getFilter(FilterSecurityInterceptor.class, filters);
 		FilterInvocationSecurityMetadataSource fids = fsi.getSecurityMetadataSource();
 
 		Collection<ConfigAttribute> attributes = fids.getAttributes(loginRequest);
@@ -191,8 +178,7 @@ public class DefaultFilterChainValidator implements FilterChainProxy.FilterChain
 			return;
 		}
 
-		AnonymousAuthenticationFilter anonPF = getFilter(
-				AnonymousAuthenticationFilter.class, filters);
+		AnonymousAuthenticationFilter anonPF = getFilter(AnonymousAuthenticationFilter.class, filters);
 		if (anonPF == null) {
 			logger.warn("The login page is being protected by the filter chain, but you don't appear to have"
 					+ " anonymous authentication enabled. This is almost certainly an error.");
@@ -200,8 +186,8 @@ public class DefaultFilterChainValidator implements FilterChainProxy.FilterChain
 		}
 
 		// Simulate an anonymous access with the supplied attributes.
-		AnonymousAuthenticationToken token = new AnonymousAuthenticationToken("key",
-				anonPF.getPrincipal(), anonPF.getAuthorities());
+		AnonymousAuthenticationToken token = new AnonymousAuthenticationToken("key", anonPF.getPrincipal(),
+				anonPF.getAuthorities());
 		try {
 			fsi.getAccessDecisionManager().decide(token, loginRequest, attributes);
 		}
diff --git a/config/src/main/java/org/springframework/security/config/http/FilterChainBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/FilterChainBeanDefinitionParser.java
index ae5298b56e..cff4ded3ca 100644
--- a/config/src/main/java/org/springframework/security/config/http/FilterChainBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/FilterChainBeanDefinitionParser.java
@@ -32,6 +32,7 @@ import java.util.*;
  * @author Luke Taylor
  */
 public class FilterChainBeanDefinitionParser implements BeanDefinitionParser {
+
 	private static final String ATT_REQUEST_MATCHER_REF = "request-matcher-ref";
 
 	public BeanDefinition parse(Element elt, ParserContext pc) {
@@ -40,8 +41,7 @@ public class FilterChainBeanDefinitionParser implements BeanDefinitionParser {
 		String requestMatcher = elt.getAttribute(ATT_REQUEST_MATCHER_REF);
 		String filters = elt.getAttribute(HttpSecurityBeanDefinitionParser.ATT_FILTERS);
 
-		BeanDefinitionBuilder builder = BeanDefinitionBuilder
-				.rootBeanDefinition(DefaultSecurityFilterChain.class);
+		BeanDefinitionBuilder builder = BeanDefinitionBuilder.rootBeanDefinition(DefaultSecurityFilterChain.class);
 
 		if (StringUtils.hasText(path)) {
 			Assert.isTrue(!StringUtils.hasText(requestMatcher), "");
@@ -57,8 +57,7 @@ public class FilterChainBeanDefinitionParser implements BeanDefinitionParser {
 		}
 		else {
 			String[] filterBeanNames = StringUtils.tokenizeToStringArray(filters, ",");
-			ManagedList<RuntimeBeanReference> filterChain = new ManagedList<>(
-					filterBeanNames.length);
+			ManagedList<RuntimeBeanReference> filterChain = new ManagedList<>(filterBeanNames.length);
 
 			for (String name : filterBeanNames) {
 				filterChain.add(new RuntimeBeanReference(name));
@@ -69,4 +68,5 @@ public class FilterChainBeanDefinitionParser implements BeanDefinitionParser {
 
 		return builder.getBeanDefinition();
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/http/FilterChainMapBeanDefinitionDecorator.java b/config/src/main/java/org/springframework/security/config/http/FilterChainMapBeanDefinitionDecorator.java
index 35a43022e4..a3cf26283d 100644
--- a/config/src/main/java/org/springframework/security/config/http/FilterChainMapBeanDefinitionDecorator.java
+++ b/config/src/main/java/org/springframework/security/config/http/FilterChainMapBeanDefinitionDecorator.java
@@ -40,8 +40,7 @@ import org.w3c.dom.Node;
 public class FilterChainMapBeanDefinitionDecorator implements BeanDefinitionDecorator {
 
 	@SuppressWarnings("unchecked")
-	public BeanDefinitionHolder decorate(Node node, BeanDefinitionHolder holder,
-			ParserContext parserContext) {
+	public BeanDefinitionHolder decorate(Node node, BeanDefinitionHolder holder, ParserContext parserContext) {
 		BeanDefinition filterChainProxy = holder.getBeanDefinition();
 
 		ManagedList<BeanMetadataElement> securityFilterChains = new ManagedList<>();
@@ -49,37 +48,30 @@ public class FilterChainMapBeanDefinitionDecorator implements BeanDefinitionDeco
 
 		MatcherType matcherType = MatcherType.fromElement(elt);
 
-		List<Element> filterChainElts = DomUtils.getChildElementsByTagName(elt,
-				Elements.FILTER_CHAIN);
+		List<Element> filterChainElts = DomUtils.getChildElementsByTagName(elt, Elements.FILTER_CHAIN);
 
 		for (Element chain : filterChainElts) {
-			String path = chain
-					.getAttribute(HttpSecurityBeanDefinitionParser.ATT_PATH_PATTERN);
-			String filters = chain
-					.getAttribute(HttpSecurityBeanDefinitionParser.ATT_FILTERS);
+			String path = chain.getAttribute(HttpSecurityBeanDefinitionParser.ATT_PATH_PATTERN);
+			String filters = chain.getAttribute(HttpSecurityBeanDefinitionParser.ATT_FILTERS);
 
 			if (!StringUtils.hasText(path)) {
 				parserContext.getReaderContext().error(
-						"The attribute '"
-								+ HttpSecurityBeanDefinitionParser.ATT_PATH_PATTERN
-								+ "' must not be empty", elt);
+						"The attribute '" + HttpSecurityBeanDefinitionParser.ATT_PATH_PATTERN + "' must not be empty",
+						elt);
 			}
 
 			if (!StringUtils.hasText(filters)) {
 				parserContext.getReaderContext().error(
-						"The attribute '" + HttpSecurityBeanDefinitionParser.ATT_FILTERS
-								+ "'must not be empty", elt);
+						"The attribute '" + HttpSecurityBeanDefinitionParser.ATT_FILTERS + "'must not be empty", elt);
 			}
 
 			BeanDefinition matcher = matcherType.createMatcher(parserContext, path, null);
 
 			if (filters.equals(HttpSecurityBeanDefinitionParser.OPT_FILTERS_NONE)) {
-				securityFilterChains.add(createSecurityFilterChain(matcher,
-						new ManagedList(0)));
+				securityFilterChains.add(createSecurityFilterChain(matcher, new ManagedList(0)));
 			}
 			else {
-				String[] filterBeanNames = StringUtils
-						.tokenizeToStringArray(filters, ",");
+				String[] filterBeanNames = StringUtils.tokenizeToStringArray(filters, ",");
 				ManagedList filterChain = new ManagedList(filterBeanNames.length);
 
 				for (String name : filterBeanNames) {
@@ -90,18 +82,16 @@ public class FilterChainMapBeanDefinitionDecorator implements BeanDefinitionDeco
 			}
 		}
 
-		filterChainProxy.getConstructorArgumentValues().addGenericArgumentValue(
-				securityFilterChains);
+		filterChainProxy.getConstructorArgumentValues().addGenericArgumentValue(securityFilterChains);
 
 		return holder;
 	}
 
-	private BeanDefinition createSecurityFilterChain(BeanDefinition matcher,
-			ManagedList<?> filters) {
-		BeanDefinitionBuilder sfc = BeanDefinitionBuilder
-				.rootBeanDefinition(DefaultSecurityFilterChain.class);
+	private BeanDefinition createSecurityFilterChain(BeanDefinition matcher, ManagedList<?> filters) {
+		BeanDefinitionBuilder sfc = BeanDefinitionBuilder.rootBeanDefinition(DefaultSecurityFilterChain.class);
 		sfc.addConstructorArgValue(matcher);
 		sfc.addConstructorArgValue(filters);
 		return sfc.getBeanDefinition();
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/http/FilterInvocationSecurityMetadataSourceParser.java b/config/src/main/java/org/springframework/security/config/http/FilterInvocationSecurityMetadataSourceParser.java
index dde778d41d..b8373a83ee 100644
--- a/config/src/main/java/org/springframework/security/config/http/FilterInvocationSecurityMetadataSourceParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/FilterInvocationSecurityMetadataSourceParser.java
@@ -48,44 +48,42 @@ import org.springframework.util.xml.DomUtils;
  * @author Luke Taylor
  */
 public class FilterInvocationSecurityMetadataSourceParser implements BeanDefinitionParser {
+
 	private static final String ATT_USE_EXPRESSIONS = "use-expressions";
+
 	private static final String ATT_HTTP_METHOD = "method";
+
 	private static final String ATT_PATTERN = "pattern";
+
 	private static final String ATT_ACCESS = "access";
+
 	private static final String ATT_SERVLET_PATH = "servlet-path";
-	private static final Log logger = LogFactory
-			.getLog(FilterInvocationSecurityMetadataSourceParser.class);
+
+	private static final Log logger = LogFactory.getLog(FilterInvocationSecurityMetadataSourceParser.class);
 
 	public BeanDefinition parse(Element element, ParserContext parserContext) {
-		List<Element> interceptUrls = DomUtils.getChildElementsByTagName(element,
-			Elements.INTERCEPT_URL);
+		List<Element> interceptUrls = DomUtils.getChildElementsByTagName(element, Elements.INTERCEPT_URL);
 
 		// Check for attributes that aren't allowed in this context
 		for (Element elt : interceptUrls) {
-			if (StringUtils.hasLength(elt
-					.getAttribute(HttpSecurityBeanDefinitionParser.ATT_REQUIRES_CHANNEL))) {
-				parserContext.getReaderContext().error(
-						"The attribute '"
-								+ HttpSecurityBeanDefinitionParser.ATT_REQUIRES_CHANNEL
-								+ "' isn't allowed here.", elt);
+			if (StringUtils.hasLength(elt.getAttribute(HttpSecurityBeanDefinitionParser.ATT_REQUIRES_CHANNEL))) {
+				parserContext.getReaderContext().error("The attribute '"
+						+ HttpSecurityBeanDefinitionParser.ATT_REQUIRES_CHANNEL + "' isn't allowed here.", elt);
 			}
 
-			if (StringUtils.hasLength(elt
-					.getAttribute(HttpSecurityBeanDefinitionParser.ATT_FILTERS))) {
+			if (StringUtils.hasLength(elt.getAttribute(HttpSecurityBeanDefinitionParser.ATT_FILTERS))) {
 				parserContext.getReaderContext().error(
-						"The attribute '" + HttpSecurityBeanDefinitionParser.ATT_FILTERS
-								+ "' isn't allowed here.", elt);
+						"The attribute '" + HttpSecurityBeanDefinitionParser.ATT_FILTERS + "' isn't allowed here.",
+						elt);
 			}
 
 			if (StringUtils.hasLength(elt.getAttribute(ATT_SERVLET_PATH))) {
-				parserContext.getReaderContext().error(
-					"The attribute '" + ATT_SERVLET_PATH
-						+ "' isn't allowed here.", elt);
+				parserContext.getReaderContext().error("The attribute '" + ATT_SERVLET_PATH + "' isn't allowed here.",
+						elt);
 			}
 		}
 
-		BeanDefinition mds = createSecurityMetadataSource(interceptUrls, false, element,
-				parserContext);
+		BeanDefinition mds = createSecurityMetadataSource(interceptUrls, false, element, parserContext);
 
 		String id = element.getAttribute(AbstractBeanDefinitionParser.ID_ATTRIBUTE);
 
@@ -97,8 +95,8 @@ public class FilterInvocationSecurityMetadataSourceParser implements BeanDefinit
 		return mds;
 	}
 
-	static RootBeanDefinition createSecurityMetadataSource(List<Element> interceptUrls,
-			boolean addAllAuth, Element httpElt, ParserContext pc) {
+	static RootBeanDefinition createSecurityMetadataSource(List<Element> interceptUrls, boolean addAllAuth,
+			Element httpElt, ParserContext pc) {
 		MatcherType matcherType = MatcherType.fromElement(httpElt);
 		boolean useExpressions = isUseExpressions(httpElt);
 
@@ -107,14 +105,13 @@ public class FilterInvocationSecurityMetadataSourceParser implements BeanDefinit
 		BeanDefinitionBuilder fidsBuilder;
 
 		if (useExpressions) {
-			Element expressionHandlerElt = DomUtils.getChildElementByTagName(httpElt,
-					Elements.EXPRESSION_HANDLER);
+			Element expressionHandlerElt = DomUtils.getChildElementByTagName(httpElt, Elements.EXPRESSION_HANDLER);
 			String expressionHandlerRef = expressionHandlerElt == null ? null
 					: expressionHandlerElt.getAttribute("ref");
 
 			if (StringUtils.hasText(expressionHandlerRef)) {
-				logger.info("Using bean '" + expressionHandlerRef
-						+ "' as web SecurityExpressionHandler implementation");
+				logger.info(
+						"Using bean '" + expressionHandlerRef + "' as web SecurityExpressionHandler implementation");
 			}
 			else {
 				expressionHandlerRef = registerDefaultExpressionHandler(pc);
@@ -126,8 +123,7 @@ public class FilterInvocationSecurityMetadataSourceParser implements BeanDefinit
 			fidsBuilder.addConstructorArgReference(expressionHandlerRef);
 		}
 		else {
-			fidsBuilder = BeanDefinitionBuilder
-					.rootBeanDefinition(DefaultFilterInvocationSecurityMetadataSource.class);
+			fidsBuilder = BeanDefinitionBuilder.rootBeanDefinition(DefaultFilterInvocationSecurityMetadataSource.class);
 			fidsBuilder.addConstructorArgValue(requestToAttributesMap);
 		}
 
@@ -137,11 +133,10 @@ public class FilterInvocationSecurityMetadataSourceParser implements BeanDefinit
 	}
 
 	static String registerDefaultExpressionHandler(ParserContext pc) {
-		BeanDefinition expressionHandler = GrantedAuthorityDefaultsParserUtils.registerWithDefaultRolePrefix(pc, DefaultWebSecurityExpressionHandlerBeanFactory.class);
-		String expressionHandlerRef = pc.getReaderContext().generateBeanName(
-				expressionHandler);
-		pc.registerBeanComponent(new BeanComponentDefinition(expressionHandler,
-				expressionHandlerRef));
+		BeanDefinition expressionHandler = GrantedAuthorityDefaultsParserUtils.registerWithDefaultRolePrefix(pc,
+				DefaultWebSecurityExpressionHandlerBeanFactory.class);
+		String expressionHandlerRef = pc.getReaderContext().generateBeanName(expressionHandler);
+		pc.registerBeanComponent(new BeanComponentDefinition(expressionHandler, expressionHandlerRef));
 
 		return expressionHandlerRef;
 	}
@@ -152,8 +147,8 @@ public class FilterInvocationSecurityMetadataSourceParser implements BeanDefinit
 	}
 
 	private static ManagedMap<BeanMetadataElement, BeanDefinition> parseInterceptUrlsForFilterInvocationRequestMap(
-			MatcherType matcherType, List<Element> urlElts, boolean useExpressions,
-			boolean addAuthenticatedAll, ParserContext parserContext) {
+			MatcherType matcherType, List<Element> urlElts, boolean useExpressions, boolean addAuthenticatedAll,
+			ParserContext parserContext) {
 
 		ManagedMap<BeanMetadataElement, BeanDefinition> filterInvocationDefinitionMap = new ManagedMap<>();
 
@@ -168,8 +163,7 @@ public class FilterInvocationSecurityMetadataSourceParser implements BeanDefinit
 			boolean hasMatcherRef = StringUtils.hasText(matcherRef);
 
 			if (!hasMatcherRef && !StringUtils.hasText(path)) {
-				parserContext.getReaderContext().error(
-						"path attribute cannot be empty or null", urlElt);
+				parserContext.getReaderContext().error("path attribute cannot be empty or null", urlElt);
 			}
 
 			String method = urlElt.getAttribute(ATT_HTTP_METHOD);
@@ -180,19 +174,19 @@ public class FilterInvocationSecurityMetadataSourceParser implements BeanDefinit
 			String servletPath = urlElt.getAttribute(ATT_SERVLET_PATH);
 			if (!StringUtils.hasText(servletPath)) {
 				servletPath = null;
-			} else if (!MatcherType.mvc.equals(matcherType)) {
+			}
+			else if (!MatcherType.mvc.equals(matcherType)) {
 				parserContext.getReaderContext().error(
-					ATT_SERVLET_PATH + " is not applicable for request-matcher: '" + matcherType.name() + "'", urlElt);
+						ATT_SERVLET_PATH + " is not applicable for request-matcher: '" + matcherType.name() + "'",
+						urlElt);
 			}
 
-			BeanMetadataElement matcher = hasMatcherRef ? new RuntimeBeanReference(matcherRef) : matcherType.createMatcher(parserContext, path,
-					method, servletPath);
-			BeanDefinitionBuilder attributeBuilder = BeanDefinitionBuilder
-					.rootBeanDefinition(SecurityConfig.class);
+			BeanMetadataElement matcher = hasMatcherRef ? new RuntimeBeanReference(matcherRef)
+					: matcherType.createMatcher(parserContext, path, method, servletPath);
+			BeanDefinitionBuilder attributeBuilder = BeanDefinitionBuilder.rootBeanDefinition(SecurityConfig.class);
 
 			if (useExpressions) {
-				logger.info("Creating access control expression attribute '" + access
-						+ "' for " + path);
+				logger.info("Creating access control expression attribute '" + access + "' for " + path);
 				// The single expression will be parsed later by the
 				// ExpressionBasedFilterInvocationSecurityMetadataSource
 				attributeBuilder.addConstructorArgValue(new String[] { access });
@@ -205,35 +199,34 @@ public class FilterInvocationSecurityMetadataSourceParser implements BeanDefinit
 			}
 
 			if (filterInvocationDefinitionMap.containsKey(matcher)) {
-				logger.warn("Duplicate URL defined: " + path
-						+ ". The original attribute values will be overwritten");
+				logger.warn("Duplicate URL defined: " + path + ". The original attribute values will be overwritten");
 			}
 
-			filterInvocationDefinitionMap.put(matcher,
-					attributeBuilder.getBeanDefinition());
+			filterInvocationDefinitionMap.put(matcher, attributeBuilder.getBeanDefinition());
 		}
 
 		if (addAuthenticatedAll && filterInvocationDefinitionMap.isEmpty()) {
 
-			BeanDefinition matcher = matcherType.createMatcher(parserContext, "/**",
-					null);
-			BeanDefinitionBuilder attributeBuilder = BeanDefinitionBuilder
-					.rootBeanDefinition(SecurityConfig.class);
+			BeanDefinition matcher = matcherType.createMatcher(parserContext, "/**", null);
+			BeanDefinitionBuilder attributeBuilder = BeanDefinitionBuilder.rootBeanDefinition(SecurityConfig.class);
 			attributeBuilder.addConstructorArgValue(new String[] { "authenticated" });
 			attributeBuilder.setFactoryMethod("createList");
-			filterInvocationDefinitionMap.put(matcher,
-					attributeBuilder.getBeanDefinition());
+			filterInvocationDefinitionMap.put(matcher, attributeBuilder.getBeanDefinition());
 		}
 
 		return filterInvocationDefinitionMap;
 	}
 
-	static class DefaultWebSecurityExpressionHandlerBeanFactory extends GrantedAuthorityDefaultsParserUtils.AbstractGrantedAuthorityDefaultsBeanFactory {
+	static class DefaultWebSecurityExpressionHandlerBeanFactory
+			extends GrantedAuthorityDefaultsParserUtils.AbstractGrantedAuthorityDefaultsBeanFactory {
+
 		private DefaultWebSecurityExpressionHandler handler = new DefaultWebSecurityExpressionHandler();
 
 		public DefaultWebSecurityExpressionHandler getBean() {
 			handler.setDefaultRolePrefix(this.rolePrefix);
 			return handler;
 		}
+
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/http/FormLoginBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/FormLoginBeanDefinitionParser.java
index 9bd44c7f7c..ffa9175348 100644
--- a/config/src/main/java/org/springframework/security/config/http/FormLoginBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/FormLoginBeanDefinitionParser.java
@@ -35,45 +35,64 @@ import org.w3c.dom.Element;
  * @author Shazin Sadakath
  */
 public class FormLoginBeanDefinitionParser {
+
 	protected final Log logger = LogFactory.getLog(getClass());
 
 	private static final String ATT_LOGIN_URL = "login-processing-url";
 
 	static final String ATT_LOGIN_PAGE = "login-page";
+
 	private static final String DEF_LOGIN_PAGE = DefaultLoginPageGeneratingFilter.DEFAULT_LOGIN_PAGE_URL;
 
 	private static final String ATT_FORM_LOGIN_TARGET_URL = "default-target-url";
+
 	private static final String ATT_ALWAYS_USE_DEFAULT_TARGET_URL = "always-use-default-target";
+
 	private static final String DEF_FORM_LOGIN_TARGET_URL = "/";
+
 	private static final String ATT_USERNAME_PARAMETER = "username-parameter";
+
 	private static final String ATT_PASSWORD_PARAMETER = "password-parameter";
 
 	private static final String ATT_FORM_LOGIN_AUTHENTICATION_FAILURE_URL = "authentication-failure-url";
+
 	private static final String DEF_FORM_LOGIN_AUTHENTICATION_FAILURE_URL = DefaultLoginPageGeneratingFilter.DEFAULT_LOGIN_PAGE_URL
 			+ "?" + DefaultLoginPageGeneratingFilter.ERROR_PARAMETER_NAME;
 
 	private static final String ATT_SUCCESS_HANDLER_REF = "authentication-success-handler-ref";
+
 	private static final String ATT_FAILURE_HANDLER_REF = "authentication-failure-handler-ref";
+
 	private static final String ATT_FORM_LOGIN_AUTHENTICATION_FAILURE_FORWARD_URL = "authentication-failure-forward-url";
+
 	private static final String ATT_FORM_LOGIN_AUTHENTICATION_SUCCESS_FORWARD_URL = "authentication-success-forward-url";
 
 	private final String defaultLoginProcessingUrl;
+
 	private final String filterClassName;
+
 	private final BeanReference requestCache;
+
 	private final BeanReference sessionStrategy;
+
 	private final boolean allowSessionCreation;
+
 	private final BeanReference portMapper;
+
 	private final BeanReference portResolver;
 
 	private RootBeanDefinition filterBean;
+
 	private RootBeanDefinition entryPointBean;
+
 	private String loginPage;
+
 	private String loginMethod;
+
 	private String loginProcessingUrl;
 
-	FormLoginBeanDefinitionParser(String defaultLoginProcessingUrl, String loginMethod,
-			String filterClassName, BeanReference requestCache,
-			BeanReference sessionStrategy, boolean allowSessionCreation,
+	FormLoginBeanDefinitionParser(String defaultLoginProcessingUrl, String loginMethod, String filterClassName,
+			BeanReference requestCache, BeanReference sessionStrategy, boolean allowSessionCreation,
 			BeanReference portMapper, BeanReference portResolver) {
 		this.defaultLoginProcessingUrl = defaultLoginProcessingUrl;
 		this.loginMethod = loginMethod;
@@ -107,15 +126,13 @@ public class FormLoginBeanDefinitionParser {
 			WebConfigUtils.validateHttpRedirect(loginUrl, pc, source);
 			defaultTargetUrl = elt.getAttribute(ATT_FORM_LOGIN_TARGET_URL);
 			WebConfigUtils.validateHttpRedirect(defaultTargetUrl, pc, source);
-			authenticationFailureUrl = elt
-					.getAttribute(ATT_FORM_LOGIN_AUTHENTICATION_FAILURE_URL);
+			authenticationFailureUrl = elt.getAttribute(ATT_FORM_LOGIN_AUTHENTICATION_FAILURE_URL);
 			WebConfigUtils.validateHttpRedirect(authenticationFailureUrl, pc, source);
 			alwaysUseDefault = elt.getAttribute(ATT_ALWAYS_USE_DEFAULT_TARGET_URL);
 			loginPage = elt.getAttribute(ATT_LOGIN_PAGE);
 			successHandlerRef = elt.getAttribute(ATT_SUCCESS_HANDLER_REF);
 			failureHandlerRef = elt.getAttribute(ATT_FAILURE_HANDLER_REF);
-			authDetailsSourceRef = elt
-					.getAttribute(AuthenticationConfigBuilder.ATT_AUTH_DETAILS_SOURCE_REF);
+			authDetailsSourceRef = elt.getAttribute(AuthenticationConfigBuilder.ATT_AUTH_DETAILS_SOURCE_REF);
 			authenticationFailureForwardUrl = elt.getAttribute(ATT_FORM_LOGIN_AUTHENTICATION_FAILURE_FORWARD_URL);
 			WebConfigUtils.validateHttpRedirect(authenticationFailureForwardUrl, pc, source);
 			authenticationSuccessForwardUrl = elt.getAttribute(ATT_FORM_LOGIN_AUTHENTICATION_SUCCESS_FORWARD_URL);
@@ -129,17 +146,15 @@ public class FormLoginBeanDefinitionParser {
 			passwordParameter = elt.getAttribute(ATT_PASSWORD_PARAMETER);
 		}
 
-		filterBean = createFilterBean(loginUrl, defaultTargetUrl, alwaysUseDefault,
-				loginPage, authenticationFailureUrl, successHandlerRef,
-				failureHandlerRef, authDetailsSourceRef, authenticationFailureForwardUrl, authenticationSuccessForwardUrl);
+		filterBean = createFilterBean(loginUrl, defaultTargetUrl, alwaysUseDefault, loginPage, authenticationFailureUrl,
+				successHandlerRef, failureHandlerRef, authDetailsSourceRef, authenticationFailureForwardUrl,
+				authenticationSuccessForwardUrl);
 
 		if (StringUtils.hasText(usernameParameter)) {
-			filterBean.getPropertyValues().addPropertyValue("usernameParameter",
-					usernameParameter);
+			filterBean.getPropertyValues().addPropertyValue("usernameParameter", usernameParameter);
 		}
 		if (StringUtils.hasText(passwordParameter)) {
-			filterBean.getPropertyValues().addPropertyValue("passwordParameter",
-					passwordParameter);
+			filterBean.getPropertyValues().addPropertyValue("passwordParameter", passwordParameter);
 		}
 
 		filterBean.setSource(source);
@@ -147,8 +162,7 @@ public class FormLoginBeanDefinitionParser {
 		BeanDefinitionBuilder entryPointBuilder = BeanDefinitionBuilder
 				.rootBeanDefinition(LoginUrlAuthenticationEntryPoint.class);
 		entryPointBuilder.getRawBeanDefinition().setSource(source);
-		entryPointBuilder.addConstructorArgValue(loginPage != null ? loginPage
-				: DEF_LOGIN_PAGE);
+		entryPointBuilder.addConstructorArgValue(loginPage != null ? loginPage : DEF_LOGIN_PAGE);
 		entryPointBuilder.addPropertyValue("portMapper", portMapper);
 		entryPointBuilder.addPropertyValue("portResolver", portResolver);
 		entryPointBean = (RootBeanDefinition) entryPointBuilder.getBeanDefinition();
@@ -156,13 +170,12 @@ public class FormLoginBeanDefinitionParser {
 		return null;
 	}
 
-	private RootBeanDefinition createFilterBean(String loginUrl, String defaultTargetUrl,
-			String alwaysUseDefault, String loginPage, String authenticationFailureUrl,
-			String successHandlerRef, String failureHandlerRef,
-			String authDetailsSourceRef, String authenticationFailureForwardUrl, String authenticationSuccessForwardUrl) {
+	private RootBeanDefinition createFilterBean(String loginUrl, String defaultTargetUrl, String alwaysUseDefault,
+			String loginPage, String authenticationFailureUrl, String successHandlerRef, String failureHandlerRef,
+			String authDetailsSourceRef, String authenticationFailureForwardUrl,
+			String authenticationSuccessForwardUrl) {
 
-		BeanDefinitionBuilder filterBuilder = BeanDefinitionBuilder
-				.rootBeanDefinition(filterClassName);
+		BeanDefinitionBuilder filterBuilder = BeanDefinitionBuilder.rootBeanDefinition(filterClassName);
 
 		if (!StringUtils.hasText(loginUrl)) {
 			loginUrl = defaultLoginProcessingUrl;
@@ -177,51 +190,47 @@ public class FormLoginBeanDefinitionParser {
 			matcherBuilder.addConstructorArgValue("POST");
 		}
 
-		filterBuilder.addPropertyValue("requiresAuthenticationRequestMatcher",
-				matcherBuilder.getBeanDefinition());
+		filterBuilder.addPropertyValue("requiresAuthenticationRequestMatcher", matcherBuilder.getBeanDefinition());
 
 		if (StringUtils.hasText(successHandlerRef)) {
-			filterBuilder.addPropertyReference("authenticationSuccessHandler",
-					successHandlerRef);
-		} else if (StringUtils.hasText(authenticationSuccessForwardUrl)) {
+			filterBuilder.addPropertyReference("authenticationSuccessHandler", successHandlerRef);
+		}
+		else if (StringUtils.hasText(authenticationSuccessForwardUrl)) {
 			BeanDefinitionBuilder forwardSuccessHandler = BeanDefinitionBuilder
 					.rootBeanDefinition(ForwardAuthenticationSuccessHandler.class);
 			forwardSuccessHandler.addConstructorArgValue(authenticationSuccessForwardUrl);
 			filterBuilder.addPropertyValue("authenticationSuccessHandler", forwardSuccessHandler.getBeanDefinition());
-		} else {
+		}
+		else {
 			BeanDefinitionBuilder successHandler = BeanDefinitionBuilder
 					.rootBeanDefinition(SavedRequestAwareAuthenticationSuccessHandler.class);
 			if ("true".equals(alwaysUseDefault)) {
-				successHandler
-						.addPropertyValue("alwaysUseDefaultTargetUrl", Boolean.TRUE);
+				successHandler.addPropertyValue("alwaysUseDefaultTargetUrl", Boolean.TRUE);
 			}
 			successHandler.addPropertyValue("requestCache", requestCache);
-			successHandler.addPropertyValue("defaultTargetUrl", StringUtils
-					.hasText(defaultTargetUrl) ? defaultTargetUrl
-					: DEF_FORM_LOGIN_TARGET_URL);
-			filterBuilder.addPropertyValue("authenticationSuccessHandler",
-					successHandler.getBeanDefinition());
+			successHandler.addPropertyValue("defaultTargetUrl",
+					StringUtils.hasText(defaultTargetUrl) ? defaultTargetUrl : DEF_FORM_LOGIN_TARGET_URL);
+			filterBuilder.addPropertyValue("authenticationSuccessHandler", successHandler.getBeanDefinition());
 		}
 
 		if (StringUtils.hasText(authDetailsSourceRef)) {
-			filterBuilder.addPropertyReference("authenticationDetailsSource",
-					authDetailsSourceRef);
+			filterBuilder.addPropertyReference("authenticationDetailsSource", authDetailsSourceRef);
 		}
 
 		if (sessionStrategy != null) {
-			filterBuilder.addPropertyValue("sessionAuthenticationStrategy",
-					sessionStrategy);
+			filterBuilder.addPropertyValue("sessionAuthenticationStrategy", sessionStrategy);
 		}
 
 		if (StringUtils.hasText(failureHandlerRef)) {
-			filterBuilder.addPropertyReference("authenticationFailureHandler",
-					failureHandlerRef);
-		} else if (StringUtils.hasText(authenticationFailureForwardUrl)) {
+			filterBuilder.addPropertyReference("authenticationFailureHandler", failureHandlerRef);
+		}
+		else if (StringUtils.hasText(authenticationFailureForwardUrl)) {
 			BeanDefinitionBuilder forwardFailureHandler = BeanDefinitionBuilder
 					.rootBeanDefinition(ForwardAuthenticationFailureHandler.class);
 			forwardFailureHandler.addConstructorArgValue(authenticationFailureForwardUrl);
 			filterBuilder.addPropertyValue("authenticationFailureHandler", forwardFailureHandler.getBeanDefinition());
-		} else {
+		}
+		else {
 			BeanDefinitionBuilder failureHandler = BeanDefinitionBuilder
 					.rootBeanDefinition(SimpleUrlAuthenticationFailureHandler.class);
 			if (!StringUtils.hasText(authenticationFailureUrl)) {
@@ -233,11 +242,9 @@ public class FormLoginBeanDefinitionParser {
 					authenticationFailureUrl = DEF_FORM_LOGIN_AUTHENTICATION_FAILURE_URL;
 				}
 			}
-			failureHandler
-					.addPropertyValue("defaultFailureUrl", authenticationFailureUrl);
+			failureHandler.addPropertyValue("defaultFailureUrl", authenticationFailureUrl);
 			failureHandler.addPropertyValue("allowSessionCreation", allowSessionCreation);
-			filterBuilder.addPropertyValue("authenticationFailureHandler",
-					failureHandler.getBeanDefinition());
+			filterBuilder.addPropertyValue("authenticationFailureHandler", failureHandler.getBeanDefinition());
 		}
 
 		return (RootBeanDefinition) filterBuilder.getBeanDefinition();
@@ -258,4 +265,5 @@ public class FormLoginBeanDefinitionParser {
 	String getLoginProcessingUrl() {
 		return loginProcessingUrl;
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/http/GrantedAuthorityDefaultsParserUtils.java b/config/src/main/java/org/springframework/security/config/http/GrantedAuthorityDefaultsParserUtils.java
index 39f1ae1e00..625b4a8c1f 100644
--- a/config/src/main/java/org/springframework/security/config/http/GrantedAuthorityDefaultsParserUtils.java
+++ b/config/src/main/java/org/springframework/security/config/http/GrantedAuthorityDefaultsParserUtils.java
@@ -29,8 +29,8 @@ import org.springframework.security.config.core.GrantedAuthorityDefaults;
  */
 class GrantedAuthorityDefaultsParserUtils {
 
-
-	static RootBeanDefinition registerWithDefaultRolePrefix(ParserContext pc, Class<? extends AbstractGrantedAuthorityDefaultsBeanFactory> beanFactoryClass) {
+	static RootBeanDefinition registerWithDefaultRolePrefix(ParserContext pc,
+			Class<? extends AbstractGrantedAuthorityDefaultsBeanFactory> beanFactoryClass) {
 		RootBeanDefinition beanFactoryDefinition = new RootBeanDefinition(beanFactoryClass);
 		String beanFactoryRef = pc.getReaderContext().generateBeanName(beanFactoryDefinition);
 		pc.getRegistry().registerBeanDefinition(beanFactoryRef, beanFactoryDefinition);
@@ -42,20 +42,25 @@ class GrantedAuthorityDefaultsParserUtils {
 	}
 
 	static abstract class AbstractGrantedAuthorityDefaultsBeanFactory implements ApplicationContextAware {
+
 		protected String rolePrefix = "ROLE_";
 
 		@Override
-		public final void setApplicationContext(ApplicationContext applicationContext)
-				throws BeansException {
-			String[] grantedAuthorityDefaultsBeanNames = applicationContext.getBeanNamesForType(GrantedAuthorityDefaults.class);
+		public final void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
+			String[] grantedAuthorityDefaultsBeanNames = applicationContext
+					.getBeanNamesForType(GrantedAuthorityDefaults.class);
 			if (grantedAuthorityDefaultsBeanNames.length == 1) {
-				GrantedAuthorityDefaults grantedAuthorityDefaults = applicationContext.getBean(grantedAuthorityDefaultsBeanNames[0], GrantedAuthorityDefaults.class);
+				GrantedAuthorityDefaults grantedAuthorityDefaults = applicationContext
+						.getBean(grantedAuthorityDefaultsBeanNames[0], GrantedAuthorityDefaults.class);
 				this.rolePrefix = grantedAuthorityDefaults.getRolePrefix();
 			}
 		}
 
 		abstract Object getBean();
+
+	}
+
+	private GrantedAuthorityDefaultsParserUtils() {
 	}
 
-	private GrantedAuthorityDefaultsParserUtils() {}
 }
diff --git a/config/src/main/java/org/springframework/security/config/http/HandlerMappingIntrospectorFactoryBean.java b/config/src/main/java/org/springframework/security/config/http/HandlerMappingIntrospectorFactoryBean.java
index 3518bf8d0b..d8f6a3c98c 100644
--- a/config/src/main/java/org/springframework/security/config/http/HandlerMappingIntrospectorFactoryBean.java
+++ b/config/src/main/java/org/springframework/security/config/http/HandlerMappingIntrospectorFactoryBean.java
@@ -31,15 +31,18 @@ import org.springframework.web.servlet.handler.HandlerMappingIntrospector;
  * @author Rob Winch
  * @since 4.1.1
  */
-class HandlerMappingIntrospectorFactoryBean implements FactoryBean<HandlerMappingIntrospector>, ApplicationContextAware {
+class HandlerMappingIntrospectorFactoryBean
+		implements FactoryBean<HandlerMappingIntrospector>, ApplicationContextAware {
+
 	private static final String HANDLER_MAPPING_INTROSPECTOR_BEAN_NAME = "mvcHandlerMappingIntrospector";
 
 	private ApplicationContext context;
 
 	public HandlerMappingIntrospector getObject() {
 		if (!this.context.containsBean(HANDLER_MAPPING_INTROSPECTOR_BEAN_NAME)) {
-			throw new NoSuchBeanDefinitionException(HANDLER_MAPPING_INTROSPECTOR_BEAN_NAME, "A Bean named " + HANDLER_MAPPING_INTROSPECTOR_BEAN_NAME +" of type " + HandlerMappingIntrospector.class.getName()
-				+ " is required to use MvcRequestMatcher. Please ensure Spring Security & Spring MVC are configured in a shared ApplicationContext.");
+			throw new NoSuchBeanDefinitionException(HANDLER_MAPPING_INTROSPECTOR_BEAN_NAME, "A Bean named "
+					+ HANDLER_MAPPING_INTROSPECTOR_BEAN_NAME + " of type " + HandlerMappingIntrospector.class.getName()
+					+ " is required to use MvcRequestMatcher. Please ensure Spring Security & Spring MVC are configured in a shared ApplicationContext.");
 		}
 		return this.context.getBean(HANDLER_MAPPING_INTROSPECTOR_BEAN_NAME, HandlerMappingIntrospector.class);
 	}
@@ -57,8 +60,7 @@ class HandlerMappingIntrospectorFactoryBean implements FactoryBean<HandlerMappin
 	 * springframework.context.ApplicationContext)
 	 */
 	@Override
-	public void setApplicationContext(ApplicationContext applicationContext)
-			throws BeansException {
+	public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
 		this.context = applicationContext;
 	}
 
diff --git a/config/src/main/java/org/springframework/security/config/http/HeadersBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/HeadersBeanDefinitionParser.java
index 9583d85bd8..b7b55e9f33 100644
--- a/config/src/main/java/org/springframework/security/config/http/HeadersBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/HeadersBeanDefinitionParser.java
@@ -53,42 +53,61 @@ import org.w3c.dom.Node;
  * @since 3.2
  */
 public class HeadersBeanDefinitionParser implements BeanDefinitionParser {
+
 	private static final String ATT_DISABLED = "disabled";
 
 	private static final String ATT_ENABLED = "enabled";
+
 	private static final String ATT_BLOCK = "block";
 
 	private static final String ATT_POLICY = "policy";
+
 	private static final String ATT_STRATEGY = "strategy";
+
 	private static final String ATT_FROM_PARAMETER = "from-parameter";
 
 	private static final String ATT_NAME = "name";
+
 	private static final String ATT_VALUE = "value";
+
 	private static final String ATT_REF = "ref";
 
 	private static final String ATT_INCLUDE_SUBDOMAINS = "include-subdomains";
+
 	private static final String ATT_MAX_AGE_SECONDS = "max-age-seconds";
+
 	private static final String ATT_REQUEST_MATCHER_REF = "request-matcher-ref";
+
 	private static final String ATT_PRELOAD = "preload";
+
 	private static final String ATT_REPORT_ONLY = "report-only";
+
 	private static final String ATT_REPORT_URI = "report-uri";
+
 	private static final String ATT_ALGORITHM = "algorithm";
+
 	private static final String ATT_POLICY_DIRECTIVES = "policy-directives";
 
 	private static final String CACHE_CONTROL_ELEMENT = "cache-control";
 
 	private static final String HPKP_ELEMENT = "hpkp";
+
 	private static final String PINS_ELEMENT = "pins";
 
 	private static final String HSTS_ELEMENT = "hsts";
 
 	private static final String XSS_ELEMENT = "xss-protection";
+
 	private static final String CONTENT_TYPE_ELEMENT = "content-type-options";
+
 	private static final String FRAME_OPTIONS_ELEMENT = "frame-options";
+
 	private static final String GENERIC_HEADER_ELEMENT = "header";
 
 	private static final String CONTENT_SECURITY_POLICY_ELEMENT = "content-security-policy";
+
 	private static final String REFERRER_POLICY_ELEMENT = "referrer-policy";
+
 	private static final String FEATURE_POLICY_ELEMENT = "feature-policy";
 
 	private static final String ALLOW_FROM = "ALLOW-FROM";
@@ -98,11 +117,9 @@ public class HeadersBeanDefinitionParser implements BeanDefinitionParser {
 	public BeanDefinition parse(Element element, ParserContext parserContext) {
 
 		headerWriters = new ManagedList<>();
-		BeanDefinitionBuilder builder = BeanDefinitionBuilder
-				.rootBeanDefinition(HeaderWriterFilter.class);
+		BeanDefinitionBuilder builder = BeanDefinitionBuilder.rootBeanDefinition(HeaderWriterFilter.class);
 
-		boolean disabled = element != null
-				&& "true".equals(resolveAttribute(parserContext, element, "disabled"));
+		boolean disabled = element != null && "true".equals(resolveAttribute(parserContext, element, "disabled"));
 		boolean defaultsDisabled = element != null
 				&& "true".equals(resolveAttribute(parserContext, element, "defaults-disabled"));
 
@@ -126,11 +143,10 @@ public class HeadersBeanDefinitionParser implements BeanDefinitionParser {
 
 		boolean noWriters = headerWriters.isEmpty();
 		if (disabled && !noWriters) {
-			parserContext
-				.getReaderContext()
-				.error("Cannot specify <headers disabled=\"true\"> with child elements.",
-						element);
-		} else if (noWriters) {
+			parserContext.getReaderContext().error("Cannot specify <headers disabled=\"true\"> with child elements.",
+					element);
+		}
+		else if (noWriters) {
 			return null;
 		}
 
@@ -141,7 +157,6 @@ public class HeadersBeanDefinitionParser implements BeanDefinitionParser {
 	/**
 	 *
 	 * Resolve the placeholder for a given attribute on a element.
-	 *
 	 * @param pc
 	 * @param element
 	 * @param attributeName
@@ -152,10 +167,9 @@ public class HeadersBeanDefinitionParser implements BeanDefinitionParser {
 	}
 
 	private void parseCacheControlElement(boolean addIfNotPresent, Element element) {
-		Element cacheControlElement = element == null ? null : DomUtils
-				.getChildElementByTagName(element, CACHE_CONTROL_ELEMENT);
-		boolean disabled = "true".equals(getAttribute(cacheControlElement, ATT_DISABLED,
-				"false"));
+		Element cacheControlElement = element == null ? null
+				: DomUtils.getChildElementByTagName(element, CACHE_CONTROL_ELEMENT);
+		boolean disabled = "true".equals(getAttribute(cacheControlElement, ATT_DISABLED, "false"));
 		if (disabled) {
 			return;
 		}
@@ -170,51 +184,42 @@ public class HeadersBeanDefinitionParser implements BeanDefinitionParser {
 		headerWriters.add(headersWriter.getBeanDefinition());
 	}
 
-	private void parseHstsElement(boolean addIfNotPresent, Element element,
-			ParserContext context) {
-		Element hstsElement = element == null ? null : DomUtils.getChildElementByTagName(
-				element, HSTS_ELEMENT);
+	private void parseHstsElement(boolean addIfNotPresent, Element element, ParserContext context) {
+		Element hstsElement = element == null ? null : DomUtils.getChildElementByTagName(element, HSTS_ELEMENT);
 		if (addIfNotPresent || hstsElement != null) {
 			addHsts(addIfNotPresent, hstsElement, context);
 		}
 	}
 
-	private void addHsts(boolean addIfNotPresent, Element hstsElement,
-			ParserContext context) {
-		BeanDefinitionBuilder headersWriter = BeanDefinitionBuilder
-				.genericBeanDefinition(HstsHeaderWriter.class);
+	private void addHsts(boolean addIfNotPresent, Element hstsElement, ParserContext context) {
+		BeanDefinitionBuilder headersWriter = BeanDefinitionBuilder.genericBeanDefinition(HstsHeaderWriter.class);
 		if (hstsElement != null) {
-			boolean disabled = "true".equals(getAttribute(hstsElement, ATT_DISABLED,
-					"false"));
+			boolean disabled = "true".equals(getAttribute(hstsElement, ATT_DISABLED, "false"));
 			String includeSubDomains = hstsElement.getAttribute(ATT_INCLUDE_SUBDOMAINS);
 			if (StringUtils.hasText(includeSubDomains)) {
 				if (disabled) {
-					attrNotAllowed(context, ATT_INCLUDE_SUBDOMAINS, ATT_DISABLED,
-							hstsElement);
+					attrNotAllowed(context, ATT_INCLUDE_SUBDOMAINS, ATT_DISABLED, hstsElement);
 				}
 				headersWriter.addPropertyValue("includeSubDomains", includeSubDomains);
 			}
 			String maxAgeSeconds = hstsElement.getAttribute(ATT_MAX_AGE_SECONDS);
 			if (StringUtils.hasText(maxAgeSeconds)) {
 				if (disabled) {
-					attrNotAllowed(context, ATT_MAX_AGE_SECONDS, ATT_DISABLED,
-							hstsElement);
+					attrNotAllowed(context, ATT_MAX_AGE_SECONDS, ATT_DISABLED, hstsElement);
 				}
 				headersWriter.addPropertyValue("maxAgeInSeconds", maxAgeSeconds);
 			}
 			String requestMatcherRef = hstsElement.getAttribute(ATT_REQUEST_MATCHER_REF);
 			if (StringUtils.hasText(requestMatcherRef)) {
 				if (disabled) {
-					attrNotAllowed(context, ATT_REQUEST_MATCHER_REF, ATT_DISABLED,
-							hstsElement);
+					attrNotAllowed(context, ATT_REQUEST_MATCHER_REF, ATT_DISABLED, hstsElement);
 				}
 				headersWriter.addPropertyReference("requestMatcher", requestMatcherRef);
 			}
 			String preload = hstsElement.getAttribute(ATT_PRELOAD);
 			if (StringUtils.hasText(preload)) {
 				if (disabled) {
-					attrNotAllowed(context, ATT_PRELOAD, ATT_DISABLED,
-							hstsElement);
+					attrNotAllowed(context, ATT_PRELOAD, ATT_DISABLED, hstsElement);
 				}
 				headersWriter.addPropertyValue("preload", preload);
 			}
@@ -298,8 +303,8 @@ public class HeadersBeanDefinitionParser implements BeanDefinitionParser {
 	}
 
 	private void parseContentSecurityPolicyElement(boolean elementDisabled, Element element, ParserContext context) {
-		Element contentSecurityPolicyElement = (elementDisabled || element == null) ? null : DomUtils.getChildElementByTagName(
-				element, CONTENT_SECURITY_POLICY_ELEMENT);
+		Element contentSecurityPolicyElement = (elementDisabled || element == null) ? null
+				: DomUtils.getChildElementByTagName(element, CONTENT_SECURITY_POLICY_ELEMENT);
 		if (contentSecurityPolicyElement != null) {
 			addContentSecurityPolicy(contentSecurityPolicyElement, context);
 		}
@@ -311,9 +316,10 @@ public class HeadersBeanDefinitionParser implements BeanDefinitionParser {
 
 		String policyDirectives = contentSecurityPolicyElement.getAttribute(ATT_POLICY_DIRECTIVES);
 		if (!StringUtils.hasText(policyDirectives)) {
-			context.getReaderContext().error(
-					ATT_POLICY_DIRECTIVES + " requires a 'value' to be set.", contentSecurityPolicyElement);
-		} else {
+			context.getReaderContext().error(ATT_POLICY_DIRECTIVES + " requires a 'value' to be set.",
+					contentSecurityPolicyElement);
+		}
+		else {
 			headersWriter.addConstructorArgValue(policyDirectives);
 		}
 
@@ -326,14 +332,16 @@ public class HeadersBeanDefinitionParser implements BeanDefinitionParser {
 	}
 
 	private void parseReferrerPolicyElement(Element element, ParserContext context) {
-		Element referrerPolicyElement = (element == null) ? null : DomUtils.getChildElementByTagName(element, REFERRER_POLICY_ELEMENT);
+		Element referrerPolicyElement = (element == null) ? null
+				: DomUtils.getChildElementByTagName(element, REFERRER_POLICY_ELEMENT);
 		if (referrerPolicyElement != null) {
 			addReferrerPolicy(referrerPolicyElement, context);
 		}
 	}
 
 	private void addReferrerPolicy(Element referrerPolicyElement, ParserContext context) {
-		BeanDefinitionBuilder headersWriter = BeanDefinitionBuilder.genericBeanDefinition(ReferrerPolicyHeaderWriter.class);
+		BeanDefinitionBuilder headersWriter = BeanDefinitionBuilder
+				.genericBeanDefinition(ReferrerPolicyHeaderWriter.class);
 
 		String policy = referrerPolicyElement.getAttribute(ATT_POLICY);
 		if (StringUtils.hasLength(policy)) {
@@ -354,11 +362,9 @@ public class HeadersBeanDefinitionParser implements BeanDefinitionParser {
 		BeanDefinitionBuilder headersWriter = BeanDefinitionBuilder
 				.genericBeanDefinition(FeaturePolicyHeaderWriter.class);
 
-		String policyDirectives = featurePolicyElement
-				.getAttribute(ATT_POLICY_DIRECTIVES);
+		String policyDirectives = featurePolicyElement.getAttribute(ATT_POLICY_DIRECTIVES);
 		if (!StringUtils.hasText(policyDirectives)) {
-			context.getReaderContext().error(
-					ATT_POLICY_DIRECTIVES + " requires a 'value' to be set.",
+			context.getReaderContext().error(ATT_POLICY_DIRECTIVES + " requires a 'value' to be set.",
 					featurePolicyElement);
 		}
 		else {
@@ -368,15 +374,13 @@ public class HeadersBeanDefinitionParser implements BeanDefinitionParser {
 		headerWriters.add(headersWriter.getBeanDefinition());
 	}
 
-	private void attrNotAllowed(ParserContext context, String attrName,
-			String otherAttrName, Element element) {
-		context.getReaderContext().error(
-				"Only one of '" + attrName + "' or '" + otherAttrName + "' can be set.",
+	private void attrNotAllowed(ParserContext context, String attrName, String otherAttrName, Element element) {
+		context.getReaderContext().error("Only one of '" + attrName + "' or '" + otherAttrName + "' can be set.",
 				element);
 	}
 
 	private void parseHeaderElements(Element element) {
-		List<Element> headerElts = element == null ? Collections.<Element> emptyList()
+		List<Element> headerElts = element == null ? Collections.<Element>emptyList()
 				: DomUtils.getChildElementsByTagName(element, GENERIC_HEADER_ELEMENT);
 		for (Element headerElt : headerElts) {
 			String headerFactoryRef = headerElt.getAttribute(ATT_REF);
@@ -384,8 +388,7 @@ public class HeadersBeanDefinitionParser implements BeanDefinitionParser {
 				headerWriters.add(new RuntimeBeanReference(headerFactoryRef));
 			}
 			else {
-				BeanDefinitionBuilder builder = BeanDefinitionBuilder
-						.genericBeanDefinition(StaticHeadersWriter.class);
+				BeanDefinitionBuilder builder = BeanDefinitionBuilder.genericBeanDefinition(StaticHeadersWriter.class);
 				builder.addConstructorArgValue(headerElt.getAttribute(ATT_NAME));
 				builder.addConstructorArgValue(headerElt.getAttribute(ATT_VALUE));
 				headerWriters.add(builder.getBeanDefinition());
@@ -394,10 +397,9 @@ public class HeadersBeanDefinitionParser implements BeanDefinitionParser {
 	}
 
 	private void parseContentTypeOptionsElement(boolean addIfNotPresent, Element element) {
-		Element contentTypeElt = element == null ? null : DomUtils
-				.getChildElementByTagName(element, CONTENT_TYPE_ELEMENT);
-		boolean disabled = "true".equals(getAttribute(contentTypeElt, ATT_DISABLED,
-				"false"));
+		Element contentTypeElt = element == null ? null
+				: DomUtils.getChildElementByTagName(element, CONTENT_TYPE_ELEMENT);
+		boolean disabled = "true".equals(getAttribute(contentTypeElt, ATT_DISABLED, "false"));
 		if (disabled) {
 			return;
 		}
@@ -412,17 +414,13 @@ public class HeadersBeanDefinitionParser implements BeanDefinitionParser {
 		headerWriters.add(builder.getBeanDefinition());
 	}
 
-	private void parseFrameOptionsElement(boolean addIfNotPresent, Element element,
-			ParserContext parserContext) {
-		BeanDefinitionBuilder builder = BeanDefinitionBuilder
-				.genericBeanDefinition(XFrameOptionsHeaderWriter.class);
+	private void parseFrameOptionsElement(boolean addIfNotPresent, Element element, ParserContext parserContext) {
+		BeanDefinitionBuilder builder = BeanDefinitionBuilder.genericBeanDefinition(XFrameOptionsHeaderWriter.class);
 
-		Element frameElt = element == null ? null : DomUtils.getChildElementByTagName(
-				element, FRAME_OPTIONS_ELEMENT);
+		Element frameElt = element == null ? null : DomUtils.getChildElementByTagName(element, FRAME_OPTIONS_ELEMENT);
 		if (frameElt != null) {
 			String header = getAttribute(frameElt, ATT_POLICY, null);
-			boolean disabled = "true"
-					.equals(getAttribute(frameElt, ATT_DISABLED, "false"));
+			boolean disabled = "true".equals(getAttribute(frameElt, ATT_DISABLED, "false"));
 
 			if (disabled && header != null) {
 				this.attrNotAllowed(parserContext, ATT_DISABLED, ATT_POLICY, frameElt);
@@ -436,8 +434,7 @@ public class HeadersBeanDefinitionParser implements BeanDefinitionParser {
 				String strategy = getAttribute(frameElt, ATT_STRATEGY, null);
 
 				if (StringUtils.hasText(strategy) && StringUtils.hasText(strategyRef)) {
-					parserContext.getReaderContext().error(
-							"Only one of 'strategy' or 'strategy-ref' can be set.",
+					parserContext.getReaderContext().error("Only one of 'strategy' or 'strategy-ref' can be set.",
 							frameElt);
 				}
 				else if (strategyRef != null) {
@@ -446,18 +443,15 @@ public class HeadersBeanDefinitionParser implements BeanDefinitionParser {
 				else if (strategy != null) {
 					String value = getAttribute(frameElt, ATT_VALUE, null);
 					if (!StringUtils.hasText(value)) {
-						parserContext.getReaderContext().error(
-								"Strategy requires a 'value' to be set.", frameElt);
+						parserContext.getReaderContext().error("Strategy requires a 'value' to be set.", frameElt);
 					}
 					// static, whitelist, regexp
 					if ("static".equals(strategy)) {
 						try {
-							builder.addConstructorArgValue(new StaticAllowFromStrategy(
-									new URI(value)));
+							builder.addConstructorArgValue(new StaticAllowFromStrategy(new URI(value)));
 						}
 						catch (URISyntaxException e) {
-							parserContext.getReaderContext().error(
-									"'value' attribute doesn't represent a valid URI.",
+							parserContext.getReaderContext().error("'value' attribute doesn't represent a valid URI.",
 									frameElt, e);
 						}
 					}
@@ -466,26 +460,20 @@ public class HeadersBeanDefinitionParser implements BeanDefinitionParser {
 						if ("whitelist".equals(strategy)) {
 							allowFromStrategy = BeanDefinitionBuilder
 									.rootBeanDefinition(WhiteListedAllowFromStrategy.class);
-							allowFromStrategy.addConstructorArgValue(StringUtils
-									.commaDelimitedListToSet(value));
+							allowFromStrategy.addConstructorArgValue(StringUtils.commaDelimitedListToSet(value));
 						}
 						else {
-							allowFromStrategy = BeanDefinitionBuilder
-									.rootBeanDefinition(RegExpAllowFromStrategy.class);
+							allowFromStrategy = BeanDefinitionBuilder.rootBeanDefinition(RegExpAllowFromStrategy.class);
 							allowFromStrategy.addConstructorArgValue(value);
 						}
-						String fromParameter = getAttribute(frameElt, ATT_FROM_PARAMETER,
-								"from");
-						allowFromStrategy.addPropertyValue("allowFromParameterName",
-								fromParameter);
-						builder.addConstructorArgValue(allowFromStrategy
-								.getBeanDefinition());
+						String fromParameter = getAttribute(frameElt, ATT_FROM_PARAMETER, "from");
+						allowFromStrategy.addPropertyValue("allowFromParameterName", fromParameter);
+						builder.addConstructorArgValue(allowFromStrategy.getBeanDefinition());
 					}
 				}
 				else {
-					parserContext.getReaderContext()
-							.error("One of 'strategy' and 'strategy-ref' must be set.",
-									frameElt);
+					parserContext.getReaderContext().error("One of 'strategy' and 'strategy-ref' must be set.",
+							frameElt);
 				}
 			}
 			else {
@@ -502,12 +490,9 @@ public class HeadersBeanDefinitionParser implements BeanDefinitionParser {
 		}
 	}
 
-	private void parseXssElement(boolean addIfNotPresent, Element element,
-			ParserContext parserContext) {
-		Element xssElt = element == null ? null : DomUtils.getChildElementByTagName(
-				element, XSS_ELEMENT);
-		BeanDefinitionBuilder builder = BeanDefinitionBuilder
-				.genericBeanDefinition(XXssProtectionHeaderWriter.class);
+	private void parseXssElement(boolean addIfNotPresent, Element element, ParserContext parserContext) {
+		Element xssElt = element == null ? null : DomUtils.getChildElementByTagName(element, XSS_ELEMENT);
+		BeanDefinitionBuilder builder = BeanDefinitionBuilder.genericBeanDefinition(XXssProtectionHeaderWriter.class);
 		if (xssElt != null) {
 			boolean disabled = "true".equals(getAttribute(xssElt, ATT_DISABLED, "false"));
 
@@ -548,4 +533,5 @@ public class HeadersBeanDefinitionParser implements BeanDefinitionParser {
 			return defaultValue;
 		}
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/http/HttpConfigurationBuilder.java b/config/src/main/java/org/springframework/security/config/http/HttpConfigurationBuilder.java
index 2711ebdb9f..c6b14f77cf 100644
--- a/config/src/main/java/org/springframework/security/config/http/HttpConfigurationBuilder.java
+++ b/config/src/main/java/org/springframework/security/config/http/HttpConfigurationBuilder.java
@@ -101,68 +101,100 @@ import static org.springframework.security.config.http.SecurityFilters.WEB_ASYNC
  * @since 3.0
  */
 class HttpConfigurationBuilder {
+
 	private static final String ATT_CREATE_SESSION = "create-session";
 
 	private static final String ATT_SESSION_FIXATION_PROTECTION = "session-fixation-protection";
+
 	private static final String OPT_SESSION_FIXATION_NO_PROTECTION = "none";
+
 	private static final String OPT_SESSION_FIXATION_MIGRATE_SESSION = "migrateSession";
+
 	private static final String OPT_CHANGE_SESSION_ID = "changeSessionId";
 
 	private static final String ATT_INVALID_SESSION_URL = "invalid-session-url";
+
 	private static final String ATT_SESSION_AUTH_STRATEGY_REF = "session-authentication-strategy-ref";
+
 	private static final String ATT_SESSION_AUTH_ERROR_URL = "session-authentication-error-url";
+
 	private static final String ATT_SECURITY_CONTEXT_REPOSITORY = "security-context-repository-ref";
+
 	private static final String ATT_INVALID_SESSION_STRATEGY_REF = "invalid-session-strategy-ref";
+
 	private static final String ATT_DISABLE_URL_REWRITING = "disable-url-rewriting";
 
 	private static final String ATT_ACCESS_MGR = "access-decision-manager-ref";
+
 	private static final String ATT_ONCE_PER_REQUEST = "once-per-request";
 
 	private static final String ATT_REF = "ref";
 
 	private final Element httpElt;
+
 	private final ParserContext pc;
+
 	private final SessionCreationPolicy sessionPolicy;
+
 	private final List<Element> interceptUrls;
+
 	private final MatcherType matcherType;
 
 	private BeanDefinition cpf;
+
 	private BeanDefinition securityContextPersistenceFilter;
+
 	private BeanReference contextRepoRef;
+
 	private BeanReference sessionRegistryRef;
+
 	private BeanDefinition concurrentSessionFilter;
+
 	private BeanDefinition webAsyncManagerFilter;
+
 	private BeanDefinition requestCacheAwareFilter;
+
 	private BeanReference sessionStrategyRef;
+
 	private RootBeanDefinition sfpf;
+
 	private BeanDefinition servApiFilter;
+
 	private BeanDefinition jaasApiFilter;
+
 	private final BeanReference portMapper;
+
 	private final BeanReference portResolver;
+
 	private BeanReference fsi;
+
 	private BeanReference requestCache;
+
 	private BeanDefinition addHeadersFilter;
+
 	private BeanMetadataElement corsFilter;
+
 	private BeanDefinition csrfFilter;
+
 	private BeanMetadataElement csrfLogoutHandler;
+
 	private BeanMetadataElement csrfAuthStrategy;
 
 	private CsrfBeanDefinitionParser csrfParser;
 
 	private BeanDefinition invalidSession;
+
 	private boolean addAllAuth;
 
-	HttpConfigurationBuilder(Element element, boolean addAllAuth,
-			ParserContext pc, BeanReference portMapper, BeanReference portResolver,
-			BeanReference authenticationManager) {
+	HttpConfigurationBuilder(Element element, boolean addAllAuth, ParserContext pc, BeanReference portMapper,
+			BeanReference portResolver, BeanReference authenticationManager) {
 		this.httpElt = element;
 		this.addAllAuth = addAllAuth;
 		this.pc = pc;
 		this.portMapper = portMapper;
 		this.portResolver = portResolver;
 		this.matcherType = MatcherType.fromElement(element);
-		interceptUrls = DomUtils.getChildElementsByTagName(element,
-				Elements.INTERCEPT_URL);
+		interceptUrls = DomUtils.getChildElementsByTagName(element, Elements.INTERCEPT_URL);
 
 		for (Element urlElt : interceptUrls) {
 			if (StringUtils.hasText(urlElt.getAttribute(ATT_FILTERS))) {
@@ -209,16 +241,15 @@ class HttpConfigurationBuilder {
 			return SessionCreationPolicy.STATELESS;
 		}
 
-		throw new IllegalStateException("Cannot convert " + createSession + " to "
-				+ SessionCreationPolicy.class.getName());
+		throw new IllegalStateException(
+				"Cannot convert " + createSession + " to " + SessionCreationPolicy.class.getName());
 	}
 
 	@SuppressWarnings("rawtypes")
 	void setLogoutHandlers(ManagedList logoutHandlers) {
 		if (logoutHandlers != null) {
 			if (concurrentSessionFilter != null) {
-				concurrentSessionFilter.getPropertyValues().add("logoutHandlers",
-						logoutHandlers);
+				concurrentSessionFilter.getPropertyValues().add("logoutHandlers", logoutHandlers);
 			}
 			if (servApiFilter != null) {
 				servApiFilter.getPropertyValues().add("logoutHandlers", logoutHandlers);
@@ -250,8 +281,7 @@ class HttpConfigurationBuilder {
 	}
 
 	private void createSecurityContextPersistenceFilter() {
-		BeanDefinitionBuilder scpf = BeanDefinitionBuilder
-				.rootBeanDefinition(SecurityContextPersistenceFilter.class);
+		BeanDefinitionBuilder scpf = BeanDefinitionBuilder.rootBeanDefinition(SecurityContextPersistenceFilter.class);
 
 		String repoRef = httpElt.getAttribute(ATT_SECURITY_CONTEXT_REPOSITORY);
 		String disableUrlRewriting = httpElt.getAttribute(ATT_DISABLE_URL_REWRITING);
@@ -267,12 +297,10 @@ class HttpConfigurationBuilder {
 		else {
 			BeanDefinitionBuilder contextRepo;
 			if (sessionPolicy == SessionCreationPolicy.STATELESS) {
-				contextRepo = BeanDefinitionBuilder
-						.rootBeanDefinition(NullSecurityContextRepository.class);
+				contextRepo = BeanDefinitionBuilder.rootBeanDefinition(NullSecurityContextRepository.class);
 			}
 			else {
-				contextRepo = BeanDefinitionBuilder
-						.rootBeanDefinition(HttpSessionSecurityContextRepository.class);
+				contextRepo = BeanDefinitionBuilder.rootBeanDefinition(HttpSessionSecurityContextRepository.class);
 				switch (sessionPolicy) {
 				case ALWAYS:
 					contextRepo.addPropertyValue("allowSessionCreation", Boolean.TRUE);
@@ -304,8 +332,7 @@ class HttpConfigurationBuilder {
 	}
 
 	private void createSessionManagementFilters() {
-		Element sessionMgmtElt = DomUtils.getChildElementByTagName(httpElt,
-				Elements.SESSION_MANAGEMENT);
+		Element sessionMgmtElt = DomUtils.getChildElementByTagName(httpElt, Elements.SESSION_MANAGEMENT);
 		Element sessionCtrlElt = null;
 
 		String sessionFixationAttribute = null;
@@ -317,49 +344,42 @@ class HttpConfigurationBuilder {
 		boolean sessionControlEnabled = false;
 		if (sessionMgmtElt != null) {
 			if (sessionPolicy == SessionCreationPolicy.STATELESS) {
-				pc.getReaderContext().error(
-						Elements.SESSION_MANAGEMENT + "  cannot be used"
-								+ " in combination with " + ATT_CREATE_SESSION + "='"
-								+ SessionCreationPolicy.STATELESS + "'",
-						pc.extractSource(sessionMgmtElt));
+				pc.getReaderContext()
+						.error(Elements.SESSION_MANAGEMENT + "  cannot be used" + " in combination with "
+								+ ATT_CREATE_SESSION + "='" + SessionCreationPolicy.STATELESS + "'",
+								pc.extractSource(sessionMgmtElt));
 			}
-			sessionFixationAttribute = sessionMgmtElt
-					.getAttribute(ATT_SESSION_FIXATION_PROTECTION);
+			sessionFixationAttribute = sessionMgmtElt.getAttribute(ATT_SESSION_FIXATION_PROTECTION);
 			invalidSessionUrl = sessionMgmtElt.getAttribute(ATT_INVALID_SESSION_URL);
 			invalidSessionStrategyRef = sessionMgmtElt.getAttribute(ATT_INVALID_SESSION_STRATEGY_REF);
 
-			sessionAuthStratRef = sessionMgmtElt
-					.getAttribute(ATT_SESSION_AUTH_STRATEGY_REF);
+			sessionAuthStratRef = sessionMgmtElt.getAttribute(ATT_SESSION_AUTH_STRATEGY_REF);
 			errorUrl = sessionMgmtElt.getAttribute(ATT_SESSION_AUTH_ERROR_URL);
-			sessionCtrlElt = DomUtils.getChildElementByTagName(sessionMgmtElt,
-					Elements.CONCURRENT_SESSIONS);
+			sessionCtrlElt = DomUtils.getChildElementByTagName(sessionMgmtElt, Elements.CONCURRENT_SESSIONS);
 			sessionControlEnabled = sessionCtrlElt != null;
 
 			if (StringUtils.hasText(invalidSessionUrl) && StringUtils.hasText(invalidSessionStrategyRef)) {
-				pc.getReaderContext().error(ATT_INVALID_SESSION_URL + " attribute cannot be used in combination with" +
-						" the " + ATT_INVALID_SESSION_STRATEGY_REF + " attribute.", sessionMgmtElt);
+				pc.getReaderContext().error(ATT_INVALID_SESSION_URL + " attribute cannot be used in combination with"
+						+ " the " + ATT_INVALID_SESSION_STRATEGY_REF + " attribute.", sessionMgmtElt);
 			}
 
 			if (sessionControlEnabled) {
 				if (StringUtils.hasText(sessionAuthStratRef)) {
-					pc.getReaderContext().error(
-							ATT_SESSION_AUTH_STRATEGY_REF + " attribute cannot be used"
-									+ " in combination with <"
-									+ Elements.CONCURRENT_SESSIONS + ">",
-							pc.extractSource(sessionCtrlElt));
+					pc.getReaderContext()
+							.error(ATT_SESSION_AUTH_STRATEGY_REF + " attribute cannot be used"
+									+ " in combination with <" + Elements.CONCURRENT_SESSIONS + ">",
+									pc.extractSource(sessionCtrlElt));
 				}
 				createConcurrencyControlFilterAndSessionRegistry(sessionCtrlElt);
 			}
 		}
 
 		if (!StringUtils.hasText(sessionFixationAttribute)) {
-			sessionFixationAttribute =  OPT_CHANGE_SESSION_ID;
+			sessionFixationAttribute = OPT_CHANGE_SESSION_ID;
 		}
 		else if (StringUtils.hasText(sessionAuthStratRef)) {
-			pc.getReaderContext().error(
-					ATT_SESSION_FIXATION_PROTECTION + " attribute cannot be used"
-							+ " in combination with " + ATT_SESSION_AUTH_STRATEGY_REF,
-					pc.extractSource(sessionMgmtElt));
+			pc.getReaderContext().error(ATT_SESSION_FIXATION_PROTECTION + " attribute cannot be used"
+					+ " in combination with " + ATT_SESSION_AUTH_STRATEGY_REF, pc.extractSource(sessionMgmtElt));
 		}
 
 		if (sessionPolicy == SessionCreationPolicy.STATELESS) {
@@ -388,21 +408,17 @@ class HttpConfigurationBuilder {
 			String maxSessions = sessionCtrlElt.getAttribute("max-sessions");
 
 			if (StringUtils.hasText(maxSessions)) {
-				concurrentSessionStrategy
-						.addPropertyValue("maximumSessions", maxSessions);
+				concurrentSessionStrategy.addPropertyValue("maximumSessions", maxSessions);
 			}
 
-			String exceptionIfMaximumExceeded = sessionCtrlElt
-					.getAttribute("error-if-maximum-exceeded");
+			String exceptionIfMaximumExceeded = sessionCtrlElt.getAttribute("error-if-maximum-exceeded");
 
 			if (StringUtils.hasText(exceptionIfMaximumExceeded)) {
-				concurrentSessionStrategy.addPropertyValue("exceptionIfMaximumExceeded",
-						exceptionIfMaximumExceeded);
+				concurrentSessionStrategy.addPropertyValue("exceptionIfMaximumExceeded", exceptionIfMaximumExceeded);
 			}
 			delegateSessionStrategies.add(concurrentSessionStrategy.getBeanDefinition());
 		}
-		boolean useChangeSessionId = OPT_CHANGE_SESSION_ID
-				.equals(sessionFixationAttribute);
+		boolean useChangeSessionId = OPT_CHANGE_SESSION_ID.equals(sessionFixationAttribute);
 		if (sessionFixationProtectionRequired || StringUtils.hasText(invalidSessionUrl)) {
 			if (useChangeSessionId) {
 				sessionFixationStrategy = BeanDefinitionBuilder
@@ -433,23 +449,18 @@ class HttpConfigurationBuilder {
 
 		BeanDefinitionBuilder sessionMgmtFilter = BeanDefinitionBuilder
 				.rootBeanDefinition(SessionManagementFilter.class);
-		RootBeanDefinition failureHandler = new RootBeanDefinition(
-				SimpleUrlAuthenticationFailureHandler.class);
+		RootBeanDefinition failureHandler = new RootBeanDefinition(SimpleUrlAuthenticationFailureHandler.class);
 		if (StringUtils.hasText(errorUrl)) {
-			failureHandler.getPropertyValues().addPropertyValue("defaultFailureUrl",
-					errorUrl);
+			failureHandler.getPropertyValues().addPropertyValue("defaultFailureUrl", errorUrl);
 		}
-		sessionMgmtFilter
-				.addPropertyValue("authenticationFailureHandler", failureHandler);
+		sessionMgmtFilter.addPropertyValue("authenticationFailureHandler", failureHandler);
 		sessionMgmtFilter.addConstructorArgValue(contextRepoRef);
 
-		if (!StringUtils.hasText(sessionAuthStratRef) && sessionFixationStrategy != null
-				&& !useChangeSessionId) {
+		if (!StringUtils.hasText(sessionAuthStratRef) && sessionFixationStrategy != null && !useChangeSessionId) {
 
 			if (sessionFixationProtectionRequired) {
 				sessionFixationStrategy.addPropertyValue("migrateSessionAttributes",
-						sessionFixationAttribute
-								.equals(OPT_SESSION_FIXATION_MIGRATE_SESSION));
+						sessionFixationAttribute.equals(OPT_SESSION_FIXATION_MIGRATE_SESSION));
 			}
 		}
 
@@ -459,20 +470,18 @@ class HttpConfigurationBuilder {
 			BeanDefinition strategyBean = sessionStrategy.getBeanDefinition();
 			sessionStrategy.addConstructorArgValue(delegateSessionStrategies);
 			sessionAuthStratRef = pc.getReaderContext().generateBeanName(strategyBean);
-			pc.registerBeanComponent(new BeanComponentDefinition(strategyBean,
-					sessionAuthStratRef));
+			pc.registerBeanComponent(new BeanComponentDefinition(strategyBean, sessionAuthStratRef));
 
 		}
 
-
-
 		if (StringUtils.hasText(invalidSessionUrl)) {
 			BeanDefinitionBuilder invalidSessionBldr = BeanDefinitionBuilder
 					.rootBeanDefinition(SimpleRedirectInvalidSessionStrategy.class);
 			invalidSessionBldr.addConstructorArgValue(invalidSessionUrl);
 			invalidSession = invalidSessionBldr.getBeanDefinition();
 			sessionMgmtFilter.addPropertyValue("invalidSessionStrategy", invalidSession);
-		} else if (StringUtils.hasText(invalidSessionStrategyRef)) {
+		}
+		else if (StringUtils.hasText(invalidSessionStrategyRef)) {
 			sessionMgmtFilter.addPropertyReference("invalidSessionStrategy", invalidSessionStrategyRef);
 		}
 
@@ -488,8 +497,8 @@ class HttpConfigurationBuilder {
 		final String ATT_SESSION_REGISTRY_ALIAS = "session-registry-alias";
 		final String ATT_SESSION_REGISTRY_REF = "session-registry-ref";
 
-		CompositeComponentDefinition compositeDef = new CompositeComponentDefinition(
-				element.getTagName(), pc.extractSource(element));
+		CompositeComponentDefinition compositeDef = new CompositeComponentDefinition(element.getTagName(),
+				pc.extractSource(element));
 		pc.pushContainingComponent(compositeDef);
 
 		BeanDefinitionRegistry beanRegistry = pc.getRegistry();
@@ -498,12 +507,9 @@ class HttpConfigurationBuilder {
 
 		if (!StringUtils.hasText(sessionRegistryId)) {
 			// Register an internal SessionRegistryImpl if no external reference supplied.
-			RootBeanDefinition sessionRegistry = new RootBeanDefinition(
-					SessionRegistryImpl.class);
-			sessionRegistryId = pc.getReaderContext().registerWithGeneratedName(
-					sessionRegistry);
-			pc.registerComponent(new BeanComponentDefinition(sessionRegistry,
-					sessionRegistryId));
+			RootBeanDefinition sessionRegistry = new RootBeanDefinition(SessionRegistryImpl.class);
+			sessionRegistryId = pc.getReaderContext().registerWithGeneratedName(sessionRegistry);
+			pc.registerComponent(new BeanComponentDefinition(sessionRegistry, sessionRegistryId));
 		}
 
 		String registryAlias = element.getAttribute(ATT_SESSION_REGISTRY_ALIAS);
@@ -511,8 +517,7 @@ class HttpConfigurationBuilder {
 			beanRegistry.registerAlias(sessionRegistryId, registryAlias);
 		}
 
-		BeanDefinitionBuilder filterBuilder = BeanDefinitionBuilder
-				.rootBeanDefinition(ConcurrentSessionFilter.class);
+		BeanDefinitionBuilder filterBuilder = BeanDefinitionBuilder.rootBeanDefinition(ConcurrentSessionFilter.class);
 		filterBuilder.addConstructorArgReference(sessionRegistryId);
 
 		Object source = pc.extractSource(element);
@@ -523,8 +528,9 @@ class HttpConfigurationBuilder {
 		String expiredSessionStrategyRef = element.getAttribute(ATT_EXPIRED_SESSION_STRATEGY_REF);
 
 		if (StringUtils.hasText(expiryUrl) && StringUtils.hasText(expiredSessionStrategyRef)) {
-			pc.getReaderContext().error("Cannot use 'expired-url' attribute and 'expired-session-strategy-ref'" +
-					" attribute together.", source);
+			pc.getReaderContext().error(
+					"Cannot use 'expired-url' attribute and 'expired-session-strategy-ref'" + " attribute together.",
+					source);
 		}
 
 		if (StringUtils.hasText(expiryUrl)) {
@@ -532,7 +538,8 @@ class HttpConfigurationBuilder {
 					.rootBeanDefinition(SimpleRedirectSessionInformationExpiredStrategy.class);
 			expiredSessionBldr.addConstructorArgValue(expiryUrl);
 			filterBuilder.addConstructorArgValue(expiredSessionBldr.getBeanDefinition());
-		} else if (StringUtils.hasText(expiredSessionStrategyRef)) {
+		}
+		else if (StringUtils.hasText(expiredSessionStrategyRef)) {
 			filterBuilder.addConstructorArgReference(expiredSessionStrategyRef);
 		}
 
@@ -545,8 +552,7 @@ class HttpConfigurationBuilder {
 	private void createWebAsyncManagerFilter() {
 		boolean asyncSupported = ClassUtils.hasMethod(ServletRequest.class, "startAsync");
 		if (asyncSupported) {
-			webAsyncManagerFilter = new RootBeanDefinition(
-					WebAsyncManagerIntegrationFilter.class);
+			webAsyncManagerFilter = new RootBeanDefinition(WebAsyncManagerIntegrationFilter.class);
 		}
 	}
 
@@ -561,9 +567,9 @@ class HttpConfigurationBuilder {
 		}
 
 		if ("true".equals(provideServletApi)) {
-			servApiFilter = GrantedAuthorityDefaultsParserUtils.registerWithDefaultRolePrefix(pc, SecurityContextHolderAwareRequestFilterBeanFactory.class);
-			servApiFilter.getPropertyValues().add("authenticationManager",
-					authenticationManager);
+			servApiFilter = GrantedAuthorityDefaultsParserUtils.registerWithDefaultRolePrefix(pc,
+					SecurityContextHolderAwareRequestFilterBeanFactory.class);
+			servApiFilter.getPropertyValues().add("authenticationManager", authenticationManager);
 		}
 	}
 
@@ -589,8 +595,7 @@ class HttpConfigurationBuilder {
 			return;
 		}
 
-		RootBeanDefinition channelFilter = new RootBeanDefinition(
-				ChannelProcessingFilter.class);
+		RootBeanDefinition channelFilter = new RootBeanDefinition(ChannelProcessingFilter.class);
 		BeanDefinitionBuilder metadataSourceBldr = BeanDefinitionBuilder
 				.rootBeanDefinition(DefaultFilterInvocationSecurityMetadataSource.class);
 		metadataSourceBldr.addConstructorArgValue(channelRequestMap);
@@ -599,36 +604,25 @@ class HttpConfigurationBuilder {
 
 		channelFilter.getPropertyValues().addPropertyValue("securityMetadataSource",
 				metadataSourceBldr.getBeanDefinition());
-		RootBeanDefinition channelDecisionManager = new RootBeanDefinition(
-				ChannelDecisionManagerImpl.class);
-		ManagedList<RootBeanDefinition> channelProcessors = new ManagedList<>(
-				3);
-		RootBeanDefinition secureChannelProcessor = new RootBeanDefinition(
-				SecureChannelProcessor.class);
-		RootBeanDefinition retryWithHttp = new RootBeanDefinition(
-				RetryWithHttpEntryPoint.class);
-		RootBeanDefinition retryWithHttps = new RootBeanDefinition(
-				RetryWithHttpsEntryPoint.class);
+		RootBeanDefinition channelDecisionManager = new RootBeanDefinition(ChannelDecisionManagerImpl.class);
+		ManagedList<RootBeanDefinition> channelProcessors = new ManagedList<>(3);
+		RootBeanDefinition secureChannelProcessor = new RootBeanDefinition(SecureChannelProcessor.class);
+		RootBeanDefinition retryWithHttp = new RootBeanDefinition(RetryWithHttpEntryPoint.class);
+		RootBeanDefinition retryWithHttps = new RootBeanDefinition(RetryWithHttpsEntryPoint.class);
 
 		retryWithHttp.getPropertyValues().addPropertyValue("portMapper", portMapper);
 		retryWithHttp.getPropertyValues().addPropertyValue("portResolver", portResolver);
 		retryWithHttps.getPropertyValues().addPropertyValue("portMapper", portMapper);
 		retryWithHttps.getPropertyValues().addPropertyValue("portResolver", portResolver);
-		secureChannelProcessor.getPropertyValues().addPropertyValue("entryPoint",
-				retryWithHttps);
-		RootBeanDefinition inSecureChannelProcessor = new RootBeanDefinition(
-				InsecureChannelProcessor.class);
-		inSecureChannelProcessor.getPropertyValues().addPropertyValue("entryPoint",
-				retryWithHttp);
+		secureChannelProcessor.getPropertyValues().addPropertyValue("entryPoint", retryWithHttps);
+		RootBeanDefinition inSecureChannelProcessor = new RootBeanDefinition(InsecureChannelProcessor.class);
+		inSecureChannelProcessor.getPropertyValues().addPropertyValue("entryPoint", retryWithHttp);
 		channelProcessors.add(secureChannelProcessor);
 		channelProcessors.add(inSecureChannelProcessor);
-		channelDecisionManager.getPropertyValues().addPropertyValue("channelProcessors",
-				channelProcessors);
+		channelDecisionManager.getPropertyValues().addPropertyValue("channelProcessors", channelProcessors);
 
-		String id = pc.getReaderContext().registerWithGeneratedName(
-				channelDecisionManager);
-		channelFilter.getPropertyValues().addPropertyValue("channelDecisionManager",
-				new RuntimeBeanReference(id));
+		String id = pc.getReaderContext().registerWithGeneratedName(channelDecisionManager);
+		channelFilter.getPropertyValues().addPropertyValue("channelDecisionManager", new RuntimeBeanReference(id));
 		cpf = channelFilter;
 	}
 
@@ -648,19 +642,17 @@ class HttpConfigurationBuilder {
 			boolean hasMatcherRef = StringUtils.hasText(matcherRef);
 
 			if (!hasMatcherRef && !StringUtils.hasText(path)) {
-				pc.getReaderContext().error("pattern attribute cannot be empty or null",
-						urlElt);
+				pc.getReaderContext().error("pattern attribute cannot be empty or null", urlElt);
 			}
 
 			String requiredChannel = urlElt.getAttribute(ATT_REQUIRES_CHANNEL);
 
 			if (StringUtils.hasText(requiredChannel)) {
-				BeanMetadataElement matcher = hasMatcherRef ? new RuntimeBeanReference(matcherRef) : matcherType.createMatcher(pc, path, method);
+				BeanMetadataElement matcher = hasMatcherRef ? new RuntimeBeanReference(matcherRef)
+						: matcherType.createMatcher(pc, path, method);
 
-				RootBeanDefinition channelAttributes = new RootBeanDefinition(
-						ChannelAttributeFactory.class);
-				channelAttributes.getConstructorArgumentValues().addGenericArgumentValue(
-						requiredChannel);
+				RootBeanDefinition channelAttributes = new RootBeanDefinition(ChannelAttributeFactory.class);
+				channelAttributes.getConstructorArgumentValues().addGenericArgumentValue(requiredChannel);
 				channelAttributes.setFactoryMethodName("createChannelAttributes");
 
 				channelRequestMap.put(matcher, channelAttributes);
@@ -671,8 +663,7 @@ class HttpConfigurationBuilder {
 	}
 
 	private void createRequestCacheFilter() {
-		Element requestCacheElt = DomUtils.getChildElementByTagName(httpElt,
-				Elements.REQUEST_CACHE);
+		Element requestCacheElt = DomUtils.getChildElementByTagName(httpElt, Elements.REQUEST_CACHE);
 
 		if (requestCacheElt != null) {
 			requestCache = new RuntimeBeanReference(requestCacheElt.getAttribute(ATT_REF));
@@ -681,12 +672,10 @@ class HttpConfigurationBuilder {
 			BeanDefinitionBuilder requestCacheBldr;
 
 			if (sessionPolicy == SessionCreationPolicy.STATELESS) {
-				requestCacheBldr = BeanDefinitionBuilder
-						.rootBeanDefinition(NullRequestCache.class);
+				requestCacheBldr = BeanDefinitionBuilder.rootBeanDefinition(NullRequestCache.class);
 			}
 			else {
-				requestCacheBldr = BeanDefinitionBuilder
-						.rootBeanDefinition(HttpSessionRequestCache.class);
+				requestCacheBldr = BeanDefinitionBuilder.rootBeanDefinition(HttpSessionRequestCache.class);
 				requestCacheBldr.addPropertyValue("createSessionAllowed",
 						sessionPolicy == SessionCreationPolicy.IF_REQUIRED);
 				requestCacheBldr.addPropertyValue("portResolver", portResolver);
@@ -695,8 +684,7 @@ class HttpConfigurationBuilder {
 							.rootBeanDefinition(AntPathRequestMatcher.class);
 					requestCacheMatcherBldr.addConstructorArgValue("/**");
 					requestCacheMatcherBldr.addConstructorArgValue("GET");
-					requestCacheBldr.addPropertyValue("requestMatcher",
-							requestCacheMatcherBldr.getBeanDefinition());
+					requestCacheBldr.addPropertyValue("requestMatcher", requestCacheMatcherBldr.getBeanDefinition());
 				}
 			}
 
@@ -708,13 +696,11 @@ class HttpConfigurationBuilder {
 		}
 
 		requestCacheAwareFilter = new RootBeanDefinition(RequestCacheAwareFilter.class);
-		requestCacheAwareFilter.getConstructorArgumentValues().addGenericArgumentValue(
-				requestCache);
+		requestCacheAwareFilter.getConstructorArgumentValues().addGenericArgumentValue(requestCache);
 	}
 
 	private void createFilterSecurityInterceptor(BeanReference authManager) {
-		boolean useExpressions = FilterInvocationSecurityMetadataSourceParser
-				.isUseExpressions(httpElt);
+		boolean useExpressions = FilterInvocationSecurityMetadataSourceParser.isUseExpressions(httpElt);
 		RootBeanDefinition securityMds = FilterInvocationSecurityMetadataSourceParser
 				.createSecurityMetadataSource(interceptUrls, addAllAuth, httpElt, pc);
 
@@ -722,11 +708,9 @@ class HttpConfigurationBuilder {
 		ManagedList<BeanDefinition> voters = new ManagedList<>(2);
 
 		if (useExpressions) {
-			BeanDefinitionBuilder expressionVoter = BeanDefinitionBuilder
-					.rootBeanDefinition(WebExpressionVoter.class);
+			BeanDefinitionBuilder expressionVoter = BeanDefinitionBuilder.rootBeanDefinition(WebExpressionVoter.class);
 			// Read the expression handler from the FISMS
-			RuntimeBeanReference expressionHandler = (RuntimeBeanReference) securityMds
-					.getConstructorArgumentValues()
+			RuntimeBeanReference expressionHandler = (RuntimeBeanReference) securityMds.getConstructorArgumentValues()
 					.getArgumentValue(1, RuntimeBeanReference.class).getValue();
 
 			expressionVoter.addPropertyValue("expressionHandler", expressionHandler);
@@ -734,7 +718,8 @@ class HttpConfigurationBuilder {
 			voters.add(expressionVoter.getBeanDefinition());
 		}
 		else {
-			voters.add(GrantedAuthorityDefaultsParserUtils.registerWithDefaultRolePrefix(pc, RoleVoterBeanFactory.class));
+			voters.add(
+					GrantedAuthorityDefaultsParserUtils.registerWithDefaultRolePrefix(pc, RoleVoterBeanFactory.class));
 			voters.add(new RootBeanDefinition(AuthenticatedVoter.class));
 		}
 		accessDecisionMgr = new RootBeanDefinition(AffirmativeBased.class);
@@ -746,12 +731,10 @@ class HttpConfigurationBuilder {
 
 		if (!StringUtils.hasText(accessManagerId)) {
 			accessManagerId = pc.getReaderContext().generateBeanName(accessDecisionMgr);
-			pc.registerBeanComponent(new BeanComponentDefinition(accessDecisionMgr,
-					accessManagerId));
+			pc.registerBeanComponent(new BeanComponentDefinition(accessDecisionMgr, accessManagerId));
 		}
 
-		BeanDefinitionBuilder builder = BeanDefinitionBuilder
-				.rootBeanDefinition(FilterSecurityInterceptor.class);
+		BeanDefinitionBuilder builder = BeanDefinitionBuilder.rootBeanDefinition(FilterSecurityInterceptor.class);
 
 		builder.addPropertyReference("accessDecisionManager", accessManagerId);
 		builder.addPropertyValue("authenticationManager", authManager);
@@ -767,13 +750,10 @@ class HttpConfigurationBuilder {
 
 		// Create and register a DefaultWebInvocationPrivilegeEvaluator for use with
 		// taglibs etc.
-		BeanDefinition wipe = new RootBeanDefinition(
-				DefaultWebInvocationPrivilegeEvaluator.class);
-		wipe.getConstructorArgumentValues().addGenericArgumentValue(
-				new RuntimeBeanReference(fsiId));
+		BeanDefinition wipe = new RootBeanDefinition(DefaultWebInvocationPrivilegeEvaluator.class);
+		wipe.getConstructorArgumentValues().addGenericArgumentValue(new RuntimeBeanReference(fsiId));
 
-		pc.registerBeanComponent(new BeanComponentDefinition(wipe, pc.getReaderContext()
-				.generateBeanName(wipe)));
+		pc.registerBeanComponent(new BeanComponentDefinition(wipe, pc.getReaderContext().generateBeanName(wipe)));
 
 		this.fsi = new RuntimeBeanReference(fsiId);
 	}
@@ -827,17 +807,14 @@ class HttpConfigurationBuilder {
 		}
 
 		if (concurrentSessionFilter != null) {
-			filters.add(new OrderDecorator(concurrentSessionFilter,
-					CONCURRENT_SESSION_FILTER));
+			filters.add(new OrderDecorator(concurrentSessionFilter, CONCURRENT_SESSION_FILTER));
 		}
 
 		if (webAsyncManagerFilter != null) {
-			filters.add(new OrderDecorator(webAsyncManagerFilter,
-					WEB_ASYNC_MANAGER_FILTER));
+			filters.add(new OrderDecorator(webAsyncManagerFilter, WEB_ASYNC_MANAGER_FILTER));
 		}
 
-		filters.add(new OrderDecorator(securityContextPersistenceFilter,
-				SECURITY_CONTEXT_FILTER));
+		filters.add(new OrderDecorator(securityContextPersistenceFilter, SECURITY_CONTEXT_FILTER));
 
 		if (servApiFilter != null) {
 			filters.add(new OrderDecorator(servApiFilter, SERVLET_API_SUPPORT_FILTER));
@@ -873,20 +850,26 @@ class HttpConfigurationBuilder {
 	}
 
 	static class RoleVoterBeanFactory extends AbstractGrantedAuthorityDefaultsBeanFactory {
+
 		private RoleVoter voter = new RoleVoter();
 
 		public RoleVoter getBean() {
 			voter.setRolePrefix(this.rolePrefix);
 			return voter;
 		}
+
 	}
 
-	static class SecurityContextHolderAwareRequestFilterBeanFactory extends GrantedAuthorityDefaultsParserUtils.AbstractGrantedAuthorityDefaultsBeanFactory {
+	static class SecurityContextHolderAwareRequestFilterBeanFactory
+			extends GrantedAuthorityDefaultsParserUtils.AbstractGrantedAuthorityDefaultsBeanFactory {
+
 		private SecurityContextHolderAwareRequestFilter filter = new SecurityContextHolderAwareRequestFilter();
 
 		public SecurityContextHolderAwareRequestFilter getBean() {
 			filter.setRolePrefix(this.rolePrefix);
 			return filter;
 		}
+
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/http/HttpFirewallBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/HttpFirewallBeanDefinitionParser.java
index 6fd912d81a..c5d3fde8e4 100644
--- a/config/src/main/java/org/springframework/security/config/http/HttpFirewallBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/HttpFirewallBeanDefinitionParser.java
@@ -35,18 +35,15 @@ public class HttpFirewallBeanDefinitionParser implements BeanDefinitionParser {
 		String ref = element.getAttribute("ref");
 
 		if (!StringUtils.hasText(ref)) {
-			pc.getReaderContext().error("ref attribute is required",
-					pc.extractSource(element));
+			pc.getReaderContext().error("ref attribute is required", pc.extractSource(element));
 		}
 
 		// Ensure the FCP is registered.
-		HttpSecurityBeanDefinitionParser.registerFilterChainProxyIfNecessary(pc,
-				pc.extractSource(element));
-		BeanDefinition filterChainProxy = pc.getRegistry().getBeanDefinition(
-				BeanIds.FILTER_CHAIN_PROXY);
-		filterChainProxy.getPropertyValues().addPropertyValue("firewall",
-				new RuntimeBeanReference(ref));
+		HttpSecurityBeanDefinitionParser.registerFilterChainProxyIfNecessary(pc, pc.extractSource(element));
+		BeanDefinition filterChainProxy = pc.getRegistry().getBeanDefinition(BeanIds.FILTER_CHAIN_PROXY);
+		filterChainProxy.getPropertyValues().addPropertyValue("firewall", new RuntimeBeanReference(ref));
 
 		return null;
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParser.java
index d9f4a74ee2..acaa187f45 100644
--- a/config/src/main/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParser.java
@@ -65,8 +65,8 @@ import org.springframework.util.xml.DomUtils;
  * @since 2.0
  */
 public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
-	private static final Log logger = LogFactory
-			.getLog(HttpSecurityBeanDefinitionParser.class);
+
+	private static final Log logger = LogFactory.getLog(HttpSecurityBeanDefinitionParser.class);
 
 	private static final String ATT_AUTHENTICATION_MANAGER_REF = "authentication-manager-ref";
 	static final String ATT_REQUEST_MATCHER_REF = "request-matcher-ref";
@@ -79,7 +79,9 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
 	static final String ATT_REQUIRES_CHANNEL = "requires-channel";
 
 	private static final String ATT_REF = "ref";
+
 	private static final String ATT_SECURED = "security";
+
 	private static final String OPT_SECURITY_NONE = "none";
 
 	public HttpSecurityBeanDefinitionParser() {
@@ -97,17 +99,16 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
 	@SuppressWarnings({ "unchecked" })
 	@Override
 	public BeanDefinition parse(Element element, ParserContext pc) {
-		CompositeComponentDefinition compositeDef = new CompositeComponentDefinition(
-				element.getTagName(), pc.extractSource(element));
+		CompositeComponentDefinition compositeDef = new CompositeComponentDefinition(element.getTagName(),
+				pc.extractSource(element));
 		pc.pushContainingComponent(compositeDef);
 
 		registerFilterChainProxyIfNecessary(pc, pc.extractSource(element));
 
 		// Obtain the filter chains and add the new chain to it
-		BeanDefinition listFactoryBean = pc.getRegistry().getBeanDefinition(
-				BeanIds.FILTER_CHAINS);
-		List<BeanReference> filterChains = (List<BeanReference>) listFactoryBean
-				.getPropertyValues().getPropertyValue("sourceList").getValue();
+		BeanDefinition listFactoryBean = pc.getRegistry().getBeanDefinition(BeanIds.FILTER_CHAINS);
+		List<BeanReference> filterChains = (List<BeanReference>) listFactoryBean.getPropertyValues()
+				.getPropertyValue("sourceList").getValue();
 
 		filterChains.add(createFilterChain(element, pc));
 
@@ -124,20 +125,16 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
 		if (!secured) {
 			if (!StringUtils.hasText(element.getAttribute(ATT_PATH_PATTERN))
 					&& !StringUtils.hasText(ATT_REQUEST_MATCHER_REF)) {
-				pc.getReaderContext().error(
-						"The '" + ATT_SECURED
-								+ "' attribute must be used in combination with"
-								+ " the '" + ATT_PATH_PATTERN + "' or '"
-								+ ATT_REQUEST_MATCHER_REF + "' attributes.",
-						pc.extractSource(element));
+				pc.getReaderContext()
+						.error("The '" + ATT_SECURED + "' attribute must be used in combination with" + " the '"
+								+ ATT_PATH_PATTERN + "' or '" + ATT_REQUEST_MATCHER_REF + "' attributes.",
+								pc.extractSource(element));
 			}
 
 			for (int n = 0; n < element.getChildNodes().getLength(); n++) {
 				if (element.getChildNodes().item(n) instanceof Element) {
-					pc.getReaderContext().error(
-							"If you are using <http> to define an unsecured pattern, "
-									+ "it cannot contain child elements.",
-							pc.extractSource(element));
+					pc.getReaderContext().error("If you are using <http> to define an unsecured pattern, "
+							+ "it cannot contain child elements.", pc.extractSource(element));
 				}
 			}
 
@@ -148,18 +145,15 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
 		final BeanReference portResolver = createPortResolver(portMapper, pc);
 
 		ManagedList<BeanReference> authenticationProviders = new ManagedList<>();
-		BeanReference authenticationManager = createAuthenticationManager(element, pc,
-				authenticationProviders);
+		BeanReference authenticationManager = createAuthenticationManager(element, pc, authenticationProviders);
 
 		boolean forceAutoConfig = isDefaultHttpConfig(element);
-		HttpConfigurationBuilder httpBldr = new HttpConfigurationBuilder(element,
-				forceAutoConfig, pc, portMapper, portResolver, authenticationManager);
+		HttpConfigurationBuilder httpBldr = new HttpConfigurationBuilder(element, forceAutoConfig, pc, portMapper,
+				portResolver, authenticationManager);
 
-		AuthenticationConfigBuilder authBldr = new AuthenticationConfigBuilder(element,
-				forceAutoConfig, pc, httpBldr.getSessionCreationPolicy(),
-				httpBldr.getRequestCache(), authenticationManager,
-				httpBldr.getSessionStrategy(), portMapper, portResolver,
-				httpBldr.getCsrfLogoutHandler());
+		AuthenticationConfigBuilder authBldr = new AuthenticationConfigBuilder(element, forceAutoConfig, pc,
+				httpBldr.getSessionCreationPolicy(), httpBldr.getRequestCache(), authenticationManager,
+				httpBldr.getSessionStrategy(), portMapper, portResolver, httpBldr.getCsrfLogoutHandler());
 
 		httpBldr.setLogoutHandlers(authBldr.getLogoutHandlers());
 		httpBldr.setEntryPoint(authBldr.getEntryPointBean());
@@ -188,12 +182,10 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
 	}
 
 	private static boolean isDefaultHttpConfig(Element httpElt) {
-		return httpElt.getChildNodes().getLength() == 0
-				&& httpElt.getAttributes().getLength() == 0;
+		return httpElt.getChildNodes().getLength() == 0 && httpElt.getAttributes().getLength() == 0;
 	}
 
-	private BeanReference createSecurityFilterChainBean(Element element,
-			ParserContext pc, List<?> filterChain) {
+	private BeanReference createSecurityFilterChainBean(Element element, ParserContext pc, List<?> filterChain) {
 		BeanMetadataElement filterChainMatcher;
 
 		String requestMatcherRef = element.getAttribute(ATT_REQUEST_MATCHER_REF);
@@ -202,15 +194,14 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
 		if (StringUtils.hasText(requestMatcherRef)) {
 			if (StringUtils.hasText(filterChainPattern)) {
 				pc.getReaderContext().error(
-						"You can't define a pattern and a request-matcher-ref for the "
-								+ "same filter chain", pc.extractSource(element));
+						"You can't define a pattern and a request-matcher-ref for the " + "same filter chain",
+						pc.extractSource(element));
 			}
 			filterChainMatcher = new RuntimeBeanReference(requestMatcherRef);
 
 		}
 		else if (StringUtils.hasText(filterChainPattern)) {
-			filterChainMatcher = MatcherType.fromElement(element).createMatcher(pc,
-					filterChainPattern, null);
+			filterChainMatcher = MatcherType.fromElement(element).createMatcher(pc, filterChainPattern, null);
 		}
 		else {
 			filterChainMatcher = new RootBeanDefinition(AnyRequestMatcher.class);
@@ -239,21 +230,19 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
 	private BeanReference createPortMapper(Element elt, ParserContext pc) {
 		// Register the portMapper. A default will always be created, even if no element
 		// exists.
-		BeanDefinition portMapper = new PortMappingsBeanDefinitionParser().parse(
-				DomUtils.getChildElementByTagName(elt, Elements.PORT_MAPPINGS), pc);
+		BeanDefinition portMapper = new PortMappingsBeanDefinitionParser()
+				.parse(DomUtils.getChildElementByTagName(elt, Elements.PORT_MAPPINGS), pc);
 		String portMapperName = pc.getReaderContext().generateBeanName(portMapper);
 		pc.registerBeanComponent(new BeanComponentDefinition(portMapper, portMapperName));
 
 		return new RuntimeBeanReference(portMapperName);
 	}
 
-	private RuntimeBeanReference createPortResolver(BeanReference portMapper,
-			ParserContext pc) {
+	private RuntimeBeanReference createPortResolver(BeanReference portMapper, ParserContext pc) {
 		RootBeanDefinition portResolver = new RootBeanDefinition(PortResolverImpl.class);
 		portResolver.getPropertyValues().addPropertyValue("portMapper", portMapper);
 		String portResolverName = pc.getReaderContext().generateBeanName(portResolver);
-		pc.registerBeanComponent(new BeanComponentDefinition(portResolver,
-				portResolverName));
+		pc.registerBeanComponent(new BeanComponentDefinition(portResolver, portResolverName));
 		return new RuntimeBeanReference(portResolverName);
 	}
 
@@ -268,44 +257,37 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
 	private BeanReference createAuthenticationManager(Element element, ParserContext pc,
 			ManagedList<BeanReference> authenticationProviders) {
 		String parentMgrRef = element.getAttribute(ATT_AUTHENTICATION_MANAGER_REF);
-		BeanDefinitionBuilder authManager = BeanDefinitionBuilder
-				.rootBeanDefinition(ProviderManager.class);
+		BeanDefinitionBuilder authManager = BeanDefinitionBuilder.rootBeanDefinition(ProviderManager.class);
 		authManager.addConstructorArgValue(authenticationProviders);
 
 		if (StringUtils.hasText(parentMgrRef)) {
-			RuntimeBeanReference parentAuthManager = new RuntimeBeanReference(
-					parentMgrRef);
+			RuntimeBeanReference parentAuthManager = new RuntimeBeanReference(parentMgrRef);
 			authManager.addConstructorArgValue(parentAuthManager);
 			RootBeanDefinition clearCredentials = new RootBeanDefinition(
 					ClearCredentialsMethodInvokingFactoryBean.class);
-			clearCredentials.getPropertyValues().addPropertyValue("targetObject",
-					parentAuthManager);
+			clearCredentials.getPropertyValues().addPropertyValue("targetObject", parentAuthManager);
 			clearCredentials.getPropertyValues().addPropertyValue("targetMethod",
 					"isEraseCredentialsAfterAuthentication");
 
-			authManager.addPropertyValue("eraseCredentialsAfterAuthentication",
-					clearCredentials);
+			authManager.addPropertyValue("eraseCredentialsAfterAuthentication", clearCredentials);
 		}
 		else {
-			RootBeanDefinition amfb = new RootBeanDefinition(
-					AuthenticationManagerFactoryBean.class);
+			RootBeanDefinition amfb = new RootBeanDefinition(AuthenticationManagerFactoryBean.class);
 			amfb.setRole(BeanDefinition.ROLE_INFRASTRUCTURE);
 			String amfbId = pc.getReaderContext().generateBeanName(amfb);
 			pc.registerBeanComponent(new BeanComponentDefinition(amfb, amfbId));
-			RootBeanDefinition clearCredentials = new RootBeanDefinition(
-					MethodInvokingFactoryBean.class);
-			clearCredentials.getPropertyValues().addPropertyValue("targetObject",
-					new RuntimeBeanReference(amfbId));
+			RootBeanDefinition clearCredentials = new RootBeanDefinition(MethodInvokingFactoryBean.class);
+			clearCredentials.getPropertyValues().addPropertyValue("targetObject", new RuntimeBeanReference(amfbId));
 			clearCredentials.getPropertyValues().addPropertyValue("targetMethod",
 					"isEraseCredentialsAfterAuthentication");
 
 			authManager.addConstructorArgValue(new RuntimeBeanReference(amfbId));
-			authManager.addPropertyValue("eraseCredentialsAfterAuthentication",
-					clearCredentials);
+			authManager.addPropertyValue("eraseCredentialsAfterAuthentication", clearCredentials);
 		}
 
 		// gh-6009
-		authManager.addPropertyValue("authenticationEventPublisher", new RootBeanDefinition(DefaultAuthenticationEventPublisher.class));
+		authManager.addPropertyValue("authenticationEventPublisher",
+				new RootBeanDefinition(DefaultAuthenticationEventPublisher.class));
 		authManager.getRawBeanDefinition().setSource(pc.extractSource(element));
 		BeanDefinition authMgrBean = authManager.getBeanDefinition();
 		String id = pc.getReaderContext().generateBeanName(authMgrBean);
@@ -314,8 +296,7 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
 		return new RuntimeBeanReference(id);
 	}
 
-	private void checkFilterChainOrder(List<OrderDecorator> filters, ParserContext pc,
-			Object source) {
+	private void checkFilterChainOrder(List<OrderDecorator> filters, ParserContext pc, Object source) {
 		logger.info("Checking sorted filter chain: " + filters);
 
 		for (int i = 0; i < filters.size(); i++) {
@@ -325,10 +306,7 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
 				OrderDecorator previous = filters.get(i - 1);
 				if (filter.getOrder() == previous.getOrder()) {
 					pc.getReaderContext()
-							.error("Filter beans '"
-									+ filter.bean
-									+ "' and '"
-									+ previous.bean
+							.error("Filter beans '" + filter.bean + "' and '" + previous.bean
 									+ "' have the same 'order' value. When using custom filters, "
 									+ "please make sure the positions do not conflict with default filters. "
 									+ "Alternatively you can disable the default filters by removing the corresponding "
@@ -340,8 +318,7 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
 	}
 
 	List<OrderDecorator> buildCustomFilterList(Element element, ParserContext pc) {
-		List<Element> customFilterElts = DomUtils.getChildElementsByTagName(element,
-				Elements.CUSTOM_FILTER);
+		List<Element> customFilterElts = DomUtils.getChildElementsByTagName(element, Elements.CUSTOM_FILTER);
 		List<OrderDecorator> customFilters = new ArrayList<>();
 
 		final String ATT_AFTER = "after";
@@ -356,23 +333,18 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
 			String ref = elt.getAttribute(ATT_REF);
 
 			if (!StringUtils.hasText(ref)) {
-				pc.getReaderContext().error(
-						"The '" + ATT_REF + "' attribute must be supplied",
-						pc.extractSource(elt));
+				pc.getReaderContext().error("The '" + ATT_REF + "' attribute must be supplied", pc.extractSource(elt));
 			}
 
 			RuntimeBeanReference bean = new RuntimeBeanReference(ref);
 
 			if (WebConfigUtils.countNonEmpty(new String[] { after, before, position }) != 1) {
-				pc.getReaderContext().error(
-						"A single '" + ATT_AFTER + "', '" + ATT_BEFORE + "', or '"
-								+ ATT_POSITION + "' attribute must be supplied",
-						pc.extractSource(elt));
+				pc.getReaderContext().error("A single '" + ATT_AFTER + "', '" + ATT_BEFORE + "', or '" + ATT_POSITION
+						+ "' attribute must be supplied", pc.extractSource(elt));
 			}
 
 			if (StringUtils.hasText(position)) {
-				customFilters.add(new OrderDecorator(bean, SecurityFilters
-						.valueOf(position)));
+				customFilters.add(new OrderDecorator(bean, SecurityFilters.valueOf(position)));
 			}
 			else if (StringUtils.hasText(after)) {
 				SecurityFilters order = SecurityFilters.valueOf(after);
@@ -406,22 +378,18 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
 		// FilterChainProxy
 		BeanDefinition listFactoryBean = new RootBeanDefinition(ListFactoryBean.class);
 		listFactoryBean.getPropertyValues().add("sourceList", new ManagedList());
-		pc.registerBeanComponent(new BeanComponentDefinition(listFactoryBean,
-				BeanIds.FILTER_CHAINS));
+		pc.registerBeanComponent(new BeanComponentDefinition(listFactoryBean, BeanIds.FILTER_CHAINS));
 
-		BeanDefinitionBuilder fcpBldr = BeanDefinitionBuilder
-				.rootBeanDefinition(FilterChainProxy.class);
+		BeanDefinitionBuilder fcpBldr = BeanDefinitionBuilder.rootBeanDefinition(FilterChainProxy.class);
 		fcpBldr.getRawBeanDefinition().setSource(source);
 		fcpBldr.addConstructorArgReference(BeanIds.FILTER_CHAINS);
-		fcpBldr.addPropertyValue("filterChainValidator", new RootBeanDefinition(
-				DefaultFilterChainValidator.class));
+		fcpBldr.addPropertyValue("filterChainValidator", new RootBeanDefinition(DefaultFilterChainValidator.class));
 		BeanDefinition fcpBean = fcpBldr.getBeanDefinition();
-		pc.registerBeanComponent(new BeanComponentDefinition(fcpBean,
-				BeanIds.FILTER_CHAIN_PROXY));
-		registry.registerAlias(BeanIds.FILTER_CHAIN_PROXY,
-				BeanIds.SPRING_SECURITY_FILTER_CHAIN);
+		pc.registerBeanComponent(new BeanComponentDefinition(fcpBean, BeanIds.FILTER_CHAIN_PROXY));
+		registry.registerAlias(BeanIds.FILTER_CHAIN_PROXY, BeanIds.SPRING_SECURITY_FILTER_CHAIN);
 
-		BeanDefinitionBuilder requestRejected = BeanDefinitionBuilder.rootBeanDefinition(RequestRejectedHandlerPostProcessor.class);
+		BeanDefinitionBuilder requestRejected = BeanDefinitionBuilder
+				.rootBeanDefinition(RequestRejectedHandlerPostProcessor.class);
 		requestRejected.setRole(BeanDefinition.ROLE_INFRASTRUCTURE);
 		requestRejected.addConstructorArgValue("requestRejectedHandler");
 		requestRejected.addConstructorArgValue(BeanIds.FILTER_CHAIN_PROXY);
@@ -434,6 +402,7 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
 }
 
 class RequestRejectedHandlerPostProcessor implements BeanDefinitionRegistryPostProcessor {
+
 	private final String beanName;
 
 	private final String targetBeanName;
@@ -458,10 +427,13 @@ class RequestRejectedHandlerPostProcessor implements BeanDefinitionRegistryPostP
 	public void postProcessBeanFactory(ConfigurableListableBeanFactory beanFactory) throws BeansException {
 
 	}
+
 }
 
 class OrderDecorator implements Ordered {
+
 	final BeanMetadataElement bean;
+
 	final int order;
 
 	OrderDecorator(BeanMetadataElement bean, SecurityFilters filterOrder) {
@@ -483,6 +455,7 @@ class OrderDecorator implements Ordered {
 	public String toString() {
 		return bean + ", order = " + order;
 	}
+
 }
 
 /**
@@ -495,6 +468,7 @@ class OrderDecorator implements Ordered {
  * @author Rob Winch
  */
 final class ClearCredentialsMethodInvokingFactoryBean extends MethodInvokingFactoryBean {
+
 	@Override
 	public void afterPropertiesSet() throws Exception {
 		boolean isTargetProviderManager = getTargetObject() instanceof ProviderManager;
@@ -512,10 +486,10 @@ final class ClearCredentialsMethodInvokingFactoryBean extends MethodInvokingFact
 	 * original {@link AuthenticationManager} must be a {@link ProviderManager} (we should
 	 * not magically add this functionality to their implementation since we cannot
 	 * determine if it should be on or off).
-	 *
 	 * @return
 	 */
 	public boolean isEraseCredentialsAfterAuthentication() {
 		return false;
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/http/LogoutBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/LogoutBeanDefinitionParser.java
index 8b8c4f8b6c..9e9aab78c4 100644
--- a/config/src/main/java/org/springframework/security/config/http/LogoutBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/LogoutBeanDefinitionParser.java
@@ -36,6 +36,7 @@ import org.w3c.dom.Element;
  * @author Onur Kagan Ozcan
  */
 class LogoutBeanDefinitionParser implements BeanDefinitionParser {
+
 	static final String ATT_LOGOUT_SUCCESS_URL = "logout-success-url";
 
 	static final String ATT_INVALIDATE_SESSION = "invalidate-session";
@@ -46,12 +47,14 @@ class LogoutBeanDefinitionParser implements BeanDefinitionParser {
 	static final String ATT_DELETE_COOKIES = "delete-cookies";
 
 	final String rememberMeServices;
+
 	private final String defaultLogoutUrl;
+
 	private ManagedList<BeanMetadataElement> logoutHandlers = new ManagedList<>();
+
 	private boolean csrfEnabled;
 
-	LogoutBeanDefinitionParser(String loginPageUrl, String rememberMeServices,
-			BeanMetadataElement csrfLogoutHandler) {
+	LogoutBeanDefinitionParser(String loginPageUrl, String rememberMeServices, BeanMetadataElement csrfLogoutHandler) {
 		this.defaultLogoutUrl = loginPageUrl + "?logout";
 		this.rememberMeServices = rememberMeServices;
 		this.csrfEnabled = csrfLogoutHandler != null;
@@ -67,8 +70,7 @@ class LogoutBeanDefinitionParser implements BeanDefinitionParser {
 		String invalidateSession = null;
 		String deleteCookies = null;
 
-		BeanDefinitionBuilder builder = BeanDefinitionBuilder
-				.rootBeanDefinition(LogoutFilter.class);
+		BeanDefinitionBuilder builder = BeanDefinitionBuilder.rootBeanDefinition(LogoutFilter.class);
 
 		if (element != null) {
 			Object source = pc.extractSource(element);
@@ -86,14 +88,13 @@ class LogoutBeanDefinitionParser implements BeanDefinitionParser {
 			logoutUrl = DEF_LOGOUT_URL;
 		}
 
-		builder.addPropertyValue("logoutRequestMatcher",
-				getLogoutRequestMatcher(logoutUrl));
+		builder.addPropertyValue("logoutRequestMatcher", getLogoutRequestMatcher(logoutUrl));
 
 		if (StringUtils.hasText(successHandlerRef)) {
 			if (StringUtils.hasText(logoutSuccessUrl)) {
 				pc.getReaderContext().error(
-						"Use " + ATT_LOGOUT_SUCCESS_URL + " or " + ATT_LOGOUT_HANDLER
-								+ ", but not both", pc.extractSource(element));
+						"Use " + ATT_LOGOUT_SUCCESS_URL + " or " + ATT_LOGOUT_HANDLER + ", but not both",
+						pc.extractSource(element));
 			}
 			builder.addConstructorArgReference(successHandlerRef);
 		}
@@ -106,8 +107,7 @@ class LogoutBeanDefinitionParser implements BeanDefinitionParser {
 		}
 
 		BeanDefinition sclh = new RootBeanDefinition(SecurityContextLogoutHandler.class);
-		sclh.getPropertyValues().addPropertyValue("invalidateHttpSession",
-				!"false".equals(invalidateSession));
+		sclh.getPropertyValues().addPropertyValue("invalidateHttpSession", !"false".equals(invalidateSession));
 		logoutHandlers.add(sclh);
 
 		if (rememberMeServices != null) {
@@ -115,8 +115,7 @@ class LogoutBeanDefinitionParser implements BeanDefinitionParser {
 		}
 
 		if (StringUtils.hasText(deleteCookies)) {
-			BeanDefinition cookieDeleter = new RootBeanDefinition(
-					CookieClearingLogoutHandler.class);
+			BeanDefinition cookieDeleter = new RootBeanDefinition(CookieClearingLogoutHandler.class);
 			String[] names = StringUtils.tokenizeToStringArray(deleteCookies, ",");
 			cookieDeleter.getConstructorArgumentValues().addGenericArgumentValue(names);
 			logoutHandlers.add(cookieDeleter);
@@ -143,4 +142,5 @@ class LogoutBeanDefinitionParser implements BeanDefinitionParser {
 	ManagedList<BeanMetadataElement> getLogoutHandlers() {
 		return logoutHandlers;
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/http/MatcherType.java b/config/src/main/java/org/springframework/security/config/http/MatcherType.java
index 58cd734aed..63cbcfaf22 100644
--- a/config/src/main/java/org/springframework/security/config/http/MatcherType.java
+++ b/config/src/main/java/org/springframework/security/config/http/MatcherType.java
@@ -34,8 +34,9 @@ import org.w3c.dom.Element;
  * @since 3.1
  */
 public enum MatcherType {
-	ant(AntPathRequestMatcher.class), regex(RegexRequestMatcher.class), ciRegex(
-			RegexRequestMatcher.class), mvc(MvcRequestMatcher.class);
+
+	ant(AntPathRequestMatcher.class), regex(RegexRequestMatcher.class), ciRegex(RegexRequestMatcher.class), mvc(
+			MvcRequestMatcher.class);
 
 	private static final String HANDLER_MAPPING_INTROSPECTOR_BEAN_NAME = "mvcHandlerMappingIntrospector";
 
@@ -56,8 +57,7 @@ public enum MatcherType {
 			return new RootBeanDefinition(AnyRequestMatcher.class);
 		}
 
-		BeanDefinitionBuilder matcherBldr = BeanDefinitionBuilder
-				.rootBeanDefinition(type);
+		BeanDefinitionBuilder matcherBldr = BeanDefinitionBuilder.rootBeanDefinition(type);
 
 		if (this == mvc) {
 			matcherBldr.addConstructorArgValue(new RootBeanDefinition(HandlerMappingIntrospectorFactoryBean.class));
@@ -86,4 +86,5 @@ public enum MatcherType {
 
 		return ant;
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParser.java
index ccc3219e46..894bc7a4ac 100644
--- a/config/src/main/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParser.java
@@ -40,15 +40,25 @@ import static org.springframework.security.config.http.OAuth2ClientBeanDefinitio
  * @since 5.3
  */
 final class OAuth2ClientBeanDefinitionParser implements BeanDefinitionParser {
+
 	private static final String ELT_AUTHORIZATION_CODE_GRANT = "authorization-code-grant";
+
 	private static final String ATT_AUTHORIZATION_REQUEST_REPOSITORY_REF = "authorization-request-repository-ref";
+
 	private static final String ATT_AUTHORIZATION_REQUEST_RESOLVER_REF = "authorization-request-resolver-ref";
+
 	private static final String ATT_ACCESS_TOKEN_RESPONSE_CLIENT_REF = "access-token-response-client-ref";
+
 	private final BeanReference requestCache;
+
 	private final BeanReference authenticationManager;
+
 	private BeanDefinition defaultAuthorizedClientRepository;
+
 	private BeanDefinition authorizationRequestRedirectFilter;
+
 	private BeanDefinition authorizationCodeGrantFilter;
+
 	private BeanDefinition authorizationCodeAuthenticationProvider;
 
 	OAuth2ClientBeanDefinitionParser(BeanReference requestCache, BeanReference authenticationManager) {
@@ -73,43 +83,41 @@ final class OAuth2ClientBeanDefinitionParser implements BeanDefinitionParser {
 
 		BeanDefinitionBuilder authorizationRequestRedirectFilterBuilder = BeanDefinitionBuilder
 				.rootBeanDefinition(OAuth2AuthorizationRequestRedirectFilter.class);
-		String authorizationRequestResolverRef = authorizationCodeGrantElt != null ?
-				authorizationCodeGrantElt.getAttribute(ATT_AUTHORIZATION_REQUEST_RESOLVER_REF) : null;
+		String authorizationRequestResolverRef = authorizationCodeGrantElt != null
+				? authorizationCodeGrantElt.getAttribute(ATT_AUTHORIZATION_REQUEST_RESOLVER_REF) : null;
 		if (!StringUtils.isEmpty(authorizationRequestResolverRef)) {
 			authorizationRequestRedirectFilterBuilder.addConstructorArgReference(authorizationRequestResolverRef);
-		} else {
+		}
+		else {
 			authorizationRequestRedirectFilterBuilder.addConstructorArgValue(clientRegistrationRepository);
 		}
 		this.authorizationRequestRedirectFilter = authorizationRequestRedirectFilterBuilder
 				.addPropertyValue("authorizationRequestRepository", authorizationRequestRepository)
-				.addPropertyValue("requestCache", this.requestCache)
-				.getBeanDefinition();
+				.addPropertyValue("requestCache", this.requestCache).getBeanDefinition();
 
 		this.authorizationCodeGrantFilter = BeanDefinitionBuilder
 				.rootBeanDefinition(OAuth2AuthorizationCodeGrantFilter.class)
-				.addConstructorArgValue(clientRegistrationRepository)
-				.addConstructorArgValue(authorizedClientRepository)
+				.addConstructorArgValue(clientRegistrationRepository).addConstructorArgValue(authorizedClientRepository)
 				.addConstructorArgValue(this.authenticationManager)
-				.addPropertyValue("authorizationRequestRepository", authorizationRequestRepository)
-				.getBeanDefinition();
+				.addPropertyValue("authorizationRequestRepository", authorizationRequestRepository).getBeanDefinition();
 
 		BeanMetadataElement accessTokenResponseClient = getAccessTokenResponseClient(authorizationCodeGrantElt);
 
 		this.authorizationCodeAuthenticationProvider = BeanDefinitionBuilder
 				.rootBeanDefinition(OAuth2AuthorizationCodeAuthenticationProvider.class)
-				.addConstructorArgValue(accessTokenResponseClient)
-				.getBeanDefinition();
+				.addConstructorArgValue(accessTokenResponseClient).getBeanDefinition();
 
 		return null;
 	}
 
 	private BeanMetadataElement getAuthorizationRequestRepository(Element element) {
 		BeanMetadataElement authorizationRequestRepository;
-		String authorizationRequestRepositoryRef = element != null ?
-				element.getAttribute(ATT_AUTHORIZATION_REQUEST_REPOSITORY_REF) : null;
+		String authorizationRequestRepositoryRef = element != null
+				? element.getAttribute(ATT_AUTHORIZATION_REQUEST_REPOSITORY_REF) : null;
 		if (!StringUtils.isEmpty(authorizationRequestRepositoryRef)) {
 			authorizationRequestRepository = new RuntimeBeanReference(authorizationRequestRepositoryRef);
-		} else {
+		}
+		else {
 			authorizationRequestRepository = BeanDefinitionBuilder.rootBeanDefinition(
 					"org.springframework.security.oauth2.client.web.HttpSessionOAuth2AuthorizationRequestRepository")
 					.getBeanDefinition();
@@ -119,11 +127,12 @@ final class OAuth2ClientBeanDefinitionParser implements BeanDefinitionParser {
 
 	private BeanMetadataElement getAccessTokenResponseClient(Element element) {
 		BeanMetadataElement accessTokenResponseClient;
-		String accessTokenResponseClientRef = element != null ?
-				element.getAttribute(ATT_ACCESS_TOKEN_RESPONSE_CLIENT_REF) : null;
+		String accessTokenResponseClientRef = element != null
+				? element.getAttribute(ATT_ACCESS_TOKEN_RESPONSE_CLIENT_REF) : null;
 		if (!StringUtils.isEmpty(accessTokenResponseClientRef)) {
 			accessTokenResponseClient = new RuntimeBeanReference(accessTokenResponseClientRef);
-		} else {
+		}
+		else {
 			accessTokenResponseClient = BeanDefinitionBuilder.rootBeanDefinition(
 					"org.springframework.security.oauth2.client.endpoint.DefaultAuthorizationCodeTokenResponseClient")
 					.getBeanDefinition();
@@ -146,4 +155,5 @@ final class OAuth2ClientBeanDefinitionParser implements BeanDefinitionParser {
 	BeanDefinition getAuthorizationCodeAuthenticationProvider() {
 		return this.authorizationCodeAuthenticationProvider;
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserUtils.java b/config/src/main/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserUtils.java
index c0af4d7d44..db681dfce1 100644
--- a/config/src/main/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserUtils.java
+++ b/config/src/main/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserUtils.java
@@ -28,8 +28,11 @@ import org.w3c.dom.Element;
  * @since 5.4
  */
 final class OAuth2ClientBeanDefinitionParserUtils {
+
 	private static final String ATT_CLIENT_REGISTRATION_REPOSITORY_REF = "client-registration-repository-ref";
+
 	private static final String ATT_AUTHORIZED_CLIENT_REPOSITORY_REF = "authorized-client-repository-ref";
+
 	private static final String ATT_AUTHORIZED_CLIENT_SERVICE_REF = "authorized-client-service-ref";
 
 	static BeanMetadataElement getClientRegistrationRepository(Element element) {
@@ -37,7 +40,8 @@ final class OAuth2ClientBeanDefinitionParserUtils {
 		String clientRegistrationRepositoryRef = element.getAttribute(ATT_CLIENT_REGISTRATION_REPOSITORY_REF);
 		if (!StringUtils.isEmpty(clientRegistrationRepositoryRef)) {
 			clientRegistrationRepository = new RuntimeBeanReference(clientRegistrationRepositoryRef);
-		} else {
+		}
+		else {
 			clientRegistrationRepository = new RuntimeBeanReference(ClientRegistrationRepository.class);
 		}
 		return clientRegistrationRepository;
@@ -59,17 +63,17 @@ final class OAuth2ClientBeanDefinitionParserUtils {
 		return null;
 	}
 
-	static BeanDefinition createDefaultAuthorizedClientRepository(
-			BeanMetadataElement clientRegistrationRepository, BeanMetadataElement authorizedClientService) {
+	static BeanDefinition createDefaultAuthorizedClientRepository(BeanMetadataElement clientRegistrationRepository,
+			BeanMetadataElement authorizedClientService) {
 		if (authorizedClientService == null) {
-			authorizedClientService = BeanDefinitionBuilder.rootBeanDefinition(
-					"org.springframework.security.oauth2.client.InMemoryOAuth2AuthorizedClientService")
-					.addConstructorArgValue(clientRegistrationRepository)
-					.getBeanDefinition();
+			authorizedClientService = BeanDefinitionBuilder
+					.rootBeanDefinition(
+							"org.springframework.security.oauth2.client.InMemoryOAuth2AuthorizedClientService")
+					.addConstructorArgValue(clientRegistrationRepository).getBeanDefinition();
 		}
 		return BeanDefinitionBuilder.rootBeanDefinition(
 				"org.springframework.security.oauth2.client.web.AuthenticatedPrincipalOAuth2AuthorizedClientRepository")
-				.addConstructorArgValue(authorizedClientService)
-				.getBeanDefinition();
+				.addConstructorArgValue(authorizedClientService).getBeanDefinition();
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/http/OAuth2ClientWebMvcSecurityPostProcessor.java b/config/src/main/java/org/springframework/security/config/http/OAuth2ClientWebMvcSecurityPostProcessor.java
index a6535ea064..1c6add1ede 100644
--- a/config/src/main/java/org/springframework/security/config/http/OAuth2ClientWebMvcSecurityPostProcessor.java
+++ b/config/src/main/java/org/springframework/security/config/http/OAuth2ClientWebMvcSecurityPostProcessor.java
@@ -38,7 +38,9 @@ import org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandl
  * @since 5.4
  */
 final class OAuth2ClientWebMvcSecurityPostProcessor implements BeanDefinitionRegistryPostProcessor, BeanFactoryAware {
+
 	private static final String CUSTOM_ARGUMENT_RESOLVERS_PROPERTY = "customArgumentResolvers";
+
 	private BeanFactory beanFactory;
 
 	@Override
@@ -55,8 +57,8 @@ final class OAuth2ClientWebMvcSecurityPostProcessor implements BeanDefinitionReg
 		for (String beanName : registry.getBeanDefinitionNames()) {
 			BeanDefinition beanDefinition = registry.getBeanDefinition(beanName);
 			if (RequestMappingHandlerAdapter.class.getName().equals(beanDefinition.getBeanClassName())) {
-				PropertyValue currentArgumentResolvers =
-						beanDefinition.getPropertyValues().getPropertyValue(CUSTOM_ARGUMENT_RESOLVERS_PROPERTY);
+				PropertyValue currentArgumentResolvers = beanDefinition.getPropertyValues()
+						.getPropertyValue(CUSTOM_ARGUMENT_RESOLVERS_PROPERTY);
 				ManagedList<Object> argumentResolvers = new ManagedList<>();
 				if (currentArgumentResolvers != null) {
 					argumentResolvers.addAll((ManagedList<?>) currentArgumentResolvers.getValue());
@@ -65,11 +67,12 @@ final class OAuth2ClientWebMvcSecurityPostProcessor implements BeanDefinitionReg
 				String[] authorizedClientManagerBeanNames = BeanFactoryUtils.beanNamesForTypeIncludingAncestors(
 						(ListableBeanFactory) this.beanFactory, OAuth2AuthorizedClientManager.class, false, false);
 
-				BeanDefinitionBuilder beanDefinitionBuilder =
-						BeanDefinitionBuilder.genericBeanDefinition(OAuth2AuthorizedClientArgumentResolver.class);
+				BeanDefinitionBuilder beanDefinitionBuilder = BeanDefinitionBuilder
+						.genericBeanDefinition(OAuth2AuthorizedClientArgumentResolver.class);
 				if (authorizedClientManagerBeanNames.length == 1) {
 					beanDefinitionBuilder.addConstructorArgReference(authorizedClientManagerBeanNames[0]);
-				} else {
+				}
+				else {
 					beanDefinitionBuilder.addConstructorArgReference(clientRegistrationRepositoryBeanNames[0]);
 					beanDefinitionBuilder.addConstructorArgReference(authorizedClientRepositoryBeanNames[0]);
 				}
@@ -88,4 +91,5 @@ final class OAuth2ClientWebMvcSecurityPostProcessor implements BeanDefinitionReg
 	public void setBeanFactory(BeanFactory beanFactory) throws BeansException {
 		this.beanFactory = beanFactory;
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/http/OAuth2LoginBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/OAuth2LoginBeanDefinitionParser.java
index 68ac6f2041..20240dcf3e 100644
--- a/config/src/main/java/org/springframework/security/config/http/OAuth2LoginBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/OAuth2LoginBeanDefinitionParser.java
@@ -79,26 +79,43 @@ import static org.springframework.security.config.http.OAuth2ClientBeanDefinitio
 final class OAuth2LoginBeanDefinitionParser implements BeanDefinitionParser {
 
 	private static final String DEFAULT_AUTHORIZATION_REQUEST_BASE_URI = "/oauth2/authorization";
+
 	private static final String DEFAULT_LOGIN_URI = DefaultLoginPageGeneratingFilter.DEFAULT_LOGIN_PAGE_URL;
 
 	private static final String ELT_CLIENT_REGISTRATION = "client-registration";
+
 	private static final String ATT_REGISTRATION_ID = "registration-id";
+
 	private static final String ATT_AUTHORIZATION_REQUEST_REPOSITORY_REF = "authorization-request-repository-ref";
+
 	private static final String ATT_AUTHORIZATION_REQUEST_RESOLVER_REF = "authorization-request-resolver-ref";
+
 	private static final String ATT_ACCESS_TOKEN_RESPONSE_CLIENT_REF = "access-token-response-client-ref";
+
 	private static final String ATT_USER_AUTHORITIES_MAPPER_REF = "user-authorities-mapper-ref";
+
 	private static final String ATT_USER_SERVICE_REF = "user-service-ref";
+
 	private static final String ATT_OIDC_USER_SERVICE_REF = "oidc-user-service-ref";
+
 	private static final String ATT_LOGIN_PROCESSING_URL = "login-processing-url";
+
 	private static final String ATT_LOGIN_PAGE = "login-page";
+
 	private static final String ATT_AUTHENTICATION_SUCCESS_HANDLER_REF = "authentication-success-handler-ref";
+
 	private static final String ATT_AUTHENTICATION_FAILURE_HANDLER_REF = "authentication-failure-handler-ref";
+
 	private static final String ATT_JWT_DECODER_FACTORY_REF = "jwt-decoder-factory-ref";
 
 	private final BeanReference requestCache;
+
 	private final BeanReference portMapper;
+
 	private final BeanReference portResolver;
+
 	private final BeanReference sessionStrategy;
+
 	private final boolean allowSessionCreation;
 
 	private BeanDefinition defaultAuthorizedClientRepository;
@@ -128,8 +145,8 @@ final class OAuth2LoginBeanDefinitionParser implements BeanDefinitionParser {
 		BeanDefinition oauth2LoginBeanConfig = BeanDefinitionBuilder.rootBeanDefinition(OAuth2LoginBeanConfig.class)
 				.getBeanDefinition();
 		String oauth2LoginBeanConfigId = parserContext.getReaderContext().generateBeanName(oauth2LoginBeanConfig);
-		parserContext.registerBeanComponent(
-				new BeanComponentDefinition(oauth2LoginBeanConfig, oauth2LoginBeanConfigId));
+		parserContext
+				.registerBeanComponent(new BeanComponentDefinition(oauth2LoginBeanConfig, oauth2LoginBeanConfigId));
 
 		// configure filter
 		BeanMetadataElement clientRegistrationRepository = getClientRegistrationRepository(element);
@@ -146,8 +163,7 @@ final class OAuth2LoginBeanDefinitionParser implements BeanDefinitionParser {
 
 		BeanDefinitionBuilder oauth2LoginAuthenticationFilterBuilder = BeanDefinitionBuilder
 				.rootBeanDefinition(OAuth2LoginAuthenticationFilter.class)
-				.addConstructorArgValue(clientRegistrationRepository)
-				.addConstructorArgValue(authorizedClientRepository)
+				.addConstructorArgValue(clientRegistrationRepository).addConstructorArgValue(authorizedClientRepository)
 				.addPropertyValue("authorizationRequestRepository", authorizationRequestRepository);
 
 		if (sessionStrategy != null) {
@@ -159,34 +175,35 @@ final class OAuth2LoginBeanDefinitionParser implements BeanDefinitionParser {
 		if (!StringUtils.isEmpty(loginProcessingUrl)) {
 			WebConfigUtils.validateHttpRedirect(loginProcessingUrl, parserContext, source);
 			oauth2LoginAuthenticationFilterBuilder.addConstructorArgValue(loginProcessingUrl);
-		} else {
+		}
+		else {
 			oauth2LoginAuthenticationFilterBuilder
 					.addConstructorArgValue(OAuth2LoginAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI);
 		}
 
 		BeanDefinitionBuilder oauth2LoginAuthenticationProviderBuilder = BeanDefinitionBuilder
 				.rootBeanDefinition(OAuth2LoginAuthenticationProvider.class)
-				.addConstructorArgValue(accessTokenResponseClient)
-				.addConstructorArgValue(oauth2UserService);
+				.addConstructorArgValue(accessTokenResponseClient).addConstructorArgValue(oauth2UserService);
 
 		String userAuthoritiesMapperRef = element.getAttribute(ATT_USER_AUTHORITIES_MAPPER_REF);
 		if (!StringUtils.isEmpty(userAuthoritiesMapperRef)) {
-			oauth2LoginAuthenticationProviderBuilder.addPropertyReference("authoritiesMapper", userAuthoritiesMapperRef);
+			oauth2LoginAuthenticationProviderBuilder.addPropertyReference("authoritiesMapper",
+					userAuthoritiesMapperRef);
 		}
 
 		oauth2LoginAuthenticationProvider = oauth2LoginAuthenticationProviderBuilder.getBeanDefinition();
 
-		oauth2LoginOidcAuthenticationProvider = getOidcAuthProvider(
-				element, accessTokenResponseClient, userAuthoritiesMapperRef);
+		oauth2LoginOidcAuthenticationProvider = getOidcAuthProvider(element, accessTokenResponseClient,
+				userAuthoritiesMapperRef);
 
 		BeanDefinitionBuilder oauth2AuthorizationRequestRedirectFilterBuilder = BeanDefinitionBuilder
 				.rootBeanDefinition(OAuth2AuthorizationRequestRedirectFilter.class);
 
 		String authorizationRequestResolverRef = element.getAttribute(ATT_AUTHORIZATION_REQUEST_RESOLVER_REF);
 		if (!StringUtils.isEmpty(authorizationRequestResolverRef)) {
-			oauth2AuthorizationRequestRedirectFilterBuilder
-					.addConstructorArgReference(authorizationRequestResolverRef);
-		} else {
+			oauth2AuthorizationRequestRedirectFilterBuilder.addConstructorArgReference(authorizationRequestResolverRef);
+		}
+		else {
 			oauth2AuthorizationRequestRedirectFilterBuilder.addConstructorArgValue(clientRegistrationRepository);
 		}
 
@@ -199,7 +216,8 @@ final class OAuth2LoginBeanDefinitionParser implements BeanDefinitionParser {
 		if (!StringUtils.isEmpty(authenticationSuccessHandlerRef)) {
 			oauth2LoginAuthenticationFilterBuilder.addPropertyReference("authenticationSuccessHandler",
 					authenticationSuccessHandlerRef);
-		} else {
+		}
+		else {
 			BeanDefinitionBuilder successHandlerBuilder = BeanDefinitionBuilder.rootBeanDefinition(
 					"org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler")
 					.addPropertyValue("requestCache", requestCache);
@@ -211,17 +229,15 @@ final class OAuth2LoginBeanDefinitionParser implements BeanDefinitionParser {
 		if (!StringUtils.isEmpty(loginPage)) {
 			WebConfigUtils.validateHttpRedirect(loginPage, parserContext, source);
 			oauth2LoginAuthenticationEntryPoint = BeanDefinitionBuilder
-					.rootBeanDefinition(LoginUrlAuthenticationEntryPoint.class)
-					.addConstructorArgValue(loginPage)
-					.addPropertyValue("portMapper", portMapper)
-					.addPropertyValue("portResolver", portResolver)
+					.rootBeanDefinition(LoginUrlAuthenticationEntryPoint.class).addConstructorArgValue(loginPage)
+					.addPropertyValue("portMapper", portMapper).addPropertyValue("portResolver", portResolver)
 					.getBeanDefinition();
-		} else {
+		}
+		else {
 			Map<RequestMatcher, AuthenticationEntryPoint> entryPoint = getLoginEntryPoint(element);
 			if (entryPoint != null) {
 				oauth2LoginAuthenticationEntryPoint = BeanDefinitionBuilder
-						.rootBeanDefinition(DelegatingAuthenticationEntryPoint.class)
-						.addConstructorArgValue(entryPoint)
+						.rootBeanDefinition(DelegatingAuthenticationEntryPoint.class).addConstructorArgValue(entryPoint)
 						.addPropertyValue("defaultEntryPoint", new LoginUrlAuthenticationEntryPoint(DEFAULT_LOGIN_URI))
 						.getBeanDefinition();
 			}
@@ -231,7 +247,8 @@ final class OAuth2LoginBeanDefinitionParser implements BeanDefinitionParser {
 		if (!StringUtils.isEmpty(authenticationFailureHandlerRef)) {
 			oauth2LoginAuthenticationFilterBuilder.addPropertyReference("authenticationFailureHandler",
 					authenticationFailureHandlerRef);
-		} else {
+		}
+		else {
 			BeanDefinitionBuilder failureHandlerBuilder = BeanDefinitionBuilder.rootBeanDefinition(
 					"org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler");
 			failureHandlerBuilder.addConstructorArgValue(
@@ -253,7 +270,8 @@ final class OAuth2LoginBeanDefinitionParser implements BeanDefinitionParser {
 		String authorizationRequestRepositoryRef = element.getAttribute(ATT_AUTHORIZATION_REQUEST_REPOSITORY_REF);
 		if (!StringUtils.isEmpty(authorizationRequestRepositoryRef)) {
 			authorizationRequestRepository = new RuntimeBeanReference(authorizationRequestRepositoryRef);
-		} else {
+		}
+		else {
 			authorizationRequestRepository = BeanDefinitionBuilder.rootBeanDefinition(
 					"org.springframework.security.oauth2.client.web.HttpSessionOAuth2AuthorizationRequestRepository")
 					.getBeanDefinition();
@@ -261,11 +279,11 @@ final class OAuth2LoginBeanDefinitionParser implements BeanDefinitionParser {
 		return authorizationRequestRepository;
 	}
 
-	private BeanDefinition getOidcAuthProvider(Element element,
-			BeanMetadataElement accessTokenResponseClient, String userAuthoritiesMapperRef) {
+	private BeanDefinition getOidcAuthProvider(Element element, BeanMetadataElement accessTokenResponseClient,
+			String userAuthoritiesMapperRef) {
 
-		boolean oidcAuthenticationProviderEnabled = ClassUtils.isPresent(
-				"org.springframework.security.oauth2.jwt.JwtDecoder", this.getClass().getClassLoader());
+		boolean oidcAuthenticationProviderEnabled = ClassUtils
+				.isPresent("org.springframework.security.oauth2.jwt.JwtDecoder", this.getClass().getClassLoader());
 		if (!oidcAuthenticationProviderEnabled) {
 			return BeanDefinitionBuilder.rootBeanDefinition(OidcAuthenticationRequestChecker.class).getBeanDefinition();
 		}
@@ -274,8 +292,7 @@ final class OAuth2LoginBeanDefinitionParser implements BeanDefinitionParser {
 
 		BeanDefinitionBuilder oidcAuthProviderBuilder = BeanDefinitionBuilder.rootBeanDefinition(
 				"org.springframework.security.oauth2.client.oidc.authentication.OidcAuthorizationCodeAuthenticationProvider")
-				.addConstructorArgValue(accessTokenResponseClient)
-				.addConstructorArgValue(oidcUserService);
+				.addConstructorArgValue(accessTokenResponseClient).addConstructorArgValue(oidcUserService);
 
 		if (!StringUtils.isEmpty(userAuthoritiesMapperRef)) {
 			oidcAuthProviderBuilder.addPropertyReference("authoritiesMapper", userAuthoritiesMapperRef);
@@ -294,7 +311,8 @@ final class OAuth2LoginBeanDefinitionParser implements BeanDefinitionParser {
 		String oidcUserServiceRef = element.getAttribute(ATT_OIDC_USER_SERVICE_REF);
 		if (!StringUtils.isEmpty(oidcUserServiceRef)) {
 			oidcUserService = new RuntimeBeanReference(oidcUserServiceRef);
-		} else {
+		}
+		else {
 			oidcUserService = BeanDefinitionBuilder
 					.rootBeanDefinition("org.springframework.security.oauth2.client.oidc.userinfo.OidcUserService")
 					.getBeanDefinition();
@@ -307,7 +325,8 @@ final class OAuth2LoginBeanDefinitionParser implements BeanDefinitionParser {
 		String oauth2UserServiceRef = element.getAttribute(ATT_USER_SERVICE_REF);
 		if (!StringUtils.isEmpty(oauth2UserServiceRef)) {
 			oauth2UserService = new RuntimeBeanReference(oauth2UserServiceRef);
-		} else {
+		}
+		else {
 			oauth2UserService = BeanDefinitionBuilder
 					.rootBeanDefinition("org.springframework.security.oauth2.client.userinfo.DefaultOAuth2UserService")
 					.getBeanDefinition();
@@ -320,7 +339,8 @@ final class OAuth2LoginBeanDefinitionParser implements BeanDefinitionParser {
 		String accessTokenResponseClientRef = element.getAttribute(ATT_ACCESS_TOKEN_RESPONSE_CLIENT_REF);
 		if (!StringUtils.isEmpty(accessTokenResponseClientRef)) {
 			accessTokenResponseClient = new RuntimeBeanReference(accessTokenResponseClientRef);
-		} else {
+		}
+		else {
 			accessTokenResponseClient = BeanDefinitionBuilder.rootBeanDefinition(
 					"org.springframework.security.oauth2.client.endpoint.DefaultAuthorizationCodeTokenResponseClient")
 					.getBeanDefinition();
@@ -417,6 +437,7 @@ final class OAuth2LoginBeanDefinitionParser implements BeanDefinitionParser {
 		public boolean supports(Class<?> authentication) {
 			return OAuth2LoginAuthenticationToken.class.isAssignableFrom(authentication);
 		}
+
 	}
 
 	/**
@@ -452,5 +473,7 @@ final class OAuth2LoginBeanDefinitionParser implements BeanDefinitionParser {
 
 			return loginUrlToClientName;
 		}
+
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParser.java
index 5068a74b45..326fc70713 100644
--- a/config/src/main/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParser.java
@@ -52,12 +52,14 @@ import org.springframework.util.StringUtils;
 import org.springframework.util.xml.DomUtils;
 
 /**
- * A {@link BeanDefinitionParser} for &lt;http&gt;'s &lt;oauth2-resource-server&gt; element.
+ * A {@link BeanDefinitionParser} for &lt;http&gt;'s &lt;oauth2-resource-server&gt;
+ * element.
  *
  * @since 5.3
  * @author Josh Cummings
  */
 final class OAuth2ResourceServerBeanDefinitionParser implements BeanDefinitionParser {
+
 	static final String AUTHENTICATION_MANAGER_RESOLVER_REF = "authentication-manager-resolver-ref";
 	static final String BEARER_TOKEN_RESOLVER_REF = "bearer-token-resolver-ref";
 	static final String ENTRY_POINT_REF = "entry-point-ref";
@@ -66,21 +68,23 @@ final class OAuth2ResourceServerBeanDefinitionParser implements BeanDefinitionPa
 	static final String AUTHENTICATION_ENTRY_POINT = "authenticationEntryPoint";
 
 	private final BeanReference authenticationManager;
+
 	private final List<BeanReference> authenticationProviders;
+
 	private final Map<BeanDefinition, BeanMetadataElement> entryPoints;
+
 	private final Map<BeanDefinition, BeanMetadataElement> deniedHandlers;
+
 	private final List<BeanDefinition> ignoreCsrfRequestMatchers;
 
-	private final BeanDefinition authenticationEntryPoint =
-			new RootBeanDefinition(BearerTokenAuthenticationEntryPoint.class);
-	private final BeanDefinition accessDeniedHandler =
-			new RootBeanDefinition(BearerTokenAccessDeniedHandler.class);
+	private final BeanDefinition authenticationEntryPoint = new RootBeanDefinition(
+			BearerTokenAuthenticationEntryPoint.class);
+
+	private final BeanDefinition accessDeniedHandler = new RootBeanDefinition(BearerTokenAccessDeniedHandler.class);
 
 	OAuth2ResourceServerBeanDefinitionParser(BeanReference authenticationManager,
-			List<BeanReference> authenticationProviders,
-			Map<BeanDefinition, BeanMetadataElement> entryPoints,
-			Map<BeanDefinition, BeanMetadataElement> deniedHandlers,
-			List<BeanDefinition> ignoreCsrfRequestMatchers) {
+			List<BeanReference> authenticationProviders, Map<BeanDefinition, BeanMetadataElement> entryPoints,
+			Map<BeanDefinition, BeanMetadataElement> deniedHandlers, List<BeanDefinition> ignoreCsrfRequestMatchers) {
 		this.authenticationManager = authenticationManager;
 		this.authenticationProviders = authenticationProviders;
 		this.entryPoints = entryPoints;
@@ -91,10 +95,10 @@ final class OAuth2ResourceServerBeanDefinitionParser implements BeanDefinitionPa
 	/**
 	 * Parse a &lt;oauth2-resource-server&gt; element and return the corresponding
 	 * {@link BearerTokenAuthenticationFilter}
-	 *
 	 * @param oauth2ResourceServer the &lt;oauth2-resource-server&gt; element.
 	 * @param pc the {@link ParserContext}
-	 * @return a {@link BeanDefinition} representing a {@link BearerTokenAuthenticationFilter} definition
+	 * @return a {@link BeanDefinition} representing a
+	 * {@link BearerTokenAuthenticationFilter} definition
 	 */
 	@Override
 	public BeanDefinition parse(Element oauth2ResourceServer, ParserContext pc) {
@@ -104,17 +108,16 @@ final class OAuth2ResourceServerBeanDefinitionParser implements BeanDefinitionPa
 		validateConfiguration(oauth2ResourceServer, jwt, opaqueToken, pc);
 
 		if (jwt != null) {
-			BeanDefinition jwtAuthenticationProvider =
-					new JwtBeanDefinitionParser().parse(jwt, pc);
-			this.authenticationProviders.add(new RuntimeBeanReference
-					(pc.getReaderContext().registerWithGeneratedName(jwtAuthenticationProvider)));
+			BeanDefinition jwtAuthenticationProvider = new JwtBeanDefinitionParser().parse(jwt, pc);
+			this.authenticationProviders.add(new RuntimeBeanReference(
+					pc.getReaderContext().registerWithGeneratedName(jwtAuthenticationProvider)));
 		}
 
 		if (opaqueToken != null) {
-			BeanDefinition opaqueTokenAuthenticationProvider =
-					new OpaqueTokenBeanDefinitionParser().parse(opaqueToken, pc);
-			this.authenticationProviders.add(new RuntimeBeanReference
-					(pc.getReaderContext().registerWithGeneratedName(opaqueTokenAuthenticationProvider)));
+			BeanDefinition opaqueTokenAuthenticationProvider = new OpaqueTokenBeanDefinitionParser().parse(opaqueToken,
+					pc);
+			this.authenticationProviders.add(new RuntimeBeanReference(
+					pc.getReaderContext().registerWithGeneratedName(opaqueTokenAuthenticationProvider)));
 		}
 
 		BeanMetadataElement bearerTokenResolver = getBearerTokenResolver(oauth2ResourceServer);
@@ -141,23 +144,23 @@ final class OAuth2ResourceServerBeanDefinitionParser implements BeanDefinitionPa
 	void validateConfiguration(Element oauth2ResourceServer, Element jwt, Element opaqueToken, ParserContext pc) {
 		if (!oauth2ResourceServer.hasAttribute(AUTHENTICATION_MANAGER_RESOLVER_REF)) {
 			if (jwt == null && opaqueToken == null) {
-				pc.getReaderContext().error
-						("Didn't find authentication-manager-resolver-ref, <jwt>, or <opaque-token>. " +
-								"Please select one.", oauth2ResourceServer);
+				pc.getReaderContext()
+						.error("Didn't find authentication-manager-resolver-ref, <jwt>, or <opaque-token>. "
+								+ "Please select one.", oauth2ResourceServer);
 			}
 			return;
 		}
 
 		if (jwt != null) {
-			pc.getReaderContext().error
-					("Found <jwt> as well as authentication-manager-resolver-ref. " +
-							"Please select just one.", oauth2ResourceServer);
+			pc.getReaderContext().error(
+					"Found <jwt> as well as authentication-manager-resolver-ref. " + "Please select just one.",
+					oauth2ResourceServer);
 		}
 
 		if (opaqueToken != null) {
-			pc.getReaderContext().error
-					("Found <opaque-token> as well as authentication-manager-resolver-ref. " +
-							"Please select just one.", oauth2ResourceServer);
+			pc.getReaderContext().error(
+					"Found <opaque-token> as well as authentication-manager-resolver-ref. " + "Please select just one.",
+					oauth2ResourceServer);
 		}
 	}
 
@@ -176,7 +179,8 @@ final class OAuth2ResourceServerBeanDefinitionParser implements BeanDefinitionPa
 		String bearerTokenResolverRef = element.getAttribute(BEARER_TOKEN_RESOLVER_REF);
 		if (StringUtils.isEmpty(bearerTokenResolverRef)) {
 			return new RootBeanDefinition(DefaultBearerTokenResolver.class);
-		} else {
+		}
+		else {
 			return new RuntimeBeanReference(bearerTokenResolverRef);
 		}
 	}
@@ -185,13 +189,16 @@ final class OAuth2ResourceServerBeanDefinitionParser implements BeanDefinitionPa
 		String entryPointRef = element.getAttribute(ENTRY_POINT_REF);
 		if (StringUtils.isEmpty(entryPointRef)) {
 			return this.authenticationEntryPoint;
-		} else {
+		}
+		else {
 			return new RuntimeBeanReference(entryPointRef);
 		}
 	}
+
 }
 
 final class JwtBeanDefinitionParser implements BeanDefinitionParser {
+
 	static final String DECODER_REF = "decoder-ref";
 	static final String JWK_SET_URI = "jwk-set-uri";
 	static final String JWT_AUTHENTICATION_CONVERTER_REF = "jwt-authentication-converter-ref";
@@ -201,8 +208,8 @@ final class JwtBeanDefinitionParser implements BeanDefinitionParser {
 	public BeanDefinition parse(Element element, ParserContext pc) {
 		validateConfiguration(element, pc);
 
-		BeanDefinitionBuilder jwtProviderBuilder =
-				BeanDefinitionBuilder.rootBeanDefinition(JwtAuthenticationProvider.class);
+		BeanDefinitionBuilder jwtProviderBuilder = BeanDefinitionBuilder
+				.rootBeanDefinition(JwtAuthenticationProvider.class);
 		jwtProviderBuilder.addConstructorArgValue(getDecoder(element));
 		jwtProviderBuilder.addPropertyValue(JWT_AUTHENTICATION_CONVERTER, getJwtAuthenticationConverter(element));
 
@@ -214,8 +221,7 @@ final class JwtBeanDefinitionParser implements BeanDefinitionParser {
 		boolean usesJwkSetUri = element.hasAttribute(JWK_SET_URI);
 
 		if (usesDecoder == usesJwkSetUri) {
-			pc.getReaderContext().error
-					("Please specify either decoder-ref or jwk-set-uri.", element);
+			pc.getReaderContext().error("Please specify either decoder-ref or jwk-set-uri.", element);
 		}
 	}
 
@@ -240,10 +246,13 @@ final class JwtBeanDefinitionParser implements BeanDefinitionParser {
 		return new JwtAuthenticationConverter();
 	}
 
-	JwtBeanDefinitionParser() {}
+	JwtBeanDefinitionParser() {
+	}
+
 }
 
 final class OpaqueTokenBeanDefinitionParser implements BeanDefinitionParser {
+
 	static final String INTROSPECTOR_REF = "introspector-ref";
 	static final String INTROSPECTION_URI = "introspection-uri";
 	static final String CLIENT_ID = "client-id";
@@ -254,8 +263,8 @@ final class OpaqueTokenBeanDefinitionParser implements BeanDefinitionParser {
 		validateConfiguration(element, pc);
 
 		BeanMetadataElement introspector = getIntrospector(element);
-		BeanDefinitionBuilder opaqueTokenProviderBuilder =
-				BeanDefinitionBuilder.rootBeanDefinition(OpaqueTokenAuthenticationProvider.class);
+		BeanDefinitionBuilder opaqueTokenProviderBuilder = BeanDefinitionBuilder
+				.rootBeanDefinition(OpaqueTokenAuthenticationProvider.class);
 		opaqueTokenProviderBuilder.addConstructorArgValue(introspector);
 
 		return opaqueTokenProviderBuilder.getBeanDefinition();
@@ -263,23 +272,20 @@ final class OpaqueTokenBeanDefinitionParser implements BeanDefinitionParser {
 
 	void validateConfiguration(Element element, ParserContext pc) {
 		boolean usesIntrospector = element.hasAttribute(INTROSPECTOR_REF);
-		boolean usesEndpoint = element.hasAttribute(INTROSPECTION_URI) ||
-				element.hasAttribute(CLIENT_ID) ||
-				element.hasAttribute(CLIENT_SECRET);
+		boolean usesEndpoint = element.hasAttribute(INTROSPECTION_URI) || element.hasAttribute(CLIENT_ID)
+				|| element.hasAttribute(CLIENT_SECRET);
 
 		if (usesIntrospector == usesEndpoint) {
-			pc.getReaderContext().error
-					("Please specify either introspector-ref or all of " +
-							"introspection-uri, client-id, and client-secret.", element);
+			pc.getReaderContext().error("Please specify either introspector-ref or all of "
+					+ "introspection-uri, client-id, and client-secret.", element);
 			return;
 		}
 
 		if (usesEndpoint) {
-			if (!(element.hasAttribute(INTROSPECTION_URI) &&
-					element.hasAttribute(CLIENT_ID) &&
-					element.hasAttribute(CLIENT_SECRET))) {
-				pc.getReaderContext().error
-						("Please specify introspection-uri, client-id, and client-secret together", element);
+			if (!(element.hasAttribute(INTROSPECTION_URI) && element.hasAttribute(CLIENT_ID)
+					&& element.hasAttribute(CLIENT_SECRET))) {
+				pc.getReaderContext().error("Please specify introspection-uri, client-id, and client-secret together",
+						element);
 			}
 		}
 	}
@@ -303,11 +309,13 @@ final class OpaqueTokenBeanDefinitionParser implements BeanDefinitionParser {
 		return introspectorBuilder.getBeanDefinition();
 	}
 
-	OpaqueTokenBeanDefinitionParser() {}
+	OpaqueTokenBeanDefinitionParser() {
+	}
+
 }
 
-final class StaticAuthenticationManagerResolver implements
-		AuthenticationManagerResolver<HttpServletRequest> {
+final class StaticAuthenticationManagerResolver implements AuthenticationManagerResolver<HttpServletRequest> {
+
 	private final AuthenticationManager authenticationManager;
 
 	StaticAuthenticationManagerResolver(AuthenticationManager authenticationManager) {
@@ -318,9 +326,11 @@ final class StaticAuthenticationManagerResolver implements
 	public AuthenticationManager resolve(HttpServletRequest context) {
 		return this.authenticationManager;
 	}
+
 }
 
 final class NimbusJwtDecoderJwkSetUriFactoryBean implements FactoryBean<JwtDecoder> {
+
 	private final String jwkSetUri;
 
 	NimbusJwtDecoderJwkSetUriFactoryBean(String jwkSetUri) {
@@ -336,9 +346,11 @@ final class NimbusJwtDecoderJwkSetUriFactoryBean implements FactoryBean<JwtDecod
 	public Class<?> getObjectType() {
 		return JwtDecoder.class;
 	}
+
 }
 
 final class BearerTokenRequestMatcher implements RequestMatcher {
+
 	private final BearerTokenResolver bearerTokenResolver;
 
 	BearerTokenRequestMatcher(BearerTokenResolver bearerTokenResolver) {
@@ -350,9 +362,10 @@ final class BearerTokenRequestMatcher implements RequestMatcher {
 	public boolean matches(HttpServletRequest request) {
 		try {
 			return this.bearerTokenResolver.resolve(request) != null;
-		} catch (OAuth2AuthenticationException e) {
+		}
+		catch (OAuth2AuthenticationException e) {
 			return false;
 		}
 	}
-}
 
+}
diff --git a/config/src/main/java/org/springframework/security/config/http/PortMappingsBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/PortMappingsBeanDefinitionParser.java
index 4dd13b82d9..b5ff1c4e1d 100644
--- a/config/src/main/java/org/springframework/security/config/http/PortMappingsBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/PortMappingsBeanDefinitionParser.java
@@ -36,7 +36,9 @@ import org.w3c.dom.Element;
  * @author Luke Taylor
  */
 class PortMappingsBeanDefinitionParser implements BeanDefinitionParser {
+
 	public static final String ATT_HTTP_PORT = "http";
+
 	public static final String ATT_HTTPS_PORT = "https";
 
 	@SuppressWarnings("unchecked")
@@ -45,11 +47,9 @@ class PortMappingsBeanDefinitionParser implements BeanDefinitionParser {
 		portMapper.setSource(parserContext.extractSource(element));
 
 		if (element != null) {
-			List<Element> mappingElts = DomUtils.getChildElementsByTagName(element,
-					Elements.PORT_MAPPING);
+			List<Element> mappingElts = DomUtils.getChildElementsByTagName(element, Elements.PORT_MAPPING);
 			if (mappingElts.isEmpty()) {
-				parserContext.getReaderContext().error(
-						"No port-mapping child elements specified", element);
+				parserContext.getReaderContext().error("No port-mapping child elements specified", element);
 			}
 
 			Map mappings = new ManagedMap();
@@ -59,13 +59,11 @@ class PortMappingsBeanDefinitionParser implements BeanDefinitionParser {
 				String httpsPort = elt.getAttribute(ATT_HTTPS_PORT);
 
 				if (!StringUtils.hasText(httpPort)) {
-					parserContext.getReaderContext().error(
-							"No http port supplied in port mapping", elt);
+					parserContext.getReaderContext().error("No http port supplied in port mapping", elt);
 				}
 
 				if (!StringUtils.hasText(httpsPort)) {
-					parserContext.getReaderContext().error(
-							"No https port supplied in port mapping", elt);
+					parserContext.getReaderContext().error("No https port supplied in port mapping", elt);
 				}
 
 				mappings.put(httpPort, httpsPort);
@@ -76,4 +74,5 @@ class PortMappingsBeanDefinitionParser implements BeanDefinitionParser {
 
 		return portMapper;
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/http/RememberMeBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/RememberMeBeanDefinitionParser.java
index 0fbb14c9bc..d9866bfdb3 100644
--- a/config/src/main/java/org/springframework/security/config/http/RememberMeBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/RememberMeBeanDefinitionParser.java
@@ -41,6 +41,7 @@ import org.w3c.dom.Element;
  * @author Oliver Becker
  */
 class RememberMeBeanDefinitionParser implements BeanDefinitionParser {
+
 	static final String ATT_DATA_SOURCE = "data-source-ref";
 	static final String ATT_SERVICES_REF = "services-ref";
 	static final String ATT_SERVICES_ALIAS = "services-alias";
@@ -53,8 +54,11 @@ class RememberMeBeanDefinitionParser implements BeanDefinitionParser {
 	static final String ATT_REMEMBERME_COOKIE = "remember-me-cookie";
 
 	protected final Log logger = LogFactory.getLog(getClass());
+
 	private final String key;
+
 	private final BeanReference authenticationManager;
+
 	private String rememberMeServicesId;
 
 	RememberMeBeanDefinitionParser(String key, BeanReference authenticationManager) {
@@ -63,8 +67,8 @@ class RememberMeBeanDefinitionParser implements BeanDefinitionParser {
 	}
 
 	public BeanDefinition parse(Element element, ParserContext pc) {
-		CompositeComponentDefinition compositeDef = new CompositeComponentDefinition(
-				element.getTagName(), pc.extractSource(element));
+		CompositeComponentDefinition compositeDef = new CompositeComponentDefinition(element.getTagName(),
+				pc.extractSource(element));
 		pc.pushContainingComponent(compositeDef);
 
 		String tokenRepository = element.getAttribute(ATT_TOKEN_REPOSITORY);
@@ -89,37 +93,33 @@ class RememberMeBeanDefinitionParser implements BeanDefinitionParser {
 		boolean remembermeParameterSet = StringUtils.hasText(remembermeParameter);
 		boolean remembermeCookieSet = StringUtils.hasText(remembermeCookie);
 
-		if (servicesRefSet
-				&& (dataSourceSet || tokenRepoSet || userServiceSet || tokenValiditySet
-						|| useSecureCookieSet || remembermeParameterSet || remembermeCookieSet)) {
-			pc.getReaderContext().error(
-					ATT_SERVICES_REF + " can't be used in combination with attributes "
-							+ ATT_TOKEN_REPOSITORY + "," + ATT_DATA_SOURCE + ", "
-							+ ATT_USER_SERVICE_REF + ", " + ATT_TOKEN_VALIDITY + ", "
-							+ ATT_SECURE_COOKIE + ", " + ATT_FORM_REMEMBERME_PARAMETER
-							+ " or " + ATT_REMEMBERME_COOKIE, source);
+		if (servicesRefSet && (dataSourceSet || tokenRepoSet || userServiceSet || tokenValiditySet || useSecureCookieSet
+				|| remembermeParameterSet || remembermeCookieSet)) {
+			pc.getReaderContext()
+					.error(ATT_SERVICES_REF + " can't be used in combination with attributes " + ATT_TOKEN_REPOSITORY
+							+ "," + ATT_DATA_SOURCE + ", " + ATT_USER_SERVICE_REF + ", " + ATT_TOKEN_VALIDITY + ", "
+							+ ATT_SECURE_COOKIE + ", " + ATT_FORM_REMEMBERME_PARAMETER + " or " + ATT_REMEMBERME_COOKIE,
+							source);
 		}
 
 		if (dataSourceSet && tokenRepoSet) {
-			pc.getReaderContext().error(
-					"Specify " + ATT_TOKEN_REPOSITORY + " or " + ATT_DATA_SOURCE
-							+ " but not both", source);
+			pc.getReaderContext().error("Specify " + ATT_TOKEN_REPOSITORY + " or " + ATT_DATA_SOURCE + " but not both",
+					source);
 		}
 
 		boolean isPersistent = dataSourceSet | tokenRepoSet;
 
 		if (isPersistent) {
 			Object tokenRepo;
-			services = new RootBeanDefinition(
-					PersistentTokenBasedRememberMeServices.class);
+			services = new RootBeanDefinition(PersistentTokenBasedRememberMeServices.class);
 
 			if (tokenRepoSet) {
 				tokenRepo = new RuntimeBeanReference(tokenRepository);
 			}
 			else {
 				tokenRepo = new RootBeanDefinition(JdbcTokenRepositoryImpl.class);
-				((BeanDefinition) tokenRepo).getPropertyValues().addPropertyValue(
-						"dataSource", new RuntimeBeanReference(dataSource));
+				((BeanDefinition) tokenRepo).getPropertyValues().addPropertyValue("dataSource",
+						new RuntimeBeanReference(dataSource));
 			}
 			services.getConstructorArgumentValues().addIndexedArgumentValue(2, tokenRepo);
 		}
@@ -141,30 +141,24 @@ class RememberMeBeanDefinitionParser implements BeanDefinitionParser {
 			// PersistentTokenBasedRememberMeServices
 
 			if (useSecureCookieSet) {
-				services.getPropertyValues().addPropertyValue("useSecureCookie",
-						Boolean.valueOf(useSecureCookie));
+				services.getPropertyValues().addPropertyValue("useSecureCookie", Boolean.valueOf(useSecureCookie));
 			}
 
 			if (tokenValiditySet) {
 				boolean isTokenValidityNegative = tokenValiditySeconds.startsWith("-");
 				if (isTokenValidityNegative && isPersistent) {
-					pc.getReaderContext().error(
-							ATT_TOKEN_VALIDITY + " cannot be negative if using"
-									+ " a persistent remember-me token repository",
-							source);
+					pc.getReaderContext().error(ATT_TOKEN_VALIDITY + " cannot be negative if using"
+							+ " a persistent remember-me token repository", source);
 				}
-				services.getPropertyValues().addPropertyValue("tokenValiditySeconds",
-						tokenValiditySeconds);
+				services.getPropertyValues().addPropertyValue("tokenValiditySeconds", tokenValiditySeconds);
 			}
 
 			if (remembermeParameterSet) {
-				services.getPropertyValues().addPropertyValue("parameter",
-						remembermeParameter);
+				services.getPropertyValues().addPropertyValue("parameter", remembermeParameter);
 			}
 
 			if (remembermeCookieSet) {
-				services.getPropertyValues().addPropertyValue("cookieName",
-						remembermeCookie);
+				services.getPropertyValues().addPropertyValue("cookieName", remembermeCookie);
 			}
 
 			services.setSource(source);
@@ -176,14 +170,12 @@ class RememberMeBeanDefinitionParser implements BeanDefinitionParser {
 		}
 
 		if (StringUtils.hasText(element.getAttribute(ATT_SERVICES_ALIAS))) {
-			pc.getRegistry().registerAlias(servicesName,
-					element.getAttribute(ATT_SERVICES_ALIAS));
+			pc.getRegistry().registerAlias(servicesName, element.getAttribute(ATT_SERVICES_ALIAS));
 		}
 
 		this.rememberMeServicesId = servicesName;
 
-		BeanDefinitionBuilder filter = BeanDefinitionBuilder
-				.rootBeanDefinition(RememberMeAuthenticationFilter.class);
+		BeanDefinitionBuilder filter = BeanDefinitionBuilder.rootBeanDefinition(RememberMeAuthenticationFilter.class);
 		filter.getRawBeanDefinition().setSource(source);
 
 		if (StringUtils.hasText(successHandlerRef)) {
@@ -201,4 +193,5 @@ class RememberMeBeanDefinitionParser implements BeanDefinitionParser {
 	String getRememberMeServicesId() {
 		return this.rememberMeServicesId;
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/http/SecurityFilters.java b/config/src/main/java/org/springframework/security/config/http/SecurityFilters.java
index ee6f366d48..b858c44054 100644
--- a/config/src/main/java/org/springframework/security/config/http/SecurityFilters.java
+++ b/config/src/main/java/org/springframework/security/config/http/SecurityFilters.java
@@ -15,8 +15,6 @@
  */
 package org.springframework.security.config.http;
 
-import org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter;
-
 /**
  * Stores the default order numbers of all Spring Security filters for use in
  * configuration.
@@ -26,43 +24,77 @@ import org.springframework.security.web.context.request.async.WebAsyncManagerInt
  */
 
 enum SecurityFilters {
+
 	FIRST(Integer.MIN_VALUE),
+
 	CHANNEL_FILTER,
+
 	SECURITY_CONTEXT_FILTER,
+
 	CONCURRENT_SESSION_FILTER,
-	WEB_ASYNC_MANAGER_FILTER /** {@link WebAsyncManagerIntegrationFilter} */,
-	HEADERS_FILTER, CORS_FILTER,
+
+	WEB_ASYNC_MANAGER_FILTER,
+
+	HEADERS_FILTER,
+
+	CORS_FILTER,
+
 	CSRF_FILTER,
+
 	LOGOUT_FILTER,
+
 	OAUTH2_AUTHORIZATION_REQUEST_FILTER,
+
 	X509_FILTER,
+
 	PRE_AUTH_FILTER,
+
 	CAS_FILTER,
+
 	OAUTH2_LOGIN_FILTER,
+
 	FORM_LOGIN_FILTER,
+
 	OPENID_FILTER,
+
 	LOGIN_PAGE_FILTER,
+
 	LOGOUT_PAGE_FILTER,
+
 	DIGEST_AUTH_FILTER,
+
 	BEARER_TOKEN_AUTH_FILTER,
+
 	BASIC_AUTH_FILTER,
+
 	REQUEST_CACHE_FILTER,
+
 	SERVLET_API_SUPPORT_FILTER,
+
 	JAAS_API_SUPPORT_FILTER,
+
 	REMEMBER_ME_FILTER,
+
 	ANONYMOUS_FILTER,
+
 	OAUTH2_AUTHORIZATION_CODE_GRANT_FILTER,
+
 	SESSION_MANAGEMENT_FILTER,
+
 	EXCEPTION_TRANSLATION_FILTER,
+
 	FILTER_SECURITY_INTERCEPTOR,
+
 	SWITCH_USER_FILTER,
+
 	LAST(Integer.MAX_VALUE);
 
 	private static final int INTERVAL = 100;
+
 	private final int order;
 
 	SecurityFilters() {
-		order = ordinal() * INTERVAL;
+		this.order = ordinal() * INTERVAL;
 	}
 
 	SecurityFilters(int order) {
@@ -70,6 +102,7 @@ enum SecurityFilters {
 	}
 
 	public int getOrder() {
-		return order;
+		return this.order;
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/http/SessionCreationPolicy.java b/config/src/main/java/org/springframework/security/config/http/SessionCreationPolicy.java
index fc1f2636b2..314a8cddc3 100644
--- a/config/src/main/java/org/springframework/security/config/http/SessionCreationPolicy.java
+++ b/config/src/main/java/org/springframework/security/config/http/SessionCreationPolicy.java
@@ -26,6 +26,7 @@ import org.springframework.security.core.context.SecurityContext;
  * @since 3.1
  */
 public enum SessionCreationPolicy {
+
 	/** Always create an {@link HttpSession} */
 	ALWAYS,
 	/**
@@ -40,4 +41,5 @@ public enum SessionCreationPolicy {
 	 * to obtain the {@link SecurityContext}
 	 */
 	STATELESS
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/http/UserDetailsServiceFactoryBean.java b/config/src/main/java/org/springframework/security/config/http/UserDetailsServiceFactoryBean.java
index d7e18b7dae..2f1c56a27c 100644
--- a/config/src/main/java/org/springframework/security/config/http/UserDetailsServiceFactoryBean.java
+++ b/config/src/main/java/org/springframework/security/config/http/UserDetailsServiceFactoryBean.java
@@ -54,8 +54,7 @@ public class UserDetailsServiceFactoryBean implements ApplicationContextAware {
 			return getUserDetailsService();
 		}
 		// Overwrite with the caching version if available
-		String cachingId = id
-				+ AbstractUserDetailsServiceBeanDefinitionParser.CACHING_SUFFIX;
+		String cachingId = id + AbstractUserDetailsServiceBeanDefinitionParser.CACHING_SUFFIX;
 
 		if (beanFactory.containsBeanDefinition(cachingId)) {
 			return (UserDetailsService) beanFactory.getBean(cachingId);
@@ -73,9 +72,8 @@ public class UserDetailsServiceFactoryBean implements ApplicationContextAware {
 
 			if (!beans.isEmpty()) {
 				if (beans.size() > 1) {
-					throw new ApplicationContextException(
-							"More than one AuthenticationUserDetailsService registered."
-									+ " Please use a specific Id reference.");
+					throw new ApplicationContextException("More than one AuthenticationUserDetailsService registered."
+							+ " Please use a specific Id reference.");
 				}
 				return (AuthenticationUserDetailsService) beans.values().toArray()[0];
 			}
@@ -96,9 +94,8 @@ public class UserDetailsServiceFactoryBean implements ApplicationContextAware {
 				}
 			}
 			else {
-				throw new ApplicationContextException("Bean '" + name
-						+ "' must be a UserDetailsService or an"
-						+ " AuthenticationUserDetailsService");
+				throw new ApplicationContextException(
+						"Bean '" + name + "' must be a UserDetailsService or an" + " AuthenticationUserDetailsService");
 			}
 		}
 
@@ -122,16 +119,14 @@ public class UserDetailsServiceFactoryBean implements ApplicationContextAware {
 
 		}
 		else if (beans.size() > 1) {
-			throw new ApplicationContextException(
-					"More than one UserDetailsService registered. Please "
-							+ "use a specific Id reference in <remember-me/> <openid-login/> or <x509 /> elements.");
+			throw new ApplicationContextException("More than one UserDetailsService registered. Please "
+					+ "use a specific Id reference in <remember-me/> <openid-login/> or <x509 /> elements.");
 		}
 
 		return (UserDetailsService) beans.values().toArray()[0];
 	}
 
-	public void setApplicationContext(ApplicationContext beanFactory)
-			throws BeansException {
+	public void setApplicationContext(ApplicationContext beanFactory) throws BeansException {
 		this.beanFactory = beanFactory;
 	}
 
diff --git a/config/src/main/java/org/springframework/security/config/http/WebConfigUtils.java b/config/src/main/java/org/springframework/security/config/http/WebConfigUtils.java
index ea53d9dc82..d590b88a55 100644
--- a/config/src/main/java/org/springframework/security/config/http/WebConfigUtils.java
+++ b/config/src/main/java/org/springframework/security/config/http/WebConfigUtils.java
@@ -46,13 +46,11 @@ abstract class WebConfigUtils {
 	 * SpEL), "/" or "http" it will raise an error.
 	 */
 	static void validateHttpRedirect(String url, ParserContext pc, Object source) {
-		if (!StringUtils.hasText(url) || UrlUtils.isValidRedirectUrl(url)
-				|| url.startsWith("$") || url.startsWith("#")) {
+		if (!StringUtils.hasText(url) || UrlUtils.isValidRedirectUrl(url) || url.startsWith("$")
+				|| url.startsWith("#")) {
 			return;
 		}
-		pc.getReaderContext().warning(
-				url + " is not a valid redirect URL (must start with '/' or http(s))",
-				source);
+		pc.getReaderContext().warning(url + " is not a valid redirect URL (must start with '/' or http(s))", source);
 	}
 
 }
diff --git a/config/src/main/java/org/springframework/security/config/http/package-info.java b/config/src/main/java/org/springframework/security/config/http/package-info.java
index 654cd0d372..aa327d361e 100644
--- a/config/src/main/java/org/springframework/security/config/http/package-info.java
+++ b/config/src/main/java/org/springframework/security/config/http/package-info.java
@@ -17,4 +17,3 @@
  * Parsing of the &lt;http&gt; namespace element.
  */
 package org.springframework.security.config.http;
-
diff --git a/config/src/main/java/org/springframework/security/config/ldap/ContextSourceSettingPostProcessor.java b/config/src/main/java/org/springframework/security/config/ldap/ContextSourceSettingPostProcessor.java
index a55523d04f..a031988e83 100644
--- a/config/src/main/java/org/springframework/security/config/ldap/ContextSourceSettingPostProcessor.java
+++ b/config/src/main/java/org/springframework/security/config/ldap/ContextSourceSettingPostProcessor.java
@@ -35,6 +35,7 @@ import org.springframework.util.ClassUtils;
  * @since 3.0
  */
 class ContextSourceSettingPostProcessor implements BeanFactoryPostProcessor, Ordered {
+
 	private static final String REQUIRED_CONTEXT_SOURCE_CLASS_NAME = "org.springframework.ldap.core.support.BaseLdapPathContextSource";
 
 	/**
@@ -43,8 +44,7 @@ class ContextSourceSettingPostProcessor implements BeanFactoryPostProcessor, Ord
 	 */
 	private boolean defaultNameRequired;
 
-	public void postProcessBeanFactory(ConfigurableListableBeanFactory bf)
-			throws BeansException {
+	public void postProcessBeanFactory(ConfigurableListableBeanFactory bf) throws BeansException {
 		Class<?> contextSourceClass;
 
 		try {
@@ -52,31 +52,24 @@ class ContextSourceSettingPostProcessor implements BeanFactoryPostProcessor, Ord
 					ClassUtils.getDefaultClassLoader());
 		}
 		catch (ClassNotFoundException e) {
-			throw new ApplicationContextException(
-					"Couldn't locate: "
-							+ REQUIRED_CONTEXT_SOURCE_CLASS_NAME
-							+ ". "
-							+ " If you are using LDAP with Spring Security, please ensure that you include the spring-ldap "
-							+ "jar file in your application", e);
+			throw new ApplicationContextException("Couldn't locate: " + REQUIRED_CONTEXT_SOURCE_CLASS_NAME + ". "
+					+ " If you are using LDAP with Spring Security, please ensure that you include the spring-ldap "
+					+ "jar file in your application", e);
 		}
 
 		String[] sources = bf.getBeanNamesForType(contextSourceClass, false, false);
 
 		if (sources.length == 0) {
-			throw new ApplicationContextException(
-					"No BaseLdapPathContextSource instances found. Have you "
-							+ "added an <" + Elements.LDAP_SERVER
-							+ " /> element to your application context? If you have "
-							+ "declared an explicit bean, do not use lazy-init");
+			throw new ApplicationContextException("No BaseLdapPathContextSource instances found. Have you "
+					+ "added an <" + Elements.LDAP_SERVER + " /> element to your application context? If you have "
+					+ "declared an explicit bean, do not use lazy-init");
 		}
 
 		if (!bf.containsBean(BeanIds.CONTEXT_SOURCE) && defaultNameRequired) {
 			if (sources.length > 1) {
-				throw new ApplicationContextException(
-						"More than one BaseLdapPathContextSource instance found. "
-								+ "Please specify a specific server id using the 'server-ref' attribute when configuring your <"
-								+ Elements.LDAP_PROVIDER + "> " + "or <"
-								+ Elements.LDAP_USER_SERVICE + ">.");
+				throw new ApplicationContextException("More than one BaseLdapPathContextSource instance found. "
+						+ "Please specify a specific server id using the 'server-ref' attribute when configuring your <"
+						+ Elements.LDAP_PROVIDER + "> " + "or <" + Elements.LDAP_USER_SERVICE + ">.");
 			}
 
 			bf.registerAlias(sources[0], BeanIds.CONTEXT_SOURCE);
@@ -90,4 +83,5 @@ class ContextSourceSettingPostProcessor implements BeanFactoryPostProcessor, Ord
 	public int getOrder() {
 		return LOWEST_PRECEDENCE;
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/ldap/LdapProviderBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/ldap/LdapProviderBeanDefinitionParser.java
index e2d86aab62..84f4f14d03 100644
--- a/config/src/main/java/org/springframework/security/config/ldap/LdapProviderBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/ldap/LdapProviderBeanDefinitionParser.java
@@ -35,10 +35,13 @@ import org.w3c.dom.Element;
  * @since 2.0
  */
 public class LdapProviderBeanDefinitionParser implements BeanDefinitionParser {
+
 	private final Log logger = LogFactory.getLog(getClass());
 
 	private static final String ATT_USER_DN_PATTERN = "user-dn-pattern";
+
 	private static final String ATT_USER_PASSWORD = "password-attribute";
+
 	private static final String ATT_HASH = PasswordEncoderParser.ATT_HASH;
 
 	private static final String DEF_USER_SEARCH_FILTER = "uid={0}";
@@ -48,11 +51,10 @@ public class LdapProviderBeanDefinitionParser implements BeanDefinitionParser {
 	static final String PASSWD_AUTH_CLASS = "org.springframework.security.ldap.authentication.PasswordComparisonAuthenticator";
 
 	public BeanDefinition parse(Element elt, ParserContext parserContext) {
-		RuntimeBeanReference contextSource = LdapUserServiceBeanDefinitionParser
-				.parseServerReference(elt, parserContext);
+		RuntimeBeanReference contextSource = LdapUserServiceBeanDefinitionParser.parseServerReference(elt,
+				parserContext);
 
-		BeanDefinition searchBean = LdapUserServiceBeanDefinitionParser.parseSearchBean(
-				elt, parserContext);
+		BeanDefinition searchBean = LdapUserServiceBeanDefinitionParser.parseSearchBean(elt, parserContext);
 		String userDnPattern = elt.getAttribute(ATT_USER_DN_PATTERN);
 
 		String[] userDnPatternArray = new String[0];
@@ -73,41 +75,33 @@ public class LdapProviderBeanDefinitionParser implements BeanDefinitionParser {
 			searchBean = searchBeanBuilder.getBeanDefinition();
 		}
 
-		BeanDefinitionBuilder authenticatorBuilder = BeanDefinitionBuilder
-				.rootBeanDefinition(BIND_AUTH_CLASS);
-		Element passwordCompareElt = DomUtils.getChildElementByTagName(elt,
-				Elements.LDAP_PASSWORD_COMPARE);
+		BeanDefinitionBuilder authenticatorBuilder = BeanDefinitionBuilder.rootBeanDefinition(BIND_AUTH_CLASS);
+		Element passwordCompareElt = DomUtils.getChildElementByTagName(elt, Elements.LDAP_PASSWORD_COMPARE);
 
 		if (passwordCompareElt != null) {
-			authenticatorBuilder = BeanDefinitionBuilder
-					.rootBeanDefinition(PASSWD_AUTH_CLASS);
+			authenticatorBuilder = BeanDefinitionBuilder.rootBeanDefinition(PASSWD_AUTH_CLASS);
 
 			String passwordAttribute = passwordCompareElt.getAttribute(ATT_USER_PASSWORD);
 			if (StringUtils.hasText(passwordAttribute)) {
-				authenticatorBuilder.addPropertyValue("passwordAttributeName",
-						passwordAttribute);
+				authenticatorBuilder.addPropertyValue("passwordAttributeName", passwordAttribute);
 			}
 
-			Element passwordEncoderElement = DomUtils.getChildElementByTagName(
-					passwordCompareElt, Elements.PASSWORD_ENCODER);
+			Element passwordEncoderElement = DomUtils.getChildElementByTagName(passwordCompareElt,
+					Elements.PASSWORD_ENCODER);
 			String hash = passwordCompareElt.getAttribute(ATT_HASH);
 
 			if (passwordEncoderElement != null) {
 				if (StringUtils.hasText(hash)) {
 					parserContext.getReaderContext().warning(
-							"Attribute 'hash' cannot be used with 'password-encoder' and "
-									+ "will be ignored.",
+							"Attribute 'hash' cannot be used with 'password-encoder' and " + "will be ignored.",
 							parserContext.extractSource(elt));
 				}
-				PasswordEncoderParser pep = new PasswordEncoderParser(
-						passwordEncoderElement, parserContext);
-				authenticatorBuilder.addPropertyValue("passwordEncoder",
-						pep.getPasswordEncoder());
+				PasswordEncoderParser pep = new PasswordEncoderParser(passwordEncoderElement, parserContext);
+				authenticatorBuilder.addPropertyValue("passwordEncoder", pep.getPasswordEncoder());
 			}
 			else if (StringUtils.hasText(hash)) {
 				authenticatorBuilder.addPropertyValue("passwordEncoder",
-						PasswordEncoderParser.createPasswordEncoderBeanDefinition(hash,
-								false));
+						PasswordEncoderParser.createPasswordEncoderBeanDefinition(hash, false));
 			}
 		}
 
@@ -118,15 +112,14 @@ public class LdapProviderBeanDefinitionParser implements BeanDefinitionParser {
 			authenticatorBuilder.addPropertyValue("userSearch", searchBean);
 		}
 
-		BeanDefinitionBuilder ldapProvider = BeanDefinitionBuilder
-				.rootBeanDefinition(PROVIDER_CLASS);
+		BeanDefinitionBuilder ldapProvider = BeanDefinitionBuilder.rootBeanDefinition(PROVIDER_CLASS);
 		ldapProvider.addConstructorArgValue(authenticatorBuilder.getBeanDefinition());
-		ldapProvider.addConstructorArgValue(LdapUserServiceBeanDefinitionParser
-				.parseAuthoritiesPopulator(elt, parserContext));
+		ldapProvider.addConstructorArgValue(
+				LdapUserServiceBeanDefinitionParser.parseAuthoritiesPopulator(elt, parserContext));
 		ldapProvider.addPropertyValue("userDetailsContextMapper",
-				LdapUserServiceBeanDefinitionParser.parseUserDetailsClassOrUserMapperRef(
-						elt, parserContext));
+				LdapUserServiceBeanDefinitionParser.parseUserDetailsClassOrUserMapperRef(elt, parserContext));
 
 		return ldapProvider.getBeanDefinition();
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/ldap/LdapServerBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/ldap/LdapServerBeanDefinitionParser.java
index cbdda20de6..0ca5bb99ae 100644
--- a/config/src/main/java/org/springframework/security/config/ldap/LdapServerBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/ldap/LdapServerBeanDefinitionParser.java
@@ -42,6 +42,7 @@ import org.springframework.util.StringUtils;
  * @author Evgeniy Cheban
  */
 public class LdapServerBeanDefinitionParser implements BeanDefinitionParser {
+
 	private static final String CONTEXT_SOURCE_CLASS = "org.springframework.security.ldap.DefaultSpringSecurityContextSource";
 
 	/**
@@ -51,29 +52,37 @@ public class LdapServerBeanDefinitionParser implements BeanDefinitionParser {
 	private static final String ATT_URL = "url";
 
 	private static final String ATT_PRINCIPAL = "manager-dn";
+
 	private static final String ATT_PASSWORD = "manager-password";
 
 	// Properties which apply to embedded server only - when no Url is set
 
 	/** sets the configuration suffix (default is "dc=springframework,dc=org"). */
 	public static final String ATT_ROOT_SUFFIX = "root";
+
 	private static final String OPT_DEFAULT_ROOT_SUFFIX = "dc=springframework,dc=org";
+
 	/**
 	 * Optionally defines an ldif resource to be loaded. Otherwise an attempt will be made
 	 * to load all ldif files found on the classpath.
 	 */
 	public static final String ATT_LDIF_FILE = "ldif";
+
 	private static final String OPT_DEFAULT_LDIF_FILE = "classpath*:*.ldif";
 
 	/** Defines the port the LDAP_PROVIDER server should run on */
 	public static final String ATT_PORT = "port";
+
 	private static final String RANDOM_PORT = "0";
+
 	private static final int DEFAULT_PORT = 33389;
 
 	private static final String APACHEDS_CLASSNAME = "org.apache.directory.server.core.DefaultDirectoryService";
+
 	private static final String UNBOUNID_CLASSNAME = "com.unboundid.ldap.listener.InMemoryDirectoryServer";
 
 	private static final String APACHEDS_CONTAINER_CLASSNAME = "org.springframework.security.ldap.server.ApacheDSContainer";
+
 	private static final String UNBOUNDID_CONTAINER_CLASSNAME = "org.springframework.security.ldap.server.UnboundIdContainer";
 
 	public BeanDefinition parse(Element elt, ParserContext parserContext) {
@@ -97,22 +106,19 @@ public class LdapServerBeanDefinitionParser implements BeanDefinitionParser {
 
 		if (StringUtils.hasText(managerDn)) {
 			if (!StringUtils.hasText(managerPassword)) {
-				parserContext.getReaderContext().error(
-						"You must specify the " + ATT_PASSWORD + " if you supply a "
-								+ managerDn, elt);
+				parserContext.getReaderContext()
+						.error("You must specify the " + ATT_PASSWORD + " if you supply a " + managerDn, elt);
 			}
 
 			contextSource.getPropertyValues().addPropertyValue("userDn", managerDn);
-			contextSource.getPropertyValues().addPropertyValue("password",
-					managerPassword);
+			contextSource.getPropertyValues().addPropertyValue("password", managerPassword);
 		}
 
 		String id = elt.getAttribute(AbstractBeanDefinitionParser.ID_ATTRIBUTE);
 
 		String contextSourceId = StringUtils.hasText(id) ? id : BeanIds.CONTEXT_SOURCE;
 
-		parserContext.getRegistry()
-				.registerBeanDefinition(contextSourceId, contextSource);
+		parserContext.getRegistry().registerBeanDefinition(contextSourceId, contextSource);
 
 		return null;
 	}
@@ -121,14 +127,12 @@ public class LdapServerBeanDefinitionParser implements BeanDefinitionParser {
 	 * Will be called if no url attribute is supplied.
 	 *
 	 * Registers beans to create an embedded apache directory server.
-	 *
 	 * @return the BeanDefinition for the ContextSource for the embedded server.
 	 *
 	 * @see ApacheDSContainer
 	 * @see UnboundIdContainer
 	 */
-	private RootBeanDefinition createEmbeddedServer(Element element,
-			ParserContext parserContext) {
+	private RootBeanDefinition createEmbeddedServer(Element element, ParserContext parserContext) {
 		Object source = parserContext.extractSource(element);
 
 		String suffix = element.getAttribute(ATT_ROOT_SUFFIX);
@@ -137,8 +141,7 @@ public class LdapServerBeanDefinitionParser implements BeanDefinitionParser {
 			suffix = OPT_DEFAULT_ROOT_SUFFIX;
 		}
 
-		BeanDefinitionBuilder contextSource = BeanDefinitionBuilder
-				.rootBeanDefinition(CONTEXT_SOURCE_CLASS);
+		BeanDefinitionBuilder contextSource = BeanDefinitionBuilder.rootBeanDefinition(CONTEXT_SOURCE_CLASS);
 		contextSource.addConstructorArgValue(suffix);
 		contextSource.addPropertyValue("userDn", "uid=admin,ou=system");
 		contextSource.addPropertyValue("password", "secret");
@@ -148,8 +151,8 @@ public class LdapServerBeanDefinitionParser implements BeanDefinitionParser {
 		String embeddedLdapServerConfigBeanName = parserContext.getReaderContext()
 				.generateBeanName(embeddedLdapServerConfigBean);
 
-		parserContext.registerBeanComponent(new BeanComponentDefinition(embeddedLdapServerConfigBean,
-				embeddedLdapServerConfigBeanName));
+		parserContext.registerBeanComponent(
+				new BeanComponentDefinition(embeddedLdapServerConfigBean, embeddedLdapServerConfigBeanName));
 
 		contextSource.setFactoryMethodOnBean("createEmbeddedContextSource", embeddedLdapServerConfigBeanName);
 
@@ -166,11 +169,9 @@ public class LdapServerBeanDefinitionParser implements BeanDefinitionParser {
 		ldapContainer.getConstructorArgumentValues().addGenericArgumentValue(ldifs);
 		ldapContainer.getPropertyValues().addPropertyValue("port", getPort(element));
 
-		if (parserContext.getRegistry()
-				.containsBeanDefinition(BeanIds.EMBEDDED_APACHE_DS) ||
-				parserContext.getRegistry().containsBeanDefinition(BeanIds.EMBEDDED_UNBOUNDID)) {
-			parserContext.getReaderContext().error(
-					"Only one embedded server bean is allowed per application context",
+		if (parserContext.getRegistry().containsBeanDefinition(BeanIds.EMBEDDED_APACHE_DS)
+				|| parserContext.getRegistry().containsBeanDefinition(BeanIds.EMBEDDED_UNBOUNDID)) {
+			parserContext.getReaderContext().error("Only one embedded server bean is allowed per application context",
 					element);
 		}
 
@@ -218,7 +219,8 @@ public class LdapServerBeanDefinitionParser implements BeanDefinitionParser {
 	private String getDefaultPort() {
 		try (ServerSocket serverSocket = new ServerSocket(DEFAULT_PORT)) {
 			return String.valueOf(serverSocket.getLocalPort());
-		} catch (IOException e) {
+		}
+		catch (IOException e) {
 			return RANDOM_PORT;
 		}
 	}
@@ -251,5 +253,7 @@ public class LdapServerBeanDefinitionParser implements BeanDefinitionParser {
 
 			return new DefaultSpringSecurityContextSource(providerUrl);
 		}
+
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/ldap/LdapUserServiceBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/ldap/LdapUserServiceBeanDefinitionParser.java
index 219de13e33..9ea520c98e 100644
--- a/config/src/main/java/org/springframework/security/config/ldap/LdapUserServiceBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/ldap/LdapUserServiceBeanDefinitionParser.java
@@ -32,17 +32,24 @@ import org.w3c.dom.Element;
  * @author Luke Taylor
  * @since 2.0
  */
-public class LdapUserServiceBeanDefinitionParser extends
-		AbstractUserDetailsServiceBeanDefinitionParser {
+public class LdapUserServiceBeanDefinitionParser extends AbstractUserDetailsServiceBeanDefinitionParser {
+
 	public static final String ATT_SERVER = "server-ref";
+
 	public static final String ATT_USER_SEARCH_FILTER = "user-search-filter";
+
 	public static final String ATT_USER_SEARCH_BASE = "user-search-base";
+
 	public static final String DEF_USER_SEARCH_BASE = "";
 
 	public static final String ATT_GROUP_SEARCH_FILTER = "group-search-filter";
+
 	public static final String ATT_GROUP_SEARCH_BASE = "group-search-base";
+
 	public static final String ATT_GROUP_ROLE_ATTRIBUTE = "group-role-attribute";
+
 	public static final String DEF_GROUP_SEARCH_FILTER = "(uniqueMember={0})";
+
 	public static final String DEF_GROUP_SEARCH_BASE = "";
 
 	static final String ATT_ROLE_PREFIX = "role-prefix";
@@ -52,28 +59,29 @@ public class LdapUserServiceBeanDefinitionParser extends
 	static final String OPT_INETORGPERSON = "inetOrgPerson";
 
 	public static final String LDAP_SEARCH_CLASS = "org.springframework.security.ldap.search.FilterBasedLdapUserSearch";
+
 	public static final String PERSON_MAPPER_CLASS = "org.springframework.security.ldap.userdetails.PersonContextMapper";
+
 	public static final String INET_ORG_PERSON_MAPPER_CLASS = "org.springframework.security.ldap.userdetails.InetOrgPersonContextMapper";
+
 	public static final String LDAP_USER_MAPPER_CLASS = "org.springframework.security.ldap.userdetails.LdapUserDetailsMapper";
+
 	public static final String LDAP_AUTHORITIES_POPULATOR_CLASS = "org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator";
 
 	protected String getBeanClassName(Element element) {
 		return "org.springframework.security.ldap.userdetails.LdapUserDetailsService";
 	}
 
-	protected void doParse(Element elt, ParserContext parserContext,
-			BeanDefinitionBuilder builder) {
+	protected void doParse(Element elt, ParserContext parserContext, BeanDefinitionBuilder builder) {
 
 		if (!StringUtils.hasText(elt.getAttribute(ATT_USER_SEARCH_FILTER))) {
-			parserContext.getReaderContext().error("User search filter must be supplied",
-					elt);
+			parserContext.getReaderContext().error("User search filter must be supplied", elt);
 		}
 
 		builder.addConstructorArgValue(parseSearchBean(elt, parserContext));
 		builder.getRawBeanDefinition().setSource(parserContext.extractSource(elt));
 		builder.addConstructorArgValue(parseAuthoritiesPopulator(elt, parserContext));
-		builder.addPropertyValue("userDetailsMapper",
-				parseUserDetailsClassOrUserMapperRef(elt, parserContext));
+		builder.addPropertyValue("userDetailsMapper", parseUserDetailsClassOrUserMapperRef(elt, parserContext));
 	}
 
 	static RootBeanDefinition parseSearchBean(Element elt, ParserContext parserContext) {
@@ -83,9 +91,8 @@ public class LdapUserServiceBeanDefinitionParser extends
 
 		if (StringUtils.hasText(userSearchBase)) {
 			if (!StringUtils.hasText(userSearchFilter)) {
-				parserContext.getReaderContext().error(
-						ATT_USER_SEARCH_BASE + " cannot be used without a "
-								+ ATT_USER_SEARCH_FILTER, source);
+				parserContext.getReaderContext()
+						.error(ATT_USER_SEARCH_BASE + " cannot be used without a " + ATT_USER_SEARCH_FILTER, source);
 			}
 		}
 		else {
@@ -96,8 +103,7 @@ public class LdapUserServiceBeanDefinitionParser extends
 			return null;
 		}
 
-		BeanDefinitionBuilder searchBuilder = BeanDefinitionBuilder
-				.rootBeanDefinition(LDAP_SEARCH_CLASS);
+		BeanDefinitionBuilder searchBuilder = BeanDefinitionBuilder.rootBeanDefinition(LDAP_SEARCH_CLASS);
 		searchBuilder.getRawBeanDefinition().setSource(source);
 		searchBuilder.addConstructorArgValue(userSearchBase);
 		searchBuilder.addConstructorArgValue(userSearchFilter);
@@ -106,8 +112,7 @@ public class LdapUserServiceBeanDefinitionParser extends
 		return (RootBeanDefinition) searchBuilder.getBeanDefinition();
 	}
 
-	static RuntimeBeanReference parseServerReference(Element elt,
-			ParserContext parserContext) {
+	static RuntimeBeanReference parseServerReference(Element elt, ParserContext parserContext) {
 		String server = elt.getAttribute(ATT_SERVER);
 		boolean requiresDefaultName = false;
 
@@ -123,36 +128,27 @@ public class LdapUserServiceBeanDefinitionParser extends
 		return contextSource;
 	}
 
-	private static void registerPostProcessorIfNecessary(BeanDefinitionRegistry registry,
-			boolean defaultNameRequired) {
-		if (registry
-				.containsBeanDefinition(BeanIds.CONTEXT_SOURCE_SETTING_POST_PROCESSOR)) {
+	private static void registerPostProcessorIfNecessary(BeanDefinitionRegistry registry, boolean defaultNameRequired) {
+		if (registry.containsBeanDefinition(BeanIds.CONTEXT_SOURCE_SETTING_POST_PROCESSOR)) {
 			if (defaultNameRequired) {
-				BeanDefinition bd = registry
-						.getBeanDefinition(BeanIds.CONTEXT_SOURCE_SETTING_POST_PROCESSOR);
-				bd.getPropertyValues().addPropertyValue("defaultNameRequired",
-						defaultNameRequired);
+				BeanDefinition bd = registry.getBeanDefinition(BeanIds.CONTEXT_SOURCE_SETTING_POST_PROCESSOR);
+				bd.getPropertyValues().addPropertyValue("defaultNameRequired", defaultNameRequired);
 			}
 			return;
 		}
 
-		BeanDefinitionBuilder bdb = BeanDefinitionBuilder
-				.rootBeanDefinition(ContextSourceSettingPostProcessor.class);
+		BeanDefinitionBuilder bdb = BeanDefinitionBuilder.rootBeanDefinition(ContextSourceSettingPostProcessor.class);
 		bdb.addPropertyValue("defaultNameRequired", defaultNameRequired);
-		registry.registerBeanDefinition(BeanIds.CONTEXT_SOURCE_SETTING_POST_PROCESSOR,
-				bdb.getBeanDefinition());
+		registry.registerBeanDefinition(BeanIds.CONTEXT_SOURCE_SETTING_POST_PROCESSOR, bdb.getBeanDefinition());
 	}
 
-	static BeanMetadataElement parseUserDetailsClassOrUserMapperRef(Element elt,
-			ParserContext parserContext) {
+	static BeanMetadataElement parseUserDetailsClassOrUserMapperRef(Element elt, ParserContext parserContext) {
 		String userDetailsClass = elt.getAttribute(ATT_USER_CLASS);
 		String userMapperRef = elt.getAttribute(ATT_USER_CONTEXT_MAPPER_REF);
 
 		if (StringUtils.hasText(userDetailsClass) && StringUtils.hasText(userMapperRef)) {
-			parserContext.getReaderContext().error(
-					"Attributes " + ATT_USER_CLASS + " and "
-							+ ATT_USER_CONTEXT_MAPPER_REF + " cannot be used together.",
-					parserContext.extractSource(elt));
+			parserContext.getReaderContext().error("Attributes " + ATT_USER_CLASS + " and "
+					+ ATT_USER_CONTEXT_MAPPER_REF + " cannot be used together.", parserContext.extractSource(elt));
 		}
 
 		if (StringUtils.hasText(userMapperRef)) {
@@ -176,8 +172,7 @@ public class LdapUserServiceBeanDefinitionParser extends
 		return mapper;
 	}
 
-	static RootBeanDefinition parseAuthoritiesPopulator(Element elt,
-			ParserContext parserContext) {
+	static RootBeanDefinition parseAuthoritiesPopulator(Element elt, ParserContext parserContext) {
 		String groupSearchFilter = elt.getAttribute(ATT_GROUP_SEARCH_FILTER);
 		String groupSearchBase = elt.getAttribute(ATT_GROUP_SEARCH_BASE);
 		String groupRoleAttribute = elt.getAttribute(ATT_GROUP_ROLE_ATTRIBUTE);
@@ -191,8 +186,7 @@ public class LdapUserServiceBeanDefinitionParser extends
 			groupSearchBase = DEF_GROUP_SEARCH_BASE;
 		}
 
-		BeanDefinitionBuilder populator = BeanDefinitionBuilder
-				.rootBeanDefinition(LDAP_AUTHORITIES_POPULATOR_CLASS);
+		BeanDefinitionBuilder populator = BeanDefinitionBuilder.rootBeanDefinition(LDAP_AUTHORITIES_POPULATOR_CLASS);
 		populator.getRawBeanDefinition().setSource(parserContext.extractSource(elt));
 		populator.addConstructorArgValue(parseServerReference(elt, parserContext));
 		populator.addConstructorArgValue(groupSearchBase);
@@ -212,4 +206,5 @@ public class LdapUserServiceBeanDefinitionParser extends
 
 		return (RootBeanDefinition) populator.getBeanDefinition();
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/ldap/package-info.java b/config/src/main/java/org/springframework/security/config/ldap/package-info.java
index 392fc2146b..168ff506d5 100644
--- a/config/src/main/java/org/springframework/security/config/ldap/package-info.java
+++ b/config/src/main/java/org/springframework/security/config/ldap/package-info.java
@@ -17,4 +17,3 @@
  * Security namespace support for LDAP authentication.
  */
 package org.springframework.security.config.ldap;
-
diff --git a/config/src/main/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParser.java
index 29a58e040c..0063ad72ff 100644
--- a/config/src/main/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParser.java
@@ -94,21 +94,32 @@ public class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionP
 	private final Log logger = LogFactory.getLog(getClass());
 
 	private static final String ATT_AUTHENTICATION_MANAGER_REF = "authentication-manager-ref";
+
 	private static final String ATT_ACCESS = "access";
+
 	private static final String ATT_EXPRESSION = "expression";
+
 	private static final String ATT_ACCESS_MGR = "access-decision-manager-ref";
+
 	private static final String ATT_RUN_AS_MGR = "run-as-manager-ref";
+
 	private static final String ATT_USE_JSR250 = "jsr250-annotations";
+
 	private static final String ATT_USE_SECURED = "secured-annotations";
+
 	private static final String ATT_USE_PREPOST = "pre-post-annotations";
+
 	private static final String ATT_REF = "ref";
+
 	private static final String ATT_MODE = "mode";
+
 	private static final String ATT_ADVICE_ORDER = "order";
+
 	private static final String ATT_META_DATA_SOURCE_REF = "metadata-source-ref";
 
 	public BeanDefinition parse(Element element, ParserContext pc) {
-		CompositeComponentDefinition compositeDef = new CompositeComponentDefinition(
-				element.getTagName(), pc.extractSource(element));
+		CompositeComponentDefinition compositeDef = new CompositeComponentDefinition(element.getTagName(),
+				pc.extractSource(element));
 		pc.pushContainingComponent(compositeDef);
 
 		Object source = pc.extractSource(element);
@@ -117,8 +128,7 @@ public class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionP
 
 		boolean jsr250Enabled = "enabled".equals(element.getAttribute(ATT_USE_JSR250));
 		boolean useSecured = "enabled".equals(element.getAttribute(ATT_USE_SECURED));
-		boolean prePostAnnotationsEnabled = "enabled".equals(element
-				.getAttribute(ATT_USE_PREPOST));
+		boolean prePostAnnotationsEnabled = "enabled".equals(element.getAttribute(ATT_USE_PREPOST));
 		boolean useAspectJ = "aspectj".equals(element.getAttribute(ATT_MODE));
 
 		BeanDefinition preInvocationVoter = null;
@@ -133,15 +143,12 @@ public class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionP
 		}
 
 		if (prePostAnnotationsEnabled) {
-			Element prePostElt = DomUtils.getChildElementByTagName(element,
-					INVOCATION_HANDLING);
-			Element expressionHandlerElt = DomUtils.getChildElementByTagName(element,
-					EXPRESSION_HANDLER);
+			Element prePostElt = DomUtils.getChildElementByTagName(element, INVOCATION_HANDLING);
+			Element expressionHandlerElt = DomUtils.getChildElementByTagName(element, EXPRESSION_HANDLER);
 
 			if (prePostElt != null && expressionHandlerElt != null) {
 				pc.getReaderContext().error(
-						INVOCATION_HANDLING + " and " + EXPRESSION_HANDLER
-								+ " cannot be used together ", source);
+						INVOCATION_HANDLING + " and " + EXPRESSION_HANDLER + " cannot be used together ", source);
 			}
 
 			BeanDefinitionBuilder preInvocationVoterBldr = BeanDefinitionBuilder
@@ -156,12 +163,12 @@ public class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionP
 
 			if (prePostElt != null) {
 				// Customized override of expression handling system
-				String attributeFactoryRef = DomUtils.getChildElementByTagName(
-						prePostElt, INVOCATION_ATTRIBUTE_FACTORY).getAttribute("ref");
-				String preAdviceRef = DomUtils.getChildElementByTagName(prePostElt,
-						PRE_INVOCATION_ADVICE).getAttribute("ref");
-				String postAdviceRef = DomUtils.getChildElementByTagName(prePostElt,
-						POST_INVOCATION_ADVICE).getAttribute("ref");
+				String attributeFactoryRef = DomUtils.getChildElementByTagName(prePostElt, INVOCATION_ATTRIBUTE_FACTORY)
+						.getAttribute("ref");
+				String preAdviceRef = DomUtils.getChildElementByTagName(prePostElt, PRE_INVOCATION_ADVICE)
+						.getAttribute("ref");
+				String postAdviceRef = DomUtils.getChildElementByTagName(prePostElt, POST_INVOCATION_ADVICE)
+						.getAttribute("ref");
 
 				mds.addConstructorArgReference(attributeFactoryRef);
 				preInvocationVoterBldr.addConstructorArgReference(preAdviceRef);
@@ -173,18 +180,15 @@ public class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionP
 						: expressionHandlerElt.getAttribute("ref");
 
 				if (StringUtils.hasText(expressionHandlerRef)) {
-					logger.info("Using bean '" + expressionHandlerRef
-							+ "' as method ExpressionHandler implementation");
+					logger.info("Using bean '" + expressionHandlerRef + "' as method ExpressionHandler implementation");
 					RootBeanDefinition lazyInitPP = new RootBeanDefinition(
 							LazyInitBeanDefinitionRegistryPostProcessor.class);
-					lazyInitPP.getConstructorArgumentValues().addGenericArgumentValue(
-							expressionHandlerRef);
+					lazyInitPP.getConstructorArgumentValues().addGenericArgumentValue(expressionHandlerRef);
 					pc.getReaderContext().registerWithGeneratedName(lazyInitPP);
 
 					BeanDefinitionBuilder lazyMethodSecurityExpressionHandlerBldr = BeanDefinitionBuilder
 							.rootBeanDefinition(LazyInitTargetSource.class);
-					lazyMethodSecurityExpressionHandlerBldr.addPropertyValue(
-							"targetBeanName", expressionHandlerRef);
+					lazyMethodSecurityExpressionHandlerBldr.addPropertyValue("targetBeanName", expressionHandlerRef);
 
 					BeanDefinitionBuilder expressionHandlerProxyBldr = BeanDefinitionBuilder
 							.rootBeanDefinition(ProxyFactoryBean.class);
@@ -193,43 +197,37 @@ public class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionP
 					expressionHandlerProxyBldr.addPropertyValue("proxyInterfaces",
 							MethodSecurityExpressionHandler.class);
 
-					expressionHandlerRef = pc.getReaderContext().generateBeanName(
-							expressionHandlerProxyBldr.getBeanDefinition());
+					expressionHandlerRef = pc.getReaderContext()
+							.generateBeanName(expressionHandlerProxyBldr.getBeanDefinition());
 
-					pc.registerBeanComponent(new BeanComponentDefinition(
-							expressionHandlerProxyBldr.getBeanDefinition(),
+					pc.registerBeanComponent(new BeanComponentDefinition(expressionHandlerProxyBldr.getBeanDefinition(),
 							expressionHandlerRef));
 				}
 				else {
-					RootBeanDefinition expressionHandler = registerWithDefaultRolePrefix(pc, DefaultMethodSecurityExpressionHandlerBeanFactory.class);
+					RootBeanDefinition expressionHandler = registerWithDefaultRolePrefix(pc,
+							DefaultMethodSecurityExpressionHandlerBeanFactory.class);
 
-					expressionHandlerRef = pc.getReaderContext().generateBeanName(
-							expressionHandler);
-					pc.registerBeanComponent(new BeanComponentDefinition(
-							expressionHandler, expressionHandlerRef));
-					logger.info("Expressions were enabled for method security but no SecurityExpressionHandler was configured. "
-							+ "All hasPermission() expressions will evaluate to false.");
+					expressionHandlerRef = pc.getReaderContext().generateBeanName(expressionHandler);
+					pc.registerBeanComponent(new BeanComponentDefinition(expressionHandler, expressionHandlerRef));
+					logger.info(
+							"Expressions were enabled for method security but no SecurityExpressionHandler was configured. "
+									+ "All hasPermission() expressions will evaluate to false.");
 				}
 
 				BeanDefinitionBuilder expressionPreAdviceBldr = BeanDefinitionBuilder
 						.rootBeanDefinition(ExpressionBasedPreInvocationAdvice.class);
-				expressionPreAdviceBldr.addPropertyReference("expressionHandler",
-						expressionHandlerRef);
-				preInvocationVoterBldr.addConstructorArgValue(expressionPreAdviceBldr
-						.getBeanDefinition());
+				expressionPreAdviceBldr.addPropertyReference("expressionHandler", expressionHandlerRef);
+				preInvocationVoterBldr.addConstructorArgValue(expressionPreAdviceBldr.getBeanDefinition());
 
 				BeanDefinitionBuilder expressionPostAdviceBldr = BeanDefinitionBuilder
 						.rootBeanDefinition(ExpressionBasedPostInvocationAdvice.class);
 				expressionPostAdviceBldr.addConstructorArgReference(expressionHandlerRef);
-				afterInvocationBldr.addConstructorArgValue(expressionPostAdviceBldr
-						.getBeanDefinition());
+				afterInvocationBldr.addConstructorArgValue(expressionPostAdviceBldr.getBeanDefinition());
 
 				BeanDefinitionBuilder annotationInvocationFactory = BeanDefinitionBuilder
 						.rootBeanDefinition(ExpressionBasedAnnotationAttributeFactory.class);
-				annotationInvocationFactory
-						.addConstructorArgReference(expressionHandlerRef);
-				mds.addConstructorArgValue(annotationInvocationFactory
-						.getBeanDefinition());
+				annotationInvocationFactory.addConstructorArgReference(expressionHandlerRef);
+				mds.addConstructorArgValue(annotationInvocationFactory.getBeanDefinition());
 			}
 
 			preInvocationVoter = preInvocationVoterBldr.getBeanDefinition();
@@ -238,12 +236,13 @@ public class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionP
 		}
 
 		if (useSecured) {
-			delegates.add(BeanDefinitionBuilder.rootBeanDefinition(
-					SecuredAnnotationSecurityMetadataSource.class).getBeanDefinition());
+			delegates.add(BeanDefinitionBuilder.rootBeanDefinition(SecuredAnnotationSecurityMetadataSource.class)
+					.getBeanDefinition());
 		}
 
 		if (jsr250Enabled) {
-			RootBeanDefinition jsrMetadataSource = registerWithDefaultRolePrefix(pc, Jsr250MethodSecurityMetadataSourceBeanFactory.class);
+			RootBeanDefinition jsrMetadataSource = registerWithDefaultRolePrefix(pc,
+					Jsr250MethodSecurityMetadataSourceBeanFactory.class);
 			delegates.add(jsrMetadataSource);
 		}
 
@@ -254,32 +253,26 @@ public class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionP
 
 		if (pointcutMap.size() > 0) {
 			if (useAspectJ) {
-				pc.getReaderContext().error(
-						"You can't use AspectJ mode with protect-pointcut definitions",
-						source);
+				pc.getReaderContext().error("You can't use AspectJ mode with protect-pointcut definitions", source);
 			}
 			// Only add it if there are actually any pointcuts defined.
-			BeanDefinition mapBasedMetadataSource = new RootBeanDefinition(
-					MapBasedMethodSecurityMetadataSource.class);
-			BeanReference ref = new RuntimeBeanReference(pc.getReaderContext()
-					.generateBeanName(mapBasedMetadataSource));
+			BeanDefinition mapBasedMetadataSource = new RootBeanDefinition(MapBasedMethodSecurityMetadataSource.class);
+			BeanReference ref = new RuntimeBeanReference(
+					pc.getReaderContext().generateBeanName(mapBasedMetadataSource));
 
 			delegates.add(ref);
-			pc.registerBeanComponent(new BeanComponentDefinition(mapBasedMetadataSource,
-					ref.getBeanName()));
+			pc.registerBeanComponent(new BeanComponentDefinition(mapBasedMetadataSource, ref.getBeanName()));
 			registerProtectPointcutPostProcessor(pc, pointcutMap, ref, source);
 		}
 
-		BeanReference metadataSource = registerDelegatingMethodSecurityMetadataSource(pc,
-				delegates, source);
+		BeanReference metadataSource = registerDelegatingMethodSecurityMetadataSource(pc, delegates, source);
 
 		// Check for additional after-invocation-providers..
 		List<Element> afterInvocationElts = DomUtils.getChildElementsByTagName(element,
 				Elements.AFTER_INVOCATION_PROVIDER);
 
 		for (Element elt : afterInvocationElts) {
-			afterInvocationProviders.add(new RuntimeBeanReference(elt
-					.getAttribute(ATT_REF)));
+			afterInvocationProviders.add(new RuntimeBeanReference(elt.getAttribute(ATT_REF)));
 		}
 
 		String accessManagerId = element.getAttribute(ATT_ACCESS_MGR);
@@ -291,24 +284,20 @@ public class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionP
 		String authMgrRef = element.getAttribute(ATT_AUTHENTICATION_MANAGER_REF);
 
 		String runAsManagerId = element.getAttribute(ATT_RUN_AS_MGR);
-		BeanReference interceptor = registerMethodSecurityInterceptor(pc, authMgrRef,
-				accessManagerId, runAsManagerId, metadataSource,
-				afterInvocationProviders, source, useAspectJ);
+		BeanReference interceptor = registerMethodSecurityInterceptor(pc, authMgrRef, accessManagerId, runAsManagerId,
+				metadataSource, afterInvocationProviders, source, useAspectJ);
 
 		if (useAspectJ) {
-			BeanDefinitionBuilder aspect = BeanDefinitionBuilder
-					.rootBeanDefinition("org.springframework.security.access.intercept.aspectj.aspect.AnnotationSecurityAspect");
+			BeanDefinitionBuilder aspect = BeanDefinitionBuilder.rootBeanDefinition(
+					"org.springframework.security.access.intercept.aspectj.aspect.AnnotationSecurityAspect");
 			aspect.setFactoryMethod("aspectOf");
 			aspect.setRole(BeanDefinition.ROLE_INFRASTRUCTURE);
 			aspect.addPropertyValue("securityInterceptor", interceptor);
-			String id = pc.getReaderContext().registerWithGeneratedName(
-					aspect.getBeanDefinition());
-			pc.registerBeanComponent(new BeanComponentDefinition(aspect
-					.getBeanDefinition(), id));
+			String id = pc.getReaderContext().registerWithGeneratedName(aspect.getBeanDefinition());
+			pc.registerBeanComponent(new BeanComponentDefinition(aspect.getBeanDefinition(), id));
 		}
 		else {
-			registerAdvisor(pc, interceptor, metadataSource, source,
-					element.getAttribute(ATT_ADVICE_ORDER));
+			registerAdvisor(pc, interceptor, metadataSource, source, element.getAttribute(ATT_ADVICE_ORDER));
 			AopNamespaceUtils.registerAutoProxyCreatorIfNecessary(pc, element);
 		}
 
@@ -323,11 +312,9 @@ public class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionP
 	 * @return
 	 */
 	@SuppressWarnings({ "unchecked", "rawtypes" })
-	private String registerAccessManager(ParserContext pc, boolean jsr250Enabled,
-			BeanDefinition expressionVoter) {
+	private String registerAccessManager(ParserContext pc, boolean jsr250Enabled, BeanDefinition expressionVoter) {
 
-		BeanDefinitionBuilder accessMgrBuilder = BeanDefinitionBuilder
-				.rootBeanDefinition(AffirmativeBased.class);
+		BeanDefinitionBuilder accessMgrBuilder = BeanDefinitionBuilder.rootBeanDefinition(AffirmativeBased.class);
 		ManagedList voters = new ManagedList(4);
 
 		if (expressionVoter != null) {
@@ -350,37 +337,32 @@ public class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionP
 	}
 
 	@SuppressWarnings("rawtypes")
-	private BeanReference registerDelegatingMethodSecurityMetadataSource(
-			ParserContext pc, ManagedList delegates, Object source) {
+	private BeanReference registerDelegatingMethodSecurityMetadataSource(ParserContext pc, ManagedList delegates,
+			Object source) {
 		RootBeanDefinition delegatingMethodSecurityMetadataSource = new RootBeanDefinition(
 				DelegatingMethodSecurityMetadataSource.class);
 		delegatingMethodSecurityMetadataSource.setSource(source);
-		delegatingMethodSecurityMetadataSource.getConstructorArgumentValues()
-				.addGenericArgumentValue(delegates);
+		delegatingMethodSecurityMetadataSource.getConstructorArgumentValues().addGenericArgumentValue(delegates);
 
-		String id = pc.getReaderContext().generateBeanName(
-				delegatingMethodSecurityMetadataSource);
-		pc.registerBeanComponent(new BeanComponentDefinition(
-				delegatingMethodSecurityMetadataSource, id));
+		String id = pc.getReaderContext().generateBeanName(delegatingMethodSecurityMetadataSource);
+		pc.registerBeanComponent(new BeanComponentDefinition(delegatingMethodSecurityMetadataSource, id));
 
 		return new RuntimeBeanReference(id);
 	}
 
 	private void registerProtectPointcutPostProcessor(ParserContext parserContext,
-			Map<String, List<ConfigAttribute>> pointcutMap,
-			BeanReference mapBasedMethodSecurityMetadataSource, Object source) {
-		RootBeanDefinition ppbp = new RootBeanDefinition(
-				ProtectPointcutPostProcessor.class);
+			Map<String, List<ConfigAttribute>> pointcutMap, BeanReference mapBasedMethodSecurityMetadataSource,
+			Object source) {
+		RootBeanDefinition ppbp = new RootBeanDefinition(ProtectPointcutPostProcessor.class);
 		ppbp.setRole(BeanDefinition.ROLE_INFRASTRUCTURE);
 		ppbp.setSource(source);
-		ppbp.getConstructorArgumentValues().addGenericArgumentValue(
-				mapBasedMethodSecurityMetadataSource);
+		ppbp.getConstructorArgumentValues().addGenericArgumentValue(mapBasedMethodSecurityMetadataSource);
 		ppbp.getPropertyValues().addPropertyValue("pointcutMap", pointcutMap);
 		parserContext.getReaderContext().registerWithGeneratedName(ppbp);
 	}
 
-	private Map<String, List<ConfigAttribute>> parseProtectPointcuts(
-			ParserContext parserContext, List<Element> protectPointcutElts) {
+	private Map<String, List<ConfigAttribute>> parseProtectPointcuts(ParserContext parserContext,
+			List<Element> protectPointcutElts) {
 		Map<String, List<ConfigAttribute>> pointcutMap = new LinkedHashMap<>();
 
 		for (Element childElt : protectPointcutElts) {
@@ -397,10 +379,8 @@ public class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionP
 						parserContext.extractSource(childElt));
 			}
 
-			String[] attributeTokens = StringUtils
-					.commaDelimitedListToStringArray(accessConfig);
-			List<ConfigAttribute> attributes = new ArrayList<>(
-					attributeTokens.length);
+			String[] attributeTokens = StringUtils.commaDelimitedListToStringArray(accessConfig);
+			List<ConfigAttribute> attributes = new ArrayList<>(attributeTokens.length);
 
 			for (String token : attributeTokens) {
 				attributes.add(new SecurityConfig(token));
@@ -412,18 +392,14 @@ public class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionP
 		return pointcutMap;
 	}
 
-	private BeanReference registerMethodSecurityInterceptor(ParserContext pc,
-			String authMgrRef, String accessManagerId, String runAsManagerId,
-			BeanReference metadataSource,
-			List<BeanMetadataElement> afterInvocationProviders, Object source,
-			boolean useAspectJ) {
-		BeanDefinitionBuilder bldr = BeanDefinitionBuilder
-				.rootBeanDefinition(useAspectJ ? AspectJMethodSecurityInterceptor.class
-						: MethodSecurityInterceptor.class);
+	private BeanReference registerMethodSecurityInterceptor(ParserContext pc, String authMgrRef, String accessManagerId,
+			String runAsManagerId, BeanReference metadataSource, List<BeanMetadataElement> afterInvocationProviders,
+			Object source, boolean useAspectJ) {
+		BeanDefinitionBuilder bldr = BeanDefinitionBuilder.rootBeanDefinition(
+				useAspectJ ? AspectJMethodSecurityInterceptor.class : MethodSecurityInterceptor.class);
 		bldr.getRawBeanDefinition().setSource(source);
 		bldr.addPropertyReference("accessDecisionManager", accessManagerId);
-		RootBeanDefinition authMgr = new RootBeanDefinition(
-				AuthenticationManagerDelegator.class);
+		RootBeanDefinition authMgr = new RootBeanDefinition(AuthenticationManagerDelegator.class);
 		authMgr.getConstructorArgumentValues().addGenericArgumentValue(authMgrRef);
 		bldr.addPropertyValue("authenticationManager", authMgr);
 		bldr.addPropertyValue("securityMetadataSource", metadataSource);
@@ -434,10 +410,8 @@ public class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionP
 
 		if (!afterInvocationProviders.isEmpty()) {
 			BeanDefinition afterInvocationManager;
-			afterInvocationManager = new RootBeanDefinition(
-					AfterInvocationProviderManager.class);
-			afterInvocationManager.getPropertyValues().addPropertyValue("providers",
-					afterInvocationProviders);
+			afterInvocationManager = new RootBeanDefinition(AfterInvocationProviderManager.class);
+			afterInvocationManager.getPropertyValues().addPropertyValue("providers", afterInvocationProviders);
 			bldr.addPropertyValue("afterInvocationManager", afterInvocationManager);
 		}
 
@@ -448,15 +422,12 @@ public class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionP
 		return new RuntimeBeanReference(id);
 	}
 
-	private void registerAdvisor(ParserContext parserContext, BeanReference interceptor,
-			BeanReference metadataSource, Object source, String adviceOrder) {
-		if (parserContext.getRegistry().containsBeanDefinition(
-				BeanIds.METHOD_SECURITY_METADATA_SOURCE_ADVISOR)) {
-			parserContext.getReaderContext().error(
-					"Duplicate <global-method-security> detected.", source);
+	private void registerAdvisor(ParserContext parserContext, BeanReference interceptor, BeanReference metadataSource,
+			Object source, String adviceOrder) {
+		if (parserContext.getRegistry().containsBeanDefinition(BeanIds.METHOD_SECURITY_METADATA_SOURCE_ADVISOR)) {
+			parserContext.getReaderContext().error("Duplicate <global-method-security> detected.", source);
 		}
-		RootBeanDefinition advisor = new RootBeanDefinition(
-				MethodSecurityMetadataSourceAdvisor.class);
+		RootBeanDefinition advisor = new RootBeanDefinition(MethodSecurityMetadataSourceAdvisor.class);
 
 		if (StringUtils.hasText(adviceOrder)) {
 			advisor.getPropertyValues().addPropertyValue("order", adviceOrder);
@@ -467,17 +438,15 @@ public class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionP
 		// otherwise
 		advisor.setRole(BeanDefinition.ROLE_INFRASTRUCTURE);
 		advisor.setSource(source);
-		advisor.getConstructorArgumentValues().addGenericArgumentValue(
-				interceptor.getBeanName());
+		advisor.getConstructorArgumentValues().addGenericArgumentValue(interceptor.getBeanName());
 		advisor.getConstructorArgumentValues().addGenericArgumentValue(metadataSource);
-		advisor.getConstructorArgumentValues().addGenericArgumentValue(
-				metadataSource.getBeanName());
+		advisor.getConstructorArgumentValues().addGenericArgumentValue(metadataSource.getBeanName());
 
-		parserContext.getRegistry().registerBeanDefinition(
-				BeanIds.METHOD_SECURITY_METADATA_SOURCE_ADVISOR, advisor);
+		parserContext.getRegistry().registerBeanDefinition(BeanIds.METHOD_SECURITY_METADATA_SOURCE_ADVISOR, advisor);
 	}
 
-	private RootBeanDefinition registerWithDefaultRolePrefix(ParserContext pc, Class<? extends AbstractGrantedAuthorityDefaultsBeanFactory> beanFactoryClass) {
+	private RootBeanDefinition registerWithDefaultRolePrefix(ParserContext pc,
+			Class<? extends AbstractGrantedAuthorityDefaultsBeanFactory> beanFactoryClass) {
 		RootBeanDefinition beanFactoryDefinition = new RootBeanDefinition(beanFactoryClass);
 		String beanFactoryRef = pc.getReaderContext().generateBeanName(beanFactoryDefinition);
 		pc.getRegistry().registerBeanDefinition(beanFactoryRef, beanFactoryDefinition);
@@ -495,32 +464,30 @@ public class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionP
 	 * @author Luke Taylor
 	 * @since 3.0
 	 */
-	static final class AuthenticationManagerDelegator implements AuthenticationManager,
-			BeanFactoryAware {
+	static final class AuthenticationManagerDelegator implements AuthenticationManager, BeanFactoryAware {
+
 		private AuthenticationManager delegate;
+
 		private final Object delegateMonitor = new Object();
+
 		private BeanFactory beanFactory;
+
 		private final String authMgrBean;
 
 		AuthenticationManagerDelegator(String authMgrBean) {
-			this.authMgrBean = StringUtils.hasText(authMgrBean) ? authMgrBean
-					: BeanIds.AUTHENTICATION_MANAGER;
+			this.authMgrBean = StringUtils.hasText(authMgrBean) ? authMgrBean : BeanIds.AUTHENTICATION_MANAGER;
 		}
 
-		public Authentication authenticate(Authentication authentication)
-				throws AuthenticationException {
+		public Authentication authenticate(Authentication authentication) throws AuthenticationException {
 			synchronized (delegateMonitor) {
 				if (delegate == null) {
-					Assert.state(beanFactory != null,
-							() -> "BeanFactory must be set to resolve " + authMgrBean);
+					Assert.state(beanFactory != null, () -> "BeanFactory must be set to resolve " + authMgrBean);
 					try {
-						delegate = beanFactory.getBean(authMgrBean,
-								AuthenticationManager.class);
+						delegate = beanFactory.getBean(authMgrBean, AuthenticationManager.class);
 					}
 					catch (NoSuchBeanDefinitionException e) {
 						if (BeanIds.AUTHENTICATION_MANAGER.equals(e.getBeanName())) {
-							throw new NoSuchBeanDefinitionException(
-									BeanIds.AUTHENTICATION_MANAGER,
+							throw new NoSuchBeanDefinitionException(BeanIds.AUTHENTICATION_MANAGER,
 									AuthenticationManagerFactoryBean.MISSING_BEAN_ERROR_MESSAGE);
 						}
 						throw e;
@@ -534,38 +501,46 @@ public class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionP
 		public void setBeanFactory(BeanFactory beanFactory) throws BeansException {
 			this.beanFactory = beanFactory;
 		}
+
 	}
 
 	static class Jsr250MethodSecurityMetadataSourceBeanFactory extends AbstractGrantedAuthorityDefaultsBeanFactory {
+
 		private Jsr250MethodSecurityMetadataSource source = new Jsr250MethodSecurityMetadataSource();
 
 		public Jsr250MethodSecurityMetadataSource getBean() {
 			source.setDefaultRolePrefix(this.rolePrefix);
 			return source;
 		}
+
 	}
 
 	static class DefaultMethodSecurityExpressionHandlerBeanFactory extends AbstractGrantedAuthorityDefaultsBeanFactory {
+
 		private DefaultMethodSecurityExpressionHandler handler = new DefaultMethodSecurityExpressionHandler();
 
 		public DefaultMethodSecurityExpressionHandler getBean() {
 			handler.setDefaultRolePrefix(this.rolePrefix);
 			return handler;
 		}
+
 	}
 
 	static abstract class AbstractGrantedAuthorityDefaultsBeanFactory implements ApplicationContextAware {
+
 		protected String rolePrefix = "ROLE_";
 
 		@Override
-		public final void setApplicationContext(ApplicationContext applicationContext)
-				throws BeansException {
-			String[] grantedAuthorityDefaultsBeanNames = applicationContext.getBeanNamesForType(GrantedAuthorityDefaults.class);
+		public final void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
+			String[] grantedAuthorityDefaultsBeanNames = applicationContext
+					.getBeanNamesForType(GrantedAuthorityDefaults.class);
 			if (grantedAuthorityDefaultsBeanNames.length == 1) {
-				GrantedAuthorityDefaults grantedAuthorityDefaults = applicationContext.getBean(grantedAuthorityDefaultsBeanNames[0], GrantedAuthorityDefaults.class);
+				GrantedAuthorityDefaults grantedAuthorityDefaults = applicationContext
+						.getBean(grantedAuthorityDefaultsBeanNames[0], GrantedAuthorityDefaults.class);
 				this.rolePrefix = grantedAuthorityDefaults.getRolePrefix();
 			}
 		}
+
 	}
 
 	/**
@@ -575,16 +550,16 @@ public class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionP
 	 * @author Rob Winch
 	 * @since 3.2
 	 */
-	private static final class LazyInitBeanDefinitionRegistryPostProcessor implements
-			BeanDefinitionRegistryPostProcessor {
+	private static final class LazyInitBeanDefinitionRegistryPostProcessor
+			implements BeanDefinitionRegistryPostProcessor {
+
 		private final String beanName;
 
 		private LazyInitBeanDefinitionRegistryPostProcessor(String beanName) {
 			this.beanName = beanName;
 		}
 
-		public void postProcessBeanDefinitionRegistry(BeanDefinitionRegistry registry)
-				throws BeansException {
+		public void postProcessBeanDefinitionRegistry(BeanDefinitionRegistry registry) throws BeansException {
 			if (!registry.containsBeanDefinition(beanName)) {
 				return;
 			}
@@ -592,8 +567,9 @@ public class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionP
 			beanDefinition.setLazyInit(true);
 		}
 
-		public void postProcessBeanFactory(ConfigurableListableBeanFactory beanFactory)
-				throws BeansException {
+		public void postProcessBeanFactory(ConfigurableListableBeanFactory beanFactory) throws BeansException {
 		}
+
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecorator.java b/config/src/main/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecorator.java
index f57eb1004b..f447972569 100644
--- a/config/src/main/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecorator.java
+++ b/config/src/main/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecorator.java
@@ -42,30 +42,31 @@ import java.util.*;
  *
  */
 public class InterceptMethodsBeanDefinitionDecorator implements BeanDefinitionDecorator {
+
 	private final BeanDefinitionDecorator delegate = new InternalInterceptMethodsBeanDefinitionDecorator();
 
-	public BeanDefinitionHolder decorate(Node node, BeanDefinitionHolder definition,
-			ParserContext parserContext) {
+	public BeanDefinitionHolder decorate(Node node, BeanDefinitionHolder definition, ParserContext parserContext) {
 		MethodConfigUtils.registerDefaultMethodAccessManagerIfNecessary(parserContext);
 
 		return delegate.decorate(node, definition, parserContext);
 	}
+
 }
 
 /**
  * This is the real class which does the work. We need access to the ParserContext in
  * order to do bean registration.
  */
-class InternalInterceptMethodsBeanDefinitionDecorator extends
-		AbstractInterceptorDrivenBeanDefinitionDecorator {
+class InternalInterceptMethodsBeanDefinitionDecorator extends AbstractInterceptorDrivenBeanDefinitionDecorator {
+
 	static final String ATT_METHOD = "method";
 	static final String ATT_ACCESS = "access";
+
 	private static final String ATT_ACCESS_MGR = "access-decision-manager-ref";
 
 	protected BeanDefinition createInterceptorDefinition(Node node) {
 		Element interceptMethodsElt = (Element) node;
-		BeanDefinitionBuilder interceptor = BeanDefinitionBuilder
-				.rootBeanDefinition(MethodSecurityInterceptor.class);
+		BeanDefinitionBuilder interceptor = BeanDefinitionBuilder.rootBeanDefinition(MethodSecurityInterceptor.class);
 
 		// Default to autowiring to pick up after invocation mgr
 		interceptor.setAutowireMode(RootBeanDefinition.AUTOWIRE_BY_TYPE);
@@ -76,26 +77,21 @@ class InternalInterceptMethodsBeanDefinitionDecorator extends
 			accessManagerId = BeanIds.METHOD_ACCESS_MANAGER;
 		}
 
-		interceptor.addPropertyValue("accessDecisionManager", new RuntimeBeanReference(
-				accessManagerId));
-		interceptor.addPropertyValue("authenticationManager", new RuntimeBeanReference(
-				BeanIds.AUTHENTICATION_MANAGER));
+		interceptor.addPropertyValue("accessDecisionManager", new RuntimeBeanReference(accessManagerId));
+		interceptor.addPropertyValue("authenticationManager", new RuntimeBeanReference(BeanIds.AUTHENTICATION_MANAGER));
 
 		// Lookup parent bean information
 
 		String parentBeanClass = ((Element) node.getParentNode()).getAttribute("class");
 
 		// Parse the included methods
-		List<Element> methods = DomUtils.getChildElementsByTagName(interceptMethodsElt,
-				Elements.PROTECT);
+		List<Element> methods = DomUtils.getChildElementsByTagName(interceptMethodsElt, Elements.PROTECT);
 		Map<String, BeanDefinition> mappings = new ManagedMap<>();
 
 		for (Element protectmethodElt : methods) {
-			BeanDefinitionBuilder attributeBuilder = BeanDefinitionBuilder
-					.rootBeanDefinition(SecurityConfig.class);
+			BeanDefinitionBuilder attributeBuilder = BeanDefinitionBuilder.rootBeanDefinition(SecurityConfig.class);
 			attributeBuilder.setFactoryMethod("createListFromCommaDelimitedString");
-			attributeBuilder.addConstructorArgValue(protectmethodElt
-					.getAttribute(ATT_ACCESS));
+			attributeBuilder.addConstructorArgValue(protectmethodElt.getAttribute(ATT_ACCESS));
 
 			// Support inference of class names
 			String methodName = protectmethodElt.getAttribute(ATT_METHOD);
@@ -109,11 +105,11 @@ class InternalInterceptMethodsBeanDefinitionDecorator extends
 			mappings.put(methodName, attributeBuilder.getBeanDefinition());
 		}
 
-		BeanDefinition metadataSource = new RootBeanDefinition(
-				MapBasedMethodSecurityMetadataSource.class);
+		BeanDefinition metadataSource = new RootBeanDefinition(MapBasedMethodSecurityMetadataSource.class);
 		metadataSource.getConstructorArgumentValues().addGenericArgumentValue(mappings);
 		interceptor.addPropertyValue("securityMetadataSource", metadataSource);
 
 		return interceptor.getBeanDefinition();
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/method/MethodConfigUtils.java b/config/src/main/java/org/springframework/security/config/method/MethodConfigUtils.java
index 32ae929c32..05b6c645b1 100644
--- a/config/src/main/java/org/springframework/security/config/method/MethodConfigUtils.java
+++ b/config/src/main/java/org/springframework/security/config/method/MethodConfigUtils.java
@@ -33,28 +33,26 @@ import org.springframework.security.config.BeanIds;
  * @author Rob Winch
  */
 abstract class MethodConfigUtils {
+
 	@SuppressWarnings("unchecked")
 	static void registerDefaultMethodAccessManagerIfNecessary(ParserContext parserContext) {
-		if (!parserContext.getRegistry().containsBeanDefinition(
-				BeanIds.METHOD_ACCESS_MANAGER)) {
-			parserContext.getRegistry().registerBeanDefinition(
-					BeanIds.METHOD_ACCESS_MANAGER,
+		if (!parserContext.getRegistry().containsBeanDefinition(BeanIds.METHOD_ACCESS_MANAGER)) {
+			parserContext.getRegistry().registerBeanDefinition(BeanIds.METHOD_ACCESS_MANAGER,
 					createAccessManagerBean(RoleVoter.class, AuthenticatedVoter.class));
 		}
 	}
 
 	@SuppressWarnings("unchecked")
-	private static RootBeanDefinition createAccessManagerBean(
-			Class<? extends AccessDecisionVoter>... voters) {
+	private static RootBeanDefinition createAccessManagerBean(Class<? extends AccessDecisionVoter>... voters) {
 		ManagedList defaultVoters = new ManagedList(voters.length);
 
 		for (Class<? extends AccessDecisionVoter> voter : voters) {
 			defaultVoters.add(new RootBeanDefinition(voter));
 		}
 
-		BeanDefinitionBuilder accessMgrBuilder = BeanDefinitionBuilder
-				.rootBeanDefinition(AffirmativeBased.class);
+		BeanDefinitionBuilder accessMgrBuilder = BeanDefinitionBuilder.rootBeanDefinition(AffirmativeBased.class);
 		accessMgrBuilder.addConstructorArgValue(defaultVoters);
 		return (RootBeanDefinition) accessMgrBuilder.getBeanDefinition();
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/method/MethodSecurityMetadataSourceBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/method/MethodSecurityMetadataSourceBeanDefinitionParser.java
index 6d4f18b79b..fbc0449fb0 100644
--- a/config/src/main/java/org/springframework/security/config/method/MethodSecurityMetadataSourceBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/method/MethodSecurityMetadataSourceBeanDefinitionParser.java
@@ -32,12 +32,11 @@ import org.springframework.util.xml.DomUtils;
 import org.w3c.dom.Element;
 
 /**
- *
  * @author Luke Taylor
  * @since 3.1
  */
-public class MethodSecurityMetadataSourceBeanDefinitionParser extends
-		AbstractBeanDefinitionParser {
+public class MethodSecurityMetadataSourceBeanDefinitionParser extends AbstractBeanDefinitionParser {
+
 	static final String ATT_METHOD = "method";
 	static final String ATT_ACCESS = "access";
 
@@ -47,16 +46,13 @@ public class MethodSecurityMetadataSourceBeanDefinitionParser extends
 		Map<String, List<ConfigAttribute>> mappings = new LinkedHashMap<>();
 
 		for (Element protectmethodElt : methods) {
-			String[] tokens = StringUtils
-					.commaDelimitedListToStringArray(protectmethodElt
-							.getAttribute(ATT_ACCESS));
+			String[] tokens = StringUtils.commaDelimitedListToStringArray(protectmethodElt.getAttribute(ATT_ACCESS));
 			String methodName = protectmethodElt.getAttribute(ATT_METHOD);
 
 			mappings.put(methodName, SecurityConfig.createList(tokens));
 		}
 
-		RootBeanDefinition metadataSource = new RootBeanDefinition(
-				MapBasedMethodSecurityMetadataSource.class);
+		RootBeanDefinition metadataSource = new RootBeanDefinition(MapBasedMethodSecurityMetadataSource.class);
 		metadataSource.getConstructorArgumentValues().addGenericArgumentValue(mappings);
 
 		return metadataSource;
diff --git a/config/src/main/java/org/springframework/security/config/method/ProtectPointcutPostProcessor.java b/config/src/main/java/org/springframework/security/config/method/ProtectPointcutPostProcessor.java
index 1164a9682a..8e561412df 100644
--- a/config/src/main/java/org/springframework/security/config/method/ProtectPointcutPostProcessor.java
+++ b/config/src/main/java/org/springframework/security/config/method/ProtectPointcutPostProcessor.java
@@ -59,17 +59,19 @@ import org.springframework.util.StringUtils;
  */
 final class ProtectPointcutPostProcessor implements BeanPostProcessor {
 
-	private static final Log logger = LogFactory
-			.getLog(ProtectPointcutPostProcessor.class);
+	private static final Log logger = LogFactory.getLog(ProtectPointcutPostProcessor.class);
 
 	private final Map<String, List<ConfigAttribute>> pointcutMap = new LinkedHashMap<>();
+
 	private final MapBasedMethodSecurityMetadataSource mapBasedMethodSecurityMetadataSource;
+
 	private final Set<PointcutExpression> pointCutExpressions = new LinkedHashSet<>();
+
 	private final PointcutParser parser;
+
 	private final Set<String> processedBeans = new HashSet<>();
 
-	ProtectPointcutPostProcessor(
-			MapBasedMethodSecurityMetadataSource mapBasedMethodSecurityMetadataSource) {
+	ProtectPointcutPostProcessor(MapBasedMethodSecurityMetadataSource mapBasedMethodSecurityMetadataSource) {
 		Assert.notNull(mapBasedMethodSecurityMetadataSource,
 				"MapBasedMethodSecurityMetadataSource to populate is required");
 		this.mapBasedMethodSecurityMetadataSource = mapBasedMethodSecurityMetadataSource;
@@ -86,17 +88,15 @@ final class ProtectPointcutPostProcessor implements BeanPostProcessor {
 		// supportedPrimitives.add(PointcutPrimitive.AT_WITHIN);
 		// supportedPrimitives.add(PointcutPrimitive.AT_ARGS);
 		// supportedPrimitives.add(PointcutPrimitive.AT_TARGET);
-		parser = PointcutParser
-				.getPointcutParserSupportingSpecifiedPrimitivesAndUsingContextClassloaderForResolution(supportedPrimitives);
+		parser = PointcutParser.getPointcutParserSupportingSpecifiedPrimitivesAndUsingContextClassloaderForResolution(
+				supportedPrimitives);
 	}
 
-	public Object postProcessAfterInitialization(Object bean, String beanName)
-			throws BeansException {
+	public Object postProcessAfterInitialization(Object bean, String beanName) throws BeansException {
 		return bean;
 	}
 
-	public Object postProcessBeforeInitialization(Object bean, String beanName)
-			throws BeansException {
+	public Object postProcessBeforeInitialization(Object bean, String beanName) throws BeansException {
 		if (processedBeans.contains(beanName)) {
 			// We already have the metadata for this bean
 			return bean;
@@ -136,27 +136,22 @@ final class ProtectPointcutPostProcessor implements BeanPostProcessor {
 		return bean;
 	}
 
-	private boolean attemptMatch(Class<?> targetClass, Method method,
-			PointcutExpression expression, String beanName) {
+	private boolean attemptMatch(Class<?> targetClass, Method method, PointcutExpression expression, String beanName) {
 		// Determine if the presented AspectJ pointcut expression matches this method
 		boolean matches = expression.matchesMethodExecution(method).alwaysMatches();
 
 		// Handle accordingly
 		if (matches) {
-			List<ConfigAttribute> attr = pointcutMap.get(expression
-					.getPointcutExpression());
+			List<ConfigAttribute> attr = pointcutMap.get(expression.getPointcutExpression());
 
 			if (logger.isDebugEnabled()) {
-				logger.debug("AspectJ pointcut expression '"
-						+ expression.getPointcutExpression() + "' matches target class '"
-						+ targetClass.getName() + "' (bean ID '" + beanName
-						+ "') for method '" + method
-						+ "'; registering security configuration attribute '" + attr
+				logger.debug("AspectJ pointcut expression '" + expression.getPointcutExpression()
+						+ "' matches target class '" + targetClass.getName() + "' (bean ID '" + beanName
+						+ "') for method '" + method + "'; registering security configuration attribute '" + attr
 						+ "'");
 			}
 
-			mapBasedMethodSecurityMetadataSource.addSecureMethod(targetClass, method,
-					attr);
+			mapBasedMethodSecurityMetadataSource.addSecureMethod(targetClass, method, attr);
 		}
 
 		return matches;
@@ -180,8 +175,7 @@ final class ProtectPointcutPostProcessor implements BeanPostProcessor {
 
 		if (logger.isDebugEnabled()) {
 			logger.debug("AspectJ pointcut expression '" + pointcutExpression
-					+ "' registered for security configuration attribute '" + definition
-					+ "'");
+					+ "' registered for security configuration attribute '" + definition + "'");
 		}
 	}
 
diff --git a/config/src/main/java/org/springframework/security/config/method/package-info.java b/config/src/main/java/org/springframework/security/config/method/package-info.java
index c985fc7e60..5e3615cd46 100644
--- a/config/src/main/java/org/springframework/security/config/method/package-info.java
+++ b/config/src/main/java/org/springframework/security/config/method/package-info.java
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 /**
- * Support for parsing of the &lt;global-method-security&gt; and &lt;intercept-methods&gt; elements.
+ * Support for parsing of the &lt;global-method-security&gt; and &lt;intercept-methods&gt;
+ * elements.
  */
 package org.springframework.security.config.method;
-
diff --git a/config/src/main/java/org/springframework/security/config/oauth2/client/ClientRegistrationsBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/oauth2/client/ClientRegistrationsBeanDefinitionParser.java
index 976818d0ff..fb067c901a 100644
--- a/config/src/main/java/org/springframework/security/config/oauth2/client/ClientRegistrationsBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/oauth2/client/ClientRegistrationsBeanDefinitionParser.java
@@ -45,22 +45,39 @@ import java.util.Optional;
 public final class ClientRegistrationsBeanDefinitionParser implements BeanDefinitionParser {
 
 	private static final String ELT_CLIENT_REGISTRATION = "client-registration";
+
 	private static final String ELT_PROVIDER = "provider";
+
 	private static final String ATT_REGISTRATION_ID = "registration-id";
+
 	private static final String ATT_CLIENT_ID = "client-id";
+
 	private static final String ATT_CLIENT_SECRET = "client-secret";
+
 	private static final String ATT_CLIENT_AUTHENTICATION_METHOD = "client-authentication-method";
+
 	private static final String ATT_AUTHORIZATION_GRANT_TYPE = "authorization-grant-type";
+
 	private static final String ATT_REDIRECT_URI = "redirect-uri";
+
 	private static final String ATT_SCOPE = "scope";
+
 	private static final String ATT_CLIENT_NAME = "client-name";
+
 	private static final String ATT_PROVIDER_ID = "provider-id";
+
 	private static final String ATT_AUTHORIZATION_URI = "authorization-uri";
+
 	private static final String ATT_TOKEN_URI = "token-uri";
+
 	private static final String ATT_USER_INFO_URI = "user-info-uri";
+
 	private static final String ATT_USER_INFO_AUTHENTICATION_METHOD = "user-info-authentication-method";
+
 	private static final String ATT_USER_INFO_USER_NAME_ATTRIBUTE = "user-info-user-name-attribute";
+
 	private static final String ATT_JWK_SET_URI = "jwk-set-uri";
+
 	private static final String ATT_ISSUER_URI = "issuer-uri";
 
 	@Override
@@ -74,12 +91,11 @@ public final class ClientRegistrationsBeanDefinitionParser implements BeanDefini
 
 		BeanDefinition clientRegistrationRepositoryBean = BeanDefinitionBuilder
 				.rootBeanDefinition(InMemoryClientRegistrationRepository.class)
-				.addConstructorArgValue(clientRegistrations)
-				.getBeanDefinition();
-		String clientRegistrationRepositoryId = parserContext.getReaderContext().generateBeanName(
-				clientRegistrationRepositoryBean);
-		parserContext.registerBeanComponent(new BeanComponentDefinition(
-				clientRegistrationRepositoryBean, clientRegistrationRepositoryId));
+				.addConstructorArgValue(clientRegistrations).getBeanDefinition();
+		String clientRegistrationRepositoryId = parserContext.getReaderContext()
+				.generateBeanName(clientRegistrationRepositoryBean);
+		parserContext.registerBeanComponent(
+				new BeanComponentDefinition(clientRegistrationRepositoryBean, clientRegistrationRepositoryId));
 
 		parserContext.popAndRegisterContainingComponent();
 		return null;
@@ -103,23 +119,17 @@ public final class ClientRegistrationsBeanDefinitionParser implements BeanDefini
 					continue;
 				}
 			}
-			getOptionalIfNotEmpty(clientRegistrationElt.getAttribute(ATT_CLIENT_ID))
-					.ifPresent(builder::clientId);
+			getOptionalIfNotEmpty(clientRegistrationElt.getAttribute(ATT_CLIENT_ID)).ifPresent(builder::clientId);
 			getOptionalIfNotEmpty(clientRegistrationElt.getAttribute(ATT_CLIENT_SECRET))
 					.ifPresent(builder::clientSecret);
 			getOptionalIfNotEmpty(clientRegistrationElt.getAttribute(ATT_CLIENT_AUTHENTICATION_METHOD))
-					.map(ClientAuthenticationMethod::new)
-					.ifPresent(builder::clientAuthenticationMethod);
+					.map(ClientAuthenticationMethod::new).ifPresent(builder::clientAuthenticationMethod);
 			getOptionalIfNotEmpty(clientRegistrationElt.getAttribute(ATT_AUTHORIZATION_GRANT_TYPE))
-					.map(AuthorizationGrantType::new)
-					.ifPresent(builder::authorizationGrantType);
-			getOptionalIfNotEmpty(clientRegistrationElt.getAttribute(ATT_REDIRECT_URI))
-					.ifPresent(builder::redirectUri);
+					.map(AuthorizationGrantType::new).ifPresent(builder::authorizationGrantType);
+			getOptionalIfNotEmpty(clientRegistrationElt.getAttribute(ATT_REDIRECT_URI)).ifPresent(builder::redirectUri);
 			getOptionalIfNotEmpty(clientRegistrationElt.getAttribute(ATT_SCOPE))
-					.map(StringUtils::commaDelimitedListToSet)
-					.ifPresent(builder::scope);
-			getOptionalIfNotEmpty(clientRegistrationElt.getAttribute(ATT_CLIENT_NAME))
-					.ifPresent(builder::clientName);
+					.map(StringUtils::commaDelimitedListToSet).ifPresent(builder::scope);
+			getOptionalIfNotEmpty(clientRegistrationElt.getAttribute(ATT_CLIENT_NAME)).ifPresent(builder::clientName);
 			clientRegistrations.add(builder.build());
 		}
 
@@ -186,17 +196,12 @@ public final class ClientRegistrationsBeanDefinitionParser implements BeanDefini
 
 	private static ClientRegistration.Builder getBuilder(ClientRegistration.Builder builder,
 			Map<String, String> provider) {
-		getOptionalIfNotEmpty(provider.get(ATT_AUTHORIZATION_URI))
-				.ifPresent(builder::authorizationUri);
-		getOptionalIfNotEmpty(provider.get(ATT_TOKEN_URI))
-				.ifPresent(builder::tokenUri);
-		getOptionalIfNotEmpty(provider.get(ATT_USER_INFO_URI))
-				.ifPresent(builder::userInfoUri);
-		getOptionalIfNotEmpty(provider.get(ATT_USER_INFO_AUTHENTICATION_METHOD))
-				.map(AuthenticationMethod::new)
+		getOptionalIfNotEmpty(provider.get(ATT_AUTHORIZATION_URI)).ifPresent(builder::authorizationUri);
+		getOptionalIfNotEmpty(provider.get(ATT_TOKEN_URI)).ifPresent(builder::tokenUri);
+		getOptionalIfNotEmpty(provider.get(ATT_USER_INFO_URI)).ifPresent(builder::userInfoUri);
+		getOptionalIfNotEmpty(provider.get(ATT_USER_INFO_AUTHENTICATION_METHOD)).map(AuthenticationMethod::new)
 				.ifPresent(builder::userInfoAuthenticationMethod);
-		getOptionalIfNotEmpty(provider.get(ATT_JWK_SET_URI))
-				.ifPresent(builder::jwkSetUri);
+		getOptionalIfNotEmpty(provider.get(ATT_JWK_SET_URI)).ifPresent(builder::jwkSetUri);
 		getOptionalIfNotEmpty(provider.get(ATT_USER_INFO_USER_NAME_ATTRIBUTE))
 				.ifPresent(builder::userNameAttributeName);
 		return builder;
@@ -214,10 +219,12 @@ public final class ClientRegistrationsBeanDefinitionParser implements BeanDefini
 			}
 			try {
 				return CommonOAuth2Provider.valueOf(value);
-			} catch (Exception ex) {
+			}
+			catch (Exception ex) {
 				return findEnum(value);
 			}
-		} catch (Exception ex) {
+		}
+		catch (Exception ex) {
 			return null;
 		}
 	}
@@ -245,4 +252,5 @@ public final class ClientRegistrationsBeanDefinitionParser implements BeanDefini
 		return configuredProviderId != null ? "Unknown provider ID '" + configuredProviderId + "'"
 				: "Provider ID must be specified for client registration '" + registrationId + "'";
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/oauth2/client/CommonOAuth2Provider.java b/config/src/main/java/org/springframework/security/config/oauth2/client/CommonOAuth2Provider.java
index 71539b8ac1..6bfac7508a 100644
--- a/config/src/main/java/org/springframework/security/config/oauth2/client/CommonOAuth2Provider.java
+++ b/config/src/main/java/org/springframework/security/config/oauth2/client/CommonOAuth2Provider.java
@@ -35,8 +35,8 @@ public enum CommonOAuth2Provider {
 
 		@Override
 		public Builder getBuilder(String registrationId) {
-			ClientRegistration.Builder builder = getBuilder(registrationId,
-					ClientAuthenticationMethod.BASIC, DEFAULT_REDIRECT_URL);
+			ClientRegistration.Builder builder = getBuilder(registrationId, ClientAuthenticationMethod.BASIC,
+					DEFAULT_REDIRECT_URL);
 			builder.scope("openid", "profile", "email");
 			builder.authorizationUri("https://accounts.google.com/o/oauth2/v2/auth");
 			builder.tokenUri("https://www.googleapis.com/oauth2/v4/token");
@@ -53,8 +53,8 @@ public enum CommonOAuth2Provider {
 
 		@Override
 		public Builder getBuilder(String registrationId) {
-			ClientRegistration.Builder builder = getBuilder(registrationId,
-					ClientAuthenticationMethod.BASIC, DEFAULT_REDIRECT_URL);
+			ClientRegistration.Builder builder = getBuilder(registrationId, ClientAuthenticationMethod.BASIC,
+					DEFAULT_REDIRECT_URL);
 			builder.scope("read:user");
 			builder.authorizationUri("https://github.com/login/oauth/authorize");
 			builder.tokenUri("https://github.com/login/oauth/access_token");
@@ -69,8 +69,8 @@ public enum CommonOAuth2Provider {
 
 		@Override
 		public Builder getBuilder(String registrationId) {
-			ClientRegistration.Builder builder = getBuilder(registrationId,
-					ClientAuthenticationMethod.POST, DEFAULT_REDIRECT_URL);
+			ClientRegistration.Builder builder = getBuilder(registrationId, ClientAuthenticationMethod.POST,
+					DEFAULT_REDIRECT_URL);
 			builder.scope("public_profile", "email");
 			builder.authorizationUri("https://www.facebook.com/v2.8/dialog/oauth");
 			builder.tokenUri("https://graph.facebook.com/v2.8/oauth/access_token");
@@ -85,8 +85,8 @@ public enum CommonOAuth2Provider {
 
 		@Override
 		public Builder getBuilder(String registrationId) {
-			ClientRegistration.Builder builder = getBuilder(registrationId,
-					ClientAuthenticationMethod.BASIC, DEFAULT_REDIRECT_URL);
+			ClientRegistration.Builder builder = getBuilder(registrationId, ClientAuthenticationMethod.BASIC,
+					DEFAULT_REDIRECT_URL);
 			builder.scope("openid", "profile", "email");
 			builder.userNameAttributeName(IdTokenClaimNames.SUB);
 			builder.clientName("Okta");
@@ -96,8 +96,8 @@ public enum CommonOAuth2Provider {
 
 	private static final String DEFAULT_REDIRECT_URL = "{baseUrl}/{action}/oauth2/code/{registrationId}";
 
-	protected final ClientRegistration.Builder getBuilder(String registrationId,
-															ClientAuthenticationMethod method, String redirectUri) {
+	protected final ClientRegistration.Builder getBuilder(String registrationId, ClientAuthenticationMethod method,
+			String redirectUri) {
 		ClientRegistration.Builder builder = ClientRegistration.withRegistrationId(registrationId);
 		builder.clientAuthenticationMethod(method);
 		builder.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE);
diff --git a/config/src/main/java/org/springframework/security/config/package-info.java b/config/src/main/java/org/springframework/security/config/package-info.java
index 9d9c373acf..f564caec1c 100644
--- a/config/src/main/java/org/springframework/security/config/package-info.java
+++ b/config/src/main/java/org/springframework/security/config/package-info.java
@@ -14,8 +14,7 @@
  * limitations under the License.
  */
 /**
- * Support classes for the Spring Security namespace. None of the code in these packages should be used directly
- * in applications.
+ * Support classes for the Spring Security namespace. None of the code in these packages
+ * should be used directly in applications.
  */
 package org.springframework.security.config;
-
diff --git a/config/src/main/java/org/springframework/security/config/provisioning/UserDetailsManagerResourceFactoryBean.java b/config/src/main/java/org/springframework/security/config/provisioning/UserDetailsManagerResourceFactoryBean.java
index b6552168c2..219ea6480f 100644
--- a/config/src/main/java/org/springframework/security/config/provisioning/UserDetailsManagerResourceFactoryBean.java
+++ b/config/src/main/java/org/springframework/security/config/provisioning/UserDetailsManagerResourceFactoryBean.java
@@ -28,13 +28,16 @@ import org.springframework.security.util.InMemoryResource;
 import java.util.Collection;
 
 /**
- * Constructs an {@link InMemoryUserDetailsManager} from a resource using {@link UserDetailsResourceFactoryBean}.
+ * Constructs an {@link InMemoryUserDetailsManager} from a resource using
+ * {@link UserDetailsResourceFactoryBean}.
  *
  * @author Rob Winch
  * @since 5.0
  * @see UserDetailsResourceFactoryBean
  */
-public class UserDetailsManagerResourceFactoryBean implements ResourceLoaderAware, FactoryBean<InMemoryUserDetailsManager> {
+public class UserDetailsManagerResourceFactoryBean
+		implements ResourceLoaderAware, FactoryBean<InMemoryUserDetailsManager> {
+
 	private UserDetailsResourceFactoryBean userDetails = new UserDetailsResourceFactoryBean();
 
 	@Override
@@ -54,17 +57,18 @@ public class UserDetailsManagerResourceFactoryBean implements ResourceLoaderAwar
 	}
 
 	/**
-	 * Sets the location of a Resource that is a Properties file in the format defined in {@link UserDetailsResourceFactoryBean}.
-	 *
-	 * @param resourceLocation the location of the properties file that contains the users (i.e. "classpath:users.properties")
+	 * Sets the location of a Resource that is a Properties file in the format defined in
+	 * {@link UserDetailsResourceFactoryBean}.
+	 * @param resourceLocation the location of the properties file that contains the users
+	 * (i.e. "classpath:users.properties")
 	 */
 	public void setResourceLocation(String resourceLocation) {
 		this.userDetails.setResourceLocation(resourceLocation);
 	}
 
 	/**
-	 * Sets a Resource that is a Properties file in the format defined in {@link UserDetailsResourceFactoryBean}.
-	 *
+	 * Sets a Resource that is a Properties file in the format defined in
+	 * {@link UserDetailsResourceFactoryBean}.
 	 * @param resource the Resource to use
 	 */
 	public void setResource(Resource resource) {
@@ -72,10 +76,11 @@ public class UserDetailsManagerResourceFactoryBean implements ResourceLoaderAwar
 	}
 
 	/**
-	 * Create a UserDetailsManagerResourceFactoryBean with the location of a Resource that is a Properties file in the
-	 * format defined in {@link UserDetailsResourceFactoryBean}.
-	 *
-	 * @param resourceLocation the location of the properties file that contains the users (i.e. "classpath:users.properties")
+	 * Create a UserDetailsManagerResourceFactoryBean with the location of a Resource that
+	 * is a Properties file in the format defined in
+	 * {@link UserDetailsResourceFactoryBean}.
+	 * @param resourceLocation the location of the properties file that contains the users
+	 * (i.e. "classpath:users.properties")
 	 * @return the UserDetailsManagerResourceFactoryBean
 	 */
 	public static UserDetailsManagerResourceFactoryBean fromResourceLocation(String resourceLocation) {
@@ -85,9 +90,8 @@ public class UserDetailsManagerResourceFactoryBean implements ResourceLoaderAwar
 	}
 
 	/**
-	 * Create a UserDetailsManagerResourceFactoryBean with a Resource that is a Properties file in the
-	 * format defined in {@link UserDetailsResourceFactoryBean}.
-	 *
+	 * Create a UserDetailsManagerResourceFactoryBean with a Resource that is a Properties
+	 * file in the format defined in {@link UserDetailsResourceFactoryBean}.
 	 * @param resource the Resource that is a properties file that contains the users
 	 * @return the UserDetailsManagerResourceFactoryBean
 	 */
@@ -98,10 +102,10 @@ public class UserDetailsManagerResourceFactoryBean implements ResourceLoaderAwar
 	}
 
 	/**
-	 * Create a UserDetailsManagerResourceFactoryBean with a String that is in the
-	 * format defined in {@link UserDetailsResourceFactoryBean}.
-	 *
-	 * @param users the users in the format defined in {@link UserDetailsResourceFactoryBean}
+	 * Create a UserDetailsManagerResourceFactoryBean with a String that is in the format
+	 * defined in {@link UserDetailsResourceFactoryBean}.
+	 * @param users the users in the format defined in
+	 * {@link UserDetailsResourceFactoryBean}
 	 * @return the UserDetailsManagerResourceFactoryBean
 	 */
 	public static UserDetailsManagerResourceFactoryBean fromString(String users) {
@@ -109,4 +113,5 @@ public class UserDetailsManagerResourceFactoryBean implements ResourceLoaderAwar
 		result.setResource(new InMemoryResource(users));
 		return result;
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/web/server/AbstractServerWebExchangeMatcherRegistry.java b/config/src/main/java/org/springframework/security/config/web/server/AbstractServerWebExchangeMatcherRegistry.java
index fc2641b022..404e89ccdc 100644
--- a/config/src/main/java/org/springframework/security/config/web/server/AbstractServerWebExchangeMatcherRegistry.java
+++ b/config/src/main/java/org/springframework/security/config/web/server/AbstractServerWebExchangeMatcherRegistry.java
@@ -23,7 +23,6 @@ import org.springframework.security.web.server.util.matcher.ServerWebExchangeMat
 
 import java.util.List;
 
-
 /**
  * @author Rob Winch
  * @since 5.0
@@ -32,52 +31,43 @@ abstract class AbstractServerWebExchangeMatcherRegistry<T> {
 
 	/**
 	 * Maps any request.
-	 *
-	 * @return the object that is chained after creating the {@link ServerWebExchangeMatcher}
+	 * @return the object that is chained after creating the
+	 * {@link ServerWebExchangeMatcher}
 	 */
 	public T anyExchange() {
 		return matcher(ServerWebExchangeMatchers.anyExchange());
 	}
 
 	/**
-	 * Maps a {@link List} of
-	 * {@link PathPatternParserServerWebExchangeMatcher}
-	 * instances.
-	 *
-	 * @param method the {@link HttpMethod} to use for any
-	 * {@link HttpMethod}.
-	 *
-	 * @return the object that is chained after creating the {@link ServerWebExchangeMatcher}
+	 * Maps a {@link List} of {@link PathPatternParserServerWebExchangeMatcher} instances.
+	 * @param method the {@link HttpMethod} to use for any {@link HttpMethod}.
+	 * @return the object that is chained after creating the
+	 * {@link ServerWebExchangeMatcher}
 	 */
 	public T pathMatchers(HttpMethod method) {
 		return pathMatchers(method, new String[] { "/**" });
 	}
 
 	/**
-	 * Maps a {@link List} of
-	 * {@link PathPatternParserServerWebExchangeMatcher}
-	 * instances.
-	 *
+	 * Maps a {@link List} of {@link PathPatternParserServerWebExchangeMatcher} instances.
 	 * @param method the {@link HttpMethod} to use or {@code null} for any
 	 * {@link HttpMethod}.
-	 * @param antPatterns the ant patterns to create. If {@code null} or empty, then matches on nothing.
-	 * {@link PathPatternParserServerWebExchangeMatcher} from
-	 *
-	 * @return the object that is chained after creating the {@link ServerWebExchangeMatcher}
+	 * @param antPatterns the ant patterns to create. If {@code null} or empty, then
+	 * matches on nothing. {@link PathPatternParserServerWebExchangeMatcher} from
+	 * @return the object that is chained after creating the
+	 * {@link ServerWebExchangeMatcher}
 	 */
 	public T pathMatchers(HttpMethod method, String... antPatterns) {
 		return matcher(ServerWebExchangeMatchers.pathMatchers(method, antPatterns));
 	}
 
 	/**
-	 * Maps a {@link List} of
-	 * {@link PathPatternParserServerWebExchangeMatcher}
-	 * instances that do not care which {@link HttpMethod} is used.
-	 *
+	 * Maps a {@link List} of {@link PathPatternParserServerWebExchangeMatcher} instances
+	 * that do not care which {@link HttpMethod} is used.
 	 * @param antPatterns the ant patterns to create
 	 * {@link PathPatternParserServerWebExchangeMatcher} from
-	 *
-	 * @return the object that is chained after creating the {@link ServerWebExchangeMatcher}
+	 * @return the object that is chained after creating the
+	 * {@link ServerWebExchangeMatcher}
 	 */
 	public T pathMatchers(String... antPatterns) {
 		return matcher(ServerWebExchangeMatchers.pathMatchers(antPatterns));
@@ -85,10 +75,9 @@ abstract class AbstractServerWebExchangeMatcherRegistry<T> {
 
 	/**
 	 * Associates a list of {@link ServerWebExchangeMatcher} instances
-	 *
 	 * @param matchers the {@link ServerWebExchangeMatcher} instances
-	 *
-	 * @return the object that is chained after creating the {@link ServerWebExchangeMatcher}
+	 * @return the object that is chained after creating the
+	 * {@link ServerWebExchangeMatcher}
 	 */
 	public T matchers(ServerWebExchangeMatcher... matchers) {
 		return registerMatcher(new OrServerWebExchangeMatcher(matchers));
@@ -97,7 +86,6 @@ abstract class AbstractServerWebExchangeMatcherRegistry<T> {
 	/**
 	 * Subclasses should implement this method for returning the object that is chained to
 	 * the creation of the {@link ServerWebExchangeMatcher} instances.
-	 *
 	 * @param matcher the {@link ServerWebExchangeMatcher} instances that were created
 	 * @return the chained Object for the subclass which allows association of something
 	 * else to the {@link ServerWebExchangeMatcher}
@@ -106,12 +94,12 @@ abstract class AbstractServerWebExchangeMatcherRegistry<T> {
 
 	/**
 	 * Associates a {@link ServerWebExchangeMatcher} instances
-	 *
 	 * @param matcher the {@link ServerWebExchangeMatcher} instance
-	 *
-	 * @return the object that is chained after creating the {@link ServerWebExchangeMatcher}
+	 * @return the object that is chained after creating the
+	 * {@link ServerWebExchangeMatcher}
 	 */
 	private T matcher(ServerWebExchangeMatcher matcher) {
 		return registerMatcher(matcher);
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/web/server/SecurityWebFiltersOrder.java b/config/src/main/java/org/springframework/security/config/web/server/SecurityWebFiltersOrder.java
index 4078ff5deb..cabc272978 100644
--- a/config/src/main/java/org/springframework/security/config/web/server/SecurityWebFiltersOrder.java
+++ b/config/src/main/java/org/springframework/security/config/web/server/SecurityWebFiltersOrder.java
@@ -15,14 +15,13 @@
  */
 package org.springframework.security.config.web.server;
 
-
 /**
  * @author Rob Winch
  * @since 5.0
  */
 public enum SecurityWebFiltersOrder {
-	FIRST(Integer.MIN_VALUE),
-	HTTP_HEADERS_WRITER,
+
+	FIRST(Integer.MIN_VALUE), HTTP_HEADERS_WRITER,
 	/**
 	 * {@link org.springframework.security.web.server.transport.HttpsRedirectWebFilter}
 	 */
@@ -46,15 +45,11 @@ public enum SecurityWebFiltersOrder {
 	/**
 	 * Instance of AuthenticationWebFilter
 	 */
-	FORM_LOGIN,
-	AUTHENTICATION,
+	FORM_LOGIN, AUTHENTICATION,
 	/**
 	 * Instance of AnonymousAuthenticationWebFilter
 	 */
-	ANONYMOUS_AUTHENTICATION,
-	OAUTH2_AUTHORIZATION_CODE,
-	LOGIN_PAGE_GENERATING,
-	LOGOUT_PAGE_GENERATING,
+	ANONYMOUS_AUTHENTICATION, OAUTH2_AUTHORIZATION_CODE, LOGIN_PAGE_GENERATING, LOGOUT_PAGE_GENERATING,
 	/**
 	 * {@link org.springframework.security.web.server.context.SecurityContextServerWebExchangeWebFilter}
 	 */
@@ -62,11 +57,7 @@ public enum SecurityWebFiltersOrder {
 	/**
 	 * {@link org.springframework.security.web.server.savedrequest.ServerRequestCacheWebFilter}
 	 */
-	SERVER_REQUEST_CACHE,
-	LOGOUT,
-	EXCEPTION_TRANSLATION,
-	AUTHORIZATION,
-	LAST(Integer.MAX_VALUE);
+	SERVER_REQUEST_CACHE, LOGOUT, EXCEPTION_TRANSLATION, AUTHORIZATION, LAST(Integer.MAX_VALUE);
 
 	private static final int INTERVAL = 100;
 
@@ -83,4 +74,5 @@ public enum SecurityWebFiltersOrder {
 	public int getOrder() {
 		return this.order;
 	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java b/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java
index 63fc32a93c..c2d7d13a28 100644
--- a/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java
+++ b/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java
@@ -182,55 +182,32 @@ import org.springframework.web.server.WebFilterChain;
 import static org.springframework.security.web.server.DelegatingServerAuthenticationEntryPoint.DelegateEntry;
 
 /**
- * A {@link ServerHttpSecurity} is similar to Spring Security's {@code HttpSecurity} but for WebFlux.
- * It allows configuring web based security for specific http requests. By default it will be applied
- * to all requests, but can be restricted using {@link #securityMatcher(ServerWebExchangeMatcher)} or
- * other similar methods.
+ * A {@link ServerHttpSecurity} is similar to Spring Security's {@code HttpSecurity} but
+ * for WebFlux. It allows configuring web based security for specific http requests. By
+ * default it will be applied to all requests, but can be restricted using
+ * {@link #securityMatcher(ServerWebExchangeMatcher)} or other similar methods.
  *
  * A minimal configuration can be found below:
  *
- * <pre class="code">
- * &#064;EnableWebFluxSecurity
- * public class MyMinimalSecurityConfiguration {
+ * <pre class="code"> &#064;EnableWebFluxSecurity public class
+ * MyMinimalSecurityConfiguration {
  *
- *     &#064;Bean
- *     public MapReactiveUserDetailsService userDetailsService() {
- *          UserDetails user = User.withDefaultPasswordEncoder()
- *               .username("user")
- *               .password("password")
- *               .roles("USER")
- *               .build();
- *          return new MapReactiveUserDetailsService(user);
- *     }
- * }
+ * &#064;Bean public MapReactiveUserDetailsService userDetailsService() { UserDetails user
+ * = User.withDefaultPasswordEncoder() .username("user") .password("password")
+ * .roles("USER") .build(); return new MapReactiveUserDetailsService(user); } }
  *
  * Below is the same as our minimal configuration, but explicitly declaring the
  * {@code ServerHttpSecurity}.
  *
- * <pre class="code">
- * &#064;EnableWebFluxSecurity
- * public class MyExplicitSecurityConfiguration {
- *     &#064;Bean
- *     public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
- *          http
- *               .authorizeExchange()
- *                    .anyExchange().authenticated()
- *                         .and()
- *                    .httpBasic().and()
- *                    .formLogin();
- *          return http.build();
- *     }
+ * <pre class="code"> &#064;EnableWebFluxSecurity public class
+ * MyExplicitSecurityConfiguration { &#064;Bean public SecurityWebFilterChain
+ * springSecurityFilterChain(ServerHttpSecurity http) { http .authorizeExchange()
+ * .anyExchange().authenticated() .and() .httpBasic().and() .formLogin(); return
+ * http.build(); }
  *
- *     &#064;Bean
- *     public MapReactiveUserDetailsService userDetailsService() {
- *          UserDetails user = User.withDefaultPasswordEncoder()
- *               .username("user")
- *               .password("password")
- *               .roles("USER")
- *               .build();
- *          return new MapReactiveUserDetailsService(user);
- *     }
- * }
+ * &#064;Bean public MapReactiveUserDetailsService userDetailsService() { UserDetails user
+ * = User.withDefaultPasswordEncoder() .username("user") .password("password")
+ * .roles("USER") .build(); return new MapReactiveUserDetailsService(user); } }
  *
  * @author Rob Winch
  * @author Vedran Pavic
@@ -241,6 +218,7 @@ import static org.springframework.security.web.server.DelegatingServerAuthentica
  * @since 5.0
  */
 public class ServerHttpSecurity {
+
 	private ServerWebExchangeMatcher securityMatcher = ServerWebExchangeMatchers.anyExchange();
 
 	private AuthorizeExchangeSpec authorizeExchange;
@@ -283,8 +261,7 @@ public class ServerHttpSecurity {
 
 	private ServerAccessDeniedHandler accessDeniedHandler;
 
-	private List<ServerWebExchangeDelegatingServerAccessDeniedHandler.DelegateEntry>
-			defaultAccessDeniedHandlers = new ArrayList<>();
+	private List<ServerWebExchangeDelegatingServerAccessDeniedHandler.DelegateEntry> defaultAccessDeniedHandlers = new ArrayList<>();
 
 	private List<WebFilter> webFilters = new ArrayList<>();
 
@@ -295,10 +272,10 @@ public class ServerHttpSecurity {
 	private AnonymousSpec anonymous;
 
 	/**
-	 * The ServerExchangeMatcher that determines which requests apply to this HttpSecurity instance.
-	 *
-	 * @param matcher the ServerExchangeMatcher that determines which requests apply to this HttpSecurity instance.
-	 *                Default is all requests.
+	 * The ServerExchangeMatcher that determines which requests apply to this HttpSecurity
+	 * instance.
+	 * @param matcher the ServerExchangeMatcher that determines which requests apply to
+	 * this HttpSecurity instance. Default is all requests.
 	 * @return the {@link ServerHttpSecurity} to continue configuring
 	 */
 	public ServerHttpSecurity securityMatcher(ServerWebExchangeMatcher matcher) {
@@ -345,16 +322,19 @@ public class ServerHttpSecurity {
 	}
 
 	/**
-	 * Gets the ServerExchangeMatcher that determines which requests apply to this HttpSecurity instance.
-	 * @return the ServerExchangeMatcher that determines which requests apply to this HttpSecurity instance.
+	 * Gets the ServerExchangeMatcher that determines which requests apply to this
+	 * HttpSecurity instance.
+	 * @return the ServerExchangeMatcher that determines which requests apply to this
+	 * HttpSecurity instance.
 	 */
 	private ServerWebExchangeMatcher getSecurityMatcher() {
 		return this.securityMatcher;
 	}
 
 	/**
-	 * The strategy used with {@code ReactorContextWebFilter}. It does impact how the {@code SecurityContext} is
-	 * saved which is configured on a per {@link AuthenticationWebFilter} basis.
+	 * The strategy used with {@code ReactorContextWebFilter}. It does impact how the
+	 * {@code SecurityContext} is saved which is configured on a per
+	 * {@link AuthenticationWebFilter} basis.
 	 * @param securityContextRepository the repository to use
 	 * @return the {@link ServerHttpSecurity} to continue configuring
 	 */
@@ -379,7 +359,8 @@ public class ServerHttpSecurity {
 	 *
 	 * Then all non-HTTPS requests will be redirected to HTTPS.
 	 *
-	 * Typically, all requests should be HTTPS; however, the focus for redirection can also be narrowed:
+	 * Typically, all requests should be HTTPS; however, the focus for redirection can
+	 * also be narrowed:
 	 *
 	 * <pre class="code">
 	 *  &#064;Bean
@@ -392,7 +373,6 @@ public class ServerHttpSecurity {
 	 * 	    return http.build();
 	 * 	}
 	 * </pre>
-	 *
 	 * @return the {@link HttpsRedirectSpec} to customize
 	 */
 	public HttpsRedirectSpec redirectToHttps() {
@@ -415,7 +395,8 @@ public class ServerHttpSecurity {
 	 *
 	 * Then all non-HTTPS requests will be redirected to HTTPS.
 	 *
-	 * Typically, all requests should be HTTPS; however, the focus for redirection can also be narrowed:
+	 * Typically, all requests should be HTTPS; however, the focus for redirection can
+	 * also be narrowed:
 	 *
 	 * <pre class="code">
 	 *  &#064;Bean
@@ -430,20 +411,20 @@ public class ServerHttpSecurity {
 	 * 	    return http.build();
 	 * 	}
 	 * </pre>
-	 *
 	 * @param httpsRedirectCustomizer the {@link Customizer} to provide more options for
 	 * the {@link HttpsRedirectSpec}
 	 * @return the {@link ServerHttpSecurity} to customize
 	 */
-	public ServerHttpSecurity redirectToHttps(Customizer<HttpsRedirectSpec> httpsRedirectCustomizer)  {
+	public ServerHttpSecurity redirectToHttps(Customizer<HttpsRedirectSpec> httpsRedirectCustomizer) {
 		this.httpsRedirectSpec = new HttpsRedirectSpec();
 		httpsRedirectCustomizer.customize(this.httpsRedirectSpec);
 		return this;
 	}
 
 	/**
-	 * Configures <a href="https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet">CSRF Protection</a>
-	 * which is enabled by default. You can disable it using:
+	 * Configures <a href=
+	 * "https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet">CSRF
+	 * Protection</a> which is enabled by default. You can disable it using:
 	 *
 	 * <pre class="code">
 	 *  &#064;Bean
@@ -473,7 +454,6 @@ public class ServerHttpSecurity {
 	 *      return http.build();
 	 *  }
 	 * </pre>
-	 *
 	 * @return the {@link CsrfSpec} to customize
 	 */
 	public CsrfSpec csrf() {
@@ -484,8 +464,9 @@ public class ServerHttpSecurity {
 	}
 
 	/**
-	 * Configures <a href="https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet">CSRF Protection</a>
-	 * which is enabled by default. You can disable it using:
+	 * Configures <a href=
+	 * "https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet">CSRF
+	 * Protection</a> which is enabled by default. You can disable it using:
 	 *
 	 * <pre class="code">
 	 *  &#064;Bean
@@ -519,9 +500,8 @@ public class ServerHttpSecurity {
 	 *      return http.build();
 	 *  }
 	 * </pre>
-	 *
-	 * @param csrfCustomizer the {@link Customizer} to provide more options for
-	 * the {@link CsrfSpec}
+	 * @param csrfCustomizer the {@link Customizer} to provide more options for the
+	 * {@link CsrfSpec}
 	 * @return the {@link ServerHttpSecurity} to customize
 	 */
 	public ServerHttpSecurity csrf(Customizer<CsrfSpec> csrfCustomizer) {
@@ -533,9 +513,11 @@ public class ServerHttpSecurity {
 	}
 
 	/**
-	 * Configures CORS headers. By default if a {@link CorsConfigurationSource} Bean is found, it will be used
-	 * to create a {@link CorsWebFilter}. If {@link CorsSpec#configurationSource(CorsConfigurationSource)} is invoked
-	 * it will be used instead. If neither has been configured, the Cors configuration will do nothing.
+	 * Configures CORS headers. By default if a {@link CorsConfigurationSource} Bean is
+	 * found, it will be used to create a {@link CorsWebFilter}. If
+	 * {@link CorsSpec#configurationSource(CorsConfigurationSource)} is invoked it will be
+	 * used instead. If neither has been configured, the Cors configuration will do
+	 * nothing.
 	 * @return the {@link CorsSpec} to customize
 	 */
 	public CorsSpec cors() {
@@ -546,12 +528,13 @@ public class ServerHttpSecurity {
 	}
 
 	/**
-	 * Configures CORS headers. By default if a {@link CorsConfigurationSource} Bean is found, it will be used
-	 * to create a {@link CorsWebFilter}. If {@link CorsSpec#configurationSource(CorsConfigurationSource)} is invoked
-	 * it will be used instead. If neither has been configured, the Cors configuration will do nothing.
-	 *
-	 * @param corsCustomizer the {@link Customizer} to provide more options for
-	 * the {@link CorsSpec}
+	 * Configures CORS headers. By default if a {@link CorsConfigurationSource} Bean is
+	 * found, it will be used to create a {@link CorsWebFilter}. If
+	 * {@link CorsSpec#configurationSource(CorsConfigurationSource)} is invoked it will be
+	 * used instead. If neither has been configured, the Cors configuration will do
+	 * nothing.
+	 * @param corsCustomizer the {@link Customizer} to provide more options for the
+	 * {@link CorsSpec}
 	 * @return the {@link ServerHttpSecurity} to customize
 	 */
 	public ServerHttpSecurity cors(Customizer<CorsSpec> corsCustomizer) {
@@ -563,7 +546,8 @@ public class ServerHttpSecurity {
 	}
 
 	/**
-	 * Enables and Configures anonymous authentication. Anonymous Authentication is disabled by default.
+	 * Enables and Configures anonymous authentication. Anonymous Authentication is
+	 * disabled by default.
 	 *
 	 * <pre class="code">
 	 *  &#064;Bean
@@ -579,7 +563,7 @@ public class ServerHttpSecurity {
 	 * @since 5.2.0
 	 * @author Ankur Pathak
 	 */
-	public AnonymousSpec anonymous(){
+	public AnonymousSpec anonymous() {
 		if (this.anonymous == null) {
 			this.anonymous = new AnonymousSpec();
 		}
@@ -587,7 +571,8 @@ public class ServerHttpSecurity {
 	}
 
 	/**
-	 * Enables and Configures anonymous authentication. Anonymous Authentication is disabled by default.
+	 * Enables and Configures anonymous authentication. Anonymous Authentication is
+	 * disabled by default.
 	 *
 	 * <pre class="code">
 	 *  &#064;Bean
@@ -602,9 +587,8 @@ public class ServerHttpSecurity {
 	 *      return http.build();
 	 *  }
 	 * </pre>
-	 *
-	 * @param anonymousCustomizer the {@link Customizer} to provide more options for
-	 * the {@link AnonymousSpec}
+	 * @param anonymousCustomizer the {@link Customizer} to provide more options for the
+	 * {@link AnonymousSpec}
 	 * @return the {@link ServerHttpSecurity} to customize
 	 */
 	public ServerHttpSecurity anonymous(Customizer<AnonymousSpec> anonymousCustomizer) {
@@ -616,10 +600,11 @@ public class ServerHttpSecurity {
 	}
 
 	/**
-	 * Configures CORS support within Spring Security. This ensures that the {@link CorsWebFilter} is place in the
-	 * correct order.
+	 * Configures CORS support within Spring Security. This ensures that the
+	 * {@link CorsWebFilter} is place in the correct order.
 	 */
 	public class CorsSpec {
+
 		private CorsWebFilter corsFilter;
 
 		/**
@@ -673,7 +658,9 @@ public class ServerHttpSecurity {
 			return this.corsFilter;
 		}
 
-		private CorsSpec() {}
+		private CorsSpec() {
+		}
+
 	}
 
 	/**
@@ -692,7 +679,6 @@ public class ServerHttpSecurity {
 	 *      return http.build();
 	 *  }
 	 * </pre>
-	 *
 	 * @return the {@link HttpBasicSpec} to customize
 	 */
 	public HttpBasicSpec httpBasic() {
@@ -720,9 +706,8 @@ public class ServerHttpSecurity {
 	 *      return http.build();
 	 *  }
 	 * </pre>
-	 *
-	 * @param httpBasicCustomizer the {@link Customizer} to provide more options for
-	 * the {@link HttpBasicSpec}
+	 * @param httpBasicCustomizer the {@link Customizer} to provide more options for the
+	 * {@link HttpBasicSpec}
 	 * @return the {@link ServerHttpSecurity} to customize
 	 */
 	public ServerHttpSecurity httpBasic(Customizer<HttpBasicSpec> httpBasicCustomizer) {
@@ -753,7 +738,6 @@ public class ServerHttpSecurity {
 	 *      return http.build();
 	 *  }
 	 * </pre>
-	 *
 	 * @return the {@link FormLoginSpec} to customize
 	 */
 	public FormLoginSpec formLogin() {
@@ -785,9 +769,8 @@ public class ServerHttpSecurity {
 	 *      return http.build();
 	 *  }
 	 * </pre>
-	 *
-	 * @param formLoginCustomizer the {@link Customizer} to provide more options for
-	 * the {@link FormLoginSpec}
+	 * @param formLoginCustomizer the {@link Customizer} to provide more options for the
+	 * {@link FormLoginSpec}
 	 * @return the {@link ServerHttpSecurity} to customize
 	 */
 	public ServerHttpSecurity formLogin(Customizer<FormLoginSpec> formLoginCustomizer) {
@@ -812,9 +795,9 @@ public class ServerHttpSecurity {
 	 *  }
 	 * </pre>
 	 *
-	 * Note that if extractor is not specified, {@link SubjectDnX509PrincipalExtractor} will be used.
-	 * If authenticationManager is not specified, {@link ReactivePreAuthenticatedAuthenticationManager} will be used.
-	 *
+	 * Note that if extractor is not specified, {@link SubjectDnX509PrincipalExtractor}
+	 * will be used. If authenticationManager is not specified,
+	 * {@link ReactivePreAuthenticatedAuthenticationManager} will be used.
 	 * @return the {@link X509Spec} to customize
 	 * @author Alexey Nesterov
 	 * @since 5.2
@@ -843,12 +826,13 @@ public class ServerHttpSecurity {
 	 *  }
 	 * </pre>
 	 *
-	 * Note that if extractor is not specified, {@link SubjectDnX509PrincipalExtractor} will be used.
-	 * If authenticationManager is not specified, {@link ReactivePreAuthenticatedAuthenticationManager} will be used.
+	 * Note that if extractor is not specified, {@link SubjectDnX509PrincipalExtractor}
+	 * will be used. If authenticationManager is not specified,
+	 * {@link ReactivePreAuthenticatedAuthenticationManager} will be used.
 	 *
 	 * @since 5.2
-	 * @param x509Customizer the {@link Customizer} to provide more options for
-	 * the {@link X509Spec}
+	 * @param x509Customizer the {@link Customizer} to provide more options for the
+	 * {@link X509Spec}
 	 * @return the {@link ServerHttpSecurity} to customize
 	 */
 	public ServerHttpSecurity x509(Customizer<X509Spec> x509Customizer) {
@@ -869,6 +853,7 @@ public class ServerHttpSecurity {
 	public class X509Spec {
 
 		private X509PrincipalExtractor principalExtractor;
+
 		private ReactiveAuthenticationManager authenticationManager;
 
 		public X509Spec principalExtractor(X509PrincipalExtractor principalExtractor) {
@@ -908,17 +893,20 @@ public class ServerHttpSecurity {
 			}
 
 			ReactiveUserDetailsService userDetailsService = getBean(ReactiveUserDetailsService.class);
-			ReactivePreAuthenticatedAuthenticationManager authenticationManager = new ReactivePreAuthenticatedAuthenticationManager(userDetailsService);
+			ReactivePreAuthenticatedAuthenticationManager authenticationManager = new ReactivePreAuthenticatedAuthenticationManager(
+					userDetailsService);
 
 			return authenticationManager;
 		}
 
 		private X509Spec() {
 		}
+
 	}
 
 	/**
-	 * Configures authentication support using an OAuth 2.0 and/or OpenID Connect 1.0 Provider.
+	 * Configures authentication support using an OAuth 2.0 and/or OpenID Connect 1.0
+	 * Provider.
 	 *
 	 * <pre class="code">
 	 *  &#064;Bean
@@ -931,8 +919,6 @@ public class ServerHttpSecurity {
 	 *      return http.build();
 	 *  }
 	 * </pre>
-	 *
-	 *
 	 * @return the {@link OAuth2LoginSpec} to customize
 	 */
 	public OAuth2LoginSpec oauth2Login() {
@@ -943,7 +929,8 @@ public class ServerHttpSecurity {
 	}
 
 	/**
-	 * Configures authentication support using an OAuth 2.0 and/or OpenID Connect 1.0 Provider.
+	 * Configures authentication support using an OAuth 2.0 and/or OpenID Connect 1.0
+	 * Provider.
 	 *
 	 * <pre class="code">
 	 *  &#064;Bean
@@ -958,9 +945,8 @@ public class ServerHttpSecurity {
 	 *      return http.build();
 	 *  }
 	 * </pre>
-	 *
-	 * @param oauth2LoginCustomizer the {@link Customizer} to provide more options for
-	 * the {@link OAuth2LoginSpec}
+	 * @param oauth2LoginCustomizer the {@link Customizer} to provide more options for the
+	 * {@link OAuth2LoginSpec}
 	 * @return the {@link ServerHttpSecurity} to customize
 	 */
 	public ServerHttpSecurity oauth2Login(Customizer<OAuth2LoginSpec> oauth2LoginCustomizer) {
@@ -972,6 +958,7 @@ public class ServerHttpSecurity {
 	}
 
 	public class OAuth2LoginSpec {
+
 		private ReactiveClientRegistrationRepository clientRegistrationRepository;
 
 		private ServerOAuth2AuthorizedClientRepository authorizedClientRepository;
@@ -1004,7 +991,8 @@ public class ServerHttpSecurity {
 		}
 
 		/**
-		 * The {@link ServerSecurityContextRepository} used to save the {@code Authentication}. Defaults to
+		 * The {@link ServerSecurityContextRepository} used to save the
+		 * {@code Authentication}. Defaults to
 		 * {@link WebSessionServerSecurityContextRepository}.
 		 *
 		 * @since 5.2
@@ -1017,37 +1005,41 @@ public class ServerHttpSecurity {
 		}
 
 		/**
-		 * The {@link ServerAuthenticationSuccessHandler} used after authentication success. Defaults to
-		 * {@link RedirectServerAuthenticationSuccessHandler} redirecting to "/".
+		 * The {@link ServerAuthenticationSuccessHandler} used after authentication
+		 * success. Defaults to {@link RedirectServerAuthenticationSuccessHandler}
+		 * redirecting to "/".
 		 *
 		 * @since 5.2
 		 * @param authenticationSuccessHandler the success handler to use
 		 * @return the {@link OAuth2LoginSpec} to customize
 		 */
-		public OAuth2LoginSpec authenticationSuccessHandler(ServerAuthenticationSuccessHandler authenticationSuccessHandler) {
+		public OAuth2LoginSpec authenticationSuccessHandler(
+				ServerAuthenticationSuccessHandler authenticationSuccessHandler) {
 			Assert.notNull(authenticationSuccessHandler, "authenticationSuccessHandler cannot be null");
 			this.authenticationSuccessHandler = authenticationSuccessHandler;
 			return this;
 		}
 
 		/**
-		 * The {@link ServerAuthenticationFailureHandler} used after authentication failure.
-		 * Defaults to {@link RedirectServerAuthenticationFailureHandler} redirecting to "/login?error".
+		 * The {@link ServerAuthenticationFailureHandler} used after authentication
+		 * failure. Defaults to {@link RedirectServerAuthenticationFailureHandler}
+		 * redirecting to "/login?error".
 		 *
 		 * @since 5.2
 		 * @param authenticationFailureHandler the failure handler to use
 		 * @return the {@link OAuth2LoginSpec} to customize
 		 */
-		public OAuth2LoginSpec authenticationFailureHandler(ServerAuthenticationFailureHandler authenticationFailureHandler) {
+		public OAuth2LoginSpec authenticationFailureHandler(
+				ServerAuthenticationFailureHandler authenticationFailureHandler) {
 			Assert.notNull(authenticationFailureHandler, "authenticationFailureHandler cannot be null");
 			this.authenticationFailureHandler = authenticationFailureHandler;
 			return this;
 		}
 
 		/**
-		 * Gets the {@link ReactiveAuthenticationManager} to use. First tries an explicitly configured manager, and
-		 * defaults to {@link OAuth2AuthorizationCodeReactiveAuthenticationManager}
-		 *
+		 * Gets the {@link ReactiveAuthenticationManager} to use. First tries an
+		 * explicitly configured manager, and defaults to
+		 * {@link OAuth2AuthorizationCodeReactiveAuthenticationManager}
 		 * @return the {@link ReactiveAuthenticationManager} to use
 		 */
 		private ReactiveAuthenticationManager getAuthenticationManager() {
@@ -1059,18 +1051,19 @@ public class ServerHttpSecurity {
 
 		private ReactiveAuthenticationManager createDefault() {
 			ReactiveOAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> client = getAccessTokenResponseClient();
-			OAuth2LoginReactiveAuthenticationManager oauth2Manager = new OAuth2LoginReactiveAuthenticationManager(client, getOauth2UserService());
+			OAuth2LoginReactiveAuthenticationManager oauth2Manager = new OAuth2LoginReactiveAuthenticationManager(
+					client, getOauth2UserService());
 			GrantedAuthoritiesMapper authoritiesMapper = getBeanOrNull(GrantedAuthoritiesMapper.class);
 			if (authoritiesMapper != null) {
 				oauth2Manager.setAuthoritiesMapper(authoritiesMapper);
 			}
-			boolean oidcAuthenticationProviderEnabled = ClassUtils.isPresent(
-					"org.springframework.security.oauth2.jwt.JwtDecoder", this.getClass().getClassLoader());
+			boolean oidcAuthenticationProviderEnabled = ClassUtils
+					.isPresent("org.springframework.security.oauth2.jwt.JwtDecoder", this.getClass().getClassLoader());
 			if (oidcAuthenticationProviderEnabled) {
-				OidcAuthorizationCodeReactiveAuthenticationManager oidc =
-						new OidcAuthorizationCodeReactiveAuthenticationManager(client, getOidcUserService());
-				ResolvableType type = ResolvableType.forClassWithGenerics(
-						ReactiveJwtDecoderFactory.class, ClientRegistration.class);
+				OidcAuthorizationCodeReactiveAuthenticationManager oidc = new OidcAuthorizationCodeReactiveAuthenticationManager(
+						client, getOidcUserService());
+				ResolvableType type = ResolvableType.forClassWithGenerics(ReactiveJwtDecoderFactory.class,
+						ClientRegistration.class);
 				ReactiveJwtDecoderFactory<ClientRegistration> jwtDecoderFactory = getBeanOrNull(type);
 				if (jwtDecoderFactory != null) {
 					oidc.setJwtDecoderFactory(jwtDecoderFactory);
@@ -1093,13 +1086,14 @@ public class ServerHttpSecurity {
 			return this;
 		}
 
-		private ServerAuthenticationConverter getAuthenticationConverter(ReactiveClientRegistrationRepository clientRegistrationRepository) {
+		private ServerAuthenticationConverter getAuthenticationConverter(
+				ReactiveClientRegistrationRepository clientRegistrationRepository) {
 			if (this.authenticationConverter == null) {
-				ServerOAuth2AuthorizationCodeAuthenticationTokenConverter delegate =
-						new ServerOAuth2AuthorizationCodeAuthenticationTokenConverter(clientRegistrationRepository);
+				ServerOAuth2AuthorizationCodeAuthenticationTokenConverter delegate = new ServerOAuth2AuthorizationCodeAuthenticationTokenConverter(
+						clientRegistrationRepository);
 				delegate.setAuthorizationRequestRepository(getAuthorizationRequestRepository());
-				ServerAuthenticationConverter authenticationConverter = exchange ->
-						delegate.convert(exchange).onErrorMap(OAuth2AuthorizationException.class,
+				ServerAuthenticationConverter authenticationConverter = exchange -> delegate.convert(exchange)
+						.onErrorMap(OAuth2AuthorizationException.class,
 								e -> new OAuth2AuthenticationException(e.getError(), e.getError().toString()));
 				this.authenticationConverter = authenticationConverter;
 				return authenticationConverter;
@@ -1107,17 +1101,20 @@ public class ServerHttpSecurity {
 			return this.authenticationConverter;
 		}
 
-		public OAuth2LoginSpec clientRegistrationRepository(ReactiveClientRegistrationRepository clientRegistrationRepository) {
+		public OAuth2LoginSpec clientRegistrationRepository(
+				ReactiveClientRegistrationRepository clientRegistrationRepository) {
 			this.clientRegistrationRepository = clientRegistrationRepository;
 			return this;
 		}
 
 		public OAuth2LoginSpec authorizedClientService(ReactiveOAuth2AuthorizedClientService authorizedClientService) {
-			this.authorizedClientRepository = new AuthenticatedPrincipalServerOAuth2AuthorizedClientRepository(authorizedClientService);
+			this.authorizedClientRepository = new AuthenticatedPrincipalServerOAuth2AuthorizedClientRepository(
+					authorizedClientService);
 			return this;
 		}
 
-		public OAuth2LoginSpec authorizedClientRepository(ServerOAuth2AuthorizedClientRepository authorizedClientRepository) {
+		public OAuth2LoginSpec authorizedClientRepository(
+				ServerOAuth2AuthorizedClientRepository authorizedClientRepository) {
 			this.authorizedClientRepository = authorizedClientRepository;
 			return this;
 		}
@@ -1126,7 +1123,8 @@ public class ServerHttpSecurity {
 		 * Sets the repository to use for storing {@link OAuth2AuthorizationRequest}'s.
 		 *
 		 * @since 5.2
-		 * @param authorizationRequestRepository the repository to use for storing {@link OAuth2AuthorizationRequest}'s
+		 * @param authorizationRequestRepository the repository to use for storing
+		 * {@link OAuth2AuthorizationRequest}'s
 		 * @return the {@link OAuth2LoginSpec} for further configuration
 		 */
 		public OAuth2LoginSpec authorizationRequestRepository(
@@ -1139,19 +1137,23 @@ public class ServerHttpSecurity {
 		 * Sets the resolver used for resolving {@link OAuth2AuthorizationRequest}'s.
 		 *
 		 * @since 5.2
-		 * @param authorizationRequestResolver the resolver used for resolving {@link OAuth2AuthorizationRequest}'s
+		 * @param authorizationRequestResolver the resolver used for resolving
+		 * {@link OAuth2AuthorizationRequest}'s
 		 * @return the {@link OAuth2LoginSpec} for further configuration
 		 */
-		public OAuth2LoginSpec authorizationRequestResolver(ServerOAuth2AuthorizationRequestResolver authorizationRequestResolver) {
+		public OAuth2LoginSpec authorizationRequestResolver(
+				ServerOAuth2AuthorizationRequestResolver authorizationRequestResolver) {
 			this.authorizationRequestResolver = authorizationRequestResolver;
 			return this;
 		}
 
 		/**
-		 * Sets the {@link ServerWebExchangeMatcher matcher} used for determining if the request is an authentication request.
+		 * Sets the {@link ServerWebExchangeMatcher matcher} used for determining if the
+		 * request is an authentication request.
 		 *
 		 * @since 5.2
-		 * @param authenticationMatcher the {@link ServerWebExchangeMatcher matcher} used for determining if the request is an authentication request
+		 * @param authenticationMatcher the {@link ServerWebExchangeMatcher matcher} used
+		 * for determining if the request is an authentication request
 		 * @return the {@link OAuth2LoginSpec} for further configuration
 		 */
 		public OAuth2LoginSpec authenticationMatcher(ServerWebExchangeMatcher authenticationMatcher) {
@@ -1174,21 +1176,21 @@ public class ServerHttpSecurity {
 			return ServerHttpSecurity.this;
 		}
 
-
 		protected void configure(ServerHttpSecurity http) {
 			ReactiveClientRegistrationRepository clientRegistrationRepository = getClientRegistrationRepository();
 			ServerOAuth2AuthorizedClientRepository authorizedClientRepository = getAuthorizedClientRepository();
 			OAuth2AuthorizationRequestRedirectWebFilter oauthRedirectFilter = getRedirectWebFilter();
-			ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository =
-					getAuthorizationRequestRepository();
+			ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository = getAuthorizationRequestRepository();
 			oauthRedirectFilter.setAuthorizationRequestRepository(authorizationRequestRepository);
 			oauthRedirectFilter.setRequestCache(http.requestCache.requestCache);
 
 			ReactiveAuthenticationManager manager = getAuthenticationManager();
 
-			AuthenticationWebFilter authenticationFilter = new OAuth2LoginAuthenticationWebFilter(manager, authorizedClientRepository);
+			AuthenticationWebFilter authenticationFilter = new OAuth2LoginAuthenticationWebFilter(manager,
+					authorizedClientRepository);
 			authenticationFilter.setRequiresAuthenticationMatcher(getAuthenticationMatcher());
-			authenticationFilter.setServerAuthenticationConverter(getAuthenticationConverter(clientRegistrationRepository));
+			authenticationFilter
+					.setServerAuthenticationConverter(getAuthenticationConverter(clientRegistrationRepository));
 
 			authenticationFilter.setAuthenticationSuccessHandler(getAuthenticationSuccessHandler(http));
 			authenticationFilter.setAuthenticationFailureHandler(getAuthenticationFailureHandler());
@@ -1209,8 +1211,8 @@ public class ServerHttpSecurity {
 			}
 
 			MediaTypeServerWebExchangeMatcher htmlMatcher = new MediaTypeServerWebExchangeMatcher(
-					MediaType.APPLICATION_XHTML_XML, new MediaType("image", "*"),
-					MediaType.TEXT_HTML, MediaType.TEXT_PLAIN);
+					MediaType.APPLICATION_XHTML_XML, new MediaType("image", "*"), MediaType.TEXT_HTML,
+					MediaType.TEXT_PLAIN);
 			htmlMatcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL));
 
 			ServerWebExchangeMatcher xhrMatcher = exchange -> {
@@ -1221,25 +1223,26 @@ public class ServerHttpSecurity {
 			};
 			ServerWebExchangeMatcher notXhrMatcher = new NegatedServerWebExchangeMatcher(xhrMatcher);
 
-			ServerWebExchangeMatcher defaultEntryPointMatcher = new AndServerWebExchangeMatcher(
-					notXhrMatcher, htmlMatcher);
+			ServerWebExchangeMatcher defaultEntryPointMatcher = new AndServerWebExchangeMatcher(notXhrMatcher,
+					htmlMatcher);
 
 			if (providerLoginPage != null) {
-				ServerWebExchangeMatcher loginPageMatcher = new PathPatternParserServerWebExchangeMatcher(defaultLoginPage);
+				ServerWebExchangeMatcher loginPageMatcher = new PathPatternParserServerWebExchangeMatcher(
+						defaultLoginPage);
 				ServerWebExchangeMatcher faviconMatcher = new PathPatternParserServerWebExchangeMatcher("/favicon.ico");
 				ServerWebExchangeMatcher defaultLoginPageMatcher = new AndServerWebExchangeMatcher(
 						new OrServerWebExchangeMatcher(loginPageMatcher, faviconMatcher), defaultEntryPointMatcher);
 
-				ServerWebExchangeMatcher matcher = new AndServerWebExchangeMatcher(
-						notXhrMatcher, new NegatedServerWebExchangeMatcher(defaultLoginPageMatcher));
-				RedirectServerAuthenticationEntryPoint entryPoint =
-						new RedirectServerAuthenticationEntryPoint(providerLoginPage);
+				ServerWebExchangeMatcher matcher = new AndServerWebExchangeMatcher(notXhrMatcher,
+						new NegatedServerWebExchangeMatcher(defaultLoginPageMatcher));
+				RedirectServerAuthenticationEntryPoint entryPoint = new RedirectServerAuthenticationEntryPoint(
+						providerLoginPage);
 				entryPoint.setRequestCache(http.requestCache.requestCache);
 				http.defaultEntryPoints.add(new DelegateEntry(matcher, entryPoint));
 			}
 
-			RedirectServerAuthenticationEntryPoint defaultEntryPoint =
-					new RedirectServerAuthenticationEntryPoint(defaultLoginPage);
+			RedirectServerAuthenticationEntryPoint defaultEntryPoint = new RedirectServerAuthenticationEntryPoint(
+					defaultLoginPage);
 			defaultEntryPoint.setRequestCache(http.requestCache.requestCache);
 			http.defaultEntryPoints.add(new DelegateEntry(defaultEntryPointMatcher, defaultEntryPoint));
 		}
@@ -1265,7 +1268,8 @@ public class ServerHttpSecurity {
 		}
 
 		private ReactiveOAuth2UserService<OidcUserRequest, OidcUser> getOidcUserService() {
-			ResolvableType type = ResolvableType.forClassWithGenerics(ReactiveOAuth2UserService.class, OidcUserRequest.class, OidcUser.class);
+			ResolvableType type = ResolvableType.forClassWithGenerics(ReactiveOAuth2UserService.class,
+					OidcUserRequest.class, OidcUser.class);
 			ReactiveOAuth2UserService<OidcUserRequest, OidcUser> bean = getBeanOrNull(type);
 			if (bean == null) {
 				return new OidcReactiveOAuth2UserService();
@@ -1275,7 +1279,8 @@ public class ServerHttpSecurity {
 		}
 
 		private ReactiveOAuth2UserService<OAuth2UserRequest, OAuth2User> getOauth2UserService() {
-			ResolvableType type = ResolvableType.forClassWithGenerics(ReactiveOAuth2UserService.class, OAuth2UserRequest.class, OAuth2User.class);
+			ResolvableType type = ResolvableType.forClassWithGenerics(ReactiveOAuth2UserService.class,
+					OAuth2UserRequest.class, OAuth2User.class);
 			ReactiveOAuth2UserService<OAuth2UserRequest, OAuth2User> bean = getBeanOrNull(type);
 			if (bean == null) {
 				return new DefaultReactiveOAuth2UserService();
@@ -1285,17 +1290,20 @@ public class ServerHttpSecurity {
 		}
 
 		private Map<String, String> getLinks() {
-			Iterable<ClientRegistration> registrations = getBeanOrNull(ResolvableType.forClassWithGenerics(Iterable.class, ClientRegistration.class));
+			Iterable<ClientRegistration> registrations = getBeanOrNull(
+					ResolvableType.forClassWithGenerics(Iterable.class, ClientRegistration.class));
 			if (registrations == null) {
 				return Collections.emptyMap();
 			}
 			Map<String, String> result = new HashMap<>();
-			registrations.iterator().forEachRemaining(r -> result.put("/oauth2/authorization/" + r.getRegistrationId(), r.getClientName()));
+			registrations.iterator().forEachRemaining(
+					r -> result.put("/oauth2/authorization/" + r.getRegistrationId(), r.getClientName()));
 			return result;
 		}
 
 		private ReactiveOAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> getAccessTokenResponseClient() {
-			ResolvableType type = ResolvableType.forClassWithGenerics(ReactiveOAuth2AccessTokenResponseClient.class, OAuth2AuthorizationCodeGrantRequest.class);
+			ResolvableType type = ResolvableType.forClassWithGenerics(ReactiveOAuth2AccessTokenResponseClient.class,
+					OAuth2AuthorizationCodeGrantRequest.class);
 			ReactiveOAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> bean = getBeanOrNull(type);
 			if (bean == null) {
 				return new WebClientReactiveAuthorizationCodeTokenResponseClient();
@@ -1313,9 +1321,12 @@ public class ServerHttpSecurity {
 		private OAuth2AuthorizationRequestRedirectWebFilter getRedirectWebFilter() {
 			OAuth2AuthorizationRequestRedirectWebFilter oauthRedirectFilter;
 			if (this.authorizationRequestResolver == null) {
-				oauthRedirectFilter = new OAuth2AuthorizationRequestRedirectWebFilter(getClientRegistrationRepository());
-			} else {
-				oauthRedirectFilter = new OAuth2AuthorizationRequestRedirectWebFilter(this.authorizationRequestResolver);
+				oauthRedirectFilter = new OAuth2AuthorizationRequestRedirectWebFilter(
+						getClientRegistrationRepository());
+			}
+			else {
+				oauthRedirectFilter = new OAuth2AuthorizationRequestRedirectWebFilter(
+						this.authorizationRequestResolver);
 			}
 			return oauthRedirectFilter;
 		}
@@ -1328,8 +1339,7 @@ public class ServerHttpSecurity {
 			if (result == null) {
 				ReactiveOAuth2AuthorizedClientService authorizedClientService = getAuthorizedClientService();
 				if (authorizedClientService != null) {
-					result = new AuthenticatedPrincipalServerOAuth2AuthorizedClientRepository(
-							authorizedClientService);
+					result = new AuthenticatedPrincipalServerOAuth2AuthorizedClientRepository(authorizedClientService);
 				}
 			}
 			return result;
@@ -1350,7 +1360,9 @@ public class ServerHttpSecurity {
 			return service;
 		}
 
-		private OAuth2LoginSpec() {}
+		private OAuth2LoginSpec() {
+		}
+
 	}
 
 	/**
@@ -1367,8 +1379,6 @@ public class ServerHttpSecurity {
 	 *      return http.build();
 	 *  }
 	 * </pre>
-	 *
-	 *
 	 * @return the {@link OAuth2ClientSpec} to customize
 	 */
 	public OAuth2ClientSpec oauth2Client() {
@@ -1394,7 +1404,6 @@ public class ServerHttpSecurity {
 	 *      return http.build();
 	 *  }
 	 * </pre>
-	 *
 	 * @param oauth2ClientCustomizer the {@link Customizer} to provide more options for
 	 * the {@link OAuth2ClientSpec}
 	 * @return the {@link ServerHttpSecurity} to customize
@@ -1408,6 +1417,7 @@ public class ServerHttpSecurity {
 	}
 
 	public class OAuth2ClientSpec {
+
 		private ReactiveClientRegistrationRepository clientRegistrationRepository;
 
 		private ServerAuthenticationConverter authenticationConverter;
@@ -1430,8 +1440,8 @@ public class ServerHttpSecurity {
 
 		private ServerAuthenticationConverter getAuthenticationConverter() {
 			if (this.authenticationConverter == null) {
-				ServerOAuth2AuthorizationCodeAuthenticationTokenConverter authenticationConverter =
-						new ServerOAuth2AuthorizationCodeAuthenticationTokenConverter(getClientRegistrationRepository());
+				ServerOAuth2AuthorizationCodeAuthenticationTokenConverter authenticationConverter = new ServerOAuth2AuthorizationCodeAuthenticationTokenConverter(
+						getClientRegistrationRepository());
 				authenticationConverter.setAuthorizationRequestRepository(getAuthorizationRequestRepository());
 				this.authenticationConverter = authenticationConverter;
 			}
@@ -1450,34 +1460,39 @@ public class ServerHttpSecurity {
 		}
 
 		/**
-		 * Gets the {@link ReactiveAuthenticationManager} to use. First tries an explicitly configured manager, and
-		 * defaults to {@link OAuth2AuthorizationCodeReactiveAuthenticationManager}
-		 *
+		 * Gets the {@link ReactiveAuthenticationManager} to use. First tries an
+		 * explicitly configured manager, and defaults to
+		 * {@link OAuth2AuthorizationCodeReactiveAuthenticationManager}
 		 * @return the {@link ReactiveAuthenticationManager} to use
 		 */
 		private ReactiveAuthenticationManager getAuthenticationManager() {
 			if (this.authenticationManager == null) {
-				this.authenticationManager = new OAuth2AuthorizationCodeReactiveAuthenticationManager(new WebClientReactiveAuthorizationCodeTokenResponseClient());
+				this.authenticationManager = new OAuth2AuthorizationCodeReactiveAuthenticationManager(
+						new WebClientReactiveAuthorizationCodeTokenResponseClient());
 			}
 			return this.authenticationManager;
 		}
 
 		/**
-		 * Configures the {@link ReactiveClientRegistrationRepository}. Default is to look the value up as a Bean.
+		 * Configures the {@link ReactiveClientRegistrationRepository}. Default is to look
+		 * the value up as a Bean.
 		 * @param clientRegistrationRepository the repository to use
 		 * @return the {@link OAuth2ClientSpec} to customize
 		 */
-		public OAuth2ClientSpec clientRegistrationRepository(ReactiveClientRegistrationRepository clientRegistrationRepository) {
+		public OAuth2ClientSpec clientRegistrationRepository(
+				ReactiveClientRegistrationRepository clientRegistrationRepository) {
 			this.clientRegistrationRepository = clientRegistrationRepository;
 			return this;
 		}
 
 		/**
-		 * Configures the {@link ReactiveClientRegistrationRepository}. Default is to look the value up as a Bean.
+		 * Configures the {@link ReactiveClientRegistrationRepository}. Default is to look
+		 * the value up as a Bean.
 		 * @param authorizedClientRepository the repository to use
 		 * @return the {@link OAuth2ClientSpec} to customize
 		 */
-		public OAuth2ClientSpec authorizedClientRepository(ServerOAuth2AuthorizedClientRepository authorizedClientRepository) {
+		public OAuth2ClientSpec authorizedClientRepository(
+				ServerOAuth2AuthorizedClientRepository authorizedClientRepository) {
 			this.authorizedClientRepository = authorizedClientRepository;
 			return this;
 		}
@@ -1486,7 +1501,8 @@ public class ServerHttpSecurity {
 		 * Sets the repository to use for storing {@link OAuth2AuthorizationRequest}'s.
 		 *
 		 * @since 5.2
-		 * @param authorizationRequestRepository the repository to use for storing {@link OAuth2AuthorizationRequest}'s
+		 * @param authorizationRequestRepository the repository to use for storing
+		 * {@link OAuth2AuthorizationRequest}'s
 		 * @return the {@link OAuth2ClientSpec} to customize
 		 */
 		public OAuth2ClientSpec authorizationRequestRepository(
@@ -1548,8 +1564,7 @@ public class ServerHttpSecurity {
 			if (result == null) {
 				ReactiveOAuth2AuthorizedClientService authorizedClientService = getAuthorizedClientService();
 				if (authorizedClientService != null) {
-					result = new AuthenticatedPrincipalServerOAuth2AuthorizedClientRepository(
-							authorizedClientService);
+					result = new AuthenticatedPrincipalServerOAuth2AuthorizedClientRepository(authorizedClientService);
 				}
 			}
 			return result;
@@ -1563,7 +1578,9 @@ public class ServerHttpSecurity {
 			return service;
 		}
 
-		private OAuth2ClientSpec() {}
+		private OAuth2ClientSpec() {
+		}
+
 	}
 
 	/**
@@ -1580,7 +1597,6 @@ public class ServerHttpSecurity {
 	 *      return http.build();
 	 *  }
 	 * </pre>
-	 *
 	 * @return the {@link OAuth2ResourceServerSpec} to customize
 	 */
 	public OAuth2ResourceServerSpec oauth2ResourceServer() {
@@ -1608,12 +1624,12 @@ public class ServerHttpSecurity {
 	 *      return http.build();
 	 *  }
 	 * </pre>
-	 *
-	 * @param oauth2ResourceServerCustomizer the {@link Customizer} to provide more options for
-	 * the {@link OAuth2ResourceServerSpec}
+	 * @param oauth2ResourceServerCustomizer the {@link Customizer} to provide more
+	 * options for the {@link OAuth2ResourceServerSpec}
 	 * @return the {@link ServerHttpSecurity} to customize
 	 */
-	public ServerHttpSecurity oauth2ResourceServer(Customizer<OAuth2ResourceServerSpec> oauth2ResourceServerCustomizer) {
+	public ServerHttpSecurity oauth2ResourceServer(
+			Customizer<OAuth2ResourceServerSpec> oauth2ResourceServerCustomizer) {
 		if (this.resourceServer == null) {
 			this.resourceServer = new OAuth2ResourceServerSpec();
 		}
@@ -1625,20 +1641,26 @@ public class ServerHttpSecurity {
 	 * Configures OAuth2 Resource Server Support
 	 */
 	public class OAuth2ResourceServerSpec {
+
 		private ServerAuthenticationEntryPoint entryPoint = new BearerTokenServerAuthenticationEntryPoint();
+
 		private ServerAccessDeniedHandler accessDeniedHandler = new BearerTokenServerAccessDeniedHandler();
+
 		private ServerAuthenticationConverter bearerTokenConverter = new ServerBearerTokenAuthenticationConverter();
+
 		private AuthenticationConverterServerWebExchangeMatcher authenticationConverterServerWebExchangeMatcher;
 
 		private JwtSpec jwt;
+
 		private OpaqueTokenSpec opaqueToken;
+
 		private ReactiveAuthenticationManagerResolver<ServerWebExchange> authenticationManagerResolver;
 
 		/**
-		 * Configures the {@link ServerAccessDeniedHandler} to use for requests authenticating with
-		 * <a href="https://tools.ietf.org/html/rfc6750#section-1.2" target="_blank">Bearer Token</a>s.
-		 * requests.
-		 *
+		 * Configures the {@link ServerAccessDeniedHandler} to use for requests
+		 * authenticating with
+		 * <a href="https://tools.ietf.org/html/rfc6750#section-1.2" target=
+		 * "_blank">Bearer Token</a>s. requests.
 		 * @param accessDeniedHandler the {@link ServerAccessDeniedHandler} to use
 		 * @return the {@link OAuth2ResourceServerSpec} for additional configuration
 		 * @since 5.2
@@ -1650,9 +1672,10 @@ public class ServerHttpSecurity {
 		}
 
 		/**
-		 * Configures the {@link ServerAuthenticationEntryPoint} to use for requests authenticating with
-		 * <a href="https://tools.ietf.org/html/rfc6750#section-1.2" target="_blank">Bearer Token</a>s.
-		 *
+		 * Configures the {@link ServerAuthenticationEntryPoint} to use for requests
+		 * authenticating with
+		 * <a href="https://tools.ietf.org/html/rfc6750#section-1.2" target=
+		 * "_blank">Bearer Token</a>s.
 		 * @param entryPoint the {@link ServerAuthenticationEntryPoint} to use
 		 * @return the {@link OAuth2ResourceServerSpec} for additional configuration
 		 * @since 5.2
@@ -1664,9 +1687,10 @@ public class ServerHttpSecurity {
 		}
 
 		/**
-		 * Configures the {@link ServerAuthenticationConverter} to use for requests authenticating with
-		 * <a href="https://tools.ietf.org/html/rfc6750#section-1.2" target="_blank">Bearer Token</a>s.
-		 *
+		 * Configures the {@link ServerAuthenticationConverter} to use for requests
+		 * authenticating with
+		 * <a href="https://tools.ietf.org/html/rfc6750#section-1.2" target=
+		 * "_blank">Bearer Token</a>s.
 		 * @param bearerTokenConverter The {@link ServerAuthenticationConverter} to use
 		 * @return The {@link OAuth2ResourceServerSpec} for additional configuration
 		 * @since 5.2
@@ -1679,8 +1703,8 @@ public class ServerHttpSecurity {
 
 		/**
 		 * Configures the {@link ReactiveAuthenticationManagerResolver}
-		 *
-		 * @param authenticationManagerResolver the {@link ReactiveAuthenticationManagerResolver}
+		 * @param authenticationManagerResolver the
+		 * {@link ReactiveAuthenticationManagerResolver}
 		 * @return the {@link OAuth2ResourceServerSpec} for additional configuration
 		 * @since 5.3
 		 */
@@ -1693,7 +1717,6 @@ public class ServerHttpSecurity {
 
 		/**
 		 * Enables JWT Resource Server support.
-		 *
 		 * @return the {@link JwtSpec} for additional configuration
 		 */
 		public JwtSpec jwt() {
@@ -1705,9 +1728,8 @@ public class ServerHttpSecurity {
 
 		/**
 		 * Enables JWT Resource Server support.
-		 *
-		 * @param jwtCustomizer the {@link Customizer} to provide more options for
-		 * the {@link JwtSpec}
+		 * @param jwtCustomizer the {@link Customizer} to provide more options for the
+		 * {@link JwtSpec}
 		 * @return the {@link OAuth2ResourceServerSpec} to customize
 		 */
 		public OAuth2ResourceServerSpec jwt(Customizer<JwtSpec> jwtCustomizer) {
@@ -1720,7 +1742,6 @@ public class ServerHttpSecurity {
 
 		/**
 		 * Enables Opaque Token Resource Server support.
-		 *
 		 * @return the {@link OpaqueTokenSpec} for additional configuration
 		 */
 		public OpaqueTokenSpec opaqueToken() {
@@ -1732,7 +1753,6 @@ public class ServerHttpSecurity {
 
 		/**
 		 * Enables Opaque Token Resource Server support.
-		 *
 		 * @param opaqueTokenCustomizer the {@link Customizer} to provide more options for
 		 * the {@link OpaqueTokenSpec}
 		 * @return the {@link OAuth2ResourceServerSpec} to customize
@@ -1746,8 +1766,8 @@ public class ServerHttpSecurity {
 		}
 
 		protected void configure(ServerHttpSecurity http) {
-			this.authenticationConverterServerWebExchangeMatcher =
-					new AuthenticationConverterServerWebExchangeMatcher(this.bearerTokenConverter);
+			this.authenticationConverterServerWebExchangeMatcher = new AuthenticationConverterServerWebExchangeMatcher(
+					this.bearerTokenConverter);
 
 			registerDefaultAccessDeniedHandler(http);
 			registerDefaultAuthenticationEntryPoint(http);
@@ -1760,9 +1780,11 @@ public class ServerHttpSecurity {
 				oauth2.setServerAuthenticationConverter(bearerTokenConverter);
 				oauth2.setAuthenticationFailureHandler(new ServerAuthenticationEntryPointFailureHandler(entryPoint));
 				http.addFilterAt(oauth2, SecurityWebFiltersOrder.AUTHENTICATION);
-			} else if (this.jwt != null) {
+			}
+			else if (this.jwt != null) {
 				this.jwt.configure(http);
-			} else if (this.opaqueToken != null) {
+			}
+			else if (this.opaqueToken != null) {
 				this.opaqueToken.configure(http);
 			}
 		}
@@ -1770,48 +1792,45 @@ public class ServerHttpSecurity {
 		private void validateConfiguration() {
 			if (this.authenticationManagerResolver == null) {
 				if (this.jwt == null && this.opaqueToken == null) {
-					throw new IllegalStateException("Jwt and Opaque Token are the only supported formats for bearer tokens " +
-							"in Spring Security and neither was found. Make sure to configure JWT " +
-							"via http.oauth2ResourceServer().jwt() or Opaque Tokens via " +
-							"http.oauth2ResourceServer().opaqueToken().");
+					throw new IllegalStateException(
+							"Jwt and Opaque Token are the only supported formats for bearer tokens "
+									+ "in Spring Security and neither was found. Make sure to configure JWT "
+									+ "via http.oauth2ResourceServer().jwt() or Opaque Tokens via "
+									+ "http.oauth2ResourceServer().opaqueToken().");
 				}
 
 				if (this.jwt != null && this.opaqueToken != null) {
-					throw new IllegalStateException("Spring Security only supports JWTs or Opaque Tokens, not both at the " +
-							"same time.");
+					throw new IllegalStateException(
+							"Spring Security only supports JWTs or Opaque Tokens, not both at the " + "same time.");
 				}
-			} else {
+			}
+			else {
 				if (this.jwt != null || this.opaqueToken != null) {
-					throw new IllegalStateException("If an authenticationManagerResolver() is configured, then it takes " +
-							"precedence over any jwt() or opaqueToken() configuration.");
+					throw new IllegalStateException(
+							"If an authenticationManagerResolver() is configured, then it takes "
+									+ "precedence over any jwt() or opaqueToken() configuration.");
 				}
 			}
 		}
 
 		private void registerDefaultAccessDeniedHandler(ServerHttpSecurity http) {
-			if ( http.exceptionHandling != null ) {
-				http.defaultAccessDeniedHandlers.add(
-						new ServerWebExchangeDelegatingServerAccessDeniedHandler.DelegateEntry(
+			if (http.exceptionHandling != null) {
+				http.defaultAccessDeniedHandlers
+						.add(new ServerWebExchangeDelegatingServerAccessDeniedHandler.DelegateEntry(
 								this.authenticationConverterServerWebExchangeMatcher,
-								OAuth2ResourceServerSpec.this.accessDeniedHandler
-						)
-				);
+								OAuth2ResourceServerSpec.this.accessDeniedHandler));
 			}
 		}
 
 		private void registerDefaultAuthenticationEntryPoint(ServerHttpSecurity http) {
 			if (http.exceptionHandling != null) {
-				http.defaultEntryPoints.add(
-						new DelegateEntry(
-								this.authenticationConverterServerWebExchangeMatcher,
-								OAuth2ResourceServerSpec.this.entryPoint
-						)
-				);
+				http.defaultEntryPoints.add(new DelegateEntry(this.authenticationConverterServerWebExchangeMatcher,
+						OAuth2ResourceServerSpec.this.entryPoint));
 			}
 		}
 
 		private void registerDefaultCsrfOverride(ServerHttpSecurity http) {
-			if ( http.csrf != null && !http.csrf.specifiedRequireCsrfProtectionMatcher ) {
+			if (http.csrf != null && !http.csrf.specifiedRequireCsrfProtectionMatcher) {
 				// @formatter:off
 				http
 					.csrf()
@@ -1825,6 +1844,7 @@ public class ServerHttpSecurity {
 		}
 
 		private class BearerTokenAuthenticationWebFilter extends AuthenticationWebFilter {
+
 			private ServerAuthenticationFailureHandler authenticationFailureHandler;
 
 			BearerTokenAuthenticationWebFilter(ReactiveAuthenticationManager authenticationManager) {
@@ -1834,26 +1854,30 @@ public class ServerHttpSecurity {
 			@Override
 			public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
 				WebFilterExchange webFilterExchange = new WebFilterExchange(exchange, chain);
-				return super.filter(exchange, chain)
-						.onErrorResume(AuthenticationException.class, e -> this.authenticationFailureHandler
-								.onAuthenticationFailure(webFilterExchange, e));
+				return super.filter(exchange, chain).onErrorResume(AuthenticationException.class,
+						e -> this.authenticationFailureHandler.onAuthenticationFailure(webFilterExchange, e));
 			}
 
 			@Override
-			public void setAuthenticationFailureHandler(ServerAuthenticationFailureHandler authenticationFailureHandler) {
+			public void setAuthenticationFailureHandler(
+					ServerAuthenticationFailureHandler authenticationFailureHandler) {
 				super.setAuthenticationFailureHandler(authenticationFailureHandler);
 				this.authenticationFailureHandler = authenticationFailureHandler;
 			}
+
 		}
 
 		/**
 		 * Configures JWT Resource Server Support
 		 */
 		public class JwtSpec {
+
 			private ReactiveAuthenticationManager authenticationManager;
+
 			private ReactiveJwtDecoder jwtDecoder;
-			private Converter<Jwt, ? extends Mono<? extends AbstractAuthenticationToken>> jwtAuthenticationConverter
-					= new ReactiveJwtAuthenticationConverterAdapter(new JwtAuthenticationConverter());
+
+			private Converter<Jwt, ? extends Mono<? extends AbstractAuthenticationToken>> jwtAuthenticationConverter = new ReactiveJwtAuthenticationConverterAdapter(
+					new JwtAuthenticationConverter());
 
 			/**
 			 * Configures the {@link ReactiveAuthenticationManager} to use
@@ -1869,13 +1893,12 @@ public class ServerHttpSecurity {
 			/**
 			 * Configures the {@link Converter} to use for converting a {@link Jwt} into
 			 * an {@link AbstractAuthenticationToken}.
-			 *
 			 * @param jwtAuthenticationConverter the converter to use
 			 * @return the {@code JwtSpec} for additional configuration
 			 * @since 5.1.1
 			 */
-			public JwtSpec jwtAuthenticationConverter
-					(Converter<Jwt, ? extends Mono<? extends AbstractAuthenticationToken>> jwtAuthenticationConverter) {
+			public JwtSpec jwtAuthenticationConverter(
+					Converter<Jwt, ? extends Mono<? extends AbstractAuthenticationToken>> jwtAuthenticationConverter) {
 				Assert.notNull(jwtAuthenticationConverter, "jwtAuthenticationConverter cannot be null");
 				this.jwtAuthenticationConverter = jwtAuthenticationConverter;
 				return this;
@@ -1892,8 +1915,8 @@ public class ServerHttpSecurity {
 			}
 
 			/**
-			 * Configures a {@link ReactiveJwtDecoder} that leverages the provided {@link RSAPublicKey}
-			 *
+			 * Configures a {@link ReactiveJwtDecoder} that leverages the provided
+			 * {@link RSAPublicKey}
 			 * @param publicKey the public key to use.
 			 * @return the {@code JwtSpec} for additional configuration
 			 */
@@ -1904,7 +1927,8 @@ public class ServerHttpSecurity {
 
 			/**
 			 * Configures a {@link ReactiveJwtDecoder} using
-			 * <a target="_blank" href="https://tools.ietf.org/html/rfc7517">JSON Web Key (JWK)</a> URL
+			 * <a target="_blank" href="https://tools.ietf.org/html/rfc7517">JSON Web Key
+			 * (JWK)</a> URL
 			 * @param jwkSetUri the URL to use.
 			 * @return the {@code JwtSpec} for additional configuration
 			 */
@@ -1935,8 +1959,7 @@ public class ServerHttpSecurity {
 				return this.jwtDecoder;
 			}
 
-			protected Converter<Jwt, ? extends Mono<? extends AbstractAuthenticationToken>>
-					getJwtAuthenticationConverter() {
+			protected Converter<Jwt, ? extends Mono<? extends AbstractAuthenticationToken>> getJwtAuthenticationConverter() {
 
 				return this.jwtAuthenticationConverter;
 			}
@@ -1947,14 +1970,14 @@ public class ServerHttpSecurity {
 				}
 
 				ReactiveJwtDecoder jwtDecoder = getJwtDecoder();
-				Converter<Jwt, ? extends Mono<? extends AbstractAuthenticationToken>> jwtAuthenticationConverter =
-						getJwtAuthenticationConverter();
-				JwtReactiveAuthenticationManager authenticationManager =
-						new JwtReactiveAuthenticationManager(jwtDecoder);
+				Converter<Jwt, ? extends Mono<? extends AbstractAuthenticationToken>> jwtAuthenticationConverter = getJwtAuthenticationConverter();
+				JwtReactiveAuthenticationManager authenticationManager = new JwtReactiveAuthenticationManager(
+						jwtDecoder);
 				authenticationManager.setJwtAuthenticationConverter(jwtAuthenticationConverter);
 
 				return authenticationManager;
 			}
+
 		}
 
 		/**
@@ -1964,9 +1987,13 @@ public class ServerHttpSecurity {
 		 * @since 5.2
 		 */
 		public class OpaqueTokenSpec {
+
 			private String introspectionUri;
+
 			private String clientId;
+
 			private String clientSecret;
+
 			private Supplier<ReactiveOpaqueTokenIntrospector> introspector;
 
 			/**
@@ -1977,9 +2004,8 @@ public class ServerHttpSecurity {
 			public OpaqueTokenSpec introspectionUri(String introspectionUri) {
 				Assert.hasText(introspectionUri, "introspectionUri cannot be empty");
 				this.introspectionUri = introspectionUri;
-				this.introspector = () ->
-						new NimbusReactiveOpaqueTokenIntrospector(
-								this.introspectionUri, this.clientId, this.clientSecret);
+				this.introspector = () -> new NimbusReactiveOpaqueTokenIntrospector(this.introspectionUri,
+						this.clientId, this.clientSecret);
 				return this;
 			}
 
@@ -1994,9 +2020,8 @@ public class ServerHttpSecurity {
 				Assert.notNull(clientSecret, "clientSecret cannot be null");
 				this.clientId = clientId;
 				this.clientSecret = clientSecret;
-				this.introspector = () ->
-						new NimbusReactiveOpaqueTokenIntrospector(
-								this.introspectionUri, this.clientId, this.clientSecret);
+				this.introspector = () -> new NimbusReactiveOpaqueTokenIntrospector(this.introspectionUri,
+						this.clientId, this.clientSecret);
 				return this;
 			}
 
@@ -2007,7 +2032,8 @@ public class ServerHttpSecurity {
 			}
 
 			/**
-			 * Allows method chaining to continue configuring the {@link ServerHttpSecurity}
+			 * Allows method chaining to continue configuring the
+			 * {@link ServerHttpSecurity}
 			 * @return the {@link ServerHttpSecurity} to continue configuring
 			 */
 			public OAuth2ResourceServerSpec and() {
@@ -2033,12 +2059,15 @@ public class ServerHttpSecurity {
 				http.addFilterAt(oauth2, SecurityWebFiltersOrder.AUTHENTICATION);
 			}
 
-			private OpaqueTokenSpec() {}
+			private OpaqueTokenSpec() {
+			}
+
 		}
 
 		public ServerHttpSecurity and() {
 			return ServerHttpSecurity.this;
 		}
+
 	}
 
 	/**
@@ -2073,7 +2102,6 @@ public class ServerHttpSecurity {
 	 *      return http.build();
 	 *  }
 	 * </pre>
-	 *
 	 * @return the {@link HeaderSpec} to customize
 	 */
 	public HeaderSpec headers() {
@@ -2121,9 +2149,8 @@ public class ServerHttpSecurity {
 	 *      return http.build();
 	 *  }
 	 * </pre>
-	 *
-	 * @param headerCustomizer the {@link Customizer} to provide more options for
-	 * the {@link HeaderSpec}
+	 * @param headerCustomizer the {@link Customizer} to provide more options for the
+	 * {@link HeaderSpec}
 	 * @return the {@link ServerHttpSecurity} to customize
 	 */
 	public ServerHttpSecurity headers(Customizer<HeaderSpec> headerCustomizer) {
@@ -2135,8 +2162,8 @@ public class ServerHttpSecurity {
 	}
 
 	/**
-	 * Configures exception handling (i.e. handles when authentication is requested). An example configuration can
-	 * be found below:
+	 * Configures exception handling (i.e. handles when authentication is requested). An
+	 * example configuration can be found below:
 	 *
 	 * <pre class="code">
 	 *  &#064;Bean
@@ -2149,7 +2176,6 @@ public class ServerHttpSecurity {
 	 *      return http.build();
 	 *  }
 	 * </pre>
-	 *
 	 * @return the {@link ExceptionHandlingSpec} to customize
 	 */
 	public ExceptionHandlingSpec exceptionHandling() {
@@ -2160,8 +2186,8 @@ public class ServerHttpSecurity {
 	}
 
 	/**
-	 * Configures exception handling (i.e. handles when authentication is requested). An example configuration can
-	 * be found below:
+	 * Configures exception handling (i.e. handles when authentication is requested). An
+	 * example configuration can be found below:
 	 *
 	 * <pre class="code">
 	 *  &#064;Bean
@@ -2176,9 +2202,8 @@ public class ServerHttpSecurity {
 	 *      return http.build();
 	 *  }
 	 * </pre>
-	 *
-	 * @param exceptionHandlingCustomizer the {@link Customizer} to provide more options for
-	 * the {@link ExceptionHandlingSpec}
+	 * @param exceptionHandlingCustomizer the {@link Customizer} to provide more options
+	 * for the {@link ExceptionHandlingSpec}
 	 * @return the {@link ServerHttpSecurity} to customize
 	 */
 	public ServerHttpSecurity exceptionHandling(Customizer<ExceptionHandlingSpec> exceptionHandlingCustomizer) {
@@ -2217,7 +2242,6 @@ public class ServerHttpSecurity {
 	 *      return http.build();
 	 *  }
 	 * </pre>
-	 *
 	 * @return the {@link AuthorizeExchangeSpec} to customize
 	 */
 	public AuthorizeExchangeSpec authorizeExchange() {
@@ -2257,9 +2281,8 @@ public class ServerHttpSecurity {
 	 *      return http.build();
 	 *  }
 	 * </pre>
-	 *
-	 * @param authorizeExchangeCustomizer the {@link Customizer} to provide more options for
-	 * the {@link AuthorizeExchangeSpec}
+	 * @param authorizeExchangeCustomizer the {@link Customizer} to provide more options
+	 * for the {@link AuthorizeExchangeSpec}
 	 * @return the {@link ServerHttpSecurity} to customize
 	 */
 	public ServerHttpSecurity authorizeExchange(Customizer<AuthorizeExchangeSpec> authorizeExchangeCustomizer) {
@@ -2317,9 +2340,8 @@ public class ServerHttpSecurity {
 	 *      return http.build();
 	 *  }
 	 * </pre>
-	 *
-	 * @param logoutCustomizer the {@link Customizer} to provide more options for
-	 * the {@link LogoutSpec}
+	 * @param logoutCustomizer the {@link Customizer} to provide more options for the
+	 * {@link LogoutSpec}
 	 * @return the {@link ServerHttpSecurity} to customize
 	 */
 	public ServerHttpSecurity logout(Customizer<LogoutSpec> logoutCustomizer) {
@@ -2331,8 +2353,9 @@ public class ServerHttpSecurity {
 	}
 
 	/**
-	 * Configures the request cache which is used when a flow is interrupted (i.e. due to requesting credentials) so
-	 * that the request can be replayed after authentication. An example configuration can be found below:
+	 * Configures the request cache which is used when a flow is interrupted (i.e. due to
+	 * requesting credentials) so that the request can be replayed after authentication.
+	 * An example configuration can be found below:
 	 *
 	 * <pre class="code">
 	 *  &#064;Bean
@@ -2345,7 +2368,6 @@ public class ServerHttpSecurity {
 	 *      return http.build();
 	 *  }
 	 * </pre>
-	 *
 	 * @return the {@link RequestCacheSpec} to customize
 	 */
 	public RequestCacheSpec requestCache() {
@@ -2353,8 +2375,9 @@ public class ServerHttpSecurity {
 	}
 
 	/**
-	 * Configures the request cache which is used when a flow is interrupted (i.e. due to requesting credentials) so
-	 * that the request can be replayed after authentication. An example configuration can be found below:
+	 * Configures the request cache which is used when a flow is interrupted (i.e. due to
+	 * requesting credentials) so that the request can be replayed after authentication.
+	 * An example configuration can be found below:
 	 *
 	 * <pre class="code">
 	 *  &#064;Bean
@@ -2369,7 +2392,6 @@ public class ServerHttpSecurity {
 	 *      return http.build();
 	 *  }
 	 * </pre>
-	 *
 	 * @param requestCacheCustomizer the {@link Customizer} to provide more options for
 	 * the {@link RequestCacheSpec}
 	 * @return the {@link ServerHttpSecurity} to customize
@@ -2395,7 +2417,8 @@ public class ServerHttpSecurity {
 	 */
 	public SecurityWebFilterChain build() {
 		if (this.built != null) {
-			throw new IllegalStateException("This has already been built with the following stacktrace. " + buildToString());
+			throw new IllegalStateException(
+					"This has already been built with the following stacktrace. " + buildToString());
 		}
 		this.built = new RuntimeException("First Build Invocation").fillInStackTrace();
 		if (this.headers != null) {
@@ -2471,25 +2494,24 @@ public class ServerHttpSecurity {
 			this.logout.configure(this);
 		}
 		this.requestCache.configure(this);
-		this.addFilterAt(new SecurityContextServerWebExchangeWebFilter(), SecurityWebFiltersOrder.SECURITY_CONTEXT_SERVER_WEB_EXCHANGE);
+		this.addFilterAt(new SecurityContextServerWebExchangeWebFilter(),
+				SecurityWebFiltersOrder.SECURITY_CONTEXT_SERVER_WEB_EXCHANGE);
 		if (this.authorizeExchange != null) {
 			ServerAuthenticationEntryPoint authenticationEntryPoint = getAuthenticationEntryPoint();
 			ExceptionTranslationWebFilter exceptionTranslationWebFilter = new ExceptionTranslationWebFilter();
 			if (authenticationEntryPoint != null) {
-				exceptionTranslationWebFilter.setAuthenticationEntryPoint(
-					authenticationEntryPoint);
+				exceptionTranslationWebFilter.setAuthenticationEntryPoint(authenticationEntryPoint);
 			}
 			ServerAccessDeniedHandler accessDeniedHandler = getAccessDeniedHandler();
 			if (accessDeniedHandler != null) {
-				exceptionTranslationWebFilter.setAccessDeniedHandler(
-						accessDeniedHandler);
+				exceptionTranslationWebFilter.setAccessDeniedHandler(accessDeniedHandler);
 			}
 			this.addFilterAt(exceptionTranslationWebFilter, SecurityWebFiltersOrder.EXCEPTION_TRANSLATION);
 			this.authorizeExchange.configure(this);
 		}
 		AnnotationAwareOrderComparator.sort(this.webFilters);
 		List<WebFilter> sortedWebFilters = new ArrayList<>();
-		this.webFilters.forEach( f -> {
+		this.webFilters.forEach(f -> {
 			if (f instanceof OrderedWebFilter) {
 				f = ((OrderedWebFilter) f).webFilter;
 			}
@@ -2500,8 +2522,8 @@ public class ServerHttpSecurity {
 	}
 
 	private String buildToString() {
-		try(StringWriter writer = new StringWriter()) {
-			try(PrintWriter printer = new PrintWriter(writer)) {
+		try (StringWriter writer = new StringWriter()) {
+			try (PrintWriter printer = new PrintWriter(writer)) {
 				printer.println();
 				printer.println();
 				this.built.printStackTrace(printer);
@@ -2509,7 +2531,8 @@ public class ServerHttpSecurity {
 				printer.println();
 				return writer.toString();
 			}
-		} catch(IOException e) {
+		}
+		catch (IOException e) {
 			throw new RuntimeException(e);
 		}
 	}
@@ -2521,7 +2544,8 @@ public class ServerHttpSecurity {
 		if (this.defaultEntryPoints.size() == 1) {
 			return this.defaultEntryPoints.get(0).getEntryPoint();
 		}
-		DelegatingServerAuthenticationEntryPoint result = new DelegatingServerAuthenticationEntryPoint(this.defaultEntryPoints);
+		DelegatingServerAuthenticationEntryPoint result = new DelegatingServerAuthenticationEntryPoint(
+				this.defaultEntryPoints);
 		result.setDefaultEntryPoint(this.defaultEntryPoints.get(this.defaultEntryPoints.size() - 1).getEntryPoint());
 		return result;
 	}
@@ -2533,8 +2557,8 @@ public class ServerHttpSecurity {
 		if (this.defaultAccessDeniedHandlers.size() == 1) {
 			return this.defaultAccessDeniedHandlers.get(0).getAccessDeniedHandler();
 		}
-		ServerWebExchangeDelegatingServerAccessDeniedHandler result =
-				new ServerWebExchangeDelegatingServerAccessDeniedHandler(this.defaultAccessDeniedHandlers);
+		ServerWebExchangeDelegatingServerAccessDeniedHandler result = new ServerWebExchangeDelegatingServerAccessDeniedHandler(
+				this.defaultAccessDeniedHandlers);
 		result.setDefaultAccessDeniedHandler(this.defaultAccessDeniedHandlers
 				.get(this.defaultAccessDeniedHandlers.size() - 1).getAccessDeniedHandler());
 		return result;
@@ -2549,13 +2573,14 @@ public class ServerHttpSecurity {
 	}
 
 	private WebFilter securityContextRepositoryWebFilter() {
-		ServerSecurityContextRepository repository = this.securityContextRepository == null ?
-				new WebSessionServerSecurityContextRepository() : this.securityContextRepository;
+		ServerSecurityContextRepository repository = this.securityContextRepository == null
+				? new WebSessionServerSecurityContextRepository() : this.securityContextRepository;
 		WebFilter result = new ReactorContextWebFilter(repository);
 		return new OrderedWebFilter(result, SecurityWebFiltersOrder.REACTOR_CONTEXT.getOrder());
 	}
 
-	protected ServerHttpSecurity() {}
+	protected ServerHttpSecurity() {
+	}
 
 	/**
 	 * Configures authorization
@@ -2564,10 +2589,13 @@ public class ServerHttpSecurity {
 	 * @since 5.0
 	 * @see #authorizeExchange()
 	 */
-	public class AuthorizeExchangeSpec
-		extends AbstractServerWebExchangeMatcherRegistry<AuthorizeExchangeSpec.Access> {
-		private DelegatingReactiveAuthorizationManager.Builder managerBldr = DelegatingReactiveAuthorizationManager.builder();
+	public class AuthorizeExchangeSpec extends AbstractServerWebExchangeMatcherRegistry<AuthorizeExchangeSpec.Access> {
+
+		private DelegatingReactiveAuthorizationManager.Builder managerBldr = DelegatingReactiveAuthorizationManager
+				.builder();
+
 		private ServerWebExchangeMatcher matcher;
+
 		private boolean anyExchangeRegistered;
 
 		/**
@@ -2592,7 +2620,8 @@ public class ServerHttpSecurity {
 		@Override
 		protected Access registerMatcher(ServerWebExchangeMatcher matcher) {
 			if (this.anyExchangeRegistered) {
-				throw new IllegalStateException("Cannot register " + matcher + " which would be unreachable because anyExchange() has already been registered.");
+				throw new IllegalStateException("Cannot register " + matcher
+						+ " which would be unreachable because anyExchange() has already been registered.");
 			}
 			if (this.matcher != null) {
 				throw new IllegalStateException("The matcher " + matcher + " does not have an access rule defined");
@@ -2603,7 +2632,8 @@ public class ServerHttpSecurity {
 
 		protected void configure(ServerHttpSecurity http) {
 			if (this.matcher != null) {
-				throw new IllegalStateException("The matcher " + this.matcher + " does not have an access rule defined");
+				throw new IllegalStateException(
+						"The matcher " + this.matcher + " does not have an access rule defined");
 			}
 			AuthorizationWebFilter result = new AuthorizationWebFilter(this.managerBldr.build());
 			http.addFilterAt(result, SecurityWebFiltersOrder.AUTHORIZATION);
@@ -2619,7 +2649,7 @@ public class ServerHttpSecurity {
 			 * @return the {@link AuthorizeExchangeSpec} to configure
 			 */
 			public AuthorizeExchangeSpec permitAll() {
-				return access( (a, e) -> Mono.just(new AuthorizationDecision(true)));
+				return access((a, e) -> Mono.just(new AuthorizationDecision(true)));
 			}
 
 			/**
@@ -2627,11 +2657,12 @@ public class ServerHttpSecurity {
 			 * @return the {@link AuthorizeExchangeSpec} to configure
 			 */
 			public AuthorizeExchangeSpec denyAll() {
-				return access( (a, e) -> Mono.just(new AuthorizationDecision(false)));
+				return access((a, e) -> Mono.just(new AuthorizationDecision(false)));
 			}
 
 			/**
-			 * Require a specific role. This is a shorcut for {@link #hasAuthority(String)}
+			 * Require a specific role. This is a shorcut for
+			 * {@link #hasAuthority(String)}
 			 * @param role the role (i.e. "USER" would require "ROLE_USER")
 			 * @return the {@link AuthorizeExchangeSpec} to configure
 			 */
@@ -2640,7 +2671,8 @@ public class ServerHttpSecurity {
 			}
 
 			/**
-			 * Require any specific role. This is a shortcut for {@link #hasAnyAuthority(String...)}
+			 * Require any specific role. This is a shortcut for
+			 * {@link #hasAnyAuthority(String...)}
 			 * @param roles the roles (i.e. "USER" would require "ROLE_USER")
 			 * @return the {@link AuthorizeExchangeSpec} to configure
 			 */
@@ -2650,7 +2682,8 @@ public class ServerHttpSecurity {
 
 			/**
 			 * Require a specific authority.
-			 * @param authority the authority to require (i.e. "USER" would require authority of "USER").
+			 * @param authority the authority to require (i.e. "USER" would require
+			 * authority of "USER").
 			 * @return the {@link AuthorizeExchangeSpec} to configure
 			 */
 			public AuthorizeExchangeSpec hasAuthority(String authority) {
@@ -2659,7 +2692,8 @@ public class ServerHttpSecurity {
 
 			/**
 			 * Require any authority
-			 * @param authorities the authorities to require (i.e. "USER" would require authority of "USER").
+			 * @param authorities the authorities to require (i.e. "USER" would require
+			 * authority of "USER").
 			 * @return the {@link AuthorizeExchangeSpec} to configure
 			 */
 			public AuthorizeExchangeSpec hasAnyAuthority(String... authorities) {
@@ -2681,12 +2715,13 @@ public class ServerHttpSecurity {
 			 */
 			public AuthorizeExchangeSpec access(ReactiveAuthorizationManager<AuthorizationContext> manager) {
 				AuthorizeExchangeSpec.this.managerBldr
-					.add(new ServerWebExchangeMatcherEntry<>(
-						AuthorizeExchangeSpec.this.matcher, manager));
+						.add(new ServerWebExchangeMatcherEntry<>(AuthorizeExchangeSpec.this.matcher, manager));
 				AuthorizeExchangeSpec.this.matcher = null;
 				return AuthorizeExchangeSpec.this;
 			}
+
 		}
+
 	}
 
 	/**
@@ -2697,15 +2732,17 @@ public class ServerHttpSecurity {
 	 * @see #redirectToHttps()
 	 */
 	public class HttpsRedirectSpec {
+
 		private ServerWebExchangeMatcher serverWebExchangeMatcher;
+
 		private PortMapper portMapper;
 
 		/**
 		 * Configures when this filter should redirect to https
 		 *
 		 * By default, the filter will redirect whenever an exchange's scheme is not https
-		 *
-		 * @param matchers the list of conditions that, when any are met, the filter should redirect to https
+		 * @param matchers the list of conditions that, when any are met, the filter
+		 * should redirect to https
 		 * @return the {@link HttpsRedirectSpec} for additional configuration
 		 */
 		public HttpsRedirectSpec httpsRedirectWhen(ServerWebExchangeMatcher... matchers) {
@@ -2717,21 +2754,17 @@ public class ServerHttpSecurity {
 		 * Configures when this filter should redirect to https
 		 *
 		 * By default, the filter will redirect whenever an exchange's scheme is not https
-		 *
 		 * @param when determines when to redirect to https
 		 * @return the {@link HttpsRedirectSpec} for additional configuration
 		 */
-		public HttpsRedirectSpec httpsRedirectWhen(
-				Function<ServerWebExchange, Boolean> when) {
-			ServerWebExchangeMatcher matcher = e -> when.apply(e) ?
-					ServerWebExchangeMatcher.MatchResult.match() :
-					ServerWebExchangeMatcher.MatchResult.notMatch();
+		public HttpsRedirectSpec httpsRedirectWhen(Function<ServerWebExchange, Boolean> when) {
+			ServerWebExchangeMatcher matcher = e -> when.apply(e) ? ServerWebExchangeMatcher.MatchResult.match()
+					: ServerWebExchangeMatcher.MatchResult.notMatch();
 			return httpsRedirectWhen(matcher);
 		}
 
 		/**
 		 * Configures a custom HTTPS port to redirect to
-		 *
 		 * @param portMapper the {@link PortMapper} to use
 		 * @return the {@link HttpsRedirectSpec} for additional configuration
 		 */
@@ -2758,66 +2791,67 @@ public class ServerHttpSecurity {
 		public ServerHttpSecurity and() {
 			return ServerHttpSecurity.this;
 		}
+
 	}
 
 	/**
-	 * Configures <a href="https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet">CSRF Protection</a>
+	 * Configures <a href=
+	 * "https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet">CSRF
+	 * Protection</a>
 	 *
 	 * @author Rob Winch
 	 * @since 5.0
 	 * @see #csrf()
 	 */
 	public class CsrfSpec {
+
 		private CsrfWebFilter filter = new CsrfWebFilter();
+
 		private ServerCsrfTokenRepository csrfTokenRepository = new WebSessionServerCsrfTokenRepository();
 
 		private boolean specifiedRequireCsrfProtectionMatcher;
 
 		/**
-		 * Configures the {@link ServerAccessDeniedHandler} used when a CSRF token is invalid. Default is
-		 * to send an {@link org.springframework.http.HttpStatus#FORBIDDEN}.
-		 *
+		 * Configures the {@link ServerAccessDeniedHandler} used when a CSRF token is
+		 * invalid. Default is to send an
+		 * {@link org.springframework.http.HttpStatus#FORBIDDEN}.
 		 * @param accessDeniedHandler the access denied handler.
 		 * @return the {@link CsrfSpec} for additional configuration
 		 */
-		public CsrfSpec accessDeniedHandler(
-			ServerAccessDeniedHandler accessDeniedHandler) {
+		public CsrfSpec accessDeniedHandler(ServerAccessDeniedHandler accessDeniedHandler) {
 			this.filter.setAccessDeniedHandler(accessDeniedHandler);
 			return this;
 		}
 
 		/**
-		 * Configures the {@link ServerCsrfTokenRepository} used to persist the CSRF Token. Default is
+		 * Configures the {@link ServerCsrfTokenRepository} used to persist the CSRF
+		 * Token. Default is
 		 * {@link org.springframework.security.web.server.csrf.WebSessionServerCsrfTokenRepository}.
-		 *
 		 * @param csrfTokenRepository the repository to use
 		 * @return the {@link CsrfSpec} for additional configuration
 		 */
-		public CsrfSpec csrfTokenRepository(
-			ServerCsrfTokenRepository csrfTokenRepository) {
+		public CsrfSpec csrfTokenRepository(ServerCsrfTokenRepository csrfTokenRepository) {
 			this.csrfTokenRepository = csrfTokenRepository;
 			return this;
 		}
 
 		/**
-		 * Configures the {@link ServerWebExchangeMatcher} used to determine when CSRF protection is enabled. Default is
-		 * PUT, POST, DELETE requests.
-		 *
+		 * Configures the {@link ServerWebExchangeMatcher} used to determine when CSRF
+		 * protection is enabled. Default is PUT, POST, DELETE requests.
 		 * @param requireCsrfProtectionMatcher the matcher to use
 		 * @return the {@link CsrfSpec} for additional configuration
 		 */
-		public CsrfSpec requireCsrfProtectionMatcher(
-			ServerWebExchangeMatcher requireCsrfProtectionMatcher) {
+		public CsrfSpec requireCsrfProtectionMatcher(ServerWebExchangeMatcher requireCsrfProtectionMatcher) {
 			this.filter.setRequireCsrfProtectionMatcher(requireCsrfProtectionMatcher);
 			this.specifiedRequireCsrfProtectionMatcher = true;
 			return this;
 		}
 
 		/**
-		 * Specifies if {@link CsrfWebFilter} should try to resolve the actual CSRF token from the body of multipart
-		 * data requests.
-		 *
-		 * @param enabled true if should read from multipart form body, else false. Default is false
+		 * Specifies if {@link CsrfWebFilter} should try to resolve the actual CSRF token
+		 * from the body of multipart data requests.
+		 * @param enabled true if should read from multipart form body, else false.
+		 * Default is false
 		 * @return the {@link CsrfSpec} for additional configuration
 		 */
 		public CsrfSpec tokenFromMultipartDataEnabled(boolean enabled) {
@@ -2825,7 +2859,6 @@ public class ServerHttpSecurity {
 			return this;
 		}
 
-
 		/**
 		 * Allows method chaining to continue configuring the {@link ServerHttpSecurity}
 		 * @return the {@link ServerHttpSecurity} to continue configuring
@@ -2835,8 +2868,8 @@ public class ServerHttpSecurity {
 		}
 
 		/**
-		 * Disables CSRF Protection. Disabling CSRF Protection is only recommended when the application is never used
-		 * within a browser.
+		 * Disables CSRF Protection. Disabling CSRF Protection is only recommended when
+		 * the application is never used within a browser.
 		 * @return the {@link ServerHttpSecurity} to continue configuring
 		 */
 		public ServerHttpSecurity disable() {
@@ -2848,13 +2881,16 @@ public class ServerHttpSecurity {
 			if (this.csrfTokenRepository != null) {
 				this.filter.setCsrfTokenRepository(this.csrfTokenRepository);
 				if (ServerHttpSecurity.this.logout != null) {
-					ServerHttpSecurity.this.logout.addLogoutHandler(new CsrfServerLogoutHandler(this.csrfTokenRepository));
+					ServerHttpSecurity.this.logout
+							.addLogoutHandler(new CsrfServerLogoutHandler(this.csrfTokenRepository));
 				}
 			}
 			http.addFilterAt(this.filter, SecurityWebFiltersOrder.CSRF);
 		}
 
-		private CsrfSpec() {}
+		private CsrfSpec() {
+		}
+
 	}
 
 	/**
@@ -2877,7 +2913,8 @@ public class ServerHttpSecurity {
 		}
 
 		/**
-		 * Configures what to do when an authenticated user does not hold a required authority
+		 * Configures what to do when an authenticated user does not hold a required
+		 * authority
 		 * @param accessDeniedHandler the access denied handler to use
 		 * @return the {@link ExceptionHandlingSpec} to configure
 		 *
@@ -2896,18 +2933,21 @@ public class ServerHttpSecurity {
 			return ServerHttpSecurity.this;
 		}
 
-		private ExceptionHandlingSpec() {}
+		private ExceptionHandlingSpec() {
+		}
+
 	}
 
 	/**
-	 * Configures the request cache which is used when a flow is interrupted (i.e. due to requesting credentials) so
-	 * that the request can be replayed after authentication.
+	 * Configures the request cache which is used when a flow is interrupted (i.e. due to
+	 * requesting credentials) so that the request can be replayed after authentication.
 	 *
 	 * @author Rob Winch
 	 * @since 5.0
 	 * @see #requestCache()
 	 */
 	public class RequestCacheSpec {
+
 		private ServerRequestCache requestCache = new WebSessionServerRequestCache();
 
 		/**
@@ -2944,7 +2984,9 @@ public class ServerHttpSecurity {
 			return and();
 		}
 
-		private RequestCacheSpec() {}
+		private RequestCacheSpec() {
+		}
+
 	}
 
 	/**
@@ -2955,6 +2997,7 @@ public class ServerHttpSecurity {
 	 * @see #httpBasic()
 	 */
 	public class HttpBasicSpec {
+
 		private ReactiveAuthenticationManager authenticationManager;
 
 		private ServerSecurityContextRepository securityContextRepository;
@@ -2964,7 +3007,6 @@ public class ServerHttpSecurity {
 		/**
 		 * The {@link ReactiveAuthenticationManager} used to authenticate. Defaults to
 		 * {@link ServerHttpSecurity#authenticationManager(ReactiveAuthenticationManager)}.
-		 *
 		 * @param authenticationManager the authentication manager to use
 		 * @return the {@link HttpBasicSpec} to continue configuring
 		 */
@@ -2974,11 +3016,11 @@ public class ServerHttpSecurity {
 		}
 
 		/**
-		 * The {@link ServerSecurityContextRepository} used to save the {@code Authentication}. Defaults to
-		 * {@link NoOpServerSecurityContextRepository}. For the {@code SecurityContext} to be loaded on subsequent
-		 * requests the {@link ReactorContextWebFilter} must be configured to be able to load the value (they are not
-		 * implicitly linked).
-		 *
+		 * The {@link ServerSecurityContextRepository} used to save the
+		 * {@code Authentication}. Defaults to
+		 * {@link NoOpServerSecurityContextRepository}. For the {@code SecurityContext} to
+		 * be loaded on subsequent requests the {@link ReactorContextWebFilter} must be
+		 * configured to be able to load the value (they are not implicitly linked).
 		 * @param securityContextRepository the repository to use
 		 * @return the {@link HttpBasicSpec} to continue configuring
 		 */
@@ -2989,12 +3031,13 @@ public class ServerHttpSecurity {
 
 		/**
 		 * Allows easily setting the entry point.
-		 * @param authenticationEntryPoint the {@link ServerAuthenticationEntryPoint} to use
+		 * @param authenticationEntryPoint the {@link ServerAuthenticationEntryPoint} to
+		 * use
 		 * @return {@link HttpBasicSpec} for additional customization
 		 * @since 5.2.0
 		 * @author Ankur Pathak
 		 */
-		public HttpBasicSpec authenticationEntryPoint(ServerAuthenticationEntryPoint authenticationEntryPoint){
+		public HttpBasicSpec authenticationEntryPoint(ServerAuthenticationEntryPoint authenticationEntryPoint) {
 			Assert.notNull(authenticationEntryPoint, "authenticationEntryPoint cannot be null");
 			this.entryPoint = authenticationEntryPoint;
 			return this;
@@ -3019,21 +3062,22 @@ public class ServerHttpSecurity {
 
 		protected void configure(ServerHttpSecurity http) {
 			MediaTypeServerWebExchangeMatcher restMatcher = new MediaTypeServerWebExchangeMatcher(
-				MediaType.APPLICATION_ATOM_XML,
-				MediaType.APPLICATION_FORM_URLENCODED, MediaType.APPLICATION_JSON,
-				MediaType.APPLICATION_OCTET_STREAM, MediaType.APPLICATION_XML,
-				MediaType.MULTIPART_FORM_DATA, MediaType.TEXT_XML);
+					MediaType.APPLICATION_ATOM_XML, MediaType.APPLICATION_FORM_URLENCODED, MediaType.APPLICATION_JSON,
+					MediaType.APPLICATION_OCTET_STREAM, MediaType.APPLICATION_XML, MediaType.MULTIPART_FORM_DATA,
+					MediaType.TEXT_XML);
 			restMatcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL));
 			ServerHttpSecurity.this.defaultEntryPoints.add(new DelegateEntry(restMatcher, this.entryPoint));
-			AuthenticationWebFilter authenticationFilter = new AuthenticationWebFilter(
-				this.authenticationManager);
-			authenticationFilter.setAuthenticationFailureHandler(new ServerAuthenticationEntryPointFailureHandler(this.entryPoint));
+			AuthenticationWebFilter authenticationFilter = new AuthenticationWebFilter(this.authenticationManager);
+			authenticationFilter
+					.setAuthenticationFailureHandler(new ServerAuthenticationEntryPointFailureHandler(this.entryPoint));
 			authenticationFilter.setAuthenticationConverter(new ServerHttpBasicAuthenticationConverter());
 			authenticationFilter.setSecurityContextRepository(this.securityContextRepository);
 			http.addFilterAt(authenticationFilter, SecurityWebFiltersOrder.HTTP_BASIC);
 		}
 
-		private HttpBasicSpec() {}
+		private HttpBasicSpec() {
+		}
+
 	}
 
 	/**
@@ -3044,7 +3088,9 @@ public class ServerHttpSecurity {
 	 * @see #formLogin()
 	 */
 	public class FormLoginSpec {
-		private final RedirectServerAuthenticationSuccessHandler defaultSuccessHandler = new RedirectServerAuthenticationSuccessHandler("/");
+
+		private final RedirectServerAuthenticationSuccessHandler defaultSuccessHandler = new RedirectServerAuthenticationSuccessHandler(
+				"/");
 
 		private RedirectServerAuthenticationEntryPoint defaultEntryPoint;
 
@@ -3065,7 +3111,6 @@ public class ServerHttpSecurity {
 		/**
 		 * The {@link ReactiveAuthenticationManager} used to authenticate. Defaults to
 		 * {@link ServerHttpSecurity#authenticationManager(ReactiveAuthenticationManager)}.
-		 *
 		 * @param authenticationManager the authentication manager to use
 		 * @return the {@link FormLoginSpec} to continue configuring
 		 */
@@ -3075,29 +3120,32 @@ public class ServerHttpSecurity {
 		}
 
 		/**
-		 * The {@link ServerAuthenticationSuccessHandler} used after authentication success. Defaults to
-		 * {@link RedirectServerAuthenticationSuccessHandler}.
+		 * The {@link ServerAuthenticationSuccessHandler} used after authentication
+		 * success. Defaults to {@link RedirectServerAuthenticationSuccessHandler}.
 		 * @param authenticationSuccessHandler the success handler to use
 		 * @return the {@link FormLoginSpec} to continue configuring
 		 */
 		public FormLoginSpec authenticationSuccessHandler(
-			ServerAuthenticationSuccessHandler authenticationSuccessHandler) {
+				ServerAuthenticationSuccessHandler authenticationSuccessHandler) {
 			Assert.notNull(authenticationSuccessHandler, "authenticationSuccessHandler cannot be null");
 			this.authenticationSuccessHandler = authenticationSuccessHandler;
 			return this;
 		}
 
 		/**
-		 * Configures the log in page to redirect to, the authentication failure page, and when authentication is
-		 * performed. The default is that Spring Security will generate a log in page at "/login" and a log out page at
-		 * "/logout". If this is customized:
+		 * Configures the log in page to redirect to, the authentication failure page, and
+		 * when authentication is performed. The default is that Spring Security will
+		 * generate a log in page at "/login" and a log out page at "/logout". If this is
+		 * customized:
 		 * <ul>
 		 * <li>The default log in & log out page are no longer provided</li>
 		 * <li>The application must render a log in page at the provided URL</li>
-		 * <li>The application must render an authentication error page at the provided URL + "?error"</li>
+		 * <li>The application must render an authentication error page at the provided
+		 * URL + "?error"</li>
 		 * <li>Authentication will occur for POST to the provided URL</li>
 		 * </ul>
-		 * @param loginPage the url to redirect to which provides a form to log in (i.e. "/login")
+		 * @param loginPage the url to redirect to which provides a form to log in (i.e.
+		 * "/login")
 		 * @return the {@link FormLoginSpec} to continue configuring
 		 * @see #authenticationEntryPoint(ServerAuthenticationEntryPoint)
 		 * @see #requiresAuthenticationMatcher(ServerWebExchangeMatcher)
@@ -3110,7 +3158,8 @@ public class ServerHttpSecurity {
 				this.requiresAuthenticationMatcher = ServerWebExchangeMatchers.pathMatchers(HttpMethod.POST, loginPage);
 			}
 			if (this.authenticationFailureHandler == null) {
-				this.authenticationFailureHandler = new RedirectServerAuthenticationFailureHandler(loginPage + "?error");
+				this.authenticationFailureHandler = new RedirectServerAuthenticationFailureHandler(
+						loginPage + "?error");
 			}
 			return this;
 		}
@@ -3139,22 +3188,25 @@ public class ServerHttpSecurity {
 		}
 
 		/**
-		 * Configures how a failed authentication is handled. The default is to redirect to "/login?error".
+		 * Configures how a failed authentication is handled. The default is to redirect
+		 * to "/login?error".
 		 * @param authenticationFailureHandler the handler to use
 		 * @return the {@link FormLoginSpec} to continue configuring
 		 * @see #loginPage(String)
 		 */
-		public FormLoginSpec authenticationFailureHandler(ServerAuthenticationFailureHandler authenticationFailureHandler) {
+		public FormLoginSpec authenticationFailureHandler(
+				ServerAuthenticationFailureHandler authenticationFailureHandler) {
 			this.authenticationFailureHandler = authenticationFailureHandler;
 			return this;
 		}
 
 		/**
-		 * The {@link ServerSecurityContextRepository} used to save the {@code Authentication}. Defaults to
-		 * {@link WebSessionServerSecurityContextRepository}. For the {@code SecurityContext} to be loaded on subsequent
-		 * requests the {@link ReactorContextWebFilter} must be configured to be able to load the value (they are not
-		 * implicitly linked).
-		 *
+		 * The {@link ServerSecurityContextRepository} used to save the
+		 * {@code Authentication}. Defaults to
+		 * {@link WebSessionServerSecurityContextRepository}. For the
+		 * {@code SecurityContext} to be loaded on subsequent requests the
+		 * {@link ReactorContextWebFilter} must be configured to be able to load the value
+		 * (they are not implicitly linked).
 		 * @param securityContextRepository the repository to use
 		 * @return the {@link FormLoginSpec} to continue configuring
 		 */
@@ -3184,7 +3236,8 @@ public class ServerHttpSecurity {
 			if (this.authenticationEntryPoint == null) {
 				this.isEntryPointExplicit = false;
 				loginPage("/login");
-			} else {
+			}
+			else {
 				this.isEntryPointExplicit = true;
 			}
 			if (http.requestCache != null) {
@@ -3194,12 +3247,11 @@ public class ServerHttpSecurity {
 					this.defaultEntryPoint.setRequestCache(requestCache);
 				}
 			}
-			MediaTypeServerWebExchangeMatcher htmlMatcher = new MediaTypeServerWebExchangeMatcher(
-				MediaType.TEXT_HTML);
+			MediaTypeServerWebExchangeMatcher htmlMatcher = new MediaTypeServerWebExchangeMatcher(MediaType.TEXT_HTML);
 			htmlMatcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL));
-			ServerHttpSecurity.this.defaultEntryPoints.add(0, new DelegateEntry(htmlMatcher, this.authenticationEntryPoint));
-			AuthenticationWebFilter authenticationFilter = new AuthenticationWebFilter(
-				this.authenticationManager);
+			ServerHttpSecurity.this.defaultEntryPoints.add(0,
+					new DelegateEntry(htmlMatcher, this.authenticationEntryPoint));
+			AuthenticationWebFilter authenticationFilter = new AuthenticationWebFilter(this.authenticationManager);
 			authenticationFilter.setRequiresAuthenticationMatcher(this.requiresAuthenticationMatcher);
 			authenticationFilter.setAuthenticationFailureHandler(this.authenticationFailureHandler);
 			authenticationFilter.setAuthenticationConverter(new ServerFormLoginAuthenticationConverter());
@@ -3210,9 +3262,11 @@ public class ServerHttpSecurity {
 
 		private FormLoginSpec() {
 		}
+
 	}
 
 	private class LoginPageSpec {
+
 		protected void configure(ServerHttpSecurity http) {
 			if (http.authenticationEntryPoint != null) {
 				return;
@@ -3238,7 +3292,9 @@ public class ServerHttpSecurity {
 			}
 		}
 
-		private LoginPageSpec() {}
+		private LoginPageSpec() {
+		}
+
 	}
 
 	/**
@@ -3249,6 +3305,7 @@ public class ServerHttpSecurity {
 	 * @see #headers()
 	 */
 	public class HeaderSpec {
+
 		private final List<ServerHttpHeadersWriter> writers;
 
 		private CacheControlServerHttpHeadersWriter cacheControl = new CacheControlServerHttpHeadersWriter();
@@ -3294,9 +3351,8 @@ public class ServerHttpSecurity {
 
 		/**
 		 * Configures cache control headers
-		 *
-		 * @param cacheCustomizer the {@link Customizer} to provide more options for
-		 * the {@link CacheSpec}
+		 * @param cacheCustomizer the {@link Customizer} to provide more options for the
+		 * {@link CacheSpec}
 		 * @return the {@link HeaderSpec} to customize
 		 */
 		public HeaderSpec cache(Customizer<CacheSpec> cacheCustomizer) {
@@ -3314,9 +3370,8 @@ public class ServerHttpSecurity {
 
 		/**
 		 * Configures content type response headers
-		 *
-		 * @param contentTypeOptionsCustomizer the {@link Customizer} to provide more options for
-		 * the {@link ContentTypeOptionsSpec}
+		 * @param contentTypeOptionsCustomizer the {@link Customizer} to provide more
+		 * options for the {@link ContentTypeOptionsSpec}
 		 * @return the {@link HeaderSpec} to customize
 		 */
 		public HeaderSpec contentTypeOptions(Customizer<ContentTypeOptionsSpec> contentTypeOptionsCustomizer) {
@@ -3334,9 +3389,8 @@ public class ServerHttpSecurity {
 
 		/**
 		 * Configures frame options response headers
-		 *
-		 * @param frameOptionsCustomizer the {@link Customizer} to provide more options for
-		 * the {@link FrameOptionsSpec}
+		 * @param frameOptionsCustomizer the {@link Customizer} to provide more options
+		 * for the {@link FrameOptionsSpec}
 		 * @return the {@link HeaderSpec} to customize
 		 */
 		public HeaderSpec frameOptions(Customizer<FrameOptionsSpec> frameOptionsCustomizer) {
@@ -3346,8 +3400,8 @@ public class ServerHttpSecurity {
 
 		/**
 		 * Configures custom headers writer
-		 *
-		 * @param serverHttpHeadersWriter the {@link ServerHttpHeadersWriter} to provide custom headers writer
+		 * @param serverHttpHeadersWriter the {@link ServerHttpHeadersWriter} to provide
+		 * custom headers writer
 		 * @return the {@link HeaderSpec} to customize
 		 * @since 5.3.0
 		 * @author Ankur Pathak
@@ -3368,9 +3422,8 @@ public class ServerHttpSecurity {
 
 		/**
 		 * Configures the Strict Transport Security response headers
-		 *
-		 * @param hstsCustomizer the {@link Customizer} to provide more options for
-		 * the {@link HstsSpec}
+		 * @param hstsCustomizer the {@link Customizer} to provide more options for the
+		 * {@link HstsSpec}
 		 * @return the {@link HeaderSpec} to customize
 		 */
 		public HeaderSpec hsts(Customizer<HstsSpec> hstsCustomizer) {
@@ -3394,9 +3447,8 @@ public class ServerHttpSecurity {
 
 		/**
 		 * Configures x-xss-protection response header.
-		 *
-		 * @param xssProtectionCustomizer the {@link Customizer} to provide more options for
-		 * the {@link XssProtectionSpec}
+		 * @param xssProtectionCustomizer the {@link Customizer} to provide more options
+		 * for the {@link XssProtectionSpec}
 		 * @return the {@link HeaderSpec} to customize
 		 */
 		public HeaderSpec xssProtection(Customizer<XssProtectionSpec> xssProtectionCustomizer) {
@@ -3415,9 +3467,8 @@ public class ServerHttpSecurity {
 
 		/**
 		 * Configures {@code Content-Security-Policy} response header.
-		 *
-		 * @param contentSecurityPolicyCustomizer the {@link Customizer} to provide more options for
-		 * the {@link ContentSecurityPolicySpec}
+		 * @param contentSecurityPolicyCustomizer the {@link Customizer} to provide more
+		 * options for the {@link ContentSecurityPolicySpec}
 		 * @return the {@link HeaderSpec} to customize
 		 */
 		public HeaderSpec contentSecurityPolicy(Customizer<ContentSecurityPolicySpec> contentSecurityPolicyCustomizer) {
@@ -3453,9 +3504,8 @@ public class ServerHttpSecurity {
 
 		/**
 		 * Configures {@code Referrer-Policy} response header.
-		 *
-		 * @param referrerPolicyCustomizer the {@link Customizer} to provide more options for
-		 * the {@link ReferrerPolicySpec}
+		 * @param referrerPolicyCustomizer the {@link Customizer} to provide more options
+		 * for the {@link ReferrerPolicySpec}
 		 * @return the {@link HeaderSpec} to customize
 		 */
 		public HeaderSpec referrerPolicy(Customizer<ReferrerPolicySpec> referrerPolicyCustomizer) {
@@ -3465,9 +3515,11 @@ public class ServerHttpSecurity {
 
 		/**
 		 * Configures cache control headers
+		 *
 		 * @see #cache()
 		 */
 		public class CacheSpec {
+
 			/**
 			 * Disables cache control response headers
 			 * @return the {@link HeaderSpec} to configure
@@ -3477,14 +3529,18 @@ public class ServerHttpSecurity {
 				return HeaderSpec.this;
 			}
 
-			private CacheSpec() {}
+			private CacheSpec() {
+			}
+
 		}
 
 		/**
 		 * The content type headers
+		 *
 		 * @see #contentTypeOptions()
 		 */
 		public class ContentTypeOptionsSpec {
+
 			/**
 			 * Disables the content type options response header
 			 * @return the {@link HeaderSpec} to configure
@@ -3494,14 +3550,18 @@ public class ServerHttpSecurity {
 				return HeaderSpec.this;
 			}
 
-			private ContentTypeOptionsSpec() {}
+			private ContentTypeOptionsSpec() {
+			}
+
 		}
 
 		/**
 		 * Configures frame options response header
+		 *
 		 * @see #frameOptions()
 		 */
 		public class FrameOptionsSpec {
+
 			/**
 			 * The mode to configure. Default is
 			 * {@link org.springframework.security.web.server.header.XFrameOptionsServerHttpHeadersWriter.Mode#DENY}
@@ -3514,7 +3574,8 @@ public class ServerHttpSecurity {
 			}
 
 			/**
-			 * Allows method chaining to continue configuring the {@link ServerHttpSecurity}
+			 * Allows method chaining to continue configuring the
+			 * {@link ServerHttpSecurity}
 			 * @return the {@link HeaderSpec} to continue configuring
 			 */
 			private HeaderSpec and() {
@@ -3530,14 +3591,18 @@ public class ServerHttpSecurity {
 				return and();
 			}
 
-			private FrameOptionsSpec() {}
+			private FrameOptionsSpec() {
+			}
+
 		}
 
 		/**
 		 * Configures Strict Transport Security response header
+		 *
 		 * @see #hsts()
 		 */
 		public class HstsSpec {
+
 			/**
 			 * Configures the max age. Default is one year.
 			 * @param maxAge the max age
@@ -3564,10 +3629,9 @@ public class ServerHttpSecurity {
 			 * </p>
 			 *
 			 * <p>
-			 * See <a href="https://hstspreload.org/">Website hstspreload.org</a>
-			 * for additional details.
+			 * See <a href="https://hstspreload.org/">Website hstspreload.org</a> for
+			 * additional details.
 			 * </p>
-			 *
 			 * @param preload if subdomains should be included
 			 * @return the {@link HstsSpec} to continue configuring
 			 * @since 5.2.0
@@ -3579,7 +3643,8 @@ public class ServerHttpSecurity {
 			}
 
 			/**
-			 * Allows method chaining to continue configuring the {@link ServerHttpSecurity}
+			 * Allows method chaining to continue configuring the
+			 * {@link ServerHttpSecurity}
 			 * @return the {@link HeaderSpec} to continue configuring
 			 */
 			public HeaderSpec and() {
@@ -3595,14 +3660,18 @@ public class ServerHttpSecurity {
 				return HeaderSpec.this;
 			}
 
-			private HstsSpec() {}
+			private HstsSpec() {
+			}
+
 		}
 
 		/**
 		 * Configures x-xss-protection response header
+		 *
 		 * @see #xssProtection()
 		 */
 		public class XssProtectionSpec {
+
 			/**
 			 * Disables the x-xss-protection response header
 			 * @return the {@link HeaderSpec} to continue configuring
@@ -3612,7 +3681,9 @@ public class ServerHttpSecurity {
 				return HeaderSpec.this;
 			}
 
-			private XssProtectionSpec() {}
+			private XssProtectionSpec() {
+			}
+
 		}
 
 		/**
@@ -3622,11 +3693,13 @@ public class ServerHttpSecurity {
 		 * @since 5.1
 		 */
 		public class ContentSecurityPolicySpec {
+
 			private static final String DEFAULT_SRC_SELF_POLICY = "default-src 'self'";
 
 			/**
-			 * Whether to include the {@code Content-Security-Policy-Report-Only} header in
-			 * the response. Otherwise, defaults to the {@code Content-Security-Policy} header.
+			 * Whether to include the {@code Content-Security-Policy-Report-Only} header
+			 * in the response. Otherwise, defaults to the {@code Content-Security-Policy}
+			 * header.
 			 * @param reportOnly whether to only report policy violations
 			 * @return the {@link HeaderSpec} to continue configuring
 			 */
@@ -3637,7 +3710,6 @@ public class ServerHttpSecurity {
 
 			/**
 			 * Sets the security policy directive(s) to be used in the response header.
-			 *
 			 * @param policyDirectives the security policy directive(s)
 			 * @return the {@link HeaderSpec} to continue configuring
 			 */
@@ -3662,6 +3734,7 @@ public class ServerHttpSecurity {
 			private ContentSecurityPolicySpec() {
 				HeaderSpec.this.contentSecurityPolicy.setPolicyDirectives(DEFAULT_SRC_SELF_POLICY);
 			}
+
 		}
 
 		/**
@@ -3698,7 +3771,6 @@ public class ServerHttpSecurity {
 
 			/**
 			 * Sets the policy to be used in the response header.
-			 *
 			 * @param referrerPolicy a referrer policy
 			 * @return the {@link ReferrerPolicySpec} to continue configuring
 			 */
@@ -3726,27 +3798,30 @@ public class ServerHttpSecurity {
 		}
 
 		private HeaderSpec() {
-			this.writers = new ArrayList<>(
-					Arrays.asList(this.cacheControl, this.contentTypeOptions, this.hsts,
-							this.frameOptions, this.xss, this.featurePolicy, this.contentSecurityPolicy,
-							this.referrerPolicy));
+			this.writers = new ArrayList<>(Arrays.asList(this.cacheControl, this.contentTypeOptions, this.hsts,
+					this.frameOptions, this.xss, this.featurePolicy, this.contentSecurityPolicy, this.referrerPolicy));
 		}
 
 	}
 
 	/**
 	 * Configures log out
+	 *
 	 * @author Shazin Sadakath
 	 * @since 5.0
 	 * @see #logout()
 	 */
 	public final class LogoutSpec {
+
 		private LogoutWebFilter logoutWebFilter = new LogoutWebFilter();
+
 		private final SecurityContextServerLogoutHandler DEFAULT_LOGOUT_HANDLER = new SecurityContextServerLogoutHandler();
+
 		private List<ServerLogoutHandler> logoutHandlers = new ArrayList<>(Arrays.asList(this.DEFAULT_LOGOUT_HANDLER));
 
 		/**
-		 * Configures the logout handler. Default is {@code SecurityContextServerLogoutHandler}
+		 * Configures the logout handler. Default is
+		 * {@code SecurityContextServerLogoutHandler}
 		 * @param logoutHandler
 		 * @return the {@link LogoutSpec} to configure
 		 */
@@ -3764,13 +3839,14 @@ public class ServerHttpSecurity {
 
 		/**
 		 * Configures what URL a POST to will trigger a log out.
-		 * @param logoutUrl the url to trigger a log out (i.e. "/signout" would mean a POST to "/signout" would trigger
-		 * log out)
+		 * @param logoutUrl the url to trigger a log out (i.e. "/signout" would mean a
+		 * POST to "/signout" would trigger log out)
 		 * @return the {@link LogoutSpec} to configure
 		 */
 		public LogoutSpec logoutUrl(String logoutUrl) {
 			Assert.notNull(logoutUrl, "logoutUrl must not be null");
-			ServerWebExchangeMatcher requiresLogout = ServerWebExchangeMatchers.pathMatchers(HttpMethod.POST, logoutUrl);
+			ServerWebExchangeMatcher requiresLogout = ServerWebExchangeMatchers.pathMatchers(HttpMethod.POST,
+					logoutUrl);
 			return requiresLogout(requiresLogout);
 		}
 
@@ -3813,9 +3889,11 @@ public class ServerHttpSecurity {
 			}
 			if (this.logoutHandlers.isEmpty()) {
 				return null;
-			} else if (this.logoutHandlers.size() == 1) {
+			}
+			else if (this.logoutHandlers.size() == 1) {
 				return this.logoutHandlers.get(0);
-			} else {
+			}
+			else {
 				return new DelegatingServerLogoutHandler(this.logoutHandlers);
 			}
 		}
@@ -3828,7 +3906,9 @@ public class ServerHttpSecurity {
 			http.addFilterAt(this.logoutWebFilter, SecurityWebFiltersOrder.LOGOUT);
 		}
 
-		private LogoutSpec() {}
+		private LogoutSpec() {
+		}
+
 	}
 
 	private <T> T getBean(Class<T> beanClass) {
@@ -3842,25 +3922,25 @@ public class ServerHttpSecurity {
 		return getBeanOrNull(ResolvableType.forClass(beanClass));
 	}
 
-
 	private <T> T getBeanOrNull(ResolvableType type) {
 		if (this.context == null) {
 			return null;
 		}
-		String[] names =  this.context.getBeanNamesForType(type);
+		String[] names = this.context.getBeanNamesForType(type);
 		if (names.length == 1) {
 			return (T) this.context.getBean(names[0]);
 		}
 		return null;
 	}
 
-	protected void setApplicationContext(ApplicationContext applicationContext)
-			throws BeansException {
+	protected void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
 		this.context = applicationContext;
 	}
 
 	private static class OrderedWebFilter implements WebFilter, Ordered {
+
 		private final WebFilter webFilter;
+
 		private final int order;
 
 		OrderedWebFilter(WebFilter webFilter, int order) {
@@ -3869,8 +3949,7 @@ public class ServerHttpSecurity {
 		}
 
 		@Override
-		public Mono<Void> filter(ServerWebExchange exchange,
-			WebFilterChain chain) {
+		public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
 			return this.webFilter.filter(exchange, chain);
 		}
 
@@ -3881,39 +3960,44 @@ public class ServerHttpSecurity {
 
 		@Override
 		public String toString() {
-			return "OrderedWebFilter{" + "webFilter=" + this.webFilter + ", order=" + this.order
-				+ '}';
+			return "OrderedWebFilter{" + "webFilter=" + this.webFilter + ", order=" + this.order + '}';
 		}
+
 	}
 
 	/**
 	 * Workaround https://jira.spring.io/projects/SPR/issues/SPR-17213
 	 */
 	static class ServerWebExchangeReactorContextWebFilter implements WebFilter {
+
 		@Override
 		public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
-			return chain.filter(exchange)
-					.subscriberContext(Context.of(ServerWebExchange.class, exchange));
+			return chain.filter(exchange).subscriberContext(Context.of(ServerWebExchange.class, exchange));
 		}
+
 	}
 
 	/**
 	 * Configures anonymous authentication
+	 *
 	 * @author Ankur Pathak
 	 * @since 5.2.0
 	 */
 	public final class AnonymousSpec {
+
 		private String key;
+
 		private AnonymousAuthenticationWebFilter authenticationFilter;
+
 		private Object principal = "anonymousUser";
+
 		private List<GrantedAuthority> authorities = AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS");
 
 		/**
-		 * Sets the key to identify tokens created for anonymous authentication. Default is a
-		 * secure randomly generated key.
-		 *
-		 * @param key the key to identify tokens created for anonymous authentication. Default
+		 * Sets the key to identify tokens created for anonymous authentication. Default
 		 * is a secure randomly generated key.
+		 * @param key the key to identify tokens created for anonymous authentication.
+		 * Default is a secure randomly generated key.
 		 * @return the {@link AnonymousSpec} for further customization of anonymous
 		 * authentication
 		 */
@@ -3924,7 +4008,6 @@ public class ServerHttpSecurity {
 
 		/**
 		 * Sets the principal for {@link Authentication} objects of anonymous users
-		 *
 		 * @param principal used for the {@link Authentication} object of anonymous users
 		 * @return the {@link AnonymousSpec} for further customization of anonymous
 		 * authentication
@@ -3935,9 +4018,9 @@ public class ServerHttpSecurity {
 		}
 
 		/**
-		 * Sets the {@link org.springframework.security.core.Authentication#getAuthorities()}
-		 * for anonymous users
-		 *
+		 * Sets the
+		 * {@link org.springframework.security.core.Authentication#getAuthorities()} for
+		 * anonymous users
 		 * @param authorities Sets the
 		 * {@link org.springframework.security.core.Authentication#getAuthorities()} for
 		 * anonymous users
@@ -3950,9 +4033,9 @@ public class ServerHttpSecurity {
 		}
 
 		/**
-		 * Sets the {@link org.springframework.security.core.Authentication#getAuthorities()}
-		 * for anonymous users
-		 *
+		 * Sets the
+		 * {@link org.springframework.security.core.Authentication#getAuthorities()} for
+		 * anonymous users
 		 * @param authorities Sets the
 		 * {@link org.springframework.security.core.Authentication#getAuthorities()} for
 		 * anonymous users (i.e. "ROLE_ANONYMOUS")
@@ -3964,18 +4047,15 @@ public class ServerHttpSecurity {
 		}
 
 		/**
-		 * Sets the {@link AnonymousAuthenticationWebFilter} used to populate an anonymous user.
-		 * If this is set, no attributes on the {@link AnonymousSpec} will be set on the
-		 * {@link AnonymousAuthenticationWebFilter}.
-		 *
-		 * @param authenticationFilter the {@link AnonymousAuthenticationWebFilter} used to
-		 * populate an anonymous user.
-		 *
+		 * Sets the {@link AnonymousAuthenticationWebFilter} used to populate an anonymous
+		 * user. If this is set, no attributes on the {@link AnonymousSpec} will be set on
+		 * the {@link AnonymousAuthenticationWebFilter}.
+		 * @param authenticationFilter the {@link AnonymousAuthenticationWebFilter} used
+		 * to populate an anonymous user.
 		 * @return the {@link AnonymousSpec} for further customization of anonymous
 		 * authentication
 		 */
-		public AnonymousSpec authenticationFilter(
-				AnonymousAuthenticationWebFilter authenticationFilter) {
+		public AnonymousSpec authenticationFilter(AnonymousAuthenticationWebFilter authenticationFilter) {
 			this.authenticationFilter = authenticationFilter;
 			return this;
 		}
@@ -3999,8 +4079,7 @@ public class ServerHttpSecurity {
 
 		protected void configure(ServerHttpSecurity http) {
 			if (authenticationFilter == null) {
-				authenticationFilter = new AnonymousAuthenticationWebFilter(getKey(), principal,
-						authorities);
+				authenticationFilter = new AnonymousAuthenticationWebFilter(getKey(), principal, authorities);
 			}
 			http.addFilterAt(authenticationFilter, SecurityWebFiltersOrder.ANONYMOUS_AUTHENTICATION);
 		}
@@ -4012,8 +4091,8 @@ public class ServerHttpSecurity {
 			return key;
 		}
 
-
-		private AnonymousSpec() {}
+		private AnonymousSpec() {
+		}
 
 	}
 
diff --git a/config/src/main/java/org/springframework/security/config/websocket/WebSocketMessageBrokerSecurityBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/websocket/WebSocketMessageBrokerSecurityBeanDefinitionParser.java
index 24fe2003dc..ae05bf0061 100644
--- a/config/src/main/java/org/springframework/security/config/websocket/WebSocketMessageBrokerSecurityBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/websocket/WebSocketMessageBrokerSecurityBeanDefinitionParser.java
@@ -93,8 +93,8 @@ import org.w3c.dom.Element;
  * @author Rob Winch
  * @since 4.0
  */
-public final class WebSocketMessageBrokerSecurityBeanDefinitionParser implements
-		BeanDefinitionParser {
+public final class WebSocketMessageBrokerSecurityBeanDefinitionParser implements BeanDefinitionParser {
+
 	private static final String ID_ATTR = "id";
 
 	private static final String DISABLED_ATTR = "same-origin-disabled";
@@ -119,23 +119,19 @@ public final class WebSocketMessageBrokerSecurityBeanDefinitionParser implements
 		ManagedMap<BeanDefinition, String> matcherToExpression = new ManagedMap<>();
 
 		String id = element.getAttribute(ID_ATTR);
-		Element expressionHandlerElt = DomUtils.getChildElementByTagName(element,
-				EXPRESSION_HANDLER);
+		Element expressionHandlerElt = DomUtils.getChildElementByTagName(element, EXPRESSION_HANDLER);
 		String expressionHandlerRef = expressionHandlerElt == null ? null : expressionHandlerElt.getAttribute("ref");
 		boolean expressionHandlerDefined = StringUtils.hasText(expressionHandlerRef);
 
-		boolean sameOriginDisabled = Boolean.parseBoolean(element
-				.getAttribute(DISABLED_ATTR));
+		boolean sameOriginDisabled = Boolean.parseBoolean(element.getAttribute(DISABLED_ATTR));
 
-		List<Element> interceptMessages = DomUtils.getChildElementsByTagName(element,
-				Elements.INTERCEPT_MESSAGE);
+		List<Element> interceptMessages = DomUtils.getChildElementsByTagName(element, Elements.INTERCEPT_MESSAGE);
 		for (Element interceptMessage : interceptMessages) {
 			String matcherPattern = interceptMessage.getAttribute(PATTERN_ATTR);
 			String accessExpression = interceptMessage.getAttribute(ACCESS_ATTR);
 			String messageType = interceptMessage.getAttribute(TYPE_ATTR);
 
-			BeanDefinition matcher = createMatcher(matcherPattern, messageType,
-					parserContext, interceptMessage);
+			BeanDefinition matcher = createMatcher(matcherPattern, messageType, parserContext, interceptMessage);
 			matcherToExpression.put(matcher, accessExpression);
 		}
 
@@ -150,24 +146,21 @@ public final class WebSocketMessageBrokerSecurityBeanDefinitionParser implements
 		String mdsId = context.registerWithGeneratedName(mds.getBeanDefinition());
 
 		ManagedList<BeanDefinition> voters = new ManagedList<>();
-		BeanDefinitionBuilder messageExpressionVoterBldr = BeanDefinitionBuilder.rootBeanDefinition(MessageExpressionVoter.class);
+		BeanDefinitionBuilder messageExpressionVoterBldr = BeanDefinitionBuilder
+				.rootBeanDefinition(MessageExpressionVoter.class);
 		if (expressionHandlerDefined) {
 			messageExpressionVoterBldr.addPropertyReference("expressionHandler", expressionHandlerRef);
 		}
 		voters.add(messageExpressionVoterBldr.getBeanDefinition());
-		BeanDefinitionBuilder adm = BeanDefinitionBuilder
-				.rootBeanDefinition(ConsensusBased.class);
+		BeanDefinitionBuilder adm = BeanDefinitionBuilder.rootBeanDefinition(ConsensusBased.class);
 		adm.addConstructorArgValue(voters);
 
 		BeanDefinitionBuilder inboundChannelSecurityInterceptor = BeanDefinitionBuilder
 				.rootBeanDefinition(ChannelSecurityInterceptor.class);
-		inboundChannelSecurityInterceptor.addConstructorArgValue(registry
-				.getBeanDefinition(mdsId));
-		inboundChannelSecurityInterceptor.addPropertyValue("accessDecisionManager",
-				adm.getBeanDefinition());
+		inboundChannelSecurityInterceptor.addConstructorArgValue(registry.getBeanDefinition(mdsId));
+		inboundChannelSecurityInterceptor.addPropertyValue("accessDecisionManager", adm.getBeanDefinition());
 		String inSecurityInterceptorName = context
-				.registerWithGeneratedName(inboundChannelSecurityInterceptor
-						.getBeanDefinition());
+				.registerWithGeneratedName(inboundChannelSecurityInterceptor.getBeanDefinition());
 
 		if (StringUtils.hasText(id)) {
 			registry.registerAlias(inSecurityInterceptorName, id);
@@ -177,8 +170,7 @@ public final class WebSocketMessageBrokerSecurityBeanDefinitionParser implements
 			}
 		}
 		else {
-			BeanDefinitionBuilder mspp = BeanDefinitionBuilder
-					.rootBeanDefinition(MessageSecurityPostProcessor.class);
+			BeanDefinitionBuilder mspp = BeanDefinitionBuilder.rootBeanDefinition(MessageSecurityPostProcessor.class);
 			mspp.addConstructorArgValue(inSecurityInterceptorName);
 			mspp.addConstructorArgValue(sameOriginDisabled);
 			context.registerWithGeneratedName(mspp.getBeanDefinition());
@@ -187,13 +179,12 @@ public final class WebSocketMessageBrokerSecurityBeanDefinitionParser implements
 		return null;
 	}
 
-	private BeanDefinition createMatcher(String matcherPattern, String messageType,
-			ParserContext parserContext, Element interceptMessage) {
+	private BeanDefinition createMatcher(String matcherPattern, String messageType, ParserContext parserContext,
+			Element interceptMessage) {
 		boolean hasPattern = StringUtils.hasText(matcherPattern);
 		boolean hasMessageType = StringUtils.hasText(messageType);
 		if (!hasPattern) {
-			BeanDefinitionBuilder matcher = BeanDefinitionBuilder
-					.rootBeanDefinition(SimpMessageTypeMatcher.class);
+			BeanDefinitionBuilder matcher = BeanDefinitionBuilder.rootBeanDefinition(SimpMessageTypeMatcher.class);
 			matcher.addConstructorArgValue(messageType);
 			return matcher.getBeanDefinition();
 		}
@@ -208,25 +199,19 @@ public final class WebSocketMessageBrokerSecurityBeanDefinitionParser implements
 				factoryName = "createSubscribeMatcher";
 			}
 			else {
-				parserContext
-						.getReaderContext()
-						.error("Cannot use intercept-websocket@message-type="
-								+ messageType
-								+ " with a pattern because the type does not have a destination.",
-								interceptMessage);
+				parserContext.getReaderContext().error("Cannot use intercept-websocket@message-type=" + messageType
+						+ " with a pattern because the type does not have a destination.", interceptMessage);
 			}
 		}
 
-		BeanDefinitionBuilder matcher = BeanDefinitionBuilder
-				.rootBeanDefinition(SimpDestinationMessageMatcher.class);
+		BeanDefinitionBuilder matcher = BeanDefinitionBuilder.rootBeanDefinition(SimpDestinationMessageMatcher.class);
 		matcher.setFactoryMethod(factoryName);
 		matcher.addConstructorArgValue(matcherPattern);
 		matcher.addConstructorArgValue(new RuntimeBeanReference("springSecurityMessagePathMatcher"));
 		return matcher.getBeanDefinition();
 	}
 
-	static class MessageSecurityPostProcessor implements
-			BeanDefinitionRegistryPostProcessor {
+	static class MessageSecurityPostProcessor implements BeanDefinitionRegistryPostProcessor {
 
 		/**
 		 * This is not available prior to Spring 4.2
@@ -248,22 +233,19 @@ public final class WebSocketMessageBrokerSecurityBeanDefinitionParser implements
 			this.sameOriginDisabled = sameOriginDisabled;
 		}
 
-		public void postProcessBeanDefinitionRegistry(BeanDefinitionRegistry registry)
-				throws BeansException {
+		public void postProcessBeanDefinitionRegistry(BeanDefinitionRegistry registry) throws BeansException {
 			String[] beanNames = registry.getBeanDefinitionNames();
 			for (String beanName : beanNames) {
 				BeanDefinition bd = registry.getBeanDefinition(beanName);
 				String beanClassName = bd.getBeanClassName();
-				if (SimpAnnotationMethodMessageHandler.class.getName().equals(beanClassName) ||
-						WEB_SOCKET_AMMH_CLASS_NAME.equals(beanClassName)) {
-					PropertyValue current = bd.getPropertyValues().getPropertyValue(
-							CUSTOM_ARG_RESOLVERS_PROP);
+				if (SimpAnnotationMethodMessageHandler.class.getName().equals(beanClassName)
+						|| WEB_SOCKET_AMMH_CLASS_NAME.equals(beanClassName)) {
+					PropertyValue current = bd.getPropertyValues().getPropertyValue(CUSTOM_ARG_RESOLVERS_PROP);
 					ManagedList<Object> argResolvers = new ManagedList<>();
 					if (current != null) {
 						argResolvers.addAll((ManagedList<?>) current.getValue());
 					}
-					argResolvers.add(new RootBeanDefinition(
-							AuthenticationPrincipalArgumentResolver.class));
+					argResolvers.add(new RootBeanDefinition(AuthenticationPrincipalArgumentResolver.class));
 					bd.getPropertyValues().add(CUSTOM_ARG_RESOLVERS_PROP, argResolvers);
 
 					if (!registry.containsBeanDefinition(PATH_MATCHER_BEAN_NAME)) {
@@ -292,20 +274,17 @@ public final class WebSocketMessageBrokerSecurityBeanDefinitionParser implements
 				return;
 			}
 			ManagedList<Object> interceptors = new ManagedList();
-			interceptors.add(new RootBeanDefinition(
-					SecurityContextChannelInterceptor.class));
+			interceptors.add(new RootBeanDefinition(SecurityContextChannelInterceptor.class));
 			if (!sameOriginDisabled) {
 				interceptors.add(new RootBeanDefinition(CsrfChannelInterceptor.class));
 			}
 			interceptors.add(registry.getBeanDefinition(inboundSecurityInterceptorId));
 
-			BeanDefinition inboundChannel = registry
-					.getBeanDefinition(CLIENT_INBOUND_CHANNEL_BEAN_ID);
+			BeanDefinition inboundChannel = registry.getBeanDefinition(CLIENT_INBOUND_CHANNEL_BEAN_ID);
 			PropertyValue currentInterceptorsPv = inboundChannel.getPropertyValues()
 					.getPropertyValue(INTERCEPTORS_PROP);
 			if (currentInterceptorsPv != null) {
-				ManagedList<?> currentInterceptors = (ManagedList<?>) currentInterceptorsPv
-						.getValue();
+				ManagedList<?> currentInterceptors = (ManagedList<?>) currentInterceptorsPv.getValue();
 				interceptors.addAll(currentInterceptors);
 			}
 
@@ -323,15 +302,14 @@ public final class WebSocketMessageBrokerSecurityBeanDefinitionParser implements
 			String interceptorPropertyName = "handshakeInterceptors";
 			ManagedList<? super Object> interceptors = new ManagedList<>();
 			interceptors.add(new RootBeanDefinition(CsrfTokenHandshakeInterceptor.class));
-			interceptors.addAll((ManagedList<Object>) bd.getPropertyValues().get(
-					interceptorPropertyName));
+			interceptors.addAll((ManagedList<Object>) bd.getPropertyValues().get(interceptorPropertyName));
 			bd.getPropertyValues().add(interceptorPropertyName, interceptors);
 		}
 
-		public void postProcessBeanFactory(ConfigurableListableBeanFactory beanFactory)
-				throws BeansException {
+		public void postProcessBeanFactory(ConfigurableListableBeanFactory beanFactory) throws BeansException {
 
 		}
+
 	}
 
 	static class DelegatingPathMatcher implements PathMatcher {
@@ -369,5 +347,7 @@ public final class WebSocketMessageBrokerSecurityBeanDefinitionParser implements
 		void setPathMatcher(PathMatcher pathMatcher) {
 			this.delegate = pathMatcher;
 		}
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/BeanNameCollectingPostProcessor.java b/config/src/test/java/org/springframework/security/BeanNameCollectingPostProcessor.java
index ff39888179..58a232135f 100644
--- a/config/src/test/java/org/springframework/security/BeanNameCollectingPostProcessor.java
+++ b/config/src/test/java/org/springframework/security/BeanNameCollectingPostProcessor.java
@@ -25,19 +25,19 @@ import org.springframework.beans.factory.config.BeanPostProcessor;
  * @author Luke Taylor
  */
 public class BeanNameCollectingPostProcessor implements BeanPostProcessor {
+
 	Set<String> beforeInitPostProcessedBeans = new HashSet<>();
+
 	Set<String> afterInitPostProcessedBeans = new HashSet<>();
 
-	public Object postProcessBeforeInitialization(Object bean, String beanName)
-			throws BeansException {
+	public Object postProcessBeforeInitialization(Object bean, String beanName) throws BeansException {
 		if (beanName != null) {
 			beforeInitPostProcessedBeans.add(beanName);
 		}
 		return bean;
 	}
 
-	public Object postProcessAfterInitialization(Object bean, String beanName)
-			throws BeansException {
+	public Object postProcessAfterInitialization(Object bean, String beanName) throws BeansException {
 		if (beanName != null) {
 			afterInitPostProcessedBeans.add(beanName);
 		}
@@ -51,4 +51,5 @@ public class BeanNameCollectingPostProcessor implements BeanPostProcessor {
 	public Set<String> getAfterInitPostProcessedBeans() {
 		return afterInitPostProcessedBeans;
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/CollectingAppListener.java b/config/src/test/java/org/springframework/security/CollectingAppListener.java
index 1dd1c5c21a..0589657430 100644
--- a/config/src/test/java/org/springframework/security/CollectingAppListener.java
+++ b/config/src/test/java/org/springframework/security/CollectingAppListener.java
@@ -30,9 +30,13 @@ import org.springframework.security.authentication.event.AbstractAuthenticationF
  * @since 3.1
  */
 public class CollectingAppListener implements ApplicationListener {
+
 	Set<ApplicationEvent> events = new HashSet<>();
+
 	Set<AbstractAuthenticationEvent> authenticationEvents = new HashSet<>();
+
 	Set<AbstractAuthenticationFailureEvent> authenticationFailureEvents = new HashSet<>();
+
 	Set<AbstractAuthorizationEvent> authorizationEvents = new HashSet<>();
 
 	public void onApplicationEvent(ApplicationEvent event) {
@@ -65,4 +69,5 @@ public class CollectingAppListener implements ApplicationListener {
 	public Set<AbstractAuthorizationEvent> getAuthorizationEvents() {
 		return authorizationEvents;
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/ConfigTestUtils.java b/config/src/test/java/org/springframework/security/config/ConfigTestUtils.java
index a95ffe3c4e..845323e7db 100644
--- a/config/src/test/java/org/springframework/security/config/ConfigTestUtils.java
+++ b/config/src/test/java/org/springframework/security/config/ConfigTestUtils.java
@@ -16,14 +16,13 @@
 package org.springframework.security.config;
 
 public abstract class ConfigTestUtils {
+
 	public static final String AUTH_PROVIDER_XML = "<authentication-manager alias='authManager'>"
-			+ "    <authentication-provider>"
-			+ "        <user-service id='us'>"
+			+ "    <authentication-provider>" + "        <user-service id='us'>"
 			+ "            <user name='bob' password='{noop}bobspassword' authorities='ROLE_A,ROLE_B' />"
 			+ "            <user name='bill' password='{noop}billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />"
 			+ "            <user name='admin' password='{noop}password' authorities='ROLE_ADMIN,ROLE_USER' />"
 			+ "            <user name='user' password='{noop}password' authorities='ROLE_USER' />"
-			+ "        </user-service>"
-			+ "    </authentication-provider>"
-			+ "</authentication-manager>";
+			+ "        </user-service>" + "    </authentication-provider>" + "</authentication-manager>";
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/DataSourcePopulator.java b/config/src/test/java/org/springframework/security/config/DataSourcePopulator.java
index 212e2ad6b6..09142c1fd6 100644
--- a/config/src/test/java/org/springframework/security/config/DataSourcePopulator.java
+++ b/config/src/test/java/org/springframework/security/config/DataSourcePopulator.java
@@ -27,6 +27,7 @@ import org.springframework.util.Assert;
  * @author Ben Alex
  */
 public class DataSourcePopulator implements InitializingBean {
+
 	// ~ Instance fields
 	// ================================================================================================
 
@@ -35,8 +36,10 @@ public class DataSourcePopulator implements InitializingBean {
 	public void afterPropertiesSet() {
 		Assert.notNull(template, "dataSource required");
 
-		template.execute("CREATE TABLE USERS(USERNAME VARCHAR_IGNORECASE(50) NOT NULL PRIMARY KEY,PASSWORD VARCHAR_IGNORECASE(500) NOT NULL,ENABLED BOOLEAN NOT NULL);");
-		template.execute("CREATE TABLE AUTHORITIES(USERNAME VARCHAR_IGNORECASE(50) NOT NULL,AUTHORITY VARCHAR_IGNORECASE(50) NOT NULL,CONSTRAINT FK_AUTHORITIES_USERS FOREIGN KEY(USERNAME) REFERENCES USERS(USERNAME));");
+		template.execute(
+				"CREATE TABLE USERS(USERNAME VARCHAR_IGNORECASE(50) NOT NULL PRIMARY KEY,PASSWORD VARCHAR_IGNORECASE(500) NOT NULL,ENABLED BOOLEAN NOT NULL);");
+		template.execute(
+				"CREATE TABLE AUTHORITIES(USERNAME VARCHAR_IGNORECASE(50) NOT NULL,AUTHORITY VARCHAR_IGNORECASE(50) NOT NULL,CONSTRAINT FK_AUTHORITIES_USERS FOREIGN KEY(USERNAME) REFERENCES USERS(USERNAME));");
 		template.execute("CREATE UNIQUE INDEX IX_AUTH_USERNAME ON AUTHORITIES(USERNAME,AUTHORITY);");
 
 		/*
@@ -66,4 +69,5 @@ public class DataSourcePopulator implements InitializingBean {
 	public void setDataSource(DataSource dataSource) {
 		this.template = new JdbcTemplate(dataSource);
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/FilterChainProxyConfigTests.java b/config/src/test/java/org/springframework/security/config/FilterChainProxyConfigTests.java
index 42a6eba6d5..88da0c4605 100644
--- a/config/src/test/java/org/springframework/security/config/FilterChainProxyConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/FilterChainProxyConfigTests.java
@@ -50,6 +50,7 @@ import org.springframework.security.web.util.matcher.AnyRequestMatcher;
  * @author Ben Alex
  */
 public class FilterChainProxyConfigTests {
+
 	private ClassPathXmlApplicationContext appCtx;
 
 	// ~ Methods
@@ -59,8 +60,7 @@ public class FilterChainProxyConfigTests {
 	public void loadContext() {
 		System.setProperty("sec1235.pattern1", "/login");
 		System.setProperty("sec1235.pattern2", "/logout");
-		appCtx = new ClassPathXmlApplicationContext(
-				"org/springframework/security/util/filtertest-valid.xml");
+		appCtx = new ClassPathXmlApplicationContext("org/springframework/security/util/filtertest-valid.xml");
 	}
 
 	@After
@@ -72,15 +72,13 @@ public class FilterChainProxyConfigTests {
 
 	@Test
 	public void normalOperation() throws Exception {
-		FilterChainProxy filterChainProxy = appCtx.getBean("filterChain",
-				FilterChainProxy.class);
+		FilterChainProxy filterChainProxy = appCtx.getBean("filterChain", FilterChainProxy.class);
 		doNormalOperation(filterChainProxy);
 	}
 
 	@Test
 	public void normalOperationWithNewConfig() throws Exception {
-		FilterChainProxy filterChainProxy = appCtx.getBean("newFilterChainProxy",
-				FilterChainProxy.class);
+		FilterChainProxy filterChainProxy = appCtx.getBean("newFilterChainProxy", FilterChainProxy.class);
 		filterChainProxy.setFirewall(new DefaultHttpFirewall());
 		checkPathAndFilterOrder(filterChainProxy);
 		doNormalOperation(filterChainProxy);
@@ -88,8 +86,7 @@ public class FilterChainProxyConfigTests {
 
 	@Test
 	public void normalOperationWithNewConfigRegex() throws Exception {
-		FilterChainProxy filterChainProxy = appCtx.getBean("newFilterChainProxyRegex",
-				FilterChainProxy.class);
+		FilterChainProxy filterChainProxy = appCtx.getBean("newFilterChainProxyRegex", FilterChainProxy.class);
 		filterChainProxy.setFirewall(new DefaultHttpFirewall());
 		checkPathAndFilterOrder(filterChainProxy);
 		doNormalOperation(filterChainProxy);
@@ -97,8 +94,7 @@ public class FilterChainProxyConfigTests {
 
 	@Test
 	public void normalOperationWithNewConfigNonNamespace() throws Exception {
-		FilterChainProxy filterChainProxy = appCtx.getBean(
-				"newFilterChainProxyNonNamespace", FilterChainProxy.class);
+		FilterChainProxy filterChainProxy = appCtx.getBean("newFilterChainProxyNonNamespace", FilterChainProxy.class);
 		filterChainProxy.setFirewall(new DefaultHttpFirewall());
 		checkPathAndFilterOrder(filterChainProxy);
 		doNormalOperation(filterChainProxy);
@@ -106,26 +102,24 @@ public class FilterChainProxyConfigTests {
 
 	@Test
 	public void pathWithNoMatchHasNoFilters() {
-		FilterChainProxy filterChainProxy = appCtx.getBean(
-				"newFilterChainProxyNoDefaultPath", FilterChainProxy.class);
+		FilterChainProxy filterChainProxy = appCtx.getBean("newFilterChainProxyNoDefaultPath", FilterChainProxy.class);
 		assertThat(filterChainProxy.getFilters("/nomatch")).isNull();
 	}
 
 	// SEC-1235
 	@Test
 	public void mixingPatternsAndPlaceholdersDoesntCauseOrderingIssues() {
-		FilterChainProxy fcp = appCtx.getBean("sec1235FilterChainProxy",
-				FilterChainProxy.class);
+		FilterChainProxy fcp = appCtx.getBean("sec1235FilterChainProxy", FilterChainProxy.class);
 
 		List<SecurityFilterChain> chains = fcp.getFilterChains();
 		assertThat(getPattern(chains.get(0))).isEqualTo("/login*");
 		assertThat(getPattern(chains.get(1))).isEqualTo("/logout");
-		assertThat(((DefaultSecurityFilterChain) chains.get(2)).getRequestMatcher() instanceof AnyRequestMatcher).isTrue();
+		assertThat(((DefaultSecurityFilterChain) chains.get(2)).getRequestMatcher() instanceof AnyRequestMatcher)
+				.isTrue();
 	}
 
 	private String getPattern(SecurityFilterChain chain) {
-		return ((AntPathRequestMatcher) ((DefaultSecurityFilterChain) chain)
-				.getRequestMatcher()).getPattern();
+		return ((AntPathRequestMatcher) ((DefaultSecurityFilterChain) chain).getRequestMatcher()).getPattern();
 	}
 
 	private void checkPathAndFilterOrder(FilterChainProxy filterChainProxy) {
@@ -158,13 +152,12 @@ public class FilterChainProxyConfigTests {
 		FilterChain chain = mock(FilterChain.class);
 
 		filterChainProxy.doFilter(request, response, chain);
-		verify(chain).doFilter(any(HttpServletRequest.class),
-				any(HttpServletResponse.class));
+		verify(chain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
 
 		request.setServletPath("/a/path/which/doesnt/match/any/filter.html");
 		chain = mock(FilterChain.class);
 		filterChainProxy.doFilter(request, response, chain);
-		verify(chain).doFilter(any(HttpServletRequest.class),
-				any(HttpServletResponse.class));
+		verify(chain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/InvalidConfigurationTests.java b/config/src/test/java/org/springframework/security/config/InvalidConfigurationTests.java
index 25ca973ef3..02011b0cc7 100644
--- a/config/src/test/java/org/springframework/security/config/InvalidConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/InvalidConfigurationTests.java
@@ -34,6 +34,7 @@ import org.springframework.security.config.util.InMemoryXmlApplicationContext;
  * @author Luke Taylor
  */
 public class InvalidConfigurationTests {
+
 	private InMemoryXmlApplicationContext appContext;
 
 	@After
@@ -65,8 +66,7 @@ public class InvalidConfigurationTests {
 			assertThat(cause instanceof NoSuchBeanDefinitionException).isTrue();
 			NoSuchBeanDefinitionException nsbe = (NoSuchBeanDefinitionException) cause;
 			assertThat(nsbe.getBeanName()).isEqualTo(BeanIds.AUTHENTICATION_MANAGER);
-			assertThat(nsbe.getMessage()).endsWith(
-					AuthenticationManagerFactoryBean.MISSING_BEAN_ERROR_MESSAGE);
+			assertThat(nsbe.getMessage()).endsWith(AuthenticationManagerFactoryBean.MISSING_BEAN_ERROR_MESSAGE);
 		}
 	}
 
@@ -80,4 +80,5 @@ public class InvalidConfigurationTests {
 	private void setContext(String context) {
 		appContext = new InMemoryXmlApplicationContext(context);
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/MockAfterInvocationProvider.java b/config/src/test/java/org/springframework/security/config/MockAfterInvocationProvider.java
index 6fc6ae1b3c..68f71e579c 100644
--- a/config/src/test/java/org/springframework/security/config/MockAfterInvocationProvider.java
+++ b/config/src/test/java/org/springframework/security/config/MockAfterInvocationProvider.java
@@ -24,9 +24,8 @@ import org.springframework.security.core.Authentication;
 
 public class MockAfterInvocationProvider implements AfterInvocationProvider {
 
-	public Object decide(Authentication authentication, Object object,
-			Collection<ConfigAttribute> config, Object returnedObject)
-			throws AccessDeniedException {
+	public Object decide(Authentication authentication, Object object, Collection<ConfigAttribute> config,
+			Object returnedObject) throws AccessDeniedException {
 		return returnedObject;
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/MockEventListener.java b/config/src/test/java/org/springframework/security/config/MockEventListener.java
index f92f7bcc8d..c566e15a99 100644
--- a/config/src/test/java/org/springframework/security/config/MockEventListener.java
+++ b/config/src/test/java/org/springframework/security/config/MockEventListener.java
@@ -26,8 +26,8 @@ import java.util.List;
  * @author Rob Winch
  * @since 5.0.2
  */
-public class MockEventListener<T extends ApplicationEvent>
-	implements ApplicationListener<T> {
+public class MockEventListener<T extends ApplicationEvent> implements ApplicationListener<T> {
+
 	private List<T> events = new ArrayList<>();
 
 	public void onApplicationEvent(T event) {
@@ -37,4 +37,5 @@ public class MockEventListener<T extends ApplicationEvent>
 	public List<T> getEvents() {
 		return this.events;
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/MockTransactionManager.java b/config/src/test/java/org/springframework/security/config/MockTransactionManager.java
index fb4a207c96..bba810c227 100644
--- a/config/src/test/java/org/springframework/security/config/MockTransactionManager.java
+++ b/config/src/test/java/org/springframework/security/config/MockTransactionManager.java
@@ -26,8 +26,8 @@ import org.springframework.transaction.TransactionStatus;
  * @author Luke Taylor
  */
 public class MockTransactionManager implements PlatformTransactionManager {
-	public TransactionStatus getTransaction(TransactionDefinition definition)
-			throws TransactionException {
+
+	public TransactionStatus getTransaction(TransactionDefinition definition) throws TransactionException {
 		return mock(TransactionStatus.class);
 	}
 
@@ -36,4 +36,5 @@ public class MockTransactionManager implements PlatformTransactionManager {
 
 	public void rollback(TransactionStatus status) throws TransactionException {
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/MockUserServiceBeanPostProcessor.java b/config/src/test/java/org/springframework/security/config/MockUserServiceBeanPostProcessor.java
index eb7acd044f..d403987473 100644
--- a/config/src/test/java/org/springframework/security/config/MockUserServiceBeanPostProcessor.java
+++ b/config/src/test/java/org/springframework/security/config/MockUserServiceBeanPostProcessor.java
@@ -26,18 +26,16 @@ import org.springframework.beans.factory.config.BeanPostProcessor;
  */
 public class MockUserServiceBeanPostProcessor implements BeanPostProcessor {
 
-	public Object postProcessAfterInitialization(Object bean, String beanName)
-			throws BeansException {
+	public Object postProcessAfterInitialization(Object bean, String beanName) throws BeansException {
 		return bean;
 	}
 
-	public Object postProcessBeforeInitialization(Object bean, String beanName)
-			throws BeansException {
+	public Object postProcessBeforeInitialization(Object bean, String beanName) throws BeansException {
 		if (bean instanceof PostProcessedMockUserDetailsService) {
-			((PostProcessedMockUserDetailsService) bean)
-					.setPostProcessorWasHere("Hello from the post processor!");
+			((PostProcessedMockUserDetailsService) bean).setPostProcessorWasHere("Hello from the post processor!");
 		}
 
 		return bean;
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/PostProcessedMockUserDetailsService.java b/config/src/test/java/org/springframework/security/config/PostProcessedMockUserDetailsService.java
index 2e85d78f7b..7245db7ecf 100644
--- a/config/src/test/java/org/springframework/security/config/PostProcessedMockUserDetailsService.java
+++ b/config/src/test/java/org/springframework/security/config/PostProcessedMockUserDetailsService.java
@@ -19,6 +19,7 @@ import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
 
 public class PostProcessedMockUserDetailsService implements UserDetailsService {
+
 	private String postProcessorWasHere;
 
 	public PostProcessedMockUserDetailsService() {
@@ -36,4 +37,5 @@ public class PostProcessedMockUserDetailsService implements UserDetailsService {
 	public UserDetails loadUserByUsername(String username) {
 		throw new UnsupportedOperationException("Not for actual use");
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/SecurityNamespaceHandlerTests.java b/config/src/test/java/org/springframework/security/config/SecurityNamespaceHandlerTests.java
index a2d17aa5dc..7831e310fb 100644
--- a/config/src/test/java/org/springframework/security/config/SecurityNamespaceHandlerTests.java
+++ b/config/src/test/java/org/springframework/security/config/SecurityNamespaceHandlerTests.java
@@ -41,7 +41,6 @@ import static org.powermock.api.mockito.PowerMockito.verifyStatic;
 import static org.powermock.api.mockito.PowerMockito.verifyZeroInteractions;
 
 /**
- *
  * @author Luke Taylor
  * @author Rob Winch
  * @since 3.0
@@ -50,15 +49,16 @@ import static org.powermock.api.mockito.PowerMockito.verifyZeroInteractions;
 @PrepareForTest({ ClassUtils.class })
 @PowerMockIgnore({ "org.w3c.dom.*", "org.xml.sax.*", "org.apache.xerces.*", "javax.xml.parsers.*" })
 public class SecurityNamespaceHandlerTests {
+
 	@Rule
 	public ExpectedException thrown = ExpectedException.none();
 
-	private static final String XML_AUTHENTICATION_MANAGER = "<authentication-manager>"
-			+ "  <authentication-provider>" + "    <user-service id='us'>"
-			+ "      <user name='bob' password='bobspassword' authorities='ROLE_A' />"
-			+ "    </user-service>" + "  </authentication-provider>"
-			+ "</authentication-manager>";
+	private static final String XML_AUTHENTICATION_MANAGER = "<authentication-manager>" + "  <authentication-provider>"
+			+ "    <user-service id='us'>" + "      <user name='bob' password='bobspassword' authorities='ROLE_A' />"
+			+ "    </user-service>" + "  </authentication-provider>" + "</authentication-manager>";
+
 	private static final String XML_HTTP_BLOCK = "<http auto-config='true'/>";
+
 	private static final String FILTER_CHAIN_PROXY_CLASSNAME = "org.springframework.security.web.FilterChainProxy";
 
 	@Test
@@ -74,15 +74,13 @@ public class SecurityNamespaceHandlerTests {
 	@Test
 	public void pre32SchemaAreNotSupported() {
 		try {
-			new InMemoryXmlApplicationContext(
-					"<user-service id='us'>"
-							+ "  <user name='bob' password='bobspassword' authorities='ROLE_A' />"
-							+ "</user-service>", "3.0.3", null);
+			new InMemoryXmlApplicationContext("<user-service id='us'>"
+					+ "  <user name='bob' password='bobspassword' authorities='ROLE_A' />" + "</user-service>", "3.0.3",
+					null);
 			fail("Expected BeanDefinitionParsingException");
 		}
 		catch (BeanDefinitionParsingException expected) {
-			assertThat(expected.getMessage().contains(
-					"You cannot use a spring-security-2.0.xsd"));
+			assertThat(expected.getMessage().contains("You cannot use a spring-security-2.0.xsd"));
 		}
 	}
 
@@ -91,8 +89,8 @@ public class SecurityNamespaceHandlerTests {
 	public void initDoesNotLogErrorWhenFilterChainProxyFailsToLoad() throws Exception {
 		String className = "javax.servlet.Filter";
 		spy(ClassUtils.class);
-		doThrow(new NoClassDefFoundError(className)).when(ClassUtils.class, "forName",
-				eq(FILTER_CHAIN_PROXY_CLASSNAME), any(ClassLoader.class));
+		doThrow(new NoClassDefFoundError(className)).when(ClassUtils.class, "forName", eq(FILTER_CHAIN_PROXY_CLASSNAME),
+				any(ClassLoader.class));
 
 		Log logger = mock(Log.class);
 		SecurityNamespaceHandler handler = new SecurityNamespaceHandler();
@@ -111,8 +109,8 @@ public class SecurityNamespaceHandlerTests {
 		thrown.expect(BeanDefinitionParsingException.class);
 		thrown.expectMessage("NoClassDefFoundError: " + className);
 		spy(ClassUtils.class);
-		doThrow(new NoClassDefFoundError(className)).when(ClassUtils.class, "forName",
-				eq(FILTER_CHAIN_PROXY_CLASSNAME), any(ClassLoader.class));
+		doThrow(new NoClassDefFoundError(className)).when(ClassUtils.class, "forName", eq(FILTER_CHAIN_PROXY_CLASSNAME),
+				any(ClassLoader.class));
 		new InMemoryXmlApplicationContext(XML_AUTHENTICATION_MANAGER + XML_HTTP_BLOCK);
 	}
 
@@ -120,8 +118,8 @@ public class SecurityNamespaceHandlerTests {
 	public void filterNoClassDefFoundErrorNoHttpBlock() throws Exception {
 		String className = "javax.servlet.Filter";
 		spy(ClassUtils.class);
-		doThrow(new NoClassDefFoundError(className)).when(ClassUtils.class, "forName",
-				eq(FILTER_CHAIN_PROXY_CLASSNAME), any(ClassLoader.class));
+		doThrow(new NoClassDefFoundError(className)).when(ClassUtils.class, "forName", eq(FILTER_CHAIN_PROXY_CLASSNAME),
+				any(ClassLoader.class));
 		new InMemoryXmlApplicationContext(XML_AUTHENTICATION_MANAGER);
 		// should load just fine since no http block
 	}
@@ -151,9 +149,10 @@ public class SecurityNamespaceHandlerTests {
 	public void websocketNotFoundExceptionNoMessageBlock() throws Exception {
 		String className = FILTER_CHAIN_PROXY_CLASSNAME;
 		spy(ClassUtils.class);
-		doThrow(new ClassNotFoundException(className)).when(ClassUtils.class, "forName",
-				eq(Message.class.getName()), any(ClassLoader.class));
+		doThrow(new ClassNotFoundException(className)).when(ClassUtils.class, "forName", eq(Message.class.getName()),
+				any(ClassLoader.class));
 		new InMemoryXmlApplicationContext(XML_AUTHENTICATION_MANAGER);
 		// should load just fine since no websocket block
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/TestBusinessBean.java b/config/src/test/java/org/springframework/security/config/TestBusinessBean.java
index 8a27748dcf..aac8eefd0e 100644
--- a/config/src/test/java/org/springframework/security/config/TestBusinessBean.java
+++ b/config/src/test/java/org/springframework/security/config/TestBusinessBean.java
@@ -29,4 +29,5 @@ public interface TestBusinessBean {
 	void doSomething();
 
 	void unprotected();
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/TestBusinessBeanImpl.java b/config/src/test/java/org/springframework/security/config/TestBusinessBeanImpl.java
index 18e5dbbe7f..3630dcd3a8 100644
--- a/config/src/test/java/org/springframework/security/config/TestBusinessBeanImpl.java
+++ b/config/src/test/java/org/springframework/security/config/TestBusinessBeanImpl.java
@@ -21,8 +21,8 @@ import org.springframework.security.core.session.SessionCreationEvent;
 /**
  * @author Luke Taylor
  */
-public class TestBusinessBeanImpl implements TestBusinessBean,
-		ApplicationListener<SessionCreationEvent> {
+public class TestBusinessBeanImpl implements TestBusinessBean, ApplicationListener<SessionCreationEvent> {
+
 	public void setInteger(int i) {
 	}
 
@@ -46,4 +46,5 @@ public class TestBusinessBeanImpl implements TestBusinessBean,
 	public void onApplicationEvent(SessionCreationEvent event) {
 		System.out.println(event);
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/TransactionalTestBusinessBean.java b/config/src/test/java/org/springframework/security/config/TransactionalTestBusinessBean.java
index f45648d261..7b59815a83 100644
--- a/config/src/test/java/org/springframework/security/config/TransactionalTestBusinessBean.java
+++ b/config/src/test/java/org/springframework/security/config/TransactionalTestBusinessBean.java
@@ -21,6 +21,7 @@ import org.springframework.transaction.annotation.Transactional;
  * @author Luke Taylor
  */
 public class TransactionalTestBusinessBean implements TestBusinessBean {
+
 	public void setInteger(int i) {
 	}
 
@@ -37,4 +38,5 @@ public class TransactionalTestBusinessBean implements TestBusinessBean {
 
 	public void unprotected() {
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/ConcereteSecurityConfigurerAdapter.java b/config/src/test/java/org/springframework/security/config/annotation/ConcereteSecurityConfigurerAdapter.java
index 78c12afeea..5075300c77 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/ConcereteSecurityConfigurerAdapter.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/ConcereteSecurityConfigurerAdapter.java
@@ -22,8 +22,8 @@ import java.util.List;
  * @author Rob Winch
  *
  */
-class ConcereteSecurityConfigurerAdapter extends
-		SecurityConfigurerAdapter<Object, SecurityBuilder<Object>> {
+class ConcereteSecurityConfigurerAdapter extends SecurityConfigurerAdapter<Object, SecurityBuilder<Object>> {
+
 	private List<Object> list = new ArrayList<>();
 
 	@Override
@@ -35,4 +35,5 @@ class ConcereteSecurityConfigurerAdapter extends
 		this.list = l;
 		return this;
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/ObjectPostProcessorTests.java b/config/src/test/java/org/springframework/security/config/annotation/ObjectPostProcessorTests.java
index ad93dc340e..ee88e3c219 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/ObjectPostProcessorTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/ObjectPostProcessorTests.java
@@ -32,8 +32,7 @@ public class ObjectPostProcessorTests {
 
 	@Test
 	public void convertTypes() {
-		assertThat((Object) PerformConversion.perform(new ArrayList<>()))
-				.isInstanceOf(LinkedList.class);
+		assertThat((Object) PerformConversion.perform(new ArrayList<>())).isInstanceOf(LinkedList.class);
 	}
 
 	static class ListToLinkedListObjectPostProcessor implements ObjectPostProcessor<List<?>> {
@@ -41,13 +40,15 @@ public class ObjectPostProcessorTests {
 		public <O extends List<?>> O postProcess(O l) {
 			return (O) new LinkedList(l);
 		}
+
 	}
 
 	static class PerformConversion {
+
 		public static List<?> perform(ArrayList<?> l) {
 			return new ListToLinkedListObjectPostProcessor().postProcess(l);
 		}
+
 	}
+
 }
-
-
diff --git a/config/src/test/java/org/springframework/security/config/annotation/SecurityConfigurerAdapterClosureTests.java b/config/src/test/java/org/springframework/security/config/annotation/SecurityConfigurerAdapterClosureTests.java
index 9565546229..83535e1211 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/SecurityConfigurerAdapterClosureTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/SecurityConfigurerAdapterClosureTests.java
@@ -15,7 +15,6 @@
  */
 package org.springframework.security.config.annotation;
 
-
 import java.util.ArrayList;
 import java.util.List;
 
@@ -30,6 +29,7 @@ import static org.mockito.Mockito.mock;
  *
  */
 public class SecurityConfigurerAdapterClosureTests {
+
 	ConcereteSecurityConfigurerAdapter conf = new ConcereteSecurityConfigurerAdapter();
 
 	@Test
@@ -49,8 +49,8 @@ public class SecurityConfigurerAdapterClosureTests {
 		assertThat(this.conf.list).contains("a");
 	}
 
-	static class ConcereteSecurityConfigurerAdapter extends
-			SecurityConfigurerAdapter<Object, SecurityBuilder<Object>> {
+	static class ConcereteSecurityConfigurerAdapter extends SecurityConfigurerAdapter<Object, SecurityBuilder<Object>> {
+
 		private List<Object> list = new ArrayList<Object>();
 
 		@Override
@@ -62,5 +62,7 @@ public class SecurityConfigurerAdapterClosureTests {
 			this.list = l;
 			return this;
 		}
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/SecurityConfigurerAdapterTests.java b/config/src/test/java/org/springframework/security/config/annotation/SecurityConfigurerAdapterTests.java
index 2b01f0137f..753c5c39d5 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/SecurityConfigurerAdapterTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/SecurityConfigurerAdapterTests.java
@@ -22,6 +22,7 @@ import org.junit.Test;
 import org.springframework.core.Ordered;
 
 public class SecurityConfigurerAdapterTests {
+
 	ConcereteSecurityConfigurerAdapter adapter;
 
 	@Before
@@ -39,6 +40,7 @@ public class SecurityConfigurerAdapterTests {
 	}
 
 	static class OrderedObjectPostProcessor implements ObjectPostProcessor<String>, Ordered {
+
 		private final int order;
 
 		OrderedObjectPostProcessor(int order) {
@@ -53,5 +55,7 @@ public class SecurityConfigurerAdapterTests {
 		public String postProcess(String object) {
 			return object + " " + order;
 		}
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/AuthenticationManagerBuilderTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/AuthenticationManagerBuilderTests.java
index 6fac5b0e29..0bf1a8e566 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/authentication/AuthenticationManagerBuilderTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/AuthenticationManagerBuilderTests.java
@@ -63,6 +63,7 @@ import static org.springframework.security.test.web.servlet.response.SecurityMoc
  * @author Rob Winch
  */
 public class AuthenticationManagerBuilderTests {
+
 	@Rule
 	public final SpringTestRule spring = new SpringTestRule();
 
@@ -84,15 +85,14 @@ public class AuthenticationManagerBuilderTests {
 		ObjectPostProcessor<Object> opp = mock(ObjectPostProcessor.class);
 		AuthenticationEventPublisher aep = mock(AuthenticationEventPublisher.class);
 		when(opp.postProcess(any())).thenAnswer(a -> a.getArgument(0));
-		AuthenticationManager am = new AuthenticationManagerBuilder(opp)
-					.authenticationEventPublisher(aep)
-					.inMemoryAuthentication()
-					.and()
-					.build();
+		AuthenticationManager am = new AuthenticationManagerBuilder(opp).authenticationEventPublisher(aep)
+				.inMemoryAuthentication().and().build();
 
 		try {
 			am.authenticate(new UsernamePasswordAuthenticationToken("user", "password"));
-		} catch (AuthenticationException success) {}
+		}
+		catch (AuthenticationException success) {
+		}
 
 		verify(aep).publishAuthenticationFailure(any(), any());
 	}
@@ -100,8 +100,8 @@ public class AuthenticationManagerBuilderTests {
 	@Test
 	public void getAuthenticationManagerWhenGlobalPasswordEncoderBeanThenUsed() throws Exception {
 		this.spring.register(PasswordEncoderGlobalConfig.class).autowire();
-		AuthenticationManager manager = this.spring.getContext()
-			.getBean(AuthenticationConfiguration.class).getAuthenticationManager();
+		AuthenticationManager manager = this.spring.getContext().getBean(AuthenticationConfiguration.class)
+				.getAuthenticationManager();
 
 		Authentication auth = manager.authenticate(new UsernamePasswordAuthenticationToken("user", "password"));
 
@@ -111,6 +111,7 @@ public class AuthenticationManagerBuilderTests {
 
 	@EnableWebSecurity
 	static class PasswordEncoderGlobalConfig extends WebSecurityConfigurerAdapter {
+
 		@Autowired
 		void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
 			// @formatter:off
@@ -124,13 +125,14 @@ public class AuthenticationManagerBuilderTests {
 		PasswordEncoder passwordEncoder() {
 			return NoOpPasswordEncoder.getInstance();
 		}
+
 	}
 
 	@Test
 	public void getAuthenticationManagerWhenProtectedPasswordEncoderBeanThenUsed() throws Exception {
 		this.spring.register(PasswordEncoderGlobalConfig.class).autowire();
-		AuthenticationManager manager = this.spring.getContext()
-			.getBean(AuthenticationConfiguration.class).getAuthenticationManager();
+		AuthenticationManager manager = this.spring.getContext().getBean(AuthenticationConfiguration.class)
+				.getAuthenticationManager();
 
 		Authentication auth = manager.authenticate(new UsernamePasswordAuthenticationToken("user", "password"));
 
@@ -140,6 +142,7 @@ public class AuthenticationManagerBuilderTests {
 
 	@EnableWebSecurity
 	static class PasswordEncoderConfig extends WebSecurityConfigurerAdapter {
+
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
 			// @formatter:off
 			auth
@@ -152,6 +155,7 @@ public class AuthenticationManagerBuilderTests {
 		PasswordEncoder passwordEncoder() {
 			return NoOpPasswordEncoder.getInstance();
 		}
+
 	}
 
 	@Autowired(required = false)
@@ -161,22 +165,18 @@ public class AuthenticationManagerBuilderTests {
 	public void authenticationManagerWhenMultipleProvidersThenWorks() throws Exception {
 		this.spring.register(MultiAuthenticationProvidersConfig.class).autowire();
 
-		this.mockMvc.perform(formLogin())
-			.andExpect(authenticated().withUsername("user").withRoles("USER"));
+		this.mockMvc.perform(formLogin()).andExpect(authenticated().withUsername("user").withRoles("USER"));
 
 		this.mockMvc.perform(formLogin().user("admin"))
-			.andExpect(authenticated().withUsername("admin").withRoles("USER", "ADMIN"));
+				.andExpect(authenticated().withUsername("admin").withRoles("USER", "ADMIN"));
 	}
 
 	@EnableWebSecurity
-	static class MultiAuthenticationProvidersConfig
-		extends WebSecurityConfigurerAdapter {
+	static class MultiAuthenticationProvidersConfig extends WebSecurityConfigurerAdapter {
+
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
-			auth.inMemoryAuthentication()
-				.withUser(PasswordEncodedUser.user())
-				.and()
-				.inMemoryAuthentication()
-				.withUser(PasswordEncodedUser.admin());
+			auth.inMemoryAuthentication().withUser(PasswordEncodedUser.user()).and().inMemoryAuthentication()
+					.withUser(PasswordEncodedUser.admin());
 		}
 
 	}
@@ -219,7 +219,7 @@ public class AuthenticationManagerBuilderTests {
 		this.spring.register(UserFromPropertiesConfig.class).autowire();
 
 		this.mockMvc.perform(formLogin().user("joe", "joespassword"))
-			.andExpect(authenticated().withUsername("joe").withRoles("USER"));
+				.andExpect(authenticated().withUsername("joe").withRoles("USER"));
 	}
 
 	@Configuration
@@ -248,6 +248,7 @@ public class AuthenticationManagerBuilderTests {
 			properties.load(this.users.getInputStream());
 			return new InMemoryUserDetailsManager(properties);
 		}
+
 	}
 
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/BaseAuthenticationConfig.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/BaseAuthenticationConfig.java
index b2546aee46..c38be2364e 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/authentication/BaseAuthenticationConfig.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/BaseAuthenticationConfig.java
@@ -19,13 +19,12 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 
-
 /**
- *
  * @author Rob Winch
  */
 @Configuration
 public class BaseAuthenticationConfig {
+
 	@Autowired
 	protected void configure(AuthenticationManagerBuilder auth) throws Exception {
 		// @formatter:off
@@ -35,4 +34,5 @@ public class BaseAuthenticationConfig {
 				.withUser("admin").password("password").roles("USER", "ADMIN");
 		// @formatter:on
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationManagerTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationManagerTests.java
index cab352ce61..fd39a39dbf 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationManagerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationManagerTests.java
@@ -33,6 +33,7 @@ import static org.springframework.security.test.web.servlet.response.SecurityMoc
  * @author Rob Winch
  */
 public class NamespaceAuthenticationManagerTests {
+
 	@Rule
 	public final SpringTestRule spring = new SpringTestRule();
 
@@ -44,15 +45,16 @@ public class NamespaceAuthenticationManagerTests {
 		this.spring.register(EraseCredentialsTrueDefaultConfig.class).autowire();
 
 		this.mockMvc.perform(formLogin())
-			.andExpect(authenticated().withAuthentication(a-> assertThat(a.getCredentials()).isNull()));
+				.andExpect(authenticated().withAuthentication(a -> assertThat(a.getCredentials()).isNull()));
 
 		this.mockMvc.perform(formLogin())
-			.andExpect(authenticated().withAuthentication(a-> assertThat(a.getCredentials()).isNull()));
+				.andExpect(authenticated().withAuthentication(a -> assertThat(a.getCredentials()).isNull()));
 		// no exception due to username being cleared out
 	}
 
 	@EnableWebSecurity
 	static class EraseCredentialsTrueDefaultConfig extends WebSecurityConfigurerAdapter {
+
 		@Autowired
 		public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
 			// @formatter:off
@@ -61,6 +63,7 @@ public class NamespaceAuthenticationManagerTests {
 					.withUser(PasswordEncodedUser.user());
 			// @formatter:on
 		}
+
 	}
 
 	@Test
@@ -68,15 +71,16 @@ public class NamespaceAuthenticationManagerTests {
 		this.spring.register(EraseCredentialsFalseConfig.class).autowire();
 
 		this.mockMvc.perform(formLogin())
-			.andExpect(authenticated().withAuthentication(a-> assertThat(a.getCredentials()).isNotNull()));
+				.andExpect(authenticated().withAuthentication(a -> assertThat(a.getCredentials()).isNotNull()));
 
 		this.mockMvc.perform(formLogin())
-			.andExpect(authenticated().withAuthentication(a-> assertThat(a.getCredentials()).isNotNull()));
+				.andExpect(authenticated().withAuthentication(a -> assertThat(a.getCredentials()).isNotNull()));
 		// no exception due to username being cleared out
 	}
 
 	@EnableWebSecurity
 	static class EraseCredentialsFalseConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		public void configure(AuthenticationManagerBuilder auth) throws Exception {
 			// @formatter:off
@@ -86,6 +90,7 @@ public class NamespaceAuthenticationManagerTests {
 				.withUser(PasswordEncodedUser.user());
 			// @formatter:on
 		}
+
 	}
 
 	@Test
@@ -94,11 +99,12 @@ public class NamespaceAuthenticationManagerTests {
 		this.spring.register(GlobalEraseCredentialsFalseConfig.class).autowire();
 
 		this.mockMvc.perform(formLogin())
-			.andExpect(authenticated().withAuthentication(a-> assertThat(a.getCredentials()).isNotNull()));
+				.andExpect(authenticated().withAuthentication(a -> assertThat(a.getCredentials()).isNotNull()));
 	}
 
 	@EnableWebSecurity
 	static class GlobalEraseCredentialsFalseConfig extends WebSecurityConfigurerAdapter {
+
 		@Autowired
 		public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
 			// @formatter:off
@@ -108,5 +114,7 @@ public class NamespaceAuthenticationManagerTests {
 				.withUser(PasswordEncodedUser.user());
 			// @formatter:on
 		}
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationProviderTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationProviderTests.java
index d4ec0812ca..6379257b25 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationProviderTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationProviderTests.java
@@ -49,12 +49,12 @@ public class NamespaceAuthenticationProviderTests {
 	public void authenticationProviderRef() throws Exception {
 		this.spring.register(AuthenticationProviderRefConfig.class).autowire();
 
-		this.mockMvc.perform(formLogin())
-			.andExpect(authenticated().withUsername("user"));
+		this.mockMvc.perform(formLogin()).andExpect(authenticated().withUsername("user"));
 	}
 
 	@EnableWebSecurity
 	static class AuthenticationProviderRefConfig extends WebSecurityConfigurerAdapter {
+
 		protected void configure(AuthenticationManagerBuilder auth) {
 			// @formatter:off
 			auth
@@ -68,6 +68,7 @@ public class NamespaceAuthenticationProviderTests {
 			result.setUserDetailsService(new InMemoryUserDetailsManager(PasswordEncodedUser.user()));
 			return result;
 		}
+
 	}
 
 	@Test
@@ -75,12 +76,12 @@ public class NamespaceAuthenticationProviderTests {
 	public void authenticationProviderUserServiceRef() throws Exception {
 		this.spring.register(AuthenticationProviderRefConfig.class).autowire();
 
-		this.mockMvc.perform(formLogin())
-			.andExpect(authenticated().withUsername("user"));
+		this.mockMvc.perform(formLogin()).andExpect(authenticated().withUsername("user"));
 	}
 
 	@EnableWebSecurity
 	static class UserServiceRefConfig extends WebSecurityConfigurerAdapter {
+
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
 			// @formatter:off
 			auth
@@ -92,5 +93,7 @@ public class NamespaceAuthenticationProviderTests {
 		public UserDetailsService userDetailsService() {
 			return new InMemoryUserDetailsManager(PasswordEncodedUser.user());
 		}
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceJdbcUserServiceTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceJdbcUserServiceTests.java
index 8e17e22a47..bc809bc3db 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceJdbcUserServiceTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceJdbcUserServiceTests.java
@@ -53,12 +53,12 @@ public class NamespaceJdbcUserServiceTests {
 	public void jdbcUserService() throws Exception {
 		this.spring.register(DataSourceConfig.class, JdbcUserServiceConfig.class).autowire();
 
-		this.mockMvc.perform(formLogin())
-			.andExpect(authenticated().withUsername("user"));
+		this.mockMvc.perform(formLogin()).andExpect(authenticated().withUsername("user"));
 	}
 
 	@EnableWebSecurity
 	static class JdbcUserServiceConfig extends WebSecurityConfigurerAdapter {
+
 		@Autowired
 		private DataSource dataSource;
 
@@ -71,27 +71,30 @@ public class NamespaceJdbcUserServiceTests {
 					.dataSource(this.dataSource); // jdbc-user-service@data-source-ref
 			// @formatter:on
 		}
+
 	}
 
 	@Configuration
 	static class DataSourceConfig {
+
 		@Bean
 		public DataSource dataSource() {
 			EmbeddedDatabaseBuilder builder = new EmbeddedDatabaseBuilder();
 			return builder.setType(EmbeddedDatabaseType.HSQL).build();
 		}
+
 	}
 
 	@Test
 	public void jdbcUserServiceCustom() throws Exception {
 		this.spring.register(CustomDataSourceConfig.class, CustomJdbcUserServiceSampleConfig.class).autowire();
 
-		this.mockMvc.perform(formLogin())
-			.andExpect(authenticated().withUsername("user").withRoles("DBA", "USER"));
+		this.mockMvc.perform(formLogin()).andExpect(authenticated().withUsername("user").withRoles("DBA", "USER"));
 	}
 
 	@EnableWebSecurity
 	static class CustomJdbcUserServiceSampleConfig extends WebSecurityConfigurerAdapter {
+
 		@Autowired
 		private DataSource dataSource;
 
@@ -129,16 +132,22 @@ public class NamespaceJdbcUserServiceTests {
 			@Override
 			public void removeUserFromCache(String username) {
 			}
+
 		}
+
 	}
+
 	@Configuration
 	static class CustomDataSourceConfig {
+
 		@Bean
 		public DataSource dataSource() {
 			EmbeddedDatabaseBuilder builder = new EmbeddedDatabaseBuilder()
-				// simulate that the DB already has the schema loaded and users in it
-				.addScript("CustomJdbcUserServiceSampleConfig.sql");
+					// simulate that the DB already has the schema loaded and users in it
+					.addScript("CustomJdbcUserServiceSampleConfig.sql");
 			return builder.setType(EmbeddedDatabaseType.HSQL).build();
 		}
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespacePasswordEncoderTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespacePasswordEncoderTests.java
index e4ed142b39..7d40fc7d13 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespacePasswordEncoderTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespacePasswordEncoderTests.java
@@ -52,12 +52,12 @@ public class NamespacePasswordEncoderTests {
 	public void passwordEncoderRefWithInMemory() throws Exception {
 		this.spring.register(PasswordEncoderWithInMemoryConfig.class).autowire();
 
-		this.mockMvc.perform(formLogin())
-			.andExpect(authenticated());
+		this.mockMvc.perform(formLogin()).andExpect(authenticated());
 	}
 
 	@EnableWebSecurity
 	static class PasswordEncoderWithInMemoryConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
 			BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
@@ -68,18 +68,19 @@ public class NamespacePasswordEncoderTests {
 				.passwordEncoder(encoder);
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void passwordEncoderRefWithJdbc() throws Exception {
 		this.spring.register(PasswordEncoderWithJdbcConfig.class).autowire();
 
-		this.mockMvc.perform(formLogin())
-			.andExpect(authenticated());
+		this.mockMvc.perform(formLogin()).andExpect(authenticated());
 	}
 
 	@EnableWebSecurity
 	static class PasswordEncoderWithJdbcConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
 
@@ -99,18 +100,19 @@ public class NamespacePasswordEncoderTests {
 			EmbeddedDatabaseBuilder builder = new EmbeddedDatabaseBuilder();
 			return builder.setType(EmbeddedDatabaseType.HSQL).build();
 		}
+
 	}
 
 	@Test
 	public void passwordEncoderRefWithUserDetailsService() throws Exception {
 		this.spring.register(PasswordEncoderWithUserDetailsServiceConfig.class).autowire();
 
-		this.mockMvc.perform(formLogin())
-			.andExpect(authenticated());
+		this.mockMvc.perform(formLogin()).andExpect(authenticated());
 	}
 
 	@EnableWebSecurity
 	static class PasswordEncoderWithUserDetailsServiceConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
 			BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
@@ -134,5 +136,7 @@ public class NamespacePasswordEncoderTests {
 			EmbeddedDatabaseBuilder builder = new EmbeddedDatabaseBuilder();
 			return builder.setType(EmbeddedDatabaseType.HSQL).build();
 		}
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/PasswordEncoderConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/PasswordEncoderConfigurerTests.java
index 2b2287b4f2..42b359193a 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/authentication/PasswordEncoderConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/PasswordEncoderConfigurerTests.java
@@ -49,6 +49,7 @@ public class PasswordEncoderConfigurerTests {
 
 	@EnableWebSecurity
 	static class PasswordEncoderConfig extends WebSecurityConfigurerAdapter {
+
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
 			BCryptPasswordEncoder encoder = passwordEncoder();
 			// @formatter:off
@@ -67,19 +68,19 @@ public class PasswordEncoderConfigurerTests {
 		public BCryptPasswordEncoder passwordEncoder() {
 			return new BCryptPasswordEncoder();
 		}
+
 	}
 
 	@Test
 	public void passwordEncoderRefWhenAuthenticationManagerBuilderThenAuthenticationSuccess() throws Exception {
 		this.spring.register(PasswordEncoderNoAuthManagerLoadsConfig.class).autowire();
 
-		this.mockMvc.perform(formLogin())
-			.andExpect(authenticated());
+		this.mockMvc.perform(formLogin()).andExpect(authenticated());
 	}
 
 	@EnableWebSecurity
-	static class PasswordEncoderNoAuthManagerLoadsConfig extends
-		WebSecurityConfigurerAdapter {
+	static class PasswordEncoderNoAuthManagerLoadsConfig extends WebSecurityConfigurerAdapter {
+
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
 			BCryptPasswordEncoder encoder = passwordEncoder();
 			// @formatter:off
@@ -94,5 +95,7 @@ public class PasswordEncoderConfigurerTests {
 		public BCryptPasswordEncoder passwordEncoder() {
 			return new BCryptPasswordEncoder();
 		}
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationPublishTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationPublishTests.java
index d797632e5b..cea8e87e92 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationPublishTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationPublishTests.java
@@ -37,6 +37,7 @@ import static org.assertj.core.api.Assertions.*;
  */
 @RunWith(SpringJUnit4ClassRunner.class)
 public class AuthenticationConfigurationPublishTests {
+
 	@Autowired
 	MockEventListener<AuthenticationSuccessEvent> listener;
 
@@ -58,6 +59,7 @@ public class AuthenticationConfigurationPublishTests {
 	@EnableGlobalAuthentication
 	@Import(AuthenticationTestConfiguration.class)
 	static class Config {
+
 		@Bean
 		AuthenticationEventPublisher publisher() {
 			return new DefaultAuthenticationEventPublisher();
@@ -65,8 +67,10 @@ public class AuthenticationConfigurationPublishTests {
 
 		@Bean
 		MockEventListener<AuthenticationSuccessEvent> eventListener() {
-			return new MockEventListener<AuthenticationSuccessEvent>(){};
+			return new MockEventListener<AuthenticationSuccessEvent>() {
+			};
 		}
+
 	}
 
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationTests.java
index 14546c85f7..7a7d98d083 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationTests.java
@@ -79,81 +79,100 @@ public class AuthenticationConfigurationTests {
 
 	@Test
 	public void orderingAutowiredOnEnableGlobalMethodSecurity() {
-		this.spring.register(AuthenticationTestConfiguration.class, GlobalMethodSecurityAutowiredConfig.class, ServicesConfig.class).autowire();
+		this.spring.register(AuthenticationTestConfiguration.class, GlobalMethodSecurityAutowiredConfig.class,
+				ServicesConfig.class).autowire();
 
-		SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken("user", "password", "ROLE_USER"));
+		SecurityContextHolder.getContext()
+				.setAuthentication(new TestingAuthenticationToken("user", "password", "ROLE_USER"));
 		this.service.run();
 	}
 
 	@EnableGlobalMethodSecurity(securedEnabled = true)
 	static class GlobalMethodSecurityAutowiredConfig {
+
 	}
 
 	@Test
 	public void orderingAutowiredOnEnableWebSecurity() {
-		this.spring.register(AuthenticationTestConfiguration.class, WebSecurityConfig.class, GlobalMethodSecurityAutowiredConfig.class, ServicesConfig.class).autowire();
+		this.spring.register(AuthenticationTestConfiguration.class, WebSecurityConfig.class,
+				GlobalMethodSecurityAutowiredConfig.class, ServicesConfig.class).autowire();
 
-		SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken("user", "password", "ROLE_USER"));
+		SecurityContextHolder.getContext()
+				.setAuthentication(new TestingAuthenticationToken("user", "password", "ROLE_USER"));
 		this.service.run();
 	}
 
 	@EnableWebSecurity
-	static class WebSecurityConfig {}
+	static class WebSecurityConfig {
 
+	}
 
 	@Test
 	public void orderingAutowiredOnEnableWebMvcSecurity() {
-		this.spring.register(AuthenticationTestConfiguration.class, WebMvcSecurityConfig.class, GlobalMethodSecurityAutowiredConfig.class, ServicesConfig.class).autowire();
+		this.spring.register(AuthenticationTestConfiguration.class, WebMvcSecurityConfig.class,
+				GlobalMethodSecurityAutowiredConfig.class, ServicesConfig.class).autowire();
 
-		SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken("user", "password", "ROLE_USER"));
+		SecurityContextHolder.getContext()
+				.setAuthentication(new TestingAuthenticationToken("user", "password", "ROLE_USER"));
 		this.service.run();
 	}
 
 	@EnableWebMvcSecurity
-	static class WebMvcSecurityConfig {}
+	static class WebMvcSecurityConfig {
+
+	}
 
 	@Test
 	public void getAuthenticationManagerWhenNoAuthenticationThenNull() throws Exception {
 		this.spring.register(AuthenticationConfiguration.class, ObjectPostProcessorConfiguration.class).autowire();
 
-		assertThat(this.spring.getContext().getBean(AuthenticationConfiguration.class).getAuthenticationManager()).isNull();
+		assertThat(this.spring.getContext().getBean(AuthenticationConfiguration.class).getAuthenticationManager())
+				.isNull();
 	}
 
-
 	@Test
 	public void getAuthenticationManagerWhenNoOpGlobalAuthenticationConfigurerAdapterThenNull() throws Exception {
-		this.spring.register(AuthenticationConfiguration.class, ObjectPostProcessorConfiguration.class, NoOpGlobalAuthenticationConfigurerAdapter.class).autowire();
+		this.spring.register(AuthenticationConfiguration.class, ObjectPostProcessorConfiguration.class,
+				NoOpGlobalAuthenticationConfigurerAdapter.class).autowire();
 
-		assertThat(this.spring.getContext().getBean(AuthenticationConfiguration.class).getAuthenticationManager()).isNull();
+		assertThat(this.spring.getContext().getBean(AuthenticationConfiguration.class).getAuthenticationManager())
+				.isNull();
 	}
 
 	@Configuration
-	static class NoOpGlobalAuthenticationConfigurerAdapter extends GlobalAuthenticationConfigurerAdapter {}
+	static class NoOpGlobalAuthenticationConfigurerAdapter extends GlobalAuthenticationConfigurerAdapter {
+
+	}
 
 	@Test
 	public void getAuthenticationWhenGlobalAuthenticationConfigurerAdapterThenAuthenticates() throws Exception {
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("user", "password");
-		this.spring.register(AuthenticationConfiguration.class, ObjectPostProcessorConfiguration.class, UserGlobalAuthenticationConfigurerAdapter.class).autowire();
+		this.spring.register(AuthenticationConfiguration.class, ObjectPostProcessorConfiguration.class,
+				UserGlobalAuthenticationConfigurerAdapter.class).autowire();
 
-		AuthenticationManager authentication = this.spring.getContext().getBean(AuthenticationConfiguration.class).getAuthenticationManager();
+		AuthenticationManager authentication = this.spring.getContext().getBean(AuthenticationConfiguration.class)
+				.getAuthenticationManager();
 
 		assertThat(authentication.authenticate(token).getName()).isEqualTo(token.getName());
 	}
 
 	@Configuration
 	static class UserGlobalAuthenticationConfigurerAdapter extends GlobalAuthenticationConfigurerAdapter {
+
 		public void init(AuthenticationManagerBuilder auth) throws Exception {
-			auth.inMemoryAuthentication()
-				.withUser(PasswordEncodedUser.user());
+			auth.inMemoryAuthentication().withUser(PasswordEncodedUser.user());
 		}
+
 	}
 
 	@Test
 	public void getAuthenticationWhenAuthenticationManagerBeanThenAuthenticates() throws Exception {
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("user", "password");
-		this.spring.register(AuthenticationConfiguration.class, ObjectPostProcessorConfiguration.class, AuthenticationManagerBeanConfig.class).autowire();
+		this.spring.register(AuthenticationConfiguration.class, ObjectPostProcessorConfiguration.class,
+				AuthenticationManagerBeanConfig.class).autowire();
 
-		AuthenticationManager authentication = this.spring.getContext().getBean(AuthenticationConfiguration.class).getAuthenticationManager();
+		AuthenticationManager authentication = this.spring.getContext().getBean(AuthenticationConfiguration.class)
+				.getAuthenticationManager();
 		when(authentication.authenticate(token)).thenReturn(TestAuthentication.authenticatedUser());
 
 		assertThat(authentication.authenticate(token).getName()).isEqualTo(token.getName());
@@ -161,70 +180,93 @@ public class AuthenticationConfigurationTests {
 
 	@Configuration
 	static class AuthenticationManagerBeanConfig {
+
 		AuthenticationManager authenticationManager = mock(AuthenticationManager.class);
 
 		@Bean
 		public AuthenticationManager authenticationManager() {
 			return this.authenticationManager;
 		}
+
 	}
-		//
-		//	//
-		//
-		@Configuration
-		static class ServicesConfig {
-			@Bean
-			public Service service() {
-				return new ServiceImpl();
-			}
+
+	//
+	// //
+	//
+	@Configuration
+	static class ServicesConfig {
+
+		@Bean
+		public Service service() {
+			return new ServiceImpl();
 		}
 
-		interface Service {
-			void run();
+	}
+
+	interface Service {
+
+		void run();
+
+	}
+
+	static class ServiceImpl implements Service {
+
+		@Secured("ROLE_USER")
+		public void run() {
 		}
 
-		static class ServiceImpl implements Service {
-			@Secured("ROLE_USER")
-			public void run() {}
+	}
+
+	@Test
+	public void getAuthenticationWhenMultipleThenOrdered() throws Exception {
+		this.spring.register(AuthenticationConfiguration.class, ObjectPostProcessorConfiguration.class,
+				AuthenticationManagerBeanConfig.class).autowire();
+		AuthenticationConfiguration config = this.spring.getContext().getBean(AuthenticationConfiguration.class);
+		config.setGlobalAuthenticationConfigurers(Arrays.asList(new LowestOrderGlobalAuthenticationConfigurerAdapter(),
+				new HighestOrderGlobalAuthenticationConfigurerAdapter(),
+				new DefaultOrderGlobalAuthenticationConfigurerAdapter()));
+	}
+
+	static class DefaultOrderGlobalAuthenticationConfigurerAdapter extends GlobalAuthenticationConfigurerAdapter {
+
+		static List<Class<?>> inits = new ArrayList<>();
+		static List<Class<?>> configs = new ArrayList<>();
+
+		public void init(AuthenticationManagerBuilder auth) throws Exception {
+			inits.add(getClass());
 		}
 
-		@Test
-		public void getAuthenticationWhenMultipleThenOrdered() throws Exception {
-			this.spring.register(AuthenticationConfiguration.class, ObjectPostProcessorConfiguration.class, AuthenticationManagerBeanConfig.class).autowire();
-			AuthenticationConfiguration config = this.spring.getContext().getBean(AuthenticationConfiguration.class);
-			config.setGlobalAuthenticationConfigurers(Arrays.asList(new LowestOrderGlobalAuthenticationConfigurerAdapter(), new HighestOrderGlobalAuthenticationConfigurerAdapter(), new DefaultOrderGlobalAuthenticationConfigurerAdapter()));
+		public void configure(AuthenticationManagerBuilder auth) {
+			configs.add(getClass());
 		}
 
-		static class DefaultOrderGlobalAuthenticationConfigurerAdapter extends GlobalAuthenticationConfigurerAdapter {
-			static List<Class<?>> inits = new ArrayList<>();
-			static List<Class<?>> configs = new ArrayList<>();
+	}
 
-			public void init(AuthenticationManagerBuilder auth) throws Exception {
-				inits.add(getClass());
-			}
+	@Order(Ordered.LOWEST_PRECEDENCE)
+	static class LowestOrderGlobalAuthenticationConfigurerAdapter
+			extends DefaultOrderGlobalAuthenticationConfigurerAdapter {
 
-			public void configure(AuthenticationManagerBuilder auth) {
-				configs.add(getClass());
-			}
-		}
+	}
 
-		@Order(Ordered.LOWEST_PRECEDENCE)
-		static class LowestOrderGlobalAuthenticationConfigurerAdapter extends DefaultOrderGlobalAuthenticationConfigurerAdapter {}
+	@Order(Ordered.HIGHEST_PRECEDENCE)
+	static class HighestOrderGlobalAuthenticationConfigurerAdapter
+			extends DefaultOrderGlobalAuthenticationConfigurerAdapter {
 
-		@Order(Ordered.HIGHEST_PRECEDENCE)
-		static class HighestOrderGlobalAuthenticationConfigurerAdapter extends DefaultOrderGlobalAuthenticationConfigurerAdapter {}
+	}
 
 	@Test
 	public void getAuthenticationWhenConfiguredThenBootNotTrigger() throws Exception {
 		this.spring.register(AuthenticationConfiguration.class, ObjectPostProcessorConfiguration.class).autowire();
 		AuthenticationConfiguration config = this.spring.getContext().getBean(AuthenticationConfiguration.class);
-		config.setGlobalAuthenticationConfigurers(Arrays.asList(new ConfiguresInMemoryConfigurerAdapter(), new BootGlobalAuthenticationConfigurerAdapter()));
+		config.setGlobalAuthenticationConfigurers(Arrays.asList(new ConfiguresInMemoryConfigurerAdapter(),
+				new BootGlobalAuthenticationConfigurerAdapter()));
 		AuthenticationManager authenticationManager = config.getAuthenticationManager();
 
 		authenticationManager.authenticate(new UsernamePasswordAuthenticationToken("user", "password"));
 
-		assertThatThrownBy(() -> authenticationManager.authenticate(new UsernamePasswordAuthenticationToken("boot", "password")))
-			.isInstanceOf(AuthenticationException.class);
+		assertThatThrownBy(
+				() -> authenticationManager.authenticate(new UsernamePasswordAuthenticationToken("boot", "password")))
+						.isInstanceOf(AuthenticationException.class);
 
 	}
 
@@ -247,16 +289,21 @@ public class AuthenticationConfigurationTests {
 					.withUser(PasswordEncodedUser.user());
 			// @formatter:on
 		}
+
 	}
 
 	@Order(Ordered.LOWEST_PRECEDENCE)
 	static class BootGlobalAuthenticationConfigurerAdapter extends DefaultOrderGlobalAuthenticationConfigurerAdapter {
+
 		public void init(AuthenticationManagerBuilder auth) throws Exception {
 			auth.apply(new DefaultBootGlobalAuthenticationConfigurerAdapter());
 		}
+
 	}
 
-	static class DefaultBootGlobalAuthenticationConfigurerAdapter extends DefaultOrderGlobalAuthenticationConfigurerAdapter {
+	static class DefaultBootGlobalAuthenticationConfigurerAdapter
+			extends DefaultOrderGlobalAuthenticationConfigurerAdapter {
+
 		@Override
 		public void configure(AuthenticationManagerBuilder auth) {
 			if (auth.isConfigured()) {
@@ -273,6 +320,7 @@ public class AuthenticationConfigurationTests {
 
 			auth.authenticationProvider(provider);
 		}
+
 	}
 
 	// gh-2531
@@ -301,6 +349,7 @@ public class AuthenticationConfigurationTests {
 		public AuthenticationManager manager() {
 			return null;
 		}
+
 	}
 
 	@Test
@@ -313,19 +362,24 @@ public class AuthenticationConfigurationTests {
 
 	@Configuration
 	@Import(AuthenticationConfiguration.class)
-	static class Sec2822Config {}
+	static class Sec2822Config {
+
+	}
 
 	@Configuration
 	@EnableWebSecurity
 	static class Sec2822WebSecurity extends WebSecurityConfigurerAdapter {
+
 		@Autowired
 		public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
 			auth.inMemoryAuthentication();
 		}
+
 	}
 
 	@Configuration
 	static class Sec2822UseAuth {
+
 		@Autowired
 		public void useAuthenticationManager(AuthenticationConfiguration auth) throws Exception {
 			auth.getAuthenticationManager();
@@ -338,52 +392,62 @@ public class AuthenticationConfigurationTests {
 			return new BootGlobalAuthenticationConfigurerAdapter();
 		}
 
-		static class BootGlobalAuthenticationConfigurerAdapter extends GlobalAuthenticationConfigurerAdapter { }
+		static class BootGlobalAuthenticationConfigurerAdapter extends GlobalAuthenticationConfigurerAdapter {
+
+		}
+
 	}
 
 	// sec-2868
 	@Test
-	public void getAuthenticationWhenUserDetailsServiceBeanThenAuthenticationManagerUsesUserDetailsServiceBean() throws Exception {
+	public void getAuthenticationWhenUserDetailsServiceBeanThenAuthenticationManagerUsesUserDetailsServiceBean()
+			throws Exception {
 		this.spring.register(UserDetailsServiceBeanConfig.class).autowire();
 		UserDetailsService uds = this.spring.getContext().getBean(UserDetailsService.class);
-		AuthenticationManager am = this.spring.getContext().getBean(AuthenticationConfiguration.class).getAuthenticationManager();
+		AuthenticationManager am = this.spring.getContext().getBean(AuthenticationConfiguration.class)
+				.getAuthenticationManager();
 		when(uds.loadUserByUsername("user")).thenReturn(PasswordEncodedUser.user(), PasswordEncodedUser.user());
 
 		am.authenticate(new UsernamePasswordAuthenticationToken("user", "password"));
 
 		assertThatThrownBy(() -> am.authenticate(new UsernamePasswordAuthenticationToken("user", "invalid")))
-			.isInstanceOf(AuthenticationException.class);
+				.isInstanceOf(AuthenticationException.class);
 	}
 
 	@Configuration
-	@Import({AuthenticationConfiguration.class, ObjectPostProcessorConfiguration.class})
+	@Import({ AuthenticationConfiguration.class, ObjectPostProcessorConfiguration.class })
 	static class UserDetailsServiceBeanConfig {
+
 		UserDetailsService uds = mock(UserDetailsService.class);
 
 		@Bean
 		UserDetailsService userDetailsService() {
 			return this.uds;
 		}
+
 	}
 
 	@Test
 	public void getAuthenticationWhenUserDetailsServiceAndPasswordEncoderBeanThenEncoderUsed() throws Exception {
 		UserDetails user = new User("user", "$2a$10$FBAKClV1zBIOOC9XMXf3AO8RoGXYVYsfvUdoLxGkd/BnXEn4tqT3u",
-			AuthorityUtils.createAuthorityList("ROLE_USER"));
+				AuthorityUtils.createAuthorityList("ROLE_USER"));
 		this.spring.register(UserDetailsServiceBeanWithPasswordEncoderConfig.class).autowire();
 		UserDetailsService uds = this.spring.getContext().getBean(UserDetailsService.class);
-		AuthenticationManager am = this.spring.getContext().getBean(AuthenticationConfiguration.class).getAuthenticationManager();
-		when(uds.loadUserByUsername("user")).thenReturn(User.withUserDetails(user).build(), User.withUserDetails(user).build());
+		AuthenticationManager am = this.spring.getContext().getBean(AuthenticationConfiguration.class)
+				.getAuthenticationManager();
+		when(uds.loadUserByUsername("user")).thenReturn(User.withUserDetails(user).build(),
+				User.withUserDetails(user).build());
 
 		am.authenticate(new UsernamePasswordAuthenticationToken("user", "password"));
 
 		assertThatThrownBy(() -> am.authenticate(new UsernamePasswordAuthenticationToken("user", "invalid")))
-			.isInstanceOf(AuthenticationException.class);
+				.isInstanceOf(AuthenticationException.class);
 	}
 
 	@Configuration
-	@Import({AuthenticationConfiguration.class, ObjectPostProcessorConfiguration.class})
+	@Import({ AuthenticationConfiguration.class, ObjectPostProcessorConfiguration.class })
 	static class UserDetailsServiceBeanWithPasswordEncoderConfig {
+
 		UserDetailsService uds = mock(UserDetailsService.class);
 
 		@Bean
@@ -395,16 +459,19 @@ public class AuthenticationConfigurationTests {
 		PasswordEncoder passwordEncoder() {
 			return new BCryptPasswordEncoder();
 		}
+
 	}
 
 	@Test
 	public void getAuthenticationWhenUserDetailsServiceAndPasswordManagerThenManagerUsed() throws Exception {
-		UserDetails user = new User("user", "{noop}password",
-				AuthorityUtils.createAuthorityList("ROLE_USER"));
+		UserDetails user = new User("user", "{noop}password", AuthorityUtils.createAuthorityList("ROLE_USER"));
 		this.spring.register(UserDetailsPasswordManagerBeanConfig.class).autowire();
-		UserDetailsPasswordManagerBeanConfig.Manager manager = this.spring.getContext().getBean(UserDetailsPasswordManagerBeanConfig.Manager.class);
-		AuthenticationManager am = this.spring.getContext().getBean(AuthenticationConfiguration.class).getAuthenticationManager();
-		when(manager.loadUserByUsername("user")).thenReturn(User.withUserDetails(user).build(), User.withUserDetails(user).build());
+		UserDetailsPasswordManagerBeanConfig.Manager manager = this.spring.getContext()
+				.getBean(UserDetailsPasswordManagerBeanConfig.Manager.class);
+		AuthenticationManager am = this.spring.getContext().getBean(AuthenticationConfiguration.class)
+				.getAuthenticationManager();
+		when(manager.loadUserByUsername("user")).thenReturn(User.withUserDetails(user).build(),
+				User.withUserDetails(user).build());
 		when(manager.updatePassword(any(), any())).thenReturn(user);
 
 		am.authenticate(new UsernamePasswordAuthenticationToken("user", "password"));
@@ -413,8 +480,9 @@ public class AuthenticationConfigurationTests {
 	}
 
 	@Configuration
-	@Import({AuthenticationConfiguration.class, ObjectPostProcessorConfiguration.class})
+	@Import({ AuthenticationConfiguration.class, ObjectPostProcessorConfiguration.class })
 	static class UserDetailsPasswordManagerBeanConfig {
+
 		Manager manager = mock(Manager.class);
 
 		@Bean
@@ -423,15 +491,18 @@ public class AuthenticationConfigurationTests {
 		}
 
 		interface Manager extends UserDetailsService, UserDetailsPasswordService {
+
 		}
+
 	}
 
-	//gh-3091
+	// gh-3091
 	@Test
 	public void getAuthenticationWhenAuthenticationProviderBeanThenUsed() throws Exception {
 		this.spring.register(AuthenticationProviderBeanConfig.class).autowire();
 		AuthenticationProvider ap = this.spring.getContext().getBean(AuthenticationProvider.class);
-		AuthenticationManager am = this.spring.getContext().getBean(AuthenticationConfiguration.class).getAuthenticationManager();
+		AuthenticationManager am = this.spring.getContext().getBean(AuthenticationConfiguration.class)
+				.getAuthenticationManager();
 		when(ap.supports(any())).thenReturn(true);
 		when(ap.authenticate(any())).thenReturn(TestAuthentication.authenticatedUser());
 
@@ -439,21 +510,25 @@ public class AuthenticationConfigurationTests {
 	}
 
 	@Configuration
-	@Import({AuthenticationConfiguration.class, ObjectPostProcessorConfiguration.class})
+	@Import({ AuthenticationConfiguration.class, ObjectPostProcessorConfiguration.class })
 	static class AuthenticationProviderBeanConfig {
+
 		AuthenticationProvider provider = mock(AuthenticationProvider.class);
 
 		@Bean
 		AuthenticationProvider authenticationProvider() {
 			return this.provider;
 		}
+
 	}
 
 	@Test
-	public void getAuthenticationWhenAuthenticationProviderAndUserDetailsBeanThenAuthenticationProviderUsed() throws Exception {
+	public void getAuthenticationWhenAuthenticationProviderAndUserDetailsBeanThenAuthenticationProviderUsed()
+			throws Exception {
 		this.spring.register(AuthenticationProviderBeanAndUserDetailsServiceConfig.class).autowire();
 		AuthenticationProvider ap = this.spring.getContext().getBean(AuthenticationProvider.class);
-		AuthenticationManager am = this.spring.getContext().getBean(AuthenticationConfiguration.class).getAuthenticationManager();
+		AuthenticationManager am = this.spring.getContext().getBean(AuthenticationConfiguration.class)
+				.getAuthenticationManager();
 		when(ap.supports(any())).thenReturn(true);
 		when(ap.authenticate(any())).thenReturn(TestAuthentication.authenticatedUser());
 
@@ -461,8 +536,9 @@ public class AuthenticationConfigurationTests {
 	}
 
 	@Configuration
-	@Import({AuthenticationConfiguration.class, ObjectPostProcessorConfiguration.class})
+	@Import({ AuthenticationConfiguration.class, ObjectPostProcessorConfiguration.class })
 	static class AuthenticationProviderBeanAndUserDetailsServiceConfig {
+
 		AuthenticationProvider provider = mock(AuthenticationProvider.class);
 
 		UserDetailsService uds = mock(UserDetailsService.class);
@@ -476,11 +552,13 @@ public class AuthenticationConfigurationTests {
 		AuthenticationProvider authenticationProvider() {
 			return this.provider;
 		}
+
 	}
 
 	@Test
 	public void enableGlobalMethodSecurityWhenPreAuthorizeThenNoException() {
-		this.spring.register(UsesPreAuthorizeMethodSecurityConfig.class, AuthenticationManagerBeanConfig.class).autowire();
+		this.spring.register(UsesPreAuthorizeMethodSecurityConfig.class, AuthenticationManagerBeanConfig.class)
+				.autowire();
 
 		// no exception
 	}
@@ -488,13 +566,17 @@ public class AuthenticationConfigurationTests {
 	@Configuration
 	@EnableGlobalMethodSecurity(prePostEnabled = true)
 	static class UsesPreAuthorizeMethodSecurityConfig {
+
 		@PreAuthorize("denyAll")
-		void run() {}
+		void run() {
+		}
+
 	}
 
 	@Test
 	public void enableGlobalMethodSecurityWhenPreAuthorizeThenUsesMethodSecurityService() {
-		this.spring.register(ServicesConfig.class, UsesPreAuthorizeMethodSecurityConfig.class, AuthenticationManagerBeanConfig.class).autowire();
+		this.spring.register(ServicesConfig.class, UsesPreAuthorizeMethodSecurityConfig.class,
+				AuthenticationManagerBeanConfig.class).autowire();
 
 		// no exception
 	}
@@ -502,8 +584,10 @@ public class AuthenticationConfigurationTests {
 	@Configuration
 	@EnableGlobalMethodSecurity(securedEnabled = true)
 	static class UsesServiceMethodSecurityConfig {
+
 		@Autowired
 		Service service;
+
 	}
 
 	@Test
@@ -537,11 +621,12 @@ public class AuthenticationConfigurationTests {
 
 		this.spring.getContext().getBean(AuthenticationConfiguration.class).getAuthenticationManager();
 
-		assertThatThrownBy(ap::build)
-				.isInstanceOf(AlreadyBuiltException.class);
+		assertThatThrownBy(ap::build).isInstanceOf(AlreadyBuiltException.class);
 	}
 
 	@Configuration
 	static class AuthenticationConfigurationSubclass extends AuthenticationConfiguration {
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/EnableGlobalAuthenticationTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/EnableGlobalAuthenticationTests.java
index 0670a82769..604ea5a1c2 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/EnableGlobalAuthenticationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/EnableGlobalAuthenticationTests.java
@@ -26,11 +26,11 @@ import org.springframework.security.config.annotation.authentication.builders.Au
 import org.springframework.security.config.test.SpringTestRule;
 
 /**
- *
  * @author Rob Winch
  *
  */
 public class EnableGlobalAuthenticationTests {
+
 	@Rule
 	public final SpringTestRule spring = new SpringTestRule();
 
@@ -52,6 +52,7 @@ public class EnableGlobalAuthenticationTests {
 		public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
 			auth.inMemoryAuthentication().withUser("user").password("password").roles("USER");
 		}
+
 	}
 
 	@Test
@@ -66,6 +67,7 @@ public class EnableGlobalAuthenticationTests {
 
 	@EnableGlobalAuthentication
 	static class BeanProxyEnabledByDefaultConfig {
+
 		@Bean
 		public Child child() {
 			return new Child();
@@ -75,6 +77,7 @@ public class EnableGlobalAuthenticationTests {
 		public Parent parent() {
 			return new Parent(child());
 		}
+
 	}
 
 	@Test
@@ -90,6 +93,7 @@ public class EnableGlobalAuthenticationTests {
 	@Configuration(proxyBeanMethods = false)
 	@EnableGlobalAuthentication
 	static class BeanProxyDisabledConfig {
+
 		@Bean
 		public Child child() {
 			return new Child();
@@ -99,9 +103,11 @@ public class EnableGlobalAuthenticationTests {
 		public Parent parent() {
 			return new Parent(child());
 		}
+
 	}
 
 	static class Parent {
+
 		private Child child;
 
 		Parent(Child child) {
@@ -111,10 +117,14 @@ public class EnableGlobalAuthenticationTests {
 		public Child getChild() {
 			return child;
 		}
+
 	}
 
 	static class Child {
+
 		Child() {
 		}
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/configurers/ldap/LdapAuthenticationProviderConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/configurers/ldap/LdapAuthenticationProviderConfigurerTests.java
index b8b98509e6..0c786825ff 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/authentication/configurers/ldap/LdapAuthenticationProviderConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/configurers/ldap/LdapAuthenticationProviderConfigurerTests.java
@@ -41,4 +41,5 @@ public class LdapAuthenticationProviderConfigurerTests {
 		assertThat(configurer.getAuthoritiesMapper()).isInstanceOf(NullAuthoritiesMapper.class);
 
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/configurers/provisioning/UserDetailsManagerConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/configurers/provisioning/UserDetailsManagerConfigurerTests.java
index 501c6cfe79..522887cf80 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/authentication/configurers/provisioning/UserDetailsManagerConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/configurers/provisioning/UserDetailsManagerConfigurerTests.java
@@ -28,10 +28,9 @@ import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.provisioning.InMemoryUserDetailsManager;
 
 /**
-*
-* @author Rob Winch
-* @author Adolfo Eloy
-*/
+ * @author Rob Winch
+ * @author Adolfo Eloy
+ */
 public class UserDetailsManagerConfigurerTests {
 
 	private InMemoryUserDetailsManager userDetailsManager;
@@ -43,16 +42,9 @@ public class UserDetailsManagerConfigurerTests {
 
 	@Test
 	public void allAttributesSupported() {
-		UserDetails userDetails = new UserDetailsManagerConfigurer<AuthenticationManagerBuilder,
-				InMemoryUserDetailsManagerConfigurer<AuthenticationManagerBuilder>>(userDetailsManager)
-			.withUser("user")
-			.password("password")
-			.roles("USER")
-			.disabled(true)
-			.accountExpired(true)
-			.accountLocked(true)
-			.credentialsExpired(true)
-			.build();
+		UserDetails userDetails = new UserDetailsManagerConfigurer<AuthenticationManagerBuilder, InMemoryUserDetailsManagerConfigurer<AuthenticationManagerBuilder>>(
+				userDetailsManager).withUser("user").password("password").roles("USER").disabled(true)
+						.accountExpired(true).accountLocked(true).credentialsExpired(true).build();
 
 		assertThat(userDetails.getUsername()).isEqualTo("user");
 		assertThat(userDetails.getPassword()).isEqualTo("password");
@@ -67,12 +59,8 @@ public class UserDetailsManagerConfigurerTests {
 	public void authoritiesWithGrantedAuthorityWorks() {
 		SimpleGrantedAuthority authority = new SimpleGrantedAuthority("ROLE_USER");
 
-		UserDetails userDetails = new UserDetailsManagerConfigurer<AuthenticationManagerBuilder,
-				InMemoryUserDetailsManagerConfigurer<AuthenticationManagerBuilder>>(userDetailsManager)
-			.withUser("user")
-				.password("password")
-				.authorities(authority)
-				.build();
+		UserDetails userDetails = new UserDetailsManagerConfigurer<AuthenticationManagerBuilder, InMemoryUserDetailsManagerConfigurer<AuthenticationManagerBuilder>>(
+				userDetailsManager).withUser("user").password("password").authorities(authority).build();
 
 		assertThat(userDetails.getAuthorities().stream().findFirst().get()).isEqualTo(authority);
 	}
@@ -81,12 +69,8 @@ public class UserDetailsManagerConfigurerTests {
 	public void authoritiesWithStringAuthorityWorks() {
 		String authority = "ROLE_USER";
 
-		UserDetails userDetails = new UserDetailsManagerConfigurer<AuthenticationManagerBuilder,
-				InMemoryUserDetailsManagerConfigurer<AuthenticationManagerBuilder>>(userDetailsManager)
-			.withUser("user")
-				.password("password")
-				.authorities(authority)
-				.build();
+		UserDetails userDetails = new UserDetailsManagerConfigurer<AuthenticationManagerBuilder, InMemoryUserDetailsManagerConfigurer<AuthenticationManagerBuilder>>(
+				userDetailsManager).withUser("user").password("password").authorities(authority).build();
 
 		assertThat(userDetails.getAuthorities().stream().findFirst().get().getAuthority()).isEqualTo(authority);
 	}
@@ -95,13 +79,10 @@ public class UserDetailsManagerConfigurerTests {
 	public void authoritiesWithAListOfGrantedAuthorityWorks() {
 		SimpleGrantedAuthority authority = new SimpleGrantedAuthority("ROLE_USER");
 
-		UserDetails userDetails = new UserDetailsManagerConfigurer<AuthenticationManagerBuilder,
-				InMemoryUserDetailsManagerConfigurer<AuthenticationManagerBuilder>>(userDetailsManager)
-			.withUser("user")
-				.password("password")
-				.authorities(Arrays.asList(authority))
-				.build();
+		UserDetails userDetails = new UserDetailsManagerConfigurer<AuthenticationManagerBuilder, InMemoryUserDetailsManagerConfigurer<AuthenticationManagerBuilder>>(
+				userDetailsManager).withUser("user").password("password").authorities(Arrays.asList(authority)).build();
 
 		assertThat(userDetails.getAuthorities().stream().findFirst().get()).isEqualTo(authority);
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/configuration/AroundMethodInterceptor.java b/config/src/test/java/org/springframework/security/config/annotation/configuration/AroundMethodInterceptor.java
index be4f491a96..354b99247a 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/configuration/AroundMethodInterceptor.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/configuration/AroundMethodInterceptor.java
@@ -19,7 +19,9 @@ import org.aopalliance.intercept.MethodInterceptor;
 import org.aopalliance.intercept.MethodInvocation;
 
 public class AroundMethodInterceptor implements MethodInterceptor {
+
 	public Object invoke(MethodInvocation methodInvocation) throws Throwable {
 		return String.valueOf(methodInvocation.proceed());
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/configuration/AutowireBeanFactoryObjectPostProcessorTests.java b/config/src/test/java/org/springframework/security/config/annotation/configuration/AutowireBeanFactoryObjectPostProcessorTests.java
index 9f51ff9038..eac66ebd19 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/configuration/AutowireBeanFactoryObjectPostProcessorTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/configuration/AutowireBeanFactoryObjectPostProcessorTests.java
@@ -39,10 +39,10 @@ import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
 
 /**
- *
  * @author Rob Winch
  */
 public class AutowireBeanFactoryObjectPostProcessorTests {
+
 	@Rule
 	public final SpringTestRule spring = new SpringTestRule();
 
@@ -127,10 +127,12 @@ public class AutowireBeanFactoryObjectPostProcessorTests {
 
 	@Configuration
 	static class Config {
+
 		@Bean
 		public ObjectPostProcessor objectPostProcessor(AutowireCapableBeanFactory beanFactory) {
 			return new AutowireBeanFactoryObjectPostProcessor(beanFactory);
 		}
+
 	}
 
 	@Test
@@ -144,12 +146,14 @@ public class AutowireBeanFactoryObjectPostProcessorTests {
 
 	@Configuration
 	static class SmartConfig {
+
 		SmartInitializingSingleton toTest = mock(SmartInitializingSingleton.class);
 
 		@Autowired
 		public void configure(ObjectPostProcessor<Object> p) {
 			p.postProcess(this.toTest);
 		}
+
 	}
 
 	@Test
@@ -164,6 +168,7 @@ public class AutowireBeanFactoryObjectPostProcessorTests {
 
 	@Configuration
 	static class WithBeanNameAutoProxyCreatorConfig {
+
 		@Bean
 		public ObjectPostProcessor objectPostProcessor(AutowireCapableBeanFactory beanFactory) {
 			return new AutowireBeanFactoryObjectPostProcessor(beanFactory);
@@ -173,5 +178,7 @@ public class AutowireBeanFactoryObjectPostProcessorTests {
 		public void configure(ObjectPostProcessor<Object> p) {
 			p.postProcess(new Object());
 		}
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/configuration/MyAdvisedBean.java b/config/src/test/java/org/springframework/security/config/annotation/configuration/MyAdvisedBean.java
index d68c075ee9..493c2928c7 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/configuration/MyAdvisedBean.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/configuration/MyAdvisedBean.java
@@ -20,4 +20,5 @@ public class MyAdvisedBean {
 	public Object doStuff() {
 		return null;
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/issue50/ApplicationConfig.java b/config/src/test/java/org/springframework/security/config/annotation/issue50/ApplicationConfig.java
index 168d33d687..fb87a6eaf0 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/issue50/ApplicationConfig.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/issue50/ApplicationConfig.java
@@ -38,6 +38,7 @@ import org.springframework.transaction.annotation.EnableTransactionManagement;
 @EnableJpaRepositories("org.springframework.security.config.annotation.issue50.repo")
 @EnableTransactionManagement
 public class ApplicationConfig {
+
 	@Bean
 	public DataSource dataSource() {
 		EmbeddedDatabaseBuilder builder = new EmbeddedDatabaseBuilder();
@@ -65,4 +66,5 @@ public class ApplicationConfig {
 		txManager.setEntityManagerFactory(entityManagerFactory().getObject());
 		return txManager;
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/issue50/Issue50Tests.java b/config/src/test/java/org/springframework/security/config/annotation/issue50/Issue50Tests.java
index 3d6f172921..df654ed93b 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/issue50/Issue50Tests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/issue50/Issue50Tests.java
@@ -43,8 +43,9 @@ import static org.assertj.core.api.Assertions.assertThat;
  */
 @Transactional
 @RunWith(SpringRunner.class)
-@ContextConfiguration(classes = {ApplicationConfig.class, SecurityConfig.class})
+@ContextConfiguration(classes = { ApplicationConfig.class, SecurityConfig.class })
 public class Issue50Tests {
+
 	@Autowired
 	private AuthenticationManager authenticationManager;
 
@@ -53,7 +54,8 @@ public class Issue50Tests {
 
 	@Before
 	public void setup() {
-		SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken("test", null, "ROLE_ADMIN"));
+		SecurityContextHolder.getContext()
+				.setAuthentication(new TestingAuthenticationToken("test", null, "ROLE_ADMIN"));
 	}
 
 	@After
@@ -82,7 +84,7 @@ public class Issue50Tests {
 	public void authenticateWhenValidUserThenAuthenticates() {
 		this.userRepo.save(User.withUsernameAndPassword("test", "password"));
 		Authentication result = this.authenticationManager
-			.authenticate(new UsernamePasswordAuthenticationToken("test", "password"));
+				.authenticate(new UsernamePasswordAuthenticationToken("test", "password"));
 		assertThat(result.getName()).isEqualTo("test");
 	}
 
@@ -91,6 +93,7 @@ public class Issue50Tests {
 		SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken("test", null, "ROLE_USER"));
 		this.userRepo.save(User.withUsernameAndPassword("denied", "password"));
 		Authentication result = this.authenticationManager
-			.authenticate(new UsernamePasswordAuthenticationToken("test", "password"));
+				.authenticate(new UsernamePasswordAuthenticationToken("test", "password"));
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/issue50/SecurityConfig.java b/config/src/test/java/org/springframework/security/config/annotation/issue50/SecurityConfig.java
index b7051ebe51..791452636f 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/issue50/SecurityConfig.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/issue50/SecurityConfig.java
@@ -42,6 +42,7 @@ import org.springframework.util.Assert;
 @EnableGlobalMethodSecurity(prePostEnabled = true)
 @Configuration
 public class SecurityConfig extends WebSecurityConfigurerAdapter {
+
 	@Autowired
 	private UserRepository myUserRepository;
 
@@ -76,14 +77,12 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
 				return true;
 			}
 
-			public Authentication authenticate(Authentication authentication)
-					throws AuthenticationException {
+			public Authentication authenticate(Authentication authentication) throws AuthenticationException {
 				Object principal = authentication.getPrincipal();
 				String username = String.valueOf(principal);
 				User user = myUserRepository.findByUsername(username);
 				if (user == null) {
-					throw new UsernameNotFoundException("No user for principal "
-							+ principal);
+					throw new UsernameNotFoundException("No user for principal " + principal);
 				}
 				if (!authentication.getCredentials().equals(user.getPassword())) {
 					throw new BadCredentialsException("Invalid password");
@@ -92,4 +91,5 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
 			}
 		};
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/issue50/domain/User.java b/config/src/test/java/org/springframework/security/config/annotation/issue50/domain/User.java
index 7d4a7dabf2..919a378429 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/issue50/domain/User.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/issue50/domain/User.java
@@ -63,6 +63,7 @@ public class User {
 		User user = new User();
 		user.setUsername(username);
 		user.setPassword(password);
-		return  user;
+		return user;
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/issue50/repo/UserRepository.java b/config/src/test/java/org/springframework/security/config/annotation/issue50/repo/UserRepository.java
index 08a6f05176..f788d5caca 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/issue50/repo/UserRepository.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/issue50/repo/UserRepository.java
@@ -27,4 +27,5 @@ public interface UserRepository extends CrudRepository<User, String> {
 
 	@PreAuthorize("hasRole('ROLE_ADMIN')")
 	User findByUsername(String username);
+
 }
\ No newline at end of file
diff --git a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/Authz.java b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/Authz.java
index d4be78f42a..c206ef37f2 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/Authz.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/Authz.java
@@ -35,7 +35,7 @@ public class Authz {
 	}
 
 	public boolean check(Authentication authentication, String message) {
-		return message != null &&
-				message.contains(authentication.getName());
+		return message != null && message.contains(authentication.getName());
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/DelegatingReactiveMessageService.java b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/DelegatingReactiveMessageService.java
index 11e9e42a1a..4365f3ae9b 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/DelegatingReactiveMessageService.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/DelegatingReactiveMessageService.java
@@ -22,6 +22,7 @@ import reactor.core.publisher.Flux;
 import reactor.core.publisher.Mono;
 
 public class DelegatingReactiveMessageService implements ReactiveMessageService {
+
 	private final ReactiveMessageService delegate;
 
 	public DelegatingReactiveMessageService(ReactiveMessageService delegate) {
@@ -41,29 +42,25 @@ public class DelegatingReactiveMessageService implements ReactiveMessageService
 
 	@Override
 	@PreAuthorize("hasRole('ADMIN')")
-	public Mono<String> monoPreAuthorizeHasRoleFindById(
-			long id) {
+	public Mono<String> monoPreAuthorizeHasRoleFindById(long id) {
 		return delegate.monoPreAuthorizeHasRoleFindById(id);
 	}
 
 	@Override
 	@PostAuthorize("returnObject?.contains(authentication?.name)")
-	public Mono<String> monoPostAuthorizeFindById(
-			long id) {
+	public Mono<String> monoPostAuthorizeFindById(long id) {
 		return delegate.monoPostAuthorizeFindById(id);
 	}
 
 	@Override
 	@PreAuthorize("@authz.check(#id)")
-	public Mono<String> monoPreAuthorizeBeanFindById(
-			long id) {
+	public Mono<String> monoPreAuthorizeBeanFindById(long id) {
 		return delegate.monoPreAuthorizeBeanFindById(id);
 	}
 
 	@Override
 	@PostAuthorize("@authz.check(authentication, returnObject)")
-	public Mono<String> monoPostAuthorizeBeanFindById(
-			long id) {
+	public Mono<String> monoPostAuthorizeBeanFindById(long id) {
 		return delegate.monoPostAuthorizeBeanFindById(id);
 	}
 
@@ -74,29 +71,25 @@ public class DelegatingReactiveMessageService implements ReactiveMessageService
 
 	@Override
 	@PreAuthorize("hasRole('ADMIN')")
-	public Flux<String> fluxPreAuthorizeHasRoleFindById(
-			long id) {
+	public Flux<String> fluxPreAuthorizeHasRoleFindById(long id) {
 		return delegate.fluxPreAuthorizeHasRoleFindById(id);
 	}
 
 	@Override
 	@PostAuthorize("returnObject?.contains(authentication?.name)")
-	public Flux<String> fluxPostAuthorizeFindById(
-			long id) {
+	public Flux<String> fluxPostAuthorizeFindById(long id) {
 		return delegate.fluxPostAuthorizeFindById(id);
 	}
 
 	@Override
 	@PreAuthorize("@authz.check(#id)")
-	public Flux<String> fluxPreAuthorizeBeanFindById(
-			long id) {
+	public Flux<String> fluxPreAuthorizeBeanFindById(long id) {
 		return delegate.fluxPreAuthorizeBeanFindById(id);
 	}
 
 	@Override
 	@PostAuthorize("@authz.check(authentication, returnObject)")
-	public Flux<String> fluxPostAuthorizeBeanFindById(
-			long id) {
+	public Flux<String> fluxPostAuthorizeBeanFindById(long id) {
 		return delegate.fluxPostAuthorizeBeanFindById(id);
 	}
 
@@ -107,29 +100,26 @@ public class DelegatingReactiveMessageService implements ReactiveMessageService
 
 	@Override
 	@PreAuthorize("hasRole('ADMIN')")
-	public Publisher<String> publisherPreAuthorizeHasRoleFindById(
-			long id) {
+	public Publisher<String> publisherPreAuthorizeHasRoleFindById(long id) {
 		return delegate.publisherPreAuthorizeHasRoleFindById(id);
 	}
 
 	@Override
 	@PostAuthorize("returnObject?.contains(authentication?.name)")
-	public Publisher<String> publisherPostAuthorizeFindById(
-			long id) {
+	public Publisher<String> publisherPostAuthorizeFindById(long id) {
 		return delegate.publisherPostAuthorizeFindById(id);
 	}
 
 	@Override
 	@PreAuthorize("@authz.check(#id)")
-	public Publisher<String> publisherPreAuthorizeBeanFindById(
-			long id) {
+	public Publisher<String> publisherPreAuthorizeBeanFindById(long id) {
 		return delegate.publisherPreAuthorizeBeanFindById(id);
 	}
 
 	@Override
 	@PostAuthorize("@authz.check(authentication, returnObject)")
-	public Publisher<String> publisherPostAuthorizeBeanFindById(
-			long id) {
+	public Publisher<String> publisherPostAuthorizeBeanFindById(long id) {
 		return delegate.publisherPostAuthorizeBeanFindById(id);
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/EnableReactiveMethodSecurityTests.java b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/EnableReactiveMethodSecurityTests.java
index 9f87b52d4a..a84df2224a 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/EnableReactiveMethodSecurityTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/EnableReactiveMethodSecurityTests.java
@@ -44,12 +44,19 @@ import static org.mockito.Mockito.*;
 @RunWith(SpringRunner.class)
 @ContextConfiguration
 public class EnableReactiveMethodSecurityTests {
-	@Autowired ReactiveMessageService messageService;
+
+	@Autowired
+	ReactiveMessageService messageService;
+
 	ReactiveMessageService delegate;
+
 	TestPublisher<String> result = TestPublisher.create();
 
-	Context withAdmin = ReactiveSecurityContextHolder.withAuthentication(new TestingAuthenticationToken("admin", "password", "ROLE_USER", "ROLE_ADMIN"));
-	Context withUser = ReactiveSecurityContextHolder.withAuthentication(new TestingAuthenticationToken("user", "password", "ROLE_USER"));
+	Context withAdmin = ReactiveSecurityContextHolder
+			.withAuthentication(new TestingAuthenticationToken("admin", "password", "ROLE_USER", "ROLE_ADMIN"));
+
+	Context withUser = ReactiveSecurityContextHolder
+			.withAuthentication(new TestingAuthenticationToken("user", "password", "ROLE_USER"));
 
 	@After
 	public void cleanup() {
@@ -64,9 +71,8 @@ public class EnableReactiveMethodSecurityTests {
 	@Test
 	public void notPublisherPreAuthorizeFindByIdThenThrowsIllegalStateException() {
 		assertThatThrownBy(() -> this.messageService.notPublisherPreAuthorizeFindById(1L))
-			.isInstanceOf(IllegalStateException.class)
-			.extracting(Throwable::getMessage)
-			.isEqualTo("The returnType class java.lang.String on public abstract java.lang.String org.springframework.security.config.annotation.method.configuration.ReactiveMessageService.notPublisherPreAuthorizeFindById(long) must return an instance of org.reactivestreams.Publisher (i.e. Mono / Flux) in order to support Reactor Context");
+				.isInstanceOf(IllegalStateException.class).extracting(Throwable::getMessage).isEqualTo(
+						"The returnType class java.lang.String on public abstract java.lang.String org.springframework.security.config.annotation.method.configuration.ReactiveMessageService.notPublisherPreAuthorizeFindById(long) must return an instance of org.reactivestreams.Publisher (i.e. Mono / Flux) in order to support Reactor Context");
 	}
 
 	@Test
@@ -82,21 +88,15 @@ public class EnableReactiveMethodSecurityTests {
 	public void monoWhenPermitAllThenSuccess() {
 		when(this.delegate.monoFindById(1L)).thenReturn(Mono.just("success"));
 
-		StepVerifier.create(this.delegate.monoFindById(1L))
-			.expectNext("success")
-			.verifyComplete();
+		StepVerifier.create(this.delegate.monoFindById(1L)).expectNext("success").verifyComplete();
 	}
 
 	@Test
 	public void monoPreAuthorizeHasRoleWhenGrantedThenSuccess() {
 		when(this.delegate.monoPreAuthorizeHasRoleFindById(1L)).thenReturn(Mono.just("result"));
 
-		Mono<String> findById = this.messageService.monoPreAuthorizeHasRoleFindById(1L)
-				.subscriberContext(withAdmin);
-		StepVerifier
-				.create(findById)
-				.expectNext("result")
-				.verifyComplete();
+		Mono<String> findById = this.messageService.monoPreAuthorizeHasRoleFindById(1L).subscriberContext(withAdmin);
+		StepVerifier.create(findById).expectNext("result").verifyComplete();
 	}
 
 	@Test
@@ -104,10 +104,7 @@ public class EnableReactiveMethodSecurityTests {
 		when(this.delegate.monoPreAuthorizeHasRoleFindById(1L)).thenReturn(Mono.from(result));
 
 		Mono<String> findById = this.messageService.monoPreAuthorizeHasRoleFindById(1L);
-		StepVerifier
-				.create(findById)
-				.expectError(AccessDeniedException.class)
-				.verify();
+		StepVerifier.create(findById).expectError(AccessDeniedException.class).verify();
 
 		result.assertNoSubscribers();
 	}
@@ -116,12 +113,8 @@ public class EnableReactiveMethodSecurityTests {
 	public void monoPreAuthorizeHasRoleWhenNotAuthorizedThenDenied() {
 		when(this.delegate.monoPreAuthorizeHasRoleFindById(1L)).thenReturn(Mono.from(result));
 
-		Mono<String> findById = this.messageService.monoPreAuthorizeHasRoleFindById(1L)
-				.subscriberContext(withUser);
-		StepVerifier
-				.create(findById)
-				.expectError(AccessDeniedException.class)
-				.verify();
+		Mono<String> findById = this.messageService.monoPreAuthorizeHasRoleFindById(1L).subscriberContext(withUser);
+		StepVerifier.create(findById).expectError(AccessDeniedException.class).verify();
 
 		result.assertNoSubscribers();
 	}
@@ -130,12 +123,8 @@ public class EnableReactiveMethodSecurityTests {
 	public void monoPreAuthorizeBeanWhenGrantedThenSuccess() {
 		when(this.delegate.monoPreAuthorizeBeanFindById(2L)).thenReturn(Mono.just("result"));
 
-		Mono<String> findById = this.messageService.monoPreAuthorizeBeanFindById(2L)
-				.subscriberContext(withAdmin);
-		StepVerifier
-				.create(findById)
-				.expectNext("result")
-				.verifyComplete();
+		Mono<String> findById = this.messageService.monoPreAuthorizeBeanFindById(2L).subscriberContext(withAdmin);
+		StepVerifier.create(findById).expectNext("result").verifyComplete();
 	}
 
 	@Test
@@ -143,10 +132,7 @@ public class EnableReactiveMethodSecurityTests {
 		when(this.delegate.monoPreAuthorizeBeanFindById(2L)).thenReturn(Mono.just("result"));
 
 		Mono<String> findById = this.messageService.monoPreAuthorizeBeanFindById(2L);
-		StepVerifier
-				.create(findById)
-				.expectNext("result")
-				.verifyComplete();
+		StepVerifier.create(findById).expectNext("result").verifyComplete();
 	}
 
 	@Test
@@ -154,10 +140,7 @@ public class EnableReactiveMethodSecurityTests {
 		when(this.delegate.monoPreAuthorizeBeanFindById(1L)).thenReturn(Mono.from(result));
 
 		Mono<String> findById = this.messageService.monoPreAuthorizeBeanFindById(1L);
-		StepVerifier
-				.create(findById)
-				.expectError(AccessDeniedException.class)
-				.verify();
+		StepVerifier.create(findById).expectError(AccessDeniedException.class).verify();
 
 		result.assertNoSubscribers();
 	}
@@ -166,12 +149,8 @@ public class EnableReactiveMethodSecurityTests {
 	public void monoPreAuthorizeBeanWhenNotAuthorizedThenDenied() {
 		when(this.delegate.monoPreAuthorizeBeanFindById(1L)).thenReturn(Mono.from(result));
 
-		Mono<String> findById = this.messageService.monoPreAuthorizeBeanFindById(1L)
-				.subscriberContext(withUser);
-		StepVerifier
-				.create(findById)
-				.expectError(AccessDeniedException.class)
-				.verify();
+		Mono<String> findById = this.messageService.monoPreAuthorizeBeanFindById(1L).subscriberContext(withUser);
+		StepVerifier.create(findById).expectError(AccessDeniedException.class).verify();
 
 		result.assertNoSubscribers();
 	}
@@ -180,36 +159,24 @@ public class EnableReactiveMethodSecurityTests {
 	public void monoPostAuthorizeWhenAuthorizedThenSuccess() {
 		when(this.delegate.monoPostAuthorizeFindById(1L)).thenReturn(Mono.just("user"));
 
-		Mono<String> findById = this.messageService.monoPostAuthorizeFindById(1L)
-				.subscriberContext(withUser);
-		StepVerifier
-				.create(findById)
-				.expectNext("user")
-				.verifyComplete();
+		Mono<String> findById = this.messageService.monoPostAuthorizeFindById(1L).subscriberContext(withUser);
+		StepVerifier.create(findById).expectNext("user").verifyComplete();
 	}
 
 	@Test
 	public void monoPostAuthorizeWhenNotAuthorizedThenDenied() {
 		when(this.delegate.monoPostAuthorizeBeanFindById(1L)).thenReturn(Mono.just("not-authorized"));
 
-		Mono<String> findById = this.messageService.monoPostAuthorizeBeanFindById(1L)
-				.subscriberContext(withUser);
-		StepVerifier
-				.create(findById)
-				.expectError(AccessDeniedException.class)
-				.verify();
+		Mono<String> findById = this.messageService.monoPostAuthorizeBeanFindById(1L).subscriberContext(withUser);
+		StepVerifier.create(findById).expectError(AccessDeniedException.class).verify();
 	}
 
 	@Test
 	public void monoPostAuthorizeWhenBeanAndAuthorizedThenSuccess() {
 		when(this.delegate.monoPostAuthorizeBeanFindById(2L)).thenReturn(Mono.just("user"));
 
-		Mono<String> findById = this.messageService.monoPostAuthorizeBeanFindById(2L)
-				.subscriberContext(withUser);
-		StepVerifier
-				.create(findById)
-				.expectNext("user")
-				.verifyComplete();
+		Mono<String> findById = this.messageService.monoPostAuthorizeBeanFindById(2L).subscriberContext(withUser);
+		StepVerifier.create(findById).expectNext("user").verifyComplete();
 	}
 
 	@Test
@@ -217,22 +184,15 @@ public class EnableReactiveMethodSecurityTests {
 		when(this.delegate.monoPostAuthorizeBeanFindById(2L)).thenReturn(Mono.just("anonymous"));
 
 		Mono<String> findById = this.messageService.monoPostAuthorizeBeanFindById(2L);
-		StepVerifier
-				.create(findById)
-				.expectNext("anonymous")
-				.verifyComplete();
+		StepVerifier.create(findById).expectNext("anonymous").verifyComplete();
 	}
 
 	@Test
 	public void monoPostAuthorizeWhenBeanAndNotAuthorizedThenDenied() {
 		when(this.delegate.monoPostAuthorizeBeanFindById(1L)).thenReturn(Mono.just("not-authorized"));
 
-		Mono<String> findById = this.messageService.monoPostAuthorizeBeanFindById(1L)
-				.subscriberContext(withUser);
-		StepVerifier
-				.create(findById)
-				.expectError(AccessDeniedException.class)
-				.verify();
+		Mono<String> findById = this.messageService.monoPostAuthorizeBeanFindById(1L).subscriberContext(withUser);
+		StepVerifier.create(findById).expectError(AccessDeniedException.class).verify();
 	}
 
 	// Flux tests
@@ -250,20 +210,15 @@ public class EnableReactiveMethodSecurityTests {
 	public void fluxWhenPermitAllThenSuccess() {
 		when(this.delegate.fluxFindById(1L)).thenReturn(Flux.just("success"));
 
-		StepVerifier.create(this.delegate.fluxFindById(1L))
-				.expectNext("success")
-				.verifyComplete();
+		StepVerifier.create(this.delegate.fluxFindById(1L)).expectNext("success").verifyComplete();
 	}
 
 	@Test
 	public void fluxPreAuthorizeHasRoleWhenGrantedThenSuccess() {
 		when(this.delegate.fluxPreAuthorizeHasRoleFindById(1L)).thenReturn(Flux.just("result"));
 
-		Flux<String> findById = this.messageService.fluxPreAuthorizeHasRoleFindById(1L)
-				.subscriberContext(withAdmin);
-		StepVerifier
-				.create(findById)
-				.consumeNextWith( s -> AssertionsForClassTypes.assertThat(s).isEqualTo("result"))
+		Flux<String> findById = this.messageService.fluxPreAuthorizeHasRoleFindById(1L).subscriberContext(withAdmin);
+		StepVerifier.create(findById).consumeNextWith(s -> AssertionsForClassTypes.assertThat(s).isEqualTo("result"))
 				.verifyComplete();
 	}
 
@@ -272,10 +227,7 @@ public class EnableReactiveMethodSecurityTests {
 		when(this.delegate.fluxPreAuthorizeHasRoleFindById(1L)).thenReturn(Flux.from(result));
 
 		Flux<String> findById = this.messageService.fluxPreAuthorizeHasRoleFindById(1L);
-		StepVerifier
-				.create(findById)
-				.expectError(AccessDeniedException.class)
-				.verify();
+		StepVerifier.create(findById).expectError(AccessDeniedException.class).verify();
 
 		result.assertNoSubscribers();
 	}
@@ -284,12 +236,8 @@ public class EnableReactiveMethodSecurityTests {
 	public void fluxPreAuthorizeHasRoleWhenNotAuthorizedThenDenied() {
 		when(this.delegate.fluxPreAuthorizeHasRoleFindById(1L)).thenReturn(Flux.from(result));
 
-		Flux<String> findById = this.messageService.fluxPreAuthorizeHasRoleFindById(1L)
-				.subscriberContext(withUser);
-		StepVerifier
-				.create(findById)
-				.expectError(AccessDeniedException.class)
-				.verify();
+		Flux<String> findById = this.messageService.fluxPreAuthorizeHasRoleFindById(1L).subscriberContext(withUser);
+		StepVerifier.create(findById).expectError(AccessDeniedException.class).verify();
 
 		result.assertNoSubscribers();
 	}
@@ -298,12 +246,8 @@ public class EnableReactiveMethodSecurityTests {
 	public void fluxPreAuthorizeBeanWhenGrantedThenSuccess() {
 		when(this.delegate.fluxPreAuthorizeBeanFindById(2L)).thenReturn(Flux.just("result"));
 
-		Flux<String> findById = this.messageService.fluxPreAuthorizeBeanFindById(2L)
-				.subscriberContext(withAdmin);
-		StepVerifier
-				.create(findById)
-				.expectNext("result")
-				.verifyComplete();
+		Flux<String> findById = this.messageService.fluxPreAuthorizeBeanFindById(2L).subscriberContext(withAdmin);
+		StepVerifier.create(findById).expectNext("result").verifyComplete();
 	}
 
 	@Test
@@ -311,10 +255,7 @@ public class EnableReactiveMethodSecurityTests {
 		when(this.delegate.fluxPreAuthorizeBeanFindById(2L)).thenReturn(Flux.just("result"));
 
 		Flux<String> findById = this.messageService.fluxPreAuthorizeBeanFindById(2L);
-		StepVerifier
-				.create(findById)
-				.expectNext("result")
-				.verifyComplete();
+		StepVerifier.create(findById).expectNext("result").verifyComplete();
 	}
 
 	@Test
@@ -322,10 +263,7 @@ public class EnableReactiveMethodSecurityTests {
 		when(this.delegate.fluxPreAuthorizeBeanFindById(1L)).thenReturn(Flux.from(result));
 
 		Flux<String> findById = this.messageService.fluxPreAuthorizeBeanFindById(1L);
-		StepVerifier
-				.create(findById)
-				.expectError(AccessDeniedException.class)
-				.verify();
+		StepVerifier.create(findById).expectError(AccessDeniedException.class).verify();
 
 		result.assertNoSubscribers();
 	}
@@ -334,12 +272,8 @@ public class EnableReactiveMethodSecurityTests {
 	public void fluxPreAuthorizeBeanWhenNotAuthorizedThenDenied() {
 		when(this.delegate.fluxPreAuthorizeBeanFindById(1L)).thenReturn(Flux.from(result));
 
-		Flux<String> findById = this.messageService.fluxPreAuthorizeBeanFindById(1L)
-				.subscriberContext(withUser);
-		StepVerifier
-				.create(findById)
-				.expectError(AccessDeniedException.class)
-				.verify();
+		Flux<String> findById = this.messageService.fluxPreAuthorizeBeanFindById(1L).subscriberContext(withUser);
+		StepVerifier.create(findById).expectError(AccessDeniedException.class).verify();
 
 		result.assertNoSubscribers();
 	}
@@ -348,36 +282,24 @@ public class EnableReactiveMethodSecurityTests {
 	public void fluxPostAuthorizeWhenAuthorizedThenSuccess() {
 		when(this.delegate.fluxPostAuthorizeFindById(1L)).thenReturn(Flux.just("user"));
 
-		Flux<String> findById = this.messageService.fluxPostAuthorizeFindById(1L)
-				.subscriberContext(withUser);
-		StepVerifier
-				.create(findById)
-				.expectNext("user")
-				.verifyComplete();
+		Flux<String> findById = this.messageService.fluxPostAuthorizeFindById(1L).subscriberContext(withUser);
+		StepVerifier.create(findById).expectNext("user").verifyComplete();
 	}
 
 	@Test
 	public void fluxPostAuthorizeWhenNotAuthorizedThenDenied() {
 		when(this.delegate.fluxPostAuthorizeBeanFindById(1L)).thenReturn(Flux.just("not-authorized"));
 
-		Flux<String> findById = this.messageService.fluxPostAuthorizeBeanFindById(1L)
-				.subscriberContext(withUser);
-		StepVerifier
-				.create(findById)
-				.expectError(AccessDeniedException.class)
-				.verify();
+		Flux<String> findById = this.messageService.fluxPostAuthorizeBeanFindById(1L).subscriberContext(withUser);
+		StepVerifier.create(findById).expectError(AccessDeniedException.class).verify();
 	}
 
 	@Test
 	public void fluxPostAuthorizeWhenBeanAndAuthorizedThenSuccess() {
 		when(this.delegate.fluxPostAuthorizeBeanFindById(2L)).thenReturn(Flux.just("user"));
 
-		Flux<String> findById = this.messageService.fluxPostAuthorizeBeanFindById(2L)
-				.subscriberContext(withUser);
-		StepVerifier
-				.create(findById)
-				.expectNext("user")
-				.verifyComplete();
+		Flux<String> findById = this.messageService.fluxPostAuthorizeBeanFindById(2L).subscriberContext(withUser);
+		StepVerifier.create(findById).expectNext("user").verifyComplete();
 	}
 
 	@Test
@@ -385,22 +307,15 @@ public class EnableReactiveMethodSecurityTests {
 		when(this.delegate.fluxPostAuthorizeBeanFindById(2L)).thenReturn(Flux.just("anonymous"));
 
 		Flux<String> findById = this.messageService.fluxPostAuthorizeBeanFindById(2L);
-		StepVerifier
-				.create(findById)
-				.expectNext("anonymous")
-				.verifyComplete();
+		StepVerifier.create(findById).expectNext("anonymous").verifyComplete();
 	}
 
 	@Test
 	public void fluxPostAuthorizeWhenBeanAndNotAuthorizedThenDenied() {
 		when(this.delegate.fluxPostAuthorizeBeanFindById(1L)).thenReturn(Flux.just("not-authorized"));
 
-		Flux<String> findById = this.messageService.fluxPostAuthorizeBeanFindById(1L)
-				.subscriberContext(withUser);
-		StepVerifier
-				.create(findById)
-				.expectError(AccessDeniedException.class)
-				.verify();
+		Flux<String> findById = this.messageService.fluxPostAuthorizeBeanFindById(1L).subscriberContext(withUser);
+		StepVerifier.create(findById).expectError(AccessDeniedException.class).verify();
 	}
 
 	// Publisher tests
@@ -418,9 +333,7 @@ public class EnableReactiveMethodSecurityTests {
 	public void publisherWhenPermitAllThenSuccess() {
 		when(this.delegate.publisherFindById(1L)).thenReturn(publisherJust("success"));
 
-		StepVerifier.create(this.delegate.publisherFindById(1L))
-				.expectNext("success")
-				.verifyComplete();
+		StepVerifier.create(this.delegate.publisherFindById(1L)).expectNext("success").verifyComplete();
 	}
 
 	@Test
@@ -429,9 +342,7 @@ public class EnableReactiveMethodSecurityTests {
 
 		Publisher<String> findById = Flux.from(this.messageService.publisherPreAuthorizeHasRoleFindById(1L))
 				.subscriberContext(withAdmin);
-		StepVerifier
-				.create(findById)
-				.consumeNextWith( s -> AssertionsForClassTypes.assertThat(s).isEqualTo("result"))
+		StepVerifier.create(findById).consumeNextWith(s -> AssertionsForClassTypes.assertThat(s).isEqualTo("result"))
 				.verifyComplete();
 	}
 
@@ -440,10 +351,7 @@ public class EnableReactiveMethodSecurityTests {
 		when(this.delegate.publisherPreAuthorizeHasRoleFindById(1L)).thenReturn(result);
 
 		Publisher<String> findById = this.messageService.publisherPreAuthorizeHasRoleFindById(1L);
-		StepVerifier
-				.create(findById)
-				.expectError(AccessDeniedException.class)
-				.verify();
+		StepVerifier.create(findById).expectError(AccessDeniedException.class).verify();
 
 		result.assertNoSubscribers();
 	}
@@ -454,10 +362,7 @@ public class EnableReactiveMethodSecurityTests {
 
 		Publisher<String> findById = Flux.from(this.messageService.publisherPreAuthorizeHasRoleFindById(1L))
 				.subscriberContext(withUser);
-		StepVerifier
-				.create(findById)
-				.expectError(AccessDeniedException.class)
-				.verify();
+		StepVerifier.create(findById).expectError(AccessDeniedException.class).verify();
 
 		result.assertNoSubscribers();
 	}
@@ -468,10 +373,7 @@ public class EnableReactiveMethodSecurityTests {
 
 		Publisher<String> findById = Flux.from(this.messageService.publisherPreAuthorizeBeanFindById(2L))
 				.subscriberContext(withAdmin);
-		StepVerifier
-				.create(findById)
-				.expectNext("result")
-				.verifyComplete();
+		StepVerifier.create(findById).expectNext("result").verifyComplete();
 	}
 
 	@Test
@@ -479,10 +381,7 @@ public class EnableReactiveMethodSecurityTests {
 		when(this.delegate.publisherPreAuthorizeBeanFindById(2L)).thenReturn(publisherJust("result"));
 
 		Publisher<String> findById = this.messageService.publisherPreAuthorizeBeanFindById(2L);
-		StepVerifier
-				.create(findById)
-				.expectNext("result")
-				.verifyComplete();
+		StepVerifier.create(findById).expectNext("result").verifyComplete();
 	}
 
 	@Test
@@ -490,10 +389,7 @@ public class EnableReactiveMethodSecurityTests {
 		when(this.delegate.publisherPreAuthorizeBeanFindById(1L)).thenReturn(result);
 
 		Publisher<String> findById = this.messageService.publisherPreAuthorizeBeanFindById(1L);
-		StepVerifier
-				.create(findById)
-				.expectError(AccessDeniedException.class)
-				.verify();
+		StepVerifier.create(findById).expectError(AccessDeniedException.class).verify();
 
 		result.assertNoSubscribers();
 	}
@@ -504,10 +400,7 @@ public class EnableReactiveMethodSecurityTests {
 
 		Publisher<String> findById = Flux.from(this.messageService.publisherPreAuthorizeBeanFindById(1L))
 				.subscriberContext(withUser);
-		StepVerifier
-				.create(findById)
-				.expectError(AccessDeniedException.class)
-				.verify();
+		StepVerifier.create(findById).expectError(AccessDeniedException.class).verify();
 
 		result.assertNoSubscribers();
 	}
@@ -518,10 +411,7 @@ public class EnableReactiveMethodSecurityTests {
 
 		Publisher<String> findById = Flux.from(this.messageService.publisherPostAuthorizeFindById(1L))
 				.subscriberContext(withUser);
-		StepVerifier
-				.create(findById)
-				.expectNext("user")
-				.verifyComplete();
+		StepVerifier.create(findById).expectNext("user").verifyComplete();
 	}
 
 	@Test
@@ -530,10 +420,7 @@ public class EnableReactiveMethodSecurityTests {
 
 		Publisher<String> findById = Flux.from(this.messageService.publisherPostAuthorizeBeanFindById(1L))
 				.subscriberContext(withUser);
-		StepVerifier
-				.create(findById)
-				.expectError(AccessDeniedException.class)
-				.verify();
+		StepVerifier.create(findById).expectError(AccessDeniedException.class).verify();
 	}
 
 	@Test
@@ -542,10 +429,7 @@ public class EnableReactiveMethodSecurityTests {
 
 		Publisher<String> findById = Flux.from(this.messageService.publisherPostAuthorizeBeanFindById(2L))
 				.subscriberContext(withUser);
-		StepVerifier
-				.create(findById)
-				.expectNext("user")
-				.verifyComplete();
+		StepVerifier.create(findById).expectNext("user").verifyComplete();
 	}
 
 	@Test
@@ -553,10 +437,7 @@ public class EnableReactiveMethodSecurityTests {
 		when(this.delegate.publisherPostAuthorizeBeanFindById(2L)).thenReturn(publisherJust("anonymous"));
 
 		Publisher<String> findById = this.messageService.publisherPostAuthorizeBeanFindById(2L);
-		StepVerifier
-				.create(findById)
-				.expectNext("anonymous")
-				.verifyComplete();
+		StepVerifier.create(findById).expectNext("anonymous").verifyComplete();
 	}
 
 	@Test
@@ -565,10 +446,7 @@ public class EnableReactiveMethodSecurityTests {
 
 		Publisher<String> findById = Flux.from(this.messageService.publisherPostAuthorizeBeanFindById(1L))
 				.subscriberContext(withUser);
-		StepVerifier
-				.create(findById)
-				.expectError(AccessDeniedException.class)
-				.verify();
+		StepVerifier.create(findById).expectError(AccessDeniedException.class).verify();
 	}
 
 	static <T> Publisher<T> publisher(Flux<T> flux) {
@@ -581,6 +459,7 @@ public class EnableReactiveMethodSecurityTests {
 
 	@EnableReactiveMethodSecurity
 	static class Config {
+
 		ReactiveMessageService delegate = mock(ReactiveMessageService.class);
 
 		@Bean
@@ -592,5 +471,7 @@ public class EnableReactiveMethodSecurityTests {
 		public Authz authz() {
 			return new Authz();
 		}
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfigurationTests.java
index 902af21b20..e63e57dbfb 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfigurationTests.java
@@ -68,13 +68,13 @@ import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.when;
 
 /**
- *
  * @author Rob Winch
  * @author Artsiom Yudovin
  */
 @RunWith(SpringJUnit4ClassRunner.class)
 @SecurityTestExecutionListeners
 public class GlobalMethodSecurityConfigurationTests {
+
 	@Rule
 	public final SpringTestRule spring = new SpringTestRule();
 
@@ -112,11 +112,13 @@ public class GlobalMethodSecurityConfigurationTests {
 
 	@EnableGlobalMethodSecurity
 	public static class CustomMetadataSourceConfig extends GlobalMethodSecurityConfiguration {
+
 		@Bean
 		@Override
 		protected MethodSecurityMetadataSource customMethodSecurityMetadataSource() {
 			return mock(MethodSecurityMetadataSource.class);
 		}
+
 	}
 
 	@Test
@@ -125,13 +127,17 @@ public class GlobalMethodSecurityConfigurationTests {
 
 		try {
 			this.authenticationManager.authenticate(new UsernamePasswordAuthenticationToken("foo", "bar"));
-		} catch(AuthenticationException e) {}
+		}
+		catch (AuthenticationException e) {
+		}
 
-		assertThat(this.events.getEvents()).extracting(Object::getClass).containsOnly((Class) AuthenticationFailureBadCredentialsEvent.class);
+		assertThat(this.events.getEvents()).extracting(Object::getClass)
+				.containsOnly((Class) AuthenticationFailureBadCredentialsEvent.class);
 	}
 
 	@EnableGlobalMethodSecurity(prePostEnabled = true)
 	public static class InMemoryAuthWithGlobalMethodSecurityConfig extends GlobalMethodSecurityConfiguration {
+
 		@Override
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
 			// @formatter:off
@@ -142,8 +148,10 @@ public class GlobalMethodSecurityConfigurationTests {
 
 		@Bean
 		public MockEventListener<AbstractAuthenticationEvent> listener() {
-			return new MockEventListener<AbstractAuthenticationEvent>() {};
+			return new MockEventListener<AbstractAuthenticationEvent>() {
+			};
 		}
+
 	}
 
 	@Test
@@ -154,8 +162,7 @@ public class GlobalMethodSecurityConfigurationTests {
 		AuthenticationTrustResolver trustResolver = this.spring.getContext().getBean(AuthenticationTrustResolver.class);
 		when(trustResolver.isAnonymous(any())).thenReturn(true, false);
 
-		assertThatThrownBy(() -> this.service.preAuthorizeNotAnonymous())
-			.isInstanceOf(AccessDeniedException.class);
+		assertThatThrownBy(() -> this.service.preAuthorizeNotAnonymous()).isInstanceOf(AccessDeniedException.class);
 
 		this.service.preAuthorizeNotAnonymous();
 
@@ -174,6 +181,7 @@ public class GlobalMethodSecurityConfigurationTests {
 		public MethodSecurityServiceImpl service() {
 			return new MethodSecurityServiceImpl();
 		}
+
 	}
 
 	// SEC-2301
@@ -183,8 +191,7 @@ public class GlobalMethodSecurityConfigurationTests {
 		this.spring.register(ExpressionHandlerHasBeanResolverSetConfig.class).autowire();
 		Authz authz = this.spring.getContext().getBean(Authz.class);
 
-		assertThatThrownBy(() -> this.service.preAuthorizeBean(false))
-			.isInstanceOf(AccessDeniedException.class);
+		assertThatThrownBy(() -> this.service.preAuthorizeBean(false)).isInstanceOf(AccessDeniedException.class);
 
 		this.service.preAuthorizeBean(true);
 	}
@@ -201,6 +208,7 @@ public class GlobalMethodSecurityConfigurationTests {
 		public Authz authz() {
 			return new Authz();
 		}
+
 	}
 
 	@Test
@@ -208,8 +216,7 @@ public class GlobalMethodSecurityConfigurationTests {
 	public void methodSecuritySupportsAnnotaitonsOnInterfaceParamerNames() {
 		this.spring.register(MethodSecurityServiceConfig.class).autowire();
 
-		assertThatThrownBy(() -> this.service.postAnnotation("deny"))
-			.isInstanceOf(AccessDeniedException.class);
+		assertThatThrownBy(() -> this.service.postAnnotation("deny")).isInstanceOf(AccessDeniedException.class);
 
 		this.service.postAnnotation("grant");
 		// no exception
@@ -222,6 +229,7 @@ public class GlobalMethodSecurityConfigurationTests {
 		public MethodSecurityService service() {
 			return new MethodSecurityServiceImpl();
 		}
+
 	}
 
 	@Test
@@ -234,8 +242,7 @@ public class GlobalMethodSecurityConfigurationTests {
 		this.service.hasPermission("something");
 		// no exception
 
-		assertThatThrownBy(() -> this.service.hasPermission("something"))
-			.isInstanceOf(AccessDeniedException.class);
+		assertThatThrownBy(() -> this.service.hasPermission("something")).isInstanceOf(AccessDeniedException.class);
 	}
 
 	@EnableGlobalMethodSecurity(prePostEnabled = true)
@@ -250,6 +257,7 @@ public class GlobalMethodSecurityConfigurationTests {
 		public MethodSecurityService service() {
 			return new MethodSecurityServiceImpl();
 		}
+
 	}
 
 	@Test
@@ -271,6 +279,7 @@ public class GlobalMethodSecurityConfigurationTests {
 		public PermissionEvaluator permissionEvaluator2() {
 			return mock(PermissionEvaluator.class);
 		}
+
 	}
 
 	// SEC-2425
@@ -279,12 +288,13 @@ public class GlobalMethodSecurityConfigurationTests {
 	public void enableGlobalMethodSecurityWorksOnSuperclass() {
 		this.spring.register(ChildConfig.class).autowire();
 
-		assertThatThrownBy(() -> this.service.preAuthorize())
-			.isInstanceOf(AccessDeniedException.class);
+		assertThatThrownBy(() -> this.service.preAuthorize()).isInstanceOf(AccessDeniedException.class);
 	}
 
 	@Configuration
-	static class ChildConfig extends ParentConfig {}
+	static class ChildConfig extends ParentConfig {
+
+	}
 
 	@EnableGlobalMethodSecurity(prePostEnabled = true)
 	static class ParentConfig {
@@ -293,6 +303,7 @@ public class GlobalMethodSecurityConfigurationTests {
 		public MethodSecurityService service() {
 			return new MethodSecurityServiceImpl();
 		}
+
 	}
 
 	// SEC-2479
@@ -308,26 +319,29 @@ public class GlobalMethodSecurityConfigurationTests {
 				child.refresh();
 				this.spring.context(child).autowire();
 
-				assertThatThrownBy(() -> this.service.preAuthorize())
-					.isInstanceOf(AccessDeniedException.class);
+				assertThatThrownBy(() -> this.service.preAuthorize()).isInstanceOf(AccessDeniedException.class);
 			}
 		}
 	}
 
 	@Configuration
 	static class Sec2479ParentConfig {
+
 		@Bean
 		public AuthenticationManager am() {
 			return mock(AuthenticationManager.class);
 		}
+
 	}
 
 	@EnableGlobalMethodSecurity(prePostEnabled = true)
 	static class Sec2479ChildConfig {
+
 		@Bean
 		public MethodSecurityService service() {
 			return new MethodSecurityServiceImpl();
 		}
+
 	}
 
 	@Test
@@ -342,6 +356,7 @@ public class GlobalMethodSecurityConfigurationTests {
 
 	@EnableGlobalMethodSecurity(prePostEnabled = true)
 	static class Sec2815Config {
+
 		@Bean
 		public MethodSecurityService service() {
 			return new MethodSecurityServiceImpl();
@@ -359,6 +374,7 @@ public class GlobalMethodSecurityConfigurationTests {
 
 		@Configuration
 		static class AuthConfig extends GlobalAuthenticationConfigurerAdapter {
+
 			@Autowired
 			DataSource dataSource;
 
@@ -366,16 +382,19 @@ public class GlobalMethodSecurityConfigurationTests {
 			public void init(AuthenticationManagerBuilder auth) throws Exception {
 				auth.inMemoryAuthentication();
 			}
+
 		}
+
 	}
 
 	static class MockBeanPostProcessor implements BeanPostProcessor {
+
 		Map<String, Object> beforeInit = new HashMap<>();
+
 		Map<String, Object> afterInit = new HashMap<>();
 
 		@Override
-		public Object postProcessBeforeInitialization(Object bean, String beanName) throws
-			BeansException {
+		public Object postProcessBeforeInitialization(Object bean, String beanName) throws BeansException {
 			this.beforeInit.put(beanName, bean);
 			return bean;
 		}
@@ -385,6 +404,7 @@ public class GlobalMethodSecurityConfigurationTests {
 			this.afterInit.put(beanName, bean);
 			return bean;
 		}
+
 	}
 
 	// SEC-3045
@@ -392,12 +412,13 @@ public class GlobalMethodSecurityConfigurationTests {
 	public void globalSecurityProxiesSecurity() {
 		this.spring.register(Sec3005Config.class).autowire();
 
-		assertThat(this.service.getClass()).matches(c-> !Proxy.isProxyClass(c), "is not proxy class");
+		assertThat(this.service.getClass()).matches(c -> !Proxy.isProxyClass(c), "is not proxy class");
 	}
 
-	@EnableGlobalMethodSecurity(prePostEnabled = true, mode= AdviceMode.ASPECTJ)
+	@EnableGlobalMethodSecurity(prePostEnabled = true, mode = AdviceMode.ASPECTJ)
 	@EnableTransactionManagement
 	static class Sec3005Config {
+
 		@Bean
 		public MethodSecurityService service() {
 			return new MethodSecurityServiceImpl();
@@ -407,25 +428,26 @@ public class GlobalMethodSecurityConfigurationTests {
 		public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
 			auth.inMemoryAuthentication();
 		}
+
 	}
 
 	//
-	//	// gh-3797
-	//	def preAuthorizeBeanSpel() {
-	//		setup:
-	//			SecurityContextHolder.getContext().setAuthentication(
-	//				new TestingAuthenticationToken("user", "password","ROLE_USER"))
-	//			context = new AnnotationConfigApplicationContext(PreAuthorizeBeanSpelConfig)
-	//			BeanSpelService service = context.getBean(BeanSpelService)
-	//		when:
-	//			service.run(true)
-	//		then:
-	//			noExceptionThrown()
-	//		when:
-	//			service.run(false)
-	//		then:
-	//			thrown(AccessDeniedException)
-	//	}
+	// // gh-3797
+	// def preAuthorizeBeanSpel() {
+	// setup:
+	// SecurityContextHolder.getContext().setAuthentication(
+	// new TestingAuthenticationToken("user", "password","ROLE_USER"))
+	// context = new AnnotationConfigApplicationContext(PreAuthorizeBeanSpelConfig)
+	// BeanSpelService service = context.getBean(BeanSpelService)
+	// when:
+	// service.run(true)
+	// then:
+	// noExceptionThrown()
+	// when:
+	// service.run(false)
+	// then:
+	// thrown(AccessDeniedException)
+	// }
 	//
 
 	@Test
@@ -433,8 +455,7 @@ public class GlobalMethodSecurityConfigurationTests {
 	public void preAuthorizeBeanSpel() {
 		this.spring.register(PreAuthorizeBeanSpelConfig.class).autowire();
 
-		assertThatThrownBy(() -> this.service.preAuthorizeBean(false))
-			.isInstanceOf(AccessDeniedException.class);
+		assertThatThrownBy(() -> this.service.preAuthorizeBean(false)).isInstanceOf(AccessDeniedException.class);
 
 		this.service.preAuthorizeBean(true);
 	}
@@ -442,6 +463,7 @@ public class GlobalMethodSecurityConfigurationTests {
 	@Configuration
 	@EnableGlobalMethodSecurity(prePostEnabled = true)
 	public static class PreAuthorizeBeanSpelConfig {
+
 		@Bean
 		MethodSecurityService service() {
 			return new MethodSecurityServiceImpl();
@@ -451,6 +473,7 @@ public class GlobalMethodSecurityConfigurationTests {
 		Authz authz() {
 			return new Authz();
 		}
+
 	}
 
 	// gh-3394
@@ -459,14 +482,14 @@ public class GlobalMethodSecurityConfigurationTests {
 	public void roleHierarchy() {
 		this.spring.register(RoleHierarchyConfig.class).autowire();
 
-		assertThatThrownBy(() -> this.service.preAuthorize())
-			.isInstanceOf(AccessDeniedException.class);
+		assertThatThrownBy(() -> this.service.preAuthorize()).isInstanceOf(AccessDeniedException.class);
 		this.service.preAuthorizeAdmin();
 	}
 
 	@EnableGlobalMethodSecurity(prePostEnabled = true)
 	@Configuration
 	public static class RoleHierarchyConfig {
+
 		@Bean
 		MethodSecurityService service() {
 			return new MethodSecurityServiceImpl();
@@ -478,6 +501,7 @@ public class GlobalMethodSecurityConfigurationTests {
 			result.setHierarchy("ROLE_USER > ROLE_ADMIN");
 			return result;
 		}
+
 	}
 
 	@Test
@@ -485,11 +509,10 @@ public class GlobalMethodSecurityConfigurationTests {
 	public void grantedAuthorityDefaultsAutowires() {
 		this.spring.register(CustomGrantedAuthorityConfig.class).autowire();
 
-		CustomGrantedAuthorityConfig.CustomAuthorityService customService = this.spring.getContext().getBean(
-			CustomGrantedAuthorityConfig.CustomAuthorityService.class);
+		CustomGrantedAuthorityConfig.CustomAuthorityService customService = this.spring.getContext()
+				.getBean(CustomGrantedAuthorityConfig.CustomAuthorityService.class);
 
-		assertThatThrownBy(() -> this.service.preAuthorize())
-			.isInstanceOf(AccessDeniedException.class);
+		assertThatThrownBy(() -> this.service.preAuthorize()).isInstanceOf(AccessDeniedException.class);
 
 		customService.customPrefixRoleUser();
 		// no exception
@@ -514,9 +537,13 @@ public class GlobalMethodSecurityConfigurationTests {
 		}
 
 		static class CustomAuthorityService {
+
 			@PreAuthorize("hasRole('ROLE:USER')")
-			public void customPrefixRoleUser() {}
+			public void customPrefixRoleUser() {
+			}
+
 		}
+
 	}
 
 	@Test
@@ -527,8 +554,7 @@ public class GlobalMethodSecurityConfigurationTests {
 		EmptyRolePrefixGrantedAuthorityConfig.CustomAuthorityService customService = this.spring.getContext()
 				.getBean(EmptyRolePrefixGrantedAuthorityConfig.CustomAuthorityService.class);
 
-		assertThatThrownBy(() -> this.service.securedUser())
-				.isInstanceOf(AccessDeniedException.class);
+		assertThatThrownBy(() -> this.service.securedUser()).isInstanceOf(AccessDeniedException.class);
 
 		customService.emptyPrefixRoleUser();
 		// no exception
@@ -536,6 +562,7 @@ public class GlobalMethodSecurityConfigurationTests {
 
 	@EnableGlobalMethodSecurity(securedEnabled = true)
 	static class EmptyRolePrefixGrantedAuthorityConfig {
+
 		@Bean
 		public GrantedAuthorityDefaults ga() {
 			return new GrantedAuthorityDefaults("");
@@ -552,18 +579,22 @@ public class GlobalMethodSecurityConfigurationTests {
 		}
 
 		static class CustomAuthorityService {
+
 			@Secured("USER")
-			public void emptyPrefixRoleUser() {}
+			public void emptyPrefixRoleUser() {
+			}
+
 		}
+
 	}
 
 	@Test
 	public void methodSecurityInterceptorUsesMetadataSourceBeanWhenProxyingDisabled() {
 		this.spring.register(CustomMetadataSourceBeanProxyEnabledConfig.class).autowire();
-		MethodSecurityInterceptor methodInterceptor =
-				(MethodSecurityInterceptor) this.spring.getContext().getBean(MethodInterceptor.class);
-		MethodSecurityMetadataSource methodSecurityMetadataSource =
-				this.spring.getContext().getBean(MethodSecurityMetadataSource.class);
+		MethodSecurityInterceptor methodInterceptor = (MethodSecurityInterceptor) this.spring.getContext()
+				.getBean(MethodInterceptor.class);
+		MethodSecurityMetadataSource methodSecurityMetadataSource = this.spring.getContext()
+				.getBean(MethodSecurityMetadataSource.class);
 
 		assertThat(methodInterceptor.getSecurityMetadataSource()).isSameAs(methodSecurityMetadataSource);
 	}
@@ -571,5 +602,7 @@ public class GlobalMethodSecurityConfigurationTests {
 	@EnableGlobalMethodSecurity(prePostEnabled = true)
 	@Configuration
 	public static class CustomMetadataSourceBeanProxyEnabledConfig extends GlobalMethodSecurityConfiguration {
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/MethodSecurityService.java b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/MethodSecurityService.java
index b558c9911d..e3d4baf3cb 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/MethodSecurityService.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/MethodSecurityService.java
@@ -29,6 +29,7 @@ import javax.annotation.security.PermitAll;
  * @author Rob Winch
  */
 public interface MethodSecurityService {
+
 	@PreAuthorize("denyAll")
 	String preAuthorize();
 
@@ -67,4 +68,5 @@ public interface MethodSecurityService {
 
 	@PostAuthorize("#o?.contains('grant')")
 	String postAnnotation(@P("o") String object);
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/MethodSecurityServiceConfig.java b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/MethodSecurityServiceConfig.java
index 0a5fd815eb..664919232b 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/MethodSecurityServiceConfig.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/MethodSecurityServiceConfig.java
@@ -21,8 +21,10 @@ import org.springframework.context.annotation.Bean;
  * @author Josh Cummings
  */
 public class MethodSecurityServiceConfig {
+
 	@Bean
 	MethodSecurityService service() {
 		return new MethodSecurityServiceImpl();
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/MethodSecurityServiceImpl.java b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/MethodSecurityServiceImpl.java
index 1ce3a60f3a..94a05216bc 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/MethodSecurityServiceImpl.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/MethodSecurityServiceImpl.java
@@ -23,6 +23,7 @@ import org.springframework.security.core.context.SecurityContextHolder;
  * @author Rob Winch
  */
 public class MethodSecurityServiceImpl implements MethodSecurityService {
+
 	@Override
 	public String preAuthorize() {
 		return null;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/NamespaceGlobalMethodSecurityExpressionHandlerTests.java b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/NamespaceGlobalMethodSecurityExpressionHandlerTests.java
index 74cf91ab87..f904f0df58 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/NamespaceGlobalMethodSecurityExpressionHandlerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/NamespaceGlobalMethodSecurityExpressionHandlerTests.java
@@ -35,7 +35,6 @@ import static org.assertj.core.api.Assertions.assertThatCode;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 
 /**
- *
  * @author Rob Winch
  * @author Josh Cummings
  */
@@ -54,11 +53,9 @@ public class NamespaceGlobalMethodSecurityExpressionHandlerTests {
 	public void methodSecurityWhenUsingCustomPermissionEvaluatorThenPreAuthorizesAccordingly() {
 		this.spring.register(CustomAccessDecisionManagerConfig.class, MethodSecurityServiceConfig.class).autowire();
 
-		assertThatCode(() -> this.service.hasPermission("granted"))
-			.doesNotThrowAnyException();
+		assertThatCode(() -> this.service.hasPermission("granted")).doesNotThrowAnyException();
 
-		assertThatThrownBy(() -> this.service.hasPermission("denied"))
-			.isInstanceOf(AccessDeniedException.class);
+		assertThatThrownBy(() -> this.service.hasPermission("denied")).isInstanceOf(AccessDeniedException.class);
 	}
 
 	@Test
@@ -66,30 +63,33 @@ public class NamespaceGlobalMethodSecurityExpressionHandlerTests {
 	public void methodSecurityWhenUsingCustomPermissionEvaluatorThenPostAuthorizesAccordingly() {
 		this.spring.register(CustomAccessDecisionManagerConfig.class, MethodSecurityServiceConfig.class).autowire();
 
-		assertThatCode(() -> this.service.postHasPermission("granted"))
-			.doesNotThrowAnyException();
+		assertThatCode(() -> this.service.postHasPermission("granted")).doesNotThrowAnyException();
 
-		assertThatThrownBy(() -> this.service.postHasPermission("denied"))
-			.isInstanceOf(AccessDeniedException.class);
+		assertThatThrownBy(() -> this.service.postHasPermission("denied")).isInstanceOf(AccessDeniedException.class);
 	}
 
 	@EnableGlobalMethodSecurity(prePostEnabled = true)
 	public static class CustomAccessDecisionManagerConfig extends GlobalMethodSecurityConfiguration {
+
 		@Override
 		protected MethodSecurityExpressionHandler createExpressionHandler() {
 			DefaultMethodSecurityExpressionHandler expressionHandler = new DefaultMethodSecurityExpressionHandler();
 
 			expressionHandler.setPermissionEvaluator(new PermissionEvaluator() {
-				public boolean hasPermission(Authentication authentication, Object targetDomainObject, Object permission) {
+				public boolean hasPermission(Authentication authentication, Object targetDomainObject,
+						Object permission) {
 					return "granted".equals(targetDomainObject);
 				}
 
-				public boolean hasPermission(Authentication authentication, Serializable targetId, String targetType, Object permission) {
+				public boolean hasPermission(Authentication authentication, Serializable targetId, String targetType,
+						Object permission) {
 					throw new UnsupportedOperationException();
 				}
 			});
 
 			return expressionHandler;
 		}
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/NamespaceGlobalMethodSecurityTests.java b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/NamespaceGlobalMethodSecurityTests.java
index 1174a77d34..7655f8c422 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/NamespaceGlobalMethodSecurityTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/NamespaceGlobalMethodSecurityTests.java
@@ -60,7 +60,6 @@ import static org.assertj.core.api.Assertions.assertThatCode;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 
 /**
- *
  * @author Rob Winch
  * @author Josh Cummings
  */
@@ -81,11 +80,9 @@ public class NamespaceGlobalMethodSecurityTests {
 	public void methodSecurityWhenCustomAccessDecisionManagerThenAuthorizes() {
 		this.spring.register(CustomAccessDecisionManagerConfig.class, MethodSecurityServiceConfig.class).autowire();
 
-		assertThatThrownBy(() -> this.service.preAuthorize())
-			.isInstanceOf(AccessDeniedException.class);
+		assertThatThrownBy(() -> this.service.preAuthorize()).isInstanceOf(AccessDeniedException.class);
 
-		assertThatThrownBy(() -> this.service.secured())
-			.isInstanceOf(AccessDeniedException.class);
+		assertThatThrownBy(() -> this.service.secured()).isInstanceOf(AccessDeniedException.class);
 
 	}
 
@@ -98,16 +95,22 @@ public class NamespaceGlobalMethodSecurityTests {
 		}
 
 		public static class DenyAllAccessDecisionManager implements AccessDecisionManager {
-			public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes) {
+
+			public void decide(Authentication authentication, Object object,
+					Collection<ConfigAttribute> configAttributes) {
 				throw new AccessDeniedException("Always Denied");
 			}
+
 			public boolean supports(ConfigAttribute attribute) {
 				return true;
 			}
+
 			public boolean supports(Class<?> clazz) {
 				return true;
 			}
+
 		}
+
 	}
 
 	// --- after-invocation-provider
@@ -117,13 +120,11 @@ public class NamespaceGlobalMethodSecurityTests {
 	public void methodSecurityWhenCustomAfterInvocationManagerThenAuthorizes() {
 		this.spring.register(CustomAfterInvocationManagerConfig.class, MethodSecurityServiceConfig.class).autowire();
 
-		assertThatThrownBy(() -> this.service.preAuthorizePermitAll())
-			.isInstanceOf(AccessDeniedException.class);
+		assertThatThrownBy(() -> this.service.preAuthorizePermitAll()).isInstanceOf(AccessDeniedException.class);
 	}
 
 	@EnableGlobalMethodSecurity(prePostEnabled = true)
-	public static class CustomAfterInvocationManagerConfig
-		extends GlobalMethodSecurityConfiguration {
+	public static class CustomAfterInvocationManagerConfig extends GlobalMethodSecurityConfiguration {
 
 		@Override
 		protected AfterInvocationManager afterInvocationManager() {
@@ -131,10 +132,9 @@ public class NamespaceGlobalMethodSecurityTests {
 		}
 
 		public static class AfterInvocationManagerStub implements AfterInvocationManager {
-			public Object decide(Authentication authentication,
-									Object object,
-									Collection<ConfigAttribute> attributes,
-									Object returnedObject) throws AccessDeniedException {
+
+			public Object decide(Authentication authentication, Object object, Collection<ConfigAttribute> attributes,
+					Object returnedObject) throws AccessDeniedException {
 
 				throw new AccessDeniedException("custom AfterInvocationManager");
 			}
@@ -142,10 +142,13 @@ public class NamespaceGlobalMethodSecurityTests {
 			public boolean supports(ConfigAttribute attribute) {
 				return true;
 			}
+
 			public boolean supports(Class<?> clazz) {
 				return true;
 			}
+
 		}
+
 	}
 
 	// --- authentication-manager-ref ---
@@ -155,8 +158,7 @@ public class NamespaceGlobalMethodSecurityTests {
 	public void methodSecurityWhenCustomAuthenticationManagerThenAuthorizes() {
 		this.spring.register(CustomAuthenticationConfig.class, MethodSecurityServiceConfig.class).autowire();
 
-		assertThatThrownBy(() -> this.service.preAuthorize())
-			.isInstanceOf(UnsupportedOperationException.class);
+		assertThatThrownBy(() -> this.service.preAuthorize()).isInstanceOf(UnsupportedOperationException.class);
 	}
 
 	@EnableGlobalMethodSecurity(prePostEnabled = true)
@@ -175,6 +177,7 @@ public class NamespaceGlobalMethodSecurityTests {
 				throw new UnsupportedOperationException();
 			};
 		}
+
 	}
 
 	// --- jsr250-annotations ---
@@ -184,17 +187,13 @@ public class NamespaceGlobalMethodSecurityTests {
 	public void methodSecurityWhenJsr250EnabledThenAuthorizes() {
 		this.spring.register(Jsr250Config.class, MethodSecurityServiceConfig.class).autowire();
 
-		assertThatCode(() -> this.service.preAuthorize())
-			.doesNotThrowAnyException();
+		assertThatCode(() -> this.service.preAuthorize()).doesNotThrowAnyException();
 
-		assertThatCode(() -> this.service.secured())
-			.doesNotThrowAnyException();
+		assertThatCode(() -> this.service.secured()).doesNotThrowAnyException();
 
-		assertThatThrownBy(() -> this.service.jsr250())
-			.isInstanceOf(AccessDeniedException.class);
+		assertThatThrownBy(() -> this.service.jsr250()).isInstanceOf(AccessDeniedException.class);
 
-		assertThatCode(() -> this.service.jsr250PermitAll())
-			.doesNotThrowAnyException();
+		assertThatCode(() -> this.service.jsr250PermitAll()).doesNotThrowAnyException();
 
 	}
 
@@ -209,16 +208,14 @@ public class NamespaceGlobalMethodSecurityTests {
 	@Test
 	@WithMockUser
 	public void methodSecurityWhenCustomMethodSecurityMetadataSourceThenAuthorizes() {
-		this.spring.register(CustomMethodSecurityMetadataSourceConfig.class, MethodSecurityServiceConfig.class).autowire();
+		this.spring.register(CustomMethodSecurityMetadataSourceConfig.class, MethodSecurityServiceConfig.class)
+				.autowire();
 
-		assertThatThrownBy(() -> this.service.preAuthorize())
-			.isInstanceOf(AccessDeniedException.class);
+		assertThatThrownBy(() -> this.service.preAuthorize()).isInstanceOf(AccessDeniedException.class);
 
-		assertThatThrownBy(() -> this.service.secured())
-			.isInstanceOf(AccessDeniedException.class);
+		assertThatThrownBy(() -> this.service.secured()).isInstanceOf(AccessDeniedException.class);
 
-		assertThatThrownBy(() -> this.service.jsr250())
-			.isInstanceOf(AccessDeniedException.class);
+		assertThatThrownBy(() -> this.service.jsr250()).isInstanceOf(AccessDeniedException.class);
 	}
 
 	@EnableGlobalMethodSecurity
@@ -228,16 +225,18 @@ public class NamespaceGlobalMethodSecurityTests {
 		protected MethodSecurityMetadataSource customMethodSecurityMetadataSource() {
 			return new AbstractMethodSecurityMetadataSource() {
 				public Collection<ConfigAttribute> getAttributes(Method method, Class<?> targetClass) {
-					// require ROLE_NOBODY for any method on MethodSecurityService interface
-					return MethodSecurityService.class.isAssignableFrom(targetClass) ?
-						Arrays.asList(new SecurityConfig("ROLE_NOBODY")) :
-						Collections.emptyList();
+					// require ROLE_NOBODY for any method on MethodSecurityService
+					// interface
+					return MethodSecurityService.class.isAssignableFrom(targetClass)
+							? Arrays.asList(new SecurityConfig("ROLE_NOBODY")) : Collections.emptyList();
 				}
+
 				public Collection<ConfigAttribute> getAllConfigAttributes() {
 					return null;
 				}
 			};
 		}
+
 	}
 
 	// --- mode ---
@@ -247,10 +246,13 @@ public class NamespaceGlobalMethodSecurityTests {
 	public void contextRefreshWhenUsingAspectJThenAutowire() throws Exception {
 		this.spring.register(AspectJModeConfig.class, MethodSecurityServiceConfig.class).autowire();
 
-		assertThat(this.spring.getContext().getBean(Class.forName("org.springframework.security.access.intercept.aspectj.aspect.AnnotationSecurityAspect"))).isNotNull();
+		assertThat(this.spring.getContext().getBean(
+				Class.forName("org.springframework.security.access.intercept.aspectj.aspect.AnnotationSecurityAspect")))
+						.isNotNull();
 		assertThat(this.spring.getContext().getBean(AspectJMethodSecurityInterceptor.class)).isNotNull();
 
-		//TODO diagnose why aspectj isn't weaving method security advice around MethodSecurityServiceImpl
+		// TODO diagnose why aspectj isn't weaving method security advice around
+		// MethodSecurityServiceImpl
 	}
 
 	@EnableGlobalMethodSecurity(mode = AdviceMode.ASPECTJ, securedEnabled = true)
@@ -260,48 +262,51 @@ public class NamespaceGlobalMethodSecurityTests {
 
 	@Test
 	public void contextRefreshWhenUsingAspectJAndCustomGlobalMethodSecurityConfigurationThenAutowire()
-		throws Exception {
+			throws Exception {
 
 		this.spring.register(AspectJModeExtendsGMSCConfig.class).autowire();
 
-		assertThat(this.spring.getContext().getBean(Class.forName("org.springframework.security.access.intercept.aspectj.aspect.AnnotationSecurityAspect"))).isNotNull();
+		assertThat(this.spring.getContext().getBean(
+				Class.forName("org.springframework.security.access.intercept.aspectj.aspect.AnnotationSecurityAspect")))
+						.isNotNull();
 		assertThat(this.spring.getContext().getBean(AspectJMethodSecurityInterceptor.class)).isNotNull();
 
 	}
 
 	@EnableGlobalMethodSecurity(mode = AdviceMode.ASPECTJ, securedEnabled = true)
 	public static class AspectJModeExtendsGMSCConfig extends GlobalMethodSecurityConfiguration {
+
 	}
 
 	// --- order ---
 
-	private static class AdvisorOrderConfig
-		implements ImportBeanDefinitionRegistrar {
+	private static class AdvisorOrderConfig implements ImportBeanDefinitionRegistrar {
 
 		private static class ExceptingInterceptor implements MethodInterceptor {
+
 			@Override
 			public Object invoke(MethodInvocation invocation) {
 				throw new UnsupportedOperationException("Deny All");
 			}
+
 		}
 
 		@Override
-		public void registerBeanDefinitions(AnnotationMetadata importingClassMetadata, BeanDefinitionRegistry registry) {
-			BeanDefinitionBuilder advice = BeanDefinitionBuilder
-				.rootBeanDefinition(ExceptingInterceptor.class);
-			registry.registerBeanDefinition("exceptingInterceptor",
-				advice.getBeanDefinition());
+		public void registerBeanDefinitions(AnnotationMetadata importingClassMetadata,
+				BeanDefinitionRegistry registry) {
+			BeanDefinitionBuilder advice = BeanDefinitionBuilder.rootBeanDefinition(ExceptingInterceptor.class);
+			registry.registerBeanDefinition("exceptingInterceptor", advice.getBeanDefinition());
 
 			BeanDefinitionBuilder advisor = BeanDefinitionBuilder
-				.rootBeanDefinition(MethodSecurityMetadataSourceAdvisor.class);
+					.rootBeanDefinition(MethodSecurityMetadataSourceAdvisor.class);
 			advisor.setRole(BeanDefinition.ROLE_INFRASTRUCTURE);
 			advisor.addConstructorArgValue("exceptingInterceptor");
 			advisor.addConstructorArgReference("methodSecurityMetadataSource");
 			advisor.addConstructorArgValue("methodSecurityMetadataSource");
 			advisor.addPropertyValue("order", 0);
-			registry.registerBeanDefinition("exceptingAdvisor",
-				advisor.getBeanDefinition());
+			registry.registerBeanDefinition("exceptingAdvisor", advisor.getBeanDefinition());
 		}
+
 	}
 
 	@Test
@@ -309,13 +314,10 @@ public class NamespaceGlobalMethodSecurityTests {
 	public void methodSecurityWhenOrderSpecifiedThenConfigured() {
 		this.spring.register(CustomOrderConfig.class, MethodSecurityServiceConfig.class).autowire();
 
-		assertThat(this.spring.getContext()
-			.getBean("metaDataSourceAdvisor", MethodSecurityMetadataSourceAdvisor.class)
-			.getOrder())
-			.isEqualTo(-135);
+		assertThat(this.spring.getContext().getBean("metaDataSourceAdvisor", MethodSecurityMetadataSourceAdvisor.class)
+				.getOrder()).isEqualTo(-135);
 
-		assertThatThrownBy(() -> this.service.jsr250())
-			.isInstanceOf(AccessDeniedException.class);
+		assertThatThrownBy(() -> this.service.jsr250()).isInstanceOf(AccessDeniedException.class);
 	}
 
 	@EnableGlobalMethodSecurity(order = -135, jsr250Enabled = true)
@@ -329,37 +331,34 @@ public class NamespaceGlobalMethodSecurityTests {
 	public void methodSecurityWhenOrderUnspecifiedThenConfiguredToLowestPrecedence() {
 		this.spring.register(DefaultOrderConfig.class, MethodSecurityServiceConfig.class).autowire();
 
-		assertThat(this.spring.getContext()
-			.getBean("metaDataSourceAdvisor", MethodSecurityMetadataSourceAdvisor.class)
-			.getOrder())
-			.isEqualTo(Ordered.LOWEST_PRECEDENCE);
+		assertThat(this.spring.getContext().getBean("metaDataSourceAdvisor", MethodSecurityMetadataSourceAdvisor.class)
+				.getOrder()).isEqualTo(Ordered.LOWEST_PRECEDENCE);
 
-		assertThatThrownBy(() -> this.service.jsr250())
-			.isInstanceOf(UnsupportedOperationException.class);
+		assertThatThrownBy(() -> this.service.jsr250()).isInstanceOf(UnsupportedOperationException.class);
 	}
 
 	@EnableGlobalMethodSecurity(jsr250Enabled = true)
 	@Import(AdvisorOrderConfig.class)
 	public static class DefaultOrderConfig {
+
 	}
 
 	@Test
 	@WithMockUser
 	public void methodSecurityWhenOrderUnspecifiedAndCustomGlobalMethodSecurityConfigurationThenConfiguredToLowestPrecedence() {
-		this.spring.register(DefaultOrderExtendsMethodSecurityConfig.class, MethodSecurityServiceConfig.class).autowire();
+		this.spring.register(DefaultOrderExtendsMethodSecurityConfig.class, MethodSecurityServiceConfig.class)
+				.autowire();
 
-		assertThat(this.spring.getContext()
-			.getBean("metaDataSourceAdvisor", MethodSecurityMetadataSourceAdvisor.class)
-			.getOrder())
-			.isEqualTo(Ordered.LOWEST_PRECEDENCE);
+		assertThat(this.spring.getContext().getBean("metaDataSourceAdvisor", MethodSecurityMetadataSourceAdvisor.class)
+				.getOrder()).isEqualTo(Ordered.LOWEST_PRECEDENCE);
 
-		assertThatThrownBy(() -> this.service.jsr250())
-			.isInstanceOf(UnsupportedOperationException.class);
+		assertThatThrownBy(() -> this.service.jsr250()).isInstanceOf(UnsupportedOperationException.class);
 	}
 
 	@EnableGlobalMethodSecurity(jsr250Enabled = true)
 	@Import(AdvisorOrderConfig.class)
 	public static class DefaultOrderExtendsMethodSecurityConfig extends GlobalMethodSecurityConfiguration {
+
 	}
 
 	// --- pre-post-annotations ---
@@ -369,18 +368,16 @@ public class NamespaceGlobalMethodSecurityTests {
 	public void methodSecurityWhenPrePostEnabledThenPreAuthorizes() {
 		this.spring.register(PreAuthorizeConfig.class, MethodSecurityServiceConfig.class).autowire();
 
-		assertThatCode(() -> this.service.secured())
-			.doesNotThrowAnyException();
+		assertThatCode(() -> this.service.secured()).doesNotThrowAnyException();
 
-		assertThatCode(() -> this.service.jsr250())
-			.doesNotThrowAnyException();
+		assertThatCode(() -> this.service.jsr250()).doesNotThrowAnyException();
 
-		assertThatThrownBy(() -> this.service.preAuthorize())
-			.isInstanceOf(AccessDeniedException.class);
+		assertThatThrownBy(() -> this.service.preAuthorize()).isInstanceOf(AccessDeniedException.class);
 	}
 
 	@EnableGlobalMethodSecurity(prePostEnabled = true)
 	public static class PreAuthorizeConfig {
+
 	}
 
 	@Test
@@ -388,18 +385,16 @@ public class NamespaceGlobalMethodSecurityTests {
 	public void methodSecurityWhenPrePostEnabledAndCustomGlobalMethodSecurityConfigurationThenPreAuthorizes() {
 		this.spring.register(PreAuthorizeExtendsGMSCConfig.class, MethodSecurityServiceConfig.class).autowire();
 
-		assertThatCode(() -> this.service.secured())
-			.doesNotThrowAnyException();
+		assertThatCode(() -> this.service.secured()).doesNotThrowAnyException();
 
-		assertThatCode(() -> this.service.jsr250())
-			.doesNotThrowAnyException();
+		assertThatCode(() -> this.service.jsr250()).doesNotThrowAnyException();
 
-		assertThatThrownBy(() -> this.service.preAuthorize())
-			.isInstanceOf(AccessDeniedException.class);
+		assertThatThrownBy(() -> this.service.preAuthorize()).isInstanceOf(AccessDeniedException.class);
 	}
 
 	@EnableGlobalMethodSecurity(prePostEnabled = true)
 	public static class PreAuthorizeExtendsGMSCConfig extends GlobalMethodSecurityConfiguration {
+
 	}
 
 	// --- proxy-target-class ---
@@ -410,15 +405,14 @@ public class NamespaceGlobalMethodSecurityTests {
 		this.spring.register(ProxyTargetClassConfig.class, MethodSecurityServiceConfig.class).autowire();
 
 		// make sure service was actually proxied
-		assertThat(this.service.getClass().getInterfaces())
-			.doesNotContain(MethodSecurityService.class);
+		assertThat(this.service.getClass().getInterfaces()).doesNotContain(MethodSecurityService.class);
 
-		assertThatThrownBy(() -> this.service.preAuthorize())
-			.isInstanceOf(AccessDeniedException.class);
+		assertThatThrownBy(() -> this.service.preAuthorize()).isInstanceOf(AccessDeniedException.class);
 	}
 
 	@EnableGlobalMethodSecurity(proxyTargetClass = true, prePostEnabled = true)
 	public static class ProxyTargetClassConfig {
+
 	}
 
 	@Test
@@ -426,15 +420,14 @@ public class NamespaceGlobalMethodSecurityTests {
 	public void methodSecurityWhenDefaultProxyThenWiresToInterface() {
 		this.spring.register(DefaultProxyConfig.class, MethodSecurityServiceConfig.class).autowire();
 
-		assertThat(this.service.getClass().getInterfaces())
-			.contains(MethodSecurityService.class);
+		assertThat(this.service.getClass().getInterfaces()).contains(MethodSecurityService.class);
 
-		assertThatThrownBy(() -> this.service.preAuthorize())
-			.isInstanceOf(AccessDeniedException.class);
+		assertThatThrownBy(() -> this.service.preAuthorize()).isInstanceOf(AccessDeniedException.class);
 	}
 
 	@EnableGlobalMethodSecurity(prePostEnabled = true)
 	public static class DefaultProxyConfig {
+
 	}
 
 	// --- run-as-manager-ref ---
@@ -445,7 +438,7 @@ public class NamespaceGlobalMethodSecurityTests {
 		this.spring.register(CustomRunAsManagerConfig.class, MethodSecurityServiceConfig.class).autowire();
 
 		assertThat(service.runAs().getAuthorities())
-			.anyMatch(authority -> "ROLE_RUN_AS_SUPER".equals(authority.getAuthority()));
+				.anyMatch(authority -> "ROLE_RUN_AS_SUPER".equals(authority.getAuthority()));
 	}
 
 	@EnableGlobalMethodSecurity(securedEnabled = true)
@@ -457,6 +450,7 @@ public class NamespaceGlobalMethodSecurityTests {
 			runAsManager.setKey("some key");
 			return runAsManager;
 		}
+
 	}
 
 	// --- secured-annotation ---
@@ -466,21 +460,18 @@ public class NamespaceGlobalMethodSecurityTests {
 	public void methodSecurityWhenSecuredEnabledThenSecures() {
 		this.spring.register(SecuredConfig.class, MethodSecurityServiceConfig.class).autowire();
 
-		assertThatThrownBy(() -> this.service.secured())
-			.isInstanceOf(AccessDeniedException.class);
+		assertThatThrownBy(() -> this.service.secured()).isInstanceOf(AccessDeniedException.class);
 
-		assertThatCode(() -> this.service.securedUser())
-			.doesNotThrowAnyException();
+		assertThatCode(() -> this.service.securedUser()).doesNotThrowAnyException();
 
-		assertThatCode(() -> this.service.preAuthorize())
-			.doesNotThrowAnyException();
+		assertThatCode(() -> this.service.preAuthorize()).doesNotThrowAnyException();
 
-		assertThatCode(() -> this.service.jsr250())
-			.doesNotThrowAnyException();
+		assertThatCode(() -> this.service.jsr250()).doesNotThrowAnyException();
 	}
 
 	@EnableGlobalMethodSecurity(securedEnabled = true)
 	public static class SecuredConfig {
+
 	}
 
 	// --- unsorted ---
@@ -488,14 +479,13 @@ public class NamespaceGlobalMethodSecurityTests {
 	@Test
 	@WithMockUser
 	public void methodSecurityWhenMissingEnableAnnotationThenShowsHelpfulError() {
-		assertThatThrownBy(() ->
-			this.spring.register(ExtendsNoEnableAnntotationConfig.class).autowire())
-			.hasStackTraceContaining(EnableGlobalMethodSecurity.class.getName() + " is required");
+		assertThatThrownBy(() -> this.spring.register(ExtendsNoEnableAnntotationConfig.class).autowire())
+				.hasStackTraceContaining(EnableGlobalMethodSecurity.class.getName() + " is required");
 	}
 
 	@Configuration
-	public static class ExtendsNoEnableAnntotationConfig
-		extends GlobalMethodSecurityConfiguration {
+	public static class ExtendsNoEnableAnntotationConfig extends GlobalMethodSecurityConfiguration {
+
 	}
 
 	@Test
@@ -503,18 +493,17 @@ public class NamespaceGlobalMethodSecurityTests {
 	public void methodSecurityWhenImportingGlobalMethodSecurityConfigurationSubclassThenAuthorizes() {
 		this.spring.register(ImportSubclassGMSCConfig.class, MethodSecurityServiceConfig.class).autowire();
 
-		assertThatCode(() -> this.service.secured())
-			.doesNotThrowAnyException();
+		assertThatCode(() -> this.service.secured()).doesNotThrowAnyException();
 
-		assertThatCode(() -> this.service.jsr250())
-			.doesNotThrowAnyException();
+		assertThatCode(() -> this.service.jsr250()).doesNotThrowAnyException();
 
-		assertThatThrownBy(() -> this.service.preAuthorize())
-			.isInstanceOf(AccessDeniedException.class);
+		assertThatThrownBy(() -> this.service.preAuthorize()).isInstanceOf(AccessDeniedException.class);
 	}
 
 	@Configuration
 	@Import(PreAuthorizeExtendsGMSCConfig.class)
 	public static class ImportSubclassGMSCConfig {
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/ReactiveMessageService.java b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/ReactiveMessageService.java
index d4bc9d45c9..636db9b6ff 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/ReactiveMessageService.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/ReactiveMessageService.java
@@ -20,23 +20,37 @@ import reactor.core.publisher.Flux;
 import reactor.core.publisher.Mono;
 
 public interface ReactiveMessageService {
+
 	String notPublisherPreAuthorizeFindById(long id);
 
 	Mono<String> monoFindById(long id);
+
 	Mono<String> monoPreAuthorizeHasRoleFindById(long id);
+
 	Mono<String> monoPostAuthorizeFindById(long id);
+
 	Mono<String> monoPreAuthorizeBeanFindById(long id);
+
 	Mono<String> monoPostAuthorizeBeanFindById(long id);
 
 	Flux<String> fluxFindById(long id);
+
 	Flux<String> fluxPreAuthorizeHasRoleFindById(long id);
+
 	Flux<String> fluxPostAuthorizeFindById(long id);
+
 	Flux<String> fluxPreAuthorizeBeanFindById(long id);
+
 	Flux<String> fluxPostAuthorizeBeanFindById(long id);
 
 	Publisher<String> publisherFindById(long id);
+
 	Publisher<String> publisherPreAuthorizeHasRoleFindById(long id);
+
 	Publisher<String> publisherPostAuthorizeFindById(long id);
+
 	Publisher<String> publisherPreAuthorizeBeanFindById(long id);
+
 	Publisher<String> publisherPostAuthorizeBeanFindById(long id);
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecurityConfigurationTests.java
index 9df29cd18f..8fe7565b04 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecurityConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecurityConfigurationTests.java
@@ -46,14 +46,13 @@ public class ReactiveMethodSecurityConfigurationTests {
 	public void rolePrefixWithGrantedAuthorityDefaults() throws NoSuchMethodException {
 		this.spring.register(WithRolePrefixConfiguration.class).autowire();
 
-		TestingAuthenticationToken authentication = new TestingAuthenticationToken(
-				"principal", "credential", "CUSTOM_ABC");
+		TestingAuthenticationToken authentication = new TestingAuthenticationToken("principal", "credential",
+				"CUSTOM_ABC");
 		MockMethodInvocation methodInvocation = new MockMethodInvocation(new Foo(), Foo.class, "bar", String.class);
 
-		EvaluationContext context = this.methodSecurityExpressionHandler
-				.createEvaluationContext(authentication, methodInvocation);
-		SecurityExpressionRoot root = (SecurityExpressionRoot) context.getRootObject()
-				.getValue();
+		EvaluationContext context = this.methodSecurityExpressionHandler.createEvaluationContext(authentication,
+				methodInvocation);
+		SecurityExpressionRoot root = (SecurityExpressionRoot) context.getRootObject().getValue();
 
 		assertThat(root.hasRole("ROLE_ABC")).isFalse();
 		assertThat(root.hasRole("ROLE_CUSTOM_ABC")).isFalse();
@@ -65,14 +64,13 @@ public class ReactiveMethodSecurityConfigurationTests {
 	public void rolePrefixWithDefaultConfig() throws NoSuchMethodException {
 		this.spring.register(ReactiveMethodSecurityConfiguration.class).autowire();
 
-		TestingAuthenticationToken authentication = new TestingAuthenticationToken(
-				"principal", "credential", "ROLE_ABC");
+		TestingAuthenticationToken authentication = new TestingAuthenticationToken("principal", "credential",
+				"ROLE_ABC");
 		MockMethodInvocation methodInvocation = new MockMethodInvocation(new Foo(), Foo.class, "bar", String.class);
 
-		EvaluationContext context = this.methodSecurityExpressionHandler
-				.createEvaluationContext(authentication, methodInvocation);
-		SecurityExpressionRoot root = (SecurityExpressionRoot) context.getRootObject()
-				.getValue();
+		EvaluationContext context = this.methodSecurityExpressionHandler.createEvaluationContext(authentication,
+				methodInvocation);
+		SecurityExpressionRoot root = (SecurityExpressionRoot) context.getRootObject().getValue();
 
 		assertThat(root.hasRole("ROLE_ABC")).isTrue();
 		assertThat(root.hasRole("ABC")).isTrue();
@@ -81,24 +79,25 @@ public class ReactiveMethodSecurityConfigurationTests {
 	@Configuration
 	@EnableReactiveMethodSecurity // this imports ReactiveMethodSecurityConfiguration
 	static class WithRolePrefixConfiguration {
+
 		@Bean
 		GrantedAuthorityDefaults grantedAuthorityDefaults() {
 			return new GrantedAuthorityDefaults("CUSTOM_");
 		}
+
 	}
 
 	@Test
 	public void rolePrefixWithGrantedAuthorityDefaultsAndSubclassWithProxyingEnabled() throws NoSuchMethodException {
 		this.spring.register(SubclassConfig.class).autowire();
 
-		TestingAuthenticationToken authentication = new TestingAuthenticationToken(
-				"principal", "credential", "ROLE_ABC");
+		TestingAuthenticationToken authentication = new TestingAuthenticationToken("principal", "credential",
+				"ROLE_ABC");
 		MockMethodInvocation methodInvocation = new MockMethodInvocation(new Foo(), Foo.class, "bar", String.class);
 
-		EvaluationContext context = this.methodSecurityExpressionHandler
-				.createEvaluationContext(authentication, methodInvocation);
-		SecurityExpressionRoot root = (SecurityExpressionRoot) context.getRootObject()
-				.getValue();
+		EvaluationContext context = this.methodSecurityExpressionHandler.createEvaluationContext(authentication,
+				methodInvocation);
+		SecurityExpressionRoot root = (SecurityExpressionRoot) context.getRootObject().getValue();
 
 		assertThat(root.hasRole("ROLE_ABC")).isTrue();
 		assertThat(root.hasRole("ABC")).isTrue();
@@ -106,10 +105,14 @@ public class ReactiveMethodSecurityConfigurationTests {
 
 	@Configuration
 	static class SubclassConfig extends ReactiveMethodSecurityConfiguration {
+
 	}
 
 	private static class Foo {
-		public void bar(String param){
+
+		public void bar(String param) {
 		}
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/SampleEnableGlobalMethodSecurityTests.java b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/SampleEnableGlobalMethodSecurityTests.java
index 13ffa15645..1f7031541d 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/SampleEnableGlobalMethodSecurityTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/SampleEnableGlobalMethodSecurityTests.java
@@ -42,6 +42,7 @@ import static org.assertj.core.api.Assertions.assertThatThrownBy;
  *
  */
 public class SampleEnableGlobalMethodSecurityTests {
+
 	@Rule
 	public final SpringTestRule spring = new SpringTestRule();
 
@@ -50,8 +51,8 @@ public class SampleEnableGlobalMethodSecurityTests {
 
 	@Before
 	public void setup() {
-		SecurityContextHolder.getContext().setAuthentication(
-									new TestingAuthenticationToken("user", "password", "ROLE_USER"));
+		SecurityContextHolder.getContext()
+				.setAuthentication(new TestingAuthenticationToken("user", "password", "ROLE_USER"));
 	}
 
 	@Test
@@ -61,12 +62,12 @@ public class SampleEnableGlobalMethodSecurityTests {
 		assertThat(this.methodSecurityService.secured()).isNull();
 		assertThat(this.methodSecurityService.jsr250()).isNull();
 
-		assertThatThrownBy(() -> this.methodSecurityService.preAuthorize())
-			.isInstanceOf(AccessDeniedException.class);
+		assertThatThrownBy(() -> this.methodSecurityService.preAuthorize()).isInstanceOf(AccessDeniedException.class);
 	}
 
-	@EnableGlobalMethodSecurity(prePostEnabled=true)
+	@EnableGlobalMethodSecurity(prePostEnabled = true)
 	static class SampleWebSecurityConfig {
+
 		@Bean
 		public MethodSecurityService methodSecurityService() {
 			return new MethodSecurityServiceImpl();
@@ -81,8 +82,8 @@ public class SampleEnableGlobalMethodSecurityTests {
 					.withUser("admin").password("password").roles("USER", "ADMIN");
 			// @formatter:on
 		}
-	}
 
+	}
 
 	@Test
 	public void customPermissionHandler() {
@@ -91,12 +92,12 @@ public class SampleEnableGlobalMethodSecurityTests {
 		assertThat(this.methodSecurityService.hasPermission("allowed")).isNull();
 
 		assertThatThrownBy(() -> this.methodSecurityService.hasPermission("denied"))
-			.isInstanceOf(AccessDeniedException.class);
+				.isInstanceOf(AccessDeniedException.class);
 	}
 
-
-	@EnableGlobalMethodSecurity(prePostEnabled=true)
+	@EnableGlobalMethodSecurity(prePostEnabled = true)
 	public static class CustomPermissionEvaluatorWebSecurityConfig extends GlobalMethodSecurityConfiguration {
+
 		@Bean
 		public MethodSecurityService methodSecurityService() {
 			return new MethodSecurityServiceImpl();
@@ -118,18 +119,20 @@ public class SampleEnableGlobalMethodSecurityTests {
 				.withUser("admin").password("password").roles("USER", "ADMIN");
 			// @formatter:on
 		}
+
 	}
 
 	static class CustomPermissionEvaluator implements PermissionEvaluator {
-		public boolean hasPermission(Authentication authentication,
-				Object targetDomainObject, Object permission) {
+
+		public boolean hasPermission(Authentication authentication, Object targetDomainObject, Object permission) {
 			return !"denied".equals(targetDomainObject);
 		}
 
-		public boolean hasPermission(Authentication authentication,
-				Serializable targetId, String targetType, Object permission) {
+		public boolean hasPermission(Authentication authentication, Serializable targetId, String targetType,
+				Object permission) {
 			return !"denied".equals(targetId);
 		}
 
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/sec2758/Sec2758Tests.java b/config/src/test/java/org/springframework/security/config/annotation/sec2758/Sec2758Tests.java
index 53441757f8..c8d3563122 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/sec2758/Sec2758Tests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/sec2758/Sec2758Tests.java
@@ -77,21 +77,23 @@ public class Sec2758Tests {
 
 		this.spring.register(SecurityConfig.class).autowire();
 
-		assertThatCode(() -> service.doJsr250())
-			.doesNotThrowAnyException();
+		assertThatCode(() -> service.doJsr250()).doesNotThrowAnyException();
 
-		assertThatCode(() -> service.doPreAuthorize())
-			.doesNotThrowAnyException();
+		assertThatCode(() -> service.doPreAuthorize()).doesNotThrowAnyException();
 	}
 
 	@EnableWebSecurity
-	@EnableGlobalMethodSecurity(prePostEnabled=true, jsr250Enabled = true)
+	@EnableGlobalMethodSecurity(prePostEnabled = true, jsr250Enabled = true)
 	static class SecurityConfig extends WebSecurityConfigurerAdapter {
 
 		@RestController
 		static class RootController {
+
 			@GetMapping("/")
-			public String ok() { return "ok"; }
+			public String ok() {
+				return "ok";
+			}
+
 		}
 
 		@Override
@@ -116,11 +118,15 @@ public class Sec2758Tests {
 	}
 
 	static class Service {
+
 		@PreAuthorize("hasRole('CUSTOM')")
-		public void doPreAuthorize() {}
+		public void doPreAuthorize() {
+		}
 
 		@RolesAllowed("CUSTOM")
-		public void doJsr250() {}
+		public void doJsr250() {
+		}
+
 	}
 
 	static class DefaultRolesPrefixPostProcessor implements BeanPostProcessor, PriorityOrdered {
@@ -148,5 +154,7 @@ public class Sec2758Tests {
 		public int getOrder() {
 			return PriorityOrdered.HIGHEST_PRECEDENCE;
 		}
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/AbstractConfiguredSecurityBuilderTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/AbstractConfiguredSecurityBuilderTests.java
index 4f6fa4a613..b35dbf989c 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/AbstractConfiguredSecurityBuilderTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/AbstractConfiguredSecurityBuilderTests.java
@@ -34,6 +34,7 @@ import static org.mockito.Mockito.verify;
  * @author Joe Grandja
  */
 public class AbstractConfiguredSecurityBuilderTests {
+
 	private TestConfiguredSecurityBuilder builder;
 
 	@Before
@@ -80,7 +81,8 @@ public class AbstractConfiguredSecurityBuilderTests {
 
 	@Test(expected = IllegalStateException.class)
 	public void getConfigurerWhenMultipleConfigurersThenThrowIllegalStateException() throws Exception {
-		TestConfiguredSecurityBuilder builder = new TestConfiguredSecurityBuilder(mock(ObjectPostProcessor.class), true);
+		TestConfiguredSecurityBuilder builder = new TestConfiguredSecurityBuilder(mock(ObjectPostProcessor.class),
+				true);
 		builder.apply(new DelegateSecurityConfigurer());
 		builder.apply(new DelegateSecurityConfigurer());
 		builder.getConfigurer(DelegateSecurityConfigurer.class);
@@ -88,7 +90,8 @@ public class AbstractConfiguredSecurityBuilderTests {
 
 	@Test(expected = IllegalStateException.class)
 	public void removeConfigurerWhenMultipleConfigurersThenThrowIllegalStateException() throws Exception {
-		TestConfiguredSecurityBuilder builder = new TestConfiguredSecurityBuilder(mock(ObjectPostProcessor.class), true);
+		TestConfiguredSecurityBuilder builder = new TestConfiguredSecurityBuilder(mock(ObjectPostProcessor.class),
+				true);
 		builder.apply(new DelegateSecurityConfigurer());
 		builder.apply(new DelegateSecurityConfigurer());
 		builder.removeConfigurer(DelegateSecurityConfigurer.class);
@@ -98,10 +101,12 @@ public class AbstractConfiguredSecurityBuilderTests {
 	public void removeConfigurersWhenMultipleConfigurersThenConfigurersRemoved() throws Exception {
 		DelegateSecurityConfigurer configurer1 = new DelegateSecurityConfigurer();
 		DelegateSecurityConfigurer configurer2 = new DelegateSecurityConfigurer();
-		TestConfiguredSecurityBuilder builder = new TestConfiguredSecurityBuilder(mock(ObjectPostProcessor.class), true);
+		TestConfiguredSecurityBuilder builder = new TestConfiguredSecurityBuilder(mock(ObjectPostProcessor.class),
+				true);
 		builder.apply(configurer1);
 		builder.apply(configurer2);
-		List<DelegateSecurityConfigurer> removedConfigurers = builder.removeConfigurers(DelegateSecurityConfigurer.class);
+		List<DelegateSecurityConfigurer> removedConfigurers = builder
+				.removeConfigurers(DelegateSecurityConfigurer.class);
 		assertThat(removedConfigurers).hasSize(2);
 		assertThat(removedConfigurers).containsExactly(configurer1, configurer2);
 		assertThat(builder.getConfigurers(DelegateSecurityConfigurer.class)).isEmpty();
@@ -111,7 +116,8 @@ public class AbstractConfiguredSecurityBuilderTests {
 	public void getConfigurersWhenMultipleConfigurersThenConfigurersReturned() throws Exception {
 		DelegateSecurityConfigurer configurer1 = new DelegateSecurityConfigurer();
 		DelegateSecurityConfigurer configurer2 = new DelegateSecurityConfigurer();
-		TestConfiguredSecurityBuilder builder = new TestConfiguredSecurityBuilder(mock(ObjectPostProcessor.class), true);
+		TestConfiguredSecurityBuilder builder = new TestConfiguredSecurityBuilder(mock(ObjectPostProcessor.class),
+				true);
 		builder.apply(configurer1);
 		builder.apply(configurer2);
 		List<DelegateSecurityConfigurer> configurers = builder.getConfigurers(DelegateSecurityConfigurer.class);
@@ -120,29 +126,39 @@ public class AbstractConfiguredSecurityBuilderTests {
 		assertThat(builder.getConfigurers(DelegateSecurityConfigurer.class)).hasSize(2);
 	}
 
-	private static class DelegateSecurityConfigurer extends SecurityConfigurerAdapter<Object, TestConfiguredSecurityBuilder> {
+	private static class DelegateSecurityConfigurer
+			extends SecurityConfigurerAdapter<Object, TestConfiguredSecurityBuilder> {
+
 		private static SecurityConfigurer<Object, TestConfiguredSecurityBuilder> CONFIGURER;
 
 		@Override
 		public void init(TestConfiguredSecurityBuilder builder) throws Exception {
 			builder.apply(CONFIGURER);
 		}
+
 	}
 
-	private static class TestSecurityConfigurer extends SecurityConfigurerAdapter<Object, TestConfiguredSecurityBuilder> { }
+	private static class TestSecurityConfigurer
+			extends SecurityConfigurerAdapter<Object, TestConfiguredSecurityBuilder> {
 
-	private static class TestConfiguredSecurityBuilder extends AbstractConfiguredSecurityBuilder<Object, TestConfiguredSecurityBuilder> {
+	}
+
+	private static class TestConfiguredSecurityBuilder
+			extends AbstractConfiguredSecurityBuilder<Object, TestConfiguredSecurityBuilder> {
 
 		private TestConfiguredSecurityBuilder(ObjectPostProcessor<Object> objectPostProcessor) {
 			super(objectPostProcessor);
 		}
 
-		private TestConfiguredSecurityBuilder(ObjectPostProcessor<Object> objectPostProcessor, boolean allowConfigurersOfSameType) {
+		private TestConfiguredSecurityBuilder(ObjectPostProcessor<Object> objectPostProcessor,
+				boolean allowConfigurersOfSameType) {
 			super(objectPostProcessor, allowConfigurersOfSameType);
 		}
 
 		public Object performBuild() {
 			return "success";
 		}
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistryAnyMatcherTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistryAnyMatcherTests.java
index b2694200b0..bb52d221ec 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistryAnyMatcherTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistryAnyMatcherTests.java
@@ -30,10 +30,11 @@ import org.springframework.web.context.support.AnnotationConfigWebApplicationCon
  *
  * @author Ankur Pathak
  */
-public class AbstractRequestMatcherRegistryAnyMatcherTests{
+public class AbstractRequestMatcherRegistryAnyMatcherTests {
 
 	@EnableWebSecurity
 	static class AntMatchersAfterAnyRequestConfig extends WebSecurityConfigurerAdapter {
+
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
@@ -43,15 +44,17 @@ public class AbstractRequestMatcherRegistryAnyMatcherTests{
 			// @formatter:on
 
 		}
+
 	}
 
 	@Test(expected = BeanCreationException.class)
-	public void antMatchersCanNotWorkAfterAnyRequest(){
+	public void antMatchersCanNotWorkAfterAnyRequest() {
 		loadConfig(AntMatchersAfterAnyRequestConfig.class);
 	}
 
 	@EnableWebSecurity
 	static class MvcMatchersAfterAnyRequestConfig extends WebSecurityConfigurerAdapter {
+
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
@@ -61,6 +64,7 @@ public class AbstractRequestMatcherRegistryAnyMatcherTests{
 			// @formatter:on
 
 		}
+
 	}
 
 	@Test(expected = BeanCreationException.class)
@@ -70,6 +74,7 @@ public class AbstractRequestMatcherRegistryAnyMatcherTests{
 
 	@EnableWebSecurity
 	static class RegexMatchersAfterAnyRequestConfig extends WebSecurityConfigurerAdapter {
+
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
@@ -79,6 +84,7 @@ public class AbstractRequestMatcherRegistryAnyMatcherTests{
 			// @formatter:on
 
 		}
+
 	}
 
 	@Test(expected = BeanCreationException.class)
@@ -88,6 +94,7 @@ public class AbstractRequestMatcherRegistryAnyMatcherTests{
 
 	@EnableWebSecurity
 	static class AnyRequestAfterItselfConfig extends WebSecurityConfigurerAdapter {
+
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
@@ -97,6 +104,7 @@ public class AbstractRequestMatcherRegistryAnyMatcherTests{
 			// @formatter:on
 
 		}
+
 	}
 
 	@Test(expected = BeanCreationException.class)
@@ -106,6 +114,7 @@ public class AbstractRequestMatcherRegistryAnyMatcherTests{
 
 	@EnableWebSecurity
 	static class RequestMatchersAfterAnyRequestConfig extends WebSecurityConfigurerAdapter {
+
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
@@ -115,6 +124,7 @@ public class AbstractRequestMatcherRegistryAnyMatcherTests{
 			// @formatter:on
 
 		}
+
 	}
 
 	@Test(expected = BeanCreationException.class)
@@ -129,4 +139,5 @@ public class AbstractRequestMatcherRegistryAnyMatcherTests{
 		context.setServletContext(new MockServletContext());
 		context.refresh();
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistryTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistryTests.java
index e0070a80c9..04fd95279b 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistryTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistryTests.java
@@ -32,6 +32,7 @@ import static org.assertj.core.api.Assertions.assertThat;
  * @author Joe Grandja
  */
 public class AbstractRequestMatcherRegistryTests {
+
 	private TestRequestMatcherRegistry matcherRegistry;
 
 	@Before
@@ -87,5 +88,7 @@ public class AbstractRequestMatcherRegistryTests {
 		protected List<RequestMatcher> chainRequestMatchers(List<RequestMatcher> requestMatchers) {
 			return requestMatchers;
 		}
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/HttpSecurityHeadersTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/HttpSecurityHeadersTests.java
index 9a7a66ec64..7d24eb0c30 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/HttpSecurityHeadersTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/HttpSecurityHeadersTests.java
@@ -41,7 +41,6 @@ import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 
 /**
- *
  * @author Rob Winch
  *
  */
@@ -49,8 +48,10 @@ import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 @ContextConfiguration
 @WebAppConfiguration
 public class HttpSecurityHeadersTests {
+
 	@Autowired
 	WebApplicationContext wac;
+
 	@Autowired
 	Filter springSecurityFilterChain;
 
@@ -58,44 +59,46 @@ public class HttpSecurityHeadersTests {
 
 	@Before
 	public void setup() {
-		mockMvc = MockMvcBuilders
-				.webAppContextSetup(wac)
-				.addFilters(springSecurityFilterChain)
-				.build();
+		mockMvc = MockMvcBuilders.webAppContextSetup(wac).addFilters(springSecurityFilterChain).build();
 	}
 
 	// gh-2953
 	// gh-3975
 	@Test
 	public void headerWhenSpringMvcResourceThenCacheRelatedHeadersReset() throws Exception {
-		mockMvc.perform(get("/resources/file.js"))
-			.andExpect(status().isOk())
-			.andExpect(header().string(HttpHeaders.CACHE_CONTROL, "max-age=12345"))
-			.andExpect(header().doesNotExist(HttpHeaders.PRAGMA))
-			.andExpect(header().doesNotExist(HttpHeaders.EXPIRES));
+		mockMvc.perform(get("/resources/file.js")).andExpect(status().isOk())
+				.andExpect(header().string(HttpHeaders.CACHE_CONTROL, "max-age=12345"))
+				.andExpect(header().doesNotExist(HttpHeaders.PRAGMA))
+				.andExpect(header().doesNotExist(HttpHeaders.EXPIRES));
 	}
 
 	@Test
 	public void headerWhenNotSpringResourceThenCacheRelatedHeadersSet() throws Exception {
 		mockMvc.perform(get("/notresource"))
-			.andExpect(header().string(HttpHeaders.CACHE_CONTROL, "no-cache, no-store, max-age=0, must-revalidate"))
-			.andExpect(header().string(HttpHeaders.PRAGMA, "no-cache"))
-			.andExpect(header().string(HttpHeaders.EXPIRES, "0"));
+				.andExpect(header().string(HttpHeaders.CACHE_CONTROL, "no-cache, no-store, max-age=0, must-revalidate"))
+				.andExpect(header().string(HttpHeaders.PRAGMA, "no-cache"))
+				.andExpect(header().string(HttpHeaders.EXPIRES, "0"));
 	}
 
 	@EnableWebSecurity
 	static class WebSecurityConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) {
 		}
+
 	}
 
 	@EnableWebMvc
 	@Configuration
 	static class WebMvcConfig implements WebMvcConfigurer {
+
 		@Override
 		public void addResourceHandlers(ResourceHandlerRegistry registry) {
-			registry.addResourceHandler("/resources/**").addResourceLocations("classpath:/resources/").setCachePeriod(12345);
+			registry.addResourceHandler("/resources/**").addResourceLocations("classpath:/resources/")
+					.setCachePeriod(12345);
 		}
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/SampleWebSecurityConfigurerAdapterTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/SampleWebSecurityConfigurerAdapterTests.java
index 760152d496..0e779e9c4a 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/SampleWebSecurityConfigurerAdapterTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/SampleWebSecurityConfigurerAdapterTests.java
@@ -48,6 +48,7 @@ import static org.assertj.core.api.Assertions.assertThat;
  * @author Joe Grandja
  */
 public class SampleWebSecurityConfigurerAdapterTests {
+
 	@Rule
 	public final SpringTestRule spring = new SpringTestRule();
 
@@ -55,7 +56,9 @@ public class SampleWebSecurityConfigurerAdapterTests {
 	private FilterChainProxy springSecurityFilterChain;
 
 	private MockHttpServletRequest request;
+
 	private MockHttpServletResponse response;
+
 	private MockFilterChain chain;
 
 	@Before
@@ -129,10 +132,12 @@ public class SampleWebSecurityConfigurerAdapterTests {
 	 *     </authentication-provider>
 	 *   </authentication-manager>
 	 * </code>
+	 *
 	 * @author Rob Winch
 	 */
 	@EnableWebSecurity
 	public static class HelloWorldWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
 			// @formatter:off
@@ -141,8 +146,8 @@ public class SampleWebSecurityConfigurerAdapterTests {
 					.withUser(PasswordEncodedUser.user());
 			// @formatter:on
 		}
-	}
 
+	}
 
 	@Test
 	public void readmeSampleWhenRequestSecureResourceThenRedirectToLogin() throws Exception {
@@ -201,11 +206,13 @@ public class SampleWebSecurityConfigurerAdapterTests {
 	 *     <authentication-provider>
 	 *       <user-service>
 	 *         <user username="user" password="password" authorities="ROLE_USER"/>
-	 *         <user username="admin" password="password" authorities="ROLE_USER,ROLE_ADMIN"/>
+	 *         <user username="admin" password="password" authorities=
+	"ROLE_USER,ROLE_ADMIN"/>
 	 *       </user-service>
 	 *     </authentication-provider>
 	 *   </authentication-manager>
 	 * </code>
+	 *
 	 * @author Rob Winch
 	 */
 	@EnableWebSecurity
@@ -213,9 +220,7 @@ public class SampleWebSecurityConfigurerAdapterTests {
 
 		@Override
 		public void configure(WebSecurity web) {
-			web
-				.ignoring()
-					.antMatchers("/resources/**");
+			web.ignoring().antMatchers("/resources/**");
 		}
 
 		@Override
@@ -242,8 +247,8 @@ public class SampleWebSecurityConfigurerAdapterTests {
 					.withUser(PasswordEncodedUser.admin());
 			// @formatter:on
 		}
-	}
 
+	}
 
 	@Test
 	public void multiHttpSampleWhenRequestSecureResourceThenRedirectToLogin() throws Exception {
@@ -293,7 +298,8 @@ public class SampleWebSecurityConfigurerAdapterTests {
 		this.spring.register(SampleMultiHttpSecurityConfig.class).autowire();
 
 		this.request.setServletPath("/api/admin/test");
-		this.request.addHeader("Authorization", "Basic " + Base64.getEncoder().encodeToString("user:password".getBytes()));
+		this.request.addHeader("Authorization",
+				"Basic " + Base64.getEncoder().encodeToString("user:password".getBytes()));
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
 
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_FORBIDDEN);
@@ -304,7 +310,8 @@ public class SampleWebSecurityConfigurerAdapterTests {
 		this.spring.register(SampleMultiHttpSecurityConfig.class).autowire();
 
 		this.request.setServletPath("/api/admin/test");
-		this.request.addHeader("Authorization", "Basic " + Base64.getEncoder().encodeToString("admin:password".getBytes()));
+		this.request.addHeader("Authorization",
+				"Basic " + Base64.getEncoder().encodeToString("admin:password".getBytes()));
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
 
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
@@ -339,15 +346,18 @@ public class SampleWebSecurityConfigurerAdapterTests {
 	 *     <authentication-provider>
 	 *       <user-service>
 	 *         <user username="user" password="password" authorities="ROLE_USER"/>
-	 *         <user username="admin" password="password" authorities="ROLE_USER,ROLE_ADMIN"/>
+	 *         <user username="admin" password="password" authorities=
+	"ROLE_USER,ROLE_ADMIN"/>
 	 *       </user-service>
 	 *     </authentication-provider>
 	 *   </authentication-manager>
 	 * </code>
+	 *
 	 * @author Rob Winch
 	 */
 	@EnableWebSecurity
 	public static class SampleMultiHttpSecurityConfig {
+
 		@Autowired
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
 			// @formatter:off
@@ -361,6 +371,7 @@ public class SampleWebSecurityConfigurerAdapterTests {
 		@Configuration
 		@Order(1)
 		public static class ApiWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {
+
 			protected void configure(HttpSecurity http) throws Exception {
 				// @formatter:off
 				http
@@ -372,15 +383,15 @@ public class SampleWebSecurityConfigurerAdapterTests {
 						.httpBasic();
 				// @formatter:on
 			}
+
 		}
 
 		@Configuration
 		public static class FormLoginWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
+
 			@Override
 			public void configure(WebSecurity web) {
-				web
-					.ignoring()
-						.antMatchers("/resources/**");
+				web.ignoring().antMatchers("/resources/**");
 			}
 
 			@Override
@@ -396,6 +407,9 @@ public class SampleWebSecurityConfigurerAdapterTests {
 							.permitAll();
 				// @formatter:on
 			}
+
 		}
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterPowermockTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterPowermockTests.java
index a0643fcf3f..bcebf665c5 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterPowermockTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterPowermockTests.java
@@ -53,14 +53,15 @@ import static org.powermock.api.mockito.PowerMockito.when;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 
 /**
- *
  * @author Rob Winch
  *
  */
 @RunWith(PowerMockRunner.class)
 @PrepareForTest({ SpringFactoriesLoader.class, WebAsyncManager.class })
-@PowerMockIgnore({ "org.w3c.dom.*", "org.xml.sax.*", "org.apache.xerces.*", "javax.xml.parsers.*", "javax.xml.transform.*" })
+@PowerMockIgnore({ "org.w3c.dom.*", "org.xml.sax.*", "org.apache.xerces.*", "javax.xml.parsers.*",
+		"javax.xml.transform.*" })
 public class WebSecurityConfigurerAdapterPowermockTests {
+
 	ConfigurableWebApplicationContext context;
 
 	@Rule
@@ -80,9 +81,8 @@ public class WebSecurityConfigurerAdapterPowermockTests {
 	public void loadConfigWhenDefaultConfigurerAsSpringFactoryhenDefaultConfigurerApplied() {
 		spy(SpringFactoriesLoader.class);
 		DefaultConfigurer configurer = new DefaultConfigurer();
-		when(SpringFactoriesLoader
-				.loadFactories(AbstractHttpConfigurer.class, getClass().getClassLoader()))
-			.thenReturn(Arrays.<AbstractHttpConfigurer>asList(configurer));
+		when(SpringFactoriesLoader.loadFactories(AbstractHttpConfigurer.class, getClass().getClassLoader()))
+				.thenReturn(Arrays.<AbstractHttpConfigurer>asList(configurer));
 
 		loadConfig(Config.class);
 
@@ -100,13 +100,17 @@ public class WebSecurityConfigurerAdapterPowermockTests {
 
 	@EnableWebSecurity
 	static class Config extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) {
 		}
+
 	}
 
 	static class DefaultConfigurer extends AbstractHttpConfigurer<DefaultConfigurer, HttpSecurity> {
+
 		boolean init;
+
 		boolean configure;
 
 		@Override
@@ -118,6 +122,7 @@ public class WebSecurityConfigurerAdapterPowermockTests {
 		public void configure(HttpSecurity builder) {
 			this.configure = true;
 		}
+
 	}
 
 	@Test
@@ -128,15 +133,15 @@ public class WebSecurityConfigurerAdapterPowermockTests {
 
 		this.mockMvc.perform(get("/").requestAttr(WebAsyncUtils.WEB_ASYNC_MANAGER_ATTRIBUTE, webAsyncManager));
 
-		ArgumentCaptor<CallableProcessingInterceptor> callableProcessingInterceptorArgCaptor =
-				ArgumentCaptor.forClass(CallableProcessingInterceptor.class);
-		verify(webAsyncManager, atLeastOnce()).registerCallableInterceptor(any(), callableProcessingInterceptorArgCaptor.capture());
+		ArgumentCaptor<CallableProcessingInterceptor> callableProcessingInterceptorArgCaptor = ArgumentCaptor
+				.forClass(CallableProcessingInterceptor.class);
+		verify(webAsyncManager, atLeastOnce()).registerCallableInterceptor(any(),
+				callableProcessingInterceptorArgCaptor.capture());
 
-		CallableProcessingInterceptor callableProcessingInterceptor =
-				callableProcessingInterceptorArgCaptor.getAllValues().stream()
-						.filter(e -> SecurityContextCallableProcessingInterceptor.class.isAssignableFrom(e.getClass()))
-						.findFirst()
-						.orElse(null);
+		CallableProcessingInterceptor callableProcessingInterceptor = callableProcessingInterceptorArgCaptor
+				.getAllValues().stream()
+				.filter(e -> SecurityContextCallableProcessingInterceptor.class.isAssignableFrom(e.getClass()))
+				.findFirst().orElse(null);
 
 		assertThat(callableProcessingInterceptor).isNotNull();
 	}
@@ -156,5 +161,7 @@ public class WebSecurityConfigurerAdapterPowermockTests {
 		@Override
 		protected void configure(HttpSecurity http) {
 		}
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterTests.java
index 4d8bf244d1..a5a3ff02c4 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterTests.java
@@ -71,6 +71,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
  * @author Joe Grandja
  */
 public class WebSecurityConfigurerAdapterTests {
+
 	@Rule
 	public final SpringTestRule spring = new SpringTestRule();
 
@@ -81,14 +82,12 @@ public class WebSecurityConfigurerAdapterTests {
 	public void loadConfigWhenRequestSecureThenDefaultSecurityHeadersReturned() throws Exception {
 		this.spring.register(HeadersArePopulatedByDefaultConfig.class).autowire();
 
-		this.mockMvc.perform(get("/").secure(true))
-			.andExpect(header().string("X-Content-Type-Options", "nosniff"))
-			.andExpect(header().string("X-Frame-Options", "DENY"))
-			.andExpect(header().string("Strict-Transport-Security", "max-age=31536000 ; includeSubDomains"))
-			.andExpect(header().string("Cache-Control", "no-cache, no-store, max-age=0, must-revalidate"))
-			.andExpect(header().string("Pragma", "no-cache"))
-			.andExpect(header().string("Expires", "0"))
-			.andExpect(header().string("X-XSS-Protection", "1; mode=block"));
+		this.mockMvc.perform(get("/").secure(true)).andExpect(header().string("X-Content-Type-Options", "nosniff"))
+				.andExpect(header().string("X-Frame-Options", "DENY"))
+				.andExpect(header().string("Strict-Transport-Security", "max-age=31536000 ; includeSubDomains"))
+				.andExpect(header().string("Cache-Control", "no-cache, no-store, max-age=0, must-revalidate"))
+				.andExpect(header().string("Pragma", "no-cache")).andExpect(header().string("Expires", "0"))
+				.andExpect(header().string("X-XSS-Protection", "1; mode=block"));
 	}
 
 	@EnableWebSecurity
@@ -106,14 +105,14 @@ public class WebSecurityConfigurerAdapterTests {
 		@Override
 		protected void configure(HttpSecurity http) {
 		}
+
 	}
 
 	@Test
 	public void loadConfigWhenRequestAuthenticateThenAuthenticationEventPublished() throws Exception {
 		this.spring.register(InMemoryAuthWithWebSecurityConfigurerAdapter.class).autowire();
 
-		this.mockMvc.perform(formLogin())
-			.andExpect(status().is3xxRedirection());
+		this.mockMvc.perform(formLogin()).andExpect(status().is3xxRedirection());
 
 		assertThat(InMemoryAuthWithWebSecurityConfigurerAdapter.EVENTS).isNotEmpty();
 		assertThat(InMemoryAuthWithWebSecurityConfigurerAdapter.EVENTS).hasSize(1);
@@ -121,7 +120,7 @@ public class WebSecurityConfigurerAdapterTests {
 
 	@EnableWebSecurity
 	static class InMemoryAuthWithWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter
-		implements ApplicationListener<AuthenticationSuccessEvent> {
+			implements ApplicationListener<AuthenticationSuccessEvent> {
 
 		static List<AuthenticationSuccessEvent> EVENTS = new ArrayList<>();
 
@@ -138,22 +137,22 @@ public class WebSecurityConfigurerAdapterTests {
 		public void onApplicationEvent(AuthenticationSuccessEvent event) {
 			EVENTS.add(event);
 		}
+
 	}
 
 	@Test
 	public void loadConfigWhenInMemoryConfigureProtectedThenPasswordUpgraded() throws Exception {
 		this.spring.register(InMemoryConfigureProtectedConfig.class).autowire();
 
-		this.mockMvc.perform(formLogin())
-				.andExpect(status().is3xxRedirection());
+		this.mockMvc.perform(formLogin()).andExpect(status().is3xxRedirection());
 
-		UserDetailsService uds = this.spring.getContext()
-				.getBean(UserDetailsService.class);
+		UserDetailsService uds = this.spring.getContext().getBean(UserDetailsService.class);
 		assertThat(uds.loadUserByUsername("user").getPassword()).startsWith("{bcrypt}");
 	}
 
 	@EnableWebSecurity
 	static class InMemoryConfigureProtectedConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
 			// @formatter:off
@@ -168,22 +167,22 @@ public class WebSecurityConfigurerAdapterTests {
 		public UserDetailsService userDetailsServiceBean() throws Exception {
 			return super.userDetailsServiceBean();
 		}
+
 	}
 
 	@Test
 	public void loadConfigWhenInMemoryConfigureGlobalThenPasswordUpgraded() throws Exception {
 		this.spring.register(InMemoryConfigureGlobalConfig.class).autowire();
 
-		this.mockMvc.perform(formLogin())
-				.andExpect(status().is3xxRedirection());
+		this.mockMvc.perform(formLogin()).andExpect(status().is3xxRedirection());
 
-		UserDetailsService uds = this.spring.getContext()
-				.getBean(UserDetailsService.class);
+		UserDetailsService uds = this.spring.getContext().getBean(UserDetailsService.class);
 		assertThat(uds.loadUserByUsername("user").getPassword()).startsWith("{bcrypt}");
 	}
 
 	@EnableWebSecurity
 	static class InMemoryConfigureGlobalConfig extends WebSecurityConfigurerAdapter {
+
 		@Autowired
 		public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
 			// @formatter:off
@@ -198,24 +197,28 @@ public class WebSecurityConfigurerAdapterTests {
 		public UserDetailsService userDetailsServiceBean() throws Exception {
 			return super.userDetailsServiceBean();
 		}
+
 	}
 
 	@Test
 	public void loadConfigWhenCustomContentNegotiationStrategyBeanThenOverridesDefault() {
-		OverrideContentNegotiationStrategySharedObjectConfig.CONTENT_NEGOTIATION_STRATEGY_BEAN = mock(ContentNegotiationStrategy.class);
+		OverrideContentNegotiationStrategySharedObjectConfig.CONTENT_NEGOTIATION_STRATEGY_BEAN = mock(
+				ContentNegotiationStrategy.class);
 		this.spring.register(OverrideContentNegotiationStrategySharedObjectConfig.class).autowire();
 
-		OverrideContentNegotiationStrategySharedObjectConfig securityConfig =
-			this.spring.getContext().getBean(OverrideContentNegotiationStrategySharedObjectConfig.class);
+		OverrideContentNegotiationStrategySharedObjectConfig securityConfig = this.spring.getContext()
+				.getBean(OverrideContentNegotiationStrategySharedObjectConfig.class);
 
 		assertThat(securityConfig.contentNegotiationStrategySharedObject).isNotNull();
 		assertThat(securityConfig.contentNegotiationStrategySharedObject)
-			.isSameAs(OverrideContentNegotiationStrategySharedObjectConfig.CONTENT_NEGOTIATION_STRATEGY_BEAN);
+				.isSameAs(OverrideContentNegotiationStrategySharedObjectConfig.CONTENT_NEGOTIATION_STRATEGY_BEAN);
 	}
 
 	@EnableWebSecurity
 	static class OverrideContentNegotiationStrategySharedObjectConfig extends WebSecurityConfigurerAdapter {
+
 		static ContentNegotiationStrategy CONTENT_NEGOTIATION_STRATEGY_BEAN;
+
 		private ContentNegotiationStrategy contentNegotiationStrategySharedObject;
 
 		@Bean
@@ -228,21 +231,24 @@ public class WebSecurityConfigurerAdapterTests {
 			this.contentNegotiationStrategySharedObject = http.getSharedObject(ContentNegotiationStrategy.class);
 			super.configure(http);
 		}
+
 	}
 
 	@Test
 	public void loadConfigWhenDefaultContentNegotiationStrategyThenHeaderContentNegotiationStrategy() {
 		this.spring.register(ContentNegotiationStrategyDefaultSharedObjectConfig.class).autowire();
 
-		ContentNegotiationStrategyDefaultSharedObjectConfig securityConfig =
-			this.spring.getContext().getBean(ContentNegotiationStrategyDefaultSharedObjectConfig.class);
+		ContentNegotiationStrategyDefaultSharedObjectConfig securityConfig = this.spring.getContext()
+				.getBean(ContentNegotiationStrategyDefaultSharedObjectConfig.class);
 
 		assertThat(securityConfig.contentNegotiationStrategySharedObject).isNotNull();
-		assertThat(securityConfig.contentNegotiationStrategySharedObject).isInstanceOf(HeaderContentNegotiationStrategy.class);
+		assertThat(securityConfig.contentNegotiationStrategySharedObject)
+				.isInstanceOf(HeaderContentNegotiationStrategy.class);
 	}
 
 	@EnableWebSecurity
 	static class ContentNegotiationStrategyDefaultSharedObjectConfig extends WebSecurityConfigurerAdapter {
+
 		private ContentNegotiationStrategy contentNegotiationStrategySharedObject;
 
 		@Override
@@ -250,6 +256,7 @@ public class WebSecurityConfigurerAdapterTests {
 			this.contentNegotiationStrategySharedObject = http.getSharedObject(ContentNegotiationStrategy.class);
 			super.configure(http);
 		}
+
 	}
 
 	@Test
@@ -258,23 +265,26 @@ public class WebSecurityConfigurerAdapterTests {
 
 		MyFilter myFilter = this.spring.getContext().getBean(MyFilter.class);
 
-		Throwable thrown = catchThrowable(() -> myFilter.userDetailsService.loadUserByUsername("user") );
+		Throwable thrown = catchThrowable(() -> myFilter.userDetailsService.loadUserByUsername("user"));
 		assertThat(thrown).isNull();
 
-		thrown = catchThrowable(() -> myFilter.userDetailsService.loadUserByUsername("admin") );
+		thrown = catchThrowable(() -> myFilter.userDetailsService.loadUserByUsername("admin"));
 		assertThat(thrown).isInstanceOf(UsernameNotFoundException.class);
 	}
 
 	@Configuration
 	static class RequiresUserDetailsServiceConfig {
+
 		@Bean
 		public MyFilter myFilter(UserDetailsService userDetailsService) {
 			return new MyFilter(userDetailsService);
 		}
+
 	}
 
 	@EnableWebSecurity
 	static class UserDetailsServiceConfig extends WebSecurityConfigurerAdapter {
+
 		@Autowired
 		private MyFilter myFilter;
 
@@ -297,9 +307,11 @@ public class WebSecurityConfigurerAdapterTests {
 					.withUser(PasswordEncodedUser.user());
 			// @formatter:on
 		}
+
 	}
 
 	static class MyFilter extends OncePerRequestFilter {
+
 		private UserDetailsService userDetailsService;
 
 		MyFilter(UserDetailsService userDetailsService) {
@@ -307,11 +319,11 @@ public class WebSecurityConfigurerAdapterTests {
 		}
 
 		@Override
-		protected void doFilterInternal(HttpServletRequest request,
-										HttpServletResponse response,
-										FilterChain filterChain) throws ServletException, IOException {
+		protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
+				FilterChain filterChain) throws ServletException, IOException {
 			filterChain.doFilter(request, response);
 		}
+
 	}
 
 	// SEC-2274: WebSecurityConfigurer adds ApplicationContext as a shared object
@@ -319,8 +331,8 @@ public class WebSecurityConfigurerAdapterTests {
 	public void loadConfigWhenSharedObjectsCreatedThenApplicationContextAdded() {
 		this.spring.register(ApplicationContextSharedObjectConfig.class).autowire();
 
-		ApplicationContextSharedObjectConfig securityConfig =
-			this.spring.getContext().getBean(ApplicationContextSharedObjectConfig.class);
+		ApplicationContextSharedObjectConfig securityConfig = this.spring.getContext()
+				.getBean(ApplicationContextSharedObjectConfig.class);
 
 		assertThat(securityConfig.applicationContextSharedObject).isNotNull();
 		assertThat(securityConfig.applicationContextSharedObject).isSameAs(this.spring.getContext());
@@ -328,6 +340,7 @@ public class WebSecurityConfigurerAdapterTests {
 
 	@EnableWebSecurity
 	static class ApplicationContextSharedObjectConfig extends WebSecurityConfigurerAdapter {
+
 		private ApplicationContext applicationContextSharedObject;
 
 		@Override
@@ -335,6 +348,7 @@ public class WebSecurityConfigurerAdapterTests {
 			this.applicationContextSharedObject = http.getSharedObject(ApplicationContext.class);
 			super.configure(http);
 		}
+
 	}
 
 	@Test
@@ -342,17 +356,18 @@ public class WebSecurityConfigurerAdapterTests {
 		CustomTrustResolverConfig.AUTHENTICATION_TRUST_RESOLVER_BEAN = mock(AuthenticationTrustResolver.class);
 		this.spring.register(CustomTrustResolverConfig.class).autowire();
 
-		CustomTrustResolverConfig securityConfig =
-			this.spring.getContext().getBean(CustomTrustResolverConfig.class);
+		CustomTrustResolverConfig securityConfig = this.spring.getContext().getBean(CustomTrustResolverConfig.class);
 
 		assertThat(securityConfig.authenticationTrustResolverSharedObject).isNotNull();
 		assertThat(securityConfig.authenticationTrustResolverSharedObject)
-			.isSameAs(CustomTrustResolverConfig.AUTHENTICATION_TRUST_RESOLVER_BEAN);
+				.isSameAs(CustomTrustResolverConfig.AUTHENTICATION_TRUST_RESOLVER_BEAN);
 	}
 
 	@EnableWebSecurity
 	static class CustomTrustResolverConfig extends WebSecurityConfigurerAdapter {
+
 		static AuthenticationTrustResolver AUTHENTICATION_TRUST_RESOLVER_BEAN;
+
 		private AuthenticationTrustResolver authenticationTrustResolverSharedObject;
 
 		@Bean
@@ -365,21 +380,23 @@ public class WebSecurityConfigurerAdapterTests {
 			this.authenticationTrustResolverSharedObject = http.getSharedObject(AuthenticationTrustResolver.class);
 			super.configure(http);
 		}
+
 	}
 
 	@Test
 	public void compareOrderWebSecurityConfigurerAdapterWhenLowestOrderToDefaultOrderThenGreaterThanZero() {
 		AnnotationAwareOrderComparator comparator = new AnnotationAwareOrderComparator();
-		assertThat(comparator.compare(
-			new LowestPriorityWebSecurityConfig(),
-			new DefaultOrderWebSecurityConfig())).isGreaterThan(0);
+		assertThat(comparator.compare(new LowestPriorityWebSecurityConfig(), new DefaultOrderWebSecurityConfig()))
+				.isGreaterThan(0);
 	}
 
 	static class DefaultOrderWebSecurityConfig extends WebSecurityConfigurerAdapter {
+
 	}
 
 	@Order
 	static class LowestPriorityWebSecurityConfig extends WebSecurityConfigurerAdapter {
+
 	}
 
 	// gh-7515
@@ -387,17 +404,17 @@ public class WebSecurityConfigurerAdapterTests {
 	public void performWhenUsingAuthenticationEventPublisherBeanThenUses() throws Exception {
 		this.spring.register(CustomAuthenticationEventPublisherBean.class).autowire();
 
-		AuthenticationEventPublisher authenticationEventPublisher =
-				this.spring.getContext().getBean(AuthenticationEventPublisher.class);
+		AuthenticationEventPublisher authenticationEventPublisher = this.spring.getContext()
+				.getBean(AuthenticationEventPublisher.class);
 
-		this.mockMvc.perform(get("/")
-				.with(httpBasic("user", "password")));
+		this.mockMvc.perform(get("/").with(httpBasic("user", "password")));
 
 		verify(authenticationEventPublisher).publishAuthenticationSuccess(any(Authentication.class));
 	}
 
 	@EnableWebSecurity
 	static class CustomAuthenticationEventPublisherBean extends WebSecurityConfigurerAdapter {
+
 		@Bean
 		@Override
 		public UserDetailsService userDetailsService() {
@@ -408,6 +425,7 @@ public class WebSecurityConfigurerAdapterTests {
 		public AuthenticationEventPublisher authenticationEventPublisher() {
 			return mock(AuthenticationEventPublisher.class);
 		}
+
 	}
 
 	// gh-4400
@@ -415,24 +433,27 @@ public class WebSecurityConfigurerAdapterTests {
 	public void performWhenUsingAuthenticationEventPublisherInDslThenUses() throws Exception {
 		this.spring.register(CustomAuthenticationEventPublisherDsl.class).autowire();
 
-		AuthenticationEventPublisher authenticationEventPublisher =
-				CustomAuthenticationEventPublisherDsl.EVENT_PUBLISHER;
+		AuthenticationEventPublisher authenticationEventPublisher = CustomAuthenticationEventPublisherDsl.EVENT_PUBLISHER;
 
-		this.mockMvc.perform(get("/")
-				.with(httpBasic("user", "password"))); // fails since no providers configured
+		this.mockMvc.perform(get("/").with(httpBasic("user", "password"))); // fails since
+																			// no
+																			// providers
+																			// configured
 
-		verify(authenticationEventPublisher).publishAuthenticationFailure(
-				any(AuthenticationException.class),
+		verify(authenticationEventPublisher).publishAuthenticationFailure(any(AuthenticationException.class),
 				any(Authentication.class));
 	}
 
 	@EnableWebSecurity
 	static class CustomAuthenticationEventPublisherDsl extends WebSecurityConfigurerAdapter {
+
 		static AuthenticationEventPublisher EVENT_PUBLISHER = mock(AuthenticationEventPublisher.class);
 
 		@Override
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
 			auth.authenticationEventPublisher(EVENT_PUBLISHER);
 		}
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/builders/HttpConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/builders/HttpConfigurationTests.java
index 620abd0367..4e76f6a82e 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/builders/HttpConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/builders/HttpConfigurationTests.java
@@ -49,6 +49,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
  * @author Joe Grandja
  */
 public class HttpConfigurationTests {
+
 	@Rule
 	public final SpringTestRule spring = new SpringTestRule();
 
@@ -57,11 +58,11 @@ public class HttpConfigurationTests {
 
 	@Test
 	public void configureWhenAddFilterUnregisteredThenThrowsBeanCreationException() {
-		Throwable thrown = catchThrowable(() -> this.spring.register(UnregisteredFilterConfig.class).autowire() );
+		Throwable thrown = catchThrowable(() -> this.spring.register(UnregisteredFilterConfig.class).autowire());
 		assertThat(thrown).isInstanceOf(BeanCreationException.class);
-		assertThat(thrown.getMessage()).contains("The Filter class " + UnregisteredFilter.class.getName() +
-			" does not have a registered order and cannot be added without a specified order." +
-			" Consider using addFilterBefore or addFilterAfter instead.");
+		assertThat(thrown.getMessage()).contains("The Filter class " + UnregisteredFilter.class.getName()
+				+ " does not have a registered order and cannot be added without a specified order."
+				+ " Consider using addFilterBefore or addFilterAfter instead.");
 	}
 
 	@EnableWebSecurity
@@ -81,15 +82,17 @@ public class HttpConfigurationTests {
 					.withUser(PasswordEncodedUser.user());
 			// @formatter:on
 		}
+
 	}
 
 	static class UnregisteredFilter extends OncePerRequestFilter {
+
 		@Override
-		protected void doFilterInternal(HttpServletRequest request,
-										HttpServletResponse response,
-										FilterChain filterChain) throws ServletException, IOException {
+		protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
+				FilterChain filterChain) throws ServletException, IOException {
 			filterChain.doFilter(request, response);
 		}
+
 	}
 
 	// https://github.com/spring-projects/spring-security-javaconfig/issues/104
@@ -100,12 +103,13 @@ public class HttpConfigurationTests {
 
 		this.mockMvc.perform(get("/"));
 
-		verify(CasAuthenticationFilterConfig.CAS_AUTHENTICATION_FILTER).doFilter(
-			any(ServletRequest.class), any(ServletResponse.class), any(FilterChain.class));
+		verify(CasAuthenticationFilterConfig.CAS_AUTHENTICATION_FILTER).doFilter(any(ServletRequest.class),
+				any(ServletResponse.class), any(FilterChain.class));
 	}
 
 	@EnableWebSecurity
 	static class CasAuthenticationFilterConfig extends WebSecurityConfigurerAdapter {
+
 		static CasAuthenticationFilter CAS_AUTHENTICATION_FILTER;
 
 		protected void configure(HttpSecurity http) {
@@ -114,6 +118,7 @@ public class HttpConfigurationTests {
 				.addFilter(CAS_AUTHENTICATION_FILTER);
 			// @formatter:on
 		}
+
 	}
 
 	@Test
@@ -128,6 +133,7 @@ public class HttpConfigurationTests {
 
 	@EnableWebSecurity
 	static class RequestMatcherRegistryConfigs extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -142,5 +148,7 @@ public class HttpConfigurationTests {
 				.httpBasic();
 			// @formatter:on
 		}
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/builders/NamespaceHttpTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/builders/NamespaceHttpTests.java
index a5a33c4fe5..ac5075b71c 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/builders/NamespaceHttpTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/builders/NamespaceHttpTests.java
@@ -63,33 +63,38 @@ import static org.springframework.test.web.servlet.request.MockMvcRequestBuilder
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.*;
 
 /**
- * Tests to verify that all the functionality of <http> attributes are present in Java Config.
+ * Tests to verify that all the functionality of <http> attributes are present in Java
+ * Config.
  *
  * @author Rob Winch
  * @author Joe Grandja
  */
 public class NamespaceHttpTests {
+
 	@Rule
 	public final SpringTestRule spring = new SpringTestRule();
 
 	@Autowired
 	private MockMvc mockMvc;
 
-	@Test	// http@access-decision-manager-ref
+	@Test // http@access-decision-manager-ref
 	public void configureWhenAccessDecisionManagerSetThenVerifyUse() throws Exception {
 		AccessDecisionManagerRefConfig.ACCESS_DECISION_MANAGER = mock(AccessDecisionManager.class);
 		when(AccessDecisionManagerRefConfig.ACCESS_DECISION_MANAGER.supports(FilterInvocation.class)).thenReturn(true);
-		when(AccessDecisionManagerRefConfig.ACCESS_DECISION_MANAGER.supports(any(ConfigAttribute.class))).thenReturn(true);
+		when(AccessDecisionManagerRefConfig.ACCESS_DECISION_MANAGER.supports(any(ConfigAttribute.class)))
+				.thenReturn(true);
 
 		this.spring.register(AccessDecisionManagerRefConfig.class).autowire();
 
 		this.mockMvc.perform(get("/"));
 
-		verify(AccessDecisionManagerRefConfig.ACCESS_DECISION_MANAGER, times(1)).decide(any(Authentication.class), any(), anyCollection());
+		verify(AccessDecisionManagerRefConfig.ACCESS_DECISION_MANAGER, times(1)).decide(any(Authentication.class),
+				any(), anyCollection());
 	}
 
 	@EnableWebSecurity
 	static class AccessDecisionManagerRefConfig extends WebSecurityConfigurerAdapter {
+
 		static AccessDecisionManager ACCESS_DECISION_MANAGER;
 
 		@Override
@@ -101,19 +106,20 @@ public class NamespaceHttpTests {
 				.accessDecisionManager(ACCESS_DECISION_MANAGER);
 			// @formatter:on
 		}
+
 	}
 
-	@Test	// http@access-denied-page
+	@Test // http@access-denied-page
 	public void configureWhenAccessDeniedPageSetAndRequestForbiddenThenForwardedToAccessDeniedPage() throws Exception {
 		this.spring.register(AccessDeniedPageConfig.class).autowire();
 
-		this.mockMvc.perform(get("/admin").with(user(PasswordEncodedUser.user())))
-			.andExpect(status().isForbidden())
-			.andExpect(forwardedUrl("/AccessDeniedPage"));
+		this.mockMvc.perform(get("/admin").with(user(PasswordEncodedUser.user()))).andExpect(status().isForbidden())
+				.andExpect(forwardedUrl("/AccessDeniedPage"));
 	}
 
 	@EnableWebSecurity
 	static class AccessDeniedPageConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -126,9 +132,10 @@ public class NamespaceHttpTests {
 					.accessDeniedPage("/AccessDeniedPage");
 			// @formatter:on
 		}
+
 	}
 
-	@Test	// http@authentication-manager-ref
+	@Test // http@authentication-manager-ref
 	public void configureWhenAuthenticationManagerProvidedThenVerifyUse() throws Exception {
 		AuthenticationManagerRefConfig.AUTHENTICATION_MANAGER = mock(AuthenticationManager.class);
 		this.spring.register(AuthenticationManagerRefConfig.class).autowire();
@@ -140,6 +147,7 @@ public class NamespaceHttpTests {
 
 	@EnableWebSecurity
 	static class AuthenticationManagerRefConfig extends WebSecurityConfigurerAdapter {
+
 		static AuthenticationManager AUTHENTICATION_MANAGER;
 
 		@Override
@@ -157,9 +165,10 @@ public class NamespaceHttpTests {
 				.formLogin();
 			// @formatter:on
 		}
+
 	}
 
-	@Test	// http@create-session=always
+	@Test // http@create-session=always
 	public void configureWhenSessionCreationPolicyAlwaysThenSessionCreatedOnRequest() throws Exception {
 		this.spring.register(CreateSessionAlwaysConfig.class).autowire();
 
@@ -172,6 +181,7 @@ public class NamespaceHttpTests {
 
 	@EnableWebSecurity
 	static class CreateSessionAlwaysConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -183,9 +193,10 @@ public class NamespaceHttpTests {
 					.sessionCreationPolicy(SessionCreationPolicy.ALWAYS);
 			// @formatter:on
 		}
+
 	}
 
-	@Test	// http@create-session=stateless
+	@Test // http@create-session=stateless
 	public void configureWhenSessionCreationPolicyStatelessThenSessionNotCreatedOnRequest() throws Exception {
 		this.spring.register(CreateSessionStatelessConfig.class).autowire();
 
@@ -197,6 +208,7 @@ public class NamespaceHttpTests {
 
 	@EnableWebSecurity
 	static class CreateSessionStatelessConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -208,9 +220,10 @@ public class NamespaceHttpTests {
 					.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
 			// @formatter:on
 		}
+
 	}
 
-	@Test	// http@create-session=ifRequired
+	@Test // http@create-session=ifRequired
 	public void configureWhenSessionCreationPolicyIfRequiredThenSessionCreatedWhenRequiredOnRequest() throws Exception {
 		this.spring.register(IfRequiredConfig.class).autowire();
 
@@ -228,6 +241,7 @@ public class NamespaceHttpTests {
 
 	@EnableWebSecurity
 	static class IfRequiredConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -242,9 +256,10 @@ public class NamespaceHttpTests {
 				.formLogin();
 			// @formatter:on
 		}
+
 	}
 
-	@Test	// http@create-session=never
+	@Test // http@create-session=never
 	public void configureWhenSessionCreationPolicyNeverThenSessionNotCreatedOnRequest() throws Exception {
 		this.spring.register(CreateSessionNeverConfig.class).autowire();
 
@@ -256,6 +271,7 @@ public class NamespaceHttpTests {
 
 	@EnableWebSecurity
 	static class CreateSessionNeverConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -267,19 +283,21 @@ public class NamespaceHttpTests {
 					.sessionCreationPolicy(SessionCreationPolicy.NEVER);
 			// @formatter:on
 		}
+
 	}
 
-	@Test	// http@entry-point-ref
-	public void configureWhenAuthenticationEntryPointSetAndRequestUnauthorizedThenRedirectedToAuthenticationEntryPoint() throws Exception {
+	@Test // http@entry-point-ref
+	public void configureWhenAuthenticationEntryPointSetAndRequestUnauthorizedThenRedirectedToAuthenticationEntryPoint()
+			throws Exception {
 		this.spring.register(EntryPointRefConfig.class).autowire();
 
-		this.mockMvc.perform(get("/"))
-			.andExpect(status().is3xxRedirection())
-			.andExpect(redirectedUrlPattern("**/entry-point"));
+		this.mockMvc.perform(get("/")).andExpect(status().is3xxRedirection())
+				.andExpect(redirectedUrlPattern("**/entry-point"));
 	}
 
 	@EnableWebSecurity
 	static class EntryPointRefConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -293,9 +311,10 @@ public class NamespaceHttpTests {
 				.formLogin();
 			// @formatter:on
 		}
+
 	}
 
-	@Test	// http@jaas-api-provision
+	@Test // http@jaas-api-provision
 	public void configureWhenJaasApiIntegrationFilterAddedThenJaasSubjectObtained() throws Exception {
 		LoginContext loginContext = mock(LoginContext.class);
 		when(loginContext.getSubject()).thenReturn(new Subject());
@@ -313,6 +332,7 @@ public class NamespaceHttpTests {
 
 	@EnableWebSecurity
 	static class JaasApiProvisionConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) {
 			// @formatter:off
@@ -320,19 +340,20 @@ public class NamespaceHttpTests {
 				.addFilter(new JaasApiIntegrationFilter());
 			// @formatter:on
 		}
+
 	}
 
-	@Test	// http@realm
+	@Test // http@realm
 	public void configureWhenHttpBasicAndRequestUnauthorizedThenReturnWWWAuthenticateWithRealm() throws Exception {
 		this.spring.register(RealmConfig.class).autowire();
 
-		this.mockMvc.perform(get("/"))
-			.andExpect(status().isUnauthorized())
-			.andExpect(header().string("WWW-Authenticate", "Basic realm=\"RealmConfig\""));
+		this.mockMvc.perform(get("/")).andExpect(status().isUnauthorized())
+				.andExpect(header().string("WWW-Authenticate", "Basic realm=\"RealmConfig\""));
 	}
 
 	@EnableWebSecurity
 	static class RealmConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -344,21 +365,24 @@ public class NamespaceHttpTests {
 					.realmName("RealmConfig");
 			// @formatter:on
 		}
+
 	}
 
-	@Test	// http@request-matcher-ref ant
+	@Test // http@request-matcher-ref ant
 	public void configureWhenAntPatternMatchingThenAntPathRequestMatcherUsed() {
 		this.spring.register(RequestMatcherAntConfig.class).autowire();
 
 		FilterChainProxy filterChainProxy = this.spring.getContext().getBean(FilterChainProxy.class);
 
 		assertThat(filterChainProxy.getFilterChains().get(0)).isInstanceOf(DefaultSecurityFilterChain.class);
-		DefaultSecurityFilterChain securityFilterChain = (DefaultSecurityFilterChain) filterChainProxy.getFilterChains().get(0);
+		DefaultSecurityFilterChain securityFilterChain = (DefaultSecurityFilterChain) filterChainProxy.getFilterChains()
+				.get(0);
 		assertThat(securityFilterChain.getRequestMatcher()).isInstanceOf(AntPathRequestMatcher.class);
 	}
 
 	@EnableWebSecurity
 	static class RequestMatcherAntConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) {
 			// @formatter:off
@@ -366,21 +390,24 @@ public class NamespaceHttpTests {
 				.antMatcher("/api/**");
 			// @formatter:on
 		}
+
 	}
 
-	@Test	// http@request-matcher-ref regex
+	@Test // http@request-matcher-ref regex
 	public void configureWhenRegexPatternMatchingThenRegexRequestMatcherUsed() {
 		this.spring.register(RequestMatcherRegexConfig.class).autowire();
 
 		FilterChainProxy filterChainProxy = this.spring.getContext().getBean(FilterChainProxy.class);
 
 		assertThat(filterChainProxy.getFilterChains().get(0)).isInstanceOf(DefaultSecurityFilterChain.class);
-		DefaultSecurityFilterChain securityFilterChain = (DefaultSecurityFilterChain) filterChainProxy.getFilterChains().get(0);
+		DefaultSecurityFilterChain securityFilterChain = (DefaultSecurityFilterChain) filterChainProxy.getFilterChains()
+				.get(0);
 		assertThat(securityFilterChain.getRequestMatcher()).isInstanceOf(RegexRequestMatcher.class);
 	}
 
 	@EnableWebSecurity
 	static class RequestMatcherRegexConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) {
 			// @formatter:off
@@ -388,21 +415,25 @@ public class NamespaceHttpTests {
 				.regexMatcher("/regex/.*");
 			// @formatter:on
 		}
+
 	}
 
-	@Test	// http@request-matcher-ref
+	@Test // http@request-matcher-ref
 	public void configureWhenRequestMatcherProvidedThenRequestMatcherUsed() {
 		this.spring.register(RequestMatcherRefConfig.class).autowire();
 
 		FilterChainProxy filterChainProxy = this.spring.getContext().getBean(FilterChainProxy.class);
 
 		assertThat(filterChainProxy.getFilterChains().get(0)).isInstanceOf(DefaultSecurityFilterChain.class);
-		DefaultSecurityFilterChain securityFilterChain = (DefaultSecurityFilterChain) filterChainProxy.getFilterChains().get(0);
-		assertThat(securityFilterChain.getRequestMatcher()).isInstanceOf(RequestMatcherRefConfig.MyRequestMatcher.class);
+		DefaultSecurityFilterChain securityFilterChain = (DefaultSecurityFilterChain) filterChainProxy.getFilterChains()
+				.get(0);
+		assertThat(securityFilterChain.getRequestMatcher())
+				.isInstanceOf(RequestMatcherRefConfig.MyRequestMatcher.class);
 	}
 
 	@EnableWebSecurity
 	static class RequestMatcherRefConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) {
 			// @formatter:off
@@ -412,28 +443,34 @@ public class NamespaceHttpTests {
 		}
 
 		static class MyRequestMatcher implements RequestMatcher {
+
 			public boolean matches(HttpServletRequest request) {
 				return true;
 			}
+
 		}
+
 	}
 
-	@Test	// http@security=none
+	@Test // http@security=none
 	public void configureWhenIgnoredAntPatternsThenAntPathRequestMatcherUsedWithNoFilters() {
 		this.spring.register(SecurityNoneConfig.class).autowire();
 
 		FilterChainProxy filterChainProxy = this.spring.getContext().getBean(FilterChainProxy.class);
 
 		assertThat(filterChainProxy.getFilterChains().get(0)).isInstanceOf(DefaultSecurityFilterChain.class);
-		DefaultSecurityFilterChain securityFilterChain = (DefaultSecurityFilterChain) filterChainProxy.getFilterChains().get(0);
+		DefaultSecurityFilterChain securityFilterChain = (DefaultSecurityFilterChain) filterChainProxy.getFilterChains()
+				.get(0);
 		assertThat(securityFilterChain.getRequestMatcher()).isInstanceOf(AntPathRequestMatcher.class);
-		assertThat(((AntPathRequestMatcher) securityFilterChain.getRequestMatcher()).getPattern()).isEqualTo("/resources/**");
+		assertThat(((AntPathRequestMatcher) securityFilterChain.getRequestMatcher()).getPattern())
+				.isEqualTo("/resources/**");
 		assertThat(securityFilterChain.getFilters()).isEmpty();
 
 		assertThat(filterChainProxy.getFilterChains().get(1)).isInstanceOf(DefaultSecurityFilterChain.class);
 		securityFilterChain = (DefaultSecurityFilterChain) filterChainProxy.getFilterChains().get(1);
 		assertThat(securityFilterChain.getRequestMatcher()).isInstanceOf(AntPathRequestMatcher.class);
-		assertThat(((AntPathRequestMatcher) securityFilterChain.getRequestMatcher()).getPattern()).isEqualTo("/public/**");
+		assertThat(((AntPathRequestMatcher) securityFilterChain.getRequestMatcher()).getPattern())
+				.isEqualTo("/public/**");
 		assertThat(securityFilterChain.getFilters()).isEmpty();
 	}
 
@@ -442,17 +479,16 @@ public class NamespaceHttpTests {
 
 		@Override
 		public void configure(WebSecurity web) {
-			web
-				.ignoring()
-					.antMatchers("/resources/**", "/public/**");
+			web.ignoring().antMatchers("/resources/**", "/public/**");
 		}
 
 		@Override
 		protected void configure(HttpSecurity http) {
 		}
+
 	}
 
-	@Test	// http@security-context-repository-ref
+	@Test // http@security-context-repository-ref
 	public void configureWhenNullSecurityContextRepositoryThenSecurityContextNotSavedInSession() throws Exception {
 		this.spring.register(SecurityContextRepoConfig.class).autowire();
 
@@ -463,6 +499,7 @@ public class NamespaceHttpTests {
 
 	@EnableWebSecurity
 	static class SecurityContextRepoConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -485,19 +522,22 @@ public class NamespaceHttpTests {
 					.withUser(PasswordEncodedUser.user());
 			// @formatter:on
 		}
+
 	}
 
-	@Test	// http@servlet-api-provision=false
+	@Test // http@servlet-api-provision=false
 	public void configureWhenServletApiDisabledThenRequestNotServletApiWrapper() throws Exception {
 		this.spring.register(ServletApiProvisionConfig.class, MainController.class).autowire();
 
 		this.mockMvc.perform(get("/"));
 
-		assertThat(MainController.HTTP_SERVLET_REQUEST_TYPE).isNotInstanceOf(SecurityContextHolderAwareRequestWrapper.class);
+		assertThat(MainController.HTTP_SERVLET_REQUEST_TYPE)
+				.isNotInstanceOf(SecurityContextHolderAwareRequestWrapper.class);
 	}
 
 	@EnableWebSecurity
 	static class ServletApiProvisionConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -509,19 +549,22 @@ public class NamespaceHttpTests {
 					.disable();
 			// @formatter:on
 		}
+
 	}
 
-	@Test	// http@servlet-api-provision defaults to true
+	@Test // http@servlet-api-provision defaults to true
 	public void configureWhenServletApiDefaultThenRequestIsServletApiWrapper() throws Exception {
 		this.spring.register(ServletApiProvisionDefaultsConfig.class, MainController.class).autowire();
 
 		this.mockMvc.perform(get("/"));
 
-		assertThat(SecurityContextHolderAwareRequestWrapper.class).isAssignableFrom(MainController.HTTP_SERVLET_REQUEST_TYPE);
+		assertThat(SecurityContextHolderAwareRequestWrapper.class)
+				.isAssignableFrom(MainController.HTTP_SERVLET_REQUEST_TYPE);
 	}
 
 	@EnableWebSecurity
 	static class ServletApiProvisionDefaultsConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -530,10 +573,12 @@ public class NamespaceHttpTests {
 					.anyRequest().permitAll();
 			// @formatter:on
 		}
+
 	}
 
 	@Controller
 	static class MainController {
+
 		static Class<? extends HttpServletRequest> HTTP_SERVLET_REQUEST_TYPE;
 
 		@GetMapping("/")
@@ -541,20 +586,22 @@ public class NamespaceHttpTests {
 			HTTP_SERVLET_REQUEST_TYPE = request.getClass();
 			return "index";
 		}
+
 	}
 
-	@Test	// http@use-expressions=true
+	@Test // http@use-expressions=true
 	public void configureWhenUseExpressionsEnabledThenExpressionBasedSecurityMetadataSource() {
 		this.spring.register(UseExpressionsConfig.class).autowire();
 
 		UseExpressionsConfig config = this.spring.getContext().getBean(UseExpressionsConfig.class);
 
 		assertThat(ExpressionBasedFilterInvocationSecurityMetadataSource.class)
-			.isAssignableFrom(config.filterInvocationSecurityMetadataSourceType);
+				.isAssignableFrom(config.filterInvocationSecurityMetadataSourceType);
 	}
 
 	@EnableWebSecurity
 	static class UseExpressionsConfig extends WebSecurityConfigurerAdapter {
+
 		private Class<? extends FilterInvocationSecurityMetadataSource> filterInvocationSecurityMetadataSourceType;
 
 		@Override
@@ -574,24 +621,26 @@ public class NamespaceHttpTests {
 			final HttpSecurity http = this.getHttp();
 			web.postBuildAction(() -> {
 				FilterSecurityInterceptor securityInterceptor = http.getSharedObject(FilterSecurityInterceptor.class);
-				UseExpressionsConfig.this.filterInvocationSecurityMetadataSourceType =
-					securityInterceptor.getSecurityMetadataSource().getClass();
+				UseExpressionsConfig.this.filterInvocationSecurityMetadataSourceType = securityInterceptor
+						.getSecurityMetadataSource().getClass();
 			});
 		}
+
 	}
 
-	@Test	// http@use-expressions=false
+	@Test // http@use-expressions=false
 	public void configureWhenUseExpressionsDisabledThenDefaultSecurityMetadataSource() {
 		this.spring.register(DisableUseExpressionsConfig.class).autowire();
 
 		DisableUseExpressionsConfig config = this.spring.getContext().getBean(DisableUseExpressionsConfig.class);
 
 		assertThat(DefaultFilterInvocationSecurityMetadataSource.class)
-			.isAssignableFrom(config.filterInvocationSecurityMetadataSourceType);
+				.isAssignableFrom(config.filterInvocationSecurityMetadataSourceType);
 	}
 
 	@EnableWebSecurity
 	static class DisableUseExpressionsConfig extends WebSecurityConfigurerAdapter {
+
 		private Class<? extends FilterInvocationSecurityMetadataSource> filterInvocationSecurityMetadataSourceType;
 
 		@Override
@@ -611,9 +660,11 @@ public class NamespaceHttpTests {
 			final HttpSecurity http = this.getHttp();
 			web.postBuildAction(() -> {
 				FilterSecurityInterceptor securityInterceptor = http.getSharedObject(FilterSecurityInterceptor.class);
-				DisableUseExpressionsConfig.this.filterInvocationSecurityMetadataSourceType =
-					securityInterceptor.getSecurityMetadataSource().getClass();
+				DisableUseExpressionsConfig.this.filterInvocationSecurityMetadataSourceType = securityInterceptor
+						.getSecurityMetadataSource().getClass();
 			});
 		}
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/builders/WebSecurityTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/builders/WebSecurityTests.java
index a096e39ec6..b773e244c8 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/builders/WebSecurityTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/builders/WebSecurityTests.java
@@ -45,10 +45,13 @@ import static org.assertj.core.api.Assertions.assertThat;
  * @author Rob Winch
  */
 public class WebSecurityTests {
+
 	AnnotationConfigWebApplicationContext context;
 
 	MockHttpServletRequest request;
+
 	MockHttpServletResponse response;
+
 	MockFilterChain chain;
 
 	@Autowired
@@ -97,14 +100,14 @@ public class WebSecurityTests {
 		this.request.setRequestURI("/other");
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
 
-		assertThat(this.response.getStatus())
-				.isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
+		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
 	}
 
 	@EnableWebSecurity
 	@Configuration
 	@EnableWebMvc
 	static class MvcMatcherConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		public void configure(WebSecurity web) {
 			// @formatter:off
@@ -134,11 +137,14 @@ public class WebSecurityTests {
 
 		@RestController
 		static class PathController {
+
 			@RequestMapping("/path")
 			public String path() {
 				return "path";
 			}
+
 		}
+
 	}
 
 	@Test
@@ -173,14 +179,14 @@ public class WebSecurityTests {
 		this.request.setRequestURI("/other/path");
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
 
-		assertThat(this.response.getStatus())
-				.isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
+		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
 	}
 
 	@EnableWebSecurity
 	@Configuration
 	@EnableWebMvc
 	static class MvcMatcherServletPathConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		public void configure(WebSecurity web) {
 			// @formatter:off
@@ -211,19 +217,24 @@ public class WebSecurityTests {
 
 		@RestController
 		static class PathController {
+
 			@RequestMapping("/path")
 			public String path() {
 				return "path";
 			}
+
 		}
+
 	}
 
 	@Configuration
 	static class LegacyMvcMatchingConfig implements WebMvcConfigurer {
+
 		@Override
 		public void configurePathMatch(PathMatchConfigurer configurer) {
 			configurer.setUseSuffixPatternMatch(true);
 		}
+
 	}
 
 	public void loadConfig(Class<?>... configs) {
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/AuthenticationPrincipalArgumentResolverTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/AuthenticationPrincipalArgumentResolverTests.java
index 021865f318..df01d613d2 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/AuthenticationPrincipalArgumentResolverTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/AuthenticationPrincipalArgumentResolverTests.java
@@ -42,7 +42,6 @@ import org.springframework.web.context.WebApplicationContext;
 import org.springframework.web.servlet.config.annotation.EnableWebMvc;
 
 /**
- *
  * @author Rob Winch
  *
  */
@@ -50,6 +49,7 @@ import org.springframework.web.servlet.config.annotation.EnableWebMvc;
 @ContextConfiguration
 @WebAppConfiguration
 public class AuthenticationPrincipalArgumentResolverTests {
+
 	@Autowired
 	WebApplicationContext wac;
 
@@ -62,21 +62,19 @@ public class AuthenticationPrincipalArgumentResolverTests {
 	public void authenticationPrincipalExpressionWhenBeanExpressionSuppliedThenBeanUsed() throws Exception {
 		User user = new User("user", "password", AuthorityUtils.createAuthorityList("ROLE_USER"));
 		SecurityContext context = SecurityContextHolder.createEmptyContext();
-		context.setAuthentication(new UsernamePasswordAuthenticationToken(user, user.getPassword(), user.getAuthorities()));
+		context.setAuthentication(
+				new UsernamePasswordAuthenticationToken(user, user.getPassword(), user.getAuthorities()));
 		SecurityContextHolder.setContext(context);
 
-		MockMvc mockMvc = MockMvcBuilders
-			.webAppContextSetup(wac)
-			.build();
+		MockMvc mockMvc = MockMvcBuilders.webAppContextSetup(wac).build();
 
-		mockMvc.perform(get("/users/self"))
-			.andExpect(status().isOk())
-			.andExpect(content().string("extracted-user"));
+		mockMvc.perform(get("/users/self")).andExpect(status().isOk()).andExpect(content().string("extracted-user"));
 	}
 
 	@EnableWebSecurity
 	@EnableWebMvc
 	static class Config {
+
 		@Autowired
 		public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
 			// @formatter:off
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/EnableWebSecurityTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/EnableWebSecurityTests.java
index 35dac47b9c..c8b2c3e75d 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/EnableWebSecurityTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/EnableWebSecurityTests.java
@@ -45,6 +45,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
  * @author Joe Grandja
  */
 public class EnableWebSecurityTests {
+
 	@Rule
 	public final SpringTestRule spring = new SpringTestRule();
 
@@ -56,12 +57,14 @@ public class EnableWebSecurityTests {
 		this.spring.register(SecurityConfig.class).autowire();
 
 		AuthenticationManager authenticationManager = this.spring.getContext().getBean(AuthenticationManager.class);
-		Authentication authentication = authenticationManager.authenticate(new UsernamePasswordAuthenticationToken("user", "password"));
+		Authentication authentication = authenticationManager
+				.authenticate(new UsernamePasswordAuthenticationToken("user", "password"));
 		assertThat(authentication.isAuthenticated()).isTrue();
 	}
 
 	@EnableWebSecurity
 	static class SecurityConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
 			// @formatter:off
@@ -87,6 +90,7 @@ public class EnableWebSecurityTests {
 				.formLogin();
 			// @formatter:on
 		}
+
 	}
 
 	@Test
@@ -97,10 +101,12 @@ public class EnableWebSecurityTests {
 
 	@Configuration
 	static class ChildSecurityConfig extends DebugSecurityConfig {
+
 	}
 
-	@EnableWebSecurity(debug=true)
+	@EnableWebSecurity(debug = true)
 	static class DebugSecurityConfig extends WebSecurityConfigurerAdapter {
+
 	}
 
 	@Test
@@ -108,12 +114,13 @@ public class EnableWebSecurityTests {
 		this.spring.register(AuthenticationPrincipalConfig.class).autowire();
 
 		this.mockMvc.perform(get("/").with(authentication(new TestingAuthenticationToken("user1", "password"))))
-			.andExpect(content().string("user1"));
+				.andExpect(content().string("user1"));
 	}
 
 	@EnableWebSecurity
 	@EnableWebMvc
 	static class AuthenticationPrincipalConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) {
 		}
@@ -125,7 +132,9 @@ public class EnableWebSecurityTests {
 			String principal(@AuthenticationPrincipal String principal) {
 				return principal;
 			}
+
 		}
+
 	}
 
 	@Test
@@ -133,12 +142,13 @@ public class EnableWebSecurityTests {
 		this.spring.register(SecurityFilterChainAuthenticationPrincipalConfig.class).autowire();
 
 		this.mockMvc.perform(get("/").with(authentication(new TestingAuthenticationToken("user1", "password"))))
-			.andExpect(content().string("user1"));
+				.andExpect(content().string("user1"));
 	}
 
 	@EnableWebSecurity
 	@EnableWebMvc
 	static class SecurityFilterChainAuthenticationPrincipalConfig {
+
 		@Bean
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			return http.build();
@@ -151,7 +161,9 @@ public class EnableWebSecurityTests {
 			String principal(@AuthenticationPrincipal String principal) {
 				return principal;
 			}
+
 		}
+
 	}
 
 	@Test
@@ -166,6 +178,7 @@ public class EnableWebSecurityTests {
 
 	@EnableWebSecurity
 	static class BeanProxyEnabledByDefaultConfig extends WebSecurityConfigurerAdapter {
+
 		@Bean
 		public Child child() {
 			return new Child();
@@ -175,6 +188,7 @@ public class EnableWebSecurityTests {
 		public Parent parent() {
 			return new Parent(child());
 		}
+
 	}
 
 	@Test
@@ -190,6 +204,7 @@ public class EnableWebSecurityTests {
 	@Configuration(proxyBeanMethods = false)
 	@EnableWebSecurity
 	static class BeanProxyDisabledConfig extends WebSecurityConfigurerAdapter {
+
 		@Bean
 		public Child child() {
 			return new Child();
@@ -199,9 +214,11 @@ public class EnableWebSecurityTests {
 		public Parent parent() {
 			return new Parent(child());
 		}
+
 	}
 
 	static class Parent {
+
 		private Child child;
 
 		Parent(Child child) {
@@ -211,10 +228,14 @@ public class EnableWebSecurityTests {
 		public Child getChild() {
 			return child;
 		}
+
 	}
 
 	static class Child {
+
 		Child() {
 		}
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfigurationTests.java
index 5297578a65..e27fd51616 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfigurationTests.java
@@ -62,6 +62,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
  * @author Eleftheria Stein
  */
 public class HttpSecurityConfigurationTests {
+
 	@Rule
 	public final SpringTestRule spring = new SpringTestRule();
 
@@ -70,11 +71,9 @@ public class HttpSecurityConfigurationTests {
 
 	@Test
 	public void postWhenDefaultFilterChainBeanThenRespondsWithForbidden() throws Exception {
-		this.spring.register(DefaultWithFilterChainConfig.class)
-				.autowire();
+		this.spring.register(DefaultWithFilterChainConfig.class).autowire();
 
-		this.mockMvc.perform(post("/"))
-				.andExpect(status().isForbidden());
+		this.mockMvc.perform(post("/")).andExpect(status().isForbidden());
 	}
 
 	@Test
@@ -83,13 +82,14 @@ public class HttpSecurityConfigurationTests {
 
 		MvcResult mvcResult = this.mockMvc.perform(get("/").secure(true))
 				.andExpect(header().string(HttpHeaders.X_CONTENT_TYPE_OPTIONS, "nosniff"))
-				.andExpect(header().string(HttpHeaders.X_FRAME_OPTIONS, XFrameOptionsHeaderWriter.XFrameOptionsMode.DENY.name()))
-				.andExpect(header().string(HttpHeaders.STRICT_TRANSPORT_SECURITY, "max-age=31536000 ; includeSubDomains"))
+				.andExpect(header().string(HttpHeaders.X_FRAME_OPTIONS,
+						XFrameOptionsHeaderWriter.XFrameOptionsMode.DENY.name()))
+				.andExpect(
+						header().string(HttpHeaders.STRICT_TRANSPORT_SECURITY, "max-age=31536000 ; includeSubDomains"))
 				.andExpect(header().string(HttpHeaders.CACHE_CONTROL, "no-cache, no-store, max-age=0, must-revalidate"))
 				.andExpect(header().string(HttpHeaders.EXPIRES, "0"))
 				.andExpect(header().string(HttpHeaders.PRAGMA, "no-cache"))
-				.andExpect(header().string(HttpHeaders.X_XSS_PROTECTION, "1; mode=block"))
-				.andReturn();
+				.andExpect(header().string(HttpHeaders.X_XSS_PROTECTION, "1; mode=block")).andReturn();
 		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactlyInAnyOrder(
 				HttpHeaders.X_CONTENT_TYPE_OPTIONS, HttpHeaders.X_FRAME_OPTIONS, HttpHeaders.STRICT_TRANSPORT_SECURITY,
 				HttpHeaders.CACHE_CONTROL, HttpHeaders.EXPIRES, HttpHeaders.PRAGMA, HttpHeaders.X_XSS_PROTECTION);
@@ -99,57 +99,54 @@ public class HttpSecurityConfigurationTests {
 	public void logoutWhenDefaultFilterChainBeanThenCreatesDefaultLogoutEndpoint() throws Exception {
 		this.spring.register(DefaultWithFilterChainConfig.class).autowire();
 
-		this.mockMvc.perform(post("/logout").with(csrf()))
-				.andExpect(redirectedUrl("/login?logout"));
+		this.mockMvc.perform(post("/logout").with(csrf())).andExpect(redirectedUrl("/login?logout"));
 	}
 
 	@Test
 	public void loadConfigWhenDefaultConfigThenWebAsyncManagerIntegrationFilterAdded() throws Exception {
 		this.spring.register(DefaultWithFilterChainConfig.class, NameController.class).autowire();
 
-		MvcResult mvcResult = this.mockMvc.perform(get("/name").with(user("Bob")))
-				.andExpect(request().asyncStarted())
+		MvcResult mvcResult = this.mockMvc.perform(get("/name").with(user("Bob"))).andExpect(request().asyncStarted())
 				.andReturn();
 
-		this.mockMvc.perform(asyncDispatch(mvcResult))
-				.andExpect(status().isOk())
-				.andExpect(content().string("Bob"));
+		this.mockMvc.perform(asyncDispatch(mvcResult)).andExpect(status().isOk()).andExpect(content().string("Bob"));
 	}
 
 	@RestController
 	static class NameController {
+
 		@GetMapping("/name")
 		public Callable<String> name() {
 			return () -> SecurityContextHolder.getContext().getAuthentication().getName();
 		}
+
 	}
 
 	@EnableWebSecurity
 	static class DefaultWithFilterChainConfig {
+
 		@Bean
 		public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			return http.build();
 		}
+
 	}
 
 	@Test
 	public void getWhenDefaultFilterChainBeanThenAnonymousPermitted() throws Exception {
 		this.spring.register(AuthorizeRequestsConfig.class, UserDetailsConfig.class, BaseController.class).autowire();
 
-		this.mockMvc.perform(get("/"))
-				.andExpect(status().isOk());
+		this.mockMvc.perform(get("/")).andExpect(status().isOk());
 	}
 
 	@EnableWebSecurity
 	static class AuthorizeRequestsConfig {
+
 		@Bean
 		public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
-			return http
-					.authorizeRequests(authorize -> authorize
-							.anyRequest().permitAll()
-					)
-					.build();
+			return http.authorizeRequests(authorize -> authorize.anyRequest().permitAll()).build();
 		}
+
 	}
 
 	@Test
@@ -159,13 +156,9 @@ public class HttpSecurityConfigurationTests {
 		MockHttpSession session = new MockHttpSession();
 		String sessionId = session.getId();
 
-		MvcResult result =
-				this.mockMvc.perform(post("/login")
-						.param("username", "user")
-						.param("password", "password")
-						.session(session)
-						.with(csrf()))
-						.andReturn();
+		MvcResult result = this.mockMvc.perform(
+				post("/login").param("username", "user").param("password", "password").session(session).with(csrf()))
+				.andReturn();
 
 		assertThat(result.getRequest().getSession(false).getId()).isNotEqualTo(sessionId);
 	}
@@ -174,15 +167,11 @@ public class HttpSecurityConfigurationTests {
 	public void authenticateWhenDefaultFilterChainBeanThenRedirectsToSavedRequest() throws Exception {
 		this.spring.register(SecurityEnabledConfig.class, UserDetailsConfig.class).autowire();
 
-		MockHttpSession session = (MockHttpSession)
-				this.mockMvc.perform(get("/messages"))
-						.andReturn().getRequest().getSession();
+		MockHttpSession session = (MockHttpSession) this.mockMvc.perform(get("/messages")).andReturn().getRequest()
+				.getSession();
 
-		this.mockMvc.perform(post("/login")
-				.param("username", "user")
-				.param("password", "password")
-				.session(session)
-				.with(csrf()))
+		this.mockMvc.perform(
+				post("/login").param("username", "user").param("password", "password").session(session).with(csrf()))
 				.andExpect(redirectedUrl("http://localhost/messages"));
 	}
 
@@ -190,8 +179,9 @@ public class HttpSecurityConfigurationTests {
 	public void authenticateWhenDefaultFilterChainBeanThenRolePrefixIsSet() throws Exception {
 		this.spring.register(SecurityEnabledConfig.class, UserDetailsConfig.class, UserController.class).autowire();
 
-		this.mockMvc.perform(get("/user")
-				.with(authentication(new TestingAuthenticationToken("user", "password", "ROLE_USER"))))
+		this.mockMvc
+				.perform(get("/user")
+						.with(authentication(new TestingAuthenticationToken("user", "password", "ROLE_USER"))))
 				.andExpect(status().isOk());
 	}
 
@@ -199,50 +189,51 @@ public class HttpSecurityConfigurationTests {
 	public void loginWhenUsingDefaultsThenDefaultLoginPageGenerated() throws Exception {
 		this.spring.register(SecurityEnabledConfig.class).autowire();
 
-		this.mockMvc.perform(get("/login"))
-				.andExpect(status().isOk());
+		this.mockMvc.perform(get("/login")).andExpect(status().isOk());
 	}
 
 	@EnableWebSecurity
 	static class SecurityEnabledConfig {
+
 		@Bean
 		public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
-			return http
-					.authorizeRequests(authorize -> authorize
-							.anyRequest().authenticated()
-					)
-					.formLogin(withDefaults())
+			return http.authorizeRequests(authorize -> authorize.anyRequest().authenticated()).formLogin(withDefaults())
 					.build();
 		}
+
 	}
 
 	@Configuration
 	static class UserDetailsConfig {
+
 		@Bean
 		public UserDetailsService userDetailsService() {
-			UserDetails user = User.withDefaultPasswordEncoder()
-					.username("user")
-					.password("password")
-					.roles("USER")
+			UserDetails user = User.withDefaultPasswordEncoder().username("user").password("password").roles("USER")
 					.build();
 			return new InMemoryUserDetailsManager(user);
 		}
+
 	}
 
 	@RestController
 	static class BaseController {
+
 		@GetMapping("/")
 		public void index() {
 		}
+
 	}
 
 	@RestController
 	static class UserController {
+
 		@GetMapping("/user")
 		public void user(HttpServletRequest request) {
 			if (!request.isUserInRole("USER")) {
 				throw new AccessDeniedException("This resource is only available to users");
 			}
 		}
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfigurationTests.java
index 48eb3fd45d..f9fe77d875 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfigurationTests.java
@@ -64,6 +64,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
  * @author Joe Grandja
  */
 public class OAuth2ClientConfigurationTests {
+
 	@Rule
 	public final SpringTestRule spring = new SpringTestRule();
 
@@ -78,14 +79,14 @@ public class OAuth2ClientConfigurationTests {
 
 		ClientRegistrationRepository clientRegistrationRepository = mock(ClientRegistrationRepository.class);
 		ClientRegistration clientRegistration = clientRegistration().registrationId(clientRegistrationId).build();
-		when(clientRegistrationRepository.findByRegistrationId(eq(clientRegistrationId))).thenReturn(clientRegistration);
+		when(clientRegistrationRepository.findByRegistrationId(eq(clientRegistrationId)))
+				.thenReturn(clientRegistration);
 
 		OAuth2AuthorizedClientRepository authorizedClientRepository = mock(OAuth2AuthorizedClientRepository.class);
 		OAuth2AuthorizedClient authorizedClient = mock(OAuth2AuthorizedClient.class);
 		when(authorizedClient.getClientRegistration()).thenReturn(clientRegistration);
-		when(authorizedClientRepository.loadAuthorizedClient(
-				eq(clientRegistrationId), eq(authentication), any(HttpServletRequest.class)))
-				.thenReturn(authorizedClient);
+		when(authorizedClientRepository.loadAuthorizedClient(eq(clientRegistrationId), eq(authentication),
+				any(HttpServletRequest.class))).thenReturn(authorizedClient);
 
 		OAuth2AccessToken accessToken = mock(OAuth2AccessToken.class);
 		when(authorizedClient.getAccessToken()).thenReturn(accessToken);
@@ -97,14 +98,14 @@ public class OAuth2ClientConfigurationTests {
 		OAuth2AuthorizedClientArgumentResolverConfig.ACCESS_TOKEN_RESPONSE_CLIENT = accessTokenResponseClient;
 		this.spring.register(OAuth2AuthorizedClientArgumentResolverConfig.class).autowire();
 
-		this.mockMvc.perform(get("/authorized-client").with(authentication(authentication)))
-				.andExpect(status().isOk())
+		this.mockMvc.perform(get("/authorized-client").with(authentication(authentication))).andExpect(status().isOk())
 				.andExpect(content().string("resolved"));
 		verifyZeroInteractions(accessTokenResponseClient);
 	}
 
 	@Test
-	public void requestWhenAuthorizedClientNotFoundAndClientCredentialsThenTokenResponseClientIsUsed() throws Exception {
+	public void requestWhenAuthorizedClientNotFoundAndClientCredentialsThenTokenResponseClientIsUsed()
+			throws Exception {
 		String clientRegistrationId = "client1";
 		String principalName = "user1";
 		TestingAuthenticationToken authentication = new TestingAuthenticationToken(principalName, "password");
@@ -117,9 +118,7 @@ public class OAuth2ClientConfigurationTests {
 		when(clientRegistrationRepository.findByRegistrationId(clientRegistrationId)).thenReturn(clientRegistration);
 
 		OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("access-token-1234")
-				.tokenType(OAuth2AccessToken.TokenType.BEARER)
-				.expiresIn(300)
-				.build();
+				.tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(300).build();
 		when(accessTokenResponseClient.getTokenResponse(any(OAuth2ClientCredentialsGrantRequest.class)))
 				.thenReturn(accessTokenResponse);
 
@@ -128,8 +127,7 @@ public class OAuth2ClientConfigurationTests {
 		OAuth2AuthorizedClientArgumentResolverConfig.ACCESS_TOKEN_RESPONSE_CLIENT = accessTokenResponseClient;
 		this.spring.register(OAuth2AuthorizedClientArgumentResolverConfig.class).autowire();
 
-		this.mockMvc.perform(get("/authorized-client").with(authentication(authentication)))
-				.andExpect(status().isOk())
+		this.mockMvc.perform(get("/authorized-client").with(authentication(authentication))).andExpect(status().isOk())
 				.andExpect(content().string("resolved"));
 		verify(accessTokenResponseClient, times(1)).getTokenResponse(any(OAuth2ClientCredentialsGrantRequest.class));
 	}
@@ -137,6 +135,7 @@ public class OAuth2ClientConfigurationTests {
 	@EnableWebMvc
 	@EnableWebSecurity
 	static class OAuth2AuthorizedClientArgumentResolverConfig extends WebSecurityConfigurerAdapter {
+
 		static ClientRegistrationRepository CLIENT_REGISTRATION_REPOSITORY;
 		static OAuth2AuthorizedClientRepository AUTHORIZED_CLIENT_REPOSITORY;
 		static OAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest> ACCESS_TOKEN_RESPONSE_CLIENT;
@@ -149,9 +148,11 @@ public class OAuth2ClientConfigurationTests {
 		public class Controller {
 
 			@GetMapping("/authorized-client")
-			public String authorizedClient(@RegisteredOAuth2AuthorizedClient("client1") OAuth2AuthorizedClient authorizedClient) {
+			public String authorizedClient(
+					@RegisteredOAuth2AuthorizedClient("client1") OAuth2AuthorizedClient authorizedClient) {
 				return authorizedClient != null ? "resolved" : "not-resolved";
 			}
+
 		}
 
 		@Bean
@@ -168,15 +169,18 @@ public class OAuth2ClientConfigurationTests {
 		public OAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest> accessTokenResponseClient() {
 			return ACCESS_TOKEN_RESPONSE_CLIENT;
 		}
+
 	}
 
 	// gh-5321
 	@Test
 	public void loadContextWhenOAuth2AuthorizedClientRepositoryRegisteredTwiceThenThrowNoUniqueBeanDefinitionException() {
-		assertThatThrownBy(() -> this.spring.register(OAuth2AuthorizedClientRepositoryRegisteredTwiceConfig.class).autowire())
-				.hasRootCauseInstanceOf(NoUniqueBeanDefinitionException.class)
-				.hasMessageContaining("Expected single matching bean of type '" + OAuth2AuthorizedClientRepository.class.getName() +
-					"' but found 2: authorizedClientRepository1,authorizedClientRepository2");
+		assertThatThrownBy(
+				() -> this.spring.register(OAuth2AuthorizedClientRepositoryRegisteredTwiceConfig.class).autowire())
+						.hasRootCauseInstanceOf(NoUniqueBeanDefinitionException.class)
+						.hasMessageContaining("Expected single matching bean of type '"
+								+ OAuth2AuthorizedClientRepository.class.getName()
+								+ "' but found 2: authorizedClientRepository1,authorizedClientRepository2");
 	}
 
 	@EnableWebMvc
@@ -213,13 +217,14 @@ public class OAuth2ClientConfigurationTests {
 		public OAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest> accessTokenResponseClient() {
 			return mock(OAuth2AccessTokenResponseClient.class);
 		}
+
 	}
 
 	@Test
 	public void loadContextWhenClientRegistrationRepositoryNotRegisteredThenThrowNoSuchBeanDefinitionException() {
 		assertThatThrownBy(() -> this.spring.register(ClientRegistrationRepositoryNotRegisteredConfig.class).autowire())
-				.hasRootCauseInstanceOf(NoSuchBeanDefinitionException.class)
-				.hasMessageContaining("No qualifying bean of type '" + ClientRegistrationRepository.class.getName() + "' available");
+				.hasRootCauseInstanceOf(NoSuchBeanDefinitionException.class).hasMessageContaining(
+						"No qualifying bean of type '" + ClientRegistrationRepository.class.getName() + "' available");
 	}
 
 	@EnableWebMvc
@@ -236,13 +241,14 @@ public class OAuth2ClientConfigurationTests {
 				.oauth2Login();
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void loadContextWhenClientRegistrationRepositoryRegisteredTwiceThenThrowNoUniqueBeanDefinitionException() {
-		assertThatThrownBy(() -> this.spring.register(ClientRegistrationRepositoryRegisteredTwiceConfig.class).autowire())
-				.hasRootCauseInstanceOf(NoUniqueBeanDefinitionException.class)
-				.hasMessageContaining("expected single matching bean but found 2: clientRegistrationRepository1,clientRegistrationRepository2");
+		assertThatThrownBy(() -> this.spring.register(ClientRegistrationRepositoryRegisteredTwiceConfig.class)
+				.autowire()).hasRootCauseInstanceOf(NoUniqueBeanDefinitionException.class).hasMessageContaining(
+						"expected single matching bean but found 2: clientRegistrationRepository1,clientRegistrationRepository2");
 	}
 
 	@EnableWebMvc
@@ -279,13 +285,14 @@ public class OAuth2ClientConfigurationTests {
 		public OAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest> accessTokenResponseClient() {
 			return mock(OAuth2AccessTokenResponseClient.class);
 		}
+
 	}
 
 	@Test
 	public void loadContextWhenAccessTokenResponseClientRegisteredTwiceThenThrowNoUniqueBeanDefinitionException() {
 		assertThatThrownBy(() -> this.spring.register(AccessTokenResponseClientRegisteredTwiceConfig.class).autowire())
-				.hasRootCauseInstanceOf(NoUniqueBeanDefinitionException.class)
-				.hasMessageContaining("expected single matching bean but found 2: accessTokenResponseClient1,accessTokenResponseClient2");
+				.hasRootCauseInstanceOf(NoUniqueBeanDefinitionException.class).hasMessageContaining(
+						"expected single matching bean but found 2: accessTokenResponseClient1,accessTokenResponseClient2");
 	}
 
 	@EnableWebMvc
@@ -322,6 +329,7 @@ public class OAuth2ClientConfigurationTests {
 		public OAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest> accessTokenResponseClient2() {
 			return mock(OAuth2AccessTokenResponseClient.class);
 		}
+
 	}
 
 	// gh-8700
@@ -336,8 +344,8 @@ public class OAuth2ClientConfigurationTests {
 		OAuth2AuthorizedClientManager authorizedClientManager = mock(OAuth2AuthorizedClientManager.class);
 
 		ClientRegistration clientRegistration = clientRegistration().registrationId(clientRegistrationId).build();
-		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(
-				clientRegistration, principalName, TestOAuth2AccessTokens.noScopes());
+		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(clientRegistration, principalName,
+				TestOAuth2AccessTokens.noScopes());
 
 		when(authorizedClientManager.authorize(any())).thenReturn(authorizedClient);
 
@@ -346,8 +354,7 @@ public class OAuth2ClientConfigurationTests {
 		OAuth2AuthorizedClientManagerRegisteredConfig.AUTHORIZED_CLIENT_MANAGER = authorizedClientManager;
 		this.spring.register(OAuth2AuthorizedClientManagerRegisteredConfig.class).autowire();
 
-		this.mockMvc.perform(get("/authorized-client").with(authentication(authentication)))
-				.andExpect(status().isOk())
+		this.mockMvc.perform(get("/authorized-client").with(authentication(authentication))).andExpect(status().isOk())
 				.andExpect(content().string("resolved"));
 
 		verify(authorizedClientManager).authorize(any());
@@ -358,6 +365,7 @@ public class OAuth2ClientConfigurationTests {
 	@EnableWebMvc
 	@EnableWebSecurity
 	static class OAuth2AuthorizedClientManagerRegisteredConfig extends WebSecurityConfigurerAdapter {
+
 		static ClientRegistrationRepository CLIENT_REGISTRATION_REPOSITORY;
 		static OAuth2AuthorizedClientRepository AUTHORIZED_CLIENT_REPOSITORY;
 		static OAuth2AuthorizedClientManager AUTHORIZED_CLIENT_MANAGER;
@@ -370,9 +378,11 @@ public class OAuth2ClientConfigurationTests {
 		public class Controller {
 
 			@GetMapping("/authorized-client")
-			public String authorizedClient(@RegisteredOAuth2AuthorizedClient("client1") OAuth2AuthorizedClient authorizedClient) {
+			public String authorizedClient(
+					@RegisteredOAuth2AuthorizedClient("client1") OAuth2AuthorizedClient authorizedClient) {
 				return authorizedClient != null ? "resolved" : "not-resolved";
 			}
+
 		}
 
 		@Bean
@@ -389,5 +399,7 @@ public class OAuth2ClientConfigurationTests {
 		public OAuth2AuthorizedClientManager authorizedClientManager() {
 			return AUTHORIZED_CLIENT_MANAGER;
 		}
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/Sec2515Tests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/Sec2515Tests.java
index 845488117c..1b536a4fe6 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/Sec2515Tests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/Sec2515Tests.java
@@ -34,6 +34,7 @@ import static org.mockito.Mockito.mock;
  * @author Joe Grandja
  */
 public class Sec2515Tests {
+
 	@Rule
 	public final SpringTestRule spring = new SpringTestRule();
 
@@ -51,6 +52,7 @@ public class Sec2515Tests {
 		public AuthenticationManager authenticationManagerBean() throws Exception {
 			return super.authenticationManagerBean();
 		}
+
 	}
 
 	@Test(expected = FatalBeanException.class)
@@ -62,10 +64,11 @@ public class Sec2515Tests {
 	static class CustomBeanNameStackOverflowSecurityConfig extends WebSecurityConfigurerAdapter {
 
 		@Override
-		@Bean(name="custom")
+		@Bean(name = "custom")
 		public AuthenticationManager authenticationManagerBean() throws Exception {
 			return super.authenticationManagerBean();
 		}
+
 	}
 
 	// SEC-2549
@@ -73,7 +76,8 @@ public class Sec2515Tests {
 	public void loadConfigWhenChildClassLoaderSetThenContextLoads() {
 		CanLoadWithChildConfig.AUTHENTICATION_MANAGER = mock(AuthenticationManager.class);
 		this.spring.register(CanLoadWithChildConfig.class);
-		AnnotationConfigWebApplicationContext context = (AnnotationConfigWebApplicationContext) this.spring.getContext();
+		AnnotationConfigWebApplicationContext context = (AnnotationConfigWebApplicationContext) this.spring
+				.getContext();
 		context.setClassLoader(new URLClassLoader(new URL[0], context.getClassLoader()));
 		this.spring.autowire();
 
@@ -82,12 +86,14 @@ public class Sec2515Tests {
 
 	@EnableWebSecurity
 	static class CanLoadWithChildConfig extends WebSecurityConfigurerAdapter {
+
 		static AuthenticationManager AUTHENTICATION_MANAGER;
 
 		@Bean
 		public AuthenticationManager authenticationManager() {
 			return AUTHENTICATION_MANAGER;
 		}
+
 	}
 
 	// SEC-2515
@@ -109,5 +115,7 @@ public class Sec2515Tests {
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
 			auth.inMemoryAuthentication();
 		}
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfigurationResourceServerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfigurationResourceServerTests.java
index 23e84c88b9..6b4d806e1e 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfigurationResourceServerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfigurationResourceServerTests.java
@@ -44,11 +44,13 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
 
 /**
- * Tests for applications of {@link SecurityReactorContextConfiguration} in resource servers.
+ * Tests for applications of {@link SecurityReactorContextConfiguration} in resource
+ * servers.
  *
  * @author Josh Cummings
  */
 public class SecurityReactorContextConfigurationResourceServerTests {
+
 	@Rule
 	public final SpringTestRule spring = new SpringTestRule();
 
@@ -61,9 +63,7 @@ public class SecurityReactorContextConfigurationResourceServerTests {
 		BearerTokenAuthentication authentication = bearer();
 		this.spring.register(BearerFilterConfig.class, WebServerConfig.class, Controller.class).autowire();
 
-		this.mockMvc.perform(get("/token")
-				.with(authentication(authentication)))
-				.andExpect(status().isOk())
+		this.mockMvc.perform(get("/token").with(authentication(authentication))).andExpect(status().isOk())
 				.andExpect(content().string("Bearer token"));
 	}
 
@@ -73,30 +73,28 @@ public class SecurityReactorContextConfigurationResourceServerTests {
 		BearerTokenAuthentication authentication = bearer();
 		this.spring.register(BearerFilterlessConfig.class, WebServerConfig.class, Controller.class).autowire();
 
-		this.mockMvc.perform(get("/token")
-				.with(authentication(authentication)))
-				.andExpect(status().isOk())
+		this.mockMvc.perform(get("/token").with(authentication(authentication))).andExpect(status().isOk())
 				.andExpect(content().string(""));
 	}
 
-
 	@EnableWebSecurity
 	static class BearerFilterConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 		}
 
 		@Bean
 		WebClient rest() {
-			ServletBearerExchangeFilterFunction bearer =
-					new ServletBearerExchangeFilterFunction();
-			return WebClient.builder()
-					.filter(bearer).build();
+			ServletBearerExchangeFilterFunction bearer = new ServletBearerExchangeFilterFunction();
+			return WebClient.builder().filter(bearer).build();
 		}
+
 	}
 
 	@EnableWebSecurity
 	static class BearerFilterlessConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 		}
@@ -105,35 +103,33 @@ public class SecurityReactorContextConfigurationResourceServerTests {
 		WebClient rest() {
 			return WebClient.create();
 		}
+
 	}
 
 	@RestController
 	static class Controller {
+
 		private final WebClient rest;
+
 		private final String uri;
 
 		@Autowired
-			Controller(MockWebServer server, WebClient rest) {
+		Controller(MockWebServer server, WebClient rest) {
 			this.uri = server.url("/").toString();
 			this.rest = rest;
 		}
 
 		@GetMapping("/token")
 		public String token() {
-			return this.rest.get()
-					.uri(this.uri)
-					.retrieve()
-					.bodyToMono(String.class)
-					.flatMap(result -> this.rest.get()
-							.uri(this.uri)
-							.retrieve()
-							.bodyToMono(String.class))
-					.block();
+			return this.rest.get().uri(this.uri).retrieve().bodyToMono(String.class)
+					.flatMap(result -> this.rest.get().uri(this.uri).retrieve().bodyToMono(String.class)).block();
 		}
+
 	}
 
 	@Configuration
 	static class WebServerConfig {
+
 		private final MockWebServer server = new MockWebServer();
 
 		@Bean
@@ -147,6 +143,7 @@ public class SecurityReactorContextConfigurationResourceServerTests {
 		void shutdown() throws Exception {
 			this.server.shutdown();
 		}
+
 	}
 
 	static class AuthorizationHeaderDispatcher extends Dispatcher {
@@ -161,5 +158,7 @@ public class SecurityReactorContextConfigurationResourceServerTests {
 			}
 			return response.setBody(header);
 		}
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfigurationTests.java
index 11d8317dde..daadc8d6b5 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfigurationTests.java
@@ -59,11 +59,14 @@ import static org.springframework.security.config.annotation.web.configuration.S
  * @since 5.2
  */
 public class SecurityReactorContextConfigurationTests {
+
 	private MockHttpServletRequest servletRequest;
+
 	private MockHttpServletResponse servletResponse;
+
 	private Authentication authentication;
-	private SecurityReactorContextConfiguration.SecurityReactorContextSubscriberRegistrar subscriberRegistrar =
-			new SecurityReactorContextConfiguration.SecurityReactorContextSubscriberRegistrar();
+
+	private SecurityReactorContextConfiguration.SecurityReactorContextSubscriberRegistrar subscriberRegistrar = new SecurityReactorContextConfiguration.SecurityReactorContextSubscriberRegistrar();
 
 	@Rule
 	public final SpringTestRule spring = new SpringTestRule();
@@ -90,14 +93,15 @@ public class SecurityReactorContextConfigurationTests {
 				return context;
 			}
 		};
-		CoreSubscriber<Object> resultSubscriber = this.subscriberRegistrar.createSubscriberIfNecessary(originalSubscriber);
+		CoreSubscriber<Object> resultSubscriber = this.subscriberRegistrar
+				.createSubscriberIfNecessary(originalSubscriber);
 		assertThat(resultSubscriber).isSameAs(originalSubscriber);
 	}
 
 	@Test
 	public void createSubscriberIfNecessaryWhenWebSecurityContextAvailableThenCreateWithParentContext() {
-		RequestContextHolder.setRequestAttributes(
-				new ServletRequestAttributes(this.servletRequest, this.servletResponse));
+		RequestContextHolder
+				.setRequestAttributes(new ServletRequestAttributes(this.servletRequest, this.servletResponse));
 		SecurityContextHolder.getContext().setAuthentication(this.authentication);
 
 		String testKey = "test_key";
@@ -116,16 +120,15 @@ public class SecurityReactorContextConfigurationTests {
 		assertThat(resultContext.getOrEmpty(testKey)).hasValue(testValue);
 		Map<Object, Object> securityContextAttributes = resultContext.getOrDefault(SECURITY_CONTEXT_ATTRIBUTES, null);
 		assertThat(securityContextAttributes).hasSize(3);
-		assertThat(securityContextAttributes).contains(
-				entry(HttpServletRequest.class, this.servletRequest),
+		assertThat(securityContextAttributes).contains(entry(HttpServletRequest.class, this.servletRequest),
 				entry(HttpServletResponse.class, this.servletResponse),
 				entry(Authentication.class, this.authentication));
 	}
 
 	@Test
 	public void createSubscriberIfNecessaryWhenParentContextContainsSecurityContextAttributesThenUseParentContext() {
-		RequestContextHolder.setRequestAttributes(
-				new ServletRequestAttributes(this.servletRequest, this.servletResponse));
+		RequestContextHolder
+				.setRequestAttributes(new ServletRequestAttributes(this.servletRequest, this.servletResponse));
 		SecurityContextHolder.getContext().setAuthentication(this.authentication);
 
 		Context parentContext = Context.of(SECURITY_CONTEXT_ATTRIBUTES, new HashMap<>());
@@ -143,76 +146,75 @@ public class SecurityReactorContextConfigurationTests {
 
 	@Test
 	public void createSubscriberIfNecessaryWhenNotServletRequestAttributesThenStillCreate() {
-		RequestContextHolder.setRequestAttributes(
-				new RequestAttributes() {
-					@Override
-					public Object getAttribute(String name, int scope) {
-						return null;
-					}
+		RequestContextHolder.setRequestAttributes(new RequestAttributes() {
+			@Override
+			public Object getAttribute(String name, int scope) {
+				return null;
+			}
 
-					@Override
-					public void setAttribute(String name, Object value, int scope) {
-					}
+			@Override
+			public void setAttribute(String name, Object value, int scope) {
+			}
 
-					@Override
-					public void removeAttribute(String name, int scope) {
-					}
+			@Override
+			public void removeAttribute(String name, int scope) {
+			}
 
-					@Override
-					public String[] getAttributeNames(int scope) {
-						return new String[0];
-					}
+			@Override
+			public String[] getAttributeNames(int scope) {
+				return new String[0];
+			}
 
-					@Override
-					public void registerDestructionCallback(String name, Runnable callback, int scope) {
-					}
+			@Override
+			public void registerDestructionCallback(String name, Runnable callback, int scope) {
+			}
 
-					@Override
-					public Object resolveReference(String key) {
-						return null;
-					}
+			@Override
+			public Object resolveReference(String key) {
+				return null;
+			}
 
-					@Override
-					public String getSessionId() {
-						return null;
-					}
+			@Override
+			public String getSessionId() {
+				return null;
+			}
 
-					@Override
-					public Object getSessionMutex() {
-						return null;
-					}
-				});
+			@Override
+			public Object getSessionMutex() {
+				return null;
+			}
+		});
 
-		CoreSubscriber<Object> subscriber = this.subscriberRegistrar.createSubscriberIfNecessary(Operators.emptySubscriber());
+		CoreSubscriber<Object> subscriber = this.subscriberRegistrar
+				.createSubscriberIfNecessary(Operators.emptySubscriber());
 		assertThat(subscriber).isInstanceOf(SecurityReactorContextConfiguration.SecurityReactorContextSubscriber.class);
 	}
 
 	@Test
 	public void createPublisherWhenLastOperatorAddedThenSecurityContextAttributesAvailable() {
-		// Trigger the importing of SecurityReactorContextConfiguration via OAuth2ImportSelector
+		// Trigger the importing of SecurityReactorContextConfiguration via
+		// OAuth2ImportSelector
 		this.spring.register(SecurityConfig.class).autowire();
 
 		// Setup for SecurityReactorContextSubscriberRegistrar
-		RequestContextHolder.setRequestAttributes(
-				new ServletRequestAttributes(this.servletRequest, this.servletResponse));
+		RequestContextHolder
+				.setRequestAttributes(new ServletRequestAttributes(this.servletRequest, this.servletResponse));
 		SecurityContextHolder.getContext().setAuthentication(this.authentication);
 
 		ClientResponse clientResponseOk = ClientResponse.create(HttpStatus.OK).build();
 
-		ExchangeFilterFunction filter = (req, next) ->
-				Mono.subscriberContext()
-						.filter(ctx -> ctx.hasKey(SECURITY_CONTEXT_ATTRIBUTES))
-						.map(ctx -> ctx.get(SECURITY_CONTEXT_ATTRIBUTES))
-						.cast(Map.class)
-						.map(attributes -> {
-							if (attributes.containsKey(HttpServletRequest.class) &&
-									attributes.containsKey(HttpServletResponse.class) &&
-									attributes.containsKey(Authentication.class)) {
-								return clientResponseOk;
-							} else {
-								return ClientResponse.create(HttpStatus.NOT_FOUND).build();
-							}
-						});
+		ExchangeFilterFunction filter = (req, next) -> Mono.subscriberContext()
+				.filter(ctx -> ctx.hasKey(SECURITY_CONTEXT_ATTRIBUTES)).map(ctx -> ctx.get(SECURITY_CONTEXT_ATTRIBUTES))
+				.cast(Map.class).map(attributes -> {
+					if (attributes.containsKey(HttpServletRequest.class)
+							&& attributes.containsKey(HttpServletResponse.class)
+							&& attributes.containsKey(Authentication.class)) {
+						return clientResponseOk;
+					}
+					else {
+						return ClientResponse.create(HttpStatus.NOT_FOUND).build();
+					}
+				});
 
 		ClientRequest clientRequest = ClientRequest.create(GET, URI.create("https://example.com")).build();
 		MockExchangeFunction exchange = new MockExchangeFunction();
@@ -225,11 +227,8 @@ public class SecurityReactorContextConfigurationTests {
 		Mono<ClientResponse> clientResponseMono = filter.filter(clientRequest, exchange)
 				.flatMap(response -> filter.filter(clientRequest, exchange));
 
-		StepVerifier.create(clientResponseMono)
-				.expectAccessibleContext()
-				.contains(SECURITY_CONTEXT_ATTRIBUTES, expectedContextAttributes)
-				.then()
-				.expectNext(clientResponseOk)
+		StepVerifier.create(clientResponseMono).expectAccessibleContext()
+				.contains(SECURITY_CONTEXT_ATTRIBUTES, expectedContextAttributes).then().expectNext(clientResponseOk)
 				.verifyComplete();
 	}
 
@@ -239,5 +238,7 @@ public class SecurityReactorContextConfigurationTests {
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 		}
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebMvcSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebMvcSecurityConfigurationTests.java
index 9d714433e9..37cac4700b 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebMvcSecurityConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebMvcSecurityConfigurationTests.java
@@ -75,8 +75,7 @@ public class WebMvcSecurityConfigurationTests {
 
 	@Test
 	public void authenticationPrincipalResolved() throws Exception {
-		mockMvc.perform(get("/authentication-principal"))
-				.andExpect(assertResult(authentication.getPrincipal()))
+		mockMvc.perform(get("/authentication-principal")).andExpect(assertResult(authentication.getPrincipal()))
 				.andExpect(view().name("authentication-principal-view"));
 	}
 
@@ -90,8 +89,7 @@ public class WebMvcSecurityConfigurationTests {
 	@Test
 	public void csrfToken() throws Exception {
 		CsrfToken csrfToken = new DefaultCsrfToken("headerName", "paramName", "token");
-		MockHttpServletRequestBuilder request = get("/csrf").requestAttr(
-				CsrfToken.class.getName(), csrfToken);
+		MockHttpServletRequestBuilder request = get("/csrf").requestAttr(CsrfToken.class.getName(), csrfToken);
 
 		mockMvc.perform(request).andExpect(assertResult(csrfToken));
 	}
@@ -104,32 +102,33 @@ public class WebMvcSecurityConfigurationTests {
 	static class TestController {
 
 		@RequestMapping("/authentication-principal")
-		public ModelAndView authenticationPrincipal(
-				@AuthenticationPrincipal String principal) {
+		public ModelAndView authenticationPrincipal(@AuthenticationPrincipal String principal) {
 			return new ModelAndView("authentication-principal-view", "result", principal);
 		}
 
 		@RequestMapping("/deprecated-authentication-principal")
 		public ModelAndView deprecatedAuthenticationPrincipal(
 				@org.springframework.security.web.bind.annotation.AuthenticationPrincipal String principal) {
-			return new ModelAndView("deprecated-authentication-principal-view", "result",
-					principal);
+			return new ModelAndView("deprecated-authentication-principal-view", "result", principal);
 		}
 
 		@RequestMapping("/csrf")
 		public ModelAndView csrf(CsrfToken token) {
 			return new ModelAndView("view", "result", token);
 		}
+
 	}
 
 	@Configuration
 	@EnableWebMvc
 	@EnableWebSecurity
 	static class Config {
+
 		@Bean
 		public TestController testController() {
 			return new TestController();
 		}
+
 	}
 
 }
\ No newline at end of file
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurationTests.java
index 6f27f16b18..d661a39575 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurationTests.java
@@ -74,6 +74,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
  * @author Evgeniy Cheban
  */
 public class WebSecurityConfigurationTests {
+
 	@Rule
 	public final SpringTestRule spring = new SpringTestRule();
 
@@ -118,11 +119,10 @@ public class WebSecurityConfigurationTests {
 		@Configuration
 		@Order(1)
 		static class WebConfigurer1 extends WebSecurityConfigurerAdapter {
+
 			@Override
 			public void configure(WebSecurity web) {
-				web
-					.ignoring()
-						.antMatchers("/ignore1", "/ignore2");
+				web.ignoring().antMatchers("/ignore1", "/ignore2");
 			}
 
 			@Override
@@ -134,11 +134,13 @@ public class WebSecurityConfigurationTests {
 						.anyRequest().hasRole("1");
 				// @formatter:on
 			}
+
 		}
 
 		@Configuration
 		@Order(2)
 		static class WebConfigurer2 extends WebSecurityConfigurerAdapter {
+
 			@Override
 			protected void configure(HttpSecurity http) throws Exception {
 				// @formatter:off
@@ -148,11 +150,13 @@ public class WebSecurityConfigurationTests {
 						.anyRequest().hasRole("2");
 				// @formatter:on
 			}
+
 		}
 
 		@Configuration
 		@Order(3)
 		static class WebConfigurer3 extends WebSecurityConfigurerAdapter {
+
 			@Override
 			protected void configure(HttpSecurity http) throws Exception {
 				// @formatter:off
@@ -162,6 +166,7 @@ public class WebSecurityConfigurationTests {
 						.anyRequest().hasRole("3");
 				// @formatter:on
 			}
+
 		}
 
 		@Configuration
@@ -175,7 +180,9 @@ public class WebSecurityConfigurationTests {
 						.anyRequest().hasRole("4");
 				// @formatter:on
 			}
+
 		}
+
 	}
 
 	@Test
@@ -208,44 +215,29 @@ public class WebSecurityConfigurationTests {
 		@Order(1)
 		@Bean
 		SecurityFilterChain filterChain1(HttpSecurity http) throws Exception {
-			return http
-					.antMatcher("/role1/**")
-					.authorizeRequests(authorize -> authorize
-							.anyRequest().hasRole("1")
-					)
+			return http.antMatcher("/role1/**").authorizeRequests(authorize -> authorize.anyRequest().hasRole("1"))
 					.build();
 		}
 
 		@Order(2)
 		@Bean
 		SecurityFilterChain filterChain2(HttpSecurity http) throws Exception {
-			return http
-					.antMatcher("/role2/**")
-					.authorizeRequests(authorize -> authorize
-							.anyRequest().hasRole("2")
-					)
+			return http.antMatcher("/role2/**").authorizeRequests(authorize -> authorize.anyRequest().hasRole("2"))
 					.build();
 		}
 
 		@Order(3)
 		@Bean
 		SecurityFilterChain filterChain3(HttpSecurity http) throws Exception {
-			return http
-					.antMatcher("/role3/**")
-					.authorizeRequests(authorize -> authorize
-							.anyRequest().hasRole("3")
-					)
+			return http.antMatcher("/role3/**").authorizeRequests(authorize -> authorize.anyRequest().hasRole("3"))
 					.build();
 		}
 
 		@Bean
 		SecurityFilterChain filterChain4(HttpSecurity http) throws Exception {
-			return http
-					.authorizeRequests(authorize -> authorize
-							.anyRequest().hasRole("4")
-					)
-					.build();
+			return http.authorizeRequests(authorize -> authorize.anyRequest().hasRole("4")).build();
 		}
+
 	}
 
 	@Test
@@ -253,9 +245,9 @@ public class WebSecurityConfigurationTests {
 		Throwable thrown = catchThrowable(() -> this.spring.register(DuplicateOrderConfig.class).autowire());
 
 		assertThat(thrown).isInstanceOf(BeanCreationException.class)
-			.hasMessageContaining("@Order on WebSecurityConfigurers must be unique")
-			.hasMessageContaining(DuplicateOrderConfig.WebConfigurer1.class.getName())
-			.hasMessageContaining(DuplicateOrderConfig.WebConfigurer2.class.getName());
+				.hasMessageContaining("@Order on WebSecurityConfigurers must be unique")
+				.hasMessageContaining(DuplicateOrderConfig.WebConfigurer1.class.getName())
+				.hasMessageContaining(DuplicateOrderConfig.WebConfigurer2.class.getName());
 	}
 
 	@EnableWebSecurity
@@ -264,6 +256,7 @@ public class WebSecurityConfigurationTests {
 
 		@Configuration
 		static class WebConfigurer1 extends WebSecurityConfigurerAdapter {
+
 			@Override
 			protected void configure(HttpSecurity http) throws Exception {
 				// @formatter:off
@@ -273,10 +266,12 @@ public class WebSecurityConfigurationTests {
 							.anyRequest().hasRole("1");
 				// @formatter:on
 			}
+
 		}
 
 		@Configuration
 		static class WebConfigurer2 extends WebSecurityConfigurerAdapter {
+
 			@Override
 			protected void configure(HttpSecurity http) throws Exception {
 				// @formatter:off
@@ -286,7 +281,9 @@ public class WebSecurityConfigurationTests {
 							.anyRequest().hasRole("2");
 				// @formatter:on
 			}
+
 		}
+
 	}
 
 	@Test
@@ -296,32 +293,36 @@ public class WebSecurityConfigurationTests {
 		this.spring.register(PrivilegeEvaluatorConfigurerAdapterConfig.class).autowire();
 
 		assertThat(this.spring.getContext().getBean(WebInvocationPrivilegeEvaluator.class))
-			.isSameAs(PrivilegeEvaluatorConfigurerAdapterConfig.PRIVILEGE_EVALUATOR);
+				.isSameAs(PrivilegeEvaluatorConfigurerAdapterConfig.PRIVILEGE_EVALUATOR);
 	}
 
 	@EnableWebSecurity
 	static class PrivilegeEvaluatorConfigurerAdapterConfig extends WebSecurityConfigurerAdapter {
+
 		static WebInvocationPrivilegeEvaluator PRIVILEGE_EVALUATOR;
 
 		@Override
 		public void configure(WebSecurity web) {
 			web.privilegeEvaluator(PRIVILEGE_EVALUATOR);
 		}
+
 	}
 
 	@Test
 	public void loadConfigWhenSecurityExpressionHandlerSetThenIsRegistered() {
 		WebSecurityExpressionHandlerConfig.EXPRESSION_HANDLER = mock(SecurityExpressionHandler.class);
-		when(WebSecurityExpressionHandlerConfig.EXPRESSION_HANDLER.getExpressionParser()).thenReturn(mock(ExpressionParser.class));
+		when(WebSecurityExpressionHandlerConfig.EXPRESSION_HANDLER.getExpressionParser())
+				.thenReturn(mock(ExpressionParser.class));
 
 		this.spring.register(WebSecurityExpressionHandlerConfig.class).autowire();
 
 		assertThat(this.spring.getContext().getBean(SecurityExpressionHandler.class))
-			.isSameAs(WebSecurityExpressionHandlerConfig.EXPRESSION_HANDLER);
+				.isSameAs(WebSecurityExpressionHandlerConfig.EXPRESSION_HANDLER);
 	}
 
 	@EnableWebSecurity
 	static class WebSecurityExpressionHandlerConfig extends WebSecurityConfigurerAdapter {
+
 		static SecurityExpressionHandler EXPRESSION_HANDLER;
 
 		@Override
@@ -338,13 +339,13 @@ public class WebSecurityConfigurationTests {
 					.expressionHandler(EXPRESSION_HANDLER);
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void loadConfigWhenSecurityExpressionHandlerIsNullThenException() {
-		Throwable thrown = catchThrowable(() ->
-				this.spring.register(NullWebSecurityExpressionHandlerConfig.class).autowire()
-		);
+		Throwable thrown = catchThrowable(
+				() -> this.spring.register(NullWebSecurityExpressionHandlerConfig.class).autowire());
 
 		assertThat(thrown).isInstanceOf(BeanCreationException.class);
 		assertThat(thrown).hasRootCauseExactlyInstanceOf(IllegalArgumentException.class);
@@ -357,6 +358,7 @@ public class WebSecurityConfigurationTests {
 		public void configure(WebSecurity web) {
 			web.expressionHandler(null);
 		}
+
 	}
 
 	@Test
@@ -364,11 +366,12 @@ public class WebSecurityConfigurationTests {
 		this.spring.register(WebSecurityExpressionHandlerDefaultsConfig.class).autowire();
 
 		assertThat(this.spring.getContext().getBean(SecurityExpressionHandler.class))
-			.isInstanceOf(DefaultWebSecurityExpressionHandler.class);
+				.isInstanceOf(DefaultWebSecurityExpressionHandler.class);
 	}
 
 	@EnableWebSecurity
 	static class WebSecurityExpressionHandlerDefaultsConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -377,6 +380,7 @@ public class WebSecurityConfigurationTests {
 					.anyRequest().authenticated();
 			// @formatter:on
 		}
+
 	}
 
 	@Test
@@ -386,50 +390,53 @@ public class WebSecurityConfigurationTests {
 		FilterInvocation invocation = new FilterInvocation(new MockHttpServletRequest("GET", ""),
 				new MockHttpServletResponse(), new MockFilterChain());
 
-		AbstractSecurityExpressionHandler handler = this.spring.getContext().getBean(AbstractSecurityExpressionHandler.class);
+		AbstractSecurityExpressionHandler handler = this.spring.getContext()
+				.getBean(AbstractSecurityExpressionHandler.class);
 		EvaluationContext evaluationContext = handler.createEvaluationContext(authentication, invocation);
-		Expression expression = handler.getExpressionParser()
-				.parseExpression("hasRole('ROLE_USER')");
+		Expression expression = handler.getExpressionParser().parseExpression("hasRole('ROLE_USER')");
 		boolean granted = expression.getValue(evaluationContext, Boolean.class);
 		assertThat(granted).isTrue();
 	}
 
 	@EnableWebSecurity
 	static class WebSecurityExpressionHandlerRoleHierarchyBeanConfig extends WebSecurityConfigurerAdapter {
+
 		@Bean
 		RoleHierarchy roleHierarchy() {
 			RoleHierarchyImpl roleHierarchy = new RoleHierarchyImpl();
 			roleHierarchy.setHierarchy("ROLE_ADMIN > ROLE_USER");
 			return roleHierarchy;
 		}
+
 	}
 
 	@Test
 	public void securityExpressionHandlerWhenPermissionEvaluatorBeanThenPermissionEvaluatorUsed() {
 		this.spring.register(WebSecurityExpressionHandlerPermissionEvaluatorBeanConfig.class).autowire();
 		TestingAuthenticationToken authentication = new TestingAuthenticationToken("user", "notused");
-		FilterInvocation invocation = new FilterInvocation(new MockHttpServletRequest("GET", ""), new MockHttpServletResponse(), new MockFilterChain());
+		FilterInvocation invocation = new FilterInvocation(new MockHttpServletRequest("GET", ""),
+				new MockHttpServletResponse(), new MockFilterChain());
 
-		AbstractSecurityExpressionHandler handler = this.spring.getContext().getBean(AbstractSecurityExpressionHandler.class);
+		AbstractSecurityExpressionHandler handler = this.spring.getContext()
+				.getBean(AbstractSecurityExpressionHandler.class);
 		EvaluationContext evaluationContext = handler.createEvaluationContext(authentication, invocation);
-		Expression expression = handler.getExpressionParser()
-				.parseExpression("hasPermission(#study,'DELETE')");
+		Expression expression = handler.getExpressionParser().parseExpression("hasPermission(#study,'DELETE')");
 		boolean granted = expression.getValue(evaluationContext, Boolean.class);
 		assertThat(granted).isTrue();
 	}
 
 	@EnableWebSecurity
 	static class WebSecurityExpressionHandlerPermissionEvaluatorBeanConfig extends WebSecurityConfigurerAdapter {
+
 		static final PermissionEvaluator PERMIT_ALL_PERMISSION_EVALUATOR = new PermissionEvaluator() {
 			@Override
-			public boolean hasPermission(Authentication authentication,
-					Object targetDomainObject, Object permission) {
+			public boolean hasPermission(Authentication authentication, Object targetDomainObject, Object permission) {
 				return true;
 			}
 
 			@Override
-			public boolean hasPermission(Authentication authentication,
-					Serializable targetId, String targetType, Object permission) {
+			public boolean hasPermission(Authentication authentication, Serializable targetId, String targetType,
+					Object permission) {
 				return true;
 			}
 		};
@@ -438,6 +445,7 @@ public class WebSecurityConfigurationTests {
 		public PermissionEvaluator permissionEvaluator() {
 			return PERMIT_ALL_PERMISSION_EVALUATOR;
 		}
+
 	}
 
 	@Test
@@ -445,11 +453,12 @@ public class WebSecurityConfigurationTests {
 		this.spring.register(WebInvocationPrivilegeEvaluatorDefaultsConfig.class).autowire();
 
 		assertThat(this.spring.getContext().getBean(WebInvocationPrivilegeEvaluator.class))
-			.isInstanceOf(DefaultWebInvocationPrivilegeEvaluator.class);
+				.isInstanceOf(DefaultWebInvocationPrivilegeEvaluator.class);
 	}
 
 	@EnableWebSecurity
 	static class WebInvocationPrivilegeEvaluatorDefaultsConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -458,6 +467,7 @@ public class WebSecurityConfigurationTests {
 					.anyRequest().authenticated();
 			// @formatter:on
 		}
+
 	}
 
 	@Test
@@ -465,19 +475,17 @@ public class WebSecurityConfigurationTests {
 		this.spring.register(AuthorizeRequestsFilterChainConfig.class).autowire();
 
 		assertThat(this.spring.getContext().getBean(WebInvocationPrivilegeEvaluator.class))
-			.isInstanceOf(DefaultWebInvocationPrivilegeEvaluator.class);
+				.isInstanceOf(DefaultWebInvocationPrivilegeEvaluator.class);
 	}
 
 	@EnableWebSecurity
 	static class AuthorizeRequestsFilterChainConfig {
+
 		@Bean
 		public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
-			return http
-					.authorizeRequests(authorize -> authorize
-							.anyRequest().authenticated()
-					)
-					.build();
+			return http.authorizeRequests(authorize -> authorize.anyRequest().authenticated()).build();
 		}
+
 	}
 
 	// SEC-2303
@@ -491,6 +499,7 @@ public class WebSecurityConfigurationTests {
 
 	@EnableWebSecurity
 	static class DefaultExpressionHandlerSetsBeanResolverConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -502,10 +511,12 @@ public class WebSecurityConfigurationTests {
 
 		@RestController
 		public class HomeController {
+
 			@GetMapping("/")
 			public String home() {
 				return "home";
 			}
+
 		}
 
 		@Bean
@@ -514,6 +525,7 @@ public class WebSecurityConfigurationTests {
 		}
 
 		static class MyBean {
+
 			public boolean deny() {
 				return false;
 			}
@@ -521,7 +533,9 @@ public class WebSecurityConfigurationTests {
 			public boolean grant() {
 				return true;
 			}
+
 		}
+
 	}
 
 	@Rule
@@ -545,14 +559,17 @@ public class WebSecurityConfigurationTests {
 
 	@EnableWebSecurity
 	static class ParentConfig extends WebSecurityConfigurerAdapter {
+
 		@Autowired
 		public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
 			auth.inMemoryAuthentication();
 		}
+
 	}
 
 	@EnableWebSecurity
 	static class ChildConfig extends WebSecurityConfigurerAdapter {
+
 	}
 
 	// SEC-2773
@@ -564,7 +581,8 @@ public class WebSecurityConfigurationTests {
 
 	@Test
 	public void loadConfigWhenBeanProxyingEnabledAndSubclassThenFilterChainsCreated() {
-		this.spring.register(GlobalAuthenticationWebSecurityConfigurerAdaptersConfig.class, SubclassConfig.class).autowire();
+		this.spring.register(GlobalAuthenticationWebSecurityConfigurerAdaptersConfig.class, SubclassConfig.class)
+				.autowire();
 
 		FilterChainProxy filterChainProxy = this.spring.getContext().getBean(FilterChainProxy.class);
 		List<SecurityFilterChain> filterChains = filterChainProxy.getFilterChains();
@@ -574,19 +592,20 @@ public class WebSecurityConfigurationTests {
 
 	@Configuration
 	static class SubclassConfig extends WebSecurityConfiguration {
+
 	}
 
 	@Import(AuthenticationTestConfiguration.class)
 	@EnableGlobalAuthentication
 	static class GlobalAuthenticationWebSecurityConfigurerAdaptersConfig {
+
 		@Configuration
 		@Order(1)
 		static class WebConfigurer1 extends WebSecurityConfigurerAdapter {
+
 			@Override
 			public void configure(WebSecurity web) {
-				web
-						.ignoring()
-						.antMatchers("/ignore1", "/ignore2");
+				web.ignoring().antMatchers("/ignore1", "/ignore2");
 			}
 
 			@Override
@@ -598,6 +617,7 @@ public class WebSecurityConfigurationTests {
 						.anyRequest().anonymous();
 				// @formatter:on
 			}
+
 		}
 
 		@Configuration
@@ -611,7 +631,9 @@ public class WebSecurityConfigurationTests {
 						.anyRequest().authenticated();
 				// @formatter:on
 			}
+
 		}
+
 	}
 
 	@Test
@@ -627,28 +649,25 @@ public class WebSecurityConfigurationTests {
 	@EnableWebSecurity
 	@Import(AuthenticationTestConfiguration.class)
 	static class AdapterAndFilterChainConfig {
+
 		@Order(1)
 		@Configuration
 		static class WebConfigurer extends WebSecurityConfigurerAdapter {
+
 			@Override
 			protected void configure(HttpSecurity http) throws Exception {
-				http
-						.antMatcher("/config/**")
-						.authorizeRequests(authorize -> authorize
-								.anyRequest().permitAll()
-						);
+				http.antMatcher("/config/**").authorizeRequests(authorize -> authorize.anyRequest().permitAll());
 			}
+
 		}
 
 		@Order(2)
 		@Bean
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
-			return http
-					.antMatcher("/filter/**")
-					.authorizeRequests(authorize -> authorize
-							.anyRequest().authenticated()
-					)
+			return http.antMatcher("/filter/**").authorizeRequests(authorize -> authorize.anyRequest().authenticated())
 					.build();
 		}
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/sec2377/Sec2377Tests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/sec2377/Sec2377Tests.java
index 59631f73b6..246fffe71b 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/sec2377/Sec2377Tests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/sec2377/Sec2377Tests.java
@@ -38,10 +38,10 @@ public class Sec2377Tests {
 	public void refreshContextWhenParentAndChildRegisteredThenNoException() {
 		this.parent.register(Sec2377AConfig.class).autowire();
 
-		ConfigurableApplicationContext context =
-			this.child.register(Sec2377BConfig.class).getContext();
+		ConfigurableApplicationContext context = this.child.register(Sec2377BConfig.class).getContext();
 		context.setParent(this.parent.getContext());
 
 		this.child.autowire();
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AbstractConfigAttributeRequestMatcherRegistryTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AbstractConfigAttributeRequestMatcherRegistryTests.java
index f5f3e9f89b..9f175cf52b 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AbstractConfigAttributeRequestMatcherRegistryTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AbstractConfigAttributeRequestMatcherRegistryTests.java
@@ -29,6 +29,7 @@ import static org.assertj.core.api.Assertions.assertThat;
 import java.util.List;
 
 public class AbstractConfigAttributeRequestMatcherRegistryTests {
+
 	private ConcreteAbstractRequestMatcherMappingConfigurer registry;
 
 	@Before
@@ -37,7 +38,7 @@ public class AbstractConfigAttributeRequestMatcherRegistryTests {
 	}
 
 	@Test
-	public void testGetRequestMatcherIsTypeRegexMatcher(){
+	public void testGetRequestMatcherIsTypeRegexMatcher() {
 		List<RequestMatcher> requestMatchers = registry.regexMatchers(HttpMethod.GET, "/a.*");
 
 		for (RequestMatcher requestMatcher : requestMatchers) {
@@ -46,8 +47,8 @@ public class AbstractConfigAttributeRequestMatcherRegistryTests {
 	}
 
 	@Test
-	public void testRequestMatcherIsTypeRegexMatcher(){
-		List<RequestMatcher> requestMatchers = registry.regexMatchers( "/a.*");
+	public void testRequestMatcherIsTypeRegexMatcher() {
+		List<RequestMatcher> requestMatchers = registry.regexMatchers("/a.*");
 
 		for (RequestMatcher requestMatcher : requestMatchers) {
 			assertThat(requestMatcher).isInstanceOf(RegexRequestMatcher.class);
@@ -55,7 +56,7 @@ public class AbstractConfigAttributeRequestMatcherRegistryTests {
 	}
 
 	@Test
-	public void testGetRequestMatcherIsTypeAntPathRequestMatcher(){
+	public void testGetRequestMatcherIsTypeAntPathRequestMatcher() {
 		List<RequestMatcher> requestMatchers = registry.antMatchers(HttpMethod.GET, "/a.*");
 
 		for (RequestMatcher requestMatcher : requestMatchers) {
@@ -64,7 +65,7 @@ public class AbstractConfigAttributeRequestMatcherRegistryTests {
 	}
 
 	@Test
-	public void testRequestMatcherIsTypeAntPathRequestMatcher(){
+	public void testRequestMatcherIsTypeAntPathRequestMatcher() {
 		List<RequestMatcher> requestMatchers = registry.antMatchers("/a.*");
 
 		for (RequestMatcher requestMatcher : requestMatchers) {
@@ -72,7 +73,9 @@ public class AbstractConfigAttributeRequestMatcherRegistryTests {
 		}
 	}
 
-	static class ConcreteAbstractRequestMatcherMappingConfigurer extends AbstractConfigAttributeRequestMatcherRegistry<List<RequestMatcher>> {
+	static class ConcreteAbstractRequestMatcherMappingConfigurer
+			extends AbstractConfigAttributeRequestMatcherRegistry<List<RequestMatcher>> {
+
 		List<AccessDecisionVoter> decisionVoters() {
 			return null;
 		}
@@ -88,5 +91,7 @@ public class AbstractConfigAttributeRequestMatcherRegistryTests {
 		public List<RequestMatcher> mvcMatchers(HttpMethod method, String... mvcPatterns) {
 			return null;
 		}
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AnonymousConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AnonymousConfigurerTests.java
index fca1d0ab8e..93b035ce64 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AnonymousConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AnonymousConfigurerTests.java
@@ -40,6 +40,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
  * @author Josh Cummings
  */
 public class AnonymousConfigurerTests {
+
 	@Rule
 	public final SpringTestRule spring = new SpringTestRule();
 
@@ -50,8 +51,7 @@ public class AnonymousConfigurerTests {
 	public void requestWhenAnonymousTwiceInvokedThenDoesNotOverride() throws Exception {
 		this.spring.register(InvokeTwiceDoesNotOverride.class, PrincipalController.class).autowire();
 
-		this.mockMvc.perform(get("/"))
-			.andExpect(content().string("principal"));
+		this.mockMvc.perform(get("/")).andExpect(content().string("principal"));
 	}
 
 	@EnableWebSecurity
@@ -69,14 +69,14 @@ public class AnonymousConfigurerTests {
 				.anonymous();
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void requestWhenAnonymousPrincipalInLambdaThenPrincipalUsed() throws Exception {
 		this.spring.register(AnonymousPrincipalInLambdaConfig.class, PrincipalController.class).autowire();
 
-		this.mockMvc.perform(get("/"))
-				.andExpect(content().string("principal"));
+		this.mockMvc.perform(get("/")).andExpect(content().string("principal"));
 	}
 
 	@EnableWebSecurity
@@ -93,18 +93,19 @@ public class AnonymousConfigurerTests {
 				);
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void requestWhenAnonymousDisabledInLambdaThenRespondsWithForbidden() throws Exception {
 		this.spring.register(AnonymousDisabledInLambdaConfig.class, PrincipalController.class).autowire();
 
-		this.mockMvc.perform(get("/"))
-				.andExpect(status().isForbidden());
+		this.mockMvc.perform(get("/")).andExpect(status().isForbidden());
 	}
 
 	@EnableWebSecurity
 	static class AnonymousDisabledInLambdaConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -124,18 +125,19 @@ public class AnonymousConfigurerTests {
 					.withUser(PasswordEncodedUser.user());
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void requestWhenAnonymousWithDefaultsInLambdaThenRespondsWithOk() throws Exception {
 		this.spring.register(AnonymousWithDefaultsInLambdaConfig.class, PrincipalController.class).autowire();
 
-		this.mockMvc.perform(get("/"))
-				.andExpect(status().isOk());
+		this.mockMvc.perform(get("/")).andExpect(status().isOk());
 	}
 
 	@EnableWebSecurity
 	static class AnonymousWithDefaultsInLambdaConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -155,13 +157,17 @@ public class AnonymousConfigurerTests {
 					.withUser(PasswordEncodedUser.user());
 			// @formatter:on
 		}
+
 	}
 
 	@RestController
 	static class PrincipalController {
+
 		@GetMapping("/")
 		String principal(@AuthenticationPrincipal String principal) {
 			return principal;
 		}
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AuthorizeRequestsTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AuthorizeRequestsTests.java
index d10ea89dce..f2388b2184 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AuthorizeRequestsTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AuthorizeRequestsTests.java
@@ -58,11 +58,15 @@ import static org.springframework.security.config.Customizer.withDefaults;
  *
  */
 public class AuthorizeRequestsTests {
+
 	AnnotationConfigWebApplicationContext context;
 
 	MockHttpServletRequest request;
+
 	MockHttpServletResponse response;
+
 	MockFilterChain chain;
+
 	MockServletContext servletContext;
 
 	@Autowired
@@ -98,6 +102,7 @@ public class AuthorizeRequestsTests {
 	@EnableWebSecurity
 	@Configuration
 	static class AntMatchersNoPatternsConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -114,6 +119,7 @@ public class AuthorizeRequestsTests {
 				.inMemoryAuthentication();
 			// @formatter:on
 		}
+
 	}
 
 	@Test
@@ -129,6 +135,7 @@ public class AuthorizeRequestsTests {
 	@EnableWebSecurity
 	@Configuration
 	static class AntMatchersNoPatternsInLambdaConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -147,6 +154,7 @@ public class AuthorizeRequestsTests {
 				.inMemoryAuthentication();
 			// @formatter:on
 		}
+
 	}
 
 	// SEC-2256
@@ -190,6 +198,7 @@ public class AuthorizeRequestsTests {
 	@EnableWebSecurity
 	@Configuration
 	static class AntPatchersPathVariables extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -207,6 +216,7 @@ public class AuthorizeRequestsTests {
 				.inMemoryAuthentication();
 			// @formatter:on
 		}
+
 	}
 
 	// gh-3786
@@ -231,6 +241,7 @@ public class AuthorizeRequestsTests {
 	@EnableWebSecurity
 	@Configuration
 	static class AntMatchersPathVariablesCamelCaseVariables extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -248,6 +259,7 @@ public class AuthorizeRequestsTests {
 				.inMemoryAuthentication();
 			// @formatter:on
 		}
+
 	}
 
 	// gh-3394
@@ -256,8 +268,10 @@ public class AuthorizeRequestsTests {
 		loadConfig(RoleHiearchyConfig.class);
 
 		SecurityContext securityContext = new SecurityContextImpl();
-		securityContext.setAuthentication(new UsernamePasswordAuthenticationToken("test", "notused", AuthorityUtils.createAuthorityList("ROLE_USER")));
-		this.request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, securityContext);
+		securityContext.setAuthentication(new UsernamePasswordAuthenticationToken("test", "notused",
+				AuthorityUtils.createAuthorityList("ROLE_USER")));
+		this.request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY,
+				securityContext);
 
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
 
@@ -267,6 +281,7 @@ public class AuthorizeRequestsTests {
 	@EnableWebSecurity
 	@Configuration
 	static class RoleHiearchyConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -290,6 +305,7 @@ public class AuthorizeRequestsTests {
 			result.setHierarchy("ROLE_USER > ROLE_ADMIN");
 			return result;
 		}
+
 	}
 
 	@Test
@@ -299,30 +315,28 @@ public class AuthorizeRequestsTests {
 		this.request.setRequestURI("/path");
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
 
-		assertThat(this.response.getStatus())
-				.isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
+		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
 
 		setup();
 
 		this.request.setRequestURI("/path.html");
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
 
-		assertThat(this.response.getStatus())
-				.isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
+		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
 
 		setup();
 
 		this.request.setServletPath("/path/");
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
 
-		assertThat(this.response.getStatus())
-				.isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
+		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
 	}
 
 	@EnableWebSecurity
 	@Configuration
 	@EnableWebMvc
 	static class MvcMatcherConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -343,11 +357,14 @@ public class AuthorizeRequestsTests {
 
 		@RestController
 		static class PathController {
+
 			@RequestMapping("/path")
 			public String path() {
 				return "path";
 			}
+
 		}
+
 	}
 
 	@Test
@@ -357,30 +374,28 @@ public class AuthorizeRequestsTests {
 		this.request.setRequestURI("/path");
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
 
-		assertThat(this.response.getStatus())
-				.isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
+		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
 
 		setup();
 
 		this.request.setRequestURI("/path.html");
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
 
-		assertThat(this.response.getStatus())
-				.isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
+		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
 
 		setup();
 
 		this.request.setServletPath("/path/");
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
 
-		assertThat(this.response.getStatus())
-				.isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
+		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
 	}
 
 	@EnableWebSecurity
 	@Configuration
 	@EnableWebMvc
 	static class MvcMatcherInLambdaConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -403,11 +418,14 @@ public class AuthorizeRequestsTests {
 
 		@RestController
 		static class PathController {
+
 			@RequestMapping("/path")
 			public String path() {
 				return "path";
 			}
+
 		}
+
 	}
 
 	@Test
@@ -418,8 +436,7 @@ public class AuthorizeRequestsTests {
 		this.request.setRequestURI("/spring/path");
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
 
-		assertThat(this.response.getStatus())
-				.isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
+		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
 
 		setup();
 
@@ -427,8 +444,7 @@ public class AuthorizeRequestsTests {
 		this.request.setRequestURI("/spring/path.html");
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
 
-		assertThat(this.response.getStatus())
-				.isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
+		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
 
 		setup();
 
@@ -436,8 +452,7 @@ public class AuthorizeRequestsTests {
 		this.request.setRequestURI("/spring/path/");
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
 
-		assertThat(this.response.getStatus())
-				.isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
+		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
 
 		setup();
 
@@ -460,6 +475,7 @@ public class AuthorizeRequestsTests {
 	@Configuration
 	@EnableWebMvc
 	static class MvcMatcherServletPathConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -480,11 +496,14 @@ public class AuthorizeRequestsTests {
 
 		@RestController
 		static class PathController {
+
 			@RequestMapping("/path")
 			public String path() {
 				return "path";
 			}
+
 		}
+
 	}
 
 	@Test
@@ -495,8 +514,7 @@ public class AuthorizeRequestsTests {
 		this.request.setRequestURI("/spring/path");
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
 
-		assertThat(this.response.getStatus())
-				.isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
+		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
 
 		setup();
 
@@ -504,8 +522,7 @@ public class AuthorizeRequestsTests {
 		this.request.setRequestURI("/spring/path.html");
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
 
-		assertThat(this.response.getStatus())
-				.isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
+		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
 
 		setup();
 
@@ -513,8 +530,7 @@ public class AuthorizeRequestsTests {
 		this.request.setRequestURI("/spring/path/");
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
 
-		assertThat(this.response.getStatus())
-				.isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
+		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
 
 		setup();
 
@@ -537,6 +553,7 @@ public class AuthorizeRequestsTests {
 	@Configuration
 	@EnableWebMvc
 	static class MvcMatcherServletPathInLambdaConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -559,11 +576,14 @@ public class AuthorizeRequestsTests {
 
 		@RestController
 		static class PathController {
+
 			@RequestMapping("/path")
 			public String path() {
 				return "path";
 			}
+
 		}
+
 	}
 
 	@Test
@@ -581,14 +601,14 @@ public class AuthorizeRequestsTests {
 
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
 
-		assertThat(this.response.getStatus())
-				.isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
+		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
 	}
 
 	@EnableWebSecurity
 	@Configuration
 	@EnableWebMvc
 	static class MvcMatcherPathVariablesConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -609,11 +629,14 @@ public class AuthorizeRequestsTests {
 
 		@RestController
 		static class PathController {
+
 			@RequestMapping("/path")
 			public String path() {
 				return "path";
 			}
+
 		}
+
 	}
 
 	@Test
@@ -631,14 +654,14 @@ public class AuthorizeRequestsTests {
 
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
 
-		assertThat(this.response.getStatus())
-				.isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
+		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
 	}
 
 	@EnableWebSecurity
 	@Configuration
 	@EnableWebMvc
 	static class MvcMatcherPathVariablesInLambdaConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -661,17 +684,21 @@ public class AuthorizeRequestsTests {
 
 		@RestController
 		static class PathController {
+
 			@RequestMapping("/path")
 			public String path() {
 				return "path";
 			}
+
 		}
+
 	}
 
 	@EnableWebSecurity
 	@Configuration
 	@EnableWebMvc
 	static class MvcMatcherPathServletPathRequiredConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -692,19 +719,24 @@ public class AuthorizeRequestsTests {
 
 		@RestController
 		static class PathController {
+
 			@RequestMapping("/path")
 			public String path() {
 				return "path";
 			}
+
 		}
+
 	}
 
 	@Configuration
 	static class LegacyMvcMatchingConfig implements WebMvcConfigurer {
+
 		@Override
 		public void configurePathMatch(PathMatchConfigurer configurer) {
 			configurer.setUseSuffixPatternMatch(true);
 		}
+
 	}
 
 	public void loadConfig(Class<?>... configs) {
@@ -715,4 +747,5 @@ public class AuthorizeRequestsTests {
 
 		this.context.getAutowireCapableBeanFactory().autowireBean(this);
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ChannelSecurityConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ChannelSecurityConfigurerTests.java
index c33682e716..64f867793c 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ChannelSecurityConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ChannelSecurityConfigurerTests.java
@@ -56,8 +56,7 @@ public class ChannelSecurityConfigurerTests {
 		ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class);
 		this.spring.register(ObjectPostProcessorConfig.class).autowire();
 
-		verify(ObjectPostProcessorConfig.objectPostProcessor)
-				.postProcess(any(InsecureChannelProcessor.class));
+		verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(InsecureChannelProcessor.class));
 	}
 
 	@Test
@@ -65,8 +64,7 @@ public class ChannelSecurityConfigurerTests {
 		ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class);
 		this.spring.register(ObjectPostProcessorConfig.class).autowire();
 
-		verify(ObjectPostProcessorConfig.objectPostProcessor)
-				.postProcess(any(SecureChannelProcessor.class));
+		verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(SecureChannelProcessor.class));
 	}
 
 	@Test
@@ -74,8 +72,7 @@ public class ChannelSecurityConfigurerTests {
 		ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class);
 		this.spring.register(ObjectPostProcessorConfig.class).autowire();
 
-		verify(ObjectPostProcessorConfig.objectPostProcessor)
-				.postProcess(any(ChannelDecisionManagerImpl.class));
+		verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(ChannelDecisionManagerImpl.class));
 	}
 
 	@Test
@@ -83,12 +80,12 @@ public class ChannelSecurityConfigurerTests {
 		ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class);
 		this.spring.register(ObjectPostProcessorConfig.class).autowire();
 
-		verify(ObjectPostProcessorConfig.objectPostProcessor)
-				.postProcess(any(ChannelProcessingFilter.class));
+		verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(ChannelProcessingFilter.class));
 	}
 
 	@EnableWebSecurity
 	static class ObjectPostProcessorConfig extends WebSecurityConfigurerAdapter {
+
 		static ObjectPostProcessor<Object> objectPostProcessor;
 
 		@Override
@@ -104,21 +101,23 @@ public class ChannelSecurityConfigurerTests {
 		static ObjectPostProcessor<Object> objectPostProcessor() {
 			return objectPostProcessor;
 		}
+
 	}
 
 	static class ReflectingObjectPostProcessor implements ObjectPostProcessor<Object> {
+
 		@Override
 		public <O> O postProcess(O object) {
 			return object;
 		}
+
 	}
 
 	@Test
 	public void requiresChannelWhenInvokesTwiceThenUsesOriginalRequiresSecure() throws Exception {
 		this.spring.register(DuplicateInvocationsDoesNotOverrideConfig.class).autowire();
 
-		mvc.perform(get("/"))
-				.andExpect(redirectedUrl("https://localhost/"));
+		mvc.perform(get("/")).andExpect(redirectedUrl("https://localhost/"));
 	}
 
 	@EnableWebSecurity
@@ -134,14 +133,14 @@ public class ChannelSecurityConfigurerTests {
 				.requiresChannel();
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void requestWhenRequiresChannelConfiguredInLambdaThenRedirectsToHttps() throws Exception {
 		this.spring.register(RequiresChannelInLambdaConfig.class).autowire();
 
-		mvc.perform(get("/"))
-				.andExpect(redirectedUrl("https://localhost/"));
+		mvc.perform(get("/")).andExpect(redirectedUrl("https://localhost/"));
 	}
 
 	@EnableWebSecurity
@@ -157,5 +156,7 @@ public class ChannelSecurityConfigurerTests {
 			);
 			// @formatter:on
 		}
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CorsConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CorsConfigurerTests.java
index b880b3ef5b..cdd731287e 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CorsConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CorsConfigurerTests.java
@@ -55,6 +55,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
  * @author Eleftheria Stein
  */
 public class CorsConfigurerTests {
+
 	@Rule
 	public final SpringTestRule spring = new SpringTestRule();
 
@@ -64,8 +65,8 @@ public class CorsConfigurerTests {
 	@Test
 	public void configureWhenNoMvcThenException() {
 		assertThatThrownBy(() -> this.spring.register(DefaultCorsConfig.class).autowire())
-				.isInstanceOf(BeanCreationException.class)
-				.hasMessageContaining("Please ensure Spring Security & Spring MVC are configured in a shared ApplicationContext");
+				.isInstanceOf(BeanCreationException.class).hasMessageContaining(
+						"Please ensure Spring Security & Spring MVC are configured in a shared ApplicationContext");
 	}
 
 	@EnableWebSecurity
@@ -81,14 +82,14 @@ public class CorsConfigurerTests {
 				.cors();
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void getWhenCrossOriginAnnotationThenRespondsWithCorsHeaders() throws Exception {
 		this.spring.register(MvcCorsConfig.class).autowire();
 
-		this.mvc.perform(get("/")
-				.header(HttpHeaders.ORIGIN, "https://example.com"))
+		this.mvc.perform(get("/").header(HttpHeaders.ORIGIN, "https://example.com"))
 				.andExpect(header().exists("Access-Control-Allow-Origin"))
 				.andExpect(header().exists("X-Content-Type-Options"));
 	}
@@ -99,8 +100,7 @@ public class CorsConfigurerTests {
 
 		this.mvc.perform(options("/")
 				.header(org.springframework.http.HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, HttpMethod.POST.name())
-				.header(HttpHeaders.ORIGIN, "https://example.com"))
-				.andExpect(status().isOk())
+				.header(HttpHeaders.ORIGIN, "https://example.com")).andExpect(status().isOk())
 				.andExpect(header().exists("Access-Control-Allow-Origin"))
 				.andExpect(header().exists("X-Content-Type-Options"));
 	}
@@ -121,23 +121,23 @@ public class CorsConfigurerTests {
 		}
 
 		@RestController
-		@CrossOrigin(methods = {
-				RequestMethod.GET, RequestMethod.POST
-		})
+		@CrossOrigin(methods = { RequestMethod.GET, RequestMethod.POST })
 		static class CorsController {
+
 			@RequestMapping("/")
 			String hello() {
 				return "Hello";
 			}
+
 		}
+
 	}
 
 	@Test
 	public void getWhenDefaultsInLambdaAndCrossOriginAnnotationThenRespondsWithCorsHeaders() throws Exception {
 		this.spring.register(MvcCorsInLambdaConfig.class).autowire();
 
-		this.mvc.perform(get("/")
-				.header(HttpHeaders.ORIGIN, "https://example.com"))
+		this.mvc.perform(get("/").header(HttpHeaders.ORIGIN, "https://example.com"))
 				.andExpect(header().exists("Access-Control-Allow-Origin"))
 				.andExpect(header().exists("X-Content-Type-Options"));
 	}
@@ -148,8 +148,7 @@ public class CorsConfigurerTests {
 
 		this.mvc.perform(options("/")
 				.header(org.springframework.http.HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, HttpMethod.POST.name())
-				.header(HttpHeaders.ORIGIN, "https://example.com"))
-				.andExpect(status().isOk())
+				.header(HttpHeaders.ORIGIN, "https://example.com")).andExpect(status().isOk())
 				.andExpect(header().exists("Access-Control-Allow-Origin"))
 				.andExpect(header().exists("X-Content-Type-Options"));
 	}
@@ -171,23 +170,23 @@ public class CorsConfigurerTests {
 		}
 
 		@RestController
-		@CrossOrigin(methods = {
-				RequestMethod.GET, RequestMethod.POST
-		})
+		@CrossOrigin(methods = { RequestMethod.GET, RequestMethod.POST })
 		static class CorsController {
+
 			@RequestMapping("/")
 			String hello() {
 				return "Hello";
 			}
+
 		}
+
 	}
 
 	@Test
 	public void getWhenCorsConfigurationSourceBeanThenRespondsWithCorsHeaders() throws Exception {
 		this.spring.register(ConfigSourceConfig.class).autowire();
 
-		this.mvc.perform(get("/")
-				.header(HttpHeaders.ORIGIN, "https://example.com"))
+		this.mvc.perform(get("/").header(HttpHeaders.ORIGIN, "https://example.com"))
 				.andExpect(header().exists("Access-Control-Allow-Origin"))
 				.andExpect(header().exists("X-Content-Type-Options"));
 	}
@@ -198,8 +197,7 @@ public class CorsConfigurerTests {
 
 		this.mvc.perform(options("/")
 				.header(org.springframework.http.HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, HttpMethod.POST.name())
-				.header(HttpHeaders.ORIGIN, "https://example.com"))
-				.andExpect(status().isOk())
+				.header(HttpHeaders.ORIGIN, "https://example.com")).andExpect(status().isOk())
 				.andExpect(header().exists("Access-Control-Allow-Origin"))
 				.andExpect(header().exists("X-Content-Type-Options"));
 	}
@@ -223,12 +221,11 @@ public class CorsConfigurerTests {
 			UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
 			CorsConfiguration corsConfiguration = new CorsConfiguration();
 			corsConfiguration.setAllowedOrigins(Collections.singletonList("*"));
-			corsConfiguration.setAllowedMethods(Arrays.asList(
-					RequestMethod.GET.name(),
-					RequestMethod.POST.name()));
+			corsConfiguration.setAllowedMethods(Arrays.asList(RequestMethod.GET.name(), RequestMethod.POST.name()));
 			source.registerCorsConfiguration("/**", corsConfiguration);
 			return source;
 		}
+
 	}
 
 	@Test
@@ -236,8 +233,7 @@ public class CorsConfigurerTests {
 			throws Exception {
 		this.spring.register(ConfigSourceInLambdaConfig.class).autowire();
 
-		this.mvc.perform(get("/")
-				.header(HttpHeaders.ORIGIN, "https://example.com"))
+		this.mvc.perform(get("/").header(HttpHeaders.ORIGIN, "https://example.com"))
 				.andExpect(header().exists("Access-Control-Allow-Origin"))
 				.andExpect(header().exists("X-Content-Type-Options"));
 	}
@@ -249,8 +245,7 @@ public class CorsConfigurerTests {
 
 		this.mvc.perform(options("/")
 				.header(org.springframework.http.HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, HttpMethod.POST.name())
-				.header(HttpHeaders.ORIGIN, "https://example.com"))
-				.andExpect(status().isOk())
+				.header(HttpHeaders.ORIGIN, "https://example.com")).andExpect(status().isOk())
 				.andExpect(header().exists("Access-Control-Allow-Origin"))
 				.andExpect(header().exists("X-Content-Type-Options"));
 	}
@@ -275,20 +270,18 @@ public class CorsConfigurerTests {
 			UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
 			CorsConfiguration corsConfiguration = new CorsConfiguration();
 			corsConfiguration.setAllowedOrigins(Collections.singletonList("*"));
-			corsConfiguration.setAllowedMethods(Arrays.asList(
-					RequestMethod.GET.name(),
-					RequestMethod.POST.name()));
+			corsConfiguration.setAllowedMethods(Arrays.asList(RequestMethod.GET.name(), RequestMethod.POST.name()));
 			source.registerCorsConfiguration("/**", corsConfiguration);
 			return source;
 		}
+
 	}
 
 	@Test
 	public void getWhenCorsFilterBeanThenRespondsWithCorsHeaders() throws Exception {
 		this.spring.register(CorsFilterConfig.class).autowire();
 
-		this.mvc.perform(get("/")
-				.header(HttpHeaders.ORIGIN, "https://example.com"))
+		this.mvc.perform(get("/").header(HttpHeaders.ORIGIN, "https://example.com"))
 				.andExpect(header().exists("Access-Control-Allow-Origin"))
 				.andExpect(header().exists("X-Content-Type-Options"));
 	}
@@ -299,8 +292,7 @@ public class CorsConfigurerTests {
 
 		this.mvc.perform(options("/")
 				.header(org.springframework.http.HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, HttpMethod.POST.name())
-				.header(HttpHeaders.ORIGIN, "https://example.com"))
-				.andExpect(status().isOk())
+				.header(HttpHeaders.ORIGIN, "https://example.com")).andExpect(status().isOk())
 				.andExpect(header().exists("Access-Control-Allow-Origin"))
 				.andExpect(header().exists("X-Content-Type-Options"));
 	}
@@ -324,20 +316,18 @@ public class CorsConfigurerTests {
 			UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
 			CorsConfiguration corsConfiguration = new CorsConfiguration();
 			corsConfiguration.setAllowedOrigins(Collections.singletonList("*"));
-			corsConfiguration.setAllowedMethods(Arrays.asList(
-					RequestMethod.GET.name(),
-					RequestMethod.POST.name()));
+			corsConfiguration.setAllowedMethods(Arrays.asList(RequestMethod.GET.name(), RequestMethod.POST.name()));
 			source.registerCorsConfiguration("/**", corsConfiguration);
 			return new CorsFilter(source);
 		}
+
 	}
 
 	@Test
 	public void getWhenConfigSourceInLambdaConfigAndCorsFilterBeanThenRespondsWithCorsHeaders() throws Exception {
 		this.spring.register(CorsFilterInLambdaConfig.class).autowire();
 
-		this.mvc.perform(get("/")
-				.header(HttpHeaders.ORIGIN, "https://example.com"))
+		this.mvc.perform(get("/").header(HttpHeaders.ORIGIN, "https://example.com"))
 				.andExpect(header().exists("Access-Control-Allow-Origin"))
 				.andExpect(header().exists("X-Content-Type-Options"));
 	}
@@ -348,8 +338,7 @@ public class CorsConfigurerTests {
 
 		this.mvc.perform(options("/")
 				.header(org.springframework.http.HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, HttpMethod.POST.name())
-				.header(HttpHeaders.ORIGIN, "https://example.com"))
-				.andExpect(status().isOk())
+				.header(HttpHeaders.ORIGIN, "https://example.com")).andExpect(status().isOk())
 				.andExpect(header().exists("Access-Control-Allow-Origin"))
 				.andExpect(header().exists("X-Content-Type-Options"));
 	}
@@ -374,11 +363,11 @@ public class CorsConfigurerTests {
 			UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
 			CorsConfiguration corsConfiguration = new CorsConfiguration();
 			corsConfiguration.setAllowedOrigins(Collections.singletonList("*"));
-			corsConfiguration.setAllowedMethods(Arrays.asList(
-					RequestMethod.GET.name(),
-					RequestMethod.POST.name()));
+			corsConfiguration.setAllowedMethods(Arrays.asList(RequestMethod.GET.name(), RequestMethod.POST.name()));
 			source.registerCorsConfiguration("/**", corsConfiguration);
 			return new CorsFilter(source);
 		}
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerIgnoringRequestMatchersTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerIgnoringRequestMatchersTests.java
index 56d99f0610..9825c8ea99 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerIgnoringRequestMatchersTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerIgnoringRequestMatchersTests.java
@@ -48,21 +48,18 @@ public class CsrfConfigurerIgnoringRequestMatchersTests {
 	public final SpringTestRule spring = new SpringTestRule();
 
 	@Test
-	public void requestWhenIgnoringRequestMatchersThenAugmentedByConfiguredRequestMatcher()
-			throws Exception {
+	public void requestWhenIgnoringRequestMatchersThenAugmentedByConfiguredRequestMatcher() throws Exception {
 		this.spring.register(IgnoringRequestMatchers.class, BasicController.class).autowire();
 
-		this.mvc.perform(get("/path"))
-				.andExpect(status().isForbidden());
+		this.mvc.perform(get("/path")).andExpect(status().isForbidden());
 
-		this.mvc.perform(post("/path"))
-				.andExpect(status().isOk());
+		this.mvc.perform(post("/path")).andExpect(status().isOk());
 	}
 
 	@EnableWebSecurity
 	static class IgnoringRequestMatchers extends WebSecurityConfigurerAdapter {
-		RequestMatcher requestMatcher =
-				request -> HttpMethod.POST.name().equals(request.getMethod());
+
+		RequestMatcher requestMatcher = request -> HttpMethod.POST.name().equals(request.getMethod());
 
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
@@ -73,24 +70,22 @@ public class CsrfConfigurerIgnoringRequestMatchersTests {
 					.ignoringRequestMatchers(this.requestMatcher);
 			// @formatter:on
 		}
+
 	}
 
 	@Test
-	public void requestWhenIgnoringRequestMatchersInLambdaThenAugmentedByConfiguredRequestMatcher()
-			throws Exception {
+	public void requestWhenIgnoringRequestMatchersInLambdaThenAugmentedByConfiguredRequestMatcher() throws Exception {
 		this.spring.register(IgnoringRequestInLambdaMatchers.class, BasicController.class).autowire();
 
-		this.mvc.perform(get("/path"))
-				.andExpect(status().isForbidden());
+		this.mvc.perform(get("/path")).andExpect(status().isForbidden());
 
-		this.mvc.perform(post("/path"))
-				.andExpect(status().isOk());
+		this.mvc.perform(post("/path")).andExpect(status().isOk());
 	}
 
 	@EnableWebSecurity
 	static class IgnoringRequestInLambdaMatchers extends WebSecurityConfigurerAdapter {
-		RequestMatcher requestMatcher =
-				request -> HttpMethod.POST.name().equals(request.getMethod());
+
+		RequestMatcher requestMatcher = request -> HttpMethod.POST.name().equals(request.getMethod());
 
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
@@ -103,28 +98,25 @@ public class CsrfConfigurerIgnoringRequestMatchersTests {
 				);
 			// @formatter:on
 		}
+
 	}
 
 	@Test
-	public void requestWhenIgnoringRequestMatcherThenUnionsWithConfiguredIgnoringAntMatchers()
-			throws Exception {
+	public void requestWhenIgnoringRequestMatcherThenUnionsWithConfiguredIgnoringAntMatchers() throws Exception {
 
 		this.spring.register(IgnoringPathsAndMatchers.class, BasicController.class).autowire();
 
-		this.mvc.perform(put("/csrf"))
-				.andExpect(status().isForbidden());
+		this.mvc.perform(put("/csrf")).andExpect(status().isForbidden());
 
-		this.mvc.perform(post("/csrf"))
-				.andExpect(status().isOk());
+		this.mvc.perform(post("/csrf")).andExpect(status().isOk());
 
-		this.mvc.perform(put("/no-csrf"))
-				.andExpect(status().isOk());
+		this.mvc.perform(put("/no-csrf")).andExpect(status().isOk());
 	}
 
 	@EnableWebSecurity
 	static class IgnoringPathsAndMatchers extends WebSecurityConfigurerAdapter {
-		RequestMatcher requestMatcher =
-				request -> HttpMethod.POST.name().equals(request.getMethod());
+
+		RequestMatcher requestMatcher = request -> HttpMethod.POST.name().equals(request.getMethod());
 
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
@@ -135,6 +127,7 @@ public class CsrfConfigurerIgnoringRequestMatchersTests {
 					.ignoringRequestMatchers(this.requestMatcher);
 			// @formatter:on
 		}
+
 	}
 
 	@Test
@@ -143,20 +136,17 @@ public class CsrfConfigurerIgnoringRequestMatchersTests {
 
 		this.spring.register(IgnoringPathsAndMatchersInLambdaConfig.class, BasicController.class).autowire();
 
-		this.mvc.perform(put("/csrf"))
-				.andExpect(status().isForbidden());
+		this.mvc.perform(put("/csrf")).andExpect(status().isForbidden());
 
-		this.mvc.perform(post("/csrf"))
-				.andExpect(status().isOk());
+		this.mvc.perform(post("/csrf")).andExpect(status().isOk());
 
-		this.mvc.perform(put("/no-csrf"))
-				.andExpect(status().isOk());
+		this.mvc.perform(put("/no-csrf")).andExpect(status().isOk());
 	}
 
 	@EnableWebSecurity
 	static class IgnoringPathsAndMatchersInLambdaConfig extends WebSecurityConfigurerAdapter {
-		RequestMatcher requestMatcher =
-				request -> HttpMethod.POST.name().equals(request.getMethod());
+
+		RequestMatcher requestMatcher = request -> HttpMethod.POST.name().equals(request.getMethod());
 
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
@@ -169,10 +159,12 @@ public class CsrfConfigurerIgnoringRequestMatchersTests {
 				);
 			// @formatter:on
 		}
+
 	}
 
 	@RestController
 	public static class BasicController {
+
 		@RequestMapping("/path")
 		public String path() {
 			return "path";
@@ -187,5 +179,7 @@ public class CsrfConfigurerIgnoringRequestMatchersTests {
 		public String noCsrf() {
 			return "no-csrf";
 		}
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerNoWebMvcTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerNoWebMvcTests.java
index 61df857d62..a7da0f3829 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerNoWebMvcTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerNoWebMvcTests.java
@@ -36,6 +36,7 @@ import org.springframework.web.servlet.support.RequestDataValueProcessor;
  *
  */
 public class CsrfConfigurerNoWebMvcTests {
+
 	ConfigurableApplicationContext context;
 
 	@After
@@ -73,15 +74,18 @@ public class CsrfConfigurerNoWebMvcTests {
 		@Override
 		protected void configure(HttpSecurity http) {
 		}
+
 	}
 
 	@EnableWebSecurity
 	static class EnableWebOverrideRequestDataConfig {
+
 		@Bean
 		@Primary
 		public RequestDataValueProcessor requestDataValueProcessor() {
 			return mock(RequestDataValueProcessor.class);
 		}
+
 	}
 
 	@EnableWebSecurity
@@ -90,6 +94,7 @@ public class CsrfConfigurerNoWebMvcTests {
 		@Override
 		protected void configure(HttpSecurity http) {
 		}
+
 	}
 
 	private void loadContext(Class<?> configs) {
@@ -98,4 +103,5 @@ public class CsrfConfigurerNoWebMvcTests {
 		annotationConfigApplicationContext.refresh();
 		this.context = annotationConfigApplicationContext;
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerTests.java
index 7165b06422..f7fb67a934 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerTests.java
@@ -75,6 +75,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
  * @author Sam Simmons
  */
 public class CsrfConfigurerTests {
+
 	@Rule
 	public final SpringTestRule spring = new SpringTestRule();
 
@@ -83,83 +84,83 @@ public class CsrfConfigurerTests {
 
 	@Test
 	public void postWhenWebSecurityEnabledThenRespondsWithForbidden() throws Exception {
-		this.spring.register(CsrfAppliedDefaultConfig.class, AllowHttpMethodsFirewallConfig.class, BasicController.class)
+		this.spring
+				.register(CsrfAppliedDefaultConfig.class, AllowHttpMethodsFirewallConfig.class, BasicController.class)
 				.autowire();
 
-		this.mvc.perform(post("/"))
-				.andExpect(status().isForbidden());
+		this.mvc.perform(post("/")).andExpect(status().isForbidden());
 	}
 
 	@Test
 	public void putWhenWebSecurityEnabledThenRespondsWithForbidden() throws Exception {
-		this.spring.register(CsrfAppliedDefaultConfig.class, AllowHttpMethodsFirewallConfig.class, BasicController.class)
+		this.spring
+				.register(CsrfAppliedDefaultConfig.class, AllowHttpMethodsFirewallConfig.class, BasicController.class)
 				.autowire();
 
-		this.mvc.perform(put("/"))
-				.andExpect(status().isForbidden());
+		this.mvc.perform(put("/")).andExpect(status().isForbidden());
 	}
 
 	@Test
 	public void patchWhenWebSecurityEnabledThenRespondsWithForbidden() throws Exception {
-		this.spring.register(CsrfAppliedDefaultConfig.class, AllowHttpMethodsFirewallConfig.class, BasicController.class)
+		this.spring
+				.register(CsrfAppliedDefaultConfig.class, AllowHttpMethodsFirewallConfig.class, BasicController.class)
 				.autowire();
 
-		this.mvc.perform(patch("/"))
-				.andExpect(status().isForbidden());
+		this.mvc.perform(patch("/")).andExpect(status().isForbidden());
 	}
 
 	@Test
 	public void deleteWhenWebSecurityEnabledThenRespondsWithForbidden() throws Exception {
-		this.spring.register(CsrfAppliedDefaultConfig.class, AllowHttpMethodsFirewallConfig.class, BasicController.class)
+		this.spring
+				.register(CsrfAppliedDefaultConfig.class, AllowHttpMethodsFirewallConfig.class, BasicController.class)
 				.autowire();
 
-		this.mvc.perform(delete("/"))
-				.andExpect(status().isForbidden());
+		this.mvc.perform(delete("/")).andExpect(status().isForbidden());
 	}
 
 	@Test
 	public void invalidWhenWebSecurityEnabledThenRespondsWithForbidden() throws Exception {
-		this.spring.register(CsrfAppliedDefaultConfig.class, AllowHttpMethodsFirewallConfig.class, BasicController.class)
+		this.spring
+				.register(CsrfAppliedDefaultConfig.class, AllowHttpMethodsFirewallConfig.class, BasicController.class)
 				.autowire();
 
-		this.mvc.perform(request("INVALID", URI.create("/")))
-				.andExpect(status().isForbidden());
+		this.mvc.perform(request("INVALID", URI.create("/"))).andExpect(status().isForbidden());
 	}
 
 	@Test
 	public void getWhenWebSecurityEnabledThenRespondsWithOk() throws Exception {
-		this.spring.register(CsrfAppliedDefaultConfig.class, AllowHttpMethodsFirewallConfig.class, BasicController.class)
+		this.spring
+				.register(CsrfAppliedDefaultConfig.class, AllowHttpMethodsFirewallConfig.class, BasicController.class)
 				.autowire();
 
-		this.mvc.perform(get("/"))
-				.andExpect(status().isOk());
+		this.mvc.perform(get("/")).andExpect(status().isOk());
 	}
 
 	@Test
 	public void headWhenWebSecurityEnabledThenRespondsWithOk() throws Exception {
-		this.spring.register(CsrfAppliedDefaultConfig.class, AllowHttpMethodsFirewallConfig.class, BasicController.class)
+		this.spring
+				.register(CsrfAppliedDefaultConfig.class, AllowHttpMethodsFirewallConfig.class, BasicController.class)
 				.autowire();
 
-		this.mvc.perform(head("/"))
-				.andExpect(status().isOk());
+		this.mvc.perform(head("/")).andExpect(status().isOk());
 	}
 
 	@Test
 	public void traceWhenWebSecurityEnabledThenRespondsWithOk() throws Exception {
-		this.spring.register(CsrfAppliedDefaultConfig.class, AllowHttpMethodsFirewallConfig.class, BasicController.class)
+		this.spring
+				.register(CsrfAppliedDefaultConfig.class, AllowHttpMethodsFirewallConfig.class, BasicController.class)
 				.autowire();
 
-		this.mvc.perform(request(HttpMethod.TRACE, "/"))
-				.andExpect(status().isOk());
+		this.mvc.perform(request(HttpMethod.TRACE, "/")).andExpect(status().isOk());
 	}
 
 	@Test
 	public void optionsWhenWebSecurityEnabledThenRespondsWithOk() throws Exception {
-		this.spring.register(CsrfAppliedDefaultConfig.class, AllowHttpMethodsFirewallConfig.class, BasicController.class)
+		this.spring
+				.register(CsrfAppliedDefaultConfig.class, AllowHttpMethodsFirewallConfig.class, BasicController.class)
 				.autowire();
 
-		this.mvc.perform(options("/"))
-				.andExpect(status().isOk());
+		this.mvc.perform(options("/")).andExpect(status().isOk());
 	}
 
 	@Test
@@ -171,12 +172,14 @@ public class CsrfConfigurerTests {
 
 	@Configuration
 	static class AllowHttpMethodsFirewallConfig {
+
 		@Bean
 		StrictHttpFirewall strictHttpFirewall() {
 			StrictHttpFirewall result = new StrictHttpFirewall();
 			result.setUnsafeAllowAnyHttpMethod(true);
 			return result;
 		}
+
 	}
 
 	@EnableWebSecurity
@@ -185,14 +188,14 @@ public class CsrfConfigurerTests {
 		@Override
 		protected void configure(HttpSecurity http) {
 		}
+
 	}
 
 	@Test
 	public void postWhenCsrfDisabledThenRespondsWithOk() throws Exception {
 		this.spring.register(DisableCsrfConfig.class, BasicController.class).autowire();
 
-		this.mvc.perform(post("/"))
-				.andExpect(status().isOk());
+		this.mvc.perform(post("/")).andExpect(status().isOk());
 	}
 
 	@EnableWebSecurity
@@ -206,14 +209,14 @@ public class CsrfConfigurerTests {
 					.disable();
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void postWhenCsrfDisabledInLambdaThenRespondsWithOk() throws Exception {
 		this.spring.register(DisableCsrfInLambdaConfig.class, BasicController.class).autowire();
 
-		this.mvc.perform(post("/"))
-				.andExpect(status().isOk());
+		this.mvc.perform(post("/")).andExpect(status().isOk());
 	}
 
 	@EnableWebSecurity
@@ -226,6 +229,7 @@ public class CsrfConfigurerTests {
 				.csrf(AbstractHttpConfigurer::disable);
 			// @formatter:on
 		}
+
 	}
 
 	// SEC-2498
@@ -235,11 +239,8 @@ public class CsrfConfigurerTests {
 
 		MvcResult mvcResult = this.mvc.perform(post("/to-save")).andReturn();
 
-		this.mvc.perform(post("/login")
-				.param("username", "user")
-				.param("password", "password")
-				.session((MockHttpSession) mvcResult.getRequest().getSession()))
-				.andExpect(status().isFound())
+		this.mvc.perform(post("/login").param("username", "user").param("password", "password")
+				.session((MockHttpSession) mvcResult.getRequest().getSession())).andExpect(status().isFound())
 				.andExpect(redirectedUrl("http://localhost/to-save"));
 	}
 
@@ -268,6 +269,7 @@ public class CsrfConfigurerTests {
 				.withUser(PasswordEncodedUser.user());
 			// @formatter:on
 		}
+
 	}
 
 	@Test
@@ -278,17 +280,13 @@ public class CsrfConfigurerTests {
 		when(CsrfDisablesPostRequestFromRequestCacheConfig.REPO.generateToken(any())).thenReturn(csrfToken);
 		this.spring.register(CsrfDisablesPostRequestFromRequestCacheConfig.class).autowire();
 
-		MvcResult mvcResult = this.mvc.perform(post("/some-url"))
-				.andReturn();
-		this.mvc.perform(post("/login")
-				.param("username", "user")
-				.param("password", "password")
-				.with(csrf())
-				.session((MockHttpSession) mvcResult.getRequest().getSession()))
-				.andExpect(status().isFound())
+		MvcResult mvcResult = this.mvc.perform(post("/some-url")).andReturn();
+		this.mvc.perform(post("/login").param("username", "user").param("password", "password").with(csrf())
+				.session((MockHttpSession) mvcResult.getRequest().getSession())).andExpect(status().isFound())
 				.andExpect(redirectedUrl("/"));
 
-		verify(CsrfDisablesPostRequestFromRequestCacheConfig.REPO, atLeastOnce()).loadToken(any(HttpServletRequest.class));
+		verify(CsrfDisablesPostRequestFromRequestCacheConfig.REPO, atLeastOnce())
+				.loadToken(any(HttpServletRequest.class));
 	}
 
 	@Test
@@ -299,21 +297,18 @@ public class CsrfConfigurerTests {
 		when(CsrfDisablesPostRequestFromRequestCacheConfig.REPO.generateToken(any())).thenReturn(csrfToken);
 		this.spring.register(CsrfDisablesPostRequestFromRequestCacheConfig.class).autowire();
 
-		MvcResult mvcResult = this.mvc.perform(get("/some-url"))
-				.andReturn();
-		this.mvc.perform(post("/login")
-				.param("username", "user")
-				.param("password", "password")
-				.with(csrf())
-				.session((MockHttpSession) mvcResult.getRequest().getSession()))
-				.andExpect(status().isFound())
+		MvcResult mvcResult = this.mvc.perform(get("/some-url")).andReturn();
+		this.mvc.perform(post("/login").param("username", "user").param("password", "password").with(csrf())
+				.session((MockHttpSession) mvcResult.getRequest().getSession())).andExpect(status().isFound())
 				.andExpect(redirectedUrl("http://localhost/some-url"));
 
-		verify(CsrfDisablesPostRequestFromRequestCacheConfig.REPO, atLeastOnce()).loadToken(any(HttpServletRequest.class));
+		verify(CsrfDisablesPostRequestFromRequestCacheConfig.REPO, atLeastOnce())
+				.loadToken(any(HttpServletRequest.class));
 	}
 
 	@EnableWebSecurity
 	static class CsrfDisablesPostRequestFromRequestCacheConfig extends WebSecurityConfigurerAdapter {
+
 		static CsrfTokenRepository REPO;
 
 		@Override
@@ -338,6 +333,7 @@ public class CsrfConfigurerTests {
 					.withUser(PasswordEncodedUser.user());
 			// @formatter:on
 		}
+
 	}
 
 	// SEC-2422
@@ -345,19 +341,16 @@ public class CsrfConfigurerTests {
 	public void postWhenCsrfEnabledAndSessionIsExpiredThenRespondsWithForbidden() throws Exception {
 		this.spring.register(InvalidSessionUrlConfig.class).autowire();
 
-		MvcResult mvcResult = this.mvc.perform(post("/")
-				.param("_csrf", "abc"))
-				.andExpect(status().isFound())
-				.andExpect(redirectedUrl("/error/sessionError"))
-				.andReturn();
+		MvcResult mvcResult = this.mvc.perform(post("/").param("_csrf", "abc")).andExpect(status().isFound())
+				.andExpect(redirectedUrl("/error/sessionError")).andReturn();
 
-		this.mvc.perform(post("/")
-				.session((MockHttpSession) mvcResult.getRequest().getSession()))
+		this.mvc.perform(post("/").session((MockHttpSession) mvcResult.getRequest().getSession()))
 				.andExpect(status().isForbidden());
 	}
 
 	@EnableWebSecurity
 	static class InvalidSessionUrlConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -368,16 +361,15 @@ public class CsrfConfigurerTests {
 					.invalidSessionUrl("/error/sessionError");
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void requireCsrfProtectionMatcherWhenRequestDoesNotMatchThenRespondsWithOk() throws Exception {
 		this.spring.register(RequireCsrfProtectionMatcherConfig.class, BasicController.class).autowire();
-		when(RequireCsrfProtectionMatcherConfig.MATCHER.matches(any()))
-				.thenReturn(false);
+		when(RequireCsrfProtectionMatcherConfig.MATCHER.matches(any())).thenReturn(false);
 
-		this.mvc.perform(get("/"))
-				.andExpect(status().isOk());
+		this.mvc.perform(get("/")).andExpect(status().isOk());
 	}
 
 	@Test
@@ -386,12 +378,12 @@ public class CsrfConfigurerTests {
 		when(RequireCsrfProtectionMatcherConfig.MATCHER.matches(any())).thenReturn(true);
 		this.spring.register(RequireCsrfProtectionMatcherConfig.class, BasicController.class).autowire();
 
-		this.mvc.perform(get("/"))
-				.andExpect(status().isForbidden());
+		this.mvc.perform(get("/")).andExpect(status().isForbidden());
 	}
 
 	@EnableWebSecurity
 	static class RequireCsrfProtectionMatcherConfig extends WebSecurityConfigurerAdapter {
+
 		static RequestMatcher MATCHER;
 
 		@Override
@@ -402,17 +394,16 @@ public class CsrfConfigurerTests {
 					.requireCsrfProtectionMatcher(MATCHER);
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void requireCsrfProtectionMatcherInLambdaWhenRequestDoesNotMatchThenRespondsWithOk() throws Exception {
 		RequireCsrfProtectionMatcherInLambdaConfig.MATCHER = mock(RequestMatcher.class);
 		this.spring.register(RequireCsrfProtectionMatcherInLambdaConfig.class, BasicController.class).autowire();
-		when(RequireCsrfProtectionMatcherInLambdaConfig.MATCHER.matches(any()))
-				.thenReturn(false);
+		when(RequireCsrfProtectionMatcherInLambdaConfig.MATCHER.matches(any())).thenReturn(false);
 
-		this.mvc.perform(get("/"))
-				.andExpect(status().isOk());
+		this.mvc.perform(get("/")).andExpect(status().isOk());
 	}
 
 	@Test
@@ -421,12 +412,12 @@ public class CsrfConfigurerTests {
 		when(RequireCsrfProtectionMatcherInLambdaConfig.MATCHER.matches(any())).thenReturn(true);
 		this.spring.register(RequireCsrfProtectionMatcherInLambdaConfig.class, BasicController.class).autowire();
 
-		this.mvc.perform(get("/"))
-				.andExpect(status().isForbidden());
+		this.mvc.perform(get("/")).andExpect(status().isForbidden());
 	}
 
 	@EnableWebSecurity
 	static class RequireCsrfProtectionMatcherInLambdaConfig extends WebSecurityConfigurerAdapter {
+
 		static RequestMatcher MATCHER;
 
 		@Override
@@ -436,6 +427,7 @@ public class CsrfConfigurerTests {
 				.csrf(csrf -> csrf.requireCsrfProtectionMatcher(MATCHER));
 			// @formatter:on
 		}
+
 	}
 
 	@Test
@@ -445,8 +437,7 @@ public class CsrfConfigurerTests {
 				.thenReturn(new DefaultCsrfToken("X-CSRF-TOKEN", "_csrf", "token"));
 		this.spring.register(CsrfTokenRepositoryConfig.class, BasicController.class).autowire();
 
-		this.mvc.perform(get("/"))
-				.andExpect(status().isOk());
+		this.mvc.perform(get("/")).andExpect(status().isOk());
 		verify(CsrfTokenRepositoryConfig.REPO).loadToken(any(HttpServletRequest.class));
 	}
 
@@ -455,12 +446,10 @@ public class CsrfConfigurerTests {
 		CsrfTokenRepositoryConfig.REPO = mock(CsrfTokenRepository.class);
 		this.spring.register(CsrfTokenRepositoryConfig.class, BasicController.class).autowire();
 
-		this.mvc.perform(post("/logout")
-				.with(csrf())
-				.with(user("user")));
+		this.mvc.perform(post("/logout").with(csrf()).with(user("user")));
 
-		verify(CsrfTokenRepositoryConfig.REPO)
-				.saveToken(isNull(), any(HttpServletRequest.class), any(HttpServletResponse.class));
+		verify(CsrfTokenRepositoryConfig.REPO).saveToken(isNull(), any(HttpServletRequest.class),
+				any(HttpServletResponse.class));
 	}
 
 	@Test
@@ -471,18 +460,16 @@ public class CsrfConfigurerTests {
 		when(CsrfTokenRepositoryConfig.REPO.generateToken(any())).thenReturn(csrfToken);
 		this.spring.register(CsrfTokenRepositoryConfig.class, BasicController.class).autowire();
 
-		this.mvc.perform(post("/login")
-				.with(csrf())
-				.param("username", "user")
-				.param("password", "password"))
+		this.mvc.perform(post("/login").with(csrf()).param("username", "user").param("password", "password"))
 				.andExpect(redirectedUrl("/"));
 
-		verify(CsrfTokenRepositoryConfig.REPO)
-				.saveToken(isNull(), any(HttpServletRequest.class), any(HttpServletResponse.class));
+		verify(CsrfTokenRepositoryConfig.REPO).saveToken(isNull(), any(HttpServletRequest.class),
+				any(HttpServletResponse.class));
 	}
 
 	@EnableWebSecurity
 	static class CsrfTokenRepositoryConfig extends WebSecurityConfigurerAdapter {
+
 		static CsrfTokenRepository REPO;
 
 		@Override
@@ -504,6 +491,7 @@ public class CsrfConfigurerTests {
 					.withUser(PasswordEncodedUser.user());
 			// @formatter:on
 		}
+
 	}
 
 	@Test
@@ -513,13 +501,13 @@ public class CsrfConfigurerTests {
 				.thenReturn(new DefaultCsrfToken("X-CSRF-TOKEN", "_csrf", "token"));
 		this.spring.register(CsrfTokenRepositoryInLambdaConfig.class, BasicController.class).autowire();
 
-		this.mvc.perform(get("/"))
-				.andExpect(status().isOk());
+		this.mvc.perform(get("/")).andExpect(status().isOk());
 		verify(CsrfTokenRepositoryInLambdaConfig.REPO).loadToken(any(HttpServletRequest.class));
 	}
 
 	@EnableWebSecurity
 	static class CsrfTokenRepositoryInLambdaConfig extends WebSecurityConfigurerAdapter {
+
 		static CsrfTokenRepository REPO;
 
 		@Override
@@ -530,6 +518,7 @@ public class CsrfConfigurerTests {
 				.csrf(csrf -> csrf.csrfTokenRepository(REPO));
 			// @formatter:on
 		}
+
 	}
 
 	@Test
@@ -537,15 +526,15 @@ public class CsrfConfigurerTests {
 		AccessDeniedHandlerConfig.DENIED_HANDLER = mock(AccessDeniedHandler.class);
 		this.spring.register(AccessDeniedHandlerConfig.class, BasicController.class).autowire();
 
-		this.mvc.perform(post("/"))
-				.andExpect(status().isOk());
+		this.mvc.perform(post("/")).andExpect(status().isOk());
 
-		verify(AccessDeniedHandlerConfig.DENIED_HANDLER)
-				.handle(any(HttpServletRequest.class), any(HttpServletResponse.class), any());
+		verify(AccessDeniedHandlerConfig.DENIED_HANDLER).handle(any(HttpServletRequest.class),
+				any(HttpServletResponse.class), any());
 	}
 
 	@EnableWebSecurity
 	static class AccessDeniedHandlerConfig extends WebSecurityConfigurerAdapter {
+
 		static AccessDeniedHandler DENIED_HANDLER;
 
 		@Override
@@ -556,26 +545,22 @@ public class CsrfConfigurerTests {
 					.accessDeniedHandler(DENIED_HANDLER);
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void loginWhenNoCsrfTokenThenRespondsWithForbidden() throws Exception {
 		this.spring.register(FormLoginConfig.class).autowire();
 
-		this.mvc.perform(post("/login")
-				.param("username", "user")
-				.param("password", "password"))
-				.andExpect(status().isForbidden())
-				.andExpect(unauthenticated());
+		this.mvc.perform(post("/login").param("username", "user").param("password", "password"))
+				.andExpect(status().isForbidden()).andExpect(unauthenticated());
 	}
 
 	@Test
 	public void logoutWhenNoCsrfTokenThenRespondsWithForbidden() throws Exception {
 		this.spring.register(FormLoginConfig.class).autowire();
 
-		this.mvc.perform(post("/logout")
-				.with(user("username")))
-				.andExpect(status().isForbidden())
+		this.mvc.perform(post("/logout").with(user("username"))).andExpect(status().isForbidden())
 				.andExpect(authenticated());
 	}
 
@@ -584,9 +569,7 @@ public class CsrfConfigurerTests {
 	public void logoutWhenCsrfEnabledAndGetRequestThenDoesNotLogout() throws Exception {
 		this.spring.register(FormLoginConfig.class).autowire();
 
-		this.mvc.perform(get("/logout")
-				.with(user("username")))
-				.andExpect(authenticated());
+		this.mvc.perform(get("/logout").with(user("username"))).andExpect(authenticated());
 	}
 
 	@EnableWebSecurity
@@ -599,15 +582,14 @@ public class CsrfConfigurerTests {
 				.formLogin();
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void logoutWhenGetRequestAndGetEnabledForLogoutThenLogsOut() throws Exception {
 		this.spring.register(LogoutAllowsGetConfig.class).autowire();
 
-		this.mvc.perform(get("/logout")
-				.with(user("username")))
-				.andExpect(unauthenticated());
+		this.mvc.perform(get("/logout").with(user("username"))).andExpect(unauthenticated());
 	}
 
 	@EnableWebSecurity
@@ -623,18 +605,19 @@ public class CsrfConfigurerTests {
 					.logoutRequestMatcher(new AntPathRequestMatcher("/logout"));
 			// @formatter:on
 		}
+
 	}
 
 	// SEC-2749
 	@Test
 	public void configureWhenRequireCsrfProtectionMatcherNullThenException() {
 		assertThatThrownBy(() -> this.spring.register(NullRequireCsrfProtectionMatcherConfig.class).autowire())
-				.isInstanceOf(BeanCreationException.class)
-				.hasRootCauseInstanceOf(IllegalArgumentException.class);
+				.isInstanceOf(BeanCreationException.class).hasRootCauseInstanceOf(IllegalArgumentException.class);
 	}
 
 	@EnableWebSecurity
 	static class NullRequireCsrfProtectionMatcherConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -643,14 +626,14 @@ public class CsrfConfigurerTests {
 					.requireCsrfProtectionMatcher(null);
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void getWhenDefaultCsrfTokenRepositoryThenDoesNotCreateSession() throws Exception {
 		this.spring.register(DefaultDoesNotCreateSession.class).autowire();
 
-		MvcResult mvcResult = this.mvc.perform(get("/"))
-				.andReturn();
+		MvcResult mvcResult = this.mvc.perform(get("/")).andReturn();
 
 		assertThat(mvcResult.getRequest().getSession(false)).isNull();
 	}
@@ -679,10 +662,12 @@ public class CsrfConfigurerTests {
 					.withUser(PasswordEncodedUser.user());
 			// @formatter:on
 		}
+
 	}
 
 	@EnableWebSecurity
 	static class NullAuthenticationStrategy extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -691,17 +676,18 @@ public class CsrfConfigurerTests {
 					.sessionAuthenticationStrategy(null);
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void getWhenNullAuthenticationStrategyThenException() {
 		assertThatThrownBy(() -> this.spring.register(NullAuthenticationStrategy.class).autowire())
-				.isInstanceOf(BeanCreationException.class)
-				.hasRootCauseInstanceOf(IllegalArgumentException.class);
+				.isInstanceOf(BeanCreationException.class).hasRootCauseInstanceOf(IllegalArgumentException.class);
 	}
 
 	@EnableWebSecurity
 	static class CsrfAuthenticationStrategyConfig extends WebSecurityConfigurerAdapter {
+
 		static SessionAuthenticationStrategy STRATEGY;
 
 		@Override
@@ -723,6 +709,7 @@ public class CsrfConfigurerTests {
 					.withUser(PasswordEncodedUser.user());
 			// @formatter:on
 		}
+
 	}
 
 	@Test
@@ -731,18 +718,16 @@ public class CsrfConfigurerTests {
 
 		this.spring.register(CsrfAuthenticationStrategyConfig.class).autowire();
 
-		this.mvc.perform(post("/login")
-				.with(csrf())
-				.param("username", "user")
-				.param("password", "password"))
+		this.mvc.perform(post("/login").with(csrf()).param("username", "user").param("password", "password"))
 				.andExpect(redirectedUrl("/"));
 
-		verify(CsrfAuthenticationStrategyConfig.STRATEGY, atLeastOnce())
-				.onAuthentication(any(Authentication.class), any(HttpServletRequest.class), any(HttpServletResponse.class));
+		verify(CsrfAuthenticationStrategyConfig.STRATEGY, atLeastOnce()).onAuthentication(any(Authentication.class),
+				any(HttpServletRequest.class), any(HttpServletResponse.class));
 	}
 
 	@RestController
 	static class BasicController {
+
 		@GetMapping("/")
 		public void rootGet() {
 		}
@@ -750,5 +735,7 @@ public class CsrfConfigurerTests {
 		@PostMapping("/")
 		public void rootPost() {
 		}
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/DefaultFiltersTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/DefaultFiltersTests.java
index 3802618cf3..8a2ca92a2a 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/DefaultFiltersTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/DefaultFiltersTests.java
@@ -78,6 +78,7 @@ public class DefaultFiltersTests {
 
 	@EnableWebSecurity
 	static class FilterChainProxyBuilderMissingConfig {
+
 		@Autowired
 		public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
 			// @formatter:off
@@ -86,31 +87,36 @@ public class DefaultFiltersTests {
 					.withUser("user").password("password").roles("USER");
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void nullWebInvocationPrivilegeEvaluator() {
 		this.spring.register(NullWebInvocationPrivilegeEvaluatorConfig.class, UserDetailsServiceConfig.class);
-		List<SecurityFilterChain> filterChains = this.spring.getContext().getBean(FilterChainProxy.class).getFilterChains();
+		List<SecurityFilterChain> filterChains = this.spring.getContext().getBean(FilterChainProxy.class)
+				.getFilterChains();
 		assertThat(filterChains.size()).isEqualTo(1);
 		DefaultSecurityFilterChain filterChain = (DefaultSecurityFilterChain) filterChains.get(0);
 		assertThat(filterChain.getRequestMatcher()).isInstanceOf(AnyRequestMatcher.class);
 		assertThat(filterChain.getFilters().size()).isEqualTo(1);
-		long filter = filterChain.getFilters().stream()
-				.filter(it -> it instanceof UsernamePasswordAuthenticationFilter).count();
+		long filter = filterChain.getFilters().stream().filter(it -> it instanceof UsernamePasswordAuthenticationFilter)
+				.count();
 		assertThat(filter).isEqualTo(1);
 	}
 
 	@Configuration
 	static class UserDetailsServiceConfig {
+
 		@Bean
 		public UserDetailsService userDetailsService() {
 			return new InMemoryUserDetailsManager(PasswordEncodedUser.user(), PasswordEncodedUser.admin());
 		}
+
 	}
 
 	@EnableWebSecurity
 	static class NullWebInvocationPrivilegeEvaluatorConfig extends WebSecurityConfigurerAdapter {
+
 		NullWebInvocationPrivilegeEvaluatorConfig() {
 			super(true);
 		}
@@ -118,12 +124,14 @@ public class DefaultFiltersTests {
 		protected void configure(HttpSecurity http) throws Exception {
 			http.formLogin();
 		}
+
 	}
 
 	@Test
 	public void filterChainProxyBuilderIgnoringResources() {
 		this.spring.register(FilterChainProxyBuilderIgnoringConfig.class, UserDetailsServiceConfig.class);
-		List<SecurityFilterChain> filterChains = this.spring.getContext().getBean(FilterChainProxy.class).getFilterChains();
+		List<SecurityFilterChain> filterChains = this.spring.getContext().getBean(FilterChainProxy.class)
+				.getFilterChains();
 		assertThat(filterChains.size()).isEqualTo(2);
 		DefaultSecurityFilterChain firstFilter = (DefaultSecurityFilterChain) filterChains.get(0);
 		DefaultSecurityFilterChain secondFilter = (DefaultSecurityFilterChain) filterChains.get(1);
@@ -148,6 +156,7 @@ public class DefaultFiltersTests {
 
 	@EnableWebSecurity
 	static class FilterChainProxyBuilderIgnoringConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		public void configure(WebSecurity web) {
 			// @formatter:off
@@ -165,6 +174,7 @@ public class DefaultFiltersTests {
 					.anyRequest().hasRole("USER");
 			// @formatter:on
 		}
+
 	}
 
 	@Test
@@ -185,7 +195,10 @@ public class DefaultFiltersTests {
 
 	@EnableWebSecurity
 	static class DefaultFiltersConfigPermitAll extends WebSecurityConfigurerAdapter {
+
 		protected void configure(HttpSecurity http) {
 		}
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/DefaultLoginPageConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/DefaultLoginPageConfigurerTests.java
index 0bd6e0417f..16df77bbd5 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/DefaultLoginPageConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/DefaultLoginPageConfigurerTests.java
@@ -68,8 +68,7 @@ public class DefaultLoginPageConfigurerTests {
 	public void getWhenFormLoginEnabledThenRedirectsToLoginPage() throws Exception {
 		this.spring.register(DefaultLoginPageConfig.class).autowire();
 
-		this.mvc.perform(get("/"))
-				.andExpect(redirectedUrl("http://localhost/login"));
+		this.mvc.perform(get("/")).andExpect(redirectedUrl("http://localhost/login"));
 	}
 
 	@Test
@@ -78,47 +77,33 @@ public class DefaultLoginPageConfigurerTests {
 		CsrfToken csrfToken = new DefaultCsrfToken("X-CSRF-TOKEN", "_csrf", "BaseSpringSpec_CSRFTOKEN");
 		String csrfAttributeName = HttpSessionCsrfTokenRepository.class.getName().concat(".CSRF_TOKEN");
 
-		this.mvc.perform(get("/login")
-				.sessionAttr(csrfAttributeName, csrfToken))
-				.andExpect(content().string(
-						"<!DOCTYPE html>\n" +
-								"<html lang=\"en\">\n" +
-								"  <head>\n" +
-								"    <meta charset=\"utf-8\">\n" +
-								"    <meta name=\"viewport\" content=\"width=device-width, initial-scale=1, shrink-to-fit=no\">\n" +
-								"    <meta name=\"description\" content=\"\">\n" +
-								"    <meta name=\"author\" content=\"\">\n" +
-								"    <title>Please sign in</title>\n" +
-								"    <link href=\"https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-/Y6pD6FV/Vv2HJnA6t+vslU6fwYXjCFtcEpHbNJ0lyAFsXTsjBbfaDjzALeQsN6M\" crossorigin=\"anonymous\">\n" +
-								"    <link href=\"https://getbootstrap.com/docs/4.0/examples/signin/signin.css\" rel=\"stylesheet\" crossorigin=\"anonymous\"/>\n" +
-								"  </head>\n" +
-								"  <body>\n" +
-								"     <div class=\"container\">\n" +
-								"      <form class=\"form-signin\" method=\"post\" action=\"/login\">\n" +
-								"        <h2 class=\"form-signin-heading\">Please sign in</h2>\n" +
-								"        <p>\n" +
-								"          <label for=\"username\" class=\"sr-only\">Username</label>\n" +
-								"          <input type=\"text\" id=\"username\" name=\"username\" class=\"form-control\" placeholder=\"Username\" required autofocus>\n" +
-								"        </p>\n" +
-								"        <p>\n" +
-								"          <label for=\"password\" class=\"sr-only\">Password</label>\n" +
-								"          <input type=\"password\" id=\"password\" name=\"password\" class=\"form-control\" placeholder=\"Password\" required>\n" +
-								"        </p>\n" +
-								"<input name=\"" + csrfToken.getParameterName() + "\" type=\"hidden\" value=\"" + csrfToken.getToken() + "\" />\n" +
-								"        <button class=\"btn btn-lg btn-primary btn-block\" type=\"submit\">Sign in</button>\n" +
-								"      </form>\n" +
-								"</div>\n" +
-								"</body></html>"
-				));
+		this.mvc.perform(get("/login").sessionAttr(csrfAttributeName, csrfToken))
+				.andExpect(content().string("<!DOCTYPE html>\n" + "<html lang=\"en\">\n" + "  <head>\n"
+						+ "    <meta charset=\"utf-8\">\n"
+						+ "    <meta name=\"viewport\" content=\"width=device-width, initial-scale=1, shrink-to-fit=no\">\n"
+						+ "    <meta name=\"description\" content=\"\">\n" + "    <meta name=\"author\" content=\"\">\n"
+						+ "    <title>Please sign in</title>\n"
+						+ "    <link href=\"https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-/Y6pD6FV/Vv2HJnA6t+vslU6fwYXjCFtcEpHbNJ0lyAFsXTsjBbfaDjzALeQsN6M\" crossorigin=\"anonymous\">\n"
+						+ "    <link href=\"https://getbootstrap.com/docs/4.0/examples/signin/signin.css\" rel=\"stylesheet\" crossorigin=\"anonymous\"/>\n"
+						+ "  </head>\n" + "  <body>\n" + "     <div class=\"container\">\n"
+						+ "      <form class=\"form-signin\" method=\"post\" action=\"/login\">\n"
+						+ "        <h2 class=\"form-signin-heading\">Please sign in</h2>\n" + "        <p>\n"
+						+ "          <label for=\"username\" class=\"sr-only\">Username</label>\n"
+						+ "          <input type=\"text\" id=\"username\" name=\"username\" class=\"form-control\" placeholder=\"Username\" required autofocus>\n"
+						+ "        </p>\n" + "        <p>\n"
+						+ "          <label for=\"password\" class=\"sr-only\">Password</label>\n"
+						+ "          <input type=\"password\" id=\"password\" name=\"password\" class=\"form-control\" placeholder=\"Password\" required>\n"
+						+ "        </p>\n" + "<input name=\"" + csrfToken.getParameterName()
+						+ "\" type=\"hidden\" value=\"" + csrfToken.getToken() + "\" />\n"
+						+ "        <button class=\"btn btn-lg btn-primary btn-block\" type=\"submit\">Sign in</button>\n"
+						+ "      </form>\n" + "</div>\n" + "</body></html>"));
 	}
 
 	@Test
 	public void loginWhenNoCredentialsThenRedirectedToLoginPageWithError() throws Exception {
 		this.spring.register(DefaultLoginPageConfig.class).autowire();
 
-		this.mvc.perform(post("/login")
-				.with(csrf()))
-				.andExpect(redirectedUrl("/login?error"));
+		this.mvc.perform(post("/login").with(csrf())).andExpect(redirectedUrl("/login?error"));
 	}
 
 	@Test
@@ -127,53 +112,37 @@ public class DefaultLoginPageConfigurerTests {
 		CsrfToken csrfToken = new DefaultCsrfToken("X-CSRF-TOKEN", "_csrf", "BaseSpringSpec_CSRFTOKEN");
 		String csrfAttributeName = HttpSessionCsrfTokenRepository.class.getName().concat(".CSRF_TOKEN");
 
-		MvcResult mvcResult = this.mvc.perform(post("/login")
-				.with(csrf()))
-				.andReturn();
+		MvcResult mvcResult = this.mvc.perform(post("/login").with(csrf())).andReturn();
 
-		this.mvc.perform(get("/login?error")
-				.session((MockHttpSession) mvcResult.getRequest().getSession())
+		this.mvc.perform(get("/login?error").session((MockHttpSession) mvcResult.getRequest().getSession())
 				.sessionAttr(csrfAttributeName, csrfToken))
-				.andExpect(content().string(
-						"<!DOCTYPE html>\n" +
-								"<html lang=\"en\">\n" +
-								"  <head>\n" +
-								"    <meta charset=\"utf-8\">\n" +
-								"    <meta name=\"viewport\" content=\"width=device-width, initial-scale=1, shrink-to-fit=no\">\n" +
-								"    <meta name=\"description\" content=\"\">\n" +
-								"    <meta name=\"author\" content=\"\">\n" +
-								"    <title>Please sign in</title>\n" +
-								"    <link href=\"https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-/Y6pD6FV/Vv2HJnA6t+vslU6fwYXjCFtcEpHbNJ0lyAFsXTsjBbfaDjzALeQsN6M\" crossorigin=\"anonymous\">\n" +
-								"    <link href=\"https://getbootstrap.com/docs/4.0/examples/signin/signin.css\" rel=\"stylesheet\" crossorigin=\"anonymous\"/>\n" +
-								"  </head>\n" +
-								"  <body>\n" +
-								"     <div class=\"container\">\n" +
-								"      <form class=\"form-signin\" method=\"post\" action=\"/login\">\n" +
-								"        <h2 class=\"form-signin-heading\">Please sign in</h2>\n" +
-								"<div class=\"alert alert-danger\" role=\"alert\">Bad credentials</div>        <p>\n" +
-								"          <label for=\"username\" class=\"sr-only\">Username</label>\n" +
-								"          <input type=\"text\" id=\"username\" name=\"username\" class=\"form-control\" placeholder=\"Username\" required autofocus>\n" +
-								"        </p>\n" +
-								"        <p>\n" +
-								"          <label for=\"password\" class=\"sr-only\">Password</label>\n" +
-								"          <input type=\"password\" id=\"password\" name=\"password\" class=\"form-control\" placeholder=\"Password\" required>\n" +
-								"        </p>\n" +
-								"<input name=\"" + csrfToken.getParameterName() + "\" type=\"hidden\" value=\"" + csrfToken.getToken() + "\" />\n" +
-								"        <button class=\"btn btn-lg btn-primary btn-block\" type=\"submit\">Sign in</button>\n" +
-								"      </form>\n" +
-								"</div>\n" +
-								"</body></html>"
-				));
+				.andExpect(content().string("<!DOCTYPE html>\n" + "<html lang=\"en\">\n" + "  <head>\n"
+						+ "    <meta charset=\"utf-8\">\n"
+						+ "    <meta name=\"viewport\" content=\"width=device-width, initial-scale=1, shrink-to-fit=no\">\n"
+						+ "    <meta name=\"description\" content=\"\">\n" + "    <meta name=\"author\" content=\"\">\n"
+						+ "    <title>Please sign in</title>\n"
+						+ "    <link href=\"https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-/Y6pD6FV/Vv2HJnA6t+vslU6fwYXjCFtcEpHbNJ0lyAFsXTsjBbfaDjzALeQsN6M\" crossorigin=\"anonymous\">\n"
+						+ "    <link href=\"https://getbootstrap.com/docs/4.0/examples/signin/signin.css\" rel=\"stylesheet\" crossorigin=\"anonymous\"/>\n"
+						+ "  </head>\n" + "  <body>\n" + "     <div class=\"container\">\n"
+						+ "      <form class=\"form-signin\" method=\"post\" action=\"/login\">\n"
+						+ "        <h2 class=\"form-signin-heading\">Please sign in</h2>\n"
+						+ "<div class=\"alert alert-danger\" role=\"alert\">Bad credentials</div>        <p>\n"
+						+ "          <label for=\"username\" class=\"sr-only\">Username</label>\n"
+						+ "          <input type=\"text\" id=\"username\" name=\"username\" class=\"form-control\" placeholder=\"Username\" required autofocus>\n"
+						+ "        </p>\n" + "        <p>\n"
+						+ "          <label for=\"password\" class=\"sr-only\">Password</label>\n"
+						+ "          <input type=\"password\" id=\"password\" name=\"password\" class=\"form-control\" placeholder=\"Password\" required>\n"
+						+ "        </p>\n" + "<input name=\"" + csrfToken.getParameterName()
+						+ "\" type=\"hidden\" value=\"" + csrfToken.getToken() + "\" />\n"
+						+ "        <button class=\"btn btn-lg btn-primary btn-block\" type=\"submit\">Sign in</button>\n"
+						+ "      </form>\n" + "</div>\n" + "</body></html>"));
 	}
 
 	@Test
 	public void loginWhenValidCredentialsThenRedirectsToDefaultSuccessPage() throws Exception {
 		this.spring.register(DefaultLoginPageConfig.class).autowire();
 
-		this.mvc.perform(post("/login")
-				.with(csrf())
-				.param("username", "user")
-				.param("password", "password"))
+		this.mvc.perform(post("/login").with(csrf()).param("username", "user").param("password", "password"))
 				.andExpect(redirectedUrl("/"));
 	}
 
@@ -183,42 +152,32 @@ public class DefaultLoginPageConfigurerTests {
 		CsrfToken csrfToken = new DefaultCsrfToken("X-CSRF-TOKEN", "_csrf", "BaseSpringSpec_CSRFTOKEN");
 		String csrfAttributeName = HttpSessionCsrfTokenRepository.class.getName().concat(".CSRF_TOKEN");
 
-		this.mvc.perform(get("/login?logout")
-				.sessionAttr(csrfAttributeName, csrfToken))
-				.andExpect(content().string(
-						"<!DOCTYPE html>\n" +
-								"<html lang=\"en\">\n" +
-								"  <head>\n" +
-								"    <meta charset=\"utf-8\">\n" +
-								"    <meta name=\"viewport\" content=\"width=device-width, initial-scale=1, shrink-to-fit=no\">\n" +
-								"    <meta name=\"description\" content=\"\">\n" +
-								"    <meta name=\"author\" content=\"\">\n" +
-								"    <title>Please sign in</title>\n" +
-								"    <link href=\"https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-/Y6pD6FV/Vv2HJnA6t+vslU6fwYXjCFtcEpHbNJ0lyAFsXTsjBbfaDjzALeQsN6M\" crossorigin=\"anonymous\">\n" +
-								"    <link href=\"https://getbootstrap.com/docs/4.0/examples/signin/signin.css\" rel=\"stylesheet\" crossorigin=\"anonymous\"/>\n" +
-								"  </head>\n" +
-								"  <body>\n" +
-								"     <div class=\"container\">\n" +
-								"      <form class=\"form-signin\" method=\"post\" action=\"/login\">\n" +
-								"        <h2 class=\"form-signin-heading\">Please sign in</h2>\n" +
-								"<div class=\"alert alert-success\" role=\"alert\">You have been signed out</div>        <p>\n" +
-								"          <label for=\"username\" class=\"sr-only\">Username</label>\n" +
-								"          <input type=\"text\" id=\"username\" name=\"username\" class=\"form-control\" placeholder=\"Username\" required autofocus>\n" +
-								"        </p>\n" +
-								"        <p>\n" +
-								"          <label for=\"password\" class=\"sr-only\">Password</label>\n" +
-								"          <input type=\"password\" id=\"password\" name=\"password\" class=\"form-control\" placeholder=\"Password\" required>\n" +
-								"        </p>\n" +
-								"<input name=\"" + csrfToken.getParameterName() + "\" type=\"hidden\" value=\"" + csrfToken.getToken() + "\" />\n" +
-								"        <button class=\"btn btn-lg btn-primary btn-block\" type=\"submit\">Sign in</button>\n" +
-								"      </form>\n" +
-								"</div>\n" +
-								"</body></html>"
-				));
+		this.mvc.perform(get("/login?logout").sessionAttr(csrfAttributeName, csrfToken))
+				.andExpect(content().string("<!DOCTYPE html>\n" + "<html lang=\"en\">\n" + "  <head>\n"
+						+ "    <meta charset=\"utf-8\">\n"
+						+ "    <meta name=\"viewport\" content=\"width=device-width, initial-scale=1, shrink-to-fit=no\">\n"
+						+ "    <meta name=\"description\" content=\"\">\n" + "    <meta name=\"author\" content=\"\">\n"
+						+ "    <title>Please sign in</title>\n"
+						+ "    <link href=\"https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-/Y6pD6FV/Vv2HJnA6t+vslU6fwYXjCFtcEpHbNJ0lyAFsXTsjBbfaDjzALeQsN6M\" crossorigin=\"anonymous\">\n"
+						+ "    <link href=\"https://getbootstrap.com/docs/4.0/examples/signin/signin.css\" rel=\"stylesheet\" crossorigin=\"anonymous\"/>\n"
+						+ "  </head>\n" + "  <body>\n" + "     <div class=\"container\">\n"
+						+ "      <form class=\"form-signin\" method=\"post\" action=\"/login\">\n"
+						+ "        <h2 class=\"form-signin-heading\">Please sign in</h2>\n"
+						+ "<div class=\"alert alert-success\" role=\"alert\">You have been signed out</div>        <p>\n"
+						+ "          <label for=\"username\" class=\"sr-only\">Username</label>\n"
+						+ "          <input type=\"text\" id=\"username\" name=\"username\" class=\"form-control\" placeholder=\"Username\" required autofocus>\n"
+						+ "        </p>\n" + "        <p>\n"
+						+ "          <label for=\"password\" class=\"sr-only\">Password</label>\n"
+						+ "          <input type=\"password\" id=\"password\" name=\"password\" class=\"form-control\" placeholder=\"Password\" required>\n"
+						+ "        </p>\n" + "<input name=\"" + csrfToken.getParameterName()
+						+ "\" type=\"hidden\" value=\"" + csrfToken.getToken() + "\" />\n"
+						+ "        <button class=\"btn btn-lg btn-primary btn-block\" type=\"submit\">Sign in</button>\n"
+						+ "      </form>\n" + "</div>\n" + "</body></html>"));
 	}
 
 	@EnableWebSecurity
 	static class DefaultLoginPageConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -238,19 +197,19 @@ public class DefaultLoginPageConfigurerTests {
 					.withUser(PasswordEncodedUser.user());
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void loginPageWhenLoggedOutAndCustomLogoutSuccessHandlerThenDoesNotRenderLoginPage() throws Exception {
 		this.spring.register(DefaultLoginPageCustomLogoutSuccessHandlerConfig.class).autowire();
 
-		this.mvc.perform(get("/login?logout"))
-				.andExpect(content().string(""));
+		this.mvc.perform(get("/login?logout")).andExpect(content().string(""));
 	}
 
-
 	@EnableWebSecurity
 	static class DefaultLoginPageCustomLogoutSuccessHandlerConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -264,18 +223,19 @@ public class DefaultLoginPageConfigurerTests {
 				.formLogin();
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void loginPageWhenLoggedOutAndCustomLogoutSuccessUrlThenDoesNotRenderLoginPage() throws Exception {
 		this.spring.register(DefaultLoginPageCustomLogoutSuccessUrlConfig.class).autowire();
 
-		this.mvc.perform(get("/login?logout"))
-				.andExpect(content().string(""));
+		this.mvc.perform(get("/login?logout")).andExpect(content().string(""));
 	}
 
 	@EnableWebSecurity
 	static class DefaultLoginPageCustomLogoutSuccessUrlConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -289,6 +249,7 @@ public class DefaultLoginPageConfigurerTests {
 				.formLogin();
 			// @formatter:on
 		}
+
 	}
 
 	@Test
@@ -297,43 +258,33 @@ public class DefaultLoginPageConfigurerTests {
 		CsrfToken csrfToken = new DefaultCsrfToken("X-CSRF-TOKEN", "_csrf", "BaseSpringSpec_CSRFTOKEN");
 		String csrfAttributeName = HttpSessionCsrfTokenRepository.class.getName().concat(".CSRF_TOKEN");
 
-		this.mvc.perform(get("/login")
-				.sessionAttr(csrfAttributeName, csrfToken))
-				.andExpect(content().string(
-						"<!DOCTYPE html>\n" +
-								"<html lang=\"en\">\n" +
-								"  <head>\n" +
-								"    <meta charset=\"utf-8\">\n" +
-								"    <meta name=\"viewport\" content=\"width=device-width, initial-scale=1, shrink-to-fit=no\">\n" +
-								"    <meta name=\"description\" content=\"\">\n" +
-								"    <meta name=\"author\" content=\"\">\n" +
-								"    <title>Please sign in</title>\n" +
-								"    <link href=\"https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-/Y6pD6FV/Vv2HJnA6t+vslU6fwYXjCFtcEpHbNJ0lyAFsXTsjBbfaDjzALeQsN6M\" crossorigin=\"anonymous\">\n" +
-								"    <link href=\"https://getbootstrap.com/docs/4.0/examples/signin/signin.css\" rel=\"stylesheet\" crossorigin=\"anonymous\"/>\n" +
-								"  </head>\n" +
-								"  <body>\n" +
-								"     <div class=\"container\">\n" +
-								"      <form class=\"form-signin\" method=\"post\" action=\"/login\">\n" +
-								"        <h2 class=\"form-signin-heading\">Please sign in</h2>\n" +
-								"        <p>\n" +
-								"          <label for=\"username\" class=\"sr-only\">Username</label>\n" +
-								"          <input type=\"text\" id=\"username\" name=\"username\" class=\"form-control\" placeholder=\"Username\" required autofocus>\n" +
-								"        </p>\n" +
-								"        <p>\n" +
-								"          <label for=\"password\" class=\"sr-only\">Password</label>\n" +
-								"          <input type=\"password\" id=\"password\" name=\"password\" class=\"form-control\" placeholder=\"Password\" required>\n" +
-								"        </p>\n" +
-								"<p><input type='checkbox' name='remember-me'/> Remember me on this computer.</p>\n" +
-								"<input name=\"" + csrfToken.getParameterName() + "\" type=\"hidden\" value=\"" + csrfToken.getToken() + "\" />\n" +
-								"        <button class=\"btn btn-lg btn-primary btn-block\" type=\"submit\">Sign in</button>\n" +
-								"      </form>\n" +
-								"</div>\n" +
-								"</body></html>"
-				));
+		this.mvc.perform(get("/login").sessionAttr(csrfAttributeName, csrfToken))
+				.andExpect(content().string("<!DOCTYPE html>\n" + "<html lang=\"en\">\n" + "  <head>\n"
+						+ "    <meta charset=\"utf-8\">\n"
+						+ "    <meta name=\"viewport\" content=\"width=device-width, initial-scale=1, shrink-to-fit=no\">\n"
+						+ "    <meta name=\"description\" content=\"\">\n" + "    <meta name=\"author\" content=\"\">\n"
+						+ "    <title>Please sign in</title>\n"
+						+ "    <link href=\"https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-/Y6pD6FV/Vv2HJnA6t+vslU6fwYXjCFtcEpHbNJ0lyAFsXTsjBbfaDjzALeQsN6M\" crossorigin=\"anonymous\">\n"
+						+ "    <link href=\"https://getbootstrap.com/docs/4.0/examples/signin/signin.css\" rel=\"stylesheet\" crossorigin=\"anonymous\"/>\n"
+						+ "  </head>\n" + "  <body>\n" + "     <div class=\"container\">\n"
+						+ "      <form class=\"form-signin\" method=\"post\" action=\"/login\">\n"
+						+ "        <h2 class=\"form-signin-heading\">Please sign in</h2>\n" + "        <p>\n"
+						+ "          <label for=\"username\" class=\"sr-only\">Username</label>\n"
+						+ "          <input type=\"text\" id=\"username\" name=\"username\" class=\"form-control\" placeholder=\"Username\" required autofocus>\n"
+						+ "        </p>\n" + "        <p>\n"
+						+ "          <label for=\"password\" class=\"sr-only\">Password</label>\n"
+						+ "          <input type=\"password\" id=\"password\" name=\"password\" class=\"form-control\" placeholder=\"Password\" required>\n"
+						+ "        </p>\n"
+						+ "<p><input type='checkbox' name='remember-me'/> Remember me on this computer.</p>\n"
+						+ "<input name=\"" + csrfToken.getParameterName() + "\" type=\"hidden\" value=\""
+						+ csrfToken.getToken() + "\" />\n"
+						+ "        <button class=\"btn btn-lg btn-primary btn-block\" type=\"submit\">Sign in</button>\n"
+						+ "      </form>\n" + "</div>\n" + "</body></html>"));
 	}
 
 	@EnableWebSecurity
 	static class DefaultLoginPageWithRememberMeConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -346,6 +297,7 @@ public class DefaultLoginPageConfigurerTests {
 				.rememberMe();
 			// @formatter:on
 		}
+
 	}
 
 	@Test
@@ -355,38 +307,28 @@ public class DefaultLoginPageConfigurerTests {
 		CsrfToken csrfToken = new DefaultCsrfToken("X-CSRF-TOKEN", "_csrf", "BaseSpringSpec_CSRFTOKEN");
 		String csrfAttributeName = HttpSessionCsrfTokenRepository.class.getName().concat(".CSRF_TOKEN");
 
-		this.mvc.perform(get("/login")
-				.sessionAttr(csrfAttributeName, csrfToken))
-				.andExpect(content().string(
-						"<!DOCTYPE html>\n" +
-								"<html lang=\"en\">\n" +
-								"  <head>\n" +
-								"    <meta charset=\"utf-8\">\n" +
-								"    <meta name=\"viewport\" content=\"width=device-width, initial-scale=1, shrink-to-fit=no\">\n" +
-								"    <meta name=\"description\" content=\"\">\n" +
-								"    <meta name=\"author\" content=\"\">\n" +
-								"    <title>Please sign in</title>\n" +
-								"    <link href=\"https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-/Y6pD6FV/Vv2HJnA6t+vslU6fwYXjCFtcEpHbNJ0lyAFsXTsjBbfaDjzALeQsN6M\" crossorigin=\"anonymous\">\n" +
-								"    <link href=\"https://getbootstrap.com/docs/4.0/examples/signin/signin.css\" rel=\"stylesheet\" crossorigin=\"anonymous\"/>\n" +
-								"  </head>\n" +
-								"  <body>\n" +
-								"     <div class=\"container\">\n" +
-								"      <form name=\"oidf\" class=\"form-signin\" method=\"post\" action=\"/login/openid\">\n" +
-								"        <h2 class=\"form-signin-heading\">Login with OpenID Identity</h2>\n" +
-								"        <p>\n" +
-								"          <label for=\"username\" class=\"sr-only\">Identity</label>\n" +
-								"          <input type=\"text\" id=\"username\" name=\"openid_identifier\" class=\"form-control\" placeholder=\"Username\" required autofocus>\n" +
-								"        </p>\n" +
-								"<input name=\"" + csrfToken.getParameterName() + "\" type=\"hidden\" value=\"" + csrfToken.getToken() + "\" />\n" +
-								"        <button class=\"btn btn-lg btn-primary btn-block\" type=\"submit\">Sign in</button>\n" +
-								"      </form>\n" +
-								"</div>\n" +
-								"</body></html>"
-				));
+		this.mvc.perform(get("/login").sessionAttr(csrfAttributeName, csrfToken))
+				.andExpect(content().string("<!DOCTYPE html>\n" + "<html lang=\"en\">\n" + "  <head>\n"
+						+ "    <meta charset=\"utf-8\">\n"
+						+ "    <meta name=\"viewport\" content=\"width=device-width, initial-scale=1, shrink-to-fit=no\">\n"
+						+ "    <meta name=\"description\" content=\"\">\n" + "    <meta name=\"author\" content=\"\">\n"
+						+ "    <title>Please sign in</title>\n"
+						+ "    <link href=\"https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-/Y6pD6FV/Vv2HJnA6t+vslU6fwYXjCFtcEpHbNJ0lyAFsXTsjBbfaDjzALeQsN6M\" crossorigin=\"anonymous\">\n"
+						+ "    <link href=\"https://getbootstrap.com/docs/4.0/examples/signin/signin.css\" rel=\"stylesheet\" crossorigin=\"anonymous\"/>\n"
+						+ "  </head>\n" + "  <body>\n" + "     <div class=\"container\">\n"
+						+ "      <form name=\"oidf\" class=\"form-signin\" method=\"post\" action=\"/login/openid\">\n"
+						+ "        <h2 class=\"form-signin-heading\">Login with OpenID Identity</h2>\n"
+						+ "        <p>\n" + "          <label for=\"username\" class=\"sr-only\">Identity</label>\n"
+						+ "          <input type=\"text\" id=\"username\" name=\"openid_identifier\" class=\"form-control\" placeholder=\"Username\" required autofocus>\n"
+						+ "        </p>\n" + "<input name=\"" + csrfToken.getParameterName()
+						+ "\" type=\"hidden\" value=\"" + csrfToken.getToken() + "\" />\n"
+						+ "        <button class=\"btn btn-lg btn-primary btn-block\" type=\"submit\">Sign in</button>\n"
+						+ "      </form>\n" + "</div>\n" + "</body></html>"));
 	}
 
 	@EnableWebSecurity
 	static class DefaultLoginPageWithOpenIDConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -397,6 +339,7 @@ public class DefaultLoginPageConfigurerTests {
 				.openidLogin();
 			// @formatter:on
 		}
+
 	}
 
 	@Test
@@ -405,53 +348,43 @@ public class DefaultLoginPageConfigurerTests {
 		CsrfToken csrfToken = new DefaultCsrfToken("X-CSRF-TOKEN", "_csrf", "BaseSpringSpec_CSRFTOKEN");
 		String csrfAttributeName = HttpSessionCsrfTokenRepository.class.getName().concat(".CSRF_TOKEN");
 
-		this.mvc.perform(get("/login")
-				.sessionAttr(csrfAttributeName, csrfToken))
-				.andExpect(content().string(
-						"<!DOCTYPE html>\n" +
-								"<html lang=\"en\">\n" +
-								"  <head>\n" +
-								"    <meta charset=\"utf-8\">\n" +
-								"    <meta name=\"viewport\" content=\"width=device-width, initial-scale=1, shrink-to-fit=no\">\n" +
-								"    <meta name=\"description\" content=\"\">\n" +
-								"    <meta name=\"author\" content=\"\">\n" +
-								"    <title>Please sign in</title>\n" +
-								"    <link href=\"https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-/Y6pD6FV/Vv2HJnA6t+vslU6fwYXjCFtcEpHbNJ0lyAFsXTsjBbfaDjzALeQsN6M\" crossorigin=\"anonymous\">\n" +
-								"    <link href=\"https://getbootstrap.com/docs/4.0/examples/signin/signin.css\" rel=\"stylesheet\" crossorigin=\"anonymous\"/>\n" +
-								"  </head>\n" +
-								"  <body>\n" +
-								"     <div class=\"container\">\n" +
-								"      <form class=\"form-signin\" method=\"post\" action=\"/login\">\n" +
-								"        <h2 class=\"form-signin-heading\">Please sign in</h2>\n" +
-								"        <p>\n" +
-								"          <label for=\"username\" class=\"sr-only\">Username</label>\n" +
-								"          <input type=\"text\" id=\"username\" name=\"username\" class=\"form-control\" placeholder=\"Username\" required autofocus>\n" +
-								"        </p>\n" +
-								"        <p>\n" +
-								"          <label for=\"password\" class=\"sr-only\">Password</label>\n" +
-								"          <input type=\"password\" id=\"password\" name=\"password\" class=\"form-control\" placeholder=\"Password\" required>\n" +
-								"        </p>\n" +
-								"<p><input type='checkbox' name='remember-me'/> Remember me on this computer.</p>\n" +
-								"<input name=\"" + csrfToken.getParameterName() + "\" type=\"hidden\" value=\"" + csrfToken.getToken() + "\" />\n" +
-								"        <button class=\"btn btn-lg btn-primary btn-block\" type=\"submit\">Sign in</button>\n" +
-								"      </form>\n" +
-								"      <form name=\"oidf\" class=\"form-signin\" method=\"post\" action=\"/login/openid\">\n" +
-								"        <h2 class=\"form-signin-heading\">Login with OpenID Identity</h2>\n" +
-								"        <p>\n" +
-								"          <label for=\"username\" class=\"sr-only\">Identity</label>\n" +
-								"          <input type=\"text\" id=\"username\" name=\"openid_identifier\" class=\"form-control\" placeholder=\"Username\" required autofocus>\n" +
-								"        </p>\n" +
-								"<p><input type='checkbox' name='remember-me'/> Remember me on this computer.</p>\n" +
-								"<input name=\"" + csrfToken.getParameterName() + "\" type=\"hidden\" value=\"" + csrfToken.getToken() + "\" />\n" +
-								"        <button class=\"btn btn-lg btn-primary btn-block\" type=\"submit\">Sign in</button>\n" +
-								"      </form>\n" +
-								"</div>\n" +
-								"</body></html>"
-				));
+		this.mvc.perform(get("/login").sessionAttr(csrfAttributeName, csrfToken))
+				.andExpect(content().string("<!DOCTYPE html>\n" + "<html lang=\"en\">\n" + "  <head>\n"
+						+ "    <meta charset=\"utf-8\">\n"
+						+ "    <meta name=\"viewport\" content=\"width=device-width, initial-scale=1, shrink-to-fit=no\">\n"
+						+ "    <meta name=\"description\" content=\"\">\n" + "    <meta name=\"author\" content=\"\">\n"
+						+ "    <title>Please sign in</title>\n"
+						+ "    <link href=\"https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-/Y6pD6FV/Vv2HJnA6t+vslU6fwYXjCFtcEpHbNJ0lyAFsXTsjBbfaDjzALeQsN6M\" crossorigin=\"anonymous\">\n"
+						+ "    <link href=\"https://getbootstrap.com/docs/4.0/examples/signin/signin.css\" rel=\"stylesheet\" crossorigin=\"anonymous\"/>\n"
+						+ "  </head>\n" + "  <body>\n" + "     <div class=\"container\">\n"
+						+ "      <form class=\"form-signin\" method=\"post\" action=\"/login\">\n"
+						+ "        <h2 class=\"form-signin-heading\">Please sign in</h2>\n" + "        <p>\n"
+						+ "          <label for=\"username\" class=\"sr-only\">Username</label>\n"
+						+ "          <input type=\"text\" id=\"username\" name=\"username\" class=\"form-control\" placeholder=\"Username\" required autofocus>\n"
+						+ "        </p>\n" + "        <p>\n"
+						+ "          <label for=\"password\" class=\"sr-only\">Password</label>\n"
+						+ "          <input type=\"password\" id=\"password\" name=\"password\" class=\"form-control\" placeholder=\"Password\" required>\n"
+						+ "        </p>\n"
+						+ "<p><input type='checkbox' name='remember-me'/> Remember me on this computer.</p>\n"
+						+ "<input name=\"" + csrfToken.getParameterName() + "\" type=\"hidden\" value=\""
+						+ csrfToken.getToken() + "\" />\n"
+						+ "        <button class=\"btn btn-lg btn-primary btn-block\" type=\"submit\">Sign in</button>\n"
+						+ "      </form>\n"
+						+ "      <form name=\"oidf\" class=\"form-signin\" method=\"post\" action=\"/login/openid\">\n"
+						+ "        <h2 class=\"form-signin-heading\">Login with OpenID Identity</h2>\n"
+						+ "        <p>\n" + "          <label for=\"username\" class=\"sr-only\">Identity</label>\n"
+						+ "          <input type=\"text\" id=\"username\" name=\"openid_identifier\" class=\"form-control\" placeholder=\"Username\" required autofocus>\n"
+						+ "        </p>\n"
+						+ "<p><input type='checkbox' name='remember-me'/> Remember me on this computer.</p>\n"
+						+ "<input name=\"" + csrfToken.getParameterName() + "\" type=\"hidden\" value=\""
+						+ csrfToken.getToken() + "\" />\n"
+						+ "        <button class=\"btn btn-lg btn-primary btn-block\" type=\"submit\">Sign in</button>\n"
+						+ "      </form>\n" + "</div>\n" + "</body></html>"));
 	}
 
 	@EnableWebSecurity
 	static class DefaultLoginPageWithFormLoginOpenIDRememberMeConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -466,6 +399,7 @@ public class DefaultLoginPageConfigurerTests {
 				.openidLogin();
 			// @formatter:on
 		}
+
 	}
 
 	@Test
@@ -474,13 +408,13 @@ public class DefaultLoginPageConfigurerTests {
 
 		FilterChainProxy filterChain = this.spring.getContext().getBean(FilterChainProxy.class);
 		assertThat(filterChain.getFilterChains().get(0).getFilters().stream()
-				.filter(filter -> filter.getClass().isAssignableFrom(DefaultLoginPageGeneratingFilter.class))
-				.count())
-				.isZero();
+				.filter(filter -> filter.getClass().isAssignableFrom(DefaultLoginPageGeneratingFilter.class)).count())
+						.isZero();
 	}
 
 	@EnableWebSecurity
 	static class DefaultLoginWithCustomAuthenticationEntryPointConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -494,6 +428,7 @@ public class DefaultLoginPageConfigurerTests {
 				.formLogin();
 			// @formatter:on
 		}
+
 	}
 
 	@Test
@@ -501,8 +436,7 @@ public class DefaultLoginPageConfigurerTests {
 		ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class);
 		this.spring.register(ObjectPostProcessorConfig.class).autowire();
 
-		verify(ObjectPostProcessorConfig.objectPostProcessor)
-				.postProcess(any(DefaultLoginPageGeneratingFilter.class));
+		verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(DefaultLoginPageGeneratingFilter.class));
 	}
 
 	@Test
@@ -519,8 +453,7 @@ public class DefaultLoginPageConfigurerTests {
 		ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class);
 		this.spring.register(ObjectPostProcessorConfig.class).autowire();
 
-		verify(ObjectPostProcessorConfig.objectPostProcessor)
-				.postProcess(any(LoginUrlAuthenticationEntryPoint.class));
+		verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(LoginUrlAuthenticationEntryPoint.class));
 	}
 
 	@Test
@@ -528,12 +461,12 @@ public class DefaultLoginPageConfigurerTests {
 		ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class);
 		this.spring.register(ObjectPostProcessorConfig.class).autowire();
 
-		verify(ObjectPostProcessorConfig.objectPostProcessor)
-				.postProcess(any(ExceptionTranslationFilter.class));
+		verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(ExceptionTranslationFilter.class));
 	}
 
 	@EnableWebSecurity
 	static class ObjectPostProcessorConfig extends WebSecurityConfigurerAdapter {
+
 		static ObjectPostProcessor<Object> objectPostProcessor;
 
 		@Override
@@ -550,12 +483,16 @@ public class DefaultLoginPageConfigurerTests {
 		static ObjectPostProcessor<Object> objectPostProcessor() {
 			return objectPostProcessor;
 		}
+
 	}
 
 	static class ReflectingObjectPostProcessor implements ObjectPostProcessor<Object> {
+
 		@Override
 		public <O> O postProcess(O object) {
 			return object;
 		}
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurerAccessDeniedHandlerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurerAccessDeniedHandlerTests.java
index ef1084cdbd..ab6021c5c0 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurerAccessDeniedHandlerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurerAccessDeniedHandlerTests.java
@@ -43,6 +43,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
 @RunWith(SpringJUnit4ClassRunner.class)
 @SecurityTestExecutionListeners
 public class ExceptionHandlingConfigurerAccessDeniedHandlerTests {
+
 	@Autowired
 	MockMvc mvc;
 
@@ -51,22 +52,19 @@ public class ExceptionHandlingConfigurerAccessDeniedHandlerTests {
 
 	@Test
 	@WithMockUser(roles = "ANYTHING")
-	public void getWhenAccessDeniedOverriddenThenCustomizesResponseByRequest()
-			throws Exception {
+	public void getWhenAccessDeniedOverriddenThenCustomizesResponseByRequest() throws Exception {
 		this.spring.register(RequestMatcherBasedAccessDeniedHandlerConfig.class).autowire();
 
-		this.mvc.perform(get("/hello"))
-				.andExpect(status().isIAmATeapot());
+		this.mvc.perform(get("/hello")).andExpect(status().isIAmATeapot());
 
-		this.mvc.perform(get("/goodbye"))
-				.andExpect(status().isForbidden());
+		this.mvc.perform(get("/goodbye")).andExpect(status().isForbidden());
 	}
 
 	@EnableWebSecurity
 	static class RequestMatcherBasedAccessDeniedHandlerConfig extends WebSecurityConfigurerAdapter {
-		AccessDeniedHandler teapotDeniedHandler =
-				(request, response, exception) ->
-						response.setStatus(HttpStatus.I_AM_A_TEAPOT.value());
+
+		AccessDeniedHandler teapotDeniedHandler = (request, response, exception) -> response
+				.setStatus(HttpStatus.I_AM_A_TEAPOT.value());
 
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
@@ -84,26 +82,24 @@ public class ExceptionHandlingConfigurerAccessDeniedHandlerTests {
 							AnyRequestMatcher.INSTANCE);
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	@WithMockUser(roles = "ANYTHING")
-	public void getWhenAccessDeniedOverriddenInLambdaThenCustomizesResponseByRequest()
-			throws Exception {
+	public void getWhenAccessDeniedOverriddenInLambdaThenCustomizesResponseByRequest() throws Exception {
 		this.spring.register(RequestMatcherBasedAccessDeniedHandlerInLambdaConfig.class).autowire();
 
-		this.mvc.perform(get("/hello"))
-				.andExpect(status().isIAmATeapot());
+		this.mvc.perform(get("/hello")).andExpect(status().isIAmATeapot());
 
-		this.mvc.perform(get("/goodbye"))
-				.andExpect(status().isForbidden());
+		this.mvc.perform(get("/goodbye")).andExpect(status().isForbidden());
 	}
 
 	@EnableWebSecurity
 	static class RequestMatcherBasedAccessDeniedHandlerInLambdaConfig extends WebSecurityConfigurerAdapter {
-		AccessDeniedHandler teapotDeniedHandler =
-				(request, response, exception) ->
-						response.setStatus(HttpStatus.I_AM_A_TEAPOT.value());
+
+		AccessDeniedHandler teapotDeniedHandler = (request, response, exception) -> response
+				.setStatus(HttpStatus.I_AM_A_TEAPOT.value());
 
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
@@ -126,26 +122,24 @@ public class ExceptionHandlingConfigurerAccessDeniedHandlerTests {
 				);
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	@WithMockUser(roles = "ANYTHING")
-	public void getWhenAccessDeniedOverriddenByOnlyOneHandlerThenAllRequestsUseThatHandler()
-			throws Exception {
+	public void getWhenAccessDeniedOverriddenByOnlyOneHandlerThenAllRequestsUseThatHandler() throws Exception {
 		this.spring.register(SingleRequestMatcherAccessDeniedHandlerConfig.class).autowire();
 
-		this.mvc.perform(get("/hello"))
-				.andExpect(status().isIAmATeapot());
+		this.mvc.perform(get("/hello")).andExpect(status().isIAmATeapot());
 
-		this.mvc.perform(get("/goodbye"))
-				.andExpect(status().isIAmATeapot());
+		this.mvc.perform(get("/goodbye")).andExpect(status().isIAmATeapot());
 	}
 
 	@EnableWebSecurity
 	static class SingleRequestMatcherAccessDeniedHandlerConfig extends WebSecurityConfigurerAdapter {
-		AccessDeniedHandler teapotDeniedHandler =
-				(request, response, exception) ->
-						response.setStatus(HttpStatus.I_AM_A_TEAPOT.value());
+
+		AccessDeniedHandler teapotDeniedHandler = (request, response, exception) -> response
+				.setStatus(HttpStatus.I_AM_A_TEAPOT.value());
 
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
@@ -160,5 +154,7 @@ public class ExceptionHandlingConfigurerAccessDeniedHandlerTests {
 							new AntPathRequestMatcher("/hello/**"));
 			// @formatter:on
 		}
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurerTests.java
index 5b4ea82259..54b341f14f 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurerTests.java
@@ -67,12 +67,12 @@ public class ExceptionHandlingConfigurerTests {
 	public void configureWhenRegisteringObjectPostProcessorThenInvokedOnExceptionTranslationFilter() {
 		this.spring.register(ObjectPostProcessorConfig.class, DefaultSecurityConfig.class).autowire();
 
-		verify(ObjectPostProcessorConfig.objectPostProcessor)
-				.postProcess(any(ExceptionTranslationFilter.class));
+		verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(ExceptionTranslationFilter.class));
 	}
 
 	@EnableWebSecurity
 	static class ObjectPostProcessorConfig extends WebSecurityConfigurerAdapter {
+
 		static ObjectPostProcessor<Object> objectPostProcessor = spy(ReflectingObjectPostProcessor.class);
 
 		@Override
@@ -87,13 +87,16 @@ public class ExceptionHandlingConfigurerTests {
 		static ObjectPostProcessor<Object> objectPostProcessor() {
 			return objectPostProcessor;
 		}
+
 	}
 
 	static class ReflectingObjectPostProcessor implements ObjectPostProcessor<Object> {
+
 		@Override
 		public <O> O postProcess(O object) {
 			return object;
 		}
+
 	}
 
 	// SEC-2199
@@ -101,8 +104,7 @@ public class ExceptionHandlingConfigurerTests {
 	public void getWhenAcceptHeaderIsApplicationXhtmlXmlThenRespondsWith302() throws Exception {
 		this.spring.register(HttpBasicAndFormLoginEntryPointsConfig.class).autowire();
 
-		this.mvc.perform(get("/")
-				.header(HttpHeaders.ACCEPT, MediaType.APPLICATION_XHTML_XML))
+		this.mvc.perform(get("/").header(HttpHeaders.ACCEPT, MediaType.APPLICATION_XHTML_XML))
 				.andExpect(status().isFound());
 	}
 
@@ -111,9 +113,7 @@ public class ExceptionHandlingConfigurerTests {
 	public void getWhenAcceptHeaderIsImageGifThenRespondsWith302() throws Exception {
 		this.spring.register(HttpBasicAndFormLoginEntryPointsConfig.class).autowire();
 
-		this.mvc.perform(get("/")
-				.header(HttpHeaders.ACCEPT, MediaType.IMAGE_GIF))
-				.andExpect(status().isFound());
+		this.mvc.perform(get("/").header(HttpHeaders.ACCEPT, MediaType.IMAGE_GIF)).andExpect(status().isFound());
 	}
 
 	// SEC-2199
@@ -121,9 +121,7 @@ public class ExceptionHandlingConfigurerTests {
 	public void getWhenAcceptHeaderIsImageJpgThenRespondsWith302() throws Exception {
 		this.spring.register(HttpBasicAndFormLoginEntryPointsConfig.class).autowire();
 
-		this.mvc.perform(get("/")
-				.header(HttpHeaders.ACCEPT, MediaType.IMAGE_JPEG))
-				.andExpect(status().isFound());
+		this.mvc.perform(get("/").header(HttpHeaders.ACCEPT, MediaType.IMAGE_JPEG)).andExpect(status().isFound());
 	}
 
 	// SEC-2199
@@ -131,9 +129,7 @@ public class ExceptionHandlingConfigurerTests {
 	public void getWhenAcceptHeaderIsImagePngThenRespondsWith302() throws Exception {
 		this.spring.register(HttpBasicAndFormLoginEntryPointsConfig.class).autowire();
 
-		this.mvc.perform(get("/")
-				.header(HttpHeaders.ACCEPT, MediaType.IMAGE_PNG))
-				.andExpect(status().isFound());
+		this.mvc.perform(get("/").header(HttpHeaders.ACCEPT, MediaType.IMAGE_PNG)).andExpect(status().isFound());
 	}
 
 	// SEC-2199
@@ -141,9 +137,7 @@ public class ExceptionHandlingConfigurerTests {
 	public void getWhenAcceptHeaderIsTextHtmlThenRespondsWith302() throws Exception {
 		this.spring.register(HttpBasicAndFormLoginEntryPointsConfig.class).autowire();
 
-		this.mvc.perform(get("/")
-				.header(HttpHeaders.ACCEPT, MediaType.TEXT_HTML))
-				.andExpect(status().isFound());
+		this.mvc.perform(get("/").header(HttpHeaders.ACCEPT, MediaType.TEXT_HTML)).andExpect(status().isFound());
 	}
 
 	// SEC-2199
@@ -151,9 +145,7 @@ public class ExceptionHandlingConfigurerTests {
 	public void getWhenAcceptHeaderIsTextPlainThenRespondsWith302() throws Exception {
 		this.spring.register(HttpBasicAndFormLoginEntryPointsConfig.class).autowire();
 
-		this.mvc.perform(get("/")
-				.header(HttpHeaders.ACCEPT, MediaType.TEXT_PLAIN))
-				.andExpect(status().isFound());
+		this.mvc.perform(get("/").header(HttpHeaders.ACCEPT, MediaType.TEXT_PLAIN)).andExpect(status().isFound());
 	}
 
 	// SEC-2199
@@ -161,8 +153,7 @@ public class ExceptionHandlingConfigurerTests {
 	public void getWhenAcceptHeaderIsApplicationAtomXmlThenRespondsWith401() throws Exception {
 		this.spring.register(HttpBasicAndFormLoginEntryPointsConfig.class).autowire();
 
-		this.mvc.perform(get("/")
-				.header(HttpHeaders.ACCEPT, MediaType.APPLICATION_ATOM_XML))
+		this.mvc.perform(get("/").header(HttpHeaders.ACCEPT, MediaType.APPLICATION_ATOM_XML))
 				.andExpect(status().isUnauthorized());
 	}
 
@@ -171,8 +162,7 @@ public class ExceptionHandlingConfigurerTests {
 	public void getWhenAcceptHeaderIsApplicationFormUrlEncodedThenRespondsWith401() throws Exception {
 		this.spring.register(HttpBasicAndFormLoginEntryPointsConfig.class).autowire();
 
-		this.mvc.perform(get("/")
-				.header(HttpHeaders.ACCEPT, MediaType.APPLICATION_FORM_URLENCODED))
+		this.mvc.perform(get("/").header(HttpHeaders.ACCEPT, MediaType.APPLICATION_FORM_URLENCODED))
 				.andExpect(status().isUnauthorized());
 	}
 
@@ -181,8 +171,7 @@ public class ExceptionHandlingConfigurerTests {
 	public void getWhenAcceptHeaderIsApplicationJsonThenRespondsWith401() throws Exception {
 		this.spring.register(HttpBasicAndFormLoginEntryPointsConfig.class).autowire();
 
-		this.mvc.perform(get("/")
-				.header(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON))
+		this.mvc.perform(get("/").header(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON))
 				.andExpect(status().isUnauthorized());
 	}
 
@@ -191,8 +180,7 @@ public class ExceptionHandlingConfigurerTests {
 	public void getWhenAcceptHeaderIsApplicationOctetStreamThenRespondsWith401() throws Exception {
 		this.spring.register(HttpBasicAndFormLoginEntryPointsConfig.class).autowire();
 
-		this.mvc.perform(get("/")
-				.header(HttpHeaders.ACCEPT, MediaType.APPLICATION_OCTET_STREAM))
+		this.mvc.perform(get("/").header(HttpHeaders.ACCEPT, MediaType.APPLICATION_OCTET_STREAM))
 				.andExpect(status().isUnauthorized());
 	}
 
@@ -201,8 +189,7 @@ public class ExceptionHandlingConfigurerTests {
 	public void getWhenAcceptHeaderIsMultipartFormDataThenRespondsWith401() throws Exception {
 		this.spring.register(HttpBasicAndFormLoginEntryPointsConfig.class).autowire();
 
-		this.mvc.perform(get("/")
-				.header(HttpHeaders.ACCEPT, MediaType.MULTIPART_FORM_DATA))
+		this.mvc.perform(get("/").header(HttpHeaders.ACCEPT, MediaType.MULTIPART_FORM_DATA))
 				.andExpect(status().isUnauthorized());
 	}
 
@@ -211,9 +198,7 @@ public class ExceptionHandlingConfigurerTests {
 	public void getWhenAcceptHeaderIsTextXmlThenRespondsWith401() throws Exception {
 		this.spring.register(HttpBasicAndFormLoginEntryPointsConfig.class).autowire();
 
-		this.mvc.perform(get("/")
-				.header(HttpHeaders.ACCEPT, MediaType.TEXT_XML))
-				.andExpect(status().isUnauthorized());
+		this.mvc.perform(get("/").header(HttpHeaders.ACCEPT, MediaType.TEXT_XML)).andExpect(status().isUnauthorized());
 	}
 
 	// gh-4831
@@ -221,18 +206,15 @@ public class ExceptionHandlingConfigurerTests {
 	public void getWhenAcceptIsAnyThenRespondsWith401() throws Exception {
 		this.spring.register(DefaultSecurityConfig.class).autowire();
 
-		this.mvc.perform(get("/")
-				.header(HttpHeaders.ACCEPT, MediaType.ALL))
-				.andExpect(status().isUnauthorized());
+		this.mvc.perform(get("/").header(HttpHeaders.ACCEPT, MediaType.ALL)).andExpect(status().isUnauthorized());
 	}
 
 	@Test
 	public void getWhenAcceptIsChromeThenRespondsWith302() throws Exception {
 		this.spring.register(DefaultSecurityConfig.class).autowire();
 
-		this.mvc.perform(get("/")
-				.header(HttpHeaders.ACCEPT,
-						"text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8"))
+		this.mvc.perform(get("/").header(HttpHeaders.ACCEPT,
+				"text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8"))
 				.andExpect(status().isFound());
 	}
 
@@ -240,9 +222,7 @@ public class ExceptionHandlingConfigurerTests {
 	public void getWhenAcceptIsTextPlainAndXRequestedWithIsXHRThenRespondsWith401() throws Exception {
 		this.spring.register(HttpBasicAndFormLoginEntryPointsConfig.class).autowire();
 
-		this.mvc.perform(get("/")
-				.header("Accept", MediaType.TEXT_PLAIN)
-				.header("X-Requested-With", "XMLHttpRequest"))
+		this.mvc.perform(get("/").header("Accept", MediaType.TEXT_PLAIN).header("X-Requested-With", "XMLHttpRequest"))
 				.andExpect(status().isUnauthorized());
 	}
 
@@ -284,12 +264,13 @@ public class ExceptionHandlingConfigurerTests {
 				.formLogin();
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void getWhenCustomContentNegotiationStrategyThenStrategyIsUsed() throws Exception {
-		this.spring.register(OverrideContentNegotiationStrategySharedObjectConfig.class,
-				DefaultSecurityConfig.class).autowire();
+		this.spring.register(OverrideContentNegotiationStrategySharedObjectConfig.class, DefaultSecurityConfig.class)
+				.autowire();
 
 		this.mvc.perform(get("/"));
 
@@ -299,38 +280,39 @@ public class ExceptionHandlingConfigurerTests {
 
 	@EnableWebSecurity
 	static class OverrideContentNegotiationStrategySharedObjectConfig extends WebSecurityConfigurerAdapter {
+
 		static ContentNegotiationStrategy CNS = mock(ContentNegotiationStrategy.class);
 
 		@Bean
 		public static ContentNegotiationStrategy cns() {
 			return CNS;
 		}
+
 	}
 
 	@Test
 	public void getWhenUsingDefaultsAndUnauthenticatedThenRedirectsToLogin() throws Exception {
 		this.spring.register(DefaultHttpConfig.class).autowire();
 
-		this.mvc.perform(get("/")
-				.header(HttpHeaders.ACCEPT, "bogus/type"))
+		this.mvc.perform(get("/").header(HttpHeaders.ACCEPT, "bogus/type"))
 				.andExpect(redirectedUrl("http://localhost/login"));
 	}
 
 	@EnableWebSecurity
 	static class DefaultHttpConfig extends WebSecurityConfigurerAdapter {
+
 	}
 
 	@Test
 	public void getWhenDeclaringHttpBasicBeforeFormLoginThenRespondsWith401() throws Exception {
 		this.spring.register(BasicAuthenticationEntryPointBeforeFormLoginConfig.class).autowire();
 
-		this.mvc.perform(get("/")
-				.header(HttpHeaders.ACCEPT, "bogus/type"))
-				.andExpect(status().isUnauthorized());
+		this.mvc.perform(get("/").header(HttpHeaders.ACCEPT, "bogus/type")).andExpect(status().isUnauthorized());
 	}
 
 	@EnableWebSecurity
 	static class BasicAuthenticationEntryPointBeforeFormLoginConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -343,6 +325,7 @@ public class ExceptionHandlingConfigurerTests {
 				.formLogin();
 			// @formatter:on
 		}
+
 	}
 
 	@Test
@@ -351,26 +334,20 @@ public class ExceptionHandlingConfigurerTests {
 
 		this.mvc.perform(get("/"));
 
-		verify(InvokeTwiceDoesNotOverrideConfig.AEP)
-				.commence(any(HttpServletRequest.class),
-						any(HttpServletResponse.class), any(AuthenticationException.class));
+		verify(InvokeTwiceDoesNotOverrideConfig.AEP).commence(any(HttpServletRequest.class),
+				any(HttpServletResponse.class), any(AuthenticationException.class));
 	}
 
 	@EnableWebSecurity
 	static class InvokeTwiceDoesNotOverrideConfig extends WebSecurityConfigurerAdapter {
+
 		static AuthenticationEntryPoint AEP = mock(AuthenticationEntryPoint.class);
 
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:on
-			http
-				.authorizeRequests()
-					.anyRequest().authenticated()
-					.and()
-				.exceptionHandling()
-					.authenticationEntryPoint(AEP)
-					.and()
-				.exceptionHandling();
+			http.authorizeRequests().anyRequest().authenticated().and().exceptionHandling()
+					.authenticationEntryPoint(AEP).and().exceptionHandling();
 			// @formatter:off
 		}
 	}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurerTests.java
index 4f7844ca69..a052ff016b 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurerTests.java
@@ -84,13 +84,14 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 	@Test
 	public void configureWhenHasRoleStartingWithStringRoleThenException() {
 		assertThatThrownBy(() -> this.spring.register(HasRoleStartingWithRoleConfig.class).autowire())
-				.isInstanceOf(BeanCreationException.class)
-				.hasRootCauseInstanceOf(IllegalArgumentException.class)
-				.hasMessageContaining("role should not start with 'ROLE_' since it is automatically inserted. Got 'ROLE_USER'");
+				.isInstanceOf(BeanCreationException.class).hasRootCauseInstanceOf(IllegalArgumentException.class)
+				.hasMessageContaining(
+						"role should not start with 'ROLE_' since it is automatically inserted. Got 'ROLE_USER'");
 	}
 
 	@EnableWebSecurity
 	static class HasRoleStartingWithRoleConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -99,18 +100,19 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 					.anyRequest().hasRole("ROLE_USER");
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void configureWhenNoCustomAccessDecisionManagerThenUsesAffirmativeBased() {
 		this.spring.register(NoSpecificAccessDecisionManagerConfig.class).autowire();
 
-		verify(NoSpecificAccessDecisionManagerConfig.objectPostProcessor)
-				.postProcess(any(AffirmativeBased.class));
+		verify(NoSpecificAccessDecisionManagerConfig.objectPostProcessor).postProcess(any(AffirmativeBased.class));
 	}
 
 	@EnableWebSecurity
 	static class NoSpecificAccessDecisionManagerConfig extends WebSecurityConfigurerAdapter {
+
 		static ObjectPostProcessor<Object> objectPostProcessor = spy(ReflectingObjectPostProcessor.class);
 
 		@Override
@@ -126,34 +128,37 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 		static ObjectPostProcessor<Object> objectPostProcessor() {
 			return objectPostProcessor;
 		}
+
 	}
 
 	@Test
 	public void configureWhenAuthorizedRequestsAndNoRequestsThenException() {
 		assertThatThrownBy(() -> this.spring.register(NoRequestsConfig.class).autowire())
-				.isInstanceOf(BeanCreationException.class)
-				.hasMessageContaining("At least one mapping is required (i.e. authorizeRequests().anyRequest().authenticated())");
+				.isInstanceOf(BeanCreationException.class).hasMessageContaining(
+						"At least one mapping is required (i.e. authorizeRequests().anyRequest().authenticated())");
 	}
 
 	@EnableWebSecurity
 	static class NoRequestsConfig extends WebSecurityConfigurerAdapter {
+
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
 				.authorizeRequests();
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void configureWhenAnyRequestIncompleteMappingThenException() {
 		assertThatThrownBy(() -> this.spring.register(IncompleteMappingConfig.class).autowire())
-				.isInstanceOf(BeanCreationException.class)
-				.hasMessageContaining("An incomplete mapping was found for ");
+				.isInstanceOf(BeanCreationException.class).hasMessageContaining("An incomplete mapping was found for ");
 	}
 
 	@EnableWebSecurity
 	static class IncompleteMappingConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -163,15 +168,14 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 					.anyRequest();
 			// @formatter:on
 		}
+
 	}
 
 	@Test
-	public void getWhenHasAnyAuthorityRoleUserConfiguredAndAuthorityIsRoleUserThenRespondsWithOk()
-			throws Exception {
+	public void getWhenHasAnyAuthorityRoleUserConfiguredAndAuthorityIsRoleUserThenRespondsWithOk() throws Exception {
 		this.spring.register(RoleUserAnyAuthorityConfig.class, BasicController.class).autowire();
 
-		this.mvc.perform(get("/")
-				.with(user("user").authorities(new SimpleGrantedAuthority("ROLE_USER"))))
+		this.mvc.perform(get("/").with(user("user").authorities(new SimpleGrantedAuthority("ROLE_USER"))))
 				.andExpect(status().isOk());
 	}
 
@@ -180,22 +184,20 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 			throws Exception {
 		this.spring.register(RoleUserAnyAuthorityConfig.class, BasicController.class).autowire();
 
-		this.mvc.perform(get("/")
-				.with(user("user").authorities(new SimpleGrantedAuthority("ROLE_ADMIN"))))
+		this.mvc.perform(get("/").with(user("user").authorities(new SimpleGrantedAuthority("ROLE_ADMIN"))))
 				.andExpect(status().isForbidden());
 	}
 
 	@Test
-	public void getWhenHasAnyAuthorityRoleUserConfiguredAndNoAuthorityThenRespondsWithUnauthorized()
-			throws Exception {
+	public void getWhenHasAnyAuthorityRoleUserConfiguredAndNoAuthorityThenRespondsWithUnauthorized() throws Exception {
 		this.spring.register(RoleUserAnyAuthorityConfig.class, BasicController.class).autowire();
 
-		this.mvc.perform(get("/"))
-				.andExpect(status().isUnauthorized());
+		this.mvc.perform(get("/")).andExpect(status().isUnauthorized());
 	}
 
 	@EnableWebSecurity
 	static class RoleUserAnyAuthorityConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -206,15 +208,14 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 					.anyRequest().hasAnyAuthority("ROLE_USER");
 			// @formatter:on
 		}
+
 	}
 
 	@Test
-	public void getWhenHasAuthorityRoleUserConfiguredAndAuthorityIsRoleUserThenRespondsWithOk()
-			throws Exception {
+	public void getWhenHasAuthorityRoleUserConfiguredAndAuthorityIsRoleUserThenRespondsWithOk() throws Exception {
 		this.spring.register(RoleUserAuthorityConfig.class, BasicController.class).autowire();
 
-		this.mvc.perform(get("/")
-				.with(user("user").authorities(new SimpleGrantedAuthority("ROLE_USER"))))
+		this.mvc.perform(get("/").with(user("user").authorities(new SimpleGrantedAuthority("ROLE_USER"))))
 				.andExpect(status().isOk());
 	}
 
@@ -223,22 +224,20 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 			throws Exception {
 		this.spring.register(RoleUserAuthorityConfig.class, BasicController.class).autowire();
 
-		this.mvc.perform(get("/")
-				.with(user("user").authorities(new SimpleGrantedAuthority("ROLE_ADMIN"))))
+		this.mvc.perform(get("/").with(user("user").authorities(new SimpleGrantedAuthority("ROLE_ADMIN"))))
 				.andExpect(status().isForbidden());
 	}
 
 	@Test
-	public void getWhenHasAuthorityRoleUserConfiguredAndNoAuthorityThenRespondsWithUnauthorized()
-			throws Exception {
+	public void getWhenHasAuthorityRoleUserConfiguredAndNoAuthorityThenRespondsWithUnauthorized() throws Exception {
 		this.spring.register(RoleUserAuthorityConfig.class, BasicController.class).autowire();
 
-		this.mvc.perform(get("/"))
-				.andExpect(status().isUnauthorized());
+		this.mvc.perform(get("/")).andExpect(status().isUnauthorized());
 	}
 
 	@EnableWebSecurity
 	static class RoleUserAuthorityConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -249,25 +248,22 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 					.anyRequest().hasAuthority("ROLE_USER");
 			// @formatter:on
 		}
+
 	}
 
 	@Test
-	public void getWhenAuthorityRoleUserOrAdminRequiredAndAuthorityIsRoleUserThenRespondsWithOk()
-			throws Exception {
+	public void getWhenAuthorityRoleUserOrAdminRequiredAndAuthorityIsRoleUserThenRespondsWithOk() throws Exception {
 		this.spring.register(RoleUserOrRoleAdminAuthorityConfig.class, BasicController.class).autowire();
 
-		this.mvc.perform(get("/")
-				.with(user("user").authorities(new SimpleGrantedAuthority("ROLE_USER"))))
+		this.mvc.perform(get("/").with(user("user").authorities(new SimpleGrantedAuthority("ROLE_USER"))))
 				.andExpect(status().isOk());
 	}
 
 	@Test
-	public void getWhenAuthorityRoleUserOrAdminRequiredAndAuthorityIsRoleAdminThenRespondsWithOk()
-			throws Exception {
+	public void getWhenAuthorityRoleUserOrAdminRequiredAndAuthorityIsRoleAdminThenRespondsWithOk() throws Exception {
 		this.spring.register(RoleUserOrRoleAdminAuthorityConfig.class, BasicController.class).autowire();
 
-		this.mvc.perform(get("/")
-				.with(user("user").authorities(new SimpleGrantedAuthority("ROLE_ADMIN"))))
+		this.mvc.perform(get("/").with(user("user").authorities(new SimpleGrantedAuthority("ROLE_ADMIN"))))
 				.andExpect(status().isOk());
 	}
 
@@ -276,22 +272,20 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 			throws Exception {
 		this.spring.register(RoleUserOrRoleAdminAuthorityConfig.class, BasicController.class).autowire();
 
-		this.mvc.perform(get("/")
-				.with(user("user").authorities(new SimpleGrantedAuthority("ROLE_OTHER"))))
+		this.mvc.perform(get("/").with(user("user").authorities(new SimpleGrantedAuthority("ROLE_OTHER"))))
 				.andExpect(status().isForbidden());
 	}
 
 	@Test
-	public void getWhenAuthorityRoleUserOrAdminAuthRequiredAndNoUserThenRespondsWithUnauthorized()
-			throws Exception {
+	public void getWhenAuthorityRoleUserOrAdminAuthRequiredAndNoUserThenRespondsWithUnauthorized() throws Exception {
 		this.spring.register(RoleUserOrRoleAdminAuthorityConfig.class, BasicController.class).autowire();
 
-		this.mvc.perform(get("/"))
-				.andExpect(status().isUnauthorized());
+		this.mvc.perform(get("/")).andExpect(status().isUnauthorized());
 	}
 
 	@EnableWebSecurity
 	static class RoleUserOrRoleAdminAuthorityConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -302,28 +296,26 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 					.anyRequest().hasAnyAuthority("ROLE_USER", "ROLE_ADMIN");
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void getWhenHasAnyRoleUserConfiguredAndRoleIsUserThenRespondsWithOk() throws Exception {
 		this.spring.register(RoleUserConfig.class, BasicController.class).autowire();
 
-		this.mvc.perform(get("/")
-				.with(user("user").roles("USER")))
-				.andExpect(status().isOk());
+		this.mvc.perform(get("/").with(user("user").roles("USER"))).andExpect(status().isOk());
 	}
 
 	@Test
 	public void getWhenHasAnyRoleUserConfiguredAndRoleIsAdminThenRespondsWithForbidden() throws Exception {
 		this.spring.register(RoleUserConfig.class, BasicController.class).autowire();
 
-		this.mvc.perform(get("/")
-				.with(user("user").roles("ADMIN")))
-				.andExpect(status().isForbidden());
+		this.mvc.perform(get("/").with(user("user").roles("ADMIN"))).andExpect(status().isForbidden());
 	}
 
 	@EnableWebSecurity
 	static class RoleUserConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -332,37 +324,33 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 					.anyRequest().hasAnyRole("USER");
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void getWhenRoleUserOrAdminConfiguredAndRoleIsUserThenRespondsWithOk() throws Exception {
 		this.spring.register(RoleUserOrAdminConfig.class, BasicController.class).autowire();
 
-		this.mvc.perform(get("/")
-				.with(user("user").roles("USER")))
-				.andExpect(status().isOk());
+		this.mvc.perform(get("/").with(user("user").roles("USER"))).andExpect(status().isOk());
 	}
 
 	@Test
 	public void getWhenRoleUserOrAdminConfiguredAndRoleIsAdminThenRespondsWithOk() throws Exception {
 		this.spring.register(RoleUserOrAdminConfig.class, BasicController.class).autowire();
 
-		this.mvc.perform(get("/")
-				.with(user("user").roles("ADMIN")))
-				.andExpect(status().isOk());
+		this.mvc.perform(get("/").with(user("user").roles("ADMIN"))).andExpect(status().isOk());
 	}
 
 	@Test
 	public void getWhenRoleUserOrAdminConfiguredAndRoleIsOtherThenRespondsWithForbidden() throws Exception {
 		this.spring.register(RoleUserOrAdminConfig.class, BasicController.class).autowire();
 
-		this.mvc.perform(get("/")
-				.with(user("user").roles("OTHER")))
-				.andExpect(status().isForbidden());
+		this.mvc.perform(get("/").with(user("user").roles("OTHER"))).andExpect(status().isForbidden());
 	}
 
 	@EnableWebSecurity
 	static class RoleUserOrAdminConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -371,34 +359,32 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 					.anyRequest().hasAnyRole("USER", "ADMIN");
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void getWhenHasIpAddressConfiguredAndIpAddressMatchesThenRespondsWithOk() throws Exception {
 		this.spring.register(HasIpAddressConfig.class, BasicController.class).autowire();
 
-		this.mvc.perform(get("/")
-				.with(request -> {
-					request.setRemoteAddr("192.168.1.0");
-					return request;
-				}))
-				.andExpect(status().isOk());
+		this.mvc.perform(get("/").with(request -> {
+			request.setRemoteAddr("192.168.1.0");
+			return request;
+		})).andExpect(status().isOk());
 	}
 
 	@Test
 	public void getWhenHasIpAddressConfiguredAndIpAddressDoesNotMatchThenRespondsWithUnauthorized() throws Exception {
 		this.spring.register(HasIpAddressConfig.class, BasicController.class).autowire();
 
-		this.mvc.perform(get("/")
-				.with(request -> {
-					request.setRemoteAddr("192.168.1.1");
-					return request;
-				}))
-				.andExpect(status().isUnauthorized());
+		this.mvc.perform(get("/").with(request -> {
+			request.setRemoteAddr("192.168.1.1");
+			return request;
+		})).andExpect(status().isUnauthorized());
 	}
 
 	@EnableWebSecurity
 	static class HasIpAddressConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -409,27 +395,26 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 					.anyRequest().hasIpAddress("192.168.1.0");
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void getWhenAnonymousConfiguredAndAnonymousUserThenRespondsWithOk() throws Exception {
 		this.spring.register(AnonymousConfig.class, BasicController.class).autowire();
 
-		this.mvc.perform(get("/"))
-				.andExpect(status().isOk());
+		this.mvc.perform(get("/")).andExpect(status().isOk());
 	}
 
 	@Test
 	public void getWhenAnonymousConfiguredAndLoggedInUserThenRespondsWithForbidden() throws Exception {
 		this.spring.register(AnonymousConfig.class, BasicController.class).autowire();
 
-		this.mvc.perform(get("/")
-				.with(user("user")))
-				.andExpect(status().isForbidden());
+		this.mvc.perform(get("/").with(user("user"))).andExpect(status().isForbidden());
 	}
 
 	@EnableWebSecurity
 	static class AnonymousConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -440,27 +425,28 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 					.anyRequest().anonymous();
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void getWhenRememberMeConfiguredAndNoUserThenRespondsWithUnauthorized() throws Exception {
 		this.spring.register(RememberMeConfig.class, BasicController.class).autowire();
 
-		this.mvc.perform(get("/"))
-				.andExpect(status().isUnauthorized());
+		this.mvc.perform(get("/")).andExpect(status().isUnauthorized());
 	}
 
 	@Test
 	public void getWhenRememberMeConfiguredAndRememberMeTokenThenRespondsWithOk() throws Exception {
 		this.spring.register(RememberMeConfig.class, BasicController.class).autowire();
 
-		this.mvc.perform(get("/")
-				.with(authentication(new RememberMeAuthenticationToken("key", "user", AuthorityUtils.createAuthorityList("ROLE_USER")))))
+		this.mvc.perform(get("/").with(authentication(
+				new RememberMeAuthenticationToken("key", "user", AuthorityUtils.createAuthorityList("ROLE_USER")))))
 				.andExpect(status().isOk());
 	}
 
 	@EnableWebSecurity
 	static class RememberMeConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -482,27 +468,26 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 					.withUser("user").password("password").roles("USER");
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void getWhenDenyAllConfiguredAndNoUserThenRespondsWithUnauthorized() throws Exception {
 		this.spring.register(DenyAllConfig.class, BasicController.class).autowire();
 
-		this.mvc.perform(get("/"))
-				.andExpect(status().isUnauthorized());
+		this.mvc.perform(get("/")).andExpect(status().isUnauthorized());
 	}
 
 	@Test
 	public void getWheDenyAllConfiguredAndUserLoggedInThenRespondsWithForbidden() throws Exception {
 		this.spring.register(DenyAllConfig.class, BasicController.class).autowire();
 
-		this.mvc.perform(get("/")
-				.with(user("user").roles("USER")))
-				.andExpect(status().isForbidden());
+		this.mvc.perform(get("/").with(user("user").roles("USER"))).andExpect(status().isForbidden());
 	}
 
 	@EnableWebSecurity
 	static class DenyAllConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -513,27 +498,28 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 					.anyRequest().denyAll();
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void getWhenNotDenyAllConfiguredAndNoUserThenRespondsWithOk() throws Exception {
 		this.spring.register(NotDenyAllConfig.class, BasicController.class).autowire();
 
-		this.mvc.perform(get("/"))
-				.andExpect(status().isOk());
+		this.mvc.perform(get("/")).andExpect(status().isOk());
 	}
 
 	@Test
 	public void getWhenNotDenyAllConfiguredAndRememberMeTokenThenRespondsWithOk() throws Exception {
 		this.spring.register(NotDenyAllConfig.class, BasicController.class).autowire();
 
-		this.mvc.perform(get("/")
-				.with(authentication(new RememberMeAuthenticationToken("key", "user", AuthorityUtils.createAuthorityList("ROLE_USER")))))
+		this.mvc.perform(get("/").with(authentication(
+				new RememberMeAuthenticationToken("key", "user", AuthorityUtils.createAuthorityList("ROLE_USER")))))
 				.andExpect(status().isOk());
 	}
 
 	@EnableWebSecurity
 	static class NotDenyAllConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -544,14 +530,15 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 					.anyRequest().not().denyAll();
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void getWhenFullyAuthenticatedConfiguredAndRememberMeTokenThenRespondsWithUnauthorized() throws Exception {
 		this.spring.register(FullyAuthenticatedConfig.class, BasicController.class).autowire();
 
-		this.mvc.perform(get("/")
-				.with(authentication(new RememberMeAuthenticationToken("key", "user", AuthorityUtils.createAuthorityList("ROLE_USER")))))
+		this.mvc.perform(get("/").with(authentication(
+				new RememberMeAuthenticationToken("key", "user", AuthorityUtils.createAuthorityList("ROLE_USER")))))
 				.andExpect(status().isUnauthorized());
 	}
 
@@ -559,13 +546,12 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 	public void getWhenFullyAuthenticatedConfiguredAndUserThenRespondsWithOk() throws Exception {
 		this.spring.register(FullyAuthenticatedConfig.class, BasicController.class).autowire();
 
-		this.mvc.perform(get("/")
-				.with(user("user").roles("USER")))
-				.andExpect(status().isOk());
+		this.mvc.perform(get("/").with(user("user").roles("USER"))).andExpect(status().isOk());
 	}
 
 	@EnableWebSecurity
 	static class FullyAuthenticatedConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -578,37 +564,33 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 					.anyRequest().fullyAuthenticated();
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void getWhenAccessRoleUserOrGetRequestConfiguredThenRespondsWithOk() throws Exception {
 		this.spring.register(AccessConfig.class, BasicController.class).autowire();
 
-		this.mvc.perform(get("/"))
-				.andExpect(status().isOk());
+		this.mvc.perform(get("/")).andExpect(status().isOk());
 	}
 
 	@Test
 	public void postWhenAccessRoleUserOrGetRequestConfiguredAndRoleUserThenRespondsWithOk() throws Exception {
 		this.spring.register(AccessConfig.class, BasicController.class).autowire();
 
-		this.mvc.perform(post("/")
-				.with(csrf())
-				.with(user("user").roles("USER")))
-				.andExpect(status().isOk());
+		this.mvc.perform(post("/").with(csrf()).with(user("user").roles("USER"))).andExpect(status().isOk());
 	}
 
 	@Test
 	public void postWhenAccessRoleUserOrGetRequestConfiguredThenRespondsWithUnauthorized() throws Exception {
 		this.spring.register(AccessConfig.class, BasicController.class).autowire();
 
-		this.mvc.perform(post("/")
-				.with(csrf()))
-				.andExpect(status().isUnauthorized());
+		this.mvc.perform(post("/").with(csrf())).andExpect(status().isUnauthorized());
 	}
 
 	@EnableWebSecurity
 	static class AccessConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -621,19 +603,19 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 					.anyRequest().access("hasRole('ROLE_USER') or request.method == 'GET'");
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void authorizeRequestsWhenInvokedTwiceThenUsesOriginalConfiguration() throws Exception {
 		this.spring.register(InvokeTwiceDoesNotResetConfig.class, BasicController.class).autowire();
 
-		this.mvc.perform(post("/")
-				.with(csrf()))
-				.andExpect(status().isUnauthorized());
+		this.mvc.perform(post("/").with(csrf())).andExpect(status().isUnauthorized());
 	}
 
 	@EnableWebSecurity
 	static class InvokeTwiceDoesNotResetConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -646,6 +628,7 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 				.authorizeRequests();
 			// @formatter:on
 		}
+
 	}
 
 	@Test
@@ -655,6 +638,7 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 
 	@EnableWebSecurity
 	static class AllPropertiesWorkConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			SecurityExpressionHandler<FilterInvocation> handler = new DefaultWebSecurityExpressionHandler();
@@ -672,6 +656,7 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 				.formLogin();
 			// @formatter:on
 		}
+
 	}
 
 	@Test
@@ -686,6 +671,7 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 
 	@EnableWebSecurity
 	static class AuthorizedRequestsWithPostProcessorConfig extends WebSecurityConfigurerAdapter {
+
 		static ApplicationListener<AuthorizedEvent> AL = mock(ApplicationListener.class);
 
 		@Override
@@ -708,46 +694,40 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 		public ApplicationListener<AuthorizedEvent> applicationListener() {
 			return AL;
 		}
+
 	}
 
 	@Test
 	public void getWhenPermissionCheckAndRoleDoesNotMatchThenRespondsWithForbidden() throws Exception {
 		this.spring.register(UseBeansInExpressions.class, WildcardController.class).autowire();
 
-		this.mvc.perform(get("/admin")
-				.with(user("user").roles("USER")))
-				.andExpect(status().isForbidden());
+		this.mvc.perform(get("/admin").with(user("user").roles("USER"))).andExpect(status().isForbidden());
 	}
 
 	@Test
 	public void getWhenPermissionCheckAndRoleMatchesThenRespondsWithOk() throws Exception {
 		this.spring.register(UseBeansInExpressions.class, WildcardController.class).autowire();
 
-		this.mvc.perform(get("/user")
-				.with(user("user").roles("USER")))
-				.andExpect(status().isOk());
+		this.mvc.perform(get("/user").with(user("user").roles("USER"))).andExpect(status().isOk());
 	}
 
 	@Test
 	public void getWhenPermissionCheckAndAuthenticationNameMatchesThenRespondsWithOk() throws Exception {
 		this.spring.register(UseBeansInExpressions.class, WildcardController.class).autowire();
 
-		this.mvc.perform(get("/allow")
-				.with(user("user").roles("USER")))
-				.andExpect(status().isOk());
+		this.mvc.perform(get("/allow").with(user("user").roles("USER"))).andExpect(status().isOk());
 	}
 
 	@Test
 	public void getWhenPermissionCheckAndAuthenticationNameDoesNotMatchThenRespondsWithForbidden() throws Exception {
 		this.spring.register(UseBeansInExpressions.class, WildcardController.class).autowire();
 
-		this.mvc.perform(get("/deny")
-				.with(user("user").roles("USER")))
-				.andExpect(status().isForbidden());
+		this.mvc.perform(get("/deny").with(user("user").roles("USER"))).andExpect(status().isForbidden());
 	}
 
 	@EnableWebSecurity
 	static class UseBeansInExpressions extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -766,40 +746,34 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 		}
 
 		static class Checker {
+
 			public boolean check(Authentication authentication, String customArg) {
 				return authentication.getName().contains(customArg);
 			}
+
 		}
+
 	}
 
 	@Test
-	public void getWhenCustomExpressionHandlerAndRoleDoesNotMatchThenRespondsWithForbidden()
-			throws Exception {
+	public void getWhenCustomExpressionHandlerAndRoleDoesNotMatchThenRespondsWithForbidden() throws Exception {
 		this.spring.register(CustomExpressionRootConfig.class, WildcardController.class).autowire();
 
-		this.mvc.perform(get("/admin")
-				.with(user("user").roles("USER")))
-				.andExpect(status().isForbidden());
+		this.mvc.perform(get("/admin").with(user("user").roles("USER"))).andExpect(status().isForbidden());
 	}
 
 	@Test
-	public void getWhenCustomExpressionHandlerAndRoleMatchesThenRespondsWithOk()
-			throws Exception {
+	public void getWhenCustomExpressionHandlerAndRoleMatchesThenRespondsWithOk() throws Exception {
 		this.spring.register(CustomExpressionRootConfig.class, WildcardController.class).autowire();
 
-		this.mvc.perform(get("/user")
-				.with(user("user").roles("USER")))
-				.andExpect(status().isOk());
+		this.mvc.perform(get("/user").with(user("user").roles("USER"))).andExpect(status().isOk());
 	}
 
 	@Test
-	public void getWhenCustomExpressionHandlerAndAuthenticationNameMatchesThenRespondsWithOk()
-			throws Exception {
+	public void getWhenCustomExpressionHandlerAndAuthenticationNameMatchesThenRespondsWithOk() throws Exception {
 		this.spring.register(CustomExpressionRootConfig.class, WildcardController.class).autowire();
 
-		this.mvc.perform(get("/allow")
-				.with(user("user").roles("USER")))
-				.andExpect(status().isOk());
+		this.mvc.perform(get("/allow").with(user("user").roles("USER"))).andExpect(status().isOk());
 	}
 
 	@Test
@@ -807,13 +781,12 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 			throws Exception {
 		this.spring.register(CustomExpressionRootConfig.class, WildcardController.class).autowire();
 
-		this.mvc.perform(get("/deny")
-				.with(user("user").roles("USER")))
-				.andExpect(status().isForbidden());
+		this.mvc.perform(get("/deny").with(user("user").roles("USER"))).andExpect(status().isForbidden());
 	}
 
 	@EnableWebSecurity
 	static class CustomExpressionRootConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -835,14 +808,15 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 		static class CustomExpressionHandler extends DefaultWebSecurityExpressionHandler {
 
 			@Override
-			protected SecurityExpressionOperations createSecurityExpressionRoot(
-					Authentication authentication, FilterInvocation fi) {
+			protected SecurityExpressionOperations createSecurityExpressionRoot(Authentication authentication,
+					FilterInvocation fi) {
 				WebSecurityExpressionRoot root = new CustomExpressionRoot(authentication, fi);
 				root.setPermissionEvaluator(getPermissionEvaluator());
 				root.setTrustResolver(new AuthenticationTrustResolverImpl());
 				root.setRoleHierarchy(getRoleHierarchy());
 				return root;
 			}
+
 		}
 
 		static class CustomExpressionRoot extends WebSecurityExpressionRoot {
@@ -855,20 +829,22 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 				Authentication auth = this.getAuthentication();
 				return auth.getName().contains(customArg);
 			}
+
 		}
+
 	}
 
-	//SEC-3011
+	// SEC-3011
 	@Test
 	public void configureWhenRegisteringObjectPostProcessorThenInvokedOnAccessDecisionManager() {
 		this.spring.register(Sec3011Config.class).autowire();
 
-		verify(Sec3011Config.objectPostProcessor)
-				.postProcess(any(AccessDecisionManager.class));
+		verify(Sec3011Config.objectPostProcessor).postProcess(any(AccessDecisionManager.class));
 	}
 
 	@EnableWebSecurity
 	static class Sec3011Config extends WebSecurityConfigurerAdapter {
+
 		static ObjectPostProcessor<Object> objectPostProcessor = spy(ReflectingObjectPostProcessor.class);
 
 		@Override
@@ -892,6 +868,7 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 		static ObjectPostProcessor<Object> objectPostProcessor() {
 			return objectPostProcessor;
 		}
+
 	}
 
 	@Test
@@ -899,8 +876,7 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 			throws Exception {
 		this.spring.register(PermissionEvaluatorConfig.class, WildcardController.class).autowire();
 
-		this.mvc.perform(get("/allow"))
-				.andExpect(status().isOk());
+		this.mvc.perform(get("/allow")).andExpect(status().isOk());
 	}
 
 	@Test
@@ -908,8 +884,7 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 			throws Exception {
 		this.spring.register(PermissionEvaluatorConfig.class, WildcardController.class).autowire();
 
-		this.mvc.perform(get("/deny"))
-				.andExpect(status().isForbidden());
+		this.mvc.perform(get("/deny")).andExpect(status().isForbidden());
 	}
 
 	@Test
@@ -917,8 +892,7 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 			throws Exception {
 		this.spring.register(PermissionEvaluatorConfig.class, WildcardController.class).autowire();
 
-		this.mvc.perform(get("/allowObject"))
-				.andExpect(status().isOk());
+		this.mvc.perform(get("/allowObject")).andExpect(status().isOk());
 	}
 
 	@Test
@@ -926,12 +900,12 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 			throws Exception {
 		this.spring.register(PermissionEvaluatorConfig.class, WildcardController.class).autowire();
 
-		this.mvc.perform(get("/denyObject"))
-				.andExpect(status().isForbidden());
+		this.mvc.perform(get("/denyObject")).andExpect(status().isForbidden());
 	}
 
 	@EnableWebSecurity
 	static class PermissionEvaluatorConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -949,7 +923,8 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 		public PermissionEvaluator permissionEvaluator() {
 			return new PermissionEvaluator() {
 				@Override
-				public boolean hasPermission(Authentication authentication, Object targetDomainObject, Object permission) {
+				public boolean hasPermission(Authentication authentication, Object targetDomainObject,
+						Object permission) {
 					return "TESTOBJ".equals(targetDomainObject) && "PERMISSION".equals(permission);
 				}
 
@@ -960,28 +935,26 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 				}
 			};
 		}
+
 	}
 
 	@Test
 	public void getWhenRegisteringRoleHierarchyAndRelatedRoleAllowedThenRespondsWithOk() throws Exception {
 		this.spring.register(RoleHierarchyConfig.class, WildcardController.class).autowire();
 
-		this.mvc.perform(get("/allow")
-				.with(user("user").roles("USER")))
-				.andExpect(status().isOk());
+		this.mvc.perform(get("/allow").with(user("user").roles("USER"))).andExpect(status().isOk());
 	}
 
 	@Test
 	public void getWhenRegisteringRoleHierarchyAndNoRelatedRolesAllowedThenRespondsWithForbidden() throws Exception {
 		this.spring.register(RoleHierarchyConfig.class, WildcardController.class).autowire();
 
-		this.mvc.perform(get("/deny")
-				.with(user("user").roles("USER")))
-				.andExpect(status().isForbidden());
+		this.mvc.perform(get("/deny").with(user("user").roles("USER"))).andExpect(status().isForbidden());
 	}
 
 	@EnableWebSecurity
 	static class RoleHierarchyConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -999,10 +972,12 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 			roleHierarchy.setHierarchy("ROLE_USER > ROLE_MEMBER");
 			return roleHierarchy;
 		}
+
 	}
 
 	@RestController
 	static class BasicController {
+
 		@GetMapping("/")
 		public void rootGet() {
 		}
@@ -1010,19 +985,25 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 		@PostMapping("/")
 		public void rootPost() {
 		}
+
 	}
 
 	@RestController
 	static class WildcardController {
+
 		@GetMapping("/{path}")
 		public void wildcard(@PathVariable String path) {
 		}
+
 	}
 
 	static class ReflectingObjectPostProcessor implements ObjectPostProcessor<Object> {
+
 		@Override
 		public <O> O postProcess(O object) {
 			return object;
 		}
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/FormLoginConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/FormLoginConfigurerTests.java
index 736cc130a6..4eb2835e9a 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/FormLoginConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/FormLoginConfigurerTests.java
@@ -58,6 +58,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
  * @since 5.1
  */
 public class FormLoginConfigurerTests {
+
 	@Rule
 	public final SpringTestRule spring = new SpringTestRule();
 
@@ -66,19 +67,18 @@ public class FormLoginConfigurerTests {
 
 	@Test
 	public void requestCache() throws Exception {
-		this.spring.register(RequestCacheConfig.class,
-				AuthenticationTestConfiguration.class).autowire();
+		this.spring.register(RequestCacheConfig.class, AuthenticationTestConfiguration.class).autowire();
 
 		RequestCacheConfig config = this.spring.getContext().getBean(RequestCacheConfig.class);
 
-		this.mockMvc.perform(formLogin())
-				.andExpect(authenticated());
+		this.mockMvc.perform(formLogin()).andExpect(authenticated());
 
 		verify(config.requestCache).getRequest(any(), any());
 	}
 
 	@EnableWebSecurity
 	static class RequestCacheConfig extends WebSecurityConfigurerAdapter {
+
 		private RequestCache requestCache = mock(RequestCache.class);
 
 		@Override
@@ -90,27 +90,28 @@ public class FormLoginConfigurerTests {
 					.requestCache(this.requestCache);
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void requestCacheAsBean() throws Exception {
-		this.spring.register(RequestCacheBeanConfig.class,
-				AuthenticationTestConfiguration.class).autowire();
+		this.spring.register(RequestCacheBeanConfig.class, AuthenticationTestConfiguration.class).autowire();
 
 		RequestCache requestCache = this.spring.getContext().getBean(RequestCache.class);
 
-		this.mockMvc.perform(formLogin())
-				.andExpect(authenticated());
+		this.mockMvc.perform(formLogin()).andExpect(authenticated());
 
 		verify(requestCache).getRequest(any(), any());
 	}
 
 	@EnableWebSecurity
 	static class RequestCacheBeanConfig {
+
 		@Bean
 		RequestCache requestCache() {
 			return mock(RequestCache.class);
 		}
+
 	}
 
 	@Test
@@ -118,16 +119,14 @@ public class FormLoginConfigurerTests {
 		this.spring.register(FormLoginConfig.class).autowire();
 
 		this.mockMvc.perform(formLogin().user("username", "user").password("password", "password"))
-				.andExpect(status().isFound())
-				.andExpect(redirectedUrl("/"));
+				.andExpect(status().isFound()).andExpect(redirectedUrl("/"));
 	}
 
 	@Test
 	public void loginWhenFormLoginConfiguredThenHasDefaultFailureUrl() throws Exception {
 		this.spring.register(FormLoginConfig.class).autowire();
 
-		this.mockMvc.perform(formLogin().user("invalid"))
-				.andExpect(status().isFound())
+		this.mockMvc.perform(formLogin().user("invalid")).andExpect(status().isFound())
 				.andExpect(redirectedUrl("/login?error"));
 	}
 
@@ -135,38 +134,34 @@ public class FormLoginConfigurerTests {
 	public void loginWhenFormLoginConfiguredThenHasDefaultSuccessUrl() throws Exception {
 		this.spring.register(FormLoginConfig.class).autowire();
 
-		this.mockMvc.perform(formLogin())
-				.andExpect(status().isFound())
-				.andExpect(redirectedUrl("/"));
+		this.mockMvc.perform(formLogin()).andExpect(status().isFound()).andExpect(redirectedUrl("/"));
 	}
 
 	@Test
 	public void getLoginPageWhenFormLoginConfiguredThenNotSecured() throws Exception {
 		this.spring.register(FormLoginConfig.class).autowire();
 
-		this.mockMvc.perform(get("/login"))
-				.andExpect(status().isFound());
+		this.mockMvc.perform(get("/login")).andExpect(status().isFound());
 	}
 
 	@Test
 	public void loginWhenFormLoginConfiguredThenSecured() throws Exception {
 		this.spring.register(FormLoginConfig.class).autowire();
 
-		this.mockMvc.perform(post("/login"))
-				.andExpect(status().isForbidden());
+		this.mockMvc.perform(post("/login")).andExpect(status().isForbidden());
 	}
 
 	@Test
 	public void requestProtectedWhenFormLoginConfiguredThenRedirectsToLogin() throws Exception {
 		this.spring.register(FormLoginConfig.class).autowire();
 
-		this.mockMvc.perform(get("/private"))
-				.andExpect(status().isFound())
+		this.mockMvc.perform(get("/private")).andExpect(status().isFound())
 				.andExpect(redirectedUrl("http://localhost/login"));
 	}
 
 	@EnableWebSecurity
 	static class FormLoginConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		public void configure(WebSecurity web) {
 			// @formatter:off
@@ -196,6 +191,7 @@ public class FormLoginConfigurerTests {
 					.withUser(PasswordEncodedUser.user());
 			// @formatter:on
 		}
+
 	}
 
 	@Test
@@ -203,16 +199,14 @@ public class FormLoginConfigurerTests {
 		this.spring.register(FormLoginInLambdaConfig.class).autowire();
 
 		this.mockMvc.perform(formLogin().user("username", "user").password("password", "password"))
-				.andExpect(status().isFound())
-				.andExpect(redirectedUrl("/"));
+				.andExpect(status().isFound()).andExpect(redirectedUrl("/"));
 	}
 
 	@Test
 	public void loginWhenFormLoginDefaultsInLambdaThenHasDefaultFailureUrl() throws Exception {
 		this.spring.register(FormLoginInLambdaConfig.class).autowire();
 
-		this.mockMvc.perform(formLogin().user("invalid"))
-				.andExpect(status().isFound())
+		this.mockMvc.perform(formLogin().user("invalid")).andExpect(status().isFound())
 				.andExpect(redirectedUrl("/login?error"));
 	}
 
@@ -220,38 +214,34 @@ public class FormLoginConfigurerTests {
 	public void loginWhenFormLoginDefaultsInLambdaThenHasDefaultSuccessUrl() throws Exception {
 		this.spring.register(FormLoginInLambdaConfig.class).autowire();
 
-		this.mockMvc.perform(formLogin())
-				.andExpect(status().isFound())
-				.andExpect(redirectedUrl("/"));
+		this.mockMvc.perform(formLogin()).andExpect(status().isFound()).andExpect(redirectedUrl("/"));
 	}
 
 	@Test
 	public void getLoginPageWhenFormLoginDefaultsInLambdaThenNotSecured() throws Exception {
 		this.spring.register(FormLoginInLambdaConfig.class).autowire();
 
-		this.mockMvc.perform(get("/login"))
-				.andExpect(status().isOk());
+		this.mockMvc.perform(get("/login")).andExpect(status().isOk());
 	}
 
 	@Test
 	public void loginWhenFormLoginDefaultsInLambdaThenSecured() throws Exception {
 		this.spring.register(FormLoginInLambdaConfig.class).autowire();
 
-		this.mockMvc.perform(post("/login"))
-				.andExpect(status().isForbidden());
+		this.mockMvc.perform(post("/login")).andExpect(status().isForbidden());
 	}
 
 	@Test
 	public void requestProtectedWhenFormLoginDefaultsInLambdaThenRedirectsToLogin() throws Exception {
 		this.spring.register(FormLoginInLambdaConfig.class).autowire();
 
-		this.mockMvc.perform(get("/private"))
-				.andExpect(status().isFound())
+		this.mockMvc.perform(get("/private")).andExpect(status().isFound())
 				.andExpect(redirectedUrl("http://localhost/login"));
 	}
 
 	@EnableWebSecurity
 	static class FormLoginInLambdaConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -272,37 +262,34 @@ public class FormLoginConfigurerTests {
 					.withUser(PasswordEncodedUser.user());
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void getLoginPageWhenFormLoginPermitAllThenPermittedAndNoRedirect() throws Exception {
 		this.spring.register(FormLoginConfigPermitAll.class).autowire();
 
-		this.mockMvc.perform(get("/login"))
-				.andExpect(status().isOk())
-				.andExpect(redirectedUrl(null));
+		this.mockMvc.perform(get("/login")).andExpect(status().isOk()).andExpect(redirectedUrl(null));
 	}
 
 	@Test
 	public void getLoginPageWithErrorQueryWhenFormLoginPermitAllThenPermittedAndNoRedirect() throws Exception {
 		this.spring.register(FormLoginConfigPermitAll.class).autowire();
 
-		this.mockMvc.perform(get("/login?error"))
-				.andExpect(status().isOk())
-				.andExpect(redirectedUrl(null));
+		this.mockMvc.perform(get("/login?error")).andExpect(status().isOk()).andExpect(redirectedUrl(null));
 	}
 
 	@Test
 	public void loginWhenFormLoginPermitAllAndInvalidUserThenRedirectsToLoginPageWithError() throws Exception {
 		this.spring.register(FormLoginConfigPermitAll.class).autowire();
 
-		this.mockMvc.perform(formLogin().user("invalid"))
-				.andExpect(status().isFound())
+		this.mockMvc.perform(formLogin().user("invalid")).andExpect(status().isFound())
 				.andExpect(redirectedUrl("/login?error"));
 	}
 
 	@EnableWebSecurity
 	static class FormLoginConfigPermitAll extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -314,30 +301,28 @@ public class FormLoginConfigurerTests {
 					.permitAll();
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void getLoginPageWhenCustomLoginPageThenPermittedAndNoRedirect() throws Exception {
 		this.spring.register(FormLoginDefaultsConfig.class).autowire();
 
-		this.mockMvc.perform(get("/authenticate"))
-				.andExpect(redirectedUrl(null));
+		this.mockMvc.perform(get("/authenticate")).andExpect(redirectedUrl(null));
 	}
 
 	@Test
 	public void getLoginPageWithErrorQueryWhenCustomLoginPageThenPermittedAndNoRedirect() throws Exception {
 		this.spring.register(FormLoginDefaultsConfig.class).autowire();
 
-		this.mockMvc.perform(get("/authenticate?error"))
-				.andExpect(redirectedUrl(null));
+		this.mockMvc.perform(get("/authenticate?error")).andExpect(redirectedUrl(null));
 	}
 
 	@Test
 	public void loginWhenCustomLoginPageAndInvalidUserThenRedirectsToCustomLoginPageWithError() throws Exception {
 		this.spring.register(FormLoginDefaultsConfig.class).autowire();
 
-		this.mockMvc.perform(formLogin("/authenticate").user("invalid"))
-				.andExpect(status().isFound())
+		this.mockMvc.perform(formLogin("/authenticate").user("invalid")).andExpect(status().isFound())
 				.andExpect(redirectedUrl("/authenticate?error"));
 	}
 
@@ -345,20 +330,19 @@ public class FormLoginConfigurerTests {
 	public void logoutWhenCustomLoginPageThenRedirectsToCustomLoginPage() throws Exception {
 		this.spring.register(FormLoginDefaultsConfig.class).autowire();
 
-		this.mockMvc.perform(logout())
-				.andExpect(redirectedUrl("/authenticate?logout"));
+		this.mockMvc.perform(logout()).andExpect(redirectedUrl("/authenticate?logout"));
 	}
 
 	@Test
 	public void getLoginPageWithLogoutQueryWhenCustomLoginPageThenPermittedAndNoRedirect() throws Exception {
 		this.spring.register(FormLoginDefaultsConfig.class).autowire();
 
-		this.mockMvc.perform(get("/authenticate?logout"))
-				.andExpect(redirectedUrl(null));
+		this.mockMvc.perform(get("/authenticate?logout")).andExpect(redirectedUrl(null));
 	}
 
 	@EnableWebSecurity
 	static class FormLoginDefaultsConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -374,18 +358,19 @@ public class FormLoginConfigurerTests {
 					.permitAll();
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void getLoginPageWhenCustomLoginPageInLambdaThenPermittedAndNoRedirect() throws Exception {
 		this.spring.register(FormLoginDefaultsInLambdaConfig.class).autowire();
 
-		this.mockMvc.perform(get("/authenticate"))
-				.andExpect(redirectedUrl(null));
+		this.mockMvc.perform(get("/authenticate")).andExpect(redirectedUrl(null));
 	}
 
 	@EnableWebSecurity
 	static class FormLoginDefaultsInLambdaConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -402,19 +387,19 @@ public class FormLoginConfigurerTests {
 				.logout(LogoutConfigurer::permitAll);
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void loginWhenCustomLoginProcessingUrlThenRedirectsToHome() throws Exception {
 		this.spring.register(FormLoginLoginProcessingUrlConfig.class).autowire();
 
-		this.mockMvc.perform(formLogin("/loginCheck"))
-				.andExpect(status().isFound())
-				.andExpect(redirectedUrl("/"));
+		this.mockMvc.perform(formLogin("/loginCheck")).andExpect(status().isFound()).andExpect(redirectedUrl("/"));
 	}
 
 	@EnableWebSecurity
 	static class FormLoginLoginProcessingUrlConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -445,19 +430,19 @@ public class FormLoginConfigurerTests {
 					.withUser(PasswordEncodedUser.user());
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void loginWhenCustomLoginProcessingUrlInLambdaThenRedirectsToHome() throws Exception {
 		this.spring.register(FormLoginLoginProcessingUrlInLambdaConfig.class).autowire();
 
-		this.mockMvc.perform(formLogin("/loginCheck"))
-				.andExpect(status().isFound())
-				.andExpect(redirectedUrl("/"));
+		this.mockMvc.perform(formLogin("/loginCheck")).andExpect(status().isFound()).andExpect(redirectedUrl("/"));
 	}
 
 	@EnableWebSecurity
 	static class FormLoginLoginProcessingUrlInLambdaConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -490,6 +475,7 @@ public class FormLoginConfigurerTests {
 					.withUser(PasswordEncodedUser.user());
 			// @formatter:on
 		}
+
 	}
 
 	@Test
@@ -498,8 +484,7 @@ public class FormLoginConfigurerTests {
 		when(FormLoginUsesPortMapperConfig.PORT_MAPPER.lookupHttpsPort(any())).thenReturn(9443);
 		this.spring.register(FormLoginUsesPortMapperConfig.class).autowire();
 
-		this.mockMvc.perform(get("http://localhost:9090"))
-				.andExpect(status().isFound())
+		this.mockMvc.perform(get("http://localhost:9090")).andExpect(status().isFound())
 				.andExpect(redirectedUrl("https://localhost:9443/login"));
 
 		verify(FormLoginUsesPortMapperConfig.PORT_MAPPER).lookupHttpsPort(any());
@@ -507,6 +492,7 @@ public class FormLoginConfigurerTests {
 
 	@EnableWebSecurity
 	static class FormLoginUsesPortMapperConfig extends WebSecurityConfigurerAdapter {
+
 		static PortMapper PORT_MAPPER;
 
 		@Override
@@ -522,23 +508,24 @@ public class FormLoginConfigurerTests {
 				.portMapper()
 					.portMapper(PORT_MAPPER);
 			// @formatter:on
-			LoginUrlAuthenticationEntryPoint authenticationEntryPoint =
-					(LoginUrlAuthenticationEntryPoint) http.getConfigurer(FormLoginConfigurer.class).getAuthenticationEntryPoint();
+			LoginUrlAuthenticationEntryPoint authenticationEntryPoint = (LoginUrlAuthenticationEntryPoint) http
+					.getConfigurer(FormLoginConfigurer.class).getAuthenticationEntryPoint();
 			authenticationEntryPoint.setForceHttps(true);
 		}
+
 	}
 
 	@Test
 	public void failureUrlWhenPermitAllAndFailureHandlerThenSecured() throws Exception {
 		this.spring.register(PermitAllIgnoresFailureHandlerConfig.class).autowire();
 
-		this.mockMvc.perform(get("/login?error"))
-				.andExpect(status().isFound())
+		this.mockMvc.perform(get("/login?error")).andExpect(status().isFound())
 				.andExpect(redirectedUrl("http://localhost/login"));
 	}
 
 	@EnableWebSecurity
 	static class PermitAllIgnoresFailureHandlerConfig extends WebSecurityConfigurerAdapter {
+
 		static AuthenticationFailureHandler FAILURE_HANDLER = mock(AuthenticationFailureHandler.class);
 
 		@Override
@@ -553,18 +540,19 @@ public class FormLoginConfigurerTests {
 					.permitAll();
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void formLoginWhenInvokedTwiceThenUsesOriginalUsernameParameter() throws Exception {
 		this.spring.register(DuplicateInvocationsDoesNotOverrideConfig.class).autowire();
 
-		this.mockMvc.perform(formLogin().user("custom-username", "user"))
-				.andExpect(authenticated());
+		this.mockMvc.perform(formLogin().user("custom-username", "user")).andExpect(authenticated());
 	}
 
 	@EnableWebSecurity
 	static class DuplicateInvocationsDoesNotOverrideConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -584,22 +572,21 @@ public class FormLoginConfigurerTests {
 					.withUser(PasswordEncodedUser.user());
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void loginWhenInvalidLoginAndFailureForwardUrlThenForwardsToFailureForwardUrl() throws Exception {
 		this.spring.register(FormLoginUserForwardAuthenticationSuccessAndFailureConfig.class).autowire();
 
-		this.mockMvc.perform(formLogin().user("invalid"))
-				.andExpect(forwardedUrl("/failure_forward_url"));
+		this.mockMvc.perform(formLogin().user("invalid")).andExpect(forwardedUrl("/failure_forward_url"));
 	}
 
 	@Test
 	public void loginWhenSuccessForwardUrlThenForwardsToSuccessForwardUrl() throws Exception {
 		this.spring.register(FormLoginUserForwardAuthenticationSuccessAndFailureConfig.class).autowire();
 
-		this.mockMvc.perform(formLogin())
-				.andExpect(forwardedUrl("/success_forward_url"));
+		this.mockMvc.perform(formLogin()).andExpect(forwardedUrl("/success_forward_url"));
 	}
 
 	@EnableWebSecurity
@@ -629,6 +616,7 @@ public class FormLoginConfigurerTests {
 					.withUser(PasswordEncodedUser.user());
 			// @formatter:on
 		}
+
 	}
 
 	@Test
@@ -645,8 +633,7 @@ public class FormLoginConfigurerTests {
 		ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class);
 		this.spring.register(ObjectPostProcessorConfig.class).autowire();
 
-		verify(ObjectPostProcessorConfig.objectPostProcessor)
-				.postProcess(any(LoginUrlAuthenticationEntryPoint.class));
+		verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(LoginUrlAuthenticationEntryPoint.class));
 	}
 
 	@Test
@@ -654,12 +641,12 @@ public class FormLoginConfigurerTests {
 		ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class);
 		this.spring.register(ObjectPostProcessorConfig.class).autowire();
 
-		verify(ObjectPostProcessorConfig.objectPostProcessor)
-				.postProcess(any(ExceptionTranslationFilter.class));
+		verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(ExceptionTranslationFilter.class));
 	}
 
 	@EnableWebSecurity
 	static class ObjectPostProcessorConfig extends WebSecurityConfigurerAdapter {
+
 		static ObjectPostProcessor<Object> objectPostProcessor;
 
 		@Override
@@ -676,12 +663,16 @@ public class FormLoginConfigurerTests {
 		static ObjectPostProcessor<Object> objectPostProcessor() {
 			return objectPostProcessor;
 		}
+
 	}
 
 	static class ReflectingObjectPostProcessor implements ObjectPostProcessor<Object> {
+
 		@Override
 		public <O> O postProcess(O object) {
 			return object;
 		}
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerEagerHeadersTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerEagerHeadersTests.java
index f3a21064ff..874d2f889d 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerEagerHeadersTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerEagerHeadersTests.java
@@ -46,33 +46,32 @@ public class HeadersConfigurerEagerHeadersTests {
 
 	@EnableWebSecurity
 	public static class HeadersAtTheBeginningOfRequestConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
-			//@ formatter:off
-			http
-				.headers()
-					.addObjectPostProcessor(new ObjectPostProcessor<HeaderWriterFilter>() {
-						@Override
-						public HeaderWriterFilter postProcess(HeaderWriterFilter filter) {
-							filter.setShouldWriteHeadersEagerly(true);
-							return filter;
-						}
-					});
-			//@ formatter:on
+			// @ formatter:off
+			http.headers().addObjectPostProcessor(new ObjectPostProcessor<HeaderWriterFilter>() {
+				@Override
+				public HeaderWriterFilter postProcess(HeaderWriterFilter filter) {
+					filter.setShouldWriteHeadersEagerly(true);
+					return filter;
+				}
+			});
+			// @ formatter:on
 		}
+
 	}
 
 	@Test
 	public void requestWhenHeadersEagerlyConfiguredThenHeadersAreWritten() throws Exception {
 		this.spring.register(HeadersAtTheBeginningOfRequestConfig.class).autowire();
 
-		this.mvc.perform(get("/").secure(true))
-				.andExpect(header().string("X-Content-Type-Options", "nosniff"))
+		this.mvc.perform(get("/").secure(true)).andExpect(header().string("X-Content-Type-Options", "nosniff"))
 				.andExpect(header().string("X-Frame-Options", "DENY"))
 				.andExpect(header().string("Strict-Transport-Security", "max-age=31536000 ; includeSubDomains"))
 				.andExpect(header().string(CACHE_CONTROL, "no-cache, no-store, max-age=0, must-revalidate"))
-				.andExpect(header().string(EXPIRES, "0"))
-				.andExpect(header().string(PRAGMA, "no-cache"))
+				.andExpect(header().string(EXPIRES, "0")).andExpect(header().string(PRAGMA, "no-cache"))
 				.andExpect(header().string("X-XSS-Protection", "1; mode=block"));
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerTests.java
index 390925e8d5..6f2fd87029 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerTests.java
@@ -65,12 +65,12 @@ public class HeadersConfigurerTests {
 		MvcResult mvcResult = this.mvc.perform(get("/").secure(true))
 				.andExpect(header().string(HttpHeaders.X_CONTENT_TYPE_OPTIONS, "nosniff"))
 				.andExpect(header().string(HttpHeaders.X_FRAME_OPTIONS, XFrameOptionsMode.DENY.name()))
-				.andExpect(header().string(HttpHeaders.STRICT_TRANSPORT_SECURITY, "max-age=31536000 ; includeSubDomains"))
+				.andExpect(
+						header().string(HttpHeaders.STRICT_TRANSPORT_SECURITY, "max-age=31536000 ; includeSubDomains"))
 				.andExpect(header().string(HttpHeaders.CACHE_CONTROL, "no-cache, no-store, max-age=0, must-revalidate"))
 				.andExpect(header().string(HttpHeaders.EXPIRES, "0"))
 				.andExpect(header().string(HttpHeaders.PRAGMA, "no-cache"))
-				.andExpect(header().string(HttpHeaders.X_XSS_PROTECTION, "1; mode=block"))
-				.andReturn();
+				.andExpect(header().string(HttpHeaders.X_XSS_PROTECTION, "1; mode=block")).andReturn();
 		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactlyInAnyOrder(
 				HttpHeaders.X_CONTENT_TYPE_OPTIONS, HttpHeaders.X_FRAME_OPTIONS, HttpHeaders.STRICT_TRANSPORT_SECURITY,
 				HttpHeaders.CACHE_CONTROL, HttpHeaders.EXPIRES, HttpHeaders.PRAGMA, HttpHeaders.X_XSS_PROTECTION);
@@ -86,6 +86,7 @@ public class HeadersConfigurerTests {
 				.headers();
 			// @formatter:on
 		}
+
 	}
 
 	@Test
@@ -95,12 +96,12 @@ public class HeadersConfigurerTests {
 		MvcResult mvcResult = this.mvc.perform(get("/").secure(true))
 				.andExpect(header().string(HttpHeaders.X_CONTENT_TYPE_OPTIONS, "nosniff"))
 				.andExpect(header().string(HttpHeaders.X_FRAME_OPTIONS, XFrameOptionsMode.DENY.name()))
-				.andExpect(header().string(HttpHeaders.STRICT_TRANSPORT_SECURITY, "max-age=31536000 ; includeSubDomains"))
+				.andExpect(
+						header().string(HttpHeaders.STRICT_TRANSPORT_SECURITY, "max-age=31536000 ; includeSubDomains"))
 				.andExpect(header().string(HttpHeaders.CACHE_CONTROL, "no-cache, no-store, max-age=0, must-revalidate"))
 				.andExpect(header().string(HttpHeaders.EXPIRES, "0"))
 				.andExpect(header().string(HttpHeaders.PRAGMA, "no-cache"))
-				.andExpect(header().string(HttpHeaders.X_XSS_PROTECTION, "1; mode=block"))
-				.andReturn();
+				.andExpect(header().string(HttpHeaders.X_XSS_PROTECTION, "1; mode=block")).andReturn();
 		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactlyInAnyOrder(
 				HttpHeaders.X_CONTENT_TYPE_OPTIONS, HttpHeaders.X_FRAME_OPTIONS, HttpHeaders.STRICT_TRANSPORT_SECURITY,
 				HttpHeaders.CACHE_CONTROL, HttpHeaders.EXPIRES, HttpHeaders.PRAGMA, HttpHeaders.X_XSS_PROTECTION);
@@ -116,6 +117,7 @@ public class HeadersConfigurerTests {
 				.headers(withDefaults());
 			// @formatter:on
 		}
+
 	}
 
 	@Test
@@ -124,8 +126,7 @@ public class HeadersConfigurerTests {
 		this.spring.register(ContentTypeOptionsConfig.class).autowire();
 
 		MvcResult mvcResult = this.mvc.perform(get("/"))
-				.andExpect(header().string(HttpHeaders.X_CONTENT_TYPE_OPTIONS, "nosniff"))
-				.andReturn();
+				.andExpect(header().string(HttpHeaders.X_CONTENT_TYPE_OPTIONS, "nosniff")).andReturn();
 		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly(HttpHeaders.X_CONTENT_TYPE_OPTIONS);
 	}
 
@@ -141,16 +142,15 @@ public class HeadersConfigurerTests {
 					.contentTypeOptions();
 			// @formatter:on
 		}
+
 	}
 
 	@Test
-	public void getWhenOnlyContentTypeConfiguredInLambdaThenOnlyContentTypeHeaderInResponse()
-			throws Exception {
+	public void getWhenOnlyContentTypeConfiguredInLambdaThenOnlyContentTypeHeaderInResponse() throws Exception {
 		this.spring.register(ContentTypeOptionsInLambdaConfig.class).autowire();
 
 		MvcResult mvcResult = this.mvc.perform(get("/"))
-				.andExpect(header().string(HttpHeaders.X_CONTENT_TYPE_OPTIONS, "nosniff"))
-				.andReturn();
+				.andExpect(header().string(HttpHeaders.X_CONTENT_TYPE_OPTIONS, "nosniff")).andReturn();
 		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly(HttpHeaders.X_CONTENT_TYPE_OPTIONS);
 	}
 
@@ -168,6 +168,7 @@ public class HeadersConfigurerTests {
 				);
 			// @formatter:on
 		}
+
 	}
 
 	@Test
@@ -176,8 +177,7 @@ public class HeadersConfigurerTests {
 		this.spring.register(FrameOptionsConfig.class).autowire();
 
 		MvcResult mvcResult = this.mvc.perform(get("/"))
-				.andExpect(header().string(HttpHeaders.X_FRAME_OPTIONS, XFrameOptionsMode.DENY.name()))
-				.andReturn();
+				.andExpect(header().string(HttpHeaders.X_FRAME_OPTIONS, XFrameOptionsMode.DENY.name())).andReturn();
 		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly(HttpHeaders.X_FRAME_OPTIONS);
 	}
 
@@ -193,6 +193,7 @@ public class HeadersConfigurerTests {
 					.frameOptions();
 			// @formatter:on
 		}
+
 	}
 
 	@Test
@@ -201,7 +202,8 @@ public class HeadersConfigurerTests {
 		this.spring.register(HstsConfig.class).autowire();
 
 		MvcResult mvcResult = this.mvc.perform(get("/").secure(true))
-				.andExpect(header().string(HttpHeaders.STRICT_TRANSPORT_SECURITY, "max-age=31536000 ; includeSubDomains"))
+				.andExpect(
+						header().string(HttpHeaders.STRICT_TRANSPORT_SECURITY, "max-age=31536000 ; includeSubDomains"))
 				.andReturn();
 		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly(HttpHeaders.STRICT_TRANSPORT_SECURITY);
 	}
@@ -218,6 +220,7 @@ public class HeadersConfigurerTests {
 					.httpStrictTransportSecurity();
 			// @formatter:on
 		}
+
 	}
 
 	@Test
@@ -228,8 +231,7 @@ public class HeadersConfigurerTests {
 		MvcResult mvcResult = this.mvc.perform(get("/").secure(true))
 				.andExpect(header().string(HttpHeaders.CACHE_CONTROL, "no-cache, no-store, max-age=0, must-revalidate"))
 				.andExpect(header().string(HttpHeaders.EXPIRES, "0"))
-				.andExpect(header().string(HttpHeaders.PRAGMA, "no-cache"))
-				.andReturn();
+				.andExpect(header().string(HttpHeaders.PRAGMA, "no-cache")).andReturn();
 		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactlyInAnyOrder(HttpHeaders.CACHE_CONTROL,
 				HttpHeaders.EXPIRES, HttpHeaders.PRAGMA);
 	}
@@ -246,6 +248,7 @@ public class HeadersConfigurerTests {
 					.cacheControl();
 			// @formatter:on
 		}
+
 	}
 
 	@Test
@@ -256,8 +259,7 @@ public class HeadersConfigurerTests {
 		MvcResult mvcResult = this.mvc.perform(get("/").secure(true))
 				.andExpect(header().string(HttpHeaders.CACHE_CONTROL, "no-cache, no-store, max-age=0, must-revalidate"))
 				.andExpect(header().string(HttpHeaders.EXPIRES, "0"))
-				.andExpect(header().string(HttpHeaders.PRAGMA, "no-cache"))
-				.andReturn();
+				.andExpect(header().string(HttpHeaders.PRAGMA, "no-cache")).andReturn();
 		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactlyInAnyOrder(HttpHeaders.CACHE_CONTROL,
 				HttpHeaders.EXPIRES, HttpHeaders.PRAGMA);
 	}
@@ -276,6 +278,7 @@ public class HeadersConfigurerTests {
 				);
 			// @formatter:on
 		}
+
 	}
 
 	@Test
@@ -284,8 +287,7 @@ public class HeadersConfigurerTests {
 		this.spring.register(XssProtectionConfig.class).autowire();
 
 		MvcResult mvcResult = this.mvc.perform(get("/").secure(true))
-				.andExpect(header().string(HttpHeaders.X_XSS_PROTECTION, "1; mode=block"))
-				.andReturn();
+				.andExpect(header().string(HttpHeaders.X_XSS_PROTECTION, "1; mode=block")).andReturn();
 		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly(HttpHeaders.X_XSS_PROTECTION);
 	}
 
@@ -301,16 +303,15 @@ public class HeadersConfigurerTests {
 					.xssProtection();
 			// @formatter:on
 		}
+
 	}
 
 	@Test
-	public void getWhenOnlyXssProtectionConfiguredInLambdaThenOnlyXssProtectionHeaderInResponse()
-			throws Exception {
+	public void getWhenOnlyXssProtectionConfiguredInLambdaThenOnlyXssProtectionHeaderInResponse() throws Exception {
 		this.spring.register(XssProtectionInLambdaConfig.class).autowire();
 
 		MvcResult mvcResult = this.mvc.perform(get("/").secure(true))
-				.andExpect(header().string(HttpHeaders.X_XSS_PROTECTION, "1; mode=block"))
-				.andReturn();
+				.andExpect(header().string(HttpHeaders.X_XSS_PROTECTION, "1; mode=block")).andReturn();
 		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly(HttpHeaders.X_XSS_PROTECTION);
 	}
 
@@ -328,6 +329,7 @@ public class HeadersConfigurerTests {
 				);
 			// @formatter:on
 		}
+
 	}
 
 	@Test
@@ -350,6 +352,7 @@ public class HeadersConfigurerTests {
 					.frameOptions().sameOrigin();
 			// @formatter:on
 		}
+
 	}
 
 	@Test
@@ -375,14 +378,14 @@ public class HeadersConfigurerTests {
 				);
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void getWhenHeaderDefaultsDisabledAndPublicHpkpWithNoPinThenNoHeadersInResponse() throws Exception {
 		this.spring.register(HpkpConfigNoPins.class).autowire();
 
-		MvcResult mvcResult = this.mvc.perform(get("/"))
-				.andReturn();
+		MvcResult mvcResult = this.mvc.perform(get("/")).andReturn();
 		assertThat(mvcResult.getResponse().getHeaderNames()).isEmpty();
 	}
 
@@ -398,11 +401,11 @@ public class HeadersConfigurerTests {
 					.httpPublicKeyPinning();
 			// @formatter:on
 		}
+
 	}
 
 	@Test
-	public void getWhenSecureRequestAndHpkpWithPinThenPublicKeyPinsReportOnlyHeaderInResponse()
-			throws Exception {
+	public void getWhenSecureRequestAndHpkpWithPinThenPublicKeyPinsReportOnlyHeaderInResponse() throws Exception {
 		this.spring.register(HpkpConfig.class).autowire();
 
 		MvcResult mvcResult = this.mvc.perform(get("/").secure(true))
@@ -413,12 +416,10 @@ public class HeadersConfigurerTests {
 	}
 
 	@Test
-	public void getWhenInsecureRequestHeaderDefaultsDisabledAndHpkpWithPinThenNoHeadersInResponse()
-			throws Exception {
+	public void getWhenInsecureRequestHeaderDefaultsDisabledAndHpkpWithPinThenNoHeadersInResponse() throws Exception {
 		this.spring.register(HpkpConfig.class).autowire();
 
-		MvcResult mvcResult = this.mvc.perform(get("/"))
-				.andReturn();
+		MvcResult mvcResult = this.mvc.perform(get("/")).andReturn();
 		assertThat(mvcResult.getResponse().getHeaderNames()).isEmpty();
 	}
 
@@ -435,6 +436,7 @@ public class HeadersConfigurerTests {
 						.addSha256Pins("d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=");
 			// @formatter:on
 		}
+
 	}
 
 	@Test
@@ -442,9 +444,9 @@ public class HeadersConfigurerTests {
 			throws Exception {
 		this.spring.register(HpkpConfigWithPins.class).autowire();
 
-		MvcResult mvcResult = this.mvc.perform(get("/").secure(true))
-				.andExpect(header().string(HttpHeaders.PUBLIC_KEY_PINS_REPORT_ONLY,
-						"max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\" ; pin-sha256=\"E9CZ9INDbd+2eRQozYqqbQ2yXLVKB9+xcprMF+44U1g=\""))
+		MvcResult mvcResult = this.mvc.perform(get("/").secure(true)).andExpect(header().string(
+				HttpHeaders.PUBLIC_KEY_PINS_REPORT_ONLY,
+				"max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\" ; pin-sha256=\"E9CZ9INDbd+2eRQozYqqbQ2yXLVKB9+xcprMF+44U1g=\""))
 				.andReturn();
 		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly(HttpHeaders.PUBLIC_KEY_PINS_REPORT_ONLY);
 	}
@@ -466,6 +468,7 @@ public class HeadersConfigurerTests {
 						.withPins(pins);
 			// @formatter:on
 		}
+
 	}
 
 	@Test
@@ -493,6 +496,7 @@ public class HeadersConfigurerTests {
 						.maxAgeInSeconds(604800);
 			// @formatter:on
 		}
+
 	}
 
 	@Test
@@ -520,6 +524,7 @@ public class HeadersConfigurerTests {
 						.reportOnly(false);
 			// @formatter:on
 		}
+
 	}
 
 	@Test
@@ -527,9 +532,9 @@ public class HeadersConfigurerTests {
 			throws Exception {
 		this.spring.register(HpkpConfigIncludeSubDomains.class).autowire();
 
-		MvcResult mvcResult = this.mvc.perform(get("/").secure(true))
-				.andExpect(header().string(HttpHeaders.PUBLIC_KEY_PINS_REPORT_ONLY,
-						"max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\" ; includeSubDomains"))
+		MvcResult mvcResult = this.mvc.perform(get("/").secure(true)).andExpect(header().string(
+				HttpHeaders.PUBLIC_KEY_PINS_REPORT_ONLY,
+				"max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\" ; includeSubDomains"))
 				.andReturn();
 		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly(HttpHeaders.PUBLIC_KEY_PINS_REPORT_ONLY);
 	}
@@ -548,15 +553,16 @@ public class HeadersConfigurerTests {
 						.includeSubDomains(true);
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void getWhenHpkpWithReportUriThenPublicKeyPinsReportOnlyHeaderWithReportUriInResponse() throws Exception {
 		this.spring.register(HpkpConfigWithReportURI.class).autowire();
 
-		MvcResult mvcResult = this.mvc.perform(get("/").secure(true))
-				.andExpect(header().string(HttpHeaders.PUBLIC_KEY_PINS_REPORT_ONLY,
-						"max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\" ; report-uri=\"https://example.net/pkp-report\""))
+		MvcResult mvcResult = this.mvc.perform(get("/").secure(true)).andExpect(header().string(
+				HttpHeaders.PUBLIC_KEY_PINS_REPORT_ONLY,
+				"max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\" ; report-uri=\"https://example.net/pkp-report\""))
 				.andReturn();
 		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly(HttpHeaders.PUBLIC_KEY_PINS_REPORT_ONLY);
 	}
@@ -575,6 +581,7 @@ public class HeadersConfigurerTests {
 						.reportUri(new URI("https://example.net/pkp-report"));
 			// @formatter:on
 		}
+
 	}
 
 	@Test
@@ -582,9 +589,9 @@ public class HeadersConfigurerTests {
 			throws Exception {
 		this.spring.register(HpkpConfigWithReportURIAsString.class).autowire();
 
-		MvcResult mvcResult = this.mvc.perform(get("/").secure(true))
-				.andExpect(header().string(HttpHeaders.PUBLIC_KEY_PINS_REPORT_ONLY,
-						"max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\" ; report-uri=\"https://example.net/pkp-report\""))
+		MvcResult mvcResult = this.mvc.perform(get("/").secure(true)).andExpect(header().string(
+				HttpHeaders.PUBLIC_KEY_PINS_REPORT_ONLY,
+				"max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\" ; report-uri=\"https://example.net/pkp-report\""))
 				.andReturn();
 		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly(HttpHeaders.PUBLIC_KEY_PINS_REPORT_ONLY);
 	}
@@ -603,6 +610,7 @@ public class HeadersConfigurerTests {
 						.reportUri("https://example.net/pkp-report");
 			// @formatter:on
 		}
+
 	}
 
 	@Test
@@ -610,9 +618,9 @@ public class HeadersConfigurerTests {
 			throws Exception {
 		this.spring.register(HpkpWithReportUriInLambdaConfig.class).autowire();
 
-		MvcResult mvcResult = this.mvc.perform(get("/").secure(true))
-				.andExpect(header().string(HttpHeaders.PUBLIC_KEY_PINS_REPORT_ONLY,
-						"max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\" ; report-uri=\"https://example.net/pkp-report\""))
+		MvcResult mvcResult = this.mvc.perform(get("/").secure(true)).andExpect(header().string(
+				HttpHeaders.PUBLIC_KEY_PINS_REPORT_ONLY,
+				"max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\" ; report-uri=\"https://example.net/pkp-report\""))
 				.andReturn();
 		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly(HttpHeaders.PUBLIC_KEY_PINS_REPORT_ONLY);
 	}
@@ -635,6 +643,7 @@ public class HeadersConfigurerTests {
 				);
 			// @formatter:on
 		}
+
 	}
 
 	@Test
@@ -642,8 +651,7 @@ public class HeadersConfigurerTests {
 		this.spring.register(ContentSecurityPolicyDefaultConfig.class).autowire();
 
 		MvcResult mvcResult = this.mvc.perform(get("/").secure(true))
-				.andExpect(header().string(HttpHeaders.CONTENT_SECURITY_POLICY, "default-src 'self'"))
-				.andReturn();
+				.andExpect(header().string(HttpHeaders.CONTENT_SECURITY_POLICY, "default-src 'self'")).andReturn();
 		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly(HttpHeaders.CONTENT_SECURITY_POLICY);
 	}
 
@@ -659,17 +667,20 @@ public class HeadersConfigurerTests {
 					.contentSecurityPolicy("default-src 'self'");
 			// @formatter:on
 		}
+
 	}
 
 	@Test
-	public void getWhenContentSecurityPolicyWithReportOnlyThenContentSecurityPolicyReportOnlyHeaderInResponse() throws Exception {
+	public void getWhenContentSecurityPolicyWithReportOnlyThenContentSecurityPolicyReportOnlyHeaderInResponse()
+			throws Exception {
 		this.spring.register(ContentSecurityPolicyReportOnlyConfig.class).autowire();
 
 		MvcResult mvcResult = this.mvc.perform(get("/").secure(true))
 				.andExpect(header().string(HttpHeaders.CONTENT_SECURITY_POLICY_REPORT_ONLY,
 						"default-src 'self'; script-src trustedscripts.example.com"))
 				.andReturn();
-		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly(HttpHeaders.CONTENT_SECURITY_POLICY_REPORT_ONLY);
+		assertThat(mvcResult.getResponse().getHeaderNames())
+				.containsExactly(HttpHeaders.CONTENT_SECURITY_POLICY_REPORT_ONLY);
 	}
 
 	@EnableWebSecurity
@@ -685,6 +696,7 @@ public class HeadersConfigurerTests {
 					.reportOnly();
 			// @formatter:on
 		}
+
 	}
 
 	@Test
@@ -696,7 +708,8 @@ public class HeadersConfigurerTests {
 				.andExpect(header().string(HttpHeaders.CONTENT_SECURITY_POLICY_REPORT_ONLY,
 						"default-src 'self'; script-src trustedscripts.example.com"))
 				.andReturn();
-		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly(HttpHeaders.CONTENT_SECURITY_POLICY_REPORT_ONLY);
+		assertThat(mvcResult.getResponse().getHeaderNames())
+				.containsExactly(HttpHeaders.CONTENT_SECURITY_POLICY_REPORT_ONLY);
 	}
 
 	@EnableWebSecurity
@@ -717,13 +730,13 @@ public class HeadersConfigurerTests {
 				);
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void configureWhenContentSecurityPolicyEmptyThenException() {
 		assertThatThrownBy(() -> this.spring.register(ContentSecurityPolicyInvalidConfig.class).autowire())
-				.isInstanceOf(BeanCreationException.class)
-				.hasRootCauseInstanceOf(IllegalArgumentException.class);
+				.isInstanceOf(BeanCreationException.class).hasRootCauseInstanceOf(IllegalArgumentException.class);
 	}
 
 	@EnableWebSecurity
@@ -738,13 +751,13 @@ public class HeadersConfigurerTests {
 					.contentSecurityPolicy("");
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void configureWhenContentSecurityPolicyEmptyInLambdaThenException() {
 		assertThatThrownBy(() -> this.spring.register(ContentSecurityPolicyInvalidInLambdaConfig.class).autowire())
-				.isInstanceOf(BeanCreationException.class)
-				.hasRootCauseInstanceOf(IllegalArgumentException.class);
+				.isInstanceOf(BeanCreationException.class).hasRootCauseInstanceOf(IllegalArgumentException.class);
 	}
 
 	@EnableWebSecurity
@@ -763,6 +776,7 @@ public class HeadersConfigurerTests {
 				);
 			// @formatter:on
 		}
+
 	}
 
 	@Test
@@ -770,9 +784,7 @@ public class HeadersConfigurerTests {
 		this.spring.register(ContentSecurityPolicyNoDirectivesInLambdaConfig.class).autowire();
 
 		MvcResult mvcResult = this.mvc.perform(get("/").secure(true))
-				.andExpect(header().string(HttpHeaders.CONTENT_SECURITY_POLICY,
-						"default-src 'self'"))
-				.andReturn();
+				.andExpect(header().string(HttpHeaders.CONTENT_SECURITY_POLICY, "default-src 'self'")).andReturn();
 		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly(HttpHeaders.CONTENT_SECURITY_POLICY);
 	}
 
@@ -790,6 +802,7 @@ public class HeadersConfigurerTests {
 				);
 			// @formatter:on
 		}
+
 	}
 
 	@Test
@@ -797,8 +810,7 @@ public class HeadersConfigurerTests {
 		this.spring.register(ReferrerPolicyDefaultConfig.class).autowire();
 
 		MvcResult mvcResult = this.mvc.perform(get("/").secure(true))
-				.andExpect(header().string("Referrer-Policy", ReferrerPolicy.NO_REFERRER.getPolicy()))
-				.andReturn();
+				.andExpect(header().string("Referrer-Policy", ReferrerPolicy.NO_REFERRER.getPolicy())).andReturn();
 		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly("Referrer-Policy");
 	}
 
@@ -814,6 +826,7 @@ public class HeadersConfigurerTests {
 					.referrerPolicy();
 			// @formatter:on
 		}
+
 	}
 
 	@Test
@@ -821,8 +834,7 @@ public class HeadersConfigurerTests {
 		this.spring.register(ReferrerPolicyDefaultInLambdaConfig.class).autowire();
 
 		MvcResult mvcResult = this.mvc.perform(get("/").secure(true))
-				.andExpect(header().string("Referrer-Policy", ReferrerPolicy.NO_REFERRER.getPolicy()))
-				.andReturn();
+				.andExpect(header().string("Referrer-Policy", ReferrerPolicy.NO_REFERRER.getPolicy())).andReturn();
 		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly("Referrer-Policy");
 	}
 
@@ -840,6 +852,7 @@ public class HeadersConfigurerTests {
 				);
 			// @formatter:on
 		}
+
 	}
 
 	@Test
@@ -848,8 +861,7 @@ public class HeadersConfigurerTests {
 		this.spring.register(ReferrerPolicyCustomConfig.class).autowire();
 
 		MvcResult mvcResult = this.mvc.perform(get("/").secure(true))
-				.andExpect(header().string("Referrer-Policy", ReferrerPolicy.SAME_ORIGIN.getPolicy()))
-				.andReturn();
+				.andExpect(header().string("Referrer-Policy", ReferrerPolicy.SAME_ORIGIN.getPolicy())).andReturn();
 		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly("Referrer-Policy");
 	}
 
@@ -865,6 +877,7 @@ public class HeadersConfigurerTests {
 					.referrerPolicy(ReferrerPolicy.SAME_ORIGIN);
 			// @formatter:on
 		}
+
 	}
 
 	@Test
@@ -872,8 +885,7 @@ public class HeadersConfigurerTests {
 		this.spring.register(ReferrerPolicyCustomInLambdaConfig.class).autowire();
 
 		MvcResult mvcResult = this.mvc.perform(get("/").secure(true))
-				.andExpect(header().string("Referrer-Policy", ReferrerPolicy.SAME_ORIGIN.getPolicy()))
-				.andReturn();
+				.andExpect(header().string("Referrer-Policy", ReferrerPolicy.SAME_ORIGIN.getPolicy())).andReturn();
 		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly("Referrer-Policy");
 	}
 
@@ -893,6 +905,7 @@ public class HeadersConfigurerTests {
 				);
 			// @formatter:on
 		}
+
 	}
 
 	@Test
@@ -900,8 +913,7 @@ public class HeadersConfigurerTests {
 		this.spring.register(FeaturePolicyConfig.class).autowire();
 
 		MvcResult mvcResult = this.mvc.perform(get("/").secure(true))
-				.andExpect(header().string("Feature-Policy", "geolocation 'self'"))
-				.andReturn();
+				.andExpect(header().string("Feature-Policy", "geolocation 'self'")).andReturn();
 		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly("Feature-Policy");
 	}
 
@@ -917,13 +929,13 @@ public class HeadersConfigurerTests {
 					.featurePolicy("geolocation 'self'");
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void configureWhenFeaturePolicyEmptyThenException() {
 		assertThatThrownBy(() -> this.spring.register(FeaturePolicyInvalidConfig.class).autowire())
-				.isInstanceOf(BeanCreationException.class)
-				.hasRootCauseInstanceOf(IllegalArgumentException.class);
+				.isInstanceOf(BeanCreationException.class).hasRootCauseInstanceOf(IllegalArgumentException.class);
 	}
 
 	@EnableWebSecurity
@@ -938,6 +950,7 @@ public class HeadersConfigurerTests {
 					.featurePolicy("");
 			// @formatter:on
 		}
+
 	}
 
 	@Test
@@ -945,9 +958,8 @@ public class HeadersConfigurerTests {
 			throws Exception {
 		this.spring.register(HstsWithPreloadConfig.class).autowire();
 
-		MvcResult mvcResult = this.mvc.perform(get("/").secure(true))
-				.andExpect(header().string(HttpHeaders.STRICT_TRANSPORT_SECURITY,
-						"max-age=31536000 ; includeSubDomains ; preload"))
+		MvcResult mvcResult = this.mvc.perform(get("/").secure(true)).andExpect(header()
+				.string(HttpHeaders.STRICT_TRANSPORT_SECURITY, "max-age=31536000 ; includeSubDomains ; preload"))
 				.andReturn();
 		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly(HttpHeaders.STRICT_TRANSPORT_SECURITY);
 	}
@@ -965,6 +977,7 @@ public class HeadersConfigurerTests {
 						.preload(true);
 			// @formatter:on
 		}
+
 	}
 
 	@Test
@@ -972,9 +985,8 @@ public class HeadersConfigurerTests {
 			throws Exception {
 		this.spring.register(HstsWithPreloadInLambdaConfig.class).autowire();
 
-		MvcResult mvcResult = this.mvc.perform(get("/").secure(true))
-				.andExpect(header().string(HttpHeaders.STRICT_TRANSPORT_SECURITY,
-						"max-age=31536000 ; includeSubDomains ; preload"))
+		MvcResult mvcResult = this.mvc.perform(get("/").secure(true)).andExpect(header()
+				.string(HttpHeaders.STRICT_TRANSPORT_SECURITY, "max-age=31536000 ; includeSubDomains ; preload"))
 				.andReturn();
 		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly(HttpHeaders.STRICT_TRANSPORT_SECURITY);
 	}
@@ -993,5 +1005,7 @@ public class HeadersConfigurerTests {
 				);
 			// @formatter:on
 		}
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpBasicConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpBasicConfigurerTests.java
index 455621bedb..4a6fc362e7 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpBasicConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpBasicConfigurerTests.java
@@ -62,12 +62,12 @@ public class HttpBasicConfigurerTests {
 	public void configureWhenRegisteringObjectPostProcessorThenInvokedOnBasicAuthenticationFilter() {
 		this.spring.register(ObjectPostProcessorConfig.class).autowire();
 
-		verify(ObjectPostProcessorConfig.objectPostProcessor)
-				.postProcess(any(BasicAuthenticationFilter.class));
+		verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(BasicAuthenticationFilter.class));
 	}
 
 	@EnableWebSecurity
 	static class ObjectPostProcessorConfig extends WebSecurityConfigurerAdapter {
+
 		static ObjectPostProcessor<Object> objectPostProcessor = spy(ReflectingObjectPostProcessor.class);
 
 		@Override
@@ -82,26 +82,29 @@ public class HttpBasicConfigurerTests {
 		static ObjectPostProcessor<Object> objectPostProcessor() {
 			return objectPostProcessor;
 		}
+
 	}
 
 	static class ReflectingObjectPostProcessor implements ObjectPostProcessor<Object> {
+
 		@Override
 		public <O> O postProcess(O object) {
 			return object;
 		}
+
 	}
 
 	@Test
 	public void httpBasicWhenUsingDefaultsInLambdaThenResponseIncludesBasicChallenge() throws Exception {
 		this.spring.register(DefaultsLambdaEntryPointConfig.class).autowire();
 
-		this.mvc.perform(get("/"))
-				.andExpect(status().isUnauthorized())
+		this.mvc.perform(get("/")).andExpect(status().isUnauthorized())
 				.andExpect(header().string("WWW-Authenticate", "Basic realm=\"Realm\""));
 	}
 
 	@EnableWebSecurity
 	static class DefaultsLambdaEntryPointConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -121,20 +124,21 @@ public class HttpBasicConfigurerTests {
 				.inMemoryAuthentication();
 			// @formatter:on
 		}
+
 	}
 
-	//SEC-2198
+	// SEC-2198
 	@Test
 	public void httpBasicWhenUsingDefaultsThenResponseIncludesBasicChallenge() throws Exception {
 		this.spring.register(DefaultsEntryPointConfig.class).autowire();
 
-		this.mvc.perform(get("/"))
-				.andExpect(status().isUnauthorized())
+		this.mvc.perform(get("/")).andExpect(status().isUnauthorized())
 				.andExpect(header().string("WWW-Authenticate", "Basic realm=\"Realm\""));
 	}
 
 	@EnableWebSecurity
 	static class DefaultsEntryPointConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -153,6 +157,7 @@ public class HttpBasicConfigurerTests {
 				.inMemoryAuthentication();
 			// @formatter:on
 		}
+
 	}
 
 	@Test
@@ -161,14 +166,13 @@ public class HttpBasicConfigurerTests {
 
 		this.mvc.perform(get("/"));
 
-		verify(CustomAuthenticationEntryPointConfig.ENTRY_POINT)
-				.commence(any(HttpServletRequest.class),
-						any(HttpServletResponse.class),
-						any(AuthenticationException.class));
+		verify(CustomAuthenticationEntryPointConfig.ENTRY_POINT).commence(any(HttpServletRequest.class),
+				any(HttpServletResponse.class), any(AuthenticationException.class));
 	}
 
 	@EnableWebSecurity
 	static class CustomAuthenticationEntryPointConfig extends WebSecurityConfigurerAdapter {
+
 		static AuthenticationEntryPoint ENTRY_POINT = mock(AuthenticationEntryPoint.class);
 
 		@Override
@@ -190,6 +194,7 @@ public class HttpBasicConfigurerTests {
 				.inMemoryAuthentication();
 			// @formatter:on
 		}
+
 	}
 
 	@Test
@@ -198,14 +203,13 @@ public class HttpBasicConfigurerTests {
 
 		this.mvc.perform(get("/"));
 
-		verify(DuplicateDoesNotOverrideConfig.ENTRY_POINT)
-				.commence(any(HttpServletRequest.class),
-						any(HttpServletResponse.class),
-						any(AuthenticationException.class));
+		verify(DuplicateDoesNotOverrideConfig.ENTRY_POINT).commence(any(HttpServletRequest.class),
+				any(HttpServletResponse.class), any(AuthenticationException.class));
 	}
 
 	@EnableWebSecurity
 	static class DuplicateDoesNotOverrideConfig extends WebSecurityConfigurerAdapter {
+
 		static AuthenticationEntryPoint ENTRY_POINT = mock(AuthenticationEntryPoint.class);
 
 		@Override
@@ -229,16 +233,15 @@ public class HttpBasicConfigurerTests {
 				.inMemoryAuthentication();
 			// @formatter:on
 		}
+
 	}
 
-	//SEC-3019
+	// SEC-3019
 	@Test
 	public void httpBasicWhenRememberMeConfiguredThenSetsRememberMeCookie() throws Exception {
 		this.spring.register(BasicUsesRememberMeConfig.class).autowire();
 
-		this.mvc.perform(get("/")
-				.with(httpBasic("user", "password"))
-				.param("remember-me", "true"))
+		this.mvc.perform(get("/").with(httpBasic("user", "password")).param("remember-me", "true"))
 				.andExpect(cookie().exists("remember-me"));
 	}
 
@@ -259,7 +262,7 @@ public class HttpBasicConfigurerTests {
 		@Bean
 		public UserDetailsService userDetailsService() {
 			return new InMemoryUserDetailsManager(
-					// @formatter:off
+			// @formatter:off
 					User.withDefaultPasswordEncoder()
 							.username("user")
 							.password("password")
@@ -268,5 +271,7 @@ public class HttpBasicConfigurerTests {
 					// @formatter:on
 			);
 		}
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityAntMatchersTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityAntMatchersTests.java
index 45836760f6..4937f4edb3 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityAntMatchersTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityAntMatchersTests.java
@@ -40,10 +40,13 @@ import org.springframework.web.context.support.AnnotationConfigWebApplicationCon
  *
  */
 public class HttpSecurityAntMatchersTests {
+
 	AnnotationConfigWebApplicationContext context;
 
 	MockHttpServletRequest request;
+
 	MockHttpServletResponse response;
+
 	MockFilterChain chain;
 
 	@Autowired
@@ -77,6 +80,7 @@ public class HttpSecurityAntMatchersTests {
 	@EnableWebSecurity
 	@Configuration
 	static class AntMatchersNoPatternsConfig extends WebSecurityConfigurerAdapter {
+
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
@@ -95,6 +99,7 @@ public class HttpSecurityAntMatchersTests {
 				.inMemoryAuthentication();
 			// @formatter:on
 		}
+
 	}
 
 	// SEC-3135
@@ -111,6 +116,7 @@ public class HttpSecurityAntMatchersTests {
 	@EnableWebSecurity
 	@Configuration
 	static class AntMatchersEmptyPatternsConfig extends WebSecurityConfigurerAdapter {
+
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
@@ -130,6 +136,7 @@ public class HttpSecurityAntMatchersTests {
 				.inMemoryAuthentication();
 			// @formatter:on
 		}
+
 	}
 
 	public void loadConfig(Class<?>... configs) {
@@ -140,5 +147,4 @@ public class HttpSecurityAntMatchersTests {
 		context.getAutowireCapableBeanFactory().autowireBean(this);
 	}
 
-
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityLogoutTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityLogoutTests.java
index e7a80a6e7b..c4b585ed8b 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityLogoutTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityLogoutTests.java
@@ -41,10 +41,13 @@ import org.springframework.web.context.support.AnnotationConfigWebApplicationCon
  *
  */
 public class HttpSecurityLogoutTests {
+
 	AnnotationConfigWebApplicationContext context;
 
 	MockHttpServletRequest request;
+
 	MockHttpServletResponse response;
+
 	MockFilterChain chain;
 
 	@Autowired
@@ -72,7 +75,8 @@ public class HttpSecurityLogoutTests {
 		SecurityContext currentContext = SecurityContextHolder.createEmptyContext();
 		currentContext.setAuthentication(new TestingAuthenticationToken("user", "password", "ROLE_USER"));
 
-		request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, currentContext);
+		request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY,
+				currentContext);
 		request.setMethod("POST");
 		request.setServletPath("/logout");
 
@@ -84,6 +88,7 @@ public class HttpSecurityLogoutTests {
 	@EnableWebSecurity
 	@Configuration
 	static class ClearAuthenticationFalseConfig extends WebSecurityConfigurerAdapter {
+
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
@@ -100,6 +105,7 @@ public class HttpSecurityLogoutTests {
 				.inMemoryAuthentication();
 			// @formatter:on
 		}
+
 	}
 
 	public void loadConfig(Class<?>... configs) {
@@ -110,5 +116,4 @@ public class HttpSecurityLogoutTests {
 		context.getAutowireCapableBeanFactory().autowireBean(this);
 	}
 
-
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityRequestMatchersTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityRequestMatchersTests.java
index fec73febcc..c5ea556034 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityRequestMatchersTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityRequestMatchersTests.java
@@ -47,10 +47,13 @@ import static org.springframework.security.config.Customizer.withDefaults;
  *
  */
 public class HttpSecurityRequestMatchersTests {
+
 	AnnotationConfigWebApplicationContext context;
 
 	MockHttpServletRequest request;
+
 	MockHttpServletResponse response;
+
 	MockFilterChain chain;
 
 	@Autowired
@@ -78,24 +81,21 @@ public class HttpSecurityRequestMatchersTests {
 		this.request.setServletPath("/path");
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
 
-		assertThat(this.response.getStatus())
-				.isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
+		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
 
 		setup();
 
 		this.request.setServletPath("/path.html");
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
 
-		assertThat(this.response.getStatus())
-				.isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
+		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
 
 		setup();
 
 		this.request.setServletPath("/path/");
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
 
-		assertThat(this.response.getStatus())
-				.isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
+		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
 	}
 
 	@Test
@@ -109,6 +109,7 @@ public class HttpSecurityRequestMatchersTests {
 	@Configuration
 	@EnableWebMvc
 	static class MvcMatcherConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -130,11 +131,14 @@ public class HttpSecurityRequestMatchersTests {
 
 		@RestController
 		static class PathController {
+
 			@RequestMapping("/path")
 			public String path() {
 				return "path";
 			}
+
 		}
+
 	}
 
 	@Test
@@ -144,30 +148,28 @@ public class HttpSecurityRequestMatchersTests {
 		this.request.setServletPath("/path");
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
 
-		assertThat(this.response.getStatus())
-				.isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
+		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
 
 		setup();
 
 		this.request.setServletPath("/path.html");
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
 
-		assertThat(this.response.getStatus())
-				.isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
+		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
 
 		setup();
 
 		this.request.setServletPath("/path/");
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
 
-		assertThat(this.response.getStatus())
-				.isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
+		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
 	}
 
 	@EnableWebSecurity
 	@Configuration
 	@EnableWebMvc
 	static class RequestMatchersMvcMatcherConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -191,11 +193,14 @@ public class HttpSecurityRequestMatchersTests {
 
 		@RestController
 		static class PathController {
+
 			@RequestMapping("/path")
 			public String path() {
 				return "path";
 			}
+
 		}
+
 	}
 
 	@Test
@@ -205,30 +210,28 @@ public class HttpSecurityRequestMatchersTests {
 		this.request.setServletPath("/path");
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
 
-		assertThat(this.response.getStatus())
-				.isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
+		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
 
 		setup();
 
 		this.request.setServletPath("/path.html");
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
 
-		assertThat(this.response.getStatus())
-				.isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
+		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
 
 		setup();
 
 		this.request.setServletPath("/path/");
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
 
-		assertThat(this.response.getStatus())
-				.isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
+		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
 	}
 
 	@EnableWebSecurity
 	@Configuration
 	@EnableWebMvc
 	static class RequestMatchersMvcMatcherInLambdaConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -247,11 +250,14 @@ public class HttpSecurityRequestMatchersTests {
 
 		@RestController
 		static class PathController {
+
 			@RequestMapping("/path")
 			public String path() {
 				return "path";
 			}
+
 		}
+
 	}
 
 	@Test
@@ -262,8 +268,7 @@ public class HttpSecurityRequestMatchersTests {
 		this.request.setRequestURI("/spring/path");
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
 
-		assertThat(this.response.getStatus())
-				.isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
+		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
 
 		setup();
 
@@ -286,8 +291,8 @@ public class HttpSecurityRequestMatchersTests {
 	@EnableWebSecurity
 	@Configuration
 	@EnableWebMvc
-	static class RequestMatchersMvcMatcherServeltPathConfig
-			extends WebSecurityConfigurerAdapter {
+	static class RequestMatchersMvcMatcherServeltPathConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -312,11 +317,14 @@ public class HttpSecurityRequestMatchersTests {
 
 		@RestController
 		static class PathController {
+
 			@RequestMapping("/path")
 			public String path() {
 				return "path";
 			}
+
 		}
+
 	}
 
 	@Test
@@ -327,8 +335,7 @@ public class HttpSecurityRequestMatchersTests {
 		this.request.setRequestURI("/spring/path");
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
 
-		assertThat(this.response.getStatus())
-				.isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
+		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
 
 		setup();
 
@@ -351,8 +358,8 @@ public class HttpSecurityRequestMatchersTests {
 	@EnableWebSecurity
 	@Configuration
 	@EnableWebMvc
-	static class RequestMatchersMvcMatcherServletPathInLambdaConfig
-			extends WebSecurityConfigurerAdapter {
+	static class RequestMatchersMvcMatcherServletPathInLambdaConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -372,19 +379,24 @@ public class HttpSecurityRequestMatchersTests {
 
 		@RestController
 		static class PathController {
+
 			@RequestMapping("/path")
 			public String path() {
 				return "path";
 			}
+
 		}
+
 	}
 
 	@Configuration
 	static class LegacyMvcMatchingConfig implements WebMvcConfigurer {
+
 		@Override
 		public void configurePathMatch(PathMatchConfigurer configurer) {
 			configurer.setUseSuffixPatternMatch(true);
 		}
+
 	}
 
 	public void loadConfig(Class<?>... configs) {
@@ -395,4 +407,5 @@ public class HttpSecurityRequestMatchersTests {
 
 		this.context.getAutowireCapableBeanFactory().autowireBean(this);
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/Issue55Tests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/Issue55Tests.java
index 62aeedce86..c8fd168420 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/Issue55Tests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/Issue55Tests.java
@@ -59,9 +59,9 @@ public class Issue55Tests {
 		assertThat(filter.getAuthenticationManager().authenticate(token)).isEqualTo(CustomAuthenticationManager.RESULT);
 	}
 
-
 	@EnableWebSecurity
 	static class WebSecurityConfigurerAdapterDefaultsAuthManagerConfig {
+
 		@Component
 		public static class WebSecurityAdapter extends WebSecurityConfigurerAdapter {
 
@@ -73,19 +73,24 @@ public class Issue55Tests {
 						.anyRequest().hasRole("USER");
 				// @formatter:on
 			}
+
 		}
 
 		@Configuration
 		public static class AuthenticationManagerConfiguration {
+
 			@Bean
 			public AuthenticationManager authenticationManager() throws Exception {
 				return new CustomAuthenticationManager();
 			}
+
 		}
+
 	}
 
 	@Test
-	public void multiHttpWebSecurityConfigurerAdapterDefaultsToAutowired() throws NoSuchMethodException, InvocationTargetException, IllegalAccessException {
+	public void multiHttpWebSecurityConfigurerAdapterDefaultsToAutowired()
+			throws NoSuchMethodException, InvocationTargetException, IllegalAccessException {
 		TestingAuthenticationToken token = new TestingAuthenticationToken("test", "this");
 		this.spring.register(MultiWebSecurityConfigurerAdapterDefaultsAuthManagerConfig.class);
 		this.spring.getContext().getBean(FilterChainProxy.class);
@@ -93,15 +98,19 @@ public class Issue55Tests {
 		FilterSecurityInterceptor filter = (FilterSecurityInterceptor) findFilter(FilterSecurityInterceptor.class, 0);
 		assertThat(filter.getAuthenticationManager().authenticate(token)).isEqualTo(CustomAuthenticationManager.RESULT);
 
-		FilterSecurityInterceptor secondFilter = (FilterSecurityInterceptor) findFilter(FilterSecurityInterceptor.class, 1);
-		assertThat(secondFilter.getAuthenticationManager().authenticate(token)).isEqualTo(CustomAuthenticationManager.RESULT);
+		FilterSecurityInterceptor secondFilter = (FilterSecurityInterceptor) findFilter(FilterSecurityInterceptor.class,
+				1);
+		assertThat(secondFilter.getAuthenticationManager().authenticate(token))
+				.isEqualTo(CustomAuthenticationManager.RESULT);
 	}
 
 	@EnableWebSecurity
 	static class MultiWebSecurityConfigurerAdapterDefaultsAuthManagerConfig {
+
 		@Component
 		@Order(1)
 		public static class ApiWebSecurityAdapter extends WebSecurityConfigurerAdapter {
+
 			@Override
 			protected void configure(HttpSecurity http) throws Exception {
 				// @formatter:off
@@ -110,10 +119,12 @@ public class Issue55Tests {
 						.anyRequest().hasRole("USER");
 				// @formatter:on
 			}
+
 		}
 
 		@Component
 		public static class WebSecurityAdapter extends WebSecurityConfigurerAdapter {
+
 			@Override
 			protected void configure(HttpSecurity http) throws Exception {
 				// @formatter:off
@@ -122,23 +133,29 @@ public class Issue55Tests {
 						.anyRequest().hasRole("USER");
 				// @formatter:on
 			}
+
 		}
 
 		@Configuration
 		public static class AuthenticationManagerConfiguration {
+
 			@Bean
 			public AuthenticationManager authenticationManager() throws Exception {
 				return new CustomAuthenticationManager();
 			}
+
 		}
+
 	}
 
 	static class CustomAuthenticationManager implements AuthenticationManager {
+
 		static Authentication RESULT = new TestingAuthenticationToken("test", "this", "ROLE_USER");
 
 		public Authentication authenticate(Authentication authentication) throws AuthenticationException {
 			return RESULT;
 		}
+
 	}
 
 	Filter findFilter(Class<?> filter, int index) {
@@ -154,4 +171,5 @@ public class Issue55Tests {
 	SecurityFilterChain filterChain(int index) {
 		return this.spring.getContext().getBean(FilterChainProxy.class).getFilterChains().get(index);
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/JeeConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/JeeConfigurerTests.java
index 57de13f087..cb2165b31c 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/JeeConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/JeeConfigurerTests.java
@@ -76,6 +76,7 @@ public class JeeConfigurerTests {
 
 	@EnableWebSecurity
 	static class ObjectPostProcessorConfig extends WebSecurityConfigurerAdapter {
+
 		static ObjectPostProcessor<Object> objectPostProcessor;
 
 		@Override
@@ -90,13 +91,16 @@ public class JeeConfigurerTests {
 		static ObjectPostProcessor<Object> objectPostProcessor() {
 			return objectPostProcessor;
 		}
+
 	}
 
 	static class ReflectingObjectPostProcessor implements ObjectPostProcessor<Object> {
+
 		@Override
 		public <O> O postProcess(O object) {
 			return object;
 		}
+
 	}
 
 	@Test
@@ -105,18 +109,16 @@ public class JeeConfigurerTests {
 		Principal user = mock(Principal.class);
 		when(user.getName()).thenReturn("user");
 
-		this.mvc.perform(get("/")
-				.principal(user)
-				.with(request -> {
-					request.addUserRole("ROLE_ADMIN");
-					request.addUserRole("ROLE_USER");
-					return request;
-				}))
-				.andExpect(authenticated().withRoles("USER"));
+		this.mvc.perform(get("/").principal(user).with(request -> {
+			request.addUserRole("ROLE_ADMIN");
+			request.addUserRole("ROLE_USER");
+			return request;
+		})).andExpect(authenticated().withRoles("USER"));
 	}
 
 	@EnableWebSecurity
 	static class InvokeTwiceDoesNotOverride extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -127,6 +129,7 @@ public class JeeConfigurerTests {
 				.jee();
 			// @formatter:on
 		}
+
 	}
 
 	@Test
@@ -135,18 +138,16 @@ public class JeeConfigurerTests {
 		Principal user = mock(Principal.class);
 		when(user.getName()).thenReturn("user");
 
-		this.mvc.perform(get("/")
-				.principal(user)
-				.with(request -> {
-					request.addUserRole("ROLE_ADMIN");
-					request.addUserRole("ROLE_USER");
-					return request;
-				}))
-				.andExpect(authenticated().withRoles("USER"));
+		this.mvc.perform(get("/").principal(user).with(request -> {
+			request.addUserRole("ROLE_ADMIN");
+			request.addUserRole("ROLE_USER");
+			return request;
+		})).andExpect(authenticated().withRoles("USER"));
 	}
 
 	@EnableWebSecurity
 	public static class JeeMappableRolesConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -161,6 +162,7 @@ public class JeeConfigurerTests {
 				);
 			// @formatter:on
 		}
+
 	}
 
 	@Test
@@ -169,14 +171,11 @@ public class JeeConfigurerTests {
 		Principal user = mock(Principal.class);
 		when(user.getName()).thenReturn("user");
 
-		this.mvc.perform(get("/")
-				.principal(user)
-				.with(request -> {
-					request.addUserRole("ROLE_ADMIN");
-					request.addUserRole("ROLE_USER");
-					return request;
-				}))
-				.andExpect(authenticated().withAuthorities(AuthorityUtils.createAuthorityList("ROLE_USER")));
+		this.mvc.perform(get("/").principal(user).with(request -> {
+			request.addUserRole("ROLE_ADMIN");
+			request.addUserRole("ROLE_USER");
+			return request;
+		})).andExpect(authenticated().withAuthorities(AuthorityUtils.createAuthorityList("ROLE_USER")));
 	}
 
 	@EnableWebSecurity
@@ -196,6 +195,7 @@ public class JeeConfigurerTests {
 				);
 			// @formatter:on
 		}
+
 	}
 
 	@Test
@@ -209,20 +209,18 @@ public class JeeConfigurerTests {
 		when(JeeCustomAuthenticatedUserDetailsServiceConfig.authenticationUserDetailsService.loadUserDetails(any()))
 				.thenReturn(userDetails);
 
-		this.mvc.perform(get("/")
-				.principal(user)
-				.with(request -> {
-					request.addUserRole("ROLE_ADMIN");
-					request.addUserRole("ROLE_USER");
-					return request;
-				}))
-				.andExpect(authenticated().withRoles("USER"));
+		this.mvc.perform(get("/").principal(user).with(request -> {
+			request.addUserRole("ROLE_ADMIN");
+			request.addUserRole("ROLE_USER");
+			return request;
+		})).andExpect(authenticated().withRoles("USER"));
 	}
 
 	@EnableWebSecurity
 	public static class JeeCustomAuthenticatedUserDetailsServiceConfig extends WebSecurityConfigurerAdapter {
-		static AuthenticationUserDetailsService authenticationUserDetailsService =
-				mock(AuthenticationUserDetailsService.class);
+
+		static AuthenticationUserDetailsService authenticationUserDetailsService = mock(
+				AuthenticationUserDetailsService.class);
 
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
@@ -238,5 +236,7 @@ public class JeeConfigurerTests {
 				);
 			// @formatter:on
 		}
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurerClearSiteDataTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurerClearSiteDataTests.java
index 79d32b7467..8b8a8ac9e8 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurerClearSiteDataTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurerClearSiteDataTests.java
@@ -43,8 +43,8 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
 
 /**
  *
- * Tests for {@link HeaderWriterLogoutHandler} that passing {@link ClearSiteDataHeaderWriter}
- * implementation.
+ * Tests for {@link HeaderWriterLogoutHandler} that passing
+ * {@link ClearSiteDataHeaderWriter} implementation.
  *
  * @author Rafiullah Hamedy
  *
@@ -55,8 +55,7 @@ public class LogoutConfigurerClearSiteDataTests {
 
 	private static final String CLEAR_SITE_DATA_HEADER = "Clear-Site-Data";
 
-	private static final ClearSiteDataHeaderWriter.Directive[] SOURCE =
-			{ CACHE, COOKIES, STORAGE, EXECUTION_CONTEXTS };
+	private static final ClearSiteDataHeaderWriter.Directive[] SOURCE = { CACHE, COOKIES, STORAGE, EXECUTION_CONTEXTS };
 
 	private static final String HEADER_VALUE = "\"cache\", \"cookies\", \"storage\", \"executionContexts\"";
 
@@ -72,7 +71,7 @@ public class LogoutConfigurerClearSiteDataTests {
 		this.spring.register(HttpLogoutConfig.class).autowire();
 
 		this.mvc.perform(get("/logout").secure(true).with(csrf()))
-			.andExpect(header().doesNotExist(CLEAR_SITE_DATA_HEADER));
+				.andExpect(header().doesNotExist(CLEAR_SITE_DATA_HEADER));
 	}
 
 	@Test
@@ -80,8 +79,7 @@ public class LogoutConfigurerClearSiteDataTests {
 	public void logoutWhenRequestTypePostAndNotSecureThenHeaderNotPresent() throws Exception {
 		this.spring.register(HttpLogoutConfig.class).autowire();
 
-		this.mvc.perform(post("/logout").with(csrf()))
-			.andExpect(header().doesNotExist(CLEAR_SITE_DATA_HEADER));
+		this.mvc.perform(post("/logout").with(csrf())).andExpect(header().doesNotExist(CLEAR_SITE_DATA_HEADER));
 	}
 
 	@Test
@@ -90,11 +88,12 @@ public class LogoutConfigurerClearSiteDataTests {
 		this.spring.register(HttpLogoutConfig.class).autowire();
 
 		this.mvc.perform(post("/logout").secure(true).with(csrf()))
-			.andExpect(header().stringValues(CLEAR_SITE_DATA_HEADER, HEADER_VALUE));
+				.andExpect(header().stringValues(CLEAR_SITE_DATA_HEADER, HEADER_VALUE));
 	}
 
 	@EnableWebSecurity
 	static class HttpLogoutConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -103,5 +102,7 @@ public class LogoutConfigurerClearSiteDataTests {
 					.addLogoutHandler(new HeaderWriterLogoutHandler(new ClearSiteDataHeaderWriter(SOURCE)));
 			// @formatter:on
 		}
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurerTests.java
index bb24708390..65659ac6ac 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurerTests.java
@@ -66,12 +66,12 @@ public class LogoutConfigurerTests {
 	@Test
 	public void configureWhenDefaultLogoutSuccessHandlerForHasNullLogoutHandlerThenException() {
 		assertThatThrownBy(() -> this.spring.register(NullLogoutSuccessHandlerConfig.class).autowire())
-				.isInstanceOf(BeanCreationException.class)
-				.hasRootCauseInstanceOf(IllegalArgumentException.class);
+				.isInstanceOf(BeanCreationException.class).hasRootCauseInstanceOf(IllegalArgumentException.class);
 	}
 
 	@EnableWebSecurity
 	static class NullLogoutSuccessHandlerConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -80,17 +80,18 @@ public class LogoutConfigurerTests {
 					.defaultLogoutSuccessHandlerFor(null, mock(RequestMatcher.class));
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void configureWhenDefaultLogoutSuccessHandlerForHasNullLogoutHandlerInLambdaThenException() {
 		assertThatThrownBy(() -> this.spring.register(NullLogoutSuccessHandlerInLambdaConfig.class).autowire())
-				.isInstanceOf(BeanCreationException.class)
-				.hasRootCauseInstanceOf(IllegalArgumentException.class);
+				.isInstanceOf(BeanCreationException.class).hasRootCauseInstanceOf(IllegalArgumentException.class);
 	}
 
 	@EnableWebSecurity
 	static class NullLogoutSuccessHandlerInLambdaConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -100,17 +101,18 @@ public class LogoutConfigurerTests {
 				);
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void configureWhenDefaultLogoutSuccessHandlerForHasNullMatcherThenException() {
 		assertThatThrownBy(() -> this.spring.register(NullMatcherConfig.class).autowire())
-				.isInstanceOf(BeanCreationException.class)
-				.hasRootCauseInstanceOf(IllegalArgumentException.class);
+				.isInstanceOf(BeanCreationException.class).hasRootCauseInstanceOf(IllegalArgumentException.class);
 	}
 
 	@EnableWebSecurity
 	static class NullMatcherConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -119,17 +121,18 @@ public class LogoutConfigurerTests {
 					.defaultLogoutSuccessHandlerFor(mock(LogoutSuccessHandler.class), null);
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void configureWhenDefaultLogoutSuccessHandlerForHasNullMatcherInLambdaThenException() {
 		assertThatThrownBy(() -> this.spring.register(NullMatcherInLambdaConfig.class).autowire())
-				.isInstanceOf(BeanCreationException.class)
-				.hasRootCauseInstanceOf(IllegalArgumentException.class);
+				.isInstanceOf(BeanCreationException.class).hasRootCauseInstanceOf(IllegalArgumentException.class);
 	}
 
 	@EnableWebSecurity
 	static class NullMatcherInLambdaConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -139,18 +142,19 @@ public class LogoutConfigurerTests {
 				);
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void configureWhenRegisteringObjectPostProcessorThenInvokedOnLogoutFilter() {
 		this.spring.register(ObjectPostProcessorConfig.class).autowire();
 
-		verify(ObjectPostProcessorConfig.objectPostProcessor)
-				.postProcess(any(LogoutFilter.class));
+		verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(LogoutFilter.class));
 	}
 
 	@EnableWebSecurity
 	static class ObjectPostProcessorConfig extends WebSecurityConfigurerAdapter {
+
 		static ObjectPostProcessor<Object> objectPostProcessor = spy(ReflectingObjectPostProcessor.class);
 
 		@Override
@@ -165,27 +169,29 @@ public class LogoutConfigurerTests {
 		static ObjectPostProcessor<Object> objectPostProcessor() {
 			return objectPostProcessor;
 		}
+
 	}
 
 	static class ReflectingObjectPostProcessor implements ObjectPostProcessor<Object> {
+
 		@Override
 		public <O> O postProcess(O object) {
 			return object;
 		}
+
 	}
 
 	@Test
 	public void logoutWhenInvokedTwiceThenUsesOriginalLogoutUrl() throws Exception {
 		this.spring.register(DuplicateDoesNotOverrideConfig.class).autowire();
 
-		this.mvc.perform(post("/custom/logout")
-				.with(csrf()))
-				.andExpect(status().isFound())
+		this.mvc.perform(post("/custom/logout").with(csrf())).andExpect(status().isFound())
 				.andExpect(redirectedUrl("/login?logout"));
 	}
 
 	@EnableWebSecurity
 	static class DuplicateDoesNotOverrideConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -204,6 +210,7 @@ public class LogoutConfigurerTests {
 				.inMemoryAuthentication();
 			// @formatter:on
 		}
+
 	}
 
 	// SEC-2311
@@ -211,36 +218,28 @@ public class LogoutConfigurerTests {
 	public void logoutWhenGetRequestAndCsrfDisabledThenRedirectsToLogin() throws Exception {
 		this.spring.register(CsrfDisabledConfig.class).autowire();
 
-		this.mvc.perform(get("/logout"))
-				.andExpect(status().isFound())
-				.andExpect(redirectedUrl("/login?logout"));
+		this.mvc.perform(get("/logout")).andExpect(status().isFound()).andExpect(redirectedUrl("/login?logout"));
 	}
 
 	@Test
 	public void logoutWhenPostRequestAndCsrfDisabledThenRedirectsToLogin() throws Exception {
 		this.spring.register(CsrfDisabledConfig.class).autowire();
 
-		this.mvc.perform(post("/logout"))
-				.andExpect(status().isFound())
-				.andExpect(redirectedUrl("/login?logout"));
+		this.mvc.perform(post("/logout")).andExpect(status().isFound()).andExpect(redirectedUrl("/login?logout"));
 	}
 
 	@Test
 	public void logoutWhenPutRequestAndCsrfDisabledThenRedirectsToLogin() throws Exception {
 		this.spring.register(CsrfDisabledConfig.class).autowire();
 
-		this.mvc.perform(put("/logout"))
-				.andExpect(status().isFound())
-				.andExpect(redirectedUrl("/login?logout"));
+		this.mvc.perform(put("/logout")).andExpect(status().isFound()).andExpect(redirectedUrl("/login?logout"));
 	}
 
 	@Test
 	public void logoutWhenDeleteRequestAndCsrfDisabledThenRedirectsToLogin() throws Exception {
 		this.spring.register(CsrfDisabledConfig.class).autowire();
 
-		this.mvc.perform(delete("/logout"))
-				.andExpect(status().isFound())
-				.andExpect(redirectedUrl("/login?logout"));
+		this.mvc.perform(delete("/logout")).andExpect(status().isFound()).andExpect(redirectedUrl("/login?logout"));
 	}
 
 	@EnableWebSecurity
@@ -255,23 +254,21 @@ public class LogoutConfigurerTests {
 				.logout();
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void logoutWhenGetRequestAndCsrfDisabledAndCustomLogoutUrlThenRedirectsToLogin() throws Exception {
 		this.spring.register(CsrfDisabledAndCustomLogoutConfig.class).autowire();
 
-		this.mvc.perform(get("/custom/logout"))
-				.andExpect(status().isFound())
-				.andExpect(redirectedUrl("/login?logout"));
+		this.mvc.perform(get("/custom/logout")).andExpect(status().isFound()).andExpect(redirectedUrl("/login?logout"));
 	}
 
 	@Test
 	public void logoutWhenPostRequestAndCsrfDisabledAndCustomLogoutUrlThenRedirectsToLogin() throws Exception {
 		this.spring.register(CsrfDisabledAndCustomLogoutConfig.class).autowire();
 
-		this.mvc.perform(post("/custom/logout"))
-				.andExpect(status().isFound())
+		this.mvc.perform(post("/custom/logout")).andExpect(status().isFound())
 				.andExpect(redirectedUrl("/login?logout"));
 	}
 
@@ -279,17 +276,14 @@ public class LogoutConfigurerTests {
 	public void logoutWhenPutRequestAndCsrfDisabledAndCustomLogoutUrlThenRedirectsToLogin() throws Exception {
 		this.spring.register(CsrfDisabledAndCustomLogoutConfig.class).autowire();
 
-		this.mvc.perform(put("/custom/logout"))
-				.andExpect(status().isFound())
-				.andExpect(redirectedUrl("/login?logout"));
+		this.mvc.perform(put("/custom/logout")).andExpect(status().isFound()).andExpect(redirectedUrl("/login?logout"));
 	}
 
 	@Test
 	public void logoutWhenDeleteRequestAndCsrfDisabledAndCustomLogoutUrlThenRedirectsToLogin() throws Exception {
 		this.spring.register(CsrfDisabledAndCustomLogoutConfig.class).autowire();
 
-		this.mvc.perform(delete("/custom/logout"))
-				.andExpect(status().isFound())
+		this.mvc.perform(delete("/custom/logout")).andExpect(status().isFound())
 				.andExpect(redirectedUrl("/login?logout"));
 	}
 
@@ -306,15 +300,14 @@ public class LogoutConfigurerTests {
 					.logoutUrl("/custom/logout");
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void logoutWhenCustomLogoutUrlInLambdaThenRedirectsToLogin() throws Exception {
 		this.spring.register(CsrfDisabledAndCustomLogoutInLambdaConfig.class).autowire();
 
-		this.mvc.perform(get("/custom/logout"))
-				.andExpect(status().isFound())
-				.andExpect(redirectedUrl("/login?logout"));
+		this.mvc.perform(get("/custom/logout")).andExpect(status().isFound()).andExpect(redirectedUrl("/login?logout"));
 	}
 
 	@EnableWebSecurity
@@ -329,18 +322,19 @@ public class LogoutConfigurerTests {
 				.logout(logout -> logout.logoutUrl("/custom/logout"));
 			// @formatter:on
 		}
+
 	}
 
 	// SEC-3170
 	@Test
 	public void configureWhenLogoutHandlerNullThenException() {
 		assertThatThrownBy(() -> this.spring.register(NullLogoutHandlerConfig.class).autowire())
-				.isInstanceOf(BeanCreationException.class)
-				.hasRootCauseInstanceOf(IllegalArgumentException.class);
+				.isInstanceOf(BeanCreationException.class).hasRootCauseInstanceOf(IllegalArgumentException.class);
 	}
 
 	@EnableWebSecurity
 	static class NullLogoutHandlerConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -349,17 +343,18 @@ public class LogoutConfigurerTests {
 					.addLogoutHandler(null);
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void configureWhenLogoutHandlerNullInLambdaThenException() {
 		assertThatThrownBy(() -> this.spring.register(NullLogoutHandlerInLambdaConfig.class).autowire())
-				.isInstanceOf(BeanCreationException.class)
-				.hasRootCauseInstanceOf(IllegalArgumentException.class);
+				.isInstanceOf(BeanCreationException.class).hasRootCauseInstanceOf(IllegalArgumentException.class);
 	}
 
 	@EnableWebSecurity
 	static class NullLogoutHandlerInLambdaConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -367,6 +362,7 @@ public class LogoutConfigurerTests {
 				.logout(logout -> logout.addLogoutHandler(null));
 			// @formatter:on
 		}
+
 	}
 
 	// SEC-3170
@@ -374,14 +370,13 @@ public class LogoutConfigurerTests {
 	public void rememberMeWhenRememberMeServicesNotLogoutHandlerThenRedirectsToLogin() throws Exception {
 		this.spring.register(RememberMeNoLogoutHandler.class).autowire();
 
-		this.mvc.perform(post("/logout")
-				.with(csrf()))
-				.andExpect(status().isFound())
+		this.mvc.perform(post("/logout").with(csrf())).andExpect(status().isFound())
 				.andExpect(redirectedUrl("/login?logout"));
 	}
 
 	@EnableWebSecurity
 	static class RememberMeNoLogoutHandler extends WebSecurityConfigurerAdapter {
+
 		static RememberMeServices REMEMBER_ME = mock(RememberMeServices.class);
 
 		@Override
@@ -392,18 +387,16 @@ public class LogoutConfigurerTests {
 					.rememberMeServices(REMEMBER_ME);
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void logoutWhenAcceptTextHtmlThenRedirectsToLogin() throws Exception {
 		this.spring.register(BasicSecurityConfig.class).autowire();
 
-		this.mvc.perform(post("/logout")
-				.with(csrf())
-				.with(user("user"))
-				.header(HttpHeaders.ACCEPT, MediaType.TEXT_HTML_VALUE))
-				.andExpect(status().isFound())
-				.andExpect(redirectedUrl("/login?logout"));
+		this.mvc.perform(
+				post("/logout").with(csrf()).with(user("user")).header(HttpHeaders.ACCEPT, MediaType.TEXT_HTML_VALUE))
+				.andExpect(status().isFound()).andExpect(redirectedUrl("/login?logout"));
 	}
 
 	// gh-3282
@@ -411,11 +404,8 @@ public class LogoutConfigurerTests {
 	public void logoutWhenAcceptApplicationJsonThenReturnsStatusNoContent() throws Exception {
 		this.spring.register(BasicSecurityConfig.class).autowire();
 
-		this.mvc.perform(post("/logout")
-				.with(csrf())
-				.with(user("user"))
-				.header(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_VALUE))
-				.andExpect(status().isNoContent());
+		this.mvc.perform(post("/logout").with(csrf()).with(user("user")).header(HttpHeaders.ACCEPT,
+				MediaType.APPLICATION_JSON_VALUE)).andExpect(status().isNoContent());
 	}
 
 	// gh-4831
@@ -423,10 +413,8 @@ public class LogoutConfigurerTests {
 	public void logoutWhenAcceptAllThenReturnsStatusNoContent() throws Exception {
 		this.spring.register(BasicSecurityConfig.class).autowire();
 
-		this.mvc.perform(post("/logout")
-				.with(csrf())
-				.with(user("user"))
-				.header(HttpHeaders.ACCEPT, MediaType.ALL_VALUE))
+		this.mvc.perform(
+				post("/logout").with(csrf()).with(user("user")).header(HttpHeaders.ACCEPT, MediaType.ALL_VALUE))
 				.andExpect(status().isNoContent());
 	}
 
@@ -435,11 +423,9 @@ public class LogoutConfigurerTests {
 	public void logoutWhenAcceptFromChromeThenRedirectsToLogin() throws Exception {
 		this.spring.register(BasicSecurityConfig.class).autowire();
 
-		this.mvc.perform(post("/logout")
-				.with(csrf()).with(user("user"))
-				.header(HttpHeaders.ACCEPT, "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"))
-				.andExpect(status().isFound())
-				.andExpect(redirectedUrl("/login?logout"));
+		this.mvc.perform(post("/logout").with(csrf()).with(user("user")).header(HttpHeaders.ACCEPT,
+				"text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"))
+				.andExpect(status().isFound()).andExpect(redirectedUrl("/login?logout"));
 	}
 
 	// gh-3997
@@ -447,29 +433,26 @@ public class LogoutConfigurerTests {
 	public void logoutWhenXMLHttpRequestThenReturnsStatusNoContent() throws Exception {
 		this.spring.register(BasicSecurityConfig.class).autowire();
 
-		this.mvc.perform(post("/logout")
-				.with(csrf())
-				.with(user("user"))
-				.header(HttpHeaders.ACCEPT, "text/html,application/json")
-				.header("X-Requested-With", "XMLHttpRequest"))
+		this.mvc.perform(post("/logout").with(csrf()).with(user("user"))
+				.header(HttpHeaders.ACCEPT, "text/html,application/json").header("X-Requested-With", "XMLHttpRequest"))
 				.andExpect(status().isNoContent());
 	}
 
 	@EnableWebSecurity
 	static class BasicSecurityConfig extends WebSecurityConfigurerAdapter {
+
 	}
 
 	@Test
 	public void logoutWhenDisabledThenLogoutUrlNotFound() throws Exception {
 		this.spring.register(LogoutDisabledConfig.class).autowire();
 
-		this.mvc.perform(post("/logout")
-				.with(csrf()))
-				.andExpect(status().isNotFound());
+		this.mvc.perform(post("/logout").with(csrf())).andExpect(status().isNotFound());
 	}
 
 	@EnableWebSecurity
 	static class LogoutDisabledConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -478,5 +461,7 @@ public class LogoutConfigurerTests {
 					.disable();
 			// @formatter:on
 		}
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceDebugTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceDebugTests.java
index 13fdc95f49..c386e59c80 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceDebugTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceDebugTests.java
@@ -45,6 +45,7 @@ import static org.springframework.test.web.servlet.request.MockMvcRequestBuilder
  * @author Josh Cummings
  */
 public class NamespaceDebugTests {
+
 	@Rule
 	public final SpringTestRule spring = new SpringTestRule();
 
@@ -60,8 +61,9 @@ public class NamespaceDebugTests {
 		verify(appender, atLeastOnce()).doAppend(any(ILoggingEvent.class));
 	}
 
-	@EnableWebSecurity(debug=true)
+	@EnableWebSecurity(debug = true)
 	static class DebugWebSecurity extends WebSecurityConfigurerAdapter {
+
 	}
 
 	@Test
@@ -75,6 +77,7 @@ public class NamespaceDebugTests {
 
 	@EnableWebSecurity
 	static class NoDebugWebSecurity extends WebSecurityConfigurerAdapter {
+
 	}
 
 	private Appender<ILoggingEvent> mockAppenderFor(String name) {
@@ -88,4 +91,5 @@ public class NamespaceDebugTests {
 	private Class<?> filterChainClass() {
 		return this.spring.getContext().getBean("springSecurityFilterChain").getClass();
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpAnonymousTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpAnonymousTests.java
index f6bd08bf47..c7716f1d4b 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpAnonymousTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpAnonymousTests.java
@@ -57,12 +57,12 @@ public class NamespaceHttpAnonymousTests {
 	public void anonymousRequestWhenUsingDefaultAnonymousConfigurationThenUsesAnonymousAuthentication()
 			throws Exception {
 		this.spring.register(AnonymousConfig.class, AnonymousController.class).autowire();
-		this.mvc.perform(get("/type"))
-				.andExpect(content().string(AnonymousAuthenticationToken.class.getSimpleName()));
+		this.mvc.perform(get("/type")).andExpect(content().string(AnonymousAuthenticationToken.class.getSimpleName()));
 	}
 
 	@EnableWebSecurity
 	static class AnonymousConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -72,18 +72,18 @@ public class NamespaceHttpAnonymousTests {
 					.anyRequest().denyAll();
 			// @formatter:on
 		}
+
 	}
 
 	@Test
-	public void anonymousRequestWhenDisablingAnonymousThenDenies()
-			throws Exception {
+	public void anonymousRequestWhenDisablingAnonymousThenDenies() throws Exception {
 		this.spring.register(AnonymousDisabledConfig.class, AnonymousController.class).autowire();
-		this.mvc.perform(get("/type"))
-				.andExpect(status().isForbidden());
+		this.mvc.perform(get("/type")).andExpect(status().isForbidden());
 	}
 
 	@EnableWebSecurity
 	static class AnonymousDisabledConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -103,18 +103,18 @@ public class NamespaceHttpAnonymousTests {
 					.withUser(PasswordEncodedUser.admin());
 			// @formatter:on
 		}
+
 	}
 
 	@Test
-	public void requestWhenAnonymousThenSendsAnonymousConfiguredAuthorities()
-			throws Exception {
+	public void requestWhenAnonymousThenSendsAnonymousConfiguredAuthorities() throws Exception {
 		this.spring.register(AnonymousGrantedAuthorityConfig.class, AnonymousController.class).autowire();
-		this.mvc.perform(get("/type"))
-				.andExpect(content().string(AnonymousAuthenticationToken.class.getSimpleName()));
+		this.mvc.perform(get("/type")).andExpect(content().string(AnonymousAuthenticationToken.class.getSimpleName()));
 	}
 
 	@EnableWebSecurity
 	static class AnonymousGrantedAuthorityConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -127,17 +127,18 @@ public class NamespaceHttpAnonymousTests {
 					.authorities("ROLE_ANON");
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void anonymousRequestWhenAnonymousKeyConfiguredThenKeyIsUsed() throws Exception {
 		this.spring.register(AnonymousKeyConfig.class, AnonymousController.class).autowire();
-		this.mvc.perform(get("/key"))
-				.andExpect(content().string(String.valueOf("AnonymousKeyConfig".hashCode())));
+		this.mvc.perform(get("/key")).andExpect(content().string(String.valueOf("AnonymousKeyConfig".hashCode())));
 	}
 
 	@EnableWebSecurity
 	static class AnonymousKeyConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -149,17 +150,18 @@ public class NamespaceHttpAnonymousTests {
 				.anonymous().key("AnonymousKeyConfig");
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void anonymousRequestWhenAnonymousUsernameConfiguredThenUsernameIsUsed() throws Exception {
 		this.spring.register(AnonymousUsernameConfig.class, AnonymousController.class).autowire();
-		this.mvc.perform(get("/principal"))
-				.andExpect(content().string("AnonymousUsernameConfig"));
+		this.mvc.perform(get("/principal")).andExpect(content().string("AnonymousUsernameConfig"));
 	}
 
 	@EnableWebSecurity
 	static class AnonymousUsernameConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -171,39 +173,33 @@ public class NamespaceHttpAnonymousTests {
 				.anonymous().principal("AnonymousUsernameConfig");
 			// @formatter:on
 		}
+
 	}
 
 	@RestController
 	static class AnonymousController {
+
 		@GetMapping("/type")
 		String type() {
-			return anonymousToken()
-					.map(AnonymousAuthenticationToken::getClass)
-					.map(Class::getSimpleName)
-					.orElse(null);
+			return anonymousToken().map(AnonymousAuthenticationToken::getClass).map(Class::getSimpleName).orElse(null);
 		}
 
 		@GetMapping("/key")
 		String key() {
-			return anonymousToken()
-					.map(AnonymousAuthenticationToken::getKeyHash)
-					.map(String::valueOf)
-					.orElse(null);
+			return anonymousToken().map(AnonymousAuthenticationToken::getKeyHash).map(String::valueOf).orElse(null);
 		}
 
 		@GetMapping("/principal")
 		String principal() {
-			return anonymousToken()
-					.map(AnonymousAuthenticationToken::getName)
-					.orElse(null);
+			return anonymousToken().map(AnonymousAuthenticationToken::getName).orElse(null);
 		}
 
 		Optional<AnonymousAuthenticationToken> anonymousToken() {
-			return Optional.of(SecurityContextHolder.getContext())
-					.map(SecurityContext::getAuthentication)
+			return Optional.of(SecurityContextHolder.getContext()).map(SecurityContext::getAuthentication)
 					.filter(a -> a instanceof AnonymousAuthenticationToken)
 					.map(AnonymousAuthenticationToken.class::cast);
 		}
+
 	}
 
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpBasicTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpBasicTests.java
index 30239fcf54..e020066b5e 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpBasicTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpBasicTests.java
@@ -65,25 +65,21 @@ public class NamespaceHttpBasicTests {
 	public void basicAuthenticationWhenUsingDefaultsThenMatchesNamespace() throws Exception {
 		this.spring.register(HttpBasicConfig.class, UserConfig.class).autowire();
 
-		this.mvc.perform(get("/"))
-				.andExpect(status().isUnauthorized());
+		this.mvc.perform(get("/")).andExpect(status().isUnauthorized());
 
-		this.mvc.perform(get("/")
-				.with(httpBasic("user", "invalid")))
-				.andExpect(status().isUnauthorized())
+		this.mvc.perform(get("/").with(httpBasic("user", "invalid"))).andExpect(status().isUnauthorized())
 				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, "Basic realm=\"Realm\""));
 
-		this.mvc.perform(get("/")
-				.with(httpBasic("user", "password")))
-				.andExpect(status().isNotFound());
+		this.mvc.perform(get("/").with(httpBasic("user", "password"))).andExpect(status().isNotFound());
 	}
 
 	@Configuration
 	static class UserConfig {
+
 		@Bean
 		public UserDetailsService userDetailsService() {
 			return new InMemoryUserDetailsManager(
-				// @formatter:off
+			// @formatter:off
 				User.withDefaultPasswordEncoder()
 					.username("user")
 					.password("password")
@@ -92,10 +88,12 @@ public class NamespaceHttpBasicTests {
 				// @formatter:on
 			);
 		}
+
 	}
 
 	@EnableWebSecurity
 	static class HttpBasicConfig extends WebSecurityConfigurerAdapter {
+
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
@@ -105,27 +103,24 @@ public class NamespaceHttpBasicTests {
 				.httpBasic();
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void basicAuthenticationWhenUsingDefaultsInLambdaThenMatchesNamespace() throws Exception {
 		this.spring.register(HttpBasicLambdaConfig.class, UserConfig.class).autowire();
 
-		this.mvc.perform(get("/"))
-				.andExpect(status().isUnauthorized());
+		this.mvc.perform(get("/")).andExpect(status().isUnauthorized());
 
-		this.mvc.perform(get("/")
-				.with(httpBasic("user", "invalid")))
-				.andExpect(status().isUnauthorized())
+		this.mvc.perform(get("/").with(httpBasic("user", "invalid"))).andExpect(status().isUnauthorized())
 				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, "Basic realm=\"Realm\""));
 
-		this.mvc.perform(get("/")
-				.with(httpBasic("user", "password")))
-				.andExpect(status().isNotFound());
+		this.mvc.perform(get("/").with(httpBasic("user", "password"))).andExpect(status().isNotFound());
 	}
 
 	@EnableWebSecurity
 	static class HttpBasicLambdaConfig extends WebSecurityConfigurerAdapter {
+
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
@@ -136,6 +131,7 @@ public class NamespaceHttpBasicTests {
 				.httpBasic(withDefaults());
 			// @formatter:on
 		}
+
 	}
 
 	/**
@@ -145,14 +141,13 @@ public class NamespaceHttpBasicTests {
 	public void basicAuthenticationWhenUsingCustomRealmThenMatchesNamespace() throws Exception {
 		this.spring.register(CustomHttpBasicConfig.class, UserConfig.class).autowire();
 
-		this.mvc.perform(get("/")
-				.with(httpBasic("user", "invalid")))
-				.andExpect(status().isUnauthorized())
+		this.mvc.perform(get("/").with(httpBasic("user", "invalid"))).andExpect(status().isUnauthorized())
 				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, "Basic realm=\"Custom Realm\""));
 	}
 
 	@EnableWebSecurity
 	static class CustomHttpBasicConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -163,20 +158,20 @@ public class NamespaceHttpBasicTests {
 				.httpBasic().realmName("Custom Realm");
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void basicAuthenticationWhenUsingCustomRealmInLambdaThenMatchesNamespace() throws Exception {
 		this.spring.register(CustomHttpBasicLambdaConfig.class, UserConfig.class).autowire();
 
-		this.mvc.perform(get("/")
-				.with(httpBasic("user", "invalid")))
-				.andExpect(status().isUnauthorized())
+		this.mvc.perform(get("/").with(httpBasic("user", "invalid"))).andExpect(status().isUnauthorized())
 				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, "Basic realm=\"Custom Realm\""));
 	}
 
 	@EnableWebSecurity
 	static class CustomHttpBasicLambdaConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -188,6 +183,7 @@ public class NamespaceHttpBasicTests {
 				.httpBasic(httpBasicConfig -> httpBasicConfig.realmName("Custom Realm"));
 			// @formatter:on
 		}
+
 	}
 
 	/**
@@ -197,19 +193,19 @@ public class NamespaceHttpBasicTests {
 	public void basicAuthenticationWhenUsingAuthenticationDetailsSourceRefThenMatchesNamespace() throws Exception {
 		this.spring.register(AuthenticationDetailsSourceHttpBasicConfig.class, UserConfig.class).autowire();
 
-		AuthenticationDetailsSource<HttpServletRequest, ?> source =
-				this.spring.getContext().getBean(AuthenticationDetailsSource.class);
+		AuthenticationDetailsSource<HttpServletRequest, ?> source = this.spring.getContext()
+				.getBean(AuthenticationDetailsSource.class);
 
-		this.mvc.perform(get("/")
-				.with(httpBasic("user", "password")));
+		this.mvc.perform(get("/").with(httpBasic("user", "password")));
 
 		verify(source).buildDetails(any(HttpServletRequest.class));
 	}
 
 	@EnableWebSecurity
 	static class AuthenticationDetailsSourceHttpBasicConfig extends WebSecurityConfigurerAdapter {
-		AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource =
-				mock(AuthenticationDetailsSource.class);
+
+		AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource = mock(
+				AuthenticationDetailsSource.class);
 
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
@@ -224,6 +220,7 @@ public class NamespaceHttpBasicTests {
 		AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource() {
 			return this.authenticationDetailsSource;
 		}
+
 	}
 
 	@Test
@@ -231,19 +228,19 @@ public class NamespaceHttpBasicTests {
 			throws Exception {
 		this.spring.register(AuthenticationDetailsSourceHttpBasicLambdaConfig.class, UserConfig.class).autowire();
 
-		AuthenticationDetailsSource<HttpServletRequest, ?> source =
-				this.spring.getContext().getBean(AuthenticationDetailsSource.class);
+		AuthenticationDetailsSource<HttpServletRequest, ?> source = this.spring.getContext()
+				.getBean(AuthenticationDetailsSource.class);
 
-		this.mvc.perform(get("/")
-				.with(httpBasic("user", "password")));
+		this.mvc.perform(get("/").with(httpBasic("user", "password")));
 
 		verify(source).buildDetails(any(HttpServletRequest.class));
 	}
 
 	@EnableWebSecurity
 	static class AuthenticationDetailsSourceHttpBasicLambdaConfig extends WebSecurityConfigurerAdapter {
-		AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource =
-				mock(AuthenticationDetailsSource.class);
+
+		AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource = mock(
+				AuthenticationDetailsSource.class);
 
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
@@ -258,6 +255,7 @@ public class NamespaceHttpBasicTests {
 		AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource() {
 			return this.authenticationDetailsSource;
 		}
+
 	}
 
 	/**
@@ -267,22 +265,17 @@ public class NamespaceHttpBasicTests {
 	public void basicAuthenticationWhenUsingEntryPointRefThenMatchesNamespace() throws Exception {
 		this.spring.register(EntryPointRefHttpBasicConfig.class, UserConfig.class).autowire();
 
-		this.mvc.perform(get("/"))
-				.andExpect(status().is(999));
+		this.mvc.perform(get("/")).andExpect(status().is(999));
 
-		this.mvc.perform(get("/")
-				.with(httpBasic("user", "invalid")))
-				.andExpect(status().is(999));
+		this.mvc.perform(get("/").with(httpBasic("user", "invalid"))).andExpect(status().is(999));
 
-		this.mvc.perform(get("/")
-				.with(httpBasic("user", "password")))
-				.andExpect(status().isNotFound());
+		this.mvc.perform(get("/").with(httpBasic("user", "password"))).andExpect(status().isNotFound());
 	}
 
 	@EnableWebSecurity
 	static class EntryPointRefHttpBasicConfig extends WebSecurityConfigurerAdapter {
-		AuthenticationEntryPoint authenticationEntryPoint =
-				(request, response, ex) -> response.setStatus(999);
+
+		AuthenticationEntryPoint authenticationEntryPoint = (request, response, ex) -> response.setStatus(999);
 
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
@@ -295,28 +288,24 @@ public class NamespaceHttpBasicTests {
 					.authenticationEntryPoint(this.authenticationEntryPoint);
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void basicAuthenticationWhenUsingEntryPointRefInLambdaThenMatchesNamespace() throws Exception {
 		this.spring.register(EntryPointRefHttpBasicLambdaConfig.class, UserConfig.class).autowire();
 
-		this.mvc.perform(get("/"))
-				.andExpect(status().is(999));
+		this.mvc.perform(get("/")).andExpect(status().is(999));
 
-		this.mvc.perform(get("/")
-				.with(httpBasic("user", "invalid")))
-				.andExpect(status().is(999));
+		this.mvc.perform(get("/").with(httpBasic("user", "invalid"))).andExpect(status().is(999));
 
-		this.mvc.perform(get("/")
-				.with(httpBasic("user", "password")))
-				.andExpect(status().isNotFound());
+		this.mvc.perform(get("/").with(httpBasic("user", "password"))).andExpect(status().isNotFound());
 	}
 
 	@EnableWebSecurity
 	static class EntryPointRefHttpBasicLambdaConfig extends WebSecurityConfigurerAdapter {
-		AuthenticationEntryPoint authenticationEntryPoint =
-				(request, response, ex) -> response.setStatus(999);
+
+		AuthenticationEntryPoint authenticationEntryPoint = (request, response, ex) -> response.setStatus(999);
 
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
@@ -330,5 +319,7 @@ public class NamespaceHttpBasicTests {
 						httpBasicConfig.authenticationEntryPoint(this.authenticationEntryPoint));
 			// @formatter:on
 		}
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpCustomFilterTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpCustomFilterTests.java
index 9c504e0c8f..4bc72dc12c 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpCustomFilterTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpCustomFilterTests.java
@@ -15,7 +15,6 @@
  */
 package org.springframework.security.config.annotation.web.configurers;
 
-
 import java.io.IOException;
 import java.util.List;
 import java.util.stream.Collectors;
@@ -66,6 +65,7 @@ public class NamespaceHttpCustomFilterTests {
 
 	@EnableWebSecurity
 	static class CustomFilterBeforeConfig extends WebSecurityConfigurerAdapter {
+
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
@@ -73,6 +73,7 @@ public class NamespaceHttpCustomFilterTests {
 				.formLogin();
 			// @formatter:on
 		}
+
 	}
 
 	@Test
@@ -83,6 +84,7 @@ public class NamespaceHttpCustomFilterTests {
 
 	@EnableWebSecurity
 	static class CustomFilterAfterConfig extends WebSecurityConfigurerAdapter {
+
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
@@ -90,6 +92,7 @@ public class NamespaceHttpCustomFilterTests {
 				.formLogin();
 			// @formatter:on
 		}
+
 	}
 
 	@Test
@@ -100,6 +103,7 @@ public class NamespaceHttpCustomFilterTests {
 
 	@EnableWebSecurity
 	static class CustomFilterPositionConfig extends WebSecurityConfigurerAdapter {
+
 		CustomFilterPositionConfig() {
 			// do not add the default filters to make testing easier
 			super(true);
@@ -113,8 +117,8 @@ public class NamespaceHttpCustomFilterTests {
 				.addFilter(new CustomFilter());
 			// @formatter:on
 		}
-	}
 
+	}
 
 	@Test
 	public void getFiltersWhenFilterAddedAtPositionThenBehaviorMatchesNamespace() {
@@ -124,6 +128,7 @@ public class NamespaceHttpCustomFilterTests {
 
 	@EnableWebSecurity
 	static class CustomFilterPositionAtConfig extends WebSecurityConfigurerAdapter {
+
 		CustomFilterPositionAtConfig() {
 			// do not add the default filters to make testing easier
 			super(true);
@@ -135,6 +140,7 @@ public class NamespaceHttpCustomFilterTests {
 				.addFilterAt(new OtherCustomFilter(), UsernamePasswordAuthenticationFilter.class);
 			// @formatter:on
 		}
+
 	}
 
 	@Test
@@ -145,6 +151,7 @@ public class NamespaceHttpCustomFilterTests {
 
 	@EnableWebSecurity
 	static class NoAuthenticationManagerInHttpConfigurationConfig extends WebSecurityConfigurerAdapter {
+
 		NoAuthenticationManagerInHttpConfigurationConfig() {
 			super(true);
 		}
@@ -163,14 +170,16 @@ public class NamespaceHttpCustomFilterTests {
 				.addFilterBefore(new CustomFilter(), UsernamePasswordAuthenticationFilter.class);
 			// @formatter:on
 		}
+
 	}
 
 	@Configuration
 	static class UserDetailsServiceConfig {
+
 		@Bean
 		public UserDetailsService userDetailsService() {
 			return new InMemoryUserDetailsManager(
-					// @formatter:off
+			// @formatter:off
 					User.withDefaultPasswordEncoder()
 							.username("user")
 							.password("password")
@@ -178,28 +187,35 @@ public class NamespaceHttpCustomFilterTests {
 							.build());
 					// @formatter:on
 		}
+
+	}
+
+	static class CustomFilter extends UsernamePasswordAuthenticationFilter {
+
 	}
 
-	static class CustomFilter extends UsernamePasswordAuthenticationFilter {}
 	static class OtherCustomFilter extends OncePerRequestFilter {
-		protected void doFilterInternal(
-				HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
-		throws ServletException, IOException {
+
+		protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
+				FilterChain filterChain) throws ServletException, IOException {
 			filterChain.doFilter(request, response);
 		}
+
 	}
 
 	static class CustomAuthenticationManager implements AuthenticationManager {
-		public Authentication authenticate(Authentication authentication)
-				throws AuthenticationException {
+
+		public Authentication authenticate(Authentication authentication) throws AuthenticationException {
 			return null;
 		}
+
 	}
 
 	private ListAssert<Class<?>> assertThatFilters() {
 		FilterChainProxy filterChain = this.spring.getContext().getBean(FilterChainProxy.class);
-		List<Class<?>> filters = filterChain.getFilters("/").stream()
-				.map(Object::getClass).collect(Collectors.toList());
+		List<Class<?>> filters = filterChain.getFilters("/").stream().map(Object::getClass)
+				.collect(Collectors.toList());
 		return assertThat(filters);
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpExpressionHandlerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpExpressionHandlerTests.java
index 7bea9d6eac..9b3e68ad68 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpExpressionHandlerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpExpressionHandlerTests.java
@@ -15,7 +15,6 @@
  */
 package org.springframework.security.config.annotation.web.configurers;
 
-
 import java.security.Principal;
 
 import org.junit.Rule;
@@ -46,7 +45,8 @@ import static org.springframework.test.web.servlet.request.MockMvcRequestBuilder
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content;
 
 /**
- * Tests to verify that all the functionality of <expression-handler> attributes is present
+ * Tests to verify that all the functionality of <expression-handler> attributes is
+ * present
  *
  * @author Rob Winch
  * @author Josh Cummings
@@ -73,7 +73,9 @@ public class NamespaceHttpExpressionHandlerTests {
 	@EnableWebMvc
 	@EnableWebSecurity
 	private static class ExpressionHandlerConfig extends WebSecurityConfigurerAdapter {
-		ExpressionHandlerConfig() {}
+
+		ExpressionHandlerConfig() {
+		}
 
 		@Override
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
@@ -100,17 +102,21 @@ public class NamespaceHttpExpressionHandlerTests {
 		ExpressionParser expressionParser() {
 			return spy(new SpelExpressionParser());
 		}
+
 	}
 
 	@RestController
 	private static class ExpressionHandlerController {
+
 		@GetMapping("/whoami")
 		String whoami(Principal user) {
 			return user.getName();
 		}
+
 	}
 
 	private <T> T verifyBean(String beanName, Class<T> beanClass) {
 		return verify(this.spring.getContext().getBean(beanName, beanClass));
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFirewallTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFirewallTests.java
index 63876be7f9..75b24bdd09 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFirewallTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFirewallTests.java
@@ -52,12 +52,13 @@ public class NamespaceHttpFirewallTests {
 	@Test
 	public void requestWhenPathContainsDoubleDotsThenBehaviorMatchesNamespace() {
 		this.rule.register(HttpFirewallConfig.class).autowire();
-		assertThatCode(() -> this.mvc.perform(get("/public/../private/")))
-				.isInstanceOf(RequestRejectedException.class);
+		assertThatCode(() -> this.mvc.perform(get("/public/../private/"))).isInstanceOf(RequestRejectedException.class);
 	}
 
 	@EnableWebSecurity
-	static class HttpFirewallConfig {}
+	static class HttpFirewallConfig {
+
+	}
 
 	@Test
 	public void requestWithCustomFirewallThenBehaviorMatchesNamespace() {
@@ -68,11 +69,12 @@ public class NamespaceHttpFirewallTests {
 
 	@EnableWebSecurity
 	static class CustomHttpFirewallConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		public void configure(WebSecurity web) {
-			web
-				.httpFirewall(new CustomHttpFirewall());
+			web.httpFirewall(new CustomHttpFirewall());
 		}
+
 	}
 
 	@Test
@@ -84,21 +86,24 @@ public class NamespaceHttpFirewallTests {
 
 	@EnableWebSecurity
 	static class CustomHttpFirewallBeanConfig {
+
 		@Bean
 		HttpFirewall firewall() {
 			return new CustomHttpFirewall();
 		}
+
 	}
 
 	static class CustomHttpFirewall extends DefaultHttpFirewall {
 
 		@Override
-		public FirewalledRequest getFirewalledRequest(HttpServletRequest request)
-				throws RequestRejectedException {
+		public FirewalledRequest getFirewalledRequest(HttpServletRequest request) throws RequestRejectedException {
 			if (request.getParameter("deny") != null) {
 				throw new RequestRejectedException("custom rejection");
 			}
 			return super.getFirewalledRequest(request);
 		}
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFormLoginTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFormLoginTests.java
index 04fd811943..66f4a2c207 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFormLoginTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFormLoginTests.java
@@ -59,22 +59,15 @@ public class NamespaceHttpFormLoginTests {
 	@Autowired
 	MockMvc mvc;
 
-
 	@Test
 	public void formLoginWhenDefaultConfigurationThenMatchesNamespace() throws Exception {
 		this.spring.register(FormLoginConfig.class, UserDetailsServiceConfig.class).autowire();
 
-		this.mvc.perform(get("/"))
-				.andExpect(redirectedUrl("http://localhost/login"));
+		this.mvc.perform(get("/")).andExpect(redirectedUrl("http://localhost/login"));
 
-		this.mvc.perform(post("/login")
-				.with(csrf()))
-				.andExpect(redirectedUrl("/login?error"));
+		this.mvc.perform(post("/login").with(csrf())).andExpect(redirectedUrl("/login?error"));
 
-		this.mvc.perform(post("/login")
-				.param("username", "user")
-				.param("password", "password")
-				.with(csrf()))
+		this.mvc.perform(post("/login").param("username", "user").param("password", "password").with(csrf()))
 				.andExpect(redirectedUrl("/"));
 	}
 
@@ -83,9 +76,7 @@ public class NamespaceHttpFormLoginTests {
 
 		@Override
 		public void configure(WebSecurity web) {
-			web
-				.ignoring()
-					.antMatchers("/resources/**");
+			web.ignoring().antMatchers("/resources/**");
 		}
 
 		@Override
@@ -98,28 +89,25 @@ public class NamespaceHttpFormLoginTests {
 				.formLogin();
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void formLoginWithCustomEndpointsThenBehaviorMatchesNamespace() throws Exception {
 		this.spring.register(FormLoginCustomConfig.class, UserDetailsServiceConfig.class).autowire();
 
-		this.mvc.perform(get("/"))
-				.andExpect(redirectedUrl("http://localhost/authentication/login"));
+		this.mvc.perform(get("/")).andExpect(redirectedUrl("http://localhost/authentication/login"));
 
-		this.mvc.perform(post("/authentication/login/process")
-				.with(csrf()))
+		this.mvc.perform(post("/authentication/login/process").with(csrf()))
 				.andExpect(redirectedUrl("/authentication/login?failed"));
 
-		this.mvc.perform(post("/authentication/login/process")
-				.param("username", "user")
-				.param("password", "password")
-				.with(csrf()))
-				.andExpect(redirectedUrl("/default"));
+		this.mvc.perform(post("/authentication/login/process").param("username", "user").param("password", "password")
+				.with(csrf())).andExpect(redirectedUrl("/default"));
 	}
 
 	@EnableWebSecurity
 	static class FormLoginCustomConfig extends WebSecurityConfigurerAdapter {
+
 		protected void configure(HttpSecurity http) throws Exception {
 			boolean alwaysUseDefaultSuccess = true;
 			// @formatter:off
@@ -136,32 +124,27 @@ public class NamespaceHttpFormLoginTests {
 					.defaultSuccessUrl("/default", alwaysUseDefaultSuccess); // form-login@default-target-url / form-login@always-use-default-target
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void formLoginWithCustomHandlersThenBehaviorMatchesNamespace() throws Exception {
 		this.spring.register(FormLoginCustomRefsConfig.class, UserDetailsServiceConfig.class).autowire();
 
-		this.mvc.perform(get("/"))
-				.andExpect(redirectedUrl("http://localhost/login"));
+		this.mvc.perform(get("/")).andExpect(redirectedUrl("http://localhost/login"));
 
-		this.mvc.perform(post("/login")
-				.with(csrf()))
-				.andExpect(redirectedUrl("/custom/failure"));
+		this.mvc.perform(post("/login").with(csrf())).andExpect(redirectedUrl("/custom/failure"));
 		verifyBean(WebAuthenticationDetailsSource.class).buildDetails(any(HttpServletRequest.class));
 
-		this.mvc.perform(post("/login")
-				.param("username", "user")
-				.param("password", "password")
-				.with(csrf()))
+		this.mvc.perform(post("/login").param("username", "user").param("password", "password").with(csrf()))
 				.andExpect(redirectedUrl("/custom/targetUrl"));
 	}
 
 	@EnableWebSecurity
 	static class FormLoginCustomRefsConfig extends WebSecurityConfigurerAdapter {
+
 		protected void configure(HttpSecurity http) throws Exception {
-			SavedRequestAwareAuthenticationSuccessHandler successHandler =
-					new SavedRequestAwareAuthenticationSuccessHandler();
+			SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
 			successHandler.setDefaultTargetUrl("/custom/targetUrl");
 			// @formatter:off
 			http
@@ -181,14 +164,16 @@ public class NamespaceHttpFormLoginTests {
 		WebAuthenticationDetailsSource authenticationDetailsSource() {
 			return spy(WebAuthenticationDetailsSource.class);
 		}
+
 	}
 
 	@Configuration
 	static class UserDetailsServiceConfig {
+
 		@Bean
 		public UserDetailsService userDetailsService() {
 			return new InMemoryUserDetailsManager(
-					// @formatter:off
+			// @formatter:off
 					User.withDefaultPasswordEncoder()
 							.username("user")
 							.password("password")
@@ -196,9 +181,11 @@ public class NamespaceHttpFormLoginTests {
 							.build());
 					// @formatter:on
 		}
+
 	}
 
 	private <T> T verifyBean(Class<T> beanClass) {
 		return verify(this.spring.getContext().getBean(beanClass));
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpHeadersTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpHeadersTests.java
index 22a29ce700..6c92e4a2f3 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpHeadersTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpHeadersTests.java
@@ -47,6 +47,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
  *
  */
 public class NamespaceHttpHeadersTests {
+
 	static final Map<String, String> defaultHeaders = new LinkedHashMap<>();
 
 	static {
@@ -69,12 +70,12 @@ public class NamespaceHttpHeadersTests {
 	public void secureRequestWhenDefaultConfigThenBehaviorMatchesNamespace() throws Exception {
 		this.spring.register(HeadersDefaultConfig.class).autowire();
 
-		this.mvc.perform(get("/").secure(true))
-				.andExpect(includesDefaults());
+		this.mvc.perform(get("/").secure(true)).andExpect(includesDefaults());
 	}
 
 	@EnableWebSecurity
 	static class HeadersDefaultConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -82,18 +83,19 @@ public class NamespaceHttpHeadersTests {
 				.headers();
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void secureRequestWhenCacheControlOnlyThenBehaviorMatchesNamespace() throws Exception {
 		this.spring.register(HeadersCacheControlConfig.class).autowire();
 
-		this.mvc.perform(get("/").secure(true))
-				.andExpect(includes("Cache-Control", "Expires", "Pragma"));
+		this.mvc.perform(get("/").secure(true)).andExpect(includes("Cache-Control", "Expires", "Pragma"));
 	}
 
 	@EnableWebSecurity
 	static class HeadersCacheControlConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -103,18 +105,19 @@ public class NamespaceHttpHeadersTests {
 					.cacheControl();
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void secureRequestWhenHstsOnlyThenBehaviorMatchesNamespace() throws Exception {
 		this.spring.register(HstsConfig.class).autowire();
 
-		this.mvc.perform(get("/").secure(true))
-				.andExpect(includes("Strict-Transport-Security"));
+		this.mvc.perform(get("/").secure(true)).andExpect(includes("Strict-Transport-Security"));
 	}
 
 	@EnableWebSecurity
 	static class HstsConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -124,6 +127,7 @@ public class NamespaceHttpHeadersTests {
 					.httpStrictTransportSecurity();
 			// @formatter:on
 		}
+
 	}
 
 	@Test
@@ -136,6 +140,7 @@ public class NamespaceHttpHeadersTests {
 
 	@EnableWebSecurity
 	static class HstsCustomConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -149,18 +154,19 @@ public class NamespaceHttpHeadersTests {
 						.includeSubDomains(false);
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void requestWhenFrameOptionsSameOriginThenBehaviorMatchesNamespace() throws Exception {
 		this.spring.register(FrameOptionsSameOriginConfig.class).autowire();
 
-		this.mvc.perform(get("/"))
-				.andExpect(includes(Collections.singletonMap("X-Frame-Options", "SAMEORIGIN")));
+		this.mvc.perform(get("/")).andExpect(includes(Collections.singletonMap("X-Frame-Options", "SAMEORIGIN")));
 	}
 
 	@EnableWebSecurity
 	static class FrameOptionsSameOriginConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -172,9 +178,11 @@ public class NamespaceHttpHeadersTests {
 						.sameOrigin();
 			// @formatter:on
 		}
+
 	}
 
-	// frame-options@strategy, frame-options@value, frame-options@parameter are not provided instead use frame-options@ref
+	// frame-options@strategy, frame-options@value, frame-options@parameter are not
+	// provided instead use frame-options@ref
 
 	@Test
 	public void requestWhenFrameOptionsAllowFromThenBehaviorMatchesNamespace() throws Exception {
@@ -186,6 +194,7 @@ public class NamespaceHttpHeadersTests {
 
 	@EnableWebSecurity
 	static class FrameOptionsAllowFromConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -197,18 +206,19 @@ public class NamespaceHttpHeadersTests {
 							new StaticAllowFromStrategy(URI.create("https://example.com"))));
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void requestWhenXssOnlyThenBehaviorMatchesNamespace() throws Exception {
 		this.spring.register(XssProtectionConfig.class).autowire();
 
-		this.mvc.perform(get("/"))
-				.andExpect(includes("X-XSS-Protection"));
+		this.mvc.perform(get("/")).andExpect(includes("X-XSS-Protection"));
 	}
 
 	@EnableWebSecurity
 	static class XssProtectionConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -219,18 +229,19 @@ public class NamespaceHttpHeadersTests {
 					.xssProtection();
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void requestWhenXssCustomThenBehaviorMatchesNamespace() throws Exception {
 		this.spring.register(XssProtectionCustomConfig.class).autowire();
 
-		this.mvc.perform(get("/"))
-				.andExpect(includes(Collections.singletonMap("X-XSS-Protection", "1")));
+		this.mvc.perform(get("/")).andExpect(includes(Collections.singletonMap("X-XSS-Protection", "1")));
 	}
 
 	@EnableWebSecurity
 	static class XssProtectionCustomConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -243,18 +254,19 @@ public class NamespaceHttpHeadersTests {
 						.block(false);
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void requestWhenXContentTypeOptionsOnlyThenBehaviorMatchesNamespace() throws Exception {
 		this.spring.register(ContentTypeOptionsConfig.class).autowire();
 
-		this.mvc.perform(get("/"))
-				.andExpect(includes("X-Content-Type-Options"));
+		this.mvc.perform(get("/")).andExpect(includes("X-Content-Type-Options"));
 	}
 
 	@EnableWebSecurity
 	static class ContentTypeOptionsConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -265,6 +277,7 @@ public class NamespaceHttpHeadersTests {
 					.contentTypeOptions();
 			// @formatter:on
 		}
+
 	}
 
 	// header@name / header@value are not provided instead use header@ref
@@ -279,6 +292,7 @@ public class NamespaceHttpHeadersTests {
 
 	@EnableWebSecurity
 	static class HeaderRefConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -288,6 +302,7 @@ public class NamespaceHttpHeadersTests {
 					.addHeaderWriter(new StaticHeadersWriter("customHeaderName", "customHeaderValue"));
 			// @formatter:on
 		}
+
 	}
 
 	private static ResultMatcher includesDefaults() {
@@ -310,4 +325,5 @@ public class NamespaceHttpHeadersTests {
 			}
 		};
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpInterceptUrlTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpInterceptUrlTests.java
index bea987ff28..5e2f6e1fd7 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpInterceptUrlTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpInterceptUrlTests.java
@@ -59,45 +59,32 @@ public class NamespaceHttpInterceptUrlTests {
 	public void unauthenticatedRequestWhenUrlRequiresAuthenticationThenBehaviorMatchesNamespace() throws Exception {
 		this.spring.register(HttpInterceptUrlConfig.class).autowire();
 
-		this.mvc.perform(get("/users"))
-				.andExpect(status().isForbidden());
+		this.mvc.perform(get("/users")).andExpect(status().isForbidden());
 	}
 
 	@Test
 	public void authenticatedRequestWhenUrlRequiresElevatedPrivilegesThenBehaviorMatchesNamespace() throws Exception {
 		this.spring.register(HttpInterceptUrlConfig.class).autowire();
 
-
-		this.mvc.perform(get("/users")
-				.with(authentication(user("ROLE_USER"))))
-				.andExpect(status().isForbidden());
+		this.mvc.perform(get("/users").with(authentication(user("ROLE_USER")))).andExpect(status().isForbidden());
 	}
 
 	@Test
 	public void authenticatedRequestWhenAuthorizedThenBehaviorMatchesNamespace() throws Exception {
 		this.spring.register(HttpInterceptUrlConfig.class, BaseController.class).autowire();
 
-		this.mvc.perform(get("/users")
-				.with(authentication(user("ROLE_ADMIN"))))
-				.andExpect(status().isOk())
-				.andReturn();
+		this.mvc.perform(get("/users").with(authentication(user("ROLE_ADMIN")))).andExpect(status().isOk()).andReturn();
 	}
 
 	@Test
 	public void requestWhenMappedByPostInterceptUrlThenBehaviorMatchesNamespace() throws Exception {
 		this.spring.register(HttpInterceptUrlConfig.class, BaseController.class).autowire();
 
-		this.mvc.perform(get("/admin/post")
-				.with(authentication(user("ROLE_USER"))))
-				.andExpect(status().isOk());
+		this.mvc.perform(get("/admin/post").with(authentication(user("ROLE_USER")))).andExpect(status().isOk());
 
-		this.mvc.perform(post("/admin/post")
-				.with(authentication(user("ROLE_USER"))))
-				.andExpect(status().isForbidden());
+		this.mvc.perform(post("/admin/post").with(authentication(user("ROLE_USER")))).andExpect(status().isForbidden());
 
-		this.mvc.perform(post("/admin/post")
-				.with(csrf())
-				.with(authentication(user("ROLE_ADMIN"))))
+		this.mvc.perform(post("/admin/post").with(csrf()).with(authentication(user("ROLE_ADMIN"))))
 				.andExpect(status().isOk());
 	}
 
@@ -105,14 +92,11 @@ public class NamespaceHttpInterceptUrlTests {
 	public void requestWhenRequiresChannelThenBehaviorMatchesNamespace() throws Exception {
 		this.spring.register(HttpInterceptUrlConfig.class).autowire();
 
-		this.mvc.perform(get("/login"))
-				.andExpect(redirectedUrl("https://localhost/login"));
+		this.mvc.perform(get("/login")).andExpect(redirectedUrl("https://localhost/login"));
 
-		this.mvc.perform(get("/secured/a"))
-				.andExpect(redirectedUrl("https://localhost/secured/a"));
+		this.mvc.perform(get("/secured/a")).andExpect(redirectedUrl("https://localhost/secured/a"));
 
-		this.mvc.perform(get("https://localhost/user"))
-				.andExpect(redirectedUrl("http://localhost/user"));
+		this.mvc.perform(get("https://localhost/user")).andExpect(redirectedUrl("http://localhost/user"));
 	}
 
 	@EnableWebSecurity
@@ -154,10 +138,12 @@ public class NamespaceHttpInterceptUrlTests {
 					.withUser("admin").password("password").roles("USER", "ADMIN");
 			// @formatter:on
 		}
+
 	}
 
 	@RestController
 	static class BaseController {
+
 		@GetMapping("/users")
 		public String users() {
 			return "ok";
@@ -182,6 +168,7 @@ public class NamespaceHttpInterceptUrlTests {
 		public String signup() {
 			return "signup";
 		}
+
 	}
 
 	private static Authentication user(String role) {
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpJeeTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpJeeTests.java
index f9841f024a..be01d6b2cf 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpJeeTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpJeeTests.java
@@ -15,7 +15,6 @@
  */
 package org.springframework.security.config.annotation.web.configurers;
 
-
 import java.security.Principal;
 import java.util.stream.Collectors;
 
@@ -66,16 +65,12 @@ public class NamespaceHttpJeeTests {
 		Principal user = mock(Principal.class);
 		when(user.getName()).thenReturn("joe");
 
-		this.mvc.perform(get("/roles")
-				.principal(user)
-				.with(request -> {
-					request.addUserRole("ROLE_admin");
-					request.addUserRole("ROLE_user");
-					request.addUserRole("ROLE_unmapped");
-					return request;
-				}))
-				.andExpect(status().isOk())
-				.andExpect(content().string("ROLE_admin,ROLE_user"));
+		this.mvc.perform(get("/roles").principal(user).with(request -> {
+			request.addUserRole("ROLE_admin");
+			request.addUserRole("ROLE_user");
+			request.addUserRole("ROLE_unmapped");
+			return request;
+		})).andExpect(status().isOk()).andExpect(content().string("ROLE_admin,ROLE_user"));
 	}
 
 	@EnableWebSecurity
@@ -92,6 +87,7 @@ public class NamespaceHttpJeeTests {
 					.mappableRoles("user", "admin");
 			// @formatter:on
 		}
+
 	}
 
 	@Test
@@ -104,12 +100,9 @@ public class NamespaceHttpJeeTests {
 		User result = new User(user.getName(), "N/A", true, true, true, true,
 				AuthorityUtils.createAuthorityList("ROLE_user"));
 
-		when(bean(AuthenticationUserDetailsService.class).loadUserDetails(any()))
-				.thenReturn(result);
+		when(bean(AuthenticationUserDetailsService.class).loadUserDetails(any())).thenReturn(result);
 
-		this.mvc.perform(get("/roles")
-				.principal(user))
-				.andExpect(status().isOk())
+		this.mvc.perform(get("/roles").principal(user)).andExpect(status().isOk())
 				.andExpect(content().string("ROLE_user"));
 
 		verifyBean(AuthenticationUserDetailsService.class).loadUserDetails(any());
@@ -117,8 +110,9 @@ public class NamespaceHttpJeeTests {
 
 	@EnableWebSecurity
 	public static class JeeUserServiceRefConfig extends WebSecurityConfigurerAdapter {
-		private final AuthenticationUserDetailsService authenticationUserDetailsService =
-				mock(AuthenticationUserDetailsService.class);
+
+		private final AuthenticationUserDetailsService authenticationUserDetailsService = mock(
+				AuthenticationUserDetailsService.class);
 
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
@@ -137,10 +131,12 @@ public class NamespaceHttpJeeTests {
 		public AuthenticationUserDetailsService authenticationUserDetailsService() {
 			return this.authenticationUserDetailsService;
 		}
+
 	}
 
 	@RestController
 	static class BaseController {
+
 		@GetMapping("/authenticated")
 		public String authenticated(Authentication authentication) {
 			return authentication.getName();
@@ -148,9 +144,9 @@ public class NamespaceHttpJeeTests {
 
 		@GetMapping("/roles")
 		public String roles(Authentication authentication) {
-			return authentication.getAuthorities().stream()
-					.map(Object::toString).collect(Collectors.joining(","));
+			return authentication.getAuthorities().stream().map(Object::toString).collect(Collectors.joining(","));
 		}
+
 	}
 
 	private <T> T bean(Class<T> beanClass) {
@@ -160,4 +156,5 @@ public class NamespaceHttpJeeTests {
 	private <T> T verifyBean(Class<T> beanClass) {
 		return verify(this.spring.getContext().getBean(beanClass));
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpLogoutTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpLogoutTests.java
index 6a74081ee4..23cc3dbdf4 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpLogoutTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpLogoutTests.java
@@ -71,18 +71,17 @@ public class NamespaceHttpLogoutTests {
 	public void logoutWhenUsingDefaultsThenMatchesNamespace() throws Exception {
 		this.spring.register(HttpLogoutConfig.class).autowire();
 
-		this.mvc.perform(post("/logout").with(csrf()))
-				.andExpect(authenticated(false))
-				.andExpect(redirectedUrl("/login?logout"))
-				.andExpect(noCookies())
-				.andExpect(session(Objects::isNull));
+		this.mvc.perform(post("/logout").with(csrf())).andExpect(authenticated(false))
+				.andExpect(redirectedUrl("/login?logout")).andExpect(noCookies()).andExpect(session(Objects::isNull));
 	}
 
 	@EnableWebSecurity
 	static class HttpLogoutConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) {
 		}
+
 	}
 
 	@Test
@@ -90,16 +89,17 @@ public class NamespaceHttpLogoutTests {
 	public void logoutWhenDisabledInLambdaThenRespondsWithNotFound() throws Exception {
 		this.spring.register(HttpLogoutDisabledInLambdaConfig.class).autowire();
 
-		this.mvc.perform(post("/logout").with(csrf()).with(user("user")))
-				.andExpect(status().isNotFound());
+		this.mvc.perform(post("/logout").with(csrf()).with(user("user"))).andExpect(status().isNotFound());
 	}
 
 	@EnableWebSecurity
 	static class HttpLogoutDisabledInLambdaConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			http.logout(AbstractHttpConfigurer::disable);
 		}
+
 	}
 
 	/**
@@ -110,16 +110,15 @@ public class NamespaceHttpLogoutTests {
 	public void logoutWhenUsingVariousCustomizationsMatchesNamespace() throws Exception {
 		this.spring.register(CustomHttpLogoutConfig.class).autowire();
 
-		this.mvc.perform(post("/custom-logout").with(csrf()))
-				.andExpect(authenticated(false))
+		this.mvc.perform(post("/custom-logout").with(csrf())).andExpect(authenticated(false))
 				.andExpect(redirectedUrl("/logout-success"))
 				.andExpect(result -> assertThat(result.getResponse().getCookies()).hasSize(1))
-				.andExpect(cookie().maxAge("remove", 0))
-				.andExpect(session(Objects::nonNull));
+				.andExpect(cookie().maxAge("remove", 0)).andExpect(session(Objects::nonNull));
 	}
 
 	@EnableWebSecurity
 	static class CustomHttpLogoutConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -131,6 +130,7 @@ public class NamespaceHttpLogoutTests {
 					.logoutSuccessUrl("/logout-success"); // logout@success-url (default is /login?logout)
 			// @formatter:on
 		}
+
 	}
 
 	@Test
@@ -138,16 +138,15 @@ public class NamespaceHttpLogoutTests {
 	public void logoutWhenUsingVariousCustomizationsInLambdaThenMatchesNamespace() throws Exception {
 		this.spring.register(CustomHttpLogoutInLambdaConfig.class).autowire();
 
-		this.mvc.perform(post("/custom-logout").with(csrf()))
-				.andExpect(authenticated(false))
+		this.mvc.perform(post("/custom-logout").with(csrf())).andExpect(authenticated(false))
 				.andExpect(redirectedUrl("/logout-success"))
 				.andExpect(result -> assertThat(result.getResponse().getCookies()).hasSize(1))
-				.andExpect(cookie().maxAge("remove", 0))
-				.andExpect(session(Objects::nonNull));
+				.andExpect(cookie().maxAge("remove", 0)).andExpect(session(Objects::nonNull));
 	}
 
 	@EnableWebSecurity
 	static class CustomHttpLogoutInLambdaConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -160,6 +159,7 @@ public class NamespaceHttpLogoutTests {
 				);
 			// @formatter:on
 		}
+
 	}
 
 	/**
@@ -170,19 +170,17 @@ public class NamespaceHttpLogoutTests {
 	public void logoutWhenUsingSuccessHandlerRefThenMatchesNamespace() throws Exception {
 		this.spring.register(SuccessHandlerRefHttpLogoutConfig.class).autowire();
 
-		this.mvc.perform(post("/logout").with(csrf()))
-				.andExpect(authenticated(false))
-				.andExpect(redirectedUrl("/SuccessHandlerRefHttpLogoutConfig"))
-				.andExpect(noCookies())
+		this.mvc.perform(post("/logout").with(csrf())).andExpect(authenticated(false))
+				.andExpect(redirectedUrl("/SuccessHandlerRefHttpLogoutConfig")).andExpect(noCookies())
 				.andExpect(session(Objects::isNull));
 	}
 
 	@EnableWebSecurity
 	static class SuccessHandlerRefHttpLogoutConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
-			SimpleUrlLogoutSuccessHandler logoutSuccessHandler =
-					new SimpleUrlLogoutSuccessHandler();
+			SimpleUrlLogoutSuccessHandler logoutSuccessHandler = new SimpleUrlLogoutSuccessHandler();
 			logoutSuccessHandler.setDefaultTargetUrl("/SuccessHandlerRefHttpLogoutConfig");
 			// @formatter:off
 			http
@@ -190,6 +188,7 @@ public class NamespaceHttpLogoutTests {
 					.logoutSuccessHandler(logoutSuccessHandler);
 			// @formatter:on
 		}
+
 	}
 
 	@Test
@@ -197,15 +196,14 @@ public class NamespaceHttpLogoutTests {
 	public void logoutWhenUsingSuccessHandlerRefInLambdaThenMatchesNamespace() throws Exception {
 		this.spring.register(SuccessHandlerRefHttpLogoutInLambdaConfig.class).autowire();
 
-		this.mvc.perform(post("/logout").with(csrf()))
-				.andExpect(authenticated(false))
-				.andExpect(redirectedUrl("/SuccessHandlerRefHttpLogoutConfig"))
-				.andExpect(noCookies())
+		this.mvc.perform(post("/logout").with(csrf())).andExpect(authenticated(false))
+				.andExpect(redirectedUrl("/SuccessHandlerRefHttpLogoutConfig")).andExpect(noCookies())
 				.andExpect(session(Objects::isNull));
 	}
 
 	@EnableWebSecurity
 	static class SuccessHandlerRefHttpLogoutInLambdaConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			SimpleUrlLogoutSuccessHandler logoutSuccessHandler = new SimpleUrlLogoutSuccessHandler();
@@ -216,13 +214,12 @@ public class NamespaceHttpLogoutTests {
 				.logout(logout -> logout.logoutSuccessHandler(logoutSuccessHandler));
 			// @formatter:on
 		}
+
 	}
 
 	ResultMatcher authenticated(boolean authenticated) {
-		return result -> assertThat(
-				Optional.ofNullable(SecurityContextHolder.getContext().getAuthentication())
-						.map(Authentication::isAuthenticated)
-						.orElse(false)).isEqualTo(authenticated);
+		return result -> assertThat(Optional.ofNullable(SecurityContextHolder.getContext().getAuthentication())
+				.map(Authentication::isAuthenticated).orElse(false)).isEqualTo(authenticated);
 	}
 
 	ResultMatcher noCookies() {
@@ -233,4 +230,5 @@ public class NamespaceHttpLogoutTests {
 		return result -> assertThat(result.getRequest().getSession(false))
 				.is(new Condition<HttpSession>(sessionPredicate, "sessionPredicate failed"));
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpOpenIDLoginTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpOpenIDLoginTests.java
index 7687bab5d5..ca2ab7c267 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpOpenIDLoginTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpOpenIDLoginTests.java
@@ -86,15 +86,14 @@ public class NamespaceHttpOpenIDLoginTests {
 	@Test
 	public void openidLoginWhenUsingDefaultsThenMatchesNamespace() throws Exception {
 		this.spring.register(OpenIDLoginConfig.class).autowire();
-		this.mvc.perform(get("/"))
-				.andExpect(redirectedUrl("http://localhost/login"));
-		this.mvc.perform(post("/login/openid").with(csrf()))
-				.andExpect(redirectedUrl("/login?error"));
+		this.mvc.perform(get("/")).andExpect(redirectedUrl("http://localhost/login"));
+		this.mvc.perform(post("/login/openid").with(csrf())).andExpect(redirectedUrl("/login?error"));
 	}
 
 	@Configuration
 	@EnableWebSecurity
 	static class OpenIDLoginConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -106,6 +105,7 @@ public class NamespaceHttpOpenIDLoginTests {
 					.permitAll();
 			// @formatter:on
 		}
+
 	}
 
 	@Test
@@ -114,49 +114,42 @@ public class NamespaceHttpOpenIDLoginTests {
 		AuthRequest mockAuthRequest = mock(AuthRequest.class);
 		DiscoveryInformation mockDiscoveryInformation = mock(DiscoveryInformation.class);
 		when(mockAuthRequest.getDestinationUrl(anyBoolean())).thenReturn("mockUrl");
-		when(OpenIDLoginAttributeExchangeConfig.CONSUMER_MANAGER.associate(any()))
-				.thenReturn(mockDiscoveryInformation);
-		when(OpenIDLoginAttributeExchangeConfig.CONSUMER_MANAGER.authenticate(any(DiscoveryInformation.class), any(), any()))
-				.thenReturn(mockAuthRequest);
+		when(OpenIDLoginAttributeExchangeConfig.CONSUMER_MANAGER.associate(any())).thenReturn(mockDiscoveryInformation);
+		when(OpenIDLoginAttributeExchangeConfig.CONSUMER_MANAGER.authenticate(any(DiscoveryInformation.class), any(),
+				any())).thenReturn(mockAuthRequest);
 		this.spring.register(OpenIDLoginAttributeExchangeConfig.class).autowire();
 
 		try (MockWebServer server = new MockWebServer()) {
 			String endpoint = server.url("/").toString();
 
-			server.enqueue(new MockResponse()
-					.addHeader(YADIS_XRDS_LOCATION, endpoint));
+			server.enqueue(new MockResponse().addHeader(YADIS_XRDS_LOCATION, endpoint));
 			server.enqueue(new MockResponse()
 					.setBody(String.format("<XRDS><XRD><Service><URI>%s</URI></Service></XRD></XRDS>", endpoint)));
 
 			MvcResult mvcResult = this.mvc.perform(get("/login/openid")
 					.param(OpenIDAuthenticationFilter.DEFAULT_CLAIMED_IDENTITY_FIELD, "https://www.google.com/1"))
-					.andExpect(status().isFound())
-					.andReturn();
+					.andExpect(status().isFound()).andReturn();
 
-			Object attributeObject = mvcResult.getRequest().getSession().getAttribute("SPRING_SECURITY_OPEN_ID_ATTRIBUTES_FETCH_LIST");
+			Object attributeObject = mvcResult.getRequest().getSession()
+					.getAttribute("SPRING_SECURITY_OPEN_ID_ATTRIBUTES_FETCH_LIST");
 			assertThat(attributeObject).isInstanceOf(List.class);
 			List<OpenIDAttribute> attributeList = (List<OpenIDAttribute>) attributeObject;
-			assertThat(attributeList.stream().anyMatch(attribute ->
-					"firstname".equals(attribute.getName())
-							&& "https://axschema.org/namePerson/first".equals(attribute.getType())
-							&& attribute.isRequired()))
-					.isTrue();
-			assertThat(attributeList.stream().anyMatch(attribute ->
-					"lastname".equals(attribute.getName())
-							&& "https://axschema.org/namePerson/last".equals(attribute.getType())
-							&& attribute.isRequired()))
-					.isTrue();
-			assertThat(attributeList.stream().anyMatch(attribute ->
-					"email".equals(attribute.getName())
-							&& "https://axschema.org/contact/email".equals(attribute.getType())
-							&& attribute.isRequired()))
-					.isTrue();
+			assertThat(attributeList.stream().anyMatch(attribute -> "firstname".equals(attribute.getName())
+					&& "https://axschema.org/namePerson/first".equals(attribute.getType()) && attribute.isRequired()))
+							.isTrue();
+			assertThat(attributeList.stream().anyMatch(attribute -> "lastname".equals(attribute.getName())
+					&& "https://axschema.org/namePerson/last".equals(attribute.getType()) && attribute.isRequired()))
+							.isTrue();
+			assertThat(attributeList.stream().anyMatch(attribute -> "email".equals(attribute.getName())
+					&& "https://axschema.org/contact/email".equals(attribute.getType()) && attribute.isRequired()))
+							.isTrue();
 		}
 	}
 
 	@Configuration
 	@EnableWebSecurity
 	static class OpenIDLoginAttributeExchangeConfig extends WebSecurityConfigurerAdapter {
+
 		static ConsumerManager CONSUMER_MANAGER;
 
 		@Override
@@ -196,13 +189,13 @@ public class NamespaceHttpOpenIDLoginTests {
 					.permitAll();
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void openidLoginWhenUsingCustomEndpointsThenMatchesNamespace() throws Exception {
 		this.spring.register(OpenIDLoginCustomConfig.class).autowire();
-		this.mvc.perform(get("/"))
-				.andExpect(redirectedUrl("http://localhost/authentication/login"));
+		this.mvc.perform(get("/")).andExpect(redirectedUrl("http://localhost/authentication/login"));
 		this.mvc.perform(post("/authentication/login/process").with(csrf()))
 				.andExpect(redirectedUrl("/authentication/login?failed"));
 	}
@@ -210,6 +203,7 @@ public class NamespaceHttpOpenIDLoginTests {
 	@Configuration
 	@EnableWebSecurity
 	static class OpenIDLoginCustomConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			boolean alwaysUseDefaultSuccess = true;
@@ -226,15 +220,13 @@ public class NamespaceHttpOpenIDLoginTests {
 					.defaultSuccessUrl("/default", alwaysUseDefaultSuccess); // openid-login@default-target-url / openid-login@always-use-default-target
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void openidLoginWithCustomHandlersThenBehaviorMatchesNamespace() throws Exception {
-		OpenIDAuthenticationToken token = new OpenIDAuthenticationToken(
-				OpenIDAuthenticationStatus.SUCCESS,
-				"identityUrl",
-				"message",
-				Arrays.asList(new OpenIDAttribute("name", "type")));
+		OpenIDAuthenticationToken token = new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.SUCCESS,
+				"identityUrl", "message", Arrays.asList(new OpenIDAttribute("name", "type")));
 
 		OpenIDLoginCustomRefsConfig.AUDS = mock(AuthenticationUserDetailsService.class);
 		when(OpenIDLoginCustomRefsConfig.AUDS.loadUserDetails(any(Authentication.class)))
@@ -246,15 +238,12 @@ public class NamespaceHttpOpenIDLoginTests {
 
 		when(OpenIDLoginCustomRefsConfig.CONSUMER.endConsumption(any(HttpServletRequest.class)))
 				.thenThrow(new AuthenticationServiceException("boom"));
-		this.mvc.perform(post("/login/openid").with(csrf())
-				.param("openid.identity", "identity"))
+		this.mvc.perform(post("/login/openid").with(csrf()).param("openid.identity", "identity"))
 				.andExpect(redirectedUrl("/custom/failure"));
 		reset(OpenIDLoginCustomRefsConfig.CONSUMER);
 
-		when(OpenIDLoginCustomRefsConfig.CONSUMER.endConsumption(any(HttpServletRequest.class)))
-				.thenReturn(token);
-		this.mvc.perform(post("/login/openid").with(csrf())
-				.param("openid.identity", "identity"))
+		when(OpenIDLoginCustomRefsConfig.CONSUMER.endConsumption(any(HttpServletRequest.class))).thenReturn(token);
+		this.mvc.perform(post("/login/openid").with(csrf()).param("openid.identity", "identity"))
 				.andExpect(redirectedUrl("/custom/targetUrl"));
 
 		verify(OpenIDLoginCustomRefsConfig.AUDS).loadUserDetails(any(Authentication.class));
@@ -264,14 +253,14 @@ public class NamespaceHttpOpenIDLoginTests {
 	@Configuration
 	@EnableWebSecurity
 	static class OpenIDLoginCustomRefsConfig extends WebSecurityConfigurerAdapter {
+
 		static AuthenticationUserDetailsService AUDS;
 		static AuthenticationDetailsSource ADS;
 		static OpenIDConsumer CONSUMER;
 
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
-			SavedRequestAwareAuthenticationSuccessHandler handler =
-					new SavedRequestAwareAuthenticationSuccessHandler();
+			SavedRequestAwareAuthenticationSuccessHandler handler = new SavedRequestAwareAuthenticationSuccessHandler();
 			handler.setDefaultTargetUrl("/custom/targetUrl");
 			// @formatter:off
 			http
@@ -293,14 +282,16 @@ public class NamespaceHttpOpenIDLoginTests {
 					});
 			// @formatter:on
 		}
+
 	}
 
 	@Configuration
 	static class UserDetailsServiceConfig {
+
 		@Bean
 		public UserDetailsService userDetailsService() {
 			return new InMemoryUserDetailsManager(
-					// @formatter:off
+			// @formatter:off
 					User.withDefaultPasswordEncoder()
 							.username("user")
 							.password("password")
@@ -308,5 +299,7 @@ public class NamespaceHttpOpenIDLoginTests {
 							.build());
 					// @formatter:on
 		}
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpPortMappingsTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpPortMappingsTests.java
index 062d561a06..b57f8ea6e5 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpPortMappingsTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpPortMappingsTests.java
@@ -15,7 +15,6 @@
  */
 package org.springframework.security.config.annotation.web.configurers;
 
-
 import org.junit.Rule;
 import org.junit.Test;
 
@@ -49,14 +48,12 @@ public class NamespaceHttpPortMappingsTests {
 	public void portMappingWhenRequestRequiresChannelThenBehaviorMatchesNamespace() throws Exception {
 		this.spring.register(HttpInterceptUrlWithPortMapperConfig.class).autowire();
 
-		this.mvc.perform(get("http://localhost:9080/login"))
-				.andExpect(redirectedUrl("https://localhost:9443/login"));
+		this.mvc.perform(get("http://localhost:9080/login")).andExpect(redirectedUrl("https://localhost:9443/login"));
 
 		this.mvc.perform(get("http://localhost:9080/secured/a"))
 				.andExpect(redirectedUrl("https://localhost:9443/secured/a"));
 
-		this.mvc.perform(get("https://localhost:9443/user"))
-				.andExpect(redirectedUrl("http://localhost:9080/user"));
+		this.mvc.perform(get("https://localhost:9443/user")).andExpect(redirectedUrl("http://localhost:9080/user"));
 	}
 
 	@EnableWebSecurity
@@ -86,5 +83,7 @@ public class NamespaceHttpPortMappingsTests {
 					.withUser("admin").password("password").roles("USER", "ADMIN");
 			// @formatter:on
 		}
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpRequestCacheTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpRequestCacheTests.java
index 4504f74d6f..6669eff98a 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpRequestCacheTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpRequestCacheTests.java
@@ -59,13 +59,13 @@ public class NamespaceHttpRequestCacheTests {
 	@Test
 	public void requestWhenCustomRequestCacheThenBehaviorMatchesNamespace() throws Exception {
 		this.spring.register(RequestCacheRefConfig.class).autowire();
-		this.mvc.perform(get("/"))
-				.andExpect(status().isForbidden());
+		this.mvc.perform(get("/")).andExpect(status().isForbidden());
 		verifyBean(RequestCache.class).saveRequest(any(HttpServletRequest.class), any(HttpServletResponse.class));
 	}
 
 	@EnableWebSecurity
 	static class RequestCacheRefConfig extends WebSecurityConfigurerAdapter {
+
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
@@ -90,15 +90,14 @@ public class NamespaceHttpRequestCacheTests {
 		public RequestCache requestCache() {
 			return mock(RequestCache.class);
 		}
+
 	}
 
 	@Test
 	public void requestWhenDefaultConfigurationThenUsesHttpSessionRequestCache() throws Exception {
 		this.spring.register(DefaultRequestCacheRefConfig.class).autowire();
 
-		MvcResult result = this.mvc.perform(get("/"))
-				.andExpect(status().isForbidden())
-				.andReturn();
+		MvcResult result = this.mvc.perform(get("/")).andExpect(status().isForbidden()).andReturn();
 
 		HttpSession session = result.getRequest().getSession(false);
 		assertThat(session).isNotNull();
@@ -107,6 +106,7 @@ public class NamespaceHttpRequestCacheTests {
 
 	@EnableWebSecurity
 	static class DefaultRequestCacheRefConfig extends WebSecurityConfigurerAdapter {
+
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
@@ -123,9 +123,11 @@ public class NamespaceHttpRequestCacheTests {
 					.withUser(PasswordEncodedUser.admin());
 			// @formatter:on
 		}
+
 	}
 
 	private <T> T verifyBean(Class<T> beanClass) {
 		return verify(this.spring.getContext().getBean(beanClass));
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpServerAccessDeniedHandlerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpServerAccessDeniedHandlerTests.java
index 94c07da54c..75eca225e8 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpServerAccessDeniedHandlerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpServerAccessDeniedHandlerTests.java
@@ -15,7 +15,6 @@
  */
 package org.springframework.security.config.annotation.web.configurers;
 
-
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
@@ -44,7 +43,8 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
 
 /**
- * Tests to verify that all the functionality of <access-denied-handler> attributes is present
+ * Tests to verify that all the functionality of <access-denied-handler> attributes is
+ * present
  *
  * @author Rob Winch
  * @author Josh Cummings
@@ -61,14 +61,13 @@ public class NamespaceHttpServerAccessDeniedHandlerTests {
 	@Test
 	public void requestWhenCustomAccessDeniedPageThenBehaviorMatchesNamespace() throws Exception {
 		this.spring.register(AccessDeniedPageConfig.class).autowire();
-		this.mvc.perform(get("/")
-				.with(authentication(user())))
-				.andExpect(status().isForbidden())
+		this.mvc.perform(get("/").with(authentication(user()))).andExpect(status().isForbidden())
 				.andExpect(forwardedUrl("/AccessDeniedPageConfig"));
 	}
 
 	@EnableWebSecurity
 	static class AccessDeniedPageConfig extends WebSecurityConfigurerAdapter {
+
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
@@ -79,6 +78,7 @@ public class NamespaceHttpServerAccessDeniedHandlerTests {
 					.accessDeniedPage("/AccessDeniedPageConfig");
 			// @formatter:on
 		}
+
 	}
 
 	private static Authentication user() {
@@ -89,14 +89,13 @@ public class NamespaceHttpServerAccessDeniedHandlerTests {
 	public void requestWhenCustomAccessDeniedPageInLambdaThenForwardedToCustomPage() throws Exception {
 		this.spring.register(AccessDeniedPageInLambdaConfig.class).autowire();
 
-		this.mvc.perform(get("/")
-				.with(authentication(user())))
-				.andExpect(status().isForbidden())
+		this.mvc.perform(get("/").with(authentication(user()))).andExpect(status().isForbidden())
 				.andExpect(forwardedUrl("/AccessDeniedPageConfig"));
 	}
 
 	@EnableWebSecurity
 	static class AccessDeniedPageInLambdaConfig extends WebSecurityConfigurerAdapter {
+
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
@@ -109,19 +108,20 @@ public class NamespaceHttpServerAccessDeniedHandlerTests {
 				);
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void requestWhenCustomAccessDeniedHandlerThenBehaviorMatchesNamespace() throws Exception {
 		this.spring.register(AccessDeniedHandlerRefConfig.class).autowire();
-		this.mvc.perform(get("/")
-				.with(authentication(user())));
-		verifyBean(AccessDeniedHandler.class)
-				.handle(any(HttpServletRequest.class), any(HttpServletResponse.class), any(AccessDeniedException.class));
+		this.mvc.perform(get("/").with(authentication(user())));
+		verifyBean(AccessDeniedHandler.class).handle(any(HttpServletRequest.class), any(HttpServletResponse.class),
+				any(AccessDeniedException.class));
 	}
 
 	@EnableWebSecurity
 	static class AccessDeniedHandlerRefConfig extends WebSecurityConfigurerAdapter {
+
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
@@ -137,21 +137,22 @@ public class NamespaceHttpServerAccessDeniedHandlerTests {
 		AccessDeniedHandler accessDeniedHandler() {
 			return mock(AccessDeniedHandler.class);
 		}
+
 	}
 
 	@Test
 	public void requestWhenCustomAccessDeniedHandlerInLambdaThenBehaviorMatchesNamespace() throws Exception {
 		this.spring.register(AccessDeniedHandlerRefInLambdaConfig.class).autowire();
 
-		this.mvc.perform(get("/")
-				.with(authentication(user())));
+		this.mvc.perform(get("/").with(authentication(user())));
 
-		verify(AccessDeniedHandlerRefInLambdaConfig.accessDeniedHandler)
-				.handle(any(HttpServletRequest.class), any(HttpServletResponse.class), any(AccessDeniedException.class));
+		verify(AccessDeniedHandlerRefInLambdaConfig.accessDeniedHandler).handle(any(HttpServletRequest.class),
+				any(HttpServletResponse.class), any(AccessDeniedException.class));
 	}
 
 	@EnableWebSecurity
 	static class AccessDeniedHandlerRefInLambdaConfig extends WebSecurityConfigurerAdapter {
+
 		static AccessDeniedHandler accessDeniedHandler = mock(AccessDeniedHandler.class);
 
 		protected void configure(HttpSecurity http) throws Exception {
@@ -171,9 +172,11 @@ public class NamespaceHttpServerAccessDeniedHandlerTests {
 		AccessDeniedHandler accessDeniedHandler() {
 			return accessDeniedHandler;
 		}
+
 	}
 
 	private <T> T verifyBean(Class<T> beanClass) {
 		return verify(this.spring.getContext().getBean(beanClass));
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpX509Tests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpX509Tests.java
index f77c04facd..26f3c39a83 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpX509Tests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpX509Tests.java
@@ -51,7 +51,8 @@ import static org.springframework.test.web.servlet.request.MockMvcRequestBuilder
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content;
 
 /**
- * Tests to verify that all the functionality of <x509> attributes is present in Java config
+ * Tests to verify that all the functionality of <x509> attributes is present in Java
+ * config
  *
  * @author Rob Winch
  * @author Josh Cummings
@@ -59,8 +60,8 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
  */
 public class NamespaceHttpX509Tests {
 
-	private static final User USER =
-			new User("customuser", "password", AuthorityUtils.createAuthorityList("ROLE_USER"));
+	private static final User USER = new User("customuser", "password",
+			AuthorityUtils.createAuthorityList("ROLE_USER"));
 
 	@Rule
 	public final SpringTestRule spring = new SpringTestRule();
@@ -72,13 +73,13 @@ public class NamespaceHttpX509Tests {
 	public void x509AuthenticationWhenUsingX509DefaultConfigurationThenMatchesNamespace() throws Exception {
 		this.spring.register(X509Config.class, X509Controller.class).autowire();
 		X509Certificate certificate = loadCert("rod.cer");
-		this.mvc.perform(get("/whoami").with(x509(certificate)))
-				.andExpect(content().string("rod"));
+		this.mvc.perform(get("/whoami").with(x509(certificate))).andExpect(content().string("rod"));
 	}
 
 	@EnableWebSecurity
 	@EnableWebMvc
 	public static class X509Config extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
 			// @formatter:off
@@ -98,6 +99,7 @@ public class NamespaceHttpX509Tests {
 				.x509();
 			// @formatter:on
 		}
+
 	}
 
 	@Test
@@ -105,8 +107,7 @@ public class NamespaceHttpX509Tests {
 		this.spring.register(AuthenticationDetailsSourceRefConfig.class, X509Controller.class).autowire();
 
 		X509Certificate certificate = loadCert("rod.cer");
-		this.mvc.perform(get("/whoami").with(x509(certificate)))
-				.andExpect(content().string("rod"));
+		this.mvc.perform(get("/whoami").with(x509(certificate))).andExpect(content().string("rod"));
 
 		verifyBean(AuthenticationDetailsSource.class).buildDetails(any());
 	}
@@ -114,6 +115,7 @@ public class NamespaceHttpX509Tests {
 	@EnableWebSecurity
 	@EnableWebMvc
 	static class AuthenticationDetailsSourceRefConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
 			// @formatter:off
@@ -136,24 +138,24 @@ public class NamespaceHttpX509Tests {
 		}
 
 		@Bean
-		AuthenticationDetailsSource<HttpServletRequest, PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails>
-				authenticationDetailsSource() {
+		AuthenticationDetailsSource<HttpServletRequest, PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails> authenticationDetailsSource() {
 
 			return mock(AuthenticationDetailsSource.class);
 		}
+
 	}
 
 	@Test
 	public void x509AuthenticationWhenHasSubjectPrincipalRegexThenMatchesNamespace() throws Exception {
 		this.spring.register(SubjectPrincipalRegexConfig.class, X509Controller.class).autowire();
 		X509Certificate certificate = loadCert("rodatexampledotcom.cer");
-		this.mvc.perform(get("/whoami").with(x509(certificate)))
-				.andExpect(content().string("rod"));
+		this.mvc.perform(get("/whoami").with(x509(certificate))).andExpect(content().string("rod"));
 	}
 
 	@EnableWebMvc
 	@EnableWebSecurity
 	public static class SubjectPrincipalRegexConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
 			// @formatter:off
@@ -174,19 +176,20 @@ public class NamespaceHttpX509Tests {
 					.subjectPrincipalRegex("CN=(.*?)@example.com(?:,|$)");
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void x509AuthenticationWhenHasCustomPrincipalExtractorThenMatchesNamespace() throws Exception {
 		this.spring.register(CustomPrincipalExtractorConfig.class, X509Controller.class).autowire();
 		X509Certificate certificate = loadCert("rodatexampledotcom.cer");
-		this.mvc.perform(get("/whoami").with(x509(certificate)))
-				.andExpect(content().string("rod@example.com"));
+		this.mvc.perform(get("/whoami").with(x509(certificate))).andExpect(content().string("rod@example.com"));
 	}
 
 	@EnableWebMvc
 	@EnableWebSecurity
 	public static class CustomPrincipalExtractorConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
 			// @formatter:off
@@ -211,23 +214,25 @@ public class NamespaceHttpX509Tests {
 		private String extractCommonName(X509Certificate certificate) {
 			try {
 				return ((X500Name) certificate.getSubjectDN()).getCommonName();
-			} catch (Exception e) {
+			}
+			catch (Exception e) {
 				throw new IllegalArgumentException(e);
 			}
 		}
+
 	}
 
 	@Test
 	public void x509AuthenticationWhenHasCustomUserDetailsServiceThenMatchesNamespace() throws Exception {
 		this.spring.register(UserDetailsServiceRefConfig.class, X509Controller.class).autowire();
 		X509Certificate certificate = loadCert("rodatexampledotcom.cer");
-		this.mvc.perform(get("/whoami").with(x509(certificate)))
-				.andExpect(content().string("customuser"));
+		this.mvc.perform(get("/whoami").with(x509(certificate))).andExpect(content().string("customuser"));
 	}
 
 	@EnableWebMvc
 	@EnableWebSecurity
 	public static class UserDetailsServiceRefConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
 			// @formatter:off
@@ -248,23 +253,22 @@ public class NamespaceHttpX509Tests {
 					.userDetailsService(username -> USER);
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void x509AuthenticationWhenHasCustomAuthenticationUserDetailsServiceThenMatchesNamespace() throws Exception {
 		this.spring.register(AuthenticationUserDetailsServiceConfig.class, X509Controller.class).autowire();
 		X509Certificate certificate = loadCert("rodatexampledotcom.cer");
-		this.mvc.perform(get("/whoami").with(x509(certificate)))
-				.andExpect(content().string("customuser"));
+		this.mvc.perform(get("/whoami").with(x509(certificate))).andExpect(content().string("customuser"));
 	}
 
 	@EnableWebMvc
 	@EnableWebSecurity
 	public static class AuthenticationUserDetailsServiceConfig extends WebSecurityConfigurerAdapter {
+
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
-			auth.
-				inMemoryAuthentication()
-					.withUser("rod").password("password").roles("USER", "ADMIN");
+			auth.inMemoryAuthentication().withUser("rod").password("password").roles("USER", "ADMIN");
 		}
 
 		protected void configure(HttpSecurity http) throws Exception {
@@ -277,21 +281,25 @@ public class NamespaceHttpX509Tests {
 					.authenticationUserDetailsService(authentication -> USER);
 			// @formatter:on
 		}
+
 	}
 
 	@RestController
 	public static class X509Controller {
+
 		@GetMapping("/whoami")
-		public String whoami(@AuthenticationPrincipal(expression="username") String name) {
+		public String whoami(@AuthenticationPrincipal(expression = "username") String name) {
 			return name;
 		}
+
 	}
 
 	<T extends Certificate> T loadCert(String location) {
 		try (InputStream is = new ClassPathResource(location).getInputStream()) {
 			CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
 			return (T) certFactory.generateCertificate(is);
-		} catch (Exception e) {
+		}
+		catch (Exception e) {
 			throw new IllegalArgumentException(e);
 		}
 	}
@@ -299,4 +307,5 @@ public class NamespaceHttpX509Tests {
 	<T> T verifyBean(Class<T> beanClass) {
 		return verify(this.spring.getContext().getBean(beanClass));
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceRememberMeTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceRememberMeTests.java
index b46aab6f9b..1fd45ff8e7 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceRememberMeTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceRememberMeTests.java
@@ -80,30 +80,22 @@ public class NamespaceRememberMeTests {
 	@Test
 	public void rememberMeLoginWhenUsingDefaultsThenMatchesNamespace() throws Exception {
 		this.spring.register(RememberMeConfig.class, SecurityController.class).autowire();
-		MvcResult result = this.mvc.perform(post("/login")
-				.with(rememberMeLogin()))
-				.andReturn();
+		MvcResult result = this.mvc.perform(post("/login").with(rememberMeLogin())).andReturn();
 
 		MockHttpSession session = (MockHttpSession) result.getRequest().getSession();
 		Cookie rememberMe = result.getResponse().getCookie("remember-me");
 		assertThat(rememberMe).isNotNull();
-		this.mvc.perform(get("/authentication-class")
-				.cookie(rememberMe))
+		this.mvc.perform(get("/authentication-class").cookie(rememberMe))
 				.andExpect(content().string(RememberMeAuthenticationToken.class.getName()));
 
-		result = this.mvc.perform(post("/logout").with(csrf())
-				.session(session)
-				.cookie(rememberMe))
-				.andExpect(redirectedUrl("/login?logout"))
-				.andReturn();
+		result = this.mvc.perform(post("/logout").with(csrf()).session(session).cookie(rememberMe))
+				.andExpect(redirectedUrl("/login?logout")).andReturn();
 
 		rememberMe = result.getResponse().getCookie("remember-me");
 		assertThat(rememberMe).isNotNull().extracting(Cookie::getMaxAge).isEqualTo(0);
 
-		this.mvc.perform(post("/authentication-class").with(csrf())
-				.cookie(rememberMe))
-				.andExpect(redirectedUrl("http://localhost/login"))
-				.andReturn();
+		this.mvc.perform(post("/authentication-class").with(csrf()).cookie(rememberMe))
+				.andExpect(redirectedUrl("http://localhost/login")).andReturn();
 	}
 
 	@Configuration
@@ -122,28 +114,33 @@ public class NamespaceRememberMeTests {
 				.rememberMe();
 			// @formatter:on
 		}
+
 	}
 
-	// SEC-3170 - RememberMeService implementations should not have to also implement LogoutHandler
+	// SEC-3170 - RememberMeService implementations should not have to also implement
+	// LogoutHandler
 	@Test
 	public void logoutWhenCustomRememberMeServicesDeclaredThenUses() throws Exception {
 		RememberMeServicesRefConfig.REMEMBER_ME_SERVICES = mock(RememberMeServicesWithoutLogoutHandler.class);
 		this.spring.register(RememberMeServicesRefConfig.class).autowire();
 
 		this.mvc.perform(get("/"));
-		verify(RememberMeServicesRefConfig.REMEMBER_ME_SERVICES)
-				.autoLogin(any(HttpServletRequest.class), any(HttpServletResponse.class));
+		verify(RememberMeServicesRefConfig.REMEMBER_ME_SERVICES).autoLogin(any(HttpServletRequest.class),
+				any(HttpServletResponse.class));
 
 		this.mvc.perform(post("/login").with(csrf()));
-		verify(RememberMeServicesRefConfig.REMEMBER_ME_SERVICES)
-				.loginFail(any(HttpServletRequest.class), any(HttpServletResponse.class));
+		verify(RememberMeServicesRefConfig.REMEMBER_ME_SERVICES).loginFail(any(HttpServletRequest.class),
+				any(HttpServletResponse.class));
 	}
 
-	interface RememberMeServicesWithoutLogoutHandler extends RememberMeServices {}
+	interface RememberMeServicesWithoutLogoutHandler extends RememberMeServices {
+
+	}
 
 	@Configuration
 	@EnableWebSecurity
 	static class RememberMeServicesRefConfig extends WebSecurityConfigurerAdapter {
+
 		static RememberMeServices REMEMBER_ME_SERVICES;
 
 		@Override
@@ -156,6 +153,7 @@ public class NamespaceRememberMeTests {
 					.rememberMeServices(REMEMBER_ME_SERVICES);
 			// @formatter:on
 		}
+
 	}
 
 	@Test
@@ -163,24 +161,22 @@ public class NamespaceRememberMeTests {
 		AuthSuccessConfig.SUCCESS_HANDLER = mock(AuthenticationSuccessHandler.class);
 		this.spring.register(AuthSuccessConfig.class).autowire();
 
-		MvcResult result = this.mvc.perform(post("/login")
-				.with(rememberMeLogin()))
-				.andReturn();
+		MvcResult result = this.mvc.perform(post("/login").with(rememberMeLogin())).andReturn();
 
 		verifyZeroInteractions(AuthSuccessConfig.SUCCESS_HANDLER);
 
 		Cookie rememberMe = result.getResponse().getCookie("remember-me");
 		assertThat(rememberMe).isNotNull();
-		this.mvc.perform(get("/somewhere")
-				.cookie(rememberMe));
+		this.mvc.perform(get("/somewhere").cookie(rememberMe));
 
-		verify(AuthSuccessConfig.SUCCESS_HANDLER).onAuthenticationSuccess
-				(any(HttpServletRequest.class), any(HttpServletResponse.class), any(Authentication.class));
+		verify(AuthSuccessConfig.SUCCESS_HANDLER).onAuthenticationSuccess(any(HttpServletRequest.class),
+				any(HttpServletResponse.class), any(Authentication.class));
 	}
 
 	@Configuration
 	@EnableWebSecurity
 	static class AuthSuccessConfig extends UsersConfig {
+
 		static AuthenticationSuccessHandler SUCCESS_HANDLER;
 
 		@Override
@@ -193,33 +189,28 @@ public class NamespaceRememberMeTests {
 					.authenticationSuccessHandler(SUCCESS_HANDLER);
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void rememberMeLoginWhenKeyDeclaredThenMatchesNamespace() throws Exception {
 		this.spring.register(WithoutKeyConfig.class, KeyConfig.class, SecurityController.class).autowire();
-		Cookie withoutKey = this.mvc.perform(post("/without-key/login")
-				.with(rememberMeLogin()))
-				.andExpect(redirectedUrl("/"))
-				.andReturn().getResponse().getCookie("remember-me");
+		Cookie withoutKey = this.mvc.perform(post("/without-key/login").with(rememberMeLogin()))
+				.andExpect(redirectedUrl("/")).andReturn().getResponse().getCookie("remember-me");
 
-		this.mvc.perform(get("/somewhere")
-				.cookie(withoutKey))
-				.andExpect(status().isFound())
+		this.mvc.perform(get("/somewhere").cookie(withoutKey)).andExpect(status().isFound())
 				.andExpect(redirectedUrl("http://localhost/login"));
 
-		Cookie withKey = this.mvc.perform(post("/login")
-				.with(rememberMeLogin()))
-				.andReturn().getResponse().getCookie("remember-me");
-		this.mvc.perform(get("/somewhere")
-				.cookie(withKey))
-				.andExpect(status().isNotFound());
+		Cookie withKey = this.mvc.perform(post("/login").with(rememberMeLogin())).andReturn().getResponse()
+				.getCookie("remember-me");
+		this.mvc.perform(get("/somewhere").cookie(withKey)).andExpect(status().isNotFound());
 	}
 
 	@Configuration
 	@EnableWebSecurity
 	@Order(0)
 	static class WithoutKeyConfig extends UsersConfig {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -231,11 +222,13 @@ public class NamespaceRememberMeTests {
 					.rememberMe();
 			// @formatter:on
 		}
+
 	}
 
 	@Configuration
 	@EnableWebSecurity
 	static class KeyConfig extends UsersConfig {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -249,18 +242,20 @@ public class NamespaceRememberMeTests {
 					.key("KeyConfig");
 			// @formatter:on
 		}
+
 	}
 
-	// http/remember-me@services-alias is not supported use standard aliasing instead (i.e. @Bean("alias"))
+	// http/remember-me@services-alias is not supported use standard aliasing instead
+	// (i.e. @Bean("alias"))
 
-	// http/remember-me@data-source-ref is not supported directly. Instead use http/remember-me@token-repository-ref example
+	// http/remember-me@data-source-ref is not supported directly. Instead use
+	// http/remember-me@token-repository-ref example
 	@Test
 	public void rememberMeLoginWhenDeclaredTokenRepositoryThenMatchesNamespace() throws Exception {
 		TokenRepositoryRefConfig.TOKEN_REPOSITORY = mock(PersistentTokenRepository.class);
 		this.spring.register(TokenRepositoryRefConfig.class).autowire();
 
-		this.mvc.perform(post("/login")
-				.with(rememberMeLogin()));
+		this.mvc.perform(post("/login").with(rememberMeLogin()));
 
 		verify(TokenRepositoryRefConfig.TOKEN_REPOSITORY).createNewToken(any(PersistentRememberMeToken.class));
 	}
@@ -268,6 +263,7 @@ public class NamespaceRememberMeTests {
 	@Configuration
 	@EnableWebSecurity
 	static class TokenRepositoryRefConfig extends UsersConfig {
+
 		static PersistentTokenRepository TOKEN_REPOSITORY;
 
 		@Override
@@ -283,14 +279,14 @@ public class NamespaceRememberMeTests {
 					.tokenRepository(TOKEN_REPOSITORY);
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void rememberMeLoginWhenTokenValidityDeclaredThenMatchesNamespace() throws Exception {
 		this.spring.register(TokenValiditySecondsConfig.class).autowire();
-		Cookie expiredRememberMe = this.mvc.perform(post("/login")
-				.with(rememberMeLogin()))
-				.andReturn().getResponse().getCookie("remember-me");
+		Cookie expiredRememberMe = this.mvc.perform(post("/login").with(rememberMeLogin())).andReturn().getResponse()
+				.getCookie("remember-me");
 
 		assertThat(expiredRememberMe).extracting(Cookie::getMaxAge).isEqualTo(314);
 	}
@@ -298,6 +294,7 @@ public class NamespaceRememberMeTests {
 	@Configuration
 	@EnableWebSecurity
 	static class TokenValiditySecondsConfig extends UsersConfig {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -311,25 +308,23 @@ public class NamespaceRememberMeTests {
 					.tokenValiditySeconds(314);
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void rememberMeLoginWhenUsingDefaultsThenCookieMaxAgeMatchesNamespace() throws Exception {
 		this.spring.register(RememberMeConfig.class).autowire();
-		Cookie expiredRememberMe = this.mvc.perform(post("/login")
-				.with(rememberMeLogin()))
-				.andReturn().getResponse().getCookie("remember-me");
+		Cookie expiredRememberMe = this.mvc.perform(post("/login").with(rememberMeLogin())).andReturn().getResponse()
+				.getCookie("remember-me");
 
-		assertThat(expiredRememberMe).extracting(Cookie::getMaxAge)
-				.isEqualTo(AbstractRememberMeServices.TWO_WEEKS_S);
+		assertThat(expiredRememberMe).extracting(Cookie::getMaxAge).isEqualTo(AbstractRememberMeServices.TWO_WEEKS_S);
 	}
 
 	@Test
 	public void rememberMeLoginWhenUsingSecureCookieThenMatchesNamespace() throws Exception {
 		this.spring.register(UseSecureCookieConfig.class).autowire();
-		Cookie secureCookie = this.mvc.perform(post("/login")
-				.with(rememberMeLogin()))
-				.andReturn().getResponse().getCookie("remember-me");
+		Cookie secureCookie = this.mvc.perform(post("/login").with(rememberMeLogin())).andReturn().getResponse()
+				.getCookie("remember-me");
 
 		assertThat(secureCookie).extracting(Cookie::getSecure).isEqualTo(true);
 	}
@@ -337,6 +332,7 @@ public class NamespaceRememberMeTests {
 	@Configuration
 	@EnableWebSecurity
 	static class UseSecureCookieConfig extends UsersConfig {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -347,15 +343,14 @@ public class NamespaceRememberMeTests {
 					.useSecureCookie(true);
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void rememberMeLoginWhenUsingDefaultsThenCookieSecurityMatchesNamespace() throws Exception {
 		this.spring.register(RememberMeConfig.class).autowire();
-		Cookie secureCookie = this.mvc.perform(post("/login")
-				.with(rememberMeLogin())
-				.secure(true))
-				.andReturn().getResponse().getCookie("remember-me");
+		Cookie secureCookie = this.mvc.perform(post("/login").with(rememberMeLogin()).secure(true)).andReturn()
+				.getResponse().getCookie("remember-me");
 
 		assertThat(secureCookie).extracting(Cookie::getSecure).isEqualTo(true);
 	}
@@ -363,9 +358,8 @@ public class NamespaceRememberMeTests {
 	@Test
 	public void rememberMeLoginWhenParameterSpecifiedThenMatchesNamespace() throws Exception {
 		this.spring.register(RememberMeParameterConfig.class).autowire();
-		Cookie rememberMe = this.mvc.perform(post("/login")
-				.with(rememberMeLogin("rememberMe", true)))
-				.andReturn().getResponse().getCookie("remember-me");
+		Cookie rememberMe = this.mvc.perform(post("/login").with(rememberMeLogin("rememberMe", true))).andReturn()
+				.getResponse().getCookie("remember-me");
 
 		assertThat(rememberMe).isNotNull();
 	}
@@ -373,6 +367,7 @@ public class NamespaceRememberMeTests {
 	@Configuration
 	@EnableWebSecurity
 	static class RememberMeParameterConfig extends UsersConfig {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -383,6 +378,7 @@ public class NamespaceRememberMeTests {
 					.rememberMeParameter("rememberMe");
 			// @formatter:on
 		}
+
 	}
 
 	// SEC-2880
@@ -390,9 +386,8 @@ public class NamespaceRememberMeTests {
 	@Test
 	public void rememberMeLoginWhenCookieNameDeclaredThenMatchesNamespace() throws Exception {
 		this.spring.register(RememberMeCookieNameConfig.class).autowire();
-		Cookie rememberMe = this.mvc.perform(post("/login")
-				.with(rememberMeLogin()))
-				.andReturn().getResponse().getCookie("rememberMe");
+		Cookie rememberMe = this.mvc.perform(post("/login").with(rememberMeLogin())).andReturn().getResponse()
+				.getCookie("rememberMe");
 
 		assertThat(rememberMe).isNotNull();
 	}
@@ -400,6 +395,7 @@ public class NamespaceRememberMeTests {
 	@Configuration
 	@EnableWebSecurity
 	static class RememberMeCookieNameConfig extends UsersConfig {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -410,6 +406,7 @@ public class NamespaceRememberMeTests {
 					.rememberMeCookieName("rememberMe");
 			// @formatter:on
 		}
+
 	}
 
 	@Test
@@ -417,16 +414,15 @@ public class NamespaceRememberMeTests {
 		DefaultsUserDetailsServiceWithDaoConfig.USERDETAILS_SERVICE = mock(UserDetailsService.class);
 		this.spring.register(DefaultsUserDetailsServiceWithDaoConfig.class).autowire();
 
-		this.mvc.perform(post("/login")
-				.with(rememberMeLogin()));
+		this.mvc.perform(post("/login").with(rememberMeLogin()));
 
-		verify(DefaultsUserDetailsServiceWithDaoConfig.USERDETAILS_SERVICE)
-				.loadUserByUsername("user");
+		verify(DefaultsUserDetailsServiceWithDaoConfig.USERDETAILS_SERVICE).loadUserByUsername("user");
 	}
 
 	@EnableWebSecurity
 	@Configuration
 	static class DefaultsUserDetailsServiceWithDaoConfig extends WebSecurityConfigurerAdapter {
+
 		static UserDetailsService USERDETAILS_SERVICE;
 
 		@Override
@@ -446,6 +442,7 @@ public class NamespaceRememberMeTests {
 				.userDetailsService(USERDETAILS_SERVICE);
 			// @formatter:on
 		}
+
 	}
 
 	@Test
@@ -456,16 +453,15 @@ public class NamespaceRememberMeTests {
 		when(UserServiceRefConfig.USERDETAILS_SERVICE.loadUserByUsername("user"))
 				.thenReturn(new User("user", "password", AuthorityUtils.createAuthorityList("ROLE_USER")));
 
-		this.mvc.perform(post("/login")
-				.with(rememberMeLogin()));
+		this.mvc.perform(post("/login").with(rememberMeLogin()));
 
-		verify(UserServiceRefConfig.USERDETAILS_SERVICE)
-				.loadUserByUsername("user");
+		verify(UserServiceRefConfig.USERDETAILS_SERVICE).loadUserByUsername("user");
 	}
 
 	@Configuration
 	@EnableWebSecurity
 	static class UserServiceRefConfig extends UsersConfig {
+
 		static UserDetailsService USERDETAILS_SERVICE;
 
 		@Override
@@ -478,6 +474,7 @@ public class NamespaceRememberMeTests {
 					.userDetailsService(USERDETAILS_SERVICE);
 			// @formatter:on
 		}
+
 	}
 
 	static RequestPostProcessor rememberMeLogin() {
@@ -495,11 +492,12 @@ public class NamespaceRememberMeTests {
 	}
 
 	static class UsersConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		@Bean
 		public UserDetailsService userDetailsService() {
 			return new InMemoryUserDetailsManager(
-					// @formatter:off
+			// @formatter:off
 					User.withDefaultPasswordEncoder()
 							.username("user")
 							.password("password")
@@ -507,13 +505,17 @@ public class NamespaceRememberMeTests {
 							.build());
 					// @formatter:on
 		}
+
 	}
 
 	@RestController
 	static class SecurityController {
+
 		@GetMapping("/authentication-class")
 		String authenticationClass(Authentication authentication) {
 			return authentication.getClass().getName();
 		}
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceSessionManagementTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceSessionManagementTests.java
index 21ba2ef19d..105d370ec9 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceSessionManagementTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceSessionManagementTests.java
@@ -65,7 +65,6 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
 
 /**
- *
  * @author Rob Winch
  * @author Josh Cummings
  */
@@ -79,40 +78,34 @@ public class NamespaceSessionManagementTests {
 
 	@Test
 	public void authenticateWhenDefaultSessionManagementThenMatchesNamespace() throws Exception {
-		this.spring.register
-				(SessionManagementConfig.class, BasicController.class, UserDetailsServiceConfig.class).autowire();
+		this.spring.register(SessionManagementConfig.class, BasicController.class, UserDetailsServiceConfig.class)
+				.autowire();
 
 		MockHttpSession session = new MockHttpSession();
 		String sessionId = session.getId();
 
-		MvcResult result =
-				this.mvc.perform(get("/auth")
-						.session(session)
-						.with(httpBasic("user", "password")))
-						.andExpect(session())
-						.andReturn();
+		MvcResult result = this.mvc.perform(get("/auth").session(session).with(httpBasic("user", "password")))
+				.andExpect(session()).andReturn();
 
 		assertThat(result.getRequest().getSession(false).getId()).isNotEqualTo(sessionId);
 	}
 
 	@EnableWebSecurity
 	static class SessionManagementConfig extends WebSecurityConfigurerAdapter {
+
 	}
 
 	@Test
 	public void authenticateWhenUsingInvalidSessionUrlThenMatchesNamespace() throws Exception {
 		this.spring.register(CustomSessionManagementConfig.class).autowire();
 
-		this.mvc.perform(get("/auth")
-				.with(request -> {
-					request.setRequestedSessionIdValid(false);
-					request.setRequestedSessionId("id");
-					return request;
-				}))
-				.andExpect(redirectedUrl("/invalid-session"));
+		this.mvc.perform(get("/auth").with(request -> {
+			request.setRequestedSessionIdValid(false);
+			request.setRequestedSessionId("id");
+			return request;
+		})).andExpect(redirectedUrl("/invalid-session"));
 	}
 
-
 	@Test
 	public void authenticateWhenUsingExpiredUrlThenMatchesNamespace() throws Exception {
 		this.spring.register(CustomSessionManagementConfig.class).autowire();
@@ -123,53 +116,49 @@ public class NamespaceSessionManagementTests {
 		SessionRegistry sessionRegistry = this.spring.getContext().getBean(SessionRegistry.class);
 		when(sessionRegistry.getSessionInformation(session.getId())).thenReturn(sessionInformation);
 
-		this.mvc.perform(get("/auth").session(session))
-				.andExpect(redirectedUrl("/expired-session"));
+		this.mvc.perform(get("/auth").session(session)).andExpect(redirectedUrl("/expired-session"));
 	}
 
 	@Test
 	public void authenticateWhenUsingMaxSessionsThenMatchesNamespace() throws Exception {
-		this.spring.register(CustomSessionManagementConfig.class, BasicController.class, UserDetailsServiceConfig.class).autowire();
+		this.spring.register(CustomSessionManagementConfig.class, BasicController.class, UserDetailsServiceConfig.class)
+				.autowire();
 
-		this.mvc.perform(get("/auth")
-				.with(httpBasic("user", "password")))
-				.andExpect(status().isOk());
+		this.mvc.perform(get("/auth").with(httpBasic("user", "password"))).andExpect(status().isOk());
 
-		this.mvc.perform(get("/auth")
-				.with(httpBasic("user", "password")))
+		this.mvc.perform(get("/auth").with(httpBasic("user", "password")))
 				.andExpect(redirectedUrl("/session-auth-error"));
 	}
 
 	@Test
 	public void authenticateWhenUsingFailureUrlThenMatchesNamespace() throws Exception {
-		this.spring.register(CustomSessionManagementConfig.class, BasicController.class, UserDetailsServiceConfig.class).autowire();
+		this.spring.register(CustomSessionManagementConfig.class, BasicController.class, UserDetailsServiceConfig.class)
+				.autowire();
 
 		MockHttpServletRequest mock = spy(MockHttpServletRequest.class);
 		mock.setSession(new MockHttpSession());
 		when(mock.changeSessionId()).thenThrow(SessionAuthenticationException.class);
 		mock.setMethod("GET");
 
-		this.mvc.perform(get("/auth")
-				.with(request -> mock)
-				.with(httpBasic("user", "password")))
+		this.mvc.perform(get("/auth").with(request -> mock).with(httpBasic("user", "password")))
 				.andExpect(redirectedUrl("/session-auth-error"));
 	}
 
 	@Test
 	public void authenticateWhenUsingSessionRegistryThenMatchesNamespace() throws Exception {
-		this.spring.register(CustomSessionManagementConfig.class, BasicController.class, UserDetailsServiceConfig.class).autowire();
+		this.spring.register(CustomSessionManagementConfig.class, BasicController.class, UserDetailsServiceConfig.class)
+				.autowire();
 
 		SessionRegistry sessionRegistry = this.spring.getContext().getBean(SessionRegistry.class);
 
-		this.mvc.perform(get("/auth")
-				.with(httpBasic("user", "password")))
-				.andExpect(status().isOk());
+		this.mvc.perform(get("/auth").with(httpBasic("user", "password"))).andExpect(status().isOk());
 
 		verify(sessionRegistry).registerNewSession(any(String.class), any(Object.class));
 	}
 
 	@EnableWebSecurity
 	static class CustomSessionManagementConfig extends WebSecurityConfigurerAdapter {
+
 		SessionRegistry sessionRegistry = spy(SessionRegistryImpl.class);
 
 		@Override
@@ -195,28 +184,27 @@ public class NamespaceSessionManagementTests {
 		SessionRegistry sessionRegistry() {
 			return this.sessionRegistry;
 		}
-	}
 
+	}
 
 	// gh-3371
 	@Test
 	public void authenticateWhenUsingCustomInvalidSessionStrategyThenMatchesNamespace() throws Exception {
 		this.spring.register(InvalidSessionStrategyConfig.class).autowire();
 
-		this.mvc.perform(get("/auth")
-				.with(request -> {
-					request.setRequestedSessionIdValid(false);
-					request.setRequestedSessionId("id");
-					return request;
-				}))
-				.andExpect(status().isOk());
+		this.mvc.perform(get("/auth").with(request -> {
+			request.setRequestedSessionIdValid(false);
+			request.setRequestedSessionId("id");
+			return request;
+		})).andExpect(status().isOk());
 
-		verifyBean(InvalidSessionStrategy.class)
-				.onInvalidSessionDetected(any(HttpServletRequest.class), any(HttpServletResponse.class));
+		verifyBean(InvalidSessionStrategy.class).onInvalidSessionDetected(any(HttpServletRequest.class),
+				any(HttpServletResponse.class));
 	}
 
 	@EnableWebSecurity
 	static class InvalidSessionStrategyConfig extends WebSecurityConfigurerAdapter {
+
 		InvalidSessionStrategy invalidSessionStrategy = mock(InvalidSessionStrategy.class);
 
 		@Override
@@ -232,25 +220,24 @@ public class NamespaceSessionManagementTests {
 		InvalidSessionStrategy invalidSessionStrategy() {
 			return this.invalidSessionStrategy;
 		}
+
 	}
 
 	@Test
 	public void authenticateWhenUsingCustomSessionAuthenticationStrategyThenMatchesNamespace() throws Exception {
-		this.spring.register(RefsSessionManagementConfig.class, BasicController.class, UserDetailsServiceConfig.class).autowire();
+		this.spring.register(RefsSessionManagementConfig.class, BasicController.class, UserDetailsServiceConfig.class)
+				.autowire();
 
-		this.mvc.perform(get("/auth")
-				.with(httpBasic("user", "password")))
-				.andExpect(status().isOk());
+		this.mvc.perform(get("/auth").with(httpBasic("user", "password"))).andExpect(status().isOk());
 
-		verifyBean(SessionAuthenticationStrategy.class)
-				.onAuthentication(any(Authentication.class),
-						any(HttpServletRequest.class), any(HttpServletResponse.class));
+		verifyBean(SessionAuthenticationStrategy.class).onAuthentication(any(Authentication.class),
+				any(HttpServletRequest.class), any(HttpServletResponse.class));
 	}
 
 	@EnableWebSecurity
 	static class RefsSessionManagementConfig extends WebSecurityConfigurerAdapter {
-		SessionAuthenticationStrategy sessionAuthenticationStrategy =
-				mock(SessionAuthenticationStrategy.class);
+
+		SessionAuthenticationStrategy sessionAuthenticationStrategy = mock(SessionAuthenticationStrategy.class);
 
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
@@ -267,26 +254,27 @@ public class NamespaceSessionManagementTests {
 		SessionAuthenticationStrategy sessionAuthenticationStrategy() {
 			return this.sessionAuthenticationStrategy;
 		}
+
 	}
 
 	@Test
 	public void authenticateWhenNoSessionFixationProtectionThenMatchesNamespace() throws Exception {
-		this.spring.register(SFPNoneSessionManagementConfig.class, BasicController.class, UserDetailsServiceConfig.class).autowire();
+		this.spring
+				.register(SFPNoneSessionManagementConfig.class, BasicController.class, UserDetailsServiceConfig.class)
+				.autowire();
 
 		MockHttpSession givenSession = new MockHttpSession();
 		String givenSessionId = givenSession.getId();
-		MockHttpSession resultingSession = (MockHttpSession)
-				this.mvc.perform(get("/auth")
-						.session(givenSession)
-						.with(httpBasic("user", "password")))
-						.andExpect(status().isOk())
-						.andReturn().getRequest().getSession(false);
+		MockHttpSession resultingSession = (MockHttpSession) this.mvc
+				.perform(get("/auth").session(givenSession).with(httpBasic("user", "password")))
+				.andExpect(status().isOk()).andReturn().getRequest().getSession(false);
 
 		assertThat(givenSessionId).isEqualTo(resultingSession.getId());
 	}
 
 	@EnableWebSecurity
 	static class SFPNoneSessionManagementConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -297,22 +285,21 @@ public class NamespaceSessionManagementTests {
 				.httpBasic();
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void authenticateWhenMigrateSessionFixationProtectionThenMatchesNamespace() throws Exception {
-		this.spring.register(SFPMigrateSessionManagementConfig.class, BasicController.class, UserDetailsServiceConfig.class).autowire();
+		this.spring.register(SFPMigrateSessionManagementConfig.class, BasicController.class,
+				UserDetailsServiceConfig.class).autowire();
 
 		MockHttpSession givenSession = new MockHttpSession();
 		String givenSessionId = givenSession.getId();
 		givenSession.setAttribute("name", "value");
 
-		MockHttpSession resultingSession = (MockHttpSession)
-				this.mvc.perform(get("/auth")
-						.session(givenSession)
-						.with(httpBasic("user", "password")))
-						.andExpect(status().isOk())
-						.andReturn().getRequest().getSession(false);
+		MockHttpSession resultingSession = (MockHttpSession) this.mvc
+				.perform(get("/auth").session(givenSession).with(httpBasic("user", "password")))
+				.andExpect(status().isOk()).andReturn().getRequest().getSession(false);
 
 		assertThat(givenSessionId).isNotEqualTo(resultingSession.getId());
 		assertThat(resultingSession.getAttribute("name")).isEqualTo("value");
@@ -320,6 +307,7 @@ public class NamespaceSessionManagementTests {
 
 	@EnableWebSecurity
 	static class SFPMigrateSessionManagementConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -329,6 +317,7 @@ public class NamespaceSessionManagementTests {
 				.httpBasic();
 			// @formatter:on
 		}
+
 	}
 
 	// SEC-2913
@@ -336,9 +325,7 @@ public class NamespaceSessionManagementTests {
 	public void authenticateWhenUsingSessionFixationProtectionThenUsesNonNullEventPublisher() throws Exception {
 		this.spring.register(SFPPostProcessedConfig.class, UserDetailsServiceConfig.class).autowire();
 
-		this.mvc.perform(get("/auth")
-				.session(new MockHttpSession())
-				.with(httpBasic("user", "password")))
+		this.mvc.perform(get("/auth").session(new MockHttpSession()).with(httpBasic("user", "password")))
 				.andExpect(status().isNotFound());
 
 		verifyBean(MockEventListener.class).onApplicationEvent(any(SessionFixationProtectionEvent.class));
@@ -346,6 +333,7 @@ public class NamespaceSessionManagementTests {
 
 	@EnableWebSecurity
 	static class SFPPostProcessedConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -360,6 +348,7 @@ public class NamespaceSessionManagementTests {
 		public MockEventListener eventListener() {
 			return spy(new MockEventListener());
 		}
+
 	}
 
 	@Test
@@ -370,12 +359,9 @@ public class NamespaceSessionManagementTests {
 		String givenSessionId = givenSession.getId();
 		givenSession.setAttribute("name", "value");
 
-		MockHttpSession resultingSession = (MockHttpSession)
-				this.mvc.perform(get("/auth")
-						.session(givenSession)
-						.with(httpBasic("user", "password")))
-						.andExpect(status().isNotFound())
-						.andReturn().getRequest().getSession(false);
+		MockHttpSession resultingSession = (MockHttpSession) this.mvc
+				.perform(get("/auth").session(givenSession).with(httpBasic("user", "password")))
+				.andExpect(status().isNotFound()).andReturn().getRequest().getSession(false);
 
 		assertThat(givenSessionId).isNotEqualTo(resultingSession.getId());
 		assertThat(resultingSession.getAttribute("name")).isNull();
@@ -383,6 +369,7 @@ public class NamespaceSessionManagementTests {
 
 	@EnableWebSecurity
 	static class SFPNewSessionSessionManagementConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -393,27 +380,30 @@ public class NamespaceSessionManagementTests {
 				.httpBasic();
 			// @formatter:on
 		}
-	}
 
+	}
 
 	private <T> T verifyBean(Class<T> clazz) {
 		return verify(this.spring.getContext().getBean(clazz));
 	}
 
 	static class MockEventListener implements ApplicationListener<SessionFixationProtectionEvent> {
+
 		List<SessionFixationProtectionEvent> events = new ArrayList<>();
 
 		public void onApplicationEvent(SessionFixationProtectionEvent event) {
 			this.events.add(event);
 		}
+
 	}
 
 	@Configuration
 	static class UserDetailsServiceConfig {
+
 		@Bean
 		UserDetailsService userDetailsService() {
 			return new InMemoryUserDetailsManager(
-					// @formatter:off
+			// @formatter:off
 					User.withDefaultPasswordEncoder()
 							.username("user")
 							.password("password")
@@ -421,10 +411,12 @@ public class NamespaceSessionManagementTests {
 							.build());
 					// @formatter:on
 		}
+
 	}
 
 	@RestController
 	static class BasicController {
+
 		@GetMapping("/")
 		public String ok() {
 			return "ok";
@@ -434,6 +426,7 @@ public class NamespaceSessionManagementTests {
 		public String auth(Principal principal) {
 			return principal.getName();
 		}
+
 	}
 
 	private static SessionResultMatcher session() {
@@ -441,8 +434,11 @@ public class NamespaceSessionManagementTests {
 	}
 
 	private static class SessionResultMatcher implements ResultMatcher {
+
 		private String id;
+
 		private Boolean valid;
+
 		private Boolean exists = true;
 
 		public ResultMatcher exists(boolean exists) {
@@ -474,7 +470,8 @@ public class NamespaceSessionManagementTests {
 			if (this.valid != null) {
 				if (this.valid) {
 					assertThat(session.isInvalid()).isFalse();
-				} else {
+				}
+				else {
 					assertThat(session.isInvalid()).isTrue();
 				}
 			}
@@ -483,5 +480,7 @@ public class NamespaceSessionManagementTests {
 				assertThat(session.getId()).isEqualTo(this.id);
 			}
 		}
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/PermitAllSupportTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/PermitAllSupportTests.java
index be0d8b9cd2..0af8e42362 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/PermitAllSupportTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/PermitAllSupportTests.java
@@ -49,18 +49,15 @@ public class PermitAllSupportTests {
 	public void performWhenUsingPermitAllExactUrlRequestMatcherThenMatchesExactUrl() throws Exception {
 		this.spring.register(PermitAllConfig.class).autowire();
 
-		this.mvc.perform(get("/app/xyz").contextPath("/app"))
-				.andExpect(status().isNotFound());
-		this.mvc.perform(get("/app/xyz?def").contextPath("/app"))
-				.andExpect(status().isFound());
-		this.mvc.perform(post("/app/abc?def").with(csrf()).contextPath("/app"))
-				.andExpect(status().isNotFound());
-		this.mvc.perform(get("/app/abc").with(csrf()).contextPath("/app"))
-				.andExpect(status().isFound());
+		this.mvc.perform(get("/app/xyz").contextPath("/app")).andExpect(status().isNotFound());
+		this.mvc.perform(get("/app/xyz?def").contextPath("/app")).andExpect(status().isFound());
+		this.mvc.perform(post("/app/abc?def").with(csrf()).contextPath("/app")).andExpect(status().isNotFound());
+		this.mvc.perform(get("/app/abc").with(csrf()).contextPath("/app")).andExpect(status().isFound());
 	}
 
 	@EnableWebSecurity
 	static class PermitAllConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -73,6 +70,7 @@ public class PermitAllSupportTests {
 					.loginProcessingUrl("/abc?def").permitAll();
 			// @formatter:on
 		}
+
 	}
 
 	@Test
@@ -93,5 +91,7 @@ public class PermitAllSupportTests {
 					.permitAll();
 			// @formatter:on
 		}
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/PortMapperConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/PortMapperConfigurerTests.java
index 715e079c9e..0d1519882d 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/PortMapperConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/PortMapperConfigurerTests.java
@@ -35,6 +35,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
  * @author Josh Cummings
  */
 public class PortMapperConfigurerTests {
+
 	@Rule
 	public final SpringTestRule spring = new SpringTestRule();
 
@@ -45,8 +46,7 @@ public class PortMapperConfigurerTests {
 	public void requestWhenPortMapperTwiceInvokedThenDoesNotOverride() throws Exception {
 		this.spring.register(InvokeTwiceDoesNotOverride.class).autowire();
 
-		this.mockMvc.perform(get("http://localhost:543"))
-			.andExpect(redirectedUrl("https://localhost:123"));
+		this.mockMvc.perform(get("http://localhost:543")).andExpect(redirectedUrl("https://localhost:123"));
 	}
 
 	@EnableWebSecurity
@@ -65,18 +65,19 @@ public class PortMapperConfigurerTests {
 				.portMapper();
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void requestWhenPortMapperHttpMapsToInLambdaThenRedirectsToHttpsPort() throws Exception {
 		this.spring.register(HttpMapsToInLambdaConfig.class).autowire();
 
-		this.mockMvc.perform(get("http://localhost:543"))
-				.andExpect(redirectedUrl("https://localhost:123"));
+		this.mockMvc.perform(get("http://localhost:543")).andExpect(redirectedUrl("https://localhost:123"));
 	}
 
 	@EnableWebSecurity
 	static class HttpMapsToInLambdaConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -91,18 +92,19 @@ public class PortMapperConfigurerTests {
 				);
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void requestWhenCustomPortMapperInLambdaThenRedirectsToHttpsPort() throws Exception {
 		this.spring.register(CustomPortMapperInLambdaConfig.class).autowire();
 
-		this.mockMvc.perform(get("http://localhost:543"))
-				.andExpect(redirectedUrl("https://localhost:123"));
+		this.mockMvc.perform(get("http://localhost:543")).andExpect(redirectedUrl("https://localhost:123"));
 	}
 
 	@EnableWebSecurity
 	static class CustomPortMapperInLambdaConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			PortMapperImpl customPortMapper = new PortMapperImpl();
@@ -119,5 +121,7 @@ public class PortMapperConfigurerTests {
 				);
 			// @formatter:on
 		}
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurerTests.java
index 2988162ff0..e3ea0b15ea 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurerTests.java
@@ -80,17 +80,13 @@ public class RememberMeConfigurerTests {
 	public void postWhenNoUserDetailsServiceThenException() {
 		this.spring.register(NullUserDetailsConfig.class).autowire();
 
-		assertThatThrownBy(() ->
-				mvc.perform(post("/login")
-						.param("username", "user")
-						.param("password", "password")
-						.param("remember-me", "true")
-						.with(csrf())))
-				.hasMessageContaining("UserDetailsService is required");
+		assertThatThrownBy(() -> mvc.perform(post("/login").param("username", "user").param("password", "password")
+				.param("remember-me", "true").with(csrf()))).hasMessageContaining("UserDetailsService is required");
 	}
 
 	@EnableWebSecurity
 	static class NullUserDetailsConfig extends WebSecurityConfigurerAdapter {
+
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
@@ -113,18 +109,19 @@ public class RememberMeConfigurerTests {
 				.authenticationProvider(provider);
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void configureWhenRegisteringObjectPostProcessorThenInvokedOnRememberMeAuthenticationFilter() {
 		this.spring.register(ObjectPostProcessorConfig.class).autowire();
 
-		verify(ObjectPostProcessorConfig.objectPostProcessor)
-				.postProcess(any(RememberMeAuthenticationFilter.class));
+		verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(RememberMeAuthenticationFilter.class));
 	}
 
 	@EnableWebSecurity
 	static class ObjectPostProcessorConfig extends WebSecurityConfigurerAdapter {
+
 		static ObjectPostProcessor<Object> objectPostProcessor = spy(ReflectingObjectPostProcessor.class);
 
 		@Override
@@ -148,13 +145,16 @@ public class RememberMeConfigurerTests {
 		static ObjectPostProcessor<Object> objectPostProcessor() {
 			return objectPostProcessor;
 		}
+
 	}
 
 	static class ReflectingObjectPostProcessor implements ObjectPostProcessor<Object> {
+
 		@Override
 		public <O> O postProcess(O object) {
 			return object;
 		}
+
 	}
 
 	@Test
@@ -163,15 +163,14 @@ public class RememberMeConfigurerTests {
 				.thenReturn(new User("user", "password", Collections.emptyList()));
 		this.spring.register(DuplicateDoesNotOverrideConfig.class).autowire();
 
-		this.mvc.perform(get("/")
-				.with(httpBasic("user", "password"))
-				.param("remember-me", "true"));
+		this.mvc.perform(get("/").with(httpBasic("user", "password")).param("remember-me", "true"));
 
 		verify(DuplicateDoesNotOverrideConfig.userDetailsService).loadUserByUsername("user");
 	}
 
 	@EnableWebSecurity
 	static class DuplicateDoesNotOverrideConfig extends WebSecurityConfigurerAdapter {
+
 		static UserDetailsService userDetailsService = mock(UserDetailsService.class);
 
 		@Override
@@ -190,7 +189,7 @@ public class RememberMeConfigurerTests {
 		@Bean
 		public UserDetailsService userDetailsService() {
 			return new InMemoryUserDetailsManager(
-					// @formatter:off
+			// @formatter:off
 					User.withDefaultPasswordEncoder()
 							.username("user")
 							.password("password")
@@ -199,81 +198,56 @@ public class RememberMeConfigurerTests {
 					// @formatter:on
 			);
 		}
+
 	}
 
 	@Test
 	public void loginWhenRememberMeTrueThenRespondsWithRememberMeCookie() throws Exception {
 		this.spring.register(RememberMeConfig.class).autowire();
 
-		this.mvc.perform(post("/login")
-				.with(csrf())
-				.param("username", "user")
-				.param("password", "password")
-				.param("remember-me", "true"))
-				.andExpect(cookie().exists("remember-me"));
+		this.mvc.perform(post("/login").with(csrf()).param("username", "user").param("password", "password")
+				.param("remember-me", "true")).andExpect(cookie().exists("remember-me"));
 	}
 
 	@Test
 	public void getWhenRememberMeCookieThenAuthenticationIsRememberMeAuthenticationToken() throws Exception {
 		this.spring.register(RememberMeConfig.class).autowire();
 
-		MvcResult mvcResult = this.mvc.perform(post("/login")
-				.with(csrf())
-				.param("username", "user")
-				.param("password", "password")
-				.param("remember-me", "true"))
-				.andReturn();
+		MvcResult mvcResult = this.mvc.perform(post("/login").with(csrf()).param("username", "user")
+				.param("password", "password").param("remember-me", "true")).andReturn();
 		Cookie rememberMeCookie = mvcResult.getResponse().getCookie("remember-me");
 
-		this.mvc.perform(get("/abc")
-				.cookie(rememberMeCookie))
-				.andExpect(authenticated().withAuthentication(auth ->
-						assertThat(auth).isInstanceOf(RememberMeAuthenticationToken.class)));
+		this.mvc.perform(get("/abc").cookie(rememberMeCookie)).andExpect(authenticated()
+				.withAuthentication(auth -> assertThat(auth).isInstanceOf(RememberMeAuthenticationToken.class)));
 	}
 
 	@Test
 	public void logoutWhenRememberMeCookieThenAuthenticationIsRememberMeCookieExpired() throws Exception {
 		this.spring.register(RememberMeConfig.class).autowire();
 
-		MvcResult mvcResult = this.mvc.perform(post("/login")
-				.with(csrf())
-				.param("username", "user")
-				.param("password", "password")
-				.param("remember-me", "true"))
-				.andReturn();
+		MvcResult mvcResult = this.mvc.perform(post("/login").with(csrf()).param("username", "user")
+				.param("password", "password").param("remember-me", "true")).andReturn();
 		Cookie rememberMeCookie = mvcResult.getResponse().getCookie("remember-me");
 		HttpSession session = mvcResult.getRequest().getSession();
 
-		this.mvc.perform(post("/logout")
-				.with(csrf())
-				.cookie(rememberMeCookie)
-				.session((MockHttpSession) session))
-				.andExpect(redirectedUrl("/login?logout"))
-				.andExpect(cookie().maxAge("remember-me", 0));
+		this.mvc.perform(post("/logout").with(csrf()).cookie(rememberMeCookie).session((MockHttpSession) session))
+				.andExpect(redirectedUrl("/login?logout")).andExpect(cookie().maxAge("remember-me", 0));
 	}
 
 	@Test
 	public void getWhenRememberMeCookieAndLoggedOutThenRedirectsToLogin() throws Exception {
 		this.spring.register(RememberMeConfig.class).autowire();
 
-		MvcResult loginMvcResult = this.mvc.perform(post("/login")
-				.with(csrf())
-				.param("username", "user")
-				.param("password", "password")
-				.param("remember-me", "true"))
-				.andReturn();
+		MvcResult loginMvcResult = this.mvc.perform(post("/login").with(csrf()).param("username", "user")
+				.param("password", "password").param("remember-me", "true")).andReturn();
 		Cookie rememberMeCookie = loginMvcResult.getResponse().getCookie("remember-me");
 		HttpSession session = loginMvcResult.getRequest().getSession();
-		MvcResult logoutMvcResult = this.mvc.perform(post("/logout")
-				.with(csrf())
-				.cookie(rememberMeCookie)
-				.session((MockHttpSession) session))
+		MvcResult logoutMvcResult = this.mvc
+				.perform(post("/logout").with(csrf()).cookie(rememberMeCookie).session((MockHttpSession) session))
 				.andReturn();
 		Cookie expiredRememberMeCookie = logoutMvcResult.getResponse().getCookie("remember-me");
 
-		this.mvc.perform(get("/abc")
-				.with(csrf())
-				.cookie(expiredRememberMeCookie))
+		this.mvc.perform(get("/abc").with(csrf()).cookie(expiredRememberMeCookie))
 				.andExpect(redirectedUrl("http://localhost/login"));
 	}
 
@@ -301,19 +275,15 @@ public class RememberMeConfigurerTests {
 					.withUser(PasswordEncodedUser.user());
 			// @formatter:on
 		}
-	}
 
+	}
 
 	@Test
 	public void loginWhenRememberMeConfiguredInLambdaThenRespondsWithRememberMeCookie() throws Exception {
 		this.spring.register(RememberMeInLambdaConfig.class).autowire();
 
-		this.mvc.perform(post("/login")
-				.with(csrf())
-				.param("username", "user")
-				.param("password", "password")
-				.param("remember-me", "true"))
-				.andExpect(cookie().exists("remember-me"));
+		this.mvc.perform(post("/login").with(csrf()).param("username", "user").param("password", "password")
+				.param("remember-me", "true")).andExpect(cookie().exists("remember-me"));
 	}
 
 	@EnableWebSecurity
@@ -340,23 +310,21 @@ public class RememberMeConfigurerTests {
 					.withUser(PasswordEncodedUser.user());
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void loginWhenRememberMeTrueAndCookieDomainThenRememberMeCookieHasDomain() throws Exception {
 		this.spring.register(RememberMeCookieDomainConfig.class).autowire();
 
-		this.mvc.perform(post("/login")
-				.with(csrf())
-				.param("username", "user")
-				.param("password", "password")
-				.param("remember-me", "true"))
-				.andExpect(cookie().exists("remember-me"))
+		this.mvc.perform(post("/login").with(csrf()).param("username", "user").param("password", "password")
+				.param("remember-me", "true")).andExpect(cookie().exists("remember-me"))
 				.andExpect(cookie().domain("remember-me", "spring.io"));
 	}
 
 	@EnableWebSecurity
 	static class RememberMeCookieDomainConfig extends WebSecurityConfigurerAdapter {
+
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
@@ -378,23 +346,21 @@ public class RememberMeConfigurerTests {
 					.withUser(PasswordEncodedUser.user());
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void loginWhenRememberMeTrueAndCookieDomainInLambdaThenRememberMeCookieHasDomain() throws Exception {
 		this.spring.register(RememberMeCookieDomainInLambdaConfig.class).autowire();
 
-		this.mvc.perform(post("/login")
-				.with(csrf())
-				.param("username", "user")
-				.param("password", "password")
-				.param("remember-me", "true"))
-				.andExpect(cookie().exists("remember-me"))
+		this.mvc.perform(post("/login").with(csrf()).param("username", "user").param("password", "password")
+				.param("remember-me", "true")).andExpect(cookie().exists("remember-me"))
 				.andExpect(cookie().domain("remember-me", "spring.io"));
 	}
 
 	@EnableWebSecurity
 	static class RememberMeCookieDomainInLambdaConfig extends WebSecurityConfigurerAdapter {
+
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
@@ -418,18 +384,19 @@ public class RememberMeConfigurerTests {
 					.withUser(PasswordEncodedUser.user());
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void configureWhenRememberMeCookieNameAndRememberMeServicesThenException() {
 		assertThatThrownBy(() -> this.spring.register(RememberMeCookieNameAndRememberMeServicesConfig.class).autowire())
-				.isInstanceOf(BeanCreationException.class)
-				.hasRootCauseInstanceOf(IllegalArgumentException.class)
+				.isInstanceOf(BeanCreationException.class).hasRootCauseInstanceOf(IllegalArgumentException.class)
 				.hasMessageContaining("Can not set rememberMeCookieName and custom rememberMeServices.");
 	}
 
 	@EnableWebSecurity
 	static class RememberMeCookieNameAndRememberMeServicesConfig extends WebSecurityConfigurerAdapter {
+
 		static RememberMeServices REMEMBER_ME = mock(RememberMeServices.class);
 
 		protected void configure(HttpSecurity http) throws Exception {
@@ -455,25 +422,19 @@ public class RememberMeConfigurerTests {
 					.withUser(PasswordEncodedUser.user());
 			// @formatter:on
 		}
+
 	}
 
 	@Test
-	public void getWhenRememberMeCookieAndNoKeyConfiguredThenKeyFromRememberMeServicesIsUsed()
-			throws Exception {
+	public void getWhenRememberMeCookieAndNoKeyConfiguredThenKeyFromRememberMeServicesIsUsed() throws Exception {
 		this.spring.register(FallbackRememberMeKeyConfig.class).autowire();
 
-		MvcResult mvcResult = this.mvc.perform(post("/login")
-				.with(csrf())
-				.param("username", "user")
-				.param("password", "password")
-				.param("remember-me", "true"))
-				.andReturn();
+		MvcResult mvcResult = this.mvc.perform(post("/login").with(csrf()).param("username", "user")
+				.param("password", "password").param("remember-me", "true")).andReturn();
 		Cookie rememberMeCookie = mvcResult.getResponse().getCookie("remember-me");
 
-		this.mvc.perform(get("/abc")
-				.cookie(rememberMeCookie))
-				.andExpect(authenticated().withAuthentication(auth ->
-						assertThat(auth).isInstanceOf(RememberMeAuthenticationToken.class)));
+		this.mvc.perform(get("/abc").cookie(rememberMeCookie)).andExpect(authenticated()
+				.withAuthentication(auth -> assertThat(auth).isInstanceOf(RememberMeAuthenticationToken.class)));
 	}
 
 	@EnableWebSecurity
@@ -487,5 +448,7 @@ public class RememberMeConfigurerTests {
 					.rememberMeServices(new TokenBasedRememberMeServices("key", userDetailsService()));
 			// @formatter:on
 		}
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestCacheConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestCacheConfigurerTests.java
index 3647b0210a..6e8c4b0ac4 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestCacheConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestCacheConfigurerTests.java
@@ -69,12 +69,12 @@ public class RequestCacheConfigurerTests {
 	public void configureWhenRegisteringObjectPostProcessorThenInvokedOnExceptionTranslationFilter() {
 		this.spring.register(ObjectPostProcessorConfig.class, DefaultSecurityConfig.class).autowire();
 
-		verify(ObjectPostProcessorConfig.objectPostProcessor)
-				.postProcess(any(RequestCacheAwareFilter.class));
+		verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(RequestCacheAwareFilter.class));
 	}
 
 	@EnableWebSecurity
 	static class ObjectPostProcessorConfig extends WebSecurityConfigurerAdapter {
+
 		static ObjectPostProcessor<Object> objectPostProcessor = spy(ReflectingObjectPostProcessor.class);
 
 		@Override
@@ -89,13 +89,16 @@ public class RequestCacheConfigurerTests {
 		static ObjectPostProcessor<Object> objectPostProcessor() {
 			return objectPostProcessor;
 		}
+
 	}
 
 	static class ReflectingObjectPostProcessor implements ObjectPostProcessor<Object> {
+
 		@Override
 		public <O> O postProcess(O object) {
 			return object;
 		}
+
 	}
 
 	@Test
@@ -104,12 +107,13 @@ public class RequestCacheConfigurerTests {
 
 		this.mvc.perform(get("/"));
 
-		verify(InvokeTwiceDoesNotOverrideConfig.requestCache)
-				.getMatchingRequest(any(HttpServletRequest.class), any(HttpServletResponse.class));
+		verify(InvokeTwiceDoesNotOverrideConfig.requestCache).getMatchingRequest(any(HttpServletRequest.class),
+				any(HttpServletResponse.class));
 	}
 
 	@EnableWebSecurity
 	static class InvokeTwiceDoesNotOverrideConfig extends WebSecurityConfigurerAdapter {
+
 		static RequestCache requestCache = mock(RequestCache.class);
 
 		@Override
@@ -122,32 +126,29 @@ public class RequestCacheConfigurerTests {
 				.requestCache();
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void getWhenBookmarkedUrlIsFaviconIcoThenPostAuthenticationRedirectsToRoot() throws Exception {
 		this.spring.register(RequestCacheDefaultsConfig.class, DefaultSecurityConfig.class).autowire();
 
-		MockHttpSession session = (MockHttpSession)
-				this.mvc.perform(get("/favicon.ico"))
-						.andExpect(redirectedUrl("http://localhost/login"))
-						.andReturn().getRequest().getSession();
+		MockHttpSession session = (MockHttpSession) this.mvc.perform(get("/favicon.ico"))
+				.andExpect(redirectedUrl("http://localhost/login")).andReturn().getRequest().getSession();
 
-		this.mvc.perform(formLogin(session))
-				.andExpect(redirectedUrl("/")); // ignores favicon.ico
+		this.mvc.perform(formLogin(session)).andExpect(redirectedUrl("/")); // ignores
+																			// favicon.ico
 	}
 
 	@Test
 	public void getWhenBookmarkedUrlIsFaviconPngThenPostAuthenticationRedirectsToRoot() throws Exception {
 		this.spring.register(RequestCacheDefaultsConfig.class, DefaultSecurityConfig.class).autowire();
 
-		MockHttpSession session = (MockHttpSession)
-				this.mvc.perform(get("/favicon.png"))
-						.andExpect(redirectedUrl("http://localhost/login"))
-						.andReturn().getRequest().getSession();
+		MockHttpSession session = (MockHttpSession) this.mvc.perform(get("/favicon.png"))
+				.andExpect(redirectedUrl("http://localhost/login")).andReturn().getRequest().getSession();
 
-		this.mvc.perform(formLogin(session))
-				.andExpect(redirectedUrl("/")); // ignores favicon.png
+		this.mvc.perform(formLogin(session)).andExpect(redirectedUrl("/")); // ignores
+																			// favicon.png
 	}
 
 	// SEC-2321
@@ -155,16 +156,15 @@ public class RequestCacheConfigurerTests {
 	public void getWhenBookmarkedRequestIsApplicationJsonThenPostAuthenticationRedirectsToRoot() throws Exception {
 		this.spring.register(RequestCacheDefaultsConfig.class, DefaultSecurityConfig.class).autowire();
 
-		MockHttpSession session = (MockHttpSession)
-				this.mvc.perform(get("/messages")
-						.header(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON))
-						.andExpect(redirectedUrl("http://localhost/login"))
-						.andReturn().getRequest().getSession();
+		MockHttpSession session = (MockHttpSession) this.mvc
+				.perform(get("/messages").header(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON))
+				.andExpect(redirectedUrl("http://localhost/login")).andReturn().getRequest().getSession();
 
-		this.mvc.perform(formLogin(session))
-				.andExpect(redirectedUrl("/")); // ignores application/json
+		this.mvc.perform(formLogin(session)).andExpect(redirectedUrl("/")); // ignores
+																			// application/json
 
-		//  This is desirable since JSON requests are typically not invoked directly from the browser and we don't want the browser to replay them
+		// This is desirable since JSON requests are typically not invoked directly from
+		// the browser and we don't want the browser to replay them
 	}
 
 	// SEC-2321
@@ -172,87 +172,74 @@ public class RequestCacheConfigurerTests {
 	public void getWhenBookmarkedRequestIsXRequestedWithThenPostAuthenticationRedirectsToRoot() throws Exception {
 		this.spring.register(RequestCacheDefaultsConfig.class, DefaultSecurityConfig.class).autowire();
 
-		MockHttpSession session = (MockHttpSession)
-				this.mvc.perform(get("/messages")
-						.header("X-Requested-With", "XMLHttpRequest"))
-						.andExpect(redirectedUrl("http://localhost/login"))
-						.andReturn().getRequest().getSession();
+		MockHttpSession session = (MockHttpSession) this.mvc
+				.perform(get("/messages").header("X-Requested-With", "XMLHttpRequest"))
+				.andExpect(redirectedUrl("http://localhost/login")).andReturn().getRequest().getSession();
 
-		this.mvc.perform(formLogin(session))
-				.andExpect(redirectedUrl("/"));
+		this.mvc.perform(formLogin(session)).andExpect(redirectedUrl("/"));
 
-		//  This is desirable since XHR requests are typically not invoked directly from the browser and we don't want the browser to replay them
+		// This is desirable since XHR requests are typically not invoked directly from
+		// the browser and we don't want the browser to replay them
 	}
+
 	@Test
 	public void getWhenBookmarkedRequestIsTextEventStreamThenPostAuthenticationRedirectsToRoot() throws Exception {
 		this.spring.register(RequestCacheDefaultsConfig.class, DefaultSecurityConfig.class).autowire();
 
-		MockHttpSession session = (MockHttpSession)
-				this.mvc.perform(get("/messages")
-						.header(HttpHeaders.ACCEPT, MediaType.TEXT_EVENT_STREAM))
-						.andExpect(redirectedUrl("http://localhost/login"))
-						.andReturn().getRequest().getSession();
+		MockHttpSession session = (MockHttpSession) this.mvc
+				.perform(get("/messages").header(HttpHeaders.ACCEPT, MediaType.TEXT_EVENT_STREAM))
+				.andExpect(redirectedUrl("http://localhost/login")).andReturn().getRequest().getSession();
 
-		this.mvc.perform(formLogin(session))
-				.andExpect(redirectedUrl("/")); // ignores text/event-stream
+		this.mvc.perform(formLogin(session)).andExpect(redirectedUrl("/")); // ignores
+																			// text/event-stream
 
-		//  This is desirable since event-stream requests are typically not invoked directly from the browser and we don't want the browser to replay them
+		// This is desirable since event-stream requests are typically not invoked
+		// directly from the browser and we don't want the browser to replay them
 	}
 
 	@Test
 	public void getWhenBookmarkedRequestIsAllMediaTypeThenPostAuthenticationRemembers() throws Exception {
 		this.spring.register(RequestCacheDefaultsConfig.class, DefaultSecurityConfig.class).autowire();
 
-		MockHttpSession session = (MockHttpSession)
-				this.mvc.perform(get("/messages")
-						.header(HttpHeaders.ACCEPT, MediaType.ALL))
-						.andExpect(redirectedUrl("http://localhost/login"))
-						.andReturn().getRequest().getSession();
+		MockHttpSession session = (MockHttpSession) this.mvc
+				.perform(get("/messages").header(HttpHeaders.ACCEPT, MediaType.ALL))
+				.andExpect(redirectedUrl("http://localhost/login")).andReturn().getRequest().getSession();
 
-		this.mvc.perform(formLogin(session))
-				.andExpect(redirectedUrl("http://localhost/messages"));
+		this.mvc.perform(formLogin(session)).andExpect(redirectedUrl("http://localhost/messages"));
 	}
 
 	@Test
 	public void getWhenBookmarkedRequestIsTextHtmlThenPostAuthenticationRemembers() throws Exception {
 		this.spring.register(RequestCacheDefaultsConfig.class, DefaultSecurityConfig.class).autowire();
 
-		MockHttpSession session = (MockHttpSession)
-				this.mvc.perform(get("/messages")
-						.header(HttpHeaders.ACCEPT, MediaType.TEXT_HTML))
-						.andExpect(redirectedUrl("http://localhost/login"))
-						.andReturn().getRequest().getSession();
+		MockHttpSession session = (MockHttpSession) this.mvc
+				.perform(get("/messages").header(HttpHeaders.ACCEPT, MediaType.TEXT_HTML))
+				.andExpect(redirectedUrl("http://localhost/login")).andReturn().getRequest().getSession();
 
-		this.mvc.perform(formLogin(session))
-				.andExpect(redirectedUrl("http://localhost/messages"));
+		this.mvc.perform(formLogin(session)).andExpect(redirectedUrl("http://localhost/messages"));
 	}
 
 	@Test
 	public void getWhenBookmarkedRequestIsChromeThenPostAuthenticationRemembers() throws Exception {
 		this.spring.register(RequestCacheDefaultsConfig.class, DefaultSecurityConfig.class).autowire();
 
-		MockHttpSession session = (MockHttpSession)
-				this.mvc.perform(get("/messages")
-						.header(HttpHeaders.ACCEPT, "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"))
-						.andExpect(redirectedUrl("http://localhost/login"))
-						.andReturn().getRequest().getSession();
+		MockHttpSession session = (MockHttpSession) this.mvc
+				.perform(get("/messages").header(HttpHeaders.ACCEPT,
+						"text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"))
+				.andExpect(redirectedUrl("http://localhost/login")).andReturn().getRequest().getSession();
 
-		this.mvc.perform(formLogin(session))
-				.andExpect(redirectedUrl("http://localhost/messages"));
+		this.mvc.perform(formLogin(session)).andExpect(redirectedUrl("http://localhost/messages"));
 	}
 
 	@Test
 	public void getWhenBookmarkedRequestIsRequestedWithAndroidThenPostAuthenticationRemembers() throws Exception {
 		this.spring.register(RequestCacheDefaultsConfig.class, DefaultSecurityConfig.class).autowire();
 
-		MockHttpSession session = (MockHttpSession)
-				this.mvc.perform(get("/messages")
-						.header("X-Requested-With", "com.android"))
-						.andExpect(redirectedUrl("http://localhost/login"))
-						.andReturn().getRequest().getSession();
+		MockHttpSession session = (MockHttpSession) this.mvc
+				.perform(get("/messages").header("X-Requested-With", "com.android"))
+				.andExpect(redirectedUrl("http://localhost/login")).andReturn().getRequest().getSession();
 
-		this.mvc.perform(formLogin(session))
-				.andExpect(redirectedUrl("http://localhost/messages"));
+		this.mvc.perform(formLogin(session)).andExpect(redirectedUrl("http://localhost/messages"));
 	}
 
 	@EnableWebSecurity
@@ -268,19 +255,18 @@ public class RequestCacheConfigurerTests {
 				.formLogin();
 			// @formatter:on
 		}
+
 	}
 
 	// gh-6102
 	@Test
 	public void getWhenRequestCacheIsDisabledThenExceptionTranslationFilterDoesNotStoreRequest() throws Exception {
-		this.spring.register(RequestCacheDisabledConfig.class, ExceptionHandlingConfigurerTests.DefaultSecurityConfig.class).autowire();
+		this.spring.register(RequestCacheDisabledConfig.class,
+				ExceptionHandlingConfigurerTests.DefaultSecurityConfig.class).autowire();
 
-		MockHttpSession session = (MockHttpSession)
-				this.mvc.perform(get("/bob"))
-						.andReturn().getRequest().getSession();
+		MockHttpSession session = (MockHttpSession) this.mvc.perform(get("/bob")).andReturn().getRequest().getSession();
 
-		this.mvc.perform(formLogin(session))
-				.andExpect(redirectedUrl("/"));
+		this.mvc.perform(formLogin(session)).andExpect(redirectedUrl("/"));
 	}
 
 	// SEC-7060
@@ -290,37 +276,36 @@ public class RequestCacheConfigurerTests {
 
 		MockMultipartFile aFile = new MockMultipartFile("aFile", "A_FILE".getBytes());
 
-		MockHttpSession session = (MockHttpSession)
-				this.mvc.perform(multipart("/upload")
-						.file(aFile))
-						.andReturn().getRequest().getSession();
+		MockHttpSession session = (MockHttpSession) this.mvc.perform(multipart("/upload").file(aFile)).andReturn()
+				.getRequest().getSession();
 
 		this.mvc.perform(formLogin(session)).andExpect(redirectedUrl("/"));
 	}
 
 	@EnableWebSecurity
 	static class RequestCacheDisabledConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			super.configure(http);
 			http.requestCache().disable();
 		}
+
 	}
 
 	@Test
-	public void getWhenRequestCacheIsDisabledInLambdaThenExceptionTranslationFilterDoesNotStoreRequest() throws Exception {
+	public void getWhenRequestCacheIsDisabledInLambdaThenExceptionTranslationFilterDoesNotStoreRequest()
+			throws Exception {
 		this.spring.register(RequestCacheDisabledInLambdaConfig.class, DefaultSecurityConfig.class).autowire();
 
-		MockHttpSession session = (MockHttpSession)
-				this.mvc.perform(get("/bob"))
-						.andReturn().getRequest().getSession();
+		MockHttpSession session = (MockHttpSession) this.mvc.perform(get("/bob")).andReturn().getRequest().getSession();
 
-		this.mvc.perform(formLogin(session))
-				.andExpect(redirectedUrl("/"));
+		this.mvc.perform(formLogin(session)).andExpect(redirectedUrl("/"));
 	}
 
 	@EnableWebSecurity
 	static class RequestCacheDisabledInLambdaConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -333,22 +318,21 @@ public class RequestCacheConfigurerTests {
 				.requestCache(RequestCacheConfigurer::disable);
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void getWhenRequestCacheInLambdaThenRedirectedToCachedPage() throws Exception {
 		this.spring.register(RequestCacheInLambdaConfig.class, DefaultSecurityConfig.class).autowire();
 
-		MockHttpSession session = (MockHttpSession)
-				this.mvc.perform(get("/bob"))
-						.andReturn().getRequest().getSession();
+		MockHttpSession session = (MockHttpSession) this.mvc.perform(get("/bob")).andReturn().getRequest().getSession();
 
-		this.mvc.perform(formLogin(session))
-				.andExpect(redirectedUrl("http://localhost/bob"));
+		this.mvc.perform(formLogin(session)).andExpect(redirectedUrl("http://localhost/bob"));
 	}
 
 	@EnableWebSecurity
 	static class RequestCacheInLambdaConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -361,22 +345,21 @@ public class RequestCacheConfigurerTests {
 				.requestCache(withDefaults());
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void getWhenCustomRequestCacheInLambdaThenCustomRequestCacheUsed() throws Exception {
 		this.spring.register(CustomRequestCacheInLambdaConfig.class, DefaultSecurityConfig.class).autowire();
 
-		MockHttpSession session = (MockHttpSession)
-				this.mvc.perform(get("/bob"))
-						.andReturn().getRequest().getSession();
+		MockHttpSession session = (MockHttpSession) this.mvc.perform(get("/bob")).andReturn().getRequest().getSession();
 
-		this.mvc.perform(formLogin(session))
-				.andExpect(redirectedUrl("/"));
+		this.mvc.perform(formLogin(session)).andExpect(redirectedUrl("/"));
 	}
 
 	@EnableWebSecurity
 	static class CustomRequestCacheInLambdaConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -392,6 +375,7 @@ public class RequestCacheConfigurerTests {
 				);
 			// @formatter:on
 		}
+
 	}
 
 	@EnableWebSecurity
@@ -408,13 +392,11 @@ public class RequestCacheConfigurerTests {
 			);
 			// @formatter:on
 		}
+
 	}
 
 	private static RequestBuilder formLogin(MockHttpSession session) {
-		return post("/login")
-				.param("username", "user")
-				.param("password", "password")
-				.session(session)
-				.with(csrf());
+		return post("/login").param("username", "user").param("password", "password").session(session).with(csrf());
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestMatcherConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestMatcherConfigurerTests.java
index 4bc131761b..9ebf93e7bc 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestMatcherConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestMatcherConfigurerTests.java
@@ -47,10 +47,8 @@ public class RequestMatcherConfigurerTests {
 	public void authorizeRequestsWhenInvokedMultipleTimesThenChainsPaths() throws Exception {
 		this.spring.register(Sec2908Config.class).autowire();
 
-		this.mvc.perform(get("/oauth/abc"))
-				.andExpect(status().isForbidden());
-		this.mvc.perform(get("/api/abc"))
-				.andExpect(status().isForbidden());
+		this.mvc.perform(get("/oauth/abc")).andExpect(status().isForbidden());
+		this.mvc.perform(get("/api/abc")).andExpect(status().isForbidden());
 	}
 
 	@EnableWebSecurity
@@ -70,16 +68,15 @@ public class RequestMatcherConfigurerTests {
 					.anyRequest().denyAll();
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void authorizeRequestsWhenInvokedMultipleTimesInLambdaThenChainsPaths() throws Exception {
 		this.spring.register(AuthorizeRequestInLambdaConfig.class).autowire();
 
-		this.mvc.perform(get("/oauth/abc"))
-				.andExpect(status().isForbidden());
-		this.mvc.perform(get("/api/abc"))
-				.andExpect(status().isForbidden());
+		this.mvc.perform(get("/oauth/abc")).andExpect(status().isForbidden());
+		this.mvc.perform(get("/api/abc")).andExpect(status().isForbidden());
 	}
 
 	@EnableWebSecurity
@@ -103,5 +100,7 @@ public class RequestMatcherConfigurerTests {
 				);
 			// @formatter:on
 		}
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SecurityContextConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SecurityContextConfigurerTests.java
index 6d2b21c65e..1c40d63e70 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SecurityContextConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SecurityContextConfigurerTests.java
@@ -52,6 +52,7 @@ import static org.springframework.test.web.servlet.request.MockMvcRequestBuilder
  * @author Eleftheria Stein
  */
 public class SecurityContextConfigurerTests {
+
 	@Rule
 	public final SpringTestRule spring = new SpringTestRule();
 
@@ -62,12 +63,12 @@ public class SecurityContextConfigurerTests {
 	public void configureWhenRegisteringObjectPostProcessorThenInvokedOnSecurityContextPersistenceFilter() {
 		this.spring.register(ObjectPostProcessorConfig.class).autowire();
 
-		verify(ObjectPostProcessorConfig.objectPostProcessor)
-				.postProcess(any(SecurityContextPersistenceFilter.class));
+		verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(SecurityContextPersistenceFilter.class));
 	}
 
 	@EnableWebSecurity
 	static class ObjectPostProcessorConfig extends WebSecurityConfigurerAdapter {
+
 		static ObjectPostProcessor<Object> objectPostProcessor = spy(ReflectingObjectPostProcessor.class);
 
 		@Override
@@ -82,13 +83,16 @@ public class SecurityContextConfigurerTests {
 		static ObjectPostProcessor<Object> objectPostProcessor() {
 			return objectPostProcessor;
 		}
+
 	}
 
 	static class ReflectingObjectPostProcessor implements ObjectPostProcessor<Object> {
+
 		@Override
 		public <O> O postProcess(O object) {
 			return object;
 		}
+
 	}
 
 	@Test
@@ -98,12 +102,12 @@ public class SecurityContextConfigurerTests {
 
 		this.mvc.perform(get("/"));
 
-		verify(DuplicateDoesNotOverrideConfig.SCR)
-				.loadContext(any(HttpRequestResponseHolder.class));
+		verify(DuplicateDoesNotOverrideConfig.SCR).loadContext(any(HttpRequestResponseHolder.class));
 	}
 
 	@EnableWebSecurity
 	static class DuplicateDoesNotOverrideConfig extends WebSecurityConfigurerAdapter {
+
 		static SecurityContextRepository SCR = mock(SecurityContextRepository.class);
 
 		@Override
@@ -116,9 +120,10 @@ public class SecurityContextConfigurerTests {
 				.securityContext();
 			// @formatter:on
 		}
+
 	}
 
-	//SEC-2932
+	// SEC-2932
 	@Test
 	public void securityContextWhenSecurityContextRepositoryNotConfiguredThenDoesNotThrowException() throws Exception {
 		this.spring.register(SecurityContextRepositoryDefaultsSecurityContextRepositoryConfig.class).autowire();
@@ -129,6 +134,7 @@ public class SecurityContextConfigurerTests {
 	@Configuration
 	@EnableWebSecurity
 	static class SecurityContextRepositoryDefaultsSecurityContextRepositoryConfig extends WebSecurityConfigurerAdapter {
+
 		SecurityContextRepositoryDefaultsSecurityContextRepositoryConfig() {
 			super(true);
 		}
@@ -157,6 +163,7 @@ public class SecurityContextConfigurerTests {
 				.withUser("user").password("password").roles("USER");
 			// @formatter:on
 		}
+
 	}
 
 	@Test
@@ -170,6 +177,7 @@ public class SecurityContextConfigurerTests {
 
 	@EnableWebSecurity
 	static class SecurityContextWithDefaultsInLambdaConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -187,6 +195,7 @@ public class SecurityContextConfigurerTests {
 					.withUser(PasswordEncodedUser.user());
 			// @formatter:on
 		}
+
 	}
 
 	@Test
@@ -200,6 +209,7 @@ public class SecurityContextConfigurerTests {
 
 	@EnableWebSecurity
 	static class SecurityContextDisabledInLambdaConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -217,6 +227,7 @@ public class SecurityContextConfigurerTests {
 					.withUser(PasswordEncodedUser.user());
 			// @formatter:on
 		}
+
 	}
 
 	@Test
@@ -230,6 +241,7 @@ public class SecurityContextConfigurerTests {
 
 	@EnableWebSecurity
 	static class NullSecurityContextRepositoryInLambdaConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -250,5 +262,7 @@ public class SecurityContextConfigurerTests {
 					.withUser(PasswordEncodedUser.user());
 			// @formatter:on
 		}
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ServletApiConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ServletApiConfigurerTests.java
index 7a9e5b1f94..17ac88b691 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ServletApiConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ServletApiConfigurerTests.java
@@ -77,6 +77,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
  * @author Onur Kagan Ozcan
  */
 public class ServletApiConfigurerTests {
+
 	@Rule
 	public final SpringTestRule spring = new SpringTestRule();
 
@@ -93,6 +94,7 @@ public class ServletApiConfigurerTests {
 
 	@EnableWebSecurity
 	static class ObjectPostProcessorConfig extends WebSecurityConfigurerAdapter {
+
 		static ObjectPostProcessor<Object> objectPostProcessor = spy(ReflectingObjectPostProcessor.class);
 
 		@Override
@@ -107,13 +109,16 @@ public class ServletApiConfigurerTests {
 		static ObjectPostProcessor<Object> objectPostProcessor() {
 			return objectPostProcessor;
 		}
+
 	}
 
 	static class ReflectingObjectPostProcessor implements ObjectPostProcessor<Object> {
+
 		@Override
 		public <O> O postProcess(O object) {
 			return object;
 		}
+
 	}
 
 	// SEC-2215
@@ -128,8 +133,7 @@ public class ServletApiConfigurerTests {
 	public void configureWhenUsingDefaultsThenAuthenticationEntryPointIsLogin() throws Exception {
 		this.spring.register(ServletApiConfig.class).autowire();
 
-		this.mvc.perform(formLogin())
-				.andExpect(status().isFound());
+		this.mvc.perform(formLogin()).andExpect(status().isFound());
 	}
 
 	// SEC-2926
@@ -137,13 +141,14 @@ public class ServletApiConfigurerTests {
 	public void configureWhenUsingDefaultsThenRolePrefixIsSet() throws Exception {
 		this.spring.register(ServletApiConfig.class, AdminController.class).autowire();
 
-		this.mvc.perform(get("/admin")
-				.with(authentication(new TestingAuthenticationToken("user", "pass", "ROLE_ADMIN"))))
+		this.mvc.perform(
+				get("/admin").with(authentication(new TestingAuthenticationToken("user", "pass", "ROLE_ADMIN"))))
 				.andExpect(status().isOk());
 	}
 
 	@EnableWebSecurity
 	static class ServletApiConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
 			// @formatter:off
@@ -157,6 +162,7 @@ public class ServletApiConfigurerTests {
 		public AuthenticationManager customAuthenticationManager() throws Exception {
 			return super.authenticationManagerBean();
 		}
+
 	}
 
 	@Test
@@ -165,13 +171,13 @@ public class ServletApiConfigurerTests {
 
 		this.mvc.perform(get("/"));
 
-		verify(CustomEntryPointConfig.ENTRYPOINT)
-				.commence(any(HttpServletRequest.class),
-						any(HttpServletResponse.class), any(AuthenticationException.class));
+		verify(CustomEntryPointConfig.ENTRYPOINT).commence(any(HttpServletRequest.class),
+				any(HttpServletResponse.class), any(AuthenticationException.class));
 	}
 
 	@EnableWebSecurity
 	static class CustomEntryPointConfig extends WebSecurityConfigurerAdapter {
+
 		static AuthenticationEntryPoint ENTRYPOINT = spy(AuthenticationEntryPoint.class);
 
 		@Override
@@ -196,23 +202,24 @@ public class ServletApiConfigurerTests {
 					.withUser("user").password("password").roles("USER");
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void servletApiWhenInvokedTwiceThenUsesOriginalRole() throws Exception {
 		this.spring.register(DuplicateInvocationsDoesNotOverrideConfig.class, AdminController.class).autowire();
 
-		this.mvc.perform(get("/admin")
-				.with(user("user").authorities(AuthorityUtils.createAuthorityList("PERMISSION_ADMIN"))))
+		this.mvc.perform(
+				get("/admin").with(user("user").authorities(AuthorityUtils.createAuthorityList("PERMISSION_ADMIN"))))
 				.andExpect(status().isOk());
 
-		this.mvc.perform(get("/admin")
-				.with(user("user").authorities(AuthorityUtils.createAuthorityList("ROLE_ADMIN"))))
+		this.mvc.perform(get("/admin").with(user("user").authorities(AuthorityUtils.createAuthorityList("ROLE_ADMIN"))))
 				.andExpect(status().isForbidden());
 	}
 
 	@EnableWebSecurity
 	static class DuplicateInvocationsDoesNotOverrideConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -223,6 +230,7 @@ public class ServletApiConfigurerTests {
 				.servletApi();
 			// @formatter:on
 		}
+
 	}
 
 	@Test
@@ -236,6 +244,7 @@ public class ServletApiConfigurerTests {
 
 	@EnableWebSecurity
 	static class SharedTrustResolverConfig extends WebSecurityConfigurerAdapter {
+
 		static AuthenticationTrustResolver TR = spy(AuthenticationTrustResolver.class);
 
 		@Override
@@ -245,19 +254,20 @@ public class ServletApiConfigurerTests {
 				.setSharedObject(AuthenticationTrustResolver.class, TR);
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void requestWhenServletApiWithDefaultsInLambdaThenUsesDefaultRolePrefix() throws Exception {
 		this.spring.register(ServletApiWithDefaultsInLambdaConfig.class, AdminController.class).autowire();
 
-		this.mvc.perform(get("/admin")
-				.with(user("user").authorities(AuthorityUtils.createAuthorityList("ROLE_ADMIN"))))
+		this.mvc.perform(get("/admin").with(user("user").authorities(AuthorityUtils.createAuthorityList("ROLE_ADMIN"))))
 				.andExpect(status().isOk());
 	}
 
 	@EnableWebSecurity
 	static class ServletApiWithDefaultsInLambdaConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -265,23 +275,24 @@ public class ServletApiConfigurerTests {
 				.servletApi(withDefaults());
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void requestWhenRolePrefixInLambdaThenUsesCustomRolePrefix() throws Exception {
 		this.spring.register(RolePrefixInLambdaConfig.class, AdminController.class).autowire();
 
-		this.mvc.perform(get("/admin")
-				.with(user("user").authorities(AuthorityUtils.createAuthorityList("PERMISSION_ADMIN"))))
+		this.mvc.perform(
+				get("/admin").with(user("user").authorities(AuthorityUtils.createAuthorityList("PERMISSION_ADMIN"))))
 				.andExpect(status().isOk());
 
-		this.mvc.perform(get("/admin")
-				.with(user("user").authorities(AuthorityUtils.createAuthorityList("ROLE_ADMIN"))))
+		this.mvc.perform(get("/admin").with(user("user").authorities(AuthorityUtils.createAuthorityList("ROLE_ADMIN"))))
 				.andExpect(status().isForbidden());
 	}
 
 	@EnableWebSecurity
 	static class RolePrefixInLambdaConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -292,16 +303,19 @@ public class ServletApiConfigurerTests {
 				);
 			// @formatter:on
 		}
+
 	}
 
 	@RestController
 	static class AdminController {
+
 		@GetMapping("/admin")
 		public void admin(HttpServletRequest request) {
 			if (!request.isUserInRole("ADMIN")) {
 				throw new AccessDeniedException("This resource is only available to admins");
 			}
 		}
+
 	}
 
 	@Test
@@ -325,6 +339,7 @@ public class ServletApiConfigurerTests {
 
 	@EnableWebSecurity
 	static class ServletApiWithLogoutConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -333,22 +348,21 @@ public class ServletApiConfigurerTests {
 				.logout();
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void logoutServletApiWhenCsrfDisabled() throws Exception {
 		ConfigurableWebApplicationContext context = this.spring.register(CsrfDisabledConfig.class).getContext();
-		MockMvc mockMvc = MockMvcBuilders.webAppContextSetup(context)
-				.apply(springSecurity())
-				.build();
-		MvcResult mvcResult = mockMvc.perform(get("/"))
-				.andReturn();
+		MockMvc mockMvc = MockMvcBuilders.webAppContextSetup(context).apply(springSecurity()).build();
+		MvcResult mvcResult = mockMvc.perform(get("/")).andReturn();
 		assertThat(mvcResult.getRequest().getSession(false)).isNull();
 	}
 
 	@Configuration
 	@EnableWebSecurity
 	static class CsrfDisabledConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -359,20 +373,20 @@ public class ServletApiConfigurerTests {
 
 		@RestController
 		static class LogoutController {
+
 			@GetMapping("/")
 			String logout(HttpServletRequest request) throws ServletException {
 				request.getSession().setAttribute("foo", "bar");
 				request.logout();
 				return "logout";
 			}
+
 		}
+
 	}
 
 	private <T extends Filter> T getFilter(Class<T> filterClass) {
-		return (T) getFilters().stream()
-				.filter(filterClass::isInstance)
-				.findFirst()
-				.orElse(null);
+		return (T) getFilters().stream().filter(filterClass::isInstance).findFirst().orElse(null);
 	}
 
 	private List<Filter> getFilters() {
@@ -383,7 +397,8 @@ public class ServletApiConfigurerTests {
 	private <T> T getFieldValue(Object target, String fieldName) {
 		try {
 			return (T) FieldUtils.getFieldValue(target, fieldName);
-		} catch (Exception e) {
+		}
+		catch (Exception e) {
 			throw new RuntimeException(e);
 		}
 	}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerServlet31Tests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerServlet31Tests.java
index cd8d78f5bf..78ff856f7a 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerServlet31Tests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerServlet31Tests.java
@@ -46,17 +46,19 @@ import org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository;
 import static org.assertj.core.api.AssertionsForInterfaceTypes.assertThat;
 
 /**
- *
  * @author Rob Winch
  */
 @RunWith(PowerMockRunner.class)
 @PowerMockIgnore({ "org.w3c.dom.*", "org.xml.sax.*", "org.apache.xerces.*", "javax.xml.parsers.*" })
 public class SessionManagementConfigurerServlet31Tests {
+
 	@Mock
 	Method method;
 
 	MockHttpServletRequest request;
+
 	MockHttpServletResponse response;
+
 	MockFilterChain chain;
 
 	ConfigurableApplicationContext context;
@@ -80,7 +82,7 @@ public class SessionManagementConfigurerServlet31Tests {
 	@Test
 	public void changeSessionIdThenPreserveParameters() throws Exception {
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", "");
-		String id =  request.getSession().getId();
+		String id = request.getSession().getId();
 		request.getSession();
 		request.setServletPath("/login");
 		request.setMethod("POST");
@@ -101,8 +103,8 @@ public class SessionManagementConfigurerServlet31Tests {
 	}
 
 	@EnableWebSecurity
-	static class SessionManagementDefaultSessionFixationServlet31Config extends
-			WebSecurityConfigurerAdapter {
+	static class SessionManagementDefaultSessionFixationServlet31Config extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -121,6 +123,7 @@ public class SessionManagementConfigurerServlet31Tests {
 					.withUser(PasswordEncodedUser.user());
 			// @formatter:on
 		}
+
 	}
 
 	private void loadConfig(Class<?>... classes) {
@@ -128,19 +131,17 @@ public class SessionManagementConfigurerServlet31Tests {
 		context.register(classes);
 		context.refresh();
 		this.context = context;
-		this.springSecurityFilterChain = this.context.getBean(
-				"springSecurityFilterChain", Filter.class);
+		this.springSecurityFilterChain = this.context.getBean("springSecurityFilterChain", Filter.class);
 	}
 
 	private void login(Authentication auth) {
 		HttpSessionSecurityContextRepository repo = new HttpSessionSecurityContextRepository();
-		HttpRequestResponseHolder requestResponseHolder = new HttpRequestResponseHolder(
-				request, response);
+		HttpRequestResponseHolder requestResponseHolder = new HttpRequestResponseHolder(request, response);
 		repo.loadContext(requestResponseHolder);
 
 		SecurityContextImpl securityContextImpl = new SecurityContextImpl();
 		securityContextImpl.setAuthentication(auth);
-		repo.saveContext(securityContextImpl, requestResponseHolder.getRequest(),
-				requestResponseHolder.getResponse());
+		repo.saveContext(securityContextImpl, requestResponseHolder.getRequest(), requestResponseHolder.getResponse());
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerSessionAuthenticationStrategyTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerSessionAuthenticationStrategyTests.java
index eb8f2d0e02..061505129b 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerSessionAuthenticationStrategyTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerSessionAuthenticationStrategyTests.java
@@ -52,13 +52,15 @@ public class SessionManagementConfigurerSessionAuthenticationStrategyTests {
 	public void requestWhenCustomSessionAuthenticationStrategyProvidedThenCalled() throws Exception {
 		this.spring.register(CustomSessionAuthenticationStrategyConfig.class).autowire();
 		this.mvc.perform(formLogin().user("user").password("password"));
-		verify(CustomSessionAuthenticationStrategyConfig.customSessionAuthenticationStrategy)
-				.onAuthentication(any(Authentication.class), any(HttpServletRequest.class), any(HttpServletResponse.class));
+		verify(CustomSessionAuthenticationStrategyConfig.customSessionAuthenticationStrategy).onAuthentication(
+				any(Authentication.class), any(HttpServletRequest.class), any(HttpServletResponse.class));
 	}
 
 	@EnableWebSecurity
 	static class CustomSessionAuthenticationStrategyConfig extends WebSecurityConfigurerAdapter {
-		static SessionAuthenticationStrategy customSessionAuthenticationStrategy = mock(SessionAuthenticationStrategy.class);
+
+		static SessionAuthenticationStrategy customSessionAuthenticationStrategy = mock(
+				SessionAuthenticationStrategy.class);
 
 		@Override
 		public void configure(HttpSecurity http) throws Exception {
@@ -79,5 +81,7 @@ public class SessionManagementConfigurerSessionAuthenticationStrategyTests {
 					.withUser(PasswordEncodedUser.user());
 			// @formatter:on
 		}
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerSessionCreationPolicyTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerSessionCreationPolicyTests.java
index c3412a840a..6cf6576b1b 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerSessionCreationPolicyTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerSessionCreationPolicyTests.java
@@ -38,6 +38,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
  * @author Josh Cummings
  */
 public class SessionManagementConfigurerSessionCreationPolicyTests {
+
 	@Autowired
 	MockMvc mvc;
 
@@ -45,8 +46,7 @@ public class SessionManagementConfigurerSessionCreationPolicyTests {
 	public final SpringTestRule spring = new SpringTestRule();
 
 	@Test
-	public void getWhenSharedObjectSessionCreationPolicyConfigurationThenOverrides()
-			throws Exception {
+	public void getWhenSharedObjectSessionCreationPolicyConfigurationThenOverrides() throws Exception {
 
 		this.spring.register(StatelessCreateSessionSharedObjectConfig.class).autowire();
 
@@ -57,16 +57,17 @@ public class SessionManagementConfigurerSessionCreationPolicyTests {
 
 	@EnableWebSecurity
 	static class StatelessCreateSessionSharedObjectConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			super.configure(http);
 			http.setSharedObject(SessionCreationPolicy.class, SessionCreationPolicy.STATELESS);
 		}
+
 	}
 
 	@Test
-	public void getWhenUserSessionCreationPolicyConfigurationThenOverrides()
-			throws Exception {
+	public void getWhenUserSessionCreationPolicyConfigurationThenOverrides() throws Exception {
 
 		this.spring.register(StatelessCreateSessionUserConfig.class).autowire();
 
@@ -77,6 +78,7 @@ public class SessionManagementConfigurerSessionCreationPolicyTests {
 
 	@EnableWebSecurity
 	static class StatelessCreateSessionUserConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			super.configure(http);
@@ -87,31 +89,32 @@ public class SessionManagementConfigurerSessionCreationPolicyTests {
 
 			http.setSharedObject(SessionCreationPolicy.class, SessionCreationPolicy.ALWAYS);
 		}
+
 	}
 
 	@Test
-	public void getWhenDefaultsThenLoginChallengeCreatesSession()
-			throws Exception {
+	public void getWhenDefaultsThenLoginChallengeCreatesSession() throws Exception {
 
 		this.spring.register(DefaultConfig.class, BasicController.class).autowire();
 
-		MvcResult result =
-				this.mvc.perform(get("/"))
-						.andExpect(status().isUnauthorized())
-						.andReturn();
+		MvcResult result = this.mvc.perform(get("/")).andExpect(status().isUnauthorized()).andReturn();
 
 		assertThat(result.getRequest().getSession(false)).isNotNull();
 	}
 
 	@EnableWebSecurity
 	static class DefaultConfig extends WebSecurityConfigurerAdapter {
+
 	}
 
 	@RestController
 	static class BasicController {
+
 		@GetMapping("/")
 		public String root() {
 			return "ok";
 		}
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTests.java
index b1104f58d3..f7521d3d5f 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTests.java
@@ -85,12 +85,13 @@ public class SessionManagementConfigurerTests {
 
 		this.mvc.perform(get("/"));
 
-		verify(SessionManagementRequestCacheConfig.REQUEST_CACHE)
-				.getMatchingRequest(any(HttpServletRequest.class), any(HttpServletResponse.class));
+		verify(SessionManagementRequestCacheConfig.REQUEST_CACHE).getMatchingRequest(any(HttpServletRequest.class),
+				any(HttpServletResponse.class));
 	}
 
 	@EnableWebSecurity
 	static class SessionManagementRequestCacheConfig extends WebSecurityConfigurerAdapter {
+
 		static RequestCache REQUEST_CACHE;
 
 		@Override
@@ -104,25 +105,25 @@ public class SessionManagementConfigurerTests {
 					.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void sessionManagementWhenConfiguredThenDoesNotOverrideSecurityContextRepository() throws Exception {
 		SessionManagementSecurityContextRepositoryConfig.SECURITY_CONTEXT_REPO = mock(SecurityContextRepository.class);
-		when(SessionManagementSecurityContextRepositoryConfig.SECURITY_CONTEXT_REPO.loadContext(any(HttpRequestResponseHolder.class)))
-				.thenReturn(mock(SecurityContext.class));
+		when(SessionManagementSecurityContextRepositoryConfig.SECURITY_CONTEXT_REPO
+				.loadContext(any(HttpRequestResponseHolder.class))).thenReturn(mock(SecurityContext.class));
 		this.spring.register(SessionManagementSecurityContextRepositoryConfig.class).autowire();
 
 		this.mvc.perform(get("/"));
 
-		verify(SessionManagementSecurityContextRepositoryConfig.SECURITY_CONTEXT_REPO).saveContext(
-				any(SecurityContext.class),
-				any(HttpServletRequest.class),
-				any(HttpServletResponse.class));
+		verify(SessionManagementSecurityContextRepositoryConfig.SECURITY_CONTEXT_REPO)
+				.saveContext(any(SecurityContext.class), any(HttpServletRequest.class), any(HttpServletResponse.class));
 	}
 
 	@EnableWebSecurity
 	static class SessionManagementSecurityContextRepositoryConfig extends WebSecurityConfigurerAdapter {
+
 		static SecurityContextRepository SECURITY_CONTEXT_REPO;
 
 		@Override
@@ -136,14 +137,14 @@ public class SessionManagementConfigurerTests {
 					.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void sessionManagementWhenInvokedTwiceThenUsesOriginalSessionCreationPolicy() throws Exception {
 		this.spring.register(InvokeTwiceDoesNotOverride.class).autowire();
 
-		MvcResult mvcResult = this.mvc.perform(get("/"))
-				.andReturn();
+		MvcResult mvcResult = this.mvc.perform(get("/")).andReturn();
 		HttpSession session = mvcResult.getRequest().getSession(false);
 
 		assertThat(session).isNull();
@@ -151,6 +152,7 @@ public class SessionManagementConfigurerTests {
 
 	@EnableWebSecurity
 	static class InvokeTwiceDoesNotOverride extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -161,6 +163,7 @@ public class SessionManagementConfigurerTests {
 				.sessionManagement();
 			// @formatter:on
 		}
+
 	}
 
 	// SEC-2137
@@ -171,17 +174,15 @@ public class SessionManagementConfigurerTests {
 		MockHttpSession session = new MockHttpSession();
 		String sessionId = session.getId();
 
-		MvcResult mvcResult = this.mvc.perform(get("/")
-				.with(httpBasic("user", "password"))
-				.session(session))
-				.andExpect(status().isNotFound())
-				.andReturn();
+		MvcResult mvcResult = this.mvc.perform(get("/").with(httpBasic("user", "password")).session(session))
+				.andExpect(status().isNotFound()).andReturn();
 
 		assertThat(mvcResult.getRequest().getSession().getId()).isEqualTo(sessionId);
 	}
 
 	@EnableWebSecurity
 	static class DisableSessionFixationEnableConcurrencyControlConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		public void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -202,6 +203,7 @@ public class SessionManagementConfigurerTests {
 					.withUser(PasswordEncodedUser.user());
 			// @formatter:on
 		}
+
 	}
 
 	@Test
@@ -212,12 +214,9 @@ public class SessionManagementConfigurerTests {
 		String givenSessionId = givenSession.getId();
 		givenSession.setAttribute("name", "value");
 
-		MockHttpSession resultingSession = (MockHttpSession)
-				this.mvc.perform(get("/auth")
-						.session(givenSession)
-						.with(httpBasic("user", "password")))
-						.andExpect(status().isNotFound())
-						.andReturn().getRequest().getSession(false);
+		MockHttpSession resultingSession = (MockHttpSession) this.mvc
+				.perform(get("/auth").session(givenSession).with(httpBasic("user", "password")))
+				.andExpect(status().isNotFound()).andReturn().getRequest().getSession(false);
 
 		assertThat(givenSessionId).isNotEqualTo(resultingSession.getId());
 		assertThat(resultingSession.getAttribute("name")).isNull();
@@ -225,6 +224,7 @@ public class SessionManagementConfigurerTests {
 
 	@EnableWebSecurity
 	static class SFPNewSessionInLambdaConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -247,47 +247,36 @@ public class SessionManagementConfigurerTests {
 					.withUser(PasswordEncodedUser.user());
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void loginWhenUserLoggedInAndMaxSessionsIsOneThenLoginPrevented() throws Exception {
 		this.spring.register(ConcurrencyControlConfig.class).autowire();
 
-		this.mvc.perform(post("/login")
-				.with(csrf())
-				.param("username", "user")
-				.param("password", "password"));
+		this.mvc.perform(post("/login").with(csrf()).param("username", "user").param("password", "password"));
 
-		this.mvc.perform(post("/login")
-				.with(csrf())
-				.param("username", "user")
-				.param("password", "password"))
-				.andExpect(status().isFound())
-				.andExpect(redirectedUrl("/login?error"));
+		this.mvc.perform(post("/login").with(csrf()).param("username", "user").param("password", "password"))
+				.andExpect(status().isFound()).andExpect(redirectedUrl("/login?error"));
 	}
 
 	@Test
 	public void loginWhenUserSessionExpiredAndMaxSessionsIsOneThenLoggedIn() throws Exception {
 		this.spring.register(ConcurrencyControlConfig.class).autowire();
 
-		MvcResult mvcResult = this.mvc.perform(post("/login")
-				.with(csrf())
-				.param("username", "user")
-				.param("password", "password"))
+		MvcResult mvcResult = this.mvc
+				.perform(post("/login").with(csrf()).param("username", "user").param("password", "password"))
 				.andReturn();
 		HttpSession authenticatedSession = mvcResult.getRequest().getSession();
 		this.spring.getContext().publishEvent(new HttpSessionDestroyedEvent(authenticatedSession));
 
-		this.mvc.perform(post("/login")
-				.with(csrf())
-				.param("username", "user")
-				.param("password", "password"))
-				.andExpect(status().isFound())
-				.andExpect(redirectedUrl("/"));
+		this.mvc.perform(post("/login").with(csrf()).param("username", "user").param("password", "password"))
+				.andExpect(status().isFound()).andExpect(redirectedUrl("/"));
 	}
 
 	@EnableWebSecurity
 	static class ConcurrencyControlConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		public void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -308,27 +297,22 @@ public class SessionManagementConfigurerTests {
 					.withUser(PasswordEncodedUser.user());
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void loginWhenUserLoggedInAndMaxSessionsOneInLambdaThenLoginPrevented() throws Exception {
 		this.spring.register(ConcurrencyControlInLambdaConfig.class).autowire();
 
-		this.mvc.perform(post("/login")
-				.with(csrf())
-				.param("username", "user")
-				.param("password", "password"));
+		this.mvc.perform(post("/login").with(csrf()).param("username", "user").param("password", "password"));
 
-		this.mvc.perform(post("/login")
-				.with(csrf())
-				.param("username", "user")
-				.param("password", "password"))
-				.andExpect(status().isFound())
-				.andExpect(redirectedUrl("/login?error"));
+		this.mvc.perform(post("/login").with(csrf()).param("username", "user").param("password", "password"))
+				.andExpect(status().isFound()).andExpect(redirectedUrl("/login?error"));
 	}
 
 	@EnableWebSecurity
 	static class ConcurrencyControlInLambdaConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		public void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -353,14 +337,14 @@ public class SessionManagementConfigurerTests {
 					.withUser(PasswordEncodedUser.user());
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void requestWhenSessionCreationPolicyStateLessInLambdaThenNoSessionCreated() throws Exception {
 		this.spring.register(SessionCreationPolicyStateLessInLambdaConfig.class).autowire();
 
-		MvcResult mvcResult = this.mvc.perform(get("/"))
-				.andReturn();
+		MvcResult mvcResult = this.mvc.perform(get("/")).andReturn();
 		HttpSession session = mvcResult.getRequest().getSession(false);
 
 		assertThat(session).isNull();
@@ -368,6 +352,7 @@ public class SessionManagementConfigurerTests {
 
 	@EnableWebSecurity
 	static class SessionCreationPolicyStateLessInLambdaConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -378,6 +363,7 @@ public class SessionManagementConfigurerTests {
 				);
 			// @formatter:on
 		}
+
 	}
 
 	@Test
@@ -385,8 +371,7 @@ public class SessionManagementConfigurerTests {
 		ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class);
 		this.spring.register(ObjectPostProcessorConfig.class).autowire();
 
-		verify(ObjectPostProcessorConfig.objectPostProcessor)
-				.postProcess(any(SessionManagementFilter.class));
+		verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(SessionManagementFilter.class));
 	}
 
 	@Test
@@ -394,8 +379,7 @@ public class SessionManagementConfigurerTests {
 		ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class);
 		this.spring.register(ObjectPostProcessorConfig.class).autowire();
 
-		verify(ObjectPostProcessorConfig.objectPostProcessor)
-				.postProcess(any(ConcurrentSessionFilter.class));
+		verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(ConcurrentSessionFilter.class));
 	}
 
 	@Test
@@ -436,6 +420,7 @@ public class SessionManagementConfigurerTests {
 
 	@EnableWebSecurity
 	static class ObjectPostProcessorConfig extends WebSecurityConfigurerAdapter {
+
 		static ObjectPostProcessor<Object> objectPostProcessor;
 
 		@Override
@@ -451,13 +436,16 @@ public class SessionManagementConfigurerTests {
 		static ObjectPostProcessor<Object> objectPostProcessor() {
 			return objectPostProcessor;
 		}
+
 	}
 
 	static class ReflectingObjectPostProcessor implements ObjectPostProcessor<Object> {
+
 		@Override
 		public <O> O postProcess(O object) {
 			return object;
 		}
+
 	}
 
 	@Test
@@ -467,14 +455,14 @@ public class SessionManagementConfigurerTests {
 		when(SharedTrustResolverConfig.TR.isAnonymous(any())).thenReturn(false);
 		this.spring.register(SharedTrustResolverConfig.class).autowire();
 
-		MvcResult mvcResult = this.mvc.perform(get("/"))
-				.andReturn();
+		MvcResult mvcResult = this.mvc.perform(get("/")).andReturn();
 
 		assertThat(mvcResult.getRequest().getSession(false)).isNotNull();
 	}
 
 	@EnableWebSecurity
 	static class SharedTrustResolverConfig extends WebSecurityConfigurerAdapter {
+
 		static AuthenticationTrustResolver TR;
 
 		@Override
@@ -484,6 +472,7 @@ public class SessionManagementConfigurerTests {
 				.setSharedObject(AuthenticationTrustResolver.class, TR);
 			// @formatter:on
 		}
+
 	}
 
 	@Test
@@ -494,8 +483,7 @@ public class SessionManagementConfigurerTests {
 		MockHttpSession session = new MockHttpSession(this.spring.getContext().getServletContext());
 		this.mvc.perform(get("/").session(session));
 
-		verify(SessionRegistryOneBeanConfig.SESSION_REGISTRY)
-				.getSessionInformation(session.getId());
+		verify(SessionRegistryOneBeanConfig.SESSION_REGISTRY).getSessionInformation(session.getId());
 	}
 
 	@Test
@@ -513,6 +501,7 @@ public class SessionManagementConfigurerTests {
 
 	@EnableWebSecurity
 	static class SessionRegistryOneBeanConfig extends WebSecurityConfigurerAdapter {
+
 		private static SessionRegistry SESSION_REGISTRY;
 
 		@Override
@@ -528,10 +517,12 @@ public class SessionManagementConfigurerTests {
 		public SessionRegistry sessionRegistry() {
 			return SESSION_REGISTRY;
 		}
+
 	}
 
 	@EnableWebSecurity
 	static class SessionRegistryTwoBeansConfig extends WebSecurityConfigurerAdapter {
+
 		private static SessionRegistry SESSION_REGISTRY_ONE;
 
 		private static SessionRegistry SESSION_REGISTRY_TWO;
@@ -554,5 +545,7 @@ public class SessionManagementConfigurerTests {
 		public SessionRegistry sessionRegistryTwo() {
 			return SESSION_REGISTRY_TWO;
 		}
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTransientAuthenticationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTransientAuthenticationTests.java
index b8f99f009c..4eb2626430 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTransientAuthenticationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTransientAuthenticationTests.java
@@ -48,8 +48,7 @@ public class SessionManagementConfigurerTransientAuthenticationTests {
 	public final SpringTestRule spring = new SpringTestRule();
 
 	@Test
-	public void postWhenTransientAuthenticationThenNoSessionCreated()
-			throws Exception {
+	public void postWhenTransientAuthenticationThenNoSessionCreated() throws Exception {
 
 		this.spring.register(WithTransientAuthenticationConfig.class).autowire();
 		MvcResult result = this.mvc.perform(post("/login")).andReturn();
@@ -57,8 +56,7 @@ public class SessionManagementConfigurerTransientAuthenticationTests {
 	}
 
 	@Test
-	public void postWhenTransientAuthenticationThenAlwaysSessionOverrides()
-			throws Exception {
+	public void postWhenTransientAuthenticationThenAlwaysSessionOverrides() throws Exception {
 
 		this.spring.register(AlwaysCreateSessionConfig.class).autowire();
 		MvcResult result = this.mvc.perform(post("/login")).andReturn();
@@ -67,6 +65,7 @@ public class SessionManagementConfigurerTransientAuthenticationTests {
 
 	@EnableWebSecurity
 	static class WithTransientAuthenticationConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			super.configure(http);
@@ -83,10 +82,12 @@ public class SessionManagementConfigurerTransientAuthenticationTests {
 				.authenticationProvider(new TransientAuthenticationProvider());
 			// @formatter:on
 		}
+
 	}
 
 	@EnableWebSecurity
 	static class AlwaysCreateSessionConfig extends WithTransientAuthenticationConfig {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -94,6 +95,7 @@ public class SessionManagementConfigurerTransientAuthenticationTests {
 				.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.ALWAYS);
 			// @formatter:on
 		}
+
 	}
 
 	static class TransientAuthenticationProvider implements AuthenticationProvider {
@@ -107,10 +109,12 @@ public class SessionManagementConfigurerTransientAuthenticationTests {
 		public boolean supports(Class<?> authentication) {
 			return true;
 		}
+
 	}
 
 	@Transient
 	static class SomeTransientAuthentication extends AbstractAuthenticationToken {
+
 		SomeTransientAuthentication() {
 			super(null);
 		}
@@ -124,5 +128,7 @@ public class SessionManagementConfigurerTransientAuthenticationTests {
 		public Object getPrincipal() {
 			return null;
 		}
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationConfigurerTests.java
index 9b86829ebc..e0ba32d1aa 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationConfigurerTests.java
@@ -47,10 +47,13 @@ import static org.assertj.core.api.Assertions.assertThat;
  *
  */
 public class UrlAuthorizationConfigurerTests {
+
 	AnnotationConfigWebApplicationContext context;
 
 	MockHttpServletRequest request;
+
 	MockHttpServletResponse response;
+
 	MockFilterChain chain;
 
 	@Autowired
@@ -78,30 +81,28 @@ public class UrlAuthorizationConfigurerTests {
 		this.request.setRequestURI("/path");
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
 
-		assertThat(this.response.getStatus())
-				.isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
+		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
 
 		setup();
 
 		this.request.setRequestURI("/path.html");
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
 
-		assertThat(this.response.getStatus())
-				.isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
+		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
 
 		setup();
 
 		this.request.setServletPath("/path/");
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
 
-		assertThat(this.response.getStatus())
-				.isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
+		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
 	}
 
 	@EnableWebSecurity
 	@Configuration
 	@EnableWebMvc
 	static class MvcMatcherConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -122,11 +123,14 @@ public class UrlAuthorizationConfigurerTests {
 
 		@RestController
 		static class PathController {
+
 			@RequestMapping("/path")
 			public String path() {
 				return "path";
 			}
+
 		}
+
 	}
 
 	@Test
@@ -137,8 +141,7 @@ public class UrlAuthorizationConfigurerTests {
 		this.request.setRequestURI("/spring/path");
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
 
-		assertThat(this.response.getStatus())
-				.isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
+		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
 
 		setup();
 
@@ -146,8 +149,7 @@ public class UrlAuthorizationConfigurerTests {
 		this.request.setRequestURI("/spring/path.html");
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
 
-		assertThat(this.response.getStatus())
-				.isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
+		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
 
 		setup();
 
@@ -155,8 +157,7 @@ public class UrlAuthorizationConfigurerTests {
 		this.request.setRequestURI("/spring/path/");
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
 
-		assertThat(this.response.getStatus())
-				.isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
+		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
 
 		setup();
 
@@ -179,6 +180,7 @@ public class UrlAuthorizationConfigurerTests {
 	@Configuration
 	@EnableWebMvc
 	static class MvcMatcherServletPathConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -199,11 +201,14 @@ public class UrlAuthorizationConfigurerTests {
 
 		@RestController
 		static class PathController {
+
 			@RequestMapping("/path")
 			public String path() {
 				return "path";
 			}
+
 		}
+
 	}
 
 	@Test
@@ -214,6 +219,7 @@ public class UrlAuthorizationConfigurerTests {
 	@EnableWebSecurity
 	@Configuration
 	static class AnonymousUrlAuthorizationConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		public void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -222,14 +228,17 @@ public class UrlAuthorizationConfigurerTests {
 					.anyRequest().anonymous();
 			// @formatter:on
 		}
+
 	}
 
 	@Configuration
 	static class LegacyMvcMatchingConfig implements WebMvcConfigurer {
+
 		@Override
 		public void configurePathMatch(PathMatchConfigurer configurer) {
 			configurer.setUseSuffixPatternMatch(true);
 		}
+
 	}
 
 	public void loadConfig(Class<?>... configs) {
@@ -240,4 +249,5 @@ public class UrlAuthorizationConfigurerTests {
 
 		this.context.getAutowireCapableBeanFactory().autowireBean(this);
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationsTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationsTests.java
index 4d5b6523d8..df1c22b3a5 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationsTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationsTests.java
@@ -41,7 +41,6 @@ import static org.springframework.test.web.servlet.request.MockMvcRequestBuilder
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
 
 /**
- *
  * @author Rob Winch
  * @author Josh Cummings
  *
@@ -61,12 +60,9 @@ public class UrlAuthorizationsTests {
 	public void hasAnyAuthorityWhenAuthoritySpecifiedThenMatchesAuthority() throws Exception {
 		this.spring.register(RoleConfig.class).autowire();
 
-		this.mvc.perform(get("/role-user-authority"))
-				.andExpect(status().isNotFound());
-		this.mvc.perform(get("/role-user"))
-				.andExpect(status().isNotFound());
-		this.mvc.perform(get("/role-admin-authority"))
-				.andExpect(status().isForbidden());
+		this.mvc.perform(get("/role-user-authority")).andExpect(status().isNotFound());
+		this.mvc.perform(get("/role-user")).andExpect(status().isNotFound());
+		this.mvc.perform(get("/role-admin-authority")).andExpect(status().isForbidden());
 	}
 
 	@Test
@@ -74,12 +70,9 @@ public class UrlAuthorizationsTests {
 	public void hasAnyAuthorityWhenAuthoritiesSpecifiedThenMatchesAuthority() throws Exception {
 		this.spring.register(RoleConfig.class).autowire();
 
-		this.mvc.perform(get("/role-user-admin-authority"))
-				.andExpect(status().isNotFound());
-		this.mvc.perform(get("/role-user-admin"))
-				.andExpect(status().isNotFound());
-		this.mvc.perform(get("/role-user-authority"))
-				.andExpect(status().isForbidden());
+		this.mvc.perform(get("/role-user-admin-authority")).andExpect(status().isNotFound());
+		this.mvc.perform(get("/role-user-admin")).andExpect(status().isNotFound());
+		this.mvc.perform(get("/role-user-authority")).andExpect(status().isForbidden());
 	}
 
 	@Test
@@ -87,10 +80,8 @@ public class UrlAuthorizationsTests {
 	public void hasAnyRoleWhenRoleSpecifiedThenMatchesRole() throws Exception {
 		this.spring.register(RoleConfig.class).autowire();
 
-		this.mvc.perform(get("/role-user"))
-				.andExpect(status().isNotFound());
-		this.mvc.perform(get("/role-admin"))
-				.andExpect(status().isForbidden());
+		this.mvc.perform(get("/role-user")).andExpect(status().isNotFound());
+		this.mvc.perform(get("/role-admin")).andExpect(status().isForbidden());
 	}
 
 	@Test
@@ -98,10 +89,8 @@ public class UrlAuthorizationsTests {
 	public void hasAnyRoleWhenRolesSpecifiedThenMatchesRole() throws Exception {
 		this.spring.register(RoleConfig.class).autowire();
 
-		this.mvc.perform(get("/role-admin-user"))
-				.andExpect(status().isNotFound());
-		this.mvc.perform(get("/role-user"))
-				.andExpect(status().isForbidden());
+		this.mvc.perform(get("/role-admin-user")).andExpect(status().isNotFound());
+		this.mvc.perform(get("/role-user")).andExpect(status().isForbidden());
 	}
 
 	@Test
@@ -109,14 +98,13 @@ public class UrlAuthorizationsTests {
 	public void hasAnyRoleWhenRoleSpecifiedThenDoesNotMatchAuthority() throws Exception {
 		this.spring.register(RoleConfig.class).autowire();
 
-		this.mvc.perform(get("/role-user"))
-				.andExpect(status().isForbidden());
-		this.mvc.perform(get("/role-admin"))
-				.andExpect(status().isForbidden());
+		this.mvc.perform(get("/role-user")).andExpect(status().isForbidden());
+		this.mvc.perform(get("/role-admin")).andExpect(status().isForbidden());
 	}
 
 	@EnableWebSecurity
 	static class RoleConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -130,6 +118,7 @@ public class UrlAuthorizationsTests {
 					.antMatchers("/role-user-admin").hasAnyRole("USER", "ADMIN");
 			// @formatter:on
 		}
+
 	}
 
 	@Test
@@ -138,8 +127,7 @@ public class UrlAuthorizationsTests {
 
 		FilterSecurityInterceptor interceptor = getFilter(FilterSecurityInterceptor.class);
 		assertThat(interceptor).isNotNull();
-		assertThat(interceptor).extracting("accessDecisionManager")
-				.isInstanceOf(AffirmativeBased.class);
+		assertThat(interceptor).extracting("accessDecisionManager").isInstanceOf(AffirmativeBased.class);
 	}
 
 	private <T extends Filter> T getFilter(Class<T> filterType) {
@@ -159,12 +147,12 @@ public class UrlAuthorizationsTests {
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			ApplicationContext context = getApplicationContext();
-			UrlAuthorizationConfigurer<HttpSecurity>.StandardInterceptUrlRegistry registry =
-					http.apply(new UrlAuthorizationConfigurer(context)).getRegistry();
+			UrlAuthorizationConfigurer<HttpSecurity>.StandardInterceptUrlRegistry registry = http
+					.apply(new UrlAuthorizationConfigurer(context)).getRegistry();
 
-			registry
-				.antMatchers("/a").hasRole("ADMIN")
-				.anyRequest().hasRole("USER");
+			registry.antMatchers("/a").hasRole("ADMIN").anyRequest().hasRole("USER");
 		}
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/X509ConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/X509ConfigurerTests.java
index f7c24c0013..ab975fc38b 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/X509ConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/X509ConfigurerTests.java
@@ -61,12 +61,12 @@ public class X509ConfigurerTests {
 	public void configureWhenRegisteringObjectPostProcessorThenInvokedOnX509AuthenticationFilter() {
 		this.spring.register(ObjectPostProcessorConfig.class).autowire();
 
-		verify(ObjectPostProcessorConfig.objectPostProcessor)
-				.postProcess(any(X509AuthenticationFilter.class));
+		verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(X509AuthenticationFilter.class));
 	}
 
 	@EnableWebSecurity
 	static class ObjectPostProcessorConfig extends WebSecurityConfigurerAdapter {
+
 		static ObjectPostProcessor<Object> objectPostProcessor = spy(ReflectingObjectPostProcessor.class);
 
 		@Override
@@ -81,13 +81,16 @@ public class X509ConfigurerTests {
 		static ObjectPostProcessor<Object> objectPostProcessor() {
 			return objectPostProcessor;
 		}
+
 	}
 
 	static class ReflectingObjectPostProcessor implements ObjectPostProcessor<Object> {
+
 		@Override
 		public <O> O postProcess(O object) {
 			return object;
 		}
+
 	}
 
 	@Test
@@ -95,13 +98,12 @@ public class X509ConfigurerTests {
 		this.spring.register(DuplicateDoesNotOverrideConfig.class).autowire();
 		X509Certificate certificate = loadCert("rodatexampledotcom.cer");
 
-		this.mvc.perform(get("/")
-				.with(x509(certificate)))
-				.andExpect(authenticated().withUsername("rod"));
+		this.mvc.perform(get("/").with(x509(certificate))).andExpect(authenticated().withUsername("rod"));
 	}
 
 	@EnableWebSecurity
 	static class DuplicateDoesNotOverrideConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -121,6 +123,7 @@ public class X509ConfigurerTests {
 					.withUser("rod").password("password").roles("USER", "ADMIN");
 			// @formatter:on
 		}
+
 	}
 
 	@Test
@@ -128,13 +131,12 @@ public class X509ConfigurerTests {
 		this.spring.register(DefaultsInLambdaConfig.class).autowire();
 		X509Certificate certificate = loadCert("rod.cer");
 
-		this.mvc.perform(get("/")
-				.with(x509(certificate)))
-				.andExpect(authenticated().withUsername("rod"));
+		this.mvc.perform(get("/").with(x509(certificate))).andExpect(authenticated().withUsername("rod"));
 	}
 
 	@EnableWebSecurity
 	static class DefaultsInLambdaConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -151,6 +153,7 @@ public class X509ConfigurerTests {
 					.withUser("rod").password("password").roles("USER", "ADMIN");
 			// @formatter:on
 		}
+
 	}
 
 	@Test
@@ -158,13 +161,12 @@ public class X509ConfigurerTests {
 		this.spring.register(SubjectPrincipalRegexInLambdaConfig.class).autowire();
 		X509Certificate certificate = loadCert("rodatexampledotcom.cer");
 
-		this.mvc.perform(get("/")
-				.with(x509(certificate)))
-				.andExpect(authenticated().withUsername("rod"));
+		this.mvc.perform(get("/").with(x509(certificate))).andExpect(authenticated().withUsername("rod"));
 	}
 
 	@EnableWebSecurity
 	static class SubjectPrincipalRegexInLambdaConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -184,14 +186,17 @@ public class X509ConfigurerTests {
 					.withUser("rod").password("password").roles("USER", "ADMIN");
 			// @formatter:on
 		}
+
 	}
 
 	private <T extends Certificate> T loadCert(String location) {
 		try (InputStream is = new ClassPathResource(location).getInputStream()) {
 			CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
 			return (T) certFactory.generateCertificate(is);
-		} catch (Exception e) {
+		}
+		catch (Exception e) {
 			throw new IllegalArgumentException(e);
 		}
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerTests.java
index c2944260aa..02e001c1ae 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerTests.java
@@ -78,6 +78,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
  * @author Parikshit Dutta
  */
 public class OAuth2ClientConfigurerTests {
+
 	private static ClientRegistrationRepository clientRegistrationRepository;
 
 	private static OAuth2AuthorizedClientService authorizedClientService;
@@ -100,32 +101,25 @@ public class OAuth2ClientConfigurerTests {
 
 	@Before
 	public void setup() {
-		this.registration1 = TestClientRegistrations.clientRegistration()
-			.registrationId("registration-1")
-			.clientId("client-1")
-			.clientSecret("secret")
-			.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
-			.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
-			.redirectUri("{baseUrl}/client-1")
-			.scope("user")
-			.authorizationUri("https://provider.com/oauth2/authorize")
-			.tokenUri("https://provider.com/oauth2/token")
-			.userInfoUri("https://provider.com/oauth2/user")
-			.userNameAttributeName("id")
-			.clientName("client-1")
-			.build();
+		this.registration1 = TestClientRegistrations.clientRegistration().registrationId("registration-1")
+				.clientId("client-1").clientSecret("secret")
+				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
+				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).redirectUri("{baseUrl}/client-1")
+				.scope("user").authorizationUri("https://provider.com/oauth2/authorize")
+				.tokenUri("https://provider.com/oauth2/token").userInfoUri("https://provider.com/oauth2/user")
+				.userNameAttributeName("id").clientName("client-1").build();
 		clientRegistrationRepository = new InMemoryClientRegistrationRepository(this.registration1);
 		authorizedClientService = new InMemoryOAuth2AuthorizedClientService(clientRegistrationRepository);
-		authorizedClientRepository = new AuthenticatedPrincipalOAuth2AuthorizedClientRepository(authorizedClientService);
-		authorizationRequestResolver = new DefaultOAuth2AuthorizationRequestResolver(
-				clientRegistrationRepository, "/oauth2/authorization");
+		authorizedClientRepository = new AuthenticatedPrincipalOAuth2AuthorizedClientRepository(
+				authorizedClientService);
+		authorizationRequestResolver = new DefaultOAuth2AuthorizationRequestResolver(clientRegistrationRepository,
+				"/oauth2/authorization");
 
 		OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("access-token-1234")
-				.tokenType(OAuth2AccessToken.TokenType.BEARER)
-				.expiresIn(300)
-				.build();
+				.tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(300).build();
 		accessTokenResponseClient = mock(OAuth2AccessTokenResponseClient.class);
-		when(accessTokenResponseClient.getTokenResponse(any(OAuth2AuthorizationCodeGrantRequest.class))).thenReturn(accessTokenResponse);
+		when(accessTokenResponseClient.getTokenResponse(any(OAuth2AuthorizationCodeGrantRequest.class)))
+				.thenReturn(accessTokenResponse);
 		requestCache = mock(RequestCache.class);
 	}
 
@@ -134,12 +128,10 @@ public class OAuth2ClientConfigurerTests {
 		this.spring.register(OAuth2ClientConfig.class).autowire();
 
 		MvcResult mvcResult = this.mockMvc.perform(get("/oauth2/authorization/registration-1"))
-			.andExpect(status().is3xxRedirection())
-			.andReturn();
-		assertThat(mvcResult.getResponse().getRedirectedUrl()).matches("https://provider.com/oauth2/authorize\\?" +
-				"response_type=code&client_id=client-1&" +
-				"scope=user&state=.{15,}&" +
-				"redirect_uri=http://localhost/client-1");
+				.andExpect(status().is3xxRedirection()).andReturn();
+		assertThat(mvcResult.getResponse().getRedirectedUrl())
+				.matches("https://provider.com/oauth2/authorize\\?" + "response_type=code&client_id=client-1&"
+						+ "scope=user&state=.{15,}&" + "redirect_uri=http://localhost/client-1");
 	}
 
 	@Test
@@ -147,12 +139,10 @@ public class OAuth2ClientConfigurerTests {
 		this.spring.register(OAuth2ClientInLambdaConfig.class).autowire();
 
 		MvcResult mvcResult = this.mockMvc.perform(get("/oauth2/authorization/registration-1"))
-			.andExpect(status().is3xxRedirection())
-			.andReturn();
-		assertThat(mvcResult.getResponse().getRedirectedUrl()).matches("https://provider.com/oauth2/authorize\\?" +
-				"response_type=code&client_id=client-1&" +
-				"scope=user&state=.{15,}&" +
-				"redirect_uri=http://localhost/client-1");
+				.andExpect(status().is3xxRedirection()).andReturn();
+		assertThat(mvcResult.getResponse().getRedirectedUrl())
+				.matches("https://provider.com/oauth2/authorize\\?" + "response_type=code&client_id=client-1&"
+						+ "scope=user&state=.{15,}&" + "redirect_uri=http://localhost/client-1");
 	}
 
 	@Test
@@ -164,14 +154,10 @@ public class OAuth2ClientConfigurerTests {
 		attributes.put(OAuth2ParameterNames.REGISTRATION_ID, this.registration1.getRegistrationId());
 		OAuth2AuthorizationRequest authorizationRequest = OAuth2AuthorizationRequest.authorizationCode()
 				.authorizationUri(this.registration1.getProviderDetails().getAuthorizationUri())
-				.clientId(this.registration1.getClientId())
-				.redirectUri("http://localhost/client-1")
-				.state("state")
-				.attributes(attributes)
-				.build();
+				.clientId(this.registration1.getClientId()).redirectUri("http://localhost/client-1").state("state")
+				.attributes(attributes).build();
 
-		AuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository =
-				new HttpSessionOAuth2AuthorizationRequestRepository();
+		AuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository = new HttpSessionOAuth2AuthorizationRequestRepository();
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", "");
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, request, response);
@@ -181,30 +167,25 @@ public class OAuth2ClientConfigurerTests {
 		String principalName = "user1";
 		TestingAuthenticationToken authentication = new TestingAuthenticationToken(principalName, "password");
 
-		this.mockMvc.perform(get("/client-1")
-			.param(OAuth2ParameterNames.CODE, "code")
-			.param(OAuth2ParameterNames.STATE, "state")
-			.with(authentication(authentication))
-			.session(session))
-			.andExpect(status().is3xxRedirection())
-			.andExpect(redirectedUrl("http://localhost/client-1"));
+		this.mockMvc.perform(get("/client-1").param(OAuth2ParameterNames.CODE, "code")
+				.param(OAuth2ParameterNames.STATE, "state").with(authentication(authentication)).session(session))
+				.andExpect(status().is3xxRedirection()).andExpect(redirectedUrl("http://localhost/client-1"));
 
-		OAuth2AuthorizedClient authorizedClient = authorizedClientRepository.loadAuthorizedClient(
-			this.registration1.getRegistrationId(), authentication, request);
+		OAuth2AuthorizedClient authorizedClient = authorizedClientRepository
+				.loadAuthorizedClient(this.registration1.getRegistrationId(), authentication, request);
 		assertThat(authorizedClient).isNotNull();
 	}
 
 	@Test
-	public void configureWhenRequestCacheProvidedAndClientAuthorizationRequiredExceptionThrownThenRequestCacheUsed() throws Exception {
+	public void configureWhenRequestCacheProvidedAndClientAuthorizationRequiredExceptionThrownThenRequestCacheUsed()
+			throws Exception {
 		this.spring.register(OAuth2ClientConfig.class).autowire();
 
 		MvcResult mvcResult = this.mockMvc.perform(get("/resource1").with(user("user1")))
-				.andExpect(status().is3xxRedirection())
-				.andReturn();
-		assertThat(mvcResult.getResponse().getRedirectedUrl()).matches("https://provider.com/oauth2/authorize\\?" +
-				"response_type=code&client_id=client-1&" +
-				"scope=user&state=.{15,}&" +
-				"redirect_uri=http://localhost/client-1");
+				.andExpect(status().is3xxRedirection()).andReturn();
+		assertThat(mvcResult.getResponse().getRedirectedUrl())
+				.matches("https://provider.com/oauth2/authorize\\?" + "response_type=code&client_id=client-1&"
+						+ "scope=user&state=.{15,}&" + "redirect_uri=http://localhost/client-1");
 
 		verify(requestCache).saveRequest(any(HttpServletRequest.class), any(HttpServletResponse.class));
 	}
@@ -218,14 +199,10 @@ public class OAuth2ClientConfigurerTests {
 		attributes.put(OAuth2ParameterNames.REGISTRATION_ID, this.registration1.getRegistrationId());
 		OAuth2AuthorizationRequest authorizationRequest = OAuth2AuthorizationRequest.authorizationCode()
 				.authorizationUri(this.registration1.getProviderDetails().getAuthorizationUri())
-				.clientId(this.registration1.getClientId())
-				.redirectUri("http://localhost/client-1")
-				.state("state")
-				.attributes(attributes)
-				.build();
+				.clientId(this.registration1.getClientId()).redirectUri("http://localhost/client-1").state("state")
+				.attributes(attributes).build();
 
-		AuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository =
-				new HttpSessionOAuth2AuthorizationRequestRepository();
+		AuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository = new HttpSessionOAuth2AuthorizationRequestRepository();
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", "");
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, request, response);
@@ -235,29 +212,26 @@ public class OAuth2ClientConfigurerTests {
 		String principalName = "user1";
 		TestingAuthenticationToken authentication = new TestingAuthenticationToken(principalName, "password");
 
-		this.mockMvc.perform(get("/client-1")
-				.param(OAuth2ParameterNames.CODE, "code")
-				.param(OAuth2ParameterNames.STATE, "state")
-				.with(authentication(authentication))
-				.session(session))
-				.andExpect(status().is3xxRedirection())
-				.andExpect(redirectedUrl("http://localhost/client-1"));
+		this.mockMvc.perform(get("/client-1").param(OAuth2ParameterNames.CODE, "code")
+				.param(OAuth2ParameterNames.STATE, "state").with(authentication(authentication)).session(session))
+				.andExpect(status().is3xxRedirection()).andExpect(redirectedUrl("http://localhost/client-1"));
 
 		verify(requestCache).getRequest(any(HttpServletRequest.class), any(HttpServletResponse.class));
 	}
 
 	// gh-5521
 	@Test
-	public void configureWhenCustomAuthorizationRequestResolverSetThenAuthorizationRequestIncludesCustomParameters() throws Exception {
+	public void configureWhenCustomAuthorizationRequestResolverSetThenAuthorizationRequestIncludesCustomParameters()
+			throws Exception {
 		// Override default resolver
 		OAuth2AuthorizationRequestResolver defaultAuthorizationRequestResolver = authorizationRequestResolver;
 		authorizationRequestResolver = mock(OAuth2AuthorizationRequestResolver.class);
-		when(authorizationRequestResolver.resolve(any())).thenAnswer(invocation -> defaultAuthorizationRequestResolver.resolve(invocation.getArgument(0)));
+		when(authorizationRequestResolver.resolve(any()))
+				.thenAnswer(invocation -> defaultAuthorizationRequestResolver.resolve(invocation.getArgument(0)));
 
 		this.spring.register(OAuth2ClientConfig.class).autowire();
 
-		this.mockMvc.perform(get("/oauth2/authorization/registration-1"))
-				.andExpect(status().is3xxRedirection())
+		this.mockMvc.perform(get("/oauth2/authorization/registration-1")).andExpect(status().is3xxRedirection())
 				.andReturn();
 
 		verify(authorizationRequestResolver).resolve(any());
@@ -266,6 +240,7 @@ public class OAuth2ClientConfigurerTests {
 	@EnableWebSecurity
 	@EnableWebMvc
 	static class OAuth2ClientConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -295,16 +270,21 @@ public class OAuth2ClientConfigurerTests {
 
 		@RestController
 		public class ResourceController {
+
 			@GetMapping("/resource1")
-			public String resource1(@RegisteredOAuth2AuthorizedClient("registration-1") OAuth2AuthorizedClient authorizedClient) {
+			public String resource1(
+					@RegisteredOAuth2AuthorizedClient("registration-1") OAuth2AuthorizedClient authorizedClient) {
 				return "resource1";
 			}
+
 		}
+
 	}
 
 	@EnableWebSecurity
 	@EnableWebMvc
 	static class OAuth2ClientInLambdaConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -326,5 +306,7 @@ public class OAuth2ClientConfigurerTests {
 		public OAuth2AuthorizedClientRepository authorizedClientRepository() {
 			return authorizedClientRepository;
 		}
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurerTests.java
index 7daea6e6c6..130fa378bb 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurerTests.java
@@ -109,12 +109,10 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
 public class OAuth2LoginConfigurerTests {
 
 	private static final ClientRegistration GOOGLE_CLIENT_REGISTRATION = CommonOAuth2Provider.GOOGLE
-			.getBuilder("google").clientId("clientId").clientSecret("clientSecret")
-			.build();
+			.getBuilder("google").clientId("clientId").clientSecret("clientSecret").build();
 
 	private static final ClientRegistration GITHUB_CLIENT_REGISTRATION = CommonOAuth2Provider.GITHUB
-			.getBuilder("github").clientId("clientId").clientSecret("clientSecret")
-			.build();
+			.getBuilder("github").clientId("clientId").clientSecret("clientSecret").build();
 
 	private ConfigurableApplicationContext context;
 
@@ -134,7 +132,9 @@ public class OAuth2LoginConfigurerTests {
 	MockMvc mvc;
 
 	private MockHttpServletRequest request;
+
 	private MockHttpServletResponse response;
+
 	private MockFilterChain filterChain;
 
 	@Before
@@ -159,8 +159,7 @@ public class OAuth2LoginConfigurerTests {
 
 		// setup authorization request
 		OAuth2AuthorizationRequest authorizationRequest = createOAuth2AuthorizationRequest();
-		this.authorizationRequestRepository.saveAuthorizationRequest(
-			authorizationRequest, this.request, this.response);
+		this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, this.request, this.response);
 
 		// setup authentication parameters
 		this.request.setParameter("code", "code123");
@@ -171,30 +170,27 @@ public class OAuth2LoginConfigurerTests {
 
 		// assertions
 		Authentication authentication = this.securityContextRepository
-				.loadContext(new HttpRequestResponseHolder(this.request, this.response))
-				.getAuthentication();
+				.loadContext(new HttpRequestResponseHolder(this.request, this.response)).getAuthentication();
 		assertThat(authentication.getAuthorities()).hasSize(1);
-		assertThat(authentication.getAuthorities()).first()
-				.isInstanceOf(OAuth2UserAuthority.class).hasToString("ROLE_USER");
+		assertThat(authentication.getAuthorities()).first().isInstanceOf(OAuth2UserAuthority.class)
+				.hasToString("ROLE_USER");
 	}
 
 	@Test
 	public void requestWhenOauth2LoginInLambdaThenAuthenticationContainsOauth2UserAuthority() throws Exception {
 		loadConfig(OAuth2LoginInLambdaConfig.class);
 		OAuth2AuthorizationRequest authorizationRequest = createOAuth2AuthorizationRequest();
-		this.authorizationRequestRepository.saveAuthorizationRequest(
-			authorizationRequest, this.request, this.response);
+		this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, this.request, this.response);
 		this.request.setParameter("code", "code123");
 		this.request.setParameter("state", authorizationRequest.getState());
 
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain);
 
 		Authentication authentication = this.securityContextRepository
-				.loadContext(new HttpRequestResponseHolder(this.request, this.response))
-				.getAuthentication();
+				.loadContext(new HttpRequestResponseHolder(this.request, this.response)).getAuthentication();
 		assertThat(authentication.getAuthorities()).hasSize(1);
-		assertThat(authentication.getAuthorities()).first()
-				.isInstanceOf(OAuth2UserAuthority.class).hasToString("ROLE_USER");
+		assertThat(authentication.getAuthorities()).first().isInstanceOf(OAuth2UserAuthority.class)
+				.hasToString("ROLE_USER");
 	}
 
 	// gh-6009
@@ -205,8 +201,7 @@ public class OAuth2LoginConfigurerTests {
 
 		// setup authorization request
 		OAuth2AuthorizationRequest authorizationRequest = createOAuth2AuthorizationRequest();
-		this.authorizationRequestRepository.saveAuthorizationRequest(
-				authorizationRequest, this.request, this.response);
+		this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, this.request, this.response);
 
 		// setup authentication parameters
 		this.request.setParameter("code", "code123");
@@ -228,8 +223,7 @@ public class OAuth2LoginConfigurerTests {
 
 		// setup authorization request
 		OAuth2AuthorizationRequest authorizationRequest = createOAuth2AuthorizationRequest();
-		this.authorizationRequestRepository.saveAuthorizationRequest(
-			authorizationRequest, this.request, this.response);
+		this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, this.request, this.response);
 
 		// setup authentication parameters
 		this.request.setParameter("code", "code123");
@@ -240,8 +234,7 @@ public class OAuth2LoginConfigurerTests {
 
 		// assertions
 		Authentication authentication = this.securityContextRepository
-				.loadContext(new HttpRequestResponseHolder(this.request, this.response))
-				.getAuthentication();
+				.loadContext(new HttpRequestResponseHolder(this.request, this.response)).getAuthentication();
 		assertThat(authentication.getAuthorities()).hasSize(2);
 		assertThat(authentication.getAuthorities()).first().hasToString("ROLE_USER");
 		assertThat(authentication.getAuthorities()).last().hasToString("ROLE_OAUTH2_USER");
@@ -254,8 +247,7 @@ public class OAuth2LoginConfigurerTests {
 
 		// setup authorization request
 		OAuth2AuthorizationRequest authorizationRequest = createOAuth2AuthorizationRequest();
-		this.authorizationRequestRepository.saveAuthorizationRequest(
-			authorizationRequest, this.request, this.response);
+		this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, this.request, this.response);
 
 		// setup authentication parameters
 		this.request.setParameter("code", "code123");
@@ -266,8 +258,7 @@ public class OAuth2LoginConfigurerTests {
 
 		// assertions
 		Authentication authentication = this.securityContextRepository
-				.loadContext(new HttpRequestResponseHolder(this.request, this.response))
-				.getAuthentication();
+				.loadContext(new HttpRequestResponseHolder(this.request, this.response)).getAuthentication();
 		assertThat(authentication.getAuthorities()).hasSize(2);
 		assertThat(authentication.getAuthorities()).first().hasToString("ROLE_USER");
 		assertThat(authentication.getAuthorities()).last().hasToString("ROLE_OAUTH2_USER");
@@ -280,8 +271,7 @@ public class OAuth2LoginConfigurerTests {
 
 		// setup authorization request
 		OAuth2AuthorizationRequest authorizationRequest = createOAuth2AuthorizationRequest();
-		this.authorizationRequestRepository.saveAuthorizationRequest(
-				authorizationRequest, this.request, this.response);
+		this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, this.request, this.response);
 
 		// setup authentication parameters
 		this.request.setParameter("code", "code123");
@@ -292,8 +282,7 @@ public class OAuth2LoginConfigurerTests {
 
 		// assertions
 		Authentication authentication = this.securityContextRepository
-				.loadContext(new HttpRequestResponseHolder(this.request, this.response))
-				.getAuthentication();
+				.loadContext(new HttpRequestResponseHolder(this.request, this.response)).getAuthentication();
 		assertThat(authentication.getAuthorities()).hasSize(2);
 		assertThat(authentication.getAuthorities()).first().hasToString("ROLE_USER");
 		assertThat(authentication.getAuthorities()).last().hasToString("ROLE_OAUTH2_USER");
@@ -308,8 +297,7 @@ public class OAuth2LoginConfigurerTests {
 		// setup authorization request
 		OAuth2AuthorizationRequest authorizationRequest = createOAuth2AuthorizationRequest();
 		this.request.setServletPath("/login/oauth2/google");
-		this.authorizationRequestRepository.saveAuthorizationRequest(
-				authorizationRequest, this.request, this.response);
+		this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, this.request, this.response);
 
 		// setup authentication parameters
 		this.request.setParameter("code", "code123");
@@ -320,24 +308,22 @@ public class OAuth2LoginConfigurerTests {
 
 		// assertions
 		Authentication authentication = this.securityContextRepository
-				.loadContext(new HttpRequestResponseHolder(this.request, this.response))
-				.getAuthentication();
+				.loadContext(new HttpRequestResponseHolder(this.request, this.response)).getAuthentication();
 		assertThat(authentication.getAuthorities()).hasSize(1);
-		assertThat(authentication.getAuthorities()).first()
-				.isInstanceOf(OAuth2UserAuthority.class).hasToString("ROLE_USER");
+		assertThat(authentication.getAuthorities()).first().isInstanceOf(OAuth2UserAuthority.class)
+				.hasToString("ROLE_USER");
 	}
 
 	// gh-5521
 	@Test
 	public void oauth2LoginWithCustomAuthorizationRequestParameters() throws Exception {
 		loadConfig(OAuth2LoginConfigCustomAuthorizationRequestResolver.class);
-		OAuth2AuthorizationRequestResolver resolver = this.context.getBean(
-				OAuth2LoginConfigCustomAuthorizationRequestResolver.class).resolver;
+		OAuth2AuthorizationRequestResolver resolver = this.context
+				.getBean(OAuth2LoginConfigCustomAuthorizationRequestResolver.class).resolver;
 		OAuth2AuthorizationRequest result = OAuth2AuthorizationRequest.authorizationCode()
-				.authorizationUri("https://accounts.google.com/authorize")
-				.clientId("client-id")
-				.state("adsfa")
-				.authorizationRequestUri("https://accounts.google.com/o/oauth2/v2/auth?response_type=code&client_id=clientId&scope=openid+profile+email&state=state&redirect_uri=http%3A%2F%2Flocalhost%2Flogin%2Foauth2%2Fcode%2Fgoogle&custom-param1=custom-value1")
+				.authorizationUri("https://accounts.google.com/authorize").clientId("client-id").state("adsfa")
+				.authorizationRequestUri(
+						"https://accounts.google.com/o/oauth2/v2/auth?response_type=code&client_id=clientId&scope=openid+profile+email&state=state&redirect_uri=http%3A%2F%2Flocalhost%2Flogin%2Foauth2%2Fcode%2Fgoogle&custom-param1=custom-value1")
 				.build();
 		when(resolver.resolve(any())).thenReturn(result);
 
@@ -347,20 +333,20 @@ public class OAuth2LoginConfigurerTests {
 
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain);
 
-		assertThat(this.response.getRedirectedUrl()).isEqualTo("https://accounts.google.com/o/oauth2/v2/auth?response_type=code&client_id=clientId&scope=openid+profile+email&state=state&redirect_uri=http%3A%2F%2Flocalhost%2Flogin%2Foauth2%2Fcode%2Fgoogle&custom-param1=custom-value1");
+		assertThat(this.response.getRedirectedUrl()).isEqualTo(
+				"https://accounts.google.com/o/oauth2/v2/auth?response_type=code&client_id=clientId&scope=openid+profile+email&state=state&redirect_uri=http%3A%2F%2Flocalhost%2Flogin%2Foauth2%2Fcode%2Fgoogle&custom-param1=custom-value1");
 	}
 
 	@Test
 	public void requestWhenOauth2LoginWithCustomAuthorizationRequestParametersThenParametersInRedirectedUrl()
 			throws Exception {
 		loadConfig(OAuth2LoginConfigCustomAuthorizationRequestResolverInLambda.class);
-		OAuth2AuthorizationRequestResolver resolver = this.context.getBean(
-				OAuth2LoginConfigCustomAuthorizationRequestResolverInLambda.class).resolver;
+		OAuth2AuthorizationRequestResolver resolver = this.context
+				.getBean(OAuth2LoginConfigCustomAuthorizationRequestResolverInLambda.class).resolver;
 		OAuth2AuthorizationRequest result = OAuth2AuthorizationRequest.authorizationCode()
-				.authorizationUri("https://accounts.google.com/authorize")
-				.clientId("client-id")
-				.state("adsfa")
-				.authorizationRequestUri("https://accounts.google.com/o/oauth2/v2/auth?response_type=code&client_id=clientId&scope=openid+profile+email&state=state&redirect_uri=http%3A%2F%2Flocalhost%2Flogin%2Foauth2%2Fcode%2Fgoogle&custom-param1=custom-value1")
+				.authorizationUri("https://accounts.google.com/authorize").clientId("client-id").state("adsfa")
+				.authorizationRequestUri(
+						"https://accounts.google.com/o/oauth2/v2/auth?response_type=code&client_id=clientId&scope=openid+profile+email&state=state&redirect_uri=http%3A%2F%2Flocalhost%2Flogin%2Foauth2%2Fcode%2Fgoogle&custom-param1=custom-value1")
 				.build();
 		when(resolver.resolve(any())).thenReturn(result);
 
@@ -370,7 +356,8 @@ public class OAuth2LoginConfigurerTests {
 
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain);
 
-		assertThat(this.response.getRedirectedUrl()).isEqualTo("https://accounts.google.com/o/oauth2/v2/auth?response_type=code&client_id=clientId&scope=openid+profile+email&state=state&redirect_uri=http%3A%2F%2Flocalhost%2Flogin%2Foauth2%2Fcode%2Fgoogle&custom-param1=custom-value1");
+		assertThat(this.response.getRedirectedUrl()).isEqualTo(
+				"https://accounts.google.com/o/oauth2/v2/auth?response_type=code&client_id=clientId&scope=openid+profile+email&state=state&redirect_uri=http%3A%2F%2Flocalhost%2Flogin%2Foauth2%2Fcode%2Fgoogle&custom-param1=custom-value1");
 	}
 
 	// gh-5347
@@ -389,7 +376,8 @@ public class OAuth2LoginConfigurerTests {
 
 	// gh-5347
 	@Test
-	public void oauth2LoginWithOneClientConfiguredAndRequestFaviconNotAuthenticatedThenRedirectDefaultLoginPage() throws Exception {
+	public void oauth2LoginWithOneClientConfiguredAndRequestFaviconNotAuthenticatedThenRedirectDefaultLoginPage()
+			throws Exception {
 		loadConfig(OAuth2LoginConfig.class);
 
 		String requestUri = "/favicon.ico";
@@ -418,7 +406,8 @@ public class OAuth2LoginConfigurerTests {
 
 	// gh-6812
 	@Test
-	public void oauth2LoginWithOneClientConfiguredAndRequestXHRNotAuthenticatedThenDoesNotRedirectForAuthorization() throws Exception {
+	public void oauth2LoginWithOneClientConfiguredAndRequestXHRNotAuthenticatedThenDoesNotRedirectForAuthorization()
+			throws Exception {
 		loadConfig(OAuth2LoginConfig.class);
 
 		String requestUri = "/";
@@ -464,8 +453,7 @@ public class OAuth2LoginConfigurerTests {
 
 		// setup authorization request
 		OAuth2AuthorizationRequest authorizationRequest = createOAuth2AuthorizationRequest("openid");
-		this.authorizationRequestRepository.saveAuthorizationRequest(
-			authorizationRequest, this.request, this.response);
+		this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, this.request, this.response);
 
 		// setup authentication parameters
 		this.request.setParameter("code", "code123");
@@ -476,11 +464,10 @@ public class OAuth2LoginConfigurerTests {
 
 		// assertions
 		Authentication authentication = this.securityContextRepository
-				.loadContext(new HttpRequestResponseHolder(this.request, this.response))
-				.getAuthentication();
+				.loadContext(new HttpRequestResponseHolder(this.request, this.response)).getAuthentication();
 		assertThat(authentication.getAuthorities()).hasSize(1);
-		assertThat(authentication.getAuthorities()).first()
-				.isInstanceOf(OidcUserAuthority.class).hasToString("ROLE_USER");
+		assertThat(authentication.getAuthorities()).first().isInstanceOf(OidcUserAuthority.class)
+				.hasToString("ROLE_USER");
 	}
 
 	@Test
@@ -490,8 +477,7 @@ public class OAuth2LoginConfigurerTests {
 
 		// setup authorization request
 		OAuth2AuthorizationRequest authorizationRequest = createOAuth2AuthorizationRequest("openid");
-		this.authorizationRequestRepository.saveAuthorizationRequest(
-			authorizationRequest, this.request, this.response);
+		this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, this.request, this.response);
 
 		// setup authentication parameters
 		this.request.setParameter("code", "code123");
@@ -502,11 +488,10 @@ public class OAuth2LoginConfigurerTests {
 
 		// assertions
 		Authentication authentication = this.securityContextRepository
-				.loadContext(new HttpRequestResponseHolder(this.request, this.response))
-				.getAuthentication();
+				.loadContext(new HttpRequestResponseHolder(this.request, this.response)).getAuthentication();
 		assertThat(authentication.getAuthorities()).hasSize(1);
-		assertThat(authentication.getAuthorities()).first()
-				.isInstanceOf(OidcUserAuthority.class).hasToString("ROLE_USER");
+		assertThat(authentication.getAuthorities()).first().isInstanceOf(OidcUserAuthority.class)
+				.hasToString("ROLE_USER");
 	}
 
 	@Test
@@ -516,8 +501,7 @@ public class OAuth2LoginConfigurerTests {
 
 		// setup authorization request
 		OAuth2AuthorizationRequest authorizationRequest = createOAuth2AuthorizationRequest("openid");
-		this.authorizationRequestRepository.saveAuthorizationRequest(
-			authorizationRequest, this.request, this.response);
+		this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, this.request, this.response);
 
 		// setup authentication parameters
 		this.request.setParameter("code", "code123");
@@ -528,8 +512,7 @@ public class OAuth2LoginConfigurerTests {
 
 		// assertions
 		Authentication authentication = this.securityContextRepository
-				.loadContext(new HttpRequestResponseHolder(this.request, this.response))
-				.getAuthentication();
+				.loadContext(new HttpRequestResponseHolder(this.request, this.response)).getAuthentication();
 		assertThat(authentication.getAuthorities()).hasSize(2);
 		assertThat(authentication.getAuthorities()).first().hasToString("ROLE_USER");
 		assertThat(authentication.getAuthorities()).last().hasToString("ROLE_OIDC_USER");
@@ -542,8 +525,7 @@ public class OAuth2LoginConfigurerTests {
 
 		// setup authorization request
 		OAuth2AuthorizationRequest authorizationRequest = createOAuth2AuthorizationRequest("openid");
-		this.authorizationRequestRepository.saveAuthorizationRequest(
-			authorizationRequest, this.request, this.response);
+		this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, this.request, this.response);
 
 		// setup authentication parameters
 		this.request.setParameter("code", "code123");
@@ -554,8 +536,7 @@ public class OAuth2LoginConfigurerTests {
 
 		// assertions
 		Authentication authentication = this.securityContextRepository
-				.loadContext(new HttpRequestResponseHolder(this.request, this.response))
-				.getAuthentication();
+				.loadContext(new HttpRequestResponseHolder(this.request, this.response)).getAuthentication();
 		assertThat(authentication.getAuthorities()).hasSize(2);
 		assertThat(authentication.getAuthorities()).first().hasToString("ROLE_USER");
 		assertThat(authentication.getAuthorities()).last().hasToString("ROLE_OIDC_USER");
@@ -565,23 +546,19 @@ public class OAuth2LoginConfigurerTests {
 	public void oidcLoginCustomWithNoUniqueJwtDecoderFactory() {
 		assertThatThrownBy(() -> loadConfig(OAuth2LoginConfig.class, NoUniqueJwtDecoderFactoryConfig.class))
 				.hasRootCauseInstanceOf(NoUniqueBeanDefinitionException.class)
-				.hasMessageContaining("No qualifying bean of type " +
-						"'org.springframework.security.oauth2.jwt.JwtDecoderFactory<org.springframework.security.oauth2.client.registration.ClientRegistration>' " +
-						"available: expected single matching bean but found 2: jwtDecoderFactory1,jwtDecoderFactory2");
+				.hasMessageContaining("No qualifying bean of type "
+						+ "'org.springframework.security.oauth2.jwt.JwtDecoderFactory<org.springframework.security.oauth2.client.registration.ClientRegistration>' "
+						+ "available: expected single matching bean but found 2: jwtDecoderFactory1,jwtDecoderFactory2");
 	}
 
 	@Test
 	public void logoutWhenUsingOidcLogoutHandlerThenRedirects() throws Exception {
 		this.spring.register(OAuth2LoginConfigWithOidcLogoutSuccessHandler.class).autowire();
 
-		OAuth2AuthenticationToken token = new OAuth2AuthenticationToken(
-				TestOidcUsers.create(),
-				AuthorityUtils.NO_AUTHORITIES,
-				"registration-id");
+		OAuth2AuthenticationToken token = new OAuth2AuthenticationToken(TestOidcUsers.create(),
+				AuthorityUtils.NO_AUTHORITIES, "registration-id");
 
-		this.mvc.perform(post("/logout")
-				.with(authentication(token))
-				.with(csrf()))
+		this.mvc.perform(post("/logout").with(authentication(token)).with(csrf()))
 				.andExpect(redirectedUrl("https://logout?id_token_hint=id-token"));
 	}
 
@@ -597,22 +574,20 @@ public class OAuth2LoginConfigurerTests {
 		return this.createOAuth2AuthorizationRequest(GOOGLE_CLIENT_REGISTRATION, scopes);
 	}
 
-	private OAuth2AuthorizationRequest createOAuth2AuthorizationRequest(ClientRegistration registration, String... scopes) {
+	private OAuth2AuthorizationRequest createOAuth2AuthorizationRequest(ClientRegistration registration,
+			String... scopes) {
 		return OAuth2AuthorizationRequest.authorizationCode()
 				.authorizationUri(registration.getProviderDetails().getAuthorizationUri())
-				.clientId(registration.getClientId())
-				.state("state123")
-				.redirectUri("http://localhost")
-				.attributes(
-						Collections.singletonMap(
-								OAuth2ParameterNames.REGISTRATION_ID,
-								registration.getRegistrationId()))
-				.scope(scopes)
-				.build();
+				.clientId(registration.getClientId()).state("state123").redirectUri("http://localhost")
+				.attributes(Collections.singletonMap(OAuth2ParameterNames.REGISTRATION_ID,
+						registration.getRegistrationId()))
+				.scope(scopes).build();
 	}
 
 	@EnableWebSecurity
-	static class OAuth2LoginConfig extends CommonWebSecurityConfigurerAdapter implements ApplicationListener<AuthenticationSuccessEvent> {
+	static class OAuth2LoginConfig extends CommonWebSecurityConfigurerAdapter
+			implements ApplicationListener<AuthenticationSuccessEvent> {
+
 		static List<AuthenticationSuccessEvent> EVENTS = new ArrayList<>();
 
 		@Override
@@ -630,11 +605,13 @@ public class OAuth2LoginConfigurerTests {
 		public void onApplicationEvent(AuthenticationSuccessEvent event) {
 			EVENTS.add(event);
 		}
+
 	}
 
 	@EnableWebSecurity
 	static class OAuth2LoginInLambdaConfig extends CommonLambdaWebSecurityConfigurerAdapter
 			implements ApplicationListener<AuthenticationSuccessEvent> {
+
 		static List<AuthenticationSuccessEvent> EVENTS = new ArrayList<>();
 
 		@Override
@@ -654,10 +631,12 @@ public class OAuth2LoginConfigurerTests {
 		public void onApplicationEvent(AuthenticationSuccessEvent event) {
 			EVENTS.add(event);
 		}
+
 	}
 
 	@EnableWebSecurity
 	static class OAuth2LoginConfigCustomWithConfigurer extends CommonWebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -670,10 +649,12 @@ public class OAuth2LoginConfigurerTests {
 			// @formatter:on
 			super.configure(http);
 		}
+
 	}
 
 	@EnableWebSecurity
 	static class OAuth2LoginConfigCustomWithBeanRegistration extends CommonWebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -692,10 +673,12 @@ public class OAuth2LoginConfigurerTests {
 		GrantedAuthoritiesMapper grantedAuthoritiesMapper() {
 			return createGrantedAuthoritiesMapper();
 		}
+
 	}
 
 	@EnableWebSecurity
 	static class OAuth2LoginConfigCustomUserServiceBeanRegistration extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -741,10 +724,12 @@ public class OAuth2LoginConfigurerTests {
 		OAuth2UserService<OidcUserRequest, OidcUser> oidcUserService() {
 			return createOidcUserService();
 		}
+
 	}
 
 	@EnableWebSecurity
 	static class OAuth2LoginConfigLoginProcessingUrl extends CommonWebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -756,12 +741,14 @@ public class OAuth2LoginConfigurerTests {
 			// @formatter:on
 			super.configure(http);
 		}
+
 	}
 
 	@EnableWebSecurity
 	static class OAuth2LoginConfigCustomAuthorizationRequestResolver extends CommonWebSecurityConfigurerAdapter {
-		private ClientRegistrationRepository clientRegistrationRepository =
-				new InMemoryClientRegistrationRepository(GOOGLE_CLIENT_REGISTRATION);
+
+		private ClientRegistrationRepository clientRegistrationRepository = new InMemoryClientRegistrationRepository(
+				GOOGLE_CLIENT_REGISTRATION);
 
 		OAuth2AuthorizationRequestResolver resolver = mock(OAuth2AuthorizationRequestResolver.class);
 
@@ -776,12 +763,15 @@ public class OAuth2LoginConfigurerTests {
 			// @formatter:on
 			super.configure(http);
 		}
+
 	}
 
 	@EnableWebSecurity
-	static class OAuth2LoginConfigCustomAuthorizationRequestResolverInLambda extends CommonLambdaWebSecurityConfigurerAdapter {
-		private ClientRegistrationRepository clientRegistrationRepository =
-				new InMemoryClientRegistrationRepository(GOOGLE_CLIENT_REGISTRATION);
+	static class OAuth2LoginConfigCustomAuthorizationRequestResolverInLambda
+			extends CommonLambdaWebSecurityConfigurerAdapter {
+
+		private ClientRegistrationRepository clientRegistrationRepository = new InMemoryClientRegistrationRepository(
+				GOOGLE_CLIENT_REGISTRATION);
 
 		OAuth2AuthorizationRequestResolver resolver = mock(OAuth2AuthorizationRequestResolver.class);
 
@@ -800,10 +790,12 @@ public class OAuth2LoginConfigurerTests {
 			// @formatter:on
 			super.configure(http);
 		}
+
 	}
 
 	@EnableWebSecurity
 	static class OAuth2LoginConfigMultipleClients extends CommonWebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -815,10 +807,12 @@ public class OAuth2LoginConfigurerTests {
 			// @formatter:on
 			super.configure(http);
 		}
+
 	}
 
 	@EnableWebSecurity
 	static class OAuth2LoginConfigCustomLoginPage extends CommonWebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -830,10 +824,12 @@ public class OAuth2LoginConfigurerTests {
 			// @formatter:on
 			super.configure(http);
 		}
+
 	}
 
 	@EnableWebSecurity
 	static class OAuth2LoginConfigCustomLoginPageInLambda extends CommonLambdaWebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -847,10 +843,12 @@ public class OAuth2LoginConfigurerTests {
 			// @formatter:on
 			super.configure(http);
 		}
+
 	}
 
 	@EnableWebSecurity
 	static class OAuth2LoginConfigWithOidcLogoutSuccessHandler extends CommonWebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -868,15 +866,15 @@ public class OAuth2LoginConfigurerTests {
 
 		@Bean
 		ClientRegistrationRepository clientRegistrationRepository() {
-			Map<String, Object> providerMetadata =
-					Collections.singletonMap("end_session_endpoint", "https://logout");
-			return new InMemoryClientRegistrationRepository(
-					TestClientRegistrations.clientRegistration()
-							.providerConfigurationMetadata(providerMetadata).build());
+			Map<String, Object> providerMetadata = Collections.singletonMap("end_session_endpoint", "https://logout");
+			return new InMemoryClientRegistrationRepository(TestClientRegistrations.clientRegistration()
+					.providerConfigurationMetadata(providerMetadata).build());
 		}
+
 	}
 
 	private static abstract class CommonWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -906,9 +904,11 @@ public class OAuth2LoginConfigurerTests {
 		HttpSessionOAuth2AuthorizationRequestRepository oauth2AuthorizationRequestRepository() {
 			return new HttpSessionOAuth2AuthorizationRequestRepository();
 		}
+
 	}
 
 	private static abstract class CommonLambdaWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -945,6 +945,7 @@ public class OAuth2LoginConfigurerTests {
 		HttpSessionOAuth2AuthorizationRequestRepository oauth2AuthorizationRequestRepository() {
 			return new HttpSessionOAuth2AuthorizationRequestRepository();
 		}
+
 	}
 
 	@Configuration
@@ -966,6 +967,7 @@ public class OAuth2LoginConfigurerTests {
 			when(jwtDecoder.decode(any())).thenReturn(jwt);
 			return jwtDecoder;
 		}
+
 	}
 
 	@Configuration
@@ -989,34 +991,29 @@ public class OAuth2LoginConfigurerTests {
 			if (request.getAuthorizationExchange().getAuthorizationRequest().getScopes().contains("openid")) {
 				additionalParameters.put(OidcParameterNames.ID_TOKEN, "token123");
 			}
-			return OAuth2AccessTokenResponse.withToken("accessToken123")
-						.tokenType(OAuth2AccessToken.TokenType.BEARER)
-						.additionalParameters(additionalParameters)
-						.build();
+			return OAuth2AccessTokenResponse.withToken("accessToken123").tokenType(OAuth2AccessToken.TokenType.BEARER)
+					.additionalParameters(additionalParameters).build();
 		};
 	}
 
 	private static OAuth2UserService<OAuth2UserRequest, OAuth2User> createOauth2UserService() {
 		Map<String, Object> userAttributes = Collections.singletonMap("name", "spring");
-		return request -> new DefaultOAuth2User(
-				Collections.singleton(new OAuth2UserAuthority(userAttributes)),
+		return request -> new DefaultOAuth2User(Collections.singleton(new OAuth2UserAuthority(userAttributes)),
 				userAttributes, "name");
 	}
 
 	private static OAuth2UserService<OidcUserRequest, OidcUser> createOidcUserService() {
 		OidcIdToken idToken = idToken().build();
-		return request -> new DefaultOidcUser(
-				Collections.singleton(new OidcUserAuthority(idToken)), idToken);
+		return request -> new DefaultOidcUser(Collections.singleton(new OidcUserAuthority(idToken)), idToken);
 	}
 
 	private static GrantedAuthoritiesMapper createGrantedAuthoritiesMapper() {
 		return authorities -> {
-			boolean isOidc = OidcUserAuthority.class
-					.isInstance(authorities.iterator().next());
+			boolean isOidc = OidcUserAuthority.class.isInstance(authorities.iterator().next());
 			List<GrantedAuthority> mappedAuthorities = new ArrayList<>(authorities);
-			mappedAuthorities.add(new SimpleGrantedAuthority(
-					isOidc ? "ROLE_OIDC_USER" : "ROLE_OAUTH2_USER"));
+			mappedAuthorities.add(new SimpleGrantedAuthority(isOidc ? "ROLE_OIDC_USER" : "ROLE_OAUTH2_USER"));
 			return mappedAuthorities;
 		};
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java
index a830d226c1..8c345e5c35 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java
@@ -163,20 +163,29 @@ import static org.springframework.web.bind.annotation.RequestMethod.POST;
  * @author Evgeniy Cheban
  */
 public class OAuth2ResourceServerConfigurerTests {
+
 	private static final String JWT_TOKEN = "token";
+
 	private static final String JWT_SUBJECT = "mock-test-subject";
+
 	private static final Map<String, Object> JWT_CLAIMS = Collections.singletonMap(SUB, JWT_SUBJECT);
+
 	private static final Jwt JWT = jwt().build();
+
 	private static final String JWK_SET_URI = "https://mock.org";
-	private static final JwtAuthenticationToken JWT_AUTHENTICATION_TOKEN =
-			new JwtAuthenticationToken(JWT, Collections.emptyList());
+
+	private static final JwtAuthenticationToken JWT_AUTHENTICATION_TOKEN = new JwtAuthenticationToken(JWT,
+			Collections.emptyList());
 
 	private static final String INTROSPECTION_URI = "https://idp.example.com";
+
 	private static final String CLIENT_ID = "client-id";
+
 	private static final String CLIENT_SECRET = "client-secret";
-	private static final BearerTokenAuthentication INTROSPECTION_AUTHENTICATION_TOKEN =
-			new BearerTokenAuthentication(new DefaultOAuth2AuthenticatedPrincipal(JWT_CLAIMS, Collections.emptyList()),
-					noScopes(), Collections.emptyList());
+
+	private static final BearerTokenAuthentication INTROSPECTION_AUTHENTICATION_TOKEN = new BearerTokenAuthentication(
+			new DefaultOAuth2AuthenticatedPrincipal(JWT_CLAIMS, Collections.emptyList()), noScopes(),
+			Collections.emptyList());
 
 	@Autowired(required = false)
 	MockMvc mvc;
@@ -188,28 +197,24 @@ public class OAuth2ResourceServerConfigurerTests {
 	public final SpringTestRule spring = new SpringTestRule();
 
 	@Test
-	public void getWhenUsingDefaultsWithValidBearerTokenThenAcceptsRequest()
-			throws Exception {
+	public void getWhenUsingDefaultsWithValidBearerTokenThenAcceptsRequest() throws Exception {
 
 		this.spring.register(RestOperationsConfig.class, DefaultConfig.class, BasicController.class).autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("ValidNoScopes");
 
-		this.mvc.perform(get("/").with(bearerToken(token)))
-				.andExpect(status().isOk())
+		this.mvc.perform(get("/").with(bearerToken(token))).andExpect(status().isOk())
 				.andExpect(content().string("ok"));
 	}
 
 	@Test
-	public void getWhenUsingDefaultsInLambdaWithValidBearerTokenThenAcceptsRequest()
-			throws Exception {
+	public void getWhenUsingDefaultsInLambdaWithValidBearerTokenThenAcceptsRequest() throws Exception {
 
 		this.spring.register(RestOperationsConfig.class, DefaultInLambdaConfig.class, BasicController.class).autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("ValidNoScopes");
 
-		this.mvc.perform(get("/").with(bearerToken(token)))
-				.andExpect(status().isOk())
+		this.mvc.perform(get("/").with(bearerToken(token))).andExpect(status().isOk())
 				.andExpect(content().string("ok"));
 	}
 
@@ -219,8 +224,7 @@ public class OAuth2ResourceServerConfigurerTests {
 		mockWebServer(jwks("Default"));
 		String token = this.token("ValidNoScopes");
 
-		this.mvc.perform(get("/").with(bearerToken(token)))
-				.andExpect(status().isOk())
+		this.mvc.perform(get("/").with(bearerToken(token))).andExpect(status().isOk())
 				.andExpect(content().string("ok"));
 	}
 
@@ -230,115 +234,96 @@ public class OAuth2ResourceServerConfigurerTests {
 		mockWebServer(jwks("Default"));
 		String token = this.token("ValidNoScopes");
 
-		this.mvc.perform(get("/").with(bearerToken(token)))
-				.andExpect(status().isOk())
+		this.mvc.perform(get("/").with(bearerToken(token))).andExpect(status().isOk())
 				.andExpect(content().string("ok"));
 	}
 
 	@Test
-	public void getWhenUsingDefaultsWithExpiredBearerTokenThenInvalidToken()
-			throws Exception {
+	public void getWhenUsingDefaultsWithExpiredBearerTokenThenInvalidToken() throws Exception {
 
 		this.spring.register(RestOperationsConfig.class, DefaultConfig.class, BasicController.class).autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("Expired");
 
-		this.mvc.perform(get("/").with(bearerToken(token)))
-				.andExpect(status().isUnauthorized())
+		this.mvc.perform(get("/").with(bearerToken(token))).andExpect(status().isUnauthorized())
 				.andExpect(invalidTokenHeader("An error occurred while attempting to decode the Jwt"));
 	}
 
 	@Test
-	public void getWhenUsingDefaultsWithBadJwkEndpointThenInvalidToken()
-		throws Exception {
+	public void getWhenUsingDefaultsWithBadJwkEndpointThenInvalidToken() throws Exception {
 
 		this.spring.register(RestOperationsConfig.class, DefaultConfig.class).autowire();
 		mockRestOperations("malformed");
 		String token = this.token("ValidNoScopes");
 
-		this.mvc.perform(get("/").with(bearerToken(token)))
-				.andExpect(status().isUnauthorized())
+		this.mvc.perform(get("/").with(bearerToken(token))).andExpect(status().isUnauthorized())
 				.andExpect(header().string("WWW-Authenticate", "Bearer"));
 	}
 
 	@Test
-	public void getWhenUsingDefaultsWithUnavailableJwkEndpointThenInvalidToken()
-			throws Exception {
+	public void getWhenUsingDefaultsWithUnavailableJwkEndpointThenInvalidToken() throws Exception {
 
 		this.spring.register(WebServerConfig.class, JwkSetUriConfig.class).autowire();
 		this.web.shutdown();
 		String token = this.token("ValidNoScopes");
 
-		this.mvc.perform(get("/").with(bearerToken(token)))
-				.andExpect(status().isUnauthorized())
+		this.mvc.perform(get("/").with(bearerToken(token))).andExpect(status().isUnauthorized())
 				.andExpect(header().string("WWW-Authenticate", "Bearer"));
 	}
 
 	@Test
-	public void getWhenUsingDefaultsWithMalformedBearerTokenThenInvalidToken()
-			throws Exception {
+	public void getWhenUsingDefaultsWithMalformedBearerTokenThenInvalidToken() throws Exception {
 
 		this.spring.register(JwkSetUriConfig.class).autowire();
 
-		this.mvc.perform(get("/").with(bearerToken("an\"invalid\"token")))
-				.andExpect(status().isUnauthorized())
+		this.mvc.perform(get("/").with(bearerToken("an\"invalid\"token"))).andExpect(status().isUnauthorized())
 				.andExpect(invalidTokenHeader("Bearer token is malformed"));
 	}
 
 	@Test
-	public void getWhenUsingDefaultsWithMalformedPayloadThenInvalidToken()
-			throws Exception {
+	public void getWhenUsingDefaultsWithMalformedPayloadThenInvalidToken() throws Exception {
 
 		this.spring.register(RestOperationsConfig.class, DefaultConfig.class).autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("MalformedPayload");
 
-		this.mvc.perform(get("/").with(bearerToken(token)))
-				.andExpect(status().isUnauthorized())
-				.andExpect(invalidTokenHeader("An error occurred while attempting to decode the Jwt: Malformed payload"));
+		this.mvc.perform(get("/").with(bearerToken(token))).andExpect(status().isUnauthorized()).andExpect(
+				invalidTokenHeader("An error occurred while attempting to decode the Jwt: Malformed payload"));
 	}
 
 	@Test
-	public void getWhenUsingDefaultsWithUnsignedBearerTokenThenInvalidToken()
-			throws Exception {
+	public void getWhenUsingDefaultsWithUnsignedBearerTokenThenInvalidToken() throws Exception {
 
 		this.spring.register(JwkSetUriConfig.class).autowire();
 		String token = this.token("Unsigned");
 
-		this.mvc.perform(get("/").with(bearerToken(token)))
-				.andExpect(status().isUnauthorized())
+		this.mvc.perform(get("/").with(bearerToken(token))).andExpect(status().isUnauthorized())
 				.andExpect(invalidTokenHeader("Unsupported algorithm of none"));
 	}
 
 	@Test
-	public void getWhenUsingDefaultsWithBearerTokenBeforeNotBeforeThenInvalidToken()
-			throws Exception {
+	public void getWhenUsingDefaultsWithBearerTokenBeforeNotBeforeThenInvalidToken() throws Exception {
 
 		this.spring.register(RestOperationsConfig.class, DefaultConfig.class).autowire();
 		this.mockRestOperations(jwks("Default"));
 		String token = this.token("TooEarly");
 
-		this.mvc.perform(get("/").with(bearerToken(token)))
-				.andExpect(status().isUnauthorized())
+		this.mvc.perform(get("/").with(bearerToken(token))).andExpect(status().isUnauthorized())
 				.andExpect(invalidTokenHeader("An error occurred while attempting to decode the Jwt"));
 	}
 
 	@Test
-	public void getWhenUsingDefaultsWithBearerTokenInTwoPlacesThenInvalidRequest()
-			throws Exception {
+	public void getWhenUsingDefaultsWithBearerTokenInTwoPlacesThenInvalidRequest() throws Exception {
 
 		this.spring.register(JwkSetUriConfig.class).autowire();
 
-		this.mvc.perform(get("/")
-						.with(bearerToken("token"))
-						.with(bearerToken("token").asParam()))
+		this.mvc.perform(get("/").with(bearerToken("token")).with(bearerToken("token").asParam()))
 				.andExpect(status().isBadRequest())
 				.andExpect(invalidRequestHeader("Found multiple bearer tokens in the request"));
 	}
 
 	@Test
-	public void getWhenUsingDefaultsWithBearerTokenInTwoParametersThenInvalidRequest()
-			throws Exception {
+	public void getWhenUsingDefaultsWithBearerTokenInTwoParametersThenInvalidRequest() throws Exception {
 
 		this.spring.register(JwkSetUriConfig.class).autowire();
 
@@ -346,33 +331,26 @@ public class OAuth2ResourceServerConfigurerTests {
 		params.add("access_token", "token1");
 		params.add("access_token", "token2");
 
-		this.mvc.perform(get("/")
-				.params(params))
-				.andExpect(status().isBadRequest())
+		this.mvc.perform(get("/").params(params)).andExpect(status().isBadRequest())
 				.andExpect(invalidRequestHeader("Found multiple bearer tokens in the request"));
 	}
 
 	@Test
-	public void postWhenUsingDefaultsWithBearerTokenAsFormParameterThenIgnoresToken()
-			throws Exception {
+	public void postWhenUsingDefaultsWithBearerTokenAsFormParameterThenIgnoresToken() throws Exception {
 
 		this.spring.register(JwkSetUriConfig.class).autowire();
 
 		this.mvc.perform(post("/") // engage csrf
-				.with(bearerToken("token").asParam()))
-				.andExpect(status().isForbidden())
+				.with(bearerToken("token").asParam())).andExpect(status().isForbidden())
 				.andExpect(header().doesNotExist(HttpHeaders.WWW_AUTHENTICATE));
 	}
 
 	@Test
-	public void postWhenCsrfDisabledWithBearerTokenAsFormParameterThenIgnoresToken()
-			throws Exception {
+	public void postWhenCsrfDisabledWithBearerTokenAsFormParameterThenIgnoresToken() throws Exception {
 
 		this.spring.register(CsrfDisabledConfig.class).autowire();
 
-		this.mvc.perform(post("/")
-				.with(bearerToken("token").asParam()))
-				.andExpect(status().isUnauthorized())
+		this.mvc.perform(post("/").with(bearerToken("token").asParam())).andExpect(status().isUnauthorized())
 				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, "Bearer"));
 	}
 
@@ -383,279 +361,220 @@ public class OAuth2ResourceServerConfigurerTests {
 		mockRestOperations(jwks("Default"));
 		String token = token("ValidNoScopes");
 
-		this.mvc.perform(get("/authenticated")
-				.with(bearerToken(token)))
-				.andExpect(status().isNotFound());
+		this.mvc.perform(get("/authenticated").with(bearerToken(token))).andExpect(status().isNotFound());
 	}
 
 	@Test
-	public void getWhenUsingDefaultsWithNoBearerTokenThenUnauthorized()
-			throws Exception {
+	public void getWhenUsingDefaultsWithNoBearerTokenThenUnauthorized() throws Exception {
 
 		this.spring.register(JwkSetUriConfig.class).autowire();
 
-		this.mvc.perform(get("/"))
-				.andExpect(status().isUnauthorized())
+		this.mvc.perform(get("/")).andExpect(status().isUnauthorized())
 				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, "Bearer"));
 	}
 
 	@Test
-	public void getWhenUsingDefaultsWithSufficientlyScopedBearerTokenThenAcceptsRequest()
-			throws Exception {
+	public void getWhenUsingDefaultsWithSufficientlyScopedBearerTokenThenAcceptsRequest() throws Exception {
 
 		this.spring.register(RestOperationsConfig.class, DefaultConfig.class, BasicController.class).autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("ValidMessageReadScope");
 
-		this.mvc.perform(get("/requires-read-scope")
-				.with(bearerToken(token)))
-				.andExpect(status().isOk())
+		this.mvc.perform(get("/requires-read-scope").with(bearerToken(token))).andExpect(status().isOk())
 				.andExpect(content().string("[SCOPE_message:read]"));
 	}
 
 	@Test
-	public void getWhenUsingDefaultsWithInsufficientScopeThenInsufficientScopeError()
-			throws Exception {
+	public void getWhenUsingDefaultsWithInsufficientScopeThenInsufficientScopeError() throws Exception {
 
 		this.spring.register(RestOperationsConfig.class, DefaultConfig.class, BasicController.class).autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("ValidNoScopes");
 
-		this.mvc.perform(get("/requires-read-scope")
-				.with(bearerToken(token)))
-				.andExpect(status().isForbidden())
+		this.mvc.perform(get("/requires-read-scope").with(bearerToken(token))).andExpect(status().isForbidden())
 				.andExpect(insufficientScopeHeader());
 	}
 
 	@Test
-	public void getWhenUsingDefaultsWithInsufficientScpThenInsufficientScopeError()
-			throws Exception {
+	public void getWhenUsingDefaultsWithInsufficientScpThenInsufficientScopeError() throws Exception {
 
 		this.spring.register(RestOperationsConfig.class, DefaultConfig.class, BasicController.class).autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("ValidMessageWriteScp");
 
-		this.mvc.perform(get("/requires-read-scope")
-				.with(bearerToken(token)))
-				.andExpect(status().isForbidden())
+		this.mvc.perform(get("/requires-read-scope").with(bearerToken(token))).andExpect(status().isForbidden())
 				.andExpect(insufficientScopeHeader());
 	}
 
 	@Test
-	public void getWhenUsingDefaultsAndAuthorizationServerHasNoMatchingKeyThenInvalidToken()
-			throws Exception {
+	public void getWhenUsingDefaultsAndAuthorizationServerHasNoMatchingKeyThenInvalidToken() throws Exception {
 
 		this.spring.register(RestOperationsConfig.class, DefaultConfig.class).autowire();
 		mockRestOperations(jwks("Empty"));
 		String token = this.token("ValidNoScopes");
 
-		this.mvc.perform(get("/")
-				.with(bearerToken(token)))
-				.andExpect(status().isUnauthorized())
+		this.mvc.perform(get("/").with(bearerToken(token))).andExpect(status().isUnauthorized())
 				.andExpect(invalidTokenHeader("An error occurred while attempting to decode the Jwt"));
 	}
 
 	@Test
-	public void getWhenUsingDefaultsAndAuthorizationServerHasMultipleMatchingKeysThenOk()
-			throws Exception {
+	public void getWhenUsingDefaultsAndAuthorizationServerHasMultipleMatchingKeysThenOk() throws Exception {
 
 		this.spring.register(RestOperationsConfig.class, DefaultConfig.class, BasicController.class).autowire();
 		mockRestOperations(jwks("TwoKeys"));
 		String token = this.token("ValidNoScopes");
 
-		this.mvc.perform(get("/authenticated")
-				.with(bearerToken(token)))
-				.andExpect(status().isOk())
+		this.mvc.perform(get("/authenticated").with(bearerToken(token))).andExpect(status().isOk())
 				.andExpect(content().string("test-subject"));
 	}
 
 	@Test
-	public void getWhenUsingDefaultsAndKeyMatchesByKidThenOk()
-			throws Exception {
+	public void getWhenUsingDefaultsAndKeyMatchesByKidThenOk() throws Exception {
 
 		this.spring.register(RestOperationsConfig.class, DefaultConfig.class, BasicController.class).autowire();
 		mockRestOperations(jwks("TwoKeys"));
 		String token = this.token("Kid");
 
-		this.mvc.perform(get("/authenticated")
-				.with(bearerToken(token)))
-				.andExpect(status().isOk())
+		this.mvc.perform(get("/authenticated").with(bearerToken(token))).andExpect(status().isOk())
 				.andExpect(content().string("test-subject"));
 	}
 
 	// -- Method Security
 
 	@Test
-	public void getWhenUsingMethodSecurityWithValidBearerTokenThenAcceptsRequest()
-			throws Exception {
+	public void getWhenUsingMethodSecurityWithValidBearerTokenThenAcceptsRequest() throws Exception {
 
 		this.spring.register(RestOperationsConfig.class, MethodSecurityConfig.class, BasicController.class).autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("ValidMessageReadScope");
 
-		this.mvc.perform(get("/ms-requires-read-scope")
-				.with(bearerToken(token)))
-				.andExpect(status().isOk())
+		this.mvc.perform(get("/ms-requires-read-scope").with(bearerToken(token))).andExpect(status().isOk())
 				.andExpect(content().string("[SCOPE_message:read]"));
 	}
 
 	@Test
-	public void getWhenUsingMethodSecurityWithValidBearerTokenHavingScpAttributeThenAcceptsRequest()
-			throws Exception {
+	public void getWhenUsingMethodSecurityWithValidBearerTokenHavingScpAttributeThenAcceptsRequest() throws Exception {
 
 		this.spring.register(RestOperationsConfig.class, MethodSecurityConfig.class, BasicController.class).autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("ValidMessageReadScp");
 
-		this.mvc.perform(get("/ms-requires-read-scope")
-				.with(bearerToken(token)))
-				.andExpect(status().isOk())
+		this.mvc.perform(get("/ms-requires-read-scope").with(bearerToken(token))).andExpect(status().isOk())
 				.andExpect(content().string("[SCOPE_message:read]"));
 	}
 
 	@Test
-	public void getWhenUsingMethodSecurityWithInsufficientScopeThenInsufficientScopeError()
-			throws Exception {
+	public void getWhenUsingMethodSecurityWithInsufficientScopeThenInsufficientScopeError() throws Exception {
 
 		this.spring.register(RestOperationsConfig.class, MethodSecurityConfig.class, BasicController.class).autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("ValidNoScopes");
 
-		this.mvc.perform(get("/ms-requires-read-scope")
-				.with(bearerToken(token)))
-				.andExpect(status().isForbidden())
+		this.mvc.perform(get("/ms-requires-read-scope").with(bearerToken(token))).andExpect(status().isForbidden())
 				.andExpect(insufficientScopeHeader());
 
 	}
 
 	@Test
-	public void getWhenUsingMethodSecurityWithInsufficientScpThenInsufficientScopeError()
-			throws Exception {
+	public void getWhenUsingMethodSecurityWithInsufficientScpThenInsufficientScopeError() throws Exception {
 
 		this.spring.register(RestOperationsConfig.class, MethodSecurityConfig.class, BasicController.class).autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("ValidMessageWriteScp");
 
-		this.mvc.perform(get("/ms-requires-read-scope")
-				.with(bearerToken(token)))
-				.andExpect(status().isForbidden())
+		this.mvc.perform(get("/ms-requires-read-scope").with(bearerToken(token))).andExpect(status().isForbidden())
 				.andExpect(insufficientScopeHeader());
 	}
 
 	@Test
-	public void getWhenUsingMethodSecurityWithDenyAllThenInsufficientScopeError()
-			throws Exception {
+	public void getWhenUsingMethodSecurityWithDenyAllThenInsufficientScopeError() throws Exception {
 
 		this.spring.register(RestOperationsConfig.class, MethodSecurityConfig.class, BasicController.class).autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("ValidMessageReadScope");
 
-		this.mvc.perform(get("/ms-deny")
-				.with(bearerToken(token)))
-				.andExpect(status().isForbidden())
+		this.mvc.perform(get("/ms-deny").with(bearerToken(token))).andExpect(status().isForbidden())
 				.andExpect(insufficientScopeHeader());
 	}
 
 	// -- Resource Server should not engage csrf
 
 	@Test
-	public void postWhenUsingDefaultsWithValidBearerTokenAndNoCsrfTokenThenOk()
-			throws Exception {
+	public void postWhenUsingDefaultsWithValidBearerTokenAndNoCsrfTokenThenOk() throws Exception {
 
 		this.spring.register(RestOperationsConfig.class, DefaultConfig.class, BasicController.class).autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("ValidNoScopes");
 
-		this.mvc.perform(post("/authenticated")
-				.with(bearerToken(token)))
-				.andExpect(status().isOk())
+		this.mvc.perform(post("/authenticated").with(bearerToken(token))).andExpect(status().isOk())
 				.andExpect(content().string("test-subject"));
 	}
 
 	@Test
-	public void postWhenUsingDefaultsWithNoBearerTokenThenCsrfDenies()
-			throws Exception {
+	public void postWhenUsingDefaultsWithNoBearerTokenThenCsrfDenies() throws Exception {
 
 		this.spring.register(JwkSetUriConfig.class).autowire();
 
-		this.mvc.perform(post("/authenticated"))
-				.andExpect(status().isForbidden())
+		this.mvc.perform(post("/authenticated")).andExpect(status().isForbidden())
 				.andExpect(header().doesNotExist(HttpHeaders.WWW_AUTHENTICATE));
 	}
 
 	@Test
-	public void postWhenUsingDefaultsWithExpiredBearerTokenAndNoCsrfThenInvalidToken()
-			throws Exception {
+	public void postWhenUsingDefaultsWithExpiredBearerTokenAndNoCsrfThenInvalidToken() throws Exception {
 
 		this.spring.register(RestOperationsConfig.class, DefaultConfig.class).autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("Expired");
 
-		this.mvc.perform(post("/authenticated")
-				.with(bearerToken(token)))
-				.andExpect(status().isUnauthorized())
+		this.mvc.perform(post("/authenticated").with(bearerToken(token))).andExpect(status().isUnauthorized())
 				.andExpect(invalidTokenHeader("An error occurred while attempting to decode the Jwt"));
 	}
 
 	// -- Resource Server should not create sessions
 
 	@Test
-	public void requestWhenDefaultConfiguredThenSessionIsNotCreated()
-			throws Exception {
+	public void requestWhenDefaultConfiguredThenSessionIsNotCreated() throws Exception {
 
 		this.spring.register(RestOperationsConfig.class, DefaultConfig.class, BasicController.class).autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("ValidNoScopes");
 
-		MvcResult result = this.mvc.perform(get("/")
-				.with(bearerToken(token)))
-				.andExpect(status().isOk())
-				.andReturn();
+		MvcResult result = this.mvc.perform(get("/").with(bearerToken(token))).andExpect(status().isOk()).andReturn();
 
 		assertThat(result.getRequest().getSession(false)).isNull();
 	}
 
 	@Test
-	public void requestWhenIntrospectionConfiguredThenSessionIsNotCreated()
-			throws Exception {
+	public void requestWhenIntrospectionConfiguredThenSessionIsNotCreated() throws Exception {
 
 		this.spring.register(RestOperationsConfig.class, OpaqueTokenConfig.class, BasicController.class).autowire();
 		mockRestOperations(json("Active"));
 
-		MvcResult result = this.mvc.perform(get("/authenticated")
-				.with(bearerToken("token")))
-				.andExpect(status().isOk())
-				.andExpect(content().string("test-subject"))
-				.andReturn();
+		MvcResult result = this.mvc.perform(get("/authenticated").with(bearerToken("token"))).andExpect(status().isOk())
+				.andExpect(content().string("test-subject")).andReturn();
 
 		assertThat(result.getRequest().getSession(false)).isNull();
 	}
 
 	@Test
-	public void requestWhenUsingDefaultsAndNoBearerTokenThenSessionIsCreated()
-			throws Exception {
+	public void requestWhenUsingDefaultsAndNoBearerTokenThenSessionIsCreated() throws Exception {
 
 		this.spring.register(JwkSetUriConfig.class, BasicController.class).autowire();
 
-		MvcResult result = this.mvc.perform(get("/"))
-				.andExpect(status().isUnauthorized())
-				.andReturn();
+		MvcResult result = this.mvc.perform(get("/")).andExpect(status().isUnauthorized()).andReturn();
 
 		assertThat(result.getRequest().getSession(false)).isNotNull();
 	}
 
 	@Test
-	public void requestWhenSessionManagementConfiguredThenUserConfigurationOverrides()
-			throws Exception {
+	public void requestWhenSessionManagementConfiguredThenUserConfigurationOverrides() throws Exception {
 
-		this.spring.register(RestOperationsConfig.class, AlwaysSessionCreationConfig.class, BasicController.class).autowire();
+		this.spring.register(RestOperationsConfig.class, AlwaysSessionCreationConfig.class, BasicController.class)
+				.autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("ValidNoScopes");
 
-		MvcResult result = this.mvc.perform(get("/")
-				.with(bearerToken(token)))
-				.andExpect(status().isOk())
-				.andReturn();
+		MvcResult result = this.mvc.perform(get("/").with(bearerToken(token))).andExpect(status().isOk()).andReturn();
 
 		assertThat(result.getRequest().getSession(false)).isNotNull();
 	}
@@ -666,20 +585,16 @@ public class OAuth2ResourceServerConfigurerTests {
 	public void requestWhenBearerTokenResolverAllowsRequestBodyThenEitherHeaderOrRequestBodyIsAccepted()
 			throws Exception {
 
-		this.spring.register(AllowBearerTokenInRequestBodyConfig.class, JwtDecoderConfig.class,
-				BasicController.class).autowire();
+		this.spring.register(AllowBearerTokenInRequestBodyConfig.class, JwtDecoderConfig.class, BasicController.class)
+				.autowire();
 
 		JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class);
 		when(decoder.decode(anyString())).thenReturn(JWT);
 
-		this.mvc.perform(get("/authenticated")
-				.with(bearerToken(JWT_TOKEN)))
-				.andExpect(status().isOk())
+		this.mvc.perform(get("/authenticated").with(bearerToken(JWT_TOKEN))).andExpect(status().isOk())
 				.andExpect(content().string(JWT_SUBJECT));
 
-		this.mvc.perform(post("/authenticated")
-				.param("access_token", JWT_TOKEN))
-				.andExpect(status().isOk())
+		this.mvc.perform(post("/authenticated").param("access_token", JWT_TOKEN)).andExpect(status().isOk())
 				.andExpect(content().string(JWT_SUBJECT));
 	}
 
@@ -687,20 +602,17 @@ public class OAuth2ResourceServerConfigurerTests {
 	public void requestWhenBearerTokenResolverAllowsQueryParameterThenEitherHeaderOrQueryParameterIsAccepted()
 			throws Exception {
 
-		this.spring.register(AllowBearerTokenAsQueryParameterConfig.class, JwtDecoderConfig.class,
-				BasicController.class).autowire();
+		this.spring
+				.register(AllowBearerTokenAsQueryParameterConfig.class, JwtDecoderConfig.class, BasicController.class)
+				.autowire();
 
 		JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class);
 		when(decoder.decode(anyString())).thenReturn(JWT);
 
-		this.mvc.perform(get("/authenticated")
-				.with(bearerToken(JWT_TOKEN)))
-				.andExpect(status().isOk())
+		this.mvc.perform(get("/authenticated").with(bearerToken(JWT_TOKEN))).andExpect(status().isOk())
 				.andExpect(content().string(JWT_SUBJECT));
 
-		this.mvc.perform(get("/authenticated")
-				.param("access_token", JWT_TOKEN))
-				.andExpect(status().isOk())
+		this.mvc.perform(get("/authenticated").param("access_token", JWT_TOKEN)).andExpect(status().isOk())
 				.andExpect(content().string(JWT_SUBJECT));
 	}
 
@@ -708,16 +620,14 @@ public class OAuth2ResourceServerConfigurerTests {
 	public void requestWhenBearerTokenResolverAllowsRequestBodyAndRequestContainsTwoTokensThenInvalidRequest()
 			throws Exception {
 
-		this.spring.register(AllowBearerTokenInRequestBodyConfig.class, JwtDecoderConfig.class,
-				BasicController.class).autowire();
+		this.spring.register(AllowBearerTokenInRequestBodyConfig.class, JwtDecoderConfig.class, BasicController.class)
+				.autowire();
 
 		JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class);
 		when(decoder.decode(anyString())).thenReturn(JWT);
 
-		this.mvc.perform(post("/authenticated")
-				.param("access_token", JWT_TOKEN)
-				.with(bearerToken(JWT_TOKEN))
-				.with(csrf()))
+		this.mvc.perform(
+				post("/authenticated").param("access_token", JWT_TOKEN).with(bearerToken(JWT_TOKEN)).with(csrf()))
 				.andExpect(status().isBadRequest())
 				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, containsString("invalid_request")));
 	}
@@ -726,15 +636,14 @@ public class OAuth2ResourceServerConfigurerTests {
 	public void requestWhenBearerTokenResolverAllowsQueryParameterAndRequestContainsTwoTokensThenInvalidRequest()
 			throws Exception {
 
-		this.spring.register(AllowBearerTokenAsQueryParameterConfig.class, JwtDecoderConfig.class,
-				BasicController.class).autowire();
+		this.spring
+				.register(AllowBearerTokenAsQueryParameterConfig.class, JwtDecoderConfig.class, BasicController.class)
+				.autowire();
 
 		JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class);
 		when(decoder.decode(anyString())).thenReturn(JWT);
 
-		this.mvc.perform(get("/authenticated")
-				.with(bearerToken(JWT_TOKEN))
-				.param("access_token", JWT_TOKEN))
+		this.mvc.perform(get("/authenticated").with(bearerToken(JWT_TOKEN)).param("access_token", JWT_TOKEN))
 				.andExpect(status().isBadRequest())
 				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, containsString("invalid_request")));
 	}
@@ -758,10 +667,9 @@ public class OAuth2ResourceServerConfigurerTests {
 
 	@Test
 	public void getBearerTokenResolverWhenDuplicateResolverBeansThenWiringException() {
-		assertThatCode(() -> this.spring
-				.register(MultipleBearerTokenResolverBeansConfig.class, JwtDecoderConfig.class).autowire())
-				.isInstanceOf(BeanCreationException.class)
-				.hasRootCauseInstanceOf(NoUniqueBeanDefinitionException.class);
+		assertThatCode(() -> this.spring.register(MultipleBearerTokenResolverBeansConfig.class, JwtDecoderConfig.class)
+				.autowire()).isInstanceOf(BeanCreationException.class)
+						.hasRootCauseInstanceOf(NoUniqueBeanDefinitionException.class);
 	}
 
 	@Test
@@ -781,8 +689,7 @@ public class OAuth2ResourceServerConfigurerTests {
 
 	@Test
 	public void getBearerTokenResolverWhenNoResolverSpecifiedThenTheDefaultIsUsed() {
-		ApplicationContext context =
-				this.spring.context(new GenericWebApplicationContext()).getContext();
+		ApplicationContext context = this.spring.context(new GenericWebApplicationContext()).getContext();
 
 		OAuth2ResourceServerConfigurer oauth2 = new OAuth2ResourceServerConfigurer(context);
 
@@ -792,8 +699,7 @@ public class OAuth2ResourceServerConfigurerTests {
 	// -- custom jwt decoder
 
 	@Test
-	public void requestWhenCustomJwtDecoderWiredOnDslThenUsed()
-			throws Exception {
+	public void requestWhenCustomJwtDecoderWiredOnDslThenUsed() throws Exception {
 
 		this.spring.register(CustomJwtDecoderOnDsl.class, BasicController.class).autowire();
 
@@ -802,15 +708,12 @@ public class OAuth2ResourceServerConfigurerTests {
 
 		when(decoder.decode(anyString())).thenReturn(JWT);
 
-		this.mvc.perform(get("/authenticated")
-				.with(bearerToken(JWT_TOKEN)))
-				.andExpect(status().isOk())
+		this.mvc.perform(get("/authenticated").with(bearerToken(JWT_TOKEN))).andExpect(status().isOk())
 				.andExpect(content().string(JWT_SUBJECT));
 	}
 
 	@Test
-	public void requestWhenCustomJwtDecoderInLambdaOnDslThenUsed()
-			throws Exception {
+	public void requestWhenCustomJwtDecoderInLambdaOnDslThenUsed() throws Exception {
 
 		this.spring.register(CustomJwtDecoderInLambdaOnDsl.class, BasicController.class).autowire();
 
@@ -819,15 +722,12 @@ public class OAuth2ResourceServerConfigurerTests {
 
 		when(decoder.decode(anyString())).thenReturn(JWT);
 
-		this.mvc.perform(get("/authenticated")
-				.with(bearerToken(JWT_TOKEN)))
-				.andExpect(status().isOk())
+		this.mvc.perform(get("/authenticated").with(bearerToken(JWT_TOKEN))).andExpect(status().isOk())
 				.andExpect(content().string(JWT_SUBJECT));
 	}
 
 	@Test
-	public void requestWhenCustomJwtDecoderExposedAsBeanThenUsed()
-			throws Exception {
+	public void requestWhenCustomJwtDecoderExposedAsBeanThenUsed() throws Exception {
 
 		this.spring.register(CustomJwtDecoderAsBean.class, BasicController.class).autowire();
 
@@ -835,9 +735,7 @@ public class OAuth2ResourceServerConfigurerTests {
 
 		when(decoder.decode(anyString())).thenReturn(JWT);
 
-		this.mvc.perform(get("/authenticated")
-				.with(bearerToken(JWT_TOKEN)))
-				.andExpect(status().isOk())
+		this.mvc.perform(get("/authenticated").with(bearerToken(JWT_TOKEN))).andExpect(status().isOk())
 				.andExpect(content().string(JWT_SUBJECT));
 	}
 
@@ -845,8 +743,7 @@ public class OAuth2ResourceServerConfigurerTests {
 	public void getJwtDecoderWhenConfiguredWithDecoderAndJwkSetUriThenLastOneWins() {
 		ApplicationContext context = mock(ApplicationContext.class);
 
-		OAuth2ResourceServerConfigurer.JwtConfigurer jwtConfigurer =
-				new OAuth2ResourceServerConfigurer(context).jwt();
+		OAuth2ResourceServerConfigurer.JwtConfigurer jwtConfigurer = new OAuth2ResourceServerConfigurer(context).jwt();
 
 		JwtDecoder decoder = mock(JwtDecoder.class);
 
@@ -855,8 +752,7 @@ public class OAuth2ResourceServerConfigurerTests {
 
 		assertThat(jwtConfigurer.getJwtDecoder()).isEqualTo(decoder);
 
-		jwtConfigurer =
-				new OAuth2ResourceServerConfigurer(context).jwt();
+		jwtConfigurer = new OAuth2ResourceServerConfigurer(context).jwt();
 
 		jwtConfigurer.decoder(decoder);
 		jwtConfigurer.jwkSetUri(JWK_SET_URI);
@@ -874,8 +770,7 @@ public class OAuth2ResourceServerConfigurerTests {
 		ApplicationContext context = mock(ApplicationContext.class);
 		when(context.getBean(JwtDecoder.class)).thenReturn(decoderBean);
 
-		OAuth2ResourceServerConfigurer.JwtConfigurer jwtConfigurer =
-				new OAuth2ResourceServerConfigurer(context).jwt();
+		OAuth2ResourceServerConfigurer.JwtConfigurer jwtConfigurer = new OAuth2ResourceServerConfigurer(context).jwt();
 		jwtConfigurer.decoder(decoder);
 
 		assertThat(jwtConfigurer.getJwtDecoder()).isEqualTo(decoder);
@@ -888,8 +783,7 @@ public class OAuth2ResourceServerConfigurerTests {
 		ApplicationContext context = mock(ApplicationContext.class);
 		when(context.getBean(JwtDecoder.class)).thenReturn(decoder);
 
-		OAuth2ResourceServerConfigurer.JwtConfigurer jwtConfigurer =
-				new OAuth2ResourceServerConfigurer(context).jwt();
+		OAuth2ResourceServerConfigurer.JwtConfigurer jwtConfigurer = new OAuth2ResourceServerConfigurer(context).jwt();
 
 		jwtConfigurer.jwkSetUri(JWK_SET_URI);
 
@@ -908,8 +802,7 @@ public class OAuth2ResourceServerConfigurerTests {
 		context.registerBean("decoderTwo", JwtDecoder.class, () -> decoderBean);
 		this.spring.context(context).autowire();
 
-		OAuth2ResourceServerConfigurer.JwtConfigurer jwtConfigurer =
-				new OAuth2ResourceServerConfigurer(context).jwt();
+		OAuth2ResourceServerConfigurer.JwtConfigurer jwtConfigurer = new OAuth2ResourceServerConfigurer(context).jwt();
 		jwtConfigurer.decoder(decoder);
 
 		assertThat(jwtConfigurer.getJwtDecoder()).isEqualTo(decoder);
@@ -925,41 +818,34 @@ public class OAuth2ResourceServerConfigurerTests {
 
 		this.spring.context(context).autowire();
 
-		OAuth2ResourceServerConfigurer.JwtConfigurer jwtConfigurer =
-				new OAuth2ResourceServerConfigurer(context).jwt();
+		OAuth2ResourceServerConfigurer.JwtConfigurer jwtConfigurer = new OAuth2ResourceServerConfigurer(context).jwt();
 
-		assertThatCode(() -> jwtConfigurer.getJwtDecoder())
-				.isInstanceOf(NoUniqueBeanDefinitionException.class);
+		assertThatCode(() -> jwtConfigurer.getJwtDecoder()).isInstanceOf(NoUniqueBeanDefinitionException.class);
 	}
 
 	// -- exception handling
 
 	@Test
-	public void requestWhenRealmNameConfiguredThenUsesOnUnauthenticated()
-			throws Exception {
+	public void requestWhenRealmNameConfiguredThenUsesOnUnauthenticated() throws Exception {
 
 		this.spring.register(RealmNameConfiguredOnEntryPoint.class, JwtDecoderConfig.class).autowire();
 
 		JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class);
 		when(decoder.decode(anyString())).thenThrow(JwtException.class);
 
-		this.mvc.perform(get("/authenticated")
-				.with(bearerToken("invalid_token")))
-				.andExpect(status().isUnauthorized())
+		this.mvc.perform(get("/authenticated").with(bearerToken("invalid_token"))).andExpect(status().isUnauthorized())
 				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer realm=\"myRealm\"")));
 	}
 
 	@Test
-	public void requestWhenRealmNameConfiguredThenUsesOnAccessDenied()
-			throws Exception {
+	public void requestWhenRealmNameConfiguredThenUsesOnAccessDenied() throws Exception {
 
 		this.spring.register(RealmNameConfiguredOnAccessDeniedHandler.class, JwtDecoderConfig.class).autowire();
 
 		JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class);
 		when(decoder.decode(anyString())).thenReturn(JWT);
 
-		this.mvc.perform(get("/authenticated")
-				.with(bearerToken("insufficiently_scoped")))
+		this.mvc.perform(get("/authenticated").with(bearerToken("insufficiently_scoped")))
 				.andExpect(status().isForbidden())
 				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer realm=\"myRealm\"")));
 	}
@@ -968,89 +854,75 @@ public class OAuth2ResourceServerConfigurerTests {
 	public void authenticationEntryPointWhenGivenNullThenThrowsException() {
 		ApplicationContext context = mock(ApplicationContext.class);
 		OAuth2ResourceServerConfigurer configurer = new OAuth2ResourceServerConfigurer(context);
-		assertThatCode(() -> configurer.authenticationEntryPoint(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatCode(() -> configurer.authenticationEntryPoint(null)).isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
 	public void accessDeniedHandlerWhenGivenNullThenThrowsException() {
 		ApplicationContext context = mock(ApplicationContext.class);
 		OAuth2ResourceServerConfigurer configurer = new OAuth2ResourceServerConfigurer(context);
-		assertThatCode(() -> configurer.accessDeniedHandler(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatCode(() -> configurer.accessDeniedHandler(null)).isInstanceOf(IllegalArgumentException.class);
 	}
 
 	// -- token validator
 
 	@Test
-	public void requestWhenCustomJwtValidatorFailsThenCorrespondingErrorMessage()
-		throws Exception {
+	public void requestWhenCustomJwtValidatorFailsThenCorrespondingErrorMessage() throws Exception {
 
 		this.spring.register(RestOperationsConfig.class, CustomJwtValidatorConfig.class).autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("ValidNoScopes");
 
-		OAuth2TokenValidator<Jwt> jwtValidator =
-				this.spring.getContext().getBean(CustomJwtValidatorConfig.class)
-						.getJwtValidator();
+		OAuth2TokenValidator<Jwt> jwtValidator = this.spring.getContext().getBean(CustomJwtValidatorConfig.class)
+				.getJwtValidator();
 
 		OAuth2Error error = new OAuth2Error("custom-error", "custom-description", "custom-uri");
 
 		when(jwtValidator.validate(any(Jwt.class))).thenReturn(OAuth2TokenValidatorResult.failure(error));
 
-		this.mvc.perform(get("/")
-				.with(bearerToken(token)))
-				.andExpect(status().isUnauthorized())
+		this.mvc.perform(get("/").with(bearerToken(token))).andExpect(status().isUnauthorized())
 				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, containsString("custom-description")));
 	}
 
 	@Test
-	public void requestWhenClockSkewSetThenTimestampWindowRelaxedAccordingly()
-		throws Exception {
+	public void requestWhenClockSkewSetThenTimestampWindowRelaxedAccordingly() throws Exception {
 
-		this.spring.register(RestOperationsConfig.class, UnexpiredJwtClockSkewConfig.class, BasicController.class).autowire();
+		this.spring.register(RestOperationsConfig.class, UnexpiredJwtClockSkewConfig.class, BasicController.class)
+				.autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("ExpiresAt4687177990");
 
-		this.mvc.perform(get("/")
-				.with(bearerToken(token)))
-				.andExpect(status().isOk());
+		this.mvc.perform(get("/").with(bearerToken(token))).andExpect(status().isOk());
 	}
 
 	@Test
-	public void requestWhenClockSkewSetButJwtStillTooLateThenReportsExpired()
-			throws Exception {
+	public void requestWhenClockSkewSetButJwtStillTooLateThenReportsExpired() throws Exception {
 
-		this.spring.register(RestOperationsConfig.class, ExpiredJwtClockSkewConfig.class, BasicController.class).autowire();
+		this.spring.register(RestOperationsConfig.class, ExpiredJwtClockSkewConfig.class, BasicController.class)
+				.autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("ExpiresAt4687177990");
 
-		this.mvc.perform(get("/")
-				.with(bearerToken(token)))
-				.andExpect(status().isUnauthorized())
+		this.mvc.perform(get("/").with(bearerToken(token))).andExpect(status().isUnauthorized())
 				.andExpect(invalidTokenHeader("Jwt expired at"));
 	}
 
 	// -- converter
 
 	@Test
-	public void requestWhenJwtAuthenticationConverterConfiguredOnDslThenIsUsed()
-			throws Exception {
+	public void requestWhenJwtAuthenticationConverterConfiguredOnDslThenIsUsed() throws Exception {
 
 		this.spring.register(JwtDecoderConfig.class, JwtAuthenticationConverterConfiguredOnDsl.class,
 				BasicController.class).autowire();
 
-		Converter<Jwt, JwtAuthenticationToken> jwtAuthenticationConverter =
-				this.spring.getContext().getBean(JwtAuthenticationConverterConfiguredOnDsl.class)
-						.getJwtAuthenticationConverter();
+		Converter<Jwt, JwtAuthenticationToken> jwtAuthenticationConverter = this.spring.getContext()
+				.getBean(JwtAuthenticationConverterConfiguredOnDsl.class).getJwtAuthenticationConverter();
 		when(jwtAuthenticationConverter.convert(JWT)).thenReturn(JWT_AUTHENTICATION_TOKEN);
 
 		JwtDecoder jwtDecoder = this.spring.getContext().getBean(JwtDecoder.class);
 		when(jwtDecoder.decode(anyString())).thenReturn(JWT);
 
-		this.mvc.perform(get("/")
-				.with(bearerToken(JWT_TOKEN)))
-				.andExpect(status().isOk());
+		this.mvc.perform(get("/").with(bearerToken(JWT_TOKEN))).andExpect(status().isOk());
 
 		verify(jwtAuthenticationConverter).convert(JWT);
 	}
@@ -1065,63 +937,49 @@ public class OAuth2ResourceServerConfigurerTests {
 		JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class);
 		when(decoder.decode(JWT_TOKEN)).thenReturn(JWT);
 
-		this.mvc.perform(get("/requires-read-scope")
-				.with(bearerToken(JWT_TOKEN)))
-				.andExpect(status().isOk());
+		this.mvc.perform(get("/requires-read-scope").with(bearerToken(JWT_TOKEN))).andExpect(status().isOk());
 	}
 
 	// -- single key
 
 	@Test
-	public void requestWhenUsingPublicKeyAndValidTokenThenAuthenticates()
-			throws Exception {
+	public void requestWhenUsingPublicKeyAndValidTokenThenAuthenticates() throws Exception {
 
 		this.spring.register(SingleKeyConfig.class, BasicController.class).autowire();
 		String token = this.token("ValidNoScopes");
 
-		this.mvc.perform(get("/")
-				.with(bearerToken(token)))
-				.andExpect(status().isOk());
+		this.mvc.perform(get("/").with(bearerToken(token))).andExpect(status().isOk());
 	}
 
 	@Test
-	public void requestWhenUsingPublicKeyAndSignatureFailsThenReturnsInvalidToken()
-			throws Exception {
+	public void requestWhenUsingPublicKeyAndSignatureFailsThenReturnsInvalidToken() throws Exception {
 
 		this.spring.register(SingleKeyConfig.class).autowire();
 		String token = this.token("WrongSignature");
 
-		this.mvc.perform(get("/")
-				.with(bearerToken(token)))
-				.andExpect(invalidTokenHeader("signature"));
+		this.mvc.perform(get("/").with(bearerToken(token))).andExpect(invalidTokenHeader("signature"));
 	}
 
 	@Test
-	public void requestWhenUsingPublicKeyAlgorithmDoesNotMatchThenReturnsInvalidToken()
-			throws Exception {
+	public void requestWhenUsingPublicKeyAlgorithmDoesNotMatchThenReturnsInvalidToken() throws Exception {
 
 		this.spring.register(SingleKeyConfig.class).autowire();
 		String token = this.token("WrongAlgorithm");
 
-		this.mvc.perform(get("/")
-				.with(bearerToken(token)))
-				.andExpect(invalidTokenHeader("algorithm"));
+		this.mvc.perform(get("/").with(bearerToken(token))).andExpect(invalidTokenHeader("algorithm"));
 	}
 
 	// gh-7793
 	@Test
-	public void requestWhenUsingCustomAuthenticationEventPublisherThenUses() throws Exception{
+	public void requestWhenUsingCustomAuthenticationEventPublisherThenUses() throws Exception {
 		this.spring.register(CustomAuthenticationEventPublisher.class).autowire();
 
-		when(bean(JwtDecoder.class).decode(anyString()))
-				.thenThrow(new BadJwtException("problem"));
+		when(bean(JwtDecoder.class).decode(anyString())).thenThrow(new BadJwtException("problem"));
 
 		this.mvc.perform(get("/").with(bearerToken("token")));
 
 		verifyBean(AuthenticationEventPublisher.class)
-				.publishAuthenticationFailure(
-						any(OAuth2AuthenticationException.class),
-						any(Authentication.class));
+				.publishAuthenticationFailure(any(OAuth2AuthenticationException.class), any(Authentication.class));
 	}
 
 	@Test
@@ -1130,9 +988,7 @@ public class OAuth2ResourceServerConfigurerTests {
 
 		when(bean(AuthenticationProvider.class).authenticate(any(Authentication.class)))
 				.thenReturn(JWT_AUTHENTICATION_TOKEN);
-		this.mvc.perform(get("/authenticated")
-				.with(bearerToken("token")))
-				.andExpect(status().isOk())
+		this.mvc.perform(get("/authenticated").with(bearerToken("token"))).andExpect(status().isOk())
 				.andExpect(content().string("mock-test-subject"));
 
 		verifyBean(AuthenticationProvider.class).authenticate(any(Authentication.class));
@@ -1140,26 +996,22 @@ public class OAuth2ResourceServerConfigurerTests {
 
 	// -- opaque
 
-
 	@Test
 	public void getWhenIntrospectingThenOk() throws Exception {
 		this.spring.register(RestOperationsConfig.class, OpaqueTokenConfig.class, BasicController.class).autowire();
 		mockRestOperations(json("Active"));
 
-		this.mvc.perform(get("/authenticated")
-				.with(bearerToken("token")))
-				.andExpect(status().isOk())
+		this.mvc.perform(get("/authenticated").with(bearerToken("token"))).andExpect(status().isOk())
 				.andExpect(content().string("test-subject"));
 	}
 
 	@Test
 	public void getWhenOpaqueTokenInLambdaAndIntrospectingThenOk() throws Exception {
-		this.spring.register(RestOperationsConfig.class, OpaqueTokenInLambdaConfig.class, BasicController.class).autowire();
+		this.spring.register(RestOperationsConfig.class, OpaqueTokenInLambdaConfig.class, BasicController.class)
+				.autowire();
 		mockRestOperations(json("Active"));
 
-		this.mvc.perform(get("/authenticated")
-				.with(bearerToken("token")))
-				.andExpect(status().isOk())
+		this.mvc.perform(get("/authenticated").with(bearerToken("token"))).andExpect(status().isOk())
 				.andExpect(content().string("test-subject"));
 	}
 
@@ -1168,11 +1020,8 @@ public class OAuth2ResourceServerConfigurerTests {
 		this.spring.register(RestOperationsConfig.class, OpaqueTokenConfig.class).autowire();
 		mockRestOperations(json("Inactive"));
 
-		this.mvc.perform(get("/")
-				.with(bearerToken("token")))
-				.andExpect(status().isUnauthorized())
-				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE,
-						containsString("Provided token isn't active")));
+		this.mvc.perform(get("/").with(bearerToken("token"))).andExpect(status().isUnauthorized()).andExpect(
+				header().string(HttpHeaders.WWW_AUTHENTICATE, containsString("Provided token isn't active")));
 	}
 
 	@Test
@@ -1180,9 +1029,7 @@ public class OAuth2ResourceServerConfigurerTests {
 		this.spring.register(RestOperationsConfig.class, OpaqueTokenConfig.class).autowire();
 		mockRestOperations(json("ActiveNoScopes"));
 
-		this.mvc.perform(get("/requires-read-scope")
-				.with(bearerToken("token")))
-				.andExpect(status().isForbidden())
+		this.mvc.perform(get("/requires-read-scope").with(bearerToken("token"))).andExpect(status().isForbidden())
 				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, containsString("scope")));
 	}
 
@@ -1192,9 +1039,7 @@ public class OAuth2ResourceServerConfigurerTests {
 
 		when(bean(AuthenticationProvider.class).authenticate(any(Authentication.class)))
 				.thenReturn(INTROSPECTION_AUTHENTICATION_TOKEN);
-		this.mvc.perform(get("/authenticated")
-				.with(bearerToken("token")))
-				.andExpect(status().isOk())
+		this.mvc.perform(get("/authenticated").with(bearerToken("token"))).andExpect(status().isOk())
 				.andExpect(content().string("mock-test-subject"));
 
 		verifyBean(AuthenticationProvider.class).authenticate(any(Authentication.class));
@@ -1206,9 +1051,7 @@ public class OAuth2ResourceServerConfigurerTests {
 
 		when(bean(AuthenticationProvider.class).authenticate(any(Authentication.class)))
 				.thenReturn(INTROSPECTION_AUTHENTICATION_TOKEN);
-		this.mvc.perform(get("/authenticated")
-				.with(bearerToken("token")))
-				.andExpect(status().isOk())
+		this.mvc.perform(get("/authenticated").with(bearerToken("token"))).andExpect(status().isOk())
 				.andExpect(content().string("mock-test-subject"));
 
 		verifyBean(AuthenticationProvider.class).authenticate(any(Authentication.class));
@@ -1224,8 +1067,8 @@ public class OAuth2ResourceServerConfigurerTests {
 	public void getIntrospectionClientWhenConfiguredWithClientAndIntrospectionUriThenLastOneWins() {
 		ApplicationContext context = mock(ApplicationContext.class);
 
-		OAuth2ResourceServerConfigurer.OpaqueTokenConfigurer opaqueTokenConfigurer =
-				new OAuth2ResourceServerConfigurer(context).opaqueToken();
+		OAuth2ResourceServerConfigurer.OpaqueTokenConfigurer opaqueTokenConfigurer = new OAuth2ResourceServerConfigurer(
+				context).opaqueToken();
 
 		OpaqueTokenIntrospector client = mock(OpaqueTokenIntrospector.class);
 
@@ -1235,15 +1078,13 @@ public class OAuth2ResourceServerConfigurerTests {
 
 		assertThat(opaqueTokenConfigurer.getIntrospector()).isEqualTo(client);
 
-		opaqueTokenConfigurer =
-				new OAuth2ResourceServerConfigurer(context).opaqueToken();
+		opaqueTokenConfigurer = new OAuth2ResourceServerConfigurer(context).opaqueToken();
 
 		opaqueTokenConfigurer.introspector(client);
 		opaqueTokenConfigurer.introspectionUri(INTROSPECTION_URI);
 		opaqueTokenConfigurer.introspectionClientCredentials(CLIENT_ID, CLIENT_SECRET);
 
-		assertThat(opaqueTokenConfigurer.getIntrospector())
-				.isInstanceOf(NimbusOpaqueTokenIntrospector.class);
+		assertThat(opaqueTokenConfigurer.getIntrospector()).isInstanceOf(NimbusOpaqueTokenIntrospector.class);
 
 	}
 
@@ -1253,8 +1094,8 @@ public class OAuth2ResourceServerConfigurerTests {
 		registerMockBean(context, "introspectionClientOne", OpaqueTokenIntrospector.class);
 		registerMockBean(context, "introspectionClientTwo", OpaqueTokenIntrospector.class);
 
-		OAuth2ResourceServerConfigurer.OpaqueTokenConfigurer opaqueToken =
-				new OAuth2ResourceServerConfigurer(context).opaqueToken();
+		OAuth2ResourceServerConfigurer.OpaqueTokenConfigurer opaqueToken = new OAuth2ResourceServerConfigurer(context)
+				.opaqueToken();
 		opaqueToken.introspectionUri(INTROSPECTION_URI);
 		opaqueToken.introspectionClientCredentials(CLIENT_ID, CLIENT_SECRET);
 
@@ -1264,93 +1105,73 @@ public class OAuth2ResourceServerConfigurerTests {
 	// -- In combination with other authentication providers
 
 	@Test
-	public void requestWhenBasicAndResourceServerEntryPointsThenMatchedByRequest()
-			throws Exception {
+	public void requestWhenBasicAndResourceServerEntryPointsThenMatchedByRequest() throws Exception {
 
 		this.spring.register(BasicAndResourceServerConfig.class, JwtDecoderConfig.class).autowire();
 
 		JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class);
 		when(decoder.decode(anyString())).thenThrow(JwtException.class);
 
-		this.mvc.perform(get("/authenticated")
-				.with(httpBasic("some", "user")))
-				.andExpect(status().isUnauthorized())
+		this.mvc.perform(get("/authenticated").with(httpBasic("some", "user"))).andExpect(status().isUnauthorized())
 				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, startsWith("Basic")));
 
-		this.mvc.perform(get("/authenticated"))
-				.andExpect(status().isUnauthorized())
+		this.mvc.perform(get("/authenticated")).andExpect(status().isUnauthorized())
 				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, startsWith("Basic")));
 
-		this.mvc.perform(get("/authenticated")
-				.with(bearerToken("invalid_token")))
-				.andExpect(status().isUnauthorized())
+		this.mvc.perform(get("/authenticated").with(bearerToken("invalid_token"))).andExpect(status().isUnauthorized())
 				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer")));
 	}
 
 	@Test
-	public void requestWhenFormLoginAndResourceServerEntryPointsThenSessionCreatedByRequest()
-			throws Exception {
+	public void requestWhenFormLoginAndResourceServerEntryPointsThenSessionCreatedByRequest() throws Exception {
 
 		this.spring.register(FormAndResourceServerConfig.class, JwtDecoderConfig.class).autowire();
 
 		JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class);
 		when(decoder.decode(anyString())).thenThrow(JwtException.class);
 
-		MvcResult result =
-				this.mvc.perform(get("/authenticated"))
-						.andExpect(status().isFound())
-						.andExpect(redirectedUrl("http://localhost/login"))
-						.andReturn();
+		MvcResult result = this.mvc.perform(get("/authenticated")).andExpect(status().isFound())
+				.andExpect(redirectedUrl("http://localhost/login")).andReturn();
 
 		assertThat(result.getRequest().getSession(false)).isNotNull();
 
-		result =
-				this.mvc.perform(get("/authenticated")
-						.with(bearerToken("token")))
-						.andExpect(status().isUnauthorized())
-						.andReturn();
+		result = this.mvc.perform(get("/authenticated").with(bearerToken("token"))).andExpect(status().isUnauthorized())
+				.andReturn();
 
 		assertThat(result.getRequest().getSession(false)).isNull();
 	}
 
 	@Test
-	public void requestWhenDefaultAndResourceServerAccessDeniedHandlersThenMatchedByRequest()
-			throws Exception {
+	public void requestWhenDefaultAndResourceServerAccessDeniedHandlersThenMatchedByRequest() throws Exception {
 
-		this.spring.register(ExceptionHandlingAndResourceServerWithAccessDeniedHandlerConfig.class,
-				JwtDecoderConfig.class).autowire();
+		this.spring
+				.register(ExceptionHandlingAndResourceServerWithAccessDeniedHandlerConfig.class, JwtDecoderConfig.class)
+				.autowire();
 
 		JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class);
 		when(decoder.decode(anyString())).thenReturn(JWT);
 
-		this.mvc.perform(get("/authenticated")
-				.with(httpBasic("basic-user", "basic-password")))
-				.andExpect(status().isForbidden())
-				.andExpect(header().doesNotExist(HttpHeaders.WWW_AUTHENTICATE));
+		this.mvc.perform(get("/authenticated").with(httpBasic("basic-user", "basic-password")))
+				.andExpect(status().isForbidden()).andExpect(header().doesNotExist(HttpHeaders.WWW_AUTHENTICATE));
 
-		this.mvc.perform(get("/authenticated")
-				.with(bearerToken("insufficiently_scoped")))
+		this.mvc.perform(get("/authenticated").with(bearerToken("insufficiently_scoped")))
 				.andExpect(status().isForbidden())
 				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer")));
 	}
 
 	@Test
-	public void getWhenAlsoUsingHttpBasicThenCorrectProviderEngages()
-			throws Exception {
+	public void getWhenAlsoUsingHttpBasicThenCorrectProviderEngages() throws Exception {
 
-		this.spring.register(RestOperationsConfig.class, BasicAndResourceServerConfig.class, BasicController.class).autowire();
+		this.spring.register(RestOperationsConfig.class, BasicAndResourceServerConfig.class, BasicController.class)
+				.autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("ValidNoScopes");
 
-		this.mvc.perform(get("/authenticated")
-				.with(bearerToken(token)))
-				.andExpect(status().isOk())
+		this.mvc.perform(get("/authenticated").with(bearerToken(token))).andExpect(status().isOk())
 				.andExpect(content().string("test-subject"));
 
-		this.mvc.perform(get("/authenticated")
-				.with(httpBasic("basic-user", "basic-password")))
-				.andExpect(status().isOk())
-				.andExpect(content().string("basic-user"));
+		this.mvc.perform(get("/authenticated").with(httpBasic("basic-user", "basic-password")))
+				.andExpect(status().isOk()).andExpect(content().string("basic-user"));
 	}
 
 	// -- authentication manager
@@ -1362,16 +1183,11 @@ public class OAuth2ResourceServerConfigurerTests {
 
 		OAuth2ResourceServerConfigurer oauth2ResourceServer = new OAuth2ResourceServerConfigurer(context);
 		AuthenticationManager authenticationManager = mock(AuthenticationManager.class);
-		oauth2ResourceServer
-			.jwt()
-				.authenticationManager(authenticationManager)
-				.decoder(mock(JwtDecoder.class));
+		oauth2ResourceServer.jwt().authenticationManager(authenticationManager).decoder(mock(JwtDecoder.class));
 		assertThat(oauth2ResourceServer.getAuthenticationManager(http)).isSameAs(authenticationManager);
 
 		oauth2ResourceServer = new OAuth2ResourceServerConfigurer(context);
-		oauth2ResourceServer
-			.opaqueToken()
-				.authenticationManager(authenticationManager)
+		oauth2ResourceServer.opaqueToken().authenticationManager(authenticationManager)
 				.introspector(mock(OpaqueTokenIntrospector.class));
 		assertThat(oauth2ResourceServer.getAuthenticationManager(http)).isSameAs(authenticationManager);
 		verify(http, never()).authenticationProvider(any(AuthenticationProvider.class));
@@ -1384,9 +1200,7 @@ public class OAuth2ResourceServerConfigurerTests {
 		this.spring.register(WebServerConfig.class, MultipleIssuersConfig.class, BasicController.class).autowire();
 
 		MockWebServer server = this.spring.getContext().getBean(MockWebServer.class);
-		String metadata = "{\n"
-				+ "    \"issuer\": \"%s\", \n"
-				+ "    \"jwks_uri\": \"%s/.well-known/jwks.json\" \n"
+		String metadata = "{\n" + "    \"issuer\": \"%s\", \n" + "    \"jwks_uri\": \"%s/.well-known/jwks.json\" \n"
 				+ "}";
 		String jwkSet = jwkSet();
 		String issuerOne = server.url("/issuerOne").toString();
@@ -1399,25 +1213,19 @@ public class OAuth2ResourceServerConfigurerTests {
 		mockWebServer(String.format(metadata, issuerOne, issuerOne));
 		mockWebServer(jwkSet);
 
-		this.mvc.perform(get("/authenticated")
-				.with(bearerToken(jwtOne)))
-				.andExpect(status().isOk())
+		this.mvc.perform(get("/authenticated").with(bearerToken(jwtOne))).andExpect(status().isOk())
 				.andExpect(content().string("test-subject"));
 
 		mockWebServer(String.format(metadata, issuerTwo, issuerTwo));
 		mockWebServer(jwkSet);
 
-		this.mvc.perform(get("/authenticated")
-				.with(bearerToken(jwtTwo)))
-				.andExpect(status().isOk())
+		this.mvc.perform(get("/authenticated").with(bearerToken(jwtTwo))).andExpect(status().isOk())
 				.andExpect(content().string("test-subject"));
 
 		mockWebServer(String.format(metadata, issuerThree, issuerThree));
 		mockWebServer(jwkSet);
 
-		this.mvc.perform(get("/authenticated")
-				.with(bearerToken(jwtThree)))
-				.andExpect(status().isUnauthorized())
+		this.mvc.perform(get("/authenticated").with(bearerToken(jwtThree))).andExpect(status().isUnauthorized())
 				.andExpect(invalidTokenHeader("Invalid issuer"));
 	}
 
@@ -1427,16 +1235,14 @@ public class OAuth2ResourceServerConfigurerTests {
 	public void configuredWhenMissingJwtAuthenticationProviderThenWiringException() {
 
 		assertThatCode(() -> this.spring.register(JwtlessConfig.class).autowire())
-				.isInstanceOf(BeanCreationException.class)
-				.hasMessageContaining("neither was found");
+				.isInstanceOf(BeanCreationException.class).hasMessageContaining("neither was found");
 	}
 
 	@Test
 	public void configureWhenMissingJwkSetUriThenWiringException() {
 
 		assertThatCode(() -> this.spring.register(JwtHalfConfiguredConfig.class).autowire())
-				.isInstanceOf(BeanCreationException.class)
-				.hasMessageContaining("No qualifying bean of type");
+				.isInstanceOf(BeanCreationException.class).hasMessageContaining("No qualifying bean of type");
 	}
 
 	@Test
@@ -1449,17 +1255,14 @@ public class OAuth2ResourceServerConfigurerTests {
 	@Test
 	public void configureWhenUsingBothAuthenticationManagerResolverAndOpaqueThenWiringException() {
 		assertThatCode(() -> this.spring.register(AuthenticationManagerResolverPlusOtherConfig.class).autowire())
-				.isInstanceOf(BeanCreationException.class)
-				.hasMessageContaining("authenticationManagerResolver");
+				.isInstanceOf(BeanCreationException.class).hasMessageContaining("authenticationManagerResolver");
 	}
 
 	@Test
 	public void getJwtAuthenticationConverterWhenNoConverterSpecifiedThenTheDefaultIsUsed() {
-		ApplicationContext context =
-				this.spring.context(new GenericWebApplicationContext()).getContext();
+		ApplicationContext context = this.spring.context(new GenericWebApplicationContext()).getContext();
 
-		OAuth2ResourceServerConfigurer.JwtConfigurer jwtConfigurer =
-				new OAuth2ResourceServerConfigurer(context).jwt();
+		OAuth2ResourceServerConfigurer.JwtConfigurer jwtConfigurer = new OAuth2ResourceServerConfigurer(context).jwt();
 
 		assertThat(jwtConfigurer.getJwtAuthenticationConverter()).isInstanceOf(JwtAuthenticationConverter.class);
 	}
@@ -1472,8 +1275,7 @@ public class OAuth2ResourceServerConfigurerTests {
 		context.registerBean(JwtAuthenticationConverter.class, () -> converterBean);
 		this.spring.context(context).autowire();
 
-		OAuth2ResourceServerConfigurer.JwtConfigurer jwtConfigurer =
-				new OAuth2ResourceServerConfigurer(context).jwt();
+		OAuth2ResourceServerConfigurer.JwtConfigurer jwtConfigurer = new OAuth2ResourceServerConfigurer(context).jwt();
 
 		assertThat(jwtConfigurer.getJwtAuthenticationConverter()).isEqualTo(converterBean);
 	}
@@ -1487,8 +1289,7 @@ public class OAuth2ResourceServerConfigurerTests {
 		context.registerBean(JwtAuthenticationConverter.class, () -> converterBean);
 		this.spring.context(context).autowire();
 
-		OAuth2ResourceServerConfigurer.JwtConfigurer jwtConfigurer =
-				new OAuth2ResourceServerConfigurer(context).jwt();
+		OAuth2ResourceServerConfigurer.JwtConfigurer jwtConfigurer = new OAuth2ResourceServerConfigurer(context).jwt();
 		jwtConfigurer.jwtAuthenticationConverter(converter);
 
 		assertThat(jwtConfigurer.getJwtAuthenticationConverter()).isEqualTo(converter);
@@ -1504,8 +1305,7 @@ public class OAuth2ResourceServerConfigurerTests {
 		context.registerBean("converterTwo", JwtAuthenticationConverter.class, () -> converterBean);
 		this.spring.context(context).autowire();
 
-		OAuth2ResourceServerConfigurer.JwtConfigurer jwtConfigurer =
-				new OAuth2ResourceServerConfigurer(context).jwt();
+		OAuth2ResourceServerConfigurer.JwtConfigurer jwtConfigurer = new OAuth2ResourceServerConfigurer(context).jwt();
 		jwtConfigurer.jwtAuthenticationConverter(converter);
 
 		assertThat(jwtConfigurer.getJwtAuthenticationConverter()).isEqualTo(converter);
@@ -1520,8 +1320,7 @@ public class OAuth2ResourceServerConfigurerTests {
 		context.registerBean("converterTwo", JwtAuthenticationConverter.class, () -> converterBean);
 		this.spring.context(context).autowire();
 
-		OAuth2ResourceServerConfigurer.JwtConfigurer jwtConfigurer =
-				new OAuth2ResourceServerConfigurer(context).jwt();
+		OAuth2ResourceServerConfigurer.JwtConfigurer jwtConfigurer = new OAuth2ResourceServerConfigurer(context).jwt();
 
 		assertThatCode(jwtConfigurer::getJwtAuthenticationConverter)
 				.isInstanceOf(NoUniqueBeanDefinitionException.class);
@@ -1544,6 +1343,7 @@ public class OAuth2ResourceServerConfigurerTests {
 					.jwt();
 			// @formatter:on
 		}
+
 	}
 
 	@EnableWebSecurity
@@ -1564,10 +1364,12 @@ public class OAuth2ResourceServerConfigurerTests {
 				);
 			// @formatter:on
 		}
+
 	}
 
 	@EnableWebSecurity
 	static class JwkSetUriConfig extends WebSecurityConfigurerAdapter {
+
 		@Value("${mockwebserver.url:https://example.org}")
 		String jwkSetUri;
 
@@ -1584,10 +1386,12 @@ public class OAuth2ResourceServerConfigurerTests {
 						.jwkSetUri(this.jwkSetUri);
 			// @formatter:on
 		}
+
 	}
 
 	@EnableWebSecurity
 	static class JwkSetUriInLambdaConfig extends WebSecurityConfigurerAdapter {
+
 		@Value("${mockwebserver.url:https://example.org}")
 		String jwkSetUri;
 
@@ -1609,10 +1413,12 @@ public class OAuth2ResourceServerConfigurerTests {
 				);
 			// @formatter:on
 		}
+
 	}
 
 	@EnableWebSecurity
 	static class CsrfDisabledConfig extends WebSecurityConfigurerAdapter {
+
 		@Value("${mockwebserver.url:https://example.org}")
 		String jwkSetUri;
 
@@ -1630,10 +1436,12 @@ public class OAuth2ResourceServerConfigurerTests {
 						.jwkSetUri(this.jwkSetUri);
 			// @formatter:on
 		}
+
 	}
 
 	@EnableWebSecurity
 	static class AnonymousDisabledConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -1646,11 +1454,13 @@ public class OAuth2ResourceServerConfigurerTests {
 					.jwt();
 			// @formatter:on
 		}
+
 	}
 
 	@EnableWebSecurity
 	@EnableGlobalMethodSecurity(prePostEnabled = true)
 	static class MethodSecurityConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -1662,10 +1472,12 @@ public class OAuth2ResourceServerConfigurerTests {
 					.jwt();
 			// @formatter:on
 		}
+
 	}
 
 	@EnableWebSecurity
 	static class JwtlessConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -1676,10 +1488,12 @@ public class OAuth2ResourceServerConfigurerTests {
 				.oauth2ResourceServer();
 			// @formatter:on
 		}
+
 	}
 
 	@EnableWebSecurity
 	static class RealmNameConfiguredOnEntryPoint extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -1694,15 +1508,16 @@ public class OAuth2ResourceServerConfigurerTests {
 		}
 
 		AuthenticationEntryPoint authenticationEntryPoint() {
-			BearerTokenAuthenticationEntryPoint entryPoint =
-					new BearerTokenAuthenticationEntryPoint();
+			BearerTokenAuthenticationEntryPoint entryPoint = new BearerTokenAuthenticationEntryPoint();
 			entryPoint.setRealmName("myRealm");
 			return entryPoint;
 		}
+
 	}
 
 	@EnableWebSecurity
 	static class RealmNameConfiguredOnAccessDeniedHandler extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -1717,15 +1532,16 @@ public class OAuth2ResourceServerConfigurerTests {
 		}
 
 		AccessDeniedHandler accessDeniedHandler() {
-			BearerTokenAccessDeniedHandler accessDeniedHandler =
-					new BearerTokenAccessDeniedHandler();
+			BearerTokenAccessDeniedHandler accessDeniedHandler = new BearerTokenAccessDeniedHandler();
 			accessDeniedHandler.setRealmName("myRealm");
 			return accessDeniedHandler;
 		}
+
 	}
 
 	@EnableWebSecurity
 	static class ExceptionHandlingAndResourceServerWithAccessDeniedHandlerConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -1746,7 +1562,7 @@ public class OAuth2ResourceServerConfigurerTests {
 		@Bean
 		public UserDetailsService userDetailsService() {
 			return new InMemoryUserDetailsManager(
-					// @formatter:off
+			// @formatter:off
 					org.springframework.security.core.userdetails.User.withDefaultPasswordEncoder()
 							.username("basic-user")
 							.password("basic-password")
@@ -1754,10 +1570,12 @@ public class OAuth2ResourceServerConfigurerTests {
 							.build());
 					// @formatter:on
 		}
+
 	}
 
 	@EnableWebSecurity
 	static class JwtAuthenticationConverterConfiguredOnDsl extends WebSecurityConfigurerAdapter {
+
 		private final Converter<Jwt, JwtAuthenticationToken> jwtAuthenticationConverter = mock(Converter.class);
 
 		@Override
@@ -1776,10 +1594,12 @@ public class OAuth2ResourceServerConfigurerTests {
 		Converter<Jwt, JwtAuthenticationToken> getJwtAuthenticationConverter() {
 			return this.jwtAuthenticationConverter;
 		}
+
 	}
 
 	@EnableWebSecurity
 	static class CustomAuthorityMappingConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -1795,15 +1615,16 @@ public class OAuth2ResourceServerConfigurerTests {
 
 		Converter<Jwt, AbstractAuthenticationToken> getJwtAuthenticationConverter() {
 			JwtAuthenticationConverter converter = new JwtAuthenticationConverter();
-			converter.setJwtGrantedAuthoritiesConverter(jwt ->
-					Collections.singletonList(new SimpleGrantedAuthority("message:read"))
-			);
+			converter.setJwtGrantedAuthoritiesConverter(
+					jwt -> Collections.singletonList(new SimpleGrantedAuthority("message:read")));
 			return converter;
 		}
+
 	}
 
 	@EnableWebSecurity
 	static class BasicAndResourceServerConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -1821,7 +1642,7 @@ public class OAuth2ResourceServerConfigurerTests {
 		@Bean
 		public UserDetailsService userDetailsService() {
 			return new InMemoryUserDetailsManager(
-					// @formatter:off
+			// @formatter:off
 					org.springframework.security.core.userdetails.User.withDefaultPasswordEncoder()
 							.username("basic-user")
 							.password("basic-password")
@@ -1829,10 +1650,12 @@ public class OAuth2ResourceServerConfigurerTests {
 							.build());
 					// @formatter:on
 		}
+
 	}
 
 	@EnableWebSecurity
 	static class FormAndResourceServerConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -1846,10 +1669,12 @@ public class OAuth2ResourceServerConfigurerTests {
 					.jwt();
 			// @formatter:on
 		}
+
 	}
 
 	@EnableWebSecurity
 	static class JwtHalfConfiguredConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -1861,10 +1686,12 @@ public class OAuth2ResourceServerConfigurerTests {
 					.jwt(); // missing key configuration, e.g. jwkSetUri
 			// @formatter:on
 		}
+
 	}
 
 	@EnableWebSecurity
 	static class AlwaysSessionCreationConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -1876,10 +1703,12 @@ public class OAuth2ResourceServerConfigurerTests {
 					.jwt();
 			// @formatter:on
 		}
+
 	}
 
 	@EnableWebSecurity
 	static class AllowBearerTokenInRequestBodyConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -1898,10 +1727,12 @@ public class OAuth2ResourceServerConfigurerTests {
 			resolver.setAllowFormEncodedBodyParameter(true);
 			return resolver;
 		}
+
 	}
 
 	@EnableWebSecurity
 	static class AllowBearerTokenAsQueryParameterConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -1920,10 +1751,12 @@ public class OAuth2ResourceServerConfigurerTests {
 			resolver.setAllowUriQueryParameter(true);
 			return resolver;
 		}
+
 	}
 
 	@EnableWebSecurity
 	static class MultipleBearerTokenResolverBeansConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -1949,10 +1782,12 @@ public class OAuth2ResourceServerConfigurerTests {
 			resolver.setAllowFormEncodedBodyParameter(true);
 			return resolver;
 		}
+
 	}
 
 	@EnableWebSecurity
 	static class CustomJwtDecoderOnDsl extends WebSecurityConfigurerAdapter {
+
 		JwtDecoder decoder = mock(JwtDecoder.class);
 
 		@Override
@@ -1971,10 +1806,12 @@ public class OAuth2ResourceServerConfigurerTests {
 		JwtDecoder decoder() {
 			return this.decoder;
 		}
+
 	}
 
 	@EnableWebSecurity
 	static class CustomJwtDecoderInLambdaOnDsl extends WebSecurityConfigurerAdapter {
+
 		JwtDecoder decoder = mock(JwtDecoder.class);
 
 		@Override
@@ -1998,10 +1835,12 @@ public class OAuth2ResourceServerConfigurerTests {
 		JwtDecoder decoder() {
 			return this.decoder;
 		}
+
 	}
 
 	@EnableWebSecurity
 	static class CustomJwtDecoderAsBean extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -2018,10 +1857,12 @@ public class OAuth2ResourceServerConfigurerTests {
 		public JwtDecoder decoder() {
 			return mock(JwtDecoder.class);
 		}
+
 	}
 
 	@EnableWebSecurity
 	static class JwtAuthenticationManagerConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -2039,10 +1880,12 @@ public class OAuth2ResourceServerConfigurerTests {
 		public AuthenticationProvider authenticationProvider() {
 			return mock(AuthenticationProvider.class);
 		}
+
 	}
 
 	@EnableWebSecurity
 	static class CustomJwtValidatorConfig extends WebSecurityConfigurerAdapter {
+
 		@Autowired
 		NimbusJwtDecoder jwtDecoder;
 
@@ -2062,17 +1905,19 @@ public class OAuth2ResourceServerConfigurerTests {
 		public OAuth2TokenValidator<Jwt> getJwtValidator() {
 			return this.jwtValidator;
 		}
+
 	}
 
 	@EnableWebSecurity
 	static class UnexpiredJwtClockSkewConfig extends WebSecurityConfigurerAdapter {
+
 		@Autowired
 		NimbusJwtDecoder jwtDecoder;
 
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
-			Clock nearlyAnHourFromTokenExpiry =
-					Clock.fixed(Instant.ofEpochMilli(4687181540000L), ZoneId.systemDefault());
+			Clock nearlyAnHourFromTokenExpiry = Clock.fixed(Instant.ofEpochMilli(4687181540000L),
+					ZoneId.systemDefault());
 			JwtTimestampValidator jwtValidator = new JwtTimestampValidator(Duration.ofHours(1));
 			jwtValidator.setClock(nearlyAnHourFromTokenExpiry);
 
@@ -2084,17 +1929,19 @@ public class OAuth2ResourceServerConfigurerTests {
 					.jwt();
 			// @formatter:on
 		}
+
 	}
 
 	@EnableWebSecurity
 	static class ExpiredJwtClockSkewConfig extends WebSecurityConfigurerAdapter {
+
 		@Autowired
 		NimbusJwtDecoder jwtDecoder;
 
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
-			Clock justOverOneHourAfterExpiry =
-					Clock.fixed(Instant.ofEpochMilli(4687181595000L), ZoneId.systemDefault());
+			Clock justOverOneHourAfterExpiry = Clock.fixed(Instant.ofEpochMilli(4687181595000L),
+					ZoneId.systemDefault());
 			JwtTimestampValidator jwtValidator = new JwtTimestampValidator(Duration.ofHours(1));
 			jwtValidator.setClock(justOverOneHourAfterExpiry);
 
@@ -2132,14 +1979,16 @@ public class OAuth2ResourceServerConfigurerTests {
 
 		@Bean
 		JwtDecoder decoder() throws Exception {
-			RSAPublicKey publicKey = (RSAPublicKey)
-					KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(this.spec));
+			RSAPublicKey publicKey = (RSAPublicKey) KeyFactory.getInstance("RSA")
+					.generatePublic(new X509EncodedKeySpec(this.spec));
 			return withPublicKey(publicKey).build();
 		}
+
 	}
 
 	@EnableWebSecurity
 	static class CustomAuthenticationEventPublisher extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -2161,10 +2010,12 @@ public class OAuth2ResourceServerConfigurerTests {
 		AuthenticationEventPublisher authenticationEventPublisher() {
 			return mock(AuthenticationEventPublisher.class);
 		}
+
 	}
 
 	@EnableWebSecurity
 	static class OpaqueTokenConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -2177,10 +2028,12 @@ public class OAuth2ResourceServerConfigurerTests {
 					.opaqueToken();
 			// @formatter:on
 		}
+
 	}
 
 	@EnableWebSecurity
 	static class OpaqueTokenInLambdaConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -2196,10 +2049,12 @@ public class OAuth2ResourceServerConfigurerTests {
 				);
 			// @formatter:on
 		}
+
 	}
 
 	@EnableWebSecurity
 	static class OpaqueTokenAuthenticationManagerConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -2217,10 +2072,12 @@ public class OAuth2ResourceServerConfigurerTests {
 		public AuthenticationProvider authenticationProvider() {
 			return mock(AuthenticationProvider.class);
 		}
+
 	}
 
 	@EnableWebSecurity
 	static class OpaqueTokenAuthenticationManagerInLambdaConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -2243,10 +2100,12 @@ public class OAuth2ResourceServerConfigurerTests {
 		public AuthenticationProvider authenticationProvider() {
 			return mock(AuthenticationProvider.class);
 		}
+
 	}
 
 	@EnableWebSecurity
 	static class OpaqueAndJwtConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -2257,10 +2116,12 @@ public class OAuth2ResourceServerConfigurerTests {
 					.opaqueToken();
 			// @formatter:on
 		}
+
 	}
 
 	@EnableWebSecurity
 	static class OpaqueTokenHalfConfiguredConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -2273,10 +2134,12 @@ public class OAuth2ResourceServerConfigurerTests {
 						.introspectionUri("https://idp.example.com"); // missing credentials
 			// @formatter:on
 		}
+
 	}
 
 	@EnableWebSecurity
 	static class MultipleIssuersConfig extends WebSecurityConfigurerAdapter {
+
 		@Autowired
 		MockWebServer web;
 
@@ -2284,8 +2147,8 @@ public class OAuth2ResourceServerConfigurerTests {
 		protected void configure(HttpSecurity http) throws Exception {
 			String issuerOne = this.web.url("/issuerOne").toString();
 			String issuerTwo = this.web.url("/issuerTwo").toString();
-			JwtIssuerAuthenticationManagerResolver authenticationManagerResolver =
-					new JwtIssuerAuthenticationManagerResolver(issuerOne, issuerTwo);
+			JwtIssuerAuthenticationManagerResolver authenticationManagerResolver = new JwtIssuerAuthenticationManagerResolver(
+					issuerOne, issuerTwo);
 
 			// @formatter:off
 			http
@@ -2293,10 +2156,12 @@ public class OAuth2ResourceServerConfigurerTests {
 					.authenticationManagerResolver(authenticationManagerResolver);
 			// @formatter:on
 		}
+
 	}
 
 	@EnableWebSecurity
 	static class AuthenticationManagerResolverPlusOtherConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -2309,18 +2174,22 @@ public class OAuth2ResourceServerConfigurerTests {
 					.opaqueToken();
 			// @formatter:on
 		}
+
 	}
 
 	@Configuration
 	static class JwtDecoderConfig {
+
 		@Bean
 		public JwtDecoder jwtDecoder() {
 			return mock(JwtDecoder.class);
 		}
+
 	}
 
 	@RestController
 	static class BasicController {
+
 		@GetMapping("/")
 		public String get() {
 			return "ok";
@@ -2338,9 +2207,8 @@ public class OAuth2ResourceServerConfigurerTests {
 
 		@GetMapping("/requires-read-scope")
 		public String requiresReadScope(JwtAuthenticationToken token) {
-			return token.getAuthorities().stream()
-					.map(GrantedAuthority::getAuthority)
-					.collect(Collectors.toList()).toString();
+			return token.getAuthorities().stream().map(GrantedAuthority::getAuthority).collect(Collectors.toList())
+					.toString();
 		}
 
 		@GetMapping("/ms-requires-read-scope")
@@ -2354,10 +2222,12 @@ public class OAuth2ResourceServerConfigurerTests {
 		public String deny() {
 			return "hmm, that's odd";
 		}
+
 	}
 
 	@Configuration
 	static class WebServerConfig implements BeanPostProcessor, EnvironmentAware {
+
 		private final MockWebServer server = new MockWebServer();
 
 		@PreDestroy
@@ -2368,8 +2238,8 @@ public class OAuth2ResourceServerConfigurerTests {
 		@Override
 		public void setEnvironment(Environment environment) {
 			if (environment instanceof ConfigurableEnvironment) {
-				((ConfigurableEnvironment) environment)
-						.getPropertySources().addFirst(new MockWebServerPropertySource());
+				((ConfigurableEnvironment) environment).getPropertySources()
+						.addFirst(new MockWebServerPropertySource());
 			}
 		}
 
@@ -2388,15 +2258,19 @@ public class OAuth2ResourceServerConfigurerTests {
 			public Object getProperty(String name) {
 				if ("mockwebserver.url".equals(name)) {
 					return WebServerConfig.this.server.url("/.well-known/jwks.json").toString();
-				} else {
+				}
+				else {
 					return null;
 				}
 			}
+
 		}
+
 	}
 
 	@Configuration
 	static class RestOperationsConfig {
+
 		RestOperations rest = mock(RestOperations.class);
 
 		@Bean
@@ -2406,14 +2280,14 @@ public class OAuth2ResourceServerConfigurerTests {
 
 		@Bean
 		NimbusJwtDecoder jwtDecoder() {
-			return withJwkSetUri("https://example.org/.well-known/jwks.json")
-					.restOperations(this.rest).build();
+			return withJwkSetUri("https://example.org/.well-known/jwks.json").restOperations(this.rest).build();
 		}
 
 		@Bean
 		NimbusOpaqueTokenIntrospector tokenIntrospectionClient() {
 			return new NimbusOpaqueTokenIntrospector("https://example.org/introspect", this.rest);
 		}
+
 	}
 
 	private static <T> void registerMockBean(GenericApplicationContext context, String name, Class<T> clazz) {
@@ -2421,6 +2295,7 @@ public class OAuth2ResourceServerConfigurerTests {
 	}
 
 	private static class BearerTokenRequestPostProcessor implements RequestPostProcessor {
+
 		private boolean asRequestParameter;
 
 		private String token;
@@ -2438,12 +2313,14 @@ public class OAuth2ResourceServerConfigurerTests {
 		public MockHttpServletRequest postProcessRequest(MockHttpServletRequest request) {
 			if (this.asRequestParameter) {
 				request.setParameter("access_token", this.token);
-			} else {
+			}
+			else {
 				request.addHeader("Authorization", "Bearer " + this.token);
 			}
 
 			return request;
 		}
+
 	}
 
 	private static BearerTokenRequestPostProcessor bearerToken(String token) {
@@ -2452,40 +2329,26 @@ public class OAuth2ResourceServerConfigurerTests {
 
 	private static ResultMatcher invalidRequestHeader(String message) {
 		return header().string(HttpHeaders.WWW_AUTHENTICATE,
-				AllOf.allOf(
-						new StringStartsWith("Bearer " +
-								"error=\"invalid_request\", " +
-								"error_description=\""),
+				AllOf.allOf(new StringStartsWith("Bearer " + "error=\"invalid_request\", " + "error_description=\""),
 						new StringContains(message),
-						new StringEndsWith(", " +
-								"error_uri=\"https://tools.ietf.org/html/rfc6750#section-3.1\"")
-						)
-				);
+						new StringEndsWith(", " + "error_uri=\"https://tools.ietf.org/html/rfc6750#section-3.1\"")));
 	}
 
 	private static ResultMatcher invalidTokenHeader(String message) {
 		return header().string(HttpHeaders.WWW_AUTHENTICATE,
-				AllOf.allOf(
-						new StringStartsWith("Bearer " +
-								"error=\"invalid_token\", " +
-								"error_description=\""),
+				AllOf.allOf(new StringStartsWith("Bearer " + "error=\"invalid_token\", " + "error_description=\""),
 						new StringContains(message),
-						new StringEndsWith(", " +
-								"error_uri=\"https://tools.ietf.org/html/rfc6750#section-3.1\"")
-				)
-		);
+						new StringEndsWith(", " + "error_uri=\"https://tools.ietf.org/html/rfc6750#section-3.1\"")));
 	}
 
 	private static ResultMatcher insufficientScopeHeader() {
-		return header().string(HttpHeaders.WWW_AUTHENTICATE, "Bearer " +
-				"error=\"insufficient_scope\"" +
-				", error_description=\"The request requires higher privileges than provided by the access token.\"" +
-				", error_uri=\"https://tools.ietf.org/html/rfc6750#section-3.1\"");
+		return header().string(HttpHeaders.WWW_AUTHENTICATE, "Bearer " + "error=\"insufficient_scope\""
+				+ ", error_description=\"The request requires higher privileges than provided by the access token.\""
+				+ ", error_uri=\"https://tools.ietf.org/html/rfc6750#section-3.1\"");
 	}
 
 	private String jwkSet() {
-		return new JWKSet(new RSAKey.Builder(TestKeys.DEFAULT_PUBLIC_KEY)
-				.keyID("1").build()).toString();
+		return new JWKSet(new RSAKey.Builder(TestKeys.DEFAULT_PUBLIC_KEY).keyID("1").build()).toString();
 	}
 
 	private String jwtFromIssuer(String issuer) throws Exception {
@@ -2493,18 +2356,15 @@ public class OAuth2ResourceServerConfigurerTests {
 		claims.put(ISS, issuer);
 		claims.put(SUB, "test-subject");
 		claims.put("scope", "message:read");
-		JWSObject jws = new JWSObject(
-				new JWSHeader.Builder(JWSAlgorithm.RS256).keyID("1").build(),
+		JWSObject jws = new JWSObject(new JWSHeader.Builder(JWSAlgorithm.RS256).keyID("1").build(),
 				new Payload(new JSONObject(claims)));
 		jws.sign(new RSASSASigner(TestKeys.DEFAULT_PRIVATE_KEY));
 		return jws.serialize();
 	}
 
 	private void mockWebServer(String response) {
-		this.web.enqueue(new MockResponse()
-				.setResponseCode(200)
-				.setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE)
-				.setBody(response));
+		this.web.enqueue(new MockResponse().setResponseCode(200)
+				.setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE).setBody(response));
 	}
 
 	private void mockRestOperations(String response) {
@@ -2512,8 +2372,7 @@ public class OAuth2ResourceServerConfigurerTests {
 		HttpHeaders headers = new HttpHeaders();
 		headers.setContentType(MediaType.APPLICATION_JSON);
 		ResponseEntity<String> entity = new ResponseEntity<>(response, headers, HttpStatus.OK);
-		when(rest.exchange(any(RequestEntity.class), eq(String.class)))
-				.thenReturn(entity);
+		when(rest.exchange(any(RequestEntity.class), eq(String.class))).thenReturn(entity);
 	}
 
 	private <T> T bean(Class<T> beanClass) {
@@ -2539,8 +2398,9 @@ public class OAuth2ResourceServerConfigurerTests {
 	private String resource(String suffix) throws IOException {
 		String name = this.getClass().getSimpleName() + "-" + suffix;
 		ClassPathResource resource = new ClassPathResource(name, this.getClass());
-		try ( BufferedReader reader = new BufferedReader(new FileReader(resource.getFile())) ) {
+		try (BufferedReader reader = new BufferedReader(new FileReader(resource.getFile()))) {
 			return reader.lines().collect(Collectors.joining());
 		}
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurerTests.java
index 159c54967e..3774aacf8d 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurerTests.java
@@ -71,8 +71,7 @@ public class OpenIDLoginConfigurerTests {
 		ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class);
 		this.spring.register(ObjectPostProcessorConfig.class).autowire();
 
-		verify(ObjectPostProcessorConfig.objectPostProcessor)
-				.postProcess(any(OpenIDAuthenticationFilter.class));
+		verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(OpenIDAuthenticationFilter.class));
 	}
 
 	@Test
@@ -80,12 +79,12 @@ public class OpenIDLoginConfigurerTests {
 		ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class);
 		this.spring.register(ObjectPostProcessorConfig.class).autowire();
 
-		verify(ObjectPostProcessorConfig.objectPostProcessor)
-				.postProcess(any(OpenIDAuthenticationProvider.class));
+		verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(OpenIDAuthenticationProvider.class));
 	}
 
 	@EnableWebSecurity
 	static class ObjectPostProcessorConfig extends WebSecurityConfigurerAdapter {
+
 		static ObjectPostProcessor<Object> objectPostProcessor;
 
 		@Override
@@ -100,21 +99,23 @@ public class OpenIDLoginConfigurerTests {
 		static ObjectPostProcessor<Object> objectPostProcessor() {
 			return objectPostProcessor;
 		}
+
 	}
 
 	static class ReflectingObjectPostProcessor implements ObjectPostProcessor<Object> {
+
 		@Override
 		public <O> O postProcess(O object) {
 			return object;
 		}
+
 	}
 
 	@Test
 	public void openidLoginWhenInvokedTwiceThenUsesOriginalLoginPage() throws Exception {
 		this.spring.register(InvokeTwiceDoesNotOverrideConfig.class).autowire();
 
-		this.mvc.perform(get("/"))
-				.andExpect(status().isFound())
+		this.mvc.perform(get("/")).andExpect(status().isFound())
 				.andExpect(redirectedUrl("http://localhost/login/custom"));
 	}
 
@@ -142,19 +143,20 @@ public class OpenIDLoginConfigurerTests {
 				.openidLogin();
 			// @formatter:on
 		}
+
 	}
 
 	@Test
 	public void requestWhenOpenIdLoginPageInLambdaThenRedirectsToLoginPAge() throws Exception {
 		this.spring.register(OpenIdLoginPageInLambdaConfig.class).autowire();
 
-		this.mvc.perform(get("/"))
-				.andExpect(status().isFound())
+		this.mvc.perform(get("/")).andExpect(status().isFound())
 				.andExpect(redirectedUrl("http://localhost/login/custom"));
 	}
 
 	@EnableWebSecurity
 	static class OpenIdLoginPageInLambdaConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -169,6 +171,7 @@ public class OpenIDLoginConfigurerTests {
 				);
 			// @formatter:on
 		}
+
 	}
 
 	@Test
@@ -177,43 +180,41 @@ public class OpenIDLoginConfigurerTests {
 		AuthRequest mockAuthRequest = mock(AuthRequest.class);
 		DiscoveryInformation mockDiscoveryInformation = mock(DiscoveryInformation.class);
 		when(mockAuthRequest.getDestinationUrl(anyBoolean())).thenReturn("mockUrl");
-		when(OpenIdAttributesInLambdaConfig.CONSUMER_MANAGER.associate(any()))
-				.thenReturn(mockDiscoveryInformation);
-		when(OpenIdAttributesInLambdaConfig.CONSUMER_MANAGER.authenticate(any(DiscoveryInformation.class), any(), any()))
-				.thenReturn(mockAuthRequest);
+		when(OpenIdAttributesInLambdaConfig.CONSUMER_MANAGER.associate(any())).thenReturn(mockDiscoveryInformation);
+		when(OpenIdAttributesInLambdaConfig.CONSUMER_MANAGER.authenticate(any(DiscoveryInformation.class), any(),
+				any())).thenReturn(mockAuthRequest);
 		this.spring.register(OpenIdAttributesInLambdaConfig.class).autowire();
 
-		try ( MockWebServer server = new MockWebServer() ) {
+		try (MockWebServer server = new MockWebServer()) {
 			String endpoint = server.url("/").toString();
 
-			server.enqueue(new MockResponse()
-					.addHeader(YADIS_XRDS_LOCATION, endpoint));
+			server.enqueue(new MockResponse().addHeader(YADIS_XRDS_LOCATION, endpoint));
 			server.enqueue(new MockResponse()
 					.setBody(String.format("<XRDS><XRD><Service><URI>%s</URI></Service></XRD></XRDS>", endpoint)));
 
-			MvcResult mvcResult = this.mvc.perform(get("/login/openid")
-					.param(OpenIDAuthenticationFilter.DEFAULT_CLAIMED_IDENTITY_FIELD, endpoint))
-					.andExpect(status().isFound())
-					.andReturn();
+			MvcResult mvcResult = this.mvc.perform(
+					get("/login/openid").param(OpenIDAuthenticationFilter.DEFAULT_CLAIMED_IDENTITY_FIELD, endpoint))
+					.andExpect(status().isFound()).andReturn();
 
-			Object attributeObject = mvcResult.getRequest().getSession().getAttribute("SPRING_SECURITY_OPEN_ID_ATTRIBUTES_FETCH_LIST");
+			Object attributeObject = mvcResult.getRequest().getSession()
+					.getAttribute("SPRING_SECURITY_OPEN_ID_ATTRIBUTES_FETCH_LIST");
 			assertThat(attributeObject).isInstanceOf(List.class);
 			List<OpenIDAttribute> attributeList = (List<OpenIDAttribute>) attributeObject;
-			assertThat(attributeList.stream().anyMatch(attribute ->
-					"nickname".equals(attribute.getName())
-							&& "https://schema.openid.net/namePerson/friendly".equals(attribute.getType())))
-					.isTrue();
-			assertThat(attributeList.stream().anyMatch(attribute ->
-					"email".equals(attribute.getName())
+			assertThat(
+					attributeList.stream()
+							.anyMatch(attribute -> "nickname".equals(attribute.getName())
+									&& "https://schema.openid.net/namePerson/friendly".equals(attribute.getType())))
+											.isTrue();
+			assertThat(attributeList.stream()
+					.anyMatch(attribute -> "email".equals(attribute.getName())
 							&& "https://schema.openid.net/contact/email".equals(attribute.getType())
-							&& attribute.isRequired()
-							&& attribute.getCount() == 2))
-					.isTrue();
+							&& attribute.isRequired() && attribute.getCount() == 2)).isTrue();
 		}
 	}
 
 	@EnableWebSecurity
 	static class OpenIdAttributesInLambdaConfig extends WebSecurityConfigurerAdapter {
+
 		static ConsumerManager CONSUMER_MANAGER;
 
 		@Override
@@ -246,35 +247,33 @@ public class OpenIDLoginConfigurerTests {
 				);
 			// @formatter:on
 		}
+
 	}
 
 	@Test
-	public void requestWhenAttributeNameNotSpecifiedThenAttributeNameDefaulted()
-			throws Exception {
+	public void requestWhenAttributeNameNotSpecifiedThenAttributeNameDefaulted() throws Exception {
 		OpenIdAttributesNullNameConfig.CONSUMER_MANAGER = mock(ConsumerManager.class);
 		AuthRequest mockAuthRequest = mock(AuthRequest.class);
 		DiscoveryInformation mockDiscoveryInformation = mock(DiscoveryInformation.class);
 		when(mockAuthRequest.getDestinationUrl(anyBoolean())).thenReturn("mockUrl");
-		when(OpenIdAttributesNullNameConfig.CONSUMER_MANAGER.associate(any()))
-				.thenReturn(mockDiscoveryInformation);
-		when(OpenIdAttributesNullNameConfig.CONSUMER_MANAGER.authenticate(any(DiscoveryInformation.class), any(), any()))
-				.thenReturn(mockAuthRequest);
+		when(OpenIdAttributesNullNameConfig.CONSUMER_MANAGER.associate(any())).thenReturn(mockDiscoveryInformation);
+		when(OpenIdAttributesNullNameConfig.CONSUMER_MANAGER.authenticate(any(DiscoveryInformation.class), any(),
+				any())).thenReturn(mockAuthRequest);
 		this.spring.register(OpenIdAttributesNullNameConfig.class).autowire();
 
-		try ( MockWebServer server = new MockWebServer() ) {
+		try (MockWebServer server = new MockWebServer()) {
 			String endpoint = server.url("/").toString();
 
-			server.enqueue(new MockResponse()
-					.addHeader(YADIS_XRDS_LOCATION, endpoint));
+			server.enqueue(new MockResponse().addHeader(YADIS_XRDS_LOCATION, endpoint));
 			server.enqueue(new MockResponse()
 					.setBody(String.format("<XRDS><XRD><Service><URI>%s</URI></Service></XRD></XRDS>", endpoint)));
 
-			MvcResult mvcResult = this.mvc.perform(get("/login/openid")
-					.param(OpenIDAuthenticationFilter.DEFAULT_CLAIMED_IDENTITY_FIELD, endpoint))
-					.andExpect(status().isFound())
-					.andReturn();
+			MvcResult mvcResult = this.mvc.perform(
+					get("/login/openid").param(OpenIDAuthenticationFilter.DEFAULT_CLAIMED_IDENTITY_FIELD, endpoint))
+					.andExpect(status().isFound()).andReturn();
 
-			Object attributeObject = mvcResult.getRequest().getSession().getAttribute("SPRING_SECURITY_OPEN_ID_ATTRIBUTES_FETCH_LIST");
+			Object attributeObject = mvcResult.getRequest().getSession()
+					.getAttribute("SPRING_SECURITY_OPEN_ID_ATTRIBUTES_FETCH_LIST");
 			assertThat(attributeObject).isInstanceOf(List.class);
 			List<OpenIDAttribute> attributeList = (List<OpenIDAttribute>) attributeObject;
 			assertThat(attributeList).hasSize(1);
@@ -284,6 +283,7 @@ public class OpenIDLoginConfigurerTests {
 
 	@EnableWebSecurity
 	static class OpenIdAttributesNullNameConfig extends WebSecurityConfigurerAdapter {
+
 		static ConsumerManager CONSUMER_MANAGER;
 
 		@Override
@@ -305,5 +305,7 @@ public class OpenIDLoginConfigurerTests {
 				);
 			// @formatter:on
 		}
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurerTests.java
index 598f5bf09c..18b9e86c4e 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurerTests.java
@@ -102,13 +102,15 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
  */
 public class Saml2LoginConfigurerTests {
 
-	private static final Converter<Assertion, Collection<? extends GrantedAuthority>>
-			AUTHORITIES_EXTRACTOR = a -> Arrays.asList(new SimpleGrantedAuthority("TEST"));
-	private static final GrantedAuthoritiesMapper AUTHORITIES_MAPPER =
-			authorities -> Arrays.asList(new SimpleGrantedAuthority("TEST CONVERTED"));
+	private static final Converter<Assertion, Collection<? extends GrantedAuthority>> AUTHORITIES_EXTRACTOR = a -> Arrays
+			.asList(new SimpleGrantedAuthority("TEST"));
+
+	private static final GrantedAuthoritiesMapper AUTHORITIES_MAPPER = authorities -> Arrays
+			.asList(new SimpleGrantedAuthority("TEST CONVERTED"));
+
 	private static final Duration RESPONSE_TIME_VALIDATION_SKEW = Duration.ZERO;
-	private static final String SIGNED_RESPONSE =
-			"PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c2FtbDJwOlJlc3BvbnNlIHhtbG5zOnNhbWwycD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIiBEZXN0aW5hdGlvbj0iaHR0cHM6Ly9ycC5leGFtcGxlLm9yZy9hY3MiIElEPSJfYzE3MzM2YTAtNTM1My00MTQ5LWI3MmMtMDNkOWY5YWYzMDdlIiBJc3N1ZUluc3RhbnQ9IjIwMjAtMDgtMDRUMjI6MDQ6NDUuMDE2WiIgVmVyc2lvbj0iMi4wIj48c2FtbDI6SXNzdWVyIHhtbG5zOnNhbWwyPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj5hcC1lbnRpdHktaWQ8L3NhbWwyOklzc3Vlcj48ZHM6U2lnbmF0dXJlIHhtbG5zOmRzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj4KPGRzOlNpZ25lZEluZm8+CjxkczpDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8+CjxkczpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGRzaWctbW9yZSNyc2Etc2hhMjU2Ii8+CjxkczpSZWZlcmVuY2UgVVJJPSIjX2MxNzMzNmEwLTUzNTMtNDE0OS1iNzJjLTAzZDlmOWFmMzA3ZSI+CjxkczpUcmFuc2Zvcm1zPgo8ZHM6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI2VudmVsb3BlZC1zaWduYXR1cmUiLz4KPGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPgo8L2RzOlRyYW5zZm9ybXM+CjxkczpEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGVuYyNzaGEyNTYiLz4KPGRzOkRpZ2VzdFZhbHVlPjYzTmlyenFzaDVVa0h1a3NuRWUrM0hWWU5aYWFsQW1OQXFMc1lGMlRuRDA9PC9kczpEaWdlc3RWYWx1ZT4KPC9kczpSZWZlcmVuY2U+CjwvZHM6U2lnbmVkSW5mbz4KPGRzOlNpZ25hdHVyZVZhbHVlPgpLMVlvWWJVUjBTclY4RTdVMkhxTTIvZUNTOTNoV25mOExnNnozeGZWMUlyalgzSXhWYkNvMVlYcnRBSGRwRVdvYTJKKzVOMmFNbFBHJiMxMzsKN2VpbDBZRC9xdUVRamRYbTNwQTBjZmEvY25pa2RuKzVhbnM0ZWQwanU1amo2dkpvZ2w2Smt4Q25LWUpwTU9HNzhtampmb0phengrWCYjMTM7CkM2NktQVStBYUdxeGVwUEQ1ZlhRdTFKSy9Jb3lBaitaa3k4Z2Jwc3VyZHFCSEJLRWxjdnVOWS92UGY0OGtBeFZBKzdtRGhNNUMvL1AmIzEzOwp0L084Y3NZYXB2UjZjdjZrdk45QXZ1N3FRdm9qVk1McHVxZWNJZDJwTUVYb0NSSnE2Nkd4MStNTUVPeHVpMWZZQlRoMEhhYjRmK3JyJiMxMzsKOEY2V1NFRC8xZllVeHliRkJqZ1Q4d2lEWHFBRU8wSVY4ZWRQeEE9PQo8L2RzOlNpZ25hdHVyZVZhbHVlPgo8L2RzOlNpZ25hdHVyZT48c2FtbDI6QXNzZXJ0aW9uIHhtbG5zOnNhbWwyPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIiBJRD0iQWUzZjQ5OGI4LTliMTctNDA3OC05ZDM1LTg2YTA4NDA4NDk5NSIgSXNzdWVJbnN0YW50PSIyMDIwLTA4LTA0VDIyOjA0OjQ1LjA3N1oiIFZlcnNpb249IjIuMCI+PHNhbWwyOklzc3Vlcj5hcC1lbnRpdHktaWQ8L3NhbWwyOklzc3Vlcj48c2FtbDI6U3ViamVjdD48c2FtbDI6TmFtZUlEPnRlc3RAc2FtbC51c2VyPC9zYW1sMjpOYW1lSUQ+PHNhbWwyOlN1YmplY3RDb25maXJtYXRpb24gTWV0aG9kPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6Y206YmVhcmVyIj48c2FtbDI6U3ViamVjdENvbmZpcm1hdGlvbkRhdGEgTm90QmVmb3JlPSIyMDIwLTA4LTA0VDIxOjU5OjQ1LjA5MFoiIE5vdE9uT3JBZnRlcj0iMjA0MC0wNy0zMFQyMjowNTowNi4wODhaIiBSZWNpcGllbnQ9Imh0dHBzOi8vcnAuZXhhbXBsZS5vcmcvYWNzIi8+PC9zYW1sMjpTdWJqZWN0Q29uZmlybWF0aW9uPjwvc2FtbDI6U3ViamVjdD48c2FtbDI6Q29uZGl0aW9ucyBOb3RCZWZvcmU9IjIwMjAtMDgtMDRUMjE6NTk6NDUuMDgwWiIgTm90T25PckFmdGVyPSIyMDQwLTA3LTMwVDIyOjA1OjA2LjA4N1oiLz48L3NhbWwyOkFzc2VydGlvbj48L3NhbWwycDpSZXNwb25zZT4=";
+
+	private static final String SIGNED_RESPONSE = "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c2FtbDJwOlJlc3BvbnNlIHhtbG5zOnNhbWwycD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIiBEZXN0aW5hdGlvbj0iaHR0cHM6Ly9ycC5leGFtcGxlLm9yZy9hY3MiIElEPSJfYzE3MzM2YTAtNTM1My00MTQ5LWI3MmMtMDNkOWY5YWYzMDdlIiBJc3N1ZUluc3RhbnQ9IjIwMjAtMDgtMDRUMjI6MDQ6NDUuMDE2WiIgVmVyc2lvbj0iMi4wIj48c2FtbDI6SXNzdWVyIHhtbG5zOnNhbWwyPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj5hcC1lbnRpdHktaWQ8L3NhbWwyOklzc3Vlcj48ZHM6U2lnbmF0dXJlIHhtbG5zOmRzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj4KPGRzOlNpZ25lZEluZm8+CjxkczpDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8+CjxkczpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGRzaWctbW9yZSNyc2Etc2hhMjU2Ii8+CjxkczpSZWZlcmVuY2UgVVJJPSIjX2MxNzMzNmEwLTUzNTMtNDE0OS1iNzJjLTAzZDlmOWFmMzA3ZSI+CjxkczpUcmFuc2Zvcm1zPgo8ZHM6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI2VudmVsb3BlZC1zaWduYXR1cmUiLz4KPGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPgo8L2RzOlRyYW5zZm9ybXM+CjxkczpEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGVuYyNzaGEyNTYiLz4KPGRzOkRpZ2VzdFZhbHVlPjYzTmlyenFzaDVVa0h1a3NuRWUrM0hWWU5aYWFsQW1OQXFMc1lGMlRuRDA9PC9kczpEaWdlc3RWYWx1ZT4KPC9kczpSZWZlcmVuY2U+CjwvZHM6U2lnbmVkSW5mbz4KPGRzOlNpZ25hdHVyZVZhbHVlPgpLMVlvWWJVUjBTclY4RTdVMkhxTTIvZUNTOTNoV25mOExnNnozeGZWMUlyalgzSXhWYkNvMVlYcnRBSGRwRVdvYTJKKzVOMmFNbFBHJiMxMzsKN2VpbDBZRC9xdUVRamRYbTNwQTBjZmEvY25pa2RuKzVhbnM0ZWQwanU1amo2dkpvZ2w2Smt4Q25LWUpwTU9HNzhtampmb0phengrWCYjMTM7CkM2NktQVStBYUdxeGVwUEQ1ZlhRdTFKSy9Jb3lBaitaa3k4Z2Jwc3VyZHFCSEJLRWxjdnVOWS92UGY0OGtBeFZBKzdtRGhNNUMvL1AmIzEzOwp0L084Y3NZYXB2UjZjdjZrdk45QXZ1N3FRdm9qVk1McHVxZWNJZDJwTUVYb0NSSnE2Nkd4MStNTUVPeHVpMWZZQlRoMEhhYjRmK3JyJiMxMzsKOEY2V1NFRC8xZllVeHliRkJqZ1Q4d2lEWHFBRU8wSVY4ZWRQeEE9PQo8L2RzOlNpZ25hdHVyZVZhbHVlPgo8L2RzOlNpZ25hdHVyZT48c2FtbDI6QXNzZXJ0aW9uIHhtbG5zOnNhbWwyPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIiBJRD0iQWUzZjQ5OGI4LTliMTctNDA3OC05ZDM1LTg2YTA4NDA4NDk5NSIgSXNzdWVJbnN0YW50PSIyMDIwLTA4LTA0VDIyOjA0OjQ1LjA3N1oiIFZlcnNpb249IjIuMCI+PHNhbWwyOklzc3Vlcj5hcC1lbnRpdHktaWQ8L3NhbWwyOklzc3Vlcj48c2FtbDI6U3ViamVjdD48c2FtbDI6TmFtZUlEPnRlc3RAc2FtbC51c2VyPC9zYW1sMjpOYW1lSUQ+PHNhbWwyOlN1YmplY3RDb25maXJtYXRpb24gTWV0aG9kPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6Y206YmVhcmVyIj48c2FtbDI6U3ViamVjdENvbmZpcm1hdGlvbkRhdGEgTm90QmVmb3JlPSIyMDIwLTA4LTA0VDIxOjU5OjQ1LjA5MFoiIE5vdE9uT3JBZnRlcj0iMjA0MC0wNy0zMFQyMjowNTowNi4wODhaIiBSZWNpcGllbnQ9Imh0dHBzOi8vcnAuZXhhbXBsZS5vcmcvYWNzIi8+PC9zYW1sMjpTdWJqZWN0Q29uZmlybWF0aW9uPjwvc2FtbDI6U3ViamVjdD48c2FtbDI6Q29uZGl0aW9ucyBOb3RCZWZvcmU9IjIwMjAtMDgtMDRUMjE6NTk6NDUuMDgwWiIgTm90T25PckFmdGVyPSIyMDQwLTA3LTMwVDIyOjA1OjA2LjA4N1oiLz48L3NhbWwyOkFzc2VydGlvbj48L3NhbWwycDpSZXNwb25zZT4=";
 
 	@Autowired
 	private ConfigurableApplicationContext context;
@@ -129,7 +131,9 @@ public class Saml2LoginConfigurerTests {
 	MockMvc mvc;
 
 	private MockHttpServletRequest request;
+
 	private MockHttpServletResponse response;
+
 	private MockFilterChain filterChain;
 
 	@Before
@@ -155,7 +159,8 @@ public class Saml2LoginConfigurerTests {
 	}
 
 	@Test
-	public void saml2LoginWhenConfiguringAuthenticationDefaultsUsingCustomizerThenTheProviderIsConfigured() throws Exception {
+	public void saml2LoginWhenConfiguringAuthenticationDefaultsUsingCustomizerThenTheProviderIsConfigured()
+			throws Exception {
 		// setup application context
 		this.spring.register(Saml2LoginConfigWithAuthenticationDefaultsWithPostProcessor.class).autowire();
 		validateSaml2WebSsoAuthenticationFilterConfiguration();
@@ -166,12 +171,9 @@ public class Saml2LoginConfigurerTests {
 		this.spring.register(CustomAuthenticationRequestContextResolver.class).autowire();
 
 		Saml2AuthenticationRequestContext context = authenticationRequestContext().build();
-		Saml2AuthenticationRequestContextResolver resolver =
-				CustomAuthenticationRequestContextResolver.resolver;
-		when(resolver.resolve(any(HttpServletRequest.class)))
-				.thenReturn(context);
-		this.mvc.perform(get("/saml2/authenticate/registration-id"))
-				.andExpect(status().isFound());
+		Saml2AuthenticationRequestContextResolver resolver = CustomAuthenticationRequestContextResolver.resolver;
+		when(resolver.resolve(any(HttpServletRequest.class))).thenReturn(context);
+		this.mvc.perform(get("/saml2/authenticate/registration-id")).andExpect(status().isFound());
 		verify(resolver).resolve(any(HttpServletRequest.class));
 	}
 
@@ -179,10 +181,8 @@ public class Saml2LoginConfigurerTests {
 	public void authenticationRequestWhenAuthnRequestConsumerResolverThenUses() throws Exception {
 		this.spring.register(CustomAuthnRequestConsumerResolver.class).autowire();
 
-		MvcResult result = this.mvc.perform(get("/saml2/authenticate/registration-id"))
-				.andReturn();
-		UriComponents components = UriComponentsBuilder
-				.fromHttpUrl(result.getResponse().getRedirectedUrl()).build();
+		MvcResult result = this.mvc.perform(get("/saml2/authenticate/registration-id")).andReturn();
+		UriComponents components = UriComponentsBuilder.fromHttpUrl(result.getResponse().getRedirectedUrl()).build();
 		String samlRequest = components.getQueryParams().getFirst("SAMLRequest");
 		String decoded = URLDecoder.decode(samlRequest, "UTF-8");
 		String inflated = samlInflate(samlDecode(decoded));
@@ -193,79 +193,63 @@ public class Saml2LoginConfigurerTests {
 	public void authenticateWhenCustomAuthenticationConverterThenUses() throws Exception {
 		this.spring.register(CustomAuthenticationConverter.class).autowire();
 		RelyingPartyRegistration relyingPartyRegistration = noCredentials()
-				.assertingPartyDetails(party -> party
-					.verificationX509Credentials(c -> c.add(relyingPartyVerifyingCredential()))
-				)
+				.assertingPartyDetails(
+						party -> party.verificationX509Credentials(c -> c.add(relyingPartyVerifyingCredential())))
 				.build();
 		String response = new String(samlDecode(SIGNED_RESPONSE));
 		when(CustomAuthenticationConverter.authenticationConverter.convert(any(HttpServletRequest.class)))
 				.thenReturn(new Saml2AuthenticationToken(relyingPartyRegistration, response));
-		this.mvc.perform(post("/login/saml2/sso/" + relyingPartyRegistration.getRegistrationId())
-				.param("SAMLResponse", SIGNED_RESPONSE))
-				.andExpect(redirectedUrl("/"));
+		this.mvc.perform(post("/login/saml2/sso/" + relyingPartyRegistration.getRegistrationId()).param("SAMLResponse",
+				SIGNED_RESPONSE)).andExpect(redirectedUrl("/"));
 		verify(CustomAuthenticationConverter.authenticationConverter).convert(any(HttpServletRequest.class));
 	}
 
 	private void validateSaml2WebSsoAuthenticationFilterConfiguration() {
 		// get the OpenSamlAuthenticationProvider
 		Saml2WebSsoAuthenticationFilter filter = getSaml2SsoFilter(this.springSecurityFilterChain);
-		AuthenticationManager manager =
-				(AuthenticationManager) ReflectionTestUtils.getField(filter, "authenticationManager");
+		AuthenticationManager manager = (AuthenticationManager) ReflectionTestUtils.getField(filter,
+				"authenticationManager");
 		ProviderManager pm = (ProviderManager) manager;
-		AuthenticationProvider provider = pm.getProviders()
-				.stream()
-				.filter(p -> p instanceof OpenSamlAuthenticationProvider)
-				.findFirst()
-				.get();
+		AuthenticationProvider provider = pm.getProviders().stream()
+				.filter(p -> p instanceof OpenSamlAuthenticationProvider).findFirst().get();
 		Assert.assertSame(AUTHORITIES_EXTRACTOR, ReflectionTestUtils.getField(provider, "authoritiesExtractor"));
 		Assert.assertSame(AUTHORITIES_MAPPER, ReflectionTestUtils.getField(provider, "authoritiesMapper"));
-		Assert.assertSame(RESPONSE_TIME_VALIDATION_SKEW, ReflectionTestUtils.getField(provider, "responseTimeValidationSkew"));
+		Assert.assertSame(RESPONSE_TIME_VALIDATION_SKEW,
+				ReflectionTestUtils.getField(provider, "responseTimeValidationSkew"));
 	}
 
 	private Saml2WebSsoAuthenticationFilter getSaml2SsoFilter(FilterChainProxy chain) {
-		return (Saml2WebSsoAuthenticationFilter) chain.getFilters("/login/saml2/sso/test")
-				.stream()
-				.filter(f -> f instanceof Saml2WebSsoAuthenticationFilter)
-				.findFirst()
-				.get();
+		return (Saml2WebSsoAuthenticationFilter) chain.getFilters("/login/saml2/sso/test").stream()
+				.filter(f -> f instanceof Saml2WebSsoAuthenticationFilter).findFirst().get();
 	}
 
 	private void performSaml2Login(String expected) throws IOException, ServletException {
 		// setup authentication parameters
-		this.request.setParameter(
-				"SAMLResponse",
-				Base64.getEncoder().encodeToString(
-						"saml2-xml-response-object".getBytes()
-				)
-		);
-
+		this.request.setParameter("SAMLResponse",
+				Base64.getEncoder().encodeToString("saml2-xml-response-object".getBytes()));
 
 		// perform test
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain);
 
 		// assertions
 		Authentication authentication = this.securityContextRepository
-				.loadContext(new HttpRequestResponseHolder(this.request, this.response))
-				.getAuthentication();
+				.loadContext(new HttpRequestResponseHolder(this.request, this.response)).getAuthentication();
 		Assert.assertNotNull("Expected a valid authentication object.", authentication);
 		assertThat(authentication.getAuthorities()).hasSize(1);
-		assertThat(authentication.getAuthorities()).first()
-				.isInstanceOf(SimpleGrantedAuthority.class).hasToString(expected);
+		assertThat(authentication.getAuthorities()).first().isInstanceOf(SimpleGrantedAuthority.class)
+				.hasToString(expected);
 	}
 
-
 	@EnableWebSecurity
 	@Import(Saml2LoginConfigBeans.class)
 	static class Saml2LoginConfigWithCustomAuthenticationManager extends WebSecurityConfigurerAdapter {
 
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
-			http.saml2Login()
-				.authenticationManager(
-						getAuthenticationManagerMock("ROLE_AUTH_MANAGER")
-				);
+			http.saml2Login().authenticationManager(getAuthenticationManagerMock("ROLE_AUTH_MANAGER"));
 			super.configure(http);
 		}
+
 	}
 
 	@EnableWebSecurity
@@ -274,8 +258,7 @@ public class Saml2LoginConfigurerTests {
 
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
-			ObjectPostProcessor<OpenSamlAuthenticationProvider> processor
-					= new ObjectPostProcessor<OpenSamlAuthenticationProvider>() {
+			ObjectPostProcessor<OpenSamlAuthenticationProvider> processor = new ObjectPostProcessor<OpenSamlAuthenticationProvider>() {
 				@Override
 				public <O extends OpenSamlAuthenticationProvider> O postProcess(O provider) {
 					provider.setResponseTimeValidationSkew(RESPONSE_TIME_VALIDATION_SKEW);
@@ -285,18 +268,18 @@ public class Saml2LoginConfigurerTests {
 				}
 			};
 
-			http.saml2Login()
-					.addObjectPostProcessor(processor)
-			;
+			http.saml2Login().addObjectPostProcessor(processor);
 			super.configure(http);
 		}
+
 	}
 
 	@EnableWebSecurity
 	@Import(Saml2LoginConfigBeans.class)
 	static class CustomAuthenticationRequestContextResolver extends WebSecurityConfigurerAdapter {
-		private static final Saml2AuthenticationRequestContextResolver resolver =
-				mock(Saml2AuthenticationRequestContextResolver.class);
+
+		private static final Saml2AuthenticationRequestContextResolver resolver = mock(
+				Saml2AuthenticationRequestContextResolver.class);
 
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
@@ -313,6 +296,7 @@ public class Saml2LoginConfigurerTests {
 		Saml2AuthenticationRequestContextResolver resolver() {
 			return resolver;
 		}
+
 	}
 
 	@EnableWebSecurity
@@ -332,47 +316,38 @@ public class Saml2LoginConfigurerTests {
 
 		@Bean
 		Saml2AuthenticationRequestFactory authenticationRequestFactory() {
-			OpenSamlAuthenticationRequestFactory authenticationRequestFactory =
-					new OpenSamlAuthenticationRequestFactory();
-			authenticationRequestFactory.setAuthnRequestConsumerResolver(
-					context -> authnRequest -> authnRequest.setForceAuthn(true));
+			OpenSamlAuthenticationRequestFactory authenticationRequestFactory = new OpenSamlAuthenticationRequestFactory();
+			authenticationRequestFactory
+					.setAuthnRequestConsumerResolver(context -> authnRequest -> authnRequest.setForceAuthn(true));
 			return authenticationRequestFactory;
 		}
+
 	}
 
 	@EnableWebSecurity
 	@Import(Saml2LoginConfigBeans.class)
 	static class CustomAuthenticationConverter extends WebSecurityConfigurerAdapter {
+
 		static final AuthenticationConverter authenticationConverter = mock(AuthenticationConverter.class);
 
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
-			http
-				.authorizeRequests(authz -> authz
-					.anyRequest().authenticated()
-				)
-				.saml2Login(saml2 -> saml2
-					.authenticationConverter(authenticationConverter)
-				);
+			http.authorizeRequests(authz -> authz.anyRequest().authenticated())
+					.saml2Login(saml2 -> saml2.authenticationConverter(authenticationConverter));
 		}
+
 	}
 
 	private static AuthenticationManager getAuthenticationManagerMock(String role) {
 		return new AuthenticationManager() {
 
 			@Override
-			public Authentication authenticate(Authentication authentication)
-					throws AuthenticationException {
+			public Authentication authenticate(Authentication authentication) throws AuthenticationException {
 				if (!supports(authentication.getClass())) {
 					throw new AuthenticationServiceException("not supported");
 				}
-				return new Saml2Authentication(
-						() -> "auth principal",
-						"saml2 response",
-						Collections.singletonList(
-								new SimpleGrantedAuthority(role)
-						)
-				);
+				return new Saml2Authentication(() -> "auth principal", "saml2 response",
+						Collections.singletonList(new SimpleGrantedAuthority(role)));
 			}
 
 			public boolean supports(Class<?> authentication) {
@@ -391,14 +366,14 @@ public class Saml2LoginConfigurerTests {
 		@Bean
 		RelyingPartyRegistrationRepository relyingPartyRegistrationRepository() {
 			RelyingPartyRegistrationRepository repository = mock(RelyingPartyRegistrationRepository.class);
-			when(repository.findByRegistrationId(anyString()))
-					.thenReturn(relyingPartyRegistration().build());
+			when(repository.findByRegistrationId(anyString())).thenReturn(relyingPartyRegistration().build());
 			return repository;
 		}
+
 	}
 
-	private static org.apache.commons.codec.binary.Base64 BASE64 =
-			new org.apache.commons.codec.binary.Base64(0, new byte[]{'\n'});
+	private static org.apache.commons.codec.binary.Base64 BASE64 = new org.apache.commons.codec.binary.Base64(0,
+			new byte[] { '\n' });
 
 	private static byte[] samlDecode(String s) {
 		return BASE64.decode(s);
@@ -416,4 +391,5 @@ public class Saml2LoginConfigurerTests {
 			throw new Saml2Exception("Unable to inflate string", e);
 		}
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/TestSaml2Credentials.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/TestSaml2Credentials.java
index 4a6922f4df..4c47cf13fb 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/TestSaml2Credentials.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/TestSaml2Credentials.java
@@ -35,82 +35,77 @@ import static org.springframework.security.saml2.credentials.Saml2X509Credential
 public class TestSaml2Credentials {
 
 	static Saml2X509Credential verificationCertificate() {
-		String certificate = "-----BEGIN CERTIFICATE-----\n" +
-				"MIIEEzCCAvugAwIBAgIJAIc1qzLrv+5nMA0GCSqGSIb3DQEBCwUAMIGfMQswCQYD\n" +
-				"VQQGEwJVUzELMAkGA1UECAwCQ08xFDASBgNVBAcMC0Nhc3RsZSBSb2NrMRwwGgYD\n" +
-				"VQQKDBNTYW1sIFRlc3RpbmcgU2VydmVyMQswCQYDVQQLDAJJVDEgMB4GA1UEAwwX\n" +
-				"c2ltcGxlc2FtbHBocC5jZmFwcHMuaW8xIDAeBgkqhkiG9w0BCQEWEWZoYW5pa0Bw\n" +
-				"aXZvdGFsLmlvMB4XDTE1MDIyMzIyNDUwM1oXDTI1MDIyMjIyNDUwM1owgZ8xCzAJ\n" +
-				"BgNVBAYTAlVTMQswCQYDVQQIDAJDTzEUMBIGA1UEBwwLQ2FzdGxlIFJvY2sxHDAa\n" +
-				"BgNVBAoME1NhbWwgVGVzdGluZyBTZXJ2ZXIxCzAJBgNVBAsMAklUMSAwHgYDVQQD\n" +
-				"DBdzaW1wbGVzYW1scGhwLmNmYXBwcy5pbzEgMB4GCSqGSIb3DQEJARYRZmhhbmlr\n" +
-				"QHBpdm90YWwuaW8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4cn62\n" +
-				"E1xLqpN34PmbrKBbkOXFjzWgJ9b+pXuaRft6A339uuIQeoeH5qeSKRVTl32L0gdz\n" +
-				"2ZivLwZXW+cqvftVW1tvEHvzJFyxeTW3fCUeCQsebLnA2qRa07RkxTo6Nf244mWW\n" +
-				"RDodcoHEfDUSbxfTZ6IExSojSIU2RnD6WllYWFdD1GFpBJOmQB8rAc8wJIBdHFdQ\n" +
-				"nX8Ttl7hZ6rtgqEYMzYVMuJ2F2r1HSU1zSAvwpdYP6rRGFRJEfdA9mm3WKfNLSc5\n" +
-				"cljz0X/TXy0vVlAV95l9qcfFzPmrkNIst9FZSwpvB49LyAVke04FQPPwLgVH4gph\n" +
-				"iJH3jvZ7I+J5lS8VAgMBAAGjUDBOMB0GA1UdDgQWBBTTyP6Cc5HlBJ5+ucVCwGc5\n" +
-				"ogKNGzAfBgNVHSMEGDAWgBTTyP6Cc5HlBJ5+ucVCwGc5ogKNGzAMBgNVHRMEBTAD\n" +
-				"AQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAvMS4EQeP/ipV4jOG5lO6/tYCb/iJeAduO\n" +
-				"nRhkJk0DbX329lDLZhTTL/x/w/9muCVcvLrzEp6PN+VWfw5E5FWtZN0yhGtP9R+v\n" +
-				"ZnrV+oc2zGD+no1/ySFOe3EiJCO5dehxKjYEmBRv5sU/LZFKZpozKN/BMEa6CqLu\n" +
-				"xbzb7ykxVr7EVFXwltPxzE9TmL9OACNNyF5eJHWMRMllarUvkcXlh4pux4ks9e6z\n" +
-				"V9DQBy2zds9f1I3qxg0eX6JnGrXi/ZiCT+lJgVe3ZFXiejiLAiKB04sXW3ti0LW3\n" +
-				"lx13Y1YlQ4/tlpgTgfIJxKV6nyPiLoK0nywbMd+vpAirDt2Oc+hk\n" +
-				"-----END CERTIFICATE-----";
-		return new Saml2X509Credential(
-				x509Certificate(certificate),
-				VERIFICATION
-		);
+		String certificate = "-----BEGIN CERTIFICATE-----\n"
+				+ "MIIEEzCCAvugAwIBAgIJAIc1qzLrv+5nMA0GCSqGSIb3DQEBCwUAMIGfMQswCQYD\n"
+				+ "VQQGEwJVUzELMAkGA1UECAwCQ08xFDASBgNVBAcMC0Nhc3RsZSBSb2NrMRwwGgYD\n"
+				+ "VQQKDBNTYW1sIFRlc3RpbmcgU2VydmVyMQswCQYDVQQLDAJJVDEgMB4GA1UEAwwX\n"
+				+ "c2ltcGxlc2FtbHBocC5jZmFwcHMuaW8xIDAeBgkqhkiG9w0BCQEWEWZoYW5pa0Bw\n"
+				+ "aXZvdGFsLmlvMB4XDTE1MDIyMzIyNDUwM1oXDTI1MDIyMjIyNDUwM1owgZ8xCzAJ\n"
+				+ "BgNVBAYTAlVTMQswCQYDVQQIDAJDTzEUMBIGA1UEBwwLQ2FzdGxlIFJvY2sxHDAa\n"
+				+ "BgNVBAoME1NhbWwgVGVzdGluZyBTZXJ2ZXIxCzAJBgNVBAsMAklUMSAwHgYDVQQD\n"
+				+ "DBdzaW1wbGVzYW1scGhwLmNmYXBwcy5pbzEgMB4GCSqGSIb3DQEJARYRZmhhbmlr\n"
+				+ "QHBpdm90YWwuaW8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4cn62\n"
+				+ "E1xLqpN34PmbrKBbkOXFjzWgJ9b+pXuaRft6A339uuIQeoeH5qeSKRVTl32L0gdz\n"
+				+ "2ZivLwZXW+cqvftVW1tvEHvzJFyxeTW3fCUeCQsebLnA2qRa07RkxTo6Nf244mWW\n"
+				+ "RDodcoHEfDUSbxfTZ6IExSojSIU2RnD6WllYWFdD1GFpBJOmQB8rAc8wJIBdHFdQ\n"
+				+ "nX8Ttl7hZ6rtgqEYMzYVMuJ2F2r1HSU1zSAvwpdYP6rRGFRJEfdA9mm3WKfNLSc5\n"
+				+ "cljz0X/TXy0vVlAV95l9qcfFzPmrkNIst9FZSwpvB49LyAVke04FQPPwLgVH4gph\n"
+				+ "iJH3jvZ7I+J5lS8VAgMBAAGjUDBOMB0GA1UdDgQWBBTTyP6Cc5HlBJ5+ucVCwGc5\n"
+				+ "ogKNGzAfBgNVHSMEGDAWgBTTyP6Cc5HlBJ5+ucVCwGc5ogKNGzAMBgNVHRMEBTAD\n"
+				+ "AQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAvMS4EQeP/ipV4jOG5lO6/tYCb/iJeAduO\n"
+				+ "nRhkJk0DbX329lDLZhTTL/x/w/9muCVcvLrzEp6PN+VWfw5E5FWtZN0yhGtP9R+v\n"
+				+ "ZnrV+oc2zGD+no1/ySFOe3EiJCO5dehxKjYEmBRv5sU/LZFKZpozKN/BMEa6CqLu\n"
+				+ "xbzb7ykxVr7EVFXwltPxzE9TmL9OACNNyF5eJHWMRMllarUvkcXlh4pux4ks9e6z\n"
+				+ "V9DQBy2zds9f1I3qxg0eX6JnGrXi/ZiCT+lJgVe3ZFXiejiLAiKB04sXW3ti0LW3\n"
+				+ "lx13Y1YlQ4/tlpgTgfIJxKV6nyPiLoK0nywbMd+vpAirDt2Oc+hk\n" + "-----END CERTIFICATE-----";
+		return new Saml2X509Credential(x509Certificate(certificate), VERIFICATION);
 	}
 
 	static X509Certificate x509Certificate(String source) {
 		try {
 			final CertificateFactory factory = CertificateFactory.getInstance("X.509");
-			return (X509Certificate) factory.generateCertificate(
-					new ByteArrayInputStream(source.getBytes(StandardCharsets.UTF_8))
-			);
-		} catch (Exception e) {
+			return (X509Certificate) factory
+					.generateCertificate(new ByteArrayInputStream(source.getBytes(StandardCharsets.UTF_8)));
+		}
+		catch (Exception e) {
 			throw new IllegalArgumentException(e);
 		}
 	}
 
 	static Saml2X509Credential signingCredential() {
-		String key = "-----BEGIN PRIVATE KEY-----\n" +
-				"MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBANG7v8QjQGU3MwQE\n" +
-				"VUBxvH6Uuiy/MhZT7TV0ZNjyAF2ExA1gpn3aUxx6jYK5UnrpxRRE/KbeLucYbOhK\n" +
-				"cDECt77Rggz5TStrOta0BQTvfluRyoQtmQ5Nkt6Vqg7O2ZapFt7k64Sal7AftzH6\n" +
-				"Q2BxWN1y04bLdDrH4jipqRj/2qEFAgMBAAECgYEAj4ExY1jjdN3iEDuOwXuRB+Nn\n" +
-				"x7pC4TgntE2huzdKvLJdGvIouTArce8A6JM5NlTBvm69mMepvAHgcsiMH1zGr5J5\n" +
-				"wJz23mGOyhM1veON41/DJTVG+cxq4soUZhdYy3bpOuXGMAaJ8QLMbQQoivllNihd\n" +
-				"vwH0rNSK8LTYWWPZYIECQQDxct+TFX1VsQ1eo41K0T4fu2rWUaxlvjUGhK6HxTmY\n" +
-				"8OMJptunGRJL1CUjIb45Uz7SP8TPz5FwhXWsLfS182kRAkEA3l+Qd9C9gdpUh1uX\n" +
-				"oPSNIxn5hFUrSTW1EwP9QH9vhwb5Vr8Jrd5ei678WYDLjUcx648RjkjhU9jSMzIx\n" +
-				"EGvYtQJBAMm/i9NR7IVyyNIgZUpz5q4LI21rl1r4gUQuD8vA36zM81i4ROeuCly0\n" +
-				"KkfdxR4PUfnKcQCX11YnHjk9uTFj75ECQEFY/gBnxDjzqyF35hAzrYIiMPQVfznt\n" +
-				"YX/sDTE2AdVBVGaMj1Cb51bPHnNC6Q5kXKQnj/YrLqRQND09Q7ParX0CQQC5NxZr\n" +
-				"9jKqhHj8yQD6PlXTsY4Occ7DH6/IoDenfdEVD5qlet0zmd50HatN2Jiqm5ubN7CM\n" +
-				"INrtuLp4YHbgk1mi\n" +
-				"-----END PRIVATE KEY-----";
-		String certificate = "-----BEGIN CERTIFICATE-----\n" +
-				"MIICgTCCAeoCCQCuVzyqFgMSyDANBgkqhkiG9w0BAQsFADCBhDELMAkGA1UEBhMC\n" +
-				"VVMxEzARBgNVBAgMCldhc2hpbmd0b24xEjAQBgNVBAcMCVZhbmNvdXZlcjEdMBsG\n" +
-				"A1UECgwUU3ByaW5nIFNlY3VyaXR5IFNBTUwxCzAJBgNVBAsMAnNwMSAwHgYDVQQD\n" +
-				"DBdzcC5zcHJpbmcuc2VjdXJpdHkuc2FtbDAeFw0xODA1MTQxNDMwNDRaFw0yODA1\n" +
-				"MTExNDMwNDRaMIGEMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjES\n" +
-				"MBAGA1UEBwwJVmFuY291dmVyMR0wGwYDVQQKDBRTcHJpbmcgU2VjdXJpdHkgU0FN\n" +
-				"TDELMAkGA1UECwwCc3AxIDAeBgNVBAMMF3NwLnNwcmluZy5zZWN1cml0eS5zYW1s\n" +
-				"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDRu7/EI0BlNzMEBFVAcbx+lLos\n" +
-				"vzIWU+01dGTY8gBdhMQNYKZ92lMceo2CuVJ66cUURPym3i7nGGzoSnAxAre+0YIM\n" +
-				"+U0razrWtAUE735bkcqELZkOTZLelaoOztmWqRbe5OuEmpewH7cx+kNgcVjdctOG\n" +
-				"y3Q6x+I4qakY/9qhBQIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAAeViTvHOyQopWEi\n" +
-				"XOfI2Z9eukwrSknDwq/zscR0YxwwqDBMt/QdAODfSwAfnciiYLkmEjlozWRtOeN+\n" +
-				"qK7UFgP1bRl5qksrYX5S0z2iGJh0GvonLUt3e20Ssfl5tTEDDnAEUMLfBkyaxEHD\n" +
-				"RZ/nbTJ7VTeZOSyRoVn5XHhpuJ0B\n" +
-				"-----END CERTIFICATE-----";
+		String key = "-----BEGIN PRIVATE KEY-----\n"
+				+ "MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBANG7v8QjQGU3MwQE\n"
+				+ "VUBxvH6Uuiy/MhZT7TV0ZNjyAF2ExA1gpn3aUxx6jYK5UnrpxRRE/KbeLucYbOhK\n"
+				+ "cDECt77Rggz5TStrOta0BQTvfluRyoQtmQ5Nkt6Vqg7O2ZapFt7k64Sal7AftzH6\n"
+				+ "Q2BxWN1y04bLdDrH4jipqRj/2qEFAgMBAAECgYEAj4ExY1jjdN3iEDuOwXuRB+Nn\n"
+				+ "x7pC4TgntE2huzdKvLJdGvIouTArce8A6JM5NlTBvm69mMepvAHgcsiMH1zGr5J5\n"
+				+ "wJz23mGOyhM1veON41/DJTVG+cxq4soUZhdYy3bpOuXGMAaJ8QLMbQQoivllNihd\n"
+				+ "vwH0rNSK8LTYWWPZYIECQQDxct+TFX1VsQ1eo41K0T4fu2rWUaxlvjUGhK6HxTmY\n"
+				+ "8OMJptunGRJL1CUjIb45Uz7SP8TPz5FwhXWsLfS182kRAkEA3l+Qd9C9gdpUh1uX\n"
+				+ "oPSNIxn5hFUrSTW1EwP9QH9vhwb5Vr8Jrd5ei678WYDLjUcx648RjkjhU9jSMzIx\n"
+				+ "EGvYtQJBAMm/i9NR7IVyyNIgZUpz5q4LI21rl1r4gUQuD8vA36zM81i4ROeuCly0\n"
+				+ "KkfdxR4PUfnKcQCX11YnHjk9uTFj75ECQEFY/gBnxDjzqyF35hAzrYIiMPQVfznt\n"
+				+ "YX/sDTE2AdVBVGaMj1Cb51bPHnNC6Q5kXKQnj/YrLqRQND09Q7ParX0CQQC5NxZr\n"
+				+ "9jKqhHj8yQD6PlXTsY4Occ7DH6/IoDenfdEVD5qlet0zmd50HatN2Jiqm5ubN7CM\n" + "INrtuLp4YHbgk1mi\n"
+				+ "-----END PRIVATE KEY-----";
+		String certificate = "-----BEGIN CERTIFICATE-----\n"
+				+ "MIICgTCCAeoCCQCuVzyqFgMSyDANBgkqhkiG9w0BAQsFADCBhDELMAkGA1UEBhMC\n"
+				+ "VVMxEzARBgNVBAgMCldhc2hpbmd0b24xEjAQBgNVBAcMCVZhbmNvdXZlcjEdMBsG\n"
+				+ "A1UECgwUU3ByaW5nIFNlY3VyaXR5IFNBTUwxCzAJBgNVBAsMAnNwMSAwHgYDVQQD\n"
+				+ "DBdzcC5zcHJpbmcuc2VjdXJpdHkuc2FtbDAeFw0xODA1MTQxNDMwNDRaFw0yODA1\n"
+				+ "MTExNDMwNDRaMIGEMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjES\n"
+				+ "MBAGA1UEBwwJVmFuY291dmVyMR0wGwYDVQQKDBRTcHJpbmcgU2VjdXJpdHkgU0FN\n"
+				+ "TDELMAkGA1UECwwCc3AxIDAeBgNVBAMMF3NwLnNwcmluZy5zZWN1cml0eS5zYW1s\n"
+				+ "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDRu7/EI0BlNzMEBFVAcbx+lLos\n"
+				+ "vzIWU+01dGTY8gBdhMQNYKZ92lMceo2CuVJ66cUURPym3i7nGGzoSnAxAre+0YIM\n"
+				+ "+U0razrWtAUE735bkcqELZkOTZLelaoOztmWqRbe5OuEmpewH7cx+kNgcVjdctOG\n"
+				+ "y3Q6x+I4qakY/9qhBQIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAAeViTvHOyQopWEi\n"
+				+ "XOfI2Z9eukwrSknDwq/zscR0YxwwqDBMt/QdAODfSwAfnciiYLkmEjlozWRtOeN+\n"
+				+ "qK7UFgP1bRl5qksrYX5S0z2iGJh0GvonLUt3e20Ssfl5tTEDDnAEUMLfBkyaxEHD\n"
+				+ "RZ/nbTJ7VTeZOSyRoVn5XHhpuJ0B\n" + "-----END CERTIFICATE-----";
 		PrivateKey pk = RsaKeyConverters.pkcs8().convert(new ByteArrayInputStream(key.getBytes()));
 		X509Certificate cert = x509Certificate(certificate);
 		return new Saml2X509Credential(pk, cert, SIGNING, DECRYPTION);
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistryTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistryTests.java
index 1893a4f082..698da20bba 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistryTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistryTests.java
@@ -36,6 +36,7 @@ import static org.mockito.Mockito.when;
 
 @RunWith(MockitoJUnitRunner.class)
 public class MessageSecurityMetadataSourceRegistryTests {
+
 	@Mock
 	private MessageMatcher<Object> matcher;
 
@@ -46,11 +47,8 @@ public class MessageSecurityMetadataSourceRegistryTests {
 	@Before
 	public void setup() {
 		messages = new MessageSecurityMetadataSourceRegistry();
-		message = MessageBuilder
-				.withPayload("Hi")
-				.setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "location")
-				.setHeader(SimpMessageHeaderAccessor.MESSAGE_TYPE_HEADER,
-						SimpMessageType.MESSAGE).build();
+		message = MessageBuilder.withPayload("Hi").setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "location")
+				.setHeader(SimpMessageHeaderAccessor.MESSAGE_TYPE_HEADER, SimpMessageType.MESSAGE).build();
 	}
 
 	// See
@@ -58,42 +56,30 @@ public class MessageSecurityMetadataSourceRegistryTests {
 	// https://jira.spring.io/browse/SPR-11660
 	@Test
 	public void simpDestMatchersCustom() {
-		message = MessageBuilder
-				.withPayload("Hi")
-				.setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER,
-						"price.stock.1.2").build();
-		messages.simpDestPathMatcher(new AntPathMatcher("."))
-				.simpDestMatchers("price.stock.*").permitAll();
+		message = MessageBuilder.withPayload("Hi")
+				.setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "price.stock.1.2").build();
+		messages.simpDestPathMatcher(new AntPathMatcher(".")).simpDestMatchers("price.stock.*").permitAll();
 
 		assertThat(getAttribute()).isNull();
 
-		message = MessageBuilder
-				.withPayload("Hi")
-				.setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER,
-						"price.stock.1.2").build();
-		messages.simpDestPathMatcher(new AntPathMatcher("."))
-				.simpDestMatchers("price.stock.**").permitAll();
+		message = MessageBuilder.withPayload("Hi")
+				.setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "price.stock.1.2").build();
+		messages.simpDestPathMatcher(new AntPathMatcher(".")).simpDestMatchers("price.stock.**").permitAll();
 
 		assertThat(getAttribute()).isEqualTo("permitAll");
 	}
 
 	@Test
 	public void simpDestMatchersCustomSetAfterMatchersDoesNotMatter() {
-		message = MessageBuilder
-				.withPayload("Hi")
-				.setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER,
-						"price.stock.1.2").build();
-		messages.simpDestMatchers("price.stock.*").permitAll()
-				.simpDestPathMatcher(new AntPathMatcher("."));
+		message = MessageBuilder.withPayload("Hi")
+				.setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "price.stock.1.2").build();
+		messages.simpDestMatchers("price.stock.*").permitAll().simpDestPathMatcher(new AntPathMatcher("."));
 
 		assertThat(getAttribute()).isNull();
 
-		message = MessageBuilder
-				.withPayload("Hi")
-				.setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER,
-						"price.stock.1.2").build();
-		messages.simpDestMatchers("price.stock.**").permitAll()
-				.simpDestPathMatcher(new AntPathMatcher("."));
+		message = MessageBuilder.withPayload("Hi")
+				.setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "price.stock.1.2").build();
+		messages.simpDestMatchers("price.stock.**").permitAll().simpDestPathMatcher(new AntPathMatcher("."));
 
 		assertThat(getAttribute()).isEqualTo("permitAll");
 	}
@@ -127,32 +113,29 @@ public class MessageSecurityMetadataSourceRegistryTests {
 
 	@Test
 	public void simpDestMatchersMulti() {
-		messages.simpDestMatchers("admin/**", "api/**").hasRole("ADMIN")
-				.simpDestMatchers("location").permitAll();
+		messages.simpDestMatchers("admin/**", "api/**").hasRole("ADMIN").simpDestMatchers("location").permitAll();
 
 		assertThat(getAttribute()).isEqualTo("permitAll");
 	}
 
 	@Test
 	public void simpDestMatchersRole() {
-		messages.simpDestMatchers("admin/**", "location/**").hasRole("ADMIN")
-				.anyMessage().denyAll();
+		messages.simpDestMatchers("admin/**", "location/**").hasRole("ADMIN").anyMessage().denyAll();
 
 		assertThat(getAttribute()).isEqualTo("hasRole('ROLE_ADMIN')");
 	}
 
 	@Test
 	public void simpDestMatchersAnyRole() {
-		messages.simpDestMatchers("admin/**", "location/**").hasAnyRole("ADMIN", "ROOT")
-				.anyMessage().denyAll();
+		messages.simpDestMatchers("admin/**", "location/**").hasAnyRole("ADMIN", "ROOT").anyMessage().denyAll();
 
 		assertThat(getAttribute()).isEqualTo("hasAnyRole('ROLE_ADMIN','ROLE_ROOT')");
 	}
 
 	@Test
 	public void simpDestMatchersAuthority() {
-		messages.simpDestMatchers("admin/**", "location/**").hasAuthority("ROLE_ADMIN")
-				.anyMessage().fullyAuthenticated();
+		messages.simpDestMatchers("admin/**", "location/**").hasAuthority("ROLE_ADMIN").anyMessage()
+				.fullyAuthenticated();
 
 		assertThat(getAttribute()).isEqualTo("hasAuthority('ROLE_ADMIN')");
 	}
@@ -160,48 +143,43 @@ public class MessageSecurityMetadataSourceRegistryTests {
 	@Test
 	public void simpDestMatchersAccess() {
 		String expected = "hasRole('ROLE_ADMIN') and fullyAuthenticated";
-		messages.simpDestMatchers("admin/**", "location/**").access(expected)
-				.anyMessage().denyAll();
+		messages.simpDestMatchers("admin/**", "location/**").access(expected).anyMessage().denyAll();
 
 		assertThat(getAttribute()).isEqualTo(expected);
 	}
 
 	@Test
 	public void simpDestMatchersAnyAuthority() {
-		messages.simpDestMatchers("admin/**", "location/**")
-				.hasAnyAuthority("ROLE_ADMIN", "ROLE_ROOT").anyMessage().denyAll();
+		messages.simpDestMatchers("admin/**", "location/**").hasAnyAuthority("ROLE_ADMIN", "ROLE_ROOT").anyMessage()
+				.denyAll();
 
 		assertThat(getAttribute()).isEqualTo("hasAnyAuthority('ROLE_ADMIN','ROLE_ROOT')");
 	}
 
 	@Test
 	public void simpDestMatchersRememberMe() {
-		messages.simpDestMatchers("admin/**", "location/**").rememberMe().anyMessage()
-				.denyAll();
+		messages.simpDestMatchers("admin/**", "location/**").rememberMe().anyMessage().denyAll();
 
 		assertThat(getAttribute()).isEqualTo("rememberMe");
 	}
 
 	@Test
 	public void simpDestMatchersAnonymous() {
-		messages.simpDestMatchers("admin/**", "location/**").anonymous().anyMessage()
-				.denyAll();
+		messages.simpDestMatchers("admin/**", "location/**").anonymous().anyMessage().denyAll();
 
 		assertThat(getAttribute()).isEqualTo("anonymous");
 	}
 
 	@Test
 	public void simpDestMatchersFullyAuthenticated() {
-		messages.simpDestMatchers("admin/**", "location/**").fullyAuthenticated()
-				.anyMessage().denyAll();
+		messages.simpDestMatchers("admin/**", "location/**").fullyAuthenticated().anyMessage().denyAll();
 
 		assertThat(getAttribute()).isEqualTo("fullyAuthenticated");
 	}
 
 	@Test
 	public void simpDestMatchersDenyAll() {
-		messages.simpDestMatchers("admin/**", "location/**").denyAll().anyMessage()
-				.permitAll();
+		messages.simpDestMatchers("admin/**", "location/**").denyAll().anyMessage().permitAll();
 
 		assertThat(getAttribute()).isEqualTo("denyAll");
 	}
@@ -215,29 +193,24 @@ public class MessageSecurityMetadataSourceRegistryTests {
 
 	@Test
 	public void simpDestMessageMatchersMatch() {
-		messages.simpMessageDestMatchers("location/**").denyAll().anyMessage()
-				.permitAll();
+		messages.simpMessageDestMatchers("location/**").denyAll().anyMessage().permitAll();
 
 		assertThat(getAttribute()).isEqualTo("denyAll");
 	}
 
 	@Test
 	public void simpDestSubscribeMatchersNotMatch() {
-		messages.simpSubscribeDestMatchers("location/**").denyAll().anyMessage()
-				.permitAll();
+		messages.simpSubscribeDestMatchers("location/**").denyAll().anyMessage().permitAll();
 
 		assertThat(getAttribute()).isEqualTo("permitAll");
 	}
 
 	@Test
 	public void simpDestSubscribeMatchersMatch() {
-		message = MessageBuilder
-				.fromMessage(message)
-				.setHeader(SimpMessageHeaderAccessor.MESSAGE_TYPE_HEADER,
-						SimpMessageType.SUBSCRIBE).build();
+		message = MessageBuilder.fromMessage(message)
+				.setHeader(SimpMessageHeaderAccessor.MESSAGE_TYPE_HEADER, SimpMessageType.SUBSCRIBE).build();
 
-		messages.simpSubscribeDestMatchers("location/**").denyAll().anyMessage()
-				.permitAll();
+		messages.simpSubscribeDestMatchers("location/**").denyAll().anyMessage().permitAll();
 
 		assertThat(getAttribute()).isEqualTo("denyAll");
 	}
@@ -251,10 +224,8 @@ public class MessageSecurityMetadataSourceRegistryTests {
 
 	@Test
 	public void nullDestMatcherMatch() {
-		message = MessageBuilder
-				.withPayload("Hi")
-				.setHeader(SimpMessageHeaderAccessor.MESSAGE_TYPE_HEADER,
-						SimpMessageType.CONNECT).build();
+		message = MessageBuilder.withPayload("Hi")
+				.setHeader(SimpMessageHeaderAccessor.MESSAGE_TYPE_HEADER, SimpMessageType.CONNECT).build();
 
 		messages.nullDestMatcher().denyAll().anyMessage().permitAll();
 
@@ -263,32 +234,29 @@ public class MessageSecurityMetadataSourceRegistryTests {
 
 	@Test
 	public void simpTypeMatchersMatch() {
-		messages.simpTypeMatchers(SimpMessageType.MESSAGE).denyAll().anyMessage()
-				.permitAll();
+		messages.simpTypeMatchers(SimpMessageType.MESSAGE).denyAll().anyMessage().permitAll();
 
 		assertThat(getAttribute()).isEqualTo("denyAll");
 	}
 
 	@Test
 	public void simpTypeMatchersMatchMulti() {
-		messages.simpTypeMatchers(SimpMessageType.CONNECT, SimpMessageType.MESSAGE)
-				.denyAll().anyMessage().permitAll();
+		messages.simpTypeMatchers(SimpMessageType.CONNECT, SimpMessageType.MESSAGE).denyAll().anyMessage().permitAll();
 
 		assertThat(getAttribute()).isEqualTo("denyAll");
 	}
 
 	@Test
 	public void simpTypeMatchersNotMatch() {
-		messages.simpTypeMatchers(SimpMessageType.CONNECT).denyAll().anyMessage()
-				.permitAll();
+		messages.simpTypeMatchers(SimpMessageType.CONNECT).denyAll().anyMessage().permitAll();
 
 		assertThat(getAttribute()).isEqualTo("permitAll");
 	}
 
 	@Test
 	public void simpTypeMatchersNotMatchMulti() {
-		messages.simpTypeMatchers(SimpMessageType.CONNECT, SimpMessageType.DISCONNECT)
-				.denyAll().anyMessage().permitAll();
+		messages.simpTypeMatchers(SimpMessageType.CONNECT, SimpMessageType.DISCONNECT).denyAll().anyMessage()
+				.permitAll();
 
 		assertThat(getAttribute()).isEqualTo("permitAll");
 	}
@@ -302,4 +270,5 @@ public class MessageSecurityMetadataSourceRegistryTests {
 		assertThat(attrs).hasSize(1);
 		return attrs.iterator().next().toString();
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurityTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurityTests.java
index 2c43f59c57..7284955211 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurityTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurityTests.java
@@ -79,6 +79,7 @@ import static org.springframework.security.test.web.reactive.server.SecurityMock
 @RunWith(SpringRunner.class)
 @SecurityTestExecutionListeners
 public class EnableWebFluxSecurityTests {
+
 	@Rule
 	public final SpringTestRule spring = new SpringTestRule();
 
@@ -89,15 +90,9 @@ public class EnableWebFluxSecurityTests {
 	public void defaultRequiresAuthentication() {
 		this.spring.register(Config.class).autowire();
 
-		WebTestClient client = WebTestClientBuilder
-			.bindToWebFilters(this.springSecurityFilterChain)
-			.build();
+		WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.springSecurityFilterChain).build();
 
-		client.get()
-			.uri("/")
-			.exchange()
-			.expectStatus().isUnauthorized()
-			.expectBody().isEmpty();
+		client.get().uri("/").exchange().expectStatus().isUnauthorized().expectBody().isEmpty();
 	}
 
 	// gh-4831
@@ -105,32 +100,19 @@ public class EnableWebFluxSecurityTests {
 	public void defaultMediaAllThenUnAuthorized() {
 		this.spring.register(Config.class).autowire();
 
-		WebTestClient client = WebTestClientBuilder
-			.bindToWebFilters(this.springSecurityFilterChain)
-			.build();
+		WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.springSecurityFilterChain).build();
 
-		client.get()
-			.uri("/")
-			.accept(MediaType.ALL)
-			.exchange()
-			.expectStatus().isUnauthorized()
-			.expectBody().isEmpty();
+		client.get().uri("/").accept(MediaType.ALL).exchange().expectStatus().isUnauthorized().expectBody().isEmpty();
 	}
 
 	@Test
 	public void authenticateWhenBasicThenNoSession() {
 		this.spring.register(Config.class).autowire();
 
-		WebTestClient client = WebTestClientBuilder
-			.bindToWebFilters(this.springSecurityFilterChain)
-			.build();
+		WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.springSecurityFilterChain).build();
 
-		FluxExchangeResult<String> result = client.get()
-			.headers(headers -> headers.setBasicAuth("user", "password"))
-			.exchange()
-			.expectStatus()
-			.isOk()
-			.returnResult(String.class);
+		FluxExchangeResult<String> result = client.get().headers(headers -> headers.setBasicAuth("user", "password"))
+				.exchange().expectStatus().isOk().returnResult(String.class);
 		result.assertWithDiagnostics(() -> assertThat(result.getResponseCookies().isEmpty()));
 	}
 
@@ -140,46 +122,35 @@ public class EnableWebFluxSecurityTests {
 		Authentication currentPrincipal = new TestingAuthenticationToken("user", "password", "ROLE_USER");
 		WebSessionServerSecurityContextRepository contextRepository = new WebSessionServerSecurityContextRepository();
 		SecurityContext context = new SecurityContextImpl(currentPrincipal);
-		WebTestClient client = WebTestClientBuilder.bindToWebFilters(
-			(exchange, chain) -> contextRepository.save(exchange, context)
-				.switchIfEmpty(chain.filter(exchange))
-				.flatMap(e -> chain.filter(exchange)),
-			this.springSecurityFilterChain,
-			(exchange, chain) ->
-				ReactiveSecurityContextHolder.getContext()
-					.map(SecurityContext::getAuthentication)
-					.flatMap( principal -> exchange.getResponse()
-						.writeWith(Mono.just(toDataBuffer(principal.getName()))))
-		).build();
+		WebTestClient client = WebTestClientBuilder
+				.bindToWebFilters(
+						(exchange, chain) -> contextRepository.save(exchange, context)
+								.switchIfEmpty(chain.filter(exchange)).flatMap(e -> chain.filter(exchange)),
+						this.springSecurityFilterChain,
+						(exchange,
+								chain) -> ReactiveSecurityContextHolder.getContext()
+										.map(SecurityContext::getAuthentication).flatMap(principal -> exchange
+												.getResponse().writeWith(Mono.just(toDataBuffer(principal.getName())))))
+				.build();
 
-		client
-			.get()
-			.uri("/")
-			.exchange()
-			.expectStatus().isOk()
-			.expectBody(String.class).consumeWith( result -> assertThat(result.getResponseBody()).isEqualTo(currentPrincipal.getName()));
+		client.get().uri("/").exchange().expectStatus().isOk().expectBody(String.class)
+				.consumeWith(result -> assertThat(result.getResponseBody()).isEqualTo(currentPrincipal.getName()));
 	}
 
 	@Test
 	public void defaultPopulatesReactorContextWhenAuthenticating() {
 		this.spring.register(Config.class).autowire();
-		WebTestClient client = WebTestClientBuilder.bindToWebFilters(
-			this.springSecurityFilterChain,
-			(exchange, chain) ->
-				ReactiveSecurityContextHolder.getContext()
-					.map(SecurityContext::getAuthentication)
-					.flatMap( principal -> exchange.getResponse()
-						.writeWith(Mono.just(toDataBuffer(principal.getName()))))
-		)
-		.build();
+		WebTestClient client = WebTestClientBuilder
+				.bindToWebFilters(this.springSecurityFilterChain,
+						(exchange,
+								chain) -> ReactiveSecurityContextHolder.getContext()
+										.map(SecurityContext::getAuthentication).flatMap(principal -> exchange
+												.getResponse().writeWith(Mono.just(toDataBuffer(principal.getName())))))
+				.build();
 
-		client
-			.get()
-			.uri("/")
-			.headers(headers -> headers.setBasicAuth("user", "password"))
-			.exchange()
-			.expectStatus().isOk()
-			.expectBody(String.class).consumeWith( result -> assertThat(result.getResponseBody()).isEqualTo("user"));
+		client.get().uri("/").headers(headers -> headers.setBasicAuth("user", "password")).exchange().expectStatus()
+				.isOk().expectBody(String.class)
+				.consumeWith(result -> assertThat(result.getResponseBody()).isEqualTo("user"));
 	}
 
 	@Test
@@ -187,52 +158,47 @@ public class EnableWebFluxSecurityTests {
 		this.spring.register(Config.class).autowire();
 
 		ConfigurableApplicationContext context = this.spring.getContext();
-		CsrfRequestDataValueProcessor rdvp = context.getBean(AbstractView.REQUEST_DATA_VALUE_PROCESSOR_BEAN_NAME, CsrfRequestDataValueProcessor.class);
+		CsrfRequestDataValueProcessor rdvp = context.getBean(AbstractView.REQUEST_DATA_VALUE_PROCESSOR_BEAN_NAME,
+				CsrfRequestDataValueProcessor.class);
 		assertThat(rdvp).isNotNull();
 	}
 
 	@EnableWebFluxSecurity
 	@Import(ReactiveAuthenticationTestConfiguration.class)
 	static class Config {
+
 	}
 
 	@Test
 	public void passwordEncoderBeanIsUsed() {
 		this.spring.register(CustomPasswordEncoderConfig.class).autowire();
-		WebTestClient client = WebTestClientBuilder.bindToWebFilters(
-			this.springSecurityFilterChain,
-			(exchange, chain) ->
-				ReactiveSecurityContextHolder.getContext()
-					.map(SecurityContext::getAuthentication)
-					.flatMap( principal -> exchange.getResponse()
-						.writeWith(Mono.just(toDataBuffer(principal.getName()))))
-		)
-		.build();
+		WebTestClient client = WebTestClientBuilder
+				.bindToWebFilters(this.springSecurityFilterChain,
+						(exchange,
+								chain) -> ReactiveSecurityContextHolder.getContext()
+										.map(SecurityContext::getAuthentication).flatMap(principal -> exchange
+												.getResponse().writeWith(Mono.just(toDataBuffer(principal.getName())))))
+				.build();
 
-		client
-			.get()
-			.uri("/")
-			.headers(headers -> headers.setBasicAuth("user", "password"))
-			.exchange()
-			.expectStatus().isOk()
-			.expectBody(String.class).consumeWith( result -> assertThat(result.getResponseBody()).isEqualTo("user"));
+		client.get().uri("/").headers(headers -> headers.setBasicAuth("user", "password")).exchange().expectStatus()
+				.isOk().expectBody(String.class)
+				.consumeWith(result -> assertThat(result.getResponseBody()).isEqualTo("user"));
 	}
 
 	@EnableWebFluxSecurity
 	static class CustomPasswordEncoderConfig {
+
 		@Bean
 		public ReactiveUserDetailsService userDetailsService(PasswordEncoder encoder) {
-			return new MapReactiveUserDetailsService(User.withUsername("user")
-				.password(encoder.encode("password"))
-				.roles("USER")
-				.build()
-			);
+			return new MapReactiveUserDetailsService(
+					User.withUsername("user").password(encoder.encode("password")).roles("USER").build());
 		}
 
 		@Bean
 		public static PasswordEncoder passwordEncoder() {
 			return new BCryptPasswordEncoder();
 		}
+
 	}
 
 	@Test
@@ -240,12 +206,7 @@ public class EnableWebFluxSecurityTests {
 		this.spring.register(MapReactiveUserDetailsServiceConfig.class).autowire();
 		WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.springSecurityFilterChain).build();
 
-		client
-				.get()
-				.uri("/")
-				.headers(h -> h.setBasicAuth("user", "password"))
-				.exchange()
-				.expectStatus().isOk();
+		client.get().uri("/").headers(h -> h.setBasicAuth("user", "password")).exchange().expectStatus().isOk();
 
 		ReactiveUserDetailsService users = this.spring.getContext().getBean(ReactiveUserDetailsService.class);
 		assertThat(users.findByUsername("user").block().getPassword()).startsWith("{bcrypt}");
@@ -253,6 +214,7 @@ public class EnableWebFluxSecurityTests {
 
 	@EnableWebFluxSecurity
 	static class MapReactiveUserDetailsServiceConfig {
+
 		@Bean
 		public MapReactiveUserDetailsService userDetailsService() {
 			// @formatter:off
@@ -263,33 +225,22 @@ public class EnableWebFluxSecurityTests {
 			// @formatter:on
 			);
 		}
+
 	}
 
 	@Test
 	public void formLoginWorks() {
 		this.spring.register(Config.class).autowire();
-		WebTestClient client = WebTestClientBuilder.bindToWebFilters(
-			this.springSecurityFilterChain,
-			(exchange, chain) ->
-				Mono.subscriberContext()
-					.flatMap( c -> c.<Mono<Principal>>get(Authentication.class))
-					.flatMap( principal -> exchange.getResponse()
-						.writeWith(Mono.just(toDataBuffer(principal.getName()))))
-		)
-		.build();
-
+		WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.springSecurityFilterChain, (exchange,
+				chain) -> Mono.subscriberContext().flatMap(c -> c.<Mono<Principal>>get(Authentication.class)).flatMap(
+						principal -> exchange.getResponse().writeWith(Mono.just(toDataBuffer(principal.getName())))))
+				.build();
 
 		MultiValueMap<String, String> data = new LinkedMultiValueMap<>();
 		data.add("username", "user");
 		data.add("password", "password");
-		client
-			.mutateWith(csrf())
-			.post()
-			.uri("/login")
-			.body(BodyInserters.fromFormData(data))
-			.exchange()
-			.expectStatus().is3xxRedirection()
-			.expectHeader().valueMatches("Location", "/");
+		client.mutateWith(csrf()).post().uri("/login").body(BodyInserters.fromFormData(data)).exchange().expectStatus()
+				.is3xxRedirection().expectHeader().valueMatches("Location", "/");
 	}
 
 	@Test
@@ -297,27 +248,20 @@ public class EnableWebFluxSecurityTests {
 		this.spring.register(MultiSecurityHttpConfig.class).autowire();
 		WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.springSecurityFilterChain).build();
 
-		client.get()
-			.uri("/api/test")
-			.exchange()
-			.expectStatus().isUnauthorized()
-			.expectBody().isEmpty();
+		client.get().uri("/api/test").exchange().expectStatus().isUnauthorized().expectBody().isEmpty();
 
-		client.get()
-			.uri("/test")
-			.exchange()
-			.expectStatus().isOk();
+		client.get().uri("/test").exchange().expectStatus().isOk();
 	}
 
 	@EnableWebFluxSecurity
 	@Import(ReactiveAuthenticationTestConfiguration.class)
 	static class MultiSecurityHttpConfig {
+
 		@Order(Ordered.HIGHEST_PRECEDENCE)
 		@Bean
-		public SecurityWebFilterChain apiHttpSecurity(
-			ServerHttpSecurity http) {
-			http.securityMatcher(new PathPatternParserServerWebExchangeMatcher("/api/**"))
-				.authorizeExchange().anyExchange().denyAll();
+		public SecurityWebFilterChain apiHttpSecurity(ServerHttpSecurity http) {
+			http.securityMatcher(new PathPatternParserServerWebExchangeMatcher("/api/**")).authorizeExchange()
+					.anyExchange().denyAll();
 			return http.build();
 		}
 
@@ -325,6 +269,7 @@ public class EnableWebFluxSecurityTests {
 		public SecurityWebFilterChain httpSecurity(ServerHttpSecurity http) {
 			return http.build();
 		}
+
 	}
 
 	@Test
@@ -334,14 +279,9 @@ public class EnableWebFluxSecurityTests {
 
 		WebTestClient client = WebTestClient.bindToApplicationContext(this.spring.getContext()).build();
 
-		client.get()
-			.uri("/spel")
-			.exchange()
-			.expectStatus().isOk()
-			.expectBody(String.class).isEqualTo("user");
+		client.get().uri("/spel").exchange().expectStatus().isOk().expectBody(String.class).isEqualTo("user");
 	}
 
-
 	@EnableWebFluxSecurity
 	@EnableWebFlux
 	@Import(ReactiveAuthenticationTestConfiguration.class)
@@ -353,18 +293,23 @@ public class EnableWebFluxSecurityTests {
 		}
 
 		static class PrincipalBean {
+
 			public String username(UserDetails user) {
 				return user.getUsername();
 			}
+
 		}
 
 		@RestController
 		public static class AuthenticationPrincipalResolver {
+
 			@GetMapping("/spel")
 			String username(@AuthenticationPrincipal(expression = "@principalBean.username(#this)") String username) {
-				return  username;
+				return username;
 			}
+
 		}
+
 	}
 
 	private static DataBuffer toDataBuffer(String body) {
@@ -386,6 +331,7 @@ public class EnableWebFluxSecurityTests {
 	@EnableWebFluxSecurity
 	@Import(ReactiveAuthenticationTestConfiguration.class)
 	static class BeanProxyEnabledByDefaultConfig {
+
 		@Bean
 		public Child child() {
 			return new Child();
@@ -395,6 +341,7 @@ public class EnableWebFluxSecurityTests {
 		public Parent parent() {
 			return new Parent(child());
 		}
+
 	}
 
 	@Test
@@ -411,6 +358,7 @@ public class EnableWebFluxSecurityTests {
 	@EnableWebFluxSecurity
 	@Import(ReactiveAuthenticationTestConfiguration.class)
 	static class BeanProxyDisabledConfig {
+
 		@Bean
 		public Child child() {
 			return new Child();
@@ -420,9 +368,11 @@ public class EnableWebFluxSecurityTests {
 		public Parent parent() {
 			return new Parent(child());
 		}
+
 	}
 
 	static class Parent {
+
 		private Child child;
 
 		Parent(Child child) {
@@ -432,29 +382,35 @@ public class EnableWebFluxSecurityTests {
 		public Child getChild() {
 			return child;
 		}
+
 	}
 
 	static class Child {
+
 		Child() {
 		}
+
 	}
 
 	@Test
 	// gh-8596
 	public void resolveAuthenticationPrincipalArgumentResolverFirstDoesNotCauseBeanCurrentlyInCreationException() {
-		this.spring.register(EnableWebFluxSecurityConfiguration.class,
-				ReactiveAuthenticationTestConfiguration.class,
+		this.spring.register(EnableWebFluxSecurityConfiguration.class, ReactiveAuthenticationTestConfiguration.class,
 				DelegatingWebFluxConfiguration.class).autowire();
 	}
 
 	@EnableWebFluxSecurity
 	@Configuration(proxyBeanMethods = false)
 	static class EnableWebFluxSecurityConfiguration {
+
 		/**
-		 * It is necessary to Autowire AuthenticationPrincipalArgumentResolver because it triggers eager loading of
-		 * AuthenticationPrincipalArgumentResolver bean which causes BeanCurrentlyInCreationException
+		 * It is necessary to Autowire AuthenticationPrincipalArgumentResolver because it
+		 * triggers eager loading of AuthenticationPrincipalArgumentResolver bean which
+		 * causes BeanCurrentlyInCreationException
 		 */
 		@Autowired
 		AuthenticationPrincipalArgumentResolver resolver;
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfigurationBuilder.java b/config/src/test/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfigurationBuilder.java
index f6703a9977..925b4e7552 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfigurationBuilder.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfigurationBuilder.java
@@ -27,16 +27,17 @@ import org.springframework.security.core.userdetails.ReactiveUserDetailsService;
  * @since 5.0
  */
 public class ServerHttpSecurityConfigurationBuilder {
+
 	public static ServerHttpSecurity http() {
 		return new ServerHttpSecurityConfiguration().httpSecurity();
 	}
 
 	public static ServerHttpSecurity httpWithDefaultAuthentication() {
 		ReactiveUserDetailsService reactiveUserDetailsService = ReactiveAuthenticationTestConfiguration
-			.userDetailsService();
+				.userDetailsService();
 		ReactiveAuthenticationManager authenticationManager = new UserDetailsRepositoryReactiveAuthenticationManager(
-			reactiveUserDetailsService);
-		return http()
-			.authenticationManager(authenticationManager);
+				reactiveUserDetailsService);
+		return http().authenticationManager(authenticationManager);
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfigurationTests.java
index c7ae2e2d78..ae65f87f05 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfigurationTests.java
@@ -31,6 +31,7 @@ import static org.assertj.core.api.Assertions.assertThat;
  * @author Eleftheria Stein
  */
 public class ServerHttpSecurityConfigurationTests {
+
 	@Rule
 	public final SpringTestRule spring = new SpringTestRule();
 
@@ -54,5 +55,7 @@ public class ServerHttpSecurityConfigurationTests {
 
 	@Configuration
 	static class SubclassConfig extends ServerHttpSecurityConfiguration {
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/reactive/WebFluxSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/reactive/WebFluxSecurityConfigurationTests.java
index 0eeec4140a..1b05578dbe 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/reactive/WebFluxSecurityConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/reactive/WebFluxSecurityConfigurationTests.java
@@ -31,6 +31,7 @@ import static org.assertj.core.api.Assertions.assertThat;
  * @author Eleftheria Stein
  */
 public class WebFluxSecurityConfigurationTests {
+
 	@Rule
 	public final SpringTestRule spring = new SpringTestRule();
 
@@ -54,5 +55,7 @@ public class WebFluxSecurityConfigurationTests {
 
 	@Configuration
 	static class SubclassConfig extends WebFluxSecurityConfiguration {
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerDocTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerDocTests.java
index 2343208681..fa82ac7ebe 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerDocTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerDocTests.java
@@ -43,13 +43,13 @@ import org.springframework.web.socket.config.annotation.AbstractWebSocketMessage
 import org.springframework.web.socket.config.annotation.EnableWebSocketMessageBroker;
 import org.springframework.web.socket.config.annotation.StompEndpointRegistry;
 
-
 import java.util.HashMap;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.fail;
 
 public class AbstractSecurityWebSocketMessageBrokerConfigurerDocTests {
+
 	AnnotationConfigWebApplicationContext context;
 
 	TestingAuthenticationToken messageUser;
@@ -76,8 +76,7 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerDocTests {
 	public void securityMappings() {
 		loadConfig(WebSocketSecurityConfig.class);
 
-		clientInboundChannel().send(
-				message("/user/queue/errors", SimpMessageType.SUBSCRIBE));
+		clientInboundChannel().send(message("/user/queue/errors", SimpMessageType.SUBSCRIBE));
 
 		try {
 			clientInboundChannel().send(message("/denyAll", SimpMessageType.MESSAGE));
@@ -124,11 +123,11 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerDocTests {
 		public void authentication(@AuthenticationPrincipal String un) {
 			// ... do something ...
 		}
+
 	}
 
 	@Configuration
-	static class WebSocketSecurityConfig extends
-			AbstractSecurityWebSocketMessageBrokerConfigurer {
+	static class WebSocketSecurityConfig extends AbstractSecurityWebSocketMessageBrokerConfigurer {
 
 		@Override
 		protected void configureInbound(MessageSecurityMetadataSourceRegistry messages) {
@@ -138,12 +137,12 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerDocTests {
 					// <2>
 					.simpDestMatchers("/app/**").hasRole("USER")
 					// <3>
-					.simpSubscribeDestMatchers("/user/**", "/topic/friends/*")
-					.hasRole("USER") // <4>
+					.simpSubscribeDestMatchers("/user/**", "/topic/friends/*").hasRole("USER") // <4>
 					.simpTypeMatchers(MESSAGE, SUBSCRIBE).denyAll() // <5>
 					.anyMessage().denyAll(); // <6>
 
 		}
+
 	}
 
 	@Configuration
@@ -164,13 +163,17 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerDocTests {
 		public MyController myController() {
 			return new MyController();
 		}
+
 	}
 
 	@Configuration
 	static class SyncExecutorConfig {
+
 		@Bean
 		public static SyncExecutorSubscribableChannelPostProcessor postProcessor() {
 			return new SyncExecutorSubscribableChannelPostProcessor();
 		}
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerTests.java
index 2b4887acd6..00b04811c5 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerTests.java
@@ -79,6 +79,7 @@ import org.springframework.web.socket.sockjs.transport.handler.SockJsWebSocketHa
 import org.springframework.web.socket.sockjs.transport.session.WebSocketServerSockJsSession;
 
 public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
+
 	AnnotationConfigWebApplicationContext context;
 
 	TestingAuthenticationToken messageUser;
@@ -161,8 +162,7 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
 	public void addsCsrfProtectionWhenNoAuthorization() {
 		loadConfig(NoInboundSecurityConfig.class);
 
-		SimpMessageHeaderAccessor headers = SimpMessageHeaderAccessor
-				.create(SimpMessageType.CONNECT);
+		SimpMessageHeaderAccessor headers = SimpMessageHeaderAccessor.create(SimpMessageType.CONNECT);
 		Message<?> message = message(headers, "/authentication");
 		MessageChannel messageChannel = clientInboundChannel();
 
@@ -179,8 +179,7 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
 	public void csrfProtectionForConnect() {
 		loadConfig(SockJsSecurityConfig.class);
 
-		SimpMessageHeaderAccessor headers = SimpMessageHeaderAccessor
-				.create(SimpMessageType.CONNECT);
+		SimpMessageHeaderAccessor headers = SimpMessageHeaderAccessor.create(SimpMessageType.CONNECT);
 		Message<?> message = message(headers, "/authentication");
 		MessageChannel messageChannel = clientInboundChannel();
 
@@ -197,8 +196,7 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
 	public void csrfProtectionDisabledForConnect() {
 		loadConfig(CsrfDisabledSockJsSecurityConfig.class);
 
-		SimpMessageHeaderAccessor headers = SimpMessageHeaderAccessor
-				.create(SimpMessageType.CONNECT);
+		SimpMessageHeaderAccessor headers = SimpMessageHeaderAccessor.create(SimpMessageType.CONNECT);
 		Message<?> message = message(headers, "/permitAll/connect");
 		MessageChannel messageChannel = clientInboundChannel();
 
@@ -220,8 +218,7 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
 
 		loadConfig(SockJsSecurityConfig.class);
 
-		SimpMessageHeaderAccessor headers = SimpMessageHeaderAccessor
-				.create(SimpMessageType.CONNECT);
+		SimpMessageHeaderAccessor headers = SimpMessageHeaderAccessor.create(SimpMessageType.CONNECT);
 		Message<?> message = message(headers, "/authentication");
 		MockHttpServletRequest request = sockjsHttpRequest("/chat");
 		HttpRequestHandler handler = handler(request);
@@ -232,12 +229,10 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
 	}
 
 	@Test
-	public void messagesConnectUseCsrfTokenHandshakeInterceptorMultipleMappings()
-			throws Exception {
+	public void messagesConnectUseCsrfTokenHandshakeInterceptorMultipleMappings() throws Exception {
 		loadConfig(SockJsSecurityConfig.class);
 
-		SimpMessageHeaderAccessor headers = SimpMessageHeaderAccessor
-				.create(SimpMessageType.CONNECT);
+		SimpMessageHeaderAccessor headers = SimpMessageHeaderAccessor.create(SimpMessageType.CONNECT);
 		Message<?> message = message(headers, "/authentication");
 		MockHttpServletRequest request = sockjsHttpRequest("/other");
 		HttpRequestHandler handler = handler(request);
@@ -248,12 +243,10 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
 	}
 
 	@Test
-	public void messagesConnectWebSocketUseCsrfTokenHandshakeInterceptor()
-			throws Exception {
+	public void messagesConnectWebSocketUseCsrfTokenHandshakeInterceptor() throws Exception {
 		loadConfig(WebSocketSecurityConfig.class);
 
-		SimpMessageHeaderAccessor headers = SimpMessageHeaderAccessor
-				.create(SimpMessageType.CONNECT);
+		SimpMessageHeaderAccessor headers = SimpMessageHeaderAccessor.create(SimpMessageType.CONNECT);
 		Message<?> message = message(headers, "/authentication");
 		MockHttpServletRequest request = websocketHttpRequest("/websocket");
 		HttpRequestHandler handler = handler(request);
@@ -281,8 +274,7 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
 	@Configuration
 	@EnableWebSocketMessageBroker
 	@Import(SyncExecutorConfig.class)
-	static class MsmsRegistryCustomPatternMatcherConfig extends
-			AbstractSecurityWebSocketMessageBrokerConfigurer {
+	static class MsmsRegistryCustomPatternMatcherConfig extends AbstractSecurityWebSocketMessageBrokerConfigurer {
 
 		// @formatter:off
 		public void registerStompEndpoints(StompEndpointRegistry registry) {
@@ -312,6 +304,7 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
 		public TestHandshakeHandler testHandshakeHandler() {
 			return new TestHandshakeHandler();
 		}
+
 	}
 
 	@Test
@@ -332,8 +325,8 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
 	@Configuration
 	@EnableWebSocketMessageBroker
 	@Import(SyncExecutorConfig.class)
-	static class OverrideMsmsRegistryCustomPatternMatcherConfig extends
-			AbstractSecurityWebSocketMessageBrokerConfigurer {
+	static class OverrideMsmsRegistryCustomPatternMatcherConfig
+			extends AbstractSecurityWebSocketMessageBrokerConfigurer {
 
 		// @formatter:off
 		public void registerStompEndpoints(StompEndpointRegistry registry) {
@@ -343,7 +336,6 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
 		}
 		// @formatter:on
 
-
 		// @formatter:off
 		@Override
 		protected void configureInbound(MessageSecurityMetadataSourceRegistry messages) {
@@ -365,6 +357,7 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
 		public TestHandshakeHandler testHandshakeHandler() {
 			return new TestHandshakeHandler();
 		}
+
 	}
 
 	@Test
@@ -385,8 +378,7 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
 	@Configuration
 	@EnableWebSocketMessageBroker
 	@Import(SyncExecutorConfig.class)
-	static class DefaultPatternMatcherConfig extends
-			AbstractSecurityWebSocketMessageBrokerConfigurer {
+	static class DefaultPatternMatcherConfig extends AbstractSecurityWebSocketMessageBrokerConfigurer {
 
 		// @formatter:off
 		public void registerStompEndpoints(StompEndpointRegistry registry) {
@@ -415,6 +407,7 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
 		public TestHandshakeHandler testHandshakeHandler() {
 			return new TestHandshakeHandler();
 		}
+
 	}
 
 	@Test
@@ -439,8 +432,8 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
 		loadConfig(SockJsProxylessSecurityConfig.class);
 
 		ChannelSecurityInterceptor channelSecurityInterceptor = context.getBean(ChannelSecurityInterceptor.class);
-		MessageSecurityMetadataSource messageSecurityMetadataSource =
-				context.getBean(MessageSecurityMetadataSource.class);
+		MessageSecurityMetadataSource messageSecurityMetadataSource = context
+				.getBean(MessageSecurityMetadataSource.class);
 
 		assertThat(channelSecurityInterceptor.obtainSecurityMetadataSource()).isSameAs(messageSecurityMetadataSource);
 	}
@@ -450,8 +443,8 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
 		loadConfig(SockJsProxylessSecurityConfig.class);
 
 		MessageChannel messageChannel = clientInboundChannel();
-		SecurityContextChannelInterceptor securityContextChannelInterceptor =
-				context.getBean(SecurityContextChannelInterceptor.class);
+		SecurityContextChannelInterceptor securityContextChannelInterceptor = context
+				.getBean(SecurityContextChannelInterceptor.class);
 
 		assertThat(((AbstractMessageChannel) messageChannel).getInterceptors())
 				.contains(securityContextChannelInterceptor);
@@ -464,15 +457,13 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
 		MessageChannel messageChannel = clientInboundChannel();
 		ChannelSecurityInterceptor inboundChannelSecurity = context.getBean(ChannelSecurityInterceptor.class);
 
-		assertThat(((AbstractMessageChannel) messageChannel).getInterceptors())
-				.contains(inboundChannelSecurity);
+		assertThat(((AbstractMessageChannel) messageChannel).getInterceptors()).contains(inboundChannelSecurity);
 	}
 
 	@Configuration
 	@EnableWebSocketMessageBroker
 	@Import(SyncExecutorConfig.class)
-	static class CustomExpressionConfig extends
-			AbstractSecurityWebSocketMessageBrokerConfigurer {
+	static class CustomExpressionConfig extends AbstractSecurityWebSocketMessageBrokerConfigurer {
 
 		// @formatter:off
 		public void registerStompEndpoints(StompEndpointRegistry registry) {
@@ -494,8 +485,7 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
 		public static SecurityExpressionHandler<Message<Object>> messageSecurityExpressionHandler() {
 			return new DefaultMessageSecurityExpressionHandler<Object>() {
 				@Override
-				protected SecurityExpressionOperations createSecurityExpressionRoot(
-						Authentication authentication,
+				protected SecurityExpressionOperations createSecurityExpressionRoot(Authentication authentication,
 						Message<Object> invocation) {
 					return new MessageSecurityExpressionRoot(authentication, invocation) {
 						public boolean denyRob() {
@@ -517,15 +507,14 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
 		public TestHandshakeHandler testHandshakeHandler() {
 			return new TestHandshakeHandler();
 		}
+
 	}
 
 	private void assertHandshake(HttpServletRequest request) {
-		TestHandshakeHandler handshakeHandler = context
-				.getBean(TestHandshakeHandler.class);
-		assertThat(handshakeHandler.attributes.get(CsrfToken.class.getName())).isSameAs(
-				token);
-		assertThat(handshakeHandler.attributes.get(sessionAttr)).isEqualTo(
-				request.getSession().getAttribute(sessionAttr));
+		TestHandshakeHandler handshakeHandler = context.getBean(TestHandshakeHandler.class);
+		assertThat(handshakeHandler.attributes.get(CsrfToken.class.getName())).isSameAs(token);
+		assertThat(handshakeHandler.attributes.get(sessionAttr))
+				.isEqualTo(request.getSession().getAttribute(sessionAttr));
 	}
 
 	private HttpRequestHandler handler(HttpServletRequest request) throws Exception {
@@ -542,8 +531,7 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
 	private MockHttpServletRequest sockjsHttpRequest(String mapping) {
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", "");
 		request.setMethod("GET");
-		request.setAttribute(HandlerMapping.PATH_WITHIN_HANDLER_MAPPING_ATTRIBUTE,
-				"/289/tpyx6mde/websocket");
+		request.setAttribute(HandlerMapping.PATH_WITHIN_HANDLER_MAPPING_ATTRIBUTE, "/289/tpyx6mde/websocket");
 		request.setRequestURI(mapping + "/289/tpyx6mde/websocket");
 		request.getSession().setAttribute(sessionAttr, "sessionValue");
 
@@ -583,6 +571,7 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
 	static class MyController {
 
 		String authenticationPrincipal;
+
 		MyCustomArgument myCustomArgument;
 
 		@MessageMapping("/authentication")
@@ -594,11 +583,14 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
 		public void myCustom(MyCustomArgument myCustomArgument) {
 			this.myCustomArgument = myCustomArgument;
 		}
+
 	}
 
 	static class MyCustomArgument {
+
 		MyCustomArgument(String notDefaultConstr) {
 		}
+
 	}
 
 	static class MyCustomArgumentResolver implements HandlerMethodArgumentResolver {
@@ -610,13 +602,14 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
 		public Object resolveArgument(MethodParameter parameter, Message<?> message) {
 			return new MyCustomArgument("");
 		}
+
 	}
 
 	static class TestHandshakeHandler implements HandshakeHandler {
+
 		Map<String, Object> attributes;
 
-		public boolean doHandshake(ServerHttpRequest request,
-				ServerHttpResponse response, WebSocketHandler wsHandler,
+		public boolean doHandshake(ServerHttpRequest request, ServerHttpResponse response, WebSocketHandler wsHandler,
 				Map<String, Object> attributes) throws HandshakeFailureException {
 			this.attributes = attributes;
 			if (wsHandler instanceof SockJsWebSocketHandler) {
@@ -628,20 +621,20 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
 			}
 			return true;
 		}
+
 	}
 
 	@Configuration
 	@EnableWebSocketMessageBroker
 	@Import(SyncExecutorConfig.class)
-	static class SockJsSecurityConfig extends
-			AbstractSecurityWebSocketMessageBrokerConfigurer {
+	static class SockJsSecurityConfig extends AbstractSecurityWebSocketMessageBrokerConfigurer {
 
 		public void registerStompEndpoints(StompEndpointRegistry registry) {
-			registry.addEndpoint("/other").setHandshakeHandler(testHandshakeHandler())
-					.withSockJS().setInterceptors(new HttpSessionHandshakeInterceptor());
+			registry.addEndpoint("/other").setHandshakeHandler(testHandshakeHandler()).withSockJS()
+					.setInterceptors(new HttpSessionHandshakeInterceptor());
 
-			registry.addEndpoint("/chat").setHandshakeHandler(testHandshakeHandler())
-					.withSockJS().setInterceptors(new HttpSessionHandshakeInterceptor());
+			registry.addEndpoint("/chat").setHandshakeHandler(testHandshakeHandler()).withSockJS()
+					.setInterceptors(new HttpSessionHandshakeInterceptor());
 		}
 
 		// @formatter:off
@@ -676,27 +669,27 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
 		}
 
 		static class SecurityCheck {
+
 			private boolean check;
 
 			public boolean check() {
 				check = !check;
 				return check;
 			}
+
 		}
+
 	}
 
 	@Configuration
 	@EnableWebSocketMessageBroker
 	@Import(SyncExecutorConfig.class)
-	static class NoInboundSecurityConfig extends
-			AbstractSecurityWebSocketMessageBrokerConfigurer {
+	static class NoInboundSecurityConfig extends AbstractSecurityWebSocketMessageBrokerConfigurer {
 
 		public void registerStompEndpoints(StompEndpointRegistry registry) {
-			registry.addEndpoint("/other").withSockJS()
-					.setInterceptors(new HttpSessionHandshakeInterceptor());
+			registry.addEndpoint("/other").withSockJS().setInterceptors(new HttpSessionHandshakeInterceptor());
 
-			registry.addEndpoint("/chat").withSockJS()
-					.setInterceptors(new HttpSessionHandshakeInterceptor());
+			registry.addEndpoint("/chat").withSockJS().setInterceptors(new HttpSessionHandshakeInterceptor());
 		}
 
 		@Override
@@ -713,6 +706,7 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
 		public MyController myController() {
 			return new MyController();
 		}
+
 	}
 
 	@Configuration
@@ -722,17 +716,16 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
 		protected boolean sameOriginDisabled() {
 			return true;
 		}
+
 	}
 
 	@Configuration
 	@EnableWebSocketMessageBroker
 	@Import(SyncExecutorConfig.class)
-	static class WebSocketSecurityConfig extends
-			AbstractSecurityWebSocketMessageBrokerConfigurer {
+	static class WebSocketSecurityConfig extends AbstractSecurityWebSocketMessageBrokerConfigurer {
 
 		public void registerStompEndpoints(StompEndpointRegistry registry) {
-			registry.addEndpoint("/websocket")
-					.setHandshakeHandler(testHandshakeHandler())
+			registry.addEndpoint("/websocket").setHandshakeHandler(testHandshakeHandler())
 					.addInterceptors(new HttpSessionHandshakeInterceptor());
 		}
 
@@ -750,19 +743,19 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
 		public TestHandshakeHandler testHandshakeHandler() {
 			return new TestHandshakeHandler();
 		}
+
 	}
 
 	@Configuration(proxyBeanMethods = false)
 	@EnableWebSocketMessageBroker
 	@Import(SyncExecutorConfig.class)
-	static class SockJsProxylessSecurityConfig extends
-			AbstractSecurityWebSocketMessageBrokerConfigurer {
+	static class SockJsProxylessSecurityConfig extends AbstractSecurityWebSocketMessageBrokerConfigurer {
+
 		private ApplicationContext context;
 
 		public void registerStompEndpoints(StompEndpointRegistry registry) {
-			registry.addEndpoint("/chat")
-					.setHandshakeHandler(context.getBean(TestHandshakeHandler.class))
-					.withSockJS().setInterceptors(new HttpSessionHandshakeInterceptor());
+			registry.addEndpoint("/chat").setHandshakeHandler(context.getBean(TestHandshakeHandler.class)).withSockJS()
+					.setInterceptors(new HttpSessionHandshakeInterceptor());
 		}
 
 		@Autowired
@@ -782,13 +775,17 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
 		public TestHandshakeHandler testHandshakeHandler() {
 			return new TestHandshakeHandler();
 		}
+
 	}
 
 	@Configuration
 	static class SyncExecutorConfig {
+
 		@Bean
 		public static SyncExecutorSubscribableChannelPostProcessor postProcessor() {
 			return new SyncExecutorSubscribableChannelPostProcessor();
 		}
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/socket/SyncExecutorSubscribableChannelPostProcessor.java b/config/src/test/java/org/springframework/security/config/annotation/web/socket/SyncExecutorSubscribableChannelPostProcessor.java
index 6f3074f506..0462d5f74b 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/socket/SyncExecutorSubscribableChannelPostProcessor.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/socket/SyncExecutorSubscribableChannelPostProcessor.java
@@ -24,8 +24,7 @@ import org.springframework.messaging.support.ExecutorSubscribableChannel;
  */
 public class SyncExecutorSubscribableChannelPostProcessor implements BeanPostProcessor {
 
-	public Object postProcessBeforeInitialization(Object bean, String beanName)
-			throws BeansException {
+	public Object postProcessBeforeInitialization(Object bean, String beanName) throws BeansException {
 		if (bean instanceof ExecutorSubscribableChannel) {
 			ExecutorSubscribableChannel original = (ExecutorSubscribableChannel) bean;
 			ExecutorSubscribableChannel channel = new ExecutorSubscribableChannel();
@@ -35,8 +34,8 @@ public class SyncExecutorSubscribableChannelPostProcessor implements BeanPostPro
 		return bean;
 	}
 
-	public Object postProcessAfterInitialization(Object bean, String beanName)
-			throws BeansException {
+	public Object postProcessAfterInitialization(Object bean, String beanName) throws BeansException {
 		return bean;
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/authentication/AuthenticationConfigurationGh3935Tests.java b/config/src/test/java/org/springframework/security/config/authentication/AuthenticationConfigurationGh3935Tests.java
index 7b13b8f08e..95006401b7 100644
--- a/config/src/test/java/org/springframework/security/config/authentication/AuthenticationConfigurationGh3935Tests.java
+++ b/config/src/test/java/org/springframework/security/config/authentication/AuthenticationConfigurationGh3935Tests.java
@@ -48,10 +48,13 @@ import static org.mockito.Mockito.when;
 @RunWith(SpringJUnit4ClassRunner.class)
 @ContextConfiguration
 public class AuthenticationConfigurationGh3935Tests {
+
 	@Autowired
 	FilterChainProxy springSecurityFilterChain;
+
 	@Autowired
 	UserDetailsService uds;
+
 	@Autowired
 	BootGlobalAuthenticationConfigurationAdapter adapter;
 
@@ -70,8 +73,8 @@ public class AuthenticationConfigurationGh3935Tests {
 		AuthenticationManager authenticationManager = this.adapter.authenticationManager;
 		assertThat(authenticationManager).isNotNull();
 
-		Authentication auth = authenticationManager.authenticate(
-				new UsernamePasswordAuthenticationToken(username, password));
+		Authentication auth = authenticationManager
+				.authenticate(new UsernamePasswordAuthenticationToken(username, password));
 
 		verify(this.uds).loadUserByUsername(username);
 		assertThat(auth.getPrincipal()).isEqualTo(PasswordEncodedUser.user());
@@ -79,10 +82,11 @@ public class AuthenticationConfigurationGh3935Tests {
 
 	@EnableWebSecurity
 	static class WebSecurity extends WebSecurityConfigurerAdapter {
+
 	}
 
-	static class BootGlobalAuthenticationConfigurationAdapter
-			extends GlobalAuthenticationConfigurerAdapter {
+	static class BootGlobalAuthenticationConfigurationAdapter extends GlobalAuthenticationConfigurerAdapter {
+
 		private final ApplicationContext context;
 
 		private AuthenticationManager authenticationManager;
@@ -94,17 +98,17 @@ public class AuthenticationConfigurationGh3935Tests {
 
 		@Override
 		public void init(AuthenticationManagerBuilder auth) throws Exception {
-			AuthenticationConfiguration configuration = this.context
-					.getBean(AuthenticationConfiguration.class);
+			AuthenticationConfiguration configuration = this.context.getBean(AuthenticationConfiguration.class);
 			this.authenticationManager = configuration.getAuthenticationManager();
 		}
+
 	}
 
 	@Configuration
 	static class AutoConfig {
+
 		@Bean
-		static BootGlobalAuthenticationConfigurationAdapter adapter(
-				ApplicationContext context) {
+		static BootGlobalAuthenticationConfigurationAdapter adapter(ApplicationContext context) {
 			return new BootGlobalAuthenticationConfigurationAdapter(context);
 		}
 
@@ -112,5 +116,7 @@ public class AuthenticationConfigurationGh3935Tests {
 		public UserDetailsService userDetailsService() {
 			return mock(UserDetailsService.class);
 		}
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParserTests.java
index 6d64ca25eb..e82840ad2c 100644
--- a/config/src/test/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParserTests.java
@@ -38,37 +38,32 @@ import static org.springframework.test.web.servlet.request.MockMvcRequestBuilder
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
 
 /**
- *
  * @author Luke Taylor
  */
 public class AuthenticationManagerBeanDefinitionParserTests {
-	private static final String CONTEXT = "<authentication-manager id='am'>"
-			+ "    <authentication-provider>"
+
+	private static final String CONTEXT = "<authentication-manager id='am'>" + "    <authentication-provider>"
 			+ "        <user-service>"
 			+ "            <user name='bob' password='{noop}bobspassword' authorities='ROLE_A,ROLE_B' />"
-			+ "        </user-service>"
-			+ "    </authentication-provider>"
-			+ "</authentication-manager>";
+			+ "        </user-service>" + "    </authentication-provider>" + "</authentication-manager>";
+
 	@Rule
 	public final SpringTestRule spring = new SpringTestRule();
 
 	@Test
 	// SEC-1225
 	public void providersAreRegisteredAsTopLevelBeans() {
-		ConfigurableApplicationContext context = this.spring.context(CONTEXT)
-			.getContext();
+		ConfigurableApplicationContext context = this.spring.context(CONTEXT).getContext();
 		assertThat(context.getBeansOfType(AuthenticationProvider.class)).hasSize(1);
 	}
 
 	@Test
 	public void eventsArePublishedByDefault() throws Exception {
-		ConfigurableApplicationContext appContext = this.spring.context(CONTEXT)
-			.getContext();
+		ConfigurableApplicationContext appContext = this.spring.context(CONTEXT).getContext();
 		AuthListener listener = new AuthListener();
 		appContext.addApplicationListener(listener);
 
-		ProviderManager pm = (ProviderManager) appContext
-				.getBeansOfType(ProviderManager.class).values().toArray()[0];
+		ProviderManager pm = (ProviderManager) appContext.getBeansOfType(ProviderManager.class).values().toArray()[0];
 		Object eventPublisher = FieldUtils.getFieldValue(pm, "eventPublisher");
 		assertThat(eventPublisher).isNotNull();
 		assertThat(eventPublisher instanceof DefaultAuthenticationEventPublisher).isTrue();
@@ -79,19 +74,16 @@ public class AuthenticationManagerBeanDefinitionParserTests {
 
 	@Test
 	public void credentialsAreClearedByDefault() {
-		ConfigurableApplicationContext appContext = this.spring.context(CONTEXT)
-			.getContext();
-		ProviderManager pm = (ProviderManager) appContext
-				.getBeansOfType(ProviderManager.class).values().toArray()[0];
+		ConfigurableApplicationContext appContext = this.spring.context(CONTEXT).getContext();
+		ProviderManager pm = (ProviderManager) appContext.getBeansOfType(ProviderManager.class).values().toArray()[0];
 		assertThat(pm.isEraseCredentialsAfterAuthentication()).isTrue();
 	}
 
 	@Test
 	public void clearCredentialsPropertyIsRespected() {
-		ConfigurableApplicationContext appContext = this.spring.context("<authentication-manager erase-credentials='false'/>")
-			.getContext();
-		ProviderManager pm = (ProviderManager) appContext
-				.getBeansOfType(ProviderManager.class).values().toArray()[0];
+		ConfigurableApplicationContext appContext = this.spring
+				.context("<authentication-manager erase-credentials='false'/>").getContext();
+		ProviderManager pm = (ProviderManager) appContext.getBeansOfType(ProviderManager.class).values().toArray()[0];
 		assertThat(pm.isEraseCredentialsAfterAuthentication()).isFalse();
 	}
 
@@ -100,24 +92,23 @@ public class AuthenticationManagerBeanDefinitionParserTests {
 
 	@Test
 	public void passwordEncoderBeanUsed() throws Exception {
-		this.spring.context("<b:bean id='passwordEncoder' class='org.springframework.security.crypto.password.NoOpPasswordEncoder' factory-method='getInstance'/>"
-			+ "<user-service>"
-			+ "  <user name='user' password='password' authorities='ROLE_A,ROLE_B' />"
-			+ "</user-service>"
-			+ "<http/>")
-			.mockMvcAfterSpringSecurityOk()
-			.autowire();
+		this.spring.context(
+				"<b:bean id='passwordEncoder' class='org.springframework.security.crypto.password.NoOpPasswordEncoder' factory-method='getInstance'/>"
+						+ "<user-service>" + "  <user name='user' password='password' authorities='ROLE_A,ROLE_B' />"
+						+ "</user-service>" + "<http/>")
+				.mockMvcAfterSpringSecurityOk().autowire();
 
-		this.mockMvc.perform(get("/").with(httpBasic("user", "password")))
-			.andExpect(status().isOk());
+		this.mockMvc.perform(get("/").with(httpBasic("user", "password"))).andExpect(status().isOk());
 	}
 
-	private static class AuthListener implements
-			ApplicationListener<AbstractAuthenticationEvent> {
+	private static class AuthListener implements ApplicationListener<AbstractAuthenticationEvent> {
+
 		List<AbstractAuthenticationEvent> events = new ArrayList<>();
 
 		public void onApplicationEvent(AbstractAuthenticationEvent event) {
 			this.events.add(event);
 		}
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/authentication/AuthenticationProviderBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/authentication/AuthenticationProviderBeanDefinitionParserTests.java
index 968f1f9ae1..cfd024341a 100644
--- a/config/src/test/java/org/springframework/security/config/authentication/AuthenticationProviderBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/authentication/AuthenticationProviderBeanDefinitionParserTests.java
@@ -36,9 +36,10 @@ import java.util.List;
  * @author Luke Taylor
  */
 public class AuthenticationProviderBeanDefinitionParserTests {
+
 	private AbstractXmlApplicationContext appContext;
-	private UsernamePasswordAuthenticationToken bob = new UsernamePasswordAuthenticationToken(
-			"bob", "bobspassword");
+
+	private UsernamePasswordAuthenticationToken bob = new UsernamePasswordAuthenticationToken("bob", "bobspassword");
 
 	@After
 	public void closeAppContext() {
@@ -49,8 +50,7 @@ public class AuthenticationProviderBeanDefinitionParserTests {
 
 	@Test
 	public void worksWithEmbeddedUserService() {
-		setContext(" <authentication-provider>"
-				+ "        <user-service>"
+		setContext(" <authentication-provider>" + "        <user-service>"
 				+ "            <user name='bob' password='{noop}bobspassword' authorities='ROLE_A' />"
 				+ "        </user-service>" + "    </authentication-provider>");
 		getProvider().authenticate(bob);
@@ -59,10 +59,8 @@ public class AuthenticationProviderBeanDefinitionParserTests {
 	@Test
 	public void externalUserServiceRefWorks() {
 		appContext = new InMemoryXmlApplicationContext(
-				"    <authentication-manager>"
-						+ "        <authentication-provider user-service-ref='myUserService' />"
-						+ "    </authentication-manager>"
-						+ "    <user-service id='myUserService'>"
+				"    <authentication-manager>" + "        <authentication-provider user-service-ref='myUserService' />"
+						+ "    </authentication-manager>" + "    <user-service id='myUserService'>"
 						+ "       <user name='bob' password='{noop}bobspassword' authorities='ROLE_A' />"
 						+ "    </user-service>");
 		getProvider().authenticate(bob);
@@ -70,9 +68,7 @@ public class AuthenticationProviderBeanDefinitionParserTests {
 
 	@Test
 	public void providerWithBCryptPasswordEncoderWorks() {
-		setContext(" <authentication-provider>"
-				+ "        <password-encoder hash='bcrypt'/>"
-				+ "        <user-service>"
+		setContext(" <authentication-provider>" + "        <password-encoder hash='bcrypt'/>" + "        <user-service>"
 				+ "            <user name='bob' password='$2a$05$dRmjl1T05J7rvCPD2NgsHesCEJHww3pdmesUhjM3PD4m/gaEYyx/G' authorities='ROLE_A' />"
 				+ "        </user-service>" + "    </authentication-provider>");
 
@@ -81,55 +77,35 @@ public class AuthenticationProviderBeanDefinitionParserTests {
 
 	@Test
 	public void providerWithMd5PasswordEncoderWorks() {
-		appContext = new InMemoryXmlApplicationContext(
-				" <authentication-manager>"
-				+ " <authentication-provider>"
-				+ "        <password-encoder ref='passwordEncoder'/>"
-				+ "        <user-service>"
+		appContext = new InMemoryXmlApplicationContext(" <authentication-manager>" + " <authentication-provider>"
+				+ "        <password-encoder ref='passwordEncoder'/>" + "        <user-service>"
 				+ "            <user name='bob' password='12b141f35d58b8b3a46eea65e6ac179e' authorities='ROLE_A' />"
-				+ "        </user-service>"
-				+ "    </authentication-provider>"
-				+ " </authentication-manager>"
-				+ " <b:bean id='passwordEncoder'  class='"
-				+ MessageDigestPasswordEncoder.class.getName() + "'>"
-				+ "     <b:constructor-arg value='MD5'/>"
-				+ " </b:bean>");
+				+ "        </user-service>" + "    </authentication-provider>" + " </authentication-manager>"
+				+ " <b:bean id='passwordEncoder'  class='" + MessageDigestPasswordEncoder.class.getName() + "'>"
+				+ "     <b:constructor-arg value='MD5'/>" + " </b:bean>");
 
 		getProvider().authenticate(bob);
 	}
 
 	@Test
 	public void providerWithShaPasswordEncoderWorks() {
-		appContext = new InMemoryXmlApplicationContext(
-			" <authentication-manager>"
-				+ " <authentication-provider>"
-				+ "        <password-encoder ref='passwordEncoder'/>"
-				+ "        <user-service>"
+		appContext = new InMemoryXmlApplicationContext(" <authentication-manager>" + " <authentication-provider>"
+				+ "        <password-encoder ref='passwordEncoder'/>" + "        <user-service>"
 				+ "            <user name='bob' password='{SSHA}PpuEwfdj7M1rs0C2W4ssSM2XEN/Y6S5U' authorities='ROLE_A' />"
-				+ "        </user-service>"
-				+ "    </authentication-provider>"
-				+ " </authentication-manager>"
-				+ " <b:bean id='passwordEncoder'  class='"
-				+ LdapShaPasswordEncoder.class.getName() + "'/>");
+				+ "        </user-service>" + "    </authentication-provider>" + " </authentication-manager>"
+				+ " <b:bean id='passwordEncoder'  class='" + LdapShaPasswordEncoder.class.getName() + "'/>");
 
 		getProvider().authenticate(bob);
 	}
 
 	@Test
 	public void passwordIsBase64EncodedWhenBase64IsEnabled() {
-		appContext = new InMemoryXmlApplicationContext(
-				" <authentication-manager>"
-				+ " <authentication-provider>"
-				+ "        <password-encoder ref='passwordEncoder'/>"
-				+ "        <user-service>"
+		appContext = new InMemoryXmlApplicationContext(" <authentication-manager>" + " <authentication-provider>"
+				+ "        <password-encoder ref='passwordEncoder'/>" + "        <user-service>"
 				+ "            <user name='bob' password='ErFB811YuLOkbupl5qwXng==' authorities='ROLE_A' />"
-				+ "        </user-service>"
-				+ "    </authentication-provider>"
-				+ " </authentication-manager>"
-				+ " <b:bean id='passwordEncoder'  class='"
-				+ MessageDigestPasswordEncoder.class.getName() + "'>"
-				+ "     <b:constructor-arg value='MD5'/>"
-				+ "     <b:property name='encodeHashAsBase64' value='true'/>"
+				+ "        </user-service>" + "    </authentication-provider>" + " </authentication-manager>"
+				+ " <b:bean id='passwordEncoder'  class='" + MessageDigestPasswordEncoder.class.getName() + "'>"
+				+ "     <b:constructor-arg value='MD5'/>" + "     <b:property name='encodeHashAsBase64' value='true'/>"
 				+ " </b:bean>");
 
 		getProvider().authenticate(bob);
@@ -138,26 +114,25 @@ public class AuthenticationProviderBeanDefinitionParserTests {
 	// SEC-1466
 	@Test(expected = BeanDefinitionParsingException.class)
 	public void exernalProviderDoesNotSupportChildElements() {
-		appContext = new InMemoryXmlApplicationContext(
-				"    <authentication-manager>"
-						+ "      <authentication-provider ref='aProvider'> "
-						+ "        <password-encoder ref='customPasswordEncoder'/>"
-						+ "      </authentication-provider>"
-						+ "    </authentication-manager>"
-						+ "    <b:bean id='aProvider' class='org.springframework.security.authentication.TestingAuthenticationProvider'/>"
-						+ "    <b:bean id='customPasswordEncoder' "
-						+ "        class='org.springframework.security.authentication.encoding.Md5PasswordEncoder'/>");
+		appContext = new InMemoryXmlApplicationContext("    <authentication-manager>"
+				+ "      <authentication-provider ref='aProvider'> "
+				+ "        <password-encoder ref='customPasswordEncoder'/>" + "      </authentication-provider>"
+				+ "    </authentication-manager>"
+				+ "    <b:bean id='aProvider' class='org.springframework.security.authentication.TestingAuthenticationProvider'/>"
+				+ "    <b:bean id='customPasswordEncoder' "
+				+ "        class='org.springframework.security.authentication.encoding.Md5PasswordEncoder'/>");
 	}
 
 	private AuthenticationProvider getProvider() {
-		List<AuthenticationProvider> providers = ((ProviderManager) appContext
-				.getBean(BeanIds.AUTHENTICATION_MANAGER)).getProviders();
+		List<AuthenticationProvider> providers = ((ProviderManager) appContext.getBean(BeanIds.AUTHENTICATION_MANAGER))
+				.getProviders();
 
 		return providers.get(0);
 	}
 
 	private void setContext(String context) {
-		appContext = new InMemoryXmlApplicationContext("<authentication-manager>"
-				+ context + "</authentication-manager>");
+		appContext = new InMemoryXmlApplicationContext(
+				"<authentication-manager>" + context + "</authentication-manager>");
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/authentication/JdbcUserServiceBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/authentication/JdbcUserServiceBeanDefinitionParserTests.java
index 14b833cd24..30e9cbd29b 100644
--- a/config/src/test/java/org/springframework/security/config/authentication/JdbcUserServiceBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/authentication/JdbcUserServiceBeanDefinitionParserTests.java
@@ -22,8 +22,7 @@ import org.w3c.dom.Element;
 
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.ProviderManager;
-import org.springframework.security.authentication
-		.UsernamePasswordAuthenticationToken;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
 import org.springframework.security.config.BeanIds;
 import org.springframework.security.config.util.InMemoryXmlApplicationContext;
@@ -41,12 +40,11 @@ import static org.mockito.Mockito.mock;
  * @author Eddú Meléndez
  */
 public class JdbcUserServiceBeanDefinitionParserTests {
+
 	private static String USER_CACHE_XML = "<b:bean id='userCache' class='org.springframework.security.authentication.dao.MockUserCache'/>";
 
 	private static String DATA_SOURCE = "    <b:bean id='populator' class='org.springframework.security.config.DataSourcePopulator'>"
-			+ "        <b:property name='dataSource' ref='dataSource'/>"
-			+ "    </b:bean>"
-			+
+			+ "        <b:property name='dataSource' ref='dataSource'/>" + "    </b:bean>" +
 
 			"    <b:bean id='dataSource' class='org.springframework.security.TestDataSource'>"
 			+ "        <b:constructor-arg value='jdbcnamespaces'/>" + "    </b:bean>";
@@ -62,23 +60,20 @@ public class JdbcUserServiceBeanDefinitionParserTests {
 
 	@Test
 	public void beanNameIsCorrect() {
-		assertThat(JdbcUserDetailsManager.class.getName()).isEqualTo(
-				new JdbcUserServiceBeanDefinitionParser()
-						.getBeanClassName(mock(Element.class)));
+		assertThat(JdbcUserDetailsManager.class.getName())
+				.isEqualTo(new JdbcUserServiceBeanDefinitionParser().getBeanClassName(mock(Element.class)));
 	}
 
 	@Test
 	public void validUsernameIsFound() {
 		setContext("<jdbc-user-service data-source-ref='dataSource'/>" + DATA_SOURCE);
-		JdbcUserDetailsManager mgr = (JdbcUserDetailsManager) appContext
-				.getBean(BeanIds.USER_DETAILS_SERVICE);
+		JdbcUserDetailsManager mgr = (JdbcUserDetailsManager) appContext.getBean(BeanIds.USER_DETAILS_SERVICE);
 		assertThat(mgr.loadUserByUsername("rod")).isNotNull();
 	}
 
 	@Test
 	public void beanIdIsParsedCorrectly() {
-		setContext("<jdbc-user-service id='myUserService' data-source-ref='dataSource'/>"
-				+ DATA_SOURCE);
+		setContext("<jdbc-user-service id='myUserService' data-source-ref='dataSource'/>" + DATA_SOURCE);
 		assertThat(appContext.getBean("myUserService") instanceof JdbcUserDetailsManager).isTrue();
 	}
 
@@ -86,12 +81,10 @@ public class JdbcUserServiceBeanDefinitionParserTests {
 	public void usernameAndAuthorityQueriesAreParsedCorrectly() throws Exception {
 		String userQuery = "select username, password, true from users where username = ?";
 		String authoritiesQuery = "select username, authority from authorities where username = ? and 1 = 1";
-		setContext("<jdbc-user-service id='myUserService' "
-				+ "data-source-ref='dataSource' " + "users-by-username-query='"
-				+ userQuery + "' " + "authorities-by-username-query='" + authoritiesQuery
+		setContext("<jdbc-user-service id='myUserService' " + "data-source-ref='dataSource' "
+				+ "users-by-username-query='" + userQuery + "' " + "authorities-by-username-query='" + authoritiesQuery
 				+ "'/>" + DATA_SOURCE);
-		JdbcUserDetailsManager mgr = (JdbcUserDetailsManager) appContext
-				.getBean("myUserService");
+		JdbcUserDetailsManager mgr = (JdbcUserDetailsManager) appContext.getBean("myUserService");
 		assertThat(FieldUtils.getFieldValue(mgr, "usersByUsernameQuery")).isEqualTo(userQuery);
 		assertThat(FieldUtils.getFieldValue(mgr, "authoritiesByUsernameQuery")).isEqualTo(authoritiesQuery);
 		assertThat(mgr.loadUserByUsername("rod") != null).isTrue();
@@ -99,11 +92,9 @@ public class JdbcUserServiceBeanDefinitionParserTests {
 
 	@Test
 	public void groupQueryIsParsedCorrectly() throws Exception {
-		setContext("<jdbc-user-service id='myUserService' "
-				+ "data-source-ref='dataSource' "
+		setContext("<jdbc-user-service id='myUserService' " + "data-source-ref='dataSource' "
 				+ "group-authorities-by-username-query='blah blah'/>" + DATA_SOURCE);
-		JdbcUserDetailsManager mgr = (JdbcUserDetailsManager) appContext
-				.getBean("myUserService");
+		JdbcUserDetailsManager mgr = (JdbcUserDetailsManager) appContext.getBean("myUserService");
 		assertThat(FieldUtils.getFieldValue(mgr, "groupAuthoritiesByUsernameQuery")).isEqualTo("blah blah");
 		assertThat((Boolean) FieldUtils.getFieldValue(mgr, "enableGroups")).isTrue();
 	}
@@ -113,8 +104,7 @@ public class JdbcUserServiceBeanDefinitionParserTests {
 		setContext("<jdbc-user-service id='myUserService' cache-ref='userCache' data-source-ref='dataSource'/>"
 				+ DATA_SOURCE + USER_CACHE_XML);
 		CachingUserDetailsService cachingUserService = (CachingUserDetailsService) appContext
-				.getBean("myUserService"
-						+ AbstractUserDetailsServiceBeanDefinitionParser.CACHING_SUFFIX);
+				.getBean("myUserService" + AbstractUserDetailsServiceBeanDefinitionParser.CACHING_SUFFIX);
 		assertThat(appContext.getBean("userCache")).isSameAs(cachingUserService.getUserCache());
 		assertThat(cachingUserService.loadUserByUsername("rod")).isNotNull();
 		assertThat(cachingUserService.loadUserByUsername("rod")).isNotNull();
@@ -123,43 +113,36 @@ public class JdbcUserServiceBeanDefinitionParserTests {
 	@Test
 	public void isSupportedByAuthenticationProviderElement() {
 		setContext("<authentication-manager>" + "  <authentication-provider>"
-				+ "    <jdbc-user-service data-source-ref='dataSource'/>"
-				+ "  </authentication-provider>" + "</authentication-manager>"
-				+ DATA_SOURCE);
-		AuthenticationManager mgr = (AuthenticationManager) appContext
-				.getBean(BeanIds.AUTHENTICATION_MANAGER);
+				+ "    <jdbc-user-service data-source-ref='dataSource'/>" + "  </authentication-provider>"
+				+ "</authentication-manager>" + DATA_SOURCE);
+		AuthenticationManager mgr = (AuthenticationManager) appContext.getBean(BeanIds.AUTHENTICATION_MANAGER);
 		mgr.authenticate(new UsernamePasswordAuthenticationToken("rod", "koala"));
 	}
 
 	@Test
 	public void cacheIsInjectedIntoAuthenticationProvider() {
-		setContext("<authentication-manager>"
-				+ "  <authentication-provider>"
+		setContext("<authentication-manager>" + "  <authentication-provider>"
 				+ "    <jdbc-user-service cache-ref='userCache' data-source-ref='dataSource'/>"
-				+ "  </authentication-provider>" + "</authentication-manager>"
-				+ DATA_SOURCE + USER_CACHE_XML);
-		ProviderManager mgr = (ProviderManager) appContext
-				.getBean(BeanIds.AUTHENTICATION_MANAGER);
-		DaoAuthenticationProvider provider = (DaoAuthenticationProvider) mgr
-				.getProviders().get(0);
+				+ "  </authentication-provider>" + "</authentication-manager>" + DATA_SOURCE + USER_CACHE_XML);
+		ProviderManager mgr = (ProviderManager) appContext.getBean(BeanIds.AUTHENTICATION_MANAGER);
+		DaoAuthenticationProvider provider = (DaoAuthenticationProvider) mgr.getProviders().get(0);
 		assertThat(appContext.getBean("userCache")).isSameAs(provider.getUserCache());
 		provider.authenticate(new UsernamePasswordAuthenticationToken("rod", "koala"));
-		assertThat(provider
-				.getUserCache().getUserFromCache("rod")).isNotNull().withFailMessage("Cache should contain user after authentication");
+		assertThat(provider.getUserCache().getUserFromCache("rod")).isNotNull()
+				.withFailMessage("Cache should contain user after authentication");
 	}
 
 	@Test
 	public void rolePrefixIsUsedWhenSet() {
 		setContext("<jdbc-user-service id='myUserService' role-prefix='PREFIX_' data-source-ref='dataSource'/>"
 				+ DATA_SOURCE);
-		JdbcUserDetailsManager mgr = (JdbcUserDetailsManager) appContext
-				.getBean("myUserService");
+		JdbcUserDetailsManager mgr = (JdbcUserDetailsManager) appContext.getBean("myUserService");
 		UserDetails rod = mgr.loadUserByUsername("rod");
-		assertThat(AuthorityUtils.authorityListToSet(rod.getAuthorities()))
-				.contains("PREFIX_ROLE_SUPERVISOR");
+		assertThat(AuthorityUtils.authorityListToSet(rod.getAuthorities())).contains("PREFIX_ROLE_SUPERVISOR");
 	}
 
 	private void setContext(String context) {
 		appContext = new InMemoryXmlApplicationContext(context);
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/authentication/PasswordEncoderParserTests.java b/config/src/test/java/org/springframework/security/config/authentication/PasswordEncoderParserTests.java
index 7f97bfce57..fb4c1412d7 100644
--- a/config/src/test/java/org/springframework/security/config/authentication/PasswordEncoderParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/authentication/PasswordEncoderParserTests.java
@@ -31,6 +31,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
  * @since 5.0
  */
 public class PasswordEncoderParserTests {
+
 	@Rule
 	public final SpringTestRule spring = new SpringTestRule();
 
@@ -39,22 +40,20 @@ public class PasswordEncoderParserTests {
 
 	@Test
 	public void passwordEncoderDefaultsToDelegatingPasswordEncoder() throws Exception {
-		this.spring.configLocations("classpath:org/springframework/security/config/authentication/PasswordEncoderParserTests-default.xml")
-			.mockMvcAfterSpringSecurityOk()
-			.autowire();
+		this.spring.configLocations(
+				"classpath:org/springframework/security/config/authentication/PasswordEncoderParserTests-default.xml")
+				.mockMvcAfterSpringSecurityOk().autowire();
 
-		this.mockMvc.perform(get("/").with(httpBasic("user", "password")))
-			.andExpect(status().isOk());
+		this.mockMvc.perform(get("/").with(httpBasic("user", "password"))).andExpect(status().isOk());
 	}
 
 	@Test
 	public void passwordEncoderDefaultsToPasswordEncoderBean() throws Exception {
-		this.spring.configLocations("classpath:org/springframework/security/config/authentication/PasswordEncoderParserTests-bean.xml")
-			.mockMvcAfterSpringSecurityOk()
-			.autowire();
+		this.spring.configLocations(
+				"classpath:org/springframework/security/config/authentication/PasswordEncoderParserTests-bean.xml")
+				.mockMvcAfterSpringSecurityOk().autowire();
 
-		this.mockMvc.perform(get("/").with(httpBasic("user", "password")))
-			.andExpect(status().isOk());
+		this.mockMvc.perform(get("/").with(httpBasic("user", "password"))).andExpect(status().isOk());
 	}
 
 }
diff --git a/config/src/test/java/org/springframework/security/config/authentication/UserServiceBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/authentication/UserServiceBeanDefinitionParserTests.java
index b3791d7f1d..1ad00ea422 100644
--- a/config/src/test/java/org/springframework/security/config/authentication/UserServiceBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/authentication/UserServiceBeanDefinitionParserTests.java
@@ -30,6 +30,7 @@ import org.junit.After;
  * @author Luke Taylor
  */
 public class UserServiceBeanDefinitionParserTests {
+
 	private AbstractXmlApplicationContext appContext;
 
 	@After
@@ -43,19 +44,16 @@ public class UserServiceBeanDefinitionParserTests {
 	public void userServiceWithValidPropertiesFileWorksSuccessfully() {
 		setContext("<user-service id='service' "
 				+ "properties='classpath:org/springframework/security/config/users.properties'/>");
-		UserDetailsService userService = (UserDetailsService) appContext
-				.getBean("service");
+		UserDetailsService userService = (UserDetailsService) appContext.getBean("service");
 		userService.loadUserByUsername("bob");
 		userService.loadUserByUsername("joe");
 	}
 
 	@Test
 	public void userServiceWithEmbeddedUsersWorksSuccessfully() {
-		setContext("<user-service id='service'>"
-				+ "    <user name='joe' password='joespassword' authorities='ROLE_A'/>"
+		setContext("<user-service id='service'>" + "    <user name='joe' password='joespassword' authorities='ROLE_A'/>"
 				+ "</user-service>");
-		UserDetailsService userService = (UserDetailsService) appContext
-				.getBean("service");
+		UserDetailsService userService = (UserDetailsService) appContext.getBean("service");
 		userService.loadUserByUsername("joe");
 	}
 
@@ -68,8 +66,7 @@ public class UserServiceBeanDefinitionParserTests {
 				+ "<user-service id='service'>"
 				+ "    <user name='${principal.name}' password='${principal.pass}' authorities='${principal.authorities}'/>"
 				+ "</user-service>");
-		UserDetailsService userService = (UserDetailsService) appContext
-				.getBean("service");
+		UserDetailsService userService = (UserDetailsService) appContext.getBean("service");
 		UserDetails joe = userService.loadUserByUsername("joe");
 		assertThat(joe.getPassword()).isEqualTo("joespassword");
 		assertThat(joe.getAuthorities()).hasSize(2);
@@ -77,10 +74,8 @@ public class UserServiceBeanDefinitionParserTests {
 
 	@Test
 	public void embeddedUsersWithNoPasswordIsGivenGeneratedValue() {
-		setContext("<user-service id='service'>"
-				+ "    <user name='joe' authorities='ROLE_A'/>" + "</user-service>");
-		UserDetailsService userService = (UserDetailsService) appContext
-				.getBean("service");
+		setContext("<user-service id='service'>" + "    <user name='joe' authorities='ROLE_A'/>" + "</user-service>");
+		UserDetailsService userService = (UserDetailsService) appContext.getBean("service");
 		UserDetails joe = userService.loadUserByUsername("joe");
 		assertThat(joe.getPassword().length() > 0).isTrue();
 		Long.parseLong(joe.getPassword());
@@ -88,20 +83,14 @@ public class UserServiceBeanDefinitionParserTests {
 
 	@Test
 	public void worksWithOpenIDUrlsAsNames() {
-		setContext("<user-service id='service'>"
-				+ "    <user name='https://joe.myopenid.com/' authorities='ROLE_A'/>"
+		setContext("<user-service id='service'>" + "    <user name='https://joe.myopenid.com/' authorities='ROLE_A'/>"
 				+ "    <user name='https://www.google.com/accounts/o8/id?id=MPtOaenBIk5yzW9n7n9' authorities='ROLE_A'/>"
 				+ "</user-service>");
-		UserDetailsService userService = (UserDetailsService) appContext
-				.getBean("service");
-		assertThat(
-				userService.loadUserByUsername("https://joe.myopenid.com/").getUsername())
+		UserDetailsService userService = (UserDetailsService) appContext.getBean("service");
+		assertThat(userService.loadUserByUsername("https://joe.myopenid.com/").getUsername())
 				.isEqualTo("https://joe.myopenid.com/");
-		assertThat(
-				userService.loadUserByUsername(
-						"https://www.google.com/accounts/o8/id?id=MPtOaenBIk5yzW9n7n9")
-						.getUsername())
-				.isEqualTo("https://www.google.com/accounts/o8/id?id=MPtOaenBIk5yzW9n7n9");
+		assertThat(userService.loadUserByUsername("https://www.google.com/accounts/o8/id?id=MPtOaenBIk5yzW9n7n9")
+				.getUsername()).isEqualTo("https://www.google.com/accounts/o8/id?id=MPtOaenBIk5yzW9n7n9");
 	}
 
 	@Test
@@ -110,8 +99,7 @@ public class UserServiceBeanDefinitionParserTests {
 				+ "    <user name='joe' password='joespassword' authorities='ROLE_A' locked='true'/>"
 				+ "    <user name='Bob' password='bobspassword' authorities='ROLE_A' disabled='true'/>"
 				+ "</user-service>");
-		UserDetailsService userService = (UserDetailsService) appContext
-				.getBean("service");
+		UserDetailsService userService = (UserDetailsService) appContext.getBean("service");
 		UserDetails joe = userService.loadUserByUsername("joe");
 		assertThat(joe.isAccountNonLocked()).isFalse();
 		// Check case-sensitive lookup SEC-1432
@@ -122,10 +110,8 @@ public class UserServiceBeanDefinitionParserTests {
 	@Test(expected = FatalBeanException.class)
 	public void userWithBothPropertiesAndEmbeddedUsersThrowsException() {
 		setContext("<user-service id='service' properties='doesntmatter.props'>"
-				+ "    <user name='joe' password='joespassword' authorities='ROLE_A'/>"
-				+ "</user-service>");
-		UserDetailsService userService = (UserDetailsService) appContext
-				.getBean("service");
+				+ "    <user name='joe' password='joespassword' authorities='ROLE_A'/>" + "</user-service>");
+		UserDetailsService userService = (UserDetailsService) appContext.getBean("service");
 		userService.loadUserByUsername("Joe");
 	}
 
@@ -144,4 +130,5 @@ public class UserServiceBeanDefinitionParserTests {
 	private void setContext(String context) {
 		appContext = new InMemoryXmlApplicationContext(context);
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsJcTests.java b/config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsJcTests.java
index dcf6e5995f..43b26c9b88 100644
--- a/config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsJcTests.java
+++ b/config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsJcTests.java
@@ -52,13 +52,17 @@ import static org.assertj.core.api.Assertions.assertThat;
 @RunWith(SpringJUnit4ClassRunner.class)
 @ContextConfiguration
 public class GrantedAuthorityDefaultsJcTests {
+
 	@Autowired
 	FilterChainProxy springSecurityFilterChain;
+
 	@Autowired
 	MessageService messageService;
 
 	MockHttpServletRequest request;
+
 	MockHttpServletResponse response;
+
 	MockFilterChain chain;
 
 	@Before
@@ -153,7 +157,7 @@ public class GrantedAuthorityDefaultsJcTests {
 
 	@Configuration
 	@EnableWebSecurity
-	@EnableGlobalMethodSecurity(prePostEnabled=true, jsr250Enabled=true)
+	@EnableGlobalMethodSecurity(prePostEnabled = true, jsr250Enabled = true)
 	static class Config extends WebSecurityConfigurerAdapter {
 
 		@Autowired
@@ -183,5 +187,7 @@ public class GrantedAuthorityDefaultsJcTests {
 		public static GrantedAuthorityDefaults grantedAuthorityDefaults() {
 			return new GrantedAuthorityDefaults("");
 		}
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsXmlTests.java b/config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsXmlTests.java
index 9cd487988d..743c19620f 100644
--- a/config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsXmlTests.java
+++ b/config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsXmlTests.java
@@ -45,13 +45,17 @@ import static org.assertj.core.api.Assertions.assertThat;
 @RunWith(SpringJUnit4ClassRunner.class)
 @ContextConfiguration
 public class GrantedAuthorityDefaultsXmlTests {
+
 	@Autowired
 	FilterChainProxy springSecurityFilterChain;
+
 	@Autowired
 	MessageService messageService;
 
 	MockHttpServletRequest request;
+
 	MockHttpServletResponse response;
+
 	MockFilterChain chain;
 
 	@Before
@@ -143,4 +147,5 @@ public class GrantedAuthorityDefaultsXmlTests {
 		TestingAuthenticationToken user = new TestingAuthenticationToken("user", "password", role);
 		SecurityContextHolder.getContext().setAuthentication(user);
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/core/HelloWorldMessageService.java b/config/src/test/java/org/springframework/security/config/core/HelloWorldMessageService.java
index 59a08a96c7..6813e2050c 100755
--- a/config/src/test/java/org/springframework/security/config/core/HelloWorldMessageService.java
+++ b/config/src/test/java/org/springframework/security/config/core/HelloWorldMessageService.java
@@ -33,4 +33,5 @@ public class HelloWorldMessageService implements MessageService {
 	public String getJsrMessage() {
 		return "Hello JSR";
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/core/MessageService.java b/config/src/test/java/org/springframework/security/config/core/MessageService.java
index 3ec014e486..ce55bba1f3 100755
--- a/config/src/test/java/org/springframework/security/config/core/MessageService.java
+++ b/config/src/test/java/org/springframework/security/config/core/MessageService.java
@@ -19,6 +19,9 @@ package org.springframework.security.config.core;
  * @author Rob Winch
  */
 public interface MessageService {
+
 	String getMessage();
+
 	String getJsrMessage();
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/core/userdetails/ReactiveUserDetailsServiceResourceFactoryBeanPropertiesResourceITests.java b/config/src/test/java/org/springframework/security/config/core/userdetails/ReactiveUserDetailsServiceResourceFactoryBeanPropertiesResourceITests.java
index 59f75ef5de..df43e2fdb1 100644
--- a/config/src/test/java/org/springframework/security/config/core/userdetails/ReactiveUserDetailsServiceResourceFactoryBeanPropertiesResourceITests.java
+++ b/config/src/test/java/org/springframework/security/config/core/userdetails/ReactiveUserDetailsServiceResourceFactoryBeanPropertiesResourceITests.java
@@ -16,7 +16,6 @@
 
 package org.springframework.security.config.core.userdetails;
 
-
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -34,7 +33,9 @@ import static org.assertj.core.api.AssertionsForInterfaceTypes.assertThat;
  */
 @RunWith(SpringRunner.class)
 public class ReactiveUserDetailsServiceResourceFactoryBeanPropertiesResourceITests {
-	@Autowired ReactiveUserDetailsService users;
+
+	@Autowired
+	ReactiveUserDetailsService users;
 
 	@Test
 	public void loadUserByUsernameWhenUserFoundThenNotNull() {
@@ -43,9 +44,13 @@ public class ReactiveUserDetailsServiceResourceFactoryBeanPropertiesResourceITes
 
 	@Configuration
 	static class Config {
+
 		@Bean
 		public ReactiveUserDetailsServiceResourceFactoryBean userDetailsService() {
-			return ReactiveUserDetailsServiceResourceFactoryBean.fromResource(new InMemoryResource("user=password,ROLE_USER"));
+			return ReactiveUserDetailsServiceResourceFactoryBean
+					.fromResource(new InMemoryResource("user=password,ROLE_USER"));
 		}
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/core/userdetails/ReactiveUserDetailsServiceResourceFactoryBeanPropertiesResourceLocationITests.java b/config/src/test/java/org/springframework/security/config/core/userdetails/ReactiveUserDetailsServiceResourceFactoryBeanPropertiesResourceLocationITests.java
index 8ec512ce44..92e530929f 100644
--- a/config/src/test/java/org/springframework/security/config/core/userdetails/ReactiveUserDetailsServiceResourceFactoryBeanPropertiesResourceLocationITests.java
+++ b/config/src/test/java/org/springframework/security/config/core/userdetails/ReactiveUserDetailsServiceResourceFactoryBeanPropertiesResourceLocationITests.java
@@ -16,7 +16,6 @@
 
 package org.springframework.security.config.core.userdetails;
 
-
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -33,7 +32,9 @@ import static org.assertj.core.api.AssertionsForInterfaceTypes.assertThat;
  */
 @RunWith(SpringRunner.class)
 public class ReactiveUserDetailsServiceResourceFactoryBeanPropertiesResourceLocationITests {
-	@Autowired ReactiveUserDetailsService users;
+
+	@Autowired
+	ReactiveUserDetailsService users;
 
 	@Test
 	public void loadUserByUsernameWhenUserFoundThenNotNull() {
@@ -42,9 +43,12 @@ public class ReactiveUserDetailsServiceResourceFactoryBeanPropertiesResourceLoca
 
 	@Configuration
 	static class Config {
+
 		@Bean
 		public ReactiveUserDetailsServiceResourceFactoryBean userDetailsService() {
 			return ReactiveUserDetailsServiceResourceFactoryBean.fromResourceLocation("classpath:users.properties");
 		}
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/core/userdetails/ReactiveUserDetailsServiceResourceFactoryBeanStringITests.java b/config/src/test/java/org/springframework/security/config/core/userdetails/ReactiveUserDetailsServiceResourceFactoryBeanStringITests.java
index d6a19645ca..27c95b980c 100644
--- a/config/src/test/java/org/springframework/security/config/core/userdetails/ReactiveUserDetailsServiceResourceFactoryBeanStringITests.java
+++ b/config/src/test/java/org/springframework/security/config/core/userdetails/ReactiveUserDetailsServiceResourceFactoryBeanStringITests.java
@@ -16,7 +16,6 @@
 
 package org.springframework.security.config.core.userdetails;
 
-
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -33,7 +32,9 @@ import static org.assertj.core.api.AssertionsForInterfaceTypes.assertThat;
  */
 @RunWith(SpringRunner.class)
 public class ReactiveUserDetailsServiceResourceFactoryBeanStringITests {
-	@Autowired ReactiveUserDetailsService users;
+
+	@Autowired
+	ReactiveUserDetailsService users;
 
 	@Test
 	public void findByUsernameWhenUserFoundThenNotNull() {
@@ -42,9 +43,12 @@ public class ReactiveUserDetailsServiceResourceFactoryBeanStringITests {
 
 	@Configuration
 	static class Config {
+
 		@Bean
 		public ReactiveUserDetailsServiceResourceFactoryBean userDetailsService() {
 			return ReactiveUserDetailsServiceResourceFactoryBean.fromString("user=password,ROLE_USER");
 		}
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/core/userdetails/UserDetailsResourceFactoryBeanTests.java b/config/src/test/java/org/springframework/security/config/core/userdetails/UserDetailsResourceFactoryBeanTests.java
index f02f51d137..574ed3af76 100644
--- a/config/src/test/java/org/springframework/security/config/core/userdetails/UserDetailsResourceFactoryBeanTests.java
+++ b/config/src/test/java/org/springframework/security/config/core/userdetails/UserDetailsResourceFactoryBeanTests.java
@@ -36,6 +36,7 @@ import static org.assertj.core.api.AssertionsForClassTypes.assertThatThrownBy;
  */
 @RunWith(MockitoJUnitRunner.class)
 public class UserDetailsResourceFactoryBeanTests {
+
 	@Mock
 	ResourceLoader resourceLoader;
 
@@ -43,18 +44,16 @@ public class UserDetailsResourceFactoryBeanTests {
 
 	@Test
 	public void setResourceLoaderWhenNullThenThrowsException() {
-		assertThatThrownBy(() -> factory.setResourceLoader(null) )
-			.isInstanceOf(IllegalArgumentException.class)
-			.hasStackTraceContaining("resourceLoader cannot be null");
+		assertThatThrownBy(() -> factory.setResourceLoader(null)).isInstanceOf(IllegalArgumentException.class)
+				.hasStackTraceContaining("resourceLoader cannot be null");
 	}
 
 	@Test
 	public void getObjectWhenPropertiesResourceLocationNullThenThrowsIllegalStateException() {
 		factory.setResourceLoader(resourceLoader);
 
-		assertThatThrownBy(() -> factory.getObject() )
-			.isInstanceOf(IllegalArgumentException.class)
-			.hasStackTraceContaining("resource cannot be null if resourceLocation is null");
+		assertThatThrownBy(() -> factory.getObject()).isInstanceOf(IllegalArgumentException.class)
+				.hasStackTraceContaining("resource cannot be null if resourceLocation is null");
 	}
 
 	@Test
@@ -77,10 +76,8 @@ public class UserDetailsResourceFactoryBeanTests {
 	public void getObjectWhenInvalidUserThenThrowsMeaningfulException() {
 		factory.setResource(new InMemoryResource("user=invalidFormatHere"));
 
-		assertThatThrownBy(() -> factory.getObject() )
-			.isInstanceOf(IllegalStateException.class)
-			.hasStackTraceContaining("user")
-			.hasStackTraceContaining("invalidFormatHere");
+		assertThatThrownBy(() -> factory.getObject()).isInstanceOf(IllegalStateException.class)
+				.hasStackTraceContaining("user").hasStackTraceContaining("invalidFormatHere");
 	}
 
 	@Test
@@ -100,4 +97,5 @@ public class UserDetailsResourceFactoryBeanTests {
 		// @formatter:on
 		assertThat(users).containsExactly(expectedUser);
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/crypto/RsaKeyConversionServicePostProcessorTests.java b/config/src/test/java/org/springframework/security/config/crypto/RsaKeyConversionServicePostProcessorTests.java
index e4bb97ca8e..180983d8f6 100644
--- a/config/src/test/java/org/springframework/security/config/crypto/RsaKeyConversionServicePostProcessorTests.java
+++ b/config/src/test/java/org/springframework/security/config/crypto/RsaKeyConversionServicePostProcessorTests.java
@@ -45,39 +45,38 @@ import static org.assertj.core.api.Assertions.assertThatCode;
  */
 public class RsaKeyConversionServicePostProcessorTests {
 
-	private static final String PKCS8_PRIVATE_KEY = "-----BEGIN PRIVATE KEY-----\n" +
-			"MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCMk7CKSTfu3QoV\n" +
-			"HoPVXxwZO+qweztd36cVWYqGOZinrOR2crWFu50AgR2CsdIH0+cqo7F4Vx7/3O8i\n" +
-			"RpYYZPe2VoO5sumzJt8P6fS80/TAKjhJDAqgZKRJTgGN8KxCM6p/aJli1ZeDBqiV\n" +
-			"v7vJJe+ZgJuPGRS+HMNa/wPxEkqqXsglcJcQV1ZEtfKXSHB7jizKpRL38185SyAC\n" +
-			"pwyjvBu6Cmm1URfhQo88mf239ONh4dZ2HoDfzN1q6Ssu4F4hgutxr9B0DVLDP5u+\n" +
-			"WFrm3nsJ76zf99uJ+ntMUHJ+bY+gOjSlVWIVBIZeAaEGKCNWRk/knjvjbijpvm3U\n" +
-			"acGlgdL3AgMBAAECggEACxxxS7zVyu91qI2s5eSKmAQAXMqgup6+2hUluc47nqUv\n" +
-			"uZz/c/6MPkn2Ryo+65d4IgqmMFjSfm68B/2ER5FTcvoLl1Xo2twrrVpUmcg3BClS\n" +
-			"IZPuExdhVNnxjYKEWwcyZrehyAoR261fDdcFxLRW588efIUC+rPTTRHzAc7sT+Ln\n" +
-			"t/uFeYNWJm3LaegOLoOmlMAhJ5puAWSN1F0FxtRf/RVgzbLA9QC975SKHJsfWCSr\n" +
-			"IZyPsdeaqomKaF65l8nfqlE0Ua2L35gIOGKjUwb7uUE8nI362RWMtYdoi3zDDyoY\n" +
-			"hSFbgjylCHDM0u6iSh6KfqOHtkYyJ8tUYgVWl787wQKBgQDYO3wL7xuDdD101Lyl\n" +
-			"AnaDdFB9fxp83FG1cWr+t7LYm9YxGfEUsKHAJXN6TIayDkOOoVwIl+Gz0T3Z06Bm\n" +
-			"eBGLrB9mrVA7+C7NJwu5gTMlzP6HxUR9zKJIQ/VB1NUGM77LSmvOFbHc9Q0+z8EH\n" +
-			"X5WO516a3Z7lNtZJcCoPOtu2rwKBgQCmbj41Fh+SSEUApCEKms5ETRpe7LXQlJgx\n" +
-			"yW7zcJNNuIb1C3vBLPxjiOTMgYKOeMg5rtHTGLT43URHLh9ArjawasjSAr4AM3J4\n" +
-			"xpoi/sKGDdiKOsuDWIGfzdYL8qyTHSdpZLQsCTMRiRYgAHZFPgNa7SLZRfZicGlr\n" +
-			"GHN1rJW6OQKBgEjiM/upyrJSWeypUDSmUeAZMpA6aWkwsfHgmtnkfUn5rQa74cDB\n" +
-			"kKO9e+D7LmOR3z+SL/1NhGwh2SE07dncGr3jdGodfO/ZxZyszozmeaECKcEFwwJM\n" +
-			"GV8WWPKplGwUwPiwywmZ0mvRxXcoe73KgBS88+xrSwWjqDL0tZiQlEJNAoGATkei\n" +
-			"GMQMG3jEg9Wu+NbxV6zQT3+U0MNjhl9RQU1c63x0dcNt9OFc4NAdlZcAulRTENaK\n" +
-			"OHjxffBM0hH+fySx8m53gFfr2BpaqDX5f6ZGBlly1SlsWZ4CchCVsc71nshipi7I\n" +
-			"k8HL9F5/OpQdDNprJ5RMBNfkWE65Nrcsb1e6oPkCgYAxwgdiSOtNg8PjDVDmAhwT\n" +
-			"Mxj0Dtwi2fAqQ76RVrrXpNp3uCOIAu4CfruIb5llcJ3uak0ZbnWri32AxSgk80y3\n" +
-			"EWiRX/WEDu5znejF+5O3pI02atWWcnxifEKGGlxwkcMbQdA67MlrJLFaSnnGpNXo\n" +
-			"yPfcul058SOqhafIZQMEKQ==\n" +
-			"-----END PRIVATE KEY-----";
-	private static final String X509_PUBLIC_KEY_LOCATION =
-			"classpath:org/springframework/security/config/annotation/web/configuration/simple.pub";
+	private static final String PKCS8_PRIVATE_KEY = "-----BEGIN PRIVATE KEY-----\n"
+			+ "MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCMk7CKSTfu3QoV\n"
+			+ "HoPVXxwZO+qweztd36cVWYqGOZinrOR2crWFu50AgR2CsdIH0+cqo7F4Vx7/3O8i\n"
+			+ "RpYYZPe2VoO5sumzJt8P6fS80/TAKjhJDAqgZKRJTgGN8KxCM6p/aJli1ZeDBqiV\n"
+			+ "v7vJJe+ZgJuPGRS+HMNa/wPxEkqqXsglcJcQV1ZEtfKXSHB7jizKpRL38185SyAC\n"
+			+ "pwyjvBu6Cmm1URfhQo88mf239ONh4dZ2HoDfzN1q6Ssu4F4hgutxr9B0DVLDP5u+\n"
+			+ "WFrm3nsJ76zf99uJ+ntMUHJ+bY+gOjSlVWIVBIZeAaEGKCNWRk/knjvjbijpvm3U\n"
+			+ "acGlgdL3AgMBAAECggEACxxxS7zVyu91qI2s5eSKmAQAXMqgup6+2hUluc47nqUv\n"
+			+ "uZz/c/6MPkn2Ryo+65d4IgqmMFjSfm68B/2ER5FTcvoLl1Xo2twrrVpUmcg3BClS\n"
+			+ "IZPuExdhVNnxjYKEWwcyZrehyAoR261fDdcFxLRW588efIUC+rPTTRHzAc7sT+Ln\n"
+			+ "t/uFeYNWJm3LaegOLoOmlMAhJ5puAWSN1F0FxtRf/RVgzbLA9QC975SKHJsfWCSr\n"
+			+ "IZyPsdeaqomKaF65l8nfqlE0Ua2L35gIOGKjUwb7uUE8nI362RWMtYdoi3zDDyoY\n"
+			+ "hSFbgjylCHDM0u6iSh6KfqOHtkYyJ8tUYgVWl787wQKBgQDYO3wL7xuDdD101Lyl\n"
+			+ "AnaDdFB9fxp83FG1cWr+t7LYm9YxGfEUsKHAJXN6TIayDkOOoVwIl+Gz0T3Z06Bm\n"
+			+ "eBGLrB9mrVA7+C7NJwu5gTMlzP6HxUR9zKJIQ/VB1NUGM77LSmvOFbHc9Q0+z8EH\n"
+			+ "X5WO516a3Z7lNtZJcCoPOtu2rwKBgQCmbj41Fh+SSEUApCEKms5ETRpe7LXQlJgx\n"
+			+ "yW7zcJNNuIb1C3vBLPxjiOTMgYKOeMg5rtHTGLT43URHLh9ArjawasjSAr4AM3J4\n"
+			+ "xpoi/sKGDdiKOsuDWIGfzdYL8qyTHSdpZLQsCTMRiRYgAHZFPgNa7SLZRfZicGlr\n"
+			+ "GHN1rJW6OQKBgEjiM/upyrJSWeypUDSmUeAZMpA6aWkwsfHgmtnkfUn5rQa74cDB\n"
+			+ "kKO9e+D7LmOR3z+SL/1NhGwh2SE07dncGr3jdGodfO/ZxZyszozmeaECKcEFwwJM\n"
+			+ "GV8WWPKplGwUwPiwywmZ0mvRxXcoe73KgBS88+xrSwWjqDL0tZiQlEJNAoGATkei\n"
+			+ "GMQMG3jEg9Wu+NbxV6zQT3+U0MNjhl9RQU1c63x0dcNt9OFc4NAdlZcAulRTENaK\n"
+			+ "OHjxffBM0hH+fySx8m53gFfr2BpaqDX5f6ZGBlly1SlsWZ4CchCVsc71nshipi7I\n"
+			+ "k8HL9F5/OpQdDNprJ5RMBNfkWE65Nrcsb1e6oPkCgYAxwgdiSOtNg8PjDVDmAhwT\n"
+			+ "Mxj0Dtwi2fAqQ76RVrrXpNp3uCOIAu4CfruIb5llcJ3uak0ZbnWri32AxSgk80y3\n"
+			+ "EWiRX/WEDu5znejF+5O3pI02atWWcnxifEKGGlxwkcMbQdA67MlrJLFaSnnGpNXo\n" + "yPfcul058SOqhafIZQMEKQ==\n"
+			+ "-----END PRIVATE KEY-----";
+
+	private static final String X509_PUBLIC_KEY_LOCATION = "classpath:org/springframework/security/config/annotation/web/configuration/simple.pub";
+
+	private final RsaKeyConversionServicePostProcessor postProcessor = new RsaKeyConversionServicePostProcessor();
 
-	private final RsaKeyConversionServicePostProcessor postProcessor =
-			new RsaKeyConversionServicePostProcessor();
 	private ConversionService service;
 
 	@Value("classpath:org/springframework/security/config/annotation/web/configuration/simple.pub")
@@ -132,25 +131,30 @@ public class RsaKeyConversionServicePostProcessorTests {
 
 	@Test
 	public void valueWhenOverridingConversionServiceThenUsed() {
-		assertThatCode(() ->
-				this.spring.register(OverrideConversionServiceConfig.class, DefaultConfig.class).autowire())
-				.hasRootCauseInstanceOf(IllegalArgumentException.class);
+		assertThatCode(
+				() -> this.spring.register(OverrideConversionServiceConfig.class, DefaultConfig.class).autowire())
+						.hasRootCauseInstanceOf(IllegalArgumentException.class);
 	}
 
 	@EnableWebSecurity
-	static class DefaultConfig { }
+	static class DefaultConfig {
+
+	}
 
 	@Configuration
 	static class CustomResourceLoaderConfig {
+
 		@Bean
 		BeanFactoryPostProcessor conversionServiceCustomizer() {
 			return beanFactory -> beanFactory.getBean(RsaKeyConversionServicePostProcessor.class)
 					.setResourceLoader(new CustomResourceLoader());
 		}
+
 	}
 
 	@Configuration
 	static class OverrideConversionServiceConfig {
+
 		@Bean
 		ConversionService conversionService() {
 			GenericConversionService service = new GenericConversionService();
@@ -159,16 +163,19 @@ public class RsaKeyConversionServicePostProcessorTests {
 			});
 			return service;
 		}
+
 	}
 
 	private static class CustomResourceLoader implements ResourceLoader {
+
 		private final ResourceLoader delegate = new DefaultResourceLoader();
 
 		@Override
 		public Resource getResource(String location) {
 			if (location.startsWith("classpath:")) {
 				return this.delegate.getResource(location);
-			} else if (location.startsWith("custom:")) {
+			}
+			else if (location.startsWith("custom:")) {
 				String[] parts = location.split(":");
 				return this.delegate.getResource(
 						"classpath:org/springframework/security/config/annotation/web/configuration/" + parts[1]);
@@ -180,5 +187,7 @@ public class RsaKeyConversionServicePostProcessorTests {
 		public ClassLoader getClassLoader() {
 			return this.delegate.getClassLoader();
 		}
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/debug/AuthProviderDependency.java b/config/src/test/java/org/springframework/security/config/debug/AuthProviderDependency.java
index 2482e56434..c5916511f5 100644
--- a/config/src/test/java/org/springframework/security/config/debug/AuthProviderDependency.java
+++ b/config/src/test/java/org/springframework/security/config/debug/AuthProviderDependency.java
@@ -19,6 +19,7 @@ import org.springframework.stereotype.Component;
 
 /**
  * Fake depenency for {@link TestAuthenticationProvider}
+ *
  * @author Rob Winch
  *
  */
diff --git a/config/src/test/java/org/springframework/security/config/debug/SecurityDebugBeanFactoryPostProcessorTests.java b/config/src/test/java/org/springframework/security/config/debug/SecurityDebugBeanFactoryPostProcessorTests.java
index a721906b21..83626cea07 100644
--- a/config/src/test/java/org/springframework/security/config/debug/SecurityDebugBeanFactoryPostProcessorTests.java
+++ b/config/src/test/java/org/springframework/security/config/debug/SecurityDebugBeanFactoryPostProcessorTests.java
@@ -37,10 +37,12 @@ public class SecurityDebugBeanFactoryPostProcessorTests {
 	@Test
 	public void contextRefreshWhenInDebugModeAndDependencyHasAutowiredConstructorThenDebugModeStillWorks() {
 		// SEC-1885
-		this.spring.configLocations("classpath:org/springframework/security/config/debug/SecurityDebugBeanFactoryPostProcessorTests-context.xml")
-			.autowire();
+		this.spring.configLocations(
+				"classpath:org/springframework/security/config/debug/SecurityDebugBeanFactoryPostProcessorTests-context.xml")
+				.autowire();
 
 		assertThat(this.spring.getContext().getBean(SPRING_SECURITY_FILTER_CHAIN)).isInstanceOf(DebugFilter.class);
 		assertThat(this.spring.getContext().getBean(FILTER_CHAIN_PROXY)).isInstanceOf(FilterChainProxy.class);
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/debug/TestAuthenticationProvider.java b/config/src/test/java/org/springframework/security/config/debug/TestAuthenticationProvider.java
index 1a7a6f8966..26488ee356 100644
--- a/config/src/test/java/org/springframework/security/config/debug/TestAuthenticationProvider.java
+++ b/config/src/test/java/org/springframework/security/config/debug/TestAuthenticationProvider.java
@@ -15,7 +15,6 @@
  */
 package org.springframework.security.config.debug;
 
-
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.authentication.AuthenticationProvider;
 import org.springframework.security.core.Authentication;
@@ -23,7 +22,9 @@ import org.springframework.security.core.AuthenticationException;
 import org.springframework.stereotype.Service;
 
 /**
- * An {@link AuthenticationProvider} that has an {@link Autowired} constructor which is necessary to recreate SEC-1885.
+ * An {@link AuthenticationProvider} that has an {@link Autowired} constructor which is
+ * necessary to recreate SEC-1885.
+ *
  * @author Rob Winch
  *
  */
@@ -41,4 +42,5 @@ public class TestAuthenticationProvider implements AuthenticationProvider {
 	public boolean supports(Class<?> authentication) {
 		throw new UnsupportedOperationException();
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/doc/Attribute.java b/config/src/test/java/org/springframework/security/config/doc/Attribute.java
index 85983a5b55..6ee71d6d6e 100644
--- a/config/src/test/java/org/springframework/security/config/doc/Attribute.java
+++ b/config/src/test/java/org/springframework/security/config/doc/Attribute.java
@@ -16,15 +16,16 @@
 package org.springframework.security.config.doc;
 
 /**
- * Represents a Spring Security XSD Attribute. It is created when parsing the current xsd to compare to the documented appendix.
+ * Represents a Spring Security XSD Attribute. It is created when parsing the current xsd
+ * to compare to the documented appendix.
  *
  * @author Rob Winch
  * @author Josh Cummings
- *
  * @see SpringSecurityXsdParser
  * @see XsdDocumentedTests
  */
 public class Attribute {
+
 	private String name;
 
 	private String desc;
@@ -63,4 +64,5 @@ public class Attribute {
 	public String getId() {
 		return String.format("%s-%s", this.elmt.getId(), this.name);
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/doc/Element.java b/config/src/test/java/org/springframework/security/config/doc/Element.java
index 368dd5d500..9505c2c30a 100644
--- a/config/src/test/java/org/springframework/security/config/doc/Element.java
+++ b/config/src/test/java/org/springframework/security/config/doc/Element.java
@@ -21,25 +21,30 @@ import java.util.HashMap;
 import java.util.Map;
 
 /**
- * Represents a Spring Security XSD Element. It is created when parsing
- * the current xsd to compare to the documented appendix.
+ * Represents a Spring Security XSD Element. It is created when parsing the current xsd to
+ * compare to the documented appendix.
  *
  * @author Rob Winch
  * @author Josh Cummings
- *
  * @see SpringSecurityXsdParser
  * @see XsdDocumentedTests
-*/
+ */
 public class Element {
+
 	private String name;
+
 	private String desc;
+
 	private Collection<Attribute> attrs = new ArrayList<>();
 
 	/**
-	 * Contains the elements that extend this element (i.e. any-user-service contains ldap-user-service)
+	 * Contains the elements that extend this element (i.e. any-user-service contains
+	 * ldap-user-service)
 	 */
 	private Collection<Element> subGrps = new ArrayList<>();
+
 	private Map<String, Element> childElmts = new HashMap<>();
+
 	private Map<String, Element> parentElmts = new HashMap<>();
 
 	public String getId() {
@@ -95,25 +100,28 @@ public class Element {
 	}
 
 	/**
-	 * Gets all the ids related to this Element including attributes, parent elements, and child elements.
+	 * Gets all the ids related to this Element including attributes, parent elements, and
+	 * child elements.
 	 *
 	 * <p>
 	 * The expected ids to be found are documented below.
 	 * <ul>
-	 * <li>Elements - any xml element will have the nsa-&lt;element&gt;. For example the http element will have the id
-	 * nsa-http</li>
-	 * <li>Parent Section - Any element with a parent other than beans will have a section named
-	 * nsa-&lt;element&gt;-parents. For example, authentication-provider would have a section id of
-	 * nsa-authentication-provider-parents. The section would then contain a list of links pointing to the
-	 * documentation for each parent element.</li>
-	 * <li>Attributes Section - Any element with attributes will have a section with the id
-	 * nsa-&lt;element&gt;-attributes. For example the http element would require a section with the id
-	 * http-attributes.</li>
-	 * <li>Attribute - Each attribute of an element would have an id of nsa-&lt;element&gt;-&lt;attributeName&gt;. For
-	 * example the attribute create-session for the http attribute would have the id http-create-session.</li>
-	 * <li>Child Section - Any element with a child element will have a section named nsa-&lt;element&gt;-children.
-	 * For example, authentication-provider would have a section id of nsa-authentication-provider-children. The
-	 * section would then contain a list of links pointing to the documentation for each child element.</li>
+	 * <li>Elements - any xml element will have the nsa-&lt;element&gt;. For example the
+	 * http element will have the id nsa-http</li>
+	 * <li>Parent Section - Any element with a parent other than beans will have a section
+	 * named nsa-&lt;element&gt;-parents. For example, authentication-provider would have
+	 * a section id of nsa-authentication-provider-parents. The section would then contain
+	 * a list of links pointing to the documentation for each parent element.</li>
+	 * <li>Attributes Section - Any element with attributes will have a section with the
+	 * id nsa-&lt;element&gt;-attributes. For example the http element would require a
+	 * section with the id http-attributes.</li>
+	 * <li>Attribute - Each attribute of an element would have an id of
+	 * nsa-&lt;element&gt;-&lt;attributeName&gt;. For example the attribute create-session
+	 * for the http attribute would have the id http-create-session.</li>
+	 * <li>Child Section - Any element with a child element will have a section named
+	 * nsa-&lt;element&gt;-children. For example, authentication-provider would have a
+	 * section id of nsa-authentication-provider-children. The section would then contain
+	 * a list of links pointing to the documentation for each child element.</li>
 	 * </ul>
 	 * @return
 	 */
@@ -121,20 +129,19 @@ public class Element {
 		Collection<String> ids = new ArrayList<>();
 		ids.add(getId());
 
-		this.childElmts.values()
-			.forEach(elmt -> ids.add(elmt.getId()));
+		this.childElmts.values().forEach(elmt -> ids.add(elmt.getId()));
 
 		this.attrs.forEach(attr -> ids.add(attr.getId()));
 
-		if ( !this.childElmts.isEmpty() ) {
+		if (!this.childElmts.isEmpty()) {
 			ids.add(getId() + "-children");
 		}
 
-		if ( !this.attrs.isEmpty() ) {
+		if (!this.attrs.isEmpty()) {
 			ids.add(getId() + "-attributes");
 		}
 
-		if ( !this.parentElmts.isEmpty() ) {
+		if (!this.parentElmts.isEmpty()) {
 			ids.add(getId() + "-parents");
 		}
 
@@ -144,10 +151,7 @@ public class Element {
 	public Map<String, Element> getAllChildElmts() {
 		Map<String, Element> result = new HashMap<>();
 
-		this.childElmts.values()
-			.forEach(elmt ->
-				elmt.subGrps.forEach(
-					subElmt -> result.put(subElmt.name, subElmt)));
+		this.childElmts.values().forEach(elmt -> elmt.subGrps.forEach(subElmt -> result.put(subElmt.name, subElmt)));
 
 		result.putAll(this.childElmts);
 
@@ -157,13 +161,11 @@ public class Element {
 	public Map<String, Element> getAllParentElmts() {
 		Map<String, Element> result = new HashMap<>();
 
-		this.parentElmts.values()
-			.forEach(elmt ->
-				elmt.subGrps.forEach(
-					subElmt -> result.put(subElmt.name, subElmt)));
+		this.parentElmts.values().forEach(elmt -> elmt.subGrps.forEach(subElmt -> result.put(subElmt.name, subElmt)));
 
 		result.putAll(this.parentElmts);
 
 		return result;
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/doc/SpringSecurityXsdParser.java b/config/src/test/java/org/springframework/security/config/doc/SpringSecurityXsdParser.java
index 12e1e6b8f3..c2b8d88445 100644
--- a/config/src/test/java/org/springframework/security/config/doc/SpringSecurityXsdParser.java
+++ b/config/src/test/java/org/springframework/security/config/doc/SpringSecurityXsdParser.java
@@ -27,9 +27,11 @@ import java.util.stream.Stream;
  * @author Josh Cummings
  */
 public class SpringSecurityXsdParser {
+
 	private XmlNode rootElement;
 
 	private Set<String> attrElmts = new LinkedHashSet<>();
+
 	private Map<String, Element> elementNameToElement = new HashMap<>();
 
 	public SpringSecurityXsdParser(XmlNode rootElement) {
@@ -38,7 +40,6 @@ public class SpringSecurityXsdParser {
 
 	/**
 	 * Returns a map of the element name to the {@link Element}.
-	 *
 	 * @return
 	 */
 	public Map<String, Element> parse() {
@@ -48,7 +49,6 @@ public class SpringSecurityXsdParser {
 
 	/**
 	 * Creates a Map of the name to an Element object of all the children of element.
-	 *
 	 * @param node
 	 * @return
 	 */
@@ -59,7 +59,8 @@ public class SpringSecurityXsdParser {
 			if ("element".equals(child.simpleName())) {
 				Element e = elmt(child);
 				elementNameToElement.put(e.getName(), e);
-			} else {
+			}
+			else {
 				elementNameToElement.putAll(elements(child));
 			}
 		});
@@ -69,7 +70,6 @@ public class SpringSecurityXsdParser {
 
 	/**
 	 * Any children that are attribute will be returned as an Attribute object.
-	 *
 	 * @param element
 	 * @return a collection of Attribute objects that are children of element.
 	 */
@@ -79,8 +79,10 @@ public class SpringSecurityXsdParser {
 			String name = c.simpleName();
 			if ("attribute".equals(name)) {
 				attrs.add(attr(c));
-			} else if ("element".equals(name)) {
-			} else {
+			}
+			else if ("element".equals(name)) {
+			}
+			else {
 				attrs.addAll(attrs(c));
 			}
 		});
@@ -89,8 +91,8 @@ public class SpringSecurityXsdParser {
 	}
 
 	/**
-	 * Any children will be searched for an attributeGroup, each of its children will be returned as an Attribute
-	 *
+	 * Any children will be searched for an attributeGroup, each of its children will be
+	 * returned as an Attribute
 	 * @param element
 	 * @return
 	 */
@@ -100,15 +102,18 @@ public class SpringSecurityXsdParser {
 		element.children().forEach(c -> {
 			if ("element".equals(c.simpleName())) {
 
-			} else if ("attributeGroup".equals(c.simpleName())) {
+			}
+			else if ("attributeGroup".equals(c.simpleName())) {
 				if (c.attribute("name") != null) {
 					attrgrp.addAll(attrgrp(c));
-				} else {
+				}
+				else {
 					String name = c.attribute("ref").split(":")[1];
 					XmlNode attrGrp = findNode(element, name);
 					attrgrp.addAll(attrgrp(attrGrp));
 				}
-			} else {
+			}
+			else {
 				attrgrp.addAll(attrgrps(c));
 			}
 		});
@@ -122,22 +127,20 @@ public class SpringSecurityXsdParser {
 			root = root.parent().get();
 		}
 
-		return expand(root)
-				.filter(node -> name.equals(node.attribute("name")))
-				.findFirst().orElseThrow(IllegalArgumentException::new);
+		return expand(root).filter(node -> name.equals(node.attribute("name"))).findFirst()
+				.orElseThrow(IllegalArgumentException::new);
 	}
 
 	private Stream<XmlNode> expand(XmlNode root) {
-		return Stream.concat(
-				Stream.of(root),
-				root.children().flatMap(this::expand));
+		return Stream.concat(Stream.of(root), root.children().flatMap(this::expand));
 	}
 
 	/**
-	 * Processes an individual attributeGroup by obtaining all the attributes and then looking for more attributeGroup elements and prcessing them.
-	 *
+	 * Processes an individual attributeGroup by obtaining all the attributes and then
+	 * looking for more attributeGroup elements and prcessing them.
 	 * @param e
-	 * @return all the attributes for a specific attributeGroup and any child attributeGroups
+	 * @return all the attributes for a specific attributeGroup and any child
+	 * attributeGroups
 	 */
 	private Collection<Attribute> attrgrp(XmlNode e) {
 		Collection<Attribute> attrs = attrs(e);
@@ -147,20 +150,16 @@ public class SpringSecurityXsdParser {
 
 	/**
 	 * Obtains the description for a specific element
-	 *
 	 * @param element
 	 * @return
 	 */
 	private String desc(XmlNode element) {
-		return element.child("annotation")
-				.flatMap(annotation -> annotation.child("documentation"))
-				.map(documentation -> documentation.text())
-				.orElse(null);
+		return element.child("annotation").flatMap(annotation -> annotation.child("documentation"))
+				.map(documentation -> documentation.text()).orElse(null);
 	}
 
 	/**
 	 * Given an element creates an attribute from it.
-	 *
 	 * @param n
 	 * @return
 	 */
@@ -169,8 +168,8 @@ public class SpringSecurityXsdParser {
 	}
 
 	/**
-	 * Given an element creates an Element out of it by collecting all its attributes and child elements.
-	 *
+	 * Given an element creates an Element out of it by collecting all its attributes and
+	 * child elements.
 	 * @param n
 	 * @return
 	 */
@@ -178,7 +177,8 @@ public class SpringSecurityXsdParser {
 		String name = n.attribute("ref");
 		if (StringUtils.isEmpty(name)) {
 			name = n.attribute("name");
-		} else {
+		}
+		else {
 			name = name.split(":")[1];
 			n = findNode(n, name);
 		}
@@ -195,8 +195,7 @@ public class SpringSecurityXsdParser {
 		e.setAttrs(attrs(n));
 		e.getAttrs().addAll(attrgrps(n));
 		e.getAttrs().forEach(attr -> attr.setElmt(e));
-		e.getChildElmts().values().forEach(element ->
-				element.getParentElmts().put(e.getName(), e));
+		e.getChildElmts().values().forEach(element -> element.getParentElmts().put(e.getName(), e));
 
 		String subGrpName = n.attribute("substitutionGroup");
 		if (!StringUtils.isEmpty(subGrpName)) {
@@ -208,4 +207,5 @@ public class SpringSecurityXsdParser {
 
 		return e;
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/doc/XmlNode.java b/config/src/test/java/org/springframework/security/config/doc/XmlNode.java
index 0de48463f4..fceb0e4a8b 100644
--- a/config/src/test/java/org/springframework/security/config/doc/XmlNode.java
+++ b/config/src/test/java/org/springframework/security/config/doc/XmlNode.java
@@ -26,6 +26,7 @@ import java.util.stream.Stream;
  * @author Josh Cummings
  */
 public class XmlNode {
+
 	private final Node node;
 
 	public XmlNode(Node node) {
@@ -34,7 +35,7 @@ public class XmlNode {
 
 	public String simpleName() {
 		String[] parts = this.node.getNodeName().split(":");
-		return parts[parts.length-1];
+		return parts[parts.length - 1];
 	}
 
 	public String text() {
@@ -44,30 +45,24 @@ public class XmlNode {
 	public Stream<XmlNode> children() {
 		NodeList children = this.node.getChildNodes();
 
-		return IntStream.range(0, children.getLength())
-				.mapToObj(children::item)
-				.map(XmlNode::new);
+		return IntStream.range(0, children.getLength()).mapToObj(children::item).map(XmlNode::new);
 	}
 
 	public Optional<XmlNode> child(String name) {
-		return this.children()
-				.filter(child -> name.equals(child.simpleName()))
-				.findFirst();
+		return this.children().filter(child -> name.equals(child.simpleName())).findFirst();
 	}
 
 	public Optional<XmlNode> parent() {
-		return Optional.ofNullable(this.node.getParentNode())
-				.map(parent -> new XmlNode(parent));
+		return Optional.ofNullable(this.node.getParentNode()).map(parent -> new XmlNode(parent));
 	}
 
 	public String attribute(String name) {
-		return Optional.ofNullable(this.node.getAttributes())
-				.map(attrs -> attrs.getNamedItem(name))
-				.map(attr -> attr.getTextContent())
-				.orElse(null);
+		return Optional.ofNullable(this.node.getAttributes()).map(attrs -> attrs.getNamedItem(name))
+				.map(attr -> attr.getTextContent()).orElse(null);
 	}
 
 	public Node node() {
 		return this.node;
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/doc/XmlParser.java b/config/src/test/java/org/springframework/security/config/doc/XmlParser.java
index ffda4846c0..39a93014cb 100644
--- a/config/src/test/java/org/springframework/security/config/doc/XmlParser.java
+++ b/config/src/test/java/org/springframework/security/config/doc/XmlParser.java
@@ -27,6 +27,7 @@ import java.io.InputStream;
  * @author Josh Cummings
  */
 public class XmlParser implements AutoCloseable {
+
 	private InputStream xml;
 
 	public XmlParser(InputStream xml) {
@@ -39,7 +40,8 @@ public class XmlParser implements AutoCloseable {
 			DocumentBuilder dBuilder = dbFactory.newDocumentBuilder();
 
 			return new XmlNode(dBuilder.parse(this.xml));
-		} catch ( IOException | ParserConfigurationException | SAXException e ) {
+		}
+		catch (IOException | ParserConfigurationException | SAXException e) {
 			throw new IllegalStateException(e);
 		}
 	}
@@ -48,4 +50,5 @@ public class XmlParser implements AutoCloseable {
 	public void close() throws IOException {
 		this.xml.close();
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/doc/XmlSupport.java b/config/src/test/java/org/springframework/security/config/doc/XmlSupport.java
index 3e18d00335..fdff20279c 100644
--- a/config/src/test/java/org/springframework/security/config/doc/XmlSupport.java
+++ b/config/src/test/java/org/springframework/security/config/doc/XmlSupport.java
@@ -26,6 +26,7 @@ import java.util.Map;
  * @author Josh Cummings
  */
 public class XmlSupport {
+
 	private XmlParser parser;
 
 	public XmlNode parse(String location) throws IOException {
@@ -41,8 +42,9 @@ public class XmlSupport {
 	}
 
 	public void close() throws IOException {
-		if ( this.parser != null ) {
+		if (this.parser != null) {
 			this.parser.close();
 		}
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/doc/XsdDocumentedTests.java b/config/src/test/java/org/springframework/security/config/doc/XsdDocumentedTests.java
index cd00c06896..6ac13756a0 100644
--- a/config/src/test/java/org/springframework/security/config/doc/XsdDocumentedTests.java
+++ b/config/src/test/java/org/springframework/security/config/doc/XsdDocumentedTests.java
@@ -45,23 +45,16 @@ import static org.assertj.core.api.Assertions.assertThat;
  */
 public class XsdDocumentedTests {
 
-	Collection<String> ignoredIds = Arrays.asList(
-		"nsa-any-user-service",
-		"nsa-any-user-service-parents",
-		"nsa-authentication",
-		"nsa-websocket-security",
-		"nsa-ldap",
-		"nsa-method-security",
-		"nsa-web",
-		// deprecated and for removal
-		"nsa-frame-options-strategy",
-		"nsa-frame-options-ref",
-		"nsa-frame-options-value",
-		"nsa-frame-options-from-parameter");
+	Collection<String> ignoredIds = Arrays.asList("nsa-any-user-service", "nsa-any-user-service-parents",
+			"nsa-authentication", "nsa-websocket-security", "nsa-ldap", "nsa-method-security", "nsa-web",
+			// deprecated and for removal
+			"nsa-frame-options-strategy", "nsa-frame-options-ref", "nsa-frame-options-value",
+			"nsa-frame-options-from-parameter");
 
 	String referenceLocation = "../docs/manual/src/docs/asciidoc/_includes/servlet/appendix/namespace.adoc";
 
 	String schema31xDocumentLocation = "org/springframework/security/config/spring-security-3.1.xsd";
+
 	String schemaDocumentLocation = "org/springframework/security/config/spring-security-5.4.xsd";
 
 	XmlSupport xml = new XmlSupport();
@@ -72,113 +65,73 @@ public class XsdDocumentedTests {
 	}
 
 	@Test
-	public void parseWhenLatestXsdThenAllNamedSecurityFiltersAreDefinedAndOrderedProperly()
-		throws IOException {
+	public void parseWhenLatestXsdThenAllNamedSecurityFiltersAreDefinedAndOrderedProperly() throws IOException {
 		XmlNode root = this.xml.parse(this.schemaDocumentLocation);
 
-		List<String> nodes =
-			root.child("schema")
-				.map(XmlNode::children)
-				.orElse(Stream.empty())
-				.filter(node ->
-					"simpleType".equals(node.simpleName()) &&
-					"named-security-filter".equals(node.attribute("name")))
-				.flatMap(XmlNode::children)
-				.flatMap(XmlNode::children)
-				.map(node -> node.attribute("value"))
-				.filter(StringUtils::isNotEmpty)
-				.collect(Collectors.toList());
+		List<String> nodes = root.child("schema").map(XmlNode::children).orElse(Stream.empty())
+				.filter(node -> "simpleType".equals(node.simpleName())
+						&& "named-security-filter".equals(node.attribute("name")))
+				.flatMap(XmlNode::children).flatMap(XmlNode::children).map(node -> node.attribute("value"))
+				.filter(StringUtils::isNotEmpty).collect(Collectors.toList());
 
 		SecurityFiltersAssertions.assertEquals(nodes);
 	}
 
 	@Test
-	public void parseWhen31XsdThenAllNamedSecurityFiltersAreDefinedAndOrderedProperly()
-		throws IOException {
+	public void parseWhen31XsdThenAllNamedSecurityFiltersAreDefinedAndOrderedProperly() throws IOException {
 
-		List<String> expected = Arrays.asList(
-			"FIRST",
-			"CHANNEL_FILTER",
-			"SECURITY_CONTEXT_FILTER",
-			"CONCURRENT_SESSION_FILTER",
-			"LOGOUT_FILTER",
-			"X509_FILTER",
-			"PRE_AUTH_FILTER",
-			"CAS_FILTER",
-			"FORM_LOGIN_FILTER",
-			"OPENID_FILTER",
-			"LOGIN_PAGE_FILTER",
-			"DIGEST_AUTH_FILTER",
-			"BASIC_AUTH_FILTER",
-			"REQUEST_CACHE_FILTER",
-			"SERVLET_API_SUPPORT_FILTER",
-			"JAAS_API_SUPPORT_FILTER",
-			"REMEMBER_ME_FILTER",
-			"ANONYMOUS_FILTER",
-			"SESSION_MANAGEMENT_FILTER",
-			"EXCEPTION_TRANSLATION_FILTER",
-			"FILTER_SECURITY_INTERCEPTOR",
-			"SWITCH_USER_FILTER",
-			"LAST"
-		);
+		List<String> expected = Arrays.asList("FIRST", "CHANNEL_FILTER", "SECURITY_CONTEXT_FILTER",
+				"CONCURRENT_SESSION_FILTER", "LOGOUT_FILTER", "X509_FILTER", "PRE_AUTH_FILTER", "CAS_FILTER",
+				"FORM_LOGIN_FILTER", "OPENID_FILTER", "LOGIN_PAGE_FILTER", "DIGEST_AUTH_FILTER", "BASIC_AUTH_FILTER",
+				"REQUEST_CACHE_FILTER", "SERVLET_API_SUPPORT_FILTER", "JAAS_API_SUPPORT_FILTER", "REMEMBER_ME_FILTER",
+				"ANONYMOUS_FILTER", "SESSION_MANAGEMENT_FILTER", "EXCEPTION_TRANSLATION_FILTER",
+				"FILTER_SECURITY_INTERCEPTOR", "SWITCH_USER_FILTER", "LAST");
 
 		XmlNode root = this.xml.parse(this.schema31xDocumentLocation);
 
-		List<String> nodes =
-			root.child("schema")
-				.map(XmlNode::children)
-				.orElse(Stream.empty())
-				.filter(node ->
-					"simpleType".equals(node.simpleName()) &&
-						"named-security-filter".equals(node.attribute("name")))
-				.flatMap(XmlNode::children)
-				.flatMap(XmlNode::children)
-				.map(node -> node.attribute("value"))
-				.filter(StringUtils::isNotEmpty)
-				.collect(Collectors.toList());
+		List<String> nodes = root.child("schema").map(XmlNode::children).orElse(Stream.empty())
+				.filter(node -> "simpleType".equals(node.simpleName())
+						&& "named-security-filter".equals(node.attribute("name")))
+				.flatMap(XmlNode::children).flatMap(XmlNode::children).map(node -> node.attribute("value"))
+				.filter(StringUtils::isNotEmpty).collect(Collectors.toList());
 
 		assertThat(nodes).isEqualTo(expected);
 	}
 
 	/**
-	 * This will check to ensure that the expected number of xsd documents are found to ensure that we are validating
-	 * against the current xsd document. If this test fails, all that is needed is to update the schemaDocument
-	 * and the expected size for this test.
+	 * This will check to ensure that the expected number of xsd documents are found to
+	 * ensure that we are validating against the current xsd document. If this test fails,
+	 * all that is needed is to update the schemaDocument and the expected size for this
+	 * test.
 	 * @return
 	 */
 	@Test
-	public void sizeWhenReadingFilesystemThenIsCorrectNumberOfSchemaFiles()
-		throws IOException {
+	public void sizeWhenReadingFilesystemThenIsCorrectNumberOfSchemaFiles() throws IOException {
 
 		ClassPathResource resource = new ClassPathResource(this.schemaDocumentLocation);
 
 		String[] schemas = resource.getFile().getParentFile().list((dir, name) -> name.endsWith(".xsd"));
 
 		assertThat(schemas.length).isEqualTo(16)
-			.withFailMessage("the count is equal to 16, if not then schemaDocument needs updating");
+				.withFailMessage("the count is equal to 16, if not then schemaDocument needs updating");
 	}
 
 	/**
-	 * This uses a naming convention for the ids of the appendix to ensure that the entire appendix is documented.
-	 * The naming convention for the ids is documented in {@link Element#getIds()}.
+	 * This uses a naming convention for the ids of the appendix to ensure that the entire
+	 * appendix is documented. The naming convention for the ids is documented in
+	 * {@link Element#getIds()}.
 	 * @return
 	 */
 	@Test
-	public void countReferencesWhenReviewingDocumentationThenEntireSchemaIsIncluded()
-		throws IOException {
+	public void countReferencesWhenReviewingDocumentationThenEntireSchemaIsIncluded() throws IOException {
 
-		Map<String, Element> elementsByElementName =
-			this.xml.elementsByElementName(this.schemaDocumentLocation);
+		Map<String, Element> elementsByElementName = this.xml.elementsByElementName(this.schemaDocumentLocation);
 
-		List<String> documentIds =
-			Files.lines(Paths.get(this.referenceLocation))
-				.filter(line -> line.matches("\\[\\[(nsa-.*)\\]\\]"))
-				.map(line -> line.substring(2, line.length() - 2))
+		List<String> documentIds = Files.lines(Paths.get(this.referenceLocation))
+				.filter(line -> line.matches("\\[\\[(nsa-.*)\\]\\]")).map(line -> line.substring(2, line.length() - 2))
 				.collect(Collectors.toList());
 
-		Set<String> expectedIds =
-			elementsByElementName.values().stream()
-				.flatMap(element -> element.getIds().stream())
+		Set<String> expectedIds = elementsByElementName.values().stream().flatMap(element -> element.getIds().stream())
 				.collect(Collectors.toSet());
 
 		documentIds.removeAll(this.ignoredIds);
@@ -189,13 +142,12 @@ public class XsdDocumentedTests {
 	}
 
 	/**
-	 * This test ensures that any element that has children or parents contains a section that has links pointing to that
-	 * documentation.
+	 * This test ensures that any element that has children or parents contains a section
+	 * that has links pointing to that documentation.
 	 * @return
 	 */
 	@Test
-	public void countLinksWhenReviewingDocumentationThenParentsAndChildrenAreCorrectlyLinked()
-		throws IOException {
+	public void countLinksWhenReviewingDocumentationThenParentsAndChildrenAreCorrectlyLinked() throws IOException {
 
 		Map<String, List<String>> docAttrNameToChildren = new HashMap<>();
 		Map<String, List<String>> docAttrNameToParents = new HashMap<>();
@@ -204,17 +156,19 @@ public class XsdDocumentedTests {
 		Map<String, List<String>> currentDocAttrNameToElmt = null;
 
 		List<String> lines = Files.readAllLines(Paths.get(this.referenceLocation));
-		for ( String line : lines ) {
+		for (String line : lines) {
 			if (line.matches("^\\[\\[.*\\]\\]$")) {
 				String id = line.substring(2, line.length() - 2);
 
 				if (id.endsWith("-children")) {
 					docAttrName = id.substring(0, id.length() - 9);
 					currentDocAttrNameToElmt = docAttrNameToChildren;
-				} else if (id.endsWith("-parents")) {
+				}
+				else if (id.endsWith("-parents")) {
 					docAttrName = id.substring(0, id.length() - 8);
 					currentDocAttrNameToElmt = docAttrNameToParents;
-				} else if (docAttrName != null && !id.startsWith(docAttrName)) {
+				}
+				else if (docAttrName != null && !id.startsWith(docAttrName)) {
 					currentDocAttrNameToElmt = null;
 					docAttrName = null;
 				}
@@ -224,9 +178,7 @@ public class XsdDocumentedTests {
 				String expression = "^\\* <<(nsa-.*),.*>>$";
 				if (line.matches(expression)) {
 					String elmtId = line.replaceAll(expression, "$1");
-					currentDocAttrNameToElmt
-							.computeIfAbsent(docAttrName, key -> new ArrayList<>())
-							.add(elmtId);
+					currentDocAttrNameToElmt.computeIfAbsent(docAttrName, key -> new ArrayList<>()).add(elmtId);
 				}
 			}
 		}
@@ -236,70 +188,50 @@ public class XsdDocumentedTests {
 		Map<String, List<String>> schemaAttrNameToChildren = new HashMap<>();
 		Map<String, List<String>> schemaAttrNameToParents = new HashMap<>();
 
-		elementNameToElement.entrySet().stream()
-			.forEach(entry -> {
-				String key = "nsa-" + entry.getKey();
-				if (this.ignoredIds.contains(key) ) {
-					return;
-				}
+		elementNameToElement.entrySet().stream().forEach(entry -> {
+			String key = "nsa-" + entry.getKey();
+			if (this.ignoredIds.contains(key)) {
+				return;
+			}
 
-				List<String> parentIds =
-					entry.getValue().getAllParentElmts().values().stream()
-							.filter(element -> !this.ignoredIds.contains(element.getId()))
-							.map(element -> element.getId())
-							.sorted()
-							.collect(Collectors.toList());
-				if ( !parentIds.isEmpty() ) {
-					schemaAttrNameToParents.put(key, parentIds);
-				}
+			List<String> parentIds = entry.getValue().getAllParentElmts().values().stream()
+					.filter(element -> !this.ignoredIds.contains(element.getId())).map(element -> element.getId())
+					.sorted().collect(Collectors.toList());
+			if (!parentIds.isEmpty()) {
+				schemaAttrNameToParents.put(key, parentIds);
+			}
 
-				List<String> childIds =
-					entry.getValue().getAllChildElmts().values().stream()
-							.filter(element -> !this.ignoredIds.contains(element.getId()))
-							.map(element -> element.getId())
-							.sorted()
-							.collect(Collectors.toList());
-				if ( !childIds.isEmpty() ) {
-					schemaAttrNameToChildren.put(key, childIds);
-				}
-			});
+			List<String> childIds = entry.getValue().getAllChildElmts().values().stream()
+					.filter(element -> !this.ignoredIds.contains(element.getId())).map(element -> element.getId())
+					.sorted().collect(Collectors.toList());
+			if (!childIds.isEmpty()) {
+				schemaAttrNameToChildren.put(key, childIds);
+			}
+		});
 
 		assertThat(docAttrNameToChildren).isEqualTo(schemaAttrNameToChildren);
 		assertThat(docAttrNameToParents).isEqualTo(schemaAttrNameToParents);
 	}
 
-
 	/**
 	 * This test checks each xsd element and ensures there is documentation for it.
 	 * @return
 	 */
 	@Test
-	public void countWhenReviewingDocumentationThenAllElementsDocumented()
-		throws IOException {
+	public void countWhenReviewingDocumentationThenAllElementsDocumented() throws IOException {
 
-		Map<String, Element> elementNameToElement =
-				this.xml.elementsByElementName(this.schemaDocumentLocation);
+		Map<String, Element> elementNameToElement = this.xml.elementsByElementName(this.schemaDocumentLocation);
 
-		String notDocElmtIds =
-				elementNameToElement.values().stream()
-						.filter(element ->
-								StringUtils.isEmpty(element.getDesc()) &&
-								!this.ignoredIds.contains(element.getId()))
-						.map(element -> element.getId())
-						.sorted()
-						.collect(Collectors.joining("\n"));
+		String notDocElmtIds = elementNameToElement.values().stream()
+				.filter(element -> StringUtils.isEmpty(element.getDesc()) && !this.ignoredIds.contains(element.getId()))
+				.map(element -> element.getId()).sorted().collect(Collectors.joining("\n"));
 
-		String notDocAttrIds =
-				elementNameToElement.values().stream()
-						.flatMap(element -> element.getAttrs().stream())
-						.filter(element ->
-								StringUtils.isEmpty(element.getDesc()) &&
-										!this.ignoredIds.contains(element.getId()))
-						.map(element -> element.getId())
-						.sorted()
-						.collect(Collectors.joining("\n"));
+		String notDocAttrIds = elementNameToElement.values().stream().flatMap(element -> element.getAttrs().stream())
+				.filter(element -> StringUtils.isEmpty(element.getDesc()) && !this.ignoredIds.contains(element.getId()))
+				.map(element -> element.getId()).sorted().collect(Collectors.joining("\n"));
 
 		assertThat(notDocElmtIds).isEmpty();
 		assertThat(notDocAttrIds).isEmpty();
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/http/AccessDeniedConfigTests.java b/config/src/test/java/org/springframework/security/config/http/AccessDeniedConfigTests.java
index 2762628079..0ee76380c5 100644
--- a/config/src/test/java/org/springframework/security/config/http/AccessDeniedConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/AccessDeniedConfigTests.java
@@ -39,15 +39,14 @@ import static org.springframework.test.web.servlet.request.MockMvcRequestBuilder
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
 
 /**
- *
  * @author Luke Taylor
  * @author Josh Cummings
  */
 @RunWith(SpringJUnit4ClassRunner.class)
 @SecurityTestExecutionListeners
 public class AccessDeniedConfigTests {
-	private static final String CONFIG_LOCATION_PREFIX =
-			"classpath:org/springframework/security/config/http/AccessDeniedConfigTests";
+
+	private static final String CONFIG_LOCATION_PREFIX = "classpath:org/springframework/security/config/http/AccessDeniedConfigTests";
 
 	@Autowired
 	MockMvc mvc;
@@ -59,28 +58,24 @@ public class AccessDeniedConfigTests {
 	public void configureWhenAccessDeniedHandlerIsMissingLeadingSlashThenException() {
 		SpringTestContext context = this.spring.configLocations(this.xml("NoLeadingSlash"));
 
-		assertThatThrownBy(() -> context.autowire())
-				.isInstanceOf(BeanCreationException.class)
+		assertThatThrownBy(() -> context.autowire()).isInstanceOf(BeanCreationException.class)
 				.hasMessageContaining("errorPage must begin with '/'");
 	}
 
 	@Test
 	@WithMockUser
-	public void configureWhenAccessDeniedHandlerRefThenAutowire()
-		throws Exception {
+	public void configureWhenAccessDeniedHandlerRefThenAutowire() throws Exception {
 
 		this.spring.configLocations(this.xml("AccessDeniedHandler")).autowire();
 
-		this.mvc.perform(get("/"))
-				.andExpect(status().is(HttpStatus.GONE_410));
+		this.mvc.perform(get("/")).andExpect(status().is(HttpStatus.GONE_410));
 	}
 
 	@Test
 	public void configureWhenAccessDeniedHandlerUsesPathAndRefThenException() {
 		SpringTestContext context = this.spring.configLocations(this.xml("UsesPathAndRef"));
 
-		assertThatThrownBy(() -> context.autowire())
-				.isInstanceOf(BeanDefinitionParsingException.class)
+		assertThatThrownBy(() -> context.autowire()).isInstanceOf(BeanDefinitionParsingException.class)
 				.hasMessageContaining("attribute error-page cannot be used together with the 'ref' attribute");
 	}
 
@@ -91,11 +86,12 @@ public class AccessDeniedConfigTests {
 	public static class GoneAccessDeniedHandler implements AccessDeniedHandler {
 
 		@Override
-		public void handle(HttpServletRequest request,
-							HttpServletResponse response,
-							AccessDeniedException accessDeniedException) {
+		public void handle(HttpServletRequest request, HttpServletResponse response,
+				AccessDeniedException accessDeniedException) {
 
 			response.setStatus(HttpStatus.GONE_410);
 		}
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/http/CsrfBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/http/CsrfBeanDefinitionParserTests.java
index 145547c52a..f9b8650588 100644
--- a/config/src/test/java/org/springframework/security/config/http/CsrfBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/CsrfBeanDefinitionParserTests.java
@@ -23,8 +23,8 @@ import org.springframework.context.support.ClassPathXmlApplicationContext;
  * @author Ankur Pathak
  */
 public class CsrfBeanDefinitionParserTests {
-	private static final String CONFIG_LOCATION_PREFIX =
-			"classpath:org/springframework/security/config/http/CsrfBeanDefinitionParserTests";
+
+	private static final String CONFIG_LOCATION_PREFIX = "classpath:org/springframework/security/config/http/CsrfBeanDefinitionParserTests";
 
 	@Test
 	public void registerDataValueProcessorOnlyIfNotRegistered() {
@@ -38,4 +38,5 @@ public class CsrfBeanDefinitionParserTests {
 	private String xml(String configName) {
 		return CONFIG_LOCATION_PREFIX + "-" + configName + ".xml";
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/http/CsrfConfigTests.java b/config/src/test/java/org/springframework/security/config/http/CsrfConfigTests.java
index fa4b41b400..2621e832ee 100644
--- a/config/src/test/java/org/springframework/security/config/http/CsrfConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/CsrfConfigTests.java
@@ -77,15 +77,14 @@ import static org.springframework.web.bind.annotation.RequestMethod.PUT;
 import static org.springframework.web.bind.annotation.RequestMethod.TRACE;
 
 /**
- *
  * @author Rob Winch
  * @author Josh Cummings
  */
 @RunWith(SpringJUnit4ClassRunner.class)
 @SecurityTestExecutionListeners
 public class CsrfConfigTests {
-	private static final String CONFIG_LOCATION_PREFIX =
-			"classpath:org/springframework/security/config/http/CsrfConfigTests";
+
+	private static final String CONFIG_LOCATION_PREFIX = "classpath:org/springframework/security/config/http/CsrfConfigTests";
 
 	@Rule
 	public final SpringTestRule spring = new SpringTestRule();
@@ -95,272 +94,183 @@ public class CsrfConfigTests {
 
 	@Test
 	public void postWhenDefaultConfigurationThenForbiddenSinceCsrfIsEnabled() throws Exception {
-		this.spring.configLocations(
-				this.xml("AutoConfig")
-			).autowire();
+		this.spring.configLocations(this.xml("AutoConfig")).autowire();
 
-		this.mvc.perform(post("/csrf"))
-				.andExpect(status().isForbidden())
-				.andExpect(csrfCreated());
+		this.mvc.perform(post("/csrf")).andExpect(status().isForbidden()).andExpect(csrfCreated());
 	}
 
 	@Test
 	public void putWhenDefaultConfigurationThenForbiddenSinceCsrfIsEnabled() throws Exception {
-		this.spring.configLocations(
-				this.xml("AutoConfig")
-			).autowire();
+		this.spring.configLocations(this.xml("AutoConfig")).autowire();
 
-		this.mvc.perform(put("/csrf"))
-				.andExpect(status().isForbidden())
-				.andExpect(csrfCreated());
+		this.mvc.perform(put("/csrf")).andExpect(status().isForbidden()).andExpect(csrfCreated());
 	}
 
 	@Test
 	public void patchWhenDefaultConfigurationThenForbiddenSinceCsrfIsEnabled() throws Exception {
-		this.spring.configLocations(
-				this.xml("AutoConfig")
-			).autowire();
+		this.spring.configLocations(this.xml("AutoConfig")).autowire();
 
-		this.mvc.perform(patch("/csrf"))
-				.andExpect(status().isForbidden())
-				.andExpect(csrfCreated());
+		this.mvc.perform(patch("/csrf")).andExpect(status().isForbidden()).andExpect(csrfCreated());
 	}
 
 	@Test
 	public void deleteWhenDefaultConfigurationThenForbiddenSinceCsrfIsEnabled() throws Exception {
-		this.spring.configLocations(
-				this.xml("AutoConfig")
-			).autowire();
+		this.spring.configLocations(this.xml("AutoConfig")).autowire();
 
-		this.mvc.perform(delete("/csrf"))
-				.andExpect(status().isForbidden())
-				.andExpect(csrfCreated());
+		this.mvc.perform(delete("/csrf")).andExpect(status().isForbidden()).andExpect(csrfCreated());
 	}
 
 	@Test
 	public void invalidWhenDefaultConfigurationThenForbiddenSinceCsrfIsEnabled() throws Exception {
-		this.spring.configLocations(
-				this.xml("AutoConfig")
-			).autowire();
+		this.spring.configLocations(this.xml("AutoConfig")).autowire();
 
-		this.mvc.perform(request("INVALID", new URI("/csrf")))
-				.andExpect(status().isForbidden())
+		this.mvc.perform(request("INVALID", new URI("/csrf"))).andExpect(status().isForbidden())
 				.andExpect(csrfCreated());
 	}
 
 	@Test
 	public void getWhenDefaultConfigurationThenCsrfIsEnabled() throws Exception {
-		this.spring.configLocations(
-				this.xml("shared-controllers"),
-				this.xml("AutoConfig")
-			).autowire();
+		this.spring.configLocations(this.xml("shared-controllers"), this.xml("AutoConfig")).autowire();
 
-		this.mvc.perform(get("/csrf"))
-				.andExpect(csrfInBody());
+		this.mvc.perform(get("/csrf")).andExpect(csrfInBody());
 	}
 
-
 	@Test
 	public void headWhenDefaultConfigurationThenCsrfIsEnabled() throws Exception {
-		this.spring.configLocations(
-				this.xml("shared-controllers"),
-				this.xml("AutoConfig")
-			).autowire();
+		this.spring.configLocations(this.xml("shared-controllers"), this.xml("AutoConfig")).autowire();
 
-		this.mvc.perform(head("/csrf-in-header"))
-				.andExpect(csrfInHeader());
+		this.mvc.perform(head("/csrf-in-header")).andExpect(csrfInHeader());
 	}
 
 	@Test
 	public void traceWhenDefaultConfigurationThenCsrfIsEnabled() throws Exception {
-		this.spring.configLocations(
-				this.xml("shared-controllers"),
-				this.xml("AutoConfig")
-			).autowire();
+		this.spring.configLocations(this.xml("shared-controllers"), this.xml("AutoConfig")).autowire();
 
-		MockMvc traceEnabled = MockMvcBuilders
-				.webAppContextSetup((WebApplicationContext) this.spring.getContext())
+		MockMvc traceEnabled = MockMvcBuilders.webAppContextSetup((WebApplicationContext) this.spring.getContext())
 				.apply(springSecurity())
 				.addDispatcherServletCustomizer(dispatcherServlet -> dispatcherServlet.setDispatchTraceRequest(true))
 				.build();
 
-		traceEnabled.perform(request(HttpMethod.TRACE, "/csrf-in-header"))
-				.andExpect(csrfInHeader());
+		traceEnabled.perform(request(HttpMethod.TRACE, "/csrf-in-header")).andExpect(csrfInHeader());
 	}
 
 	@Test
 	public void optionsWhenDefaultConfigurationThenCsrfIsEnabled() throws Exception {
-		this.spring.configLocations(
-				this.xml("shared-controllers"),
-				this.xml("AutoConfig")
-			).autowire();
+		this.spring.configLocations(this.xml("shared-controllers"), this.xml("AutoConfig")).autowire();
 
-		this.mvc.perform(options("/csrf-in-header"))
-				.andExpect(csrfInHeader());
+		this.mvc.perform(options("/csrf-in-header")).andExpect(csrfInHeader());
 	}
 
 	@Test
 	public void postWhenCsrfDisabledThenRequestAllowed() throws Exception {
-		this.spring.configLocations(
-				this.xml("shared-controllers"),
-				this.xml("CsrfDisabled")
-			).autowire();
+		this.spring.configLocations(this.xml("shared-controllers"), this.xml("CsrfDisabled")).autowire();
 
-		this.mvc.perform(post("/ok"))
-				.andExpect(status().isOk());
+		this.mvc.perform(post("/ok")).andExpect(status().isOk());
 
 		assertThat(getFilter(this.spring, CsrfFilter.class)).isNull();
 	}
 
 	@Test
 	public void postWhenCsrfElementEnabledThenForbidden() throws Exception {
-		this.spring.configLocations(
-				this.xml("CsrfEnabled")
-			).autowire();
+		this.spring.configLocations(this.xml("CsrfEnabled")).autowire();
 
-		this.mvc.perform(post("/csrf"))
-				.andExpect(status().isForbidden())
-				.andExpect(csrfCreated());
+		this.mvc.perform(post("/csrf")).andExpect(status().isForbidden()).andExpect(csrfCreated());
 	}
 
 	@Test
 	public void putWhenCsrfElementEnabledThenForbidden() throws Exception {
-		this.spring.configLocations(
-				this.xml("CsrfEnabled")
-			).autowire();
+		this.spring.configLocations(this.xml("CsrfEnabled")).autowire();
 
-		this.mvc.perform(put("/csrf"))
-				.andExpect(status().isForbidden())
-				.andExpect(csrfCreated());
+		this.mvc.perform(put("/csrf")).andExpect(status().isForbidden()).andExpect(csrfCreated());
 	}
 
 	@Test
 	public void patchWhenCsrfElementEnabledThenForbidden() throws Exception {
-		this.spring.configLocations(
-				this.xml("CsrfEnabled")
-			).autowire();
+		this.spring.configLocations(this.xml("CsrfEnabled")).autowire();
 
-		this.mvc.perform(patch("/csrf"))
-				.andExpect(status().isForbidden())
-				.andExpect(csrfCreated());
+		this.mvc.perform(patch("/csrf")).andExpect(status().isForbidden()).andExpect(csrfCreated());
 	}
 
 	@Test
 	public void deleteWhenCsrfElementEnabledThenForbidden() throws Exception {
-		this.spring.configLocations(
-				this.xml("CsrfEnabled")
-			).autowire();
+		this.spring.configLocations(this.xml("CsrfEnabled")).autowire();
 
-		this.mvc.perform(delete("/csrf"))
-				.andExpect(status().isForbidden())
-				.andExpect(csrfCreated());
+		this.mvc.perform(delete("/csrf")).andExpect(status().isForbidden()).andExpect(csrfCreated());
 	}
 
 	@Test
 	public void invalidWhenCsrfElementEnabledThenForbidden() throws Exception {
-		this.spring.configLocations(
-				this.xml("CsrfEnabled")
-			).autowire();
+		this.spring.configLocations(this.xml("CsrfEnabled")).autowire();
 
-		this.mvc.perform(request("INVALID", new URI("/csrf")))
-				.andExpect(status().isForbidden())
+		this.mvc.perform(request("INVALID", new URI("/csrf"))).andExpect(status().isForbidden())
 				.andExpect(csrfCreated());
 	}
 
 	@Test
 	public void getWhenCsrfElementEnabledThenOk() throws Exception {
-		this.spring.configLocations(
-				this.xml("shared-controllers"),
-				this.xml("CsrfEnabled")
-			).autowire();
+		this.spring.configLocations(this.xml("shared-controllers"), this.xml("CsrfEnabled")).autowire();
 
-		this.mvc.perform(get("/csrf"))
-				.andExpect(csrfInBody());
+		this.mvc.perform(get("/csrf")).andExpect(csrfInBody());
 	}
 
 	@Test
 	public void headWhenCsrfElementEnabledThenOk() throws Exception {
-		this.spring.configLocations(
-				this.xml("shared-controllers"),
-				this.xml("CsrfEnabled")
-			).autowire();
+		this.spring.configLocations(this.xml("shared-controllers"), this.xml("CsrfEnabled")).autowire();
 
-		this.mvc.perform(head("/csrf-in-header"))
-				.andExpect(csrfInHeader());
+		this.mvc.perform(head("/csrf-in-header")).andExpect(csrfInHeader());
 	}
 
 	@Test
 	public void traceWhenCsrfElementEnabledThenOk() throws Exception {
-		this.spring.configLocations(
-				this.xml("shared-controllers"),
-				this.xml("CsrfEnabled")
-			).autowire();
+		this.spring.configLocations(this.xml("shared-controllers"), this.xml("CsrfEnabled")).autowire();
 
-		MockMvc traceEnabled = MockMvcBuilders
-				.webAppContextSetup((WebApplicationContext) this.spring.getContext())
+		MockMvc traceEnabled = MockMvcBuilders.webAppContextSetup((WebApplicationContext) this.spring.getContext())
 				.apply(springSecurity())
 				.addDispatcherServletCustomizer(dispatcherServlet -> dispatcherServlet.setDispatchTraceRequest(true))
 				.build();
 
-		traceEnabled.perform(request(HttpMethod.TRACE, "/csrf-in-header"))
-				.andExpect(csrfInHeader());
+		traceEnabled.perform(request(HttpMethod.TRACE, "/csrf-in-header")).andExpect(csrfInHeader());
 	}
 
 	@Test
 	public void optionsWhenCsrfElementEnabledThenOk() throws Exception {
-		this.spring.configLocations(
-				this.xml("shared-controllers"),
-				this.xml("CsrfEnabled")
-			).autowire();
+		this.spring.configLocations(this.xml("shared-controllers"), this.xml("CsrfEnabled")).autowire();
 
-		this.mvc.perform(options("/csrf-in-header"))
-				.andExpect(csrfInHeader());
+		this.mvc.perform(options("/csrf-in-header")).andExpect(csrfInHeader());
 	}
 
 	@Test
 	public void autowireWhenCsrfElementEnabledThenCreatesCsrfRequestDataValueProcessor() {
-		this.spring.configLocations(
-				this.xml("CsrfEnabled")
-			).autowire();
+		this.spring.configLocations(this.xml("CsrfEnabled")).autowire();
 
 		assertThat(this.spring.getContext().getBean(RequestDataValueProcessor.class)).isNotNull();
 	}
 
 	@Test
-	public void postWhenUsingCsrfAndCustomAccessDeniedHandlerThenTheHandlerIsAppropriatelyEngaged()
-		throws Exception {
+	public void postWhenUsingCsrfAndCustomAccessDeniedHandlerThenTheHandlerIsAppropriatelyEngaged() throws Exception {
 
-		this.spring.configLocations(
-				this.xml("WithAccessDeniedHandler"),
-				this.xml("shared-access-denied-handler")
-			).autowire();
+		this.spring.configLocations(this.xml("WithAccessDeniedHandler"), this.xml("shared-access-denied-handler"))
+				.autowire();
 
-		this.mvc.perform(post("/ok"))
-				.andExpect(status().isIAmATeapot());
+		this.mvc.perform(post("/ok")).andExpect(status().isIAmATeapot());
 	}
 
 	@Test
 	public void postWhenHasCsrfTokenButSessionExpiresThenRequestIsCancelledAfterSuccessfulAuthentication()
-		throws Exception {
+			throws Exception {
 
-		this.spring.configLocations(
-				this.xml("CsrfEnabled")
-			).autowire();
+		this.spring.configLocations(this.xml("CsrfEnabled")).autowire();
 
 		// simulates a request that has no authentication (e.g. session time-out)
-		MvcResult result = this.mvc.perform(post("/authenticated")
-												.with(csrf()))
-								.andExpect(redirectedUrl("http://localhost/login"))
-								.andReturn();
+		MvcResult result = this.mvc.perform(post("/authenticated").with(csrf()))
+				.andExpect(redirectedUrl("http://localhost/login")).andReturn();
 
 		MockHttpSession session = (MockHttpSession) result.getRequest().getSession();
 
-		// if the request cache is consulted, then it will redirect back to /some-url, which we don't want
-		this.mvc.perform(post("/login")
-							.param("username", "user")
-							.param("password", "password")
-							.session(session)
-							.with(csrf()))
+		// if the request cache is consulted, then it will redirect back to /some-url,
+		// which we don't want
+		this.mvc.perform(
+				post("/login").param("username", "user").param("password", "password").session(session).with(csrf()))
 				.andExpect(redirectedUrl("/"));
 	}
 
@@ -368,24 +278,18 @@ public class CsrfConfigTests {
 	public void getWhenHasCsrfTokenButSessionExpiresThenRequestIsRememeberedAfterSuccessfulAuthentication()
 			throws Exception {
 
-		this.spring.configLocations(
-				this.xml("CsrfEnabled")
-			).autowire();
+		this.spring.configLocations(this.xml("CsrfEnabled")).autowire();
 
 		// simulates a request that has no authentication (e.g. session time-out)
-		MvcResult result =
-				this.mvc.perform(get("/authenticated"))
-						.andExpect(redirectedUrl("http://localhost/login"))
-						.andReturn();
+		MvcResult result = this.mvc.perform(get("/authenticated")).andExpect(redirectedUrl("http://localhost/login"))
+				.andReturn();
 
 		MockHttpSession session = (MockHttpSession) result.getRequest().getSession();
 
-		// if the request cache is consulted, then it will redirect back to /some-url, which we do want
-		this.mvc.perform(post("/login")
-							.param("username", "user")
-							.param("password", "password")
-							.session(session)
-							.with(csrf()))
+		// if the request cache is consulted, then it will redirect back to /some-url,
+		// which we do want
+		this.mvc.perform(
+				post("/login").param("username", "user").param("password", "password").session(session).with(csrf()))
 				.andExpect(redirectedUrl("http://localhost/authenticated"));
 	}
 
@@ -394,33 +298,23 @@ public class CsrfConfigTests {
 	 */
 	@Test
 	public void postWhenUsingCsrfAndCustomSessionManagementAndNoSessionThenStillRedirectsToInvalidSessionUrl()
-		throws Exception {
+			throws Exception {
 
-		this.spring.configLocations(
-				this.xml("WithSessionManagement")
-			).autowire();
+		this.spring.configLocations(this.xml("WithSessionManagement")).autowire();
 
 		MvcResult result = this.mvc.perform(post("/ok").param("_csrf", "abc"))
-								.andExpect(redirectedUrl("/error/sessionError"))
-								.andReturn();
+				.andExpect(redirectedUrl("/error/sessionError")).andReturn();
 
 		MockHttpSession session = (MockHttpSession) result.getRequest().getSession();
 
-		this.mvc.perform(post("/csrf")
-							.session(session))
-					.andExpect(status().isForbidden());
+		this.mvc.perform(post("/csrf").session(session)).andExpect(status().isForbidden());
 	}
 
 	@Test
-	public void requestWhenUsingCustomRequestMatcherConfiguredThenAppliesAccordingly()
-		throws Exception {
+	public void requestWhenUsingCustomRequestMatcherConfiguredThenAppliesAccordingly() throws Exception {
 
-		SpringTestContext context =
-				this.spring.configLocations(
-						this.xml("shared-controllers"),
-						this.xml("WithRequestMatcher"),
-						this.xml("mock-request-matcher")
-				);
+		SpringTestContext context = this.spring.configLocations(this.xml("shared-controllers"),
+				this.xml("WithRequestMatcher"), this.xml("mock-request-matcher"));
 
 		context.autowire();
 
@@ -435,84 +329,56 @@ public class CsrfConfigTests {
 	}
 
 	@Test
-	public void getWhenDefaultConfigurationThenSessionNotImmediatelyCreated()
-		throws Exception {
+	public void getWhenDefaultConfigurationThenSessionNotImmediatelyCreated() throws Exception {
 
-		this.spring.configLocations(
-				this.xml("shared-controllers"),
-				this.xml("AutoConfig")
-			).autowire();
+		this.spring.configLocations(this.xml("shared-controllers"), this.xml("AutoConfig")).autowire();
 
-		MvcResult result = this.mvc.perform(get("/ok"))
-								.andExpect(status().isOk())
-								.andReturn();
+		MvcResult result = this.mvc.perform(get("/ok")).andExpect(status().isOk()).andReturn();
 
 		assertThat(result.getRequest().getSession(false)).isNull();
 	}
 
 	@Test
 	@WithMockUser
-	public void postWhenCsrfMismatchesThenForbidden()
-		throws Exception {
+	public void postWhenCsrfMismatchesThenForbidden() throws Exception {
 
-		this.spring.configLocations(
-				this.xml("shared-controllers"),
-				this.xml("AutoConfig")
-			).autowire();
+		this.spring.configLocations(this.xml("shared-controllers"), this.xml("AutoConfig")).autowire();
 
 		MvcResult result = this.mvc.perform(get("/ok")).andReturn();
 
 		MockHttpSession session = (MockHttpSession) result.getRequest().getSession();
 
-		this.mvc.perform(post("/ok")
-							.session(session)
-							.with(csrf().useInvalidToken()))
-				.andExpect(status().isForbidden());
+		this.mvc.perform(post("/ok").session(session).with(csrf().useInvalidToken())).andExpect(status().isForbidden());
 	}
 
 	@Test
-	public void loginWhenDefaultConfigurationThenCsrfCleared()
-			throws Exception {
+	public void loginWhenDefaultConfigurationThenCsrfCleared() throws Exception {
 
-		this.spring.configLocations(
-				this.xml("shared-controllers"),
-				this.xml("AutoConfig")
-			).autowire();
+		this.spring.configLocations(this.xml("shared-controllers"), this.xml("AutoConfig")).autowire();
 
 		MvcResult result = this.mvc.perform(get("/csrf")).andReturn();
 
 		MockHttpSession session = (MockHttpSession) result.getRequest().getSession();
 
-		this.mvc.perform(post("/login")
-							.param("username", "user")
-							.param("password", "password")
-							.session(session)
-							.with(csrf()))
-			.andExpect(status().isFound());
-
-		this.mvc.perform(get("/csrf").session(session))
-				.andExpect(csrfChanged(result));
-	}
-
-	@Test
-	public void logoutWhenDefaultConfigurationThenCsrfCleared()
-		throws Exception {
-
-		this.spring.configLocations(
-				this.xml("shared-controllers"),
-				this.xml("AutoConfig")
-			).autowire();
-
-		MvcResult result = this.mvc.perform(get("/csrf")).andReturn();
-
-		MockHttpSession session = (MockHttpSession) result.getRequest().getSession();
-
-		this.mvc.perform(post("/logout").session(session)
-							.with(csrf()))
+		this.mvc.perform(
+				post("/login").param("username", "user").param("password", "password").session(session).with(csrf()))
 				.andExpect(status().isFound());
 
-		this.mvc.perform(get("/csrf").session(session))
-				.andExpect(csrfChanged(result));
+		this.mvc.perform(get("/csrf").session(session)).andExpect(csrfChanged(result));
+	}
+
+	@Test
+	public void logoutWhenDefaultConfigurationThenCsrfCleared() throws Exception {
+
+		this.spring.configLocations(this.xml("shared-controllers"), this.xml("AutoConfig")).autowire();
+
+		MvcResult result = this.mvc.perform(get("/csrf")).andReturn();
+
+		MockHttpSession session = (MockHttpSession) result.getRequest().getSession();
+
+		this.mvc.perform(post("/logout").session(session).with(csrf())).andExpect(status().isFound());
+
+		this.mvc.perform(get("/csrf").session(session)).andExpect(csrfChanged(result));
 	}
 
 	/**
@@ -520,16 +386,15 @@ public class CsrfConfigTests {
 	 */
 	@Test
 	@WithMockUser
-	public void logoutWhenDefaultConfigurationThenDisabled()
-		throws Exception {
+	public void logoutWhenDefaultConfigurationThenDisabled() throws Exception {
 
-		this.spring.configLocations(
-				this.xml("shared-controllers"),
-				this.xml("CsrfEnabled")
-			).autowire();
+		this.spring.configLocations(this.xml("shared-controllers"), this.xml("CsrfEnabled")).autowire();
 
-		this.mvc.perform(get("/logout"))
-			.andExpect(status().isOk()); // renders form to log out but does not perform a redirect
+		this.mvc.perform(get("/logout")).andExpect(status().isOk()); // renders form to
+																		// log out but
+																		// does not
+																		// perform a
+																		// redirect
 
 		// still logged in
 		this.mvc.perform(get("/authenticated")).andExpect(status().isOk());
@@ -540,8 +405,8 @@ public class CsrfConfigTests {
 
 		List<Filter> filters = chain.getFilters("/any");
 
-		for ( Filter filter : filters ) {
-			if ( type.isAssignableFrom(filter.getClass()) ) {
+		for (Filter filter : filters) {
+			if (type.isAssignableFrom(filter.getClass())) {
 				return (T) filter;
 			}
 		}
@@ -555,6 +420,7 @@ public class CsrfConfigTests {
 
 	@Controller
 	public static class RootController {
+
 		@RequestMapping(value = "/csrf-in-header", method = { HEAD, TRACE, OPTIONS })
 		@ResponseBody
 		String csrfInHeaderAndBody(CsrfToken token, HttpServletResponse response) {
@@ -579,18 +445,18 @@ public class CsrfConfigTests {
 		String authenticated() {
 			return "authenticated";
 		}
+
 	}
 
 	private static class TeapotAccessDeniedHandler implements AccessDeniedHandler {
 
 		@Override
-		public void handle(
-				HttpServletRequest request,
-				HttpServletResponse response,
+		public void handle(HttpServletRequest request, HttpServletResponse response,
 				AccessDeniedException accessDeniedException) {
 
 			response.setStatus(HttpStatus.IM_A_TEAPOT_418);
 		}
+
 	}
 
 	ResultMatcher csrfChanged(MvcResult first) {
@@ -616,19 +482,24 @@ public class CsrfConfigTests {
 
 	@FunctionalInterface
 	interface ExceptionalFunction<IN, OUT> {
+
 		OUT apply(IN in) throws Exception;
+
 	}
 
 	static class CsrfCreatedResultMatcher implements ResultMatcher {
+
 		@Override
 		public void match(MvcResult result) {
 			MockHttpServletRequest request = result.getRequest();
 			CsrfToken token = WebTestUtils.getCsrfTokenRepository(request).loadToken(request);
 			assertThat(token).isNotNull();
 		}
+
 	}
 
 	static class CsrfReturnedResultMatcher implements ResultMatcher {
+
 		ExceptionalFunction<MvcResult, String> token;
 
 		CsrfReturnedResultMatcher(ExceptionalFunction<MvcResult, String> token) {
@@ -642,6 +513,7 @@ public class CsrfConfigTests {
 			assertThat(token).isNotNull();
 			assertThat(token.getToken()).isEqualTo(this.token.apply(result));
 		}
+
 	}
 
 }
diff --git a/config/src/test/java/org/springframework/security/config/http/DefaultFilterChainValidatorTests.java b/config/src/test/java/org/springframework/security/config/http/DefaultFilterChainValidatorTests.java
index 2e87b07360..51b870b019 100644
--- a/config/src/test/java/org/springframework/security/config/http/DefaultFilterChainValidatorTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/DefaultFilterChainValidatorTests.java
@@ -44,17 +44,21 @@ import org.springframework.security.web.authentication.LoginUrlAuthenticationEnt
 import org.springframework.security.web.util.matcher.AnyRequestMatcher;
 
 /**
- *
  * @author Rob Winch
  */
 @RunWith(MockitoJUnitRunner.class)
 public class DefaultFilterChainValidatorTests {
+
 	private DefaultFilterChainValidator validator;
+
 	private FilterChainProxy fcp;
+
 	@Mock
 	private Log logger;
+
 	@Mock
 	private DefaultFilterInvocationSecurityMetadataSource metadataSource;
+
 	@Mock
 	private AccessDecisionManager accessDecisionManager;
 
@@ -66,12 +70,10 @@ public class DefaultFilterChainValidatorTests {
 		fsi = new FilterSecurityInterceptor();
 		fsi.setAccessDecisionManager(accessDecisionManager);
 		fsi.setSecurityMetadataSource(metadataSource);
-		AuthenticationEntryPoint authenticationEntryPoint = new LoginUrlAuthenticationEntryPoint(
-				"/login");
-		ExceptionTranslationFilter etf = new ExceptionTranslationFilter(
-				authenticationEntryPoint);
-		DefaultSecurityFilterChain securityChain = new DefaultSecurityFilterChain(
-				AnyRequestMatcher.INSTANCE, aaf, etf, fsi);
+		AuthenticationEntryPoint authenticationEntryPoint = new LoginUrlAuthenticationEntryPoint("/login");
+		ExceptionTranslationFilter etf = new ExceptionTranslationFilter(authenticationEntryPoint);
+		DefaultSecurityFilterChain securityChain = new DefaultSecurityFilterChain(AnyRequestMatcher.INSTANCE, aaf, etf,
+				fsi);
 		fcp = new FilterChainProxy(securityChain);
 		validator = new DefaultFilterChainValidator();
 
@@ -82,24 +84,25 @@ public class DefaultFilterChainValidatorTests {
 	@SuppressWarnings("unchecked")
 	@Test
 	public void validateCheckLoginPageIsntProtectedThrowsIllegalArgumentException() {
-		IllegalArgumentException toBeThrown = new IllegalArgumentException(
-				"failed to eval expression");
-		doThrow(toBeThrown).when(accessDecisionManager).decide(any(Authentication.class),
-				anyObject(), any(Collection.class));
+		IllegalArgumentException toBeThrown = new IllegalArgumentException("failed to eval expression");
+		doThrow(toBeThrown).when(accessDecisionManager).decide(any(Authentication.class), anyObject(),
+				any(Collection.class));
 		validator.validate(fcp);
-		verify(logger)
-				.info("Unable to check access to the login page to determine if anonymous access is allowed. This might be an error, but can happen under normal circumstances.",
-						toBeThrown);
+		verify(logger).info(
+				"Unable to check access to the login page to determine if anonymous access is allowed. This might be an error, but can happen under normal circumstances.",
+				toBeThrown);
 	}
 
 	// SEC-1957
 	@Test
 	public void validateCustomMetadataSource() {
-		FilterInvocationSecurityMetadataSource customMetaDataSource = mock(FilterInvocationSecurityMetadataSource.class);
+		FilterInvocationSecurityMetadataSource customMetaDataSource = mock(
+				FilterInvocationSecurityMetadataSource.class);
 		fsi.setSecurityMetadataSource(customMetaDataSource);
 
 		validator.validate(fcp);
 
 		verify(customMetaDataSource).getAttributes(any());
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/http/FilterSecurityMetadataSourceBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/http/FilterSecurityMetadataSourceBeanDefinitionParserTests.java
index 29164a0f8c..91124dd40a 100644
--- a/config/src/test/java/org/springframework/security/config/http/FilterSecurityMetadataSourceBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/FilterSecurityMetadataSourceBeanDefinitionParserTests.java
@@ -59,12 +59,10 @@ public class FilterSecurityMetadataSourceBeanDefinitionParserTests {
 	@Test
 	public void parsingMinimalConfigurationIsSuccessful() {
 		setContext("<filter-security-metadata-source id='fids' use-expressions='false'>"
-				+ "   <intercept-url pattern='/**' access='ROLE_A'/>"
-				+ "</filter-security-metadata-source>");
+				+ "   <intercept-url pattern='/**' access='ROLE_A'/>" + "</filter-security-metadata-source>");
 		DefaultFilterInvocationSecurityMetadataSource fids = (DefaultFilterInvocationSecurityMetadataSource) this.appContext
 				.getBean("fids");
-		Collection<ConfigAttribute> cad = fids
-				.getAttributes(createFilterInvocation("/anything", "GET"));
+		Collection<ConfigAttribute> cad = fids.getAttributes(createFilterInvocation("/anything", "GET"));
 		assertThat(cad).contains(new SecurityConfig("ROLE_A"));
 	}
 
@@ -76,8 +74,7 @@ public class FilterSecurityMetadataSourceBeanDefinitionParserTests {
 
 		ExpressionBasedFilterInvocationSecurityMetadataSource fids = (ExpressionBasedFilterInvocationSecurityMetadataSource) this.appContext
 				.getBean("fids");
-		ConfigAttribute[] cad = fids
-				.getAttributes(createFilterInvocation("/anything", "GET"))
+		ConfigAttribute[] cad = fids.getAttributes(createFilterInvocation("/anything", "GET"))
 				.toArray(new ConfigAttribute[0]);
 		assertThat(cad).hasSize(1);
 		assertThat(cad[0].toString()).isEqualTo("hasRole('ROLE_A')");
@@ -88,15 +85,13 @@ public class FilterSecurityMetadataSourceBeanDefinitionParserTests {
 	public void interceptUrlsSupportPropertyPlaceholders() {
 		System.setProperty("secure.url", "/secure");
 		System.setProperty("secure.role", "ROLE_A");
-		setContext(
-				"<b:bean class='org.springframework.beans.factory.config.PropertyPlaceholderConfigurer'/>"
-						+ "<filter-security-metadata-source id='fids' use-expressions='false'>"
-						+ "   <intercept-url pattern='${secure.url}' access='${secure.role}'/>"
-						+ "</filter-security-metadata-source>");
+		setContext("<b:bean class='org.springframework.beans.factory.config.PropertyPlaceholderConfigurer'/>"
+				+ "<filter-security-metadata-source id='fids' use-expressions='false'>"
+				+ "   <intercept-url pattern='${secure.url}' access='${secure.role}'/>"
+				+ "</filter-security-metadata-source>");
 		DefaultFilterInvocationSecurityMetadataSource fids = (DefaultFilterInvocationSecurityMetadataSource) this.appContext
 				.getBean("fids");
-		Collection<ConfigAttribute> cad = fids
-				.getAttributes(createFilterInvocation("/secure", "GET"));
+		Collection<ConfigAttribute> cad = fids.getAttributes(createFilterInvocation("/secure", "GET"));
 		assertThat(cad).containsExactly(new SecurityConfig("ROLE_A"));
 	}
 
@@ -110,16 +105,15 @@ public class FilterSecurityMetadataSourceBeanDefinitionParserTests {
 				+ "           <intercept-url pattern='/secure/**' access='ROLE_USER'/>"
 				+ "           <intercept-url pattern='/**' access='ROLE_USER'/>"
 				+ "       </filter-security-metadata-source>" + "   </b:property>"
-				+ "   <b:property name='authenticationManager' ref='"
-				+ BeanIds.AUTHENTICATION_MANAGER + "'/>" + "</b:bean>"
-				+ ConfigTestUtils.AUTH_PROVIDER_XML);
+				+ "   <b:property name='authenticationManager' ref='" + BeanIds.AUTHENTICATION_MANAGER + "'/>"
+				+ "</b:bean>" + ConfigTestUtils.AUTH_PROVIDER_XML);
 	}
 
 	@Test(expected = BeanDefinitionParsingException.class)
 	public void parsingInterceptUrlServletPathFails() {
 		setContext("<filter-security-metadata-source id='fids' use-expressions='false'>"
-			+ "   <intercept-url pattern='/secure' access='ROLE_USER' servlet-path='/spring' />"
-			+ "</filter-security-metadata-source>");
+				+ "   <intercept-url pattern='/secure' access='ROLE_USER' servlet-path='/spring' />"
+				+ "</filter-security-metadata-source>");
 	}
 
 	private FilterInvocation createFilterInvocation(String path, String method) {
@@ -129,7 +123,7 @@ public class FilterSecurityMetadataSourceBeanDefinitionParserTests {
 
 		request.setServletPath(path);
 
-		return new FilterInvocation(request, new MockHttpServletResponse(),
-				new MockFilterChain());
+		return new FilterInvocation(request, new MockHttpServletResponse(), new MockFilterChain());
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/http/FormLoginBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/http/FormLoginBeanDefinitionParserTests.java
index 4bef5265fa..f8e3f1ecdc 100644
--- a/config/src/test/java/org/springframework/security/config/http/FormLoginBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/FormLoginBeanDefinitionParserTests.java
@@ -32,15 +32,13 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.request;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
 
-
 /**
- *
  * @author Luke Taylor
  * @author Josh Cummings
  */
 public class FormLoginBeanDefinitionParserTests {
-	private static final String CONFIG_LOCATION_PREFIX =
-			"classpath:org/springframework/security/config/http/FormLoginBeanDefinitionParserTests";
+
+	private static final String CONFIG_LOCATION_PREFIX = "classpath:org/springframework/security/config/http/FormLoginBeanDefinitionParserTests";
 
 	@Rule
 	public final SpringTestRule spring = new SpringTestRule();
@@ -49,86 +47,63 @@ public class FormLoginBeanDefinitionParserTests {
 	MockMvc mvc;
 
 	@Test
-	public void getLoginWhenAutoConfigThenShowsDefaultLoginPage()
-		throws Exception {
+	public void getLoginWhenAutoConfigThenShowsDefaultLoginPage() throws Exception {
 
 		this.spring.configLocations(this.xml("Simple")).autowire();
 
-		String expectedContent =
-				"<!DOCTYPE html>\n"
-						+ "<html lang=\"en\">\n"
-						+ "  <head>\n"
-						+ "    <meta charset=\"utf-8\">\n"
-						+ "    <meta name=\"viewport\" content=\"width=device-width, initial-scale=1, shrink-to-fit=no\">\n"
-						+ "    <meta name=\"description\" content=\"\">\n"
-						+ "    <meta name=\"author\" content=\"\">\n"
-						+ "    <title>Please sign in</title>\n"
-						+ "    <link href=\"https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-/Y6pD6FV/Vv2HJnA6t+vslU6fwYXjCFtcEpHbNJ0lyAFsXTsjBbfaDjzALeQsN6M\" crossorigin=\"anonymous\">\n"
-						+ "    <link href=\"https://getbootstrap.com/docs/4.0/examples/signin/signin.css\" rel=\"stylesheet\" crossorigin=\"anonymous\"/>\n"
-						+ "  </head>\n"
-						+ "  <body>\n"
-						+ "     <div class=\"container\">\n"
-						+ "      <form class=\"form-signin\" method=\"post\" action=\"/login\">\n"
-						+ "        <h2 class=\"form-signin-heading\">Please sign in</h2>\n"
-						+ "        <p>\n"
-						+ "          <label for=\"username\" class=\"sr-only\">Username</label>\n"
-						+ "          <input type=\"text\" id=\"username\" name=\"username\" class=\"form-control\" placeholder=\"Username\" required autofocus>\n"
-						+ "        </p>\n"
-						+ "        <p>\n"
-						+ "          <label for=\"password\" class=\"sr-only\">Password</label>\n"
-						+ "          <input type=\"password\" id=\"password\" name=\"password\" class=\"form-control\" placeholder=\"Password\" required>\n"
-						+ "        </p>\n"
-						+ "        <button class=\"btn btn-lg btn-primary btn-block\" type=\"submit\">Sign in</button>\n"
-						+ "      </form>\n"
-						+ "</div>\n"
-						+ "</body></html>";
+		String expectedContent = "<!DOCTYPE html>\n" + "<html lang=\"en\">\n" + "  <head>\n"
+				+ "    <meta charset=\"utf-8\">\n"
+				+ "    <meta name=\"viewport\" content=\"width=device-width, initial-scale=1, shrink-to-fit=no\">\n"
+				+ "    <meta name=\"description\" content=\"\">\n" + "    <meta name=\"author\" content=\"\">\n"
+				+ "    <title>Please sign in</title>\n"
+				+ "    <link href=\"https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-/Y6pD6FV/Vv2HJnA6t+vslU6fwYXjCFtcEpHbNJ0lyAFsXTsjBbfaDjzALeQsN6M\" crossorigin=\"anonymous\">\n"
+				+ "    <link href=\"https://getbootstrap.com/docs/4.0/examples/signin/signin.css\" rel=\"stylesheet\" crossorigin=\"anonymous\"/>\n"
+				+ "  </head>\n" + "  <body>\n" + "     <div class=\"container\">\n"
+				+ "      <form class=\"form-signin\" method=\"post\" action=\"/login\">\n"
+				+ "        <h2 class=\"form-signin-heading\">Please sign in</h2>\n" + "        <p>\n"
+				+ "          <label for=\"username\" class=\"sr-only\">Username</label>\n"
+				+ "          <input type=\"text\" id=\"username\" name=\"username\" class=\"form-control\" placeholder=\"Username\" required autofocus>\n"
+				+ "        </p>\n" + "        <p>\n"
+				+ "          <label for=\"password\" class=\"sr-only\">Password</label>\n"
+				+ "          <input type=\"password\" id=\"password\" name=\"password\" class=\"form-control\" placeholder=\"Password\" required>\n"
+				+ "        </p>\n"
+				+ "        <button class=\"btn btn-lg btn-primary btn-block\" type=\"submit\">Sign in</button>\n"
+				+ "      </form>\n" + "</div>\n" + "</body></html>";
 
 		this.mvc.perform(get("/login")).andExpect(content().string(expectedContent));
 	}
 
 	@Test
-	public void getLogoutWhenAutoConfigThenShowsDefaultLogoutPage()
-			throws Exception {
+	public void getLogoutWhenAutoConfigThenShowsDefaultLogoutPage() throws Exception {
 
 		this.spring.configLocations(this.xml("AutoConfig")).autowire();
 
-		this.mvc.perform(get("/logout"))
-				.andExpect(content().string(containsString("action=\"/logout\"")));
+		this.mvc.perform(get("/logout")).andExpect(content().string(containsString("action=\"/logout\"")));
 	}
 
 	@Test
-	public void getLoginWhenConfiguredWithCustomAttributesThenLoginPageReflects()
-			throws Exception {
+	public void getLoginWhenConfiguredWithCustomAttributesThenLoginPageReflects() throws Exception {
 
 		this.spring.configLocations(this.xml("WithCustomAttributes")).autowire();
 
-		String expectedContent =
-				"<!DOCTYPE html>\n"
-						+ "<html lang=\"en\">\n" + "  <head>\n"
-						+ "    <meta charset=\"utf-8\">\n"
-						+ "    <meta name=\"viewport\" content=\"width=device-width, initial-scale=1, shrink-to-fit=no\">\n"
-						+ "    <meta name=\"description\" content=\"\">\n"
-						+ "    <meta name=\"author\" content=\"\">\n"
-						+ "    <title>Please sign in</title>\n"
-						+ "    <link href=\"https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-/Y6pD6FV/Vv2HJnA6t+vslU6fwYXjCFtcEpHbNJ0lyAFsXTsjBbfaDjzALeQsN6M\" crossorigin=\"anonymous\">\n"
-						+ "    <link href=\"https://getbootstrap.com/docs/4.0/examples/signin/signin.css\" rel=\"stylesheet\" crossorigin=\"anonymous\"/>\n"
-						+ "  </head>\n"
-						+ "  <body>\n"
-						+ "     <div class=\"container\">\n"
-						+ "      <form class=\"form-signin\" method=\"post\" action=\"/signin\">\n"
-						+ "        <h2 class=\"form-signin-heading\">Please sign in</h2>\n"
-						+ "        <p>\n"
-						+ "          <label for=\"username\" class=\"sr-only\">Username</label>\n"
-						+ "          <input type=\"text\" id=\"username\" name=\"custom_user\" class=\"form-control\" placeholder=\"Username\" required autofocus>\n"
-						+ "        </p>\n"
-						+ "        <p>\n"
-						+ "          <label for=\"password\" class=\"sr-only\">Password</label>\n"
-						+ "          <input type=\"password\" id=\"password\" name=\"custom_pass\" class=\"form-control\" placeholder=\"Password\" required>\n"
-						+ "        </p>\n"
-						+ "        <button class=\"btn btn-lg btn-primary btn-block\" type=\"submit\">Sign in</button>\n"
-						+ "      </form>\n"
-						+ "</div>\n"
-						+ "</body></html>";
+		String expectedContent = "<!DOCTYPE html>\n" + "<html lang=\"en\">\n" + "  <head>\n"
+				+ "    <meta charset=\"utf-8\">\n"
+				+ "    <meta name=\"viewport\" content=\"width=device-width, initial-scale=1, shrink-to-fit=no\">\n"
+				+ "    <meta name=\"description\" content=\"\">\n" + "    <meta name=\"author\" content=\"\">\n"
+				+ "    <title>Please sign in</title>\n"
+				+ "    <link href=\"https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-/Y6pD6FV/Vv2HJnA6t+vslU6fwYXjCFtcEpHbNJ0lyAFsXTsjBbfaDjzALeQsN6M\" crossorigin=\"anonymous\">\n"
+				+ "    <link href=\"https://getbootstrap.com/docs/4.0/examples/signin/signin.css\" rel=\"stylesheet\" crossorigin=\"anonymous\"/>\n"
+				+ "  </head>\n" + "  <body>\n" + "     <div class=\"container\">\n"
+				+ "      <form class=\"form-signin\" method=\"post\" action=\"/signin\">\n"
+				+ "        <h2 class=\"form-signin-heading\">Please sign in</h2>\n" + "        <p>\n"
+				+ "          <label for=\"username\" class=\"sr-only\">Username</label>\n"
+				+ "          <input type=\"text\" id=\"username\" name=\"custom_user\" class=\"form-control\" placeholder=\"Username\" required autofocus>\n"
+				+ "        </p>\n" + "        <p>\n"
+				+ "          <label for=\"password\" class=\"sr-only\">Password</label>\n"
+				+ "          <input type=\"password\" id=\"password\" name=\"custom_pass\" class=\"form-control\" placeholder=\"Password\" required>\n"
+				+ "        </p>\n"
+				+ "        <button class=\"btn btn-lg btn-primary btn-block\" type=\"submit\">Sign in</button>\n"
+				+ "      </form>\n" + "</div>\n" + "</body></html>";
 
 		this.mvc.perform(get("/login")).andExpect(content().string(expectedContent));
 
@@ -136,121 +111,94 @@ public class FormLoginBeanDefinitionParserTests {
 	}
 
 	@Test
-	public void getLoginWhenConfiguredForOpenIdThenLoginPageReflects()
-		throws Exception {
+	public void getLoginWhenConfiguredForOpenIdThenLoginPageReflects() throws Exception {
 
 		this.spring.configLocations(this.xml("WithOpenId")).autowire();
 
-		String expectedContent =
-				"<!DOCTYPE html>\n" + "<html lang=\"en\">\n" + "  <head>\n"
-						+ "    <meta charset=\"utf-8\">\n"
-						+ "    <meta name=\"viewport\" content=\"width=device-width, initial-scale=1, shrink-to-fit=no\">\n"
-						+ "    <meta name=\"description\" content=\"\">\n"
-						+ "    <meta name=\"author\" content=\"\">\n"
-						+ "    <title>Please sign in</title>\n"
-						+ "    <link href=\"https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-/Y6pD6FV/Vv2HJnA6t+vslU6fwYXjCFtcEpHbNJ0lyAFsXTsjBbfaDjzALeQsN6M\" crossorigin=\"anonymous\">\n"
-						+ "    <link href=\"https://getbootstrap.com/docs/4.0/examples/signin/signin.css\" rel=\"stylesheet\" crossorigin=\"anonymous\"/>\n"
-						+ "  </head>\n"
-						+ "  <body>\n"
-						+ "     <div class=\"container\">\n"
-						+ "      <form class=\"form-signin\" method=\"post\" action=\"/login\">\n"
-						+ "        <h2 class=\"form-signin-heading\">Please sign in</h2>\n"
-						+ "        <p>\n"
-						+ "          <label for=\"username\" class=\"sr-only\">Username</label>\n"
-						+ "          <input type=\"text\" id=\"username\" name=\"username\" class=\"form-control\" placeholder=\"Username\" required autofocus>\n"
-						+ "        </p>\n"
-						+ "        <p>\n"
-						+ "          <label for=\"password\" class=\"sr-only\">Password</label>\n"
-						+ "          <input type=\"password\" id=\"password\" name=\"password\" class=\"form-control\" placeholder=\"Password\" required>\n"
-						+ "        </p>\n"
-						+ "        <button class=\"btn btn-lg btn-primary btn-block\" type=\"submit\">Sign in</button>\n"
-						+ "      </form>\n"
-						+ "      <form name=\"oidf\" class=\"form-signin\" method=\"post\" action=\"/login/openid\">\n"
-						+ "        <h2 class=\"form-signin-heading\">Login with OpenID Identity</h2>\n"
-						+ "        <p>\n"
-						+ "          <label for=\"username\" class=\"sr-only\">Identity</label>\n"
-						+ "          <input type=\"text\" id=\"username\" name=\"openid_identifier\" class=\"form-control\" placeholder=\"Username\" required autofocus>\n"
-						+ "        </p>\n"
-						+ "        <button class=\"btn btn-lg btn-primary btn-block\" type=\"submit\">Sign in</button>\n"
-						+ "      </form>\n"
-						+ "</div>\n"
-						+ "</body></html>";
+		String expectedContent = "<!DOCTYPE html>\n" + "<html lang=\"en\">\n" + "  <head>\n"
+				+ "    <meta charset=\"utf-8\">\n"
+				+ "    <meta name=\"viewport\" content=\"width=device-width, initial-scale=1, shrink-to-fit=no\">\n"
+				+ "    <meta name=\"description\" content=\"\">\n" + "    <meta name=\"author\" content=\"\">\n"
+				+ "    <title>Please sign in</title>\n"
+				+ "    <link href=\"https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-/Y6pD6FV/Vv2HJnA6t+vslU6fwYXjCFtcEpHbNJ0lyAFsXTsjBbfaDjzALeQsN6M\" crossorigin=\"anonymous\">\n"
+				+ "    <link href=\"https://getbootstrap.com/docs/4.0/examples/signin/signin.css\" rel=\"stylesheet\" crossorigin=\"anonymous\"/>\n"
+				+ "  </head>\n" + "  <body>\n" + "     <div class=\"container\">\n"
+				+ "      <form class=\"form-signin\" method=\"post\" action=\"/login\">\n"
+				+ "        <h2 class=\"form-signin-heading\">Please sign in</h2>\n" + "        <p>\n"
+				+ "          <label for=\"username\" class=\"sr-only\">Username</label>\n"
+				+ "          <input type=\"text\" id=\"username\" name=\"username\" class=\"form-control\" placeholder=\"Username\" required autofocus>\n"
+				+ "        </p>\n" + "        <p>\n"
+				+ "          <label for=\"password\" class=\"sr-only\">Password</label>\n"
+				+ "          <input type=\"password\" id=\"password\" name=\"password\" class=\"form-control\" placeholder=\"Password\" required>\n"
+				+ "        </p>\n"
+				+ "        <button class=\"btn btn-lg btn-primary btn-block\" type=\"submit\">Sign in</button>\n"
+				+ "      </form>\n"
+				+ "      <form name=\"oidf\" class=\"form-signin\" method=\"post\" action=\"/login/openid\">\n"
+				+ "        <h2 class=\"form-signin-heading\">Login with OpenID Identity</h2>\n" + "        <p>\n"
+				+ "          <label for=\"username\" class=\"sr-only\">Identity</label>\n"
+				+ "          <input type=\"text\" id=\"username\" name=\"openid_identifier\" class=\"form-control\" placeholder=\"Username\" required autofocus>\n"
+				+ "        </p>\n"
+				+ "        <button class=\"btn btn-lg btn-primary btn-block\" type=\"submit\">Sign in</button>\n"
+				+ "      </form>\n" + "</div>\n" + "</body></html>";
 
 		this.mvc.perform(get("/login")).andExpect(content().string(expectedContent));
 	}
 
 	@Test
-	public void getLoginWhenConfiguredForOpenIdWithCustomAttributesThenLoginPageReflects()
-			throws Exception {
+	public void getLoginWhenConfiguredForOpenIdWithCustomAttributesThenLoginPageReflects() throws Exception {
 
 		this.spring.configLocations(this.xml("WithOpenIdCustomAttributes")).autowire();
 
-		String expectedContent =
-				"<!DOCTYPE html>\n" + "<html lang=\"en\">\n" + "  <head>\n"
-						+ "    <meta charset=\"utf-8\">\n"
-						+ "    <meta name=\"viewport\" content=\"width=device-width, initial-scale=1, shrink-to-fit=no\">\n"
-						+ "    <meta name=\"description\" content=\"\">\n"
-						+ "    <meta name=\"author\" content=\"\">\n"
-						+ "    <title>Please sign in</title>\n"
-						+ "    <link href=\"https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-/Y6pD6FV/Vv2HJnA6t+vslU6fwYXjCFtcEpHbNJ0lyAFsXTsjBbfaDjzALeQsN6M\" crossorigin=\"anonymous\">\n"
-						+ "    <link href=\"https://getbootstrap.com/docs/4.0/examples/signin/signin.css\" rel=\"stylesheet\" crossorigin=\"anonymous\"/>\n"
-						+ "  </head>\n"
-						+ "  <body>\n"
-						+ "     <div class=\"container\">\n"
-						+ "      <form class=\"form-signin\" method=\"post\" action=\"/login\">\n"
-						+ "        <h2 class=\"form-signin-heading\">Please sign in</h2>\n"
-						+ "        <p>\n"
-						+ "          <label for=\"username\" class=\"sr-only\">Username</label>\n"
-						+ "          <input type=\"text\" id=\"username\" name=\"username\" class=\"form-control\" placeholder=\"Username\" required autofocus>\n"
-						+ "        </p>\n"
-						+ "        <p>\n"
-						+ "          <label for=\"password\" class=\"sr-only\">Password</label>\n"
-						+ "          <input type=\"password\" id=\"password\" name=\"password\" class=\"form-control\" placeholder=\"Password\" required>\n"
-						+ "        </p>\n"
-						+ "        <button class=\"btn btn-lg btn-primary btn-block\" type=\"submit\">Sign in</button>\n"
-						+ "      </form>\n"
-						+ "      <form name=\"oidf\" class=\"form-signin\" method=\"post\" action=\"/signin\">\n"
-						+ "        <h2 class=\"form-signin-heading\">Login with OpenID Identity</h2>\n"
-						+ "        <p>\n"
-						+ "          <label for=\"username\" class=\"sr-only\">Identity</label>\n"
-						+ "          <input type=\"text\" id=\"username\" name=\"openid_identifier\" class=\"form-control\" placeholder=\"Username\" required autofocus>\n"
-						+ "        </p>\n"
-						+ "        <button class=\"btn btn-lg btn-primary btn-block\" type=\"submit\">Sign in</button>\n"
-						+ "      </form>\n"
-						+ "</div>\n"
-						+ "</body></html>";
+		String expectedContent = "<!DOCTYPE html>\n" + "<html lang=\"en\">\n" + "  <head>\n"
+				+ "    <meta charset=\"utf-8\">\n"
+				+ "    <meta name=\"viewport\" content=\"width=device-width, initial-scale=1, shrink-to-fit=no\">\n"
+				+ "    <meta name=\"description\" content=\"\">\n" + "    <meta name=\"author\" content=\"\">\n"
+				+ "    <title>Please sign in</title>\n"
+				+ "    <link href=\"https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-/Y6pD6FV/Vv2HJnA6t+vslU6fwYXjCFtcEpHbNJ0lyAFsXTsjBbfaDjzALeQsN6M\" crossorigin=\"anonymous\">\n"
+				+ "    <link href=\"https://getbootstrap.com/docs/4.0/examples/signin/signin.css\" rel=\"stylesheet\" crossorigin=\"anonymous\"/>\n"
+				+ "  </head>\n" + "  <body>\n" + "     <div class=\"container\">\n"
+				+ "      <form class=\"form-signin\" method=\"post\" action=\"/login\">\n"
+				+ "        <h2 class=\"form-signin-heading\">Please sign in</h2>\n" + "        <p>\n"
+				+ "          <label for=\"username\" class=\"sr-only\">Username</label>\n"
+				+ "          <input type=\"text\" id=\"username\" name=\"username\" class=\"form-control\" placeholder=\"Username\" required autofocus>\n"
+				+ "        </p>\n" + "        <p>\n"
+				+ "          <label for=\"password\" class=\"sr-only\">Password</label>\n"
+				+ "          <input type=\"password\" id=\"password\" name=\"password\" class=\"form-control\" placeholder=\"Password\" required>\n"
+				+ "        </p>\n"
+				+ "        <button class=\"btn btn-lg btn-primary btn-block\" type=\"submit\">Sign in</button>\n"
+				+ "      </form>\n"
+				+ "      <form name=\"oidf\" class=\"form-signin\" method=\"post\" action=\"/signin\">\n"
+				+ "        <h2 class=\"form-signin-heading\">Login with OpenID Identity</h2>\n" + "        <p>\n"
+				+ "          <label for=\"username\" class=\"sr-only\">Identity</label>\n"
+				+ "          <input type=\"text\" id=\"username\" name=\"openid_identifier\" class=\"form-control\" placeholder=\"Username\" required autofocus>\n"
+				+ "        </p>\n"
+				+ "        <button class=\"btn btn-lg btn-primary btn-block\" type=\"submit\">Sign in</button>\n"
+				+ "      </form>\n" + "</div>\n" + "</body></html>";
 
 		this.mvc.perform(get("/login")).andExpect(content().string(expectedContent));
 	}
 
 	@Test
-	public void failedLoginWhenConfiguredWithCustomAuthenticationFailureThenForwardsAccordingly()
-		throws Exception {
+	public void failedLoginWhenConfiguredWithCustomAuthenticationFailureThenForwardsAccordingly() throws Exception {
 
 		this.spring.configLocations(this.xml("WithAuthenticationFailureForwardUrl")).autowire();
 
-		this.mvc.perform(post("/login")
-							.param("username", "bob")
-							.param("password", "invalidpassword"))
-				.andExpect(status().isOk())
-				.andExpect(forwardedUrl("/failure_forward_url"))
+		this.mvc.perform(post("/login").param("username", "bob").param("password", "invalidpassword"))
+				.andExpect(status().isOk()).andExpect(forwardedUrl("/failure_forward_url"))
 				.andExpect(request().attribute(WebAttributes.AUTHENTICATION_EXCEPTION, not(nullValue())));
 	}
 
 	@Test
-	public void successfulLoginWhenConfiguredWithCustomAuthenticationSuccessThenForwardsAccordingly()
-		throws Exception {
+	public void successfulLoginWhenConfiguredWithCustomAuthenticationSuccessThenForwardsAccordingly() throws Exception {
 
 		this.spring.configLocations(this.xml("WithAuthenticationSuccessForwardUrl")).autowire();
 
-		this.mvc.perform(post("/login")
-				.param("username", "user")
-				.param("password", "password"))
-				.andExpect(status().isOk())
-				.andExpect(forwardedUrl("/success_forward_url"));
+		this.mvc.perform(post("/login").param("username", "user").param("password", "password"))
+				.andExpect(status().isOk()).andExpect(forwardedUrl("/success_forward_url"));
 	}
 
 	private String xml(String configName) {
 		return CONFIG_LOCATION_PREFIX + "-" + configName + ".xml";
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/http/FormLoginConfigTests.java b/config/src/test/java/org/springframework/security/config/http/FormLoginConfigTests.java
index 56bbe0b062..392632c023 100644
--- a/config/src/test/java/org/springframework/security/config/http/FormLoginConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/FormLoginConfigTests.java
@@ -48,13 +48,12 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
 
 /**
- *
  * @author Luke Taylor
  * @author Josh Cummings
  */
 public class FormLoginConfigTests {
-	private static final String CONFIG_LOCATION_PREFIX =
-			"classpath:org/springframework/security/config/http/FormLoginConfigTests";
+
+	private static final String CONFIG_LOCATION_PREFIX = "classpath:org/springframework/security/config/http/FormLoginConfigTests";
 
 	@Rule
 	public final SpringTestRule spring = new SpringTestRule();
@@ -63,48 +62,34 @@ public class FormLoginConfigTests {
 	MockMvc mvc;
 
 	@Test
-	public void getProtectedPageWhenFormLoginConfiguredThenRedirectsToDefaultLoginPage()
-		throws Exception {
+	public void getProtectedPageWhenFormLoginConfiguredThenRedirectsToDefaultLoginPage() throws Exception {
 
 		this.spring.configLocations(this.xml("WithAntRequestMatcher")).autowire();
 
-		this.mvc.perform(get("/"))
-				.andExpect(redirectedUrl("http://localhost/login"));
+		this.mvc.perform(get("/")).andExpect(redirectedUrl("http://localhost/login"));
 	}
 
 	@Test
-	public void authenticateWhenDefaultTargetUrlConfiguredThenRedirectsAccordingly()
-		throws Exception {
+	public void authenticateWhenDefaultTargetUrlConfiguredThenRedirectsAccordingly() throws Exception {
 
 		this.spring.configLocations(this.xml("WithDefaultTargetUrl")).autowire();
 
-		this.mvc.perform(post("/login")
-							.param("username", "user")
-							.param("password", "password")
-							.with(csrf()))
+		this.mvc.perform(post("/login").param("username", "user").param("password", "password").with(csrf()))
 				.andExpect(redirectedUrl("/default"));
 	}
 
 	@Test
-	public void authenticateWhenConfiguredWithSpelThenRedirectsAccordingly()
-		throws Exception {
+	public void authenticateWhenConfiguredWithSpelThenRedirectsAccordingly() throws Exception {
 
 		this.spring.configLocations(this.xml("UsingSpel")).autowire();
 
-		this.mvc.perform(post("/login")
-				.param("username", "user")
-				.param("password", "password")
-				.with(csrf()))
+		this.mvc.perform(post("/login").param("username", "user").param("password", "password").with(csrf()))
 				.andExpect(redirectedUrl(WebConfigUtilsTests.URL + "/default"));
 
-		this.mvc.perform(post("/login")
-				.param("username", "user")
-				.param("password", "wrong")
-				.with(csrf()))
+		this.mvc.perform(post("/login").param("username", "user").param("password", "wrong").with(csrf()))
 				.andExpect(redirectedUrl(WebConfigUtilsTests.URL + "/failure"));
 
-		this.mvc.perform(get("/"))
-				.andExpect(redirectedUrl("http://localhost" + WebConfigUtilsTests.URL + "/login"));
+		this.mvc.perform(get("/")).andExpect(redirectedUrl("http://localhost" + WebConfigUtilsTests.URL + "/login"));
 	}
 
 	@Test
@@ -122,35 +107,23 @@ public class FormLoginConfigTests {
 	}
 
 	@Test
-	public void authenticateWhenCustomHandlerBeansConfiguredThenInvokesAccordingly()
-		throws Exception {
+	public void authenticateWhenCustomHandlerBeansConfiguredThenInvokesAccordingly() throws Exception {
 
 		this.spring.configLocations(this.xml("WithSuccessAndFailureHandlers")).autowire();
 
-		this.mvc.perform(post("/login")
-				.param("username", "user")
-				.param("password", "password")
-				.with(csrf()))
+		this.mvc.perform(post("/login").param("username", "user").param("password", "password").with(csrf()))
 				.andExpect(status().isIAmATeapot());
 
-		this.mvc.perform(post("/login")
-				.param("username", "user")
-				.param("password", "wrong")
-				.with(csrf()))
+		this.mvc.perform(post("/login").param("username", "user").param("password", "wrong").with(csrf()))
 				.andExpect(status().isIAmATeapot());
 	}
 
-
 	@Test
-	public void authenticateWhenCustomUsernameAndPasswordParametersThenSucceeds()
-		throws Exception {
+	public void authenticateWhenCustomUsernameAndPasswordParametersThenSucceeds() throws Exception {
 
 		this.spring.configLocations(this.xml("WithUsernameAndPasswordParameters")).autowire();
 
-		this.mvc.perform(post("/login")
-				.param("xname", "user")
-				.param("xpass", "password")
-				.with(csrf()))
+		this.mvc.perform(post("/login").param("xname", "user").param("xpass", "password").with(csrf()))
 				.andExpect(redirectedUrl("/"));
 	}
 
@@ -159,85 +132,74 @@ public class FormLoginConfigTests {
 	 */
 	@Test
 	public void autowireWhenCustomLoginPageIsSlashLoginThenNoDefaultLoginPageGeneratingFilterIsWired()
-		throws Exception {
+			throws Exception {
 
 		this.spring.configLocations(this.xml("ForSec2919")).autowire();
 
-		this.mvc.perform(get("/login"))
-				.andExpect(content().string("teapot"));
+		this.mvc.perform(get("/login")).andExpect(content().string("teapot"));
 
 		assertThat(getFilter(this.spring.getContext(), DefaultLoginPageGeneratingFilter.class)).isNull();
 	}
 
 	@Test
-	public void authenticateWhenCsrfIsEnabledThenRequiresToken()
-		throws Exception {
+	public void authenticateWhenCsrfIsEnabledThenRequiresToken() throws Exception {
 
 		this.spring.configLocations(this.xml("WithCsrfEnabled")).autowire();
 
-		this.mvc.perform(post("/login")
-							.param("username", "user")
-							.param("password", "password"))
+		this.mvc.perform(post("/login").param("username", "user").param("password", "password"))
 				.andExpect(status().isForbidden());
 	}
 
 	@Test
-	public void authenticateWhenCsrfIsDisabledThenDoesNotRequireToken()
-		throws Exception {
+	public void authenticateWhenCsrfIsDisabledThenDoesNotRequireToken() throws Exception {
 
 		this.spring.configLocations(this.xml("WithCsrfDisabled")).autowire();
 
-		this.mvc.perform(post("/login")
-				.param("username", "user")
-				.param("password", "password"))
+		this.mvc.perform(post("/login").param("username", "user").param("password", "password"))
 				.andExpect(status().isFound());
 	}
 
 	/**
-	 * SEC-3147: authentication-failure-url should be contained "error" parameter if login-page="/login"
+	 * SEC-3147: authentication-failure-url should be contained "error" parameter if
+	 * login-page="/login"
 	 */
 	@Test
 	public void authenticateWhenLoginPageIsSlashLoginAndAuthenticationFailsThenRedirectContainsErrorParameter()
-		throws Exception {
+			throws Exception {
 
 		this.spring.configLocations(this.xml("ForSec3147")).autowire();
 
-		this.mvc.perform(post("/login")
-					.param("username", "user")
-					.param("password", "wrong")
-					.with(csrf()))
+		this.mvc.perform(post("/login").param("username", "user").param("password", "wrong").with(csrf()))
 				.andExpect(redirectedUrl("/login?error"));
 	}
 
 	@RestController
 	public static class LoginController {
+
 		@GetMapping("/login")
 		public String ok() {
 			return "teapot";
 		}
+
 	}
 
-	public static class TeapotAuthenticationHandler implements
-			AuthenticationSuccessHandler,
-			AuthenticationFailureHandler {
+	public static class TeapotAuthenticationHandler
+			implements AuthenticationSuccessHandler, AuthenticationFailureHandler {
 
 		@Override
-		public void onAuthenticationFailure(
-				HttpServletRequest request,
-				HttpServletResponse response,
+		public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
 				AuthenticationException exception) {
 
 			response.setStatus(HttpStatus.I_AM_A_TEAPOT.value());
 		}
 
 		@Override
-		public void onAuthenticationSuccess(
-				HttpServletRequest request,
-				HttpServletResponse response,
+		public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
 				Authentication authentication) {
 
 			response.setStatus(HttpStatus.I_AM_A_TEAPOT.value());
 		}
+
 	}
 
 	private Filter getFilter(ApplicationContext context, Class<? extends Filter> filterClass) {
@@ -245,8 +207,8 @@ public class FormLoginConfigTests {
 
 		List<Filter> filters = filterChain.getFilters("/any");
 
-		for ( Filter filter : filters ) {
-			if ( filter.getClass() == filterClass ) {
+		for (Filter filter : filters) {
+			if (filter.getClass() == filterClass) {
 				return filter;
 			}
 		}
@@ -257,4 +219,5 @@ public class FormLoginConfigTests {
 	private String xml(String configName) {
 		return CONFIG_LOCATION_PREFIX + "-" + configName + ".xml";
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/http/HttpConfigTests.java b/config/src/test/java/org/springframework/security/config/http/HttpConfigTests.java
index f0da65eac7..ff369f8a9b 100644
--- a/config/src/test/java/org/springframework/security/config/http/HttpConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/HttpConfigTests.java
@@ -34,14 +34,12 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
 
 /**
- *
  * @author Rob Winch
  * @author Josh Cummings
  */
 public class HttpConfigTests {
 
-	private static final String CONFIG_LOCATION_PREFIX =
-			"classpath:org/springframework/security/config/http/HttpConfigTests";
+	private static final String CONFIG_LOCATION_PREFIX = "classpath:org/springframework/security/config/http/HttpConfigTests";
 
 	@Rule
 	public final SpringTestRule spring = new SpringTestRule();
@@ -50,19 +48,15 @@ public class HttpConfigTests {
 	MockMvc mvc;
 
 	@Test
-	public void getWhenUsingMinimalConfigurationThenRedirectsToLogin()
-		throws Exception {
+	public void getWhenUsingMinimalConfigurationThenRedirectsToLogin() throws Exception {
 
 		this.spring.configLocations(this.xml("Minimal")).autowire();
 
-		this.mvc.perform(get("/"))
-				.andExpect(status().isFound())
-				.andExpect(redirectedUrl("http://localhost/login"));
+		this.mvc.perform(get("/")).andExpect(status().isFound()).andExpect(redirectedUrl("http://localhost/login"));
 	}
 
 	@Test
-	public void getWhenUsingMinimalConfigurationThenPreventsSessionAsUrlParameter()
-		throws Exception {
+	public void getWhenUsingMinimalConfigurationThenPreventsSessionAsUrlParameter() throws Exception {
 
 		this.spring.configLocations(this.xml("Minimal")).autowire();
 
@@ -71,17 +65,14 @@ public class HttpConfigTests {
 
 		FilterChainProxy proxy = this.spring.getContext().getBean(FilterChainProxy.class);
 
-		proxy.doFilter(
-				request,
-				new EncodeUrlDenyingHttpServletResponseWrapper(response),
-				(req, resp) -> {});
+		proxy.doFilter(request, new EncodeUrlDenyingHttpServletResponseWrapper(response), (req, resp) -> {
+		});
 
 		assertThat(response.getStatus()).isEqualTo(HttpStatus.SC_MOVED_TEMPORARILY);
 		assertThat(response.getRedirectedUrl()).isEqualTo("http://localhost/login");
 	}
 
-	private static class EncodeUrlDenyingHttpServletResponseWrapper
-			extends HttpServletResponseWrapper {
+	private static class EncodeUrlDenyingHttpServletResponseWrapper extends HttpServletResponseWrapper {
 
 		EncodeUrlDenyingHttpServletResponseWrapper(HttpServletResponse response) {
 			super(response);
@@ -106,9 +97,11 @@ public class HttpConfigTests {
 		public String encodeRedirectUrl(String url) {
 			throw new RuntimeException("Unexpected invocation of encodeURL");
 		}
+
 	}
 
 	private String xml(String configName) {
 		return CONFIG_LOCATION_PREFIX + "-" + configName + ".xml";
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/http/HttpCorsConfigTests.java b/config/src/test/java/org/springframework/security/config/http/HttpCorsConfigTests.java
index 2ba0044db8..c50130375b 100644
--- a/config/src/test/java/org/springframework/security/config/http/HttpCorsConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/HttpCorsConfigTests.java
@@ -41,15 +41,13 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
 
 /**
- *
  * @author Rob Winch
  * @author Tim Ysewyn
  * @author Josh Cummings
  */
 public class HttpCorsConfigTests {
 
-	private static final String CONFIG_LOCATION_PREFIX =
-			"classpath:org/springframework/security/config/http/HttpCorsConfigTests";
+	private static final String CONFIG_LOCATION_PREFIX = "classpath:org/springframework/security/config/http/HttpCorsConfigTests";
 
 	@Rule
 	public final SpringTestRule spring = new SpringTestRule();
@@ -59,78 +57,68 @@ public class HttpCorsConfigTests {
 
 	@Test
 	public void autowireWhenMissingMvcThenGivesInformativeError() {
-		assertThatThrownBy(() ->
-				this.spring.configLocations(this.xml("RequiresMvc")).autowire())
-			.isInstanceOf(BeanCreationException.class)
-			.hasMessageContaining("Please ensure Spring Security & Spring MVC are configured in a shared ApplicationContext");
+		assertThatThrownBy(() -> this.spring.configLocations(this.xml("RequiresMvc")).autowire())
+				.isInstanceOf(BeanCreationException.class).hasMessageContaining(
+						"Please ensure Spring Security & Spring MVC are configured in a shared ApplicationContext");
 	}
 
 	@Test
-	public void getWhenUsingCorsThenDoesSpringSecurityCorsHandshake()
-		throws Exception {
+	public void getWhenUsingCorsThenDoesSpringSecurityCorsHandshake() throws Exception {
 
 		this.spring.configLocations(this.xml("WithCors")).autowire();
 
-		this.mvc.perform(get("/").with(this.approved()))
-				.andExpect(corsResponseHeaders())
+		this.mvc.perform(get("/").with(this.approved())).andExpect(corsResponseHeaders())
 				.andExpect((status().isIAmATeapot()));
 
-		this.mvc.perform(options("/").with(this.preflight()))
-				.andExpect(corsResponseHeaders())
+		this.mvc.perform(options("/").with(this.preflight())).andExpect(corsResponseHeaders())
 				.andExpect(status().isOk());
 	}
 
 	@Test
-	public void getWhenUsingCustomCorsConfigurationSourceThenDoesSpringSecurityCorsHandshake()
-			throws Exception {
+	public void getWhenUsingCustomCorsConfigurationSourceThenDoesSpringSecurityCorsHandshake() throws Exception {
 
 		this.spring.configLocations(this.xml("WithCorsConfigurationSource")).autowire();
 
-		this.mvc.perform(get("/").with(this.approved()))
-				.andExpect(corsResponseHeaders())
+		this.mvc.perform(get("/").with(this.approved())).andExpect(corsResponseHeaders())
 				.andExpect((status().isIAmATeapot()));
 
-		this.mvc.perform(options("/").with(this.preflight()))
-				.andExpect(corsResponseHeaders())
+		this.mvc.perform(options("/").with(this.preflight())).andExpect(corsResponseHeaders())
 				.andExpect(status().isOk());
 	}
 
 	@Test
-	public void getWhenUsingCustomCorsFilterThenDoesSPringSecurityCorsHandshake()
-			throws Exception {
+	public void getWhenUsingCustomCorsFilterThenDoesSPringSecurityCorsHandshake() throws Exception {
 
 		this.spring.configLocations(this.xml("WithCorsFilter")).autowire();
 
-		this.mvc.perform(get("/").with(this.approved()))
-				.andExpect(corsResponseHeaders())
+		this.mvc.perform(get("/").with(this.approved())).andExpect(corsResponseHeaders())
 				.andExpect((status().isIAmATeapot()));
 
-		this.mvc.perform(options("/").with(this.preflight()))
-				.andExpect(corsResponseHeaders())
+		this.mvc.perform(options("/").with(this.preflight())).andExpect(corsResponseHeaders())
 				.andExpect(status().isOk());
 	}
 
 	@RestController
-	@CrossOrigin(methods = {
-			RequestMethod.GET, RequestMethod.POST
-	})
+	@CrossOrigin(methods = { RequestMethod.GET, RequestMethod.POST })
 	static class CorsController {
+
 		@RequestMapping("/")
 		String hello() {
 			return "Hello";
 		}
+
 	}
 
 	static class MyCorsConfigurationSource extends UrlBasedCorsConfigurationSource {
+
 		MyCorsConfigurationSource() {
 			CorsConfiguration configuration = new CorsConfiguration();
 			configuration.setAllowedOrigins(Arrays.asList("*"));
 			configuration.setAllowedMethods(Arrays.asList(RequestMethod.GET.name(), RequestMethod.POST.name()));
 
-			super.registerCorsConfiguration(
-					"/**",
-					configuration);
+			super.registerCorsConfiguration("/**", configuration);
 		}
+
 	}
 
 	private String xml(String configName) {
@@ -149,7 +137,7 @@ public class HttpCorsConfigTests {
 		return (request) -> {
 			request.addHeader(HttpHeaders.ORIGIN, "https://example.com");
 
-			if ( preflight ) {
+			if (preflight) {
 				request.setMethod(HttpMethod.OPTIONS.name());
 				request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, HttpMethod.POST.name());
 			}
diff --git a/config/src/test/java/org/springframework/security/config/http/HttpHeadersConfigTests.java b/config/src/test/java/org/springframework/security/config/http/HttpHeadersConfigTests.java
index 2df097e589..9e582be23d 100644
--- a/config/src/test/java/org/springframework/security/config/http/HttpHeadersConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/HttpHeadersConfigTests.java
@@ -41,7 +41,6 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
 
 /**
- *
  * @author Rob Winch
  * @author Tim Ysewyn
  * @author Josh Cummings
@@ -49,19 +48,13 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
  */
 public class HttpHeadersConfigTests {
 
-	private static final String CONFIG_LOCATION_PREFIX =
-			"classpath:org/springframework/security/config/http/HttpHeadersConfigTests";
+	private static final String CONFIG_LOCATION_PREFIX = "classpath:org/springframework/security/config/http/HttpHeadersConfigTests";
 
-	static final Map<String, String> defaultHeaders =
-			ImmutableMap.<String, String>builder()
-				.put("X-Content-Type-Options", "nosniff")
-				.put("X-Frame-Options", "DENY")
-				.put("Strict-Transport-Security", "max-age=31536000 ; includeSubDomains")
-				.put("Cache-Control", "no-cache, no-store, max-age=0, must-revalidate")
-				.put("Expires", "0")
-				.put("Pragma", "no-cache")
-				.put("X-XSS-Protection", "1; mode=block")
-				.build();
+	static final Map<String, String> defaultHeaders = ImmutableMap.<String, String>builder()
+			.put("X-Content-Type-Options", "nosniff").put("X-Frame-Options", "DENY")
+			.put("Strict-Transport-Security", "max-age=31536000 ; includeSubDomains")
+			.put("Cache-Control", "no-cache, no-store, max-age=0, must-revalidate").put("Expires", "0")
+			.put("Pragma", "no-cache").put("X-XSS-Protection", "1; mode=block").build();
 
 	@Rule
 	public final SpringTestRule spring = new SpringTestRule();
@@ -70,97 +63,75 @@ public class HttpHeadersConfigTests {
 	MockMvc mvc;
 
 	@Test
-	public void requestWhenHeadersDisabledThenResponseExcludesAllSecureHeaders()
-			throws Exception {
+	public void requestWhenHeadersDisabledThenResponseExcludesAllSecureHeaders() throws Exception {
 
 		this.spring.configLocations(this.xml("HeadersDisabled")).autowire();
 
-		this.mvc.perform(get("/"))
-				.andExpect(status().isOk())
-				.andExpect(excludesDefaults());
+		this.mvc.perform(get("/")).andExpect(status().isOk()).andExpect(excludesDefaults());
 	}
 
 	@Test
-	public void requestWhenHeadersDisabledViaPlaceholderThenResponseExcludesAllSecureHeaders()
-			throws Exception {
+	public void requestWhenHeadersDisabledViaPlaceholderThenResponseExcludesAllSecureHeaders() throws Exception {
 
 		System.setProperty("security.headers.disabled", "true");
 
 		this.spring.configLocations(this.xml("DisabledWithPlaceholder")).autowire();
 
-		this.mvc.perform(get("/").secure(true))
-			.andExpect(status().isOk())
-			.andExpect(excludesDefaults());
+		this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(excludesDefaults());
 	}
 
 	@Test
-	public void requestWhenHeadersEnabledViaPlaceholderThenResponseIncludesAllSecureHeaders()
-			throws Exception {
+	public void requestWhenHeadersEnabledViaPlaceholderThenResponseIncludesAllSecureHeaders() throws Exception {
 
 		System.setProperty("security.headers.disabled", "false");
 
 		this.spring.configLocations(this.xml("DisabledWithPlaceholder")).autowire();
 
-		this.mvc.perform(get("/").secure(true))
-			.andExpect(status().isOk())
-			.andExpect(includesDefaults());
+		this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(includesDefaults());
 	}
 
 	@Test
-	public void requestWhenHeadersDisabledRefMissingPlaceholderThenResponseIncludesAllSecureHeaders()
-			throws Exception {
+	public void requestWhenHeadersDisabledRefMissingPlaceholderThenResponseIncludesAllSecureHeaders() throws Exception {
 
 		System.clearProperty("security.headers.disabled");
 
 		this.spring.configLocations(this.xml("DisabledWithPlaceholder")).autowire();
 
-		this.mvc.perform(get("/").secure(true))
-			.andExpect(status().isOk())
-			.andExpect(includesDefaults());
+		this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(includesDefaults());
 	}
 
 	@Test
 	public void configureWhenHeadersDisabledHavingChildElementThenAutowireFails() {
-		assertThatThrownBy(() ->
-				this.spring.configLocations(this.xml("HeadersDisabledHavingChildElement")).autowire())
+		assertThatThrownBy(() -> this.spring.configLocations(this.xml("HeadersDisabledHavingChildElement")).autowire())
 				.isInstanceOf(BeanDefinitionParsingException.class)
 				.hasMessageContaining("Cannot specify <headers disabled=\"true\"> with child elements");
 	}
 
 	@Test
-	public void requestWhenHeadersEnabledThenResponseContainsAllSecureHeaders()
-			throws Exception {
+	public void requestWhenHeadersEnabledThenResponseContainsAllSecureHeaders() throws Exception {
 
 		this.spring.configLocations(this.xml("DefaultConfig")).autowire();
 
-		this.mvc.perform(get("/").secure(true))
-				.andExpect(status().isOk())
-				.andExpect(includesDefaults());
+		this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(includesDefaults());
 	}
 
 	@Test
-	public void requestWhenHeadersElementUsedThenResponseContainsAllSecureHeaders()
-		throws Exception {
+	public void requestWhenHeadersElementUsedThenResponseContainsAllSecureHeaders() throws Exception {
 
 		this.spring.configLocations(this.xml("HeadersEnabled")).autowire();
 
-		this.mvc.perform(get("/").secure(true))
-				.andExpect(status().isOk())
-				.andExpect(includesDefaults());
+		this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(includesDefaults());
 	}
 
 	@Test
-	public void requestWhenFrameOptionsConfiguredThenIncludesHeader()
-		throws Exception {
+	public void requestWhenFrameOptionsConfiguredThenIncludesHeader() throws Exception {
 
 		Map<String, String> headers = new HashMap(defaultHeaders);
 		headers.put("X-Frame-Options", "SAMEORIGIN");
 
 		this.spring.configLocations(this.xml("WithFrameOptions")).autowire();
 
-		this.mvc.perform(get("/").secure(true))
-				.andExpect(status().isOk())
-				.andExpect(includes(headers));
+		this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(includes(headers));
 	}
 
 	// -- defaults disabled
@@ -169,506 +140,412 @@ public class HttpHeadersConfigTests {
 	 * gh-3986
 	 */
 	@Test
-	public void requestWhenDefaultsDisabledWithNoOverrideThenExcludesAllSecureHeaders()
-			throws Exception {
+	public void requestWhenDefaultsDisabledWithNoOverrideThenExcludesAllSecureHeaders() throws Exception {
 
 		this.spring.configLocations(this.xml("DefaultsDisabledWithNoOverride")).autowire();
 
-		this.mvc.perform(get("/").secure(true))
-				.andExpect(status().isOk())
-				.andExpect(excludesDefaults());
+		this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(excludesDefaults());
 	}
 
 	@Test
-	public void requestWhenDefaultsDisabledWithPlaceholderTrueThenExcludesAllSecureHeaders()
-			throws Exception {
+	public void requestWhenDefaultsDisabledWithPlaceholderTrueThenExcludesAllSecureHeaders() throws Exception {
 
 		System.setProperty("security.headers.defaults.disabled", "true");
 
 		this.spring.configLocations(this.xml("DefaultsDisabledWithPlaceholder")).autowire();
 
-		this.mvc.perform(get("/").secure(true))
-				.andExpect(status().isOk())
-				.andExpect(excludesDefaults());
+		this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(excludesDefaults());
 	}
 
 	@Test
-	public void requestWhenDefaultsDisabledWithPlaceholderFalseThenIncludeAllSecureHeaders()
-			throws Exception {
+	public void requestWhenDefaultsDisabledWithPlaceholderFalseThenIncludeAllSecureHeaders() throws Exception {
 
 		System.setProperty("security.headers.defaults.disabled", "false");
 
 		this.spring.configLocations(this.xml("DefaultsDisabledWithPlaceholder")).autowire();
 
-		this.mvc.perform(get("/").secure(true))
-				.andExpect(status().isOk())
-				.andExpect(includesDefaults());
+		this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(includesDefaults());
 	}
 
 	@Test
-	public void requestWhenDefaultsDisabledWithPlaceholderMissingThenIncludeAllSecureHeaders()
-			throws Exception {
+	public void requestWhenDefaultsDisabledWithPlaceholderMissingThenIncludeAllSecureHeaders() throws Exception {
 
 		System.clearProperty("security.headers.defaults.disabled");
 
 		this.spring.configLocations(this.xml("DefaultsDisabledWithPlaceholder")).autowire();
 
-		this.mvc.perform(get("/").secure(true))
-				.andExpect(status().isOk())
-				.andExpect(includesDefaults());
+		this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(includesDefaults());
 	}
 
 	@Test
-	public void requestWhenUsingContentTypeOptionsThenDefaultsToNoSniff()
-			throws Exception {
+	public void requestWhenUsingContentTypeOptionsThenDefaultsToNoSniff() throws Exception {
 
 		Set<String> excludedHeaders = new HashSet<>(defaultHeaders.keySet());
 		excludedHeaders.remove("X-Content-Type-Options");
 
 		this.spring.configLocations(this.xml("DefaultsDisabledWithContentTypeOptions")).autowire();
 
-		this.mvc.perform(get("/"))
-				.andExpect(status().isOk())
-				.andExpect(header().string("X-Content-Type-Options", "nosniff"))
-				.andExpect(excludes(excludedHeaders));
+		this.mvc.perform(get("/")).andExpect(status().isOk())
+				.andExpect(header().string("X-Content-Type-Options", "nosniff")).andExpect(excludes(excludedHeaders));
 	}
 
 	@Test
-	public void requestWhenUsingFrameOptionsThenDefaultsToDeny()
-			throws Exception {
+	public void requestWhenUsingFrameOptionsThenDefaultsToDeny() throws Exception {
 
 		Set<String> excludedHeaders = new HashSet<>(defaultHeaders.keySet());
 		excludedHeaders.remove("X-Frame-Options");
 
 		this.spring.configLocations(this.xml("DefaultsDisabledWithFrameOptions")).autowire();
 
-		this.mvc.perform(get("/"))
-				.andExpect(status().isOk())
-				.andExpect(header().string("X-Frame-Options", "DENY"))
+		this.mvc.perform(get("/")).andExpect(status().isOk()).andExpect(header().string("X-Frame-Options", "DENY"))
 				.andExpect(excludes(excludedHeaders));
 	}
 
 	@Test
-	public void requestWhenUsingFrameOptionsDenyThenRespondsWithDeny()
-			throws Exception {
+	public void requestWhenUsingFrameOptionsDenyThenRespondsWithDeny() throws Exception {
 
 		Set<String> excludedHeaders = new HashSet<>(defaultHeaders.keySet());
 		excludedHeaders.remove("X-Frame-Options");
 
 		this.spring.configLocations(this.xml("DefaultsDisabledWithFrameOptionsDeny")).autowire();
 
-		this.mvc.perform(get("/"))
-				.andExpect(status().isOk())
-				.andExpect(header().string("X-Frame-Options", "DENY"))
+		this.mvc.perform(get("/")).andExpect(status().isOk()).andExpect(header().string("X-Frame-Options", "DENY"))
 				.andExpect(excludes(excludedHeaders));
 	}
 
 	@Test
-	public void requestWhenUsingFrameOptionsSameOriginThenRespondsWithSameOrigin()
-			throws Exception {
+	public void requestWhenUsingFrameOptionsSameOriginThenRespondsWithSameOrigin() throws Exception {
 
 		Set<String> excludedHeaders = new HashSet<>(defaultHeaders.keySet());
 		excludedHeaders.remove("X-Frame-Options");
 
 		this.spring.configLocations(this.xml("DefaultsDisabledWithFrameOptionsSameOrigin")).autowire();
 
-		this.mvc.perform(get("/"))
-				.andExpect(status().isOk())
-				.andExpect(header().string("X-Frame-Options", "SAMEORIGIN"))
-				.andExpect(excludes(excludedHeaders));
+		this.mvc.perform(get("/")).andExpect(status().isOk())
+				.andExpect(header().string("X-Frame-Options", "SAMEORIGIN")).andExpect(excludes(excludedHeaders));
 	}
 
 	@Test
 	public void configureWhenUsingFrameOptionsAllowFromNoOriginThenAutowireFails() {
-		assertThatThrownBy(() ->
-				this.spring.configLocations(this.xml("DefaultsDisabledWithFrameOptionsAllowFromNoOrigin")).autowire())
-				.isInstanceOf(BeanDefinitionParsingException.class)
-				.hasMessageContaining("Strategy requires a 'value' to be set."); // FIXME better error message?
+		assertThatThrownBy(() -> this.spring
+				.configLocations(this.xml("DefaultsDisabledWithFrameOptionsAllowFromNoOrigin")).autowire())
+						.isInstanceOf(BeanDefinitionParsingException.class)
+						.hasMessageContaining("Strategy requires a 'value' to be set."); // FIXME
+																							// better
+																							// error
+																							// message?
 	}
 
 	@Test
 	public void configureWhenUsingFrameOptionsAllowFromBlankOriginThenAutowireFails() {
-		assertThatThrownBy(() ->
-				this.spring.configLocations(this.xml("DefaultsDisabledWithFrameOptionsAllowFromBlankOrigin")).autowire())
-				.isInstanceOf(BeanDefinitionParsingException.class)
-				.hasMessageContaining("Strategy requires a 'value' to be set."); // FIXME better error message?
+		assertThatThrownBy(() -> this.spring
+				.configLocations(this.xml("DefaultsDisabledWithFrameOptionsAllowFromBlankOrigin")).autowire())
+						.isInstanceOf(BeanDefinitionParsingException.class)
+						.hasMessageContaining("Strategy requires a 'value' to be set."); // FIXME
+																							// better
+																							// error
+																							// message?
 	}
 
 	@Test
-	public void requestWhenUsingFrameOptionsAllowFromThenRespondsWithAllowFrom()
-			throws Exception {
+	public void requestWhenUsingFrameOptionsAllowFromThenRespondsWithAllowFrom() throws Exception {
 
 		Set<String> excludedHeaders = new HashSet<>(defaultHeaders.keySet());
 		excludedHeaders.remove("X-Frame-Options");
 
 		this.spring.configLocations(this.xml("DefaultsDisabledWithFrameOptionsAllowFrom")).autowire();
 
-		this.mvc.perform(get("/"))
-				.andExpect(status().isOk())
+		this.mvc.perform(get("/")).andExpect(status().isOk())
 				.andExpect(header().string("X-Frame-Options", "ALLOW-FROM https://example.org"))
 				.andExpect(excludes(excludedHeaders));
 	}
 
 	@Test
-	public void requestWhenUsingFrameOptionsAllowFromWhitelistThenRespondsWithAllowFrom()
-			throws Exception {
+	public void requestWhenUsingFrameOptionsAllowFromWhitelistThenRespondsWithAllowFrom() throws Exception {
 
 		Set<String> excludedHeaders = new HashSet<>(defaultHeaders.keySet());
 		excludedHeaders.remove("X-Frame-Options");
 
 		this.spring.configLocations(this.xml("DefaultsDisabledWithFrameOptionsAllowFromWhitelist")).autowire();
 
-		this.mvc.perform(get("/").param("from", "https://example.org"))
-				.andExpect(status().isOk())
+		this.mvc.perform(get("/").param("from", "https://example.org")).andExpect(status().isOk())
 				.andExpect(header().string("X-Frame-Options", "ALLOW-FROM https://example.org"))
 				.andExpect(excludes(excludedHeaders));
 
-		this.mvc.perform(get("/"))
-				.andExpect(status().isOk())
-				.andExpect(header().string("X-Frame-Options", "DENY"))
+		this.mvc.perform(get("/")).andExpect(status().isOk()).andExpect(header().string("X-Frame-Options", "DENY"))
 				.andExpect(excludes(excludedHeaders));
 	}
 
 	@Test
-	public void requestWhenUsingCustomHeaderThenRespondsWithThatHeader()
-			throws Exception {
+	public void requestWhenUsingCustomHeaderThenRespondsWithThatHeader() throws Exception {
 
 		this.spring.configLocations(this.xml("DefaultsDisabledWithCustomHeader")).autowire();
 
-		this.mvc.perform(get("/"))
-				.andExpect(status().isOk())
-				.andExpect(header().string("a", "b"))
-				.andExpect(header().string("c", "d"))
-				.andExpect(excludesDefaults());
+		this.mvc.perform(get("/")).andExpect(status().isOk()).andExpect(header().string("a", "b"))
+				.andExpect(header().string("c", "d")).andExpect(excludesDefaults());
 	}
 
 	@Test
-	public void requestWhenUsingCustomHeaderWriterThenRespondsWithThatHeader()
-			throws Exception {
+	public void requestWhenUsingCustomHeaderWriterThenRespondsWithThatHeader() throws Exception {
 
 		this.spring.configLocations(this.xml("DefaultsDisabledWithCustomHeaderWriter")).autowire();
 
-		this.mvc.perform(get("/"))
-				.andExpect(status().isOk())
-				.andExpect(header().string("abc", "def"))
+		this.mvc.perform(get("/")).andExpect(status().isOk()).andExpect(header().string("abc", "def"))
 				.andExpect(excludesDefaults());
 	}
 
 	@Test
 	public void configureWhenUsingCustomHeaderNameOnlyThenAutowireFails() {
-		assertThatThrownBy(() ->
-				this.spring.configLocations(this.xml("DefaultsDisabledWithOnlyHeaderName")).autowire())
+		assertThatThrownBy(() -> this.spring.configLocations(this.xml("DefaultsDisabledWithOnlyHeaderName")).autowire())
 				.isInstanceOf(BeanCreationException.class);
 	}
 
 	@Test
 	public void configureWhenUsingCustomHeaderValueOnlyThenAutowireFails() {
-		assertThatThrownBy(() ->
-				this.spring.configLocations(this.xml("DefaultsDisabledWithOnlyHeaderValue")).autowire())
-				.isInstanceOf(BeanCreationException.class);
+		assertThatThrownBy(
+				() -> this.spring.configLocations(this.xml("DefaultsDisabledWithOnlyHeaderValue")).autowire())
+						.isInstanceOf(BeanCreationException.class);
 	}
 
 	@Test
-	public void requestWhenUsingXssProtectionThenDefaultsToModeBlock()
-		throws Exception {
+	public void requestWhenUsingXssProtectionThenDefaultsToModeBlock() throws Exception {
 
 		Set<String> excludedHeaders = new HashSet<>(defaultHeaders.keySet());
 		excludedHeaders.remove("X-XSS-Protection");
 
 		this.spring.configLocations(this.xml("DefaultsDisabledWithXssProtection")).autowire();
 
-		this.mvc.perform(get("/"))
-				.andExpect(status().isOk())
-				.andExpect(header().string("X-XSS-Protection", "1; mode=block"))
-				.andExpect(excludes(excludedHeaders));
+		this.mvc.perform(get("/")).andExpect(status().isOk())
+				.andExpect(header().string("X-XSS-Protection", "1; mode=block")).andExpect(excludes(excludedHeaders));
 	}
 
 	@Test
-	public void requestWhenEnablingXssProtectionThenDefaultsToModeBlock()
-		throws Exception {
+	public void requestWhenEnablingXssProtectionThenDefaultsToModeBlock() throws Exception {
 
 		Set<String> excludedHeaders = new HashSet<>(defaultHeaders.keySet());
 		excludedHeaders.remove("X-XSS-Protection");
 
 		this.spring.configLocations(this.xml("DefaultsDisabledWithXssProtectionEnabled")).autowire();
 
-		this.mvc.perform(get("/"))
-				.andExpect(status().isOk())
-				.andExpect(header().string("X-XSS-Protection", "1; mode=block"))
-				.andExpect(excludes(excludedHeaders));
+		this.mvc.perform(get("/")).andExpect(status().isOk())
+				.andExpect(header().string("X-XSS-Protection", "1; mode=block")).andExpect(excludes(excludedHeaders));
 	}
 
 	@Test
-	public void requestWhenDisablingXssProtectionThenDefaultsToZero()
-			throws Exception {
+	public void requestWhenDisablingXssProtectionThenDefaultsToZero() throws Exception {
 
 		Set<String> excludedHeaders = new HashSet<>(defaultHeaders.keySet());
 		excludedHeaders.remove("X-XSS-Protection");
 
 		this.spring.configLocations(this.xml("DefaultsDisabledWithXssProtectionDisabled")).autowire();
 
-		this.mvc.perform(get("/"))
-				.andExpect(status().isOk())
-				.andExpect(header().string("X-XSS-Protection", "0"))
+		this.mvc.perform(get("/")).andExpect(status().isOk()).andExpect(header().string("X-XSS-Protection", "0"))
 				.andExpect(excludes(excludedHeaders));
 	}
 
 	@Test
 	public void configureWhenXssProtectionDisabledAndBlockSetThenAutowireFails() {
-		assertThatThrownBy(() ->
-				this.spring.configLocations(this.xml("DefaultsDisabledWithXssProtectionDisabledAndBlockSet")).autowire())
-				.isInstanceOf(BeanCreationException.class)
-				.hasMessageContaining("Cannot set block to true with enabled false");
+		assertThatThrownBy(() -> this.spring
+				.configLocations(this.xml("DefaultsDisabledWithXssProtectionDisabledAndBlockSet")).autowire())
+						.isInstanceOf(BeanCreationException.class)
+						.hasMessageContaining("Cannot set block to true with enabled false");
 	}
 
 	@Test
-	public void requestWhenUsingCacheControlThenRespondsWithCorrespondingHeaders()
-		throws Exception {
+	public void requestWhenUsingCacheControlThenRespondsWithCorrespondingHeaders() throws Exception {
 
 		Map<String, String> includedHeaders = ImmutableMap.<String, String>builder()
-				.put("Cache-Control", "no-cache, no-store, max-age=0, must-revalidate")
-				.put("Expires", "0")
-				.put("Pragma", "no-cache")
-				.build();
+				.put("Cache-Control", "no-cache, no-store, max-age=0, must-revalidate").put("Expires", "0")
+				.put("Pragma", "no-cache").build();
 
 		this.spring.configLocations(this.xml("DefaultsDisabledWithCacheControl")).autowire();
 
-		this.mvc.perform(get("/"))
-				.andExpect(status().isOk())
-				.andExpect(includes(includedHeaders));
+		this.mvc.perform(get("/")).andExpect(status().isOk()).andExpect(includes(includedHeaders));
 	}
 
 	@Test
-	public void requestWhenUsingHstsThenRespondsWithHstsHeader()
-			throws Exception {
+	public void requestWhenUsingHstsThenRespondsWithHstsHeader() throws Exception {
 
 		Set<String> excludedHeaders = new HashSet<>(defaultHeaders.keySet());
 		excludedHeaders.remove("Strict-Transport-Security");
 
 		this.spring.configLocations(this.xml("DefaultsDisabledWithHsts")).autowire();
 
-		this.mvc.perform(get("/").secure(true))
-				.andExpect(status().isOk())
+		this.mvc.perform(get("/").secure(true)).andExpect(status().isOk())
 				.andExpect(header().string("Strict-Transport-Security", "max-age=31536000 ; includeSubDomains"))
 				.andExpect(excludes(excludedHeaders));
 	}
 
 	@Test
-	public void insecureRequestWhenUsingHstsThenExcludesHstsHeader()
-			throws Exception {
+	public void insecureRequestWhenUsingHstsThenExcludesHstsHeader() throws Exception {
 
 		this.spring.configLocations(this.xml("DefaultsDisabledWithHsts")).autowire();
 
-		this.mvc.perform(get("/"))
-				.andExpect(status().isOk())
-				.andExpect(excludesDefaults());
+		this.mvc.perform(get("/")).andExpect(status().isOk()).andExpect(excludesDefaults());
 	}
 
 	@Test
-	public void insecureRequestWhenUsingCustomHstsRequestMatcherThenIncludesHstsHeader()
-		throws Exception {
+	public void insecureRequestWhenUsingCustomHstsRequestMatcherThenIncludesHstsHeader() throws Exception {
 
 		Set<String> excludedHeaders = new HashSet<>(defaultHeaders.keySet());
 		excludedHeaders.remove("Strict-Transport-Security");
 
 		this.spring.configLocations(this.xml("DefaultsDisabledWithCustomHstsRequestMatcher")).autowire();
 
-		this.mvc.perform(get("/"))
-				.andExpect(status().isOk())
+		this.mvc.perform(get("/")).andExpect(status().isOk())
 				.andExpect(header().string("Strict-Transport-Security", "max-age=1"))
 				.andExpect(excludes(excludedHeaders));
 	}
 
 	@Test
 	public void configureWhenUsingHpkpWithoutPinsThenAutowireFails() {
-		assertThatThrownBy(() ->
-				this.spring.configLocations(this.xml("DefaultsDisabledWithEmptyHpkp")).autowire())
+		assertThatThrownBy(() -> this.spring.configLocations(this.xml("DefaultsDisabledWithEmptyHpkp")).autowire())
 				.isInstanceOf(XmlBeanDefinitionStoreException.class)
 				.hasMessageContaining("The content of element 'hpkp' is not complete");
 	}
 
 	@Test
 	public void configureWhenUsingHpkpWithEmptyPinsThenAutowireFails() {
-		assertThatThrownBy(() ->
-				this.spring.configLocations(this.xml("DefaultsDisabledWithEmptyPins")).autowire())
+		assertThatThrownBy(() -> this.spring.configLocations(this.xml("DefaultsDisabledWithEmptyPins")).autowire())
 				.isInstanceOf(XmlBeanDefinitionStoreException.class)
 				.hasMessageContaining("The content of element 'pins' is not complete");
 	}
 
 	@Test
-	public void requestWhenUsingHpkpThenIncludesHpkpHeader()
-			throws Exception {
+	public void requestWhenUsingHpkpThenIncludesHpkpHeader() throws Exception {
 		this.spring.configLocations(this.xml("DefaultsDisabledWithHpkp")).autowire();
 
-		this.mvc.perform(get("/").secure(true))
-				.andExpect(status().isOk())
-				.andExpect(header().string(
-						"Public-Key-Pins-Report-Only",
+		this.mvc.perform(get("/").secure(true)).andExpect(status().isOk())
+				.andExpect(header().string("Public-Key-Pins-Report-Only",
 						"max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\""))
 				.andExpect(excludesDefaults());
 	}
 
 	@Test
-	public void requestWhenUsingHpkpDefaultsThenIncludesHpkpHeaderUsingSha256()
-			throws Exception {
+	public void requestWhenUsingHpkpDefaultsThenIncludesHpkpHeaderUsingSha256() throws Exception {
 		this.spring.configLocations(this.xml("DefaultsDisabledWithHpkpDefaults")).autowire();
 
-		this.mvc.perform(get("/").secure(true))
-				.andExpect(status().isOk())
-				.andExpect(header().string(
-						"Public-Key-Pins-Report-Only",
+		this.mvc.perform(get("/").secure(true)).andExpect(status().isOk())
+				.andExpect(header().string("Public-Key-Pins-Report-Only",
 						"max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\""))
 				.andExpect(excludesDefaults());
 	}
 
 	@Test
-	public void insecureRequestWhenUsingHpkpThenExcludesHpkpHeader()
-			throws Exception {
+	public void insecureRequestWhenUsingHpkpThenExcludesHpkpHeader() throws Exception {
 		this.spring.configLocations(this.xml("DefaultsDisabledWithHpkpDefaults")).autowire();
 
-		this.mvc.perform(get("/"))
-				.andExpect(status().isOk())
-				.andExpect(header().doesNotExist("Public-Key-Pins-Report-Only"))
-				.andExpect(excludesDefaults());
+		this.mvc.perform(get("/")).andExpect(status().isOk())
+				.andExpect(header().doesNotExist("Public-Key-Pins-Report-Only")).andExpect(excludesDefaults());
 	}
 
 	@Test
-	public void requestWhenUsingHpkpCustomMaxAgeThenIncludesHpkpHeaderAccordingly()
-			throws Exception {
+	public void requestWhenUsingHpkpCustomMaxAgeThenIncludesHpkpHeaderAccordingly() throws Exception {
 		this.spring.configLocations(this.xml("DefaultsDisabledWithHpkpMaxAge")).autowire();
 
-		this.mvc.perform(get("/").secure(true))
-				.andExpect(status().isOk())
-				.andExpect(header().string(
-						"Public-Key-Pins-Report-Only",
+		this.mvc.perform(get("/").secure(true)).andExpect(status().isOk())
+				.andExpect(header().string("Public-Key-Pins-Report-Only",
 						"max-age=604800 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\""))
 				.andExpect(excludesDefaults());
 	}
 
 	@Test
-	public void requestWhenUsingHpkpReportThenIncludesHpkpHeaderAccordingly()
-			throws Exception {
+	public void requestWhenUsingHpkpReportThenIncludesHpkpHeaderAccordingly() throws Exception {
 		this.spring.configLocations(this.xml("DefaultsDisabledWithHpkpReport")).autowire();
 
-		this.mvc.perform(get("/").secure(true))
-				.andExpect(status().isOk())
-				.andExpect(header().string(
-						"Public-Key-Pins",
+		this.mvc.perform(get("/").secure(true)).andExpect(status().isOk())
+				.andExpect(header().string("Public-Key-Pins",
 						"max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\""))
 				.andExpect(excludesDefaults());
 	}
 
 	@Test
-	public void requestWhenUsingHpkpIncludeSubdomainsThenIncludesHpkpHeaderAccordingly()
-			throws Exception {
+	public void requestWhenUsingHpkpIncludeSubdomainsThenIncludesHpkpHeaderAccordingly() throws Exception {
 		this.spring.configLocations(this.xml("DefaultsDisabledWithHpkpIncludeSubdomains")).autowire();
 
-		this.mvc.perform(get("/").secure(true))
-				.andExpect(status().isOk())
-				.andExpect(header().string(
-						"Public-Key-Pins-Report-Only",
-						"max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\" ; includeSubDomains"))
+		this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(header().string(
+				"Public-Key-Pins-Report-Only",
+				"max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\" ; includeSubDomains"))
 				.andExpect(excludesDefaults());
 	}
 
 	@Test
-	public void requestWhenUsingHpkpReportUriThenIncludesHpkpHeaderAccordingly()
-			throws Exception {
+	public void requestWhenUsingHpkpReportUriThenIncludesHpkpHeaderAccordingly() throws Exception {
 		this.spring.configLocations(this.xml("DefaultsDisabledWithHpkpReportUri")).autowire();
 
-		this.mvc.perform(get("/").secure(true))
-				.andExpect(status().isOk())
-				.andExpect(header().string(
-						"Public-Key-Pins-Report-Only",
-						"max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\" ; report-uri=\"https://example.net/pkp-report\""))
+		this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(header().string(
+				"Public-Key-Pins-Report-Only",
+				"max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\" ; report-uri=\"https://example.net/pkp-report\""))
 				.andExpect(excludesDefaults());
 	}
 
 	// -- single-header disabled
 
 	@Test
-	public void requestWhenCacheControlDisabledThenExcludesHeader()
-		throws Exception {
+	public void requestWhenCacheControlDisabledThenExcludesHeader() throws Exception {
 
 		Collection<String> cacheControl = Arrays.asList("Cache-Control", "Expires", "Pragma");
 		Map<String, String> allButCacheControl = remove(defaultHeaders, cacheControl);
 
 		this.spring.configLocations(this.xml("CacheControlDisabled")).autowire();
 
-		this.mvc.perform(get("/").secure(true))
-				.andExpect(status().isOk())
-				.andExpect(includes(allButCacheControl))
+		this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(includes(allButCacheControl))
 				.andExpect(excludes(cacheControl));
 	}
 
 	@Test
-	public void requestWhenContentTypeOptionsDisabledThenExcludesHeader()
-			throws Exception {
+	public void requestWhenContentTypeOptionsDisabledThenExcludesHeader() throws Exception {
 
 		Collection<String> contentTypeOptions = Arrays.asList("X-Content-Type-Options");
 		Map<String, String> allButContentTypeOptions = remove(defaultHeaders, contentTypeOptions);
 
 		this.spring.configLocations(this.xml("ContentTypeOptionsDisabled")).autowire();
 
-		this.mvc.perform(get("/").secure(true))
-				.andExpect(status().isOk())
-				.andExpect(includes(allButContentTypeOptions))
+		this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(includes(allButContentTypeOptions))
 				.andExpect(excludes(contentTypeOptions));
 	}
 
 	@Test
-	public void requestWhenHstsDisabledThenExcludesHeader()
-			throws Exception {
+	public void requestWhenHstsDisabledThenExcludesHeader() throws Exception {
 
 		Collection<String> hsts = Arrays.asList("Strict-Transport-Security");
 		Map<String, String> allButHsts = remove(defaultHeaders, hsts);
 
 		this.spring.configLocations(this.xml("HstsDisabled")).autowire();
 
-		this.mvc.perform(get("/").secure(true))
-				.andExpect(status().isOk())
-				.andExpect(includes(allButHsts))
+		this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(includes(allButHsts))
 				.andExpect(excludes(hsts));
 	}
 
 	@Test
-	public void requestWhenHpkpDisabledThenExcludesHeader()
-			throws Exception {
+	public void requestWhenHpkpDisabledThenExcludesHeader() throws Exception {
 
 		this.spring.configLocations(this.xml("HpkpDisabled")).autowire();
 
-		this.mvc.perform(get("/").secure(true))
-				.andExpect(status().isOk())
-				.andExpect(includesDefaults());
+		this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(includesDefaults());
 	}
 
 	@Test
-	public void requestWhenFrameOptionsDisabledThenExcludesHeader()
-			throws Exception {
+	public void requestWhenFrameOptionsDisabledThenExcludesHeader() throws Exception {
 
 		Collection<String> frameOptions = Arrays.asList("X-Frame-Options");
 		Map<String, String> allButFrameOptions = remove(defaultHeaders, frameOptions);
 
 		this.spring.configLocations(this.xml("FrameOptionsDisabled")).autowire();
 
-		this.mvc.perform(get("/").secure(true))
-				.andExpect(status().isOk())
-				.andExpect(includes(allButFrameOptions))
+		this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(includes(allButFrameOptions))
 				.andExpect(excludes(frameOptions));
 	}
 
 	@Test
-	public void requestWhenXssProtectionDisabledThenExcludesHeader()
-			throws Exception {
+	public void requestWhenXssProtectionDisabledThenExcludesHeader() throws Exception {
 
 		Collection<String> xssProtection = Arrays.asList("X-XSS-Protection");
 		Map<String, String> allButXssProtection = remove(defaultHeaders, xssProtection);
 
 		this.spring.configLocations(this.xml("XssProtectionDisabled")).autowire();
 
-		this.mvc.perform(get("/").secure(true))
-				.andExpect(status().isOk())
-				.andExpect(includes(allButXssProtection))
+		this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(includes(allButXssProtection))
 				.andExpect(excludes(xssProtection));
 	}
 
@@ -676,139 +553,119 @@ public class HttpHeadersConfigTests {
 
 	@Test
 	public void configureWhenHstsDisabledAndIncludeSubdomainsSpecifiedThenAutowireFails() {
-		assertThatThrownBy(() ->
-				this.spring.configLocations(this.xml("HstsDisabledSpecifyingIncludeSubdomains")).autowire())
-				.isInstanceOf(BeanDefinitionParsingException.class)
-				.hasMessageContaining("include-subdomains");
+		assertThatThrownBy(
+				() -> this.spring.configLocations(this.xml("HstsDisabledSpecifyingIncludeSubdomains")).autowire())
+						.isInstanceOf(BeanDefinitionParsingException.class).hasMessageContaining("include-subdomains");
 	}
 
 	@Test
 	public void configureWhenHstsDisabledAndMaxAgeSpecifiedThenAutowireFails() {
-		assertThatThrownBy(() ->
-				this.spring.configLocations(this.xml("HstsDisabledSpecifyingMaxAge")).autowire())
-				.isInstanceOf(BeanDefinitionParsingException.class)
-				.hasMessageContaining("max-age");
+		assertThatThrownBy(() -> this.spring.configLocations(this.xml("HstsDisabledSpecifyingMaxAge")).autowire())
+				.isInstanceOf(BeanDefinitionParsingException.class).hasMessageContaining("max-age");
 	}
 
 	@Test
 	public void configureWhenHstsDisabledAndRequestMatcherSpecifiedThenAutowireFails() {
-		assertThatThrownBy(() ->
-				this.spring.configLocations(this.xml("HstsDisabledSpecifyingRequestMatcher")).autowire())
-				.isInstanceOf(BeanDefinitionParsingException.class)
-				.hasMessageContaining("request-matcher-ref");
+		assertThatThrownBy(
+				() -> this.spring.configLocations(this.xml("HstsDisabledSpecifyingRequestMatcher")).autowire())
+						.isInstanceOf(BeanDefinitionParsingException.class).hasMessageContaining("request-matcher-ref");
 	}
 
 	@Test
 	public void configureWhenXssProtectionDisabledAndEnabledThenAutowireFails() {
-		assertThatThrownBy(() ->
-				this.spring.configLocations(this.xml("XssProtectionDisabledAndEnabled")).autowire())
-				.isInstanceOf(BeanDefinitionParsingException.class)
-				.hasMessageContaining("enabled");
+		assertThatThrownBy(() -> this.spring.configLocations(this.xml("XssProtectionDisabledAndEnabled")).autowire())
+				.isInstanceOf(BeanDefinitionParsingException.class).hasMessageContaining("enabled");
 	}
 
 	@Test
 	public void configureWhenXssProtectionDisabledAndBlockSpecifiedThenAutowireFails() {
-		assertThatThrownBy(() ->
-				this.spring.configLocations(this.xml("XssProtectionDisabledSpecifyingBlock")).autowire())
-				.isInstanceOf(BeanDefinitionParsingException.class)
-				.hasMessageContaining("block");
+		assertThatThrownBy(
+				() -> this.spring.configLocations(this.xml("XssProtectionDisabledSpecifyingBlock")).autowire())
+						.isInstanceOf(BeanDefinitionParsingException.class).hasMessageContaining("block");
 	}
 
 	@Test
 	public void configureWhenFrameOptionsDisabledAndPolicySpecifiedThenAutowireFails() {
-		assertThatThrownBy(() ->
-				this.spring.configLocations(this.xml("FrameOptionsDisabledSpecifyingPolicy")).autowire())
-				.isInstanceOf(BeanDefinitionParsingException.class)
-				.hasMessageContaining("policy");
+		assertThatThrownBy(
+				() -> this.spring.configLocations(this.xml("FrameOptionsDisabledSpecifyingPolicy")).autowire())
+						.isInstanceOf(BeanDefinitionParsingException.class).hasMessageContaining("policy");
 	}
 
 	@Test
-	public void requestWhenContentSecurityPolicyDirectivesConfiguredThenIncludesDirectives()
-		throws Exception {
+	public void requestWhenContentSecurityPolicyDirectivesConfiguredThenIncludesDirectives() throws Exception {
 
 		Map<String, String> includedHeaders = new HashMap<>(defaultHeaders);
 		includedHeaders.put("Content-Security-Policy", "default-src 'self'");
 
 		this.spring.configLocations(this.xml("ContentSecurityPolicyWithPolicyDirectives")).autowire();
 
-		this.mvc.perform(get("/").secure(true))
-				.andExpect(status().isOk())
-				.andExpect(includes(includedHeaders));
+		this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(includes(includedHeaders));
 	}
 
 	@Test
-	public void requestWhenHeadersDisabledAndContentSecurityPolicyConfiguredThenExcludesHeader()
-		throws Exception {
+	public void requestWhenHeadersDisabledAndContentSecurityPolicyConfiguredThenExcludesHeader() throws Exception {
 
 		this.spring.configLocations(this.xml("HeadersDisabledWithContentSecurityPolicy")).autowire();
 
-		this.mvc.perform(get("/"))
-				.andExpect(status().isOk())
-				.andExpect(excludesDefaults())
+		this.mvc.perform(get("/")).andExpect(status().isOk()).andExpect(excludesDefaults())
 				.andExpect(excludes("Content-Security-Policy"));
 	}
 
 	@Test
-	public void requestWhenDefaultsDisabledAndContentSecurityPolicyConfiguredThenIncludesHeader()
-		throws Exception {
+	public void requestWhenDefaultsDisabledAndContentSecurityPolicyConfiguredThenIncludesHeader() throws Exception {
 
 		this.spring.configLocations(this.xml("DefaultsDisabledWithContentSecurityPolicy")).autowire();
 
-		this.mvc.perform(get("/"))
-				.andExpect(status().isOk())
-				.andExpect(excludesDefaults())
+		this.mvc.perform(get("/")).andExpect(status().isOk()).andExpect(excludesDefaults())
 				.andExpect(header().string("Content-Security-Policy", "default-src 'self'"));
 	}
 
 	@Test
 	public void configureWhenContentSecurityPolicyConfiguredWithEmptyDirectivesThenAutowireFails() {
-		assertThatThrownBy(() ->
-				this.spring.configLocations(this.xml("ContentSecurityPolicyWithEmptyDirectives")).autowire())
-				.isInstanceOf(BeanDefinitionParsingException.class);
+		assertThatThrownBy(
+				() -> this.spring.configLocations(this.xml("ContentSecurityPolicyWithEmptyDirectives")).autowire())
+						.isInstanceOf(BeanDefinitionParsingException.class);
 	}
 
 	@Test
 	public void requestWhenContentSecurityPolicyConfiguredWithReportOnlyThenIncludesReportOnlyHeader()
-		throws Exception {
+			throws Exception {
 
 		Map<String, String> includedHeaders = new HashMap<>(defaultHeaders);
-		includedHeaders.put("Content-Security-Policy-Report-Only", "default-src https:; report-uri https://example.org/");
+		includedHeaders.put("Content-Security-Policy-Report-Only",
+				"default-src https:; report-uri https://example.org/");
 
 		this.spring.configLocations(this.xml("ContentSecurityPolicyWithReportOnly")).autowire();
 
-		this.mvc.perform(get("/").secure(true))
-				.andExpect(status().isOk())
-				.andExpect(includes(includedHeaders));
+		this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(includes(includedHeaders));
 	}
 
 	@Test
-	public void requestWhenReferrerPolicyConfiguredThenResponseDefaultsToNoReferrer()
-			throws Exception {
+	public void requestWhenReferrerPolicyConfiguredThenResponseDefaultsToNoReferrer() throws Exception {
 
 		this.spring.configLocations(this.xml("DefaultsDisabledWithReferrerPolicy")).autowire();
 
-		this.mvc.perform(get("/"))
-				.andExpect(status().isOk())
-				.andExpect(excludesDefaults())
+		this.mvc.perform(get("/")).andExpect(status().isOk()).andExpect(excludesDefaults())
 				.andExpect(header().string("Referrer-Policy", "no-referrer"));
 	}
 
 	@Test
-	public void requestWhenReferrerPolicyConfiguredWithSameOriginThenRespondsWithSameOrigin()
-			throws Exception {
+	public void requestWhenReferrerPolicyConfiguredWithSameOriginThenRespondsWithSameOrigin() throws Exception {
 
 		this.spring.configLocations(this.xml("DefaultsDisabledWithReferrerPolicySameOrigin")).autowire();
 
-		this.mvc.perform(get("/"))
-				.andExpect(status().isOk())
-				.andExpect(excludesDefaults())
+		this.mvc.perform(get("/")).andExpect(status().isOk()).andExpect(excludesDefaults())
 				.andExpect(header().string("Referrer-Policy", "same-origin"));
 	}
 
 	@RestController
 	public static class SimpleController {
+
 		@GetMapping("/")
-		public String ok() { return "ok"; }
+		public String ok() {
+			return "ok";
+		}
+
 	}
 
 	private static ResultMatcher includesDefaults() {
@@ -817,7 +674,7 @@ public class HttpHeadersConfigTests {
 
 	private static ResultMatcher includes(Map<String, String> headers) {
 		return result -> {
-			for ( Map.Entry<String, String> header : headers.entrySet() ) {
+			for (Map.Entry<String, String> header : headers.entrySet()) {
 				header().string(header.getKey(), header.getValue()).match(result);
 			}
 		};
@@ -829,7 +686,7 @@ public class HttpHeadersConfigTests {
 
 	private static ResultMatcher excludes(Collection<String> headers) {
 		return result -> {
-			for ( String name : headers ) {
+			for (String name : headers) {
 				header().doesNotExist(name).match(result);
 			}
 		};
@@ -842,7 +699,7 @@ public class HttpHeadersConfigTests {
 	private static <K, V> Map<K, V> remove(Map<K, V> map, Collection<K> keys) {
 		Map<K, V> copy = new HashMap<>(map);
 
-		for ( K key : keys ) {
+		for (K key : keys) {
 			copy.remove(key);
 		}
 
@@ -852,4 +709,5 @@ public class HttpHeadersConfigTests {
 	private String xml(String configName) {
 		return CONFIG_LOCATION_PREFIX + "-" + configName + ".xml";
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/http/HttpInterceptUrlTests.java b/config/src/test/java/org/springframework/security/config/http/HttpInterceptUrlTests.java
index e1b9ac6ca3..7befacbb8b 100644
--- a/config/src/test/java/org/springframework/security/config/http/HttpInterceptUrlTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/HttpInterceptUrlTests.java
@@ -31,6 +31,7 @@ import org.springframework.web.context.ConfigurableWebApplicationContext;
 import org.springframework.web.context.support.XmlWebApplicationContext;
 
 public class HttpInterceptUrlTests {
+
 	ConfigurableWebApplicationContext context;
 
 	MockMvc mockMvc;
@@ -46,18 +47,15 @@ public class HttpInterceptUrlTests {
 	public void interceptUrlWhenRequestMatcherRefThenWorks() throws Exception {
 		loadConfig("interceptUrlWhenRequestMatcherRefThenWorks.xml");
 
-		mockMvc.perform(get("/foo"))
-			.andExpect(status().isUnauthorized());
+		mockMvc.perform(get("/foo")).andExpect(status().isUnauthorized());
 
-		mockMvc.perform(get("/FOO"))
-			.andExpect(status().isUnauthorized());
+		mockMvc.perform(get("/FOO")).andExpect(status().isUnauthorized());
 
-		mockMvc.perform(get("/other"))
-			.andExpect(status().isOk());
+		mockMvc.perform(get("/other")).andExpect(status().isOk());
 	}
 
 	private void loadConfig(String... configLocations) {
-		for (int i=0; i<configLocations.length; i++) {
+		for (int i = 0; i < configLocations.length; i++) {
 			configLocations[i] = getClass().getName().replaceAll("\\.", "/") + "-" + configLocations[i];
 		}
 		XmlWebApplicationContext context = new XmlWebApplicationContext();
@@ -69,17 +67,17 @@ public class HttpInterceptUrlTests {
 		context.getAutowireCapableBeanFactory().autowireBean(this);
 
 		Filter springSecurityFilterChain = context.getBean("springSecurityFilterChain", Filter.class);
-		mockMvc = MockMvcBuilders
-				.standaloneSetup(new FooController())
-				.addFilters(springSecurityFilterChain)
-				.build();
+		mockMvc = MockMvcBuilders.standaloneSetup(new FooController()).addFilters(springSecurityFilterChain).build();
 	}
 
 	@RestController
 	static class FooController {
+
 		@GetMapping("/*")
 		String foo() {
 			return "foo";
 		}
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/http/InterceptUrlConfigTests.java b/config/src/test/java/org/springframework/security/config/http/InterceptUrlConfigTests.java
index 532075a301..5a87300d60 100644
--- a/config/src/test/java/org/springframework/security/config/http/InterceptUrlConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/InterceptUrlConfigTests.java
@@ -43,14 +43,12 @@ import static org.springframework.test.web.servlet.request.MockMvcRequestBuilder
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
 
 /**
- *
  * @author Rob Winch
  * @author Josh Cummings
  */
 public class InterceptUrlConfigTests {
 
-	private static final String CONFIG_LOCATION_PREFIX =
-			"classpath:org/springframework/security/config/http/InterceptUrlConfigTests";
+	private static final String CONFIG_LOCATION_PREFIX = "classpath:org/springframework/security/config/http/InterceptUrlConfigTests";
 
 	@Rule
 	public final SpringTestRule spring = new SpringTestRule();
@@ -62,175 +60,126 @@ public class InterceptUrlConfigTests {
 	 * sec-2256
 	 */
 	@Test
-	public void requestWhenMethodIsSpecifiedThenItIsNotGivenPriority()
-			throws Exception {
+	public void requestWhenMethodIsSpecifiedThenItIsNotGivenPriority() throws Exception {
 
 		this.spring.configLocations(this.xml("Sec2256")).autowire();
 
-		this.mvc.perform(post("/path")
-				.with(httpBasic("user", "password")))
-				.andExpect(status().isOk());
+		this.mvc.perform(post("/path").with(httpBasic("user", "password"))).andExpect(status().isOk());
 
-		this.mvc.perform(get("/path")
-				.with(httpBasic("user", "password")))
-				.andExpect(status().isOk());
+		this.mvc.perform(get("/path").with(httpBasic("user", "password"))).andExpect(status().isOk());
 	}
 
 	/**
 	 * sec-2355
 	 */
 	@Test
-	public void requestWhenUsingPatchThenAuthorizesRequestsAccordingly()
-			throws Exception {
+	public void requestWhenUsingPatchThenAuthorizesRequestsAccordingly() throws Exception {
 
 		this.spring.configLocations(this.xml("PatchMethod")).autowire();
 
-		this.mvc.perform(get("/path")
-				.with(httpBasic("user", "password")))
-				.andExpect(status().isOk());
+		this.mvc.perform(get("/path").with(httpBasic("user", "password"))).andExpect(status().isOk());
 
-		this.mvc.perform(patch("/path")
-				.with(httpBasic("user", "password")))
-				.andExpect(status().isForbidden());
+		this.mvc.perform(patch("/path").with(httpBasic("user", "password"))).andExpect(status().isForbidden());
 
-		this.mvc.perform(patch("/path")
-				.with(httpBasic("admin", "password")))
-				.andExpect(status().isOk());
+		this.mvc.perform(patch("/path").with(httpBasic("admin", "password"))).andExpect(status().isOk());
 
 	}
 
 	@Test
-	public void requestWhenUsingHasAnyRoleThenAuthorizesRequestsAccordingly()
-			throws Exception {
+	public void requestWhenUsingHasAnyRoleThenAuthorizesRequestsAccordingly() throws Exception {
 
 		this.spring.configLocations(this.xml("HasAnyRole")).autowire();
 
-		this.mvc.perform(get("/path")
-				.with(httpBasic("user", "password")))
-				.andExpect(status().isOk());
+		this.mvc.perform(get("/path").with(httpBasic("user", "password"))).andExpect(status().isOk());
 
-		this.mvc.perform(get("/path")
-				.with(httpBasic("admin", "password")))
-				.andExpect(status().isForbidden());
+		this.mvc.perform(get("/path").with(httpBasic("admin", "password"))).andExpect(status().isForbidden());
 	}
 
 	/**
 	 * sec-2059
 	 */
 	@Test
-	public void requestWhenUsingPathVariablesThenAuthorizesRequestsAccordingly()
-			throws Exception {
+	public void requestWhenUsingPathVariablesThenAuthorizesRequestsAccordingly() throws Exception {
 
 		this.spring.configLocations(this.xml("PathVariables")).autowire();
 
-		this.mvc.perform(get("/path/user/path")
-				.with(httpBasic("user", "password")))
-				.andExpect(status().isOk());
+		this.mvc.perform(get("/path/user/path").with(httpBasic("user", "password"))).andExpect(status().isOk());
 
-		this.mvc.perform(get("/path/otheruser/path")
-				.with(httpBasic("user", "password")))
+		this.mvc.perform(get("/path/otheruser/path").with(httpBasic("user", "password")))
 				.andExpect(status().isForbidden());
 
-		this.mvc.perform(get("/path")
-				.with(httpBasic("user", "password")))
-				.andExpect(status().isForbidden());
+		this.mvc.perform(get("/path").with(httpBasic("user", "password"))).andExpect(status().isForbidden());
 	}
 
 	/**
 	 * gh-3786
 	 */
 	@Test
-	public void requestWhenUsingCamelCasePathVariablesThenAuthorizesRequestsAccordingly()
-			throws Exception {
+	public void requestWhenUsingCamelCasePathVariablesThenAuthorizesRequestsAccordingly() throws Exception {
 
 		this.spring.configLocations(this.xml("CamelCasePathVariables")).autowire();
 
-		this.mvc.perform(get("/path/user/path")
-				.with(httpBasic("user", "password")))
-				.andExpect(status().isOk());
+		this.mvc.perform(get("/path/user/path").with(httpBasic("user", "password"))).andExpect(status().isOk());
 
-		this.mvc.perform(get("/path/otheruser/path")
-				.with(httpBasic("user", "password")))
+		this.mvc.perform(get("/path/otheruser/path").with(httpBasic("user", "password")))
 				.andExpect(status().isForbidden());
 
-		this.mvc.perform(get("/PATH/user/path")
-				.with(httpBasic("user", "password")))
-				.andExpect(status().isForbidden());
+		this.mvc.perform(get("/PATH/user/path").with(httpBasic("user", "password"))).andExpect(status().isForbidden());
 	}
 
 	/**
 	 * sec-2059
 	 */
 	@Test
-	public void requestWhenUsingPathVariablesAndTypeConversionThenAuthorizesRequestsAccordingly()
-			throws Exception {
+	public void requestWhenUsingPathVariablesAndTypeConversionThenAuthorizesRequestsAccordingly() throws Exception {
 
 		this.spring.configLocations(this.xml("TypeConversionPathVariables")).autowire();
 
-		this.mvc.perform(get("/path/1/path")
-				.with(httpBasic("user", "password")))
-				.andExpect(status().isOk());
+		this.mvc.perform(get("/path/1/path").with(httpBasic("user", "password"))).andExpect(status().isOk());
 
-		this.mvc.perform(get("/path/2/path")
-				.with(httpBasic("user", "password")))
-				.andExpect(status().isForbidden());
+		this.mvc.perform(get("/path/2/path").with(httpBasic("user", "password"))).andExpect(status().isForbidden());
 
 	}
 
 	@Test
-	public void requestWhenUsingMvcMatchersThenAuthorizesRequestsAccordingly()
-			throws Exception {
+	public void requestWhenUsingMvcMatchersThenAuthorizesRequestsAccordingly() throws Exception {
 
 		this.spring.configLocations(this.xml("MvcMatchers")).autowire();
 
-		this.mvc.perform(get("/path"))
-				.andExpect(status().isUnauthorized());
+		this.mvc.perform(get("/path")).andExpect(status().isUnauthorized());
 
-		this.mvc.perform(get("/path.html"))
-				.andExpect(status().isUnauthorized());
+		this.mvc.perform(get("/path.html")).andExpect(status().isUnauthorized());
 
-		this.mvc.perform(get("/path/"))
-				.andExpect(status().isUnauthorized());
+		this.mvc.perform(get("/path/")).andExpect(status().isUnauthorized());
 	}
 
 	@Test
-	public void requestWhenUsingMvcMatchersAndPathVariablesThenAuthorizesRequestsAccordingly()
-			throws Exception {
+	public void requestWhenUsingMvcMatchersAndPathVariablesThenAuthorizesRequestsAccordingly() throws Exception {
 
 		this.spring.configLocations(this.xml("MvcMatchersPathVariables")).autowire();
 
-		this.mvc.perform(get("/path/user/path")
-				.with(httpBasic("user", "password")))
-				.andExpect(status().isOk());
+		this.mvc.perform(get("/path/user/path").with(httpBasic("user", "password"))).andExpect(status().isOk());
 
-		this.mvc.perform(get("/path/otheruser/path")
-				.with(httpBasic("user", "password")))
+		this.mvc.perform(get("/path/otheruser/path").with(httpBasic("user", "password")))
 				.andExpect(status().isForbidden());
 
-		this.mvc.perform(get("/PATH/user/path")
-				.with(httpBasic("user", "password")))
-				.andExpect(status().isForbidden());
+		this.mvc.perform(get("/PATH/user/path").with(httpBasic("user", "password"))).andExpect(status().isForbidden());
 	}
 
 	@Test
-	public void requestWhenUsingMvcMatchersAndServletPathThenAuthorizesRequestsAccordingly()
-			throws Exception {
+	public void requestWhenUsingMvcMatchersAndServletPathThenAuthorizesRequestsAccordingly() throws Exception {
 
 		this.spring.configLocations(this.xml("MvcMatchersServletPath")).autowire();
 
 		MockServletContext servletContext = mockServletContext("/spring");
-		ConfigurableWebApplicationContext context =
-				(ConfigurableWebApplicationContext) this.spring.getContext();
+		ConfigurableWebApplicationContext context = (ConfigurableWebApplicationContext) this.spring.getContext();
 		context.setServletContext(servletContext);
 
-		this.mvc.perform(get("/spring/path").servletPath("/spring"))
-				.andExpect(status().isUnauthorized());
+		this.mvc.perform(get("/spring/path").servletPath("/spring")).andExpect(status().isUnauthorized());
 
-		this.mvc.perform(get("/spring/path.html").servletPath("/spring"))
-				.andExpect(status().isUnauthorized());
+		this.mvc.perform(get("/spring/path.html").servletPath("/spring")).andExpect(status().isUnauthorized());
 
-		this.mvc.perform(get("/spring/path/").servletPath("/spring"))
-				.andExpect(status().isUnauthorized());
+		this.mvc.perform(get("/spring/path/").servletPath("/spring")).andExpect(status().isUnauthorized());
 
 	}
 
@@ -260,6 +209,7 @@ public class InterceptUrlConfigTests {
 
 	@RestController
 	static class PathController {
+
 		@RequestMapping("/path")
 		public String path() {
 			return "path";
@@ -269,20 +219,23 @@ public class InterceptUrlConfigTests {
 		public String path(@PathVariable("un") String name) {
 			return name;
 		}
+
 	}
 
 	public static class Id {
+
 		public boolean isOne(int i) {
 			return i == 1;
 		}
+
 	}
 
 	private MockServletContext mockServletContext(String servletPath) {
 		MockServletContext servletContext = spy(new MockServletContext());
 		final ServletRegistration registration = mock(ServletRegistration.class);
 		when(registration.getMappings()).thenReturn(Collections.singleton(servletPath));
-		Answer<Map<String, ? extends ServletRegistration>> answer = invocation ->
-				Collections.singletonMap("spring", registration);
+		Answer<Map<String, ? extends ServletRegistration>> answer = invocation -> Collections.singletonMap("spring",
+				registration);
 		when(servletContext.getServletRegistrations()).thenAnswer(answer);
 		return servletContext;
 	}
@@ -290,4 +243,5 @@ public class InterceptUrlConfigTests {
 	private String xml(String configName) {
 		return CONFIG_LOCATION_PREFIX + "-" + configName + ".xml";
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/http/MiscHttpConfigTests.java b/config/src/test/java/org/springframework/security/config/http/MiscHttpConfigTests.java
index 4049067b0f..0ae303e831 100644
--- a/config/src/test/java/org/springframework/security/config/http/MiscHttpConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/MiscHttpConfigTests.java
@@ -127,15 +127,13 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.redirectedUrl;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
 
-
 /**
- *
  * @author Luke Taylor
  * @author Rob Winch
  */
 public class MiscHttpConfigTests {
-	private static final String CONFIG_LOCATION_PREFIX =
-			"classpath:org/springframework/security/config/http/MiscHttpConfigTests";
+
+	private static final String CONFIG_LOCATION_PREFIX = "classpath:org/springframework/security/config/http/MiscHttpConfigTests";
 
 	@Autowired
 	MockMvc mvc;
@@ -161,192 +159,139 @@ public class MiscHttpConfigTests {
 	}
 
 	@Test
-	public void requestWhenUsingDebugFilterAndPatternIsNotConfigureForSecurityThenRespondsOk()
-			throws Exception {
+	public void requestWhenUsingDebugFilterAndPatternIsNotConfigureForSecurityThenRespondsOk() throws Exception {
 
 		this.spring.configLocations(xml("NoSecurityForPattern")).autowire();
 
-		this.mvc.perform(get("/unprotected"))
-			.andExpect(status().isNotFound());
+		this.mvc.perform(get("/unprotected")).andExpect(status().isNotFound());
 
-		this.mvc.perform(get("/nomatch"))
-				.andExpect(status().isNotFound());
+		this.mvc.perform(get("/nomatch")).andExpect(status().isNotFound());
 	}
 
 	@Test
-	public void requestWhenHttpPatternUsesRegexMatchingThenMatchesAccordingly()
-			throws Exception {
+	public void requestWhenHttpPatternUsesRegexMatchingThenMatchesAccordingly() throws Exception {
 
 		this.spring.configLocations(xml("RegexSecurityPattern")).autowire();
 
-		this.mvc.perform(get("/protected"))
-				.andExpect(status().isUnauthorized());
+		this.mvc.perform(get("/protected")).andExpect(status().isUnauthorized());
 
-		this.mvc.perform(get("/unprotected"))
-				.andExpect(status().isNotFound());
+		this.mvc.perform(get("/unprotected")).andExpect(status().isNotFound());
 	}
 
 	@Test
-	public void requestWhenHttpPatternUsesCiRegexMatchingThenMatchesAccordingly()
-			throws Exception {
+	public void requestWhenHttpPatternUsesCiRegexMatchingThenMatchesAccordingly() throws Exception {
 
 		this.spring.configLocations(xml("CiRegexSecurityPattern")).autowire();
 
-		this.mvc.perform(get("/ProTectEd"))
-				.andExpect(status().isUnauthorized());
+		this.mvc.perform(get("/ProTectEd")).andExpect(status().isUnauthorized());
 
-		this.mvc.perform(get("/UnProTectEd"))
-				.andExpect(status().isNotFound());
+		this.mvc.perform(get("/UnProTectEd")).andExpect(status().isNotFound());
 	}
 
 	@Test
-	public void requestWhenHttpPatternUsesCustomRequestMatcherThenMatchesAccordingly()
-			throws Exception {
+	public void requestWhenHttpPatternUsesCustomRequestMatcherThenMatchesAccordingly() throws Exception {
 
 		this.spring.configLocations(xml("CustomRequestMatcher")).autowire();
 
-		this.mvc.perform(get("/protected"))
-				.andExpect(status().isUnauthorized());
+		this.mvc.perform(get("/protected")).andExpect(status().isUnauthorized());
 
-		this.mvc.perform(get("/unprotected"))
-				.andExpect(status().isNotFound());
+		this.mvc.perform(get("/unprotected")).andExpect(status().isNotFound());
 	}
 
 	/**
 	 * SEC-1152
 	 */
 	@Test
-	public void requestWhenUsingMinimalConfigurationThenHonorsAnonymousEndpoints()
-			throws Exception {
+	public void requestWhenUsingMinimalConfigurationThenHonorsAnonymousEndpoints() throws Exception {
 
 		this.spring.configLocations(xml("AnonymousEndpoints")).autowire();
 
-		this.mvc.perform(get("/protected"))
-				.andExpect(status().isUnauthorized());
+		this.mvc.perform(get("/protected")).andExpect(status().isUnauthorized());
 
-		this.mvc.perform(get("/unprotected"))
-				.andExpect(status().isNotFound());
+		this.mvc.perform(get("/unprotected")).andExpect(status().isNotFound());
 
 		assertThat(getFilter(AnonymousAuthenticationFilter.class)).isNotNull();
 	}
 
 	@Test
-	public void requestWhenAnonymousIsDisabledThenRejectsAnonymousEndpoints()
-			throws Exception {
+	public void requestWhenAnonymousIsDisabledThenRejectsAnonymousEndpoints() throws Exception {
 
 		this.spring.configLocations(xml("AnonymousDisabled")).autowire();
 
-		this.mvc.perform(get("/protected"))
-				.andExpect(status().isUnauthorized());
+		this.mvc.perform(get("/protected")).andExpect(status().isUnauthorized());
 
-		this.mvc.perform(get("/unprotected"))
-				.andExpect(status().isUnauthorized());
+		this.mvc.perform(get("/unprotected")).andExpect(status().isUnauthorized());
 
 		assertThat(getFilter(AnonymousAuthenticationFilter.class)).isNull();
 	}
 
 	@Test
-	public void requestWhenAnonymousUsesCustomAttributesThenRespondsWithThoseAttributes()
-			throws Exception {
+	public void requestWhenAnonymousUsesCustomAttributesThenRespondsWithThoseAttributes() throws Exception {
 
 		this.spring.configLocations(xml("AnonymousCustomAttributes")).autowire();
 
-		this.mvc.perform(get("/protected")
-				.with(httpBasic("user", "password")))
-				.andExpect(status().isForbidden());
+		this.mvc.perform(get("/protected").with(httpBasic("user", "password"))).andExpect(status().isForbidden());
 
-		this.mvc.perform(get("/protected"))
-				.andExpect(status().isOk())
-				.andExpect(content().string("josh"));
+		this.mvc.perform(get("/protected")).andExpect(status().isOk()).andExpect(content().string("josh"));
 
-		this.mvc.perform(get("/customKey"))
-				.andExpect(status().isOk())
+		this.mvc.perform(get("/customKey")).andExpect(status().isOk())
 				.andExpect(content().string(String.valueOf("myCustomKey".hashCode())));
 	}
 
 	@Test
-	public void requestWhenAnonymousUsesMultipleGrantedAuthoritiesThenRespondsWithThoseAttributes()
-			throws Exception {
+	public void requestWhenAnonymousUsesMultipleGrantedAuthoritiesThenRespondsWithThoseAttributes() throws Exception {
 
 		this.spring.configLocations(xml("AnonymousMultipleAuthorities")).autowire();
 
-		this.mvc.perform(get("/protected")
-				.with(httpBasic("user", "password")))
-				.andExpect(status().isForbidden());
+		this.mvc.perform(get("/protected").with(httpBasic("user", "password"))).andExpect(status().isForbidden());
 
-		this.mvc.perform(get("/protected"))
-				.andExpect(status().isOk())
-				.andExpect(content().string("josh"));
+		this.mvc.perform(get("/protected")).andExpect(status().isOk()).andExpect(content().string("josh"));
 
-		this.mvc.perform(get("/customKey"))
-				.andExpect(status().isOk())
+		this.mvc.perform(get("/customKey")).andExpect(status().isOk())
 				.andExpect(content().string(String.valueOf("myCustomKey".hashCode())));
 	}
 
 	@Test
-	public void requestWhenInterceptUrlMatchesMethodThenSecuresAccordingly()
-			throws Exception {
+	public void requestWhenInterceptUrlMatchesMethodThenSecuresAccordingly() throws Exception {
 
 		this.spring.configLocations(xml("InterceptUrlMethod")).autowire();
 
-		this.mvc.perform(get("/protected")
-				.with(httpBasic("user", "password")))
-				.andExpect(status().isOk());
+		this.mvc.perform(get("/protected").with(httpBasic("user", "password"))).andExpect(status().isOk());
 
-		this.mvc.perform(post("/protected")
-				.with(httpBasic("user", "password")))
-				.andExpect(status().isForbidden());
+		this.mvc.perform(post("/protected").with(httpBasic("user", "password"))).andExpect(status().isForbidden());
 
-		this.mvc.perform(post("/protected")
-				.with(httpBasic("poster", "password")))
-				.andExpect(status().isOk());
+		this.mvc.perform(post("/protected").with(httpBasic("poster", "password"))).andExpect(status().isOk());
 
-		this.mvc.perform(delete("/protected")
-				.with(httpBasic("poster", "password")))
-				.andExpect(status().isForbidden());
+		this.mvc.perform(delete("/protected").with(httpBasic("poster", "password"))).andExpect(status().isForbidden());
 
-		this.mvc.perform(delete("/protected")
-				.with(httpBasic("admin", "password")))
-				.andExpect(status().isOk());
+		this.mvc.perform(delete("/protected").with(httpBasic("admin", "password"))).andExpect(status().isOk());
 	}
 
 	@Test
-	public void requestWhenInterceptUrlMatchesMethodAndRequiresHttpsThenSecuresAccordingly()
-			throws Exception {
+	public void requestWhenInterceptUrlMatchesMethodAndRequiresHttpsThenSecuresAccordingly() throws Exception {
 
 		this.spring.configLocations(xml("InterceptUrlMethodRequiresHttps")).autowire();
 
-		this.mvc.perform(post("/protected").with(csrf()))
-				.andExpect(status().isOk());
+		this.mvc.perform(post("/protected").with(csrf())).andExpect(status().isOk());
 
-		this.mvc.perform(get("/protected")
-				.secure(true)
-				.with(httpBasic("user", "password")))
+		this.mvc.perform(get("/protected").secure(true).with(httpBasic("user", "password")))
 				.andExpect(status().isForbidden());
 
-		this.mvc.perform(get("/protected")
-				.secure(true)
-				.with(httpBasic("admin", "password")))
+		this.mvc.perform(get("/protected").secure(true).with(httpBasic("admin", "password")))
 				.andExpect(status().isOk());
 	}
 
 	@Test
-	public void requestWhenInterceptUrlMatchesAnyPatternAndRequiresHttpsThenSecuresAccordingly()
-			throws Exception {
+	public void requestWhenInterceptUrlMatchesAnyPatternAndRequiresHttpsThenSecuresAccordingly() throws Exception {
 
 		this.spring.configLocations(xml("InterceptUrlMethodRequiresHttpsAny")).autowire();
 
-		this.mvc.perform(post("/protected").with(csrf()))
-				.andExpect(status().isOk());
+		this.mvc.perform(post("/protected").with(csrf())).andExpect(status().isOk());
 
-		this.mvc.perform(get("/protected")
-				.secure(true)
-				.with(httpBasic("user", "password")))
+		this.mvc.perform(get("/protected").secure(true).with(httpBasic("user", "password")))
 				.andExpect(status().isForbidden());
 
-		this.mvc.perform(get("/protected")
-				.secure(true)
-				.with(httpBasic("admin", "password")))
+		this.mvc.perform(get("/protected").secure(true).with(httpBasic("admin", "password")))
 				.andExpect(status().isOk());
 	}
 
@@ -359,18 +304,16 @@ public class MiscHttpConfigTests {
 	}
 
 	@Test
-	public void requestWhenCustomHttpBasicEntryPointRefThenInvokesOnCommence()
-			throws Exception {
+	public void requestWhenCustomHttpBasicEntryPointRefThenInvokesOnCommence() throws Exception {
 
 		this.spring.configLocations(xml("CustomHttpBasicEntryPointRef")).autowire();
 
 		AuthenticationEntryPoint entryPoint = this.spring.getContext().getBean(AuthenticationEntryPoint.class);
 
-		this.mvc.perform(get("/protected"))
-			.andExpect(status().isOk());
+		this.mvc.perform(get("/protected")).andExpect(status().isOk());
 
-		verify(entryPoint).commence(
-				any(HttpServletRequest.class), any(HttpServletResponse.class), any(AuthenticationException.class));
+		verify(entryPoint).commence(any(HttpServletRequest.class), any(HttpServletResponse.class),
+				any(AuthenticationException.class));
 	}
 
 	@Test
@@ -396,12 +339,9 @@ public class MiscHttpConfigTests {
 
 		Class<?> userFilterClass = this.spring.getContext().getBean("userFilter").getClass();
 
-		assertThat(filters)
-				.extracting((Extractor<Filter, Class<?>>) filter -> filter.getClass())
-				.containsSubsequence(
-						userFilterClass, userFilterClass,
-						SecurityContextPersistenceFilter.class, LogoutFilter.class,
-						userFilterClass);
+		assertThat(filters).extracting((Extractor<Filter, Class<?>>) filter -> filter.getClass()).containsSubsequence(
+				userFilterClass, userFilterClass, SecurityContextPersistenceFilter.class, LogoutFilter.class,
+				userFilterClass);
 	}
 
 	@Test
@@ -414,13 +354,11 @@ public class MiscHttpConfigTests {
 	public void configureWhenUsingX509ThenAddsX509FilterCorrectly() {
 		this.spring.configLocations(xml("X509")).autowire();
 
-		assertThat(getFilters("/"))
-				.extracting((Extractor<Filter, Class<?>>) filter -> filter.getClass())
-				.containsSubsequence(
-						CsrfFilter.class, X509AuthenticationFilter.class, ExceptionTranslationFilter.class);
+		assertThat(getFilters("/")).extracting((Extractor<Filter, Class<?>>) filter -> filter.getClass())
+				.containsSubsequence(CsrfFilter.class, X509AuthenticationFilter.class,
+						ExceptionTranslationFilter.class);
 	}
 
-
 	@Test
 	public void getWhenUsingX509AndPropertyPlaceholderThenSubjectPrincipalRegexIsConfigured() throws Exception {
 		System.setProperty("subject_principal_regex", "OU=(.*?)(?:,|$)");
@@ -441,8 +379,7 @@ public class MiscHttpConfigTests {
 	public void logoutWhenSpecifyingCookiesToDeleteThenSetCookieAdded() throws Exception {
 		this.spring.configLocations(xml("DeleteCookies")).autowire();
 
-		MvcResult result =
-				this.mvc.perform(post("/logout").with(csrf())).andReturn();
+		MvcResult result = this.mvc.perform(post("/logout").with(csrf())).andReturn();
 
 		List<String> values = result.getResponse().getHeaders("Set-Cookie");
 		assertThat(values.size()).isEqualTo(2);
@@ -453,8 +390,7 @@ public class MiscHttpConfigTests {
 	public void logoutWhenSpecifyingSuccessHandlerRefThenResponseHandledAccordingly() throws Exception {
 		this.spring.configLocations(xml("LogoutSuccessHandlerRef")).autowire();
 
-		this.mvc.perform(post("/logout").with(csrf()))
-				.andExpect(redirectedUrl("/logoutSuccessEndpoint"));
+		this.mvc.perform(post("/logout").with(csrf())).andExpect(redirectedUrl("/logoutSuccessEndpoint"));
 	}
 
 	@Test
@@ -476,28 +412,25 @@ public class MiscHttpConfigTests {
 
 		this.mvc.perform(get("/"));
 
-		verify(entryPoint).commence(
-				any(HttpServletRequest.class),
-				any(HttpServletResponse.class),
+		verify(entryPoint).commence(any(HttpServletRequest.class), any(HttpServletResponse.class),
 				any(AuthenticationException.class));
 	}
 
 	/**
-	 * See SEC-750. If the http security post processor causes beans to be instantiated too eagerly, they way miss
-	 * additional processing. In this method we have a UserDetailsService which is referenced from the namespace
-	 * and also has a post processor registered which will modify it.
+	 * See SEC-750. If the http security post processor causes beans to be instantiated
+	 * too eagerly, they way miss additional processing. In this method we have a
+	 * UserDetailsService which is referenced from the namespace and also has a post
+	 * processor registered which will modify it.
 	 */
 	@Test
 	public void configureWhenUsingCustomUserDetailsServiceThenBeanPostProcessorsAreStillApplied() {
 		this.spring.configLocations(xml("Sec750")).autowire();
 
-		BeanNameCollectingPostProcessor postProcessor =
-				this.spring.getContext().getBean(BeanNameCollectingPostProcessor.class);
+		BeanNameCollectingPostProcessor postProcessor = this.spring.getContext()
+				.getBean(BeanNameCollectingPostProcessor.class);
 
-		assertThat(postProcessor.getBeforeInitPostProcessedBeans())
-				.contains("authenticationProvider", "userService");
-		assertThat(postProcessor.getAfterInitPostProcessedBeans())
-				.contains("authenticationProvider", "userService");
+		assertThat(postProcessor.getBeforeInitPostProcessedBeans()).contains("authenticationProvider", "userService");
+		assertThat(postProcessor.getAfterInitPostProcessedBeans()).contains("authenticationProvider", "userService");
 
 	}
 
@@ -506,13 +439,9 @@ public class MiscHttpConfigTests {
 	public void getWhenUsingTwoIdenticalInterceptUrlsThenTheSecondTakesPrecedence() throws Exception {
 		this.spring.configLocations(xml("Sec934")).autowire();
 
-		this.mvc.perform(get("/protected")
-				.with(httpBasic("user", "password")))
-				.andExpect(status().isOk());
+		this.mvc.perform(get("/protected").with(httpBasic("user", "password"))).andExpect(status().isOk());
 
-		this.mvc.perform(get("/protected")
-				.with(httpBasic("admin", "password")))
-				.andExpect(status().isForbidden());
+		this.mvc.perform(get("/protected").with(httpBasic("admin", "password"))).andExpect(status().isForbidden());
 	}
 
 	@Test
@@ -523,17 +452,12 @@ public class MiscHttpConfigTests {
 		SecurityContext context = new SecurityContextImpl(new TestingAuthenticationToken("user", "password"));
 		when(repository.loadContext(any(HttpRequestResponseHolder.class))).thenReturn(context);
 
-		MvcResult result =
-			this.mvc.perform(get("/protected")
-					.with(httpBasic("user", "password")))
-					.andExpect(status().isOk())
-					.andReturn();
+		MvcResult result = this.mvc.perform(get("/protected").with(httpBasic("user", "password")))
+				.andExpect(status().isOk()).andReturn();
 
 		assertThat(result.getRequest().getSession(false)).isNotNull();
 
-		verify(repository, atLeastOnce()).saveContext(
-				any(SecurityContext.class),
-				any(HttpServletRequest.class),
+		verify(repository, atLeastOnce()).saveContext(any(SecurityContext.class), any(HttpServletRequest.class),
 				any(HttpServletResponse.class));
 	}
 
@@ -541,17 +465,11 @@ public class MiscHttpConfigTests {
 	public void getWhenUsingInterceptUrlExpressionsThenAuthorizesAccordingly() throws Exception {
 		this.spring.configLocations(xml("InterceptUrlExpressions")).autowire();
 
-		this.mvc.perform(get("/protected")
-				.with(httpBasic("admin", "password")))
-				.andExpect(status().isOk());
+		this.mvc.perform(get("/protected").with(httpBasic("admin", "password"))).andExpect(status().isOk());
 
-		this.mvc.perform(get("/protected")
-				.with(httpBasic("user", "password")))
-				.andExpect(status().isForbidden());
+		this.mvc.perform(get("/protected").with(httpBasic("user", "password"))).andExpect(status().isForbidden());
 
-		this.mvc.perform(get("/unprotected")
-				.with(httpBasic("user", "password")))
-				.andExpect(status().isOk());
+		this.mvc.perform(get("/unprotected").with(httpBasic("user", "password"))).andExpect(status().isOk());
 
 	}
 
@@ -563,9 +481,7 @@ public class MiscHttpConfigTests {
 		when(permissionEvaluator.hasPermission(any(Authentication.class), any(Object.class), any(Object.class)))
 				.thenReturn(false);
 
-		this.mvc.perform(get("/")
-				.with(httpBasic("user", "password")))
-				.andExpect(status().isForbidden());
+		this.mvc.perform(get("/").with(httpBasic("user", "password"))).andExpect(status().isForbidden());
 
 		verify(permissionEvaluator).hasPermission(any(Authentication.class), any(Object.class), any(Object.class));
 	}
@@ -591,10 +507,8 @@ public class MiscHttpConfigTests {
 
 		FilterChainProxy proxy = this.spring.getContext().getBean(FilterChainProxy.class);
 
-		proxy.doFilter(
-				request,
-				new EncodeUrlDenyingHttpServletResponseWrapper(response),
-				(req, resp) -> {});
+		proxy.doFilter(request, new EncodeUrlDenyingHttpServletResponseWrapper(response), (req, resp) -> {
+		});
 
 		assertThat(response.getStatus()).isEqualTo(HttpStatus.SC_MOVED_TEMPORARILY);
 		assertThat(response.getRedirectedUrl()).isEqualTo("http://localhost/login");
@@ -605,11 +519,11 @@ public class MiscHttpConfigTests {
 		assertThatCode(() -> this.spring.configLocations(this.xml("MissingUserDetailsService")).autowire())
 				.isInstanceOf(BeansException.class);
 
-		try ( XmlWebApplicationContext parent = new XmlWebApplicationContext() ) {
+		try (XmlWebApplicationContext parent = new XmlWebApplicationContext()) {
 			parent.setConfigLocations(this.xml("AutoConfig"));
 			parent.refresh();
 
-			try ( XmlWebApplicationContext child = new XmlWebApplicationContext() ) {
+			try (XmlWebApplicationContext child = new XmlWebApplicationContext()) {
 				child.setParent(parent);
 				child.setConfigLocation(this.xml("MissingUserDetailsService"));
 				child.refresh();
@@ -623,9 +537,7 @@ public class MiscHttpConfigTests {
 
 		this.spring.configLocations(xml("NoInternalAuthenticationProviders")).autowire();
 
-		this.mvc.perform(post("/login")
-			.param("username", "user")
-			.param("password", "password"))
+		this.mvc.perform(post("/login").param("username", "user").param("password", "password"))
 				.andExpect(redirectedUrl("/"));
 	}
 
@@ -633,20 +545,16 @@ public class MiscHttpConfigTests {
 	public void loginWhenUsingDefaultsThenErasesCredentialsAfterAuthentication() throws Exception {
 		this.spring.configLocations(xml("HttpBasic")).autowire();
 
-		this.mvc.perform(get("/password")
-				.with(httpBasic("user", "password")))
-				.andExpect(content().string(""));
+		this.mvc.perform(get("/password").with(httpBasic("user", "password"))).andExpect(content().string(""));
 	}
 
 	@Test
 	public void loginWhenAuthenticationManagerConfiguredToEraseCredentialsThenErasesCredentialsAfterAuthentication()
-		throws Exception {
+			throws Exception {
 
 		this.spring.configLocations(xml("AuthenticationManagerEraseCredentials")).autowire();
 
-		this.mvc.perform(get("/password")
-				.with(httpBasic("user", "password")))
-				.andExpect(content().string(""));
+		this.mvc.perform(get("/password").with(httpBasic("user", "password"))).andExpect(content().string(""));
 	}
 
 	/**
@@ -654,24 +562,20 @@ public class MiscHttpConfigTests {
 	 */
 	@Test
 	public void loginWhenAuthenticationManagerRefConfiguredToKeepCredentialsThenKeepsCredentialsAfterAuthentication()
-		throws Exception {
+			throws Exception {
 
 		this.spring.configLocations(xml("AuthenticationManagerRefKeepCredentials")).autowire();
 
-		this.mvc.perform(get("/password")
-				.with(httpBasic("user", "password")))
-				.andExpect(content().string("password"));
+		this.mvc.perform(get("/password").with(httpBasic("user", "password"))).andExpect(content().string("password"));
 	}
 
 	@Test
 	public void loginWhenAuthenticationManagerRefIsNotAProviderManagerThenKeepsCredentialsAccordingly()
-		throws Exception {
+			throws Exception {
 
 		this.spring.configLocations(xml("AuthenticationManagerRefNotProviderManager")).autowire();
 
-		this.mvc.perform(get("/password")
-				.with(httpBasic("user", "password")))
-				.andExpect(content().string("password"));
+		this.mvc.perform(get("/password").with(httpBasic("user", "password"))).andExpect(content().string("password"));
 	}
 
 	@Test
@@ -681,20 +585,17 @@ public class MiscHttpConfigTests {
 		Principal user = mock(Principal.class);
 		when(user.getName()).thenReturn("joe");
 
-		this.mvc.perform(get("/roles")
-				.principal(user)
-				.with(request -> {
-					request.addUserRole("admin");
-					request.addUserRole("user");
-					request.addUserRole("unmapped");
-					return request;
-				}))
-				.andExpect(content().string("ROLE_admin,ROLE_user"));
+		this.mvc.perform(get("/roles").principal(user).with(request -> {
+			request.addUserRole("admin");
+			request.addUserRole("user");
+			request.addUserRole("unmapped");
+			return request;
+		})).andExpect(content().string("ROLE_admin,ROLE_user"));
 	}
 
 	@Test
 	public void loginWhenUsingCustomAuthenticationDetailsSourceRefThenAuthenticationSourcesDetailsAccordingly()
-		throws Exception {
+			throws Exception {
 
 		this.spring.configLocations(xml("CustomAuthenticationDetailsSourceRef")).autowire();
 
@@ -702,24 +603,18 @@ public class MiscHttpConfigTests {
 		AuthenticationDetailsSource source = this.spring.getContext().getBean(AuthenticationDetailsSource.class);
 		when(source.buildDetails(any(Object.class))).thenReturn(details);
 
-		this.mvc.perform(get("/details")
-				.with(httpBasic("user", "password")))
+		this.mvc.perform(get("/details").with(httpBasic("user", "password")))
 				.andExpect(content().string(details.getClass().getName()));
 
 		this.mvc.perform(get("/details")
 				.with(x509("classpath:org/springframework/security/config/http/MiscHttpConfigTests-certificate.pem")))
 				.andExpect(content().string(details.getClass().getName()));
 
-		MockHttpSession session = (MockHttpSession)
-				this.mvc.perform(post("/login")
-						.param("username", "user")
-						.param("password", "password")
-						.with(csrf()))
-						.andReturn().getRequest().getSession(false);
+		MockHttpSession session = (MockHttpSession) this.mvc
+				.perform(post("/login").param("username", "user").param("password", "password").with(csrf()))
+				.andReturn().getRequest().getSession(false);
 
-		this.mvc.perform(get("/details")
-				.session(session))
-				.andExpect(content().string(details.getClass().getName()));
+		this.mvc.perform(get("/details").session(session)).andExpect(content().string(details.getClass().getName()));
 
 		assertThat(getField(getFilter(OpenIDAuthenticationFilter.class), "authenticationDetailsSource"))
 				.isEqualTo(source);
@@ -732,9 +627,7 @@ public class MiscHttpConfigTests {
 		AuthorityGranter granter = this.spring.getContext().getBean(AuthorityGranter.class);
 		when(granter.grant(any(Principal.class))).thenReturn(new HashSet<>(Arrays.asList("USER")));
 
-		this.mvc.perform(get("/username")
-				.with(httpBasic("user", "password")))
-				.andExpect(content().string("user"));
+		this.mvc.perform(get("/username").with(httpBasic("user", "password"))).andExpect(content().string("user"));
 	}
 
 	@Test
@@ -743,7 +636,8 @@ public class MiscHttpConfigTests {
 
 		FirewalledRequest request = new FirewalledRequest(new MockHttpServletRequest()) {
 			@Override
-			public void reset() { }
+			public void reset() {
+			}
 		};
 		HttpServletResponse response = new MockHttpServletResponse();
 
@@ -775,9 +669,7 @@ public class MiscHttpConfigTests {
 	public void getWhenUsingCustomAccessDecisionManagerThenAuthorizesAccordingly() throws Exception {
 		this.spring.configLocations(xml("CustomAccessDecisionManager")).autowire();
 
-		this.mvc.perform(get("/unprotected")
-				.with(httpBasic("user", "password")))
-				.andExpect(status().isForbidden());
+		this.mvc.perform(get("/unprotected").with(httpBasic("user", "password"))).andExpect(status().isForbidden());
 	}
 
 	/**
@@ -787,27 +679,22 @@ public class MiscHttpConfigTests {
 	public void authenticateWhenUsingPortMapperThenRedirectsAppropriately() throws Exception {
 		this.spring.configLocations(xml("PortsMappedRequiresHttps")).autowire();
 
-		MockHttpSession session = (MockHttpSession)
-			this.mvc.perform(get("https://localhost:9080/protected"))
-				.andExpect(redirectedUrl("https://localhost:9443/login"))
-				.andReturn().getRequest().getSession(false);
+		MockHttpSession session = (MockHttpSession) this.mvc.perform(get("https://localhost:9080/protected"))
+				.andExpect(redirectedUrl("https://localhost:9443/login")).andReturn().getRequest().getSession(false);
 
-		session = (MockHttpSession)
-			this.mvc.perform(post("/login")
-					.param("username", "user")
-					.param("password", "password")
-					.session(session)
-					.with(csrf()))
-					.andExpect(redirectedUrl("https://localhost:9443/protected"))
-					.andReturn().getRequest().getSession(false);
+		session = (MockHttpSession) this.mvc
+				.perform(post("/login").param("username", "user").param("password", "password").session(session)
+						.with(csrf()))
+				.andExpect(redirectedUrl("https://localhost:9443/protected")).andReturn().getRequest()
+				.getSession(false);
 
-		this.mvc.perform(get("http://localhost:9080/protected")
-				.session(session))
+		this.mvc.perform(get("http://localhost:9080/protected").session(session))
 				.andExpect(redirectedUrl("https://localhost:9443/protected"));
 	}
 
 	@RestController
 	static class BasicController {
+
 		@RequestMapping("/unprotected")
 		public String unprotected() {
 			return "ok";
@@ -817,27 +704,28 @@ public class MiscHttpConfigTests {
 		public String protectedMethod(@AuthenticationPrincipal String name) {
 			return name;
 		}
+
 	}
 
 	@RestController
 	static class CustomKeyController {
+
 		@GetMapping("/customKey")
 		public String customKey() {
-			Authentication authentication =
-					SecurityContextHolder.getContext().getAuthentication();
+			Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
 
-			if ( authentication != null &&
-					authentication instanceof AnonymousAuthenticationToken ) {
-				return String.valueOf(
-								((AnonymousAuthenticationToken) authentication).getKeyHash());
+			if (authentication != null && authentication instanceof AnonymousAuthenticationToken) {
+				return String.valueOf(((AnonymousAuthenticationToken) authentication).getKeyHash());
 			}
 
 			return null;
 		}
+
 	}
 
 	@RestController
 	static class AuthenticationController {
+
 		@GetMapping("/password")
 		public String password(@AuthenticationPrincipal Authentication authentication) {
 			return (String) authentication.getCredentials();
@@ -845,8 +733,7 @@ public class MiscHttpConfigTests {
 
 		@GetMapping("/roles")
 		public String roles(@AuthenticationPrincipal Authentication authentication) {
-			return authentication.getAuthorities().stream()
-					.map(GrantedAuthority::getAuthority)
+			return authentication.getAuthorities().stream().map(GrantedAuthority::getAuthority)
 					.collect(Collectors.joining(","));
 		}
 
@@ -854,22 +741,27 @@ public class MiscHttpConfigTests {
 		public String details(@AuthenticationPrincipal Authentication authentication) {
 			return authentication.getDetails().getClass().getName();
 		}
+
 	}
 
 	@RestController
 	static class JaasController {
+
 		@GetMapping("/username")
 		public String username() {
 			Subject subject = Subject.getSubject(AccessController.getContext());
 			return subject.getPrincipals().iterator().next().getName();
 		}
+
 	}
 
 	public static class JaasLoginModule implements LoginModule {
+
 		private Subject subject;
 
 		@Override
-		public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState, Map<String, ?> options) {
+		public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState,
+				Map<String, ?> options) {
 			this.subject = subject;
 		}
 
@@ -892,12 +784,14 @@ public class MiscHttpConfigTests {
 		public boolean logout() {
 			return true;
 		}
+
 	}
 
 	static class MockAccessDecisionManager implements AccessDecisionManager {
 
 		@Override
-		public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes) throws AccessDeniedException, InsufficientAuthenticationException {
+		public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes)
+				throws AccessDeniedException, InsufficientAuthenticationException {
 			throw new AccessDeniedException("teapot");
 		}
 
@@ -910,18 +804,19 @@ public class MiscHttpConfigTests {
 		public boolean supports(Class<?> clazz) {
 			return true;
 		}
+
 	}
 
 	static class MockAuthenticationManager implements AuthenticationManager {
+
 		public Authentication authenticate(Authentication authentication) {
-			return new TestingAuthenticationToken(authentication.getPrincipal(),
-					authentication.getCredentials(),
+			return new TestingAuthenticationToken(authentication.getPrincipal(), authentication.getCredentials(),
 					AuthorityUtils.createAuthorityList("ROLE_USER"));
 		}
+
 	}
 
-	static class EncodeUrlDenyingHttpServletResponseWrapper
-			extends HttpServletResponseWrapper {
+	static class EncodeUrlDenyingHttpServletResponseWrapper extends HttpServletResponseWrapper {
 
 		EncodeUrlDenyingHttpServletResponseWrapper(HttpServletResponse response) {
 			super(response);
@@ -946,6 +841,7 @@ public class MiscHttpConfigTests {
 		public String encodeRedirectUrl(String url) {
 			throw new RuntimeException("Unexpected invocation of encodeURL");
 		}
+
 	}
 
 	private void redirectLogsTo(OutputStream os, Class<?> clazz) {
@@ -1000,4 +896,5 @@ public class MiscHttpConfigTests {
 	private static String xml(String configName) {
 		return CONFIG_LOCATION_PREFIX + "-" + configName + ".xml";
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/http/MultiHttpBlockConfigTests.java b/config/src/test/java/org/springframework/security/config/http/MultiHttpBlockConfigTests.java
index 9e33b67e2e..d3e8929d0d 100644
--- a/config/src/test/java/org/springframework/security/config/http/MultiHttpBlockConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/MultiHttpBlockConfigTests.java
@@ -40,8 +40,8 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
  * @author Luke Taylor
  */
 public class MultiHttpBlockConfigTests {
-	private static final String CONFIG_LOCATION_PREFIX =
-			"classpath:org/springframework/security/config/http/MultiHttpBlockConfigTests";
+
+	private static final String CONFIG_LOCATION_PREFIX = "classpath:org/springframework/security/config/http/MultiHttpBlockConfigTests";
 
 	@Autowired
 	MockMvc mvc;
@@ -50,35 +50,27 @@ public class MultiHttpBlockConfigTests {
 	public final SpringTestRule spring = new SpringTestRule();
 
 	@Test
-	public void requestWhenUsingMutuallyExclusiveHttpElementsThenIsRoutedAccordingly()
-			throws Exception {
+	public void requestWhenUsingMutuallyExclusiveHttpElementsThenIsRoutedAccordingly() throws Exception {
 
 		this.spring.configLocations(this.xml("DistinctHttpElements")).autowire();
 
-		this.mvc.perform(MockMvcRequestBuilders.get("/first")
-				.with(httpBasic("user", "password")))
+		this.mvc.perform(MockMvcRequestBuilders.get("/first").with(httpBasic("user", "password")))
 				.andExpect(status().isOk());
 
-		this.mvc.perform(post("/second/login")
-				.param("username", "user")
-				.param("password", "password")
-				.with(csrf()))
-				.andExpect(status().isFound())
-				.andExpect(redirectedUrl("/"));
+		this.mvc.perform(post("/second/login").param("username", "user").param("password", "password").with(csrf()))
+				.andExpect(status().isFound()).andExpect(redirectedUrl("/"));
 	}
 
 	@Test
 	public void configureWhenUsingDuplicateHttpElementsThenThrowsWiringException() {
 		assertThatCode(() -> this.spring.configLocations(this.xml("IdenticalHttpElements")).autowire())
-				.isInstanceOf(BeanCreationException.class)
-				.hasCauseInstanceOf(IllegalArgumentException.class);
+				.isInstanceOf(BeanCreationException.class).hasCauseInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
 	public void configureWhenUsingIndenticallyPatternedHttpElementsThenThrowsWiringException() {
 		assertThatCode(() -> this.spring.configLocations(this.xml("IdenticallyPatternedHttpElements")).autowire())
-				.isInstanceOf(BeanCreationException.class)
-				.hasCauseInstanceOf(IllegalArgumentException.class);
+				.isInstanceOf(BeanCreationException.class).hasCauseInstanceOf(IllegalArgumentException.class);
 	}
 
 	/**
@@ -90,27 +82,24 @@ public class MultiHttpBlockConfigTests {
 
 		this.spring.configLocations(this.xml("Sec1937")).autowire();
 
-		this.mvc.perform(get("/first")
-				.with(httpBasic("first", "password"))
-				.with(csrf()))
-				.andExpect(status().isOk());
+		this.mvc.perform(get("/first").with(httpBasic("first", "password")).with(csrf())).andExpect(status().isOk());
 
-		this.mvc.perform(post("/second/login")
-				.param("username", "second")
-				.param("password", "password")
-				.with(csrf()))
+		this.mvc.perform(post("/second/login").param("username", "second").param("password", "password").with(csrf()))
 				.andExpect(redirectedUrl("/"));
 	}
 
 	@Controller
 	static class BasicController {
+
 		@GetMapping("/first")
 		public String first() {
 			return "ok";
 		}
+
 	}
 
 	private String xml(String configName) {
 		return CONFIG_LOCATION_PREFIX + "-" + configName + ".xml";
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/http/NamespaceHttpBasicTests.java b/config/src/test/java/org/springframework/security/config/http/NamespaceHttpBasicTests.java
index 6aecdb0335..028ccf8f6a 100644
--- a/config/src/test/java/org/springframework/security/config/http/NamespaceHttpBasicTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/NamespaceHttpBasicTests.java
@@ -39,11 +39,14 @@ import static org.assertj.core.api.Assertions.assertThat;
  * @author Rob Winch
  */
 public class NamespaceHttpBasicTests {
+
 	@Mock
 	Method method;
 
 	MockHttpServletRequest request;
+
 	MockHttpServletResponse response;
+
 	MockFilterChain chain;
 
 	ConfigurableApplicationContext context;
@@ -114,7 +117,7 @@ public class NamespaceHttpBasicTests {
 
 	private void loadContext(String context) {
 		this.context = new InMemoryXmlApplicationContext(context);
-		this.springSecurityFilterChain = this.context.getBean("springSecurityFilterChain",
-				Filter.class);
+		this.springSecurityFilterChain = this.context.getBean("springSecurityFilterChain", Filter.class);
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserTests.java
index c146779731..8054abe785 100644
--- a/config/src/test/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserTests.java
@@ -68,6 +68,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
 @RunWith(SpringJUnit4ClassRunner.class)
 @SecurityTestExecutionListeners
 public class OAuth2ClientBeanDefinitionParserTests {
+
 	private static final String CONFIG_LOCATION_PREFIX = "classpath:org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserTests";
 
 	@Rule
@@ -98,13 +99,11 @@ public class OAuth2ClientBeanDefinitionParserTests {
 	public void requestWhenAuthorizeThenRedirect() throws Exception {
 		this.spring.configLocations(xml("Minimal")).autowire();
 
-		MvcResult result = this.mvc.perform(get("/oauth2/authorization/google"))
-				.andExpect(status().is3xxRedirection())
+		MvcResult result = this.mvc.perform(get("/oauth2/authorization/google")).andExpect(status().is3xxRedirection())
 				.andReturn();
 		assertThat(result.getResponse().getRedirectedUrl()).matches(
-				"https://accounts.google.com/o/oauth2/v2/auth\\?" +
-						"response_type=code&client_id=google-client-id&" +
-						"scope=scope1%20scope2&state=.{15,}&redirect_uri=http://localhost/callback/google");
+				"https://accounts.google.com/o/oauth2/v2/auth\\?" + "response_type=code&client_id=google-client-id&"
+						+ "scope=scope1%20scope2&state=.{15,}&redirect_uri=http://localhost/callback/google");
 	}
 
 	@Test
@@ -112,20 +111,15 @@ public class OAuth2ClientBeanDefinitionParserTests {
 		this.spring.configLocations(xml("CustomClientRegistrationRepository")).autowire();
 
 		ClientRegistration clientRegistration = CommonOAuth2Provider.GOOGLE.getBuilder("google")
-				.clientId("google-client-id")
-				.clientSecret("google-client-secret")
-				.redirectUri("http://localhost/callback/google")
-				.scope("scope1", "scope2")
-				.build();
+				.clientId("google-client-id").clientSecret("google-client-secret")
+				.redirectUri("http://localhost/callback/google").scope("scope1", "scope2").build();
 		when(this.clientRegistrationRepository.findByRegistrationId(any())).thenReturn(clientRegistration);
 
-		MvcResult result = this.mvc.perform(get("/oauth2/authorization/google"))
-				.andExpect(status().is3xxRedirection())
+		MvcResult result = this.mvc.perform(get("/oauth2/authorization/google")).andExpect(status().is3xxRedirection())
 				.andReturn();
 		assertThat(result.getResponse().getRedirectedUrl()).matches(
-				"https://accounts.google.com/o/oauth2/v2/auth\\?" +
-						"response_type=code&client_id=google-client-id&" +
-						"scope=scope1%20scope2&state=.{15,}&redirect_uri=http://localhost/callback/google");
+				"https://accounts.google.com/o/oauth2/v2/auth\\?" + "response_type=code&client_id=google-client-id&"
+						+ "scope=scope1%20scope2&state=.{15,}&redirect_uri=http://localhost/callback/google");
 
 		verify(this.clientRegistrationRepository).findByRegistrationId(any());
 	}
@@ -139,12 +133,10 @@ public class OAuth2ClientBeanDefinitionParserTests {
 		OAuth2AuthorizationRequest authorizationRequest = createAuthorizationRequest(clientRegistration);
 		when(this.authorizationRequestResolver.resolve(any())).thenReturn(authorizationRequest);
 
-		this.mvc.perform(get("/oauth2/authorization/google"))
-				.andExpect(status().is3xxRedirection())
-				.andExpect(redirectedUrl(
-						"https://accounts.google.com/o/oauth2/v2/auth?" +
-								"response_type=code&client_id=google-client-id&" +
-								"scope=scope1%20scope2&state=state&redirect_uri=http://localhost/callback/google"));
+		this.mvc.perform(get("/oauth2/authorization/google")).andExpect(status().is3xxRedirection())
+				.andExpect(redirectedUrl("https://accounts.google.com/o/oauth2/v2/auth?"
+						+ "response_type=code&client_id=google-client-id&"
+						+ "scope=scope1%20scope2&state=state&redirect_uri=http://localhost/callback/google"));
 
 		verify(this.authorizationRequestResolver).resolve(any());
 	}
@@ -156,8 +148,7 @@ public class OAuth2ClientBeanDefinitionParserTests {
 		ClientRegistration clientRegistration = this.clientRegistrationRepository.findByRegistrationId("google");
 
 		OAuth2AuthorizationRequest authorizationRequest = createAuthorizationRequest(clientRegistration);
-		when(this.authorizationRequestRepository.loadAuthorizationRequest(any()))
-				.thenReturn(authorizationRequest);
+		when(this.authorizationRequestRepository.loadAuthorizationRequest(any())).thenReturn(authorizationRequest);
 		when(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any()))
 				.thenReturn(authorizationRequest);
 
@@ -168,13 +159,12 @@ public class OAuth2ClientBeanDefinitionParserTests {
 		params.add("code", "code123");
 		params.add("state", authorizationRequest.getState());
 		this.mvc.perform(get(authorizationRequest.getRedirectUri()).params(params))
-				.andExpect(status().is3xxRedirection())
-				.andExpect(redirectedUrl(authorizationRequest.getRedirectUri()));
+				.andExpect(status().is3xxRedirection()).andExpect(redirectedUrl(authorizationRequest.getRedirectUri()));
 
-		ArgumentCaptor<OAuth2AuthorizedClient> authorizedClientCaptor =
-				ArgumentCaptor.forClass(OAuth2AuthorizedClient.class);
-		verify(this.authorizedClientRepository).saveAuthorizedClient(
-				authorizedClientCaptor.capture(), any(), any(), any());
+		ArgumentCaptor<OAuth2AuthorizedClient> authorizedClientCaptor = ArgumentCaptor
+				.forClass(OAuth2AuthorizedClient.class);
+		verify(this.authorizedClientRepository).saveAuthorizedClient(authorizedClientCaptor.capture(), any(), any(),
+				any());
 		OAuth2AuthorizedClient authorizedClient = authorizedClientCaptor.getValue();
 		assertThat(authorizedClient.getClientRegistration()).isEqualTo(clientRegistration);
 		assertThat(authorizedClient.getAccessToken()).isEqualTo(accessTokenResponse.getAccessToken());
@@ -188,8 +178,7 @@ public class OAuth2ClientBeanDefinitionParserTests {
 		ClientRegistration clientRegistration = this.clientRegistrationRepository.findByRegistrationId("google");
 
 		OAuth2AuthorizationRequest authorizationRequest = createAuthorizationRequest(clientRegistration);
-		when(this.authorizationRequestRepository.loadAuthorizationRequest(any()))
-				.thenReturn(authorizationRequest);
+		when(this.authorizationRequestRepository.loadAuthorizationRequest(any())).thenReturn(authorizationRequest);
 		when(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any()))
 				.thenReturn(authorizationRequest);
 
@@ -200,8 +189,7 @@ public class OAuth2ClientBeanDefinitionParserTests {
 		params.add("code", "code123");
 		params.add("state", authorizationRequest.getState());
 		this.mvc.perform(get(authorizationRequest.getRedirectUri()).params(params))
-				.andExpect(status().is3xxRedirection())
-				.andExpect(redirectedUrl(authorizationRequest.getRedirectUri()));
+				.andExpect(status().is3xxRedirection()).andExpect(redirectedUrl(authorizationRequest.getRedirectUri()));
 
 		verify(this.authorizedClientService).saveAuthorizedClient(any(), any());
 	}
@@ -213,23 +201,22 @@ public class OAuth2ClientBeanDefinitionParserTests {
 
 		ClientRegistration clientRegistration = this.clientRegistrationRepository.findByRegistrationId("google");
 
-		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(
-				clientRegistration, "user", TestOAuth2AccessTokens.noScopes());
-		when(this.authorizedClientRepository.loadAuthorizedClient(any(), any(), any()))
-				.thenReturn(authorizedClient);
+		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(clientRegistration, "user",
+				TestOAuth2AccessTokens.noScopes());
+		when(this.authorizedClientRepository.loadAuthorizedClient(any(), any(), any())).thenReturn(authorizedClient);
 
-		this.mvc.perform(get("/authorized-client"))
-				.andExpect(status().isOk())
-				.andExpect(content().string("resolved"));
+		this.mvc.perform(get("/authorized-client")).andExpect(status().isOk()).andExpect(content().string("resolved"));
 	}
 
 	@RestController
 	static class AuthorizedClientController {
 
 		@GetMapping("/authorized-client")
-		String authorizedClient(Model model, @RegisteredOAuth2AuthorizedClient("google") OAuth2AuthorizedClient authorizedClient) {
+		String authorizedClient(Model model,
+				@RegisteredOAuth2AuthorizedClient("google") OAuth2AuthorizedClient authorizedClient) {
 			return authorizedClient != null ? "resolved" : "not-resolved";
 		}
+
 	}
 
 	private static OAuth2AuthorizationRequest createAuthorizationRequest(ClientRegistration clientRegistration) {
@@ -237,15 +224,12 @@ public class OAuth2ClientBeanDefinitionParserTests {
 		attributes.put(OAuth2ParameterNames.REGISTRATION_ID, clientRegistration.getRegistrationId());
 		return OAuth2AuthorizationRequest.authorizationCode()
 				.authorizationUri(clientRegistration.getProviderDetails().getAuthorizationUri())
-				.clientId(clientRegistration.getClientId())
-				.redirectUri(clientRegistration.getRedirectUri())
-				.scopes(clientRegistration.getScopes())
-				.state("state")
-				.attributes(attributes)
-				.build();
+				.clientId(clientRegistration.getClientId()).redirectUri(clientRegistration.getRedirectUri())
+				.scopes(clientRegistration.getScopes()).state("state").attributes(attributes).build();
 	}
 
 	private static String xml(String configName) {
 		return CONFIG_LOCATION_PREFIX + "-" + configName + ".xml";
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/http/OAuth2LoginBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/http/OAuth2LoginBeanDefinitionParserTests.java
index 3c0c793b25..489c5d1761 100644
--- a/config/src/test/java/org/springframework/security/config/http/OAuth2LoginBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/OAuth2LoginBeanDefinitionParserTests.java
@@ -92,6 +92,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
 @RunWith(SpringJUnit4ClassRunner.class)
 @SecurityTestExecutionListeners
 public class OAuth2LoginBeanDefinitionParserTests {
+
 	private static final String CONFIG_LOCATION_PREFIX = "classpath:org/springframework/security/config/http/OAuth2LoginBeanDefinitionParserTests";
 
 	@Rule
@@ -143,9 +144,7 @@ public class OAuth2LoginBeanDefinitionParserTests {
 	public void requestLoginWhenMultiClientRegistrationThenReturnLoginPageWithClients() throws Exception {
 		this.spring.configLocations(this.xml("MultiClientRegistration")).autowire();
 
-		MvcResult result = this.mvc.perform(get("/login"))
-				.andExpect(status().is2xxSuccessful())
-				.andReturn();
+		MvcResult result = this.mvc.perform(get("/login")).andExpect(status().is2xxSuccessful()).andReturn();
 
 		assertThat(result.getResponse().getContentAsString())
 				.contains("<a href=\"/oauth2/authorization/google-login\">Google</a>");
@@ -158,8 +157,7 @@ public class OAuth2LoginBeanDefinitionParserTests {
 	public void requestWhenSingleClientRegistrationThenAutoRedirect() throws Exception {
 		this.spring.configLocations(this.xml("SingleClientRegistration")).autowire();
 
-		this.mvc.perform(get("/"))
-				.andExpect(status().is3xxRedirection())
+		this.mvc.perform(get("/")).andExpect(status().is3xxRedirection())
 				.andExpect(redirectedUrl("http://localhost/oauth2/authorization/google-login"));
 
 		verify(requestCache).saveRequest(any(), any());
@@ -171,8 +169,7 @@ public class OAuth2LoginBeanDefinitionParserTests {
 			throws Exception {
 		this.spring.configLocations(this.xml("SingleClientRegistration")).autowire();
 
-		this.mvc.perform(get("/favicon.ico").accept(new MediaType("image", "*")))
-				.andExpect(status().is3xxRedirection())
+		this.mvc.perform(get("/favicon.ico").accept(new MediaType("image", "*"))).andExpect(status().is3xxRedirection())
 				.andExpect(redirectedUrl("http://localhost/login"));
 	}
 
@@ -182,8 +179,7 @@ public class OAuth2LoginBeanDefinitionParserTests {
 			throws Exception {
 		this.spring.configLocations(this.xml("SingleClientRegistration")).autowire();
 
-		this.mvc.perform(get("/").header("X-Requested-With", "XMLHttpRequest"))
-				.andExpect(status().is3xxRedirection())
+		this.mvc.perform(get("/").header("X-Requested-With", "XMLHttpRequest")).andExpect(status().is3xxRedirection())
 				.andExpect(redirectedUrl("http://localhost/login"));
 	}
 
@@ -214,7 +210,8 @@ public class OAuth2LoginBeanDefinitionParserTests {
 		attributes.put(OAuth2ParameterNames.REGISTRATION_ID, "github-login");
 		OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request()
 				.attributes(attributes).build();
-		when(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any())).thenReturn(authorizationRequest);
+		when(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any()))
+				.thenReturn(authorizationRequest);
 
 		OAuth2AccessTokenResponse accessTokenResponse = accessTokenResponse().build();
 		when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(accessTokenResponse);
@@ -225,8 +222,7 @@ public class OAuth2LoginBeanDefinitionParserTests {
 		MultiValueMap<String, String> params = new LinkedMultiValueMap<>();
 		params.add("code", "code123");
 		params.add("state", authorizationRequest.getState());
-		this.mvc.perform(get("/login/oauth2/code/github-login").params(params))
-				.andExpect(status().is2xxSuccessful());
+		this.mvc.perform(get("/login/oauth2/code/github-login").params(params)).andExpect(status().is2xxSuccessful());
 
 		ArgumentCaptor<Authentication> authenticationCaptor = ArgumentCaptor.forClass(Authentication.class);
 		verify(authenticationSuccessHandler).onAuthenticationSuccess(any(), any(), authenticationCaptor.capture());
@@ -243,7 +239,8 @@ public class OAuth2LoginBeanDefinitionParserTests {
 		attributes.put(OAuth2ParameterNames.REGISTRATION_ID, "github-login");
 		OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request()
 				.attributes(attributes).build();
-		when(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any())).thenReturn(authorizationRequest);
+		when(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any()))
+				.thenReturn(authorizationRequest);
 
 		OAuth2AccessTokenResponse accessTokenResponse = accessTokenResponse().build();
 		when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(accessTokenResponse);
@@ -268,7 +265,8 @@ public class OAuth2LoginBeanDefinitionParserTests {
 		attributes.put(OAuth2ParameterNames.REGISTRATION_ID, "google-login");
 		OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.oidcRequest()
 				.attributes(attributes).build();
-		when(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any())).thenReturn(authorizationRequest);
+		when(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any()))
+				.thenReturn(authorizationRequest);
 
 		OAuth2AccessTokenResponse accessTokenResponse = oidcAccessTokenResponse().build();
 		when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(accessTokenResponse);
@@ -279,8 +277,7 @@ public class OAuth2LoginBeanDefinitionParserTests {
 		MultiValueMap<String, String> params = new LinkedMultiValueMap<>();
 		params.add("code", "code123");
 		params.add("state", authorizationRequest.getState());
-		this.mvc.perform(get("/login/oauth2/code/google-login").params(params))
-				.andExpect(status().is3xxRedirection())
+		this.mvc.perform(get("/login/oauth2/code/google-login").params(params)).andExpect(status().is3xxRedirection())
 				.andExpect(redirectedUrl("/"));
 
 		verify(this.jwtDecoderFactory).createDecoder(any());
@@ -296,7 +293,8 @@ public class OAuth2LoginBeanDefinitionParserTests {
 		attributes.put(OAuth2ParameterNames.REGISTRATION_ID, "github-login");
 		OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request()
 				.attributes(attributes).build();
-		when(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any())).thenReturn(authorizationRequest);
+		when(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any()))
+				.thenReturn(authorizationRequest);
 
 		OAuth2AccessTokenResponse accessTokenResponse = accessTokenResponse().build();
 		when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(accessTokenResponse);
@@ -304,14 +302,13 @@ public class OAuth2LoginBeanDefinitionParserTests {
 		OAuth2User oauth2User = TestOAuth2Users.create();
 		when(this.oauth2UserService.loadUser(any())).thenReturn(oauth2User);
 
-		when(this.userAuthoritiesMapper.mapAuthorities(any())).thenReturn(
-				(Collection) AuthorityUtils.createAuthorityList("ROLE_OAUTH2_USER"));
+		when(this.userAuthoritiesMapper.mapAuthorities(any()))
+				.thenReturn((Collection) AuthorityUtils.createAuthorityList("ROLE_OAUTH2_USER"));
 
 		MultiValueMap<String, String> params = new LinkedMultiValueMap<>();
 		params.add("code", "code123");
 		params.add("state", authorizationRequest.getState());
-		this.mvc.perform(get("/login/oauth2/code/github-login").params(params))
-				.andExpect(status().is2xxSuccessful());
+		this.mvc.perform(get("/login/oauth2/code/github-login").params(params)).andExpect(status().is2xxSuccessful());
 
 		ArgumentCaptor<Authentication> authenticationCaptor = ArgumentCaptor.forClass(Authentication.class);
 		verify(authenticationSuccessHandler).onAuthenticationSuccess(any(), any(), authenticationCaptor.capture());
@@ -324,9 +321,9 @@ public class OAuth2LoginBeanDefinitionParserTests {
 		// re-setup for OIDC test
 		attributes = new HashMap<>();
 		attributes.put(OAuth2ParameterNames.REGISTRATION_ID, "google-login");
-		authorizationRequest = TestOAuth2AuthorizationRequests.oidcRequest()
-				.attributes(attributes).build();
-		when(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any())).thenReturn(authorizationRequest);
+		authorizationRequest = TestOAuth2AuthorizationRequests.oidcRequest().attributes(attributes).build();
+		when(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any()))
+				.thenReturn(authorizationRequest);
 
 		accessTokenResponse = oidcAccessTokenResponse().build();
 		when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(accessTokenResponse);
@@ -337,8 +334,7 @@ public class OAuth2LoginBeanDefinitionParserTests {
 		when(this.userAuthoritiesMapper.mapAuthorities(any()))
 				.thenReturn((Collection) AuthorityUtils.createAuthorityList("ROLE_OIDC_USER"));
 
-		this.mvc.perform(get("/login/oauth2/code/google-login").params(params))
-				.andExpect(status().is2xxSuccessful());
+		this.mvc.perform(get("/login/oauth2/code/google-login").params(params)).andExpect(status().is2xxSuccessful());
 
 		authenticationCaptor = ArgumentCaptor.forClass(Authentication.class);
 		verify(authenticationSuccessHandler, times(2)).onAuthenticationSuccess(any(), any(),
@@ -359,7 +355,8 @@ public class OAuth2LoginBeanDefinitionParserTests {
 		attributes.put(OAuth2ParameterNames.REGISTRATION_ID, "github-login");
 		OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request()
 				.attributes(attributes).build();
-		when(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any())).thenReturn(authorizationRequest);
+		when(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any()))
+				.thenReturn(authorizationRequest);
 
 		OAuth2AccessTokenResponse accessTokenResponse = accessTokenResponse().build();
 		when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(accessTokenResponse);
@@ -370,8 +367,7 @@ public class OAuth2LoginBeanDefinitionParserTests {
 		MultiValueMap<String, String> params = new LinkedMultiValueMap<>();
 		params.add("code", "code123");
 		params.add("state", authorizationRequest.getState());
-		this.mvc.perform(get("/login/oauth2/github-login").params(params))
-				.andExpect(status().is2xxSuccessful());
+		this.mvc.perform(get("/login/oauth2/github-login").params(params)).andExpect(status().is2xxSuccessful());
 
 		ArgumentCaptor<Authentication> authenticationCaptor = ArgumentCaptor.forClass(Authentication.class);
 		verify(authenticationSuccessHandler).onAuthenticationSuccess(any(), any(), authenticationCaptor.capture());
@@ -385,8 +381,7 @@ public class OAuth2LoginBeanDefinitionParserTests {
 		this.spring.configLocations(this.xml("SingleClientRegistration-WithCustomAuthorizationRequestResolver"))
 				.autowire();
 
-		this.mvc.perform(get("/oauth2/authorization/google-login"))
-				.andExpect(status().is3xxRedirection());
+		this.mvc.perform(get("/oauth2/authorization/google-login")).andExpect(status().is3xxRedirection());
 
 		verify(authorizationRequestResolver).resolve(any());
 	}
@@ -396,8 +391,7 @@ public class OAuth2LoginBeanDefinitionParserTests {
 	public void requestWhenMultiClientRegistrationThenRedirectDefaultLoginPage() throws Exception {
 		this.spring.configLocations(this.xml("MultiClientRegistration")).autowire();
 
-		this.mvc.perform(get("/"))
-				.andExpect(status().is3xxRedirection())
+		this.mvc.perform(get("/")).andExpect(status().is3xxRedirection())
 				.andExpect(redirectedUrl("http://localhost/login"));
 	}
 
@@ -405,8 +399,7 @@ public class OAuth2LoginBeanDefinitionParserTests {
 	public void requestWhenCustomLoginPageThenRedirectCustomLoginPage() throws Exception {
 		this.spring.configLocations(this.xml("SingleClientRegistration-WithCustomLoginPage")).autowire();
 
-		this.mvc.perform(get("/"))
-				.andExpect(status().is3xxRedirection())
+		this.mvc.perform(get("/")).andExpect(status().is3xxRedirection())
 				.andExpect(redirectedUrl("http://localhost/custom-login"));
 	}
 
@@ -416,8 +409,7 @@ public class OAuth2LoginBeanDefinitionParserTests {
 			throws Exception {
 		this.spring.configLocations(this.xml("SingleClientRegistration-WithFormLogin")).autowire();
 
-		this.mvc.perform(get("/"))
-				.andExpect(status().is3xxRedirection())
+		this.mvc.perform(get("/")).andExpect(status().is3xxRedirection())
 				.andExpect(redirectedUrl("http://localhost/login"));
 	}
 
@@ -432,7 +424,8 @@ public class OAuth2LoginBeanDefinitionParserTests {
 		attributes.put(OAuth2ParameterNames.REGISTRATION_ID, clientRegistration.getRegistrationId());
 		OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request()
 				.attributes(attributes).build();
-		when(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any())).thenReturn(authorizationRequest);
+		when(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any()))
+				.thenReturn(authorizationRequest);
 
 		OAuth2AccessTokenResponse accessTokenResponse = accessTokenResponse().build();
 		when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(accessTokenResponse);
@@ -459,7 +452,8 @@ public class OAuth2LoginBeanDefinitionParserTests {
 		attributes.put(OAuth2ParameterNames.REGISTRATION_ID, clientRegistration.getRegistrationId());
 		OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request()
 				.attributes(attributes).build();
-		when(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any())).thenReturn(authorizationRequest);
+		when(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any()))
+				.thenReturn(authorizationRequest);
 
 		OAuth2AccessTokenResponse accessTokenResponse = accessTokenResponse().build();
 		when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(accessTokenResponse);
@@ -486,7 +480,8 @@ public class OAuth2LoginBeanDefinitionParserTests {
 		attributes.put(OAuth2ParameterNames.REGISTRATION_ID, clientRegistration.getRegistrationId());
 		OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request()
 				.attributes(attributes).build();
-		when(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any())).thenReturn(authorizationRequest);
+		when(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any()))
+				.thenReturn(authorizationRequest);
 
 		OAuth2AccessTokenResponse accessTokenResponse = accessTokenResponse().build();
 		when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(accessTokenResponse);
@@ -509,26 +504,26 @@ public class OAuth2LoginBeanDefinitionParserTests {
 
 		ClientRegistration clientRegistration = this.clientRegistrationRepository.findByRegistrationId("google-login");
 
-		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(
-				clientRegistration, "user", TestOAuth2AccessTokens.noScopes());
-		when(this.authorizedClientRepository.loadAuthorizedClient(any(), any(), any()))
-				.thenReturn(authorizedClient);
+		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(clientRegistration, "user",
+				TestOAuth2AccessTokens.noScopes());
+		when(this.authorizedClientRepository.loadAuthorizedClient(any(), any(), any())).thenReturn(authorizedClient);
 
-		this.mvc.perform(get("/authorized-client"))
-				.andExpect(status().isOk())
-				.andExpect(content().string("resolved"));
+		this.mvc.perform(get("/authorized-client")).andExpect(status().isOk()).andExpect(content().string("resolved"));
 	}
 
 	@RestController
 	static class AuthorizedClientController {
 
 		@GetMapping("/authorized-client")
-		String authorizedClient(Model model, @RegisteredOAuth2AuthorizedClient("google") OAuth2AuthorizedClient authorizedClient) {
+		String authorizedClient(Model model,
+				@RegisteredOAuth2AuthorizedClient("google") OAuth2AuthorizedClient authorizedClient) {
 			return authorizedClient != null ? "resolved" : "not-resolved";
 		}
+
 	}
 
 	private String xml(String configName) {
 		return CONFIG_LOCATION_PREFIX + "-" + configName + ".xml";
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParserTests.java
index 15186e0b7e..55affd3d0c 100644
--- a/config/src/test/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParserTests.java
@@ -118,14 +118,13 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
 
 /**
- *
  * @author Josh Cummings
  */
 @RunWith(SpringJUnit4ClassRunner.class)
 @SecurityTestExecutionListeners
 public class OAuth2ResourceServerBeanDefinitionParserTests {
-	private static final String CONFIG_LOCATION_PREFIX =
-			"classpath:org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParserTests";
+
+	private static final String CONFIG_LOCATION_PREFIX = "classpath:org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParserTests";
 
 	@Rule
 	public final SpringTestRule spring = new SpringTestRule();
@@ -142,9 +141,7 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 		mockRestOperations(jwks("Default"));
 		String token = this.token("ValidNoScopes");
 
-		this.mvc.perform(get("/")
-				.header("Authorization", "Bearer " + token))
-				.andExpect(status().isNotFound());
+		this.mvc.perform(get("/").header("Authorization", "Bearer " + token)).andExpect(status().isNotFound());
 	}
 
 	@Test
@@ -153,119 +150,96 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 		mockWebServer(jwks("Default"));
 		String token = this.token("ValidNoScopes");
 
-		this.mvc.perform(get("/")
-				.header("Authorization", "Bearer " + token))
-				.andExpect(status().isNotFound());
+		this.mvc.perform(get("/").header("Authorization", "Bearer " + token)).andExpect(status().isNotFound());
 	}
 
 	@Test
-	public void getWhenExpiredBearerTokenThenInvalidToken()
-			throws Exception {
+	public void getWhenExpiredBearerTokenThenInvalidToken() throws Exception {
 
 		this.spring.configLocations(xml("JwtRestOperations"), xml("Jwt")).autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("Expired");
 
-		this.mvc.perform(get("/")
-				.header("Authorization", "Bearer " + token))
-				.andExpect(status().isUnauthorized())
+		this.mvc.perform(get("/").header("Authorization", "Bearer " + token)).andExpect(status().isUnauthorized())
 				.andExpect(invalidTokenHeader("An error occurred while attempting to decode the Jwt"));
 	}
 
 	@Test
-	public void getWhenBadJwkEndpointThenInvalidToken()
-			throws Exception {
+	public void getWhenBadJwkEndpointThenInvalidToken() throws Exception {
 
 		this.spring.configLocations(xml("JwtRestOperations"), xml("Jwt")).autowire();
 		mockRestOperations("malformed");
 		String token = this.token("ValidNoScopes");
 
-		this.mvc.perform(get("/")
-				.header("Authorization", "Bearer " + token))
-				.andExpect(status().isUnauthorized())
+		this.mvc.perform(get("/").header("Authorization", "Bearer " + token)).andExpect(status().isUnauthorized())
 				.andExpect(header().string("WWW-Authenticate", "Bearer"));
 	}
 
 	@Test
-	public void getWhenUnavailableJwkEndpointThenInvalidToken()
-			throws Exception {
+	public void getWhenUnavailableJwkEndpointThenInvalidToken() throws Exception {
 
 		this.spring.configLocations(xml("WebServer"), xml("JwkSetUri")).autowire();
 		this.web.shutdown();
 		String token = this.token("ValidNoScopes");
 
-		this.mvc.perform(get("/")
-				.header("Authorization", "Bearer " + token))
-				.andExpect(status().isUnauthorized())
+		this.mvc.perform(get("/").header("Authorization", "Bearer " + token)).andExpect(status().isUnauthorized())
 				.andExpect(header().string("WWW-Authenticate", "Bearer"));
 	}
 
 	@Test
-	public void getWhenMalformedBearerTokenThenInvalidToken()
-			throws Exception {
+	public void getWhenMalformedBearerTokenThenInvalidToken() throws Exception {
 
 		this.spring.configLocations(xml("JwkSetUri")).autowire();
 
-		this.mvc.perform(get("/")
-				.header("Authorization", "Bearer an\"invalid\"token"))
-				.andExpect(status().isUnauthorized())
-				.andExpect(invalidTokenHeader("Bearer token is malformed"));
+		this.mvc.perform(get("/").header("Authorization", "Bearer an\"invalid\"token"))
+				.andExpect(status().isUnauthorized()).andExpect(invalidTokenHeader("Bearer token is malformed"));
 	}
 
 	@Test
-	public void getWhenMalformedPayloadThenInvalidToken()
-			throws Exception {
+	public void getWhenMalformedPayloadThenInvalidToken() throws Exception {
 
 		this.spring.configLocations(xml("JwtRestOperations"), xml("Jwt")).autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("MalformedPayload");
 
-		this.mvc.perform(get("/").header("Authorization", "Bearer " + token))
-				.andExpect(status().isUnauthorized())
-				.andExpect(invalidTokenHeader("An error occurred while attempting to decode the Jwt: Malformed payload"));
+		this.mvc.perform(get("/").header("Authorization", "Bearer " + token)).andExpect(status().isUnauthorized())
+				.andExpect(
+						invalidTokenHeader("An error occurred while attempting to decode the Jwt: Malformed payload"));
 	}
 
 	@Test
-	public void getWhenUnsignedBearerTokenThenInvalidToken()
-			throws Exception {
+	public void getWhenUnsignedBearerTokenThenInvalidToken() throws Exception {
 
 		this.spring.configLocations(xml("JwkSetUri")).autowire();
 		String token = this.token("Unsigned");
 
-		this.mvc.perform(get("/").header("Authorization", "Bearer " + token))
-				.andExpect(status().isUnauthorized())
+		this.mvc.perform(get("/").header("Authorization", "Bearer " + token)).andExpect(status().isUnauthorized())
 				.andExpect(invalidTokenHeader("Unsupported algorithm of none"));
 	}
 
 	@Test
-	public void getWhenBearerTokenBeforeNotBeforeThenInvalidToken()
-			throws Exception {
+	public void getWhenBearerTokenBeforeNotBeforeThenInvalidToken() throws Exception {
 
 		this.spring.configLocations(xml("JwtRestOperations"), xml("Jwt")).autowire();
 		this.mockRestOperations(jwks("Default"));
 		String token = this.token("TooEarly");
 
-		this.mvc.perform(get("/").header("Authorization", "Bearer " + token))
-				.andExpect(status().isUnauthorized())
+		this.mvc.perform(get("/").header("Authorization", "Bearer " + token)).andExpect(status().isUnauthorized())
 				.andExpect(invalidTokenHeader("An error occurred while attempting to decode the Jwt"));
 	}
 
 	@Test
-	public void getWhenBearerTokenInTwoPlacesThenInvalidRequest()
-			throws Exception {
+	public void getWhenBearerTokenInTwoPlacesThenInvalidRequest() throws Exception {
 
 		this.spring.configLocations(xml("JwkSetUri")).autowire();
 
-		this.mvc.perform(get("/")
-				.header("Authorization", "Bearer token")
-				.param("access_token", "token"))
+		this.mvc.perform(get("/").header("Authorization", "Bearer token").param("access_token", "token"))
 				.andExpect(status().isBadRequest())
 				.andExpect(invalidRequestHeader("Found multiple bearer tokens in the request"));
 	}
 
 	@Test
-	public void getWhenBearerTokenInTwoParametersThenInvalidRequest()
-			throws Exception {
+	public void getWhenBearerTokenInTwoParametersThenInvalidRequest() throws Exception {
 
 		this.spring.configLocations(xml("JwkSetUri")).autowire();
 
@@ -273,152 +247,129 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 		params.add("access_token", "token1");
 		params.add("access_token", "token2");
 
-		this.mvc.perform(get("/")
-				.params(params))
-				.andExpect(status().isBadRequest())
+		this.mvc.perform(get("/").params(params)).andExpect(status().isBadRequest())
 				.andExpect(invalidRequestHeader("Found multiple bearer tokens in the request"));
 	}
 
 	@Test
-	public void postWhenBearerTokenAsFormParameterThenIgnoresToken()
-			throws Exception {
+	public void postWhenBearerTokenAsFormParameterThenIgnoresToken() throws Exception {
 
 		this.spring.configLocations(xml("JwkSetUri")).autowire();
 
 		this.mvc.perform(post("/") // engage csrf
-				.param("access_token", "token"))
-				.andExpect(status().isForbidden())
-				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, "Bearer")); // different from DSL
+				.param("access_token", "token")).andExpect(status().isForbidden())
+				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, "Bearer")); // different
+																						// from
+																						// DSL
 	}
 
 	@Test
-	public void getWhenNoBearerTokenThenUnauthorized()
-			throws Exception {
+	public void getWhenNoBearerTokenThenUnauthorized() throws Exception {
 
 		this.spring.configLocations(xml("JwkSetUri")).autowire();
 
-		this.mvc.perform(get("/"))
-				.andExpect(status().isUnauthorized())
+		this.mvc.perform(get("/")).andExpect(status().isUnauthorized())
 				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, "Bearer"));
 	}
 
 	@Test
-	public void getWhenSufficientlyScopedBearerTokenThenAcceptsRequest()
-			throws Exception {
+	public void getWhenSufficientlyScopedBearerTokenThenAcceptsRequest() throws Exception {
 
 		this.spring.configLocations(xml("JwtRestOperations"), xml("Jwt")).autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("ValidMessageReadScope");
 
-		this.mvc.perform(get("/requires-read-scope")
-				.header("Authorization", "Bearer " + token))
+		this.mvc.perform(get("/requires-read-scope").header("Authorization", "Bearer " + token))
 				.andExpect(status().isNotFound());
 	}
 
 	@Test
-	public void getWhenInsufficientScopeThenInsufficientScopeError()
-			throws Exception {
+	public void getWhenInsufficientScopeThenInsufficientScopeError() throws Exception {
 
 		this.spring.configLocations(xml("JwtRestOperations"), xml("Jwt")).autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("ValidNoScopes");
 
-		this.mvc.perform(get("/requires-read-scope")
-				.header("Authorization", "Bearer " + token))
-				.andExpect(status().isForbidden())
-				.andExpect(insufficientScopeHeader());
+		this.mvc.perform(get("/requires-read-scope").header("Authorization", "Bearer " + token))
+				.andExpect(status().isForbidden()).andExpect(insufficientScopeHeader());
 	}
 
 	@Test
-	public void getWhenInsufficientScpThenInsufficientScopeError()
-			throws Exception {
+	public void getWhenInsufficientScpThenInsufficientScopeError() throws Exception {
 
 		this.spring.configLocations(xml("JwtRestOperations"), xml("Jwt")).autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("ValidMessageWriteScp");
 
-		this.mvc.perform(get("/requires-read-scope")
-				.header("Authorization", "Bearer " + token))
-				.andExpect(status().isForbidden())
-				.andExpect(insufficientScopeHeader());
+		this.mvc.perform(get("/requires-read-scope").header("Authorization", "Bearer " + token))
+				.andExpect(status().isForbidden()).andExpect(insufficientScopeHeader());
 	}
 
 	@Test
-	public void getWhenAuthorizationServerHasNoMatchingKeyThenInvalidToken()
-			throws Exception {
+	public void getWhenAuthorizationServerHasNoMatchingKeyThenInvalidToken() throws Exception {
 
 		this.spring.configLocations(xml("JwtRestOperations"), xml("Jwt")).autowire();
 		mockRestOperations(jwks("Empty"));
 		String token = this.token("ValidNoScopes");
 
-		this.mvc.perform(get("/")
-				.header("Authorization", "Bearer " + token))
-				.andExpect(status().isUnauthorized())
+		this.mvc.perform(get("/").header("Authorization", "Bearer " + token)).andExpect(status().isUnauthorized())
 				.andExpect(invalidTokenHeader("An error occurred while attempting to decode the Jwt"));
 	}
 
 	@Test
-	public void getWhenAuthorizationServerHasMultipleMatchingKeysThenOk()
-			throws Exception {
+	public void getWhenAuthorizationServerHasMultipleMatchingKeysThenOk() throws Exception {
 
 		this.spring.configLocations(xml("JwtRestOperations"), xml("Jwt")).autowire();
 		mockRestOperations(jwks("TwoKeys"));
 		String token = this.token("ValidNoScopes");
 
-		this.mvc.perform(get("/authenticated")
-				.header("Authorization", "Bearer " + token))
+		this.mvc.perform(get("/authenticated").header("Authorization", "Bearer " + token))
 				.andExpect(status().isNotFound());
 	}
 
 	@Test
-	public void getWhenKeyMatchesByKidThenOk()
-			throws Exception {
+	public void getWhenKeyMatchesByKidThenOk() throws Exception {
 
 		this.spring.configLocations(xml("JwtRestOperations"), xml("Jwt")).autowire();
 		mockRestOperations(jwks("TwoKeys"));
 		String token = this.token("Kid");
 
-		this.mvc.perform(get("/authenticated")
-				.header("Authorization", "Bearer " + token))
+		this.mvc.perform(get("/authenticated").header("Authorization", "Bearer " + token))
 				.andExpect(status().isNotFound());
 	}
 
 	// -- Resource Server should not engage csrf
 
 	@Test
-	public void postWhenValidBearerTokenAndNoCsrfTokenThenOk()
-			throws Exception {
+	public void postWhenValidBearerTokenAndNoCsrfTokenThenOk() throws Exception {
 
 		this.spring.configLocations(xml("JwtRestOperations"), xml("Jwt")).autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("ValidNoScopes");
 
-		this.mvc.perform(post("/authenticated")
-				.header("Authorization", "Bearer " + token))
+		this.mvc.perform(post("/authenticated").header("Authorization", "Bearer " + token))
 				.andExpect(status().isNotFound());
 	}
 
 	@Test
-	public void postWhenNoBearerTokenThenCsrfDenies()
-			throws Exception {
+	public void postWhenNoBearerTokenThenCsrfDenies() throws Exception {
 
 		this.spring.configLocations(xml("JwkSetUri")).autowire();
 
-		this.mvc.perform(post("/authenticated"))
-				.andExpect(status().isForbidden())
-				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, "Bearer")); // different from DSL
+		this.mvc.perform(post("/authenticated")).andExpect(status().isForbidden())
+				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, "Bearer")); // different
+																						// from
+																						// DSL
 	}
 
 	@Test
-	public void postWhenExpiredBearerTokenAndNoCsrfThenInvalidToken()
-			throws Exception {
+	public void postWhenExpiredBearerTokenAndNoCsrfThenInvalidToken() throws Exception {
 
 		this.spring.configLocations(xml("JwtRestOperations"), xml("Jwt")).autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("Expired");
 
-		this.mvc.perform(post("/authenticated")
-				.header("Authorization", "Bearer " + token))
+		this.mvc.perform(post("/authenticated").header("Authorization", "Bearer " + token))
 				.andExpect(status().isUnauthorized())
 				.andExpect(invalidTokenHeader("An error occurred while attempting to decode the Jwt"));
 	}
@@ -426,61 +377,49 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 	// -- Resource Server should not create sessions
 
 	@Test
-	public void requestWhenJwtThenSessionIsNotCreated()
-			throws Exception {
+	public void requestWhenJwtThenSessionIsNotCreated() throws Exception {
 
 		this.spring.configLocations(xml("JwtRestOperations"), xml("Jwt")).autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("ValidNoScopes");
 
-		MvcResult result = this.mvc.perform(get("/")
-				.header("Authorization", "Bearer " + token))
-				.andExpect(status().isNotFound())
-				.andReturn();
+		MvcResult result = this.mvc.perform(get("/").header("Authorization", "Bearer " + token))
+				.andExpect(status().isNotFound()).andReturn();
 
 		assertThat(result.getRequest().getSession(false)).isNull();
 	}
 
 	@Test
-	public void requestWhenIntrospectionThenSessionIsNotCreated()
-			throws Exception {
+	public void requestWhenIntrospectionThenSessionIsNotCreated() throws Exception {
 
 		this.spring.configLocations(xml("WebServer"), xml("IntrospectionUri")).autowire();
 		mockWebServer(json("Active"));
 
-		MvcResult result = this.mvc.perform(get("/authenticated")
-				.header("Authorization", "Bearer token"))
-				.andExpect(status().isNotFound())
-				.andReturn();
+		MvcResult result = this.mvc.perform(get("/authenticated").header("Authorization", "Bearer token"))
+				.andExpect(status().isNotFound()).andReturn();
 
 		assertThat(result.getRequest().getSession(false)).isNull();
 	}
 
 	@Test
-	public void requestWhenNoBearerTokenThenSessionIsCreated()
-			throws Exception {
+	public void requestWhenNoBearerTokenThenSessionIsCreated() throws Exception {
 
 		this.spring.configLocations(xml("JwkSetUri")).autowire();
 
-		MvcResult result = this.mvc.perform(get("/"))
-				.andExpect(status().isUnauthorized())
-				.andReturn();
+		MvcResult result = this.mvc.perform(get("/")).andExpect(status().isUnauthorized()).andReturn();
 
 		assertThat(result.getRequest().getSession(false)).isNotNull();
 	}
 
 	@Test
-	public void requestWhenSessionManagementConfiguredThenUses()
-			throws Exception {
+	public void requestWhenSessionManagementConfiguredThenUses() throws Exception {
 
 		this.spring.configLocations(xml("JwtRestOperations"), xml("AlwaysSessionCreation")).autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("ValidNoScopes");
 
-		MvcResult result = this.mvc.perform(get("/")
-				.header("Authorization", "Bearer " + token))
-				.andExpect(status().isNotFound())
-				.andReturn();
+		MvcResult result = this.mvc.perform(get("/").header("Authorization", "Bearer " + token))
+				.andExpect(status().isNotFound()).andReturn();
 
 		assertThat(result.getRequest().getSession(false)).isNotNull();
 	}
@@ -489,18 +428,16 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 
 	@Test
 	public void getWhenCustomBearerTokenResolverThenUses() throws Exception {
-		this.spring.configLocations(xml("MockBearerTokenResolver"), xml("MockJwtDecoder"),
-				xml("BearerTokenResolver")).autowire();
+		this.spring.configLocations(xml("MockBearerTokenResolver"), xml("MockJwtDecoder"), xml("BearerTokenResolver"))
+				.autowire();
 
 		JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class);
 		when(decoder.decode("token")).thenReturn(jwt().build());
 
 		BearerTokenResolver bearerTokenResolver = this.spring.getContext().getBean(BearerTokenResolver.class);
-		when(bearerTokenResolver.resolve(any(HttpServletRequest.class)))
-				.thenReturn("token");
+		when(bearerTokenResolver.resolve(any(HttpServletRequest.class))).thenReturn("token");
 
-		this.mvc.perform(get("/"))
-				.andExpect(status().isNotFound());
+		this.mvc.perform(get("/")).andExpect(status().isNotFound());
 
 		verify(decoder).decode("token");
 		verify(bearerTokenResolver).resolve(any(HttpServletRequest.class));
@@ -515,13 +452,10 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 		JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class);
 		when(decoder.decode(anyString())).thenReturn(jwt().build());
 
-		this.mvc.perform(get("/authenticated")
-				.header("Authorization", "Bearer token"))
+		this.mvc.perform(get("/authenticated").header("Authorization", "Bearer token"))
 				.andExpect(status().isNotFound());
 
-		this.mvc.perform(post("/authenticated")
-				.param("access_token", "token"))
-				.andExpect(status().isNotFound());
+		this.mvc.perform(post("/authenticated").param("access_token", "token")).andExpect(status().isNotFound());
 	}
 
 	@Test
@@ -533,13 +467,10 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 		JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class);
 		Mockito.when(decoder.decode(anyString())).thenReturn(jwt().build());
 
-		this.mvc.perform(get("/authenticated")
-				.header("Authorization", "Bearer token"))
+		this.mvc.perform(get("/authenticated").header("Authorization", "Bearer token"))
 				.andExpect(status().isNotFound());
 
-		this.mvc.perform(get("/authenticated")
-				.param("access_token", "token"))
-				.andExpect(status().isNotFound());
+		this.mvc.perform(get("/authenticated").param("access_token", "token")).andExpect(status().isNotFound());
 
 		verify(decoder, times(2)).decode("token");
 	}
@@ -550,11 +481,8 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 
 		this.spring.configLocations(xml("MockJwtDecoder"), xml("AllowBearerTokenInBody")).autowire();
 
-		this.mvc.perform(post("/authenticated")
-				.param("access_token", "token")
-				.header("Authorization", "Bearer token")
-				.with(csrf()))
-				.andExpect(status().isBadRequest())
+		this.mvc.perform(post("/authenticated").param("access_token", "token").header("Authorization", "Bearer token")
+				.with(csrf())).andExpect(status().isBadRequest())
 				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, containsString("invalid_request")));
 	}
 
@@ -564,29 +492,23 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 
 		this.spring.configLocations(xml("MockJwtDecoder"), xml("AllowBearerTokenInQuery")).autowire();
 
-		this.mvc.perform(get("/authenticated")
-				.header("Authorization", "Bearer token")
-				.param("access_token", "token"))
+		this.mvc.perform(get("/authenticated").header("Authorization", "Bearer token").param("access_token", "token"))
 				.andExpect(status().isBadRequest())
 				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, containsString("invalid_request")));
 	}
 
 	@Test
 	public void getBearerTokenResolverWhenNoResolverSpecifiedThenTheDefaultIsUsed() {
-		OAuth2ResourceServerBeanDefinitionParser oauth2 =
-				new OAuth2ResourceServerBeanDefinitionParser
-						(mock(BeanReference.class), mock(List.class), mock(Map.class),
-								mock(Map.class), mock(List.class));
+		OAuth2ResourceServerBeanDefinitionParser oauth2 = new OAuth2ResourceServerBeanDefinitionParser(
+				mock(BeanReference.class), mock(List.class), mock(Map.class), mock(Map.class), mock(List.class));
 
-		assertThat(oauth2.getBearerTokenResolver(mock(Element.class)))
-				.isInstanceOf(RootBeanDefinition.class);
+		assertThat(oauth2.getBearerTokenResolver(mock(Element.class))).isInstanceOf(RootBeanDefinition.class);
 	}
 
 	// -- custom jwt decoder
 
 	@Test
-	public void requestWhenCustomJwtDecoderThenUsed()
-			throws Exception {
+	public void requestWhenCustomJwtDecoderThenUsed() throws Exception {
 
 		this.spring.configLocations(xml("MockJwtDecoder"), xml("Jwt")).autowire();
 
@@ -594,8 +516,7 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 
 		when(decoder.decode(anyString())).thenReturn(jwt().build());
 
-		this.mvc.perform(get("/authenticated")
-				.header("Authorization", "Bearer token"))
+		this.mvc.perform(get("/authenticated").header("Authorization", "Bearer token"))
 				.andExpect(status().isNotFound());
 
 		verify(decoder).decode("token");
@@ -610,31 +531,27 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 	// -- exception handling
 
 	@Test
-	public void requestWhenRealmNameConfiguredThenUsesOnUnauthenticated()
-			throws Exception {
+	public void requestWhenRealmNameConfiguredThenUsesOnUnauthenticated() throws Exception {
 
 		this.spring.configLocations(xml("MockJwtDecoder"), xml("AuthenticationEntryPoint")).autowire();
 
 		JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class);
 		Mockito.when(decoder.decode(anyString())).thenThrow(JwtException.class);
 
-		this.mvc.perform(get("/authenticated")
-				.header("Authorization", "Bearer invalid_token"))
+		this.mvc.perform(get("/authenticated").header("Authorization", "Bearer invalid_token"))
 				.andExpect(status().isUnauthorized())
 				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer realm=\"myRealm\"")));
 	}
 
 	@Test
-	public void requestWhenRealmNameConfiguredThenUsesOnAccessDenied()
-			throws Exception {
+	public void requestWhenRealmNameConfiguredThenUsesOnAccessDenied() throws Exception {
 
 		this.spring.configLocations(xml("MockJwtDecoder"), xml("AccessDeniedHandler")).autowire();
 
 		JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class);
 		Mockito.when(decoder.decode(anyString())).thenReturn(jwt().build());
 
-		this.mvc.perform(get("/authenticated")
-				.header("Authorization", "Bearer insufficiently_scoped"))
+		this.mvc.perform(get("/authenticated").header("Authorization", "Bearer insufficiently_scoped"))
 				.andExpect(status().isForbidden())
 				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer realm=\"myRealm\"")));
 	}
@@ -642,72 +559,60 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 	// -- token validator
 
 	@Test
-	public void requestWhenCustomJwtValidatorFailsThenCorrespondingErrorMessage()
-			throws Exception {
+	public void requestWhenCustomJwtValidatorFailsThenCorrespondingErrorMessage() throws Exception {
 
 		this.spring.configLocations(xml("MockJwtValidator"), xml("Jwt")).autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("ValidNoScopes");
 
-		OAuth2TokenValidator<Jwt> jwtValidator =
-				this.spring.getContext().getBean(OAuth2TokenValidator.class);
+		OAuth2TokenValidator<Jwt> jwtValidator = this.spring.getContext().getBean(OAuth2TokenValidator.class);
 
 		OAuth2Error error = new OAuth2Error("custom-error", "custom-description", "custom-uri");
 
 		when(jwtValidator.validate(any(Jwt.class))).thenReturn(OAuth2TokenValidatorResult.failure(error));
 
-		this.mvc.perform(get("/")
-				.header("Authorization", "Bearer " + token))
-				.andExpect(status().isUnauthorized())
+		this.mvc.perform(get("/").header("Authorization", "Bearer " + token)).andExpect(status().isUnauthorized())
 				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, containsString("custom-description")));
 	}
 
 	@Test
-	public void requestWhenClockSkewSetThenTimestampWindowRelaxedAccordingly()
-			throws Exception {
+	public void requestWhenClockSkewSetThenTimestampWindowRelaxedAccordingly() throws Exception {
 
 		this.spring.configLocations(xml("UnexpiredJwtClockSkew"), xml("Jwt")).autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("ExpiresAt4687177990");
 
-		this.mvc.perform(get("/")
-				.header("Authorization", "Bearer " + token))
-				.andExpect(status().isNotFound());
+		this.mvc.perform(get("/").header("Authorization", "Bearer " + token)).andExpect(status().isNotFound());
 	}
 
 	@Test
-	public void requestWhenClockSkewSetButJwtStillTooLateThenReportsExpired()
-			throws Exception {
+	public void requestWhenClockSkewSetButJwtStillTooLateThenReportsExpired() throws Exception {
 
 		this.spring.configLocations(xml("ExpiredJwtClockSkew"), xml("Jwt")).autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("ExpiresAt4687177990");
 
-		this.mvc.perform(get("/")
-				.header("Authorization", "Bearer " + token))
-				.andExpect(status().isUnauthorized())
+		this.mvc.perform(get("/").header("Authorization", "Bearer " + token)).andExpect(status().isUnauthorized())
 				.andExpect(invalidTokenHeader("Jwt expired at"));
 	}
 
 	// -- converter
 
 	@Test
-	public void requestWhenJwtAuthenticationConverterThenUsed()
-			throws Exception {
+	public void requestWhenJwtAuthenticationConverterThenUsed() throws Exception {
 
-		this.spring.configLocations(xml("MockJwtDecoder"), xml("MockJwtAuthenticationConverter"), xml("JwtAuthenticationConverter")).autowire();
+		this.spring.configLocations(xml("MockJwtDecoder"), xml("MockJwtAuthenticationConverter"),
+				xml("JwtAuthenticationConverter")).autowire();
 
-		Converter<Jwt, JwtAuthenticationToken> jwtAuthenticationConverter =
-				(Converter<Jwt, JwtAuthenticationToken>) this.spring.getContext().getBean("jwtAuthenticationConverter");
+		Converter<Jwt, JwtAuthenticationToken> jwtAuthenticationConverter = (Converter<Jwt, JwtAuthenticationToken>) this.spring
+				.getContext().getBean("jwtAuthenticationConverter");
 		when(jwtAuthenticationConverter.convert(any(Jwt.class)))
 				.thenReturn(new JwtAuthenticationToken(jwt().build(), Collections.emptyList()));
 
 		JwtDecoder jwtDecoder = this.spring.getContext().getBean(JwtDecoder.class);
 		Mockito.when(jwtDecoder.decode(anyString())).thenReturn(jwt().build());
 
-		this.mvc.perform(get("/")
-				.header("Authorization", "Bearer token"))
-				.andExpect(status().isNotFound());
+		this.mvc.perform(get("/").header("Authorization", "Bearer token")).andExpect(status().isNotFound());
 
 		verify(jwtAuthenticationConverter).convert(any(Jwt.class));
 	}
@@ -715,38 +620,31 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 	// -- single key
 
 	@Test
-	public void requestWhenUsingPublicKeyAndValidTokenThenAuthenticates()
-			throws Exception {
+	public void requestWhenUsingPublicKeyAndValidTokenThenAuthenticates() throws Exception {
 
 		this.spring.configLocations(xml("SingleKey"), xml("Jwt")).autowire();
 		String token = this.token("ValidNoScopes");
 
-		this.mvc.perform(get("/")
-				.header("Authorization", "Bearer " + token))
-				.andExpect(status().isNotFound());
+		this.mvc.perform(get("/").header("Authorization", "Bearer " + token)).andExpect(status().isNotFound());
 	}
 
 	@Test
-	public void requestWhenUsingPublicKeyAndSignatureFailsThenReturnsInvalidToken()
-			throws Exception {
+	public void requestWhenUsingPublicKeyAndSignatureFailsThenReturnsInvalidToken() throws Exception {
 
 		this.spring.configLocations(xml("SingleKey"), xml("Jwt")).autowire();
 		String token = this.token("WrongSignature");
 
-		this.mvc.perform(get("/")
-				.header("Authorization", "Bearer " + token))
+		this.mvc.perform(get("/").header("Authorization", "Bearer " + token))
 				.andExpect(invalidTokenHeader("signature"));
 	}
 
 	@Test
-	public void requestWhenUsingPublicKeyAlgorithmDoesNotMatchThenReturnsInvalidToken()
-			throws Exception {
+	public void requestWhenUsingPublicKeyAlgorithmDoesNotMatchThenReturnsInvalidToken() throws Exception {
 
 		this.spring.configLocations(xml("SingleKey"), xml("Jwt")).autowire();
 		String token = this.token("WrongAlgorithm");
 
-		this.mvc.perform(get("/")
-				.header("Authorization", "Bearer " + token))
+		this.mvc.perform(get("/").header("Authorization", "Bearer " + token))
 				.andExpect(invalidTokenHeader("algorithm"));
 	}
 
@@ -757,8 +655,7 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 		this.spring.configLocations(xml("OpaqueTokenRestOperations"), xml("OpaqueToken")).autowire();
 		mockRestOperations(json("Active"));
 
-		this.mvc.perform(get("/authenticated")
-				.header("Authorization", "Bearer token"))
+		this.mvc.perform(get("/authenticated").header("Authorization", "Bearer token"))
 				.andExpect(status().isNotFound());
 	}
 
@@ -767,11 +664,9 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 		this.spring.configLocations(xml("OpaqueTokenRestOperations"), xml("OpaqueToken")).autowire();
 		mockRestOperations(json("Inactive"));
 
-		this.mvc.perform(get("/")
-				.header("Authorization", "Bearer token"))
-				.andExpect(status().isUnauthorized())
-				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE,
-						containsString("Provided token isn't active")));
+		this.mvc.perform(get("/").header("Authorization", "Bearer token")).andExpect(status().isUnauthorized())
+				.andExpect(
+						header().string(HttpHeaders.WWW_AUTHENTICATE, containsString("Provided token isn't active")));
 	}
 
 	@Test
@@ -779,8 +674,7 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 		this.spring.configLocations(xml("OpaqueTokenRestOperations"), xml("OpaqueToken")).autowire();
 		mockRestOperations(json("ActiveNoScopes"));
 
-		this.mvc.perform(get("/requires-read-scope")
-				.header("Authorization", "Bearer token"))
+		this.mvc.perform(get("/requires-read-scope").header("Authorization", "Bearer token"))
 				.andExpect(status().isForbidden())
 				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, containsString("scope")));
 	}
@@ -803,14 +697,12 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 	public void getWhenAuthenticationManagerResolverThenUses() throws Exception {
 		this.spring.configLocations(xml("AuthenticationManagerResolver")).autowire();
 
-		AuthenticationManagerResolver<HttpServletRequest> authenticationManagerResolver =
-				this.spring.getContext().getBean(AuthenticationManagerResolver.class);
+		AuthenticationManagerResolver<HttpServletRequest> authenticationManagerResolver = this.spring.getContext()
+				.getBean(AuthenticationManagerResolver.class);
 		when(authenticationManagerResolver.resolve(any(HttpServletRequest.class)))
 				.thenReturn(authentication -> new JwtAuthenticationToken(jwt().build(), Collections.emptyList()));
 
-		this.mvc.perform(get("/")
-				.header("Authorization", "Bearer token"))
-				.andExpect(status().isNotFound());
+		this.mvc.perform(get("/").header("Authorization", "Bearer token")).andExpect(status().isNotFound());
 
 		verify(authenticationManagerResolver).resolve(any(HttpServletRequest.class));
 	}
@@ -820,9 +712,7 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 		this.spring.configLocations(xml("WebServer"), xml("MultipleIssuers")).autowire();
 
 		MockWebServer server = this.spring.getContext().getBean(MockWebServer.class);
-		String metadata = "{\n"
-				+ "    \"issuer\": \"%s\", \n"
-				+ "    \"jwks_uri\": \"%s/.well-known/jwks.json\" \n"
+		String metadata = "{\n" + "    \"issuer\": \"%s\", \n" + "    \"jwks_uri\": \"%s/.well-known/jwks.json\" \n"
 				+ "}";
 		String jwkSet = jwkSet();
 		String issuerOne = server.url("/issuerOne").toString();
@@ -835,92 +725,76 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 		mockWebServer(String.format(metadata, issuerOne, issuerOne));
 		mockWebServer(jwkSet);
 
-		this.mvc.perform(get("/authenticated")
-				.header("Authorization", "Bearer " + jwtOne))
+		this.mvc.perform(get("/authenticated").header("Authorization", "Bearer " + jwtOne))
 				.andExpect(status().isNotFound());
 
 		mockWebServer(String.format(metadata, issuerTwo, issuerTwo));
 		mockWebServer(jwkSet);
 
-		this.mvc.perform(get("/authenticated")
-				.header("Authorization", "Bearer " + jwtTwo))
+		this.mvc.perform(get("/authenticated").header("Authorization", "Bearer " + jwtTwo))
 				.andExpect(status().isNotFound());
 
 		mockWebServer(String.format(metadata, issuerThree, issuerThree));
 		mockWebServer(jwkSet);
 
-		this.mvc.perform(get("/authenticated")
-				.header("Authorization", "Bearer " + jwtThree))
-				.andExpect(status().isUnauthorized())
-				.andExpect(invalidTokenHeader("Invalid issuer"));
+		this.mvc.perform(get("/authenticated").header("Authorization", "Bearer " + jwtThree))
+				.andExpect(status().isUnauthorized()).andExpect(invalidTokenHeader("Invalid issuer"));
 	}
 
 	// -- In combination with other authentication providers
 
 	@Test
-	public void requestWhenBasicAndResourceServerEntryPointsThenBearerTokenPresides()
-			throws Exception { // different from DSL
+	public void requestWhenBasicAndResourceServerEntryPointsThenBearerTokenPresides() throws Exception { // different
+																											// from
+																											// DSL
 
 		this.spring.configLocations(xml("MockJwtDecoder"), xml("BasicAndResourceServer")).autowire();
 
 		JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class);
 		when(decoder.decode(anyString())).thenThrow(JwtException.class);
 
-		this.mvc.perform(get("/authenticated")
-				.with(httpBasic("some", "user")))
-				.andExpect(status().isUnauthorized())
+		this.mvc.perform(get("/authenticated").with(httpBasic("some", "user"))).andExpect(status().isUnauthorized())
 				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, startsWith("Basic")));
 
-		this.mvc.perform(get("/authenticated"))
-				.andExpect(status().isUnauthorized())
+		this.mvc.perform(get("/authenticated")).andExpect(status().isUnauthorized())
 				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer")));
 
-		this.mvc.perform(get("/authenticated")
-				.header("Authorization", "Bearer invalid_token"))
+		this.mvc.perform(get("/authenticated").header("Authorization", "Bearer invalid_token"))
 				.andExpect(status().isUnauthorized())
 				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer")));
 	}
 
 	@Test
-	public void requestWhenFormLoginAndResourceServerEntryPointsThenSessionCreatedByRequest()
-			throws Exception { // different from DSL
+	public void requestWhenFormLoginAndResourceServerEntryPointsThenSessionCreatedByRequest() throws Exception { // different
+																													// from
+																													// DSL
 
 		this.spring.configLocations(xml("MockJwtDecoder"), xml("FormAndResourceServer")).autowire();
 
 		JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class);
 		when(decoder.decode(anyString())).thenThrow(JwtException.class);
 
-		MvcResult result =
-				this.mvc.perform(get("/authenticated"))
-						.andExpect(status().isUnauthorized())
-						.andReturn();
+		MvcResult result = this.mvc.perform(get("/authenticated")).andExpect(status().isUnauthorized()).andReturn();
 
 		assertThat(result.getRequest().getSession(false)).isNotNull();
 
-		result =
-				this.mvc.perform(get("/authenticated")
-						.header("Authorization", "Bearer token"))
-						.andExpect(status().isUnauthorized())
-						.andReturn();
+		result = this.mvc.perform(get("/authenticated").header("Authorization", "Bearer token"))
+				.andExpect(status().isUnauthorized()).andReturn();
 
 		assertThat(result.getRequest().getSession(false)).isNull();
 	}
 
 	@Test
-	public void getWhenAlsoUsingHttpBasicThenCorrectProviderEngages()
-			throws Exception {
+	public void getWhenAlsoUsingHttpBasicThenCorrectProviderEngages() throws Exception {
 
 		this.spring.configLocations(xml("JwtRestOperations"), xml("BasicAndResourceServer")).autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("ValidNoScopes");
 
-		this.mvc.perform(get("/authenticated")
-				.header("Authorization", "Bearer " + token))
+		this.mvc.perform(get("/authenticated").header("Authorization", "Bearer " + token))
 				.andExpect(status().isNotFound());
 
-		this.mvc.perform(get("/authenticated")
-				.with(httpBasic("user", "password")))
-				.andExpect(status().isNotFound());
+		this.mvc.perform(get("/authenticated").with(httpBasic("user", "password"))).andExpect(status().isNotFound());
 	}
 
 	// -- Incorrect Configuration
@@ -928,28 +802,27 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 	@Test
 	public void configuredWhenMissingJwtAuthenticationProviderThenWiringException() {
 		assertThatCode(() -> this.spring.configLocations(xml("Jwtless")).autowire())
-				.isInstanceOf(BeanDefinitionParsingException.class)
-				.hasMessageContaining("Please select one");
+				.isInstanceOf(BeanDefinitionParsingException.class).hasMessageContaining("Please select one");
 	}
 
 	@Test
 	public void configureWhenMissingJwkSetUriThenWiringException() {
 		assertThatCode(() -> this.spring.configLocations(xml("JwtHalfConfigured")).autowire())
-				.isInstanceOf(BeanDefinitionParsingException.class)
-				.hasMessageContaining("Please specify either");
+				.isInstanceOf(BeanDefinitionParsingException.class).hasMessageContaining("Please specify either");
 	}
 
 	@Test
 	public void configureWhenUsingBothAuthenticationManagerResolverAndJwtThenException() {
-		assertThatCode(() -> this.spring.configLocations(xml("AuthenticationManagerResolverPlusOtherConfig")).autowire())
-				.isInstanceOf(BeanDefinitionParsingException.class)
-				.hasMessageContaining("authentication-manager-resolver-ref");
+		assertThatCode(
+				() -> this.spring.configLocations(xml("AuthenticationManagerResolverPlusOtherConfig")).autowire())
+						.isInstanceOf(BeanDefinitionParsingException.class)
+						.hasMessageContaining("authentication-manager-resolver-ref");
 	}
 
 	@Test
 	public void validateConfigurationWhenMoreThanOneResourceServerModeThenError() {
-		OAuth2ResourceServerBeanDefinitionParser parser = new OAuth2ResourceServerBeanDefinitionParser
-				(null, null, null, null, null);
+		OAuth2ResourceServerBeanDefinitionParser parser = new OAuth2ResourceServerBeanDefinitionParser(null, null, null,
+				null, null);
 		Element element = mock(Element.class);
 		when(element.hasAttribute(AUTHENTICATION_MANAGER_RESOLVER_REF)).thenReturn(true);
 		Element child = mock(Element.class);
@@ -965,8 +838,8 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 
 	@Test
 	public void validateConfigurationWhenNoResourceServerModeThenError() {
-		OAuth2ResourceServerBeanDefinitionParser parser = new OAuth2ResourceServerBeanDefinitionParser
-				(null, null, null, null, null);
+		OAuth2ResourceServerBeanDefinitionParser parser = new OAuth2ResourceServerBeanDefinitionParser(null, null, null,
+				null, null);
 		Element element = mock(Element.class);
 		when(element.hasAttribute(AUTHENTICATION_MANAGER_RESOLVER_REF)).thenReturn(false);
 		ParserContext pc = new ParserContext(mock(XmlReaderContext.class), mock(BeanDefinitionParserDelegate.class));
@@ -1019,8 +892,11 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 	}
 
 	static class JwtDecoderFactoryBean implements FactoryBean<JwtDecoder> {
+
 		private RestOperations rest;
+
 		private RSAPublicKey key;
+
 		private OAuth2TokenValidator<Jwt> jwtValidator;
 
 		@Override
@@ -1028,9 +904,9 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 			NimbusJwtDecoder decoder;
 			if (this.key != null) {
 				decoder = NimbusJwtDecoder.withPublicKey(this.key).build();
-			} else {
-				decoder = NimbusJwtDecoder.withJwkSetUri("https://idp.example.org")
-						.restOperations(this.rest).build();
+			}
+			else {
+				decoder = NimbusJwtDecoder.withJwkSetUri("https://idp.example.org").restOperations(this.rest).build();
 			}
 			if (this.jwtValidator != null) {
 				decoder.setJwtValidator(this.jwtValidator);
@@ -1054,9 +930,11 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 		public void setRest(RestOperations rest) {
 			this.rest = rest;
 		}
+
 	}
 
 	static class OpaqueTokenIntrospectorFactoryBean implements FactoryBean<OpaqueTokenIntrospector> {
+
 		private RestOperations rest;
 
 		@Override
@@ -1072,9 +950,11 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 		public void setRest(RestOperations rest) {
 			this.rest = rest;
 		}
+
 	}
 
 	static class MockWebServerFactoryBean implements FactoryBean<MockWebServer>, DisposableBean {
+
 		private final MockWebServer web = new MockWebServer();
 
 		@Override
@@ -1091,10 +971,10 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 		public Class<?> getObjectType() {
 			return MockWebServer.class;
 		}
+
 	}
 
-	static class MockWebServerPropertiesFactoryBean
-			implements FactoryBean<Properties>, DisposableBean {
+	static class MockWebServerPropertiesFactoryBean implements FactoryBean<Properties>, DisposableBean {
 
 		MockWebServer web;
 
@@ -1121,10 +1001,10 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 		public void destroy() throws Exception {
 			this.web.shutdown();
 		}
+
 	}
 
-	static class ClockFactoryBean
-		implements FactoryBean<Clock> {
+	static class ClockFactoryBean implements FactoryBean<Clock> {
 
 		Clock clock;
 
@@ -1141,44 +1021,31 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 		public void setMillis(long millis) {
 			this.clock = Clock.fixed(Instant.ofEpochMilli(millis), ZoneId.systemDefault());
 		}
+
 	}
 
 	private static ResultMatcher invalidRequestHeader(String message) {
 		return header().string(HttpHeaders.WWW_AUTHENTICATE,
-				AllOf.allOf(
-						new StringStartsWith("Bearer " +
-								"error=\"invalid_request\", " +
-								"error_description=\""),
+				AllOf.allOf(new StringStartsWith("Bearer " + "error=\"invalid_request\", " + "error_description=\""),
 						new StringContains(message),
-						new StringEndsWith(", " +
-								"error_uri=\"https://tools.ietf.org/html/rfc6750#section-3.1\"")
-				)
-		);
+						new StringEndsWith(", " + "error_uri=\"https://tools.ietf.org/html/rfc6750#section-3.1\"")));
 	}
 
 	private static ResultMatcher invalidTokenHeader(String message) {
 		return header().string(HttpHeaders.WWW_AUTHENTICATE,
-				AllOf.allOf(
-						new StringStartsWith("Bearer " +
-								"error=\"invalid_token\", " +
-								"error_description=\""),
+				AllOf.allOf(new StringStartsWith("Bearer " + "error=\"invalid_token\", " + "error_description=\""),
 						new StringContains(message),
-						new StringEndsWith(", " +
-								"error_uri=\"https://tools.ietf.org/html/rfc6750#section-3.1\"")
-				)
-		);
+						new StringEndsWith(", " + "error_uri=\"https://tools.ietf.org/html/rfc6750#section-3.1\"")));
 	}
 
 	private static ResultMatcher insufficientScopeHeader() {
-		return header().string(HttpHeaders.WWW_AUTHENTICATE, "Bearer " +
-				"error=\"insufficient_scope\"" +
-				", error_description=\"The request requires higher privileges than provided by the access token.\"" +
-				", error_uri=\"https://tools.ietf.org/html/rfc6750#section-3.1\"");
+		return header().string(HttpHeaders.WWW_AUTHENTICATE, "Bearer " + "error=\"insufficient_scope\""
+				+ ", error_description=\"The request requires higher privileges than provided by the access token.\""
+				+ ", error_uri=\"https://tools.ietf.org/html/rfc6750#section-3.1\"");
 	}
 
 	private String jwkSet() {
-		return new JWKSet(new RSAKey.Builder(TestKeys.DEFAULT_PUBLIC_KEY)
-				.keyID("1").build()).toString();
+		return new JWKSet(new RSAKey.Builder(TestKeys.DEFAULT_PUBLIC_KEY).keyID("1").build()).toString();
 	}
 
 	private String jwtFromIssuer(String issuer) throws Exception {
@@ -1186,18 +1053,15 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 		claims.put(ISS, issuer);
 		claims.put(SUB, "test-subject");
 		claims.put("scope", "message:read");
-		JWSObject jws = new JWSObject(
-				new JWSHeader.Builder(JWSAlgorithm.RS256).keyID("1").build(),
+		JWSObject jws = new JWSObject(new JWSHeader.Builder(JWSAlgorithm.RS256).keyID("1").build(),
 				new Payload(new JSONObject(claims)));
 		jws.sign(new RSASSASigner(TestKeys.DEFAULT_PRIVATE_KEY));
 		return jws.serialize();
 	}
 
 	private void mockWebServer(String response) {
-		this.web.enqueue(new MockResponse()
-				.setResponseCode(200)
-				.setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE)
-				.setBody(response));
+		this.web.enqueue(new MockResponse().setResponseCode(200)
+				.setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE).setBody(response));
 	}
 
 	private void mockRestOperations(String response) {
@@ -1205,8 +1069,7 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 		HttpHeaders headers = new HttpHeaders();
 		headers.setContentType(MediaType.APPLICATION_JSON);
 		ResponseEntity<String> entity = new ResponseEntity<>(response, headers, HttpStatus.OK);
-		Mockito.when(rest.exchange(any(RequestEntity.class), eq(String.class)))
-				.thenReturn(entity);
+		Mockito.when(rest.exchange(any(RequestEntity.class), eq(String.class))).thenReturn(entity);
 	}
 
 	private String json(String name) throws IOException {
@@ -1224,7 +1087,7 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 	private String resource(String suffix) throws IOException {
 		String name = this.getClass().getSimpleName() + "-" + suffix;
 		ClassPathResource resource = new ClassPathResource(name, this.getClass());
-		try ( BufferedReader reader = new BufferedReader(new FileReader(resource.getFile())) ) {
+		try (BufferedReader reader = new BufferedReader(new FileReader(resource.getFile()))) {
 			return reader.lines().collect(Collectors.joining());
 		}
 	}
@@ -1236,4 +1099,5 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 	private String xml(String configName) {
 		return CONFIG_LOCATION_PREFIX + "-" + configName + ".xml";
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/http/OpenIDConfigTests.java b/config/src/test/java/org/springframework/security/config/http/OpenIDConfigTests.java
index b13678789c..930a991a2a 100644
--- a/config/src/test/java/org/springframework/security/config/http/OpenIDConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/OpenIDConfigTests.java
@@ -59,8 +59,8 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
  * @author Luke Taylor
  */
 public class OpenIDConfigTests {
-	private static final String CONFIG_LOCATION_PREFIX =
-			"classpath:org/springframework/security/config/http/OpenIDConfigTests";
+
+	private static final String CONFIG_LOCATION_PREFIX = "classpath:org/springframework/security/config/http/OpenIDConfigTests";
 
 	@Autowired
 	MockMvc mvc;
@@ -69,37 +69,29 @@ public class OpenIDConfigTests {
 	public final SpringTestRule spring = new SpringTestRule();
 
 	@Test
-	public void requestWhenOpenIDAndFormLoginBothConfiguredThenRedirectsToGeneratedLoginPage()
-			throws Exception {
+	public void requestWhenOpenIDAndFormLoginBothConfiguredThenRedirectsToGeneratedLoginPage() throws Exception {
 
 		this.spring.configLocations(this.xml("WithFormLogin")).autowire();
 
-		this.mvc.perform(get("/"))
-				.andExpect(status().isFound())
-				.andExpect(redirectedUrl("http://localhost/login"));
+		this.mvc.perform(get("/")).andExpect(status().isFound()).andExpect(redirectedUrl("http://localhost/login"));
 
 		assertThat(getFilter(DefaultLoginPageGeneratingFilter.class)).isNotNull();
 	}
 
 	@Test
-	public void requestWhenOpenIDAndFormLoginWithFormLoginPageConfiguredThenFormLoginPageWins()
-			throws Exception {
+	public void requestWhenOpenIDAndFormLoginWithFormLoginPageConfiguredThenFormLoginPageWins() throws Exception {
 
 		this.spring.configLocations(this.xml("WithFormLoginPage")).autowire();
 
-		this.mvc.perform(get("/"))
-				.andExpect(status().isFound())
-				.andExpect(redirectedUrl("http://localhost/form-page"));
+		this.mvc.perform(get("/")).andExpect(status().isFound()).andExpect(redirectedUrl("http://localhost/form-page"));
 	}
 
 	@Test
-	public void requestWhenOpenIDAndFormLoginWithOpenIDLoginPageConfiguredThenOpenIDLoginPageWins()
-			throws Exception {
+	public void requestWhenOpenIDAndFormLoginWithOpenIDLoginPageConfiguredThenOpenIDLoginPageWins() throws Exception {
 
 		this.spring.configLocations(this.xml("WithOpenIDLoginPageAndFormLogin")).autowire();
 
-		this.mvc.perform(get("/"))
-				.andExpect(status().isFound())
+		this.mvc.perform(get("/")).andExpect(status().isFound())
 				.andExpect(redirectedUrl("http://localhost/openid-page"));
 	}
 
@@ -111,8 +103,7 @@ public class OpenIDConfigTests {
 	}
 
 	@Test
-	public void requestWhenOpenIDAndRememberMeConfiguredThenRememberMePassedToIdp()
-			throws Exception {
+	public void requestWhenOpenIDAndRememberMeConfiguredThenRememberMePassedToIdp() throws Exception {
 
 		this.spring.configLocations(this.xml("WithRememberMe")).autowire();
 
@@ -129,27 +120,21 @@ public class OpenIDConfigTests {
 		openIDFilter.setConsumer(consumer);
 
 		String expectedReturnTo = new StringBuilder("http://localhost/login/openid").append("?")
-				.append(AbstractRememberMeServices.DEFAULT_PARAMETER)
-				.append("=").append("on").toString();
+				.append(AbstractRememberMeServices.DEFAULT_PARAMETER).append("=").append("on").toString();
 
-		this.mvc.perform(get("/"))
-				.andExpect(status().isFound())
-				.andExpect(redirectedUrl("http://localhost/login"));
+		this.mvc.perform(get("/")).andExpect(status().isFound()).andExpect(redirectedUrl("http://localhost/login"));
 
-		this.mvc.perform(get("/login"))
-				.andExpect(status().isOk())
+		this.mvc.perform(get("/login")).andExpect(status().isOk())
 				.andExpect(content().string(containsString(AbstractRememberMeServices.DEFAULT_PARAMETER)));
 
 		this.mvc.perform(get("/login/openid")
 				.param(OpenIDAuthenticationFilter.DEFAULT_CLAIMED_IDENTITY_FIELD, "https://ww1.openid.com")
-				.param(AbstractRememberMeServices.DEFAULT_PARAMETER, "on"))
-				.andExpect(status().isFound())
+				.param(AbstractRememberMeServices.DEFAULT_PARAMETER, "on")).andExpect(status().isFound())
 				.andExpect(redirectedUrl(openIdEndpointUrl + expectedReturnTo));
 	}
 
 	@Test
-	public void requestWhenAttributeExchangeConfiguredThenFetchAttributesPassedToIdp()
-			throws Exception {
+	public void requestWhenAttributeExchangeConfiguredThenFetchAttributesPassedToIdp() throws Exception {
 
 		this.spring.configLocations(this.xml("WithOpenIDAttributes")).autowire();
 
@@ -158,25 +143,21 @@ public class OpenIDConfigTests {
 		ConsumerManager manager = getFieldValue(consumer, "consumerManager");
 		manager.setMaxAssocAttempts(0);
 
-		try ( MockWebServer server = new MockWebServer() ) {
+		try (MockWebServer server = new MockWebServer()) {
 			String endpoint = server.url("/").toString();
 
+			server.enqueue(new MockResponse().addHeader(YADIS_XRDS_LOCATION, endpoint));
 			server.enqueue(new MockResponse()
-					.addHeader(YADIS_XRDS_LOCATION, endpoint));
-			server.enqueue(new MockResponse()
-					.setBody(String.format(
-							"<XRDS><XRD><Service><URI>%s</URI></Service></XRD></XRDS>",
-							endpoint)));
+					.setBody(String.format("<XRDS><XRD><Service><URI>%s</URI></Service></XRD></XRDS>", endpoint)));
 
-			this.mvc.perform(get("/login/openid")
-					.param(OpenIDAuthenticationFilter.DEFAULT_CLAIMED_IDENTITY_FIELD, endpoint))
+			this.mvc.perform(
+					get("/login/openid").param(OpenIDAuthenticationFilter.DEFAULT_CLAIMED_IDENTITY_FIELD, endpoint))
 					.andExpect(status().isFound())
 					.andExpect(result -> result.getResponse().getRedirectedUrl().endsWith(
-							"openid.ext1.type.nickname=http%3A%2F%2Fschema.openid.net%2FnamePerson%2Ffriendly&" +
-							"openid.ext1.if_available=nickname&" +
-							"openid.ext1.type.email=http%3A%2F%2Fschema.openid.net%2Fcontact%2Femail&" +
-							"openid.ext1.required=email&" +
-							"openid.ext1.count.email=2"));
+							"openid.ext1.type.nickname=http%3A%2F%2Fschema.openid.net%2FnamePerson%2Ffriendly&"
+									+ "openid.ext1.if_available=nickname&"
+									+ "openid.ext1.type.email=http%3A%2F%2Fschema.openid.net%2Fcontact%2Femail&"
+									+ "openid.ext1.required=email&" + "openid.ext1.count.email=2"));
 		}
 	}
 
@@ -191,25 +172,22 @@ public class OpenIDConfigTests {
 
 		assertThat(getFilter(DefaultLoginPageGeneratingFilter.class)).isNull();
 
-		this.mvc.perform(get("/login"))
-				.andExpect(status().isOk())
-				.andExpect(content().string("a custom login page"));
+		this.mvc.perform(get("/login")).andExpect(status().isOk()).andExpect(content().string("a custom login page"));
 	}
 
 	@RestController
 	static class CustomLoginController {
+
 		@GetMapping("/login")
 		public String custom() {
 			return "a custom login page";
 		}
+
 	}
 
 	private <T extends Filter> T getFilter(Class<T> clazz) {
 		FilterChainProxy filterChain = this.spring.getContext().getBean(FilterChainProxy.class);
-		return (T) filterChain.getFilters("/").stream()
-				.filter(clazz::isInstance)
-				.findFirst()
-				.orElse(null);
+		return (T) filterChain.getFilters("/").stream().filter(clazz::isInstance).findFirst().orElse(null);
 	}
 
 	private String xml(String configName) {
@@ -219,4 +197,5 @@ public class OpenIDConfigTests {
 	private static <T> T getFieldValue(Object bean, String fieldName) throws IllegalAccessException {
 		return (T) FieldUtils.getFieldValue(bean, fieldName);
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/http/PlaceHolderAndELConfigTests.java b/config/src/test/java/org/springframework/security/config/http/PlaceHolderAndELConfigTests.java
index e887545055..b41595c926 100644
--- a/config/src/test/java/org/springframework/security/config/http/PlaceHolderAndELConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/PlaceHolderAndELConfigTests.java
@@ -40,8 +40,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
 @SecurityTestExecutionListeners
 public class PlaceHolderAndELConfigTests {
 
-	private static final String CONFIG_LOCATION_PREFIX =
-			"classpath:org/springframework/security/config/http/PlaceHolderAndELConfigTests";
+	private static final String CONFIG_LOCATION_PREFIX = "classpath:org/springframework/security/config/http/PlaceHolderAndELConfigTests";
 
 	@Rule
 	public final SpringTestRule spring = new SpringTestRule();
@@ -50,23 +49,20 @@ public class PlaceHolderAndELConfigTests {
 	MockMvc mvc;
 
 	@Test
-	public void getWhenUsingPlaceholderThenUnsecuredPatternCorrectlyConfigured()
-			throws Exception {
+	public void getWhenUsingPlaceholderThenUnsecuredPatternCorrectlyConfigured() throws Exception {
 
 		System.setProperty("pattern.nofilters", "/unsecured");
 
 		this.spring.configLocations(this.xml("UnsecuredPattern")).autowire();
 
-		this.mvc.perform(get("/unsecured"))
-				.andExpect(status().isOk());
+		this.mvc.perform(get("/unsecured")).andExpect(status().isOk());
 	}
 
 	/**
 	 * SEC-1201
 	 */
 	@Test
-	public void loginWhenUsingPlaceholderThenInterceptUrlsAndFormLoginWorks()
-			throws Exception {
+	public void loginWhenUsingPlaceholderThenInterceptUrlsAndFormLoginWorks() throws Exception {
 
 		System.setProperty("secure.Url", "/secured");
 		System.setProperty("secure.role", "ROLE_NUNYA");
@@ -78,22 +74,17 @@ public class PlaceHolderAndELConfigTests {
 
 		// login-page setting
 
-		this.mvc.perform(get("/secured"))
-				.andExpect(redirectedUrl("http://localhost/loginPage"));
+		this.mvc.perform(get("/secured")).andExpect(redirectedUrl("http://localhost/loginPage"));
 
 		// login-processing-url setting
 		// default-target-url setting
 
-		this.mvc.perform(post("/loginPage")
-				.param("username", "user")
-				.param("password", "password"))
+		this.mvc.perform(post("/loginPage").param("username", "user").param("password", "password"))
 				.andExpect(redirectedUrl("/defaultTarget"));
 
 		// authentication-failure-url setting
 
-		this.mvc.perform(post("/loginPage")
-				.param("username", "user")
-				.param("password", "wrong"))
+		this.mvc.perform(post("/loginPage").param("username", "user").param("password", "wrong"))
 				.andExpect(redirectedUrl("/authFailure"));
 	}
 
@@ -101,8 +92,7 @@ public class PlaceHolderAndELConfigTests {
 	 * SEC-1309
 	 */
 	@Test
-	public void loginWhenUsingSpELThenInterceptUrlsAndFormLoginWorks()
-			throws Exception {
+	public void loginWhenUsingSpELThenInterceptUrlsAndFormLoginWorks() throws Exception {
 
 		System.setProperty("secure.url", "/secured");
 		System.setProperty("secure.role", "ROLE_NUNYA");
@@ -110,91 +100,77 @@ public class PlaceHolderAndELConfigTests {
 		System.setProperty("default.target", "/defaultTarget");
 		System.setProperty("auth.failure", "/authFailure");
 
-		this.spring.configLocations(
-				this.xml("InterceptUrlAndFormLoginWithSpEL")).autowire();
+		this.spring.configLocations(this.xml("InterceptUrlAndFormLoginWithSpEL")).autowire();
 
 		// login-page setting
 
-		this.mvc.perform(get("/secured"))
-				.andExpect(redirectedUrl("http://localhost/loginPage"));
+		this.mvc.perform(get("/secured")).andExpect(redirectedUrl("http://localhost/loginPage"));
 
 		// login-processing-url setting
 		// default-target-url setting
 
-		this.mvc.perform(post("/loginPage")
-				.param("username", "user")
-				.param("password", "password"))
+		this.mvc.perform(post("/loginPage").param("username", "user").param("password", "password"))
 				.andExpect(redirectedUrl("/defaultTarget"));
 
 		// authentication-failure-url setting
 
-		this.mvc.perform(post("/loginPage")
-				.param("username", "user")
-				.param("password", "wrong"))
+		this.mvc.perform(post("/loginPage").param("username", "user").param("password", "wrong"))
 				.andExpect(redirectedUrl("/authFailure"));
 
 	}
 
 	@Test
 	@WithMockUser
-	public void requestWhenUsingPlaceholderOrSpELThenPortMapperWorks()
-			throws Exception {
+	public void requestWhenUsingPlaceholderOrSpELThenPortMapperWorks() throws Exception {
 
 		System.setProperty("http", "9080");
 		System.setProperty("https", "9443");
 
 		this.spring.configLocations(this.xml("PortMapping")).autowire();
 
-		this.mvc.perform(get("http://localhost:9080/secured"))
-				.andExpect(status().isFound())
+		this.mvc.perform(get("http://localhost:9080/secured")).andExpect(status().isFound())
 				.andExpect(redirectedUrl("https://localhost:9443/secured"));
 
-		this.mvc.perform(get("https://localhost:9443/unsecured"))
-				.andExpect(status().isFound())
+		this.mvc.perform(get("https://localhost:9443/unsecured")).andExpect(status().isFound())
 				.andExpect(redirectedUrl("http://localhost:9080/unsecured"));
 	}
 
 	@Test
 	@WithMockUser
-	public void requestWhenUsingPlaceholderThenRequiresChannelWorks()
-			throws Exception {
+	public void requestWhenUsingPlaceholderThenRequiresChannelWorks() throws Exception {
 
 		System.setProperty("secure.url", "/secured");
 		System.setProperty("required.channel", "https");
 
 		this.spring.configLocations(this.xml("RequiresChannel")).autowire();
 
-		this.mvc.perform(get("http://localhost/secured"))
-				.andExpect(status().isFound())
+		this.mvc.perform(get("http://localhost/secured")).andExpect(status().isFound())
 				.andExpect(redirectedUrl("https://localhost/secured"));
 	}
 
 	@Test
 	@WithMockUser
-	public void requestWhenUsingPlaceholderThenAccessDeniedPageWorks()
-			throws Exception {
+	public void requestWhenUsingPlaceholderThenAccessDeniedPageWorks() throws Exception {
 
 		System.setProperty("accessDenied", "/go-away");
 
 		this.spring.configLocations(this.xml("AccessDeniedPage")).autowire();
 
-		this.mvc.perform(get("/secured"))
-				.andExpect(forwardedUrl("/go-away"));
+		this.mvc.perform(get("/secured")).andExpect(forwardedUrl("/go-away"));
 	}
 
 	@Test
 	@WithMockUser
-	public void requestWhenUsingSpELThenAccessDeniedPageWorks()
-			throws Exception {
+	public void requestWhenUsingSpELThenAccessDeniedPageWorks() throws Exception {
 
 		this.spring.configLocations(this.xml("AccessDeniedPageWithSpEL")).autowire();
 
-		this.mvc.perform(get("/secured"))
-				.andExpect(forwardedUrl("/go-away"));
+		this.mvc.perform(get("/secured")).andExpect(forwardedUrl("/go-away"));
 	}
 
 	@RestController
 	static class SimpleController {
+
 		@GetMapping("/unsecured")
 		String unsecured() {
 			return "unsecured";
@@ -204,9 +180,11 @@ public class PlaceHolderAndELConfigTests {
 		String secured() {
 			return "secured";
 		}
+
 	}
 
 	private String xml(String configName) {
 		return CONFIG_LOCATION_PREFIX + "-" + configName + ".xml";
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/http/RememberMeConfigTests.java b/config/src/test/java/org/springframework/security/config/http/RememberMeConfigTests.java
index 0854316af8..9cd61b0640 100644
--- a/config/src/test/java/org/springframework/security/config/http/RememberMeConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/RememberMeConfigTests.java
@@ -52,14 +52,13 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
 
 /**
- *
  * @author Luke Taylor
  * @author Rob Winch
  * @author Oliver Becker
  */
 public class RememberMeConfigTests {
-	private static final String CONFIG_LOCATION_PREFIX =
-			"classpath:org/springframework/security/config/http/RememberMeConfigTests";
+
+	private static final String CONFIG_LOCATION_PREFIX = "classpath:org/springframework/security/config/http/RememberMeConfigTests";
 
 	@Autowired
 	MockMvc mvc;
@@ -68,20 +67,16 @@ public class RememberMeConfigTests {
 	public final SpringTestRule spring = new SpringTestRule();
 
 	@Test
-	public void requestWithRememberMeWhenUsingCustomTokenRepositoryThenAutomaticallyReauthenticates()
-			throws Exception {
+	public void requestWithRememberMeWhenUsingCustomTokenRepositoryThenAutomaticallyReauthenticates() throws Exception {
 
 		this.spring.configLocations(this.xml("WithTokenRepository")).autowire();
 
 		MvcResult result = this.rememberAuthentication("user", "password")
-				.andExpect(cookie().secure(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, false))
-				.andReturn();
+				.andExpect(cookie().secure(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, false)).andReturn();
 
 		Cookie cookie = rememberMeCookie(result);
 
-		this.mvc.perform(get("/authenticated")
-				.cookie(cookie))
-				.andExpect(status().isOk());
+		this.mvc.perform(get("/authenticated").cookie(cookie)).andExpect(status().isOk());
 
 		JdbcTemplate template = this.spring.getContext().getBean(JdbcTemplate.class);
 		int count = template.queryForObject("select count(*) from persistent_logins", int.class);
@@ -89,8 +84,7 @@ public class RememberMeConfigTests {
 	}
 
 	@Test
-	public void requestWithRememberMeWhenUsingCustomDataSourceThenAutomaticallyReauthenticates()
-			throws Exception {
+	public void requestWithRememberMeWhenUsingCustomDataSourceThenAutomaticallyReauthenticates() throws Exception {
 
 		this.spring.configLocations(this.xml("WithDataSource")).autowire();
 
@@ -99,22 +93,18 @@ public class RememberMeConfigTests {
 		template.execute(CREATE_TABLE_SQL);
 
 		MvcResult result = this.rememberAuthentication("user", "password")
-				.andExpect(cookie().secure(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, false))
-				.andReturn();
+				.andExpect(cookie().secure(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, false)).andReturn();
 
 		Cookie cookie = rememberMeCookie(result);
 
-		this.mvc.perform(get("/authenticated")
-				.cookie(cookie))
-				.andExpect(status().isOk());
+		this.mvc.perform(get("/authenticated").cookie(cookie)).andExpect(status().isOk());
 
 		int count = template.queryForObject("select count(*) from persistent_logins", int.class);
 		assertThat(count).isEqualTo(1);
 	}
 
 	@Test
-	public void requestWithRememberMeWhenUsingAuthenticationSuccessHandlerThenInvokesHandler()
-			throws Exception {
+	public void requestWithRememberMeWhenUsingAuthenticationSuccessHandlerThenInvokesHandler() throws Exception {
 
 		this.spring.configLocations(this.xml("WithAuthenticationSuccessHandler")).autowire();
 
@@ -123,47 +113,36 @@ public class RememberMeConfigTests {
 		template.execute(CREATE_TABLE_SQL);
 
 		MvcResult result = this.rememberAuthentication("user", "password")
-				.andExpect(cookie().secure(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, false))
-				.andReturn();
+				.andExpect(cookie().secure(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, false)).andReturn();
 
 		Cookie cookie = rememberMeCookie(result);
 
-		this.mvc.perform(get("/authenticated")
-				.cookie(cookie))
-				.andExpect(redirectedUrl("/target"));
+		this.mvc.perform(get("/authenticated").cookie(cookie)).andExpect(redirectedUrl("/target"));
 
 		int count = template.queryForObject("select count(*) from persistent_logins", int.class);
 		assertThat(count).isEqualTo(1);
 	}
 
 	@Test
-	public void requestWithRememberMeWhenUsingCustomRememberMeServicesThenAuthenticates()
-			throws Exception {
+	public void requestWithRememberMeWhenUsingCustomRememberMeServicesThenAuthenticates() throws Exception {
 		// SEC-1281 - using key with external services
 		this.spring.configLocations(this.xml("WithServicesRef")).autowire();
 
 		MvcResult result = this.rememberAuthentication("user", "password")
 				.andExpect(cookie().secure(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, false))
-				.andExpect(cookie().maxAge(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, 5000))
-				.andReturn();
+				.andExpect(cookie().maxAge(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, 5000)).andReturn();
 
 		Cookie cookie = rememberMeCookie(result);
 
-		this.mvc.perform(get("/authenticated")
-				.cookie(cookie))
-				.andExpect(status().isOk());
+		this.mvc.perform(get("/authenticated").cookie(cookie)).andExpect(status().isOk());
 
 		// SEC-909
-		this.mvc.perform(post("/logout")
-				.cookie(cookie)
-				.with(csrf()))
-				.andExpect(cookie().maxAge(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, 0))
-				.andReturn();
+		this.mvc.perform(post("/logout").cookie(cookie).with(csrf()))
+				.andExpect(cookie().maxAge(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, 0)).andReturn();
 	}
 
 	@Test
-	public void logoutWhenUsingRememberMeDefaultsThenCookieIsCancelled()
-			throws Exception {
+	public void logoutWhenUsingRememberMeDefaultsThenCookieIsCancelled() throws Exception {
 
 		this.spring.configLocations(this.xml("DefaultConfig")).autowire();
 
@@ -171,9 +150,7 @@ public class RememberMeConfigTests {
 
 		Cookie cookie = rememberMeCookie(result);
 
-		this.mvc.perform(post("/logout")
-				.cookie(cookie)
-				.with(csrf()))
+		this.mvc.perform(post("/logout").cookie(cookie).with(csrf()))
 				.andExpect(cookie().maxAge(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, 0));
 	}
 
@@ -184,19 +161,15 @@ public class RememberMeConfigTests {
 		this.spring.configLocations(this.xml("TokenValidity")).autowire();
 
 		MvcResult result = this.rememberAuthentication("user", "password")
-				.andExpect(cookie().maxAge(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, 10000))
-				.andReturn();
+				.andExpect(cookie().maxAge(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, 10000)).andReturn();
 
 		Cookie cookie = rememberMeCookie(result);
 
-		this.mvc.perform(get("/authenticated")
-				.cookie(cookie))
-				.andExpect(status().isOk());
+		this.mvc.perform(get("/authenticated").cookie(cookie)).andExpect(status().isOk());
 	}
 
 	@Test
-	public void requestWithRememberMeWhenTokenValidityIsNegativeThenCookieReflectsCorrectExpiration()
-			throws Exception {
+	public void requestWithRememberMeWhenTokenValidityIsNegativeThenCookieReflectsCorrectExpiration() throws Exception {
 
 		this.spring.configLocations(this.xml("NegativeTokenValidity")).autowire();
 
@@ -204,11 +177,10 @@ public class RememberMeConfigTests {
 				.andExpect(cookie().maxAge(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, -1));
 	}
 
-
 	@Test
 	public void configureWhenUsingDataSourceAndANegativeTokenValidityThenThrowsWiringException() {
 		assertThatCode(() -> this.spring.configLocations(this.xml("NegativeTokenValidityWithDataSource")).autowire())
-			.isInstanceOf(FatalBeanException.class);
+				.isInstanceOf(FatalBeanException.class);
 	}
 
 	@Test
@@ -222,8 +194,7 @@ public class RememberMeConfigTests {
 	}
 
 	@Test
-	public void requestWithRememberMeWhenUseSecureCookieIsTrueThenCookieIsSecure()
-			throws Exception {
+	public void requestWithRememberMeWhenUseSecureCookieIsTrueThenCookieIsSecure() throws Exception {
 
 		this.spring.configLocations(this.xml("SecureCookie")).autowire();
 
@@ -235,8 +206,7 @@ public class RememberMeConfigTests {
 	 * SEC-1827
 	 */
 	@Test
-	public void requestWithRememberMeWhenUseSecureCookieIsFalseThenCookieIsNotSecure()
-			throws Exception {
+	public void requestWithRememberMeWhenUseSecureCookieIsFalseThenCookieIsNotSecure() throws Exception {
 
 		this.spring.configLocations(this.xml("Sec1827")).autowire();
 
@@ -246,8 +216,9 @@ public class RememberMeConfigTests {
 
 	@Test
 	public void configureWhenUsingPersistentTokenRepositoryAndANegativeTokenValidityThenThrowsWiringException() {
-		assertThatCode(() -> this.spring.configLocations(this.xml("NegativeTokenValidityWithPersistentRepository")).autowire())
-				.isInstanceOf(BeanDefinitionParsingException.class);
+		assertThatCode(
+				() -> this.spring.configLocations(this.xml("NegativeTokenValidityWithPersistentRepository")).autowire())
+						.isInstanceOf(BeanDefinitionParsingException.class);
 	}
 
 	@Test
@@ -256,16 +227,14 @@ public class RememberMeConfigTests {
 		this.spring.configLocations(this.xml("WithUserDetailsService")).autowire();
 
 		UserDetailsService userDetailsService = this.spring.getContext().getBean(UserDetailsService.class);
-		when(userDetailsService.loadUserByUsername("user")).thenAnswer((invocation) ->
-				new User("user", "{noop}password", Collections.emptyList()));
+		when(userDetailsService.loadUserByUsername("user"))
+				.thenAnswer((invocation) -> new User("user", "{noop}password", Collections.emptyList()));
 
 		MvcResult result = this.rememberAuthentication("user", "password").andReturn();
 
 		Cookie cookie = rememberMeCookie(result);
 
-		this.mvc.perform(get("/authenticated")
-				.cookie(cookie))
-				.andExpect(status().isOk());
+		this.mvc.perform(get("/authenticated").cookie(cookie)).andExpect(status().isOk());
 
 		verify(userDetailsService, atLeastOnce()).loadUserByUsername("user");
 	}
@@ -274,46 +243,33 @@ public class RememberMeConfigTests {
 	 * SEC-742
 	 */
 	@Test
-	public void requestWithRememberMeWhenExcludingBasicAuthenticationFilterThenStillReauthenticates()
-			throws Exception {
+	public void requestWithRememberMeWhenExcludingBasicAuthenticationFilterThenStillReauthenticates() throws Exception {
 
 		this.spring.configLocations(this.xml("Sec742")).autowire();
 
-		MvcResult result =
-				this.mvc.perform(login("user", "password")
-						.param("remember-me", "true")
-						.with(csrf()))
-						.andExpect(redirectedUrl("/messageList.html"))
-						.andReturn();
+		MvcResult result = this.mvc.perform(login("user", "password").param("remember-me", "true").with(csrf()))
+				.andExpect(redirectedUrl("/messageList.html")).andReturn();
 
 		Cookie cookie = rememberMeCookie(result);
 
-		this.mvc.perform(get("/authenticated")
-				.cookie(cookie))
-				.andExpect(status().isOk());
+		this.mvc.perform(get("/authenticated").cookie(cookie)).andExpect(status().isOk());
 	}
 
 	/**
 	 * SEC-2119
 	 */
 	@Test
-	public void requestWithRememberMeWhenUsingCustomRememberMeParameterThenReauthenticates()
-			throws Exception {
+	public void requestWithRememberMeWhenUsingCustomRememberMeParameterThenReauthenticates() throws Exception {
 
 		this.spring.configLocations(this.xml("WithRememberMeParameter")).autowire();
 
-		MvcResult result =
-				this.mvc.perform(login("user", "password")
-						.param("custom-remember-me-parameter", "true")
-						.with(csrf()))
-						.andExpect(redirectedUrl("/"))
-						.andReturn();
+		MvcResult result = this.mvc
+				.perform(login("user", "password").param("custom-remember-me-parameter", "true").with(csrf()))
+				.andExpect(redirectedUrl("/")).andReturn();
 
 		Cookie cookie = rememberMeCookie(result);
 
-		this.mvc.perform(get("/authenticated")
-				.cookie(cookie))
-				.andExpect(status().isOk());
+		this.mvc.perform(get("/authenticated").cookie(cookie)).andExpect(status().isOk());
 	}
 
 	@Test
@@ -326,13 +282,11 @@ public class RememberMeConfigTests {
 	 * SEC-2826
 	 */
 	@Test
-	public void authenticateWhenUsingCustomRememberMeCookieNameThenIssuesCookieWithThatName()
-			throws Exception {
+	public void authenticateWhenUsingCustomRememberMeCookieNameThenIssuesCookieWithThatName() throws Exception {
 
 		this.spring.configLocations(this.xml("WithRememberMeCookie")).autowire();
 
-		this.rememberAuthentication("user", "password")
-				.andExpect(cookie().exists("custom-remember-me-cookie"));
+		this.rememberAuthentication("user", "password").andExpect(cookie().exists("custom-remember-me-cookie"));
 	}
 
 	/**
@@ -341,26 +295,25 @@ public class RememberMeConfigTests {
 	@Test
 	public void configureWhenUsingRememberMeCookieAndServicesRefThenThrowsWiringException() {
 		assertThatCode(() -> this.spring.configLocations(this.xml("WithRememberMeCookieAndServicesRef")).autowire())
-				.isInstanceOf(BeanDefinitionParsingException.class)
-				.hasMessageContaining("Configuration problem: services-ref can't be used in combination with attributes " +
-						"token-repository-ref,data-source-ref, user-service-ref, token-validity-seconds, use-secure-cookie, " +
-						"remember-me-parameter or remember-me-cookie");
+				.isInstanceOf(BeanDefinitionParsingException.class).hasMessageContaining(
+						"Configuration problem: services-ref can't be used in combination with attributes "
+								+ "token-repository-ref,data-source-ref, user-service-ref, token-validity-seconds, use-secure-cookie, "
+								+ "remember-me-parameter or remember-me-cookie");
 	}
 
 	@RestController
 	static class BasicController {
+
 		@GetMapping("/authenticated")
 		String ok() {
 			return "ok";
 		}
+
 	}
 
-	private ResultActions rememberAuthentication(String username, String password)
-			throws Exception {
+	private ResultActions rememberAuthentication(String username, String password) throws Exception {
 
-		return this.mvc.perform(login(username, password)
-				.param(DEFAULT_PARAMETER, "true")
-				.with(csrf()))
+		return this.mvc.perform(login(username, password).param(DEFAULT_PARAMETER, "true").with(csrf()))
 				.andExpect(redirectedUrl("/"));
 	}
 
@@ -375,4 +328,5 @@ public class RememberMeConfigTests {
 	private String xml(String configName) {
 		return CONFIG_LOCATION_PREFIX + "-" + configName + ".xml";
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/http/SecurityContextHolderAwareRequestConfigTests.java b/config/src/test/java/org/springframework/security/config/http/SecurityContextHolderAwareRequestConfigTests.java
index 9f57135a89..d64f331191 100644
--- a/config/src/test/java/org/springframework/security/config/http/SecurityContextHolderAwareRequestConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/SecurityContextHolderAwareRequestConfigTests.java
@@ -46,7 +46,6 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
 
 /**
- *
  * @author Rob Winch
  * @author Josh Cummings
  */
@@ -54,8 +53,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
 @SecurityTestExecutionListeners
 public class SecurityContextHolderAwareRequestConfigTests {
 
-	private static final String CONFIG_LOCATION_PREFIX =
-			"classpath:org/springframework/security/config/http/SecurityContextHolderAwareRequestConfigTests";
+	private static final String CONFIG_LOCATION_PREFIX = "classpath:org/springframework/security/config/http/SecurityContextHolderAwareRequestConfigTests";
 
 	@Rule
 	public final SpringTestRule spring = new SpringTestRule();
@@ -64,30 +62,24 @@ public class SecurityContextHolderAwareRequestConfigTests {
 	private MockMvc mvc;
 
 	@Test
-	public void servletLoginWhenUsingDefaultConfigurationThenUsesSpringSecurity()
-			throws Exception {
+	public void servletLoginWhenUsingDefaultConfigurationThenUsesSpringSecurity() throws Exception {
 
 		this.spring.configLocations(this.xml("Simple")).autowire();
 
-		this.mvc.perform(get("/good-login"))
-				.andExpect(status().isOk())
-				.andExpect(content().string("user"));
+		this.mvc.perform(get("/good-login")).andExpect(status().isOk()).andExpect(content().string("user"));
 	}
 
 	@Test
-	public void servletAuthenticateWhenUsingDefaultConfigurationThenUsesSpringSecurity()
-			throws Exception {
+	public void servletAuthenticateWhenUsingDefaultConfigurationThenUsesSpringSecurity() throws Exception {
 
 		this.spring.configLocations(this.xml("Simple")).autowire();
 
-		this.mvc.perform(get("/authenticate"))
-				.andExpect(status().isFound())
+		this.mvc.perform(get("/authenticate")).andExpect(status().isFound())
 				.andExpect(redirectedUrl("http://localhost/login"));
 	}
 
 	@Test
-	public void servletLogoutWhenUsingDefaultConfigurationThenUsesSpringSecurity()
-			throws Exception {
+	public void servletLogoutWhenUsingDefaultConfigurationThenUsesSpringSecurity() throws Exception {
 
 		this.spring.configLocations(this.xml("Simple")).autowire();
 
@@ -97,10 +89,8 @@ public class SecurityContextHolderAwareRequestConfigTests {
 
 		assertThat(session).isNotNull();
 
-		result = this.mvc.perform(get("/do-logout").session(session))
-				.andExpect(status().isOk())
-				.andExpect(content().string(""))
-				.andReturn();
+		result = this.mvc.perform(get("/do-logout").session(session)).andExpect(status().isOk())
+				.andExpect(content().string("")).andReturn();
 
 		session = (MockHttpSession) result.getRequest().getSession(false);
 
@@ -108,61 +98,48 @@ public class SecurityContextHolderAwareRequestConfigTests {
 	}
 
 	@Test
-	public void servletAuthenticateWhenUsingHttpBasicThenUsesSpringSecurity()
-			throws Exception {
+	public void servletAuthenticateWhenUsingHttpBasicThenUsesSpringSecurity() throws Exception {
 
 		this.spring.configLocations(this.xml("HttpBasic")).autowire();
 
-		this.mvc.perform(get("/authenticate"))
-				.andExpect(status().isUnauthorized())
+		this.mvc.perform(get("/authenticate")).andExpect(status().isUnauthorized())
 				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, containsString("discworld")));
 	}
 
 	@Test
-	public void servletAuthenticateWhenUsingFormLoginThenUsesSpringSecurity()
-			throws Exception {
+	public void servletAuthenticateWhenUsingFormLoginThenUsesSpringSecurity() throws Exception {
 
 		this.spring.configLocations(this.xml("FormLogin")).autowire();
 
-		this.mvc.perform(get("/authenticate"))
-				.andExpect(status().isFound())
+		this.mvc.perform(get("/authenticate")).andExpect(status().isFound())
 				.andExpect(redirectedUrl("http://localhost/login"));
 	}
 
 	@Test
-	public void servletLoginWhenUsingMultipleHttpConfigsThenUsesSpringSecurity()
-			throws Exception {
+	public void servletLoginWhenUsingMultipleHttpConfigsThenUsesSpringSecurity() throws Exception {
 
 		this.spring.configLocations(this.xml("MultiHttp")).autowire();
 
-		this.mvc.perform(get("/good-login"))
-				.andExpect(status().isOk())
-				.andExpect(content().string("user"));
+		this.mvc.perform(get("/good-login")).andExpect(status().isOk()).andExpect(content().string("user"));
 
-		this.mvc.perform(get("/v2/good-login"))
-				.andExpect(status().isOk())
-				.andExpect(content().string("user2"));
+		this.mvc.perform(get("/v2/good-login")).andExpect(status().isOk()).andExpect(content().string("user2"));
 	}
 
 	@Test
-	public void servletAuthenticateWhenUsingMultipleHttpConfigsThenUsesSpringSecurity()
-			throws Exception {
+	public void servletAuthenticateWhenUsingMultipleHttpConfigsThenUsesSpringSecurity() throws Exception {
 
 		this.spring.configLocations(this.xml("MultiHttp")).autowire();
 
-		this.mvc.perform(get("/authenticate"))
-				.andExpect(status().isFound())
+		this.mvc.perform(get("/authenticate")).andExpect(status().isFound())
 				.andExpect(redirectedUrl("http://localhost/login"));
 
-		this.mvc.perform(get("/v2/authenticate"))
-				.andExpect(status().isFound())
+		this.mvc.perform(get("/v2/authenticate")).andExpect(status().isFound())
 				.andExpect(redirectedUrl("http://localhost/login2"));
 
 	}
 
 	@Test
-	public void servletLogoutWhenUsingMultipleHttpConfigsThenUsesSpringSecurity()
-			throws Exception {
+	public void servletLogoutWhenUsingMultipleHttpConfigsThenUsesSpringSecurity() throws Exception {
 
 		this.spring.configLocations(this.xml("MultiHttp")).autowire();
 
@@ -172,10 +149,8 @@ public class SecurityContextHolderAwareRequestConfigTests {
 
 		assertThat(session).isNotNull();
 
-		result = this.mvc.perform(get("/do-logout").session(session))
-				.andExpect(status().isOk())
-				.andExpect(content().string(""))
-				.andReturn();
+		result = this.mvc.perform(get("/do-logout").session(session)).andExpect(status().isOk())
+				.andExpect(content().string("")).andReturn();
 
 		session = (MockHttpSession) result.getRequest().getSession(false);
 
@@ -187,10 +162,8 @@ public class SecurityContextHolderAwareRequestConfigTests {
 
 		assertThat(session).isNotNull();
 
-		result = this.mvc.perform(get("/v2/do-logout").session(session))
-				.andExpect(status().isOk())
-				.andExpect(content().string(""))
-				.andReturn();
+		result = this.mvc.perform(get("/v2/do-logout").session(session)).andExpect(status().isOk())
+				.andExpect(content().string("")).andReturn();
 
 		session = (MockHttpSession) result.getRequest().getSession(false);
 
@@ -198,13 +171,11 @@ public class SecurityContextHolderAwareRequestConfigTests {
 	}
 
 	@Test
-	public void servletLogoutWhenUsingCustomLogoutThenUsesSpringSecurity()
-			throws Exception {
+	public void servletLogoutWhenUsingCustomLogoutThenUsesSpringSecurity() throws Exception {
 
 		this.spring.configLocations(this.xml("Logout")).autowire();
 
-		this.mvc.perform(get("/authenticate"))
-				.andExpect(status().isFound())
+		this.mvc.perform(get("/authenticate")).andExpect(status().isFound())
 				.andExpect(redirectedUrl("http://localhost/signin"));
 
 		MvcResult result = this.mvc.perform(get("/good-login")).andReturn();
@@ -213,11 +184,8 @@ public class SecurityContextHolderAwareRequestConfigTests {
 
 		assertThat(session).isNotNull();
 
-		result = this.mvc.perform(get("/do-logout").session(session))
-				.andExpect(status().isOk())
-				.andExpect(content().string(""))
-				.andExpect(cookie().maxAge("JSESSIONID", 0))
-				.andReturn();
+		result = this.mvc.perform(get("/do-logout").session(session)).andExpect(status().isOk())
+				.andExpect(content().string("")).andExpect(cookie().maxAge("JSESSIONID", 0)).andReturn();
 
 		session = (MockHttpSession) result.getRequest().getSession(false);
 
@@ -229,8 +197,7 @@ public class SecurityContextHolderAwareRequestConfigTests {
 	 */
 	@Test
 	@WithMockUser
-	public void servletIsUserInRoleWhenUsingDefaultConfigThenRoleIsSet()
-			throws Exception {
+	public void servletIsUserInRoleWhenUsingDefaultConfigThenRoleIsSet() throws Exception {
 
 		this.spring.configLocations(this.xml("Simple")).autowire();
 
@@ -239,6 +206,7 @@ public class SecurityContextHolderAwareRequestConfigTests {
 
 	@RestController
 	public static class ServletAuthenticatedController {
+
 		@GetMapping("/v2/good-login")
 		public String v2Login(HttpServletRequest request) throws ServletException {
 
@@ -289,14 +257,16 @@ public class SecurityContextHolderAwareRequestConfigTests {
 		}
 
 		private String principal() {
-			if ( SecurityContextHolder.getContext().getAuthentication() != null ) {
+			if (SecurityContextHolder.getContext().getAuthentication() != null) {
 				return SecurityContextHolder.getContext().getAuthentication().getName();
 			}
 			return null;
 		}
+
 	}
 
 	private String xml(String configName) {
 		return CONFIG_LOCATION_PREFIX + "-" + configName + ".xml";
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/http/SecurityFiltersAssertions.java b/config/src/test/java/org/springframework/security/config/http/SecurityFiltersAssertions.java
index 776cb49a92..7b9da04b9e 100644
--- a/config/src/test/java/org/springframework/security/config/http/SecurityFiltersAssertions.java
+++ b/config/src/test/java/org/springframework/security/config/http/SecurityFiltersAssertions.java
@@ -23,18 +23,19 @@ import java.util.stream.Collectors;
 import static org.assertj.core.api.Assertions.assertThat;
 
 /**
- * Assertions for tests that rely on confirming behavior of the package-private SecurityFilters enum
+ * Assertions for tests that rely on confirming behavior of the package-private
+ * SecurityFilters enum
  *
  * @author Josh Cummings
  */
 public class SecurityFiltersAssertions {
+
 	private static Collection<SecurityFilters> ordered = Arrays.asList(SecurityFilters.values());
 
 	public static void assertEquals(List<String> filters) {
-		List<String> expected = ordered.stream()
-				.map(SecurityFilters::name)
-				.collect(Collectors.toList());
+		List<String> expected = ordered.stream().map(SecurityFilters::name).collect(Collectors.toList());
 
 		assertThat(filters).isEqualTo(expected);
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigServlet31Tests.java b/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigServlet31Tests.java
index 7ced0f768a..1f7c2107e0 100644
--- a/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigServlet31Tests.java
+++ b/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigServlet31Tests.java
@@ -48,17 +48,18 @@ import static org.assertj.core.api.AssertionsForClassTypes.assertThat;
 @PrepareForTest({ ReflectionUtils.class, Method.class })
 @PowerMockIgnore({ "org.w3c.dom.*", "org.xml.sax.*", "org.apache.xerces.*", "javax.xml.parsers.*" })
 public class SessionManagementConfigServlet31Tests {
-	private static final String XML_AUTHENTICATION_MANAGER = "<authentication-manager>"
-			+ "  <authentication-provider>" + "    <user-service>"
-			+ "      <user name='user' password='{noop}password' authorities='ROLE_USER' />"
-			+ "    </user-service>" + "  </authentication-provider>"
-			+ "</authentication-manager>";
+
+	private static final String XML_AUTHENTICATION_MANAGER = "<authentication-manager>" + "  <authentication-provider>"
+			+ "    <user-service>" + "      <user name='user' password='{noop}password' authorities='ROLE_USER' />"
+			+ "    </user-service>" + "  </authentication-provider>" + "</authentication-manager>";
 
 	@Mock
 	Method method;
 
 	MockHttpServletRequest request;
+
 	MockHttpServletResponse response;
+
 	MockFilterChain chain;
 
 	ConfigurableApplicationContext context;
@@ -92,13 +93,11 @@ public class SessionManagementConfigServlet31Tests {
 
 		String id = request.getSession().getId();
 
-		loadContext("<http>\n" + "        <form-login/>\n"
-				+ "        <session-management/>\n" + "        <csrf disabled='true'/>\n"
-				+ "    </http>" + XML_AUTHENTICATION_MANAGER);
+		loadContext("<http>\n" + "        <form-login/>\n" + "        <session-management/>\n"
+				+ "        <csrf disabled='true'/>\n" + "    </http>" + XML_AUTHENTICATION_MANAGER);
 
 		springSecurityFilterChain.doFilter(request, response, chain);
 
-
 		assertThat(request.getSession().getId()).isNotEqualTo(id);
 		assertThat(request.getSession().getAttribute("attribute1")).isEqualTo("value1");
 	}
@@ -115,11 +114,9 @@ public class SessionManagementConfigServlet31Tests {
 
 		String id = request.getSession().getId();
 
-		loadContext("<http>\n"
-				+ "        <form-login/>\n"
+		loadContext("<http>\n" + "        <form-login/>\n"
 				+ "        <session-management session-fixation-protection='changeSessionId'/>\n"
-				+ "        <csrf disabled='true'/>\n" + "    </http>"
-				+ XML_AUTHENTICATION_MANAGER);
+				+ "        <csrf disabled='true'/>\n" + "    </http>" + XML_AUTHENTICATION_MANAGER);
 
 		springSecurityFilterChain.doFilter(request, response, chain);
 
@@ -129,19 +126,17 @@ public class SessionManagementConfigServlet31Tests {
 
 	private void loadContext(String context) {
 		this.context = new InMemoryXmlApplicationContext(context);
-		this.springSecurityFilterChain = this.context.getBean(
-				"springSecurityFilterChain", Filter.class);
+		this.springSecurityFilterChain = this.context.getBean("springSecurityFilterChain", Filter.class);
 	}
 
 	private void login(Authentication auth) {
 		HttpSessionSecurityContextRepository repo = new HttpSessionSecurityContextRepository();
-		HttpRequestResponseHolder requestResponseHolder = new HttpRequestResponseHolder(
-				request, response);
+		HttpRequestResponseHolder requestResponseHolder = new HttpRequestResponseHolder(request, response);
 		repo.loadContext(requestResponseHolder);
 
 		SecurityContextImpl securityContextImpl = new SecurityContextImpl();
 		securityContextImpl.setAuthentication(auth);
-		repo.saveContext(securityContextImpl, requestResponseHolder.getRequest(),
-				requestResponseHolder.getResponse());
+		repo.saveContext(securityContextImpl, requestResponseHolder.getRequest(), requestResponseHolder.getResponse());
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigTests.java b/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigTests.java
index 141ac51b75..b91007a29a 100644
--- a/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigTests.java
@@ -69,7 +69,8 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
 
 /**
- * Tests session-related functionality for the &lt;http&gt; namespace element and &lt;session-management&gt;
+ * Tests session-related functionality for the &lt;http&gt; namespace element and
+ * &lt;session-management&gt;
  *
  * @author Luke Taylor
  * @author Rob Winch
@@ -77,8 +78,8 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
  * @author Onur Kagan Ozcan
  */
 public class SessionManagementConfigTests {
-	private static final String CONFIG_LOCATION_PREFIX =
-			"classpath:org/springframework/security/config/http/SessionManagementConfigTests";
+
+	private static final String CONFIG_LOCATION_PREFIX = "classpath:org/springframework/security/config/http/SessionManagementConfigTests";
 
 	@Rule
 	public final SpringTestRule spring = new SpringTestRule();
@@ -87,8 +88,7 @@ public class SessionManagementConfigTests {
 	MockMvc mvc;
 
 	@Test
-	public void requestWhenCreateSessionAlwaysThenAlwaysCreatesSession()
-			throws Exception {
+	public void requestWhenCreateSessionAlwaysThenAlwaysCreatesSession() throws Exception {
 		this.spring.configLocations(this.xml("CreateSessionAlways")).autowire();
 
 		MockHttpServletRequest request = get("/").buildRequest(this.servletContext());
@@ -99,8 +99,7 @@ public class SessionManagementConfigTests {
 	}
 
 	@Test
-	public void requestWhenCreateSessionIsSetToNeverThenDoesNotCreateSessionOnLoginChallenge()
-			throws Exception {
+	public void requestWhenCreateSessionIsSetToNeverThenDoesNotCreateSessionOnLoginChallenge() throws Exception {
 
 		this.spring.configLocations(this.xml("CreateSessionNever")).autowire();
 
@@ -112,14 +111,11 @@ public class SessionManagementConfigTests {
 	}
 
 	@Test
-	public void requestWhenCreateSessionIsSetToNeverThenDoesNotCreateSessionOnLogin()
-			throws Exception {
+	public void requestWhenCreateSessionIsSetToNeverThenDoesNotCreateSessionOnLogin() throws Exception {
 
 		this.spring.configLocations(this.xml("CreateSessionNever")).autowire();
 
-		MockHttpServletRequest request = post("/login")
-				.param("username", "user")
-				.param("password", "password")
+		MockHttpServletRequest request = post("/login").param("username", "user").param("password", "password")
 				.buildRequest(this.servletContext());
 		request = csrf().postProcessRequest(request);
 		MockHttpServletResponse response = request(request, this.spring.getContext());
@@ -129,14 +125,11 @@ public class SessionManagementConfigTests {
 	}
 
 	@Test
-	public void requestWhenCreateSessionIsSetToNeverThenUsesExistingSession()
-			throws Exception {
+	public void requestWhenCreateSessionIsSetToNeverThenUsesExistingSession() throws Exception {
 
 		this.spring.configLocations(this.xml("CreateSessionNever")).autowire();
 
-		MockHttpServletRequest request = post("/login")
-				.param("username", "user")
-				.param("password", "password")
+		MockHttpServletRequest request = post("/login").param("username", "user").param("password", "password")
 				.buildRequest(this.servletContext());
 		request = csrf().postProcessRequest(request);
 		MockHttpSession session = new MockHttpSession();
@@ -145,59 +138,41 @@ public class SessionManagementConfigTests {
 
 		assertThat(response.getStatus()).isEqualTo(HttpStatus.SC_MOVED_TEMPORARILY);
 		assertThat(request.getSession(false)).isNotNull();
-		assertThat(request.getSession(false).getAttribute(SPRING_SECURITY_CONTEXT_KEY))
-				.isNotNull();
+		assertThat(request.getSession(false).getAttribute(SPRING_SECURITY_CONTEXT_KEY)).isNotNull();
 	}
 
 	@Test
-	public void requestWhenCreateSessionIsSetToStatelessThenDoesNotCreateSessionOnLoginChallenge()
-			throws Exception {
+	public void requestWhenCreateSessionIsSetToStatelessThenDoesNotCreateSessionOnLoginChallenge() throws Exception {
 
 		this.spring.configLocations(this.xml("CreateSessionStateless")).autowire();
 
-		this.mvc.perform(get("/auth"))
-				.andExpect(status().isFound())
-				.andExpect(session().exists(false));
+		this.mvc.perform(get("/auth")).andExpect(status().isFound()).andExpect(session().exists(false));
 	}
 
 	@Test
-	public void requestWhenCreateSessionIsSetToStatelessThenDoesNotCreateSessionOnLogin()
-			throws Exception {
+	public void requestWhenCreateSessionIsSetToStatelessThenDoesNotCreateSessionOnLogin() throws Exception {
 
 		this.spring.configLocations(this.xml("CreateSessionStateless")).autowire();
 
-
-		this.mvc.perform(post("/login")
-				.param("username", "user")
-				.param("password", "password")
-				.with(csrf()))
-				.andExpect(status().isFound())
-				.andExpect(session().exists(false));
+		this.mvc.perform(post("/login").param("username", "user").param("password", "password").with(csrf()))
+				.andExpect(status().isFound()).andExpect(session().exists(false));
 	}
 
 	@Test
-	public void requestWhenCreateSessionIsSetToStatelessThenIgnoresExistingSession()
-			throws Exception {
+	public void requestWhenCreateSessionIsSetToStatelessThenIgnoresExistingSession() throws Exception {
 
 		this.spring.configLocations(this.xml("CreateSessionStateless")).autowire();
 
-		MvcResult result =
-				this.mvc.perform(post("/login")
-						.param("username", "user")
-						.param("password", "password")
-						.session(new MockHttpSession())
-						.with(csrf()))
-						.andExpect(status().isFound())
-						.andExpect(session())
-						.andReturn();
+		MvcResult result = this.mvc
+				.perform(post("/login").param("username", "user").param("password", "password")
+						.session(new MockHttpSession()).with(csrf()))
+				.andExpect(status().isFound()).andExpect(session()).andReturn();
 
-		assertThat(result.getRequest().getSession(false).getAttribute(SPRING_SECURITY_CONTEXT_KEY))
-				.isNull();
+		assertThat(result.getRequest().getSession(false).getAttribute(SPRING_SECURITY_CONTEXT_KEY)).isNull();
 	}
 
 	@Test
-	public void requestWhenCreateSessionIsSetToIfRequiredThenDoesNotCreateSessionOnPublicInvocation()
-			throws Exception {
+	public void requestWhenCreateSessionIsSetToIfRequiredThenDoesNotCreateSessionOnPublicInvocation() throws Exception {
 
 		this.spring.configLocations(this.xml("CreateSessionIfRequired")).autowire();
 
@@ -210,8 +185,7 @@ public class SessionManagementConfigTests {
 	}
 
 	@Test
-	public void requestWhenCreateSessionIsSetToIfRequiredThenCreatesSessionOnLoginChallenge()
-			throws Exception {
+	public void requestWhenCreateSessionIsSetToIfRequiredThenCreatesSessionOnLoginChallenge() throws Exception {
 
 		this.spring.configLocations(this.xml("CreateSessionIfRequired")).autowire();
 
@@ -224,15 +198,12 @@ public class SessionManagementConfigTests {
 	}
 
 	@Test
-	public void requestWhenCreateSessionIsSetToIfRequiredThenCreatesSessionOnLogin()
-			throws Exception {
+	public void requestWhenCreateSessionIsSetToIfRequiredThenCreatesSessionOnLogin() throws Exception {
 
 		this.spring.configLocations(this.xml("CreateSessionIfRequired")).autowire();
 
 		ServletContext servletContext = this.mvc.getDispatcherServlet().getServletContext();
-		MockHttpServletRequest request = post("/login")
-				.param("username", "user")
-				.param("password", "password")
+		MockHttpServletRequest request = post("/login").param("username", "user").param("password", "password")
 				.buildRequest(servletContext);
 		request = csrf().postProcessRequest(request);
 		MockHttpServletResponse response = request(request, this.spring.getContext());
@@ -245,19 +216,14 @@ public class SessionManagementConfigTests {
 	 * SEC-1208
 	 */
 	@Test
-	public void requestWhenRejectingUserBasedOnMaxSessionsExceededThenDoesNotCreateSession()
-			throws Exception {
+	public void requestWhenRejectingUserBasedOnMaxSessionsExceededThenDoesNotCreateSession() throws Exception {
 
 		this.spring.configLocations(this.xml("Sec1208")).autowire();
 
-		this.mvc.perform(get("/auth")
-				.with(httpBasic("user", "password")))
-				.andExpect(status().isOk())
+		this.mvc.perform(get("/auth").with(httpBasic("user", "password"))).andExpect(status().isOk())
 				.andExpect(session());
 
-		this.mvc.perform(get("/auth")
-				.with(httpBasic("user", "password")))
-				.andExpect(status().isUnauthorized())
+		this.mvc.perform(get("/auth").with(httpBasic("user", "password"))).andExpect(status().isUnauthorized())
 				.andExpect(session().exists(false));
 	}
 
@@ -271,10 +237,7 @@ public class SessionManagementConfigTests {
 		this.spring.configLocations(this.xml("Sec2137")).autowire();
 
 		MockHttpSession session = new MockHttpSession();
-		this.mvc.perform(get("/auth")
-				.session(session)
-				.with(httpBasic("user", "password")))
-				.andExpect(status().isOk())
+		this.mvc.perform(get("/auth").session(session).with(httpBasic("user", "password"))).andExpect(status().isOk())
 				.andExpect(session().id(session.getId()));
 	}
 
@@ -286,16 +249,12 @@ public class SessionManagementConfigTests {
 	}
 
 	@Test
-	public void requestWhenExpiredUrlIsSetThenInvalidatesSessionAndRedirects()
-			throws Exception {
+	public void requestWhenExpiredUrlIsSetThenInvalidatesSessionAndRedirects() throws Exception {
 
 		this.spring.configLocations(this.xml("ConcurrencyControlExpiredUrl")).autowire();
 
-		this.mvc.perform(get("/auth")
-				.session(this.expiredSession())
-				.with(httpBasic("user", "password")))
-				.andExpect(redirectedUrl("/expired"))
-				.andExpect(session().exists(false));
+		this.mvc.perform(get("/auth").session(this.expiredSession()).with(httpBasic("user", "password")))
+				.andExpect(redirectedUrl("/expired")).andExpect(session().exists(false));
 	}
 
 	@Test
@@ -304,26 +263,18 @@ public class SessionManagementConfigTests {
 
 		this.spring.configLocations(this.xml("ConcurrencyControlLogoutAndRememberMeHandlers")).autowire();
 
-		this.mvc.perform(get("/auth")
-				.session(this.expiredSession())
-				.with(httpBasic("user", "password")))
-				.andExpect(status().isOk())
-				.andExpect(cookie().maxAge("testCookie", 0))
-				.andExpect(cookie().exists("rememberMeCookie"))
-				.andExpect(session().valid(true));
+		this.mvc.perform(get("/auth").session(this.expiredSession()).with(httpBasic("user", "password")))
+				.andExpect(status().isOk()).andExpect(cookie().maxAge("testCookie", 0))
+				.andExpect(cookie().exists("rememberMeCookie")).andExpect(session().valid(true));
 	}
 
 	@Test
-	public void requestWhenConcurrencyControlAndRememberMeAreSetThenInvokedWhenSessionExpires()
-			throws Exception {
+	public void requestWhenConcurrencyControlAndRememberMeAreSetThenInvokedWhenSessionExpires() throws Exception {
 
 		this.spring.configLocations(this.xml("ConcurrencyControlRememberMeHandler")).autowire();
 
-		this.mvc.perform(get("/auth")
-				.session(this.expiredSession())
-				.with(httpBasic("user", "password")))
-				.andExpect(status().isOk())
-				.andExpect(cookie().exists("rememberMeCookie"))
+		this.mvc.perform(get("/auth").session(this.expiredSession()).with(httpBasic("user", "password")))
+				.andExpect(status().isOk()).andExpect(cookie().exists("rememberMeCookie"))
 				.andExpect(session().exists(false));
 	}
 
@@ -331,49 +282,37 @@ public class SessionManagementConfigTests {
 	 * SEC-2057
 	 */
 	@Test
-	public void autowireWhenConcurrencyControlIsSetThenLogoutHandlersGetAuthenticationObject()
-			throws Exception {
+	public void autowireWhenConcurrencyControlIsSetThenLogoutHandlersGetAuthenticationObject() throws Exception {
 
 		this.spring.configLocations(this.xml("ConcurrencyControlCustomLogoutHandler")).autowire();
 
-		MvcResult result =
-			this.mvc.perform(get("/auth")
-					.with(httpBasic("user", "password")))
-					.andExpect(session())
-					.andReturn();
+		MvcResult result = this.mvc.perform(get("/auth").with(httpBasic("user", "password"))).andExpect(session())
+				.andReturn();
 
 		MockHttpSession session = (MockHttpSession) result.getRequest().getSession(false);
 
 		SessionRegistry sessionRegistry = this.spring.getContext().getBean(SessionRegistry.class);
 		sessionRegistry.getSessionInformation(session.getId()).expireNow();
 
-		this.mvc.perform(get("/auth")
-				.session(session))
-				.andExpect(header().string("X-Username", "user"));
+		this.mvc.perform(get("/auth").session(session)).andExpect(header().string("X-Username", "user"));
 	}
 
 	@Test
-	public void requestWhenConcurrencyControlIsSetThenDefaultsToResponseBodyExpirationResponse()
-			throws Exception {
+	public void requestWhenConcurrencyControlIsSetThenDefaultsToResponseBodyExpirationResponse() throws Exception {
 
 		this.spring.configLocations(this.xml("ConcurrencyControlSessionRegistryAlias")).autowire();
 
-		this.mvc.perform(get("/auth")
-				.session(this.expiredSession())
-				.with(httpBasic("user", "password")))
+		this.mvc.perform(get("/auth").session(this.expiredSession()).with(httpBasic("user", "password")))
 				.andExpect(content().string("This session has been expired (possibly due to multiple concurrent "
 						+ "logins being attempted as the same user)."));
 	}
 
 	@Test
-	public void requestWhenCustomSessionAuthenticationStrategyThenInvokesOnAuthentication()
-			throws Exception {
+	public void requestWhenCustomSessionAuthenticationStrategyThenInvokesOnAuthentication() throws Exception {
 
 		this.spring.configLocations(this.xml("SessionAuthenticationStrategyRef")).autowire();
 
-		this.mvc.perform(get("/auth")
-				.with(httpBasic("user", "password")))
-				.andExpect(status().isIAmATeapot());
+		this.mvc.perform(get("/auth").with(httpBasic("user", "password"))).andExpect(status().isIAmATeapot());
 	}
 
 	@Test
@@ -384,22 +323,15 @@ public class SessionManagementConfigTests {
 	}
 
 	@Test
-	public void requestWhenMaxSessionsIsSetThenErrorsWhenExceeded()
-			throws Exception {
+	public void requestWhenMaxSessionsIsSetThenErrorsWhenExceeded() throws Exception {
 
 		this.spring.configLocations(this.xml("ConcurrencyControlMaxSessions")).autowire();
 
-		this.mvc.perform(get("/auth")
-				.with(httpBasic("user", "password")))
-				.andExpect(status().isOk());
+		this.mvc.perform(get("/auth").with(httpBasic("user", "password"))).andExpect(status().isOk());
 
-		this.mvc.perform(get("/auth")
-				.with(httpBasic("user", "password")))
-				.andExpect(status().isOk());
+		this.mvc.perform(get("/auth").with(httpBasic("user", "password"))).andExpect(status().isOk());
 
-		this.mvc.perform(get("/auth")
-				.with(httpBasic("user", "password")))
-				.andExpect(redirectedUrl("/max-exceeded"));
+		this.mvc.perform(get("/auth").with(httpBasic("user", "password"))).andExpect(redirectedUrl("/max-exceeded"));
 	}
 
 	@Test
@@ -411,35 +343,27 @@ public class SessionManagementConfigTests {
 	}
 
 	@Test
-	public void requestWhenSessionFixationProtectionIsNoneThenSessionNotInvalidated()
-			throws Exception {
+	public void requestWhenSessionFixationProtectionIsNoneThenSessionNotInvalidated() throws Exception {
 
 		this.spring.configLocations(this.xml("SessionFixationProtectionNone")).autowire();
 
 		MockHttpSession session = new MockHttpSession();
 		String sessionId = session.getId();
 
-		this.mvc.perform(get("/auth")
-				.session(session)
-				.with(httpBasic("user", "password")))
+		this.mvc.perform(get("/auth").session(session).with(httpBasic("user", "password")))
 				.andExpect(session().id(sessionId));
 	}
 
 	@Test
-	public void requestWhenSessionFixationProtectionIsMigrateSessionThenSessionIsReplaced()
-			throws Exception {
+	public void requestWhenSessionFixationProtectionIsMigrateSessionThenSessionIsReplaced() throws Exception {
 
 		this.spring.configLocations(this.xml("SessionFixationProtectionMigrateSession")).autowire();
 
 		MockHttpSession session = new MockHttpSession();
 		String sessionId = session.getId();
 
-		MvcResult result =
-			this.mvc.perform(get("/auth")
-					.session(session)
-					.with(httpBasic("user", "password")))
-					.andExpect(session())
-					.andReturn();
+		MvcResult result = this.mvc.perform(get("/auth").session(session).with(httpBasic("user", "password")))
+				.andExpect(session()).andReturn();
 
 		assertThat(result.getRequest().getSession(false).getId()).isNotEqualTo(sessionId);
 	}
@@ -450,13 +374,11 @@ public class SessionManagementConfigTests {
 
 		this.spring.configLocations(this.xml("SessionFixationProtectionNoneWithInvalidSessionUrl")).autowire();
 
-		this.mvc.perform(get("/auth")
-				.with(request -> {
-					request.setRequestedSessionId("1");
-					request.setRequestedSessionIdValid(false);
-					return request;
-				}))
-				.andExpect(redirectedUrl("/timeoutUrl"));
+		this.mvc.perform(get("/auth").with(request -> {
+			request.setRequestedSessionId("1");
+			request.setRequestedSessionIdValid(false);
+			return request;
+		})).andExpect(redirectedUrl("/timeoutUrl"));
 	}
 
 	/**
@@ -488,16 +410,16 @@ public class SessionManagementConfigTests {
 	static class TeapotSessionAuthenticationStrategy implements SessionAuthenticationStrategy {
 
 		@Override
-		public void onAuthentication(
-				Authentication authentication,
-				HttpServletRequest request,
+		public void onAuthentication(Authentication authentication, HttpServletRequest request,
 				HttpServletResponse response) throws SessionAuthenticationException {
 
 			response.setStatus(org.springframework.http.HttpStatus.I_AM_A_TEAPOT.value());
 		}
+
 	}
 
 	static class CustomRememberMeServices implements RememberMeServices, LogoutHandler {
+
 		@Override
 		public Authentication autoLogin(HttpServletRequest request, HttpServletResponse response) {
 			return null;
@@ -509,7 +431,8 @@ public class SessionManagementConfigTests {
 		}
 
 		@Override
-		public void loginSuccess(HttpServletRequest request, HttpServletResponse response, Authentication successfulAuthentication) {
+		public void loginSuccess(HttpServletRequest request, HttpServletResponse response,
+				Authentication successfulAuthentication) {
 
 		}
 
@@ -517,10 +440,12 @@ public class SessionManagementConfigTests {
 		public void logout(HttpServletRequest request, HttpServletResponse response, Authentication authentication) {
 			response.addHeader("X-Username", authentication.getName());
 		}
+
 	}
 
 	@RestController
 	static class BasicController {
+
 		@GetMapping("/")
 		public String ok() {
 			return "ok";
@@ -530,21 +455,21 @@ public class SessionManagementConfigTests {
 		public String auth(Principal principal) {
 			return principal.getName();
 		}
+
 	}
 
 	private void sessionRegistryIsValid() {
-		SessionRegistry sessionRegistry = this.spring.getContext()
-				.getBean("sessionRegistry", SessionRegistry.class);
+		SessionRegistry sessionRegistry = this.spring.getContext().getBean("sessionRegistry", SessionRegistry.class);
 
 		assertThat(sessionRegistry).isNotNull();
 
-		assertThat(this.getFilter(ConcurrentSessionFilter.class))
-				.returns(sessionRegistry, this::extractSessionRegistry);
-		assertThat(this.getFilter(UsernamePasswordAuthenticationFilter.class))
-				.returns(sessionRegistry, this::extractSessionRegistry);
+		assertThat(this.getFilter(ConcurrentSessionFilter.class)).returns(sessionRegistry,
+				this::extractSessionRegistry);
+		assertThat(this.getFilter(UsernamePasswordAuthenticationFilter.class)).returns(sessionRegistry,
+				this::extractSessionRegistry);
 		// SEC-1143
-		assertThat(this.getFilter(SessionManagementFilter.class))
-				.returns(sessionRegistry, this::extractSessionRegistry);
+		assertThat(this.getFilter(SessionManagementFilter.class)).returns(sessionRegistry,
+				this::extractSessionRegistry);
 	}
 
 	private SessionRegistry extractSessionRegistry(ConcurrentSessionFilter filter) {
@@ -566,7 +491,8 @@ public class SessionManagementConfigTests {
 	private <T> T getFieldValue(Object target, String fieldName) {
 		try {
 			return (T) FieldUtils.getFieldValue(target, fieldName);
-		} catch (Exception e) {
+		}
+		catch (Exception e) {
 			throw new RuntimeException(e);
 		}
 	}
@@ -576,8 +502,11 @@ public class SessionManagementConfigTests {
 	}
 
 	private static class SessionResultMatcher implements ResultMatcher {
+
 		private String id;
+
 		private Boolean valid;
+
 		private Boolean exists = true;
 
 		public ResultMatcher exists(boolean exists) {
@@ -609,7 +538,8 @@ public class SessionManagementConfigTests {
 			if (this.valid != null) {
 				if (this.valid) {
 					assertThat(session.isInvalid()).isFalse();
-				} else {
+				}
+				else {
 					assertThat(session.isInvalid()).isTrue();
 				}
 			}
@@ -618,27 +548,23 @@ public class SessionManagementConfigTests {
 				assertThat(session.getId()).isEqualTo(this.id);
 			}
 		}
+
 	}
 
-	private static MockHttpServletResponse request(
-			MockHttpServletRequest request,
-			ApplicationContext context)
+	private static MockHttpServletResponse request(MockHttpServletRequest request, ApplicationContext context)
 			throws IOException, ServletException {
 
 		MockHttpServletResponse response = new MockHttpServletResponse();
 
 		FilterChainProxy proxy = context.getBean(FilterChainProxy.class);
 
-		proxy.doFilter(
-				request,
-				new EncodeUrlDenyingHttpServletResponseWrapper(response),
-				(req, resp) -> {});
+		proxy.doFilter(request, new EncodeUrlDenyingHttpServletResponseWrapper(response), (req, resp) -> {
+		});
 
 		return response;
 	}
 
-	private static class EncodeUrlDenyingHttpServletResponseWrapper
-			extends HttpServletResponseWrapper {
+	private static class EncodeUrlDenyingHttpServletResponseWrapper extends HttpServletResponseWrapper {
 
 		EncodeUrlDenyingHttpServletResponseWrapper(HttpServletResponse response) {
 			super(response);
@@ -663,6 +589,7 @@ public class SessionManagementConfigTests {
 		public String encodeRedirectUrl(String url) {
 			throw new RuntimeException("Unexpected invocation of encodeURL");
 		}
+
 	}
 
 	private MockHttpSession expiredSession() {
@@ -674,10 +601,7 @@ public class SessionManagementConfigTests {
 	}
 
 	private <T extends Filter> T getFilter(Class<T> filterClass) {
-		return (T) getFilters().stream()
-				.filter(filterClass::isInstance)
-				.findFirst()
-				.orElse(null);
+		return (T) getFilters().stream().filter(filterClass::isInstance).findFirst().orElse(null);
 	}
 
 	private List<Filter> getFilters() {
@@ -694,4 +618,5 @@ public class SessionManagementConfigTests {
 	private String xml(String configName) {
 		return CONFIG_LOCATION_PREFIX + "-" + configName + ".xml";
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigTransientAuthenticationTests.java b/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigTransientAuthenticationTests.java
index e13801ba58..fe909288bc 100644
--- a/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigTransientAuthenticationTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigTransientAuthenticationTests.java
@@ -35,8 +35,8 @@ import static org.springframework.test.web.servlet.request.MockMvcRequestBuilder
  * @author Josh Cummings
  */
 public class SessionManagementConfigTransientAuthenticationTests {
-	private static final String CONFIG_LOCATION_PREFIX =
-			"classpath:org/springframework/security/config/http/SessionManagementConfigTransientAuthenticationTests";
+
+	private static final String CONFIG_LOCATION_PREFIX = "classpath:org/springframework/security/config/http/SessionManagementConfigTransientAuthenticationTests";
 
 	@Autowired
 	MockMvc mvc;
@@ -45,8 +45,7 @@ public class SessionManagementConfigTransientAuthenticationTests {
 	public final SpringTestRule spring = new SpringTestRule();
 
 	@Test
-	public void postWhenTransientAuthenticationThenNoSessionCreated()
-			throws Exception {
+	public void postWhenTransientAuthenticationThenNoSessionCreated() throws Exception {
 
 		this.spring.configLocations(this.xml("WithTransientAuthentication")).autowire();
 		MvcResult result = this.mvc.perform(post("/login")).andReturn();
@@ -54,8 +53,7 @@ public class SessionManagementConfigTransientAuthenticationTests {
 	}
 
 	@Test
-	public void postWhenTransientAuthenticationThenAlwaysSessionOverrides()
-			throws Exception {
+	public void postWhenTransientAuthenticationThenAlwaysSessionOverrides() throws Exception {
 
 		this.spring.configLocations(this.xml("CreateSessionAlwaysWithTransientAuthentication")).autowire();
 		MvcResult result = this.mvc.perform(post("/login")).andReturn();
@@ -73,10 +71,12 @@ public class SessionManagementConfigTransientAuthenticationTests {
 		public boolean supports(Class<?> authentication) {
 			return true;
 		}
+
 	}
 
 	@Transient
 	static class SomeTransientAuthentication extends AbstractAuthenticationToken {
+
 		SomeTransientAuthentication() {
 			super(null);
 		}
@@ -90,9 +90,11 @@ public class SessionManagementConfigTransientAuthenticationTests {
 		public Object getPrincipal() {
 			return null;
 		}
+
 	}
 
 	private String xml(String configName) {
 		return CONFIG_LOCATION_PREFIX + "-" + configName + ".xml";
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/http/WebConfigUtilsTests.java b/config/src/test/java/org/springframework/security/config/http/WebConfigUtilsTests.java
index 532fea1706..50d8501a01 100644
--- a/config/src/test/java/org/springframework/security/config/http/WebConfigUtilsTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/WebConfigUtilsTests.java
@@ -27,6 +27,7 @@ import org.springframework.beans.factory.xml.ParserContext;
 @RunWith(PowerMockRunner.class)
 @PrepareOnlyThisForTest(ParserContext.class)
 public class WebConfigUtilsTests {
+
 	public final static String URL = "/url";
 
 	@Mock
@@ -35,9 +36,9 @@ public class WebConfigUtilsTests {
 	// SEC-1980
 	@Test
 	public void validateHttpRedirectSpELNoParserWarning() {
-		WebConfigUtils.validateHttpRedirect(
-				"#{T(org.springframework.security.config.http.WebConfigUtilsTest).URL}",
+		WebConfigUtils.validateHttpRedirect("#{T(org.springframework.security.config.http.WebConfigUtilsTest).URL}",
 				parserContext, "fakeSource");
 		verifyZeroInteractions(parserContext);
 	}
+
 }
\ No newline at end of file
diff --git a/config/src/test/java/org/springframework/security/config/http/customconfigurer/CustomConfigurer.java b/config/src/test/java/org/springframework/security/config/http/customconfigurer/CustomConfigurer.java
index cf2f5bace0..c3ee15d29f 100644
--- a/config/src/test/java/org/springframework/security/config/http/customconfigurer/CustomConfigurer.java
+++ b/config/src/test/java/org/springframework/security/config/http/customconfigurer/CustomConfigurer.java
@@ -33,8 +33,12 @@ public class CustomConfigurer extends SecurityConfigurerAdapter<DefaultSecurityF
 
 	private String loginPage = "/login";
 
-	/* (non-Javadoc)
-	 * @see org.springframework.security.config.annotation.SecurityConfigurerAdapter#init(org.springframework.security.config.annotation.SecurityBuilder)
+	/*
+	 * (non-Javadoc)
+	 *
+	 * @see
+	 * org.springframework.security.config.annotation.SecurityConfigurerAdapter#init(org.
+	 * springframework.security.config.annotation.SecurityBuilder)
 	 */
 	@SuppressWarnings("unchecked")
 	@Override
@@ -66,4 +70,5 @@ public class CustomConfigurer extends SecurityConfigurerAdapter<DefaultSecurityF
 	public static CustomConfigurer customConfigurer() {
 		return new CustomConfigurer();
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/http/customconfigurer/CustomHttpSecurityConfigurerTests.java b/config/src/test/java/org/springframework/security/config/http/customconfigurer/CustomHttpSecurityConfigurerTests.java
index 6a989c535b..2dbbc28cf9 100644
--- a/config/src/test/java/org/springframework/security/config/http/customconfigurer/CustomHttpSecurityConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/customconfigurer/CustomHttpSecurityConfigurerTests.java
@@ -43,6 +43,7 @@ import org.springframework.security.web.FilterChainProxy;
  *
  */
 public class CustomHttpSecurityConfigurerTests {
+
 	@Autowired
 	ConfigurableApplicationContext context;
 
@@ -50,7 +51,9 @@ public class CustomHttpSecurityConfigurerTests {
 	FilterChainProxy springSecurityFilterChain;
 
 	MockHttpServletRequest request;
+
 	MockHttpServletResponse response;
+
 	MockFilterChain chain;
 
 	@Before
@@ -137,6 +140,7 @@ public class CustomHttpSecurityConfigurerTests {
 			propertyPlaceholderConfigurer.setProperties(properties);
 			return propertyPlaceholderConfigurer;
 		}
+
 	}
 
 	@EnableWebSecurity
@@ -164,5 +168,7 @@ public class CustomHttpSecurityConfigurerTests {
 			propertyPlaceholderConfigurer.setProperties(properties);
 			return propertyPlaceholderConfigurer;
 		}
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/method/Contact.java b/config/src/test/java/org/springframework/security/config/method/Contact.java
index 78e3420fba..56f149ec2f 100644
--- a/config/src/test/java/org/springframework/security/config/method/Contact.java
+++ b/config/src/test/java/org/springframework/security/config/method/Contact.java
@@ -20,6 +20,7 @@ package org.springframework.security.config.method;
  *
  */
 public class Contact {
+
 	private String name;
 
 	/**
@@ -35,4 +36,5 @@ public class Contact {
 	public String getName() {
 		return name;
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/method/ContactPermission.java b/config/src/test/java/org/springframework/security/config/method/ContactPermission.java
index 140cf3fd8a..2cc42ae675 100644
--- a/config/src/test/java/org/springframework/security/config/method/ContactPermission.java
+++ b/config/src/test/java/org/springframework/security/config/method/ContactPermission.java
@@ -26,4 +26,6 @@ import org.springframework.security.access.prepost.PreAuthorize;
  */
 @Retention(RetentionPolicy.RUNTIME)
 @PreAuthorize("#contact.name == authentication.name")
-public @interface ContactPermission {}
+public @interface ContactPermission {
+
+}
diff --git a/config/src/test/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParserTests.java
index 38b75d7743..a5af95312b 100644
--- a/config/src/test/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParserTests.java
@@ -64,8 +64,9 @@ import org.springframework.security.util.FieldUtils;
  * @author Luke Taylor
  */
 public class GlobalMethodSecurityBeanDefinitionParserTests {
-	private final UsernamePasswordAuthenticationToken bob = new UsernamePasswordAuthenticationToken(
-			"bob", "bobspassword");
+
+	private final UsernamePasswordAuthenticationToken bob = new UsernamePasswordAuthenticationToken("bob",
+			"bobspassword");
 
 	private AbstractXmlApplicationContext appContext;
 
@@ -100,8 +101,7 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
 	@Test
 	public void targetShouldAllowProtectedMethodInvocationWithCorrectRole() {
 		loadContext();
-		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(
-				"user", "password");
+		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("user", "password");
 		SecurityContextHolder.getContext().setAuthentication(token);
 
 		target.someUserMethod1();
@@ -115,8 +115,7 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
 	@Test(expected = AccessDeniedException.class)
 	public void targetShouldPreventProtectedMethodInvocationWithIncorrectRole() {
 		loadContext();
-		TestingAuthenticationToken token = new TestingAuthenticationToken("Test",
-				"Password", "ROLE_SOMEOTHERROLE");
+		TestingAuthenticationToken token = new TestingAuthenticationToken("Test", "Password", "ROLE_SOMEOTHERROLE");
 		token.setAuthenticated(true);
 
 		SecurityContextHolder.getContext().setAuthentication(token);
@@ -126,12 +125,11 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
 
 	@Test
 	public void doesntInterfereWithBeanPostProcessing() {
-		setContext("<b:bean id='myUserService' class='org.springframework.security.config.PostProcessedMockUserDetailsService'/>"
-				+ "<global-method-security />"
-				+ "<authentication-manager>"
-				+ "   <authentication-provider user-service-ref='myUserService'/>"
-				+ "</authentication-manager>"
-				+ "<b:bean id='beanPostProcessor' class='org.springframework.security.config.MockUserServiceBeanPostProcessor'/>");
+		setContext(
+				"<b:bean id='myUserService' class='org.springframework.security.config.PostProcessedMockUserDetailsService'/>"
+						+ "<global-method-security />" + "<authentication-manager>"
+						+ "   <authentication-provider user-service-ref='myUserService'/>" + "</authentication-manager>"
+						+ "<b:bean id='beanPostProcessor' class='org.springframework.security.config.MockUserServiceBeanPostProcessor'/>");
 
 		PostProcessedMockUserDetailsService service = (PostProcessedMockUserDetailsService) appContext
 				.getBean("myUserService");
@@ -143,17 +141,13 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
 	public void worksWithAspectJAutoproxy() {
 		setContext("<global-method-security>"
 				+ "  <protect-pointcut expression='execution(* org.springframework.security.config.*Service.*(..))'"
-				+ "       access='ROLE_SOMETHING' />"
-				+ "</global-method-security>"
+				+ "       access='ROLE_SOMETHING' />" + "</global-method-security>"
 				+ "<b:bean id='myUserService' class='org.springframework.security.config.PostProcessedMockUserDetailsService'/>"
 				+ "<aop:aspectj-autoproxy />" + "<authentication-manager>"
-				+ "   <authentication-provider user-service-ref='myUserService'/>"
-				+ "</authentication-manager>");
+				+ "   <authentication-provider user-service-ref='myUserService'/>" + "</authentication-manager>");
 
-		UserDetailsService service = (UserDetailsService) appContext
-				.getBean("myUserService");
-		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(
-				"Test", "Password",
+		UserDetailsService service = (UserDetailsService) appContext.getBean("myUserService");
+		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password",
 				AuthorityUtils.createAuthorityList("ROLE_SOMEOTHERROLE"));
 		SecurityContextHolder.getContext().setAuthentication(token);
 
@@ -167,8 +161,8 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
 				+ "   <protect-pointcut expression='execution(* org.springframework.security.access.annotation.BusinessService.someOther(String))' access='ROLE_ADMIN'/>"
 				+ "   <protect-pointcut expression='execution(* org.springframework.security.access.annotation.BusinessService.*(..))' access='ROLE_USER'/>"
 				+ "</global-method-security>" + ConfigTestUtils.AUTH_PROVIDER_XML);
-		SecurityContextHolder.getContext().setAuthentication(
-				new UsernamePasswordAuthenticationToken("user", "password"));
+		SecurityContextHolder.getContext()
+				.setAuthentication(new UsernamePasswordAuthenticationToken("user", "password"));
 		target = (BusinessService) appContext.getBean("target");
 		// someOther(int) should not be matched by someOther(String), but should require
 		// ROLE_USER
@@ -186,13 +180,10 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
 	@Test
 	public void supportsBooleanPointcutExpressions() {
 		setContext("<b:bean id='target' class='org.springframework.security.access.annotation.BusinessServiceImpl'/>"
-				+ "<global-method-security>"
-				+ "   <protect-pointcut expression="
+				+ "<global-method-security>" + "   <protect-pointcut expression="
 				+ "     'execution(* org.springframework.security.access.annotation.BusinessService.*(..)) "
 				+ "       and not execution(* org.springframework.security.access.annotation.BusinessService.someOther(String)))' "
-				+ "               access='ROLE_USER'/>"
-				+ "</global-method-security>"
-				+ AUTH_PROVIDER_XML);
+				+ "               access='ROLE_USER'/>" + "</global-method-security>" + AUTH_PROVIDER_XML);
 		target = (BusinessService) appContext.getBean("target");
 		// String method should not be protected
 		target.someOther("somestring");
@@ -205,8 +196,8 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
 		catch (AuthenticationCredentialsNotFoundException expected) {
 		}
 
-		SecurityContextHolder.getContext().setAuthentication(
-				new UsernamePasswordAuthenticationToken("user", "password"));
+		SecurityContextHolder.getContext()
+				.setAuthentication(new UsernamePasswordAuthenticationToken("user", "password"));
 		target.someOther(0);
 	}
 
@@ -224,8 +215,7 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
 				+ "    <b:property name='serviceInterface' value='org.springframework.security.access.annotation.BusinessService'/>"
 				+ "</b:bean>" + AUTH_PROVIDER_XML);
 
-		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(
-				"Test", "Password",
+		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password",
 				AuthorityUtils.createAuthorityList("ROLE_SOMEOTHERROLE"));
 		SecurityContextHolder.getContext().setAuthentication(token);
 		target = (BusinessService) appContext.getBean("businessService");
@@ -236,24 +226,19 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
 
 	@SuppressWarnings("unchecked")
 	@Test
-	public void expressionVoterAndAfterInvocationProviderUseSameExpressionHandlerInstance()
-			throws Exception {
-		setContext("<global-method-security pre-post-annotations='enabled'/>"
-				+ AUTH_PROVIDER_XML);
-		AffirmativeBased adm = (AffirmativeBased) appContext
-				.getBeansOfType(AffirmativeBased.class).values().toArray()[0];
-		List voters = (List) FieldUtils.getFieldValue(adm, "decisionVoters");
-		PreInvocationAuthorizationAdviceVoter mev = (PreInvocationAuthorizationAdviceVoter) voters
-				.get(0);
-		MethodSecurityMetadataSourceAdvisor msi = (MethodSecurityMetadataSourceAdvisor) appContext
-				.getBeansOfType(MethodSecurityMetadataSourceAdvisor.class).values()
+	public void expressionVoterAndAfterInvocationProviderUseSameExpressionHandlerInstance() throws Exception {
+		setContext("<global-method-security pre-post-annotations='enabled'/>" + AUTH_PROVIDER_XML);
+		AffirmativeBased adm = (AffirmativeBased) appContext.getBeansOfType(AffirmativeBased.class).values()
 				.toArray()[0];
+		List voters = (List) FieldUtils.getFieldValue(adm, "decisionVoters");
+		PreInvocationAuthorizationAdviceVoter mev = (PreInvocationAuthorizationAdviceVoter) voters.get(0);
+		MethodSecurityMetadataSourceAdvisor msi = (MethodSecurityMetadataSourceAdvisor) appContext
+				.getBeansOfType(MethodSecurityMetadataSourceAdvisor.class).values().toArray()[0];
 		AfterInvocationProviderManager pm = (AfterInvocationProviderManager) ((MethodSecurityInterceptor) msi
 				.getAdvice()).getAfterInvocationManager();
-		PostInvocationAdviceProvider aip = (PostInvocationAdviceProvider) pm
-				.getProviders().get(0);
-		assertThat(FieldUtils.getFieldValue(mev, "preAdvice.expressionHandler")).isSameAs(FieldUtils
-				.getFieldValue(aip, "postAdvice.expressionHandler"));
+		PostInvocationAdviceProvider aip = (PostInvocationAdviceProvider) pm.getProviders().get(0);
+		assertThat(FieldUtils.getFieldValue(mev, "preAdvice.expressionHandler"))
+				.isSameAs(FieldUtils.getFieldValue(aip, "postAdvice.expressionHandler"));
 	}
 
 	@Test(expected = AccessDeniedException.class)
@@ -269,8 +254,7 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
 	@Test
 	public void beanNameExpressionPropertyIsSupported() {
 		setContext("<global-method-security pre-post-annotations='enabled' proxy-target-class='true'/>"
-				+ "<b:bean id='number' class='java.lang.Integer'>"
-				+ "    <b:constructor-arg value='1294'/>"
+				+ "<b:bean id='number' class='java.lang.Integer'>" + "    <b:constructor-arg value='1294'/>"
 				+ "</b:bean>"
 				+ "<b:bean id='target' class='org.springframework.security.access.annotation.ExpressionProtectedBusinessServiceImpl'/>"
 				+ AUTH_PROVIDER_XML);
@@ -316,11 +300,9 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
 	@Test
 	public void customPermissionEvaluatorIsSupported() {
 		setContext("<global-method-security pre-post-annotations='enabled'>"
-				+ "   <expression-handler ref='expressionHandler'/>"
-				+ "</global-method-security>"
+				+ "   <expression-handler ref='expressionHandler'/>" + "</global-method-security>"
 				+ "<b:bean id='expressionHandler' class='org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler'>"
-				+ "   <b:property name='permissionEvaluator' ref='myPermissionEvaluator'/>"
-				+ "</b:bean>"
+				+ "   <b:property name='permissionEvaluator' ref='myPermissionEvaluator'/>" + "</b:bean>"
 				+ "<b:bean id='myPermissionEvaluator' class='org.springframework.security.config.method.TestPermissionEvaluator'/>"
 				+ AUTH_PROVIDER_XML);
 	}
@@ -329,10 +311,11 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
 	@Test(expected = AuthenticationException.class)
 	@SuppressWarnings("unchecked")
 	public void genericsAreMatchedByProtectPointcut() {
-		setContext("<b:bean id='target' class='org.springframework.security.config.method.GlobalMethodSecurityBeanDefinitionParserTests$ConcreteFoo'/>"
-				+ "<global-method-security>"
-				+ "   <protect-pointcut expression='execution(* org..*Foo.foo(..))' access='ROLE_USER'/>"
-				+ "</global-method-security>" + AUTH_PROVIDER_XML);
+		setContext(
+				"<b:bean id='target' class='org.springframework.security.config.method.GlobalMethodSecurityBeanDefinitionParserTests$ConcreteFoo'/>"
+						+ "<global-method-security>"
+						+ "   <protect-pointcut expression='execution(* org..*Foo.foo(..))' access='ROLE_USER'/>"
+						+ "</global-method-security>" + AUTH_PROVIDER_XML);
 		Foo foo = (Foo) appContext.getBean("target");
 		foo.foo(new SecurityConfig("A"));
 	}
@@ -342,8 +325,7 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
 	@SuppressWarnings("unchecked")
 	public void genericsMethodArgumentNamesAreResolved() {
 		setContext("<b:bean id='target' class='" + ConcreteFoo.class.getName() + "'/>"
-				+ "<global-method-security pre-post-annotations='enabled'/>"
-				+ AUTH_PROVIDER_XML);
+				+ "<global-method-security pre-post-annotations='enabled'/>" + AUTH_PROVIDER_XML);
 		SecurityContextHolder.getContext().setAuthentication(bob);
 		Foo foo = (Foo) appContext.getBean("target");
 		foo.foo(new SecurityConfig("A"));
@@ -357,26 +339,19 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
 		parent.registerSingleton("runAsMgr", RunAsManagerImpl.class, props);
 		parent.refresh();
 
-		setContext("<global-method-security run-as-manager-ref='runAsMgr'/>"
-				+ AUTH_PROVIDER_XML, parent);
+		setContext("<global-method-security run-as-manager-ref='runAsMgr'/>" + AUTH_PROVIDER_XML, parent);
 		RunAsManagerImpl ram = (RunAsManagerImpl) appContext.getBean("runAsMgr");
 		MethodSecurityMetadataSourceAdvisor msi = (MethodSecurityMetadataSourceAdvisor) appContext
-				.getBeansOfType(MethodSecurityMetadataSourceAdvisor.class).values()
-				.toArray()[0];
+				.getBeansOfType(MethodSecurityMetadataSourceAdvisor.class).values().toArray()[0];
 		assertThat(ram).isSameAs(FieldUtils.getFieldValue(msi.getAdvice(), "runAsManager"));
 	}
 
 	@Test
 	@SuppressWarnings("unchecked")
 	public void supportsExternalMetadataSource() {
-		setContext("<b:bean id='target' class='"
-				+ ConcreteFoo.class.getName()
-				+ "'/>"
-				+ "<method-security-metadata-source id='mds'>"
-				+ "      <protect method='"
-				+ Foo.class.getName()
-				+ ".foo' access='ROLE_ADMIN'/>"
-				+ "</method-security-metadata-source>"
+		setContext("<b:bean id='target' class='" + ConcreteFoo.class.getName() + "'/>"
+				+ "<method-security-metadata-source id='mds'>" + "      <protect method='" + Foo.class.getName()
+				+ ".foo' access='ROLE_ADMIN'/>" + "</method-security-metadata-source>"
 				+ "<global-method-security pre-post-annotations='enabled' metadata-source-ref='mds'/>"
 				+ AUTH_PROVIDER_XML);
 		// External MDS should take precedence over PreAuthorize
@@ -388,25 +363,19 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
 		}
 		catch (AccessDeniedException expected) {
 		}
-		SecurityContextHolder.getContext().setAuthentication(
-				new UsernamePasswordAuthenticationToken("admin", "password"));
+		SecurityContextHolder.getContext()
+				.setAuthentication(new UsernamePasswordAuthenticationToken("admin", "password"));
 		foo.foo(new SecurityConfig("A"));
 	}
 
 	@Test
 	public void supportsCustomAuthenticationManager() {
-		setContext("<b:bean id='target' class='"
-				+ ConcreteFoo.class.getName()
-				+ "'/>"
-				+ "<method-security-metadata-source id='mds'>"
-				+ "      <protect method='"
-				+ Foo.class.getName()
-				+ ".foo' access='ROLE_ADMIN'/>"
-				+ "</method-security-metadata-source>"
+		setContext("<b:bean id='target' class='" + ConcreteFoo.class.getName() + "'/>"
+				+ "<method-security-metadata-source id='mds'>" + "      <protect method='" + Foo.class.getName()
+				+ ".foo' access='ROLE_ADMIN'/>" + "</method-security-metadata-source>"
 				+ "<global-method-security pre-post-annotations='enabled' metadata-source-ref='mds' authentication-manager-ref='customAuthMgr'/>"
 				+ "<b:bean id='customAuthMgr' class='org.springframework.security.config.method.GlobalMethodSecurityBeanDefinitionParserTests$CustomAuthManager'>"
-				+ "      <b:constructor-arg value='authManager'/>" + "</b:bean>"
-				+ AUTH_PROVIDER_XML);
+				+ "      <b:constructor-arg value='authManager'/>" + "</b:bean>" + AUTH_PROVIDER_XML);
 		SecurityContextHolder.getContext().setAuthentication(bob);
 		Foo foo = (Foo) appContext.getBean("target");
 		try {
@@ -415,22 +384,22 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
 		}
 		catch (AccessDeniedException expected) {
 		}
-		SecurityContextHolder.getContext().setAuthentication(
-				new UsernamePasswordAuthenticationToken("admin", "password"));
+		SecurityContextHolder.getContext()
+				.setAuthentication(new UsernamePasswordAuthenticationToken("admin", "password"));
 		foo.foo(new SecurityConfig("A"));
 	}
 
-	static class CustomAuthManager implements AuthenticationManager,
-			ApplicationContextAware {
+	static class CustomAuthManager implements AuthenticationManager, ApplicationContextAware {
+
 		private String beanName;
+
 		private AuthenticationManager authenticationManager;
 
 		CustomAuthManager(String beanName) {
 			this.beanName = beanName;
 		}
 
-		public Authentication authenticate(Authentication authentication)
-				throws AuthenticationException {
+		public Authentication authenticate(Authentication authentication) throws AuthenticationException {
 			return authenticationManager.authenticate(authentication);
 		}
 
@@ -441,11 +410,10 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
 		 * org.springframework.context.ApplicationContextAware#setApplicationContext(org
 		 * .springframework.context.ApplicationContext)
 		 */
-		public void setApplicationContext(ApplicationContext applicationContext)
-				throws BeansException {
-			this.authenticationManager = applicationContext.getBean(beanName,
-					AuthenticationManager.class);
+		public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
+			this.authenticationManager = applicationContext.getBean(beanName, AuthenticationManager.class);
 		}
+
 	}
 
 	private void setContext(String context) {
@@ -457,13 +425,17 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
 	}
 
 	interface Foo<T extends ConfigAttribute> {
+
 		void foo(T action);
+
 	}
 
 	public static class ConcreteFoo implements Foo<SecurityConfig> {
+
 		@PreAuthorize("#action.attribute == 'A'")
 		public void foo(SecurityConfig action) {
 		}
+
 	}
 
 }
diff --git a/config/src/test/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecoratorTests.java b/config/src/test/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecoratorTests.java
index 087d0e1bdc..b7a2907633 100644
--- a/config/src/test/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecoratorTests.java
+++ b/config/src/test/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecoratorTests.java
@@ -42,14 +42,16 @@ import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
  */
 @RunWith(SpringJUnit4ClassRunner.class)
 @ContextConfiguration(locations = "classpath:org/springframework/security/config/method-security.xml")
-public class InterceptMethodsBeanDefinitionDecoratorTests implements
-		ApplicationContextAware {
+public class InterceptMethodsBeanDefinitionDecoratorTests implements ApplicationContextAware {
+
 	@Autowired
 	@Qualifier("target")
 	private TestBusinessBean target;
+
 	@Autowired
 	@Qualifier("transactionalTarget")
 	private TestBusinessBean transactionalTarget;
+
 	private ApplicationContext appContext;
 
 	@BeforeClass
@@ -67,8 +69,7 @@ public class InterceptMethodsBeanDefinitionDecoratorTests implements
 	public void targetDoesntLoseApplicationListenerInterface() {
 		assertThat(appContext.getBeansOfType(ApplicationListener.class)).hasSize(1);
 		assertThat(appContext.getBeanNamesForType(ApplicationListener.class)).hasSize(1);
-		appContext.publishEvent(new AuthenticationSuccessEvent(
-				new TestingAuthenticationToken("user", "")));
+		appContext.publishEvent(new AuthenticationSuccessEvent(new TestingAuthenticationToken("user", "")));
 
 		assertThat(target).isInstanceOf(ApplicationListener.class);
 	}
@@ -85,8 +86,8 @@ public class InterceptMethodsBeanDefinitionDecoratorTests implements
 
 	@Test
 	public void targetShouldAllowProtectedMethodInvocationWithCorrectRole() {
-		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(
-				"Test", "Password", AuthorityUtils.createAuthorityList("ROLE_USER"));
+		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password",
+				AuthorityUtils.createAuthorityList("ROLE_USER"));
 		SecurityContextHolder.getContext().setAuthentication(token);
 
 		target.doSomething();
@@ -94,8 +95,7 @@ public class InterceptMethodsBeanDefinitionDecoratorTests implements
 
 	@Test(expected = AccessDeniedException.class)
 	public void targetShouldPreventProtectedMethodInvocationWithIncorrectRole() {
-		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(
-				"Test", "Password",
+		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password",
 				AuthorityUtils.createAuthorityList("ROLE_SOMEOTHERROLE"));
 		SecurityContextHolder.getContext().setAuthentication(token);
 
@@ -107,8 +107,8 @@ public class InterceptMethodsBeanDefinitionDecoratorTests implements
 		transactionalTarget.doSomething();
 	}
 
-	public void setApplicationContext(ApplicationContext applicationContext)
-			throws BeansException {
+	public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
 		this.appContext = applicationContext;
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/method/Jsr250AnnotationDrivenBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/method/Jsr250AnnotationDrivenBeanDefinitionParserTests.java
index c84bd208cb..5c61525e03 100644
--- a/config/src/test/java/org/springframework/security/config/method/Jsr250AnnotationDrivenBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/method/Jsr250AnnotationDrivenBeanDefinitionParserTests.java
@@ -31,6 +31,7 @@ import org.springframework.security.core.context.SecurityContextHolder;
  * @author Luke Taylor
  */
 public class Jsr250AnnotationDrivenBeanDefinitionParserTests {
+
 	private InMemoryXmlApplicationContext appContext;
 
 	private BusinessService target;
@@ -39,8 +40,7 @@ public class Jsr250AnnotationDrivenBeanDefinitionParserTests {
 	public void loadContext() {
 		appContext = new InMemoryXmlApplicationContext(
 				"<b:bean id='target' class='org.springframework.security.access.annotation.Jsr250BusinessServiceImpl'/>"
-						+ "<global-method-security jsr250-annotations='enabled'/>"
-						+ ConfigTestUtils.AUTH_PROVIDER_XML);
+						+ "<global-method-security jsr250-annotations='enabled'/>" + ConfigTestUtils.AUTH_PROVIDER_XML);
 		target = (BusinessService) appContext.getBean("target");
 	}
 
@@ -59,8 +59,8 @@ public class Jsr250AnnotationDrivenBeanDefinitionParserTests {
 
 	@Test
 	public void permitAllShouldBeDefaultAttribute() {
-		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(
-				"Test", "Password", AuthorityUtils.createAuthorityList("ROLE_USER"));
+		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password",
+				AuthorityUtils.createAuthorityList("ROLE_USER"));
 		SecurityContextHolder.getContext().setAuthentication(token);
 
 		target.someOther(0);
@@ -68,8 +68,8 @@ public class Jsr250AnnotationDrivenBeanDefinitionParserTests {
 
 	@Test
 	public void targetShouldAllowProtectedMethodInvocationWithCorrectRole() {
-		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(
-				"Test", "Password", AuthorityUtils.createAuthorityList("ROLE_USER"));
+		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password",
+				AuthorityUtils.createAuthorityList("ROLE_USER"));
 		SecurityContextHolder.getContext().setAuthentication(token);
 
 		target.someUserMethod1();
@@ -77,8 +77,7 @@ public class Jsr250AnnotationDrivenBeanDefinitionParserTests {
 
 	@Test(expected = AccessDeniedException.class)
 	public void targetShouldPreventProtectedMethodInvocationWithIncorrectRole() {
-		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(
-				"Test", "Password",
+		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password",
 				AuthorityUtils.createAuthorityList("ROLE_SOMEOTHERROLE"));
 		SecurityContextHolder.getContext().setAuthentication(token);
 
@@ -87,10 +86,11 @@ public class Jsr250AnnotationDrivenBeanDefinitionParserTests {
 
 	@Test
 	public void hasAnyRoleAddsDefaultPrefix() {
-		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(
-				"Test", "Password", AuthorityUtils.createAuthorityList("ROLE_USER"));
+		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password",
+				AuthorityUtils.createAuthorityList("ROLE_USER"));
 		SecurityContextHolder.getContext().setAuthentication(token);
 
 		target.rolesAllowedUser();
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/method/PreAuthorizeServiceImpl.java b/config/src/test/java/org/springframework/security/config/method/PreAuthorizeServiceImpl.java
index 48e9e24ba2..bac5904bb5 100644
--- a/config/src/test/java/org/springframework/security/config/method/PreAuthorizeServiceImpl.java
+++ b/config/src/test/java/org/springframework/security/config/method/PreAuthorizeServiceImpl.java
@@ -22,9 +22,11 @@ package org.springframework.security.config.method;
 public class PreAuthorizeServiceImpl {
 
 	@PreAuthorizeAdminRole
-	public void preAuthorizeAdminRole() {}
+	public void preAuthorizeAdminRole() {
+	}
 
 	@ContactPermission
-	public void contactPermission(Contact contact) {}
+	public void contactPermission(Contact contact) {
+	}
 
 }
\ No newline at end of file
diff --git a/config/src/test/java/org/springframework/security/config/method/PreAuthorizeTests.java b/config/src/test/java/org/springframework/security/config/method/PreAuthorizeTests.java
index 676c31314c..67ebb43bac 100644
--- a/config/src/test/java/org/springframework/security/config/method/PreAuthorizeTests.java
+++ b/config/src/test/java/org/springframework/security/config/method/PreAuthorizeTests.java
@@ -26,13 +26,13 @@ import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 
 /**
- *
  * @author Rob Winch
  *
  */
 @RunWith(SpringJUnit4ClassRunner.class)
 @ContextConfiguration
 public class PreAuthorizeTests {
+
 	@Autowired
 	PreAuthorizeServiceImpl service;
 
@@ -43,25 +43,30 @@ public class PreAuthorizeTests {
 
 	@Test(expected = AccessDeniedException.class)
 	public void preAuthorizeAdminRoleDenied() {
-		SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken("user", "pass", "ROLE_USER"));
+		SecurityContextHolder.getContext()
+				.setAuthentication(new TestingAuthenticationToken("user", "pass", "ROLE_USER"));
 		service.preAuthorizeAdminRole();
 	}
 
 	@Test
 	public void preAuthorizeAdminRoleGranted() {
-		SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken("user", "pass", "ROLE_ADMIN"));
+		SecurityContextHolder.getContext()
+				.setAuthentication(new TestingAuthenticationToken("user", "pass", "ROLE_ADMIN"));
 		service.preAuthorizeAdminRole();
 	}
 
 	@Test
 	public void preAuthorizeContactPermissionGranted() {
-		SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken("user", "pass", "ROLE_ADMIN"));
+		SecurityContextHolder.getContext()
+				.setAuthentication(new TestingAuthenticationToken("user", "pass", "ROLE_ADMIN"));
 		service.contactPermission(new Contact("user"));
 	}
 
 	@Test(expected = AccessDeniedException.class)
 	public void preAuthorizeContactPermissionDenied() {
-		SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken("user", "pass", "ROLE_ADMIN"));
+		SecurityContextHolder.getContext()
+				.setAuthentication(new TestingAuthenticationToken("user", "pass", "ROLE_ADMIN"));
 		service.contactPermission(new Contact("admin"));
 	}
+
 }
\ No newline at end of file
diff --git a/config/src/test/java/org/springframework/security/config/method/Sec2196Tests.java b/config/src/test/java/org/springframework/security/config/method/Sec2196Tests.java
index 6e1c38aade..9a3bf2be91 100644
--- a/config/src/test/java/org/springframework/security/config/method/Sec2196Tests.java
+++ b/config/src/test/java/org/springframework/security/config/method/Sec2196Tests.java
@@ -37,8 +37,8 @@ public class Sec2196Tests {
 		loadContext("<global-method-security secured-annotations=\"enabled\" pre-post-annotations=\"enabled\"/>"
 				+ "<b:bean class='" + Service.class.getName() + "'/>");
 
-		SecurityContextHolder.getContext().setAuthentication(
-				new TestingAuthenticationToken("test", "pass", "ROLE_USER"));
+		SecurityContextHolder.getContext()
+				.setAuthentication(new TestingAuthenticationToken("test", "pass", "ROLE_USER"));
 		Service service = context.getBean(Service.class);
 		service.save(new User());
 	}
@@ -48,8 +48,8 @@ public class Sec2196Tests {
 		loadContext("<global-method-security secured-annotations=\"enabled\" pre-post-annotations=\"enabled\"/>"
 				+ "<b:bean class='" + Service.class.getName() + "'/>");
 
-		SecurityContextHolder.getContext().setAuthentication(
-				new TestingAuthenticationToken("test", "pass", "saveUsers"));
+		SecurityContextHolder.getContext()
+				.setAuthentication(new TestingAuthenticationToken("test", "pass", "saveUsers"));
 		Service service = context.getBean(Service.class);
 		service.save(new User());
 	}
@@ -68,12 +68,16 @@ public class Sec2196Tests {
 	}
 
 	public static class Service {
+
 		@PreAuthorize("hasAuthority('saveUsers')")
 		public <T extends User> T save(T dto) {
 			return dto;
 		}
+
 	}
 
 	static class User {
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/method/SecuredAdminRole.java b/config/src/test/java/org/springframework/security/config/method/SecuredAdminRole.java
index 8140450c86..31c98e9592 100644
--- a/config/src/test/java/org/springframework/security/config/method/SecuredAdminRole.java
+++ b/config/src/test/java/org/springframework/security/config/method/SecuredAdminRole.java
@@ -26,4 +26,6 @@ import org.springframework.security.access.annotation.Secured;
  */
 @Retention(RetentionPolicy.RUNTIME)
 @Secured("ROLE_ADMIN")
-public @interface  SecuredAdminRole { }
\ No newline at end of file
+public @interface SecuredAdminRole {
+
+}
\ No newline at end of file
diff --git a/config/src/test/java/org/springframework/security/config/method/SecuredAnnotationDrivenBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/method/SecuredAnnotationDrivenBeanDefinitionParserTests.java
index 0f9af88507..998ff9fe65 100644
--- a/config/src/test/java/org/springframework/security/config/method/SecuredAnnotationDrivenBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/method/SecuredAnnotationDrivenBeanDefinitionParserTests.java
@@ -38,6 +38,7 @@ import org.springframework.security.core.context.SecurityContextHolder;
  * @author Ben Alex
  */
 public class SecuredAnnotationDrivenBeanDefinitionParserTests {
+
 	private InMemoryXmlApplicationContext appContext;
 
 	private BusinessService target;
@@ -67,8 +68,8 @@ public class SecuredAnnotationDrivenBeanDefinitionParserTests {
 
 	@Test
 	public void targetShouldAllowProtectedMethodInvocationWithCorrectRole() {
-		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(
-				"Test", "Password", AuthorityUtils.createAuthorityList("ROLE_USER"));
+		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password",
+				AuthorityUtils.createAuthorityList("ROLE_USER"));
 		SecurityContextHolder.getContext().setAuthentication(token);
 
 		target.someUserMethod1();
@@ -76,8 +77,8 @@ public class SecuredAnnotationDrivenBeanDefinitionParserTests {
 
 	@Test(expected = AccessDeniedException.class)
 	public void targetShouldPreventProtectedMethodInvocationWithIncorrectRole() {
-		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(
-				"Test", "Password", AuthorityUtils.createAuthorityList("ROLE_SOMEOTHER"));
+		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password",
+				AuthorityUtils.createAuthorityList("ROLE_SOMEOTHER"));
 		SecurityContextHolder.getContext().setAuthentication(token);
 
 		target.someAdminMethod();
@@ -97,15 +98,13 @@ public class SecuredAnnotationDrivenBeanDefinitionParserTests {
 		}
 		catch (AuthenticationCredentialsNotFoundException expected) {
 		}
-		SecurityContextHolder.getContext().setAuthentication(
-				new TestingAuthenticationToken("u", "p", "ROLE_A"));
+		SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken("u", "p", "ROLE_A"));
 
 		BusinessService chompedTarget = (BusinessService) serializeAndDeserialize(target);
 		chompedTarget.someAdminMethod();
 	}
 
-	private Object serializeAndDeserialize(Object o) throws IOException,
-			ClassNotFoundException {
+	private Object serializeAndDeserialize(Object o) throws IOException, ClassNotFoundException {
 		ByteArrayOutputStream baos = new ByteArrayOutputStream();
 		ObjectOutputStream oos = new ObjectOutputStream(baos);
 		oos.writeObject(o);
diff --git a/config/src/test/java/org/springframework/security/config/method/SecuredServiceImpl.java b/config/src/test/java/org/springframework/security/config/method/SecuredServiceImpl.java
index 5dd48e224b..c5a5d4547e 100644
--- a/config/src/test/java/org/springframework/security/config/method/SecuredServiceImpl.java
+++ b/config/src/test/java/org/springframework/security/config/method/SecuredServiceImpl.java
@@ -16,11 +16,13 @@
 package org.springframework.security.config.method;
 
 /**
-*
-* @author Rob Winch
-*
-*/
+ * @author Rob Winch
+ *
+ */
 public class SecuredServiceImpl {
+
 	@SecuredAdminRole
-	public void securedAdminRole() {}
+	public void securedAdminRole() {
+	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/method/SecuredTests.java b/config/src/test/java/org/springframework/security/config/method/SecuredTests.java
index 01788afc0b..21fd98e0ee 100644
--- a/config/src/test/java/org/springframework/security/config/method/SecuredTests.java
+++ b/config/src/test/java/org/springframework/security/config/method/SecuredTests.java
@@ -26,13 +26,13 @@ import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 
 /**
- *
  * @author Rob Winch
  *
  */
 @RunWith(SpringJUnit4ClassRunner.class)
 @ContextConfiguration
 public class SecuredTests {
+
 	@Autowired
 	SecuredServiceImpl service;
 
@@ -43,13 +43,16 @@ public class SecuredTests {
 
 	@Test(expected = AccessDeniedException.class)
 	public void securedAdminRoleDenied() {
-		SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken("user", "pass", "ROLE_USER"));
+		SecurityContextHolder.getContext()
+				.setAuthentication(new TestingAuthenticationToken("user", "pass", "ROLE_USER"));
 		service.securedAdminRole();
 	}
 
 	@Test
 	public void securedAdminRoleGranted() {
-		SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken("user", "pass", "ROLE_ADMIN"));
+		SecurityContextHolder.getContext()
+				.setAuthentication(new TestingAuthenticationToken("user", "pass", "ROLE_ADMIN"));
 		service.securedAdminRole();
 	}
+
 }
\ No newline at end of file
diff --git a/config/src/test/java/org/springframework/security/config/method/TestPermissionEvaluator.java b/config/src/test/java/org/springframework/security/config/method/TestPermissionEvaluator.java
index 087250407b..9f804f4f15 100644
--- a/config/src/test/java/org/springframework/security/config/method/TestPermissionEvaluator.java
+++ b/config/src/test/java/org/springframework/security/config/method/TestPermissionEvaluator.java
@@ -22,13 +22,12 @@ import org.springframework.security.core.Authentication;
 
 public class TestPermissionEvaluator implements PermissionEvaluator {
 
-	public boolean hasPermission(Authentication authentication,
-			Object targetDomainObject, Object permission) {
+	public boolean hasPermission(Authentication authentication, Object targetDomainObject, Object permission) {
 		return false;
 	}
 
-	public boolean hasPermission(Authentication authentication, Serializable targetId,
-			String targetType, Object permission) {
+	public boolean hasPermission(Authentication authentication, Serializable targetId, String targetType,
+			Object permission) {
 		return false;
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/method/configuration/Gh4020GlobalMethodSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/method/configuration/Gh4020GlobalMethodSecurityConfigurationTests.java
index 4dcb611c12..ac1bc7b814 100644
--- a/config/src/test/java/org/springframework/security/config/method/configuration/Gh4020GlobalMethodSecurityConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/method/configuration/Gh4020GlobalMethodSecurityConfigurationTests.java
@@ -39,6 +39,7 @@ import static org.mockito.Mockito.mock;
 @RunWith(SpringJUnit4ClassRunner.class)
 @ContextConfiguration
 public class Gh4020GlobalMethodSecurityConfigurationTests {
+
 	@Autowired
 	DenyAllService denyAll;
 
@@ -51,6 +52,7 @@ public class Gh4020GlobalMethodSecurityConfigurationTests {
 	@Configuration
 	@EnableGlobalMethodSecurity(prePostEnabled = true)
 	static class SecurityConfig {
+
 		@Bean
 		PermissionEvaluator permissionEvaluator() {
 			return mock(PermissionEvaluator.class);
@@ -68,19 +70,25 @@ public class Gh4020GlobalMethodSecurityConfigurationTests {
 
 		@Autowired
 		DenyAllService denyAll;
+
 	}
 
 	@Configuration
 	static class ServiceConfig {
+
 		@Bean
 		DenyAllService denyAllService() {
 			return new DenyAllService();
 		}
+
 	}
 
 	@PreAuthorize("denyAll")
 	static class DenyAllService {
+
 		void denyAll() {
 		}
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/method/sec2136/JpaPermissionEvaluator.java b/config/src/test/java/org/springframework/security/config/method/sec2136/JpaPermissionEvaluator.java
index d664cd6956..275ac42e6f 100644
--- a/config/src/test/java/org/springframework/security/config/method/sec2136/JpaPermissionEvaluator.java
+++ b/config/src/test/java/org/springframework/security/config/method/sec2136/JpaPermissionEvaluator.java
@@ -24,11 +24,11 @@ import org.springframework.security.access.PermissionEvaluator;
 import org.springframework.security.core.Authentication;
 
 /**
- *
  * @author Rob Winch
  *
  */
 public class JpaPermissionEvaluator implements PermissionEvaluator {
+
 	@Autowired
 	private EntityManager entityManager;
 
@@ -36,13 +36,13 @@ public class JpaPermissionEvaluator implements PermissionEvaluator {
 		System.out.println("initializing " + this);
 	}
 
-	public boolean hasPermission(Authentication authentication,
-			Object targetDomainObject, Object permission) {
+	public boolean hasPermission(Authentication authentication, Object targetDomainObject, Object permission) {
 		return true;
 	}
 
-	public boolean hasPermission(Authentication authentication, Serializable targetId,
-			String targetType, Object permission) {
+	public boolean hasPermission(Authentication authentication, Serializable targetId, String targetType,
+			Object permission) {
 		return true;
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/method/sec2136/Sec2136Tests.java b/config/src/test/java/org/springframework/security/config/method/sec2136/Sec2136Tests.java
index e921086911..dee9f84914 100644
--- a/config/src/test/java/org/springframework/security/config/method/sec2136/Sec2136Tests.java
+++ b/config/src/test/java/org/springframework/security/config/method/sec2136/Sec2136Tests.java
@@ -21,7 +21,6 @@ import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 
 /**
- *
  * @author Rob Winch
  * @since 3.2
  */
@@ -33,4 +32,5 @@ public class Sec2136Tests {
 	public void configurationLoads() {
 
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/method/sec2499/Sec2499Tests.java b/config/src/test/java/org/springframework/security/config/method/sec2499/Sec2499Tests.java
index 2fb5200bbb..429579f946 100644
--- a/config/src/test/java/org/springframework/security/config/method/sec2499/Sec2499Tests.java
+++ b/config/src/test/java/org/springframework/security/config/method/sec2499/Sec2499Tests.java
@@ -20,11 +20,11 @@ import org.junit.Test;
 import org.springframework.context.support.GenericXmlApplicationContext;
 
 /**
- *
  * @author Rob Winch
  *
  */
 public class Sec2499Tests {
+
 	private GenericXmlApplicationContext parent;
 
 	private GenericXmlApplicationContext child;
@@ -41,11 +41,11 @@ public class Sec2499Tests {
 
 	@Test
 	public void methodExpressionHandlerInParentContextLoads() {
-		parent = new GenericXmlApplicationContext(
-				"org/springframework/security/config/method/sec2499/parent.xml");
+		parent = new GenericXmlApplicationContext("org/springframework/security/config/method/sec2499/parent.xml");
 		child = new GenericXmlApplicationContext();
 		child.load("org/springframework/security/config/method/sec2499/child.xml");
 		child.setParent(parent);
 		child.refresh();
 	}
+
 }
\ No newline at end of file
diff --git a/config/src/test/java/org/springframework/security/config/oauth2/client/ClientRegistrationsBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/oauth2/client/ClientRegistrationsBeanDefinitionParserTests.java
index 6378f6a0ce..fccad498bc 100644
--- a/config/src/test/java/org/springframework/security/config/oauth2/client/ClientRegistrationsBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/oauth2/client/ClientRegistrationsBeanDefinitionParserTests.java
@@ -41,79 +41,42 @@ import static org.assertj.core.api.Assertions.assertThat;
  * @author Ruby Hartono
  */
 public class ClientRegistrationsBeanDefinitionParserTests {
+
 	private static final String CONFIG_LOCATION_PREFIX = "classpath:org/springframework/security/config/oauth2/client/ClientRegistrationsBeanDefinitionParserTests";
 
-	private static final String ISSUER_URI_XML_CONFIG = "<b:beans xmlns:b=\"http://www.springframework.org/schema/beans\"\n" +
-			"\t\txmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"\n" +
-			"\t\txmlns=\"http://www.springframework.org/schema/security\"\n" +
-			"\t\txsi:schemaLocation=\"\n" +
-			"\t\t\thttp://www.springframework.org/schema/security\n" +
-			"\t\t\thttps://www.springframework.org/schema/security/spring-security.xsd\n" +
-			"\t\t\thttp://www.springframework.org/schema/beans\n" +
-			"\t\t\thttps://www.springframework.org/schema/beans/spring-beans.xsd\">\n" +
-			"\n" +
-			"\t<client-registrations>\n" +
-			"\t\t<client-registration registration-id=\"google-login\" client-id=\"google-client-id\" \n" +
-			"\t\t\t\t\t\t\t client-secret=\"google-client-secret\" provider-id=\"google\"/>\n" +
-			"\t\t<provider provider-id=\"google\" issuer-uri=\"${issuer-uri}\"/>\n" +
-			"\t</client-registrations>\n" +
-			"\n" +
-			"</b:beans>\n";
+	private static final String ISSUER_URI_XML_CONFIG = "<b:beans xmlns:b=\"http://www.springframework.org/schema/beans\"\n"
+			+ "\t\txmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"\n"
+			+ "\t\txmlns=\"http://www.springframework.org/schema/security\"\n" + "\t\txsi:schemaLocation=\"\n"
+			+ "\t\t\thttp://www.springframework.org/schema/security\n"
+			+ "\t\t\thttps://www.springframework.org/schema/security/spring-security.xsd\n"
+			+ "\t\t\thttp://www.springframework.org/schema/beans\n"
+			+ "\t\t\thttps://www.springframework.org/schema/beans/spring-beans.xsd\">\n" + "\n"
+			+ "\t<client-registrations>\n"
+			+ "\t\t<client-registration registration-id=\"google-login\" client-id=\"google-client-id\" \n"
+			+ "\t\t\t\t\t\t\t client-secret=\"google-client-secret\" provider-id=\"google\"/>\n"
+			+ "\t\t<provider provider-id=\"google\" issuer-uri=\"${issuer-uri}\"/>\n" + "\t</client-registrations>\n"
+			+ "\n" + "</b:beans>\n";
 
-	private static final String OIDC_DISCOVERY_RESPONSE =
-			"{\n"
+	private static final String OIDC_DISCOVERY_RESPONSE = "{\n"
 			+ "    \"authorization_endpoint\": \"https://example.com/o/oauth2/v2/auth\", \n"
-			+ "    \"claims_supported\": [\n"
-			+ "        \"aud\", \n"
-			+ "        \"email\", \n"
-			+ "        \"email_verified\", \n"
-			+ "        \"exp\", \n"
-			+ "        \"family_name\", \n"
-			+ "        \"given_name\", \n"
-			+ "        \"iat\", \n"
-			+ "        \"iss\", \n"
-			+ "        \"locale\", \n"
-			+ "        \"name\", \n"
-			+ "        \"picture\", \n"
-			+ "        \"sub\"\n"
-			+ "    ], \n"
-			+ "    \"code_challenge_methods_supported\": [\n"
-			+ "        \"plain\", \n"
-			+ "        \"S256\"\n"
-			+ "    ], \n"
-			+ "    \"id_token_signing_alg_values_supported\": [\n"
-			+ "        \"RS256\"\n"
-			+ "    ], \n"
-			+ "    \"issuer\": \"${issuer-uri}\", \n"
-			+ "    \"jwks_uri\": \"https://example.com/oauth2/v3/certs\", \n"
-			+ "    \"response_types_supported\": [\n"
-			+ "        \"code\", \n"
-			+ "        \"token\", \n"
-			+ "        \"id_token\", \n"
-			+ "        \"code token\", \n"
-			+ "        \"code id_token\", \n"
-			+ "        \"token id_token\", \n"
-			+ "        \"code token id_token\", \n"
-			+ "        \"none\"\n"
-			+ "    ], \n"
-			+ "    \"revocation_endpoint\": \"https://example.com/o/oauth2/revoke\", \n"
-			+ "    \"scopes_supported\": [\n"
-			+ "        \"openid\", \n"
-			+ "        \"email\", \n"
-			+ "        \"profile\"\n"
-			+ "    ], \n"
-			+ "    \"subject_types_supported\": [\n"
-			+ "        \"public\"\n"
-			+ "    ], \n"
-			+ "    \"grant_types_supported\" : [\"authorization_code\"], \n"
+			+ "    \"claims_supported\": [\n" + "        \"aud\", \n" + "        \"email\", \n"
+			+ "        \"email_verified\", \n" + "        \"exp\", \n" + "        \"family_name\", \n"
+			+ "        \"given_name\", \n" + "        \"iat\", \n" + "        \"iss\", \n" + "        \"locale\", \n"
+			+ "        \"name\", \n" + "        \"picture\", \n" + "        \"sub\"\n" + "    ], \n"
+			+ "    \"code_challenge_methods_supported\": [\n" + "        \"plain\", \n" + "        \"S256\"\n"
+			+ "    ], \n" + "    \"id_token_signing_alg_values_supported\": [\n" + "        \"RS256\"\n" + "    ], \n"
+			+ "    \"issuer\": \"${issuer-uri}\", \n" + "    \"jwks_uri\": \"https://example.com/oauth2/v3/certs\", \n"
+			+ "    \"response_types_supported\": [\n" + "        \"code\", \n" + "        \"token\", \n"
+			+ "        \"id_token\", \n" + "        \"code token\", \n" + "        \"code id_token\", \n"
+			+ "        \"token id_token\", \n" + "        \"code token id_token\", \n" + "        \"none\"\n"
+			+ "    ], \n" + "    \"revocation_endpoint\": \"https://example.com/o/oauth2/revoke\", \n"
+			+ "    \"scopes_supported\": [\n" + "        \"openid\", \n" + "        \"email\", \n"
+			+ "        \"profile\"\n" + "    ], \n" + "    \"subject_types_supported\": [\n" + "        \"public\"\n"
+			+ "    ], \n" + "    \"grant_types_supported\" : [\"authorization_code\"], \n"
 			+ "    \"token_endpoint\": \"https://example.com/oauth2/v4/token\", \n"
-			+ "    \"token_endpoint_auth_methods_supported\": [\n"
-			+ "        \"client_secret_post\", \n"
-			+ "        \"client_secret_basic\", \n"
-			+ "        \"none\"\n"
-			+ "    ], \n"
-			+ "    \"userinfo_endpoint\": \"https://example.com/oauth2/v3/userinfo\"\n"
-			+ "}";
+			+ "    \"token_endpoint_auth_methods_supported\": [\n" + "        \"client_secret_post\", \n"
+			+ "        \"client_secret_basic\", \n" + "        \"none\"\n" + "    ], \n"
+			+ "    \"userinfo_endpoint\": \"https://example.com/oauth2/v3/userinfo\"\n" + "}";
 
 	@Autowired
 	private ClientRegistrationRepository clientRegistrationRepository;
@@ -152,7 +115,8 @@ public class ClientRegistrationsBeanDefinitionParserTests {
 		assertThat(googleRegistration.getClientAuthenticationMethod()).isEqualTo(ClientAuthenticationMethod.BASIC);
 		assertThat(googleRegistration.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
 		assertThat(googleRegistration.getRedirectUri()).isEqualTo("{baseUrl}/{action}/oauth2/code/{registrationId}");
-		assertThat(googleRegistration.getScopes()).isEqualTo(StringUtils.commaDelimitedListToSet("openid,profile,email"));
+		assertThat(googleRegistration.getScopes())
+				.isEqualTo(StringUtils.commaDelimitedListToSet("openid,profile,email"));
 		assertThat(googleRegistration.getClientName()).isEqualTo(serverUrl);
 
 		ProviderDetails googleProviderDetails = googleRegistration.getProviderDetails();
@@ -182,7 +146,8 @@ public class ClientRegistrationsBeanDefinitionParserTests {
 		assertThat(googleRegistration.getClientAuthenticationMethod()).isEqualTo(ClientAuthenticationMethod.BASIC);
 		assertThat(googleRegistration.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
 		assertThat(googleRegistration.getRedirectUri()).isEqualTo("{baseUrl}/login/oauth2/code/{registrationId}");
-		assertThat(googleRegistration.getScopes()).isEqualTo(StringUtils.commaDelimitedListToSet("openid,profile,email"));
+		assertThat(googleRegistration.getScopes())
+				.isEqualTo(StringUtils.commaDelimitedListToSet("openid,profile,email"));
 		assertThat(googleRegistration.getClientName()).isEqualTo("Google");
 
 		ProviderDetails googleProviderDetails = googleRegistration.getProviderDetails();
@@ -206,7 +171,8 @@ public class ClientRegistrationsBeanDefinitionParserTests {
 		assertThat(githubRegistration.getClientAuthenticationMethod()).isEqualTo(ClientAuthenticationMethod.BASIC);
 		assertThat(githubRegistration.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
 		assertThat(githubRegistration.getRedirectUri()).isEqualTo("{baseUrl}/login/oauth2/code/{registrationId}");
-		assertThat(googleRegistration.getScopes()).isEqualTo(StringUtils.commaDelimitedListToSet("openid,profile,email"));
+		assertThat(googleRegistration.getScopes())
+				.isEqualTo(StringUtils.commaDelimitedListToSet("openid,profile,email"));
 		assertThat(githubRegistration.getClientName()).isEqualTo("Github");
 
 		ProviderDetails githubProviderDetails = githubRegistration.getProviderDetails();
@@ -220,12 +186,11 @@ public class ClientRegistrationsBeanDefinitionParserTests {
 	}
 
 	private static MockResponse jsonResponse(String json) {
-		return new MockResponse()
-				.setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE)
-				.setBody(json);
+		return new MockResponse().setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE).setBody(json);
 	}
 
 	private static String xml(String configName) {
 		return CONFIG_LOCATION_PREFIX + "-" + configName + ".xml";
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/oauth2/client/CommonOAuth2ProviderTests.java b/config/src/test/java/org/springframework/security/config/oauth2/client/CommonOAuth2ProviderTests.java
index ad18946aca..d896bbe8b2 100644
--- a/config/src/test/java/org/springframework/security/config/oauth2/client/CommonOAuth2ProviderTests.java
+++ b/config/src/test/java/org/springframework/security/config/oauth2/client/CommonOAuth2ProviderTests.java
@@ -37,22 +37,15 @@ public class CommonOAuth2ProviderTests {
 	public void getBuilderWhenGoogleShouldHaveGoogleSettings() {
 		ClientRegistration registration = build(CommonOAuth2Provider.GOOGLE);
 		ProviderDetails providerDetails = registration.getProviderDetails();
-		assertThat(providerDetails.getAuthorizationUri())
-			.isEqualTo("https://accounts.google.com/o/oauth2/v2/auth");
-		assertThat(providerDetails.getTokenUri())
-			.isEqualTo("https://www.googleapis.com/oauth2/v4/token");
+		assertThat(providerDetails.getAuthorizationUri()).isEqualTo("https://accounts.google.com/o/oauth2/v2/auth");
+		assertThat(providerDetails.getTokenUri()).isEqualTo("https://www.googleapis.com/oauth2/v4/token");
 		assertThat(providerDetails.getUserInfoEndpoint().getUri())
-			.isEqualTo("https://www.googleapis.com/oauth2/v3/userinfo");
-		assertThat(providerDetails.getUserInfoEndpoint().getUserNameAttributeName())
-			.isEqualTo(IdTokenClaimNames.SUB);
-		assertThat(providerDetails.getJwkSetUri())
-			.isEqualTo("https://www.googleapis.com/oauth2/v3/certs");
-		assertThat(providerDetails.getIssuerUri())
-				.isEqualTo("https://accounts.google.com");
-		assertThat(registration.getClientAuthenticationMethod())
-			.isEqualTo(ClientAuthenticationMethod.BASIC);
-		assertThat(registration.getAuthorizationGrantType())
-			.isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
+				.isEqualTo("https://www.googleapis.com/oauth2/v3/userinfo");
+		assertThat(providerDetails.getUserInfoEndpoint().getUserNameAttributeName()).isEqualTo(IdTokenClaimNames.SUB);
+		assertThat(providerDetails.getJwkSetUri()).isEqualTo("https://www.googleapis.com/oauth2/v3/certs");
+		assertThat(providerDetails.getIssuerUri()).isEqualTo("https://accounts.google.com");
+		assertThat(registration.getClientAuthenticationMethod()).isEqualTo(ClientAuthenticationMethod.BASIC);
+		assertThat(registration.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
 		assertThat(registration.getRedirectUri()).isEqualTo(DEFAULT_REDIRECT_URL);
 		assertThat(registration.getScopes()).containsOnly("openid", "profile", "email");
 		assertThat(registration.getClientName()).isEqualTo("Google");
@@ -63,19 +56,13 @@ public class CommonOAuth2ProviderTests {
 	public void getBuilderWhenGitHubShouldHaveGitHubSettings() {
 		ClientRegistration registration = build(CommonOAuth2Provider.GITHUB);
 		ProviderDetails providerDetails = registration.getProviderDetails();
-		assertThat(providerDetails.getAuthorizationUri())
-			.isEqualTo("https://github.com/login/oauth/authorize");
-		assertThat(providerDetails.getTokenUri())
-			.isEqualTo("https://github.com/login/oauth/access_token");
-		assertThat(providerDetails.getUserInfoEndpoint().getUri())
-			.isEqualTo("https://api.github.com/user");
-		assertThat(providerDetails.getUserInfoEndpoint().getUserNameAttributeName())
-			.isEqualTo("id");
+		assertThat(providerDetails.getAuthorizationUri()).isEqualTo("https://github.com/login/oauth/authorize");
+		assertThat(providerDetails.getTokenUri()).isEqualTo("https://github.com/login/oauth/access_token");
+		assertThat(providerDetails.getUserInfoEndpoint().getUri()).isEqualTo("https://api.github.com/user");
+		assertThat(providerDetails.getUserInfoEndpoint().getUserNameAttributeName()).isEqualTo("id");
 		assertThat(providerDetails.getJwkSetUri()).isNull();
-		assertThat(registration.getClientAuthenticationMethod())
-			.isEqualTo(ClientAuthenticationMethod.BASIC);
-		assertThat(registration.getAuthorizationGrantType())
-			.isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
+		assertThat(registration.getClientAuthenticationMethod()).isEqualTo(ClientAuthenticationMethod.BASIC);
+		assertThat(registration.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
 		assertThat(registration.getRedirectUri()).isEqualTo(DEFAULT_REDIRECT_URL);
 		assertThat(registration.getScopes()).containsOnly("read:user");
 		assertThat(registration.getClientName()).isEqualTo("GitHub");
@@ -86,19 +73,14 @@ public class CommonOAuth2ProviderTests {
 	public void getBuilderWhenFacebookShouldHaveFacebookSettings() {
 		ClientRegistration registration = build(CommonOAuth2Provider.FACEBOOK);
 		ProviderDetails providerDetails = registration.getProviderDetails();
-		assertThat(providerDetails.getAuthorizationUri())
-			.isEqualTo("https://www.facebook.com/v2.8/dialog/oauth");
-		assertThat(providerDetails.getTokenUri())
-			.isEqualTo("https://graph.facebook.com/v2.8/oauth/access_token");
+		assertThat(providerDetails.getAuthorizationUri()).isEqualTo("https://www.facebook.com/v2.8/dialog/oauth");
+		assertThat(providerDetails.getTokenUri()).isEqualTo("https://graph.facebook.com/v2.8/oauth/access_token");
 		assertThat(providerDetails.getUserInfoEndpoint().getUri())
-			.isEqualTo("https://graph.facebook.com/me?fields=id,name,email");
-		assertThat(providerDetails.getUserInfoEndpoint().getUserNameAttributeName())
-			.isEqualTo("id");
+				.isEqualTo("https://graph.facebook.com/me?fields=id,name,email");
+		assertThat(providerDetails.getUserInfoEndpoint().getUserNameAttributeName()).isEqualTo("id");
 		assertThat(providerDetails.getJwkSetUri()).isNull();
-		assertThat(registration.getClientAuthenticationMethod())
-			.isEqualTo(ClientAuthenticationMethod.POST);
-		assertThat(registration.getAuthorizationGrantType())
-			.isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
+		assertThat(registration.getClientAuthenticationMethod()).isEqualTo(ClientAuthenticationMethod.POST);
+		assertThat(registration.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
 		assertThat(registration.getRedirectUri()).isEqualTo(DEFAULT_REDIRECT_URL);
 		assertThat(registration.getScopes()).containsOnly("public_profile", "email");
 		assertThat(registration.getClientName()).isEqualTo("Facebook");
@@ -108,22 +90,16 @@ public class CommonOAuth2ProviderTests {
 	@Test
 	public void getBuilderWhenOktaShouldHaveOktaSettings() {
 		ClientRegistration registration = builder(CommonOAuth2Provider.OKTA)
-			.authorizationUri("https://example.com/auth")
-			.tokenUri("https://example.com/token")
-			.userInfoUri("https://example.com/info")
-			.jwkSetUri("https://example.com/jwkset").build();
+				.authorizationUri("https://example.com/auth").tokenUri("https://example.com/token")
+				.userInfoUri("https://example.com/info").jwkSetUri("https://example.com/jwkset").build();
 		ProviderDetails providerDetails = registration.getProviderDetails();
-		assertThat(providerDetails.getAuthorizationUri())
-			.isEqualTo("https://example.com/auth");
+		assertThat(providerDetails.getAuthorizationUri()).isEqualTo("https://example.com/auth");
 		assertThat(providerDetails.getTokenUri()).isEqualTo("https://example.com/token");
 		assertThat(providerDetails.getUserInfoEndpoint().getUri()).isEqualTo("https://example.com/info");
-		assertThat(providerDetails.getUserInfoEndpoint().getUserNameAttributeName())
-			.isEqualTo(IdTokenClaimNames.SUB);
+		assertThat(providerDetails.getUserInfoEndpoint().getUserNameAttributeName()).isEqualTo(IdTokenClaimNames.SUB);
 		assertThat(providerDetails.getJwkSetUri()).isEqualTo("https://example.com/jwkset");
-		assertThat(registration.getClientAuthenticationMethod())
-			.isEqualTo(ClientAuthenticationMethod.BASIC);
-		assertThat(registration.getAuthorizationGrantType())
-			.isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
+		assertThat(registration.getClientAuthenticationMethod()).isEqualTo(ClientAuthenticationMethod.BASIC);
+		assertThat(registration.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
 		assertThat(registration.getRedirectUri()).isEqualTo(DEFAULT_REDIRECT_URL);
 		assertThat(registration.getScopes()).containsOnly("openid", "profile", "email");
 		assertThat(registration.getClientName()).isEqualTo("Okta");
@@ -135,9 +111,7 @@ public class CommonOAuth2ProviderTests {
 	}
 
 	private ClientRegistration.Builder builder(CommonOAuth2Provider provider) {
-		return provider.getBuilder("123")
-			.clientId("abcd")
-			.clientSecret("secret");
+		return provider.getBuilder("123").clientId("abcd").clientSecret("secret");
 	}
 
 }
diff --git a/config/src/test/java/org/springframework/security/config/provisioning/UserDetailsManagerResourceFactoryBeanPropertiesResourceITests.java b/config/src/test/java/org/springframework/security/config/provisioning/UserDetailsManagerResourceFactoryBeanPropertiesResourceITests.java
index 5548c5df46..818e469c66 100644
--- a/config/src/test/java/org/springframework/security/config/provisioning/UserDetailsManagerResourceFactoryBeanPropertiesResourceITests.java
+++ b/config/src/test/java/org/springframework/security/config/provisioning/UserDetailsManagerResourceFactoryBeanPropertiesResourceITests.java
@@ -16,7 +16,6 @@
 
 package org.springframework.security.config.provisioning;
 
-
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -34,6 +33,7 @@ import static org.assertj.core.api.AssertionsForInterfaceTypes.assertThat;
  */
 @RunWith(SpringRunner.class)
 public class UserDetailsManagerResourceFactoryBeanPropertiesResourceITests {
+
 	@Autowired
 	UserDetailsManager users;
 
@@ -44,9 +44,12 @@ public class UserDetailsManagerResourceFactoryBeanPropertiesResourceITests {
 
 	@Configuration
 	static class Config {
+
 		@Bean
 		public UserDetailsManagerResourceFactoryBean userDetailsService() {
 			return UserDetailsManagerResourceFactoryBean.fromResource(new InMemoryResource("user=password,ROLE_USER"));
 		}
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/provisioning/UserDetailsManagerResourceFactoryBeanPropertiesResourceLocationITests.java b/config/src/test/java/org/springframework/security/config/provisioning/UserDetailsManagerResourceFactoryBeanPropertiesResourceLocationITests.java
index 3c524961ce..a42b5638d1 100644
--- a/config/src/test/java/org/springframework/security/config/provisioning/UserDetailsManagerResourceFactoryBeanPropertiesResourceLocationITests.java
+++ b/config/src/test/java/org/springframework/security/config/provisioning/UserDetailsManagerResourceFactoryBeanPropertiesResourceLocationITests.java
@@ -16,7 +16,6 @@
 
 package org.springframework.security.config.provisioning;
 
-
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -33,6 +32,7 @@ import static org.assertj.core.api.AssertionsForInterfaceTypes.assertThat;
  */
 @RunWith(SpringRunner.class)
 public class UserDetailsManagerResourceFactoryBeanPropertiesResourceLocationITests {
+
 	@Autowired
 	UserDetailsManager users;
 
@@ -43,9 +43,12 @@ public class UserDetailsManagerResourceFactoryBeanPropertiesResourceLocationITes
 
 	@Configuration
 	static class Config {
+
 		@Bean
 		public UserDetailsManagerResourceFactoryBean userDetailsService() {
 			return UserDetailsManagerResourceFactoryBean.fromResourceLocation("classpath:users.properties");
 		}
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/provisioning/UserDetailsManagerResourceFactoryBeanStringITests.java b/config/src/test/java/org/springframework/security/config/provisioning/UserDetailsManagerResourceFactoryBeanStringITests.java
index 1a3cab08f1..b7840124c0 100644
--- a/config/src/test/java/org/springframework/security/config/provisioning/UserDetailsManagerResourceFactoryBeanStringITests.java
+++ b/config/src/test/java/org/springframework/security/config/provisioning/UserDetailsManagerResourceFactoryBeanStringITests.java
@@ -16,7 +16,6 @@
 
 package org.springframework.security.config.provisioning;
 
-
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -33,6 +32,7 @@ import static org.assertj.core.api.AssertionsForInterfaceTypes.assertThat;
  */
 @RunWith(SpringRunner.class)
 public class UserDetailsManagerResourceFactoryBeanStringITests {
+
 	@Autowired
 	UserDetailsManager users;
 
@@ -43,9 +43,12 @@ public class UserDetailsManagerResourceFactoryBeanStringITests {
 
 	@Configuration
 	static class Config {
+
 		@Bean
 		public UserDetailsManagerResourceFactoryBean userDetailsService() {
 			return UserDetailsManagerResourceFactoryBean.fromString("user=password,ROLE_USER");
 		}
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/test/SpringTestContext.java b/config/src/test/java/org/springframework/security/config/test/SpringTestContext.java
index 09d580acc7..9fab61c74e 100644
--- a/config/src/test/java/org/springframework/security/config/test/SpringTestContext.java
+++ b/config/src/test/java/org/springframework/security/config/test/SpringTestContext.java
@@ -48,6 +48,7 @@ import static org.springframework.security.test.web.servlet.setup.SecurityMockMv
  * @since 5.0
  */
 public class SpringTestContext implements Closeable {
+
 	private Object test;
 
 	private ConfigurableWebApplicationContext context;
@@ -62,7 +63,9 @@ public class SpringTestContext implements Closeable {
 	public void close() {
 		try {
 			this.context.close();
-		} catch(Exception e) {}
+		}
+		catch (Exception e) {
+		}
 	}
 
 	public SpringTestContext context(ConfigurableWebApplicationContext context) {
@@ -79,8 +82,7 @@ public class SpringTestContext implements Closeable {
 
 	public SpringTestContext testConfigLocations(String... configLocations) {
 		GenericXmlWebContextLoader loader = new GenericXmlWebContextLoader();
-		String[] locations = loader.processLocations(this.test.getClass(),
-			configLocations);
+		String[] locations = loader.processLocations(this.test.getClass(), configLocations);
 		return configLocations(locations);
 	}
 
@@ -100,8 +102,8 @@ public class SpringTestContext implements Closeable {
 	public SpringTestContext mockMvcAfterSpringSecurityOk() {
 		return addFilter(new OncePerRequestFilter() {
 			@Override
-			protected void doFilterInternal(HttpServletRequest request,
-				HttpServletResponse response, FilterChain filterChain) {
+			protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
+					FilterChain filterChain) {
 				response.setStatus(HttpServletResponse.SC_OK);
 			}
 		});
@@ -127,11 +129,9 @@ public class SpringTestContext implements Closeable {
 		this.context.refresh();
 
 		if (this.context.containsBean(SPRING_SECURITY_FILTER_CHAIN)) {
-			MockMvc mockMvc = MockMvcBuilders.webAppContextSetup(this.context)
-				.apply(springSecurity())
-				.apply(new AddFilter()).build();
-			this.context.getBeanFactory()
-				.registerResolvableDependency(MockMvc.class, mockMvc);
+			MockMvc mockMvc = MockMvcBuilders.webAppContextSetup(this.context).apply(springSecurity())
+					.apply(new AddFilter()).build();
+			this.context.getBeanFactory().registerResolvableDependency(MockMvc.class, mockMvc);
 		}
 
 		AutowiredAnnotationBeanPostProcessor bpp = new AutowiredAnnotationBeanPostProcessor();
@@ -140,10 +140,13 @@ public class SpringTestContext implements Closeable {
 	}
 
 	private class AddFilter implements MockMvcConfigurer {
-		public RequestPostProcessor beforeMockMvcCreated(
-			ConfigurableMockMvcBuilder<?> builder, WebApplicationContext context) {
+
+		public RequestPostProcessor beforeMockMvcCreated(ConfigurableMockMvcBuilder<?> builder,
+				WebApplicationContext context) {
 			builder.addFilters(SpringTestContext.this.filters.toArray(new Filter[0]));
 			return null;
 		}
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/test/SpringTestRule.java b/config/src/test/java/org/springframework/security/config/test/SpringTestRule.java
index 192830f5b5..ae746dc5a3 100644
--- a/config/src/test/java/org/springframework/security/config/test/SpringTestRule.java
+++ b/config/src/test/java/org/springframework/security/config/test/SpringTestRule.java
@@ -26,19 +26,21 @@ import org.springframework.security.test.context.TestSecurityContextHolder;
  * @since 5.0
  */
 public class SpringTestRule extends SpringTestContext implements MethodRule {
+
 	@Override
-	public Statement apply(Statement base, FrameworkMethod method,
-		Object target) {
+	public Statement apply(Statement base, FrameworkMethod method, Object target) {
 		return new Statement() {
 			public void evaluate() throws Throwable {
 				setTest(target);
 				try {
 					base.evaluate();
-				} finally {
+				}
+				finally {
 					TestSecurityContextHolder.clearContext();
 					close();
 				}
 			}
 		};
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/users/AuthenticationTestConfiguration.java b/config/src/test/java/org/springframework/security/config/users/AuthenticationTestConfiguration.java
index d00036b61f..c8960e2dc6 100644
--- a/config/src/test/java/org/springframework/security/config/users/AuthenticationTestConfiguration.java
+++ b/config/src/test/java/org/springframework/security/config/users/AuthenticationTestConfiguration.java
@@ -28,8 +28,10 @@ import org.springframework.security.provisioning.InMemoryUserDetailsManager;
  */
 @Configuration
 public class AuthenticationTestConfiguration {
+
 	@Bean
 	public static UserDetailsService userDetailsService() {
 		return new InMemoryUserDetailsManager(PasswordEncodedUser.user(), PasswordEncodedUser.admin());
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/users/ReactiveAuthenticationTestConfiguration.java b/config/src/test/java/org/springframework/security/config/users/ReactiveAuthenticationTestConfiguration.java
index 27862b5294..c32addfc41 100644
--- a/config/src/test/java/org/springframework/security/config/users/ReactiveAuthenticationTestConfiguration.java
+++ b/config/src/test/java/org/springframework/security/config/users/ReactiveAuthenticationTestConfiguration.java
@@ -28,8 +28,10 @@ import org.springframework.security.core.userdetails.ReactiveUserDetailsService;
  */
 @Configuration
 public class ReactiveAuthenticationTestConfiguration {
+
 	@Bean
 	public static ReactiveUserDetailsService userDetailsService() {
 		return new MapReactiveUserDetailsService(PasswordEncodedUser.user(), PasswordEncodedUser.admin());
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/util/InMemoryXmlApplicationContext.java b/config/src/test/java/org/springframework/security/config/util/InMemoryXmlApplicationContext.java
index ac7b485f75..bb324e3491 100644
--- a/config/src/test/java/org/springframework/security/config/util/InMemoryXmlApplicationContext.java
+++ b/config/src/test/java/org/springframework/security/config/util/InMemoryXmlApplicationContext.java
@@ -26,6 +26,7 @@ import org.springframework.security.util.InMemoryResource;
  * @author Eddú Meléndez
  */
 public class InMemoryXmlApplicationContext extends AbstractXmlApplicationContext {
+
 	static final String BEANS_OPENING = "<b:beans xmlns='http://www.springframework.org/schema/security'\n"
 			+ "    xmlns:context='http://www.springframework.org/schema/context'\n"
 			+ "    xmlns:b='http://www.springframework.org/schema/beans'\n"
@@ -53,8 +54,7 @@ public class InMemoryXmlApplicationContext extends AbstractXmlApplicationContext
 		this(xml, SPRING_SECURITY_VERSION, parent);
 	}
 
-	public InMemoryXmlApplicationContext(String xml, String secVersion,
-			ApplicationContext parent) {
+	public InMemoryXmlApplicationContext(String xml, String secVersion, ApplicationContext parent) {
 		String fullXml = BEANS_OPENING + secVersion + ".xsd'>\n" + xml + BEANS_CLOSE;
 		inMemoryXml = new InMemoryResource(fullXml);
 		setAllowBeanDefinitionOverriding(true);
@@ -75,4 +75,5 @@ public class InMemoryXmlApplicationContext extends AbstractXmlApplicationContext
 	protected Resource[] getConfigResources() {
 		return new Resource[] { inMemoryXml };
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/util/InMemoryXmlWebApplicationContext.java b/config/src/test/java/org/springframework/security/config/util/InMemoryXmlWebApplicationContext.java
index 96c8e758f1..affe2e9d50 100644
--- a/config/src/test/java/org/springframework/security/config/util/InMemoryXmlWebApplicationContext.java
+++ b/config/src/test/java/org/springframework/security/config/util/InMemoryXmlWebApplicationContext.java
@@ -31,6 +31,7 @@ import static org.springframework.security.config.util.InMemoryXmlApplicationCon
  * @author Joe Grandja
  */
 public class InMemoryXmlWebApplicationContext extends AbstractRefreshableWebApplicationContext {
+
 	private Resource inMemoryXml;
 
 	public InMemoryXmlWebApplicationContext(String xml) {
@@ -41,8 +42,7 @@ public class InMemoryXmlWebApplicationContext extends AbstractRefreshableWebAppl
 		this(xml, SPRING_SECURITY_VERSION, parent);
 	}
 
-	public InMemoryXmlWebApplicationContext(String xml, String secVersion,
-											ApplicationContext parent) {
+	public InMemoryXmlWebApplicationContext(String xml, String secVersion, ApplicationContext parent) {
 		String fullXml = BEANS_OPENING + secVersion + ".xsd'>\n" + xml + BEANS_CLOSE;
 		inMemoryXml = new InMemoryResource(fullXml);
 		setAllowBeanDefinitionOverriding(true);
diff --git a/config/src/test/java/org/springframework/security/config/web/server/AuthorizeExchangeSpecTests.java b/config/src/test/java/org/springframework/security/config/web/server/AuthorizeExchangeSpecTests.java
index d19e5e953f..99541aab43 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/AuthorizeExchangeSpecTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/AuthorizeExchangeSpecTests.java
@@ -27,140 +27,81 @@ import org.springframework.test.web.reactive.server.WebTestClient;
  * @since 5.0
  */
 public class AuthorizeExchangeSpecTests {
+
 	ServerHttpSecurity http = ServerHttpSecurityConfigurationBuilder.httpWithDefaultAuthentication();
 
 	@Test
 	public void antMatchersWhenMethodAndPatternsThenDiscriminatesByMethod() {
-		this.http
-			.csrf().disable()
-			.authorizeExchange()
-				.pathMatchers(HttpMethod.POST, "/a", "/b").denyAll()
-				.anyExchange().permitAll();
+		this.http.csrf().disable().authorizeExchange().pathMatchers(HttpMethod.POST, "/a", "/b").denyAll().anyExchange()
+				.permitAll();
 
 		WebTestClient client = buildClient();
 
-		client.get()
-			.uri("/a")
-			.exchange()
-			.expectStatus().isOk();
+		client.get().uri("/a").exchange().expectStatus().isOk();
 
-		client.get()
-			.uri("/b")
-			.exchange()
-			.expectStatus().isOk();
+		client.get().uri("/b").exchange().expectStatus().isOk();
 
-		client.post()
-			.uri("/a")
-			.exchange()
-			.expectStatus().isUnauthorized();
+		client.post().uri("/a").exchange().expectStatus().isUnauthorized();
 
-		client.post()
-			.uri("/b")
-			.exchange()
-			.expectStatus().isUnauthorized();
+		client.post().uri("/b").exchange().expectStatus().isUnauthorized();
 	}
 
-
 	@Test
 	public void antMatchersWhenPatternsThenAnyMethod() {
-		this.http
-			.csrf().disable()
-			.authorizeExchange()
-				.pathMatchers("/a", "/b").denyAll()
-				.anyExchange().permitAll();
+		this.http.csrf().disable().authorizeExchange().pathMatchers("/a", "/b").denyAll().anyExchange().permitAll();
 
 		WebTestClient client = buildClient();
 
-		client.get()
-			.uri("/a")
-			.exchange()
-			.expectStatus().isUnauthorized();
+		client.get().uri("/a").exchange().expectStatus().isUnauthorized();
 
-		client.get()
-			.uri("/b")
-			.exchange()
-			.expectStatus().isUnauthorized();
+		client.get().uri("/b").exchange().expectStatus().isUnauthorized();
 
-		client.post()
-			.uri("/a")
-			.exchange()
-			.expectStatus().isUnauthorized();
+		client.post().uri("/a").exchange().expectStatus().isUnauthorized();
 
-		client.post()
-			.uri("/b")
-			.exchange()
-			.expectStatus().isUnauthorized();
+		client.post().uri("/b").exchange().expectStatus().isUnauthorized();
 	}
 
 	@Test
 	public void antMatchersWhenPatternsInLambdaThenAnyMethod() {
-		this.http
-			.csrf(ServerHttpSecurity.CsrfSpec::disable)
-			.authorizeExchange(exchanges ->
-				exchanges
-					.pathMatchers("/a", "/b").denyAll()
-					.anyExchange().permitAll()
-			);
+		this.http.csrf(ServerHttpSecurity.CsrfSpec::disable)
+				.authorizeExchange(exchanges -> exchanges.pathMatchers("/a", "/b").denyAll().anyExchange().permitAll());
 
 		WebTestClient client = buildClient();
 
-		client.get()
-			.uri("/a")
-			.exchange()
-			.expectStatus().isUnauthorized();
+		client.get().uri("/a").exchange().expectStatus().isUnauthorized();
 
-		client.get()
-			.uri("/b")
-			.exchange()
-			.expectStatus().isUnauthorized();
+		client.get().uri("/b").exchange().expectStatus().isUnauthorized();
 
-		client.post()
-			.uri("/a")
-			.exchange()
-			.expectStatus().isUnauthorized();
+		client.post().uri("/a").exchange().expectStatus().isUnauthorized();
 
-		client.post()
-			.uri("/b")
-			.exchange()
-			.expectStatus().isUnauthorized();
+		client.post().uri("/b").exchange().expectStatus().isUnauthorized();
 	}
 
 	@Test(expected = IllegalStateException.class)
 	public void antMatchersWhenNoAccessAndAnotherMatcherThenThrowsException() {
-		this.http
-			.authorizeExchange()
-				.pathMatchers("/incomplete");
-		this.http
-			.authorizeExchange()
-				.pathMatchers("/throws-exception");
+		this.http.authorizeExchange().pathMatchers("/incomplete");
+		this.http.authorizeExchange().pathMatchers("/throws-exception");
 	}
 
 	@Test(expected = IllegalStateException.class)
 	public void anyExchangeWhenFollowedByMatcherThenThrowsException() {
-		this.http
-			.authorizeExchange().anyExchange().denyAll()
-			.pathMatchers("/never-reached");
+		this.http.authorizeExchange().anyExchange().denyAll().pathMatchers("/never-reached");
 	}
 
 	@Test(expected = IllegalStateException.class)
 	public void buildWhenMatcherDefinedWithNoAccessThenThrowsException() {
-		this.http
-			.authorizeExchange()
-				.pathMatchers("/incomplete");
+		this.http.authorizeExchange().pathMatchers("/incomplete");
 		this.http.build();
 	}
 
 	@Test(expected = IllegalStateException.class)
 	public void buildWhenMatcherDefinedWithNoAccessInLambdaThenThrowsException() {
-		this.http
-			.authorizeExchange(exchanges ->
-				exchanges
-					.pathMatchers("/incomplete")
-			);
+		this.http.authorizeExchange(exchanges -> exchanges.pathMatchers("/incomplete"));
 		this.http.build();
 	}
 
 	private WebTestClient buildClient() {
 		return WebTestClientBuilder.bindToWebFilters(this.http.build()).build();
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/web/server/CorsSpecTests.java b/config/src/test/java/org/springframework/security/config/web/server/CorsSpecTests.java
index 9cac1da459..d41c7679ff 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/CorsSpecTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/CorsSpecTests.java
@@ -46,8 +46,10 @@ import static org.mockito.Mockito.when;
  */
 @RunWith(MockitoJUnitRunner.class)
 public class CorsSpecTests {
+
 	@Mock
 	private CorsConfigurationSource source;
+
 	@Mock
 	private ApplicationContext context;
 
@@ -59,8 +61,7 @@ public class CorsSpecTests {
 
 	@Before
 	public void setup() {
-		this.http = new TestingServerHttpSecurity()
-				.applicationContext(this.context);
+		this.http = new TestingServerHttpSecurity().applicationContext(this.context);
 		CorsConfiguration value = new CorsConfiguration();
 		value.setAllowedOrigins(Arrays.asList("*"));
 		when(this.source.getCorsConfiguration(any())).thenReturn(value);
@@ -84,7 +85,8 @@ public class CorsSpecTests {
 
 	@Test
 	public void corsWhenCorsConfigurationSourceBeanThenAccessControlAllowOriginAndSecurityHeaders() {
-		when(this.context.getBeanNamesForType(any(ResolvableType.class))).thenReturn(new String[] {"source"}, new String[0]);
+		when(this.context.getBeanNamesForType(any(ResolvableType.class))).thenReturn(new String[] { "source" },
+				new String[0]);
 		when(this.context.getBean("source")).thenReturn(this.source);
 		this.expectedHeaders.set("Access-Control-Allow-Origin", "*");
 		this.expectedHeaders.set("X-Frame-Options", "DENY");
@@ -100,17 +102,13 @@ public class CorsSpecTests {
 
 	private void assertHeaders() {
 		WebTestClient client = buildClient();
-		FluxExchangeResult<String> response = client.get()
-			.uri("https://example.com/")
-			.headers(h -> h.setOrigin("https://origin.example.com"))
-			.exchange()
-			.returnResult(String.class);
+		FluxExchangeResult<String> response = client.get().uri("https://example.com/")
+				.headers(h -> h.setOrigin("https://origin.example.com")).exchange().returnResult(String.class);
 
 		Map<String, List<String>> responseHeaders = response.getResponseHeaders();
 
 		if (!this.expectedHeaders.isEmpty()) {
-			assertThat(responseHeaders).describedAs(response.toString())
-					.containsAllEntriesOf(this.expectedHeaders);
+			assertThat(responseHeaders).describedAs(response.toString()).containsAllEntriesOf(this.expectedHeaders);
 		}
 		if (!this.headerNamesNotPresent.isEmpty()) {
 			assertThat(responseHeaders.keySet()).doesNotContainAnyElementsOf(this.headerNamesNotPresent);
@@ -118,8 +116,7 @@ public class CorsSpecTests {
 	}
 
 	private WebTestClient buildClient() {
-		return WebTestClientBuilder
-				.bindToWebFilters(this.http.build())
-				.build();
+		return WebTestClientBuilder.bindToWebFilters(this.http.build()).build();
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/web/server/ExceptionHandlingSpecTests.java b/config/src/test/java/org/springframework/security/config/web/server/ExceptionHandlingSpecTests.java
index beae57c576..c4bf90d8c2 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/ExceptionHandlingSpecTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/ExceptionHandlingSpecTests.java
@@ -33,197 +33,102 @@ import static org.springframework.security.config.Customizer.withDefaults;
  * @since 5.0.5
  */
 public class ExceptionHandlingSpecTests {
+
 	private ServerHttpSecurity http = ServerHttpSecurityConfigurationBuilder.httpWithDefaultAuthentication();
 
 	@Test
 	public void defaultAuthenticationEntryPoint() {
-		SecurityWebFilterChain securityWebFilter = this.http
-			.csrf().disable()
-			.authorizeExchange()
-				.anyExchange().authenticated()
-				.and()
-			.exceptionHandling()
-				.and()
-			.build();
+		SecurityWebFilterChain securityWebFilter = this.http.csrf().disable().authorizeExchange().anyExchange()
+				.authenticated().and().exceptionHandling().and().build();
 
-		WebTestClient client = WebTestClientBuilder
-			.bindToWebFilters(securityWebFilter)
-			.build();
+		WebTestClient client = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build();
 
-		client
-			.get()
-			.uri("/test")
-			.exchange()
-			.expectStatus().isUnauthorized()
-			.expectHeader().valueMatches("WWW-Authenticate", "Basic.*");
+		client.get().uri("/test").exchange().expectStatus().isUnauthorized().expectHeader()
+				.valueMatches("WWW-Authenticate", "Basic.*");
 	}
 
 	@Test
 	public void requestWhenExceptionHandlingWithDefaultsInLambdaThenDefaultAuthenticationEntryPointUsed() {
 		SecurityWebFilterChain securityWebFilter = this.http
-			.authorizeExchange(exchanges ->
-				exchanges
-					.anyExchange().authenticated()
-			)
-			.exceptionHandling(withDefaults())
-			.build();
+				.authorizeExchange(exchanges -> exchanges.anyExchange().authenticated())
+				.exceptionHandling(withDefaults()).build();
 
-		WebTestClient client = WebTestClientBuilder
-			.bindToWebFilters(securityWebFilter)
-			.build();
+		WebTestClient client = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build();
 
-		client
-			.get()
-			.uri("/test")
-			.exchange()
-			.expectStatus().isUnauthorized()
-			.expectHeader().valueMatches("WWW-Authenticate", "Basic.*");
+		client.get().uri("/test").exchange().expectStatus().isUnauthorized().expectHeader()
+				.valueMatches("WWW-Authenticate", "Basic.*");
 	}
 
 	@Test
 	public void customAuthenticationEntryPoint() {
-		SecurityWebFilterChain securityWebFilter = this.http
-			.csrf().disable()
-			.authorizeExchange()
-				.anyExchange().authenticated()
-				.and()
-			.exceptionHandling()
-				.authenticationEntryPoint(redirectServerAuthenticationEntryPoint("/auth"))
-				.and()
-			.build();
+		SecurityWebFilterChain securityWebFilter = this.http.csrf().disable().authorizeExchange().anyExchange()
+				.authenticated().and().exceptionHandling()
+				.authenticationEntryPoint(redirectServerAuthenticationEntryPoint("/auth")).and().build();
 
-		WebTestClient client = WebTestClientBuilder
-			.bindToWebFilters(securityWebFilter)
-			.build();
+		WebTestClient client = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build();
 
-		client
-			.get()
-			.uri("/test")
-			.exchange()
-			.expectStatus().isFound()
-			.expectHeader().valueMatches("Location", ".*");
+		client.get().uri("/test").exchange().expectStatus().isFound().expectHeader().valueMatches("Location", ".*");
 	}
 
 	@Test
 	public void requestWhenCustomAuthenticationEntryPointInLambdaThenCustomAuthenticationEntryPointUsed() {
 		SecurityWebFilterChain securityWebFilter = this.http
-				.authorizeExchange(exchanges ->
-					exchanges
-						.anyExchange().authenticated()
-				)
-				.exceptionHandling(exceptionHandling ->
-					exceptionHandling
-						.authenticationEntryPoint(redirectServerAuthenticationEntryPoint("/auth"))
-				)
+				.authorizeExchange(exchanges -> exchanges.anyExchange().authenticated())
+				.exceptionHandling(exceptionHandling -> exceptionHandling
+						.authenticationEntryPoint(redirectServerAuthenticationEntryPoint("/auth")))
 				.build();
 
-		WebTestClient client = WebTestClientBuilder
-			.bindToWebFilters(securityWebFilter)
-			.build();
+		WebTestClient client = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build();
 
-		client
-			.get()
-			.uri("/test")
-			.exchange()
-			.expectStatus().isFound()
-			.expectHeader().valueMatches("Location", ".*");
+		client.get().uri("/test").exchange().expectStatus().isFound().expectHeader().valueMatches("Location", ".*");
 	}
 
 	@Test
 	public void defaultAccessDeniedHandler() {
-		SecurityWebFilterChain securityWebFilter = this.http
-			.csrf().disable()
-			.httpBasic().and()
-			.authorizeExchange()
-				.anyExchange().hasRole("ADMIN")
-				.and()
-			.exceptionHandling()
-				.and()
-			.build();
+		SecurityWebFilterChain securityWebFilter = this.http.csrf().disable().httpBasic().and().authorizeExchange()
+				.anyExchange().hasRole("ADMIN").and().exceptionHandling().and().build();
 
-		WebTestClient client = WebTestClientBuilder
-			.bindToWebFilters(securityWebFilter)
-			.build();
+		WebTestClient client = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build();
 
-		client
-			.get()
-			.uri("/admin")
-			.headers(headers -> headers.setBasicAuth("user", "password"))
-			.exchange()
-			.expectStatus().isForbidden();
+		client.get().uri("/admin").headers(headers -> headers.setBasicAuth("user", "password")).exchange()
+				.expectStatus().isForbidden();
 	}
 
 	@Test
 	public void requestWhenExceptionHandlingWithDefaultsInLambdaThenDefaultAccessDeniedHandlerUsed() {
-		SecurityWebFilterChain securityWebFilter = this.http
-				.httpBasic(withDefaults())
-				.authorizeExchange(exchanges ->
-					exchanges
-						.anyExchange().hasRole("ADMIN")
-				)
-				.exceptionHandling(withDefaults())
-				.build();
+		SecurityWebFilterChain securityWebFilter = this.http.httpBasic(withDefaults())
+				.authorizeExchange(exchanges -> exchanges.anyExchange().hasRole("ADMIN"))
+				.exceptionHandling(withDefaults()).build();
 
-		WebTestClient client = WebTestClientBuilder
-				.bindToWebFilters(securityWebFilter)
-				.build();
+		WebTestClient client = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build();
 
-		client
-				.get()
-				.uri("/admin")
-				.headers(headers -> headers.setBasicAuth("user", "password"))
-				.exchange()
+		client.get().uri("/admin").headers(headers -> headers.setBasicAuth("user", "password")).exchange()
 				.expectStatus().isForbidden();
 	}
 
 	@Test
 	public void customAccessDeniedHandler() {
-		SecurityWebFilterChain securityWebFilter = this.http
-			.csrf().disable()
-			.httpBasic().and()
-			.authorizeExchange()
-				.anyExchange().hasRole("ADMIN")
-				.and()
-			.exceptionHandling()
-				.accessDeniedHandler(httpStatusServerAccessDeniedHandler(HttpStatus.BAD_REQUEST))
-				.and()
-			.build();
+		SecurityWebFilterChain securityWebFilter = this.http.csrf().disable().httpBasic().and().authorizeExchange()
+				.anyExchange().hasRole("ADMIN").and().exceptionHandling()
+				.accessDeniedHandler(httpStatusServerAccessDeniedHandler(HttpStatus.BAD_REQUEST)).and().build();
 
-		WebTestClient client = WebTestClientBuilder
-			.bindToWebFilters(securityWebFilter)
-			.build();
+		WebTestClient client = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build();
 
-		client
-			.get()
-			.uri("/admin")
-			.headers(headers -> headers.setBasicAuth("user", "password"))
-			.exchange()
-			.expectStatus().isBadRequest();
+		client.get().uri("/admin").headers(headers -> headers.setBasicAuth("user", "password")).exchange()
+				.expectStatus().isBadRequest();
 	}
 
 	@Test
 	public void requestWhenCustomAccessDeniedHandlerInLambdaThenCustomAccessDeniedHandlerUsed() {
-		SecurityWebFilterChain securityWebFilter = this.http
-				.httpBasic(withDefaults())
-				.authorizeExchange(exchanges ->
-						exchanges
-								.anyExchange().hasRole("ADMIN")
-				)
-				.exceptionHandling(exceptionHandling ->
-					exceptionHandling
-						.accessDeniedHandler(httpStatusServerAccessDeniedHandler(HttpStatus.BAD_REQUEST))
-				)
+		SecurityWebFilterChain securityWebFilter = this.http.httpBasic(withDefaults())
+				.authorizeExchange(exchanges -> exchanges.anyExchange().hasRole("ADMIN"))
+				.exceptionHandling(exceptionHandling -> exceptionHandling
+						.accessDeniedHandler(httpStatusServerAccessDeniedHandler(HttpStatus.BAD_REQUEST)))
 				.build();
 
-		WebTestClient client = WebTestClientBuilder
-				.bindToWebFilters(securityWebFilter)
-				.build();
+		WebTestClient client = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build();
 
-		client
-				.get()
-				.uri("/admin")
-				.headers(headers -> headers.setBasicAuth("user", "password"))
-				.exchange()
+		client.get().uri("/admin").headers(headers -> headers.setBasicAuth("user", "password")).exchange()
 				.expectStatus().isBadRequest();
 	}
 
@@ -234,4 +139,5 @@ public class ExceptionHandlingSpecTests {
 	private ServerAccessDeniedHandler httpStatusServerAccessDeniedHandler(HttpStatus httpStatus) {
 		return new HttpStatusServerAccessDeniedHandler(httpStatus);
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/web/server/FormLoginTests.java b/config/src/test/java/org/springframework/security/config/web/server/FormLoginTests.java
index c0f1ff8938..29684c9bff 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/FormLoginTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/FormLoginTests.java
@@ -62,121 +62,70 @@ import static org.springframework.security.config.Customizer.withDefaults;
  * @since 5.0
  */
 public class FormLoginTests {
+
 	private ServerHttpSecurity http = ServerHttpSecurityConfigurationBuilder.httpWithDefaultAuthentication();
 
 	@Test
 	public void defaultLoginPage() {
-		SecurityWebFilterChain securityWebFilter = this.http
-			.authorizeExchange()
-				.anyExchange().authenticated()
-				.and()
-			.formLogin().and()
-			.build();
+		SecurityWebFilterChain securityWebFilter = this.http.authorizeExchange().anyExchange().authenticated().and()
+				.formLogin().and().build();
 
-		WebTestClient webTestClient = WebTestClientBuilder
-			.bindToWebFilters(securityWebFilter)
-			.build();
+		WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build();
 
-		WebDriver driver = WebTestClientHtmlUnitDriverBuilder
-			.webTestClientSetup(webTestClient)
-			.build();
+		WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build();
 
-		DefaultLoginPage loginPage = HomePage.to(driver, DefaultLoginPage.class)
-			.assertAt();
+		DefaultLoginPage loginPage = HomePage.to(driver, DefaultLoginPage.class).assertAt();
 
-		loginPage = loginPage.loginForm()
-			.username("user")
-			.password("invalid")
-			.submit(DefaultLoginPage.class)
-			.assertError();
+		loginPage = loginPage.loginForm().username("user").password("invalid").submit(DefaultLoginPage.class)
+				.assertError();
 
-		HomePage homePage = loginPage.loginForm()
-			.username("user")
-			.password("password")
-			.submit(HomePage.class);
+		HomePage homePage = loginPage.loginForm().username("user").password("password").submit(HomePage.class);
 
 		homePage.assertAt();
 
-		loginPage = DefaultLogoutPage.to(driver)
-			.assertAt()
-			.logout();
+		loginPage = DefaultLogoutPage.to(driver).assertAt().logout();
 
-		loginPage
-			.assertAt()
-			.assertLogout();
+		loginPage.assertAt().assertLogout();
 	}
 
 	@Test
 	public void formLoginWhenDefaultsInLambdaThenCreatesDefaultLoginPage() {
 		SecurityWebFilterChain securityWebFilter = this.http
-			.authorizeExchange(exchanges ->
-				exchanges
-					.anyExchange().authenticated()
-			)
-			.formLogin(withDefaults())
-			.build();
+				.authorizeExchange(exchanges -> exchanges.anyExchange().authenticated()).formLogin(withDefaults())
+				.build();
 
-		WebTestClient webTestClient = WebTestClientBuilder
-			.bindToWebFilters(securityWebFilter)
-			.build();
+		WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build();
 
-		WebDriver driver = WebTestClientHtmlUnitDriverBuilder
-			.webTestClientSetup(webTestClient)
-			.build();
+		WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build();
 
-		DefaultLoginPage loginPage = HomePage.to(driver, DefaultLoginPage.class)
-			.assertAt();
+		DefaultLoginPage loginPage = HomePage.to(driver, DefaultLoginPage.class).assertAt();
 
-		loginPage = loginPage.loginForm()
-			.username("user")
-			.password("invalid")
-			.submit(DefaultLoginPage.class)
-			.assertError();
+		loginPage = loginPage.loginForm().username("user").password("invalid").submit(DefaultLoginPage.class)
+				.assertError();
 
-		HomePage homePage = loginPage.loginForm()
-			.username("user")
-			.password("password")
-			.submit(HomePage.class);
+		HomePage homePage = loginPage.loginForm().username("user").password("password").submit(HomePage.class);
 
 		homePage.assertAt();
 
-		loginPage = DefaultLogoutPage.to(driver)
-			.assertAt()
-			.logout();
+		loginPage = DefaultLogoutPage.to(driver).assertAt().logout();
 
-		loginPage
-			.assertAt()
-			.assertLogout();
+		loginPage.assertAt().assertLogout();
 	}
 
 	@Test
 	public void customLoginPage() {
-		SecurityWebFilterChain securityWebFilter = this.http
-			.authorizeExchange()
-				.pathMatchers("/login").permitAll()
-				.anyExchange().authenticated()
-				.and()
-			.formLogin()
-				.loginPage("/login")
-				.and()
-			.build();
+		SecurityWebFilterChain securityWebFilter = this.http.authorizeExchange().pathMatchers("/login").permitAll()
+				.anyExchange().authenticated().and().formLogin().loginPage("/login").and().build();
 
 		WebTestClient webTestClient = WebTestClient
-			.bindToController(new CustomLoginPageController(), new WebTestClientBuilder.Http200RestController())
-			.webFilter(new WebFilterChainProxy(securityWebFilter))
-			.build();
+				.bindToController(new CustomLoginPageController(), new WebTestClientBuilder.Http200RestController())
+				.webFilter(new WebFilterChainProxy(securityWebFilter)).build();
 
-		WebDriver driver = WebTestClientHtmlUnitDriverBuilder
-			.webTestClientSetup(webTestClient)
-			.build();
+		WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build();
 
-		CustomLoginPage loginPage = HomePage.to(driver, CustomLoginPage.class)
-			.assertAt();
+		CustomLoginPage loginPage = HomePage.to(driver, CustomLoginPage.class).assertAt();
 
-		HomePage homePage = loginPage.loginForm()
-			.username("user")
-			.password("password")
-			.submit(HomePage.class);
+		HomePage homePage = loginPage.loginForm().username("user").password("password").submit(HomePage.class);
 
 		homePage.assertAt();
 	}
@@ -184,87 +133,49 @@ public class FormLoginTests {
 	@Test
 	public void formLoginWhenCustomLoginPageInLambdaThenUsed() {
 		SecurityWebFilterChain securityWebFilter = this.http
-			.authorizeExchange(exchanges ->
-				exchanges
-					.pathMatchers("/login").permitAll()
-					.anyExchange().authenticated()
-			)
-			.formLogin(formLogin ->
-				formLogin
-					.loginPage("/login")
-			)
-			.build();
+				.authorizeExchange(
+						exchanges -> exchanges.pathMatchers("/login").permitAll().anyExchange().authenticated())
+				.formLogin(formLogin -> formLogin.loginPage("/login")).build();
 
 		WebTestClient webTestClient = WebTestClient
-			.bindToController(new CustomLoginPageController(), new WebTestClientBuilder.Http200RestController())
-			.webFilter(new WebFilterChainProxy(securityWebFilter))
-			.build();
+				.bindToController(new CustomLoginPageController(), new WebTestClientBuilder.Http200RestController())
+				.webFilter(new WebFilterChainProxy(securityWebFilter)).build();
 
-		WebDriver driver = WebTestClientHtmlUnitDriverBuilder
-			.webTestClientSetup(webTestClient)
-			.build();
+		WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build();
 
-		CustomLoginPage loginPage = HomePage.to(driver, CustomLoginPage.class)
-			.assertAt();
+		CustomLoginPage loginPage = HomePage.to(driver, CustomLoginPage.class).assertAt();
 
-		HomePage homePage = loginPage.loginForm()
-			.username("user")
-			.password("password")
-			.submit(HomePage.class);
+		HomePage homePage = loginPage.loginForm().username("user").password("password").submit(HomePage.class);
 
 		homePage.assertAt();
 	}
 
 	@Test
 	public void formLoginWhenCustomAuthenticationFailureHandlerThenUsed() {
-		SecurityWebFilterChain securityWebFilter = this.http
-			.authorizeExchange()
-				.pathMatchers("/login", "/failure").permitAll()
-				.anyExchange().authenticated()
-				.and()
-			.formLogin()
-				.authenticationFailureHandler(new RedirectServerAuthenticationFailureHandler("/failure"))
-				.and()
-			.build();
+		SecurityWebFilterChain securityWebFilter = this.http.authorizeExchange().pathMatchers("/login", "/failure")
+				.permitAll().anyExchange().authenticated().and().formLogin()
+				.authenticationFailureHandler(new RedirectServerAuthenticationFailureHandler("/failure")).and().build();
 
-		WebTestClient webTestClient = WebTestClientBuilder
-				.bindToWebFilters(securityWebFilter)
-				.build();
+		WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build();
 
-		WebDriver driver = WebTestClientHtmlUnitDriverBuilder
-				.webTestClientSetup(webTestClient)
-				.build();
+		WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build();
 
-		DefaultLoginPage loginPage = HomePage.to(driver, DefaultLoginPage.class)
-				.assertAt();
+		DefaultLoginPage loginPage = HomePage.to(driver, DefaultLoginPage.class).assertAt();
 
-		loginPage.loginForm()
-				.username("invalid")
-				.password("invalid")
-				.submit(HomePage.class);
+		loginPage.loginForm().username("invalid").password("invalid").submit(HomePage.class);
 
 		assertThat(driver.getCurrentUrl()).endsWith("/failure");
 	}
 
 	@Test
 	public void formLoginWhenCustomRequiresAuthenticationMatcherThenUsed() {
-		SecurityWebFilterChain securityWebFilter = this.http
-			.authorizeExchange()
-				.pathMatchers("/login", "/sign-in").permitAll()
-				.anyExchange().authenticated()
-				.and()
-			.formLogin()
-				.requiresAuthenticationMatcher(new PathPatternParserServerWebExchangeMatcher("/sign-in"))
-				.and()
-			.build();
+		SecurityWebFilterChain securityWebFilter = this.http.authorizeExchange().pathMatchers("/login", "/sign-in")
+				.permitAll().anyExchange().authenticated().and().formLogin()
+				.requiresAuthenticationMatcher(new PathPatternParserServerWebExchangeMatcher("/sign-in")).and().build();
 
-		WebTestClient webTestClient = WebTestClientBuilder
-				.bindToWebFilters(securityWebFilter)
-				.build();
+		WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build();
 
-		WebDriver driver = WebTestClientHtmlUnitDriverBuilder
-				.webTestClientSetup(webTestClient)
-				.build();
+		WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build();
 
 		driver.get("http://localhost/sign-in");
 
@@ -273,30 +184,17 @@ public class FormLoginTests {
 
 	@Test
 	public void authenticationSuccess() {
-		SecurityWebFilterChain securityWebFilter = this.http
-			.authorizeExchange()
-				.anyExchange().authenticated()
-				.and()
-			.formLogin()
-				.authenticationSuccessHandler(new RedirectServerAuthenticationSuccessHandler("/custom"))
-				.and()
-			.build();
+		SecurityWebFilterChain securityWebFilter = this.http.authorizeExchange().anyExchange().authenticated().and()
+				.formLogin().authenticationSuccessHandler(new RedirectServerAuthenticationSuccessHandler("/custom"))
+				.and().build();
 
-		WebTestClient webTestClient = WebTestClientBuilder
-			.bindToWebFilters(securityWebFilter)
-			.build();
+		WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build();
 
-		WebDriver driver = WebTestClientHtmlUnitDriverBuilder
-			.webTestClientSetup(webTestClient)
-			.build();
+		WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build();
 
-		DefaultLoginPage loginPage = DefaultLoginPage.to(driver)
-			.assertAt();
+		DefaultLoginPage loginPage = DefaultLoginPage.to(driver).assertAt();
 
-		HomePage homePage = loginPage.loginForm()
-			.username("user")
-			.password("password")
-			.submit(HomePage.class);
+		HomePage homePage = loginPage.loginForm().username("user").password("password").submit(HomePage.class);
 
 		assertThat(driver.getCurrentUrl()).endsWith("/custom");
 	}
@@ -306,31 +204,21 @@ public class FormLoginTests {
 		ReactiveAuthenticationManager defaultAuthenticationManager = mock(ReactiveAuthenticationManager.class);
 		ReactiveAuthenticationManager customAuthenticationManager = mock(ReactiveAuthenticationManager.class);
 
-		given(defaultAuthenticationManager.authenticate(any())).willThrow(new RuntimeException("should not interact with default auth manager"));
-		given(customAuthenticationManager.authenticate(any())).willReturn(Mono.just(new TestingAuthenticationToken("user", "password", "ROLE_USER", "ROLE_ADMIN")));
+		given(defaultAuthenticationManager.authenticate(any()))
+				.willThrow(new RuntimeException("should not interact with default auth manager"));
+		given(customAuthenticationManager.authenticate(any()))
+				.willReturn(Mono.just(new TestingAuthenticationToken("user", "password", "ROLE_USER", "ROLE_ADMIN")));
 
-		SecurityWebFilterChain securityWebFilter = this.http
-			.authenticationManager(defaultAuthenticationManager)
-			.formLogin()
-				.authenticationManager(customAuthenticationManager)
-				.and()
-			.build();
+		SecurityWebFilterChain securityWebFilter = this.http.authenticationManager(defaultAuthenticationManager)
+				.formLogin().authenticationManager(customAuthenticationManager).and().build();
 
-		WebTestClient webTestClient = WebTestClientBuilder
-			.bindToWebFilters(securityWebFilter)
-			.build();
+		WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build();
 
-		WebDriver driver = WebTestClientHtmlUnitDriverBuilder
-			.webTestClientSetup(webTestClient)
-			.build();
+		WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build();
 
-		DefaultLoginPage loginPage = DefaultLoginPage.to(driver)
-			.assertAt();
+		DefaultLoginPage loginPage = DefaultLoginPage.to(driver).assertAt();
 
-		HomePage homePage = loginPage.loginForm()
-			.username("user")
-			.password("password")
-			.submit(HomePage.class);
+		HomePage homePage = loginPage.loginForm().username("user").password("password").submit(HomePage.class);
 
 		homePage.assertAt();
 
@@ -349,31 +237,17 @@ public class FormLoginTests {
 		given(formLoginSecContextRepository.save(any(), any())).willReturn(Mono.empty());
 		given(formLoginSecContextRepository.load(any())).willReturn(authentication(token));
 
-		SecurityWebFilterChain securityWebFilter = this.http
-				.authorizeExchange()
-					.anyExchange().authenticated()
-					.and()
-				.securityContextRepository(defaultSecContextRepository)
-				.formLogin()
-					.securityContextRepository(formLoginSecContextRepository)
-					.and()
-				.build();
+		SecurityWebFilterChain securityWebFilter = this.http.authorizeExchange().anyExchange().authenticated().and()
+				.securityContextRepository(defaultSecContextRepository).formLogin()
+				.securityContextRepository(formLoginSecContextRepository).and().build();
 
-		WebTestClient webTestClient = WebTestClientBuilder
-				.bindToWebFilters(securityWebFilter)
-				.build();
+		WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build();
 
-		WebDriver driver = WebTestClientHtmlUnitDriverBuilder
-				.webTestClientSetup(webTestClient)
-				.build();
+		WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build();
 
-		DefaultLoginPage loginPage = DefaultLoginPage.to(driver)
-				.assertAt();
+		DefaultLoginPage loginPage = DefaultLoginPage.to(driver).assertAt();
 
-		HomePage homePage = loginPage.loginForm()
-				.username("user")
-				.password("password")
-				.submit(HomePage.class);
+		HomePage homePage = loginPage.loginForm().username("user").password("password").submit(HomePage.class);
 
 		homePage.assertAt();
 
@@ -402,9 +276,13 @@ public class FormLoginTests {
 		}
 
 		public static class LoginForm {
+
 			private WebDriver driver;
+
 			private WebElement username;
+
 			private WebElement password;
+
 			@FindBy(css = "button[type=submit]")
 			private WebElement submit;
 
@@ -426,12 +304,15 @@ public class FormLoginTests {
 				this.submit.click();
 				return PageFactory.initElements(this.driver, page);
 			}
+
 		}
+
 	}
 
 	public static class DefaultLoginPage {
 
 		private WebDriver driver;
+
 		@FindBy(css = "div[role=alert]")
 		private WebElement alert;
 
@@ -463,8 +344,7 @@ public class FormLoginTests {
 		}
 
 		public DefaultLoginPage assertLoginFormNotPresent() {
-			assertThatThrownBy(() -> loginForm().username(""))
-					.isInstanceOf(NoSuchElementException.class);
+			assertThatThrownBy(() -> loginForm().username("")).isInstanceOf(NoSuchElementException.class);
 			return this;
 		}
 
@@ -485,9 +365,13 @@ public class FormLoginTests {
 		}
 
 		public static class LoginForm {
+
 			private WebDriver driver;
+
 			private WebElement username;
+
 			private WebElement password;
+
 			@FindBy(css = "button[type=submit]")
 			private WebElement submit;
 
@@ -509,28 +393,32 @@ public class FormLoginTests {
 				this.submit.click();
 				return PageFactory.initElements(this.driver, page);
 			}
+
 		}
 
 		public class OAuth2Login {
+
 			public WebElement findClientRegistrationByName(String clientName) {
 				return DefaultLoginPage.this.driver.findElement(By.linkText(clientName));
 			}
 
 			public OAuth2Login assertClientRegistrationByName(String clientName) {
-				assertThatCode(() -> findClientRegistrationByName(clientName))
-						.doesNotThrowAnyException();
+				assertThatCode(() -> findClientRegistrationByName(clientName)).doesNotThrowAnyException();
 				return this;
 			}
 
 			public DefaultLoginPage and() {
 				return DefaultLoginPage.this;
 			}
+
 		}
+
 	}
 
 	public static class DefaultLogoutPage {
 
 		private WebDriver driver;
+
 		@FindBy(css = "button[type=submit]")
 		private WebElement submit;
 
@@ -554,7 +442,9 @@ public class FormLoginTests {
 		}
 
 	}
+
 	public static class HomePage {
+
 		private WebDriver driver;
 
 		@FindBy(tagName = "body")
@@ -572,43 +462,32 @@ public class FormLoginTests {
 			driver.get("http://localhost/");
 			return PageFactory.initElements(driver, page);
 		}
+
 	}
 
 	@Controller
 	public static class CustomLoginPageController {
+
 		@ResponseBody
 		@GetMapping("/login")
 		public Mono<String> login(ServerWebExchange exchange) {
 			Mono<CsrfToken> token = exchange.getAttributeOrDefault(CsrfToken.class.getName(), Mono.empty());
-			return token.map(t ->
-				"<!DOCTYPE html>\n"
-				+ "<html lang=\"en\">\n"
-				+ "  <head>\n"
-				+ "    <meta charset=\"utf-8\">\n"
-				+ "    <meta name=\"viewport\" content=\"width=device-width, initial-scale=1, shrink-to-fit=no\">\n"
-				+ "    <meta name=\"description\" content=\"\">\n"
-				+ "    <meta name=\"author\" content=\"\">\n"
-				+ "    <title>Custom Log In Page</title>\n"
-				+ "  </head>\n"
-				+ "  <body>\n"
-				+ "     <div>\n"
-				+ "      <form method=\"post\" action=\"/login\">\n"
-				+ "        <h2>Please sign in</h2>\n"
-				+ "        <p>\n"
-				+ "          <label for=\"username\">Username</label>\n"
-				+ "          <input type=\"text\" id=\"username\" name=\"username\" placeholder=\"Username\" required autofocus>\n"
-				+ "        </p>\n"
-				+ "        <p>\n"
-				+ "          <label for=\"password\" class=\"sr-only\">Password</label>\n"
-				+ "          <input type=\"password\" id=\"password\" name=\"password\" placeholder=\"Password\" required>\n"
-				+ "        </p>\n"
-				+ "        <input type=\"hidden\" name=\"" + t.getParameterName() + "\" value=\"" + t.getToken() + "\">\n"
-				+ "        <button type=\"submit\">Sign in</button>\n"
-				+ "      </form>\n"
-				+ "    </div>\n"
-				+ "  </body>\n"
-				+ "</html>");
+			return token.map(t -> "<!DOCTYPE html>\n" + "<html lang=\"en\">\n" + "  <head>\n"
+					+ "    <meta charset=\"utf-8\">\n"
+					+ "    <meta name=\"viewport\" content=\"width=device-width, initial-scale=1, shrink-to-fit=no\">\n"
+					+ "    <meta name=\"description\" content=\"\">\n" + "    <meta name=\"author\" content=\"\">\n"
+					+ "    <title>Custom Log In Page</title>\n" + "  </head>\n" + "  <body>\n" + "     <div>\n"
+					+ "      <form method=\"post\" action=\"/login\">\n" + "        <h2>Please sign in</h2>\n"
+					+ "        <p>\n" + "          <label for=\"username\">Username</label>\n"
+					+ "          <input type=\"text\" id=\"username\" name=\"username\" placeholder=\"Username\" required autofocus>\n"
+					+ "        </p>\n" + "        <p>\n"
+					+ "          <label for=\"password\" class=\"sr-only\">Password</label>\n"
+					+ "          <input type=\"password\" id=\"password\" name=\"password\" placeholder=\"Password\" required>\n"
+					+ "        </p>\n" + "        <input type=\"hidden\" name=\"" + t.getParameterName() + "\" value=\""
+					+ t.getToken() + "\">\n" + "        <button type=\"submit\">Sign in</button>\n" + "      </form>\n"
+					+ "    </div>\n" + "  </body>\n" + "</html>");
 		}
+
 	}
 
 	Mono<SecurityContext> authentication(Authentication authentication) {
@@ -616,4 +495,5 @@ public class FormLoginTests {
 		context.setAuthentication(authentication);
 		return Mono.just(context);
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/web/server/HeaderSpecTests.java b/config/src/test/java/org/springframework/security/config/web/server/HeaderSpecTests.java
index ea16551349..5d113d3af8 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/HeaderSpecTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/HeaderSpecTests.java
@@ -51,7 +51,9 @@ import static org.springframework.security.config.Customizer.withDefaults;
  * @since 5.0
  */
 public class HeaderSpecTests {
+
 	private final static String CUSTOM_HEADER = "CUSTOM-HEADER";
+
 	private final static String CUSTOM_VALUE = "CUSTOM-VALUE";
 
 	private ServerHttpSecurity http = ServerHttpSecurity.http();
@@ -62,15 +64,14 @@ public class HeaderSpecTests {
 
 	@Before
 	public void setup() {
-		this.expectedHeaders.add(StrictTransportSecurityServerHttpHeadersWriter.STRICT_TRANSPORT_SECURITY, "max-age=31536000 ; includeSubDomains");
+		this.expectedHeaders.add(StrictTransportSecurityServerHttpHeadersWriter.STRICT_TRANSPORT_SECURITY,
+				"max-age=31536000 ; includeSubDomains");
 		this.expectedHeaders.add(HttpHeaders.CACHE_CONTROL, "no-cache, no-store, max-age=0, must-revalidate");
 		this.expectedHeaders.add(HttpHeaders.PRAGMA, "no-cache");
 		this.expectedHeaders.add(HttpHeaders.EXPIRES, "0");
-		this.expectedHeaders
-			.add(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS, "nosniff");
+		this.expectedHeaders.add(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS, "nosniff");
 		this.expectedHeaders.add(XFrameOptionsServerHttpHeadersWriter.X_FRAME_OPTIONS, "DENY");
-		this.expectedHeaders
-			.add(XXssProtectionServerHttpHeadersWriter.X_XSS_PROTECTION, "1 ; mode=block");
+		this.expectedHeaders.add(XXssProtectionServerHttpHeadersWriter.X_XSS_PROTECTION, "1 ; mode=block");
 	}
 
 	@Test
@@ -93,8 +94,7 @@ public class HeaderSpecTests {
 
 	@Test
 	public void headersWhenDisableAndInvokedExplicitlyThenDefautsUsed() {
-		this.http.headers().disable()
-			.headers();
+		this.http.headers().disable().headers();
 
 		assertHeaders();
 	}
@@ -121,14 +121,10 @@ public class HeaderSpecTests {
 		assertHeaders();
 	}
 
-
 	@Test
 	public void headersWhenCacheDisableInLambdaThenCacheNotWritten() {
 		expectHeaderNamesNotPresent(HttpHeaders.CACHE_CONTROL, HttpHeaders.PRAGMA, HttpHeaders.EXPIRES);
-		this.http
-				.headers(headers ->
-					headers.cache(cache -> cache.disable())
-				);
+		this.http.headers(headers -> headers.cache(cache -> cache.disable()));
 
 		assertHeaders();
 	}
@@ -144,10 +140,7 @@ public class HeaderSpecTests {
 	@Test
 	public void headersWhenContentOptionsDisableInLambdaThenContentTypeOptionsNotWritten() {
 		expectHeaderNamesNotPresent(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS);
-		this.http
-				.headers(headers ->
-					headers.contentTypeOptions(contentTypeOptions -> contentTypeOptions.disable())
-				);
+		this.http.headers(headers -> headers.contentTypeOptions(contentTypeOptions -> contentTypeOptions.disable()));
 
 		assertHeaders();
 	}
@@ -163,10 +156,7 @@ public class HeaderSpecTests {
 	@Test
 	public void headersWhenHstsDisableInLambdaThenHstsNotWritten() {
 		expectHeaderNamesNotPresent(StrictTransportSecurityServerHttpHeadersWriter.STRICT_TRANSPORT_SECURITY);
-		this.http
-				.headers(headers ->
-					headers.hsts(hsts -> hsts.disable())
-				);
+		this.http.headers(headers -> headers.hsts(hsts -> hsts.disable()));
 
 		assertHeaders();
 	}
@@ -174,10 +164,9 @@ public class HeaderSpecTests {
 	@Test
 	public void headersWhenHstsCustomThenCustomHstsWritten() {
 		this.expectedHeaders.remove(StrictTransportSecurityServerHttpHeadersWriter.STRICT_TRANSPORT_SECURITY);
-		this.expectedHeaders.add(StrictTransportSecurityServerHttpHeadersWriter.STRICT_TRANSPORT_SECURITY, "max-age=60");
-		this.http.headers().hsts()
-					.maxAge(Duration.ofSeconds(60))
-					.includeSubdomains(false);
+		this.expectedHeaders.add(StrictTransportSecurityServerHttpHeadersWriter.STRICT_TRANSPORT_SECURITY,
+				"max-age=60");
+		this.http.headers().hsts().maxAge(Duration.ofSeconds(60)).includeSubdomains(false);
 
 		assertHeaders();
 	}
@@ -185,16 +174,10 @@ public class HeaderSpecTests {
 	@Test
 	public void headersWhenHstsCustomInLambdaThenCustomHstsWritten() {
 		this.expectedHeaders.remove(StrictTransportSecurityServerHttpHeadersWriter.STRICT_TRANSPORT_SECURITY);
-		this.expectedHeaders.add(StrictTransportSecurityServerHttpHeadersWriter.STRICT_TRANSPORT_SECURITY, "max-age=60");
+		this.expectedHeaders.add(StrictTransportSecurityServerHttpHeadersWriter.STRICT_TRANSPORT_SECURITY,
+				"max-age=60");
 		this.http
-				.headers(headers ->
-					headers
-						.hsts(hsts ->
-							hsts
-								.maxAge(Duration.ofSeconds(60))
-								.includeSubdomains(false)
-						)
-				);
+				.headers(headers -> headers.hsts(hsts -> hsts.maxAge(Duration.ofSeconds(60)).includeSubdomains(false)));
 
 		assertHeaders();
 	}
@@ -202,10 +185,9 @@ public class HeaderSpecTests {
 	@Test
 	public void headersWhenHstsCustomWithPreloadThenCustomHstsWritten() {
 		this.expectedHeaders.remove(StrictTransportSecurityServerHttpHeadersWriter.STRICT_TRANSPORT_SECURITY);
-		this.expectedHeaders.add(StrictTransportSecurityServerHttpHeadersWriter.STRICT_TRANSPORT_SECURITY, "max-age=60 ; includeSubDomains ; preload");
-		this.http.headers().hsts()
-				.maxAge(Duration.ofSeconds(60))
-				.preload(true);
+		this.expectedHeaders.add(StrictTransportSecurityServerHttpHeadersWriter.STRICT_TRANSPORT_SECURITY,
+				"max-age=60 ; includeSubDomains ; preload");
+		this.http.headers().hsts().maxAge(Duration.ofSeconds(60)).preload(true);
 
 		assertHeaders();
 	}
@@ -213,16 +195,9 @@ public class HeaderSpecTests {
 	@Test
 	public void headersWhenHstsCustomWithPreloadInLambdaThenCustomHstsWritten() {
 		this.expectedHeaders.remove(StrictTransportSecurityServerHttpHeadersWriter.STRICT_TRANSPORT_SECURITY);
-		this.expectedHeaders.add(StrictTransportSecurityServerHttpHeadersWriter.STRICT_TRANSPORT_SECURITY, "max-age=60 ; includeSubDomains ; preload");
-		this.http
-				.headers(headers ->
-					headers
-						.hsts(hsts ->
-							hsts
-								.maxAge(Duration.ofSeconds(60))
-								.preload(true)
-						)
-				);
+		this.expectedHeaders.add(StrictTransportSecurityServerHttpHeadersWriter.STRICT_TRANSPORT_SECURITY,
+				"max-age=60 ; includeSubDomains ; preload");
+		this.http.headers(headers -> headers.hsts(hsts -> hsts.maxAge(Duration.ofSeconds(60)).preload(true)));
 
 		assertHeaders();
 	}
@@ -238,10 +213,7 @@ public class HeaderSpecTests {
 	@Test
 	public void headersWhenFrameOptionsDisableInLambdaThenFrameOptionsNotWritten() {
 		expectHeaderNamesNotPresent(XFrameOptionsServerHttpHeadersWriter.X_FRAME_OPTIONS);
-		this.http
-				.headers(headers ->
-					headers.frameOptions(frameOptions -> frameOptions.disable())
-				);
+		this.http.headers(headers -> headers.frameOptions(frameOptions -> frameOptions.disable()));
 
 		assertHeaders();
 	}
@@ -249,9 +221,7 @@ public class HeaderSpecTests {
 	@Test
 	public void headersWhenFrameOptionsModeThenFrameOptionsCustomMode() {
 		this.expectedHeaders.set(XFrameOptionsServerHttpHeadersWriter.X_FRAME_OPTIONS, "SAMEORIGIN");
-		this.http.headers()
-				.frameOptions()
-					.mode(XFrameOptionsServerHttpHeadersWriter.Mode.SAMEORIGIN);
+		this.http.headers().frameOptions().mode(XFrameOptionsServerHttpHeadersWriter.Mode.SAMEORIGIN);
 
 		assertHeaders();
 	}
@@ -259,14 +229,8 @@ public class HeaderSpecTests {
 	@Test
 	public void headersWhenFrameOptionsModeInLambdaThenFrameOptionsCustomMode() {
 		this.expectedHeaders.set(XFrameOptionsServerHttpHeadersWriter.X_FRAME_OPTIONS, "SAMEORIGIN");
-		this.http
-				.headers(headers ->
-						headers
-							.frameOptions(frameOptions ->
-								frameOptions
-									.mode(XFrameOptionsServerHttpHeadersWriter.Mode.SAMEORIGIN)
-							)
-				);
+		this.http.headers(headers -> headers
+				.frameOptions(frameOptions -> frameOptions.mode(XFrameOptionsServerHttpHeadersWriter.Mode.SAMEORIGIN)));
 
 		assertHeaders();
 	}
@@ -282,10 +246,7 @@ public class HeaderSpecTests {
 	@Test
 	public void headersWhenXssProtectionDisableInLambdaThenXssProtectionNotWritten() {
 		expectHeaderNamesNotPresent("X-Xss-Protection");
-		this.http
-				.headers(headers ->
-						headers.xssProtection(xssProtection -> xssProtection.disable())
-				);
+		this.http.headers(headers -> headers.xssProtection(xssProtection -> xssProtection.disable()));
 
 		assertHeaders();
 	}
@@ -293,8 +254,7 @@ public class HeaderSpecTests {
 	@Test
 	public void headersWhenFeaturePolicyEnabledThenFeaturePolicyWritten() {
 		String policyDirectives = "Feature-Policy";
-		this.expectedHeaders.add(FeaturePolicyServerHttpHeadersWriter.FEATURE_POLICY,
-				policyDirectives);
+		this.expectedHeaders.add(FeaturePolicyServerHttpHeadersWriter.FEATURE_POLICY, policyDirectives);
 
 		this.http.headers().featurePolicy(policyDirectives);
 
@@ -318,10 +278,7 @@ public class HeaderSpecTests {
 		this.expectedHeaders.add(ContentSecurityPolicyServerHttpHeadersWriter.CONTENT_SECURITY_POLICY,
 				expectedPolicyDirectives);
 
-		this.http
-				.headers(headers ->
-					headers.contentSecurityPolicy(withDefaults())
-				);
+		this.http.headers(headers -> headers.contentSecurityPolicy(withDefaults()));
 
 		assertHeaders();
 	}
@@ -332,14 +289,8 @@ public class HeaderSpecTests {
 		this.expectedHeaders.add(ContentSecurityPolicyServerHttpHeadersWriter.CONTENT_SECURITY_POLICY,
 				policyDirectives);
 
-		this.http
-				.headers(headers ->
-					headers
-						.contentSecurityPolicy(contentSecurityPolicy ->
-							contentSecurityPolicy
-								.policyDirectives(policyDirectives)
-						)
-				);
+		this.http.headers(headers -> headers.contentSecurityPolicy(
+				contentSecurityPolicy -> contentSecurityPolicy.policyDirectives(policyDirectives)));
 
 		assertHeaders();
 	}
@@ -357,11 +308,7 @@ public class HeaderSpecTests {
 	public void headersWhenReferrerPolicyEnabledInLambdaThenReferrerPolicyWritten() {
 		this.expectedHeaders.add(ReferrerPolicyServerHttpHeadersWriter.REFERRER_POLICY,
 				ReferrerPolicy.NO_REFERRER.getPolicy());
-		this.http
-				.headers(headers ->
-					headers
-						.referrerPolicy(withDefaults())
-				);
+		this.http.headers(headers -> headers.referrerPolicy(withDefaults()));
 
 		assertHeaders();
 	}
@@ -379,14 +326,8 @@ public class HeaderSpecTests {
 	public void headersWhenReferrerPolicyCustomEnabledInLambdaThenCustomReferrerPolicyWritten() {
 		this.expectedHeaders.add(ReferrerPolicyServerHttpHeadersWriter.REFERRER_POLICY,
 				ReferrerPolicy.NO_REFERRER_WHEN_DOWNGRADE.getPolicy());
-		this.http
-				.headers(headers ->
-					headers
-						.referrerPolicy(referrerPolicy ->
-							referrerPolicy
-								.policy(ReferrerPolicy.NO_REFERRER_WHEN_DOWNGRADE)
-						)
-				);
+		this.http.headers(headers -> headers
+				.referrerPolicy(referrerPolicy -> referrerPolicy.policy(ReferrerPolicy.NO_REFERRER_WHEN_DOWNGRADE)));
 
 		assertHeaders();
 	}
@@ -395,10 +336,9 @@ public class HeaderSpecTests {
 	public void headersWhenCustomHeadersWriter() {
 		this.expectedHeaders.add(CUSTOM_HEADER, CUSTOM_VALUE);
 		this.http.headers(headers -> headers.writer(exchange -> {
-			return Mono.just(exchange)
-					.doOnNext(it -> {
-						it.getResponse().getHeaders().add(CUSTOM_HEADER, CUSTOM_VALUE);
-					}).then();
+			return Mono.just(exchange).doOnNext(it -> {
+				it.getResponse().getHeaders().add(CUSTOM_HEADER, CUSTOM_VALUE);
+			}).then();
 
 		}));
 
@@ -414,16 +354,13 @@ public class HeaderSpecTests {
 
 	private void assertHeaders() {
 		WebTestClient client = buildClient();
-		FluxExchangeResult<String> response = client.get()
-			.uri("https://example.com/")
-			.exchange()
-			.returnResult(String.class);
+		FluxExchangeResult<String> response = client.get().uri("https://example.com/").exchange()
+				.returnResult(String.class);
 
 		Map<String, List<String>> responseHeaders = response.getResponseHeaders();
 
 		if (!this.expectedHeaders.isEmpty()) {
-			assertThat(responseHeaders).describedAs(response.toString())
-					.containsAllEntriesOf(this.expectedHeaders);
+			assertThat(responseHeaders).describedAs(response.toString()).containsAllEntriesOf(this.expectedHeaders);
 		}
 		if (!this.headerNamesNotPresent.isEmpty()) {
 			assertThat(responseHeaders.keySet()).doesNotContainAnyElementsOf(this.headerNamesNotPresent);
@@ -433,4 +370,5 @@ public class HeaderSpecTests {
 	private WebTestClient buildClient() {
 		return WebTestClientBuilder.bindToWebFilters(this.http.build()).build();
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/web/server/HttpsRedirectSpecTests.java b/config/src/test/java/org/springframework/security/config/web/server/HttpsRedirectSpecTests.java
index fa0f89940d..f935125a03 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/HttpsRedirectSpecTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/HttpsRedirectSpecTests.java
@@ -41,6 +41,7 @@ import static org.springframework.security.config.Customizer.withDefaults;
  * @author Josh Cummings
  */
 public class HttpsRedirectSpecTests {
+
 	@Rule
 	public final SpringTestRule spring = new SpringTestRule();
 
@@ -55,64 +56,43 @@ public class HttpsRedirectSpecTests {
 	public void getWhenSecureThenDoesNotRedirect() {
 		this.spring.register(RedirectToHttpConfig.class).autowire();
 
-		this.client.get()
-				.uri("https://localhost")
-				.exchange()
-				.expectStatus().isNotFound();
+		this.client.get().uri("https://localhost").exchange().expectStatus().isNotFound();
 	}
 
 	@Test
 	public void getWhenInsecureThenRespondsWithRedirectToSecure() {
 		this.spring.register(RedirectToHttpConfig.class).autowire();
 
-		this.client.get()
-				.uri("http://localhost")
-				.exchange()
-				.expectStatus().isFound()
-				.expectHeader().valueEquals(HttpHeaders.LOCATION, "https://localhost");
+		this.client.get().uri("http://localhost").exchange().expectStatus().isFound().expectHeader()
+				.valueEquals(HttpHeaders.LOCATION, "https://localhost");
 	}
 
 	@Test
 	public void getWhenInsecureAndRedirectConfiguredInLambdaThenRespondsWithRedirectToSecure() {
 		this.spring.register(RedirectToHttpsInLambdaConfig.class).autowire();
 
-		this.client.get()
-				.uri("http://localhost")
-				.exchange()
-				.expectStatus().isFound()
-				.expectHeader().valueEquals(HttpHeaders.LOCATION, "https://localhost");
+		this.client.get().uri("http://localhost").exchange().expectStatus().isFound().expectHeader()
+				.valueEquals(HttpHeaders.LOCATION, "https://localhost");
 	}
 
 	@Test
 	public void getWhenInsecureAndPathRequiresTransportSecurityThenRedirects() {
 		this.spring.register(SometimesRedirectToHttpsConfig.class).autowire();
 
-		this.client.get()
-				.uri("http://localhost:8080")
-				.exchange()
-				.expectStatus().isNotFound();
+		this.client.get().uri("http://localhost:8080").exchange().expectStatus().isNotFound();
 
-		this.client.get()
-				.uri("http://localhost:8080/secure")
-				.exchange()
-				.expectStatus().isFound()
-				.expectHeader().valueEquals(HttpHeaders.LOCATION, "https://localhost:8443/secure");
+		this.client.get().uri("http://localhost:8080/secure").exchange().expectStatus().isFound().expectHeader()
+				.valueEquals(HttpHeaders.LOCATION, "https://localhost:8443/secure");
 	}
 
 	@Test
 	public void getWhenInsecureAndPathRequiresTransportSecurityInLambdaThenRedirects() {
 		this.spring.register(SometimesRedirectToHttpsInLambdaConfig.class).autowire();
 
-		this.client.get()
-				.uri("http://localhost:8080")
-				.exchange()
-				.expectStatus().isNotFound();
+		this.client.get().uri("http://localhost:8080").exchange().expectStatus().isNotFound();
 
-		this.client.get()
-				.uri("http://localhost:8080/secure")
-				.exchange()
-				.expectStatus().isFound()
-				.expectHeader().valueEquals(HttpHeaders.LOCATION, "https://localhost:8443/secure");
+		this.client.get().uri("http://localhost:8080/secure").exchange().expectStatus().isFound().expectHeader()
+				.valueEquals(HttpHeaders.LOCATION, "https://localhost:8443/secure");
 	}
 
 	@Test
@@ -122,11 +102,8 @@ public class HttpsRedirectSpecTests {
 		PortMapper portMapper = this.spring.getContext().getBean(PortMapper.class);
 		when(portMapper.lookupHttpsPort(4080)).thenReturn(4443);
 
-		this.client.get()
-				.uri("http://localhost:4080")
-				.exchange()
-				.expectStatus().isFound()
-				.expectHeader().valueEquals(HttpHeaders.LOCATION, "https://localhost:4443");
+		this.client.get().uri("http://localhost:4080").exchange().expectStatus().isFound().expectHeader()
+				.valueEquals(HttpHeaders.LOCATION, "https://localhost:4443");
 	}
 
 	@Test
@@ -136,16 +113,14 @@ public class HttpsRedirectSpecTests {
 		PortMapper portMapper = this.spring.getContext().getBean(PortMapper.class);
 		when(portMapper.lookupHttpsPort(4080)).thenReturn(4443);
 
-		this.client.get()
-				.uri("http://localhost:4080")
-				.exchange()
-				.expectStatus().isFound()
-				.expectHeader().valueEquals(HttpHeaders.LOCATION, "https://localhost:4443");
+		this.client.get().uri("http://localhost:4080").exchange().expectStatus().isFound().expectHeader()
+				.valueEquals(HttpHeaders.LOCATION, "https://localhost:4443");
 	}
 
 	@EnableWebFlux
 	@EnableWebFluxSecurity
 	static class RedirectToHttpConfig {
+
 		@Bean
 		SecurityWebFilterChain springSecurity(ServerHttpSecurity http) {
 			// @formatter:off
@@ -155,12 +130,13 @@ public class HttpsRedirectSpecTests {
 
 			return http.build();
 		}
-	}
 
+	}
 
 	@EnableWebFlux
 	@EnableWebFluxSecurity
 	static class RedirectToHttpsInLambdaConfig {
+
 		@Bean
 		SecurityWebFilterChain springSecurity(ServerHttpSecurity http) {
 			// @formatter:off
@@ -170,11 +146,13 @@ public class HttpsRedirectSpecTests {
 
 			return http.build();
 		}
+
 	}
 
 	@EnableWebFlux
 	@EnableWebFluxSecurity
 	static class SometimesRedirectToHttpsConfig {
+
 		@Bean
 		SecurityWebFilterChain springSecurity(ServerHttpSecurity http) {
 			// @formatter:off
@@ -185,12 +163,13 @@ public class HttpsRedirectSpecTests {
 
 			return http.build();
 		}
-	}
 
+	}
 
 	@EnableWebFlux
 	@EnableWebFluxSecurity
 	static class SometimesRedirectToHttpsInLambdaConfig {
+
 		@Bean
 		SecurityWebFilterChain springSecurity(ServerHttpSecurity http) {
 			// @formatter:off
@@ -203,11 +182,13 @@ public class HttpsRedirectSpecTests {
 
 			return http.build();
 		}
+
 	}
 
 	@EnableWebFlux
 	@EnableWebFluxSecurity
 	static class RedirectToHttpsViaCustomPortsConfig {
+
 		@Bean
 		SecurityWebFilterChain springSecurity(ServerHttpSecurity http) {
 			// @formatter:off
@@ -223,11 +204,13 @@ public class HttpsRedirectSpecTests {
 		public PortMapper portMapper() {
 			return mock(PortMapper.class);
 		}
+
 	}
 
 	@EnableWebFlux
 	@EnableWebFluxSecurity
 	static class RedirectToHttpsViaCustomPortsInLambdaConfig {
+
 		@Bean
 		SecurityWebFilterChain springSecurity(ServerHttpSecurity http) {
 			// @formatter:off
@@ -245,5 +228,7 @@ public class HttpsRedirectSpecTests {
 		public PortMapper portMapper() {
 			return mock(PortMapper.class);
 		}
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/web/server/LogoutSpecTests.java b/config/src/test/java/org/springframework/security/config/web/server/LogoutSpecTests.java
index 723251e4cf..b403afdefc 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/LogoutSpecTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/LogoutSpecTests.java
@@ -38,209 +38,127 @@ public class LogoutSpecTests {
 
 	@Test
 	public void defaultLogout() {
-		SecurityWebFilterChain securityWebFilter = this.http
-			.authorizeExchange()
-				.anyExchange().authenticated()
-				.and()
-			.formLogin().and()
-			.build();
+		SecurityWebFilterChain securityWebFilter = this.http.authorizeExchange().anyExchange().authenticated().and()
+				.formLogin().and().build();
 
-		WebTestClient webTestClient = WebTestClientBuilder
-			.bindToWebFilters(securityWebFilter)
-			.build();
+		WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build();
 
-		WebDriver driver = WebTestClientHtmlUnitDriverBuilder
-			.webTestClientSetup(webTestClient)
-			.build();
+		WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build();
 
-		FormLoginTests.DefaultLoginPage loginPage = FormLoginTests.HomePage.to(driver, FormLoginTests.DefaultLoginPage.class)
-			.assertAt();
+		FormLoginTests.DefaultLoginPage loginPage = FormLoginTests.HomePage
+				.to(driver, FormLoginTests.DefaultLoginPage.class).assertAt();
 
-		loginPage = loginPage.loginForm()
-			.username("user")
-			.password("invalid")
-			.submit(FormLoginTests.DefaultLoginPage.class)
-			.assertError();
+		loginPage = loginPage.loginForm().username("user").password("invalid")
+				.submit(FormLoginTests.DefaultLoginPage.class).assertError();
 
-		FormLoginTests.HomePage homePage = loginPage.loginForm()
-			.username("user")
-			.password("password")
-			.submit(FormLoginTests.HomePage.class);
+		FormLoginTests.HomePage homePage = loginPage.loginForm().username("user").password("password")
+				.submit(FormLoginTests.HomePage.class);
 
 		homePage.assertAt();
 
-		loginPage = FormLoginTests.DefaultLogoutPage.to(driver)
-			.assertAt()
-			.logout();
+		loginPage = FormLoginTests.DefaultLogoutPage.to(driver).assertAt().logout();
 
-		loginPage
-			.assertAt()
-			.assertLogout();
+		loginPage.assertAt().assertLogout();
 	}
 
 	@Test
 	public void customLogout() {
-		SecurityWebFilterChain securityWebFilter = this.http
-			.authorizeExchange()
-				.anyExchange().authenticated()
-				.and()
-			.formLogin().and()
-			.logout()
-				.requiresLogout(ServerWebExchangeMatchers.pathMatchers("/custom-logout"))
-				.and()
-			.build();
+		SecurityWebFilterChain securityWebFilter = this.http.authorizeExchange().anyExchange().authenticated().and()
+				.formLogin().and().logout().requiresLogout(ServerWebExchangeMatchers.pathMatchers("/custom-logout"))
+				.and().build();
 
-		WebTestClient webTestClient = WebTestClientBuilder
-			.bindToWebFilters(securityWebFilter)
-			.build();
+		WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build();
 
-		WebDriver driver = WebTestClientHtmlUnitDriverBuilder
-			.webTestClientSetup(webTestClient)
-			.build();
+		WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build();
 
-		FormLoginTests.DefaultLoginPage loginPage = FormLoginTests.HomePage.to(driver, FormLoginTests.DefaultLoginPage.class)
-			.assertAt();
+		FormLoginTests.DefaultLoginPage loginPage = FormLoginTests.HomePage
+				.to(driver, FormLoginTests.DefaultLoginPage.class).assertAt();
 
-		loginPage = loginPage.loginForm()
-			.username("user")
-			.password("invalid")
-			.submit(FormLoginTests.DefaultLoginPage.class)
-			.assertError();
+		loginPage = loginPage.loginForm().username("user").password("invalid")
+				.submit(FormLoginTests.DefaultLoginPage.class).assertError();
 
-		FormLoginTests.HomePage homePage = loginPage.loginForm()
-			.username("user")
-			.password("password")
-			.submit(FormLoginTests.HomePage.class);
+		FormLoginTests.HomePage homePage = loginPage.loginForm().username("user").password("password")
+				.submit(FormLoginTests.HomePage.class);
 
 		homePage.assertAt();
 
 		driver.get("http://localhost/custom-logout");
 
-		FormLoginTests.DefaultLoginPage.create(driver)
-			.assertAt()
-			.assertLogout();
+		FormLoginTests.DefaultLoginPage.create(driver).assertAt().assertLogout();
 	}
 
 	@Test
 	public void logoutWhenCustomLogoutInLambdaThenCustomLogoutUsed() {
 		SecurityWebFilterChain securityWebFilter = this.http
-			.authorizeExchange(authorizeExchange ->
-				authorizeExchange
-					.anyExchange().authenticated()
-			)
-			.formLogin(withDefaults())
-			.logout(logout ->
-				logout
-					.requiresLogout(ServerWebExchangeMatchers.pathMatchers("/custom-logout"))
-			)
-			.build();
+				.authorizeExchange(authorizeExchange -> authorizeExchange.anyExchange().authenticated())
+				.formLogin(withDefaults())
+				.logout(logout -> logout.requiresLogout(ServerWebExchangeMatchers.pathMatchers("/custom-logout")))
+				.build();
 
-		WebTestClient webTestClient = WebTestClientBuilder
-			.bindToWebFilters(securityWebFilter)
-			.build();
+		WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build();
 
-		WebDriver driver = WebTestClientHtmlUnitDriverBuilder
-			.webTestClientSetup(webTestClient)
-			.build();
+		WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build();
 
-		FormLoginTests.DefaultLoginPage loginPage = FormLoginTests.HomePage.to(driver, FormLoginTests.DefaultLoginPage.class)
-			.assertAt();
+		FormLoginTests.DefaultLoginPage loginPage = FormLoginTests.HomePage
+				.to(driver, FormLoginTests.DefaultLoginPage.class).assertAt();
 
-		loginPage = loginPage.loginForm()
-			.username("user")
-			.password("invalid")
-			.submit(FormLoginTests.DefaultLoginPage.class)
-			.assertError();
+		loginPage = loginPage.loginForm().username("user").password("invalid")
+				.submit(FormLoginTests.DefaultLoginPage.class).assertError();
 
-		FormLoginTests.HomePage homePage = loginPage.loginForm()
-			.username("user")
-			.password("password")
-			.submit(FormLoginTests.HomePage.class);
+		FormLoginTests.HomePage homePage = loginPage.loginForm().username("user").password("password")
+				.submit(FormLoginTests.HomePage.class);
 
 		homePage.assertAt();
 
 		driver.get("http://localhost/custom-logout");
 
-		FormLoginTests.DefaultLoginPage.create(driver)
-			.assertAt()
-			.assertLogout();
+		FormLoginTests.DefaultLoginPage.create(driver).assertAt().assertLogout();
 	}
 
 	@Test
 	public void logoutWhenDisabledThenPostToLogoutDoesNothing() {
-		SecurityWebFilterChain securityWebFilter = this.http
-				.authorizeExchange()
-				.anyExchange().authenticated()
-				.and()
-				.formLogin().and()
-				.logout().disable()
-				.build();
+		SecurityWebFilterChain securityWebFilter = this.http.authorizeExchange().anyExchange().authenticated().and()
+				.formLogin().and().logout().disable().build();
 
-		WebTestClient webTestClient = WebTestClientBuilder
-				.bindToWebFilters(securityWebFilter)
-				.build();
+		WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build();
 
-		WebDriver driver = WebTestClientHtmlUnitDriverBuilder
-				.webTestClientSetup(webTestClient)
-				.build();
+		WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build();
 
-		FormLoginTests.DefaultLoginPage loginPage = FormLoginTests.HomePage.to(driver, FormLoginTests.DefaultLoginPage.class)
-				.assertAt();
+		FormLoginTests.DefaultLoginPage loginPage = FormLoginTests.HomePage
+				.to(driver, FormLoginTests.DefaultLoginPage.class).assertAt();
 
-		FormLoginTests.HomePage homePage = loginPage.loginForm()
-				.username("user")
-				.password("password")
+		FormLoginTests.HomePage homePage = loginPage.loginForm().username("user").password("password")
 				.submit(FormLoginTests.HomePage.class);
 
 		homePage.assertAt();
 
-		FormLoginTests.DefaultLogoutPage.to(driver)
-				.assertAt()
-				.logout();
+		FormLoginTests.DefaultLogoutPage.to(driver).assertAt().logout();
 
-		homePage
-				.assertAt();
+		homePage.assertAt();
 	}
 
-
 	@Test
 	public void logoutWhenCustomSecurityContextRepositoryThenLogsOut() {
 		WebSessionServerSecurityContextRepository repository = new WebSessionServerSecurityContextRepository();
 		repository.setSpringSecurityContextAttrName("CUSTOM_CONTEXT_ATTR");
-		SecurityWebFilterChain securityWebFilter = this.http
-				.securityContextRepository(repository)
-				.authorizeExchange()
-					.anyExchange().authenticated()
-					.and()
-				.formLogin()
-					.and()
-				.logout()
-					.and()
-				.build();
+		SecurityWebFilterChain securityWebFilter = this.http.securityContextRepository(repository).authorizeExchange()
+				.anyExchange().authenticated().and().formLogin().and().logout().and().build();
 
-		WebTestClient webTestClient = WebTestClientBuilder
-				.bindToWebFilters(securityWebFilter)
-				.build();
+		WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build();
 
-		WebDriver driver = WebTestClientHtmlUnitDriverBuilder
-				.webTestClientSetup(webTestClient)
-				.build();
+		WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build();
 
-		FormLoginTests.DefaultLoginPage loginPage = FormLoginTests.HomePage.to(driver, FormLoginTests.DefaultLoginPage.class)
-				.assertAt();
+		FormLoginTests.DefaultLoginPage loginPage = FormLoginTests.HomePage
+				.to(driver, FormLoginTests.DefaultLoginPage.class).assertAt();
 
-		FormLoginTests.HomePage homePage = loginPage.loginForm()
-				.username("user")
-				.password("password")
+		FormLoginTests.HomePage homePage = loginPage.loginForm().username("user").password("password")
 				.submit(FormLoginTests.HomePage.class);
 
 		homePage.assertAt();
 
-		FormLoginTests.DefaultLogoutPage.to(driver)
-				.assertAt()
-				.logout();
+		FormLoginTests.DefaultLogoutPage.to(driver).assertAt().logout();
 
-		FormLoginTests.HomePage.to(driver, FormLoginTests.DefaultLoginPage.class)
-				.assertAt();
+		FormLoginTests.HomePage.to(driver, FormLoginTests.DefaultLoginPage.class).assertAt();
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/web/server/OAuth2ClientSpecTests.java b/config/src/test/java/org/springframework/security/config/web/server/OAuth2ClientSpecTests.java
index 11cc82e2d6..30a69bd0c3 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/OAuth2ClientSpecTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/OAuth2ClientSpecTests.java
@@ -71,6 +71,7 @@ import static org.mockito.Mockito.when;
 @RunWith(SpringRunner.class)
 @SecurityTestExecutionListeners
 public class OAuth2ClientSpecTests {
+
 	@Rule
 	public final SpringTestRule spring = new SpringTestRule();
 
@@ -89,13 +90,13 @@ public class OAuth2ClientSpecTests {
 		this.spring.register(Config.class, AuthorizedClientController.class).autowire();
 		ReactiveClientRegistrationRepository repository = this.spring.getContext()
 				.getBean(ReactiveClientRegistrationRepository.class);
-		ServerOAuth2AuthorizedClientRepository authorizedClientRepository = this.spring.getContext().getBean(ServerOAuth2AuthorizedClientRepository.class);
-		when(repository.findByRegistrationId(any())).thenReturn(Mono.just(TestClientRegistrations.clientRegistration().build()));
+		ServerOAuth2AuthorizedClientRepository authorizedClientRepository = this.spring.getContext()
+				.getBean(ServerOAuth2AuthorizedClientRepository.class);
+		when(repository.findByRegistrationId(any()))
+				.thenReturn(Mono.just(TestClientRegistrations.clientRegistration().build()));
 		when(authorizedClientRepository.loadAuthorizedClient(any(), any(), any())).thenReturn(Mono.empty());
 
-		this.client.get().uri("/")
-			.exchange()
-			.expectStatus().is3xxRedirection();
+		this.client.get().uri("/").exchange().expectStatus().is3xxRedirection();
 	}
 
 	@Test
@@ -103,18 +104,19 @@ public class OAuth2ClientSpecTests {
 		this.spring.register(Config.class, AuthorizedClientController.class).autowire();
 		ReactiveClientRegistrationRepository repository = this.spring.getContext()
 				.getBean(ReactiveClientRegistrationRepository.class);
-		ServerOAuth2AuthorizedClientRepository authorizedClientRepository = this.spring.getContext().getBean(ServerOAuth2AuthorizedClientRepository.class);
-		when(repository.findByRegistrationId(any())).thenReturn(Mono.just(TestClientRegistrations.clientRegistration().build()));
+		ServerOAuth2AuthorizedClientRepository authorizedClientRepository = this.spring.getContext()
+				.getBean(ServerOAuth2AuthorizedClientRepository.class);
+		when(repository.findByRegistrationId(any()))
+				.thenReturn(Mono.just(TestClientRegistrations.clientRegistration().build()));
 		when(authorizedClientRepository.loadAuthorizedClient(any(), any(), any())).thenReturn(Mono.empty());
 
-		this.client.get().uri("/")
-				.exchange()
-				.expectStatus().is3xxRedirection();
+		this.client.get().uri("/").exchange().expectStatus().is3xxRedirection();
 	}
 
 	@EnableWebFlux
 	@EnableWebFluxSecurity
 	static class Config {
+
 		@Bean
 		SecurityWebFilterChain springSecurity(ServerHttpSecurity http) {
 			// @formatter:off
@@ -133,19 +135,23 @@ public class OAuth2ClientSpecTests {
 		ServerOAuth2AuthorizedClientRepository authorizedClientRepository() {
 			return mock(ServerOAuth2AuthorizedClientRepository.class);
 		}
+
 	}
 
 	@RestController
 	static class AuthorizedClientController {
+
 		@GetMapping("/")
 		String home(@RegisteredOAuth2AuthorizedClient("github") OAuth2AuthorizedClient authorizedClient) {
 			return "home";
 		}
+
 	}
 
 	@Test
 	public void oauth2ClientWhenCustomObjectsThenUsed() {
-		this.spring.register(ClientRegistrationConfig.class, OAuth2ClientCustomConfig.class, AuthorizedClientController.class).autowire();
+		this.spring.register(ClientRegistrationConfig.class, OAuth2ClientCustomConfig.class,
+				AuthorizedClientController.class).autowire();
 
 		OAuth2ClientCustomConfig config = this.spring.getContext().getBean(OAuth2ClientCustomConfig.class);
 
@@ -155,31 +161,27 @@ public class OAuth2ClientSpecTests {
 		ServerRequestCache requestCache = config.requestCache;
 
 		OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request()
-				.redirectUri("/authorize/oauth2/code/registration-id")
-				.build();
+				.redirectUri("/authorize/oauth2/code/registration-id").build();
 		OAuth2AuthorizationResponse authorizationResponse = TestOAuth2AuthorizationResponses.success()
-				.redirectUri("/authorize/oauth2/code/registration-id")
-				.build();
-		OAuth2AuthorizationExchange authorizationExchange =
-				new OAuth2AuthorizationExchange(authorizationRequest, authorizationResponse);
+				.redirectUri("/authorize/oauth2/code/registration-id").build();
+		OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(authorizationRequest,
+				authorizationResponse);
 		OAuth2AccessToken accessToken = TestOAuth2AccessTokens.noScopes();
 
 		OAuth2AuthorizationCodeAuthenticationToken result = new OAuth2AuthorizationCodeAuthenticationToken(
 				this.registration, authorizationExchange, accessToken);
 
-		when(authorizationRequestRepository.loadAuthorizationRequest(any())).thenReturn(Mono.just(authorizationRequest));
+		when(authorizationRequestRepository.loadAuthorizationRequest(any()))
+				.thenReturn(Mono.just(authorizationRequest));
 		when(converter.convert(any())).thenReturn(Mono.just(new TestingAuthenticationToken("a", "b", "c")));
 		when(manager.authenticate(any())).thenReturn(Mono.just(result));
 		when(requestCache.getRedirectUri(any())).thenReturn(Mono.just(URI.create("/saved-request")));
 
 		this.client.get()
-				.uri(uriBuilder ->
-					uriBuilder.path("/authorize/oauth2/code/registration-id")
-						.queryParam(OAuth2ParameterNames.CODE, "code")
-						.queryParam(OAuth2ParameterNames.STATE, "state")
+				.uri(uriBuilder -> uriBuilder.path("/authorize/oauth2/code/registration-id")
+						.queryParam(OAuth2ParameterNames.CODE, "code").queryParam(OAuth2ParameterNames.STATE, "state")
 						.build())
-				.exchange()
-				.expectStatus().is3xxRedirection();
+				.exchange().expectStatus().is3xxRedirection();
 
 		verify(converter).convert(any());
 		verify(manager).authenticate(any());
@@ -189,22 +191,25 @@ public class OAuth2ClientSpecTests {
 	@EnableWebFlux
 	@EnableWebFluxSecurity
 	static class ClientRegistrationConfig {
-		private ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration()
-				.build();
+
+		private ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build();
 
 		@Bean
 		InMemoryReactiveClientRegistrationRepository clientRegistrationRepository() {
 			return new InMemoryReactiveClientRegistrationRepository(this.clientRegistration);
 		}
+
 	}
 
 	@Configuration
 	static class OAuth2ClientCustomConfig {
+
 		ReactiveAuthenticationManager manager = mock(ReactiveAuthenticationManager.class);
 
 		ServerAuthenticationConverter authenticationConverter = mock(ServerAuthenticationConverter.class);
 
-		ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository = mock(ServerAuthorizationRequestRepository.class);
+		ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository = mock(
+				ServerAuthorizationRequestRepository.class);
 
 		ServerRequestCache requestCache = mock(ServerRequestCache.class);
 
@@ -221,13 +226,16 @@ public class OAuth2ClientSpecTests {
 			// @formatter:on
 			return http.build();
 		}
+
 	}
 
 	@Test
 	public void oauth2ClientWhenCustomObjectsInLambdaThenUsed() {
-		this.spring.register(ClientRegistrationConfig.class, OAuth2ClientInLambdaCustomConfig.class, AuthorizedClientController.class).autowire();
+		this.spring.register(ClientRegistrationConfig.class, OAuth2ClientInLambdaCustomConfig.class,
+				AuthorizedClientController.class).autowire();
 
-		OAuth2ClientInLambdaCustomConfig config = this.spring.getContext().getBean(OAuth2ClientInLambdaCustomConfig.class);
+		OAuth2ClientInLambdaCustomConfig config = this.spring.getContext()
+				.getBean(OAuth2ClientInLambdaCustomConfig.class);
 
 		ServerAuthenticationConverter converter = config.authenticationConverter;
 		ReactiveAuthenticationManager manager = config.manager;
@@ -235,31 +243,27 @@ public class OAuth2ClientSpecTests {
 		ServerRequestCache requestCache = config.requestCache;
 
 		OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request()
-				.redirectUri("/authorize/oauth2/code/registration-id")
-				.build();
+				.redirectUri("/authorize/oauth2/code/registration-id").build();
 		OAuth2AuthorizationResponse authorizationResponse = TestOAuth2AuthorizationResponses.success()
-				.redirectUri("/authorize/oauth2/code/registration-id")
-				.build();
-		OAuth2AuthorizationExchange authorizationExchange =
-				new OAuth2AuthorizationExchange(authorizationRequest, authorizationResponse);
+				.redirectUri("/authorize/oauth2/code/registration-id").build();
+		OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(authorizationRequest,
+				authorizationResponse);
 		OAuth2AccessToken accessToken = TestOAuth2AccessTokens.noScopes();
 
 		OAuth2AuthorizationCodeAuthenticationToken result = new OAuth2AuthorizationCodeAuthenticationToken(
 				this.registration, authorizationExchange, accessToken);
 
-		when(authorizationRequestRepository.loadAuthorizationRequest(any())).thenReturn(Mono.just(authorizationRequest));
+		when(authorizationRequestRepository.loadAuthorizationRequest(any()))
+				.thenReturn(Mono.just(authorizationRequest));
 		when(converter.convert(any())).thenReturn(Mono.just(new TestingAuthenticationToken("a", "b", "c")));
 		when(manager.authenticate(any())).thenReturn(Mono.just(result));
 		when(requestCache.getRedirectUri(any())).thenReturn(Mono.just(URI.create("/saved-request")));
 
 		this.client.get()
-				.uri(uriBuilder ->
-					uriBuilder.path("/authorize/oauth2/code/registration-id")
-						.queryParam(OAuth2ParameterNames.CODE, "code")
-						.queryParam(OAuth2ParameterNames.STATE, "state")
+				.uri(uriBuilder -> uriBuilder.path("/authorize/oauth2/code/registration-id")
+						.queryParam(OAuth2ParameterNames.CODE, "code").queryParam(OAuth2ParameterNames.STATE, "state")
 						.build())
-				.exchange()
-				.expectStatus().is3xxRedirection();
+				.exchange().expectStatus().is3xxRedirection();
 
 		verify(converter).convert(any());
 		verify(manager).authenticate(any());
@@ -268,11 +272,13 @@ public class OAuth2ClientSpecTests {
 
 	@Configuration
 	static class OAuth2ClientInLambdaCustomConfig {
+
 		ReactiveAuthenticationManager manager = mock(ReactiveAuthenticationManager.class);
 
 		ServerAuthenticationConverter authenticationConverter = mock(ServerAuthenticationConverter.class);
 
-		ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository = mock(ServerAuthorizationRequestRepository.class);
+		ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository = mock(
+				ServerAuthorizationRequestRepository.class);
 
 		ServerRequestCache requestCache = mock(ServerRequestCache.class);
 
@@ -289,5 +295,7 @@ public class OAuth2ClientSpecTests {
 			// @formatter:on
 			return http.build();
 		}
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/web/server/OAuth2LoginTests.java b/config/src/test/java/org/springframework/security/config/web/server/OAuth2LoginTests.java
index d8ab7c8481..902290964e 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/OAuth2LoginTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/OAuth2LoginTests.java
@@ -124,23 +124,16 @@ public class OAuth2LoginTests {
 	@Autowired
 	private WebFilterChainProxy springSecurity;
 
-	private static ClientRegistration github = CommonOAuth2Provider.GITHUB
-			.getBuilder("github")
-			.clientId("client")
-			.clientSecret("secret")
-			.build();
+	private static ClientRegistration github = CommonOAuth2Provider.GITHUB.getBuilder("github").clientId("client")
+			.clientSecret("secret").build();
 
-	private static ClientRegistration google = CommonOAuth2Provider.GOOGLE
-			.getBuilder("google")
-			.clientId("client")
-			.clientSecret("secret")
-			.build();
+	private static ClientRegistration google = CommonOAuth2Provider.GOOGLE.getBuilder("google").clientId("client")
+			.clientSecret("secret").build();
 
 	@Autowired
 	public void setApplicationContext(ApplicationContext context) {
 		if (context.getBeanNamesForType(WebHandler.class).length > 0) {
-			this.client = WebTestClient.bindToApplicationContext(context)
-					.build();
+			this.client = WebTestClient.bindToApplicationContext(context).build();
 		}
 	}
 
@@ -148,42 +141,33 @@ public class OAuth2LoginTests {
 	public void defaultLoginPageWithMultipleClientRegistrationsThenLinks() {
 		this.spring.register(OAuth2LoginWithMultipleClientRegistrations.class).autowire();
 
-		WebTestClient webTestClient = WebTestClientBuilder
-				.bindToWebFilters(this.springSecurity)
-				.build();
+		WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(this.springSecurity).build();
 
-		WebDriver driver = WebTestClientHtmlUnitDriverBuilder
-				.webTestClientSetup(webTestClient)
-				.build();
+		WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build();
 
 		FormLoginTests.DefaultLoginPage loginPage = FormLoginTests.HomePage
-				.to(driver, FormLoginTests.DefaultLoginPage.class)
-				.assertAt()
-				.assertLoginFormNotPresent()
-				.oauth2Login()
-					.assertClientRegistrationByName(this.github.getClientName())
-					.and();
+				.to(driver, FormLoginTests.DefaultLoginPage.class).assertAt().assertLoginFormNotPresent().oauth2Login()
+				.assertClientRegistrationByName(this.github.getClientName()).and();
 	}
 
 	@EnableWebFluxSecurity
 	static class OAuth2LoginWithMultipleClientRegistrations {
+
 		@Bean
 		InMemoryReactiveClientRegistrationRepository clientRegistrationRepository() {
 			return new InMemoryReactiveClientRegistrationRepository(github, google);
 		}
+
 	}
 
 	@Test
 	public void defaultLoginPageWithSingleClientRegistrationThenRedirect() {
 		this.spring.register(OAuth2LoginWithSingleClientRegistrations.class).autowire();
 
-		WebTestClient webTestClient = WebTestClientBuilder
-				.bindToWebFilters(new GitHubWebFilter(), this.springSecurity)
+		WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(new GitHubWebFilter(), this.springSecurity)
 				.build();
 
-		WebDriver driver = WebTestClientHtmlUnitDriverBuilder
-				.webTestClientSetup(webTestClient)
-				.build();
+		WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build();
 
 		driver.get("http://localhost/");
 
@@ -195,32 +179,32 @@ public class OAuth2LoginTests {
 	public void defaultLoginPageWithSingleClientRegistrationAndXhrRequestThenDoesNotRedirectForAuthorization() {
 		this.spring.register(OAuth2LoginWithSingleClientRegistrations.class, WebFluxConfig.class).autowire();
 
-		this.client.get()
-				.uri("/")
-				.header("X-Requested-With", "XMLHttpRequest")
-				.exchange()
-				.expectStatus().is3xxRedirection()
-				.expectHeader().valueEquals(HttpHeaders.LOCATION, "/login");
+		this.client.get().uri("/").header("X-Requested-With", "XMLHttpRequest").exchange().expectStatus()
+				.is3xxRedirection().expectHeader().valueEquals(HttpHeaders.LOCATION, "/login");
 	}
 
 	@EnableWebFlux
-	static class WebFluxConfig { }
+	static class WebFluxConfig {
+
+	}
 
 	@EnableWebFluxSecurity
 	static class OAuth2LoginWithSingleClientRegistrations {
+
 		@Bean
 		InMemoryReactiveClientRegistrationRepository clientRegistrationRepository() {
 			return new InMemoryReactiveClientRegistrationRepository(github);
 		}
+
 	}
 
 	@Test
 	public void oauth2AuthorizeWhenCustomObjectsThenUsed() {
-		this.spring.register(OAuth2LoginWithSingleClientRegistrations.class,
-				OAuth2AuthorizeWithMockObjectsConfig.class,
+		this.spring.register(OAuth2LoginWithSingleClientRegistrations.class, OAuth2AuthorizeWithMockObjectsConfig.class,
 				AuthorizedClientController.class).autowire();
 
-		OAuth2AuthorizeWithMockObjectsConfig config = this.spring.getContext().getBean(OAuth2AuthorizeWithMockObjectsConfig.class);
+		OAuth2AuthorizeWithMockObjectsConfig config = this.spring.getContext()
+				.getBean(OAuth2AuthorizeWithMockObjectsConfig.class);
 
 		ServerOAuth2AuthorizedClientRepository authorizedClientRepository = config.authorizedClientRepository;
 		ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository = config.authorizationRequestRepository;
@@ -231,10 +215,7 @@ public class OAuth2LoginTests {
 		when(requestCache.removeMatchingRequest(any())).thenReturn(Mono.empty());
 		when(requestCache.saveRequest(any())).thenReturn(Mono.empty());
 
-		this.client.get()
-				.uri("/")
-				.exchange()
-				.expectStatus().is3xxRedirection();
+		this.client.get().uri("/").exchange().expectStatus().is3xxRedirection();
 
 		verify(authorizedClientRepository).loadAuthorizedClient(any(), any(), any());
 		verify(authorizationRequestRepository).saveAuthorizationRequest(any(), any());
@@ -243,11 +224,12 @@ public class OAuth2LoginTests {
 
 	@EnableWebFlux
 	static class OAuth2AuthorizeWithMockObjectsConfig {
-		ServerOAuth2AuthorizedClientRepository authorizedClientRepository =
-				mock(ServerOAuth2AuthorizedClientRepository.class);
 
-		ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository =
-				mock(ServerAuthorizationRequestRepository.class);
+		ServerOAuth2AuthorizedClientRepository authorizedClientRepository = mock(
+				ServerOAuth2AuthorizedClientRepository.class);
+
+		ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository = mock(
+				ServerAuthorizationRequestRepository.class);
 
 		ServerRequestCache requestCache = mock(ServerRequestCache.class);
 
@@ -268,14 +250,17 @@ public class OAuth2LoginTests {
 		ServerOAuth2AuthorizedClientRepository authorizedClientRepository() {
 			return this.authorizedClientRepository;
 		}
+
 	}
 
 	@RestController
 	static class AuthorizedClientController {
+
 		@GetMapping("/")
 		String home(@RegisteredOAuth2AuthorizedClient("github") OAuth2AuthorizedClient authorizedClient) {
 			return "home";
 		}
+
 	}
 
 	@Test
@@ -285,9 +270,7 @@ public class OAuth2LoginTests {
 
 		String redirectLocation = "/custom-redirect-location";
 
-		WebTestClient webTestClient = WebTestClientBuilder
-				.bindToWebFilters(this.springSecurity)
-				.build();
+		WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(this.springSecurity).build();
 
 		OAuth2LoginMockAuthenticationManagerConfig config = this.spring.getContext()
 				.getBean(OAuth2LoginMockAuthenticationManagerConfig.class);
@@ -301,7 +284,8 @@ public class OAuth2LoginTests {
 		OAuth2User user = TestOAuth2Users.create();
 		OAuth2AccessToken accessToken = TestOAuth2AccessTokens.noScopes();
 
-		OAuth2LoginAuthenticationToken result = new OAuth2LoginAuthenticationToken(github, exchange, user, user.getAuthorities(), accessToken);
+		OAuth2LoginAuthenticationToken result = new OAuth2LoginAuthenticationToken(github, exchange, user,
+				user.getAuthorities(), accessToken);
 
 		when(converter.convert(any())).thenReturn(Mono.just(new TestingAuthenticationToken("a", "b", "c")));
 		when(manager.authenticate(any())).thenReturn(Mono.just(result));
@@ -315,11 +299,8 @@ public class OAuth2LoginTests {
 					.onAuthenticationSuccess(webFilterExchange, authentication);
 		});
 
-		webTestClient.get()
-			.uri("/login/oauth2/code/github")
-			.exchange()
-			.expectStatus().is3xxRedirection()
-			.expectHeader().valueEquals("Location", redirectLocation);
+		webTestClient.get().uri("/login/oauth2/code/github").exchange().expectStatus().is3xxRedirection().expectHeader()
+				.valueEquals("Location", redirectLocation);
 
 		verify(converter).convert(any());
 		verify(manager).authenticate(any());
@@ -336,9 +317,7 @@ public class OAuth2LoginTests {
 		String redirectLocation = "/custom-redirect-location";
 		String failureRedirectLocation = "/failure-redirect-location";
 
-		WebTestClient webTestClient = WebTestClientBuilder
-				.bindToWebFilters(this.springSecurity)
-				.build();
+		WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(this.springSecurity).build();
 
 		OAuth2LoginMockAuthenticationManagerConfig config = this.spring.getContext()
 				.getBean(OAuth2LoginMockAuthenticationManagerConfig.class);
@@ -350,7 +329,8 @@ public class OAuth2LoginTests {
 		ServerAuthenticationFailureHandler failureHandler = config.failureHandler;
 
 		when(converter.convert(any())).thenReturn(Mono.just(new TestingAuthenticationToken("a", "b", "c")));
-		when(manager.authenticate(any())).thenReturn(Mono.error(new OAuth2AuthenticationException(new OAuth2Error("error"), "message")));
+		when(manager.authenticate(any()))
+				.thenReturn(Mono.error(new OAuth2AuthenticationException(new OAuth2Error("error"), "message")));
 		when(matcher.matches(any())).thenReturn(ServerWebExchangeMatcher.MatchResult.match());
 		when(resolver.resolve(any())).thenReturn(Mono.empty());
 		when(successHandler.onAuthenticationSuccess(any(), any())).thenAnswer((Answer<Mono<Void>>) invocation -> {
@@ -368,11 +348,8 @@ public class OAuth2LoginTests {
 					.onAuthenticationFailure(webFilterExchange, authenticationException);
 		});
 
-		webTestClient.get()
-				.uri("/login/oauth2/code/github")
-				.exchange()
-				.expectStatus().is3xxRedirection()
-				.expectHeader().valueEquals("Location", failureRedirectLocation);
+		webTestClient.get().uri("/login/oauth2/code/github").exchange().expectStatus().is3xxRedirection().expectHeader()
+				.valueEquals("Location", failureRedirectLocation);
 
 		verify(converter).convert(any());
 		verify(manager).authenticate(any());
@@ -383,6 +360,7 @@ public class OAuth2LoginTests {
 
 	@Configuration
 	static class OAuth2LoginMockAuthenticationManagerConfig {
+
 		ReactiveAuthenticationManager manager = mock(ReactiveAuthenticationManager.class);
 
 		ServerAuthenticationConverter authenticationConverter = mock(ServerAuthenticationConverter.class);
@@ -412,6 +390,7 @@ public class OAuth2LoginTests {
 			// @formatter:on
 			return http.build();
 		}
+
 	}
 
 	@Test
@@ -421,9 +400,7 @@ public class OAuth2LoginTests {
 
 		String redirectLocation = "/custom-redirect-location";
 
-		WebTestClient webTestClient = WebTestClientBuilder
-				.bindToWebFilters(this.springSecurity)
-				.build();
+		WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(this.springSecurity).build();
 
 		OAuth2LoginMockAuthenticationManagerInLambdaConfig config = this.spring.getContext()
 				.getBean(OAuth2LoginMockAuthenticationManagerInLambdaConfig.class);
@@ -437,7 +414,8 @@ public class OAuth2LoginTests {
 		OAuth2User user = TestOAuth2Users.create();
 		OAuth2AccessToken accessToken = TestOAuth2AccessTokens.noScopes();
 
-		OAuth2LoginAuthenticationToken result = new OAuth2LoginAuthenticationToken(github, exchange, user, user.getAuthorities(), accessToken);
+		OAuth2LoginAuthenticationToken result = new OAuth2LoginAuthenticationToken(github, exchange, user,
+				user.getAuthorities(), accessToken);
 
 		when(converter.convert(any())).thenReturn(Mono.just(new TestingAuthenticationToken("a", "b", "c")));
 		when(manager.authenticate(any())).thenReturn(Mono.just(result));
@@ -451,11 +429,8 @@ public class OAuth2LoginTests {
 					.onAuthenticationSuccess(webFilterExchange, authentication);
 		});
 
-		webTestClient.get()
-			.uri("/login/oauth2/code/github")
-			.exchange()
-			.expectStatus().is3xxRedirection()
-			.expectHeader().valueEquals("Location", redirectLocation);
+		webTestClient.get().uri("/login/oauth2/code/github").exchange().expectStatus().is3xxRedirection().expectHeader()
+				.valueEquals("Location", redirectLocation);
 
 		verify(converter).convert(any());
 		verify(manager).authenticate(any());
@@ -466,6 +441,7 @@ public class OAuth2LoginTests {
 
 	@Configuration
 	static class OAuth2LoginMockAuthenticationManagerInLambdaConfig {
+
 		ReactiveAuthenticationManager manager = mock(ReactiveAuthenticationManager.class);
 
 		ServerAuthenticationConverter authenticationConverter = mock(ServerAuthenticationConverter.class);
@@ -495,16 +471,15 @@ public class OAuth2LoginTests {
 			// @formatter:on
 			return http.build();
 		}
+
 	}
 
 	@Test
 	public void oauth2LoginWhenCustomBeansThenUsed() {
-		this.spring.register(OAuth2LoginWithMultipleClientRegistrations.class,
-				OAuth2LoginWithCustomBeansConfig.class).autowire();
+		this.spring.register(OAuth2LoginWithMultipleClientRegistrations.class, OAuth2LoginWithCustomBeansConfig.class)
+				.autowire();
 
-		WebTestClient webTestClient = WebTestClientBuilder
-				.bindToWebFilters(this.springSecurity)
-				.build();
+		WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(this.springSecurity).build();
 
 		OAuth2LoginWithCustomBeansConfig config = this.spring.getContext()
 				.getBean(OAuth2LoginWithCustomBeansConfig.class);
@@ -513,7 +488,8 @@ public class OAuth2LoginTests {
 		OAuth2AuthorizationResponse response = TestOAuth2AuthorizationResponses.success().build();
 		OAuth2AuthorizationExchange exchange = new OAuth2AuthorizationExchange(request, response);
 		OAuth2AccessToken accessToken = TestOAuth2AccessTokens.scopes("openid");
-		OAuth2AuthorizationCodeAuthenticationToken token = new OAuth2AuthorizationCodeAuthenticationToken(google, exchange, accessToken);
+		OAuth2AuthorizationCodeAuthenticationToken token = new OAuth2AuthorizationCodeAuthenticationToken(google,
+				exchange, accessToken);
 
 		ServerAuthenticationConverter converter = config.authenticationConverter;
 		when(converter.convert(any())).thenReturn(Mono.just(token));
@@ -525,10 +501,8 @@ public class OAuth2LoginTests {
 		Map<String, Object> additionalParameters = new HashMap<>();
 		additionalParameters.put(OidcParameterNames.ID_TOKEN, "id-token");
 		OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken(accessToken.getTokenValue())
-				.tokenType(accessToken.getTokenType())
-				.scopes(accessToken.getScopes())
-				.additionalParameters(additionalParameters)
-				.build();
+				.tokenType(accessToken.getTokenType()).scopes(accessToken.getScopes())
+				.additionalParameters(additionalParameters).build();
 		ReactiveOAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> tokenResponseClient = config.tokenResponseClient;
 		when(tokenResponseClient.getTokenResponse(any())).thenReturn(Mono.just(accessTokenResponse));
 
@@ -536,10 +510,7 @@ public class OAuth2LoginTests {
 		ReactiveOAuth2UserService<OidcUserRequest, OidcUser> userService = config.userService;
 		when(userService.loadUser(any())).thenReturn(Mono.just(user));
 
-		webTestClient.get()
-				.uri("/login/oauth2/code/google")
-				.exchange()
-				.expectStatus().is3xxRedirection();
+		webTestClient.get().uri("/login/oauth2/code/google").exchange().expectStatus().is3xxRedirection();
 
 		verify(config.jwtDecoderFactory).createDecoder(any());
 		verify(tokenResponseClient).getTokenResponse(any());
@@ -549,20 +520,20 @@ public class OAuth2LoginTests {
 	// gh-5562
 	@Test
 	public void oauth2LoginWhenAccessTokenRequestFailsThenDefaultRedirectToLogin() {
-		this.spring.register(OAuth2LoginWithMultipleClientRegistrations.class,
-				OAuth2LoginWithCustomBeansConfig.class).autowire();
+		this.spring.register(OAuth2LoginWithMultipleClientRegistrations.class, OAuth2LoginWithCustomBeansConfig.class)
+				.autowire();
 
-		WebTestClient webTestClient = WebTestClientBuilder
-				.bindToWebFilters(this.springSecurity)
-				.build();
+		WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(this.springSecurity).build();
 
 		OAuth2AuthorizationRequest request = TestOAuth2AuthorizationRequests.request().scope("openid").build();
 		OAuth2AuthorizationResponse response = TestOAuth2AuthorizationResponses.success().build();
 		OAuth2AuthorizationExchange exchange = new OAuth2AuthorizationExchange(request, response);
 		OAuth2AccessToken accessToken = TestOAuth2AccessTokens.scopes("openid");
-		OAuth2AuthorizationCodeAuthenticationToken authenticationToken = new OAuth2AuthorizationCodeAuthenticationToken(google, exchange, accessToken);
+		OAuth2AuthorizationCodeAuthenticationToken authenticationToken = new OAuth2AuthorizationCodeAuthenticationToken(
+				google, exchange, accessToken);
 
-		OAuth2LoginWithCustomBeansConfig config = this.spring.getContext().getBean(OAuth2LoginWithCustomBeansConfig.class);
+		OAuth2LoginWithCustomBeansConfig config = this.spring.getContext()
+				.getBean(OAuth2LoginWithCustomBeansConfig.class);
 
 		ServerAuthenticationConverter converter = config.authenticationConverter;
 		when(converter.convert(any())).thenReturn(Mono.just(authenticationToken));
@@ -571,32 +542,27 @@ public class OAuth2LoginTests {
 		OAuth2Error oauth2Error = new OAuth2Error("invalid_request", "Invalid request", null);
 		when(tokenResponseClient.getTokenResponse(any())).thenThrow(new OAuth2AuthenticationException(oauth2Error));
 
-		webTestClient.get()
-				.uri("/login/oauth2/code/google")
-				.exchange()
-				.expectStatus()
-					.is3xxRedirection()
-				.expectHeader()
-					.valueEquals("Location", "/login?error");
+		webTestClient.get().uri("/login/oauth2/code/google").exchange().expectStatus().is3xxRedirection().expectHeader()
+				.valueEquals("Location", "/login?error");
 	}
 
 	// gh-6484
 	@Test
 	public void oauth2LoginWhenIdTokenValidationFailsThenDefaultRedirectToLogin() {
-		this.spring.register(OAuth2LoginWithMultipleClientRegistrations.class,
-				OAuth2LoginWithCustomBeansConfig.class).autowire();
+		this.spring.register(OAuth2LoginWithMultipleClientRegistrations.class, OAuth2LoginWithCustomBeansConfig.class)
+				.autowire();
 
-		WebTestClient webTestClient = WebTestClientBuilder
-				.bindToWebFilters(this.springSecurity)
-				.build();
+		WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(this.springSecurity).build();
 
-		OAuth2LoginWithCustomBeansConfig config = this.spring.getContext().getBean(OAuth2LoginWithCustomBeansConfig.class);
+		OAuth2LoginWithCustomBeansConfig config = this.spring.getContext()
+				.getBean(OAuth2LoginWithCustomBeansConfig.class);
 
 		OAuth2AuthorizationRequest request = TestOAuth2AuthorizationRequests.request().scope("openid").build();
 		OAuth2AuthorizationResponse response = TestOAuth2AuthorizationResponses.success().build();
 		OAuth2AuthorizationExchange exchange = new OAuth2AuthorizationExchange(request, response);
 		OAuth2AccessToken accessToken = TestOAuth2AccessTokens.scopes("openid");
-		OAuth2AuthorizationCodeAuthenticationToken authenticationToken = new OAuth2AuthorizationCodeAuthenticationToken(google, exchange, accessToken);
+		OAuth2AuthorizationCodeAuthenticationToken authenticationToken = new OAuth2AuthorizationCodeAuthenticationToken(
+				google, exchange, accessToken);
 
 		ServerAuthenticationConverter converter = config.authenticationConverter;
 		when(converter.convert(any())).thenReturn(Mono.just(authenticationToken));
@@ -604,25 +570,18 @@ public class OAuth2LoginTests {
 		Map<String, Object> additionalParameters = new HashMap<>();
 		additionalParameters.put(OidcParameterNames.ID_TOKEN, "id-token");
 		OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken(accessToken.getTokenValue())
-				.tokenType(accessToken.getTokenType())
-				.scopes(accessToken.getScopes())
-				.additionalParameters(additionalParameters)
-				.build();
+				.tokenType(accessToken.getTokenType()).scopes(accessToken.getScopes())
+				.additionalParameters(additionalParameters).build();
 		ReactiveOAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> tokenResponseClient = config.tokenResponseClient;
 		when(tokenResponseClient.getTokenResponse(any())).thenReturn(Mono.just(accessTokenResponse));
 
 		ReactiveJwtDecoderFactory<ClientRegistration> jwtDecoderFactory = config.jwtDecoderFactory;
 		OAuth2Error oauth2Error = new OAuth2Error("invalid_id_token", "Invalid ID Token", null);
-		when(jwtDecoderFactory.createDecoder(any())).thenReturn(token ->
-				Mono.error(new JwtValidationException("ID Token validation failed", Collections.singleton(oauth2Error))));
+		when(jwtDecoderFactory.createDecoder(any())).thenReturn(token -> Mono
+				.error(new JwtValidationException("ID Token validation failed", Collections.singleton(oauth2Error))));
 
-		webTestClient.get()
-				.uri("/login/oauth2/code/google")
-				.exchange()
-				.expectStatus()
-					.is3xxRedirection()
-				.expectHeader()
-					.valueEquals("Location", "/login?error");
+		webTestClient.get().uri("/login/oauth2/code/google").exchange().expectStatus().is3xxRedirection().expectHeader()
+				.valueEquals("Location", "/login?error");
 	}
 
 	@Configuration
@@ -630,8 +589,8 @@ public class OAuth2LoginTests {
 
 		ServerAuthenticationConverter authenticationConverter = mock(ServerAuthenticationConverter.class);
 
-		ReactiveOAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> tokenResponseClient =
-				mock(ReactiveOAuth2AccessTokenResponseClient.class);
+		ReactiveOAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> tokenResponseClient = mock(
+				ReactiveOAuth2AccessTokenResponseClient.class);
 
 		ReactiveOAuth2UserService<OidcUserRequest, OidcUser> userService = mock(ReactiveOAuth2UserService.class);
 
@@ -655,8 +614,8 @@ public class OAuth2LoginTests {
 		}
 
 		private ReactiveAuthenticationManager authenticationManager() {
-			OidcAuthorizationCodeReactiveAuthenticationManager oidc =
-					new OidcAuthorizationCodeReactiveAuthenticationManager(tokenResponseClient, userService);
+			OidcAuthorizationCodeReactiveAuthenticationManager oidc = new OidcAuthorizationCodeReactiveAuthenticationManager(
+					tokenResponseClient, userService);
 			oidc.setJwtDecoderFactory(jwtDecoderFactory());
 			return oidc;
 		}
@@ -689,35 +648,34 @@ public class OAuth2LoginTests {
 					return Mono.just(jwt);
 				};
 			}
+
 		}
+
 	}
 
 	@Test
 	public void logoutWhenUsingOidcLogoutHandlerThenRedirects() {
 		this.spring.register(OAuth2LoginConfigWithOidcLogoutSuccessHandler.class).autowire();
 
-		OAuth2AuthenticationToken token = new OAuth2AuthenticationToken(
-				TestOidcUsers.create(),
-				AuthorityUtils.NO_AUTHORITIES,
-				getBean(ClientRegistration.class).getRegistrationId());
+		OAuth2AuthenticationToken token = new OAuth2AuthenticationToken(TestOidcUsers.create(),
+				AuthorityUtils.NO_AUTHORITIES, getBean(ClientRegistration.class).getRegistrationId());
 
 		ServerSecurityContextRepository repository = getBean(ServerSecurityContextRepository.class);
 		when(repository.load(any())).thenReturn(authentication(token));
 
-		this.client.post().uri("/logout")
-				.exchange()
-				.expectHeader().valueEquals("Location", "https://logout?id_token_hint=id-token");
+		this.client.post().uri("/logout").exchange().expectHeader().valueEquals("Location",
+				"https://logout?id_token_hint=id-token");
 	}
 
 	@EnableWebFlux
 	@EnableWebFluxSecurity
 	static class OAuth2LoginConfigWithOidcLogoutSuccessHandler {
-		private final ServerSecurityContextRepository repository =
-				mock(ServerSecurityContextRepository.class);
-		private final ClientRegistration withLogout =
-				TestClientRegistrations.clientRegistration()
-						.providerConfigurationMetadata(Collections.singletonMap(
-								"end_session_endpoint", "https://logout")).build();
+
+		private final ServerSecurityContextRepository repository = mock(ServerSecurityContextRepository.class);
+
+		private final ClientRegistration withLogout = TestClientRegistrations.clientRegistration()
+				.providerConfigurationMetadata(Collections.singletonMap("end_session_endpoint", "https://logout"))
+				.build();
 
 		@Bean
 		public SecurityWebFilterChain springSecurity(ServerHttpSecurity http) {
@@ -745,6 +703,7 @@ public class OAuth2LoginTests {
 		ClientRegistration clientRegistration() {
 			return this.withLogout;
 		}
+
 	}
 
 	// gh-8609
@@ -752,16 +711,9 @@ public class OAuth2LoginTests {
 	public void oauth2LoginWhenAuthenticationConverterFailsThenDefaultRedirectToLogin() {
 		this.spring.register(OAuth2LoginWithMultipleClientRegistrations.class).autowire();
 
-		WebTestClient webTestClient = WebTestClientBuilder
-				.bindToWebFilters(this.springSecurity)
-				.build();
+		WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(this.springSecurity).build();
 
-		webTestClient.get()
-				.uri("/login/oauth2/code/google")
-				.exchange()
-				.expectStatus()
-				.is3xxRedirection()
-				.expectHeader()
+		webTestClient.get().uri("/login/oauth2/code/google").exchange().expectStatus().is3xxRedirection().expectHeader()
 				.valueEquals("Location", "/login?error");
 	}
 
@@ -774,6 +726,7 @@ public class OAuth2LoginTests {
 			}
 			return chain.filter(exchange);
 		}
+
 	}
 
 	Mono<SecurityContext> authentication(Authentication authentication) {
diff --git a/config/src/test/java/org/springframework/security/config/web/server/OAuth2ResourceServerSpecTests.java b/config/src/test/java/org/springframework/security/config/web/server/OAuth2ResourceServerSpecTests.java
index f0e1f3765a..aa1d2cdc47 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/OAuth2ResourceServerSpecTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/OAuth2ResourceServerSpecTests.java
@@ -88,10 +88,12 @@ import static org.mockito.Mockito.when;
 import static org.springframework.security.oauth2.jwt.TestJwts.jwt;
 
 /**
- * Tests for {@link org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec}
+ * Tests for
+ * {@link org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec}
  */
 @RunWith(SpringRunner.class)
 public class OAuth2ResourceServerSpecTests {
+
 	private String expired = "eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE1MzUwMzc4OTd9.jqZDDjfc2eysX44lHXEIr9XFd2S8vjIZHCccZU-dRWMRJNsQ1QN5VNnJGklqJBXJR4qgla6cmVqPOLkUHDb0sL0nxM5XuzQaG5ZzKP81RV88shFyAiT0fD-6nl1k-Fai-Fu-VkzSpNXgeONoTxDaYhdB-yxmgrgsApgmbOTE_9AcMk-FQDXQ-pL9kynccFGV0lZx4CA7cyknKN7KBxUilfIycvXODwgKCjj_1WddLTCNGYogJJSg__7NoxzqbyWd3udbHVjqYq7GsMMrGB4_2kBD4CkghOSNcRHbT_DIXowxfAVT7PAg7Q0E5ruZsr2zPZacEUDhJ6-wbvlA0FAOUg";
 
 	private String messageReadToken = "eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJtb2NrLXN1YmplY3QiLCJzY29wZSI6Im1lc3NhZ2U6cmVhZCIsImV4cCI6NDY4ODY0MTQxM30.cRl1bv_dDYcAN5U4NlIVKj8uu4mLMwjABF93P4dShiq-GQ-owzaqTSlB4YarNFgV3PKQvT9wxN1jBpGribvISljakoC0E8wDV-saDi8WxN-qvImYsn1zLzYFiZXCfRIxCmonJpydeiAPRxMTPtwnYDS9Ib0T_iA80TBGd-INhyxUUfrwRW5sqKRbjUciRJhpp7fW2ZYXmi9iPt3HDjRQA4IloJZ7f4-spt5Q9wl5HcQTv1t4XrX4eqhVbE5cCoIkFQnKPOc-jhVM44_eazLU6Xk-CCXP8C_UT5pX0luRS2cJrVFfHp2IR_AWxC-shItg6LNEmNFD4Zc-JLZcr0Q86Q";
@@ -100,35 +102,23 @@ public class OAuth2ResourceServerSpecTests {
 
 	private String unsignedToken = "eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0.eyJleHAiOi0yMDMzMjI0OTcsImp0aSI6IjEyMyIsInR5cCI6IkpXVCJ9.";
 
-	private String jwkSet = "{\n" +
-			"  \"keys\":[\n" +
-			"    {\n" +
-			"      \"kty\":\"RSA\",\n" +
-			"      \"e\":\"AQAB\",\n" +
-			"      \"use\":\"sig\",\n" +
-			"      \"kid\":\"one\",\n" +
-			"      \"n\":\"0IUjrPZDz-3z0UE4ppcKU36v7hnh8FJjhu3lbJYj0qj9eZiwEJxi9HHUfSK1DhUQG7mJBbYTK1tPYCgre5EkfKh-64VhYUa-vz17zYCmuB8fFj4XHE3MLkWIG-AUn8hNbPzYYmiBTjfGnMKxLHjsbdTiF4mtn-85w366916R6midnAuiPD4HjZaZ1PAsuY60gr8bhMEDtJ8unz81hoQrozpBZJ6r8aR1PrsWb1OqPMloK9kAIutJNvWYKacp8WYAp2WWy72PxQ7Fb0eIA1br3A5dnp-Cln6JROJcZUIRJ-QvS6QONWeS2407uQmS-i-lybsqaH0ldYC7NBEBA5inPQ\"\n" +
-			"    }\n" +
-			"  ]\n" +
-			"}\n";
+	private String jwkSet = "{\n" + "  \"keys\":[\n" + "    {\n" + "      \"kty\":\"RSA\",\n"
+			+ "      \"e\":\"AQAB\",\n" + "      \"use\":\"sig\",\n" + "      \"kid\":\"one\",\n"
+			+ "      \"n\":\"0IUjrPZDz-3z0UE4ppcKU36v7hnh8FJjhu3lbJYj0qj9eZiwEJxi9HHUfSK1DhUQG7mJBbYTK1tPYCgre5EkfKh-64VhYUa-vz17zYCmuB8fFj4XHE3MLkWIG-AUn8hNbPzYYmiBTjfGnMKxLHjsbdTiF4mtn-85w366916R6midnAuiPD4HjZaZ1PAsuY60gr8bhMEDtJ8unz81hoQrozpBZJ6r8aR1PrsWb1OqPMloK9kAIutJNvWYKacp8WYAp2WWy72PxQ7Fb0eIA1br3A5dnp-Cln6JROJcZUIRJ-QvS6QONWeS2407uQmS-i-lybsqaH0ldYC7NBEBA5inPQ\"\n"
+			+ "    }\n" + "  ]\n" + "}\n";
 
 	private Jwt jwt = jwt().build();
 
 	private String clientId = "client";
-	private String clientSecret = "secret";
-	private String active = "{\n" +
-			"      \"active\": true,\n" +
-			"      \"client_id\": \"l238j323ds-23ij4\",\n" +
-			"      \"username\": \"jdoe\",\n" +
-			"      \"scope\": \"read write dolphin\",\n" +
-			"      \"sub\": \"Z5O3upPC88QrAjx00dis\",\n" +
-			"      \"aud\": \"https://protected.example.net/resource\",\n" +
-			"      \"iss\": \"https://server.example.com/\",\n" +
-			"      \"exp\": 1419356238,\n" +
-			"      \"iat\": 1419350238,\n" +
-			"      \"extension_field\": \"twenty-seven\"\n" +
-			"     }";
 
+	private String clientSecret = "secret";
+
+	private String active = "{\n" + "      \"active\": true,\n" + "      \"client_id\": \"l238j323ds-23ij4\",\n"
+			+ "      \"username\": \"jdoe\",\n" + "      \"scope\": \"read write dolphin\",\n"
+			+ "      \"sub\": \"Z5O3upPC88QrAjx00dis\",\n"
+			+ "      \"aud\": \"https://protected.example.net/resource\",\n"
+			+ "      \"iss\": \"https://server.example.com/\",\n" + "      \"exp\": 1419356238,\n"
+			+ "      \"iat\": 1419350238,\n" + "      \"extension_field\": \"twenty-seven\"\n" + "     }";
 
 	@Rule
 	public final SpringTestRule spring = new SpringTestRule();
@@ -144,74 +134,60 @@ public class OAuth2ResourceServerSpecTests {
 	public void getWhenValidThenReturnsOk() {
 		this.spring.register(PublicKeyConfig.class, RootController.class).autowire();
 
-		this.client.get()
-				.headers(headers -> headers.setBearerAuth(this.messageReadToken))
-				.exchange()
-				.expectStatus().isOk();
+		this.client.get().headers(headers -> headers.setBearerAuth(this.messageReadToken)).exchange().expectStatus()
+				.isOk();
 	}
 
 	@Test
 	public void getWhenExpiredThenReturnsInvalidToken() {
 		this.spring.register(PublicKeyConfig.class).autowire();
 
-		this.client.get()
-				.headers(headers -> headers.setBearerAuth(this.expired))
-				.exchange()
-				.expectStatus().isUnauthorized()
-				.expectHeader().value(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer error=\"invalid_token\""));
+		this.client.get().headers(headers -> headers.setBearerAuth(this.expired)).exchange().expectStatus()
+				.isUnauthorized().expectHeader()
+				.value(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer error=\"invalid_token\""));
 	}
 
 	@Test
 	public void getWhenUnsignedThenReturnsInvalidToken() {
 		this.spring.register(PublicKeyConfig.class).autowire();
 
-		this.client.get()
-				.headers(headers -> headers.setBearerAuth(this.unsignedToken))
-				.exchange()
-				.expectStatus().isUnauthorized()
-				.expectHeader().value(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer error=\"invalid_token\""));
+		this.client.get().headers(headers -> headers.setBearerAuth(this.unsignedToken)).exchange().expectStatus()
+				.isUnauthorized().expectHeader()
+				.value(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer error=\"invalid_token\""));
 	}
 
 	@Test
 	public void getWhenEmptyBearerTokenThenReturnsInvalidToken() {
 		this.spring.register(PublicKeyConfig.class).autowire();
 
-		this.client.get()
-				.headers(headers -> headers.add("Authorization", "Bearer "))
-				.exchange()
-				.expectStatus().isUnauthorized()
-				.expectHeader().value(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer error=\"invalid_token\""));
+		this.client.get().headers(headers -> headers.add("Authorization", "Bearer ")).exchange().expectStatus()
+				.isUnauthorized().expectHeader()
+				.value(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer error=\"invalid_token\""));
 	}
 
 	@Test
 	public void getWhenValidTokenAndPublicKeyInLambdaThenReturnsOk() {
 		this.spring.register(PublicKeyInLambdaConfig.class, RootController.class).autowire();
 
-		this.client.get()
-				.headers(headers -> headers.setBearerAuth(this.messageReadToken))
-				.exchange()
-				.expectStatus().isOk();
+		this.client.get().headers(headers -> headers.setBearerAuth(this.messageReadToken)).exchange().expectStatus()
+				.isOk();
 	}
 
 	@Test
 	public void getWhenExpiredTokenAndPublicKeyInLambdaThenReturnsInvalidToken() {
 		this.spring.register(PublicKeyInLambdaConfig.class).autowire();
 
-		this.client.get()
-				.headers(headers -> headers.setBearerAuth(this.expired))
-				.exchange()
-				.expectStatus().isUnauthorized()
-				.expectHeader().value(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer error=\"invalid_token\""));
+		this.client.get().headers(headers -> headers.setBearerAuth(this.expired)).exchange().expectStatus()
+				.isUnauthorized().expectHeader()
+				.value(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer error=\"invalid_token\""));
 	}
 
 	@Test
 	public void getWhenValidUsingPlaceholderThenReturnsOk() {
 		this.spring.register(PlaceholderConfig.class, RootController.class).autowire();
 
-		this.client.get()
-				.headers(headers -> headers.setBearerAuth(this.messageReadToken))
-				.exchange()
-				.expectStatus().isOk();
+		this.client.get().headers(headers -> headers.setBearerAuth(this.messageReadToken)).exchange().expectStatus()
+				.isOk();
 	}
 
 	@Test
@@ -221,10 +197,7 @@ public class OAuth2ResourceServerSpecTests {
 		ReactiveJwtDecoder jwtDecoder = this.spring.getContext().getBean(ReactiveJwtDecoder.class);
 		when(jwtDecoder.decode(anyString())).thenReturn(Mono.just(this.jwt));
 
-		this.client.get()
-				.headers(headers -> headers.setBearerAuth("token"))
-				.exchange()
-				.expectStatus().isOk();
+		this.client.get().headers(headers -> headers.setBearerAuth("token")).exchange().expectStatus().isOk();
 
 		verify(jwtDecoder).decode(anyString());
 	}
@@ -236,9 +209,7 @@ public class OAuth2ResourceServerSpecTests {
 		MockWebServer mockWebServer = this.spring.getContext().getBean(MockWebServer.class);
 		mockWebServer.enqueue(new MockResponse().setBody(this.jwkSet));
 
-		this.client.get()
-				.headers(headers -> headers.setBearerAuth(this.messageReadTokenWithKid))
-				.exchange()
+		this.client.get().headers(headers -> headers.setBearerAuth(this.messageReadTokenWithKid)).exchange()
 				.expectStatus().isOk();
 	}
 
@@ -249,9 +220,7 @@ public class OAuth2ResourceServerSpecTests {
 		MockWebServer mockWebServer = this.spring.getContext().getBean(MockWebServer.class);
 		mockWebServer.enqueue(new MockResponse().setBody(this.jwkSet));
 
-		this.client.get()
-				.headers(headers -> headers.setBearerAuth(this.messageReadTokenWithKid))
-				.exchange()
+		this.client.get().headers(headers -> headers.setBearerAuth(this.messageReadTokenWithKid)).exchange()
 				.expectStatus().isOk();
 	}
 
@@ -259,125 +228,102 @@ public class OAuth2ResourceServerSpecTests {
 	public void getWhenUsingCustomAuthenticationManagerThenUsesItAccordingly() {
 		this.spring.register(CustomAuthenticationManagerConfig.class).autowire();
 
-		ReactiveAuthenticationManager authenticationManager = this.spring.getContext().getBean(
-				ReactiveAuthenticationManager.class);
+		ReactiveAuthenticationManager authenticationManager = this.spring.getContext()
+				.getBean(ReactiveAuthenticationManager.class);
 		when(authenticationManager.authenticate(any(Authentication.class)))
 				.thenReturn(Mono.error(new OAuth2AuthenticationException(new OAuth2Error("mock-failure"))));
 
-		this.client.get()
-				.headers(headers -> headers.setBearerAuth(this.messageReadToken))
-				.exchange()
-				.expectStatus().isUnauthorized()
-				.expectHeader().value(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer error=\"mock-failure\""));
+		this.client.get().headers(headers -> headers.setBearerAuth(this.messageReadToken)).exchange().expectStatus()
+				.isUnauthorized().expectHeader()
+				.value(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer error=\"mock-failure\""));
 	}
 
 	@Test
 	public void getWhenUsingCustomAuthenticationManagerInLambdaThenUsesItAccordingly() {
 		this.spring.register(CustomAuthenticationManagerInLambdaConfig.class).autowire();
 
-		ReactiveAuthenticationManager authenticationManager = this.spring.getContext().getBean(
-				ReactiveAuthenticationManager.class);
+		ReactiveAuthenticationManager authenticationManager = this.spring.getContext()
+				.getBean(ReactiveAuthenticationManager.class);
 		when(authenticationManager.authenticate(any(Authentication.class)))
 				.thenReturn(Mono.error(new OAuth2AuthenticationException(new OAuth2Error("mock-failure"))));
 
-		this.client.get()
-				.headers(headers -> headers.setBearerAuth(this.messageReadToken))
-				.exchange()
-				.expectStatus().isUnauthorized()
-				.expectHeader().value(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer error=\"mock-failure\""));
+		this.client.get().headers(headers -> headers.setBearerAuth(this.messageReadToken)).exchange().expectStatus()
+				.isUnauthorized().expectHeader()
+				.value(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer error=\"mock-failure\""));
 	}
 
 	@Test
 	public void getWhenUsingCustomAuthenticationManagerResolverThenUsesItAccordingly() {
 		this.spring.register(CustomAuthenticationManagerResolverConfig.class).autowire();
 
-		ReactiveAuthenticationManagerResolver<ServerWebExchange> authenticationManagerResolver =
-				this.spring.getContext().getBean(ReactiveAuthenticationManagerResolver.class);
+		ReactiveAuthenticationManagerResolver<ServerWebExchange> authenticationManagerResolver = this.spring
+				.getContext().getBean(ReactiveAuthenticationManagerResolver.class);
 
-		ReactiveAuthenticationManager authenticationManager =
-				this.spring.getContext().getBean(ReactiveAuthenticationManager.class);
+		ReactiveAuthenticationManager authenticationManager = this.spring.getContext()
+				.getBean(ReactiveAuthenticationManager.class);
 
 		when(authenticationManagerResolver.resolve(any(ServerWebExchange.class)))
-			.thenReturn(Mono.just(authenticationManager));
+				.thenReturn(Mono.just(authenticationManager));
 		when(authenticationManager.authenticate(any(Authentication.class)))
-			.thenReturn(Mono.error(new OAuth2AuthenticationException(new OAuth2Error("mock-failure"))));
+				.thenReturn(Mono.error(new OAuth2AuthenticationException(new OAuth2Error("mock-failure"))));
 
-		this.client.get()
-				.headers(headers -> headers.setBearerAuth(this.messageReadToken))
-				.exchange()
-				.expectStatus().isUnauthorized()
-				.expectHeader().value(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer error=\"mock-failure\""));
+		this.client.get().headers(headers -> headers.setBearerAuth(this.messageReadToken)).exchange().expectStatus()
+				.isUnauthorized().expectHeader()
+				.value(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer error=\"mock-failure\""));
 	}
 
 	@Test
 	public void postWhenSignedThenReturnsOk() {
 		this.spring.register(PublicKeyConfig.class, RootController.class).autowire();
 
-		this.client.post()
-				.headers(headers -> headers.setBearerAuth(this.messageReadToken))
-				.exchange()
-				.expectStatus().isOk();
+		this.client.post().headers(headers -> headers.setBearerAuth(this.messageReadToken)).exchange().expectStatus()
+				.isOk();
 	}
 
 	@Test
 	public void getWhenTokenHasInsufficientScopeThenReturnsInsufficientScope() {
 		this.spring.register(DenyAllConfig.class, RootController.class).autowire();
 
-		this.client.get()
-				.headers(headers -> headers.setBearerAuth(this.messageReadToken))
-				.exchange()
-				.expectStatus().isForbidden()
-				.expectHeader().value(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer error=\"insufficient_scope\""));
+		this.client.get().headers(headers -> headers.setBearerAuth(this.messageReadToken)).exchange().expectStatus()
+				.isForbidden().expectHeader()
+				.value(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer error=\"insufficient_scope\""));
 	}
 
 	@Test
 	public void postWhenMissingTokenThenReturnsForbidden() {
 		this.spring.register(PublicKeyConfig.class, RootController.class).autowire();
 
-		this.client.post()
-				.exchange()
-				.expectStatus().isForbidden();
+		this.client.post().exchange().expectStatus().isForbidden();
 	}
 
 	@Test
 	public void getWhenCustomBearerTokenServerAuthenticationConverterThenResponds() {
 		this.spring.register(CustomBearerTokenServerAuthenticationConverter.class, RootController.class).autowire();
 
-		this.client.get()
-				.cookie("TOKEN", this.messageReadToken)
-				.exchange()
-				.expectStatus().isOk();
+		this.client.get().cookie("TOKEN", this.messageReadToken).exchange().expectStatus().isOk();
 	}
 
 	@Test
 	public void getWhenSignedAndCustomConverterThenConverts() {
 		this.spring.register(CustomJwtAuthenticationConverterConfig.class, RootController.class).autowire();
 
-		this.client.get()
-				.headers(headers -> headers.setBearerAuth(this.messageReadToken))
-				.exchange()
-				.expectStatus().isOk();
+		this.client.get().headers(headers -> headers.setBearerAuth(this.messageReadToken)).exchange().expectStatus()
+				.isOk();
 	}
 
 	@Test
 	public void getWhenCustomBearerTokenEntryPointThenResponds() {
 		this.spring.register(CustomErrorHandlingConfig.class).autowire();
 
-		this.client.get()
-				.uri("/authenticated")
-				.exchange()
-				.expectStatus().isEqualTo(HttpStatus.I_AM_A_TEAPOT);
+		this.client.get().uri("/authenticated").exchange().expectStatus().isEqualTo(HttpStatus.I_AM_A_TEAPOT);
 	}
 
 	@Test
 	public void getWhenCustomBearerTokenDeniedHandlerThenResponds() {
 		this.spring.register(CustomErrorHandlingConfig.class).autowire();
 
-		this.client.get()
-				.uri("/unobtainable")
-				.headers(headers -> headers.setBearerAuth(this.messageReadToken))
-				.exchange()
-				.expectStatus().isEqualTo(HttpStatus.BANDWIDTH_LIMIT_EXCEEDED);
+		this.client.get().uri("/unobtainable").headers(headers -> headers.setBearerAuth(this.messageReadToken))
+				.exchange().expectStatus().isEqualTo(HttpStatus.BANDWIDTH_LIMIT_EXCEEDED);
 	}
 
 	@Test
@@ -425,8 +371,7 @@ public class OAuth2ResourceServerSpecTests {
 
 		ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec jwt = http.oauth2ResourceServer().jwt();
 
-		assertThatCode(() -> jwt.getJwtDecoder())
-				.isInstanceOf(NoUniqueBeanDefinitionException.class);
+		assertThatCode(() -> jwt.getJwtDecoder()).isInstanceOf(NoUniqueBeanDefinitionException.class);
 	}
 
 	@Test
@@ -437,8 +382,7 @@ public class OAuth2ResourceServerSpecTests {
 
 		ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec jwt = http.oauth2ResourceServer().jwt();
 
-		assertThatCode(() -> jwt.getJwtDecoder())
-				.isInstanceOf(NoSuchBeanDefinitionException.class);
+		assertThatCode(() -> jwt.getJwtDecoder()).isInstanceOf(NoSuchBeanDefinitionException.class);
 	}
 
 	@Test
@@ -447,10 +391,8 @@ public class OAuth2ResourceServerSpecTests {
 		this.spring.getContext().getBean(MockWebServer.class)
 				.setDispatcher(requiresAuth(clientId, clientSecret, active));
 
-		this.client.get()
-				.headers(headers -> headers.setBearerAuth(this.messageReadToken))
-				.exchange()
-				.expectStatus().isOk();
+		this.client.get().headers(headers -> headers.setBearerAuth(this.messageReadToken)).exchange().expectStatus()
+				.isOk();
 	}
 
 	@Test
@@ -459,22 +401,20 @@ public class OAuth2ResourceServerSpecTests {
 		this.spring.getContext().getBean(MockWebServer.class)
 				.setDispatcher(requiresAuth(clientId, clientSecret, active));
 
-		this.client.get()
-				.headers(headers -> headers.setBearerAuth(this.messageReadToken))
-				.exchange()
-				.expectStatus().isOk();
+		this.client.get().headers(headers -> headers.setBearerAuth(this.messageReadToken)).exchange().expectStatus()
+				.isOk();
 	}
 
 	@Test
 	public void configureWhenUsingBothAuthenticationManagerResolverAndOpaqueThenWiringException() {
 		assertThatCode(() -> this.spring.register(AuthenticationManagerResolverPlusOtherConfig.class).autowire())
-				.isInstanceOf(BeanCreationException.class)
-				.hasMessageContaining("authenticationManagerResolver");
+				.isInstanceOf(BeanCreationException.class).hasMessageContaining("authenticationManagerResolver");
 	}
 
 	@EnableWebFlux
 	@EnableWebFluxSecurity
 	static class PublicKeyConfig {
+
 		@Bean
 		SecurityWebFilterChain springSecurity(ServerHttpSecurity http) {
 			// @formatter:off
@@ -488,11 +428,13 @@ public class OAuth2ResourceServerSpecTests {
 			// @formatter:on
 			return http.build();
 		}
+
 	}
 
 	@EnableWebFlux
 	@EnableWebFluxSecurity
 	static class PublicKeyInLambdaConfig {
+
 		@Bean
 		SecurityWebFilterChain springSecurity(ServerHttpSecurity http) {
 			// @formatter:off
@@ -511,11 +453,13 @@ public class OAuth2ResourceServerSpecTests {
 			// @formatter:on
 			return http.build();
 		}
+
 	}
 
 	@EnableWebFlux
 	@EnableWebFluxSecurity
 	static class PlaceholderConfig {
+
 		@Value("${classpath:org/springframework/security/config/web/server/OAuth2ResourceServerSpecTests-simple.pub}")
 		RSAPublicKey key;
 
@@ -532,11 +476,13 @@ public class OAuth2ResourceServerSpecTests {
 			// @formatter:on
 			return http.build();
 		}
+
 	}
 
 	@EnableWebFlux
 	@EnableWebFluxSecurity
 	static class JwkSetUriConfig {
+
 		private MockWebServer mockWebServer = new MockWebServer();
 
 		@Bean
@@ -562,11 +508,13 @@ public class OAuth2ResourceServerSpecTests {
 		void shutdown() throws IOException {
 			this.mockWebServer.shutdown();
 		}
+
 	}
 
 	@EnableWebFlux
 	@EnableWebFluxSecurity
 	static class JwkSetUriInLambdaConfig {
+
 		private MockWebServer mockWebServer = new MockWebServer();
 
 		@Bean
@@ -596,11 +544,13 @@ public class OAuth2ResourceServerSpecTests {
 		void shutdown() throws IOException {
 			this.mockWebServer.shutdown();
 		}
+
 	}
 
 	@EnableWebFlux
 	@EnableWebFluxSecurity
 	static class CustomDecoderConfig {
+
 		ReactiveJwtDecoder jwtDecoder = mock(ReactiveJwtDecoder.class);
 
 		@Bean
@@ -618,11 +568,13 @@ public class OAuth2ResourceServerSpecTests {
 		ReactiveJwtDecoder jwtDecoder() {
 			return this.jwtDecoder;
 		}
+
 	}
 
 	@EnableWebFlux
 	@EnableWebFluxSecurity
 	static class DenyAllConfig {
+
 		@Bean
 		SecurityWebFilterChain authorization(ServerHttpSecurity http) {
 			// @formatter:off
@@ -637,11 +589,13 @@ public class OAuth2ResourceServerSpecTests {
 
 			return http.build();
 		}
+
 	}
 
 	@EnableWebFlux
 	@EnableWebFluxSecurity
 	static class CustomAuthenticationManagerConfig {
+
 		@Bean
 		SecurityWebFilterChain springSecurity(ServerHttpSecurity http) {
 			// @formatter:off
@@ -658,11 +612,13 @@ public class OAuth2ResourceServerSpecTests {
 		ReactiveAuthenticationManager authenticationManager() {
 			return mock(ReactiveAuthenticationManager.class);
 		}
+
 	}
 
 	@EnableWebFlux
 	@EnableWebFluxSecurity
 	static class CustomAuthenticationManagerInLambdaConfig {
+
 		@Bean
 		SecurityWebFilterChain springSecurity(ServerHttpSecurity http) {
 			// @formatter:off
@@ -683,11 +639,13 @@ public class OAuth2ResourceServerSpecTests {
 		ReactiveAuthenticationManager authenticationManager() {
 			return mock(ReactiveAuthenticationManager.class);
 		}
+
 	}
 
 	@EnableWebFlux
 	@EnableWebFluxSecurity
 	static class CustomAuthenticationManagerResolverConfig {
+
 		@Bean
 		SecurityWebFilterChain springSecurity(ServerHttpSecurity http) {
 			// @formatter:off
@@ -711,11 +669,13 @@ public class OAuth2ResourceServerSpecTests {
 		ReactiveAuthenticationManager authenticationManager() {
 			return mock(ReactiveAuthenticationManager.class);
 		}
+
 	}
 
 	@EnableWebFlux
 	@EnableWebFluxSecurity
 	static class CustomBearerTokenServerAuthenticationConverter {
+
 		@Bean
 		SecurityWebFilterChain springSecurity(ServerHttpSecurity http) {
 			// @formatter:off
@@ -737,11 +697,13 @@ public class OAuth2ResourceServerSpecTests {
 			return exchange -> Mono.justOrEmpty(exchange.getRequest().getCookies().getFirst("TOKEN").getValue())
 					.map(BearerTokenAuthenticationToken::new);
 		}
+
 	}
 
 	@EnableWebFlux
 	@EnableWebFluxSecurity
 	static class CustomJwtAuthenticationConverterConfig {
+
 		@Bean
 		SecurityWebFilterChain springSecurity(ServerHttpSecurity http) {
 			// @formatter:off
@@ -763,17 +725,19 @@ public class OAuth2ResourceServerSpecTests {
 
 			JwtAuthenticationConverter converter = new JwtAuthenticationConverter();
 			converter.setJwtGrantedAuthoritiesConverter(jwt -> {
-					String[] claims = ((String) jwt.getClaims().get("scope")).split(" ");
-					return Stream.of(claims).map(SimpleGrantedAuthority::new).collect(Collectors.toList());
-				});
+				String[] claims = ((String) jwt.getClaims().get("scope")).split(" ");
+				return Stream.of(claims).map(SimpleGrantedAuthority::new).collect(Collectors.toList());
+			});
 
 			return new ReactiveJwtAuthenticationConverterAdapter(converter);
 		}
+
 	}
 
 	@EnableWebFlux
 	@EnableWebFluxSecurity
 	static class CustomErrorHandlingConfig {
+
 		@Bean
 		SecurityWebFilterChain springSecurity(ServerHttpSecurity http) {
 			// @formatter:off
@@ -791,11 +755,13 @@ public class OAuth2ResourceServerSpecTests {
 
 			return http.build();
 		}
+
 	}
 
 	@EnableWebFlux
 	@EnableWebFluxSecurity
 	static class IntrospectionConfig {
+
 		private MockWebServer mockWebServer = new MockWebServer();
 
 		@Bean
@@ -822,11 +788,13 @@ public class OAuth2ResourceServerSpecTests {
 		void shutdown() throws IOException {
 			this.mockWebServer.shutdown();
 		}
+
 	}
 
 	@EnableWebFlux
 	@EnableWebFluxSecurity
 	static class IntrospectionInLambdaConfig {
+
 		private MockWebServer mockWebServer = new MockWebServer();
 
 		@Bean
@@ -857,11 +825,13 @@ public class OAuth2ResourceServerSpecTests {
 		void shutdown() throws IOException {
 			this.mockWebServer.shutdown();
 		}
+
 	}
 
 	@EnableWebFlux
 	@EnableWebFluxSecurity
 	static class AuthenticationManagerResolverPlusOtherConfig {
+
 		@Bean
 		SecurityWebFilterChain springSecurity(ServerHttpSecurity http) {
 			// @formatter:off
@@ -876,10 +846,12 @@ public class OAuth2ResourceServerSpecTests {
 
 			return http.build();
 		}
+
 	}
 
 	@RestController
 	static class RootController {
+
 		@GetMapping
 		Mono<String> get() {
 			return Mono.just("ok");
@@ -889,6 +861,7 @@ public class OAuth2ResourceServerSpecTests {
 		Mono<String> post() {
 			return Mono.just("ok");
 		}
+
 	}
 
 	private static Dispatcher requiresAuth(String username, String password, String response) {
@@ -896,10 +869,8 @@ public class OAuth2ResourceServerSpecTests {
 			@Override
 			public MockResponse dispatch(RecordedRequest request) {
 				String authorization = request.getHeader(org.springframework.http.HttpHeaders.AUTHORIZATION);
-				return Optional.ofNullable(authorization)
-						.filter(a -> isAuthorized(authorization, username, password))
-						.map(a -> ok(response))
-						.orElse(unauthorized());
+				return Optional.ofNullable(authorization).filter(a -> isAuthorized(authorization, username, password))
+						.map(a -> ok(response)).orElse(unauthorized());
 			}
 		};
 	}
@@ -910,8 +881,8 @@ public class OAuth2ResourceServerSpecTests {
 	}
 
 	private static MockResponse ok(String response) {
-		return new MockResponse().setBody(response)
-				.setHeader(org.springframework.http.HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE);
+		return new MockResponse().setBody(response).setHeader(org.springframework.http.HttpHeaders.CONTENT_TYPE,
+				MediaType.APPLICATION_JSON_VALUE);
 	}
 
 	private static MockResponse unauthorized() {
@@ -927,7 +898,8 @@ public class OAuth2ResourceServerSpecTests {
 		try {
 			KeyFactory factory = KeyFactory.getInstance("RSA");
 			rsaPublicKey = (RSAPublicKey) factory.generatePublic(spec);
-		} catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
+		}
+		catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
 			e.printStackTrace();
 		}
 		return rsaPublicKey;
@@ -939,4 +911,5 @@ public class OAuth2ResourceServerSpecTests {
 		this.spring.context(context).autowire();
 		return (GenericWebApplicationContext) this.spring.getContext();
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/web/server/RequestCacheTests.java b/config/src/test/java/org/springframework/security/config/web/server/RequestCacheTests.java
index 9f0d9a09ec..2cc9464701 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/RequestCacheTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/RequestCacheTests.java
@@ -41,65 +41,41 @@ import static org.springframework.security.config.Customizer.withDefaults;
  * @since 5.0
  */
 public class RequestCacheTests {
+
 	private ServerHttpSecurity http = ServerHttpSecurityConfigurationBuilder.httpWithDefaultAuthentication();
 
 	@Test
 	public void defaultFormLoginRequestCache() {
-		SecurityWebFilterChain securityWebFilter = this.http
-			.authorizeExchange()
-			.anyExchange().authenticated()
-			.and()
-			.formLogin().and()
-			.build();
+		SecurityWebFilterChain securityWebFilter = this.http.authorizeExchange().anyExchange().authenticated().and()
+				.formLogin().and().build();
 
 		WebTestClient webTestClient = WebTestClient
-			.bindToController(new SecuredPageController(), new WebTestClientBuilder.Http200RestController())
-			.webFilter(new WebFilterChainProxy(securityWebFilter))
-			.build();
+				.bindToController(new SecuredPageController(), new WebTestClientBuilder.Http200RestController())
+				.webFilter(new WebFilterChainProxy(securityWebFilter)).build();
 
-		WebDriver driver = WebTestClientHtmlUnitDriverBuilder
-			.webTestClientSetup(webTestClient)
-			.build();
+		WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build();
 
-		DefaultLoginPage loginPage = SecuredPage.to(driver, DefaultLoginPage.class)
-			.assertAt();
+		DefaultLoginPage loginPage = SecuredPage.to(driver, DefaultLoginPage.class).assertAt();
 
-		SecuredPage securedPage = loginPage.loginForm()
-			.username("user")
-			.password("password")
-			.submit(SecuredPage.class);
+		SecuredPage securedPage = loginPage.loginForm().username("user").password("password").submit(SecuredPage.class);
 
 		securedPage.assertAt();
 	}
 
 	@Test
 	public void requestCacheNoOp() {
-		SecurityWebFilterChain securityWebFilter = this.http
-			.authorizeExchange()
-				.anyExchange().authenticated()
-				.and()
-			.formLogin().and()
-			.requestCache()
-				.requestCache(NoOpServerRequestCache.getInstance())
-				.and()
-			.build();
+		SecurityWebFilterChain securityWebFilter = this.http.authorizeExchange().anyExchange().authenticated().and()
+				.formLogin().and().requestCache().requestCache(NoOpServerRequestCache.getInstance()).and().build();
 
 		WebTestClient webTestClient = WebTestClient
-			.bindToController(new SecuredPageController(), new WebTestClientBuilder.Http200RestController())
-			.webFilter(new WebFilterChainProxy(securityWebFilter))
-			.build();
+				.bindToController(new SecuredPageController(), new WebTestClientBuilder.Http200RestController())
+				.webFilter(new WebFilterChainProxy(securityWebFilter)).build();
 
-		WebDriver driver = WebTestClientHtmlUnitDriverBuilder
-			.webTestClientSetup(webTestClient)
-			.build();
+		WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build();
 
-		DefaultLoginPage loginPage = SecuredPage.to(driver, DefaultLoginPage.class)
-			.assertAt();
+		DefaultLoginPage loginPage = SecuredPage.to(driver, DefaultLoginPage.class).assertAt();
 
-		HomePage securedPage = loginPage.loginForm()
-			.username("user")
-			.password("password")
-			.submit(HomePage.class);
+		HomePage securedPage = loginPage.loginForm().username("user").password("password").submit(HomePage.class);
 
 		securedPage.assertAt();
 	}
@@ -107,38 +83,25 @@ public class RequestCacheTests {
 	@Test
 	public void requestWhenCustomRequestCacheInLambdaThenCustomCacheUsed() {
 		SecurityWebFilterChain securityWebFilter = this.http
-			.authorizeExchange(authorizeExchange ->
-				authorizeExchange
-					.anyExchange().authenticated()
-			)
-			.formLogin(withDefaults())
-			.requestCache(requestCache ->
-				requestCache
-					.requestCache(NoOpServerRequestCache.getInstance())
-			)
-			.build();
+				.authorizeExchange(authorizeExchange -> authorizeExchange.anyExchange().authenticated())
+				.formLogin(withDefaults())
+				.requestCache(requestCache -> requestCache.requestCache(NoOpServerRequestCache.getInstance())).build();
 
 		WebTestClient webTestClient = WebTestClient
-			.bindToController(new SecuredPageController(), new WebTestClientBuilder.Http200RestController())
-			.webFilter(new WebFilterChainProxy(securityWebFilter))
-			.build();
+				.bindToController(new SecuredPageController(), new WebTestClientBuilder.Http200RestController())
+				.webFilter(new WebFilterChainProxy(securityWebFilter)).build();
 
-		WebDriver driver = WebTestClientHtmlUnitDriverBuilder
-			.webTestClientSetup(webTestClient)
-			.build();
+		WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build();
 
-		DefaultLoginPage loginPage = SecuredPage.to(driver, DefaultLoginPage.class)
-			.assertAt();
+		DefaultLoginPage loginPage = SecuredPage.to(driver, DefaultLoginPage.class).assertAt();
 
-		HomePage securedPage = loginPage.loginForm()
-			.username("user")
-			.password("password")
-			.submit(HomePage.class);
+		HomePage securedPage = loginPage.loginForm().username("user").password("password").submit(HomePage.class);
 
 		securedPage.assertAt();
 	}
 
 	public static class SecuredPage {
+
 		private WebDriver driver;
 
 		public SecuredPage(WebDriver driver) {
@@ -153,23 +116,19 @@ public class RequestCacheTests {
 			driver.get("http://localhost/secured");
 			return PageFactory.initElements(driver, page);
 		}
+
 	}
 
 	@Controller
 	public static class SecuredPageController {
+
 		@ResponseBody
 		@GetMapping("/secured")
 		public String login(ServerWebExchange exchange) {
-			return
-				"<!DOCTYPE html>\n"
-					+ "<html lang=\"en\">\n"
-					+ "  <head>\n"
-					+ "    <title>Secured</title>\n"
-					+ "  </head>\n"
-					+ "  <body>\n"
-					+ "    <h1>Secured</h1>\n"
-					+ "  </body>\n"
-					+ "</html>";
+			return "<!DOCTYPE html>\n" + "<html lang=\"en\">\n" + "  <head>\n" + "    <title>Secured</title>\n"
+					+ "  </head>\n" + "  <body>\n" + "    <h1>Secured</h1>\n" + "  </body>\n" + "</html>";
 		}
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/web/server/ServerHttpSecurityTests.java b/config/src/test/java/org/springframework/security/config/web/server/ServerHttpSecurityTests.java
index 052b6629a4..e63bbf13e5 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/ServerHttpSecurityTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/ServerHttpSecurityTests.java
@@ -89,10 +89,13 @@ import org.springframework.security.web.server.authentication.HttpBasicServerAut
  */
 @RunWith(MockitoJUnitRunner.class)
 public class ServerHttpSecurityTests {
+
 	@Mock
 	private ServerSecurityContextRepository contextRepository;
+
 	@Mock
 	private ReactiveAuthenticationManager authenticationManager;
+
 	@Mock
 	private ServerCsrfTokenRepository csrfTokenRepository;
 
@@ -100,8 +103,7 @@ public class ServerHttpSecurityTests {
 
 	@Before
 	public void setup() {
-		this.http = ServerHttpSecurityConfigurationBuilder.http()
-			.authenticationManager(this.authenticationManager);
+		this.http = ServerHttpSecurityConfigurationBuilder.http().authenticationManager(this.authenticationManager);
 	}
 
 	@Test
@@ -112,11 +114,8 @@ public class ServerHttpSecurityTests {
 
 		WebTestClient client = buildClient();
 
-		FluxExchangeResult<String> result = client.get()
-			.uri("/")
-			.exchange()
-			.expectHeader().valueMatches(HttpHeaders.CACHE_CONTROL, ".+")
-			.returnResult(String.class);
+		FluxExchangeResult<String> result = client.get().uri("/").exchange().expectHeader()
+				.valueMatches(HttpHeaders.CACHE_CONTROL, ".+").returnResult(String.class);
 
 		assertThat(result.getResponseCookies()).isEmpty();
 		// there is no need to try and load the SecurityContext by default
@@ -125,7 +124,8 @@ public class ServerHttpSecurityTests {
 
 	@Test
 	public void basic() {
-		given(this.authenticationManager.authenticate(any())).willReturn(Mono.just(new TestingAuthenticationToken("rob", "rob", "ROLE_USER", "ROLE_ADMIN")));
+		given(this.authenticationManager.authenticate(any()))
+				.willReturn(Mono.just(new TestingAuthenticationToken("rob", "rob", "ROLE_USER", "ROLE_ADMIN")));
 
 		this.http.httpBasic();
 		this.http.authenticationManager(this.authenticationManager);
@@ -134,21 +134,18 @@ public class ServerHttpSecurityTests {
 
 		WebTestClient client = buildClient();
 
-		EntityExchangeResult<String> result = client.get()
-			.uri("/")
-			.headers(headers -> headers.setBasicAuth("rob", "rob"))
-			.exchange()
-			.expectStatus().isOk()
-			.expectHeader().valueMatches(HttpHeaders.CACHE_CONTROL, ".+")
-			.expectBody(String.class).consumeWith(b -> assertThat(b.getResponseBody()).isEqualTo("ok"))
-			.returnResult();
+		EntityExchangeResult<String> result = client.get().uri("/")
+				.headers(headers -> headers.setBasicAuth("rob", "rob")).exchange().expectStatus().isOk().expectHeader()
+				.valueMatches(HttpHeaders.CACHE_CONTROL, ".+").expectBody(String.class)
+				.consumeWith(b -> assertThat(b.getResponseBody()).isEqualTo("ok")).returnResult();
 
 		assertThat(result.getResponseCookies().getFirst("SESSION")).isNull();
 	}
 
 	@Test
 	public void basicWithGlobalWebSessionServerSecurityContextRepository() {
-		given(this.authenticationManager.authenticate(any())).willReturn(Mono.just(new TestingAuthenticationToken("rob", "rob", "ROLE_USER", "ROLE_ADMIN")));
+		given(this.authenticationManager.authenticate(any()))
+				.willReturn(Mono.just(new TestingAuthenticationToken("rob", "rob", "ROLE_USER", "ROLE_ADMIN")));
 
 		this.http.securityContextRepository(new WebSessionServerSecurityContextRepository());
 		this.http.httpBasic();
@@ -158,14 +155,10 @@ public class ServerHttpSecurityTests {
 
 		WebTestClient client = buildClient();
 
-		EntityExchangeResult<String> result = client.get()
-				.uri("/")
-				.headers(headers -> headers.setBasicAuth("rob", "rob"))
-				.exchange()
-				.expectStatus().isOk()
-				.expectHeader().valueMatches(HttpHeaders.CACHE_CONTROL, ".+")
-				.expectBody(String.class).consumeWith(b -> assertThat(b.getResponseBody()).isEqualTo("ok"))
-				.returnResult();
+		EntityExchangeResult<String> result = client.get().uri("/")
+				.headers(headers -> headers.setBasicAuth("rob", "rob")).exchange().expectStatus().isOk().expectHeader()
+				.valueMatches(HttpHeaders.CACHE_CONTROL, ".+").expectBody(String.class)
+				.consumeWith(b -> assertThat(b.getResponseBody()).isEqualTo("ok")).returnResult();
 
 		assertThat(result.getResponseCookies().getFirst("SESSION")).isNotNull();
 	}
@@ -175,13 +168,8 @@ public class ServerHttpSecurityTests {
 		this.http.authorizeExchange().anyExchange().authenticated();
 
 		WebTestClient client = buildClient();
-		client
-			.get()
-			.uri("/")
-			.exchange()
-			.expectStatus().isUnauthorized()
-			.expectHeader().valueMatches(HttpHeaders.CACHE_CONTROL, ".+")
-			.expectBody().isEmpty();
+		client.get().uri("/").exchange().expectStatus().isUnauthorized().expectHeader()
+				.valueMatches(HttpHeaders.CACHE_CONTROL, ".+").expectBody().isEmpty();
 	}
 
 	@Test
@@ -189,105 +177,93 @@ public class ServerHttpSecurityTests {
 		SecurityWebFilterChain filter = this.http.build();
 
 		WebTestClient client = WebTestClient.bindToController(new SubscriberContextController())
-				.webFilter(new WebFilterChainProxy(filter))
-				.build();
+				.webFilter(new WebFilterChainProxy(filter)).build();
 
-		client.get().uri("/foo/bar")
-				.exchange()
-				.expectBody(String.class).isEqualTo("/foo/bar");
+		client.get().uri("/foo/bar").exchange().expectBody(String.class).isEqualTo("/foo/bar");
 	}
 
 	@Test
 	public void csrfServerLogoutHandlerNotAppliedIfCsrfIsntEnabled() {
 		SecurityWebFilterChain securityWebFilterChain = this.http.csrf().disable().build();
 
-		assertThat(getWebFilter(securityWebFilterChain, CsrfWebFilter.class))
-				.isNotPresent();
+		assertThat(getWebFilter(securityWebFilterChain, CsrfWebFilter.class)).isNotPresent();
 
 		Optional<ServerLogoutHandler> logoutHandler = getWebFilter(securityWebFilterChain, LogoutWebFilter.class)
-				.map(logoutWebFilter -> (ServerLogoutHandler) getField(logoutWebFilter, LogoutWebFilter.class, "logoutHandler"));
+				.map(logoutWebFilter -> (ServerLogoutHandler) getField(logoutWebFilter, LogoutWebFilter.class,
+						"logoutHandler"));
 
-		assertThat(logoutHandler)
-				.get()
-				.isExactlyInstanceOf(SecurityContextServerLogoutHandler.class);
+		assertThat(logoutHandler).get().isExactlyInstanceOf(SecurityContextServerLogoutHandler.class);
 	}
 
 	@Test
 	public void csrfServerLogoutHandlerAppliedIfCsrfIsEnabled() {
-		SecurityWebFilterChain securityWebFilterChain = this.http.csrf().csrfTokenRepository(this.csrfTokenRepository).and().build();
+		SecurityWebFilterChain securityWebFilterChain = this.http.csrf().csrfTokenRepository(this.csrfTokenRepository)
+				.and().build();
 
-		assertThat(getWebFilter(securityWebFilterChain, CsrfWebFilter.class))
-				.get()
+		assertThat(getWebFilter(securityWebFilterChain, CsrfWebFilter.class)).get()
 				.extracting(csrfWebFilter -> getField(csrfWebFilter, "csrfTokenRepository"))
 				.isEqualTo(this.csrfTokenRepository);
 
 		Optional<ServerLogoutHandler> logoutHandler = getWebFilter(securityWebFilterChain, LogoutWebFilter.class)
-				.map(logoutWebFilter -> (ServerLogoutHandler) getField(logoutWebFilter, LogoutWebFilter.class, "logoutHandler"));
+				.map(logoutWebFilter -> (ServerLogoutHandler) getField(logoutWebFilter, LogoutWebFilter.class,
+						"logoutHandler"));
 
-		assertThat(logoutHandler)
-				.get()
-				.isExactlyInstanceOf(DelegatingServerLogoutHandler.class)
-				.extracting(delegatingLogoutHandler ->
-						((List<ServerLogoutHandler>) getField(delegatingLogoutHandler, DelegatingServerLogoutHandler.class, "delegates")).stream()
-								.map(ServerLogoutHandler::getClass)
+		assertThat(logoutHandler).get().isExactlyInstanceOf(DelegatingServerLogoutHandler.class)
+				.extracting(delegatingLogoutHandler -> ((List<ServerLogoutHandler>) getField(delegatingLogoutHandler,
+						DelegatingServerLogoutHandler.class, "delegates")).stream().map(ServerLogoutHandler::getClass)
 								.collect(Collectors.toList()))
 				.isEqualTo(Arrays.asList(SecurityContextServerLogoutHandler.class, CsrfServerLogoutHandler.class));
 	}
 
 	@Test
 	@SuppressWarnings("unchecked")
-	public void addFilterAfterIsApplied(){
-		SecurityWebFilterChain securityWebFilterChain =  this.http.addFilterAfter(new TestWebFilter(), SecurityWebFiltersOrder.SECURITY_CONTEXT_SERVER_WEB_EXCHANGE).build();
+	public void addFilterAfterIsApplied() {
+		SecurityWebFilterChain securityWebFilterChain = this.http
+				.addFilterAfter(new TestWebFilter(), SecurityWebFiltersOrder.SECURITY_CONTEXT_SERVER_WEB_EXCHANGE)
+				.build();
 		List filters = securityWebFilterChain.getWebFilters().map(WebFilter::getClass).collectList().block();
 
-		assertThat(filters).isNotNull()
-				.isNotEmpty()
-				.containsSequence(SecurityContextServerWebExchangeWebFilter.class, TestWebFilter.class);
+		assertThat(filters).isNotNull().isNotEmpty().containsSequence(SecurityContextServerWebExchangeWebFilter.class,
+				TestWebFilter.class);
 
 	}
 
 	@Test
 	@SuppressWarnings("unchecked")
-	public void addFilterBeforeIsApplied(){
-		SecurityWebFilterChain securityWebFilterChain =  this.http.addFilterBefore(new TestWebFilter(), SecurityWebFiltersOrder.SECURITY_CONTEXT_SERVER_WEB_EXCHANGE).build();
+	public void addFilterBeforeIsApplied() {
+		SecurityWebFilterChain securityWebFilterChain = this.http
+				.addFilterBefore(new TestWebFilter(), SecurityWebFiltersOrder.SECURITY_CONTEXT_SERVER_WEB_EXCHANGE)
+				.build();
 		List filters = securityWebFilterChain.getWebFilters().map(WebFilter::getClass).collectList().block();
 
-		assertThat(filters).isNotNull()
-				.isNotEmpty()
-				.containsSequence(TestWebFilter.class, SecurityContextServerWebExchangeWebFilter.class);
+		assertThat(filters).isNotNull().isNotEmpty().containsSequence(TestWebFilter.class,
+				SecurityContextServerWebExchangeWebFilter.class);
 
 	}
 
 	@Test
-	public void anonymous(){
+	public void anonymous() {
 		SecurityWebFilterChain securityFilterChain = this.http.anonymous().and().build();
-		WebTestClient client = WebTestClientBuilder.bindToControllerAndWebFilters(AnonymousAuthenticationWebFilterTests.HttpMeController.class,
-				securityFilterChain).build();
+		WebTestClient client = WebTestClientBuilder.bindToControllerAndWebFilters(
+				AnonymousAuthenticationWebFilterTests.HttpMeController.class, securityFilterChain).build();
 
-		client.get()
-				.uri("/me")
-				.exchange()
-				.expectStatus().isOk()
-				.expectBody(String.class).isEqualTo("anonymousUser");
+		client.get().uri("/me").exchange().expectStatus().isOk().expectBody(String.class).isEqualTo("anonymousUser");
 
 	}
 
 	@Test
 	public void getWhenAnonymousConfiguredThenAuthenticationIsAnonymous() {
 		SecurityWebFilterChain securityFilterChain = this.http.anonymous(withDefaults()).build();
-		WebTestClient client = WebTestClientBuilder.bindToControllerAndWebFilters(AnonymousAuthenticationWebFilterTests.HttpMeController.class,
-				securityFilterChain).build();
+		WebTestClient client = WebTestClientBuilder.bindToControllerAndWebFilters(
+				AnonymousAuthenticationWebFilterTests.HttpMeController.class, securityFilterChain).build();
 
-		client.get()
-				.uri("/me")
-				.exchange()
-				.expectStatus().isOk()
-				.expectBody(String.class).isEqualTo("anonymousUser");
+		client.get().uri("/me").exchange().expectStatus().isOk().expectBody(String.class).isEqualTo("anonymousUser");
 	}
 
 	@Test
 	public void basicWithAnonymous() {
-		given(this.authenticationManager.authenticate(any())).willReturn(Mono.just(new TestingAuthenticationToken("rob", "rob", "ROLE_USER", "ROLE_ADMIN")));
+		given(this.authenticationManager.authenticate(any()))
+				.willReturn(Mono.just(new TestingAuthenticationToken("rob", "rob", "ROLE_USER", "ROLE_ADMIN")));
 
 		this.http.httpBasic().and().anonymous();
 		this.http.authenticationManager(this.authenticationManager);
@@ -296,14 +272,10 @@ public class ServerHttpSecurityTests {
 
 		WebTestClient client = buildClient();
 
-		EntityExchangeResult<String> result = client.get()
-				.uri("/")
-				.headers(headers -> headers.setBasicAuth("rob", "rob"))
-				.exchange()
-				.expectStatus().isOk()
-				.expectHeader().valueMatches(HttpHeaders.CACHE_CONTROL, ".+")
-				.expectBody(String.class).consumeWith(b -> assertThat(b.getResponseBody()).isEqualTo("ok"))
-				.returnResult();
+		EntityExchangeResult<String> result = client.get().uri("/")
+				.headers(headers -> headers.setBasicAuth("rob", "rob")).exchange().expectStatus().isOk().expectHeader()
+				.valueMatches(HttpHeaders.CACHE_CONTROL, ".+").expectBody(String.class)
+				.consumeWith(b -> assertThat(b.getResponseBody()).isEqualTo("ok")).returnResult();
 
 		assertThat(result.getResponseCookies().getFirst("SESSION")).isNull();
 	}
@@ -320,13 +292,9 @@ public class ServerHttpSecurityTests {
 
 		WebTestClient client = buildClient();
 
-		EntityExchangeResult<String> result = client.get()
-				.uri("/")
-				.exchange()
-				.expectStatus().isUnauthorized()
+		EntityExchangeResult<String> result = client.get().uri("/").exchange().expectStatus().isUnauthorized()
 				.expectHeader().value(HttpHeaders.WWW_AUTHENTICATE, value -> assertThat(value).contains("myrealm"))
-				.expectBody(String.class)
-				.returnResult();
+				.expectBody(String.class).returnResult();
 
 		assertThat(result.getResponseCookies().getFirst("SESSION")).isNull();
 	}
@@ -336,22 +304,16 @@ public class ServerHttpSecurityTests {
 		this.http.securityContextRepository(new WebSessionServerSecurityContextRepository());
 		HttpBasicServerAuthenticationEntryPoint authenticationEntryPoint = new HttpBasicServerAuthenticationEntryPoint();
 		authenticationEntryPoint.setRealm("myrealm");
-		this.http.httpBasic(httpBasic ->
-				httpBasic.authenticationEntryPoint(authenticationEntryPoint)
-		);
+		this.http.httpBasic(httpBasic -> httpBasic.authenticationEntryPoint(authenticationEntryPoint));
 		this.http.authenticationManager(this.authenticationManager);
 		ServerHttpSecurity.AuthorizeExchangeSpec authorize = this.http.authorizeExchange();
 		authorize.anyExchange().authenticated();
 
 		WebTestClient client = buildClient();
 
-		EntityExchangeResult<String> result = client.get()
-				.uri("/")
-				.exchange()
-				.expectStatus().isUnauthorized()
+		EntityExchangeResult<String> result = client.get().uri("/").exchange().expectStatus().isUnauthorized()
 				.expectHeader().value(HttpHeaders.WWW_AUTHENTICATE, value -> assertThat(value).contains("myrealm"))
-				.expectBody(String.class)
-				.returnResult();
+				.expectBody(String.class).returnResult();
 
 		assertThat(result.getResponseCookies().getFirst("SESSION")).isNull();
 	}
@@ -359,17 +321,15 @@ public class ServerHttpSecurityTests {
 	@Test
 	public void basicWithCustomAuthenticationManager() {
 		ReactiveAuthenticationManager customAuthenticationManager = mock(ReactiveAuthenticationManager.class);
-		given(customAuthenticationManager.authenticate(any())).willReturn(Mono.just(new TestingAuthenticationToken("rob", "rob", "ROLE_USER", "ROLE_ADMIN")));
+		given(customAuthenticationManager.authenticate(any()))
+				.willReturn(Mono.just(new TestingAuthenticationToken("rob", "rob", "ROLE_USER", "ROLE_ADMIN")));
 
-		SecurityWebFilterChain securityFilterChain = this.http.httpBasic().authenticationManager(customAuthenticationManager).and().build();
+		SecurityWebFilterChain securityFilterChain = this.http.httpBasic()
+				.authenticationManager(customAuthenticationManager).and().build();
 		WebFilterChainProxy springSecurityFilterChain = new WebFilterChainProxy(securityFilterChain);
 		WebTestClient client = WebTestClientBuilder.bindToWebFilters(springSecurityFilterChain).build();
 
-		client.get()
-				.uri("/")
-				.headers(headers -> headers.setBasicAuth("rob", "rob"))
-				.exchange()
-				.expectStatus().isOk()
+		client.get().uri("/").headers(headers -> headers.setBasicAuth("rob", "rob")).exchange().expectStatus().isOk()
 				.expectBody(String.class).consumeWith(b -> assertThat(b.getResponseBody()).isEqualTo("ok"));
 
 		verifyZeroInteractions(this.authenticationManager);
@@ -382,18 +342,11 @@ public class ServerHttpSecurityTests {
 				.willReturn(Mono.just(new TestingAuthenticationToken("rob", "rob", "ROLE_USER", "ROLE_ADMIN")));
 
 		SecurityWebFilterChain securityFilterChain = this.http
-				.httpBasic(httpBasic ->
-						httpBasic.authenticationManager(customAuthenticationManager)
-				)
-				.build();
+				.httpBasic(httpBasic -> httpBasic.authenticationManager(customAuthenticationManager)).build();
 		WebFilterChainProxy springSecurityFilterChain = new WebFilterChainProxy(securityFilterChain);
 		WebTestClient client = WebTestClientBuilder.bindToWebFilters(springSecurityFilterChain).build();
 
-		client.get()
-				.uri("/")
-				.headers(headers -> headers.setBasicAuth("rob", "rob"))
-				.exchange()
-				.expectStatus().isOk()
+		client.get().uri("/").headers(headers -> headers.setBasicAuth("rob", "rob")).exchange().expectStatus().isOk()
 				.expectBody(String.class).consumeWith(b -> assertThat(b.getResponseBody()).isEqualTo("ok"));
 
 		verifyZeroInteractions(this.authenticationManager);
@@ -406,10 +359,7 @@ public class ServerHttpSecurityTests {
 		X509PrincipalExtractor mockExtractor = mock(X509PrincipalExtractor.class);
 		ReactiveAuthenticationManager mockAuthenticationManager = mock(ReactiveAuthenticationManager.class);
 
-		this.http.x509()
-				.principalExtractor(mockExtractor)
-				.authenticationManager(mockAuthenticationManager)
-				.and();
+		this.http.x509().principalExtractor(mockExtractor).authenticationManager(mockAuthenticationManager).and();
 
 		SecurityWebFilterChain securityWebFilterChain = this.http.build();
 		WebFilter x509WebFilter = securityWebFilterChain.getWebFilters().filter(this::isX509Filter).blockFirst();
@@ -422,11 +372,7 @@ public class ServerHttpSecurityTests {
 		X509PrincipalExtractor mockExtractor = mock(X509PrincipalExtractor.class);
 		ReactiveAuthenticationManager mockAuthenticationManager = mock(ReactiveAuthenticationManager.class);
 
-		this.http.x509(x509 ->
-				x509
-					.principalExtractor(mockExtractor)
-					.authenticationManager(mockAuthenticationManager)
-				);
+		this.http.x509(x509 -> x509.principalExtractor(mockExtractor).authenticationManager(mockAuthenticationManager));
 
 		SecurityWebFilterChain securityWebFilterChain = this.http.build();
 		WebFilter x509WebFilter = securityWebFilterChain.getWebFilters().filter(this::isX509Filter).blockFirst();
@@ -460,10 +406,7 @@ public class ServerHttpSecurityTests {
 		WebFilterChainProxy springSecurityFilterChain = new WebFilterChainProxy(securityFilterChain);
 		WebTestClient client = WebTestClientBuilder.bindToWebFilters(springSecurityFilterChain).build();
 
-		client.post()
-				.uri("/")
-				.exchange()
-				.expectStatus().isOk();
+		client.post().uri("/").exchange().expectStatus().isOk();
 	}
 
 	@Test
@@ -471,15 +414,11 @@ public class ServerHttpSecurityTests {
 		ServerCsrfTokenRepository customServerCsrfTokenRepository = mock(ServerCsrfTokenRepository.class);
 		when(customServerCsrfTokenRepository.loadToken(any(ServerWebExchange.class))).thenReturn(Mono.empty());
 		SecurityWebFilterChain securityFilterChain = this.http
-				.csrf(csrf -> csrf.csrfTokenRepository(customServerCsrfTokenRepository))
-				.build();
+				.csrf(csrf -> csrf.csrfTokenRepository(customServerCsrfTokenRepository)).build();
 		WebFilterChainProxy springSecurityFilterChain = new WebFilterChainProxy(securityFilterChain);
 		WebTestClient client = WebTestClientBuilder.bindToWebFilters(springSecurityFilterChain).build();
 
-		client.post()
-				.uri("/")
-				.exchange()
-				.expectStatus().isForbidden();
+		client.post().uri("/").exchange().expectStatus().isForbidden();
 
 		verify(customServerCsrfTokenRepository).loadToken(any());
 	}
@@ -487,16 +426,12 @@ public class ServerHttpSecurityTests {
 	@Test
 	public void shouldConfigureRequestCacheForOAuth2LoginAuthenticationEntryPointAndSuccessHandler() {
 		ServerRequestCache requestCache = spy(new WebSessionServerRequestCache());
-		ReactiveClientRegistrationRepository clientRegistrationRepository = mock(ReactiveClientRegistrationRepository.class);
+		ReactiveClientRegistrationRepository clientRegistrationRepository = mock(
+				ReactiveClientRegistrationRepository.class);
 
-		SecurityWebFilterChain securityFilterChain = this.http
-				.oauth2Login()
-				.clientRegistrationRepository(clientRegistrationRepository)
-				.and()
-				.authorizeExchange().anyExchange().authenticated()
-				.and()
-				.requestCache(c -> c.requestCache(requestCache))
-				.build();
+		SecurityWebFilterChain securityFilterChain = this.http.oauth2Login()
+				.clientRegistrationRepository(clientRegistrationRepository).and().authorizeExchange().anyExchange()
+				.authenticated().and().requestCache(c -> c.requestCache(requestCache)).build();
 
 		WebTestClient client = WebTestClientBuilder.bindToWebFilters(securityFilterChain).build();
 		client.get().uri("/test").exchange();
@@ -504,28 +439,27 @@ public class ServerHttpSecurityTests {
 		verify(requestCache).saveRequest(captor.capture());
 		assertThat(captor.getValue().getRequest().getURI().toString()).isEqualTo("/test");
 
-
-		OAuth2LoginAuthenticationWebFilter authenticationWebFilter =
-				getWebFilter(securityFilterChain, OAuth2LoginAuthenticationWebFilter.class).get();
+		OAuth2LoginAuthenticationWebFilter authenticationWebFilter = getWebFilter(securityFilterChain,
+				OAuth2LoginAuthenticationWebFilter.class).get();
 		Object handler = getField(authenticationWebFilter, "authenticationSuccessHandler");
 		assertThat(getField(handler, "requestCache")).isSameAs(requestCache);
 	}
 
 	@Test
 	public void shouldConfigureAuthorizationRequestRepositoryForOAuth2Login() {
-		ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository = mock(ServerAuthorizationRequestRepository.class);
-		ReactiveClientRegistrationRepository clientRegistrationRepository = mock(ReactiveClientRegistrationRepository.class);
+		ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository = mock(
+				ServerAuthorizationRequestRepository.class);
+		ReactiveClientRegistrationRepository clientRegistrationRepository = mock(
+				ReactiveClientRegistrationRepository.class);
 
 		OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request().build();
 
-		when(authorizationRequestRepository.removeAuthorizationRequest(any())).thenReturn(Mono.just(authorizationRequest));
+		when(authorizationRequestRepository.removeAuthorizationRequest(any()))
+				.thenReturn(Mono.just(authorizationRequest));
 
-		SecurityWebFilterChain securityFilterChain = this.http
-				.oauth2Login()
+		SecurityWebFilterChain securityFilterChain = this.http.oauth2Login()
 				.clientRegistrationRepository(clientRegistrationRepository)
-				.authorizationRequestRepository(authorizationRequestRepository)
-				.and()
-				.build();
+				.authorizationRequestRepository(authorizationRequestRepository).and().build();
 
 		WebTestClient client = WebTestClientBuilder.bindToWebFilters(securityFilterChain).build();
 		client.get().uri("/login/oauth2/code/registration-id").exchange();
@@ -537,41 +471,42 @@ public class ServerHttpSecurityTests {
 		try {
 			Object converter = getField(filter, "authenticationConverter");
 			return converter.getClass().isAssignableFrom(ServerX509AuthenticationConverter.class);
-		} catch (IllegalArgumentException e) {
+		}
+		catch (IllegalArgumentException e) {
 			// field doesn't exist
 			return false;
 		}
 	}
 
 	private <T extends WebFilter> Optional<T> getWebFilter(SecurityWebFilterChain filterChain, Class<T> filterClass) {
-		return (Optional<T>) filterChain.getWebFilters()
-				.filter(Objects::nonNull)
-				.filter(filter -> filter.getClass().isAssignableFrom(filterClass))
-				.singleOrEmpty()
-				.blockOptional();
+		return (Optional<T>) filterChain.getWebFilters().filter(Objects::nonNull)
+				.filter(filter -> filter.getClass().isAssignableFrom(filterClass)).singleOrEmpty().blockOptional();
 	}
 
 	private WebTestClient buildClient() {
-		WebFilterChainProxy springSecurityFilterChain = new WebFilterChainProxy(
-			this.http.build());
+		WebFilterChainProxy springSecurityFilterChain = new WebFilterChainProxy(this.http.build());
 		return WebTestClientBuilder.bindToWebFilters(springSecurityFilterChain).build();
 	}
 
 	@RestController
 	private static class SubscriberContextController {
+
 		@GetMapping("/**")
 		Mono<String> pathWithinApplicationFromContext() {
-			return Mono.subscriberContext()
-				.filter(c -> c.hasKey(ServerWebExchange.class))
-				.map(c -> c.get(ServerWebExchange.class))
-				.map(e -> e.getRequest().getPath().pathWithinApplication().value());
+			return Mono.subscriberContext().filter(c -> c.hasKey(ServerWebExchange.class))
+					.map(c -> c.get(ServerWebExchange.class))
+					.map(e -> e.getRequest().getPath().pathWithinApplication().value());
 		}
+
 	}
 
 	private static class TestWebFilter implements WebFilter {
+
 		@Override
 		public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
 			return chain.filter(exchange);
 		}
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/web/server/TestingServerHttpSecurity.java b/config/src/test/java/org/springframework/security/config/web/server/TestingServerHttpSecurity.java
index 50d2a3020d..60a997a9c3 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/TestingServerHttpSecurity.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/TestingServerHttpSecurity.java
@@ -24,9 +24,10 @@ import org.springframework.context.ApplicationContext;
  * @since 5.1
  */
 public class TestingServerHttpSecurity extends ServerHttpSecurity {
-	public TestingServerHttpSecurity applicationContext(ApplicationContext applicationContext)
-			throws BeansException {
+
+	public TestingServerHttpSecurity applicationContext(ApplicationContext applicationContext) throws BeansException {
 		super.setApplicationContext(applicationContext);
 		return this;
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/websocket/MessageSecurityPostProcessorTests.java b/config/src/test/java/org/springframework/security/config/websocket/MessageSecurityPostProcessorTests.java
index cf8a615684..76e58d366e 100644
--- a/config/src/test/java/org/springframework/security/config/websocket/MessageSecurityPostProcessorTests.java
+++ b/config/src/test/java/org/springframework/security/config/websocket/MessageSecurityPostProcessorTests.java
@@ -22,8 +22,8 @@ import org.springframework.beans.factory.support.SimpleBeanDefinitionRegistry;
 
 public class MessageSecurityPostProcessorTests {
 
-	private WebSocketMessageBrokerSecurityBeanDefinitionParser.MessageSecurityPostProcessor postProcessor =
-		new WebSocketMessageBrokerSecurityBeanDefinitionParser.MessageSecurityPostProcessor("id", false);
+	private WebSocketMessageBrokerSecurityBeanDefinitionParser.MessageSecurityPostProcessor postProcessor = new WebSocketMessageBrokerSecurityBeanDefinitionParser.MessageSecurityPostProcessor(
+			"id", false);
 
 	@Test
 	public void handlesBeansWithoutClass() {
@@ -31,4 +31,5 @@ public class MessageSecurityPostProcessorTests {
 		registry.registerBeanDefinition("beanWithoutClass", new GenericBeanDefinition());
 		postProcessor.postProcessBeanDefinitionRegistry(registry);
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/websocket/WebSocketMessageBrokerConfigTests.java b/config/src/test/java/org/springframework/security/config/websocket/WebSocketMessageBrokerConfigTests.java
index a693eaf96a..f4e3df8af9 100644
--- a/config/src/test/java/org/springframework/security/config/websocket/WebSocketMessageBrokerConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/websocket/WebSocketMessageBrokerConfigTests.java
@@ -75,8 +75,8 @@ import static org.springframework.test.web.servlet.request.MockMvcRequestBuilder
 @RunWith(SpringJUnit4ClassRunner.class)
 @SecurityTestExecutionListeners
 public class WebSocketMessageBrokerConfigTests {
-	private static final String CONFIG_LOCATION_PREFIX =
-			"classpath:org/springframework/security/config/websocket/WebSocketMessageBrokerConfigTests";
+
+	private static final String CONFIG_LOCATION_PREFIX = "classpath:org/springframework/security/config/websocket/WebSocketMessageBrokerConfigTests";
 
 	@Rule
 	public final SpringTestRule spring = new SpringTestRule();
@@ -112,8 +112,7 @@ public class WebSocketMessageBrokerConfigTests {
 		SimpMessageHeaderAccessor headers = SimpMessageHeaderAccessor.create(SimpMessageType.CONNECT);
 		headers.setNativeHeader(this.token.getHeaderName(), this.token.getToken());
 
-		assertThatCode(() -> this.clientInboundChannel.send(message("/permitAll", headers)))
-				.doesNotThrowAnyException();
+		assertThatCode(() -> this.clientInboundChannel.send(message("/permitAll", headers))).doesNotThrowAnyException();
 	}
 
 	@Test
@@ -244,56 +243,49 @@ public class WebSocketMessageBrokerConfigTests {
 
 	@Test
 	public void configureWhenUsingConnectMessageTypeThenAutowireFails() {
-		ThrowingCallable bad = () ->
-				this.spring.configLocations(xml("ConnectInterceptTypeConfig")).autowire();
+		ThrowingCallable bad = () -> this.spring.configLocations(xml("ConnectInterceptTypeConfig")).autowire();
 
 		assertThatThrownBy(bad).isInstanceOf(BeanDefinitionParsingException.class);
 	}
 
 	@Test
 	public void configureWhenUsingConnectAckMessageTypeThenAutowireFails() {
-		ThrowingCallable bad = () ->
-				this.spring.configLocations(xml("ConnectAckInterceptTypeConfig")).autowire();
+		ThrowingCallable bad = () -> this.spring.configLocations(xml("ConnectAckInterceptTypeConfig")).autowire();
 
 		assertThatThrownBy(bad).isInstanceOf(BeanDefinitionParsingException.class);
 	}
 
 	@Test
 	public void configureWhenUsingDisconnectMessageTypeThenAutowireFails() {
-		ThrowingCallable bad = () ->
-				this.spring.configLocations(xml("DisconnectInterceptTypeConfig")).autowire();
+		ThrowingCallable bad = () -> this.spring.configLocations(xml("DisconnectInterceptTypeConfig")).autowire();
 
 		assertThatThrownBy(bad).isInstanceOf(BeanDefinitionParsingException.class);
 	}
 
 	@Test
 	public void configureWhenUsingDisconnectAckMessageTypeThenAutowireFails() {
-		ThrowingCallable bad = () ->
-				this.spring.configLocations(xml("DisconnectAckInterceptTypeConfig")).autowire();
+		ThrowingCallable bad = () -> this.spring.configLocations(xml("DisconnectAckInterceptTypeConfig")).autowire();
 
 		assertThatThrownBy(bad).isInstanceOf(BeanDefinitionParsingException.class);
 	}
 
 	@Test
 	public void configureWhenUsingHeartbeatMessageTypeThenAutowireFails() {
-		ThrowingCallable bad = () ->
-				this.spring.configLocations(xml("HeartbeatInterceptTypeConfig")).autowire();
+		ThrowingCallable bad = () -> this.spring.configLocations(xml("HeartbeatInterceptTypeConfig")).autowire();
 
 		assertThatThrownBy(bad).isInstanceOf(BeanDefinitionParsingException.class);
 	}
 
 	@Test
 	public void configureWhenUsingOtherMessageTypeThenAutowireFails() {
-		ThrowingCallable bad = () ->
-				this.spring.configLocations(xml("OtherInterceptTypeConfig")).autowire();
+		ThrowingCallable bad = () -> this.spring.configLocations(xml("OtherInterceptTypeConfig")).autowire();
 
 		assertThatThrownBy(bad).isInstanceOf(BeanDefinitionParsingException.class);
 	}
 
 	@Test
 	public void configureWhenUsingUnsubscribeMessageTypeThenAutowireFails() {
-		ThrowingCallable bad = () ->
-				this.spring.configLocations(xml("UnsubscribeInterceptTypeConfig")).autowire();
+		ThrowingCallable bad = () -> this.spring.configLocations(xml("UnsubscribeInterceptTypeConfig")).autowire();
 
 		assertThatThrownBy(bad).isInstanceOf(BeanDefinitionParsingException.class);
 	}
@@ -317,17 +309,14 @@ public class WebSocketMessageBrokerConfigTests {
 		String csrfAttributeName = CsrfToken.class.getName();
 		String customAttributeName = this.getClass().getName();
 
-		MvcResult result = mvc.perform(get("/app")
-								.requestAttr(csrfAttributeName, this.token)
-								.sessionAttr(customAttributeName, "attributeValue"))
-							.andReturn();
+		MvcResult result = mvc.perform(get("/app").requestAttr(csrfAttributeName, this.token)
+				.sessionAttr(customAttributeName, "attributeValue")).andReturn();
 
 		CsrfToken handshakeToken = (CsrfToken) this.testHandshakeHandler.attributes.get(csrfAttributeName);
 		String handshakeValue = (String) this.testHandshakeHandler.attributes.get(customAttributeName);
 		String sessionValue = (String) result.getRequest().getSession().getAttribute(customAttributeName);
 
-		assertThat(handshakeToken).isEqualTo(this.token)
-				.withFailMessage("CsrfToken is populated");
+		assertThat(handshakeToken).isEqualTo(this.token).withFailMessage("CsrfToken is populated");
 
 		assertThat(handshakeValue).isEqualTo(sessionValue)
 				.withFailMessage("Explicitly listed session variables are not overridden");
@@ -343,17 +332,14 @@ public class WebSocketMessageBrokerConfigTests {
 		String csrfAttributeName = CsrfToken.class.getName();
 		String customAttributeName = this.getClass().getName();
 
-		MvcResult result = mvc.perform(get("/app/289/tpyx6mde/websocket")
-								.requestAttr(csrfAttributeName, this.token)
-								.sessionAttr(customAttributeName, "attributeValue"))
-							.andReturn();
+		MvcResult result = mvc.perform(get("/app/289/tpyx6mde/websocket").requestAttr(csrfAttributeName, this.token)
+				.sessionAttr(customAttributeName, "attributeValue")).andReturn();
 
 		CsrfToken handshakeToken = (CsrfToken) this.testHandshakeHandler.attributes.get(csrfAttributeName);
 		String handshakeValue = (String) this.testHandshakeHandler.attributes.get(customAttributeName);
 		String sessionValue = (String) result.getRequest().getSession().getAttribute(customAttributeName);
 
-		assertThat(handshakeToken).isEqualTo(this.token)
-				.withFailMessage("CsrfToken is populated");
+		assertThat(handshakeToken).isEqualTo(this.token).withFailMessage("CsrfToken is populated");
 
 		assertThat(handshakeValue).isEqualTo(sessionValue)
 				.withFailMessage("Explicitly listed session variables are not overridden");
@@ -452,28 +438,33 @@ public class WebSocketMessageBrokerConfigTests {
 
 	@Controller
 	static class MessageController {
+
 		String username;
 
 		@MessageMapping("/message")
 		public void authentication(@AuthenticationPrincipal String username) {
 			this.username = username;
 		}
+
 	}
 
 	@Controller
 	static class MessageWithArgumentController {
+
 		MessageArgument messageArgument;
 
 		@MessageMapping("/message-with-argument")
 		public void myCustom(MessageArgument messageArgument) {
 			this.messageArgument = messageArgument;
 		}
+
 	}
 
-
 	static class MessageArgument {
+
 		MessageArgument(String notDefaultConstructor) {
 		}
+
 	}
 
 	static class MessageArgumentResolver implements HandlerMethodArgumentResolver {
@@ -487,22 +478,23 @@ public class WebSocketMessageBrokerConfigTests {
 		public Object resolveArgument(MethodParameter parameter, Message<?> message) {
 			return new MessageArgument("");
 		}
+
 	}
 
 	static class TestHandshakeHandler implements HandshakeHandler {
+
 		Map<String, Object> attributes;
 
 		@Override
-		public boolean doHandshake(
-				ServerHttpRequest request,
-				org.springframework.http.server.ServerHttpResponse response,
-				WebSocketHandler wsHandler,
+		public boolean doHandshake(ServerHttpRequest request,
+				org.springframework.http.server.ServerHttpResponse response, WebSocketHandler wsHandler,
 				Map<String, Object> attributes) throws HandshakeFailureException {
 
 			this.attributes = attributes;
 
 			return true;
 		}
+
 	}
 
 	static class InboundExecutorPostProcessor implements BeanDefinitionRegistryPostProcessor {
@@ -510,14 +502,15 @@ public class WebSocketMessageBrokerConfigTests {
 		@Override
 		public void postProcessBeanDefinitionRegistry(BeanDefinitionRegistry registry) throws BeansException {
 			BeanDefinition inbound = registry.getBeanDefinition("clientInboundChannel");
-			inbound.getConstructorArgumentValues()
-					.addIndexedArgumentValue(0, new RootBeanDefinition(SyncTaskExecutor.class));
+			inbound.getConstructorArgumentValues().addIndexedArgumentValue(0,
+					new RootBeanDefinition(SyncTaskExecutor.class));
 		}
 
 		@Override
 		public void postProcessBeanFactory(ConfigurableListableBeanFactory beanFactory) throws BeansException {
 
 		}
+
 	}
 
 	static class ExceptingInterceptor extends ChannelInterceptorAdapter {
@@ -526,14 +519,13 @@ public class WebSocketMessageBrokerConfigTests {
 		public Message<?> preSend(Message<?> message, MessageChannel channel) {
 			throw new UnsupportedOperationException("no");
 		}
+
 	}
 
-	static class DenyNileMessageSecurityExpressionHandler
-			extends DefaultMessageSecurityExpressionHandler<Object> {
+	static class DenyNileMessageSecurityExpressionHandler extends DefaultMessageSecurityExpressionHandler<Object> {
 
 		@Override
-		protected SecurityExpressionOperations createSecurityExpressionRoot(
-				Authentication authentication,
+		protected SecurityExpressionOperations createSecurityExpressionRoot(Authentication authentication,
 				Message<Object> invocation) {
 
 			return new MessageSecurityExpressionRoot(authentication, invocation) {
@@ -543,5 +535,7 @@ public class WebSocketMessageBrokerConfigTests {
 				}
 			};
 		}
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/htmlunit/server/HtmlUnitWebTestClient.java b/config/src/test/java/org/springframework/security/htmlunit/server/HtmlUnitWebTestClient.java
index 4543deaae4..408f3240a3 100644
--- a/config/src/test/java/org/springframework/security/htmlunit/server/HtmlUnitWebTestClient.java
+++ b/config/src/test/java/org/springframework/security/htmlunit/server/HtmlUnitWebTestClient.java
@@ -55,21 +55,15 @@ final class HtmlUnitWebTestClient {
 		Assert.notNull(webClient, "WebClient must not be null");
 		Assert.notNull(webTestClient, "WebTestClient must not be null");
 		this.webClient = webClient;
-		this.webTestClient = webTestClient.mutate()
-			.filter(new FollowRedirects())
-			.filter(new CookieManager())
-			.build();
+		this.webTestClient = webTestClient.mutate().filter(new FollowRedirects()).filter(new CookieManager()).build();
 	}
 
 	public FluxExchangeResult<String> getResponse(WebRequest webRequest) {
-		WebTestClient.RequestBodySpec request = this.webTestClient
-				.method(httpMethod(webRequest))
-				.uri(uri(webRequest));
+		WebTestClient.RequestBodySpec request = this.webTestClient.method(httpMethod(webRequest)).uri(uri(webRequest));
 		contentType(request, webRequest);
 		cookies(request, webRequest);
 		headers(request, webRequest);
 
-
 		return content(request, webRequest).exchange().returnResult(String.class);
 	}
 
@@ -87,7 +81,7 @@ final class HtmlUnitWebTestClient {
 
 	private MultiValueMap<String, String> formData(List<NameValuePair> params) {
 		MultiValueMap<String, String> result = new LinkedMultiValueMap<>(params.size());
-		params.forEach( pair -> result.add(pair.getName(), pair.getValue()));
+		params.forEach(pair -> result.add(pair.getName(), pair.getValue()));
 		return result;
 	}
 
@@ -109,9 +103,8 @@ final class HtmlUnitWebTestClient {
 			StringTokenizer tokens = new StringTokenizer(cookieHeaderValue, "=;");
 			while (tokens.hasMoreTokens()) {
 				String cookieName = tokens.nextToken().trim();
-				Assert.isTrue(tokens.hasMoreTokens(),
-						() -> "Expected value for cookie name '" + cookieName +
-								"': full cookie header was [" + cookieHeaderValue + "]");
+				Assert.isTrue(tokens.hasMoreTokens(), () -> "Expected value for cookie name '" + cookieName
+						+ "': full cookie header was [" + cookieHeaderValue + "]");
 				String cookieValue = tokens.nextToken().trim();
 				request.cookie(cookieName, cookieValue);
 			}
@@ -129,7 +122,7 @@ final class HtmlUnitWebTestClient {
 	}
 
 	private void headers(WebTestClient.RequestBodySpec request, WebRequest webRequest) {
-		webRequest.getAdditionalHeaders().forEach( (name, value) -> request.header(name, value));
+		webRequest.getAdditionalHeaders().forEach((name, value) -> request.header(name, value));
 	}
 
 	private HttpMethod httpMethod(WebRequest webRequest) {
@@ -143,66 +136,67 @@ final class HtmlUnitWebTestClient {
 	}
 
 	static class FollowRedirects implements ExchangeFilterFunction {
+
 		@Override
 		public Mono<ClientResponse> filter(ClientRequest request, ExchangeFunction next) {
-			return next.exchange(request)
-				.flatMap( response -> redirectIfNecessary(request, next, response));
+			return next.exchange(request).flatMap(response -> redirectIfNecessary(request, next, response));
 		}
 
-		private Mono<ClientResponse> redirectIfNecessary(ClientRequest request, ExchangeFunction next, ClientResponse response) {
+		private Mono<ClientResponse> redirectIfNecessary(ClientRequest request, ExchangeFunction next,
+				ClientResponse response) {
 			URI location = response.headers().asHttpHeaders().getLocation();
 			String host = request.url().getHost();
 			String scheme = request.url().getScheme();
 			if (location != null) {
 				String redirectUrl = location.toASCIIString();
 				if (location.getHost() == null) {
-					redirectUrl = scheme+ "://" + host + location.toASCIIString();
+					redirectUrl = scheme + "://" + host + location.toASCIIString();
 				}
 				ClientRequest redirect = ClientRequest.method(HttpMethod.GET, URI.create(redirectUrl))
-					.headers(headers -> headers.addAll(request.headers()))
-					.cookies(cookies -> cookies.addAll(request.cookies()))
-					.attributes(attributes -> attributes.putAll(request.attributes()))
-					.build();
+						.headers(headers -> headers.addAll(request.headers()))
+						.cookies(cookies -> cookies.addAll(request.cookies()))
+						.attributes(attributes -> attributes.putAll(request.attributes())).build();
 
-				return next.exchange(redirect).flatMap( r -> redirectIfNecessary(request, next, r));
+				return next.exchange(redirect).flatMap(r -> redirectIfNecessary(request, next, r));
 			}
 
 			return Mono.just(response);
 		}
+
 	}
 
 	static class CookieManager implements ExchangeFilterFunction {
+
 		private Map<String, ResponseCookie> cookies = new HashMap<>();
 
 		@Override
 		public Mono<ClientResponse> filter(ClientRequest request, ExchangeFunction next) {
-			return next.exchange(withClientCookies(request))
-				.doOnSuccess( response -> {
-					response.cookies().values().forEach( cookies -> {
-						cookies.forEach( cookie -> {
-							if (cookie.getMaxAge().isZero()) {
-								this.cookies.remove(cookie.getName());
-							} else {
-								this.cookies.put(cookie.getName(), cookie);
-							}
-						});
+			return next.exchange(withClientCookies(request)).doOnSuccess(response -> {
+				response.cookies().values().forEach(cookies -> {
+					cookies.forEach(cookie -> {
+						if (cookie.getMaxAge().isZero()) {
+							this.cookies.remove(cookie.getName());
+						}
+						else {
+							this.cookies.put(cookie.getName(), cookie);
+						}
 					});
 				});
+			});
 		}
 
 		private ClientRequest withClientCookies(ClientRequest request) {
-			return ClientRequest.from(request)
-				.cookies( c -> {
-					c.addAll(clientCookies());
-				}).build();
+			return ClientRequest.from(request).cookies(c -> {
+				c.addAll(clientCookies());
+			}).build();
 		}
 
 		private MultiValueMap<String, String> clientCookies() {
 			MultiValueMap<String, String> result = new LinkedMultiValueMap<>(this.cookies.size());
-			this.cookies.values().forEach( cookie ->
-				result.add(cookie.getName(), cookie.getValue())
-			);
+			this.cookies.values().forEach(cookie -> result.add(cookie.getName(), cookie.getValue()));
 			return result;
 		}
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/htmlunit/server/MockWebResponseBuilder.java b/config/src/test/java/org/springframework/security/htmlunit/server/MockWebResponseBuilder.java
index 15022b4596..f693f4258f 100644
--- a/config/src/test/java/org/springframework/security/htmlunit/server/MockWebResponseBuilder.java
+++ b/config/src/test/java/org/springframework/security/htmlunit/server/MockWebResponseBuilder.java
@@ -35,13 +35,13 @@ import org.springframework.util.Assert;
  * @since 5.0
  */
 final class MockWebResponseBuilder {
+
 	private final long startTime;
 
 	private final WebRequest webRequest;
 
 	private final FluxExchangeResult<String> exchangeResult;
 
-
 	MockWebResponseBuilder(long startTime, WebRequest webRequest, FluxExchangeResult<String> exchangeResult) {
 		Assert.notNull(webRequest, "WebRequest must not be null");
 		Assert.notNull(exchangeResult, "FluxExchangeResult must not be null");
@@ -50,7 +50,6 @@ final class MockWebResponseBuilder {
 		this.exchangeResult = exchangeResult;
 	}
 
-
 	public WebResponse build() throws IOException {
 		WebResponseData webResponseData = webResponseData();
 		long endTime = System.currentTimeMillis();
@@ -60,17 +59,15 @@ final class MockWebResponseBuilder {
 	private WebResponseData webResponseData() {
 		List<NameValuePair> responseHeaders = responseHeaders();
 		HttpStatus status = this.exchangeResult.getStatus();
-		return new WebResponseData(this.exchangeResult.getResponseBodyContent(), status.value(), status.getReasonPhrase(), responseHeaders);
+		return new WebResponseData(this.exchangeResult.getResponseBodyContent(), status.value(),
+				status.getReasonPhrase(), responseHeaders);
 	}
 
 	private List<NameValuePair> responseHeaders() {
 		HttpHeaders responseHeaders = this.exchangeResult.getResponseHeaders();
 		List<NameValuePair> result = new ArrayList<>(responseHeaders.size());
-		responseHeaders.forEach( (headerName, headerValues) ->
-			headerValues.forEach( headerValue ->
-				result.add(new NameValuePair(headerName, headerValue))
-			)
-		);
+		responseHeaders.forEach((headerName, headerValues) -> headerValues
+				.forEach(headerValue -> result.add(new NameValuePair(headerName, headerValue))));
 		return result;
 	}
 
diff --git a/config/src/test/java/org/springframework/security/htmlunit/server/WebTestClientHtmlUnitDriverBuilder.java b/config/src/test/java/org/springframework/security/htmlunit/server/WebTestClientHtmlUnitDriverBuilder.java
index ae345738c6..5a671b6b4e 100644
--- a/config/src/test/java/org/springframework/security/htmlunit/server/WebTestClientHtmlUnitDriverBuilder.java
+++ b/config/src/test/java/org/springframework/security/htmlunit/server/WebTestClientHtmlUnitDriverBuilder.java
@@ -30,6 +30,7 @@ import org.springframework.test.web.servlet.htmlunit.webdriver.WebConnectionHtml
  * @since 5.0
  */
 public class WebTestClientHtmlUnitDriverBuilder {
+
 	private final WebTestClient webTestClient;
 
 	private WebTestClientHtmlUnitDriverBuilder(WebTestClient webTestClient) {
@@ -40,7 +41,8 @@ public class WebTestClientHtmlUnitDriverBuilder {
 		WebConnectionHtmlUnitDriver driver = new WebConnectionHtmlUnitDriver();
 		WebClient webClient = driver.getWebClient();
 		WebTestClientWebConnection webClientConnection = new WebTestClientWebConnection(this.webTestClient, webClient);
-		WebConnection connection = new DelegatingWebConnection(driver.getWebConnection(), new DelegateWebConnection(new HostRequestMatcher("localhost"), webClientConnection));
+		WebConnection connection = new DelegatingWebConnection(driver.getWebConnection(),
+				new DelegateWebConnection(new HostRequestMatcher("localhost"), webClientConnection));
 		driver.setWebConnection(connection);
 		return driver;
 	}
@@ -48,4 +50,5 @@ public class WebTestClientHtmlUnitDriverBuilder {
 	public static WebTestClientHtmlUnitDriverBuilder webTestClientSetup(WebTestClient webTestClient) {
 		return new WebTestClientHtmlUnitDriverBuilder(webTestClient);
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/htmlunit/server/WebTestClientHtmlUnitDriverBuilderTests.java b/config/src/test/java/org/springframework/security/htmlunit/server/WebTestClientHtmlUnitDriverBuilderTests.java
index 023b1fc7dc..d0d074a978 100644
--- a/config/src/test/java/org/springframework/security/htmlunit/server/WebTestClientHtmlUnitDriverBuilderTests.java
+++ b/config/src/test/java/org/springframework/security/htmlunit/server/WebTestClientHtmlUnitDriverBuilderTests.java
@@ -43,11 +43,8 @@ public class WebTestClientHtmlUnitDriverBuilderTests {
 
 	@Test
 	public void helloWorld() {
-		WebTestClient webTestClient = WebTestClient
-			.bindToController(new HelloWorldController())
-			.build();
-		WebDriver driver = WebTestClientHtmlUnitDriverBuilder
-			.webTestClientSetup(webTestClient).build();
+		WebTestClient webTestClient = WebTestClient.bindToController(new HelloWorldController()).build();
+		WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build();
 
 		driver.get("http://localhost/");
 
@@ -60,27 +57,20 @@ public class WebTestClientHtmlUnitDriverBuilderTests {
 	 */
 	@Controller
 	class HelloWorldController {
+
 		@ResponseBody
 		@GetMapping(produces = MediaType.TEXT_HTML_VALUE)
 		public String index() {
-			return "<html>\n"
-				+ "<head>\n"
-				+ "<title>Hello World</title>\n"
-				+ "</head>\n"
-				+ "<body>\n"
-				+ "<h1>Hello World</h1>\n"
-				+ "</body>\n"
-				+ "</html>";
+			return "<html>\n" + "<head>\n" + "<title>Hello World</title>\n" + "</head>\n" + "<body>\n"
+					+ "<h1>Hello World</h1>\n" + "</body>\n" + "</html>";
 		}
+
 	}
 
 	@Test
 	public void cookies() {
-		WebTestClient webTestClient = WebTestClient
-			.bindToController(new CookieController())
-			.build();
-		WebDriver driver = WebTestClientHtmlUnitDriverBuilder
-			.webTestClientSetup(webTestClient).build();
+		WebTestClient webTestClient = WebTestClient.bindToController(new CookieController()).build();
+		WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build();
 
 		driver.get("http://localhost/cookie");
 
@@ -94,16 +84,11 @@ public class WebTestClientHtmlUnitDriverBuilderTests {
 	@Controller
 	@ResponseBody
 	class CookieController {
+
 		@GetMapping(path = "/", produces = MediaType.TEXT_HTML_VALUE)
 		public String view(@CookieValue(required = false) String cookieName) {
-			return "<html>\n"
-				+ "<head>\n"
-				+ "<title>Hello World</title>\n"
-				+ "</head>\n"
-				+ "<body>\n"
-				+ "<h1>" + TextEscapeUtils.escapeEntities(cookieName) + "</h1>\n"
-				+ "</body>\n"
-				+ "</html>";
+			return "<html>\n" + "<head>\n" + "<title>Hello World</title>\n" + "</head>\n" + "<body>\n" + "<h1>"
+					+ TextEscapeUtils.escapeEntities(cookieName) + "</h1>\n" + "</body>\n" + "</html>";
 		}
 
 		@GetMapping("/cookie")
@@ -120,9 +105,10 @@ public class WebTestClientHtmlUnitDriverBuilderTests {
 
 		@GetMapping("/cookie/delete")
 		public Mono<Void> deleteCookie(ServerHttpResponse response) {
-			response.addCookie(
-				ResponseCookie.from("cookieName", "").maxAge(Duration.ofSeconds(0)).build());
+			response.addCookie(ResponseCookie.from("cookieName", "").maxAge(Duration.ofSeconds(0)).build());
 			return redirect(response);
 		}
+
 	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/htmlunit/server/WebTestClientWebConnection.java b/config/src/test/java/org/springframework/security/htmlunit/server/WebTestClientWebConnection.java
index c5d6828c03..f7dd640175 100644
--- a/config/src/test/java/org/springframework/security/htmlunit/server/WebTestClientWebConnection.java
+++ b/config/src/test/java/org/springframework/security/htmlunit/server/WebTestClientWebConnection.java
@@ -37,11 +37,11 @@ public class WebTestClientWebConnection implements WebConnection {
 	private final WebTestClient webTestClient;
 
 	private final String contextPath;
+
 	private final HtmlUnitWebTestClient requestBuilder;
 
 	private WebClient webClient;
 
-
 	public WebTestClientWebConnection(WebTestClient webTestClient, WebClient webClient) {
 		this(webTestClient, webClient, "");
 	}
@@ -59,10 +59,11 @@ public class WebTestClientWebConnection implements WebConnection {
 
 	/**
 	 * Validate the supplied {@code contextPath}.
-	 * <p>If the value is not {@code null}, it must conform to
-	 * {@link javax.servlet.http.HttpServletRequest#getContextPath()} which
-	 * states that it can be an empty string and otherwise must start with
-	 * a "/" character and not end with a "/" character.
+	 * <p>
+	 * If the value is not {@code null}, it must conform to
+	 * {@link javax.servlet.http.HttpServletRequest#getContextPath()} which states that it
+	 * can be an empty string and otherwise must start with a "/" character and not end
+	 * with a "/" character.
 	 * @param contextPath the path to validate
 	 */
 	static void validateContextPath(@Nullable String contextPath) {
@@ -73,7 +74,6 @@ public class WebTestClientWebConnection implements WebConnection {
 		Assert.isTrue(!contextPath.endsWith("/"), () -> "contextPath '" + contextPath + "' must not end with '/'.");
 	}
 
-
 	public void setWebClient(WebClient webClient) {
 		Assert.notNull(webClient, "WebClient must not be null");
 		this.webClient = webClient;
@@ -89,5 +89,7 @@ public class WebTestClientWebConnection implements WebConnection {
 	}
 
 	@Override
-	public void close() {}
+	public void close() {
+	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/intercept/method/aopalliance/MethodSecurityInterceptorWithAopConfigTests.java b/config/src/test/java/org/springframework/security/intercept/method/aopalliance/MethodSecurityInterceptorWithAopConfigTests.java
index e77dfc900f..334d0ebc18 100644
--- a/config/src/test/java/org/springframework/security/intercept/method/aopalliance/MethodSecurityInterceptorWithAopConfigTests.java
+++ b/config/src/test/java/org/springframework/security/intercept/method/aopalliance/MethodSecurityInterceptorWithAopConfigTests.java
@@ -33,13 +33,12 @@ import org.springframework.security.core.context.SecurityContextHolder;
  * @author Ben Alex
  */
 public class MethodSecurityInterceptorWithAopConfigTests {
-	static final String AUTH_PROVIDER_XML = "<authentication-manager>"
-			+ "    <authentication-provider>"
+
+	static final String AUTH_PROVIDER_XML = "<authentication-manager>" + "    <authentication-provider>"
 			+ "        <user-service>"
 			+ "            <user name='bob' password='bobspassword' authorities='ROLE_USER,ROLE_ADMIN' />"
 			+ "            <user name='bill' password='billspassword' authorities='ROLE_USER' />"
-			+ "        </user-service>" + "    </authentication-provider>"
-			+ "</authentication-manager>";
+			+ "        </user-service>" + "    </authentication-provider>" + "</authentication-manager>";
 
 	static final String ACCESS_MANAGER_XML = "<b:bean id='accessDecisionManager' class='org.springframework.security.access.vote.AffirmativeBased'>"
 			+ "   <b:constructor-arg>"
@@ -48,14 +47,11 @@ public class MethodSecurityInterceptorWithAopConfigTests {
 
 	static final String TARGET_BEAN_AND_INTERCEPTOR = "<b:bean id='target' class='org.springframework.security.TargetObject'/>"
 			+ "<b:bean id='securityInterceptor' class='org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor' autowire='byType' >"
-			+ "     <b:property name='securityMetadataSource'>"
-			+ "         <method-security-metadata-source>"
+			+ "     <b:property name='securityMetadataSource'>" + "         <method-security-metadata-source>"
 			+ "             <protect method='org.springframework.security.ITargetObject.makeLower*' access='ROLE_A'/>"
 			+ "             <protect method='org.springframework.security.ITargetObject.makeUpper*' access='ROLE_A'/>"
 			+ "             <protect method='org.springframework.security.ITargetObject.computeHashCode*' access='ROLE_B'/>"
-			+ "         </method-security-metadata-source>"
-			+ "     </b:property>"
-			+ "</b:bean>";
+			+ "         </method-security-metadata-source>" + "     </b:property>" + "</b:bean>";
 
 	private AbstractXmlApplicationContext appContext;
 
@@ -77,9 +73,8 @@ public class MethodSecurityInterceptorWithAopConfigTests {
 	public void securityInterceptorIsAppliedWhenUsedWithAopConfig() {
 		setContext("<aop:config>"
 				+ "     <aop:pointcut id='targetMethods' expression='execution(* org.springframework.security.TargetObject.*(..))'/>"
-				+ "     <aop:advisor advice-ref='securityInterceptor' pointcut-ref='targetMethods' />"
-				+ "</aop:config>" + TARGET_BEAN_AND_INTERCEPTOR + AUTH_PROVIDER_XML
-				+ ACCESS_MANAGER_XML);
+				+ "     <aop:advisor advice-ref='securityInterceptor' pointcut-ref='targetMethods' />" + "</aop:config>"
+				+ TARGET_BEAN_AND_INTERCEPTOR + AUTH_PROVIDER_XML + ACCESS_MANAGER_XML);
 
 		ITargetObject target = (ITargetObject) appContext.getBean("target");
 
@@ -96,20 +91,14 @@ public class MethodSecurityInterceptorWithAopConfigTests {
 
 	@Test(expected = AuthenticationCredentialsNotFoundException.class)
 	public void securityInterceptorIsAppliedWhenUsedWithBeanNameAutoProxyCreator() {
-		setContext("<b:bean id='autoProxyCreator' class='org.springframework.aop.framework.autoproxy.BeanNameAutoProxyCreator'>"
-				+ "   <b:property name='interceptorNames'>"
-				+ "       <b:list>"
-				+ "          <b:value>securityInterceptor</b:value>"
-				+ "       </b:list>"
-				+ "   </b:property>"
-				+ "   <b:property name='beanNames'>"
-				+ "       <b:list>"
-				+ "          <b:value>target</b:value>"
-				+ "       </b:list>"
-				+ "   </b:property>"
-				+ "   <b:property name='proxyTargetClass' value='false'/>"
-				+ "</b:bean>"
-				+ TARGET_BEAN_AND_INTERCEPTOR + AUTH_PROVIDER_XML + ACCESS_MANAGER_XML);
+		setContext(
+				"<b:bean id='autoProxyCreator' class='org.springframework.aop.framework.autoproxy.BeanNameAutoProxyCreator'>"
+						+ "   <b:property name='interceptorNames'>" + "       <b:list>"
+						+ "          <b:value>securityInterceptor</b:value>" + "       </b:list>" + "   </b:property>"
+						+ "   <b:property name='beanNames'>" + "       <b:list>" + "          <b:value>target</b:value>"
+						+ "       </b:list>" + "   </b:property>"
+						+ "   <b:property name='proxyTargetClass' value='false'/>" + "</b:bean>"
+						+ TARGET_BEAN_AND_INTERCEPTOR + AUTH_PROVIDER_XML + ACCESS_MANAGER_XML);
 
 		ITargetObject target = (ITargetObject) appContext.getBean("target");
 
@@ -127,4 +116,5 @@ public class MethodSecurityInterceptorWithAopConfigTests {
 	private void setContext(String context) {
 		appContext = new InMemoryXmlApplicationContext(context);
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/access/AccessDecisionManager.java b/core/src/main/java/org/springframework/security/access/AccessDecisionManager.java
index 298c754b1b..6fff3153cc 100644
--- a/core/src/main/java/org/springframework/security/access/AccessDecisionManager.java
+++ b/core/src/main/java/org/springframework/security/access/AccessDecisionManager.java
@@ -27,25 +27,23 @@ import org.springframework.security.core.Authentication;
  * @author Ben Alex
  */
 public interface AccessDecisionManager {
+
 	// ~ Methods
 	// ========================================================================================================
 
 	/**
 	 * Resolves an access control decision for the passed parameters.
-	 *
 	 * @param authentication the caller invoking the method (not null)
 	 * @param object the secured object being called
 	 * @param configAttributes the configuration attributes associated with the secured
 	 * object being invoked
-	 *
 	 * @throws AccessDeniedException if access is denied as the authentication does not
 	 * hold a required authority or ACL privilege
 	 * @throws InsufficientAuthenticationException if access is denied as the
 	 * authentication does not provide a sufficient level of trust
 	 */
-	void decide(Authentication authentication, Object object,
-			Collection<ConfigAttribute> configAttributes) throws AccessDeniedException,
-			InsufficientAuthenticationException;
+	void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes)
+			throws AccessDeniedException, InsufficientAuthenticationException;
 
 	/**
 	 * Indicates whether this <code>AccessDecisionManager</code> is able to process
@@ -56,10 +54,8 @@ public interface AccessDecisionManager {
 	 * <code>AccessDecisionManager</code> and/or <code>RunAsManager</code> and/or
 	 * <code>AfterInvocationManager</code>.
 	 * </p>
-	 *
 	 * @param attribute a configuration attribute that has been configured against the
 	 * <code>AbstractSecurityInterceptor</code>
-	 *
 	 * @return true if this <code>AccessDecisionManager</code> can support the passed
 	 * configuration attribute
 	 */
@@ -68,10 +64,9 @@ public interface AccessDecisionManager {
 	/**
 	 * Indicates whether the <code>AccessDecisionManager</code> implementation is able to
 	 * provide access control decisions for the indicated secured object type.
-	 *
 	 * @param clazz the class that is being queried
-	 *
 	 * @return <code>true</code> if the implementation can process the indicated class
 	 */
 	boolean supports(Class<?> clazz);
+
 }
diff --git a/core/src/main/java/org/springframework/security/access/AccessDecisionVoter.java b/core/src/main/java/org/springframework/security/access/AccessDecisionVoter.java
index bf4af5ba6a..1abb45b2ce 100644
--- a/core/src/main/java/org/springframework/security/access/AccessDecisionVoter.java
+++ b/core/src/main/java/org/springframework/security/access/AccessDecisionVoter.java
@@ -30,11 +30,14 @@ import org.springframework.security.core.Authentication;
  * @author Ben Alex
  */
 public interface AccessDecisionVoter<S> {
+
 	// ~ Static fields/initializers
 	// =====================================================================================
 
 	int ACCESS_GRANTED = 1;
+
 	int ACCESS_ABSTAIN = 0;
+
 	int ACCESS_DENIED = -1;
 
 	// ~ Methods
@@ -47,10 +50,8 @@ public interface AccessDecisionVoter<S> {
 	 * This allows the {@code AbstractSecurityInterceptor} to check every configuration
 	 * attribute can be consumed by the configured {@code AccessDecisionManager} and/or
 	 * {@code RunAsManager} and/or {@code AfterInvocationManager}.
-	 *
 	 * @param attribute a configuration attribute that has been configured against the
 	 * {@code AbstractSecurityInterceptor}
-	 *
 	 * @return true if this {@code AccessDecisionVoter} can support the passed
 	 * configuration attribute
 	 */
@@ -59,9 +60,7 @@ public interface AccessDecisionVoter<S> {
 	/**
 	 * Indicates whether the {@code AccessDecisionVoter} implementation is able to provide
 	 * access control votes for the indicated secured object type.
-	 *
 	 * @param clazz the class that is being queried
-	 *
 	 * @return true if the implementation can process the indicated class
 	 */
 	boolean supports(Class<?> clazz);
@@ -87,14 +86,12 @@ public interface AccessDecisionVoter<S> {
 	 * parameter to maximise flexibility in making access control decisions, implementing
 	 * classes should not modify it or cause the represented invocation to take place (for
 	 * example, by calling {@code MethodInvocation.proceed()}).
-	 *
 	 * @param authentication the caller making the invocation
 	 * @param object the secured object being invoked
 	 * @param attributes the configuration attributes associated with the secured object
-	 *
 	 * @return either {@link #ACCESS_GRANTED}, {@link #ACCESS_ABSTAIN} or
 	 * {@link #ACCESS_DENIED}
 	 */
-	int vote(Authentication authentication, S object,
-			Collection<ConfigAttribute> attributes);
+	int vote(Authentication authentication, S object, Collection<ConfigAttribute> attributes);
+
 }
diff --git a/core/src/main/java/org/springframework/security/access/AccessDeniedException.java b/core/src/main/java/org/springframework/security/access/AccessDeniedException.java
index 8429d92a16..1fe26e846f 100644
--- a/core/src/main/java/org/springframework/security/access/AccessDeniedException.java
+++ b/core/src/main/java/org/springframework/security/access/AccessDeniedException.java
@@ -23,12 +23,12 @@ package org.springframework.security.access;
  * @author Ben Alex
  */
 public class AccessDeniedException extends RuntimeException {
+
 	// ~ Constructors
 	// ===================================================================================================
 
 	/**
 	 * Constructs an <code>AccessDeniedException</code> with the specified message.
-	 *
 	 * @param msg the detail message
 	 */
 	public AccessDeniedException(String msg) {
@@ -38,11 +38,11 @@ public class AccessDeniedException extends RuntimeException {
 	/**
 	 * Constructs an <code>AccessDeniedException</code> with the specified message and
 	 * root cause.
-	 *
 	 * @param msg the detail message
 	 * @param t root cause
 	 */
 	public AccessDeniedException(String msg, Throwable t) {
 		super(msg, t);
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/access/AfterInvocationProvider.java b/core/src/main/java/org/springframework/security/access/AfterInvocationProvider.java
index bca38afa57..febbc6b8ba 100644
--- a/core/src/main/java/org/springframework/security/access/AfterInvocationProvider.java
+++ b/core/src/main/java/org/springframework/security/access/AfterInvocationProvider.java
@@ -28,12 +28,12 @@ import org.springframework.security.core.Authentication;
  * @author Ben Alex
  */
 public interface AfterInvocationProvider {
+
 	// ~ Methods
 	// ========================================================================================================
 
-	Object decide(Authentication authentication, Object object,
-			Collection<ConfigAttribute> attributes, Object returnedObject)
-			throws AccessDeniedException;
+	Object decide(Authentication authentication, Object object, Collection<ConfigAttribute> attributes,
+			Object returnedObject) throws AccessDeniedException;
 
 	/**
 	 * Indicates whether this <code>AfterInvocationProvider</code> is able to participate
@@ -44,10 +44,8 @@ public interface AfterInvocationProvider {
 	 * <code>AccessDecisionManager</code> and/or <code>RunAsManager</code> and/or
 	 * <code>AccessDecisionManager</code>.
 	 * </p>
-	 *
 	 * @param attribute a configuration attribute that has been configured against the
 	 * <code>AbstractSecurityInterceptor</code>
-	 *
 	 * @return true if this <code>AfterInvocationProvider</code> can support the passed
 	 * configuration attribute
 	 */
@@ -56,10 +54,9 @@ public interface AfterInvocationProvider {
 	/**
 	 * Indicates whether the <code>AfterInvocationProvider</code> is able to provide
 	 * "after invocation" processing for the indicated secured object type.
-	 *
 	 * @param clazz the class of secure object that is being queried
-	 *
 	 * @return true if the implementation can process the indicated class
 	 */
 	boolean supports(Class<?> clazz);
+
 }
diff --git a/core/src/main/java/org/springframework/security/access/AuthorizationServiceException.java b/core/src/main/java/org/springframework/security/access/AuthorizationServiceException.java
index 920849a1e0..87fc2dc7a5 100644
--- a/core/src/main/java/org/springframework/security/access/AuthorizationServiceException.java
+++ b/core/src/main/java/org/springframework/security/access/AuthorizationServiceException.java
@@ -25,13 +25,13 @@ package org.springframework.security.access;
  * @author Ben Alex
  */
 public class AuthorizationServiceException extends AccessDeniedException {
+
 	// ~ Constructors
 	// ===================================================================================================
 
 	/**
 	 * Constructs an <code>AuthorizationServiceException</code> with the specified
 	 * message.
-	 *
 	 * @param msg the detail message
 	 */
 	public AuthorizationServiceException(String msg) {
@@ -41,11 +41,11 @@ public class AuthorizationServiceException extends AccessDeniedException {
 	/**
 	 * Constructs an <code>AuthorizationServiceException</code> with the specified message
 	 * and root cause.
-	 *
 	 * @param msg the detail message
 	 * @param t root cause
 	 */
 	public AuthorizationServiceException(String msg, Throwable t) {
 		super(msg, t);
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/access/ConfigAttribute.java b/core/src/main/java/org/springframework/security/access/ConfigAttribute.java
index 91212036d6..d85cd30abb 100644
--- a/core/src/main/java/org/springframework/security/access/ConfigAttribute.java
+++ b/core/src/main/java/org/springframework/security/access/ConfigAttribute.java
@@ -37,6 +37,7 @@ import org.springframework.security.access.intercept.RunAsManager;
  * @author Ben Alex
  */
 public interface ConfigAttribute extends Serializable {
+
 	// ~ Methods
 	// ========================================================================================================
 
@@ -52,10 +53,10 @@ public interface ConfigAttribute extends Serializable {
 	 * <code>null</code> will require any relying classes to specifically support the
 	 * <code>ConfigAttribute</code> implementation, so returning <code>null</code> should
 	 * be avoided unless actually required.
-	 *
 	 * @return a representation of the configuration attribute (or <code>null</code> if
 	 * the configuration attribute cannot be expressed as a <code>String</code> with
 	 * sufficient precision).
 	 */
 	String getAttribute();
+
 }
diff --git a/core/src/main/java/org/springframework/security/access/PermissionCacheOptimizer.java b/core/src/main/java/org/springframework/security/access/PermissionCacheOptimizer.java
index d27ebfc141..6af5c19e5f 100644
--- a/core/src/main/java/org/springframework/security/access/PermissionCacheOptimizer.java
+++ b/core/src/main/java/org/springframework/security/access/PermissionCacheOptimizer.java
@@ -27,14 +27,15 @@ import org.springframework.security.core.Authentication;
  * @since 3.1
  */
 public interface PermissionCacheOptimizer extends AopInfrastructureBean {
+
 	/**
 	 * Optimises the permission cache for anticipated operation on the supplied collection
 	 * of objects. Usually this will entail batch loading of permissions for the objects
 	 * in the collection.
-	 *
 	 * @param a the user for whom permissions should be obtained.
 	 * @param objects the (non-null) collection of domain objects for which permissions
 	 * should be retrieved.
 	 */
 	void cachePermissionsFor(Authentication a, Collection<?> objects);
+
 }
diff --git a/core/src/main/java/org/springframework/security/access/PermissionEvaluator.java b/core/src/main/java/org/springframework/security/access/PermissionEvaluator.java
index 58ea8f145a..7c73b6a2a9 100644
--- a/core/src/main/java/org/springframework/security/access/PermissionEvaluator.java
+++ b/core/src/main/java/org/springframework/security/access/PermissionEvaluator.java
@@ -24,13 +24,12 @@ import org.springframework.security.core.Authentication;
  * Strategy used in expression evaluation to determine whether a user has a permission or
  * permissions for a given domain object.
  *
- *
  * @author Luke Taylor
  * @since 3.0
  */
 public interface PermissionEvaluator extends AopInfrastructureBean {
+
 	/**
-	 *
 	 * @param authentication represents the user in question. Should not be null.
 	 * @param targetDomainObject the domain object for which permissions should be
 	 * checked. May be null in which case implementations should return false, as the null
@@ -39,13 +38,11 @@ public interface PermissionEvaluator extends AopInfrastructureBean {
 	 * expression system. Not null.
 	 * @return true if the permission is granted, false otherwise
 	 */
-	boolean hasPermission(Authentication authentication, Object targetDomainObject,
-			Object permission);
+	boolean hasPermission(Authentication authentication, Object targetDomainObject, Object permission);
 
 	/**
 	 * Alternative method for evaluating a permission where only the identifier of the
 	 * target object is available, rather than the target instance itself.
-	 *
 	 * @param authentication represents the user in question. Should not be null.
 	 * @param targetId the identifier for the object instance (usually a Long)
 	 * @param targetType a String representing the target's type (usually a Java
@@ -54,6 +51,6 @@ public interface PermissionEvaluator extends AopInfrastructureBean {
 	 * expression system. Not null.
 	 * @return true if the permission is granted, false otherwise
 	 */
-	boolean hasPermission(Authentication authentication, Serializable targetId,
-			String targetType, Object permission);
+	boolean hasPermission(Authentication authentication, Serializable targetId, String targetType, Object permission);
+
 }
diff --git a/core/src/main/java/org/springframework/security/access/SecurityConfig.java b/core/src/main/java/org/springframework/security/access/SecurityConfig.java
index 67823dfc15..6b5545e77d 100644
--- a/core/src/main/java/org/springframework/security/access/SecurityConfig.java
+++ b/core/src/main/java/org/springframework/security/access/SecurityConfig.java
@@ -28,6 +28,7 @@ import org.springframework.util.StringUtils;
  * @author Ben Alex
  */
 public class SecurityConfig implements ConfigAttribute {
+
 	// ~ Instance fields
 	// ================================================================================================
 
@@ -76,8 +77,7 @@ public class SecurityConfig implements ConfigAttribute {
 
 	public static List<ConfigAttribute> createList(String... attributeNames) {
 		Assert.notNull(attributeNames, "You must supply an array of attribute names");
-		List<ConfigAttribute> attributes = new ArrayList<>(
-				attributeNames.length);
+		List<ConfigAttribute> attributes = new ArrayList<>(attributeNames.length);
 
 		for (String attribute : attributeNames) {
 			attributes.add(new SecurityConfig(attribute.trim()));
@@ -85,4 +85,5 @@ public class SecurityConfig implements ConfigAttribute {
 
 		return attributes;
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/access/SecurityMetadataSource.java b/core/src/main/java/org/springframework/security/access/SecurityMetadataSource.java
index 381d2c5875..27a9b1d3ed 100644
--- a/core/src/main/java/org/springframework/security/access/SecurityMetadataSource.java
+++ b/core/src/main/java/org/springframework/security/access/SecurityMetadataSource.java
@@ -28,22 +28,19 @@ import org.springframework.security.access.intercept.AbstractSecurityInterceptor
  * @author Ben Alex
  */
 public interface SecurityMetadataSource extends AopInfrastructureBean {
+
 	// ~ Methods
 	// ========================================================================================================
 
 	/**
 	 * Accesses the {@code ConfigAttribute}s that apply to a given secure object.
-	 *
 	 * @param object the object being secured
-	 *
 	 * @return the attributes that apply to the passed in secured object. Should return an
 	 * empty collection if there are no applicable attributes.
-	 *
 	 * @throws IllegalArgumentException if the passed object is not of a type supported by
 	 * the <code>SecurityMetadataSource</code> implementation
 	 */
-	Collection<ConfigAttribute> getAttributes(Object object)
-			throws IllegalArgumentException;
+	Collection<ConfigAttribute> getAttributes(Object object) throws IllegalArgumentException;
 
 	/**
 	 * If available, returns all of the {@code ConfigAttribute}s defined by the
@@ -51,7 +48,6 @@ public interface SecurityMetadataSource extends AopInfrastructureBean {
 	 * <p>
 	 * This is used by the {@link AbstractSecurityInterceptor} to perform startup time
 	 * validation of each {@code ConfigAttribute} configured against it.
-	 *
 	 * @return the {@code ConfigAttribute}s or {@code null} if unsupported
 	 */
 	Collection<ConfigAttribute> getAllConfigAttributes();
@@ -59,10 +55,9 @@ public interface SecurityMetadataSource extends AopInfrastructureBean {
 	/**
 	 * Indicates whether the {@code SecurityMetadataSource} implementation is able to
 	 * provide {@code ConfigAttribute}s for the indicated secure object type.
-	 *
 	 * @param clazz the class that is being queried
-	 *
 	 * @return true if the implementation can process the indicated class
 	 */
 	boolean supports(Class<?> clazz);
+
 }
diff --git a/core/src/main/java/org/springframework/security/access/annotation/AnnotationMetadataExtractor.java b/core/src/main/java/org/springframework/security/access/annotation/AnnotationMetadataExtractor.java
index 8f4544b99b..e226562314 100644
--- a/core/src/main/java/org/springframework/security/access/annotation/AnnotationMetadataExtractor.java
+++ b/core/src/main/java/org/springframework/security/access/annotation/AnnotationMetadataExtractor.java
@@ -31,4 +31,5 @@ import java.util.*;
 public interface AnnotationMetadataExtractor<A extends Annotation> {
 
 	Collection<? extends ConfigAttribute> extractAttributes(A securityAnnotation);
+
 }
diff --git a/core/src/main/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSource.java b/core/src/main/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSource.java
index 6772ccdff0..71dc67b443 100644
--- a/core/src/main/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSource.java
+++ b/core/src/main/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSource.java
@@ -36,8 +36,7 @@ import org.springframework.security.access.method.AbstractFallbackMethodSecurity
  * @author Ben Alex
  * @since 2.0
  */
-public class Jsr250MethodSecurityMetadataSource extends
-		AbstractFallbackMethodSecurityMetadataSource {
+public class Jsr250MethodSecurityMetadataSource extends AbstractFallbackMethodSecurityMetadataSource {
 
 	private String defaultRolePrefix = "ROLE_";
 
@@ -51,7 +50,6 @@ public class Jsr250MethodSecurityMetadataSource extends
 	 * <p>
 	 * If null or empty, then no default role prefix is used.
 	 * </p>
-	 *
 	 * @param defaultRolePrefix the default prefix to add to roles. Default "ROLE_".
 	 */
 	public void setDefaultRolePrefix(String defaultRolePrefix) {
@@ -62,8 +60,7 @@ public class Jsr250MethodSecurityMetadataSource extends
 		return processAnnotations(clazz.getAnnotations());
 	}
 
-	protected Collection<ConfigAttribute> findAttributes(Method method,
-			Class<?> targetClass) {
+	protected Collection<ConfigAttribute> findAttributes(Method method, Class<?> targetClass) {
 		return processAnnotations(AnnotationUtils.getAnnotations(method));
 	}
 
@@ -111,4 +108,5 @@ public class Jsr250MethodSecurityMetadataSource extends
 		}
 		return defaultRolePrefix + role;
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/access/annotation/Jsr250SecurityConfig.java b/core/src/main/java/org/springframework/security/access/annotation/Jsr250SecurityConfig.java
index 25bab456ee..4456eaf14b 100644
--- a/core/src/main/java/org/springframework/security/access/annotation/Jsr250SecurityConfig.java
+++ b/core/src/main/java/org/springframework/security/access/annotation/Jsr250SecurityConfig.java
@@ -27,10 +27,10 @@ import javax.annotation.security.DenyAll;
  * @since 2.0
  */
 public class Jsr250SecurityConfig extends SecurityConfig {
-	public static final Jsr250SecurityConfig PERMIT_ALL_ATTRIBUTE = new Jsr250SecurityConfig(
-			PermitAll.class.getName());
-	public static final Jsr250SecurityConfig DENY_ALL_ATTRIBUTE = new Jsr250SecurityConfig(
-			DenyAll.class.getName());
+
+	public static final Jsr250SecurityConfig PERMIT_ALL_ATTRIBUTE = new Jsr250SecurityConfig(PermitAll.class.getName());
+
+	public static final Jsr250SecurityConfig DENY_ALL_ATTRIBUTE = new Jsr250SecurityConfig(DenyAll.class.getName());
 
 	public Jsr250SecurityConfig(String role) {
 		super(role);
diff --git a/core/src/main/java/org/springframework/security/access/annotation/Jsr250Voter.java b/core/src/main/java/org/springframework/security/access/annotation/Jsr250Voter.java
index 9fb6f194e7..9a15090653 100644
--- a/core/src/main/java/org/springframework/security/access/annotation/Jsr250Voter.java
+++ b/core/src/main/java/org/springframework/security/access/annotation/Jsr250Voter.java
@@ -33,7 +33,6 @@ public class Jsr250Voter implements AccessDecisionVoter<Object> {
 	/**
 	 * The specified config attribute is supported if its an instance of a
 	 * {@link Jsr250SecurityConfig}.
-	 *
 	 * @param configAttribute The config attribute.
 	 * @return whether the config attribute is supported.
 	 */
@@ -43,7 +42,6 @@ public class Jsr250Voter implements AccessDecisionVoter<Object> {
 
 	/**
 	 * All classes are supported.
-	 *
 	 * @param clazz the class.
 	 * @return true
 	 */
@@ -56,14 +54,12 @@ public class Jsr250Voter implements AccessDecisionVoter<Object> {
 	 * <p>
 	 * If no JSR-250 attributes are found, it will abstain, otherwise it will grant or
 	 * deny access based on the attributes that are found.
-	 *
 	 * @param authentication The authentication object.
 	 * @param object The access object.
 	 * @param definition The configuration definition.
 	 * @return The vote.
 	 */
-	public int vote(Authentication authentication, Object object,
-			Collection<ConfigAttribute> definition) {
+	public int vote(Authentication authentication, Object object, Collection<ConfigAttribute> definition) {
 		boolean jsr250AttributeFound = false;
 
 		for (ConfigAttribute attribute : definition) {
@@ -88,4 +84,5 @@ public class Jsr250Voter implements AccessDecisionVoter<Object> {
 
 		return jsr250AttributeFound ? ACCESS_DENIED : ACCESS_ABSTAIN;
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/access/annotation/Secured.java b/core/src/main/java/org/springframework/security/access/annotation/Secured.java
index 28d509ed16..e8640e0af5 100644
--- a/core/src/main/java/org/springframework/security/access/annotation/Secured.java
+++ b/core/src/main/java/org/springframework/security/access/annotation/Secured.java
@@ -50,10 +50,12 @@ import java.lang.annotation.Target;
 @Inherited
 @Documented
 public @interface Secured {
+
 	/**
-	 * Returns the list of security configuration attributes (e.g.&nbsp;ROLE_USER, ROLE_ADMIN).
-	 *
+	 * Returns the list of security configuration attributes (e.g.&nbsp;ROLE_USER,
+	 * ROLE_ADMIN).
 	 * @return String[] The secure method attributes
 	 */
 	String[] value();
+
 }
diff --git a/core/src/main/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSource.java b/core/src/main/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSource.java
index e74300bb0a..eb8c1d3cb8 100644
--- a/core/src/main/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSource.java
+++ b/core/src/main/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSource.java
@@ -38,22 +38,21 @@ import org.springframework.util.Assert;
  * @author Luke Taylor
  */
 @SuppressWarnings({ "unchecked" })
-public class SecuredAnnotationSecurityMetadataSource extends
-		AbstractFallbackMethodSecurityMetadataSource {
+public class SecuredAnnotationSecurityMetadataSource extends AbstractFallbackMethodSecurityMetadataSource {
+
 	private AnnotationMetadataExtractor annotationExtractor;
+
 	private Class<? extends Annotation> annotationType;
 
 	public SecuredAnnotationSecurityMetadataSource() {
 		this(new SecuredAnnotationMetadataExtractor());
 	}
 
-	public SecuredAnnotationSecurityMetadataSource(
-			AnnotationMetadataExtractor annotationMetadataExtractor) {
+	public SecuredAnnotationSecurityMetadataSource(AnnotationMetadataExtractor annotationMetadataExtractor) {
 		Assert.notNull(annotationMetadataExtractor, "annotationMetadataExtractor cannot be null");
 		annotationExtractor = annotationMetadataExtractor;
 		annotationType = (Class<? extends Annotation>) GenericTypeResolver
-				.resolveTypeArgument(annotationExtractor.getClass(),
-						AnnotationMetadataExtractor.class);
+				.resolveTypeArgument(annotationExtractor.getClass(), AnnotationMetadataExtractor.class);
 		Assert.notNull(annotationType, () -> annotationExtractor.getClass().getName()
 				+ " must supply a generic parameter for AnnotationMetadataExtractor");
 	}
@@ -62,8 +61,7 @@ public class SecuredAnnotationSecurityMetadataSource extends
 		return processAnnotation(AnnotationUtils.findAnnotation(clazz, annotationType));
 	}
 
-	protected Collection<ConfigAttribute> findAttributes(Method method,
-			Class<?> targetClass) {
+	protected Collection<ConfigAttribute> findAttributes(Method method, Class<?> targetClass) {
 		return processAnnotation(AnnotationUtils.findAnnotation(method, annotationType));
 	}
 
@@ -78,14 +76,14 @@ public class SecuredAnnotationSecurityMetadataSource extends
 
 		return annotationExtractor.extractAttributes(a);
 	}
+
 }
 
 class SecuredAnnotationMetadataExtractor implements AnnotationMetadataExtractor<Secured> {
 
 	public Collection<ConfigAttribute> extractAttributes(Secured secured) {
 		String[] attributeTokens = secured.value();
-		List<ConfigAttribute> attributes = new ArrayList<>(
-				attributeTokens.length);
+		List<ConfigAttribute> attributes = new ArrayList<>(attributeTokens.length);
 
 		for (String token : attributeTokens) {
 			attributes.add(new SecurityConfig(token));
@@ -93,4 +91,5 @@ class SecuredAnnotationMetadataExtractor implements AnnotationMetadataExtractor<
 
 		return attributes;
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/access/event/AbstractAuthorizationEvent.java b/core/src/main/java/org/springframework/security/access/event/AbstractAuthorizationEvent.java
index 0e902f7ba5..6bde97aa2a 100644
--- a/core/src/main/java/org/springframework/security/access/event/AbstractAuthorizationEvent.java
+++ b/core/src/main/java/org/springframework/security/access/event/AbstractAuthorizationEvent.java
@@ -24,15 +24,16 @@ import org.springframework.context.ApplicationEvent;
  * @author Ben Alex
  */
 public abstract class AbstractAuthorizationEvent extends ApplicationEvent {
+
 	// ~ Constructors
 	// ===================================================================================================
 
 	/**
 	 * Construct the event, passing in the secure object being intercepted.
-	 *
 	 * @param secureObject the secure object
 	 */
 	public AbstractAuthorizationEvent(Object secureObject) {
 		super(secureObject);
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/access/event/AuthenticationCredentialsNotFoundEvent.java b/core/src/main/java/org/springframework/security/access/event/AuthenticationCredentialsNotFoundEvent.java
index a853f02a94..c60b2095cb 100644
--- a/core/src/main/java/org/springframework/security/access/event/AuthenticationCredentialsNotFoundEvent.java
+++ b/core/src/main/java/org/springframework/security/access/event/AuthenticationCredentialsNotFoundEvent.java
@@ -28,10 +28,12 @@ import org.springframework.security.authentication.AuthenticationCredentialsNotF
  * @author Ben Alex
  */
 public class AuthenticationCredentialsNotFoundEvent extends AbstractAuthorizationEvent {
+
 	// ~ Instance fields
 	// ================================================================================================
 
 	private AuthenticationCredentialsNotFoundException credentialsNotFoundException;
+
 	private Collection<ConfigAttribute> configAttribs;
 
 	// ~ Constructors
@@ -39,21 +41,18 @@ public class AuthenticationCredentialsNotFoundEvent extends AbstractAuthorizatio
 
 	/**
 	 * Construct the event.
-	 *
 	 * @param secureObject the secure object
 	 * @param attributes that apply to the secure object
 	 * @param credentialsNotFoundException exception returned to the caller (contains
 	 * reason)
 	 *
 	 */
-	public AuthenticationCredentialsNotFoundEvent(Object secureObject,
-			Collection<ConfigAttribute> attributes,
+	public AuthenticationCredentialsNotFoundEvent(Object secureObject, Collection<ConfigAttribute> attributes,
 			AuthenticationCredentialsNotFoundException credentialsNotFoundException) {
 		super(secureObject);
 
 		if ((attributes == null) || (credentialsNotFoundException == null)) {
-			throw new IllegalArgumentException(
-					"All parameters are required and cannot be null");
+			throw new IllegalArgumentException("All parameters are required and cannot be null");
 		}
 
 		this.configAttribs = attributes;
@@ -70,4 +69,5 @@ public class AuthenticationCredentialsNotFoundEvent extends AbstractAuthorizatio
 	public AuthenticationCredentialsNotFoundException getCredentialsNotFoundException() {
 		return credentialsNotFoundException;
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/access/event/AuthorizationFailureEvent.java b/core/src/main/java/org/springframework/security/access/event/AuthorizationFailureEvent.java
index 902df7a86d..26374e65f6 100644
--- a/core/src/main/java/org/springframework/security/access/event/AuthorizationFailureEvent.java
+++ b/core/src/main/java/org/springframework/security/access/event/AuthorizationFailureEvent.java
@@ -35,11 +35,14 @@ import org.springframework.security.core.Authentication;
  * @author Ben Alex
  */
 public class AuthorizationFailureEvent extends AbstractAuthorizationEvent {
+
 	// ~ Instance fields
 	// ================================================================================================
 
 	private AccessDeniedException accessDeniedException;
+
 	private Authentication authentication;
+
 	private Collection<ConfigAttribute> configAttributes;
 
 	// ~ Constructors
@@ -47,24 +50,19 @@ public class AuthorizationFailureEvent extends AbstractAuthorizationEvent {
 
 	/**
 	 * Construct the event.
-	 *
 	 * @param secureObject the secure object
 	 * @param attributes that apply to the secure object
 	 * @param authentication that was found in the <code>SecurityContextHolder</code>
 	 * @param accessDeniedException that was returned by the
 	 * <code>AccessDecisionManager</code>
-	 *
 	 * @throws IllegalArgumentException if any null arguments are presented.
 	 */
-	public AuthorizationFailureEvent(Object secureObject,
-			Collection<ConfigAttribute> attributes, Authentication authentication,
-			AccessDeniedException accessDeniedException) {
+	public AuthorizationFailureEvent(Object secureObject, Collection<ConfigAttribute> attributes,
+			Authentication authentication, AccessDeniedException accessDeniedException) {
 		super(secureObject);
 
-		if ((attributes == null) || (authentication == null)
-				|| (accessDeniedException == null)) {
-			throw new IllegalArgumentException(
-					"All parameters are required and cannot be null");
+		if ((attributes == null) || (authentication == null) || (accessDeniedException == null)) {
+			throw new IllegalArgumentException("All parameters are required and cannot be null");
 		}
 
 		this.configAttributes = attributes;
@@ -86,4 +84,5 @@ public class AuthorizationFailureEvent extends AbstractAuthorizationEvent {
 	public Collection<ConfigAttribute> getConfigAttributes() {
 		return configAttributes;
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/access/event/AuthorizedEvent.java b/core/src/main/java/org/springframework/security/access/event/AuthorizedEvent.java
index 43a4fc3c4d..da8846c7d7 100644
--- a/core/src/main/java/org/springframework/security/access/event/AuthorizedEvent.java
+++ b/core/src/main/java/org/springframework/security/access/event/AuthorizedEvent.java
@@ -30,10 +30,12 @@ import org.springframework.security.core.Authentication;
  * @author Ben Alex
  */
 public class AuthorizedEvent extends AbstractAuthorizationEvent {
+
 	// ~ Instance fields
 	// ================================================================================================
 
 	private Authentication authentication;
+
 	private Collection<ConfigAttribute> configAttributes;
 
 	// ~ Constructors
@@ -41,19 +43,16 @@ public class AuthorizedEvent extends AbstractAuthorizationEvent {
 
 	/**
 	 * Construct the event.
-	 *
 	 * @param secureObject the secure object
 	 * @param attributes that apply to the secure object
 	 * @param authentication that successfully called the secure object
 	 *
 	 */
-	public AuthorizedEvent(Object secureObject, Collection<ConfigAttribute> attributes,
-			Authentication authentication) {
+	public AuthorizedEvent(Object secureObject, Collection<ConfigAttribute> attributes, Authentication authentication) {
 		super(secureObject);
 
 		if ((attributes == null) || (authentication == null)) {
-			throw new IllegalArgumentException(
-					"All parameters are required and cannot be null");
+			throw new IllegalArgumentException("All parameters are required and cannot be null");
 		}
 
 		this.configAttributes = attributes;
@@ -70,4 +69,5 @@ public class AuthorizedEvent extends AbstractAuthorizationEvent {
 	public Collection<ConfigAttribute> getConfigAttributes() {
 		return configAttributes;
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/access/event/LoggerListener.java b/core/src/main/java/org/springframework/security/access/event/LoggerListener.java
index ed05cf8248..ce0d7c3f04 100644
--- a/core/src/main/java/org/springframework/security/access/event/LoggerListener.java
+++ b/core/src/main/java/org/springframework/security/access/event/LoggerListener.java
@@ -30,6 +30,7 @@ import org.springframework.context.ApplicationListener;
  * @author Ben Alex
  */
 public class LoggerListener implements ApplicationListener<AbstractAuthorizationEvent> {
+
 	// ~ Static fields/initializers
 	// =====================================================================================
 
@@ -43,10 +44,8 @@ public class LoggerListener implements ApplicationListener<AbstractAuthorization
 			AuthenticationCredentialsNotFoundEvent authEvent = (AuthenticationCredentialsNotFoundEvent) event;
 
 			if (logger.isWarnEnabled()) {
-				logger.warn("Security interception failed due to: "
-						+ authEvent.getCredentialsNotFoundException()
-						+ "; secure object: " + authEvent.getSource()
-						+ "; configuration attributes: "
+				logger.warn("Security interception failed due to: " + authEvent.getCredentialsNotFoundException()
+						+ "; secure object: " + authEvent.getSource() + "; configuration attributes: "
 						+ authEvent.getConfigAttributes());
 			}
 		}
@@ -55,12 +54,9 @@ public class LoggerListener implements ApplicationListener<AbstractAuthorization
 			AuthorizationFailureEvent authEvent = (AuthorizationFailureEvent) event;
 
 			if (logger.isWarnEnabled()) {
-				logger.warn("Security authorization failed due to: "
-						+ authEvent.getAccessDeniedException()
-						+ "; authenticated principal: " + authEvent.getAuthentication()
-						+ "; secure object: " + authEvent.getSource()
-						+ "; configuration attributes: "
-						+ authEvent.getConfigAttributes());
+				logger.warn("Security authorization failed due to: " + authEvent.getAccessDeniedException()
+						+ "; authenticated principal: " + authEvent.getAuthentication() + "; secure object: "
+						+ authEvent.getSource() + "; configuration attributes: " + authEvent.getConfigAttributes());
 			}
 		}
 
@@ -68,9 +64,8 @@ public class LoggerListener implements ApplicationListener<AbstractAuthorization
 			AuthorizedEvent authEvent = (AuthorizedEvent) event;
 
 			if (logger.isInfoEnabled()) {
-				logger.info("Security authorized for authenticated principal: "
-						+ authEvent.getAuthentication() + "; secure object: "
-						+ authEvent.getSource() + "; configuration attributes: "
+				logger.info("Security authorized for authenticated principal: " + authEvent.getAuthentication()
+						+ "; secure object: " + authEvent.getSource() + "; configuration attributes: "
 						+ authEvent.getConfigAttributes());
 			}
 		}
@@ -79,9 +74,9 @@ public class LoggerListener implements ApplicationListener<AbstractAuthorization
 			PublicInvocationEvent authEvent = (PublicInvocationEvent) event;
 
 			if (logger.isInfoEnabled()) {
-				logger.info("Security interception not required for public secure object: "
-						+ authEvent.getSource());
+				logger.info("Security interception not required for public secure object: " + authEvent.getSource());
 			}
 		}
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/access/event/PublicInvocationEvent.java b/core/src/main/java/org/springframework/security/access/event/PublicInvocationEvent.java
index 5c7c82a50d..f82d3713ea 100644
--- a/core/src/main/java/org/springframework/security/access/event/PublicInvocationEvent.java
+++ b/core/src/main/java/org/springframework/security/access/event/PublicInvocationEvent.java
@@ -30,15 +30,16 @@ package org.springframework.security.access.event;
  * @author Ben Alex
  */
 public class PublicInvocationEvent extends AbstractAuthorizationEvent {
+
 	// ~ Constructors
 	// ===================================================================================================
 
 	/**
 	 * Construct the event, passing in the public secure object.
-	 *
 	 * @param secureObject the public secure object
 	 */
 	public PublicInvocationEvent(Object secureObject) {
 		super(secureObject);
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/access/event/package-info.java b/core/src/main/java/org/springframework/security/access/event/package-info.java
index dbd745ed68..14ee22ff9e 100644
--- a/core/src/main/java/org/springframework/security/access/event/package-info.java
+++ b/core/src/main/java/org/springframework/security/access/event/package-info.java
@@ -17,4 +17,3 @@
  * Authorization event and listener classes.
  */
 package org.springframework.security.access.event;
-
diff --git a/core/src/main/java/org/springframework/security/access/expression/AbstractSecurityExpressionHandler.java b/core/src/main/java/org/springframework/security/access/expression/AbstractSecurityExpressionHandler.java
index 67d4a80dae..046749155f 100644
--- a/core/src/main/java/org/springframework/security/access/expression/AbstractSecurityExpressionHandler.java
+++ b/core/src/main/java/org/springframework/security/access/expression/AbstractSecurityExpressionHandler.java
@@ -36,11 +36,15 @@ import org.springframework.util.Assert;
  * @author Luke Taylor
  * @since 3.1
  */
-public abstract class AbstractSecurityExpressionHandler<T> implements
-		SecurityExpressionHandler<T>, ApplicationContextAware {
+public abstract class AbstractSecurityExpressionHandler<T>
+		implements SecurityExpressionHandler<T>, ApplicationContextAware {
+
 	private ExpressionParser expressionParser = new SpelExpressionParser();
+
 	private BeanResolver br;
+
 	private RoleHierarchy roleHierarchy;
+
 	private PermissionEvaluator permissionEvaluator = new DenyAllPermissionEvaluator();
 
 	public final ExpressionParser getExpressionParser() {
@@ -55,18 +59,14 @@ public abstract class AbstractSecurityExpressionHandler<T> implements
 	/**
 	 * Invokes the internal template methods to create {@code StandardEvaluationContext}
 	 * and {@code SecurityExpressionRoot} objects.
-	 *
 	 * @param authentication the current authentication object
 	 * @param invocation the invocation (filter, method, channel)
 	 * @return the context object for use in evaluating the expression, populated with a
 	 * suitable root object.
 	 */
-	public final EvaluationContext createEvaluationContext(Authentication authentication,
-			T invocation) {
-		SecurityExpressionOperations root = createSecurityExpressionRoot(authentication,
-				invocation);
-		StandardEvaluationContext ctx = createEvaluationContextInternal(authentication,
-				invocation);
+	public final EvaluationContext createEvaluationContext(Authentication authentication, T invocation) {
+		SecurityExpressionOperations root = createSecurityExpressionRoot(authentication, invocation);
+		StandardEvaluationContext ctx = createEvaluationContextInternal(authentication, invocation);
 		ctx.setBeanResolver(br);
 		ctx.setRootObject(root);
 
@@ -79,27 +79,24 @@ public abstract class AbstractSecurityExpressionHandler<T> implements
 	 * The returned object will have a {@code SecurityExpressionRootPropertyAccessor}
 	 * added, allowing beans in the {@code ApplicationContext} to be accessed via
 	 * expression properties.
-	 *
 	 * @param authentication the current authentication object
 	 * @param invocation the invocation (filter, method, channel)
 	 * @return A {@code StandardEvaluationContext} or potentially a custom subclass if
 	 * overridden.
 	 */
-	protected StandardEvaluationContext createEvaluationContextInternal(
-			Authentication authentication, T invocation) {
+	protected StandardEvaluationContext createEvaluationContextInternal(Authentication authentication, T invocation) {
 		return new StandardEvaluationContext();
 	}
 
 	/**
 	 * Implement in order to create a root object of the correct type for the supported
 	 * invocation type.
-	 *
 	 * @param authentication the current authentication object
 	 * @param invocation the invocation (filter, method, channel)
 	 * @return the object wh
 	 */
-	protected abstract SecurityExpressionOperations createSecurityExpressionRoot(
-			Authentication authentication, T invocation);
+	protected abstract SecurityExpressionOperations createSecurityExpressionRoot(Authentication authentication,
+			T invocation);
 
 	protected RoleHierarchy getRoleHierarchy() {
 		return roleHierarchy;
@@ -120,4 +117,5 @@ public abstract class AbstractSecurityExpressionHandler<T> implements
 	public void setApplicationContext(ApplicationContext applicationContext) {
 		br = new BeanFactoryResolver(applicationContext);
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/access/expression/DenyAllPermissionEvaluator.java b/core/src/main/java/org/springframework/security/access/expression/DenyAllPermissionEvaluator.java
index 4d9708ea14..97858f229b 100644
--- a/core/src/main/java/org/springframework/security/access/expression/DenyAllPermissionEvaluator.java
+++ b/core/src/main/java/org/springframework/security/access/expression/DenyAllPermissionEvaluator.java
@@ -36,20 +36,19 @@ public class DenyAllPermissionEvaluator implements PermissionEvaluator {
 	/**
 	 * @return false always
 	 */
-	public boolean hasPermission(Authentication authentication, Object target,
-			Object permission) {
-		logger.warn("Denying user " + authentication.getName() + " permission '"
-				+ permission + "' on object " + target);
+	public boolean hasPermission(Authentication authentication, Object target, Object permission) {
+		logger.warn(
+				"Denying user " + authentication.getName() + " permission '" + permission + "' on object " + target);
 		return false;
 	}
 
 	/**
 	 * @return false always
 	 */
-	public boolean hasPermission(Authentication authentication, Serializable targetId,
-			String targetType, Object permission) {
-		logger.warn("Denying user " + authentication.getName() + " permission '"
-				+ permission + "' on object with Id '" + targetId);
+	public boolean hasPermission(Authentication authentication, Serializable targetId, String targetType,
+			Object permission) {
+		logger.warn("Denying user " + authentication.getName() + " permission '" + permission + "' on object with Id '"
+				+ targetId);
 		return false;
 	}
 
diff --git a/core/src/main/java/org/springframework/security/access/expression/ExpressionUtils.java b/core/src/main/java/org/springframework/security/access/expression/ExpressionUtils.java
index 70cf8ab5a5..8a3a272eca 100644
--- a/core/src/main/java/org/springframework/security/access/expression/ExpressionUtils.java
+++ b/core/src/main/java/org/springframework/security/access/expression/ExpressionUtils.java
@@ -26,8 +26,8 @@ public final class ExpressionUtils {
 			return expr.getValue(ctx, Boolean.class);
 		}
 		catch (EvaluationException e) {
-			throw new IllegalArgumentException("Failed to evaluate expression '"
-					+ expr.getExpressionString() + "'", e);
+			throw new IllegalArgumentException("Failed to evaluate expression '" + expr.getExpressionString() + "'", e);
 		}
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/access/expression/SecurityExpressionHandler.java b/core/src/main/java/org/springframework/security/access/expression/SecurityExpressionHandler.java
index 73f5ac1636..23cb59bd66 100644
--- a/core/src/main/java/org/springframework/security/access/expression/SecurityExpressionHandler.java
+++ b/core/src/main/java/org/springframework/security/access/expression/SecurityExpressionHandler.java
@@ -28,6 +28,7 @@ import org.springframework.security.core.Authentication;
  * @since 3.1
  */
 public interface SecurityExpressionHandler<T> extends AopInfrastructureBean {
+
 	/**
 	 * @return an expression parser for the expressions used by the implementation.
 	 */
@@ -38,4 +39,5 @@ public interface SecurityExpressionHandler<T> extends AopInfrastructureBean {
 	 * invocation type.
 	 */
 	EvaluationContext createEvaluationContext(Authentication authentication, T invocation);
+
 }
diff --git a/core/src/main/java/org/springframework/security/access/expression/SecurityExpressionOperations.java b/core/src/main/java/org/springframework/security/access/expression/SecurityExpressionOperations.java
index 01ace0e04a..95805ec65b 100644
--- a/core/src/main/java/org/springframework/security/access/expression/SecurityExpressionOperations.java
+++ b/core/src/main/java/org/springframework/security/access/expression/SecurityExpressionOperations.java
@@ -59,7 +59,6 @@ public interface SecurityExpressionOperations {
 	 * implementation may convert it to use "ROLE_USER" instead. The way in which the role
 	 * is converted may depend on the implementation settings.
 	 * </p>
-	 *
 	 * @param role the authority to test (i.e. "USER")
 	 * @return true if the authority is found, else false
 	 */
@@ -71,12 +70,11 @@ public interface SecurityExpressionOperations {
 	 * within {@link Authentication#getAuthorities()}.
 	 * </p>
 	 * <p>
-	 * This is a similar to hasAnyAuthority except that this method implies
-	 * that the String passed in is a role. For example, if "USER" is passed in the
-	 * implementation may convert it to use "ROLE_USER" instead. The way in which the role
-	 * is converted may depend on the implementation settings.
+	 * This is a similar to hasAnyAuthority except that this method implies that the
+	 * String passed in is a role. For example, if "USER" is passed in the implementation
+	 * may convert it to use "ROLE_USER" instead. The way in which the role is converted
+	 * may depend on the implementation settings.
 	 * </p>
-	 *
 	 * @param roles the authorities to test (i.e. "USER", "ADMIN")
 	 * @return true if any of the authorities is found, else false
 	 */
diff --git a/core/src/main/java/org/springframework/security/access/expression/SecurityExpressionRoot.java b/core/src/main/java/org/springframework/security/access/expression/SecurityExpressionRoot.java
index 97b201d085..9e37c514cb 100644
--- a/core/src/main/java/org/springframework/security/access/expression/SecurityExpressionRoot.java
+++ b/core/src/main/java/org/springframework/security/access/expression/SecurityExpressionRoot.java
@@ -33,10 +33,15 @@ import org.springframework.security.core.authority.AuthorityUtils;
  * @since 3.0
  */
 public abstract class SecurityExpressionRoot implements SecurityExpressionOperations {
+
 	protected final Authentication authentication;
+
 	private AuthenticationTrustResolver trustResolver;
+
 	private RoleHierarchy roleHierarchy;
+
 	private Set<String> roles;
+
 	private String defaultRolePrefix = "ROLE_";
 
 	/** Allows "permitAll" expression */
@@ -44,11 +49,17 @@ public abstract class SecurityExpressionRoot implements SecurityExpressionOperat
 
 	/** Allows "denyAll" expression */
 	public final boolean denyAll = false;
+
 	private PermissionEvaluator permissionEvaluator;
+
 	public final String read = "read";
+
 	public final String write = "write";
+
 	public final String create = "create";
+
 	public final String delete = "delete";
+
 	public final String admin = "administration";
 
 	/**
@@ -116,8 +127,7 @@ public abstract class SecurityExpressionRoot implements SecurityExpressionOperat
 	}
 
 	public final boolean isFullyAuthenticated() {
-		return !trustResolver.isAnonymous(authentication)
-				&& !trustResolver.isRememberMe(authentication);
+		return !trustResolver.isAnonymous(authentication) && !trustResolver.isRememberMe(authentication);
 	}
 
 	/**
@@ -148,7 +158,6 @@ public abstract class SecurityExpressionRoot implements SecurityExpressionOperat
 	 * <p>
 	 * If null or empty, then no default role prefix is used.
 	 * </p>
-	 *
 	 * @param defaultRolePrefix the default prefix to add to roles. Default "ROLE_".
 	 */
 	public void setDefaultRolePrefix(String defaultRolePrefix) {
@@ -157,12 +166,10 @@ public abstract class SecurityExpressionRoot implements SecurityExpressionOperat
 
 	private Set<String> getAuthoritySet() {
 		if (roles == null) {
-			Collection<? extends GrantedAuthority> userAuthorities = authentication
-					.getAuthorities();
+			Collection<? extends GrantedAuthority> userAuthorities = authentication.getAuthorities();
 
 			if (roleHierarchy != null) {
-				userAuthorities = roleHierarchy
-						.getReachableGrantedAuthorities(userAuthorities);
+				userAuthorities = roleHierarchy.getReachableGrantedAuthorities(userAuthorities);
 			}
 
 			roles = AuthorityUtils.authorityListToSet(userAuthorities);
@@ -176,8 +183,7 @@ public abstract class SecurityExpressionRoot implements SecurityExpressionOperat
 	}
 
 	public boolean hasPermission(Object targetId, String targetType, Object permission) {
-		return permissionEvaluator.hasPermission(authentication, (Serializable) targetId,
-				targetType, permission);
+		return permissionEvaluator.hasPermission(authentication, (Serializable) targetId, targetType, permission);
 	}
 
 	public void setPermissionEvaluator(PermissionEvaluator permissionEvaluator) {
@@ -187,7 +193,6 @@ public abstract class SecurityExpressionRoot implements SecurityExpressionOperat
 	/**
 	 * Prefixes role with defaultRolePrefix if defaultRolePrefix is non-null and if role
 	 * does not already start with defaultRolePrefix.
-	 *
 	 * @param defaultRolePrefix
 	 * @param role
 	 * @return
@@ -204,4 +209,5 @@ public abstract class SecurityExpressionRoot implements SecurityExpressionOperat
 		}
 		return defaultRolePrefix + role;
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/access/expression/method/AbstractExpressionBasedMethodConfigAttribute.java b/core/src/main/java/org/springframework/security/access/expression/method/AbstractExpressionBasedMethodConfigAttribute.java
index cafad53385..8a5c8ed2d1 100644
--- a/core/src/main/java/org/springframework/security/access/expression/method/AbstractExpressionBasedMethodConfigAttribute.java
+++ b/core/src/main/java/org/springframework/security/access/expression/method/AbstractExpressionBasedMethodConfigAttribute.java
@@ -33,30 +33,29 @@ import org.springframework.util.Assert;
  * @since 3.0
  */
 abstract class AbstractExpressionBasedMethodConfigAttribute implements ConfigAttribute {
+
 	private final Expression filterExpression;
+
 	private final Expression authorizeExpression;
 
 	/**
 	 * Parses the supplied expressions as Spring-EL.
 	 */
-	AbstractExpressionBasedMethodConfigAttribute(String filterExpression,
-			String authorizeExpression) throws ParseException {
+	AbstractExpressionBasedMethodConfigAttribute(String filterExpression, String authorizeExpression)
+			throws ParseException {
 		Assert.isTrue(filterExpression != null || authorizeExpression != null,
 				"Filter and authorization Expressions cannot both be null");
 		SpelExpressionParser parser = new SpelExpressionParser();
-		this.filterExpression = filterExpression == null ? null : parser
-				.parseExpression(filterExpression);
-		this.authorizeExpression = authorizeExpression == null ? null : parser
-				.parseExpression(authorizeExpression);
+		this.filterExpression = filterExpression == null ? null : parser.parseExpression(filterExpression);
+		this.authorizeExpression = authorizeExpression == null ? null : parser.parseExpression(authorizeExpression);
 	}
 
-	AbstractExpressionBasedMethodConfigAttribute(Expression filterExpression,
-			Expression authorizeExpression) throws ParseException {
+	AbstractExpressionBasedMethodConfigAttribute(Expression filterExpression, Expression authorizeExpression)
+			throws ParseException {
 		Assert.isTrue(filterExpression != null || authorizeExpression != null,
 				"Filter and authorization Expressions cannot both be null");
 		this.filterExpression = filterExpression == null ? null : filterExpression;
-		this.authorizeExpression = authorizeExpression == null ? null
-				: authorizeExpression;
+		this.authorizeExpression = authorizeExpression == null ? null : authorizeExpression;
 	}
 
 	Expression getFilterExpression() {
@@ -70,4 +69,5 @@ abstract class AbstractExpressionBasedMethodConfigAttribute implements ConfigAtt
 	public String getAttribute() {
 		return null;
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandler.java b/core/src/main/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandler.java
index 26bdbf154a..233d364a76 100644
--- a/core/src/main/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandler.java
+++ b/core/src/main/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandler.java
@@ -49,15 +49,17 @@ import org.springframework.util.Assert;
  * @author Luke Taylor
  * @since 3.0
  */
-public class DefaultMethodSecurityExpressionHandler extends
-		AbstractSecurityExpressionHandler<MethodInvocation> implements
-		MethodSecurityExpressionHandler {
+public class DefaultMethodSecurityExpressionHandler extends AbstractSecurityExpressionHandler<MethodInvocation>
+		implements MethodSecurityExpressionHandler {
 
 	protected final Log logger = LogFactory.getLog(getClass());
 
 	private AuthenticationTrustResolver trustResolver = new AuthenticationTrustResolverImpl();
+
 	private ParameterNameDiscoverer parameterNameDiscoverer = new DefaultSecurityParameterNameDiscoverer();
+
 	private PermissionCacheOptimizer permissionCacheOptimizer = null;
+
 	private String defaultRolePrefix = "ROLE_";
 
 	public DefaultMethodSecurityExpressionHandler() {
@@ -67,18 +69,16 @@ public class DefaultMethodSecurityExpressionHandler extends
 	 * Uses a {@link MethodSecurityEvaluationContext} as the <tt>EvaluationContext</tt>
 	 * implementation.
 	 */
-	public StandardEvaluationContext createEvaluationContextInternal(Authentication auth,
-			MethodInvocation mi) {
+	public StandardEvaluationContext createEvaluationContextInternal(Authentication auth, MethodInvocation mi) {
 		return new MethodSecurityEvaluationContext(auth, mi, getParameterNameDiscoverer());
 	}
 
 	/**
 	 * Creates the root object for expression evaluation.
 	 */
-	protected MethodSecurityExpressionOperations createSecurityExpressionRoot(
-			Authentication authentication, MethodInvocation invocation) {
-		MethodSecurityExpressionRoot root = new MethodSecurityExpressionRoot(
-				authentication);
+	protected MethodSecurityExpressionOperations createSecurityExpressionRoot(Authentication authentication,
+			MethodInvocation invocation) {
+		MethodSecurityExpressionRoot root = new MethodSecurityExpressionRoot(authentication);
 		root.setThis(invocation.getThis());
 		root.setPermissionEvaluator(getPermissionEvaluator());
 		root.setTrustResolver(getTrustResolver());
@@ -89,24 +89,22 @@ public class DefaultMethodSecurityExpressionHandler extends
 	}
 
 	/**
-	 * Filters the {@code filterTarget} object (which must be either a collection, array, map
-	 * or stream), by evaluating the supplied expression.
+	 * Filters the {@code filterTarget} object (which must be either a collection, array,
+	 * map or stream), by evaluating the supplied expression.
 	 * <p>
-	 * If a {@code Collection} or {@code Map} is used, the original instance will be modified to contain
-	 * the elements for which the permission expression evaluates to {@code true}. For an
-	 * array, a new array instance will be returned.
+	 * If a {@code Collection} or {@code Map} is used, the original instance will be
+	 * modified to contain the elements for which the permission expression evaluates to
+	 * {@code true}. For an array, a new array instance will be returned.
 	 */
 	@SuppressWarnings("unchecked")
-	public Object filter(Object filterTarget, Expression filterExpression,
-			EvaluationContext ctx) {
-		MethodSecurityExpressionOperations rootObject = (MethodSecurityExpressionOperations) ctx
-				.getRootObject().getValue();
+	public Object filter(Object filterTarget, Expression filterExpression, EvaluationContext ctx) {
+		MethodSecurityExpressionOperations rootObject = (MethodSecurityExpressionOperations) ctx.getRootObject()
+				.getValue();
 		final boolean debug = logger.isDebugEnabled();
 		List retainList;
 
 		if (debug) {
-			logger.debug("Filtering with expression: "
-					+ filterExpression.getExpressionString());
+			logger.debug("Filtering with expression: " + filterExpression.getExpressionString());
 		}
 
 		if (filterTarget instanceof Collection) {
@@ -114,13 +112,11 @@ public class DefaultMethodSecurityExpressionHandler extends
 			retainList = new ArrayList(collection.size());
 
 			if (debug) {
-				logger.debug("Filtering collection with " + collection.size()
-						+ " elements");
+				logger.debug("Filtering collection with " + collection.size() + " elements");
 			}
 
 			if (permissionCacheOptimizer != null) {
-				permissionCacheOptimizer.cachePermissionsFor(
-						rootObject.getAuthentication(), collection);
+				permissionCacheOptimizer.cachePermissionsFor(rootObject.getAuthentication(), collection);
 			}
 
 			for (Object filterObject : (Collection) filterTarget) {
@@ -150,8 +146,7 @@ public class DefaultMethodSecurityExpressionHandler extends
 			}
 
 			if (permissionCacheOptimizer != null) {
-				permissionCacheOptimizer.cachePermissionsFor(
-						rootObject.getAuthentication(), Arrays.asList(array));
+				permissionCacheOptimizer.cachePermissionsFor(rootObject.getAuthentication(), Arrays.asList(array));
 			}
 
 			for (Object o : array) {
@@ -166,8 +161,8 @@ public class DefaultMethodSecurityExpressionHandler extends
 				logger.debug("Retaining elements: " + retainList);
 			}
 
-			Object[] filtered = (Object[]) Array.newInstance(filterTarget.getClass()
-					.getComponentType(), retainList.size());
+			Object[] filtered = (Object[]) Array.newInstance(filterTarget.getClass().getComponentType(),
+					retainList.size());
 			for (int i = 0; i < retainList.size(); i++) {
 				filtered[i] = retainList.get(i);
 			}
@@ -207,19 +202,16 @@ public class DefaultMethodSecurityExpressionHandler extends
 			return original.filter(filterObject -> {
 				rootObject.setFilterObject(filterObject);
 				return ExpressionUtils.evaluateAsBoolean(filterExpression, ctx);
-			})
-					.onClose(original::close);
+			}).onClose(original::close);
 		}
 
 		throw new IllegalArgumentException(
-				"Filter target must be a collection, array, map or stream type, but was "
-						+ filterTarget);
+				"Filter target must be a collection, array, map or stream type, but was " + filterTarget);
 	}
 
 	/**
 	 * Sets the {@link AuthenticationTrustResolver} to be used. The default is
 	 * {@link AuthenticationTrustResolverImpl}.
-	 *
 	 * @param trustResolver the {@link AuthenticationTrustResolver} to use. Cannot be
 	 * null.
 	 */
@@ -230,7 +222,7 @@ public class DefaultMethodSecurityExpressionHandler extends
 
 	/**
 	 * @return The current {@link AuthenticationTrustResolver}
-     */
+	 */
 	protected AuthenticationTrustResolver getTrustResolver() {
 		return trustResolver;
 	}
@@ -246,33 +238,32 @@ public class DefaultMethodSecurityExpressionHandler extends
 
 	/**
 	 * @return The current {@link ParameterNameDiscoverer}
-     */
+	 */
 	protected ParameterNameDiscoverer getParameterNameDiscoverer() {
 		return parameterNameDiscoverer;
 	}
 
-	public void setPermissionCacheOptimizer(
-			PermissionCacheOptimizer permissionCacheOptimizer) {
+	public void setPermissionCacheOptimizer(PermissionCacheOptimizer permissionCacheOptimizer) {
 		this.permissionCacheOptimizer = permissionCacheOptimizer;
 	}
 
 	public void setReturnObject(Object returnObject, EvaluationContext ctx) {
-		((MethodSecurityExpressionOperations) ctx.getRootObject().getValue())
-				.setReturnObject(returnObject);
+		((MethodSecurityExpressionOperations) ctx.getRootObject().getValue()).setReturnObject(returnObject);
 	}
 
 	/**
 	 * <p>
-	 * Sets the default prefix to be added to {@link org.springframework.security.access.expression.SecurityExpressionRoot#hasAnyRole(String...)} or
-	 * {@link org.springframework.security.access.expression.SecurityExpressionRoot#hasRole(String)}. For example, if hasRole("ADMIN") or hasRole("ROLE_ADMIN")
-	 * is passed in, then the role ROLE_ADMIN will be used when the defaultRolePrefix is
-	 * "ROLE_" (default).
+	 * Sets the default prefix to be added to
+	 * {@link org.springframework.security.access.expression.SecurityExpressionRoot#hasAnyRole(String...)}
+	 * or
+	 * {@link org.springframework.security.access.expression.SecurityExpressionRoot#hasRole(String)}.
+	 * For example, if hasRole("ADMIN") or hasRole("ROLE_ADMIN") is passed in, then the
+	 * role ROLE_ADMIN will be used when the defaultRolePrefix is "ROLE_" (default).
 	 * </p>
 	 *
 	 * <p>
 	 * If null or empty, then no default role prefix is used.
 	 * </p>
-	 *
 	 * @param defaultRolePrefix the default prefix to add to roles. Default "ROLE_".
 	 */
 	public void setDefaultRolePrefix(String defaultRolePrefix) {
@@ -281,8 +272,9 @@ public class DefaultMethodSecurityExpressionHandler extends
 
 	/**
 	 * @return The default role prefix
-     */
+	 */
 	protected String getDefaultRolePrefix() {
 		return defaultRolePrefix;
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedAnnotationAttributeFactory.java b/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedAnnotationAttributeFactory.java
index 2d96262dfa..e12ea859da 100644
--- a/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedAnnotationAttributeFactory.java
+++ b/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedAnnotationAttributeFactory.java
@@ -30,53 +30,49 @@ import org.springframework.security.access.prepost.PrePostInvocationAttributeFac
  * @author Rob Winch
  * @since 3.0
  */
-public class ExpressionBasedAnnotationAttributeFactory implements
-		PrePostInvocationAttributeFactory {
+public class ExpressionBasedAnnotationAttributeFactory implements PrePostInvocationAttributeFactory {
+
 	private final Object parserLock = new Object();
+
 	private ExpressionParser parser;
+
 	private MethodSecurityExpressionHandler handler;
 
-	public ExpressionBasedAnnotationAttributeFactory(
-			MethodSecurityExpressionHandler handler) {
+	public ExpressionBasedAnnotationAttributeFactory(MethodSecurityExpressionHandler handler) {
 		this.handler = handler;
 	}
 
-	public PreInvocationAttribute createPreInvocationAttribute(String preFilterAttribute,
-			String filterObject, String preAuthorizeAttribute) {
+	public PreInvocationAttribute createPreInvocationAttribute(String preFilterAttribute, String filterObject,
+			String preAuthorizeAttribute) {
 		try {
 			// TODO: Optimization of permitAll
 			ExpressionParser parser = getParser();
-			Expression preAuthorizeExpression = preAuthorizeAttribute == null ? parser
-					.parseExpression("permitAll") : parser
-					.parseExpression(preAuthorizeAttribute);
-			Expression preFilterExpression = preFilterAttribute == null ? null : parser
-					.parseExpression(preFilterAttribute);
-			return new PreInvocationExpressionAttribute(preFilterExpression,
-					filterObject, preAuthorizeExpression);
+			Expression preAuthorizeExpression = preAuthorizeAttribute == null ? parser.parseExpression("permitAll")
+					: parser.parseExpression(preAuthorizeAttribute);
+			Expression preFilterExpression = preFilterAttribute == null ? null
+					: parser.parseExpression(preFilterAttribute);
+			return new PreInvocationExpressionAttribute(preFilterExpression, filterObject, preAuthorizeExpression);
 		}
 		catch (ParseException e) {
-			throw new IllegalArgumentException("Failed to parse expression '"
-					+ e.getExpressionString() + "'", e);
+			throw new IllegalArgumentException("Failed to parse expression '" + e.getExpressionString() + "'", e);
 		}
 	}
 
-	public PostInvocationAttribute createPostInvocationAttribute(
-			String postFilterAttribute, String postAuthorizeAttribute) {
+	public PostInvocationAttribute createPostInvocationAttribute(String postFilterAttribute,
+			String postAuthorizeAttribute) {
 		try {
 			ExpressionParser parser = getParser();
 			Expression postAuthorizeExpression = postAuthorizeAttribute == null ? null
 					: parser.parseExpression(postAuthorizeAttribute);
-			Expression postFilterExpression = postFilterAttribute == null ? null : parser
-					.parseExpression(postFilterAttribute);
+			Expression postFilterExpression = postFilterAttribute == null ? null
+					: parser.parseExpression(postFilterAttribute);
 
 			if (postFilterExpression != null || postAuthorizeExpression != null) {
-				return new PostInvocationExpressionAttribute(postFilterExpression,
-						postAuthorizeExpression);
+				return new PostInvocationExpressionAttribute(postFilterExpression, postAuthorizeExpression);
 			}
 		}
 		catch (ParseException e) {
-			throw new IllegalArgumentException("Failed to parse expression '"
-					+ e.getExpressionString() + "'", e);
+			throw new IllegalArgumentException("Failed to parse expression '" + e.getExpressionString() + "'", e);
 		}
 
 		return null;
@@ -84,7 +80,6 @@ public class ExpressionBasedAnnotationAttributeFactory implements
 
 	/**
 	 * Delay the lookup of the {@link ExpressionParser} to prevent SEC-2136
-	 *
 	 * @return
 	 */
 	private ExpressionParser getParser() {
@@ -97,4 +92,5 @@ public class ExpressionBasedAnnotationAttributeFactory implements
 		}
 		return this.parser;
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPostInvocationAdvice.java b/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPostInvocationAdvice.java
index 8dd739804f..54c0c88911 100644
--- a/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPostInvocationAdvice.java
+++ b/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPostInvocationAdvice.java
@@ -27,27 +27,23 @@ import org.springframework.security.access.prepost.PostInvocationAuthorizationAd
 import org.springframework.security.core.Authentication;
 
 /**
- *
  * @author Luke Taylor
  * @since 3.0
  */
-public class ExpressionBasedPostInvocationAdvice implements
-		PostInvocationAuthorizationAdvice {
+public class ExpressionBasedPostInvocationAdvice implements PostInvocationAuthorizationAdvice {
+
 	protected final Log logger = LogFactory.getLog(getClass());
 
 	private final MethodSecurityExpressionHandler expressionHandler;
 
-	public ExpressionBasedPostInvocationAdvice(
-			MethodSecurityExpressionHandler expressionHandler) {
+	public ExpressionBasedPostInvocationAdvice(MethodSecurityExpressionHandler expressionHandler) {
 		this.expressionHandler = expressionHandler;
 	}
 
-	public Object after(Authentication authentication, MethodInvocation mi,
-			PostInvocationAttribute postAttr, Object returnedObject)
-			throws AccessDeniedException {
+	public Object after(Authentication authentication, MethodInvocation mi, PostInvocationAttribute postAttr,
+			Object returnedObject) throws AccessDeniedException {
 		PostInvocationExpressionAttribute pia = (PostInvocationExpressionAttribute) postAttr;
-		EvaluationContext ctx = expressionHandler.createEvaluationContext(authentication,
-				mi);
+		EvaluationContext ctx = expressionHandler.createEvaluationContext(authentication, mi);
 		Expression postFilter = pia.getFilterExpression();
 		Expression postAuthorize = pia.getAuthorizeExpression();
 
@@ -57,8 +53,7 @@ public class ExpressionBasedPostInvocationAdvice implements
 			}
 
 			if (returnedObject != null) {
-				returnedObject = expressionHandler
-						.filter(returnedObject, postFilter, ctx);
+				returnedObject = expressionHandler.filter(returnedObject, postFilter, ctx);
 			}
 			else {
 				if (logger.isDebugEnabled()) {
@@ -69,8 +64,7 @@ public class ExpressionBasedPostInvocationAdvice implements
 
 		expressionHandler.setReturnObject(returnedObject, ctx);
 
-		if (postAuthorize != null
-				&& !ExpressionUtils.evaluateAsBoolean(postAuthorize, ctx)) {
+		if (postAuthorize != null && !ExpressionUtils.evaluateAsBoolean(postAuthorize, ctx)) {
 			if (logger.isDebugEnabled()) {
 				logger.debug("PostAuthorize expression rejected access");
 			}
@@ -79,4 +73,5 @@ public class ExpressionBasedPostInvocationAdvice implements
 
 		return returnedObject;
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPreInvocationAdvice.java b/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPreInvocationAdvice.java
index c4f11aa6f8..477c6ab361 100644
--- a/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPreInvocationAdvice.java
+++ b/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPreInvocationAdvice.java
@@ -34,15 +34,13 @@ import org.springframework.security.core.Authentication;
  * @author Luke Taylor
  * @since 3.0
  */
-public class ExpressionBasedPreInvocationAdvice implements
-		PreInvocationAuthorizationAdvice {
+public class ExpressionBasedPreInvocationAdvice implements PreInvocationAuthorizationAdvice {
+
 	private MethodSecurityExpressionHandler expressionHandler = new DefaultMethodSecurityExpressionHandler();
 
-	public boolean before(Authentication authentication, MethodInvocation mi,
-			PreInvocationAttribute attr) {
+	public boolean before(Authentication authentication, MethodInvocation mi, PreInvocationAttribute attr) {
 		PreInvocationExpressionAttribute preAttr = (PreInvocationExpressionAttribute) attr;
-		EvaluationContext ctx = expressionHandler.createEvaluationContext(authentication,
-				mi);
+		EvaluationContext ctx = expressionHandler.createEvaluationContext(authentication, mi);
 		Expression preFilter = preAttr.getFilterExpression();
 		Expression preAuthorize = preAttr.getAuthorizeExpression();
 
@@ -59,16 +57,14 @@ public class ExpressionBasedPreInvocationAdvice implements
 		return ExpressionUtils.evaluateAsBoolean(preAuthorize, ctx);
 	}
 
-	private Object findFilterTarget(String filterTargetName, EvaluationContext ctx,
-			MethodInvocation mi) {
+	private Object findFilterTarget(String filterTargetName, EvaluationContext ctx, MethodInvocation mi) {
 		Object filterTarget = null;
 
 		if (filterTargetName.length() > 0) {
 			filterTarget = ctx.lookupVariable(filterTargetName);
 			if (filterTarget == null) {
 				throw new IllegalArgumentException(
-						"Filter target was null, or no argument with name "
-								+ filterTargetName + " found in method");
+						"Filter target was null, or no argument with name " + filterTargetName + " found in method");
 			}
 		}
 		else if (mi.getArguments().length == 1) {
@@ -77,19 +73,18 @@ public class ExpressionBasedPreInvocationAdvice implements
 				filterTarget = arg;
 			}
 			if (filterTarget == null) {
-				throw new IllegalArgumentException(
-						"A PreFilter expression was set but the method argument type"
-								+ arg.getClass() + " is not filterable");
+				throw new IllegalArgumentException("A PreFilter expression was set but the method argument type"
+						+ arg.getClass() + " is not filterable");
 			}
-		} else if (mi.getArguments().length > 1) {
+		}
+		else if (mi.getArguments().length > 1) {
 			throw new IllegalArgumentException(
 					"Unable to determine the method argument for filtering. Specify the filter target.");
 		}
 
 		if (filterTarget.getClass().isArray()) {
 			throw new IllegalArgumentException(
-					"Pre-filtering on array types is not supported. "
-							+ "Using a Collection will solve this problem");
+					"Pre-filtering on array types is not supported. " + "Using a Collection will solve this problem");
 		}
 
 		return filterTarget;
@@ -98,4 +93,5 @@ public class ExpressionBasedPreInvocationAdvice implements
 	public void setExpressionHandler(MethodSecurityExpressionHandler expressionHandler) {
 		this.expressionHandler = expressionHandler;
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/access/expression/method/MethodSecurityEvaluationContext.java b/core/src/main/java/org/springframework/security/access/expression/method/MethodSecurityEvaluationContext.java
index 5ce94731e7..fe26a6fded 100644
--- a/core/src/main/java/org/springframework/security/access/expression/method/MethodSecurityEvaluationContext.java
+++ b/core/src/main/java/org/springframework/security/access/expression/method/MethodSecurityEvaluationContext.java
@@ -37,8 +37,8 @@ import org.springframework.security.core.parameters.DefaultSecurityParameterName
  * @since 3.0
  */
 class MethodSecurityEvaluationContext extends MethodBasedEvaluationContext {
-	private static final Log logger = LogFactory
-			.getLog(MethodSecurityEvaluationContext.class);
+
+	private static final Log logger = LogFactory.getLog(MethodSecurityEvaluationContext.class);
 
 	/**
 	 * Intended for testing. Don't use in practice as it creates a new parameter resolver
@@ -57,4 +57,5 @@ class MethodSecurityEvaluationContext extends MethodBasedEvaluationContext {
 	private static Method getSpecificMethod(MethodInvocation mi) {
 		return AopUtils.getMostSpecificMethod(mi.getMethod(), AopProxyUtils.ultimateTargetClass(mi.getThis()));
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/access/expression/method/MethodSecurityExpressionHandler.java b/core/src/main/java/org/springframework/security/access/expression/method/MethodSecurityExpressionHandler.java
index efebcca9b4..bd0a09c1e7 100644
--- a/core/src/main/java/org/springframework/security/access/expression/method/MethodSecurityExpressionHandler.java
+++ b/core/src/main/java/org/springframework/security/access/expression/method/MethodSecurityExpressionHandler.java
@@ -27,11 +27,10 @@ import org.springframework.security.access.expression.SecurityExpressionHandler;
  * @author Luke Taylor
  * @since 3.0
  */
-public interface MethodSecurityExpressionHandler extends
-		SecurityExpressionHandler<MethodInvocation> {
+public interface MethodSecurityExpressionHandler extends SecurityExpressionHandler<MethodInvocation> {
+
 	/**
 	 * Filters a target collection or array. Only applies to method invocations.
-	 *
 	 * @param filterTarget the array or collection to be filtered.
 	 * @param filterExpression the expression which should be used as the filter
 	 * condition. If it returns false on evaluation, the object will be removed from the
@@ -45,7 +44,6 @@ public interface MethodSecurityExpressionHandler extends
 	/**
 	 * Used to inform the expression system of the return object for the given evaluation
 	 * context. Only applies to method invocations.
-	 *
 	 * @param returnObject the return object value
 	 * @param ctx the context within which the object should be set (as created through a
 	 * call to
diff --git a/core/src/main/java/org/springframework/security/access/expression/method/MethodSecurityExpressionOperations.java b/core/src/main/java/org/springframework/security/access/expression/method/MethodSecurityExpressionOperations.java
index 24863d6bed..e3af4e1e82 100644
--- a/core/src/main/java/org/springframework/security/access/expression/method/MethodSecurityExpressionOperations.java
+++ b/core/src/main/java/org/springframework/security/access/expression/method/MethodSecurityExpressionOperations.java
@@ -25,6 +25,7 @@ import org.springframework.security.access.expression.SecurityExpressionOperatio
  * @since 3.1.1
  */
 public interface MethodSecurityExpressionOperations extends SecurityExpressionOperations {
+
 	void setFilterObject(Object filterObject);
 
 	Object getFilterObject();
@@ -34,4 +35,5 @@ public interface MethodSecurityExpressionOperations extends SecurityExpressionOp
 	Object getReturnObject();
 
 	Object getThis();
+
 }
diff --git a/core/src/main/java/org/springframework/security/access/expression/method/MethodSecurityExpressionRoot.java b/core/src/main/java/org/springframework/security/access/expression/method/MethodSecurityExpressionRoot.java
index 0e8c47c7a5..7c3f52b881 100644
--- a/core/src/main/java/org/springframework/security/access/expression/method/MethodSecurityExpressionRoot.java
+++ b/core/src/main/java/org/springframework/security/access/expression/method/MethodSecurityExpressionRoot.java
@@ -24,10 +24,12 @@ import org.springframework.security.core.Authentication;
  * @author Luke Taylor
  * @since 3.0
  */
-class MethodSecurityExpressionRoot extends SecurityExpressionRoot implements
-		MethodSecurityExpressionOperations {
+class MethodSecurityExpressionRoot extends SecurityExpressionRoot implements MethodSecurityExpressionOperations {
+
 	private Object filterObject;
+
 	private Object returnObject;
+
 	private Object target;
 
 	MethodSecurityExpressionRoot(Authentication a) {
@@ -54,7 +56,6 @@ class MethodSecurityExpressionRoot extends SecurityExpressionRoot implements
 	 * Sets the "this" property for use in expressions. Typically this will be the "this"
 	 * property of the {@code JoinPoint} representing the method invocation which is being
 	 * protected.
-	 *
 	 * @param target the target object on which the method in is being invoked.
 	 */
 	void setThis(Object target) {
@@ -64,4 +65,5 @@ class MethodSecurityExpressionRoot extends SecurityExpressionRoot implements
 	public Object getThis() {
 		return target;
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/access/expression/method/PostInvocationExpressionAttribute.java b/core/src/main/java/org/springframework/security/access/expression/method/PostInvocationExpressionAttribute.java
index d308dcb13f..dc1463ca5c 100644
--- a/core/src/main/java/org/springframework/security/access/expression/method/PostInvocationExpressionAttribute.java
+++ b/core/src/main/java/org/springframework/security/access/expression/method/PostInvocationExpressionAttribute.java
@@ -20,20 +20,18 @@ import org.springframework.expression.ParseException;
 import org.springframework.security.access.prepost.PostInvocationAttribute;
 
 /**
- *
  * @author Luke Taylor
  * @since 3.0
  */
-class PostInvocationExpressionAttribute extends
-		AbstractExpressionBasedMethodConfigAttribute implements PostInvocationAttribute {
+class PostInvocationExpressionAttribute extends AbstractExpressionBasedMethodConfigAttribute
+		implements PostInvocationAttribute {
 
-	PostInvocationExpressionAttribute(String filterExpression, String authorizeExpression)
-			throws ParseException {
+	PostInvocationExpressionAttribute(String filterExpression, String authorizeExpression) throws ParseException {
 		super(filterExpression, authorizeExpression);
 	}
 
-	PostInvocationExpressionAttribute(Expression filterExpression,
-			Expression authorizeExpression) throws ParseException {
+	PostInvocationExpressionAttribute(Expression filterExpression, Expression authorizeExpression)
+			throws ParseException {
 		super(filterExpression, authorizeExpression);
 	}
 
@@ -42,11 +40,9 @@ class PostInvocationExpressionAttribute extends
 		StringBuilder sb = new StringBuilder();
 		Expression authorize = getAuthorizeExpression();
 		Expression filter = getFilterExpression();
-		sb.append("[authorize: '").append(
-				authorize == null ? "null" : authorize.getExpressionString());
-		sb.append("', filter: '")
-				.append(filter == null ? "null" : filter.getExpressionString())
-				.append("']");
+		sb.append("[authorize: '").append(authorize == null ? "null" : authorize.getExpressionString());
+		sb.append("', filter: '").append(filter == null ? "null" : filter.getExpressionString()).append("']");
 		return sb.toString();
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/access/expression/method/PreInvocationExpressionAttribute.java b/core/src/main/java/org/springframework/security/access/expression/method/PreInvocationExpressionAttribute.java
index be871fa633..950998a785 100644
--- a/core/src/main/java/org/springframework/security/access/expression/method/PreInvocationExpressionAttribute.java
+++ b/core/src/main/java/org/springframework/security/access/expression/method/PreInvocationExpressionAttribute.java
@@ -20,24 +20,23 @@ import org.springframework.expression.ParseException;
 import org.springframework.security.access.prepost.PreInvocationAttribute;
 
 /**
- *
  * @author Luke Taylor
  * @since 3.0
  */
-class PreInvocationExpressionAttribute extends
-		AbstractExpressionBasedMethodConfigAttribute implements PreInvocationAttribute {
+class PreInvocationExpressionAttribute extends AbstractExpressionBasedMethodConfigAttribute
+		implements PreInvocationAttribute {
 
 	private final String filterTarget;
 
-	PreInvocationExpressionAttribute(String filterExpression, String filterTarget,
-			String authorizeExpression) throws ParseException {
+	PreInvocationExpressionAttribute(String filterExpression, String filterTarget, String authorizeExpression)
+			throws ParseException {
 		super(filterExpression, authorizeExpression);
 
 		this.filterTarget = filterTarget;
 	}
 
-	PreInvocationExpressionAttribute(Expression filterExpression, String filterTarget,
-			Expression authorizeExpression) throws ParseException {
+	PreInvocationExpressionAttribute(Expression filterExpression, String filterTarget, Expression authorizeExpression)
+			throws ParseException {
 		super(filterExpression, authorizeExpression);
 
 		this.filterTarget = filterTarget;
@@ -46,7 +45,6 @@ class PreInvocationExpressionAttribute extends
 	/**
 	 * The parameter name of the target argument (must be a Collection) to which filtering
 	 * will be applied.
-	 *
 	 * @return the method parameter name
 	 */
 	String getFilterTarget() {
@@ -58,11 +56,10 @@ class PreInvocationExpressionAttribute extends
 		StringBuilder sb = new StringBuilder();
 		Expression authorize = getAuthorizeExpression();
 		Expression filter = getFilterExpression();
-		sb.append("[authorize: '").append(
-				authorize == null ? "null" : authorize.getExpressionString());
-		sb.append("', filter: '").append(
-				filter == null ? "null" : filter.getExpressionString());
+		sb.append("[authorize: '").append(authorize == null ? "null" : authorize.getExpressionString());
+		sb.append("', filter: '").append(filter == null ? "null" : filter.getExpressionString());
 		sb.append("', filterTarget: '").append(filterTarget).append("']");
 		return sb.toString();
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/access/expression/method/package-info.java b/core/src/main/java/org/springframework/security/access/expression/method/package-info.java
index 5c0e30b7b9..901c4278cc 100644
--- a/core/src/main/java/org/springframework/security/access/expression/method/package-info.java
+++ b/core/src/main/java/org/springframework/security/access/expression/method/package-info.java
@@ -19,4 +19,3 @@
  * @since 3.0
  */
 package org.springframework.security.access.expression.method;
-
diff --git a/core/src/main/java/org/springframework/security/access/expression/package-info.java b/core/src/main/java/org/springframework/security/access/expression/package-info.java
index c96ea42988..5926dc9be7 100644
--- a/core/src/main/java/org/springframework/security/access/expression/package-info.java
+++ b/core/src/main/java/org/springframework/security/access/expression/package-info.java
@@ -14,10 +14,11 @@
  * limitations under the License.
  */
 /**
- * Expression handling code to support the use of Spring-EL based expressions in {@code @PreAuthorize}, {@code @PreFilter},
- * {@code @PostAuthorize} and {@code @PostFilter} annotations. Mainly for internal framework use and liable to change.
+ * Expression handling code to support the use of Spring-EL based expressions in
+ * {@code @PreAuthorize}, {@code @PreFilter}, {@code @PostAuthorize} and
+ * {@code @PostFilter} annotations. Mainly for internal framework use and liable to
+ * change.
  *
  * @since 3.0
  */
 package org.springframework.security.access.expression;
-
diff --git a/core/src/main/java/org/springframework/security/access/hierarchicalroles/NullRoleHierarchy.java b/core/src/main/java/org/springframework/security/access/hierarchicalroles/NullRoleHierarchy.java
index d29d307f4f..fe2b652571 100644
--- a/core/src/main/java/org/springframework/security/access/hierarchicalroles/NullRoleHierarchy.java
+++ b/core/src/main/java/org/springframework/security/access/hierarchicalroles/NullRoleHierarchy.java
@@ -20,7 +20,6 @@ import java.util.Collection;
 import org.springframework.security.core.GrantedAuthority;
 
 /**
- *
  * @author Luke Taylor
  * @since 3.0
  */
diff --git a/core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchy.java b/core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchy.java
index 5ab09dda7b..3316786513 100755
--- a/core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchy.java
+++ b/core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchy.java
@@ -36,7 +36,6 @@ public interface RoleHierarchy {
 	 * Role hierarchy: ROLE_A &gt; ROLE_B &gt; ROLE_C.<br>
 	 * Directly assigned authority: ROLE_A.<br>
 	 * Reachable authorities: ROLE_A, ROLE_B, ROLE_C.
-	 *
 	 * @param authorities - List of the directly assigned authorities.
 	 * @return List of all reachable authorities given the assigned authorities.
 	 */
diff --git a/core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyAuthoritiesMapper.java b/core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyAuthoritiesMapper.java
index 9619d47500..7a35f967ba 100644
--- a/core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyAuthoritiesMapper.java
+++ b/core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyAuthoritiesMapper.java
@@ -24,14 +24,15 @@ import java.util.*;
  * @author Luke Taylor
  */
 public class RoleHierarchyAuthoritiesMapper implements GrantedAuthoritiesMapper {
+
 	private final RoleHierarchy roleHierarchy;
 
 	public RoleHierarchyAuthoritiesMapper(RoleHierarchy roleHierarchy) {
 		this.roleHierarchy = roleHierarchy;
 	}
 
-	public Collection<? extends GrantedAuthority> mapAuthorities(
-			Collection<? extends GrantedAuthority> authorities) {
+	public Collection<? extends GrantedAuthority> mapAuthorities(Collection<? extends GrantedAuthority> authorities) {
 		return roleHierarchy.getReachableGrantedAuthorities(authorities);
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyImpl.java b/core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyImpl.java
index 0a51abe2de..042752da98 100755
--- a/core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyImpl.java
+++ b/core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyImpl.java
@@ -34,7 +34,8 @@ import org.springframework.security.core.authority.SimpleGrantedAuthority;
  * This class defines a role hierarchy for use with various access checking components.
  *
  * <p>
- * Here is an example configuration of a role hierarchy (hint: read the "&gt;" sign as "includes"):
+ * Here is an example configuration of a role hierarchy (hint: read the "&gt;" sign as
+ * "includes"):
  *
  * <pre>
  *     &lt;property name="hierarchy"&gt;
@@ -49,25 +50,26 @@ import org.springframework.security.core.authority.SimpleGrantedAuthority;
  * <p>
  * Explanation of the above:
  * <ul>
- * <li>In effect every user with ROLE_A also has ROLE_B, ROLE_AUTHENTICATED and ROLE_UNAUTHENTICATED;</li>
+ * <li>In effect every user with ROLE_A also has ROLE_B, ROLE_AUTHENTICATED and
+ * ROLE_UNAUTHENTICATED;</li>
  * <li>every user with ROLE_B also has ROLE_AUTHENTICATED and ROLE_UNAUTHENTICATED;</li>
  * <li>every user with ROLE_AUTHENTICATED also has ROLE_UNAUTHENTICATED.</li>
  * </ul>
  *
  * <p>
- * Hierarchical Roles will dramatically shorten your access rules (and also make the access rules
- * much more elegant).
+ * Hierarchical Roles will dramatically shorten your access rules (and also make the
+ * access rules much more elegant).
  *
  * <p>
- * Consider this access rule for Spring Security's RoleVoter (background: every user that is
- * authenticated should be able to log out):
+ * Consider this access rule for Spring Security's RoleVoter (background: every user that
+ * is authenticated should be able to log out):
  * <pre>/logout.html=ROLE_A,ROLE_B,ROLE_AUTHENTICATED</pre>
  *
  * With hierarchical roles this can now be shortened to:
  * <pre>/logout.html=ROLE_AUTHENTICATED</pre>
  *
- * In addition to shorter rules this will also make your access rules more readable and your
- * intentions clearer.
+ * In addition to shorter rules this will also make your access rules more readable and
+ * your intentions clearer.
  *
  * @author Michael Mayr
  */
@@ -76,20 +78,21 @@ public class RoleHierarchyImpl implements RoleHierarchy {
 	private static final Log logger = LogFactory.getLog(RoleHierarchyImpl.class);
 
 	/**
-	 * Raw hierarchy configuration where each line represents single or multiple level role chain.
+	 * Raw hierarchy configuration where each line represents single or multiple level
+	 * role chain.
 	 */
 	private String roleHierarchyStringRepresentation = null;
 
 	/**
-	 * {@code rolesReachableInOneStepMap} is a Map that under the key of a specific role name
-	 * contains a set of all roles reachable from this role in 1 step
-	 * (i.e. parsed {@link #roleHierarchyStringRepresentation} grouped by the higher role)
+	 * {@code rolesReachableInOneStepMap} is a Map that under the key of a specific role
+	 * name contains a set of all roles reachable from this role in 1 step (i.e. parsed
+	 * {@link #roleHierarchyStringRepresentation} grouped by the higher role)
 	 */
 	private Map<String, Set<GrantedAuthority>> rolesReachableInOneStepMap = null;
 
 	/**
-	 * {@code rolesReachableInOneOrMoreStepsMap} is a Map that under the key of a specific role
-	 * name contains a set of all roles reachable from this role in 1 or more steps
+	 * {@code rolesReachableInOneOrMoreStepsMap} is a Map that under the key of a specific
+	 * role name contains a set of all roles reachable from this role in 1 or more steps
 	 * (i.e. fully resolved hierarchy from {@link #rolesReachableInOneStepMap})
 	 */
 	private Map<String, Set<GrantedAuthority>> rolesReachableInOneOrMoreStepsMap = null;
@@ -100,15 +103,13 @@ public class RoleHierarchyImpl implements RoleHierarchy {
 	 * is done for performance reasons (reachable roles can then be calculated in O(1)
 	 * time). During pre-calculation, cycles in role hierarchy are detected and will cause
 	 * a <tt>CycleInRoleHierarchyException</tt> to be thrown.
-	 *
 	 * @param roleHierarchyStringRepresentation - String definition of the role hierarchy.
 	 */
 	public void setHierarchy(String roleHierarchyStringRepresentation) {
 		this.roleHierarchyStringRepresentation = roleHierarchyStringRepresentation;
 
 		if (logger.isDebugEnabled()) {
-			logger.debug("setHierarchy() - The following role hierarchy was set: "
-					+ roleHierarchyStringRepresentation);
+			logger.debug("setHierarchy() - The following role hierarchy was set: " + roleHierarchyStringRepresentation);
 		}
 
 		buildRolesReachableInOneStepMap();
@@ -150,9 +151,8 @@ public class RoleHierarchyImpl implements RoleHierarchy {
 		}
 
 		if (logger.isDebugEnabled()) {
-			logger.debug("getReachableGrantedAuthorities() - From the roles "
-					+ authorities + " one can reach " + reachableRoles
-					+ " in zero or more steps.");
+			logger.debug("getReachableGrantedAuthorities() - From the roles " + authorities + " one can reach "
+					+ reachableRoles + " in zero or more steps.");
 		}
 
 		List<GrantedAuthority> reachableRoleList = new ArrayList<>(reachableRoles.size());
@@ -179,14 +179,15 @@ public class RoleHierarchyImpl implements RoleHierarchy {
 				if (!this.rolesReachableInOneStepMap.containsKey(higherRole)) {
 					rolesReachableInOneStepSet = new HashSet<>();
 					this.rolesReachableInOneStepMap.put(higherRole, rolesReachableInOneStepSet);
-				} else {
+				}
+				else {
 					rolesReachableInOneStepSet = this.rolesReachableInOneStepMap.get(higherRole);
 				}
 				rolesReachableInOneStepSet.add(lowerRole);
 
 				if (logger.isDebugEnabled()) {
-					logger.debug("buildRolesReachableInOneStepMap() - From role " + higherRole
-							+ " one can reach role " + lowerRole + " in one step.");
+					logger.debug("buildRolesReachableInOneStepMap() - From role " + higherRole + " one can reach role "
+							+ lowerRole + " in one step.");
 				}
 			}
 		}
@@ -209,18 +210,19 @@ public class RoleHierarchyImpl implements RoleHierarchy {
 				// take a role from the rolesToVisit set
 				GrantedAuthority lowerRole = rolesToVisitSet.iterator().next();
 				rolesToVisitSet.remove(lowerRole);
-				if (!visitedRolesSet.add(lowerRole) ||
-						!this.rolesReachableInOneStepMap.containsKey(lowerRole.getAuthority())) {
+				if (!visitedRolesSet.add(lowerRole)
+						|| !this.rolesReachableInOneStepMap.containsKey(lowerRole.getAuthority())) {
 					continue; // Already visited role or role with missing hierarchy
-				} else if (roleName.equals(lowerRole.getAuthority())) {
+				}
+				else if (roleName.equals(lowerRole.getAuthority())) {
 					throw new CycleInRoleHierarchyException();
 				}
 				rolesToVisitSet.addAll(this.rolesReachableInOneStepMap.get(lowerRole.getAuthority()));
 			}
 			this.rolesReachableInOneOrMoreStepsMap.put(roleName, visitedRolesSet);
 
-			logger.debug("buildRolesReachableInOneOrMoreStepsMap() - From role " + roleName
-					+ " one can reach " + visitedRolesSet + " in one or more steps.");
+			logger.debug("buildRolesReachableInOneOrMoreStepsMap() - From role " + roleName + " one can reach "
+					+ visitedRolesSet + " in one or more steps.");
 		}
 
 	}
diff --git a/core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyUtils.java b/core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyUtils.java
index 6b7e4afcbe..e8d08f3966 100644
--- a/core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyUtils.java
+++ b/core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyUtils.java
@@ -35,13 +35,13 @@ public final class RoleHierarchyUtils {
 
 	/**
 	 * Converts the supplied {@link Map} of role name to implied role name(s) to a string
-	 * representation understood by {@link RoleHierarchyImpl#setHierarchy(String)}.
-	 * The map key is the role name and the map value is a {@link List} of implied role name(s).
-	 *
+	 * representation understood by {@link RoleHierarchyImpl#setHierarchy(String)}. The
+	 * map key is the role name and the map value is a {@link List} of implied role
+	 * name(s).
 	 * @param roleHierarchyMap the mapping(s) of role name to implied role name(s)
 	 * @return a string representation of a role hierarchy
-	 * @throws IllegalArgumentException if roleHierarchyMap is null or empty or if a role name is null or
-	 * empty or if an implied role name(s) is null or empty
+	 * @throws IllegalArgumentException if roleHierarchyMap is null or empty or if a role
+	 * name is null or empty or if an implied role name(s) is null or empty
 	 *
 	 */
 	public static String roleHierarchyFromMap(Map<String, List<String>> roleHierarchyMap) {
diff --git a/core/src/main/java/org/springframework/security/access/hierarchicalroles/package-info.java b/core/src/main/java/org/springframework/security/access/hierarchicalroles/package-info.java
index bbcb668705..a893032c17 100644
--- a/core/src/main/java/org/springframework/security/access/hierarchicalroles/package-info.java
+++ b/core/src/main/java/org/springframework/security/access/hierarchicalroles/package-info.java
@@ -17,4 +17,3 @@
  * Role hierarchy implementation.
  */
 package org.springframework.security.access.hierarchicalroles;
-
diff --git a/core/src/main/java/org/springframework/security/access/intercept/AbstractSecurityInterceptor.java b/core/src/main/java/org/springframework/security/access/intercept/AbstractSecurityInterceptor.java
index 2f3d9e7b76..40a34d6260 100644
--- a/core/src/main/java/org/springframework/security/access/intercept/AbstractSecurityInterceptor.java
+++ b/core/src/main/java/org/springframework/security/access/intercept/AbstractSecurityInterceptor.java
@@ -54,7 +54,8 @@ import org.springframework.util.Assert;
  * configuration of the security interceptor. It will also implement the proper handling
  * of secure object invocations, namely:
  * <ol>
- * <li>Obtain the {@link Authentication} object from the {@link SecurityContextHolder}.</li>
+ * <li>Obtain the {@link Authentication} object from the
+ * {@link SecurityContextHolder}.</li>
  * <li>Determine if the request relates to a secured or public invocation by looking up
  * the secure object request against the {@link SecurityMetadataSource}.</li>
  * <li>For an invocation that is secured (there is a list of <code>ConfigAttribute</code>s
@@ -100,8 +101,9 @@ import org.springframework.util.Assert;
  * @author Ben Alex
  * @author Rob Winch
  */
-public abstract class AbstractSecurityInterceptor implements InitializingBean,
-		ApplicationEventPublisherAware, MessageSourceAware {
+public abstract class AbstractSecurityInterceptor
+		implements InitializingBean, ApplicationEventPublisherAware, MessageSourceAware {
+
 	// ~ Static fields/initializers
 	// =====================================================================================
 
@@ -111,49 +113,49 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean,
 	// ================================================================================================
 
 	protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
+
 	private ApplicationEventPublisher eventPublisher;
+
 	private AccessDecisionManager accessDecisionManager;
+
 	private AfterInvocationManager afterInvocationManager;
+
 	private AuthenticationManager authenticationManager = new NoOpAuthenticationManager();
+
 	private RunAsManager runAsManager = new NullRunAsManager();
 
 	private boolean alwaysReauthenticate = false;
+
 	private boolean rejectPublicInvocations = false;
+
 	private boolean validateConfigAttributes = true;
+
 	private boolean publishAuthorizationSuccess = false;
 
 	// ~ Methods
 	// ========================================================================================================
 
 	public void afterPropertiesSet() {
-		Assert.notNull(getSecureObjectClass(),
-				"Subclass must provide a non-null response to getSecureObjectClass()");
+		Assert.notNull(getSecureObjectClass(), "Subclass must provide a non-null response to getSecureObjectClass()");
 		Assert.notNull(this.messages, "A message source must be set");
 		Assert.notNull(this.authenticationManager, "An AuthenticationManager is required");
 		Assert.notNull(this.accessDecisionManager, "An AccessDecisionManager is required");
 		Assert.notNull(this.runAsManager, "A RunAsManager is required");
-		Assert.notNull(this.obtainSecurityMetadataSource(),
-				"An SecurityMetadataSource is required");
-		Assert.isTrue(this.obtainSecurityMetadataSource()
-				.supports(getSecureObjectClass()),
-				() -> "SecurityMetadataSource does not support secure object class: "
-						+ getSecureObjectClass());
+		Assert.notNull(this.obtainSecurityMetadataSource(), "An SecurityMetadataSource is required");
+		Assert.isTrue(this.obtainSecurityMetadataSource().supports(getSecureObjectClass()),
+				() -> "SecurityMetadataSource does not support secure object class: " + getSecureObjectClass());
 		Assert.isTrue(this.runAsManager.supports(getSecureObjectClass()),
-				() -> "RunAsManager does not support secure object class: "
-						+ getSecureObjectClass());
+				() -> "RunAsManager does not support secure object class: " + getSecureObjectClass());
 		Assert.isTrue(this.accessDecisionManager.supports(getSecureObjectClass()),
-				() -> "AccessDecisionManager does not support secure object class: "
-						+ getSecureObjectClass());
+				() -> "AccessDecisionManager does not support secure object class: " + getSecureObjectClass());
 
 		if (this.afterInvocationManager != null) {
 			Assert.isTrue(this.afterInvocationManager.supports(getSecureObjectClass()),
-					() -> "AfterInvocationManager does not support secure object class: "
-							+ getSecureObjectClass());
+					() -> "AfterInvocationManager does not support secure object class: " + getSecureObjectClass());
 		}
 
 		if (this.validateConfigAttributes) {
-			Collection<ConfigAttribute> attributeDefs = this
-					.obtainSecurityMetadataSource().getAllConfigAttributes();
+			Collection<ConfigAttribute> attributeDefs = this.obtainSecurityMetadataSource().getAllConfigAttributes();
 
 			if (attributeDefs == null) {
 				logger.warn("Could not validate configuration attributes as the SecurityMetadataSource did not return "
@@ -164,17 +166,14 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean,
 			Set<ConfigAttribute> unsupportedAttrs = new HashSet<>();
 
 			for (ConfigAttribute attr : attributeDefs) {
-				if (!this.runAsManager.supports(attr)
-						&& !this.accessDecisionManager.supports(attr)
-						&& ((this.afterInvocationManager == null) || !this.afterInvocationManager
-								.supports(attr))) {
+				if (!this.runAsManager.supports(attr) && !this.accessDecisionManager.supports(attr)
+						&& ((this.afterInvocationManager == null) || !this.afterInvocationManager.supports(attr))) {
 					unsupportedAttrs.add(attr);
 				}
 			}
 
 			if (unsupportedAttrs.size() != 0) {
-				throw new IllegalArgumentException(
-						"Unsupported configuration attributes: " + unsupportedAttrs);
+				throw new IllegalArgumentException("Unsupported configuration attributes: " + unsupportedAttrs);
 			}
 
 			logger.debug("Validated configuration attributes");
@@ -186,24 +185,19 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean,
 		final boolean debug = logger.isDebugEnabled();
 
 		if (!getSecureObjectClass().isAssignableFrom(object.getClass())) {
-			throw new IllegalArgumentException(
-					"Security invocation attempted for object "
-							+ object.getClass().getName()
-							+ " but AbstractSecurityInterceptor only configured to support secure objects of type: "
-							+ getSecureObjectClass());
+			throw new IllegalArgumentException("Security invocation attempted for object " + object.getClass().getName()
+					+ " but AbstractSecurityInterceptor only configured to support secure objects of type: "
+					+ getSecureObjectClass());
 		}
 
-		Collection<ConfigAttribute> attributes = this.obtainSecurityMetadataSource()
-				.getAttributes(object);
+		Collection<ConfigAttribute> attributes = this.obtainSecurityMetadataSource().getAttributes(object);
 
 		if (attributes == null || attributes.isEmpty()) {
 			if (rejectPublicInvocations) {
-				throw new IllegalArgumentException(
-						"Secure object invocation "
-								+ object
-								+ " was denied as public invocations are not allowed via this interceptor. "
-								+ "This indicates a configuration error because the "
-								+ "rejectPublicInvocations property is set to 'true'");
+				throw new IllegalArgumentException("Secure object invocation " + object
+						+ " was denied as public invocations are not allowed via this interceptor. "
+						+ "This indicates a configuration error because the "
+						+ "rejectPublicInvocations property is set to 'true'");
 			}
 
 			if (debug) {
@@ -220,10 +214,8 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean,
 		}
 
 		if (SecurityContextHolder.getContext().getAuthentication() == null) {
-			credentialsNotFound(messages.getMessage(
-					"AbstractSecurityInterceptor.authenticationNotFound",
-					"An Authentication object was not found in the SecurityContext"),
-					object, attributes);
+			credentialsNotFound(messages.getMessage("AbstractSecurityInterceptor.authenticationNotFound",
+					"An Authentication object was not found in the SecurityContext"), object, attributes);
 		}
 
 		Authentication authenticated = authenticateIfRequired();
@@ -233,8 +225,7 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean,
 			this.accessDecisionManager.decide(authenticated, object, attributes);
 		}
 		catch (AccessDeniedException accessDeniedException) {
-			publishEvent(new AuthorizationFailureEvent(object, attributes, authenticated,
-					accessDeniedException));
+			publishEvent(new AuthorizationFailureEvent(object, attributes, authenticated, accessDeniedException));
 
 			throw accessDeniedException;
 		}
@@ -248,8 +239,7 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean,
 		}
 
 		// Attempt to run as a different user
-		Authentication runAs = this.runAsManager.buildRunAs(authenticated, object,
-				attributes);
+		Authentication runAs = this.runAsManager.buildRunAs(authenticated, object, attributes);
 
 		if (runAs == null) {
 			if (debug) {
@@ -257,8 +247,7 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean,
 			}
 
 			// no further work post-invocation
-			return new InterceptorStatusToken(SecurityContextHolder.getContext(), false,
-					attributes, object);
+			return new InterceptorStatusToken(SecurityContextHolder.getContext(), false, attributes, object);
 		}
 		else {
 			if (debug) {
@@ -279,14 +268,12 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean,
 	 * object invocation has been completed. This method should be invoked after the
 	 * secure object invocation and before afterInvocation regardless of the secure object
 	 * invocation returning successfully (i.e. it should be done in a finally block).
-	 *
 	 * @param token as returned by the {@link #beforeInvocation(Object)} method
 	 */
 	protected void finallyInvocation(InterceptorStatusToken token) {
 		if (token != null && token.isContextHolderRefreshRequired()) {
 			if (logger.isDebugEnabled()) {
-				logger.debug("Reverting to original Authentication: "
-						+ token.getSecurityContext().getAuthentication());
+				logger.debug("Reverting to original Authentication: " + token.getSecurityContext().getAuthentication());
 			}
 
 			SecurityContextHolder.setContext(token.getSecurityContext());
@@ -296,7 +283,6 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean,
 	/**
 	 * Completes the work of the <tt>AbstractSecurityInterceptor</tt> after the secure
 	 * object invocation has been completed.
-	 *
 	 * @param token as returned by the {@link #beforeInvocation(Object)} method
 	 * @param returnedObject any object returned from the secure object invocation (may be
 	 * <tt>null</tt>)
@@ -314,15 +300,12 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean,
 		if (afterInvocationManager != null) {
 			// Attempt after invocation handling
 			try {
-				returnedObject = afterInvocationManager.decide(token.getSecurityContext()
-						.getAuthentication(), token.getSecureObject(), token
-						.getAttributes(), returnedObject);
+				returnedObject = afterInvocationManager.decide(token.getSecurityContext().getAuthentication(),
+						token.getSecureObject(), token.getAttributes(), returnedObject);
 			}
 			catch (AccessDeniedException accessDeniedException) {
-				AuthorizationFailureEvent event = new AuthorizationFailureEvent(
-						token.getSecureObject(), token.getAttributes(), token
-								.getSecurityContext().getAuthentication(),
-						accessDeniedException);
+				AuthorizationFailureEvent event = new AuthorizationFailureEvent(token.getSecureObject(),
+						token.getAttributes(), token.getSecurityContext().getAuthentication(), accessDeniedException);
 				publishEvent(event);
 
 				throw accessDeniedException;
@@ -336,12 +319,10 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean,
 	 * Checks the current authentication token and passes it to the AuthenticationManager
 	 * if {@link org.springframework.security.core.Authentication#isAuthenticated()}
 	 * returns false or the property <tt>alwaysReauthenticate</tt> has been set to true.
-	 *
 	 * @return an authenticated <tt>Authentication</tt> object.
 	 */
 	private Authentication authenticateIfRequired() {
-		Authentication authentication = SecurityContextHolder.getContext()
-				.getAuthentication();
+		Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
 
 		if (authentication.isAuthenticated() && !alwaysReauthenticate) {
 			if (logger.isDebugEnabled()) {
@@ -369,18 +350,15 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean,
 	 * publishes an event to the application context.
 	 * <p>
 	 * Always throws an exception.
-	 *
 	 * @param reason to be provided in the exception detail
 	 * @param secureObject that was being called
 	 * @param configAttribs that were defined for the secureObject
 	 */
-	private void credentialsNotFound(String reason, Object secureObject,
-			Collection<ConfigAttribute> configAttribs) {
-		AuthenticationCredentialsNotFoundException exception = new AuthenticationCredentialsNotFoundException(
-				reason);
+	private void credentialsNotFound(String reason, Object secureObject, Collection<ConfigAttribute> configAttribs) {
+		AuthenticationCredentialsNotFoundException exception = new AuthenticationCredentialsNotFoundException(reason);
 
-		AuthenticationCredentialsNotFoundEvent event = new AuthenticationCredentialsNotFoundEvent(
-				secureObject, configAttribs, exception);
+		AuthenticationCredentialsNotFoundEvent event = new AuthenticationCredentialsNotFoundEvent(secureObject,
+				configAttribs, exception);
 		publishEvent(event);
 
 		throw exception;
@@ -406,7 +384,6 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean,
 	 * Indicates the type of secure objects the subclass will be presenting to the
 	 * abstract parent for processing. This is used to ensure collaborators wired to the
 	 * {@code AbstractSecurityInterceptor} all support the indicated secure object class.
-	 *
 	 * @return the type of secure object the subclass provides services for
 	 */
 	public abstract Class<?> getSecureObjectClass();
@@ -439,7 +416,6 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean,
 	 * meaning by default the <code>Authentication.isAuthenticated()</code> property is
 	 * trusted and re-authentication will not occur if the principal has already been
 	 * authenticated.
-	 *
 	 * @param alwaysReauthenticate <code>true</code> to force
 	 * <code>AbstractSecurityInterceptor</code> to disregard the value of
 	 * <code>Authentication.isAuthenticated()</code> and always re-authenticate the
@@ -449,8 +425,7 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean,
 		this.alwaysReauthenticate = alwaysReauthenticate;
 	}
 
-	public void setApplicationEventPublisher(
-			ApplicationEventPublisher applicationEventPublisher) {
+	public void setApplicationEventPublisher(ApplicationEventPublisher applicationEventPublisher) {
 		this.eventPublisher = applicationEventPublisher;
 	}
 
@@ -465,7 +440,6 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean,
 	/**
 	 * Only {@code AuthorizationFailureEvent} will be published. If you set this property
 	 * to {@code true}, {@code AuthorizedEvent}s will also be published.
-	 *
 	 * @param publishAuthorizationSuccess default value is {@code false}
 	 */
 	public void setPublishAuthorizationSuccess(boolean publishAuthorizationSuccess) {
@@ -481,7 +455,6 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean,
 	 * <tt>IllegalArgumentException</tt> will be thrown by the
 	 * <tt>AbstractSecurityInterceptor</tt> if you set this property to <tt>true</tt> and
 	 * an attempt is made to invoke a secure object that has no configuration attributes.
-	 *
 	 * @param rejectPublicInvocations set to <code>true</code> to reject invocations of
 	 * secure objects that have no configuration attributes (by default it is
 	 * <code>false</code> which treats undeclared secure objects as "public" or
@@ -507,10 +480,10 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean,
 
 	private static class NoOpAuthenticationManager implements AuthenticationManager {
 
-		public Authentication authenticate(Authentication authentication)
-				throws AuthenticationException {
-			throw new AuthenticationServiceException("Cannot authenticate "
-					+ authentication);
+		public Authentication authenticate(Authentication authentication) throws AuthenticationException {
+			throw new AuthenticationServiceException("Cannot authenticate " + authentication);
 		}
+
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/access/intercept/AfterInvocationManager.java b/core/src/main/java/org/springframework/security/access/intercept/AfterInvocationManager.java
index eae4f139fe..7c11320a00 100644
--- a/core/src/main/java/org/springframework/security/access/intercept/AfterInvocationManager.java
+++ b/core/src/main/java/org/springframework/security/access/intercept/AfterInvocationManager.java
@@ -43,6 +43,7 @@ import org.springframework.security.core.Authentication;
  * @author Ben Alex
  */
 public interface AfterInvocationManager {
+
 	// ~ Methods
 	// ========================================================================================================
 
@@ -50,24 +51,20 @@ public interface AfterInvocationManager {
 	 * Given the details of a secure object invocation including its returned
 	 * <code>Object</code>, make an access control decision or optionally modify the
 	 * returned <code>Object</code>.
-	 *
 	 * @param authentication the caller that invoked the method
 	 * @param object the secured object that was called
 	 * @param attributes the configuration attributes associated with the secured object
 	 * that was invoked
 	 * @param returnedObject the <code>Object</code> that was returned from the secure
 	 * object invocation
-	 *
 	 * @return the <code>Object</code> that will ultimately be returned to the caller (if
 	 * an implementation does not wish to modify the object to be returned to the caller,
 	 * the implementation should simply return the same object it was passed by the
 	 * <code>returnedObject</code> method argument)
-	 *
 	 * @throws AccessDeniedException if access is denied
 	 */
-	Object decide(Authentication authentication, Object object,
-			Collection<ConfigAttribute> attributes, Object returnedObject)
-			throws AccessDeniedException;
+	Object decide(Authentication authentication, Object object, Collection<ConfigAttribute> attributes,
+			Object returnedObject) throws AccessDeniedException;
 
 	/**
 	 * Indicates whether this <code>AfterInvocationManager</code> is able to process
@@ -78,10 +75,8 @@ public interface AfterInvocationManager {
 	 * <code>AccessDecisionManager</code> and/or <code>RunAsManager</code> and/or
 	 * <code>AfterInvocationManager</code>.
 	 * </p>
-	 *
 	 * @param attribute a configuration attribute that has been configured against the
 	 * <code>AbstractSecurityInterceptor</code>
-	 *
 	 * @return true if this <code>AfterInvocationManager</code> can support the passed
 	 * configuration attribute
 	 */
@@ -90,10 +85,9 @@ public interface AfterInvocationManager {
 	/**
 	 * Indicates whether the <code>AfterInvocationManager</code> implementation is able to
 	 * provide access control decisions for the indicated secured object type.
-	 *
 	 * @param clazz the class that is being queried
-	 *
 	 * @return <code>true</code> if the implementation can process the indicated class
 	 */
 	boolean supports(Class<?> clazz);
+
 }
diff --git a/core/src/main/java/org/springframework/security/access/intercept/AfterInvocationProviderManager.java b/core/src/main/java/org/springframework/security/access/intercept/AfterInvocationProviderManager.java
index bc8bea7fb3..c223186b9d 100644
--- a/core/src/main/java/org/springframework/security/access/intercept/AfterInvocationProviderManager.java
+++ b/core/src/main/java/org/springframework/security/access/intercept/AfterInvocationProviderManager.java
@@ -45,13 +45,12 @@ import org.springframework.util.Assert;
  *
  * @author Ben Alex
  */
-public class AfterInvocationProviderManager implements AfterInvocationManager,
-		InitializingBean {
+public class AfterInvocationProviderManager implements AfterInvocationManager, InitializingBean {
+
 	// ~ Static fields/initializers
 	// =====================================================================================
 
-	protected static final Log logger = LogFactory
-			.getLog(AfterInvocationProviderManager.class);
+	protected static final Log logger = LogFactory.getLog(AfterInvocationProviderManager.class);
 
 	// ~ Instance fields
 	// ================================================================================================
@@ -67,14 +66,12 @@ public class AfterInvocationProviderManager implements AfterInvocationManager,
 
 	private void checkIfValidList(List<?> listToCheck) {
 		if ((listToCheck == null) || (listToCheck.size() == 0)) {
-			throw new IllegalArgumentException(
-					"A list of AfterInvocationProviders is required");
+			throw new IllegalArgumentException("A list of AfterInvocationProviders is required");
 		}
 	}
 
-	public Object decide(Authentication authentication, Object object,
-			Collection<ConfigAttribute> config, Object returnedObject)
-			throws AccessDeniedException {
+	public Object decide(Authentication authentication, Object object, Collection<ConfigAttribute> config,
+			Object returnedObject) throws AccessDeniedException {
 
 		Object result = returnedObject;
 
@@ -94,9 +91,8 @@ public class AfterInvocationProviderManager implements AfterInvocationManager,
 		providers = new ArrayList<>(newList.size());
 
 		for (Object currentObject : newList) {
-			Assert.isInstanceOf(AfterInvocationProvider.class, currentObject,
-					() -> "AfterInvocationProvider " + currentObject.getClass().getName()
-							+ " must implement AfterInvocationProvider");
+			Assert.isInstanceOf(AfterInvocationProvider.class, currentObject, () -> "AfterInvocationProvider "
+					+ currentObject.getClass().getName() + " must implement AfterInvocationProvider");
 			providers.add((AfterInvocationProvider) currentObject);
 		}
 	}
@@ -121,9 +117,7 @@ public class AfterInvocationProviderManager implements AfterInvocationManager,
 	 * <p>
 	 * If one or more providers cannot support the presented class, <code>false</code> is
 	 * returned.
-	 *
 	 * @param clazz the secure object class being queries
-	 *
 	 * @return if the <code>AfterInvocationProviderManager</code> can support the secure
 	 * object class, which requires every one of its <code>AfterInvocationProvider</code>s
 	 * to support the secure object class
@@ -137,4 +131,5 @@ public class AfterInvocationProviderManager implements AfterInvocationManager,
 
 		return true;
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/access/intercept/InterceptorStatusToken.java b/core/src/main/java/org/springframework/security/access/intercept/InterceptorStatusToken.java
index fbe6f7acc6..74ea128212 100644
--- a/core/src/main/java/org/springframework/security/access/intercept/InterceptorStatusToken.java
+++ b/core/src/main/java/org/springframework/security/access/intercept/InterceptorStatusToken.java
@@ -31,20 +31,23 @@ import org.springframework.security.core.context.SecurityContext;
  * @author Ben Alex
  */
 public class InterceptorStatusToken {
+
 	// ~ Instance fields
 	// ================================================================================================
 
 	private SecurityContext securityContext;
+
 	private Collection<ConfigAttribute> attr;
+
 	private Object secureObject;
+
 	private boolean contextHolderRefreshRequired;
 
 	// ~ Constructors
 	// ===================================================================================================
 
-	public InterceptorStatusToken(SecurityContext securityContext,
-			boolean contextHolderRefreshRequired, Collection<ConfigAttribute> attributes,
-			Object secureObject) {
+	public InterceptorStatusToken(SecurityContext securityContext, boolean contextHolderRefreshRequired,
+			Collection<ConfigAttribute> attributes, Object secureObject) {
 		this.securityContext = securityContext;
 		this.contextHolderRefreshRequired = contextHolderRefreshRequired;
 		this.attr = attributes;
@@ -69,4 +72,5 @@ public class InterceptorStatusToken {
 	public boolean isContextHolderRefreshRequired() {
 		return contextHolderRefreshRequired;
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/access/intercept/MethodInvocationPrivilegeEvaluator.java b/core/src/main/java/org/springframework/security/access/intercept/MethodInvocationPrivilegeEvaluator.java
index e8551ca0ae..2438fe293c 100644
--- a/core/src/main/java/org/springframework/security/access/intercept/MethodInvocationPrivilegeEvaluator.java
+++ b/core/src/main/java/org/springframework/security/access/intercept/MethodInvocationPrivilegeEvaluator.java
@@ -43,11 +43,11 @@ import org.springframework.util.Assert;
  * @author Ben Alex
  */
 public class MethodInvocationPrivilegeEvaluator implements InitializingBean {
+
 	// ~ Static fields/initializers
 	// =====================================================================================
 
-	protected static final Log logger = LogFactory
-			.getLog(MethodInvocationPrivilegeEvaluator.class);
+	protected static final Log logger = LogFactory.getLog(MethodInvocationPrivilegeEvaluator.class);
 
 	// ~ Instance fields
 	// ================================================================================================
@@ -63,11 +63,9 @@ public class MethodInvocationPrivilegeEvaluator implements InitializingBean {
 
 	public boolean isAllowed(MethodInvocation mi, Authentication authentication) {
 		Assert.notNull(mi, "MethodInvocation required");
-		Assert.notNull(mi.getMethod(),
-				"MethodInvocation must provide a non-null getMethod()");
+		Assert.notNull(mi.getMethod(), "MethodInvocation must provide a non-null getMethod()");
 
-		Collection<ConfigAttribute> attrs = securityInterceptor
-				.obtainSecurityMetadataSource().getAttributes(mi);
+		Collection<ConfigAttribute> attrs = securityInterceptor.obtainSecurityMetadataSource().getAttributes(mi);
 
 		if (attrs == null) {
 			if (securityInterceptor.isRejectPublicInvocations()) {
@@ -82,13 +80,11 @@ public class MethodInvocationPrivilegeEvaluator implements InitializingBean {
 		}
 
 		try {
-			securityInterceptor.getAccessDecisionManager().decide(authentication, mi,
-					attrs);
+			securityInterceptor.getAccessDecisionManager().decide(authentication, mi, attrs);
 		}
 		catch (AccessDeniedException unauthorized) {
 			if (logger.isDebugEnabled()) {
-				logger.debug(mi.toString() + " denied for " + authentication.toString(),
-						unauthorized);
+				logger.debug(mi.toString() + " denied for " + authentication.toString(), unauthorized);
 			}
 
 			return false;
@@ -99,11 +95,11 @@ public class MethodInvocationPrivilegeEvaluator implements InitializingBean {
 
 	public void setSecurityInterceptor(AbstractSecurityInterceptor securityInterceptor) {
 		Assert.notNull(securityInterceptor, "AbstractSecurityInterceptor cannot be null");
-		Assert.isTrue(
-				MethodInvocation.class.equals(securityInterceptor.getSecureObjectClass()),
+		Assert.isTrue(MethodInvocation.class.equals(securityInterceptor.getSecureObjectClass()),
 				"AbstractSecurityInterceptor does not support MethodInvocations");
 		Assert.notNull(securityInterceptor.getAccessDecisionManager(),
 				"AbstractSecurityInterceptor must provide a non-null AccessDecisionManager");
 		this.securityInterceptor = securityInterceptor;
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/access/intercept/NullRunAsManager.java b/core/src/main/java/org/springframework/security/access/intercept/NullRunAsManager.java
index 2aca1ad642..77fb80cd3a 100644
--- a/core/src/main/java/org/springframework/security/access/intercept/NullRunAsManager.java
+++ b/core/src/main/java/org/springframework/security/access/intercept/NullRunAsManager.java
@@ -30,11 +30,11 @@ import org.springframework.security.core.Authentication;
  * @author Ben Alex
  */
 final class NullRunAsManager implements RunAsManager {
+
 	// ~ Methods
 	// ========================================================================================================
 
-	public Authentication buildRunAs(Authentication authentication, Object object,
-			Collection<ConfigAttribute> config) {
+	public Authentication buildRunAs(Authentication authentication, Object object, Collection<ConfigAttribute> config) {
 		return null;
 	}
 
@@ -45,4 +45,5 @@ final class NullRunAsManager implements RunAsManager {
 	public boolean supports(Class<?> clazz) {
 		return true;
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/access/intercept/RunAsImplAuthenticationProvider.java b/core/src/main/java/org/springframework/security/access/intercept/RunAsImplAuthenticationProvider.java
index 4a1096a1eb..805ae2d814 100644
--- a/core/src/main/java/org/springframework/security/access/intercept/RunAsImplAuthenticationProvider.java
+++ b/core/src/main/java/org/springframework/security/access/intercept/RunAsImplAuthenticationProvider.java
@@ -43,32 +43,30 @@ import org.springframework.util.Assert;
  * If the key does not match, a <code>BadCredentialsException</code> is thrown.
  * </p>
  */
-public class RunAsImplAuthenticationProvider implements InitializingBean,
-		AuthenticationProvider, MessageSourceAware {
+public class RunAsImplAuthenticationProvider implements InitializingBean, AuthenticationProvider, MessageSourceAware {
+
 	// ~ Instance fields
 	// ================================================================================================
 
 	protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
+
 	private String key;
 
 	// ~ Methods
 	// ========================================================================================================
 
 	public void afterPropertiesSet() {
-		Assert.notNull(key,
-				"A Key is required and should match that configured for the RunAsManagerImpl");
+		Assert.notNull(key, "A Key is required and should match that configured for the RunAsManagerImpl");
 	}
 
-	public Authentication authenticate(Authentication authentication)
-			throws AuthenticationException {
+	public Authentication authenticate(Authentication authentication) throws AuthenticationException {
 		RunAsUserToken token = (RunAsUserToken) authentication;
 
 		if (token.getKeyHash() == key.hashCode()) {
 			return authentication;
 		}
 		else {
-			throw new BadCredentialsException(messages.getMessage(
-					"RunAsImplAuthenticationProvider.incorrectKey",
+			throw new BadCredentialsException(messages.getMessage("RunAsImplAuthenticationProvider.incorrectKey",
 					"The presented RunAsUserToken does not contain the expected key"));
 		}
 	}
@@ -88,4 +86,5 @@ public class RunAsImplAuthenticationProvider implements InitializingBean,
 	public boolean supports(Class<?> authentication) {
 		return RunAsUserToken.class.isAssignableFrom(authentication);
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/access/intercept/RunAsManager.java b/core/src/main/java/org/springframework/security/access/intercept/RunAsManager.java
index 8fa6bee9fe..a244177a21 100644
--- a/core/src/main/java/org/springframework/security/access/intercept/RunAsManager.java
+++ b/core/src/main/java/org/springframework/security/access/intercept/RunAsManager.java
@@ -59,24 +59,22 @@ import org.springframework.security.core.Authentication;
  * @author Ben Alex
  */
 public interface RunAsManager {
+
 	// ~ Methods
 	// ========================================================================================================
 
 	/**
 	 * Returns a replacement <code>Authentication</code> object for the current secure
 	 * object invocation, or <code>null</code> if replacement not required.
-	 *
 	 * @param authentication the caller invoking the secure object
 	 * @param object the secured object being called
 	 * @param attributes the configuration attributes associated with the secure object
 	 * being invoked
-	 *
 	 * @return a replacement object to be used for duration of the secure object
 	 * invocation, or <code>null</code> if the <code>Authentication</code> should be left
 	 * as is
 	 */
-	Authentication buildRunAs(Authentication authentication, Object object,
-			Collection<ConfigAttribute> attributes);
+	Authentication buildRunAs(Authentication authentication, Object object, Collection<ConfigAttribute> attributes);
 
 	/**
 	 * Indicates whether this <code>RunAsManager</code> is able to process the passed
@@ -87,10 +85,8 @@ public interface RunAsManager {
 	 * <code>AccessDecisionManager</code> and/or <code>RunAsManager</code> and/or
 	 * <code>AfterInvocationManager</code>.
 	 * </p>
-	 *
 	 * @param attribute a configuration attribute that has been configured against the
 	 * <code>AbstractSecurityInterceptor</code>
-	 *
 	 * @return <code>true</code> if this <code>RunAsManager</code> can support the passed
 	 * configuration attribute
 	 */
@@ -99,10 +95,9 @@ public interface RunAsManager {
 	/**
 	 * Indicates whether the <code>RunAsManager</code> implementation is able to provide
 	 * run-as replacement for the indicated secure object type.
-	 *
 	 * @param clazz the class that is being queried
-	 *
 	 * @return true if the implementation can process the indicated class
 	 */
 	boolean supports(Class<?> clazz);
+
 }
diff --git a/core/src/main/java/org/springframework/security/access/intercept/RunAsManagerImpl.java b/core/src/main/java/org/springframework/security/access/intercept/RunAsManagerImpl.java
index 5efcd78d40..8f2794dea5 100644
--- a/core/src/main/java/org/springframework/security/access/intercept/RunAsManagerImpl.java
+++ b/core/src/main/java/org/springframework/security/access/intercept/RunAsManagerImpl.java
@@ -54,18 +54,19 @@ import org.springframework.util.Assert;
  * @author colin sampaleanu
  */
 public class RunAsManagerImpl implements RunAsManager, InitializingBean {
+
 	// ~ Instance fields
 	// ================================================================================================
 
 	private String key;
+
 	private String rolePrefix = "ROLE_";
 
 	// ~ Methods
 	// ========================================================================================================
 
 	public void afterPropertiesSet() {
-		Assert.notNull(
-				key,
+		Assert.notNull(key,
 				"A Key is required and should match that configured for the RunAsImplAuthenticationProvider");
 	}
 
@@ -88,9 +89,8 @@ public class RunAsManagerImpl implements RunAsManager, InitializingBean {
 		// Add existing authorities
 		newAuthorities.addAll(authentication.getAuthorities());
 
-		return new RunAsUserToken(this.key, authentication.getPrincipal(),
-				authentication.getCredentials(), newAuthorities,
-				authentication.getClass());
+		return new RunAsUserToken(this.key, authentication.getPrincipal(), authentication.getCredentials(),
+				newAuthorities, authentication.getClass());
 	}
 
 	public String getKey() {
@@ -108,7 +108,6 @@ public class RunAsManagerImpl implements RunAsManager, InitializingBean {
 	/**
 	 * Allows the default role prefix of <code>ROLE_</code> to be overridden. May be set
 	 * to an empty value, although this is usually not desirable.
-	 *
 	 * @param rolePrefix the new prefix
 	 */
 	public void setRolePrefix(String rolePrefix) {
@@ -116,19 +115,17 @@ public class RunAsManagerImpl implements RunAsManager, InitializingBean {
 	}
 
 	public boolean supports(ConfigAttribute attribute) {
-		return attribute.getAttribute() != null
-				&& attribute.getAttribute().startsWith("RUN_AS_");
+		return attribute.getAttribute() != null && attribute.getAttribute().startsWith("RUN_AS_");
 	}
 
 	/**
 	 * This implementation supports any type of class, because it does not query the
 	 * presented secure object.
-	 *
 	 * @param clazz the secure object
-	 *
 	 * @return always <code>true</code>
 	 */
 	public boolean supports(Class<?> clazz) {
 		return true;
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/access/intercept/RunAsUserToken.java b/core/src/main/java/org/springframework/security/access/intercept/RunAsUserToken.java
index e050f4433f..fe608b511c 100644
--- a/core/src/main/java/org/springframework/security/access/intercept/RunAsUserToken.java
+++ b/core/src/main/java/org/springframework/security/access/intercept/RunAsUserToken.java
@@ -37,8 +37,11 @@ public class RunAsUserToken extends AbstractAuthenticationToken {
 	// ================================================================================================
 
 	private final Class<? extends Authentication> originalAuthentication;
+
 	private final Object credentials;
+
 	private final Object principal;
+
 	private final int keyHash;
 
 	// ~ Constructors
@@ -79,10 +82,10 @@ public class RunAsUserToken extends AbstractAuthenticationToken {
 	@Override
 	public String toString() {
 		StringBuilder sb = new StringBuilder(super.toString());
-		String className = this.originalAuthentication == null ? null
-				: this.originalAuthentication.getName();
+		String className = this.originalAuthentication == null ? null : this.originalAuthentication.getName();
 		sb.append("; Original Class: ").append(className);
 
 		return sb.toString();
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptor.java b/core/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptor.java
index bb7f8d236a..f69054698c 100644
--- a/core/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptor.java
+++ b/core/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptor.java
@@ -37,8 +37,8 @@ import org.aopalliance.intercept.MethodInvocation;
  * @author Ben Alex
  * @author Rob Winch
  */
-public class MethodSecurityInterceptor extends AbstractSecurityInterceptor implements
-		MethodInterceptor {
+public class MethodSecurityInterceptor extends AbstractSecurityInterceptor implements MethodInterceptor {
+
 	// ~ Instance fields
 	// ================================================================================================
 
@@ -53,12 +53,9 @@ public class MethodSecurityInterceptor extends AbstractSecurityInterceptor imple
 
 	/**
 	 * This method should be used to enforce security on a <code>MethodInvocation</code>.
-	 *
 	 * @param mi The method being invoked which requires a security decision
-	 *
 	 * @return The returned value from the method invocation (possibly modified by the
 	 * {@code AfterInvocationManager}).
-	 *
 	 * @throws Throwable if any error occurs
 	 */
 	public Object invoke(MethodInvocation mi) throws Throwable {
@@ -85,4 +82,5 @@ public class MethodSecurityInterceptor extends AbstractSecurityInterceptor imple
 	public void setSecurityMetadataSource(MethodSecurityMetadataSource newSource) {
 		this.securityMetadataSource = newSource;
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisor.java b/core/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisor.java
index d6ba04d102..bec9cb0bf8 100644
--- a/core/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisor.java
+++ b/core/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisor.java
@@ -38,8 +38,8 @@ import org.springframework.util.Assert;
  * {@link MethodInterceptor} from public (non-secure) methods.
  * <p>
  * Because the AOP framework caches advice calculations, this is normally faster than just
- * letting the <code>MethodInterceptor</code> run and find out itself that it has
- * no work to do.
+ * letting the <code>MethodInterceptor</code> run and find out itself that it has no work
+ * to do.
  * <p>
  * This class also allows the use of Spring's {@code DefaultAdvisorAutoProxyCreator},
  * which makes configuration easier than setup a <code>ProxyFactoryBean</code> for each
@@ -51,17 +51,23 @@ import org.springframework.util.Assert;
  * @author Ben Alex
  * @author Luke Taylor
  */
-public class MethodSecurityMetadataSourceAdvisor extends AbstractPointcutAdvisor
-		implements BeanFactoryAware {
+public class MethodSecurityMetadataSourceAdvisor extends AbstractPointcutAdvisor implements BeanFactoryAware {
+
 	// ~ Instance fields
 	// ================================================================================================
 
 	private transient MethodSecurityMetadataSource attributeSource;
+
 	private transient MethodInterceptor interceptor;
+
 	private final Pointcut pointcut = new MethodSecurityMetadataSourcePointcut();
+
 	private BeanFactory beanFactory;
+
 	private final String adviceBeanName;
+
 	private final String metadataSourceBeanName;
+
 	private transient volatile Object adviceMonitor = new Object();
 
 	// ~ Constructors
@@ -73,19 +79,17 @@ public class MethodSecurityMetadataSourceAdvisor extends AbstractPointcutAdvisor
 	 * instantiation of the interceptor (and hence the AuthenticationManager). See
 	 * SEC-773, for example. The metadataSourceBeanName is used rather than a direct
 	 * reference to support serialization via a bean factory lookup.
-	 *
 	 * @param adviceBeanName name of the MethodSecurityInterceptor bean
 	 * @param attributeSource the SecurityMetadataSource (should be the same as the one
 	 * used on the interceptor)
 	 * @param attributeSourceBeanName the bean name of the attributeSource (required for
 	 * serialization)
 	 */
-	public MethodSecurityMetadataSourceAdvisor(String adviceBeanName,
-			MethodSecurityMetadataSource attributeSource, String attributeSourceBeanName) {
+	public MethodSecurityMetadataSourceAdvisor(String adviceBeanName, MethodSecurityMetadataSource attributeSource,
+			String attributeSourceBeanName) {
 		Assert.notNull(adviceBeanName, "The adviceBeanName cannot be null");
 		Assert.notNull(attributeSource, "The attributeSource cannot be null");
-		Assert.notNull(attributeSourceBeanName,
-				"The attributeSourceBeanName cannot be null");
+		Assert.notNull(attributeSourceBeanName, "The attributeSourceBeanName cannot be null");
 
 		this.adviceBeanName = adviceBeanName;
 		this.attributeSource = attributeSource;
@@ -102,12 +106,9 @@ public class MethodSecurityMetadataSourceAdvisor extends AbstractPointcutAdvisor
 	public Advice getAdvice() {
 		synchronized (this.adviceMonitor) {
 			if (interceptor == null) {
-				Assert.notNull(adviceBeanName,
-						"'adviceBeanName' must be set for use with bean factory lookup.");
-				Assert.state(beanFactory != null,
-						"BeanFactory must be set to resolve 'adviceBeanName'");
-				interceptor = beanFactory.getBean(this.adviceBeanName,
-					MethodInterceptor.class);
+				Assert.notNull(adviceBeanName, "'adviceBeanName' must be set for use with bean factory lookup.");
+				Assert.state(beanFactory != null, "BeanFactory must be set to resolve 'adviceBeanName'");
+				interceptor = beanFactory.getBean(this.adviceBeanName, MethodInterceptor.class);
 			}
 			return interceptor;
 		}
@@ -117,23 +118,23 @@ public class MethodSecurityMetadataSourceAdvisor extends AbstractPointcutAdvisor
 		this.beanFactory = beanFactory;
 	}
 
-	private void readObject(ObjectInputStream ois) throws IOException,
-			ClassNotFoundException {
+	private void readObject(ObjectInputStream ois) throws IOException, ClassNotFoundException {
 		ois.defaultReadObject();
 		adviceMonitor = new Object();
-		attributeSource = beanFactory.getBean(metadataSourceBeanName,
-				MethodSecurityMetadataSource.class);
+		attributeSource = beanFactory.getBean(metadataSourceBeanName, MethodSecurityMetadataSource.class);
 	}
 
 	// ~ Inner Classes
 	// ==================================================================================================
 
-	class MethodSecurityMetadataSourcePointcut extends StaticMethodMatcherPointcut
-			implements Serializable {
+	class MethodSecurityMetadataSourcePointcut extends StaticMethodMatcherPointcut implements Serializable {
+
 		@SuppressWarnings("unchecked")
 		public boolean matches(Method m, Class targetClass) {
 			Collection attributes = attributeSource.getAttributes(m, targetClass);
 			return attributes != null && !attributes.isEmpty();
 		}
+
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/access/intercept/aopalliance/package-info.java b/core/src/main/java/org/springframework/security/access/intercept/aopalliance/package-info.java
index cdf2da36eb..9d59151f06 100644
--- a/core/src/main/java/org/springframework/security/access/intercept/aopalliance/package-info.java
+++ b/core/src/main/java/org/springframework/security/access/intercept/aopalliance/package-info.java
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 /**
- * Enforces security for AOP Alliance <code>MethodInvocation</code>s, such as via Spring AOP.
+ * Enforces security for AOP Alliance <code>MethodInvocation</code>s, such as via Spring
+ * AOP.
  */
 package org.springframework.security.access.intercept.aopalliance;
-
diff --git a/core/src/main/java/org/springframework/security/access/intercept/aspectj/AspectJCallback.java b/core/src/main/java/org/springframework/security/access/intercept/aspectj/AspectJCallback.java
index 7b76686229..d960d62372 100644
--- a/core/src/main/java/org/springframework/security/access/intercept/aspectj/AspectJCallback.java
+++ b/core/src/main/java/org/springframework/security/access/intercept/aspectj/AspectJCallback.java
@@ -24,8 +24,10 @@ package org.springframework.security.access.intercept.aspectj;
  * @author Ben Alex
  */
 public interface AspectJCallback {
+
 	// ~ Methods
 	// ========================================================================================================
 
 	Object proceedWithObject();
+
 }
diff --git a/core/src/main/java/org/springframework/security/access/intercept/aspectj/AspectJMethodSecurityInterceptor.java b/core/src/main/java/org/springframework/security/access/intercept/aspectj/AspectJMethodSecurityInterceptor.java
index c3c8fc25b1..2b9fcbe2e6 100644
--- a/core/src/main/java/org/springframework/security/access/intercept/aspectj/AspectJMethodSecurityInterceptor.java
+++ b/core/src/main/java/org/springframework/security/access/intercept/aspectj/AspectJMethodSecurityInterceptor.java
@@ -36,7 +36,6 @@ public final class AspectJMethodSecurityInterceptor extends MethodSecurityInterc
 
 	/**
 	 * Method that is suitable for user with @Aspect notation.
-	 *
 	 * @param jp The AspectJ joint point being invoked which requires a security decision
 	 * @return The returned value from the method invocation
 	 * @throws Throwable if the invocation throws one
@@ -47,16 +46,13 @@ public final class AspectJMethodSecurityInterceptor extends MethodSecurityInterc
 
 	/**
 	 * Method that is suitable for user with traditional AspectJ-code aspects.
-	 *
 	 * @param jp The AspectJ joint point being invoked which requires a security decision
 	 * @param advisorProceed the advice-defined anonymous class that implements
 	 * {@code AspectJCallback} containing a simple {@code return proceed();} statement
-	 *
 	 * @return The returned value from the method invocation
 	 */
 	public Object invoke(JoinPoint jp, AspectJCallback advisorProceed) {
-		InterceptorStatusToken token = super
-				.beforeInvocation(new MethodInvocationAdapter(jp));
+		InterceptorStatusToken token = super.beforeInvocation(new MethodInvocationAdapter(jp));
 
 		Object result;
 		try {
@@ -68,4 +64,5 @@ public final class AspectJMethodSecurityInterceptor extends MethodSecurityInterc
 
 		return super.afterInvocation(token, result);
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/access/intercept/aspectj/MethodInvocationAdapter.java b/core/src/main/java/org/springframework/security/access/intercept/aspectj/MethodInvocationAdapter.java
index d7dc2ea554..5a19ddffaf 100644
--- a/core/src/main/java/org/springframework/security/access/intercept/aspectj/MethodInvocationAdapter.java
+++ b/core/src/main/java/org/springframework/security/access/intercept/aspectj/MethodInvocationAdapter.java
@@ -31,8 +31,11 @@ import org.aspectj.lang.reflect.CodeSignature;
  * @since 3.0.3
  */
 public final class MethodInvocationAdapter implements MethodInvocation {
+
 	private final ProceedingJoinPoint jp;
+
 	private final Method method;
+
 	private final Object target;
 
 	MethodInvocationAdapter(JoinPoint jp) {
@@ -45,15 +48,13 @@ public final class MethodInvocationAdapter implements MethodInvocation {
 			target = jp.getSignature().getDeclaringType();
 		}
 		String targetMethodName = jp.getStaticPart().getSignature().getName();
-		Class<?>[] types = ((CodeSignature) jp.getStaticPart().getSignature())
-				.getParameterTypes();
+		Class<?>[] types = ((CodeSignature) jp.getStaticPart().getSignature()).getParameterTypes();
 		Class<?> declaringType = jp.getStaticPart().getSignature().getDeclaringType();
 
 		method = findMethod(targetMethodName, declaringType, types);
 
 		if (method == null) {
-			throw new IllegalArgumentException(
-					"Could not obtain target method from JoinPoint: '" + jp + "'");
+			throw new IllegalArgumentException("Could not obtain target method from JoinPoint: '" + jp + "'");
 		}
 	}
 
@@ -96,4 +97,5 @@ public final class MethodInvocationAdapter implements MethodInvocation {
 	public Object proceed() throws Throwable {
 		return jp.proceed();
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/access/intercept/aspectj/package-info.java b/core/src/main/java/org/springframework/security/access/intercept/aspectj/package-info.java
index 37139ad9b8..d8e8792d9d 100644
--- a/core/src/main/java/org/springframework/security/access/intercept/aspectj/package-info.java
+++ b/core/src/main/java/org/springframework/security/access/intercept/aspectj/package-info.java
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 /**
- * Enforces security for AspectJ <code>JointPoint</code>s, delegating secure object callbacks to the calling aspect.
+ * Enforces security for AspectJ <code>JointPoint</code>s, delegating secure object
+ * callbacks to the calling aspect.
  */
 package org.springframework.security.access.intercept.aspectj;
-
diff --git a/core/src/main/java/org/springframework/security/access/intercept/package-info.java b/core/src/main/java/org/springframework/security/access/intercept/package-info.java
index e2c7501807..02bcbacd7a 100644
--- a/core/src/main/java/org/springframework/security/access/intercept/package-info.java
+++ b/core/src/main/java/org/springframework/security/access/intercept/package-info.java
@@ -17,21 +17,19 @@
  * Abstract level security interception classes which are responsible for enforcing the
  * configured security constraints for a secure object.
  * <p>
- * A <i>secure object</i> is a term frequently used throughout the security
- * system. It does <b>not</b> refer to a business object that is being
- * secured, but instead refers to some infrastructure object that can have
- * security facilities provided for it by Spring Security.
- * For example, one secure object would be <code>MethodInvocation</code>,
- * whilst another would be HTTP
- * {@code org.springframework.security.web.FilterInvocation}. Note these are
- * infrastructure objects and their design allows them to represent a large
- * variety of actual resources that might need to be secured, such as business
- * objects or HTTP request URLs.
- * <p>Each secure object typically has its own interceptor package.
- * Each package usually includes a concrete security interceptor (which subclasses
- * {@link org.springframework.security.access.intercept.AbstractSecurityInterceptor}) and an
- * appropriate {@link org.springframework.security.access.SecurityMetadataSource}
- * for the type of resources the secure object represents.
+ * A <i>secure object</i> is a term frequently used throughout the security system. It
+ * does <b>not</b> refer to a business object that is being secured, but instead refers to
+ * some infrastructure object that can have security facilities provided for it by Spring
+ * Security. For example, one secure object would be <code>MethodInvocation</code>, whilst
+ * another would be HTTP {@code org.springframework.security.web.FilterInvocation}. Note
+ * these are infrastructure objects and their design allows them to represent a large
+ * variety of actual resources that might need to be secured, such as business objects or
+ * HTTP request URLs.
+ * <p>
+ * Each secure object typically has its own interceptor package. Each package usually
+ * includes a concrete security interceptor (which subclasses
+ * {@link org.springframework.security.access.intercept.AbstractSecurityInterceptor}) and
+ * an appropriate {@link org.springframework.security.access.SecurityMetadataSource} for
+ * the type of resources the secure object represents.
  */
 package org.springframework.security.access.intercept;
-
diff --git a/core/src/main/java/org/springframework/security/access/method/AbstractFallbackMethodSecurityMetadataSource.java b/core/src/main/java/org/springframework/security/access/method/AbstractFallbackMethodSecurityMetadataSource.java
index ef65794b08..61627c34fe 100644
--- a/core/src/main/java/org/springframework/security/access/method/AbstractFallbackMethodSecurityMetadataSource.java
+++ b/core/src/main/java/org/springframework/security/access/method/AbstractFallbackMethodSecurityMetadataSource.java
@@ -42,8 +42,7 @@ import org.springframework.security.access.ConfigAttribute;
  * @author Luke taylor
  * @since 2.0
  */
-public abstract class AbstractFallbackMethodSecurityMetadataSource extends
-		AbstractMethodSecurityMetadataSource {
+public abstract class AbstractFallbackMethodSecurityMetadataSource extends AbstractMethodSecurityMetadataSource {
 
 	public Collection<ConfigAttribute> getAttributes(Method method, Class<?> targetClass) {
 		// The method may be on an interface, but we need attributes from the target
@@ -83,13 +82,11 @@ public abstract class AbstractFallbackMethodSecurityMetadataSource extends
 	 * may wish to provide advanced capabilities related to method metadata being
 	 * "registered" against a method even if the target class does not declare the method
 	 * (i.e. the subclass may only inherit the method).
-	 *
 	 * @param method the method for the current invocation (never <code>null</code>)
 	 * @param targetClass the target class for the invocation (may be <code>null</code>)
 	 * @return the security metadata (or null if no metadata applies)
 	 */
-	protected abstract Collection<ConfigAttribute> findAttributes(Method method,
-			Class<?> targetClass);
+	protected abstract Collection<ConfigAttribute> findAttributes(Method method, Class<?> targetClass);
 
 	/**
 	 * Obtains the security metadata registered against the specified class.
@@ -99,7 +96,6 @@ public abstract class AbstractFallbackMethodSecurityMetadataSource extends
 	 * should NOT aggregate metadata for each method registered against a class, as the
 	 * abstract superclass will separate invoke {@link #findAttributes(Method, Class)} for
 	 * individual methods as appropriate.
-	 *
 	 * @param clazz the target class for the invocation (never <code>null</code>)
 	 * @return the security metadata (or null if no metadata applies)
 	 */
diff --git a/core/src/main/java/org/springframework/security/access/method/AbstractMethodSecurityMetadataSource.java b/core/src/main/java/org/springframework/security/access/method/AbstractMethodSecurityMetadataSource.java
index dcb4d987e3..88dc80fb05 100644
--- a/core/src/main/java/org/springframework/security/access/method/AbstractMethodSecurityMetadataSource.java
+++ b/core/src/main/java/org/springframework/security/access/method/AbstractMethodSecurityMetadataSource.java
@@ -31,8 +31,7 @@ import org.springframework.security.access.ConfigAttribute;
  * @author Ben Alex
  * @author Luke Taylor
  */
-public abstract class AbstractMethodSecurityMetadataSource implements
-		MethodSecurityMetadataSource {
+public abstract class AbstractMethodSecurityMetadataSource implements MethodSecurityMetadataSource {
 
 	protected final Log logger = LogFactory.getLog(getClass());
 
@@ -65,4 +64,5 @@ public abstract class AbstractMethodSecurityMetadataSource implements
 	public final boolean supports(Class<?> clazz) {
 		return (MethodInvocation.class.isAssignableFrom(clazz));
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/access/method/DelegatingMethodSecurityMetadataSource.java b/core/src/main/java/org/springframework/security/access/method/DelegatingMethodSecurityMetadataSource.java
index 9d85983e33..e51853c6cb 100644
--- a/core/src/main/java/org/springframework/security/access/method/DelegatingMethodSecurityMetadataSource.java
+++ b/core/src/main/java/org/springframework/security/access/method/DelegatingMethodSecurityMetadataSource.java
@@ -36,21 +36,19 @@ import org.springframework.util.ObjectUtils;
  * @author Ben Alex
  * @author Luke Taylor
  */
-public final class DelegatingMethodSecurityMetadataSource extends
-		AbstractMethodSecurityMetadataSource {
-	private final static List<ConfigAttribute> NULL_CONFIG_ATTRIBUTE = Collections
-			.emptyList();
+public final class DelegatingMethodSecurityMetadataSource extends AbstractMethodSecurityMetadataSource {
+
+	private final static List<ConfigAttribute> NULL_CONFIG_ATTRIBUTE = Collections.emptyList();
 
 	private final List<MethodSecurityMetadataSource> methodSecurityMetadataSources;
+
 	private final Map<DefaultCacheKey, Collection<ConfigAttribute>> attributeCache = new HashMap<>();
 
 	// ~ Constructor
 	// ====================================================================================================
 
-	public DelegatingMethodSecurityMetadataSource(
-			List<MethodSecurityMetadataSource> methodSecurityMetadataSources) {
-		Assert.notNull(methodSecurityMetadataSources,
-				"MethodSecurityMetadataSources cannot be null");
+	public DelegatingMethodSecurityMetadataSource(List<MethodSecurityMetadataSource> methodSecurityMetadataSources) {
+		Assert.notNull(methodSecurityMetadataSources, "MethodSecurityMetadataSources cannot be null");
 		this.methodSecurityMetadataSources = methodSecurityMetadataSources;
 	}
 
@@ -83,8 +81,7 @@ public final class DelegatingMethodSecurityMetadataSource extends
 			}
 
 			if (logger.isDebugEnabled()) {
-				logger.debug("Caching method [" + cacheKey + "] with attributes "
-						+ attributes);
+				logger.debug("Caching method [" + cacheKey + "] with attributes " + attributes);
 			}
 
 			this.attributeCache.put(cacheKey, attributes);
@@ -113,7 +110,9 @@ public final class DelegatingMethodSecurityMetadataSource extends
 	// ==================================================================================================
 
 	private static class DefaultCacheKey {
+
 		private final Method method;
+
 		private final Class<?> targetClass;
 
 		DefaultCacheKey(Method method, Class<?> targetClass) {
@@ -124,20 +123,20 @@ public final class DelegatingMethodSecurityMetadataSource extends
 		@Override
 		public boolean equals(Object other) {
 			DefaultCacheKey otherKey = (DefaultCacheKey) other;
-			return (this.method.equals(otherKey.method) && ObjectUtils.nullSafeEquals(
-					this.targetClass, otherKey.targetClass));
+			return (this.method.equals(otherKey.method)
+					&& ObjectUtils.nullSafeEquals(this.targetClass, otherKey.targetClass));
 		}
 
 		@Override
 		public int hashCode() {
-			return this.method.hashCode() * 21
-					+ (this.targetClass != null ? this.targetClass.hashCode() : 0);
+			return this.method.hashCode() * 21 + (this.targetClass != null ? this.targetClass.hashCode() : 0);
 		}
 
 		@Override
 		public String toString() {
-			return "CacheKey[" + (targetClass == null ? "-" : targetClass.getName())
-					+ "; " + method + "]";
+			return "CacheKey[" + (targetClass == null ? "-" : targetClass.getName()) + "; " + method + "]";
 		}
+
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/access/method/MapBasedMethodSecurityMetadataSource.java b/core/src/main/java/org/springframework/security/access/method/MapBasedMethodSecurityMetadataSource.java
index df79e47b1e..2591c1655c 100644
--- a/core/src/main/java/org/springframework/security/access/method/MapBasedMethodSecurityMetadataSource.java
+++ b/core/src/main/java/org/springframework/security/access/method/MapBasedMethodSecurityMetadataSource.java
@@ -42,8 +42,8 @@ import org.springframework.util.ClassUtils;
  * @author Ben Alex
  * @since 2.0
  */
-public class MapBasedMethodSecurityMetadataSource extends
-		AbstractFallbackMethodSecurityMetadataSource implements BeanClassLoaderAware {
+public class MapBasedMethodSecurityMetadataSource extends AbstractFallbackMethodSecurityMetadataSource
+		implements BeanClassLoaderAware {
 
 	// ~ Instance fields
 	// ================================================================================================
@@ -65,8 +65,7 @@ public class MapBasedMethodSecurityMetadataSource extends
 	 * Creates the <tt>MapBasedMethodSecurityMetadataSource</tt> from a
 	 * @param methodMap map of method names to <tt>ConfigAttribute</tt>s.
 	 */
-	public MapBasedMethodSecurityMetadataSource(
-			Map<String, List<ConfigAttribute>> methodMap) {
+	public MapBasedMethodSecurityMetadataSource(Map<String, List<ConfigAttribute>> methodMap) {
 		for (Map.Entry<String, List<ConfigAttribute>> entry : methodMap.entrySet()) {
 			addSecureMethod(entry.getKey(), entry.getValue());
 		}
@@ -85,8 +84,7 @@ public class MapBasedMethodSecurityMetadataSource extends
 	 * applicable.
 	 */
 	@Override
-	protected Collection<ConfigAttribute> findAttributes(Method method,
-			Class<?> targetClass) {
+	protected Collection<ConfigAttribute> findAttributes(Method method, Class<?> targetClass) {
 		if (targetClass == null) {
 			return null;
 		}
@@ -94,8 +92,7 @@ public class MapBasedMethodSecurityMetadataSource extends
 		return findAttributesSpecifiedAgainst(method, targetClass);
 	}
 
-	private List<ConfigAttribute> findAttributesSpecifiedAgainst(Method method,
-			Class<?> clazz) {
+	private List<ConfigAttribute> findAttributesSpecifiedAgainst(Method method, Class<?> clazz) {
 		RegisteredMethod registeredMethod = new RegisteredMethod(method, clazz);
 		if (methodMap.containsKey(registeredMethod)) {
 			return methodMap.get(registeredMethod);
@@ -110,7 +107,6 @@ public class MapBasedMethodSecurityMetadataSource extends
 	/**
 	 * Add configuration attributes for a secure method. Method names can end or start
 	 * with <code>*</code> for matching multiple methods.
-	 *
 	 * @param name type and method name, separated by a dot
 	 * @param attr the security attributes associated with the method
 	 */
@@ -118,8 +114,7 @@ public class MapBasedMethodSecurityMetadataSource extends
 		int lastDotIndex = name.lastIndexOf(".");
 
 		if (lastDotIndex == -1) {
-			throw new IllegalArgumentException("'" + name
-					+ "' is not a valid method name: format is FQN.methodName");
+			throw new IllegalArgumentException("'" + name + "' is not a valid method name: format is FQN.methodName");
 		}
 
 		String methodName = name.substring(lastDotIndex + 1);
@@ -134,19 +129,16 @@ public class MapBasedMethodSecurityMetadataSource extends
 	/**
 	 * Add configuration attributes for a secure method. Mapped method names can end or
 	 * start with <code>*</code> for matching multiple methods.
-	 *
 	 * @param javaType target interface or class the security configuration attribute
 	 * applies to
 	 * @param mappedName mapped method name, which the javaType has declared or inherited
 	 * @param attr required authorities associated with the method
 	 */
-	public void addSecureMethod(Class<?> javaType, String mappedName,
-			List<ConfigAttribute> attr) {
+	public void addSecureMethod(Class<?> javaType, String mappedName, List<ConfigAttribute> attr) {
 		String name = javaType.getName() + '.' + mappedName;
 
 		if (logger.isDebugEnabled()) {
-			logger.debug("Request to add secure method [" + name + "] with attributes ["
-					+ attr + "]");
+			logger.debug("Request to add secure method [" + name + "] with attributes [" + attr + "]");
 		}
 
 		Method[] methods = javaType.getMethods();
@@ -159,8 +151,7 @@ public class MapBasedMethodSecurityMetadataSource extends
 		}
 
 		if (matchingMethods.isEmpty()) {
-			throw new IllegalArgumentException("Couldn't find method '" + mappedName
-					+ "' on '" + javaType + "'");
+			throw new IllegalArgumentException("Couldn't find method '" + mappedName + "' on '" + javaType + "'");
 		}
 
 		// register all matching methods
@@ -168,24 +159,20 @@ public class MapBasedMethodSecurityMetadataSource extends
 			RegisteredMethod registeredMethod = new RegisteredMethod(method, javaType);
 			String regMethodName = this.nameMap.get(registeredMethod);
 
-			if ((regMethodName == null)
-					|| (!regMethodName.equals(name) && (regMethodName.length() <= name
-							.length()))) {
+			if ((regMethodName == null) || (!regMethodName.equals(name) && (regMethodName.length() <= name.length()))) {
 				// no already registered method name, or more specific
 				// method name specification now -> (re-)register method
 				if (regMethodName != null) {
-					logger.debug("Replacing attributes for secure method [" + method
-							+ "]: current name [" + name + "] is more specific than ["
-							+ regMethodName + "]");
+					logger.debug("Replacing attributes for secure method [" + method + "]: current name [" + name
+							+ "] is more specific than [" + regMethodName + "]");
 				}
 
 				this.nameMap.put(registeredMethod, name);
 				addSecureMethod(registeredMethod, attr);
 			}
 			else {
-				logger.debug("Keeping attributes for secure method [" + method
-						+ "]: current name [" + name + "] is not more specific than ["
-						+ regMethodName + "]");
+				logger.debug("Keeping attributes for secure method [" + method + "]: current name [" + name
+						+ "] is not more specific than [" + regMethodName + "]");
 			}
 		}
 	}
@@ -199,14 +186,11 @@ public class MapBasedMethodSecurityMetadataSource extends
 	 * <p>
 	 * This method should only be called during initialization of the {@code BeanFactory}.
 	 */
-	public void addSecureMethod(Class<?> javaType, Method method,
-			List<ConfigAttribute> attr) {
+	public void addSecureMethod(Class<?> javaType, Method method, List<ConfigAttribute> attr) {
 		RegisteredMethod key = new RegisteredMethod(method, javaType);
 
 		if (methodMap.containsKey(key)) {
-			logger.debug("Method [" + method
-					+ "] is already registered with attributes [" + methodMap.get(key)
-					+ "]");
+			logger.debug("Method [" + method + "] is already registered with attributes [" + methodMap.get(key) + "]");
 			return;
 		}
 
@@ -215,7 +199,6 @@ public class MapBasedMethodSecurityMetadataSource extends
 
 	/**
 	 * Add configuration attributes for a secure method.
-	 *
 	 * @param method the method to be secured
 	 * @param attr required authorities associated with the method
 	 */
@@ -223,15 +206,13 @@ public class MapBasedMethodSecurityMetadataSource extends
 		Assert.notNull(method, "RegisteredMethod required");
 		Assert.notNull(attr, "Configuration attribute required");
 		if (logger.isInfoEnabled()) {
-			logger.info("Adding secure method [" + method + "] with attributes [" + attr
-					+ "]");
+			logger.info("Adding secure method [" + method + "] with attributes [" + attr + "]");
 		}
 		this.methodMap.put(method, attr);
 	}
 
 	/**
 	 * Obtains the configuration attributes explicitly defined against this bean.
-	 *
 	 * @return the attributes explicitly defined against this bean
 	 */
 	@Override
@@ -248,17 +229,13 @@ public class MapBasedMethodSecurityMetadataSource extends
 	/**
 	 * Return if the given method name matches the mapped name. The default implementation
 	 * checks for "xxx" and "xxx" matches.
-	 *
 	 * @param methodName the method name of the class
 	 * @param mappedName the name in the descriptor
-	 *
 	 * @return if the names match
 	 */
 	private boolean isMatch(String methodName, String mappedName) {
-		return (mappedName.endsWith("*") && methodName.startsWith(mappedName.substring(0,
-				mappedName.length() - 1)))
-				|| (mappedName.startsWith("*") && methodName.endsWith(mappedName
-						.substring(1, mappedName.length())));
+		return (mappedName.endsWith("*") && methodName.startsWith(mappedName.substring(0, mappedName.length() - 1)))
+				|| (mappedName.startsWith("*") && methodName.endsWith(mappedName.substring(1, mappedName.length())));
 	}
 
 	@Override
@@ -284,7 +261,9 @@ public class MapBasedMethodSecurityMetadataSource extends
 	 * we're invoking against and the Method will provide details of the declared class.
 	 */
 	private static class RegisteredMethod {
+
 		private final Method method;
+
 		private final Class<?> registeredJavaType;
 
 		RegisteredMethod(Method method, Class<?> registeredJavaType) {
@@ -301,8 +280,7 @@ public class MapBasedMethodSecurityMetadataSource extends
 			}
 			if (obj != null && obj instanceof RegisteredMethod) {
 				RegisteredMethod rhs = (RegisteredMethod) obj;
-				return method.equals(rhs.method)
-						&& registeredJavaType.equals(rhs.registeredJavaType);
+				return method.equals(rhs.method) && registeredJavaType.equals(rhs.registeredJavaType);
 			}
 			return false;
 		}
@@ -314,9 +292,9 @@ public class MapBasedMethodSecurityMetadataSource extends
 
 		@Override
 		public String toString() {
-			return "RegisteredMethod[" + registeredJavaType.getName() + "; " + method
-					+ "]";
+			return "RegisteredMethod[" + registeredJavaType.getName() + "; " + method + "]";
 		}
+
 	}
 
 }
diff --git a/core/src/main/java/org/springframework/security/access/method/MethodSecurityMetadataSource.java b/core/src/main/java/org/springframework/security/access/method/MethodSecurityMetadataSource.java
index adfc739ed7..5cfb3ff9ca 100644
--- a/core/src/main/java/org/springframework/security/access/method/MethodSecurityMetadataSource.java
+++ b/core/src/main/java/org/springframework/security/access/method/MethodSecurityMetadataSource.java
@@ -29,5 +29,7 @@ import org.springframework.security.access.SecurityMetadataSource;
  * @author Ben Alex
  */
 public interface MethodSecurityMetadataSource extends SecurityMetadataSource {
+
 	Collection<ConfigAttribute> getAttributes(Method method, Class<?> targetClass);
+
 }
diff --git a/core/src/main/java/org/springframework/security/access/method/P.java b/core/src/main/java/org/springframework/security/access/method/P.java
index 0d8139e455..b164c572ab 100644
--- a/core/src/main/java/org/springframework/security/access/method/P.java
+++ b/core/src/main/java/org/springframework/security/access/method/P.java
@@ -45,4 +45,5 @@ public @interface P {
 	 * @return
 	 */
 	String value();
+
 }
\ No newline at end of file
diff --git a/core/src/main/java/org/springframework/security/access/method/package-info.java b/core/src/main/java/org/springframework/security/access/method/package-info.java
index b90eb4948e..619c0bde09 100644
--- a/core/src/main/java/org/springframework/security/access/method/package-info.java
+++ b/core/src/main/java/org/springframework/security/access/method/package-info.java
@@ -14,8 +14,7 @@
  * limitations under the License.
  */
 /**
- * Provides {@code SecurityMetadataSource} implementations for securing Java method invocations via different
- * AOP libraries.
+ * Provides {@code SecurityMetadataSource} implementations for securing Java method
+ * invocations via different AOP libraries.
  */
 package org.springframework.security.access.method;
-
diff --git a/core/src/main/java/org/springframework/security/access/package-info.java b/core/src/main/java/org/springframework/security/access/package-info.java
index 99908b931a..ebf53f5585 100644
--- a/core/src/main/java/org/springframework/security/access/package-info.java
+++ b/core/src/main/java/org/springframework/security/access/package-info.java
@@ -14,9 +14,10 @@
  * limitations under the License.
  */
 /**
- * Core access-control related code, including security metadata related classes, interception code, access control
- * annotations, EL support and voter-based implementations of the central
- * {@link org.springframework.security.access.AccessDecisionManager AccessDecisionManager} interface.
+ * Core access-control related code, including security metadata related classes,
+ * interception code, access control annotations, EL support and voter-based
+ * implementations of the central
+ * {@link org.springframework.security.access.AccessDecisionManager AccessDecisionManager}
+ * interface.
  */
 package org.springframework.security.access;
-
diff --git a/core/src/main/java/org/springframework/security/access/prepost/PostAuthorize.java b/core/src/main/java/org/springframework/security/access/prepost/PostAuthorize.java
index 18e5abe644..379c3dcbd5 100644
--- a/core/src/main/java/org/springframework/security/access/prepost/PostAuthorize.java
+++ b/core/src/main/java/org/springframework/security/access/prepost/PostAuthorize.java
@@ -34,9 +34,11 @@ import java.lang.annotation.Target;
 @Inherited
 @Documented
 public @interface PostAuthorize {
+
 	/**
 	 * @return the Spring-EL expression to be evaluated after invoking the protected
 	 * method
 	 */
 	String value();
+
 }
diff --git a/core/src/main/java/org/springframework/security/access/prepost/PostFilter.java b/core/src/main/java/org/springframework/security/access/prepost/PostFilter.java
index 73efa4ad3b..5628e972eb 100644
--- a/core/src/main/java/org/springframework/security/access/prepost/PostFilter.java
+++ b/core/src/main/java/org/springframework/security/access/prepost/PostFilter.java
@@ -34,9 +34,11 @@ import java.lang.annotation.Target;
 @Inherited
 @Documented
 public @interface PostFilter {
+
 	/**
 	 * @return the Spring-EL expression to be evaluated after invoking the protected
 	 * method
 	 */
 	String value();
+
 }
diff --git a/core/src/main/java/org/springframework/security/access/prepost/PostInvocationAdviceProvider.java b/core/src/main/java/org/springframework/security/access/prepost/PostInvocationAdviceProvider.java
index 6c171fb7e1..28218b7885 100644
--- a/core/src/main/java/org/springframework/security/access/prepost/PostInvocationAdviceProvider.java
+++ b/core/src/main/java/org/springframework/security/access/prepost/PostInvocationAdviceProvider.java
@@ -35,6 +35,7 @@ import org.springframework.security.core.Authentication;
  * @since 3.0
  */
 public class PostInvocationAdviceProvider implements AfterInvocationProvider {
+
 	protected final Log logger = LogFactory.getLog(getClass());
 
 	private final PostInvocationAuthorizationAdvice postAdvice;
@@ -43,9 +44,8 @@ public class PostInvocationAdviceProvider implements AfterInvocationProvider {
 		this.postAdvice = postAdvice;
 	}
 
-	public Object decide(Authentication authentication, Object object,
-			Collection<ConfigAttribute> config, Object returnedObject)
-			throws AccessDeniedException {
+	public Object decide(Authentication authentication, Object object, Collection<ConfigAttribute> config,
+			Object returnedObject) throws AccessDeniedException {
 
 		PostInvocationAttribute pia = findPostInvocationAttribute(config);
 
@@ -53,12 +53,10 @@ public class PostInvocationAdviceProvider implements AfterInvocationProvider {
 			return returnedObject;
 		}
 
-		return postAdvice.after(authentication, (MethodInvocation) object, pia,
-				returnedObject);
+		return postAdvice.after(authentication, (MethodInvocation) object, pia, returnedObject);
 	}
 
-	private PostInvocationAttribute findPostInvocationAttribute(
-			Collection<ConfigAttribute> config) {
+	private PostInvocationAttribute findPostInvocationAttribute(Collection<ConfigAttribute> config) {
 		for (ConfigAttribute attribute : config) {
 			if (attribute instanceof PostInvocationAttribute) {
 				return (PostInvocationAttribute) attribute;
@@ -75,4 +73,5 @@ public class PostInvocationAdviceProvider implements AfterInvocationProvider {
 	public boolean supports(Class<?> clazz) {
 		return clazz.isAssignableFrom(MethodInvocation.class);
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/access/prepost/PostInvocationAttribute.java b/core/src/main/java/org/springframework/security/access/prepost/PostInvocationAttribute.java
index 9608345f3e..e45a10a7d3 100644
--- a/core/src/main/java/org/springframework/security/access/prepost/PostInvocationAttribute.java
+++ b/core/src/main/java/org/springframework/security/access/prepost/PostInvocationAttribute.java
@@ -18,8 +18,8 @@ package org.springframework.security.access.prepost;
 import org.springframework.security.access.ConfigAttribute;
 
 /**
- * Marker interface for attributes which are created from combined @PostFilter and @PostAuthorize
- * annotations.
+ * Marker interface for attributes which are created from combined @PostFilter
+ * and @PostAuthorize annotations.
  * <p>
  * Consumed by a {@link PostInvocationAuthorizationAdvice}.
  *
diff --git a/core/src/main/java/org/springframework/security/access/prepost/PostInvocationAuthorizationAdvice.java b/core/src/main/java/org/springframework/security/access/prepost/PostInvocationAuthorizationAdvice.java
index 76166982ab..78f2e4b4ab 100644
--- a/core/src/main/java/org/springframework/security/access/prepost/PostInvocationAuthorizationAdvice.java
+++ b/core/src/main/java/org/springframework/security/access/prepost/PostInvocationAuthorizationAdvice.java
@@ -28,7 +28,7 @@ import org.springframework.security.core.Authentication;
  */
 public interface PostInvocationAuthorizationAdvice extends AopInfrastructureBean {
 
-	Object after(Authentication authentication, MethodInvocation mi,
-			PostInvocationAttribute pia, Object returnedObject)
+	Object after(Authentication authentication, MethodInvocation mi, PostInvocationAttribute pia, Object returnedObject)
 			throws AccessDeniedException;
+
 }
diff --git a/core/src/main/java/org/springframework/security/access/prepost/PreAuthorize.java b/core/src/main/java/org/springframework/security/access/prepost/PreAuthorize.java
index 65cc07a60f..0292b2be73 100644
--- a/core/src/main/java/org/springframework/security/access/prepost/PreAuthorize.java
+++ b/core/src/main/java/org/springframework/security/access/prepost/PreAuthorize.java
@@ -34,9 +34,11 @@ import java.lang.annotation.Target;
 @Inherited
 @Documented
 public @interface PreAuthorize {
+
 	/**
 	 * @return the Spring-EL expression to be evaluated before invoking the protected
 	 * method
 	 */
 	String value();
+
 }
diff --git a/core/src/main/java/org/springframework/security/access/prepost/PreFilter.java b/core/src/main/java/org/springframework/security/access/prepost/PreFilter.java
index 0432936576..880feedfa3 100644
--- a/core/src/main/java/org/springframework/security/access/prepost/PreFilter.java
+++ b/core/src/main/java/org/springframework/security/access/prepost/PreFilter.java
@@ -46,6 +46,7 @@ import java.lang.annotation.Target;
 @Inherited
 @Documented
 public @interface PreFilter {
+
 	/**
 	 * @return the Spring-EL expression to be evaluated before invoking the protected
 	 * method
@@ -58,4 +59,5 @@ public @interface PreFilter {
 	 * attribute can be omitted.
 	 */
 	String filterTarget() default "";
+
 }
diff --git a/core/src/main/java/org/springframework/security/access/prepost/PreInvocationAttribute.java b/core/src/main/java/org/springframework/security/access/prepost/PreInvocationAttribute.java
index a0fecd9e49..3c11e7a7fe 100644
--- a/core/src/main/java/org/springframework/security/access/prepost/PreInvocationAttribute.java
+++ b/core/src/main/java/org/springframework/security/access/prepost/PreInvocationAttribute.java
@@ -18,8 +18,8 @@ package org.springframework.security.access.prepost;
 import org.springframework.security.access.ConfigAttribute;
 
 /**
- * Marker interface for attributes which are created from combined @PreFilter and @PreAuthorize
- * annotations.
+ * Marker interface for attributes which are created from combined @PreFilter
+ * and @PreAuthorize annotations.
  * <p>
  * Consumed by a {@link PreInvocationAuthorizationAdvice}.
  *
diff --git a/core/src/main/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdvice.java b/core/src/main/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdvice.java
index 72bd17009b..1f6f75ffe7 100644
--- a/core/src/main/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdvice.java
+++ b/core/src/main/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdvice.java
@@ -30,14 +30,13 @@ public interface PreInvocationAuthorizationAdvice extends AopInfrastructureBean
 	/**
 	 * The "before" advice which should be executed to perform any filtering necessary and
 	 * to decide whether the method call is authorised.
-	 *
 	 * @param authentication the information on the principal on whose account the
 	 * decision should be made
 	 * @param mi the method invocation being attempted
-	 * @param preInvocationAttribute the attribute built from the @PreFilter and @PostFilter
-	 * annotations.
+	 * @param preInvocationAttribute the attribute built from the @PreFilter
+	 * and @PostFilter annotations.
 	 * @return true if authorised, false otherwise
 	 */
-	boolean before(Authentication authentication, MethodInvocation mi,
-			PreInvocationAttribute preInvocationAttribute);
+	boolean before(Authentication authentication, MethodInvocation mi, PreInvocationAttribute preInvocationAttribute);
+
 }
diff --git a/core/src/main/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdviceVoter.java b/core/src/main/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdviceVoter.java
index 4432fbc6cf..7c89e1c23b 100644
--- a/core/src/main/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdviceVoter.java
+++ b/core/src/main/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdviceVoter.java
@@ -37,8 +37,8 @@ import org.springframework.security.core.Authentication;
  * @author Luke Taylor
  * @since 3.0
  */
-public class PreInvocationAuthorizationAdviceVoter implements
-		AccessDecisionVoter<MethodInvocation> {
+public class PreInvocationAuthorizationAdviceVoter implements AccessDecisionVoter<MethodInvocation> {
+
 	protected final Log logger = LogFactory.getLog(getClass());
 
 	private final PreInvocationAuthorizationAdvice preAdvice;
@@ -55,8 +55,7 @@ public class PreInvocationAuthorizationAdviceVoter implements
 		return MethodInvocation.class.isAssignableFrom(clazz);
 	}
 
-	public int vote(Authentication authentication, MethodInvocation method,
-			Collection<ConfigAttribute> attributes) {
+	public int vote(Authentication authentication, MethodInvocation method, Collection<ConfigAttribute> attributes) {
 
 		// Find prefilter and preauth (or combined) attributes
 		// if both null, abstain
@@ -74,8 +73,7 @@ public class PreInvocationAuthorizationAdviceVoter implements
 		return allowed ? ACCESS_GRANTED : ACCESS_DENIED;
 	}
 
-	private PreInvocationAttribute findPreInvocationAttribute(
-			Collection<ConfigAttribute> config) {
+	private PreInvocationAttribute findPreInvocationAttribute(Collection<ConfigAttribute> config) {
 		for (ConfigAttribute attribute : config) {
 			if (attribute instanceof PreInvocationAttribute) {
 				return (PreInvocationAttribute) attribute;
@@ -84,4 +82,5 @@ public class PreInvocationAuthorizationAdviceVoter implements
 
 		return null;
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/access/prepost/PrePostAdviceReactiveMethodInterceptor.java b/core/src/main/java/org/springframework/security/access/prepost/PrePostAdviceReactiveMethodInterceptor.java
index 98ef8d43e1..debb0dce37 100644
--- a/core/src/main/java/org/springframework/security/access/prepost/PrePostAdviceReactiveMethodInterceptor.java
+++ b/core/src/main/java/org/springframework/security/access/prepost/PrePostAdviceReactiveMethodInterceptor.java
@@ -36,15 +36,16 @@ import java.lang.reflect.Method;
 import java.util.Collection;
 
 /**
- * A {@link MethodInterceptor} that supports {@link PreAuthorize} and {@link PostAuthorize} for methods that return
- * {@link Mono} or {@link Flux}
+ * A {@link MethodInterceptor} that supports {@link PreAuthorize} and
+ * {@link PostAuthorize} for methods that return {@link Mono} or {@link Flux}
  *
  * @author Rob Winch
  * @since 5.0
  */
 public class PrePostAdviceReactiveMethodInterceptor implements MethodInterceptor {
+
 	private Authentication anonymous = new AnonymousAuthenticationToken("key", "anonymous",
-		AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS"));
+			AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS"));
 
 	private final MethodSecurityMetadataSource attributeSource;
 
@@ -58,7 +59,9 @@ public class PrePostAdviceReactiveMethodInterceptor implements MethodInterceptor
 	 * @param preInvocationAdvice the {@link PreInvocationAuthorizationAdvice} to use
 	 * @param postInvocationAdvice the {@link PostInvocationAuthorizationAdvice} to use
 	 */
-	public PrePostAdviceReactiveMethodInterceptor(MethodSecurityMetadataSource attributeSource, PreInvocationAuthorizationAdvice preInvocationAdvice, PostInvocationAuthorizationAdvice postInvocationAdvice) {
+	public PrePostAdviceReactiveMethodInterceptor(MethodSecurityMetadataSource attributeSource,
+			PreInvocationAuthorizationAdvice preInvocationAdvice,
+			PostInvocationAuthorizationAdvice postInvocationAdvice) {
 		Assert.notNull(attributeSource, "attributeSource cannot be null");
 		Assert.notNull(preInvocationAdvice, "preInvocationAdvice cannot be null");
 		Assert.notNull(postInvocationAdvice, "postInvocationAdvice cannot be null");
@@ -73,52 +76,44 @@ public class PrePostAdviceReactiveMethodInterceptor implements MethodInterceptor
 		Method method = invocation.getMethod();
 		Class<?> returnType = method.getReturnType();
 		if (!Publisher.class.isAssignableFrom(returnType)) {
-			throw new IllegalStateException("The returnType " + returnType + " on " + method + " must return an instance of org.reactivestreams.Publisher (i.e. Mono / Flux) in order to support Reactor Context");
+			throw new IllegalStateException("The returnType " + returnType + " on " + method
+					+ " must return an instance of org.reactivestreams.Publisher (i.e. Mono / Flux) in order to support Reactor Context");
 		}
 		Class<?> targetClass = invocation.getThis().getClass();
-		Collection<ConfigAttribute> attributes = this.attributeSource
-			.getAttributes(method, targetClass);
+		Collection<ConfigAttribute> attributes = this.attributeSource.getAttributes(method, targetClass);
 
 		PreInvocationAttribute preAttr = findPreInvocationAttribute(attributes);
 		Mono<Authentication> toInvoke = ReactiveSecurityContextHolder.getContext()
-			.map(SecurityContext::getAuthentication)
-			.defaultIfEmpty(this.anonymous)
-			.filter( auth -> this.preInvocationAdvice.before(auth, invocation, preAttr))
-			.switchIfEmpty(Mono.defer(() -> Mono.error(new AccessDeniedException("Denied"))));
-
+				.map(SecurityContext::getAuthentication).defaultIfEmpty(this.anonymous)
+				.filter(auth -> this.preInvocationAdvice.before(auth, invocation, preAttr))
+				.switchIfEmpty(Mono.defer(() -> Mono.error(new AccessDeniedException("Denied"))));
 
 		PostInvocationAttribute attr = findPostInvocationAttribute(attributes);
 
 		if (Mono.class.isAssignableFrom(returnType)) {
-			return toInvoke
-				.flatMap( auth -> this.<Mono<?>>proceed(invocation)
-					.map( r -> attr == null ? r : this.postAdvice.after(auth, invocation, attr, r))
-				);
+			return toInvoke.flatMap(auth -> this.<Mono<?>>proceed(invocation)
+					.map(r -> attr == null ? r : this.postAdvice.after(auth, invocation, attr, r)));
 		}
 
 		if (Flux.class.isAssignableFrom(returnType)) {
-			return toInvoke
-				.flatMapMany( auth -> this.<Flux<?>>proceed(invocation)
-					.map( r -> attr == null ? r : this.postAdvice.after(auth, invocation, attr, r))
-				);
+			return toInvoke.flatMapMany(auth -> this.<Flux<?>>proceed(invocation)
+					.map(r -> attr == null ? r : this.postAdvice.after(auth, invocation, attr, r)));
 		}
 
-		return toInvoke
-			.flatMapMany( auth -> Flux.from(this.<Publisher<?>>proceed(invocation))
-				.map( r -> attr == null ? r : this.postAdvice.after(auth, invocation, attr, r))
-			);
+		return toInvoke.flatMapMany(auth -> Flux.from(this.<Publisher<?>>proceed(invocation))
+				.map(r -> attr == null ? r : this.postAdvice.after(auth, invocation, attr, r)));
 	}
 
 	private static <T extends Publisher<?>> T proceed(final MethodInvocation invocation) {
 		try {
 			return (T) invocation.proceed();
-		} catch(Throwable throwable) {
+		}
+		catch (Throwable throwable) {
 			throw Exceptions.propagate(throwable);
 		}
 	}
 
-	private static PostInvocationAttribute findPostInvocationAttribute(
-		Collection<ConfigAttribute> config) {
+	private static PostInvocationAttribute findPostInvocationAttribute(Collection<ConfigAttribute> config) {
 		for (ConfigAttribute attribute : config) {
 			if (attribute instanceof PostInvocationAttribute) {
 				return (PostInvocationAttribute) attribute;
@@ -128,8 +123,7 @@ public class PrePostAdviceReactiveMethodInterceptor implements MethodInterceptor
 		return null;
 	}
 
-	private static PreInvocationAttribute findPreInvocationAttribute(
-		Collection<ConfigAttribute> config) {
+	private static PreInvocationAttribute findPreInvocationAttribute(Collection<ConfigAttribute> config) {
 		for (ConfigAttribute attribute : config) {
 			if (attribute instanceof PreInvocationAttribute) {
 				return (PreInvocationAttribute) attribute;
@@ -138,4 +132,5 @@ public class PrePostAdviceReactiveMethodInterceptor implements MethodInterceptor
 
 		return null;
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/access/prepost/PrePostAnnotationSecurityMetadataSource.java b/core/src/main/java/org/springframework/security/access/prepost/PrePostAnnotationSecurityMetadataSource.java
index c6797debf1..16f8cc04e0 100644
--- a/core/src/main/java/org/springframework/security/access/prepost/PrePostAnnotationSecurityMetadataSource.java
+++ b/core/src/main/java/org/springframework/security/access/prepost/PrePostAnnotationSecurityMetadataSource.java
@@ -25,11 +25,12 @@ import org.springframework.security.access.method.AbstractMethodSecurityMetadata
 import org.springframework.util.ClassUtils;
 
 /**
- * <tt>MethodSecurityMetadataSource</tt> which extracts metadata from the @PreFilter and @PreAuthorize
- * annotations placed on a method. This class is merely responsible for locating the
- * relevant annotations (if any). It delegates the actual <tt>ConfigAttribute</tt>
- * creation to its {@link PrePostInvocationAttributeFactory}, thus decoupling itself from
- * the mechanism which will enforce the annotations' behaviour.
+ * <tt>MethodSecurityMetadataSource</tt> which extracts metadata from the @PreFilter
+ * and @PreAuthorize annotations placed on a method. This class is merely responsible for
+ * locating the relevant annotations (if any). It delegates the actual
+ * <tt>ConfigAttribute</tt> creation to its {@link PrePostInvocationAttributeFactory},
+ * thus decoupling itself from the mechanism which will enforce the annotations'
+ * behaviour.
  * <p>
  * Annotations may be specified on classes or methods, and method-specific annotations
  * will take precedence. If you use any annotation and do not specify a pre-authorization
@@ -41,17 +42,14 @@ import org.springframework.util.ClassUtils;
  * defined on the method itself, or at interface or class level.
  *
  * @see PreInvocationAuthorizationAdviceVoter
- *
  * @author Luke Taylor
  * @since 3.0
  */
-public class PrePostAnnotationSecurityMetadataSource extends
-		AbstractMethodSecurityMetadataSource {
+public class PrePostAnnotationSecurityMetadataSource extends AbstractMethodSecurityMetadataSource {
 
 	private final PrePostInvocationAttributeFactory attributeFactory;
 
-	public PrePostAnnotationSecurityMetadataSource(
-			PrePostInvocationAttributeFactory attributeFactory) {
+	public PrePostAnnotationSecurityMetadataSource(PrePostInvocationAttributeFactory attributeFactory) {
 		this.attributeFactory = attributeFactory;
 	}
 
@@ -60,18 +58,15 @@ public class PrePostAnnotationSecurityMetadataSource extends
 			return Collections.emptyList();
 		}
 
-		logger.trace("Looking for Pre/Post annotations for method '" + method.getName()
-				+ "' on target class '" + targetClass + "'");
+		logger.trace("Looking for Pre/Post annotations for method '" + method.getName() + "' on target class '"
+				+ targetClass + "'");
 		PreFilter preFilter = findAnnotation(method, targetClass, PreFilter.class);
-		PreAuthorize preAuthorize = findAnnotation(method, targetClass,
-				PreAuthorize.class);
+		PreAuthorize preAuthorize = findAnnotation(method, targetClass, PreAuthorize.class);
 		PostFilter postFilter = findAnnotation(method, targetClass, PostFilter.class);
 		// TODO: Can we check for void methods and throw an exception here?
-		PostAuthorize postAuthorize = findAnnotation(method, targetClass,
-				PostAuthorize.class);
+		PostAuthorize postAuthorize = findAnnotation(method, targetClass, PostAuthorize.class);
 
-		if (preFilter == null && preAuthorize == null && postFilter == null
-				&& postAuthorize == null) {
+		if (preFilter == null && preAuthorize == null && postFilter == null && postAuthorize == null) {
 			// There is no meta-data so return
 			logger.trace("No expression annotations found");
 			return Collections.emptyList();
@@ -81,20 +76,19 @@ public class PrePostAnnotationSecurityMetadataSource extends
 		String filterObject = preFilter == null ? null : preFilter.filterTarget();
 		String preAuthorizeAttribute = preAuthorize == null ? null : preAuthorize.value();
 		String postFilterAttribute = postFilter == null ? null : postFilter.value();
-		String postAuthorizeAttribute = postAuthorize == null ? null : postAuthorize
-				.value();
+		String postAuthorizeAttribute = postAuthorize == null ? null : postAuthorize.value();
 
 		ArrayList<ConfigAttribute> attrs = new ArrayList<>(2);
 
-		PreInvocationAttribute pre = attributeFactory.createPreInvocationAttribute(
-				preFilterAttribute, filterObject, preAuthorizeAttribute);
+		PreInvocationAttribute pre = attributeFactory.createPreInvocationAttribute(preFilterAttribute, filterObject,
+				preAuthorizeAttribute);
 
 		if (pre != null) {
 			attrs.add(pre);
 		}
 
-		PostInvocationAttribute post = attributeFactory.createPostInvocationAttribute(
-				postFilterAttribute, postAuthorizeAttribute);
+		PostInvocationAttribute post = attributeFactory.createPostInvocationAttribute(postFilterAttribute,
+				postAuthorizeAttribute);
 
 		if (post != null) {
 			attrs.add(post);
@@ -115,8 +109,7 @@ public class PrePostAnnotationSecurityMetadataSource extends
 	 * for the logic of this method. The ordering here is slightly different in that we
 	 * consider method-specific annotations on an interface before class-level ones.
 	 */
-	private <A extends Annotation> A findAnnotation(Method method, Class<?> targetClass,
-			Class<A> annotationClass) {
+	private <A extends Annotation> A findAnnotation(Method method, Class<?> targetClass, Class<A> annotationClass) {
 		// The method may be on an interface, but we need attributes from the target
 		// class.
 		// If the target class is null, the method will be unchanged.
@@ -140,12 +133,10 @@ public class PrePostAnnotationSecurityMetadataSource extends
 
 		// Check the class-level (note declaringClass, not targetClass, which may not
 		// actually implement the method)
-		annotation = AnnotationUtils.findAnnotation(specificMethod.getDeclaringClass(),
-				annotationClass);
+		annotation = AnnotationUtils.findAnnotation(specificMethod.getDeclaringClass(), annotationClass);
 
 		if (annotation != null) {
-			logger.debug(annotation + " found on: "
-					+ specificMethod.getDeclaringClass().getName());
+			logger.debug(annotation + " found on: " + specificMethod.getDeclaringClass().getName());
 			return annotation;
 		}
 
diff --git a/core/src/main/java/org/springframework/security/access/prepost/PrePostInvocationAttributeFactory.java b/core/src/main/java/org/springframework/security/access/prepost/PrePostInvocationAttributeFactory.java
index bd1716555a..6c6f9c3360 100644
--- a/core/src/main/java/org/springframework/security/access/prepost/PrePostInvocationAttributeFactory.java
+++ b/core/src/main/java/org/springframework/security/access/prepost/PrePostInvocationAttributeFactory.java
@@ -18,15 +18,14 @@ package org.springframework.security.access.prepost;
 import org.springframework.aop.framework.AopInfrastructureBean;
 
 /**
- *
  * @author Luke Taylor
  * @since 3.0
  */
 public interface PrePostInvocationAttributeFactory extends AopInfrastructureBean {
 
-	PreInvocationAttribute createPreInvocationAttribute(String preFilterAttribute,
-			String filterObject, String preAuthorizeAttribute);
+	PreInvocationAttribute createPreInvocationAttribute(String preFilterAttribute, String filterObject,
+			String preAuthorizeAttribute);
+
+	PostInvocationAttribute createPostInvocationAttribute(String postFilterAttribute, String postAuthorizeAttribute);
 
-	PostInvocationAttribute createPostInvocationAttribute(String postFilterAttribute,
-			String postAuthorizeAttribute);
 }
diff --git a/core/src/main/java/org/springframework/security/access/prepost/package-info.java b/core/src/main/java/org/springframework/security/access/prepost/package-info.java
index 8db4a0005b..f23230de60 100644
--- a/core/src/main/java/org/springframework/security/access/prepost/package-info.java
+++ b/core/src/main/java/org/springframework/security/access/prepost/package-info.java
@@ -14,11 +14,10 @@
  * limitations under the License.
  */
 /**
- * Contains the infrastructure classes for handling the {@code @PreAuthorize}, {@code @PreFilter}, {@code @PostAuthorize}
- * and {@code @PostFilter} annotations.
+ * Contains the infrastructure classes for handling the {@code @PreAuthorize},
+ * {@code @PreFilter}, {@code @PostAuthorize} and {@code @PostFilter} annotations.
  * <p>
- * Other than the annotations themselves, the classes should be regarded as for internal framework use and
- * are liable to change without notice.
+ * Other than the annotations themselves, the classes should be regarded as for internal
+ * framework use and are liable to change without notice.
  */
 package org.springframework.security.access.prepost;
-
diff --git a/core/src/main/java/org/springframework/security/access/vote/AbstractAccessDecisionManager.java b/core/src/main/java/org/springframework/security/access/vote/AbstractAccessDecisionManager.java
index 3cec181713..cffdef99da 100644
--- a/core/src/main/java/org/springframework/security/access/vote/AbstractAccessDecisionManager.java
+++ b/core/src/main/java/org/springframework/security/access/vote/AbstractAccessDecisionManager.java
@@ -39,8 +39,9 @@ import org.springframework.util.Assert;
  * and the access control behaviour if all voters abstain from voting (defaults to deny
  * access).
  */
-public abstract class AbstractAccessDecisionManager implements AccessDecisionManager,
-		InitializingBean, MessageSourceAware {
+public abstract class AbstractAccessDecisionManager
+		implements AccessDecisionManager, InitializingBean, MessageSourceAware {
+
 	// ~ Instance fields
 	// ================================================================================================
 	protected final Log logger = LogFactory.getLog(getClass());
@@ -51,8 +52,7 @@ public abstract class AbstractAccessDecisionManager implements AccessDecisionMan
 
 	private boolean allowIfAllAbstainDecisions = false;
 
-	protected AbstractAccessDecisionManager(
-			List<AccessDecisionVoter<?>> decisionVoters) {
+	protected AbstractAccessDecisionManager(List<AccessDecisionVoter<?>> decisionVoters) {
 		Assert.notEmpty(decisionVoters, "A list of AccessDecisionVoters is required");
 		this.decisionVoters = decisionVoters;
 	}
@@ -67,8 +67,8 @@ public abstract class AbstractAccessDecisionManager implements AccessDecisionMan
 
 	protected final void checkAllowIfAllAbstainDecisions() {
 		if (!this.isAllowIfAllAbstainDecisions()) {
-			throw new AccessDeniedException(messages.getMessage(
-					"AbstractAccessDecisionManager.accessDenied", "Access is denied"));
+			throw new AccessDeniedException(
+					messages.getMessage("AbstractAccessDecisionManager.accessDenied", "Access is denied"));
 		}
 	}
 
@@ -104,7 +104,6 @@ public abstract class AbstractAccessDecisionManager implements AccessDecisionMan
 	 * <p>
 	 * If one or more voters cannot support the presented class, <code>false</code> is
 	 * returned.
-	 *
 	 * @param clazz the type of secured object being presented
 	 * @return true if this type is supported
 	 */
@@ -117,4 +116,5 @@ public abstract class AbstractAccessDecisionManager implements AccessDecisionMan
 
 		return true;
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/access/vote/AbstractAclVoter.java b/core/src/main/java/org/springframework/security/access/vote/AbstractAclVoter.java
index 67fbe73bef..7b2eb5e24a 100644
--- a/core/src/main/java/org/springframework/security/access/vote/AbstractAclVoter.java
+++ b/core/src/main/java/org/springframework/security/access/vote/AbstractAclVoter.java
@@ -27,6 +27,7 @@ import org.springframework.util.Assert;
  * @author Ben Alex
  */
 public abstract class AbstractAclVoter implements AccessDecisionVoter<MethodInvocation> {
+
 	// ~ Instance fields
 	// ================================================================================================
 
@@ -57,21 +58,19 @@ public abstract class AbstractAclVoter implements AccessDecisionVoter<MethodInvo
 	}
 
 	public void setProcessDomainObjectClass(Class<?> processDomainObjectClass) {
-		Assert.notNull(processDomainObjectClass,
-				"processDomainObjectClass cannot be set to null");
+		Assert.notNull(processDomainObjectClass, "processDomainObjectClass cannot be set to null");
 		this.processDomainObjectClass = processDomainObjectClass;
 	}
 
 	/**
 	 * This implementation supports only <code>MethodSecurityInterceptor</code>, because
 	 * it queries the presented <code>MethodInvocation</code>.
-	 *
 	 * @param clazz the secure object
-	 *
 	 * @return <code>true</code> if the secure object is <code>MethodInvocation</code>,
 	 * <code>false</code> otherwise
 	 */
 	public boolean supports(Class<?> clazz) {
 		return (MethodInvocation.class.isAssignableFrom(clazz));
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/access/vote/AffirmativeBased.java b/core/src/main/java/org/springframework/security/access/vote/AffirmativeBased.java
index 30f27da022..c43aad9c14 100644
--- a/core/src/main/java/org/springframework/security/access/vote/AffirmativeBased.java
+++ b/core/src/main/java/org/springframework/security/access/vote/AffirmativeBased.java
@@ -47,16 +47,14 @@ public class AffirmativeBased extends AbstractAccessDecisionManager {
 	 * be based on the {@link #isAllowIfAllAbstainDecisions()} property (defaults to
 	 * false).
 	 * </p>
-	 *
 	 * @param authentication the caller invoking the method
 	 * @param object the secured object
 	 * @param configAttributes the configuration attributes associated with the method
 	 * being invoked
-	 *
 	 * @throws AccessDeniedException if access is denied
 	 */
-	public void decide(Authentication authentication, Object object,
-			Collection<ConfigAttribute> configAttributes) throws AccessDeniedException {
+	public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes)
+			throws AccessDeniedException {
 		int deny = 0;
 
 		for (AccessDecisionVoter voter : getDecisionVoters()) {
@@ -81,11 +79,12 @@ public class AffirmativeBased extends AbstractAccessDecisionManager {
 		}
 
 		if (deny > 0) {
-			throw new AccessDeniedException(messages.getMessage(
-					"AbstractAccessDecisionManager.accessDenied", "Access is denied"));
+			throw new AccessDeniedException(
+					messages.getMessage("AbstractAccessDecisionManager.accessDenied", "Access is denied"));
 		}
 
 		// To get this far, every AccessDecisionVoter abstained
 		checkAllowIfAllAbstainDecisions();
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/access/vote/AuthenticatedVoter.java b/core/src/main/java/org/springframework/security/access/vote/AuthenticatedVoter.java
index beb357b1eb..36addaffdc 100644
--- a/core/src/main/java/org/springframework/security/access/vote/AuthenticatedVoter.java
+++ b/core/src/main/java/org/springframework/security/access/vote/AuthenticatedVoter.java
@@ -47,12 +47,16 @@ import org.springframework.util.Assert;
  * @author Ben Alex
  */
 public class AuthenticatedVoter implements AccessDecisionVoter<Object> {
+
 	// ~ Static fields/initializers
 	// =====================================================================================
 
 	public static final String IS_AUTHENTICATED_FULLY = "IS_AUTHENTICATED_FULLY";
+
 	public static final String IS_AUTHENTICATED_REMEMBERED = "IS_AUTHENTICATED_REMEMBERED";
+
 	public static final String IS_AUTHENTICATED_ANONYMOUSLY = "IS_AUTHENTICATED_ANONYMOUSLY";
+
 	// ~ Instance fields
 	// ================================================================================================
 
@@ -62,22 +66,19 @@ public class AuthenticatedVoter implements AccessDecisionVoter<Object> {
 	// ========================================================================================================
 
 	private boolean isFullyAuthenticated(Authentication authentication) {
-		return (!authenticationTrustResolver.isAnonymous(authentication) && !authenticationTrustResolver
-				.isRememberMe(authentication));
+		return (!authenticationTrustResolver.isAnonymous(authentication)
+				&& !authenticationTrustResolver.isRememberMe(authentication));
 	}
 
-	public void setAuthenticationTrustResolver(
-			AuthenticationTrustResolver authenticationTrustResolver) {
-		Assert.notNull(authenticationTrustResolver,
-				"AuthenticationTrustResolver cannot be set to null");
+	public void setAuthenticationTrustResolver(AuthenticationTrustResolver authenticationTrustResolver) {
+		Assert.notNull(authenticationTrustResolver, "AuthenticationTrustResolver cannot be set to null");
 		this.authenticationTrustResolver = authenticationTrustResolver;
 	}
 
 	public boolean supports(ConfigAttribute attribute) {
-		if ((attribute.getAttribute() != null)
-				&& (IS_AUTHENTICATED_FULLY.equals(attribute.getAttribute())
-						|| IS_AUTHENTICATED_REMEMBERED.equals(attribute.getAttribute()) || IS_AUTHENTICATED_ANONYMOUSLY
-							.equals(attribute.getAttribute()))) {
+		if ((attribute.getAttribute() != null) && (IS_AUTHENTICATED_FULLY.equals(attribute.getAttribute())
+				|| IS_AUTHENTICATED_REMEMBERED.equals(attribute.getAttribute())
+				|| IS_AUTHENTICATED_ANONYMOUSLY.equals(attribute.getAttribute()))) {
 			return true;
 		}
 		else {
@@ -88,17 +89,14 @@ public class AuthenticatedVoter implements AccessDecisionVoter<Object> {
 	/**
 	 * This implementation supports any type of class, because it does not query the
 	 * presented secure object.
-	 *
 	 * @param clazz the secure object type
-	 *
 	 * @return always {@code true}
 	 */
 	public boolean supports(Class<?> clazz) {
 		return true;
 	}
 
-	public int vote(Authentication authentication, Object object,
-			Collection<ConfigAttribute> attributes) {
+	public int vote(Authentication authentication, Object object, Collection<ConfigAttribute> attributes) {
 		int result = ACCESS_ABSTAIN;
 
 		for (ConfigAttribute attribute : attributes) {
@@ -119,8 +117,7 @@ public class AuthenticatedVoter implements AccessDecisionVoter<Object> {
 				}
 
 				if (IS_AUTHENTICATED_ANONYMOUSLY.equals(attribute.getAttribute())) {
-					if (authenticationTrustResolver.isAnonymous(authentication)
-							|| isFullyAuthenticated(authentication)
+					if (authenticationTrustResolver.isAnonymous(authentication) || isFullyAuthenticated(authentication)
 							|| authenticationTrustResolver.isRememberMe(authentication)) {
 						return ACCESS_GRANTED;
 					}
@@ -130,4 +127,5 @@ public class AuthenticatedVoter implements AccessDecisionVoter<Object> {
 
 		return result;
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/access/vote/ConsensusBased.java b/core/src/main/java/org/springframework/security/access/vote/ConsensusBased.java
index 2b4be013a3..d113655c7e 100644
--- a/core/src/main/java/org/springframework/security/access/vote/ConsensusBased.java
+++ b/core/src/main/java/org/springframework/security/access/vote/ConsensusBased.java
@@ -33,6 +33,7 @@ import org.springframework.security.core.Authentication;
  * {@link UnanimousBased}.
  */
 public class ConsensusBased extends AbstractAccessDecisionManager {
+
 	// ~ Instance fields
 	// ================================================================================================
 
@@ -56,16 +57,14 @@ public class ConsensusBased extends AbstractAccessDecisionManager {
 	 * If every <code>AccessDecisionVoter</code> abstained from voting, the decision will
 	 * be based on the {@link #isAllowIfAllAbstainDecisions()} property (defaults to
 	 * false).
-	 *
 	 * @param authentication the caller invoking the method
 	 * @param object the secured object
 	 * @param configAttributes the configuration attributes associated with the method
 	 * being invoked
-	 *
 	 * @throws AccessDeniedException if access is denied
 	 */
-	public void decide(Authentication authentication, Object object,
-			Collection<ConfigAttribute> configAttributes) throws AccessDeniedException {
+	public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes)
+			throws AccessDeniedException {
 		int grant = 0;
 		int deny = 0;
 
@@ -97,8 +96,8 @@ public class ConsensusBased extends AbstractAccessDecisionManager {
 		}
 
 		if (deny > grant) {
-			throw new AccessDeniedException(messages.getMessage(
-					"AbstractAccessDecisionManager.accessDenied", "Access is denied"));
+			throw new AccessDeniedException(
+					messages.getMessage("AbstractAccessDecisionManager.accessDenied", "Access is denied"));
 		}
 
 		if ((grant == deny) && (grant != 0)) {
@@ -106,8 +105,8 @@ public class ConsensusBased extends AbstractAccessDecisionManager {
 				return;
 			}
 			else {
-				throw new AccessDeniedException(messages.getMessage(
-						"AbstractAccessDecisionManager.accessDenied", "Access is denied"));
+				throw new AccessDeniedException(
+						messages.getMessage("AbstractAccessDecisionManager.accessDenied", "Access is denied"));
 			}
 		}
 
@@ -119,8 +118,8 @@ public class ConsensusBased extends AbstractAccessDecisionManager {
 		return allowIfEqualGrantedDeniedDecisions;
 	}
 
-	public void setAllowIfEqualGrantedDeniedDecisions(
-			boolean allowIfEqualGrantedDeniedDecisions) {
+	public void setAllowIfEqualGrantedDeniedDecisions(boolean allowIfEqualGrantedDeniedDecisions) {
 		this.allowIfEqualGrantedDeniedDecisions = allowIfEqualGrantedDeniedDecisions;
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/access/vote/RoleHierarchyVoter.java b/core/src/main/java/org/springframework/security/access/vote/RoleHierarchyVoter.java
index 32e1598e4d..88da1dc1bd 100644
--- a/core/src/main/java/org/springframework/security/access/vote/RoleHierarchyVoter.java
+++ b/core/src/main/java/org/springframework/security/access/vote/RoleHierarchyVoter.java
@@ -30,6 +30,7 @@ import org.springframework.util.Assert;
  * @since 2.0.4
  */
 public class RoleHierarchyVoter extends RoleVoter {
+
 	private RoleHierarchy roleHierarchy = null;
 
 	public RoleHierarchyVoter(RoleHierarchy roleHierarchy) {
@@ -41,9 +42,8 @@ public class RoleHierarchyVoter extends RoleVoter {
 	 * Calls the <tt>RoleHierarchy</tt> to obtain the complete set of user authorities.
 	 */
 	@Override
-	Collection<? extends GrantedAuthority> extractAuthorities(
-			Authentication authentication) {
-		return roleHierarchy.getReachableGrantedAuthorities(authentication
-				.getAuthorities());
+	Collection<? extends GrantedAuthority> extractAuthorities(Authentication authentication) {
+		return roleHierarchy.getReachableGrantedAuthorities(authentication.getAuthorities());
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/access/vote/RoleVoter.java b/core/src/main/java/org/springframework/security/access/vote/RoleVoter.java
index e4d1bd6319..e61ba03b3c 100644
--- a/core/src/main/java/org/springframework/security/access/vote/RoleVoter.java
+++ b/core/src/main/java/org/springframework/security/access/vote/RoleVoter.java
@@ -50,6 +50,7 @@ import org.springframework.security.core.GrantedAuthority;
  * @author colin sampaleanu
  */
 public class RoleVoter implements AccessDecisionVoter<Object> {
+
 	// ~ Instance fields
 	// ================================================================================================
 
@@ -65,7 +66,6 @@ public class RoleVoter implements AccessDecisionVoter<Object> {
 	/**
 	 * Allows the default role prefix of <code>ROLE_</code> to be overridden. May be set
 	 * to an empty value, although this is usually not desirable.
-	 *
 	 * @param rolePrefix the new prefix
 	 */
 	public void setRolePrefix(String rolePrefix) {
@@ -73,8 +73,7 @@ public class RoleVoter implements AccessDecisionVoter<Object> {
 	}
 
 	public boolean supports(ConfigAttribute attribute) {
-		if ((attribute.getAttribute() != null)
-				&& attribute.getAttribute().startsWith(getRolePrefix())) {
+		if ((attribute.getAttribute() != null) && attribute.getAttribute().startsWith(getRolePrefix())) {
 			return true;
 		}
 		else {
@@ -85,17 +84,14 @@ public class RoleVoter implements AccessDecisionVoter<Object> {
 	/**
 	 * This implementation supports any type of class, because it does not query the
 	 * presented secure object.
-	 *
 	 * @param clazz the secure object
-	 *
 	 * @return always <code>true</code>
 	 */
 	public boolean supports(Class<?> clazz) {
 		return true;
 	}
 
-	public int vote(Authentication authentication, Object object,
-			Collection<ConfigAttribute> attributes) {
+	public int vote(Authentication authentication, Object object, Collection<ConfigAttribute> attributes) {
 		if (authentication == null) {
 			return ACCESS_DENIED;
 		}
@@ -118,8 +114,8 @@ public class RoleVoter implements AccessDecisionVoter<Object> {
 		return result;
 	}
 
-	Collection<? extends GrantedAuthority> extractAuthorities(
-			Authentication authentication) {
+	Collection<? extends GrantedAuthority> extractAuthorities(Authentication authentication) {
 		return authentication.getAuthorities();
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/access/vote/UnanimousBased.java b/core/src/main/java/org/springframework/security/access/vote/UnanimousBased.java
index af7f8eae9d..7408cf5eab 100644
--- a/core/src/main/java/org/springframework/security/access/vote/UnanimousBased.java
+++ b/core/src/main/java/org/springframework/security/access/vote/UnanimousBased.java
@@ -52,16 +52,14 @@ public class UnanimousBased extends AbstractAccessDecisionManager {
 	 * If every <code>AccessDecisionVoter</code> abstained from voting, the decision will
 	 * be based on the {@link #isAllowIfAllAbstainDecisions()} property (defaults to
 	 * false).
-	 *
 	 * @param authentication the caller invoking the method
 	 * @param object the secured object
 	 * @param attributes the configuration attributes associated with the method being
 	 * invoked
-	 *
 	 * @throws AccessDeniedException if access is denied
 	 */
-	public void decide(Authentication authentication, Object object,
-			Collection<ConfigAttribute> attributes) throws AccessDeniedException {
+	public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> attributes)
+			throws AccessDeniedException {
 
 		int grant = 0;
 
@@ -85,9 +83,8 @@ public class UnanimousBased extends AbstractAccessDecisionManager {
 					break;
 
 				case AccessDecisionVoter.ACCESS_DENIED:
-					throw new AccessDeniedException(messages.getMessage(
-							"AbstractAccessDecisionManager.accessDenied",
-							"Access is denied"));
+					throw new AccessDeniedException(
+							messages.getMessage("AbstractAccessDecisionManager.accessDenied", "Access is denied"));
 
 				default:
 					break;
@@ -103,4 +100,5 @@ public class UnanimousBased extends AbstractAccessDecisionManager {
 		// To get this far, every AccessDecisionVoter abstained
 		checkAllowIfAllAbstainDecisions();
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/access/vote/package-info.java b/core/src/main/java/org/springframework/security/access/vote/package-info.java
index 6c8cf27fea..926d46fdc6 100644
--- a/core/src/main/java/org/springframework/security/access/vote/package-info.java
+++ b/core/src/main/java/org/springframework/security/access/vote/package-info.java
@@ -17,4 +17,3 @@
  * Implements a vote-based approach to authorization decisions.
  */
 package org.springframework.security.access.vote;
-
diff --git a/core/src/main/java/org/springframework/security/authentication/AbstractAuthenticationToken.java b/core/src/main/java/org/springframework/security/authentication/AbstractAuthenticationToken.java
index c3b017b7c9..9032826953 100644
--- a/core/src/main/java/org/springframework/security/authentication/AbstractAuthenticationToken.java
+++ b/core/src/main/java/org/springframework/security/authentication/AbstractAuthenticationToken.java
@@ -36,13 +36,15 @@ import org.springframework.security.core.userdetails.UserDetails;
  * @author Ben Alex
  * @author Luke Taylor
  */
-public abstract class AbstractAuthenticationToken implements Authentication,
-		CredentialsContainer {
+public abstract class AbstractAuthenticationToken implements Authentication, CredentialsContainer {
+
 	// ~ Instance fields
 	// ================================================================================================
 
 	private final Collection<GrantedAuthority> authorities;
+
 	private Object details;
+
 	private boolean authenticated = false;
 
 	// ~ Constructors
@@ -50,9 +52,8 @@ public abstract class AbstractAuthenticationToken implements Authentication,
 
 	/**
 	 * Creates a token with the supplied array of authorities.
-	 *
 	 * @param authorities the collection of <tt>GrantedAuthority</tt>s for the principal
-	 *                    represented by this authentication object.
+	 * represented by this authentication object.
 	 */
 	public AbstractAuthenticationToken(Collection<? extends GrantedAuthority> authorities) {
 		if (authorities == null) {
@@ -62,12 +63,10 @@ public abstract class AbstractAuthenticationToken implements Authentication,
 
 		for (GrantedAuthority a : authorities) {
 			if (a == null) {
-				throw new IllegalArgumentException(
-						"Authorities collection cannot contain any null elements");
+				throw new IllegalArgumentException("Authorities collection cannot contain any null elements");
 			}
 		}
-		ArrayList<GrantedAuthority> temp = new ArrayList<>(
-				authorities.size());
+		ArrayList<GrantedAuthority> temp = new ArrayList<>(authorities.size());
 		temp.addAll(authorities);
 		this.authorities = Collections.unmodifiableList(temp);
 	}
@@ -154,8 +153,7 @@ public abstract class AbstractAuthenticationToken implements Authentication,
 			return false;
 		}
 
-		if ((this.getCredentials() != null)
-				&& !this.getCredentials().equals(test.getCredentials())) {
+		if ((this.getCredentials() != null) && !this.getCredentials().equals(test.getCredentials())) {
 			return false;
 		}
 
@@ -163,8 +161,7 @@ public abstract class AbstractAuthenticationToken implements Authentication,
 			return false;
 		}
 
-		if (this.getPrincipal() != null
-				&& !this.getPrincipal().equals(test.getPrincipal())) {
+		if (this.getPrincipal() != null && !this.getPrincipal().equals(test.getPrincipal())) {
 			return false;
 		}
 
@@ -218,10 +215,12 @@ public abstract class AbstractAuthenticationToken implements Authentication,
 
 				sb.append(authority);
 			}
-		} else {
+		}
+		else {
 			sb.append("Not granted any authorities");
 		}
 
 		return sb.toString();
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/authentication/AbstractUserDetailsReactiveAuthenticationManager.java b/core/src/main/java/org/springframework/security/authentication/AbstractUserDetailsReactiveAuthenticationManager.java
index cbc6e3b71b..7351278502 100644
--- a/core/src/main/java/org/springframework/security/authentication/AbstractUserDetailsReactiveAuthenticationManager.java
+++ b/core/src/main/java/org/springframework/security/authentication/AbstractUserDetailsReactiveAuthenticationManager.java
@@ -33,8 +33,8 @@ import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.util.Assert;
 
 /**
- * A base {@link ReactiveAuthenticationManager} that allows subclasses to override and work with
- * {@link UserDetails} objects.
+ * A base {@link ReactiveAuthenticationManager} that allows subclasses to override and
+ * work with {@link UserDetails} objects.
  *
  * <p>
  * Upon successful validation, a <code>UsernamePasswordAuthenticationToken</code> will be
@@ -61,25 +61,22 @@ public abstract class AbstractUserDetailsReactiveAuthenticationManager implement
 		if (!user.isAccountNonLocked()) {
 			logger.debug("User account is locked");
 
-			throw new LockedException(this.messages.getMessage(
-					"AbstractUserDetailsAuthenticationProvider.locked",
+			throw new LockedException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.locked",
 					"User account is locked"));
 		}
 
 		if (!user.isEnabled()) {
 			logger.debug("User account is disabled");
 
-			throw new DisabledException(this.messages.getMessage(
-					"AbstractUserDetailsAuthenticationProvider.disabled",
-					"User is disabled"));
+			throw new DisabledException(
+					this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.disabled", "User is disabled"));
 		}
 
 		if (!user.isAccountNonExpired()) {
 			logger.debug("User account is expired");
 
-			throw new AccountExpiredException(this.messages.getMessage(
-					"AbstractUserDetailsAuthenticationProvider.expired",
-					"User account has expired"));
+			throw new AccountExpiredException(this.messages
+					.getMessage("AbstractUserDetailsAuthenticationProvider.expired", "User account has expired"));
 		}
 	};
 
@@ -88,8 +85,7 @@ public abstract class AbstractUserDetailsReactiveAuthenticationManager implement
 			logger.debug("User account credentials have expired");
 
 			throw new CredentialsExpiredException(this.messages.getMessage(
-					"AbstractUserDetailsAuthenticationProvider.credentialsExpired",
-					"User credentials have expired"));
+					"AbstractUserDetailsAuthenticationProvider.credentialsExpired", "User credentials have expired"));
 		}
 	};
 
@@ -97,9 +93,7 @@ public abstract class AbstractUserDetailsReactiveAuthenticationManager implement
 	public Mono<Authentication> authenticate(Authentication authentication) {
 		final String username = authentication.getName();
 		final String presentedPassword = (String) authentication.getCredentials();
-		return retrieveUser(username)
-				.doOnNext(this.preAuthenticationChecks::check)
-				.publishOn(this.scheduler)
+		return retrieveUser(username).doOnNext(this.preAuthenticationChecks::check).publishOn(this.scheduler)
 				.filter(u -> this.passwordEncoder.matches(presentedPassword, u.getPassword()))
 				.switchIfEmpty(Mono.defer(() -> Mono.error(new BadCredentialsException("Invalid Credentials"))))
 				.flatMap(u -> {
@@ -110,14 +104,13 @@ public abstract class AbstractUserDetailsReactiveAuthenticationManager implement
 						return this.userDetailsPasswordService.updatePassword(u, newPassword);
 					}
 					return Mono.just(u);
-				})
-				.doOnNext(this.postAuthenticationChecks::check)
-				.map(u -> new UsernamePasswordAuthenticationToken(u, u.getPassword(), u.getAuthorities()) );
+				}).doOnNext(this.postAuthenticationChecks::check)
+				.map(u -> new UsernamePasswordAuthenticationToken(u, u.getPassword(), u.getAuthorities()));
 	}
 
 	/**
-	 * The {@link PasswordEncoder} that is used for validating the password. The default is
-	 * {@link PasswordEncoderFactories#createDelegatingPasswordEncoder()}
+	 * The {@link PasswordEncoder} that is used for validating the password. The default
+	 * is {@link PasswordEncoderFactories#createDelegatingPasswordEncoder()}
 	 * @param passwordEncoder the {@link PasswordEncoder} to use. Cannot be null
 	 */
 	public void setPasswordEncoder(PasswordEncoder passwordEncoder) {
@@ -126,13 +119,14 @@ public abstract class AbstractUserDetailsReactiveAuthenticationManager implement
 	}
 
 	/**
-	 * Sets the {@link Scheduler} used by the {@link UserDetailsRepositoryReactiveAuthenticationManager}.
-	 * The default is {@code Schedulers.newParallel(String)} because modern password encoding is
-	 * a CPU intensive task that is non blocking. This means validation is bounded by the
-	 * number of CPUs. Some applications may want to customize the {@link Scheduler}. For
-	 * example, if users are stuck using the insecure {@link org.springframework.security.crypto.password.NoOpPasswordEncoder}
-	 * they might want to leverage {@code Schedulers.immediate()}.
-	 *
+	 * Sets the {@link Scheduler} used by the
+	 * {@link UserDetailsRepositoryReactiveAuthenticationManager}. The default is
+	 * {@code Schedulers.newParallel(String)} because modern password encoding is a CPU
+	 * intensive task that is non blocking. This means validation is bounded by the number
+	 * of CPUs. Some applications may want to customize the {@link Scheduler}. For
+	 * example, if users are stuck using the insecure
+	 * {@link org.springframework.security.crypto.password.NoOpPasswordEncoder} they might
+	 * want to leverage {@code Schedulers.immediate()}.
 	 * @param scheduler the {@link Scheduler} to use. Cannot be null.
 	 * @since 5.0.6
 	 */
@@ -145,15 +139,13 @@ public abstract class AbstractUserDetailsReactiveAuthenticationManager implement
 	 * Sets the service to use for upgrading passwords on successful authentication.
 	 * @param userDetailsPasswordService the service to use
 	 */
-	public void setUserDetailsPasswordService(
-			ReactiveUserDetailsPasswordService userDetailsPasswordService) {
+	public void setUserDetailsPasswordService(ReactiveUserDetailsPasswordService userDetailsPasswordService) {
 		this.userDetailsPasswordService = userDetailsPasswordService;
 	}
 
 	/**
 	 * Sets the strategy which will be used to validate the loaded <tt>UserDetails</tt>
 	 * object after authentication occurs.
-	 *
 	 * @param postAuthenticationChecks The {@link UserDetailsChecker}
 	 * @since 5.2
 	 */
@@ -163,9 +155,8 @@ public abstract class AbstractUserDetailsReactiveAuthenticationManager implement
 	}
 
 	/**
-	 * Allows subclasses to retrieve the <code>UserDetails</code>
-	 * from an implementation-specific location.
-	 *
+	 * Allows subclasses to retrieve the <code>UserDetails</code> from an
+	 * implementation-specific location.
 	 * @param username The username to retrieve
 	 * @return the user information. If authentication fails, a Mono error is returned.
 	 */
diff --git a/core/src/main/java/org/springframework/security/authentication/AccountExpiredException.java b/core/src/main/java/org/springframework/security/authentication/AccountExpiredException.java
index 2636cf0931..a147bed9a4 100644
--- a/core/src/main/java/org/springframework/security/authentication/AccountExpiredException.java
+++ b/core/src/main/java/org/springframework/security/authentication/AccountExpiredException.java
@@ -23,12 +23,12 @@ package org.springframework.security.authentication;
  * @author Ben Alex
  */
 public class AccountExpiredException extends AccountStatusException {
+
 	// ~ Constructors
 	// ===================================================================================================
 
 	/**
 	 * Constructs a <code>AccountExpiredException</code> with the specified message.
-	 *
 	 * @param msg the detail message
 	 */
 	public AccountExpiredException(String msg) {
@@ -38,11 +38,11 @@ public class AccountExpiredException extends AccountStatusException {
 	/**
 	 * Constructs a <code>AccountExpiredException</code> with the specified message and
 	 * root cause.
-	 *
 	 * @param msg the detail message
 	 * @param t root cause
 	 */
 	public AccountExpiredException(String msg, Throwable t) {
 		super(msg, t);
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/authentication/AccountStatusException.java b/core/src/main/java/org/springframework/security/authentication/AccountStatusException.java
index bed91273a9..56e6daa30b 100644
--- a/core/src/main/java/org/springframework/security/authentication/AccountStatusException.java
+++ b/core/src/main/java/org/springframework/security/authentication/AccountStatusException.java
@@ -24,6 +24,7 @@ import org.springframework.security.core.AuthenticationException;
  * @author Luke Taylor
  */
 public abstract class AccountStatusException extends AuthenticationException {
+
 	public AccountStatusException(String msg) {
 		super(msg);
 	}
@@ -31,4 +32,5 @@ public abstract class AccountStatusException extends AuthenticationException {
 	public AccountStatusException(String msg, Throwable t) {
 		super(msg, t);
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/authentication/AccountStatusUserDetailsChecker.java b/core/src/main/java/org/springframework/security/authentication/AccountStatusUserDetailsChecker.java
index 89512454bb..0157393a87 100644
--- a/core/src/main/java/org/springframework/security/authentication/AccountStatusUserDetailsChecker.java
+++ b/core/src/main/java/org/springframework/security/authentication/AccountStatusUserDetailsChecker.java
@@ -28,30 +28,27 @@ import org.springframework.util.Assert;
  */
 public class AccountStatusUserDetailsChecker implements UserDetailsChecker, MessageSourceAware {
 
-	protected MessageSourceAccessor messages = SpringSecurityMessageSource
-			.getAccessor();
+	protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
 
 	public void check(UserDetails user) {
 		if (!user.isAccountNonLocked()) {
-			throw new LockedException(messages.getMessage(
-					"AccountStatusUserDetailsChecker.locked", "User account is locked"));
+			throw new LockedException(
+					messages.getMessage("AccountStatusUserDetailsChecker.locked", "User account is locked"));
 		}
 
 		if (!user.isEnabled()) {
-			throw new DisabledException(messages.getMessage(
-					"AccountStatusUserDetailsChecker.disabled", "User is disabled"));
+			throw new DisabledException(
+					messages.getMessage("AccountStatusUserDetailsChecker.disabled", "User is disabled"));
 		}
 
 		if (!user.isAccountNonExpired()) {
 			throw new AccountExpiredException(
-					messages.getMessage("AccountStatusUserDetailsChecker.expired",
-							"User account has expired"));
+					messages.getMessage("AccountStatusUserDetailsChecker.expired", "User account has expired"));
 		}
 
 		if (!user.isCredentialsNonExpired()) {
-			throw new CredentialsExpiredException(messages.getMessage(
-					"AccountStatusUserDetailsChecker.credentialsExpired",
-					"User credentials have expired"));
+			throw new CredentialsExpiredException(messages
+					.getMessage("AccountStatusUserDetailsChecker.credentialsExpired", "User credentials have expired"));
 		}
 	}
 
@@ -63,4 +60,5 @@ public class AccountStatusUserDetailsChecker implements UserDetailsChecker, Mess
 		Assert.notNull(messageSource, "messageSource cannot be null");
 		this.messages = new MessageSourceAccessor(messageSource);
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/authentication/AnonymousAuthenticationProvider.java b/core/src/main/java/org/springframework/security/authentication/AnonymousAuthenticationProvider.java
index ba0dfeff2a..a74b615f53 100644
--- a/core/src/main/java/org/springframework/security/authentication/AnonymousAuthenticationProvider.java
+++ b/core/src/main/java/org/springframework/security/authentication/AnonymousAuthenticationProvider.java
@@ -33,13 +33,13 @@ import org.springframework.util.Assert;
  *
  * @author Ben Alex
  */
-public class AnonymousAuthenticationProvider implements AuthenticationProvider,
-		MessageSourceAware {
+public class AnonymousAuthenticationProvider implements AuthenticationProvider, MessageSourceAware {
 
 	// ~ Instance fields
 	// ================================================================================================
 
 	protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
+
 	private String key;
 
 	public AnonymousAuthenticationProvider(String key) {
@@ -50,17 +50,14 @@ public class AnonymousAuthenticationProvider implements AuthenticationProvider,
 	// ~ Methods
 	// ========================================================================================================
 
-	public Authentication authenticate(Authentication authentication)
-			throws AuthenticationException {
+	public Authentication authenticate(Authentication authentication) throws AuthenticationException {
 		if (!supports(authentication.getClass())) {
 			return null;
 		}
 
-		if (this.key.hashCode() != ((AnonymousAuthenticationToken) authentication)
-				.getKeyHash()) {
-			throw new BadCredentialsException(
-					messages.getMessage("AnonymousAuthenticationProvider.incorrectKey",
-							"The presented AnonymousAuthenticationToken does not contain the expected key"));
+		if (this.key.hashCode() != ((AnonymousAuthenticationToken) authentication).getKeyHash()) {
+			throw new BadCredentialsException(messages.getMessage("AnonymousAuthenticationProvider.incorrectKey",
+					"The presented AnonymousAuthenticationToken does not contain the expected key"));
 		}
 
 		return authentication;
@@ -78,4 +75,5 @@ public class AnonymousAuthenticationProvider implements AuthenticationProvider,
 	public boolean supports(Class<?> authentication) {
 		return (AnonymousAuthenticationToken.class.isAssignableFrom(authentication));
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/authentication/AnonymousAuthenticationToken.java b/core/src/main/java/org/springframework/security/authentication/AnonymousAuthenticationToken.java
index 5ec688d361..6de6ed2cae 100644
--- a/core/src/main/java/org/springframework/security/authentication/AnonymousAuthenticationToken.java
+++ b/core/src/main/java/org/springframework/security/authentication/AnonymousAuthenticationToken.java
@@ -27,13 +27,15 @@ import org.springframework.util.Assert;
  *
  * @author Ben Alex
  */
-public class AnonymousAuthenticationToken extends AbstractAuthenticationToken implements
-		Serializable {
+public class AnonymousAuthenticationToken extends AbstractAuthenticationToken implements Serializable {
+
 	// ~ Instance fields
 	// ================================================================================================
 
 	private static final long serialVersionUID = 1L;
+
 	private final Object principal;
+
 	private final int keyHash;
 
 	// ~ Constructors
@@ -41,27 +43,25 @@ public class AnonymousAuthenticationToken extends AbstractAuthenticationToken im
 
 	/**
 	 * Constructor.
-	 *
-	 * @param key         to identify if this object made by an authorised client
-	 * @param principal   the principal (typically a <code>UserDetails</code>)
+	 * @param key to identify if this object made by an authorised client
+	 * @param principal the principal (typically a <code>UserDetails</code>)
 	 * @param authorities the authorities granted to the principal
 	 * @throws IllegalArgumentException if a <code>null</code> was passed
 	 */
 	public AnonymousAuthenticationToken(String key, Object principal,
-										Collection<? extends GrantedAuthority> authorities) {
+			Collection<? extends GrantedAuthority> authorities) {
 		this(extractKeyHash(key), principal, authorities);
 	}
 
 	/**
 	 * Constructor helps in Jackson Deserialization
-	 *
-	 * @param keyHash     hashCode of provided Key, constructed by above constructor
-	 * @param principal   the principal (typically a <code>UserDetails</code>)
+	 * @param keyHash hashCode of provided Key, constructed by above constructor
+	 * @param principal the principal (typically a <code>UserDetails</code>)
 	 * @param authorities the authorities granted to the principal
 	 * @since 4.2
 	 */
 	private AnonymousAuthenticationToken(Integer keyHash, Object principal,
-										Collection<? extends GrantedAuthority> authorities) {
+			Collection<? extends GrantedAuthority> authorities) {
 		super(authorities);
 
 		if (principal == null || "".equals(principal)) {
@@ -110,7 +110,6 @@ public class AnonymousAuthenticationToken extends AbstractAuthenticationToken im
 
 	/**
 	 * Always returns an empty <code>String</code>
-	 *
 	 * @return an empty String
 	 */
 	@Override
@@ -126,4 +125,5 @@ public class AnonymousAuthenticationToken extends AbstractAuthenticationToken im
 	public Object getPrincipal() {
 		return this.principal;
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/authentication/AuthenticationCredentialsNotFoundException.java b/core/src/main/java/org/springframework/security/authentication/AuthenticationCredentialsNotFoundException.java
index 8d096c450a..4341f13393 100644
--- a/core/src/main/java/org/springframework/security/authentication/AuthenticationCredentialsNotFoundException.java
+++ b/core/src/main/java/org/springframework/security/authentication/AuthenticationCredentialsNotFoundException.java
@@ -27,13 +27,13 @@ import org.springframework.security.core.AuthenticationException;
  * @author Ben Alex
  */
 public class AuthenticationCredentialsNotFoundException extends AuthenticationException {
+
 	// ~ Constructors
 	// ===================================================================================================
 
 	/**
 	 * Constructs an <code>AuthenticationCredentialsNotFoundException</code> with the
 	 * specified message.
-	 *
 	 * @param msg the detail message
 	 */
 	public AuthenticationCredentialsNotFoundException(String msg) {
@@ -43,11 +43,11 @@ public class AuthenticationCredentialsNotFoundException extends AuthenticationEx
 	/**
 	 * Constructs an <code>AuthenticationCredentialsNotFoundException</code> with the
 	 * specified message and root cause.
-	 *
 	 * @param msg the detail message
 	 * @param t root cause
 	 */
 	public AuthenticationCredentialsNotFoundException(String msg, Throwable t) {
 		super(msg, t);
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/authentication/AuthenticationDetailsSource.java b/core/src/main/java/org/springframework/security/authentication/AuthenticationDetailsSource.java
index 27f8550a88..8c6af9199b 100644
--- a/core/src/main/java/org/springframework/security/authentication/AuthenticationDetailsSource.java
+++ b/core/src/main/java/org/springframework/security/authentication/AuthenticationDetailsSource.java
@@ -23,17 +23,17 @@ package org.springframework.security.authentication;
  * @author Ben Alex
  */
 public interface AuthenticationDetailsSource<C, T> {
+
 	// ~ Methods
 	// ========================================================================================================
 
 	/**
 	 * Called by a class when it wishes a new authentication details instance to be
 	 * created.
-	 *
 	 * @param context the request object, which may be used by the authentication details
 	 * object
-	 *
 	 * @return a fully-configured authentication details instance
 	 */
 	T buildDetails(C context);
+
 }
diff --git a/core/src/main/java/org/springframework/security/authentication/AuthenticationEventPublisher.java b/core/src/main/java/org/springframework/security/authentication/AuthenticationEventPublisher.java
index b467ebcfe2..686cfb7a62 100644
--- a/core/src/main/java/org/springframework/security/authentication/AuthenticationEventPublisher.java
+++ b/core/src/main/java/org/springframework/security/authentication/AuthenticationEventPublisher.java
@@ -19,7 +19,6 @@ import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 
 /**
- *
  * @author Luke Taylor
  * @since 3.0
  */
@@ -27,6 +26,6 @@ public interface AuthenticationEventPublisher {
 
 	void publishAuthenticationSuccess(Authentication authentication);
 
-	void publishAuthenticationFailure(AuthenticationException exception,
-			Authentication authentication);
+	void publishAuthenticationFailure(AuthenticationException exception, Authentication authentication);
+
 }
diff --git a/core/src/main/java/org/springframework/security/authentication/AuthenticationManager.java b/core/src/main/java/org/springframework/security/authentication/AuthenticationManager.java
index 6288a6f179..6a8d48ecff 100644
--- a/core/src/main/java/org/springframework/security/authentication/AuthenticationManager.java
+++ b/core/src/main/java/org/springframework/security/authentication/AuthenticationManager.java
@@ -25,6 +25,7 @@ import org.springframework.security.core.AuthenticationException;
  * @author Ben Alex
  */
 public interface AuthenticationManager {
+
 	// ~ Methods
 	// ========================================================================================================
 
@@ -48,13 +49,10 @@ public interface AuthenticationManager {
 	 * above (i.e. if an account is disabled or locked, the authentication request is
 	 * immediately rejected and the credentials testing process is not performed). This
 	 * prevents credentials being tested against disabled or locked accounts.
-	 *
 	 * @param authentication the authentication request object
-	 *
 	 * @return a fully authenticated object including credentials
-	 *
 	 * @throws AuthenticationException if authentication fails
 	 */
-	Authentication authenticate(Authentication authentication)
-			throws AuthenticationException;
+	Authentication authenticate(Authentication authentication) throws AuthenticationException;
+
 }
diff --git a/core/src/main/java/org/springframework/security/authentication/AuthenticationManagerResolver.java b/core/src/main/java/org/springframework/security/authentication/AuthenticationManagerResolver.java
index ad1ea989c8..8a0b8dc979 100644
--- a/core/src/main/java/org/springframework/security/authentication/AuthenticationManagerResolver.java
+++ b/core/src/main/java/org/springframework/security/authentication/AuthenticationManagerResolver.java
@@ -17,7 +17,8 @@
 package org.springframework.security.authentication;
 
 /**
- * An interface for resolving an {@link AuthenticationManager} based on the provided context
+ * An interface for resolving an {@link AuthenticationManager} based on the provided
+ * context
  *
  * @author Josh Cummings
  * @since 5.2
@@ -30,4 +31,5 @@ public interface AuthenticationManagerResolver<C> {
 	 * @return the {@link AuthenticationManager} to use
 	 */
 	AuthenticationManager resolve(C context);
+
 }
diff --git a/core/src/main/java/org/springframework/security/authentication/AuthenticationProvider.java b/core/src/main/java/org/springframework/security/authentication/AuthenticationProvider.java
index 2c4e2763e1..9167027a06 100644
--- a/core/src/main/java/org/springframework/security/authentication/AuthenticationProvider.java
+++ b/core/src/main/java/org/springframework/security/authentication/AuthenticationProvider.java
@@ -26,6 +26,7 @@ import org.springframework.security.core.AuthenticationException;
  * @author Ben Alex
  */
 public interface AuthenticationProvider {
+
 	// ~ Methods
 	// ========================================================================================================
 
@@ -33,19 +34,15 @@ public interface AuthenticationProvider {
 	 * Performs authentication with the same contract as
 	 * {@link org.springframework.security.authentication.AuthenticationManager#authenticate(Authentication)}
 	 * .
-	 *
 	 * @param authentication the authentication request object.
-	 *
 	 * @return a fully authenticated object including credentials. May return
 	 * <code>null</code> if the <code>AuthenticationProvider</code> is unable to support
 	 * authentication of the passed <code>Authentication</code> object. In such a case,
 	 * the next <code>AuthenticationProvider</code> that supports the presented
 	 * <code>Authentication</code> class will be tried.
-	 *
 	 * @throws AuthenticationException if authentication fails.
 	 */
-	Authentication authenticate(Authentication authentication)
-			throws AuthenticationException;
+	Authentication authenticate(Authentication authentication) throws AuthenticationException;
 
 	/**
 	 * Returns <code>true</code> if this <Code>AuthenticationProvider</code> supports the
@@ -62,11 +59,10 @@ public interface AuthenticationProvider {
 	 * Selection of an <code>AuthenticationProvider</code> capable of performing
 	 * authentication is conducted at runtime the <code>ProviderManager</code>.
 	 * </p>
-	 *
 	 * @param authentication
-	 *
 	 * @return <code>true</code> if the implementation can more closely evaluate the
 	 * <code>Authentication</code> class presented
 	 */
 	boolean supports(Class<?> authentication);
+
 }
diff --git a/core/src/main/java/org/springframework/security/authentication/AuthenticationServiceException.java b/core/src/main/java/org/springframework/security/authentication/AuthenticationServiceException.java
index f6aef41cc3..bc1736b489 100644
--- a/core/src/main/java/org/springframework/security/authentication/AuthenticationServiceException.java
+++ b/core/src/main/java/org/springframework/security/authentication/AuthenticationServiceException.java
@@ -28,13 +28,13 @@ import org.springframework.security.core.AuthenticationException;
  * @see InternalAuthenticationServiceException
  */
 public class AuthenticationServiceException extends AuthenticationException {
+
 	// ~ Constructors
 	// ===================================================================================================
 
 	/**
 	 * Constructs an <code>AuthenticationServiceException</code> with the specified
 	 * message.
-	 *
 	 * @param msg the detail message
 	 */
 	public AuthenticationServiceException(String msg) {
@@ -44,11 +44,11 @@ public class AuthenticationServiceException extends AuthenticationException {
 	/**
 	 * Constructs an <code>AuthenticationServiceException</code> with the specified
 	 * message and root cause.
-	 *
 	 * @param msg the detail message
 	 * @param t root cause
 	 */
 	public AuthenticationServiceException(String msg, Throwable t) {
 		super(msg, t);
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/authentication/AuthenticationTrustResolver.java b/core/src/main/java/org/springframework/security/authentication/AuthenticationTrustResolver.java
index 4192b13765..c218dcfca6 100644
--- a/core/src/main/java/org/springframework/security/authentication/AuthenticationTrustResolver.java
+++ b/core/src/main/java/org/springframework/security/authentication/AuthenticationTrustResolver.java
@@ -24,6 +24,7 @@ import org.springframework.security.core.Authentication;
  * @author Ben Alex
  */
 public interface AuthenticationTrustResolver {
+
 	// ~ Methods
 	// ========================================================================================================
 
@@ -34,10 +35,8 @@ public interface AuthenticationTrustResolver {
 	 * rejection (i.e. as would be the case if the principal was non-anonymous/fully
 	 * authenticated) or direct the principal to attempt actual authentication (i.e. as
 	 * would be the case if the <code>Authentication</code> was merely anonymous).
-	 *
 	 * @param authentication to test (may be <code>null</code> in which case the method
 	 * will always return <code>false</code>)
-	 *
 	 * @return <code>true</code> the passed authentication token represented an anonymous
 	 * principal, <code>false</code> otherwise
 	 */
@@ -50,12 +49,11 @@ public interface AuthenticationTrustResolver {
 	 * The method is provided to assist with custom <code>AccessDecisionVoter</code>s and
 	 * the like that you might develop. Of course, you don't need to use this method
 	 * either and can develop your own "trust level" hierarchy instead.
-	 *
 	 * @param authentication to test (may be <code>null</code> in which case the method
 	 * will always return <code>false</code>)
-	 *
 	 * @return <code>true</code> the passed authentication token represented a principal
 	 * authenticated using a remember-me token, <code>false</code> otherwise
 	 */
 	boolean isRememberMe(Authentication authentication);
+
 }
diff --git a/core/src/main/java/org/springframework/security/authentication/AuthenticationTrustResolverImpl.java b/core/src/main/java/org/springframework/security/authentication/AuthenticationTrustResolverImpl.java
index 53a9aef58b..b9292965fc 100644
--- a/core/src/main/java/org/springframework/security/authentication/AuthenticationTrustResolverImpl.java
+++ b/core/src/main/java/org/springframework/security/authentication/AuthenticationTrustResolverImpl.java
@@ -30,10 +30,12 @@ import org.springframework.security.core.Authentication;
  * @author Ben Alex
  */
 public class AuthenticationTrustResolverImpl implements AuthenticationTrustResolver {
+
 	// ~ Instance fields
 	// ================================================================================================
 
 	private Class<? extends Authentication> anonymousClass = AnonymousAuthenticationToken.class;
+
 	private Class<? extends Authentication> rememberMeClass = RememberMeAuthenticationToken.class;
 
 	// ~ Methods
@@ -70,4 +72,5 @@ public class AuthenticationTrustResolverImpl implements AuthenticationTrustResol
 	public void setRememberMeClass(Class<? extends Authentication> rememberMeClass) {
 		this.rememberMeClass = rememberMeClass;
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/authentication/BadCredentialsException.java b/core/src/main/java/org/springframework/security/authentication/BadCredentialsException.java
index 7b050d9078..15f9bce92e 100644
--- a/core/src/main/java/org/springframework/security/authentication/BadCredentialsException.java
+++ b/core/src/main/java/org/springframework/security/authentication/BadCredentialsException.java
@@ -25,12 +25,12 @@ import org.springframework.security.core.AuthenticationException;
  * @author Ben Alex
  */
 public class BadCredentialsException extends AuthenticationException {
+
 	// ~ Constructors
 	// ===================================================================================================
 
 	/**
 	 * Constructs a <code>BadCredentialsException</code> with the specified message.
-	 *
 	 * @param msg the detail message
 	 */
 	public BadCredentialsException(String msg) {
@@ -40,11 +40,11 @@ public class BadCredentialsException extends AuthenticationException {
 	/**
 	 * Constructs a <code>BadCredentialsException</code> with the specified message and
 	 * root cause.
-	 *
 	 * @param msg the detail message
 	 * @param t root cause
 	 */
 	public BadCredentialsException(String msg, Throwable t) {
 		super(msg, t);
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/authentication/CachingUserDetailsService.java b/core/src/main/java/org/springframework/security/authentication/CachingUserDetailsService.java
index ed5dc9241c..aaefaa570f 100644
--- a/core/src/main/java/org/springframework/security/authentication/CachingUserDetailsService.java
+++ b/core/src/main/java/org/springframework/security/authentication/CachingUserDetailsService.java
@@ -22,12 +22,13 @@ import org.springframework.security.core.userdetails.cache.NullUserCache;
 import org.springframework.util.Assert;
 
 /**
- *
  * @author Luke Taylor
  * @since 2.0
  */
 public class CachingUserDetailsService implements UserDetailsService {
+
 	private UserCache userCache = new NullUserCache();
+
 	private final UserDetailsService delegate;
 
 	public CachingUserDetailsService(UserDetailsService delegate) {
@@ -49,12 +50,12 @@ public class CachingUserDetailsService implements UserDetailsService {
 			user = delegate.loadUserByUsername(username);
 		}
 
-		Assert.notNull(user, () -> "UserDetailsService " + delegate
-				+ " returned null for username " + username + ". "
+		Assert.notNull(user, () -> "UserDetailsService " + delegate + " returned null for username " + username + ". "
 				+ "This is an interface contract violation");
 
 		userCache.putUserInCache(user);
 
 		return user;
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/authentication/CredentialsExpiredException.java b/core/src/main/java/org/springframework/security/authentication/CredentialsExpiredException.java
index 494ca04348..eaa1fa1226 100644
--- a/core/src/main/java/org/springframework/security/authentication/CredentialsExpiredException.java
+++ b/core/src/main/java/org/springframework/security/authentication/CredentialsExpiredException.java
@@ -23,12 +23,12 @@ package org.springframework.security.authentication;
  * @author Ben Alex
  */
 public class CredentialsExpiredException extends AccountStatusException {
+
 	// ~ Constructors
 	// ===================================================================================================
 
 	/**
 	 * Constructs a <code>CredentialsExpiredException</code> with the specified message.
-	 *
 	 * @param msg the detail message
 	 */
 	public CredentialsExpiredException(String msg) {
@@ -38,11 +38,11 @@ public class CredentialsExpiredException extends AccountStatusException {
 	/**
 	 * Constructs a <code>CredentialsExpiredException</code> with the specified message
 	 * and root cause.
-	 *
 	 * @param msg the detail message
 	 * @param t root cause
 	 */
 	public CredentialsExpiredException(String msg, Throwable t) {
 		super(msg, t);
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/authentication/DefaultAuthenticationEventPublisher.java b/core/src/main/java/org/springframework/security/authentication/DefaultAuthenticationEventPublisher.java
index 965a6ee2a9..5749fde2eb 100644
--- a/core/src/main/java/org/springframework/security/authentication/DefaultAuthenticationEventPublisher.java
+++ b/core/src/main/java/org/springframework/security/authentication/DefaultAuthenticationEventPublisher.java
@@ -58,55 +58,45 @@ import org.springframework.util.Assert;
  * @author Luke Taylor
  * @since 3.0
  */
-public class DefaultAuthenticationEventPublisher implements AuthenticationEventPublisher,
-		ApplicationEventPublisherAware {
+public class DefaultAuthenticationEventPublisher
+		implements AuthenticationEventPublisher, ApplicationEventPublisherAware {
+
 	private final Log logger = LogFactory.getLog(getClass());
 
 	private ApplicationEventPublisher applicationEventPublisher;
+
 	private final HashMap<String, Constructor<? extends AbstractAuthenticationEvent>> exceptionMappings = new HashMap<>();
+
 	private Constructor<? extends AbstractAuthenticationFailureEvent> defaultAuthenticationFailureEventConstructor;
 
 	public DefaultAuthenticationEventPublisher() {
 		this(null);
 	}
 
-	public DefaultAuthenticationEventPublisher(
-			ApplicationEventPublisher applicationEventPublisher) {
+	public DefaultAuthenticationEventPublisher(ApplicationEventPublisher applicationEventPublisher) {
 		this.applicationEventPublisher = applicationEventPublisher;
 
-		addMapping(BadCredentialsException.class.getName(),
-				AuthenticationFailureBadCredentialsEvent.class);
-		addMapping(UsernameNotFoundException.class.getName(),
-				AuthenticationFailureBadCredentialsEvent.class);
-		addMapping(AccountExpiredException.class.getName(),
-				AuthenticationFailureExpiredEvent.class);
-		addMapping(ProviderNotFoundException.class.getName(),
-				AuthenticationFailureProviderNotFoundEvent.class);
-		addMapping(DisabledException.class.getName(),
-				AuthenticationFailureDisabledEvent.class);
-		addMapping(LockedException.class.getName(),
-				AuthenticationFailureLockedEvent.class);
-		addMapping(AuthenticationServiceException.class.getName(),
-				AuthenticationFailureServiceExceptionEvent.class);
-		addMapping(CredentialsExpiredException.class.getName(),
-				AuthenticationFailureCredentialsExpiredEvent.class);
-		addMapping(
-				"org.springframework.security.authentication.cas.ProxyUntrustedException",
+		addMapping(BadCredentialsException.class.getName(), AuthenticationFailureBadCredentialsEvent.class);
+		addMapping(UsernameNotFoundException.class.getName(), AuthenticationFailureBadCredentialsEvent.class);
+		addMapping(AccountExpiredException.class.getName(), AuthenticationFailureExpiredEvent.class);
+		addMapping(ProviderNotFoundException.class.getName(), AuthenticationFailureProviderNotFoundEvent.class);
+		addMapping(DisabledException.class.getName(), AuthenticationFailureDisabledEvent.class);
+		addMapping(LockedException.class.getName(), AuthenticationFailureLockedEvent.class);
+		addMapping(AuthenticationServiceException.class.getName(), AuthenticationFailureServiceExceptionEvent.class);
+		addMapping(CredentialsExpiredException.class.getName(), AuthenticationFailureCredentialsExpiredEvent.class);
+		addMapping("org.springframework.security.authentication.cas.ProxyUntrustedException",
 				AuthenticationFailureProxyUntrustedEvent.class);
-		addMapping(
-				"org.springframework.security.oauth2.server.resource.InvalidBearerTokenException",
+		addMapping("org.springframework.security.oauth2.server.resource.InvalidBearerTokenException",
 				AuthenticationFailureBadCredentialsEvent.class);
 	}
 
 	public void publishAuthenticationSuccess(Authentication authentication) {
 		if (applicationEventPublisher != null) {
-			applicationEventPublisher.publishEvent(new AuthenticationSuccessEvent(
-					authentication));
+			applicationEventPublisher.publishEvent(new AuthenticationSuccessEvent(authentication));
 		}
 	}
 
-	public void publishAuthenticationFailure(AuthenticationException exception,
-			Authentication authentication) {
+	public void publishAuthenticationFailure(AuthenticationException exception, Authentication authentication) {
 		Constructor<? extends AbstractAuthenticationEvent> constructor = getEventConstructor(exception);
 		AbstractAuthenticationEvent event = null;
 
@@ -125,49 +115,42 @@ public class DefaultAuthenticationEventPublisher implements AuthenticationEventP
 		}
 		else {
 			if (logger.isDebugEnabled()) {
-				logger.debug("No event was found for the exception "
-						+ exception.getClass().getName());
+				logger.debug("No event was found for the exception " + exception.getClass().getName());
 			}
 		}
 	}
 
 	private Constructor<? extends AbstractAuthenticationEvent> getEventConstructor(AuthenticationException exception) {
-		Constructor<? extends AbstractAuthenticationEvent> eventConstructor =
-				this.exceptionMappings.get(exception.getClass().getName());
+		Constructor<? extends AbstractAuthenticationEvent> eventConstructor = this.exceptionMappings
+				.get(exception.getClass().getName());
 		return (eventConstructor == null ? this.defaultAuthenticationFailureEventConstructor : eventConstructor);
 	}
 
-	public void setApplicationEventPublisher(
-			ApplicationEventPublisher applicationEventPublisher) {
+	public void setApplicationEventPublisher(ApplicationEventPublisher applicationEventPublisher) {
 		this.applicationEventPublisher = applicationEventPublisher;
 	}
 
 	/**
 	 * Sets additional exception to event mappings. These are automatically merged with
 	 * the default exception to event mappings that <code>ProviderManager</code> defines.
-	 *
 	 * @param additionalExceptionMappings where keys are the fully-qualified string name
 	 * of the exception class and the values are the fully-qualified string name of the
 	 * event class to fire.
-	 *
 	 * @deprecated use {@link #setAdditionalExceptionMappings(Map)}
 	 */
 	@Deprecated
 	@SuppressWarnings({ "unchecked" })
 	public void setAdditionalExceptionMappings(Properties additionalExceptionMappings) {
-		Assert.notNull(additionalExceptionMappings,
-				"The exceptionMappings object must not be null");
+		Assert.notNull(additionalExceptionMappings, "The exceptionMappings object must not be null");
 		for (Object exceptionClass : additionalExceptionMappings.keySet()) {
 			String eventClass = (String) additionalExceptionMappings.get(exceptionClass);
 			try {
 				Class<?> clazz = getClass().getClassLoader().loadClass(eventClass);
 				Assert.isAssignable(AbstractAuthenticationFailureEvent.class, clazz);
-				addMapping((String) exceptionClass,
-						(Class<? extends AbstractAuthenticationFailureEvent>) clazz);
+				addMapping((String) exceptionClass, (Class<? extends AbstractAuthenticationFailureEvent>) clazz);
 			}
 			catch (ClassNotFoundException e) {
-				throw new RuntimeException("Failed to load authentication event class "
-						+ eventClass);
+				throw new RuntimeException("Failed to load authentication event class " + eventClass);
 			}
 		}
 	}
@@ -175,29 +158,27 @@ public class DefaultAuthenticationEventPublisher implements AuthenticationEventP
 	/**
 	 * Sets additional exception to event mappings. These are automatically merged with
 	 * the default exception to event mappings that <code>ProviderManager</code> defines.
-	 *
 	 * @param mappings where keys are exception classes and values are event classes.
 	 * @since 5.3
 	 */
-	public void setAdditionalExceptionMappings(Map<Class<? extends AuthenticationException>,
-			Class<? extends AbstractAuthenticationFailureEvent>> mappings){
+	public void setAdditionalExceptionMappings(
+			Map<Class<? extends AuthenticationException>, Class<? extends AbstractAuthenticationFailureEvent>> mappings) {
 		Assert.notEmpty(mappings, "The mappings Map must not be empty nor null");
-		for (Map.Entry<Class<? extends AuthenticationException>, Class<? extends AbstractAuthenticationFailureEvent>> entry
-				: mappings.entrySet()) {
-				Class<?> exceptionClass = entry.getKey();
-				Class<?> eventClass = entry.getValue();
-				Assert.notNull(exceptionClass, "exceptionClass cannot be null");
-				Assert.notNull(eventClass, "eventClass cannot be null");
-				addMapping(exceptionClass.getName(), (Class<? extends AbstractAuthenticationFailureEvent>) eventClass);
+		for (Map.Entry<Class<? extends AuthenticationException>, Class<? extends AbstractAuthenticationFailureEvent>> entry : mappings
+				.entrySet()) {
+			Class<?> exceptionClass = entry.getKey();
+			Class<?> eventClass = entry.getValue();
+			Assert.notNull(exceptionClass, "exceptionClass cannot be null");
+			Assert.notNull(eventClass, "eventClass cannot be null");
+			addMapping(exceptionClass.getName(), (Class<? extends AbstractAuthenticationFailureEvent>) eventClass);
 		}
 	}
 
 	/**
 	 * Sets a default authentication failure event as a fallback event for any unmapped
 	 * exceptions not mapped in the exception mappings.
-	 *
-	 * @param defaultAuthenticationFailureEventClass is the authentication failure event class
-	 * to be fired for unmapped exceptions.
+	 * @param defaultAuthenticationFailureEventClass is the authentication failure event
+	 * class to be fired for unmapped exceptions.
 	 */
 	public void setDefaultAuthenticationFailureEvent(
 			Class<? extends AbstractAuthenticationFailureEvent> defaultAuthenticationFailureEventClass) {
@@ -206,22 +187,23 @@ public class DefaultAuthenticationEventPublisher implements AuthenticationEventP
 		try {
 			this.defaultAuthenticationFailureEventConstructor = defaultAuthenticationFailureEventClass
 					.getConstructor(Authentication.class, AuthenticationException.class);
-		} catch (NoSuchMethodException e) {
+		}
+		catch (NoSuchMethodException e) {
 			throw new RuntimeException("Default Authentication Failure event class "
 					+ defaultAuthenticationFailureEventClass.getName() + " has no suitable constructor");
 		}
 	}
 
-	private void addMapping(String exceptionClass,
-			Class<? extends AbstractAuthenticationFailureEvent> eventClass) {
+	private void addMapping(String exceptionClass, Class<? extends AbstractAuthenticationFailureEvent> eventClass) {
 		try {
 			Constructor<? extends AbstractAuthenticationEvent> constructor = eventClass
 					.getConstructor(Authentication.class, AuthenticationException.class);
 			exceptionMappings.put(exceptionClass, constructor);
 		}
 		catch (NoSuchMethodException e) {
-			throw new RuntimeException("Authentication event class "
-					+ eventClass.getName() + " has no suitable constructor");
+			throw new RuntimeException(
+					"Authentication event class " + eventClass.getName() + " has no suitable constructor");
 		}
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/authentication/DelegatingReactiveAuthenticationManager.java b/core/src/main/java/org/springframework/security/authentication/DelegatingReactiveAuthenticationManager.java
index 0a2a43d532..cd6c7d1ef2 100644
--- a/core/src/main/java/org/springframework/security/authentication/DelegatingReactiveAuthenticationManager.java
+++ b/core/src/main/java/org/springframework/security/authentication/DelegatingReactiveAuthenticationManager.java
@@ -26,30 +26,28 @@ import reactor.core.publisher.Flux;
 import reactor.core.publisher.Mono;
 
 /**
- * A {@link ReactiveAuthenticationManager} that delegates to other {@link ReactiveAuthenticationManager} instances using
- * the result from the first non empty result.
+ * A {@link ReactiveAuthenticationManager} that delegates to other
+ * {@link ReactiveAuthenticationManager} instances using the result from the first non
+ * empty result.
  *
  * @author Rob Winch
  * @since 5.1
  */
-public class DelegatingReactiveAuthenticationManager
-		implements ReactiveAuthenticationManager {
+public class DelegatingReactiveAuthenticationManager implements ReactiveAuthenticationManager {
+
 	private final List<ReactiveAuthenticationManager> delegates;
 
-	public DelegatingReactiveAuthenticationManager(
-			ReactiveAuthenticationManager... entryPoints) {
+	public DelegatingReactiveAuthenticationManager(ReactiveAuthenticationManager... entryPoints) {
 		this(Arrays.asList(entryPoints));
 	}
 
-	public DelegatingReactiveAuthenticationManager(
-			List<ReactiveAuthenticationManager> entryPoints) {
+	public DelegatingReactiveAuthenticationManager(List<ReactiveAuthenticationManager> entryPoints) {
 		Assert.notEmpty(entryPoints, "entryPoints cannot be null");
 		this.delegates = entryPoints;
 	}
 
 	public Mono<Authentication> authenticate(Authentication authentication) {
-		return Flux.fromIterable(this.delegates)
-				.concatMap(m -> m.authenticate(authentication))
-				.next();
+		return Flux.fromIterable(this.delegates).concatMap(m -> m.authenticate(authentication)).next();
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/authentication/DisabledException.java b/core/src/main/java/org/springframework/security/authentication/DisabledException.java
index bc48774b89..92d63cb4c9 100644
--- a/core/src/main/java/org/springframework/security/authentication/DisabledException.java
+++ b/core/src/main/java/org/springframework/security/authentication/DisabledException.java
@@ -23,12 +23,12 @@ package org.springframework.security.authentication;
  * @author Ben Alex
  */
 public class DisabledException extends AccountStatusException {
+
 	// ~ Constructors
 	// ===================================================================================================
 
 	/**
 	 * Constructs a <code>DisabledException</code> with the specified message.
-	 *
 	 * @param msg the detail message
 	 */
 	public DisabledException(String msg) {
@@ -38,11 +38,11 @@ public class DisabledException extends AccountStatusException {
 	/**
 	 * Constructs a <code>DisabledException</code> with the specified message and root
 	 * cause.
-	 *
 	 * @param msg the detail message
 	 * @param t root cause
 	 */
 	public DisabledException(String msg, Throwable t) {
 		super(msg, t);
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/authentication/InsufficientAuthenticationException.java b/core/src/main/java/org/springframework/security/authentication/InsufficientAuthenticationException.java
index e60723f546..6cc4c09f05 100644
--- a/core/src/main/java/org/springframework/security/authentication/InsufficientAuthenticationException.java
+++ b/core/src/main/java/org/springframework/security/authentication/InsufficientAuthenticationException.java
@@ -32,13 +32,13 @@ import org.springframework.security.core.AuthenticationException;
  * @author Ben Alex
  */
 public class InsufficientAuthenticationException extends AuthenticationException {
+
 	// ~ Constructors
 	// ===================================================================================================
 
 	/**
 	 * Constructs an <code>InsufficientAuthenticationException</code> with the specified
 	 * message.
-	 *
 	 * @param msg the detail message
 	 */
 	public InsufficientAuthenticationException(String msg) {
@@ -48,11 +48,11 @@ public class InsufficientAuthenticationException extends AuthenticationException
 	/**
 	 * Constructs an <code>InsufficientAuthenticationException</code> with the specified
 	 * message and root cause.
-	 *
 	 * @param msg the detail message
 	 * @param t root cause
 	 */
 	public InsufficientAuthenticationException(String msg, Throwable t) {
 		super(msg, t);
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/authentication/InternalAuthenticationServiceException.java b/core/src/main/java/org/springframework/security/authentication/InternalAuthenticationServiceException.java
index 5c08ed4e71..4e26ddd1a1 100644
--- a/core/src/main/java/org/springframework/security/authentication/InternalAuthenticationServiceException.java
+++ b/core/src/main/java/org/springframework/security/authentication/InternalAuthenticationServiceException.java
@@ -34,8 +34,7 @@ package org.springframework.security.authentication;
  * @author Rob Winch
  *
  */
-public class InternalAuthenticationServiceException extends
-		AuthenticationServiceException {
+public class InternalAuthenticationServiceException extends AuthenticationServiceException {
 
 	public InternalAuthenticationServiceException(String message, Throwable cause) {
 		super(message, cause);
@@ -44,4 +43,5 @@ public class InternalAuthenticationServiceException extends
 	public InternalAuthenticationServiceException(String message) {
 		super(message);
 	}
+
 }
\ No newline at end of file
diff --git a/core/src/main/java/org/springframework/security/authentication/LockedException.java b/core/src/main/java/org/springframework/security/authentication/LockedException.java
index ff27ec8cc7..7dd2464959 100644
--- a/core/src/main/java/org/springframework/security/authentication/LockedException.java
+++ b/core/src/main/java/org/springframework/security/authentication/LockedException.java
@@ -23,12 +23,12 @@ package org.springframework.security.authentication;
  * @author Ben Alex
  */
 public class LockedException extends AccountStatusException {
+
 	// ~ Constructors
 	// ===================================================================================================
 
 	/**
 	 * Constructs a <code>LockedException</code> with the specified message.
-	 *
 	 * @param msg the detail message.
 	 */
 	public LockedException(String msg) {
@@ -38,11 +38,11 @@ public class LockedException extends AccountStatusException {
 	/**
 	 * Constructs a <code>LockedException</code> with the specified message and root
 	 * cause.
-	 *
 	 * @param msg the detail message.
 	 * @param t root cause
 	 */
 	public LockedException(String msg, Throwable t) {
 		super(msg, t);
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/authentication/ProviderManager.java b/core/src/main/java/org/springframework/security/authentication/ProviderManager.java
index 959309c95e..93af53655f 100644
--- a/core/src/main/java/org/springframework/security/authentication/ProviderManager.java
+++ b/core/src/main/java/org/springframework/security/authentication/ProviderManager.java
@@ -80,14 +80,12 @@ import org.springframework.util.CollectionUtils;
  * {@code AuthenticationManager} if one has been set. So in this situation, the parent
  * should not generally be configured to publish events or there will be duplicates.
  *
- *
  * @author Ben Alex
  * @author Luke Taylor
- *
  * @see DefaultAuthenticationEventPublisher
  */
-public class ProviderManager implements AuthenticationManager, MessageSourceAware,
-		InitializingBean {
+public class ProviderManager implements AuthenticationManager, MessageSourceAware, InitializingBean {
+
 	// ~ Static fields/initializers
 	// =====================================================================================
 
@@ -97,14 +95,17 @@ public class ProviderManager implements AuthenticationManager, MessageSourceAwar
 	// ================================================================================================
 
 	private AuthenticationEventPublisher eventPublisher = new NullEventPublisher();
+
 	private List<AuthenticationProvider> providers = Collections.emptyList();
+
 	protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
+
 	private AuthenticationManager parent;
+
 	private boolean eraseCredentialsAfterAuthentication = true;
 
 	/**
 	 * Construct a {@link ProviderManager} using the given {@link AuthenticationProvider}s
-	 *
 	 * @param providers the {@link AuthenticationProvider}s to use
 	 */
 	public ProviderManager(AuthenticationProvider... providers) {
@@ -113,7 +114,6 @@ public class ProviderManager implements AuthenticationManager, MessageSourceAwar
 
 	/**
 	 * Construct a {@link ProviderManager} using the given {@link AuthenticationProvider}s
-	 *
 	 * @param providers the {@link AuthenticationProvider}s to use
 	 */
 	public ProviderManager(List<AuthenticationProvider> providers) {
@@ -122,12 +122,10 @@ public class ProviderManager implements AuthenticationManager, MessageSourceAwar
 
 	/**
 	 * Construct a {@link ProviderManager} using the provided parameters
-	 *
 	 * @param providers the {@link AuthenticationProvider}s to use
 	 * @param parent a parent {@link AuthenticationManager} to fall back to
 	 */
-	public ProviderManager(List<AuthenticationProvider> providers,
-			AuthenticationManager parent) {
+	public ProviderManager(List<AuthenticationProvider> providers, AuthenticationManager parent) {
 		Assert.notNull(providers, "providers list cannot be null");
 		this.providers = providers;
 		this.parent = parent;
@@ -144,11 +142,10 @@ public class ProviderManager implements AuthenticationManager, MessageSourceAwar
 	private void checkState() {
 		if (parent == null && providers.isEmpty()) {
 			throw new IllegalArgumentException(
-					"A parent AuthenticationManager or a list "
-							+ "of AuthenticationProviders is required");
-		} else if (CollectionUtils.contains(providers.iterator(), null)) {
-			throw new IllegalArgumentException(
-					"providers list cannot contain null values");
+					"A parent AuthenticationManager or a list " + "of AuthenticationProviders is required");
+		}
+		else if (CollectionUtils.contains(providers.iterator(), null)) {
+			throw new IllegalArgumentException("providers list cannot contain null values");
 		}
 	}
 
@@ -161,24 +158,18 @@ public class ProviderManager implements AuthenticationManager, MessageSourceAwar
 	 * attempted with that <code>AuthenticationProvider</code>.
 	 * <p>
 	 * If more than one <code>AuthenticationProvider</code> supports the passed
-	 * <code>Authentication</code> object, the first one able to successfully
-	 * authenticate the <code>Authentication</code> object determines the
-	 * <code>result</code>, overriding any possible <code>AuthenticationException</code>
-	 * thrown by earlier supporting <code>AuthenticationProvider</code>s.
-	 * On successful authentication, no subsequent <code>AuthenticationProvider</code>s
-	 * will be tried.
-	 * If authentication was not successful by any supporting
-	 * <code>AuthenticationProvider</code> the last thrown
-	 * <code>AuthenticationException</code> will be rethrown.
-	 *
+	 * <code>Authentication</code> object, the first one able to successfully authenticate
+	 * the <code>Authentication</code> object determines the <code>result</code>,
+	 * overriding any possible <code>AuthenticationException</code> thrown by earlier
+	 * supporting <code>AuthenticationProvider</code>s. On successful authentication, no
+	 * subsequent <code>AuthenticationProvider</code>s will be tried. If authentication
+	 * was not successful by any supporting <code>AuthenticationProvider</code> the last
+	 * thrown <code>AuthenticationException</code> will be rethrown.
 	 * @param authentication the authentication request object.
-	 *
 	 * @return a fully authenticated object including credentials.
-	 *
 	 * @throws AuthenticationException if authentication fails.
 	 */
-	public Authentication authenticate(Authentication authentication)
-			throws AuthenticationException {
+	public Authentication authenticate(Authentication authentication) throws AuthenticationException {
 		Class<? extends Authentication> toTest = authentication.getClass();
 		AuthenticationException lastException = null;
 		AuthenticationException parentException = null;
@@ -192,8 +183,7 @@ public class ProviderManager implements AuthenticationManager, MessageSourceAwar
 			}
 
 			if (debug) {
-				logger.debug("Authentication attempt using "
-						+ provider.getClass().getName());
+				logger.debug("Authentication attempt using " + provider.getClass().getName());
 			}
 
 			try {
@@ -209,7 +199,8 @@ public class ProviderManager implements AuthenticationManager, MessageSourceAwar
 				// SEC-546: Avoid polling additional providers if auth failure is due to
 				// invalid account status
 				throw e;
-			} catch (AuthenticationException e) {
+			}
+			catch (AuthenticationException e) {
 				lastException = e;
 			}
 		}
@@ -231,15 +222,16 @@ public class ProviderManager implements AuthenticationManager, MessageSourceAwar
 		}
 
 		if (result != null) {
-			if (eraseCredentialsAfterAuthentication
-					&& (result instanceof CredentialsContainer)) {
+			if (eraseCredentialsAfterAuthentication && (result instanceof CredentialsContainer)) {
 				// Authentication is complete. Remove credentials and other secret data
 				// from authentication
 				((CredentialsContainer) result).eraseCredentials();
 			}
 
-			// If the parent AuthenticationManager was attempted and successful then it will publish an AuthenticationSuccessEvent
-			// This check prevents a duplicate AuthenticationSuccessEvent if the parent AuthenticationManager already published it
+			// If the parent AuthenticationManager was attempted and successful then it
+			// will publish an AuthenticationSuccessEvent
+			// This check prevents a duplicate AuthenticationSuccessEvent if the parent
+			// AuthenticationManager already published it
 			if (parentResult == null) {
 				eventPublisher.publishAuthenticationSuccess(result);
 			}
@@ -249,14 +241,14 @@ public class ProviderManager implements AuthenticationManager, MessageSourceAwar
 		// Parent was null, or didn't authenticate (or throw an exception).
 
 		if (lastException == null) {
-			lastException = new ProviderNotFoundException(messages.getMessage(
-					"ProviderManager.providerNotFound",
-					new Object[] { toTest.getName() },
-					"No AuthenticationProvider found for {0}"));
+			lastException = new ProviderNotFoundException(messages.getMessage("ProviderManager.providerNotFound",
+					new Object[] { toTest.getName() }, "No AuthenticationProvider found for {0}"));
 		}
 
-		// If the parent AuthenticationManager was attempted and failed then it will publish an AbstractAuthenticationFailureEvent
-		// This check prevents a duplicate AbstractAuthenticationFailureEvent if the parent AuthenticationManager already published it
+		// If the parent AuthenticationManager was attempted and failed then it will
+		// publish an AbstractAuthenticationFailureEvent
+		// This check prevents a duplicate AbstractAuthenticationFailureEvent if the
+		// parent AuthenticationManager already published it
 		if (parentException == null) {
 			prepareException(lastException, authentication);
 		}
@@ -272,7 +264,6 @@ public class ProviderManager implements AuthenticationManager, MessageSourceAwar
 	/**
 	 * Copies the authentication details from a source Authentication object to a
 	 * destination one, provided the latter does not already have one set.
-	 *
 	 * @param source source authentication
 	 * @param dest the destination authentication object
 	 */
@@ -292,8 +283,7 @@ public class ProviderManager implements AuthenticationManager, MessageSourceAwar
 		this.messages = new MessageSourceAccessor(messageSource);
 	}
 
-	public void setAuthenticationEventPublisher(
-			AuthenticationEventPublisher eventPublisher) {
+	public void setAuthenticationEventPublisher(AuthenticationEventPublisher eventPublisher) {
 		Assert.notNull(eventPublisher, "AuthenticationEventPublisher cannot be null");
 		this.eventPublisher = eventPublisher;
 	}
@@ -303,7 +293,6 @@ public class ProviderManager implements AuthenticationManager, MessageSourceAwar
 	 * {@code CredentialsContainer} interface will have its
 	 * {@link CredentialsContainer#eraseCredentials() eraseCredentials} method called
 	 * before it is returned from the {@code authenticate()} method.
-	 *
 	 * @param eraseSecretData set to {@literal false} to retain the credentials data in
 	 * memory. Defaults to {@literal true}.
 	 */
@@ -316,11 +305,13 @@ public class ProviderManager implements AuthenticationManager, MessageSourceAwar
 	}
 
 	private static final class NullEventPublisher implements AuthenticationEventPublisher {
-		public void publishAuthenticationFailure(AuthenticationException exception,
-				Authentication authentication) {
+
+		public void publishAuthenticationFailure(AuthenticationException exception, Authentication authentication) {
 		}
 
 		public void publishAuthenticationSuccess(Authentication authentication) {
 		}
+
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/authentication/ProviderNotFoundException.java b/core/src/main/java/org/springframework/security/authentication/ProviderNotFoundException.java
index 62169c32f7..4cde08daa9 100644
--- a/core/src/main/java/org/springframework/security/authentication/ProviderNotFoundException.java
+++ b/core/src/main/java/org/springframework/security/authentication/ProviderNotFoundException.java
@@ -26,15 +26,16 @@ import org.springframework.security.core.AuthenticationException;
  * @author Ben Alex
  */
 public class ProviderNotFoundException extends AuthenticationException {
+
 	// ~ Constructors
 	// ===================================================================================================
 
 	/**
 	 * Constructs a <code>ProviderNotFoundException</code> with the specified message.
-	 *
 	 * @param msg the detail message
 	 */
 	public ProviderNotFoundException(String msg) {
 		super(msg);
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/authentication/ReactiveAuthenticationManager.java b/core/src/main/java/org/springframework/security/authentication/ReactiveAuthenticationManager.java
index 72d554d48e..806e0cd2f5 100644
--- a/core/src/main/java/org/springframework/security/authentication/ReactiveAuthenticationManager.java
+++ b/core/src/main/java/org/springframework/security/authentication/ReactiveAuthenticationManager.java
@@ -30,11 +30,11 @@ public interface ReactiveAuthenticationManager {
 
 	/**
 	 * Attempts to authenticate the provided {@link Authentication}
-	 *
 	 * @param authentication the {@link Authentication} to test
 	 * @return if authentication is successful an {@link Authentication} is returned. If
 	 * authentication cannot be determined, an empty Mono is returned. If authentication
 	 * fails, a Mono error is returned.
 	 */
 	Mono<Authentication> authenticate(Authentication authentication);
+
 }
diff --git a/core/src/main/java/org/springframework/security/authentication/ReactiveAuthenticationManagerAdapter.java b/core/src/main/java/org/springframework/security/authentication/ReactiveAuthenticationManagerAdapter.java
index 087a169b94..a26649dbc2 100644
--- a/core/src/main/java/org/springframework/security/authentication/ReactiveAuthenticationManagerAdapter.java
+++ b/core/src/main/java/org/springframework/security/authentication/ReactiveAuthenticationManagerAdapter.java
@@ -22,9 +22,10 @@ import reactor.core.scheduler.Scheduler;
 import reactor.core.scheduler.Schedulers;
 
 /**
- * Adapts an AuthenticationManager to the reactive APIs. This is somewhat necessary because many of the ways that
- * credentials are stored (i.e.  JDBC, LDAP, etc) do not have reactive implementations. What's more is it is generally
- * considered best practice to store passwords in a hash that is intentionally slow which would block ever request
+ * Adapts an AuthenticationManager to the reactive APIs. This is somewhat necessary
+ * because many of the ways that credentials are stored (i.e. JDBC, LDAP, etc) do not have
+ * reactive implementations. What's more is it is generally considered best practice to
+ * store passwords in a hash that is intentionally slow which would block ever request
  * from coming in unless it was put on another thread.
  *
  * @author Rob Winch
@@ -32,6 +33,7 @@ import reactor.core.scheduler.Schedulers;
  * @since 5.0
  */
 public class ReactiveAuthenticationManagerAdapter implements ReactiveAuthenticationManager {
+
 	private final AuthenticationManager authenticationManager;
 
 	private Scheduler scheduler = Schedulers.boundedElastic();
@@ -43,16 +45,14 @@ public class ReactiveAuthenticationManagerAdapter implements ReactiveAuthenticat
 
 	@Override
 	public Mono<Authentication> authenticate(Authentication token) {
-		return Mono.just(token)
-			.publishOn(this.scheduler)
-			.flatMap( t -> {
-				try {
-					return Mono.just(authenticationManager.authenticate(t));
-				} catch(Throwable error) {
-					return Mono.error(error);
-				}
-			})
-			.filter( a -> a.isAuthenticated());
+		return Mono.just(token).publishOn(this.scheduler).flatMap(t -> {
+			try {
+				return Mono.just(authenticationManager.authenticate(t));
+			}
+			catch (Throwable error) {
+				return Mono.error(error);
+			}
+		}).filter(a -> a.isAuthenticated());
 	}
 
 	/**
diff --git a/core/src/main/java/org/springframework/security/authentication/ReactiveAuthenticationManagerResolver.java b/core/src/main/java/org/springframework/security/authentication/ReactiveAuthenticationManagerResolver.java
index 25c4fc8241..705eb3969e 100644
--- a/core/src/main/java/org/springframework/security/authentication/ReactiveAuthenticationManagerResolver.java
+++ b/core/src/main/java/org/springframework/security/authentication/ReactiveAuthenticationManagerResolver.java
@@ -21,12 +21,15 @@ import org.springframework.security.authentication.ReactiveAuthenticationManager
 import reactor.core.publisher.Mono;
 
 /**
- * An interface for resolving a {@link ReactiveAuthenticationManager} based on the provided context
+ * An interface for resolving a {@link ReactiveAuthenticationManager} based on the
+ * provided context
  *
  * @author Rafiullah Hamedy
  * @since 5.2
  */
 @FunctionalInterface
 public interface ReactiveAuthenticationManagerResolver<C> {
+
 	Mono<ReactiveAuthenticationManager> resolve(C context);
+
 }
\ No newline at end of file
diff --git a/core/src/main/java/org/springframework/security/authentication/RememberMeAuthenticationProvider.java b/core/src/main/java/org/springframework/security/authentication/RememberMeAuthenticationProvider.java
index 0b44ba0fb1..0eb69c59fa 100644
--- a/core/src/main/java/org/springframework/security/authentication/RememberMeAuthenticationProvider.java
+++ b/core/src/main/java/org/springframework/security/authentication/RememberMeAuthenticationProvider.java
@@ -32,12 +32,13 @@ import org.springframework.util.Assert;
  * To be successfully validated, the {@link RememberMeAuthenticationToken#getKeyHash()}
  * must match this class' {@link #getKey()}.
  */
-public class RememberMeAuthenticationProvider implements AuthenticationProvider,
-		InitializingBean, MessageSourceAware {
+public class RememberMeAuthenticationProvider implements AuthenticationProvider, InitializingBean, MessageSourceAware {
+
 	// ~ Instance fields
 	// ================================================================================================
 
 	protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
+
 	private String key;
 
 	public RememberMeAuthenticationProvider(String key) {
@@ -52,17 +53,14 @@ public class RememberMeAuthenticationProvider implements AuthenticationProvider,
 		Assert.notNull(this.messages, "A message source must be set");
 	}
 
-	public Authentication authenticate(Authentication authentication)
-			throws AuthenticationException {
+	public Authentication authenticate(Authentication authentication) throws AuthenticationException {
 		if (!supports(authentication.getClass())) {
 			return null;
 		}
 
-		if (this.key.hashCode() != ((RememberMeAuthenticationToken) authentication)
-				.getKeyHash()) {
-			throw new BadCredentialsException(
-					messages.getMessage("RememberMeAuthenticationProvider.incorrectKey",
-							"The presented RememberMeAuthenticationToken does not contain the expected key"));
+		if (this.key.hashCode() != ((RememberMeAuthenticationToken) authentication).getKeyHash()) {
+			throw new BadCredentialsException(messages.getMessage("RememberMeAuthenticationProvider.incorrectKey",
+					"The presented RememberMeAuthenticationToken does not contain the expected key"));
 		}
 
 		return authentication;
@@ -79,4 +77,5 @@ public class RememberMeAuthenticationProvider implements AuthenticationProvider,
 	public boolean supports(Class<?> authentication) {
 		return (RememberMeAuthenticationToken.class.isAssignableFrom(authentication));
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/authentication/RememberMeAuthenticationToken.java b/core/src/main/java/org/springframework/security/authentication/RememberMeAuthenticationToken.java
index 1e75db9a50..25a53c6783 100644
--- a/core/src/main/java/org/springframework/security/authentication/RememberMeAuthenticationToken.java
+++ b/core/src/main/java/org/springframework/security/authentication/RememberMeAuthenticationToken.java
@@ -38,6 +38,7 @@ public class RememberMeAuthenticationToken extends AbstractAuthenticationToken {
 	// ================================================================================================
 
 	private final Object principal;
+
 	private final int keyHash;
 
 	// ~ Constructors
@@ -45,20 +46,17 @@ public class RememberMeAuthenticationToken extends AbstractAuthenticationToken {
 
 	/**
 	 * Constructor.
-	 *
-	 * @param key         to identify if this object made by an authorised client
-	 * @param principal   the principal (typically a <code>UserDetails</code>)
+	 * @param key to identify if this object made by an authorised client
+	 * @param principal the principal (typically a <code>UserDetails</code>)
 	 * @param authorities the authorities granted to the principal
 	 * @throws IllegalArgumentException if a <code>null</code> was passed
 	 */
 	public RememberMeAuthenticationToken(String key, Object principal,
-										Collection<? extends GrantedAuthority> authorities) {
+			Collection<? extends GrantedAuthority> authorities) {
 		super(authorities);
 
-		if ((key == null) || ("".equals(key)) || (principal == null)
-				|| "".equals(principal)) {
-			throw new IllegalArgumentException(
-					"Cannot pass null or empty values to constructor");
+		if ((key == null) || ("".equals(key)) || (principal == null) || "".equals(principal)) {
+			throw new IllegalArgumentException("Cannot pass null or empty values to constructor");
 		}
 
 		this.keyHash = key.hashCode();
@@ -68,13 +66,13 @@ public class RememberMeAuthenticationToken extends AbstractAuthenticationToken {
 
 	/**
 	 * Private Constructor to help in Jackson deserialization.
-	 *
-	 * @param keyHash     hashCode of above given key.
-	 * @param principal   the principal (typically a <code>UserDetails</code>)
+	 * @param keyHash hashCode of above given key.
+	 * @param principal the principal (typically a <code>UserDetails</code>)
 	 * @param authorities the authorities granted to the principal
 	 * @since 4.2
 	 */
-	private RememberMeAuthenticationToken(Integer keyHash, Object principal, Collection<? extends GrantedAuthority> authorities) {
+	private RememberMeAuthenticationToken(Integer keyHash, Object principal,
+			Collection<? extends GrantedAuthority> authorities) {
 		super(authorities);
 
 		this.keyHash = keyHash;
@@ -87,7 +85,6 @@ public class RememberMeAuthenticationToken extends AbstractAuthenticationToken {
 
 	/**
 	 * Always returns an empty <code>String</code>
-	 *
 	 * @return an empty String
 	 */
 	@Override
@@ -129,4 +126,5 @@ public class RememberMeAuthenticationToken extends AbstractAuthenticationToken {
 		result = 31 * result + this.keyHash;
 		return result;
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/authentication/TestingAuthenticationProvider.java b/core/src/main/java/org/springframework/security/authentication/TestingAuthenticationProvider.java
index ff42fe79c6..d71cb0be5e 100644
--- a/core/src/main/java/org/springframework/security/authentication/TestingAuthenticationProvider.java
+++ b/core/src/main/java/org/springframework/security/authentication/TestingAuthenticationProvider.java
@@ -33,15 +33,16 @@ import org.springframework.security.core.AuthenticationException;
  * @author Ben Alex
  */
 public class TestingAuthenticationProvider implements AuthenticationProvider {
+
 	// ~ Methods
 	// ========================================================================================================
 
-	public Authentication authenticate(Authentication authentication)
-			throws AuthenticationException {
+	public Authentication authenticate(Authentication authentication) throws AuthenticationException {
 		return authentication;
 	}
 
 	public boolean supports(Class<?> authentication) {
 		return TestingAuthenticationToken.class.isAssignableFrom(authentication);
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/authentication/TestingAuthenticationToken.java b/core/src/main/java/org/springframework/security/authentication/TestingAuthenticationToken.java
index 9aeb4446b7..18ee4ec882 100644
--- a/core/src/main/java/org/springframework/security/authentication/TestingAuthenticationToken.java
+++ b/core/src/main/java/org/springframework/security/authentication/TestingAuthenticationToken.java
@@ -30,11 +30,14 @@ import java.util.List;
  * @author Ben Alex
  */
 public class TestingAuthenticationToken extends AbstractAuthenticationToken {
+
 	// ~ Instance fields
 	// ================================================================================================
 
 	private static final long serialVersionUID = 1L;
+
 	private final Object credentials;
+
 	private final Object principal;
 
 	// ~ Constructors
@@ -46,13 +49,11 @@ public class TestingAuthenticationToken extends AbstractAuthenticationToken {
 		this.credentials = credentials;
 	}
 
-	public TestingAuthenticationToken(Object principal, Object credentials,
-			String... authorities) {
+	public TestingAuthenticationToken(Object principal, Object credentials, String... authorities) {
 		this(principal, credentials, AuthorityUtils.createAuthorityList(authorities));
 	}
 
-	public TestingAuthenticationToken(Object principal, Object credentials,
-			List<GrantedAuthority> authorities) {
+	public TestingAuthenticationToken(Object principal, Object credentials, List<GrantedAuthority> authorities) {
 		super(authorities);
 		this.principal = principal;
 		this.credentials = credentials;
@@ -69,4 +70,5 @@ public class TestingAuthenticationToken extends AbstractAuthenticationToken {
 	public Object getPrincipal() {
 		return this.principal;
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/authentication/UserDetailsRepositoryReactiveAuthenticationManager.java b/core/src/main/java/org/springframework/security/authentication/UserDetailsRepositoryReactiveAuthenticationManager.java
index 5d273beb4b..a27ed5f68d 100644
--- a/core/src/main/java/org/springframework/security/authentication/UserDetailsRepositoryReactiveAuthenticationManager.java
+++ b/core/src/main/java/org/springframework/security/authentication/UserDetailsRepositoryReactiveAuthenticationManager.java
@@ -23,14 +23,15 @@ import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.util.Assert;
 
 /**
- * A {@link ReactiveAuthenticationManager} that uses a {@link ReactiveUserDetailsService} to validate the provided
- * username and password.
+ * A {@link ReactiveAuthenticationManager} that uses a {@link ReactiveUserDetailsService}
+ * to validate the provided username and password.
  *
  * @author Rob Winch
  * @author Eddú Meléndez
  * @since 5.0
  */
-public class UserDetailsRepositoryReactiveAuthenticationManager extends AbstractUserDetailsReactiveAuthenticationManager {
+public class UserDetailsRepositoryReactiveAuthenticationManager
+		extends AbstractUserDetailsReactiveAuthenticationManager {
 
 	private ReactiveUserDetailsService userDetailsService;
 
diff --git a/core/src/main/java/org/springframework/security/authentication/UsernamePasswordAuthenticationToken.java b/core/src/main/java/org/springframework/security/authentication/UsernamePasswordAuthenticationToken.java
index 152d9961e6..634cc35f50 100644
--- a/core/src/main/java/org/springframework/security/authentication/UsernamePasswordAuthenticationToken.java
+++ b/core/src/main/java/org/springframework/security/authentication/UsernamePasswordAuthenticationToken.java
@@ -40,6 +40,7 @@ public class UsernamePasswordAuthenticationToken extends AbstractAuthenticationT
 	// ================================================================================================
 
 	private final Object principal;
+
 	private Object credentials;
 
 	// ~ Constructors
@@ -63,7 +64,6 @@ public class UsernamePasswordAuthenticationToken extends AbstractAuthenticationT
 	 * <code>AuthenticationProvider</code> implementations that are satisfied with
 	 * producing a trusted (i.e. {@link #isAuthenticated()} = <code>true</code>)
 	 * authentication token.
-	 *
 	 * @param principal
 	 * @param credentials
 	 * @param authorities
@@ -101,4 +101,5 @@ public class UsernamePasswordAuthenticationToken extends AbstractAuthenticationT
 		super.eraseCredentials();
 		credentials = null;
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/authentication/dao/AbstractUserDetailsAuthenticationProvider.java b/core/src/main/java/org/springframework/security/authentication/dao/AbstractUserDetailsAuthenticationProvider.java
index c752c81197..cc054bc87e 100644
--- a/core/src/main/java/org/springframework/security/authentication/dao/AbstractUserDetailsAuthenticationProvider.java
+++ b/core/src/main/java/org/springframework/security/authentication/dao/AbstractUserDetailsAuthenticationProvider.java
@@ -76,8 +76,8 @@ import org.springframework.util.Assert;
  *
  * @author Ben Alex
  */
-public abstract class AbstractUserDetailsAuthenticationProvider implements
-		AuthenticationProvider, InitializingBean, MessageSourceAware {
+public abstract class AbstractUserDetailsAuthenticationProvider
+		implements AuthenticationProvider, InitializingBean, MessageSourceAware {
 
 	protected final Log logger = LogFactory.getLog(getClass());
 
@@ -85,11 +85,17 @@ public abstract class AbstractUserDetailsAuthenticationProvider implements
 	// ================================================================================================
 
 	protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
+
 	private UserCache userCache = new NullUserCache();
+
 	private boolean forcePrincipalAsString = false;
+
 	protected boolean hideUserNotFoundExceptions = true;
+
 	private UserDetailsChecker preAuthenticationChecks = new DefaultPreAuthenticationChecks();
+
 	private UserDetailsChecker postAuthenticationChecks = new DefaultPostAuthenticationChecks();
+
 	private GrantedAuthoritiesMapper authoritiesMapper = new NullAuthoritiesMapper();
 
 	// ~ Methods
@@ -103,19 +109,16 @@ public abstract class AbstractUserDetailsAuthenticationProvider implements
 	 * properties of <code>UserDetails</code> and/or
 	 * <code>UsernamePasswordAuthenticationToken</code>, these should also appear in this
 	 * method.
-	 *
 	 * @param userDetails as retrieved from the
 	 * {@link #retrieveUser(String, UsernamePasswordAuthenticationToken)} or
 	 * <code>UserCache</code>
 	 * @param authentication the current request that needs to be authenticated
-	 *
 	 * @throws AuthenticationException AuthenticationException if the credentials could
 	 * not be validated (generally a <code>BadCredentialsException</code>, an
 	 * <code>AuthenticationServiceException</code>)
 	 */
 	protected abstract void additionalAuthenticationChecks(UserDetails userDetails,
-			UsernamePasswordAuthenticationToken authentication)
-			throws AuthenticationException;
+			UsernamePasswordAuthenticationToken authentication) throws AuthenticationException;
 
 	public final void afterPropertiesSet() throws Exception {
 		Assert.notNull(this.userCache, "A user cache must be set");
@@ -123,16 +126,13 @@ public abstract class AbstractUserDetailsAuthenticationProvider implements
 		doAfterPropertiesSet();
 	}
 
-	public Authentication authenticate(Authentication authentication)
-			throws AuthenticationException {
+	public Authentication authenticate(Authentication authentication) throws AuthenticationException {
 		Assert.isInstanceOf(UsernamePasswordAuthenticationToken.class, authentication,
-				() -> messages.getMessage(
-						"AbstractUserDetailsAuthenticationProvider.onlySupports",
+				() -> messages.getMessage("AbstractUserDetailsAuthenticationProvider.onlySupports",
 						"Only UsernamePasswordAuthenticationToken is supported"));
 
 		// Determine username
-		String username = (authentication.getPrincipal() == null) ? "NONE_PROVIDED"
-				: authentication.getName();
+		String username = (authentication.getPrincipal() == null) ? "NONE_PROVIDED" : authentication.getName();
 
 		boolean cacheWasUsed = true;
 		UserDetails user = this.userCache.getUserFromCache(username);
@@ -141,41 +141,35 @@ public abstract class AbstractUserDetailsAuthenticationProvider implements
 			cacheWasUsed = false;
 
 			try {
-				user = retrieveUser(username,
-						(UsernamePasswordAuthenticationToken) authentication);
+				user = retrieveUser(username, (UsernamePasswordAuthenticationToken) authentication);
 			}
 			catch (UsernameNotFoundException notFound) {
 				logger.debug("User '" + username + "' not found");
 
 				if (hideUserNotFoundExceptions) {
-					throw new BadCredentialsException(messages.getMessage(
-							"AbstractUserDetailsAuthenticationProvider.badCredentials",
-							"Bad credentials"));
+					throw new BadCredentialsException(messages
+							.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
 				}
 				else {
 					throw notFound;
 				}
 			}
 
-			Assert.notNull(user,
-					"retrieveUser returned null - a violation of the interface contract");
+			Assert.notNull(user, "retrieveUser returned null - a violation of the interface contract");
 		}
 
 		try {
 			preAuthenticationChecks.check(user);
-			additionalAuthenticationChecks(user,
-					(UsernamePasswordAuthenticationToken) authentication);
+			additionalAuthenticationChecks(user, (UsernamePasswordAuthenticationToken) authentication);
 		}
 		catch (AuthenticationException exception) {
 			if (cacheWasUsed) {
 				// There was a problem, so try again after checking
 				// we're using latest data (i.e. not from the cache)
 				cacheWasUsed = false;
-				user = retrieveUser(username,
-						(UsernamePasswordAuthenticationToken) authentication);
+				user = retrieveUser(username, (UsernamePasswordAuthenticationToken) authentication);
 				preAuthenticationChecks.check(user);
-				additionalAuthenticationChecks(user,
-						(UsernamePasswordAuthenticationToken) authentication);
+				additionalAuthenticationChecks(user, (UsernamePasswordAuthenticationToken) authentication);
 			}
 			else {
 				throw exception;
@@ -206,23 +200,20 @@ public abstract class AbstractUserDetailsAuthenticationProvider implements
 	 * Subclasses will usually store the original credentials the user supplied (not
 	 * salted or encoded passwords) in the returned <code>Authentication</code> object.
 	 * </p>
-	 *
 	 * @param principal that should be the principal in the returned object (defined by
 	 * the {@link #isForcePrincipalAsString()} method)
 	 * @param authentication that was presented to the provider for validation
 	 * @param user that was loaded by the implementation
-	 *
 	 * @return the successful authentication token
 	 */
-	protected Authentication createSuccessAuthentication(Object principal,
-			Authentication authentication, UserDetails user) {
+	protected Authentication createSuccessAuthentication(Object principal, Authentication authentication,
+			UserDetails user) {
 		// Ensure we return the original credentials the user supplied,
 		// so subsequent attempts are successful even with encoded passwords.
 		// Also ensure we return the original getDetails(), so that future
 		// authentication events after cache expiry contain the details
-		UsernamePasswordAuthenticationToken result = new UsernamePasswordAuthenticationToken(
-				principal, authentication.getCredentials(),
-				authoritiesMapper.mapAuthorities(user.getAuthorities()));
+		UsernamePasswordAuthenticationToken result = new UsernamePasswordAuthenticationToken(principal,
+				authentication.getCredentials(), authoritiesMapper.mapAuthorities(user.getAuthorities()));
 		result.setDetails(authentication.getDetails());
 
 		return result;
@@ -271,21 +262,17 @@ public abstract class AbstractUserDetailsAuthenticationProvider implements
 	 * so that code related to credentials validation need not be duplicated across two
 	 * methods.
 	 * </p>
-	 *
 	 * @param username The username to retrieve
 	 * @param authentication The authentication request, which subclasses <em>may</em>
 	 * need to perform a binding-based retrieval of the <code>UserDetails</code>
-	 *
 	 * @return the user information (never <code>null</code> - instead an exception should
 	 * the thrown)
-	 *
 	 * @throws AuthenticationException if the credentials could not be validated
 	 * (generally a <code>BadCredentialsException</code>, an
 	 * <code>AuthenticationServiceException</code> or
 	 * <code>UsernameNotFoundException</code>)
 	 */
-	protected abstract UserDetails retrieveUser(String username,
-			UsernamePasswordAuthenticationToken authentication)
+	protected abstract UserDetails retrieveUser(String username, UsernamePasswordAuthenticationToken authentication)
 			throws AuthenticationException;
 
 	public void setForcePrincipalAsString(boolean forcePrincipalAsString) {
@@ -299,7 +286,6 @@ public abstract class AbstractUserDetailsAuthenticationProvider implements
 	 * <code>UsernameNotFoundException</code>s to be thrown instead for the former. Note
 	 * this is considered less secure than throwing <code>BadCredentialsException</code>
 	 * for both exceptions.
-	 *
 	 * @param hideUserNotFoundExceptions set to <code>false</code> if you wish
 	 * <code>UsernameNotFoundException</code>s to be thrown instead of the non-specific
 	 * <code>BadCredentialsException</code> (defaults to <code>true</code>)
@@ -317,8 +303,7 @@ public abstract class AbstractUserDetailsAuthenticationProvider implements
 	}
 
 	public boolean supports(Class<?> authentication) {
-		return (UsernamePasswordAuthenticationToken.class
-				.isAssignableFrom(authentication));
+		return (UsernamePasswordAuthenticationToken.class.isAssignableFrom(authentication));
 	}
 
 	protected UserDetailsChecker getPreAuthenticationChecks() {
@@ -328,7 +313,6 @@ public abstract class AbstractUserDetailsAuthenticationProvider implements
 	/**
 	 * Sets the policy will be used to verify the status of the loaded
 	 * <tt>UserDetails</tt> <em>before</em> validation of the credentials takes place.
-	 *
 	 * @param preAuthenticationChecks strategy to be invoked prior to authentication.
 	 */
 	public void setPreAuthenticationChecks(UserDetailsChecker preAuthenticationChecks) {
@@ -348,42 +332,44 @@ public abstract class AbstractUserDetailsAuthenticationProvider implements
 	}
 
 	private class DefaultPreAuthenticationChecks implements UserDetailsChecker {
+
 		public void check(UserDetails user) {
 			if (!user.isAccountNonLocked()) {
 				logger.debug("User account is locked");
 
-				throw new LockedException(messages.getMessage(
-						"AbstractUserDetailsAuthenticationProvider.locked",
+				throw new LockedException(messages.getMessage("AbstractUserDetailsAuthenticationProvider.locked",
 						"User account is locked"));
 			}
 
 			if (!user.isEnabled()) {
 				logger.debug("User account is disabled");
 
-				throw new DisabledException(messages.getMessage(
-						"AbstractUserDetailsAuthenticationProvider.disabled",
-						"User is disabled"));
+				throw new DisabledException(
+						messages.getMessage("AbstractUserDetailsAuthenticationProvider.disabled", "User is disabled"));
 			}
 
 			if (!user.isAccountNonExpired()) {
 				logger.debug("User account is expired");
 
-				throw new AccountExpiredException(messages.getMessage(
-						"AbstractUserDetailsAuthenticationProvider.expired",
-						"User account has expired"));
+				throw new AccountExpiredException(messages
+						.getMessage("AbstractUserDetailsAuthenticationProvider.expired", "User account has expired"));
 			}
 		}
+
 	}
 
 	private class DefaultPostAuthenticationChecks implements UserDetailsChecker {
+
 		public void check(UserDetails user) {
 			if (!user.isCredentialsNonExpired()) {
 				logger.debug("User account credentials have expired");
 
-				throw new CredentialsExpiredException(messages.getMessage(
-						"AbstractUserDetailsAuthenticationProvider.credentialsExpired",
-						"User credentials have expired"));
+				throw new CredentialsExpiredException(
+						messages.getMessage("AbstractUserDetailsAuthenticationProvider.credentialsExpired",
+								"User credentials have expired"));
 			}
 		}
+
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/authentication/dao/DaoAuthenticationProvider.java b/core/src/main/java/org/springframework/security/authentication/dao/DaoAuthenticationProvider.java
index 2771f9790a..f2a2b57769 100644
--- a/core/src/main/java/org/springframework/security/authentication/dao/DaoAuthenticationProvider.java
+++ b/core/src/main/java/org/springframework/security/authentication/dao/DaoAuthenticationProvider.java
@@ -38,13 +38,13 @@ import org.springframework.util.Assert;
  * @author Rob Winch
  */
 public class DaoAuthenticationProvider extends AbstractUserDetailsAuthenticationProvider {
+
 	// ~ Static fields/initializers
 	// =====================================================================================
 
 	/**
-	 * The plaintext password used to perform
-	 * PasswordEncoder#matches(CharSequence, String)}  on when the user is
-	 * not found to avoid SEC-2056.
+	 * The plaintext password used to perform PasswordEncoder#matches(CharSequence,
+	 * String)} on when the user is not found to avoid SEC-2056.
 	 */
 	private static final String USER_NOT_FOUND_PASSWORD = "userNotFoundPassword";
 
@@ -54,9 +54,8 @@ public class DaoAuthenticationProvider extends AbstractUserDetailsAuthentication
 	private PasswordEncoder passwordEncoder;
 
 	/**
-	 * The password used to perform
-	 * {@link PasswordEncoder#matches(CharSequence, String)} on when the user is
-	 * not found to avoid SEC-2056. This is necessary, because some
+	 * The password used to perform {@link PasswordEncoder#matches(CharSequence, String)}
+	 * on when the user is not found to avoid SEC-2056. This is necessary, because some
 	 * {@link PasswordEncoder} implementations will short circuit if the password is not
 	 * in a valid format.
 	 */
@@ -75,14 +74,12 @@ public class DaoAuthenticationProvider extends AbstractUserDetailsAuthentication
 
 	@SuppressWarnings("deprecation")
 	protected void additionalAuthenticationChecks(UserDetails userDetails,
-			UsernamePasswordAuthenticationToken authentication)
-			throws AuthenticationException {
+			UsernamePasswordAuthenticationToken authentication) throws AuthenticationException {
 		if (authentication.getCredentials() == null) {
 			logger.debug("Authentication failed: no credentials provided");
 
-			throw new BadCredentialsException(messages.getMessage(
-					"AbstractUserDetailsAuthenticationProvider.badCredentials",
-					"Bad credentials"));
+			throw new BadCredentialsException(
+					messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
 		}
 
 		String presentedPassword = authentication.getCredentials().toString();
@@ -90,9 +87,8 @@ public class DaoAuthenticationProvider extends AbstractUserDetailsAuthentication
 		if (!passwordEncoder.matches(presentedPassword, userDetails.getPassword())) {
 			logger.debug("Authentication failed: password does not match stored value");
 
-			throw new BadCredentialsException(messages.getMessage(
-					"AbstractUserDetailsAuthenticationProvider.badCredentials",
-					"Bad credentials"));
+			throw new BadCredentialsException(
+					messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
 		}
 	}
 
@@ -100,8 +96,7 @@ public class DaoAuthenticationProvider extends AbstractUserDetailsAuthentication
 		Assert.notNull(this.userDetailsService, "A UserDetailsService must be set");
 	}
 
-	protected final UserDetails retrieveUser(String username,
-			UsernamePasswordAuthenticationToken authentication)
+	protected final UserDetails retrieveUser(String username, UsernamePasswordAuthenticationToken authentication)
 			throws AuthenticationException {
 		prepareTimingAttackProtection();
 		try {
@@ -125,8 +120,8 @@ public class DaoAuthenticationProvider extends AbstractUserDetailsAuthentication
 	}
 
 	@Override
-	protected Authentication createSuccessAuthentication(Object principal,
-			Authentication authentication, UserDetails user) {
+	protected Authentication createSuccessAuthentication(Object principal, Authentication authentication,
+			UserDetails user) {
 		boolean upgradeEncoding = this.userDetailsPasswordService != null
 				&& this.passwordEncoder.upgradeEncoding(user.getPassword());
 		if (upgradeEncoding) {
@@ -152,8 +147,8 @@ public class DaoAuthenticationProvider extends AbstractUserDetailsAuthentication
 
 	/**
 	 * Sets the PasswordEncoder instance to be used to encode and validate passwords. If
-	 * not set, the password will be compared using {@link PasswordEncoderFactories#createDelegatingPasswordEncoder()}
-	 *
+	 * not set, the password will be compared using
+	 * {@link PasswordEncoderFactories#createDelegatingPasswordEncoder()}
 	 * @param passwordEncoder must be an instance of one of the {@code PasswordEncoder}
 	 * types.
 	 */
@@ -175,8 +170,8 @@ public class DaoAuthenticationProvider extends AbstractUserDetailsAuthentication
 		return userDetailsService;
 	}
 
-	public void setUserDetailsPasswordService(
-			UserDetailsPasswordService userDetailsPasswordService) {
+	public void setUserDetailsPasswordService(UserDetailsPasswordService userDetailsPasswordService) {
 		this.userDetailsPasswordService = userDetailsPasswordService;
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/authentication/dao/package-info.java b/core/src/main/java/org/springframework/security/authentication/dao/package-info.java
index a171b83750..1eaaf2baec 100644
--- a/core/src/main/java/org/springframework/security/authentication/dao/package-info.java
+++ b/core/src/main/java/org/springframework/security/authentication/dao/package-info.java
@@ -17,4 +17,3 @@
  * An {@code AuthenticationProvider} which relies upon a data access object.
  */
 package org.springframework.security.authentication.dao;
-
diff --git a/core/src/main/java/org/springframework/security/authentication/event/AbstractAuthenticationEvent.java b/core/src/main/java/org/springframework/security/authentication/event/AbstractAuthenticationEvent.java
index 3102a7f688..4c6975d322 100644
--- a/core/src/main/java/org/springframework/security/authentication/event/AbstractAuthenticationEvent.java
+++ b/core/src/main/java/org/springframework/security/authentication/event/AbstractAuthenticationEvent.java
@@ -30,6 +30,7 @@ import org.springframework.context.ApplicationEvent;
  * @author Ben Alex
  */
 public abstract class AbstractAuthenticationEvent extends ApplicationEvent {
+
 	// ~ Constructors
 	// ===================================================================================================
 
@@ -43,10 +44,10 @@ public abstract class AbstractAuthenticationEvent extends ApplicationEvent {
 	/**
 	 * Getters for the <code>Authentication</code> request that caused the event. Also
 	 * available from <code>super.getSource()</code>.
-	 *
 	 * @return the authentication request
 	 */
 	public Authentication getAuthentication() {
 		return (Authentication) super.getSource();
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/authentication/event/AbstractAuthenticationFailureEvent.java b/core/src/main/java/org/springframework/security/authentication/event/AbstractAuthenticationFailureEvent.java
index 74dec87a9e..906ee2a3d9 100644
--- a/core/src/main/java/org/springframework/security/authentication/event/AbstractAuthenticationFailureEvent.java
+++ b/core/src/main/java/org/springframework/security/authentication/event/AbstractAuthenticationFailureEvent.java
@@ -26,8 +26,8 @@ import org.springframework.util.Assert;
  *
  * @author Ben Alex
  */
-public abstract class AbstractAuthenticationFailureEvent extends
-		AbstractAuthenticationEvent {
+public abstract class AbstractAuthenticationFailureEvent extends AbstractAuthenticationEvent {
+
 	// ~ Instance fields
 	// ================================================================================================
 
@@ -36,8 +36,7 @@ public abstract class AbstractAuthenticationFailureEvent extends
 	// ~ Constructors
 	// ===================================================================================================
 
-	public AbstractAuthenticationFailureEvent(Authentication authentication,
-			AuthenticationException exception) {
+	public AbstractAuthenticationFailureEvent(Authentication authentication, AuthenticationException exception) {
 		super(authentication);
 		Assert.notNull(exception, "AuthenticationException is required");
 		this.exception = exception;
@@ -49,4 +48,5 @@ public abstract class AbstractAuthenticationFailureEvent extends
 	public AuthenticationException getException() {
 		return exception;
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/authentication/event/AuthenticationFailureBadCredentialsEvent.java b/core/src/main/java/org/springframework/security/authentication/event/AuthenticationFailureBadCredentialsEvent.java
index c1edd6f79a..2d895f88c9 100644
--- a/core/src/main/java/org/springframework/security/authentication/event/AuthenticationFailureBadCredentialsEvent.java
+++ b/core/src/main/java/org/springframework/security/authentication/event/AuthenticationFailureBadCredentialsEvent.java
@@ -25,13 +25,13 @@ import org.springframework.security.core.AuthenticationException;
  *
  * @author Ben Alex
  */
-public class AuthenticationFailureBadCredentialsEvent extends
-		AbstractAuthenticationFailureEvent {
+public class AuthenticationFailureBadCredentialsEvent extends AbstractAuthenticationFailureEvent {
+
 	// ~ Constructors
 	// ===================================================================================================
 
-	public AuthenticationFailureBadCredentialsEvent(Authentication authentication,
-			AuthenticationException exception) {
+	public AuthenticationFailureBadCredentialsEvent(Authentication authentication, AuthenticationException exception) {
 		super(authentication, exception);
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/authentication/event/AuthenticationFailureCredentialsExpiredEvent.java b/core/src/main/java/org/springframework/security/authentication/event/AuthenticationFailureCredentialsExpiredEvent.java
index 2414f05ae9..f9e3c20c52 100644
--- a/core/src/main/java/org/springframework/security/authentication/event/AuthenticationFailureCredentialsExpiredEvent.java
+++ b/core/src/main/java/org/springframework/security/authentication/event/AuthenticationFailureCredentialsExpiredEvent.java
@@ -25,8 +25,8 @@ import org.springframework.security.core.AuthenticationException;
  *
  * @author Ben Alex
  */
-public class AuthenticationFailureCredentialsExpiredEvent extends
-		AbstractAuthenticationFailureEvent {
+public class AuthenticationFailureCredentialsExpiredEvent extends AbstractAuthenticationFailureEvent {
+
 	// ~ Constructors
 	// ===================================================================================================
 
@@ -34,4 +34,5 @@ public class AuthenticationFailureCredentialsExpiredEvent extends
 			AuthenticationException exception) {
 		super(authentication, exception);
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/authentication/event/AuthenticationFailureDisabledEvent.java b/core/src/main/java/org/springframework/security/authentication/event/AuthenticationFailureDisabledEvent.java
index d9a8dd22c1..12bd98bf2a 100644
--- a/core/src/main/java/org/springframework/security/authentication/event/AuthenticationFailureDisabledEvent.java
+++ b/core/src/main/java/org/springframework/security/authentication/event/AuthenticationFailureDisabledEvent.java
@@ -25,13 +25,13 @@ import org.springframework.security.core.AuthenticationException;
  *
  * @author Ben Alex
  */
-public class AuthenticationFailureDisabledEvent extends
-		AbstractAuthenticationFailureEvent {
+public class AuthenticationFailureDisabledEvent extends AbstractAuthenticationFailureEvent {
+
 	// ~ Constructors
 	// ===================================================================================================
 
-	public AuthenticationFailureDisabledEvent(Authentication authentication,
-			AuthenticationException exception) {
+	public AuthenticationFailureDisabledEvent(Authentication authentication, AuthenticationException exception) {
 		super(authentication, exception);
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/authentication/event/AuthenticationFailureExpiredEvent.java b/core/src/main/java/org/springframework/security/authentication/event/AuthenticationFailureExpiredEvent.java
index e95bcf3eae..c0c00a8321 100644
--- a/core/src/main/java/org/springframework/security/authentication/event/AuthenticationFailureExpiredEvent.java
+++ b/core/src/main/java/org/springframework/security/authentication/event/AuthenticationFailureExpiredEvent.java
@@ -26,11 +26,12 @@ import org.springframework.security.core.AuthenticationException;
  * @author Ben Alex
  */
 public class AuthenticationFailureExpiredEvent extends AbstractAuthenticationFailureEvent {
+
 	// ~ Constructors
 	// ===================================================================================================
 
-	public AuthenticationFailureExpiredEvent(Authentication authentication,
-			AuthenticationException exception) {
+	public AuthenticationFailureExpiredEvent(Authentication authentication, AuthenticationException exception) {
 		super(authentication, exception);
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/authentication/event/AuthenticationFailureLockedEvent.java b/core/src/main/java/org/springframework/security/authentication/event/AuthenticationFailureLockedEvent.java
index 0e0e88b6a7..b4a63f5257 100644
--- a/core/src/main/java/org/springframework/security/authentication/event/AuthenticationFailureLockedEvent.java
+++ b/core/src/main/java/org/springframework/security/authentication/event/AuthenticationFailureLockedEvent.java
@@ -26,11 +26,12 @@ import org.springframework.security.core.AuthenticationException;
  * @author Ben Alex
  */
 public class AuthenticationFailureLockedEvent extends AbstractAuthenticationFailureEvent {
+
 	// ~ Constructors
 	// ===================================================================================================
 
-	public AuthenticationFailureLockedEvent(Authentication authentication,
-			AuthenticationException exception) {
+	public AuthenticationFailureLockedEvent(Authentication authentication, AuthenticationException exception) {
 		super(authentication, exception);
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/authentication/event/AuthenticationFailureProviderNotFoundEvent.java b/core/src/main/java/org/springframework/security/authentication/event/AuthenticationFailureProviderNotFoundEvent.java
index e3e9f2d818..86e84c819c 100644
--- a/core/src/main/java/org/springframework/security/authentication/event/AuthenticationFailureProviderNotFoundEvent.java
+++ b/core/src/main/java/org/springframework/security/authentication/event/AuthenticationFailureProviderNotFoundEvent.java
@@ -25,8 +25,8 @@ import org.springframework.security.core.AuthenticationException;
  *
  * @author Ben Alex
  */
-public class AuthenticationFailureProviderNotFoundEvent extends
-		AbstractAuthenticationFailureEvent {
+public class AuthenticationFailureProviderNotFoundEvent extends AbstractAuthenticationFailureEvent {
+
 	// ~ Constructors
 	// ===================================================================================================
 
@@ -34,4 +34,5 @@ public class AuthenticationFailureProviderNotFoundEvent extends
 			AuthenticationException exception) {
 		super(authentication, exception);
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/authentication/event/AuthenticationFailureProxyUntrustedEvent.java b/core/src/main/java/org/springframework/security/authentication/event/AuthenticationFailureProxyUntrustedEvent.java
index 667076bc06..c64fdc3d85 100644
--- a/core/src/main/java/org/springframework/security/authentication/event/AuthenticationFailureProxyUntrustedEvent.java
+++ b/core/src/main/java/org/springframework/security/authentication/event/AuthenticationFailureProxyUntrustedEvent.java
@@ -25,13 +25,13 @@ import org.springframework.security.core.AuthenticationException;
  *
  * @author Ben Alex
  */
-public class AuthenticationFailureProxyUntrustedEvent extends
-		AbstractAuthenticationFailureEvent {
+public class AuthenticationFailureProxyUntrustedEvent extends AbstractAuthenticationFailureEvent {
+
 	// ~ Constructors
 	// ===================================================================================================
 
-	public AuthenticationFailureProxyUntrustedEvent(Authentication authentication,
-			AuthenticationException exception) {
+	public AuthenticationFailureProxyUntrustedEvent(Authentication authentication, AuthenticationException exception) {
 		super(authentication, exception);
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/authentication/event/AuthenticationFailureServiceExceptionEvent.java b/core/src/main/java/org/springframework/security/authentication/event/AuthenticationFailureServiceExceptionEvent.java
index 52869e5357..565d022d87 100644
--- a/core/src/main/java/org/springframework/security/authentication/event/AuthenticationFailureServiceExceptionEvent.java
+++ b/core/src/main/java/org/springframework/security/authentication/event/AuthenticationFailureServiceExceptionEvent.java
@@ -25,8 +25,8 @@ import org.springframework.security.core.AuthenticationException;
  *
  * @author Ben Alex
  */
-public class AuthenticationFailureServiceExceptionEvent extends
-		AbstractAuthenticationFailureEvent {
+public class AuthenticationFailureServiceExceptionEvent extends AbstractAuthenticationFailureEvent {
+
 	// ~ Constructors
 	// ===================================================================================================
 
@@ -34,4 +34,5 @@ public class AuthenticationFailureServiceExceptionEvent extends
 			AuthenticationException exception) {
 		super(authentication, exception);
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/authentication/event/AuthenticationSuccessEvent.java b/core/src/main/java/org/springframework/security/authentication/event/AuthenticationSuccessEvent.java
index 67a7b18f11..6eafa52c9e 100644
--- a/core/src/main/java/org/springframework/security/authentication/event/AuthenticationSuccessEvent.java
+++ b/core/src/main/java/org/springframework/security/authentication/event/AuthenticationSuccessEvent.java
@@ -24,10 +24,12 @@ import org.springframework.security.core.Authentication;
  * @author Ben Alex
  */
 public class AuthenticationSuccessEvent extends AbstractAuthenticationEvent {
+
 	// ~ Constructors
 	// ===================================================================================================
 
 	public AuthenticationSuccessEvent(Authentication authentication) {
 		super(authentication);
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/authentication/event/InteractiveAuthenticationSuccessEvent.java b/core/src/main/java/org/springframework/security/authentication/event/InteractiveAuthenticationSuccessEvent.java
index db60e208f7..d73b49a4b7 100644
--- a/core/src/main/java/org/springframework/security/authentication/event/InteractiveAuthenticationSuccessEvent.java
+++ b/core/src/main/java/org/springframework/security/authentication/event/InteractiveAuthenticationSuccessEvent.java
@@ -34,6 +34,7 @@ import org.springframework.util.Assert;
  * @author Ben Alex
  */
 public class InteractiveAuthenticationSuccessEvent extends AbstractAuthenticationEvent {
+
 	// ~ Instance fields
 	// ================================================================================================
 
@@ -42,8 +43,7 @@ public class InteractiveAuthenticationSuccessEvent extends AbstractAuthenticatio
 	// ~ Constructors
 	// ===================================================================================================
 
-	public InteractiveAuthenticationSuccessEvent(Authentication authentication,
-			Class<?> generatedBy) {
+	public InteractiveAuthenticationSuccessEvent(Authentication authentication, Class<?> generatedBy) {
 		super(authentication);
 		Assert.notNull(generatedBy, "generatedBy cannot be null");
 		this.generatedBy = generatedBy;
@@ -55,10 +55,10 @@ public class InteractiveAuthenticationSuccessEvent extends AbstractAuthenticatio
 	/**
 	 * Getter for the <code>Class</code> that generated this event. This can be useful for
 	 * generating additional logging information.
-	 *
 	 * @return the class
 	 */
 	public Class<?> getGeneratedBy() {
 		return generatedBy;
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/authentication/event/LoggerListener.java b/core/src/main/java/org/springframework/security/authentication/event/LoggerListener.java
index 0d23755dea..8332e48999 100644
--- a/core/src/main/java/org/springframework/security/authentication/event/LoggerListener.java
+++ b/core/src/main/java/org/springframework/security/authentication/event/LoggerListener.java
@@ -29,6 +29,7 @@ import org.springframework.util.ClassUtils;
  * @author Ben Alex
  */
 public class LoggerListener implements ApplicationListener<AbstractAuthenticationEvent> {
+
 	// ~ Static fields/initializers
 	// =====================================================================================
 
@@ -44,8 +45,7 @@ public class LoggerListener implements ApplicationListener<AbstractAuthenticatio
 	// ========================================================================================================
 
 	public void onApplicationEvent(AbstractAuthenticationEvent event) {
-		if (!logInteractiveAuthenticationSuccessEvents
-				&& event instanceof InteractiveAuthenticationSuccessEvent) {
+		if (!logInteractiveAuthenticationSuccessEvents && event instanceof InteractiveAuthenticationSuccessEvent) {
 			return;
 		}
 
@@ -60,8 +60,7 @@ public class LoggerListener implements ApplicationListener<AbstractAuthenticatio
 
 			if (event instanceof AbstractAuthenticationFailureEvent) {
 				builder.append("; exception: ");
-				builder.append(((AbstractAuthenticationFailureEvent) event)
-						.getException().getMessage());
+				builder.append(((AbstractAuthenticationFailureEvent) event).getException().getMessage());
 			}
 
 			logger.warn(builder.toString());
@@ -72,8 +71,8 @@ public class LoggerListener implements ApplicationListener<AbstractAuthenticatio
 		return logInteractiveAuthenticationSuccessEvents;
 	}
 
-	public void setLogInteractiveAuthenticationSuccessEvents(
-			boolean logInteractiveAuthenticationSuccessEvents) {
+	public void setLogInteractiveAuthenticationSuccessEvents(boolean logInteractiveAuthenticationSuccessEvents) {
 		this.logInteractiveAuthenticationSuccessEvents = logInteractiveAuthenticationSuccessEvents;
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/authentication/event/package-info.java b/core/src/main/java/org/springframework/security/authentication/event/package-info.java
index 006bfe1fd9..ed2fe5d08f 100644
--- a/core/src/main/java/org/springframework/security/authentication/event/package-info.java
+++ b/core/src/main/java/org/springframework/security/authentication/event/package-info.java
@@ -14,11 +14,12 @@
  * limitations under the License.
  */
 /**
- * Authentication success and failure events which can be published to the Spring application context.
+ * Authentication success and failure events which can be published to the Spring
+ * application context.
  *
- * The <code>ProviderManager</code> automatically publishes events to the application context. These events are
- * received by all registered Spring <code>ApplicationListener</code>s.
+ * The <code>ProviderManager</code> automatically publishes events to the application
+ * context. These events are received by all registered Spring
+ * <code>ApplicationListener</code>s.
  */
 
 package org.springframework.security.authentication.event;
-
diff --git a/core/src/main/java/org/springframework/security/authentication/jaas/AbstractJaasAuthenticationProvider.java b/core/src/main/java/org/springframework/security/authentication/jaas/AbstractJaasAuthenticationProvider.java
index 54552a1e0f..532ceb2030 100644
--- a/core/src/main/java/org/springframework/security/authentication/jaas/AbstractJaasAuthenticationProvider.java
+++ b/core/src/main/java/org/springframework/security/authentication/jaas/AbstractJaasAuthenticationProvider.java
@@ -64,8 +64,8 @@ import org.springframework.util.ObjectUtils;
  *
  * <p>
  * When using JAAS login modules as the authentication source, sometimes the <a href=
- * "https://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/login/LoginContext.html" >
- * LoginContext</a> will require <i>CallbackHandler</i>s. The
+ * "https://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/login/LoginContext.html"
+ * > LoginContext</a> will require <i>CallbackHandler</i>s. The
  * AbstractJaasAuthenticationProvider uses an internal <a href=
  * "https://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/callback/CallbackHandler.html"
  * >CallbackHandler </a> to wrap the {@link JaasAuthenticationCallbackHandler}s configured
@@ -113,17 +113,22 @@ import org.springframework.util.ObjectUtils;
  * @author Ray Krueger
  * @author Rob Winch
  */
-public abstract class AbstractJaasAuthenticationProvider
-		implements AuthenticationProvider, ApplicationEventPublisherAware,
-		InitializingBean, ApplicationListener<SessionDestroyedEvent> {
+public abstract class AbstractJaasAuthenticationProvider implements AuthenticationProvider,
+		ApplicationEventPublisherAware, InitializingBean, ApplicationListener<SessionDestroyedEvent> {
+
 	// ~ Instance fields
 	// ================================================================================================
 
 	private ApplicationEventPublisher applicationEventPublisher;
+
 	private AuthorityGranter[] authorityGranters;
+
 	private JaasAuthenticationCallbackHandler[] callbackHandlers;
+
 	protected final Log log = LogFactory.getLog(getClass());
+
 	private LoginExceptionResolver loginExceptionResolver = new DefaultLoginExceptionResolver();
+
 	private String loginContextName = "SPRINGSECURITY";
 
 	// ~ Methods
@@ -136,33 +141,26 @@ public abstract class AbstractJaasAuthenticationProvider
 	 * {@link JaasPasswordCallbackHandler}.
 	 */
 	public void afterPropertiesSet() throws Exception {
-		Assert.hasLength(this.loginContextName,
-				"loginContextName cannot be null or empty");
-		Assert.notEmpty(this.authorityGranters,
-				"authorityGranters cannot be null or empty");
+		Assert.hasLength(this.loginContextName, "loginContextName cannot be null or empty");
+		Assert.notEmpty(this.authorityGranters, "authorityGranters cannot be null or empty");
 		if (ObjectUtils.isEmpty(this.callbackHandlers)) {
-			setCallbackHandlers(new JaasAuthenticationCallbackHandler[] {
-					new JaasNameCallbackHandler(), new JaasPasswordCallbackHandler() });
+			setCallbackHandlers(new JaasAuthenticationCallbackHandler[] { new JaasNameCallbackHandler(),
+					new JaasPasswordCallbackHandler() });
 		}
-		Assert.notNull(this.loginExceptionResolver,
-				"loginExceptionResolver cannot be null");
+		Assert.notNull(this.loginExceptionResolver, "loginExceptionResolver cannot be null");
 	}
 
 	/**
 	 * Attempts to login the user given the Authentication objects principal and
 	 * credential
-	 *
 	 * @param auth The Authentication object to be authenticated.
-	 *
 	 * @return The authenticated Authentication object, with it's grantedAuthorities set.
-	 *
 	 * @throws AuthenticationException This implementation does not handle 'locked' or
 	 * 'disabled' accounts. This method only throws a AuthenticationServiceException, with
 	 * the message of the LoginException that will be thrown, should the
 	 * loginContext.login() method fail.
 	 */
-	public Authentication authenticate(Authentication auth)
-			throws AuthenticationException {
+	public Authentication authenticate(Authentication auth) throws AuthenticationException {
 		if (!(auth instanceof UsernamePasswordAuthenticationToken)) {
 			return null;
 		}
@@ -172,8 +170,7 @@ public abstract class AbstractJaasAuthenticationProvider
 
 		try {
 			// Create the LoginContext object, and pass our InternallCallbackHandler
-			LoginContext loginContext = createLoginContext(
-					new InternalCallbackHandler(auth));
+			LoginContext loginContext = createLoginContext(new InternalCallbackHandler(auth));
 
 			// Attempt to login the user, the LoginContext will call our
 			// InternalCallbackHandler at this point.
@@ -201,9 +198,8 @@ public abstract class AbstractJaasAuthenticationProvider
 			}
 
 			// Convert the authorities set back to an array and apply it to the token.
-			JaasAuthenticationToken result = new JaasAuthenticationToken(
-					request.getPrincipal(), request.getCredentials(),
-					new ArrayList<>(authorities), loginContext);
+			JaasAuthenticationToken result = new JaasAuthenticationToken(request.getPrincipal(),
+					request.getCredentials(), new ArrayList<>(authorities), loginContext);
 
 			// Publish the success event
 			publishSuccessEvent(result);
@@ -213,8 +209,7 @@ public abstract class AbstractJaasAuthenticationProvider
 
 		}
 		catch (LoginException loginException) {
-			AuthenticationException ase = this.loginExceptionResolver
-					.resolveException(loginException);
+			AuthenticationException ase = this.loginExceptionResolver.resolveException(loginException);
 
 			publishFailureEvent(request, ase);
 			throw ase;
@@ -223,21 +218,17 @@ public abstract class AbstractJaasAuthenticationProvider
 
 	/**
 	 * Creates the LoginContext to be used for authentication.
-	 *
 	 * @param handler The CallbackHandler that should be used for the LoginContext (never
 	 * <code>null</code>).
 	 * @return the LoginContext to use for authentication.
 	 * @throws LoginException
 	 */
-	protected abstract LoginContext createLoginContext(CallbackHandler handler)
-			throws LoginException;
+	protected abstract LoginContext createLoginContext(CallbackHandler handler) throws LoginException;
 
 	/**
 	 * Handles the logout by getting the security contexts for the destroyed session and
 	 * invoking {@code LoginContext.logout()} for any which contain a
 	 * {@code JaasAuthenticationToken}.
-	 *
-	 *
 	 * @param event the session event which contains the current session
 	 */
 	protected void handleLogout(SessionDestroyedEvent event) {
@@ -260,14 +251,12 @@ public abstract class AbstractJaasAuthenticationProvider
 					boolean debug = this.log.isDebugEnabled();
 					if (loginContext != null) {
 						if (debug) {
-							this.log.debug("Logging principal: [" + token.getPrincipal()
-									+ "] out of LoginContext");
+							this.log.debug("Logging principal: [" + token.getPrincipal() + "] out of LoginContext");
 						}
 						loginContext.logout();
 					}
 					else if (debug) {
-						this.log.debug("Cannot logout principal: [" + token.getPrincipal()
-								+ "] from LoginContext. "
+						this.log.debug("Cannot logout principal: [" + token.getPrincipal() + "] from LoginContext. "
 								+ "The LoginContext is unavailable");
 					}
 				}
@@ -285,28 +274,23 @@ public abstract class AbstractJaasAuthenticationProvider
 	/**
 	 * Publishes the {@link JaasAuthenticationFailedEvent}. Can be overridden by
 	 * subclasses for different functionality
-	 *
 	 * @param token The authentication token being processed
 	 * @param ase The excetion that caused the authentication failure
 	 */
-	protected void publishFailureEvent(UsernamePasswordAuthenticationToken token,
-			AuthenticationException ase) {
+	protected void publishFailureEvent(UsernamePasswordAuthenticationToken token, AuthenticationException ase) {
 		if (this.applicationEventPublisher != null) {
-			this.applicationEventPublisher
-					.publishEvent(new JaasAuthenticationFailedEvent(token, ase));
+			this.applicationEventPublisher.publishEvent(new JaasAuthenticationFailedEvent(token, ase));
 		}
 	}
 
 	/**
 	 * Publishes the {@link JaasAuthenticationSuccessEvent}. Can be overridden by
 	 * subclasses for different functionality.
-	 *
 	 * @param token The token being processed
 	 */
 	protected void publishSuccessEvent(UsernamePasswordAuthenticationToken token) {
 		if (this.applicationEventPublisher != null) {
-			this.applicationEventPublisher
-					.publishEvent(new JaasAuthenticationSuccessEvent(token));
+			this.applicationEventPublisher.publishEvent(new JaasAuthenticationSuccessEvent(token));
 		}
 	}
 
@@ -314,7 +298,6 @@ public abstract class AbstractJaasAuthenticationProvider
 	 * Returns the AuthorityGrannter array that was passed to the
 	 * {@link #setAuthorityGranters(AuthorityGranter[])} method, or null if it none were
 	 * ever set.
-	 *
 	 * @return The AuthorityGranter array, or null
 	 *
 	 * @see #setAuthorityGranters(AuthorityGranter[])
@@ -326,7 +309,6 @@ public abstract class AbstractJaasAuthenticationProvider
 	/**
 	 * Set the AuthorityGranters that should be consulted for role names to be granted to
 	 * the Authentication.
-	 *
 	 * @param authorityGranters AuthorityGranter array
 	 *
 	 * @see JaasAuthenticationProvider
@@ -338,7 +320,6 @@ public abstract class AbstractJaasAuthenticationProvider
 	/**
 	 * Returns the current JaasAuthenticationCallbackHandler array, or null if none are
 	 * set.
-	 *
 	 * @return the JAASAuthenticationCallbackHandlers.
 	 *
 	 * @see #setCallbackHandlers(JaasAuthenticationCallbackHandler[])
@@ -350,11 +331,9 @@ public abstract class AbstractJaasAuthenticationProvider
 	/**
 	 * Set the JAASAuthentcationCallbackHandler array to handle callback objects generated
 	 * by the LoginContext.login method.
-	 *
 	 * @param callbackHandlers Array of JAASAuthenticationCallbackHandlers
 	 */
-	public void setCallbackHandlers(
-			JaasAuthenticationCallbackHandler[] callbackHandlers) {
+	public void setCallbackHandlers(JaasAuthenticationCallbackHandler[] callbackHandlers) {
 		this.callbackHandlers = callbackHandlers;
 	}
 
@@ -365,7 +344,6 @@ public abstract class AbstractJaasAuthenticationProvider
 	/**
 	 * Set the loginContextName, this name is used as the index to the configuration
 	 * specified in the loginConfig property.
-	 *
 	 * @param loginContextName
 	 */
 	public void setLoginContextName(String loginContextName) {
@@ -384,8 +362,7 @@ public abstract class AbstractJaasAuthenticationProvider
 		return UsernamePasswordAuthenticationToken.class.isAssignableFrom(aClass);
 	}
 
-	public void setApplicationEventPublisher(
-			ApplicationEventPublisher applicationEventPublisher) {
+	public void setApplicationEventPublisher(ApplicationEventPublisher applicationEventPublisher) {
 		this.applicationEventPublisher = applicationEventPublisher;
 	}
 
@@ -400,19 +377,21 @@ public abstract class AbstractJaasAuthenticationProvider
 	 * Wrapper class for JAASAuthenticationCallbackHandlers
 	 */
 	private class InternalCallbackHandler implements CallbackHandler {
+
 		private final Authentication authentication;
 
 		InternalCallbackHandler(Authentication authentication) {
 			this.authentication = authentication;
 		}
 
-		public void handle(Callback[] callbacks)
-				throws IOException, UnsupportedCallbackException {
+		public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
 			for (JaasAuthenticationCallbackHandler handler : AbstractJaasAuthenticationProvider.this.callbackHandlers) {
 				for (Callback callback : callbacks) {
 					handler.handle(callback, this.authentication);
 				}
 			}
 		}
+
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/authentication/jaas/AuthorityGranter.java b/core/src/main/java/org/springframework/security/authentication/jaas/AuthorityGranter.java
index f0eb9f1440..14f0961d8e 100644
--- a/core/src/main/java/org/springframework/security/authentication/jaas/AuthorityGranter.java
+++ b/core/src/main/java/org/springframework/security/authentication/jaas/AuthorityGranter.java
@@ -30,6 +30,7 @@ import java.util.Set;
  * @author Ray Krueger
  */
 public interface AuthorityGranter {
+
 	// ~ Methods
 	// ========================================================================================================
 
@@ -41,12 +42,11 @@ public interface AuthorityGranter {
 	 * <p>
 	 * The set may contain any object as all objects in the returned set will be passed to
 	 * the JaasGrantedAuthority constructor using toString().
-	 *
 	 * @param principal One of the principals from the
 	 * LoginContext.getSubect().getPrincipals() method.
-	 *
 	 * @return the role names to grant, or null, meaning no roles should be granted to the
 	 * principal.
 	 */
 	Set<String> grant(Principal principal);
+
 }
diff --git a/core/src/main/java/org/springframework/security/authentication/jaas/DefaultJaasAuthenticationProvider.java b/core/src/main/java/org/springframework/security/authentication/jaas/DefaultJaasAuthenticationProvider.java
index 379a70c08b..8e865213ad 100644
--- a/core/src/main/java/org/springframework/security/authentication/jaas/DefaultJaasAuthenticationProvider.java
+++ b/core/src/main/java/org/springframework/security/authentication/jaas/DefaultJaasAuthenticationProvider.java
@@ -84,8 +84,8 @@ import org.springframework.util.Assert;
  * @see AbstractJaasAuthenticationProvider
  * @see InMemoryConfiguration
  */
-public class DefaultJaasAuthenticationProvider
-		extends AbstractJaasAuthenticationProvider {
+public class DefaultJaasAuthenticationProvider extends AbstractJaasAuthenticationProvider {
+
 	// ~ Instance fields
 	// ================================================================================================
 
@@ -105,8 +105,7 @@ public class DefaultJaasAuthenticationProvider
 	 * {@link #setConfiguration(Configuration)}.
 	 */
 	@Override
-	protected LoginContext createLoginContext(CallbackHandler handler)
-			throws LoginException {
+	protected LoginContext createLoginContext(CallbackHandler handler) throws LoginException {
 		return new LoginContext(getLoginContextName(), null, handler, getConfiguration());
 	}
 
@@ -116,11 +115,11 @@ public class DefaultJaasAuthenticationProvider
 
 	/**
 	 * Sets the Configuration to use for Authentication.
-	 *
 	 * @param configuration the Configuration that is used when
 	 * {@link #createLoginContext(CallbackHandler)} is called.
 	 */
 	public void setConfiguration(Configuration configuration) {
 		this.configuration = configuration;
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/authentication/jaas/DefaultLoginExceptionResolver.java b/core/src/main/java/org/springframework/security/authentication/jaas/DefaultLoginExceptionResolver.java
index 3f43cb325a..82d978dc3a 100644
--- a/core/src/main/java/org/springframework/security/authentication/jaas/DefaultLoginExceptionResolver.java
+++ b/core/src/main/java/org/springframework/security/authentication/jaas/DefaultLoginExceptionResolver.java
@@ -28,10 +28,12 @@ import javax.security.auth.login.LoginException;
  * @author Ray Krueger
  */
 public class DefaultLoginExceptionResolver implements LoginExceptionResolver {
+
 	// ~ Methods
 	// ========================================================================================================
 
 	public AuthenticationException resolveException(LoginException e) {
 		return new AuthenticationServiceException(e.getMessage(), e);
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/authentication/jaas/JaasAuthenticationCallbackHandler.java b/core/src/main/java/org/springframework/security/authentication/jaas/JaasAuthenticationCallbackHandler.java
index 070ba6599f..703ecb732c 100644
--- a/core/src/main/java/org/springframework/security/authentication/jaas/JaasAuthenticationCallbackHandler.java
+++ b/core/src/main/java/org/springframework/security/authentication/jaas/JaasAuthenticationCallbackHandler.java
@@ -26,8 +26,8 @@ import org.springframework.security.core.Authentication;
  * The JaasAuthenticationCallbackHandler is similar to the
  * javax.security.auth.callback.CallbackHandler interface in that it defines a handle
  * method. The JaasAuthenticationCallbackHandler is only asked to handle one Callback
- * instance at time rather than an array of all Callbacks, as the javax...
- * CallbackHandler defines.
+ * instance at time rather than an array of all Callbacks, as the javax... CallbackHandler
+ * defines.
  *
  * <p>
  * Before a JaasAuthenticationCallbackHandler is asked to 'handle' any callbacks, it is
@@ -36,16 +36,16 @@ import org.springframework.security.core.Authentication;
  * </p>
  *
  * @author Ray Krueger
- *
  * @see JaasNameCallbackHandler
  * @see JaasPasswordCallbackHandler
- * @see <a
- * href="https://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/Callback.html">Callback</a>
- * @see <a
- * href="https://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/CallbackHandler.html">
+ * @see <a href=
+ * "https://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/Callback.html">Callback</a>
+ * @see <a href=
+ * "https://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/CallbackHandler.html">
  * CallbackHandler</a>
  */
 public interface JaasAuthenticationCallbackHandler {
+
 	// ~ Methods
 	// ========================================================================================================
 
@@ -55,11 +55,10 @@ public interface JaasAuthenticationCallbackHandler {
 	 * >Callback</a>. The handle method will be called for every callback instance sent
 	 * from the LoginContext. Meaning that The handle method may be called multiple times
 	 * for a given JaasAuthenticationCallbackHandler.
-	 *
 	 * @param callback
 	 * @param auth The Authentication object currently being authenticated.
 	 *
 	 */
-	void handle(Callback callback, Authentication auth) throws IOException,
-			UnsupportedCallbackException;
+	void handle(Callback callback, Authentication auth) throws IOException, UnsupportedCallbackException;
+
 }
diff --git a/core/src/main/java/org/springframework/security/authentication/jaas/JaasAuthenticationProvider.java b/core/src/main/java/org/springframework/security/authentication/jaas/JaasAuthenticationProvider.java
index 34a3f231ee..4061a9216b 100644
--- a/core/src/main/java/org/springframework/security/authentication/jaas/JaasAuthenticationProvider.java
+++ b/core/src/main/java/org/springframework/security/authentication/jaas/JaasAuthenticationProvider.java
@@ -84,8 +84,8 @@ import org.springframework.util.Assert;
  *
  * <p>
  * When using JAAS login modules as the authentication source, sometimes the <a href=
- * "https://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/login/LoginContext.html" >
- * LoginContext</a> will require <i>CallbackHandler</i>s. The JaasAuthenticationProvider
+ * "https://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/login/LoginContext.html"
+ * > LoginContext</a> will require <i>CallbackHandler</i>s. The JaasAuthenticationProvider
  * uses an internal <a href=
  * "https://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/callback/CallbackHandler.html"
  * >CallbackHandler </a> to wrap the {@link JaasAuthenticationCallbackHandler}s configured
@@ -138,6 +138,7 @@ import org.springframework.util.Assert;
  * @author Rob Winch
  */
 public class JaasAuthenticationProvider extends AbstractJaasAuthenticationProvider {
+
 	// ~ Static fields/initializers
 	// =====================================================================================
 
@@ -148,6 +149,7 @@ public class JaasAuthenticationProvider extends AbstractJaasAuthenticationProvid
 	// ================================================================================================
 
 	private Resource loginConfig;
+
 	private boolean refreshConfigurationOnStartup = true;
 
 	// ~ Methods
@@ -157,10 +159,8 @@ public class JaasAuthenticationProvider extends AbstractJaasAuthenticationProvid
 	public void afterPropertiesSet() throws Exception {
 		// the superclass is not called because it does additional checks that are
 		// non-passive
-		Assert.hasLength(getLoginContextName(),
-				() -> "loginContextName must be set on " + getClass());
-		Assert.notNull(this.loginConfig,
-				() -> "loginConfig must be set on " + getClass());
+		Assert.hasLength(getLoginContextName(), () -> "loginContextName must be set on " + getClass());
+		Assert.notNull(this.loginConfig, () -> "loginConfig must be set on " + getClass());
 		configureJaas(this.loginConfig);
 
 		Assert.notNull(Configuration.getConfiguration(),
@@ -171,16 +171,13 @@ public class JaasAuthenticationProvider extends AbstractJaasAuthenticationProvid
 	}
 
 	@Override
-	protected LoginContext createLoginContext(CallbackHandler handler)
-			throws LoginException {
+	protected LoginContext createLoginContext(CallbackHandler handler) throws LoginException {
 		return new LoginContext(getLoginContextName(), handler);
 	}
 
 	/**
 	 * Hook method for configuring Jaas.
-	 *
 	 * @param loginConfig URL to Jaas login configuration
-	 *
 	 * @throws IOException if there is a problem reading the config resource.
 	 */
 	protected void configureJaas(Resource loginConfig) throws IOException {
@@ -227,8 +224,7 @@ public class JaasAuthenticationProvider extends AbstractJaasAuthenticationProvid
 		String loginConfigPath;
 
 		try {
-			loginConfigPath = this.loginConfig.getFile().getAbsolutePath()
-					.replace(File.separatorChar, '/');
+			loginConfigPath = this.loginConfig.getFile().getAbsolutePath().replace(File.separatorChar, '/');
 
 			if (!loginConfigPath.startsWith("/")) {
 				loginConfigPath = "/" + loginConfigPath;
@@ -245,16 +241,13 @@ public class JaasAuthenticationProvider extends AbstractJaasAuthenticationProvid
 	/**
 	 * Publishes the {@link JaasAuthenticationFailedEvent}. Can be overridden by
 	 * subclasses for different functionality
-	 *
 	 * @param token The authentication token being processed
 	 * @param ase The excetion that caused the authentication failure
 	 */
 	@Override
-	protected void publishFailureEvent(UsernamePasswordAuthenticationToken token,
-			AuthenticationException ase) {
+	protected void publishFailureEvent(UsernamePasswordAuthenticationToken token, AuthenticationException ase) {
 		// exists for passivity (the superclass does a null check before publishing)
-		getApplicationEventPublisher()
-				.publishEvent(new JaasAuthenticationFailedEvent(token, ase));
+		getApplicationEventPublisher().publishEvent(new JaasAuthenticationFailedEvent(token, ase));
 	}
 
 	public Resource getLoginConfig() {
@@ -263,7 +256,6 @@ public class JaasAuthenticationProvider extends AbstractJaasAuthenticationProvid
 
 	/**
 	 * Set the JAAS login configuration file.
-	 *
 	 * @param loginConfig
 	 *
 	 * @see <a href=
@@ -279,11 +271,11 @@ public class JaasAuthenticationProvider extends AbstractJaasAuthenticationProvid
 	 * {@code #configureJaas(Resource) } method. Defaults to {@code true}.
 	 *
 	 * @see <a href="https://jira.springsource.org/browse/SEC-1320">SEC-1320</a>
-	 *
 	 * @param refresh set to {@code false} to disable reloading of the configuration. May
 	 * be useful in some environments.
 	 */
 	public void setRefreshConfigurationOnStartup(boolean refresh) {
 		this.refreshConfigurationOnStartup = refresh;
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/authentication/jaas/JaasAuthenticationToken.java b/core/src/main/java/org/springframework/security/authentication/jaas/JaasAuthenticationToken.java
index ced47d245f..9bb3bcc5a9 100644
--- a/core/src/main/java/org/springframework/security/authentication/jaas/JaasAuthenticationToken.java
+++ b/core/src/main/java/org/springframework/security/authentication/jaas/JaasAuthenticationToken.java
@@ -42,14 +42,13 @@ public class JaasAuthenticationToken extends UsernamePasswordAuthenticationToken
 	// ~ Constructors
 	// ===================================================================================================
 
-	public JaasAuthenticationToken(Object principal, Object credentials,
-			LoginContext loginContext) {
+	public JaasAuthenticationToken(Object principal, Object credentials, LoginContext loginContext) {
 		super(principal, credentials);
 		this.loginContext = loginContext;
 	}
 
-	public JaasAuthenticationToken(Object principal, Object credentials,
-			List<GrantedAuthority> authorities, LoginContext loginContext) {
+	public JaasAuthenticationToken(Object principal, Object credentials, List<GrantedAuthority> authorities,
+			LoginContext loginContext) {
 		super(principal, credentials, authorities);
 		this.loginContext = loginContext;
 	}
@@ -60,4 +59,5 @@ public class JaasAuthenticationToken extends UsernamePasswordAuthenticationToken
 	public LoginContext getLoginContext() {
 		return loginContext;
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/authentication/jaas/JaasGrantedAuthority.java b/core/src/main/java/org/springframework/security/authentication/jaas/JaasGrantedAuthority.java
index d6fc0b9a4f..11998cf379 100644
--- a/core/src/main/java/org/springframework/security/authentication/jaas/JaasGrantedAuthority.java
+++ b/core/src/main/java/org/springframework/security/authentication/jaas/JaasGrantedAuthority.java
@@ -27,7 +27,6 @@ import java.security.Principal;
  * that an {@link AuthorityGranter} used as a reason to grant this authority.
  *
  * @author Ray Krueger
- *
  * @see AuthorityGranter
  */
 public final class JaasGrantedAuthority implements GrantedAuthority {
@@ -35,6 +34,7 @@ public final class JaasGrantedAuthority implements GrantedAuthority {
 	private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
 
 	private final String role;
+
 	private final Principal principal;
 
 	public JaasGrantedAuthority(String role, Principal principal) {
@@ -81,4 +81,5 @@ public final class JaasGrantedAuthority implements GrantedAuthority {
 	public String toString() {
 		return "Jaas Authority [" + role + "," + principal + "]";
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/authentication/jaas/JaasNameCallbackHandler.java b/core/src/main/java/org/springframework/security/authentication/jaas/JaasNameCallbackHandler.java
index 2a53197e64..40413bdfb1 100644
--- a/core/src/main/java/org/springframework/security/authentication/jaas/JaasNameCallbackHandler.java
+++ b/core/src/main/java/org/springframework/security/authentication/jaas/JaasNameCallbackHandler.java
@@ -28,13 +28,13 @@ import javax.security.auth.callback.NameCallback;
  * specifically tailored to handling the NameCallback. <br>
  *
  * @author Ray Krueger
- *
- * @see <a
- * href="https://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/Callback.html">Callback</a>
- * @see <a
- * href="https://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/NameCallback.html">NameCallback</a>
+ * @see <a href=
+ * "https://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/Callback.html">Callback</a>
+ * @see <a href=
+ * "https://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/NameCallback.html">NameCallback</a>
  */
 public class JaasNameCallbackHandler implements JaasAuthenticationCallbackHandler {
+
 	// ~ Methods
 	// ========================================================================================================
 
@@ -42,7 +42,6 @@ public class JaasNameCallbackHandler implements JaasAuthenticationCallbackHandle
 	 * If the callback passed to the 'handle' method is an instance of NameCallback, the
 	 * JaasNameCallbackHandler will call,
 	 * callback.setName(authentication.getPrincipal().toString()).
-	 *
 	 * @param callback
 	 * @param authentication
 	 *
@@ -64,4 +63,5 @@ public class JaasNameCallbackHandler implements JaasAuthenticationCallbackHandle
 			ncb.setName(username);
 		}
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/authentication/jaas/JaasPasswordCallbackHandler.java b/core/src/main/java/org/springframework/security/authentication/jaas/JaasPasswordCallbackHandler.java
index c42f392a57..4db830daaa 100644
--- a/core/src/main/java/org/springframework/security/authentication/jaas/JaasPasswordCallbackHandler.java
+++ b/core/src/main/java/org/springframework/security/authentication/jaas/JaasPasswordCallbackHandler.java
@@ -24,17 +24,18 @@ import javax.security.auth.callback.PasswordCallback;
 /**
  * The most basic Callbacks to be handled when using a LoginContext from JAAS, are the
  * NameCallback and PasswordCallback. Spring Security provides the
- * JaasPasswordCallbackHandler specifically tailored to handling the PasswordCallback. <br>
+ * JaasPasswordCallbackHandler specifically tailored to handling the PasswordCallback.
+ * <br>
  *
  * @author Ray Krueger
- *
- * @see <a
- * href="https://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/Callback.html">Callback</a>
- * @see <a
- * href="https://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/PasswordCallback.html">
+ * @see <a href=
+ * "https://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/Callback.html">Callback</a>
+ * @see <a href=
+ * "https://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/PasswordCallback.html">
  * PasswordCallback</a>
  */
 public class JaasPasswordCallbackHandler implements JaasAuthenticationCallbackHandler {
+
 	// ~ Methods
 	// ========================================================================================================
 
@@ -42,7 +43,6 @@ public class JaasPasswordCallbackHandler implements JaasAuthenticationCallbackHa
 	 * If the callback passed to the 'handle' method is an instance of PasswordCallback,
 	 * the JaasPasswordCallbackHandler will call,
 	 * callback.setPassword(authentication.getCredentials().toString()).
-	 *
 	 * @param callback
 	 * @param auth
 	 *
@@ -53,4 +53,5 @@ public class JaasPasswordCallbackHandler implements JaasAuthenticationCallbackHa
 			pc.setPassword(auth.getCredentials().toString().toCharArray());
 		}
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/authentication/jaas/LoginExceptionResolver.java b/core/src/main/java/org/springframework/security/authentication/jaas/LoginExceptionResolver.java
index 5fc36f4b3c..63d36985a9 100644
--- a/core/src/main/java/org/springframework/security/authentication/jaas/LoginExceptionResolver.java
+++ b/core/src/main/java/org/springframework/security/authentication/jaas/LoginExceptionResolver.java
@@ -31,16 +31,16 @@ import javax.security.auth.login.LoginException;
  * @author Ray Krueger
  */
 public interface LoginExceptionResolver {
+
 	// ~ Methods
 	// ========================================================================================================
 
 	/**
 	 * Translates a Jaas LoginException to an SpringSecurityException.
-	 *
 	 * @param e The LoginException thrown by the configured LoginModule.
-	 *
 	 * @return The AuthenticationException that the JaasAuthenticationProvider should
 	 * throw.
 	 */
 	AuthenticationException resolveException(LoginException e);
+
 }
diff --git a/core/src/main/java/org/springframework/security/authentication/jaas/SecurityContextLoginModule.java b/core/src/main/java/org/springframework/security/authentication/jaas/SecurityContextLoginModule.java
index 38756da657..14bc89cb7c 100644
--- a/core/src/main/java/org/springframework/security/authentication/jaas/SecurityContextLoginModule.java
+++ b/core/src/main/java/org/springframework/security/authentication/jaas/SecurityContextLoginModule.java
@@ -52,6 +52,7 @@ import javax.security.auth.spi.LoginModule;
  * @author Ray Krueger
  */
 public class SecurityContextLoginModule implements LoginModule {
+
 	// ~ Static fields/initializers
 	// =====================================================================================
 
@@ -61,7 +62,9 @@ public class SecurityContextLoginModule implements LoginModule {
 	// ================================================================================================
 
 	private Authentication authen;
+
 	private Subject subject;
+
 	private boolean ignoreMissingAuthentication = false;
 
 	// ~ Methods
@@ -70,10 +73,8 @@ public class SecurityContextLoginModule implements LoginModule {
 	/**
 	 * Abort the authentication process by forgetting the Spring Security
 	 * <code>Authentication</code>.
-	 *
 	 * @return true if this method succeeded, or false if this <code>LoginModule</code>
 	 * should be ignored.
-	 *
 	 * @exception LoginException if the abort fails
 	 */
 	public boolean abort() {
@@ -89,10 +90,8 @@ public class SecurityContextLoginModule implements LoginModule {
 	/**
 	 * Authenticate the <code>Subject</code> (phase two) by adding the Spring Security
 	 * <code>Authentication</code> to the <code>Subject</code>'s principals.
-	 *
 	 * @return true if this method succeeded, or false if this <code>LoginModule</code>
 	 * should be ignored.
-	 *
 	 * @exception LoginException if the commit fails
 	 */
 	public boolean commit() {
@@ -118,30 +117,25 @@ public class SecurityContextLoginModule implements LoginModule {
 	 * code establishing the <code>LoginContext</code> likely won't provide one that
 	 * understands Spring Security. Also ignores the <code>sharedState</code> and
 	 * <code>options</code> parameters, since none are recognized.
-	 *
 	 * @param subject the <code>Subject</code> to be authenticated.
 	 * @param callbackHandler is ignored
 	 * @param sharedState is ignored
 	 * @param options are ignored
 	 */
 	@SuppressWarnings("unchecked")
-	public void initialize(Subject subject, CallbackHandler callbackHandler,
-			Map sharedState, Map options) {
+	public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) {
 		this.subject = subject;
 
 		if (options != null) {
-			ignoreMissingAuthentication = "true".equals(options
-					.get("ignoreMissingAuthentication"));
+			ignoreMissingAuthentication = "true".equals(options.get("ignoreMissingAuthentication"));
 		}
 	}
 
 	/**
 	 * Authenticate the <code>Subject</code> (phase one) by extracting the Spring Security
 	 * <code>Authentication</code> from the current <code>SecurityContext</code>.
-	 *
 	 * @return true if the authentication succeeded, or false if this
 	 * <code>LoginModule</code> should be ignored.
-	 *
 	 * @throws LoginException if the authentication fails
 	 */
 	public boolean login() throws LoginException {
@@ -165,10 +159,8 @@ public class SecurityContextLoginModule implements LoginModule {
 
 	/**
 	 * Log out the <code>Subject</code>.
-	 *
 	 * @return true if this method succeeded, or false if this <code>LoginModule</code>
 	 * should be ignored.
-	 *
 	 * @exception LoginException if the logout fails
 	 */
 	public boolean logout() {
@@ -181,4 +173,5 @@ public class SecurityContextLoginModule implements LoginModule {
 
 		return true;
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/authentication/jaas/event/JaasAuthenticationEvent.java b/core/src/main/java/org/springframework/security/authentication/jaas/event/JaasAuthenticationEvent.java
index 2c3332d59b..8cedd283bd 100644
--- a/core/src/main/java/org/springframework/security/authentication/jaas/event/JaasAuthenticationEvent.java
+++ b/core/src/main/java/org/springframework/security/authentication/jaas/event/JaasAuthenticationEvent.java
@@ -28,12 +28,12 @@ import org.springframework.context.ApplicationEvent;
  * @author Ray Krueger
  */
 public abstract class JaasAuthenticationEvent extends ApplicationEvent {
+
 	// ~ Constructors
 	// ===================================================================================================
 
 	/**
 	 * The Authentication object is stored as the ApplicationEvent 'source'.
-	 *
 	 * @param auth
 	 */
 	public JaasAuthenticationEvent(Authentication auth) {
@@ -45,10 +45,10 @@ public abstract class JaasAuthenticationEvent extends ApplicationEvent {
 
 	/**
 	 * Pre-casted method that returns the 'source' of the event.
-	 *
 	 * @return the Authentication
 	 */
 	public Authentication getAuthentication() {
 		return (Authentication) source;
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/authentication/jaas/event/JaasAuthenticationFailedEvent.java b/core/src/main/java/org/springframework/security/authentication/jaas/event/JaasAuthenticationFailedEvent.java
index e3955c909f..ca92f0e548 100644
--- a/core/src/main/java/org/springframework/security/authentication/jaas/event/JaasAuthenticationFailedEvent.java
+++ b/core/src/main/java/org/springframework/security/authentication/jaas/event/JaasAuthenticationFailedEvent.java
@@ -25,6 +25,7 @@ import org.springframework.security.core.Authentication;
  * @author Ray Krueger
  */
 public class JaasAuthenticationFailedEvent extends JaasAuthenticationEvent {
+
 	// ~ Instance fields
 	// ================================================================================================
 
@@ -44,4 +45,5 @@ public class JaasAuthenticationFailedEvent extends JaasAuthenticationEvent {
 	public Exception getException() {
 		return exception;
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/authentication/jaas/event/JaasAuthenticationSuccessEvent.java b/core/src/main/java/org/springframework/security/authentication/jaas/event/JaasAuthenticationSuccessEvent.java
index f57d4ab35d..9d1690db92 100644
--- a/core/src/main/java/org/springframework/security/authentication/jaas/event/JaasAuthenticationSuccessEvent.java
+++ b/core/src/main/java/org/springframework/security/authentication/jaas/event/JaasAuthenticationSuccessEvent.java
@@ -27,10 +27,12 @@ import org.springframework.security.core.Authentication;
  * @author Ray Krueger
  */
 public class JaasAuthenticationSuccessEvent extends JaasAuthenticationEvent {
+
 	// ~ Constructors
 	// ===================================================================================================
 
 	public JaasAuthenticationSuccessEvent(Authentication auth) {
 		super(auth);
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/authentication/jaas/event/package-info.java b/core/src/main/java/org/springframework/security/authentication/jaas/event/package-info.java
index 266efce2c0..a6d7946886 100644
--- a/core/src/main/java/org/springframework/security/authentication/jaas/event/package-info.java
+++ b/core/src/main/java/org/springframework/security/authentication/jaas/event/package-info.java
@@ -14,8 +14,7 @@
  * limitations under the License.
  */
 /**
- * JAAS authentication events which can be published to the Spring application context by the JAAS authentication
- * provider.
+ * JAAS authentication events which can be published to the Spring application context by
+ * the JAAS authentication provider.
  */
 package org.springframework.security.authentication.jaas.event;
-
diff --git a/core/src/main/java/org/springframework/security/authentication/jaas/memory/InMemoryConfiguration.java b/core/src/main/java/org/springframework/security/authentication/jaas/memory/InMemoryConfiguration.java
index 181b118b98..3bd86695a5 100644
--- a/core/src/main/java/org/springframework/security/authentication/jaas/memory/InMemoryConfiguration.java
+++ b/core/src/main/java/org/springframework/security/authentication/jaas/memory/InMemoryConfiguration.java
@@ -35,10 +35,12 @@ import org.springframework.util.Assert;
  * @author Rob Winch
  */
 public class InMemoryConfiguration extends Configuration {
+
 	// ~ Instance fields
 	// ================================================================================================
 
 	private final AppConfigurationEntry[] defaultConfiguration;
+
 	private final Map<String, AppConfigurationEntry[]> mappedConfigurations;
 
 	// ~ Constructors
@@ -47,24 +49,20 @@ public class InMemoryConfiguration extends Configuration {
 	/**
 	 * Creates a new instance with only a defaultConfiguration. Any configuration name
 	 * will result in defaultConfiguration being returned.
-	 *
 	 * @param defaultConfiguration The result for any calls to
 	 * {@link #getAppConfigurationEntry(String)}. Can be <code>null</code>.
 	 */
 	public InMemoryConfiguration(AppConfigurationEntry[] defaultConfiguration) {
-		this(Collections.<String, AppConfigurationEntry[]>emptyMap(),
-				defaultConfiguration);
+		this(Collections.<String, AppConfigurationEntry[]>emptyMap(), defaultConfiguration);
 	}
 
 	/**
 	 * Creates a new instance with a mapping of login context name to an array of
 	 * {@link AppConfigurationEntry}s.
-	 *
 	 * @param mappedConfigurations each key represents a login context name and each value
 	 * is an Array of {@link AppConfigurationEntry}s that should be used.
 	 */
-	public InMemoryConfiguration(
-			Map<String, AppConfigurationEntry[]> mappedConfigurations) {
+	public InMemoryConfiguration(Map<String, AppConfigurationEntry[]> mappedConfigurations) {
 		this(mappedConfigurations, null);
 	}
 
@@ -72,14 +70,12 @@ public class InMemoryConfiguration extends Configuration {
 	 * Creates a new instance with a mapping of login context name to an array of
 	 * {@link AppConfigurationEntry}s along with a default configuration that will be used
 	 * if no mapping is found for the given login context name.
-	 *
 	 * @param mappedConfigurations each key represents a login context name and each value
 	 * is an Array of {@link AppConfigurationEntry}s that should be used.
 	 * @param defaultConfiguration The result for any calls to
 	 * {@link #getAppConfigurationEntry(String)}. Can be <code>null</code>.
 	 */
-	public InMemoryConfiguration(
-			Map<String, AppConfigurationEntry[]> mappedConfigurations,
+	public InMemoryConfiguration(Map<String, AppConfigurationEntry[]> mappedConfigurations,
 			AppConfigurationEntry[] defaultConfiguration) {
 		Assert.notNull(mappedConfigurations, "mappedConfigurations cannot be null.");
 		this.mappedConfigurations = mappedConfigurations;
@@ -101,4 +97,5 @@ public class InMemoryConfiguration extends Configuration {
 	@Override
 	public void refresh() {
 	}
+
 }
\ No newline at end of file
diff --git a/core/src/main/java/org/springframework/security/authentication/jaas/memory/package-info.java b/core/src/main/java/org/springframework/security/authentication/jaas/memory/package-info.java
index 0657c03910..79662dcf5c 100644
--- a/core/src/main/java/org/springframework/security/authentication/jaas/memory/package-info.java
+++ b/core/src/main/java/org/springframework/security/authentication/jaas/memory/package-info.java
@@ -17,4 +17,3 @@
  * An in memory JAAS implementation.
  */
 package org.springframework.security.authentication.jaas.memory;
-
diff --git a/core/src/main/java/org/springframework/security/authentication/jaas/package-info.java b/core/src/main/java/org/springframework/security/authentication/jaas/package-info.java
index 3204025524..0362b02652 100644
--- a/core/src/main/java/org/springframework/security/authentication/jaas/package-info.java
+++ b/core/src/main/java/org/springframework/security/authentication/jaas/package-info.java
@@ -17,4 +17,3 @@
  * An authentication provider for JAAS.
  */
 package org.springframework.security.authentication.jaas;
-
diff --git a/core/src/main/java/org/springframework/security/authentication/package-info.java b/core/src/main/java/org/springframework/security/authentication/package-info.java
index e56ab09664..a318d942e8 100644
--- a/core/src/main/java/org/springframework/security/authentication/package-info.java
+++ b/core/src/main/java/org/springframework/security/authentication/package-info.java
@@ -14,12 +14,15 @@
  * limitations under the License.
  */
 /**
- * Core classes and interfaces related to user authentication, which are used throughout Spring Security.
+ * Core classes and interfaces related to user authentication, which are used throughout
+ * Spring Security.
  * <p>
- * Of key importance is the {@link org.springframework.security.authentication.AuthenticationManager AuthenticationManager}
- * and its default implementation {@link org.springframework.security.authentication.ProviderManager
- * ProviderManager}, which maintains a list {@link org.springframework.security.authentication.AuthenticationProvider
+ * Of key importance is the
+ * {@link org.springframework.security.authentication.AuthenticationManager
+ * AuthenticationManager} and its default implementation
+ * {@link org.springframework.security.authentication.ProviderManager ProviderManager},
+ * which maintains a list
+ * {@link org.springframework.security.authentication.AuthenticationProvider
  * AuthenticationProvider}s to which it delegates authentication requests.
  */
 package org.springframework.security.authentication;
-
diff --git a/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationException.java b/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationException.java
index 8cb14cbdd3..7f44aaf305 100644
--- a/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationException.java
+++ b/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationException.java
@@ -39,10 +39,10 @@ public class RemoteAuthenticationException extends NestedRuntimeException {
 	/**
 	 * Constructs a <code>RemoteAuthenticationException</code> with the specified message
 	 * and no root cause.
-	 *
 	 * @param msg the detail message
 	 */
 	public RemoteAuthenticationException(String msg) {
 		super(msg);
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationManager.java b/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationManager.java
index 4108468dfa..c0e1ac7a05 100644
--- a/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationManager.java
+++ b/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationManager.java
@@ -26,6 +26,7 @@ import org.springframework.security.core.GrantedAuthority;
  * @author Ben Alex
  */
 public interface RemoteAuthenticationManager {
+
 	// ~ Methods
 	// ========================================================================================================
 
@@ -39,15 +40,13 @@ public interface RemoteAuthenticationManager {
 	 * required for remote clients to enable/disable relevant user interface commands etc.
 	 * There is nothing preventing users from implementing their own equivalent package
 	 * that works with more complex object types.
-	 *
 	 * @param username the username the remote client wishes to authenticate with.
 	 * @param password the password the remote client wishes to authenticate with.
-	 *
 	 * @return all of the granted authorities the specified username and password have
 	 * access to.
-	 *
 	 * @throws RemoteAuthenticationException if the authentication failed.
 	 */
-	Collection<? extends GrantedAuthority> attemptAuthentication(String username,
-			String password) throws RemoteAuthenticationException;
+	Collection<? extends GrantedAuthority> attemptAuthentication(String username, String password)
+			throws RemoteAuthenticationException;
+
 }
diff --git a/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationManagerImpl.java b/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationManagerImpl.java
index 35e1a6d556..2209d42436 100644
--- a/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationManagerImpl.java
+++ b/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationManagerImpl.java
@@ -33,8 +33,8 @@ import org.springframework.util.Assert;
  *
  * @author Ben Alex
  */
-public class RemoteAuthenticationManagerImpl implements RemoteAuthenticationManager,
-		InitializingBean {
+public class RemoteAuthenticationManagerImpl implements RemoteAuthenticationManager, InitializingBean {
+
 	// ~ Instance fields
 	// ================================================================================================
 
@@ -47,10 +47,9 @@ public class RemoteAuthenticationManagerImpl implements RemoteAuthenticationMana
 		Assert.notNull(this.authenticationManager, "authenticationManager is required");
 	}
 
-	public Collection<? extends GrantedAuthority> attemptAuthentication(String username,
-			String password) throws RemoteAuthenticationException {
-		UsernamePasswordAuthenticationToken request = new UsernamePasswordAuthenticationToken(
-				username, password);
+	public Collection<? extends GrantedAuthority> attemptAuthentication(String username, String password)
+			throws RemoteAuthenticationException {
+		UsernamePasswordAuthenticationToken request = new UsernamePasswordAuthenticationToken(username, password);
 
 		try {
 			return authenticationManager.authenticate(request).getAuthorities();
@@ -67,4 +66,5 @@ public class RemoteAuthenticationManagerImpl implements RemoteAuthenticationMana
 	public void setAuthenticationManager(AuthenticationManager authenticationManager) {
 		this.authenticationManager = authenticationManager;
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationProvider.java b/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationProvider.java
index 7e6b8c6b15..b105b1d21c 100644
--- a/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationProvider.java
+++ b/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationProvider.java
@@ -50,8 +50,8 @@ import org.springframework.util.Assert;
  *
  * @author Ben Alex
  */
-public class RemoteAuthenticationProvider implements AuthenticationProvider,
-		InitializingBean {
+public class RemoteAuthenticationProvider implements AuthenticationProvider, InitializingBean {
+
 	// ~ Instance fields
 	// ================================================================================================
 
@@ -61,17 +61,15 @@ public class RemoteAuthenticationProvider implements AuthenticationProvider,
 	// ========================================================================================================
 
 	public void afterPropertiesSet() {
-		Assert.notNull(this.remoteAuthenticationManager,
-				"remoteAuthenticationManager is mandatory");
+		Assert.notNull(this.remoteAuthenticationManager, "remoteAuthenticationManager is mandatory");
 	}
 
-	public Authentication authenticate(Authentication authentication)
-			throws AuthenticationException {
+	public Authentication authenticate(Authentication authentication) throws AuthenticationException {
 		String username = authentication.getPrincipal().toString();
 		Object credentials = authentication.getCredentials();
 		String password = credentials == null ? null : credentials.toString();
-		Collection<? extends GrantedAuthority> authorities = remoteAuthenticationManager
-				.attemptAuthentication(username, password);
+		Collection<? extends GrantedAuthority> authorities = remoteAuthenticationManager.attemptAuthentication(username,
+				password);
 
 		return new UsernamePasswordAuthenticationToken(username, password, authorities);
 	}
@@ -80,13 +78,12 @@ public class RemoteAuthenticationProvider implements AuthenticationProvider,
 		return remoteAuthenticationManager;
 	}
 
-	public void setRemoteAuthenticationManager(
-			RemoteAuthenticationManager remoteAuthenticationManager) {
+	public void setRemoteAuthenticationManager(RemoteAuthenticationManager remoteAuthenticationManager) {
 		this.remoteAuthenticationManager = remoteAuthenticationManager;
 	}
 
 	public boolean supports(Class<?> authentication) {
-		return (UsernamePasswordAuthenticationToken.class
-				.isAssignableFrom(authentication));
+		return (UsernamePasswordAuthenticationToken.class.isAssignableFrom(authentication));
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/authentication/rcp/package-info.java b/core/src/main/java/org/springframework/security/authentication/rcp/package-info.java
index 443fb72df3..f76b553f6f 100644
--- a/core/src/main/java/org/springframework/security/authentication/rcp/package-info.java
+++ b/core/src/main/java/org/springframework/security/authentication/rcp/package-info.java
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 /**
- * Allows remote clients to authenticate and obtain a populated <code>Authentication</code> object.
+ * Allows remote clients to authenticate and obtain a populated
+ * <code>Authentication</code> object.
  */
 package org.springframework.security.authentication.rcp;
-
diff --git a/core/src/main/java/org/springframework/security/authorization/AuthenticatedReactiveAuthorizationManager.java b/core/src/main/java/org/springframework/security/authorization/AuthenticatedReactiveAuthorizationManager.java
index 8647f685fd..8a78190efa 100644
--- a/core/src/main/java/org/springframework/security/authorization/AuthenticatedReactiveAuthorizationManager.java
+++ b/core/src/main/java/org/springframework/security/authorization/AuthenticatedReactiveAuthorizationManager.java
@@ -36,14 +36,13 @@ public class AuthenticatedReactiveAuthorizationManager<T> implements ReactiveAut
 
 	@Override
 	public Mono<AuthorizationDecision> check(Mono<Authentication> authentication, T object) {
-		return authentication
-			.filter(this::isNotAnonymous)
-			.map(a -> new AuthorizationDecision(a.isAuthenticated()))
-			.defaultIfEmpty(new AuthorizationDecision(false));
+		return authentication.filter(this::isNotAnonymous).map(a -> new AuthorizationDecision(a.isAuthenticated()))
+				.defaultIfEmpty(new AuthorizationDecision(false));
 	}
 
 	/**
-	 * Verify (via {@link AuthenticationTrustResolver}) that the given authentication is not anonymous.
+	 * Verify (via {@link AuthenticationTrustResolver}) that the given authentication is
+	 * not anonymous.
 	 * @param authentication to be checked
 	 * @return <code>true</code> if not anonymous, otherwise <code>false</code>.
 	 */
@@ -60,5 +59,7 @@ public class AuthenticatedReactiveAuthorizationManager<T> implements ReactiveAut
 		return new AuthenticatedReactiveAuthorizationManager<>();
 	}
 
-	private AuthenticatedReactiveAuthorizationManager() {}
+	private AuthenticatedReactiveAuthorizationManager() {
+	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/authorization/AuthorityReactiveAuthorizationManager.java b/core/src/main/java/org/springframework/security/authorization/AuthorityReactiveAuthorizationManager.java
index 5ab05c960c..31d85ebfb1 100644
--- a/core/src/main/java/org/springframework/security/authorization/AuthorityReactiveAuthorizationManager.java
+++ b/core/src/main/java/org/springframework/security/authorization/AuthorityReactiveAuthorizationManager.java
@@ -32,6 +32,7 @@ import java.util.List;
  * @param <T> the type of object being authorized
  */
 public class AuthorityReactiveAuthorizationManager<T> implements ReactiveAuthorizationManager<T> {
+
 	private final List<String> authorities;
 
 	private AuthorityReactiveAuthorizationManager(String... authorities) {
@@ -40,19 +41,15 @@ public class AuthorityReactiveAuthorizationManager<T> implements ReactiveAuthori
 
 	@Override
 	public Mono<AuthorizationDecision> check(Mono<Authentication> authentication, T object) {
-		return authentication
-			.filter(a -> a.isAuthenticated())
-			.flatMapIterable( a -> a.getAuthorities())
-			.map(g -> g.getAuthority())
-			.any(a -> this.authorities.contains(a))
-			.map( hasAuthority -> new AuthorizationDecision(hasAuthority))
-			.defaultIfEmpty(new AuthorizationDecision(false));
+		return authentication.filter(a -> a.isAuthenticated()).flatMapIterable(a -> a.getAuthorities())
+				.map(g -> g.getAuthority()).any(a -> this.authorities.contains(a))
+				.map(hasAuthority -> new AuthorizationDecision(hasAuthority))
+				.defaultIfEmpty(new AuthorizationDecision(false));
 	}
 
 	/**
 	 * Creates an instance of {@link AuthorityReactiveAuthorizationManager} with the
 	 * provided authority.
-	 *
 	 * @param authority the authority to check for
 	 * @param <T> the type of object being authorized
 	 * @return the new instance
@@ -83,7 +80,6 @@ public class AuthorityReactiveAuthorizationManager<T> implements ReactiveAuthori
 	/**
 	 * Creates an instance of {@link AuthorityReactiveAuthorizationManager} with the
 	 * provided authority.
-	 *
 	 * @param role the authority to check for prefixed with "ROLE_"
 	 * @param <T> the type of object being authorized
 	 * @return the new instance
@@ -113,9 +109,10 @@ public class AuthorityReactiveAuthorizationManager<T> implements ReactiveAuthori
 
 	private static String[] toNamedRolesArray(String... roles) {
 		String[] result = new String[roles.length];
-		for (int i=0; i < roles.length; i++) {
+		for (int i = 0; i < roles.length; i++) {
 			result[i] = "ROLE_" + roles[i];
 		}
 		return result;
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/authorization/AuthorizationDecision.java b/core/src/main/java/org/springframework/security/authorization/AuthorizationDecision.java
index 08fdf7a92d..2ad6b7cf33 100644
--- a/core/src/main/java/org/springframework/security/authorization/AuthorizationDecision.java
+++ b/core/src/main/java/org/springframework/security/authorization/AuthorizationDecision.java
@@ -21,6 +21,7 @@ package org.springframework.security.authorization;
  * @since 5.0
  */
 public class AuthorizationDecision {
+
 	private final boolean granted;
 
 	public AuthorizationDecision(boolean granted) {
@@ -30,4 +31,5 @@ public class AuthorizationDecision {
 	public boolean isGranted() {
 		return granted;
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/authorization/ReactiveAuthorizationManager.java b/core/src/main/java/org/springframework/security/authorization/ReactiveAuthorizationManager.java
index 6686658cbc..92522b9e7a 100644
--- a/core/src/main/java/org/springframework/security/authorization/ReactiveAuthorizationManager.java
+++ b/core/src/main/java/org/springframework/security/authorization/ReactiveAuthorizationManager.java
@@ -21,17 +21,17 @@ import org.springframework.security.core.Authentication;
 import reactor.core.publisher.Mono;
 
 /**
- * A reactive authorization manager which can determine if an {@link Authentication}
- * has access to a specific object.
+ * A reactive authorization manager which can determine if an {@link Authentication} has
+ * access to a specific object.
  *
  * @author Rob Winch
  * @since 5.0
  * @param <T> the type of object that the authorization check is being done one.
  */
 public interface ReactiveAuthorizationManager<T> {
+
 	/**
 	 * Determines if access is granted for a specific authentication and object.
-	 *
 	 * @param authentication the Authentication to check
 	 * @param object the object to check
 	 * @return an decision or empty Mono if no decision could be made.
@@ -40,17 +40,15 @@ public interface ReactiveAuthorizationManager<T> {
 
 	/**
 	 * Determines if access should be granted for a specific authentication and object
-	 *
-
 	 * @param authentication the Authentication to check
 	 * @param object the object to check
 	 * @return an empty Mono if authorization is granted or a Mono error if access is
 	 * denied
 	 */
 	default Mono<Void> verify(Mono<Authentication> authentication, T object) {
-		return check(authentication, object)
-			.filter( d -> d.isGranted())
-			.switchIfEmpty(Mono.defer(() -> Mono.error(new AccessDeniedException("Access Denied"))))
-			.flatMap( d -> Mono.empty() );
+		return check(authentication, object).filter(d -> d.isGranted())
+				.switchIfEmpty(Mono.defer(() -> Mono.error(new AccessDeniedException("Access Denied"))))
+				.flatMap(d -> Mono.empty());
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextSupport.java b/core/src/main/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextSupport.java
index 7cc9a342d8..ea3d40857c 100644
--- a/core/src/main/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextSupport.java
+++ b/core/src/main/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextSupport.java
@@ -34,7 +34,6 @@ abstract class AbstractDelegatingSecurityContextSupport {
 	/**
 	 * Creates a new {@link AbstractDelegatingSecurityContextSupport} that uses the
 	 * specified {@link SecurityContext}.
-	 *
 	 * @param securityContext the {@link SecurityContext} to use for each
 	 * {@link DelegatingSecurityContextRunnable} and each
 	 * {@link DelegatingSecurityContextCallable} or null to default to the current
@@ -51,4 +50,5 @@ abstract class AbstractDelegatingSecurityContextSupport {
 	protected final <T> Callable<T> wrap(Callable<T> delegate) {
 		return DelegatingSecurityContextCallable.create(delegate, securityContext);
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextCallable.java b/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextCallable.java
index d65272ec5d..9b4934feb6 100644
--- a/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextCallable.java
+++ b/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextCallable.java
@@ -23,13 +23,13 @@ import org.springframework.util.Assert;
 
 /**
  * <p>
- * Wraps a delegate {@link Callable} with logic for setting up a
- * {@link SecurityContext} before invoking the delegate {@link Callable} and
- * then removing the {@link SecurityContext} after the delegate has completed.
+ * Wraps a delegate {@link Callable} with logic for setting up a {@link SecurityContext}
+ * before invoking the delegate {@link Callable} and then removing the
+ * {@link SecurityContext} after the delegate has completed.
  * </p>
  * <p>
- * If there is a {@link SecurityContext} that already exists, it will be
- * restored after the {@link #call()} method is invoked.
+ * If there is a {@link SecurityContext} that already exists, it will be restored after
+ * the {@link #call()} method is invoked.
  * </p>
  *
  * @author Rob Winch
@@ -39,16 +39,14 @@ public final class DelegatingSecurityContextCallable<V> implements Callable<V> {
 
 	private final Callable<V> delegate;
 
-
 	/**
-	 * The {@link SecurityContext} that the delegate {@link Callable} will be
-	 * ran as.
+	 * The {@link SecurityContext} that the delegate {@link Callable} will be ran as.
 	 */
 	private final SecurityContext delegateSecurityContext;
 
 	/**
-	 * The {@link SecurityContext} that was on the {@link SecurityContextHolder}
-	 * prior to being set to the delegateSecurityContext.
+	 * The {@link SecurityContext} that was on the {@link SecurityContextHolder} prior to
+	 * being set to the delegateSecurityContext.
 	 */
 	private SecurityContext originalSecurityContext;
 
@@ -60,8 +58,7 @@ public final class DelegatingSecurityContextCallable<V> implements Callable<V> {
 	 * @param securityContext the {@link SecurityContext} to establish for the delegate
 	 * {@link Callable}. Cannot be null.
 	 */
-	public DelegatingSecurityContextCallable(Callable<V> delegate,
-			SecurityContext securityContext) {
+	public DelegatingSecurityContextCallable(Callable<V> delegate, SecurityContext securityContext) {
 		Assert.notNull(delegate, "delegate cannot be null");
 		Assert.notNull(securityContext, "securityContext cannot be null");
 		this.delegate = delegate;
@@ -90,7 +87,8 @@ public final class DelegatingSecurityContextCallable<V> implements Callable<V> {
 			SecurityContext emptyContext = SecurityContextHolder.createEmptyContext();
 			if (emptyContext.equals(originalSecurityContext)) {
 				SecurityContextHolder.clearContext();
-			} else {
+			}
+			else {
 				SecurityContextHolder.setContext(originalSecurityContext);
 			}
 			this.originalSecurityContext = null;
@@ -107,17 +105,15 @@ public final class DelegatingSecurityContextCallable<V> implements Callable<V> {
 	 * {@link Callable} and {@link SecurityContext}, but if the securityContext is null
 	 * will defaults to the current {@link SecurityContext} on the
 	 * {@link SecurityContextHolder}
-	 *
 	 * @param delegate the delegate {@link DelegatingSecurityContextCallable} to run with
 	 * the specified {@link SecurityContext}. Cannot be null.
 	 * @param securityContext the {@link SecurityContext} to establish for the delegate
 	 * {@link Callable}. If null, defaults to {@link SecurityContextHolder#getContext()}
 	 * @return
 	 */
-	public static <V> Callable<V> create(Callable<V> delegate,
-			SecurityContext securityContext) {
-		return securityContext == null ? new DelegatingSecurityContextCallable<>(
-				delegate) : new DelegatingSecurityContextCallable<>(delegate,
-				securityContext);
+	public static <V> Callable<V> create(Callable<V> delegate, SecurityContext securityContext) {
+		return securityContext == null ? new DelegatingSecurityContextCallable<>(delegate)
+				: new DelegatingSecurityContextCallable<>(delegate, securityContext);
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextExecutor.java b/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextExecutor.java
index ba9c0a6217..9e55733767 100644
--- a/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextExecutor.java
+++ b/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextExecutor.java
@@ -28,21 +28,19 @@ import org.springframework.util.Assert;
  * @author Rob Winch
  * @since 3.2
  */
-public class DelegatingSecurityContextExecutor extends
-		AbstractDelegatingSecurityContextSupport implements Executor {
+public class DelegatingSecurityContextExecutor extends AbstractDelegatingSecurityContextSupport implements Executor {
+
 	private final Executor delegate;
 
 	/**
 	 * Creates a new {@link DelegatingSecurityContextExecutor} that uses the specified
 	 * {@link SecurityContext}.
-	 *
 	 * @param delegateExecutor the {@link Executor} to delegate to. Cannot be null.
 	 * @param securityContext the {@link SecurityContext} to use for each
 	 * {@link DelegatingSecurityContextRunnable} or null to default to the current
 	 * {@link SecurityContext}
 	 */
-	public DelegatingSecurityContextExecutor(Executor delegateExecutor,
-			SecurityContext securityContext) {
+	public DelegatingSecurityContextExecutor(Executor delegateExecutor, SecurityContext securityContext) {
 		super(securityContext);
 		Assert.notNull(delegateExecutor, "delegateExecutor cannot be null");
 		this.delegate = delegateExecutor;
@@ -52,7 +50,6 @@ public class DelegatingSecurityContextExecutor extends
 	 * Creates a new {@link DelegatingSecurityContextExecutor} that uses the current
 	 * {@link SecurityContext} from the {@link SecurityContextHolder} at the time the task
 	 * is submitted.
-	 *
 	 * @param delegate the {@link Executor} to delegate to. Cannot be null.
 	 */
 	public DelegatingSecurityContextExecutor(Executor delegate) {
@@ -67,4 +64,5 @@ public class DelegatingSecurityContextExecutor extends
 	protected final Executor getDelegateExecutor() {
 		return delegate;
 	}
+
 }
\ No newline at end of file
diff --git a/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextExecutorService.java b/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextExecutorService.java
index 9f00bb4fab..db4a0b3cee 100644
--- a/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextExecutorService.java
+++ b/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextExecutorService.java
@@ -36,29 +36,27 @@ import org.springframework.security.core.context.SecurityContextHolder;
  * @author Rob Winch
  * @since 3.2
  */
-public class DelegatingSecurityContextExecutorService extends
-		DelegatingSecurityContextExecutor implements ExecutorService {
+public class DelegatingSecurityContextExecutorService extends DelegatingSecurityContextExecutor
+		implements ExecutorService {
+
 	/**
 	 * Creates a new {@link DelegatingSecurityContextExecutorService} that uses the
 	 * specified {@link SecurityContext}.
-	 *
 	 * @param delegateExecutorService the {@link ExecutorService} to delegate to. Cannot
 	 * be null.
 	 * @param securityContext the {@link SecurityContext} to use for each
 	 * {@link DelegatingSecurityContextRunnable} and each
 	 * {@link DelegatingSecurityContextCallable}.
 	 */
-	public DelegatingSecurityContextExecutorService(
-			ExecutorService delegateExecutorService, SecurityContext securityContext) {
+	public DelegatingSecurityContextExecutorService(ExecutorService delegateExecutorService,
+			SecurityContext securityContext) {
 		super(delegateExecutorService, securityContext);
 	}
 
 	/**
 	 * Creates a new {@link DelegatingSecurityContextExecutorService} that uses the
 	 * current {@link SecurityContext} from the {@link SecurityContextHolder}.
-	 *
-	 * @param delegate the {@link ExecutorService} to delegate to. Cannot be
-	 * null.
+	 * @param delegate the {@link ExecutorService} to delegate to. Cannot be null.
 	 */
 	public DelegatingSecurityContextExecutorService(ExecutorService delegate) {
 		this(delegate, null);
@@ -80,8 +78,7 @@ public class DelegatingSecurityContextExecutorService extends
 		return getDelegate().isTerminated();
 	}
 
-	public final boolean awaitTermination(long timeout, TimeUnit unit)
-			throws InterruptedException {
+	public final boolean awaitTermination(long timeout, TimeUnit unit) throws InterruptedException {
 		return getDelegate().awaitTermination(timeout, unit);
 	}
 
@@ -107,15 +104,13 @@ public class DelegatingSecurityContextExecutorService extends
 	}
 
 	@SuppressWarnings({ "rawtypes", "unchecked" })
-	public final List invokeAll(Collection tasks, long timeout, TimeUnit unit)
-			throws InterruptedException {
+	public final List invokeAll(Collection tasks, long timeout, TimeUnit unit) throws InterruptedException {
 		tasks = createTasks(tasks);
 		return getDelegate().invokeAll(tasks, timeout, unit);
 	}
 
 	@SuppressWarnings({ "rawtypes", "unchecked" })
-	public final Object invokeAny(Collection tasks) throws InterruptedException,
-			ExecutionException {
+	public final Object invokeAny(Collection tasks) throws InterruptedException, ExecutionException {
 		tasks = createTasks(tasks);
 		return getDelegate().invokeAny(tasks);
 	}
@@ -141,4 +136,5 @@ public class DelegatingSecurityContextExecutorService extends
 	private ExecutorService getDelegate() {
 		return (ExecutorService) getDelegateExecutor();
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextRunnable.java b/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextRunnable.java
index addba8cfd9..e4cbd752f6 100644
--- a/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextRunnable.java
+++ b/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextRunnable.java
@@ -26,8 +26,8 @@ import org.springframework.util.Assert;
  * {@link SecurityContext} after the delegate has completed.
  * </p>
  * <p>
- * If there is a {@link SecurityContext} that already exists, it will be
- * restored after the {@link #run()} method is invoked.
+ * If there is a {@link SecurityContext} that already exists, it will be restored after
+ * the {@link #run()} method is invoked.
  * </p>
  *
  * @author Rob Winch
@@ -38,14 +38,13 @@ public final class DelegatingSecurityContextRunnable implements Runnable {
 	private final Runnable delegate;
 
 	/**
-	 * The {@link SecurityContext} that the delegate {@link Runnable} will be
-	 * ran as.
+	 * The {@link SecurityContext} that the delegate {@link Runnable} will be ran as.
 	 */
 	private final SecurityContext delegateSecurityContext;
 
 	/**
-	 * The {@link SecurityContext} that was on the {@link SecurityContextHolder}
-	 * prior to being set to the delegateSecurityContext.
+	 * The {@link SecurityContext} that was on the {@link SecurityContextHolder} prior to
+	 * being set to the delegateSecurityContext.
 	 */
 	private SecurityContext originalSecurityContext;
 
@@ -57,8 +56,7 @@ public final class DelegatingSecurityContextRunnable implements Runnable {
 	 * @param securityContext the {@link SecurityContext} to establish for the delegate
 	 * {@link Runnable}. Cannot be null.
 	 */
-	public DelegatingSecurityContextRunnable(Runnable delegate,
-			SecurityContext securityContext) {
+	public DelegatingSecurityContextRunnable(Runnable delegate, SecurityContext securityContext) {
 		Assert.notNull(delegate, "delegate cannot be null");
 		Assert.notNull(securityContext, "securityContext cannot be null");
 		this.delegate = delegate;
@@ -87,7 +85,8 @@ public final class DelegatingSecurityContextRunnable implements Runnable {
 			SecurityContext emptyContext = SecurityContextHolder.createEmptyContext();
 			if (emptyContext.equals(originalSecurityContext)) {
 				SecurityContextHolder.clearContext();
-			} else {
+			}
+			else {
 				SecurityContextHolder.setContext(originalSecurityContext);
 			}
 			this.originalSecurityContext = null;
@@ -101,7 +100,6 @@ public final class DelegatingSecurityContextRunnable implements Runnable {
 
 	/**
 	 * Factory method for creating a {@link DelegatingSecurityContextRunnable}.
-	 *
 	 * @param delegate the original {@link Runnable} that will be delegated to after
 	 * establishing a {@link SecurityContext} on the {@link SecurityContextHolder}. Cannot
 	 * have null.
@@ -115,4 +113,5 @@ public final class DelegatingSecurityContextRunnable implements Runnable {
 		return securityContext == null ? new DelegatingSecurityContextRunnable(delegate)
 				: new DelegatingSecurityContextRunnable(delegate, securityContext);
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextScheduledExecutorService.java b/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextScheduledExecutorService.java
index f58fc68989..b88c4a3b1b 100644
--- a/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextScheduledExecutorService.java
+++ b/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextScheduledExecutorService.java
@@ -31,20 +31,19 @@ import org.springframework.security.core.context.SecurityContextHolder;
  * @author Rob Winch
  * @since 3.2
  */
-public final class DelegatingSecurityContextScheduledExecutorService extends
-		DelegatingSecurityContextExecutorService implements ScheduledExecutorService {
+public final class DelegatingSecurityContextScheduledExecutorService extends DelegatingSecurityContextExecutorService
+		implements ScheduledExecutorService {
+
 	/**
 	 * Creates a new {@link DelegatingSecurityContextScheduledExecutorService} that uses
 	 * the specified {@link SecurityContext}.
-	 *
 	 * @param delegateScheduledExecutorService the {@link ScheduledExecutorService} to
 	 * delegate to. Cannot be null.
 	 * @param securityContext the {@link SecurityContext} to use for each
 	 * {@link DelegatingSecurityContextRunnable} and each
 	 * {@link DelegatingSecurityContextCallable}.
 	 */
-	public DelegatingSecurityContextScheduledExecutorService(
-			ScheduledExecutorService delegateScheduledExecutorService,
+	public DelegatingSecurityContextScheduledExecutorService(ScheduledExecutorService delegateScheduledExecutorService,
 			SecurityContext securityContext) {
 		super(delegateScheduledExecutorService, securityContext);
 	}
@@ -52,12 +51,10 @@ public final class DelegatingSecurityContextScheduledExecutorService extends
 	/**
 	 * Creates a new {@link DelegatingSecurityContextScheduledExecutorService} that uses
 	 * the current {@link SecurityContext} from the {@link SecurityContextHolder}.
-	 *
 	 * @param delegate the {@link ScheduledExecutorService} to delegate to. Cannot be
 	 * null.
 	 */
-	public DelegatingSecurityContextScheduledExecutorService(
-			ScheduledExecutorService delegate) {
+	public DelegatingSecurityContextScheduledExecutorService(ScheduledExecutorService delegate) {
 		this(delegate, null);
 	}
 
@@ -66,20 +63,17 @@ public final class DelegatingSecurityContextScheduledExecutorService extends
 		return getDelegate().schedule(command, delay, unit);
 	}
 
-	public <V> ScheduledFuture<V> schedule(Callable<V> callable, long delay,
-			TimeUnit unit) {
+	public <V> ScheduledFuture<V> schedule(Callable<V> callable, long delay, TimeUnit unit) {
 		callable = wrap(callable);
 		return getDelegate().schedule(callable, delay, unit);
 	}
 
-	public ScheduledFuture<?> scheduleAtFixedRate(Runnable command,
-			long initialDelay, long period, TimeUnit unit) {
+	public ScheduledFuture<?> scheduleAtFixedRate(Runnable command, long initialDelay, long period, TimeUnit unit) {
 		command = wrap(command);
 		return getDelegate().scheduleAtFixedRate(command, initialDelay, period, unit);
 	}
 
-	public ScheduledFuture<?> scheduleWithFixedDelay(Runnable command,
-			long initialDelay, long delay, TimeUnit unit) {
+	public ScheduledFuture<?> scheduleWithFixedDelay(Runnable command, long initialDelay, long delay, TimeUnit unit) {
 		command = wrap(command);
 		return getDelegate().scheduleWithFixedDelay(command, initialDelay, delay, unit);
 	}
@@ -87,4 +81,5 @@ public final class DelegatingSecurityContextScheduledExecutorService extends
 	private ScheduledExecutorService getDelegate() {
 		return (ScheduledExecutorService) getDelegateExecutor();
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/context/DelegatingApplicationListener.java b/core/src/main/java/org/springframework/security/context/DelegatingApplicationListener.java
index b1341a91df..331741fc8f 100644
--- a/core/src/main/java/org/springframework/security/context/DelegatingApplicationListener.java
+++ b/core/src/main/java/org/springframework/security/context/DelegatingApplicationListener.java
@@ -30,8 +30,8 @@ import java.util.concurrent.CopyOnWriteArrayList;
  *
  * @author Rob Winch
  */
-public final class DelegatingApplicationListener implements
-		ApplicationListener<ApplicationEvent> {
+public final class DelegatingApplicationListener implements ApplicationListener<ApplicationEvent> {
+
 	private List<SmartApplicationListener> listeners = new CopyOnWriteArrayList<>();
 
 	public void onApplicationEvent(ApplicationEvent event) {
@@ -49,13 +49,12 @@ public final class DelegatingApplicationListener implements
 
 	/**
 	 * Adds a new SmartApplicationListener to use.
-	 *
 	 * @param smartApplicationListener the SmartApplicationListener to use. Cannot be
 	 * null.
 	 */
 	public void addListener(SmartApplicationListener smartApplicationListener) {
-		Assert.notNull(smartApplicationListener,
-				"smartApplicationListener cannot be null");
+		Assert.notNull(smartApplicationListener, "smartApplicationListener cannot be null");
 		listeners.add(smartApplicationListener);
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/converter/RsaKeyConverters.java b/core/src/main/java/org/springframework/security/converter/RsaKeyConverters.java
index c0aeb2a53d..79df65af8a 100644
--- a/core/src/main/java/org/springframework/security/converter/RsaKeyConverters.java
+++ b/core/src/main/java/org/springframework/security/converter/RsaKeyConverters.java
@@ -39,33 +39,38 @@ import org.springframework.util.Assert;
  * @since 5.2
  */
 public class RsaKeyConverters {
+
 	private static final String DASHES = "-----";
+
 	private static final String PKCS8_PEM_HEADER = DASHES + "BEGIN PRIVATE KEY" + DASHES;
+
 	private static final String PKCS8_PEM_FOOTER = DASHES + "END PRIVATE KEY" + DASHES;
+
 	private static final String X509_PEM_HEADER = DASHES + "BEGIN PUBLIC KEY" + DASHES;
+
 	private static final String X509_PEM_FOOTER = DASHES + "END PUBLIC KEY" + DASHES;
 
 	/**
 	 * Construct a {@link Converter} for converting a PEM-encoded PKCS#8 RSA Private Key
 	 * into a {@link RSAPrivateKey}.
 	 *
-	 * Note that keys are often formatted in PKCS#1 and this can easily be identified by the header.
-	 * If the key file begins with "-----BEGIN RSA PRIVATE KEY-----", then it is PKCS#1. If it is
-	 * PKCS#8 formatted, then it begins with "-----BEGIN PRIVATE KEY-----".
+	 * Note that keys are often formatted in PKCS#1 and this can easily be identified by
+	 * the header. If the key file begins with "-----BEGIN RSA PRIVATE KEY-----", then it
+	 * is PKCS#1. If it is PKCS#8 formatted, then it begins with "-----BEGIN PRIVATE
+	 * KEY-----".
 	 *
-	 * This converter does not close the {@link InputStream} in order to avoid making non-portable
-	 * assumptions about the streams' origin and further use.
-	 *
-	 * @return A {@link Converter} that can read a PEM-encoded PKCS#8 RSA Private Key and return a
-	 * {@link RSAPrivateKey}.
+	 * This converter does not close the {@link InputStream} in order to avoid making
+	 * non-portable assumptions about the streams' origin and further use.
+	 * @return A {@link Converter} that can read a PEM-encoded PKCS#8 RSA Private Key and
+	 * return a {@link RSAPrivateKey}.
 	 */
 	public static Converter<InputStream, RSAPrivateKey> pkcs8() {
 		KeyFactory keyFactory = rsaFactory();
 		return source -> {
 			List<String> lines = readAllLines(source);
 			Assert.isTrue(!lines.isEmpty() && lines.get(0).startsWith(PKCS8_PEM_HEADER),
-					"Key is not in PEM-encoded PKCS#8 format, " +
-							"please check that the header begins with -----" + PKCS8_PEM_HEADER + "-----");
+					"Key is not in PEM-encoded PKCS#8 format, " + "please check that the header begins with -----"
+							+ PKCS8_PEM_HEADER + "-----");
 			StringBuilder base64Encoded = new StringBuilder();
 			for (String line : lines) {
 				if (RsaKeyConverters.isNotPkcs8Wrapper(line)) {
@@ -75,9 +80,9 @@ public class RsaKeyConverters {
 			byte[] pkcs8 = Base64.getDecoder().decode(base64Encoded.toString());
 
 			try {
-				return (RSAPrivateKey) keyFactory.generatePrivate(
-						new PKCS8EncodedKeySpec(pkcs8));
-			} catch (Exception e) {
+				return (RSAPrivateKey) keyFactory.generatePrivate(new PKCS8EncodedKeySpec(pkcs8));
+			}
+			catch (Exception e) {
 				throw new IllegalArgumentException(e);
 			}
 		};
@@ -87,19 +92,18 @@ public class RsaKeyConverters {
 	 * Construct a {@link Converter} for converting a PEM-encoded X.509 RSA Public Key
 	 * into a {@link RSAPublicKey}.
 	 *
-	 * This converter does not close the {@link InputStream} in order to avoid making non-portable
-	 * assumptions about the streams' origin and further use.
-	 *
-	 * @return A {@link Converter} that can read a PEM-encoded X.509 RSA Public Key and return a
-	 * {@link RSAPublicKey}.
+	 * This converter does not close the {@link InputStream} in order to avoid making
+	 * non-portable assumptions about the streams' origin and further use.
+	 * @return A {@link Converter} that can read a PEM-encoded X.509 RSA Public Key and
+	 * return a {@link RSAPublicKey}.
 	 */
 	public static Converter<InputStream, RSAPublicKey> x509() {
 		KeyFactory keyFactory = rsaFactory();
 		return source -> {
 			List<String> lines = readAllLines(source);
 			Assert.isTrue(!lines.isEmpty() && lines.get(0).startsWith(X509_PEM_HEADER),
-					"Key is not in PEM-encoded X.509 format, " +
-							"please check that the header begins with -----" + X509_PEM_HEADER + "-----");
+					"Key is not in PEM-encoded X.509 format, " + "please check that the header begins with -----"
+							+ X509_PEM_HEADER + "-----");
 			StringBuilder base64Encoded = new StringBuilder();
 			for (String line : lines) {
 				if (RsaKeyConverters.isNotX509Wrapper(line)) {
@@ -109,9 +113,9 @@ public class RsaKeyConverters {
 			byte[] x509 = Base64.getDecoder().decode(base64Encoded.toString());
 
 			try {
-				return (RSAPublicKey) keyFactory.generatePublic(
-						new X509EncodedKeySpec(x509));
-			} catch (Exception e) {
+				return (RSAPublicKey) keyFactory.generatePublic(new X509EncodedKeySpec(x509));
+			}
+			catch (Exception e) {
 				throw new IllegalArgumentException(e);
 			}
 		};
@@ -125,7 +129,8 @@ public class RsaKeyConverters {
 	private static KeyFactory rsaFactory() {
 		try {
 			return KeyFactory.getInstance("RSA");
-		} catch (NoSuchAlgorithmException e) {
+		}
+		catch (NoSuchAlgorithmException e) {
 			throw new IllegalStateException(e);
 		}
 	}
@@ -137,4 +142,5 @@ public class RsaKeyConverters {
 	private static boolean isNotX509Wrapper(String line) {
 		return !X509_PEM_HEADER.equals(line) && !X509_PEM_FOOTER.equals(line);
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/core/AuthenticatedPrincipal.java b/core/src/main/java/org/springframework/security/core/AuthenticatedPrincipal.java
index 51739334bf..177ff2dfa7 100644
--- a/core/src/main/java/org/springframework/security/core/AuthenticatedPrincipal.java
+++ b/core/src/main/java/org/springframework/security/core/AuthenticatedPrincipal.java
@@ -19,15 +19,15 @@ import org.springframework.security.authentication.AuthenticationManager;
 
 /**
  * Representation of an authenticated <code>Principal</code> once an
- * {@link Authentication} request has been successfully authenticated
- * by the {@link AuthenticationManager#authenticate(Authentication)} method.
+ * {@link Authentication} request has been successfully authenticated by the
+ * {@link AuthenticationManager#authenticate(Authentication)} method.
  *
  * Implementors typically provide their own representation of a <code>Principal</code>,
- * which usually contains information describing the <code>Principal</code> entity,
- * such as, first/middle/last name, address, email, phone, id, etc.
+ * which usually contains information describing the <code>Principal</code> entity, such
+ * as, first/middle/last name, address, email, phone, id, etc.
  *
- * This interface allows implementors to expose specific attributes
- * of their custom representation of <code>Principal</code> in a generic way.
+ * This interface allows implementors to expose specific attributes of their custom
+ * representation of <code>Principal</code> in a generic way.
  *
  * @author Joe Grandja
  * @since 5.0
@@ -37,8 +37,8 @@ import org.springframework.security.authentication.AuthenticationManager;
 public interface AuthenticatedPrincipal {
 
 	/**
-	 * Returns the name of the authenticated <code>Principal</code>. Never <code>null</code>.
-	 *
+	 * Returns the name of the authenticated <code>Principal</code>. Never
+	 * <code>null</code>.
 	 * @return the name of the authenticated <code>Principal</code>
 	 */
 	String getName();
diff --git a/core/src/main/java/org/springframework/security/core/Authentication.java b/core/src/main/java/org/springframework/security/core/Authentication.java
index 0a09c26a20..5b762ef72e 100644
--- a/core/src/main/java/org/springframework/security/core/Authentication.java
+++ b/core/src/main/java/org/springframework/security/core/Authentication.java
@@ -49,6 +49,7 @@ import org.springframework.security.core.context.SecurityContextHolder;
  * @author Ben Alex
  */
 public interface Authentication extends Principal, Serializable {
+
 	// ~ Methods
 	// ========================================================================================================
 
@@ -61,7 +62,6 @@ public interface Authentication extends Principal, Serializable {
 	 * do not affect the state of the Authentication object, or use an unmodifiable
 	 * instance.
 	 * </p>
-	 *
 	 * @return the authorities granted to the principal, or an empty collection if the
 	 * token has not been authenticated. Never null.
 	 */
@@ -71,7 +71,6 @@ public interface Authentication extends Principal, Serializable {
 	 * The credentials that prove the principal is correct. This is usually a password,
 	 * but could be anything relevant to the <code>AuthenticationManager</code>. Callers
 	 * are expected to populate the credentials.
-	 *
 	 * @return the credentials that prove the identity of the <code>Principal</code>
 	 */
 	Object getCredentials();
@@ -79,7 +78,6 @@ public interface Authentication extends Principal, Serializable {
 	/**
 	 * Stores additional details about the authentication request. These might be an IP
 	 * address, certificate serial number etc.
-	 *
 	 * @return additional details about the authentication request, or <code>null</code>
 	 * if not used
 	 */
@@ -94,7 +92,6 @@ public interface Authentication extends Principal, Serializable {
 	 * <tt>Authentication</tt> containing richer information as the principal for use by
 	 * the application. Many of the authentication providers will create a
 	 * {@code UserDetails} object as the principal.
-	 *
 	 * @return the <code>Principal</code> being authenticated or the authenticated
 	 * principal after authentication.
 	 */
@@ -114,7 +111,6 @@ public interface Authentication extends Principal, Serializable {
 	 * about returning <code>true</code> from this method unless they are either
 	 * immutable, or have some way of ensuring the properties have not been changed since
 	 * original creation.
-	 *
 	 * @return true if the token has been authenticated and the
 	 * <code>AbstractSecurityInterceptor</code> does not need to present the token to the
 	 * <code>AuthenticationManager</code> again for re-authentication.
@@ -130,14 +126,13 @@ public interface Authentication extends Principal, Serializable {
 	 * an invocation with a <code>true</code> parameter (which would indicate the
 	 * authentication token is trusted - a potential security risk) the implementation
 	 * should throw an {@link IllegalArgumentException}.
-	 *
 	 * @param isAuthenticated <code>true</code> if the token should be trusted (which may
 	 * result in an exception) or <code>false</code> if the token should not be trusted
-	 *
 	 * @throws IllegalArgumentException if an attempt to make the authentication token
 	 * trusted (by passing <code>true</code> as the argument) is rejected due to the
 	 * implementation being immutable or implementing its own alternative approach to
 	 * {@link #isAuthenticated()}
 	 */
 	void setAuthenticated(boolean isAuthenticated) throws IllegalArgumentException;
+
 }
diff --git a/core/src/main/java/org/springframework/security/core/AuthenticationException.java b/core/src/main/java/org/springframework/security/core/AuthenticationException.java
index 0d85b76ef2..1680049188 100644
--- a/core/src/main/java/org/springframework/security/core/AuthenticationException.java
+++ b/core/src/main/java/org/springframework/security/core/AuthenticationException.java
@@ -30,7 +30,6 @@ public abstract class AuthenticationException extends RuntimeException {
 	/**
 	 * Constructs an {@code AuthenticationException} with the specified message and root
 	 * cause.
-	 *
 	 * @param msg the detail message
 	 * @param t the root cause
 	 */
@@ -41,7 +40,6 @@ public abstract class AuthenticationException extends RuntimeException {
 	/**
 	 * Constructs an {@code AuthenticationException} with the specified message and no
 	 * root cause.
-	 *
 	 * @param msg the detail message
 	 */
 	public AuthenticationException(String msg) {
diff --git a/core/src/main/java/org/springframework/security/core/ComparableVersion.java b/core/src/main/java/org/springframework/security/core/ComparableVersion.java
index e5b6f247c2..e34f04b3e4 100644
--- a/core/src/main/java/org/springframework/security/core/ComparableVersion.java
+++ b/core/src/main/java/org/springframework/security/core/ComparableVersion.java
@@ -78,13 +78,14 @@ import java.util.Stack;
  * </ul>
  * </p>
  *
- * @see <a
- * href="https://cwiki.apache.org/confluence/display/MAVENOLD/Versioning">"Versioning" on
- * Maven Wiki</a>
+ * @see <a href=
+ * "https://cwiki.apache.org/confluence/display/MAVENOLD/Versioning">"Versioning" on Maven
+ * Wiki</a>
  * @author <a href="mailto:kenney@apache.org">Kenney Westerhof</a>
  * @author <a href="mailto:hboutemy@apache.org">Hervé Boutemy</a>
  */
 class ComparableVersion implements Comparable<ComparableVersion> {
+
 	private String value;
 
 	private String canonical;
@@ -92,8 +93,11 @@ class ComparableVersion implements Comparable<ComparableVersion> {
 	private ListItem items;
 
 	private interface Item {
+
 		int INTEGER_ITEM = 0;
+
 		int STRING_ITEM = 1;
+
 		int LIST_ITEM = 2;
 
 		int compareTo(Item item);
@@ -101,12 +105,14 @@ class ComparableVersion implements Comparable<ComparableVersion> {
 		int getType();
 
 		boolean isNull();
+
 	}
 
 	/**
 	 * Represents a numeric item in the version item list.
 	 */
 	private static class IntegerItem implements Item {
+
 		private static final BigInteger BigInteger_ZERO = new BigInteger("0");
 
 		private final BigInteger value;
@@ -156,14 +162,15 @@ class ComparableVersion implements Comparable<ComparableVersion> {
 		public String toString() {
 			return value.toString();
 		}
+
 	}
 
 	/**
 	 * Represents a string in the version item list, usually a qualifier.
 	 */
 	private static class StringItem implements Item {
-		private static final String[] QUALIFIERS = { "alpha", "beta", "milestone", "rc",
-				"snapshot", "", "sp" };
+
+		private static final String[] QUALIFIERS = { "alpha", "beta", "milestone", "rc", "snapshot", "", "sp" };
 
 		private static final List<String> _QUALIFIERS = Arrays.asList(QUALIFIERS);
 
@@ -179,8 +186,7 @@ class ComparableVersion implements Comparable<ComparableVersion> {
 		 * determine if a given qualifier makes the version older than one without a
 		 * qualifier, or more recent.
 		 */
-		private static final String RELEASE_VERSION_INDEX = String.valueOf(_QUALIFIERS
-				.indexOf(""));
+		private static final String RELEASE_VERSION_INDEX = String.valueOf(_QUALIFIERS.indexOf(""));
 
 		private String value;
 
@@ -222,7 +228,6 @@ class ComparableVersion implements Comparable<ComparableVersion> {
 		 * if/then/else to check for -1 or QUALIFIERS.size and then resort to lexical
 		 * ordering. Most comparisons are decided by the first character, so this is still
 		 * fast. If more characters are needed then it requires a lexical sort anyway.
-		 *
 		 * @param qualifier
 		 * @return an equivalent value that can be used with lexical comparison
 		 */
@@ -243,8 +248,7 @@ class ComparableVersion implements Comparable<ComparableVersion> {
 				return -1; // 1.any < 1.1 ?
 
 			case STRING_ITEM:
-				return comparableQualifier(value).compareTo(
-						comparableQualifier(((StringItem) item).value));
+				return comparableQualifier(value).compareTo(comparableQualifier(((StringItem) item).value));
 
 			case LIST_ITEM:
 				return -1; // 1.any < 1-1
@@ -258,6 +262,7 @@ class ComparableVersion implements Comparable<ComparableVersion> {
 		public String toString() {
 			return value;
 		}
+
 	}
 
 	/**
@@ -265,6 +270,7 @@ class ComparableVersion implements Comparable<ComparableVersion> {
 	 * and for sub-lists (which start with '-(number)' in the version specification).
 	 */
 	private static class ListItem extends ArrayList<Item> implements Item {
+
 		@Override
 		public int getType() {
 			return LIST_ITEM;
@@ -276,8 +282,7 @@ class ComparableVersion implements Comparable<ComparableVersion> {
 		}
 
 		void normalize() {
-			for (ListIterator<Item> iterator = listIterator(size()); iterator
-					.hasPrevious();) {
+			for (ListIterator<Item> iterator = listIterator(size()); iterator.hasPrevious();) {
 				Item item = iterator.previous();
 				if (item.isNull()) {
 					iterator.remove(); // remove null trailing items: 0, "", empty list
@@ -339,6 +344,7 @@ class ComparableVersion implements Comparable<ComparableVersion> {
 			buffer.append(')');
 			return buffer.toString();
 		}
+
 	}
 
 	ComparableVersion(String version) {
@@ -385,8 +391,7 @@ class ComparableVersion implements Comparable<ComparableVersion> {
 				if (isDigit) {
 					list.normalize(); // 1.0-* = 1-*
 
-					if ((i + 1 < version.length())
-							&& Character.isDigit(version.charAt(i + 1))) {
+					if ((i + 1 < version.length()) && Character.isDigit(version.charAt(i + 1))) {
 						// new ListItem only if previous were digits and new char is a
 						// digit,
 						// ie need to differentiate only 1.1 from 1-1
@@ -442,12 +447,12 @@ class ComparableVersion implements Comparable<ComparableVersion> {
 
 	@Override
 	public boolean equals(Object o) {
-		return (o instanceof ComparableVersion)
-				&& canonical.equals(((ComparableVersion) o).canonical);
+		return (o instanceof ComparableVersion) && canonical.equals(((ComparableVersion) o).canonical);
 	}
 
 	@Override
 	public int hashCode() {
 		return canonical.hashCode();
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/core/CredentialsContainer.java b/core/src/main/java/org/springframework/security/core/CredentialsContainer.java
index 5dc1b520cf..d36bae8aeb 100644
--- a/core/src/main/java/org/springframework/security/core/CredentialsContainer.java
+++ b/core/src/main/java/org/springframework/security/core/CredentialsContainer.java
@@ -29,5 +29,7 @@ package org.springframework.security.core;
  * @since 3.0.3
  */
 public interface CredentialsContainer {
+
 	void eraseCredentials();
+
 }
diff --git a/core/src/main/java/org/springframework/security/core/GrantedAuthority.java b/core/src/main/java/org/springframework/security/core/GrantedAuthority.java
index 7e29789fbe..52e0d23326 100644
--- a/core/src/main/java/org/springframework/security/core/GrantedAuthority.java
+++ b/core/src/main/java/org/springframework/security/core/GrantedAuthority.java
@@ -30,6 +30,7 @@ import org.springframework.security.access.AccessDecisionManager;
  * @author Ben Alex
  */
 public interface GrantedAuthority extends Serializable {
+
 	// ~ Methods
 	// ========================================================================================================
 
@@ -44,10 +45,10 @@ public interface GrantedAuthority extends Serializable {
 	 * <code>null</code> will require an <code>AccessDecisionManager</code> (or delegate)
 	 * to specifically support the <code>GrantedAuthority</code> implementation, so
 	 * returning <code>null</code> should be avoided unless actually required.
-	 *
 	 * @return a representation of the granted authority (or <code>null</code> if the
 	 * granted authority cannot be expressed as a <code>String</code> with sufficient
 	 * precision).
 	 */
 	String getAuthority();
+
 }
diff --git a/core/src/main/java/org/springframework/security/core/SpringSecurityCoreVersion.java b/core/src/main/java/org/springframework/security/core/SpringSecurityCoreVersion.java
index 89b47d111f..b2252bb08d 100644
--- a/core/src/main/java/org/springframework/security/core/SpringSecurityCoreVersion.java
+++ b/core/src/main/java/org/springframework/security/core/SpringSecurityCoreVersion.java
@@ -30,8 +30,8 @@ import java.util.Properties;
  * @author Rob Winch
  */
 public class SpringSecurityCoreVersion {
-	private static final String DISABLE_CHECKS = SpringSecurityCoreVersion.class.getName()
-			.concat(".DISABLE_CHECKS");
+
+	private static final String DISABLE_CHECKS = SpringSecurityCoreVersion.class.getName().concat(".DISABLE_CHECKS");
 
 	private static final Log logger = LogFactory.getLog(SpringSecurityCoreVersion.class);
 
@@ -63,7 +63,6 @@ public class SpringSecurityCoreVersion {
 
 	/**
 	 * Perform version checks with specific min Spring Version
-	 *
 	 * @param minSpringVersion
 	 */
 	private static void performVersionChecks(String minSpringVersion) {
@@ -79,8 +78,7 @@ public class SpringSecurityCoreVersion {
 		}
 
 		logger.info("You are running with Spring Security Core " + version);
-		if (new ComparableVersion(springVersion)
-				.compareTo(new ComparableVersion(minSpringVersion)) < 0) {
+		if (new ComparableVersion(springVersion).compareTo(new ComparableVersion(minSpringVersion)) < 0) {
 			logger.warn("**** You are advised to use Spring " + minSpringVersion
 					+ " or later with this version. You are running: " + springVersion);
 		}
@@ -89,13 +87,11 @@ public class SpringSecurityCoreVersion {
 	/**
 	 * Disable if springVersion and springSecurityVersion are the same to allow working
 	 * with Uber Jars.
-	 *
 	 * @param springVersion
 	 * @param springSecurityVersion
 	 * @return
 	 */
-	private static boolean disableChecks(String springVersion,
-			String springSecurityVersion) {
+	private static boolean disableChecks(String springVersion, String springSecurityVersion) {
 		if (springVersion == null || springVersion.equals(springSecurityVersion)) {
 			return true;
 		}
@@ -109,10 +105,13 @@ public class SpringSecurityCoreVersion {
 	private static String getSpringVersion() {
 		Properties properties = new Properties();
 		try {
-			properties.load(SpringSecurityCoreVersion.class.getClassLoader().getResourceAsStream("META-INF/spring-security.versions"));
-		} catch (IOException | NullPointerException e) {
+			properties.load(SpringSecurityCoreVersion.class.getClassLoader()
+					.getResourceAsStream("META-INF/spring-security.versions"));
+		}
+		catch (IOException | NullPointerException e) {
 			return null;
 		}
 		return properties.getProperty("org.springframework:spring-core");
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/core/SpringSecurityMessageSource.java b/core/src/main/java/org/springframework/security/core/SpringSecurityMessageSource.java
index 74959b6eee..73d65df288 100644
--- a/core/src/main/java/org/springframework/security/core/SpringSecurityMessageSource.java
+++ b/core/src/main/java/org/springframework/security/core/SpringSecurityMessageSource.java
@@ -32,6 +32,7 @@ import org.springframework.context.support.ResourceBundleMessageSource;
  * @author Ben Alex
  */
 public class SpringSecurityMessageSource extends ResourceBundleMessageSource {
+
 	// ~ Constructors
 	// ===================================================================================================
 
@@ -45,4 +46,5 @@ public class SpringSecurityMessageSource extends ResourceBundleMessageSource {
 	public static MessageSourceAccessor getAccessor() {
 		return new MessageSourceAccessor(new SpringSecurityMessageSource());
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/core/Transient.java b/core/src/main/java/org/springframework/security/core/Transient.java
index b5bb566e7f..a3d8d749a3 100644
--- a/core/src/main/java/org/springframework/security/core/Transient.java
+++ b/core/src/main/java/org/springframework/security/core/Transient.java
@@ -24,15 +24,16 @@ import java.lang.annotation.RetentionPolicy;
 import java.lang.annotation.Target;
 
 /**
- * A marker for {@link Authentication}s that should never be stored across requests, for example
- * a bearer token authentication
+ * A marker for {@link Authentication}s that should never be stored across requests, for
+ * example a bearer token authentication
  *
  * @author Josh Cummings
  * @since 5.1
  */
-@Target({ElementType.TYPE, ElementType.ANNOTATION_TYPE})
+@Target({ ElementType.TYPE, ElementType.ANNOTATION_TYPE })
 @Retention(RetentionPolicy.RUNTIME)
 @Inherited
 @Documented
 public @interface Transient {
+
 }
diff --git a/core/src/main/java/org/springframework/security/core/annotation/AuthenticationPrincipal.java b/core/src/main/java/org/springframework/security/core/annotation/AuthenticationPrincipal.java
index f75f2bfd28..aa0cbfcef3 100644
--- a/core/src/main/java/org/springframework/security/core/annotation/AuthenticationPrincipal.java
+++ b/core/src/main/java/org/springframework/security/core/annotation/AuthenticationPrincipal.java
@@ -42,7 +42,6 @@ public @interface AuthenticationPrincipal {
 	/**
 	 * True if a {@link ClassCastException} should be thrown when the current
 	 * {@link Authentication#getPrincipal()} is the incorrect type. Default is false.
-	 *
 	 * @return
 	 */
 	boolean errorOnInvalidType() default false;
@@ -71,8 +70,8 @@ public @interface AuthenticationPrincipal {
 	 * <pre>
 	 * &#64;AuthenticationPrincipal(expression = "customUser")
 	 * </pre>
-	 *
 	 * @return the expression to use.
 	 */
 	String expression() default "";
+
 }
diff --git a/core/src/main/java/org/springframework/security/core/annotation/CurrentSecurityContext.java b/core/src/main/java/org/springframework/security/core/annotation/CurrentSecurityContext.java
index c32adb405c..77a5ccb223 100644
--- a/core/src/main/java/org/springframework/security/core/annotation/CurrentSecurityContext.java
+++ b/core/src/main/java/org/springframework/security/core/annotation/CurrentSecurityContext.java
@@ -22,8 +22,8 @@ import java.lang.annotation.RetentionPolicy;
 import java.lang.annotation.Target;
 
 /**
- * Annotation that is used to resolve the {@link org.springframework.security.core.context.SecurityContext} as a method
- * argument.
+ * Annotation that is used to resolve the
+ * {@link org.springframework.security.core.context.SecurityContext} as a method argument.
  *
  * @author Dan Zheng
  * @since 5.2
@@ -44,26 +44,27 @@ import java.lang.annotation.Target;
 @Retention(RetentionPolicy.RUNTIME)
 @Documented
 public @interface CurrentSecurityContext {
+
 	/**
 	 * True if a {@link ClassCastException} should be thrown when the current
-	 * {@link org.springframework.security.core.context.SecurityContext} is the incorrect type. Default is false.
-	 *
+	 * {@link org.springframework.security.core.context.SecurityContext} is the incorrect
+	 * type. Default is false.
 	 * @return whether or not to error on an invalid type
 	 */
 	boolean errorOnInvalidType() default false;
 
 	/**
-	 * If specified, will use the provided SpEL expression to resolve the security context. This
-	 * is convenient if applications need to transform the result.
+	 * If specified, will use the provided SpEL expression to resolve the security
+	 * context. This is convenient if applications need to transform the result.
 	 *
-	 * For example, if an application needs to extract its custom {@code Authentication} implementation,
-	 * then it could specify the appropriate SpEL like so:
+	 * For example, if an application needs to extract its custom {@code Authentication}
+	 * implementation, then it could specify the appropriate SpEL like so:
 	 *
 	 * <pre>
 	 * &#64;CurrentSecurityContext(expression = "authentication") CustomAuthentication authentication
 	 * </pre>
-	 *
 	 * @return the expression to use
 	 */
 	String expression() default "";
+
 }
diff --git a/core/src/main/java/org/springframework/security/core/authority/AuthorityUtils.java b/core/src/main/java/org/springframework/security/core/authority/AuthorityUtils.java
index df67a2aba1..9dac63b949 100644
--- a/core/src/main/java/org/springframework/security/core/authority/AuthorityUtils.java
+++ b/core/src/main/java/org/springframework/security/core/authority/AuthorityUtils.java
@@ -34,19 +34,17 @@ import org.springframework.util.Assert;
  * @author Luke Taylor
  */
 public abstract class AuthorityUtils {
+
 	public static final List<GrantedAuthority> NO_AUTHORITIES = Collections.emptyList();
 
 	/**
 	 * Creates a array of GrantedAuthority objects from a comma-separated string
 	 * representation (e.g. "ROLE_A, ROLE_B, ROLE_C").
-	 *
 	 * @param authorityString the comma-separated string
 	 * @return the authorities created by tokenizing the string
 	 */
-	public static List<GrantedAuthority> commaSeparatedStringToAuthorityList(
-			String authorityString) {
-		return createAuthorityList(StringUtils
-				.tokenizeToStringArray(authorityString, ","));
+	public static List<GrantedAuthority> commaSeparatedStringToAuthorityList(String authorityString) {
+		return createAuthorityList(StringUtils.tokenizeToStringArray(authorityString, ","));
 	}
 
 	/**
@@ -54,8 +52,7 @@ public abstract class AuthorityUtils {
 	 * @return a Set of the Strings obtained from each call to
 	 * GrantedAuthority.getAuthority()
 	 */
-	public static Set<String> authorityListToSet(
-			Collection<? extends GrantedAuthority> userAuthorities) {
+	public static Set<String> authorityListToSet(Collection<? extends GrantedAuthority> userAuthorities) {
 		Assert.notNull(userAuthorities, "userAuthorities cannot be null");
 		Set<String> set = new HashSet<>(userAuthorities.size());
 
@@ -68,7 +65,6 @@ public abstract class AuthorityUtils {
 
 	/**
 	 * Converts authorities into a List of GrantedAuthority objects.
-	 *
 	 * @param authorities the authorities to convert
 	 * @return a List of GrantedAuthority objects
 	 */
@@ -81,4 +77,5 @@ public abstract class AuthorityUtils {
 
 		return grantedAuthorities;
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/core/authority/GrantedAuthoritiesContainer.java b/core/src/main/java/org/springframework/security/core/authority/GrantedAuthoritiesContainer.java
index 5564316755..1c7c00eb70 100644
--- a/core/src/main/java/org/springframework/security/core/authority/GrantedAuthoritiesContainer.java
+++ b/core/src/main/java/org/springframework/security/core/authority/GrantedAuthoritiesContainer.java
@@ -31,5 +31,7 @@ import org.springframework.security.core.GrantedAuthority;
  * @since 2.0
  */
 public interface GrantedAuthoritiesContainer extends Serializable {
+
 	Collection<? extends GrantedAuthority> getGrantedAuthorities();
+
 }
diff --git a/core/src/main/java/org/springframework/security/core/authority/SimpleGrantedAuthority.java b/core/src/main/java/org/springframework/security/core/authority/SimpleGrantedAuthority.java
index 21e2803e2e..e2081c0af4 100644
--- a/core/src/main/java/org/springframework/security/core/authority/SimpleGrantedAuthority.java
+++ b/core/src/main/java/org/springframework/security/core/authority/SimpleGrantedAuthority.java
@@ -66,4 +66,5 @@ public final class SimpleGrantedAuthority implements GrantedAuthority {
 	public String toString() {
 		return this.role;
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/core/authority/mapping/Attributes2GrantedAuthoritiesMapper.java b/core/src/main/java/org/springframework/security/core/authority/mapping/Attributes2GrantedAuthoritiesMapper.java
index a375df225d..85b471cf00 100755
--- a/core/src/main/java/org/springframework/security/core/authority/mapping/Attributes2GrantedAuthoritiesMapper.java
+++ b/core/src/main/java/org/springframework/security/core/authority/mapping/Attributes2GrantedAuthoritiesMapper.java
@@ -27,16 +27,16 @@ import org.springframework.security.core.GrantedAuthority;
  * @since 2.0
  */
 public interface Attributes2GrantedAuthoritiesMapper {
+
 	/**
 	 * Implementations of this method should map the given collection of attributes to a
 	 * collection of Spring Security GrantedAuthorities. There are no restrictions for the
 	 * mapping process; a single attribute can be mapped to multiple Spring Security
 	 * GrantedAuthorities, all attributes can be mapped to a single Spring Security
 	 * {@code GrantedAuthority}, some attributes may not be mapped, etc.
-	 *
 	 * @param attributes the attributes to be mapped
 	 * @return the collection of authorities created from the attributes
 	 */
-	Collection<? extends GrantedAuthority> getGrantedAuthorities(
-			Collection<String> attributes);
+	Collection<? extends GrantedAuthority> getGrantedAuthorities(Collection<String> attributes);
+
 }
diff --git a/core/src/main/java/org/springframework/security/core/authority/mapping/GrantedAuthoritiesMapper.java b/core/src/main/java/org/springframework/security/core/authority/mapping/GrantedAuthoritiesMapper.java
index 99aa7e340e..61ba162fbd 100644
--- a/core/src/main/java/org/springframework/security/core/authority/mapping/GrantedAuthoritiesMapper.java
+++ b/core/src/main/java/org/springframework/security/core/authority/mapping/GrantedAuthoritiesMapper.java
@@ -27,6 +27,7 @@ import java.util.*;
  * @author Luke Taylor
  */
 public interface GrantedAuthoritiesMapper {
-	Collection<? extends GrantedAuthority> mapAuthorities(
-			Collection<? extends GrantedAuthority> authorities);
+
+	Collection<? extends GrantedAuthority> mapAuthorities(Collection<? extends GrantedAuthority> authorities);
+
 }
diff --git a/core/src/main/java/org/springframework/security/core/authority/mapping/MapBasedAttributes2GrantedAuthoritiesMapper.java b/core/src/main/java/org/springframework/security/core/authority/mapping/MapBasedAttributes2GrantedAuthoritiesMapper.java
index dd3eb7e0cf..c24231f347 100755
--- a/core/src/main/java/org/springframework/security/core/authority/mapping/MapBasedAttributes2GrantedAuthoritiesMapper.java
+++ b/core/src/main/java/org/springframework/security/core/authority/mapping/MapBasedAttributes2GrantedAuthoritiesMapper.java
@@ -31,16 +31,17 @@ import org.springframework.util.StringUtils;
  *
  * @author Ruud Senden
  */
-public class MapBasedAttributes2GrantedAuthoritiesMapper implements
-		Attributes2GrantedAuthoritiesMapper, MappableAttributesRetriever,
-		InitializingBean {
+public class MapBasedAttributes2GrantedAuthoritiesMapper
+		implements Attributes2GrantedAuthoritiesMapper, MappableAttributesRetriever, InitializingBean {
+
 	private Map<String, Collection<GrantedAuthority>> attributes2grantedAuthoritiesMap = null;
+
 	private String stringSeparator = ",";
+
 	private Set<String> mappableAttributes = null;
 
 	public void afterPropertiesSet() {
-		Assert.notNull(attributes2grantedAuthoritiesMap,
-				"attributes2grantedAuthoritiesMap must be set");
+		Assert.notNull(attributes2grantedAuthoritiesMap, "attributes2grantedAuthoritiesMap must be set");
 	}
 
 	/**
@@ -49,8 +50,7 @@ public class MapBasedAttributes2GrantedAuthoritiesMapper implements
 	public List<GrantedAuthority> getGrantedAuthorities(Collection<String> attributes) {
 		ArrayList<GrantedAuthority> gaList = new ArrayList<>();
 		for (String attribute : attributes) {
-			Collection<GrantedAuthority> c = attributes2grantedAuthoritiesMap
-					.get(attribute);
+			Collection<GrantedAuthority> c = attributes2grantedAuthoritiesMap.get(attribute);
 			if (c != null) {
 				gaList.addAll(c);
 			}
@@ -71,38 +71,32 @@ public class MapBasedAttributes2GrantedAuthoritiesMapper implements
 	 * @param attributes2grantedAuthoritiesMap The attributes2grantedAuthoritiesMap to
 	 * set.
 	 */
-	public void setAttributes2grantedAuthoritiesMap(
-			final Map<?, ?> attributes2grantedAuthoritiesMap) {
+	public void setAttributes2grantedAuthoritiesMap(final Map<?, ?> attributes2grantedAuthoritiesMap) {
 		Assert.notEmpty(attributes2grantedAuthoritiesMap,
 				"A non-empty attributes2grantedAuthoritiesMap must be supplied");
 		this.attributes2grantedAuthoritiesMap = preProcessMap(attributes2grantedAuthoritiesMap);
 
-		mappableAttributes = Collections
-				.unmodifiableSet(this.attributes2grantedAuthoritiesMap.keySet());
+		mappableAttributes = Collections.unmodifiableSet(this.attributes2grantedAuthoritiesMap.keySet());
 	}
 
 	/**
 	 * Preprocess the given map to convert all the values to GrantedAuthority collections
-	 *
 	 * @param orgMap The map to process
 	 * @return the processed Map
 	 */
 	private Map<String, Collection<GrantedAuthority>> preProcessMap(Map<?, ?> orgMap) {
-		Map<String, Collection<GrantedAuthority>> result = new HashMap<>(
-				orgMap.size());
+		Map<String, Collection<GrantedAuthority>> result = new HashMap<>(orgMap.size());
 
 		for (Map.Entry<?, ?> entry : orgMap.entrySet()) {
 			Assert.isInstanceOf(String.class, entry.getKey(),
 					"attributes2grantedAuthoritiesMap contains non-String objects as keys");
-			result.put((String) entry.getKey(),
-					getGrantedAuthorityCollection(entry.getValue()));
+			result.put((String) entry.getKey(), getGrantedAuthorityCollection(entry.getValue()));
 		}
 		return result;
 	}
 
 	/**
 	 * Convert the given value to a collection of Granted Authorities
-	 *
 	 * @param value The value to convert to a GrantedAuthority Collection
 	 * @return Collection containing the GrantedAuthority Collection
 	 */
@@ -115,12 +109,10 @@ public class MapBasedAttributes2GrantedAuthoritiesMapper implements
 	/**
 	 * Convert the given value to a collection of Granted Authorities, adding the result
 	 * to the given result collection.
-	 *
 	 * @param value The value to convert to a GrantedAuthority Collection
 	 * @return Collection containing the GrantedAuthority Collection
 	 */
-	private void addGrantedAuthorityCollection(Collection<GrantedAuthority> result,
-			Object value) {
+	private void addGrantedAuthorityCollection(Collection<GrantedAuthority> result, Object value) {
 		if (value == null) {
 			return;
 		}
@@ -137,27 +129,23 @@ public class MapBasedAttributes2GrantedAuthoritiesMapper implements
 			result.add((GrantedAuthority) value);
 		}
 		else {
-			throw new IllegalArgumentException("Invalid object type: "
-					+ value.getClass().getName());
+			throw new IllegalArgumentException("Invalid object type: " + value.getClass().getName());
 		}
 	}
 
-	private void addGrantedAuthorityCollection(Collection<GrantedAuthority> result,
-			Collection<?> value) {
+	private void addGrantedAuthorityCollection(Collection<GrantedAuthority> result, Collection<?> value) {
 		for (Object elt : value) {
 			addGrantedAuthorityCollection(result, elt);
 		}
 	}
 
-	private void addGrantedAuthorityCollection(Collection<GrantedAuthority> result,
-			Object[] value) {
+	private void addGrantedAuthorityCollection(Collection<GrantedAuthority> result, Object[] value) {
 		for (Object aValue : value) {
 			addGrantedAuthorityCollection(result, aValue);
 		}
 	}
 
-	private void addGrantedAuthorityCollection(Collection<GrantedAuthority> result,
-			String value) {
+	private void addGrantedAuthorityCollection(Collection<GrantedAuthority> result, String value) {
 		StringTokenizer st = new StringTokenizer(value, stringSeparator, false);
 		while (st.hasMoreTokens()) {
 			String nextToken = st.nextToken();
diff --git a/core/src/main/java/org/springframework/security/core/authority/mapping/MappableAttributesRetriever.java b/core/src/main/java/org/springframework/security/core/authority/mapping/MappableAttributesRetriever.java
index 67fd1d0374..f9f646182c 100755
--- a/core/src/main/java/org/springframework/security/core/authority/mapping/MappableAttributesRetriever.java
+++ b/core/src/main/java/org/springframework/security/core/authority/mapping/MappableAttributesRetriever.java
@@ -26,11 +26,12 @@ import java.util.Set;
  * @since 2.0
  */
 public interface MappableAttributesRetriever {
+
 	/**
 	 * Implementations of this method should return a set of all string attributes which
 	 * can be mapped to <tt>GrantedAuthority</tt>s.
-	 *
 	 * @return set of all mappable roles
 	 */
 	Set<String> getMappableAttributes();
+
 }
diff --git a/core/src/main/java/org/springframework/security/core/authority/mapping/NullAuthoritiesMapper.java b/core/src/main/java/org/springframework/security/core/authority/mapping/NullAuthoritiesMapper.java
index dd22a1e649..05c971b775 100644
--- a/core/src/main/java/org/springframework/security/core/authority/mapping/NullAuthoritiesMapper.java
+++ b/core/src/main/java/org/springframework/security/core/authority/mapping/NullAuthoritiesMapper.java
@@ -23,8 +23,9 @@ import java.util.*;
  * @author Luke Taylor
  */
 public class NullAuthoritiesMapper implements GrantedAuthoritiesMapper {
-	public Collection<? extends GrantedAuthority> mapAuthorities(
-			Collection<? extends GrantedAuthority> authorities) {
+
+	public Collection<? extends GrantedAuthority> mapAuthorities(Collection<? extends GrantedAuthority> authorities) {
 		return authorities;
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/core/authority/mapping/SimpleAttributes2GrantedAuthoritiesMapper.java b/core/src/main/java/org/springframework/security/core/authority/mapping/SimpleAttributes2GrantedAuthoritiesMapper.java
index b3c0a92109..9d1eec38af 100755
--- a/core/src/main/java/org/springframework/security/core/authority/mapping/SimpleAttributes2GrantedAuthoritiesMapper.java
+++ b/core/src/main/java/org/springframework/security/core/authority/mapping/SimpleAttributes2GrantedAuthoritiesMapper.java
@@ -38,8 +38,9 @@ import org.springframework.util.Assert;
  * @author Ruud Senden
  * @since 2.0
  */
-public class SimpleAttributes2GrantedAuthoritiesMapper implements
-		Attributes2GrantedAuthoritiesMapper, InitializingBean {
+public class SimpleAttributes2GrantedAuthoritiesMapper
+		implements Attributes2GrantedAuthoritiesMapper, InitializingBean {
+
 	private String attributePrefix = "ROLE_";
 
 	private boolean convertAttributeToUpperCase = false;
@@ -52,8 +53,7 @@ public class SimpleAttributes2GrantedAuthoritiesMapper implements
 	 * Check whether all properties have been set to correct values.
 	 */
 	public void afterPropertiesSet() {
-		Assert.isTrue(
-				!(isConvertAttributeToUpperCase() && isConvertAttributeToLowerCase()),
+		Assert.isTrue(!(isConvertAttributeToUpperCase() && isConvertAttributeToLowerCase()),
 				"Either convertAttributeToUpperCase or convertAttributeToLowerCase can be set to true, but not both");
 	}
 
@@ -72,7 +72,6 @@ public class SimpleAttributes2GrantedAuthoritiesMapper implements
 	/**
 	 * Map the given role one-on-one to a Spring Security GrantedAuthority, optionally
 	 * doing case conversion and/or adding a prefix.
-	 *
 	 * @param attribute The attribute for which to get a GrantedAuthority
 	 * @return GrantedAuthority representing the given role.
 	 */
diff --git a/core/src/main/java/org/springframework/security/core/authority/mapping/SimpleAuthorityMapper.java b/core/src/main/java/org/springframework/security/core/authority/mapping/SimpleAuthorityMapper.java
index b381d8fcb9..3615b7e606 100644
--- a/core/src/main/java/org/springframework/security/core/authority/mapping/SimpleAuthorityMapper.java
+++ b/core/src/main/java/org/springframework/security/core/authority/mapping/SimpleAuthorityMapper.java
@@ -30,11 +30,14 @@ import java.util.*;
  * @author Luke Taylor
  * @since 3.1
  */
-public final class SimpleAuthorityMapper implements GrantedAuthoritiesMapper,
-		InitializingBean {
+public final class SimpleAuthorityMapper implements GrantedAuthoritiesMapper, InitializingBean {
+
 	private GrantedAuthority defaultAuthority;
+
 	private String prefix = "ROLE_";
+
 	private boolean convertToUpperCase = false;
+
 	private boolean convertToLowerCase = false;
 
 	public void afterPropertiesSet() {
@@ -47,15 +50,11 @@ public final class SimpleAuthorityMapper implements GrantedAuthoritiesMapper,
 	 * prefix settings. The mapping will be one-to-one unless duplicates are produced
 	 * during the conversion. If a default authority has been set, this will also be
 	 * assigned to each mapping.
-	 *
 	 * @param authorities the original authorities
-	 *
 	 * @return the converted set of authorities
 	 */
-	public Set<GrantedAuthority> mapAuthorities(
-			Collection<? extends GrantedAuthority> authorities) {
-		HashSet<GrantedAuthority> mapped = new HashSet<>(
-				authorities.size());
+	public Set<GrantedAuthority> mapAuthorities(Collection<? extends GrantedAuthority> authorities) {
+		HashSet<GrantedAuthority> mapped = new HashSet<>(authorities.size());
 		for (GrantedAuthority authority : authorities) {
 			mapped.add(mapAuthority(authority.getAuthority()));
 		}
@@ -85,7 +84,6 @@ public final class SimpleAuthorityMapper implements GrantedAuthoritiesMapper,
 	/**
 	 * Sets the prefix which should be added to the authority name (if it doesn't already
 	 * exist)
-	 *
 	 * @param prefix the prefix, typically to satisfy the behaviour of an
 	 * {@code AccessDecisionVoter}.
 	 */
@@ -96,7 +94,6 @@ public final class SimpleAuthorityMapper implements GrantedAuthoritiesMapper,
 
 	/**
 	 * Whether to convert the authority value to upper case in the mapping.
-	 *
 	 * @param convertToUpperCase defaults to {@code false}
 	 */
 	public void setConvertToUpperCase(boolean convertToUpperCase) {
@@ -105,7 +102,6 @@ public final class SimpleAuthorityMapper implements GrantedAuthoritiesMapper,
 
 	/**
 	 * Whether to convert the authority value to lower case in the mapping.
-	 *
 	 * @param convertToLowerCase defaults to {@code false}
 	 */
 	public void setConvertToLowerCase(boolean convertToLowerCase) {
@@ -114,11 +110,11 @@ public final class SimpleAuthorityMapper implements GrantedAuthoritiesMapper,
 
 	/**
 	 * Sets a default authority to be assigned to all users
-	 *
 	 * @param authority the name of the authority to be assigned to all users.
 	 */
 	public void setDefaultAuthority(String authority) {
 		Assert.hasText(authority, "The authority name cannot be set to an empty value");
 		this.defaultAuthority = new SimpleGrantedAuthority(authority);
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/core/authority/mapping/SimpleMappableAttributesRetriever.java b/core/src/main/java/org/springframework/security/core/authority/mapping/SimpleMappableAttributesRetriever.java
index 0ce561150e..d66e484837 100755
--- a/core/src/main/java/org/springframework/security/core/authority/mapping/SimpleMappableAttributesRetriever.java
+++ b/core/src/main/java/org/springframework/security/core/authority/mapping/SimpleMappableAttributesRetriever.java
@@ -27,6 +27,7 @@ import java.util.Set;
  * @since 2.0
  */
 public class SimpleMappableAttributesRetriever implements MappableAttributesRetriever {
+
 	private Set<String> mappableAttributes = null;
 
 	/*
diff --git a/core/src/main/java/org/springframework/security/core/authority/mapping/package-info.java b/core/src/main/java/org/springframework/security/core/authority/mapping/package-info.java
index f52d4bf459..c2bacb6ba3 100644
--- a/core/src/main/java/org/springframework/security/core/authority/mapping/package-info.java
+++ b/core/src/main/java/org/springframework/security/core/authority/mapping/package-info.java
@@ -17,8 +17,7 @@
  * Strategies for mapping a list of attributes (such as roles or LDAP groups) to a list of
  * {@code GrantedAuthority}s.
  * <p>
- * Provides a layer of indirection between a security data repository and the logical authorities
- * required within an application.
+ * Provides a layer of indirection between a security data repository and the logical
+ * authorities required within an application.
  */
 package org.springframework.security.core.authority.mapping;
-
diff --git a/core/src/main/java/org/springframework/security/core/authority/package-info.java b/core/src/main/java/org/springframework/security/core/authority/package-info.java
index 3d3822993d..c4356efc30 100644
--- a/core/src/main/java/org/springframework/security/core/authority/package-info.java
+++ b/core/src/main/java/org/springframework/security/core/authority/package-info.java
@@ -17,4 +17,3 @@
  * The default implementation of the {@code GrantedAuthority} interface.
  */
 package org.springframework.security.core.authority;
-
diff --git a/core/src/main/java/org/springframework/security/core/context/GlobalSecurityContextHolderStrategy.java b/core/src/main/java/org/springframework/security/core/context/GlobalSecurityContextHolderStrategy.java
index 18ae5a2828..218fa5cd5e 100644
--- a/core/src/main/java/org/springframework/security/core/context/GlobalSecurityContextHolderStrategy.java
+++ b/core/src/main/java/org/springframework/security/core/context/GlobalSecurityContextHolderStrategy.java
@@ -28,6 +28,7 @@ import org.springframework.util.Assert;
  * @author Ben Alex
  */
 final class GlobalSecurityContextHolderStrategy implements SecurityContextHolderStrategy {
+
 	// ~ Static fields/initializers
 	// =====================================================================================
 
@@ -56,4 +57,5 @@ final class GlobalSecurityContextHolderStrategy implements SecurityContextHolder
 	public SecurityContext createEmptyContext() {
 		return new SecurityContextImpl();
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/core/context/InheritableThreadLocalSecurityContextHolderStrategy.java b/core/src/main/java/org/springframework/security/core/context/InheritableThreadLocalSecurityContextHolderStrategy.java
index 5e9d5e395d..73e8237593 100644
--- a/core/src/main/java/org/springframework/security/core/context/InheritableThreadLocalSecurityContextHolderStrategy.java
+++ b/core/src/main/java/org/springframework/security/core/context/InheritableThreadLocalSecurityContextHolderStrategy.java
@@ -23,11 +23,10 @@ import org.springframework.util.Assert;
  * {@link org.springframework.security.core.context.SecurityContextHolderStrategy}.
  *
  * @author Ben Alex
- *
  * @see java.lang.ThreadLocal
  */
-final class InheritableThreadLocalSecurityContextHolderStrategy implements
-		SecurityContextHolderStrategy {
+final class InheritableThreadLocalSecurityContextHolderStrategy implements SecurityContextHolderStrategy {
+
 	// ~ Static fields/initializers
 	// =====================================================================================
 
@@ -59,4 +58,5 @@ final class InheritableThreadLocalSecurityContextHolderStrategy implements
 	public SecurityContext createEmptyContext() {
 		return new SecurityContextImpl();
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/core/context/ReactiveSecurityContextHolder.java b/core/src/main/java/org/springframework/security/core/context/ReactiveSecurityContextHolder.java
index e6ed84ae2c..fc5e0dca2e 100644
--- a/core/src/main/java/org/springframework/security/core/context/ReactiveSecurityContextHolder.java
+++ b/core/src/main/java/org/springframework/security/core/context/ReactiveSecurityContextHolder.java
@@ -16,7 +16,6 @@
 
 package org.springframework.security.core.context;
 
-
 import org.springframework.security.core.Authentication;
 import reactor.core.publisher.Mono;
 import reactor.util.context.Context;
@@ -30,6 +29,7 @@ import java.util.function.Function;
  * @since 5.0
  */
 public class ReactiveSecurityContextHolder {
+
 	private static final Class<?> SECURITY_CONTEXT_KEY = SecurityContext.class;
 
 	/**
@@ -37,9 +37,8 @@ public class ReactiveSecurityContextHolder {
 	 * @return the {@code Mono<SecurityContext>}
 	 */
 	public static Mono<SecurityContext> getContext() {
-		return Mono.subscriberContext()
-			.filter( c -> c.hasKey(SECURITY_CONTEXT_KEY))
-			.flatMap( c-> c.<Mono<SecurityContext>>get(SECURITY_CONTEXT_KEY));
+		return Mono.subscriberContext().filter(c -> c.hasKey(SECURITY_CONTEXT_KEY))
+				.flatMap(c -> c.<Mono<SecurityContext>>get(SECURITY_CONTEXT_KEY));
 	}
 
 	/**
@@ -70,4 +69,5 @@ public class ReactiveSecurityContextHolder {
 	public static Context withAuthentication(Authentication authentication) {
 		return withSecurityContext(Mono.just(new SecurityContextImpl(authentication)));
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/core/context/SecurityContext.java b/core/src/main/java/org/springframework/security/core/context/SecurityContext.java
index 1fd92790cc..6c00eb373a 100644
--- a/core/src/main/java/org/springframework/security/core/context/SecurityContext.java
+++ b/core/src/main/java/org/springframework/security/core/context/SecurityContext.java
@@ -31,12 +31,12 @@ import java.io.Serializable;
  * @author Ben Alex
  */
 public interface SecurityContext extends Serializable {
+
 	// ~ Methods
 	// ========================================================================================================
 
 	/**
 	 * Obtains the currently authenticated principal, or an authentication request token.
-	 *
 	 * @return the <code>Authentication</code> or <code>null</code> if no authentication
 	 * information is available
 	 */
@@ -45,9 +45,9 @@ public interface SecurityContext extends Serializable {
 	/**
 	 * Changes the currently authenticated principal, or removes the authentication
 	 * information.
-	 *
 	 * @param authentication the new <code>Authentication</code> token, or
 	 * <code>null</code> if no further authentication information should be stored
 	 */
 	void setAuthentication(Authentication authentication);
+
 }
diff --git a/core/src/main/java/org/springframework/security/core/context/SecurityContextHolder.java b/core/src/main/java/org/springframework/security/core/context/SecurityContextHolder.java
index 61c4231c35..edf187589f 100644
--- a/core/src/main/java/org/springframework/security/core/context/SecurityContextHolder.java
+++ b/core/src/main/java/org/springframework/security/core/context/SecurityContextHolder.java
@@ -48,15 +48,22 @@ import java.lang.reflect.Constructor;
  *
  */
 public class SecurityContextHolder {
+
 	// ~ Static fields/initializers
 	// =====================================================================================
 
 	public static final String MODE_THREADLOCAL = "MODE_THREADLOCAL";
+
 	public static final String MODE_INHERITABLETHREADLOCAL = "MODE_INHERITABLETHREADLOCAL";
+
 	public static final String MODE_GLOBAL = "MODE_GLOBAL";
+
 	public static final String SYSTEM_PROPERTY = "spring.security.strategy";
+
 	private static String strategyName = System.getProperty(SYSTEM_PROPERTY);
+
 	private static SecurityContextHolderStrategy strategy;
+
 	private static int initializeCount = 0;
 
 	static {
@@ -75,7 +82,6 @@ public class SecurityContextHolder {
 
 	/**
 	 * Obtain the current <code>SecurityContext</code>.
-	 *
 	 * @return the security context (never <code>null</code>)
 	 */
 	public static SecurityContext getContext() {
@@ -85,7 +91,6 @@ public class SecurityContextHolder {
 	/**
 	 * Primarily for troubleshooting purposes, this method shows how many times the class
 	 * has re-initialized its <code>SecurityContextHolderStrategy</code>.
-	 *
 	 * @return the count (should be one unless you've called
 	 * {@link #setStrategyName(String)} to switch to an alternate strategy.
 	 */
@@ -125,7 +130,6 @@ public class SecurityContextHolder {
 
 	/**
 	 * Associates a new <code>SecurityContext</code> with the current thread of execution.
-	 *
 	 * @param context the new <code>SecurityContext</code> (may not be <code>null</code>)
 	 */
 	public static void setContext(SecurityContext context) {
@@ -136,7 +140,6 @@ public class SecurityContextHolder {
 	 * Changes the preferred strategy. Do <em>NOT</em> call this method more than once for
 	 * a given JVM, as it will re-initialize the strategy and adversely affect any
 	 * existing threads using the old strategy.
-	 *
 	 * @param strategyName the fully qualified class name of the strategy that should be
 	 * used.
 	 */
@@ -147,7 +150,6 @@ public class SecurityContextHolder {
 
 	/**
 	 * Allows retrieval of the context strategy. See SEC-1188.
-	 *
 	 * @return the configured strategy for storing the security context.
 	 */
 	public static SecurityContextHolderStrategy getContextHolderStrategy() {
@@ -163,7 +165,7 @@ public class SecurityContextHolder {
 
 	@Override
 	public String toString() {
-		return "SecurityContextHolder[strategy='" + strategyName + "'; initializeCount="
-				+ initializeCount + "]";
+		return "SecurityContextHolder[strategy='" + strategyName + "'; initializeCount=" + initializeCount + "]";
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/core/context/SecurityContextHolderStrategy.java b/core/src/main/java/org/springframework/security/core/context/SecurityContextHolderStrategy.java
index aa35315f4c..b988fd0294 100644
--- a/core/src/main/java/org/springframework/security/core/context/SecurityContextHolderStrategy.java
+++ b/core/src/main/java/org/springframework/security/core/context/SecurityContextHolderStrategy.java
@@ -25,6 +25,7 @@ package org.springframework.security.core.context;
  * @author Ben Alex
  */
 public interface SecurityContextHolderStrategy {
+
 	// ~ Methods
 	// ========================================================================================================
 
@@ -35,7 +36,6 @@ public interface SecurityContextHolderStrategy {
 
 	/**
 	 * Obtains the current context.
-	 *
 	 * @return a context (never <code>null</code> - create a default implementation if
 	 * necessary)
 	 */
@@ -43,7 +43,6 @@ public interface SecurityContextHolderStrategy {
 
 	/**
 	 * Sets the current context.
-	 *
 	 * @param context to the new argument (should never be <code>null</code>, although
 	 * implementations must check if <code>null</code> has been passed and throw an
 	 * <code>IllegalArgumentException</code> in such cases)
@@ -54,8 +53,8 @@ public interface SecurityContextHolderStrategy {
 	 * Creates a new, empty context implementation, for use by
 	 * <tt>SecurityContextRepository</tt> implementations, when creating a new context for
 	 * the first time.
-	 *
 	 * @return the empty context.
 	 */
 	SecurityContext createEmptyContext();
+
 }
diff --git a/core/src/main/java/org/springframework/security/core/context/SecurityContextImpl.java b/core/src/main/java/org/springframework/security/core/context/SecurityContextImpl.java
index bfd409c1c4..7eaa747bc8 100644
--- a/core/src/main/java/org/springframework/security/core/context/SecurityContextImpl.java
+++ b/core/src/main/java/org/springframework/security/core/context/SecurityContextImpl.java
@@ -35,7 +35,8 @@ public class SecurityContextImpl implements SecurityContext {
 
 	private Authentication authentication;
 
-	public SecurityContextImpl() {}
+	public SecurityContextImpl() {
+	}
 
 	public SecurityContextImpl(Authentication authentication) {
 		this.authentication = authentication;
@@ -96,4 +97,5 @@ public class SecurityContextImpl implements SecurityContext {
 
 		return sb.toString();
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/core/context/ThreadLocalSecurityContextHolderStrategy.java b/core/src/main/java/org/springframework/security/core/context/ThreadLocalSecurityContextHolderStrategy.java
index c13a909c59..a6c405bbda 100644
--- a/core/src/main/java/org/springframework/security/core/context/ThreadLocalSecurityContextHolderStrategy.java
+++ b/core/src/main/java/org/springframework/security/core/context/ThreadLocalSecurityContextHolderStrategy.java
@@ -23,12 +23,11 @@ import org.springframework.util.Assert;
  * {@link SecurityContextHolderStrategy}.
  *
  * @author Ben Alex
- *
  * @see java.lang.ThreadLocal
  * @see org.springframework.security.core.context.web.SecurityContextPersistenceFilter
  */
-final class ThreadLocalSecurityContextHolderStrategy implements
-		SecurityContextHolderStrategy {
+final class ThreadLocalSecurityContextHolderStrategy implements SecurityContextHolderStrategy {
+
 	// ~ Static fields/initializers
 	// =====================================================================================
 
@@ -60,4 +59,5 @@ final class ThreadLocalSecurityContextHolderStrategy implements
 	public SecurityContext createEmptyContext() {
 		return new SecurityContextImpl();
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/core/context/package-info.java b/core/src/main/java/org/springframework/security/core/context/package-info.java
index 6660feef43..2b963914fb 100644
--- a/core/src/main/java/org/springframework/security/core/context/package-info.java
+++ b/core/src/main/java/org/springframework/security/core/context/package-info.java
@@ -14,14 +14,16 @@
  * limitations under the License.
  */
 /**
- * Classes related to the establishment of a security context for the duration of a request (such as
- * an HTTP or RMI invocation).
+ * Classes related to the establishment of a security context for the duration of a
+ * request (such as an HTTP or RMI invocation).
  * <p>
- * A security context is usually associated with the current execution thread for the duration of the request,
- * making the authentication information it contains available throughout all the layers of an application.
+ * A security context is usually associated with the current execution thread for the
+ * duration of the request, making the authentication information it contains available
+ * throughout all the layers of an application.
  * <p>
- * The {@link org.springframework.security.core.context.SecurityContext SecurityContext} can be accessed at any point
- * by calling the {@link org.springframework.security.core.context.SecurityContextHolder SecurityContextHolder}.
+ * The {@link org.springframework.security.core.context.SecurityContext SecurityContext}
+ * can be accessed at any point by calling the
+ * {@link org.springframework.security.core.context.SecurityContextHolder
+ * SecurityContextHolder}.
  */
 package org.springframework.security.core.context;
-
diff --git a/core/src/main/java/org/springframework/security/core/package-info.java b/core/src/main/java/org/springframework/security/core/package-info.java
index f27dcaf004..e3f6d2e3b0 100644
--- a/core/src/main/java/org/springframework/security/core/package-info.java
+++ b/core/src/main/java/org/springframework/security/core/package-info.java
@@ -14,8 +14,7 @@
  * limitations under the License.
  */
 /**
- * Core classes and interfaces related to user authentication and authorization, as well as the maintenance of
- * a security context.
+ * Core classes and interfaces related to user authentication and authorization, as well
+ * as the maintenance of a security context.
  */
 package org.springframework.security.core;
-
diff --git a/core/src/main/java/org/springframework/security/core/parameters/AnnotationParameterNameDiscoverer.java b/core/src/main/java/org/springframework/security/core/parameters/AnnotationParameterNameDiscoverer.java
index daac6e6d95..93777caf6d 100644
--- a/core/src/main/java/org/springframework/security/core/parameters/AnnotationParameterNameDiscoverer.java
+++ b/core/src/main/java/org/springframework/security/core/parameters/AnnotationParameterNameDiscoverer.java
@@ -82,7 +82,6 @@ import org.springframework.util.ReflectionUtils;
  * </p>
  *
  * @see DefaultSecurityParameterNameDiscoverer
- *
  * @author Rob Winch
  * @since 3.2
  */
@@ -95,8 +94,7 @@ public class AnnotationParameterNameDiscoverer implements ParameterNameDiscovere
 	}
 
 	public AnnotationParameterNameDiscoverer(Set<String> annotationClassesToUse) {
-		Assert.notEmpty(annotationClassesToUse,
-				"annotationClassesToUse cannot be null or empty");
+		Assert.notEmpty(annotationClassesToUse, "annotationClassesToUse cannot be null or empty");
 		this.annotationClassesToUse = annotationClassesToUse;
 	}
 
@@ -108,16 +106,14 @@ public class AnnotationParameterNameDiscoverer implements ParameterNameDiscovere
 	 */
 	public String[] getParameterNames(Method method) {
 		Method originalMethod = BridgeMethodResolver.findBridgedMethod(method);
-		String[] paramNames = lookupParameterNames(METHOD_METHODPARAM_FACTORY,
-				originalMethod);
+		String[] paramNames = lookupParameterNames(METHOD_METHODPARAM_FACTORY, originalMethod);
 		if (paramNames != null) {
 			return paramNames;
 		}
 		Class<?> declaringClass = method.getDeclaringClass();
 		Class<?>[] interfaces = declaringClass.getInterfaces();
 		for (Class<?> intrfc : interfaces) {
-			Method intrfcMethod = ReflectionUtils.findMethod(intrfc, method.getName(),
-					method.getParameterTypes());
+			Method intrfcMethod = ReflectionUtils.findMethod(intrfc, method.getName(), method.getParameterTypes());
 			if (intrfcMethod != null) {
 				return lookupParameterNames(METHOD_METHODPARAM_FACTORY, intrfcMethod);
 			}
@@ -137,14 +133,13 @@ public class AnnotationParameterNameDiscoverer implements ParameterNameDiscovere
 
 	/**
 	 * Gets the parameter names or null if not found.
-	 *
 	 * @param parameterNameFactory the {@link ParameterNameFactory} to use
 	 * @param t the {@link AccessibleObject} to find the parameter names on (i.e. Method
 	 * or Constructor)
 	 * @return the parameter names or null
 	 */
-	private <T extends AccessibleObject> String[] lookupParameterNames(
-			ParameterNameFactory<T> parameterNameFactory, T t) {
+	private <T extends AccessibleObject> String[] lookupParameterNames(ParameterNameFactory<T> parameterNameFactory,
+			T t) {
 		Annotation[][] parameterAnnotations = parameterNameFactory.findParameterAnnotations(t);
 		int parameterCount = parameterAnnotations.length;
 		String[] paramNames = new String[parameterCount];
@@ -164,30 +159,29 @@ public class AnnotationParameterNameDiscoverer implements ParameterNameDiscovere
 	 * Finds the parameter name from the provided {@link Annotation}s or null if it could
 	 * not find it. The search is done by looking at the value property of the
 	 * {@link #annotationClassesToUse}.
-	 *
 	 * @param parameterAnnotations the {@link Annotation}'s to search.
 	 * @return
 	 */
 	private String findParameterName(Annotation[] parameterAnnotations) {
 		for (Annotation paramAnnotation : parameterAnnotations) {
-			if (annotationClassesToUse.contains(paramAnnotation.annotationType()
-					.getName())) {
+			if (annotationClassesToUse.contains(paramAnnotation.annotationType().getName())) {
 				return (String) AnnotationUtils.getValue(paramAnnotation, "value");
 			}
 		}
 		return null;
 	}
 
-	private static final ParameterNameFactory<Constructor<?>> CONSTRUCTOR_METHODPARAM_FACTORY = constructor -> constructor.getParameterAnnotations();
+	private static final ParameterNameFactory<Constructor<?>> CONSTRUCTOR_METHODPARAM_FACTORY = constructor -> constructor
+			.getParameterAnnotations();
 
-	private static final ParameterNameFactory<Method> METHOD_METHODPARAM_FACTORY = method -> method.getParameterAnnotations();
+	private static final ParameterNameFactory<Method> METHOD_METHODPARAM_FACTORY = method -> method
+			.getParameterAnnotations();
 
 	/**
 	 * Strategy interface for looking up the parameter names.
 	 *
 	 * @author Rob Winch
 	 * @since 3.2
-	 *
 	 * @param <T> the type to inspect (i.e. {@link Method} or {@link Constructor})
 	 */
 	private interface ParameterNameFactory<T extends AccessibleObject> {
@@ -199,5 +193,7 @@ public class AnnotationParameterNameDiscoverer implements ParameterNameDiscovere
 		 * @return
 		 */
 		Annotation[][] findParameterAnnotations(T t);
+
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/core/parameters/DefaultSecurityParameterNameDiscoverer.java b/core/src/main/java/org/springframework/security/core/parameters/DefaultSecurityParameterNameDiscoverer.java
index c7c10fe90c..45161c67f6 100644
--- a/core/src/main/java/org/springframework/security/core/parameters/DefaultSecurityParameterNameDiscoverer.java
+++ b/core/src/main/java/org/springframework/security/core/parameters/DefaultSecurityParameterNameDiscoverer.java
@@ -45,18 +45,16 @@ import org.springframework.util.ClassUtils;
  * </ul>
  *
  * @see AnnotationParameterNameDiscoverer
- *
  * @author Rob Winch
  * @since 3.2
  */
-public class DefaultSecurityParameterNameDiscoverer extends
-		PrioritizedParameterNameDiscoverer {
+public class DefaultSecurityParameterNameDiscoverer extends PrioritizedParameterNameDiscoverer {
 
 	private final Log logger = LogFactory.getLog(getClass());
 
 	private static final String DATA_PARAM_CLASSNAME = "org.springframework.data.repository.query.Param";
-	private static final boolean DATA_PARAM_PRESENT = ClassUtils.isPresent(
-			DATA_PARAM_CLASSNAME,
+
+	private static final boolean DATA_PARAM_PRESENT = ClassUtils.isPresent(DATA_PARAM_CLASSNAME,
 			DefaultSecurityParameterNameDiscoverer.class.getClassLoader());
 
 	/**
@@ -64,7 +62,7 @@ public class DefaultSecurityParameterNameDiscoverer extends
 	 * instances.
 	 */
 	public DefaultSecurityParameterNameDiscoverer() {
-		this(Collections.<ParameterNameDiscoverer> emptyList());
+		this(Collections.<ParameterNameDiscoverer>emptyList());
 	}
 
 	/**
@@ -74,8 +72,7 @@ public class DefaultSecurityParameterNameDiscoverer extends
 	 * defaults. Cannot be null.
 	 */
 	@SuppressWarnings("unchecked")
-	public DefaultSecurityParameterNameDiscoverer(
-			List<? extends ParameterNameDiscoverer> parameterNameDiscovers) {
+	public DefaultSecurityParameterNameDiscoverer(List<? extends ParameterNameDiscoverer> parameterNameDiscovers) {
 		Assert.notNull(parameterNameDiscovers, "parameterNameDiscovers cannot be null");
 		for (ParameterNameDiscoverer discover : parameterNameDiscovers) {
 			addDiscoverer(discover);
@@ -91,4 +88,5 @@ public class DefaultSecurityParameterNameDiscoverer extends
 		addDiscoverer(new AnnotationParameterNameDiscoverer(annotationClassesToUse));
 		addDiscoverer(new DefaultParameterNameDiscoverer());
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/core/parameters/P.java b/core/src/main/java/org/springframework/security/core/parameters/P.java
index f828e3795c..416aa43712 100644
--- a/core/src/main/java/org/springframework/security/core/parameters/P.java
+++ b/core/src/main/java/org/springframework/security/core/parameters/P.java
@@ -41,4 +41,5 @@ public @interface P {
 	 * @return
 	 */
 	String value();
+
 }
diff --git a/core/src/main/java/org/springframework/security/core/session/AbstractSessionEvent.java b/core/src/main/java/org/springframework/security/core/session/AbstractSessionEvent.java
index 5a43b2d6de..4c8c20da5c 100644
--- a/core/src/main/java/org/springframework/security/core/session/AbstractSessionEvent.java
+++ b/core/src/main/java/org/springframework/security/core/session/AbstractSessionEvent.java
@@ -29,4 +29,5 @@ public class AbstractSessionEvent extends ApplicationEvent {
 	public AbstractSessionEvent(Object source) {
 		super(source);
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/core/session/SessionCreationEvent.java b/core/src/main/java/org/springframework/security/core/session/SessionCreationEvent.java
index 97471c85e1..2f62732e97 100644
--- a/core/src/main/java/org/springframework/security/core/session/SessionCreationEvent.java
+++ b/core/src/main/java/org/springframework/security/core/session/SessionCreationEvent.java
@@ -27,4 +27,5 @@ public abstract class SessionCreationEvent extends AbstractSessionEvent {
 	public SessionCreationEvent(Object source) {
 		super(source);
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/core/session/SessionDestroyedEvent.java b/core/src/main/java/org/springframework/security/core/session/SessionDestroyedEvent.java
index 785c40c0e6..52e5233d2a 100644
--- a/core/src/main/java/org/springframework/security/core/session/SessionDestroyedEvent.java
+++ b/core/src/main/java/org/springframework/security/core/session/SessionDestroyedEvent.java
@@ -35,7 +35,6 @@ public abstract class SessionDestroyedEvent extends AbstractSessionEvent {
 	/**
 	 * Provides the {@code SecurityContext} instances which were associated with the
 	 * destroyed session. Usually there will be only one security context per session.
-	 *
 	 * @return the {@code SecurityContext} instances which were stored in the current
 	 * session (an empty list if there are none).
 	 */
@@ -45,4 +44,5 @@ public abstract class SessionDestroyedEvent extends AbstractSessionEvent {
 	 * @return the identifier associated with the destroyed session.
 	 */
 	public abstract String getId();
+
 }
diff --git a/core/src/main/java/org/springframework/security/core/session/SessionIdChangedEvent.java b/core/src/main/java/org/springframework/security/core/session/SessionIdChangedEvent.java
index 640cdf7618..d46bb20c45 100644
--- a/core/src/main/java/org/springframework/security/core/session/SessionIdChangedEvent.java
+++ b/core/src/main/java/org/springframework/security/core/session/SessionIdChangedEvent.java
@@ -16,8 +16,8 @@
 package org.springframework.security.core.session;
 
 /**
- * Generic "session ID changed" event which indicates that a session
- * identifier (potentially represented by a security context) has changed.
+ * Generic "session ID changed" event which indicates that a session identifier
+ * (potentially represented by a security context) has changed.
  *
  * @since 5.4
  */
@@ -29,16 +29,14 @@ public abstract class SessionIdChangedEvent extends AbstractSessionEvent {
 
 	/**
 	 * Returns the old session ID.
-	 *
-	 * @return the identifier that was previously associated with
-	 * the session.
+	 * @return the identifier that was previously associated with the session.
 	 */
 	public abstract String getOldSessionId();
 
 	/**
 	 * Returns the new session ID.
-	 *
 	 * @return the new identifier that is associated with the session.
 	 */
 	public abstract String getNewSessionId();
+
 }
diff --git a/core/src/main/java/org/springframework/security/core/session/SessionInformation.java b/core/src/main/java/org/springframework/security/core/session/SessionInformation.java
index fd7ae3ff73..09e4be8feb 100644
--- a/core/src/main/java/org/springframework/security/core/session/SessionInformation.java
+++ b/core/src/main/java/org/springframework/security/core/session/SessionInformation.java
@@ -45,8 +45,11 @@ public class SessionInformation implements Serializable {
 	// ================================================================================================
 
 	private Date lastRequest;
+
 	private final Object principal;
+
 	private final String sessionId;
+
 	private boolean expired = false;
 
 	// ~ Constructors
@@ -90,4 +93,5 @@ public class SessionInformation implements Serializable {
 	public void refreshLastRequest() {
 		this.lastRequest = new Date();
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/core/session/SessionRegistry.java b/core/src/main/java/org/springframework/security/core/session/SessionRegistry.java
index 68f4ab054a..017ee8750e 100644
--- a/core/src/main/java/org/springframework/security/core/session/SessionRegistry.java
+++ b/core/src/main/java/org/springframework/security/core/session/SessionRegistry.java
@@ -24,12 +24,12 @@ import java.util.List;
  * @author Ben Alex
  */
 public interface SessionRegistry {
+
 	// ~ Methods
 	// ========================================================================================================
 
 	/**
 	 * Obtains all the known principals in the <code>SessionRegistry</code>.
-	 *
 	 * @return each of the unique principals, which can then be presented to
 	 * {@link #getAllSessions(Object, boolean)}.
 	 */
@@ -39,22 +39,17 @@ public interface SessionRegistry {
 	 * Obtains all the known sessions for the specified principal. Sessions that have been
 	 * destroyed are not returned. Sessions that have expired may be returned, depending
 	 * on the passed argument.
-	 *
 	 * @param principal to locate sessions for (should never be <code>null</code>)
 	 * @param includeExpiredSessions if <code>true</code>, the returned sessions will also
 	 * include those that have expired for the principal
-	 *
 	 * @return the matching sessions for this principal (should not return null).
 	 */
-	List<SessionInformation> getAllSessions(Object principal,
-			boolean includeExpiredSessions);
+	List<SessionInformation> getAllSessions(Object principal, boolean includeExpiredSessions);
 
 	/**
 	 * Obtains the session information for the specified <code>sessionId</code>. Even
 	 * expired sessions are returned (although destroyed sessions are never returned).
-	 *
 	 * @param sessionId to lookup (should never be <code>null</code>)
-	 *
 	 * @return the session information, or <code>null</code> if not found
 	 */
 	SessionInformation getSessionInformation(String sessionId);
@@ -63,7 +58,6 @@ public interface SessionRegistry {
 	 * Updates the given <code>sessionId</code> so its last request time is equal to the
 	 * present date and time. Silently returns if the given <code>sessionId</code> cannot
 	 * be found or the session is marked to expire.
-	 *
 	 * @param sessionId for which to update the date and time of the last request (should
 	 * never be <code>null</code>)
 	 */
@@ -72,7 +66,6 @@ public interface SessionRegistry {
 	/**
 	 * Registers a new session for the specified principal. The newly registered session
 	 * will not be marked for expiration.
-	 *
 	 * @param sessionId to associate with the principal (should never be <code>null</code>
 	 * )
 	 * @param principal to associate with the session (should never be <code>null</code>)
@@ -83,8 +76,8 @@ public interface SessionRegistry {
 	 * Deletes all the session information being maintained for the specified
 	 * <code>sessionId</code>. If the <code>sessionId</code> is not found, the method
 	 * gracefully returns.
-	 *
 	 * @param sessionId to delete information for (should never be <code>null</code>)
 	 */
 	void removeSessionInformation(String sessionId);
+
 }
diff --git a/core/src/main/java/org/springframework/security/core/session/SessionRegistryImpl.java b/core/src/main/java/org/springframework/security/core/session/SessionRegistryImpl.java
index fa00255902..e6f5910557 100644
--- a/core/src/main/java/org/springframework/security/core/session/SessionRegistryImpl.java
+++ b/core/src/main/java/org/springframework/security/core/session/SessionRegistryImpl.java
@@ -33,14 +33,14 @@ import java.util.concurrent.CopyOnWriteArraySet;
  * SessionDestroyedEvent}s published in the Spring application context.
  * <p>
  * For this class to function correctly in a web application, it is important that you
- * register an <a href="{@docRoot}/org/springframework/security/web/session/HttpSessionEventPublisher.html">HttpSessionEventPublisher</a>
+ * register an <a href="
+ * {@docRoot}/org/springframework/security/web/session/HttpSessionEventPublisher.html">HttpSessionEventPublisher</a>
  * in the <tt>web.xml</tt> file so that this class is notified of sessions that expire.
  *
  * @author Ben Alex
  * @author Luke Taylor
  */
-public class SessionRegistryImpl implements SessionRegistry,
-		ApplicationListener<AbstractSessionEvent> {
+public class SessionRegistryImpl implements SessionRegistry, ApplicationListener<AbstractSessionEvent> {
 
 	// ~ Instance fields
 	// ================================================================================================
@@ -49,6 +49,7 @@ public class SessionRegistryImpl implements SessionRegistry,
 
 	/** <principal:Object,SessionIdSet> */
 	private final ConcurrentMap<Object, Set<String>> principals;
+
 	/** <sessionId:Object,SessionInformation> */
 	private final Map<String, SessionInformation> sessionIds;
 
@@ -60,25 +61,24 @@ public class SessionRegistryImpl implements SessionRegistry,
 		this.sessionIds = new ConcurrentHashMap<>();
 	}
 
-	public SessionRegistryImpl(ConcurrentMap<Object, Set<String>> principals, Map<String, SessionInformation> sessionIds) {
-		this.principals=principals;
-		this.sessionIds=sessionIds;
+	public SessionRegistryImpl(ConcurrentMap<Object, Set<String>> principals,
+			Map<String, SessionInformation> sessionIds) {
+		this.principals = principals;
+		this.sessionIds = sessionIds;
 	}
 
 	public List<Object> getAllPrincipals() {
 		return new ArrayList<>(principals.keySet());
 	}
 
-	public List<SessionInformation> getAllSessions(Object principal,
-			boolean includeExpiredSessions) {
+	public List<SessionInformation> getAllSessions(Object principal, boolean includeExpiredSessions) {
 		final Set<String> sessionsUsedByPrincipal = principals.get(principal);
 
 		if (sessionsUsedByPrincipal == null) {
 			return Collections.emptyList();
 		}
 
-		List<SessionInformation> list = new ArrayList<>(
-				sessionsUsedByPrincipal.size());
+		List<SessionInformation> list = new ArrayList<>(sessionsUsedByPrincipal.size());
 
 		for (String sessionId : sessionsUsedByPrincipal) {
 			SessionInformation sessionInformation = getSessionInformation(sessionId);
@@ -106,7 +106,8 @@ public class SessionRegistryImpl implements SessionRegistry,
 			SessionDestroyedEvent sessionDestroyedEvent = (SessionDestroyedEvent) event;
 			String sessionId = sessionDestroyedEvent.getId();
 			removeSessionInformation(sessionId);
-		} else if (event instanceof SessionIdChangedEvent) {
+		}
+		else if (event instanceof SessionIdChangedEvent) {
 			SessionIdChangedEvent sessionIdChangedEvent = (SessionIdChangedEvent) event;
 			String oldSessionId = sessionIdChangedEvent.getOldSessionId();
 			Object principal = sessionIds.get(oldSessionId).getPrincipal();
@@ -134,12 +135,10 @@ public class SessionRegistryImpl implements SessionRegistry,
 		}
 
 		if (logger.isDebugEnabled()) {
-			logger.debug("Registering session " + sessionId + ", for principal "
-					+ principal);
+			logger.debug("Registering session " + sessionId + ", for principal " + principal);
 		}
 
-		sessionIds.put(sessionId,
-				new SessionInformation(principal, sessionId, new Date()));
+		sessionIds.put(sessionId, new SessionInformation(principal, sessionId, new Date()));
 
 		principals.compute(principal, (key, sessionsUsedByPrincipal) -> {
 			if (sessionsUsedByPrincipal == null) {
@@ -148,8 +147,7 @@ public class SessionRegistryImpl implements SessionRegistry,
 			sessionsUsedByPrincipal.add(sessionId);
 
 			if (logger.isTraceEnabled()) {
-				logger.trace("Sessions used by '" + principal + "' : "
-						+ sessionsUsedByPrincipal);
+				logger.trace("Sessions used by '" + principal + "' : " + sessionsUsedByPrincipal);
 			}
 			return sessionsUsedByPrincipal;
 		});
@@ -165,16 +163,14 @@ public class SessionRegistryImpl implements SessionRegistry,
 		}
 
 		if (logger.isTraceEnabled()) {
-			logger.debug("Removing session " + sessionId
-					+ " from set of registered sessions");
+			logger.debug("Removing session " + sessionId + " from set of registered sessions");
 		}
 
 		sessionIds.remove(sessionId);
 
 		principals.computeIfPresent(info.getPrincipal(), (key, sessionsUsedByPrincipal) -> {
 			if (logger.isDebugEnabled()) {
-				logger.debug("Removing session " + sessionId
-						+ " from principal's set of registered sessions");
+				logger.debug("Removing session " + sessionId + " from principal's set of registered sessions");
 			}
 
 			sessionsUsedByPrincipal.remove(sessionId);
@@ -182,15 +178,13 @@ public class SessionRegistryImpl implements SessionRegistry,
 			if (sessionsUsedByPrincipal.isEmpty()) {
 				// No need to keep object in principals Map anymore
 				if (logger.isDebugEnabled()) {
-					logger.debug("Removing principal " + info.getPrincipal()
-							+ " from registry");
+					logger.debug("Removing principal " + info.getPrincipal() + " from registry");
 				}
 				sessionsUsedByPrincipal = null;
 			}
 
 			if (logger.isTraceEnabled()) {
-				logger.trace("Sessions used by '" + info.getPrincipal() + "' : "
-						+ sessionsUsedByPrincipal);
+				logger.trace("Sessions used by '" + info.getPrincipal() + "' : " + sessionsUsedByPrincipal);
 			}
 			return sessionsUsedByPrincipal;
 		});
diff --git a/core/src/main/java/org/springframework/security/core/session/package-info.java b/core/src/main/java/org/springframework/security/core/session/package-info.java
index 7b40d87320..3dc76e0a5d 100644
--- a/core/src/main/java/org/springframework/security/core/session/package-info.java
+++ b/core/src/main/java/org/springframework/security/core/session/package-info.java
@@ -14,9 +14,11 @@
  * limitations under the License.
  */
 /**
- * Session abstraction which is provided by the {@code org.springframework.security.core.session.SessionInformation
- * SessionInformation} class. The {@link org.springframework.security.core.session.SessionRegistry SessionRegistry}
- * is a core part of the web-based concurrent session control, but the code is not dependent on any of the servlet APIs.
+ * Session abstraction which is provided by the
+ * {@code org.springframework.security.core.session.SessionInformation
+ * SessionInformation} class. The
+ * {@link org.springframework.security.core.session.SessionRegistry SessionRegistry} is a
+ * core part of the web-based concurrent session control, but the code is not dependent on
+ * any of the servlet APIs.
  */
 package org.springframework.security.core.session;
-
diff --git a/core/src/main/java/org/springframework/security/core/token/DefaultToken.java b/core/src/main/java/org/springframework/security/core/token/DefaultToken.java
index f5db72c9d0..77fc1a3622 100644
--- a/core/src/main/java/org/springframework/security/core/token/DefaultToken.java
+++ b/core/src/main/java/org/springframework/security/core/token/DefaultToken.java
@@ -26,8 +26,11 @@ import org.springframework.util.Assert;
  * @since 2.0.1
  */
 public class DefaultToken implements Token {
+
 	private final String key;
+
 	private final long keyCreationTime;
+
 	private final String extendedInformation;
 
 	public DefaultToken(String key, long keyCreationTime, String extendedInformation) {
@@ -57,8 +60,7 @@ public class DefaultToken implements Token {
 	public boolean equals(Object obj) {
 		if (obj != null && obj instanceof DefaultToken) {
 			DefaultToken rhs = (DefaultToken) obj;
-			return this.key.equals(rhs.key)
-					&& this.keyCreationTime == rhs.keyCreationTime
+			return this.key.equals(rhs.key) && this.keyCreationTime == rhs.keyCreationTime
 					&& this.extendedInformation.equals(rhs.extendedInformation);
 		}
 		return false;
@@ -75,8 +77,8 @@ public class DefaultToken implements Token {
 
 	@Override
 	public String toString() {
-		return "DefaultToken[key=" + key + "; creation=" + new Date(keyCreationTime)
-				+ "; extended=" + extendedInformation + "]";
+		return "DefaultToken[key=" + key + "; creation=" + new Date(keyCreationTime) + "; extended="
+				+ extendedInformation + "]";
 	}
 
 }
diff --git a/core/src/main/java/org/springframework/security/core/token/KeyBasedPersistenceTokenService.java b/core/src/main/java/org/springframework/security/core/token/KeyBasedPersistenceTokenService.java
index b38b078665..d4114cb19f 100644
--- a/core/src/main/java/org/springframework/security/core/token/KeyBasedPersistenceTokenService.java
+++ b/core/src/main/java/org/springframework/security/core/token/KeyBasedPersistenceTokenService.java
@@ -72,19 +72,21 @@ import org.springframework.util.StringUtils;
  *
  */
 public class KeyBasedPersistenceTokenService implements TokenService, InitializingBean {
+
 	private int pseudoRandomNumberBytes = 32;
+
 	private String serverSecret;
+
 	private Integer serverInteger;
+
 	private SecureRandom secureRandom;
 
 	public Token allocateToken(String extendedInformation) {
-		Assert.notNull(extendedInformation,
-				"Must provided non-null extendedInformation (but it can be empty)");
+		Assert.notNull(extendedInformation, "Must provided non-null extendedInformation (but it can be empty)");
 		long creationTime = new Date().getTime();
 		String serverSecret = computeServerSecretApplicableAt(creationTime);
 		String pseudoRandomNumber = generatePseudoRandomNumber();
-		String content = creationTime + ":" + pseudoRandomNumber + ":"
-				+ extendedInformation;
+		String content = creationTime + ":" + pseudoRandomNumber + ":" + extendedInformation;
 
 		// Compute key
 		String sha512Hex = Sha512DigestUtils.shaHex(content + ":" + serverSecret);
@@ -98,10 +100,9 @@ public class KeyBasedPersistenceTokenService implements TokenService, Initializi
 		if (key == null || "".equals(key)) {
 			return null;
 		}
-		String[] tokens = StringUtils.delimitedListToStringArray(
-				Utf8.decode(Base64.getDecoder().decode(Utf8.encode(key))), ":");
-		Assert.isTrue(tokens.length >= 4, () -> "Expected 4 or more tokens but found "
-				+ tokens.length);
+		String[] tokens = StringUtils
+				.delimitedListToStringArray(Utf8.decode(Base64.getDecoder().decode(Utf8.encode(key))), ":");
+		Assert.isTrue(tokens.length >= 4, () -> "Expected 4 or more tokens but found " + tokens.length);
 
 		long creationTime;
 		try {
@@ -126,8 +127,7 @@ public class KeyBasedPersistenceTokenService implements TokenService, Initializi
 		String sha1Hex = tokens[tokens.length - 1];
 
 		// Verification
-		String content = creationTime + ":" + pseudoRandomNumber + ":"
-				+ extendedInfo.toString();
+		String content = creationTime + ":" + pseudoRandomNumber + ":" + extendedInfo.toString();
 		String expectedSha512Hex = Sha512DigestUtils.shaHex(content + ":" + serverSecret);
 		Assert.isTrue(expectedSha512Hex.equals(sha1Hex), "Key verification failure");
 
@@ -164,8 +164,7 @@ public class KeyBasedPersistenceTokenService implements TokenService, Initializi
 	 * defaults to 256)
 	 */
 	public void setPseudoRandomNumberBytes(int pseudoRandomNumberBytes) {
-		Assert.isTrue(pseudoRandomNumberBytes >= 0,
-				"Must have a positive pseudo random number bit size");
+		Assert.isTrue(pseudoRandomNumberBytes >= 0, "Must have a positive pseudo random number bit size");
 		this.pseudoRandomNumberBytes = pseudoRandomNumberBytes;
 	}
 
@@ -178,4 +177,5 @@ public class KeyBasedPersistenceTokenService implements TokenService, Initializi
 		Assert.notNull(serverInteger, "Server integer required");
 		Assert.notNull(secureRandom, "SecureRandom instance required");
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/core/token/SecureRandomFactoryBean.java b/core/src/main/java/org/springframework/security/core/token/SecureRandomFactoryBean.java
index 2d640de72a..fed76cf109 100644
--- a/core/src/main/java/org/springframework/security/core/token/SecureRandomFactoryBean.java
+++ b/core/src/main/java/org/springframework/security/core/token/SecureRandomFactoryBean.java
@@ -32,6 +32,7 @@ import org.springframework.util.FileCopyUtils;
 public class SecureRandomFactoryBean implements FactoryBean<SecureRandom> {
 
 	private String algorithm = "SHA1PRNG";
+
 	private Resource seed;
 
 	public SecureRandom getObject() throws Exception {
@@ -61,7 +62,6 @@ public class SecureRandomFactoryBean implements FactoryBean<SecureRandom> {
 	/**
 	 * Allows the Pseudo Random Number Generator (PRNG) algorithm to be nominated.
 	 * Defaults to "SHA1PRNG".
-	 *
 	 * @param algorithm to use (mandatory)
 	 */
 	public void setAlgorithm(String algorithm) {
@@ -76,10 +76,10 @@ public class SecureRandomFactoryBean implements FactoryBean<SecureRandom> {
 	 * {@link SecureRandom#setSeed(byte[])} method. Note that this will simply supplement,
 	 * rather than replace, the existing seed. As such, it is always safe to set a seed
 	 * using this method (it never reduces randomness).
-	 *
 	 * @param seed to use, or <code>null</code> if no additional seeding is needed
 	 */
 	public void setSeed(Resource seed) {
 		this.seed = seed;
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/core/token/Sha512DigestUtils.java b/core/src/main/java/org/springframework/security/core/token/Sha512DigestUtils.java
index d1c354955b..a2c16a14fa 100644
--- a/core/src/main/java/org/springframework/security/core/token/Sha512DigestUtils.java
+++ b/core/src/main/java/org/springframework/security/core/token/Sha512DigestUtils.java
@@ -35,7 +35,6 @@ public abstract class Sha512DigestUtils {
 
 	/**
 	 * Returns an SHA digest.
-	 *
 	 * @return An SHA digest instance.
 	 * @throws RuntimeException when a {@link java.security.NoSuchAlgorithmException} is
 	 * caught.
@@ -51,7 +50,6 @@ public abstract class Sha512DigestUtils {
 
 	/**
 	 * Calculates the SHA digest and returns the value as a <code>byte[]</code>.
-	 *
 	 * @param data Data to digest
 	 * @return SHA digest
 	 */
@@ -61,7 +59,6 @@ public abstract class Sha512DigestUtils {
 
 	/**
 	 * Calculates the SHA digest and returns the value as a <code>byte[]</code>.
-	 *
 	 * @param data Data to digest
 	 * @return SHA digest
 	 */
@@ -71,7 +68,6 @@ public abstract class Sha512DigestUtils {
 
 	/**
 	 * Calculates the SHA digest and returns the value as a hex string.
-	 *
 	 * @param data Data to digest
 	 * @return SHA digest as a hex string
 	 */
@@ -81,7 +77,6 @@ public abstract class Sha512DigestUtils {
 
 	/**
 	 * Calculates the SHA digest and returns the value as a hex string.
-	 *
 	 * @param data Data to digest
 	 * @return SHA digest as a hex string
 	 */
diff --git a/core/src/main/java/org/springframework/security/core/token/Token.java b/core/src/main/java/org/springframework/security/core/token/Token.java
index 54f8a0ffb9..0ab19a8924 100644
--- a/core/src/main/java/org/springframework/security/core/token/Token.java
+++ b/core/src/main/java/org/springframework/security/core/token/Token.java
@@ -36,7 +36,6 @@ public interface Token {
 	 * Obtains the randomised, secure key assigned to this token. Presentation of this
 	 * token to {@link TokenService} will always return a <code>Token</code> that is equal
 	 * to the original <code>Token</code> issued for that key.
-	 *
 	 * @return a key with appropriate randomness and security.
 	 */
 	String getKey();
@@ -45,7 +44,6 @@ public interface Token {
 	 * The time the token key was initially created is available from this method. Note
 	 * that a given token must never have this creation time changed. If necessary, a new
 	 * token can be requested from the {@link TokenService} to replace the original token.
-	 *
 	 * @return the time this token key was created, in the same format as specified by
 	 * {@link java.util.Date#getTime()}.
 	 */
@@ -54,8 +52,8 @@ public interface Token {
 	/**
 	 * Obtains the extended information associated within the token, which was presented
 	 * when the token was first created.
-	 *
 	 * @return the user-specified extended information, if any
 	 */
 	String getExtendedInformation();
+
 }
diff --git a/core/src/main/java/org/springframework/security/core/token/TokenService.java b/core/src/main/java/org/springframework/security/core/token/TokenService.java
index b54af4d317..167163ca55 100644
--- a/core/src/main/java/org/springframework/security/core/token/TokenService.java
+++ b/core/src/main/java/org/springframework/security/core/token/TokenService.java
@@ -41,9 +41,9 @@ package org.springframework.security.core.token;
  *
  */
 public interface TokenService {
+
 	/**
 	 * Forces the allocation of a new {@link Token}.
-	 *
 	 * @param extendedInformation the extended information desired in the token (cannot be
 	 * <code>null</code>, but can be empty)
 	 * @return a new token that has not been issued previously, and is guaranteed to be
@@ -55,11 +55,11 @@ public interface TokenService {
 	/**
 	 * Permits verification the {@link Token#getKey()} was issued by this
 	 * <code>TokenService</code> and reconstructs the corresponding <code>Token</code>.
-	 *
 	 * @param key as obtained from {@link Token#getKey()} and created by this
 	 * implementation
 	 * @return the token, or <code>null</code> if the token was not issued by this
 	 * <code>TokenService</code>
 	 */
 	Token verifyToken(String key);
+
 }
diff --git a/core/src/main/java/org/springframework/security/core/token/package-info.java b/core/src/main/java/org/springframework/security/core/token/package-info.java
index b0cefaf120..ed6b3e931e 100644
--- a/core/src/main/java/org/springframework/security/core/token/package-info.java
+++ b/core/src/main/java/org/springframework/security/core/token/package-info.java
@@ -17,4 +17,3 @@
  * A service for building secure random tokens.
  */
 package org.springframework.security.core.token;
-
diff --git a/core/src/main/java/org/springframework/security/core/userdetails/AuthenticationUserDetailsService.java b/core/src/main/java/org/springframework/security/core/userdetails/AuthenticationUserDetailsService.java
index 7284ec5d93..c87c32f8e9 100644
--- a/core/src/main/java/org/springframework/security/core/userdetails/AuthenticationUserDetailsService.java
+++ b/core/src/main/java/org/springframework/security/core/userdetails/AuthenticationUserDetailsService.java
@@ -27,11 +27,11 @@ import org.springframework.security.core.Authentication;
 public interface AuthenticationUserDetailsService<T extends Authentication> {
 
 	/**
-	 *
 	 * @param token The pre-authenticated authentication token
 	 * @return UserDetails for the given authentication token, never null.
 	 * @throws UsernameNotFoundException if no user details can be found for the given
 	 * authentication token
 	 */
 	UserDetails loadUserDetails(T token) throws UsernameNotFoundException;
+
 }
diff --git a/core/src/main/java/org/springframework/security/core/userdetails/MapReactiveUserDetailsService.java b/core/src/main/java/org/springframework/security/core/userdetails/MapReactiveUserDetailsService.java
index f0d8c12e56..6c5e7c0b0b 100644
--- a/core/src/main/java/org/springframework/security/core/userdetails/MapReactiveUserDetailsService.java
+++ b/core/src/main/java/org/springframework/security/core/userdetails/MapReactiveUserDetailsService.java
@@ -31,6 +31,7 @@ import reactor.core.publisher.Mono;
  * @since 5.0
  */
 public class MapReactiveUserDetailsService implements ReactiveUserDetailsService, ReactiveUserDetailsPasswordService {
+
 	private final Map<String, UserDetails> users;
 
 	/**
@@ -70,19 +71,14 @@ public class MapReactiveUserDetailsService implements ReactiveUserDetailsService
 
 	@Override
 	public Mono<UserDetails> updatePassword(UserDetails user, String newPassword) {
-		return Mono.just(user)
-				.map(u ->
-					User.withUserDetails(u)
-						.password(newPassword)
-						.build()
-				)
-				.doOnNext(u -> {
-					String key = getKey(user.getUsername());
-					this.users.put(key, u);
-				});
+		return Mono.just(user).map(u -> User.withUserDetails(u).password(newPassword).build()).doOnNext(u -> {
+			String key = getKey(user.getUsername());
+			this.users.put(key, u);
+		});
 	}
 
 	private String getKey(String username) {
 		return username.toLowerCase();
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/core/userdetails/ReactiveUserDetailsPasswordService.java b/core/src/main/java/org/springframework/security/core/userdetails/ReactiveUserDetailsPasswordService.java
index 867c59758a..57e55bb2ce 100644
--- a/core/src/main/java/org/springframework/security/core/userdetails/ReactiveUserDetailsPasswordService.java
+++ b/core/src/main/java/org/springframework/security/core/userdetails/ReactiveUserDetailsPasswordService.java
@@ -20,6 +20,7 @@ import reactor.core.publisher.Mono;
 
 /**
  * An API for changing a {@link UserDetails} password.
+ *
  * @author Rob Winch
  * @since 5.1
  */
@@ -28,10 +29,10 @@ public interface ReactiveUserDetailsPasswordService {
 	/**
 	 * Modify the specified user's password. This should change the user's password in the
 	 * persistent user repository (datbase, LDAP etc).
-	 *
 	 * @param user the user to modify the password for
 	 * @param newPassword the password to change to
 	 * @return the updated UserDetails with the new password
 	 */
 	Mono<UserDetails> updatePassword(UserDetails user, String newPassword);
+
 }
diff --git a/core/src/main/java/org/springframework/security/core/userdetails/ReactiveUserDetailsService.java b/core/src/main/java/org/springframework/security/core/userdetails/ReactiveUserDetailsService.java
index c66fbec0a6..63c9b6546d 100644
--- a/core/src/main/java/org/springframework/security/core/userdetails/ReactiveUserDetailsService.java
+++ b/core/src/main/java/org/springframework/security/core/userdetails/ReactiveUserDetailsService.java
@@ -32,4 +32,5 @@ public interface ReactiveUserDetailsService {
 	 * @return the {@link UserDetails}. Cannot be null
 	 */
 	Mono<UserDetails> findByUsername(String username);
+
 }
diff --git a/core/src/main/java/org/springframework/security/core/userdetails/User.java b/core/src/main/java/org/springframework/security/core/userdetails/User.java
index 05419a012e..3f256021b1 100644
--- a/core/src/main/java/org/springframework/security/core/userdetails/User.java
+++ b/core/src/main/java/org/springframework/security/core/userdetails/User.java
@@ -68,11 +68,17 @@ public class User implements UserDetails, CredentialsContainer {
 	// ~ Instance fields
 	// ================================================================================================
 	private String password;
+
 	private final String username;
+
 	private final Set<GrantedAuthority> authorities;
+
 	private final boolean accountNonExpired;
+
 	private final boolean accountNonLocked;
+
 	private final boolean credentialsNonExpired;
+
 	private final boolean enabled;
 
 	// ~ Constructors
@@ -81,15 +87,13 @@ public class User implements UserDetails, CredentialsContainer {
 	/**
 	 * Calls the more complex constructor with all boolean arguments set to {@code true}.
 	 */
-	public User(String username, String password,
-			Collection<? extends GrantedAuthority> authorities) {
+	public User(String username, String password, Collection<? extends GrantedAuthority> authorities) {
 		this(username, password, true, true, true, true, authorities);
 	}
 
 	/**
 	 * Construct the <code>User</code> with the details required by
 	 * {@link org.springframework.security.authentication.dao.DaoAuthenticationProvider}.
-	 *
 	 * @param username the username presented to the
 	 * <code>DaoAuthenticationProvider</code>
 	 * @param password the password that should be presented to the
@@ -101,17 +105,15 @@ public class User implements UserDetails, CredentialsContainer {
 	 * @param accountNonLocked set to <code>true</code> if the account is not locked
 	 * @param authorities the authorities that should be granted to the caller if they
 	 * presented the correct username and password and the user is enabled. Not null.
-	 *
 	 * @throws IllegalArgumentException if a <code>null</code> value was passed either as
 	 * a parameter or as an element in the <code>GrantedAuthority</code> collection
 	 */
-	public User(String username, String password, boolean enabled,
-			boolean accountNonExpired, boolean credentialsNonExpired,
-			boolean accountNonLocked, Collection<? extends GrantedAuthority> authorities) {
+	public User(String username, String password, boolean enabled, boolean accountNonExpired,
+			boolean credentialsNonExpired, boolean accountNonLocked,
+			Collection<? extends GrantedAuthority> authorities) {
 
 		if (((username == null) || "".equals(username)) || (password == null)) {
-			throw new IllegalArgumentException(
-					"Cannot pass null or empty values to constructor");
+			throw new IllegalArgumentException("Cannot pass null or empty values to constructor");
 		}
 
 		this.username = username;
@@ -158,25 +160,22 @@ public class User implements UserDetails, CredentialsContainer {
 		password = null;
 	}
 
-	private static SortedSet<GrantedAuthority> sortAuthorities(
-			Collection<? extends GrantedAuthority> authorities) {
+	private static SortedSet<GrantedAuthority> sortAuthorities(Collection<? extends GrantedAuthority> authorities) {
 		Assert.notNull(authorities, "Cannot pass a null GrantedAuthority collection");
 		// Ensure array iteration order is predictable (as per
 		// UserDetails.getAuthorities() contract and SEC-717)
-		SortedSet<GrantedAuthority> sortedAuthorities = new TreeSet<>(
-				new AuthorityComparator());
+		SortedSet<GrantedAuthority> sortedAuthorities = new TreeSet<>(new AuthorityComparator());
 
 		for (GrantedAuthority grantedAuthority : authorities) {
-			Assert.notNull(grantedAuthority,
-					"GrantedAuthority list cannot contain any null elements");
+			Assert.notNull(grantedAuthority, "GrantedAuthority list cannot contain any null elements");
 			sortedAuthorities.add(grantedAuthority);
 		}
 
 		return sortedAuthorities;
 	}
 
-	private static class AuthorityComparator implements Comparator<GrantedAuthority>,
-			Serializable {
+	private static class AuthorityComparator implements Comparator<GrantedAuthority>, Serializable {
+
 		private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
 
 		public int compare(GrantedAuthority g1, GrantedAuthority g2) {
@@ -194,6 +193,7 @@ public class User implements UserDetails, CredentialsContainer {
 
 			return g1.getAuthority().compareTo(g2.getAuthority());
 		}
+
 	}
 
 	/**
@@ -227,8 +227,7 @@ public class User implements UserDetails, CredentialsContainer {
 		sb.append("Password: [PROTECTED]; ");
 		sb.append("Enabled: ").append(this.enabled).append("; ");
 		sb.append("AccountNonExpired: ").append(this.accountNonExpired).append("; ");
-		sb.append("credentialsNonExpired: ").append(this.credentialsNonExpired)
-				.append("; ");
+		sb.append("credentialsNonExpired: ").append(this.credentialsNonExpired).append("; ");
 		sb.append("AccountNonLocked: ").append(this.accountNonLocked).append("; ");
 
 		if (!authorities.isEmpty()) {
@@ -253,7 +252,6 @@ public class User implements UserDetails, CredentialsContainer {
 
 	/**
 	 * Creates a UserBuilder with a specified user name
-	 *
 	 * @param username the username to use
 	 * @return the UserBuilder
 	 */
@@ -263,7 +261,6 @@ public class User implements UserDetails, CredentialsContainer {
 
 	/**
 	 * Creates a UserBuilder
-	 *
 	 * @return the UserBuilder
 	 */
 	public static UserBuilder builder() {
@@ -272,8 +269,8 @@ public class User implements UserDetails, CredentialsContainer {
 
 	/**
 	 * <p>
-	 * <b>WARNING:</b> This method is considered unsafe for production and is only intended
-	 * for sample applications.
+	 * <b>WARNING:</b> This method is considered unsafe for production and is only
+	 * intended for sample applications.
 	 * </p>
 	 * <p>
 	 * Creates a user and automatically encodes the provided password using
@@ -289,8 +286,7 @@ public class User implements UserDetails, CredentialsContainer {
 	 *     .build();
 	 * // outputs {bcrypt}$2a$10$dXJ3SW6G7P50lGmMkkmwe.20cQQubK3.HZWzG3YB1tlRy.fqvM/BG
 	 * System.out.println(user.getPassword());
-	 * </code>
-	 * </pre>
+	 * </code> </pre>
 	 *
 	 * This is not safe for production (it is intended for getting started experience)
 	 * because the password "password" is compiled into the source code and then is
@@ -300,8 +296,8 @@ public class User implements UserDetails, CredentialsContainer {
 	 * securely hashed. This means if the UserDetails password is accidentally exposed,
 	 * the password is securely stored.
 	 *
-	 * In a production setting, it is recommended to hash the password ahead of time.
-	 * For example:
+	 * In a production setting, it is recommended to hash the password ahead of time. For
+	 * example:
 	 *
 	 * <pre>
 	 * <code>
@@ -309,8 +305,7 @@ public class User implements UserDetails, CredentialsContainer {
 	 * // outputs {bcrypt}$2a$10$dXJ3SW6G7P50lGmMkkmwe.20cQQubK3.HZWzG3YB1tlRy.fqvM/BG
 	 * // remember the password that is printed out and use in the next step
 	 * System.out.println(encoder.encode("password"));
-	 * </code>
-	 * </pre>
+	 * </code> </pre>
 	 *
 	 * <pre>
 	 * <code>
@@ -318,32 +313,28 @@ public class User implements UserDetails, CredentialsContainer {
 	 *     .password("{bcrypt}$2a$10$dXJ3SW6G7P50lGmMkkmwe.20cQQubK3.HZWzG3YB1tlRy.fqvM/BG")
 	 *     .roles("USER")
 	 *     .build();
-	 * </code>
-	 * </pre>
-	 *
+	 * </code> </pre>
 	 * @return a UserBuilder that automatically encodes the password with the default
 	 * PasswordEncoder
 	 * @deprecated Using this method is not considered safe for production, but is
 	 * acceptable for demos and getting started. For production purposes, ensure the
 	 * password is encoded externally. See the method Javadoc for additional details.
-	 * There are no plans to remove this support. It is deprecated to indicate
-	 * that this is considered insecure for production purposes.
+	 * There are no plans to remove this support. It is deprecated to indicate that this
+	 * is considered insecure for production purposes.
 	 */
 	@Deprecated
 	public static UserBuilder withDefaultPasswordEncoder() {
-		logger.warn("User.withDefaultPasswordEncoder() is considered unsafe for production and is only intended for sample applications.");
+		logger.warn(
+				"User.withDefaultPasswordEncoder() is considered unsafe for production and is only intended for sample applications.");
 		PasswordEncoder encoder = PasswordEncoderFactories.createDelegatingPasswordEncoder();
 		return builder().passwordEncoder(encoder::encode);
 	}
 
 	public static UserBuilder withUserDetails(UserDetails userDetails) {
-		return withUsername(userDetails.getUsername())
-			.password(userDetails.getPassword())
-			.accountExpired(!userDetails.isAccountNonExpired())
-			.accountLocked(!userDetails.isAccountNonLocked())
-			.authorities(userDetails.getAuthorities())
-			.credentialsExpired(!userDetails.isCredentialsNonExpired())
-			.disabled(!userDetails.isEnabled());
+		return withUsername(userDetails.getUsername()).password(userDetails.getPassword())
+				.accountExpired(!userDetails.isAccountNonExpired()).accountLocked(!userDetails.isAccountNonLocked())
+				.authorities(userDetails.getAuthorities()).credentialsExpired(!userDetails.isCredentialsNonExpired())
+				.disabled(!userDetails.isEnabled());
 	}
 
 	/**
@@ -351,13 +342,21 @@ public class User implements UserDetails, CredentialsContainer {
 	 * should provided. The remaining attributes have reasonable defaults.
 	 */
 	public static class UserBuilder {
+
 		private String username;
+
 		private String password;
+
 		private List<GrantedAuthority> authorities;
+
 		private boolean accountExpired;
+
 		private boolean accountLocked;
+
 		private boolean credentialsExpired;
+
 		private boolean disabled;
+
 		private Function<String, String> passwordEncoder = password -> password;
 
 		/**
@@ -368,7 +367,6 @@ public class User implements UserDetails, CredentialsContainer {
 
 		/**
 		 * Populates the username. This attribute is required.
-		 *
 		 * @param username the username. Cannot be null.
 		 * @return the {@link UserBuilder} for method chaining (i.e. to populate
 		 * additional attributes for this user)
@@ -381,7 +379,6 @@ public class User implements UserDetails, CredentialsContainer {
 
 		/**
 		 * Populates the password. This attribute is required.
-		 *
 		 * @param password the password. Cannot be null.
 		 * @return the {@link UserBuilder} for method chaining (i.e. to populate
 		 * additional attributes for this user)
@@ -393,9 +390,8 @@ public class User implements UserDetails, CredentialsContainer {
 		}
 
 		/**
-		 * Encodes the current password (if non-null) and any future passwords supplied
-		 * to {@link #password(String)}.
-		 *
+		 * Encodes the current password (if non-null) and any future passwords supplied to
+		 * {@link #password(String)}.
 		 * @param encoder the encoder to use
 		 * @return the {@link UserBuilder} for method chaining (i.e. to populate
 		 * additional attributes for this user)
@@ -425,18 +421,16 @@ public class User implements UserDetails, CredentialsContainer {
 		 * This attribute is required, but can also be populated with
 		 * {@link #authorities(String...)}.
 		 * </p>
-		 *
 		 * @param roles the roles for this user (i.e. USER, ADMIN, etc). Cannot be null,
 		 * contain null values or start with "ROLE_"
 		 * @return the {@link UserBuilder} for method chaining (i.e. to populate
 		 * additional attributes for this user)
 		 */
 		public UserBuilder roles(String... roles) {
-			List<GrantedAuthority> authorities = new ArrayList<>(
-					roles.length);
+			List<GrantedAuthority> authorities = new ArrayList<>(roles.length);
 			for (String role : roles) {
-				Assert.isTrue(!role.startsWith("ROLE_"), () -> role
-						+ " cannot start with ROLE_ (it is automatically added)");
+				Assert.isTrue(!role.startsWith("ROLE_"),
+						() -> role + " cannot start with ROLE_ (it is automatically added)");
 				authorities.add(new SimpleGrantedAuthority("ROLE_" + role));
 			}
 			return authorities(authorities);
@@ -444,7 +438,6 @@ public class User implements UserDetails, CredentialsContainer {
 
 		/**
 		 * Populates the authorities. This attribute is required.
-		 *
 		 * @param authorities the authorities for this user. Cannot be null, or contain
 		 * null values
 		 * @return the {@link UserBuilder} for method chaining (i.e. to populate
@@ -457,7 +450,6 @@ public class User implements UserDetails, CredentialsContainer {
 
 		/**
 		 * Populates the authorities. This attribute is required.
-		 *
 		 * @param authorities the authorities for this user. Cannot be null, or contain
 		 * null values
 		 * @return the {@link UserBuilder} for method chaining (i.e. to populate
@@ -471,7 +463,6 @@ public class User implements UserDetails, CredentialsContainer {
 
 		/**
 		 * Populates the authorities. This attribute is required.
-		 *
 		 * @param authorities the authorities for this user (i.e. ROLE_USER, ROLE_ADMIN,
 		 * etc). Cannot be null, or contain null values
 		 * @return the {@link UserBuilder} for method chaining (i.e. to populate
@@ -484,7 +475,6 @@ public class User implements UserDetails, CredentialsContainer {
 
 		/**
 		 * Defines if the account is expired or not. Default is false.
-		 *
 		 * @param accountExpired true if the account is expired, false otherwise
 		 * @return the {@link UserBuilder} for method chaining (i.e. to populate
 		 * additional attributes for this user)
@@ -496,7 +486,6 @@ public class User implements UserDetails, CredentialsContainer {
 
 		/**
 		 * Defines if the account is locked or not. Default is false.
-		 *
 		 * @param accountLocked true if the account is locked, false otherwise
 		 * @return the {@link UserBuilder} for method chaining (i.e. to populate
 		 * additional attributes for this user)
@@ -508,7 +497,6 @@ public class User implements UserDetails, CredentialsContainer {
 
 		/**
 		 * Defines if the credentials are expired or not. Default is false.
-		 *
 		 * @param credentialsExpired true if the credentials are expired, false otherwise
 		 * @return the {@link UserBuilder} for method chaining (i.e. to populate
 		 * additional attributes for this user)
@@ -520,7 +508,6 @@ public class User implements UserDetails, CredentialsContainer {
 
 		/**
 		 * Defines if the account is disabled or not. Default is false.
-		 *
 		 * @param disabled true if the account is disabled, false otherwise
 		 * @return the {@link UserBuilder} for method chaining (i.e. to populate
 		 * additional attributes for this user)
@@ -532,8 +519,10 @@ public class User implements UserDetails, CredentialsContainer {
 
 		public UserDetails build() {
 			String encodedPassword = this.passwordEncoder.apply(password);
-			return new User(username, encodedPassword, !disabled, !accountExpired,
-					!credentialsExpired, !accountLocked, authorities);
+			return new User(username, encodedPassword, !disabled, !accountExpired, !credentialsExpired, !accountLocked,
+					authorities);
 		}
+
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/core/userdetails/UserCache.java b/core/src/main/java/org/springframework/security/core/userdetails/UserCache.java
index 2f250e6ff6..da71d3f6ef 100644
--- a/core/src/main/java/org/springframework/security/core/userdetails/UserCache.java
+++ b/core/src/main/java/org/springframework/security/core/userdetails/UserCache.java
@@ -33,18 +33,16 @@ package org.springframework.security.core.userdetails;
  * each time.
  *
  * @see org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
- *
  * @author Ben Alex
  */
 public interface UserCache {
+
 	// ~ Methods
 	// ========================================================================================================
 
 	/**
 	 * Obtains a {@link UserDetails} from the cache.
-	 *
 	 * @param username the {@link User#getUsername()} used to place the user in the cache
-	 *
 	 * @return the populated <code>UserDetails</code> or <code>null</code> if the user
 	 * could not be found or if the cache entry has expired
 	 */
@@ -53,7 +51,6 @@ public interface UserCache {
 	/**
 	 * Places a {@link UserDetails} in the cache. The <code>username</code> is the key
 	 * used to subsequently retrieve the <code>UserDetails</code>.
-	 *
 	 * @param user the fully populated <code>UserDetails</code> to place in the cache
 	 */
 	void putUserInCache(UserDetails user);
@@ -66,8 +63,8 @@ public interface UserCache {
 	 * Some cache implementations may not support eviction from the cache, in which case
 	 * they should provide appropriate behaviour to alter the user in either its
 	 * documentation, via an exception, or through a log message.
-	 *
 	 * @param username to be evicted from the cache
 	 */
 	void removeUserFromCache(String username);
+
 }
diff --git a/core/src/main/java/org/springframework/security/core/userdetails/UserDetails.java b/core/src/main/java/org/springframework/security/core/userdetails/UserDetails.java
index d1f83da9ef..e4a652489b 100644
--- a/core/src/main/java/org/springframework/security/core/userdetails/UserDetails.java
+++ b/core/src/main/java/org/springframework/security/core/userdetails/UserDetails.java
@@ -38,30 +38,28 @@ import java.util.Collection;
  *
  * @see UserDetailsService
  * @see UserCache
- *
  * @author Ben Alex
  */
 public interface UserDetails extends Serializable {
+
 	// ~ Methods
 	// ========================================================================================================
 
 	/**
 	 * Returns the authorities granted to the user. Cannot return <code>null</code>.
-	 *
 	 * @return the authorities, sorted by natural key (never <code>null</code>)
 	 */
 	Collection<? extends GrantedAuthority> getAuthorities();
 
 	/**
 	 * Returns the password used to authenticate the user.
-	 *
 	 * @return the password
 	 */
 	String getPassword();
 
 	/**
-	 * Returns the username used to authenticate the user. Cannot return <code>null</code>.
-	 *
+	 * Returns the username used to authenticate the user. Cannot return
+	 * <code>null</code>.
 	 * @return the username (never <code>null</code>)
 	 */
 	String getUsername();
@@ -69,7 +67,6 @@ public interface UserDetails extends Serializable {
 	/**
 	 * Indicates whether the user's account has expired. An expired account cannot be
 	 * authenticated.
-	 *
 	 * @return <code>true</code> if the user's account is valid (ie non-expired),
 	 * <code>false</code> if no longer valid (ie expired)
 	 */
@@ -78,7 +75,6 @@ public interface UserDetails extends Serializable {
 	/**
 	 * Indicates whether the user is locked or unlocked. A locked user cannot be
 	 * authenticated.
-	 *
 	 * @return <code>true</code> if the user is not locked, <code>false</code> otherwise
 	 */
 	boolean isAccountNonLocked();
@@ -86,7 +82,6 @@ public interface UserDetails extends Serializable {
 	/**
 	 * Indicates whether the user's credentials (password) has expired. Expired
 	 * credentials prevent authentication.
-	 *
 	 * @return <code>true</code> if the user's credentials are valid (ie non-expired),
 	 * <code>false</code> if no longer valid (ie expired)
 	 */
@@ -95,8 +90,8 @@ public interface UserDetails extends Serializable {
 	/**
 	 * Indicates whether the user is enabled or disabled. A disabled user cannot be
 	 * authenticated.
-	 *
 	 * @return <code>true</code> if the user is enabled, <code>false</code> otherwise
 	 */
 	boolean isEnabled();
+
 }
diff --git a/core/src/main/java/org/springframework/security/core/userdetails/UserDetailsByNameServiceWrapper.java b/core/src/main/java/org/springframework/security/core/userdetails/UserDetailsByNameServiceWrapper.java
index daea7fa063..56ca5f49be 100755
--- a/core/src/main/java/org/springframework/security/core/userdetails/UserDetailsByNameServiceWrapper.java
+++ b/core/src/main/java/org/springframework/security/core/userdetails/UserDetailsByNameServiceWrapper.java
@@ -28,8 +28,9 @@ import org.springframework.util.Assert;
  * @author Scott Battaglia
  * @since 2.0
  */
-public class UserDetailsByNameServiceWrapper<T extends Authentication> implements
-		AuthenticationUserDetailsService<T>, InitializingBean {
+public class UserDetailsByNameServiceWrapper<T extends Authentication>
+		implements AuthenticationUserDetailsService<T>, InitializingBean {
+
 	private UserDetailsService userDetailsService = null;
 
 	/**
@@ -44,7 +45,6 @@ public class UserDetailsByNameServiceWrapper<T extends Authentication> implement
 	 * Constructs a new wrapper using the supplied
 	 * {@link org.springframework.security.core.userdetails.UserDetailsService} as the
 	 * service to delegate to.
-	 *
 	 * @param userDetailsService the UserDetailsService to delegate to.
 	 */
 	public UserDetailsByNameServiceWrapper(final UserDetailsService userDetailsService) {
@@ -70,10 +70,10 @@ public class UserDetailsByNameServiceWrapper<T extends Authentication> implement
 
 	/**
 	 * Set the wrapped UserDetailsService implementation
-	 *
 	 * @param aUserDetailsService The wrapped UserDetailsService to set
 	 */
 	public void setUserDetailsService(UserDetailsService aUserDetailsService) {
 		this.userDetailsService = aUserDetailsService;
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/core/userdetails/UserDetailsChecker.java b/core/src/main/java/org/springframework/security/core/userdetails/UserDetailsChecker.java
index 706022b283..189cd5e28a 100644
--- a/core/src/main/java/org/springframework/security/core/userdetails/UserDetailsChecker.java
+++ b/core/src/main/java/org/springframework/security/core/userdetails/UserDetailsChecker.java
@@ -28,14 +28,15 @@ package org.springframework.security.core.userdetails;
  *
  * @author Luke Taylor
  * @since 2.0
- *
  * @see org.springframework.security.authentication.AccountStatusUserDetailsChecker
  * @see org.springframework.security.authentication.AccountStatusException
  */
 public interface UserDetailsChecker {
+
 	/**
 	 * Examines the User
 	 * @param toCheck the UserDetails instance whose status should be checked.
 	 */
 	void check(UserDetails toCheck);
+
 }
diff --git a/core/src/main/java/org/springframework/security/core/userdetails/UserDetailsPasswordService.java b/core/src/main/java/org/springframework/security/core/userdetails/UserDetailsPasswordService.java
index fd56992793..ed85e088aa 100644
--- a/core/src/main/java/org/springframework/security/core/userdetails/UserDetailsPasswordService.java
+++ b/core/src/main/java/org/springframework/security/core/userdetails/UserDetailsPasswordService.java
@@ -18,6 +18,7 @@ package org.springframework.security.core.userdetails;
 
 /**
  * An API for changing a {@link UserDetails} password.
+ *
  * @author Rob Winch
  * @since 5.1
  */
@@ -26,11 +27,11 @@ public interface UserDetailsPasswordService {
 	/**
 	 * Modify the specified user's password. This should change the user's password in the
 	 * persistent user repository (database, LDAP etc).
-	 *
 	 * @param user the user to modify the password for
-	 * @param newPassword the password to change to,
-	 * encoded by the configured {@code PasswordEncoder}
+	 * @param newPassword the password to change to, encoded by the configured
+	 * {@code PasswordEncoder}
 	 * @return the updated UserDetails with the new password
 	 */
 	UserDetails updatePassword(UserDetails user, String newPassword);
+
 }
diff --git a/core/src/main/java/org/springframework/security/core/userdetails/UserDetailsService.java b/core/src/main/java/org/springframework/security/core/userdetails/UserDetailsService.java
index 82f5631e35..4350d06fff 100644
--- a/core/src/main/java/org/springframework/security/core/userdetails/UserDetailsService.java
+++ b/core/src/main/java/org/springframework/security/core/userdetails/UserDetailsService.java
@@ -29,10 +29,10 @@ package org.springframework.security.core.userdetails;
  *
  * @see org.springframework.security.authentication.dao.DaoAuthenticationProvider
  * @see UserDetails
- *
  * @author Ben Alex
  */
 public interface UserDetailsService {
+
 	// ~ Methods
 	// ========================================================================================================
 
@@ -42,13 +42,11 @@ public interface UserDetailsService {
 	 * implementation instance is configured. In this case, the <code>UserDetails</code>
 	 * object that comes back may have a username that is of a different case than what
 	 * was actually requested..
-	 *
 	 * @param username the username identifying the user whose data is required.
-	 *
 	 * @return a fully populated user record (never <code>null</code>)
-	 *
 	 * @throws UsernameNotFoundException if the user could not be found or the user has no
 	 * GrantedAuthority
 	 */
 	UserDetails loadUserByUsername(String username) throws UsernameNotFoundException;
+
 }
diff --git a/core/src/main/java/org/springframework/security/core/userdetails/UsernameNotFoundException.java b/core/src/main/java/org/springframework/security/core/userdetails/UsernameNotFoundException.java
index af4e5f539a..6851e3a1b5 100644
--- a/core/src/main/java/org/springframework/security/core/userdetails/UsernameNotFoundException.java
+++ b/core/src/main/java/org/springframework/security/core/userdetails/UsernameNotFoundException.java
@@ -25,12 +25,12 @@ import org.springframework.security.core.AuthenticationException;
  * @author Ben Alex
  */
 public class UsernameNotFoundException extends AuthenticationException {
+
 	// ~ Constructors
 	// ===================================================================================================
 
 	/**
 	 * Constructs a <code>UsernameNotFoundException</code> with the specified message.
-	 *
 	 * @param msg the detail message.
 	 */
 	public UsernameNotFoundException(String msg) {
@@ -40,11 +40,11 @@ public class UsernameNotFoundException extends AuthenticationException {
 	/**
 	 * Constructs a {@code UsernameNotFoundException} with the specified message and root
 	 * cause.
-	 *
 	 * @param msg the detail message.
 	 * @param t root cause
 	 */
 	public UsernameNotFoundException(String msg, Throwable t) {
 		super(msg, t);
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/core/userdetails/cache/EhCacheBasedUserCache.java b/core/src/main/java/org/springframework/security/core/userdetails/cache/EhCacheBasedUserCache.java
index dacd1c69cf..3fdf210395 100644
--- a/core/src/main/java/org/springframework/security/core/userdetails/cache/EhCacheBasedUserCache.java
+++ b/core/src/main/java/org/springframework/security/core/userdetails/cache/EhCacheBasedUserCache.java
@@ -27,12 +27,13 @@ import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.util.Assert;
 
 /**
- * Caches <code>User</code> objects using a Spring IoC defined <A
- * HREF="https://www.ehcache.org/">EHCACHE</a>.
+ * Caches <code>User</code> objects using a Spring IoC defined
+ * <A HREF="https://www.ehcache.org/">EHCACHE</a>.
  *
  * @author Ben Alex
  */
 public class EhCacheBasedUserCache implements UserCache, InitializingBean {
+
 	// ~ Static fields/initializers
 	// =====================================================================================
 
@@ -94,4 +95,5 @@ public class EhCacheBasedUserCache implements UserCache, InitializingBean {
 	public void setCache(Ehcache cache) {
 		this.cache = cache;
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/core/userdetails/cache/NullUserCache.java b/core/src/main/java/org/springframework/security/core/userdetails/cache/NullUserCache.java
index 79f40369e5..a56f5d1672 100644
--- a/core/src/main/java/org/springframework/security/core/userdetails/cache/NullUserCache.java
+++ b/core/src/main/java/org/springframework/security/core/userdetails/cache/NullUserCache.java
@@ -25,6 +25,7 @@ import org.springframework.security.core.userdetails.UserDetails;
  * @author Ben Alex
  */
 public class NullUserCache implements UserCache {
+
 	// ~ Methods
 	// ========================================================================================================
 
@@ -37,4 +38,5 @@ public class NullUserCache implements UserCache {
 
 	public void removeUserFromCache(String username) {
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/core/userdetails/cache/SpringCacheBasedUserCache.java b/core/src/main/java/org/springframework/security/core/userdetails/cache/SpringCacheBasedUserCache.java
index 8150bd9023..b54a5dbf3b 100644
--- a/core/src/main/java/org/springframework/security/core/userdetails/cache/SpringCacheBasedUserCache.java
+++ b/core/src/main/java/org/springframework/security/core/userdetails/cache/SpringCacheBasedUserCache.java
@@ -84,4 +84,5 @@ public class SpringCacheBasedUserCache implements UserCache {
 	public void removeUserFromCache(String username) {
 		cache.evict(username);
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/core/userdetails/cache/package-info.java b/core/src/main/java/org/springframework/security/core/userdetails/cache/package-info.java
index 44ba285f8e..c4a76e87fc 100644
--- a/core/src/main/java/org/springframework/security/core/userdetails/cache/package-info.java
+++ b/core/src/main/java/org/springframework/security/core/userdetails/cache/package-info.java
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 /**
- * Implementations of {@link org.springframework.security.core.userdetails.UserCache UserCache}.
+ * Implementations of {@link org.springframework.security.core.userdetails.UserCache
+ * UserCache}.
  */
 package org.springframework.security.core.userdetails.cache;
-
diff --git a/core/src/main/java/org/springframework/security/core/userdetails/jdbc/JdbcDaoImpl.java b/core/src/main/java/org/springframework/security/core/userdetails/jdbc/JdbcDaoImpl.java
index ab271a6799..104c89814b 100644
--- a/core/src/main/java/org/springframework/security/core/userdetails/jdbc/JdbcDaoImpl.java
+++ b/core/src/main/java/org/springframework/security/core/userdetails/jdbc/JdbcDaoImpl.java
@@ -107,19 +107,20 @@ import org.springframework.util.Assert;
  * @author colin sampaleanu
  * @author Luke Taylor
  */
-public class JdbcDaoImpl extends JdbcDaoSupport
-		implements UserDetailsService, MessageSourceAware {
+public class JdbcDaoImpl extends JdbcDaoSupport implements UserDetailsService, MessageSourceAware {
+
 	// ~ Static fields/initializers
 	// =====================================================================================
 
-	public static final String DEF_USERS_BY_USERNAME_QUERY = "select username,password,enabled "
-			+ "from users " + "where username = ?";
-	public static final String DEF_AUTHORITIES_BY_USERNAME_QUERY = "select username,authority "
-			+ "from authorities " + "where username = ?";
+	public static final String DEF_USERS_BY_USERNAME_QUERY = "select username,password,enabled " + "from users "
+			+ "where username = ?";
+
+	public static final String DEF_AUTHORITIES_BY_USERNAME_QUERY = "select username,authority " + "from authorities "
+			+ "where username = ?";
+
 	public static final String DEF_GROUP_AUTHORITIES_BY_USERNAME_QUERY = "select g.id, g.group_name, ga.authority "
-			+ "from groups g, group_members gm, group_authorities ga "
-			+ "where gm.username = ? " + "and g.id = ga.group_id "
-			+ "and g.id = gm.group_id";
+			+ "from groups g, group_members gm, group_authorities ga " + "where gm.username = ? "
+			+ "and g.id = ga.group_id " + "and g.id = gm.group_id";
 
 	// ~ Instance fields
 	// ================================================================================================
@@ -127,11 +128,17 @@ public class JdbcDaoImpl extends JdbcDaoSupport
 	protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
 
 	private String authoritiesByUsernameQuery;
+
 	private String groupAuthoritiesByUsernameQuery;
+
 	private String usersByUsernameQuery;
+
 	private String rolePrefix = "";
+
 	private boolean usernameBasedPrimaryKey = true;
+
 	private boolean enableAuthorities = true;
+
 	private boolean enableGroups;
 
 	// ~ Constructors
@@ -156,13 +163,11 @@ public class JdbcDaoImpl extends JdbcDaoSupport
 	/**
 	 * Allows subclasses to add their own granted authorities to the list to be returned
 	 * in the <tt>UserDetails</tt>.
-	 *
 	 * @param username the username, for use by finder methods
 	 * @param authorities the current granted authorities, as populated from the
 	 * <code>authoritiesByUsername</code> mapping
 	 */
-	protected void addCustomAuthorities(String username,
-			List<GrantedAuthority> authorities) {
+	protected void addCustomAuthorities(String username, List<GrantedAuthority> authorities) {
 	}
 
 	public String getUsersByUsernameQuery() {
@@ -176,16 +181,14 @@ public class JdbcDaoImpl extends JdbcDaoSupport
 	}
 
 	@Override
-	public UserDetails loadUserByUsername(String username)
-			throws UsernameNotFoundException {
+	public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
 		List<UserDetails> users = loadUsersByUsername(username);
 
 		if (users.size() == 0) {
 			this.logger.debug("Query returned no results for user '" + username + "'");
 
-			throw new UsernameNotFoundException(
-					this.messages.getMessage("JdbcDaoImpl.notFound",
-							new Object[] { username }, "Username {0} not found"));
+			throw new UsernameNotFoundException(this.messages.getMessage("JdbcDaoImpl.notFound",
+					new Object[] { username }, "Username {0} not found"));
 		}
 
 		UserDetails user = users.get(0); // contains no GrantedAuthority[]
@@ -205,12 +208,10 @@ public class JdbcDaoImpl extends JdbcDaoSupport
 		addCustomAuthorities(user.getUsername(), dbAuths);
 
 		if (dbAuths.size() == 0) {
-			this.logger.debug("User '" + username
-					+ "' has no authorities and will be treated as 'not found'");
+			this.logger.debug("User '" + username + "' has no authorities and will be treated as 'not found'");
 
-			throw new UsernameNotFoundException(this.messages.getMessage(
-					"JdbcDaoImpl.noAuthority", new Object[] { username },
-					"User {0} has no GrantedAuthority"));
+			throw new UsernameNotFoundException(this.messages.getMessage("JdbcDaoImpl.noAuthority",
+					new Object[] { username }, "User {0} has no GrantedAuthority"));
 		}
 
 		return createUserDetails(username, user, dbAuths);
@@ -221,39 +222,34 @@ public class JdbcDaoImpl extends JdbcDaoSupport
 	 * objects. There should normally only be one matching user.
 	 */
 	protected List<UserDetails> loadUsersByUsername(String username) {
-		return getJdbcTemplate().query(this.usersByUsernameQuery,
-				new String[] { username }, (rs, rowNum) -> {
-					String username1 = rs.getString(1);
-					String password = rs.getString(2);
-					boolean enabled = rs.getBoolean(3);
-					return new User(username1, password, enabled, true, true, true,
-							AuthorityUtils.NO_AUTHORITIES);
-				});
+		return getJdbcTemplate().query(this.usersByUsernameQuery, new String[] { username }, (rs, rowNum) -> {
+			String username1 = rs.getString(1);
+			String password = rs.getString(2);
+			boolean enabled = rs.getBoolean(3);
+			return new User(username1, password, enabled, true, true, true, AuthorityUtils.NO_AUTHORITIES);
+		});
 	}
 
 	/**
 	 * Loads authorities by executing the SQL from <tt>authoritiesByUsernameQuery</tt>.
-	 *
 	 * @return a list of GrantedAuthority objects for the user
 	 */
 	protected List<GrantedAuthority> loadUserAuthorities(String username) {
-		return getJdbcTemplate().query(this.authoritiesByUsernameQuery,
-				new String[] { username }, (rs, rowNum) -> {
-					String roleName = JdbcDaoImpl.this.rolePrefix + rs.getString(2);
+		return getJdbcTemplate().query(this.authoritiesByUsernameQuery, new String[] { username }, (rs, rowNum) -> {
+			String roleName = JdbcDaoImpl.this.rolePrefix + rs.getString(2);
 
-					return new SimpleGrantedAuthority(roleName);
-				});
+			return new SimpleGrantedAuthority(roleName);
+		});
 	}
 
 	/**
 	 * Loads authorities by executing the SQL from
 	 * <tt>groupAuthoritiesByUsernameQuery</tt>.
-	 *
 	 * @return a list of GrantedAuthority objects for the user
 	 */
 	protected List<GrantedAuthority> loadGroupAuthorities(String username) {
-		return getJdbcTemplate().query(this.groupAuthoritiesByUsernameQuery,
-				new String[] { username }, (rs, rowNum) -> {
+		return getJdbcTemplate().query(this.groupAuthoritiesByUsernameQuery, new String[] { username },
+				(rs, rowNum) -> {
 					String roleName = getRolePrefix() + rs.getString(3);
 
 					return new SimpleGrantedAuthority(roleName);
@@ -263,33 +259,31 @@ public class JdbcDaoImpl extends JdbcDaoSupport
 	/**
 	 * Can be overridden to customize the creation of the final UserDetailsObject which is
 	 * returned by the <tt>loadUserByUsername</tt> method.
-	 *
 	 * @param username the name originally passed to loadUserByUsername
 	 * @param userFromUserQuery the object returned from the execution of the
 	 * @param combinedAuthorities the combined array of authorities from all the authority
 	 * loading queries.
 	 * @return the final UserDetails which should be used in the system.
 	 */
-	protected UserDetails createUserDetails(String username,
-			UserDetails userFromUserQuery, List<GrantedAuthority> combinedAuthorities) {
+	protected UserDetails createUserDetails(String username, UserDetails userFromUserQuery,
+			List<GrantedAuthority> combinedAuthorities) {
 		String returnUsername = userFromUserQuery.getUsername();
 
 		if (!this.usernameBasedPrimaryKey) {
 			returnUsername = username;
 		}
 
-		return new User(returnUsername, userFromUserQuery.getPassword(),
-				userFromUserQuery.isEnabled(), userFromUserQuery.isAccountNonExpired(),
-				userFromUserQuery.isCredentialsNonExpired(), userFromUserQuery.isAccountNonLocked(), combinedAuthorities);
+		return new User(returnUsername, userFromUserQuery.getPassword(), userFromUserQuery.isEnabled(),
+				userFromUserQuery.isAccountNonExpired(), userFromUserQuery.isCredentialsNonExpired(),
+				userFromUserQuery.isAccountNonLocked(), combinedAuthorities);
 	}
 
 	/**
 	 * Allows the default query string used to retrieve authorities based on username to
 	 * be overridden, if default table or column names need to be changed. The default
 	 * query is {@link #DEF_AUTHORITIES_BY_USERNAME_QUERY}; when modifying this query,
-	 * ensure that all returned columns are mapped back to the same column positions as in the
-	 * default query.
-	 *
+	 * ensure that all returned columns are mapped back to the same column positions as in
+	 * the default query.
 	 * @param queryString The SQL query string to set
 	 */
 	public void setAuthoritiesByUsernameQuery(String queryString) {
@@ -306,7 +300,6 @@ public class JdbcDaoImpl extends JdbcDaoSupport
 	 * default query is {@link #DEF_GROUP_AUTHORITIES_BY_USERNAME_QUERY}; when modifying
 	 * this query, ensure that all returned columns are mapped back to the same column
 	 * positions as in the default query.
-	 *
 	 * @param queryString The SQL query string to set
 	 */
 	public void setGroupAuthoritiesByUsernameQuery(String queryString) {
@@ -319,7 +312,6 @@ public class JdbcDaoImpl extends JdbcDaoSupport
 	 * example be used to add the <tt>ROLE_</tt> prefix expected to exist in role names
 	 * (by default) by some other Spring Security classes, in the case that the prefix is
 	 * not already present in the db.
-	 *
 	 * @param rolePrefix the new prefix
 	 */
 	public void setRolePrefix(String rolePrefix) {
@@ -338,7 +330,6 @@ public class JdbcDaoImpl extends JdbcDaoSupport
 	 * <code>UserDetails</code>. If <code>false</code>, the class will use the
 	 * {@link #loadUserByUsername(String)} derived username in the returned
 	 * <code>UserDetails</code>.
-	 *
 	 * @param usernameBasedPrimaryKey <code>true</code> if the mapping queries return the
 	 * username <code>String</code>, or <code>false</code> if the mapping returns a
 	 * database primary key.
@@ -355,14 +346,13 @@ public class JdbcDaoImpl extends JdbcDaoSupport
 	 * Allows the default query string used to retrieve users based on username to be
 	 * overridden, if default table or column names need to be changed. The default query
 	 * is {@link #DEF_USERS_BY_USERNAME_QUERY}; when modifying this query, ensure that all
-	 * returned columns are mapped back to the same column positions as in the default query.
-	 * If the 'enabled' column does not exist in the source database, a permanent true
-	 * value for this column may be returned by using a query similar to
+	 * returned columns are mapped back to the same column positions as in the default
+	 * query. If the 'enabled' column does not exist in the source database, a permanent
+	 * true value for this column may be returned by using a query similar to
 	 *
 	 * <pre>
 	 * &quot;select username,password,'true' as enabled from users where username = ?&quot;
 	 * </pre>
-	 *
 	 * @param usersByUsernameQueryString The query string to set
 	 */
 	public void setUsersByUsernameQuery(String usersByUsernameQueryString) {
@@ -397,4 +387,5 @@ public class JdbcDaoImpl extends JdbcDaoSupport
 		Assert.notNull(messageSource, "messageSource cannot be null");
 		this.messages = new MessageSourceAccessor(messageSource);
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/core/userdetails/jdbc/package-info.java b/core/src/main/java/org/springframework/security/core/userdetails/jdbc/package-info.java
index 75238a665c..b9b4155d19 100644
--- a/core/src/main/java/org/springframework/security/core/userdetails/jdbc/package-info.java
+++ b/core/src/main/java/org/springframework/security/core/userdetails/jdbc/package-info.java
@@ -18,4 +18,3 @@
  * {@code org.springframework.security.core.userdetails.UserDetailsService UserDetailsService}.
  */
 package org.springframework.security.core.userdetails.jdbc;
-
diff --git a/core/src/main/java/org/springframework/security/core/userdetails/memory/UserAttribute.java b/core/src/main/java/org/springframework/security/core/userdetails/memory/UserAttribute.java
index 0499931865..5e380c780b 100644
--- a/core/src/main/java/org/springframework/security/core/userdetails/memory/UserAttribute.java
+++ b/core/src/main/java/org/springframework/security/core/userdetails/memory/UserAttribute.java
@@ -24,17 +24,20 @@ import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 
 /**
- * Used by {@link org.springframework.security.provisioning.InMemoryUserDetailsManager} to temporarily store the attributes associated with a
- * user.
+ * Used by {@link org.springframework.security.provisioning.InMemoryUserDetailsManager} to
+ * temporarily store the attributes associated with a user.
  *
  * @author Ben Alex
  */
 public class UserAttribute {
+
 	// ~ Instance fields
 	// ================================================================================================
 
 	private List<GrantedAuthority> authorities = new Vector<>();
+
 	private String password;
+
 	private boolean enabled = true;
 
 	// ~ Methods
@@ -50,7 +53,6 @@ public class UserAttribute {
 
 	/**
 	 * Set all authorities for this user.
-	 *
 	 * @param authorities {@link List} &lt;{@link GrantedAuthority}&gt;
 	 * @since 1.1
 	 */
@@ -61,7 +63,6 @@ public class UserAttribute {
 	/**
 	 * Set all authorities for this user from String values. It will create the necessary
 	 * {@link GrantedAuthority} objects.
-	 *
 	 * @param authoritiesAsStrings {@link List} &lt;{@link String}&gt;
 	 * @since 1.1
 	 */
@@ -96,4 +97,5 @@ public class UserAttribute {
 	public void setPassword(String password) {
 		this.password = password;
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/core/userdetails/memory/UserAttributeEditor.java b/core/src/main/java/org/springframework/security/core/userdetails/memory/UserAttributeEditor.java
index ab4248a767..ffe713b5ae 100644
--- a/core/src/main/java/org/springframework/security/core/userdetails/memory/UserAttributeEditor.java
+++ b/core/src/main/java/org/springframework/security/core/userdetails/memory/UserAttributeEditor.java
@@ -29,6 +29,7 @@ import org.springframework.util.StringUtils;
  * @author Ben Alex
  */
 public class UserAttributeEditor extends PropertyEditorSupport {
+
 	// ~ Methods
 	// ========================================================================================================
 
@@ -70,4 +71,5 @@ public class UserAttributeEditor extends PropertyEditorSupport {
 			setValue(null);
 		}
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/core/userdetails/memory/package-info.java b/core/src/main/java/org/springframework/security/core/userdetails/memory/package-info.java
index cc7550c568..6e9c74c013 100644
--- a/core/src/main/java/org/springframework/security/core/userdetails/memory/package-info.java
+++ b/core/src/main/java/org/springframework/security/core/userdetails/memory/package-info.java
@@ -17,4 +17,3 @@
  * Exposes an in-memory authentication repository.
  */
 package org.springframework.security.core.userdetails.memory;
-
diff --git a/core/src/main/java/org/springframework/security/core/userdetails/package-info.java b/core/src/main/java/org/springframework/security/core/userdetails/package-info.java
index 1f68a69eec..522724b0e5 100644
--- a/core/src/main/java/org/springframework/security/core/userdetails/package-info.java
+++ b/core/src/main/java/org/springframework/security/core/userdetails/package-info.java
@@ -16,9 +16,11 @@
 /**
  * The standard interfaces for implementing user data DAOs.
  * <p>
- * Can be the traditional {@link org.springframework.security.core.userdetails.UserDetailsService UserDetailsService}
- * which uses a unique username to identify the user or, for more complex requirements, the
- * {@link org.springframework.security.core.userdetails.AuthenticationUserDetailsService AuthenticationUserDetailsService}.
+ * Can be the traditional
+ * {@link org.springframework.security.core.userdetails.UserDetailsService
+ * UserDetailsService} which uses a unique username to identify the user or, for more
+ * complex requirements, the
+ * {@link org.springframework.security.core.userdetails.AuthenticationUserDetailsService
+ * AuthenticationUserDetailsService}.
  */
 package org.springframework.security.core.userdetails;
-
diff --git a/core/src/main/java/org/springframework/security/jackson2/AnonymousAuthenticationTokenMixin.java b/core/src/main/java/org/springframework/security/jackson2/AnonymousAuthenticationTokenMixin.java
index 02ad8851f4..062f760f64 100644
--- a/core/src/main/java/org/springframework/security/jackson2/AnonymousAuthenticationTokenMixin.java
+++ b/core/src/main/java/org/springframework/security/jackson2/AnonymousAuthenticationTokenMixin.java
@@ -23,10 +23,11 @@ import java.util.Collection;
 
 /**
  * This is a Jackson mixin class helps in serialize/deserialize
- * {@link org.springframework.security.authentication.AnonymousAuthenticationToken} class. To use this class you need to register it
- * with {@link com.fasterxml.jackson.databind.ObjectMapper} and {@link SimpleGrantedAuthorityMixin} because
- * AnonymousAuthenticationToken contains SimpleGrantedAuthority.
- * <pre>
+ * {@link org.springframework.security.authentication.AnonymousAuthenticationToken} class.
+ * To use this class you need to register it with
+ * {@link com.fasterxml.jackson.databind.ObjectMapper} and
+ * {@link SimpleGrantedAuthorityMixin} because AnonymousAuthenticationToken contains
+ * SimpleGrantedAuthority. <pre>
  *     ObjectMapper mapper = new ObjectMapper();
  *     mapper.registerModule(new CoreJackson2Module());
  * </pre>
@@ -45,15 +46,17 @@ import java.util.Collection;
 class AnonymousAuthenticationTokenMixin {
 
 	/**
-	 * Constructor used by Jackson to create object of {@link org.springframework.security.authentication.AnonymousAuthenticationToken}.
-	 *
+	 * Constructor used by Jackson to create object of
+	 * {@link org.springframework.security.authentication.AnonymousAuthenticationToken}.
 	 * @param keyHash hashCode of key provided at the time of token creation by using
-	 *                {@link org.springframework.security.authentication.AnonymousAuthenticationToken#AnonymousAuthenticationToken(String, Object, Collection)}
+	 * {@link org.springframework.security.authentication.AnonymousAuthenticationToken#AnonymousAuthenticationToken(String, Object, Collection)}
 	 * @param principal the principal (typically a <code>UserDetails</code>)
 	 * @param authorities the authorities granted to the principal
 	 */
 	@JsonCreator
-	AnonymousAuthenticationTokenMixin(@JsonProperty("keyHash") Integer keyHash, @JsonProperty("principal") Object principal,
-												@JsonProperty("authorities") Collection<? extends GrantedAuthority> authorities) {
+	AnonymousAuthenticationTokenMixin(@JsonProperty("keyHash") Integer keyHash,
+			@JsonProperty("principal") Object principal,
+			@JsonProperty("authorities") Collection<? extends GrantedAuthority> authorities) {
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/jackson2/BadCredentialsExceptionMixin.java b/core/src/main/java/org/springframework/security/jackson2/BadCredentialsExceptionMixin.java
index 1c47950d7c..9eaaabd5ca 100644
--- a/core/src/main/java/org/springframework/security/jackson2/BadCredentialsExceptionMixin.java
+++ b/core/src/main/java/org/springframework/security/jackson2/BadCredentialsExceptionMixin.java
@@ -22,31 +22,33 @@ import com.fasterxml.jackson.annotation.JsonTypeInfo;
 
 /**
  * This mixin class helps in serialize/deserialize
- * {@link org.springframework.security.authentication.BadCredentialsException} class. To use this class you need to
- * register it with {@link com.fasterxml.jackson.databind.ObjectMapper}.
+ * {@link org.springframework.security.authentication.BadCredentialsException} class. To
+ * use this class you need to register it with
+ * {@link com.fasterxml.jackson.databind.ObjectMapper}.
  *
  * <pre>
  *     ObjectMapper mapper = new ObjectMapper();
  *     mapper.registerModule(new CoreJackson2Module());
  * </pre>
  *
- * <i>Note: This class will save TypeInfo (full class name) into a property called @class</i>
- * <i>The cause and stackTrace are ignored in the serialization.</i>
+ * <i>Note: This class will save TypeInfo (full class name) into a property
+ * called @class</i> <i>The cause and stackTrace are ignored in the serialization.</i>
  *
  * @author Yannick Lombardi
  * @see CoreJackson2Module
  * @since 5.0
  */
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY)
-@JsonIgnoreProperties(ignoreUnknown = true, value = {"cause", "stackTrace"})
+@JsonIgnoreProperties(ignoreUnknown = true, value = { "cause", "stackTrace" })
 class BadCredentialsExceptionMixin {
 
 	/**
 	 * Constructor used by Jackson to create
 	 * {@link org.springframework.security.authentication.BadCredentialsException} object.
-	 *
 	 * @param message the detail message
 	 */
 	@JsonCreator
-	BadCredentialsExceptionMixin(@JsonProperty("message") String message) {}
+	BadCredentialsExceptionMixin(@JsonProperty("message") String message) {
+	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/jackson2/CoreJackson2Module.java b/core/src/main/java/org/springframework/security/jackson2/CoreJackson2Module.java
index 8e50b2fff3..ab54087070 100644
--- a/core/src/main/java/org/springframework/security/jackson2/CoreJackson2Module.java
+++ b/core/src/main/java/org/springframework/security/jackson2/CoreJackson2Module.java
@@ -28,17 +28,19 @@ import org.springframework.security.core.userdetails.User;
 import java.util.Collections;
 
 /**
- * Jackson module for spring-security-core. This module register {@link AnonymousAuthenticationTokenMixin},
- * {@link RememberMeAuthenticationTokenMixin}, {@link SimpleGrantedAuthorityMixin}, {@link UnmodifiableSetMixin},
- * {@link UserMixin} and {@link UsernamePasswordAuthenticationTokenMixin}. If no default typing enabled by default then
- * it'll enable it because typing info is needed to properly serialize/deserialize objects. In order to use this module just
- * add this module into your ObjectMapper configuration.
+ * Jackson module for spring-security-core. This module register
+ * {@link AnonymousAuthenticationTokenMixin}, {@link RememberMeAuthenticationTokenMixin},
+ * {@link SimpleGrantedAuthorityMixin}, {@link UnmodifiableSetMixin}, {@link UserMixin}
+ * and {@link UsernamePasswordAuthenticationTokenMixin}. If no default typing enabled by
+ * default then it'll enable it because typing info is needed to properly
+ * serialize/deserialize objects. In order to use this module just add this module into
+ * your ObjectMapper configuration.
  *
  * <pre>
  *     ObjectMapper mapper = new ObjectMapper();
  *     mapper.registerModule(new CoreJackson2Module());
- * </pre>
- * <b>Note: use {@link SecurityJackson2Modules#getModules(ClassLoader)} to get list of all security modules.</b>
+ * </pre> <b>Note: use {@link SecurityJackson2Modules#getModules(ClassLoader)} to get list
+ * of all security modules.</b>
  *
  * @author Jitendra Singh.
  * @see SecurityJackson2Modules
@@ -57,10 +59,14 @@ public class CoreJackson2Module extends SimpleModule {
 		context.setMixInAnnotations(AnonymousAuthenticationToken.class, AnonymousAuthenticationTokenMixin.class);
 		context.setMixInAnnotations(RememberMeAuthenticationToken.class, RememberMeAuthenticationTokenMixin.class);
 		context.setMixInAnnotations(SimpleGrantedAuthority.class, SimpleGrantedAuthorityMixin.class);
-		context.setMixInAnnotations(Collections.<Object>unmodifiableSet(Collections.emptySet()).getClass(), UnmodifiableSetMixin.class);
-		context.setMixInAnnotations(Collections.<Object>unmodifiableList(Collections.emptyList()).getClass(), UnmodifiableListMixin.class);
+		context.setMixInAnnotations(Collections.<Object>unmodifiableSet(Collections.emptySet()).getClass(),
+				UnmodifiableSetMixin.class);
+		context.setMixInAnnotations(Collections.<Object>unmodifiableList(Collections.emptyList()).getClass(),
+				UnmodifiableListMixin.class);
 		context.setMixInAnnotations(User.class, UserMixin.class);
-		context.setMixInAnnotations(UsernamePasswordAuthenticationToken.class, UsernamePasswordAuthenticationTokenMixin.class);
+		context.setMixInAnnotations(UsernamePasswordAuthenticationToken.class,
+				UsernamePasswordAuthenticationTokenMixin.class);
 		context.setMixInAnnotations(BadCredentialsException.class, BadCredentialsExceptionMixin.class);
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/jackson2/RememberMeAuthenticationTokenMixin.java b/core/src/main/java/org/springframework/security/jackson2/RememberMeAuthenticationTokenMixin.java
index 3274a2c779..cf92e4e1b4 100644
--- a/core/src/main/java/org/springframework/security/jackson2/RememberMeAuthenticationTokenMixin.java
+++ b/core/src/main/java/org/springframework/security/jackson2/RememberMeAuthenticationTokenMixin.java
@@ -23,13 +23,14 @@ import java.util.Collection;
 
 /**
  * This mixin class helps in serialize/deserialize
- * {@link org.springframework.security.authentication.RememberMeAuthenticationToken} class. To use this class you need to register it
- * with {@link com.fasterxml.jackson.databind.ObjectMapper} and 2 more mixin classes.
+ * {@link org.springframework.security.authentication.RememberMeAuthenticationToken}
+ * class. To use this class you need to register it with
+ * {@link com.fasterxml.jackson.databind.ObjectMapper} and 2 more mixin classes.
  *
  * <ol>
- *     <li>{@link SimpleGrantedAuthorityMixin}</li>
- *     <li>{@link UserMixin}</li>
- *     <li>{@link UnmodifiableSetMixin}</li>
+ * <li>{@link SimpleGrantedAuthorityMixin}</li>
+ * <li>{@link UserMixin}</li>
+ * <li>{@link UnmodifiableSetMixin}</li>
  * </ol>
  *
  * <pre>
@@ -37,7 +38,8 @@ import java.util.Collection;
  *     mapper.registerModule(new CoreJackson2Module());
  * </pre>
  *
- * <i>Note: This class will save TypeInfo (full class name) into a property called @class</i>
+ * <i>Note: This class will save TypeInfo (full class name) into a property
+ * called @class</i>
  *
  * @author Jitendra Singh
  * @see CoreJackson2Module
@@ -52,15 +54,16 @@ class RememberMeAuthenticationTokenMixin {
 
 	/**
 	 * Constructor used by Jackson to create
-	 * {@link org.springframework.security.authentication.RememberMeAuthenticationToken} object.
-	 *
+	 * {@link org.springframework.security.authentication.RememberMeAuthenticationToken}
+	 * object.
 	 * @param keyHash hashCode of above given key.
 	 * @param principal the principal (typically a <code>UserDetails</code>)
 	 * @param authorities the authorities granted to the principal
 	 */
 	@JsonCreator
 	RememberMeAuthenticationTokenMixin(@JsonProperty("keyHash") Integer keyHash,
-												@JsonProperty("principal") Object principal,
-												@JsonProperty("authorities") Collection<? extends GrantedAuthority> authorities) {
+			@JsonProperty("principal") Object principal,
+			@JsonProperty("authorities") Collection<? extends GrantedAuthority> authorities) {
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/jackson2/SecurityJackson2Modules.java b/core/src/main/java/org/springframework/security/jackson2/SecurityJackson2Modules.java
index 011ee95b1a..be52de8c65 100644
--- a/core/src/main/java/org/springframework/security/jackson2/SecurityJackson2Modules.java
+++ b/core/src/main/java/org/springframework/security/jackson2/SecurityJackson2Modules.java
@@ -50,8 +50,7 @@ import java.util.Set;
  * <pre>
  *     ObjectMapper mapper = new ObjectMapper();
  *     mapper.registerModules(SecurityJackson2Modules.getModules());
- * </pre>
- * Above code is equivalent to
+ * </pre> Above code is equivalent to
  * <p>
  * <pre>
  *     ObjectMapper mapper = new ObjectMapper();
@@ -70,18 +69,18 @@ import java.util.Set;
 public final class SecurityJackson2Modules {
 
 	private static final Log logger = LogFactory.getLog(SecurityJackson2Modules.class);
+
 	private static final List<String> securityJackson2ModuleClasses = Arrays.asList(
 			"org.springframework.security.jackson2.CoreJackson2Module",
 			"org.springframework.security.cas.jackson2.CasJackson2Module",
 			"org.springframework.security.web.jackson2.WebJackson2Module",
-			"org.springframework.security.web.server.jackson2.WebServerJackson2Module"
-	);
-	private static final String webServletJackson2ModuleClass =
-			"org.springframework.security.web.jackson2.WebServletJackson2Module";
-	private static final String oauth2ClientJackson2ModuleClass =
-			"org.springframework.security.oauth2.client.jackson2.OAuth2ClientJackson2Module";
-	private static final String javaTimeJackson2ModuleClass =
-			"com.fasterxml.jackson.datatype.jsr310.JavaTimeModule";
+			"org.springframework.security.web.server.jackson2.WebServerJackson2Module");
+
+	private static final String webServletJackson2ModuleClass = "org.springframework.security.web.jackson2.WebServletJackson2Module";
+
+	private static final String oauth2ClientJackson2ModuleClass = "org.springframework.security.oauth2.client.jackson2.OAuth2ClientJackson2Module";
+
+	private static final String javaTimeJackson2ModuleClass = "com.fasterxml.jackson.datatype.jsr310.JavaTimeModule";
 
 	private SecurityJackson2Modules() {
 	}
@@ -106,7 +105,8 @@ public final class SecurityJackson2Modules {
 				}
 				instance = securityModule.newInstance();
 			}
-		} catch (Exception e) {
+		}
+		catch (Exception e) {
 			if (logger.isDebugEnabled()) {
 				logger.debug("Cannot load module " + className, e);
 			}
@@ -136,8 +136,8 @@ public final class SecurityJackson2Modules {
 	}
 
 	/**
-	 * @param loader    the ClassLoader to use
-	 * @param modules   list of the modules to add
+	 * @param loader the ClassLoader to use
+	 * @param modules list of the modules to add
 	 * @param className name of the class to instantiate
 	 */
 	private static void addToModulesList(ClassLoader loader, List<Module> modules, String className) {
@@ -152,60 +152,52 @@ public final class SecurityJackson2Modules {
 	 * @return a TypeResolverBuilder that restricts allowed types.
 	 */
 	private static TypeResolverBuilder<? extends TypeResolverBuilder> createAllowlistedDefaultTyping() {
-		TypeResolverBuilder<? extends TypeResolverBuilder>  result = new AllowlistTypeResolverBuilder(ObjectMapper.DefaultTyping.NON_FINAL);
+		TypeResolverBuilder<? extends TypeResolverBuilder> result = new AllowlistTypeResolverBuilder(
+				ObjectMapper.DefaultTyping.NON_FINAL);
 		result = result.init(JsonTypeInfo.Id.CLASS, null);
 		result = result.inclusion(JsonTypeInfo.As.PROPERTY);
 		return result;
 	}
 
 	/**
-	 * An implementation of {@link ObjectMapper.DefaultTypeResolverBuilder}
-	 * that inserts an {@code allow all} {@link PolymorphicTypeValidator}
-	 * and overrides the {@code TypeIdResolver}
+	 * An implementation of {@link ObjectMapper.DefaultTypeResolverBuilder} that inserts
+	 * an {@code allow all} {@link PolymorphicTypeValidator} and overrides the
+	 * {@code TypeIdResolver}
+	 *
 	 * @author Rob Winch
 	 */
 	static class AllowlistTypeResolverBuilder extends ObjectMapper.DefaultTypeResolverBuilder {
 
 		AllowlistTypeResolverBuilder(ObjectMapper.DefaultTyping defaultTyping) {
-			super(
-					defaultTyping,
-					//we do explicit validation in the TypeIdResolver
-					BasicPolymorphicTypeValidator.builder()
-							.allowIfSubType(Object.class)
-							.build()
-			);
+			super(defaultTyping,
+					// we do explicit validation in the TypeIdResolver
+					BasicPolymorphicTypeValidator.builder().allowIfSubType(Object.class).build());
 		}
 
 		@Override
-		protected TypeIdResolver idResolver(MapperConfig<?> config,
-				JavaType baseType,
-				PolymorphicTypeValidator subtypeValidator,
-				Collection<NamedType> subtypes, boolean forSer, boolean forDeser) {
+		protected TypeIdResolver idResolver(MapperConfig<?> config, JavaType baseType,
+				PolymorphicTypeValidator subtypeValidator, Collection<NamedType> subtypes, boolean forSer,
+				boolean forDeser) {
 			TypeIdResolver result = super.idResolver(config, baseType, subtypeValidator, subtypes, forSer, forDeser);
 			return new AllowlistTypeIdResolver(result);
 		}
+
 	}
 
 	/**
-	 * A {@link TypeIdResolver} that delegates to an existing implementation and throws an IllegalStateException if the
-	 * class being looked up is not in the allowlist, does not provide an explicit mixin, and is not annotated with Jackson
-	 * mappings. See https://github.com/spring-projects/spring-security/issues/4370
+	 * A {@link TypeIdResolver} that delegates to an existing implementation and throws an
+	 * IllegalStateException if the class being looked up is not in the allowlist, does
+	 * not provide an explicit mixin, and is not annotated with Jackson mappings. See
+	 * https://github.com/spring-projects/spring-security/issues/4370
 	 */
 	static class AllowlistTypeIdResolver implements TypeIdResolver {
-		private static final Set<String> ALLOWLIST_CLASS_NAMES = Collections.unmodifiableSet(new HashSet(Arrays.asList(
-			"java.util.ArrayList",
-			"java.util.Collections$EmptyList",
-			"java.util.Collections$EmptyMap",
-			"java.util.Collections$UnmodifiableRandomAccessList",
-			"java.util.Collections$SingletonList",
-			"java.util.Date",
-			"java.time.Instant",
-			"java.net.URL",
-			"java.util.TreeMap",
-			"java.util.HashMap",
-			"java.util.LinkedHashMap",
-			"org.springframework.security.core.context.SecurityContextImpl"
-		)));
+
+		private static final Set<String> ALLOWLIST_CLASS_NAMES = Collections
+				.unmodifiableSet(new HashSet(Arrays.asList("java.util.ArrayList", "java.util.Collections$EmptyList",
+						"java.util.Collections$EmptyMap", "java.util.Collections$UnmodifiableRandomAccessList",
+						"java.util.Collections$SingletonList", "java.util.Date", "java.time.Instant", "java.net.URL",
+						"java.util.TreeMap", "java.util.HashMap", "java.util.LinkedHashMap",
+						"org.springframework.security.core.context.SecurityContextImpl")));
 
 		private final TypeIdResolver delegate;
 
@@ -245,14 +237,16 @@ public final class SecurityJackson2Modules {
 			if (isExplicitMixin) {
 				return result;
 			}
-			JacksonAnnotation jacksonAnnotation = AnnotationUtils.findAnnotation(result.getRawClass(), JacksonAnnotation.class);
+			JacksonAnnotation jacksonAnnotation = AnnotationUtils.findAnnotation(result.getRawClass(),
+					JacksonAnnotation.class);
 			if (jacksonAnnotation != null) {
 				return result;
 			}
-			throw new IllegalArgumentException("The class with " + id + " and name of " + className + " is not in the allowlist. " +
-				"If you believe this class is safe to deserialize, please provide an explicit mapping using Jackson annotations or by providing a Mixin. " +
-				"If the serialization is only done by a trusted source, you can also enable default typing. " +
-				"See https://github.com/spring-projects/spring-security/issues/4370 for details");
+			throw new IllegalArgumentException("The class with " + id + " and name of " + className
+					+ " is not in the allowlist. "
+					+ "If you believe this class is safe to deserialize, please provide an explicit mapping using Jackson annotations or by providing a Mixin. "
+					+ "If the serialization is only done by a trusted source, you can also enable default typing. "
+					+ "See https://github.com/spring-projects/spring-security/issues/4370 for details");
 		}
 
 		private boolean isInAllowlist(String id) {
@@ -270,4 +264,5 @@ public final class SecurityJackson2Modules {
 		}
 
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/jackson2/SimpleGrantedAuthorityMixin.java b/core/src/main/java/org/springframework/security/jackson2/SimpleGrantedAuthorityMixin.java
index 4fa8558dc3..55fee7fe68 100644
--- a/core/src/main/java/org/springframework/security/jackson2/SimpleGrantedAuthorityMixin.java
+++ b/core/src/main/java/org/springframework/security/jackson2/SimpleGrantedAuthorityMixin.java
@@ -26,14 +26,15 @@ import com.fasterxml.jackson.annotation.*;
  *     ObjectMapper mapper = new ObjectMapper();
  *     mapper.registerModule(new CoreJackson2Module());
  * </pre>
+ *
  * @author Jitendra Singh
  * @see CoreJackson2Module
  * @see SecurityJackson2Modules
  * @since 4.2
  */
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY)
-@JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.NONE, getterVisibility = JsonAutoDetect.Visibility.PUBLIC_ONLY,
-		isGetterVisibility = JsonAutoDetect.Visibility.NONE)
+@JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.NONE,
+		getterVisibility = JsonAutoDetect.Visibility.PUBLIC_ONLY, isGetterVisibility = JsonAutoDetect.Visibility.NONE)
 @JsonIgnoreProperties(ignoreUnknown = true)
 public abstract class SimpleGrantedAuthorityMixin {
 
@@ -44,4 +45,5 @@ public abstract class SimpleGrantedAuthorityMixin {
 	@JsonCreator
 	public SimpleGrantedAuthorityMixin(@JsonProperty("authority") String role) {
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/jackson2/UnmodifiableListDeserializer.java b/core/src/main/java/org/springframework/security/jackson2/UnmodifiableListDeserializer.java
index af4075f014..a8b3273ceb 100644
--- a/core/src/main/java/org/springframework/security/jackson2/UnmodifiableListDeserializer.java
+++ b/core/src/main/java/org/springframework/security/jackson2/UnmodifiableListDeserializer.java
@@ -49,10 +49,12 @@ class UnmodifiableListDeserializer extends JsonDeserializer<List> {
 				for (JsonNode elementNode : arrayNode) {
 					result.add(mapper.readValue(elementNode.traverse(mapper), Object.class));
 				}
-			} else {
+			}
+			else {
 				result.add(mapper.readValue(node.traverse(mapper), Object.class));
 			}
 		}
 		return Collections.unmodifiableList(result);
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/jackson2/UnmodifiableListMixin.java b/core/src/main/java/org/springframework/security/jackson2/UnmodifiableListMixin.java
index b5fb86e76c..b42d63a6cb 100644
--- a/core/src/main/java/org/springframework/security/jackson2/UnmodifiableListMixin.java
+++ b/core/src/main/java/org/springframework/security/jackson2/UnmodifiableListMixin.java
@@ -46,5 +46,7 @@ class UnmodifiableListMixin {
 	 * @param s the Set
 	 */
 	@JsonCreator
-	UnmodifiableListMixin(Set<?> s) {}
+	UnmodifiableListMixin(Set<?> s) {
+	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/jackson2/UnmodifiableSetDeserializer.java b/core/src/main/java/org/springframework/security/jackson2/UnmodifiableSetDeserializer.java
index c25ca727f6..4c5f5fd6b5 100644
--- a/core/src/main/java/org/springframework/security/jackson2/UnmodifiableSetDeserializer.java
+++ b/core/src/main/java/org/springframework/security/jackson2/UnmodifiableSetDeserializer.java
@@ -49,10 +49,12 @@ class UnmodifiableSetDeserializer extends JsonDeserializer<Set> {
 				for (JsonNode elementNode : arrayNode) {
 					resultSet.add(mapper.readValue(elementNode.traverse(mapper), Object.class));
 				}
-			} else {
+			}
+			else {
 				resultSet.add(mapper.readValue(node.traverse(mapper), Object.class));
 			}
 		}
 		return Collections.unmodifiableSet(resultSet);
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/jackson2/UnmodifiableSetMixin.java b/core/src/main/java/org/springframework/security/jackson2/UnmodifiableSetMixin.java
index 09181a88e6..b212331a2b 100644
--- a/core/src/main/java/org/springframework/security/jackson2/UnmodifiableSetMixin.java
+++ b/core/src/main/java/org/springframework/security/jackson2/UnmodifiableSetMixin.java
@@ -23,8 +23,8 @@ import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
 import java.util.Set;
 
 /**
- * This mixin class used to deserialize java.util.Collections$UnmodifiableSet and used with various AuthenticationToken
- * implementation's mixin classes.
+ * This mixin class used to deserialize java.util.Collections$UnmodifiableSet and used
+ * with various AuthenticationToken implementation's mixin classes.
  *
  * <pre>
  *     ObjectMapper mapper = new ObjectMapper();
@@ -46,5 +46,7 @@ class UnmodifiableSetMixin {
 	 * @param s the Set
 	 */
 	@JsonCreator
-	UnmodifiableSetMixin(Set<?> s) {}
+	UnmodifiableSetMixin(Set<?> s) {
+	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/jackson2/UserDeserializer.java b/core/src/main/java/org/springframework/security/jackson2/UserDeserializer.java
index 96d3ffe748..23b11f2a3a 100644
--- a/core/src/main/java/org/springframework/security/jackson2/UserDeserializer.java
+++ b/core/src/main/java/org/springframework/security/jackson2/UserDeserializer.java
@@ -32,8 +32,8 @@ import java.io.IOException;
 import java.util.Set;
 
 /**
- * Custom Deserializer for {@link User} class. This is already registered with {@link UserMixin}.
- * You can also use it directly with your mixin class.
+ * Custom Deserializer for {@link User} class. This is already registered with
+ * {@link UserMixin}. You can also use it directly with your mixin class.
  *
  * @author Jitendra Singh
  * @see UserMixin
@@ -42,10 +42,10 @@ import java.util.Set;
 class UserDeserializer extends JsonDeserializer<User> {
 
 	/**
-	 * This method will create {@link User} object. It will ensure successful object creation even if password key is null in
-	 * serialized json, because credentials may be removed from the {@link User} by invoking {@link User#eraseCredentials()}.
-	 * In that case there won't be any password key in serialized json.
-	 *
+	 * This method will create {@link User} object. It will ensure successful object
+	 * creation even if password key is null in serialized json, because credentials may
+	 * be removed from the {@link User} by invoking {@link User#eraseCredentials()}. In
+	 * that case there won't be any password key in serialized json.
 	 * @param jp the JsonParser
 	 * @param ctxt the DeserializationContext
 	 * @return the user
@@ -56,18 +56,14 @@ class UserDeserializer extends JsonDeserializer<User> {
 	public User deserialize(JsonParser jp, DeserializationContext ctxt) throws IOException, JsonProcessingException {
 		ObjectMapper mapper = (ObjectMapper) jp.getCodec();
 		JsonNode jsonNode = mapper.readTree(jp);
-		Set<? extends GrantedAuthority> authorities =
-				mapper.convertValue(
-						jsonNode.get("authorities"),
-						new TypeReference<Set<SimpleGrantedAuthority>>() {}
-				);
+		Set<? extends GrantedAuthority> authorities = mapper.convertValue(jsonNode.get("authorities"),
+				new TypeReference<Set<SimpleGrantedAuthority>>() {
+				});
 		JsonNode password = readJsonNode(jsonNode, "password");
-		User result =  new User(
-				readJsonNode(jsonNode, "username").asText(), password.asText(""),
+		User result = new User(readJsonNode(jsonNode, "username").asText(), password.asText(""),
 				readJsonNode(jsonNode, "enabled").asBoolean(), readJsonNode(jsonNode, "accountNonExpired").asBoolean(),
 				readJsonNode(jsonNode, "credentialsNonExpired").asBoolean(),
-				readJsonNode(jsonNode, "accountNonLocked").asBoolean(), authorities
-		);
+				readJsonNode(jsonNode, "accountNonLocked").asBoolean(), authorities);
 
 		if (password.asText(null) == null) {
 			result.eraseCredentials();
@@ -78,4 +74,5 @@ class UserDeserializer extends JsonDeserializer<User> {
 	private JsonNode readJsonNode(JsonNode jsonNode, String field) {
 		return jsonNode.has(field) ? jsonNode.get(field) : MissingNode.getInstance();
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/jackson2/UserMixin.java b/core/src/main/java/org/springframework/security/jackson2/UserMixin.java
index 36fca4e808..0cb7b3c332 100644
--- a/core/src/main/java/org/springframework/security/jackson2/UserMixin.java
+++ b/core/src/main/java/org/springframework/security/jackson2/UserMixin.java
@@ -22,12 +22,14 @@ import com.fasterxml.jackson.annotation.JsonTypeInfo;
 import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
 
 /**
- * This mixin class helps in serialize/deserialize {@link org.springframework.security.core.userdetails.User}.
- * This class also register a custom deserializer {@link UserDeserializer} to deserialize User object successfully.
- * In order to use this mixin you need to register two more mixin classes in your ObjectMapper configuration.
+ * This mixin class helps in serialize/deserialize
+ * {@link org.springframework.security.core.userdetails.User}. This class also register a
+ * custom deserializer {@link UserDeserializer} to deserialize User object successfully.
+ * In order to use this mixin you need to register two more mixin classes in your
+ * ObjectMapper configuration.
  * <ol>
- *     <li>{@link SimpleGrantedAuthorityMixin}</li>
- *     <li>{@link UnmodifiableSetMixin}</li>
+ * <li>{@link SimpleGrantedAuthorityMixin}</li>
+ * <li>{@link UnmodifiableSetMixin}</li>
  * </ol>
  * <pre>
  *     ObjectMapper mapper = new ObjectMapper();
@@ -46,4 +48,5 @@ import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
 		isGetterVisibility = JsonAutoDetect.Visibility.NONE)
 @JsonIgnoreProperties(ignoreUnknown = true)
 abstract class UserMixin {
+
 }
diff --git a/core/src/main/java/org/springframework/security/jackson2/UsernamePasswordAuthenticationTokenDeserializer.java b/core/src/main/java/org/springframework/security/jackson2/UsernamePasswordAuthenticationTokenDeserializer.java
index 64a5b4a7b0..87fb7fa8a3 100644
--- a/core/src/main/java/org/springframework/security/jackson2/UsernamePasswordAuthenticationTokenDeserializer.java
+++ b/core/src/main/java/org/springframework/security/jackson2/UsernamePasswordAuthenticationTokenDeserializer.java
@@ -32,12 +32,13 @@ import org.springframework.security.authentication.UsernamePasswordAuthenticatio
 import org.springframework.security.core.GrantedAuthority;
 
 /**
- * Custom deserializer for {@link UsernamePasswordAuthenticationToken}. At the time of deserialization
- * it will invoke suitable constructor depending on the value of <b>authenticated</b> property.
- * It will ensure that the token's state must not change.
+ * Custom deserializer for {@link UsernamePasswordAuthenticationToken}. At the time of
+ * deserialization it will invoke suitable constructor depending on the value of
+ * <b>authenticated</b> property. It will ensure that the token's state must not change.
  * <p>
- * This deserializer is already registered with {@link UsernamePasswordAuthenticationTokenMixin} but
- * you can also registered it with your own mixin class.
+ * This deserializer is already registered with
+ * {@link UsernamePasswordAuthenticationTokenMixin} but you can also registered it with
+ * your own mixin class.
  *
  * @author Jitendra Singh
  * @author Greg Turnquist
@@ -48,7 +49,8 @@ import org.springframework.security.core.GrantedAuthority;
 class UsernamePasswordAuthenticationTokenDeserializer extends JsonDeserializer<UsernamePasswordAuthenticationToken> {
 
 	/**
-	 * This method construct {@link UsernamePasswordAuthenticationToken} object from serialized json.
+	 * This method construct {@link UsernamePasswordAuthenticationToken} object from
+	 * serialized json.
 	 * @param jp the JsonParser
 	 * @param ctxt the DeserializationContext
 	 * @return the user
@@ -56,7 +58,8 @@ class UsernamePasswordAuthenticationTokenDeserializer extends JsonDeserializer<U
 	 * @throws JsonProcessingException if an error during JSON processing occurs
 	 */
 	@Override
-	public UsernamePasswordAuthenticationToken deserialize(JsonParser jp, DeserializationContext ctxt) throws IOException, JsonProcessingException {
+	public UsernamePasswordAuthenticationToken deserialize(JsonParser jp, DeserializationContext ctxt)
+			throws IOException, JsonProcessingException {
 		UsernamePasswordAuthenticationToken token = null;
 		ObjectMapper mapper = (ObjectMapper) jp.getCodec();
 		JsonNode jsonNode = mapper.readTree(jp);
@@ -65,29 +68,34 @@ class UsernamePasswordAuthenticationTokenDeserializer extends JsonDeserializer<U
 		Object principal = null;
 		if (principalNode.isObject()) {
 			principal = mapper.readValue(principalNode.traverse(mapper), Object.class);
-		} else {
+		}
+		else {
 			principal = principalNode.asText();
 		}
 		JsonNode credentialsNode = readJsonNode(jsonNode, "credentials");
 		Object credentials;
 		if (credentialsNode.isNull() || credentialsNode.isMissingNode()) {
 			credentials = null;
-		} else {
+		}
+		else {
 			credentials = credentialsNode.asText();
 		}
-		List<GrantedAuthority> authorities = mapper.readValue(
-				readJsonNode(jsonNode, "authorities").traverse(mapper), new TypeReference<List<GrantedAuthority>>() {
-		});
+		List<GrantedAuthority> authorities = mapper.readValue(readJsonNode(jsonNode, "authorities").traverse(mapper),
+				new TypeReference<List<GrantedAuthority>>() {
+				});
 		if (authenticated) {
 			token = new UsernamePasswordAuthenticationToken(principal, credentials, authorities);
-		} else {
+		}
+		else {
 			token = new UsernamePasswordAuthenticationToken(principal, credentials);
 		}
 		JsonNode detailsNode = readJsonNode(jsonNode, "details");
 		if (detailsNode.isNull() || detailsNode.isMissingNode()) {
 			token.setDetails(null);
-		} else {
-			Object details = mapper.readValue(detailsNode.toString(), new TypeReference<Object>() {});
+		}
+		else {
+			Object details = mapper.readValue(detailsNode.toString(), new TypeReference<Object>() {
+			});
 			token.setDetails(details);
 		}
 		return token;
@@ -96,4 +104,5 @@ class UsernamePasswordAuthenticationTokenDeserializer extends JsonDeserializer<U
 	private JsonNode readJsonNode(JsonNode jsonNode, String field) {
 		return jsonNode.has(field) ? jsonNode.get(field) : MissingNode.getInstance();
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/jackson2/UsernamePasswordAuthenticationTokenMixin.java b/core/src/main/java/org/springframework/security/jackson2/UsernamePasswordAuthenticationTokenMixin.java
index 4c0b58e194..fb57905148 100644
--- a/core/src/main/java/org/springframework/security/jackson2/UsernamePasswordAuthenticationTokenMixin.java
+++ b/core/src/main/java/org/springframework/security/jackson2/UsernamePasswordAuthenticationTokenMixin.java
@@ -21,20 +21,22 @@ import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
 
 /**
  * This mixin class is used to serialize / deserialize
- * {@link org.springframework.security.authentication.UsernamePasswordAuthenticationToken}. This class register
- * a custom deserializer {@link UsernamePasswordAuthenticationTokenDeserializer}.
+ * {@link org.springframework.security.authentication.UsernamePasswordAuthenticationToken}.
+ * This class register a custom deserializer
+ * {@link UsernamePasswordAuthenticationTokenDeserializer}.
  *
  * In order to use this mixin you'll need to add 3 more mixin classes.
  * <ol>
- *     <li>{@link UnmodifiableSetMixin}</li>
- *     <li>{@link SimpleGrantedAuthorityMixin}</li>
- *     <li>{@link UserMixin}</li>
+ * <li>{@link UnmodifiableSetMixin}</li>
+ * <li>{@link SimpleGrantedAuthorityMixin}</li>
+ * <li>{@link UserMixin}</li>
  * </ol>
  *
  * <pre>
  *     ObjectMapper mapper = new ObjectMapper();
  *     mapper.registerModule(new CoreJackson2Module());
  * </pre>
+ *
  * @author Jitendra Singh
  * @see CoreJackson2Module
  * @see SecurityJackson2Modules
@@ -45,4 +47,5 @@ import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
 		isGetterVisibility = JsonAutoDetect.Visibility.NONE)
 @JsonDeserialize(using = UsernamePasswordAuthenticationTokenDeserializer.class)
 abstract class UsernamePasswordAuthenticationTokenMixin {
+
 }
diff --git a/core/src/main/java/org/springframework/security/provisioning/GroupManager.java b/core/src/main/java/org/springframework/security/provisioning/GroupManager.java
index 4dfcb6031b..76b02290f8 100644
--- a/core/src/main/java/org/springframework/security/provisioning/GroupManager.java
+++ b/core/src/main/java/org/springframework/security/provisioning/GroupManager.java
@@ -40,7 +40,6 @@ public interface GroupManager {
 
 	/**
 	 * Locates the users who are members of a group
-	 *
 	 * @param groupName the group whose members are required
 	 * @return the usernames of the group members
 	 */
@@ -48,7 +47,6 @@ public interface GroupManager {
 
 	/**
 	 * Creates a new group with the specified list of authorities.
-	 *
 	 * @param groupName the name for the new group
 	 * @param authorities the authorities which are to be allocated to this group.
 	 */
@@ -56,7 +54,6 @@ public interface GroupManager {
 
 	/**
 	 * Removes a group, including all members and authorities.
-	 *
 	 * @param groupName the group to remove.
 	 */
 	void deleteGroup(String groupName);
@@ -68,7 +65,6 @@ public interface GroupManager {
 
 	/**
 	 * Makes a user a member of a particular group.
-	 *
 	 * @param username the user to be given membership.
 	 * @param group the name of the group to which the user will be added.
 	 */
@@ -76,7 +72,6 @@ public interface GroupManager {
 
 	/**
 	 * Deletes a user's membership of a group.
-	 *
 	 * @param username the user
 	 * @param groupName the group to remove them from
 	 */
@@ -96,4 +91,5 @@ public interface GroupManager {
 	 * Deletes an authority from those assigned to a group
 	 */
 	void removeGroupAuthority(String groupName, GrantedAuthority authority);
+
 }
diff --git a/core/src/main/java/org/springframework/security/provisioning/InMemoryUserDetailsManager.java b/core/src/main/java/org/springframework/security/provisioning/InMemoryUserDetailsManager.java
index f70e1b0af6..984be6d25e 100644
--- a/core/src/main/java/org/springframework/security/provisioning/InMemoryUserDetailsManager.java
+++ b/core/src/main/java/org/springframework/security/provisioning/InMemoryUserDetailsManager.java
@@ -46,8 +46,8 @@ import org.springframework.util.Assert;
  * @author Luke Taylor
  * @since 3.1
  */
-public class InMemoryUserDetailsManager implements UserDetailsManager,
-		UserDetailsPasswordService {
+public class InMemoryUserDetailsManager implements UserDetailsManager, UserDetailsPasswordService {
+
 	protected final Log logger = LogFactory.getLog(getClass());
 
 	private final Map<String, MutableUserDetails> users = new HashMap<>();
@@ -77,8 +77,8 @@ public class InMemoryUserDetailsManager implements UserDetailsManager,
 			String name = (String) names.nextElement();
 			editor.setAsText(users.getProperty(name));
 			UserAttribute attr = (UserAttribute) editor.getValue();
-			UserDetails user = new User(name, attr.getPassword(), attr.isEnabled(), true,
-					true, true, attr.getAuthorities());
+			UserDetails user = new User(name, attr.getPassword(), attr.isEnabled(), true, true, true,
+					attr.getAuthorities());
 			createUser(user);
 		}
 	}
@@ -104,14 +104,12 @@ public class InMemoryUserDetailsManager implements UserDetailsManager,
 	}
 
 	public void changePassword(String oldPassword, String newPassword) {
-		Authentication currentUser = SecurityContextHolder.getContext()
-				.getAuthentication();
+		Authentication currentUser = SecurityContextHolder.getContext().getAuthentication();
 
 		if (currentUser == null) {
 			// This would indicate bad coding somewhere
 			throw new AccessDeniedException(
-					"Can't change password as no Authentication object found in context "
-							+ "for current user.");
+					"Can't change password as no Authentication object found in context " + "for current user.");
 		}
 
 		String username = currentUser.getName();
@@ -121,11 +119,9 @@ public class InMemoryUserDetailsManager implements UserDetailsManager,
 		// If an authentication manager has been set, re-authenticate the user with the
 		// supplied password.
 		if (authenticationManager != null) {
-			logger.debug("Reauthenticating user '" + username
-					+ "' for password change request.");
+			logger.debug("Reauthenticating user '" + username + "' for password change request.");
 
-			authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(
-					username, oldPassword));
+			authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(username, oldPassword));
 		}
 		else {
 			logger.debug("No authentication manager set. Password won't be re-checked.");
@@ -148,20 +144,19 @@ public class InMemoryUserDetailsManager implements UserDetailsManager,
 		return mutableUser;
 	}
 
-	public UserDetails loadUserByUsername(String username)
-			throws UsernameNotFoundException {
+	public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
 		UserDetails user = users.get(username.toLowerCase());
 
 		if (user == null) {
 			throw new UsernameNotFoundException(username);
 		}
 
-		return new User(user.getUsername(), user.getPassword(), user.isEnabled(),
-				user.isAccountNonExpired(), user.isCredentialsNonExpired(),
-				user.isAccountNonLocked(), user.getAuthorities());
+		return new User(user.getUsername(), user.getPassword(), user.isEnabled(), user.isAccountNonExpired(),
+				user.isCredentialsNonExpired(), user.isAccountNonLocked(), user.getAuthorities());
 	}
 
 	public void setAuthenticationManager(AuthenticationManager authenticationManager) {
 		this.authenticationManager = authenticationManager;
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/provisioning/JdbcUserDetailsManager.java b/core/src/main/java/org/springframework/security/provisioning/JdbcUserDetailsManager.java
index 5d298568c0..2808a9da21 100644
--- a/core/src/main/java/org/springframework/security/provisioning/JdbcUserDetailsManager.java
+++ b/core/src/main/java/org/springframework/security/provisioning/JdbcUserDetailsManager.java
@@ -56,37 +56,53 @@ import java.util.List;
  * @author Luke Taylor
  * @since 2.0
  */
-public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsManager,
-		GroupManager {
+public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsManager, GroupManager {
+
 	// ~ Static fields/initializers
 	// =====================================================================================
 
 	// UserDetailsManager SQL
 	public static final String DEF_CREATE_USER_SQL = "insert into users (username, password, enabled) values (?,?,?)";
+
 	public static final String DEF_DELETE_USER_SQL = "delete from users where username = ?";
+
 	public static final String DEF_UPDATE_USER_SQL = "update users set password = ?, enabled = ? where username = ?";
+
 	public static final String DEF_INSERT_AUTHORITY_SQL = "insert into authorities (username, authority) values (?,?)";
+
 	public static final String DEF_DELETE_USER_AUTHORITIES_SQL = "delete from authorities where username = ?";
+
 	public static final String DEF_USER_EXISTS_SQL = "select username from users where username = ?";
+
 	public static final String DEF_CHANGE_PASSWORD_SQL = "update users set password = ? where username = ?";
 
 	// GroupManager SQL
 	public static final String DEF_FIND_GROUPS_SQL = "select group_name from groups";
+
 	public static final String DEF_FIND_USERS_IN_GROUP_SQL = "select username from group_members gm, groups g "
 			+ "where gm.group_id = g.id and g.group_name = ?";
+
 	public static final String DEF_INSERT_GROUP_SQL = "insert into groups (group_name) values (?)";
+
 	public static final String DEF_FIND_GROUP_ID_SQL = "select id from groups where group_name = ?";
+
 	public static final String DEF_INSERT_GROUP_AUTHORITY_SQL = "insert into group_authorities (group_id, authority) values (?,?)";
+
 	public static final String DEF_DELETE_GROUP_SQL = "delete from groups where id = ?";
+
 	public static final String DEF_DELETE_GROUP_AUTHORITIES_SQL = "delete from group_authorities where group_id = ?";
+
 	public static final String DEF_DELETE_GROUP_MEMBERS_SQL = "delete from group_members where group_id = ?";
+
 	public static final String DEF_RENAME_GROUP_SQL = "update groups set group_name = ? where group_name = ?";
+
 	public static final String DEF_INSERT_GROUP_MEMBER_SQL = "insert into group_members (group_id, username) values (?,?)";
+
 	public static final String DEF_DELETE_GROUP_MEMBER_SQL = "delete from group_members where group_id = ? and username = ?";
+
 	public static final String DEF_GROUP_AUTHORITIES_QUERY_SQL = "select g.id, g.group_name, ga.authority "
-			+ "from groups g, group_authorities ga "
-			+ "where g.group_name = ? "
-			+ "and g.id = ga.group_id ";
+			+ "from groups g, group_authorities ga " + "where g.group_name = ? " + "and g.id = ga.group_id ";
+
 	public static final String DEF_DELETE_GROUP_AUTHORITY_SQL = "delete from group_authorities where group_id = ? and authority = ?";
 
 	// ~ Instance fields
@@ -95,25 +111,43 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
 	protected final Log logger = LogFactory.getLog(getClass());
 
 	private String createUserSql = DEF_CREATE_USER_SQL;
+
 	private String deleteUserSql = DEF_DELETE_USER_SQL;
+
 	private String updateUserSql = DEF_UPDATE_USER_SQL;
+
 	private String createAuthoritySql = DEF_INSERT_AUTHORITY_SQL;
+
 	private String deleteUserAuthoritiesSql = DEF_DELETE_USER_AUTHORITIES_SQL;
+
 	private String userExistsSql = DEF_USER_EXISTS_SQL;
+
 	private String changePasswordSql = DEF_CHANGE_PASSWORD_SQL;
 
 	private String findAllGroupsSql = DEF_FIND_GROUPS_SQL;
+
 	private String findUsersInGroupSql = DEF_FIND_USERS_IN_GROUP_SQL;
+
 	private String insertGroupSql = DEF_INSERT_GROUP_SQL;
+
 	private String findGroupIdSql = DEF_FIND_GROUP_ID_SQL;
+
 	private String insertGroupAuthoritySql = DEF_INSERT_GROUP_AUTHORITY_SQL;
+
 	private String deleteGroupSql = DEF_DELETE_GROUP_SQL;
+
 	private String deleteGroupAuthoritiesSql = DEF_DELETE_GROUP_AUTHORITIES_SQL;
+
 	private String deleteGroupMembersSql = DEF_DELETE_GROUP_MEMBERS_SQL;
+
 	private String renameGroupSql = DEF_RENAME_GROUP_SQL;
+
 	private String insertGroupMemberSql = DEF_INSERT_GROUP_MEMBER_SQL;
+
 	private String deleteGroupMemberSql = DEF_DELETE_GROUP_MEMBER_SQL;
+
 	private String groupAuthoritiesSql = DEF_GROUP_AUTHORITIES_QUERY_SQL;
+
 	private String deleteGroupAuthoritySql = DEF_DELETE_GROUP_AUTHORITY_SQL;
 
 	private AuthenticationManager authenticationManager;
@@ -147,26 +181,25 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
 	 * objects. There should normally only be one matching user.
 	 */
 	protected List<UserDetails> loadUsersByUsername(String username) {
-		return getJdbcTemplate().query(getUsersByUsernameQuery(), new String[]{username},
-				(rs, rowNum) -> {
+		return getJdbcTemplate().query(getUsersByUsernameQuery(), new String[] { username }, (rs, rowNum) -> {
 
-					String userName = rs.getString(1);
-					String password = rs.getString(2);
-					boolean enabled = rs.getBoolean(3);
+			String userName = rs.getString(1);
+			String password = rs.getString(2);
+			boolean enabled = rs.getBoolean(3);
 
-					boolean accLocked = false;
-					boolean accExpired = false;
-					boolean credsExpired = false;
+			boolean accLocked = false;
+			boolean accExpired = false;
+			boolean credsExpired = false;
 
-					if (rs.getMetaData().getColumnCount() > 3) {
-						//NOTE: acc_locked, acc_expired and creds_expired are also to be loaded
-						accLocked = rs.getBoolean(4);
-						accExpired = rs.getBoolean(5);
-						credsExpired = rs.getBoolean(6);
-					}
-					return new User(userName, password, enabled, !accExpired, !credsExpired, !accLocked,
-							AuthorityUtils.NO_AUTHORITIES);
-				});
+			if (rs.getMetaData().getColumnCount() > 3) {
+				// NOTE: acc_locked, acc_expired and creds_expired are also to be loaded
+				accLocked = rs.getBoolean(4);
+				accExpired = rs.getBoolean(5);
+				credsExpired = rs.getBoolean(6);
+			}
+			return new User(userName, password, enabled, !accExpired, !credsExpired, !accLocked,
+					AuthorityUtils.NO_AUTHORITIES);
+		});
 	}
 
 	public void createUser(final UserDetails user) {
@@ -179,7 +212,7 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
 
 			int paramCount = ps.getParameterMetaData().getParameterCount();
 			if (paramCount > 3) {
-				//NOTE: acc_locked, acc_expired and creds_expired are also to be inserted
+				// NOTE: acc_locked, acc_expired and creds_expired are also to be inserted
 				ps.setBoolean(4, !user.isAccountNonLocked());
 				ps.setBoolean(5, !user.isAccountNonExpired());
 				ps.setBoolean(6, !user.isCredentialsNonExpired());
@@ -201,8 +234,9 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
 			int paramCount = ps.getParameterMetaData().getParameterCount();
 			if (paramCount == 3) {
 				ps.setString(3, user.getUsername());
-			} else {
-				//NOTE: acc_locked, acc_expired and creds_expired are also updated
+			}
+			else {
+				// NOTE: acc_locked, acc_expired and creds_expired are also updated
 				ps.setBoolean(3, !user.isAccountNonLocked());
 				ps.setBoolean(4, !user.isAccountNonExpired());
 				ps.setBoolean(5, !user.isCredentialsNonExpired());
@@ -222,8 +256,7 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
 
 	private void insertUserAuthorities(UserDetails user) {
 		for (GrantedAuthority auth : user.getAuthorities()) {
-			getJdbcTemplate().update(createAuthoritySql, user.getUsername(),
-					auth.getAuthority());
+			getJdbcTemplate().update(createAuthoritySql, user.getUsername(), auth.getAuthority());
 		}
 	}
 
@@ -239,16 +272,13 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
 		getJdbcTemplate().update(deleteUserAuthoritiesSql, username);
 	}
 
-	public void changePassword(String oldPassword, String newPassword)
-			throws AuthenticationException {
-		Authentication currentUser = SecurityContextHolder.getContext()
-				.getAuthentication();
+	public void changePassword(String oldPassword, String newPassword) throws AuthenticationException {
+		Authentication currentUser = SecurityContextHolder.getContext().getAuthentication();
 
 		if (currentUser == null) {
 			// This would indicate bad coding somewhere
 			throw new AccessDeniedException(
-					"Can't change password as no Authentication object found in context "
-							+ "for current user.");
+					"Can't change password as no Authentication object found in context " + "for current user.");
 		}
 
 		String username = currentUser.getName();
@@ -256,11 +286,9 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
 		// If an authentication manager has been set, re-authenticate the user with the
 		// supplied password.
 		if (authenticationManager != null) {
-			logger.debug("Reauthenticating user '" + username
-					+ "' for password change request.");
+			logger.debug("Reauthenticating user '" + username + "' for password change request.");
 
-			authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(
-					username, oldPassword));
+			authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(username, oldPassword));
 		}
 		else {
 			logger.debug("No authentication manager set. Password won't be re-checked.");
@@ -270,30 +298,27 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
 
 		getJdbcTemplate().update(changePasswordSql, newPassword, username);
 
-		SecurityContextHolder.getContext().setAuthentication(
-				createNewAuthentication(currentUser, newPassword));
+		SecurityContextHolder.getContext().setAuthentication(createNewAuthentication(currentUser, newPassword));
 
 		userCache.removeUserFromCache(username);
 	}
 
-	protected Authentication createNewAuthentication(Authentication currentAuth,
-			String newPassword) {
+	protected Authentication createNewAuthentication(Authentication currentAuth, String newPassword) {
 		UserDetails user = loadUserByUsername(currentAuth.getName());
 
-		UsernamePasswordAuthenticationToken newAuthentication = new UsernamePasswordAuthenticationToken(
-				user, null, user.getAuthorities());
+		UsernamePasswordAuthenticationToken newAuthentication = new UsernamePasswordAuthenticationToken(user, null,
+				user.getAuthorities());
 		newAuthentication.setDetails(currentAuth.getDetails());
 
 		return newAuthentication;
 	}
 
 	public boolean userExists(String username) {
-		List<String> users = getJdbcTemplate().queryForList(userExistsSql,
-				new String[] { username }, String.class);
+		List<String> users = getJdbcTemplate().queryForList(userExistsSql, new String[] { username }, String.class);
 
 		if (users.size() > 1) {
-			throw new IncorrectResultSizeDataAccessException(
-					"More than one user found with name '" + username + "'", 1);
+			throw new IncorrectResultSizeDataAccessException("More than one user found with name '" + username + "'",
+					1);
 		}
 
 		return users.size() == 1;
@@ -308,12 +333,10 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
 
 	public List<String> findUsersInGroup(String groupName) {
 		Assert.hasText(groupName, "groupName should have text");
-		return getJdbcTemplate().queryForList(findUsersInGroupSql,
-				new String[] { groupName }, String.class);
+		return getJdbcTemplate().queryForList(findUsersInGroupSql, new String[] { groupName }, String.class);
 	}
 
-	public void createGroup(final String groupName,
-			final List<GrantedAuthority> authorities) {
+	public void createGroup(final String groupName, final List<GrantedAuthority> authorities) {
 		Assert.hasText(groupName, "groupName should have text");
 		Assert.notNull(authorities, "authorities cannot be null");
 
@@ -326,11 +349,10 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
 
 		for (GrantedAuthority a : authorities) {
 			final String authority = a.getAuthority();
-			getJdbcTemplate().update(insertGroupAuthoritySql,
-					ps -> {
-						ps.setInt(1, groupId);
-						ps.setString(2, authority);
-					});
+			getJdbcTemplate().update(insertGroupAuthoritySql, ps -> {
+				ps.setInt(1, groupId);
+				ps.setString(2, authority);
+			});
 		}
 	}
 
@@ -386,17 +408,15 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
 		logger.debug("Loading authorities for group '" + groupName + "'");
 		Assert.hasText(groupName, "groupName should have text");
 
-		return getJdbcTemplate().query(groupAuthoritiesSql, new String[] { groupName },
-				(rs, rowNum) -> {
-					String roleName = getRolePrefix() + rs.getString(3);
+		return getJdbcTemplate().query(groupAuthoritiesSql, new String[] { groupName }, (rs, rowNum) -> {
+			String roleName = getRolePrefix() + rs.getString(3);
 
-					return new SimpleGrantedAuthority(roleName);
-				});
+			return new SimpleGrantedAuthority(roleName);
+		});
 	}
 
 	public void removeGroupAuthority(String groupName, final GrantedAuthority authority) {
-		logger.debug("Removing authority '" + authority + "' from group '" + groupName
-				+ "'");
+		logger.debug("Removing authority '" + authority + "' from group '" + groupName + "'");
 		Assert.hasText(groupName, "groupName should have text");
 		Assert.notNull(authority, "authority cannot be null");
 
@@ -532,7 +552,6 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
 	 * Optionally sets the UserCache if one is in use in the application. This allows the
 	 * user to be removed from the cache after updates have taken place to avoid stale
 	 * data.
-	 *
 	 * @param userCache the cache used by the AuthenticationManager.
 	 */
 	public void setUserCache(UserCache userCache) {
@@ -550,8 +569,8 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
 
 		for (GrantedAuthority authority : authorities) {
 			Assert.notNull(authority, "Authorities list contains a null entry");
-			Assert.hasText(authority.getAuthority(),
-					"getAuthority() method must return a non-empty string");
+			Assert.hasText(authority.getAuthority(), "getAuthority() method must return a non-empty string");
 		}
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/provisioning/MutableUser.java b/core/src/main/java/org/springframework/security/provisioning/MutableUser.java
index 04d62b42fc..b5df07122e 100644
--- a/core/src/main/java/org/springframework/security/provisioning/MutableUser.java
+++ b/core/src/main/java/org/springframework/security/provisioning/MutableUser.java
@@ -22,7 +22,6 @@ import org.springframework.security.core.SpringSecurityCoreVersion;
 import org.springframework.security.core.userdetails.UserDetails;
 
 /**
- *
  * @author Luke Taylor
  * @since 3.1
  */
@@ -31,6 +30,7 @@ class MutableUser implements MutableUserDetails {
 	private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
 
 	private String password;
+
 	private final UserDetails delegate;
 
 	MutableUser(UserDetails user) {
@@ -69,4 +69,5 @@ class MutableUser implements MutableUserDetails {
 	public boolean isEnabled() {
 		return delegate.isEnabled();
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/provisioning/MutableUserDetails.java b/core/src/main/java/org/springframework/security/provisioning/MutableUserDetails.java
index 10bc1f2d3a..7fdcc40565 100644
--- a/core/src/main/java/org/springframework/security/provisioning/MutableUserDetails.java
+++ b/core/src/main/java/org/springframework/security/provisioning/MutableUserDetails.java
@@ -18,7 +18,6 @@ package org.springframework.security.provisioning;
 import org.springframework.security.core.userdetails.UserDetails;
 
 /**
- *
  * @author Luke Taylor
  * @since 3.1
  */
diff --git a/core/src/main/java/org/springframework/security/provisioning/UserDetailsManager.java b/core/src/main/java/org/springframework/security/provisioning/UserDetailsManager.java
index 730bb6641e..2bbf3db53c 100644
--- a/core/src/main/java/org/springframework/security/provisioning/UserDetailsManager.java
+++ b/core/src/main/java/org/springframework/security/provisioning/UserDetailsManager.java
@@ -45,7 +45,6 @@ public interface UserDetailsManager extends UserDetailsService {
 	/**
 	 * Modify the current user's password. This should change the user's password in the
 	 * persistent user repository (datbase, LDAP etc).
-	 *
 	 * @param oldPassword current password (for re-authentication if required)
 	 * @param newPassword the password to change to
 	 */
diff --git a/core/src/main/java/org/springframework/security/provisioning/package-info.java b/core/src/main/java/org/springframework/security/provisioning/package-info.java
index 40f1195f63..b64773f3da 100644
--- a/core/src/main/java/org/springframework/security/provisioning/package-info.java
+++ b/core/src/main/java/org/springframework/security/provisioning/package-info.java
@@ -14,8 +14,7 @@
  * limitations under the License.
  */
 /**
- * Contains simple user and authority group account provisioning interfaces together with a a
- * JDBC-based implementation.
+ * Contains simple user and authority group account provisioning interfaces together with
+ * a a JDBC-based implementation.
  */
 package org.springframework.security.provisioning;
-
diff --git a/core/src/main/java/org/springframework/security/scheduling/DelegatingSecurityContextSchedulingTaskExecutor.java b/core/src/main/java/org/springframework/security/scheduling/DelegatingSecurityContextSchedulingTaskExecutor.java
index 6fa2a09a18..ef26041454 100644
--- a/core/src/main/java/org/springframework/security/scheduling/DelegatingSecurityContextSchedulingTaskExecutor.java
+++ b/core/src/main/java/org/springframework/security/scheduling/DelegatingSecurityContextSchedulingTaskExecutor.java
@@ -32,21 +32,19 @@ import org.springframework.security.task.DelegatingSecurityContextAsyncTaskExecu
  * @author Rob Winch
  * @since 3.2
  */
-public class DelegatingSecurityContextSchedulingTaskExecutor extends
-		DelegatingSecurityContextAsyncTaskExecutor implements SchedulingTaskExecutor {
+public class DelegatingSecurityContextSchedulingTaskExecutor extends DelegatingSecurityContextAsyncTaskExecutor
+		implements SchedulingTaskExecutor {
 
 	/**
 	 * Creates a new {@link DelegatingSecurityContextSchedulingTaskExecutor} that uses the
 	 * specified {@link SecurityContext}.
-	 *
 	 * @param delegateSchedulingTaskExecutor the {@link SchedulingTaskExecutor} to
 	 * delegate to. Cannot be null.
 	 * @param securityContext the {@link SecurityContext} to use for each
 	 * {@link DelegatingSecurityContextRunnable} and
 	 * {@link DelegatingSecurityContextCallable}
 	 */
-	public DelegatingSecurityContextSchedulingTaskExecutor(
-			SchedulingTaskExecutor delegateSchedulingTaskExecutor,
+	public DelegatingSecurityContextSchedulingTaskExecutor(SchedulingTaskExecutor delegateSchedulingTaskExecutor,
 			SecurityContext securityContext) {
 		super(delegateSchedulingTaskExecutor, securityContext);
 	}
@@ -54,12 +52,10 @@ public class DelegatingSecurityContextSchedulingTaskExecutor extends
 	/**
 	 * Creates a new {@link DelegatingSecurityContextSchedulingTaskExecutor} that uses the
 	 * current {@link SecurityContext}.
-	 *
 	 * @param delegateAsyncTaskExecutor the {@link AsyncTaskExecutor} to delegate to.
 	 * Cannot be null.
 	 */
-	public DelegatingSecurityContextSchedulingTaskExecutor(
-			SchedulingTaskExecutor delegateAsyncTaskExecutor) {
+	public DelegatingSecurityContextSchedulingTaskExecutor(SchedulingTaskExecutor delegateAsyncTaskExecutor) {
 		this(delegateAsyncTaskExecutor, null);
 	}
 
@@ -70,4 +66,5 @@ public class DelegatingSecurityContextSchedulingTaskExecutor extends
 	private SchedulingTaskExecutor getDelegate() {
 		return (SchedulingTaskExecutor) getDelegateExecutor();
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/scheduling/DelegatingSecurityContextTaskScheduler.java b/core/src/main/java/org/springframework/security/scheduling/DelegatingSecurityContextTaskScheduler.java
index 9087732952..df197385f0 100644
--- a/core/src/main/java/org/springframework/security/scheduling/DelegatingSecurityContextTaskScheduler.java
+++ b/core/src/main/java/org/springframework/security/scheduling/DelegatingSecurityContextTaskScheduler.java
@@ -23,8 +23,8 @@ import java.util.Date;
 import java.util.concurrent.ScheduledFuture;
 
 /**
- * An implementation of {@link TaskScheduler}  invoking it whenever the trigger
- * indicates a next execution time.
+ * An implementation of {@link TaskScheduler} invoking it whenever the trigger indicates a
+ * next execution time.
  *
  * @author Richard Valdivieso
  * @since 5.1
@@ -35,7 +35,6 @@ public class DelegatingSecurityContextTaskScheduler implements TaskScheduler {
 
 	/**
 	 * Creates a new {@link DelegatingSecurityContextTaskScheduler}
-	 *
 	 * @param taskScheduler the {@link TaskScheduler}
 	 */
 	public DelegatingSecurityContextTaskScheduler(TaskScheduler taskScheduler) {
@@ -72,4 +71,5 @@ public class DelegatingSecurityContextTaskScheduler implements TaskScheduler {
 	public ScheduledFuture<?> scheduleWithFixedDelay(Runnable task, long delay) {
 		return taskScheduler.scheduleWithFixedDelay(task, delay);
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/task/DelegatingSecurityContextAsyncTaskExecutor.java b/core/src/main/java/org/springframework/security/task/DelegatingSecurityContextAsyncTaskExecutor.java
index f622747b44..6bdcc89ee1 100644
--- a/core/src/main/java/org/springframework/security/task/DelegatingSecurityContextAsyncTaskExecutor.java
+++ b/core/src/main/java/org/springframework/security/task/DelegatingSecurityContextAsyncTaskExecutor.java
@@ -31,33 +31,30 @@ import org.springframework.security.core.context.SecurityContext;
  * @author Rob Winch
  * @since 3.2
  */
-public class DelegatingSecurityContextAsyncTaskExecutor extends
-		DelegatingSecurityContextTaskExecutor implements AsyncTaskExecutor {
+public class DelegatingSecurityContextAsyncTaskExecutor extends DelegatingSecurityContextTaskExecutor
+		implements AsyncTaskExecutor {
 
 	/**
 	 * Creates a new {@link DelegatingSecurityContextAsyncTaskExecutor} that uses the
 	 * specified {@link SecurityContext}.
-	 *
 	 * @param delegateAsyncTaskExecutor the {@link AsyncTaskExecutor} to delegate to.
 	 * Cannot be null.
 	 * @param securityContext the {@link SecurityContext} to use for each
 	 * {@link DelegatingSecurityContextRunnable} and
 	 * {@link DelegatingSecurityContextCallable}
 	 */
-	public DelegatingSecurityContextAsyncTaskExecutor(
-			AsyncTaskExecutor delegateAsyncTaskExecutor, SecurityContext securityContext) {
+	public DelegatingSecurityContextAsyncTaskExecutor(AsyncTaskExecutor delegateAsyncTaskExecutor,
+			SecurityContext securityContext) {
 		super(delegateAsyncTaskExecutor, securityContext);
 	}
 
 	/**
 	 * Creates a new {@link DelegatingSecurityContextAsyncTaskExecutor} that uses the
 	 * current {@link SecurityContext}.
-	 *
 	 * @param delegateAsyncTaskExecutor the {@link AsyncTaskExecutor} to delegate to.
 	 * Cannot be null.
 	 */
-	public DelegatingSecurityContextAsyncTaskExecutor(
-			AsyncTaskExecutor delegateAsyncTaskExecutor) {
+	public DelegatingSecurityContextAsyncTaskExecutor(AsyncTaskExecutor delegateAsyncTaskExecutor) {
 		this(delegateAsyncTaskExecutor, null);
 	}
 
@@ -79,4 +76,5 @@ public class DelegatingSecurityContextAsyncTaskExecutor extends
 	private AsyncTaskExecutor getDelegate() {
 		return (AsyncTaskExecutor) getDelegateExecutor();
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/task/DelegatingSecurityContextTaskExecutor.java b/core/src/main/java/org/springframework/security/task/DelegatingSecurityContextTaskExecutor.java
index 776b89df3c..8aa7c58d56 100644
--- a/core/src/main/java/org/springframework/security/task/DelegatingSecurityContextTaskExecutor.java
+++ b/core/src/main/java/org/springframework/security/task/DelegatingSecurityContextTaskExecutor.java
@@ -28,30 +28,27 @@ import org.springframework.security.core.context.SecurityContextHolder;
  * @author Rob Winch
  * @since 3.2
  */
-public class DelegatingSecurityContextTaskExecutor extends
-		DelegatingSecurityContextExecutor implements TaskExecutor {
+public class DelegatingSecurityContextTaskExecutor extends DelegatingSecurityContextExecutor implements TaskExecutor {
+
 	/**
 	 * Creates a new {@link DelegatingSecurityContextTaskExecutor} that uses the specified
 	 * {@link SecurityContext}.
-	 *
 	 * @param delegateTaskExecutor the {@link TaskExecutor} to delegate to. Cannot be
 	 * null.
 	 * @param securityContext the {@link SecurityContext} to use for each
 	 * {@link DelegatingSecurityContextRunnable}
 	 */
-	public DelegatingSecurityContextTaskExecutor(TaskExecutor delegateTaskExecutor,
-			SecurityContext securityContext) {
+	public DelegatingSecurityContextTaskExecutor(TaskExecutor delegateTaskExecutor, SecurityContext securityContext) {
 		super(delegateTaskExecutor, securityContext);
 	}
 
 	/**
 	 * Creates a new {@link DelegatingSecurityContextTaskExecutor} that uses the current
 	 * {@link SecurityContext} from the {@link SecurityContextHolder}.
-	 *
-	 * @param delegate the {@link TaskExecutor} to delegate to. Cannot be
-	 * null.
+	 * @param delegate the {@link TaskExecutor} to delegate to. Cannot be null.
 	 */
 	public DelegatingSecurityContextTaskExecutor(TaskExecutor delegate) {
 		this(delegate, null);
 	}
+
 }
\ No newline at end of file
diff --git a/core/src/main/java/org/springframework/security/util/FieldUtils.java b/core/src/main/java/org/springframework/security/util/FieldUtils.java
index 50cd8484d7..663ff43b4e 100644
--- a/core/src/main/java/org/springframework/security/util/FieldUtils.java
+++ b/core/src/main/java/org/springframework/security/util/FieldUtils.java
@@ -33,16 +33,12 @@ public final class FieldUtils {
 	// ========================================================================================================
 	/**
 	 * Attempts to locate the specified field on the class.
-	 *
 	 * @param clazz the class definition containing the field
 	 * @param fieldName the name of the field to locate
-	 *
 	 * @return the Field (never null)
-	 *
 	 * @throws IllegalStateException if field could not be found
 	 */
-	public static Field getField(Class<?> clazz, String fieldName)
-			throws IllegalStateException {
+	public static Field getField(Class<?> clazz, String fieldName) throws IllegalStateException {
 		Assert.notNull(clazz, "Class required");
 		Assert.hasText(fieldName, "Field name required");
 
@@ -55,8 +51,7 @@ public final class FieldUtils {
 				return getField(clazz.getSuperclass(), fieldName);
 			}
 
-			throw new IllegalStateException("Could not locate field '" + fieldName
-					+ "' on class " + clazz);
+			throw new IllegalStateException("Could not locate field '" + fieldName + "' on class " + clazz);
 		}
 	}
 
@@ -66,8 +61,7 @@ public final class FieldUtils {
 	 * @param fieldName the field name, with "." separating nested properties
 	 * @return the value of the nested field
 	 */
-	public static Object getFieldValue(Object bean, String fieldName)
-			throws IllegalAccessException {
+	public static Object getFieldValue(Object bean, String fieldName) throws IllegalAccessException {
 		Assert.notNull(bean, "Bean cannot be null");
 		Assert.hasText(fieldName, "Field name required");
 		String[] nestedFields = StringUtils.tokenizeToStringArray(fieldName, ".");
@@ -102,8 +96,7 @@ public final class FieldUtils {
 		}
 	}
 
-	public static void setProtectedFieldValue(String protectedField, Object object,
-			Object newValue) {
+	public static void setProtectedFieldValue(String protectedField, Object object, Object newValue) {
 		Field field = FieldUtils.getField(object.getClass(), protectedField);
 
 		try {
@@ -114,4 +107,5 @@ public final class FieldUtils {
 			ReflectionUtils.handleReflectionException(ex);
 		}
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/util/InMemoryResource.java b/core/src/main/java/org/springframework/security/util/InMemoryResource.java
index 65fe2f7bc6..61ea2cea71 100644
--- a/core/src/main/java/org/springframework/security/util/InMemoryResource.java
+++ b/core/src/main/java/org/springframework/security/util/InMemoryResource.java
@@ -33,10 +33,12 @@ import java.util.Arrays;
  * @author Luke Taylor
  */
 public class InMemoryResource extends AbstractResource {
+
 	// ~ Instance fields
 	// ================================================================================================
 
 	private final byte[] source;
+
 	private final String description;
 
 	// ~ Constructors
@@ -82,4 +84,5 @@ public class InMemoryResource extends AbstractResource {
 
 		return Arrays.equals(source, ((InMemoryResource) res).source);
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/util/MethodInvocationUtils.java b/core/src/main/java/org/springframework/security/util/MethodInvocationUtils.java
index fa4c7cd8cb..1b49cd2ec0 100644
--- a/core/src/main/java/org/springframework/security/util/MethodInvocationUtils.java
+++ b/core/src/main/java/org/springframework/security/util/MethodInvocationUtils.java
@@ -40,17 +40,14 @@ public final class MethodInvocationUtils {
 	/**
 	 * Generates a <code>MethodInvocation</code> for specified <code>methodName</code> on
 	 * the passed object, using the <code>args</code> to locate the method.
-	 *
 	 * @param object the object that will be used to find the relevant <code>Method</code>
 	 * @param methodName the name of the method to find
 	 * @param args arguments that are required as part of the method signature (can be
 	 * empty)
-	 *
 	 * @return a <code>MethodInvocation</code>, or <code>null</code> if there was a
 	 * problem
 	 */
-	public static MethodInvocation create(Object object, String methodName,
-			Object... args) {
+	public static MethodInvocation create(Object object, String methodName, Object... args) {
 		Assert.notNull(object, "Object required");
 
 		Class<?>[] classArgs = null;
@@ -95,11 +92,9 @@ public final class MethodInvocationUtils {
 	 * through the declared methods on the class, until one is found matching the supplied
 	 * name. If more than one method name matches, an <tt>IllegalArgumentException</tt>
 	 * will be raised.
-	 *
 	 * @param clazz the class of object that will be used to find the relevant
 	 * <code>Method</code>
 	 * @param methodName the name of the method to find
-	 *
 	 * @return a <code>MethodInvocation</code>, or <code>null</code> if there was a
 	 * problem
 	 */
@@ -110,9 +105,8 @@ public final class MethodInvocationUtils {
 			for (Method m : clazz.getDeclaredMethods()) {
 				if (m.getName().equals(methodName)) {
 					if (mi != null) {
-						throw new IllegalArgumentException("The class " + clazz
-								+ " has more than one method named" + " '" + methodName
-								+ "'");
+						throw new IllegalArgumentException(
+								"The class " + clazz + " has more than one method named" + " '" + methodName + "'");
 					}
 					mi = new SimpleMethodInvocation(null, m);
 				}
@@ -125,7 +119,6 @@ public final class MethodInvocationUtils {
 	/**
 	 * Generates a <code>MethodInvocation</code> for specified <code>methodName</code> on
 	 * the passed class, using the <code>args</code> to locate the method.
-	 *
 	 * @param targetObject the object being invoked
 	 * @param clazz the class of object that will be used to find the relevant
 	 * <code>Method</code>
@@ -136,8 +129,8 @@ public final class MethodInvocationUtils {
 	 * @return a <code>MethodInvocation</code>, or <code>null</code> if there was a
 	 * problem
 	 */
-	public static MethodInvocation createFromClass(Object targetObject, Class<?> clazz,
-			String methodName, Class<?>[] classArgs, Object[] args) {
+	public static MethodInvocation createFromClass(Object targetObject, Class<?> clazz, String methodName,
+			Class<?>[] classArgs, Object[] args) {
 		Assert.notNull(clazz, "Class required");
 		Assert.hasText(methodName, "MethodName required");
 
@@ -152,4 +145,5 @@ public final class MethodInvocationUtils {
 
 		return new SimpleMethodInvocation(targetObject, method, args);
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/util/SimpleMethodInvocation.java b/core/src/main/java/org/springframework/security/util/SimpleMethodInvocation.java
index a930b22f2f..ec16f61f44 100644
--- a/core/src/main/java/org/springframework/security/util/SimpleMethodInvocation.java
+++ b/core/src/main/java/org/springframework/security/util/SimpleMethodInvocation.java
@@ -27,11 +27,14 @@ import java.lang.reflect.Method;
  * @author Ben Alex
  */
 public class SimpleMethodInvocation implements MethodInvocation {
+
 	// ~ Instance fields
 	// ================================================================================================
 
 	private Method method;
+
 	private Object[] arguments;
+
 	private Object targetObject;
 
 	// ~ Constructors
@@ -68,4 +71,5 @@ public class SimpleMethodInvocation implements MethodInvocation {
 	public Object proceed() {
 		throw new UnsupportedOperationException("mock method not implemented");
 	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/util/package-info.java b/core/src/main/java/org/springframework/security/util/package-info.java
index fba13f4bed..3f3a9bdc95 100644
--- a/core/src/main/java/org/springframework/security/util/package-info.java
+++ b/core/src/main/java/org/springframework/security/util/package-info.java
@@ -14,10 +14,10 @@
  * limitations under the License.
  */
 /**
- * General utility classes used throughout the Spring Security framework. Intended for internal use.
+ * General utility classes used throughout the Spring Security framework. Intended for
+ * internal use.
  * <p>
- * This package should be standalone - it should not have dependencies on other parts of the framework,
- * just on external libraries and the JDK.
+ * This package should be standalone - it should not have dependencies on other parts of
+ * the framework, just on external libraries and the JDK.
  */
 package org.springframework.security.util;
-
diff --git a/core/src/test/java/org/springframework/security/ITargetObject.java b/core/src/test/java/org/springframework/security/ITargetObject.java
index f0460b6233..46efcfd133 100644
--- a/core/src/test/java/org/springframework/security/ITargetObject.java
+++ b/core/src/test/java/org/springframework/security/ITargetObject.java
@@ -22,6 +22,7 @@ package org.springframework.security;
  * @author Ben Alex
  */
 public interface ITargetObject {
+
 	// ~ Methods
 	// ========================================================================================================
 
@@ -34,4 +35,5 @@ public interface ITargetObject {
 	String makeUpperCase(String input);
 
 	String publicMakeLowerCase(String input);
+
 }
diff --git a/core/src/test/java/org/springframework/security/OtherTargetObject.java b/core/src/test/java/org/springframework/security/OtherTargetObject.java
index ae0d240d87..32722f405a 100644
--- a/core/src/test/java/org/springframework/security/OtherTargetObject.java
+++ b/core/src/test/java/org/springframework/security/OtherTargetObject.java
@@ -34,6 +34,7 @@ package org.springframework.security;
  * @author Ben Alex
  */
 public class OtherTargetObject extends TargetObject implements ITargetObject {
+
 	// ~ Methods
 	// ========================================================================================================
 
@@ -48,4 +49,5 @@ public class OtherTargetObject extends TargetObject implements ITargetObject {
 	public String publicMakeLowerCase(String input) {
 		return super.publicMakeLowerCase(input);
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/PopulatedDatabase.java b/core/src/test/java/org/springframework/security/PopulatedDatabase.java
index af67a37170..8c3774bacb 100644
--- a/core/src/test/java/org/springframework/security/PopulatedDatabase.java
+++ b/core/src/test/java/org/springframework/security/PopulatedDatabase.java
@@ -27,6 +27,7 @@ import javax.sql.DataSource;
  * @author Ben Alex
  */
 public class PopulatedDatabase {
+
 	// ~ Static fields/initializers
 	// =====================================================================================
 
@@ -53,11 +54,15 @@ public class PopulatedDatabase {
 		dataSource = new TestDataSource("springsecuritytest");
 		JdbcTemplate template = new JdbcTemplate(dataSource);
 
-		template.execute("CREATE TABLE USERS(USERNAME VARCHAR_IGNORECASE(50) NOT NULL PRIMARY KEY,PASSWORD VARCHAR_IGNORECASE(500) NOT NULL,ENABLED BOOLEAN NOT NULL)");
-		template.execute("CREATE TABLE AUTHORITIES(USERNAME VARCHAR_IGNORECASE(50) NOT NULL,AUTHORITY VARCHAR_IGNORECASE(50) NOT NULL,CONSTRAINT FK_AUTHORITIES_USERS FOREIGN KEY(USERNAME) REFERENCES USERS(USERNAME))");
+		template.execute(
+				"CREATE TABLE USERS(USERNAME VARCHAR_IGNORECASE(50) NOT NULL PRIMARY KEY,PASSWORD VARCHAR_IGNORECASE(500) NOT NULL,ENABLED BOOLEAN NOT NULL)");
+		template.execute(
+				"CREATE TABLE AUTHORITIES(USERNAME VARCHAR_IGNORECASE(50) NOT NULL,AUTHORITY VARCHAR_IGNORECASE(50) NOT NULL,CONSTRAINT FK_AUTHORITIES_USERS FOREIGN KEY(USERNAME) REFERENCES USERS(USERNAME))");
 		template.execute("CREATE UNIQUE INDEX IX_AUTH_USERNAME ON AUTHORITIES(USERNAME,AUTHORITY)");
-		template.execute("CREATE TABLE ACL_OBJECT_IDENTITY(ID BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 0)  NOT NULL PRIMARY KEY,OBJECT_IDENTITY VARCHAR_IGNORECASE(250) NOT NULL,PARENT_OBJECT BIGINT,ACL_CLASS VARCHAR_IGNORECASE(250) NOT NULL,CONSTRAINT UNIQUE_OBJECT_IDENTITY UNIQUE(OBJECT_IDENTITY),CONSTRAINT SYS_FK_3 FOREIGN KEY(PARENT_OBJECT) REFERENCES ACL_OBJECT_IDENTITY(ID))");
-		template.execute("CREATE TABLE ACL_PERMISSION(ID BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 0)  NOT NULL PRIMARY KEY,ACL_OBJECT_IDENTITY BIGINT NOT NULL,RECIPIENT VARCHAR_IGNORECASE(100) NOT NULL,MASK INTEGER NOT NULL,CONSTRAINT UNIQUE_RECIPIENT UNIQUE(ACL_OBJECT_IDENTITY,RECIPIENT),CONSTRAINT SYS_FK_7 FOREIGN KEY(ACL_OBJECT_IDENTITY) REFERENCES ACL_OBJECT_IDENTITY(ID))");
+		template.execute(
+				"CREATE TABLE ACL_OBJECT_IDENTITY(ID BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 0)  NOT NULL PRIMARY KEY,OBJECT_IDENTITY VARCHAR_IGNORECASE(250) NOT NULL,PARENT_OBJECT BIGINT,ACL_CLASS VARCHAR_IGNORECASE(250) NOT NULL,CONSTRAINT UNIQUE_OBJECT_IDENTITY UNIQUE(OBJECT_IDENTITY),CONSTRAINT SYS_FK_3 FOREIGN KEY(PARENT_OBJECT) REFERENCES ACL_OBJECT_IDENTITY(ID))");
+		template.execute(
+				"CREATE TABLE ACL_PERMISSION(ID BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 0)  NOT NULL PRIMARY KEY,ACL_OBJECT_IDENTITY BIGINT NOT NULL,RECIPIENT VARCHAR_IGNORECASE(100) NOT NULL,MASK INTEGER NOT NULL,CONSTRAINT UNIQUE_RECIPIENT UNIQUE(ACL_OBJECT_IDENTITY,RECIPIENT),CONSTRAINT SYS_FK_7 FOREIGN KEY(ACL_OBJECT_IDENTITY) REFERENCES ACL_OBJECT_IDENTITY(ID))");
 		template.execute("SET IGNORECASE TRUE");
 		template.execute("INSERT INTO USERS VALUES('dianne','emu',TRUE)");
 		template.execute("INSERT INTO USERS VALUES('rod','koala',TRUE)");
@@ -69,15 +74,22 @@ public class PopulatedDatabase {
 		template.execute("INSERT INTO AUTHORITIES VALUES('dianne','ROLE_TELLER')");
 		template.execute("INSERT INTO AUTHORITIES VALUES('scott','ROLE_TELLER')");
 		template.execute("INSERT INTO AUTHORITIES VALUES('peter','ROLE_TELLER')");
-		template.execute("INSERT INTO acl_object_identity VALUES (1, 'org.springframework.security.acl.DomainObject:1', null, 'org.springframework.security.acl.basic.SimpleAclEntry');");
-		template.execute("INSERT INTO acl_object_identity VALUES (2, 'org.springframework.security.acl.DomainObject:2', 1, 'org.springframework.security.acl.basic.SimpleAclEntry');");
-		template.execute("INSERT INTO acl_object_identity VALUES (3, 'org.springframework.security.acl.DomainObject:3', 1, 'org.springframework.security.acl.basic.SimpleAclEntry');");
-		template.execute("INSERT INTO acl_object_identity VALUES (4, 'org.springframework.security.acl.DomainObject:4', 1, 'org.springframework.security.acl.basic.SimpleAclEntry');");
-		template.execute("INSERT INTO acl_object_identity VALUES (5, 'org.springframework.security.acl.DomainObject:5', 3, 'org.springframework.security.acl.basic.SimpleAclEntry');");
-		template.execute("INSERT INTO acl_object_identity VALUES (6, 'org.springframework.security.acl.DomainObject:6', 3, 'org.springframework.security.acl.basic.SimpleAclEntry');");
+		template.execute(
+				"INSERT INTO acl_object_identity VALUES (1, 'org.springframework.security.acl.DomainObject:1', null, 'org.springframework.security.acl.basic.SimpleAclEntry');");
+		template.execute(
+				"INSERT INTO acl_object_identity VALUES (2, 'org.springframework.security.acl.DomainObject:2', 1, 'org.springframework.security.acl.basic.SimpleAclEntry');");
+		template.execute(
+				"INSERT INTO acl_object_identity VALUES (3, 'org.springframework.security.acl.DomainObject:3', 1, 'org.springframework.security.acl.basic.SimpleAclEntry');");
+		template.execute(
+				"INSERT INTO acl_object_identity VALUES (4, 'org.springframework.security.acl.DomainObject:4', 1, 'org.springframework.security.acl.basic.SimpleAclEntry');");
+		template.execute(
+				"INSERT INTO acl_object_identity VALUES (5, 'org.springframework.security.acl.DomainObject:5', 3, 'org.springframework.security.acl.basic.SimpleAclEntry');");
+		template.execute(
+				"INSERT INTO acl_object_identity VALUES (6, 'org.springframework.security.acl.DomainObject:6', 3, 'org.springframework.security.acl.basic.SimpleAclEntry');");
 
 		// ----- BEGIN deviation from normal sample data load script -----
-		template.execute("INSERT INTO acl_object_identity VALUES (7, 'org.springframework.security.acl.DomainObject:7', 3, 'some.invalid.acl.entry.class');");
+		template.execute(
+				"INSERT INTO acl_object_identity VALUES (7, 'org.springframework.security.acl.DomainObject:7', 3, 'some.invalid.acl.entry.class');");
 
 		// ----- FINISH deviation from normal sample data load script -----
 		template.execute("INSERT INTO acl_permission VALUES (null, 1, 'ROLE_SUPERVISOR', 1);");
@@ -92,9 +104,12 @@ public class PopulatedDatabase {
 
 	public static void createGroupTables(JdbcTemplate template) {
 		// Group tables and data
-		template.execute("CREATE TABLE GROUPS(ID BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 0) PRIMARY KEY, GROUP_NAME VARCHAR_IGNORECASE(50) NOT NULL)");
-		template.execute("CREATE TABLE GROUP_AUTHORITIES(GROUP_ID BIGINT NOT NULL, AUTHORITY VARCHAR(50) NOT NULL, CONSTRAINT FK_GROUP_AUTHORITIES_GROUP FOREIGN KEY(GROUP_ID) REFERENCES GROUPS(ID))");
-		template.execute("CREATE TABLE GROUP_MEMBERS(ID BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 0) PRIMARY KEY, USERNAME VARCHAR(50) NOT NULL, GROUP_ID BIGINT NOT NULL, CONSTRAINT FK_GROUP_MEMBERS_GROUP FOREIGN KEY(GROUP_ID) REFERENCES GROUPS(ID))");
+		template.execute(
+				"CREATE TABLE GROUPS(ID BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 0) PRIMARY KEY, GROUP_NAME VARCHAR_IGNORECASE(50) NOT NULL)");
+		template.execute(
+				"CREATE TABLE GROUP_AUTHORITIES(GROUP_ID BIGINT NOT NULL, AUTHORITY VARCHAR(50) NOT NULL, CONSTRAINT FK_GROUP_AUTHORITIES_GROUP FOREIGN KEY(GROUP_ID) REFERENCES GROUPS(ID))");
+		template.execute(
+				"CREATE TABLE GROUP_MEMBERS(ID BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 0) PRIMARY KEY, USERNAME VARCHAR(50) NOT NULL, GROUP_ID BIGINT NOT NULL, CONSTRAINT FK_GROUP_MEMBERS_GROUP FOREIGN KEY(GROUP_ID) REFERENCES GROUPS(ID))");
 	}
 
 	public static void insertGroupData(JdbcTemplate template) {
@@ -122,4 +137,5 @@ public class PopulatedDatabase {
 		template.execute("INSERT INTO GROUP_MEMBERS VALUES (2, 'tom', 1)");
 		template.execute("INSERT INTO GROUP_MEMBERS VALUES (3, 'tom', 2)");
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/TargetObject.java b/core/src/test/java/org/springframework/security/TargetObject.java
index 612d401b59..1ab1de4b5c 100644
--- a/core/src/test/java/org/springframework/security/TargetObject.java
+++ b/core/src/test/java/org/springframework/security/TargetObject.java
@@ -25,6 +25,7 @@ import org.springframework.security.core.context.SecurityContextHolder;
  * @author Ben Alex
  */
 public class TargetObject implements ITargetObject {
+
 	// ~ Methods
 	// ========================================================================================================
 
@@ -38,9 +39,7 @@ public class TargetObject implements ITargetObject {
 
 	/**
 	 * Returns the lowercase string, followed by security environment information.
-	 *
 	 * @param input the message to make lowercase
-	 *
 	 * @return the lowercase message, a space, the <code>Authentication</code> class that
 	 * was on the <code>SecurityContext</code> at the time of method invocation, and a
 	 * boolean indicating if the <code>Authentication</code> object is authenticated or
@@ -53,16 +52,13 @@ public class TargetObject implements ITargetObject {
 			return input.toLowerCase() + " Authentication empty";
 		}
 		else {
-			return input.toLowerCase() + " " + auth.getClass().getName() + " "
-					+ auth.isAuthenticated();
+			return input.toLowerCase() + " " + auth.getClass().getName() + " " + auth.isAuthenticated();
 		}
 	}
 
 	/**
 	 * Returns the uppercase string, followed by security environment information.
-	 *
 	 * @param input the message to make uppercase
-	 *
 	 * @return the uppercase message, a space, the <code>Authentication</code> class that
 	 * was on the <code>SecurityContext</code> at the time of method invocation, and a
 	 * boolean indicating if the <code>Authentication</code> object is authenticated or
@@ -71,16 +67,15 @@ public class TargetObject implements ITargetObject {
 	public String makeUpperCase(String input) {
 		Authentication auth = SecurityContextHolder.getContext().getAuthentication();
 
-		return input.toUpperCase() + " " + auth.getClass().getName() + " "
-				+ auth.isAuthenticated();
+		return input.toUpperCase() + " " + auth.getClass().getName() + " " + auth.isAuthenticated();
 	}
 
 	/**
 	 * Delegates through to the {@link #makeLowerCase(String)} method.
-	 *
 	 * @param input the message to be made lower-case
 	 */
 	public String publicMakeLowerCase(String input) {
 		return this.makeLowerCase(input);
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/TestDataSource.java b/core/src/test/java/org/springframework/security/TestDataSource.java
index 53e79e12f0..8db83922ad 100644
--- a/core/src/test/java/org/springframework/security/TestDataSource.java
+++ b/core/src/test/java/org/springframework/security/TestDataSource.java
@@ -26,6 +26,7 @@ import org.springframework.beans.factory.DisposableBean;
  * @author Luke Taylor
  */
 public class TestDataSource extends DriverManagerDataSource implements DisposableBean {
+
 	String name;
 
 	public TestDataSource(String databaseName) {
@@ -41,4 +42,5 @@ public class TestDataSource extends DriverManagerDataSource implements Disposabl
 		System.out.println("Shutting down database: " + name);
 		new JdbcTemplate(this).execute("SHUTDOWN");
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/access/AuthenticationCredentialsNotFoundEventTests.java b/core/src/test/java/org/springframework/security/access/AuthenticationCredentialsNotFoundEventTests.java
index 29e8ba822c..553c0068b9 100644
--- a/core/src/test/java/org/springframework/security/access/AuthenticationCredentialsNotFoundEventTests.java
+++ b/core/src/test/java/org/springframework/security/access/AuthenticationCredentialsNotFoundEventTests.java
@@ -31,8 +31,7 @@ public class AuthenticationCredentialsNotFoundEventTests {
 
 	@Test(expected = IllegalArgumentException.class)
 	public void testRejectsNulls() {
-		new AuthenticationCredentialsNotFoundEvent(null,
-				SecurityConfig.createList("TEST"),
+		new AuthenticationCredentialsNotFoundEvent(null, SecurityConfig.createList("TEST"),
 				new AuthenticationCredentialsNotFoundException("test"));
 	}
 
@@ -44,7 +43,8 @@ public class AuthenticationCredentialsNotFoundEventTests {
 
 	@Test(expected = IllegalArgumentException.class)
 	public void testRejectsNulls3() {
-		new AuthenticationCredentialsNotFoundEvent(new SimpleMethodInvocation(),
-				SecurityConfig.createList("TEST"), null);
+		new AuthenticationCredentialsNotFoundEvent(new SimpleMethodInvocation(), SecurityConfig.createList("TEST"),
+				null);
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/access/AuthorizationFailureEventTests.java b/core/src/test/java/org/springframework/security/access/AuthorizationFailureEventTests.java
index 31a198fddf..7f9c457056 100644
--- a/core/src/test/java/org/springframework/security/access/AuthorizationFailureEventTests.java
+++ b/core/src/test/java/org/springframework/security/access/AuthorizationFailureEventTests.java
@@ -31,11 +31,12 @@ import java.util.*;
  * @author Ben Alex
  */
 public class AuthorizationFailureEventTests {
-	private final UsernamePasswordAuthenticationToken foo = new UsernamePasswordAuthenticationToken(
-			"foo", "bar");
+
+	private final UsernamePasswordAuthenticationToken foo = new UsernamePasswordAuthenticationToken("foo", "bar");
+
 	private List<ConfigAttribute> attributes = SecurityConfig.createList("TEST");
-	private AccessDeniedException exception = new AuthorizationServiceException("error",
-			new Throwable());
+
+	private AccessDeniedException exception = new AuthorizationServiceException("error", new Throwable());
 
 	@Test(expected = IllegalArgumentException.class)
 	public void rejectsNullSecureObject() {
@@ -49,8 +50,7 @@ public class AuthorizationFailureEventTests {
 
 	@Test(expected = IllegalArgumentException.class)
 	public void rejectsNullAuthentication() {
-		new AuthorizationFailureEvent(new SimpleMethodInvocation(), attributes, null,
-				exception);
+		new AuthorizationFailureEvent(new SimpleMethodInvocation(), attributes, null, exception);
 	}
 
 	@Test(expected = IllegalArgumentException.class)
@@ -60,10 +60,10 @@ public class AuthorizationFailureEventTests {
 
 	@Test
 	public void gettersReturnCtorSuppliedData() {
-		AuthorizationFailureEvent event = new AuthorizationFailureEvent(new Object(),
-				attributes, foo, exception);
+		AuthorizationFailureEvent event = new AuthorizationFailureEvent(new Object(), attributes, foo, exception);
 		assertThat(event.getConfigAttributes()).isSameAs(attributes);
 		assertThat(event.getAccessDeniedException()).isSameAs(exception);
 		assertThat(event.getAuthentication()).isSameAs(foo);
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/access/AuthorizedEventTests.java b/core/src/test/java/org/springframework/security/access/AuthorizedEventTests.java
index dff9e761ae..ba501ab1c6 100644
--- a/core/src/test/java/org/springframework/security/access/AuthorizedEventTests.java
+++ b/core/src/test/java/org/springframework/security/access/AuthorizedEventTests.java
@@ -38,13 +38,12 @@ public class AuthorizedEventTests {
 	@Test(expected = IllegalArgumentException.class)
 	public void testRejectsNulls2() {
 
-		new AuthorizedEvent(new SimpleMethodInvocation(), null,
-				new UsernamePasswordAuthenticationToken("foo", "bar"));
+		new AuthorizedEvent(new SimpleMethodInvocation(), null, new UsernamePasswordAuthenticationToken("foo", "bar"));
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void testRejectsNulls3() {
-		new AuthorizedEvent(new SimpleMethodInvocation(),
-				SecurityConfig.createList("TEST"), null);
+		new AuthorizedEvent(new SimpleMethodInvocation(), SecurityConfig.createList("TEST"), null);
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/access/SecurityConfigTests.java b/core/src/test/java/org/springframework/security/access/SecurityConfigTests.java
index 3dc60932fd..6d99bd488b 100644
--- a/core/src/test/java/org/springframework/security/access/SecurityConfigTests.java
+++ b/core/src/test/java/org/springframework/security/access/SecurityConfigTests.java
@@ -16,7 +16,6 @@
 
 package org.springframework.security.access;
 
-
 import static org.assertj.core.api.Assertions.assertThat;
 
 import org.junit.Test;
@@ -90,6 +89,7 @@ public class SecurityConfigTests {
 	// ==================================================================================================
 
 	private class MockConfigAttribute implements ConfigAttribute {
+
 		private String attribute;
 
 		MockConfigAttribute(String configuration) {
@@ -99,5 +99,7 @@ public class SecurityConfigTests {
 		public String getAttribute() {
 			return this.attribute;
 		}
+
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/access/annotation/BusinessService.java b/core/src/test/java/org/springframework/security/access/annotation/BusinessService.java
index 2494083b2e..eff3ff65a6 100644
--- a/core/src/test/java/org/springframework/security/access/annotation/BusinessService.java
+++ b/core/src/test/java/org/springframework/security/access/annotation/BusinessService.java
@@ -29,6 +29,7 @@ import org.springframework.security.access.prepost.PreAuthorize;
 @Secured({ "ROLE_USER" })
 @PermitAll
 public interface BusinessService extends Serializable {
+
 	// ~ Methods
 	// ========================================================================================================
 
diff --git a/core/src/test/java/org/springframework/security/access/annotation/BusinessServiceImpl.java b/core/src/test/java/org/springframework/security/access/annotation/BusinessServiceImpl.java
index 5d20ea9a4a..049e74ab3e 100644
--- a/core/src/test/java/org/springframework/security/access/annotation/BusinessServiceImpl.java
+++ b/core/src/test/java/org/springframework/security/access/annotation/BusinessServiceImpl.java
@@ -19,7 +19,6 @@ import java.util.ArrayList;
 import java.util.List;
 
 /**
- *
  * @author Joe Scalise
  */
 public class BusinessServiceImpl<E extends Entity> implements BusinessService {
@@ -67,4 +66,5 @@ public class BusinessServiceImpl<E extends Entity> implements BusinessService {
 	public void rolesAllowedUser() {
 
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/access/annotation/Entity.java b/core/src/test/java/org/springframework/security/access/annotation/Entity.java
index 7d68adb48f..ecb14e67aa 100644
--- a/core/src/test/java/org/springframework/security/access/annotation/Entity.java
+++ b/core/src/test/java/org/springframework/security/access/annotation/Entity.java
@@ -22,6 +22,8 @@ package org.springframework.security.access.annotation;
  *
  */
 public class Entity {
+
 	public Entity(String someParameter) {
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/access/annotation/ExpressionProtectedBusinessServiceImpl.java b/core/src/test/java/org/springframework/security/access/annotation/ExpressionProtectedBusinessServiceImpl.java
index 9652dab648..aa786b5f63 100644
--- a/core/src/test/java/org/springframework/security/access/annotation/ExpressionProtectedBusinessServiceImpl.java
+++ b/core/src/test/java/org/springframework/security/access/annotation/ExpressionProtectedBusinessServiceImpl.java
@@ -67,4 +67,5 @@ public class ExpressionProtectedBusinessServiceImpl implements BusinessService {
 	public void rolesAllowedUser() {
 
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/access/annotation/Jsr250BusinessServiceImpl.java b/core/src/test/java/org/springframework/security/access/annotation/Jsr250BusinessServiceImpl.java
index c09c0bab3c..7f8fe3f017 100644
--- a/core/src/test/java/org/springframework/security/access/annotation/Jsr250BusinessServiceImpl.java
+++ b/core/src/test/java/org/springframework/security/access/annotation/Jsr250BusinessServiceImpl.java
@@ -22,7 +22,6 @@ import javax.annotation.security.RolesAllowed;
 import javax.annotation.security.PermitAll;
 
 /**
- *
  * @author Luke Taylor
  */
 @PermitAll
@@ -68,4 +67,5 @@ public class Jsr250BusinessServiceImpl implements BusinessService {
 	public void rolesAllowedUser() {
 
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSourceTests.java b/core/src/test/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSourceTests.java
index 2e2597160b..7e78a22718 100644
--- a/core/src/test/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSourceTests.java
+++ b/core/src/test/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSourceTests.java
@@ -49,8 +49,7 @@ public class Jsr250MethodSecurityMetadataSourceTests {
 	}
 
 	private ConfigAttribute[] findAttributes(String methodName) throws Exception {
-		return this.mds.findAttributes(this.a.getClass().getMethod(methodName), null)
-				.toArray(new ConfigAttribute[0]);
+		return this.mds.findAttributes(this.a.getClass().getMethod(methodName), null).toArray(new ConfigAttribute[0]);
 	}
 
 	@Test
@@ -64,8 +63,7 @@ public class Jsr250MethodSecurityMetadataSourceTests {
 	public void permitAllMethodHasPermitAllAttribute() throws Exception {
 		ConfigAttribute[] accessAttributes = findAttributes("permitAllMethod");
 		assertThat(accessAttributes).hasSize(1);
-		assertThat(accessAttributes[0].toString())
-				.isEqualTo("javax.annotation.security.PermitAll");
+		assertThat(accessAttributes[0].toString()).isEqualTo("javax.annotation.security.PermitAll");
 	}
 
 	@Test
@@ -77,15 +75,15 @@ public class Jsr250MethodSecurityMetadataSourceTests {
 
 	@Test
 	public void classRoleIsAppliedToNoRoleMethod() throws Exception {
-		Collection<ConfigAttribute> accessAttributes = this.mds.findAttributes(
-				this.userAllowed.getClass().getMethod("noRoleMethod"), null);
+		Collection<ConfigAttribute> accessAttributes = this.mds
+				.findAttributes(this.userAllowed.getClass().getMethod("noRoleMethod"), null);
 		assertThat(accessAttributes).isNull();
 	}
 
 	@Test
 	public void methodRoleOverridesClassRole() throws Exception {
-		Collection<ConfigAttribute> accessAttributes = this.mds.findAttributes(
-				this.userAllowed.getClass().getMethod("adminMethod"), null);
+		Collection<ConfigAttribute> accessAttributes = this.mds
+				.findAttributes(this.userAllowed.getClass().getMethod("adminMethod"), null);
 		assertThat(accessAttributes).hasSize(1);
 		assertThat(accessAttributes.toArray()[0].toString()).isEqualTo("ROLE_ADMIN");
 	}
@@ -130,26 +128,21 @@ public class Jsr250MethodSecurityMetadataSourceTests {
 	 * Class-level annotations only affect the class they annotate and their members, that
 	 * is, its methods and fields. They never affect a member declared by a superclass,
 	 * even if it is not hidden or overridden by the class in question.
-	 *
 	 * @throws Exception
 	 */
 	@Test
-	public void classLevelAnnotationsOnlyAffectTheClassTheyAnnotateAndTheirMembers()
-			throws Exception {
+	public void classLevelAnnotationsOnlyAffectTheClassTheyAnnotateAndTheirMembers() throws Exception {
 		Child target = new Child();
-		MockMethodInvocation mi = new MockMethodInvocation(target, target.getClass(),
-				"notOverriden");
+		MockMethodInvocation mi = new MockMethodInvocation(target, target.getClass(), "notOverriden");
 
 		Collection<ConfigAttribute> accessAttributes = this.mds.getAttributes(mi);
 		assertThat(accessAttributes).isNull();
 	}
 
 	@Test
-	public void classLevelAnnotationsOnlyAffectTheClassTheyAnnotateAndTheirMembersOverriden()
-			throws Exception {
+	public void classLevelAnnotationsOnlyAffectTheClassTheyAnnotateAndTheirMembersOverriden() throws Exception {
 		Child target = new Child();
-		MockMethodInvocation mi = new MockMethodInvocation(target, target.getClass(),
-				"overriden");
+		MockMethodInvocation mi = new MockMethodInvocation(target, target.getClass(), "overriden");
 
 		Collection<ConfigAttribute> accessAttributes = this.mds.getAttributes(mi);
 		assertThat(accessAttributes).hasSize(1);
@@ -159,8 +152,7 @@ public class Jsr250MethodSecurityMetadataSourceTests {
 	@Test
 	public void classLevelAnnotationsImpactMemberLevel() throws Exception {
 		Child target = new Child();
-		MockMethodInvocation mi = new MockMethodInvocation(target, target.getClass(),
-				"defaults");
+		MockMethodInvocation mi = new MockMethodInvocation(target, target.getClass(), "defaults");
 
 		Collection<ConfigAttribute> accessAttributes = this.mds.getAttributes(mi);
 		assertThat(accessAttributes).hasSize(1);
@@ -168,11 +160,9 @@ public class Jsr250MethodSecurityMetadataSourceTests {
 	}
 
 	@Test
-	public void classLevelAnnotationsIgnoredByExplicitMemberAnnotation()
-			throws Exception {
+	public void classLevelAnnotationsIgnoredByExplicitMemberAnnotation() throws Exception {
 		Child target = new Child();
-		MockMethodInvocation mi = new MockMethodInvocation(target, target.getClass(),
-				"explicitMethod");
+		MockMethodInvocation mi = new MockMethodInvocation(target, target.getClass(), "explicitMethod");
 
 		Collection<ConfigAttribute> accessAttributes = this.mds.getAttributes(mi);
 		assertThat(accessAttributes).hasSize(1);
@@ -182,14 +172,12 @@ public class Jsr250MethodSecurityMetadataSourceTests {
 	/**
 	 * The interfaces implemented by a class never contribute annotations to the class
 	 * itself or any of its members.
-	 *
 	 * @throws Exception
 	 */
 	@Test
 	public void interfacesNeverContributeAnnotationsMethodLevel() throws Exception {
 		Parent target = new Parent();
-		MockMethodInvocation mi = new MockMethodInvocation(target, target.getClass(),
-				"interfaceMethod");
+		MockMethodInvocation mi = new MockMethodInvocation(target, target.getClass(), "interfaceMethod");
 
 		Collection<ConfigAttribute> accessAttributes = this.mds.getAttributes(mi);
 		assertThat(accessAttributes).isEmpty();
@@ -198,8 +186,7 @@ public class Jsr250MethodSecurityMetadataSourceTests {
 	@Test
 	public void interfacesNeverContributeAnnotationsClassLevel() throws Exception {
 		Parent target = new Parent();
-		MockMethodInvocation mi = new MockMethodInvocation(target, target.getClass(),
-				"notOverriden");
+		MockMethodInvocation mi = new MockMethodInvocation(target, target.getClass(), "notOverriden");
 
 		Collection<ConfigAttribute> accessAttributes = this.mds.getAttributes(mi);
 		assertThat(accessAttributes).isEmpty();
@@ -208,8 +195,7 @@ public class Jsr250MethodSecurityMetadataSourceTests {
 	@Test
 	public void annotationsOnOverriddenMemberIgnored() throws Exception {
 		Child target = new Child();
-		MockMethodInvocation mi = new MockMethodInvocation(target, target.getClass(),
-				"overridenIgnored");
+		MockMethodInvocation mi = new MockMethodInvocation(target, target.getClass(), "overridenIgnored");
 
 		Collection<ConfigAttribute> accessAttributes = this.mds.getAttributes(mi);
 		assertThat(accessAttributes).hasSize(1);
@@ -235,6 +221,7 @@ public class Jsr250MethodSecurityMetadataSourceTests {
 		@PermitAll
 		public void permitAllMethod() {
 		}
+
 	}
 
 	@RolesAllowed("USER")
@@ -246,6 +233,7 @@ public class Jsr250MethodSecurityMetadataSourceTests {
 		@RolesAllowed("ADMIN")
 		public void adminMethod() {
 		}
+
 	}
 
 	// JSR-250 Spec
@@ -255,6 +243,7 @@ public class Jsr250MethodSecurityMetadataSourceTests {
 
 		@RolesAllowed("INTERFACEMETHOD")
 		void interfaceMethod();
+
 	}
 
 	static class Parent implements IParent {
@@ -271,6 +260,7 @@ public class Jsr250MethodSecurityMetadataSourceTests {
 		@RolesAllowed("OVERRIDENIGNORED")
 		public void overridenIgnored() {
 		}
+
 	}
 
 	@RolesAllowed("DERIVED")
@@ -290,5 +280,7 @@ public class Jsr250MethodSecurityMetadataSourceTests {
 		@RolesAllowed("EXPLICIT")
 		public void explicitMethod() {
 		}
+
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/access/annotation/Jsr250VoterTests.java b/core/src/test/java/org/springframework/security/access/annotation/Jsr250VoterTests.java
index 6157b00309..2966163871 100644
--- a/core/src/test/java/org/springframework/security/access/annotation/Jsr250VoterTests.java
+++ b/core/src/test/java/org/springframework/security/access/annotation/Jsr250VoterTests.java
@@ -27,7 +27,6 @@ import org.springframework.security.access.SecurityConfig;
 import org.springframework.security.authentication.TestingAuthenticationToken;
 
 /**
- *
  * @author Luke Taylor
  */
 public class Jsr250VoterTests {
@@ -42,19 +41,18 @@ public class Jsr250VoterTests {
 		attrs.add(new Jsr250SecurityConfig("B"));
 		attrs.add(new Jsr250SecurityConfig("C"));
 
-		assertThat(voter.vote(
-				new TestingAuthenticationToken("user", "pwd", "A"), new Object(), attrs)).isEqualTo(AccessDecisionVoter.ACCESS_GRANTED);
-		assertThat(voter.vote(
-				new TestingAuthenticationToken("user", "pwd", "B"), new Object(), attrs)).isEqualTo(AccessDecisionVoter.ACCESS_GRANTED);
-		assertThat(voter.vote(
-				new TestingAuthenticationToken("user", "pwd", "C"), new Object(), attrs)).isEqualTo(AccessDecisionVoter.ACCESS_GRANTED);
+		assertThat(voter.vote(new TestingAuthenticationToken("user", "pwd", "A"), new Object(), attrs))
+				.isEqualTo(AccessDecisionVoter.ACCESS_GRANTED);
+		assertThat(voter.vote(new TestingAuthenticationToken("user", "pwd", "B"), new Object(), attrs))
+				.isEqualTo(AccessDecisionVoter.ACCESS_GRANTED);
+		assertThat(voter.vote(new TestingAuthenticationToken("user", "pwd", "C"), new Object(), attrs))
+				.isEqualTo(AccessDecisionVoter.ACCESS_GRANTED);
 
-		assertThat(voter.vote(
-				new TestingAuthenticationToken("user", "pwd", "NONE"), new Object(),
-				attrs)).isEqualTo(AccessDecisionVoter.ACCESS_DENIED);
+		assertThat(voter.vote(new TestingAuthenticationToken("user", "pwd", "NONE"), new Object(), attrs))
+				.isEqualTo(AccessDecisionVoter.ACCESS_DENIED);
 
-		assertThat(voter.vote(
-				new TestingAuthenticationToken("user", "pwd", "A"), new Object(),
+		assertThat(voter.vote(new TestingAuthenticationToken("user", "pwd", "A"), new Object(),
 				SecurityConfig.createList("A", "B", "C"))).isEqualTo(AccessDecisionVoter.ACCESS_ABSTAIN);
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSourceTests.java b/core/src/test/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSourceTests.java
index ad60044daa..d9364734c8 100644
--- a/core/src/test/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSourceTests.java
+++ b/core/src/test/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSourceTests.java
@@ -47,6 +47,7 @@ import org.springframework.security.core.GrantedAuthority;
  * @author Luke Taylor
  */
 public class SecuredAnnotationSecurityMetadataSourceTests {
+
 	// ~ Instance fields
 	// ================================================================================================
 
@@ -60,15 +61,13 @@ public class SecuredAnnotationSecurityMetadataSourceTests {
 		Method method = null;
 
 		try {
-			method = DepartmentServiceImpl.class.getMethod("someUserMethod3",
-					new Class[] { Department.class });
+			method = DepartmentServiceImpl.class.getMethod("someUserMethod3", new Class[] { Department.class });
 		}
 		catch (NoSuchMethodException unexpected) {
 			fail("Should be a superMethod called 'someUserMethod3' on class!");
 		}
 
-		Collection<ConfigAttribute> attrs = mds.findAttributes(method,
-				DepartmentServiceImpl.class);
+		Collection<ConfigAttribute> attrs = mds.findAttributes(method, DepartmentServiceImpl.class);
 
 		assertThat(attrs).isNotNull();
 
@@ -77,22 +76,19 @@ public class SecuredAnnotationSecurityMetadataSourceTests {
 
 		// should have 1 SecurityConfig
 		for (ConfigAttribute sc : attrs) {
-			assertThat(sc.getAttribute()).as("Found an incorrect role").isEqualTo(
-					"ROLE_ADMIN");
+			assertThat(sc.getAttribute()).as("Found an incorrect role").isEqualTo("ROLE_ADMIN");
 		}
 
 		Method superMethod = null;
 
 		try {
-			superMethod = DepartmentServiceImpl.class.getMethod("someUserMethod3",
-					new Class[] { Entity.class });
+			superMethod = DepartmentServiceImpl.class.getMethod("someUserMethod3", new Class[] { Entity.class });
 		}
 		catch (NoSuchMethodException unexpected) {
 			fail("Should be a superMethod called 'someUserMethod3' on class!");
 		}
 
-		Collection<ConfigAttribute> superAttrs = this.mds.findAttributes(superMethod,
-				DepartmentServiceImpl.class);
+		Collection<ConfigAttribute> superAttrs = this.mds.findAttributes(superMethod, DepartmentServiceImpl.class);
 
 		assertThat(superAttrs).isNotNull();
 
@@ -101,15 +97,13 @@ public class SecuredAnnotationSecurityMetadataSourceTests {
 		assertThat(superAttrs).as("Did not find 1 attribute").hasSize(1);
 		// should have 1 SecurityConfig
 		for (ConfigAttribute sc : superAttrs) {
-			assertThat(sc.getAttribute()).as("Found an incorrect role").isEqualTo(
-					"ROLE_ADMIN");
+			assertThat(sc.getAttribute()).as("Found an incorrect role").isEqualTo("ROLE_ADMIN");
 		}
 	}
 
 	@Test
 	public void classLevelAttributesAreFound() {
-		Collection<ConfigAttribute> attrs = this.mds.findAttributes(
-				BusinessService.class);
+		Collection<ConfigAttribute> attrs = this.mds.findAttributes(BusinessService.class);
 
 		assertThat(attrs).isNotNull();
 
@@ -127,15 +121,13 @@ public class SecuredAnnotationSecurityMetadataSourceTests {
 		Method method = null;
 
 		try {
-			method = BusinessService.class.getMethod("someUserAndAdminMethod",
-					new Class[] {});
+			method = BusinessService.class.getMethod("someUserAndAdminMethod", new Class[] {});
 		}
 		catch (NoSuchMethodException unexpected) {
 			fail("Should be a method called 'someUserAndAdminMethod' on class!");
 		}
 
-		Collection<ConfigAttribute> attrs = this.mds.findAttributes(method,
-				BusinessService.class);
+		Collection<ConfigAttribute> attrs = this.mds.findAttributes(method, BusinessService.class);
 
 		// expect 2 attributes
 		assertThat(attrs).hasSize(2);
@@ -164,19 +156,16 @@ public class SecuredAnnotationSecurityMetadataSourceTests {
 	public void customAnnotationAttributesAreFound() {
 		SecuredAnnotationSecurityMetadataSource mds = new SecuredAnnotationSecurityMetadataSource(
 				new CustomSecurityAnnotationMetadataExtractor());
-		Collection<ConfigAttribute> attrs = mds.findAttributes(
-				CustomAnnotatedService.class);
+		Collection<ConfigAttribute> attrs = mds.findAttributes(CustomAnnotatedService.class);
 		assertThat(attrs).containsOnly(SecurityEnum.ADMIN);
 	}
 
 	@Test
 	public void annotatedAnnotationAtClassLevelIsDetected() throws Exception {
-		MockMethodInvocation annotatedAtClassLevel = new MockMethodInvocation(
-				new AnnotatedAnnotationAtClassLevel(), ReturnVoid.class, "doSomething",
-				List.class);
+		MockMethodInvocation annotatedAtClassLevel = new MockMethodInvocation(new AnnotatedAnnotationAtClassLevel(),
+				ReturnVoid.class, "doSomething", List.class);
 
-		ConfigAttribute[] attrs = mds.getAttributes(annotatedAtClassLevel).toArray(
-				new ConfigAttribute[0]);
+		ConfigAttribute[] attrs = mds.getAttributes(annotatedAtClassLevel).toArray(new ConfigAttribute[0]);
 
 		assertThat(attrs).hasSize(1);
 		assertThat(attrs).extracting("attribute").containsOnly("CUSTOM");
@@ -185,11 +174,9 @@ public class SecuredAnnotationSecurityMetadataSourceTests {
 	@Test
 	public void annotatedAnnotationAtInterfaceLevelIsDetected() throws Exception {
 		MockMethodInvocation annotatedAtInterfaceLevel = new MockMethodInvocation(
-				new AnnotatedAnnotationAtInterfaceLevel(), ReturnVoid2.class,
-				"doSomething", List.class);
+				new AnnotatedAnnotationAtInterfaceLevel(), ReturnVoid2.class, "doSomething", List.class);
 
-		ConfigAttribute[] attrs = mds.getAttributes(annotatedAtInterfaceLevel).toArray(
-				new ConfigAttribute[0]);
+		ConfigAttribute[] attrs = mds.getAttributes(annotatedAtInterfaceLevel).toArray(new ConfigAttribute[0]);
 
 		assertThat(attrs).hasSize(1);
 		assertThat(attrs).extracting("attribute").containsOnly("CUSTOM");
@@ -197,11 +184,9 @@ public class SecuredAnnotationSecurityMetadataSourceTests {
 
 	@Test
 	public void annotatedAnnotationAtMethodLevelIsDetected() throws Exception {
-		MockMethodInvocation annotatedAtMethodLevel = new MockMethodInvocation(
-				new AnnotatedAnnotationAtMethodLevel(), ReturnVoid.class, "doSomething",
-				List.class);
-		ConfigAttribute[] attrs = mds.getAttributes(annotatedAtMethodLevel).toArray(
-				new ConfigAttribute[0]);
+		MockMethodInvocation annotatedAtMethodLevel = new MockMethodInvocation(new AnnotatedAnnotationAtMethodLevel(),
+				ReturnVoid.class, "doSomething", List.class);
+		ConfigAttribute[] attrs = mds.getAttributes(annotatedAtMethodLevel).toArray(new ConfigAttribute[0]);
 
 		assertThat(attrs).hasSize(1);
 		assertThat(attrs).extracting("attribute").containsOnly("CUSTOM");
@@ -221,34 +206,39 @@ public class SecuredAnnotationSecurityMetadataSourceTests {
 		Department(String name) {
 			super(name);
 		}
+
 	}
 
 	interface DepartmentService extends BusinessService {
 
 		@Secured({ "ROLE_USER" })
 		Department someUserMethod3(Department dept);
+
 	}
 
 	@SuppressWarnings("serial")
-	class DepartmentServiceImpl extends BusinessServiceImpl<Department>
-			implements DepartmentService {
+	class DepartmentServiceImpl extends BusinessServiceImpl<Department> implements DepartmentService {
 
 		@Secured({ "ROLE_ADMIN" })
 		public Department someUserMethod3(final Department dept) {
 			return super.someUserMethod3(dept);
 		}
+
 	}
 
 	// SEC-1491 Related classes. PoC for custom annotation with enum value.
 
 	@CustomSecurityAnnotation(SecurityEnum.ADMIN)
 	interface CustomAnnotatedService {
+
 	}
 
 	class CustomAnnotatedServiceImpl implements CustomAnnotatedService {
+
 	}
 
 	enum SecurityEnum implements ConfigAttribute, GrantedAuthority {
+
 		ADMIN, USER;
 
 		public String getAttribute() {
@@ -258,24 +248,25 @@ public class SecuredAnnotationSecurityMetadataSourceTests {
 		public String getAuthority() {
 			return toString();
 		}
+
 	}
 
 	@Target({ ElementType.METHOD, ElementType.TYPE })
 	@Retention(RetentionPolicy.RUNTIME)
 	@interface CustomSecurityAnnotation {
 
-		SecurityEnum[]value();
+		SecurityEnum[] value();
+
 	}
 
-	class CustomSecurityAnnotationMetadataExtractor
-			implements AnnotationMetadataExtractor<CustomSecurityAnnotation> {
+	class CustomSecurityAnnotationMetadataExtractor implements AnnotationMetadataExtractor<CustomSecurityAnnotation> {
 
-		public Collection<? extends ConfigAttribute> extractAttributes(
-				CustomSecurityAnnotation securityAnnotation) {
+		public Collection<? extends ConfigAttribute> extractAttributes(CustomSecurityAnnotation securityAnnotation) {
 			SecurityEnum[] values = securityAnnotation.value();
 
 			return EnumSet.copyOf(Arrays.asList(values));
 		}
+
 	}
 
 	@Target({ ElementType.METHOD, ElementType.TYPE })
@@ -283,17 +274,20 @@ public class SecuredAnnotationSecurityMetadataSourceTests {
 	@Inherited
 	@Secured("CUSTOM")
 	public @interface AnnotatedAnnotation {
+
 	}
 
 	public interface ReturnVoid {
 
 		void doSomething(List<?> param);
+
 	}
 
 	@AnnotatedAnnotation
 	public interface ReturnVoid2 {
 
 		void doSomething(List<?> param);
+
 	}
 
 	@AnnotatedAnnotation
@@ -301,12 +295,14 @@ public class SecuredAnnotationSecurityMetadataSourceTests {
 
 		public void doSomething(List<?> param) {
 		}
+
 	}
 
 	public static class AnnotatedAnnotationAtInterfaceLevel implements ReturnVoid2 {
 
 		public void doSomething(List<?> param) {
 		}
+
 	}
 
 	public static class AnnotatedAnnotationAtMethodLevel implements ReturnVoid {
@@ -314,5 +310,7 @@ public class SecuredAnnotationSecurityMetadataSourceTests {
 		@AnnotatedAnnotation
 		public void doSomething(List<?> param) {
 		}
+
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/access/annotation/sec2150/CrudRepository.java b/core/src/test/java/org/springframework/security/access/annotation/sec2150/CrudRepository.java
index 67e38337bf..6dbc29e864 100644
--- a/core/src/test/java/org/springframework/security/access/annotation/sec2150/CrudRepository.java
+++ b/core/src/test/java/org/springframework/security/access/annotation/sec2150/CrudRepository.java
@@ -18,4 +18,5 @@ package org.springframework.security.access.annotation.sec2150;
 public interface CrudRepository {
 
 	Iterable<Object> findAll();
+
 }
\ No newline at end of file
diff --git a/core/src/test/java/org/springframework/security/access/annotation/sec2150/MethodInvocationFactory.java b/core/src/test/java/org/springframework/security/access/annotation/sec2150/MethodInvocationFactory.java
index fdc35340af..bfde1eb1f5 100644
--- a/core/src/test/java/org/springframework/security/access/annotation/sec2150/MethodInvocationFactory.java
+++ b/core/src/test/java/org/springframework/security/access/annotation/sec2150/MethodInvocationFactory.java
@@ -23,15 +23,14 @@ public class MethodInvocationFactory {
 	/**
 	 * In order to reproduce the bug for SEC-2150, we must have a proxy object that
 	 * implements TargetSourceAware and implements our annotated interface.
-	 *
 	 * @return
 	 * @throws NoSuchMethodException
 	 */
-	public static MockMethodInvocation createSec2150MethodInvocation()
-			throws NoSuchMethodException {
+	public static MockMethodInvocation createSec2150MethodInvocation() throws NoSuchMethodException {
 		ProxyFactory factory = new ProxyFactory(new Class[] { PersonRepository.class });
 		factory.setTargetClass(CrudRepository.class);
 		PersonRepository repository = (PersonRepository) factory.getProxy();
 		return new MockMethodInvocation(repository, PersonRepository.class, "findAll");
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/access/annotation/sec2150/PersonRepository.java b/core/src/test/java/org/springframework/security/access/annotation/sec2150/PersonRepository.java
index 59dcae3a1b..221badfa3c 100644
--- a/core/src/test/java/org/springframework/security/access/annotation/sec2150/PersonRepository.java
+++ b/core/src/test/java/org/springframework/security/access/annotation/sec2150/PersonRepository.java
@@ -28,4 +28,5 @@ import org.springframework.security.access.prepost.PreAuthorize;
 @Secured("ROLE_PERSON")
 @PreAuthorize("hasRole('ROLE_PERSON')")
 public interface PersonRepository extends CrudRepository {
+
 }
\ No newline at end of file
diff --git a/core/src/test/java/org/springframework/security/access/expression/AbstractSecurityExpressionHandlerTests.java b/core/src/test/java/org/springframework/security/access/expression/AbstractSecurityExpressionHandlerTests.java
index 7b371e123c..1ed4adbd51 100644
--- a/core/src/test/java/org/springframework/security/access/expression/AbstractSecurityExpressionHandlerTests.java
+++ b/core/src/test/java/org/springframework/security/access/expression/AbstractSecurityExpressionHandlerTests.java
@@ -32,14 +32,15 @@ import org.springframework.security.core.Authentication;
  * @author Luke Taylor
  */
 public class AbstractSecurityExpressionHandlerTests {
+
 	private AbstractSecurityExpressionHandler<Object> handler;
 
 	@Before
 	public void setUp() {
 		handler = new AbstractSecurityExpressionHandler<Object>() {
 			@Override
-			protected SecurityExpressionOperations createSecurityExpressionRoot(
-					Authentication authentication, Object o) {
+			protected SecurityExpressionOperations createSecurityExpressionRoot(Authentication authentication,
+					Object o) {
 				return new SecurityExpressionRoot(authentication) {
 				};
 			}
@@ -48,13 +49,11 @@ public class AbstractSecurityExpressionHandlerTests {
 
 	@Test
 	public void beanNamesAreCorrectlyResolved() {
-		handler.setApplicationContext(new AnnotationConfigApplicationContext(
-				TestConfiguration.class));
+		handler.setApplicationContext(new AnnotationConfigApplicationContext(TestConfiguration.class));
 
-		Expression expression = handler.getExpressionParser().parseExpression(
-				"@number10.compareTo(@number20) < 0");
-		assertThat(expression.getValue(handler.createEvaluationContext(
-				mock(Authentication.class), new Object()))).isEqualTo(true);
+		Expression expression = handler.getExpressionParser().parseExpression("@number10.compareTo(@number20) < 0");
+		assertThat(expression.getValue(handler.createEvaluationContext(mock(Authentication.class), new Object())))
+				.isEqualTo(true);
 	}
 
 	@Test(expected = IllegalArgumentException.class)
@@ -68,6 +67,7 @@ public class AbstractSecurityExpressionHandlerTests {
 		handler.setExpressionParser(parser);
 		assertThat(parser == handler.getExpressionParser()).isTrue();
 	}
+
 }
 
 @Configuration
@@ -82,4 +82,5 @@ class TestConfiguration {
 	Integer number20() {
 		return 20;
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/access/expression/SecurityExpressionRootTests.java b/core/src/test/java/org/springframework/security/access/expression/SecurityExpressionRootTests.java
index 3efa1cefc1..43ff2d07a2 100644
--- a/core/src/test/java/org/springframework/security/access/expression/SecurityExpressionRootTests.java
+++ b/core/src/test/java/org/springframework/security/access/expression/SecurityExpressionRootTests.java
@@ -19,7 +19,6 @@ import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.when;
 import static org.assertj.core.api.Assertions.*;
 
-
 import org.junit.Before;
 import org.junit.Test;
 import org.springframework.security.authentication.AuthenticationTrustResolver;
@@ -28,13 +27,12 @@ import org.springframework.security.core.Authentication;
 import org.springframework.security.core.authority.AuthorityUtils;
 
 /**
- *
  * @author Luke Taylor
  * @since 3.0
  */
 public class SecurityExpressionRootTests {
-	final static Authentication JOE = new TestingAuthenticationToken("joe", "pass",
-			"ROLE_A", "ROLE_B");
+
+	final static Authentication JOE = new TestingAuthenticationToken("joe", "pass", "ROLE_A", "ROLE_B");
 
 	SecurityExpressionRoot root;
 
@@ -135,4 +133,5 @@ public class SecurityExpressionRootTests {
 		assertThat(root.hasAnyAuthority("NO", "A")).isFalse();
 		assertThat(root.hasAnyAuthority("ROLE_A", "NOT")).isTrue();
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandlerTests.java b/core/src/test/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandlerTests.java
index 85dd94acd4..b229ed632a 100644
--- a/core/src/test/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandlerTests.java
+++ b/core/src/test/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandlerTests.java
@@ -41,12 +41,15 @@ import static org.mockito.Mockito.*;
 
 @RunWith(MockitoJUnitRunner.class)
 public class DefaultMethodSecurityExpressionHandlerTests {
+
 	private DefaultMethodSecurityExpressionHandler handler;
 
 	@Mock
 	private Authentication authentication;
+
 	@Mock
 	private MethodInvocation methodInvocation;
+
 	@Mock
 	private AuthenticationTrustResolver trustResolver;
 
@@ -71,10 +74,8 @@ public class DefaultMethodSecurityExpressionHandlerTests {
 	public void createEvaluationContextCustomTrustResolver() {
 		handler.setTrustResolver(trustResolver);
 
-		Expression expression = handler.getExpressionParser()
-				.parseExpression("anonymous");
-		EvaluationContext context = handler.createEvaluationContext(authentication,
-				methodInvocation);
+		Expression expression = handler.getExpressionParser().parseExpression("anonymous");
+		EvaluationContext context = handler.createEvaluationContext(authentication, methodInvocation);
 		expression.getValue(context, Boolean.class);
 
 		verify(trustResolver).isAnonymous(authentication);
@@ -90,8 +91,7 @@ public class DefaultMethodSecurityExpressionHandlerTests {
 
 		Expression expression = handler.getExpressionParser().parseExpression("filterObject.key eq 'key2'");
 
-		EvaluationContext context = handler.createEvaluationContext(authentication,
-				methodInvocation);
+		EvaluationContext context = handler.createEvaluationContext(authentication, methodInvocation);
 
 		Object filtered = handler.filter(map, expression, context);
 
@@ -112,8 +112,7 @@ public class DefaultMethodSecurityExpressionHandlerTests {
 
 		Expression expression = handler.getExpressionParser().parseExpression("filterObject.value eq 'value3'");
 
-		EvaluationContext context = handler.createEvaluationContext(authentication,
-				methodInvocation);
+		EvaluationContext context = handler.createEvaluationContext(authentication, methodInvocation);
 
 		Object filtered = handler.filter(map, expression, context);
 
@@ -132,10 +131,10 @@ public class DefaultMethodSecurityExpressionHandlerTests {
 		map.put("key2", "value2");
 		map.put("key3", "value3");
 
-		Expression expression = handler.getExpressionParser().parseExpression("(filterObject.key eq 'key1') or (filterObject.value eq 'value2')");
+		Expression expression = handler.getExpressionParser()
+				.parseExpression("(filterObject.key eq 'key1') or (filterObject.value eq 'value2')");
 
-		EvaluationContext context = handler.createEvaluationContext(authentication,
-				methodInvocation);
+		EvaluationContext context = handler.createEvaluationContext(authentication, methodInvocation);
 
 		Object filtered = handler.filter(map, expression, context);
 
@@ -153,8 +152,7 @@ public class DefaultMethodSecurityExpressionHandlerTests {
 
 		Expression expression = handler.getExpressionParser().parseExpression("filterObject ne '2'");
 
-		EvaluationContext context = handler.createEvaluationContext(authentication,
-				methodInvocation);
+		EvaluationContext context = handler.createEvaluationContext(authentication, methodInvocation);
 
 		Object filtered = handler.filter(stream, expression, context);
 
@@ -170,15 +168,17 @@ public class DefaultMethodSecurityExpressionHandlerTests {
 
 		Expression expression = handler.getExpressionParser().parseExpression("true");
 
-		EvaluationContext context = handler.createEvaluationContext(authentication,
-				methodInvocation);
+		EvaluationContext context = handler.createEvaluationContext(authentication, methodInvocation);
 
 		((Stream) handler.filter(upstream, expression, context)).close();
 		verify(upstream).close();
 	}
 
 	private static class Foo {
-		public void bar(){
+
+		public void bar() {
 		}
+
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/access/expression/method/ExpressionBasedPreInvocationAdviceTests.java b/core/src/test/java/org/springframework/security/access/expression/method/ExpressionBasedPreInvocationAdviceTests.java
index 27095641d8..aaa78cad96 100644
--- a/core/src/test/java/org/springframework/security/access/expression/method/ExpressionBasedPreInvocationAdviceTests.java
+++ b/core/src/test/java/org/springframework/security/access/expression/method/ExpressionBasedPreInvocationAdviceTests.java
@@ -50,94 +50,78 @@ public class ExpressionBasedPreInvocationAdviceTests {
 
 	@Test(expected = IllegalArgumentException.class)
 	public void findFilterTargetNameProvidedButNotMatch() throws Exception {
-		//given
-		PreInvocationAttribute attribute = new PreInvocationExpressionAttribute("true",
-																				"filterTargetDoesNotMatch",
-																				null);
+		// given
+		PreInvocationAttribute attribute = new PreInvocationExpressionAttribute("true", "filterTargetDoesNotMatch",
+				null);
 		MockMethodInvocation methodInvocation = new MockMethodInvocation(new TestClass(), TestClass.class,
-																		"doSomethingCollection",
-																		new Class[]{List.class},
-																		new Object[]{new ArrayList<>()});
-		//when - then
+				"doSomethingCollection", new Class[] { List.class }, new Object[] { new ArrayList<>() });
+		// when - then
 		expressionBasedPreInvocationAdvice.before(authentication, methodInvocation, attribute);
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void findFilterTargetNameProvidedArrayUnsupported() throws Exception {
-		//given
-		PreInvocationAttribute attribute = new PreInvocationExpressionAttribute("true",
-																					"param", null);
+		// given
+		PreInvocationAttribute attribute = new PreInvocationExpressionAttribute("true", "param", null);
 		MockMethodInvocation methodInvocation = new MockMethodInvocation(new TestClass(), TestClass.class,
-																		"doSomethingArray",
-																		new Class[]{String[].class},
-																		new Object[]{new String[0]});
-		//when - then
+				"doSomethingArray", new Class[] { String[].class }, new Object[] { new String[0] });
+		// when - then
 		expressionBasedPreInvocationAdvice.before(authentication, methodInvocation, attribute);
 	}
 
 	@Test
 	public void findFilterTargetNameProvided() throws Exception {
-		//given
+		// given
 		PreInvocationAttribute attribute = new PreInvocationExpressionAttribute("true", "param", null);
 		MockMethodInvocation methodInvocation = new MockMethodInvocation(new TestClass(), TestClass.class,
-																		"doSomethingCollection",
-																		new Class[]{List.class},
-																		new Object[]{new ArrayList<>()});
+				"doSomethingCollection", new Class[] { List.class }, new Object[] { new ArrayList<>() });
 
-		//when
-		boolean result = expressionBasedPreInvocationAdvice
-				.before(authentication, methodInvocation, attribute);
-		//then
+		// when
+		boolean result = expressionBasedPreInvocationAdvice.before(authentication, methodInvocation, attribute);
+		// then
 		assertThat(result).isTrue();
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void findFilterTargetNameNotProvidedArrayUnsupported() throws Exception {
-		//given
+		// given
 		PreInvocationAttribute attribute = new PreInvocationExpressionAttribute("true", "", null);
 		MockMethodInvocation methodInvocation = new MockMethodInvocation(new TestClass(), TestClass.class,
-																		"doSomethingArray",
-																		new Class[]{String[].class},
-																		new Object[]{new String[0]});
-		//when - then
+				"doSomethingArray", new Class[] { String[].class }, new Object[] { new String[0] });
+		// when - then
 		expressionBasedPreInvocationAdvice.before(authentication, methodInvocation, attribute);
 	}
 
 	@Test
 	public void findFilterTargetNameNotProvided() throws Exception {
-		//given
+		// given
 		PreInvocationAttribute attribute = new PreInvocationExpressionAttribute("true", "", null);
 		MockMethodInvocation methodInvocation = new MockMethodInvocation(new TestClass(), TestClass.class,
-																		"doSomethingCollection",
-																		new Class[]{List.class},
-																		new Object[]{new ArrayList<>()});
-		//when
+				"doSomethingCollection", new Class[] { List.class }, new Object[] { new ArrayList<>() });
+		// when
 		boolean result = expressionBasedPreInvocationAdvice.before(authentication, methodInvocation, attribute);
-		//then
+		// then
 		assertThat(result).isTrue();
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void findFilterTargetNameNotProvidedTypeNotSupported() throws Exception {
-		//given
+		// given
 		PreInvocationAttribute attribute = new PreInvocationExpressionAttribute("true", "", null);
 		MockMethodInvocation methodInvocation = new MockMethodInvocation(new TestClass(), TestClass.class,
-																		"doSomethingString",
-																		new Class[]{String.class},
-																		new Object[]{"param"});
-		//when - then
+				"doSomethingString", new Class[] { String.class }, new Object[] { "param" });
+		// when - then
 		expressionBasedPreInvocationAdvice.before(authentication, methodInvocation, attribute);
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void findFilterTargetNameNotProvidedMethodAcceptMoreThenOneArgument() throws Exception {
-		//given
+		// given
 		PreInvocationAttribute attribute = new PreInvocationExpressionAttribute("true", "", null);
 		MockMethodInvocation methodInvocation = new MockMethodInvocation(new TestClass(), TestClass.class,
-																		"doSomethingTwoArgs",
-																		new Class[]{String.class, List.class},
-																		new Object[]{"param", new ArrayList<>()});
-		//when - then
+				"doSomethingTwoArgs", new Class[] { String.class, List.class },
+				new Object[] { "param", new ArrayList<>() });
+		// when - then
 		expressionBasedPreInvocationAdvice.before(authentication, methodInvocation, attribute);
 	}
 
@@ -158,5 +142,7 @@ public class ExpressionBasedPreInvocationAdviceTests {
 		public Boolean doSomethingTwoArgs(String param, List<?> list) {
 			return Boolean.TRUE;
 		}
+
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/access/expression/method/MethodExpressionVoterTests.java b/core/src/test/java/org/springframework/security/access/expression/method/MethodExpressionVoterTests.java
index 0a738f2ec2..ec66b1ae3b 100644
--- a/core/src/test/java/org/springframework/security/access/expression/method/MethodExpressionVoterTests.java
+++ b/core/src/test/java/org/springframework/security/access/expression/method/MethodExpressionVoterTests.java
@@ -34,48 +34,44 @@ import org.springframework.security.util.SimpleMethodInvocation;
 
 @SuppressWarnings("unchecked")
 public class MethodExpressionVoterTests {
-	private TestingAuthenticationToken joe = new TestingAuthenticationToken("joe",
-			"joespass", "ROLE_blah");
+
+	private TestingAuthenticationToken joe = new TestingAuthenticationToken("joe", "joespass", "ROLE_blah");
+
 	private PreInvocationAuthorizationAdviceVoter am = new PreInvocationAuthorizationAdviceVoter(
 			new ExpressionBasedPreInvocationAdvice());
 
 	@Test
 	public void hasRoleExpressionAllowsUserWithRole() throws Exception {
-		MethodInvocation mi = new SimpleMethodInvocation(new TargetImpl(),
-				methodTakingAnArray());
-		assertThat(am.vote(joe, mi,
-				createAttributes(new PreInvocationExpressionAttribute(null, null,
-						"hasRole('blah')")))).isEqualTo(AccessDecisionVoter.ACCESS_GRANTED);
+		MethodInvocation mi = new SimpleMethodInvocation(new TargetImpl(), methodTakingAnArray());
+		assertThat(
+				am.vote(joe, mi, createAttributes(new PreInvocationExpressionAttribute(null, null, "hasRole('blah')"))))
+						.isEqualTo(AccessDecisionVoter.ACCESS_GRANTED);
 	}
 
 	@Test
 	public void hasRoleExpressionDeniesUserWithoutRole() throws Exception {
 		List<ConfigAttribute> cad = new ArrayList<>(1);
 		cad.add(new PreInvocationExpressionAttribute(null, null, "hasRole('joedoesnt')"));
-		MethodInvocation mi = new SimpleMethodInvocation(new TargetImpl(),
-				methodTakingAnArray());
+		MethodInvocation mi = new SimpleMethodInvocation(new TargetImpl(), methodTakingAnArray());
 		assertThat(am.vote(joe, mi, cad)).isEqualTo(AccessDecisionVoter.ACCESS_DENIED);
 	}
 
 	@Test
 	public void matchingArgAgainstAuthenticationNameIsSuccessful() throws Exception {
-		MethodInvocation mi = new SimpleMethodInvocation(new TargetImpl(),
-				methodTakingAString(), "joe");
+		MethodInvocation mi = new SimpleMethodInvocation(new TargetImpl(), methodTakingAString(), "joe");
 		assertThat(am.vote(joe, mi,
 				createAttributes(new PreInvocationExpressionAttribute(null, null,
 						"(#argument == principal) and (principal == 'joe')"))))
-			.isEqualTo(AccessDecisionVoter.ACCESS_GRANTED);
+								.isEqualTo(AccessDecisionVoter.ACCESS_GRANTED);
 	}
 
 	@Test
 	public void accessIsGrantedIfNoPreAuthorizeAttributeIsUsed() throws Exception {
 		Collection arg = createCollectionArg("joe", "bob", "sam");
-		MethodInvocation mi = new SimpleMethodInvocation(new TargetImpl(),
-				methodTakingACollection(), arg);
+		MethodInvocation mi = new SimpleMethodInvocation(new TargetImpl(), methodTakingACollection(), arg);
 		assertThat(am.vote(joe, mi,
-				createAttributes(new PreInvocationExpressionAttribute(
-						"(filterObject == 'jim')", "collection", null))))
-			.isEqualTo(AccessDecisionVoter.ACCESS_GRANTED);
+				createAttributes(new PreInvocationExpressionAttribute("(filterObject == 'jim')", "collection", null))))
+						.isEqualTo(AccessDecisionVoter.ACCESS_GRANTED);
 		// All objects should have been removed, because the expression is always false
 		assertThat(arg).isEmpty();
 	}
@@ -83,46 +79,42 @@ public class MethodExpressionVoterTests {
 	@Test
 	public void collectionPreFilteringIsSuccessful() throws Exception {
 		List arg = createCollectionArg("joe", "bob", "sam");
-		MethodInvocation mi = new SimpleMethodInvocation(new TargetImpl(),
-				methodTakingACollection(), arg);
+		MethodInvocation mi = new SimpleMethodInvocation(new TargetImpl(), methodTakingACollection(), arg);
 		am.vote(joe, mi, createAttributes(new PreInvocationExpressionAttribute(
-				"(filterObject == 'joe' or filterObject == 'sam')", "collection",
-				"permitAll")));
+				"(filterObject == 'joe' or filterObject == 'sam')", "collection", "permitAll")));
 		assertThat(arg).containsExactly("joe", "sam");
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void arraysCannotBePrefiltered() throws Exception {
-		MethodInvocation mi = new SimpleMethodInvocation(new TargetImpl(),
-				methodTakingAnArray(), createArrayArg("sam", "joe"));
-		am.vote(joe, mi, createAttributes(new PreInvocationExpressionAttribute(
-				"(filterObject == 'jim')", "someArray", null)));
+		MethodInvocation mi = new SimpleMethodInvocation(new TargetImpl(), methodTakingAnArray(),
+				createArrayArg("sam", "joe"));
+		am.vote(joe, mi,
+				createAttributes(new PreInvocationExpressionAttribute("(filterObject == 'jim')", "someArray", null)));
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void incorrectFilterTargetNameIsRejected() throws Exception {
-		MethodInvocation mi = new SimpleMethodInvocation(new TargetImpl(),
-				methodTakingACollection(), createCollectionArg("joe", "bob"));
-		am.vote(joe, mi, createAttributes(new PreInvocationExpressionAttribute(
-				"(filterObject == 'joe')", "collcetion", null)));
+		MethodInvocation mi = new SimpleMethodInvocation(new TargetImpl(), methodTakingACollection(),
+				createCollectionArg("joe", "bob"));
+		am.vote(joe, mi,
+				createAttributes(new PreInvocationExpressionAttribute("(filterObject == 'joe')", "collcetion", null)));
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void nullNamedFilterTargetIsRejected() throws Exception {
-		MethodInvocation mi = new SimpleMethodInvocation(new TargetImpl(),
-				methodTakingACollection(), new Object[] { null });
-		am.vote(joe, mi, createAttributes(new PreInvocationExpressionAttribute(
-				"(filterObject == 'joe')", "collection", null)));
+		MethodInvocation mi = new SimpleMethodInvocation(new TargetImpl(), methodTakingACollection(),
+				new Object[] { null });
+		am.vote(joe, mi,
+				createAttributes(new PreInvocationExpressionAttribute("(filterObject == 'joe')", "collection", null)));
 	}
 
 	@Test
 	public void ruleDefinedInAClassMethodIsApplied() throws Exception {
-		MethodInvocation mi = new SimpleMethodInvocation(new TargetImpl(),
-				methodTakingAString(), "joe");
+		MethodInvocation mi = new SimpleMethodInvocation(new TargetImpl(), methodTakingAString(), "joe");
 		assertThat(
 
-		am.vote(joe, mi,
-				createAttributes(new PreInvocationExpressionAttribute(null, null,
+				am.vote(joe, mi, createAttributes(new PreInvocationExpressionAttribute(null, null,
 						"T(org.springframework.security.access.expression.method.SecurityRules).isJoe(#argument)"))))
 								.isEqualTo(AccessDecisionVoter.ACCESS_GRANTED);
 	}
@@ -159,14 +151,17 @@ public class MethodExpressionVoterTests {
 	// ==================================================================================================
 
 	private interface Target {
+
 		void methodTakingAnArray(Object[] args);
 
 		void methodTakingAString(String argument);
 
 		Collection methodTakingACollection(Collection collection);
+
 	}
 
 	private static class TargetImpl implements Target {
+
 		public void methodTakingAnArray(Object[] args) {
 		}
 
@@ -176,5 +171,7 @@ public class MethodExpressionVoterTests {
 		public Collection methodTakingACollection(Collection collection) {
 			return collection;
 		}
+
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/access/expression/method/MethodSecurityEvaluationContextTests.java b/core/src/test/java/org/springframework/security/access/expression/method/MethodSecurityEvaluationContextTests.java
index 18d7e9f787..5d83a6b8e8 100644
--- a/core/src/test/java/org/springframework/security/access/expression/method/MethodSecurityEvaluationContextTests.java
+++ b/core/src/test/java/org/springframework/security/access/expression/method/MethodSecurityEvaluationContextTests.java
@@ -36,10 +36,13 @@ import static org.mockito.Mockito.doReturn;
  */
 @RunWith(MockitoJUnitRunner.class)
 public class MethodSecurityEvaluationContextTests {
+
 	@Mock
 	private ParameterNameDiscoverer paramNameDiscoverer;
+
 	@Mock
 	private Authentication authentication;
+
 	@Mock
 	private MethodInvocation methodInvocation;
 
@@ -47,16 +50,16 @@ public class MethodSecurityEvaluationContextTests {
 	public void lookupVariableWhenParameterNameNullThenNotSet() {
 		Class<String> type = String.class;
 		Method method = ReflectionUtils.findMethod(String.class, "contains", CharSequence.class);
-		doReturn(new String[] {null}).when(paramNameDiscoverer).getParameterNames(method);
-		doReturn(new Object[]{null}).when(methodInvocation).getArguments();
+		doReturn(new String[] { null }).when(paramNameDiscoverer).getParameterNames(method);
+		doReturn(new Object[] { null }).when(methodInvocation).getArguments();
 		doReturn(type).when(methodInvocation).getThis();
 		doReturn(method).when(methodInvocation).getMethod();
-		NotNullVariableMethodSecurityEvaluationContext context= new NotNullVariableMethodSecurityEvaluationContext(authentication, methodInvocation, paramNameDiscoverer);
+		NotNullVariableMethodSecurityEvaluationContext context = new NotNullVariableMethodSecurityEvaluationContext(
+				authentication, methodInvocation, paramNameDiscoverer);
 		context.lookupVariable("testVariable");
 	}
 
-	private static class  NotNullVariableMethodSecurityEvaluationContext
-			extends MethodSecurityEvaluationContext {
+	private static class NotNullVariableMethodSecurityEvaluationContext extends MethodSecurityEvaluationContext {
 
 		NotNullVariableMethodSecurityEvaluationContext(Authentication auth, MethodInvocation mi,
 				ParameterNameDiscoverer parameterNameDiscoverer) {
@@ -65,12 +68,14 @@ public class MethodSecurityEvaluationContextTests {
 
 		@Override
 		public void setVariable(String name, @Nullable Object value) {
-			if ( name == null ) {
+			if (name == null) {
 				throw new IllegalArgumentException("name  should not be null");
 			}
 			else {
 				super.setVariable(name, value);
 			}
 		}
+
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/access/expression/method/MethodSecurityExpressionRootTests.java b/core/src/test/java/org/springframework/security/access/expression/method/MethodSecurityExpressionRootTests.java
index 2899956888..4ce1fdd0d6 100644
--- a/core/src/test/java/org/springframework/security/access/expression/method/MethodSecurityExpressionRootTests.java
+++ b/core/src/test/java/org/springframework/security/access/expression/method/MethodSecurityExpressionRootTests.java
@@ -34,10 +34,15 @@ import org.springframework.security.core.Authentication;
  * @author Luke Taylor
  */
 public class MethodSecurityExpressionRootTests {
+
 	SpelExpressionParser parser = new SpelExpressionParser();
+
 	MethodSecurityExpressionRoot root;
+
 	StandardEvaluationContext ctx;
+
 	private AuthenticationTrustResolver trustResolver;
+
 	private Authentication user;
 
 	@Before
@@ -99,8 +104,8 @@ public class MethodSecurityExpressionRootTests {
 		ctx.setVariable("domainObject", dummyDomainObject);
 		final PermissionEvaluator pe = mock(PermissionEvaluator.class);
 		root.setPermissionEvaluator(pe);
-		when(pe.hasPermission(eq(user), eq(dummyDomainObject), any(Integer.class)))
-				.thenReturn(true).thenReturn(true).thenReturn(false);
+		when(pe.hasPermission(eq(user), eq(dummyDomainObject), any(Integer.class))).thenReturn(true).thenReturn(true)
+				.thenReturn(false);
 
 		Expression e = parser.parseExpression("hasPermission(#domainObject, 0xA)");
 		// evaluator returns true
@@ -135,4 +140,5 @@ public class MethodSecurityExpressionRootTests {
 		e = parser.parseExpression("hasPermission(this.x, 2)");
 		assertThat(ExpressionUtils.evaluateAsBoolean(e, ctx)).isTrue();
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/access/expression/method/PrePostAnnotationSecurityMetadataSourceTests.java b/core/src/test/java/org/springframework/security/access/expression/method/PrePostAnnotationSecurityMetadataSourceTests.java
index 5c0cc78c49..ef0c9abbc2 100644
--- a/core/src/test/java/org/springframework/security/access/expression/method/PrePostAnnotationSecurityMetadataSourceTests.java
+++ b/core/src/test/java/org/springframework/security/access/expression/method/PrePostAnnotationSecurityMetadataSourceTests.java
@@ -39,54 +39,53 @@ import org.springframework.security.access.prepost.PrePostAnnotationSecurityMeta
 import org.springframework.test.util.ReflectionTestUtils;
 
 /**
- *
  * @author Luke Taylor
  * @since 3.0
  */
 public class PrePostAnnotationSecurityMetadataSourceTests {
+
 	private PrePostAnnotationSecurityMetadataSource mds = new PrePostAnnotationSecurityMetadataSource(
-			new ExpressionBasedAnnotationAttributeFactory(
-					new DefaultMethodSecurityExpressionHandler()));
+			new ExpressionBasedAnnotationAttributeFactory(new DefaultMethodSecurityExpressionHandler()));
 
 	private MockMethodInvocation voidImpl1;
+
 	private MockMethodInvocation voidImpl2;
+
 	private MockMethodInvocation voidImpl3;
+
 	private MockMethodInvocation listImpl1;
+
 	private MockMethodInvocation notherListImpl1;
+
 	private MockMethodInvocation notherListImpl2;
+
 	private MockMethodInvocation annotatedAtClassLevel;
+
 	private MockMethodInvocation annotatedAtInterfaceLevel;
+
 	private MockMethodInvocation annotatedAtMethodLevel;
 
 	@Before
 	public void setUpData() throws Exception {
-		voidImpl1 = new MockMethodInvocation(new ReturnVoidImpl1(), ReturnVoid.class,
-				"doSomething", List.class);
-		voidImpl2 = new MockMethodInvocation(new ReturnVoidImpl2(), ReturnVoid.class,
-				"doSomething", List.class);
-		voidImpl3 = new MockMethodInvocation(new ReturnVoidImpl3(), ReturnVoid.class,
-				"doSomething", List.class);
-		listImpl1 = new MockMethodInvocation(new ReturnAListImpl1(), ReturnAList.class,
-				"doSomething", List.class);
-		notherListImpl1 = new MockMethodInvocation(new ReturnAnotherListImpl1(),
-				ReturnAnotherList.class, "doSomething", List.class);
-		notherListImpl2 = new MockMethodInvocation(new ReturnAnotherListImpl2(),
-				ReturnAnotherList.class, "doSomething", List.class);
-		annotatedAtClassLevel = new MockMethodInvocation(
-				new CustomAnnotationAtClassLevel(), ReturnVoid.class, "doSomething",
+		voidImpl1 = new MockMethodInvocation(new ReturnVoidImpl1(), ReturnVoid.class, "doSomething", List.class);
+		voidImpl2 = new MockMethodInvocation(new ReturnVoidImpl2(), ReturnVoid.class, "doSomething", List.class);
+		voidImpl3 = new MockMethodInvocation(new ReturnVoidImpl3(), ReturnVoid.class, "doSomething", List.class);
+		listImpl1 = new MockMethodInvocation(new ReturnAListImpl1(), ReturnAList.class, "doSomething", List.class);
+		notherListImpl1 = new MockMethodInvocation(new ReturnAnotherListImpl1(), ReturnAnotherList.class, "doSomething",
 				List.class);
-		annotatedAtInterfaceLevel = new MockMethodInvocation(
-				new CustomAnnotationAtInterfaceLevel(), ReturnVoid2.class, "doSomething",
-				List.class);
-		annotatedAtMethodLevel = new MockMethodInvocation(
-				new CustomAnnotationAtMethodLevel(), ReturnVoid.class, "doSomething",
+		notherListImpl2 = new MockMethodInvocation(new ReturnAnotherListImpl2(), ReturnAnotherList.class, "doSomething",
 				List.class);
+		annotatedAtClassLevel = new MockMethodInvocation(new CustomAnnotationAtClassLevel(), ReturnVoid.class,
+				"doSomething", List.class);
+		annotatedAtInterfaceLevel = new MockMethodInvocation(new CustomAnnotationAtInterfaceLevel(), ReturnVoid2.class,
+				"doSomething", List.class);
+		annotatedAtMethodLevel = new MockMethodInvocation(new CustomAnnotationAtMethodLevel(), ReturnVoid.class,
+				"doSomething", List.class);
 	}
 
 	@Test
 	public void classLevelPreAnnotationIsPickedUpWhenNoMethodLevelExists() {
-		ConfigAttribute[] attrs = mds.getAttributes(voidImpl1).toArray(
-				new ConfigAttribute[0]);
+		ConfigAttribute[] attrs = mds.getAttributes(voidImpl1).toArray(new ConfigAttribute[0]);
 
 		assertThat(attrs).hasSize(1);
 		assertThat(attrs[0] instanceof PreInvocationExpressionAttribute).isTrue();
@@ -98,8 +97,7 @@ public class PrePostAnnotationSecurityMetadataSourceTests {
 
 	@Test
 	public void mixedClassAndMethodPreAnnotationsAreBothIncluded() {
-		ConfigAttribute[] attrs = mds.getAttributes(voidImpl2).toArray(
-				new ConfigAttribute[0]);
+		ConfigAttribute[] attrs = mds.getAttributes(voidImpl2).toArray(new ConfigAttribute[0]);
 
 		assertThat(attrs).hasSize(1);
 		assertThat(attrs[0] instanceof PreInvocationExpressionAttribute).isTrue();
@@ -111,8 +109,7 @@ public class PrePostAnnotationSecurityMetadataSourceTests {
 
 	@Test
 	public void methodWithPreFilterOnlyIsAllowed() {
-		ConfigAttribute[] attrs = mds.getAttributes(voidImpl3).toArray(
-				new ConfigAttribute[0]);
+		ConfigAttribute[] attrs = mds.getAttributes(voidImpl3).toArray(new ConfigAttribute[0]);
 
 		assertThat(attrs).hasSize(1);
 		assertThat(attrs[0] instanceof PreInvocationExpressionAttribute).isTrue();
@@ -124,8 +121,7 @@ public class PrePostAnnotationSecurityMetadataSourceTests {
 
 	@Test
 	public void methodWithPostFilterOnlyIsAllowed() {
-		ConfigAttribute[] attrs = mds.getAttributes(listImpl1).toArray(
-				new ConfigAttribute[0]);
+		ConfigAttribute[] attrs = mds.getAttributes(listImpl1).toArray(new ConfigAttribute[0]);
 
 		assertThat(attrs).hasSize(2);
 		assertThat(attrs[0] instanceof PreInvocationExpressionAttribute).isTrue();
@@ -139,8 +135,7 @@ public class PrePostAnnotationSecurityMetadataSourceTests {
 
 	@Test
 	public void interfaceAttributesAreIncluded() {
-		ConfigAttribute[] attrs = mds.getAttributes(notherListImpl1).toArray(
-				new ConfigAttribute[0]);
+		ConfigAttribute[] attrs = mds.getAttributes(notherListImpl1).toArray(new ConfigAttribute[0]);
 
 		assertThat(attrs).hasSize(1);
 		assertThat(attrs[0] instanceof PreInvocationExpressionAttribute).isTrue();
@@ -153,8 +148,7 @@ public class PrePostAnnotationSecurityMetadataSourceTests {
 
 	@Test
 	public void classAttributesTakesPrecedeceOverInterfaceAttributes() {
-		ConfigAttribute[] attrs = mds.getAttributes(notherListImpl2).toArray(
-				new ConfigAttribute[0]);
+		ConfigAttribute[] attrs = mds.getAttributes(notherListImpl2).toArray(new ConfigAttribute[0]);
 
 		assertThat(attrs).hasSize(1);
 		assertThat(attrs[0] instanceof PreInvocationExpressionAttribute).isTrue();
@@ -167,24 +161,21 @@ public class PrePostAnnotationSecurityMetadataSourceTests {
 
 	@Test
 	public void customAnnotationAtClassLevelIsDetected() {
-		ConfigAttribute[] attrs = mds.getAttributes(annotatedAtClassLevel).toArray(
-				new ConfigAttribute[0]);
+		ConfigAttribute[] attrs = mds.getAttributes(annotatedAtClassLevel).toArray(new ConfigAttribute[0]);
 
 		assertThat(attrs).hasSize(1);
 	}
 
 	@Test
 	public void customAnnotationAtInterfaceLevelIsDetected() {
-		ConfigAttribute[] attrs = mds.getAttributes(annotatedAtInterfaceLevel).toArray(
-				new ConfigAttribute[0]);
+		ConfigAttribute[] attrs = mds.getAttributes(annotatedAtInterfaceLevel).toArray(new ConfigAttribute[0]);
 
 		assertThat(attrs).hasSize(1);
 	}
 
 	@Test
 	public void customAnnotationAtMethodLevelIsDetected() {
-		ConfigAttribute[] attrs = mds.getAttributes(annotatedAtMethodLevel).toArray(
-				new ConfigAttribute[0]);
+		ConfigAttribute[] attrs = mds.getAttributes(annotatedAtMethodLevel).toArray(new ConfigAttribute[0]);
 
 		assertThat(attrs).hasSize(1);
 	}
@@ -194,8 +185,8 @@ public class PrePostAnnotationSecurityMetadataSourceTests {
 		MockMethodInvocation mi = MethodInvocationFactory.createSec2150MethodInvocation();
 		Collection<ConfigAttribute> attributes = mds.getAttributes(mi);
 		assertThat(attributes).hasSize(1);
-		Expression expression = (Expression) ReflectionTestUtils.getField(attributes
-				.iterator().next(), "authorizeExpression");
+		Expression expression = (Expression) ReflectionTestUtils.getField(attributes.iterator().next(),
+				"authorizeExpression");
 		assertThat(expression.getExpressionString()).isEqualTo("hasRole('ROLE_PERSON')");
 	}
 
@@ -203,47 +194,62 @@ public class PrePostAnnotationSecurityMetadataSourceTests {
 	// ==================================================================================================
 
 	public interface ReturnVoid {
+
 		void doSomething(List<?> param);
+
 	}
 
 	public interface ReturnAList {
+
 		List<?> doSomething(List<?> param);
+
 	}
 
 	@PreAuthorize("interfaceAuthzExpression")
 	public interface ReturnAnotherList {
+
 		@PreAuthorize("interfaceMethodAuthzExpression")
 		@PreFilter(filterTarget = "param", value = "interfacePreFilterExpression")
 		List<?> doSomething(List<?> param);
+
 	}
 
 	@PreAuthorize("someExpression")
 	public static class ReturnVoidImpl1 implements ReturnVoid {
+
 		public void doSomething(List<?> param) {
 		}
+
 	}
 
 	@PreAuthorize("someExpression")
 	public static class ReturnVoidImpl2 implements ReturnVoid {
+
 		@PreFilter(filterTarget = "param", value = "somePreFilterExpression")
 		public void doSomething(List<?> param) {
 		}
+
 	}
 
 	public static class ReturnVoidImpl3 implements ReturnVoid {
+
 		@PreFilter(filterTarget = "param", value = "somePreFilterExpression")
 		public void doSomething(List<?> param) {
 		}
+
 	}
 
 	public static class ReturnAListImpl1 implements ReturnAList {
+
 		@PostFilter("somePostFilterExpression")
 		public List<?> doSomething(List<?> param) {
 			return param;
 		}
+
 	}
 
 	public static class ReturnAListImpl2 implements ReturnAList {
+
 		@PreAuthorize("someExpression")
 		@PreFilter(filterTarget = "param", value = "somePreFilterExpression")
 		@PostFilter("somePostFilterExpression")
@@ -251,19 +257,24 @@ public class PrePostAnnotationSecurityMetadataSourceTests {
 		public List<?> doSomething(List<?> param) {
 			return param;
 		}
+
 	}
 
 	public static class ReturnAnotherListImpl1 implements ReturnAnotherList {
+
 		public List<?> doSomething(List<?> param) {
 			return param;
 		}
+
 	}
 
 	public static class ReturnAnotherListImpl2 implements ReturnAnotherList {
+
 		@PreFilter(filterTarget = "param", value = "classMethodPreFilterExpression")
 		public List<?> doSomething(List<?> param) {
 			return param;
 		}
+
 	}
 
 	@Target({ ElementType.METHOD, ElementType.TYPE })
@@ -271,27 +282,37 @@ public class PrePostAnnotationSecurityMetadataSourceTests {
 	@Inherited
 	@PreAuthorize("customAnnotationExpression")
 	public @interface CustomAnnotation {
+
 	}
 
 	@CustomAnnotation
 	public interface ReturnVoid2 {
+
 		void doSomething(List<?> param);
+
 	}
 
 	@CustomAnnotation
 	public static class CustomAnnotationAtClassLevel implements ReturnVoid {
+
 		public void doSomething(List<?> param) {
 		}
+
 	}
 
 	public static class CustomAnnotationAtInterfaceLevel implements ReturnVoid2 {
+
 		public void doSomething(List<?> param) {
 		}
+
 	}
 
 	public static class CustomAnnotationAtMethodLevel implements ReturnVoid {
+
 		@CustomAnnotation
 		public void doSomething(List<?> param) {
 		}
+
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/access/expression/method/SecurityRules.java b/core/src/test/java/org/springframework/security/access/expression/method/SecurityRules.java
index 2abe9a1118..6943f5ef51 100644
--- a/core/src/test/java/org/springframework/security/access/expression/method/SecurityRules.java
+++ b/core/src/test/java/org/springframework/security/access/expression/method/SecurityRules.java
@@ -16,6 +16,7 @@
 package org.springframework.security.access.expression.method;
 
 public class SecurityRules {
+
 	public static boolean disallow() {
 		return false;
 	}
@@ -27,4 +28,5 @@ public class SecurityRules {
 	public static boolean isJoe(String s) {
 		return "joe".equals(s);
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/access/hierarchicalroles/HierarchicalRolesTestHelper.java b/core/src/test/java/org/springframework/security/access/hierarchicalroles/HierarchicalRolesTestHelper.java
index 901abbdf9d..4a8ba79b6c 100755
--- a/core/src/test/java/org/springframework/security/access/hierarchicalroles/HierarchicalRolesTestHelper.java
+++ b/core/src/test/java/org/springframework/security/access/hierarchicalroles/HierarchicalRolesTestHelper.java
@@ -29,8 +29,7 @@ import org.apache.commons.collections.CollectionUtils;
  */
 public abstract class HierarchicalRolesTestHelper {
 
-	public static boolean containTheSameGrantedAuthorities(
-			Collection<? extends GrantedAuthority> authorities1,
+	public static boolean containTheSameGrantedAuthorities(Collection<? extends GrantedAuthority> authorities1,
 			Collection<? extends GrantedAuthority> authorities2) {
 		if (authorities1 == null && authorities2 == null) {
 			return true;
@@ -43,8 +42,7 @@ public abstract class HierarchicalRolesTestHelper {
 	}
 
 	public static boolean containTheSameGrantedAuthoritiesCompareByAuthorityString(
-			Collection<? extends GrantedAuthority> authorities1,
-			Collection<? extends GrantedAuthority> authorities2) {
+			Collection<? extends GrantedAuthority> authorities1, Collection<? extends GrantedAuthority> authorities2) {
 		if (authorities1 == null && authorities2 == null) {
 			return true;
 		}
@@ -52,13 +50,11 @@ public abstract class HierarchicalRolesTestHelper {
 		if (authorities1 == null || authorities2 == null) {
 			return false;
 		}
-		return CollectionUtils.isEqualCollection(
-				toCollectionOfAuthorityStrings(authorities1),
+		return CollectionUtils.isEqualCollection(toCollectionOfAuthorityStrings(authorities1),
 				toCollectionOfAuthorityStrings(authorities2));
 	}
 
-	public static List<String> toCollectionOfAuthorityStrings(
-			Collection<? extends GrantedAuthority> authorities) {
+	public static List<String> toCollectionOfAuthorityStrings(Collection<? extends GrantedAuthority> authorities) {
 		if (authorities == null) {
 			return null;
 		}
diff --git a/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyAuthoritiesMapperTests.java b/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyAuthoritiesMapperTests.java
index 94f6ec2106..f4a7e39dbf 100644
--- a/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyAuthoritiesMapperTests.java
+++ b/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyAuthoritiesMapperTests.java
@@ -41,9 +41,9 @@ public class RoleHierarchyAuthoritiesMapperTests {
 
 		mapper = new RoleHierarchyAuthoritiesMapper(new NullRoleHierarchy());
 
-		authorities = mapper.mapAuthorities(AuthorityUtils.createAuthorityList("ROLE_A",
-				"ROLE_D"));
+		authorities = mapper.mapAuthorities(AuthorityUtils.createAuthorityList("ROLE_A", "ROLE_D"));
 
 		assertThat(authorities).hasSize(2);
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyImplTests.java b/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyImplTests.java
index d25983b3ad..39a701d636 100644
--- a/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyImplTests.java
+++ b/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyImplTests.java
@@ -40,99 +40,72 @@ public class RoleHierarchyImplTests {
 		RoleHierarchyImpl roleHierarchyImpl = new RoleHierarchyImpl();
 		roleHierarchyImpl.setHierarchy("ROLE_A > ROLE_B");
 
-		assertThat(roleHierarchyImpl.getReachableGrantedAuthorities(
-				authorities0)).isNotNull();
-		assertThat(
-				roleHierarchyImpl.getReachableGrantedAuthorities(authorities0)).isEmpty();
+		assertThat(roleHierarchyImpl.getReachableGrantedAuthorities(authorities0)).isNotNull();
+		assertThat(roleHierarchyImpl.getReachableGrantedAuthorities(authorities0)).isEmpty();
 
-		assertThat(roleHierarchyImpl.getReachableGrantedAuthorities(
-				authorities1)).isNotNull();
-		assertThat(
-				roleHierarchyImpl.getReachableGrantedAuthorities(authorities1)).isEmpty();
+		assertThat(roleHierarchyImpl.getReachableGrantedAuthorities(authorities1)).isNotNull();
+		assertThat(roleHierarchyImpl.getReachableGrantedAuthorities(authorities1)).isEmpty();
 	}
 
 	@Test
 	public void testSimpleRoleHierarchy() {
 
-		List<GrantedAuthority> authorities0 = AuthorityUtils.createAuthorityList(
-				"ROLE_0");
-		List<GrantedAuthority> authorities1 = AuthorityUtils.createAuthorityList(
-				"ROLE_A");
-		List<GrantedAuthority> authorities2 = AuthorityUtils.createAuthorityList("ROLE_A",
-				"ROLE_B");
+		List<GrantedAuthority> authorities0 = AuthorityUtils.createAuthorityList("ROLE_0");
+		List<GrantedAuthority> authorities1 = AuthorityUtils.createAuthorityList("ROLE_A");
+		List<GrantedAuthority> authorities2 = AuthorityUtils.createAuthorityList("ROLE_A", "ROLE_B");
 
 		RoleHierarchyImpl roleHierarchyImpl = new RoleHierarchyImpl();
 		roleHierarchyImpl.setHierarchy("ROLE_A > ROLE_B");
 
 		assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(
-				roleHierarchyImpl.getReachableGrantedAuthorities(authorities0),
-				authorities0)).isTrue();
+				roleHierarchyImpl.getReachableGrantedAuthorities(authorities0), authorities0)).isTrue();
 		assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(
-				roleHierarchyImpl.getReachableGrantedAuthorities(authorities1),
-				authorities2)).isTrue();
+				roleHierarchyImpl.getReachableGrantedAuthorities(authorities1), authorities2)).isTrue();
 		assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(
-				roleHierarchyImpl.getReachableGrantedAuthorities(authorities2),
-				authorities2)).isTrue();
+				roleHierarchyImpl.getReachableGrantedAuthorities(authorities2), authorities2)).isTrue();
 	}
 
 	@Test
 	public void testTransitiveRoleHierarchies() {
-		List<GrantedAuthority> authorities1 = AuthorityUtils.createAuthorityList(
-				"ROLE_A");
-		List<GrantedAuthority> authorities2 = AuthorityUtils.createAuthorityList("ROLE_A",
-				"ROLE_B", "ROLE_C");
-		List<GrantedAuthority> authorities3 = AuthorityUtils.createAuthorityList("ROLE_A",
-				"ROLE_B", "ROLE_C", "ROLE_D");
+		List<GrantedAuthority> authorities1 = AuthorityUtils.createAuthorityList("ROLE_A");
+		List<GrantedAuthority> authorities2 = AuthorityUtils.createAuthorityList("ROLE_A", "ROLE_B", "ROLE_C");
+		List<GrantedAuthority> authorities3 = AuthorityUtils.createAuthorityList("ROLE_A", "ROLE_B", "ROLE_C",
+				"ROLE_D");
 
 		RoleHierarchyImpl roleHierarchyImpl = new RoleHierarchyImpl();
 
 		roleHierarchyImpl.setHierarchy("ROLE_A > ROLE_B\nROLE_B > ROLE_C");
 		assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(
-				roleHierarchyImpl.getReachableGrantedAuthorities(authorities1),
-				authorities2)).isTrue();
+				roleHierarchyImpl.getReachableGrantedAuthorities(authorities1), authorities2)).isTrue();
 
-		roleHierarchyImpl.setHierarchy(
-				"ROLE_A > ROLE_B\nROLE_B > ROLE_C\nROLE_C > ROLE_D");
+		roleHierarchyImpl.setHierarchy("ROLE_A > ROLE_B\nROLE_B > ROLE_C\nROLE_C > ROLE_D");
 		assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(
-				roleHierarchyImpl.getReachableGrantedAuthorities(authorities1),
-				authorities3)).isTrue();
+				roleHierarchyImpl.getReachableGrantedAuthorities(authorities1), authorities3)).isTrue();
 	}
 
 	@Test
 	public void testComplexRoleHierarchy() {
-		List<GrantedAuthority> authoritiesInput1 = AuthorityUtils.createAuthorityList(
-				"ROLE_A");
-		List<GrantedAuthority> authoritiesOutput1 = AuthorityUtils.createAuthorityList(
-				"ROLE_A", "ROLE_B", "ROLE_C", "ROLE_D");
-		List<GrantedAuthority> authoritiesInput2 = AuthorityUtils.createAuthorityList(
-				"ROLE_B");
-		List<GrantedAuthority> authoritiesOutput2 = AuthorityUtils.createAuthorityList(
-				"ROLE_B", "ROLE_D");
-		List<GrantedAuthority> authoritiesInput3 = AuthorityUtils.createAuthorityList(
-				"ROLE_C");
-		List<GrantedAuthority> authoritiesOutput3 = AuthorityUtils.createAuthorityList(
-				"ROLE_C", "ROLE_D");
-		List<GrantedAuthority> authoritiesInput4 = AuthorityUtils.createAuthorityList(
-				"ROLE_D");
-		List<GrantedAuthority> authoritiesOutput4 = AuthorityUtils.createAuthorityList(
+		List<GrantedAuthority> authoritiesInput1 = AuthorityUtils.createAuthorityList("ROLE_A");
+		List<GrantedAuthority> authoritiesOutput1 = AuthorityUtils.createAuthorityList("ROLE_A", "ROLE_B", "ROLE_C",
 				"ROLE_D");
+		List<GrantedAuthority> authoritiesInput2 = AuthorityUtils.createAuthorityList("ROLE_B");
+		List<GrantedAuthority> authoritiesOutput2 = AuthorityUtils.createAuthorityList("ROLE_B", "ROLE_D");
+		List<GrantedAuthority> authoritiesInput3 = AuthorityUtils.createAuthorityList("ROLE_C");
+		List<GrantedAuthority> authoritiesOutput3 = AuthorityUtils.createAuthorityList("ROLE_C", "ROLE_D");
+		List<GrantedAuthority> authoritiesInput4 = AuthorityUtils.createAuthorityList("ROLE_D");
+		List<GrantedAuthority> authoritiesOutput4 = AuthorityUtils.createAuthorityList("ROLE_D");
 
 		RoleHierarchyImpl roleHierarchyImpl = new RoleHierarchyImpl();
-		roleHierarchyImpl.setHierarchy(
-				"ROLE_A > ROLE_B\nROLE_A > ROLE_C\nROLE_C > ROLE_D\nROLE_B > ROLE_D");
+		roleHierarchyImpl.setHierarchy("ROLE_A > ROLE_B\nROLE_A > ROLE_C\nROLE_C > ROLE_D\nROLE_B > ROLE_D");
 
 		assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(
-				roleHierarchyImpl.getReachableGrantedAuthorities(authoritiesInput1),
-				authoritiesOutput1)).isTrue();
+				roleHierarchyImpl.getReachableGrantedAuthorities(authoritiesInput1), authoritiesOutput1)).isTrue();
 		assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(
-				roleHierarchyImpl.getReachableGrantedAuthorities(authoritiesInput2),
-				authoritiesOutput2)).isTrue();
+				roleHierarchyImpl.getReachableGrantedAuthorities(authoritiesInput2), authoritiesOutput2)).isTrue();
 		assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(
-				roleHierarchyImpl.getReachableGrantedAuthorities(authoritiesInput3),
-				authoritiesOutput3)).isTrue();
+				roleHierarchyImpl.getReachableGrantedAuthorities(authoritiesInput3), authoritiesOutput3)).isTrue();
 		assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(
-				roleHierarchyImpl.getReachableGrantedAuthorities(authoritiesInput4),
-				authoritiesOutput4)).isTrue();
+				roleHierarchyImpl.getReachableGrantedAuthorities(authoritiesInput4), authoritiesOutput4)).isTrue();
 	}
 
 	@Test
@@ -154,8 +127,7 @@ public class RoleHierarchyImplTests {
 		}
 
 		try {
-			roleHierarchyImpl.setHierarchy(
-					"ROLE_A > ROLE_B\nROLE_B > ROLE_C\nROLE_C > ROLE_A");
+			roleHierarchyImpl.setHierarchy("ROLE_A > ROLE_B\nROLE_B > ROLE_C\nROLE_C > ROLE_A");
 			fail("Cycle in role hierarchy was not detected!");
 		}
 		catch (CycleInRoleHierarchyException e) {
@@ -172,7 +144,8 @@ public class RoleHierarchyImplTests {
 		try {
 			roleHierarchyImpl.setHierarchy("ROLE_C > ROLE_B\nROLE_B > ROLE_A\nROLE_A > ROLE_B");
 			fail("Cycle in role hierarchy was not detected!");
-		} catch (CycleInRoleHierarchyException e) {
+		}
+		catch (CycleInRoleHierarchyException e) {
 		}
 	}
 
@@ -181,8 +154,7 @@ public class RoleHierarchyImplTests {
 		RoleHierarchyImpl roleHierarchyImpl = new RoleHierarchyImpl();
 
 		try {
-			roleHierarchyImpl.setHierarchy(
-					"ROLE_A > ROLE_B\nROLE_A > ROLE_C\nROLE_C > ROLE_D\nROLE_B > ROLE_D");
+			roleHierarchyImpl.setHierarchy("ROLE_A > ROLE_B\nROLE_A > ROLE_C\nROLE_C > ROLE_D\nROLE_B > ROLE_D");
 		}
 		catch (CycleInRoleHierarchyException e) {
 			fail("A cycle in role hierarchy was incorrectly detected!");
@@ -193,93 +165,78 @@ public class RoleHierarchyImplTests {
 	@Test
 	public void testSimpleRoleHierarchyWithCustomGrantedAuthorityImplementation() {
 
-		List<GrantedAuthority> authorities0 = HierarchicalRolesTestHelper.createAuthorityList(
-				"ROLE_0");
-		List<GrantedAuthority> authorities1 = HierarchicalRolesTestHelper.createAuthorityList(
-				"ROLE_A");
-		List<GrantedAuthority> authorities2 = HierarchicalRolesTestHelper.createAuthorityList(
-				"ROLE_A", "ROLE_B");
+		List<GrantedAuthority> authorities0 = HierarchicalRolesTestHelper.createAuthorityList("ROLE_0");
+		List<GrantedAuthority> authorities1 = HierarchicalRolesTestHelper.createAuthorityList("ROLE_A");
+		List<GrantedAuthority> authorities2 = HierarchicalRolesTestHelper.createAuthorityList("ROLE_A", "ROLE_B");
 
 		RoleHierarchyImpl roleHierarchyImpl = new RoleHierarchyImpl();
 		roleHierarchyImpl.setHierarchy("ROLE_A > ROLE_B");
 
-		assertThat(
-				HierarchicalRolesTestHelper.containTheSameGrantedAuthoritiesCompareByAuthorityString(
-						roleHierarchyImpl.getReachableGrantedAuthorities(authorities0),
-						authorities0)).isTrue();
-		assertThat(
-				HierarchicalRolesTestHelper.containTheSameGrantedAuthoritiesCompareByAuthorityString(
-						roleHierarchyImpl.getReachableGrantedAuthorities(authorities1),
-						authorities2)).isTrue();
-		assertThat(
-				HierarchicalRolesTestHelper.containTheSameGrantedAuthoritiesCompareByAuthorityString(
-						roleHierarchyImpl.getReachableGrantedAuthorities(authorities2),
-						authorities2)).isTrue();
+		assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthoritiesCompareByAuthorityString(
+				roleHierarchyImpl.getReachableGrantedAuthorities(authorities0), authorities0)).isTrue();
+		assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthoritiesCompareByAuthorityString(
+				roleHierarchyImpl.getReachableGrantedAuthorities(authorities1), authorities2)).isTrue();
+		assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthoritiesCompareByAuthorityString(
+				roleHierarchyImpl.getReachableGrantedAuthorities(authorities2), authorities2)).isTrue();
 	}
 
 	@Test
 	public void testWhitespaceRoleHierarchies() {
-		List<GrantedAuthority> authorities1 = AuthorityUtils.createAuthorityList(
-				"ROLE A");
-		List<GrantedAuthority> authorities2 = AuthorityUtils.createAuthorityList("ROLE A",
-				"ROLE B", "ROLE>C");
-		List<GrantedAuthority> authorities3 = AuthorityUtils.createAuthorityList("ROLE A",
-				"ROLE B", "ROLE>C", "ROLE D");
+		List<GrantedAuthority> authorities1 = AuthorityUtils.createAuthorityList("ROLE A");
+		List<GrantedAuthority> authorities2 = AuthorityUtils.createAuthorityList("ROLE A", "ROLE B", "ROLE>C");
+		List<GrantedAuthority> authorities3 = AuthorityUtils.createAuthorityList("ROLE A", "ROLE B", "ROLE>C",
+				"ROLE D");
 
 		RoleHierarchyImpl roleHierarchyImpl = new RoleHierarchyImpl();
 
 		roleHierarchyImpl.setHierarchy("ROLE A > ROLE B\nROLE B > ROLE>C");
 		assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(
-				roleHierarchyImpl.getReachableGrantedAuthorities(authorities1),
-				authorities2)).isTrue();
+				roleHierarchyImpl.getReachableGrantedAuthorities(authorities1), authorities2)).isTrue();
 
-		roleHierarchyImpl.setHierarchy(
-				"ROLE A > ROLE B\nROLE B > ROLE>C\nROLE>C > ROLE D");
+		roleHierarchyImpl.setHierarchy("ROLE A > ROLE B\nROLE B > ROLE>C\nROLE>C > ROLE D");
 		assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(
-				roleHierarchyImpl.getReachableGrantedAuthorities(authorities1),
-				authorities3)).isTrue();
+				roleHierarchyImpl.getReachableGrantedAuthorities(authorities1), authorities3)).isTrue();
 	}
 
 	// gh-6954
 	@Test
 	public void testJavadoc() {
-		List<GrantedAuthority> flatAuthorities = AuthorityUtils.createAuthorityList(
-				"ROLE_A");
-		List<GrantedAuthority> allAuthorities = AuthorityUtils.createAuthorityList(
-				"ROLE_A", "ROLE_B", "ROLE_AUTHENTICATED", "ROLE_UNAUTHENTICATED");
+		List<GrantedAuthority> flatAuthorities = AuthorityUtils.createAuthorityList("ROLE_A");
+		List<GrantedAuthority> allAuthorities = AuthorityUtils.createAuthorityList("ROLE_A", "ROLE_B",
+				"ROLE_AUTHENTICATED", "ROLE_UNAUTHENTICATED");
 		RoleHierarchyImpl roleHierarchyImpl = new RoleHierarchyImpl();
-		roleHierarchyImpl.setHierarchy("ROLE_A > ROLE_B\n"
-				+ "ROLE_B > ROLE_AUTHENTICATED\n"
-				+ "ROLE_AUTHENTICATED > ROLE_UNAUTHENTICATED");
+		roleHierarchyImpl.setHierarchy(
+				"ROLE_A > ROLE_B\n" + "ROLE_B > ROLE_AUTHENTICATED\n" + "ROLE_AUTHENTICATED > ROLE_UNAUTHENTICATED");
 
-		assertThat(roleHierarchyImpl.getReachableGrantedAuthorities(flatAuthorities)).containsExactlyInAnyOrderElementsOf(allAuthorities);
+		assertThat(roleHierarchyImpl.getReachableGrantedAuthorities(flatAuthorities))
+				.containsExactlyInAnyOrderElementsOf(allAuthorities);
 	}
 
 	// gh-6954
 	@Test
 	public void testInterfaceJavadoc() {
-		List<GrantedAuthority> flatAuthorities = AuthorityUtils.createAuthorityList(
-				"ROLE_HIGHEST");
-		List<GrantedAuthority> allAuthorities = AuthorityUtils.createAuthorityList(
-				"ROLE_HIGHEST", "ROLE_HIGHER", "ROLE_LOW", "ROLE_LOWER");
+		List<GrantedAuthority> flatAuthorities = AuthorityUtils.createAuthorityList("ROLE_HIGHEST");
+		List<GrantedAuthority> allAuthorities = AuthorityUtils.createAuthorityList("ROLE_HIGHEST", "ROLE_HIGHER",
+				"ROLE_LOW", "ROLE_LOWER");
 		RoleHierarchyImpl roleHierarchyImpl = new RoleHierarchyImpl();
-		roleHierarchyImpl.setHierarchy("ROLE_HIGHEST > ROLE_HIGHER\n"
-				+ "ROLE_HIGHER > ROLE_LOW\n"
-				+ "ROLE_LOW > ROLE_LOWER");
+		roleHierarchyImpl
+				.setHierarchy("ROLE_HIGHEST > ROLE_HIGHER\n" + "ROLE_HIGHER > ROLE_LOW\n" + "ROLE_LOW > ROLE_LOWER");
 
-		assertThat(roleHierarchyImpl.getReachableGrantedAuthorities(flatAuthorities)).containsExactlyInAnyOrderElementsOf(allAuthorities);
+		assertThat(roleHierarchyImpl.getReachableGrantedAuthorities(flatAuthorities))
+				.containsExactlyInAnyOrderElementsOf(allAuthorities);
 	}
 
 	// gh-6954
 	@Test
 	public void singleLineLargeHierarchy() {
-		List<GrantedAuthority> flatAuthorities = AuthorityUtils.createAuthorityList(
-				"ROLE_HIGHEST");
-		List<GrantedAuthority> allAuthorities = AuthorityUtils.createAuthorityList(
-				"ROLE_HIGHEST", "ROLE_HIGHER", "ROLE_LOW", "ROLE_LOWER");
+		List<GrantedAuthority> flatAuthorities = AuthorityUtils.createAuthorityList("ROLE_HIGHEST");
+		List<GrantedAuthority> allAuthorities = AuthorityUtils.createAuthorityList("ROLE_HIGHEST", "ROLE_HIGHER",
+				"ROLE_LOW", "ROLE_LOWER");
 		RoleHierarchyImpl roleHierarchyImpl = new RoleHierarchyImpl();
 		roleHierarchyImpl.setHierarchy("ROLE_HIGHEST > ROLE_HIGHER > ROLE_LOW > ROLE_LOWER");
 
-		assertThat(roleHierarchyImpl.getReachableGrantedAuthorities(flatAuthorities)).containsExactlyInAnyOrderElementsOf(allAuthorities);
+		assertThat(roleHierarchyImpl.getReachableGrantedAuthorities(flatAuthorities))
+				.containsExactlyInAnyOrderElementsOf(allAuthorities);
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyUtilsTests.java b/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyUtilsTests.java
index 2fb503fa95..0563713921 100644
--- a/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyUtilsTests.java
+++ b/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyUtilsTests.java
@@ -28,6 +28,7 @@ import static org.assertj.core.api.Assertions.assertThat;
  * @author Joe Grandja
  */
 public class RoleHierarchyUtilsTests {
+
 	private static final String EOL = System.lineSeparator();
 
 	@Test
@@ -90,4 +91,5 @@ public class RoleHierarchyUtilsTests {
 
 		RoleHierarchyUtils.roleHierarchyFromMap(roleHierarchyMap);
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/access/hierarchicalroles/TestHelperTests.java b/core/src/test/java/org/springframework/security/access/hierarchicalroles/TestHelperTests.java
index 21bf89df09..93800fd011 100644
--- a/core/src/test/java/org/springframework/security/access/hierarchicalroles/TestHelperTests.java
+++ b/core/src/test/java/org/springframework/security/access/hierarchicalroles/TestHelperTests.java
@@ -35,55 +35,34 @@ public class TestHelperTests {
 
 	@Test
 	public void testContainTheSameGrantedAuthorities() {
-		List<GrantedAuthority> authorities1 = AuthorityUtils.createAuthorityList(
-				"ROLE_A", "ROLE_B");
-		List<GrantedAuthority> authorities2 = AuthorityUtils.createAuthorityList(
-				"ROLE_B", "ROLE_A");
-		List<GrantedAuthority> authorities3 = AuthorityUtils.createAuthorityList(
-				"ROLE_A", "ROLE_C");
-		List<GrantedAuthority> authorities4 = AuthorityUtils
-				.createAuthorityList("ROLE_A");
-		List<GrantedAuthority> authorities5 = AuthorityUtils.createAuthorityList(
-				"ROLE_A", "ROLE_A");
+		List<GrantedAuthority> authorities1 = AuthorityUtils.createAuthorityList("ROLE_A", "ROLE_B");
+		List<GrantedAuthority> authorities2 = AuthorityUtils.createAuthorityList("ROLE_B", "ROLE_A");
+		List<GrantedAuthority> authorities3 = AuthorityUtils.createAuthorityList("ROLE_A", "ROLE_C");
+		List<GrantedAuthority> authorities4 = AuthorityUtils.createAuthorityList("ROLE_A");
+		List<GrantedAuthority> authorities5 = AuthorityUtils.createAuthorityList("ROLE_A", "ROLE_A");
 
-		assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(null,
-				null)).isTrue();
-		assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(
-				authorities1, authorities1)).isTrue();
-		assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(
-				authorities1, authorities2)).isTrue();
-		assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(
-				authorities2, authorities1)).isTrue();
+		assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(null, null)).isTrue();
+		assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(authorities1, authorities1)).isTrue();
+		assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(authorities1, authorities2)).isTrue();
+		assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(authorities2, authorities1)).isTrue();
 
-		assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(null,
-				authorities1)).isFalse();
-		assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(
-				authorities1, null)).isFalse();
-		assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(
-				authorities1, authorities3)).isFalse();
-		assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(
-				authorities3, authorities1)).isFalse();
-		assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(
-				authorities1, authorities4)).isFalse();
-		assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(
-				authorities4, authorities1)).isFalse();
-		assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(
-				authorities4, authorities5)).isFalse();
+		assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(null, authorities1)).isFalse();
+		assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(authorities1, null)).isFalse();
+		assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(authorities1, authorities3)).isFalse();
+		assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(authorities3, authorities1)).isFalse();
+		assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(authorities1, authorities4)).isFalse();
+		assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(authorities4, authorities1)).isFalse();
+		assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(authorities4, authorities5)).isFalse();
 	}
 
 	// SEC-863
 	@Test
 	public void testToListOfAuthorityStrings() {
-		Collection<GrantedAuthority> authorities1 = AuthorityUtils.createAuthorityList(
-				"ROLE_A", "ROLE_B");
-		Collection<GrantedAuthority> authorities2 = AuthorityUtils.createAuthorityList(
-				"ROLE_B", "ROLE_A");
-		Collection<GrantedAuthority> authorities3 = AuthorityUtils.createAuthorityList(
-				"ROLE_A", "ROLE_C");
-		Collection<GrantedAuthority> authorities4 = AuthorityUtils
-				.createAuthorityList("ROLE_A");
-		Collection<GrantedAuthority> authorities5 = AuthorityUtils.createAuthorityList(
-				"ROLE_A", "ROLE_A");
+		Collection<GrantedAuthority> authorities1 = AuthorityUtils.createAuthorityList("ROLE_A", "ROLE_B");
+		Collection<GrantedAuthority> authorities2 = AuthorityUtils.createAuthorityList("ROLE_B", "ROLE_A");
+		Collection<GrantedAuthority> authorities3 = AuthorityUtils.createAuthorityList("ROLE_A", "ROLE_C");
+		Collection<GrantedAuthority> authorities4 = AuthorityUtils.createAuthorityList("ROLE_A");
+		Collection<GrantedAuthority> authorities5 = AuthorityUtils.createAuthorityList("ROLE_A", "ROLE_A");
 
 		List<String> authoritiesStrings1 = new ArrayList<>();
 		authoritiesStrings1.add("ROLE_A");
@@ -105,89 +84,69 @@ public class TestHelperTests {
 		authoritiesStrings5.add("ROLE_A");
 
 		assertThat(CollectionUtils.isEqualCollection(
-				HierarchicalRolesTestHelper.toCollectionOfAuthorityStrings(authorities1),
-				authoritiesStrings1)).isTrue();
+				HierarchicalRolesTestHelper.toCollectionOfAuthorityStrings(authorities1), authoritiesStrings1))
+						.isTrue();
 
 		assertThat(CollectionUtils.isEqualCollection(
-				HierarchicalRolesTestHelper.toCollectionOfAuthorityStrings(authorities2),
-				authoritiesStrings2)).isTrue();
+				HierarchicalRolesTestHelper.toCollectionOfAuthorityStrings(authorities2), authoritiesStrings2))
+						.isTrue();
 
 		assertThat(CollectionUtils.isEqualCollection(
-				HierarchicalRolesTestHelper.toCollectionOfAuthorityStrings(authorities3),
-				authoritiesStrings3)).isTrue();
+				HierarchicalRolesTestHelper.toCollectionOfAuthorityStrings(authorities3), authoritiesStrings3))
+						.isTrue();
 
 		assertThat(CollectionUtils.isEqualCollection(
-				HierarchicalRolesTestHelper.toCollectionOfAuthorityStrings(authorities4),
-				authoritiesStrings4)).isTrue();
+				HierarchicalRolesTestHelper.toCollectionOfAuthorityStrings(authorities4), authoritiesStrings4))
+						.isTrue();
 
 		assertThat(CollectionUtils.isEqualCollection(
-				HierarchicalRolesTestHelper.toCollectionOfAuthorityStrings(authorities5),
-				authoritiesStrings5)).isTrue();
+				HierarchicalRolesTestHelper.toCollectionOfAuthorityStrings(authorities5), authoritiesStrings5))
+						.isTrue();
 	}
 
 	// SEC-863
 	@Test
 	public void testContainTheSameGrantedAuthoritiesCompareByAuthorityString() {
-		List<GrantedAuthority> authorities1 = AuthorityUtils.createAuthorityList(
-				"ROLE_A", "ROLE_B");
-		List<GrantedAuthority> authorities2 = AuthorityUtils.createAuthorityList(
-				"ROLE_B", "ROLE_A");
-		List<GrantedAuthority> authorities3 = AuthorityUtils.createAuthorityList(
-				"ROLE_A", "ROLE_C");
-		List<GrantedAuthority> authorities4 = AuthorityUtils
-				.createAuthorityList("ROLE_A");
-		List<GrantedAuthority> authorities5 = AuthorityUtils.createAuthorityList(
-				"ROLE_A", "ROLE_A");
+		List<GrantedAuthority> authorities1 = AuthorityUtils.createAuthorityList("ROLE_A", "ROLE_B");
+		List<GrantedAuthority> authorities2 = AuthorityUtils.createAuthorityList("ROLE_B", "ROLE_A");
+		List<GrantedAuthority> authorities3 = AuthorityUtils.createAuthorityList("ROLE_A", "ROLE_C");
+		List<GrantedAuthority> authorities4 = AuthorityUtils.createAuthorityList("ROLE_A");
+		List<GrantedAuthority> authorities5 = AuthorityUtils.createAuthorityList("ROLE_A", "ROLE_A");
 
-		assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(null,
-				null)).isTrue();
-		assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(
-				authorities1, authorities1)).isTrue();
-		assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(
-				authorities1, authorities2)).isTrue();
-		assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(
-				authorities2, authorities1)).isTrue();
+		assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(null, null)).isTrue();
+		assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(authorities1, authorities1)).isTrue();
+		assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(authorities1, authorities2)).isTrue();
+		assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(authorities2, authorities1)).isTrue();
 
-		assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(null,
-				authorities1)).isFalse();
-		assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(
-				authorities1, null)).isFalse();
-		assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(
-				authorities1, authorities3)).isFalse();
-		assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(
-				authorities3, authorities1)).isFalse();
-		assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(
-				authorities1, authorities4)).isFalse();
-		assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(
-				authorities4, authorities1)).isFalse();
-		assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(
-				authorities4, authorities5)).isFalse();
+		assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(null, authorities1)).isFalse();
+		assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(authorities1, null)).isFalse();
+		assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(authorities1, authorities3)).isFalse();
+		assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(authorities3, authorities1)).isFalse();
+		assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(authorities1, authorities4)).isFalse();
+		assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(authorities4, authorities1)).isFalse();
+		assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(authorities4, authorities5)).isFalse();
 	}
 
 	// SEC-863
 	@Test
 	public void testContainTheSameGrantedAuthoritiesCompareByAuthorityStringWithAuthorityLists() {
-		List<GrantedAuthority> authorities1 = HierarchicalRolesTestHelper
-				.createAuthorityList("ROLE_A", "ROLE_B");
-		List<GrantedAuthority> authorities2 = AuthorityUtils.createAuthorityList(
-				"ROLE_A", "ROLE_B");
-		assertThat(HierarchicalRolesTestHelper
-				.containTheSameGrantedAuthoritiesCompareByAuthorityString(authorities1,
-						authorities2)).isTrue();
+		List<GrantedAuthority> authorities1 = HierarchicalRolesTestHelper.createAuthorityList("ROLE_A", "ROLE_B");
+		List<GrantedAuthority> authorities2 = AuthorityUtils.createAuthorityList("ROLE_A", "ROLE_B");
+		assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthoritiesCompareByAuthorityString(authorities1,
+				authorities2)).isTrue();
 	}
 
 	// SEC-863
 	@Test
 	public void testCreateAuthorityList() {
-		List<GrantedAuthority> authorities1 = HierarchicalRolesTestHelper
-				.createAuthorityList("ROLE_A");
+		List<GrantedAuthority> authorities1 = HierarchicalRolesTestHelper.createAuthorityList("ROLE_A");
 		assertThat(authorities1).hasSize(1);
 		assertThat(authorities1.get(0).getAuthority()).isEqualTo("ROLE_A");
 
-		List<GrantedAuthority> authorities2 = HierarchicalRolesTestHelper
-				.createAuthorityList("ROLE_A", "ROLE_C");
+		List<GrantedAuthority> authorities2 = HierarchicalRolesTestHelper.createAuthorityList("ROLE_A", "ROLE_C");
 		assertThat(authorities2).hasSize(2);
 		assertThat(authorities2.get(0).getAuthority()).isEqualTo("ROLE_A");
 		assertThat(authorities2.get(1).getAuthority()).isEqualTo("ROLE_C");
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/access/intercept/AbstractSecurityInterceptorTests.java b/core/src/test/java/org/springframework/security/access/intercept/AbstractSecurityInterceptorTests.java
index e9bd20de69..7ea4f8eb2e 100644
--- a/core/src/test/java/org/springframework/security/access/intercept/AbstractSecurityInterceptorTests.java
+++ b/core/src/test/java/org/springframework/security/access/intercept/AbstractSecurityInterceptorTests.java
@@ -31,6 +31,7 @@ import org.springframework.security.util.SimpleMethodInvocation;
  * @author Ben Alex
  */
 public class AbstractSecurityInterceptorTests {
+
 	// ~ Methods
 	// ========================================================================================================
 
@@ -61,6 +62,7 @@ public class AbstractSecurityInterceptorTests {
 	// ==================================================================================================
 
 	private class MockSecurityInterceptorReturnsNull extends AbstractSecurityInterceptor {
+
 		private SecurityMetadataSource securityMetadataSource;
 
 		public Class<?> getSecureObjectClass() {
@@ -71,14 +73,14 @@ public class AbstractSecurityInterceptorTests {
 			return securityMetadataSource;
 		}
 
-		public void setSecurityMetadataSource(
-				SecurityMetadataSource securityMetadataSource) {
+		public void setSecurityMetadataSource(SecurityMetadataSource securityMetadataSource) {
 			this.securityMetadataSource = securityMetadataSource;
 		}
+
 	}
 
-	private class MockSecurityInterceptorWhichOnlySupportsStrings extends
-			AbstractSecurityInterceptor {
+	private class MockSecurityInterceptorWhichOnlySupportsStrings extends AbstractSecurityInterceptor {
+
 		private SecurityMetadataSource securityMetadataSource;
 
 		public Class<?> getSecureObjectClass() {
@@ -89,9 +91,10 @@ public class AbstractSecurityInterceptorTests {
 			return securityMetadataSource;
 		}
 
-		public void setSecurityMetadataSource(
-				SecurityMetadataSource securityMetadataSource) {
+		public void setSecurityMetadataSource(SecurityMetadataSource securityMetadataSource) {
 			this.securityMetadataSource = securityMetadataSource;
 		}
+
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/access/intercept/AfterInvocationProviderManagerTests.java b/core/src/test/java/org/springframework/security/access/intercept/AfterInvocationProviderManagerTests.java
index 90ce27038c..d2439954ab 100644
--- a/core/src/test/java/org/springframework/security/access/intercept/AfterInvocationProviderManagerTests.java
+++ b/core/src/test/java/org/springframework/security/access/intercept/AfterInvocationProviderManagerTests.java
@@ -46,41 +46,33 @@ public class AfterInvocationProviderManagerTests {
 	public void testCorrectOperation() throws Exception {
 		AfterInvocationProviderManager manager = new AfterInvocationProviderManager();
 		List list = new Vector();
-		list.add(new MockAfterInvocationProvider("swap1", MethodInvocation.class,
-				new SecurityConfig("GIVE_ME_SWAP1")));
-		list.add(new MockAfterInvocationProvider("swap2", MethodInvocation.class,
-				new SecurityConfig("GIVE_ME_SWAP2")));
-		list.add(new MockAfterInvocationProvider("swap3", MethodInvocation.class,
-				new SecurityConfig("GIVE_ME_SWAP3")));
+		list.add(new MockAfterInvocationProvider("swap1", MethodInvocation.class, new SecurityConfig("GIVE_ME_SWAP1")));
+		list.add(new MockAfterInvocationProvider("swap2", MethodInvocation.class, new SecurityConfig("GIVE_ME_SWAP2")));
+		list.add(new MockAfterInvocationProvider("swap3", MethodInvocation.class, new SecurityConfig("GIVE_ME_SWAP3")));
 		manager.setProviders(list);
 		assertThat(manager.getProviders()).isEqualTo(list);
 		manager.afterPropertiesSet();
 
-		List<ConfigAttribute> attr1 = SecurityConfig.createList(
-				new String[] { "GIVE_ME_SWAP1" });
-		List<ConfigAttribute> attr2 = SecurityConfig.createList(
-				new String[] { "GIVE_ME_SWAP2" });
-		List<ConfigAttribute> attr3 = SecurityConfig.createList(
-				new String[] { "GIVE_ME_SWAP3" });
-		List<ConfigAttribute> attr2and3 = SecurityConfig.createList(
-				new String[] { "GIVE_ME_SWAP2", "GIVE_ME_SWAP3" });
-		List<ConfigAttribute> attr4 = SecurityConfig.createList(
-				new String[] { "NEVER_CAUSES_SWAP" });
+		List<ConfigAttribute> attr1 = SecurityConfig.createList(new String[] { "GIVE_ME_SWAP1" });
+		List<ConfigAttribute> attr2 = SecurityConfig.createList(new String[] { "GIVE_ME_SWAP2" });
+		List<ConfigAttribute> attr3 = SecurityConfig.createList(new String[] { "GIVE_ME_SWAP3" });
+		List<ConfigAttribute> attr2and3 = SecurityConfig.createList(new String[] { "GIVE_ME_SWAP2", "GIVE_ME_SWAP3" });
+		List<ConfigAttribute> attr4 = SecurityConfig.createList(new String[] { "NEVER_CAUSES_SWAP" });
 
-		assertThat(manager.decide(null, new SimpleMethodInvocation(), attr1,
-				"content-before-swapping")).isEqualTo("swap1");
+		assertThat(manager.decide(null, new SimpleMethodInvocation(), attr1, "content-before-swapping"))
+				.isEqualTo("swap1");
 
-		assertThat(manager.decide(null, new SimpleMethodInvocation(), attr2,
-				"content-before-swapping")).isEqualTo("swap2");
+		assertThat(manager.decide(null, new SimpleMethodInvocation(), attr2, "content-before-swapping"))
+				.isEqualTo("swap2");
 
-		assertThat(manager.decide(null, new SimpleMethodInvocation(), attr3,
-				"content-before-swapping")).isEqualTo("swap3");
+		assertThat(manager.decide(null, new SimpleMethodInvocation(), attr3, "content-before-swapping"))
+				.isEqualTo("swap3");
 
-		assertThat(manager.decide(null, new SimpleMethodInvocation(), attr4,
-				"content-before-swapping")).isEqualTo("content-before-swapping");
+		assertThat(manager.decide(null, new SimpleMethodInvocation(), attr4, "content-before-swapping"))
+				.isEqualTo("content-before-swapping");
 
-		assertThat(manager.decide(null, new SimpleMethodInvocation(), attr2and3,
-				"content-before-swapping")).isEqualTo("swap3");
+		assertThat(manager.decide(null, new SimpleMethodInvocation(), attr2and3, "content-before-swapping"))
+				.isEqualTo("swap3");
 	}
 
 	@Test
@@ -101,11 +93,9 @@ public class AfterInvocationProviderManagerTests {
 	public void testRejectsNonAfterInvocationProviders() {
 		AfterInvocationProviderManager manager = new AfterInvocationProviderManager();
 		List list = new Vector();
-		list.add(new MockAfterInvocationProvider("swap1", MethodInvocation.class,
-				new SecurityConfig("GIVE_ME_SWAP1")));
+		list.add(new MockAfterInvocationProvider("swap1", MethodInvocation.class, new SecurityConfig("GIVE_ME_SWAP1")));
 		list.add(45);
-		list.add(new MockAfterInvocationProvider("swap3", MethodInvocation.class,
-				new SecurityConfig("GIVE_ME_SWAP3")));
+		list.add(new MockAfterInvocationProvider("swap3", MethodInvocation.class, new SecurityConfig("GIVE_ME_SWAP3")));
 
 		try {
 			manager.setProviders(list);
@@ -133,12 +123,9 @@ public class AfterInvocationProviderManagerTests {
 	public void testSupportsConfigAttributeIteration() throws Exception {
 		AfterInvocationProviderManager manager = new AfterInvocationProviderManager();
 		List list = new Vector();
-		list.add(new MockAfterInvocationProvider("swap1", MethodInvocation.class,
-				new SecurityConfig("GIVE_ME_SWAP1")));
-		list.add(new MockAfterInvocationProvider("swap2", MethodInvocation.class,
-				new SecurityConfig("GIVE_ME_SWAP2")));
-		list.add(new MockAfterInvocationProvider("swap3", MethodInvocation.class,
-				new SecurityConfig("GIVE_ME_SWAP3")));
+		list.add(new MockAfterInvocationProvider("swap1", MethodInvocation.class, new SecurityConfig("GIVE_ME_SWAP1")));
+		list.add(new MockAfterInvocationProvider("swap2", MethodInvocation.class, new SecurityConfig("GIVE_ME_SWAP2")));
+		list.add(new MockAfterInvocationProvider("swap3", MethodInvocation.class, new SecurityConfig("GIVE_ME_SWAP3")));
 		manager.setProviders(list);
 		manager.afterPropertiesSet();
 
@@ -150,12 +137,9 @@ public class AfterInvocationProviderManagerTests {
 	public void testSupportsSecureObjectIteration() throws Exception {
 		AfterInvocationProviderManager manager = new AfterInvocationProviderManager();
 		List list = new Vector();
-		list.add(new MockAfterInvocationProvider("swap1", MethodInvocation.class,
-				new SecurityConfig("GIVE_ME_SWAP1")));
-		list.add(new MockAfterInvocationProvider("swap2", MethodInvocation.class,
-				new SecurityConfig("GIVE_ME_SWAP2")));
-		list.add(new MockAfterInvocationProvider("swap3", MethodInvocation.class,
-				new SecurityConfig("GIVE_ME_SWAP3")));
+		list.add(new MockAfterInvocationProvider("swap1", MethodInvocation.class, new SecurityConfig("GIVE_ME_SWAP1")));
+		list.add(new MockAfterInvocationProvider("swap2", MethodInvocation.class, new SecurityConfig("GIVE_ME_SWAP2")));
+		list.add(new MockAfterInvocationProvider("swap3", MethodInvocation.class, new SecurityConfig("GIVE_ME_SWAP3")));
 		manager.setProviders(list);
 		manager.afterPropertiesSet();
 
@@ -185,9 +169,8 @@ public class AfterInvocationProviderManagerTests {
 			this.configAttribute = configAttribute;
 		}
 
-		public Object decide(Authentication authentication, Object object,
-				Collection<ConfigAttribute> config, Object returnedObject)
-						throws AccessDeniedException {
+		public Object decide(Authentication authentication, Object object, Collection<ConfigAttribute> config,
+				Object returnedObject) throws AccessDeniedException {
 			if (config.contains(configAttribute)) {
 				return forceReturnObject;
 			}
@@ -202,5 +185,7 @@ public class AfterInvocationProviderManagerTests {
 		public boolean supports(ConfigAttribute attribute) {
 			return attribute.equals(configAttribute);
 		}
+
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/access/intercept/InterceptorStatusTokenTests.java b/core/src/test/java/org/springframework/security/access/intercept/InterceptorStatusTokenTests.java
index f9f163aeb8..c95c1a800d 100644
--- a/core/src/test/java/org/springframework/security/access/intercept/InterceptorStatusTokenTests.java
+++ b/core/src/test/java/org/springframework/security/access/intercept/InterceptorStatusTokenTests.java
@@ -47,4 +47,5 @@ public class InterceptorStatusTokenTests {
 		assertThat(token.getSecureObject()).isEqualTo(mi);
 		assertThat(token.getSecurityContext()).isSameAs(ctx);
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/access/intercept/NullRunAsManagerTests.java b/core/src/test/java/org/springframework/security/access/intercept/NullRunAsManagerTests.java
index 3200cb954d..8f8ca85e0a 100644
--- a/core/src/test/java/org/springframework/security/access/intercept/NullRunAsManagerTests.java
+++ b/core/src/test/java/org/springframework/security/access/intercept/NullRunAsManagerTests.java
@@ -27,6 +27,7 @@ import org.springframework.security.access.SecurityConfig;
  * @author Ben Alex
  */
 public class NullRunAsManagerTests {
+
 	// ~ Methods
 	// ========================================================================================================
 
@@ -47,4 +48,5 @@ public class NullRunAsManagerTests {
 		NullRunAsManager runAs = new NullRunAsManager();
 		assertThat(runAs.supports(new SecurityConfig("X"))).isFalse();
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/access/intercept/RunAsImplAuthenticationProviderTests.java b/core/src/test/java/org/springframework/security/access/intercept/RunAsImplAuthenticationProviderTests.java
index ad2fda9bd9..ec92ca2b1d 100644
--- a/core/src/test/java/org/springframework/security/access/intercept/RunAsImplAuthenticationProviderTests.java
+++ b/core/src/test/java/org/springframework/security/access/intercept/RunAsImplAuthenticationProviderTests.java
@@ -33,8 +33,7 @@ public class RunAsImplAuthenticationProviderTests {
 	@Test(expected = BadCredentialsException.class)
 	public void testAuthenticationFailDueToWrongKey() {
 		RunAsUserToken token = new RunAsUserToken("wrong_key", "Test", "Password",
-				AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO"),
-				UsernamePasswordAuthenticationToken.class);
+				AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO"), UsernamePasswordAuthenticationToken.class);
 		RunAsImplAuthenticationProvider provider = new RunAsImplAuthenticationProvider();
 		provider.setKey("hello_world");
 
@@ -44,15 +43,13 @@ public class RunAsImplAuthenticationProviderTests {
 	@Test
 	public void testAuthenticationSuccess() {
 		RunAsUserToken token = new RunAsUserToken("my_password", "Test", "Password",
-				AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO"),
-				UsernamePasswordAuthenticationToken.class);
+				AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO"), UsernamePasswordAuthenticationToken.class);
 		RunAsImplAuthenticationProvider provider = new RunAsImplAuthenticationProvider();
 		provider.setKey("my_password");
 
 		Authentication result = provider.authenticate(token);
 
-		Assert.assertTrue("Should have returned RunAsUserToken",
-				result instanceof RunAsUserToken);
+		Assert.assertTrue("Should have returned RunAsUserToken", result instanceof RunAsUserToken);
 
 		RunAsUserToken resultCast = (RunAsUserToken) result;
 		assertThat(resultCast.getKeyHash()).isEqualTo("my_password".hashCode());
@@ -79,4 +76,5 @@ public class RunAsImplAuthenticationProviderTests {
 		assertThat(provider.supports(RunAsUserToken.class)).isTrue();
 		assertThat(!provider.supports(TestingAuthenticationToken.class)).isTrue();
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/access/intercept/RunAsManagerImplTests.java b/core/src/test/java/org/springframework/security/access/intercept/RunAsManagerImplTests.java
index be93663948..e5cb1a8dc3 100644
--- a/core/src/test/java/org/springframework/security/access/intercept/RunAsManagerImplTests.java
+++ b/core/src/test/java/org/springframework/security/access/intercept/RunAsManagerImplTests.java
@@ -42,8 +42,7 @@ public class RunAsManagerImplTests {
 
 	@Test
 	public void testDoesNotReturnAdditionalAuthoritiesIfCalledWithoutARunAsSetting() {
-		UsernamePasswordAuthenticationToken inputToken = new UsernamePasswordAuthenticationToken(
-				"Test", "Password",
+		UsernamePasswordAuthenticationToken inputToken = new UsernamePasswordAuthenticationToken("Test", "Password",
 				AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO"));
 
 		RunAsManagerImpl runAs = new RunAsManagerImpl();
@@ -56,8 +55,8 @@ public class RunAsManagerImplTests {
 
 	@Test
 	public void testRespectsRolePrefix() {
-		UsernamePasswordAuthenticationToken inputToken = new UsernamePasswordAuthenticationToken(
-				"Test", "Password", AuthorityUtils.createAuthorityList("ONE", "TWO"));
+		UsernamePasswordAuthenticationToken inputToken = new UsernamePasswordAuthenticationToken("Test", "Password",
+				AuthorityUtils.createAuthorityList("ONE", "TWO"));
 
 		RunAsManagerImpl runAs = new RunAsManagerImpl();
 		runAs.setKey("my_password");
@@ -66,12 +65,10 @@ public class RunAsManagerImplTests {
 		Authentication result = runAs.buildRunAs(inputToken, new Object(),
 				SecurityConfig.createList("RUN_AS_SOMETHING"));
 
-		assertThat(result instanceof RunAsUserToken).withFailMessage(
-				"Should have returned a RunAsUserToken").isTrue();
+		assertThat(result instanceof RunAsUserToken).withFailMessage("Should have returned a RunAsUserToken").isTrue();
 		assertThat(result.getPrincipal()).isEqualTo(inputToken.getPrincipal());
 		assertThat(result.getCredentials()).isEqualTo(inputToken.getCredentials());
-		Set<String> authorities = AuthorityUtils.authorityListToSet(
-				result.getAuthorities());
+		Set<String> authorities = AuthorityUtils.authorityListToSet(result.getAuthorities());
 
 		assertThat(authorities.contains("FOOBAR_RUN_AS_SOMETHING")).isTrue();
 		assertThat(authorities.contains("ONE")).isTrue();
@@ -83,8 +80,7 @@ public class RunAsManagerImplTests {
 
 	@Test
 	public void testReturnsAdditionalGrantedAuthorities() {
-		UsernamePasswordAuthenticationToken inputToken = new UsernamePasswordAuthenticationToken(
-				"Test", "Password",
+		UsernamePasswordAuthenticationToken inputToken = new UsernamePasswordAuthenticationToken("Test", "Password",
 				AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO"));
 
 		RunAsManagerImpl runAs = new RunAsManagerImpl();
@@ -100,8 +96,7 @@ public class RunAsManagerImplTests {
 		assertThat(result.getPrincipal()).isEqualTo(inputToken.getPrincipal());
 		assertThat(result.getCredentials()).isEqualTo(inputToken.getCredentials());
 
-		Set<String> authorities = AuthorityUtils.authorityListToSet(
-				result.getAuthorities());
+		Set<String> authorities = AuthorityUtils.authorityListToSet(result.getAuthorities());
 		assertThat(authorities.contains("ROLE_RUN_AS_SOMETHING")).isTrue();
 		assertThat(authorities.contains("ROLE_ONE")).isTrue();
 		assertThat(authorities.contains("ROLE_TWO")).isTrue();
@@ -138,4 +133,5 @@ public class RunAsManagerImplTests {
 		assertThat(!runAs.supports(new SecurityConfig("ROLE_WHICH_IS_IGNORED"))).isTrue();
 		assertThat(!runAs.supports(new SecurityConfig("role_LOWER_CASE_FAILS"))).isTrue();
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/access/intercept/RunAsUserTokenTests.java b/core/src/test/java/org/springframework/security/access/intercept/RunAsUserTokenTests.java
index a378d586ce..4182eece6e 100644
--- a/core/src/test/java/org/springframework/security/access/intercept/RunAsUserTokenTests.java
+++ b/core/src/test/java/org/springframework/security/access/intercept/RunAsUserTokenTests.java
@@ -33,8 +33,7 @@ public class RunAsUserTokenTests {
 	@Test
 	public void testAuthenticationSetting() {
 		RunAsUserToken token = new RunAsUserToken("my_password", "Test", "Password",
-				AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO"),
-				UsernamePasswordAuthenticationToken.class);
+				AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO"), UsernamePasswordAuthenticationToken.class);
 		assertThat(token.isAuthenticated()).isTrue();
 		token.setAuthenticated(false);
 		assertThat(!token.isAuthenticated()).isTrue();
@@ -43,13 +42,11 @@ public class RunAsUserTokenTests {
 	@Test
 	public void testGetters() {
 		RunAsUserToken token = new RunAsUserToken("my_password", "Test", "Password",
-				AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO"),
-				UsernamePasswordAuthenticationToken.class);
+				AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO"), UsernamePasswordAuthenticationToken.class);
 		assertThat("Test").isEqualTo(token.getPrincipal());
 		assertThat("Password").isEqualTo(token.getCredentials());
 		assertThat("my_password".hashCode()).isEqualTo(token.getKeyHash());
-		assertThat(UsernamePasswordAuthenticationToken.class).isEqualTo(
-				token.getOriginalAuthentication());
+		assertThat(UsernamePasswordAuthenticationToken.class).isEqualTo(token.getOriginalAuthentication());
 	}
 
 	@Test
@@ -68,10 +65,10 @@ public class RunAsUserTokenTests {
 	@Test
 	public void testToString() {
 		RunAsUserToken token = new RunAsUserToken("my_password", "Test", "Password",
-				AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO"),
-				UsernamePasswordAuthenticationToken.class);
-		assertThat(token.toString().lastIndexOf("Original Class: "
-				+ UsernamePasswordAuthenticationToken.class.getName().toString()) != -1).isTrue();
+				AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO"), UsernamePasswordAuthenticationToken.class);
+		assertThat(token.toString()
+				.lastIndexOf("Original Class: " + UsernamePasswordAuthenticationToken.class.getName().toString()) != -1)
+						.isTrue();
 	}
 
 	// SEC-1792
@@ -81,4 +78,5 @@ public class RunAsUserTokenTests {
 				AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO"), null);
 		assertThat(token.toString().lastIndexOf("Original Class: null") != -1).isTrue();
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptorTests.java b/core/src/test/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptorTests.java
index b4e1f61c64..eff1830caf 100644
--- a/core/src/test/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptorTests.java
+++ b/core/src/test/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptorTests.java
@@ -54,13 +54,21 @@ import java.util.*;
  */
 @SuppressWarnings("unchecked")
 public class MethodSecurityInterceptorTests {
+
 	private TestingAuthenticationToken token;
+
 	private MethodSecurityInterceptor interceptor;
+
 	private ITargetObject realTarget;
+
 	private ITargetObject advisedTarget;
+
 	private AccessDecisionManager adm;
+
 	private MethodSecurityMetadataSource mds;
+
 	private AuthenticationManager authman;
+
 	private ApplicationEventPublisher eventPublisher;
 
 	// ~ Methods
@@ -132,23 +140,20 @@ public class MethodSecurityInterceptorTests {
 	}
 
 	@Test(expected = IllegalArgumentException.class)
-	public void initializationRejectsSecurityMetadataSourceThatDoesNotSupportMethodInvocation()
-			throws Throwable {
+	public void initializationRejectsSecurityMetadataSourceThatDoesNotSupportMethodInvocation() throws Throwable {
 		when(mds.supports(MethodInvocation.class)).thenReturn(false);
 		interceptor.afterPropertiesSet();
 	}
 
 	@Test(expected = IllegalArgumentException.class)
-	public void initializationRejectsAccessDecisionManagerThatDoesNotSupportMethodInvocation()
-			throws Exception {
+	public void initializationRejectsAccessDecisionManagerThatDoesNotSupportMethodInvocation() throws Exception {
 		when(mds.supports(MethodInvocation.class)).thenReturn(true);
 		when(adm.supports(MethodInvocation.class)).thenReturn(false);
 		interceptor.afterPropertiesSet();
 	}
 
 	@Test(expected = IllegalArgumentException.class)
-	public void intitalizationRejectsRunAsManagerThatDoesNotSupportMethodInvocation()
-			throws Exception {
+	public void intitalizationRejectsRunAsManagerThatDoesNotSupportMethodInvocation() throws Exception {
 		final RunAsManager ram = mock(RunAsManager.class);
 		when(ram.supports(MethodInvocation.class)).thenReturn(false);
 		interceptor.setRunAsManager(ram);
@@ -156,8 +161,7 @@ public class MethodSecurityInterceptorTests {
 	}
 
 	@Test(expected = IllegalArgumentException.class)
-	public void intitalizationRejectsAfterInvocationManagerThatDoesNotSupportMethodInvocation()
-			throws Exception {
+	public void intitalizationRejectsAfterInvocationManagerThatDoesNotSupportMethodInvocation() throws Exception {
 		final AfterInvocationManager aim = mock(AfterInvocationManager.class);
 		when(aim.supports(MethodInvocation.class)).thenReturn(false);
 		interceptor.setAfterInvocationManager(aim);
@@ -165,15 +169,13 @@ public class MethodSecurityInterceptorTests {
 	}
 
 	@Test(expected = IllegalArgumentException.class)
-	public void initializationFailsIfAccessDecisionManagerRejectsConfigAttributes()
-			throws Exception {
+	public void initializationFailsIfAccessDecisionManagerRejectsConfigAttributes() throws Exception {
 		when(adm.supports(any(ConfigAttribute.class))).thenReturn(false);
 		interceptor.afterPropertiesSet();
 	}
 
 	@Test
-	public void validationNotAttemptedIfIsValidateConfigAttributesSetToFalse()
-			throws Exception {
+	public void validationNotAttemptedIfIsValidateConfigAttributesSetToFalse() throws Exception {
 		when(adm.supports(MethodInvocation.class)).thenReturn(true);
 		when(mds.supports(MethodInvocation.class)).thenReturn(true);
 		interceptor.setValidateConfigAttributes(false);
@@ -183,8 +185,7 @@ public class MethodSecurityInterceptorTests {
 	}
 
 	@Test
-	public void validationNotAttemptedIfMethodSecurityMetadataSourceReturnsNullForAttributes()
-			throws Exception {
+	public void validationNotAttemptedIfMethodSecurityMetadataSourceReturnsNullForAttributes() throws Exception {
 		when(adm.supports(MethodInvocation.class)).thenReturn(true);
 		when(mds.supports(MethodInvocation.class)).thenReturn(true);
 		when(mds.getAllConfigAttributes()).thenReturn(null);
@@ -205,19 +206,18 @@ public class MethodSecurityInterceptorTests {
 	public void callingAPublicMethodWhenPresentingAnAuthenticationObjectDoesntChangeItsAuthenticatedProperty() {
 		mdsReturnsNull();
 		SecurityContextHolder.getContext().setAuthentication(token);
-		assertThat(advisedTarget.publicMakeLowerCase("HELLO")).isEqualTo("hello org.springframework.security.authentication.TestingAuthenticationToken false");
+		assertThat(advisedTarget.publicMakeLowerCase("HELLO"))
+				.isEqualTo("hello org.springframework.security.authentication.TestingAuthenticationToken false");
 		assertThat(!token.isAuthenticated()).isTrue();
 	}
 
 	@Test(expected = AuthenticationException.class)
 	public void callIsntMadeWhenAuthenticationManagerRejectsAuthentication() {
-		final TestingAuthenticationToken token = new TestingAuthenticationToken("Test",
-				"Password");
+		final TestingAuthenticationToken token = new TestingAuthenticationToken("Test", "Password");
 		SecurityContextHolder.getContext().setAuthentication(token);
 
 		mdsReturnsUserRole();
-		when(authman.authenticate(token)).thenThrow(
-				new BadCredentialsException("rejected"));
+		when(authman.authenticate(token)).thenThrow(new BadCredentialsException("rejected"));
 
 		advisedTarget.makeLowerCase("HELLO");
 	}
@@ -232,7 +232,8 @@ public class MethodSecurityInterceptorTests {
 		String result = advisedTarget.makeLowerCase("HELLO");
 
 		// Note we check the isAuthenticated remained true in following line
-		assertThat(result).isEqualTo("hello org.springframework.security.authentication.TestingAuthenticationToken true");
+		assertThat(result)
+				.isEqualTo("hello org.springframework.security.authentication.TestingAuthenticationToken true");
 		verify(eventPublisher).publishEvent(any(AuthorizedEvent.class));
 	}
 
@@ -244,8 +245,8 @@ public class MethodSecurityInterceptorTests {
 		createTarget(true);
 		mdsReturnsUserRole();
 		when(authman.authenticate(token)).thenReturn(token);
-		doThrow(new AccessDeniedException("rejected")).when(adm).decide(
-				any(Authentication.class), any(MethodInvocation.class), any(List.class));
+		doThrow(new AccessDeniedException("rejected")).when(adm).decide(any(Authentication.class),
+				any(MethodInvocation.class), any(List.class));
 
 		try {
 			advisedTarget.makeUpperCase("HELLO");
@@ -267,12 +268,11 @@ public class MethodSecurityInterceptorTests {
 		ctx.setAuthentication(token);
 		token.setAuthenticated(true);
 		final RunAsManager runAs = mock(RunAsManager.class);
-		final RunAsUserToken runAsToken = new RunAsUserToken("key", "someone", "creds",
-				token.getAuthorities(), TestingAuthenticationToken.class);
+		final RunAsUserToken runAsToken = new RunAsUserToken("key", "someone", "creds", token.getAuthorities(),
+				TestingAuthenticationToken.class);
 		interceptor.setRunAsManager(runAs);
 		mdsReturnsUserRole();
-		when(runAs.buildRunAs(eq(token), any(MethodInvocation.class), any(List.class)))
-				.thenReturn(runAsToken);
+		when(runAs.buildRunAs(eq(token), any(MethodInvocation.class), any(List.class))).thenReturn(runAsToken);
 
 		String result = advisedTarget.makeUpperCase("hello");
 		assertThat(result).isEqualTo("HELLO org.springframework.security.access.intercept.RunAsUserToken true");
@@ -290,12 +290,11 @@ public class MethodSecurityInterceptorTests {
 		ctx.setAuthentication(token);
 		token.setAuthenticated(true);
 		final RunAsManager runAs = mock(RunAsManager.class);
-		final RunAsUserToken runAsToken = new RunAsUserToken("key", "someone", "creds",
-				token.getAuthorities(), TestingAuthenticationToken.class);
+		final RunAsUserToken runAsToken = new RunAsUserToken("key", "someone", "creds", token.getAuthorities(),
+				TestingAuthenticationToken.class);
 		interceptor.setRunAsManager(runAs);
 		mdsReturnsUserRole();
-		when(runAs.buildRunAs(eq(token), any(MethodInvocation.class), any(List.class)))
-				.thenReturn(runAsToken);
+		when(runAs.buildRunAs(eq(token), any(MethodInvocation.class), any(List.class))).thenReturn(runAsToken);
 
 		try {
 			advisedTarget.makeUpperCase("hello");
@@ -342,7 +341,7 @@ public class MethodSecurityInterceptorTests {
 	}
 
 	void mdsReturnsUserRole() {
-		when(mds.getAttributes(any(MethodInvocation.class))).thenReturn(
-				SecurityConfig.createList("ROLE_USER"));
+		when(mds.getAttributes(any(MethodInvocation.class))).thenReturn(SecurityConfig.createList("ROLE_USER"));
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisorTests.java b/core/src/test/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisorTests.java
index 6ddf453c9b..88e83036b2 100644
--- a/core/src/test/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisorTests.java
+++ b/core/src/test/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisorTests.java
@@ -43,10 +43,8 @@ public class MethodSecurityMetadataSourceAdvisorTests {
 
 		MethodSecurityMetadataSource mds = mock(MethodSecurityMetadataSource.class);
 		when(mds.getAttributes(method, clazz)).thenReturn(null);
-		MethodSecurityMetadataSourceAdvisor advisor = new MethodSecurityMetadataSourceAdvisor(
-				"", mds, "");
-		assertThat(advisor.getPointcut().getMethodMatcher().matches(method,
-				clazz)).isFalse();
+		MethodSecurityMetadataSourceAdvisor advisor = new MethodSecurityMetadataSourceAdvisor("", mds, "");
+		assertThat(advisor.getPointcut().getMethodMatcher().matches(method, clazz)).isFalse();
 	}
 
 	@Test
@@ -55,11 +53,9 @@ public class MethodSecurityMetadataSourceAdvisorTests {
 		Method method = clazz.getMethod("countLength", new Class[] { String.class });
 
 		MethodSecurityMetadataSource mds = mock(MethodSecurityMetadataSource.class);
-		when(mds.getAttributes(method, clazz)).thenReturn(
-				SecurityConfig.createList("ROLE_A"));
-		MethodSecurityMetadataSourceAdvisor advisor = new MethodSecurityMetadataSourceAdvisor(
-				"", mds, "");
-		assertThat(
-				advisor.getPointcut().getMethodMatcher().matches(method, clazz)).isTrue();
+		when(mds.getAttributes(method, clazz)).thenReturn(SecurityConfig.createList("ROLE_A"));
+		MethodSecurityMetadataSourceAdvisor advisor = new MethodSecurityMetadataSourceAdvisor("", mds, "");
+		assertThat(advisor.getPointcut().getMethodMatcher().matches(method, clazz)).isTrue();
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/access/intercept/aspectj/AspectJMethodSecurityInterceptorTests.java b/core/src/test/java/org/springframework/security/access/intercept/aspectj/AspectJMethodSecurityInterceptorTests.java
index e98c5764a6..593db48047 100644
--- a/core/src/test/java/org/springframework/security/access/intercept/aspectj/AspectJMethodSecurityInterceptorTests.java
+++ b/core/src/test/java/org/springframework/security/access/intercept/aspectj/AspectJMethodSecurityInterceptorTests.java
@@ -54,12 +54,19 @@ import java.util.List;
  * @author Rob Winch
  */
 public class AspectJMethodSecurityInterceptorTests {
+
 	private TestingAuthenticationToken token;
+
 	private AspectJMethodSecurityInterceptor interceptor;
+
 	private @Mock AccessDecisionManager adm;
+
 	private @Mock MethodSecurityMetadataSource mds;
+
 	private @Mock AuthenticationManager authman;
+
 	private @Mock AspectJCallback aspectJCallback;
+
 	private ProceedingJoinPoint joinPoint;
 
 	// ~ Methods
@@ -87,8 +94,7 @@ public class AspectJMethodSecurityInterceptorTests {
 		when(codeSig.getDeclaringType()).thenReturn(TargetObject.class);
 		when(codeSig.getParameterTypes()).thenReturn(new Class[] { String.class });
 		when(staticPart.getSignature()).thenReturn(codeSig);
-		when(mds.getAttributes(any())).thenReturn(
-				SecurityConfig.createList("ROLE_USER"));
+		when(mds.getAttributes(any())).thenReturn(SecurityConfig.createList("ROLE_USER"));
 		when(authman.authenticate(token)).thenReturn(token);
 	}
 
@@ -110,8 +116,7 @@ public class AspectJMethodSecurityInterceptorTests {
 	@SuppressWarnings("unchecked")
 	@Test
 	public void callbackIsNotInvokedWhenPermissionDenied() {
-		doThrow(new AccessDeniedException("denied")).when(adm).decide(
-				any(), any(), any());
+		doThrow(new AccessDeniedException("denied")).when(adm).decide(any(), any(), any());
 
 		SecurityContextHolder.getContext().setAuthentication(token);
 		try {
@@ -126,8 +131,7 @@ public class AspectJMethodSecurityInterceptorTests {
 	@Test
 	public void adapterHoldsCorrectData() {
 		TargetObject to = new TargetObject();
-		Method m = ClassUtils.getMethodIfAvailable(TargetObject.class, "countLength",
-				new Class[] { String.class });
+		Method m = ClassUtils.getMethodIfAvailable(TargetObject.class, "countLength", new Class[] { String.class });
 
 		when(joinPoint.getTarget()).thenReturn(to);
 		when(joinPoint.getArgs()).thenReturn(new Object[] { "Hi" });
@@ -166,11 +170,10 @@ public class AspectJMethodSecurityInterceptorTests {
 		ctx.setAuthentication(token);
 		token.setAuthenticated(true);
 		final RunAsManager runAs = mock(RunAsManager.class);
-		final RunAsUserToken runAsToken = new RunAsUserToken("key", "someone", "creds",
-				token.getAuthorities(), TestingAuthenticationToken.class);
+		final RunAsUserToken runAsToken = new RunAsUserToken("key", "someone", "creds", token.getAuthorities(),
+				TestingAuthenticationToken.class);
 		interceptor.setRunAsManager(runAs);
-		when(runAs.buildRunAs(eq(token), any(MethodInvocation.class), any(List.class)))
-				.thenReturn(runAsToken);
+		when(runAs.buildRunAs(eq(token), any(MethodInvocation.class), any(List.class))).thenReturn(runAsToken);
 		when(aspectJCallback.proceedWithObject()).thenThrow(new RuntimeException());
 
 		try {
@@ -193,11 +196,10 @@ public class AspectJMethodSecurityInterceptorTests {
 		ctx.setAuthentication(token);
 		token.setAuthenticated(true);
 		final RunAsManager runAs = mock(RunAsManager.class);
-		final RunAsUserToken runAsToken = new RunAsUserToken("key", "someone", "creds",
-				token.getAuthorities(), TestingAuthenticationToken.class);
+		final RunAsUserToken runAsToken = new RunAsUserToken("key", "someone", "creds", token.getAuthorities(),
+				TestingAuthenticationToken.class);
 		interceptor.setRunAsManager(runAs);
-		when(runAs.buildRunAs(eq(token), any(MethodInvocation.class), any(List.class)))
-				.thenReturn(runAsToken);
+		when(runAs.buildRunAs(eq(token), any(MethodInvocation.class), any(List.class))).thenReturn(runAsToken);
 		when(joinPoint.proceed()).thenThrow(new RuntimeException());
 
 		try {
@@ -211,4 +213,5 @@ public class AspectJMethodSecurityInterceptorTests {
 		assertThat(SecurityContextHolder.getContext()).isSameAs(ctx);
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(token);
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/access/intercept/method/MapBasedMethodSecurityMetadataSourceTests.java b/core/src/test/java/org/springframework/security/access/intercept/method/MapBasedMethodSecurityMetadataSourceTests.java
index 89ae4f9822..90fd117663 100644
--- a/core/src/test/java/org/springframework/security/access/intercept/method/MapBasedMethodSecurityMetadataSourceTests.java
+++ b/core/src/test/java/org/springframework/security/access/intercept/method/MapBasedMethodSecurityMetadataSourceTests.java
@@ -33,10 +33,15 @@ import org.springframework.security.access.method.MapBasedMethodSecurityMetadata
  * @since 2.0.4
  */
 public class MapBasedMethodSecurityMetadataSourceTests {
+
 	private final List<ConfigAttribute> ROLE_A = SecurityConfig.createList("ROLE_A");
+
 	private final List<ConfigAttribute> ROLE_B = SecurityConfig.createList("ROLE_B");
+
 	private MapBasedMethodSecurityMetadataSource mds;
+
 	private Method someMethodString;
+
 	private Method someMethodInteger;
 
 	@Before
@@ -64,10 +69,13 @@ public class MapBasedMethodSecurityMetadataSourceTests {
 
 	@SuppressWarnings("unused")
 	private class MockService {
+
 		public void someMethod(String s) {
 		}
 
 		public void someMethod(Integer i) {
 		}
+
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/access/intercept/method/MethodInvocationPrivilegeEvaluatorTests.java b/core/src/test/java/org/springframework/security/access/intercept/method/MethodInvocationPrivilegeEvaluatorTests.java
index 80b6b3ac4d..bc7db2355b 100644
--- a/core/src/test/java/org/springframework/security/access/intercept/method/MethodInvocationPrivilegeEvaluatorTests.java
+++ b/core/src/test/java/org/springframework/security/access/intercept/method/MethodInvocationPrivilegeEvaluatorTests.java
@@ -47,10 +47,15 @@ import org.springframework.security.util.MethodInvocationUtils;
  * @author Ben Alex
  */
 public class MethodInvocationPrivilegeEvaluatorTests {
+
 	private TestingAuthenticationToken token;
+
 	private MethodSecurityInterceptor interceptor;
+
 	private AccessDecisionManager adm;
+
 	private MethodSecurityMetadataSource mds;
+
 	private final List<ConfigAttribute> role = SecurityConfig.createList("ROLE_IGNORED");
 
 	// ~ Methods
@@ -72,8 +77,7 @@ public class MethodInvocationPrivilegeEvaluatorTests {
 	@Test
 	public void allowsAccessUsingCreate() throws Exception {
 		Object object = new TargetObject();
-		final MethodInvocation mi = MethodInvocationUtils.create(object, "makeLowerCase",
-				"foobar");
+		final MethodInvocation mi = MethodInvocationUtils.create(object, "makeLowerCase", "foobar");
 
 		MethodInvocationPrivilegeEvaluator mipe = new MethodInvocationPrivilegeEvaluator();
 		when(mds.getAttributes(mi)).thenReturn(role);
@@ -86,9 +90,8 @@ public class MethodInvocationPrivilegeEvaluatorTests {
 
 	@Test
 	public void allowsAccessUsingCreateFromClass() {
-		final MethodInvocation mi = MethodInvocationUtils.createFromClass(
-				new OtherTargetObject(), ITargetObject.class, "makeLowerCase",
-				new Class[] { String.class }, new Object[] { "Hello world" });
+		final MethodInvocation mi = MethodInvocationUtils.createFromClass(new OtherTargetObject(), ITargetObject.class,
+				"makeLowerCase", new Class[] { String.class }, new Object[] { "Hello world" });
 		MethodInvocationPrivilegeEvaluator mipe = new MethodInvocationPrivilegeEvaluator();
 		mipe.setSecurityInterceptor(interceptor);
 		when(mds.getAttributes(mi)).thenReturn(role);
@@ -99,8 +102,7 @@ public class MethodInvocationPrivilegeEvaluatorTests {
 	@Test
 	public void declinesAccessUsingCreate() {
 		Object object = new TargetObject();
-		final MethodInvocation mi = MethodInvocationUtils.create(object, "makeLowerCase",
-				"foobar");
+		final MethodInvocation mi = MethodInvocationUtils.create(object, "makeLowerCase", "foobar");
 		MethodInvocationPrivilegeEvaluator mipe = new MethodInvocationPrivilegeEvaluator();
 		mipe.setSecurityInterceptor(interceptor);
 		when(mds.getAttributes(mi)).thenReturn(role);
@@ -111,9 +113,8 @@ public class MethodInvocationPrivilegeEvaluatorTests {
 
 	@Test
 	public void declinesAccessUsingCreateFromClass() {
-		final MethodInvocation mi = MethodInvocationUtils.createFromClass(
-				new OtherTargetObject(), ITargetObject.class, "makeLowerCase",
-				new Class[] { String.class }, new Object[] { "helloWorld" });
+		final MethodInvocation mi = MethodInvocationUtils.createFromClass(new OtherTargetObject(), ITargetObject.class,
+				"makeLowerCase", new Class[] { String.class }, new Object[] { "helloWorld" });
 
 		MethodInvocationPrivilegeEvaluator mipe = new MethodInvocationPrivilegeEvaluator();
 		mipe.setSecurityInterceptor(interceptor);
@@ -122,4 +123,5 @@ public class MethodInvocationPrivilegeEvaluatorTests {
 
 		assertThat(mipe.isAllowed(mi, token)).isFalse();
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/access/intercept/method/MockMethodInvocation.java b/core/src/test/java/org/springframework/security/access/intercept/method/MockMethodInvocation.java
index 8c295000ff..888ff6a2af 100644
--- a/core/src/test/java/org/springframework/security/access/intercept/method/MockMethodInvocation.java
+++ b/core/src/test/java/org/springframework/security/access/intercept/method/MockMethodInvocation.java
@@ -22,18 +22,21 @@ import java.lang.reflect.Method;
 
 @SuppressWarnings("unchecked")
 public class MockMethodInvocation implements MethodInvocation {
+
 	private Method method;
+
 	private Object targetObject;
+
 	private Object[] arguments = new Object[0];
 
 	public MockMethodInvocation(Object targetObject, Class clazz, String methodName, Class[] parameterTypes,
-								Object[] arguments) throws NoSuchMethodException {
+			Object[] arguments) throws NoSuchMethodException {
 		this(targetObject, clazz, methodName, parameterTypes);
 		this.arguments = arguments;
 	}
 
-	public MockMethodInvocation(Object targetObject, Class clazz, String methodName,
-			Class... parameterTypes) throws NoSuchMethodException {
+	public MockMethodInvocation(Object targetObject, Class clazz, String methodName, Class... parameterTypes)
+			throws NoSuchMethodException {
 		this.method = clazz.getMethod(methodName, parameterTypes);
 		this.targetObject = targetObject;
 	}
@@ -57,4 +60,5 @@ public class MockMethodInvocation implements MethodInvocation {
 	public Object proceed() {
 		return null;
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/access/method/DelegatingMethodSecurityMetadataSourceTests.java b/core/src/test/java/org/springframework/security/access/method/DelegatingMethodSecurityMetadataSourceTests.java
index b16f71b8bd..8922194607 100644
--- a/core/src/test/java/org/springframework/security/access/method/DelegatingMethodSecurityMetadataSourceTests.java
+++ b/core/src/test/java/org/springframework/security/access/method/DelegatingMethodSecurityMetadataSourceTests.java
@@ -32,20 +32,20 @@ import java.util.*;
  */
 @SuppressWarnings({ "unchecked" })
 public class DelegatingMethodSecurityMetadataSourceTests {
+
 	DelegatingMethodSecurityMetadataSource mds;
 
 	@Test
 	public void returnsEmptyListIfDelegateReturnsNull() throws Exception {
 		List sources = new ArrayList();
 		MethodSecurityMetadataSource delegate = mock(MethodSecurityMetadataSource.class);
-		when(delegate.getAttributes(ArgumentMatchers.<Method> any(), ArgumentMatchers.any(Class.class)))
+		when(delegate.getAttributes(ArgumentMatchers.<Method>any(), ArgumentMatchers.any(Class.class)))
 				.thenReturn(null);
 		sources.add(delegate);
 		mds = new DelegatingMethodSecurityMetadataSource(sources);
 		assertThat(mds.getMethodSecurityMetadataSources()).isSameAs(sources);
 		assertThat(mds.getAllConfigAttributes().isEmpty()).isTrue();
-		MethodInvocation mi = new SimpleMethodInvocation(null,
-				String.class.getMethod("toString"));
+		MethodInvocation mi = new SimpleMethodInvocation(null, String.class.getMethod("toString"));
 		assertThat(mds.getAttributes(mi)).isEqualTo(Collections.emptyList());
 		// Exercise the cached case
 		assertThat(mds.getAttributes(mi)).isEqualTo(Collections.emptyList());
@@ -67,8 +67,7 @@ public class DelegatingMethodSecurityMetadataSourceTests {
 		assertThat(mds.getAttributes(mi)).isSameAs(attributes);
 		// Exercise the cached case
 		assertThat(mds.getAttributes(mi)).isSameAs(attributes);
-		assertThat(mds.getAttributes(
-				new SimpleMethodInvocation(null, String.class.getMethod("length")))).isEmpty();
+		assertThat(mds.getAttributes(new SimpleMethodInvocation(null, String.class.getMethod("length")))).isEmpty();
 	}
 
 }
diff --git a/core/src/test/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdviceVoterTests.java b/core/src/test/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdviceVoterTests.java
index bb6f951680..25f7956a27 100644
--- a/core/src/test/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdviceVoterTests.java
+++ b/core/src/test/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdviceVoterTests.java
@@ -28,8 +28,10 @@ import org.springframework.security.access.intercept.aspectj.MethodInvocationAda
 
 @RunWith(MockitoJUnitRunner.class)
 public class PreInvocationAuthorizationAdviceVoterTests {
+
 	@Mock
 	private PreInvocationAuthorizationAdvice authorizationAdvice;
+
 	private PreInvocationAuthorizationAdviceVoter voter;
 
 	@Before
@@ -52,4 +54,5 @@ public class PreInvocationAuthorizationAdviceVoterTests {
 	public void supportsMethodInvocationAdapter() {
 		assertThat(voter.supports(MethodInvocationAdapter.class)).isTrue();
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/access/vote/AbstractAccessDecisionManagerTests.java b/core/src/test/java/org/springframework/security/access/vote/AbstractAccessDecisionManagerTests.java
index e3fb32d6bb..fbf69e25c3 100644
--- a/core/src/test/java/org/springframework/security/access/vote/AbstractAccessDecisionManagerTests.java
+++ b/core/src/test/java/org/springframework/security/access/vote/AbstractAccessDecisionManagerTests.java
@@ -136,14 +136,13 @@ public class AbstractAccessDecisionManagerTests {
 
 	private class MockDecisionManagerImpl extends AbstractAccessDecisionManager {
 
-		protected MockDecisionManagerImpl(
-				List<AccessDecisionVoter<? extends Object>> decisionVoters) {
+		protected MockDecisionManagerImpl(List<AccessDecisionVoter<? extends Object>> decisionVoters) {
 			super(decisionVoters);
 		}
 
-		public void decide(Authentication authentication, Object object,
-				Collection<ConfigAttribute> configAttributes) {
+		public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes) {
 		}
+
 	}
 
 	private class MockStringOnlyVoter implements AccessDecisionVoter<Object> {
@@ -156,9 +155,10 @@ public class AbstractAccessDecisionManagerTests {
 			throw new UnsupportedOperationException("mock method not implemented");
 		}
 
-		public int vote(Authentication authentication, Object object,
-				Collection<ConfigAttribute> attributes) {
+		public int vote(Authentication authentication, Object object, Collection<ConfigAttribute> attributes) {
 			throw new UnsupportedOperationException("mock method not implemented");
 		}
+
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/access/vote/AbstractAclVoterTests.java b/core/src/test/java/org/springframework/security/access/vote/AbstractAclVoterTests.java
index 4f66e67244..c9474d7c6d 100644
--- a/core/src/test/java/org/springframework/security/access/vote/AbstractAclVoterTests.java
+++ b/core/src/test/java/org/springframework/security/access/vote/AbstractAclVoterTests.java
@@ -26,10 +26,10 @@ import org.springframework.security.core.Authentication;
 import org.springframework.security.util.MethodInvocationUtils;
 
 /**
- *
  * @author Luke Taylor
  */
 public class AbstractAclVoterTests {
+
 	private AbstractAclVoter voter = new AbstractAclVoter() {
 		public boolean supports(ConfigAttribute attribute) {
 			return false;
@@ -50,21 +50,21 @@ public class AbstractAclVoterTests {
 	@Test
 	public void expectedDomainObjectArgumentIsReturnedFromMethodInvocation() {
 		voter.setProcessDomainObjectClass(String.class);
-		MethodInvocation mi = MethodInvocationUtils.create(new TestClass(),
-				"methodTakingAString", "The Argument");
+		MethodInvocation mi = MethodInvocationUtils.create(new TestClass(), "methodTakingAString", "The Argument");
 		assertThat(voter.getDomainObjectInstance(mi)).isEqualTo("The Argument");
 	}
 
 	@Test
 	public void correctArgumentIsSelectedFromMultipleArgs() {
 		voter.setProcessDomainObjectClass(String.class);
-		MethodInvocation mi = MethodInvocationUtils.create(new TestClass(),
-				"methodTakingAListAndAString", new ArrayList<>(), "The Argument");
+		MethodInvocation mi = MethodInvocationUtils.create(new TestClass(), "methodTakingAListAndAString",
+				new ArrayList<>(), "The Argument");
 		assertThat(voter.getDomainObjectInstance(mi)).isEqualTo("The Argument");
 	}
 
 	@SuppressWarnings("unused")
 	private static class TestClass {
+
 		public void methodTakingAString(String arg) {
 		}
 
@@ -73,6 +73,7 @@ public class AbstractAclVoterTests {
 
 		public void methodTakingAListAndAString(ArrayList<Object> arg1, String arg2) {
 		}
+
 	}
 
 }
diff --git a/core/src/test/java/org/springframework/security/access/vote/AffirmativeBasedTests.java b/core/src/test/java/org/springframework/security/access/vote/AffirmativeBasedTests.java
index bf237fb51b..4e75b038e0 100644
--- a/core/src/test/java/org/springframework/security/access/vote/AffirmativeBasedTests.java
+++ b/core/src/test/java/org/springframework/security/access/vote/AffirmativeBasedTests.java
@@ -38,12 +38,17 @@ import org.springframework.security.core.Authentication;
  * @author Ben Alex
  */
 public class AffirmativeBasedTests {
+
 	private final List<ConfigAttribute> attrs = new ArrayList<>();
-	private final Authentication user = new TestingAuthenticationToken("somebody",
-			"password", "ROLE_1", "ROLE_2");
+
+	private final Authentication user = new TestingAuthenticationToken("somebody", "password", "ROLE_1", "ROLE_2");
+
 	private AffirmativeBased mgr;
+
 	private AccessDecisionVoter grant;
+
 	private AccessDecisionVoter abstain;
+
 	private AccessDecisionVoter deny;
 
 	@Before
@@ -63,40 +68,34 @@ public class AffirmativeBasedTests {
 	}
 
 	@Test
-	public void oneAffirmativeVoteOneDenyVoteOneAbstainVoteGrantsAccess()
-			throws Exception {
+	public void oneAffirmativeVoteOneDenyVoteOneAbstainVoteGrantsAccess() throws Exception {
 
-		mgr = new AffirmativeBased(Arrays.<AccessDecisionVoter<? extends Object>> asList(
-				grant, deny, abstain));
+		mgr = new AffirmativeBased(Arrays.<AccessDecisionVoter<? extends Object>>asList(grant, deny, abstain));
 		mgr.afterPropertiesSet();
 		mgr.decide(user, new Object(), attrs);
 	}
 
 	@Test
 	public void oneDenyVoteOneAbstainVoteOneAffirmativeVoteGrantsAccess() {
-		mgr = new AffirmativeBased(Arrays.<AccessDecisionVoter<? extends Object>> asList(
-				deny, abstain, grant));
+		mgr = new AffirmativeBased(Arrays.<AccessDecisionVoter<? extends Object>>asList(deny, abstain, grant));
 		mgr.decide(user, new Object(), attrs);
 	}
 
 	@Test
 	public void oneAffirmativeVoteTwoAbstainVotesGrantsAccess() {
-		mgr = new AffirmativeBased(Arrays.<AccessDecisionVoter<? extends Object>> asList(
-				grant, abstain, abstain));
+		mgr = new AffirmativeBased(Arrays.<AccessDecisionVoter<? extends Object>>asList(grant, abstain, abstain));
 		mgr.decide(user, new Object(), attrs);
 	}
 
 	@Test(expected = AccessDeniedException.class)
 	public void oneDenyVoteTwoAbstainVotesDeniesAccess() {
-		mgr = new AffirmativeBased(Arrays.<AccessDecisionVoter<? extends Object>> asList(
-				deny, abstain, abstain));
+		mgr = new AffirmativeBased(Arrays.<AccessDecisionVoter<? extends Object>>asList(deny, abstain, abstain));
 		mgr.decide(user, new Object(), attrs);
 	}
 
 	@Test(expected = AccessDeniedException.class)
 	public void onlyAbstainVotesDeniesAccessWithDefault() {
-		mgr = new AffirmativeBased(Arrays.<AccessDecisionVoter<? extends Object>> asList(
-				abstain, abstain, abstain));
+		mgr = new AffirmativeBased(Arrays.<AccessDecisionVoter<? extends Object>>asList(abstain, abstain, abstain));
 		assertThat(!mgr.isAllowIfAllAbstainDecisions()).isTrue(); // check default
 
 		mgr.decide(user, new Object(), attrs);
@@ -104,11 +103,11 @@ public class AffirmativeBasedTests {
 
 	@Test
 	public void testThreeAbstainVotesGrantsAccessIfAllowIfAllAbstainDecisionsIsSet() {
-		mgr = new AffirmativeBased(Arrays.<AccessDecisionVoter<? extends Object>> asList(
-				abstain, abstain, abstain));
+		mgr = new AffirmativeBased(Arrays.<AccessDecisionVoter<? extends Object>>asList(abstain, abstain, abstain));
 		mgr.setAllowIfAllAbstainDecisions(true);
 		assertThat(mgr.isAllowIfAllAbstainDecisions()).isTrue(); // check changed
 
 		mgr.decide(user, new Object(), attrs);
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/access/vote/AuthenticatedVoterTests.java b/core/src/test/java/org/springframework/security/access/vote/AuthenticatedVoterTests.java
index 8a8d3f4043..6d87a4a028 100644
--- a/core/src/test/java/org/springframework/security/access/vote/AuthenticatedVoterTests.java
+++ b/core/src/test/java/org/springframework/security/access/vote/AuthenticatedVoterTests.java
@@ -39,8 +39,7 @@ import org.springframework.security.core.authority.AuthorityUtils;
 public class AuthenticatedVoterTests {
 
 	private Authentication createAnonymous() {
-		return new AnonymousAuthenticationToken("ignored", "ignored",
-				AuthorityUtils.createAuthorityList("ignored"));
+		return new AnonymousAuthenticationToken("ignored", "ignored", AuthorityUtils.createAuthorityList("ignored"));
 	}
 
 	private Authentication createFullyAuthenticated() {
@@ -49,47 +48,34 @@ public class AuthenticatedVoterTests {
 	}
 
 	private Authentication createRememberMe() {
-		return new RememberMeAuthenticationToken("ignored", "ignored",
-				AuthorityUtils.createAuthorityList("ignored"));
+		return new RememberMeAuthenticationToken("ignored", "ignored", AuthorityUtils.createAuthorityList("ignored"));
 	}
 
 	@Test
 	public void testAnonymousWorks() {
 		AuthenticatedVoter voter = new AuthenticatedVoter();
-		List<ConfigAttribute> def = SecurityConfig.createList(
-				AuthenticatedVoter.IS_AUTHENTICATED_ANONYMOUSLY);
-		assertThat(AccessDecisionVoter.ACCESS_GRANTED).isEqualTo(
-				voter.vote(createAnonymous(), null, def));
-		assertThat(AccessDecisionVoter.ACCESS_GRANTED).isEqualTo(
-				voter.vote(createRememberMe(), null, def));
-		assertThat(AccessDecisionVoter.ACCESS_GRANTED).isEqualTo(
-				voter.vote(createFullyAuthenticated(), null, def));
+		List<ConfigAttribute> def = SecurityConfig.createList(AuthenticatedVoter.IS_AUTHENTICATED_ANONYMOUSLY);
+		assertThat(AccessDecisionVoter.ACCESS_GRANTED).isEqualTo(voter.vote(createAnonymous(), null, def));
+		assertThat(AccessDecisionVoter.ACCESS_GRANTED).isEqualTo(voter.vote(createRememberMe(), null, def));
+		assertThat(AccessDecisionVoter.ACCESS_GRANTED).isEqualTo(voter.vote(createFullyAuthenticated(), null, def));
 	}
 
 	@Test
 	public void testFullyWorks() {
 		AuthenticatedVoter voter = new AuthenticatedVoter();
-		List<ConfigAttribute> def = SecurityConfig.createList(
-				AuthenticatedVoter.IS_AUTHENTICATED_FULLY);
-		assertThat(AccessDecisionVoter.ACCESS_DENIED).isEqualTo(
-				voter.vote(createAnonymous(), null, def));
-		assertThat(AccessDecisionVoter.ACCESS_DENIED).isEqualTo(
-				voter.vote(createRememberMe(), null, def));
-		assertThat(AccessDecisionVoter.ACCESS_GRANTED).isEqualTo(
-				voter.vote(createFullyAuthenticated(), null, def));
+		List<ConfigAttribute> def = SecurityConfig.createList(AuthenticatedVoter.IS_AUTHENTICATED_FULLY);
+		assertThat(AccessDecisionVoter.ACCESS_DENIED).isEqualTo(voter.vote(createAnonymous(), null, def));
+		assertThat(AccessDecisionVoter.ACCESS_DENIED).isEqualTo(voter.vote(createRememberMe(), null, def));
+		assertThat(AccessDecisionVoter.ACCESS_GRANTED).isEqualTo(voter.vote(createFullyAuthenticated(), null, def));
 	}
 
 	@Test
 	public void testRememberMeWorks() {
 		AuthenticatedVoter voter = new AuthenticatedVoter();
-		List<ConfigAttribute> def = SecurityConfig.createList(
-				AuthenticatedVoter.IS_AUTHENTICATED_REMEMBERED);
-		assertThat(AccessDecisionVoter.ACCESS_DENIED).isEqualTo(
-				voter.vote(createAnonymous(), null, def));
-		assertThat(AccessDecisionVoter.ACCESS_GRANTED).isEqualTo(
-				voter.vote(createRememberMe(), null, def));
-		assertThat(AccessDecisionVoter.ACCESS_GRANTED).isEqualTo(
-				voter.vote(createFullyAuthenticated(), null, def));
+		List<ConfigAttribute> def = SecurityConfig.createList(AuthenticatedVoter.IS_AUTHENTICATED_REMEMBERED);
+		assertThat(AccessDecisionVoter.ACCESS_DENIED).isEqualTo(voter.vote(createAnonymous(), null, def));
+		assertThat(AccessDecisionVoter.ACCESS_GRANTED).isEqualTo(voter.vote(createRememberMe(), null, def));
+		assertThat(AccessDecisionVoter.ACCESS_GRANTED).isEqualTo(voter.vote(createFullyAuthenticated(), null, def));
 	}
 
 	@Test
@@ -109,12 +95,10 @@ public class AuthenticatedVoterTests {
 	public void testSupports() {
 		AuthenticatedVoter voter = new AuthenticatedVoter();
 		assertThat(voter.supports(String.class)).isTrue();
-		assertThat(voter.supports(new SecurityConfig(
-				AuthenticatedVoter.IS_AUTHENTICATED_ANONYMOUSLY))).isTrue();
-		assertThat(voter.supports(
-				new SecurityConfig(AuthenticatedVoter.IS_AUTHENTICATED_FULLY))).isTrue();
-		assertThat(voter.supports(new SecurityConfig(
-				AuthenticatedVoter.IS_AUTHENTICATED_REMEMBERED))).isTrue();
+		assertThat(voter.supports(new SecurityConfig(AuthenticatedVoter.IS_AUTHENTICATED_ANONYMOUSLY))).isTrue();
+		assertThat(voter.supports(new SecurityConfig(AuthenticatedVoter.IS_AUTHENTICATED_FULLY))).isTrue();
+		assertThat(voter.supports(new SecurityConfig(AuthenticatedVoter.IS_AUTHENTICATED_REMEMBERED))).isTrue();
 		assertThat(voter.supports(new SecurityConfig("FOO"))).isFalse();
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/access/vote/ConsensusBasedTests.java b/core/src/test/java/org/springframework/security/access/vote/ConsensusBasedTests.java
index e8fca78fc2..b2826d028b 100644
--- a/core/src/test/java/org/springframework/security/access/vote/ConsensusBasedTests.java
+++ b/core/src/test/java/org/springframework/security/access/vote/ConsensusBasedTests.java
@@ -41,8 +41,7 @@ public class ConsensusBasedTests {
 		mgr.setAllowIfEqualGrantedDeniedDecisions(false);
 		assertThat(!mgr.isAllowIfEqualGrantedDeniedDecisions()).isTrue(); // check changed
 
-		List<ConfigAttribute> config = SecurityConfig.createList("ROLE_1",
-				"DENY_FOR_SURE");
+		List<ConfigAttribute> config = SecurityConfig.createList("ROLE_1", "DENY_FOR_SURE");
 
 		mgr.decide(auth, new Object(), config);
 	}
@@ -54,8 +53,7 @@ public class ConsensusBasedTests {
 
 		assertThat(mgr.isAllowIfEqualGrantedDeniedDecisions()).isTrue(); // check default
 
-		List<ConfigAttribute> config = SecurityConfig.createList("ROLE_1",
-				"DENY_FOR_SURE");
+		List<ConfigAttribute> config = SecurityConfig.createList("ROLE_1", "DENY_FOR_SURE");
 
 		mgr.decide(auth, new Object(), config);
 
@@ -122,4 +120,5 @@ public class ConsensusBasedTests {
 	private TestingAuthenticationToken makeTestToken() {
 		return new TestingAuthenticationToken("somebody", "password", "ROLE_1", "ROLE_2");
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/access/vote/DenyAgainVoter.java b/core/src/test/java/org/springframework/security/access/vote/DenyAgainVoter.java
index e48e0548f1..c51074d0f0 100644
--- a/core/src/test/java/org/springframework/security/access/vote/DenyAgainVoter.java
+++ b/core/src/test/java/org/springframework/security/access/vote/DenyAgainVoter.java
@@ -34,6 +34,7 @@ import java.util.Iterator;
  * @author Ben Alex
  */
 public class DenyAgainVoter implements AccessDecisionVoter<Object> {
+
 	// ~ Methods
 	// ========================================================================================================
 
@@ -50,8 +51,7 @@ public class DenyAgainVoter implements AccessDecisionVoter<Object> {
 		return true;
 	}
 
-	public int vote(Authentication authentication, Object object,
-			Collection<ConfigAttribute> attributes) {
+	public int vote(Authentication authentication, Object object, Collection<ConfigAttribute> attributes) {
 		Iterator<ConfigAttribute> iter = attributes.iterator();
 
 		while (iter.hasNext()) {
diff --git a/core/src/test/java/org/springframework/security/access/vote/DenyVoter.java b/core/src/test/java/org/springframework/security/access/vote/DenyVoter.java
index 2db4297778..d30ba67749 100644
--- a/core/src/test/java/org/springframework/security/access/vote/DenyVoter.java
+++ b/core/src/test/java/org/springframework/security/access/vote/DenyVoter.java
@@ -36,6 +36,7 @@ import java.util.Iterator;
  * @author Ben Alex
  */
 public class DenyVoter implements AccessDecisionVoter<Object> {
+
 	// ~ Methods
 	// ========================================================================================================
 
@@ -52,8 +53,7 @@ public class DenyVoter implements AccessDecisionVoter<Object> {
 		return true;
 	}
 
-	public int vote(Authentication authentication, Object object,
-			Collection<ConfigAttribute> attributes) {
+	public int vote(Authentication authentication, Object object, Collection<ConfigAttribute> attributes) {
 		Iterator<ConfigAttribute> iter = attributes.iterator();
 
 		while (iter.hasNext()) {
@@ -66,4 +66,5 @@ public class DenyVoter implements AccessDecisionVoter<Object> {
 
 		return ACCESS_ABSTAIN;
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/access/vote/RoleHierarchyVoterTests.java b/core/src/test/java/org/springframework/security/access/vote/RoleHierarchyVoterTests.java
index 681c61ff12..00264e5613 100644
--- a/core/src/test/java/org/springframework/security/access/vote/RoleHierarchyVoterTests.java
+++ b/core/src/test/java/org/springframework/security/access/vote/RoleHierarchyVoterTests.java
@@ -31,10 +31,11 @@ public class RoleHierarchyVoterTests {
 		roleHierarchyImpl.setHierarchy("ROLE_A > ROLE_B");
 
 		// User has role A, role B is required
-		TestingAuthenticationToken auth = new TestingAuthenticationToken("user",
-				"password", "ROLE_A");
+		TestingAuthenticationToken auth = new TestingAuthenticationToken("user", "password", "ROLE_A");
 		RoleHierarchyVoter voter = new RoleHierarchyVoter(roleHierarchyImpl);
 
-		assertThat(voter.vote(auth, new Object(), SecurityConfig.createList("ROLE_B"))).isEqualTo(RoleHierarchyVoter.ACCESS_GRANTED);
+		assertThat(voter.vote(auth, new Object(), SecurityConfig.createList("ROLE_B")))
+				.isEqualTo(RoleHierarchyVoter.ACCESS_GRANTED);
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/access/vote/RoleVoterTests.java b/core/src/test/java/org/springframework/security/access/vote/RoleVoterTests.java
index 741a7bcc7a..433766bd69 100644
--- a/core/src/test/java/org/springframework/security/access/vote/RoleVoterTests.java
+++ b/core/src/test/java/org/springframework/security/access/vote/RoleVoterTests.java
@@ -24,17 +24,18 @@ import org.springframework.security.authentication.TestingAuthenticationToken;
 import org.springframework.security.core.Authentication;
 
 /**
- *
  * @author Luke Taylor
  */
 public class RoleVoterTests {
+
 	@Test
 	public void oneMatchingAttributeGrantsAccess() {
 		RoleVoter voter = new RoleVoter();
 		voter.setRolePrefix("");
 		Authentication userAB = new TestingAuthenticationToken("user", "pass", "A", "B");
 		// Vote on attribute list that has two attributes A and C (i.e. only one matching)
-		assertThat(voter.vote(userAB, this, SecurityConfig.createList("A", "C"))).isEqualTo(AccessDecisionVoter.ACCESS_GRANTED);
+		assertThat(voter.vote(userAB, this, SecurityConfig.createList("A", "C")))
+				.isEqualTo(AccessDecisionVoter.ACCESS_GRANTED);
 	}
 
 	// SEC-3128
@@ -43,6 +44,8 @@ public class RoleVoterTests {
 		RoleVoter voter = new RoleVoter();
 		voter.setRolePrefix("");
 		Authentication notAuthenitcated = null;
-		assertThat(voter.vote(notAuthenitcated, this, SecurityConfig.createList("A"))).isEqualTo(AccessDecisionVoter.ACCESS_DENIED);
+		assertThat(voter.vote(notAuthenitcated, this, SecurityConfig.createList("A")))
+				.isEqualTo(AccessDecisionVoter.ACCESS_DENIED);
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/access/vote/SomeDomainObject.java b/core/src/test/java/org/springframework/security/access/vote/SomeDomainObject.java
index ab2b8f0c67..ab147f7399 100644
--- a/core/src/test/java/org/springframework/security/access/vote/SomeDomainObject.java
+++ b/core/src/test/java/org/springframework/security/access/vote/SomeDomainObject.java
@@ -22,6 +22,7 @@ package org.springframework.security.access.vote;
  * @author Ben Alex
  */
 public class SomeDomainObject {
+
 	// ~ Instance fields
 	// ================================================================================================
 
@@ -40,4 +41,5 @@ public class SomeDomainObject {
 	public String getParent() {
 		return "parentOf" + identity;
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/access/vote/SomeDomainObjectManager.java b/core/src/test/java/org/springframework/security/access/vote/SomeDomainObjectManager.java
index f7431ff6a4..e8b4547c4e 100644
--- a/core/src/test/java/org/springframework/security/access/vote/SomeDomainObjectManager.java
+++ b/core/src/test/java/org/springframework/security/access/vote/SomeDomainObjectManager.java
@@ -23,9 +23,11 @@ package org.springframework.security.access.vote;
  * @author Ben Alex
  */
 public class SomeDomainObjectManager {
+
 	// ~ Methods
 	// ========================================================================================================
 
 	public void someServiceMethod(SomeDomainObject someDomainObject) {
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/access/vote/UnanimousBasedTests.java b/core/src/test/java/org/springframework/security/access/vote/UnanimousBasedTests.java
index a00a611850..93e3112e37 100644
--- a/core/src/test/java/org/springframework/security/access/vote/UnanimousBasedTests.java
+++ b/core/src/test/java/org/springframework/security/access/vote/UnanimousBasedTests.java
@@ -68,8 +68,7 @@ public class UnanimousBasedTests {
 	}
 
 	private TestingAuthenticationToken makeTestTokenWithFooBarPrefix() {
-		return new TestingAuthenticationToken("somebody", "password", "FOOBAR_1",
-				"FOOBAR_2");
+		return new TestingAuthenticationToken("somebody", "password", "FOOBAR_1", "FOOBAR_2");
 	}
 
 	@Test
@@ -77,8 +76,7 @@ public class UnanimousBasedTests {
 		TestingAuthenticationToken auth = makeTestToken();
 		UnanimousBased mgr = makeDecisionManager();
 
-		List<ConfigAttribute> config = SecurityConfig.createList(
-				new String[] { "ROLE_1", "DENY_FOR_SURE" });
+		List<ConfigAttribute> config = SecurityConfig.createList(new String[] { "ROLE_1", "DENY_FOR_SURE" });
 
 		try {
 			mgr.decide(auth, new Object(), config);
@@ -118,8 +116,7 @@ public class UnanimousBasedTests {
 		TestingAuthenticationToken auth = makeTestTokenWithFooBarPrefix();
 		UnanimousBased mgr = makeDecisionManagerWithFooBarPrefix();
 
-		List<ConfigAttribute> config = SecurityConfig.createList(
-				new String[] { "FOOBAR_1", "FOOBAR_2" });
+		List<ConfigAttribute> config = SecurityConfig.createList(new String[] { "FOOBAR_1", "FOOBAR_2" });
 
 		mgr.decide(auth, new Object(), config);
 	}
@@ -158,9 +155,9 @@ public class UnanimousBasedTests {
 		TestingAuthenticationToken auth = makeTestToken();
 		UnanimousBased mgr = makeDecisionManager();
 
-		List<ConfigAttribute> config = SecurityConfig.createList(
-				new String[] { "ROLE_1", "ROLE_2" });
+		List<ConfigAttribute> config = SecurityConfig.createList(new String[] { "ROLE_1", "ROLE_2" });
 
 		mgr.decide(auth, new Object(), config);
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/authentication/AbstractAuthenticationTokenTests.java b/core/src/test/java/org/springframework/security/authentication/AbstractAuthenticationTokenTests.java
index 7f5638b31e..72c63c6aa9 100644
--- a/core/src/test/java/org/springframework/security/authentication/AbstractAuthenticationTokenTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/AbstractAuthenticationTokenTests.java
@@ -33,6 +33,7 @@ import java.util.*;
  * @author Ben Alex
  */
 public class AbstractAuthenticationTokenTests {
+
 	// ~ Instance fields
 	// ================================================================================================
 
@@ -48,10 +49,8 @@ public class AbstractAuthenticationTokenTests {
 
 	@Test(expected = UnsupportedOperationException.class)
 	public void testAuthoritiesAreImmutable() {
-		MockAuthenticationImpl token = new MockAuthenticationImpl("Test", "Password",
-				authorities);
-		List<GrantedAuthority> gotAuthorities = (List<GrantedAuthority>) token
-				.getAuthorities();
+		MockAuthenticationImpl token = new MockAuthenticationImpl("Test", "Password", authorities);
+		List<GrantedAuthority> gotAuthorities = (List<GrantedAuthority>) token.getAuthorities();
 		assertThat(gotAuthorities).isNotSameAs(authorities);
 
 		gotAuthorities.set(0, new SimpleGrantedAuthority("ROLE_SUPER_USER"));
@@ -59,8 +58,7 @@ public class AbstractAuthenticationTokenTests {
 
 	@Test
 	public void testGetters() {
-		MockAuthenticationImpl token = new MockAuthenticationImpl("Test", "Password",
-				authorities);
+		MockAuthenticationImpl token = new MockAuthenticationImpl("Test", "Password", authorities);
 		assertThat(token.getPrincipal()).isEqualTo("Test");
 		assertThat(token.getCredentials()).isEqualTo("Password");
 		assertThat(token.getName()).isEqualTo("Test");
@@ -68,12 +66,9 @@ public class AbstractAuthenticationTokenTests {
 
 	@Test
 	public void testHashCode() {
-		MockAuthenticationImpl token1 = new MockAuthenticationImpl("Test", "Password",
-				authorities);
-		MockAuthenticationImpl token2 = new MockAuthenticationImpl("Test", "Password",
-				authorities);
-		MockAuthenticationImpl token3 = new MockAuthenticationImpl(null, null,
-				AuthorityUtils.NO_AUTHORITIES);
+		MockAuthenticationImpl token1 = new MockAuthenticationImpl("Test", "Password", authorities);
+		MockAuthenticationImpl token2 = new MockAuthenticationImpl("Test", "Password", authorities);
+		MockAuthenticationImpl token3 = new MockAuthenticationImpl(null, null, AuthorityUtils.NO_AUTHORITIES);
 		assertThat(token2.hashCode()).isEqualTo(token1.hashCode());
 		assertThat(token1.hashCode() != token3.hashCode()).isTrue();
 
@@ -84,18 +79,14 @@ public class AbstractAuthenticationTokenTests {
 
 	@Test
 	public void testObjectsEquals() {
-		MockAuthenticationImpl token1 = new MockAuthenticationImpl("Test", "Password",
-				authorities);
-		MockAuthenticationImpl token2 = new MockAuthenticationImpl("Test", "Password",
-				authorities);
+		MockAuthenticationImpl token1 = new MockAuthenticationImpl("Test", "Password", authorities);
+		MockAuthenticationImpl token2 = new MockAuthenticationImpl("Test", "Password", authorities);
 		assertThat(token2).isEqualTo(token1);
 
-		MockAuthenticationImpl token3 = new MockAuthenticationImpl("Test",
-				"Password_Changed", authorities);
+		MockAuthenticationImpl token3 = new MockAuthenticationImpl("Test", "Password_Changed", authorities);
 		assertThat(!token1.equals(token3)).isTrue();
 
-		MockAuthenticationImpl token4 = new MockAuthenticationImpl("Test_Changed",
-				"Password", authorities);
+		MockAuthenticationImpl token4 = new MockAuthenticationImpl("Test_Changed", "Password", authorities);
 		assertThat(!token1.equals(token4)).isTrue();
 
 		MockAuthenticationImpl token5 = new MockAuthenticationImpl("Test", "Password",
@@ -106,8 +97,7 @@ public class AbstractAuthenticationTokenTests {
 				AuthorityUtils.createAuthorityList("ROLE_ONE"));
 		assertThat(!token1.equals(token6)).isTrue();
 
-		MockAuthenticationImpl token7 = new MockAuthenticationImpl("Test", "Password",
-				null);
+		MockAuthenticationImpl token7 = new MockAuthenticationImpl("Test", "Password", null);
 		assertThat(!token1.equals(token7)).isTrue();
 		assertThat(!token7.equals(token1)).isTrue();
 
@@ -116,8 +106,7 @@ public class AbstractAuthenticationTokenTests {
 
 	@Test
 	public void testSetAuthenticated() {
-		MockAuthenticationImpl token = new MockAuthenticationImpl("Test", "Password",
-				authorities);
+		MockAuthenticationImpl token = new MockAuthenticationImpl("Test", "Password", authorities);
 		assertThat(!token.isAuthenticated()).isTrue();
 		token.setAuthenticated(true);
 		assertThat(token.isAuthenticated()).isTrue();
@@ -125,15 +114,13 @@ public class AbstractAuthenticationTokenTests {
 
 	@Test
 	public void testToStringWithAuthorities() {
-		MockAuthenticationImpl token = new MockAuthenticationImpl("Test", "Password",
-				authorities);
+		MockAuthenticationImpl token = new MockAuthenticationImpl("Test", "Password", authorities);
 		assertThat(token.toString().lastIndexOf("ROLE_TWO") != -1).isTrue();
 	}
 
 	@Test
 	public void testToStringWithNullAuthorities() {
-		MockAuthenticationImpl token = new MockAuthenticationImpl("Test", "Password",
-				null);
+		MockAuthenticationImpl token = new MockAuthenticationImpl("Test", "Password", null);
 		assertThat(token.toString().lastIndexOf("Not granted any authorities") != -1).isTrue();
 	}
 
@@ -153,7 +140,9 @@ public class AbstractAuthenticationTokenTests {
 	// ==================================================================================================
 
 	private class MockAuthenticationImpl extends AbstractAuthenticationToken {
+
 		private Object credentials;
+
 		private Object principal;
 
 		MockAuthenticationImpl(Object principal, Object credentials, List<GrantedAuthority> authorities) {
@@ -169,5 +158,7 @@ public class AbstractAuthenticationTokenTests {
 		public Object getPrincipal() {
 			return this.principal;
 		}
+
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/authentication/AuthenticationTrustResolverImplTests.java b/core/src/test/java/org/springframework/security/authentication/AuthenticationTrustResolverImplTests.java
index fbc05e04ac..963332b501 100644
--- a/core/src/test/java/org/springframework/security/authentication/AuthenticationTrustResolverImplTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/AuthenticationTrustResolverImplTests.java
@@ -34,35 +34,36 @@ public class AuthenticationTrustResolverImplTests {
 	@Test
 	public void testCorrectOperationIsAnonymous() {
 		AuthenticationTrustResolverImpl trustResolver = new AuthenticationTrustResolverImpl();
-		assertThat(trustResolver.isAnonymous(new AnonymousAuthenticationToken("ignored",
-				"ignored", AuthorityUtils.createAuthorityList("ignored")))).isTrue();
-		assertThat(trustResolver.isAnonymous(new TestingAuthenticationToken("ignored",
-				"ignored", AuthorityUtils.createAuthorityList("ignored")))).isFalse();
+		assertThat(trustResolver.isAnonymous(
+				new AnonymousAuthenticationToken("ignored", "ignored", AuthorityUtils.createAuthorityList("ignored"))))
+						.isTrue();
+		assertThat(trustResolver.isAnonymous(
+				new TestingAuthenticationToken("ignored", "ignored", AuthorityUtils.createAuthorityList("ignored"))))
+						.isFalse();
 	}
 
 	@Test
 	public void testCorrectOperationIsRememberMe() {
 		AuthenticationTrustResolverImpl trustResolver = new AuthenticationTrustResolverImpl();
-		assertThat(trustResolver.isRememberMe(new RememberMeAuthenticationToken("ignored",
-				"ignored", AuthorityUtils.createAuthorityList("ignored")))).isTrue();
-		assertThat(trustResolver.isAnonymous(new TestingAuthenticationToken("ignored",
-				"ignored", AuthorityUtils.createAuthorityList("ignored")))).isFalse();
+		assertThat(trustResolver.isRememberMe(
+				new RememberMeAuthenticationToken("ignored", "ignored", AuthorityUtils.createAuthorityList("ignored"))))
+						.isTrue();
+		assertThat(trustResolver.isAnonymous(
+				new TestingAuthenticationToken("ignored", "ignored", AuthorityUtils.createAuthorityList("ignored"))))
+						.isFalse();
 	}
 
 	@Test
 	public void testGettersSetters() {
 		AuthenticationTrustResolverImpl trustResolver = new AuthenticationTrustResolverImpl();
 
-		assertThat(AnonymousAuthenticationToken.class).isEqualTo(
-				trustResolver.getAnonymousClass());
+		assertThat(AnonymousAuthenticationToken.class).isEqualTo(trustResolver.getAnonymousClass());
 		trustResolver.setAnonymousClass(TestingAuthenticationToken.class);
-		assertThat(trustResolver.getAnonymousClass()).isEqualTo(
-				TestingAuthenticationToken.class);
+		assertThat(trustResolver.getAnonymousClass()).isEqualTo(TestingAuthenticationToken.class);
 
-		assertThat(RememberMeAuthenticationToken.class).isEqualTo(
-				trustResolver.getRememberMeClass());
+		assertThat(RememberMeAuthenticationToken.class).isEqualTo(trustResolver.getRememberMeClass());
 		trustResolver.setRememberMeClass(TestingAuthenticationToken.class);
-		assertThat(trustResolver.getRememberMeClass()).isEqualTo(
-				TestingAuthenticationToken.class);
+		assertThat(trustResolver.getRememberMeClass()).isEqualTo(TestingAuthenticationToken.class);
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/authentication/DefaultAuthenticationEventPublisherTests.java b/core/src/test/java/org/springframework/security/authentication/DefaultAuthenticationEventPublisherTests.java
index a62ba0acef..a11c9980a9 100644
--- a/core/src/test/java/org/springframework/security/authentication/DefaultAuthenticationEventPublisherTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/DefaultAuthenticationEventPublisherTests.java
@@ -39,6 +39,7 @@ import java.util.*;
  * @author Luke Taylor
  */
 public class DefaultAuthenticationEventPublisherTests {
+
 	DefaultAuthenticationEventPublisher publisher;
 
 	@Test
@@ -52,12 +53,10 @@ public class DefaultAuthenticationEventPublisherTests {
 		Object extraInfo = new Object();
 		publisher.publishAuthenticationFailure(new BadCredentialsException(""), a);
 		publisher.publishAuthenticationFailure(new BadCredentialsException("", cause), a);
-		verify(appPublisher, times(2)).publishEvent(
-				isA(AuthenticationFailureBadCredentialsEvent.class));
+		verify(appPublisher, times(2)).publishEvent(isA(AuthenticationFailureBadCredentialsEvent.class));
 		reset(appPublisher);
 		publisher.publishAuthenticationFailure(new UsernameNotFoundException(""), a);
-		publisher.publishAuthenticationFailure(new UsernameNotFoundException("", cause),
-				a);
+		publisher.publishAuthenticationFailure(new UsernameNotFoundException("", cause), a);
 		publisher.publishAuthenticationFailure(new AccountExpiredException(""), a);
 		publisher.publishAuthenticationFailure(new AccountExpiredException("", cause), a);
 		publisher.publishAuthenticationFailure(new ProviderNotFoundException(""), a);
@@ -66,25 +65,16 @@ public class DefaultAuthenticationEventPublisherTests {
 		publisher.publishAuthenticationFailure(new LockedException(""), a);
 		publisher.publishAuthenticationFailure(new LockedException("", cause), a);
 		publisher.publishAuthenticationFailure(new AuthenticationServiceException(""), a);
-		publisher.publishAuthenticationFailure(new AuthenticationServiceException("",
-				cause), a);
+		publisher.publishAuthenticationFailure(new AuthenticationServiceException("", cause), a);
 		publisher.publishAuthenticationFailure(new CredentialsExpiredException(""), a);
-		publisher.publishAuthenticationFailure(
-				new CredentialsExpiredException("", cause), a);
-		verify(appPublisher, times(2)).publishEvent(
-				isA(AuthenticationFailureBadCredentialsEvent.class));
-		verify(appPublisher, times(2)).publishEvent(
-				isA(AuthenticationFailureExpiredEvent.class));
-		verify(appPublisher).publishEvent(
-				isA(AuthenticationFailureProviderNotFoundEvent.class));
-		verify(appPublisher, times(2)).publishEvent(
-				isA(AuthenticationFailureDisabledEvent.class));
-		verify(appPublisher, times(2)).publishEvent(
-				isA(AuthenticationFailureLockedEvent.class));
-		verify(appPublisher, times(2)).publishEvent(
-				isA(AuthenticationFailureServiceExceptionEvent.class));
-		verify(appPublisher, times(2)).publishEvent(
-				isA(AuthenticationFailureCredentialsExpiredEvent.class));
+		publisher.publishAuthenticationFailure(new CredentialsExpiredException("", cause), a);
+		verify(appPublisher, times(2)).publishEvent(isA(AuthenticationFailureBadCredentialsEvent.class));
+		verify(appPublisher, times(2)).publishEvent(isA(AuthenticationFailureExpiredEvent.class));
+		verify(appPublisher).publishEvent(isA(AuthenticationFailureProviderNotFoundEvent.class));
+		verify(appPublisher, times(2)).publishEvent(isA(AuthenticationFailureDisabledEvent.class));
+		verify(appPublisher, times(2)).publishEvent(isA(AuthenticationFailureLockedEvent.class));
+		verify(appPublisher, times(2)).publishEvent(isA(AuthenticationFailureServiceExceptionEvent.class));
+		verify(appPublisher, times(2)).publishEvent(isA(AuthenticationFailureCredentialsExpiredEvent.class));
 		verifyNoMoreInteractions(appPublisher);
 	}
 
@@ -105,14 +95,12 @@ public class DefaultAuthenticationEventPublisherTests {
 	public void additionalExceptionMappingsAreSupported() {
 		publisher = new DefaultAuthenticationEventPublisher();
 		Properties p = new Properties();
-		p.put(MockAuthenticationException.class.getName(),
-				AuthenticationFailureDisabledEvent.class.getName());
+		p.put(MockAuthenticationException.class.getName(), AuthenticationFailureDisabledEvent.class.getName());
 		publisher.setAdditionalExceptionMappings(p);
 		ApplicationEventPublisher appPublisher = mock(ApplicationEventPublisher.class);
 
 		publisher.setApplicationEventPublisher(appPublisher);
-		publisher.publishAuthenticationFailure(new MockAuthenticationException("test"),
-				mock(Authentication.class));
+		publisher.publishAuthenticationFailure(new MockAuthenticationException("test"), mock(Authentication.class));
 		verify(appPublisher).publishEvent(isA(AuthenticationFailureDisabledEvent.class));
 	}
 
@@ -128,8 +116,7 @@ public class DefaultAuthenticationEventPublisherTests {
 	public void unknownFailureExceptionIsIgnored() {
 		publisher = new DefaultAuthenticationEventPublisher();
 		Properties p = new Properties();
-		p.put(MockAuthenticationException.class.getName(),
-				AuthenticationFailureDisabledEvent.class.getName());
+		p.put(MockAuthenticationException.class.getName(), AuthenticationFailureDisabledEvent.class.getName());
 		publisher.setAdditionalExceptionMappings(p);
 		ApplicationEventPublisher appPublisher = mock(ApplicationEventPublisher.class);
 
@@ -141,16 +128,14 @@ public class DefaultAuthenticationEventPublisherTests {
 
 	@Test(expected = IllegalArgumentException.class)
 	public void emptyMapCausesException() {
-		Map<Class<? extends AuthenticationException>,
-				Class<? extends AbstractAuthenticationFailureEvent>> mappings = new HashMap<>();
+		Map<Class<? extends AuthenticationException>, Class<? extends AbstractAuthenticationFailureEvent>> mappings = new HashMap<>();
 		publisher = new DefaultAuthenticationEventPublisher();
 		publisher.setAdditionalExceptionMappings(mappings);
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void missingExceptionClassCausesException() {
-		Map<Class<? extends AuthenticationException>,
-				Class<? extends AbstractAuthenticationFailureEvent>> mappings = new HashMap<>();
+		Map<Class<? extends AuthenticationException>, Class<? extends AbstractAuthenticationFailureEvent>> mappings = new HashMap<>();
 		mappings.put(null, AuthenticationFailureLockedEvent.class);
 		publisher = new DefaultAuthenticationEventPublisher();
 		publisher.setAdditionalExceptionMappings(mappings);
@@ -158,8 +143,7 @@ public class DefaultAuthenticationEventPublisherTests {
 
 	@Test(expected = IllegalArgumentException.class)
 	public void missingEventClassAsMapValueCausesException() {
-		Map<Class<? extends AuthenticationException>,
-				Class<? extends AbstractAuthenticationFailureEvent>> mappings = new HashMap<>();
+		Map<Class<? extends AuthenticationException>, Class<? extends AbstractAuthenticationFailureEvent>> mappings = new HashMap<>();
 		mappings.put(LockedException.class, null);
 		publisher = new DefaultAuthenticationEventPublisher();
 		publisher.setAdditionalExceptionMappings(mappings);
@@ -168,15 +152,13 @@ public class DefaultAuthenticationEventPublisherTests {
 	@Test
 	public void additionalExceptionMappingsUsingMapAreSupported() {
 		publisher = new DefaultAuthenticationEventPublisher();
-		Map<Class<? extends AuthenticationException>,
-				Class<? extends AbstractAuthenticationFailureEvent>> mappings = new HashMap<>();
+		Map<Class<? extends AuthenticationException>, Class<? extends AbstractAuthenticationFailureEvent>> mappings = new HashMap<>();
 		mappings.put(MockAuthenticationException.class, AuthenticationFailureDisabledEvent.class);
 		publisher.setAdditionalExceptionMappings(mappings);
 		ApplicationEventPublisher appPublisher = mock(ApplicationEventPublisher.class);
 
 		publisher.setApplicationEventPublisher(appPublisher);
-		publisher.publishAuthenticationFailure(new MockAuthenticationException("test"),
-				mock(Authentication.class));
+		publisher.publishAuthenticationFailure(new MockAuthenticationException("test"), mock(Authentication.class));
 		verify(appPublisher).publishEvent(isA(AuthenticationFailureDisabledEvent.class));
 	}
 
@@ -204,18 +186,22 @@ public class DefaultAuthenticationEventPublisherTests {
 		publisher.setDefaultAuthenticationFailureEvent(AuthenticationFailureEventWithoutAppropriateConstructor.class);
 	}
 
-	private static final class AuthenticationFailureEventWithoutAppropriateConstructor extends
-			AbstractAuthenticationFailureEvent {
+	private static final class AuthenticationFailureEventWithoutAppropriateConstructor
+			extends AbstractAuthenticationFailureEvent {
+
 		AuthenticationFailureEventWithoutAppropriateConstructor(Authentication auth) {
-			super(auth, new AuthenticationException("") {});
+			super(auth, new AuthenticationException("") {
+			});
 		}
+
 	}
 
-	private static final class MockAuthenticationException extends
-			AuthenticationException {
+	private static final class MockAuthenticationException extends AuthenticationException {
+
 		MockAuthenticationException(String msg) {
 			super(msg);
 		}
+
 	}
 
 }
diff --git a/core/src/test/java/org/springframework/security/authentication/DelegatingReactiveAuthenticationManagerTests.java b/core/src/test/java/org/springframework/security/authentication/DelegatingReactiveAuthenticationManagerTests.java
index a9d89d7ac1..f5a7187403 100644
--- a/core/src/test/java/org/springframework/security/authentication/DelegatingReactiveAuthenticationManagerTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/DelegatingReactiveAuthenticationManagerTests.java
@@ -36,6 +36,7 @@ import static org.mockito.Mockito.when;
  */
 @RunWith(MockitoJUnitRunner.class)
 public class DelegatingReactiveAuthenticationManagerTests {
+
 	@Mock
 	ReactiveAuthenticationManager delegate1;
 
@@ -50,31 +51,34 @@ public class DelegatingReactiveAuthenticationManagerTests {
 		when(this.delegate1.authenticate(any())).thenReturn(Mono.empty());
 		when(this.delegate2.authenticate(any())).thenReturn(Mono.just(this.authentication));
 
-		DelegatingReactiveAuthenticationManager manager = new DelegatingReactiveAuthenticationManager(this.delegate1, this.delegate2);
+		DelegatingReactiveAuthenticationManager manager = new DelegatingReactiveAuthenticationManager(this.delegate1,
+				this.delegate2);
 
 		assertThat(manager.authenticate(this.authentication).block()).isEqualTo(this.authentication);
 	}
 
 	@Test
 	public void authenticateWhenNotEmptyThenOtherDelegatesNotSubscribed() {
-		// delay to try and force delegate2 to finish (i.e. make sure we didn't use flatMap)
-		when(this.delegate1.authenticate(any())).thenReturn(Mono.just(this.authentication).delayElement(Duration.ofMillis(100)));
+		// delay to try and force delegate2 to finish (i.e. make sure we didn't use
+		// flatMap)
+		when(this.delegate1.authenticate(any()))
+				.thenReturn(Mono.just(this.authentication).delayElement(Duration.ofMillis(100)));
 
-		DelegatingReactiveAuthenticationManager manager = new DelegatingReactiveAuthenticationManager(this.delegate1, this.delegate2);
+		DelegatingReactiveAuthenticationManager manager = new DelegatingReactiveAuthenticationManager(this.delegate1,
+				this.delegate2);
 
-		StepVerifier.create(manager.authenticate(this.authentication))
-			.expectNext(this.authentication)
-			.verifyComplete();
+		StepVerifier.create(manager.authenticate(this.authentication)).expectNext(this.authentication).verifyComplete();
 	}
 
 	@Test
 	public void authenticateWhenBadCredentialsThenDelegate2NotInvokedAndError() {
 		when(this.delegate1.authenticate(any())).thenReturn(Mono.error(new BadCredentialsException("Test")));
 
-		DelegatingReactiveAuthenticationManager manager = new DelegatingReactiveAuthenticationManager(this.delegate1, this.delegate2);
+		DelegatingReactiveAuthenticationManager manager = new DelegatingReactiveAuthenticationManager(this.delegate1,
+				this.delegate2);
 
-		StepVerifier.create(manager.authenticate(this.authentication))
-			.expectError(BadCredentialsException.class)
-			.verify();
+		StepVerifier.create(manager.authenticate(this.authentication)).expectError(BadCredentialsException.class)
+				.verify();
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/authentication/ProviderManagerTests.java b/core/src/test/java/org/springframework/security/authentication/ProviderManagerTests.java
index a28c1c4e41..8de0dfdcb0 100644
--- a/core/src/test/java/org/springframework/security/authentication/ProviderManagerTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/ProviderManagerTests.java
@@ -63,8 +63,7 @@ public class ProviderManagerTests {
 
 	@Test
 	public void credentialsAreClearedByDefault() {
-		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(
-				"Test", "Password");
+		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password");
 		ProviderManager mgr = makeProviderManager();
 		Authentication result = mgr.authenticate(token);
 		assertThat(result.getCredentials()).isNull();
@@ -90,8 +89,8 @@ public class ProviderManagerTests {
 	@Test
 	public void authenticationSucceedsWhenFirstProviderReturnsNullButSecondAuthenticates() {
 		final Authentication a = mock(Authentication.class);
-		ProviderManager mgr = new ProviderManager(Arrays.asList(
-				createProviderWhichReturns(null), createProviderWhichReturns(a)));
+		ProviderManager mgr = new ProviderManager(
+				Arrays.asList(createProviderWhichReturns(null), createProviderWhichReturns(a)));
 		AuthenticationEventPublisher publisher = mock(AuthenticationEventPublisher.class);
 		mgr.setAuthenticationEventPublisher(publisher);
 
@@ -132,8 +131,7 @@ public class ProviderManagerTests {
 
 		// A provider which sets the details object
 		AuthenticationProvider provider = new AuthenticationProvider() {
-			public Authentication authenticate(Authentication authentication)
-					throws AuthenticationException {
+			public Authentication authenticate(Authentication authentication) throws AuthenticationException {
 				((TestingAuthenticationToken) authentication).setDetails(resultDetails);
 				return authentication;
 			}
@@ -169,17 +167,16 @@ public class ProviderManagerTests {
 	public void authenticationExceptionIsIgnoredIfLaterProviderAuthenticates() {
 		final Authentication authReq = mock(Authentication.class);
 		ProviderManager mgr = new ProviderManager(
-				createProviderWhichThrows(new BadCredentialsException("",
-						new Throwable())), createProviderWhichReturns(authReq));
+				createProviderWhichThrows(new BadCredentialsException("", new Throwable())),
+				createProviderWhichReturns(authReq));
 		assertThat(mgr.authenticate(mock(Authentication.class))).isSameAs(authReq);
 	}
 
 	@Test
 	public void authenticationExceptionIsRethrownIfNoLaterProviderAuthenticates() {
 
-		ProviderManager mgr = new ProviderManager(Arrays.asList(
-				createProviderWhichThrows(new BadCredentialsException("")),
-				createProviderWhichReturns(null)));
+		ProviderManager mgr = new ProviderManager(Arrays
+				.asList(createProviderWhichThrows(new BadCredentialsException("")), createProviderWhichReturns(null)));
 		try {
 			mgr.authenticate(mock(Authentication.class));
 			fail("Expected BadCredentialsException");
@@ -191,13 +188,11 @@ public class ProviderManagerTests {
 	// SEC-546
 	@Test
 	public void accountStatusExceptionPreventsCallsToSubsequentProviders() {
-		AuthenticationProvider iThrowAccountStatusException = createProviderWhichThrows(new AccountStatusException(
-				"") {
+		AuthenticationProvider iThrowAccountStatusException = createProviderWhichThrows(new AccountStatusException("") {
 		});
 		AuthenticationProvider otherProvider = mock(AuthenticationProvider.class);
 
-		ProviderManager authMgr = new ProviderManager(Arrays.asList(
-				iThrowAccountStatusException, otherProvider));
+		ProviderManager authMgr = new ProviderManager(Arrays.asList(iThrowAccountStatusException, otherProvider));
 
 		try {
 			authMgr.authenticate(mock(Authentication.class));
@@ -213,19 +208,18 @@ public class ProviderManagerTests {
 		AuthenticationManager parent = mock(AuthenticationManager.class);
 		Authentication authReq = mock(Authentication.class);
 		when(parent.authenticate(authReq)).thenReturn(authReq);
-		ProviderManager mgr = new ProviderManager(
-				Collections.singletonList(mock(AuthenticationProvider.class)), parent);
+		ProviderManager mgr = new ProviderManager(Collections.singletonList(mock(AuthenticationProvider.class)),
+				parent);
 		assertThat(mgr.authenticate(authReq)).isSameAs(authReq);
 	}
 
 	@Test
 	public void parentIsNotCalledIfAccountStatusExceptionIsThrown() {
-		AuthenticationProvider iThrowAccountStatusException = createProviderWhichThrows(new AccountStatusException(
-				"", new Throwable()) {
-		});
+		AuthenticationProvider iThrowAccountStatusException = createProviderWhichThrows(
+				new AccountStatusException("", new Throwable()) {
+				});
 		AuthenticationManager parent = mock(AuthenticationManager.class);
-		ProviderManager mgr = new ProviderManager(
-				Collections.singletonList(iThrowAccountStatusException), parent);
+		ProviderManager mgr = new ProviderManager(Collections.singletonList(iThrowAccountStatusException), parent);
 		try {
 			mgr.authenticate(mock(Authentication.class));
 			fail("Expected exception");
@@ -245,8 +239,7 @@ public class ProviderManagerTests {
 		// Set a provider that throws an exception - this is the exception we expect to be
 		// propagated
 		ProviderManager mgr = new ProviderManager(
-				Collections.singletonList(createProviderWhichThrows(new BadCredentialsException(""))),
-				parent);
+				Collections.singletonList(createProviderWhichThrows(new BadCredentialsException(""))), parent);
 		mgr.setAuthenticationEventPublisher(publisher);
 
 		try {
@@ -262,15 +255,13 @@ public class ProviderManagerTests {
 	public void authenticationExceptionFromParentOverridesPreviousOnes() {
 		AuthenticationManager parent = mock(AuthenticationManager.class);
 		ProviderManager mgr = new ProviderManager(
-				Collections.singletonList(createProviderWhichThrows(new BadCredentialsException(""))),
-				parent);
+				Collections.singletonList(createProviderWhichThrows(new BadCredentialsException(""))), parent);
 		final Authentication authReq = mock(Authentication.class);
 		AuthenticationEventPublisher publisher = mock(AuthenticationEventPublisher.class);
 		mgr.setAuthenticationEventPublisher(publisher);
 		// Set a provider that throws an exception - this is the exception we expect to be
 		// propagated
-		final BadCredentialsException expected = new BadCredentialsException(
-				"I'm the one from the parent");
+		final BadCredentialsException expected = new BadCredentialsException("I'm the one from the parent");
 		when(parent.authenticate(authReq)).thenThrow(expected);
 		try {
 			mgr.authenticate(authReq);
@@ -285,8 +276,8 @@ public class ProviderManagerTests {
 	public void statusExceptionIsPublished() {
 		AuthenticationManager parent = mock(AuthenticationManager.class);
 		final LockedException expected = new LockedException("");
-		ProviderManager mgr = new ProviderManager(
-				Collections.singletonList(createProviderWhichThrows(expected)), parent);
+		ProviderManager mgr = new ProviderManager(Collections.singletonList(createProviderWhichThrows(expected)),
+				parent);
 		final Authentication authReq = mock(Authentication.class);
 		AuthenticationEventPublisher publisher = mock(AuthenticationEventPublisher.class);
 		mgr.setAuthenticationEventPublisher(publisher);
@@ -303,10 +294,8 @@ public class ProviderManagerTests {
 	// SEC-2367
 	@Test
 	public void providerThrowsInternalAuthenticationServiceException() {
-		InternalAuthenticationServiceException expected = new InternalAuthenticationServiceException(
-				"Expected");
-		ProviderManager mgr = new ProviderManager(Arrays.asList(
-				createProviderWhichThrows(expected),
+		InternalAuthenticationServiceException expected = new InternalAuthenticationServiceException("Expected");
+		ProviderManager mgr = new ProviderManager(Arrays.asList(createProviderWhichThrows(expected),
 				createProviderWhichThrows(new BadCredentialsException("Oops"))), null);
 		final Authentication authReq = mock(Authentication.class);
 
@@ -323,8 +312,8 @@ public class ProviderManagerTests {
 	public void authenticateWhenFailsInParentAndPublishesThenChildDoesNotPublish() {
 		BadCredentialsException badCredentialsExParent = new BadCredentialsException("Bad Credentials in parent");
 		ProviderManager parentMgr = new ProviderManager(createProviderWhichThrows(badCredentialsExParent));
-		ProviderManager childMgr = new ProviderManager(Collections.singletonList(createProviderWhichThrows(
-				new BadCredentialsException("Bad Credentials in child"))), parentMgr);
+		ProviderManager childMgr = new ProviderManager(Collections.singletonList(
+				createProviderWhichThrows(new BadCredentialsException("Bad Credentials in child"))), parentMgr);
 
 		AuthenticationEventPublisher publisher = mock(AuthenticationEventPublisher.class);
 		parentMgr.setAuthenticationEventPublisher(publisher);
@@ -339,12 +328,12 @@ public class ProviderManagerTests {
 		catch (BadCredentialsException e) {
 			assertThat(e).isSameAs(badCredentialsExParent);
 		}
-		verify(publisher).publishAuthenticationFailure(badCredentialsExParent, authReq);		// Parent publishes
-		verifyNoMoreInteractions(publisher);		// Child should not publish (duplicate event)
+		verify(publisher).publishAuthenticationFailure(badCredentialsExParent, authReq); // Parent
+																							// publishes
+		verifyNoMoreInteractions(publisher); // Child should not publish (duplicate event)
 	}
 
-	private AuthenticationProvider createProviderWhichThrows(
-			final AuthenticationException e) {
+	private AuthenticationProvider createProviderWhichThrows(final AuthenticationException e) {
 		AuthenticationProvider provider = mock(AuthenticationProvider.class);
 		when(provider.supports(any(Class.class))).thenReturn(true);
 		when(provider.authenticate(any(Authentication.class))).thenThrow(e);
@@ -361,8 +350,7 @@ public class ProviderManagerTests {
 	}
 
 	private TestingAuthenticationToken createAuthenticationToken() {
-		return new TestingAuthenticationToken("name", "password",
-				new ArrayList<>(0));
+		return new TestingAuthenticationToken("name", "password", new ArrayList<>(0));
 	}
 
 	private ProviderManager makeProviderManager() {
@@ -374,8 +362,8 @@ public class ProviderManagerTests {
 	// ==================================================================================================
 
 	private static class MockProvider implements AuthenticationProvider {
-		public Authentication authenticate(Authentication authentication)
-				throws AuthenticationException {
+
+		public Authentication authenticate(Authentication authentication) throws AuthenticationException {
 			if (supports(authentication.getClass())) {
 				return authentication;
 			}
@@ -386,8 +374,9 @@ public class ProviderManagerTests {
 
 		public boolean supports(Class<?> authentication) {
 			return TestingAuthenticationToken.class.isAssignableFrom(authentication)
-					|| UsernamePasswordAuthenticationToken.class
-					.isAssignableFrom(authentication);
+					|| UsernamePasswordAuthenticationToken.class.isAssignableFrom(authentication);
 		}
+
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/authentication/ReactiveAuthenticationManagerAdapterTests.java b/core/src/test/java/org/springframework/security/authentication/ReactiveAuthenticationManagerAdapterTests.java
index 9f7390ab3d..42e02fa7a1 100644
--- a/core/src/test/java/org/springframework/security/authentication/ReactiveAuthenticationManagerAdapterTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/ReactiveAuthenticationManagerAdapterTests.java
@@ -35,8 +35,10 @@ import static org.mockito.Mockito.when;
  */
 @RunWith(MockitoJUnitRunner.class)
 public class ReactiveAuthenticationManagerAdapterTests {
+
 	@Mock
 	AuthenticationManager delegate;
+
 	@Mock
 	Authentication authentication;
 
@@ -82,8 +84,7 @@ public class ReactiveAuthenticationManagerAdapterTests {
 
 		Mono<Authentication> result = manager.authenticate(authentication);
 
-		StepVerifier.create(result)
-			.expectError(BadCredentialsException.class)
-			.verify();
+		StepVerifier.create(result).expectError(BadCredentialsException.class).verify();
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/authentication/ReactiveUserDetailsServiceAuthenticationManagerTests.java b/core/src/test/java/org/springframework/security/authentication/ReactiveUserDetailsServiceAuthenticationManagerTests.java
index d6352818cc..32e9db3f44 100644
--- a/core/src/test/java/org/springframework/security/authentication/ReactiveUserDetailsServiceAuthenticationManagerTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/ReactiveUserDetailsServiceAuthenticationManagerTests.java
@@ -41,11 +41,17 @@ import reactor.test.StepVerifier;
  */
 @RunWith(MockitoJUnitRunner.class)
 public class ReactiveUserDetailsServiceAuthenticationManagerTests {
-	@Mock ReactiveUserDetailsService repository;
+
+	@Mock
+	ReactiveUserDetailsService repository;
+
 	@Mock
 	PasswordEncoder passwordEncoder;
+
 	UserDetailsRepositoryReactiveAuthenticationManager manager;
+
 	String username;
+
 	String password;
 
 	@Before
@@ -68,10 +74,7 @@ public class ReactiveUserDetailsServiceAuthenticationManagerTests {
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(username, password);
 		Mono<Authentication> authentication = manager.authenticate(token);
 
-		StepVerifier
-			.create(authentication)
-			.expectError(BadCredentialsException.class)
-			.verify();
+		StepVerifier.create(authentication).expectError(BadCredentialsException.class).verify();
 	}
 
 	@Test
@@ -84,13 +87,11 @@ public class ReactiveUserDetailsServiceAuthenticationManagerTests {
 		// @formatter:on
 		when(repository.findByUsername(user.getUsername())).thenReturn(Mono.just(user));
 
-		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(username, this.password + "INVALID");
+		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(username,
+				this.password + "INVALID");
 		Mono<Authentication> authentication = manager.authenticate(token);
 
-		StepVerifier
-			.create(authentication)
-			.expectError(BadCredentialsException.class)
-			.verify();
+		StepVerifier.create(authentication).expectError(BadCredentialsException.class).verify();
 	}
 
 	@Test
@@ -116,8 +117,8 @@ public class ReactiveUserDetailsServiceAuthenticationManagerTests {
 		User user = new User(this.username, this.password, AuthorityUtils.createAuthorityList("ROLE_USER"));
 		when(this.repository.findByUsername(user.getUsername())).thenReturn(Mono.just(user));
 
-		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(
-			this.username, this.password);
+		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(this.username,
+				this.password);
 		Authentication authentication = this.manager.authenticate(token).block();
 
 		assertThat(authentication).isEqualTo(authentication);
@@ -130,14 +131,12 @@ public class ReactiveUserDetailsServiceAuthenticationManagerTests {
 		User user = new User(this.username, this.password, AuthorityUtils.createAuthorityList("ROLE_USER"));
 		when(this.repository.findByUsername(user.getUsername())).thenReturn(Mono.just(user));
 
-		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(
-			this.username, this.password);
+		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(this.username,
+				this.password);
 
 		Mono<Authentication> authentication = this.manager.authenticate(token);
 
-		StepVerifier
-			.create(authentication)
-			.expectError(BadCredentialsException.class)
-			.verify();
+		StepVerifier.create(authentication).expectError(BadCredentialsException.class).verify();
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/authentication/TestAuthentication.java b/core/src/test/java/org/springframework/security/authentication/TestAuthentication.java
index ade69f9ca3..0583c42a48 100644
--- a/core/src/test/java/org/springframework/security/authentication/TestAuthentication.java
+++ b/core/src/test/java/org/springframework/security/authentication/TestAuthentication.java
@@ -37,4 +37,5 @@ public class TestAuthentication extends PasswordEncodedUser {
 	public static Authentication autheticated(UserDetails user) {
 		return new UsernamePasswordAuthenticationToken(user, null, user.getAuthorities());
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/authentication/TestingAuthenticationProviderTests.java b/core/src/test/java/org/springframework/security/authentication/TestingAuthenticationProviderTests.java
index 875a8bbf3b..e9bb8af1a5 100644
--- a/core/src/test/java/org/springframework/security/authentication/TestingAuthenticationProviderTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/TestingAuthenticationProviderTests.java
@@ -32,8 +32,7 @@ public class TestingAuthenticationProviderTests {
 	@Test
 	public void testAuthenticates() {
 		TestingAuthenticationProvider provider = new TestingAuthenticationProvider();
-		TestingAuthenticationToken token = new TestingAuthenticationToken("Test",
-				"Password", "ROLE_ONE", "ROLE_TWO");
+		TestingAuthenticationToken token = new TestingAuthenticationToken("Test", "Password", "ROLE_ONE", "ROLE_TWO");
 		Authentication result = provider.authenticate(token);
 
 		assertThat(result instanceof TestingAuthenticationToken).isTrue();
@@ -41,9 +40,7 @@ public class TestingAuthenticationProviderTests {
 		TestingAuthenticationToken castResult = (TestingAuthenticationToken) result;
 		assertThat(castResult.getPrincipal()).isEqualTo("Test");
 		assertThat(castResult.getCredentials()).isEqualTo("Password");
-		assertThat(
-				AuthorityUtils.authorityListToSet(castResult.getAuthorities())).contains(
-						"ROLE_ONE", "ROLE_TWO");
+		assertThat(AuthorityUtils.authorityListToSet(castResult.getAuthorities())).contains("ROLE_ONE", "ROLE_TWO");
 	}
 
 	@Test
@@ -52,4 +49,5 @@ public class TestingAuthenticationProviderTests {
 		assertThat(provider.supports(TestingAuthenticationToken.class)).isTrue();
 		assertThat(!provider.supports(String.class)).isTrue();
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/authentication/TestingAuthenticationTokenTests.java b/core/src/test/java/org/springframework/security/authentication/TestingAuthenticationTokenTests.java
index 473fa78945..822632aa69 100644
--- a/core/src/test/java/org/springframework/security/authentication/TestingAuthenticationTokenTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/TestingAuthenticationTokenTests.java
@@ -26,28 +26,28 @@ import static org.assertj.core.api.Assertions.assertThat;
  * @author Josh Cummings
  */
 public class TestingAuthenticationTokenTests {
+
 	@Test
 	public void constructorWhenNoAuthoritiesThenUnauthenticated() {
-		TestingAuthenticationToken unauthenticated =
-			new TestingAuthenticationToken("principal", "credentials");
+		TestingAuthenticationToken unauthenticated = new TestingAuthenticationToken("principal", "credentials");
 
 		assertThat(unauthenticated.isAuthenticated()).isFalse();
 	}
 
 	@Test
 	public void constructorWhenArityAuthoritiesThenAuthenticated() {
-		TestingAuthenticationToken authenticated =
-			new TestingAuthenticationToken("principal", "credentials", "authority");
+		TestingAuthenticationToken authenticated = new TestingAuthenticationToken("principal", "credentials",
+				"authority");
 
 		assertThat(authenticated.isAuthenticated()).isTrue();
 	}
 
 	@Test
 	public void constructorWhenCollectionAuthoritiesThenAuthenticated() {
-		TestingAuthenticationToken authenticated =
-			new TestingAuthenticationToken("principal", "credentials",
+		TestingAuthenticationToken authenticated = new TestingAuthenticationToken("principal", "credentials",
 				Arrays.asList(new SimpleGrantedAuthority("authority")));
 
 		assertThat(authenticated.isAuthenticated()).isTrue();
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/authentication/UserDetailsRepositoryReactiveAuthenticationManagerTests.java b/core/src/test/java/org/springframework/security/authentication/UserDetailsRepositoryReactiveAuthenticationManagerTests.java
index 937b61edb2..b221ff3609 100644
--- a/core/src/test/java/org/springframework/security/authentication/UserDetailsRepositoryReactiveAuthenticationManagerTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/UserDetailsRepositoryReactiveAuthenticationManagerTests.java
@@ -44,6 +44,7 @@ import org.springframework.security.crypto.password.PasswordEncoder;
  */
 @RunWith(MockitoJUnitRunner.class)
 public class UserDetailsRepositoryReactiveAuthenticationManagerTests {
+
 	@Mock
 	private ReactiveUserDetailsService userDetailsService;
 
@@ -79,8 +80,7 @@ public class UserDetailsRepositoryReactiveAuthenticationManagerTests {
 
 	@Test
 	public void setSchedulerWhenNullThenIllegalArgumentException() {
-		assertThatCode(() -> this.manager.setScheduler(null))
-			.isInstanceOf(IllegalArgumentException.class);
+		assertThatCode(() -> this.manager.setScheduler(null)).isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
@@ -89,8 +89,8 @@ public class UserDetailsRepositoryReactiveAuthenticationManagerTests {
 		when(this.encoder.matches(any(), any())).thenReturn(true);
 		this.manager.setScheduler(this.scheduler);
 		this.manager.setPasswordEncoder(this.encoder);
-		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(
-				this.user, this.user.getPassword());
+		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(this.user,
+				this.user.getPassword());
 
 		Authentication result = this.manager.authenticate(token).block();
 
@@ -107,8 +107,8 @@ public class UserDetailsRepositoryReactiveAuthenticationManagerTests {
 		when(this.userDetailsPasswordService.updatePassword(any(), any())).thenReturn(Mono.just(this.user));
 		this.manager.setPasswordEncoder(this.encoder);
 		this.manager.setUserDetailsPasswordService(this.userDetailsPasswordService);
-		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(
-				this.user, this.user.getPassword());
+		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(this.user,
+				this.user.getPassword());
 
 		Authentication result = this.manager.authenticate(token).block();
 
@@ -122,11 +122,10 @@ public class UserDetailsRepositoryReactiveAuthenticationManagerTests {
 		when(this.encoder.matches(any(), any())).thenReturn(false);
 		this.manager.setPasswordEncoder(this.encoder);
 		this.manager.setUserDetailsPasswordService(this.userDetailsPasswordService);
-		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(
-				this.user, this.user.getPassword());
+		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(this.user,
+				this.user.getPassword());
 
-		assertThatThrownBy(() -> this.manager.authenticate(token).block())
-			.isInstanceOf(BadCredentialsException.class);
+		assertThatThrownBy(() -> this.manager.authenticate(token).block()).isInstanceOf(BadCredentialsException.class);
 
 		verifyZeroInteractions(this.userDetailsPasswordService);
 	}
@@ -138,8 +137,8 @@ public class UserDetailsRepositoryReactiveAuthenticationManagerTests {
 		when(this.encoder.upgradeEncoding(any())).thenReturn(false);
 		this.manager.setPasswordEncoder(this.encoder);
 		this.manager.setUserDetailsPasswordService(this.userDetailsPasswordService);
-		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(
-				this.user, this.user.getPassword());
+		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(this.user,
+				this.user.getPassword());
 
 		Authentication result = this.manager.authenticate(token).block();
 
@@ -154,8 +153,8 @@ public class UserDetailsRepositoryReactiveAuthenticationManagerTests {
 		this.manager.setPasswordEncoder(this.encoder);
 		this.manager.setPostAuthenticationChecks(this.postAuthenticationChecks);
 
-		assertThatExceptionOfType(LockedException.class)
-				.isThrownBy(() -> this.manager.authenticate(new UsernamePasswordAuthenticationToken(this.user, this.user.getPassword())).block())
+		assertThatExceptionOfType(LockedException.class).isThrownBy(() -> this.manager
+				.authenticate(new UsernamePasswordAuthenticationToken(this.user, this.user.getPassword())).block())
 				.withMessage("account is locked");
 
 		verify(this.postAuthenticationChecks).check(eq(this.user));
@@ -167,8 +166,8 @@ public class UserDetailsRepositoryReactiveAuthenticationManagerTests {
 		when(this.encoder.matches(any(), any())).thenReturn(true);
 		this.manager.setPasswordEncoder(this.encoder);
 
-		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(
-				this.user, this.user.getPassword());
+		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(this.user,
+				this.user.getPassword());
 
 		this.manager.authenticate(token).block();
 
@@ -187,8 +186,8 @@ public class UserDetailsRepositoryReactiveAuthenticationManagerTests {
 		// @formatter:on
 		when(this.userDetailsService.findByUsername(any())).thenReturn(Mono.just(expiredUser));
 
-		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(
-				expiredUser, expiredUser.getPassword());
+		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(expiredUser,
+				expiredUser.getPassword());
 
 		this.manager.authenticate(token).block();
 	}
@@ -205,8 +204,8 @@ public class UserDetailsRepositoryReactiveAuthenticationManagerTests {
 		// @formatter:on
 		when(this.userDetailsService.findByUsername(any())).thenReturn(Mono.just(lockedUser));
 
-		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(
-				lockedUser, lockedUser.getPassword());
+		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(lockedUser,
+				lockedUser.getPassword());
 
 		this.manager.authenticate(token).block();
 	}
@@ -224,8 +223,8 @@ public class UserDetailsRepositoryReactiveAuthenticationManagerTests {
 		// @formatter:on
 		when(this.userDetailsService.findByUsername(any())).thenReturn(Mono.just(disabledUser));
 
-		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(
-				disabledUser, disabledUser.getPassword());
+		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(disabledUser,
+				disabledUser.getPassword());
 
 		this.manager.authenticate(token).block();
 	}
diff --git a/core/src/test/java/org/springframework/security/authentication/UsernamePasswordAuthenticationTokenTests.java b/core/src/test/java/org/springframework/security/authentication/UsernamePasswordAuthenticationTokenTests.java
index 71d599f8d7..4f93382b33 100644
--- a/core/src/test/java/org/springframework/security/authentication/UsernamePasswordAuthenticationTokenTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/UsernamePasswordAuthenticationTokenTests.java
@@ -34,8 +34,8 @@ public class UsernamePasswordAuthenticationTokenTests {
 
 	@Test
 	public void authenticatedPropertyContractIsSatisfied() {
-		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(
-				"Test", "Password", AuthorityUtils.NO_AUTHORITIES);
+		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password",
+				AuthorityUtils.NO_AUTHORITIES);
 
 		// check default given we passed some GrantedAuthorty[]s (well, we passed empty
 		// list)
@@ -67,8 +67,7 @@ public class UsernamePasswordAuthenticationTokenTests {
 
 	@Test
 	public void gettersReturnCorrectData() {
-		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(
-				"Test", "Password",
+		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password",
 				AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO"));
 		assertThat(token.getPrincipal()).isEqualTo("Test");
 		assertThat(token.getCredentials()).isEqualTo("Password");
@@ -81,4 +80,5 @@ public class UsernamePasswordAuthenticationTokenTests {
 		Class<?> clazz = UsernamePasswordAuthenticationToken.class;
 		clazz.getDeclaredConstructor((Class[]) null);
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/authentication/anonymous/AnonymousAuthenticationProviderTests.java b/core/src/test/java/org/springframework/security/authentication/anonymous/AnonymousAuthenticationProviderTests.java
index 11277b56bf..d1aed04429 100644
--- a/core/src/test/java/org/springframework/security/authentication/anonymous/AnonymousAuthenticationProviderTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/anonymous/AnonymousAuthenticationProviderTests.java
@@ -38,12 +38,10 @@ public class AnonymousAuthenticationProviderTests {
 
 	@Test
 	public void testDetectsAnInvalidKey() {
-		AnonymousAuthenticationProvider aap = new AnonymousAuthenticationProvider(
-				"qwerty");
+		AnonymousAuthenticationProvider aap = new AnonymousAuthenticationProvider("qwerty");
 
-		AnonymousAuthenticationToken token = new AnonymousAuthenticationToken(
-				"WRONG_KEY", "Test", AuthorityUtils.createAuthorityList("ROLE_ONE",
-						"ROLE_TWO"));
+		AnonymousAuthenticationToken token = new AnonymousAuthenticationToken("WRONG_KEY", "Test",
+				AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO"));
 
 		try {
 			aap.authenticate(token);
@@ -66,18 +64,15 @@ public class AnonymousAuthenticationProviderTests {
 
 	@Test
 	public void testGettersSetters() {
-		AnonymousAuthenticationProvider aap = new AnonymousAuthenticationProvider(
-				"qwerty");
+		AnonymousAuthenticationProvider aap = new AnonymousAuthenticationProvider("qwerty");
 		assertThat(aap.getKey()).isEqualTo("qwerty");
 	}
 
 	@Test
 	public void testIgnoresClassesItDoesNotSupport() {
-		AnonymousAuthenticationProvider aap = new AnonymousAuthenticationProvider(
-				"qwerty");
+		AnonymousAuthenticationProvider aap = new AnonymousAuthenticationProvider("qwerty");
 
-		TestingAuthenticationToken token = new TestingAuthenticationToken("user",
-				"password", "ROLE_A");
+		TestingAuthenticationToken token = new TestingAuthenticationToken("user", "password", "ROLE_A");
 		assertThat(aap.supports(TestingAuthenticationToken.class)).isFalse();
 
 		// Try it anyway
@@ -86,11 +81,10 @@ public class AnonymousAuthenticationProviderTests {
 
 	@Test
 	public void testNormalOperation() {
-		AnonymousAuthenticationProvider aap = new AnonymousAuthenticationProvider(
-				"qwerty");
+		AnonymousAuthenticationProvider aap = new AnonymousAuthenticationProvider("qwerty");
 
-		AnonymousAuthenticationToken token = new AnonymousAuthenticationToken("qwerty",
-				"Test", AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO"));
+		AnonymousAuthenticationToken token = new AnonymousAuthenticationToken("qwerty", "Test",
+				AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO"));
 
 		Authentication result = aap.authenticate(token);
 
@@ -99,9 +93,9 @@ public class AnonymousAuthenticationProviderTests {
 
 	@Test
 	public void testSupports() {
-		AnonymousAuthenticationProvider aap = new AnonymousAuthenticationProvider(
-				"qwerty");
+		AnonymousAuthenticationProvider aap = new AnonymousAuthenticationProvider("qwerty");
 		assertThat(aap.supports(AnonymousAuthenticationToken.class)).isTrue();
 		assertThat(aap.supports(TestingAuthenticationToken.class)).isFalse();
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/authentication/anonymous/AnonymousAuthenticationTokenTests.java b/core/src/test/java/org/springframework/security/authentication/anonymous/AnonymousAuthenticationTokenTests.java
index 1fec11d0c4..544aaef640 100644
--- a/core/src/test/java/org/springframework/security/authentication/anonymous/AnonymousAuthenticationTokenTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/anonymous/AnonymousAuthenticationTokenTests.java
@@ -35,8 +35,7 @@ import org.springframework.security.core.authority.AuthorityUtils;
  */
 public class AnonymousAuthenticationTokenTests {
 
-	private final static List<GrantedAuthority> ROLES_12 = AuthorityUtils.createAuthorityList(
-			"ROLE_ONE", "ROLE_TWO");
+	private final static List<GrantedAuthority> ROLES_12 = AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO");
 
 	// ~ Methods
 	// ========================================================================================================
@@ -57,16 +56,14 @@ public class AnonymousAuthenticationTokenTests {
 		}
 
 		try {
-			new AnonymousAuthenticationToken("key", "Test",
-					null);
+			new AnonymousAuthenticationToken("key", "Test", null);
 			fail("Should have thrown IllegalArgumentException");
 		}
 		catch (IllegalArgumentException expected) {
 		}
 
 		try {
-			new AnonymousAuthenticationToken("key", "Test",
-					AuthorityUtils.NO_AUTHORITIES);
+			new AnonymousAuthenticationToken("key", "Test", AuthorityUtils.NO_AUTHORITIES);
 			fail("Should have thrown IllegalArgumentException");
 		}
 		catch (IllegalArgumentException expected) {
@@ -75,24 +72,20 @@ public class AnonymousAuthenticationTokenTests {
 
 	@Test
 	public void testEqualsWhenEqual() {
-		AnonymousAuthenticationToken token1 = new AnonymousAuthenticationToken("key",
-				"Test", ROLES_12);
-		AnonymousAuthenticationToken token2 = new AnonymousAuthenticationToken("key",
-				"Test", ROLES_12);
+		AnonymousAuthenticationToken token1 = new AnonymousAuthenticationToken("key", "Test", ROLES_12);
+		AnonymousAuthenticationToken token2 = new AnonymousAuthenticationToken("key", "Test", ROLES_12);
 
 		assertThat(token2).isEqualTo(token1);
 	}
 
 	@Test
 	public void testGetters() {
-		AnonymousAuthenticationToken token = new AnonymousAuthenticationToken("key",
-				"Test", ROLES_12);
+		AnonymousAuthenticationToken token = new AnonymousAuthenticationToken("key", "Test", ROLES_12);
 
 		assertThat(token.getKeyHash()).isEqualTo("key".hashCode());
 		assertThat(token.getPrincipal()).isEqualTo("Test");
 		assertThat(token.getCredentials()).isEqualTo("");
-		assertThat(AuthorityUtils.authorityListToSet(token.getAuthorities())).contains(
-				"ROLE_ONE", "ROLE_TWO");
+		assertThat(AuthorityUtils.authorityListToSet(token.getAuthorities())).contains("ROLE_ONE", "ROLE_TWO");
 		assertThat(token.isAuthenticated()).isTrue();
 	}
 
@@ -110,39 +103,33 @@ public class AnonymousAuthenticationTokenTests {
 
 	@Test
 	public void testNotEqualsDueToAbstractParentEqualsCheck() {
-		AnonymousAuthenticationToken token1 = new AnonymousAuthenticationToken("key",
-				"Test", ROLES_12);
-		AnonymousAuthenticationToken token2 = new AnonymousAuthenticationToken("key",
-				"DIFFERENT_PRINCIPAL", ROLES_12);
+		AnonymousAuthenticationToken token1 = new AnonymousAuthenticationToken("key", "Test", ROLES_12);
+		AnonymousAuthenticationToken token2 = new AnonymousAuthenticationToken("key", "DIFFERENT_PRINCIPAL", ROLES_12);
 
 		assertThat(token1.equals(token2)).isFalse();
 	}
 
 	@Test
 	public void testNotEqualsDueToDifferentAuthenticationClass() {
-		AnonymousAuthenticationToken token1 = new AnonymousAuthenticationToken("key",
-				"Test", ROLES_12);
-		UsernamePasswordAuthenticationToken token2 = new UsernamePasswordAuthenticationToken(
-				"Test", "Password", ROLES_12);
+		AnonymousAuthenticationToken token1 = new AnonymousAuthenticationToken("key", "Test", ROLES_12);
+		UsernamePasswordAuthenticationToken token2 = new UsernamePasswordAuthenticationToken("Test", "Password",
+				ROLES_12);
 
 		assertThat(token1.equals(token2)).isFalse();
 	}
 
 	@Test
 	public void testNotEqualsDueToKey() {
-		AnonymousAuthenticationToken token1 = new AnonymousAuthenticationToken("key",
-				"Test", ROLES_12);
+		AnonymousAuthenticationToken token1 = new AnonymousAuthenticationToken("key", "Test", ROLES_12);
 
-		AnonymousAuthenticationToken token2 = new AnonymousAuthenticationToken(
-				"DIFFERENT_KEY", "Test", ROLES_12);
+		AnonymousAuthenticationToken token2 = new AnonymousAuthenticationToken("DIFFERENT_KEY", "Test", ROLES_12);
 
 		assertThat(token1.equals(token2)).isFalse();
 	}
 
 	@Test
 	public void testSetAuthenticatedIgnored() {
-		AnonymousAuthenticationToken token = new AnonymousAuthenticationToken("key",
-				"Test", ROLES_12);
+		AnonymousAuthenticationToken token = new AnonymousAuthenticationToken("key", "Test", ROLES_12);
 		assertThat(token.isAuthenticated()).isTrue();
 		token.setAuthenticated(false);
 		assertThat(!token.isAuthenticated()).isTrue();
@@ -162,4 +149,5 @@ public class AnonymousAuthenticationTokenTests {
 	public void constructorWhenPrincipalIsEmptyStringThenThrowIllegalArgumentException() {
 		new AnonymousAuthenticationToken("key", "", ROLES_12);
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/authentication/dao/DaoAuthenticationProviderTests.java b/core/src/test/java/org/springframework/security/authentication/dao/DaoAuthenticationProviderTests.java
index 7d906af380..8ac4bc9f26 100644
--- a/core/src/test/java/org/springframework/security/authentication/dao/DaoAuthenticationProviderTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/dao/DaoAuthenticationProviderTests.java
@@ -68,15 +68,13 @@ import org.springframework.security.core.userdetails.UserDetailsPasswordService;
  */
 public class DaoAuthenticationProviderTests {
 
-	private static final List<GrantedAuthority> ROLES_12 = AuthorityUtils.createAuthorityList(
-			"ROLE_ONE", "ROLE_TWO");
+	private static final List<GrantedAuthority> ROLES_12 = AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO");
 
 	// ~ Methods
 	// ========================================================================================================
 	@Test
 	public void testAuthenticateFailsForIncorrectPasswordCase() {
-		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(
-				"rod", "KOala");
+		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("rod", "KOala");
 
 		DaoAuthenticationProvider provider = createProvider();
 		provider.setUserDetailsService(new MockUserDetailsServiceUserRod());
@@ -98,8 +96,7 @@ public class DaoAuthenticationProviderTests {
 		provider.setUserDetailsService(new MockUserDetailsServiceUserRod());
 		provider.setUserCache(new MockUserCache());
 
-		UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(
-				"rod", null);
+		UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken("rod", null);
 		try {
 			provider.authenticate(authenticationToken);
 			fail("Expected BadCredenialsException");
@@ -111,12 +108,10 @@ public class DaoAuthenticationProviderTests {
 
 	@Test
 	public void testAuthenticateFailsIfAccountExpired() {
-		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(
-				"peter", "opal");
+		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("peter", "opal");
 
 		DaoAuthenticationProvider provider = createProvider();
-		provider.setUserDetailsService(
-				new MockUserDetailsServiceUserPeterAccountExpired());
+		provider.setUserDetailsService(new MockUserDetailsServiceUserPeterAccountExpired());
 		provider.setUserCache(new MockUserCache());
 
 		try {
@@ -130,8 +125,7 @@ public class DaoAuthenticationProviderTests {
 
 	@Test
 	public void testAuthenticateFailsIfAccountLocked() {
-		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(
-				"peter", "opal");
+		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("peter", "opal");
 
 		DaoAuthenticationProvider provider = createProvider();
 		provider.setUserDetailsService(new MockUserDetailsServiceUserPeterAccountLocked());
@@ -148,12 +142,10 @@ public class DaoAuthenticationProviderTests {
 
 	@Test
 	public void testAuthenticateFailsIfCredentialsExpired() {
-		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(
-				"peter", "opal");
+		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("peter", "opal");
 
 		DaoAuthenticationProvider provider = createProvider();
-		provider.setUserDetailsService(
-				new MockUserDetailsServiceUserPeterCredentialsExpired());
+		provider.setUserDetailsService(new MockUserDetailsServiceUserPeterCredentialsExpired());
 		provider.setUserCache(new MockUserCache());
 
 		try {
@@ -179,8 +171,7 @@ public class DaoAuthenticationProviderTests {
 
 	@Test
 	public void testAuthenticateFailsIfUserDisabled() {
-		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(
-				"peter", "opal");
+		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("peter", "opal");
 
 		DaoAuthenticationProvider provider = createProvider();
 		provider.setUserDetailsService(new MockUserDetailsServiceUserPeter());
@@ -197,8 +188,7 @@ public class DaoAuthenticationProviderTests {
 
 	@Test
 	public void testAuthenticateFailsWhenAuthenticationDaoHasBackendFailure() {
-		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(
-				"rod", "koala");
+		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("rod", "koala");
 
 		DaoAuthenticationProvider provider = createProvider();
 		provider.setUserDetailsService(new MockUserDetailsServiceSimulateBackendError());
@@ -214,8 +204,7 @@ public class DaoAuthenticationProviderTests {
 
 	@Test
 	public void testAuthenticateFailsWithEmptyUsername() {
-		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(
-				null, "koala");
+		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(null, "koala");
 
 		DaoAuthenticationProvider provider = createProvider();
 		provider.setUserDetailsService(new MockUserDetailsServiceUserRod());
@@ -232,8 +221,7 @@ public class DaoAuthenticationProviderTests {
 
 	@Test
 	public void testAuthenticateFailsWithInvalidPassword() {
-		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(
-				"rod", "INVALID_PASSWORD");
+		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("rod", "INVALID_PASSWORD");
 
 		DaoAuthenticationProvider provider = createProvider();
 		provider.setUserDetailsService(new MockUserDetailsServiceUserRod());
@@ -250,8 +238,7 @@ public class DaoAuthenticationProviderTests {
 
 	@Test
 	public void testAuthenticateFailsWithInvalidUsernameAndHideUserNotFoundExceptionFalse() {
-		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(
-				"INVALID_USER", "koala");
+		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("INVALID_USER", "koala");
 
 		DaoAuthenticationProvider provider = createProvider();
 		provider.setHideUserNotFoundExceptions(false); // we want
@@ -270,8 +257,7 @@ public class DaoAuthenticationProviderTests {
 
 	@Test
 	public void testAuthenticateFailsWithInvalidUsernameAndHideUserNotFoundExceptionsWithDefaultOfTrue() {
-		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(
-				"INVALID_USER", "koala");
+		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("INVALID_USER", "koala");
 
 		DaoAuthenticationProvider provider = createProvider();
 		assertThat(provider.isHideUserNotFoundExceptions()).isTrue();
@@ -289,8 +275,7 @@ public class DaoAuthenticationProviderTests {
 
 	@Test
 	public void testAuthenticateFailsWithInvalidUsernameAndChangePasswordEncoder() {
-		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(
-			"INVALID_USER", "koala");
+		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("INVALID_USER", "koala");
 
 		DaoAuthenticationProvider provider = createProvider();
 		assertThat(provider.isHideUserNotFoundExceptions()).isTrue();
@@ -318,8 +303,7 @@ public class DaoAuthenticationProviderTests {
 
 	@Test
 	public void testAuthenticateFailsWithMixedCaseUsernameIfDefaultChanged() {
-		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(
-				"RoD", "koala");
+		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("RoD", "koala");
 
 		DaoAuthenticationProvider provider = createProvider();
 		provider.setUserDetailsService(new MockUserDetailsServiceUserRod());
@@ -336,8 +320,7 @@ public class DaoAuthenticationProviderTests {
 
 	@Test
 	public void testAuthenticates() {
-		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(
-				"rod", "koala");
+		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("rod", "koala");
 		token.setDetails("192.168.0.1");
 
 		DaoAuthenticationProvider provider = createProvider();
@@ -353,16 +336,13 @@ public class DaoAuthenticationProviderTests {
 		UsernamePasswordAuthenticationToken castResult = (UsernamePasswordAuthenticationToken) result;
 		assertThat(castResult.getPrincipal().getClass()).isEqualTo(User.class);
 		assertThat(castResult.getCredentials()).isEqualTo("koala");
-		assertThat(
-				AuthorityUtils.authorityListToSet(castResult.getAuthorities())).contains(
-						"ROLE_ONE", "ROLE_TWO");
+		assertThat(AuthorityUtils.authorityListToSet(castResult.getAuthorities())).contains("ROLE_ONE", "ROLE_TWO");
 		assertThat(castResult.getDetails()).isEqualTo("192.168.0.1");
 	}
 
 	@Test
 	public void testAuthenticatesASecondTime() {
-		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(
-				"rod", "koala");
+		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("rod", "koala");
 
 		DaoAuthenticationProvider provider = createProvider();
 		provider.setUserDetailsService(new MockUserDetailsServiceUserRod());
@@ -386,8 +366,7 @@ public class DaoAuthenticationProviderTests {
 
 	@Test
 	public void testAuthenticatesWithForcePrincipalAsString() {
-		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(
-				"rod", "koala");
+		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("rod", "koala");
 
 		DaoAuthenticationProvider provider = createProvider();
 		provider.setUserDetailsService(new MockUserDetailsServiceUserRod());
@@ -409,8 +388,7 @@ public class DaoAuthenticationProviderTests {
 	public void authenticateWhenSuccessAndPasswordManagerThenUpdates() {
 		String password = "password";
 		String encodedPassword = "encoded";
-		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(
-				"user", password);
+		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("user", password);
 
 		PasswordEncoder encoder = mock(PasswordEncoder.class);
 		UserDetailsService userDetailsService = mock(UserDetailsService.class);
@@ -435,8 +413,7 @@ public class DaoAuthenticationProviderTests {
 
 	@Test
 	public void authenticateWhenBadCredentialsAndPasswordManagerThenNoUpdate() {
-		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(
-				"user", "password");
+		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("user", "password");
 
 		PasswordEncoder encoder = mock(PasswordEncoder.class);
 		UserDetailsService userDetailsService = mock(UserDetailsService.class);
@@ -450,16 +427,14 @@ public class DaoAuthenticationProviderTests {
 		when(encoder.matches(any(), any())).thenReturn(false);
 		when(userDetailsService.loadUserByUsername(any())).thenReturn(user);
 
-		assertThatThrownBy(() -> provider.authenticate(token))
-			.isInstanceOf(BadCredentialsException.class);
+		assertThatThrownBy(() -> provider.authenticate(token)).isInstanceOf(BadCredentialsException.class);
 
 		verifyZeroInteractions(passwordManager);
 	}
 
 	@Test
 	public void authenticateWhenNotUpgradeAndPasswordManagerThenNoUpdate() {
-		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(
-				"user", "password");
+		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("user", "password");
 
 		PasswordEncoder encoder = mock(PasswordEncoder.class);
 		UserDetailsService userDetailsService = mock(UserDetailsService.class);
@@ -481,8 +456,7 @@ public class DaoAuthenticationProviderTests {
 
 	@Test
 	public void testDetectsNullBeingReturnedFromAuthenticationDao() {
-		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(
-				"rod", "koala");
+		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("rod", "koala");
 
 		DaoAuthenticationProvider provider = createProvider();
 		provider.setUserDetailsService(new MockUserDetailsServiceReturnsNull());
@@ -492,9 +466,8 @@ public class DaoAuthenticationProviderTests {
 			fail("Should have thrown AuthenticationServiceException");
 		}
 		catch (AuthenticationServiceException expected) {
-			assertThat(
-					"UserDetailsService returned null, which is an interface contract violation").isEqualTo(
-							expected.getMessage());
+			assertThat("UserDetailsService returned null, which is an interface contract violation")
+					.isEqualTo(expected.getMessage());
 		}
 	}
 
@@ -502,12 +475,10 @@ public class DaoAuthenticationProviderTests {
 	public void testGettersSetters() {
 		DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
 		provider.setPasswordEncoder(new BCryptPasswordEncoder());
-		assertThat(provider.getPasswordEncoder().getClass()).isEqualTo(
-			BCryptPasswordEncoder.class);
+		assertThat(provider.getPasswordEncoder().getClass()).isEqualTo(BCryptPasswordEncoder.class);
 
 		provider.setUserCache(new EhCacheBasedUserCache());
-		assertThat(provider.getUserCache().getClass()).isEqualTo(
-				EhCacheBasedUserCache.class);
+		assertThat(provider.getUserCache().getClass()).isEqualTo(EhCacheBasedUserCache.class);
 
 		assertThat(provider.isForcePrincipalAsString()).isFalse();
 		provider.setForcePrincipalAsString(true);
@@ -516,8 +487,7 @@ public class DaoAuthenticationProviderTests {
 
 	@Test
 	public void testGoesBackToAuthenticationDaoToObtainLatestPasswordIfCachedPasswordSeemsIncorrect() {
-		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(
-				"rod", "koala");
+		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("rod", "koala");
 
 		MockUserDetailsServiceUserRod authenticationDao = new MockUserDetailsServiceUserRod();
 		MockUserCache cache = new MockUserCache();
@@ -540,8 +510,7 @@ public class DaoAuthenticationProviderTests {
 
 		// To get this far, the new password was accepted
 		// Check the cache was updated
-		assertThat(cache.getUserFromCache("rod").getPassword()).isEqualTo(
-				"easternLongNeckTurtle");
+		assertThat(cache.getUserFromCache("rod").getPassword()).isEqualTo("easternLongNeckTurtle");
 	}
 
 	@Test
@@ -594,8 +563,7 @@ public class DaoAuthenticationProviderTests {
 	// SEC-2056
 	@Test
 	public void testUserNotFoundEncodesPassword() throws Exception {
-		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(
-				"missing", "koala");
+		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("missing", "koala");
 		PasswordEncoder encoder = mock(PasswordEncoder.class);
 		when(encoder.encode(anyString())).thenReturn("koala");
 		DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
@@ -617,15 +585,13 @@ public class DaoAuthenticationProviderTests {
 
 	@Test
 	public void testUserNotFoundBCryptPasswordEncoder() {
-		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(
-				"missing", "koala");
+		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("missing", "koala");
 		PasswordEncoder encoder = new BCryptPasswordEncoder();
 		DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
 		provider.setHideUserNotFoundExceptions(false);
 		provider.setPasswordEncoder(encoder);
 		MockUserDetailsServiceUserRod userDetailsService = new MockUserDetailsServiceUserRod();
-		userDetailsService.password = encoder.encode(
-				(CharSequence) token.getCredentials());
+		userDetailsService.password = encoder.encode((CharSequence) token.getCredentials());
 		provider.setUserDetailsService(userDetailsService);
 		try {
 			provider.authenticate(token);
@@ -637,8 +603,7 @@ public class DaoAuthenticationProviderTests {
 
 	@Test
 	public void testUserNotFoundDefaultEncoder() {
-		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(
-				"missing", null);
+		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("missing", null);
 		DaoAuthenticationProvider provider = createProvider();
 		provider.setHideUserNotFoundExceptions(false);
 		provider.setUserDetailsService(new MockUserDetailsServiceUserRod());
@@ -656,17 +621,14 @@ public class DaoAuthenticationProviderTests {
 	 * SEC-2056 is fixed.
 	 */
 	public void IGNOREtestSec2056() {
-		UsernamePasswordAuthenticationToken foundUser = new UsernamePasswordAuthenticationToken(
-				"rod", "koala");
-		UsernamePasswordAuthenticationToken notFoundUser = new UsernamePasswordAuthenticationToken(
-				"notFound", "koala");
+		UsernamePasswordAuthenticationToken foundUser = new UsernamePasswordAuthenticationToken("rod", "koala");
+		UsernamePasswordAuthenticationToken notFoundUser = new UsernamePasswordAuthenticationToken("notFound", "koala");
 		PasswordEncoder encoder = new BCryptPasswordEncoder(10, new SecureRandom());
 		DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
 		provider.setHideUserNotFoundExceptions(false);
 		provider.setPasswordEncoder(encoder);
 		MockUserDetailsServiceUserRod userDetailsService = new MockUserDetailsServiceUserRod();
-		userDetailsService.password = encoder.encode(
-				(CharSequence) foundUser.getCredentials());
+		userDetailsService.password = encoder.encode((CharSequence) foundUser.getCredentials());
 		provider.setUserDetailsService(userDetailsService);
 
 		int sampleSize = 100;
@@ -692,10 +654,8 @@ public class DaoAuthenticationProviderTests {
 
 		double userFoundAvg = avg(userFoundTimes);
 		double userNotFoundAvg = avg(userNotFoundTimes);
-		assertThat(Math.abs(userNotFoundAvg - userFoundAvg) <= 3).withFailMessage(
-				"User not found average " + userNotFoundAvg
-						+ " should be within 3ms of user found average "
-						+ userFoundAvg).isTrue();
+		assertThat(Math.abs(userNotFoundAvg - userFoundAvg) <= 3).withFailMessage("User not found average "
+				+ userNotFoundAvg + " should be within 3ms of user found average " + userFoundAvg).isTrue();
 	}
 
 	private double avg(List<Long> counts) {
@@ -708,8 +668,7 @@ public class DaoAuthenticationProviderTests {
 
 	@Test
 	public void testUserNotFoundNullCredentials() {
-		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(
-				"missing", null);
+		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("missing", null);
 		PasswordEncoder encoder = mock(PasswordEncoder.class);
 		DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
 		provider.setHideUserNotFoundExceptions(false);
@@ -733,15 +692,15 @@ public class DaoAuthenticationProviderTests {
 		public UserDetails loadUserByUsername(String username) {
 			return null;
 		}
+
 	}
 
-	private class MockUserDetailsServiceSimulateBackendError
-			implements UserDetailsService {
+	private class MockUserDetailsServiceSimulateBackendError implements UserDetailsService {
 
 		public UserDetails loadUserByUsername(String username) {
-			throw new DataRetrievalFailureException(
-					"This mock simulator is designed to fail");
+			throw new DataRetrievalFailureException("This mock simulator is designed to fail");
 		}
+
 	}
 
 	private class MockUserDetailsServiceUserRod implements UserDetailsService {
@@ -758,6 +717,7 @@ public class DaoAuthenticationProviderTests {
 		public void setPassword(String password) {
 			this.password = password;
 		}
+
 	}
 
 	private class MockUserDetailsServiceUserPeter implements UserDetailsService {
@@ -768,10 +728,10 @@ public class DaoAuthenticationProviderTests {
 			}
 			throw new UsernameNotFoundException("Could not find: " + username);
 		}
+
 	}
 
-	private class MockUserDetailsServiceUserPeterAccountExpired
-			implements UserDetailsService {
+	private class MockUserDetailsServiceUserPeterAccountExpired implements UserDetailsService {
 
 		public UserDetails loadUserByUsername(String username) {
 			if ("peter".equals(username)) {
@@ -779,10 +739,10 @@ public class DaoAuthenticationProviderTests {
 			}
 			throw new UsernameNotFoundException("Could not find: " + username);
 		}
+
 	}
 
-	private class MockUserDetailsServiceUserPeterAccountLocked
-			implements UserDetailsService {
+	private class MockUserDetailsServiceUserPeterAccountLocked implements UserDetailsService {
 
 		public UserDetails loadUserByUsername(String username) {
 			if ("peter".equals(username)) {
@@ -790,10 +750,10 @@ public class DaoAuthenticationProviderTests {
 			}
 			throw new UsernameNotFoundException("Could not find: " + username);
 		}
+
 	}
 
-	private class MockUserDetailsServiceUserPeterCredentialsExpired
-			implements UserDetailsService {
+	private class MockUserDetailsServiceUserPeterCredentialsExpired implements UserDetailsService {
 
 		public UserDetails loadUserByUsername(String username) {
 			if ("peter".equals(username)) {
@@ -801,6 +761,7 @@ public class DaoAuthenticationProviderTests {
 			}
 			throw new UsernameNotFoundException("Could not find: " + username);
 		}
+
 	}
 
 	private DaoAuthenticationProvider createProvider() {
@@ -808,4 +769,5 @@ public class DaoAuthenticationProviderTests {
 		provider.setPasswordEncoder(NoOpPasswordEncoder.getInstance());
 		return provider;
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/authentication/dao/MockUserCache.java b/core/src/test/java/org/springframework/security/authentication/dao/MockUserCache.java
index ea7132f53b..68e2c068d8 100644
--- a/core/src/test/java/org/springframework/security/authentication/dao/MockUserCache.java
+++ b/core/src/test/java/org/springframework/security/authentication/dao/MockUserCache.java
@@ -25,6 +25,7 @@ import org.springframework.security.core.userdetails.UserCache;
 import org.springframework.security.core.userdetails.UserDetails;
 
 public class MockUserCache implements UserCache {
+
 	private Map<String, UserDetails> cache = new HashMap<>();
 
 	public UserDetails getUserFromCache(String username) {
@@ -38,4 +39,5 @@ public class MockUserCache implements UserCache {
 	public void removeUserFromCache(String username) {
 		cache.remove(username);
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/authentication/event/AuthenticationEventTests.java b/core/src/test/java/org/springframework/security/authentication/event/AuthenticationEventTests.java
index 1b08f45878..786ebd3e12 100644
--- a/core/src/test/java/org/springframework/security/authentication/event/AuthenticationEventTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/event/AuthenticationEventTests.java
@@ -31,12 +31,13 @@ import org.springframework.security.core.AuthenticationException;
  * @author Ben Alex
  */
 public class AuthenticationEventTests {
+
 	// ~ Methods
 	// ========================================================================================================
 
 	private Authentication getAuthentication() {
-		UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(
-				"Principal", "Credentials");
+		UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken("Principal",
+				"Credentials");
 		authentication.setDetails("127.0.0.1");
 
 		return authentication;
@@ -53,8 +54,7 @@ public class AuthenticationEventTests {
 	public void testAbstractAuthenticationFailureEvent() {
 		Authentication auth = getAuthentication();
 		AuthenticationException exception = new DisabledException("TEST");
-		AbstractAuthenticationFailureEvent event = new AuthenticationFailureDisabledEvent(
-				auth, exception);
+		AbstractAuthenticationFailureEvent event = new AuthenticationFailureDisabledEvent(auth, exception);
 		assertThat(event.getAuthentication()).isEqualTo(auth);
 		assertThat(event.getException()).isEqualTo(exception);
 	}
@@ -82,4 +82,5 @@ public class AuthenticationEventTests {
 
 		}
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/authentication/event/LoggerListenerTests.java b/core/src/test/java/org/springframework/security/authentication/event/LoggerListenerTests.java
index fd8ac22222..1d31a2990a 100644
--- a/core/src/test/java/org/springframework/security/authentication/event/LoggerListenerTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/event/LoggerListenerTests.java
@@ -27,12 +27,13 @@ import org.springframework.security.core.Authentication;
  * @author Ben Alex
  */
 public class LoggerListenerTests {
+
 	// ~ Methods
 	// ========================================================================================================
 
 	private Authentication getAuthentication() {
-		UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(
-				"Principal", "Credentials");
+		UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken("Principal",
+				"Credentials");
 		authentication.setDetails("127.0.0.1");
 
 		return authentication;
@@ -40,10 +41,11 @@ public class LoggerListenerTests {
 
 	@Test
 	public void testLogsEvents() {
-		AuthenticationFailureDisabledEvent event = new AuthenticationFailureDisabledEvent(
-				getAuthentication(), new LockedException("TEST"));
+		AuthenticationFailureDisabledEvent event = new AuthenticationFailureDisabledEvent(getAuthentication(),
+				new LockedException("TEST"));
 		LoggerListener listener = new LoggerListener();
 		listener.onApplicationEvent(event);
 
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/authentication/jaas/DefaultJaasAuthenticationProviderTests.java b/core/src/test/java/org/springframework/security/authentication/jaas/DefaultJaasAuthenticationProviderTests.java
index 66b117651a..ebe69f1e77 100644
--- a/core/src/test/java/org/springframework/security/authentication/jaas/DefaultJaasAuthenticationProviderTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/jaas/DefaultJaasAuthenticationProviderTests.java
@@ -53,9 +53,13 @@ import org.springframework.security.core.session.SessionDestroyedEvent;
 import org.springframework.test.util.ReflectionTestUtils;
 
 public class DefaultJaasAuthenticationProviderTests {
+
 	private DefaultJaasAuthenticationProvider provider;
+
 	private UsernamePasswordAuthenticationToken token;
+
 	private ApplicationEventPublisher publisher;
+
 	private Log log;
 
 	@Before
@@ -68,11 +72,10 @@ public class DefaultJaasAuthenticationProviderTests {
 		provider.setApplicationEventPublisher(publisher);
 		provider.setAuthorityGranters(new AuthorityGranter[] { new TestAuthorityGranter() });
 		provider.afterPropertiesSet();
-		AppConfigurationEntry[] aces = new AppConfigurationEntry[] { new AppConfigurationEntry(
-				TestLoginModule.class.getName(), LoginModuleControlFlag.REQUIRED,
-				Collections.<String, Object> emptyMap()) };
-		when(configuration.getAppConfigurationEntry(provider.getLoginContextName()))
-				.thenReturn(aces);
+		AppConfigurationEntry[] aces = new AppConfigurationEntry[] {
+				new AppConfigurationEntry(TestLoginModule.class.getName(), LoginModuleControlFlag.REQUIRED,
+						Collections.<String, Object>emptyMap()) };
+		when(configuration.getAppConfigurationEntry(provider.getLoginContextName())).thenReturn(aces);
 		token = new UsernamePasswordAuthenticationToken("user", "password");
 		ReflectionTestUtils.setField(provider, "log", log);
 
@@ -121,8 +124,7 @@ public class DefaultJaasAuthenticationProviderTests {
 	@Test
 	public void authenticateBadUser() {
 		try {
-			provider.authenticate(new UsernamePasswordAuthenticationToken("asdf",
-					"password"));
+			provider.authenticate(new UsernamePasswordAuthenticationToken("asdf", "password"));
 			fail("LoginException should have been thrown for the bad user");
 		}
 		catch (AuthenticationException success) {
@@ -245,8 +247,7 @@ public class DefaultJaasAuthenticationProviderTests {
 	@Test
 	public void javadocExample() {
 		String resName = "/" + getClass().getName().replace('.', '/') + ".xml";
-		ClassPathXmlApplicationContext context = new ClassPathXmlApplicationContext(
-				resName);
+		ClassPathXmlApplicationContext context = new ClassPathXmlApplicationContext(resName);
 		context.registerShutdownHook();
 		try {
 			provider = context.getBean(DefaultJaasAuthenticationProvider.class);
@@ -260,10 +261,12 @@ public class DefaultJaasAuthenticationProviderTests {
 	}
 
 	private void verifyFailedLogin() {
-		ArgumentCaptor<JaasAuthenticationFailedEvent> event = ArgumentCaptor.forClass(JaasAuthenticationFailedEvent.class);
+		ArgumentCaptor<JaasAuthenticationFailedEvent> event = ArgumentCaptor
+				.forClass(JaasAuthenticationFailedEvent.class);
 		verify(publisher).publishEvent(event.capture());
 		assertThat(event.getValue()).isInstanceOf(JaasAuthenticationFailedEvent.class);
 		assertThat(event.getValue().getException()).isNotNull();
 		verifyNoMoreInteractions(publisher);
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/authentication/jaas/JaasAuthenticationProviderTests.java b/core/src/test/java/org/springframework/security/authentication/jaas/JaasAuthenticationProviderTests.java
index ea794e8126..fb4c832ec7 100644
--- a/core/src/test/java/org/springframework/security/authentication/jaas/JaasAuthenticationProviderTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/jaas/JaasAuthenticationProviderTests.java
@@ -51,11 +51,14 @@ import org.springframework.security.core.session.SessionDestroyedEvent;
  * @author Ray Krueger
  */
 public class JaasAuthenticationProviderTests {
+
 	// ~ Instance fields
 	// ================================================================================================
 
 	private ApplicationContext context;
+
 	private JaasAuthenticationProvider jaasProvider;
+
 	private JaasEventCheck eventCheck;
 
 	// ~ Methods
@@ -66,37 +69,36 @@ public class JaasAuthenticationProviderTests {
 		String resName = "/" + getClass().getName().replace('.', '/') + ".xml";
 		context = new ClassPathXmlApplicationContext(resName);
 		eventCheck = (JaasEventCheck) context.getBean("eventCheck");
-		jaasProvider = (JaasAuthenticationProvider) context
-				.getBean("jaasAuthenticationProvider");
+		jaasProvider = (JaasAuthenticationProvider) context.getBean("jaasAuthenticationProvider");
 	}
 
 	@Test
 	public void testBadPassword() {
 		try {
-			jaasProvider.authenticate(new UsernamePasswordAuthenticationToken("user",
-					"asdf"));
+			jaasProvider.authenticate(new UsernamePasswordAuthenticationToken("user", "asdf"));
 			fail("LoginException should have been thrown for the bad password");
 		}
 		catch (AuthenticationException e) {
 		}
 
 		assertThat(eventCheck.failedEvent).as("Failure event not fired").isNotNull();
-		assertThat(eventCheck.failedEvent.getException()).withFailMessage("Failure event exception was null").isNotNull();
+		assertThat(eventCheck.failedEvent.getException()).withFailMessage("Failure event exception was null")
+				.isNotNull();
 		assertThat(eventCheck.successEvent).as("Success event was fired").isNull();
 	}
 
 	@Test
 	public void testBadUser() {
 		try {
-			jaasProvider.authenticate(new UsernamePasswordAuthenticationToken("asdf",
-					"password"));
+			jaasProvider.authenticate(new UsernamePasswordAuthenticationToken("asdf", "password"));
 			fail("LoginException should have been thrown for the bad user");
 		}
 		catch (AuthenticationException e) {
 		}
 
 		assertThat(eventCheck.failedEvent).as("Failure event not fired").isNotNull();
-		assertThat(eventCheck.failedEvent.getException()).withFailMessage("Failure event exception was null").isNotNull();
+		assertThat(eventCheck.failedEvent.getException()).withFailMessage("Failure event exception was null")
+				.isNotNull();
 		assertThat(eventCheck.successEvent).as("Success event was fired").isNull();
 	}
 
@@ -133,8 +135,7 @@ public class JaasAuthenticationProviderTests {
 	public void spacesInLoginConfigPathAreAccepted() throws Exception {
 		File configFile;
 		// Create temp directory with a space in the name
-		File configDir = new File(System.getProperty("java.io.tmpdir") + File.separator
-				+ "jaas test");
+		File configDir = new File(System.getProperty("java.io.tmpdir") + File.separator + "jaas test");
 		configDir.deleteOnExit();
 
 		if (configDir.exists()) {
@@ -145,9 +146,8 @@ public class JaasAuthenticationProviderTests {
 		configFile.deleteOnExit();
 		FileOutputStream fos = new FileOutputStream(configFile);
 		PrintWriter pw = new PrintWriter(fos);
-		pw.append("JAASTestBlah {"
-				+ "org.springframework.security.authentication.jaas.TestLoginModule required;"
-				+ "};");
+		pw.append(
+				"JAASTestBlah {" + "org.springframework.security.authentication.jaas.TestLoginModule required;" + "};");
 		pw.flush();
 		pw.close();
 
@@ -191,8 +191,8 @@ public class JaasAuthenticationProviderTests {
 
 	@Test
 	public void testFull() {
-		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(
-				"user", "password", AuthorityUtils.createAuthorityList("ROLE_ONE"));
+		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("user", "password",
+				AuthorityUtils.createAuthorityList("ROLE_ONE"));
 
 		assertThat(jaasProvider.supports(UsernamePasswordAuthenticationToken.class)).isTrue();
 
@@ -206,7 +206,8 @@ public class JaasAuthenticationProviderTests {
 		Collection<? extends GrantedAuthority> list = auth.getAuthorities();
 		Set<String> set = AuthorityUtils.authorityListToSet(list);
 
-		assertThat(set.contains("ROLE_ONE")).withFailMessage("GrantedAuthorities should not contain ROLE_ONE").isFalse();
+		assertThat(set.contains("ROLE_ONE")).withFailMessage("GrantedAuthorities should not contain ROLE_ONE")
+				.isFalse();
 		assertThat(set.contains("ROLE_TEST1")).withFailMessage("GrantedAuthorities should contain ROLE_TEST1").isTrue();
 		assertThat(set.contains("ROLE_TEST2")).withFailMessage("GrantedAuthorities should contain ROLE_TEST2").isTrue();
 		boolean foundit = false;
@@ -214,7 +215,8 @@ public class JaasAuthenticationProviderTests {
 		for (GrantedAuthority a : list) {
 			if (a instanceof JaasGrantedAuthority) {
 				JaasGrantedAuthority grant = (JaasGrantedAuthority) a;
-				assertThat(grant.getPrincipal()).withFailMessage("Principal was null on JaasGrantedAuthority").isNotNull();
+				assertThat(grant.getPrincipal()).withFailMessage("Principal was null on JaasGrantedAuthority")
+						.isNotNull();
 				foundit = true;
 			}
 		}
@@ -222,7 +224,8 @@ public class JaasAuthenticationProviderTests {
 		assertThat(foundit).as("Could not find a JaasGrantedAuthority").isTrue();
 
 		assertThat(eventCheck.successEvent).as("Success event should be fired").isNotNull();
-		assertThat(eventCheck.successEvent.getAuthentication()).withFailMessage("Auth objects should be equal").isEqualTo(auth);
+		assertThat(eventCheck.successEvent.getAuthentication()).withFailMessage("Auth objects should be equal")
+				.isEqualTo(auth);
 		assertThat(eventCheck.failedEvent).as("Failure event should not be fired").isNull();
 	}
 
@@ -237,8 +240,7 @@ public class JaasAuthenticationProviderTests {
 		jaasProvider.setLoginExceptionResolver(e -> new LockedException("This is just a test!"));
 
 		try {
-			jaasProvider.authenticate(new UsernamePasswordAuthenticationToken("user",
-					"password"));
+			jaasProvider.authenticate(new UsernamePasswordAuthenticationToken("user", "password"));
 		}
 		catch (LockedException e) {
 		}
@@ -249,11 +251,9 @@ public class JaasAuthenticationProviderTests {
 
 	@Test
 	public void testLogout() throws Exception {
-		MockLoginContext loginContext = new MockLoginContext(
-				jaasProvider.getLoginContextName());
+		MockLoginContext loginContext = new MockLoginContext(jaasProvider.getLoginContextName());
 
-		JaasAuthenticationToken token = new JaasAuthenticationToken(null, null,
-				loginContext);
+		JaasAuthenticationToken token = new JaasAuthenticationToken(null, null, loginContext);
 
 		SecurityContext context = SecurityContextHolder.createEmptyContext();
 		context.setAuthentication(token);
@@ -268,26 +268,27 @@ public class JaasAuthenticationProviderTests {
 
 	@Test
 	public void testNullDefaultAuthorities() {
-		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(
-				"user", "password");
+		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("user", "password");
 
 		assertThat(jaasProvider.supports(UsernamePasswordAuthenticationToken.class)).isTrue();
 
 		Authentication auth = jaasProvider.authenticate(token);
-		assertThat(auth
-				.getAuthorities()).withFailMessage("Only ROLE_TEST1 and ROLE_TEST2 should have been returned").hasSize(2);
+		assertThat(auth.getAuthorities()).withFailMessage("Only ROLE_TEST1 and ROLE_TEST2 should have been returned")
+				.hasSize(2);
 	}
 
 	@Test
 	public void testUnsupportedAuthenticationObjectReturnsNull() {
-		assertThat(jaasProvider.authenticate(new TestingAuthenticationToken("foo", "bar",
-				AuthorityUtils.NO_AUTHORITIES))).isNull();
+		assertThat(
+				jaasProvider.authenticate(new TestingAuthenticationToken("foo", "bar", AuthorityUtils.NO_AUTHORITIES)))
+						.isNull();
 	}
 
 	// ~ Inner Classes
 	// ==================================================================================================
 
 	private static class MockLoginContext extends LoginContext {
+
 		boolean loggedOut = false;
 
 		MockLoginContext(String loginModule) throws LoginException {
@@ -297,5 +298,7 @@ public class JaasAuthenticationProviderTests {
 		public void logout() {
 			this.loggedOut = true;
 		}
+
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/authentication/jaas/JaasEventCheck.java b/core/src/test/java/org/springframework/security/authentication/jaas/JaasEventCheck.java
index 9760f2863c..68c5b61613 100644
--- a/core/src/test/java/org/springframework/security/authentication/jaas/JaasEventCheck.java
+++ b/core/src/test/java/org/springframework/security/authentication/jaas/JaasEventCheck.java
@@ -25,10 +25,12 @@ import org.springframework.security.authentication.jaas.event.JaasAuthentication
  * @author Ray Krueger
  */
 public class JaasEventCheck implements ApplicationListener<JaasAuthenticationEvent> {
+
 	// ~ Instance fields
 	// ================================================================================================
 
 	JaasAuthenticationFailedEvent failedEvent;
+
 	JaasAuthenticationSuccessEvent successEvent;
 
 	// ~ Methods
@@ -43,4 +45,5 @@ public class JaasEventCheck implements ApplicationListener<JaasAuthenticationEve
 			successEvent = (JaasAuthenticationSuccessEvent) event;
 		}
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/authentication/jaas/JaasGrantedAuthorityTests.java b/core/src/test/java/org/springframework/security/authentication/jaas/JaasGrantedAuthorityTests.java
index 9b952fd0ec..1076660f35 100644
--- a/core/src/test/java/org/springframework/security/authentication/jaas/JaasGrantedAuthorityTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/jaas/JaasGrantedAuthorityTests.java
@@ -22,7 +22,6 @@ import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import org.springframework.security.authentication.jaas.JaasGrantedAuthority;
 
 /**
- *
  * @author Clement Ng
  *
  */
@@ -32,8 +31,7 @@ public class JaasGrantedAuthorityTests {
 	 */
 	@Test
 	public void authorityWithNullRoleFailsAssertion() {
-		assertThatThrownBy(() -> new JaasGrantedAuthority(null, null))
-				.isInstanceOf(IllegalArgumentException.class)
+		assertThatThrownBy(() -> new JaasGrantedAuthority(null, null)).isInstanceOf(IllegalArgumentException.class)
 				.hasMessageContaining("role cannot be null");
 	}
 
@@ -41,8 +39,8 @@ public class JaasGrantedAuthorityTests {
 	 */
 	@Test
 	public void authorityWithNullPrincipleFailsAssertion() {
-		assertThatThrownBy(() -> new JaasGrantedAuthority("role", null))
-				.isInstanceOf(IllegalArgumentException.class)
+		assertThatThrownBy(() -> new JaasGrantedAuthority("role", null)).isInstanceOf(IllegalArgumentException.class)
 				.hasMessageContaining("principal cannot be null");
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/authentication/jaas/Sec760Tests.java b/core/src/test/java/org/springframework/security/authentication/jaas/Sec760Tests.java
index e1d0010d4a..d33018425c 100644
--- a/core/src/test/java/org/springframework/security/authentication/jaas/Sec760Tests.java
+++ b/core/src/test/java/org/springframework/security/authentication/jaas/Sec760Tests.java
@@ -37,36 +37,31 @@ import org.springframework.security.core.authority.AuthorityUtils;
 public class Sec760Tests {
 
 	public String resolveConfigFile(String filename) {
-		String resName = "/" + getClass().getPackage().getName().replace('.', '/')
-				+ filename;
+		String resName = "/" + getClass().getPackage().getName().replace('.', '/') + filename;
 		return resName;
 	}
 
-	private void testConfigureJaasCase(JaasAuthenticationProvider p1,
-			JaasAuthenticationProvider p2) throws Exception {
+	private void testConfigureJaasCase(JaasAuthenticationProvider p1, JaasAuthenticationProvider p2) throws Exception {
 		p1.setLoginConfig(new ClassPathResource(resolveConfigFile("/test1.conf")));
 		p1.setLoginContextName("test1");
-		p1.setCallbackHandlers(new JaasAuthenticationCallbackHandler[] {
-				new TestCallbackHandler(), new JaasNameCallbackHandler(),
-				new JaasPasswordCallbackHandler() });
+		p1.setCallbackHandlers(new JaasAuthenticationCallbackHandler[] { new TestCallbackHandler(),
+				new JaasNameCallbackHandler(), new JaasPasswordCallbackHandler() });
 		p1.setAuthorityGranters(new AuthorityGranter[] { new TestAuthorityGranter() });
 		p1.afterPropertiesSet();
 		testAuthenticate(p1);
 
 		p2.setLoginConfig(new ClassPathResource(resolveConfigFile("/test2.conf")));
 		p2.setLoginContextName("test2");
-		p2.setCallbackHandlers(new JaasAuthenticationCallbackHandler[] {
-				new TestCallbackHandler(), new JaasNameCallbackHandler(),
-				new JaasPasswordCallbackHandler() });
+		p2.setCallbackHandlers(new JaasAuthenticationCallbackHandler[] { new TestCallbackHandler(),
+				new JaasNameCallbackHandler(), new JaasPasswordCallbackHandler() });
 		p2.setAuthorityGranters(new AuthorityGranter[] { new TestAuthorityGranter() });
 		p2.afterPropertiesSet();
 		testAuthenticate(p2);
 	}
 
 	private void testAuthenticate(JaasAuthenticationProvider p1) {
-		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(
-				"user", "password", AuthorityUtils.createAuthorityList("ROLE_ONE",
-						"ROLE_TWO"));
+		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("user", "password",
+				AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO"));
 
 		Authentication auth = p1.authenticate(token);
 		assertThat(auth).isNotNull();
@@ -74,8 +69,7 @@ public class Sec760Tests {
 
 	@Test
 	public void testConfigureJaas() throws Exception {
-		testConfigureJaasCase(new JaasAuthenticationProvider(),
-				new JaasAuthenticationProvider());
+		testConfigureJaasCase(new JaasAuthenticationProvider(), new JaasAuthenticationProvider());
 	}
 
 }
diff --git a/core/src/test/java/org/springframework/security/authentication/jaas/SecurityContextLoginModuleTests.java b/core/src/test/java/org/springframework/security/authentication/jaas/SecurityContextLoginModuleTests.java
index f34222e28c..9d47287550 100644
--- a/core/src/test/java/org/springframework/security/authentication/jaas/SecurityContextLoginModuleTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/jaas/SecurityContextLoginModuleTests.java
@@ -39,14 +39,16 @@ import static org.assertj.core.api.Assertions.fail;
  * @author Ray Krueger
  */
 public class SecurityContextLoginModuleTests {
+
 	// ~ Instance fields
 	// ================================================================================================
 
 	private SecurityContextLoginModule module = null;
-	private Subject subject = new Subject(false, new HashSet<>(),
-			new HashSet<>(), new HashSet<>());
-	private UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(
-			"principal", "credentials");
+
+	private Subject subject = new Subject(false, new HashSet<>(), new HashSet<>(), new HashSet<>());
+
+	private UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("principal",
+			"credentials");
 
 	// ~ Methods
 	// ========================================================================================================
@@ -66,8 +68,7 @@ public class SecurityContextLoginModuleTests {
 
 	@Test
 	public void testAbort() throws Exception {
-		assertThat(this.module.abort()).as("Should return false, no auth is set")
-				.isFalse();
+		assertThat(this.module.abort()).as("Should return false, no auth is set").isFalse();
 		SecurityContextHolder.getContext().setAuthentication(this.auth);
 		this.module.login();
 		this.module.commit();
@@ -87,11 +88,8 @@ public class SecurityContextLoginModuleTests {
 	@Test
 	public void testLoginSuccess() throws Exception {
 		SecurityContextHolder.getContext().setAuthentication(this.auth);
-		assertThat(this.module.login())
-				.as("Login should succeed, there is an authentication set").isTrue();
-		assertThat(this.module.commit())
-				.withFailMessage(
-						"The authentication is not null, this should return true")
+		assertThat(this.module.login()).as("Login should succeed, there is an authentication set").isTrue();
+		assertThat(this.module.commit()).withFailMessage("The authentication is not null, this should return true")
 				.isTrue();
 		assertThat(this.subject.getPrincipals().contains(this.auth))
 				.withFailMessage("Principals should contain the authentication").isTrue();
@@ -102,13 +100,10 @@ public class SecurityContextLoginModuleTests {
 		SecurityContextHolder.getContext().setAuthentication(this.auth);
 		this.module.login();
 		assertThat(this.module.logout()).as("Should return true as it succeeds").isTrue();
-		assertThat(this.module.getAuthentication()).as("Authentication should be null")
-				.isNull();
+		assertThat(this.module.getAuthentication()).as("Authentication should be null").isNull();
 
 		assertThat(this.subject.getPrincipals().contains(this.auth))
-				.withFailMessage(
-						"Principals should not contain the authentication after logout")
-				.isFalse();
+				.withFailMessage("Principals should not contain the authentication after logout").isFalse();
 	}
 
 	@Test
@@ -131,12 +126,12 @@ public class SecurityContextLoginModuleTests {
 
 		this.module.initialize(this.subject, null, null, options);
 		SecurityContextHolder.getContext().setAuthentication(null);
-		assertThat(this.module.login()).as("Should return false and ask to be ignored")
-				.isFalse();
+		assertThat(this.module.login()).as("Should return false and ask to be ignored").isFalse();
 	}
 
 	@Test
 	public void testNullLogout() throws Exception {
 		assertThat(this.module.logout()).isFalse();
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/authentication/jaas/TestAuthorityGranter.java b/core/src/test/java/org/springframework/security/authentication/jaas/TestAuthorityGranter.java
index 2f82d9ea53..e8ab46cf2a 100644
--- a/core/src/test/java/org/springframework/security/authentication/jaas/TestAuthorityGranter.java
+++ b/core/src/test/java/org/springframework/security/authentication/jaas/TestAuthorityGranter.java
@@ -24,10 +24,10 @@ import java.util.Set;
 import org.springframework.security.authentication.jaas.AuthorityGranter;
 
 /**
- *
  * @author Ray Krueger
  */
 public class TestAuthorityGranter implements AuthorityGranter {
+
 	// ~ Methods
 	// ========================================================================================================
 
@@ -41,4 +41,5 @@ public class TestAuthorityGranter implements AuthorityGranter {
 
 		return rtnSet;
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/authentication/jaas/TestCallbackHandler.java b/core/src/test/java/org/springframework/security/authentication/jaas/TestCallbackHandler.java
index a32494f5fd..1d222f0689 100644
--- a/core/src/test/java/org/springframework/security/authentication/jaas/TestCallbackHandler.java
+++ b/core/src/test/java/org/springframework/security/authentication/jaas/TestCallbackHandler.java
@@ -28,6 +28,7 @@ import javax.security.auth.callback.TextInputCallback;
  * @author Ray Krueger
  */
 public class TestCallbackHandler implements JaasAuthenticationCallbackHandler {
+
 	// ~ Methods
 	// ========================================================================================================
 
@@ -37,4 +38,5 @@ public class TestCallbackHandler implements JaasAuthenticationCallbackHandler {
 			tic.setText(auth.getPrincipal().toString());
 		}
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/authentication/jaas/TestLoginModule.java b/core/src/test/java/org/springframework/security/authentication/jaas/TestLoginModule.java
index 53ff92c19b..d7a6c4f3e3 100644
--- a/core/src/test/java/org/springframework/security/authentication/jaas/TestLoginModule.java
+++ b/core/src/test/java/org/springframework/security/authentication/jaas/TestLoginModule.java
@@ -27,11 +27,14 @@ import javax.security.auth.spi.LoginModule;
  * @author Ray Krueger
  */
 public class TestLoginModule implements LoginModule {
+
 	// ~ Instance fields
 	// ================================================================================================
 
 	private String password;
+
 	private String user;
+
 	private Subject subject;
 
 	// ~ Methods
@@ -46,8 +49,7 @@ public class TestLoginModule implements LoginModule {
 	}
 
 	@SuppressWarnings("unchecked")
-	public void initialize(Subject subject, CallbackHandler callbackHandler,
-			Map sharedState, Map options) {
+	public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) {
 		this.subject = subject;
 
 		try {
@@ -55,8 +57,7 @@ public class TestLoginModule implements LoginModule {
 			NameCallback nameCallback = new NameCallback("prompt");
 			PasswordCallback passwordCallback = new PasswordCallback("prompt", false);
 
-			callbackHandler.handle(new Callback[] { textCallback, nameCallback,
-					passwordCallback });
+			callbackHandler.handle(new Callback[] { textCallback, nameCallback, passwordCallback });
 
 			password = new String(passwordCallback.getPassword());
 			user = nameCallback.getName();
@@ -85,4 +86,5 @@ public class TestLoginModule implements LoginModule {
 	public boolean logout() {
 		return true;
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/authentication/jaas/memory/InMemoryConfigurationTests.java b/core/src/test/java/org/springframework/security/authentication/jaas/memory/InMemoryConfigurationTests.java
index 6384c0a922..7b4a690151 100644
--- a/core/src/test/java/org/springframework/security/authentication/jaas/memory/InMemoryConfigurationTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/jaas/memory/InMemoryConfigurationTests.java
@@ -37,25 +37,22 @@ import static org.assertj.core.api.Assertions.assertThat;
 public class InMemoryConfigurationTests {
 
 	private AppConfigurationEntry[] defaultEntries;
+
 	private Map<String, AppConfigurationEntry[]> mappedEntries;
 
 	@Before
 	public void setUp() {
-		this.defaultEntries = new AppConfigurationEntry[] { new AppConfigurationEntry(
-				TestLoginModule.class.getName(), LoginModuleControlFlag.REQUIRED,
-				Collections.<String, Object>emptyMap()) };
+		this.defaultEntries = new AppConfigurationEntry[] { new AppConfigurationEntry(TestLoginModule.class.getName(),
+				LoginModuleControlFlag.REQUIRED, Collections.<String, Object>emptyMap()) };
 
-		this.mappedEntries = Collections.<String, AppConfigurationEntry[]>singletonMap(
-				"name",
-				new AppConfigurationEntry[] { new AppConfigurationEntry(
-						TestLoginModule.class.getName(), LoginModuleControlFlag.OPTIONAL,
-						Collections.<String, Object>emptyMap()) });
+		this.mappedEntries = Collections.<String, AppConfigurationEntry[]>singletonMap("name",
+				new AppConfigurationEntry[] { new AppConfigurationEntry(TestLoginModule.class.getName(),
+						LoginModuleControlFlag.OPTIONAL, Collections.<String, Object>emptyMap()) });
 	}
 
 	@Test
 	public void constructorNullDefault() {
-		assertThat(new InMemoryConfiguration((AppConfigurationEntry[]) null)
-				.getAppConfigurationEntry("name")).isNull();
+		assertThat(new InMemoryConfiguration((AppConfigurationEntry[]) null).getAppConfigurationEntry("name")).isNull();
 	}
 
 	@Test(expected = IllegalArgumentException.class)
@@ -65,16 +62,14 @@ public class InMemoryConfigurationTests {
 
 	@Test
 	public void constructorEmptyMap() {
-		assertThat(new InMemoryConfiguration(
-				Collections.<String, AppConfigurationEntry[]>emptyMap())
-						.getAppConfigurationEntry("name")).isNull();
+		assertThat(new InMemoryConfiguration(Collections.<String, AppConfigurationEntry[]>emptyMap())
+				.getAppConfigurationEntry("name")).isNull();
 	}
 
 	@Test
 	public void constructorEmptyMapNullDefault() {
-		assertThat(new InMemoryConfiguration(
-				Collections.<String, AppConfigurationEntry[]>emptyMap(), null)
-						.getAppConfigurationEntry("name")).isNull();
+		assertThat(new InMemoryConfiguration(Collections.<String, AppConfigurationEntry[]>emptyMap(), null)
+				.getAppConfigurationEntry("name")).isNull();
 	}
 
 	@Test(expected = IllegalArgumentException.class)
@@ -84,20 +79,15 @@ public class InMemoryConfigurationTests {
 
 	@Test
 	public void nonnullDefault() {
-		InMemoryConfiguration configuration = new InMemoryConfiguration(
-				this.defaultEntries);
-		assertThat(configuration.getAppConfigurationEntry("name"))
-				.isEqualTo(this.defaultEntries);
+		InMemoryConfiguration configuration = new InMemoryConfiguration(this.defaultEntries);
+		assertThat(configuration.getAppConfigurationEntry("name")).isEqualTo(this.defaultEntries);
 	}
 
 	@Test
 	public void mappedNonnullDefault() {
-		InMemoryConfiguration configuration = new InMemoryConfiguration(
-				this.mappedEntries, this.defaultEntries);
-		assertThat(this.defaultEntries)
-				.isEqualTo(configuration.getAppConfigurationEntry("missing"));
-		assertThat(this.mappedEntries.get("name"))
-				.isEqualTo(configuration.getAppConfigurationEntry("name"));
+		InMemoryConfiguration configuration = new InMemoryConfiguration(this.mappedEntries, this.defaultEntries);
+		assertThat(this.defaultEntries).isEqualTo(configuration.getAppConfigurationEntry("missing"));
+		assertThat(this.mappedEntries.get("name")).isEqualTo(configuration.getAppConfigurationEntry("name"));
 	}
 
 	@Test
@@ -105,4 +95,5 @@ public class InMemoryConfigurationTests {
 		Method method = InMemoryConfiguration.class.getDeclaredMethod("refresh");
 		assertThat(method.getDeclaringClass()).isEqualTo(InMemoryConfiguration.class);
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/authentication/rcp/RemoteAuthenticationManagerImplTests.java b/core/src/test/java/org/springframework/security/authentication/rcp/RemoteAuthenticationManagerImplTests.java
index a7f5f25732..cd50afa5b6 100644
--- a/core/src/test/java/org/springframework/security/authentication/rcp/RemoteAuthenticationManagerImplTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/rcp/RemoteAuthenticationManagerImplTests.java
@@ -31,6 +31,7 @@ import org.springframework.security.core.Authentication;
  * @author Ben Alex
  */
 public class RemoteAuthenticationManagerImplTests {
+
 	// ~ Methods
 	// ========================================================================================================
 
@@ -38,8 +39,7 @@ public class RemoteAuthenticationManagerImplTests {
 	public void testFailedAuthenticationReturnsRemoteAuthenticationException() {
 		RemoteAuthenticationManagerImpl manager = new RemoteAuthenticationManagerImpl();
 		AuthenticationManager am = mock(AuthenticationManager.class);
-		when(am.authenticate(any(Authentication.class))).thenThrow(
-				new BadCredentialsException(""));
+		when(am.authenticate(any(Authentication.class))).thenThrow(new BadCredentialsException(""));
 		manager.setAuthenticationManager(am);
 
 		manager.attemptAuthentication("rod", "password");
@@ -65,10 +65,10 @@ public class RemoteAuthenticationManagerImplTests {
 	public void testSuccessfulAuthentication() {
 		RemoteAuthenticationManagerImpl manager = new RemoteAuthenticationManagerImpl();
 		AuthenticationManager am = mock(AuthenticationManager.class);
-		when(am.authenticate(any(Authentication.class))).thenReturn(
-				new TestingAuthenticationToken("u", "p", "A"));
+		when(am.authenticate(any(Authentication.class))).thenReturn(new TestingAuthenticationToken("u", "p", "A"));
 		manager.setAuthenticationManager(am);
 
 		manager.attemptAuthentication("rod", "password");
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/authentication/rcp/RemoteAuthenticationProviderTests.java b/core/src/test/java/org/springframework/security/authentication/rcp/RemoteAuthenticationProviderTests.java
index c66f3b503f..8e35e05037 100644
--- a/core/src/test/java/org/springframework/security/authentication/rcp/RemoteAuthenticationProviderTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/rcp/RemoteAuthenticationProviderTests.java
@@ -34,18 +34,17 @@ import static org.assertj.core.api.Assertions.fail;
  * @author Ben Alex
  */
 public class RemoteAuthenticationProviderTests {
+
 	// ~ Methods
 	// ========================================================================================================
 
 	@Test
 	public void testExceptionsGetPassedBackToCaller() {
 		RemoteAuthenticationProvider provider = new RemoteAuthenticationProvider();
-		provider.setRemoteAuthenticationManager(
-				new MockRemoteAuthenticationManager(false));
+		provider.setRemoteAuthenticationManager(new MockRemoteAuthenticationManager(false));
 
 		try {
-			provider.authenticate(
-					new UsernamePasswordAuthenticationToken("rod", "password"));
+			provider.authenticate(new UsernamePasswordAuthenticationToken("rod", "password"));
 			fail("Should have thrown RemoteAuthenticationException");
 		}
 		catch (RemoteAuthenticationException expected) {
@@ -56,8 +55,7 @@ public class RemoteAuthenticationProviderTests {
 	@Test
 	public void testGettersSetters() {
 		RemoteAuthenticationProvider provider = new RemoteAuthenticationProvider();
-		provider.setRemoteAuthenticationManager(
-				new MockRemoteAuthenticationManager(true));
+		provider.setRemoteAuthenticationManager(new MockRemoteAuthenticationManager(true));
 		assertThat(provider.getRemoteAuthenticationManager()).isNotNull();
 	}
 
@@ -73,8 +71,7 @@ public class RemoteAuthenticationProviderTests {
 
 		}
 
-		provider.setRemoteAuthenticationManager(
-				new MockRemoteAuthenticationManager(true));
+		provider.setRemoteAuthenticationManager(new MockRemoteAuthenticationManager(true));
 		provider.afterPropertiesSet();
 
 	}
@@ -82,11 +79,9 @@ public class RemoteAuthenticationProviderTests {
 	@Test
 	public void testSuccessfulAuthenticationCreatesObject() {
 		RemoteAuthenticationProvider provider = new RemoteAuthenticationProvider();
-		provider.setRemoteAuthenticationManager(
-				new MockRemoteAuthenticationManager(true));
+		provider.setRemoteAuthenticationManager(new MockRemoteAuthenticationManager(true));
 
-		Authentication result = provider
-				.authenticate(new UsernamePasswordAuthenticationToken("rod", "password"));
+		Authentication result = provider.authenticate(new UsernamePasswordAuthenticationToken("rod", "password"));
 		assertThat(result.getPrincipal()).isEqualTo("rod");
 		assertThat(result.getCredentials()).isEqualTo("password");
 		assertThat(AuthorityUtils.authorityListToSet(result.getAuthorities())).contains("foo");
@@ -95,8 +90,7 @@ public class RemoteAuthenticationProviderTests {
 	@Test
 	public void testNullCredentialsDoesNotCauseNullPointerException() {
 		RemoteAuthenticationProvider provider = new RemoteAuthenticationProvider();
-		provider.setRemoteAuthenticationManager(
-				new MockRemoteAuthenticationManager(false));
+		provider.setRemoteAuthenticationManager(new MockRemoteAuthenticationManager(false));
 
 		try {
 			provider.authenticate(new UsernamePasswordAuthenticationToken("rod", null));
@@ -117,14 +111,15 @@ public class RemoteAuthenticationProviderTests {
 	// ==================================================================================================
 
 	private class MockRemoteAuthenticationManager implements RemoteAuthenticationManager {
+
 		private boolean grantAccess;
 
 		MockRemoteAuthenticationManager(boolean grantAccess) {
 			this.grantAccess = grantAccess;
 		}
 
-		public Collection<? extends GrantedAuthority> attemptAuthentication(
-				String username, String password) throws RemoteAuthenticationException {
+		public Collection<? extends GrantedAuthority> attemptAuthentication(String username, String password)
+				throws RemoteAuthenticationException {
 			if (this.grantAccess) {
 				return AuthorityUtils.createAuthorityList("foo");
 			}
@@ -132,5 +127,7 @@ public class RemoteAuthenticationProviderTests {
 				throw new RemoteAuthenticationException("as requested");
 			}
 		}
+
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/authentication/rememberme/RememberMeAuthenticationProviderTests.java b/core/src/test/java/org/springframework/security/authentication/rememberme/RememberMeAuthenticationProviderTests.java
index c6a948e913..e481cb8a91 100644
--- a/core/src/test/java/org/springframework/security/authentication/rememberme/RememberMeAuthenticationProviderTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/rememberme/RememberMeAuthenticationProviderTests.java
@@ -34,15 +34,14 @@ import static org.assertj.core.api.Assertions.fail;
  * @author Ben Alex
  */
 public class RememberMeAuthenticationProviderTests {
+
 	// ~ Methods
 	// ========================================================================================================
 	@Test
 	public void testDetectsAnInvalidKey() {
-		RememberMeAuthenticationProvider aap = new RememberMeAuthenticationProvider(
-				"qwerty");
+		RememberMeAuthenticationProvider aap = new RememberMeAuthenticationProvider("qwerty");
 
-		RememberMeAuthenticationToken token = new RememberMeAuthenticationToken(
-				"WRONG_KEY", "Test",
+		RememberMeAuthenticationToken token = new RememberMeAuthenticationToken("WRONG_KEY", "Test",
 				AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO"));
 
 		try {
@@ -66,19 +65,16 @@ public class RememberMeAuthenticationProviderTests {
 
 	@Test
 	public void testGettersSetters() throws Exception {
-		RememberMeAuthenticationProvider aap = new RememberMeAuthenticationProvider(
-				"qwerty");
+		RememberMeAuthenticationProvider aap = new RememberMeAuthenticationProvider("qwerty");
 		aap.afterPropertiesSet();
 		assertThat(aap.getKey()).isEqualTo("qwerty");
 	}
 
 	@Test
 	public void testIgnoresClassesItDoesNotSupport() {
-		RememberMeAuthenticationProvider aap = new RememberMeAuthenticationProvider(
-				"qwerty");
+		RememberMeAuthenticationProvider aap = new RememberMeAuthenticationProvider("qwerty");
 
-		TestingAuthenticationToken token = new TestingAuthenticationToken("user",
-				"password", "ROLE_A");
+		TestingAuthenticationToken token = new TestingAuthenticationToken("user", "password", "ROLE_A");
 		assertThat(aap.supports(TestingAuthenticationToken.class)).isFalse();
 
 		// Try it anyway
@@ -87,11 +83,10 @@ public class RememberMeAuthenticationProviderTests {
 
 	@Test
 	public void testNormalOperation() {
-		RememberMeAuthenticationProvider aap = new RememberMeAuthenticationProvider(
-				"qwerty");
+		RememberMeAuthenticationProvider aap = new RememberMeAuthenticationProvider("qwerty");
 
-		RememberMeAuthenticationToken token = new RememberMeAuthenticationToken("qwerty",
-				"Test", AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO"));
+		RememberMeAuthenticationToken token = new RememberMeAuthenticationToken("qwerty", "Test",
+				AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO"));
 
 		Authentication result = aap.authenticate(token);
 
@@ -100,9 +95,9 @@ public class RememberMeAuthenticationProviderTests {
 
 	@Test
 	public void testSupports() {
-		RememberMeAuthenticationProvider aap = new RememberMeAuthenticationProvider(
-				"qwerty");
+		RememberMeAuthenticationProvider aap = new RememberMeAuthenticationProvider("qwerty");
 		assertThat(aap.supports(RememberMeAuthenticationToken.class)).isTrue();
 		assertThat(aap.supports(TestingAuthenticationToken.class)).isFalse();
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/authentication/rememberme/RememberMeAuthenticationTokenTests.java b/core/src/test/java/org/springframework/security/authentication/rememberme/RememberMeAuthenticationTokenTests.java
index dcd7ac2c8c..b5ef5417d4 100644
--- a/core/src/test/java/org/springframework/security/authentication/rememberme/RememberMeAuthenticationTokenTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/rememberme/RememberMeAuthenticationTokenTests.java
@@ -16,7 +16,6 @@
 
 package org.springframework.security.authentication.rememberme;
 
-
 import static org.assertj.core.api.Assertions.*;
 
 import java.util.ArrayList;
@@ -34,8 +33,8 @@ import org.springframework.security.core.authority.AuthorityUtils;
  * @author Ben Alex
  */
 public class RememberMeAuthenticationTokenTests {
-	private static final List<GrantedAuthority> ROLES_12 = AuthorityUtils
-			.createAuthorityList("ROLE_ONE", "ROLE_TWO");
+
+	private static final List<GrantedAuthority> ROLES_12 = AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO");
 
 	// ~ Methods
 	// ========================================================================================================
@@ -70,18 +69,15 @@ public class RememberMeAuthenticationTokenTests {
 
 	@Test
 	public void testEqualsWhenEqual() {
-		RememberMeAuthenticationToken token1 = new RememberMeAuthenticationToken("key",
-				"Test", ROLES_12);
-		RememberMeAuthenticationToken token2 = new RememberMeAuthenticationToken("key",
-				"Test", ROLES_12);
+		RememberMeAuthenticationToken token1 = new RememberMeAuthenticationToken("key", "Test", ROLES_12);
+		RememberMeAuthenticationToken token2 = new RememberMeAuthenticationToken("key", "Test", ROLES_12);
 
 		assertThat(token2).isEqualTo(token1);
 	}
 
 	@Test
 	public void testGetters() {
-		RememberMeAuthenticationToken token = new RememberMeAuthenticationToken("key",
-				"Test", ROLES_12);
+		RememberMeAuthenticationToken token = new RememberMeAuthenticationToken("key", "Test", ROLES_12);
 
 		assertThat(token.getKeyHash()).isEqualTo("key".hashCode());
 		assertThat(token.getPrincipal()).isEqualTo("Test");
@@ -93,40 +89,36 @@ public class RememberMeAuthenticationTokenTests {
 
 	@Test
 	public void testNotEqualsDueToAbstractParentEqualsCheck() {
-		RememberMeAuthenticationToken token1 = new RememberMeAuthenticationToken("key",
-				"Test", ROLES_12);
-		RememberMeAuthenticationToken token2 = new RememberMeAuthenticationToken("key",
-				"DIFFERENT_PRINCIPAL", ROLES_12);
+		RememberMeAuthenticationToken token1 = new RememberMeAuthenticationToken("key", "Test", ROLES_12);
+		RememberMeAuthenticationToken token2 = new RememberMeAuthenticationToken("key", "DIFFERENT_PRINCIPAL",
+				ROLES_12);
 
 		assertThat(token1.equals(token2)).isFalse();
 	}
 
 	@Test
 	public void testNotEqualsDueToDifferentAuthenticationClass() {
-		RememberMeAuthenticationToken token1 = new RememberMeAuthenticationToken("key",
-				"Test", ROLES_12);
-		UsernamePasswordAuthenticationToken token2 = new UsernamePasswordAuthenticationToken(
-				"Test", "Password", ROLES_12);
+		RememberMeAuthenticationToken token1 = new RememberMeAuthenticationToken("key", "Test", ROLES_12);
+		UsernamePasswordAuthenticationToken token2 = new UsernamePasswordAuthenticationToken("Test", "Password",
+				ROLES_12);
 
 		assertThat(token1.equals(token2)).isFalse();
 	}
 
 	@Test
 	public void testNotEqualsDueToKey() {
-		RememberMeAuthenticationToken token1 = new RememberMeAuthenticationToken("key",
-				"Test", ROLES_12);
-		RememberMeAuthenticationToken token2 = new RememberMeAuthenticationToken(
-				"DIFFERENT_KEY", "Test", ROLES_12);
+		RememberMeAuthenticationToken token1 = new RememberMeAuthenticationToken("key", "Test", ROLES_12);
+		RememberMeAuthenticationToken token2 = new RememberMeAuthenticationToken("DIFFERENT_KEY", "Test", ROLES_12);
 
 		assertThat(token1.equals(token2)).isFalse();
 	}
 
 	@Test
 	public void testSetAuthenticatedIgnored() {
-		RememberMeAuthenticationToken token = new RememberMeAuthenticationToken("key",
-				"Test", ROLES_12);
+		RememberMeAuthenticationToken token = new RememberMeAuthenticationToken("key", "Test", ROLES_12);
 		assertThat(token.isAuthenticated()).isTrue();
 		token.setAuthenticated(false);
 		assertThat(!token.isAuthenticated()).isTrue();
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/authorization/AuthenticatedReactiveAuthorizationManagerTests.java b/core/src/test/java/org/springframework/security/authorization/AuthenticatedReactiveAuthorizationManagerTests.java
index cb05abb276..4b2d9867d9 100644
--- a/core/src/test/java/org/springframework/security/authorization/AuthenticatedReactiveAuthorizationManagerTests.java
+++ b/core/src/test/java/org/springframework/security/authorization/AuthenticatedReactiveAuthorizationManagerTests.java
@@ -35,11 +35,12 @@ import static org.mockito.Mockito.when;
  */
 @RunWith(MockitoJUnitRunner.class)
 public class AuthenticatedReactiveAuthorizationManagerTests {
+
 	@Mock
 	Authentication authentication;
 
 	AuthenticatedReactiveAuthorizationManager<Object> manager = AuthenticatedReactiveAuthorizationManager
-		.authenticated();
+			.authenticated();
 
 	@Test
 	public void checkWhenAuthenticatedThenReturnTrue() {
@@ -77,9 +78,7 @@ public class AuthenticatedReactiveAuthorizationManagerTests {
 	public void checkWhenErrorThenError() {
 		Mono<AuthorizationDecision> result = manager.check(Mono.error(new RuntimeException("ooops")), null);
 
-		StepVerifier
-			.create(result)
-			.expectError()
-			.verify();
+		StepVerifier.create(result).expectError().verify();
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/authorization/AuthorityReactiveAuthorizationManagerTests.java b/core/src/test/java/org/springframework/security/authorization/AuthorityReactiveAuthorizationManagerTests.java
index 2fb371fa35..8fddc9d217 100644
--- a/core/src/test/java/org/springframework/security/authorization/AuthorityReactiveAuthorizationManagerTests.java
+++ b/core/src/test/java/org/springframework/security/authorization/AuthorityReactiveAuthorizationManagerTests.java
@@ -36,11 +36,11 @@ import static org.mockito.Mockito.when;
  */
 @RunWith(MockitoJUnitRunner.class)
 public class AuthorityReactiveAuthorizationManagerTests {
+
 	@Mock
 	Authentication authentication;
 
-	AuthorityReactiveAuthorizationManager<Object> manager = AuthorityReactiveAuthorizationManager
-		.hasAuthority("ADMIN");
+	AuthorityReactiveAuthorizationManager<Object> manager = AuthorityReactiveAuthorizationManager.hasAuthority("ADMIN");
 
 	@Test
 	public void checkWhenHasAuthorityAndNotAuthenticatedThenReturnFalse() {
@@ -60,10 +60,7 @@ public class AuthorityReactiveAuthorizationManagerTests {
 	public void checkWhenHasAuthorityAndErrorThenError() {
 		Mono<AuthorizationDecision> result = manager.check(Mono.error(new RuntimeException("ooops")), null);
 
-		StepVerifier
-			.create(result)
-			.expectError()
-			.verify();
+		StepVerifier.create(result).expectError().verify();
 	}
 
 	@Test
@@ -171,4 +168,5 @@ public class AuthorityReactiveAuthorizationManagerTests {
 		String authority2 = null;
 		AuthorityReactiveAuthorizationManager.hasAnyAuthority(authority1, authority2);
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextExecutorServiceTests.java b/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextExecutorServiceTests.java
index a88d1dadab..e2df987e42 100644
--- a/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextExecutorServiceTests.java
+++ b/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextExecutorServiceTests.java
@@ -39,10 +39,12 @@ import org.mockito.Mock;
  * @see CurrentDelegatingSecurityContextExecutorServiceTests
  * @see ExplicitDelegatingSecurityContextExecutorServiceTests
  */
-public abstract class AbstractDelegatingSecurityContextExecutorServiceTests extends
-		AbstractDelegatingSecurityContextExecutorTests {
+public abstract class AbstractDelegatingSecurityContextExecutorServiceTests
+		extends AbstractDelegatingSecurityContextExecutorTests {
+
 	@Mock
 	private Future<Object> expectedFutureObject;
+
 	@Mock
 	private Object resultArg;
 
@@ -89,8 +91,7 @@ public abstract class AbstractDelegatingSecurityContextExecutorServiceTests exte
 	public void awaitTermination() throws InterruptedException {
 		boolean result = executor.awaitTermination(1, TimeUnit.SECONDS);
 		verify(delegate).awaitTermination(1, TimeUnit.SECONDS);
-		assertThat(result).isEqualTo(delegate.awaitTermination(1, TimeUnit.SECONDS))
-				.isNotNull();
+		assertThat(result).isEqualTo(delegate.awaitTermination(1, TimeUnit.SECONDS)).isNotNull();
 	}
 
 	@Test
@@ -103,8 +104,7 @@ public abstract class AbstractDelegatingSecurityContextExecutorServiceTests exte
 
 	@Test
 	public void submitRunnableWithResult() {
-		when(delegate.submit(wrappedRunnable, resultArg))
-				.thenReturn(expectedFutureObject);
+		when(delegate.submit(wrappedRunnable, resultArg)).thenReturn(expectedFutureObject);
 		Future<Object> result = executor.submit(runnable, resultArg);
 		verify(delegate).submit(wrappedRunnable, resultArg);
 		assertThat(result).isEqualTo(expectedFutureObject);
@@ -113,8 +113,7 @@ public abstract class AbstractDelegatingSecurityContextExecutorServiceTests exte
 	@Test
 	@SuppressWarnings("unchecked")
 	public void submitRunnable() {
-		when((Future<Object>) delegate.submit(wrappedRunnable)).thenReturn(
-				expectedFutureObject);
+		when((Future<Object>) delegate.submit(wrappedRunnable)).thenReturn(expectedFutureObject);
 		Future<?> result = executor.submit(runnable);
 		verify(delegate).submit(wrappedRunnable);
 		assertThat(result).isEqualTo(expectedFutureObject);
@@ -136,10 +135,8 @@ public abstract class AbstractDelegatingSecurityContextExecutorServiceTests exte
 	public void invokeAllTimeout() throws Exception {
 		List<Future<Object>> exectedResult = Arrays.asList(expectedFutureObject);
 		List<Callable<Object>> wrappedCallables = Arrays.asList(wrappedCallable);
-		when(delegate.invokeAll(wrappedCallables, 1, TimeUnit.SECONDS)).thenReturn(
-				exectedResult);
-		List<Future<Object>> result = executor.invokeAll(Arrays.asList(callable), 1,
-				TimeUnit.SECONDS);
+		when(delegate.invokeAll(wrappedCallables, 1, TimeUnit.SECONDS)).thenReturn(exectedResult);
+		List<Future<Object>> result = executor.invokeAll(Arrays.asList(callable), 1, TimeUnit.SECONDS);
 		verify(delegate).invokeAll(wrappedCallables, 1, TimeUnit.SECONDS);
 		assertThat(result).isEqualTo(exectedResult);
 	}
@@ -160,12 +157,12 @@ public abstract class AbstractDelegatingSecurityContextExecutorServiceTests exte
 	public void invokeAnyTimeout() throws Exception {
 		List<Future<Object>> exectedResult = Arrays.asList(expectedFutureObject);
 		List<Callable<Object>> wrappedCallables = Arrays.asList(wrappedCallable);
-		when(delegate.invokeAny(wrappedCallables, 1, TimeUnit.SECONDS)).thenReturn(
-				exectedResult);
+		when(delegate.invokeAny(wrappedCallables, 1, TimeUnit.SECONDS)).thenReturn(exectedResult);
 		Object result = executor.invokeAny(Arrays.asList(callable), 1, TimeUnit.SECONDS);
 		verify(delegate).invokeAny(wrappedCallables, 1, TimeUnit.SECONDS);
 		assertThat(result).isEqualTo(exectedResult);
 	}
 
 	protected abstract DelegatingSecurityContextExecutorService create();
+
 }
diff --git a/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextExecutorTests.java b/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextExecutorTests.java
index 3e3dfc5d4e..6932a78920 100644
--- a/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextExecutorTests.java
+++ b/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextExecutorTests.java
@@ -33,8 +33,9 @@ import org.mockito.Mock;
  * @see CurrentDelegatingSecurityContextExecutorTests
  * @see ExplicitDelegatingSecurityContextExecutorTests
  */
-public abstract class AbstractDelegatingSecurityContextExecutorTests extends
-		AbstractDelegatingSecurityContextTestSupport {
+public abstract class AbstractDelegatingSecurityContextExecutorTests
+		extends AbstractDelegatingSecurityContextTestSupport {
+
 	@Mock
 	protected ScheduledExecutorService delegate;
 
@@ -61,4 +62,5 @@ public abstract class AbstractDelegatingSecurityContextExecutorTests extends
 	}
 
 	protected abstract DelegatingSecurityContextExecutor create();
+
 }
diff --git a/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextScheduledExecutorServiceTests.java b/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextScheduledExecutorServiceTests.java
index ec0d114bb7..a02b3f2500 100644
--- a/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextScheduledExecutorServiceTests.java
+++ b/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextScheduledExecutorServiceTests.java
@@ -38,6 +38,7 @@ import org.mockito.Mock;
  */
 public abstract class AbstractDelegatingSecurityContextScheduledExecutorServiceTests
 		extends AbstractDelegatingSecurityContextExecutorServiceTests {
+
 	@Mock
 	private ScheduledFuture<Object> expectedResult;
 
@@ -51,9 +52,8 @@ public abstract class AbstractDelegatingSecurityContextScheduledExecutorServiceT
 	@Test
 	@SuppressWarnings("unchecked")
 	public void scheduleRunnable() {
-		when(
-				(ScheduledFuture<Object>) delegate.schedule(wrappedRunnable, 1,
-						TimeUnit.SECONDS)).thenReturn(expectedResult);
+		when((ScheduledFuture<Object>) delegate.schedule(wrappedRunnable, 1, TimeUnit.SECONDS))
+				.thenReturn(expectedResult);
 		ScheduledFuture<?> result = executor.schedule(runnable, 1, TimeUnit.SECONDS);
 		assertThat(result).isEqualTo(expectedResult);
 		verify(delegate).schedule(wrappedRunnable, 1, TimeUnit.SECONDS);
@@ -61,9 +61,7 @@ public abstract class AbstractDelegatingSecurityContextScheduledExecutorServiceT
 
 	@Test
 	public void scheduleCallable() {
-		when(
-				delegate.schedule(wrappedCallable, 1,
-						TimeUnit.SECONDS)).thenReturn(expectedResult);
+		when(delegate.schedule(wrappedCallable, 1, TimeUnit.SECONDS)).thenReturn(expectedResult);
 		ScheduledFuture<Object> result = executor.schedule(callable, 1, TimeUnit.SECONDS);
 		assertThat(result).isEqualTo(expectedResult);
 		verify(delegate).schedule(wrappedCallable, 1, TimeUnit.SECONDS);
@@ -72,11 +70,9 @@ public abstract class AbstractDelegatingSecurityContextScheduledExecutorServiceT
 	@Test
 	@SuppressWarnings("unchecked")
 	public void scheduleAtFixedRate() {
-		when(
-				(ScheduledFuture<Object>) delegate.scheduleAtFixedRate(wrappedRunnable,
-						1, 2, TimeUnit.SECONDS)).thenReturn(expectedResult);
-		ScheduledFuture<?> result = executor.scheduleAtFixedRate(runnable, 1, 2,
-				TimeUnit.SECONDS);
+		when((ScheduledFuture<Object>) delegate.scheduleAtFixedRate(wrappedRunnable, 1, 2, TimeUnit.SECONDS))
+				.thenReturn(expectedResult);
+		ScheduledFuture<?> result = executor.scheduleAtFixedRate(runnable, 1, 2, TimeUnit.SECONDS);
 		assertThat(result).isEqualTo(expectedResult);
 		verify(delegate).scheduleAtFixedRate(wrappedRunnable, 1, 2, TimeUnit.SECONDS);
 	}
@@ -84,16 +80,14 @@ public abstract class AbstractDelegatingSecurityContextScheduledExecutorServiceT
 	@Test
 	@SuppressWarnings("unchecked")
 	public void scheduleWithFixedDelay() {
-		when(
-				(ScheduledFuture<Object>) delegate.scheduleWithFixedDelay(
-						wrappedRunnable, 1, 2, TimeUnit.SECONDS)).thenReturn(
-				expectedResult);
-		ScheduledFuture<?> result = executor.scheduleWithFixedDelay(runnable, 1, 2,
-				TimeUnit.SECONDS);
+		when((ScheduledFuture<Object>) delegate.scheduleWithFixedDelay(wrappedRunnable, 1, 2, TimeUnit.SECONDS))
+				.thenReturn(expectedResult);
+		ScheduledFuture<?> result = executor.scheduleWithFixedDelay(runnable, 1, 2, TimeUnit.SECONDS);
 		assertThat(result).isEqualTo(expectedResult);
 		verify(delegate).scheduleWithFixedDelay(wrappedRunnable, 1, 2, TimeUnit.SECONDS);
 	}
 
 	@Override
 	protected abstract DelegatingSecurityContextScheduledExecutorService create();
+
 }
diff --git a/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextTestSupport.java b/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextTestSupport.java
index cead9643bb..2f048529ae 100644
--- a/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextTestSupport.java
+++ b/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextTestSupport.java
@@ -41,9 +41,9 @@ import org.springframework.security.core.context.SecurityContextHolder;
  *
  */
 @RunWith(PowerMockRunner.class)
-@PrepareForTest({ DelegatingSecurityContextRunnable.class,
-		DelegatingSecurityContextCallable.class })
+@PrepareForTest({ DelegatingSecurityContextRunnable.class, DelegatingSecurityContextCallable.class })
 public abstract class AbstractDelegatingSecurityContextTestSupport {
+
 	@Mock
 	protected SecurityContext securityContext;
 
@@ -67,20 +67,18 @@ public abstract class AbstractDelegatingSecurityContextTestSupport {
 
 	public final void explicitSecurityContextPowermockSetup() throws Exception {
 		spy(DelegatingSecurityContextCallable.class);
-		doReturn(wrappedCallable).when(DelegatingSecurityContextCallable.class, "create",
-				eq(callable), securityContextCaptor.capture());
+		doReturn(wrappedCallable).when(DelegatingSecurityContextCallable.class, "create", eq(callable),
+				securityContextCaptor.capture());
 		spy(DelegatingSecurityContextRunnable.class);
-		doReturn(wrappedRunnable).when(DelegatingSecurityContextRunnable.class, "create",
-				eq(runnable), securityContextCaptor.capture());
+		doReturn(wrappedRunnable).when(DelegatingSecurityContextRunnable.class, "create", eq(runnable),
+				securityContextCaptor.capture());
 	}
 
 	public final void currentSecurityContextPowermockSetup() throws Exception {
 		spy(DelegatingSecurityContextCallable.class);
-		doReturn(wrappedCallable).when(DelegatingSecurityContextCallable.class, "create",
-				callable, null);
+		doReturn(wrappedCallable).when(DelegatingSecurityContextCallable.class, "create", callable, null);
 		spy(DelegatingSecurityContextRunnable.class);
-		doReturn(wrappedRunnable).when(DelegatingSecurityContextRunnable.class, "create",
-				runnable, null);
+		doReturn(wrappedRunnable).when(DelegatingSecurityContextRunnable.class, "create", runnable, null);
 	}
 
 	@Before
@@ -92,4 +90,5 @@ public abstract class AbstractDelegatingSecurityContextTestSupport {
 	public final void clearContext() {
 		SecurityContextHolder.clearContext();
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/concurrent/CurrentDelegatingSecurityContextExecutorServiceTests.java b/core/src/test/java/org/springframework/security/concurrent/CurrentDelegatingSecurityContextExecutorServiceTests.java
index 6e757524ff..dc99dd7e23 100644
--- a/core/src/test/java/org/springframework/security/concurrent/CurrentDelegatingSecurityContextExecutorServiceTests.java
+++ b/core/src/test/java/org/springframework/security/concurrent/CurrentDelegatingSecurityContextExecutorServiceTests.java
@@ -25,8 +25,8 @@ import org.junit.Before;
  * @since 3.2
  *
  */
-public class CurrentDelegatingSecurityContextExecutorServiceTests extends
-		AbstractDelegatingSecurityContextExecutorServiceTests {
+public class CurrentDelegatingSecurityContextExecutorServiceTests
+		extends AbstractDelegatingSecurityContextExecutorServiceTests {
 
 	@Before
 	public void setUp() throws Exception {
@@ -37,4 +37,5 @@ public class CurrentDelegatingSecurityContextExecutorServiceTests extends
 	protected DelegatingSecurityContextExecutorService create() {
 		return new DelegatingSecurityContextExecutorService(delegate);
 	}
+
 }
\ No newline at end of file
diff --git a/core/src/test/java/org/springframework/security/concurrent/CurrentDelegatingSecurityContextExecutorTests.java b/core/src/test/java/org/springframework/security/concurrent/CurrentDelegatingSecurityContextExecutorTests.java
index 6e25d87ef9..69e3a42cb9 100644
--- a/core/src/test/java/org/springframework/security/concurrent/CurrentDelegatingSecurityContextExecutorTests.java
+++ b/core/src/test/java/org/springframework/security/concurrent/CurrentDelegatingSecurityContextExecutorTests.java
@@ -25,8 +25,7 @@ import org.junit.Before;
  * @since 3.2
  *
  */
-public class CurrentDelegatingSecurityContextExecutorTests extends
-		AbstractDelegatingSecurityContextExecutorTests {
+public class CurrentDelegatingSecurityContextExecutorTests extends AbstractDelegatingSecurityContextExecutorTests {
 
 	@Before
 	public void setUp() throws Exception {
@@ -37,4 +36,5 @@ public class CurrentDelegatingSecurityContextExecutorTests extends
 	protected DelegatingSecurityContextExecutor create() {
 		return new DelegatingSecurityContextExecutor(getExecutor());
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/concurrent/CurrentDelegatingSecurityContextScheduledExecutorServiceTests.java b/core/src/test/java/org/springframework/security/concurrent/CurrentDelegatingSecurityContextScheduledExecutorServiceTests.java
index 29b19cc47b..c0b7dd2d77 100644
--- a/core/src/test/java/org/springframework/security/concurrent/CurrentDelegatingSecurityContextScheduledExecutorServiceTests.java
+++ b/core/src/test/java/org/springframework/security/concurrent/CurrentDelegatingSecurityContextScheduledExecutorServiceTests.java
@@ -25,8 +25,8 @@ import org.junit.Before;
  * @since 3.2
  *
  */
-public class CurrentDelegatingSecurityContextScheduledExecutorServiceTests extends
-		AbstractDelegatingSecurityContextScheduledExecutorServiceTests {
+public class CurrentDelegatingSecurityContextScheduledExecutorServiceTests
+		extends AbstractDelegatingSecurityContextScheduledExecutorServiceTests {
 
 	@Before
 	public void setUp() throws Exception {
diff --git a/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextCallableTests.java b/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextCallableTests.java
index f121c47e91..5ee2b80b75 100644
--- a/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextCallableTests.java
+++ b/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextCallableTests.java
@@ -36,16 +36,18 @@ import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.core.context.SecurityContextHolder;
 
 /**
- *
  * @author Rob Winch
  * @since 3.2
  */
 @RunWith(MockitoJUnitRunner.class)
 public class DelegatingSecurityContextCallableTests {
+
 	@Mock
 	private Callable<Object> delegate;
+
 	@Mock
 	private SecurityContext securityContext;
+
 	@Mock
 	private Object callableResult;
 
@@ -100,8 +102,7 @@ public class DelegatingSecurityContextCallableTests {
 
 	@Test
 	public void call() throws Exception {
-		callable = new DelegatingSecurityContextCallable<>(delegate,
-				securityContext);
+		callable = new DelegatingSecurityContextCallable<>(delegate, securityContext);
 		assertWrapped(callable);
 	}
 
@@ -119,8 +120,7 @@ public class DelegatingSecurityContextCallableTests {
 	public void callOnSameThread() throws Exception {
 		originalSecurityContext = securityContext;
 		SecurityContextHolder.setContext(originalSecurityContext);
-		callable = new DelegatingSecurityContextCallable<>(delegate,
-				securityContext);
+		callable = new DelegatingSecurityContextCallable<>(delegate, securityContext);
 		assertWrapped(callable.call());
 	}
 
@@ -156,8 +156,7 @@ public class DelegatingSecurityContextCallableTests {
 	// SEC-2682
 	@Test
 	public void toStringDelegates() {
-		callable = new DelegatingSecurityContextCallable<>(delegate,
-				securityContext);
+		callable = new DelegatingSecurityContextCallable<>(delegate, securityContext);
 		assertThat(callable.toString()).isEqualTo(delegate.toString());
 	}
 
@@ -168,7 +167,7 @@ public class DelegatingSecurityContextCallableTests {
 
 	private void assertWrapped(Object callableResult) throws Exception {
 		verify(delegate).call();
-		assertThat(SecurityContextHolder.getContext()).isEqualTo(
-				originalSecurityContext);
+		assertThat(SecurityContextHolder.getContext()).isEqualTo(originalSecurityContext);
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextRunnableTests.java b/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextRunnableTests.java
index 0540b568a9..2e92014df1 100644
--- a/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextRunnableTests.java
+++ b/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextRunnableTests.java
@@ -36,16 +36,18 @@ import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.core.context.SecurityContextHolder;
 
 /**
- *
  * @author Rob Winch
  * @since 3.2
  */
 @RunWith(MockitoJUnitRunner.class)
 public class DelegatingSecurityContextRunnableTests {
+
 	@Mock
 	private Runnable delegate;
+
 	@Mock
 	private SecurityContext securityContext;
+
 	@Mock
 	private Object callableResult;
 
@@ -116,8 +118,7 @@ public class DelegatingSecurityContextRunnableTests {
 		originalSecurityContext = securityContext;
 		SecurityContextHolder.setContext(originalSecurityContext);
 		executor = synchronousExecutor();
-		runnable = new DelegatingSecurityContextRunnable(delegate,
-				securityContext);
+		runnable = new DelegatingSecurityContextRunnable(delegate, securityContext);
 		assertWrapped(runnable);
 	}
 
@@ -161,11 +162,11 @@ public class DelegatingSecurityContextRunnableTests {
 		Future<?> submit = executor.submit(runnable);
 		submit.get();
 		verify(delegate).run();
-		assertThat(SecurityContextHolder.getContext()).isEqualTo(
-				originalSecurityContext);
+		assertThat(SecurityContextHolder.getContext()).isEqualTo(originalSecurityContext);
 	}
 
 	private static ExecutorService synchronousExecutor() {
 		return new ExecutorServiceAdapter(new SyncTaskExecutor());
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextSupportTests.java b/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextSupportTests.java
index f18ecb1c9c..5bb2c7330d 100644
--- a/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextSupportTests.java
+++ b/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextSupportTests.java
@@ -21,13 +21,12 @@ import org.junit.Test;
 import org.springframework.security.core.context.SecurityContext;
 
 /**
- *
  * @author Rob Winch
  * @since 3.2
  *
  */
-public class DelegatingSecurityContextSupportTests extends
-		AbstractDelegatingSecurityContextTestSupport {
+public class DelegatingSecurityContextSupportTests extends AbstractDelegatingSecurityContextTestSupport {
+
 	private AbstractDelegatingSecurityContextSupport support;
 
 	@Test
@@ -60,10 +59,12 @@ public class DelegatingSecurityContextSupportTests extends
 		assertThat(support.wrap(runnable)).isSameAs(wrappedRunnable);
 	}
 
-	private static class ConcreteDelegatingSecurityContextSupport extends
-			AbstractDelegatingSecurityContextSupport {
+	private static class ConcreteDelegatingSecurityContextSupport extends AbstractDelegatingSecurityContextSupport {
+
 		ConcreteDelegatingSecurityContextSupport(SecurityContext securityContext) {
 			super(securityContext);
 		}
+
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/concurrent/ExplicitDelegatingSecurityContextExecutorServiceTests.java b/core/src/test/java/org/springframework/security/concurrent/ExplicitDelegatingSecurityContextExecutorServiceTests.java
index 46f4d2be28..925308fa8a 100644
--- a/core/src/test/java/org/springframework/security/concurrent/ExplicitDelegatingSecurityContextExecutorServiceTests.java
+++ b/core/src/test/java/org/springframework/security/concurrent/ExplicitDelegatingSecurityContextExecutorServiceTests.java
@@ -25,8 +25,8 @@ import org.junit.Before;
  * @since 3.2
  *
  */
-public class ExplicitDelegatingSecurityContextExecutorServiceTests extends
-		AbstractDelegatingSecurityContextExecutorServiceTests {
+public class ExplicitDelegatingSecurityContextExecutorServiceTests
+		extends AbstractDelegatingSecurityContextExecutorServiceTests {
 
 	@Before
 	public void setUp() throws Exception {
@@ -37,4 +37,5 @@ public class ExplicitDelegatingSecurityContextExecutorServiceTests extends
 	protected DelegatingSecurityContextExecutorService create() {
 		return new DelegatingSecurityContextExecutorService(delegate, securityContext);
 	}
+
 }
\ No newline at end of file
diff --git a/core/src/test/java/org/springframework/security/concurrent/ExplicitDelegatingSecurityContextExecutorTests.java b/core/src/test/java/org/springframework/security/concurrent/ExplicitDelegatingSecurityContextExecutorTests.java
index f4eb4fc0bd..adbda1e0c8 100644
--- a/core/src/test/java/org/springframework/security/concurrent/ExplicitDelegatingSecurityContextExecutorTests.java
+++ b/core/src/test/java/org/springframework/security/concurrent/ExplicitDelegatingSecurityContextExecutorTests.java
@@ -26,8 +26,7 @@ import org.springframework.security.core.context.SecurityContext;
  * @since 3.2
  *
  */
-public class ExplicitDelegatingSecurityContextExecutorTests extends
-		AbstractDelegatingSecurityContextExecutorTests {
+public class ExplicitDelegatingSecurityContextExecutorTests extends AbstractDelegatingSecurityContextExecutorTests {
 
 	@Before
 	public void setUp() throws Exception {
@@ -38,4 +37,5 @@ public class ExplicitDelegatingSecurityContextExecutorTests extends
 	protected DelegatingSecurityContextExecutor create() {
 		return new DelegatingSecurityContextExecutor(getExecutor(), securityContext);
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/concurrent/ExplicitDelegatingSecurityContextScheduledExecutorServiceTests.java b/core/src/test/java/org/springframework/security/concurrent/ExplicitDelegatingSecurityContextScheduledExecutorServiceTests.java
index a8058a6e0a..10076665e1 100644
--- a/core/src/test/java/org/springframework/security/concurrent/ExplicitDelegatingSecurityContextScheduledExecutorServiceTests.java
+++ b/core/src/test/java/org/springframework/security/concurrent/ExplicitDelegatingSecurityContextScheduledExecutorServiceTests.java
@@ -26,8 +26,8 @@ import org.springframework.security.core.context.SecurityContext;
  * @since 3.2
  *
  */
-public class ExplicitDelegatingSecurityContextScheduledExecutorServiceTests extends
-		AbstractDelegatingSecurityContextScheduledExecutorServiceTests {
+public class ExplicitDelegatingSecurityContextScheduledExecutorServiceTests
+		extends AbstractDelegatingSecurityContextScheduledExecutorServiceTests {
 
 	@Before
 	public void setUp() throws Exception {
@@ -36,7 +36,7 @@ public class ExplicitDelegatingSecurityContextScheduledExecutorServiceTests exte
 
 	@Override
 	protected DelegatingSecurityContextScheduledExecutorService create() {
-		return new DelegatingSecurityContextScheduledExecutorService(delegate,
-				securityContext);
+		return new DelegatingSecurityContextScheduledExecutorService(delegate, securityContext);
 	}
+
 }
\ No newline at end of file
diff --git a/core/src/test/java/org/springframework/security/context/DelegatingApplicationListenerTests.java b/core/src/test/java/org/springframework/security/context/DelegatingApplicationListenerTests.java
index ed3cd8bbdc..a15367dc53 100644
--- a/core/src/test/java/org/springframework/security/context/DelegatingApplicationListenerTests.java
+++ b/core/src/test/java/org/springframework/security/context/DelegatingApplicationListenerTests.java
@@ -30,6 +30,7 @@ import static org.mockito.Mockito.when;
 
 @RunWith(MockitoJUnitRunner.class)
 public class DelegatingApplicationListenerTests {
+
 	@Mock
 	SmartApplicationListener delegate;
 
diff --git a/core/src/test/java/org/springframework/security/converter/RsaKeyConvertersTests.java b/core/src/test/java/org/springframework/security/converter/RsaKeyConvertersTests.java
index 90a4450149..62017aa038 100644
--- a/core/src/test/java/org/springframework/security/converter/RsaKeyConvertersTests.java
+++ b/core/src/test/java/org/springframework/security/converter/RsaKeyConvertersTests.java
@@ -33,63 +33,60 @@ import org.springframework.core.convert.converter.Converter;
  * Tests for {@link RsaKeyConverters}
  */
 public class RsaKeyConvertersTests {
-	private static final String PKCS8_PRIVATE_KEY = "-----BEGIN PRIVATE KEY-----\n" +
-			"MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCMk7CKSTfu3QoV\n" +
-			"HoPVXxwZO+qweztd36cVWYqGOZinrOR2crWFu50AgR2CsdIH0+cqo7F4Vx7/3O8i\n" +
-			"RpYYZPe2VoO5sumzJt8P6fS80/TAKjhJDAqgZKRJTgGN8KxCM6p/aJli1ZeDBqiV\n" +
-			"v7vJJe+ZgJuPGRS+HMNa/wPxEkqqXsglcJcQV1ZEtfKXSHB7jizKpRL38185SyAC\n" +
-			"pwyjvBu6Cmm1URfhQo88mf239ONh4dZ2HoDfzN1q6Ssu4F4hgutxr9B0DVLDP5u+\n" +
-			"WFrm3nsJ76zf99uJ+ntMUHJ+bY+gOjSlVWIVBIZeAaEGKCNWRk/knjvjbijpvm3U\n" +
-			"acGlgdL3AgMBAAECggEACxxxS7zVyu91qI2s5eSKmAQAXMqgup6+2hUluc47nqUv\n" +
-			"uZz/c/6MPkn2Ryo+65d4IgqmMFjSfm68B/2ER5FTcvoLl1Xo2twrrVpUmcg3BClS\n" +
-			"IZPuExdhVNnxjYKEWwcyZrehyAoR261fDdcFxLRW588efIUC+rPTTRHzAc7sT+Ln\n" +
-			"t/uFeYNWJm3LaegOLoOmlMAhJ5puAWSN1F0FxtRf/RVgzbLA9QC975SKHJsfWCSr\n" +
-			"IZyPsdeaqomKaF65l8nfqlE0Ua2L35gIOGKjUwb7uUE8nI362RWMtYdoi3zDDyoY\n" +
-			"hSFbgjylCHDM0u6iSh6KfqOHtkYyJ8tUYgVWl787wQKBgQDYO3wL7xuDdD101Lyl\n" +
-			"AnaDdFB9fxp83FG1cWr+t7LYm9YxGfEUsKHAJXN6TIayDkOOoVwIl+Gz0T3Z06Bm\n" +
-			"eBGLrB9mrVA7+C7NJwu5gTMlzP6HxUR9zKJIQ/VB1NUGM77LSmvOFbHc9Q0+z8EH\n" +
-			"X5WO516a3Z7lNtZJcCoPOtu2rwKBgQCmbj41Fh+SSEUApCEKms5ETRpe7LXQlJgx\n" +
-			"yW7zcJNNuIb1C3vBLPxjiOTMgYKOeMg5rtHTGLT43URHLh9ArjawasjSAr4AM3J4\n" +
-			"xpoi/sKGDdiKOsuDWIGfzdYL8qyTHSdpZLQsCTMRiRYgAHZFPgNa7SLZRfZicGlr\n" +
-			"GHN1rJW6OQKBgEjiM/upyrJSWeypUDSmUeAZMpA6aWkwsfHgmtnkfUn5rQa74cDB\n" +
-			"kKO9e+D7LmOR3z+SL/1NhGwh2SE07dncGr3jdGodfO/ZxZyszozmeaECKcEFwwJM\n" +
-			"GV8WWPKplGwUwPiwywmZ0mvRxXcoe73KgBS88+xrSwWjqDL0tZiQlEJNAoGATkei\n" +
-			"GMQMG3jEg9Wu+NbxV6zQT3+U0MNjhl9RQU1c63x0dcNt9OFc4NAdlZcAulRTENaK\n" +
-			"OHjxffBM0hH+fySx8m53gFfr2BpaqDX5f6ZGBlly1SlsWZ4CchCVsc71nshipi7I\n" +
-			"k8HL9F5/OpQdDNprJ5RMBNfkWE65Nrcsb1e6oPkCgYAxwgdiSOtNg8PjDVDmAhwT\n" +
-			"Mxj0Dtwi2fAqQ76RVrrXpNp3uCOIAu4CfruIb5llcJ3uak0ZbnWri32AxSgk80y3\n" +
-			"EWiRX/WEDu5znejF+5O3pI02atWWcnxifEKGGlxwkcMbQdA67MlrJLFaSnnGpNXo\n" +
-			"yPfcul058SOqhafIZQMEKQ==\n" +
-			"-----END PRIVATE KEY-----";
 
-	private static final String PKCS1_PRIVATE_KEY =
-			"-----BEGIN RSA PRIVATE KEY-----\n" +
-			"MIICWwIBAAKBgQDdlatRjRjogo3WojgGHFHYLugdUWAY9iR3fy4arWNA1KoS8kVw\n" +
-			"33cJibXr8bvwUAUparCwlvdbH6dvEOfou0/gCFQsHUfQrSDv+MuSUMAe8jzKE4qW\n" +
-			"+jK+xQU9a03GUnKHkkle+Q0pX/g6jXZ7r1/xAK5Do2kQ+X5xK9cipRgEKwIDAQAB\n" +
-			"AoGAD+onAtVye4ic7VR7V50DF9bOnwRwNXrARcDhq9LWNRrRGElESYYTQ6EbatXS\n" +
-			"3MCyjjX2eMhu/aF5YhXBwkppwxg+EOmXeh+MzL7Zh284OuPbkglAaGhV9bb6/5Cp\n" +
-			"uGb1esyPbYW+Ty2PC0GSZfIXkXs76jXAu9TOBvD0ybc2YlkCQQDywg2R/7t3Q2OE\n" +
-			"2+yo382CLJdrlSLVROWKwb4tb2PjhY4XAwV8d1vy0RenxTB+K5Mu57uVSTHtrMK0\n" +
-			"GAtFr833AkEA6avx20OHo61Yela/4k5kQDtjEf1N0LfI+BcWZtxsS3jDM3i1Hp0K\n" +
-			"Su5rsCPb8acJo5RO26gGVrfAsDcIXKC+bQJAZZ2XIpsitLyPpuiMOvBbzPavd4gY\n" +
-			"6Z8KWrfYzJoI/Q9FuBo6rKwl4BFoToD7WIUS+hpkagwWiz+6zLoX1dbOZwJACmH5\n" +
-			"fSSjAkLRi54PKJ8TFUeOP15h9sQzydI8zJU+upvDEKZsZc/UhT/SySDOxQ4G/523\n" +
-			"Y0sz/OZtSWcol/UMgQJALesy++GdvoIDLfJX5GBQpuFgFenRiRDabxrE9MNUZ2aP\n" +
-			"FaFp+DyAe+b4nDwuJaW2LURbr8AEZga7oQj0uYxcYw==\n" +
-			"-----END RSA PRIVATE KEY-----";
+	private static final String PKCS8_PRIVATE_KEY = "-----BEGIN PRIVATE KEY-----\n"
+			+ "MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCMk7CKSTfu3QoV\n"
+			+ "HoPVXxwZO+qweztd36cVWYqGOZinrOR2crWFu50AgR2CsdIH0+cqo7F4Vx7/3O8i\n"
+			+ "RpYYZPe2VoO5sumzJt8P6fS80/TAKjhJDAqgZKRJTgGN8KxCM6p/aJli1ZeDBqiV\n"
+			+ "v7vJJe+ZgJuPGRS+HMNa/wPxEkqqXsglcJcQV1ZEtfKXSHB7jizKpRL38185SyAC\n"
+			+ "pwyjvBu6Cmm1URfhQo88mf239ONh4dZ2HoDfzN1q6Ssu4F4hgutxr9B0DVLDP5u+\n"
+			+ "WFrm3nsJ76zf99uJ+ntMUHJ+bY+gOjSlVWIVBIZeAaEGKCNWRk/knjvjbijpvm3U\n"
+			+ "acGlgdL3AgMBAAECggEACxxxS7zVyu91qI2s5eSKmAQAXMqgup6+2hUluc47nqUv\n"
+			+ "uZz/c/6MPkn2Ryo+65d4IgqmMFjSfm68B/2ER5FTcvoLl1Xo2twrrVpUmcg3BClS\n"
+			+ "IZPuExdhVNnxjYKEWwcyZrehyAoR261fDdcFxLRW588efIUC+rPTTRHzAc7sT+Ln\n"
+			+ "t/uFeYNWJm3LaegOLoOmlMAhJ5puAWSN1F0FxtRf/RVgzbLA9QC975SKHJsfWCSr\n"
+			+ "IZyPsdeaqomKaF65l8nfqlE0Ua2L35gIOGKjUwb7uUE8nI362RWMtYdoi3zDDyoY\n"
+			+ "hSFbgjylCHDM0u6iSh6KfqOHtkYyJ8tUYgVWl787wQKBgQDYO3wL7xuDdD101Lyl\n"
+			+ "AnaDdFB9fxp83FG1cWr+t7LYm9YxGfEUsKHAJXN6TIayDkOOoVwIl+Gz0T3Z06Bm\n"
+			+ "eBGLrB9mrVA7+C7NJwu5gTMlzP6HxUR9zKJIQ/VB1NUGM77LSmvOFbHc9Q0+z8EH\n"
+			+ "X5WO516a3Z7lNtZJcCoPOtu2rwKBgQCmbj41Fh+SSEUApCEKms5ETRpe7LXQlJgx\n"
+			+ "yW7zcJNNuIb1C3vBLPxjiOTMgYKOeMg5rtHTGLT43URHLh9ArjawasjSAr4AM3J4\n"
+			+ "xpoi/sKGDdiKOsuDWIGfzdYL8qyTHSdpZLQsCTMRiRYgAHZFPgNa7SLZRfZicGlr\n"
+			+ "GHN1rJW6OQKBgEjiM/upyrJSWeypUDSmUeAZMpA6aWkwsfHgmtnkfUn5rQa74cDB\n"
+			+ "kKO9e+D7LmOR3z+SL/1NhGwh2SE07dncGr3jdGodfO/ZxZyszozmeaECKcEFwwJM\n"
+			+ "GV8WWPKplGwUwPiwywmZ0mvRxXcoe73KgBS88+xrSwWjqDL0tZiQlEJNAoGATkei\n"
+			+ "GMQMG3jEg9Wu+NbxV6zQT3+U0MNjhl9RQU1c63x0dcNt9OFc4NAdlZcAulRTENaK\n"
+			+ "OHjxffBM0hH+fySx8m53gFfr2BpaqDX5f6ZGBlly1SlsWZ4CchCVsc71nshipi7I\n"
+			+ "k8HL9F5/OpQdDNprJ5RMBNfkWE65Nrcsb1e6oPkCgYAxwgdiSOtNg8PjDVDmAhwT\n"
+			+ "Mxj0Dtwi2fAqQ76RVrrXpNp3uCOIAu4CfruIb5llcJ3uak0ZbnWri32AxSgk80y3\n"
+			+ "EWiRX/WEDu5znejF+5O3pI02atWWcnxifEKGGlxwkcMbQdA67MlrJLFaSnnGpNXo\n" + "yPfcul058SOqhafIZQMEKQ==\n"
+			+ "-----END PRIVATE KEY-----";
 
-	private static final String X509_PUBLIC_KEY =
-			"-----BEGIN PUBLIC KEY-----\n" +
-			"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDdlatRjRjogo3WojgGHFHYLugd\n" +
-			"UWAY9iR3fy4arWNA1KoS8kVw33cJibXr8bvwUAUparCwlvdbH6dvEOfou0/gCFQs\n" +
-			"HUfQrSDv+MuSUMAe8jzKE4qW+jK+xQU9a03GUnKHkkle+Q0pX/g6jXZ7r1/xAK5D\n" +
-			"o2kQ+X5xK9cipRgEKwIDAQAB\n" +
-			"-----END PUBLIC KEY-----";
+	private static final String PKCS1_PRIVATE_KEY = "-----BEGIN RSA PRIVATE KEY-----\n"
+			+ "MIICWwIBAAKBgQDdlatRjRjogo3WojgGHFHYLugdUWAY9iR3fy4arWNA1KoS8kVw\n"
+			+ "33cJibXr8bvwUAUparCwlvdbH6dvEOfou0/gCFQsHUfQrSDv+MuSUMAe8jzKE4qW\n"
+			+ "+jK+xQU9a03GUnKHkkle+Q0pX/g6jXZ7r1/xAK5Do2kQ+X5xK9cipRgEKwIDAQAB\n"
+			+ "AoGAD+onAtVye4ic7VR7V50DF9bOnwRwNXrARcDhq9LWNRrRGElESYYTQ6EbatXS\n"
+			+ "3MCyjjX2eMhu/aF5YhXBwkppwxg+EOmXeh+MzL7Zh284OuPbkglAaGhV9bb6/5Cp\n"
+			+ "uGb1esyPbYW+Ty2PC0GSZfIXkXs76jXAu9TOBvD0ybc2YlkCQQDywg2R/7t3Q2OE\n"
+			+ "2+yo382CLJdrlSLVROWKwb4tb2PjhY4XAwV8d1vy0RenxTB+K5Mu57uVSTHtrMK0\n"
+			+ "GAtFr833AkEA6avx20OHo61Yela/4k5kQDtjEf1N0LfI+BcWZtxsS3jDM3i1Hp0K\n"
+			+ "Su5rsCPb8acJo5RO26gGVrfAsDcIXKC+bQJAZZ2XIpsitLyPpuiMOvBbzPavd4gY\n"
+			+ "6Z8KWrfYzJoI/Q9FuBo6rKwl4BFoToD7WIUS+hpkagwWiz+6zLoX1dbOZwJACmH5\n"
+			+ "fSSjAkLRi54PKJ8TFUeOP15h9sQzydI8zJU+upvDEKZsZc/UhT/SySDOxQ4G/523\n"
+			+ "Y0sz/OZtSWcol/UMgQJALesy++GdvoIDLfJX5GBQpuFgFenRiRDabxrE9MNUZ2aP\n"
+			+ "FaFp+DyAe+b4nDwuJaW2LURbr8AEZga7oQj0uYxcYw==\n" + "-----END RSA PRIVATE KEY-----";
+
+	private static final String X509_PUBLIC_KEY = "-----BEGIN PUBLIC KEY-----\n"
+			+ "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDdlatRjRjogo3WojgGHFHYLugd\n"
+			+ "UWAY9iR3fy4arWNA1KoS8kVw33cJibXr8bvwUAUparCwlvdbH6dvEOfou0/gCFQs\n"
+			+ "HUfQrSDv+MuSUMAe8jzKE4qW+jK+xQU9a03GUnKHkkle+Q0pX/g6jXZ7r1/xAK5D\n" + "o2kQ+X5xK9cipRgEKwIDAQAB\n"
+			+ "-----END PUBLIC KEY-----";
 
 	private static final String MALFORMED_X509_KEY = "malformed";
 
 	private final Converter<InputStream, RSAPublicKey> x509 = RsaKeyConverters.x509();
+
 	private final Converter<InputStream, RSAPrivateKey> pkcs8 = RsaKeyConverters.pkcs8();
 
 	@Test
@@ -120,4 +117,5 @@ public class RsaKeyConvertersTests {
 	private static InputStream toInputStream(String string) {
 		return new ByteArrayInputStream(string.getBytes(StandardCharsets.UTF_8));
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/core/JavaVersionTests.java b/core/src/test/java/org/springframework/security/core/JavaVersionTests.java
index f7a6ab7057..c9d2dbd645 100644
--- a/core/src/test/java/org/springframework/security/core/JavaVersionTests.java
+++ b/core/src/test/java/org/springframework/security/core/JavaVersionTests.java
@@ -23,7 +23,6 @@ import java.io.InputStream;
 import static org.assertj.core.api.Assertions.assertThat;
 
 /**
- *
  * @author Rob Winch
  *
  */
@@ -47,4 +46,5 @@ public class JavaVersionTests {
 			assertThat(major).isEqualTo(JDK8_CLASS_VERSION);
 		}
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/core/SpringSecurityCoreVersionTests.java b/core/src/test/java/org/springframework/security/core/SpringSecurityCoreVersionTests.java
index 27d137b690..3d8eb20c6d 100644
--- a/core/src/test/java/org/springframework/security/core/SpringSecurityCoreVersionTests.java
+++ b/core/src/test/java/org/springframework/security/core/SpringSecurityCoreVersionTests.java
@@ -71,8 +71,7 @@ public class SpringSecurityCoreVersionTests {
 		String version = System.getProperty("springSecurityVersion");
 
 		// Strip patch version
-		String serialVersion = String.valueOf(
-				SpringSecurityCoreVersion.SERIAL_VERSION_UID).substring(0, 2);
+		String serialVersion = String.valueOf(SpringSecurityCoreVersion.SERIAL_VERSION_UID).substring(0, 2);
 
 		assertThat(serialVersion.charAt(0)).isEqualTo(version.charAt(0));
 		assertThat(serialVersion.charAt(1)).isEqualTo(version.charAt(2));
@@ -165,7 +164,7 @@ public class SpringSecurityCoreVersionTests {
 	}
 
 	private void performChecks(String minSpringVersion) throws Exception {
-		Whitebox.invokeMethod(SpringSecurityCoreVersion.class, "performVersionChecks",
-				minSpringVersion);
+		Whitebox.invokeMethod(SpringSecurityCoreVersion.class, "performVersionChecks", minSpringVersion);
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/core/SpringSecurityMessageSourceTests.java b/core/src/test/java/org/springframework/security/core/SpringSecurityMessageSourceTests.java
index dca405de83..909ab4e9cf 100644
--- a/core/src/test/java/org/springframework/security/core/SpringSecurityMessageSourceTests.java
+++ b/core/src/test/java/org/springframework/security/core/SpringSecurityMessageSourceTests.java
@@ -35,8 +35,7 @@ public class SpringSecurityMessageSourceTests {
 	public void testOperation() {
 		SpringSecurityMessageSource msgs = new SpringSecurityMessageSource();
 		assertThat("\u4E0D\u5141\u8BB8\u8BBF\u95EE").isEqualTo(
-				msgs.getMessage("AbstractAccessDecisionManager.accessDenied", null,
-						Locale.SIMPLIFIED_CHINESE));
+				msgs.getMessage("AbstractAccessDecisionManager.accessDenied", null, Locale.SIMPLIFIED_CHINESE));
 	}
 
 	@Test
@@ -47,9 +46,8 @@ public class SpringSecurityMessageSourceTests {
 
 		// Cause a message to be generated
 		MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
-		assertThat("Le jeton nonce est compromis FOOBAR").isEqualTo(
-				messages.getMessage("DigestAuthenticationFilter.nonceCompromised",
-						new Object[] { "FOOBAR" }, "ERROR - FAILED TO LOOKUP"));
+		assertThat("Le jeton nonce est compromis FOOBAR").isEqualTo(messages.getMessage(
+				"DigestAuthenticationFilter.nonceCompromised", new Object[] { "FOOBAR" }, "ERROR - FAILED TO LOOKUP"));
 
 		// Revert to original Locale
 		LocaleContextHolder.setLocale(before);
@@ -65,11 +63,12 @@ public class SpringSecurityMessageSourceTests {
 		LocaleContextHolder.setLocale(Locale.US);
 
 		MessageSourceAccessor msgs = SpringSecurityMessageSource.getAccessor();
-		assertThat("Access is denied").isEqualTo(
-				msgs.getMessage("AbstractAccessDecisionManager.accessDenied", "Ooops"));
+		assertThat("Access is denied")
+				.isEqualTo(msgs.getMessage("AbstractAccessDecisionManager.accessDenied", "Ooops"));
 
 		// Revert to original Locale
 		Locale.setDefault(beforeSystem);
 		LocaleContextHolder.setLocale(beforeHolder);
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/core/authority/AuthorityUtilsTests.java b/core/src/test/java/org/springframework/security/core/authority/AuthorityUtilsTests.java
index 34ad79bf24..52248befcd 100644
--- a/core/src/test/java/org/springframework/security/core/authority/AuthorityUtilsTests.java
+++ b/core/src/test/java/org/springframework/security/core/authority/AuthorityUtilsTests.java
@@ -42,4 +42,5 @@ public class AuthorityUtilsTests {
 		assertThat(authorities.contains("ROLE_A")).isTrue();
 		assertThat(authorities.contains("ROLE_D")).isTrue();
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/core/authority/mapping/MapBasedAttributes2GrantedAuthoritiesMapperTests.java b/core/src/test/java/org/springframework/security/core/authority/mapping/MapBasedAttributes2GrantedAuthoritiesMapperTests.java
index dba49f94a2..7c35d547fa 100644
--- a/core/src/test/java/org/springframework/security/core/authority/mapping/MapBasedAttributes2GrantedAuthoritiesMapperTests.java
+++ b/core/src/test/java/org/springframework/security/core/authority/mapping/MapBasedAttributes2GrantedAuthoritiesMapperTests.java
@@ -24,7 +24,6 @@ import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import java.util.*;
 
 /**
- *
  * @author Ruud Senden
  */
 @SuppressWarnings("unchecked")
@@ -164,10 +163,10 @@ public class MapBasedAttributes2GrantedAuthoritiesMapperTests {
 
 	@Test
 	public void testMappingCombination() throws Exception {
-		String[] roles = { "role1", "role2", "role3", "role4", "role5", "role6", "role7",
-				"role8", "role9", "role10", "role11" };
-		String[] expectedGas = { "ga1", "ga2", "ga3", "ga4", "ga5", "ga6", "ga7", "ga8",
-				"ga9", "ga10", "ga11", "ga12", "ga13", "ga14" };
+		String[] roles = { "role1", "role2", "role3", "role4", "role5", "role6", "role7", "role8", "role9", "role10",
+				"role11" };
+		String[] expectedGas = { "ga1", "ga2", "ga3", "ga4", "ga5", "ga6", "ga7", "ga8", "ga9", "ga10", "ga11", "ga12",
+				"ga13", "ga14" };
 		testGetGrantedAuthorities(getDefaultMapper(), roles, expectedGas);
 	}
 
@@ -177,10 +176,8 @@ public class MapBasedAttributes2GrantedAuthoritiesMapperTests {
 		m.put("role2", new SimpleGrantedAuthority("ga2"));
 		m.put("role3", Arrays.asList("ga3", new SimpleGrantedAuthority("ga4")));
 		m.put("role4", "ga5,ga6");
-		m.put("role5", Arrays.asList("ga7", "ga8",
-				new Object[] { new SimpleGrantedAuthority("ga9") }));
-		m.put("role6", new Object[] { "ga10", "ga11",
-				new Object[] { new SimpleGrantedAuthority("ga12") } });
+		m.put("role5", Arrays.asList("ga7", "ga8", new Object[] { new SimpleGrantedAuthority("ga9") }));
+		m.put("role6", new Object[] { "ga10", "ga11", new Object[] { new SimpleGrantedAuthority("ga12") } });
 		m.put("role7", new String[] { "ga13", "ga14" });
 		m.put("role8", new String[] { "ga13", "ga14", null });
 		m.put("role9", null);
@@ -189,25 +186,24 @@ public class MapBasedAttributes2GrantedAuthoritiesMapperTests {
 		return m;
 	}
 
-	private MapBasedAttributes2GrantedAuthoritiesMapper getDefaultMapper()
-			throws Exception {
+	private MapBasedAttributes2GrantedAuthoritiesMapper getDefaultMapper() throws Exception {
 		MapBasedAttributes2GrantedAuthoritiesMapper mapper = new MapBasedAttributes2GrantedAuthoritiesMapper();
 		mapper.setAttributes2grantedAuthoritiesMap(getValidAttributes2GrantedAuthoritiesMap());
 		mapper.afterPropertiesSet();
 		return mapper;
 	}
 
-	private void testGetGrantedAuthorities(
-			MapBasedAttributes2GrantedAuthoritiesMapper mapper, String[] roles,
+	private void testGetGrantedAuthorities(MapBasedAttributes2GrantedAuthoritiesMapper mapper, String[] roles,
 			String[] expectedGas) {
-		List<GrantedAuthority> result = mapper
-				.getGrantedAuthorities(Arrays.asList(roles));
+		List<GrantedAuthority> result = mapper.getGrantedAuthorities(Arrays.asList(roles));
 		Collection resultColl = new ArrayList(result.size());
 		for (GrantedAuthority auth : result) {
 			resultColl.add(auth.getAuthority());
 		}
 		Collection expectedColl = Arrays.asList(expectedGas);
-		assertThat(resultColl.containsAll(expectedColl)).withFailMessage("Role collections should match; result: " + resultColl
-				+ ", expected: " + expectedColl).isTrue();
+		assertThat(resultColl.containsAll(expectedColl))
+				.withFailMessage("Role collections should match; result: " + resultColl + ", expected: " + expectedColl)
+				.isTrue();
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/core/authority/mapping/SimpleAuthoritiesMapperTests.java b/core/src/test/java/org/springframework/security/core/authority/mapping/SimpleAuthoritiesMapperTests.java
index c70474b70e..6a5ed58e8b 100644
--- a/core/src/test/java/org/springframework/security/core/authority/mapping/SimpleAuthoritiesMapperTests.java
+++ b/core/src/test/java/org/springframework/security/core/authority/mapping/SimpleAuthoritiesMapperTests.java
@@ -39,8 +39,8 @@ public class SimpleAuthoritiesMapperTests {
 	@Test
 	public void defaultPrefixIsCorrectlyApplied() {
 		SimpleAuthorityMapper mapper = new SimpleAuthorityMapper();
-		Set<String> mapped = AuthorityUtils.authorityListToSet(mapper
-				.mapAuthorities(AuthorityUtils.createAuthorityList("AaA", "ROLE_bbb")));
+		Set<String> mapped = AuthorityUtils
+				.authorityListToSet(mapper.mapAuthorities(AuthorityUtils.createAuthorityList("AaA", "ROLE_bbb")));
 		assertThat(mapped.contains("ROLE_AaA")).isTrue();
 		assertThat(mapped.contains("ROLE_bbb")).isTrue();
 	}
@@ -50,8 +50,7 @@ public class SimpleAuthoritiesMapperTests {
 		SimpleAuthorityMapper mapper = new SimpleAuthorityMapper();
 		mapper.setPrefix("");
 		List<GrantedAuthority> toMap = AuthorityUtils.createAuthorityList("AaA", "Bbb");
-		Set<String> mapped = AuthorityUtils.authorityListToSet(mapper
-				.mapAuthorities(toMap));
+		Set<String> mapped = AuthorityUtils.authorityListToSet(mapper.mapAuthorities(toMap));
 		assertThat(mapped).hasSize(2);
 		assertThat(mapped.contains("AaA")).isTrue();
 		assertThat(mapped.contains("Bbb")).isTrue();
@@ -75,8 +74,8 @@ public class SimpleAuthoritiesMapperTests {
 		SimpleAuthorityMapper mapper = new SimpleAuthorityMapper();
 		mapper.setConvertToUpperCase(true);
 
-		Set<String> mapped = AuthorityUtils.authorityListToSet(mapper
-				.mapAuthorities(AuthorityUtils.createAuthorityList("AaA", "AAA")));
+		Set<String> mapped = AuthorityUtils
+				.authorityListToSet(mapper.mapAuthorities(AuthorityUtils.createAuthorityList("AaA", "AAA")));
 		assertThat(mapped).hasSize(1);
 	}
 
@@ -84,9 +83,9 @@ public class SimpleAuthoritiesMapperTests {
 	public void defaultAuthorityIsAssignedIfSet() {
 		SimpleAuthorityMapper mapper = new SimpleAuthorityMapper();
 		mapper.setDefaultAuthority("ROLE_USER");
-		Set<String> mapped = AuthorityUtils.authorityListToSet(mapper
-				.mapAuthorities(AuthorityUtils.NO_AUTHORITIES));
+		Set<String> mapped = AuthorityUtils.authorityListToSet(mapper.mapAuthorities(AuthorityUtils.NO_AUTHORITIES));
 		assertThat(mapped).hasSize(1);
 		assertThat(mapped.contains("ROLE_USER")).isTrue();
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/core/authority/mapping/SimpleMappableRolesRetrieverTests.java b/core/src/test/java/org/springframework/security/core/authority/mapping/SimpleMappableRolesRetrieverTests.java
index 3bee9e2f02..ee569b3bfe 100644
--- a/core/src/test/java/org/springframework/security/core/authority/mapping/SimpleMappableRolesRetrieverTests.java
+++ b/core/src/test/java/org/springframework/security/core/authority/mapping/SimpleMappableRolesRetrieverTests.java
@@ -23,7 +23,6 @@ import org.junit.Test;
 import org.springframework.util.StringUtils;
 
 /**
- *
  * @author TSARDD
  * @since 18-okt-2007
  */
@@ -35,10 +34,8 @@ public class SimpleMappableRolesRetrieverTests {
 		SimpleMappableAttributesRetriever r = new SimpleMappableAttributesRetriever();
 		r.setMappableAttributes(roles);
 		Set<String> result = r.getMappableAttributes();
-		assertThat(
-				roles.containsAll(result) && result.containsAll(roles)).withFailMessage(
-						"Role collections do not match; result: " + result
-								+ ", expected: " + roles).isTrue();
+		assertThat(roles.containsAll(result) && result.containsAll(roles))
+				.withFailMessage("Role collections do not match; result: " + result + ", expected: " + roles).isTrue();
 	}
 
 }
diff --git a/core/src/test/java/org/springframework/security/core/authority/mapping/SimpleRoles2GrantedAuthoritiesMapperTests.java b/core/src/test/java/org/springframework/security/core/authority/mapping/SimpleRoles2GrantedAuthoritiesMapperTests.java
index 7388c594fb..07b61b5e22 100644
--- a/core/src/test/java/org/springframework/security/core/authority/mapping/SimpleRoles2GrantedAuthoritiesMapperTests.java
+++ b/core/src/test/java/org/springframework/security/core/authority/mapping/SimpleRoles2GrantedAuthoritiesMapperTests.java
@@ -23,7 +23,6 @@ import org.springframework.security.core.GrantedAuthority;
 import java.util.*;
 
 /**
- *
  * @author TSARDD
  * @since 18-okt-2007
  */
@@ -123,19 +122,17 @@ public class SimpleRoles2GrantedAuthoritiesMapperTests {
 		testGetGrantedAuthorities(mapper, roles, expectedGas);
 	}
 
-	private void testGetGrantedAuthorities(
-			SimpleAttributes2GrantedAuthoritiesMapper mapper, String[] roles,
+	private void testGetGrantedAuthorities(SimpleAttributes2GrantedAuthoritiesMapper mapper, String[] roles,
 			String[] expectedGas) {
-		List<GrantedAuthority> result = mapper
-				.getGrantedAuthorities(Arrays.asList(roles));
+		List<GrantedAuthority> result = mapper.getGrantedAuthorities(Arrays.asList(roles));
 		Collection<String> resultColl = new ArrayList<>(result.size());
 		for (GrantedAuthority grantedAuthority : result) {
 			resultColl.add(grantedAuthority.getAuthority());
 		}
 		Collection<String> expectedColl = Arrays.asList(expectedGas);
-		assertThat(expectedColl.containsAll(resultColl)
-				&& resultColl.containsAll(expectedColl)).withFailMessage("Role collections do not match; result: " + resultColl
-				+ ", expected: " + expectedColl).isTrue();
+		assertThat(expectedColl.containsAll(resultColl) && resultColl.containsAll(expectedColl))
+				.withFailMessage("Role collections do not match; result: " + resultColl + ", expected: " + expectedColl)
+				.isTrue();
 	}
 
 	private SimpleAttributes2GrantedAuthoritiesMapper getDefaultMapper() {
diff --git a/core/src/test/java/org/springframework/security/core/context/ReactiveSecurityContextHolderTests.java b/core/src/test/java/org/springframework/security/core/context/ReactiveSecurityContextHolderTests.java
index 92414c6668..86770b215f 100644
--- a/core/src/test/java/org/springframework/security/core/context/ReactiveSecurityContextHolderTests.java
+++ b/core/src/test/java/org/springframework/security/core/context/ReactiveSecurityContextHolderTests.java
@@ -32,22 +32,19 @@ public class ReactiveSecurityContextHolderTests {
 	public void getContextWhenEmpty() {
 		Mono<SecurityContext> context = ReactiveSecurityContextHolder.getContext();
 
-		StepVerifier.create(context)
-			.verifyComplete();
+		StepVerifier.create(context).verifyComplete();
 	}
 
 	@Test
 	public void setContextAndGetContextThenEmitsContext() {
 		SecurityContext expectedContext = new SecurityContextImpl(
-			new TestingAuthenticationToken("user", "password", "ROLE_USER"));
+				new TestingAuthenticationToken("user", "password", "ROLE_USER"));
 
 		Mono<SecurityContext> context = Mono.subscriberContext()
-			.flatMap( c -> ReactiveSecurityContextHolder.getContext())
-			.subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(expectedContext)));
+				.flatMap(c -> ReactiveSecurityContextHolder.getContext())
+				.subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(expectedContext)));
 
-		StepVerifier.create(context)
-			.expectNext(expectedContext)
-			.verifyComplete();
+		StepVerifier.create(context).expectNext(expectedContext).verifyComplete();
 	}
 
 	@Test
@@ -55,14 +52,11 @@ public class ReactiveSecurityContextHolderTests {
 		Authentication authentication = new TestingAuthenticationToken("user", "password", "ROLE_USER");
 
 		Mono<String> messageByUsername = ReactiveSecurityContextHolder.getContext()
-			.map(SecurityContext::getAuthentication)
-			.map(Authentication::getName)
-			.flatMap(this::findMessageByUsername)
-			.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication));
+				.map(SecurityContext::getAuthentication).map(Authentication::getName)
+				.flatMap(this::findMessageByUsername)
+				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication));
 
-		StepVerifier.create(messageByUsername)
-			.expectNext("Hi user")
-			.verifyComplete();
+		StepVerifier.create(messageByUsername).expectNext("Hi user").verifyComplete();
 	}
 
 	private Mono<String> findMessageByUsername(String username) {
@@ -72,29 +66,25 @@ public class ReactiveSecurityContextHolderTests {
 	@Test
 	public void setContextAndClearAndGetContextThenEmitsEmpty() {
 		SecurityContext expectedContext = new SecurityContextImpl(
-			new TestingAuthenticationToken("user", "password", "ROLE_USER"));
+				new TestingAuthenticationToken("user", "password", "ROLE_USER"));
 
 		Mono<SecurityContext> context = Mono.subscriberContext()
-			.flatMap( c -> ReactiveSecurityContextHolder.getContext())
-			.subscriberContext(ReactiveSecurityContextHolder.clearContext())
-			.subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(expectedContext)));
+				.flatMap(c -> ReactiveSecurityContextHolder.getContext())
+				.subscriberContext(ReactiveSecurityContextHolder.clearContext())
+				.subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(expectedContext)));
 
-		StepVerifier.create(context)
-			.verifyComplete();
+		StepVerifier.create(context).verifyComplete();
 	}
 
 	@Test
 	public void setAuthenticationAndGetContextThenEmitsContext() {
-		Authentication expectedAuthentication = new TestingAuthenticationToken("user",
-			"password", "ROLE_USER");
+		Authentication expectedAuthentication = new TestingAuthenticationToken("user", "password", "ROLE_USER");
 
 		Mono<Authentication> authentication = Mono.subscriberContext()
-			.flatMap( c -> ReactiveSecurityContextHolder.getContext())
-			.map(SecurityContext::getAuthentication)
-			.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(expectedAuthentication));
+				.flatMap(c -> ReactiveSecurityContextHolder.getContext()).map(SecurityContext::getAuthentication)
+				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(expectedAuthentication));
 
-		StepVerifier.create(authentication)
-			.expectNext(expectedAuthentication)
-			.verifyComplete();
+		StepVerifier.create(authentication).expectNext(expectedAuthentication).verifyComplete();
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/core/context/SecurityContextHolderTests.java b/core/src/test/java/org/springframework/security/core/context/SecurityContextHolderTests.java
index 00a1b2cf6e..b1141b60c9 100644
--- a/core/src/test/java/org/springframework/security/core/context/SecurityContextHolderTests.java
+++ b/core/src/test/java/org/springframework/security/core/context/SecurityContextHolderTests.java
@@ -34,8 +34,7 @@ public class SecurityContextHolderTests {
 	// ========================================================================================================
 	@Before
 	public final void setUp() {
-		SecurityContextHolder
-				.setStrategyName(SecurityContextHolder.MODE_INHERITABLETHREADLOCAL);
+		SecurityContextHolder.setStrategyName(SecurityContextHolder.MODE_INHERITABLETHREADLOCAL);
 	}
 
 	@Test
@@ -65,4 +64,5 @@ public class SecurityContextHolderTests {
 
 		}
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/core/context/SecurityContextImplTests.java b/core/src/test/java/org/springframework/security/core/context/SecurityContextImplTests.java
index 2cd01bf098..e012fb4a12 100644
--- a/core/src/test/java/org/springframework/security/core/context/SecurityContextImplTests.java
+++ b/core/src/test/java/org/springframework/security/core/context/SecurityContextImplTests.java
@@ -46,4 +46,5 @@ public class SecurityContextImplTests {
 		assertThat(context.getAuthentication()).isEqualTo(auth);
 		assertThat(context.toString().lastIndexOf("rod") != -1).isTrue();
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/core/parameters/AnnotationParameterNameDiscovererTests.java b/core/src/test/java/org/springframework/security/core/parameters/AnnotationParameterNameDiscovererTests.java
index 3627451887..f8cf44d9bf 100644
--- a/core/src/test/java/org/springframework/security/core/parameters/AnnotationParameterNameDiscovererTests.java
+++ b/core/src/test/java/org/springframework/security/core/parameters/AnnotationParameterNameDiscovererTests.java
@@ -23,6 +23,7 @@ import org.springframework.security.access.method.P;
 import org.springframework.util.ReflectionUtils;
 
 public class AnnotationParameterNameDiscovererTests {
+
 	private AnnotationParameterNameDiscoverer discoverer;
 
 	@Before
@@ -32,48 +33,42 @@ public class AnnotationParameterNameDiscovererTests {
 
 	@Test
 	public void getParameterNamesInterfaceSingleParam() {
-		assertThat(
-				discoverer.getParameterNames(ReflectionUtils.findMethod(Dao.class,
-						"findMessageByTo", String.class))).isEqualTo(
-				new String[] { "to" });
+		assertThat(discoverer.getParameterNames(ReflectionUtils.findMethod(Dao.class, "findMessageByTo", String.class)))
+				.isEqualTo(new String[] { "to" });
 	}
 
 	@Test
 	public void getParameterNamesInterfaceSingleParamAnnotatedWithMultiParams() {
-		assertThat(
-				discoverer.getParameterNames(ReflectionUtils.findMethod(Dao.class,
-						"findMessageByToAndFrom", String.class, String.class)))
-				.isEqualTo(new String[] { "to", null });
+		assertThat(discoverer.getParameterNames(
+				ReflectionUtils.findMethod(Dao.class, "findMessageByToAndFrom", String.class, String.class)))
+						.isEqualTo(new String[] { "to", null });
 	}
 
 	@Test
 	public void getParameterNamesInterfaceNoAnnotation() {
-		assertThat(
-				discoverer.getParameterNames(ReflectionUtils.findMethod(Dao.class,
-						"findMessageByIdNoAnnotation", String.class))).isNull();
+		assertThat(discoverer
+				.getParameterNames(ReflectionUtils.findMethod(Dao.class, "findMessageByIdNoAnnotation", String.class)))
+						.isNull();
 	}
 
 	@Test
 	public void getParameterNamesClassSingleParam() {
-		assertThat(
-				discoverer.getParameterNames(ReflectionUtils.findMethod(Dao.class,
-						"findMessageByTo", String.class))).isEqualTo(
-				new String[] { "to" });
+		assertThat(discoverer.getParameterNames(ReflectionUtils.findMethod(Dao.class, "findMessageByTo", String.class)))
+				.isEqualTo(new String[] { "to" });
 	}
 
 	@Test
 	public void getParameterNamesClassSingleParamAnnotatedWithMultiParams() {
-		assertThat(
-				discoverer.getParameterNames(ReflectionUtils.findMethod(Dao.class,
-						"findMessageByToAndFrom", String.class, String.class)))
-				.isEqualTo(new String[] { "to", null });
+		assertThat(discoverer.getParameterNames(
+				ReflectionUtils.findMethod(Dao.class, "findMessageByToAndFrom", String.class, String.class)))
+						.isEqualTo(new String[] { "to", null });
 	}
 
 	@Test
 	public void getParameterNamesClassNoAnnotation() {
-		assertThat(
-				discoverer.getParameterNames(ReflectionUtils.findMethod(Dao.class,
-						"findMessageByIdNoAnnotation", String.class))).isNull();
+		assertThat(discoverer
+				.getParameterNames(ReflectionUtils.findMethod(Dao.class, "findMessageByIdNoAnnotation", String.class)))
+						.isNull();
 	}
 
 	@Test
@@ -84,60 +79,58 @@ public class AnnotationParameterNameDiscovererTests {
 
 	@Test
 	public void getParameterNamesConstructorNoAnnotation() throws Exception {
-		assertThat(discoverer.getParameterNames(Impl.class.getDeclaredConstructor(Long.class)))
-				.isNull();
+		assertThat(discoverer.getParameterNames(Impl.class.getDeclaredConstructor(Long.class))).isNull();
 	}
 
 	@Test
 	public void getParameterNamesClassAnnotationOnInterface() {
-		assertThat(
-				discoverer.getParameterNames(ReflectionUtils.findMethod(DaoImpl.class,
-						"findMessageByTo", String.class))).isEqualTo(
-				new String[] { "to" });
-		assertThat(
-				discoverer.getParameterNames(ReflectionUtils.findMethod(Dao.class,
-						"findMessageByTo", String.class))).isEqualTo(
-				new String[] { "to" });
+		assertThat(discoverer
+				.getParameterNames(ReflectionUtils.findMethod(DaoImpl.class, "findMessageByTo", String.class)))
+						.isEqualTo(new String[] { "to" });
+		assertThat(discoverer.getParameterNames(ReflectionUtils.findMethod(Dao.class, "findMessageByTo", String.class)))
+				.isEqualTo(new String[] { "to" });
 	}
 
 	@Test
 	public void getParameterNamesClassAnnotationOnImpl() {
-		assertThat(
-				discoverer.getParameterNames(ReflectionUtils.findMethod(Dao.class,
-						"findMessageByToAndFrom", String.class, String.class)))
-				.isEqualTo(new String[] { "to", null });
-		assertThat(
-				discoverer.getParameterNames(ReflectionUtils.findMethod(DaoImpl.class,
-						"findMessageByToAndFrom", String.class, String.class)))
-				.isEqualTo(new String[] { "to", "from" });
+		assertThat(discoverer.getParameterNames(
+				ReflectionUtils.findMethod(Dao.class, "findMessageByToAndFrom", String.class, String.class)))
+						.isEqualTo(new String[] { "to", null });
+		assertThat(discoverer.getParameterNames(
+				ReflectionUtils.findMethod(DaoImpl.class, "findMessageByToAndFrom", String.class, String.class)))
+						.isEqualTo(new String[] { "to", "from" });
 	}
 
 	@Test
 	public void getParameterNamesClassAnnotationOnBaseClass() {
-		assertThat(
-				discoverer.getParameterNames(ReflectionUtils.findMethod(Dao.class,
-						"findMessageByIdNoAnnotation", String.class))).isNull();
-		assertThat(
-				discoverer.getParameterNames(ReflectionUtils.findMethod(DaoImpl.class,
-						"findMessageByIdNoAnnotation", String.class))).isEqualTo(
-				new String[] { "id" });
+		assertThat(discoverer
+				.getParameterNames(ReflectionUtils.findMethod(Dao.class, "findMessageByIdNoAnnotation", String.class)))
+						.isNull();
+		assertThat(discoverer.getParameterNames(
+				ReflectionUtils.findMethod(DaoImpl.class, "findMessageByIdNoAnnotation", String.class)))
+						.isEqualTo(new String[] { "id" });
 	}
 
 	interface Dao {
+
 		String findMessageByTo(@P("to") String to);
 
 		String findMessageByToAndFrom(@P("to") String to, String from);
 
 		String findMessageByIdNoAnnotation(String id);
+
 	}
 
 	static class BaseDaoImpl {
+
 		public String findMessageByIdNoAnnotation(@P("id") String id) {
 			return null;
 		}
+
 	}
 
 	static class DaoImpl extends BaseDaoImpl implements Dao {
+
 		public String findMessageByTo(String to) {
 			return null;
 		}
@@ -145,9 +138,11 @@ public class AnnotationParameterNameDiscovererTests {
 		public String findMessageByToAndFrom(@P("to") String to, @P("from") String from) {
 			return null;
 		}
+
 	}
 
 	static class Impl {
+
 		Impl(Long dataSourceId) {
 		}
 
@@ -165,5 +160,7 @@ public class AnnotationParameterNameDiscovererTests {
 		String findMessageByIdNoAnnotation(String id) {
 			return null;
 		}
+
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/core/parameters/DefaultSecurityParameterNameDiscovererTests.java b/core/src/test/java/org/springframework/security/core/parameters/DefaultSecurityParameterNameDiscovererTests.java
index b929f457f4..fdfc95b4e2 100644
--- a/core/src/test/java/org/springframework/security/core/parameters/DefaultSecurityParameterNameDiscovererTests.java
+++ b/core/src/test/java/org/springframework/security/core/parameters/DefaultSecurityParameterNameDiscovererTests.java
@@ -29,12 +29,12 @@ import org.springframework.core.ParameterNameDiscoverer;
 import org.springframework.test.util.ReflectionTestUtils;
 
 /**
- *
  * @author Rob Winch
  * @since 3.2
  */
 @SuppressWarnings("unchecked")
 public class DefaultSecurityParameterNameDiscovererTests {
+
 	private DefaultSecurityParameterNameDiscoverer discoverer;
 
 	@Before
@@ -51,12 +51,11 @@ public class DefaultSecurityParameterNameDiscovererTests {
 
 		ParameterNameDiscoverer annotationDisc = discoverers.get(0);
 		assertThat(annotationDisc).isInstanceOf(AnnotationParameterNameDiscoverer.class);
-		Set<String> annotationsToUse = (Set<String>) ReflectionTestUtils.getField(
-				annotationDisc, "annotationClassesToUse");
+		Set<String> annotationsToUse = (Set<String>) ReflectionTestUtils.getField(annotationDisc,
+				"annotationClassesToUse");
 		assertThat(annotationsToUse).containsOnly("org.springframework.security.access.method.P", P.class.getName());
 
-		assertThat(discoverers.get(1).getClass()).isEqualTo(
-				DefaultParameterNameDiscoverer.class);
+		assertThat(discoverers.get(1).getClass()).isEqualTo(DefaultParameterNameDiscoverer.class);
 	}
 
 	@Test
@@ -68,16 +67,15 @@ public class DefaultSecurityParameterNameDiscovererTests {
 				.getField(discoverer, "parameterNameDiscoverers");
 
 		assertThat(discoverers).hasSize(3);
-		assertThat(discoverers.get(0)).isInstanceOf(
-				LocalVariableTableParameterNameDiscoverer.class);
+		assertThat(discoverers.get(0)).isInstanceOf(LocalVariableTableParameterNameDiscoverer.class);
 
 		ParameterNameDiscoverer annotationDisc = discoverers.get(1);
 		assertThat(annotationDisc).isInstanceOf(AnnotationParameterNameDiscoverer.class);
-		Set<String> annotationsToUse = (Set<String>) ReflectionTestUtils.getField(
-				annotationDisc, "annotationClassesToUse");
+		Set<String> annotationsToUse = (Set<String>) ReflectionTestUtils.getField(annotationDisc,
+				"annotationClassesToUse");
 		assertThat(annotationsToUse).containsOnly("org.springframework.security.access.method.P", P.class.getName());
 
-		assertThat(discoverers.get(2)).isInstanceOf(
-				DefaultParameterNameDiscoverer.class);
+		assertThat(discoverers.get(2)).isInstanceOf(DefaultParameterNameDiscoverer.class);
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/core/session/SessionInformationTests.java b/core/src/test/java/org/springframework/security/core/session/SessionInformationTests.java
index 3cfcf86c5b..c7123048aa 100644
--- a/core/src/test/java/org/springframework/security/core/session/SessionInformationTests.java
+++ b/core/src/test/java/org/springframework/security/core/session/SessionInformationTests.java
@@ -37,8 +37,7 @@ public class SessionInformationTests {
 		String sessionId = "1234567890";
 		Date currentDate = new Date();
 
-		SessionInformation info = new SessionInformation(principal, sessionId,
-				currentDate);
+		SessionInformation info = new SessionInformation(principal, sessionId, currentDate);
 		assertThat(info.getPrincipal()).isEqualTo(principal);
 		assertThat(info.getSessionId()).isEqualTo(sessionId);
 		assertThat(info.getLastRequest()).isEqualTo(currentDate);
@@ -49,4 +48,5 @@ public class SessionInformationTests {
 
 		assertThat(info.getLastRequest().after(currentDate)).isTrue();
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/core/session/SessionRegistryImplTests.java b/core/src/test/java/org/springframework/security/core/session/SessionRegistryImplTests.java
index 7ed19b2bc6..411b982293 100644
--- a/core/src/test/java/org/springframework/security/core/session/SessionRegistryImplTests.java
+++ b/core/src/test/java/org/springframework/security/core/session/SessionRegistryImplTests.java
@@ -34,6 +34,7 @@ import org.springframework.security.core.session.SessionRegistryImpl;
  * @author Ben Alex
  */
 public class SessionRegistryImplTests {
+
 	private SessionRegistryImpl sessionRegistry;
 
 	// ~ Methods
@@ -121,8 +122,7 @@ public class SessionRegistryImplTests {
 		sessionRegistry.registerNewSession(sessionId, principal);
 
 		// Retrieve existing session by session ID
-		Date currentDateTime = sessionRegistry.getSessionInformation(sessionId)
-				.getLastRequest();
+		Date currentDateTime = sessionRegistry.getSessionInformation(sessionId).getLastRequest();
 		assertThat(sessionRegistry.getSessionInformation(sessionId).getPrincipal()).isEqualTo(principal);
 		assertThat(sessionRegistry.getSessionInformation(sessionId).getSessionId()).isEqualTo(sessionId);
 		assertThat(sessionRegistry.getSessionInformation(sessionId).getLastRequest()).isNotNull();
@@ -136,12 +136,12 @@ public class SessionRegistryImplTests {
 		// Update request date/time
 		sessionRegistry.refreshLastRequest(sessionId);
 
-		Date retrieved = sessionRegistry.getSessionInformation(sessionId)
-				.getLastRequest();
+		Date retrieved = sessionRegistry.getSessionInformation(sessionId).getLastRequest();
 		assertThat(retrieved.after(currentDateTime)).isTrue();
 
 		// Check it retrieves correctly when looked up via principal
-		assertThat(sessionRegistry.getAllSessions(principal, false).get(0).getLastRequest()).isCloseTo(retrieved, 2000L);
+		assertThat(sessionRegistry.getAllSessions(principal, false).get(0).getLastRequest()).isCloseTo(retrieved,
+				2000L);
 
 		// Clear session information
 		sessionRegistry.removeSessionInformation(sessionId);
@@ -158,8 +158,7 @@ public class SessionRegistryImplTests {
 		String sessionId2 = "9876543210";
 
 		sessionRegistry.registerNewSession(sessionId1, principal);
-		List<SessionInformation> sessions = sessionRegistry.getAllSessions(principal,
-				false);
+		List<SessionInformation> sessions = sessionRegistry.getAllSessions(principal, false);
 		assertThat(sessions).hasSize(1);
 		assertThat(contains(sessionId1, principal)).isTrue();
 
@@ -184,8 +183,7 @@ public class SessionRegistryImplTests {
 		String sessionId2 = "9876543210";
 
 		sessionRegistry.registerNewSession(sessionId1, principal);
-		List<SessionInformation> sessions = sessionRegistry.getAllSessions(principal,
-				false);
+		List<SessionInformation> sessions = sessionRegistry.getAllSessions(principal, false);
 		assertThat(sessions).hasSize(1);
 		assertThat(contains(sessionId1, principal)).isTrue();
 
@@ -215,4 +213,5 @@ public class SessionRegistryImplTests {
 
 		return false;
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/core/token/DefaultTokenTests.java b/core/src/test/java/org/springframework/security/core/token/DefaultTokenTests.java
index 6d2adf21a4..3c9521bd0f 100644
--- a/core/src/test/java/org/springframework/security/core/token/DefaultTokenTests.java
+++ b/core/src/test/java/org/springframework/security/core/token/DefaultTokenTests.java
@@ -29,6 +29,7 @@ import org.springframework.security.core.token.DefaultToken;
  *
  */
 public class DefaultTokenTests {
+
 	@Test
 	public void testEquality() {
 		String key = "key";
@@ -56,4 +57,5 @@ public class DefaultTokenTests {
 		DefaultToken t2 = new DefaultToken(key, created, "longerLength2");
 		assertThat(t1).isNotEqualTo(t2);
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/core/token/KeyBasedPersistenceTokenServiceTests.java b/core/src/test/java/org/springframework/security/core/token/KeyBasedPersistenceTokenServiceTests.java
index 4b9cfc0fb0..62db61afd5 100644
--- a/core/src/test/java/org/springframework/security/core/token/KeyBasedPersistenceTokenServiceTests.java
+++ b/core/src/test/java/org/springframework/security/core/token/KeyBasedPersistenceTokenServiceTests.java
@@ -98,4 +98,5 @@ public class KeyBasedPersistenceTokenServiceTests {
 		Token token = new DefaultToken(fake, new Date().getTime(), "");
 		service.verifyToken(token.getKey());
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/core/token/SecureRandomFactoryBeanTests.java b/core/src/test/java/org/springframework/security/core/token/SecureRandomFactoryBeanTests.java
index da7144dd11..b5220f488c 100644
--- a/core/src/test/java/org/springframework/security/core/token/SecureRandomFactoryBeanTests.java
+++ b/core/src/test/java/org/springframework/security/core/token/SecureRandomFactoryBeanTests.java
@@ -31,6 +31,7 @@ import static org.assertj.core.api.Assertions.assertThat;
  *
  */
 public class SecureRandomFactoryBeanTests {
+
 	@Test
 	public void testObjectType() {
 		SecureRandomFactoryBean factory = new SecureRandomFactoryBean();
@@ -61,9 +62,7 @@ public class SecureRandomFactoryBeanTests {
 		factory.setSeed(resource);
 		SecureRandom first = factory.getObject();
 		SecureRandom second = factory.getObject();
-		assertThat(first.nextInt())
-				.isNotEqualTo(0)
-				.isNotEqualTo(second.nextInt());
+		assertThat(first.nextInt()).isNotEqualTo(0).isNotEqualTo(second.nextInt());
 	}
 
 }
diff --git a/core/src/test/java/org/springframework/security/core/userdetails/MapReactiveUserDetailsServiceTests.java b/core/src/test/java/org/springframework/security/core/userdetails/MapReactiveUserDetailsServiceTests.java
index 3bf1fd7007..2bce22d627 100644
--- a/core/src/test/java/org/springframework/security/core/userdetails/MapReactiveUserDetailsServiceTests.java
+++ b/core/src/test/java/org/springframework/security/core/userdetails/MapReactiveUserDetailsServiceTests.java
@@ -15,7 +15,6 @@
  */
 package org.springframework.security.core.userdetails;
 
-
 import static org.assertj.core.api.Assertions.assertThat;
 
 import java.util.Arrays;
@@ -27,6 +26,7 @@ import org.junit.Test;
 import reactor.core.publisher.Mono;
 
 public class MapReactiveUserDetailsServiceTests {
+
 	// @formatter:off
 	private static final UserDetails USER_DETAILS = User.withUsername("user")
 			.password("password")
@@ -86,4 +86,5 @@ public class MapReactiveUserDetailsServiceTests {
 		users.updatePassword(USER_DETAILS, "new").block();
 		assertThat(users.findByUsername(USER_DETAILS.getUsername()).block().getPassword()).isEqualTo("new");
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/core/userdetails/MockUserDetailsService.java b/core/src/test/java/org/springframework/security/core/userdetails/MockUserDetailsService.java
index 98e81972ec..6a51285265 100644
--- a/core/src/test/java/org/springframework/security/core/userdetails/MockUserDetailsService.java
+++ b/core/src/test/java/org/springframework/security/core/userdetails/MockUserDetailsService.java
@@ -30,16 +30,16 @@ import org.springframework.security.core.authority.AuthorityUtils;
  * @author Luke Taylor
  */
 public class MockUserDetailsService implements UserDetailsService {
+
 	private Map<String, User> users = new HashMap<>();
-	private List<GrantedAuthority> auths = AuthorityUtils
-			.createAuthorityList("ROLE_USER");
+
+	private List<GrantedAuthority> auths = AuthorityUtils.createAuthorityList("ROLE_USER");
 
 	public MockUserDetailsService() {
 		users.put("valid", new User("valid", "", true, true, true, true, auths));
 		users.put("locked", new User("locked", "", true, true, true, false, auths));
 		users.put("disabled", new User("disabled", "", false, true, true, true, auths));
-		users.put("credentialsExpired", new User("credentialsExpired", "", true, true,
-				false, true, auths));
+		users.put("credentialsExpired", new User("credentialsExpired", "", true, true, false, true, auths));
 		users.put("expired", new User("expired", "", true, false, true, true, auths));
 	}
 
@@ -50,4 +50,5 @@ public class MockUserDetailsService implements UserDetailsService {
 
 		return users.get(username);
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/core/userdetails/PasswordEncodedUser.java b/core/src/test/java/org/springframework/security/core/userdetails/PasswordEncodedUser.java
index b5261ba561..60c190c40a 100644
--- a/core/src/test/java/org/springframework/security/core/userdetails/PasswordEncodedUser.java
+++ b/core/src/test/java/org/springframework/security/core/userdetails/PasswordEncodedUser.java
@@ -23,6 +23,7 @@ import java.util.function.Function;
  * @since 5.0
  */
 public class PasswordEncodedUser {
+
 	private static final UserDetails USER = withUsername("user").password("password").roles("USER").build();
 
 	private static final UserDetails ADMIN = withUsername("admin").password("password").roles("USER", "ADMIN").build();
@@ -44,13 +45,14 @@ public class PasswordEncodedUser {
 	}
 
 	public static User.UserBuilder withUserDetails(UserDetails userDetails) {
-		return User.withUserDetails(userDetails)
-			.passwordEncoder(passwordEncoder());
+		return User.withUserDetails(userDetails).passwordEncoder(passwordEncoder());
 	}
 
 	private static Function<String, String> passwordEncoder() {
 		return rawPassword -> "{noop}" + rawPassword;
 	}
 
-	protected PasswordEncodedUser() {}
+	protected PasswordEncodedUser() {
+	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/core/userdetails/UserDetailsByNameServiceWrapperTests.java b/core/src/test/java/org/springframework/security/core/userdetails/UserDetailsByNameServiceWrapperTests.java
index 6da8ad2af0..2b0a9eb0a7 100644
--- a/core/src/test/java/org/springframework/security/core/userdetails/UserDetailsByNameServiceWrapperTests.java
+++ b/core/src/test/java/org/springframework/security/core/userdetails/UserDetailsByNameServiceWrapperTests.java
@@ -22,12 +22,11 @@ import org.springframework.security.authentication.TestingAuthenticationToken;
 import org.springframework.security.core.authority.AuthorityUtils;
 
 /**
- *
  * @author TSARDD
  * @since 18-okt-2007
  */
 @SuppressWarnings("unchecked")
-public class UserDetailsByNameServiceWrapperTests  {
+public class UserDetailsByNameServiceWrapperTests {
 
 	@Test
 	public final void testAfterPropertiesSet() {
@@ -46,8 +45,7 @@ public class UserDetailsByNameServiceWrapperTests  {
 	@Test
 	public final void testGetUserDetails() throws Exception {
 		UserDetailsByNameServiceWrapper svc = new UserDetailsByNameServiceWrapper();
-		final User user = new User("dummy", "dummy", true, true, true, true,
-				AuthorityUtils.NO_AUTHORITIES);
+		final User user = new User("dummy", "dummy", true, true, true, true, AuthorityUtils.NO_AUTHORITIES);
 		svc.setUserDetailsService(name -> {
 			if (user != null && user.getUsername().equals(name)) {
 				return user;
@@ -57,11 +55,9 @@ public class UserDetailsByNameServiceWrapperTests  {
 			}
 		});
 		svc.afterPropertiesSet();
-		UserDetails result1 = svc.loadUserDetails(new TestingAuthenticationToken("dummy",
-				"dummy"));
+		UserDetails result1 = svc.loadUserDetails(new TestingAuthenticationToken("dummy", "dummy"));
 		assertThat(result1).as("Result doesn't match original user").isEqualTo(user);
-		UserDetails result2 = svc.loadUserDetails(new TestingAuthenticationToken(
-				"dummy2", "dummy"));
+		UserDetails result2 = svc.loadUserDetails(new TestingAuthenticationToken("dummy2", "dummy"));
 		assertThat(result2).as("Result should have been null").isNull();
 	}
 
diff --git a/core/src/test/java/org/springframework/security/core/userdetails/UserTests.java b/core/src/test/java/org/springframework/security/core/userdetails/UserTests.java
index 36f4ce417e..52d3503d63 100644
--- a/core/src/test/java/org/springframework/security/core/userdetails/UserTests.java
+++ b/core/src/test/java/org/springframework/security/core/userdetails/UserTests.java
@@ -36,8 +36,8 @@ import org.springframework.security.core.authority.SimpleGrantedAuthority;
  * @author Ben Alex
  */
 public class UserTests {
-	private static final List<GrantedAuthority> ROLE_12 = AuthorityUtils
-			.createAuthorityList("ROLE_ONE", "ROLE_TWO");
+
+	private static final List<GrantedAuthority> ROLE_12 = AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO");
 
 	// ~ Methods
 	// ========================================================================================================
@@ -49,8 +49,7 @@ public class UserTests {
 		assertThat(user1).isNotNull();
 		assertThat(user1).isNotEqualTo("A STRING");
 		assertThat(user1).isEqualTo(user1);
-		assertThat(user1).isEqualTo((new User("rod", "notthesame", true, true, true, true,
-				ROLE_12)));
+		assertThat(user1).isEqualTo((new User("rod", "notthesame", true, true, true, true, ROLE_12)));
 	}
 
 	@Test
@@ -59,12 +58,10 @@ public class UserTests {
 		Set<UserDetails> users = new HashSet<>();
 		users.add(user1);
 
-		assertThat(users).contains(new User("rod", "koala", true, true, true, true,
-				ROLE_12));
-		assertThat(users).contains(new User("rod", "anotherpass", false, false, false,
-				false, AuthorityUtils.createAuthorityList("ROLE_X")));
-		assertThat(users).doesNotContain(new User("bod", "koala", true, true, true, true,
-				ROLE_12));
+		assertThat(users).contains(new User("rod", "koala", true, true, true, true, ROLE_12));
+		assertThat(users).contains(new User("rod", "anotherpass", false, false, false, false,
+				AuthorityUtils.createAuthorityList("ROLE_X")));
+		assertThat(users).doesNotContain(new User("bod", "koala", true, true, true, true, ROLE_12));
 	}
 
 	@Test
@@ -125,10 +122,8 @@ public class UserTests {
 		assertThat(user.getUsername()).isEqualTo("rod");
 		assertThat(user.getPassword()).isEqualTo("koala");
 		assertThat(user.isEnabled()).isTrue();
-		assertThat(AuthorityUtils.authorityListToSet(user.getAuthorities())).contains(
-				"ROLE_ONE");
-		assertThat(AuthorityUtils.authorityListToSet(user.getAuthorities())).contains(
-				"ROLE_TWO");
+		assertThat(AuthorityUtils.authorityListToSet(user.getAuthorities())).contains("ROLE_ONE");
+		assertThat(AuthorityUtils.authorityListToSet(user.getAuthorities())).contains("ROLE_TWO");
 		assertThat(user.toString()).contains("rod");
 	}
 
@@ -163,7 +158,6 @@ public class UserTests {
 		assertThat(actual.isEnabled()).isEqualTo(expected.isEnabled());
 	}
 
-
 	@Test
 	public void withUserDetailsWhenAllDisabled() {
 		User expected = new User("rob", "pass", false, false, false, false, ROLE_12);
@@ -183,20 +177,15 @@ public class UserTests {
 	public void withUserWhenDetailsPasswordEncoderThenEncodes() {
 		UserDetails userDetails = User.withUsername("user").password("password").roles("USER").build();
 
-		UserDetails withEncodedPassword = User.withUserDetails(userDetails)
-			.passwordEncoder(p -> p + "encoded")
-			.build();
+		UserDetails withEncodedPassword = User.withUserDetails(userDetails).passwordEncoder(p -> p + "encoded").build();
 
 		assertThat(withEncodedPassword.getPassword()).isEqualTo("passwordencoded");
 	}
 
 	@Test
 	public void withUsernameWhenPasswordEncoderAndPasswordThenEncodes() {
-		UserDetails withEncodedPassword = User.withUsername("user")
-			.password("password")
-			.passwordEncoder(p -> p + "encoded")
-			.roles("USER")
-			.build();
+		UserDetails withEncodedPassword = User.withUsername("user").password("password")
+				.passwordEncoder(p -> p + "encoded").roles("USER").build();
 
 		assertThat(withEncodedPassword.getPassword()).isEqualTo("passwordencoded");
 	}
@@ -228,4 +217,5 @@ public class UserTests {
 
 		assertThat(withEncodedPassword.getPassword()).isEqualTo("passwordencoded");
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/core/userdetails/cache/EhCacheBasedUserCacheTests.java b/core/src/test/java/org/springframework/security/core/userdetails/cache/EhCacheBasedUserCacheTests.java
index 2336eb7ed5..5f77e6137b 100644
--- a/core/src/test/java/org/springframework/security/core/userdetails/cache/EhCacheBasedUserCacheTests.java
+++ b/core/src/test/java/org/springframework/security/core/userdetails/cache/EhCacheBasedUserCacheTests.java
@@ -34,6 +34,7 @@ import org.springframework.security.core.userdetails.cache.EhCacheBasedUserCache
  * @author Ben Alex
  */
 public class EhCacheBasedUserCacheTests {
+
 	private static CacheManager cacheManager;
 
 	// ~ Methods
@@ -41,8 +42,7 @@ public class EhCacheBasedUserCacheTests {
 	@BeforeClass
 	public static void initCacheManaer() {
 		cacheManager = CacheManager.create();
-		cacheManager.addCache(new Cache("ehcacheusercachetests", 500, false, false, 30,
-				30));
+		cacheManager.addCache(new Cache("ehcacheusercachetests", 500, false, false, 30, 30));
 	}
 
 	@AfterClass
@@ -93,4 +93,5 @@ public class EhCacheBasedUserCacheTests {
 		cache.setCache(myCache);
 		assertThat(cache.getCache()).isEqualTo(myCache);
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/core/userdetails/cache/NullUserCacheTests.java b/core/src/test/java/org/springframework/security/core/userdetails/cache/NullUserCacheTests.java
index 809edd2bca..a61a797ab9 100644
--- a/core/src/test/java/org/springframework/security/core/userdetails/cache/NullUserCacheTests.java
+++ b/core/src/test/java/org/springframework/security/core/userdetails/cache/NullUserCacheTests.java
@@ -44,4 +44,5 @@ public class NullUserCacheTests {
 		assertThat(cache.getUserFromCache(null)).isNull();
 		cache.removeUserFromCache(null);
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/core/userdetails/cache/SpringCacheBasedUserCacheTests.java b/core/src/test/java/org/springframework/security/core/userdetails/cache/SpringCacheBasedUserCacheTests.java
index 1346bc879f..c4135724f4 100644
--- a/core/src/test/java/org/springframework/security/core/userdetails/cache/SpringCacheBasedUserCacheTests.java
+++ b/core/src/test/java/org/springframework/security/core/userdetails/cache/SpringCacheBasedUserCacheTests.java
@@ -36,6 +36,7 @@ import static org.assertj.core.api.Assertions.*;
  *
  */
 public class SpringCacheBasedUserCacheTests {
+
 	private static CacheManager cacheManager;
 
 	// ~ Methods
@@ -82,4 +83,5 @@ public class SpringCacheBasedUserCacheTests {
 	public void startupDetectsMissingCache() throws Exception {
 		new SpringCacheBasedUserCache(null);
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/core/userdetails/jdbc/JdbcDaoImplTests.java b/core/src/test/java/org/springframework/security/core/userdetails/jdbc/JdbcDaoImplTests.java
index e7a479e2b6..0980ba1ee0 100644
--- a/core/src/test/java/org/springframework/security/core/userdetails/jdbc/JdbcDaoImplTests.java
+++ b/core/src/test/java/org/springframework/security/core/userdetails/jdbc/JdbcDaoImplTests.java
@@ -67,20 +67,16 @@ public class JdbcDaoImplTests {
 		assertThat(user.getPassword()).isEqualTo("koala");
 		assertThat(user.isEnabled()).isTrue();
 
-		assertThat(AuthorityUtils.authorityListToSet(user.getAuthorities()))
-				.contains("ROLE_TELLER");
-		assertThat(AuthorityUtils.authorityListToSet(user.getAuthorities()))
-				.contains("ROLE_SUPERVISOR");
+		assertThat(AuthorityUtils.authorityListToSet(user.getAuthorities())).contains("ROLE_TELLER");
+		assertThat(AuthorityUtils.authorityListToSet(user.getAuthorities())).contains("ROLE_SUPERVISOR");
 	}
 
 	@Test
-	public void testCheckDaoOnlyReturnsGrantedAuthoritiesGrantedToUser()
-			throws Exception {
+	public void testCheckDaoOnlyReturnsGrantedAuthoritiesGrantedToUser() throws Exception {
 		JdbcDaoImpl dao = makePopulatedJdbcDao();
 		UserDetails user = dao.loadUserByUsername("scott");
 		assertThat(user.getAuthorities()).hasSize(1);
-		assertThat(AuthorityUtils.authorityListToSet(user.getAuthorities()))
-				.contains("ROLE_TELLER");
+		assertThat(AuthorityUtils.authorityListToSet(user.getAuthorities())).contains("ROLE_TELLER");
 	}
 
 	@Test
@@ -141,8 +137,7 @@ public class JdbcDaoImplTests {
 		assertThat(user.getUsername()).isEqualTo("rod");
 		assertThat(user.getAuthorities()).hasSize(2);
 
-		assertThat(AuthorityUtils.authorityListToSet(user.getAuthorities()))
-				.contains("ARBITRARY_PREFIX_ROLE_TELLER");
+		assertThat(AuthorityUtils.authorityListToSet(user.getAuthorities())).contains("ARBITRARY_PREFIX_ROLE_TELLER");
 		assertThat(AuthorityUtils.authorityListToSet(user.getAuthorities()))
 				.contains("ARBITRARY_PREFIX_ROLE_SUPERVISOR");
 	}
@@ -212,4 +207,5 @@ public class JdbcDaoImplTests {
 
 		verify(source).getMessage(eq(code), any(), any());
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/core/userdetails/memory/UserAttributeEditorTests.java b/core/src/test/java/org/springframework/security/core/userdetails/memory/UserAttributeEditorTests.java
index e92a382dd7..07a9a1c444 100644
--- a/core/src/test/java/org/springframework/security/core/userdetails/memory/UserAttributeEditorTests.java
+++ b/core/src/test/java/org/springframework/security/core/userdetails/memory/UserAttributeEditorTests.java
@@ -125,4 +125,5 @@ public class UserAttributeEditorTests {
 		UserAttribute user = (UserAttribute) editor.getValue();
 		assertThat(user == null).isTrue();
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/jackson2/AbstractMixinTests.java b/core/src/test/java/org/springframework/security/jackson2/AbstractMixinTests.java
index 89302f2687..f89ae7475a 100644
--- a/core/src/test/java/org/springframework/security/jackson2/AbstractMixinTests.java
+++ b/core/src/test/java/org/springframework/security/jackson2/AbstractMixinTests.java
@@ -27,6 +27,7 @@ import org.springframework.security.core.userdetails.User;
  * @since 4.2
  */
 public abstract class AbstractMixinTests {
+
 	protected ObjectMapper mapper;
 
 	@Before
@@ -43,4 +44,5 @@ public abstract class AbstractMixinTests {
 	User createUser(String username, String password, String authority) {
 		return new User(username, password, AuthorityUtils.createAuthorityList(authority));
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/jackson2/AnonymousAuthenticationTokenMixinTests.java b/core/src/test/java/org/springframework/security/jackson2/AnonymousAuthenticationTokenMixinTests.java
index 7225c03aa1..9eb5b46e26 100644
--- a/core/src/test/java/org/springframework/security/jackson2/AnonymousAuthenticationTokenMixinTests.java
+++ b/core/src/test/java/org/springframework/security/jackson2/AnonymousAuthenticationTokenMixinTests.java
@@ -52,17 +52,14 @@ public class AnonymousAuthenticationTokenMixinTests extends AbstractMixinTests {
 	@Test
 	public void serializeAnonymousAuthenticationTokenTest() throws JsonProcessingException, JSONException {
 		User user = createDefaultUser();
-		AnonymousAuthenticationToken token = new AnonymousAuthenticationToken(
-				HASH_KEY, user, user.getAuthorities()
-		);
+		AnonymousAuthenticationToken token = new AnonymousAuthenticationToken(HASH_KEY, user, user.getAuthorities());
 		String actualJson = mapper.writeValueAsString(token);
 		JSONAssert.assertEquals(ANONYMOUS_JSON, actualJson, true);
 	}
 
 	@Test
 	public void deserializeAnonymousAuthenticationTokenTest() throws IOException {
-		AnonymousAuthenticationToken token = mapper
-				.readValue(ANONYMOUS_JSON, AnonymousAuthenticationToken.class);
+		AnonymousAuthenticationToken token = mapper.readValue(ANONYMOUS_JSON, AnonymousAuthenticationToken.class);
 		assertThat(token).isNotNull();
 		assertThat(token.getKeyHash()).isEqualTo(HASH_KEY.hashCode());
 		assertThat(token.getAuthorities()).isNotNull().hasSize(1).contains(new SimpleGrantedAuthority("ROLE_USER"));
@@ -70,20 +67,20 @@ public class AnonymousAuthenticationTokenMixinTests extends AbstractMixinTests {
 
 	@Test(expected = JsonMappingException.class)
 	public void deserializeAnonymousAuthenticationTokenWithoutAuthoritiesTest() throws IOException {
-		String jsonString = "{\"@class\": \"org.springframework.security.authentication.AnonymousAuthenticationToken\", \"details\": null," +
-				"\"principal\": \"user\", \"authenticated\": true, \"keyHash\": " + HASH_KEY.hashCode() + "," +
-				"\"authorities\": [\"java.util.ArrayList\", []]}";
+		String jsonString = "{\"@class\": \"org.springframework.security.authentication.AnonymousAuthenticationToken\", \"details\": null,"
+				+ "\"principal\": \"user\", \"authenticated\": true, \"keyHash\": " + HASH_KEY.hashCode() + ","
+				+ "\"authorities\": [\"java.util.ArrayList\", []]}";
 		mapper.readValue(jsonString, AnonymousAuthenticationToken.class);
 	}
 
 	@Test
-	public void serializeAnonymousAuthenticationTokenMixinAfterEraseCredentialTest() throws JsonProcessingException, JSONException {
+	public void serializeAnonymousAuthenticationTokenMixinAfterEraseCredentialTest()
+			throws JsonProcessingException, JSONException {
 		User user = createDefaultUser();
-		AnonymousAuthenticationToken token = new AnonymousAuthenticationToken(
-				HASH_KEY, user, user.getAuthorities()
-		);
+		AnonymousAuthenticationToken token = new AnonymousAuthenticationToken(HASH_KEY, user, user.getAuthorities());
 		token.eraseCredentials();
 		String actualJson = mapper.writeValueAsString(token);
 		JSONAssert.assertEquals(ANONYMOUS_JSON.replace(UserDeserializerTests.USER_PASSWORD, "null"), actualJson, true);
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/jackson2/BadCredentialsExceptionMixinTests.java b/core/src/test/java/org/springframework/security/jackson2/BadCredentialsExceptionMixinTests.java
index 44d0bb6784..b4b8b87e43 100644
--- a/core/src/test/java/org/springframework/security/jackson2/BadCredentialsExceptionMixinTests.java
+++ b/core/src/test/java/org/springframework/security/jackson2/BadCredentialsExceptionMixinTests.java
@@ -55,4 +55,5 @@ public class BadCredentialsExceptionMixinTests extends AbstractMixinTests {
 		assertThat(exception.getMessage()).isEqualTo("message");
 		assertThat(exception.getLocalizedMessage()).isEqualTo("message");
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/jackson2/RememberMeAuthenticationTokenMixinTests.java b/core/src/test/java/org/springframework/security/jackson2/RememberMeAuthenticationTokenMixinTests.java
index 41a54b17c4..0fed8d8ac5 100644
--- a/core/src/test/java/org/springframework/security/jackson2/RememberMeAuthenticationTokenMixinTests.java
+++ b/core/src/test/java/org/springframework/security/jackson2/RememberMeAuthenticationTokenMixinTests.java
@@ -71,7 +71,8 @@ public class RememberMeAuthenticationTokenMixinTests extends AbstractMixinTests
 
 	@Test
 	public void serializeRememberMeAuthenticationToken() throws JsonProcessingException, JSONException {
-		RememberMeAuthenticationToken token = new RememberMeAuthenticationToken(REMEMBERME_KEY, "admin", Collections.singleton(new SimpleGrantedAuthority("ROLE_USER")));
+		RememberMeAuthenticationToken token = new RememberMeAuthenticationToken(REMEMBERME_KEY, "admin",
+				Collections.singleton(new SimpleGrantedAuthority("ROLE_USER")));
 		String actualJson = mapper.writeValueAsString(token);
 		JSONAssert.assertEquals(REMEMBERME_AUTH_STRINGPRINCIPAL_JSON, actualJson, true);
 	}
@@ -79,23 +80,28 @@ public class RememberMeAuthenticationTokenMixinTests extends AbstractMixinTests
 	@Test
 	public void serializeRememberMeAuthenticationWithUserToken() throws JsonProcessingException, JSONException {
 		User user = createDefaultUser();
-		RememberMeAuthenticationToken token = new RememberMeAuthenticationToken(REMEMBERME_KEY, user, user.getAuthorities());
+		RememberMeAuthenticationToken token = new RememberMeAuthenticationToken(REMEMBERME_KEY, user,
+				user.getAuthorities());
 		String actualJson = mapper.writeValueAsString(token);
 		JSONAssert.assertEquals(String.format(REMEMBERME_AUTH_JSON, "\"password\""), actualJson, true);
 	}
 
 	@Test
-	public void serializeRememberMeAuthenticationWithUserTokenAfterEraseCredential() throws JsonProcessingException, JSONException {
+	public void serializeRememberMeAuthenticationWithUserTokenAfterEraseCredential()
+			throws JsonProcessingException, JSONException {
 		User user = createDefaultUser();
-		RememberMeAuthenticationToken token = new RememberMeAuthenticationToken(REMEMBERME_KEY, user, user.getAuthorities());
+		RememberMeAuthenticationToken token = new RememberMeAuthenticationToken(REMEMBERME_KEY, user,
+				user.getAuthorities());
 		token.eraseCredentials();
 		String actualJson = mapper.writeValueAsString(token);
-		JSONAssert.assertEquals(REMEMBERME_AUTH_JSON.replace(UserDeserializerTests.USER_PASSWORD, "null"), actualJson, true);
+		JSONAssert.assertEquals(REMEMBERME_AUTH_JSON.replace(UserDeserializerTests.USER_PASSWORD, "null"), actualJson,
+				true);
 	}
 
 	@Test
 	public void deserializeRememberMeAuthenticationToken() throws IOException {
-		RememberMeAuthenticationToken token = mapper.readValue(REMEMBERME_AUTH_STRINGPRINCIPAL_JSON, RememberMeAuthenticationToken.class);
+		RememberMeAuthenticationToken token = mapper.readValue(REMEMBERME_AUTH_STRINGPRINCIPAL_JSON,
+				RememberMeAuthenticationToken.class);
 		assertThat(token).isNotNull();
 		assertThat(token.getPrincipal()).isNotNull().isEqualTo("admin").isEqualTo(token.getName());
 		assertThat(token.getAuthorities()).hasSize(1).contains(new SimpleGrantedAuthority("ROLE_USER"));
@@ -103,14 +109,16 @@ public class RememberMeAuthenticationTokenMixinTests extends AbstractMixinTests
 
 	@Test
 	public void deserializeRememberMeAuthenticationTokenWithUserTest() throws IOException {
-		RememberMeAuthenticationToken token = mapper
-				.readValue(String.format(REMEMBERME_AUTH_JSON, "\"password\""), RememberMeAuthenticationToken.class);
+		RememberMeAuthenticationToken token = mapper.readValue(String.format(REMEMBERME_AUTH_JSON, "\"password\""),
+				RememberMeAuthenticationToken.class);
 		assertThat(token).isNotNull();
 		assertThat(token.getPrincipal()).isNotNull().isInstanceOf(User.class);
 		assertThat(((User) token.getPrincipal()).getUsername()).isEqualTo("admin");
 		assertThat(((User) token.getPrincipal()).getPassword()).isEqualTo("1234");
-		assertThat(((User) token.getPrincipal()).getAuthorities()).hasSize(1).contains(new SimpleGrantedAuthority("ROLE_USER"));
+		assertThat(((User) token.getPrincipal()).getAuthorities()).hasSize(1)
+				.contains(new SimpleGrantedAuthority("ROLE_USER"));
 		assertThat(token.getAuthorities()).hasSize(1).contains(new SimpleGrantedAuthority("ROLE_USER"));
 		assertThat(((User) token.getPrincipal()).isEnabled()).isEqualTo(true);
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/jackson2/SecurityContextMixinTests.java b/core/src/test/java/org/springframework/security/jackson2/SecurityContextMixinTests.java
index d0757828c6..47c3dfa75f 100644
--- a/core/src/test/java/org/springframework/security/jackson2/SecurityContextMixinTests.java
+++ b/core/src/test/java/org/springframework/security/jackson2/SecurityContextMixinTests.java
@@ -48,7 +48,8 @@ public class SecurityContextMixinTests extends AbstractMixinTests {
 	@Test
 	public void securityContextSerializeTest() throws JsonProcessingException, JSONException {
 		SecurityContext context = new SecurityContextImpl();
-		context.setAuthentication(new UsernamePasswordAuthenticationToken("admin", "1234", Collections.singleton(new SimpleGrantedAuthority("ROLE_USER"))));
+		context.setAuthentication(new UsernamePasswordAuthenticationToken("admin", "1234",
+				Collections.singleton(new SimpleGrantedAuthority("ROLE_USER"))));
 		String actualJson = mapper.writeValueAsString(context);
 		JSONAssert.assertEquals(SECURITY_CONTEXT_JSON, actualJson, true);
 	}
@@ -65,4 +66,5 @@ public class SecurityContextMixinTests extends AbstractMixinTests {
 		assertThat(authorities).hasSize(1);
 		assertThat(authorities).contains(new SimpleGrantedAuthority("ROLE_USER"));
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/jackson2/SecurityJackson2ModulesTests.java b/core/src/test/java/org/springframework/security/jackson2/SecurityJackson2ModulesTests.java
index e28aaf0ffd..41b713aba2 100644
--- a/core/src/test/java/org/springframework/security/jackson2/SecurityJackson2ModulesTests.java
+++ b/core/src/test/java/org/springframework/security/jackson2/SecurityJackson2ModulesTests.java
@@ -14,7 +14,6 @@
  * limitations under the License.
  */
 
-
 package org.springframework.security.jackson2;
 
 import com.fasterxml.jackson.annotation.JsonAutoDetect;
@@ -31,10 +30,11 @@ import java.util.HashMap;
 import static org.assertj.core.api.Assertions.*;
 
 /**
-* @author Rob Winch
-* @since 5.0
-*/
+ * @author Rob Winch
+ * @since 5.0
+ */
 public class SecurityJackson2ModulesTests {
+
 	private ObjectMapper mapper;
 
 	@Before
@@ -47,9 +47,8 @@ public class SecurityJackson2ModulesTests {
 	public void readValueWhenNotAllowedOrMappedThenThrowsException() {
 		String content = "{\"@class\":\"org.springframework.security.jackson2.SecurityJackson2ModulesTests$NotAllowlisted\",\"property\":\"bar\"}";
 		assertThatThrownBy(() -> {
-				mapper.readValue(content, Object.class);
-			}
-		).hasStackTraceContaining("allowlist");
+			mapper.readValue(content, Object.class);
+		}).hasStackTraceContaining("allowlist");
 	}
 
 	@Test
@@ -96,10 +95,13 @@ public class SecurityJackson2ModulesTests {
 	@Target({ ElementType.TYPE, ElementType.ANNOTATION_TYPE })
 	@Retention(RetentionPolicy.RUNTIME)
 	@Documented
-	public @interface NotJacksonAnnotation {}
+	public @interface NotJacksonAnnotation {
+
+	}
 
 	@NotJacksonAnnotation
 	static class NotAllowlisted {
+
 		private String property = "bar";
 
 		public String getProperty() {
@@ -108,10 +110,12 @@ public class SecurityJackson2ModulesTests {
 
 		public void setProperty(String property) {
 		}
+
 	}
 
 	@JsonIgnoreType(false)
 	static class NotAllowlistedButAnnotated {
+
 		private String property = "bar";
 
 		public String getProperty() {
@@ -120,13 +124,15 @@ public class SecurityJackson2ModulesTests {
 
 		public void setProperty(String property) {
 		}
+
 	}
 
 	@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY)
 	@JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE,
-		isGetterVisibility = JsonAutoDetect.Visibility.NONE)
+			isGetterVisibility = JsonAutoDetect.Visibility.NONE)
 	@JsonIgnoreProperties(ignoreUnknown = true)
 	abstract class NotAllowlistedMixin {
 
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/jackson2/SimpleGrantedAuthorityMixinTests.java b/core/src/test/java/org/springframework/security/jackson2/SimpleGrantedAuthorityMixinTests.java
index a7699e2d20..e56e4be0b1 100644
--- a/core/src/test/java/org/springframework/security/jackson2/SimpleGrantedAuthorityMixinTests.java
+++ b/core/src/test/java/org/springframework/security/jackson2/SimpleGrantedAuthorityMixinTests.java
@@ -66,4 +66,5 @@ public class SimpleGrantedAuthorityMixinTests extends AbstractMixinTests {
 		String json = "{\"@class\": \"org.springframework.security.core.authority.SimpleGrantedAuthority\"}";
 		mapper.readValue(json, SimpleGrantedAuthority.class);
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/jackson2/UserDeserializerTests.java b/core/src/test/java/org/springframework/security/jackson2/UserDeserializerTests.java
index 397491ee0a..b3aa03f696 100644
--- a/core/src/test/java/org/springframework/security/jackson2/UserDeserializerTests.java
+++ b/core/src/test/java/org/springframework/security/jackson2/UserDeserializerTests.java
@@ -38,6 +38,7 @@ import static org.assertj.core.api.Assertions.assertThat;
  * @since 4.2
  */
 public class UserDeserializerTests extends AbstractMixinTests {
+
 	public static final String USER_PASSWORD = "\"1234\"";
 
 	// @formatter:off
@@ -69,7 +70,8 @@ public class UserDeserializerTests extends AbstractMixinTests {
 
 	@Test(expected = IllegalArgumentException.class)
 	public void deserializeUserWithNullPasswordEmptyAuthorityTest() throws IOException {
-		String userJsonWithoutPasswordString = USER_JSON.replace(SimpleGrantedAuthorityMixinTests.AUTHORITIES_SET_JSON, "[]");
+		String userJsonWithoutPasswordString = USER_JSON.replace(SimpleGrantedAuthorityMixinTests.AUTHORITIES_SET_JSON,
+				"[]");
 
 		mapper.readValue(userJsonWithoutPasswordString, User.class);
 	}
@@ -88,7 +90,8 @@ public class UserDeserializerTests extends AbstractMixinTests {
 
 	@Test(expected = IllegalArgumentException.class)
 	public void deserializeUserWithNoClassIdInAuthoritiesTest() throws Exception {
-		String userJson = USER_JSON.replace(SimpleGrantedAuthorityMixinTests.AUTHORITIES_SET_JSON,  "[{\"authority\": \"ROLE_USER\"}]");
+		String userJson = USER_JSON.replace(SimpleGrantedAuthorityMixinTests.AUTHORITIES_SET_JSON,
+				"[{\"authority\": \"ROLE_USER\"}]");
 		mapper.readValue(userJson, User.class);
 	}
 
@@ -115,10 +118,12 @@ public class UserDeserializerTests extends AbstractMixinTests {
 	}
 
 	public static String userWithPasswordJson(String password) {
-		return userJson().replaceAll(Pattern.quote(USER_PASSWORD), "\""+ password +"\"");
+		return userJson().replaceAll(Pattern.quote(USER_PASSWORD), "\"" + password + "\"");
 	}
 
 	public static String userWithNoAuthoritiesJson() {
-		return userJson().replace(SimpleGrantedAuthorityMixinTests.AUTHORITIES_SET_JSON, SimpleGrantedAuthorityMixinTests.NO_AUTHORITIES_SET_JSON);
+		return userJson().replace(SimpleGrantedAuthorityMixinTests.AUTHORITIES_SET_JSON,
+				SimpleGrantedAuthorityMixinTests.NO_AUTHORITIES_SET_JSON);
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/jackson2/UsernamePasswordAuthenticationTokenMixinTests.java b/core/src/test/java/org/springframework/security/jackson2/UsernamePasswordAuthenticationTokenMixinTests.java
index 7475476fe6..1b5791ecc9 100644
--- a/core/src/test/java/org/springframework/security/jackson2/UsernamePasswordAuthenticationTokenMixinTests.java
+++ b/core/src/test/java/org/springframework/security/jackson2/UsernamePasswordAuthenticationTokenMixinTests.java
@@ -42,6 +42,7 @@ import static org.assertj.core.api.Assertions.assertThat;
  * @since 4.2
  */
 public class UsernamePasswordAuthenticationTokenMixinTests extends AbstractMixinTests {
+
 	// @formatter:off
 	private static final String AUTHENTICATED_JSON = "{"
 		+ "\"@class\": \"org.springframework.security.authentication.UsernamePasswordAuthenticationToken\","
@@ -82,24 +83,27 @@ public class UsernamePasswordAuthenticationTokenMixinTests extends AbstractMixin
 	// @formatter:on
 
 	@Test
-	public void serializeUnauthenticatedUsernamePasswordAuthenticationTokenMixinTest() throws JsonProcessingException, JSONException {
+	public void serializeUnauthenticatedUsernamePasswordAuthenticationTokenMixinTest()
+			throws JsonProcessingException, JSONException {
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("admin", "1234");
 		String serializedJson = mapper.writeValueAsString(token);
 		JSONAssert.assertEquals(UNAUTHENTICATED_STRINGPRINCIPAL_JSON, serializedJson, true);
 	}
 
 	@Test
-	public void serializeAuthenticatedUsernamePasswordAuthenticationTokenMixinTest() throws JsonProcessingException, JSONException {
+	public void serializeAuthenticatedUsernamePasswordAuthenticationTokenMixinTest()
+			throws JsonProcessingException, JSONException {
 		User user = createDefaultUser();
-		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(user.getUsername(), user.getPassword(), user.getAuthorities());
+		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(user.getUsername(),
+				user.getPassword(), user.getAuthorities());
 		String serializedJson = mapper.writeValueAsString(token);
 		JSONAssert.assertEquals(AUTHENTICATED_STRINGPRINCIPAL_JSON, serializedJson, true);
 	}
 
 	@Test
 	public void deserializeUnauthenticatedUsernamePasswordAuthenticationTokenMixinTest() throws IOException {
-		UsernamePasswordAuthenticationToken token = mapper
-				.readValue(UNAUTHENTICATED_STRINGPRINCIPAL_JSON, UsernamePasswordAuthenticationToken.class);
+		UsernamePasswordAuthenticationToken token = mapper.readValue(UNAUTHENTICATED_STRINGPRINCIPAL_JSON,
+				UsernamePasswordAuthenticationToken.class);
 		assertThat(token).isNotNull();
 		assertThat(token.isAuthenticated()).isEqualTo(false);
 		assertThat(token.getAuthorities()).isNotNull().hasSize(0);
@@ -108,15 +112,16 @@ public class UsernamePasswordAuthenticationTokenMixinTests extends AbstractMixin
 	@Test
 	public void deserializeAuthenticatedUsernamePasswordAuthenticationTokenMixinTest() throws IOException {
 		UsernamePasswordAuthenticationToken expectedToken = createToken();
-		UsernamePasswordAuthenticationToken token = mapper
-				.readValue(AUTHENTICATED_STRINGPRINCIPAL_JSON, UsernamePasswordAuthenticationToken.class);
+		UsernamePasswordAuthenticationToken token = mapper.readValue(AUTHENTICATED_STRINGPRINCIPAL_JSON,
+				UsernamePasswordAuthenticationToken.class);
 		assertThat(token).isNotNull();
 		assertThat(token.isAuthenticated()).isTrue();
 		assertThat(token.getAuthorities()).isEqualTo(expectedToken.getAuthorities());
 	}
 
 	@Test
-	public void serializeAuthenticatedUsernamePasswordAuthenticationTokenMixinWithUserTest() throws JsonProcessingException, JSONException {
+	public void serializeAuthenticatedUsernamePasswordAuthenticationTokenMixinWithUserTest()
+			throws JsonProcessingException, JSONException {
 		UsernamePasswordAuthenticationToken token = createToken();
 		String actualJson = mapper.writeValueAsString(token);
 		JSONAssert.assertEquals(AUTHENTICATED_JSON, actualJson, true);
@@ -124,48 +129,54 @@ public class UsernamePasswordAuthenticationTokenMixinTests extends AbstractMixin
 
 	@Test
 	public void deserializeAuthenticatedUsernamePasswordAuthenticationTokenWithUserTest() throws IOException {
-		UsernamePasswordAuthenticationToken token = mapper
-				.readValue(AUTHENTICATED_JSON, UsernamePasswordAuthenticationToken.class);
+		UsernamePasswordAuthenticationToken token = mapper.readValue(AUTHENTICATED_JSON,
+				UsernamePasswordAuthenticationToken.class);
 		assertThat(token).isNotNull();
 		assertThat(token.getPrincipal()).isNotNull().isInstanceOf(User.class);
-		assertThat(((User) token.getPrincipal()).getAuthorities()).isNotNull().hasSize(1).contains(new SimpleGrantedAuthority("ROLE_USER"));
+		assertThat(((User) token.getPrincipal()).getAuthorities()).isNotNull().hasSize(1)
+				.contains(new SimpleGrantedAuthority("ROLE_USER"));
 		assertThat(token.isAuthenticated()).isEqualTo(true);
 		assertThat(token.getAuthorities()).hasSize(1).contains(new SimpleGrantedAuthority("ROLE_USER"));
 	}
 
 	@Test
-	public void serializeAuthenticatedUsernamePasswordAuthenticationTokenMixinAfterEraseCredentialInvoked() throws JsonProcessingException, JSONException {
+	public void serializeAuthenticatedUsernamePasswordAuthenticationTokenMixinAfterEraseCredentialInvoked()
+			throws JsonProcessingException, JSONException {
 		UsernamePasswordAuthenticationToken token = createToken();
 		token.eraseCredentials();
 		String actualJson = mapper.writeValueAsString(token);
-		JSONAssert.assertEquals(AUTHENTICATED_JSON.replaceAll(UserDeserializerTests.USER_PASSWORD, "null"), actualJson, true);
+		JSONAssert.assertEquals(AUTHENTICATED_JSON.replaceAll(UserDeserializerTests.USER_PASSWORD, "null"), actualJson,
+				true);
 	}
 
 	@Test
-	public void serializeAuthenticatedUsernamePasswordAuthenticationTokenMixinWithNonUserPrincipalTest() throws JsonProcessingException, JSONException {
+	public void serializeAuthenticatedUsernamePasswordAuthenticationTokenMixinWithNonUserPrincipalTest()
+			throws JsonProcessingException, JSONException {
 		NonUserPrincipal principal = new NonUserPrincipal();
 		principal.setUsername("admin");
-		UsernamePasswordAuthenticationToken token =
-			new UsernamePasswordAuthenticationToken(principal, null, new ArrayList<>());
+		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(principal, null,
+				new ArrayList<>());
 		String actualJson = mapper.writeValueAsString(token);
 		JSONAssert.assertEquals(AUTHENTICATED_NON_USER_PRINCIPAL_JSON, actualJson, true);
 	}
 
 	@Test
-	public void deserializeAuthenticatedUsernamePasswordAuthenticationTokenWithNonUserPrincipalTest() throws IOException {
-		UsernamePasswordAuthenticationToken token = mapper
-			.readValue(AUTHENTICATED_NON_USER_PRINCIPAL_JSON, UsernamePasswordAuthenticationToken.class);
+	public void deserializeAuthenticatedUsernamePasswordAuthenticationTokenWithNonUserPrincipalTest()
+			throws IOException {
+		UsernamePasswordAuthenticationToken token = mapper.readValue(AUTHENTICATED_NON_USER_PRINCIPAL_JSON,
+				UsernamePasswordAuthenticationToken.class);
 		assertThat(token).isNotNull();
 		assertThat(token.getPrincipal()).isNotNull().isInstanceOf(NonUserPrincipal.class);
 	}
 
 	@Test
 	public void deserializeAuthenticatedUsernamePasswordAuthenticationTokenWithDetailsTest() throws IOException {
-		UsernamePasswordAuthenticationToken token = mapper
-				.readValue(AUTHENTICATED_STRINGDETAILS_JSON, UsernamePasswordAuthenticationToken.class);
+		UsernamePasswordAuthenticationToken token = mapper.readValue(AUTHENTICATED_STRINGDETAILS_JSON,
+				UsernamePasswordAuthenticationToken.class);
 		assertThat(token).isNotNull();
 		assertThat(token.getPrincipal()).isNotNull().isInstanceOf(User.class);
-		assertThat(((User) token.getPrincipal()).getAuthorities()).isNotNull().hasSize(1).contains(new SimpleGrantedAuthority("ROLE_USER"));
+		assertThat(((User) token.getPrincipal()).getAuthorities()).isNotNull().hasSize(1)
+				.contains(new SimpleGrantedAuthority("ROLE_USER"));
 		assertThat(token.isAuthenticated()).isEqualTo(true);
 		assertThat(token.getAuthorities()).hasSize(1).contains(new SimpleGrantedAuthority("ROLE_USER"));
 		assertThat(token.getDetails()).isExactlyInstanceOf(String.class).isEqualTo("details");
@@ -178,7 +189,8 @@ public class UsernamePasswordAuthenticationTokenMixinTests extends AbstractMixin
 
 		// when
 		String serialized = this.mapper.writeValueAsString(original);
-		UsernamePasswordAuthenticationToken deserialized = this.mapper.readValue(serialized, UsernamePasswordAuthenticationToken.class);
+		UsernamePasswordAuthenticationToken deserialized = this.mapper.readValue(serialized,
+				UsernamePasswordAuthenticationToken.class);
 
 		// then
 		assertThat(deserialized).isEqualTo(original);
@@ -192,8 +204,8 @@ public class UsernamePasswordAuthenticationTokenMixinTests extends AbstractMixin
 
 		// when
 		String serialized = this.mapper.writeValueAsString(original);
-		UsernamePasswordAuthenticationToken deserialized =
-				this.mapper.readValue(serialized, UsernamePasswordAuthenticationToken.class);
+		UsernamePasswordAuthenticationToken deserialized = this.mapper.readValue(serialized,
+				UsernamePasswordAuthenticationToken.class);
 
 		// then
 		assertThat(deserialized).isEqualTo(original);
@@ -201,12 +213,14 @@ public class UsernamePasswordAuthenticationTokenMixinTests extends AbstractMixin
 
 	private UsernamePasswordAuthenticationToken createToken() {
 		User user = createDefaultUser();
-		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(user, user.getPassword(), user.getAuthorities());
+		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(user, user.getPassword(),
+				user.getAuthorities());
 		return token;
 	}
 
 	@JsonClassDescription
 	public static class NonUserPrincipal {
+
 		private String username;
 
 		public String getUsername() {
@@ -216,5 +230,7 @@ public class UsernamePasswordAuthenticationTokenMixinTests extends AbstractMixin
 		public void setUsername(String username) {
 			this.username = username;
 		}
+
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/provisioning/InMemoryUserDetailsManagerTests.java b/core/src/test/java/org/springframework/security/provisioning/InMemoryUserDetailsManagerTests.java
index e86a2a55af..b0204a489b 100644
--- a/core/src/test/java/org/springframework/security/provisioning/InMemoryUserDetailsManagerTests.java
+++ b/core/src/test/java/org/springframework/security/provisioning/InMemoryUserDetailsManagerTests.java
@@ -28,6 +28,7 @@ import static org.assertj.core.api.Assertions.*;
  * @since 5.1
  */
 public class InMemoryUserDetailsManagerTests {
+
 	private final UserDetails user = PasswordEncodedUser.user();
 
 	private InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager(this.user);
@@ -41,12 +42,12 @@ public class InMemoryUserDetailsManagerTests {
 
 	@Test
 	public void changePasswordWhenUsernameIsNotInLowercase() {
-		UserDetails userNotLowerCase = User.withUserDetails(PasswordEncodedUser.user())
-				.username("User")
-				.build();
+		UserDetails userNotLowerCase = User.withUserDetails(PasswordEncodedUser.user()).username("User").build();
 
 		String newPassword = "newPassword";
 		this.manager.updatePassword(userNotLowerCase, newPassword);
-		assertThat(this.manager.loadUserByUsername(userNotLowerCase.getUsername()).getPassword()).isEqualTo(newPassword);
+		assertThat(this.manager.loadUserByUsername(userNotLowerCase.getUsername()).getPassword())
+				.isEqualTo(newPassword);
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/provisioning/JdbcUserDetailsManagerTests.java b/core/src/test/java/org/springframework/security/provisioning/JdbcUserDetailsManagerTests.java
index ebced08d6e..78b400ef53 100644
--- a/core/src/test/java/org/springframework/security/provisioning/JdbcUserDetailsManagerTests.java
+++ b/core/src/test/java/org/springframework/security/provisioning/JdbcUserDetailsManagerTests.java
@@ -50,15 +50,20 @@ import org.springframework.security.core.userdetails.UserDetails;
  * @author Luke Taylor
  */
 public class JdbcUserDetailsManagerTests {
+
 	private static final String SELECT_JOE_SQL = "select * from users where username = 'joe'";
+
 	private static final String SELECT_JOE_AUTHORITIES_SQL = "select * from authorities where username = 'joe'";
 
-	private static final UserDetails joe = new User("joe", "password", true, true, true,
-			true, AuthorityUtils.createAuthorityList("A", "C", "B"));
+	private static final UserDetails joe = new User("joe", "password", true, true, true, true,
+			AuthorityUtils.createAuthorityList("A", "C", "B"));
 
 	private static TestDataSource dataSource;
+
 	private JdbcUserDetailsManager manager;
+
 	private MockUserCache cache;
+
 	private JdbcTemplate template;
 
 	@BeforeClass
@@ -182,7 +187,6 @@ public class JdbcUserDetailsManagerTests {
 		assertThat(cache.getUserMap().containsKey(newJoe.getUsername())).isFalse();
 	}
 
-
 	@Test
 	public void userExistsReturnsFalseForNonExistentUsername() {
 		assertThat(manager.userExists("joe")).isFalse();
@@ -236,8 +240,7 @@ public class JdbcUserDetailsManagerTests {
 		insertJoe();
 		authenticateJoe();
 		AuthenticationManager am = mock(AuthenticationManager.class);
-		when(am.authenticate(any(Authentication.class))).thenThrow(
-				new BadCredentialsException(""));
+		when(am.authenticate(any(Authentication.class))).thenThrow(new BadCredentialsException(""));
 
 		manager.setAuthenticationManager(am);
 
@@ -279,12 +282,10 @@ public class JdbcUserDetailsManagerTests {
 	@Test
 	@SuppressWarnings("unchecked")
 	public void createGroupInsertsCorrectData() {
-		manager.createGroup("TEST_GROUP",
-				AuthorityUtils.createAuthorityList("ROLE_X", "ROLE_Y"));
+		manager.createGroup("TEST_GROUP", AuthorityUtils.createAuthorityList("ROLE_X", "ROLE_Y"));
 
-		List roles = template
-				.queryForList("select ga.authority from groups g, group_authorities ga "
-						+ "where ga.group_id = g.id " + "and g.group_name = 'TEST_GROUP'");
+		List roles = template.queryForList("select ga.authority from groups g, group_authorities ga "
+				+ "where ga.group_id = g.id " + "and g.group_name = 'TEST_GROUP'");
 
 		assertThat(roles).hasSize(2);
 	}
@@ -305,26 +306,22 @@ public class JdbcUserDetailsManagerTests {
 	public void renameGroupIsSuccessful() {
 		manager.renameGroup("GROUP_0", "GROUP_X");
 
-		assertThat(template.queryForObject("select id from groups where group_name = 'GROUP_X'",
-				Integer.class)).isZero();
+		assertThat(template.queryForObject("select id from groups where group_name = 'GROUP_X'", Integer.class))
+				.isZero();
 	}
 
 	@Test
 	public void addingGroupUserSetsCorrectData() {
 		manager.addUserToGroup("tom", "GROUP_0");
 
-		assertThat(
-				template.queryForList(
-						"select username from group_members where group_id = 0")).hasSize(2);
+		assertThat(template.queryForList("select username from group_members where group_id = 0")).hasSize(2);
 	}
 
 	@Test
 	public void removeUserFromGroupDeletesGroupMemberRow() {
 		manager.removeUserFromGroup("jerry", "GROUP_1");
 
-		assertThat(
-								template.queryForList(
-						"select group_id from group_members where username = 'jerry'")).hasSize(1);
+		assertThat(template.queryForList("select group_id from group_members where username = 'jerry'")).hasSize(1);
 	}
 
 	@Test
@@ -337,8 +334,7 @@ public class JdbcUserDetailsManagerTests {
 		GrantedAuthority auth = new SimpleGrantedAuthority("ROLE_X");
 		manager.addGroupAuthority("GROUP_0", auth);
 
-		template.queryForObject(
-				"select authority from group_authorities where authority = 'ROLE_X' and group_id = 0",
+		template.queryForObject("select authority from group_authorities where authority = 'ROLE_X' and group_id = 0",
 				String.class);
 	}
 
@@ -346,14 +342,10 @@ public class JdbcUserDetailsManagerTests {
 	public void deleteGroupAuthorityRemovesCorrectRows() {
 		GrantedAuthority auth = new SimpleGrantedAuthority("ROLE_A");
 		manager.removeGroupAuthority("GROUP_0", auth);
-		assertThat(
-				template.queryForList(
-						"select authority from group_authorities where group_id = 0")).isEmpty();
+		assertThat(template.queryForList("select authority from group_authorities where group_id = 0")).isEmpty();
 
 		manager.removeGroupAuthority("GROUP_2", auth);
-		assertThat(
-				template.queryForList(
-						"select authority from group_authorities where group_id = 2")).hasSize(2);
+		assertThat(template.queryForList("select authority from group_authorities where group_id = 2")).hasSize(2);
 	}
 
 	// SEC-1156
@@ -378,15 +370,15 @@ public class JdbcUserDetailsManagerTests {
 	@Test
 	public void createNewAuthenticationUsesNullPasswordToKeepPassordsSave() {
 		insertJoe();
-		UsernamePasswordAuthenticationToken currentAuth = new UsernamePasswordAuthenticationToken(
-				"joe", null, AuthorityUtils.createAuthorityList("ROLE_USER"));
+		UsernamePasswordAuthenticationToken currentAuth = new UsernamePasswordAuthenticationToken("joe", null,
+				AuthorityUtils.createAuthorityList("ROLE_USER"));
 		Authentication updatedAuth = manager.createNewAuthentication(currentAuth, "new");
 		assertThat(updatedAuth.getCredentials()).isNull();
 	}
 
 	private Authentication authenticateJoe() {
-		UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(
-				"joe", "password", joe.getAuthorities());
+		UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("joe", "password",
+				joe.getAuthorities());
 		SecurityContextHolder.getContext().setAuthentication(auth);
 
 		return auth;
@@ -401,6 +393,7 @@ public class JdbcUserDetailsManagerTests {
 	}
 
 	private class MockUserCache implements UserCache {
+
 		private Map<String, UserDetails> cache = new HashMap<>();
 
 		public UserDetails getUserFromCache(String username) {
@@ -418,5 +411,7 @@ public class JdbcUserDetailsManagerTests {
 		Map<String, UserDetails> getUserMap() {
 			return cache;
 		}
+
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/scheduling/AbstractSecurityContextSchedulingTaskExecutorTests.java b/core/src/test/java/org/springframework/security/scheduling/AbstractSecurityContextSchedulingTaskExecutorTests.java
index 7ae6cfa990..12b4d0e3cb 100644
--- a/core/src/test/java/org/springframework/security/scheduling/AbstractSecurityContextSchedulingTaskExecutorTests.java
+++ b/core/src/test/java/org/springframework/security/scheduling/AbstractSecurityContextSchedulingTaskExecutorTests.java
@@ -32,8 +32,8 @@ import org.springframework.security.task.AbstractDelegatingSecurityContextAsyncT
  * @see CurrentSecurityContextSchedulingTaskExecutorTests
  * @see ExplicitSecurityContextSchedulingTaskExecutorTests
  */
-public abstract class AbstractSecurityContextSchedulingTaskExecutorTests extends
-		AbstractDelegatingSecurityContextAsyncTaskExecutorTests {
+public abstract class AbstractSecurityContextSchedulingTaskExecutorTests
+		extends AbstractDelegatingSecurityContextAsyncTaskExecutorTests {
 
 	@Mock
 	protected SchedulingTaskExecutor taskExecutorDelegate;
@@ -52,4 +52,5 @@ public abstract class AbstractSecurityContextSchedulingTaskExecutorTests extends
 	}
 
 	protected abstract DelegatingSecurityContextSchedulingTaskExecutor create();
+
 }
diff --git a/core/src/test/java/org/springframework/security/scheduling/CurrentSecurityContextSchedulingTaskExecutorTests.java b/core/src/test/java/org/springframework/security/scheduling/CurrentSecurityContextSchedulingTaskExecutorTests.java
index 3ee5bff24a..2134235050 100644
--- a/core/src/test/java/org/springframework/security/scheduling/CurrentSecurityContextSchedulingTaskExecutorTests.java
+++ b/core/src/test/java/org/springframework/security/scheduling/CurrentSecurityContextSchedulingTaskExecutorTests.java
@@ -26,8 +26,8 @@ import org.springframework.security.core.context.SecurityContext;
  * @since 3.2
  *
  */
-public class CurrentSecurityContextSchedulingTaskExecutorTests extends
-		AbstractSecurityContextSchedulingTaskExecutorTests {
+public class CurrentSecurityContextSchedulingTaskExecutorTests
+		extends AbstractSecurityContextSchedulingTaskExecutorTests {
 
 	@Before
 	public void setUp() throws Exception {
@@ -37,4 +37,5 @@ public class CurrentSecurityContextSchedulingTaskExecutorTests extends
 	protected DelegatingSecurityContextSchedulingTaskExecutor create() {
 		return new DelegatingSecurityContextSchedulingTaskExecutor(taskExecutorDelegate);
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/scheduling/DelegatingSecurityContextTaskSchedulerTests.java b/core/src/test/java/org/springframework/security/scheduling/DelegatingSecurityContextTaskSchedulerTests.java
index 33f49dce4e..4928c14ca3 100644
--- a/core/src/test/java/org/springframework/security/scheduling/DelegatingSecurityContextTaskSchedulerTests.java
+++ b/core/src/test/java/org/springframework/security/scheduling/DelegatingSecurityContextTaskSchedulerTests.java
@@ -30,7 +30,7 @@ import java.util.Date;
 import static org.mockito.Mockito.*;
 
 /**
- * Test An implementation of {@link TaskScheduler}  invoking it whenever the trigger
+ * Test An implementation of {@link TaskScheduler} invoking it whenever the trigger
  * indicates a next execution time.
  *
  * @author Richard Valdivieso
@@ -40,8 +40,10 @@ public class DelegatingSecurityContextTaskSchedulerTests {
 
 	@Mock
 	private TaskScheduler scheduler;
+
 	@Mock
 	private Runnable runnable;
+
 	@Mock
 	private Trigger trigger;
 
@@ -89,4 +91,5 @@ public class DelegatingSecurityContextTaskSchedulerTests {
 		delegatingSecurityContextTaskScheduler.scheduleAtFixedRate(runnable, 1000L);
 		verify(scheduler).scheduleAtFixedRate(isA(Runnable.class), eq(1000L));
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/scheduling/ExplicitSecurityContextSchedulingTaskExecutorTests.java b/core/src/test/java/org/springframework/security/scheduling/ExplicitSecurityContextSchedulingTaskExecutorTests.java
index d69f2ba664..02badbf9e5 100644
--- a/core/src/test/java/org/springframework/security/scheduling/ExplicitSecurityContextSchedulingTaskExecutorTests.java
+++ b/core/src/test/java/org/springframework/security/scheduling/ExplicitSecurityContextSchedulingTaskExecutorTests.java
@@ -26,8 +26,8 @@ import org.springframework.security.core.context.SecurityContext;
  * @since 3.2
  *
  */
-public class ExplicitSecurityContextSchedulingTaskExecutorTests extends
-		AbstractSecurityContextSchedulingTaskExecutorTests {
+public class ExplicitSecurityContextSchedulingTaskExecutorTests
+		extends AbstractSecurityContextSchedulingTaskExecutorTests {
 
 	@Before
 	public void setUp() throws Exception {
@@ -35,7 +35,7 @@ public class ExplicitSecurityContextSchedulingTaskExecutorTests extends
 	}
 
 	protected DelegatingSecurityContextSchedulingTaskExecutor create() {
-		return new DelegatingSecurityContextSchedulingTaskExecutor(taskExecutorDelegate,
-				securityContext);
+		return new DelegatingSecurityContextSchedulingTaskExecutor(taskExecutorDelegate, securityContext);
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/task/AbstractDelegatingSecurityContextAsyncTaskExecutorTests.java b/core/src/test/java/org/springframework/security/task/AbstractDelegatingSecurityContextAsyncTaskExecutorTests.java
index 29e4943a76..0636da970f 100644
--- a/core/src/test/java/org/springframework/security/task/AbstractDelegatingSecurityContextAsyncTaskExecutorTests.java
+++ b/core/src/test/java/org/springframework/security/task/AbstractDelegatingSecurityContextAsyncTaskExecutorTests.java
@@ -33,8 +33,9 @@ import org.springframework.security.concurrent.AbstractDelegatingSecurityContext
  * @see CurrentDelegatingSecurityContextAsyncTaskExecutorTests
  * @see ExplicitDelegatingSecurityContextAsyncTaskExecutorTests
  */
-public abstract class AbstractDelegatingSecurityContextAsyncTaskExecutorTests extends
-		AbstractDelegatingSecurityContextExecutorTests {
+public abstract class AbstractDelegatingSecurityContextAsyncTaskExecutorTests
+		extends AbstractDelegatingSecurityContextExecutorTests {
+
 	@Mock
 	protected AsyncTaskExecutor taskExecutorDelegate;
 
@@ -68,4 +69,5 @@ public abstract class AbstractDelegatingSecurityContextAsyncTaskExecutorTests ex
 	}
 
 	protected abstract DelegatingSecurityContextAsyncTaskExecutor create();
+
 }
diff --git a/core/src/test/java/org/springframework/security/task/CurrentDelegatingSecurityContextAsyncTaskExecutorTests.java b/core/src/test/java/org/springframework/security/task/CurrentDelegatingSecurityContextAsyncTaskExecutorTests.java
index 059f09b912..e11ffad0f3 100644
--- a/core/src/test/java/org/springframework/security/task/CurrentDelegatingSecurityContextAsyncTaskExecutorTests.java
+++ b/core/src/test/java/org/springframework/security/task/CurrentDelegatingSecurityContextAsyncTaskExecutorTests.java
@@ -25,8 +25,8 @@ import org.junit.Before;
  * @since 3.2
  *
  */
-public class CurrentDelegatingSecurityContextAsyncTaskExecutorTests extends
-		AbstractDelegatingSecurityContextAsyncTaskExecutorTests {
+public class CurrentDelegatingSecurityContextAsyncTaskExecutorTests
+		extends AbstractDelegatingSecurityContextAsyncTaskExecutorTests {
 
 	@Before
 	public void setUp() throws Exception {
diff --git a/core/src/test/java/org/springframework/security/task/CurrentDelegatingSecurityContextTaskExecutorTests.java b/core/src/test/java/org/springframework/security/task/CurrentDelegatingSecurityContextTaskExecutorTests.java
index 402a098bfa..d4f9185a6d 100644
--- a/core/src/test/java/org/springframework/security/task/CurrentDelegatingSecurityContextTaskExecutorTests.java
+++ b/core/src/test/java/org/springframework/security/task/CurrentDelegatingSecurityContextTaskExecutorTests.java
@@ -31,8 +31,8 @@ import org.springframework.security.concurrent.AbstractDelegatingSecurityContext
  * @since 3.2
  *
  */
-public class CurrentDelegatingSecurityContextTaskExecutorTests extends
-		AbstractDelegatingSecurityContextExecutorTests {
+public class CurrentDelegatingSecurityContextTaskExecutorTests extends AbstractDelegatingSecurityContextExecutorTests {
+
 	@Mock
 	private TaskExecutor taskExecutorDelegate;
 
@@ -48,4 +48,5 @@ public class CurrentDelegatingSecurityContextTaskExecutorTests extends
 	protected DelegatingSecurityContextExecutor create() {
 		return new DelegatingSecurityContextTaskExecutor(taskExecutorDelegate);
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/task/ExplicitDelegatingSecurityContextAsyncTaskExecutorTests.java b/core/src/test/java/org/springframework/security/task/ExplicitDelegatingSecurityContextAsyncTaskExecutorTests.java
index 05bee79214..55b4efe50c 100644
--- a/core/src/test/java/org/springframework/security/task/ExplicitDelegatingSecurityContextAsyncTaskExecutorTests.java
+++ b/core/src/test/java/org/springframework/security/task/ExplicitDelegatingSecurityContextAsyncTaskExecutorTests.java
@@ -25,8 +25,8 @@ import org.junit.Before;
  * @since 3.2
  *
  */
-public class ExplicitDelegatingSecurityContextAsyncTaskExecutorTests extends
-		AbstractDelegatingSecurityContextAsyncTaskExecutorTests {
+public class ExplicitDelegatingSecurityContextAsyncTaskExecutorTests
+		extends AbstractDelegatingSecurityContextAsyncTaskExecutorTests {
 
 	@Before
 	public void setUp() throws Exception {
@@ -35,8 +35,7 @@ public class ExplicitDelegatingSecurityContextAsyncTaskExecutorTests extends
 
 	@Override
 	protected DelegatingSecurityContextAsyncTaskExecutor create() {
-		return new DelegatingSecurityContextAsyncTaskExecutor(taskExecutorDelegate,
-				securityContext);
+		return new DelegatingSecurityContextAsyncTaskExecutor(taskExecutorDelegate, securityContext);
 	}
 
 }
diff --git a/core/src/test/java/org/springframework/security/task/ExplicitDelegatingSecurityContextTaskExecutorTests.java b/core/src/test/java/org/springframework/security/task/ExplicitDelegatingSecurityContextTaskExecutorTests.java
index 02d93d9aee..15b3de0557 100644
--- a/core/src/test/java/org/springframework/security/task/ExplicitDelegatingSecurityContextTaskExecutorTests.java
+++ b/core/src/test/java/org/springframework/security/task/ExplicitDelegatingSecurityContextTaskExecutorTests.java
@@ -31,8 +31,8 @@ import org.springframework.security.concurrent.AbstractDelegatingSecurityContext
  * @since 3.2
  *
  */
-public class ExplicitDelegatingSecurityContextTaskExecutorTests extends
-		AbstractDelegatingSecurityContextExecutorTests {
+public class ExplicitDelegatingSecurityContextTaskExecutorTests extends AbstractDelegatingSecurityContextExecutorTests {
+
 	@Mock
 	private TaskExecutor taskExecutorDelegate;
 
@@ -46,7 +46,7 @@ public class ExplicitDelegatingSecurityContextTaskExecutorTests extends
 	}
 
 	protected DelegatingSecurityContextExecutor create() {
-		return new DelegatingSecurityContextTaskExecutor(taskExecutorDelegate,
-				securityContext);
+		return new DelegatingSecurityContextTaskExecutor(taskExecutorDelegate, securityContext);
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/util/FieldUtilsTests.java b/core/src/test/java/org/springframework/security/util/FieldUtilsTests.java
index 50b90c7886..a6c6746de9 100644
--- a/core/src/test/java/org/springframework/security/util/FieldUtilsTests.java
+++ b/core/src/test/java/org/springframework/security/util/FieldUtilsTests.java
@@ -15,7 +15,6 @@
  */
 package org.springframework.security.util;
 
-
 import static org.assertj.core.api.Assertions.assertThat;
 
 import org.junit.*;
@@ -42,15 +41,21 @@ public class FieldUtilsTests {
 		catch (IllegalStateException expected) {
 		}
 	}
+
 }
 
 @SuppressWarnings("unused")
 class TestClass {
+
 	private String protectedField = "x";
+
 	private Nested nested = new Nested();
+
 }
 
 @SuppressWarnings("unused")
 class Nested {
+
 	private String protectedField = "z";
+
 }
diff --git a/core/src/test/java/org/springframework/security/util/InMemoryResourceTests.java b/core/src/test/java/org/springframework/security/util/InMemoryResourceTests.java
index b1b7fe8098..3b8f0062b3 100644
--- a/core/src/test/java/org/springframework/security/util/InMemoryResourceTests.java
+++ b/core/src/test/java/org/springframework/security/util/InMemoryResourceTests.java
@@ -38,4 +38,5 @@ public class InMemoryResourceTests {
 		assertThat(new InMemoryResource("xxx").equals(new InMemoryResource("xxxx"))).isFalse();
 		assertThat(new InMemoryResource("xxx").equals(new Object())).isFalse();
 	}
+
 }
diff --git a/core/src/test/java/org/springframework/security/util/MethodInvocationUtilsTests.java b/core/src/test/java/org/springframework/security/util/MethodInvocationUtilsTests.java
index 2c055d33a3..3aadc6bd64 100644
--- a/core/src/test/java/org/springframework/security/util/MethodInvocationUtilsTests.java
+++ b/core/src/test/java/org/springframework/security/util/MethodInvocationUtilsTests.java
@@ -25,7 +25,6 @@ import org.springframework.security.access.annotation.BusinessServiceImpl;
 import java.io.Serializable;
 
 /**
- *
  * @author Luke Taylor
  */
 public class MethodInvocationUtilsTests {
@@ -34,28 +33,26 @@ public class MethodInvocationUtilsTests {
 	public void createFromClassReturnsMethodWithNoArgInfoForMethodWithNoArgs() {
 		new MethodInvocationUtils();
 
-		MethodInvocation mi = MethodInvocationUtils.createFromClass(String.class,
-				"length");
+		MethodInvocation mi = MethodInvocationUtils.createFromClass(String.class, "length");
 		assertThat(mi).isNotNull();
 	}
 
 	@Test
 	public void createFromClassReturnsMethodIfArgInfoOmittedAndMethodNameIsUnique() {
-		MethodInvocation mi = MethodInvocationUtils.createFromClass(
-				BusinessServiceImpl.class, "methodReturningAnArray");
+		MethodInvocation mi = MethodInvocationUtils.createFromClass(BusinessServiceImpl.class,
+				"methodReturningAnArray");
 		assertThat(mi).isNotNull();
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void exceptionIsRaisedIfArgInfoOmittedAndMethodNameIsNotUnique() {
-		MethodInvocationUtils.createFromClass(BusinessServiceImpl.class,
-				"methodReturningAList");
+		MethodInvocationUtils.createFromClass(BusinessServiceImpl.class, "methodReturningAList");
 	}
 
 	@Test
 	public void createFromClassReturnsMethodIfGivenArgInfoForMethodWithArgs() {
-		MethodInvocation mi = MethodInvocationUtils.createFromClass(null, String.class,
-				"compareTo", new Class<?>[] { String.class }, new Object[] { "" });
+		MethodInvocation mi = MethodInvocationUtils.createFromClass(null, String.class, "compareTo",
+				new Class<?>[] { String.class }, new Object[] { "" });
 		assertThat(mi).isNotNull();
 	}
 
@@ -63,8 +60,7 @@ public class MethodInvocationUtilsTests {
 	public void createFromObjectLocatesExistingMethods() {
 		AdvisedTarget t = new AdvisedTarget();
 		// Just lie about interfaces
-		t.setInterfaces(new Class[] { Serializable.class, MethodInvocation.class,
-				Blah.class });
+		t.setInterfaces(new Class[] { Serializable.class, MethodInvocation.class, Blah.class });
 
 		MethodInvocation mi = MethodInvocationUtils.create(t, "blah");
 		assertThat(mi).isNotNull();
@@ -77,11 +73,16 @@ public class MethodInvocationUtilsTests {
 	}
 
 	interface Blah {
+
 		void blah();
+
 	}
 
 	class AdvisedTarget extends AdvisedSupport implements Blah {
+
 		public void blah() {
 		}
+
 	}
+
 }
diff --git a/crypto/src/main/java/org/springframework/security/crypto/argon2/Argon2EncodingUtils.java b/crypto/src/main/java/org/springframework/security/crypto/argon2/Argon2EncodingUtils.java
index 9c1920e2bf..18efe2479f 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/argon2/Argon2EncodingUtils.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/argon2/Argon2EncodingUtils.java
@@ -28,22 +28,24 @@ import org.bouncycastle.util.Arrays;
  * @since 5.3
  */
 class Argon2EncodingUtils {
+
 	private static final Base64.Encoder b64encoder = Base64.getEncoder().withoutPadding();
+
 	private static final Base64.Decoder b64decoder = Base64.getDecoder();
 
 	/**
-	 * Encodes a raw Argon2-hash and its parameters into the standard Argon2-hash-string as specified in the reference
-	 * implementation (https://github.com/P-H-C/phc-winner-argon2/blob/master/src/encoding.c#L244):
+	 * Encodes a raw Argon2-hash and its parameters into the standard Argon2-hash-string
+	 * as specified in the reference implementation
+	 * (https://github.com/P-H-C/phc-winner-argon2/blob/master/src/encoding.c#L244):
 	 *
 	 * {@code $argon2<T>[$v=<num>]$m=<num>,t=<num>,p=<num>$<bin>$<bin>}
 	 *
-	 * where {@code <T>} is either 'd', 'id', or 'i', {@code <num>} is a decimal integer (positive,
-	 * fits in an 'unsigned long'), and {@code <bin>} is Base64-encoded data (no '=' padding
-	 * characters, no newline or whitespace).
-	 *
-	 * The last two binary chunks (encoded in Base64) are, in that order,
-	 * the salt and the output. If no salt has been used, the salt will be omitted.
+	 * where {@code <T>} is either 'd', 'id', or 'i', {@code <num>} is a decimal integer
+	 * (positive, fits in an 'unsigned long'), and {@code <bin>} is Base64-encoded data
+	 * (no '=' padding characters, no newline or whitespace).
 	 *
+	 * The last two binary chunks (encoded in Base64) are, in that order, the salt and the
+	 * output. If no salt has been used, the salt will be omitted.
 	 * @param hash the raw Argon2 hash in binary format
 	 * @param parameters the Argon2 parameters that were used to create the hash
 	 * @return the encoded Argon2-hash-string as described above
@@ -53,44 +55,48 @@ class Argon2EncodingUtils {
 		StringBuilder stringBuilder = new StringBuilder();
 
 		switch (parameters.getType()) {
-			case Argon2Parameters.ARGON2_d: stringBuilder.append("$argon2d"); break;
-			case Argon2Parameters.ARGON2_i: stringBuilder.append("$argon2i"); break;
-			case Argon2Parameters.ARGON2_id: stringBuilder.append("$argon2id"); break;
-			default: throw new IllegalArgumentException("Invalid algorithm type: "+parameters.getType());
+		case Argon2Parameters.ARGON2_d:
+			stringBuilder.append("$argon2d");
+			break;
+		case Argon2Parameters.ARGON2_i:
+			stringBuilder.append("$argon2i");
+			break;
+		case Argon2Parameters.ARGON2_id:
+			stringBuilder.append("$argon2id");
+			break;
+		default:
+			throw new IllegalArgumentException("Invalid algorithm type: " + parameters.getType());
 		}
-		stringBuilder.append("$v=").append(parameters.getVersion())
-				.append("$m=").append(parameters.getMemory())
-				.append(",t=").append(parameters.getIterations())
-				.append(",p=").append(parameters.getLanes());
+		stringBuilder.append("$v=").append(parameters.getVersion()).append("$m=").append(parameters.getMemory())
+				.append(",t=").append(parameters.getIterations()).append(",p=").append(parameters.getLanes());
 
 		if (parameters.getSalt() != null) {
-			stringBuilder.append("$")
-					.append(b64encoder.encodeToString(parameters.getSalt()));
+			stringBuilder.append("$").append(b64encoder.encodeToString(parameters.getSalt()));
 		}
 
-		stringBuilder.append("$")
-				.append(b64encoder.encodeToString(hash));
+		stringBuilder.append("$").append(b64encoder.encodeToString(hash));
 
 		return stringBuilder.toString();
 	}
 
 	/**
 	 * Decodes an Argon2 hash string as specified in the reference implementation
-	 * (https://github.com/P-H-C/phc-winner-argon2/blob/master/src/encoding.c#L244) into the raw hash and the used
-	 * parameters.
+	 * (https://github.com/P-H-C/phc-winner-argon2/blob/master/src/encoding.c#L244) into
+	 * the raw hash and the used parameters.
 	 *
 	 * The hash has to be formatted as follows:
 	 * {@code $argon2<T>[$v=<num>]$m=<num>,t=<num>,p=<num>$<bin>$<bin>}
 	 *
-	 * where {@code <T>} is either 'd', 'id', or 'i', {@code <num>} is a decimal integer (positive,
-	 * fits in an 'unsigned long'), and {@code <bin>} is Base64-encoded data (no '=' padding
-	 * characters, no newline or whitespace).
+	 * where {@code <T>} is either 'd', 'id', or 'i', {@code <num>} is a decimal integer
+	 * (positive, fits in an 'unsigned long'), and {@code <bin>} is Base64-encoded data
+	 * (no '=' padding characters, no newline or whitespace).
 	 *
-	 * The last two binary chunks (encoded in Base64) are, in that order,
-	 * the salt and the output. Both are required. The binary salt length and the
-	 * output length must be in the allowed ranges defined in argon2.h.
+	 * The last two binary chunks (encoded in Base64) are, in that order, the salt and the
+	 * output. Both are required. The binary salt length and the output length must be in
+	 * the allowed ranges defined in argon2.h.
 	 * @param encodedHash the Argon2 hash string as described above
-	 * @return an {@link Argon2Hash} object containing the raw hash and the {@link Argon2Parameters}.
+	 * @return an {@link Argon2Hash} object containing the raw hash and the
+	 * {@link Argon2Parameters}.
 	 * @throws IllegalArgumentException if the encoded hash is malformed
 	 */
 	public static Argon2Hash decode(String encodedHash) throws IllegalArgumentException {
@@ -105,10 +111,17 @@ class Argon2EncodingUtils {
 		int currentPart = 1;
 
 		switch (parts[currentPart++]) {
-			case "argon2d": paramsBuilder = new Argon2Parameters.Builder(Argon2Parameters.ARGON2_d); break;
-			case "argon2i": paramsBuilder = new Argon2Parameters.Builder(Argon2Parameters.ARGON2_i); break;
-			case "argon2id": paramsBuilder = new Argon2Parameters.Builder(Argon2Parameters.ARGON2_id); break;
-			default: throw new IllegalArgumentException("Invalid algorithm type: "+parts[0]);
+		case "argon2d":
+			paramsBuilder = new Argon2Parameters.Builder(Argon2Parameters.ARGON2_d);
+			break;
+		case "argon2i":
+			paramsBuilder = new Argon2Parameters.Builder(Argon2Parameters.ARGON2_i);
+			break;
+		case "argon2id":
+			paramsBuilder = new Argon2Parameters.Builder(Argon2Parameters.ARGON2_id);
+			break;
+		default:
+			throw new IllegalArgumentException("Invalid algorithm type: " + parts[0]);
 		}
 
 		if (parts[currentPart].startsWith("v=")) {
@@ -124,19 +137,22 @@ class Argon2EncodingUtils {
 
 		if (performanceParams[0].startsWith("m=")) {
 			paramsBuilder.withMemoryAsKB(Integer.parseInt(performanceParams[0].substring(2)));
-		} else {
+		}
+		else {
 			throw new IllegalArgumentException("Invalid memory parameter");
 		}
 
 		if (performanceParams[1].startsWith("t=")) {
 			paramsBuilder.withIterations(Integer.parseInt(performanceParams[1].substring(2)));
-		} else {
+		}
+		else {
 			throw new IllegalArgumentException("Invalid iterations parameter");
 		}
 
 		if (performanceParams[2].startsWith("p=")) {
 			paramsBuilder.withParallelism(Integer.parseInt(performanceParams[2].substring(2)));
-		} else {
+		}
+		else {
 			throw new IllegalArgumentException("Invalid parallelity parameter");
 		}
 
@@ -148,6 +164,7 @@ class Argon2EncodingUtils {
 	public static class Argon2Hash {
 
 		private byte[] hash;
+
 		private Argon2Parameters parameters;
 
 		Argon2Hash(byte[] hash, Argon2Parameters parameters) {
@@ -170,5 +187,7 @@ class Argon2EncodingUtils {
 		public void setParameters(Argon2Parameters parameters) {
 			this.parameters = parameters;
 		}
+
 	}
+
 }
diff --git a/crypto/src/main/java/org/springframework/security/crypto/argon2/Argon2PasswordEncoder.java b/crypto/src/main/java/org/springframework/security/crypto/argon2/Argon2PasswordEncoder.java
index 0e38c1072b..f66e31e1ba 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/argon2/Argon2PasswordEncoder.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/argon2/Argon2PasswordEncoder.java
@@ -26,16 +26,19 @@ import org.springframework.security.crypto.password.PasswordEncoder;
 
 /**
  * <p>
- * Implementation of PasswordEncoder that uses the Argon2 hashing function.
- * Clients can optionally supply the length of the salt to use, the length
- * of the generated hash, a cpu cost parameter, a memory cost parameter
- * and a parallelization parameter.
+ * Implementation of PasswordEncoder that uses the Argon2 hashing function. Clients can
+ * optionally supply the length of the salt to use, the length of the generated hash, a
+ * cpu cost parameter, a memory cost parameter and a parallelization parameter.
  * </p>
  *
- * <p>Note:</p>
- * <p>The currently implementation uses Bouncy castle which does not exploit
- * parallelism/optimizations that password crackers will, so there is an
- * unnecessary asymmetry between attacker and defender.</p>
+ * <p>
+ * Note:
+ * </p>
+ * <p>
+ * The currently implementation uses Bouncy castle which does not exploit
+ * parallelism/optimizations that password crackers will, so there is an unnecessary
+ * asymmetry between attacker and defender.
+ * </p>
  *
  * @author Simeon Macke
  * @since 5.3
@@ -43,16 +46,23 @@ import org.springframework.security.crypto.password.PasswordEncoder;
 public class Argon2PasswordEncoder implements PasswordEncoder {
 
 	private static final int DEFAULT_SALT_LENGTH = 16;
+
 	private static final int DEFAULT_HASH_LENGTH = 32;
+
 	private static final int DEFAULT_PARALLELISM = 1;
+
 	private static final int DEFAULT_MEMORY = 1 << 12;
+
 	private static final int DEFAULT_ITERATIONS = 3;
 
 	private final Log logger = LogFactory.getLog(getClass());
 
 	private final int hashLength;
+
 	private final int parallelism;
+
 	private final int memory;
+
 	private final int iterations;
 
 	private final BytesKeyGenerator saltGenerator;
@@ -75,12 +85,8 @@ public class Argon2PasswordEncoder implements PasswordEncoder {
 		byte[] salt = saltGenerator.generateKey();
 		byte[] hash = new byte[hashLength];
 
-		Argon2Parameters params = new Argon2Parameters.Builder(Argon2Parameters.ARGON2_id).
-				withSalt(salt).
-				withParallelism(parallelism).
-				withMemoryAsKB(memory).
-				withIterations(iterations).
-				build();
+		Argon2Parameters params = new Argon2Parameters.Builder(Argon2Parameters.ARGON2_id).withSalt(salt)
+				.withParallelism(parallelism).withMemoryAsKB(memory).withIterations(iterations).build();
 		Argon2BytesGenerator generator = new Argon2BytesGenerator();
 		generator.init(params);
 		generator.generateBytes(rawPassword.toString().toCharArray(), hash);
@@ -99,7 +105,8 @@ public class Argon2PasswordEncoder implements PasswordEncoder {
 
 		try {
 			decoded = Argon2EncodingUtils.decode(encodedPassword);
-		} catch (IllegalArgumentException e) {
+		}
+		catch (IllegalArgumentException e) {
 			logger.warn("Malformed password hash", e);
 			return false;
 		}
diff --git a/crypto/src/main/java/org/springframework/security/crypto/bcrypt/BCrypt.java b/crypto/src/main/java/org/springframework/security/crypto/bcrypt/BCrypt.java
index ab9a9d7a8a..0d57216641 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/bcrypt/BCrypt.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/bcrypt/BCrypt.java
@@ -19,25 +19,23 @@ import java.util.Arrays;
 import java.security.SecureRandom;
 
 /**
- * BCrypt implements OpenBSD-style Blowfish password hashing using
- * the scheme described in "A Future-Adaptable Password Scheme" by
- * Niels Provos and David Mazieres.
+ * BCrypt implements OpenBSD-style Blowfish password hashing using the scheme described in
+ * "A Future-Adaptable Password Scheme" by Niels Provos and David Mazieres.
  * <p>
- * This password hashing system tries to thwart off-line password
- * cracking using a computationally-intensive hashing algorithm,
- * based on Bruce Schneier's Blowfish cipher. The work factor of
- * the algorithm is parameterised, so it can be increased as
- * computers get faster.
+ * This password hashing system tries to thwart off-line password cracking using a
+ * computationally-intensive hashing algorithm, based on Bruce Schneier's Blowfish cipher.
+ * The work factor of the algorithm is parameterised, so it can be increased as computers
+ * get faster.
  * <p>
- * Usage is really simple. To hash a password for the first time,
- * call the hashpw method with a random salt, like this:
+ * Usage is really simple. To hash a password for the first time, call the hashpw method
+ * with a random salt, like this:
  * <p>
  * <code>
  * String pw_hash = BCrypt.hashpw(plain_password, BCrypt.gensalt()); <br />
  * </code>
  * <p>
- * To check whether a plaintext password matches one that has been
- * hashed previously, use the checkpw method:
+ * To check whether a plaintext password matches one that has been hashed previously, use
+ * the checkpw method:
  * <p>
  * <code>
  * if (BCrypt.checkpw(candidate_password, stored_hash))<br />
@@ -46,347 +44,185 @@ import java.security.SecureRandom;
  * &nbsp;&nbsp;&nbsp;&nbsp;System.out.println("It does not match");<br />
  * </code>
  * <p>
- * The gensalt() method takes an optional parameter (log_rounds)
- * that determines the computational complexity of the hashing:
+ * The gensalt() method takes an optional parameter (log_rounds) that determines the
+ * computational complexity of the hashing:
  * <p>
  * <code>
  * String strong_salt = BCrypt.gensalt(10)<br />
  * String stronger_salt = BCrypt.gensalt(12)<br />
  * </code>
  * <p>
- * The amount of work increases exponentially (2**log_rounds), so
- * each increment is twice as much work. The default log_rounds is
- * 10, and the valid range is 4 to 31.
+ * The amount of work increases exponentially (2**log_rounds), so each increment is twice
+ * as much work. The default log_rounds is 10, and the valid range is 4 to 31.
  *
  * @author Damien Miller
  * @version 0.3
  */
 public class BCrypt {
+
 	// BCrypt parameters
 	private static final int GENSALT_DEFAULT_LOG2_ROUNDS = 10;
+
 	private static final int BCRYPT_SALT_LEN = 16;
 
 	// Blowfish parameters
 	private static final int BLOWFISH_NUM_ROUNDS = 16;
 
 	// Initial contents of key schedule
-	private static final int P_orig[] = {
-			0x243f6a88, 0x85a308d3, 0x13198a2e, 0x03707344,
-			0xa4093822, 0x299f31d0, 0x082efa98, 0xec4e6c89,
-			0x452821e6, 0x38d01377, 0xbe5466cf, 0x34e90c6c,
-			0xc0ac29b7, 0xc97c50dd, 0x3f84d5b5, 0xb5470917,
-			0x9216d5d9, 0x8979fb1b
-	};
-	private static final int S_orig[] = {
-			0xd1310ba6, 0x98dfb5ac, 0x2ffd72db, 0xd01adfb7,
-			0xb8e1afed, 0x6a267e96, 0xba7c9045, 0xf12c7f99,
-			0x24a19947, 0xb3916cf7, 0x0801f2e2, 0x858efc16,
-			0x636920d8, 0x71574e69, 0xa458fea3, 0xf4933d7e,
-			0x0d95748f, 0x728eb658, 0x718bcd58, 0x82154aee,
-			0x7b54a41d, 0xc25a59b5, 0x9c30d539, 0x2af26013,
-			0xc5d1b023, 0x286085f0, 0xca417918, 0xb8db38ef,
-			0x8e79dcb0, 0x603a180e, 0x6c9e0e8b, 0xb01e8a3e,
-			0xd71577c1, 0xbd314b27, 0x78af2fda, 0x55605c60,
-			0xe65525f3, 0xaa55ab94, 0x57489862, 0x63e81440,
-			0x55ca396a, 0x2aab10b6, 0xb4cc5c34, 0x1141e8ce,
-			0xa15486af, 0x7c72e993, 0xb3ee1411, 0x636fbc2a,
-			0x2ba9c55d, 0x741831f6, 0xce5c3e16, 0x9b87931e,
-			0xafd6ba33, 0x6c24cf5c, 0x7a325381, 0x28958677,
-			0x3b8f4898, 0x6b4bb9af, 0xc4bfe81b, 0x66282193,
-			0x61d809cc, 0xfb21a991, 0x487cac60, 0x5dec8032,
-			0xef845d5d, 0xe98575b1, 0xdc262302, 0xeb651b88,
-			0x23893e81, 0xd396acc5, 0x0f6d6ff3, 0x83f44239,
-			0x2e0b4482, 0xa4842004, 0x69c8f04a, 0x9e1f9b5e,
-			0x21c66842, 0xf6e96c9a, 0x670c9c61, 0xabd388f0,
-			0x6a51a0d2, 0xd8542f68, 0x960fa728, 0xab5133a3,
-			0x6eef0b6c, 0x137a3be4, 0xba3bf050, 0x7efb2a98,
-			0xa1f1651d, 0x39af0176, 0x66ca593e, 0x82430e88,
-			0x8cee8619, 0x456f9fb4, 0x7d84a5c3, 0x3b8b5ebe,
-			0xe06f75d8, 0x85c12073, 0x401a449f, 0x56c16aa6,
-			0x4ed3aa62, 0x363f7706, 0x1bfedf72, 0x429b023d,
-			0x37d0d724, 0xd00a1248, 0xdb0fead3, 0x49f1c09b,
-			0x075372c9, 0x80991b7b, 0x25d479d8, 0xf6e8def7,
-			0xe3fe501a, 0xb6794c3b, 0x976ce0bd, 0x04c006ba,
-			0xc1a94fb6, 0x409f60c4, 0x5e5c9ec2, 0x196a2463,
-			0x68fb6faf, 0x3e6c53b5, 0x1339b2eb, 0x3b52ec6f,
-			0x6dfc511f, 0x9b30952c, 0xcc814544, 0xaf5ebd09,
-			0xbee3d004, 0xde334afd, 0x660f2807, 0x192e4bb3,
-			0xc0cba857, 0x45c8740f, 0xd20b5f39, 0xb9d3fbdb,
-			0x5579c0bd, 0x1a60320a, 0xd6a100c6, 0x402c7279,
-			0x679f25fe, 0xfb1fa3cc, 0x8ea5e9f8, 0xdb3222f8,
-			0x3c7516df, 0xfd616b15, 0x2f501ec8, 0xad0552ab,
-			0x323db5fa, 0xfd238760, 0x53317b48, 0x3e00df82,
-			0x9e5c57bb, 0xca6f8ca0, 0x1a87562e, 0xdf1769db,
-			0xd542a8f6, 0x287effc3, 0xac6732c6, 0x8c4f5573,
-			0x695b27b0, 0xbbca58c8, 0xe1ffa35d, 0xb8f011a0,
-			0x10fa3d98, 0xfd2183b8, 0x4afcb56c, 0x2dd1d35b,
-			0x9a53e479, 0xb6f84565, 0xd28e49bc, 0x4bfb9790,
-			0xe1ddf2da, 0xa4cb7e33, 0x62fb1341, 0xcee4c6e8,
-			0xef20cada, 0x36774c01, 0xd07e9efe, 0x2bf11fb4,
-			0x95dbda4d, 0xae909198, 0xeaad8e71, 0x6b93d5a0,
-			0xd08ed1d0, 0xafc725e0, 0x8e3c5b2f, 0x8e7594b7,
-			0x8ff6e2fb, 0xf2122b64, 0x8888b812, 0x900df01c,
-			0x4fad5ea0, 0x688fc31c, 0xd1cff191, 0xb3a8c1ad,
-			0x2f2f2218, 0xbe0e1777, 0xea752dfe, 0x8b021fa1,
-			0xe5a0cc0f, 0xb56f74e8, 0x18acf3d6, 0xce89e299,
-			0xb4a84fe0, 0xfd13e0b7, 0x7cc43b81, 0xd2ada8d9,
-			0x165fa266, 0x80957705, 0x93cc7314, 0x211a1477,
-			0xe6ad2065, 0x77b5fa86, 0xc75442f5, 0xfb9d35cf,
-			0xebcdaf0c, 0x7b3e89a0, 0xd6411bd3, 0xae1e7e49,
-			0x00250e2d, 0x2071b35e, 0x226800bb, 0x57b8e0af,
-			0x2464369b, 0xf009b91e, 0x5563911d, 0x59dfa6aa,
-			0x78c14389, 0xd95a537f, 0x207d5ba2, 0x02e5b9c5,
-			0x83260376, 0x6295cfa9, 0x11c81968, 0x4e734a41,
-			0xb3472dca, 0x7b14a94a, 0x1b510052, 0x9a532915,
-			0xd60f573f, 0xbc9bc6e4, 0x2b60a476, 0x81e67400,
-			0x08ba6fb5, 0x571be91f, 0xf296ec6b, 0x2a0dd915,
-			0xb6636521, 0xe7b9f9b6, 0xff34052e, 0xc5855664,
-			0x53b02d5d, 0xa99f8fa1, 0x08ba4799, 0x6e85076a,
-			0x4b7a70e9, 0xb5b32944, 0xdb75092e, 0xc4192623,
-			0xad6ea6b0, 0x49a7df7d, 0x9cee60b8, 0x8fedb266,
-			0xecaa8c71, 0x699a17ff, 0x5664526c, 0xc2b19ee1,
-			0x193602a5, 0x75094c29, 0xa0591340, 0xe4183a3e,
-			0x3f54989a, 0x5b429d65, 0x6b8fe4d6, 0x99f73fd6,
-			0xa1d29c07, 0xefe830f5, 0x4d2d38e6, 0xf0255dc1,
-			0x4cdd2086, 0x8470eb26, 0x6382e9c6, 0x021ecc5e,
-			0x09686b3f, 0x3ebaefc9, 0x3c971814, 0x6b6a70a1,
-			0x687f3584, 0x52a0e286, 0xb79c5305, 0xaa500737,
-			0x3e07841c, 0x7fdeae5c, 0x8e7d44ec, 0x5716f2b8,
-			0xb03ada37, 0xf0500c0d, 0xf01c1f04, 0x0200b3ff,
-			0xae0cf51a, 0x3cb574b2, 0x25837a58, 0xdc0921bd,
-			0xd19113f9, 0x7ca92ff6, 0x94324773, 0x22f54701,
-			0x3ae5e581, 0x37c2dadc, 0xc8b57634, 0x9af3dda7,
-			0xa9446146, 0x0fd0030e, 0xecc8c73e, 0xa4751e41,
-			0xe238cd99, 0x3bea0e2f, 0x3280bba1, 0x183eb331,
-			0x4e548b38, 0x4f6db908, 0x6f420d03, 0xf60a04bf,
-			0x2cb81290, 0x24977c79, 0x5679b072, 0xbcaf89af,
-			0xde9a771f, 0xd9930810, 0xb38bae12, 0xdccf3f2e,
-			0x5512721f, 0x2e6b7124, 0x501adde6, 0x9f84cd87,
-			0x7a584718, 0x7408da17, 0xbc9f9abc, 0xe94b7d8c,
-			0xec7aec3a, 0xdb851dfa, 0x63094366, 0xc464c3d2,
-			0xef1c1847, 0x3215d908, 0xdd433b37, 0x24c2ba16,
-			0x12a14d43, 0x2a65c451, 0x50940002, 0x133ae4dd,
-			0x71dff89e, 0x10314e55, 0x81ac77d6, 0x5f11199b,
-			0x043556f1, 0xd7a3c76b, 0x3c11183b, 0x5924a509,
-			0xf28fe6ed, 0x97f1fbfa, 0x9ebabf2c, 0x1e153c6e,
-			0x86e34570, 0xeae96fb1, 0x860e5e0a, 0x5a3e2ab3,
-			0x771fe71c, 0x4e3d06fa, 0x2965dcb9, 0x99e71d0f,
-			0x803e89d6, 0x5266c825, 0x2e4cc978, 0x9c10b36a,
-			0xc6150eba, 0x94e2ea78, 0xa5fc3c53, 0x1e0a2df4,
-			0xf2f74ea7, 0x361d2b3d, 0x1939260f, 0x19c27960,
-			0x5223a708, 0xf71312b6, 0xebadfe6e, 0xeac31f66,
-			0xe3bc4595, 0xa67bc883, 0xb17f37d1, 0x018cff28,
-			0xc332ddef, 0xbe6c5aa5, 0x65582185, 0x68ab9802,
-			0xeecea50f, 0xdb2f953b, 0x2aef7dad, 0x5b6e2f84,
-			0x1521b628, 0x29076170, 0xecdd4775, 0x619f1510,
-			0x13cca830, 0xeb61bd96, 0x0334fe1e, 0xaa0363cf,
-			0xb5735c90, 0x4c70a239, 0xd59e9e0b, 0xcbaade14,
-			0xeecc86bc, 0x60622ca7, 0x9cab5cab, 0xb2f3846e,
-			0x648b1eaf, 0x19bdf0ca, 0xa02369b9, 0x655abb50,
-			0x40685a32, 0x3c2ab4b3, 0x319ee9d5, 0xc021b8f7,
-			0x9b540b19, 0x875fa099, 0x95f7997e, 0x623d7da8,
-			0xf837889a, 0x97e32d77, 0x11ed935f, 0x16681281,
-			0x0e358829, 0xc7e61fd6, 0x96dedfa1, 0x7858ba99,
-			0x57f584a5, 0x1b227263, 0x9b83c3ff, 0x1ac24696,
-			0xcdb30aeb, 0x532e3054, 0x8fd948e4, 0x6dbc3128,
-			0x58ebf2ef, 0x34c6ffea, 0xfe28ed61, 0xee7c3c73,
-			0x5d4a14d9, 0xe864b7e3, 0x42105d14, 0x203e13e0,
-			0x45eee2b6, 0xa3aaabea, 0xdb6c4f15, 0xfacb4fd0,
-			0xc742f442, 0xef6abbb5, 0x654f3b1d, 0x41cd2105,
-			0xd81e799e, 0x86854dc7, 0xe44b476a, 0x3d816250,
-			0xcf62a1f2, 0x5b8d2646, 0xfc8883a0, 0xc1c7b6a3,
-			0x7f1524c3, 0x69cb7492, 0x47848a0b, 0x5692b285,
-			0x095bbf00, 0xad19489d, 0x1462b174, 0x23820e00,
-			0x58428d2a, 0x0c55f5ea, 0x1dadf43e, 0x233f7061,
-			0x3372f092, 0x8d937e41, 0xd65fecf1, 0x6c223bdb,
-			0x7cde3759, 0xcbee7460, 0x4085f2a7, 0xce77326e,
-			0xa6078084, 0x19f8509e, 0xe8efd855, 0x61d99735,
-			0xa969a7aa, 0xc50c06c2, 0x5a04abfc, 0x800bcadc,
-			0x9e447a2e, 0xc3453484, 0xfdd56705, 0x0e1e9ec9,
-			0xdb73dbd3, 0x105588cd, 0x675fda79, 0xe3674340,
-			0xc5c43465, 0x713e38d8, 0x3d28f89e, 0xf16dff20,
-			0x153e21e7, 0x8fb03d4a, 0xe6e39f2b, 0xdb83adf7,
-			0xe93d5a68, 0x948140f7, 0xf64c261c, 0x94692934,
-			0x411520f7, 0x7602d4f7, 0xbcf46b2e, 0xd4a20068,
-			0xd4082471, 0x3320f46a, 0x43b7d4b7, 0x500061af,
-			0x1e39f62e, 0x97244546, 0x14214f74, 0xbf8b8840,
-			0x4d95fc1d, 0x96b591af, 0x70f4ddd3, 0x66a02f45,
-			0xbfbc09ec, 0x03bd9785, 0x7fac6dd0, 0x31cb8504,
-			0x96eb27b3, 0x55fd3941, 0xda2547e6, 0xabca0a9a,
-			0x28507825, 0x530429f4, 0x0a2c86da, 0xe9b66dfb,
-			0x68dc1462, 0xd7486900, 0x680ec0a4, 0x27a18dee,
-			0x4f3ffea2, 0xe887ad8c, 0xb58ce006, 0x7af4d6b6,
-			0xaace1e7c, 0xd3375fec, 0xce78a399, 0x406b2a42,
-			0x20fe9e35, 0xd9f385b9, 0xee39d7ab, 0x3b124e8b,
-			0x1dc9faf7, 0x4b6d1856, 0x26a36631, 0xeae397b2,
-			0x3a6efa74, 0xdd5b4332, 0x6841e7f7, 0xca7820fb,
-			0xfb0af54e, 0xd8feb397, 0x454056ac, 0xba489527,
-			0x55533a3a, 0x20838d87, 0xfe6ba9b7, 0xd096954b,
-			0x55a867bc, 0xa1159a58, 0xcca92963, 0x99e1db33,
-			0xa62a4a56, 0x3f3125f9, 0x5ef47e1c, 0x9029317c,
-			0xfdf8e802, 0x04272f70, 0x80bb155c, 0x05282ce3,
-			0x95c11548, 0xe4c66d22, 0x48c1133f, 0xc70f86dc,
-			0x07f9c9ee, 0x41041f0f, 0x404779a4, 0x5d886e17,
-			0x325f51eb, 0xd59bc0d1, 0xf2bcc18f, 0x41113564,
-			0x257b7834, 0x602a9c60, 0xdff8e8a3, 0x1f636c1b,
-			0x0e12b4c2, 0x02e1329e, 0xaf664fd1, 0xcad18115,
-			0x6b2395e0, 0x333e92e1, 0x3b240b62, 0xeebeb922,
-			0x85b2a20e, 0xe6ba0d99, 0xde720c8c, 0x2da2f728,
-			0xd0127845, 0x95b794fd, 0x647d0862, 0xe7ccf5f0,
-			0x5449a36f, 0x877d48fa, 0xc39dfd27, 0xf33e8d1e,
-			0x0a476341, 0x992eff74, 0x3a6f6eab, 0xf4f8fd37,
-			0xa812dc60, 0xa1ebddf8, 0x991be14c, 0xdb6e6b0d,
-			0xc67b5510, 0x6d672c37, 0x2765d43b, 0xdcd0e804,
-			0xf1290dc7, 0xcc00ffa3, 0xb5390f92, 0x690fed0b,
-			0x667b9ffb, 0xcedb7d9c, 0xa091cf0b, 0xd9155ea3,
-			0xbb132f88, 0x515bad24, 0x7b9479bf, 0x763bd6eb,
-			0x37392eb3, 0xcc115979, 0x8026e297, 0xf42e312d,
-			0x6842ada7, 0xc66a2b3b, 0x12754ccc, 0x782ef11c,
-			0x6a124237, 0xb79251e7, 0x06a1bbe6, 0x4bfb6350,
-			0x1a6b1018, 0x11caedfa, 0x3d25bdd8, 0xe2e1c3c9,
-			0x44421659, 0x0a121386, 0xd90cec6e, 0xd5abea2a,
-			0x64af674e, 0xda86a85f, 0xbebfe988, 0x64e4c3fe,
-			0x9dbc8057, 0xf0f7c086, 0x60787bf8, 0x6003604d,
-			0xd1fd8346, 0xf6381fb0, 0x7745ae04, 0xd736fccc,
-			0x83426b33, 0xf01eab71, 0xb0804187, 0x3c005e5f,
-			0x77a057be, 0xbde8ae24, 0x55464299, 0xbf582e61,
-			0x4e58f48f, 0xf2ddfda2, 0xf474ef38, 0x8789bdc2,
-			0x5366f9c3, 0xc8b38e74, 0xb475f255, 0x46fcd9b9,
-			0x7aeb2661, 0x8b1ddf84, 0x846a0e79, 0x915f95e2,
-			0x466e598e, 0x20b45770, 0x8cd55591, 0xc902de4c,
-			0xb90bace1, 0xbb8205d0, 0x11a86248, 0x7574a99e,
-			0xb77f19b6, 0xe0a9dc09, 0x662d09a1, 0xc4324633,
-			0xe85a1f02, 0x09f0be8c, 0x4a99a025, 0x1d6efe10,
-			0x1ab93d1d, 0x0ba5a4df, 0xa186f20f, 0x2868f169,
-			0xdcb7da83, 0x573906fe, 0xa1e2ce9b, 0x4fcd7f52,
-			0x50115e01, 0xa70683fa, 0xa002b5c4, 0x0de6d027,
-			0x9af88c27, 0x773f8641, 0xc3604c06, 0x61a806b5,
-			0xf0177a28, 0xc0f586e0, 0x006058aa, 0x30dc7d62,
-			0x11e69ed7, 0x2338ea63, 0x53c2dd94, 0xc2c21634,
-			0xbbcbee56, 0x90bcb6de, 0xebfc7da1, 0xce591d76,
-			0x6f05e409, 0x4b7c0188, 0x39720a3d, 0x7c927c24,
-			0x86e3725f, 0x724d9db9, 0x1ac15bb4, 0xd39eb8fc,
-			0xed545578, 0x08fca5b5, 0xd83d7cd3, 0x4dad0fc4,
-			0x1e50ef5e, 0xb161e6f8, 0xa28514d9, 0x6c51133c,
-			0x6fd5c7e7, 0x56e14ec4, 0x362abfce, 0xddc6c837,
-			0xd79a3234, 0x92638212, 0x670efa8e, 0x406000e0,
-			0x3a39ce37, 0xd3faf5cf, 0xabc27737, 0x5ac52d1b,
-			0x5cb0679e, 0x4fa33742, 0xd3822740, 0x99bc9bbe,
-			0xd5118e9d, 0xbf0f7315, 0xd62d1c7e, 0xc700c47b,
-			0xb78c1b6b, 0x21a19045, 0xb26eb1be, 0x6a366eb4,
-			0x5748ab2f, 0xbc946e79, 0xc6a376d2, 0x6549c2c8,
-			0x530ff8ee, 0x468dde7d, 0xd5730a1d, 0x4cd04dc6,
-			0x2939bbdb, 0xa9ba4650, 0xac9526e8, 0xbe5ee304,
-			0xa1fad5f0, 0x6a2d519a, 0x63ef8ce2, 0x9a86ee22,
-			0xc089c2b8, 0x43242ef6, 0xa51e03aa, 0x9cf2d0a4,
-			0x83c061ba, 0x9be96a4d, 0x8fe51550, 0xba645bd6,
-			0x2826a2f9, 0xa73a3ae1, 0x4ba99586, 0xef5562e9,
-			0xc72fefd3, 0xf752f7da, 0x3f046f69, 0x77fa0a59,
-			0x80e4a915, 0x87b08601, 0x9b09e6ad, 0x3b3ee593,
-			0xe990fd5a, 0x9e34d797, 0x2cf0b7d9, 0x022b8b51,
-			0x96d5ac3a, 0x017da67d, 0xd1cf3ed6, 0x7c7d2d28,
-			0x1f9f25cf, 0xadf2b89b, 0x5ad6b472, 0x5a88f54c,
-			0xe029ac71, 0xe019a5e6, 0x47b0acfd, 0xed93fa9b,
-			0xe8d3c48d, 0x283b57cc, 0xf8d56629, 0x79132e28,
-			0x785f0191, 0xed756055, 0xf7960e44, 0xe3d35e8c,
-			0x15056dd4, 0x88f46dba, 0x03a16125, 0x0564f0bd,
-			0xc3eb9e15, 0x3c9057a2, 0x97271aec, 0xa93a072a,
-			0x1b3f6d9b, 0x1e6321f5, 0xf59c66fb, 0x26dcf319,
-			0x7533d928, 0xb155fdf5, 0x03563482, 0x8aba3cbb,
-			0x28517711, 0xc20ad9f8, 0xabcc5167, 0xccad925f,
-			0x4de81751, 0x3830dc8e, 0x379d5862, 0x9320f991,
-			0xea7a90c2, 0xfb3e7bce, 0x5121ce64, 0x774fbe32,
-			0xa8b6e37e, 0xc3293d46, 0x48de5369, 0x6413e680,
-			0xa2ae0810, 0xdd6db224, 0x69852dfd, 0x09072166,
-			0xb39a460a, 0x6445c0dd, 0x586cdecf, 0x1c20c8ae,
-			0x5bbef7dd, 0x1b588d40, 0xccd2017f, 0x6bb4e3bb,
-			0xdda26a7e, 0x3a59ff45, 0x3e350a44, 0xbcb4cdd5,
-			0x72eacea8, 0xfa6484bb, 0x8d6612ae, 0xbf3c6f47,
-			0xd29be463, 0x542f5d9e, 0xaec2771b, 0xf64e6370,
-			0x740e0d8d, 0xe75b1357, 0xf8721671, 0xaf537d5d,
-			0x4040cb08, 0x4eb4e2cc, 0x34d2466a, 0x0115af84,
-			0xe1b00428, 0x95983a1d, 0x06b89fb4, 0xce6ea048,
-			0x6f3f3b82, 0x3520ab82, 0x011a1d4b, 0x277227f8,
-			0x611560b1, 0xe7933fdc, 0xbb3a792b, 0x344525bd,
-			0xa08839e1, 0x51ce794b, 0x2f32c9b7, 0xa01fbac9,
-			0xe01cc87e, 0xbcc7d1f6, 0xcf0111c3, 0xa1e8aac7,
-			0x1a908749, 0xd44fbd9a, 0xd0dadecb, 0xd50ada38,
-			0x0339c32a, 0xc6913667, 0x8df9317c, 0xe0b12b4f,
-			0xf79e59b7, 0x43f5bb3a, 0xf2d519ff, 0x27d9459c,
-			0xbf97222c, 0x15e6fc2a, 0x0f91fc71, 0x9b941525,
-			0xfae59361, 0xceb69ceb, 0xc2a86459, 0x12baa8d1,
-			0xb6c1075e, 0xe3056a0c, 0x10d25065, 0xcb03a442,
-			0xe0ec6e0e, 0x1698db3b, 0x4c98a0be, 0x3278e964,
-			0x9f1f9532, 0xe0d392df, 0xd3a0342b, 0x8971f21e,
-			0x1b0a7441, 0x4ba3348c, 0xc5be7120, 0xc37632d8,
-			0xdf359f8d, 0x9b992f2e, 0xe60b6f47, 0x0fe3f11d,
-			0xe54cda54, 0x1edad891, 0xce6279cf, 0xcd3e7e6f,
-			0x1618b166, 0xfd2c1d05, 0x848fd2c5, 0xf6fb2299,
-			0xf523f357, 0xa6327623, 0x93a83531, 0x56cccd02,
-			0xacf08162, 0x5a75ebb5, 0x6e163697, 0x88d273cc,
-			0xde966292, 0x81b949d0, 0x4c50901b, 0x71c65614,
-			0xe6c6c7bd, 0x327a140a, 0x45e1d006, 0xc3f27b9a,
-			0xc9aa53fd, 0x62a80f00, 0xbb25bfe2, 0x35bdd2f6,
-			0x71126905, 0xb2040222, 0xb6cbcf7c, 0xcd769c2b,
-			0x53113ec0, 0x1640e3d3, 0x38abbd60, 0x2547adf0,
-			0xba38209c, 0xf746ce76, 0x77afa1c5, 0x20756060,
-			0x85cbfe4e, 0x8ae88dd8, 0x7aaaf9b0, 0x4cf9aa7e,
-			0x1948c25c, 0x02fb8a8c, 0x01c36ae4, 0xd6ebe1f9,
-			0x90d4f869, 0xa65cdea0, 0x3f09252d, 0xc208e69f,
-			0xb74e6132, 0xce77e25b, 0x578fdfe3, 0x3ac372e6
-	};
+	private static final int P_orig[] = { 0x243f6a88, 0x85a308d3, 0x13198a2e, 0x03707344, 0xa4093822, 0x299f31d0,
+			0x082efa98, 0xec4e6c89, 0x452821e6, 0x38d01377, 0xbe5466cf, 0x34e90c6c, 0xc0ac29b7, 0xc97c50dd, 0x3f84d5b5,
+			0xb5470917, 0x9216d5d9, 0x8979fb1b };
+
+	private static final int S_orig[] = { 0xd1310ba6, 0x98dfb5ac, 0x2ffd72db, 0xd01adfb7, 0xb8e1afed, 0x6a267e96,
+			0xba7c9045, 0xf12c7f99, 0x24a19947, 0xb3916cf7, 0x0801f2e2, 0x858efc16, 0x636920d8, 0x71574e69, 0xa458fea3,
+			0xf4933d7e, 0x0d95748f, 0x728eb658, 0x718bcd58, 0x82154aee, 0x7b54a41d, 0xc25a59b5, 0x9c30d539, 0x2af26013,
+			0xc5d1b023, 0x286085f0, 0xca417918, 0xb8db38ef, 0x8e79dcb0, 0x603a180e, 0x6c9e0e8b, 0xb01e8a3e, 0xd71577c1,
+			0xbd314b27, 0x78af2fda, 0x55605c60, 0xe65525f3, 0xaa55ab94, 0x57489862, 0x63e81440, 0x55ca396a, 0x2aab10b6,
+			0xb4cc5c34, 0x1141e8ce, 0xa15486af, 0x7c72e993, 0xb3ee1411, 0x636fbc2a, 0x2ba9c55d, 0x741831f6, 0xce5c3e16,
+			0x9b87931e, 0xafd6ba33, 0x6c24cf5c, 0x7a325381, 0x28958677, 0x3b8f4898, 0x6b4bb9af, 0xc4bfe81b, 0x66282193,
+			0x61d809cc, 0xfb21a991, 0x487cac60, 0x5dec8032, 0xef845d5d, 0xe98575b1, 0xdc262302, 0xeb651b88, 0x23893e81,
+			0xd396acc5, 0x0f6d6ff3, 0x83f44239, 0x2e0b4482, 0xa4842004, 0x69c8f04a, 0x9e1f9b5e, 0x21c66842, 0xf6e96c9a,
+			0x670c9c61, 0xabd388f0, 0x6a51a0d2, 0xd8542f68, 0x960fa728, 0xab5133a3, 0x6eef0b6c, 0x137a3be4, 0xba3bf050,
+			0x7efb2a98, 0xa1f1651d, 0x39af0176, 0x66ca593e, 0x82430e88, 0x8cee8619, 0x456f9fb4, 0x7d84a5c3, 0x3b8b5ebe,
+			0xe06f75d8, 0x85c12073, 0x401a449f, 0x56c16aa6, 0x4ed3aa62, 0x363f7706, 0x1bfedf72, 0x429b023d, 0x37d0d724,
+			0xd00a1248, 0xdb0fead3, 0x49f1c09b, 0x075372c9, 0x80991b7b, 0x25d479d8, 0xf6e8def7, 0xe3fe501a, 0xb6794c3b,
+			0x976ce0bd, 0x04c006ba, 0xc1a94fb6, 0x409f60c4, 0x5e5c9ec2, 0x196a2463, 0x68fb6faf, 0x3e6c53b5, 0x1339b2eb,
+			0x3b52ec6f, 0x6dfc511f, 0x9b30952c, 0xcc814544, 0xaf5ebd09, 0xbee3d004, 0xde334afd, 0x660f2807, 0x192e4bb3,
+			0xc0cba857, 0x45c8740f, 0xd20b5f39, 0xb9d3fbdb, 0x5579c0bd, 0x1a60320a, 0xd6a100c6, 0x402c7279, 0x679f25fe,
+			0xfb1fa3cc, 0x8ea5e9f8, 0xdb3222f8, 0x3c7516df, 0xfd616b15, 0x2f501ec8, 0xad0552ab, 0x323db5fa, 0xfd238760,
+			0x53317b48, 0x3e00df82, 0x9e5c57bb, 0xca6f8ca0, 0x1a87562e, 0xdf1769db, 0xd542a8f6, 0x287effc3, 0xac6732c6,
+			0x8c4f5573, 0x695b27b0, 0xbbca58c8, 0xe1ffa35d, 0xb8f011a0, 0x10fa3d98, 0xfd2183b8, 0x4afcb56c, 0x2dd1d35b,
+			0x9a53e479, 0xb6f84565, 0xd28e49bc, 0x4bfb9790, 0xe1ddf2da, 0xa4cb7e33, 0x62fb1341, 0xcee4c6e8, 0xef20cada,
+			0x36774c01, 0xd07e9efe, 0x2bf11fb4, 0x95dbda4d, 0xae909198, 0xeaad8e71, 0x6b93d5a0, 0xd08ed1d0, 0xafc725e0,
+			0x8e3c5b2f, 0x8e7594b7, 0x8ff6e2fb, 0xf2122b64, 0x8888b812, 0x900df01c, 0x4fad5ea0, 0x688fc31c, 0xd1cff191,
+			0xb3a8c1ad, 0x2f2f2218, 0xbe0e1777, 0xea752dfe, 0x8b021fa1, 0xe5a0cc0f, 0xb56f74e8, 0x18acf3d6, 0xce89e299,
+			0xb4a84fe0, 0xfd13e0b7, 0x7cc43b81, 0xd2ada8d9, 0x165fa266, 0x80957705, 0x93cc7314, 0x211a1477, 0xe6ad2065,
+			0x77b5fa86, 0xc75442f5, 0xfb9d35cf, 0xebcdaf0c, 0x7b3e89a0, 0xd6411bd3, 0xae1e7e49, 0x00250e2d, 0x2071b35e,
+			0x226800bb, 0x57b8e0af, 0x2464369b, 0xf009b91e, 0x5563911d, 0x59dfa6aa, 0x78c14389, 0xd95a537f, 0x207d5ba2,
+			0x02e5b9c5, 0x83260376, 0x6295cfa9, 0x11c81968, 0x4e734a41, 0xb3472dca, 0x7b14a94a, 0x1b510052, 0x9a532915,
+			0xd60f573f, 0xbc9bc6e4, 0x2b60a476, 0x81e67400, 0x08ba6fb5, 0x571be91f, 0xf296ec6b, 0x2a0dd915, 0xb6636521,
+			0xe7b9f9b6, 0xff34052e, 0xc5855664, 0x53b02d5d, 0xa99f8fa1, 0x08ba4799, 0x6e85076a, 0x4b7a70e9, 0xb5b32944,
+			0xdb75092e, 0xc4192623, 0xad6ea6b0, 0x49a7df7d, 0x9cee60b8, 0x8fedb266, 0xecaa8c71, 0x699a17ff, 0x5664526c,
+			0xc2b19ee1, 0x193602a5, 0x75094c29, 0xa0591340, 0xe4183a3e, 0x3f54989a, 0x5b429d65, 0x6b8fe4d6, 0x99f73fd6,
+			0xa1d29c07, 0xefe830f5, 0x4d2d38e6, 0xf0255dc1, 0x4cdd2086, 0x8470eb26, 0x6382e9c6, 0x021ecc5e, 0x09686b3f,
+			0x3ebaefc9, 0x3c971814, 0x6b6a70a1, 0x687f3584, 0x52a0e286, 0xb79c5305, 0xaa500737, 0x3e07841c, 0x7fdeae5c,
+			0x8e7d44ec, 0x5716f2b8, 0xb03ada37, 0xf0500c0d, 0xf01c1f04, 0x0200b3ff, 0xae0cf51a, 0x3cb574b2, 0x25837a58,
+			0xdc0921bd, 0xd19113f9, 0x7ca92ff6, 0x94324773, 0x22f54701, 0x3ae5e581, 0x37c2dadc, 0xc8b57634, 0x9af3dda7,
+			0xa9446146, 0x0fd0030e, 0xecc8c73e, 0xa4751e41, 0xe238cd99, 0x3bea0e2f, 0x3280bba1, 0x183eb331, 0x4e548b38,
+			0x4f6db908, 0x6f420d03, 0xf60a04bf, 0x2cb81290, 0x24977c79, 0x5679b072, 0xbcaf89af, 0xde9a771f, 0xd9930810,
+			0xb38bae12, 0xdccf3f2e, 0x5512721f, 0x2e6b7124, 0x501adde6, 0x9f84cd87, 0x7a584718, 0x7408da17, 0xbc9f9abc,
+			0xe94b7d8c, 0xec7aec3a, 0xdb851dfa, 0x63094366, 0xc464c3d2, 0xef1c1847, 0x3215d908, 0xdd433b37, 0x24c2ba16,
+			0x12a14d43, 0x2a65c451, 0x50940002, 0x133ae4dd, 0x71dff89e, 0x10314e55, 0x81ac77d6, 0x5f11199b, 0x043556f1,
+			0xd7a3c76b, 0x3c11183b, 0x5924a509, 0xf28fe6ed, 0x97f1fbfa, 0x9ebabf2c, 0x1e153c6e, 0x86e34570, 0xeae96fb1,
+			0x860e5e0a, 0x5a3e2ab3, 0x771fe71c, 0x4e3d06fa, 0x2965dcb9, 0x99e71d0f, 0x803e89d6, 0x5266c825, 0x2e4cc978,
+			0x9c10b36a, 0xc6150eba, 0x94e2ea78, 0xa5fc3c53, 0x1e0a2df4, 0xf2f74ea7, 0x361d2b3d, 0x1939260f, 0x19c27960,
+			0x5223a708, 0xf71312b6, 0xebadfe6e, 0xeac31f66, 0xe3bc4595, 0xa67bc883, 0xb17f37d1, 0x018cff28, 0xc332ddef,
+			0xbe6c5aa5, 0x65582185, 0x68ab9802, 0xeecea50f, 0xdb2f953b, 0x2aef7dad, 0x5b6e2f84, 0x1521b628, 0x29076170,
+			0xecdd4775, 0x619f1510, 0x13cca830, 0xeb61bd96, 0x0334fe1e, 0xaa0363cf, 0xb5735c90, 0x4c70a239, 0xd59e9e0b,
+			0xcbaade14, 0xeecc86bc, 0x60622ca7, 0x9cab5cab, 0xb2f3846e, 0x648b1eaf, 0x19bdf0ca, 0xa02369b9, 0x655abb50,
+			0x40685a32, 0x3c2ab4b3, 0x319ee9d5, 0xc021b8f7, 0x9b540b19, 0x875fa099, 0x95f7997e, 0x623d7da8, 0xf837889a,
+			0x97e32d77, 0x11ed935f, 0x16681281, 0x0e358829, 0xc7e61fd6, 0x96dedfa1, 0x7858ba99, 0x57f584a5, 0x1b227263,
+			0x9b83c3ff, 0x1ac24696, 0xcdb30aeb, 0x532e3054, 0x8fd948e4, 0x6dbc3128, 0x58ebf2ef, 0x34c6ffea, 0xfe28ed61,
+			0xee7c3c73, 0x5d4a14d9, 0xe864b7e3, 0x42105d14, 0x203e13e0, 0x45eee2b6, 0xa3aaabea, 0xdb6c4f15, 0xfacb4fd0,
+			0xc742f442, 0xef6abbb5, 0x654f3b1d, 0x41cd2105, 0xd81e799e, 0x86854dc7, 0xe44b476a, 0x3d816250, 0xcf62a1f2,
+			0x5b8d2646, 0xfc8883a0, 0xc1c7b6a3, 0x7f1524c3, 0x69cb7492, 0x47848a0b, 0x5692b285, 0x095bbf00, 0xad19489d,
+			0x1462b174, 0x23820e00, 0x58428d2a, 0x0c55f5ea, 0x1dadf43e, 0x233f7061, 0x3372f092, 0x8d937e41, 0xd65fecf1,
+			0x6c223bdb, 0x7cde3759, 0xcbee7460, 0x4085f2a7, 0xce77326e, 0xa6078084, 0x19f8509e, 0xe8efd855, 0x61d99735,
+			0xa969a7aa, 0xc50c06c2, 0x5a04abfc, 0x800bcadc, 0x9e447a2e, 0xc3453484, 0xfdd56705, 0x0e1e9ec9, 0xdb73dbd3,
+			0x105588cd, 0x675fda79, 0xe3674340, 0xc5c43465, 0x713e38d8, 0x3d28f89e, 0xf16dff20, 0x153e21e7, 0x8fb03d4a,
+			0xe6e39f2b, 0xdb83adf7, 0xe93d5a68, 0x948140f7, 0xf64c261c, 0x94692934, 0x411520f7, 0x7602d4f7, 0xbcf46b2e,
+			0xd4a20068, 0xd4082471, 0x3320f46a, 0x43b7d4b7, 0x500061af, 0x1e39f62e, 0x97244546, 0x14214f74, 0xbf8b8840,
+			0x4d95fc1d, 0x96b591af, 0x70f4ddd3, 0x66a02f45, 0xbfbc09ec, 0x03bd9785, 0x7fac6dd0, 0x31cb8504, 0x96eb27b3,
+			0x55fd3941, 0xda2547e6, 0xabca0a9a, 0x28507825, 0x530429f4, 0x0a2c86da, 0xe9b66dfb, 0x68dc1462, 0xd7486900,
+			0x680ec0a4, 0x27a18dee, 0x4f3ffea2, 0xe887ad8c, 0xb58ce006, 0x7af4d6b6, 0xaace1e7c, 0xd3375fec, 0xce78a399,
+			0x406b2a42, 0x20fe9e35, 0xd9f385b9, 0xee39d7ab, 0x3b124e8b, 0x1dc9faf7, 0x4b6d1856, 0x26a36631, 0xeae397b2,
+			0x3a6efa74, 0xdd5b4332, 0x6841e7f7, 0xca7820fb, 0xfb0af54e, 0xd8feb397, 0x454056ac, 0xba489527, 0x55533a3a,
+			0x20838d87, 0xfe6ba9b7, 0xd096954b, 0x55a867bc, 0xa1159a58, 0xcca92963, 0x99e1db33, 0xa62a4a56, 0x3f3125f9,
+			0x5ef47e1c, 0x9029317c, 0xfdf8e802, 0x04272f70, 0x80bb155c, 0x05282ce3, 0x95c11548, 0xe4c66d22, 0x48c1133f,
+			0xc70f86dc, 0x07f9c9ee, 0x41041f0f, 0x404779a4, 0x5d886e17, 0x325f51eb, 0xd59bc0d1, 0xf2bcc18f, 0x41113564,
+			0x257b7834, 0x602a9c60, 0xdff8e8a3, 0x1f636c1b, 0x0e12b4c2, 0x02e1329e, 0xaf664fd1, 0xcad18115, 0x6b2395e0,
+			0x333e92e1, 0x3b240b62, 0xeebeb922, 0x85b2a20e, 0xe6ba0d99, 0xde720c8c, 0x2da2f728, 0xd0127845, 0x95b794fd,
+			0x647d0862, 0xe7ccf5f0, 0x5449a36f, 0x877d48fa, 0xc39dfd27, 0xf33e8d1e, 0x0a476341, 0x992eff74, 0x3a6f6eab,
+			0xf4f8fd37, 0xa812dc60, 0xa1ebddf8, 0x991be14c, 0xdb6e6b0d, 0xc67b5510, 0x6d672c37, 0x2765d43b, 0xdcd0e804,
+			0xf1290dc7, 0xcc00ffa3, 0xb5390f92, 0x690fed0b, 0x667b9ffb, 0xcedb7d9c, 0xa091cf0b, 0xd9155ea3, 0xbb132f88,
+			0x515bad24, 0x7b9479bf, 0x763bd6eb, 0x37392eb3, 0xcc115979, 0x8026e297, 0xf42e312d, 0x6842ada7, 0xc66a2b3b,
+			0x12754ccc, 0x782ef11c, 0x6a124237, 0xb79251e7, 0x06a1bbe6, 0x4bfb6350, 0x1a6b1018, 0x11caedfa, 0x3d25bdd8,
+			0xe2e1c3c9, 0x44421659, 0x0a121386, 0xd90cec6e, 0xd5abea2a, 0x64af674e, 0xda86a85f, 0xbebfe988, 0x64e4c3fe,
+			0x9dbc8057, 0xf0f7c086, 0x60787bf8, 0x6003604d, 0xd1fd8346, 0xf6381fb0, 0x7745ae04, 0xd736fccc, 0x83426b33,
+			0xf01eab71, 0xb0804187, 0x3c005e5f, 0x77a057be, 0xbde8ae24, 0x55464299, 0xbf582e61, 0x4e58f48f, 0xf2ddfda2,
+			0xf474ef38, 0x8789bdc2, 0x5366f9c3, 0xc8b38e74, 0xb475f255, 0x46fcd9b9, 0x7aeb2661, 0x8b1ddf84, 0x846a0e79,
+			0x915f95e2, 0x466e598e, 0x20b45770, 0x8cd55591, 0xc902de4c, 0xb90bace1, 0xbb8205d0, 0x11a86248, 0x7574a99e,
+			0xb77f19b6, 0xe0a9dc09, 0x662d09a1, 0xc4324633, 0xe85a1f02, 0x09f0be8c, 0x4a99a025, 0x1d6efe10, 0x1ab93d1d,
+			0x0ba5a4df, 0xa186f20f, 0x2868f169, 0xdcb7da83, 0x573906fe, 0xa1e2ce9b, 0x4fcd7f52, 0x50115e01, 0xa70683fa,
+			0xa002b5c4, 0x0de6d027, 0x9af88c27, 0x773f8641, 0xc3604c06, 0x61a806b5, 0xf0177a28, 0xc0f586e0, 0x006058aa,
+			0x30dc7d62, 0x11e69ed7, 0x2338ea63, 0x53c2dd94, 0xc2c21634, 0xbbcbee56, 0x90bcb6de, 0xebfc7da1, 0xce591d76,
+			0x6f05e409, 0x4b7c0188, 0x39720a3d, 0x7c927c24, 0x86e3725f, 0x724d9db9, 0x1ac15bb4, 0xd39eb8fc, 0xed545578,
+			0x08fca5b5, 0xd83d7cd3, 0x4dad0fc4, 0x1e50ef5e, 0xb161e6f8, 0xa28514d9, 0x6c51133c, 0x6fd5c7e7, 0x56e14ec4,
+			0x362abfce, 0xddc6c837, 0xd79a3234, 0x92638212, 0x670efa8e, 0x406000e0, 0x3a39ce37, 0xd3faf5cf, 0xabc27737,
+			0x5ac52d1b, 0x5cb0679e, 0x4fa33742, 0xd3822740, 0x99bc9bbe, 0xd5118e9d, 0xbf0f7315, 0xd62d1c7e, 0xc700c47b,
+			0xb78c1b6b, 0x21a19045, 0xb26eb1be, 0x6a366eb4, 0x5748ab2f, 0xbc946e79, 0xc6a376d2, 0x6549c2c8, 0x530ff8ee,
+			0x468dde7d, 0xd5730a1d, 0x4cd04dc6, 0x2939bbdb, 0xa9ba4650, 0xac9526e8, 0xbe5ee304, 0xa1fad5f0, 0x6a2d519a,
+			0x63ef8ce2, 0x9a86ee22, 0xc089c2b8, 0x43242ef6, 0xa51e03aa, 0x9cf2d0a4, 0x83c061ba, 0x9be96a4d, 0x8fe51550,
+			0xba645bd6, 0x2826a2f9, 0xa73a3ae1, 0x4ba99586, 0xef5562e9, 0xc72fefd3, 0xf752f7da, 0x3f046f69, 0x77fa0a59,
+			0x80e4a915, 0x87b08601, 0x9b09e6ad, 0x3b3ee593, 0xe990fd5a, 0x9e34d797, 0x2cf0b7d9, 0x022b8b51, 0x96d5ac3a,
+			0x017da67d, 0xd1cf3ed6, 0x7c7d2d28, 0x1f9f25cf, 0xadf2b89b, 0x5ad6b472, 0x5a88f54c, 0xe029ac71, 0xe019a5e6,
+			0x47b0acfd, 0xed93fa9b, 0xe8d3c48d, 0x283b57cc, 0xf8d56629, 0x79132e28, 0x785f0191, 0xed756055, 0xf7960e44,
+			0xe3d35e8c, 0x15056dd4, 0x88f46dba, 0x03a16125, 0x0564f0bd, 0xc3eb9e15, 0x3c9057a2, 0x97271aec, 0xa93a072a,
+			0x1b3f6d9b, 0x1e6321f5, 0xf59c66fb, 0x26dcf319, 0x7533d928, 0xb155fdf5, 0x03563482, 0x8aba3cbb, 0x28517711,
+			0xc20ad9f8, 0xabcc5167, 0xccad925f, 0x4de81751, 0x3830dc8e, 0x379d5862, 0x9320f991, 0xea7a90c2, 0xfb3e7bce,
+			0x5121ce64, 0x774fbe32, 0xa8b6e37e, 0xc3293d46, 0x48de5369, 0x6413e680, 0xa2ae0810, 0xdd6db224, 0x69852dfd,
+			0x09072166, 0xb39a460a, 0x6445c0dd, 0x586cdecf, 0x1c20c8ae, 0x5bbef7dd, 0x1b588d40, 0xccd2017f, 0x6bb4e3bb,
+			0xdda26a7e, 0x3a59ff45, 0x3e350a44, 0xbcb4cdd5, 0x72eacea8, 0xfa6484bb, 0x8d6612ae, 0xbf3c6f47, 0xd29be463,
+			0x542f5d9e, 0xaec2771b, 0xf64e6370, 0x740e0d8d, 0xe75b1357, 0xf8721671, 0xaf537d5d, 0x4040cb08, 0x4eb4e2cc,
+			0x34d2466a, 0x0115af84, 0xe1b00428, 0x95983a1d, 0x06b89fb4, 0xce6ea048, 0x6f3f3b82, 0x3520ab82, 0x011a1d4b,
+			0x277227f8, 0x611560b1, 0xe7933fdc, 0xbb3a792b, 0x344525bd, 0xa08839e1, 0x51ce794b, 0x2f32c9b7, 0xa01fbac9,
+			0xe01cc87e, 0xbcc7d1f6, 0xcf0111c3, 0xa1e8aac7, 0x1a908749, 0xd44fbd9a, 0xd0dadecb, 0xd50ada38, 0x0339c32a,
+			0xc6913667, 0x8df9317c, 0xe0b12b4f, 0xf79e59b7, 0x43f5bb3a, 0xf2d519ff, 0x27d9459c, 0xbf97222c, 0x15e6fc2a,
+			0x0f91fc71, 0x9b941525, 0xfae59361, 0xceb69ceb, 0xc2a86459, 0x12baa8d1, 0xb6c1075e, 0xe3056a0c, 0x10d25065,
+			0xcb03a442, 0xe0ec6e0e, 0x1698db3b, 0x4c98a0be, 0x3278e964, 0x9f1f9532, 0xe0d392df, 0xd3a0342b, 0x8971f21e,
+			0x1b0a7441, 0x4ba3348c, 0xc5be7120, 0xc37632d8, 0xdf359f8d, 0x9b992f2e, 0xe60b6f47, 0x0fe3f11d, 0xe54cda54,
+			0x1edad891, 0xce6279cf, 0xcd3e7e6f, 0x1618b166, 0xfd2c1d05, 0x848fd2c5, 0xf6fb2299, 0xf523f357, 0xa6327623,
+			0x93a83531, 0x56cccd02, 0xacf08162, 0x5a75ebb5, 0x6e163697, 0x88d273cc, 0xde966292, 0x81b949d0, 0x4c50901b,
+			0x71c65614, 0xe6c6c7bd, 0x327a140a, 0x45e1d006, 0xc3f27b9a, 0xc9aa53fd, 0x62a80f00, 0xbb25bfe2, 0x35bdd2f6,
+			0x71126905, 0xb2040222, 0xb6cbcf7c, 0xcd769c2b, 0x53113ec0, 0x1640e3d3, 0x38abbd60, 0x2547adf0, 0xba38209c,
+			0xf746ce76, 0x77afa1c5, 0x20756060, 0x85cbfe4e, 0x8ae88dd8, 0x7aaaf9b0, 0x4cf9aa7e, 0x1948c25c, 0x02fb8a8c,
+			0x01c36ae4, 0xd6ebe1f9, 0x90d4f869, 0xa65cdea0, 0x3f09252d, 0xc208e69f, 0xb74e6132, 0xce77e25b, 0x578fdfe3,
+			0x3ac372e6 };
 
 	// bcrypt IV: "OrpheanBeholderScryDoubt"
-	static private final int bf_crypt_ciphertext[] = {
-			0x4f727068, 0x65616e42, 0x65686f6c,
-			0x64657253, 0x63727944, 0x6f756274
-	};
+	static private final int bf_crypt_ciphertext[] = { 0x4f727068, 0x65616e42, 0x65686f6c, 0x64657253, 0x63727944,
+			0x6f756274 };
 
 	// Table for Base64 encoding
-	static private final char base64_code[] = {
-			'.', '/', 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J',
-			'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V',
-			'W', 'X', 'Y', 'Z', 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h',
-			'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't',
-			'u', 'v', 'w', 'x', 'y', 'z', '0', '1', '2', '3', '4', '5',
-			'6', '7', '8', '9'
-	};
+	static private final char base64_code[] = { '.', '/', 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L',
+			'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', 'a', 'b', 'c', 'd', 'e', 'f', 'g',
+			'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z', '0', '1',
+			'2', '3', '4', '5', '6', '7', '8', '9' };
 
 	// Table for Base64 decoding
-	static private final byte index_64[] = {
-			-1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-			-1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-			-1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-			-1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-			-1, -1, -1, -1, -1, -1, 0, 1, 54, 55,
-			56, 57, 58, 59, 60, 61, 62, 63, -1, -1,
-			-1, -1, -1, -1, -1, 2, 3, 4, 5, 6,
-			7, 8, 9, 10, 11, 12, 13, 14, 15, 16,
-			17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27,
-			-1, -1, -1, -1, -1, -1, 28, 29, 30,
-			31, 32, 33, 34, 35, 36, 37, 38, 39, 40,
-			41, 42, 43, 44, 45, 46, 47, 48, 49, 50,
-			51, 52, 53, -1, -1, -1, -1, -1
-	};
+	static private final byte index_64[] = { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+			-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+			0, 1, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, -1, -1, -1, -1, -1, -1, -1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11,
+			12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, -1, -1, -1, -1, -1, -1, 28, 29, 30, 31, 32,
+			33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, -1, -1, -1, -1, -1 };
 	static final int MIN_LOG_ROUNDS = 4;
 	static final int MAX_LOG_ROUNDS = 31;
 
 	// Expanded Blowfish key
 	private int P[];
+
 	private int S[];
 
 	/**
 	 * Encode a byte array using bcrypt's slightly-modified base64 encoding scheme. Note
 	 * that this is <strong>not</strong> compatible with the standard MIME-base64
 	 * encoding.
-	 *
 	 * @param d the byte array to encode
 	 * @param len the number of bytes to encode
 	 * @param rs the destination buffer for the base64-encoded string
 	 * @exception IllegalArgumentException if the length is invalid
 	 */
-	static void encode_base64(byte d[], int len, StringBuilder rs)
-			throws IllegalArgumentException {
+	static void encode_base64(byte d[], int len, StringBuilder rs) throws IllegalArgumentException {
 		int off = 0;
 		int c1, c2;
 
@@ -418,10 +254,10 @@ public class BCrypt {
 	}
 
 	/**
-	 * Look up the 3 bits base64-encoded by the specified character,
-	 * range-checking againt conversion table
-	 * @param x	the base64-encoded value
-	 * @return	the decoded value of x
+	 * Look up the 3 bits base64-encoded by the specified character, range-checking againt
+	 * conversion table
+	 * @param x the base64-encoded value
+	 * @return the decoded value of x
 	 */
 	private static byte char64(char x) {
 		if ((int) x < 0 || (int) x >= index_64.length)
@@ -430,23 +266,21 @@ public class BCrypt {
 	}
 
 	/**
-	 * Decode a string encoded using bcrypt's base64 scheme to a
-	 * byte array. Note that this is *not* compatible with
-	 * the standard MIME-base64 encoding.
-	 * @param s	the string to decode
-	 * @param maxolen	the maximum number of bytes to decode
-	 * @return	an array containing the decoded bytes
+	 * Decode a string encoded using bcrypt's base64 scheme to a byte array. Note that
+	 * this is *not* compatible with the standard MIME-base64 encoding.
+	 * @param s the string to decode
+	 * @param maxolen the maximum number of bytes to decode
+	 * @return an array containing the decoded bytes
 	 * @throws IllegalArgumentException if maxolen is invalid
 	 */
-	static byte[] decode_base64(String s, int maxolen)
-			throws IllegalArgumentException {
+	static byte[] decode_base64(String s, int maxolen) throws IllegalArgumentException {
 		StringBuilder rs = new StringBuilder();
 		int off = 0, slen = s.length(), olen = 0;
 		byte ret[];
 		byte c1, c2, c3, c4, o;
 
 		if (maxolen <= 0)
-			throw new IllegalArgumentException ("Invalid maxolen");
+			throw new IllegalArgumentException("Invalid maxolen");
 
 		while (off < slen - 1 && olen < maxolen) {
 			c1 = char64(s.charAt(off++));
@@ -480,10 +314,9 @@ public class BCrypt {
 	}
 
 	/**
-	 * Blowfish encipher a single 64-bit block encoded as
-	 * two 32-bit halves
-	 * @param lr	an array containing the two 32-bit half blocks
-	 * @param off	the position in the array of the blocks
+	 * Blowfish encipher a single 64-bit block encoded as two 32-bit halves
+	 * @param lr an array containing the two 32-bit half blocks
+	 * @param off the position in the array of the blocks
 	 */
 	private void encipher(int lr[], int off) {
 		int i, n, l = lr[off], r = lr[off + 1];
@@ -510,12 +343,11 @@ public class BCrypt {
 
 	/**
 	 * Cycically extract a word of key material
-	 * @param data	the string to extract the data from
-	 * @param offp	a "pointer" (as a one-entry array) to the
-	 * current offset into data
-	 * @param signp	a "pointer" (as a one-entry array) to the
-	 * cumulative flag for non-benign sign extension
-	 * @return	correct and buggy next word of material from data as int[2]
+	 * @param data the string to extract the data from
+	 * @param offp a "pointer" (as a one-entry array) to the current offset into data
+	 * @param signp a "pointer" (as a one-entry array) to the cumulative flag for
+	 * non-benign sign extension
+	 * @return correct and buggy next word of material from data as int[2]
 	 */
 	private static int[] streamtowords(byte data[], int offp[], int signp[]) {
 		int i;
@@ -526,7 +358,8 @@ public class BCrypt {
 		for (i = 0; i < 4; i++) {
 			words[0] = (words[0] << 8) | (data[off] & 0xff);
 			words[1] = (words[1] << 8) | (int) data[off]; // sign extension bug
-			if (i > 0) sign |= words[1] & 0x80;
+			if (i > 0)
+				sign |= words[1] & 0x80;
 			off = (off + 1) % data.length;
 		}
 
@@ -537,10 +370,9 @@ public class BCrypt {
 
 	/**
 	 * Cycically extract a word of key material
-	 * @param data	the string to extract the data from
-	 * @param offp	a "pointer" (as a one-entry array) to the
-	 * current offset into data
-	 * @return	the next word of material from data
+	 * @param data the string to extract the data from
+	 * @param offp a "pointer" (as a one-entry array) to the current offset into data
+	 * @return the next word of material from data
 	 */
 	private static int streamtoword(byte data[], int offp[]) {
 		int signp[] = { 0 };
@@ -549,10 +381,9 @@ public class BCrypt {
 
 	/**
 	 * Cycically extract a word of key material, with sign-extension bug
-	 * @param data	the string to extract the data from
-	 * @param offp	a "pointer" (as a one-entry array) to the
-	 * current offset into data
-	 * @return	the next word of material from data
+	 * @param data the string to extract the data from
+	 * @param offp a "pointer" (as a one-entry array) to the current offset into data
+	 * @return the next word of material from data
 	 */
 	private static int streamtoword_bug(byte data[], int offp[]) {
 		int signp[] = { 0 };
@@ -569,9 +400,9 @@ public class BCrypt {
 
 	/**
 	 * Key the Blowfish cipher
-	 * @param key	an array containing the key
-	 * @param sign_ext_bug	true to implement the 2x bug
-	 * @param safety		bit 16 is set when the safety measure is requested
+	 * @param key an array containing the key
+	 * @param sign_ext_bug true to implement the 2x bug
+	 * @param safety bit 16 is set when the safety measure is requested
 	 */
 	private void key(byte key[], boolean sign_ext_bug, int safety) {
 		int i;
@@ -599,22 +430,20 @@ public class BCrypt {
 	}
 
 	/**
-	 * Perform the "enhanced key schedule" step described by
-	 * Provos and Mazieres in "A Future-Adaptable Password Scheme"
-	 * https://www.openbsd.org/papers/bcrypt-paper.ps
-	 * @param data	salt information
-	 * @param key	password information
-	 * @param sign_ext_bug	true to implement the 2x bug
-	 * @param safety		bit 16 is set when the safety measure is requested
+	 * Perform the "enhanced key schedule" step described by Provos and Mazieres in "A
+	 * Future-Adaptable Password Scheme" https://www.openbsd.org/papers/bcrypt-paper.ps
+	 * @param data salt information
+	 * @param key password information
+	 * @param sign_ext_bug true to implement the 2x bug
+	 * @param safety bit 16 is set when the safety measure is requested
 	 */
-	private void ekskey(byte data[], byte key[],
-						boolean sign_ext_bug, int safety) {
+	private void ekskey(byte data[], byte key[], boolean sign_ext_bug, int safety) {
 		int i;
 		int koffp[] = { 0 }, doffp[] = { 0 };
 		int lr[] = { 0, 0 };
 		int plen = P.length, slen = S.length;
 		int signp[] = { 0 }; // non-benign sign-extension flag
-		int diff = 0;        // zero iff correct and buggy are same
+		int diff = 0; // zero iff correct and buggy are same
 
 		for (i = 0; i < plen; i++) {
 			int words[] = streamtowords(key, koffp, signp);
@@ -626,12 +455,12 @@ public class BCrypt {
 
 		/*
 		 * At this point, "diff" is zero iff the correct and buggy algorithms produced
-		 * exactly the same result.  If so and if "sign" is non-zero, which indicates
-		 * that there was a non-benign sign extension, this means that we have a
-		 * collision between the correctly computed hash for this password and a set of
-		 * passwords that could be supplied to the buggy algorithm.  Our safety measure
-		 * is meant to protect from such many-buggy to one-correct collisions, by
-		 * deviating from the correct algorithm in such cases.  Let's check for this.
+		 * exactly the same result. If so and if "sign" is non-zero, which indicates that
+		 * there was a non-benign sign extension, this means that we have a collision
+		 * between the correctly computed hash for this password and a set of passwords
+		 * that could be supplied to the buggy algorithm. Our safety measure is meant to
+		 * protect from such many-buggy to one-correct collisions, by deviating from the
+		 * correct algorithm in such cases. Let's check for this.
 		 */
 		diff |= diff >> 16; /* still zero iff exact match */
 		diff &= 0xffff; /* ditto */
@@ -640,15 +469,15 @@ public class BCrypt {
 		sign &= ~diff & safety; /* action needed? */
 
 		/*
-		 * If we have determined that we need to deviate from the correct algorithm,
-		 * flip bit 16 in initial expanded key.  (The choice of 16 is arbitrary, but
-		 * let's stick to it now.  It came out of the approach we used above, and it's
-		 * not any worse than any other choice we could make.)
+		 * If we have determined that we need to deviate from the correct algorithm, flip
+		 * bit 16 in initial expanded key. (The choice of 16 is arbitrary, but let's stick
+		 * to it now. It came out of the approach we used above, and it's not any worse
+		 * than any other choice we could make.)
 		 *
 		 * It is crucial that we don't do the same to the expanded key used in the main
-		 * Eksblowfish loop.  By doing it to only one of these two, we deviate from a
-		 * state that could be directly specified by a password to the buggy algorithm
-		 * (and to the fully correct one as well, but that's a side-effect).
+		 * Eksblowfish loop. By doing it to only one of these two, we deviate from a state
+		 * that could be directly specified by a password to the buggy algorithm (and to
+		 * the fully correct one as well, but that's a side-effect).
 		 */
 		P[0] ^= sign;
 
@@ -677,28 +506,25 @@ public class BCrypt {
 	}
 
 	/**
-	 * Perform the central password hashing step in the
-	 * bcrypt scheme
-	 * @param password	the password to hash
-	 * @param salt	the binary salt to hash with the password
-	 * @param log_rounds	the binary logarithm of the number
-	 * of rounds of hashing to apply
-	 * @param sign_ext_bug	true to implement the 2x bug
-	 * @param safety		bit 16 is set when the safety measure is requested
-	 * @return	an array containing the binary hashed password
+	 * Perform the central password hashing step in the bcrypt scheme
+	 * @param password the password to hash
+	 * @param salt the binary salt to hash with the password
+	 * @param log_rounds the binary logarithm of the number of rounds of hashing to apply
+	 * @param sign_ext_bug true to implement the 2x bug
+	 * @param safety bit 16 is set when the safety measure is requested
+	 * @return an array containing the binary hashed password
 	 */
-	private byte[] crypt_raw(byte password[], byte salt[], int log_rounds,
-							boolean sign_ext_bug, int safety) {
+	private byte[] crypt_raw(byte password[], byte salt[], int log_rounds, boolean sign_ext_bug, int safety) {
 		int rounds, i, j;
-		int cdata[] =  bf_crypt_ciphertext.clone();
+		int cdata[] = bf_crypt_ciphertext.clone();
 		int clen = cdata.length;
 		byte ret[];
 
 		if (log_rounds < 4 || log_rounds > 31)
-			throw new IllegalArgumentException ("Bad number of rounds");
+			throw new IllegalArgumentException("Bad number of rounds");
 		rounds = 1 << log_rounds;
 		if (salt.length != BCRYPT_SALT_LEN)
-			throw new IllegalArgumentException ("Bad salt length");
+			throw new IllegalArgumentException("Bad salt length");
 
 		init_key();
 		ekskey(salt, password, sign_ext_bug, safety);
@@ -724,10 +550,9 @@ public class BCrypt {
 
 	/**
 	 * Hash a password using the OpenBSD bcrypt scheme
-	 * @param password	the password to hash
-	 * @param salt	the salt to hash with (perhaps generated
-	 * using BCrypt.gensalt)
-	 * @return	the hashed password
+	 * @param password the password to hash
+	 * @param salt the salt to hash with (perhaps generated using BCrypt.gensalt)
+	 * @return the hashed password
 	 */
 	public static String hashpw(String password, String salt) {
 		byte passwordb[];
@@ -739,10 +564,9 @@ public class BCrypt {
 
 	/**
 	 * Hash a password using the OpenBSD bcrypt scheme
-	 * @param passwordb	the password to hash, as a byte array
-	 * @param salt	the salt to hash with (perhaps generated
-	 * using BCrypt.gensalt)
-	 * @return	the hashed password
+	 * @param passwordb the password to hash, as a byte array
+	 * @param salt the salt to hash with (perhaps generated using BCrypt.gensalt)
+	 * @return the hashed password
 	 */
 	public static String hashpw(byte passwordb[], String salt) {
 		BCrypt B;
@@ -763,20 +587,19 @@ public class BCrypt {
 		}
 
 		if (salt.charAt(0) != '$' || salt.charAt(1) != '2')
-			throw new IllegalArgumentException ("Invalid salt version");
+			throw new IllegalArgumentException("Invalid salt version");
 		if (salt.charAt(2) == '$')
 			off = 3;
 		else {
 			minor = salt.charAt(2);
-			if ((minor != 'a' && minor != 'x' && minor != 'y' && minor != 'b')
-					|| salt.charAt(3) != '$')
-				throw new IllegalArgumentException ("Invalid salt revision");
+			if ((minor != 'a' && minor != 'x' && minor != 'y' && minor != 'b') || salt.charAt(3) != '$')
+				throw new IllegalArgumentException("Invalid salt revision");
 			off = 4;
 		}
 
 		// Extract number of rounds
 		if (salt.charAt(off + 2) > '$')
-			throw new IllegalArgumentException ("Missing salt rounds");
+			throw new IllegalArgumentException("Missing salt rounds");
 
 		if (off == 4 && saltLength < 29) {
 			throw new IllegalArgumentException("Invalid salt");
@@ -807,26 +630,23 @@ public class BCrypt {
 
 	/**
 	 * Generate a salt for use with the BCrypt.hashpw() method
-	 * @param prefix		the prefix value (default $2a)
-	 * @param log_rounds	the log2 of the number of rounds of
-	 * hashing to apply - the work factor therefore increases as
-	 * 2**log_rounds.
-	 * @param random		an instance of SecureRandom to use
-	 * @return	an encoded salt value
+	 * @param prefix the prefix value (default $2a)
+	 * @param log_rounds the log2 of the number of rounds of hashing to apply - the work
+	 * factor therefore increases as 2**log_rounds.
+	 * @param random an instance of SecureRandom to use
+	 * @return an encoded salt value
 	 * @exception IllegalArgumentException if prefix or log_rounds is invalid
 	 */
-	public static String gensalt(String prefix, int log_rounds, SecureRandom random)
-			throws IllegalArgumentException {
+	public static String gensalt(String prefix, int log_rounds, SecureRandom random) throws IllegalArgumentException {
 		StringBuilder rs = new StringBuilder();
 		byte rnd[] = new byte[BCRYPT_SALT_LEN];
 
-		if (!prefix.startsWith("$2") ||
-				(prefix.charAt(2) != 'a' && prefix.charAt(2) != 'y' &&
-						prefix.charAt(2) != 'b')) {
-			throw new IllegalArgumentException ("Invalid prefix");
+		if (!prefix.startsWith("$2")
+				|| (prefix.charAt(2) != 'a' && prefix.charAt(2) != 'y' && prefix.charAt(2) != 'b')) {
+			throw new IllegalArgumentException("Invalid prefix");
 		}
 		if (log_rounds < 4 || log_rounds > 31) {
-			throw new IllegalArgumentException ("Invalid log_rounds");
+			throw new IllegalArgumentException("Invalid log_rounds");
 		}
 
 		random.nextBytes(rnd);
@@ -844,42 +664,36 @@ public class BCrypt {
 
 	/**
 	 * Generate a salt for use with the BCrypt.hashpw() method
-	 * @param prefix		the prefix value (default $2a)
-	 * @param log_rounds	the log2 of the number of rounds of
-	 * hashing to apply - the work factor therefore increases as
-	 * 2**log_rounds.
-	 * @return	an encoded salt value
+	 * @param prefix the prefix value (default $2a)
+	 * @param log_rounds the log2 of the number of rounds of hashing to apply - the work
+	 * factor therefore increases as 2**log_rounds.
+	 * @return an encoded salt value
 	 * @exception IllegalArgumentException if prefix or log_rounds is invalid
 	 */
-	public static String gensalt(String prefix, int log_rounds)
-			throws IllegalArgumentException {
+	public static String gensalt(String prefix, int log_rounds) throws IllegalArgumentException {
 		return gensalt(prefix, log_rounds, new SecureRandom());
 	}
 
 	/**
 	 * Generate a salt for use with the BCrypt.hashpw() method
-	 * @param log_rounds	the log2 of the number of rounds of
-	 * hashing to apply - the work factor therefore increases as
-	 * 2**log_rounds.
-	 * @param random		an instance of SecureRandom to use
-	 * @return	an encoded salt value
+	 * @param log_rounds the log2 of the number of rounds of hashing to apply - the work
+	 * factor therefore increases as 2**log_rounds.
+	 * @param random an instance of SecureRandom to use
+	 * @return an encoded salt value
 	 * @exception IllegalArgumentException if log_rounds is invalid
 	 */
-	public static String gensalt(int log_rounds, SecureRandom random)
-			throws IllegalArgumentException {
+	public static String gensalt(int log_rounds, SecureRandom random) throws IllegalArgumentException {
 		return gensalt("$2a", log_rounds, random);
 	}
 
 	/**
 	 * Generate a salt for use with the BCrypt.hashpw() method
-	 * @param log_rounds	the log2 of the number of rounds of
-	 * hashing to apply - the work factor therefore increases as
-	 * 2**log_rounds.
-	 * @return	an encoded salt value
+	 * @param log_rounds the log2 of the number of rounds of hashing to apply - the work
+	 * factor therefore increases as 2**log_rounds.
+	 * @return an encoded salt value
 	 * @exception IllegalArgumentException if log_rounds is invalid
 	 */
-	public static String gensalt(int log_rounds)
-			throws IllegalArgumentException {
+	public static String gensalt(int log_rounds) throws IllegalArgumentException {
 		return gensalt(log_rounds, new SecureRandom());
 	}
 
@@ -888,32 +702,29 @@ public class BCrypt {
 	}
 
 	/**
-	 * Generate a salt for use with the BCrypt.hashpw() method,
-	 * selecting a reasonable default for the number of hashing
-	 * rounds to apply
-	 * @return	an encoded salt value
+	 * Generate a salt for use with the BCrypt.hashpw() method, selecting a reasonable
+	 * default for the number of hashing rounds to apply
+	 * @return an encoded salt value
 	 */
 	public static String gensalt() {
 		return gensalt(GENSALT_DEFAULT_LOG2_ROUNDS);
 	}
 
 	/**
-	 * Check that a plaintext password matches a previously hashed
-	 * one
-	 * @param plaintext	the plaintext password to verify
-	 * @param hashed	the previously-hashed password
-	 * @return	true if the passwords match, false otherwise
+	 * Check that a plaintext password matches a previously hashed one
+	 * @param plaintext the plaintext password to verify
+	 * @param hashed the previously-hashed password
+	 * @return true if the passwords match, false otherwise
 	 */
 	public static boolean checkpw(String plaintext, String hashed) {
 		return equalsNoEarlyReturn(hashed, hashpw(plaintext, hashed));
 	}
 
 	/**
-	 * Check that a password (as a byte array) matches a previously hashed
-	 * one
-	 * @param passwordb	the password to verify, as a byte array
-	 * @param hashed	the previously-hashed password
-	 * @return	true if the passwords match, false otherwise
+	 * Check that a password (as a byte array) matches a previously hashed one
+	 * @param passwordb the password to verify, as a byte array
+	 * @param hashed the previously-hashed password
+	 * @return true if the passwords match, false otherwise
 	 * @since 5.3
 	 */
 	public static boolean checkpw(byte[] passwordb, String hashed) {
@@ -923,4 +734,5 @@ public class BCrypt {
 	static boolean equalsNoEarlyReturn(String a, String b) {
 		return MessageDigest.isEqual(a.getBytes(StandardCharsets.UTF_8), b.getBytes(StandardCharsets.UTF_8));
 	}
+
 }
diff --git a/crypto/src/main/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoder.java b/crypto/src/main/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoder.java
index dd787a9ea4..3304a7d48b 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoder.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoder.java
@@ -25,23 +25,24 @@ import java.util.regex.Pattern;
 
 /**
  * Implementation of PasswordEncoder that uses the BCrypt strong hashing function. Clients
- * can optionally supply a "version" ($2a, $2b, $2y) and a "strength" (a.k.a. log rounds in BCrypt)
- * and a SecureRandom instance. The larger the strength parameter the more work will have to be done
- * (exponentially) to hash the passwords. The default value is 10.
+ * can optionally supply a "version" ($2a, $2b, $2y) and a "strength" (a.k.a. log rounds
+ * in BCrypt) and a SecureRandom instance. The larger the strength parameter the more work
+ * will have to be done (exponentially) to hash the passwords. The default value is 10.
  *
  * @author Dave Syer
  */
 public class BCryptPasswordEncoder implements PasswordEncoder {
-	private Pattern BCRYPT_PATTERN = Pattern
-			.compile("\\A\\$2(a|y|b)?\\$(\\d\\d)\\$[./0-9A-Za-z]{53}");
+
+	private Pattern BCRYPT_PATTERN = Pattern.compile("\\A\\$2(a|y|b)?\\$(\\d\\d)\\$[./0-9A-Za-z]{53}");
+
 	private final Log logger = LogFactory.getLog(getClass());
 
 	private final int strength;
+
 	private final BCryptVersion version;
 
 	private final SecureRandom random;
 
-
 	public BCryptPasswordEncoder() {
 		this(-1);
 	}
@@ -62,7 +63,7 @@ public class BCryptPasswordEncoder implements PasswordEncoder {
 
 	/**
 	 * @param version the version of bcrypt, can be 2a,2b,2y
-	 * @param random  the secure random instance to use
+	 * @param random the secure random instance to use
 	 */
 	public BCryptPasswordEncoder(BCryptVersion version, SecureRandom random) {
 		this(version, -1, random);
@@ -70,14 +71,14 @@ public class BCryptPasswordEncoder implements PasswordEncoder {
 
 	/**
 	 * @param strength the log rounds to use, between 4 and 31
-	 * @param random   the secure random instance to use
+	 * @param random the secure random instance to use
 	 */
 	public BCryptPasswordEncoder(int strength, SecureRandom random) {
 		this(BCryptVersion.$2A, strength, random);
 	}
 
 	/**
-	 * @param version  the version of bcrypt, can be 2a,2b,2y
+	 * @param version the version of bcrypt, can be 2a,2b,2y
 	 * @param strength the log rounds to use, between 4 and 31
 	 */
 	public BCryptPasswordEncoder(BCryptVersion version, int strength) {
@@ -85,9 +86,9 @@ public class BCryptPasswordEncoder implements PasswordEncoder {
 	}
 
 	/**
-	 * @param version  the version of bcrypt, can be 2a,2b,2y
+	 * @param version the version of bcrypt, can be 2a,2b,2y
 	 * @param strength the log rounds to use, between 4 and 31
-	 * @param random   the secure random instance to use
+	 * @param random the secure random instance to use
 	 */
 	public BCryptPasswordEncoder(BCryptVersion version, int strength, SecureRandom random) {
 		if (strength != -1 && (strength < BCrypt.MIN_LOG_ROUNDS || strength > BCrypt.MAX_LOG_ROUNDS)) {
@@ -106,7 +107,8 @@ public class BCryptPasswordEncoder implements PasswordEncoder {
 		String salt;
 		if (random != null) {
 			salt = BCrypt.gensalt(version.getVersion(), strength, random);
-		} else {
+		}
+		else {
 			salt = BCrypt.gensalt(version.getVersion(), strength);
 		}
 		return BCrypt.hashpw(rawPassword.toString(), salt);
@@ -153,9 +155,8 @@ public class BCryptPasswordEncoder implements PasswordEncoder {
 	 * @author Lin Feng
 	 */
 	public enum BCryptVersion {
-		$2A("$2a"),
-		$2Y("$2y"),
-		$2B("$2b");
+
+		$2A("$2a"), $2Y("$2y"), $2B("$2b");
 
 		private final String version;
 
@@ -166,5 +167,7 @@ public class BCryptPasswordEncoder implements PasswordEncoder {
 		public String getVersion() {
 			return this.version;
 		}
+
 	}
+
 }
diff --git a/crypto/src/main/java/org/springframework/security/crypto/codec/Base64.java b/crypto/src/main/java/org/springframework/security/crypto/codec/Base64.java
index 8269e5f313..8256c510e8 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/codec/Base64.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/codec/Base64.java
@@ -17,8 +17,9 @@ package org.springframework.security.crypto.codec;
 
 /**
  * Base64 encoder which is a reduced version of Robert Harder's public domain
- * implementation (version 2.3.7). See <a
- * href="http://iharder.sourceforge.net/current/java/base64/">http://iharder.sourceforge.net/current/java/base64/</a> for more information.
+ * implementation (version 2.3.7). See <a href=
+ * "http://iharder.sourceforge.net/current/java/base64/">http://iharder.sourceforge.net/current/java/base64/</a>
+ * for more information.
  * <p>
  * For internal use only.
  *
@@ -43,12 +44,11 @@ public final class Base64 {
 
 	/**
 	 * Encode using Base64-like encoding that is URL- and Filename-safe as described in
-	 * Section 4 of RFC3548: <a
-	 * href="https://tools.ietf.org/html/rfc3548">https://tools.ietf.org/html/rfc3548</a>.
-	 * It is important to note that data encoded this way is
-	 * <em>not</em> officially valid Base64, or at the very least should not be called
-	 * Base64 without also specifying that is was encoded using the URL- and Filename-safe
-	 * dialect.
+	 * Section 4 of RFC3548: <a href=
+	 * "https://tools.ietf.org/html/rfc3548">https://tools.ietf.org/html/rfc3548</a>. It
+	 * is important to note that data encoded this way is <em>not</em> officially valid
+	 * Base64, or at the very least should not be called Base64 without also specifying
+	 * that is was encoded using the URL- and Filename-safe dialect.
 	 */
 	public final static int URL_SAFE = 16;
 
@@ -67,31 +67,30 @@ public final class Base64 {
 	private final static byte NEW_LINE = (byte) '\n';
 
 	private final static byte WHITE_SPACE_ENC = -5; // Indicates white space in encoding
+
 	private final static byte EQUALS_SIGN_ENC = -1; // Indicates equals sign in encoding
 
 	/* ******** S T A N D A R D B A S E 6 4 A L P H A B E T ******** */
 
 	/** The 64 valid Base64 values. */
 	/* Host platform me be something funny like EBCDIC, so we hardcode these values. */
-	private final static byte[] _STANDARD_ALPHABET = { (byte) 'A', (byte) 'B',
-			(byte) 'C', (byte) 'D', (byte) 'E', (byte) 'F', (byte) 'G', (byte) 'H',
-			(byte) 'I', (byte) 'J', (byte) 'K', (byte) 'L', (byte) 'M', (byte) 'N',
-			(byte) 'O', (byte) 'P', (byte) 'Q', (byte) 'R', (byte) 'S', (byte) 'T',
-			(byte) 'U', (byte) 'V', (byte) 'W', (byte) 'X', (byte) 'Y', (byte) 'Z',
-			(byte) 'a', (byte) 'b', (byte) 'c', (byte) 'd', (byte) 'e', (byte) 'f',
-			(byte) 'g', (byte) 'h', (byte) 'i', (byte) 'j', (byte) 'k', (byte) 'l',
-			(byte) 'm', (byte) 'n', (byte) 'o', (byte) 'p', (byte) 'q', (byte) 'r',
-			(byte) 's', (byte) 't', (byte) 'u', (byte) 'v', (byte) 'w', (byte) 'x',
-			(byte) 'y', (byte) 'z', (byte) '0', (byte) '1', (byte) '2', (byte) '3',
-			(byte) '4', (byte) '5', (byte) '6', (byte) '7', (byte) '8', (byte) '9',
-			(byte) '+', (byte) '/' };
+	private final static byte[] _STANDARD_ALPHABET = { (byte) 'A', (byte) 'B', (byte) 'C', (byte) 'D', (byte) 'E',
+			(byte) 'F', (byte) 'G', (byte) 'H', (byte) 'I', (byte) 'J', (byte) 'K', (byte) 'L', (byte) 'M', (byte) 'N',
+			(byte) 'O', (byte) 'P', (byte) 'Q', (byte) 'R', (byte) 'S', (byte) 'T', (byte) 'U', (byte) 'V', (byte) 'W',
+			(byte) 'X', (byte) 'Y', (byte) 'Z', (byte) 'a', (byte) 'b', (byte) 'c', (byte) 'd', (byte) 'e', (byte) 'f',
+			(byte) 'g', (byte) 'h', (byte) 'i', (byte) 'j', (byte) 'k', (byte) 'l', (byte) 'm', (byte) 'n', (byte) 'o',
+			(byte) 'p', (byte) 'q', (byte) 'r', (byte) 's', (byte) 't', (byte) 'u', (byte) 'v', (byte) 'w', (byte) 'x',
+			(byte) 'y', (byte) 'z', (byte) '0', (byte) '1', (byte) '2', (byte) '3', (byte) '4', (byte) '5', (byte) '6',
+			(byte) '7', (byte) '8', (byte) '9', (byte) '+', (byte) '/' };
 
 	/**
 	 * Translates a Base64 value to either its 6-bit reconstruction value or a negative
 	 * number indicating some other meaning.
 	 **/
-	private final static byte[] _STANDARD_DECODABET = { -9, -9, -9, -9, -9, -9, -9, -9,
-			-9, // Decimal 0 - 8
+	private final static byte[] _STANDARD_DECODABET = { -9, -9, -9, -9, -9, -9, -9, -9, -9, // Decimal
+																							// 0
+																							// -
+																							// 8
 			-5, -5, // Whitespace: Tab and Linefeed
 			-9, -9, // Decimal 11 - 12
 			-5, // Whitespace: Carriage Return
@@ -127,30 +126,28 @@ public final class Base64 {
 	/* ******** U R L S A F E B A S E 6 4 A L P H A B E T ******** */
 
 	/**
-	 * Used in the URL- and Filename-safe dialect described in Section 4 of RFC3548: <a
-	 * href
+	 * Used in the URL- and Filename-safe dialect described in Section 4 of RFC3548:
+	 * <a href
 	 * ="https://tools.ietf.org/html/rfc3548">https://tools.ietf.org/html/rfc3548</a>.
 	 * Notice that the last two bytes become "hyphen" and "underscore" instead of "plus"
 	 * and "slash."
 	 */
-	private final static byte[] _URL_SAFE_ALPHABET = { (byte) 'A', (byte) 'B',
-			(byte) 'C', (byte) 'D', (byte) 'E', (byte) 'F', (byte) 'G', (byte) 'H',
-			(byte) 'I', (byte) 'J', (byte) 'K', (byte) 'L', (byte) 'M', (byte) 'N',
-			(byte) 'O', (byte) 'P', (byte) 'Q', (byte) 'R', (byte) 'S', (byte) 'T',
-			(byte) 'U', (byte) 'V', (byte) 'W', (byte) 'X', (byte) 'Y', (byte) 'Z',
-			(byte) 'a', (byte) 'b', (byte) 'c', (byte) 'd', (byte) 'e', (byte) 'f',
-			(byte) 'g', (byte) 'h', (byte) 'i', (byte) 'j', (byte) 'k', (byte) 'l',
-			(byte) 'm', (byte) 'n', (byte) 'o', (byte) 'p', (byte) 'q', (byte) 'r',
-			(byte) 's', (byte) 't', (byte) 'u', (byte) 'v', (byte) 'w', (byte) 'x',
-			(byte) 'y', (byte) 'z', (byte) '0', (byte) '1', (byte) '2', (byte) '3',
-			(byte) '4', (byte) '5', (byte) '6', (byte) '7', (byte) '8', (byte) '9',
-			(byte) '-', (byte) '_' };
+	private final static byte[] _URL_SAFE_ALPHABET = { (byte) 'A', (byte) 'B', (byte) 'C', (byte) 'D', (byte) 'E',
+			(byte) 'F', (byte) 'G', (byte) 'H', (byte) 'I', (byte) 'J', (byte) 'K', (byte) 'L', (byte) 'M', (byte) 'N',
+			(byte) 'O', (byte) 'P', (byte) 'Q', (byte) 'R', (byte) 'S', (byte) 'T', (byte) 'U', (byte) 'V', (byte) 'W',
+			(byte) 'X', (byte) 'Y', (byte) 'Z', (byte) 'a', (byte) 'b', (byte) 'c', (byte) 'd', (byte) 'e', (byte) 'f',
+			(byte) 'g', (byte) 'h', (byte) 'i', (byte) 'j', (byte) 'k', (byte) 'l', (byte) 'm', (byte) 'n', (byte) 'o',
+			(byte) 'p', (byte) 'q', (byte) 'r', (byte) 's', (byte) 't', (byte) 'u', (byte) 'v', (byte) 'w', (byte) 'x',
+			(byte) 'y', (byte) 'z', (byte) '0', (byte) '1', (byte) '2', (byte) '3', (byte) '4', (byte) '5', (byte) '6',
+			(byte) '7', (byte) '8', (byte) '9', (byte) '-', (byte) '_' };
 
 	/**
 	 * Used in decoding URL- and Filename-safe dialects of Base64.
 	 */
-	private final static byte[] _URL_SAFE_DECODABET = { -9, -9, -9, -9, -9, -9, -9, -9,
-			-9, // Decimal 0 - 8
+	private final static byte[] _URL_SAFE_DECODABET = { -9, -9, -9, -9, -9, -9, -9, -9, -9, // Decimal
+																							// 0
+																							// -
+																							// 8
 			-5, -5, // Whitespace: Tab and Linefeed
 			-9, -9, // Decimal 11 - 12
 			-5, // Whitespace: Carriage Return
@@ -189,24 +186,22 @@ public final class Base64 {
 
 	/* ******** O R D E R E D B A S E 6 4 A L P H A B E T ******** */
 
-	private final static byte[] _ORDERED_ALPHABET = { (byte) '-', (byte) '0', (byte) '1',
-			(byte) '2', (byte) '3', (byte) '4', (byte) '5', (byte) '6', (byte) '7',
-			(byte) '8', (byte) '9', (byte) 'A', (byte) 'B', (byte) 'C', (byte) 'D',
-			(byte) 'E', (byte) 'F', (byte) 'G', (byte) 'H', (byte) 'I', (byte) 'J',
-			(byte) 'K', (byte) 'L', (byte) 'M', (byte) 'N', (byte) 'O', (byte) 'P',
-			(byte) 'Q', (byte) 'R', (byte) 'S', (byte) 'T', (byte) 'U', (byte) 'V',
-			(byte) 'W', (byte) 'X', (byte) 'Y', (byte) 'Z', (byte) '_', (byte) 'a',
-			(byte) 'b', (byte) 'c', (byte) 'd', (byte) 'e', (byte) 'f', (byte) 'g',
-			(byte) 'h', (byte) 'i', (byte) 'j', (byte) 'k', (byte) 'l', (byte) 'm',
-			(byte) 'n', (byte) 'o', (byte) 'p', (byte) 'q', (byte) 'r', (byte) 's',
-			(byte) 't', (byte) 'u', (byte) 'v', (byte) 'w', (byte) 'x', (byte) 'y',
-			(byte) 'z' };
+	private final static byte[] _ORDERED_ALPHABET = { (byte) '-', (byte) '0', (byte) '1', (byte) '2', (byte) '3',
+			(byte) '4', (byte) '5', (byte) '6', (byte) '7', (byte) '8', (byte) '9', (byte) 'A', (byte) 'B', (byte) 'C',
+			(byte) 'D', (byte) 'E', (byte) 'F', (byte) 'G', (byte) 'H', (byte) 'I', (byte) 'J', (byte) 'K', (byte) 'L',
+			(byte) 'M', (byte) 'N', (byte) 'O', (byte) 'P', (byte) 'Q', (byte) 'R', (byte) 'S', (byte) 'T', (byte) 'U',
+			(byte) 'V', (byte) 'W', (byte) 'X', (byte) 'Y', (byte) 'Z', (byte) '_', (byte) 'a', (byte) 'b', (byte) 'c',
+			(byte) 'd', (byte) 'e', (byte) 'f', (byte) 'g', (byte) 'h', (byte) 'i', (byte) 'j', (byte) 'k', (byte) 'l',
+			(byte) 'm', (byte) 'n', (byte) 'o', (byte) 'p', (byte) 'q', (byte) 'r', (byte) 's', (byte) 't', (byte) 'u',
+			(byte) 'v', (byte) 'w', (byte) 'x', (byte) 'y', (byte) 'z' };
 
 	/**
 	 * Used in decoding the "ordered" dialect of Base64.
 	 */
-	private final static byte[] _ORDERED_DECODABET = { -9, -9, -9, -9, -9, -9, -9, -9,
-			-9, // Decimal 0 - 8
+	private final static byte[] _ORDERED_DECODABET = { -9, -9, -9, -9, -9, -9, -9, -9, -9, // Decimal
+																							// 0
+																							// -
+																							// 8
 			-5, -5, // Whitespace: Tab and Linefeed
 			-9, -9, // Decimal 11 - 12
 			-5, // Whitespace: Carriage Return
@@ -312,7 +307,6 @@ public final class Base64 {
 	 * <p>
 	 * This is the lowest level of the encoding methods with all possible parameters.
 	 * </p>
-	 *
 	 * @param source the array to convert
 	 * @param srcOffset the index where conversion begins
 	 * @param numSigBytes the number of significant bytes in your array
@@ -321,8 +315,8 @@ public final class Base64 {
 	 * @return the <var>destination</var> array
 	 * @since 1.3
 	 */
-	private static byte[] encode3to4(byte[] source, int srcOffset, int numSigBytes,
-			byte[] destination, int destOffset, int options) {
+	private static byte[] encode3to4(byte[] source, int srcOffset, int numSigBytes, byte[] destination, int destOffset,
+			int options) {
 
 		byte[] ALPHABET = getAlphabet(options);
 
@@ -369,7 +363,6 @@ public final class Base64 {
 	}
 
 	/**
-	 *
 	 * @param source The data to convert
 	 * @param off Offset in array where conversion should begin
 	 * @param len Length of data to convert
@@ -397,8 +390,7 @@ public final class Base64 {
 
 		if (off + len > source.length) {
 			throw new IllegalArgumentException(String.format(
-					"Cannot have offset of %d and length of %d with array of length %d",
-					off, len, source.length));
+					"Cannot have offset of %d and length of %d with array of length %d", off, len, source.length));
 		} // end if: off < 0
 
 		boolean breakLines = (options & DO_BREAK_LINES) > 0;
@@ -464,8 +456,6 @@ public final class Base64 {
 	 * <p>
 	 * This is the lowest level of the decoding methods with all possible parameters.
 	 * </p>
-	 *
-	 *
 	 * @param source the array to convert
 	 * @param srcOffset the index where conversion begins
 	 * @param destination the array to hold the conversion
@@ -477,8 +467,8 @@ public final class Base64 {
 	 * not enough room in the array.
 	 * @since 1.3
 	 */
-	private static int decode4to3(final byte[] source, final int srcOffset,
-			final byte[] destination, final int destOffset, final int options) {
+	private static int decode4to3(final byte[] source, final int srcOffset, final byte[] destination,
+			final int destOffset, final int options) {
 
 		// Lots of error checking and exception throwing
 		if (source == null) {
@@ -489,15 +479,13 @@ public final class Base64 {
 		} // end if
 		if (srcOffset < 0 || srcOffset + 3 >= source.length) {
 			throw new IllegalArgumentException(
-					String.format(
-							"Source array with length %d cannot have offset of %d and still process four bytes.",
+					String.format("Source array with length %d cannot have offset of %d and still process four bytes.",
 							source.length, srcOffset));
 		} // end if
 		if (destOffset < 0 || destOffset + 2 >= destination.length) {
-			throw new IllegalArgumentException(
-					String.format(
-							"Destination array with length %d cannot have offset of %d and still store three bytes.",
-							destination.length, destOffset));
+			throw new IllegalArgumentException(String.format(
+					"Destination array with length %d cannot have offset of %d and still store three bytes.",
+					destination.length, destOffset));
 		} // end if
 
 		byte[] DECODABET = getDecodabet(options);
@@ -538,8 +526,7 @@ public final class Base64 {
 			// | ( ( DECODABET[ source[ srcOffset + 3 ] ] << 24 ) >>> 24 );
 			int outBuff = ((DECODABET[source[srcOffset]] & 0xFF) << 18)
 					| ((DECODABET[source[srcOffset + 1]] & 0xFF) << 12)
-					| ((DECODABET[source[srcOffset + 2]] & 0xFF) << 6)
-					| ((DECODABET[source[srcOffset + 3]] & 0xFF));
+					| ((DECODABET[source[srcOffset + 2]] & 0xFF) << 6) | ((DECODABET[source[srcOffset + 3]] & 0xFF));
 
 			destination[destOffset] = (byte) (outBuff >> 16);
 			destination[destOffset + 1] = (byte) (outBuff >> 8);
@@ -555,7 +542,6 @@ public final class Base64 {
 	 * recommended method, although it is used internally as part of the decoding process.
 	 * Special case: if len = 0, an empty array is returned. Still, if you need more speed
 	 * and reduced memory footprint (and aren't gzipping), consider this method.
-	 *
 	 * @param source The Base64 encoded data
 	 * @param off The offset of where to begin decoding
 	 * @param len The length of characters to decode
@@ -563,8 +549,7 @@ public final class Base64 {
 	 * @return decoded data
 	 * @throws IllegalArgumentException If bogus characters exist in source data
 	 */
-	private static byte[] decode(final byte[] source, final int off, final int len,
-			final int options) {
+	private static byte[] decode(final byte[] source, final int off, final int len, final int options) {
 
 		// Lots of error checking and exception throwing
 		if (source == null) {
@@ -572,8 +557,7 @@ public final class Base64 {
 		} // end if
 		if (off < 0 || off + len > source.length) {
 			throw new IllegalArgumentException(
-					String.format(
-							"Source array with length %d cannot have offset of %d and process %d bytes.",
+					String.format("Source array with length %d cannot have offset of %d and process %d bytes.",
 							source.length, off, len));
 		} // end if
 
@@ -582,8 +566,7 @@ public final class Base64 {
 		}
 		else if (len < 4) {
 			throw new IllegalArgumentException(
-					"Base64-encoded string must have at least four characters, but length specified was "
-							+ len);
+					"Base64-encoded string must have at least four characters, but length specified was " + len);
 		} // end if
 
 		byte[] DECODABET = getDecodabet(options);
@@ -621,8 +604,7 @@ public final class Base64 {
 			else {
 				// There's a bad input character in the Base64 stream.
 				throw new InvalidBase64CharacterException(String.format(
-						"Bad Base64 input character decimal %d in array position %d",
-						((int) source[i]) & 0xFF, i));
+						"Bad Base64 input character decimal %d in array position %d", ((int) source[i]) & 0xFF, i));
 			}
 		}
 
@@ -630,6 +612,7 @@ public final class Base64 {
 		System.arraycopy(outBuff, 0, out, 0, outBuffPosn);
 		return out;
 	}
+
 }
 
 class InvalidBase64CharacterException extends IllegalArgumentException {
@@ -637,4 +620,5 @@ class InvalidBase64CharacterException extends IllegalArgumentException {
 	InvalidBase64CharacterException(String message) {
 		super(message);
 	}
+
 }
diff --git a/crypto/src/main/java/org/springframework/security/crypto/codec/Hex.java b/crypto/src/main/java/org/springframework/security/crypto/codec/Hex.java
index 7555abd5b7..c896a12034 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/codec/Hex.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/codec/Hex.java
@@ -26,8 +26,8 @@ package org.springframework.security.crypto.codec;
  */
 public final class Hex {
 
-	private static final char[] HEX = { '0', '1', '2', '3', '4', '5', '6', '7', '8', '9',
-			'a', 'b', 'c', 'd', 'e', 'f' };
+	private static final char[] HEX = { '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e',
+			'f' };
 
 	public static char[] encode(byte[] bytes) {
 		final int nBytes = bytes.length;
@@ -48,8 +48,7 @@ public final class Hex {
 		int nChars = s.length();
 
 		if (nChars % 2 != 0) {
-			throw new IllegalArgumentException(
-					"Hex-encoded string must have an even number of characters");
+			throw new IllegalArgumentException("Hex-encoded string must have an even number of characters");
 		}
 
 		byte[] result = new byte[nChars / 2];
@@ -60,7 +59,7 @@ public final class Hex {
 
 			if (msb < 0 || lsb < 0) {
 				throw new IllegalArgumentException(
-					"Detected a Non-hex character at " + (i + 1) + " or " + (i + 2) + " position");
+						"Detected a Non-hex character at " + (i + 1) + " or " + (i + 2) + " position");
 			}
 			result[i / 2] = (byte) ((msb << 4) | lsb);
 		}
diff --git a/crypto/src/main/java/org/springframework/security/crypto/codec/Utf8.java b/crypto/src/main/java/org/springframework/security/crypto/codec/Utf8.java
index a2274fa75d..b82bcdce66 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/codec/Utf8.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/codec/Utf8.java
@@ -29,6 +29,7 @@ import java.nio.charset.StandardCharsets;
  * @author Luke Taylor
  */
 public final class Utf8 {
+
 	private static final Charset CHARSET = StandardCharsets.UTF_8;
 
 	/**
@@ -58,4 +59,5 @@ public final class Utf8 {
 			throw new IllegalArgumentException("Decoding failed", e);
 		}
 	}
+
 }
diff --git a/crypto/src/main/java/org/springframework/security/crypto/codec/package-info.java b/crypto/src/main/java/org/springframework/security/crypto/codec/package-info.java
index 0875553e36..07941157f2 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/codec/package-info.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/codec/package-info.java
@@ -17,4 +17,3 @@
  * Internal codec classes. Only intended for use within the framework.
  */
 package org.springframework.security.crypto.codec;
-
diff --git a/crypto/src/main/java/org/springframework/security/crypto/encrypt/AesBytesEncryptor.java b/crypto/src/main/java/org/springframework/security/crypto/encrypt/AesBytesEncryptor.java
index 95c7b4067f..b2491e4fe3 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/encrypt/AesBytesEncryptor.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/encrypt/AesBytesEncryptor.java
@@ -59,10 +59,10 @@ public final class AesBytesEncryptor implements BytesEncryptor {
 
 	public enum CipherAlgorithm {
 
-		CBC(AES_CBC_ALGORITHM, NULL_IV_GENERATOR), GCM(AES_GCM_ALGORITHM, KeyGenerators
-				.secureRandom(16));
+		CBC(AES_CBC_ALGORITHM, NULL_IV_GENERATOR), GCM(AES_GCM_ALGORITHM, KeyGenerators.secureRandom(16));
 
 		private BytesKeyGenerator ivGenerator;
+
 		private String name;
 
 		CipherAlgorithm(String name, BytesKeyGenerator ivGenerator) {
@@ -86,29 +86,28 @@ public final class AesBytesEncryptor implements BytesEncryptor {
 		public BytesKeyGenerator defaultIvGenerator() {
 			return this.ivGenerator;
 		}
+
 	}
 
 	public AesBytesEncryptor(String password, CharSequence salt) {
 		this(password, salt, null);
 	}
 
-	public AesBytesEncryptor(String password, CharSequence salt,
-			BytesKeyGenerator ivGenerator) {
+	public AesBytesEncryptor(String password, CharSequence salt, BytesKeyGenerator ivGenerator) {
 		this(password, salt, ivGenerator, CipherAlgorithm.CBC);
 	}
 
-	public AesBytesEncryptor(String password, CharSequence salt,
-			BytesKeyGenerator ivGenerator, CipherAlgorithm alg) {
-		this(newSecretKey("PBKDF2WithHmacSHA1", new PBEKeySpec(password.toCharArray(), Hex.decode(salt),
-				1024, 256)), ivGenerator, alg);
+	public AesBytesEncryptor(String password, CharSequence salt, BytesKeyGenerator ivGenerator, CipherAlgorithm alg) {
+		this(newSecretKey("PBKDF2WithHmacSHA1", new PBEKeySpec(password.toCharArray(), Hex.decode(salt), 1024, 256)),
+				ivGenerator, alg);
 	}
 
 	/**
 	 * Constructs an encryptor that uses AES encryption.
-	 *
 	 * @param secretKey the secret (symmetric) key
-	 * @param ivGenerator the generator used to generate the initialization vector. If null,
-	 * then a default algorithm will be used based on the provided {@link CipherAlgorithm}
+	 * @param ivGenerator the generator used to generate the initialization vector. If
+	 * null, then a default algorithm will be used based on the provided
+	 * {@link CipherAlgorithm}
 	 * @param alg the {@link CipherAlgorithm} to be used
 	 */
 	public AesBytesEncryptor(SecretKey secretKey, BytesKeyGenerator ivGenerator, CipherAlgorithm alg) {
@@ -122,31 +121,26 @@ public final class AesBytesEncryptor implements BytesEncryptor {
 	public byte[] encrypt(byte[] bytes) {
 		synchronized (this.encryptor) {
 			byte[] iv = this.ivGenerator.generateKey();
-			initCipher(this.encryptor, Cipher.ENCRYPT_MODE, this.secretKey,
-					this.alg.getParameterSpec(iv));
+			initCipher(this.encryptor, Cipher.ENCRYPT_MODE, this.secretKey, this.alg.getParameterSpec(iv));
 			byte[] encrypted = doFinal(this.encryptor, bytes);
-			return this.ivGenerator != NULL_IV_GENERATOR ? concatenate(iv, encrypted)
-					: encrypted;
+			return this.ivGenerator != NULL_IV_GENERATOR ? concatenate(iv, encrypted) : encrypted;
 		}
 	}
 
 	public byte[] decrypt(byte[] encryptedBytes) {
 		synchronized (this.decryptor) {
 			byte[] iv = iv(encryptedBytes);
-			initCipher(this.decryptor, Cipher.DECRYPT_MODE, this.secretKey,
-					this.alg.getParameterSpec(iv));
-			return doFinal(
-					this.decryptor,
-					this.ivGenerator != NULL_IV_GENERATOR ? encrypted(encryptedBytes,
-							iv.length) : encryptedBytes);
+			initCipher(this.decryptor, Cipher.DECRYPT_MODE, this.secretKey, this.alg.getParameterSpec(iv));
+			return doFinal(this.decryptor,
+					this.ivGenerator != NULL_IV_GENERATOR ? encrypted(encryptedBytes, iv.length) : encryptedBytes);
 		}
 	}
 
 	// internal helpers
 
 	private byte[] iv(byte[] encrypted) {
-		return this.ivGenerator != NULL_IV_GENERATOR ? subArray(encrypted, 0,
-				this.ivGenerator.getKeyLength()) : NULL_IV_GENERATOR.generateKey();
+		return this.ivGenerator != NULL_IV_GENERATOR ? subArray(encrypted, 0, this.ivGenerator.getKeyLength())
+				: NULL_IV_GENERATOR.generateKey();
 	}
 
 	private byte[] encrypted(byte[] encryptedBytes, int ivLength) {
@@ -166,4 +160,5 @@ public final class AesBytesEncryptor implements BytesEncryptor {
 		}
 
 	};
+
 }
diff --git a/crypto/src/main/java/org/springframework/security/crypto/encrypt/BouncyCastleAesBytesEncryptor.java b/crypto/src/main/java/org/springframework/security/crypto/encrypt/BouncyCastleAesBytesEncryptor.java
index 6797854479..53e301eb94 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/encrypt/BouncyCastleAesBytesEncryptor.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/encrypt/BouncyCastleAesBytesEncryptor.java
@@ -31,22 +31,22 @@ import org.springframework.security.crypto.keygen.KeyGenerators;
 abstract class BouncyCastleAesBytesEncryptor implements BytesEncryptor {
 
 	final KeyParameter secretKey;
+
 	final BytesKeyGenerator ivGenerator;
 
 	BouncyCastleAesBytesEncryptor(String password, CharSequence salt) {
 		this(password, salt, KeyGenerators.secureRandom(16));
 	}
 
-	BouncyCastleAesBytesEncryptor(String password, CharSequence salt,
-			BytesKeyGenerator ivGenerator) {
+	BouncyCastleAesBytesEncryptor(String password, CharSequence salt, BytesKeyGenerator ivGenerator) {
 		if (ivGenerator.getKeyLength() != 16) {
 			throw new IllegalArgumentException("ivGenerator key length != block size 16");
 		}
 		this.ivGenerator = ivGenerator;
 		PBEParametersGenerator keyGenerator = new PKCS5S2ParametersGenerator();
-		byte[] pkcs12PasswordBytes = PBEParametersGenerator
-				.PKCS5PasswordToUTF8Bytes(password.toCharArray());
+		byte[] pkcs12PasswordBytes = PBEParametersGenerator.PKCS5PasswordToUTF8Bytes(password.toCharArray());
 		keyGenerator.init(pkcs12PasswordBytes, Hex.decode(salt), 1024);
 		this.secretKey = (KeyParameter) keyGenerator.generateDerivedParameters(256);
 	}
+
 }
diff --git a/crypto/src/main/java/org/springframework/security/crypto/encrypt/BouncyCastleAesCbcBytesEncryptor.java b/crypto/src/main/java/org/springframework/security/crypto/encrypt/BouncyCastleAesCbcBytesEncryptor.java
index d0e4c874c9..1394856c36 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/encrypt/BouncyCastleAesCbcBytesEncryptor.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/encrypt/BouncyCastleAesCbcBytesEncryptor.java
@@ -28,9 +28,9 @@ import org.springframework.security.crypto.encrypt.AesBytesEncryptor.CipherAlgor
 import org.springframework.security.crypto.keygen.BytesKeyGenerator;
 
 /**
- * An Encryptor equivalent to {@link AesBytesEncryptor} using
- * {@link CipherAlgorithm#CBC} that uses Bouncy Castle instead of JCE. The
- * algorithm is equivalent to "AES/CBC/PKCS5Padding".
+ * An Encryptor equivalent to {@link AesBytesEncryptor} using {@link CipherAlgorithm#CBC}
+ * that uses Bouncy Castle instead of JCE. The algorithm is equivalent to
+ * "AES/CBC/PKCS5Padding".
  *
  * @author William Tran
  *
@@ -41,8 +41,7 @@ public class BouncyCastleAesCbcBytesEncryptor extends BouncyCastleAesBytesEncryp
 		super(password, salt);
 	}
 
-	public BouncyCastleAesCbcBytesEncryptor(String password, CharSequence salt,
-			BytesKeyGenerator ivGenerator) {
+	public BouncyCastleAesCbcBytesEncryptor(String password, CharSequence salt, BytesKeyGenerator ivGenerator) {
 		super(password, salt, ivGenerator);
 	}
 
@@ -61,8 +60,7 @@ public class BouncyCastleAesCbcBytesEncryptor extends BouncyCastleAesBytesEncryp
 	@Override
 	public byte[] decrypt(byte[] encryptedBytes) {
 		byte[] iv = subArray(encryptedBytes, 0, this.ivGenerator.getKeyLength());
-		encryptedBytes = subArray(encryptedBytes, this.ivGenerator.getKeyLength(),
-				encryptedBytes.length);
+		encryptedBytes = subArray(encryptedBytes, this.ivGenerator.getKeyLength(), encryptedBytes.length);
 
 		@SuppressWarnings("deprecation")
 		PaddedBufferedBlockCipher blockCipher = new PaddedBufferedBlockCipher(
@@ -87,4 +85,5 @@ public class BouncyCastleAesCbcBytesEncryptor extends BouncyCastleAesBytesEncryp
 		System.arraycopy(buf, 0, out, 0, bytesWritten);
 		return out;
 	}
+
 }
diff --git a/crypto/src/main/java/org/springframework/security/crypto/encrypt/BouncyCastleAesGcmBytesEncryptor.java b/crypto/src/main/java/org/springframework/security/crypto/encrypt/BouncyCastleAesGcmBytesEncryptor.java
index 5c81414117..71abc75e1d 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/encrypt/BouncyCastleAesGcmBytesEncryptor.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/encrypt/BouncyCastleAesGcmBytesEncryptor.java
@@ -26,9 +26,9 @@ import org.springframework.security.crypto.encrypt.AesBytesEncryptor.CipherAlgor
 import org.springframework.security.crypto.keygen.BytesKeyGenerator;
 
 /**
- * An Encryptor equivalent to {@link AesBytesEncryptor} using
- * {@link CipherAlgorithm#GCM} that uses Bouncy Castle instead of JCE. The
- * algorithm is equivalent to "AES/GCM/NoPadding".
+ * An Encryptor equivalent to {@link AesBytesEncryptor} using {@link CipherAlgorithm#GCM}
+ * that uses Bouncy Castle instead of JCE. The algorithm is equivalent to
+ * "AES/GCM/NoPadding".
  *
  * @author William Tran
  *
@@ -39,8 +39,7 @@ public class BouncyCastleAesGcmBytesEncryptor extends BouncyCastleAesBytesEncryp
 		super(password, salt);
 	}
 
-	public BouncyCastleAesGcmBytesEncryptor(String password, CharSequence salt,
-			BytesKeyGenerator ivGenerator) {
+	public BouncyCastleAesGcmBytesEncryptor(String password, CharSequence salt, BytesKeyGenerator ivGenerator) {
 		super(password, salt, ivGenerator);
 	}
 
@@ -59,8 +58,7 @@ public class BouncyCastleAesGcmBytesEncryptor extends BouncyCastleAesBytesEncryp
 	@Override
 	public byte[] decrypt(byte[] encryptedBytes) {
 		byte[] iv = subArray(encryptedBytes, 0, this.ivGenerator.getKeyLength());
-		encryptedBytes = subArray(encryptedBytes, this.ivGenerator.getKeyLength(),
-				encryptedBytes.length);
+		encryptedBytes = subArray(encryptedBytes, this.ivGenerator.getKeyLength(), encryptedBytes.length);
 
 		@SuppressWarnings("deprecation")
 		GCMBlockCipher blockCipher = new GCMBlockCipher(new org.bouncycastle.crypto.engines.AESFastEngine());
diff --git a/crypto/src/main/java/org/springframework/security/crypto/encrypt/BytesEncryptor.java b/crypto/src/main/java/org/springframework/security/crypto/encrypt/BytesEncryptor.java
index 4285224627..7f8fbc0981 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/encrypt/BytesEncryptor.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/encrypt/BytesEncryptor.java
@@ -17,6 +17,7 @@ package org.springframework.security.crypto.encrypt;
 
 /**
  * Service interface for symmetric data encryption.
+ *
  * @author Keith Donald
  */
 public interface BytesEncryptor {
diff --git a/crypto/src/main/java/org/springframework/security/crypto/encrypt/CipherUtils.java b/crypto/src/main/java/org/springframework/security/crypto/encrypt/CipherUtils.java
index d77fd9f4fb..58a268abe7 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/encrypt/CipherUtils.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/encrypt/CipherUtils.java
@@ -33,6 +33,7 @@ import javax.crypto.spec.PBEParameterSpec;
 
 /**
  * Static helper for working with the Cipher API.
+ *
  * @author Keith Donald
  */
 class CipherUtils {
@@ -78,8 +79,7 @@ class CipherUtils {
 	/**
 	 * Initializes the Cipher for use.
 	 */
-	public static <T extends AlgorithmParameterSpec> T getParameterSpec(Cipher cipher,
-			Class<T> parameterSpecClass) {
+	public static <T extends AlgorithmParameterSpec> T getParameterSpec(Cipher cipher, Class<T> parameterSpecClass) {
 		try {
 			return cipher.getParameters().getParameterSpec(parameterSpecClass);
 		}
@@ -98,16 +98,14 @@ class CipherUtils {
 	/**
 	 * Initializes the Cipher for use.
 	 */
-	public static void initCipher(Cipher cipher, int mode, SecretKey secretKey,
-			byte[] salt, int iterationCount) {
+	public static void initCipher(Cipher cipher, int mode, SecretKey secretKey, byte[] salt, int iterationCount) {
 		initCipher(cipher, mode, secretKey, new PBEParameterSpec(salt, iterationCount));
 	}
 
 	/**
 	 * Initializes the Cipher for use.
 	 */
-	public static void initCipher(Cipher cipher, int mode, SecretKey secretKey,
-			AlgorithmParameterSpec parameterSpec) {
+	public static void initCipher(Cipher cipher, int mode, SecretKey secretKey, AlgorithmParameterSpec parameterSpec) {
 		try {
 			if (parameterSpec != null) {
 				cipher.init(mode, secretKey, parameterSpec);
@@ -117,12 +115,10 @@ class CipherUtils {
 			}
 		}
 		catch (InvalidKeyException e) {
-			throw new IllegalArgumentException(
-					"Unable to initialize due to invalid secret key", e);
+			throw new IllegalArgumentException("Unable to initialize due to invalid secret key", e);
 		}
 		catch (InvalidAlgorithmParameterException e) {
-			throw new IllegalStateException(
-					"Unable to initialize due to invalid decryption parameter spec", e);
+			throw new IllegalStateException("Unable to initialize due to invalid decryption parameter spec", e);
 		}
 	}
 
@@ -135,12 +131,10 @@ class CipherUtils {
 			return cipher.doFinal(input);
 		}
 		catch (IllegalBlockSizeException e) {
-			throw new IllegalStateException(
-					"Unable to invoke Cipher due to illegal block size", e);
+			throw new IllegalStateException("Unable to invoke Cipher due to illegal block size", e);
 		}
 		catch (BadPaddingException e) {
-			throw new IllegalStateException("Unable to invoke Cipher due to bad padding",
-					e);
+			throw new IllegalStateException("Unable to invoke Cipher due to bad padding", e);
 		}
 	}
 
diff --git a/crypto/src/main/java/org/springframework/security/crypto/encrypt/Encryptors.java b/crypto/src/main/java/org/springframework/security/crypto/encrypt/Encryptors.java
index 7ebfb5a356..7ceef06107 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/encrypt/Encryptors.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/encrypt/Encryptors.java
@@ -34,15 +34,13 @@ public class Encryptors {
 	 * hex-encoded; it should be random and at least 8 bytes in length. Also applies a
 	 * random 16-byte initialization vector to ensure each encrypted message will be
 	 * unique. Requires Java 6.
-	 *
 	 * @param password the password used to generate the encryptor's secret key; should
 	 * not be shared
 	 * @param salt a hex-encoded, random, site-global salt value to use to generate the
 	 * key
 	 */
 	public static BytesEncryptor stronger(CharSequence password, CharSequence salt) {
-		return new AesBytesEncryptor(password.toString(), salt,
-				KeyGenerators.secureRandom(16), CipherAlgorithm.GCM);
+		return new AesBytesEncryptor(password.toString(), salt, KeyGenerators.secureRandom(16), CipherAlgorithm.GCM);
 	}
 
 	/**
@@ -51,13 +49,11 @@ public class Encryptors {
 	 * Function #2). Salts the password to prevent dictionary attacks against the key. The
 	 * provided salt is expected to be hex-encoded; it should be random and at least 8
 	 * bytes in length. Also applies a random 16-byte initialization vector to ensure each
-	 * encrypted message will be unique. Requires Java 6.
-	 * NOTE: This mode is not
+	 * encrypted message will be unique. Requires Java 6. NOTE: This mode is not
 	 * <a href="https://en.wikipedia.org/wiki/Authenticated_encryption">authenticated</a>
-	 * and does not provide any guarantees about the authenticity of the data.
-	 * For a more secure alternative, users should prefer
+	 * and does not provide any guarantees about the authenticity of the data. For a more
+	 * secure alternative, users should prefer
 	 * {@link #stronger(CharSequence, CharSequence)}.
-	 *
 	 * @param password the password used to generate the encryptor's secret key; should
 	 * not be shared
 	 * @param salt a hex-encoded, random, site-global salt value to use to generate the
@@ -67,14 +63,12 @@ public class Encryptors {
 	 * GCM (instead of CBC)
 	 */
 	public static BytesEncryptor standard(CharSequence password, CharSequence salt) {
-		return new AesBytesEncryptor(password.toString(), salt,
-				KeyGenerators.secureRandom(16));
+		return new AesBytesEncryptor(password.toString(), salt, KeyGenerators.secureRandom(16));
 	}
 
 	/**
 	 * Creates a text encryptor that uses "stronger" password-based encryption. Encrypted
 	 * text is hex-encoded.
-	 *
 	 * @param password the password used to generate the encryptor's secret key; should
 	 * not be shared
 	 * @see Encryptors#stronger(CharSequence, CharSequence)
@@ -86,7 +80,6 @@ public class Encryptors {
 	/**
 	 * Creates a text encryptor that uses "standard" password-based encryption. Encrypted
 	 * text is hex-encoded.
-	 *
 	 * @param password the password used to generate the encryptor's secret key; should
 	 * not be shared
 	 * @see Encryptors#standard(CharSequence, CharSequence)
@@ -100,7 +93,6 @@ public class Encryptors {
 	 * encryption. Uses a 16-byte all-zero initialization vector so encrypting the same
 	 * data results in the same encryption result. This is done to allow encrypted data to
 	 * be queried against. Encrypted text is hex-encoded.
-	 *
 	 * @param password the password used to generate the encryptor's secret key; should
 	 * not be shared
 	 * @param salt a hex-encoded, random, site-global salt value to use to generate the
@@ -110,8 +102,7 @@ public class Encryptors {
 	 */
 	@Deprecated
 	public static TextEncryptor queryableText(CharSequence password, CharSequence salt) {
-		return new HexEncodingTextEncryptor(new AesBytesEncryptor(password.toString(),
-				salt));
+		return new HexEncodingTextEncryptor(new AesBytesEncryptor(password.toString(), salt));
 	}
 
 	/**
diff --git a/crypto/src/main/java/org/springframework/security/crypto/encrypt/HexEncodingTextEncryptor.java b/crypto/src/main/java/org/springframework/security/crypto/encrypt/HexEncodingTextEncryptor.java
index a4ed4c8699..8407dd8704 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/encrypt/HexEncodingTextEncryptor.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/encrypt/HexEncodingTextEncryptor.java
@@ -22,6 +22,7 @@ import org.springframework.security.crypto.codec.Utf8;
  * Delegates to an {@link BytesEncryptor} to encrypt text strings. Raw text strings are
  * UTF-8 encoded before being passed to the encryptor. Encrypted strings are returned
  * hex-encoded.
+ *
  * @author Keith Donald
  */
 final class HexEncodingTextEncryptor implements TextEncryptor {
diff --git a/crypto/src/main/java/org/springframework/security/crypto/factory/PasswordEncoderFactories.java b/crypto/src/main/java/org/springframework/security/crypto/factory/PasswordEncoderFactories.java
index c0a54ba2cf..46678d65cb 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/factory/PasswordEncoderFactories.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/factory/PasswordEncoderFactories.java
@@ -28,6 +28,7 @@ import java.util.Map;
 
 /**
  * Used for creating {@link PasswordEncoder} instances
+ *
  * @author Rob Winch
  * @since 5.0
  */
@@ -41,18 +42,21 @@ public class PasswordEncoderFactories {
 	 *
 	 * <ul>
 	 * <li>bcrypt - {@link BCryptPasswordEncoder} (Also used for encoding)</li>
-	 * <li>ldap - {@link org.springframework.security.crypto.password.LdapShaPasswordEncoder}</li>
-	 * <li>MD4 - {@link org.springframework.security.crypto.password.Md4PasswordEncoder}</li>
+	 * <li>ldap -
+	 * {@link org.springframework.security.crypto.password.LdapShaPasswordEncoder}</li>
+	 * <li>MD4 -
+	 * {@link org.springframework.security.crypto.password.Md4PasswordEncoder}</li>
 	 * <li>MD5 - {@code new MessageDigestPasswordEncoder("MD5")}</li>
-	 * <li>noop - {@link org.springframework.security.crypto.password.NoOpPasswordEncoder}</li>
+	 * <li>noop -
+	 * {@link org.springframework.security.crypto.password.NoOpPasswordEncoder}</li>
 	 * <li>pbkdf2 - {@link Pbkdf2PasswordEncoder}</li>
 	 * <li>scrypt - {@link SCryptPasswordEncoder}</li>
 	 * <li>SHA-1 - {@code new MessageDigestPasswordEncoder("SHA-1")}</li>
 	 * <li>SHA-256 - {@code new MessageDigestPasswordEncoder("SHA-256")}</li>
-	 * <li>sha256 - {@link org.springframework.security.crypto.password.StandardPasswordEncoder}</li>
+	 * <li>sha256 -
+	 * {@link org.springframework.security.crypto.password.StandardPasswordEncoder}</li>
 	 * <li>argon2 - {@link Argon2PasswordEncoder}</li>
 	 * </ul>
-	 *
 	 * @return the {@link PasswordEncoder} to use
 	 */
 	@SuppressWarnings("deprecation")
@@ -67,12 +71,15 @@ public class PasswordEncoderFactories {
 		encoders.put("pbkdf2", new Pbkdf2PasswordEncoder());
 		encoders.put("scrypt", new SCryptPasswordEncoder());
 		encoders.put("SHA-1", new org.springframework.security.crypto.password.MessageDigestPasswordEncoder("SHA-1"));
-		encoders.put("SHA-256", new org.springframework.security.crypto.password.MessageDigestPasswordEncoder("SHA-256"));
+		encoders.put("SHA-256",
+				new org.springframework.security.crypto.password.MessageDigestPasswordEncoder("SHA-256"));
 		encoders.put("sha256", new org.springframework.security.crypto.password.StandardPasswordEncoder());
 		encoders.put("argon2", new Argon2PasswordEncoder());
 
 		return new DelegatingPasswordEncoder(encodingId, encoders);
 	}
 
-	private PasswordEncoderFactories() {}
+	private PasswordEncoderFactories() {
+	}
+
 }
diff --git a/crypto/src/main/java/org/springframework/security/crypto/keygen/Base64StringKeyGenerator.java b/crypto/src/main/java/org/springframework/security/crypto/keygen/Base64StringKeyGenerator.java
index bba2113ed9..1fc050c313 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/keygen/Base64StringKeyGenerator.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/keygen/Base64StringKeyGenerator.java
@@ -26,8 +26,11 @@ import java.util.Base64;
  * @since 5.0
  */
 public class Base64StringKeyGenerator implements StringKeyGenerator {
+
 	private static final int DEFAULT_KEY_LENGTH = 32;
+
 	private final BytesKeyGenerator keyGenerator;
+
 	private final Base64.Encoder encoder;
 
 	/**
@@ -76,4 +79,5 @@ public class Base64StringKeyGenerator implements StringKeyGenerator {
 		byte[] base64EncodedKey = this.encoder.encode(key);
 		return new String(base64EncodedKey);
 	}
+
 }
diff --git a/crypto/src/main/java/org/springframework/security/crypto/keygen/BytesKeyGenerator.java b/crypto/src/main/java/org/springframework/security/crypto/keygen/BytesKeyGenerator.java
index 6dbff29f58..56a8e4f308 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/keygen/BytesKeyGenerator.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/keygen/BytesKeyGenerator.java
@@ -17,6 +17,7 @@ package org.springframework.security.crypto.keygen;
 
 /**
  * A generator for unique byte array-based keys.
+ *
  * @author Keith Donald
  */
 public interface BytesKeyGenerator {
diff --git a/crypto/src/main/java/org/springframework/security/crypto/keygen/HexEncodingStringKeyGenerator.java b/crypto/src/main/java/org/springframework/security/crypto/keygen/HexEncodingStringKeyGenerator.java
index 005a8e6e63..0ce886425c 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/keygen/HexEncodingStringKeyGenerator.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/keygen/HexEncodingStringKeyGenerator.java
@@ -20,6 +20,7 @@ import org.springframework.security.crypto.codec.Hex;
 /**
  * A StringKeyGenerator that generates hex-encoded String keys. Delegates to a
  * {@link BytesKeyGenerator} for the actual key generation.
+ *
  * @author Keith Donald
  */
 final class HexEncodingStringKeyGenerator implements StringKeyGenerator {
diff --git a/crypto/src/main/java/org/springframework/security/crypto/keygen/KeyGenerators.java b/crypto/src/main/java/org/springframework/security/crypto/keygen/KeyGenerators.java
index b5c5989704..4a70ccef19 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/keygen/KeyGenerators.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/keygen/KeyGenerators.java
@@ -20,6 +20,7 @@ import java.security.SecureRandom;
 /**
  * Factory for commonly used key generators. Public API for constructing a
  * {@link BytesKeyGenerator} or {@link StringKeyGenerator}.
+ *
  * @author Keith Donald
  */
 public class KeyGenerators {
@@ -62,4 +63,5 @@ public class KeyGenerators {
 
 	private KeyGenerators() {
 	}
+
 }
diff --git a/crypto/src/main/java/org/springframework/security/crypto/keygen/StringKeyGenerator.java b/crypto/src/main/java/org/springframework/security/crypto/keygen/StringKeyGenerator.java
index 53e3422f79..d23a092fc0 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/keygen/StringKeyGenerator.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/keygen/StringKeyGenerator.java
@@ -17,6 +17,7 @@ package org.springframework.security.crypto.keygen;
 
 /**
  * A generator for unique string keys.
+ *
  * @author Keith Donald
  */
 public interface StringKeyGenerator {
diff --git a/crypto/src/main/java/org/springframework/security/crypto/password/AbstractPasswordEncoder.java b/crypto/src/main/java/org/springframework/security/crypto/password/AbstractPasswordEncoder.java
index f70e289adc..7593e1942d 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/password/AbstractPasswordEncoder.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/password/AbstractPasswordEncoder.java
@@ -63,4 +63,5 @@ public abstract class AbstractPasswordEncoder implements PasswordEncoder {
 	protected static boolean matches(byte[] expected, byte[] actual) {
 		return MessageDigest.isEqual(expected, actual);
 	}
+
 }
diff --git a/crypto/src/main/java/org/springframework/security/crypto/password/DelegatingPasswordEncoder.java b/crypto/src/main/java/org/springframework/security/crypto/password/DelegatingPasswordEncoder.java
index 4bc4e68083..fc04a346ca 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/password/DelegatingPasswordEncoder.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/password/DelegatingPasswordEncoder.java
@@ -50,8 +50,8 @@ import java.util.Map;
  * {id}encodedPassword
  * </pre>
  *
- * Such that "id" is an identifier used to look up which {@link PasswordEncoder} should
- * be used and "encodedPassword" is the original encoded password for the selected
+ * Such that "id" is an identifier used to look up which {@link PasswordEncoder} should be
+ * used and "encodedPassword" is the original encoded password for the selected
  * {@link PasswordEncoder}. The "id" must be at the beginning of the password, start with
  * "{" and end with "}". If the "id" cannot be found, the "id" will be null.
  *
@@ -70,8 +70,8 @@ import java.util.Map;
  *
  * <ol>
  * <li>The first password would have a {@code PasswordEncoder} id of "bcrypt" and
- * encodedPassword of "$2a$10$dXJ3SW6G7P50lGmMkkmwe.20cQQubK3.HZWzG3YB1tlRy.fqvM/BG".
- * When matching it would delegate to
+ * encodedPassword of "$2a$10$dXJ3SW6G7P50lGmMkkmwe.20cQQubK3.HZWzG3YB1tlRy.fqvM/BG". When
+ * matching it would delegate to
  * {@link org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder}</li>
  * <li>The second password would have a {@code PasswordEncoder} id of "noop" and
  * encodedPassword of "password". When matching it would delegate to
@@ -115,17 +115,22 @@ import java.util.Map;
  * {@link #setDefaultPasswordEncoderForMatches(PasswordEncoder)}.
  *
  * @see org.springframework.security.crypto.factory.PasswordEncoderFactories
- *
  * @author Rob Winch
  * @author Michael Simons
  * @since 5.0
  */
 public class DelegatingPasswordEncoder implements PasswordEncoder {
+
 	private static final String PREFIX = "{";
+
 	private static final String SUFFIX = "}";
+
 	private final String idForEncode;
+
 	private final PasswordEncoder passwordEncoderForEncode;
+
 	private final Map<String, PasswordEncoder> idToPasswordEncoder;
+
 	private PasswordEncoder defaultPasswordEncoderForMatches = new UnmappedIdPasswordEncoder();
 
 	/**
@@ -133,15 +138,16 @@ public class DelegatingPasswordEncoder implements PasswordEncoder {
 	 * @param idForEncode the id used to lookup which {@link PasswordEncoder} should be
 	 * used for {@link #encode(CharSequence)}
 	 * @param idToPasswordEncoder a Map of id to {@link PasswordEncoder} used to determine
-	 * which {@link PasswordEncoder} should be used for {@link #matches(CharSequence, String)}
+	 * which {@link PasswordEncoder} should be used for
+	 * {@link #matches(CharSequence, String)}
 	 */
-	public DelegatingPasswordEncoder(String idForEncode,
-		Map<String, PasswordEncoder> idToPasswordEncoder) {
+	public DelegatingPasswordEncoder(String idForEncode, Map<String, PasswordEncoder> idToPasswordEncoder) {
 		if (idForEncode == null) {
 			throw new IllegalArgumentException("idForEncode cannot be null");
 		}
 		if (!idToPasswordEncoder.containsKey(idForEncode)) {
-			throw new IllegalArgumentException("idForEncode " + idForEncode + "is not found in idToPasswordEncoder " + idToPasswordEncoder);
+			throw new IllegalArgumentException(
+					"idForEncode " + idForEncode + "is not found in idToPasswordEncoder " + idToPasswordEncoder);
 		}
 		for (String id : idToPasswordEncoder.keySet()) {
 			if (id == null) {
@@ -165,16 +171,15 @@ public class DelegatingPasswordEncoder implements PasswordEncoder {
 	 * {@link PasswordEncoder}.
 	 *
 	 * <p>
-	   The encodedPassword provided will be the full password
-	 * passed in including the {"id"} portion.* For example, if the password of
-	 * "{notmapped}foobar" was used, the "id" would be "notmapped" and the encodedPassword
-	 * passed into the {@link PasswordEncoder} would be "{notmapped}foobar".
+	 * The encodedPassword provided will be the full password passed in including the
+	 * {"id"} portion.* For example, if the password of "{notmapped}foobar" was used, the
+	 * "id" would be "notmapped" and the encodedPassword passed into the
+	 * {@link PasswordEncoder} would be "{notmapped}foobar".
 	 * </p>
-	 * @param defaultPasswordEncoderForMatches the encoder to use. The default is to
-	 * throw an {@link IllegalArgumentException}
+	 * @param defaultPasswordEncoderForMatches the encoder to use. The default is to throw
+	 * an {@link IllegalArgumentException}
 	 */
-	public void setDefaultPasswordEncoderForMatches(
-		PasswordEncoder defaultPasswordEncoderForMatches) {
+	public void setDefaultPasswordEncoderForMatches(PasswordEncoder defaultPasswordEncoderForMatches) {
 		if (defaultPasswordEncoderForMatches == null) {
 			throw new IllegalArgumentException("defaultPasswordEncoderForMatches cannot be null");
 		}
@@ -194,8 +199,7 @@ public class DelegatingPasswordEncoder implements PasswordEncoder {
 		String id = extractId(prefixEncodedPassword);
 		PasswordEncoder delegate = this.idToPasswordEncoder.get(id);
 		if (delegate == null) {
-			return this.defaultPasswordEncoderForMatches
-				.matches(rawPassword, prefixEncodedPassword);
+			return this.defaultPasswordEncoderForMatches.matches(rawPassword, prefixEncodedPassword);
 		}
 		String encodedPassword = extractEncodedPassword(prefixEncodedPassword);
 		return delegate.matches(rawPassword, encodedPassword);
@@ -244,10 +248,11 @@ public class DelegatingPasswordEncoder implements PasswordEncoder {
 		}
 
 		@Override
-		public boolean matches(CharSequence rawPassword,
-			String prefixEncodedPassword) {
+		public boolean matches(CharSequence rawPassword, String prefixEncodedPassword) {
 			String id = extractId(prefixEncodedPassword);
 			throw new IllegalArgumentException("There is no PasswordEncoder mapped for the id \"" + id + "\"");
 		}
+
 	}
+
 }
diff --git a/crypto/src/main/java/org/springframework/security/crypto/password/Digester.java b/crypto/src/main/java/org/springframework/security/crypto/password/Digester.java
index b0b57bc4b4..b14feb22e3 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/password/Digester.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/password/Digester.java
@@ -68,4 +68,5 @@ final class Digester {
 			throw new IllegalStateException("No such hashing algorithm", e);
 		}
 	}
+
 }
diff --git a/crypto/src/main/java/org/springframework/security/crypto/password/LdapShaPasswordEncoder.java b/crypto/src/main/java/org/springframework/security/crypto/password/LdapShaPasswordEncoder.java
index 90252f3c14..0ee12c20eb 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/password/LdapShaPasswordEncoder.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/password/LdapShaPasswordEncoder.java
@@ -39,19 +39,24 @@ import java.util.Base64;
  * @deprecated Digest based password encoding is not considered secure. Instead use an
  * adaptive one way function like BCryptPasswordEncoder, Pbkdf2PasswordEncoder, or
  * SCryptPasswordEncoder. Even better use {@link DelegatingPasswordEncoder} which supports
- * password upgrades. There are no plans to remove this support. It is deprecated to indicate
- * that this is a legacy implementation and using it is considered insecure.
+ * password upgrades. There are no plans to remove this support. It is deprecated to
+ * indicate that this is a legacy implementation and using it is considered insecure.
  */
 @Deprecated
 public class LdapShaPasswordEncoder implements PasswordEncoder {
+
 	// ~ Static fields/initializers
 	// =====================================================================================
 
 	/** The number of bytes in a SHA hash */
 	private static final int SHA_LENGTH = 20;
+
 	private static final String SSHA_PREFIX = "{SSHA}";
+
 	private static final String SSHA_PREFIX_LC = SSHA_PREFIX.toLowerCase();
+
 	private static final String SHA_PREFIX = "{SHA}";
+
 	private static final String SHA_PREFIX_LC = SHA_PREFIX.toLowerCase();
 
 	// ~ Instance fields
@@ -93,9 +98,7 @@ public class LdapShaPasswordEncoder implements PasswordEncoder {
 	 * Calculates the hash of password (and salt bytes, if supplied) and returns a base64
 	 * encoded concatenation of the hash and salt, prefixed with {SHA} (or {SSHA} if salt
 	 * was used).
-	 *
 	 * @param rawPass the password to be encoded.
-	 *
 	 * @return the encoded password in the specified format
 	 *
 	 */
@@ -104,7 +107,6 @@ public class LdapShaPasswordEncoder implements PasswordEncoder {
 		return encode(rawPass, salt);
 	}
 
-
 	private String encode(CharSequence rawPassword, byte[] salt) {
 		MessageDigest sha;
 
@@ -148,10 +150,8 @@ public class LdapShaPasswordEncoder implements PasswordEncoder {
 	/**
 	 * Checks the validity of an unencoded password against an encoded one in the form
 	 * "{SSHA}sQuQF8vj8Eg2Y1hPdh3bkQhCKQBgjhQI".
-	 *
 	 * @param rawPassword unencoded password to be verified.
 	 * @param encodedPassword the actual SSHA or SHA encoded password
-	 *
 	 * @return true if they match (independent of the case of the prefix).
 	 */
 	public boolean matches(CharSequence rawPassword, String encodedPassword) {
@@ -170,8 +170,7 @@ public class LdapShaPasswordEncoder implements PasswordEncoder {
 			salt = extractSalt(encodedPassword);
 		}
 		else if (!prefix.equals(SHA_PREFIX) && !prefix.equals(SHA_PREFIX_LC)) {
-			throw new IllegalArgumentException("Unsupported password prefix '" + prefix
-					+ "'");
+			throw new IllegalArgumentException("Unsupported password prefix '" + prefix + "'");
 		}
 		else {
 			// Standard SHA
@@ -182,8 +181,7 @@ public class LdapShaPasswordEncoder implements PasswordEncoder {
 
 		String encodedRawPass = encode(rawPassword, salt).substring(startOfHash);
 
-		return PasswordEncoderUtils
-				.equals(encodedRawPass, encodedPassword.substring(startOfHash));
+		return PasswordEncoderUtils.equals(encodedRawPass, encodedPassword.substring(startOfHash));
 	}
 
 	/**
@@ -197,8 +195,7 @@ public class LdapShaPasswordEncoder implements PasswordEncoder {
 		int secondBrace = encPass.lastIndexOf('}');
 
 		if (secondBrace < 0) {
-			throw new IllegalArgumentException(
-					"Couldn't find closing brace for SHA prefix");
+			throw new IllegalArgumentException("Couldn't find closing brace for SHA prefix");
 		}
 
 		return encPass.substring(0, secondBrace + 1);
@@ -207,4 +204,5 @@ public class LdapShaPasswordEncoder implements PasswordEncoder {
 	public void setForceLowerCasePrefix(boolean forceLowerCasePrefix) {
 		this.forceLowerCasePrefix = forceLowerCasePrefix;
 	}
+
 }
diff --git a/crypto/src/main/java/org/springframework/security/crypto/password/Md4.java b/crypto/src/main/java/org/springframework/security/crypto/password/Md4.java
index 89c4db51b0..ea5101cfb2 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/password/Md4.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/password/Md4.java
@@ -22,12 +22,19 @@ package org.springframework.security.crypto.password;
  * @author Alan Stewart
  */
 class Md4 {
+
 	private static final int BLOCK_SIZE = 64;
+
 	private static final int HASH_SIZE = 16;
+
 	private final byte[] buffer = new byte[BLOCK_SIZE];
+
 	private int bufferOffset;
+
 	private long byteCount;
+
 	private final int[] state = new int[4];
+
 	private final int[] tmp = new int[16];
 
 	Md4() {
@@ -99,8 +106,8 @@ class Md4 {
 
 	private void update(byte[] block, int offset) {
 		for (int i = 0; i < 16; i++) {
-			tmp[i] = (block[offset++] & 0xFF) | (block[offset++] & 0xFF) << 8
-					| (block[offset++] & 0xFF) << 16 | (block[offset++] & 0xFF) << 24;
+			tmp[i] = (block[offset++] & 0xFF) | (block[offset++] & 0xFF) << 8 | (block[offset++] & 0xFF) << 16
+					| (block[offset++] & 0xFF) << 24;
 		}
 
 		int A = state[0];
@@ -179,4 +186,5 @@ class Md4 {
 		int t = a + (b ^ c ^ d) + x + 0x6ED9EBA1;
 		return t << s | t >>> (32 - s);
 	}
+
 }
diff --git a/crypto/src/main/java/org/springframework/security/crypto/password/Md4PasswordEncoder.java b/crypto/src/main/java/org/springframework/security/crypto/password/Md4PasswordEncoder.java
index 7fe06a979d..64e3e2e529 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/password/Md4PasswordEncoder.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/password/Md4PasswordEncoder.java
@@ -23,7 +23,8 @@ import org.springframework.security.crypto.keygen.StringKeyGenerator;
 import java.util.Base64;
 
 /**
- * This {@link PasswordEncoder} is provided for legacy purposes only and is not considered secure.
+ * This {@link PasswordEncoder} is provided for legacy purposes only and is not considered
+ * secure.
  *
  * Encodes passwords using MD4. The general format of the password is:
  *
@@ -33,8 +34,7 @@ import java.util.Base64;
  * </pre>
  *
  * Such that "salt" is the salt, md4 is the digest method, and password is the actual
- * password. For example with a password of "password", and a salt of
- * "thisissalt":
+ * password. For example with a password of "password", and a salt of "thisissalt":
  *
  * <pre>
  * String s = salt == null ? "" : "{" + salt + "}";
@@ -55,9 +55,9 @@ import java.util.Base64;
  * "{}" + md4(password + "{}")
  * </pre>
  *
- * The format is intended to work with the Md4PasswordEncoder that was found in the
- * Spring Security core module. However, the passwords will need to be migrated to include
- * any salt with the password since this API provides Salt internally vs making it the
+ * The format is intended to work with the Md4PasswordEncoder that was found in the Spring
+ * Security core module. However, the passwords will need to be migrated to include any
+ * salt with the password since this API provides Salt internally vs making it the
  * responsibility of the user. To migrate passwords from the SaltSource use the following:
  *
  * <pre>
@@ -73,16 +73,19 @@ import java.util.Base64;
  * @deprecated Digest based password encoding is not considered secure. Instead use an
  * adaptive one way function like BCryptPasswordEncoder, Pbkdf2PasswordEncoder, or
  * SCryptPasswordEncoder. Even better use {@link DelegatingPasswordEncoder} which supports
- * password upgrades. There are no plans to remove this support. It is deprecated to indicate
- * that this is a legacy implementation and using it is considered insecure.
+ * password upgrades. There are no plans to remove this support. It is deprecated to
+ * indicate that this is a legacy implementation and using it is considered insecure.
  */
 @Deprecated
 public class Md4PasswordEncoder implements PasswordEncoder {
-	private static final String PREFIX = "{";
-	private static final String SUFFIX = "}";
-	private StringKeyGenerator saltGenerator = new Base64StringKeyGenerator();
-	private boolean encodeHashAsBase64;
 
+	private static final String PREFIX = "{";
+
+	private static final String SUFFIX = "}";
+
+	private StringKeyGenerator saltGenerator = new Base64StringKeyGenerator();
+
+	private boolean encodeHashAsBase64;
 
 	public void setEncodeHashAsBase64(boolean encodeHashAsBase64) {
 		this.encodeHashAsBase64 = encodeHashAsBase64;
@@ -91,7 +94,6 @@ public class Md4PasswordEncoder implements PasswordEncoder {
 	/**
 	 * Encodes the rawPass using a MessageDigest. If a salt is specified it will be merged
 	 * with the password before encoding.
-	 *
 	 * @param rawPassword The plain text password
 	 * @return Hex string of password digest (or base64 encoded string if
 	 * encodeHashAsBase64 is enabled.
@@ -128,7 +130,6 @@ public class Md4PasswordEncoder implements PasswordEncoder {
 	/**
 	 * Takes a previously encoded password and compares it with a rawpassword after mixing
 	 * in the salt and encoding that value
-	 *
 	 * @param rawPassword plain text password
 	 * @param encodedPassword previously encoded password
 	 * @return true or false
@@ -150,4 +151,5 @@ public class Md4PasswordEncoder implements PasswordEncoder {
 		}
 		return prefixEncodedPassword.substring(start, end + 1);
 	}
+
 }
diff --git a/crypto/src/main/java/org/springframework/security/crypto/password/MessageDigestPasswordEncoder.java b/crypto/src/main/java/org/springframework/security/crypto/password/MessageDigestPasswordEncoder.java
index 620bd6bf95..4f6a7f2af9 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/password/MessageDigestPasswordEncoder.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/password/MessageDigestPasswordEncoder.java
@@ -24,7 +24,8 @@ import java.security.MessageDigest;
 import java.util.Base64;
 
 /**
- * This {@link PasswordEncoder} is provided for legacy purposes only and is not considered secure.
+ * This {@link PasswordEncoder} is provided for legacy purposes only and is not considered
+ * secure.
  *
  * Encodes passwords using the passed in {@link MessageDigest}.
  *
@@ -76,14 +77,18 @@ import java.util.Base64;
  * @deprecated Digest based password encoding is not considered secure. Instead use an
  * adaptive one way function like BCryptPasswordEncoder, Pbkdf2PasswordEncoder, or
  * SCryptPasswordEncoder. Even better use {@link DelegatingPasswordEncoder} which supports
- * password upgrades. There are no plans to remove this support. It is deprecated to indicate
- * that this is a legacy implementation and using it is considered insecure.
+ * password upgrades. There are no plans to remove this support. It is deprecated to
+ * indicate that this is a legacy implementation and using it is considered insecure.
  */
 @Deprecated
 public class MessageDigestPasswordEncoder implements PasswordEncoder {
+
 	private static final String PREFIX = "{";
+
 	private static final String SUFFIX = "}";
+
 	private StringKeyGenerator saltGenerator = new Base64StringKeyGenerator();
+
 	private boolean encodeHashAsBase64;
 
 	private Digester digester;
@@ -92,7 +97,6 @@ public class MessageDigestPasswordEncoder implements PasswordEncoder {
 	 * The digest algorithm to use Supports the named
 	 * <a href="https://java.sun.com/j2se/1.4.2/docs/guide/security/CryptoSpec.html#AppA">
 	 * Message Digest Algorithms</a> in the Java environment.
-	 *
 	 * @param algorithm
 	 */
 	public MessageDigestPasswordEncoder(String algorithm) {
@@ -106,7 +110,6 @@ public class MessageDigestPasswordEncoder implements PasswordEncoder {
 	/**
 	 * Encodes the rawPass using a MessageDigest. If a salt is specified it will be merged
 	 * with the password before encoding.
-	 *
 	 * @param rawPassword The plain text password
 	 * @return Hex string of password digest (or base64 encoded string if
 	 * encodeHashAsBase64 is enabled.
@@ -136,7 +139,6 @@ public class MessageDigestPasswordEncoder implements PasswordEncoder {
 	/**
 	 * Takes a previously encoded password and compares it with a rawpassword after mixing
 	 * in the salt and encoding that value
-	 *
 	 * @param rawPassword plain text password
 	 * @param encodedPassword previously encoded password
 	 * @return true or false
@@ -152,7 +154,6 @@ public class MessageDigestPasswordEncoder implements PasswordEncoder {
 	 * "stretched". If this is greater than one, the initial digest is calculated, the
 	 * digest function will be called repeatedly on the result for the additional number
 	 * of iterations.
-	 *
 	 * @param iterations the number of iterations which will be executed on the hashed
 	 * password/salt value. Defaults to 1.
 	 */
@@ -171,4 +172,5 @@ public class MessageDigestPasswordEncoder implements PasswordEncoder {
 		}
 		return prefixEncodedPassword.substring(start, end + 1);
 	}
+
 }
diff --git a/crypto/src/main/java/org/springframework/security/crypto/password/NoOpPasswordEncoder.java b/crypto/src/main/java/org/springframework/security/crypto/password/NoOpPasswordEncoder.java
index 3c28e16741..caffbb3a9d 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/password/NoOpPasswordEncoder.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/password/NoOpPasswordEncoder.java
@@ -23,11 +23,11 @@ package org.springframework.security.crypto.password;
  * passwords may be preferred.
  *
  * @author Keith Donald
- * @deprecated This PasswordEncoder is not secure. Instead use an
- * adaptive one way function like BCryptPasswordEncoder, Pbkdf2PasswordEncoder, or
- * SCryptPasswordEncoder. Even better use {@link DelegatingPasswordEncoder} which supports
- * password upgrades. There are no plans to remove this support. It is deprecated to indicate that
- * this is a legacy implementation and using it is considered insecure.
+ * @deprecated This PasswordEncoder is not secure. Instead use an adaptive one way
+ * function like BCryptPasswordEncoder, Pbkdf2PasswordEncoder, or SCryptPasswordEncoder.
+ * Even better use {@link DelegatingPasswordEncoder} which supports password upgrades.
+ * There are no plans to remove this support. It is deprecated to indicate that this is a
+ * legacy implementation and using it is considered insecure.
  */
 @Deprecated
 public final class NoOpPasswordEncoder implements PasswordEncoder {
diff --git a/crypto/src/main/java/org/springframework/security/crypto/password/PasswordEncoder.java b/crypto/src/main/java/org/springframework/security/crypto/password/PasswordEncoder.java
index 251acd0251..79fcf50ad4 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/password/PasswordEncoder.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/password/PasswordEncoder.java
@@ -34,7 +34,6 @@ public interface PasswordEncoder {
 	 * Verify the encoded password obtained from storage matches the submitted raw
 	 * password after it too is encoded. Returns true if the passwords match, false if
 	 * they do not. The stored password itself is never decoded.
-	 *
 	 * @param rawPassword the raw password to encode and match
 	 * @param encodedPassword the encoded password from storage to compare with
 	 * @return true if the raw password, after encoding, matches the encoded password from
@@ -52,4 +51,5 @@ public interface PasswordEncoder {
 	default boolean upgradeEncoding(String encodedPassword) {
 		return false;
 	}
+
 }
diff --git a/crypto/src/main/java/org/springframework/security/crypto/password/PasswordEncoderUtils.java b/crypto/src/main/java/org/springframework/security/crypto/password/PasswordEncoderUtils.java
index 6bf5b937ae..f808a0911e 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/password/PasswordEncoderUtils.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/password/PasswordEncoderUtils.java
@@ -44,9 +44,11 @@ class PasswordEncoderUtils {
 			return null;
 		}
 
-		return Utf8.encode(s); // need to check if Utf8.encode() runs in constant time (probably not). This may leak length of string.
+		return Utf8.encode(s); // need to check if Utf8.encode() runs in constant time
+								// (probably not). This may leak length of string.
 	}
 
 	private PasswordEncoderUtils() {
 	}
+
 }
diff --git a/crypto/src/main/java/org/springframework/security/crypto/password/Pbkdf2PasswordEncoder.java b/crypto/src/main/java/org/springframework/security/crypto/password/Pbkdf2PasswordEncoder.java
index 3fa38e6774..53e56a1de8 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/password/Pbkdf2PasswordEncoder.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/password/Pbkdf2PasswordEncoder.java
@@ -46,21 +46,27 @@ import static org.springframework.security.crypto.util.EncodingUtils.subArray;
 public class Pbkdf2PasswordEncoder implements PasswordEncoder {
 
 	private static final int DEFAULT_HASH_WIDTH = 256;
+
 	private static final int DEFAULT_ITERATIONS = 185000;
 
 	private final BytesKeyGenerator saltGenerator = KeyGenerators.secureRandom();
 
 	private final byte[] secret;
+
 	private final int hashWidth;
+
 	private final int iterations;
+
 	private String algorithm = SecretKeyFactoryAlgorithm.PBKDF2WithHmacSHA1.name();
+
 	private boolean encodeHashAsBase64;
 
 	/**
 	 * Constructs a PBKDF2 password encoder with no additional secret value. There will be
-	 * {@value DEFAULT_ITERATIONS} iterations and a hash width of {@value DEFAULT_HASH_WIDTH}. The default is based upon aiming for .5
-	 * seconds to validate the password when this class was added.. Users should tune
-	 * password verification to their own systems.
+	 * {@value DEFAULT_ITERATIONS} iterations and a hash width of
+	 * {@value DEFAULT_HASH_WIDTH}. The default is based upon aiming for .5 seconds to
+	 * validate the password when this class was added.. Users should tune password
+	 * verification to their own systems.
 	 */
 	public Pbkdf2PasswordEncoder() {
 		this("");
@@ -68,8 +74,8 @@ public class Pbkdf2PasswordEncoder implements PasswordEncoder {
 
 	/**
 	 * Constructs a standard password encoder with a secret value which is also included
-	 * in the password hash. There will be {@value DEFAULT_ITERATIONS} iterations and a hash width of {@value DEFAULT_HASH_WIDTH}.
-	 *
+	 * in the password hash. There will be {@value DEFAULT_ITERATIONS} iterations and a
+	 * hash width of {@value DEFAULT_HASH_WIDTH}.
 	 * @param secret the secret key used in the encoding process (should not be shared)
 	 */
 	public Pbkdf2PasswordEncoder(CharSequence secret) {
@@ -79,7 +85,6 @@ public class Pbkdf2PasswordEncoder implements PasswordEncoder {
 	/**
 	 * Constructs a standard password encoder with a secret value as well as iterations
 	 * and hash.
-	 *
 	 * @param secret the secret
 	 * @param iterations the number of iterations. Users should aim for taking about .5
 	 * seconds on their own system.
@@ -92,8 +97,9 @@ public class Pbkdf2PasswordEncoder implements PasswordEncoder {
 	}
 
 	/**
-	 * Sets the algorithm to use. See
-	 * <a href="https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#SecretKeyFactory">SecretKeyFactory Algorithms</a>
+	 * Sets the algorithm to use. See <a href=
+	 * "https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#SecretKeyFactory">SecretKeyFactory
+	 * Algorithms</a>
 	 * @param secretKeyFactoryAlgorithm the algorithm to use (i.e.
 	 * {@code SecretKeyFactoryAlgorithm.PBKDF2WithHmacSHA1},
 	 * {@code SecretKeyFactoryAlgorithm.PBKDF2WithHmacSHA256},
@@ -154,8 +160,8 @@ public class Pbkdf2PasswordEncoder implements PasswordEncoder {
 
 	private byte[] encode(CharSequence rawPassword, byte[] salt) {
 		try {
-			PBEKeySpec spec = new PBEKeySpec(rawPassword.toString().toCharArray(),
-					concatenate(salt, this.secret), this.iterations, this.hashWidth);
+			PBEKeySpec spec = new PBEKeySpec(rawPassword.toString().toCharArray(), concatenate(salt, this.secret),
+					this.iterations, this.hashWidth);
 			SecretKeyFactory skf = SecretKeyFactory.getInstance(this.algorithm);
 			return concatenate(salt, skf.generateSecret(spec).getEncoded());
 		}
@@ -170,8 +176,9 @@ public class Pbkdf2PasswordEncoder implements PasswordEncoder {
 	 * @since 5.0
 	 */
 	public enum SecretKeyFactoryAlgorithm {
-		PBKDF2WithHmacSHA1,
-		PBKDF2WithHmacSHA256,
-		PBKDF2WithHmacSHA512
+
+		PBKDF2WithHmacSHA1, PBKDF2WithHmacSHA256, PBKDF2WithHmacSHA512
+
 	}
+
 }
diff --git a/crypto/src/main/java/org/springframework/security/crypto/password/StandardPasswordEncoder.java b/crypto/src/main/java/org/springframework/security/crypto/password/StandardPasswordEncoder.java
index c07fb5bf9f..7f64d2e225 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/password/StandardPasswordEncoder.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/password/StandardPasswordEncoder.java
@@ -45,8 +45,8 @@ import java.security.MessageDigest;
  * @deprecated Digest based password encoding is not considered secure. Instead use an
  * adaptive one way function like BCryptPasswordEncoder, Pbkdf2PasswordEncoder, or
  * SCryptPasswordEncoder. Even better use {@link DelegatingPasswordEncoder} which supports
- * password upgrades. There are no plans to remove this support. It is deprecated to indicate
- * that this is a legacy implementation and using it is considered insecure.
+ * password upgrades. There are no plans to remove this support. It is deprecated to
+ * indicate that this is a legacy implementation and using it is considered insecure.
  */
 @Deprecated
 public final class StandardPasswordEncoder implements PasswordEncoder {
@@ -67,7 +67,6 @@ public final class StandardPasswordEncoder implements PasswordEncoder {
 	/**
 	 * Constructs a standard password encoder with a secret value which is also included
 	 * in the password hash.
-	 *
 	 * @param secret the secret key used in the encoding process (should not be shared)
 	 */
 	public StandardPasswordEncoder(CharSequence secret) {
@@ -98,8 +97,7 @@ public final class StandardPasswordEncoder implements PasswordEncoder {
 	}
 
 	private byte[] digest(CharSequence rawPassword, byte[] salt) {
-		byte[] digest = digester.digest(concatenate(salt, secret,
-				Utf8.encode(rawPassword)));
+		byte[] digest = digester.digest(concatenate(salt, secret, Utf8.encode(rawPassword)));
 		return concatenate(salt, digest);
 	}
 
diff --git a/crypto/src/main/java/org/springframework/security/crypto/scrypt/SCryptPasswordEncoder.java b/crypto/src/main/java/org/springframework/security/crypto/scrypt/SCryptPasswordEncoder.java
index 189c0ab266..a7fcec4057 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/scrypt/SCryptPasswordEncoder.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/scrypt/SCryptPasswordEncoder.java
@@ -28,9 +28,9 @@ import org.springframework.security.crypto.password.PasswordEncoder;
 
 /**
  * <p>
- * Implementation of PasswordEncoder that uses the SCrypt hashing function.
- * Clients can optionally supply a cpu cost parameter, a memory cost parameter
- * and a parallelization parameter.
+ * Implementation of PasswordEncoder that uses the SCrypt hashing function. Clients can
+ * optionally supply a cpu cost parameter, a memory cost parameter and a parallelization
+ * parameter.
  * </p>
  *
  * <p>
@@ -41,13 +41,13 @@ import org.springframework.security.crypto.password.PasswordEncoder;
  *
  * <ul>
  * <li>The currently implementation uses Bouncy castle which does not exploit
- * parallelism/optimizations that password crackers will, so there is an
- * unnecessary asymmetry between attacker and defender.</li>
- * <li>Scrypt is based on Salsa20 which performs poorly in Java (on par with
- * AES) but performs awesome (~4-5x faster) on SIMD capable platforms</li>
+ * parallelism/optimizations that password crackers will, so there is an unnecessary
+ * asymmetry between attacker and defender.</li>
+ * <li>Scrypt is based on Salsa20 which performs poorly in Java (on par with AES) but
+ * performs awesome (~4-5x faster) on SIMD capable platforms</li>
  * <li>While there are some that would disagree, consider reading -
- * <a href="https://blog.ircmaxell.com/2014/03/why-i-dont-recommend-scrypt.html">
- * Why I Don't Recommend Scrypt</a> (for password storage)</li>
+ * <a href="https://blog.ircmaxell.com/2014/03/why-i-dont-recommend-scrypt.html"> Why I
+ * Don't Recommend Scrypt</a> (for password storage)</li>
  * </ul>
  *
  * @author Shazin Sadakath
@@ -74,25 +74,17 @@ public class SCryptPasswordEncoder implements PasswordEncoder {
 
 	/**
 	 * Creates a new instance
-	 *
-	 * @param cpuCost
-	 *            cpu cost of the algorithm (as defined in scrypt this is N).
-	 *            must be power of 2 greater than 1. Default is currently 16,384
-	 *            or 2^14)
-	 * @param memoryCost
-	 *            memory cost of the algorithm (as defined in scrypt this is r)
-	 *            Default is currently 8.
-	 * @param parallelization
-	 *            the parallelization of the algorithm (as defined in scrypt
-	 *            this is p) Default is currently 1. Note that the
-	 *            implementation does not currently take advantage of
-	 *            parallelization.
-	 * @param keyLength
-	 *            key length for the algorithm (as defined in scrypt this is
-	 *            dkLen). The default is currently 32.
-	 * @param saltLength
-	 *            salt length (as defined in scrypt this is the length of S).
-	 *            The default is currently 64.
+	 * @param cpuCost cpu cost of the algorithm (as defined in scrypt this is N). must be
+	 * power of 2 greater than 1. Default is currently 16,384 or 2^14)
+	 * @param memoryCost memory cost of the algorithm (as defined in scrypt this is r)
+	 * Default is currently 8.
+	 * @param parallelization the parallelization of the algorithm (as defined in scrypt
+	 * this is p) Default is currently 1. Note that the implementation does not currently
+	 * take advantage of parallelization.
+	 * @param keyLength key length for the algorithm (as defined in scrypt this is dkLen).
+	 * The default is currently 32.
+	 * @param saltLength salt length (as defined in scrypt this is the length of S). The
+	 * default is currently 64.
 	 */
 	public SCryptPasswordEncoder(int cpuCost, int memoryCost, int parallelization, int keyLength, int saltLength) {
 		if (cpuCost <= 1) {
@@ -153,9 +145,7 @@ public class SCryptPasswordEncoder implements PasswordEncoder {
 		int memoryCost = (int) params >> 8 & 0xff;
 		int parallelization = (int) params & 0xff;
 
-		return cpuCost < this.cpuCost
-				|| memoryCost < this.memoryCost
-				|| parallelization < this.parallelization;
+		return cpuCost < this.cpuCost || memoryCost < this.memoryCost || parallelization < this.parallelization;
 	}
 
 	private boolean decodeAndCheckMatches(CharSequence rawPassword, String encodedPassword) {
@@ -180,7 +170,8 @@ public class SCryptPasswordEncoder implements PasswordEncoder {
 	}
 
 	private String digest(CharSequence rawPassword, byte[] salt) {
-		byte[] derived = SCrypt.generate(Utf8.encode(rawPassword), salt, cpuCost, memoryCost, parallelization, keyLength);
+		byte[] derived = SCrypt.generate(Utf8.encode(rawPassword), salt, cpuCost, memoryCost, parallelization,
+				keyLength);
 
 		String params = Long
 				.toString(((int) (Math.log(cpuCost) / Math.log(2)) << 16L) | memoryCost << 8 | parallelization, 16);
@@ -200,4 +191,5 @@ public class SCryptPasswordEncoder implements PasswordEncoder {
 	private String encodePart(byte[] part) {
 		return Utf8.decode(Base64.getEncoder().encode(part));
 	}
+
 }
diff --git a/crypto/src/test/java/org/springframework/security/crypto/argon2/Argon2EncodingUtilsTests.java b/crypto/src/test/java/org/springframework/security/crypto/argon2/Argon2EncodingUtilsTests.java
index 660bd5347f..86e5bd9d53 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/argon2/Argon2EncodingUtilsTests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/argon2/Argon2EncodingUtilsTests.java
@@ -31,18 +31,16 @@ public class Argon2EncodingUtilsTests {
 	private TestDataEntry testDataEntry1 = new TestDataEntry(
 			"$argon2i$v=19$m=1024,t=3,p=2$Y1JkRmJDdzIzZ3oyTWx4aw$cGE5Cbd/cx7micVhXVBdH5qTr66JI1iUyuNNVAnErXs",
 			new Argon2EncodingUtils.Argon2Hash(decoder.decode("cGE5Cbd/cx7micVhXVBdH5qTr66JI1iUyuNNVAnErXs"),
-					(new Argon2Parameters.Builder(Argon2Parameters.ARGON2_i)).
-							withVersion(19).withMemoryAsKB(1024).withIterations(3).withParallelism(2).
-							withSalt("cRdFbCw23gz2Mlxk".getBytes()).build()
-			));
+					(new Argon2Parameters.Builder(Argon2Parameters.ARGON2_i)).withVersion(19).withMemoryAsKB(1024)
+							.withIterations(3).withParallelism(2).withSalt("cRdFbCw23gz2Mlxk".getBytes()).build()));
 
 	private TestDataEntry testDataEntry2 = new TestDataEntry(
 			"$argon2id$v=19$m=333,t=5,p=2$JDR8N3k1QWx0$+PrEoHOHsWkU9lnsxqnOFrWTVEuOh7ZRIUIbe2yUG8FgTYNCWJfHQI09JAAFKzr2JAvoejEpTMghUt0WsntQYA",
-			new Argon2EncodingUtils.Argon2Hash(decoder.decode("+PrEoHOHsWkU9lnsxqnOFrWTVEuOh7ZRIUIbe2yUG8FgTYNCWJfHQI09JAAFKzr2JAvoejEpTMghUt0WsntQYA"),
-					(new Argon2Parameters.Builder(Argon2Parameters.ARGON2_id)).
-							withVersion(19).withMemoryAsKB(333).withIterations(5).withParallelism(2).
-							withSalt("$4|7y5Alt".getBytes()).build()
-			));
+			new Argon2EncodingUtils.Argon2Hash(
+					decoder.decode(
+							"+PrEoHOHsWkU9lnsxqnOFrWTVEuOh7ZRIUIbe2yUG8FgTYNCWJfHQI09JAAFKzr2JAvoejEpTMghUt0WsntQYA"),
+					(new Argon2Parameters.Builder(Argon2Parameters.ARGON2_id)).withVersion(19).withMemoryAsKB(333)
+							.withIterations(5).withParallelism(2).withSalt("$4|7y5Alt".getBytes()).build()));
 
 	@Test
 	public void decodeWhenValidEncodedHashWithIThenDecodeCorrectly() {
@@ -56,22 +54,20 @@ public class Argon2EncodingUtilsTests {
 
 	@Test
 	public void encodeWhenValidArgumentsWithIThenEncodeToCorrectHash() {
-		assertThat(Argon2EncodingUtils
-				.encode(testDataEntry1.decoded.getHash(), testDataEntry1.decoded.getParameters()))
+		assertThat(Argon2EncodingUtils.encode(testDataEntry1.decoded.getHash(), testDataEntry1.decoded.getParameters()))
 				.isEqualTo(testDataEntry1.encoded);
 	}
 
 	@Test
 	public void encodeWhenValidArgumentsWithID2ThenEncodeToCorrectHash() {
-		assertThat(Argon2EncodingUtils
-				.encode(testDataEntry2.decoded.getHash(), testDataEntry2.decoded.getParameters()))
+		assertThat(Argon2EncodingUtils.encode(testDataEntry2.decoded.getHash(), testDataEntry2.decoded.getParameters()))
 				.isEqualTo(testDataEntry2.encoded);
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void encodeWhenNonexistingAlgorithmThenThrowException() {
-		Argon2EncodingUtils.encode(new byte[]{0, 1, 2, 3}, (new Argon2Parameters.Builder(3)).
-				withVersion(19).withMemoryAsKB(333).withIterations(5).withParallelism(2).build());
+		Argon2EncodingUtils.encode(new byte[] { 0, 1, 2, 3 }, (new Argon2Parameters.Builder(3)).withVersion(19)
+				.withMemoryAsKB(333).withIterations(5).withParallelism(2).build());
 	}
 
 	@Test(expected = IllegalArgumentException.class)
@@ -81,70 +77,80 @@ public class Argon2EncodingUtilsTests {
 
 	@Test(expected = IllegalArgumentException.class)
 	public void decodeWhenNonexistingAlgorithmThenThrowException() {
-		Argon2EncodingUtils.decode("$argon2x$v=19$m=1024,t=3,p=2$Y1JkRmJDdzIzZ3oyTWx4aw$cGE5Cbd/cx7micVhXVBdH5qTr66JI1iUyuNNVAnErXs");
+		Argon2EncodingUtils.decode(
+				"$argon2x$v=19$m=1024,t=3,p=2$Y1JkRmJDdzIzZ3oyTWx4aw$cGE5Cbd/cx7micVhXVBdH5qTr66JI1iUyuNNVAnErXs");
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void decodeWhenIllegalVersionParameterThenThrowException() {
-		Argon2EncodingUtils.decode("$argon2i$v=x$m=1024,t=3,p=2$Y1JkRmJDdzIzZ3oyTWx4aw$cGE5Cbd/cx7micVhXVBdH5qTr66JI1iUyuNNVAnErXs");
+		Argon2EncodingUtils.decode(
+				"$argon2i$v=x$m=1024,t=3,p=2$Y1JkRmJDdzIzZ3oyTWx4aw$cGE5Cbd/cx7micVhXVBdH5qTr66JI1iUyuNNVAnErXs");
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void decodeWhenIllegalMemoryParameterThenThrowException() {
-		Argon2EncodingUtils.decode("$argon2i$v=19$m=x,t=3,p=2$Y1JkRmJDdzIzZ3oyTWx4aw$cGE5Cbd/cx7micVhXVBdH5qTr66JI1iUyuNNVAnErXs");
+		Argon2EncodingUtils
+				.decode("$argon2i$v=19$m=x,t=3,p=2$Y1JkRmJDdzIzZ3oyTWx4aw$cGE5Cbd/cx7micVhXVBdH5qTr66JI1iUyuNNVAnErXs");
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void decodeWhenIllegalIterationsParameterThenThrowException() {
-		Argon2EncodingUtils.decode("$argon2i$v=19$m=1024,t=x,p=2$Y1JkRmJDdzIzZ3oyTWx4aw$cGE5Cbd/cx7micVhXVBdH5qTr66JI1iUyuNNVAnErXs");
+		Argon2EncodingUtils.decode(
+				"$argon2i$v=19$m=1024,t=x,p=2$Y1JkRmJDdzIzZ3oyTWx4aw$cGE5Cbd/cx7micVhXVBdH5qTr66JI1iUyuNNVAnErXs");
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void decodeWhenIllegalParallelityParameterThenThrowException() {
-		Argon2EncodingUtils.decode("$argon2i$v=19$m=1024,t=3,p=x$Y1JkRmJDdzIzZ3oyTWx4aw$cGE5Cbd/cx7micVhXVBdH5qTr66JI1iUyuNNVAnErXs");
+		Argon2EncodingUtils.decode(
+				"$argon2i$v=19$m=1024,t=3,p=x$Y1JkRmJDdzIzZ3oyTWx4aw$cGE5Cbd/cx7micVhXVBdH5qTr66JI1iUyuNNVAnErXs");
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void decodeWhenMissingVersionParameterThenThrowException() {
-		Argon2EncodingUtils.decode("$argon2i$m=1024,t=3,p=x$Y1JkRmJDdzIzZ3oyTWx4aw$cGE5Cbd/cx7micVhXVBdH5qTr66JI1iUyuNNVAnErXs");
+		Argon2EncodingUtils
+				.decode("$argon2i$m=1024,t=3,p=x$Y1JkRmJDdzIzZ3oyTWx4aw$cGE5Cbd/cx7micVhXVBdH5qTr66JI1iUyuNNVAnErXs");
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void decodeWhenMissingMemoryParameterThenThrowException() {
-		Argon2EncodingUtils.decode("$argon2i$v=19$t=3,p=2$Y1JkRmJDdzIzZ3oyTWx4aw$cGE5Cbd/cx7micVhXVBdH5qTr66JI1iUyuNNVAnErXs");
+		Argon2EncodingUtils
+				.decode("$argon2i$v=19$t=3,p=2$Y1JkRmJDdzIzZ3oyTWx4aw$cGE5Cbd/cx7micVhXVBdH5qTr66JI1iUyuNNVAnErXs");
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void decodeWhenMissingIterationsParameterThenThrowException() {
-		Argon2EncodingUtils.decode("$argon2i$v=19$m=1024,p=2$Y1JkRmJDdzIzZ3oyTWx4aw$cGE5Cbd/cx7micVhXVBdH5qTr66JI1iUyuNNVAnErXs");
+		Argon2EncodingUtils
+				.decode("$argon2i$v=19$m=1024,p=2$Y1JkRmJDdzIzZ3oyTWx4aw$cGE5Cbd/cx7micVhXVBdH5qTr66JI1iUyuNNVAnErXs");
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void decodeWhenMissingParallelityParameterThenThrowException() {
-		Argon2EncodingUtils.decode("$argon2i$v=19$m=1024,t=3$Y1JkRmJDdzIzZ3oyTWx4aw$cGE5Cbd/cx7micVhXVBdH5qTr66JI1iUyuNNVAnErXs");
+		Argon2EncodingUtils
+				.decode("$argon2i$v=19$m=1024,t=3$Y1JkRmJDdzIzZ3oyTWx4aw$cGE5Cbd/cx7micVhXVBdH5qTr66JI1iUyuNNVAnErXs");
 	}
 
-	private void assertArgon2HashEquals(Argon2EncodingUtils.Argon2Hash expected, Argon2EncodingUtils.Argon2Hash actual) {
+	private void assertArgon2HashEquals(Argon2EncodingUtils.Argon2Hash expected,
+			Argon2EncodingUtils.Argon2Hash actual) {
 		assertThat(actual.getHash()).isEqualTo(expected.getHash());
 		assertThat(actual.getParameters().getSalt()).isEqualTo(expected.getParameters().getSalt());
 		assertThat(actual.getParameters().getType()).isEqualTo(expected.getParameters().getType());
-		assertThat(actual.getParameters().getVersion())
-				.isEqualTo(expected.getParameters().getVersion());
-		assertThat(actual.getParameters().getMemory())
-				.isEqualTo(expected.getParameters().getMemory());
-		assertThat(actual.getParameters().getIterations())
-				.isEqualTo(expected.getParameters().getIterations());
-		assertThat(actual.getParameters().getLanes())
-				.isEqualTo(expected.getParameters().getLanes());
+		assertThat(actual.getParameters().getVersion()).isEqualTo(expected.getParameters().getVersion());
+		assertThat(actual.getParameters().getMemory()).isEqualTo(expected.getParameters().getMemory());
+		assertThat(actual.getParameters().getIterations()).isEqualTo(expected.getParameters().getIterations());
+		assertThat(actual.getParameters().getLanes()).isEqualTo(expected.getParameters().getLanes());
 	}
 
 	private static class TestDataEntry {
+
 		String encoded;
+
 		Argon2EncodingUtils.Argon2Hash decoded;
 
 		TestDataEntry(String encoded, Argon2EncodingUtils.Argon2Hash decoded) {
 			this.encoded = encoded;
 			this.decoded = decoded;
 		}
+
 	}
+
 }
diff --git a/crypto/src/test/java/org/springframework/security/crypto/argon2/Argon2PasswordEncoderTests.java b/crypto/src/test/java/org/springframework/security/crypto/argon2/Argon2PasswordEncoderTests.java
index 229b43227f..5de065357d 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/argon2/Argon2PasswordEncoderTests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/argon2/Argon2PasswordEncoderTests.java
@@ -198,17 +198,18 @@ public class Argon2PasswordEncoderTests {
 		encoder.upgradeEncoding("thisIsNoValidHash");
 	}
 
-
 	private void injectPredictableSaltGen() throws Exception {
 		byte[] bytes = new byte[16];
 		Arrays.fill(bytes, (byte) 0x41);
 		Mockito.when(keyGeneratorMock.generateKey()).thenReturn(bytes);
 
-		//we can't use the @InjectMock-annotation because the salt-generator is set in the constructor
-		//and Mockito will only inject mocks if they are null
+		// we can't use the @InjectMock-annotation because the salt-generator is set in
+		// the constructor
+		// and Mockito will only inject mocks if they are null
 		Field saltGen = encoder.getClass().getDeclaredField("saltGenerator");
 		saltGen.setAccessible(true);
 		saltGen.set(encoder, keyGeneratorMock);
 		saltGen.setAccessible(false);
 	}
+
 }
diff --git a/crypto/src/test/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoderTests.java b/crypto/src/test/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoderTests.java
index 1ae357f019..01eeebcb0a 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoderTests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoderTests.java
@@ -79,8 +79,7 @@ public class BCryptPasswordEncoderTests {
 
 	@Test
 	public void $2bUnicode() {
-		BCryptPasswordEncoder encoder =
-				new BCryptPasswordEncoder(BCryptPasswordEncoder.BCryptVersion.$2B);
+		BCryptPasswordEncoder encoder = new BCryptPasswordEncoder(BCryptPasswordEncoder.BCryptVersion.$2B);
 		String result = encoder.encode("passw\u9292rd");
 		assertThat(encoder.matches("pass\u9292\u9292rd", result)).isFalse();
 		assertThat(encoder.matches("passw\u9292rd", result)).isTrue();
@@ -96,16 +95,14 @@ public class BCryptPasswordEncoderTests {
 
 	@Test
 	public void $2aNotMatches() {
-		BCryptPasswordEncoder encoder =
-				new BCryptPasswordEncoder(BCryptPasswordEncoder.BCryptVersion.$2A);
+		BCryptPasswordEncoder encoder = new BCryptPasswordEncoder(BCryptPasswordEncoder.BCryptVersion.$2A);
 		String result = encoder.encode("password");
 		assertThat(encoder.matches("bogus", result)).isFalse();
 	}
 
 	@Test
 	public void $2bNotMatches() {
-		BCryptPasswordEncoder encoder =
-				new BCryptPasswordEncoder(BCryptPasswordEncoder.BCryptVersion.$2B);
+		BCryptPasswordEncoder encoder = new BCryptPasswordEncoder(BCryptPasswordEncoder.BCryptVersion.$2B);
 		String result = encoder.encode("password");
 		assertThat(encoder.matches("bogus", result)).isFalse();
 	}
@@ -120,16 +117,14 @@ public class BCryptPasswordEncoderTests {
 
 	@Test
 	public void $2aCustomStrength() {
-		BCryptPasswordEncoder encoder =
-				new BCryptPasswordEncoder(BCryptPasswordEncoder.BCryptVersion.$2A, 8);
+		BCryptPasswordEncoder encoder = new BCryptPasswordEncoder(BCryptPasswordEncoder.BCryptVersion.$2A, 8);
 		String result = encoder.encode("password");
 		assertThat(encoder.matches("password", result)).isTrue();
 	}
 
 	@Test
 	public void $2bCustomStrength() {
-		BCryptPasswordEncoder encoder =
-				new BCryptPasswordEncoder(BCryptPasswordEncoder.BCryptVersion.$2B, 8);
+		BCryptPasswordEncoder encoder = new BCryptPasswordEncoder(BCryptPasswordEncoder.BCryptVersion.$2B, 8);
 		String result = encoder.encode("password");
 		assertThat(encoder.matches("password", result)).isTrue();
 	}
@@ -182,7 +177,8 @@ public class BCryptPasswordEncoderTests {
 	}
 
 	/**
-	 * @see <a href="https://github.com/spring-projects/spring-security/pull/7042#issuecomment-506755496">https://github.com/spring-projects/spring-security/pull/7042#issuecomment-506755496</>
+	 * @see <a href=
+	 * "https://github.com/spring-projects/spring-security/pull/7042#issuecomment-506755496">https://github.com/spring-projects/spring-security/pull/7042#issuecomment-506755496</>
 	 */
 	@Test
 	public void upgradeFromNullOrEmpty() {
@@ -192,7 +188,8 @@ public class BCryptPasswordEncoderTests {
 	}
 
 	/**
-	 * @see <a href="https://github.com/spring-projects/spring-security/pull/7042#issuecomment-506755496">https://github.com/spring-projects/spring-security/pull/7042#issuecomment-506755496</>
+	 * @see <a href=
+	 * "https://github.com/spring-projects/spring-security/pull/7042#issuecomment-506755496">https://github.com/spring-projects/spring-security/pull/7042#issuecomment-506755496</>
 	 */
 	@Test(expected = IllegalArgumentException.class)
 	public void upgradeFromNonBCrypt() {
diff --git a/crypto/src/test/java/org/springframework/security/crypto/bcrypt/BCryptTests.java b/crypto/src/test/java/org/springframework/security/crypto/bcrypt/BCryptTests.java
index 743a85fa8b..437f03330d 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/bcrypt/BCryptTests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/bcrypt/BCryptTests.java
@@ -25,13 +25,17 @@ import static org.assertj.core.api.Assertions.assertThat;
 
 /**
  * JUnit unit tests for BCrypt routines
+ *
  * @author Damien Miller
  */
 public class BCryptTests {
 
 	private static class TestObject<T> {
+
 		private final T password;
+
 		private final String salt;
+
 		private final String expected;
 
 		private TestObject(T password, String salt, String expected) {
@@ -39,6 +43,7 @@ public class BCryptTests {
 			this.salt = salt;
 			this.expected = expected;
 		}
+
 	}
 
 	private static void print(String s) {
@@ -138,21 +143,21 @@ public class BCryptTests {
 				"$2y$06$6Xm0gCw4g7ZNDCEp4yTisez0kSdpXEl66MvdxGidnmChIe8dFmMnq"));
 
 		testObjectsByteArray = new ArrayList<>();
-		testObjectsByteArray.add(new TestObject<>(new byte[] { }, "$2a$06$fPIsBO8qRqkjj273rfaOI.",
+		testObjectsByteArray.add(new TestObject<>(new byte[] {}, "$2a$06$fPIsBO8qRqkjj273rfaOI.",
 				"$2a$06$fPIsBO8qRqkjj273rfaOI.uiVGfgi6Z1Iz.vZr11mi/38o09TUVCy"));
-		testObjectsByteArray.add(new TestObject<>(new byte[] { }, "$2a$08$Eq2r4G/76Wv39MzSX262hu",
+		testObjectsByteArray.add(new TestObject<>(new byte[] {}, "$2a$08$Eq2r4G/76Wv39MzSX262hu",
 				"$2a$08$Eq2r4G/76Wv39MzSX262hu2lrqIItOWKIkPsMMvm5LAFD.iVB7Nmm"));
-		testObjectsByteArray.add(new TestObject<>(new byte[] { }, "$2a$10$LgfYWkbzEvQ4JakH7rOvHe",
+		testObjectsByteArray.add(new TestObject<>(new byte[] {}, "$2a$10$LgfYWkbzEvQ4JakH7rOvHe",
 				"$2a$10$LgfYWkbzEvQ4JakH7rOvHeU6pINYiHnazYxe4GikGWx9MaUr27Vpa"));
-		testObjectsByteArray.add(new TestObject<>(new byte[] { }, "$2a$12$WApznUOJfkEGSmYRfnkrPO",
+		testObjectsByteArray.add(new TestObject<>(new byte[] {}, "$2a$12$WApznUOJfkEGSmYRfnkrPO",
 				"$2a$12$WApznUOJfkEGSmYRfnkrPONS3wcUvmKuh3LpjxSs6g78T77gZta3W"));
-		testObjectsByteArray.add(new TestObject<>(new byte[] { }, "$2b$06$FGWA8OlY6RtQhXBXuCJ8Wu",
+		testObjectsByteArray.add(new TestObject<>(new byte[] {}, "$2b$06$FGWA8OlY6RtQhXBXuCJ8Wu",
 				"$2b$06$FGWA8OlY6RtQhXBXuCJ8Wu5oPJaT8BeCRmS273I6cpp5RwwjAWn7S"));
-		testObjectsByteArray.add(new TestObject<>(new byte[] { }, "$2b$06$G6aYU7UhUEUDJBdTgq3CRe",
+		testObjectsByteArray.add(new TestObject<>(new byte[] {}, "$2b$06$G6aYU7UhUEUDJBdTgq3CRe",
 				"$2b$06$G6aYU7UhUEUDJBdTgq3CRebzUYAyG8MCS3WdBk0CcPb9bfj1.3cSG"));
-		testObjectsByteArray.add(new TestObject<>(new byte[] { }, "$2y$06$sYDFHqOcXTjBgOsqC0WCKe",
+		testObjectsByteArray.add(new TestObject<>(new byte[] {}, "$2y$06$sYDFHqOcXTjBgOsqC0WCKe",
 				"$2y$06$sYDFHqOcXTjBgOsqC0WCKeOv88fqPKkuV1yGVh./TROmn1mL8gYh2"));
-		testObjectsByteArray.add(new TestObject<>(new byte[] { }, "$2y$06$6Xm0gCw4g7ZNDCEp4yTise",
+		testObjectsByteArray.add(new TestObject<>(new byte[] {}, "$2y$06$6Xm0gCw4g7ZNDCEp4yTise",
 				"$2y$06$6Xm0gCw4g7ZNDCEp4yTisecBqTHmLJBHxTNZa8w2hupJKsIhPWOgG"));
 		testObjectsByteArray.add(new TestObject<>(new byte[] { -11 }, "$2a$06$fPIsBO8qRqkjj273rfaOI.",
 				"$2a$06$fPIsBO8qRqkjj273rfaOI.AyMTPwvUEmZ2EdJM/p0S0eP3UQpBas."));
@@ -342,8 +347,7 @@ public class BCryptTests {
 		BCrypt.decode_base64("", 0);
 	}
 
-	private static String encode_base64(byte d[], int len)
-			throws IllegalArgumentException {
+	private static String encode_base64(byte d[], int len) throws IllegalArgumentException {
 		StringBuilder rs = new StringBuilder();
 		BCrypt.encode_base64(d, len, rs);
 		return rs.toString();
@@ -353,7 +357,7 @@ public class BCryptTests {
 	public void testBase64EncodeSimpleByteArrays() {
 		assertThat(encode_base64(new byte[] { 0 }, 1)).isEqualTo("..");
 		assertThat(encode_base64(new byte[] { 0, 0 }, 2)).isEqualTo("...");
-		assertThat(encode_base64(new byte[] { 0, 0 , 0 }, 3)).isEqualTo("....");
+		assertThat(encode_base64(new byte[] { 0, 0, 0 }, 3)).isEqualTo("....");
 	}
 
 	@Test
@@ -435,8 +439,8 @@ public class BCryptTests {
 
 	@Test
 	public void hashpwWorksWithOldRevision() {
-		assertThat(BCrypt.hashpw("password", "$2$05$......................")).isEqualTo(
-				"$2$05$......................bvpG2UfzdyW/S0ny/4YyEZrmczoJfVm");
+		assertThat(BCrypt.hashpw("password", "$2$05$......................"))
+				.isEqualTo("$2$05$......................bvpG2UfzdyW/S0ny/4YyEZrmczoJfVm");
 	}
 
 	@Test(expected = IllegalArgumentException.class)
@@ -454,4 +458,5 @@ public class BCryptTests {
 
 		assertThat(BCrypt.equalsNoEarlyReturn("test", "pass")).isFalse();
 	}
+
 }
diff --git a/crypto/src/test/java/org/springframework/security/crypto/codec/Base64Tests.java b/crypto/src/test/java/org/springframework/security/crypto/codec/Base64Tests.java
index 8da8ffe9b8..3a96a9b0b0 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/codec/Base64Tests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/codec/Base64Tests.java
@@ -29,15 +29,13 @@ public class Base64Tests {
 	public void isBase64ReturnsTrueForValidBase64() {
 		new Base64(); // unused
 
-		assertThat(Base64.isBase64(new byte[] { (byte) 'A', (byte) 'B', (byte) 'C',
-				(byte) 'D' })).isTrue();
+		assertThat(Base64.isBase64(new byte[] { (byte) 'A', (byte) 'B', (byte) 'C', (byte) 'D' })).isTrue();
 	}
 
 	@Test
 	public void isBase64ReturnsFalseForInvalidBase64() {
 		// Include invalid '`' character
-		assertThat(Base64.isBase64(new byte[] { (byte) 'A', (byte) 'B', (byte) 'C',
-				(byte) '`' })).isFalse();
+		assertThat(Base64.isBase64(new byte[] { (byte) 'A', (byte) 'B', (byte) 'C', (byte) '`' })).isFalse();
 	}
 
 	@Test(expected = NullPointerException.class)
@@ -49,4 +47,5 @@ public class Base64Tests {
 	public void isBase64RejectsInvalidLength() {
 		Base64.isBase64(new byte[] { (byte) 'A' });
 	}
+
 }
diff --git a/crypto/src/test/java/org/springframework/security/crypto/codec/HexTests.java b/crypto/src/test/java/org/springframework/security/crypto/codec/HexTests.java
index a85b69264a..ccfec27b5f 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/codec/HexTests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/codec/HexTests.java
@@ -33,8 +33,8 @@ public class HexTests {
 
 	@Test
 	public void encode() {
-		assertThat(Hex.encode(new byte[] { (byte) 'A', (byte) 'B', (byte) 'C',
-				(byte) 'D' })).isEqualTo(new char[] {'4', '1', '4', '2', '4', '3', '4', '4'});
+		assertThat(Hex.encode(new byte[] { (byte) 'A', (byte) 'B', (byte) 'C', (byte) 'D' }))
+				.isEqualTo(new char[] { '4', '1', '4', '2', '4', '3', '4', '4' });
 	}
 
 	@Test
@@ -44,8 +44,7 @@ public class HexTests {
 
 	@Test
 	public void decode() {
-		assertThat(Hex.decode("41424344")).isEqualTo(new byte[] { (byte) 'A', (byte) 'B', (byte) 'C',
-			(byte) 'D' });
+		assertThat(Hex.decode("41424344")).isEqualTo(new byte[] { (byte) 'A', (byte) 'B', (byte) 'C', (byte) 'D' });
 	}
 
 	@Test
diff --git a/crypto/src/test/java/org/springframework/security/crypto/codec/Utf8Tests.java b/crypto/src/test/java/org/springframework/security/crypto/codec/Utf8Tests.java
index a78107ad87..9e7ef12b52 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/codec/Utf8Tests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/codec/Utf8Tests.java
@@ -37,4 +37,5 @@ public class Utf8Tests {
 
 		assertThat(decoded).isEqualTo("6048b75ed560785c");
 	}
+
 }
diff --git a/crypto/src/test/java/org/springframework/security/crypto/encrypt/AesBytesEncryptorTests.java b/crypto/src/test/java/org/springframework/security/crypto/encrypt/AesBytesEncryptorTests.java
index ce95884e9d..44ed2570c9 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/encrypt/AesBytesEncryptorTests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/encrypt/AesBytesEncryptorTests.java
@@ -36,8 +36,11 @@ import static org.springframework.security.crypto.password.Pbkdf2PasswordEncoder
  * Tests for {@link AesBytesEncryptor}
  */
 public class AesBytesEncryptorTests {
+
 	private String secret = "value";
+
 	private String password = "password";
+
 	private String hexSalt = "deadbeef";
 
 	private BytesKeyGenerator generator;
@@ -86,8 +89,7 @@ public class AesBytesEncryptorTests {
 	@Test
 	public void roundtripWhenUsingSecretKeyThenEncryptsAndDecrypts() {
 		CryptoAssumptions.assumeGCMJCE();
-		PBEKeySpec keySpec = new PBEKeySpec(this.password.toCharArray(), Hex.decode(this.hexSalt),
-				1024, 256);
+		PBEKeySpec keySpec = new PBEKeySpec(this.password.toCharArray(), Hex.decode(this.hexSalt), 1024, 256);
 		SecretKey secretKey = newSecretKey(PBKDF2WithHmacSHA1.name(), keySpec);
 		AesBytesEncryptor encryptor = new AesBytesEncryptor(secretKey, this.generator, GCM);
 
diff --git a/crypto/src/test/java/org/springframework/security/crypto/encrypt/BouncyCastleAesBytesEncryptorEquivalencyTests.java b/crypto/src/test/java/org/springframework/security/crypto/encrypt/BouncyCastleAesBytesEncryptorEquivalencyTests.java
index d4c5c73e72..7df6f80c27 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/encrypt/BouncyCastleAesBytesEncryptorEquivalencyTests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/encrypt/BouncyCastleAesBytesEncryptorEquivalencyTests.java
@@ -30,15 +30,18 @@ import org.springframework.security.crypto.keygen.KeyGenerators;
 public class BouncyCastleAesBytesEncryptorEquivalencyTests {
 
 	private byte[] testData;
+
 	private String password;
+
 	private String salt;
+
 	private SecureRandom secureRandom = new SecureRandom();
 
 	@Before
 	public void setup() {
 		// generate random password, salt, and test data
 		password = UUID.randomUUID().toString();
-		/** insecure salt byte, recommend 64 or larger than 64*/
+		/** insecure salt byte, recommend 64 or larger than 64 */
 		byte[] saltBytes = new byte[16];
 		secureRandom.nextBytes(saltBytes);
 		salt = new String(Hex.encode(saltBytes));
@@ -49,8 +52,7 @@ public class BouncyCastleAesBytesEncryptorEquivalencyTests {
 		CryptoAssumptions.assumeCBCJCE();
 		BytesEncryptor bcEncryptor = new BouncyCastleAesCbcBytesEncryptor(password, salt,
 				new PredictableRandomBytesKeyGenerator(16));
-		BytesEncryptor jceEncryptor = new AesBytesEncryptor(password, salt,
-				new PredictableRandomBytesKeyGenerator(16));
+		BytesEncryptor jceEncryptor = new AesBytesEncryptor(password, salt, new PredictableRandomBytesKeyGenerator(16));
 		testEquivalence(bcEncryptor, jceEncryptor);
 	}
 
@@ -59,8 +61,7 @@ public class BouncyCastleAesBytesEncryptorEquivalencyTests {
 		CryptoAssumptions.assumeCBCJCE();
 		BytesEncryptor bcEncryptor = new BouncyCastleAesCbcBytesEncryptor(password, salt,
 				KeyGenerators.secureRandom(16));
-		BytesEncryptor jceEncryptor = new AesBytesEncryptor(password, salt,
-				KeyGenerators.secureRandom(16));
+		BytesEncryptor jceEncryptor = new AesBytesEncryptor(password, salt, KeyGenerators.secureRandom(16));
 		testCompatibility(bcEncryptor, jceEncryptor);
 	}
 
@@ -69,8 +70,8 @@ public class BouncyCastleAesBytesEncryptorEquivalencyTests {
 		CryptoAssumptions.assumeGCMJCE();
 		BytesEncryptor bcEncryptor = new BouncyCastleAesGcmBytesEncryptor(password, salt,
 				new PredictableRandomBytesKeyGenerator(16));
-		BytesEncryptor jceEncryptor = new AesBytesEncryptor(password, salt,
-				new PredictableRandomBytesKeyGenerator(16), CipherAlgorithm.GCM);
+		BytesEncryptor jceEncryptor = new AesBytesEncryptor(password, salt, new PredictableRandomBytesKeyGenerator(16),
+				CipherAlgorithm.GCM);
 		testEquivalence(bcEncryptor, jceEncryptor);
 	}
 
@@ -79,8 +80,8 @@ public class BouncyCastleAesBytesEncryptorEquivalencyTests {
 		CryptoAssumptions.assumeGCMJCE();
 		BytesEncryptor bcEncryptor = new BouncyCastleAesGcmBytesEncryptor(password, salt,
 				KeyGenerators.secureRandom(16));
-		BytesEncryptor jceEncryptor = new AesBytesEncryptor(password, salt,
-				KeyGenerators.secureRandom(16), CipherAlgorithm.GCM);
+		BytesEncryptor jceEncryptor = new AesBytesEncryptor(password, salt, KeyGenerators.secureRandom(16),
+				CipherAlgorithm.GCM);
 		testCompatibility(bcEncryptor, jceEncryptor);
 	}
 
diff --git a/crypto/src/test/java/org/springframework/security/crypto/encrypt/BouncyCastleAesBytesEncryptorTests.java b/crypto/src/test/java/org/springframework/security/crypto/encrypt/BouncyCastleAesBytesEncryptorTests.java
index f4bd049c33..ff188a3561 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/encrypt/BouncyCastleAesBytesEncryptorTests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/encrypt/BouncyCastleAesBytesEncryptorTests.java
@@ -28,7 +28,9 @@ import org.springframework.security.crypto.keygen.KeyGenerators;
 public class BouncyCastleAesBytesEncryptorTests {
 
 	private byte[] testData;
+
 	private String password;
+
 	private String salt;
 
 	@Before
@@ -67,13 +69,12 @@ public class BouncyCastleAesBytesEncryptorTests {
 
 	@Test(expected = IllegalArgumentException.class)
 	public void bcCbcWithWrongLengthIv() {
-		new BouncyCastleAesCbcBytesEncryptor(password, salt,
-				KeyGenerators.secureRandom(8));
+		new BouncyCastleAesCbcBytesEncryptor(password, salt, KeyGenerators.secureRandom(8));
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void bcGcmWithWrongLengthIv() {
-		new BouncyCastleAesGcmBytesEncryptor(password, salt,
-				KeyGenerators.secureRandom(8));
+		new BouncyCastleAesGcmBytesEncryptor(password, salt, KeyGenerators.secureRandom(8));
 	}
+
 }
diff --git a/crypto/src/test/java/org/springframework/security/crypto/encrypt/CryptoAssumptions.java b/crypto/src/test/java/org/springframework/security/crypto/encrypt/CryptoAssumptions.java
index 188e61385e..efa4c0eff1 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/encrypt/CryptoAssumptions.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/encrypt/CryptoAssumptions.java
@@ -41,16 +41,12 @@ public class CryptoAssumptions {
 			aes256Available = Cipher.getMaxAllowedKeyLength("AES") >= 256;
 		}
 		catch (NoSuchAlgorithmException e) {
-			throw new AssumptionViolatedException(
-					cipherAlgorithm + " not available, skipping test", e);
+			throw new AssumptionViolatedException(cipherAlgorithm + " not available, skipping test", e);
 		}
 		catch (NoSuchPaddingException e) {
-			throw new AssumptionViolatedException(
-					cipherAlgorithm + " padding not available, skipping test", e);
+			throw new AssumptionViolatedException(cipherAlgorithm + " padding not available, skipping test", e);
 		}
-		Assume.assumeTrue(
-				"AES key length of 256 not allowed, skipping test",
-				aes256Available);
+		Assume.assumeTrue("AES key length of 256 not allowed, skipping test", aes256Available);
 
 	}
 
diff --git a/crypto/src/test/java/org/springframework/security/crypto/encrypt/EncryptorsTests.java b/crypto/src/test/java/org/springframework/security/crypto/encrypt/EncryptorsTests.java
index d0c69da5ae..9b6a4ed3ed 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/encrypt/EncryptorsTests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/encrypt/EncryptorsTests.java
@@ -29,8 +29,7 @@ public class EncryptorsTests {
 		assertThat(result).isNotNull();
 		assertThat(new String(result).equals("text")).isFalse();
 		assertThat(new String(encryptor.decrypt(result))).isEqualTo("text");
-		assertThat(new String(result)).isNotEqualTo(
-				new String(encryptor.encrypt("text".getBytes())));
+		assertThat(new String(result)).isNotEqualTo(new String(encryptor.encrypt("text".getBytes())));
 	}
 
 	@Test
@@ -41,8 +40,7 @@ public class EncryptorsTests {
 		assertThat(result).isNotNull();
 		assertThat(new String(result).equals("text")).isFalse();
 		assertThat(new String(encryptor.decrypt(result))).isEqualTo("text");
-		assertThat(new String(result)).isNotEqualTo(
-				new String(encryptor.encrypt("text".getBytes())));
+		assertThat(new String(result)).isNotEqualTo(new String(encryptor.encrypt("text".getBytes())));
 	}
 
 	@Test
@@ -70,8 +68,7 @@ public class EncryptorsTests {
 	@Test
 	public void queryableText() {
 		CryptoAssumptions.assumeCBCJCE();
-		TextEncryptor encryptor = Encryptors.queryableText("password",
-				"5c0744940b5c369b");
+		TextEncryptor encryptor = Encryptors.queryableText("password", "5c0744940b5c369b");
 		String result = encryptor.encrypt("text");
 		assertThat(result).isNotNull();
 		assertThat(result.equals("text")).isFalse();
diff --git a/crypto/src/test/java/org/springframework/security/crypto/factory/PasswordEncoderFactoriesTests.java b/crypto/src/test/java/org/springframework/security/crypto/factory/PasswordEncoderFactoriesTests.java
index f11207784a..3df9d34563 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/factory/PasswordEncoderFactoriesTests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/factory/PasswordEncoderFactoriesTests.java
@@ -26,6 +26,7 @@ import static org.assertj.core.api.Assertions.assertThat;
  * @since 5.0
  */
 public class PasswordEncoderFactoriesTests {
+
 	private PasswordEncoder encoder = PasswordEncoderFactories.createDelegatingPasswordEncoder();
 
 	private String rawPassword = "password";
diff --git a/crypto/src/test/java/org/springframework/security/crypto/keygen/Base64StringKeyGeneratorTests.java b/crypto/src/test/java/org/springframework/security/crypto/keygen/Base64StringKeyGeneratorTests.java
index 951622f2da..026c4398b0 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/keygen/Base64StringKeyGeneratorTests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/keygen/Base64StringKeyGeneratorTests.java
@@ -27,6 +27,7 @@ import static org.assertj.core.api.Assertions.*;
  * @since 5.0
  */
 public class Base64StringKeyGeneratorTests {
+
 	@Test(expected = IllegalArgumentException.class)
 	public void constructorIntWhenLessThan32ThenIllegalArgumentException() {
 		new Base64StringKeyGenerator(31);
@@ -63,4 +64,5 @@ public class Base64StringKeyGeneratorTests {
 		String result = new Base64StringKeyGenerator(Base64.getUrlEncoder(), size).generateKey();
 		assertThat(Base64.getUrlDecoder().decode(result.getBytes())).hasSize(size);
 	}
+
 }
diff --git a/crypto/src/test/java/org/springframework/security/crypto/password/DelegatingPasswordEncoderTests.java b/crypto/src/test/java/org/springframework/security/crypto/password/DelegatingPasswordEncoderTests.java
index 8bca684658..5274531101 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/password/DelegatingPasswordEncoderTests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/password/DelegatingPasswordEncoderTests.java
@@ -40,6 +40,7 @@ import static org.mockito.Mockito.when;
  */
 @RunWith(MockitoJUnitRunner.class)
 public class DelegatingPasswordEncoderTests {
+
 	@Mock
 	private PasswordEncoder bcrypt;
 
@@ -128,8 +129,8 @@ public class DelegatingPasswordEncoderTests {
 	@Test
 	public void matchesWhenUnMappedThenIllegalArgumentException() {
 		assertThatThrownBy(() -> this.passwordEncoder.matches(this.rawPassword, "{unmapped}" + this.rawPassword))
-			.isInstanceOf(IllegalArgumentException.class)
-			.hasMessage("There is no PasswordEncoder mapped for the id \"unmapped\"");
+				.isInstanceOf(IllegalArgumentException.class)
+				.hasMessage("There is no PasswordEncoder mapped for the id \"unmapped\"");
 
 		verifyZeroInteractions(this.bcrypt, this.noop);
 	}
@@ -137,8 +138,8 @@ public class DelegatingPasswordEncoderTests {
 	@Test
 	public void matchesWhenNoClosingPrefixStringThenIllegalArgumentExcetion() {
 		assertThatThrownBy(() -> this.passwordEncoder.matches(this.rawPassword, "{bcrypt" + this.rawPassword))
-			.isInstanceOf(IllegalArgumentException.class)
-			.hasMessage("There is no PasswordEncoder mapped for the id \"null\"");
+				.isInstanceOf(IllegalArgumentException.class)
+				.hasMessage("There is no PasswordEncoder mapped for the id \"null\"");
 
 		verifyZeroInteractions(this.bcrypt, this.noop);
 	}
@@ -146,8 +147,8 @@ public class DelegatingPasswordEncoderTests {
 	@Test
 	public void matchesWhenNoStartingPrefixStringThenFalse() {
 		assertThatThrownBy(() -> this.passwordEncoder.matches(this.rawPassword, "bcrypt}" + this.rawPassword))
-			.isInstanceOf(IllegalArgumentException.class)
-			.hasMessage("There is no PasswordEncoder mapped for the id \"null\"");
+				.isInstanceOf(IllegalArgumentException.class)
+				.hasMessage("There is no PasswordEncoder mapped for the id \"null\"");
 
 		verifyZeroInteractions(this.bcrypt, this.noop);
 	}
@@ -155,8 +156,8 @@ public class DelegatingPasswordEncoderTests {
 	@Test
 	public void matchesWhenNoIdStringThenFalse() {
 		assertThatThrownBy(() -> this.passwordEncoder.matches(this.rawPassword, "{}" + this.rawPassword))
-			.isInstanceOf(IllegalArgumentException.class)
-			.hasMessage("There is no PasswordEncoder mapped for the id \"\"");
+				.isInstanceOf(IllegalArgumentException.class)
+				.hasMessage("There is no PasswordEncoder mapped for the id \"\"");
 
 		verifyZeroInteractions(this.bcrypt, this.noop);
 	}
@@ -164,8 +165,8 @@ public class DelegatingPasswordEncoderTests {
 	@Test
 	public void matchesWhenPrefixInMiddleThenFalse() {
 		assertThatThrownBy(() -> this.passwordEncoder.matches(this.rawPassword, "invalid" + this.bcryptEncodedPassword))
-			.isInstanceOf(IllegalArgumentException.class)
-			.hasMessage("There is no PasswordEncoder mapped for the id \"null\"");
+				.isInstanceOf(IllegalArgumentException.class)
+				.hasMessage("There is no PasswordEncoder mapped for the id \"null\"");
 
 		verifyZeroInteractions(this.bcrypt, this.noop);
 	}
@@ -177,8 +178,8 @@ public class DelegatingPasswordEncoderTests {
 		DelegatingPasswordEncoder passwordEncoder = new DelegatingPasswordEncoder(this.bcryptId, this.delegates);
 
 		assertThatThrownBy(() -> passwordEncoder.matches(this.rawPassword, this.rawPassword))
-			.isInstanceOf(IllegalArgumentException.class)
-			.hasMessage("There is no PasswordEncoder mapped for the id \"null\"");
+				.isInstanceOf(IllegalArgumentException.class)
+				.hasMessage("There is no PasswordEncoder mapped for the id \"null\"");
 
 		verifyZeroInteractions(this.bcrypt, this.noop);
 	}
@@ -212,7 +213,7 @@ public class DelegatingPasswordEncoderTests {
 
 	@Test
 	public void upgradeEncodingWhenIdInvalidFormatThenTrue() {
-		assertThat(this.passwordEncoder.upgradeEncoding("{bcrypt"+ this.encodedPassword)).isTrue();
+		assertThat(this.passwordEncoder.upgradeEncoding("{bcrypt" + this.encodedPassword)).isTrue();
 	}
 
 	@Test
@@ -237,4 +238,5 @@ public class DelegatingPasswordEncoderTests {
 
 		verifyZeroInteractions(bcrypt);
 	}
+
 }
diff --git a/crypto/src/test/java/org/springframework/security/crypto/password/LdapShaPasswordEncoderTests.java b/crypto/src/test/java/org/springframework/security/crypto/password/LdapShaPasswordEncoderTests.java
index 36e900aabf..37c20b8956 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/password/LdapShaPasswordEncoderTests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/password/LdapShaPasswordEncoderTests.java
@@ -28,6 +28,7 @@ import static org.assertj.core.api.Assertions.assertThat;
  */
 @SuppressWarnings("deprecation")
 public class LdapShaPasswordEncoderTests {
+
 	// ~ Instance fields
 	// ================================================================================================
 
@@ -109,4 +110,5 @@ public class LdapShaPasswordEncoderTests {
 		// No right brace
 		this.sha.matches("somepassword", "{SSHA25ro4PKC8jhQZ26jVsozhX/xaP0suHgX");
 	}
+
 }
diff --git a/crypto/src/test/java/org/springframework/security/crypto/password/Md4PasswordEncoderTests.java b/crypto/src/test/java/org/springframework/security/crypto/password/Md4PasswordEncoderTests.java
index 4a4d9fe3f8..b3b4d2e09b 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/password/Md4PasswordEncoderTests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/password/Md4PasswordEncoderTests.java
@@ -16,7 +16,6 @@
 
 package org.springframework.security.crypto.password;
 
-
 import static org.assertj.core.api.Assertions.assertThat;
 
 import org.junit.Test;
@@ -72,5 +71,5 @@ public class Md4PasswordEncoderTests {
 		Md4PasswordEncoder encoder = new Md4PasswordEncoder();
 		assertThat(encoder.matches("password", "{thisissalt}6cc7924dad12ade79dfb99e424f25260"));
 	}
-}
 
+}
diff --git a/crypto/src/test/java/org/springframework/security/crypto/password/MessageDigestPasswordEncoderTests.java b/crypto/src/test/java/org/springframework/security/crypto/password/MessageDigestPasswordEncoderTests.java
index 60d3001959..7e62c413fc 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/password/MessageDigestPasswordEncoderTests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/password/MessageDigestPasswordEncoderTests.java
@@ -32,6 +32,7 @@ import static org.assertj.core.api.Assertions.assertThat;
  */
 @SuppressWarnings("deprecation")
 public class MessageDigestPasswordEncoderTests {
+
 	// ~ Methods
 	// ========================================================================================================
 
@@ -39,7 +40,7 @@ public class MessageDigestPasswordEncoderTests {
 	public void md5BasicFunctionality() {
 		MessageDigestPasswordEncoder pe = new MessageDigestPasswordEncoder("MD5");
 		String raw = "abc123";
-		assertThat(pe.matches( raw, "{THIS_IS_A_SALT}a68aafd90299d0b137de28fb4bb68573")).isTrue();
+		assertThat(pe.matches(raw, "{THIS_IS_A_SALT}a68aafd90299d0b137de28fb4bb68573")).isTrue();
 	}
 
 	@Test
@@ -119,4 +120,5 @@ public class MessageDigestPasswordEncoderTests {
 	public void testInvalidStrength() {
 		new MessageDigestPasswordEncoder("SHA-666");
 	}
+
 }
diff --git a/crypto/src/test/java/org/springframework/security/crypto/password/PasswordEncoderUtilsTests.java b/crypto/src/test/java/org/springframework/security/crypto/password/PasswordEncoderUtilsTests.java
index 183bb1f088..99dd6a997f 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/password/PasswordEncoderUtilsTests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/password/PasswordEncoderUtilsTests.java
@@ -67,4 +67,5 @@ public class PasswordEncoderUtilsTests {
 	public void equalsWhenSameThenTrue() {
 		assertThat(PasswordEncoderUtils.equals("abcdef", "abcdef")).isTrue();
 	}
+
 }
diff --git a/crypto/src/test/java/org/springframework/security/crypto/password/Pbkdf2PasswordEncoderTests.java b/crypto/src/test/java/org/springframework/security/crypto/password/Pbkdf2PasswordEncoderTests.java
index 51a499ebaf..00109b174d 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/password/Pbkdf2PasswordEncoderTests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/password/Pbkdf2PasswordEncoderTests.java
@@ -25,6 +25,7 @@ import org.springframework.security.crypto.keygen.KeyGenerators;
 import static org.assertj.core.api.Assertions.assertThat;
 
 public class Pbkdf2PasswordEncoderTests {
+
 	private Pbkdf2PasswordEncoder encoder = new Pbkdf2PasswordEncoder("secret");
 
 	@Test
@@ -37,8 +38,7 @@ public class Pbkdf2PasswordEncoderTests {
 	@Test
 	public void matchesLengthChecked() {
 		String result = this.encoder.encode("password");
-		assertThat(this.encoder.matches("password",
-				result.substring(0, result.length() - 2))).isFalse();
+		assertThat(this.encoder.matches("password", result.substring(0, result.length() - 2))).isFalse();
 	}
 
 	@Test
@@ -68,8 +68,7 @@ public class Pbkdf2PasswordEncoderTests {
 		String encodedPassword = "ab1146a8458d4ce4e65789e5a3f60e423373cfa10b01abd23739e5ae2fdc37f8e9ede4ae6da65264";
 		String originalEncodedPassword = "ab1146a8458d4ce4ab1146a8458d4ce4e65789e5a3f60e423373cfa10b01abd23739e5ae2fdc37f8e9ede4ae6da65264";
 		byte[] originalBytes = Hex.decode(originalEncodedPassword);
-		byte[] fixedBytes = Arrays.copyOfRange(originalBytes, saltLength,
-				originalBytes.length);
+		byte[] fixedBytes = Arrays.copyOfRange(originalBytes, saltLength, originalBytes.length);
 		String fixedHex = String.valueOf(Hex.encode(fixedBytes));
 
 		assertThat(fixedHex).isEqualTo(encodedPassword);
@@ -91,7 +90,8 @@ public class Pbkdf2PasswordEncoderTests {
 		String encodedPassword = "3FOwOMcDgxP+z1x/sv184LFY2WVD+ZGMgYP3LPOSmCcDmk1XPYvcCQ==";
 
 		assertThat(this.encoder.matches(rawPassword, encodedPassword)).isTrue();
-		java.util.Base64.getDecoder().decode(encodedPassword); // validate can decode as Base64
+		java.util.Base64.getDecoder().decode(encodedPassword); // validate can decode as
+																// Base64
 	}
 
 	@Test
@@ -111,6 +111,7 @@ public class Pbkdf2PasswordEncoderTests {
 		String encodedPassword = "821447f994e2b04c5014e31fa9fca4ae1cc9f2188c4ed53d3ddb5ba7980982b51a0ecebfc0b81a79";
 		assertThat(this.encoder.matches(rawPassword, encodedPassword)).isTrue();
 	}
+
 	/**
 	 * Used to find the iteration count that takes .5 seconds.
 	 */
@@ -126,8 +127,7 @@ public class Pbkdf2PasswordEncoderTests {
 		long avg = 0;
 		while (avg < HALF_SECOND) {
 			iterations += 10000;
-			Pbkdf2PasswordEncoder encoder = new Pbkdf2PasswordEncoder("", iterations,
-					256);
+			Pbkdf2PasswordEncoder encoder = new Pbkdf2PasswordEncoder("", iterations, 256);
 			String encoded = encoder.encode("password");
 			System.out.println("Trying " + iterations);
 			long start = System.currentTimeMillis();
@@ -141,4 +141,5 @@ public class Pbkdf2PasswordEncoderTests {
 		}
 		System.out.println("Iterations " + iterations);
 	}
+
 }
diff --git a/crypto/src/test/java/org/springframework/security/crypto/scrypt/SCryptPasswordEncoderTests.java b/crypto/src/test/java/org/springframework/security/crypto/scrypt/SCryptPasswordEncoderTests.java
index 5ac30814bc..0bbaea7f68 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/scrypt/SCryptPasswordEncoderTests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/scrypt/SCryptPasswordEncoderTests.java
@@ -161,5 +161,5 @@ public class SCryptPasswordEncoderTests {
 	public void upgradeEncodingWhenInvalidInputThenException() {
 		new SCryptPasswordEncoder().upgradeEncoding("not-a-scrypt-password");
 	}
-}
 
+}
diff --git a/crypto/src/test/java/org/springframework/security/crypto/util/EncodingUtilsTests.java b/crypto/src/test/java/org/springframework/security/crypto/util/EncodingUtilsTests.java
index 3c6fe20f87..d05f6231c5 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/util/EncodingUtilsTests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/util/EncodingUtilsTests.java
@@ -26,35 +26,34 @@ public class EncodingUtilsTests {
 
 	@Test
 	public void hexEncode() {
-		byte[] bytes = new byte[] { (byte) 0x01, (byte) 0xFF, (byte) 65, (byte) 66,
-			(byte) 67, (byte) 0xC0, (byte) 0xC1, (byte) 0xC2 };
+		byte[] bytes = new byte[] { (byte) 0x01, (byte) 0xFF, (byte) 65, (byte) 66, (byte) 67, (byte) 0xC0, (byte) 0xC1,
+				(byte) 0xC2 };
 		String result = new String(Hex.encode(bytes));
 		assertThat(result).isEqualTo("01ff414243c0c1c2");
 	}
 
 	@Test
 	public void hexDecode() {
-		byte[] bytes = new byte[] { (byte) 0x01, (byte) 0xFF, (byte) 65, (byte) 66,
-			(byte) 67, (byte) 0xC0, (byte) 0xC1, (byte) 0xC2 };
+		byte[] bytes = new byte[] { (byte) 0x01, (byte) 0xFF, (byte) 65, (byte) 66, (byte) 67, (byte) 0xC0, (byte) 0xC1,
+				(byte) 0xC2 };
 		byte[] result = Hex.decode("01ff414243c0c1c2");
 		assertThat(Arrays.equals(bytes, result)).isTrue();
 	}
 
 	@Test
 	public void concatenate() {
-		byte[] bytes = new byte[] { (byte) 0x01, (byte) 0xFF, (byte) 65, (byte) 66,
-			(byte) 67, (byte) 0xC0, (byte) 0xC1, (byte) 0xC2 };
+		byte[] bytes = new byte[] { (byte) 0x01, (byte) 0xFF, (byte) 65, (byte) 66, (byte) 67, (byte) 0xC0, (byte) 0xC1,
+				(byte) 0xC2 };
 		byte[] one = new byte[] { (byte) 0x01 };
 		byte[] two = new byte[] { (byte) 0xFF, (byte) 65, (byte) 66 };
 		byte[] three = new byte[] { (byte) 67, (byte) 0xC0, (byte) 0xC1, (byte) 0xC2 };
-		assertThat(Arrays.equals(bytes,
-				EncodingUtils.concatenate(one, two, three))).isTrue();
+		assertThat(Arrays.equals(bytes, EncodingUtils.concatenate(one, two, three))).isTrue();
 	}
 
 	@Test
 	public void subArray() {
-		byte[] bytes = new byte[] { (byte) 0x01, (byte) 0xFF, (byte) 65, (byte) 66,
-			(byte) 67, (byte) 0xC0, (byte) 0xC1, (byte) 0xC2 };
+		byte[] bytes = new byte[] { (byte) 0x01, (byte) 0xFF, (byte) 65, (byte) 66, (byte) 67, (byte) 0xC0, (byte) 0xC1,
+				(byte) 0xC2 };
 		byte[] two = new byte[] { (byte) 0xFF, (byte) 65, (byte) 66 };
 		byte[] subArray = EncodingUtils.subArray(bytes, 1, 4);
 		assertThat(subArray).hasSize(3);
diff --git a/data/src/main/java/org/springframework/security/data/repository/query/SecurityEvaluationContextExtension.java b/data/src/main/java/org/springframework/security/data/repository/query/SecurityEvaluationContextExtension.java
index 936ccf6f25..6840537f3e 100644
--- a/data/src/main/java/org/springframework/security/data/repository/query/SecurityEvaluationContextExtension.java
+++ b/data/src/main/java/org/springframework/security/data/repository/query/SecurityEvaluationContextExtension.java
@@ -78,8 +78,8 @@ import org.springframework.security.core.context.SecurityContextHolder;
  * @since 4.0
  * @author Rob Winch
  */
-public class SecurityEvaluationContextExtension
-		implements EvaluationContextExtension {
+public class SecurityEvaluationContextExtension implements EvaluationContextExtension {
+
 	private Authentication authentication;
 
 	/**
@@ -91,7 +91,6 @@ public class SecurityEvaluationContextExtension
 
 	/**
 	 * Creates a new instance that always uses the same {@link Authentication} object.
-	 *
 	 * @param authentication the {@link Authentication} to use
 	 */
 	public SecurityEvaluationContextExtension(Authentication authentication) {
@@ -117,4 +116,5 @@ public class SecurityEvaluationContextExtension
 		SecurityContext context = SecurityContextHolder.getContext();
 		return context.getAuthentication();
 	}
+
 }
diff --git a/data/src/test/java/org/springframework/security/data/repository/query/SecurityEvaluationContextExtensionTests.java b/data/src/test/java/org/springframework/security/data/repository/query/SecurityEvaluationContextExtensionTests.java
index 2efcb97c7f..b5193f8396 100644
--- a/data/src/test/java/org/springframework/security/data/repository/query/SecurityEvaluationContextExtensionTests.java
+++ b/data/src/test/java/org/springframework/security/data/repository/query/SecurityEvaluationContextExtensionTests.java
@@ -25,6 +25,7 @@ import org.springframework.security.core.context.SecurityContextHolder;
 import static org.assertj.core.api.Assertions.assertThat;
 
 public class SecurityEvaluationContextExtensionTests {
+
 	SecurityEvaluationContextExtension securityExtension;
 
 	@Before
@@ -44,8 +45,7 @@ public class SecurityEvaluationContextExtensionTests {
 
 	@Test
 	public void getRootObjectSecurityContextHolderAuthentication() {
-		TestingAuthenticationToken authentication = new TestingAuthenticationToken(
-				"user", "password", "ROLE_USER");
+		TestingAuthenticationToken authentication = new TestingAuthenticationToken("user", "password", "ROLE_USER");
 		SecurityContextHolder.getContext().setAuthentication(authentication);
 
 		assertThat(getRoot().getAuthentication()).isSameAs(authentication);
@@ -53,12 +53,10 @@ public class SecurityEvaluationContextExtensionTests {
 
 	@Test
 	public void getRootObjectExplicitAuthenticationOverridesSecurityContextHolder() {
-		TestingAuthenticationToken explicit = new TestingAuthenticationToken("explicit",
-				"password", "ROLE_EXPLICIT");
+		TestingAuthenticationToken explicit = new TestingAuthenticationToken("explicit", "password", "ROLE_EXPLICIT");
 		securityExtension = new SecurityEvaluationContextExtension(explicit);
 
-		TestingAuthenticationToken authentication = new TestingAuthenticationToken(
-				"user", "password", "ROLE_USER");
+		TestingAuthenticationToken authentication = new TestingAuthenticationToken("user", "password", "ROLE_USER");
 		SecurityContextHolder.getContext().setAuthentication(authentication);
 
 		assertThat(getRoot().getAuthentication()).isSameAs(explicit);
@@ -66,8 +64,7 @@ public class SecurityEvaluationContextExtensionTests {
 
 	@Test
 	public void getRootObjectExplicitAuthentication() {
-		TestingAuthenticationToken explicit = new TestingAuthenticationToken("explicit",
-				"password", "ROLE_EXPLICIT");
+		TestingAuthenticationToken explicit = new TestingAuthenticationToken("explicit", "password", "ROLE_EXPLICIT");
 		securityExtension = new SecurityEvaluationContextExtension(explicit);
 
 		assertThat(getRoot().getAuthentication()).isSameAs(explicit);
@@ -76,4 +73,5 @@ public class SecurityEvaluationContextExtensionTests {
 	private SecurityExpressionRoot getRoot() {
 		return (SecurityExpressionRoot) securityExtension.getRootObject();
 	}
+
 }
\ No newline at end of file
diff --git a/itest/context/src/integration-test/java/org/springframework/security/integration/HttpNamespaceWithMultipleInterceptorsTests.java b/itest/context/src/integration-test/java/org/springframework/security/integration/HttpNamespaceWithMultipleInterceptorsTests.java
index ecf8f79605..14cc63380e 100644
--- a/itest/context/src/integration-test/java/org/springframework/security/integration/HttpNamespaceWithMultipleInterceptorsTests.java
+++ b/itest/context/src/integration-test/java/org/springframework/security/integration/HttpNamespaceWithMultipleInterceptorsTests.java
@@ -65,10 +65,9 @@ public class HttpNamespaceWithMultipleInterceptorsTests {
 
 	public HttpSession createAuthenticatedSession(String... roles) {
 		MockHttpSession session = new MockHttpSession();
-		SecurityContextHolder.getContext().setAuthentication(
-				new TestingAuthenticationToken("bob", "bobspassword", roles));
-		session.setAttribute(
-				HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY,
+		SecurityContextHolder.getContext()
+				.setAuthentication(new TestingAuthenticationToken("bob", "bobspassword", roles));
+		session.setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY,
 				SecurityContextHolder.getContext());
 		SecurityContextHolder.clearContext();
 		return session;
diff --git a/itest/context/src/integration-test/java/org/springframework/security/integration/HttpPathParameterStrippingTests.java b/itest/context/src/integration-test/java/org/springframework/security/integration/HttpPathParameterStrippingTests.java
index 79d1f2c4e7..40b13468cd 100644
--- a/itest/context/src/integration-test/java/org/springframework/security/integration/HttpPathParameterStrippingTests.java
+++ b/itest/context/src/integration-test/java/org/springframework/security/integration/HttpPathParameterStrippingTests.java
@@ -42,8 +42,7 @@ public class HttpPathParameterStrippingTests {
 	private FilterChainProxy fcp;
 
 	@Test(expected = RequestRejectedException.class)
-	public void securedFilterChainCannotBeBypassedByAddingPathParameters()
-			throws Exception {
+	public void securedFilterChainCannotBeBypassedByAddingPathParameters() throws Exception {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setPathInfo("/secured;x=y/admin.html");
 		request.setSession(createAuthenticatedSession("ROLE_USER"));
@@ -60,7 +59,6 @@ public class HttpPathParameterStrippingTests {
 		fcp.doFilter(request, response, new MockFilterChain());
 	}
 
-
 	@Test(expected = RequestRejectedException.class)
 	public void adminFilePatternCannotBeBypassedByAddingPathParametersWithPathInfo() throws Exception {
 		MockHttpServletRequest request = new MockHttpServletRequest();
@@ -74,10 +72,9 @@ public class HttpPathParameterStrippingTests {
 
 	public HttpSession createAuthenticatedSession(String... roles) {
 		MockHttpSession session = new MockHttpSession();
-		SecurityContextHolder.getContext().setAuthentication(
-				new TestingAuthenticationToken("bob", "bobspassword", roles));
-		session.setAttribute(
-				HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY,
+		SecurityContextHolder.getContext()
+				.setAuthentication(new TestingAuthenticationToken("bob", "bobspassword", roles));
+		session.setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY,
 				SecurityContextHolder.getContext());
 		SecurityContextHolder.clearContext();
 		return session;
diff --git a/itest/context/src/integration-test/java/org/springframework/security/integration/MultiAnnotationTests.java b/itest/context/src/integration-test/java/org/springframework/security/integration/MultiAnnotationTests.java
index 724790c65a..0a21e9b59a 100644
--- a/itest/context/src/integration-test/java/org/springframework/security/integration/MultiAnnotationTests.java
+++ b/itest/context/src/integration-test/java/org/springframework/security/integration/MultiAnnotationTests.java
@@ -35,15 +35,17 @@ import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 @ContextConfiguration(locations = { "/multi-sec-annotation-app-context.xml" })
 @RunWith(SpringJUnit4ClassRunner.class)
 public class MultiAnnotationTests {
-	private final TestingAuthenticationToken joe_a = new TestingAuthenticationToken(
-			"joe", "pass", "ROLE_A");
-	private final TestingAuthenticationToken joe_b = new TestingAuthenticationToken(
-			"joe", "pass", "ROLE_B");
+
+	private final TestingAuthenticationToken joe_a = new TestingAuthenticationToken("joe", "pass", "ROLE_A");
+
+	private final TestingAuthenticationToken joe_b = new TestingAuthenticationToken("joe", "pass", "ROLE_B");
 
 	@Autowired
 	MultiAnnotationService service;
+
 	@Autowired
 	PreAuthorizeService preService;
+
 	@Autowired
 	SecuredService secService;
 
@@ -100,4 +102,5 @@ public class MultiAnnotationTests {
 		SecurityContextHolder.getContext().setAuthentication(joe_b);
 		secService.securedMethod();
 	}
+
 }
diff --git a/itest/context/src/integration-test/java/org/springframework/security/integration/SEC933ApplicationContextTests.java b/itest/context/src/integration-test/java/org/springframework/security/integration/SEC933ApplicationContextTests.java
index 00c4fc62e2..ec32100369 100644
--- a/itest/context/src/integration-test/java/org/springframework/security/integration/SEC933ApplicationContextTests.java
+++ b/itest/context/src/integration-test/java/org/springframework/security/integration/SEC933ApplicationContextTests.java
@@ -35,4 +35,5 @@ public class SEC933ApplicationContextTests {
 	public void testSimpleApplicationContextBootstrap() {
 		assertThat(userDetailsService).isNotNull();
 	}
+
 }
diff --git a/itest/context/src/integration-test/java/org/springframework/security/integration/SEC936ApplicationContextTests.java b/itest/context/src/integration-test/java/org/springframework/security/integration/SEC936ApplicationContextTests.java
index 861a98139d..24272de1c7 100644
--- a/itest/context/src/integration-test/java/org/springframework/security/integration/SEC936ApplicationContextTests.java
+++ b/itest/context/src/integration-test/java/org/springframework/security/integration/SEC936ApplicationContextTests.java
@@ -32,14 +32,17 @@ import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 @ContextConfiguration(locations = { "/sec-936-app-context.xml" })
 @RunWith(SpringJUnit4ClassRunner.class)
 public class SEC936ApplicationContextTests {
+
 	@Autowired
-	/** SessionRegistry is used as the test service interface (nothing to do with the test) */
+	/**
+	 * SessionRegistry is used as the test service interface (nothing to do with the test)
+	 */
 	private SessionRegistry sessionRegistry;
 
 	@Test(expected = AccessDeniedException.class)
 	public void securityInterceptorHandlesCallWithNoTargetObject() {
-		SecurityContextHolder.getContext().setAuthentication(
-				new UsernamePasswordAuthenticationToken("bob", "bobspassword"));
+		SecurityContextHolder.getContext()
+				.setAuthentication(new UsernamePasswordAuthenticationToken("bob", "bobspassword"));
 		sessionRegistry.getAllPrincipals();
 	}
 
diff --git a/itest/context/src/integration-test/java/org/springframework/security/integration/StubUserRepository.java b/itest/context/src/integration-test/java/org/springframework/security/integration/StubUserRepository.java
index 099fe44f09..8d272048b9 100644
--- a/itest/context/src/integration-test/java/org/springframework/security/integration/StubUserRepository.java
+++ b/itest/context/src/integration-test/java/org/springframework/security/integration/StubUserRepository.java
@@ -19,4 +19,5 @@ public class StubUserRepository implements UserRepository {
 
 	public void doSomething() {
 	}
+
 }
\ No newline at end of file
diff --git a/itest/context/src/integration-test/java/org/springframework/security/integration/python/PythonInterpreterBasedSecurityTests.java b/itest/context/src/integration-test/java/org/springframework/security/integration/python/PythonInterpreterBasedSecurityTests.java
index df288f1f4e..44d7f19b25 100644
--- a/itest/context/src/integration-test/java/org/springframework/security/integration/python/PythonInterpreterBasedSecurityTests.java
+++ b/itest/context/src/integration-test/java/org/springframework/security/integration/python/PythonInterpreterBasedSecurityTests.java
@@ -32,11 +32,12 @@ public class PythonInterpreterBasedSecurityTests {
 
 	@Test
 	public void serviceMethod() {
-		SecurityContextHolder.getContext().setAuthentication(
-				new UsernamePasswordAuthenticationToken("bob", "bobspassword"));
+		SecurityContextHolder.getContext()
+				.setAuthentication(new UsernamePasswordAuthenticationToken("bob", "bobspassword"));
 
 		// for (int i=0; i < 1000; i++) {
 		service.someMethod();
 		// }
 	}
+
 }
diff --git a/itest/context/src/integration-test/java/org/springframework/security/performance/FilterChainPerformanceTests.java b/itest/context/src/integration-test/java/org/springframework/security/performance/FilterChainPerformanceTests.java
index 9155ef1794..406d2f2d52 100644
--- a/itest/context/src/integration-test/java/org/springframework/security/performance/FilterChainPerformanceTests.java
+++ b/itest/context/src/integration-test/java/org/springframework/security/performance/FilterChainPerformanceTests.java
@@ -37,20 +37,23 @@ import javax.servlet.http.HttpSession;
 import java.util.*;
 
 /**
- *
  * @author Luke Taylor
  * @since 2.0
  */
 @ContextConfiguration(locations = { "/filter-chain-performance-app-context.xml" })
 @RunWith(SpringJUnit4ClassRunner.class)
 public class FilterChainPerformanceTests {
+
 	// Adjust as required
 	private static final int N_INVOCATIONS = 1; // 1000
+
 	private static final int N_AUTHORITIES = 2; // 200
+
 	private static StopWatch sw = new StopWatch("Filter Chain Performance Tests");
 
-	private final UsernamePasswordAuthenticationToken user = new UsernamePasswordAuthenticationToken(
-			"bob", "bobspassword", createRoles(N_AUTHORITIES));
+	private final UsernamePasswordAuthenticationToken user = new UsernamePasswordAuthenticationToken("bob",
+			"bobspassword", createRoles(N_AUTHORITIES));
+
 	private HttpSession session;
 
 	@Autowired
@@ -65,8 +68,7 @@ public class FilterChainPerformanceTests {
 	public void createAuthenticatedSession() {
 		session = new MockHttpSession();
 		SecurityContextHolder.getContext().setAuthentication(user);
-		session.setAttribute(
-				HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY,
+		session.setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY,
 				SecurityContextHolder.getContext());
 		SecurityContextHolder.clearContext();
 	}
@@ -121,10 +123,8 @@ public class FilterChainPerformanceTests {
 		for (int user = 0; user < N_AUTHORITIES / 10; user++) {
 			int nAuthorities = user == 0 ? 1 : user * 10;
 			SecurityContextHolder.getContext().setAuthentication(
-					new UsernamePasswordAuthenticationToken("bob", "bobspassword",
-							createRoles(nAuthorities)));
-			session.setAttribute(
-					HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY,
+					new UsernamePasswordAuthenticationToken("bob", "bobspassword", createRoles(nAuthorities)));
+			session.setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY,
 					SecurityContextHolder.getContext());
 			SecurityContextHolder.clearContext();
 			sw.start(nAuthorities + " authorities");
@@ -146,4 +146,5 @@ public class FilterChainPerformanceTests {
 
 		return Arrays.asList(roles);
 	}
+
 }
diff --git a/itest/context/src/integration-test/java/org/springframework/security/performance/ProtectPointcutPerformanceTests.java b/itest/context/src/integration-test/java/org/springframework/security/performance/ProtectPointcutPerformanceTests.java
index 10a6d87e2c..9cc283202f 100644
--- a/itest/context/src/integration-test/java/org/springframework/security/performance/ProtectPointcutPerformanceTests.java
+++ b/itest/context/src/integration-test/java/org/springframework/security/performance/ProtectPointcutPerformanceTests.java
@@ -51,8 +51,7 @@ public class ProtectPointcutPerformanceTests implements ApplicationContextAware
 		sw.start();
 		for (int i = 0; i < 1000; i++) {
 			try {
-				SessionRegistry reg = (SessionRegistry) ctx.getBean(
-						"sessionRegistryPrototype");
+				SessionRegistry reg = (SessionRegistry) ctx.getBean("sessionRegistryPrototype");
 				reg.getAllPrincipals();
 				fail("Expected AuthenticationCredentialsNotFoundException");
 			}
@@ -64,8 +63,8 @@ public class ProtectPointcutPerformanceTests implements ApplicationContextAware
 
 	}
 
-	public void setApplicationContext(ApplicationContext applicationContext)
-			throws BeansException {
+	public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
 		ctx = applicationContext;
 	}
+
 }
diff --git a/itest/context/src/main/java/org/springframework/security/integration/UserDetailsServiceImpl.java b/itest/context/src/main/java/org/springframework/security/integration/UserDetailsServiceImpl.java
index 8da64c0336..7aff3a25ba 100755
--- a/itest/context/src/main/java/org/springframework/security/integration/UserDetailsServiceImpl.java
+++ b/itest/context/src/main/java/org/springframework/security/integration/UserDetailsServiceImpl.java
@@ -34,4 +34,5 @@ public class UserDetailsServiceImpl implements UserDetailsService {
 	public void setUserRepository(UserRepository userRepository) {
 		this.userRepository = userRepository;
 	}
+
 }
diff --git a/itest/context/src/main/java/org/springframework/security/integration/multiannotation/MultiAnnotationService.java b/itest/context/src/main/java/org/springframework/security/integration/multiannotation/MultiAnnotationService.java
index 8e2bb8874d..6cb989c4aa 100644
--- a/itest/context/src/main/java/org/springframework/security/integration/multiannotation/MultiAnnotationService.java
+++ b/itest/context/src/main/java/org/springframework/security/integration/multiannotation/MultiAnnotationService.java
@@ -36,4 +36,5 @@ public interface MultiAnnotationService {
 
 	@Secured("ROLE_A")
 	void securedRoleAMethod();
+
 }
diff --git a/itest/context/src/main/java/org/springframework/security/integration/multiannotation/PreAuthorizeService.java b/itest/context/src/main/java/org/springframework/security/integration/multiannotation/PreAuthorizeService.java
index a12a0b4172..efe6264720 100644
--- a/itest/context/src/main/java/org/springframework/security/integration/multiannotation/PreAuthorizeService.java
+++ b/itest/context/src/main/java/org/springframework/security/integration/multiannotation/PreAuthorizeService.java
@@ -18,11 +18,11 @@ package org.springframework.security.integration.multiannotation;
 import org.springframework.security.access.prepost.PreAuthorize;
 
 /**
- *
  * @author Luke Taylor
  */
 public interface PreAuthorizeService {
 
 	@PreAuthorize("hasRole('ROLE_A')")
 	void preAuthorizedMethod();
+
 }
diff --git a/itest/context/src/main/java/org/springframework/security/integration/multiannotation/PreAuthorizeServiceImpl.java b/itest/context/src/main/java/org/springframework/security/integration/multiannotation/PreAuthorizeServiceImpl.java
index f8ff122e21..ff2b4c50b2 100644
--- a/itest/context/src/main/java/org/springframework/security/integration/multiannotation/PreAuthorizeServiceImpl.java
+++ b/itest/context/src/main/java/org/springframework/security/integration/multiannotation/PreAuthorizeServiceImpl.java
@@ -19,6 +19,8 @@ package org.springframework.security.integration.multiannotation;
  * @author Luke Taylor
  */
 public class PreAuthorizeServiceImpl implements PreAuthorizeService {
+
 	public void preAuthorizedMethod() {
 	}
+
 }
diff --git a/itest/context/src/main/java/org/springframework/security/integration/multiannotation/SecuredService.java b/itest/context/src/main/java/org/springframework/security/integration/multiannotation/SecuredService.java
index ee5f36b6f3..d7bed1b697 100644
--- a/itest/context/src/main/java/org/springframework/security/integration/multiannotation/SecuredService.java
+++ b/itest/context/src/main/java/org/springframework/security/integration/multiannotation/SecuredService.java
@@ -18,10 +18,11 @@ package org.springframework.security.integration.multiannotation;
 import org.springframework.security.access.annotation.Secured;
 
 /**
- *
  * @author Luke Taylor
  */
 public interface SecuredService {
+
 	@Secured("ROLE_A")
 	void securedMethod();
+
 }
diff --git a/itest/context/src/main/java/org/springframework/security/integration/multiannotation/SecuredServiceImpl.java b/itest/context/src/main/java/org/springframework/security/integration/multiannotation/SecuredServiceImpl.java
index d580b5867c..349f6da5d1 100644
--- a/itest/context/src/main/java/org/springframework/security/integration/multiannotation/SecuredServiceImpl.java
+++ b/itest/context/src/main/java/org/springframework/security/integration/multiannotation/SecuredServiceImpl.java
@@ -16,10 +16,11 @@
 package org.springframework.security.integration.multiannotation;
 
 /**
- *
  * @author Luke Taylor
  */
 public class SecuredServiceImpl implements SecuredService {
+
 	public void securedMethod() {
 	}
+
 }
diff --git a/itest/context/src/main/java/org/springframework/security/integration/python/PythonInterpreterPostInvocationAdvice.java b/itest/context/src/main/java/org/springframework/security/integration/python/PythonInterpreterPostInvocationAdvice.java
index 7c180e5850..168a3f053b 100644
--- a/itest/context/src/main/java/org/springframework/security/integration/python/PythonInterpreterPostInvocationAdvice.java
+++ b/itest/context/src/main/java/org/springframework/security/integration/python/PythonInterpreterPostInvocationAdvice.java
@@ -21,12 +21,11 @@ import org.springframework.security.access.prepost.PostInvocationAttribute;
 import org.springframework.security.access.prepost.PostInvocationAuthorizationAdvice;
 import org.springframework.security.core.Authentication;
 
-public class PythonInterpreterPostInvocationAdvice implements
-		PostInvocationAuthorizationAdvice {
+public class PythonInterpreterPostInvocationAdvice implements PostInvocationAuthorizationAdvice {
 
-	public Object after(Authentication authentication, MethodInvocation mi,
-			PostInvocationAttribute pia, Object returnedObject)
-			throws AccessDeniedException {
+	public Object after(Authentication authentication, MethodInvocation mi, PostInvocationAttribute pia,
+			Object returnedObject) throws AccessDeniedException {
 		return returnedObject;
 	}
+
 }
diff --git a/itest/context/src/main/java/org/springframework/security/integration/python/PythonInterpreterPreInvocationAdvice.java b/itest/context/src/main/java/org/springframework/security/integration/python/PythonInterpreterPreInvocationAdvice.java
index d72861f797..1ad4a6e78d 100644
--- a/itest/context/src/main/java/org/springframework/security/integration/python/PythonInterpreterPreInvocationAdvice.java
+++ b/itest/context/src/main/java/org/springframework/security/integration/python/PythonInterpreterPreInvocationAdvice.java
@@ -33,12 +33,11 @@ import org.springframework.security.access.prepost.PreInvocationAuthorizationAdv
 import org.springframework.security.core.Authentication;
 import org.springframework.util.ClassUtils;
 
-public class PythonInterpreterPreInvocationAdvice implements
-		PreInvocationAuthorizationAdvice {
+public class PythonInterpreterPreInvocationAdvice implements PreInvocationAuthorizationAdvice {
+
 	private final ParameterNameDiscoverer parameterNameDiscoverer = new LocalVariableTableParameterNameDiscoverer();
 
-	public boolean before(Authentication authentication, MethodInvocation mi,
-			PreInvocationAttribute preAttr) {
+	public boolean before(Authentication authentication, MethodInvocation mi, PreInvocationAttribute preAttr) {
 		PythonInterpreterPreInvocationAttribute pythonAttr = (PythonInterpreterPreInvocationAttribute) preAttr;
 		String script = pythonAttr.getScript();
 
@@ -46,8 +45,7 @@ public class PythonInterpreterPreInvocationAdvice implements
 		python.set("authentication", authentication);
 		python.set("args", createArgumentMap(mi));
 		python.set("method", mi.getMethod().getName());
-		Resource scriptResource = new PathMatchingResourcePatternResolver()
-				.getResource(script);
+		Resource scriptResource = new PathMatchingResourcePatternResolver().getResource(script);
 
 		try {
 			python.execfile(scriptResource.getInputStream());
@@ -68,8 +66,7 @@ public class PythonInterpreterPreInvocationAdvice implements
 	private Map<String, Object> createArgumentMap(MethodInvocation mi) {
 		Object[] args = mi.getArguments();
 		Object targetObject = mi.getThis();
-		Method method = ClassUtils.getMostSpecificMethod(mi.getMethod(),
-				targetObject.getClass());
+		Method method = ClassUtils.getMostSpecificMethod(mi.getMethod(), targetObject.getClass());
 		String[] paramNames = parameterNameDiscoverer.getParameterNames(method);
 
 		Map<String, Object> argMap = new HashMap<>();
@@ -79,4 +76,5 @@ public class PythonInterpreterPreInvocationAdvice implements
 
 		return argMap;
 	}
+
 }
diff --git a/itest/context/src/main/java/org/springframework/security/integration/python/PythonInterpreterPreInvocationAttribute.java b/itest/context/src/main/java/org/springframework/security/integration/python/PythonInterpreterPreInvocationAttribute.java
index d033af1d4f..960a8475b8 100644
--- a/itest/context/src/main/java/org/springframework/security/integration/python/PythonInterpreterPreInvocationAttribute.java
+++ b/itest/context/src/main/java/org/springframework/security/integration/python/PythonInterpreterPreInvocationAttribute.java
@@ -18,6 +18,7 @@ package org.springframework.security.integration.python;
 import org.springframework.security.access.prepost.PreInvocationAttribute;
 
 public class PythonInterpreterPreInvocationAttribute implements PreInvocationAttribute {
+
 	private final String script;
 
 	PythonInterpreterPreInvocationAttribute(String script) {
@@ -31,4 +32,5 @@ public class PythonInterpreterPreInvocationAttribute implements PreInvocationAtt
 	public String getScript() {
 		return script;
 	}
+
 }
diff --git a/itest/context/src/main/java/org/springframework/security/integration/python/PythonInterpreterPrePostInvocationAttributeFactory.java b/itest/context/src/main/java/org/springframework/security/integration/python/PythonInterpreterPrePostInvocationAttributeFactory.java
index 84c11e94aa..d1997e7726 100644
--- a/itest/context/src/main/java/org/springframework/security/integration/python/PythonInterpreterPrePostInvocationAttributeFactory.java
+++ b/itest/context/src/main/java/org/springframework/security/integration/python/PythonInterpreterPrePostInvocationAttributeFactory.java
@@ -20,20 +20,20 @@ import org.springframework.security.access.prepost.PostInvocationAttribute;
 import org.springframework.security.access.prepost.PreInvocationAttribute;
 import org.springframework.security.access.prepost.PrePostInvocationAttributeFactory;
 
-public class PythonInterpreterPrePostInvocationAttributeFactory implements
-		PrePostInvocationAttributeFactory {
+public class PythonInterpreterPrePostInvocationAttributeFactory implements PrePostInvocationAttributeFactory {
 
 	public PythonInterpreterPrePostInvocationAttributeFactory() {
 		PythonInterpreter.initialize(System.getProperties(), null, new String[] {});
 	}
 
-	public PreInvocationAttribute createPreInvocationAttribute(String preFilterAttribute,
-			String filterObject, String preAuthorizeAttribute) {
+	public PreInvocationAttribute createPreInvocationAttribute(String preFilterAttribute, String filterObject,
+			String preAuthorizeAttribute) {
 		return new PythonInterpreterPreInvocationAttribute(preAuthorizeAttribute);
 	}
 
-	public PostInvocationAttribute createPostInvocationAttribute(
-			String postFilterAttribute, String postAuthorizeAttribute) {
+	public PostInvocationAttribute createPostInvocationAttribute(String postFilterAttribute,
+			String postAuthorizeAttribute) {
 		return null;
 	}
+
 }
diff --git a/itest/web/src/integration-test/java/org/springframework/security/integration/AbstractWebServerIntegrationTests.java b/itest/web/src/integration-test/java/org/springframework/security/integration/AbstractWebServerIntegrationTests.java
index 2d61b7ee89..f11648d9ee 100644
--- a/itest/web/src/integration-test/java/org/springframework/security/integration/AbstractWebServerIntegrationTests.java
+++ b/itest/web/src/integration-test/java/org/springframework/security/integration/AbstractWebServerIntegrationTests.java
@@ -33,6 +33,7 @@ import org.springframework.web.context.support.XmlWebApplicationContext;
  * @author Luke Taylor
  */
 public abstract class AbstractWebServerIntegrationTests {
+
 	protected ConfigurableApplicationContext context;
 
 	@After
@@ -53,9 +54,7 @@ public abstract class AbstractWebServerIntegrationTests {
 		context.refresh();
 		this.context = context;
 
-		return MockMvcBuilders
-			.webAppContextSetup(context)
-			.apply(springSecurity())
-			.build();
+		return MockMvcBuilders.webAppContextSetup(context).apply(springSecurity()).build();
 	}
+
 }
diff --git a/itest/web/src/integration-test/java/org/springframework/security/integration/BasicAuthenticationTests.java b/itest/web/src/integration-test/java/org/springframework/security/integration/BasicAuthenticationTests.java
index ddec15c81c..f1d71e48f8 100644
--- a/itest/web/src/integration-test/java/org/springframework/security/integration/BasicAuthenticationTests.java
+++ b/itest/web/src/integration-test/java/org/springframework/security/integration/BasicAuthenticationTests.java
@@ -28,17 +28,17 @@ public class BasicAuthenticationTests extends AbstractWebServerIntegrationTests
 
 	@Test
 	public void httpBasicWhenAuthenticationRequiredAndNotAuthenticatedThen401() throws Exception {
-		MockMvc mockMvc = createMockMvc("classpath:/spring/http-security-basic.xml", "classpath:/spring/in-memory-provider.xml", "classpath:/spring/testapp-servlet.xml");
-		mockMvc.perform(get("/secure/index"))
-			.andExpect(status().isUnauthorized());
+		MockMvc mockMvc = createMockMvc("classpath:/spring/http-security-basic.xml",
+				"classpath:/spring/in-memory-provider.xml", "classpath:/spring/testapp-servlet.xml");
+		mockMvc.perform(get("/secure/index")).andExpect(status().isUnauthorized());
 	}
 
 	@Test
 	public void httpBasicWhenProvidedThen200() throws Exception {
-		MockMvc mockMvc = createMockMvc("classpath:/spring/http-security-basic.xml", "classpath:/spring/in-memory-provider.xml", "classpath:/spring/testapp-servlet.xml");
-		MockHttpServletRequestBuilder request = get("/secure/index")
-				.with(httpBasic("johnc", "johncspassword"));
-		mockMvc.perform(request)
-			.andExpect(status().isOk());
+		MockMvc mockMvc = createMockMvc("classpath:/spring/http-security-basic.xml",
+				"classpath:/spring/in-memory-provider.xml", "classpath:/spring/testapp-servlet.xml");
+		MockHttpServletRequestBuilder request = get("/secure/index").with(httpBasic("johnc", "johncspassword"));
+		mockMvc.perform(request).andExpect(status().isOk());
 	}
+
 }
diff --git a/itest/web/src/integration-test/java/org/springframework/security/integration/ConcurrentSessionManagementTests.java b/itest/web/src/integration-test/java/org/springframework/security/integration/ConcurrentSessionManagementTests.java
index bf6bb9153c..5a12ec245d 100644
--- a/itest/web/src/integration-test/java/org/springframework/security/integration/ConcurrentSessionManagementTests.java
+++ b/itest/web/src/integration-test/java/org/springframework/security/integration/ConcurrentSessionManagementTests.java
@@ -46,55 +46,44 @@ public class ConcurrentSessionManagementTests extends AbstractWebServerIntegrati
 		final MockHttpSession session1 = new MockHttpSession();
 		final MockHttpSession session2 = new MockHttpSession();
 
-		MockMvc mockMvc = createMockMvc("classpath:/spring/http-security-concurrency.xml", "classpath:/spring/in-memory-provider.xml", "classpath:/spring/testapp-servlet.xml");
+		MockMvc mockMvc = createMockMvc("classpath:/spring/http-security-concurrency.xml",
+				"classpath:/spring/in-memory-provider.xml", "classpath:/spring/testapp-servlet.xml");
 
-		mockMvc.perform(get("/secure/index").session(session1))
-			.andExpect(status().is3xxRedirection());
+		mockMvc.perform(get("/secure/index").session(session1)).andExpect(status().is3xxRedirection());
 
-		MockHttpServletRequestBuilder login1 = login()
-				.session(session1);
-		mockMvc.
-			perform(login1)
-			.andExpect(authenticated().withUsername("jimi"));
+		MockHttpServletRequestBuilder login1 = login().session(session1);
+		mockMvc.perform(login1).andExpect(authenticated().withUsername("jimi"));
 
-
-		MockHttpServletRequestBuilder login2 = login()
-				.session(session2);
-		mockMvc.perform(login2)
-			.andExpect(redirectedUrl("/login.jsp?login_error=true"));
+		MockHttpServletRequestBuilder login2 = login().session(session2);
+		mockMvc.perform(login2).andExpect(redirectedUrl("/login.jsp?login_error=true"));
 		Exception exception = (Exception) session2.getAttribute("SPRING_SECURITY_LAST_EXCEPTION");
 		assertThat(exception).isNotNull();
 		assertThat(exception.getMessage()).contains("Maximum sessions of 1 for this principal exceeded");
 
 		// Now logout to kill first session
-		mockMvc.perform(post("/logout").with(csrf()))
-			.andExpect(status().is3xxRedirection())
-			.andDo(result -> context.publishEvent(new SessionDestroyedEvent(session1) {
-				@Override
-				public List<SecurityContext> getSecurityContexts() {
-					return Collections.emptyList();
-				}
+		mockMvc.perform(post("/logout").with(csrf())).andExpect(status().is3xxRedirection())
+				.andDo(result -> context.publishEvent(new SessionDestroyedEvent(session1) {
+					@Override
+					public List<SecurityContext> getSecurityContexts() {
+						return Collections.emptyList();
+					}
 
-				@Override
-				public String getId() {
-					return session1.getId();
-				}
-			}));
+					@Override
+					public String getId() {
+						return session1.getId();
+					}
+				}));
 
 		// Try second session again
-		login2 = login()
-				.session(session2);
-		mockMvc.perform(login2)
-			.andExpect(authenticated().withUsername("jimi"));
+		login2 = login().session(session2);
+		mockMvc.perform(login2).andExpect(authenticated().withUsername("jimi"));
 
 		mockMvc.perform(get("/secure/index").session(session2))
-			.andExpect(content().string(containsString("A Secure Page")));
+				.andExpect(content().string(containsString("A Secure Page")));
 	}
 
 	private MockHttpServletRequestBuilder login() {
-		return post("/login")
-		.param("username", "jimi")
-		.param("password", "jimispassword")
-		.with(csrf());
+		return post("/login").param("username", "jimi").param("password", "jimispassword").with(csrf());
 	}
+
 }
diff --git a/itest/web/src/main/java/org/springframework/security/itest/web/TestController.java b/itest/web/src/main/java/org/springframework/security/itest/web/TestController.java
index 307ce68f6c..04381f890c 100644
--- a/itest/web/src/main/java/org/springframework/security/itest/web/TestController.java
+++ b/itest/web/src/main/java/org/springframework/security/itest/web/TestController.java
@@ -38,4 +38,5 @@ public class TestController {
 	public String secure() {
 		return "A Secure Page";
 	}
+
 }
diff --git a/ldap/src/integration-test/java/org/springframework/security/ldap/ApacheDsContainerConfig.java b/ldap/src/integration-test/java/org/springframework/security/ldap/ApacheDsContainerConfig.java
index ec6cd0fc7a..42c7b2a74b 100644
--- a/ldap/src/integration-test/java/org/springframework/security/ldap/ApacheDsContainerConfig.java
+++ b/ldap/src/integration-test/java/org/springframework/security/ldap/ApacheDsContainerConfig.java
@@ -32,16 +32,15 @@ public class ApacheDsContainerConfig {
 
 	@Bean
 	ApacheDSContainer ldapContainer() throws Exception {
-		this.container = new ApacheDSContainer("dc=springframework,dc=org",
-				"classpath:test-server.ldif");
+		this.container = new ApacheDSContainer("dc=springframework,dc=org", "classpath:test-server.ldif");
 		this.container.setPort(0);
 		return this.container;
 	}
 
 	@Bean
 	ContextSource contextSource(ApacheDSContainer ldapContainer) throws Exception {
-		return new DefaultSpringSecurityContextSource("ldap://127.0.0.1:"
-				+ ldapContainer.getLocalPort() + "/dc=springframework,dc=org");
+		return new DefaultSpringSecurityContextSource(
+				"ldap://127.0.0.1:" + ldapContainer.getLocalPort() + "/dc=springframework,dc=org");
 	}
 
 	@PreDestroy
diff --git a/ldap/src/integration-test/java/org/springframework/security/ldap/DefaultSpringSecurityContextSourceTests.java b/ldap/src/integration-test/java/org/springframework/security/ldap/DefaultSpringSecurityContextSourceTests.java
index e2da339fcf..e993a200fe 100644
--- a/ldap/src/integration-test/java/org/springframework/security/ldap/DefaultSpringSecurityContextSourceTests.java
+++ b/ldap/src/integration-test/java/org/springframework/security/ldap/DefaultSpringSecurityContextSourceTests.java
@@ -53,8 +53,7 @@ public class DefaultSpringSecurityContextSourceTests {
 
 	@Test
 	public void supportsSpacesInUrl() {
-		new DefaultSpringSecurityContextSource(
-				"ldap://myhost:10389/dc=spring%20framework,dc=org");
+		new DefaultSpringSecurityContextSource("ldap://myhost:10389/dc=spring%20framework,dc=org");
 	}
 
 	@Test
@@ -64,8 +63,8 @@ public class DefaultSpringSecurityContextSourceTests {
 		ctxSrc.setUserDn("manager");
 		ctxSrc.setPassword("password");
 		ctxSrc.afterPropertiesSet();
-		assertThat(ctxSrc.getAuthenticatedEnvForTest("manager", "password")).containsKey(
-				AbstractContextSource.SUN_LDAP_POOLING_FLAG);
+		assertThat(ctxSrc.getAuthenticatedEnvForTest("manager", "password"))
+				.containsKey(AbstractContextSource.SUN_LDAP_POOLING_FLAG);
 	}
 
 	@Test
@@ -75,18 +74,16 @@ public class DefaultSpringSecurityContextSourceTests {
 		ctxSrc.setUserDn("manager");
 		ctxSrc.setPassword("password");
 		ctxSrc.afterPropertiesSet();
-		assertThat(ctxSrc.getAuthenticatedEnvForTest("user", "password")).doesNotContainKey(
-				AbstractContextSource.SUN_LDAP_POOLING_FLAG);
+		assertThat(ctxSrc.getAuthenticatedEnvForTest("user", "password"))
+				.doesNotContainKey(AbstractContextSource.SUN_LDAP_POOLING_FLAG);
 	}
 
 	// SEC-1145. Confirms that there is no issue here with pooling.
 	@Test(expected = AuthenticationException.class)
-	public void cantBindWithWrongPasswordImmediatelyAfterSuccessfulBind()
-			throws Exception {
+	public void cantBindWithWrongPasswordImmediatelyAfterSuccessfulBind() throws Exception {
 		DirContext ctx = null;
 		try {
-			ctx = this.contextSource.getContext(
-					"uid=Bob,ou=people,dc=springframework,dc=org", "bobspassword");
+			ctx = this.contextSource.getContext("uid=Bob,ou=people,dc=springframework,dc=org", "bobspassword");
 		}
 		catch (Exception e) {
 		}
@@ -95,27 +92,23 @@ public class DefaultSpringSecurityContextSourceTests {
 		ctx.close();
 		// com.sun.jndi.ldap.LdapPoolManager.showStats(System.out);
 		// Now get it gain, with wrong password. Should fail.
-		ctx = this.contextSource.getContext(
-				"uid=Bob,ou=people,dc=springframework,dc=org", "wrongpassword");
+		ctx = this.contextSource.getContext("uid=Bob,ou=people,dc=springframework,dc=org", "wrongpassword");
 		ctx.close();
 	}
 
 	@Test
 	public void serverUrlWithSpacesIsSupported() {
 		DefaultSpringSecurityContextSource contextSource = new DefaultSpringSecurityContextSource(
-				this.contextSource.getUrls()[0]
-						+ "ou=space%20cadets,dc=springframework,dc=org");
+				this.contextSource.getUrls()[0] + "ou=space%20cadets,dc=springframework,dc=org");
 		contextSource.afterPropertiesSet();
-		contextSource.getContext(
-				"uid=space cadet,ou=space cadets,dc=springframework,dc=org",
-				"spacecadetspassword");
+		contextSource.getContext("uid=space cadet,ou=space cadets,dc=springframework,dc=org", "spacecadetspassword");
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void instantiationFailsWithEmptyServerList() {
 		List<String> serverUrls = new ArrayList<>();
-		DefaultSpringSecurityContextSource ctxSrc = new DefaultSpringSecurityContextSource(
-				serverUrls, "dc=springframework,dc=org");
+		DefaultSpringSecurityContextSource ctxSrc = new DefaultSpringSecurityContextSource(serverUrls,
+				"dc=springframework,dc=org");
 		ctxSrc.afterPropertiesSet();
 	}
 
@@ -125,8 +118,8 @@ public class DefaultSpringSecurityContextSourceTests {
 		serverUrls.add("ldap://foo:789");
 		serverUrls.add("ldap://bar:389");
 		serverUrls.add("ldaps://blah:636");
-		DefaultSpringSecurityContextSource ctxSrc = new DefaultSpringSecurityContextSource(
-				serverUrls, "dc=springframework,dc=org");
+		DefaultSpringSecurityContextSource ctxSrc = new DefaultSpringSecurityContextSource(serverUrls,
+				"dc=springframework,dc=org");
 
 		assertThat(ctxSrc.isAnonymousReadOnly()).isFalse();
 		assertThat(ctxSrc.isPooled()).isTrue();
@@ -140,8 +133,7 @@ public class DefaultSpringSecurityContextSourceTests {
 		serverUrls.add("ldap://foo:789");
 		serverUrls.add("ldap://bar:389");
 		serverUrls.add("ldaps://blah:636");
-		DefaultSpringSecurityContextSource ctxSrc = new DefaultSpringSecurityContextSource(
-				serverUrls, baseDn);
+		DefaultSpringSecurityContextSource ctxSrc = new DefaultSpringSecurityContextSource(serverUrls, baseDn);
 
 		assertThat(ctxSrc.isAnonymousReadOnly()).isFalse();
 		assertThat(ctxSrc.isPooled()).isTrue();
@@ -154,12 +146,12 @@ public class DefaultSpringSecurityContextSourceTests {
 		serverUrls.add("ldaps://blah:636/");
 		// this url should be rejected because the root DN goes into a separate parameter
 		serverUrls.add("ldap://bar:389/dc=foobar,dc=org");
-		DefaultSpringSecurityContextSource ctxSrc = new DefaultSpringSecurityContextSource(
-				serverUrls, "dc=springframework,dc=org");
+		DefaultSpringSecurityContextSource ctxSrc = new DefaultSpringSecurityContextSource(serverUrls,
+				"dc=springframework,dc=org");
 	}
 
-	static class EnvExposingDefaultSpringSecurityContextSource extends
-			DefaultSpringSecurityContextSource {
+	static class EnvExposingDefaultSpringSecurityContextSource extends DefaultSpringSecurityContextSource {
+
 		EnvExposingDefaultSpringSecurityContextSource(String providerUrl) {
 			super(providerUrl);
 		}
@@ -168,5 +160,7 @@ public class DefaultSpringSecurityContextSourceTests {
 		Hashtable getAuthenticatedEnvForTest(String userDn, String password) {
 			return getAuthenticatedEnv(userDn, password);
 		}
+
 	}
+
 }
diff --git a/ldap/src/integration-test/java/org/springframework/security/ldap/SpringSecurityLdapTemplateITests.java b/ldap/src/integration-test/java/org/springframework/security/ldap/SpringSecurityLdapTemplateITests.java
index 697a9f9bfb..c4bfe8b50b 100644
--- a/ldap/src/integration-test/java/org/springframework/security/ldap/SpringSecurityLdapTemplateITests.java
+++ b/ldap/src/integration-test/java/org/springframework/security/ldap/SpringSecurityLdapTemplateITests.java
@@ -45,11 +45,13 @@ import org.springframework.test.context.junit4.SpringRunner;
 @RunWith(SpringRunner.class)
 @ContextConfiguration(classes = ApacheDsContainerConfig.class)
 public class SpringSecurityLdapTemplateITests {
+
 	// ~ Instance fields
 	// ================================================================================================
 
 	@Autowired
 	private DefaultSpringSecurityContextSource contextSource;
+
 	private SpringSecurityLdapTemplate template;
 
 	// ~ Methods
@@ -67,14 +69,12 @@ public class SpringSecurityLdapTemplateITests {
 
 	@Test
 	public void compareOfCorrectByteValueSucceeds() {
-		assertThat(template.compare("uid=bob,ou=people", "userPassword",
-				Utf8.encode("bobspassword"))).isTrue();
+		assertThat(template.compare("uid=bob,ou=people", "userPassword", Utf8.encode("bobspassword"))).isTrue();
 	}
 
 	@Test
 	public void compareOfWrongByteValueFails() {
-		assertThat(template.compare("uid=bob,ou=people", "userPassword",
-				Utf8.encode("wrongvalue"))).isFalse();
+		assertThat(template.compare("uid=bob,ou=people", "userPassword", Utf8.encode("wrongvalue"))).isFalse();
 	}
 
 	@Test
@@ -108,8 +108,8 @@ public class SpringSecurityLdapTemplateITests {
 	public void roleSearchReturnsCorrectNumberOfRoles() {
 		String param = "uid=ben,ou=people,dc=springframework,dc=org";
 
-		Set<String> values = template.searchForSingleAttributeValues("ou=groups",
-				"(member={0})", new String[] { param }, "ou");
+		Set<String> values = template.searchForSingleAttributeValues("ou=groups", "(member={0})",
+				new String[] { param }, "ou");
 
 		assertThat(values).as("Expected 3 results from search").hasSize(3);
 		assertThat(values.contains("developer")).isTrue();
@@ -119,14 +119,12 @@ public class SpringSecurityLdapTemplateITests {
 
 	@Test
 	public void testMultiAttributeRetrievalWithNullAttributeNames() {
-		Set<Map<String, List<String>>> values = template
-				.searchForMultipleAttributeValues("ou=people", "(uid={0})",
-						new String[] { "bob" }, null);
+		Set<Map<String, List<String>>> values = template.searchForMultipleAttributeValues("ou=people", "(uid={0})",
+				new String[] { "bob" }, null);
 		assertThat(values).hasSize(1);
 		Map<String, List<String>> record = values.iterator().next();
 		assertAttributeValue(record, "uid", "bob");
-		assertAttributeValue(record, "objectclass", "top", "person",
-				"organizationalPerson", "inetOrgPerson");
+		assertAttributeValue(record, "objectclass", "top", "person", "organizationalPerson", "inetOrgPerson");
 		assertAttributeValue(record, "cn", "Bob Hamilton");
 		assertAttributeValue(record, "sn", "Hamilton");
 		assertThat(record.containsKey("userPassword")).isFalse();
@@ -134,14 +132,12 @@ public class SpringSecurityLdapTemplateITests {
 
 	@Test
 	public void testMultiAttributeRetrievalWithZeroLengthAttributeNames() {
-		Set<Map<String, List<String>>> values = template
-				.searchForMultipleAttributeValues("ou=people", "(uid={0})",
-						new String[] { "bob" }, new String[0]);
+		Set<Map<String, List<String>>> values = template.searchForMultipleAttributeValues("ou=people", "(uid={0})",
+				new String[] { "bob" }, new String[0]);
 		assertThat(values).hasSize(1);
 		Map<String, List<String>> record = values.iterator().next();
 		assertAttributeValue(record, "uid", "bob");
-		assertAttributeValue(record, "objectclass", "top", "person",
-				"organizationalPerson", "inetOrgPerson");
+		assertAttributeValue(record, "objectclass", "top", "person", "organizationalPerson", "inetOrgPerson");
 		assertAttributeValue(record, "cn", "Bob Hamilton");
 		assertAttributeValue(record, "sn", "Hamilton");
 		assertThat(record.containsKey("userPassword")).isFalse();
@@ -149,9 +145,8 @@ public class SpringSecurityLdapTemplateITests {
 
 	@Test
 	public void testMultiAttributeRetrievalWithSpecifiedAttributeNames() {
-		Set<Map<String, List<String>>> values = template
-				.searchForMultipleAttributeValues("ou=people", "(uid={0})",
-						new String[] { "bob" }, new String[] { "uid", "cn", "sn" });
+		Set<Map<String, List<String>>> values = template.searchForMultipleAttributeValues("ou=people", "(uid={0})",
+				new String[] { "bob" }, new String[] { "uid", "cn", "sn" });
 		assertThat(values).hasSize(1);
 		Map<String, List<String>> record = values.iterator().next();
 		assertAttributeValue(record, "uid", "bob");
@@ -161,8 +156,7 @@ public class SpringSecurityLdapTemplateITests {
 		assertThat(record.containsKey("objectclass")).isFalse();
 	}
 
-	protected void assertAttributeValue(Map<String, List<String>> record,
-			String attributeName, String... values) {
+	protected void assertAttributeValue(Map<String, List<String>> record, String attributeName, String... values) {
 		assertThat(record.containsKey(attributeName)).isTrue();
 		assertThat(record.get(attributeName)).hasSize(values.length);
 		for (int i = 0; i < values.length; i++) {
@@ -174,8 +168,8 @@ public class SpringSecurityLdapTemplateITests {
 	public void testRoleSearchForMissingAttributeFailsGracefully() {
 		String param = "uid=ben,ou=people,dc=springframework,dc=org";
 
-		Set<String> values = template.searchForSingleAttributeValues("ou=groups",
-				"(member={0})", new String[] { param }, "mail");
+		Set<String> values = template.searchForSingleAttributeValues("ou=groups", "(member={0})",
+				new String[] { param }, "mail");
 
 		assertThat(values).isEmpty();
 	}
@@ -184,8 +178,8 @@ public class SpringSecurityLdapTemplateITests {
 	public void roleSearchWithEscapedCharacterSucceeds() {
 		String param = "cn=mouse\\, jerry,ou=people,dc=springframework,dc=org";
 
-		Set<String> values = template.searchForSingleAttributeValues("ou=groups",
-				"(member={0})", new String[] { param }, "cn");
+		Set<String> values = template.searchForSingleAttributeValues("ou=groups", "(member={0})",
+				new String[] { param }, "cn");
 
 		assertThat(values).hasSize(1);
 	}
@@ -205,9 +199,8 @@ public class SpringSecurityLdapTemplateITests {
 		controls.setReturningAttributes(null);
 		String param = "cn=mouse\\, jerry,ou=people,dc=springframework,dc=org";
 
-		javax.naming.NamingEnumeration<SearchResult> results = ctx.search(
-				"ou=groups,dc=springframework,dc=org", "(member={0})",
-				new String[] { param }, controls);
+		javax.naming.NamingEnumeration<SearchResult> results = ctx.search("ou=groups,dc=springframework,dc=org",
+				"(member={0})", new String[] { param }, controls);
 
 		assertThat(results.hasMore()).as("Expected a result").isTrue();
 	}
diff --git a/ldap/src/integration-test/java/org/springframework/security/ldap/authentication/BindAuthenticatorTests.java b/ldap/src/integration-test/java/org/springframework/security/ldap/authentication/BindAuthenticatorTests.java
index 072cfebb96..6530c7794c 100644
--- a/ldap/src/integration-test/java/org/springframework/security/ldap/authentication/BindAuthenticatorTests.java
+++ b/ldap/src/integration-test/java/org/springframework/security/ldap/authentication/BindAuthenticatorTests.java
@@ -35,7 +35,6 @@ import org.springframework.test.context.junit4.SpringRunner;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.fail;
 
-
 /**
  * Tests for {@link BindAuthenticator}.
  *
@@ -45,12 +44,15 @@ import static org.assertj.core.api.Assertions.fail;
 @RunWith(SpringRunner.class)
 @ContextConfiguration(classes = ApacheDsContainerConfig.class)
 public class BindAuthenticatorTests {
+
 	// ~ Instance fields
 	// ================================================================================================
 
 	@Autowired
 	private DefaultSpringSecurityContextSource contextSource;
+
 	private BindAuthenticator authenticator;
+
 	private Authentication bob;
 
 	// ~ Methods
@@ -66,19 +68,16 @@ public class BindAuthenticatorTests {
 
 	@Test(expected = BadCredentialsException.class)
 	public void emptyPasswordIsRejected() {
-		this.authenticator
-				.authenticate(new UsernamePasswordAuthenticationToken("jen", ""));
+		this.authenticator.authenticate(new UsernamePasswordAuthenticationToken("jen", ""));
 	}
 
 	@Test
 	public void testAuthenticationWithCorrectPasswordSucceeds() {
-		this.authenticator.setUserDnPatterns(
-				new String[] { "uid={0},ou=people", "cn={0},ou=people" });
+		this.authenticator.setUserDnPatterns(new String[] { "uid={0},ou=people", "cn={0},ou=people" });
 
 		DirContextOperations user = this.authenticator.authenticate(this.bob);
 		assertThat(user.getStringAttribute("uid")).isEqualTo("bob");
-		this.authenticator.authenticate(new UsernamePasswordAuthenticationToken(
-				"mouse, jerry", "jerryspassword"));
+		this.authenticator.authenticate(new UsernamePasswordAuthenticationToken("mouse, jerry", "jerryspassword"));
 	}
 
 	@Test
@@ -86,8 +85,7 @@ public class BindAuthenticatorTests {
 		this.authenticator.setUserDnPatterns(new String[] { "uid={0},ou=people" });
 
 		try {
-			this.authenticator.authenticate(new UsernamePasswordAuthenticationToken(
-					"nonexistentsuser", "password"));
+			this.authenticator.authenticate(new UsernamePasswordAuthenticationToken("nonexistentsuser", "password"));
 			fail("Shouldn't be able to bind with invalid username");
 		}
 		catch (BadCredentialsException expected) {
@@ -98,28 +96,21 @@ public class BindAuthenticatorTests {
 	public void testAuthenticationWithUserSearch() throws Exception {
 		// DirContextAdapter ctx = new DirContextAdapter(new
 		// DistinguishedName("uid=bob,ou=people"));
-		this.authenticator.setUserSearch(new FilterBasedLdapUserSearch("ou=people",
-				"(uid={0})", this.contextSource));
+		this.authenticator.setUserSearch(new FilterBasedLdapUserSearch("ou=people", "(uid={0})", this.contextSource));
 		this.authenticator.afterPropertiesSet();
 		DirContextOperations result = this.authenticator.authenticate(this.bob);
-		//ensure we are getting the same attributes back
+		// ensure we are getting the same attributes back
 		assertThat(result.getStringAttribute("cn")).isEqualTo("Bob Hamilton");
 		// SEC-1444
-		this.authenticator.setUserSearch(new FilterBasedLdapUserSearch("ou=people",
-				"(cn={0})", this.contextSource));
-		this.authenticator.authenticate(new UsernamePasswordAuthenticationToken(
-				"mouse, jerry", "jerryspassword"));
-		this.authenticator.authenticate(new UsernamePasswordAuthenticationToken(
-				"slash/guy", "slashguyspassword"));
+		this.authenticator.setUserSearch(new FilterBasedLdapUserSearch("ou=people", "(cn={0})", this.contextSource));
+		this.authenticator.authenticate(new UsernamePasswordAuthenticationToken("mouse, jerry", "jerryspassword"));
+		this.authenticator.authenticate(new UsernamePasswordAuthenticationToken("slash/guy", "slashguyspassword"));
 		// SEC-1661
-		this.authenticator.setUserSearch(new FilterBasedLdapUserSearch(
-				"ou=\\\"quoted people\\\"", "(cn={0})", this.contextSource));
-		this.authenticator.authenticate(new UsernamePasswordAuthenticationToken(
-				"quote\"guy", "quoteguyspassword"));
 		this.authenticator.setUserSearch(
-				new FilterBasedLdapUserSearch("", "(cn={0})", this.contextSource));
-		this.authenticator.authenticate(new UsernamePasswordAuthenticationToken(
-				"quote\"guy", "quoteguyspassword"));
+				new FilterBasedLdapUserSearch("ou=\\\"quoted people\\\"", "(cn={0})", this.contextSource));
+		this.authenticator.authenticate(new UsernamePasswordAuthenticationToken("quote\"guy", "quoteguyspassword"));
+		this.authenticator.setUserSearch(new FilterBasedLdapUserSearch("", "(cn={0})", this.contextSource));
+		this.authenticator.authenticate(new UsernamePasswordAuthenticationToken("quote\"guy", "quoteguyspassword"));
 	}
 
 	/*
@@ -148,8 +139,7 @@ public class BindAuthenticatorTests {
 		this.authenticator.setUserDnPatterns(new String[] { "uid={0},ou=people" });
 
 		try {
-			this.authenticator.authenticate(
-					new UsernamePasswordAuthenticationToken("bob", "wrongpassword"));
+			this.authenticator.authenticate(new UsernamePasswordAuthenticationToken("bob", "wrongpassword"));
 			fail("Shouldn't be able to bind with wrong password");
 		}
 		catch (BadCredentialsException expected) {
@@ -159,7 +149,7 @@ public class BindAuthenticatorTests {
 	@Test
 	public void testUserDnPatternReturnsCorrectDn() {
 		this.authenticator.setUserDnPatterns(new String[] { "cn={0},ou=people" });
-		assertThat(this.authenticator.getUserDns("Joe").get(0))
-				.isEqualTo("cn=Joe,ou=people");
+		assertThat(this.authenticator.getUserDns("Joe").get(0)).isEqualTo("cn=Joe,ou=people");
 	}
+
 }
diff --git a/ldap/src/integration-test/java/org/springframework/security/ldap/authentication/PasswordComparisonAuthenticatorTests.java b/ldap/src/integration-test/java/org/springframework/security/ldap/authentication/PasswordComparisonAuthenticatorTests.java
index 1fe8f97f8f..11ecffcf65 100644
--- a/ldap/src/integration-test/java/org/springframework/security/ldap/authentication/PasswordComparisonAuthenticatorTests.java
+++ b/ldap/src/integration-test/java/org/springframework/security/ldap/authentication/PasswordComparisonAuthenticatorTests.java
@@ -46,13 +46,17 @@ import static org.assertj.core.api.Assertions.*;
 @RunWith(SpringRunner.class)
 @ContextConfiguration(classes = ApacheDsContainerConfig.class)
 public class PasswordComparisonAuthenticatorTests {
+
 	// ~ Instance fields
 	// ================================================================================================
 
 	@Autowired
 	private DefaultSpringSecurityContextSource contextSource;
+
 	private PasswordComparisonAuthenticator authenticator;
+
 	private Authentication bob;
+
 	private Authentication ben;
 
 	// ~ Methods
@@ -82,8 +86,7 @@ public class PasswordComparisonAuthenticatorTests {
 		authenticator.afterPropertiesSet();
 
 		try {
-			authenticator.authenticate(new UsernamePasswordAuthenticationToken("Joe",
-					"pass"));
+			authenticator.authenticate(new UsernamePasswordAuthenticationToken("Joe", "pass"));
 			fail("Expected exception on failed user search");
 		}
 		catch (UsernameNotFoundException expected) {
@@ -94,14 +97,12 @@ public class PasswordComparisonAuthenticatorTests {
 	public void testLdapPasswordCompareFailsWithWrongPassword() {
 		// Don't retrieve the password
 		authenticator.setUserAttributes(new String[] { "uid", "cn", "sn" });
-		authenticator.authenticate(new UsernamePasswordAuthenticationToken("bob",
-				"wrongpass"));
+		authenticator.authenticate(new UsernamePasswordAuthenticationToken("bob", "wrongpass"));
 	}
 
 	@Test
 	public void testMultipleDnPatternsWorkOk() {
-		authenticator.setUserDnPatterns(new String[] { "uid={0},ou=nonexistent",
-				"uid={0},ou=people" });
+		authenticator.setUserDnPatterns(new String[] { "uid={0},ou=nonexistent", "uid={0},ou=people" });
 		authenticator.authenticate(bob);
 	}
 
@@ -110,8 +111,7 @@ public class PasswordComparisonAuthenticatorTests {
 		authenticator.setUserAttributes(new String[] { "uid", "userPassword" });
 
 		DirContextAdapter user = (DirContextAdapter) authenticator.authenticate(bob);
-		assertThat(user
-				.getAttributes().size()).withFailMessage("Should have retrieved 2 attribute (uid)").isEqualTo(2);
+		assertThat(user.getAttributes().size()).withFailMessage("Should have retrieved 2 attribute (uid)").isEqualTo(2);
 	}
 
 	@Test
@@ -145,8 +145,7 @@ public class PasswordComparisonAuthenticatorTests {
 	public void testLdapCompareWithDifferentPasswordAttributeSucceeds() {
 		authenticator.setUserAttributes(new String[] { "uid" });
 		authenticator.setPasswordAttributeName("cn");
-		authenticator.authenticate(new UsernamePasswordAuthenticationToken("ben",
-				"Ben Alex"));
+		authenticator.authenticate(new UsernamePasswordAuthenticationToken("ben", "Ben Alex"));
 	}
 
 	@Test
@@ -155,12 +154,11 @@ public class PasswordComparisonAuthenticatorTests {
 		authenticator.setPasswordEncoder(NoOpPasswordEncoder.getInstance());
 		assertThat(authenticator.getUserDns("Bob")).withFailMessage("User DN matches shouldn't be available").isEmpty();
 
-		DirContextAdapter ctx = new DirContextAdapter(new DistinguishedName(
-				"uid=Bob,ou=people"));
+		DirContextAdapter ctx = new DirContextAdapter(new DistinguishedName("uid=Bob,ou=people"));
 		ctx.setAttributeValue("userPassword", "bobspassword");
 
 		authenticator.setUserSearch(new MockUserSearch(ctx));
-		authenticator.authenticate(new UsernamePasswordAuthenticationToken(
-				"shouldntbeused", "bobspassword"));
+		authenticator.authenticate(new UsernamePasswordAuthenticationToken("shouldntbeused", "bobspassword"));
 	}
+
 }
diff --git a/ldap/src/integration-test/java/org/springframework/security/ldap/search/FilterBasedLdapUserSearchTests.java b/ldap/src/integration-test/java/org/springframework/security/ldap/search/FilterBasedLdapUserSearchTests.java
index 789e89f4ee..8483981bde 100644
--- a/ldap/src/integration-test/java/org/springframework/security/ldap/search/FilterBasedLdapUserSearchTests.java
+++ b/ldap/src/integration-test/java/org/springframework/security/ldap/search/FilterBasedLdapUserSearchTests.java
@@ -47,8 +47,7 @@ public class FilterBasedLdapUserSearchTests {
 
 	@Test
 	public void basicSearchSucceeds() throws Exception {
-		FilterBasedLdapUserSearch locator = new FilterBasedLdapUserSearch("ou=people",
-				"(uid={0})", this.contextSource);
+		FilterBasedLdapUserSearch locator = new FilterBasedLdapUserSearch("ou=people", "(uid={0})", this.contextSource);
 		locator.setSearchSubtree(false);
 		locator.setSearchTimeLimit(0);
 		locator.setDerefLinkFlag(false);
@@ -61,8 +60,7 @@ public class FilterBasedLdapUserSearchTests {
 
 	@Test
 	public void searchForNameWithCommaSucceeds() throws Exception {
-		FilterBasedLdapUserSearch locator = new FilterBasedLdapUserSearch("ou=people",
-				"(uid={0})", this.contextSource);
+		FilterBasedLdapUserSearch locator = new FilterBasedLdapUserSearch("ou=people", "(uid={0})", this.contextSource);
 		locator.setSearchSubtree(false);
 
 		DirContextOperations jerry = locator.searchForUser("jerry");
@@ -74,8 +72,7 @@ public class FilterBasedLdapUserSearchTests {
 	// Try some funny business with filters.
 	@Test
 	public void extraFilterPartToExcludeBob() {
-		FilterBasedLdapUserSearch locator = new FilterBasedLdapUserSearch(
-				"ou=people",
+		FilterBasedLdapUserSearch locator = new FilterBasedLdapUserSearch("ou=people",
 				"(&(cn=*)(!(|(uid={0})(uid=rod)(uid=jerry)(uid=slashguy)(uid=javadude)(uid=groovydude)(uid=closuredude)(uid=scaladude))))",
 				this.contextSource);
 
@@ -86,23 +83,20 @@ public class FilterBasedLdapUserSearchTests {
 
 	@Test(expected = IncorrectResultSizeDataAccessException.class)
 	public void searchFailsOnMultipleMatches() {
-		FilterBasedLdapUserSearch locator = new FilterBasedLdapUserSearch("ou=people",
-				"(cn=*)", this.contextSource);
+		FilterBasedLdapUserSearch locator = new FilterBasedLdapUserSearch("ou=people", "(cn=*)", this.contextSource);
 		locator.searchForUser("Ignored");
 	}
 
 	@Test(expected = UsernameNotFoundException.class)
 	public void searchForInvalidUserFails() {
-		FilterBasedLdapUserSearch locator = new FilterBasedLdapUserSearch("ou=people",
-				"(uid={0})", this.contextSource);
+		FilterBasedLdapUserSearch locator = new FilterBasedLdapUserSearch("ou=people", "(uid={0})", this.contextSource);
 		locator.searchForUser("Joe");
 	}
 
 	@Test
 	public void subTreeSearchSucceeds() throws Exception {
 		// Don't set the searchBase, so search from the root.
-		FilterBasedLdapUserSearch locator = new FilterBasedLdapUserSearch("", "(cn={0})",
-				this.contextSource);
+		FilterBasedLdapUserSearch locator = new FilterBasedLdapUserSearch("", "(cn={0})", this.contextSource);
 		locator.setSearchSubtree(true);
 
 		DirContextOperations ben = locator.searchForUser("Ben Alex");
@@ -113,8 +107,8 @@ public class FilterBasedLdapUserSearchTests {
 
 	@Test
 	public void searchWithDifferentSearchBaseIsSuccessful() {
-		FilterBasedLdapUserSearch locator = new FilterBasedLdapUserSearch(
-				"ou=otherpeople", "(cn={0})", this.contextSource);
+		FilterBasedLdapUserSearch locator = new FilterBasedLdapUserSearch("ou=otherpeople", "(cn={0})",
+				this.contextSource);
 		DirContextOperations joe = locator.searchForUser("Joe Smeth");
 		assertThat(joe.getStringAttribute("cn")).isEqualTo("Joe Smeth");
 	}
diff --git a/ldap/src/integration-test/java/org/springframework/security/ldap/server/ApacheDSContainerTests.java b/ldap/src/integration-test/java/org/springframework/security/ldap/server/ApacheDSContainerTests.java
index add74ddf45..da2976563f 100644
--- a/ldap/src/integration-test/java/org/springframework/security/ldap/server/ApacheDSContainerTests.java
+++ b/ldap/src/integration-test/java/org/springframework/security/ldap/server/ApacheDSContainerTests.java
@@ -50,10 +50,8 @@ public class ApacheDSContainerTests {
 	// SEC-2162
 	@Test
 	public void failsToStartThrowsException() throws Exception {
-		ApacheDSContainer server1 = new ApacheDSContainer("dc=springframework,dc=org",
-				"classpath:test-server.ldif");
-		ApacheDSContainer server2 = new ApacheDSContainer("dc=springframework,dc=org",
-				"classpath:missing.ldif");
+		ApacheDSContainer server1 = new ApacheDSContainer("dc=springframework,dc=org", "classpath:test-server.ldif");
+		ApacheDSContainer server2 = new ApacheDSContainer("dc=springframework,dc=org", "classpath:missing.ldif");
 		List<Integer> ports = getDefaultPorts(1);
 		server1.setPort(ports.get(0));
 		server2.setPort(ports.get(0));
@@ -83,10 +81,8 @@ public class ApacheDSContainerTests {
 	// SEC-2161
 	@Test
 	public void multipleInstancesSimultanciously() throws Exception {
-		ApacheDSContainer server1 = new ApacheDSContainer("dc=springframework,dc=org",
-				"classpath:test-server.ldif");
-		ApacheDSContainer server2 = new ApacheDSContainer("dc=springframework,dc=org",
-				"classpath:test-server.ldif");
+		ApacheDSContainer server1 = new ApacheDSContainer("dc=springframework,dc=org", "classpath:test-server.ldif");
+		ApacheDSContainer server2 = new ApacheDSContainer("dc=springframework,dc=org", "classpath:test-server.ldif");
 		List<Integer> ports = getDefaultPorts(2);
 		server1.setPort(ports.get(0));
 		server2.setPort(ports.get(1));
@@ -110,8 +106,7 @@ public class ApacheDSContainerTests {
 
 	@Test
 	public void startWithLdapOverSslWithoutCertificate() throws Exception {
-		ApacheDSContainer server = new ApacheDSContainer("dc=springframework,dc=org",
-				"classpath:test-server.ldif");
+		ApacheDSContainer server = new ApacheDSContainer("dc=springframework,dc=org", "classpath:test-server.ldif");
 		List<Integer> ports = getDefaultPorts(1);
 		server.setPort(ports.get(0));
 		server.setLdapOverSslEnabled(true);
@@ -120,21 +115,21 @@ public class ApacheDSContainerTests {
 			server.afterPropertiesSet();
 			fail("Expected an IllegalArgumentException to be thrown.");
 		}
-		catch (IllegalArgumentException e){
+		catch (IllegalArgumentException e) {
 			assertThat(e).hasMessage("When LdapOverSsl is enabled, the keyStoreFile property must be set.");
 		}
 	}
 
 	@Test
 	public void startWithLdapOverSslWithWrongPassword() throws Exception {
-		final ClassPathResource keyStoreResource = new ClassPathResource("/org/springframework/security/ldap/server/spring.keystore");
+		final ClassPathResource keyStoreResource = new ClassPathResource(
+				"/org/springframework/security/ldap/server/spring.keystore");
 		final File temporaryKeyStoreFile = new File(temporaryFolder.getRoot(), "spring.keystore");
 		FileCopyUtils.copy(keyStoreResource.getInputStream(), new FileOutputStream(temporaryKeyStoreFile));
 
 		assertThat(temporaryKeyStoreFile).isFile();
 
-		ApacheDSContainer server = new ApacheDSContainer("dc=springframework,dc=org",
-				"classpath:test-server.ldif");
+		ApacheDSContainer server = new ApacheDSContainer("dc=springframework,dc=org", "classpath:test-server.ldif");
 
 		List<Integer> ports = getDefaultPorts(1);
 		server.setPort(ports.get(0));
@@ -147,15 +142,15 @@ public class ApacheDSContainerTests {
 			server.afterPropertiesSet();
 			fail("Expected a RuntimeException to be thrown.");
 		}
-		catch (RuntimeException e){
+		catch (RuntimeException e) {
 			assertThat(e).hasMessage("Server startup failed");
 			assertThat(e).hasRootCauseInstanceOf(UnrecoverableKeyException.class);
 		}
 	}
 
 	/**
-	 * This test starts an LDAP server using LDAPs (LDAP over SSL). A self-signed certificate is being used, which was
-	 * previously generated with:
+	 * This test starts an LDAP server using LDAPs (LDAP over SSL). A self-signed
+	 * certificate is being used, which was previously generated with:
 	 *
 	 * <pre>
 	 * {@code
@@ -168,14 +163,14 @@ public class ApacheDSContainerTests {
 	@Test
 	public void startWithLdapOverSsl() throws Exception {
 
-		final ClassPathResource keyStoreResource = new ClassPathResource("/org/springframework/security/ldap/server/spring.keystore");
+		final ClassPathResource keyStoreResource = new ClassPathResource(
+				"/org/springframework/security/ldap/server/spring.keystore");
 		final File temporaryKeyStoreFile = new File(temporaryFolder.getRoot(), "spring.keystore");
 		FileCopyUtils.copy(keyStoreResource.getInputStream(), new FileOutputStream(temporaryKeyStoreFile));
 
 		assertThat(temporaryKeyStoreFile).isFile();
 
-		ApacheDSContainer server = new ApacheDSContainer("dc=springframework,dc=org",
-				"classpath:test-server.ldif");
+		ApacheDSContainer server = new ApacheDSContainer("dc=springframework,dc=org", "classpath:test-server.ldif");
 
 		List<Integer> ports = getDefaultPorts(1);
 		server.setPort(ports.get(0));
@@ -216,8 +211,7 @@ public class ApacheDSContainerTests {
 
 	@Test
 	public void afterPropertiesSetWhenPortIsZeroThenRandomPortIsSelected() throws Exception {
-		ApacheDSContainer server = new ApacheDSContainer("dc=springframework,dc=org",
-				"classpath:test-server.ldif");
+		ApacheDSContainer server = new ApacheDSContainer("dc=springframework,dc=org", "classpath:test-server.ldif");
 		server.setPort(0);
 		try {
 			server.afterPropertiesSet();
@@ -229,4 +223,5 @@ public class ApacheDSContainerTests {
 			server.destroy();
 		}
 	}
+
 }
diff --git a/ldap/src/integration-test/java/org/springframework/security/ldap/server/ApacheDSEmbeddedLdifTests.java b/ldap/src/integration-test/java/org/springframework/security/ldap/server/ApacheDSEmbeddedLdifTests.java
index 09556a01bb..40a2882379 100644
--- a/ldap/src/integration-test/java/org/springframework/security/ldap/server/ApacheDSEmbeddedLdifTests.java
+++ b/ldap/src/integration-test/java/org/springframework/security/ldap/server/ApacheDSEmbeddedLdifTests.java
@@ -34,16 +34,17 @@ import static org.assertj.core.api.Assertions.assertThat;
 public class ApacheDSEmbeddedLdifTests {
 
 	private static final String LDAP_ROOT = "ou=ssattributes,dc=springframework,dc=org";
+
 	private static final int LDAP_PORT = 52389;
 
 	private ApacheDSContainer server;
+
 	private SpringSecurityLdapTemplate ldapTemplate;
 
 	@Before
 	public void setUp() throws Exception {
 		// TODO: InMemoryXmlApplicationContext would be useful here, but it is not visible
-		this.server = new ApacheDSContainer(LDAP_ROOT,
-				"classpath:test-server-custom-attribute-types.ldif");
+		this.server = new ApacheDSContainer(LDAP_ROOT, "classpath:test-server-custom-attribute-types.ldif");
 		this.server.setPort(LDAP_PORT);
 		this.server.afterPropertiesSet();
 
@@ -68,10 +69,10 @@ public class ApacheDSEmbeddedLdifTests {
 	@Ignore // Not fixed yet
 	@Test // SEC-2387
 	public void customAttributeTypesShouldBeProperlyCreatedWhenLoadedFromLdif() {
-		assertThat(this.ldapTemplate.compare("uid=objectWithCustomAttribute1", "uid",
-				"objectWithCustomAttribute1")).isTrue();
-		assertThat(this.ldapTemplate.compare("uid=objectWithCustomAttribute1",
-				"customAttribute", "I am custom")).isTrue();
+		assertThat(this.ldapTemplate.compare("uid=objectWithCustomAttribute1", "uid", "objectWithCustomAttribute1"))
+				.isTrue();
+		assertThat(this.ldapTemplate.compare("uid=objectWithCustomAttribute1", "customAttribute", "I am custom"))
+				.isTrue();
 	}
 
 }
diff --git a/ldap/src/integration-test/java/org/springframework/security/ldap/server/UnboundIdContainerLdifTests.java b/ldap/src/integration-test/java/org/springframework/security/ldap/server/UnboundIdContainerLdifTests.java
index e5346d56f5..5956506982 100644
--- a/ldap/src/integration-test/java/org/springframework/security/ldap/server/UnboundIdContainerLdifTests.java
+++ b/ldap/src/integration-test/java/org/springframework/security/ldap/server/UnboundIdContainerLdifTests.java
@@ -59,6 +59,7 @@ public class UnboundIdContainerLdifTests {
 
 	@Configuration
 	static class CustomLdifConfig {
+
 		private UnboundIdContainer container = new UnboundIdContainer("dc=springframework,dc=org",
 				"classpath:test-server.ldif");
 
@@ -70,14 +71,15 @@ public class UnboundIdContainerLdifTests {
 
 		@Bean
 		ContextSource contextSource(UnboundIdContainer container) {
-			return new DefaultSpringSecurityContextSource("ldap://127.0.0.1:"
-					+ container.getPort() + "/dc=springframework,dc=org");
+			return new DefaultSpringSecurityContextSource(
+					"ldap://127.0.0.1:" + container.getPort() + "/dc=springframework,dc=org");
 		}
 
 		@PreDestroy
 		void shutdown() {
 			this.container.stop();
 		}
+
 	}
 
 	@Test
@@ -93,6 +95,7 @@ public class UnboundIdContainerLdifTests {
 
 	@Configuration
 	static class WildcardLdifConfig {
+
 		private UnboundIdContainer container = new UnboundIdContainer("dc=springframework,dc=org",
 				"classpath*:test-server.ldif");
 
@@ -104,14 +107,15 @@ public class UnboundIdContainerLdifTests {
 
 		@Bean
 		ContextSource contextSource(UnboundIdContainer container) {
-			return new DefaultSpringSecurityContextSource("ldap://127.0.0.1:"
-					+ container.getPort() + "/dc=springframework,dc=org");
+			return new DefaultSpringSecurityContextSource(
+					"ldap://127.0.0.1:" + container.getPort() + "/dc=springframework,dc=org");
 		}
 
 		@PreDestroy
 		void shutdown() {
 			this.container.stop();
 		}
+
 	}
 
 	@Test
@@ -119,7 +123,8 @@ public class UnboundIdContainerLdifTests {
 		try {
 			appCtx = new AnnotationConfigApplicationContext(MalformedLdifConfig.class);
 			failBecauseExceptionWasNotThrown(IllegalStateException.class);
-		} catch (Exception e) {
+		}
+		catch (Exception e) {
 			assertThat(e.getCause()).isInstanceOf(IllegalStateException.class);
 			assertThat(e.getMessage()).contains("Unable to load LDIF classpath:test-server-malformed.txt");
 		}
@@ -127,6 +132,7 @@ public class UnboundIdContainerLdifTests {
 
 	@Configuration
 	static class MalformedLdifConfig {
+
 		private UnboundIdContainer container = new UnboundIdContainer("dc=springframework,dc=org",
 				"classpath:test-server-malformed.txt");
 
@@ -140,6 +146,7 @@ public class UnboundIdContainerLdifTests {
 		void shutdown() {
 			this.container.stop();
 		}
+
 	}
 
 	@Test
@@ -147,7 +154,8 @@ public class UnboundIdContainerLdifTests {
 		try {
 			appCtx = new AnnotationConfigApplicationContext(MissingLdifConfig.class);
 			failBecauseExceptionWasNotThrown(IllegalStateException.class);
-		} catch (Exception e) {
+		}
+		catch (Exception e) {
 			assertThat(e.getCause()).isInstanceOf(IllegalStateException.class);
 			assertThat(e.getMessage()).contains("Unable to load LDIF classpath:does-not-exist.ldif");
 		}
@@ -155,6 +163,7 @@ public class UnboundIdContainerLdifTests {
 
 	@Configuration
 	static class MissingLdifConfig {
+
 		private UnboundIdContainer container = new UnboundIdContainer("dc=springframework,dc=org",
 				"classpath:does-not-exist.ldif");
 
@@ -168,6 +177,7 @@ public class UnboundIdContainerLdifTests {
 		void shutdown() {
 			this.container.stop();
 		}
+
 	}
 
 	@Test
@@ -177,6 +187,7 @@ public class UnboundIdContainerLdifTests {
 
 	@Configuration
 	static class WildcardNoLdifConfig {
+
 		private UnboundIdContainer container = new UnboundIdContainer("dc=springframework,dc=org",
 				"classpath*:*.test.ldif");
 
@@ -190,5 +201,7 @@ public class UnboundIdContainerLdifTests {
 		void shutdown() {
 			this.container.stop();
 		}
+
 	}
+
 }
diff --git a/ldap/src/integration-test/java/org/springframework/security/ldap/server/UnboundIdContainerTests.java b/ldap/src/integration-test/java/org/springframework/security/ldap/server/UnboundIdContainerTests.java
index 5b1a7bc59d..fb72238a8c 100644
--- a/ldap/src/integration-test/java/org/springframework/security/ldap/server/UnboundIdContainerTests.java
+++ b/ldap/src/integration-test/java/org/springframework/security/ldap/server/UnboundIdContainerTests.java
@@ -33,8 +33,7 @@ public class UnboundIdContainerTests {
 
 	@Test
 	public void startLdapServer() throws Exception {
-		UnboundIdContainer server = new UnboundIdContainer("dc=springframework,dc=org",
-				"classpath:test-server.ldif");
+		UnboundIdContainer server = new UnboundIdContainer("dc=springframework,dc=org", "classpath:test-server.ldif");
 		server.setApplicationContext(new GenericApplicationContext());
 		List<Integer> ports = getDefaultPorts(1);
 		server.setPort(ports.get(0));
@@ -42,7 +41,8 @@ public class UnboundIdContainerTests {
 		try {
 			server.afterPropertiesSet();
 			assertThat(server.getPort()).isEqualTo(ports.get(0));
-		} finally {
+		}
+		finally {
 			server.destroy();
 		}
 	}
@@ -55,7 +55,8 @@ public class UnboundIdContainerTests {
 		try {
 			server.afterPropertiesSet();
 			assertThat(server.getPort()).isNotEqualTo(0);
-		} finally {
+		}
+		finally {
 			server.destroy();
 		}
 	}
@@ -70,7 +71,8 @@ public class UnboundIdContainerTests {
 				availablePorts.add(socket.getLocalPort());
 			}
 			return availablePorts;
-		} finally {
+		}
+		finally {
 			for (ServerSocket conn : connections) {
 				conn.close();
 			}
diff --git a/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/DefaultLdapAuthoritiesPopulatorTests.java b/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/DefaultLdapAuthoritiesPopulatorTests.java
index f1789129ae..052c604af8 100644
--- a/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/DefaultLdapAuthoritiesPopulatorTests.java
+++ b/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/DefaultLdapAuthoritiesPopulatorTests.java
@@ -37,7 +37,6 @@ import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.junit4.SpringRunner;
 
 /**
- *
  * @author Luke Taylor
  * @author Eddú Meléndez
  */
@@ -48,6 +47,7 @@ public class DefaultLdapAuthoritiesPopulatorTests {
 
 	@Autowired
 	private ContextSource contextSource;
+
 	private DefaultLdapAuthoritiesPopulator populator;
 
 	// ~ Methods
@@ -64,11 +64,9 @@ public class DefaultLdapAuthoritiesPopulatorTests {
 		populator.setDefaultRole("ROLE_USER");
 		assertThat(populator.getContextSource()).isSameAs(this.contextSource);
 
-		DirContextAdapter ctx = new DirContextAdapter(
-				new DistinguishedName("cn=notfound"));
+		DirContextAdapter ctx = new DirContextAdapter(new DistinguishedName("cn=notfound"));
 
-		Collection<GrantedAuthority> authorities = populator.getGrantedAuthorities(ctx,
-				"notfound");
+		Collection<GrantedAuthority> authorities = populator.getGrantedAuthorities(ctx, "notfound");
 		assertThat(authorities).hasSize(1);
 		assertThat(AuthorityUtils.authorityListToSet(authorities).contains("ROLE_USER")).isTrue();
 	}
@@ -78,8 +76,8 @@ public class DefaultLdapAuthoritiesPopulatorTests {
 		populator = new DefaultLdapAuthoritiesPopulator(this.contextSource, null);
 		populator.setDefaultRole("ROLE_USER");
 
-		Collection<GrantedAuthority> authorities = populator.getGrantedAuthorities(
-				new DirContextAdapter(new DistinguishedName("cn=notused")), "notused");
+		Collection<GrantedAuthority> authorities = populator
+				.getGrantedAuthorities(new DirContextAdapter(new DistinguishedName("cn=notused")), "notused");
 		assertThat(authorities).hasSize(1);
 		assertThat(AuthorityUtils.authorityListToSet(authorities).contains("ROLE_USER")).isTrue();
 	}
@@ -93,11 +91,10 @@ public class DefaultLdapAuthoritiesPopulatorTests {
 		populator.setConvertToUpperCase(true);
 		populator.setGroupSearchFilter("(member={0})");
 
-		DirContextAdapter ctx = new DirContextAdapter(new DistinguishedName(
-				"uid=ben,ou=people,dc=springframework,dc=org"));
+		DirContextAdapter ctx = new DirContextAdapter(
+				new DistinguishedName("uid=ben,ou=people,dc=springframework,dc=org"));
 
-		Set<String> authorities = AuthorityUtils.authorityListToSet(populator
-				.getGrantedAuthorities(ctx, "ben"));
+		Set<String> authorities = AuthorityUtils.authorityListToSet(populator.getGrantedAuthorities(ctx, "ben"));
 
 		assertThat(authorities).as("Should have 2 roles").hasSize(2);
 
@@ -111,11 +108,10 @@ public class DefaultLdapAuthoritiesPopulatorTests {
 		populator.setConvertToUpperCase(true);
 		populator.setGroupSearchFilter("(ou={1})");
 
-		DirContextAdapter ctx = new DirContextAdapter(new DistinguishedName(
-				"uid=ben,ou=people,dc=springframework,dc=org"));
+		DirContextAdapter ctx = new DirContextAdapter(
+				new DistinguishedName("uid=ben,ou=people,dc=springframework,dc=org"));
 
-		Set<String> authorities = AuthorityUtils.authorityListToSet(populator
-				.getGrantedAuthorities(ctx, "manager"));
+		Set<String> authorities = AuthorityUtils.authorityListToSet(populator.getGrantedAuthorities(ctx, "manager"));
 
 		assertThat(authorities).as("Should have 1 role").hasSize(1);
 		assertThat(authorities.contains("ROLE_MANAGER")).isTrue();
@@ -126,11 +122,10 @@ public class DefaultLdapAuthoritiesPopulatorTests {
 		populator.setGroupRoleAttribute("ou");
 		populator.setConvertToUpperCase(true);
 
-		DirContextAdapter ctx = new DirContextAdapter(new DistinguishedName(
-				"uid=ben,ou=people,dc=springframework,dc=org"));
+		DirContextAdapter ctx = new DirContextAdapter(
+				new DistinguishedName("uid=ben,ou=people,dc=springframework,dc=org"));
 
-		Set<String> authorities = AuthorityUtils.authorityListToSet(populator
-				.getGrantedAuthorities(ctx, "manager"));
+		Set<String> authorities = AuthorityUtils.authorityListToSet(populator.getGrantedAuthorities(ctx, "manager"));
 
 		assertThat(authorities).as("Should have 2 roles").hasSize(2);
 		assertThat(authorities.contains("ROLE_MANAGER")).isTrue();
@@ -143,11 +138,10 @@ public class DefaultLdapAuthoritiesPopulatorTests {
 		populator.setConvertToUpperCase(true);
 		populator.setSearchSubtree(true);
 
-		DirContextAdapter ctx = new DirContextAdapter(new DistinguishedName(
-				"uid=ben,ou=people,dc=springframework,dc=org"));
+		DirContextAdapter ctx = new DirContextAdapter(
+				new DistinguishedName("uid=ben,ou=people,dc=springframework,dc=org"));
 
-		Set<String> authorities = AuthorityUtils.authorityListToSet(populator
-				.getGrantedAuthorities(ctx, "manager"));
+		Set<String> authorities = AuthorityUtils.authorityListToSet(populator.getGrantedAuthorities(ctx, "manager"));
 
 		assertThat(authorities).as("Should have 3 roles").hasSize(3);
 		assertThat(authorities.contains("ROLE_MANAGER")).isTrue();
@@ -159,15 +153,13 @@ public class DefaultLdapAuthoritiesPopulatorTests {
 	public void extraRolesAreAdded() {
 		populator = new DefaultLdapAuthoritiesPopulator(this.contextSource, null) {
 			@Override
-			protected Set<GrantedAuthority> getAdditionalRoles(DirContextOperations user,
-					String username) {
-				return new HashSet<>(
-						AuthorityUtils.createAuthorityList("ROLE_EXTRA"));
+			protected Set<GrantedAuthority> getAdditionalRoles(DirContextOperations user, String username) {
+				return new HashSet<>(AuthorityUtils.createAuthorityList("ROLE_EXTRA"));
 			}
 		};
 
-		Collection<GrantedAuthority> authorities = populator.getGrantedAuthorities(
-				new DirContextAdapter(new DistinguishedName("cn=notused")), "notused");
+		Collection<GrantedAuthority> authorities = populator
+				.getGrantedAuthorities(new DirContextAdapter(new DistinguishedName("cn=notused")), "notused");
 		assertThat(authorities).hasSize(1);
 		assertThat(AuthorityUtils.authorityListToSet(authorities).contains("ROLE_EXTRA")).isTrue();
 	}
@@ -178,11 +170,10 @@ public class DefaultLdapAuthoritiesPopulatorTests {
 		populator.setConvertToUpperCase(true);
 		populator.setGroupSearchFilter("(member={0})");
 
-		DirContextAdapter ctx = new DirContextAdapter(new DistinguishedName(
-				"cn=mouse\\, jerry,ou=people,dc=springframework,dc=org"));
+		DirContextAdapter ctx = new DirContextAdapter(
+				new DistinguishedName("cn=mouse\\, jerry,ou=people,dc=springframework,dc=org"));
 
-		Set<String> authorities = AuthorityUtils.authorityListToSet(populator
-				.getGrantedAuthorities(ctx, "notused"));
+		Set<String> authorities = AuthorityUtils.authorityListToSet(populator.getGrantedAuthorities(ctx, "notused"));
 
 		assertThat(authorities).as("Should have 1 role").hasSize(1);
 		assertThat(authorities.contains("ROLE_MANAGER")).isTrue();
@@ -196,8 +187,8 @@ public class DefaultLdapAuthoritiesPopulatorTests {
 			return new LdapAuthority(role, dn);
 		});
 
-		DirContextAdapter ctx = new DirContextAdapter(new DistinguishedName(
-				"cn=mouse\\, jerry,ou=people,dc=springframework,dc=org"));
+		DirContextAdapter ctx = new DirContextAdapter(
+				new DistinguishedName("cn=mouse\\, jerry,ou=people,dc=springframework,dc=org"));
 
 		Collection<GrantedAuthority> authorities = populator.getGrantedAuthorities(ctx, "notused");
 
@@ -208,4 +199,5 @@ public class DefaultLdapAuthoritiesPopulatorTests {
 	public void customAuthoritiesMappingFunctionThrowsIfNull() {
 		populator.setAuthorityMapper(null);
 	}
+
 }
diff --git a/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsManagerModifyPasswordTests.java b/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsManagerModifyPasswordTests.java
index 72f2b7a109..99b05bb453 100644
--- a/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsManagerModifyPasswordTests.java
+++ b/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsManagerModifyPasswordTests.java
@@ -44,7 +44,7 @@ import static org.assertj.core.api.Assertions.assertThatCode;
  * @author Josh Cummings
  */
 @RunWith(SpringRunner.class)
-@ContextConfiguration(classes=LdapUserDetailsManagerModifyPasswordTests.UnboundIdContainerConfiguration.class)
+@ContextConfiguration(classes = LdapUserDetailsManagerModifyPasswordTests.UnboundIdContainerConfiguration.class)
 public class LdapUserDetailsManagerModifyPasswordTests {
 
 	LdapUserDetailsManager userDetailsManager;
@@ -60,15 +60,14 @@ public class LdapUserDetailsManagerModifyPasswordTests {
 	}
 
 	@Test
-	@WithMockUser(username="bob", password="bobspassword", authorities="ROLE_USER")
+	@WithMockUser(username = "bob", password = "bobspassword", authorities = "ROLE_USER")
 	public void changePasswordWhenOldPasswordIsIncorrectThenThrowsException() {
-		assertThatCode(() ->
-				this.userDetailsManager.changePassword("wrongoldpassword", "bobsnewpassword"))
+		assertThatCode(() -> this.userDetailsManager.changePassword("wrongoldpassword", "bobsnewpassword"))
 				.isInstanceOf(BadCredentialsException.class);
 	}
 
 	@Test
-	@WithMockUser(username="bob", password="bobspassword", authorities="ROLE_USER")
+	@WithMockUser(username = "bob", password = "bobspassword", authorities = "ROLE_USER")
 	public void changePasswordWhenOldPasswordIsCorrectThenPasses() {
 		SpringSecurityLdapTemplate template = new SpringSecurityLdapTemplate(this.contextSource);
 
@@ -76,11 +75,13 @@ public class LdapUserDetailsManagerModifyPasswordTests {
 				"bobsshinynewandformidablylongandnearlyimpossibletorememberthoughdemonstrablyhardtocrackduetoitshighlevelofentropypasswordofjustice");
 
 		assertThat(template.compare("uid=bob,ou=people", "userPassword",
-				"bobsshinynewandformidablylongandnearlyimpossibletorememberthoughdemonstrablyhardtocrackduetoitshighlevelofentropypasswordofjustice")).isTrue();
+				"bobsshinynewandformidablylongandnearlyimpossibletorememberthoughdemonstrablyhardtocrackduetoitshighlevelofentropypasswordofjustice"))
+						.isTrue();
 	}
 
 	@Configuration
 	static class UnboundIdContainerConfiguration {
+
 		private UnboundIdContainer container = new UnboundIdContainer("dc=springframework,dc=org",
 				"classpath:test-server.ldif");
 
@@ -92,13 +93,15 @@ public class LdapUserDetailsManagerModifyPasswordTests {
 
 		@Bean
 		ContextSource contextSource(UnboundIdContainer container) {
-			return new DefaultSpringSecurityContextSource("ldap://127.0.0.1:"
-					+ container.getPort() + "/dc=springframework,dc=org");
+			return new DefaultSpringSecurityContextSource(
+					"ldap://127.0.0.1:" + container.getPort() + "/dc=springframework,dc=org");
 		}
 
 		@PreDestroy
 		void shutdown() {
 			this.container.stop();
 		}
+
 	}
+
 }
diff --git a/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsManagerTests.java b/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsManagerTests.java
index eaf24d8b25..af95a939c0 100644
--- a/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsManagerTests.java
+++ b/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsManagerTests.java
@@ -52,8 +52,8 @@ public class LdapUserDetailsManagerTests {
 	@Autowired
 	private ContextSource contextSource;
 
-	private static final List<GrantedAuthority> TEST_AUTHORITIES = AuthorityUtils.createAuthorityList(
-			"ROLE_CLOWNS", "ROLE_ACROBATS");
+	private static final List<GrantedAuthority> TEST_AUTHORITIES = AuthorityUtils.createAuthorityList("ROLE_CLOWNS",
+			"ROLE_ACROBATS");
 
 	private LdapUserDetailsManager mgr;
 
@@ -76,8 +76,7 @@ public class LdapUserDetailsManagerTests {
 
 		group.setAttributeValue("objectclass", "groupOfNames");
 		group.setAttributeValue("cn", "clowns");
-		group.setAttributeValue("member",
-				"cn=nobody,ou=test people,dc=springframework,dc=org");
+		group.setAttributeValue("member", "cn=nobody,ou=test people,dc=springframework,dc=org");
 		template.bind("cn=clowns,ou=testgroups", group, null);
 
 		group.setAttributeValue("cn", "acrobats");
@@ -185,9 +184,7 @@ public class LdapUserDetailsManagerTests {
 		}
 
 		// Check that no authorities are left
-		assertThat(
-				mgr.getUserAuthorities(mgr.usernameMapper.buildDn("don"), "don")).hasSize(
-						0);
+		assertThat(mgr.getUserAuthorities(mgr.usernameMapper.buildDn("don"), "don")).hasSize(0);
 	}
 
 	@Test
@@ -203,13 +200,12 @@ public class LdapUserDetailsManagerTests {
 		mgr.createUser(p.createUserDetails());
 
 		SecurityContextHolder.getContext().setAuthentication(
-				new UsernamePasswordAuthenticationToken("johnyossarian",
-						"yossarianspassword", TEST_AUTHORITIES));
+				new UsernamePasswordAuthenticationToken("johnyossarian", "yossarianspassword", TEST_AUTHORITIES));
 
 		mgr.changePassword("yossarianspassword", "yossariansnewpassword");
 
-		assertThat(template.compare("uid=johnyossarian,ou=test people", "userPassword",
-				"yossariansnewpassword")).isTrue();
+		assertThat(template.compare("uid=johnyossarian,ou=test people", "userPassword", "yossariansnewpassword"))
+				.isTrue();
 	}
 
 	@Test(expected = BadCredentialsException.class)
@@ -225,9 +221,9 @@ public class LdapUserDetailsManagerTests {
 		mgr.createUser(p.createUserDetails());
 
 		SecurityContextHolder.getContext().setAuthentication(
-				new UsernamePasswordAuthenticationToken("johnyossarian",
-						"yossarianspassword", TEST_AUTHORITIES));
+				new UsernamePasswordAuthenticationToken("johnyossarian", "yossarianspassword", TEST_AUTHORITIES));
 
 		mgr.changePassword("wrongpassword", "yossariansnewpassword");
 	}
+
 }
diff --git a/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/NestedLdapAuthoritiesPopulatorTests.java b/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/NestedLdapAuthoritiesPopulatorTests.java
index 70ff12f642..892b542ede 100644
--- a/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/NestedLdapAuthoritiesPopulatorTests.java
+++ b/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/NestedLdapAuthoritiesPopulatorTests.java
@@ -43,12 +43,19 @@ public class NestedLdapAuthoritiesPopulatorTests {
 
 	@Autowired
 	private ContextSource contextSource;
+
 	private NestedLdapAuthoritiesPopulator populator;
+
 	private LdapAuthority javaDevelopers;
+
 	private LdapAuthority groovyDevelopers;
+
 	private LdapAuthority scalaDevelopers;
+
 	private LdapAuthority closureDevelopers;
+
 	private LdapAuthority jDevelopers;
+
 	private LdapAuthority circularJavaDevelopers;
 
 	// ~ Methods
@@ -56,15 +63,13 @@ public class NestedLdapAuthoritiesPopulatorTests {
 
 	@Before
 	public void setUp() {
-		populator = new NestedLdapAuthoritiesPopulator(this.contextSource,
-				"ou=jdeveloper");
+		populator = new NestedLdapAuthoritiesPopulator(this.contextSource, "ou=jdeveloper");
 		populator.setGroupSearchFilter("(member={0})");
 		populator.setIgnorePartialResultException(false);
 		populator.setRolePrefix("");
 		populator.setSearchSubtree(true);
 		populator.setConvertToUpperCase(false);
-		jDevelopers = new LdapAuthority("j-developers",
-				"cn=j-developers,ou=jdeveloper,dc=springframework,dc=org");
+		jDevelopers = new LdapAuthority("j-developers", "cn=j-developers,ou=jdeveloper,dc=springframework,dc=org");
 		javaDevelopers = new LdapAuthority("java-developers",
 				"cn=java-developers,ou=jdeveloper,dc=springframework,dc=org");
 		groovyDevelopers = new LdapAuthority("groovy-developers",
@@ -79,21 +84,17 @@ public class NestedLdapAuthoritiesPopulatorTests {
 
 	@Test
 	public void testScalaDudeJDevelopersAuthorities() {
-		DirContextAdapter ctx = new DirContextAdapter(
-				"uid=scaladude,ou=people,dc=springframework,dc=org");
-		Collection<GrantedAuthority> authorities = populator.getGrantedAuthorities(ctx,
-				"scaladude");
+		DirContextAdapter ctx = new DirContextAdapter("uid=scaladude,ou=people,dc=springframework,dc=org");
+		Collection<GrantedAuthority> authorities = populator.getGrantedAuthorities(ctx, "scaladude");
 		assertThat(authorities).hasSize(5);
-		assertThat(authorities).isEqualTo(Arrays.asList(javaDevelopers, circularJavaDevelopers,
-				scalaDevelopers, groovyDevelopers, jDevelopers));
+		assertThat(authorities).isEqualTo(
+				Arrays.asList(javaDevelopers, circularJavaDevelopers, scalaDevelopers, groovyDevelopers, jDevelopers));
 	}
 
 	@Test
 	public void testJavaDudeJDevelopersAuthorities() {
-		DirContextAdapter ctx = new DirContextAdapter(
-				"uid=javadude,ou=people,dc=springframework,dc=org");
-		Collection<GrantedAuthority> authorities = populator.getGrantedAuthorities(ctx,
-				"javadude");
+		DirContextAdapter ctx = new DirContextAdapter("uid=javadude,ou=people,dc=springframework,dc=org");
+		Collection<GrantedAuthority> authorities = populator.getGrantedAuthorities(ctx, "javadude");
 		assertThat(authorities).hasSize(4);
 		assertThat(authorities).contains(javaDevelopers);
 	}
@@ -101,36 +102,30 @@ public class NestedLdapAuthoritiesPopulatorTests {
 	@Test
 	public void testScalaDudeJDevelopersAuthoritiesWithSearchLimit() {
 		populator.setMaxSearchDepth(1);
-		DirContextAdapter ctx = new DirContextAdapter(
-				"uid=scaladude,ou=people,dc=springframework,dc=org");
-		Collection<GrantedAuthority> authorities = populator.getGrantedAuthorities(ctx,
-				"scaladude");
+		DirContextAdapter ctx = new DirContextAdapter("uid=scaladude,ou=people,dc=springframework,dc=org");
+		Collection<GrantedAuthority> authorities = populator.getGrantedAuthorities(ctx, "scaladude");
 		assertThat(authorities).hasSize(1);
 		assertThat(authorities).isEqualTo(Arrays.asList(scalaDevelopers));
 	}
 
 	@Test
 	public void testGroovyDudeJDevelopersAuthorities() {
-		DirContextAdapter ctx = new DirContextAdapter(
-				"uid=groovydude,ou=people,dc=springframework,dc=org");
-		Collection<GrantedAuthority> authorities = populator.getGrantedAuthorities(ctx,
-				"groovydude");
+		DirContextAdapter ctx = new DirContextAdapter("uid=groovydude,ou=people,dc=springframework,dc=org");
+		Collection<GrantedAuthority> authorities = populator.getGrantedAuthorities(ctx, "groovydude");
 		assertThat(authorities).hasSize(4);
-		assertThat(authorities).isEqualTo(Arrays.asList(javaDevelopers, circularJavaDevelopers, groovyDevelopers,
-				jDevelopers));
+		assertThat(authorities)
+				.isEqualTo(Arrays.asList(javaDevelopers, circularJavaDevelopers, groovyDevelopers, jDevelopers));
 	}
 
 	@Test
 	public void testClosureDudeJDevelopersWithMembershipAsAttributeValues() {
 		populator.setAttributeNames(new HashSet(Arrays.asList("member")));
 
-		DirContextAdapter ctx = new DirContextAdapter(
-				"uid=closuredude,ou=people,dc=springframework,dc=org");
-		Collection<GrantedAuthority> authorities = populator.getGrantedAuthorities(ctx,
-				"closuredude");
+		DirContextAdapter ctx = new DirContextAdapter("uid=closuredude,ou=people,dc=springframework,dc=org");
+		Collection<GrantedAuthority> authorities = populator.getGrantedAuthorities(ctx, "closuredude");
 		assertThat(authorities).hasSize(5);
-		assertThat(authorities).isEqualTo(Arrays.asList(javaDevelopers, circularJavaDevelopers,
-				closureDevelopers, groovyDevelopers, jDevelopers));
+		assertThat(authorities).isEqualTo(Arrays.asList(javaDevelopers, circularJavaDevelopers, closureDevelopers,
+				groovyDevelopers, jDevelopers));
 
 		LdapAuthority[] ldapAuthorities = authorities.toArray(new LdapAuthority[0]);
 		assertThat(ldapAuthorities).hasSize(5);
@@ -138,15 +133,16 @@ public class NestedLdapAuthoritiesPopulatorTests {
 		assertThat(ldapAuthorities[0].getAttributes().containsKey("member")).isTrue();
 		assertThat(ldapAuthorities[0].getAttributes().get("member")).isNotNull();
 		assertThat(ldapAuthorities[0].getAttributes().get("member")).hasSize(3);
-		assertThat(ldapAuthorities[0].getFirstAttributeValue("member")).isEqualTo("cn=groovy-developers,ou=jdeveloper,dc=springframework,dc=org");
+		assertThat(ldapAuthorities[0].getFirstAttributeValue("member"))
+				.isEqualTo("cn=groovy-developers,ou=jdeveloper,dc=springframework,dc=org");
 
 		// java group
 		assertThat(ldapAuthorities[1].getAttributes().containsKey("member")).isTrue();
 		assertThat(ldapAuthorities[1].getAttributes().get("member")).isNotNull();
 		assertThat(ldapAuthorities[1].getAttributes().get("member")).hasSize(3);
 		assertThat(groovyDevelopers.getDn()).isEqualTo(ldapAuthorities[1].getFirstAttributeValue("member"));
-		assertThat(ldapAuthorities[2]
-				.getAttributes().get("member")).contains("uid=closuredude,ou=people,dc=springframework,dc=org");
+		assertThat(ldapAuthorities[2].getAttributes().get("member"))
+				.contains("uid=closuredude,ou=people,dc=springframework,dc=org");
 
 		// test non existent attribute
 		assertThat(ldapAuthorities[2].getFirstAttributeValue("test")).isNull();
@@ -155,4 +151,5 @@ public class NestedLdapAuthoritiesPopulatorTests {
 		// test role name
 		assertThat(ldapAuthorities[3].getAuthority()).isEqualTo(groovyDevelopers.getAuthority());
 	}
+
 }
diff --git a/ldap/src/main/java/org/springframework/security/ldap/DefaultLdapUsernameToDnMapper.java b/ldap/src/main/java/org/springframework/security/ldap/DefaultLdapUsernameToDnMapper.java
index bbb80ccf3d..2b7a68bac0 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/DefaultLdapUsernameToDnMapper.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/DefaultLdapUsernameToDnMapper.java
@@ -26,7 +26,9 @@ import org.springframework.ldap.core.DistinguishedName;
  * @author Luke Taylor
  */
 public class DefaultLdapUsernameToDnMapper implements LdapUsernameToDnMapper {
+
 	private final String userDnBase;
+
 	private final String usernameAttribute;
 
 	/**
@@ -48,4 +50,5 @@ public class DefaultLdapUsernameToDnMapper implements LdapUsernameToDnMapper {
 
 		return dn;
 	}
+
 }
diff --git a/ldap/src/main/java/org/springframework/security/ldap/DefaultSpringSecurityContextSource.java b/ldap/src/main/java/org/springframework/security/ldap/DefaultSpringSecurityContextSource.java
index f9790d606d..f815ce06d5 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/DefaultSpringSecurityContextSource.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/DefaultSpringSecurityContextSource.java
@@ -47,6 +47,7 @@ import org.springframework.util.Assert;
  * @since 2.0
  */
 public class DefaultSpringSecurityContextSource extends LdapContextSource {
+
 	protected final Log logger = LogFactory.getLog(getClass());
 
 	private String rootDn;
@@ -55,7 +56,6 @@ public class DefaultSpringSecurityContextSource extends LdapContextSource {
 	 * Create and initialize an instance which will connect to the supplied LDAP URL. If
 	 * you want to use more than one server for fail-over, rather use the
 	 * {@link #DefaultSpringSecurityContextSource(List, String)} constructor.
-	 *
 	 * @param providerUrl an LDAP URL of the form
 	 * <code>ldap://localhost:389/base_dn</code>
 	 */
@@ -79,8 +79,7 @@ public class DefaultSpringSecurityContextSource extends LdapContextSource {
 				this.rootDn = urlRootDn;
 			}
 			else if (!this.rootDn.equals(urlRootDn)) {
-				throw new IllegalArgumentException(
-						"Root DNs must be the same when using multiple URLs");
+				throw new IllegalArgumentException("Root DNs must be the same when using multiple URLs");
 			}
 		}
 
@@ -96,8 +95,7 @@ public class DefaultSpringSecurityContextSource extends LdapContextSource {
 				// user.
 				if (!DefaultSpringSecurityContextSource.this.userDn.equals(dn)
 						&& env.containsKey(SUN_LDAP_POOLING_FLAG)) {
-					DefaultSpringSecurityContextSource.this.logger
-							.debug("Removing pooling flag for user " + dn);
+					DefaultSpringSecurityContextSource.this.logger.debug("Removing pooling flag for user " + dn);
 					env.remove(SUN_LDAP_POOLING_FLAG);
 				}
 			}
@@ -107,7 +105,6 @@ public class DefaultSpringSecurityContextSource extends LdapContextSource {
 	/**
 	 * Create and initialize an instance which will connect of the LDAP Spring Security
 	 * Context Source. It will connect to any of the provided LDAP server URLs.
-	 *
 	 * @param urls A list of string values which are LDAP server URLs. An example would be
 	 * <code>ldap://ldap.company.com:389</code>. LDAPS URLs (SSL-secured) may be used as
 	 * well, given that Spring Security is able to connect to the server. Note that these
@@ -128,7 +125,6 @@ public class DefaultSpringSecurityContextSource extends LdapContextSource {
 	 * Builds a Spring LDAP-compliant Provider URL string, i.e. a space-separated list of
 	 * LDAP servers with their base DNs. As the base DN must be identical for all servers,
 	 * it needs to be supplied only once.
-	 *
 	 * @param urls A list of string values which are LDAP server URLs. An example would be
 	 *
 	 * <pre>
diff --git a/ldap/src/main/java/org/springframework/security/ldap/LdapEncoder.java b/ldap/src/main/java/org/springframework/security/ldap/LdapEncoder.java
index 43316dab64..4e9b9be1e5 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/LdapEncoder.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/LdapEncoder.java
@@ -1,245 +1,241 @@
-/*
- * Copyright 2005-2010 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.springframework.security.ldap;
-
-import org.springframework.ldap.BadLdapGrammarException;
-
-/**
- * Helper class to encode and decode ldap names and values.
- *
- * <p>
- * NOTE: This is a copy from Spring LDAP so that both Spring LDAP 1.x and 2.x can be
- * supported without reflection.
- * </p>
- *
- * @author Adam Skogman
- * @author Mattias Hellborg Arthursson
- */
-final class LdapEncoder {
-
-	private static final int HEX = 16;
-	private static String[] NAME_ESCAPE_TABLE = new String[96];
-
-	private static String[] FILTER_ESCAPE_TABLE = new String['\\' + 1];
-
-	static {
-
-		// Name encoding table -------------------------------------
-
-		// all below 0x20 (control chars)
-		for (char c = 0; c < ' '; c++) {
-			NAME_ESCAPE_TABLE[c] = "\\" + toTwoCharHex(c);
-		}
-
-		NAME_ESCAPE_TABLE['#'] = "\\#";
-		NAME_ESCAPE_TABLE[','] = "\\,";
-		NAME_ESCAPE_TABLE[';'] = "\\;";
-		NAME_ESCAPE_TABLE['='] = "\\=";
-		NAME_ESCAPE_TABLE['+'] = "\\+";
-		NAME_ESCAPE_TABLE['<'] = "\\<";
-		NAME_ESCAPE_TABLE['>'] = "\\>";
-		NAME_ESCAPE_TABLE['\"'] = "\\\"";
-		NAME_ESCAPE_TABLE['\\'] = "\\\\";
-
-		// Filter encoding table -------------------------------------
-
-		// fill with char itself
-		for (char c = 0; c < FILTER_ESCAPE_TABLE.length; c++) {
-			FILTER_ESCAPE_TABLE[c] = String.valueOf(c);
-		}
-
-		// escapes (RFC2254)
-		FILTER_ESCAPE_TABLE['*'] = "\\2a";
-		FILTER_ESCAPE_TABLE['('] = "\\28";
-		FILTER_ESCAPE_TABLE[')'] = "\\29";
-		FILTER_ESCAPE_TABLE['\\'] = "\\5c";
-		FILTER_ESCAPE_TABLE[0] = "\\00";
-
-	}
-
-	/**
-	 * All static methods - not to be instantiated.
-	 */
-	private LdapEncoder() {
-	}
-
-	protected static String toTwoCharHex(char c) {
-
-		String raw = Integer.toHexString(c).toUpperCase();
-
-		if (raw.length() > 1) {
-			return raw;
-		}
-		else {
-			return "0" + raw;
-		}
-	}
-
-	/**
-	 * Escape a value for use in a filter.
-	 *
-	 * @param value the value to escape.
-	 * @return a properly escaped representation of the supplied value.
-	 */
-	public static String filterEncode(String value) {
-
-		if (value == null) {
-			return null;
-		}
-
-		// make buffer roomy
-		StringBuilder encodedValue = new StringBuilder(value.length() * 2);
-
-		int length = value.length();
-
-		for (int i = 0; i < length; i++) {
-
-			char c = value.charAt(i);
-
-			if (c < FILTER_ESCAPE_TABLE.length) {
-				encodedValue.append(FILTER_ESCAPE_TABLE[c]);
-			}
-			else {
-				// default: add the char
-				encodedValue.append(c);
-			}
-		}
-
-		return encodedValue.toString();
-	}
-
-	/**
-	 * LDAP Encodes a value for use with a DN. Escapes for LDAP, not JNDI!
-	 *
-	 * <br/>
-	 * Escapes:<br/>
-	 * ' ' [space] - "\ " [if first or last] <br/>
-	 * '#' [hash] - "\#" <br/>
-	 * ',' [comma] - "\," <br/>
-	 * ';' [semicolon] - "\;" <br/>
-	 * '= [equals] - "\=" <br/>
-	 * '+' [plus] - "\+" <br/>
-	 * '&lt;' [less than] - "\&lt;" <br/>
-	 * '&gt;' [greater than] - "\&gt;" <br/>
-	 * '"' [double quote] - "\"" <br/>
-	 * '\' [backslash] - "\\" <br/>
-	 *
-	 * @param value the value to escape.
-	 * @return The escaped value.
-	 */
-	public static String nameEncode(String value) {
-
-		if (value == null) {
-			return null;
-		}
-
-		// make buffer roomy
-		StringBuilder encodedValue = new StringBuilder(value.length() * 2);
-
-		int length = value.length();
-		int last = length - 1;
-
-		for (int i = 0; i < length; i++) {
-
-			char c = value.charAt(i);
-
-			// space first or last
-			if (c == ' ' && (i == 0 || i == last)) {
-				encodedValue.append("\\ ");
-				continue;
-			}
-
-			if (c < NAME_ESCAPE_TABLE.length) {
-				// check in table for escapes
-				String esc = NAME_ESCAPE_TABLE[c];
-
-				if (esc != null) {
-					encodedValue.append(esc);
-					continue;
-				}
-			}
-
-			// default: add the char
-			encodedValue.append(c);
-		}
-
-		return encodedValue.toString();
-
-	}
-
-	/**
-	 * Decodes a value. Converts escaped chars to ordinary chars.
-	 *
-	 * @param value Trimmed value, so no leading an trailing blanks, except an escaped
-	 * space last.
-	 * @return The decoded value as a string.
-	 * @throws BadLdapGrammarException
-	 */
-	static public String nameDecode(String value) throws BadLdapGrammarException {
-
-		if (value == null) {
-			return null;
-		}
-
-		// make buffer same size
-		StringBuilder decoded = new StringBuilder(value.length());
-
-		int i = 0;
-		while (i < value.length()) {
-			char currentChar = value.charAt(i);
-			if (currentChar == '\\') {
-				if (value.length() <= i + 1) {
-					// Ending with a single backslash is not allowed
-					throw new BadLdapGrammarException(
-							"Unexpected end of value " + "unterminated '\\'");
-				}
-				else {
-					char nextChar = value.charAt(i + 1);
-					if (nextChar == ',' || nextChar == '=' || nextChar == '+'
-							|| nextChar == '<' || nextChar == '>' || nextChar == '#'
-							|| nextChar == ';' || nextChar == '\\' || nextChar == '\"'
-							|| nextChar == ' ') {
-						// Normal backslash escape
-						decoded.append(nextChar);
-						i += 2;
-					}
-					else {
-						if (value.length() <= i + 2) {
-							throw new BadLdapGrammarException("Unexpected end of value "
-									+ "expected special or hex, found '" + nextChar
-									+ "'");
-						}
-						else {
-							// This should be a hex value
-							String hexString = "" + nextChar + value.charAt(i + 2);
-							decoded.append((char) Integer.parseInt(hexString, HEX));
-							i += 3;
-						}
-					}
-				}
-			}
-			else {
-				// This character wasn't escaped - just append it
-				decoded.append(currentChar);
-				i++;
-			}
-		}
-
-		return decoded.toString();
-
-	}
-}
+/*
+ * Copyright 2005-2010 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.security.ldap;
+
+import org.springframework.ldap.BadLdapGrammarException;
+
+/**
+ * Helper class to encode and decode ldap names and values.
+ *
+ * <p>
+ * NOTE: This is a copy from Spring LDAP so that both Spring LDAP 1.x and 2.x can be
+ * supported without reflection.
+ * </p>
+ *
+ * @author Adam Skogman
+ * @author Mattias Hellborg Arthursson
+ */
+final class LdapEncoder {
+
+	private static final int HEX = 16;
+
+	private static String[] NAME_ESCAPE_TABLE = new String[96];
+
+	private static String[] FILTER_ESCAPE_TABLE = new String['\\' + 1];
+
+	static {
+
+		// Name encoding table -------------------------------------
+
+		// all below 0x20 (control chars)
+		for (char c = 0; c < ' '; c++) {
+			NAME_ESCAPE_TABLE[c] = "\\" + toTwoCharHex(c);
+		}
+
+		NAME_ESCAPE_TABLE['#'] = "\\#";
+		NAME_ESCAPE_TABLE[','] = "\\,";
+		NAME_ESCAPE_TABLE[';'] = "\\;";
+		NAME_ESCAPE_TABLE['='] = "\\=";
+		NAME_ESCAPE_TABLE['+'] = "\\+";
+		NAME_ESCAPE_TABLE['<'] = "\\<";
+		NAME_ESCAPE_TABLE['>'] = "\\>";
+		NAME_ESCAPE_TABLE['\"'] = "\\\"";
+		NAME_ESCAPE_TABLE['\\'] = "\\\\";
+
+		// Filter encoding table -------------------------------------
+
+		// fill with char itself
+		for (char c = 0; c < FILTER_ESCAPE_TABLE.length; c++) {
+			FILTER_ESCAPE_TABLE[c] = String.valueOf(c);
+		}
+
+		// escapes (RFC2254)
+		FILTER_ESCAPE_TABLE['*'] = "\\2a";
+		FILTER_ESCAPE_TABLE['('] = "\\28";
+		FILTER_ESCAPE_TABLE[')'] = "\\29";
+		FILTER_ESCAPE_TABLE['\\'] = "\\5c";
+		FILTER_ESCAPE_TABLE[0] = "\\00";
+
+	}
+
+	/**
+	 * All static methods - not to be instantiated.
+	 */
+	private LdapEncoder() {
+	}
+
+	protected static String toTwoCharHex(char c) {
+
+		String raw = Integer.toHexString(c).toUpperCase();
+
+		if (raw.length() > 1) {
+			return raw;
+		}
+		else {
+			return "0" + raw;
+		}
+	}
+
+	/**
+	 * Escape a value for use in a filter.
+	 * @param value the value to escape.
+	 * @return a properly escaped representation of the supplied value.
+	 */
+	public static String filterEncode(String value) {
+
+		if (value == null) {
+			return null;
+		}
+
+		// make buffer roomy
+		StringBuilder encodedValue = new StringBuilder(value.length() * 2);
+
+		int length = value.length();
+
+		for (int i = 0; i < length; i++) {
+
+			char c = value.charAt(i);
+
+			if (c < FILTER_ESCAPE_TABLE.length) {
+				encodedValue.append(FILTER_ESCAPE_TABLE[c]);
+			}
+			else {
+				// default: add the char
+				encodedValue.append(c);
+			}
+		}
+
+		return encodedValue.toString();
+	}
+
+	/**
+	 * LDAP Encodes a value for use with a DN. Escapes for LDAP, not JNDI!
+	 *
+	 * <br/>
+	 * Escapes:<br/>
+	 * ' ' [space] - "\ " [if first or last] <br/>
+	 * '#' [hash] - "\#" <br/>
+	 * ',' [comma] - "\," <br/>
+	 * ';' [semicolon] - "\;" <br/>
+	 * '= [equals] - "\=" <br/>
+	 * '+' [plus] - "\+" <br/>
+	 * '&lt;' [less than] - "\&lt;" <br/>
+	 * '&gt;' [greater than] - "\&gt;" <br/>
+	 * '"' [double quote] - "\"" <br/>
+	 * '\' [backslash] - "\\" <br/>
+	 * @param value the value to escape.
+	 * @return The escaped value.
+	 */
+	public static String nameEncode(String value) {
+
+		if (value == null) {
+			return null;
+		}
+
+		// make buffer roomy
+		StringBuilder encodedValue = new StringBuilder(value.length() * 2);
+
+		int length = value.length();
+		int last = length - 1;
+
+		for (int i = 0; i < length; i++) {
+
+			char c = value.charAt(i);
+
+			// space first or last
+			if (c == ' ' && (i == 0 || i == last)) {
+				encodedValue.append("\\ ");
+				continue;
+			}
+
+			if (c < NAME_ESCAPE_TABLE.length) {
+				// check in table for escapes
+				String esc = NAME_ESCAPE_TABLE[c];
+
+				if (esc != null) {
+					encodedValue.append(esc);
+					continue;
+				}
+			}
+
+			// default: add the char
+			encodedValue.append(c);
+		}
+
+		return encodedValue.toString();
+
+	}
+
+	/**
+	 * Decodes a value. Converts escaped chars to ordinary chars.
+	 * @param value Trimmed value, so no leading an trailing blanks, except an escaped
+	 * space last.
+	 * @return The decoded value as a string.
+	 * @throws BadLdapGrammarException
+	 */
+	static public String nameDecode(String value) throws BadLdapGrammarException {
+
+		if (value == null) {
+			return null;
+		}
+
+		// make buffer same size
+		StringBuilder decoded = new StringBuilder(value.length());
+
+		int i = 0;
+		while (i < value.length()) {
+			char currentChar = value.charAt(i);
+			if (currentChar == '\\') {
+				if (value.length() <= i + 1) {
+					// Ending with a single backslash is not allowed
+					throw new BadLdapGrammarException("Unexpected end of value " + "unterminated '\\'");
+				}
+				else {
+					char nextChar = value.charAt(i + 1);
+					if (nextChar == ',' || nextChar == '=' || nextChar == '+' || nextChar == '<' || nextChar == '>'
+							|| nextChar == '#' || nextChar == ';' || nextChar == '\\' || nextChar == '\"'
+							|| nextChar == ' ') {
+						// Normal backslash escape
+						decoded.append(nextChar);
+						i += 2;
+					}
+					else {
+						if (value.length() <= i + 2) {
+							throw new BadLdapGrammarException(
+									"Unexpected end of value " + "expected special or hex, found '" + nextChar + "'");
+						}
+						else {
+							// This should be a hex value
+							String hexString = "" + nextChar + value.charAt(i + 2);
+							decoded.append((char) Integer.parseInt(hexString, HEX));
+							i += 3;
+						}
+					}
+				}
+			}
+			else {
+				// This character wasn't escaped - just append it
+				decoded.append(currentChar);
+				i++;
+			}
+		}
+
+		return decoded.toString();
+
+	}
+
+}
diff --git a/ldap/src/main/java/org/springframework/security/ldap/LdapUsernameToDnMapper.java b/ldap/src/main/java/org/springframework/security/ldap/LdapUsernameToDnMapper.java
index c8521e359a..6a7abc1213 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/LdapUsernameToDnMapper.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/LdapUsernameToDnMapper.java
@@ -23,5 +23,7 @@ import org.springframework.ldap.core.DistinguishedName;
  * @author Luke Taylor
  */
 public interface LdapUsernameToDnMapper {
+
 	DistinguishedName buildDn(String username);
+
 }
diff --git a/ldap/src/main/java/org/springframework/security/ldap/LdapUtils.java b/ldap/src/main/java/org/springframework/security/ldap/LdapUtils.java
index b4a7a7ae82..bab3457013 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/LdapUtils.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/LdapUtils.java
@@ -36,6 +36,7 @@ import java.net.URISyntaxException;
  * @author Luke Taylor
  */
 public final class LdapUtils {
+
 	// ~ Static fields/initializers
 	// =====================================================================================
 
@@ -82,16 +83,12 @@ public final class LdapUtils {
 	 * If the DN is "cn=bob,ou=people,dc=springframework,dc=org" and the base context name
 	 * is "ou=people,dc=springframework,dc=org" it would return "cn=bob".
 	 * </p>
-	 *
 	 * @param fullDn the DN
 	 * @param baseCtx the context to work out the name relative to.
-	 *
 	 * @return the
-	 *
 	 * @throws NamingException any exceptions thrown by the context are propagated.
 	 */
-	public static String getRelativeName(String fullDn, Context baseCtx)
-			throws NamingException {
+	public static String getRelativeName(String fullDn, Context baseCtx) throws NamingException {
 
 		String baseDn = baseCtx.getNameInNamespace();
 
@@ -117,8 +114,7 @@ public final class LdapUtils {
 	 * Gets the full dn of a name by prepending the name of the context it is relative to.
 	 * If the name already contains the base name, it is returned unaltered.
 	 */
-	public static DistinguishedName getFullDn(DistinguishedName dn, Context baseCtx)
-			throws NamingException {
+	public static DistinguishedName getFullDn(DistinguishedName dn, Context baseCtx) throws NamingException {
 		DistinguishedName baseDn = new DistinguishedName(baseCtx.getNameInNamespace());
 
 		if (dn.contains(baseDn)) {
@@ -140,8 +136,7 @@ public final class LdapUtils {
 			return (String) passObj;
 		}
 		else {
-			throw new IllegalArgumentException(
-					"Password object was not a String or byte array.");
+			throw new IllegalArgumentException("Password object was not a String or byte array.");
 		}
 	}
 
@@ -151,9 +146,7 @@ public final class LdapUtils {
 	 * For example, the URL <tt>ldap://monkeymachine:11389/dc=springframework,dc=org</tt>
 	 * has the root DN "dc=springframework,dc=org".
 	 * </p>
-	 *
 	 * @param url the LDAP URL
-	 *
 	 * @return the root DN
 	 */
 	public static String parseRootDnFromUrl(String url) {
@@ -193,10 +186,10 @@ public final class LdapUtils {
 			return new URI(url);
 		}
 		catch (URISyntaxException e) {
-			IllegalArgumentException iae = new IllegalArgumentException(
-					"Unable to parse url: " + url);
+			IllegalArgumentException iae = new IllegalArgumentException("Unable to parse url: " + url);
 			iae.initCause(e);
 			throw iae;
 		}
 	}
+
 }
diff --git a/ldap/src/main/java/org/springframework/security/ldap/SpringSecurityLdapTemplate.java b/ldap/src/main/java/org/springframework/security/ldap/SpringSecurityLdapTemplate.java
index fe0d9c0002..1d447287f3 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/SpringSecurityLdapTemplate.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/SpringSecurityLdapTemplate.java
@@ -54,6 +54,7 @@ import java.util.Set;
  * @since 2.0
  */
 public class SpringSecurityLdapTemplate extends LdapTemplate {
+
 	// ~ Static fields/initializers
 	// =====================================================================================
 	private static final Log logger = LogFactory.getLog(SpringSecurityLdapTemplate.class);
@@ -90,11 +91,9 @@ public class SpringSecurityLdapTemplate extends LdapTemplate {
 	/**
 	 * Performs an LDAP compare operation of the value of an attribute for a particular
 	 * directory entry.
-	 *
 	 * @param dn the entry who's attribute is to be used
 	 * @param attributeName the attribute who's value we want to compare
 	 * @param value the value to be checked against the directory value
-	 *
 	 * @return true if the supplied value matches that in the directory
 	 */
 	public boolean compare(final String dn, final String attributeName, final Object value) {
@@ -107,14 +106,15 @@ public class SpringSecurityLdapTemplate extends LdapTemplate {
 				ctls.setReturningAttributes(NO_ATTRS);
 				ctls.setSearchScope(SearchControls.OBJECT_SCOPE);
 
-				NamingEnumeration<SearchResult> results = ctx.search(dn,
-						comparisonFilter, new Object[] { value }, ctls);
+				NamingEnumeration<SearchResult> results = ctx.search(dn, comparisonFilter, new Object[] { value },
+						ctls);
 
 				Boolean match = results.hasMore();
 				LdapUtils.closeEnumeration(results);
 
 				return match;
 			}
+
 		}
 
 		Boolean matches = (Boolean) executeReadOnly(new LdapCompareCallback());
@@ -124,15 +124,12 @@ public class SpringSecurityLdapTemplate extends LdapTemplate {
 
 	/**
 	 * Composes an object from the attributes of the given DN.
-	 *
 	 * @param dn the directory entry which will be read
 	 * @param attributesToRetrieve the named attributes which will be retrieved from the
 	 * directory entry.
-	 *
 	 * @return the object created by the mapper
 	 */
-	public DirContextOperations retrieveEntry(final String dn,
-			final String[] attributesToRetrieve) {
+	public DirContextOperations retrieveEntry(final String dn, final String[] attributesToRetrieve) {
 
 		return (DirContextOperations) executeReadOnly((ContextExecutor) ctx -> {
 			Attributes attrs = ctx.getAttributes(dn, attributesToRetrieve);
@@ -149,20 +146,18 @@ public class SpringSecurityLdapTemplate extends LdapTemplate {
 	 * the named attribute found in all entries matched by the search. Note that one
 	 * directory entry may have several values for the attribute. Intended for role
 	 * searches and similar scenarios.
-	 *
 	 * @param base the DN to search in
 	 * @param filter search filter to use
 	 * @param params the parameters to substitute in the search filter
 	 * @param attributeName the attribute who's values are to be retrieved.
-	 *
 	 * @return the set of String values for the attribute as a union of the values found
 	 * in all the matching entries.
 	 */
-	public Set<String> searchForSingleAttributeValues(final String base,
-			final String filter, final Object[] params, final String attributeName) {
+	public Set<String> searchForSingleAttributeValues(final String base, final String filter, final Object[] params,
+			final String attributeName) {
 		String[] attributeNames = new String[] { attributeName };
-		Set<Map<String, List<String>>> multipleAttributeValues = searchForMultipleAttributeValues(
-				base, filter, params, attributeNames);
+		Set<Map<String, List<String>>> multipleAttributeValues = searchForMultipleAttributeValues(base, filter, params,
+				attributeNames);
 		Set<String> result = new HashSet<>();
 		for (Map<String, List<String>> map : multipleAttributeValues) {
 			List<String> values = map.get(attributeName);
@@ -178,19 +173,16 @@ public class SpringSecurityLdapTemplate extends LdapTemplate {
 	 * attribute found in all entries matched by the search. Note that one directory entry
 	 * may have several values for the attribute. Intended for role searches and similar
 	 * scenarios.
-	 *
 	 * @param base the DN to search in
 	 * @param filter search filter to use
 	 * @param params the parameters to substitute in the search filter
 	 * @param attributeNames the attributes' values that are to be retrieved.
-	 *
 	 * @return the set of String values for each attribute found in all the matching
 	 * entries. The attribute name is the key for each set of values. In addition each map
 	 * contains the DN as a String with the key predefined key {@link #DN_KEY}.
 	 */
-	public Set<Map<String, List<String>>> searchForMultipleAttributeValues(
-			final String base, final String filter, final Object[] params,
-			final String[] attributeNames) {
+	public Set<Map<String, List<String>>> searchForMultipleAttributeValues(final String base, final String filter,
+			final Object[] params, final String[] attributeNames) {
 		// Escape the params acording to RFC2254
 		Object[] encodedParams = new String[params.length];
 
@@ -208,15 +200,13 @@ public class SpringSecurityLdapTemplate extends LdapTemplate {
 			Map<String, List<String>> record = new HashMap<>();
 			if (attributeNames == null || attributeNames.length == 0) {
 				try {
-					for (NamingEnumeration ae = adapter.getAttributes().getAll(); ae
-							.hasMore();) {
+					for (NamingEnumeration ae = adapter.getAttributes().getAll(); ae.hasMore();) {
 						Attribute attr = (Attribute) ae.next();
 						extractStringAttributeValues(adapter, record, attr.getID());
 					}
 				}
 				catch (NamingException x) {
-					org.springframework.ldap.support.LdapUtils
-							.convertLdapException(x);
+					org.springframework.ldap.support.LdapUtils.convertLdapException(x);
 				}
 			}
 			else {
@@ -231,8 +221,7 @@ public class SpringSecurityLdapTemplate extends LdapTemplate {
 
 		SearchControls ctls = new SearchControls();
 		ctls.setSearchScope(searchControls.getSearchScope());
-		ctls.setReturningAttributes(attributeNames != null && attributeNames.length > 0 ? attributeNames
-				: null);
+		ctls.setReturningAttributes(attributeNames != null && attributeNames.length > 0 ? attributeNames : null);
 
 		search(base, formattedFilter, ctls, roleMapper);
 
@@ -256,13 +245,12 @@ public class SpringSecurityLdapTemplate extends LdapTemplate {
 	 * Extracts String values for a specified attribute name and places them in the map
 	 * representing the ldap record If a value is not of type String, it will derive it's
 	 * value from the {@link Object#toString()}
-	 *
 	 * @param adapter - the adapter that contains the values
 	 * @param record - the map holding the attribute names and values
 	 * @param attributeName - the name for which to fetch the values from
 	 */
-	private void extractStringAttributeValues(DirContextAdapter adapter,
-			Map<String, List<String>> record, String attributeName) {
+	private void extractStringAttributeValues(DirContextAdapter adapter, Map<String, List<String>> record,
+			String attributeName) {
 		Object[] values = adapter.getObjectAttributes(attributeName);
 		if (values == null || values.length == 0) {
 			if (logger.isDebugEnabled()) {
@@ -278,9 +266,8 @@ public class SpringSecurityLdapTemplate extends LdapTemplate {
 				}
 				else {
 					if (logger.isDebugEnabled()) {
-						logger.debug("Attribute:" + attributeName
-								+ " contains a non string value of type[" + o.getClass()
-								+ "]");
+						logger.debug("Attribute:" + attributeName + " contains a non string value of type["
+								+ o.getClass() + "]");
 					}
 					svalues.add(o.toString());
 				}
@@ -295,39 +282,33 @@ public class SpringSecurityLdapTemplate extends LdapTemplate {
 	 * <p>
 	 * Ignores <tt>PartialResultException</tt> if thrown, for compatibility with Active
 	 * Directory (see {@link LdapTemplate#setIgnorePartialResultException(boolean)}).
-	 *
 	 * @param base the search base, relative to the base context supplied by the context
 	 * source.
 	 * @param filter the LDAP search filter
 	 * @param params parameters to be substituted in the search.
-	 *
 	 * @return a DirContextOperations instance created from the matching entry.
-	 *
 	 * @throws IncorrectResultSizeDataAccessException if no results are found or the
 	 * search returns more than one result.
 	 */
-	public DirContextOperations searchForSingleEntry(final String base,
-			final String filter, final Object[] params) {
+	public DirContextOperations searchForSingleEntry(final String base, final String filter, final Object[] params) {
 
-		return (DirContextOperations) executeReadOnly((ContextExecutor) ctx -> searchForSingleEntryInternal(ctx, searchControls, base, filter,
-				params));
+		return (DirContextOperations) executeReadOnly(
+				(ContextExecutor) ctx -> searchForSingleEntryInternal(ctx, searchControls, base, filter, params));
 	}
 
 	/**
 	 * Internal method extracted to avoid code duplication in AD search.
 	 */
-	public static DirContextOperations searchForSingleEntryInternal(DirContext ctx,
-			SearchControls searchControls, String base, String filter, Object[] params)
-			throws NamingException {
-		final DistinguishedName ctxBaseDn = new DistinguishedName(
-				ctx.getNameInNamespace());
+	public static DirContextOperations searchForSingleEntryInternal(DirContext ctx, SearchControls searchControls,
+			String base, String filter, Object[] params) throws NamingException {
+		final DistinguishedName ctxBaseDn = new DistinguishedName(ctx.getNameInNamespace());
 		final DistinguishedName searchBaseDn = new DistinguishedName(base);
-		final NamingEnumeration<SearchResult> resultsEnum = ctx.search(searchBaseDn,
-				filter, params, buildControls(searchControls));
+		final NamingEnumeration<SearchResult> resultsEnum = ctx.search(searchBaseDn, filter, params,
+				buildControls(searchControls));
 
 		if (logger.isDebugEnabled()) {
-			logger.debug("Searching for entry under DN '" + ctxBaseDn + "', base = '"
-					+ searchBaseDn + "', filter = '" + filter + "'");
+			logger.debug("Searching for entry under DN '" + ctxBaseDn + "', base = '" + searchBaseDn + "', filter = '"
+					+ filter + "'");
 		}
 
 		Set<DirContextOperations> results = new HashSet<>();
@@ -335,8 +316,7 @@ public class SpringSecurityLdapTemplate extends LdapTemplate {
 			while (resultsEnum.hasMore()) {
 				SearchResult searchResult = resultsEnum.next();
 				DirContextAdapter dca = (DirContextAdapter) searchResult.getObject();
-				Assert.notNull(dca,
-						"No object returned by search, DirContext is not correctly configured");
+				Assert.notNull(dca, "No object returned by search, DirContext is not correctly configured");
 
 				if (logger.isDebugEnabled()) {
 					logger.debug("Found DN: " + dca.getDn());
@@ -367,19 +347,18 @@ public class SpringSecurityLdapTemplate extends LdapTemplate {
 	 * @return
 	 */
 	private static SearchControls buildControls(SearchControls originalControls) {
-		return new SearchControls(originalControls.getSearchScope(),
-				originalControls.getCountLimit(), originalControls.getTimeLimit(),
-				originalControls.getReturningAttributes(), RETURN_OBJECT,
+		return new SearchControls(originalControls.getSearchScope(), originalControls.getCountLimit(),
+				originalControls.getTimeLimit(), originalControls.getReturningAttributes(), RETURN_OBJECT,
 				originalControls.getDerefLinkFlag());
 	}
 
 	/**
 	 * Sets the search controls which will be used for search operations by the template.
-	 *
 	 * @param searchControls the SearchControls instance which will be cached in the
 	 * template.
 	 */
 	public void setSearchControls(SearchControls searchControls) {
 		this.searchControls = searchControls;
 	}
+
 }
diff --git a/ldap/src/main/java/org/springframework/security/ldap/authentication/AbstractLdapAuthenticationProvider.java b/ldap/src/main/java/org/springframework/security/ldap/authentication/AbstractLdapAuthenticationProvider.java
index 7fc3544929..957fd007e9 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/authentication/AbstractLdapAuthenticationProvider.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/authentication/AbstractLdapAuthenticationProvider.java
@@ -46,16 +46,19 @@ import org.springframework.util.StringUtils;
  * @author Luke Taylor
  * @since 3.1
  */
-public abstract class AbstractLdapAuthenticationProvider
-		implements AuthenticationProvider, MessageSourceAware {
+public abstract class AbstractLdapAuthenticationProvider implements AuthenticationProvider, MessageSourceAware {
+
 	protected final Log logger = LogFactory.getLog(getClass());
+
 	protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
+
 	private boolean useAuthenticationRequestCredentials = true;
+
 	private GrantedAuthoritiesMapper authoritiesMapper = new NullAuthoritiesMapper();
+
 	protected UserDetailsContextMapper userDetailsContextMapper = new LdapUserDetailsMapper();
 
-	public Authentication authenticate(Authentication authentication)
-			throws AuthenticationException {
+	public Authentication authenticate(Authentication authentication) throws AuthenticationException {
 		Assert.isInstanceOf(UsernamePasswordAuthenticationToken.class, authentication,
 				() -> this.messages.getMessage("LdapAuthenticationProvider.onlySupports",
 						"Only UsernamePasswordAuthenticationToken is supported"));
@@ -70,50 +73,44 @@ public abstract class AbstractLdapAuthenticationProvider
 		}
 
 		if (!StringUtils.hasLength(username)) {
-			throw new BadCredentialsException(this.messages.getMessage(
-					"LdapAuthenticationProvider.emptyUsername", "Empty Username"));
+			throw new BadCredentialsException(
+					this.messages.getMessage("LdapAuthenticationProvider.emptyUsername", "Empty Username"));
 		}
 
 		if (!StringUtils.hasLength(password)) {
-			throw new BadCredentialsException(this.messages.getMessage(
-					"AbstractLdapAuthenticationProvider.emptyPassword",
-					"Empty Password"));
+			throw new BadCredentialsException(
+					this.messages.getMessage("AbstractLdapAuthenticationProvider.emptyPassword", "Empty Password"));
 		}
 
 		Assert.notNull(password, "Null password was supplied in authentication token");
 
 		DirContextOperations userData = doAuthentication(userToken);
 
-		UserDetails user = this.userDetailsContextMapper.mapUserFromContext(userData,
-				authentication.getName(),
-				loadUserAuthorities(userData, authentication.getName(),
-						(String) authentication.getCredentials()));
+		UserDetails user = this.userDetailsContextMapper.mapUserFromContext(userData, authentication.getName(),
+				loadUserAuthorities(userData, authentication.getName(), (String) authentication.getCredentials()));
 
 		return createSuccessfulAuthentication(userToken, user);
 	}
 
-	protected abstract DirContextOperations doAuthentication(
-			UsernamePasswordAuthenticationToken auth);
+	protected abstract DirContextOperations doAuthentication(UsernamePasswordAuthenticationToken auth);
 
-	protected abstract Collection<? extends GrantedAuthority> loadUserAuthorities(
-			DirContextOperations userData, String username, String password);
+	protected abstract Collection<? extends GrantedAuthority> loadUserAuthorities(DirContextOperations userData,
+			String username, String password);
 
 	/**
 	 * Creates the final {@code Authentication} object which will be returned from the
 	 * {@code authenticate} method.
-	 *
 	 * @param authentication the original authentication request token
 	 * @param user the <tt>UserDetails</tt> instance returned by the configured
 	 * <tt>UserDetailsContextMapper</tt>.
 	 * @return the Authentication object for the fully authenticated user.
 	 */
-	protected Authentication createSuccessfulAuthentication(
-			UsernamePasswordAuthenticationToken authentication, UserDetails user) {
-		Object password = this.useAuthenticationRequestCredentials
-				? authentication.getCredentials() : user.getPassword();
+	protected Authentication createSuccessfulAuthentication(UsernamePasswordAuthenticationToken authentication,
+			UserDetails user) {
+		Object password = this.useAuthenticationRequestCredentials ? authentication.getCredentials()
+				: user.getPassword();
 
-		UsernamePasswordAuthenticationToken result = new UsernamePasswordAuthenticationToken(
-				user, password,
+		UsernamePasswordAuthenticationToken result = new UsernamePasswordAuthenticationToken(user, password,
 				this.authoritiesMapper.mapAuthorities(user.getAuthorities()));
 		result.setDetails(authentication.getDetails());
 
@@ -130,11 +127,9 @@ public abstract class AbstractLdapAuthenticationProvider
 	 * obtained from the UserDetails object created by the configured
 	 * {@code UserDetailsContextMapper}. Often it will not be possible to read the
 	 * password from the directory, so defaults to true.
-	 *
 	 * @param useAuthenticationRequestCredentials
 	 */
-	public void setUseAuthenticationRequestCredentials(
-			boolean useAuthenticationRequestCredentials) {
+	public void setUseAuthenticationRequestCredentials(boolean useAuthenticationRequestCredentials) {
 		this.useAuthenticationRequestCredentials = useAuthenticationRequestCredentials;
 	}
 
@@ -151,14 +146,11 @@ public abstract class AbstractLdapAuthenticationProvider
 	 * will be stored as the principal in the <tt>Authentication</tt> returned by the
 	 * {@link #createSuccessfulAuthentication(org.springframework.security.authentication.UsernamePasswordAuthenticationToken, org.springframework.security.core.userdetails.UserDetails)}
 	 * method.
-	 *
 	 * @param userDetailsContextMapper the strategy instance. If not set, defaults to a
 	 * simple <tt>LdapUserDetailsMapper</tt>.
 	 */
-	public void setUserDetailsContextMapper(
-			UserDetailsContextMapper userDetailsContextMapper) {
-		Assert.notNull(userDetailsContextMapper,
-				"UserDetailsContextMapper must not be null");
+	public void setUserDetailsContextMapper(UserDetailsContextMapper userDetailsContextMapper) {
+		Assert.notNull(userDetailsContextMapper, "UserDetailsContextMapper must not be null");
 		this.userDetailsContextMapper = userDetailsContextMapper;
 	}
 
@@ -169,4 +161,5 @@ public abstract class AbstractLdapAuthenticationProvider
 	protected UserDetailsContextMapper getUserDetailsContextMapper() {
 		return this.userDetailsContextMapper;
 	}
+
 }
diff --git a/ldap/src/main/java/org/springframework/security/ldap/authentication/AbstractLdapAuthenticator.java b/ldap/src/main/java/org/springframework/security/ldap/authentication/AbstractLdapAuthenticator.java
index 0fb836a6ae..43d13eb4dc 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/authentication/AbstractLdapAuthenticator.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/authentication/AbstractLdapAuthenticator.java
@@ -35,8 +35,8 @@ import java.util.List;
  *
  * @author Luke Taylor
  */
-public abstract class AbstractLdapAuthenticator implements LdapAuthenticator,
-		InitializingBean, MessageSourceAware {
+public abstract class AbstractLdapAuthenticator implements LdapAuthenticator, InitializingBean, MessageSourceAware {
+
 	// ~ Instance fields
 	// ================================================================================================
 
@@ -47,6 +47,7 @@ public abstract class AbstractLdapAuthenticator implements LdapAuthenticator,
 	 * isn't sufficient
 	 */
 	private LdapUserSearch userSearch;
+
 	protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
 
 	/**
@@ -64,7 +65,6 @@ public abstract class AbstractLdapAuthenticator implements LdapAuthenticator,
 
 	/**
 	 * Create an initialized instance with the {@link ContextSource} provided.
-	 *
 	 * @param contextSource
 	 */
 	public AbstractLdapAuthenticator(ContextSource contextSource) {
@@ -91,9 +91,7 @@ public abstract class AbstractLdapAuthenticator implements LdapAuthenticator,
 	/**
 	 * Builds list of possible DNs for the user, worked out from the
 	 * <tt>userDnPatterns</tt> property.
-	 *
 	 * @param username the user's login name
-	 *
 	 * @return the list of possible DN matches, empty if <tt>userDnPatterns</tt> wasn't
 	 * set.
 	 */
@@ -125,12 +123,10 @@ public abstract class AbstractLdapAuthenticator implements LdapAuthenticator,
 
 	/**
 	 * Sets the user attributes which will be retrieved from the directory.
-	 *
 	 * @param userAttributes
 	 */
 	public void setUserAttributes(String[] userAttributes) {
-		Assert.notNull(userAttributes,
-				"The userAttributes property cannot be set to null");
+		Assert.notNull(userAttributes, "The userAttributes property cannot be set to null");
 		this.userAttributes = userAttributes;
 	}
 
@@ -138,7 +134,6 @@ public abstract class AbstractLdapAuthenticator implements LdapAuthenticator,
 	 * Sets the pattern which will be used to supply a DN for the user. The pattern should
 	 * be the name relative to the root DN. The pattern argument {0} will contain the
 	 * username. An example would be "cn={0},ou=people".
-	 *
 	 * @param dnPattern the array of patterns which will be tried when converting a
 	 * username to a DN.
 	 */
@@ -156,4 +151,5 @@ public abstract class AbstractLdapAuthenticator implements LdapAuthenticator,
 		Assert.notNull(userSearch, "The userSearch cannot be set to null");
 		this.userSearch = userSearch;
 	}
+
 }
diff --git a/ldap/src/main/java/org/springframework/security/ldap/authentication/BindAuthenticator.java b/ldap/src/main/java/org/springframework/security/ldap/authentication/BindAuthenticator.java
index 26dea8c4a7..a3433f094a 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/authentication/BindAuthenticator.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/authentication/BindAuthenticator.java
@@ -39,10 +39,10 @@ import javax.naming.directory.DirContext;
  * An authenticator which binds as a user.
  *
  * @author Luke Taylor
- *
  * @see AbstractLdapAuthenticator
  */
 public class BindAuthenticator extends AbstractLdapAuthenticator {
+
 	// ~ Static fields/initializers
 	// =====================================================================================
 
@@ -54,7 +54,6 @@ public class BindAuthenticator extends AbstractLdapAuthenticator {
 	/**
 	 * Create an initialized instance using the {@link BaseLdapPathContextSource}
 	 * provided.
-	 *
 	 * @param contextSource the BaseLdapPathContextSource instance against which bind
 	 * operations will be performed.
 	 *
@@ -76,8 +75,7 @@ public class BindAuthenticator extends AbstractLdapAuthenticator {
 
 		if (!StringUtils.hasLength(password)) {
 			logger.debug("Rejecting empty password for user " + username);
-			throw new BadCredentialsException(messages.getMessage(
-					"BindAuthenticator.emptyPassword", "Empty Password"));
+			throw new BadCredentialsException(messages.getMessage("BindAuthenticator.emptyPassword", "Empty Password"));
 		}
 
 		// If DN patterns are configured, try authenticating with them directly
@@ -93,25 +91,22 @@ public class BindAuthenticator extends AbstractLdapAuthenticator {
 		// with the returned DN.
 		if (user == null && getUserSearch() != null) {
 			DirContextOperations userFromSearch = getUserSearch().searchForUser(username);
-			user = bindWithDn(userFromSearch.getDn().toString(), username, password,
-					userFromSearch.getAttributes());
+			user = bindWithDn(userFromSearch.getDn().toString(), username, password, userFromSearch.getAttributes());
 		}
 
 		if (user == null) {
-			throw new BadCredentialsException(messages.getMessage(
-					"BindAuthenticator.badCredentials", "Bad credentials"));
+			throw new BadCredentialsException(
+					messages.getMessage("BindAuthenticator.badCredentials", "Bad credentials"));
 		}
 
 		return user;
 	}
 
-	private DirContextOperations bindWithDn(String userDnStr, String username,
-			String password) {
+	private DirContextOperations bindWithDn(String userDnStr, String username, String password) {
 		return bindWithDn(userDnStr, username, password, null);
 	}
 
-	private DirContextOperations bindWithDn(String userDnStr, String username,
-			String password, Attributes attrs) {
+	private DirContextOperations bindWithDn(String userDnStr, String username, String password, Attributes attrs) {
 		BaseLdapPathContextSource ctxSource = (BaseLdapPathContextSource) getContextSource();
 		DistinguishedName userDn = new DistinguishedName(userDnStr);
 		DistinguishedName fullDn = new DistinguishedName(userDn);
@@ -123,16 +118,14 @@ public class BindAuthenticator extends AbstractLdapAuthenticator {
 		try {
 			ctx = getContextSource().getContext(fullDn.toString(), password);
 			// Check for password policy control
-			PasswordPolicyControl ppolicy = PasswordPolicyControlExtractor
-					.extractControl(ctx);
+			PasswordPolicyControl ppolicy = PasswordPolicyControlExtractor.extractControl(ctx);
 
 			logger.debug("Retrieving attributes...");
-			if (attrs == null || attrs.size()==0) {
+			if (attrs == null || attrs.size() == 0) {
 				attrs = ctx.getAttributes(userDn, getUserAttributes());
 			}
 
-			DirContextAdapter result = new DirContextAdapter(attrs, userDn,
-					ctxSource.getBaseLdapPath());
+			DirContextAdapter result = new DirContextAdapter(attrs, userDn, ctxSource.getBaseLdapPath());
 
 			if (ppolicy != null) {
 				result.setAttributeValue(ppolicy.getID(), ppolicy);
@@ -172,4 +165,5 @@ public class BindAuthenticator extends AbstractLdapAuthenticator {
 			logger.debug("Failed to bind as " + userDn + ": " + cause);
 		}
 	}
+
 }
diff --git a/ldap/src/main/java/org/springframework/security/ldap/authentication/LdapAuthenticationProvider.java b/ldap/src/main/java/org/springframework/security/ldap/authentication/LdapAuthenticationProvider.java
index 8381f2efcb..f2ab6ae526 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/authentication/LdapAuthenticationProvider.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/authentication/LdapAuthenticationProvider.java
@@ -108,21 +108,22 @@ import org.springframework.util.Assert;
  * this means that if the LDAP directory is configured to allow unauthenticated access, it
  * might be possible to authenticate as <i>any</i> user just by supplying an empty
  * password. More information on the misuse of unauthenticated access can be found in
- * <a href="https://www.ietf.org/internet-drafts/draft-ietf-ldapbis-authmeth-19.txt"> draft
- * -ietf-ldapbis-authmeth-19.txt</a>.
- *
+ * <a href="https://www.ietf.org/internet-drafts/draft-ietf-ldapbis-authmeth-19.txt">
+ * draft -ietf-ldapbis-authmeth-19.txt</a>.
  *
  * @author Luke Taylor
- *
  * @see BindAuthenticator
  * @see DefaultLdapAuthoritiesPopulator
  */
 public class LdapAuthenticationProvider extends AbstractLdapAuthenticationProvider {
+
 	// ~ Instance fields
 	// ================================================================================================
 
 	private LdapAuthenticator authenticator;
+
 	private LdapAuthoritiesPopulator authoritiesPopulator;
+
 	private boolean hideUserNotFoundExceptions = true;
 
 	// ~ Constructors
@@ -131,14 +132,12 @@ public class LdapAuthenticationProvider extends AbstractLdapAuthenticationProvid
 	/**
 	 * Create an instance with the supplied authenticator and authorities populator
 	 * implementations.
-	 *
 	 * @param authenticator the authentication strategy (bind, password comparison, etc)
 	 * to be used by this provider for authenticating users.
 	 * @param authoritiesPopulator the strategy for obtaining the authorities for a given
 	 * user after they've been authenticated.
 	 */
-	public LdapAuthenticationProvider(LdapAuthenticator authenticator,
-			LdapAuthoritiesPopulator authoritiesPopulator) {
+	public LdapAuthenticationProvider(LdapAuthenticator authenticator, LdapAuthoritiesPopulator authoritiesPopulator) {
 		this.setAuthenticator(authenticator);
 		this.setAuthoritiesPopulator(authoritiesPopulator);
 	}
@@ -146,7 +145,6 @@ public class LdapAuthenticationProvider extends AbstractLdapAuthenticationProvid
 	/**
 	 * Creates an instance with the supplied authenticator and a null authorities
 	 * populator. In this case, the authorities must be mapped from the user context.
-	 *
 	 * @param authenticator the authenticator strategy.
 	 */
 	public LdapAuthenticationProvider(LdapAuthenticator authenticator) {
@@ -167,8 +165,7 @@ public class LdapAuthenticationProvider extends AbstractLdapAuthenticationProvid
 	}
 
 	private void setAuthoritiesPopulator(LdapAuthoritiesPopulator authoritiesPopulator) {
-		Assert.notNull(authoritiesPopulator,
-				"An LdapAuthoritiesPopulator must be supplied");
+		Assert.notNull(authoritiesPopulator, "An LdapAuthoritiesPopulator must be supplied");
 		this.authoritiesPopulator = authoritiesPopulator;
 	}
 
@@ -181,35 +178,33 @@ public class LdapAuthenticationProvider extends AbstractLdapAuthenticationProvid
 	}
 
 	@Override
-	protected DirContextOperations doAuthentication(
-			UsernamePasswordAuthenticationToken authentication) {
+	protected DirContextOperations doAuthentication(UsernamePasswordAuthenticationToken authentication) {
 		try {
 			return getAuthenticator().authenticate(authentication);
 		}
 		catch (PasswordPolicyException ppe) {
 			// The only reason a ppolicy exception can occur during a bind is that the
 			// account is locked.
-			throw new LockedException(this.messages.getMessage(
-					ppe.getStatus().getErrorCode(), ppe.getStatus().getDefaultMessage()));
+			throw new LockedException(
+					this.messages.getMessage(ppe.getStatus().getErrorCode(), ppe.getStatus().getDefaultMessage()));
 		}
 		catch (UsernameNotFoundException notFound) {
 			if (this.hideUserNotFoundExceptions) {
-				throw new BadCredentialsException(this.messages.getMessage(
-						"LdapAuthenticationProvider.badCredentials", "Bad credentials"));
+				throw new BadCredentialsException(
+						this.messages.getMessage("LdapAuthenticationProvider.badCredentials", "Bad credentials"));
 			}
 			else {
 				throw notFound;
 			}
 		}
 		catch (NamingException ldapAccessFailure) {
-			throw new InternalAuthenticationServiceException(
-					ldapAccessFailure.getMessage(), ldapAccessFailure);
+			throw new InternalAuthenticationServiceException(ldapAccessFailure.getMessage(), ldapAccessFailure);
 		}
 	}
 
 	@Override
-	protected Collection<? extends GrantedAuthority> loadUserAuthorities(
-			DirContextOperations userData, String username, String password) {
+	protected Collection<? extends GrantedAuthority> loadUserAuthorities(DirContextOperations userData, String username,
+			String password) {
 		return getAuthoritiesPopulator().getGrantedAuthorities(userData, username);
 	}
 
diff --git a/ldap/src/main/java/org/springframework/security/ldap/authentication/LdapAuthenticator.java b/ldap/src/main/java/org/springframework/security/ldap/authentication/LdapAuthenticator.java
index 93cd57730c..2bbfd295e8 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/authentication/LdapAuthenticator.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/authentication/LdapAuthenticator.java
@@ -26,19 +26,19 @@ import org.springframework.ldap.core.DirContextOperations;
  * the information for that user from the directory.
  *
  * @author Luke Taylor
- *
  * @see org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator
  * @see org.springframework.security.ldap.authentication.UserDetailsServiceLdapAuthoritiesPopulator
  */
 public interface LdapAuthenticator {
+
 	// ~ Methods
 	// ========================================================================================================
 
 	/**
 	 * Authenticates as a user and obtains additional user information from the directory.
-	 *
 	 * @param authentication
 	 * @return the details of the successfully authenticated user.
 	 */
 	DirContextOperations authenticate(Authentication authentication);
+
 }
diff --git a/ldap/src/main/java/org/springframework/security/ldap/authentication/LdapEncoder.java b/ldap/src/main/java/org/springframework/security/ldap/authentication/LdapEncoder.java
index 30ed9e4493..f7f4a4ccad 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/authentication/LdapEncoder.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/authentication/LdapEncoder.java
@@ -1,245 +1,241 @@
-/*
- * Copyright 2005-2010 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.springframework.security.ldap.authentication;
-
-import org.springframework.ldap.BadLdapGrammarException;
-
-/**
- * Helper class to encode and decode ldap names and values.
- *
- * <p>
- * NOTE: This is a copy from Spring LDAP so that both Spring LDAP 1.x and 2.x can be
- * supported without reflection.
- * </p>
- *
- * @author Adam Skogman
- * @author Mattias Hellborg Arthursson
- */
-final class LdapEncoder {
-
-	private static final int HEX = 16;
-	private static String[] NAME_ESCAPE_TABLE = new String[96];
-
-	private static String[] FILTER_ESCAPE_TABLE = new String['\\' + 1];
-
-	static {
-
-		// Name encoding table -------------------------------------
-
-		// all below 0x20 (control chars)
-		for (char c = 0; c < ' '; c++) {
-			NAME_ESCAPE_TABLE[c] = "\\" + toTwoCharHex(c);
-		}
-
-		NAME_ESCAPE_TABLE['#'] = "\\#";
-		NAME_ESCAPE_TABLE[','] = "\\,";
-		NAME_ESCAPE_TABLE[';'] = "\\;";
-		NAME_ESCAPE_TABLE['='] = "\\=";
-		NAME_ESCAPE_TABLE['+'] = "\\+";
-		NAME_ESCAPE_TABLE['<'] = "\\<";
-		NAME_ESCAPE_TABLE['>'] = "\\>";
-		NAME_ESCAPE_TABLE['\"'] = "\\\"";
-		NAME_ESCAPE_TABLE['\\'] = "\\\\";
-
-		// Filter encoding table -------------------------------------
-
-		// fill with char itself
-		for (char c = 0; c < FILTER_ESCAPE_TABLE.length; c++) {
-			FILTER_ESCAPE_TABLE[c] = String.valueOf(c);
-		}
-
-		// escapes (RFC2254)
-		FILTER_ESCAPE_TABLE['*'] = "\\2a";
-		FILTER_ESCAPE_TABLE['('] = "\\28";
-		FILTER_ESCAPE_TABLE[')'] = "\\29";
-		FILTER_ESCAPE_TABLE['\\'] = "\\5c";
-		FILTER_ESCAPE_TABLE[0] = "\\00";
-
-	}
-
-	/**
-	 * All static methods - not to be instantiated.
-	 */
-	private LdapEncoder() {
-	}
-
-	protected static String toTwoCharHex(char c) {
-
-		String raw = Integer.toHexString(c).toUpperCase();
-
-		if (raw.length() > 1) {
-			return raw;
-		}
-		else {
-			return "0" + raw;
-		}
-	}
-
-	/**
-	 * Escape a value for use in a filter.
-	 *
-	 * @param value the value to escape.
-	 * @return a properly escaped representation of the supplied value.
-	 */
-	public static String filterEncode(String value) {
-
-		if (value == null) {
-			return null;
-		}
-
-		// make buffer roomy
-		StringBuilder encodedValue = new StringBuilder(value.length() * 2);
-
-		int length = value.length();
-
-		for (int i = 0; i < length; i++) {
-
-			char c = value.charAt(i);
-
-			if (c < FILTER_ESCAPE_TABLE.length) {
-				encodedValue.append(FILTER_ESCAPE_TABLE[c]);
-			}
-			else {
-				// default: add the char
-				encodedValue.append(c);
-			}
-		}
-
-		return encodedValue.toString();
-	}
-
-	/**
-	 * LDAP Encodes a value for use with a DN. Escapes for LDAP, not JNDI!
-	 *
-	 * <br/>
-	 * Escapes:<br/>
-	 * ' ' [space] - "\ " [if first or last] <br/>
-	 * '#' [hash] - "\#" <br/>
-	 * ',' [comma] - "\," <br/>
-	 * ';' [semicolon] - "\;" <br/>
-	 * '= [equals] - "\=" <br/>
-	 * '+' [plus] - "\+" <br/>
-	 * '&lt;' [less than] - "\&lt;" <br/>
-	 * '&gt;' [greater than] - "\&gt;" <br/>
-	 * '"' [double quote] - "\"" <br/>
-	 * '\' [backslash] - "\\" <br/>
-	 *
-	 * @param value the value to escape.
-	 * @return The escaped value.
-	 */
-	public static String nameEncode(String value) {
-
-		if (value == null) {
-			return null;
-		}
-
-		// make buffer roomy
-		StringBuilder encodedValue = new StringBuilder(value.length() * 2);
-
-		int length = value.length();
-		int last = length - 1;
-
-		for (int i = 0; i < length; i++) {
-
-			char c = value.charAt(i);
-
-			// space first or last
-			if (c == ' ' && (i == 0 || i == last)) {
-				encodedValue.append("\\ ");
-				continue;
-			}
-
-			if (c < NAME_ESCAPE_TABLE.length) {
-				// check in table for escapes
-				String esc = NAME_ESCAPE_TABLE[c];
-
-				if (esc != null) {
-					encodedValue.append(esc);
-					continue;
-				}
-			}
-
-			// default: add the char
-			encodedValue.append(c);
-		}
-
-		return encodedValue.toString();
-
-	}
-
-	/**
-	 * Decodes a value. Converts escaped chars to ordinary chars.
-	 *
-	 * @param value Trimmed value, so no leading an trailing blanks, except an escaped
-	 * space last.
-	 * @return The decoded value as a string.
-	 * @throws BadLdapGrammarException
-	 */
-	static public String nameDecode(String value) throws BadLdapGrammarException {
-
-		if (value == null) {
-			return null;
-		}
-
-		// make buffer same size
-		StringBuilder decoded = new StringBuilder(value.length());
-
-		int i = 0;
-		while (i < value.length()) {
-			char currentChar = value.charAt(i);
-			if (currentChar == '\\') {
-				if (value.length() <= i + 1) {
-					// Ending with a single backslash is not allowed
-					throw new BadLdapGrammarException(
-							"Unexpected end of value " + "unterminated '\\'");
-				}
-				else {
-					char nextChar = value.charAt(i + 1);
-					if (nextChar == ',' || nextChar == '=' || nextChar == '+'
-							|| nextChar == '<' || nextChar == '>' || nextChar == '#'
-							|| nextChar == ';' || nextChar == '\\' || nextChar == '\"'
-							|| nextChar == ' ') {
-						// Normal backslash escape
-						decoded.append(nextChar);
-						i += 2;
-					}
-					else {
-						if (value.length() <= i + 2) {
-							throw new BadLdapGrammarException("Unexpected end of value "
-									+ "expected special or hex, found '" + nextChar
-									+ "'");
-						}
-						else {
-							// This should be a hex value
-							String hexString = "" + nextChar + value.charAt(i + 2);
-							decoded.append((char) Integer.parseInt(hexString, HEX));
-							i += 3;
-						}
-					}
-				}
-			}
-			else {
-				// This character wasn't escaped - just append it
-				decoded.append(currentChar);
-				i++;
-			}
-		}
-
-		return decoded.toString();
-
-	}
-}
+/*
+ * Copyright 2005-2010 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.security.ldap.authentication;
+
+import org.springframework.ldap.BadLdapGrammarException;
+
+/**
+ * Helper class to encode and decode ldap names and values.
+ *
+ * <p>
+ * NOTE: This is a copy from Spring LDAP so that both Spring LDAP 1.x and 2.x can be
+ * supported without reflection.
+ * </p>
+ *
+ * @author Adam Skogman
+ * @author Mattias Hellborg Arthursson
+ */
+final class LdapEncoder {
+
+	private static final int HEX = 16;
+
+	private static String[] NAME_ESCAPE_TABLE = new String[96];
+
+	private static String[] FILTER_ESCAPE_TABLE = new String['\\' + 1];
+
+	static {
+
+		// Name encoding table -------------------------------------
+
+		// all below 0x20 (control chars)
+		for (char c = 0; c < ' '; c++) {
+			NAME_ESCAPE_TABLE[c] = "\\" + toTwoCharHex(c);
+		}
+
+		NAME_ESCAPE_TABLE['#'] = "\\#";
+		NAME_ESCAPE_TABLE[','] = "\\,";
+		NAME_ESCAPE_TABLE[';'] = "\\;";
+		NAME_ESCAPE_TABLE['='] = "\\=";
+		NAME_ESCAPE_TABLE['+'] = "\\+";
+		NAME_ESCAPE_TABLE['<'] = "\\<";
+		NAME_ESCAPE_TABLE['>'] = "\\>";
+		NAME_ESCAPE_TABLE['\"'] = "\\\"";
+		NAME_ESCAPE_TABLE['\\'] = "\\\\";
+
+		// Filter encoding table -------------------------------------
+
+		// fill with char itself
+		for (char c = 0; c < FILTER_ESCAPE_TABLE.length; c++) {
+			FILTER_ESCAPE_TABLE[c] = String.valueOf(c);
+		}
+
+		// escapes (RFC2254)
+		FILTER_ESCAPE_TABLE['*'] = "\\2a";
+		FILTER_ESCAPE_TABLE['('] = "\\28";
+		FILTER_ESCAPE_TABLE[')'] = "\\29";
+		FILTER_ESCAPE_TABLE['\\'] = "\\5c";
+		FILTER_ESCAPE_TABLE[0] = "\\00";
+
+	}
+
+	/**
+	 * All static methods - not to be instantiated.
+	 */
+	private LdapEncoder() {
+	}
+
+	protected static String toTwoCharHex(char c) {
+
+		String raw = Integer.toHexString(c).toUpperCase();
+
+		if (raw.length() > 1) {
+			return raw;
+		}
+		else {
+			return "0" + raw;
+		}
+	}
+
+	/**
+	 * Escape a value for use in a filter.
+	 * @param value the value to escape.
+	 * @return a properly escaped representation of the supplied value.
+	 */
+	public static String filterEncode(String value) {
+
+		if (value == null) {
+			return null;
+		}
+
+		// make buffer roomy
+		StringBuilder encodedValue = new StringBuilder(value.length() * 2);
+
+		int length = value.length();
+
+		for (int i = 0; i < length; i++) {
+
+			char c = value.charAt(i);
+
+			if (c < FILTER_ESCAPE_TABLE.length) {
+				encodedValue.append(FILTER_ESCAPE_TABLE[c]);
+			}
+			else {
+				// default: add the char
+				encodedValue.append(c);
+			}
+		}
+
+		return encodedValue.toString();
+	}
+
+	/**
+	 * LDAP Encodes a value for use with a DN. Escapes for LDAP, not JNDI!
+	 *
+	 * <br/>
+	 * Escapes:<br/>
+	 * ' ' [space] - "\ " [if first or last] <br/>
+	 * '#' [hash] - "\#" <br/>
+	 * ',' [comma] - "\," <br/>
+	 * ';' [semicolon] - "\;" <br/>
+	 * '= [equals] - "\=" <br/>
+	 * '+' [plus] - "\+" <br/>
+	 * '&lt;' [less than] - "\&lt;" <br/>
+	 * '&gt;' [greater than] - "\&gt;" <br/>
+	 * '"' [double quote] - "\"" <br/>
+	 * '\' [backslash] - "\\" <br/>
+	 * @param value the value to escape.
+	 * @return The escaped value.
+	 */
+	public static String nameEncode(String value) {
+
+		if (value == null) {
+			return null;
+		}
+
+		// make buffer roomy
+		StringBuilder encodedValue = new StringBuilder(value.length() * 2);
+
+		int length = value.length();
+		int last = length - 1;
+
+		for (int i = 0; i < length; i++) {
+
+			char c = value.charAt(i);
+
+			// space first or last
+			if (c == ' ' && (i == 0 || i == last)) {
+				encodedValue.append("\\ ");
+				continue;
+			}
+
+			if (c < NAME_ESCAPE_TABLE.length) {
+				// check in table for escapes
+				String esc = NAME_ESCAPE_TABLE[c];
+
+				if (esc != null) {
+					encodedValue.append(esc);
+					continue;
+				}
+			}
+
+			// default: add the char
+			encodedValue.append(c);
+		}
+
+		return encodedValue.toString();
+
+	}
+
+	/**
+	 * Decodes a value. Converts escaped chars to ordinary chars.
+	 * @param value Trimmed value, so no leading an trailing blanks, except an escaped
+	 * space last.
+	 * @return The decoded value as a string.
+	 * @throws BadLdapGrammarException
+	 */
+	static public String nameDecode(String value) throws BadLdapGrammarException {
+
+		if (value == null) {
+			return null;
+		}
+
+		// make buffer same size
+		StringBuilder decoded = new StringBuilder(value.length());
+
+		int i = 0;
+		while (i < value.length()) {
+			char currentChar = value.charAt(i);
+			if (currentChar == '\\') {
+				if (value.length() <= i + 1) {
+					// Ending with a single backslash is not allowed
+					throw new BadLdapGrammarException("Unexpected end of value " + "unterminated '\\'");
+				}
+				else {
+					char nextChar = value.charAt(i + 1);
+					if (nextChar == ',' || nextChar == '=' || nextChar == '+' || nextChar == '<' || nextChar == '>'
+							|| nextChar == '#' || nextChar == ';' || nextChar == '\\' || nextChar == '\"'
+							|| nextChar == ' ') {
+						// Normal backslash escape
+						decoded.append(nextChar);
+						i += 2;
+					}
+					else {
+						if (value.length() <= i + 2) {
+							throw new BadLdapGrammarException(
+									"Unexpected end of value " + "expected special or hex, found '" + nextChar + "'");
+						}
+						else {
+							// This should be a hex value
+							String hexString = "" + nextChar + value.charAt(i + 2);
+							decoded.append((char) Integer.parseInt(hexString, HEX));
+							i += 3;
+						}
+					}
+				}
+			}
+			else {
+				// This character wasn't escaped - just append it
+				decoded.append(currentChar);
+				i++;
+			}
+		}
+
+		return decoded.toString();
+
+	}
+
+}
diff --git a/ldap/src/main/java/org/springframework/security/ldap/authentication/NullLdapAuthoritiesPopulator.java b/ldap/src/main/java/org/springframework/security/ldap/authentication/NullLdapAuthoritiesPopulator.java
index a14f1ffb3c..8f32bc29e3 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/authentication/NullLdapAuthoritiesPopulator.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/authentication/NullLdapAuthoritiesPopulator.java
@@ -23,13 +23,13 @@ import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator;
 
 /**
- *
  * @author Luke Taylor
  * @since 3.0
  */
 public final class NullLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator {
-	public Collection<GrantedAuthority> getGrantedAuthorities(
-			DirContextOperations userDetails, String username) {
+
+	public Collection<GrantedAuthority> getGrantedAuthorities(DirContextOperations userDetails, String username) {
 		return AuthorityUtils.NO_AUTHORITIES;
 	}
+
 }
diff --git a/ldap/src/main/java/org/springframework/security/ldap/authentication/PasswordComparisonAuthenticator.java b/ldap/src/main/java/org/springframework/security/ldap/authentication/PasswordComparisonAuthenticator.java
index 348c16dcb4..1b9e765a86 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/authentication/PasswordComparisonAuthenticator.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/authentication/PasswordComparisonAuthenticator.java
@@ -47,17 +47,19 @@ import org.springframework.util.Assert;
  * @author Luke Taylor
  */
 public final class PasswordComparisonAuthenticator extends AbstractLdapAuthenticator {
+
 	// ~ Static fields/initializers
 	// =====================================================================================
 
-	private static final Log logger = LogFactory
-			.getLog(PasswordComparisonAuthenticator.class);
+	private static final Log logger = LogFactory.getLog(PasswordComparisonAuthenticator.class);
 
 	// ~ Instance fields
 	// ================================================================================================
 
 	private PasswordEncoder passwordEncoder = new LdapShaPasswordEncoder(KeyGenerators.shared(0));
+
 	private String passwordAttributeName = "userPassword";
+
 	private boolean usePasswordAttrCompare = false;
 
 	// ~ Constructors
@@ -79,8 +81,7 @@ public final class PasswordComparisonAuthenticator extends AbstractLdapAuthentic
 		String username = authentication.getName();
 		String password = (String) authentication.getCredentials();
 
-		SpringSecurityLdapTemplate ldapTemplate = new SpringSecurityLdapTemplate(
-				getContextSource());
+		SpringSecurityLdapTemplate ldapTemplate = new SpringSecurityLdapTemplate(getContextSource());
 
 		for (String userDn : getUserDns(username)) {
 			try {
@@ -102,8 +103,8 @@ public final class PasswordComparisonAuthenticator extends AbstractLdapAuthentic
 		}
 
 		if (logger.isDebugEnabled()) {
-			logger.debug("Performing LDAP compare of password attribute '"
-					+ passwordAttributeName + "' for user '" + user.getDn() + "'");
+			logger.debug("Performing LDAP compare of password attribute '" + passwordAttributeName + "' for user '"
+					+ user.getDn() + "'");
 		}
 
 		if (usePasswordAttrCompare && isPasswordAttrCompare(user, password)) {
@@ -112,8 +113,8 @@ public final class PasswordComparisonAuthenticator extends AbstractLdapAuthentic
 		else if (isLdapPasswordCompare(user, ldapTemplate, password)) {
 			return user;
 		}
-		throw new BadCredentialsException(messages.getMessage(
-				"PasswordComparisonAuthenticator.badCredentials", "Bad credentials"));
+		throw new BadCredentialsException(
+				messages.getMessage("PasswordComparisonAuthenticator.badCredentials", "Bad credentials"));
 	}
 
 	private boolean isPasswordAttrCompare(DirContextOperations user, String password) {
@@ -132,17 +133,15 @@ public final class PasswordComparisonAuthenticator extends AbstractLdapAuthentic
 		return String.valueOf(passwordAttrValue);
 	}
 
-	private boolean isLdapPasswordCompare(DirContextOperations user,
-			SpringSecurityLdapTemplate ldapTemplate, String password) {
+	private boolean isLdapPasswordCompare(DirContextOperations user, SpringSecurityLdapTemplate ldapTemplate,
+			String password) {
 		String encodedPassword = passwordEncoder.encode(password);
 		byte[] passwordBytes = Utf8.encode(encodedPassword);
-		return ldapTemplate.compare(user.getDn().toString(), passwordAttributeName,
-				passwordBytes);
+		return ldapTemplate.compare(user.getDn().toString(), passwordAttributeName, passwordBytes);
 	}
 
 	public void setPasswordAttributeName(String passwordAttribute) {
-		Assert.hasLength(passwordAttribute,
-				"passwordAttributeName must not be empty or null");
+		Assert.hasLength(passwordAttribute, "passwordAttributeName must not be empty or null");
 		this.passwordAttributeName = passwordAttribute;
 	}
 
@@ -155,4 +154,5 @@ public final class PasswordComparisonAuthenticator extends AbstractLdapAuthentic
 		this.passwordEncoder = passwordEncoder;
 		setUsePasswordAttrCompare(true);
 	}
+
 }
diff --git a/ldap/src/main/java/org/springframework/security/ldap/authentication/SpringSecurityAuthenticationSource.java b/ldap/src/main/java/org/springframework/security/ldap/authentication/SpringSecurityAuthenticationSource.java
index 0ee20693e0..164b032fcc 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/authentication/SpringSecurityAuthenticationSource.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/authentication/SpringSecurityAuthenticationSource.java
@@ -36,17 +36,15 @@ import org.apache.commons.logging.LogFactory;
  * @since 2.0
  */
 public class SpringSecurityAuthenticationSource implements AuthenticationSource {
-	private static final Log log = LogFactory
-			.getLog(SpringSecurityAuthenticationSource.class);
+
+	private static final Log log = LogFactory.getLog(SpringSecurityAuthenticationSource.class);
 
 	/**
 	 * Get the principals of the logged in user, in this case the distinguished name.
-	 *
 	 * @return the distinguished name of the logged in user.
 	 */
 	public String getPrincipal() {
-		Authentication authentication = SecurityContextHolder.getContext()
-				.getAuthentication();
+		Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
 
 		if (authentication == null) {
 			log.warn("No Authentication object set in SecurityContext - returning empty String as Principal");
@@ -67,8 +65,7 @@ public class SpringSecurityAuthenticationSource implements AuthenticationSource
 		}
 		else {
 			throw new IllegalArgumentException(
-					"The principal property of the authentication object"
-							+ "needs to be an LdapUserDetails.");
+					"The principal property of the authentication object" + "needs to be an LdapUserDetails.");
 		}
 	}
 
@@ -76,8 +73,7 @@ public class SpringSecurityAuthenticationSource implements AuthenticationSource
 	 * @see org.springframework.ldap.core.AuthenticationSource#getCredentials()
 	 */
 	public String getCredentials() {
-		Authentication authentication = SecurityContextHolder.getContext()
-				.getAuthentication();
+		Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
 
 		if (authentication == null) {
 			log.warn("No Authentication object set in SecurityContext - returning empty String as Credentials");
@@ -86,4 +82,5 @@ public class SpringSecurityAuthenticationSource implements AuthenticationSource
 
 		return (String) authentication.getCredentials();
 	}
+
 }
diff --git a/ldap/src/main/java/org/springframework/security/ldap/authentication/UserDetailsServiceLdapAuthoritiesPopulator.java b/ldap/src/main/java/org/springframework/security/ldap/authentication/UserDetailsServiceLdapAuthoritiesPopulator.java
index 3f91dedfb4..d845eaafb0 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/authentication/UserDetailsServiceLdapAuthoritiesPopulator.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/authentication/UserDetailsServiceLdapAuthoritiesPopulator.java
@@ -27,12 +27,11 @@ import org.springframework.util.Assert;
  * Simple LdapAuthoritiesPopulator which delegates to a UserDetailsService, using the name
  * which was supplied at login as the username.
  *
- *
  * @author Luke Taylor
  * @since 2.0
  */
-public class UserDetailsServiceLdapAuthoritiesPopulator implements
-		LdapAuthoritiesPopulator {
+public class UserDetailsServiceLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator {
+
 	private final UserDetailsService userDetailsService;
 
 	public UserDetailsServiceLdapAuthoritiesPopulator(UserDetailsService userService) {
@@ -40,8 +39,9 @@ public class UserDetailsServiceLdapAuthoritiesPopulator implements
 		this.userDetailsService = userService;
 	}
 
-	public Collection<? extends GrantedAuthority> getGrantedAuthorities(
-			DirContextOperations userData, String username) {
+	public Collection<? extends GrantedAuthority> getGrantedAuthorities(DirContextOperations userData,
+			String username) {
 		return userDetailsService.loadUserByUsername(username).getAuthorities();
 	}
+
 }
diff --git a/ldap/src/main/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryAuthenticationException.java b/ldap/src/main/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryAuthenticationException.java
index 9f5c287e71..b6473ceaff 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryAuthenticationException.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryAuthenticationException.java
@@ -41,10 +41,10 @@ import org.springframework.security.core.AuthenticationException;
  */
 @SuppressWarnings("serial")
 public final class ActiveDirectoryAuthenticationException extends AuthenticationException {
+
 	private final String dataCode;
 
-	ActiveDirectoryAuthenticationException(String dataCode, String message,
-			Throwable cause) {
+	ActiveDirectoryAuthenticationException(String dataCode, String message, Throwable cause) {
 		super(message, cause);
 		this.dataCode = dataCode;
 	}
@@ -52,4 +52,5 @@ public final class ActiveDirectoryAuthenticationException extends Authentication
 	public String getDataCode() {
 		return dataCode;
 	}
+
 }
diff --git a/ldap/src/main/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProvider.java b/ldap/src/main/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProvider.java
index afcb2fa87e..241ebcde4b 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProvider.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProvider.java
@@ -53,8 +53,8 @@ import java.util.regex.Pattern;
  * Specialized LDAP authentication provider which uses Active Directory configuration
  * conventions.
  * <p>
- * It will authenticate using the Active Directory <a
- * href="https://msdn.microsoft.com/en-us/library/ms680857%28VS.85%29.aspx">
+ * It will authenticate using the Active Directory
+ * <a href="https://msdn.microsoft.com/en-us/library/ms680857%28VS.85%29.aspx">
  * {@code userPrincipalName}</a> or a custom {@link #setSearchFilter(String) searchFilter}
  * in the form {@code username@domain}. If the username does not already end with the
  * domain name, the {@code userPrincipalName} will be built by appending the configured
@@ -90,26 +90,37 @@ import java.util.regex.Pattern;
  * @author Rob Winch
  * @since 3.1
  */
-public final class ActiveDirectoryLdapAuthenticationProvider extends
-		AbstractLdapAuthenticationProvider {
-	private static final Pattern SUB_ERROR_CODE = Pattern
-			.compile(".*data\\s([0-9a-f]{3,4}).*");
+public final class ActiveDirectoryLdapAuthenticationProvider extends AbstractLdapAuthenticationProvider {
+
+	private static final Pattern SUB_ERROR_CODE = Pattern.compile(".*data\\s([0-9a-f]{3,4}).*");
 
 	// Error codes
 	private static final int USERNAME_NOT_FOUND = 0x525;
+
 	private static final int INVALID_PASSWORD = 0x52e;
+
 	private static final int NOT_PERMITTED = 0x530;
+
 	private static final int PASSWORD_EXPIRED = 0x532;
+
 	private static final int ACCOUNT_DISABLED = 0x533;
+
 	private static final int ACCOUNT_EXPIRED = 0x701;
+
 	private static final int PASSWORD_NEEDS_RESET = 0x773;
+
 	private static final int ACCOUNT_LOCKED = 0x775;
 
 	private final String domain;
+
 	private final String rootDn;
+
 	private final String url;
+
 	private boolean convertSubErrorCodesToExceptions;
+
 	private String searchFilter = "(&(objectClass=user)(userPrincipalName={0}))";
+
 	private Map<String, Object> contextEnvironmentProperties = new HashMap<>();
 
 	// Only used to allow tests to substitute a mock LdapContext
@@ -120,8 +131,7 @@ public final class ActiveDirectoryLdapAuthenticationProvider extends
 	 * @param url an LDAP url (or multiple URLs)
 	 * @param rootDn the root DN (may be null or empty)
 	 */
-	public ActiveDirectoryLdapAuthenticationProvider(String domain, String url,
-			String rootDn) {
+	public ActiveDirectoryLdapAuthenticationProvider(String domain, String url, String rootDn) {
 		Assert.isTrue(StringUtils.hasText(url), "Url cannot be empty");
 		this.domain = StringUtils.hasText(domain) ? domain.toLowerCase() : null;
 		this.url = url;
@@ -140,8 +150,7 @@ public final class ActiveDirectoryLdapAuthenticationProvider extends
 	}
 
 	@Override
-	protected DirContextOperations doAuthentication(
-			UsernamePasswordAuthenticationToken auth) {
+	protected DirContextOperations doAuthentication(UsernamePasswordAuthenticationToken auth) {
 		String username = auth.getName();
 		String password = (String) auth.getCredentials();
 		DirContext ctx = null;
@@ -154,8 +163,7 @@ public final class ActiveDirectoryLdapAuthenticationProvider extends
 			throw badLdapConnection(e);
 		}
 		catch (NamingException e) {
-			logger.error("Failed to locate directory entry for authenticated user: "
-					+ username, e);
+			logger.error("Failed to locate directory entry for authenticated user: " + username, e);
 			throw badCredentials(e);
 		}
 		finally {
@@ -168,8 +176,8 @@ public final class ActiveDirectoryLdapAuthenticationProvider extends
 	 * obtained from the user's Active Directory entry.
 	 */
 	@Override
-	protected Collection<? extends GrantedAuthority> loadUserAuthorities(
-			DirContextOperations userData, String username, String password) {
+	protected Collection<? extends GrantedAuthority> loadUserAuthorities(DirContextOperations userData, String username,
+			String password) {
 		String[] groups = userData.getStringAttributes("memberOf");
 
 		if (groups == null) {
@@ -182,12 +190,10 @@ public final class ActiveDirectoryLdapAuthenticationProvider extends
 			logger.debug("'memberOf' attribute values: " + Arrays.asList(groups));
 		}
 
-		ArrayList<GrantedAuthority> authorities = new ArrayList<>(
-				groups.length);
+		ArrayList<GrantedAuthority> authorities = new ArrayList<>(groups.length);
 
 		for (String group : groups) {
-			authorities.add(new SimpleGrantedAuthority(new DistinguishedName(group)
-					.removeLast().getValue()));
+			authorities.add(new SimpleGrantedAuthority(new DistinguishedName(group).removeLast().getValue()));
 		}
 
 		return authorities;
@@ -211,11 +217,11 @@ public final class ActiveDirectoryLdapAuthenticationProvider extends
 			return contextFactory.createContext(env);
 		}
 		catch (NamingException e) {
-			if ((e instanceof AuthenticationException)
-					|| (e instanceof OperationNotSupportedException)) {
+			if ((e instanceof AuthenticationException) || (e instanceof OperationNotSupportedException)) {
 				handleBindException(bindPrincipal, e);
 				throw badCredentials(e);
-			} else {
+			}
+			else {
 				throw LdapUtils.convertLdapException(e);
 			}
 		}
@@ -235,8 +241,7 @@ public final class ActiveDirectoryLdapAuthenticationProvider extends
 			return;
 		}
 
-		logger.info("Active Directory authentication failed: "
-				+ subCodeToLogMessage(subErrorCode));
+		logger.info("Active Directory authentication failed: " + subCodeToLogMessage(subErrorCode));
 
 		if (convertSubErrorCodesToExceptions) {
 			raiseExceptionForErrorCode(subErrorCode, exception);
@@ -263,23 +268,20 @@ public final class ActiveDirectoryLdapAuthenticationProvider extends
 
 	private void raiseExceptionForErrorCode(int code, NamingException exception) {
 		String hexString = Integer.toHexString(code);
-		Throwable cause = new ActiveDirectoryAuthenticationException(hexString,
-				exception.getMessage(), exception);
+		Throwable cause = new ActiveDirectoryAuthenticationException(hexString, exception.getMessage(), exception);
 		switch (code) {
 		case PASSWORD_EXPIRED:
-			throw new CredentialsExpiredException(messages.getMessage(
-					"LdapAuthenticationProvider.credentialsExpired",
+			throw new CredentialsExpiredException(messages.getMessage("LdapAuthenticationProvider.credentialsExpired",
 					"User credentials have expired"), cause);
 		case ACCOUNT_DISABLED:
-			throw new DisabledException(messages.getMessage(
-					"LdapAuthenticationProvider.disabled", "User is disabled"), cause);
-		case ACCOUNT_EXPIRED:
-			throw new AccountExpiredException(messages.getMessage(
-					"LdapAuthenticationProvider.expired", "User account has expired"),
+			throw new DisabledException(messages.getMessage("LdapAuthenticationProvider.disabled", "User is disabled"),
 					cause);
+		case ACCOUNT_EXPIRED:
+			throw new AccountExpiredException(
+					messages.getMessage("LdapAuthenticationProvider.expired", "User account has expired"), cause);
 		case ACCOUNT_LOCKED:
-			throw new LockedException(messages.getMessage(
-					"LdapAuthenticationProvider.locked", "User account is locked"), cause);
+			throw new LockedException(
+					messages.getMessage("LdapAuthenticationProvider.locked", "User account is locked"), cause);
 		default:
 			throw badCredentials(cause);
 		}
@@ -309,8 +311,8 @@ public final class ActiveDirectoryLdapAuthenticationProvider extends
 	}
 
 	private BadCredentialsException badCredentials() {
-		return new BadCredentialsException(messages.getMessage(
-				"LdapAuthenticationProvider.badCredentials", "Bad credentials"));
+		return new BadCredentialsException(
+				messages.getMessage("LdapAuthenticationProvider.badCredentials", "Bad credentials"));
 	}
 
 	private BadCredentialsException badCredentials(Throwable cause) {
@@ -319,23 +321,19 @@ public final class ActiveDirectoryLdapAuthenticationProvider extends
 
 	private InternalAuthenticationServiceException badLdapConnection(Throwable cause) {
 		return new InternalAuthenticationServiceException(messages.getMessage(
-				"LdapAuthenticationProvider.badLdapConnection",
-				"Connection to LDAP server failed."), cause);
+				"LdapAuthenticationProvider.badLdapConnection", "Connection to LDAP server failed."), cause);
 	}
 
-	private DirContextOperations searchForUser(DirContext context, String username)
-			throws NamingException {
+	private DirContextOperations searchForUser(DirContext context, String username) throws NamingException {
 		SearchControls searchControls = new SearchControls();
 		searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE);
 
 		String bindPrincipal = createBindPrincipal(username);
-		String searchRoot = rootDn != null ? rootDn
-				: searchRootFromPrincipal(bindPrincipal);
+		String searchRoot = rootDn != null ? rootDn : searchRootFromPrincipal(bindPrincipal);
 
 		try {
-			return SpringSecurityLdapTemplate.searchForSingleEntryInternal(context,
-					searchControls, searchRoot, searchFilter,
-					new Object[] { bindPrincipal, username });
+			return SpringSecurityLdapTemplate.searchForSingleEntryInternal(context, searchControls, searchRoot,
+					searchFilter, new Object[] { bindPrincipal, username });
 		}
 		catch (CommunicationException ldapCommunicationException) {
 			throw badLdapConnection(ldapCommunicationException);
@@ -362,8 +360,7 @@ public final class ActiveDirectoryLdapAuthenticationProvider extends
 			throw badCredentials();
 		}
 
-		return rootDnFromDomain(bindPrincipal.substring(atChar + 1,
-				bindPrincipal.length()));
+		return rootDnFromDomain(bindPrincipal.substring(atChar + 1, bindPrincipal.length()));
 	}
 
 	private String rootDnFromDomain(String domain) {
@@ -398,12 +395,10 @@ public final class ActiveDirectoryLdapAuthenticationProvider extends
 	 * {@link AccountExpiredException} or {@link LockedException} will be thrown for the
 	 * corresponding codes. All other codes will result in the default
 	 * {@code BadCredentialsException}.
-	 *
 	 * @param convertSubErrorCodesToExceptions {@code true} to raise an exception based on
 	 * the AD error code.
 	 */
-	public void setConvertSubErrorCodesToExceptions(
-			boolean convertSubErrorCodesToExceptions) {
+	public void setConvertSubErrorCodesToExceptions(boolean convertSubErrorCodesToExceptions) {
 		this.convertSubErrorCodesToExceptions = convertSubErrorCodesToExceptions;
 	}
 
@@ -414,7 +409,6 @@ public final class ActiveDirectoryLdapAuthenticationProvider extends
 	 * <p>
 	 * Defaults to: {@code (&(objectClass=user)(userPrincipalName={0}))}
 	 * </p>
-	 *
 	 * @param searchFilter the filter string
 	 *
 	 * @since 3.2.6
@@ -426,8 +420,8 @@ public final class ActiveDirectoryLdapAuthenticationProvider extends
 
 	/**
 	 * Allows a custom environment properties to be used to create initial LDAP context.
-	 *
-	 * @param environment the additional environment parameters to use when creating the LDAP Context
+	 * @param environment the additional environment parameters to use when creating the
+	 * LDAP Context
 	 */
 	public void setContextEnvironmentProperties(Map<String, Object> environment) {
 		Assert.notEmpty(environment, "environment must not be empty");
@@ -435,8 +429,11 @@ public final class ActiveDirectoryLdapAuthenticationProvider extends
 	}
 
 	static class ContextFactory {
+
 		DirContext createContext(Hashtable<?, ?> env) throws NamingException {
 			return new InitialLdapContext(env, null);
 		}
+
 	}
+
 }
diff --git a/ldap/src/main/java/org/springframework/security/ldap/authentication/package-info.java b/ldap/src/main/java/org/springframework/security/ldap/authentication/package-info.java
index fee0732440..b1331c2ed2 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/authentication/package-info.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/authentication/package-info.java
@@ -14,13 +14,11 @@
  * limitations under the License.
  */
 /**
- * The LDAP authentication provider package. Interfaces are provided for
- * both authentication and retrieval of user roles from an LDAP server.
+ * The LDAP authentication provider package. Interfaces are provided for both
+ * authentication and retrieval of user roles from an LDAP server.
  * <p>
- * The main provider class is <tt>LdapAuthenticationProvider</tt>.
- * This is configured with an <tt>LdapAuthenticator</tt> instance and
- * an <tt>LdapAuthoritiesPopulator</tt>. The latter is used to obtain the
- * list of roles for the user.
+ * The main provider class is <tt>LdapAuthenticationProvider</tt>. This is configured with
+ * an <tt>LdapAuthenticator</tt> instance and an <tt>LdapAuthoritiesPopulator</tt>. The
+ * latter is used to obtain the list of roles for the user.
  */
 package org.springframework.security.ldap.authentication;
-
diff --git a/ldap/src/main/java/org/springframework/security/ldap/package-info.java b/ldap/src/main/java/org/springframework/security/ldap/package-info.java
index 70dc7c7526..75cb5f4eeb 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/package-info.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/package-info.java
@@ -17,4 +17,3 @@
  * Spring Security's LDAP module.
  */
 package org.springframework.security.ldap;
-
diff --git a/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyAwareContextSource.java b/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyAwareContextSource.java
index 249f3736a0..173582036d 100755
--- a/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyAwareContextSource.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyAwareContextSource.java
@@ -44,8 +44,7 @@ public class PasswordPolicyAwareContextSource extends DefaultSpringSecurityConte
 	}
 
 	@Override
-	public DirContext getContext(String principal, String credentials)
-			throws PasswordPolicyException {
+	public DirContext getContext(String principal, String credentials) throws PasswordPolicyException {
 		if (principal.equals(userDn)) {
 			return super.getContext(principal, credentials);
 		}
@@ -53,8 +52,7 @@ public class PasswordPolicyAwareContextSource extends DefaultSpringSecurityConte
 		final boolean debug = logger.isDebugEnabled();
 
 		if (debug) {
-			logger.debug("Binding as '" + userDn + "', prior to reconnect as user '"
-					+ principal + "'");
+			logger.debug("Binding as '" + userDn + "', prior to reconnect as user '" + principal + "'");
 		}
 
 		// First bind as manager user before rebinding as the specific principal.
@@ -68,8 +66,7 @@ public class PasswordPolicyAwareContextSource extends DefaultSpringSecurityConte
 			ctx.reconnect(rctls);
 		}
 		catch (javax.naming.NamingException ne) {
-			PasswordPolicyResponseControl ctrl = PasswordPolicyControlExtractor
-					.extractControl(ctx);
+			PasswordPolicyResponseControl ctrl = PasswordPolicyControlExtractor.extractControl(ctx);
 			if (debug) {
 				logger.debug("Failed to obtain context", ne);
 				logger.debug("Password policy response: " + ctrl);
@@ -87,8 +84,7 @@ public class PasswordPolicyAwareContextSource extends DefaultSpringSecurityConte
 		}
 
 		if (debug) {
-			logger.debug("PPolicy control returned: "
-					+ PasswordPolicyControlExtractor.extractControl(ctx));
+			logger.debug("PPolicy control returned: " + PasswordPolicyControlExtractor.extractControl(ctx));
 		}
 
 		return ctx;
@@ -99,9 +95,9 @@ public class PasswordPolicyAwareContextSource extends DefaultSpringSecurityConte
 	protected Hashtable getAuthenticatedEnv(String principal, String credentials) {
 		Hashtable env = super.getAuthenticatedEnv(principal, credentials);
 
-		env.put(LdapContext.CONTROL_FACTORIES,
-				PasswordPolicyControlFactory.class.getName());
+		env.put(LdapContext.CONTROL_FACTORIES, PasswordPolicyControlFactory.class.getName());
 
 		return env;
 	}
+
 }
diff --git a/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControl.java b/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControl.java
index 9d45957fa3..4e070a0337 100755
--- a/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControl.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControl.java
@@ -28,10 +28,10 @@ import javax.naming.ldap.Control;
  *
  * @author Stefan Zoerner
  * @author Luke Taylor
- *
  * @see PasswordPolicyResponseControl
  */
 public class PasswordPolicyControl implements Control {
+
 	// ~ Static fields/initializers
 	// =====================================================================================
 
@@ -55,7 +55,6 @@ public class PasswordPolicyControl implements Control {
 
 	/**
 	 * Creates a (request) control.
-	 *
 	 * @param critical indicates whether the control is critical for the client
 	 */
 	public PasswordPolicyControl(boolean critical) {
@@ -68,7 +67,6 @@ public class PasswordPolicyControl implements Control {
 	/**
 	 * Retrieves the ASN.1 BER encoded value of the LDAP control. The request value for
 	 * this control is always empty.
-	 *
 	 * @return always null
 	 */
 	public byte[] getEncodedValue() {
@@ -88,4 +86,5 @@ public class PasswordPolicyControl implements Control {
 	public boolean isCritical() {
 		return critical;
 	}
+
 }
diff --git a/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControlExtractor.java b/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControlExtractor.java
index 715972ecf9..b69802d368 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControlExtractor.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControlExtractor.java
@@ -29,8 +29,8 @@ import org.apache.commons.logging.LogFactory;
  * @since 3.0
  */
 public class PasswordPolicyControlExtractor {
-	private static final Log logger = LogFactory
-			.getLog(PasswordPolicyControlExtractor.class);
+
+	private static final Log logger = LogFactory.getLog(PasswordPolicyControlExtractor.class);
 
 	public static PasswordPolicyResponseControl extractControl(DirContext dirCtx) {
 		LdapContext ctx = (LdapContext) dirCtx;
diff --git a/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControlFactory.java b/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControlFactory.java
index 8584e1e42e..ea8d3927e9 100755
--- a/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControlFactory.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControlFactory.java
@@ -26,6 +26,7 @@ import javax.naming.ldap.ControlFactory;
  * @author Luke Taylor
  */
 public class PasswordPolicyControlFactory extends ControlFactory {
+
 	// ~ Methods
 	// ========================================================================================================
 
@@ -33,9 +34,7 @@ public class PasswordPolicyControlFactory extends ControlFactory {
 	 * Creates an instance of PasswordPolicyResponseControl if the passed control is a
 	 * response control of this type. Attributes of the result are filled with the correct
 	 * values (e.g. error code).
-	 *
 	 * @param ctl the control the check
-	 *
 	 * @return a response control of type PasswordPolicyResponseControl, or null
 	 */
 	public Control getControlInstance(Control ctl) {
@@ -45,4 +44,5 @@ public class PasswordPolicyControlFactory extends ControlFactory {
 
 		return null;
 	}
+
 }
diff --git a/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyData.java b/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyData.java
index 0a69477b9f..343744e3c1 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyData.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyData.java
@@ -20,7 +20,9 @@ package org.springframework.security.ldap.ppolicy;
  * @since 3.0
  */
 public interface PasswordPolicyData {
+
 	int getTimeBeforeExpiration();
 
 	int getGraceLoginsRemaining();
+
 }
diff --git a/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyErrorStatus.java b/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyErrorStatus.java
index 02a289e29a..a9e52267a6 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyErrorStatus.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyErrorStatus.java
@@ -39,20 +39,24 @@ package org.springframework.security.ldap.ppolicy;
  * @since 3.0
  */
 public enum PasswordPolicyErrorStatus {
-	PASSWORD_EXPIRED("ppolicy.expired", "Your password has expired"), ACCOUNT_LOCKED(
-			"ppolicy.locked", "Account is locked"), CHANGE_AFTER_RESET(
-			"ppolicy.change.after.reset",
-			"Your password must be changed after being reset"), PASSWORD_MOD_NOT_ALLOWED(
-			"ppolicy.mod.not.allowed", "Password cannot be changed"), MUST_SUPPLY_OLD_PASSWORD(
-			"ppolicy.must.supply.old.password", "The old password must be supplied"), INSUFFICIENT_PASSWORD_QUALITY(
-			"ppolicy.insufficient.password.quality",
-			"The supplied password is of insufficient quality"), PASSWORD_TOO_SHORT(
-			"ppolicy.password.too.short", "The supplied password is too short"), PASSWORD_TOO_YOUNG(
-			"ppolicy.password.too.young",
-			"Your password was changed too recently to be changed again"), PASSWORD_IN_HISTORY(
-			"ppolicy.password.in.history", "The supplied password has already been used");
+
+	PASSWORD_EXPIRED("ppolicy.expired", "Your password has expired"), ACCOUNT_LOCKED("ppolicy.locked",
+			"Account is locked"), CHANGE_AFTER_RESET("ppolicy.change.after.reset",
+					"Your password must be changed after being reset"), PASSWORD_MOD_NOT_ALLOWED(
+							"ppolicy.mod.not.allowed",
+							"Password cannot be changed"), MUST_SUPPLY_OLD_PASSWORD("ppolicy.must.supply.old.password",
+									"The old password must be supplied"), INSUFFICIENT_PASSWORD_QUALITY(
+											"ppolicy.insufficient.password.quality",
+											"The supplied password is of insufficient quality"), PASSWORD_TOO_SHORT(
+													"ppolicy.password.too.short",
+													"The supplied password is too short"), PASSWORD_TOO_YOUNG(
+															"ppolicy.password.too.young",
+															"Your password was changed too recently to be changed again"), PASSWORD_IN_HISTORY(
+																	"ppolicy.password.in.history",
+																	"The supplied password has already been used");
 
 	private final String errorCode;
+
 	private final String defaultMessage;
 
 	PasswordPolicyErrorStatus(String errorCode, String defaultMessage) {
@@ -67,4 +71,5 @@ public enum PasswordPolicyErrorStatus {
 	public String getDefaultMessage() {
 		return defaultMessage;
 	}
+
 }
diff --git a/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyException.java b/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyException.java
index c276a71b02..62d4106d1b 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyException.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyException.java
@@ -25,6 +25,7 @@ package org.springframework.security.ldap.ppolicy;
  * @since 3.0
  */
 public class PasswordPolicyException extends RuntimeException {
+
 	private final PasswordPolicyErrorStatus status;
 
 	public PasswordPolicyException(PasswordPolicyErrorStatus status) {
@@ -35,4 +36,5 @@ public class PasswordPolicyException extends RuntimeException {
 	public PasswordPolicyErrorStatus getStatus() {
 		return status;
 	}
+
 }
diff --git a/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyResponseControl.java b/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyResponseControl.java
index f2c92d7b64..103df7161d 100755
--- a/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyResponseControl.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyResponseControl.java
@@ -41,20 +41,19 @@ import org.springframework.dao.DataRetrievalFailureException;
  * <tt>graceLoginsRemaining</tt>.
  * <p>
  *
- *
  * @author Stefan Zoerner
  * @author Luke Taylor
- *
  * @see org.springframework.security.ldap.ppolicy.PasswordPolicyControl
- * @see <a href="https://www.ibm.com/developerworks/tivoli/library/t-ldap-controls/">Stefan
- * Zoerner's IBM developerworks article on LDAP controls.</a>
+ * @see <a href=
+ * "https://www.ibm.com/developerworks/tivoli/library/t-ldap-controls/">Stefan Zoerner's
+ * IBM developerworks article on LDAP controls.</a>
  */
 public class PasswordPolicyResponseControl extends PasswordPolicyControl {
+
 	// ~ Static fields/initializers
 	// =====================================================================================
 
-	private static final Log logger = LogFactory
-			.getLog(PasswordPolicyResponseControl.class);
+	private static final Log logger = LogFactory.getLog(PasswordPolicyResponseControl.class);
 
 	// ~ Instance fields
 	// ================================================================================================
@@ -64,6 +63,7 @@ public class PasswordPolicyResponseControl extends PasswordPolicyControl {
 	private PasswordPolicyErrorStatus errorStatus;
 
 	private int graceLoginsRemaining = Integer.MAX_VALUE;
+
 	private int timeBeforeExpiration = Integer.MAX_VALUE;
 
 	// ~ Constructors
@@ -116,7 +116,6 @@ public class PasswordPolicyResponseControl extends PasswordPolicyControl {
 
 	/**
 	 * Returns the graceLoginsRemaining.
-	 *
 	 * @return Returns the graceLoginsRemaining.
 	 */
 	public int getGraceLoginsRemaining() {
@@ -125,7 +124,6 @@ public class PasswordPolicyResponseControl extends PasswordPolicyControl {
 
 	/**
 	 * Returns the timeBeforeExpiration.
-	 *
 	 * @return Returns the time before expiration in seconds
 	 */
 	public int getTimeBeforeExpiration() {
@@ -134,7 +132,6 @@ public class PasswordPolicyResponseControl extends PasswordPolicyControl {
 
 	/**
 	 * Checks whether an error is present.
-	 *
 	 * @return true, if an error is present
 	 */
 	public boolean hasError() {
@@ -143,12 +140,10 @@ public class PasswordPolicyResponseControl extends PasswordPolicyControl {
 
 	/**
 	 * Checks whether a warning is present.
-	 *
 	 * @return true, if a warning is present
 	 */
 	public boolean hasWarning() {
-		return (this.graceLoginsRemaining != Integer.MAX_VALUE)
-				|| (this.timeBeforeExpiration != Integer.MAX_VALUE);
+		return (this.graceLoginsRemaining != Integer.MAX_VALUE) || (this.timeBeforeExpiration != Integer.MAX_VALUE);
 	}
 
 	public boolean isExpired() {
@@ -165,7 +160,6 @@ public class PasswordPolicyResponseControl extends PasswordPolicyControl {
 
 	/**
 	 * Determines whether an account locked error has been returned.
-	 *
 	 * @return true if the account is locked.
 	 */
 	public boolean isLocked() {
@@ -175,7 +169,6 @@ public class PasswordPolicyResponseControl extends PasswordPolicyControl {
 	/**
 	 * Create a textual representation containing error and warning messages, if any are
 	 * present.
-	 *
 	 * @return error and warning messages
 	 */
 	@Override
@@ -187,13 +180,11 @@ public class PasswordPolicyResponseControl extends PasswordPolicyControl {
 		}
 
 		if (this.graceLoginsRemaining != Integer.MAX_VALUE) {
-			sb.append(", warning: ").append(this.graceLoginsRemaining)
-					.append(" grace logins remain");
+			sb.append(", warning: ").append(this.graceLoginsRemaining).append(" grace logins remain");
 		}
 
 		if (this.timeBeforeExpiration != Integer.MAX_VALUE) {
-			sb.append(", warning: time before expiration is ")
-					.append(this.timeBeforeExpiration);
+			sb.append(", warning: time before expiration is ").append(this.timeBeforeExpiration);
 		}
 
 		if (!hasError() && !hasWarning()) {
@@ -207,7 +198,9 @@ public class PasswordPolicyResponseControl extends PasswordPolicyControl {
 	// ===============================================================================================
 
 	private interface PPolicyDecoder {
+
 		void decode() throws IOException;
+
 	}
 
 	// ~ Inner Classes
@@ -217,19 +210,16 @@ public class PasswordPolicyResponseControl extends PasswordPolicyControl {
 	 * Decoder based on Netscape ldapsdk library
 	 */
 	private class NetscapeDecoder implements PPolicyDecoder {
+
 		public void decode() throws IOException {
 			int[] bread = { 0 };
-			BERSequence seq = (BERSequence) BERElement
-					.getElement(new SpecificTagDecoder(),
-							new ByteArrayInputStream(
-									PasswordPolicyResponseControl.this.encodedValue),
-							bread);
+			BERSequence seq = (BERSequence) BERElement.getElement(new SpecificTagDecoder(),
+					new ByteArrayInputStream(PasswordPolicyResponseControl.this.encodedValue), bread);
 
 			int size = seq.size();
 
 			if (logger.isDebugEnabled()) {
-				logger.debug("PasswordPolicyResponse, ASN.1 sequence has " + size
-						+ " elements");
+				logger.debug("PasswordPolicyResponse, ASN.1 sequence has " + size + " elements");
 			}
 
 			for (int i = 0; i < seq.size(); i++) {
@@ -252,20 +242,20 @@ public class PasswordPolicyResponseControl extends PasswordPolicyControl {
 				}
 				else if (tag == 1) {
 					BERIntegral error = (BERIntegral) elt.getValue();
-					PasswordPolicyResponseControl.this.errorStatus = PasswordPolicyErrorStatus
-							.values()[error.getValue()];
+					PasswordPolicyResponseControl.this.errorStatus = PasswordPolicyErrorStatus.values()[error
+							.getValue()];
 				}
 			}
 		}
 
 		class SpecificTagDecoder extends BERTagDecoder {
+
 			/** Allows us to remember which of the two options we're decoding */
 			private Boolean inChoice = null;
 
 			@Override
-			public BERElement getElement(BERTagDecoder decoder, int tag,
-					InputStream stream, int[] bytesRead, boolean[] implicit)
-							throws IOException {
+			public BERElement getElement(BERTagDecoder decoder, int tag, InputStream stream, int[] bytesRead,
+					boolean[] implicit) throws IOException {
 				tag &= 0x1F;
 				implicit[0] = false;
 
@@ -278,8 +268,7 @@ public class PasswordPolicyResponseControl extends PasswordPolicyControl {
 						BERElement.readLengthOctets(stream, bytesRead);
 
 						int[] componentLength = new int[1];
-						BERElement choice = new BERChoice(decoder, stream,
-								componentLength);
+						BERElement choice = new BERChoice(decoder, stream, componentLength);
 						bytesRead[0] += componentLength[0];
 
 						// inChoice = null;
@@ -312,7 +301,9 @@ public class PasswordPolicyResponseControl extends PasswordPolicyControl {
 			private void setInChoice(boolean inChoice) {
 				this.inChoice = inChoice;
 			}
+
 		}
+
 	}
 
 	/** Decoder based on the OpenLDAP/Novell JLDAP library */
@@ -377,4 +368,5 @@ public class PasswordPolicyResponseControl extends PasswordPolicyControl {
 	// }
 	// }
 	// }
+
 }
diff --git a/ldap/src/main/java/org/springframework/security/ldap/ppolicy/package-info.java b/ldap/src/main/java/org/springframework/security/ldap/ppolicy/package-info.java
index 8bbbc99b7a..398ff32cbc 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/ppolicy/package-info.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/ppolicy/package-info.java
@@ -14,11 +14,11 @@
  * limitations under the License.
  */
 /**
- * Implementation of password policy functionality based on the
- * <a href="https://tools.ietf.org/draft/draft-behera-ldap-password-policy/draft-behera-ldap-password-policy-09.txt">
+ * Implementation of password policy functionality based on the <a href=
+ * "https://tools.ietf.org/draft/draft-behera-ldap-password-policy/draft-behera-ldap-password-policy-09.txt">
  * Password Policy for LDAP Directories</a>.
  * <p>
- * This code will not work with servers such as Active Directory, which do not implement this standard.
+ * This code will not work with servers such as Active Directory, which do not implement
+ * this standard.
  */
 package org.springframework.security.ldap.ppolicy;
-
diff --git a/ldap/src/main/java/org/springframework/security/ldap/search/FilterBasedLdapUserSearch.java b/ldap/src/main/java/org/springframework/security/ldap/search/FilterBasedLdapUserSearch.java
index b58b884f00..dcb8de53ce 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/search/FilterBasedLdapUserSearch.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/search/FilterBasedLdapUserSearch.java
@@ -37,10 +37,10 @@ import javax.naming.directory.SearchControls;
  *
  * @author Robert Sanders
  * @author Luke Taylor
- *
  * @see SearchControls
  */
 public class FilterBasedLdapUserSearch implements LdapUserSearch {
+
 	// ~ Static fields/initializers
 	// =====================================================================================
 
@@ -57,7 +57,9 @@ public class FilterBasedLdapUserSearch implements LdapUserSearch {
 	 */
 	private final SearchControls searchControls = new SearchControls();
 
-	/** Context name to search in, relative to the base of the configured ContextSource. */
+	/**
+	 * Context name to search in, relative to the base of the configured ContextSource.
+	 */
 	private String searchBase = "";
 
 	/**
@@ -79,12 +81,10 @@ public class FilterBasedLdapUserSearch implements LdapUserSearch {
 	// ~ Constructors
 	// ===================================================================================================
 
-	public FilterBasedLdapUserSearch(String searchBase, String searchFilter,
-			BaseLdapPathContextSource contextSource) {
+	public FilterBasedLdapUserSearch(String searchBase, String searchFilter, BaseLdapPathContextSource contextSource) {
 		Assert.notNull(contextSource, "contextSource must not be null");
 		Assert.notNull(searchFilter, "searchFilter must not be null.");
-		Assert.notNull(searchBase,
-				"searchBase must not be null (an empty string is acceptable).");
+		Assert.notNull(searchBase, "searchBase must not be null (an empty string is acceptable).");
 
 		this.searchFilter = searchFilter;
 		this.contextSource = contextSource;
@@ -93,8 +93,8 @@ public class FilterBasedLdapUserSearch implements LdapUserSearch {
 		setSearchSubtree(true);
 
 		if (searchBase.length() == 0) {
-			logger.info("SearchBase not set. Searches will be performed from the root: "
-					+ contextSource.getBaseLdapPath());
+			logger.info(
+					"SearchBase not set. Searches will be performed from the root: " + contextSource.getBaseLdapPath());
 		}
 	}
 
@@ -103,36 +103,29 @@ public class FilterBasedLdapUserSearch implements LdapUserSearch {
 
 	/**
 	 * Return the LdapUserDetails containing the user's information
-	 *
 	 * @param username the username to search for.
-	 *
 	 * @return An LdapUserDetails object containing the details of the located user's
 	 * directory entry
-	 *
 	 * @throws UsernameNotFoundException if no matching entry is found.
 	 */
 	@Override
 	public DirContextOperations searchForUser(String username) {
 		if (logger.isDebugEnabled()) {
-			logger.debug("Searching for user '" + username + "', with user search "
-					+ this);
+			logger.debug("Searching for user '" + username + "', with user search " + this);
 		}
 
-		SpringSecurityLdapTemplate template = new SpringSecurityLdapTemplate(
-				contextSource);
+		SpringSecurityLdapTemplate template = new SpringSecurityLdapTemplate(contextSource);
 
 		template.setSearchControls(searchControls);
 
 		try {
 
-			return template.searchForSingleEntry(searchBase, searchFilter,
-					new String[] { username });
+			return template.searchForSingleEntry(searchBase, searchFilter, new String[] { username });
 
 		}
 		catch (IncorrectResultSizeDataAccessException notFound) {
 			if (notFound.getActualSize() == 0) {
-				throw new UsernameNotFoundException("User " + username
-						+ " not found in directory.");
+				throw new UsernameNotFoundException("User " + username + " not found in directory.");
 			}
 			// Search should never return multiple results if properly configured, so just
 			// rethrow
@@ -143,7 +136,6 @@ public class FilterBasedLdapUserSearch implements LdapUserSearch {
 	/**
 	 * Sets the corresponding property on the {@link SearchControls} instance used in the
 	 * search.
-	 *
 	 * @param deref the derefLinkFlag value as defined in SearchControls..
 	 */
 	public void setDerefLinkFlag(boolean deref) {
@@ -153,18 +145,15 @@ public class FilterBasedLdapUserSearch implements LdapUserSearch {
 	/**
 	 * If true then searches the entire subtree as identified by context, if false (the
 	 * default) then only searches the level identified by the context.
-	 *
 	 * @param searchSubtree true the underlying search controls should be set to
 	 * SearchControls.SUBTREE_SCOPE rather than SearchControls.ONELEVEL_SCOPE.
 	 */
 	public void setSearchSubtree(boolean searchSubtree) {
-		searchControls.setSearchScope(searchSubtree ? SearchControls.SUBTREE_SCOPE
-				: SearchControls.ONELEVEL_SCOPE);
+		searchControls.setSearchScope(searchSubtree ? SearchControls.SUBTREE_SCOPE : SearchControls.ONELEVEL_SCOPE);
 	}
 
 	/**
 	 * The time to wait before the search fails; the default is zero, meaning forever.
-	 *
 	 * @param searchTimeLimit the time limit for the search (in milliseconds).
 	 */
 	public void setSearchTimeLimit(int searchTimeLimit) {
@@ -176,7 +165,6 @@ public class FilterBasedLdapUserSearch implements LdapUserSearch {
 	 * <p>
 	 * null indicates that all attributes will be returned. An empty array indicates no
 	 * attributes are returned.
-	 *
 	 * @param attrs An array of attribute names identifying the attributes that will be
 	 * returned. Can be null.
 	 */
@@ -191,11 +179,10 @@ public class FilterBasedLdapUserSearch implements LdapUserSearch {
 		sb.append("[ searchFilter: '").append(searchFilter).append("', ");
 		sb.append("searchBase: '").append(searchBase).append("'");
 		sb.append(", scope: ")
-				.append(searchControls.getSearchScope() == SearchControls.SUBTREE_SCOPE ? "subtree"
-						: "single-level, ");
+				.append(searchControls.getSearchScope() == SearchControls.SUBTREE_SCOPE ? "subtree" : "single-level, ");
 		sb.append(", searchTimeLimit: ").append(searchControls.getTimeLimit());
-		sb.append(", derefLinkFlag: ").append(searchControls.getDerefLinkFlag())
-				.append(" ]");
+		sb.append(", derefLinkFlag: ").append(searchControls.getDerefLinkFlag()).append(" ]");
 		return sb.toString();
 	}
+
 }
diff --git a/ldap/src/main/java/org/springframework/security/ldap/search/LdapUserSearch.java b/ldap/src/main/java/org/springframework/security/ldap/search/LdapUserSearch.java
index e0d86b8eaf..73524f679f 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/search/LdapUserSearch.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/search/LdapUserSearch.java
@@ -28,19 +28,19 @@ import org.springframework.security.core.userdetails.UsernameNotFoundException;
  * @author Luke Taylor
  */
 public interface LdapUserSearch {
+
 	// ~ Methods
 	// ========================================================================================================
 
 	/**
 	 * Locates a single user in the directory and returns the LDAP information for that
 	 * user.
-	 *
 	 * @param username the login name supplied to the authentication service.
-	 *
 	 * @return a DirContextOperations object containing the user's full DN and requested
 	 * attributes.
 	 * @throws UsernameNotFoundException if no user with the supplied name could be
 	 * located by the search.
 	 */
 	DirContextOperations searchForUser(String username) throws UsernameNotFoundException;
+
 }
diff --git a/ldap/src/main/java/org/springframework/security/ldap/search/package-info.java b/ldap/src/main/java/org/springframework/security/ldap/search/package-info.java
index 0aa23b3e4e..bb8675406e 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/search/package-info.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/search/package-info.java
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 /**
- * {@code LdapUserSearch} implementations. These may be used to locate the user in the directory.
+ * {@code LdapUserSearch} implementations. These may be used to locate the user in the
+ * directory.
  */
 package org.springframework.security.ldap.search;
-
diff --git a/ldap/src/main/java/org/springframework/security/ldap/server/ApacheDSContainer.java b/ldap/src/main/java/org/springframework/security/ldap/server/ApacheDSContainer.java
index f02dd51edc..7b5401da77 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/server/ApacheDSContainer.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/server/ApacheDSContainer.java
@@ -65,8 +65,8 @@ import org.springframework.util.Assert;
  * application context is closed to allow the bean to be disposed of and the server
  * shutdown prior to attempting to start it again.
  * <p>
- * This class is intended for testing and internal security namespace use, only, and is not
- * considered part of the framework's public API.
+ * This class is intended for testing and internal security namespace use, only, and is
+ * not considered part of the framework's public API.
  *
  * @author Luke Taylor
  * @author Rob Winch
@@ -76,26 +76,36 @@ import org.springframework.util.Assert;
  * supported with no GA version to replace it.
  */
 @Deprecated
-public class ApacheDSContainer implements InitializingBean, DisposableBean, Lifecycle,
-		ApplicationContextAware {
+public class ApacheDSContainer implements InitializingBean, DisposableBean, Lifecycle, ApplicationContextAware {
+
 	private final Log logger = LogFactory.getLog(getClass());
 
 	final DefaultDirectoryService service;
+
 	LdapServer server;
 
 	private TcpTransport transport;
+
 	private ApplicationContext ctxt;
+
 	private File workingDir;
 
 	private boolean running;
+
 	private final String ldifResources;
+
 	private final JdbmPartition partition;
+
 	private final String root;
+
 	private int port = 53389;
+
 	private int localPort;
 
 	private boolean ldapOverSslEnabled;
+
 	private File keyStoreFile;
+
 	private String certificatePassord;
 
 	public ApacheDSContainer(String root, String ldifs) throws Exception {
@@ -150,9 +160,9 @@ public class ApacheDSContainer implements InitializingBean, DisposableBean, Life
 
 		this.transport = new TcpTransport(port);
 		if (ldapOverSslEnabled) {
-				transport.setEnableSSL(true);
-				server.setKeystoreFile(this.keyStoreFile.getAbsolutePath());
-				server.setCertificatePassword(this.certificatePassord);
+			transport.setEnableSSL(true);
+			server.setKeystoreFile(this.keyStoreFile.getAbsolutePath());
+			server.setCertificatePassword(this.certificatePassord);
 		}
 		server.setTransports(transport);
 		start();
@@ -162,24 +172,20 @@ public class ApacheDSContainer implements InitializingBean, DisposableBean, Life
 		stop();
 	}
 
-	public void setApplicationContext(ApplicationContext applicationContext)
-			throws BeansException {
+	public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
 		ctxt = applicationContext;
 	}
 
 	public void setWorkingDirectory(File workingDir) {
 		Assert.notNull(workingDir, "workingDir cannot be null");
 
-		logger.info("Setting working directory for LDAP_PROVIDER: "
-				+ workingDir.getAbsolutePath());
+		logger.info("Setting working directory for LDAP_PROVIDER: " + workingDir.getAbsolutePath());
 
 		if (workingDir.exists()) {
-			throw new IllegalArgumentException(
-					"The specified working directory '"
-							+ workingDir.getAbsolutePath()
-							+ "' already exists. Another directory service instance may be using it or it may be from a "
-							+ " previous unclean shutdown. Please confirm and delete it or configure a different "
-							+ "working directory");
+			throw new IllegalArgumentException("The specified working directory '" + workingDir.getAbsolutePath()
+					+ "' already exists. Another directory service instance may be using it or it may be from a "
+					+ " previous unclean shutdown. Please confirm and delete it or configure a different "
+					+ "working directory");
 		}
 
 		this.workingDir = workingDir;
@@ -197,7 +203,6 @@ public class ApacheDSContainer implements InitializingBean, DisposableBean, Life
 
 	/**
 	 * Returns the port that is resolved by {@link TcpTransport}.
-	 *
 	 * @return the port that is resolved by {@link TcpTransport}
 	 */
 	public int getLocalPort() {
@@ -207,7 +212,6 @@ public class ApacheDSContainer implements InitializingBean, DisposableBean, Life
 	/**
 	 * If set to {@code true} will enable LDAP over SSL (LDAPs). If set to {@code true}
 	 * {@link ApacheDSContainer#setCertificatePassord(String)} must be set as well.
-	 *
 	 * @param ldapOverSslEnabled If not set, will default to false
 	 */
 	public void setLdapOverSslEnabled(boolean ldapOverSslEnabled) {
@@ -215,7 +219,8 @@ public class ApacheDSContainer implements InitializingBean, DisposableBean, Life
 	}
 
 	/**
-	 * The keyStore must not be null and must be a valid file. Will set the keyStore file on the underlying {@link LdapServer}.
+	 * The keyStore must not be null and must be a valid file. Will set the keyStore file
+	 * on the underlying {@link LdapServer}.
 	 * @param keyStoreFile Mandatory if LDAPs is enabled
 	 */
 	public void setKeyStoreFile(File keyStoreFile) {
@@ -226,7 +231,6 @@ public class ApacheDSContainer implements InitializingBean, DisposableBean, Life
 
 	/**
 	 * Will set the certificate password on the underlying {@link LdapServer}.
-	 *
 	 * @param certificatePassord May be null
 	 */
 	public void setCertificatePassord(String certificatePassord) {
@@ -345,14 +349,13 @@ public class ApacheDSContainer implements InitializingBean, DisposableBean, Life
 				ldifFile = ldifs[0].getURI().toString();
 			}
 			logger.info("Loading LDIF file: " + ldifFile);
-			LdifFileLoader loader = new LdifFileLoader(service.getAdminSession(),
-					new File(ldifFile), null, getClass().getClassLoader());
+			LdifFileLoader loader = new LdifFileLoader(service.getAdminSession(), new File(ldifFile), null,
+					getClass().getClassLoader());
 			loader.execute();
 		}
 		else {
-			throw new IllegalArgumentException(
-					"More than one LDIF resource found with the supplied pattern:"
-							+ ldifResources + " Got " + Arrays.toString(ldifs));
+			throw new IllegalArgumentException("More than one LDIF resource found with the supplied pattern:"
+					+ ldifResources + " Got " + Arrays.toString(ldifs));
 		}
 	}
 
@@ -369,8 +372,8 @@ public class ApacheDSContainer implements InitializingBean, DisposableBean, Life
 			fileName = fileNamePrefix + "~" + i;
 		}
 
-		throw new IOException("Failed to create a temporary directory for file at "
-				+ new File(parentTempDir, fileNamePrefix));
+		throw new IOException(
+				"Failed to create a temporary directory for file at " + new File(parentTempDir, fileNamePrefix));
 	}
 
 	private boolean deleteDir(File dir) {
@@ -390,4 +393,5 @@ public class ApacheDSContainer implements InitializingBean, DisposableBean, Life
 	public boolean isRunning() {
 		return running;
 	}
+
 }
diff --git a/ldap/src/main/java/org/springframework/security/ldap/server/UnboundIdContainer.java b/ldap/src/main/java/org/springframework/security/ldap/server/UnboundIdContainer.java
index 9d5794be27..7055cf98ac 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/server/UnboundIdContainer.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/server/UnboundIdContainer.java
@@ -37,8 +37,7 @@ import org.springframework.util.StringUtils;
 /**
  * @author Eddú Meléndez
  */
-public class UnboundIdContainer implements InitializingBean, DisposableBean, Lifecycle,
-		ApplicationContextAware {
+public class UnboundIdContainer implements InitializingBean, DisposableBean, Lifecycle, ApplicationContextAware {
 
 	private InMemoryDirectoryServer directoryServer;
 
@@ -106,7 +105,8 @@ public class UnboundIdContainer implements InitializingBean, DisposableBean, Lif
 			this.port = directoryServer.getListenPort();
 			this.directoryServer = directoryServer;
 			this.running = true;
-		} catch (LDAPException ex) {
+		}
+		catch (LDAPException ex) {
 			throw new RuntimeException("Server startup failed", ex);
 		}
 
@@ -124,7 +124,8 @@ public class UnboundIdContainer implements InitializingBean, DisposableBean, Lif
 						directoryServer.importFromLDIF(false, new LDIFReader(inputStream));
 					}
 				}
-			} catch (Exception ex) {
+			}
+			catch (Exception ex) {
 				throw new IllegalStateException("Unable to load LDIF " + this.ldif, ex);
 			}
 		}
@@ -139,4 +140,5 @@ public class UnboundIdContainer implements InitializingBean, DisposableBean, Lif
 	public boolean isRunning() {
 		return this.running;
 	}
+
 }
diff --git a/ldap/src/main/java/org/springframework/security/ldap/server/package-info.java b/ldap/src/main/java/org/springframework/security/ldap/server/package-info.java
index 8b1c1f1484..00ac9262f7 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/server/package-info.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/server/package-info.java
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 /**
- * Embedded Apache Directory Server implementation, as used by the configuration namespace.
+ * Embedded Apache Directory Server implementation, as used by the configuration
+ * namespace.
  */
 package org.springframework.security.ldap.server;
-
diff --git a/ldap/src/main/java/org/springframework/security/ldap/userdetails/DefaultLdapAuthoritiesPopulator.java b/ldap/src/main/java/org/springframework/security/ldap/userdetails/DefaultLdapAuthoritiesPopulator.java
index 12f311f1c8..b0856d8d19 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/userdetails/DefaultLdapAuthoritiesPopulator.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/userdetails/DefaultLdapAuthoritiesPopulator.java
@@ -99,11 +99,11 @@ import org.springframework.util.Assert;
  * @author Filip Hanik
  */
 public class DefaultLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator {
+
 	// ~ Static fields/initializers
 	// =====================================================================================
 
-	private static final Log logger = LogFactory
-			.getLog(DefaultLdapAuthoritiesPopulator.class);
+	private static final Log logger = LogFactory.getLog(DefaultLdapAuthoritiesPopulator.class);
 
 	// ~ Instance fields
 	// ================================================================================================
@@ -160,13 +160,11 @@ public class DefaultLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator
 	/**
 	 * Constructor for group search scenarios. <tt>userRoleAttributes</tt> may still be
 	 * set as a property.
-	 *
 	 * @param contextSource supplies the contexts used to search for user roles.
 	 * @param groupSearchBase if this is an empty string the search will be performed from
 	 * the root DN of the context factory. If null, no search will be performed.
 	 */
-	public DefaultLdapAuthoritiesPopulator(ContextSource contextSource,
-			String groupSearchBase) {
+	public DefaultLdapAuthoritiesPopulator(ContextSource contextSource, String groupSearchBase) {
 		Assert.notNull(contextSource, "contextSource must not be null");
 		this.ldapTemplate = new SpringSecurityLdapTemplate(contextSource);
 		getLdapTemplate().setSearchControls(getSearchControls());
@@ -176,8 +174,7 @@ public class DefaultLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator
 			logger.info("groupSearchBase is null. No group search will be performed.");
 		}
 		else if (groupSearchBase.length() == 0) {
-			logger.info(
-					"groupSearchBase is empty. Searches will be performed from the context source base");
+			logger.info("groupSearchBase is empty. Searches will be performed from the context source base");
 		}
 
 		this.authorityMapper = record -> {
@@ -198,27 +195,23 @@ public class DefaultLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator
 	 * This method should be overridden if required to obtain any additional roles for the
 	 * given user (on top of those obtained from the standard search implemented by this
 	 * class).
-	 *
 	 * @param user the context representing the user who's roles are required
 	 * @return the extra roles which will be merged with those returned by the group
 	 * search
 	 */
 
-	protected Set<GrantedAuthority> getAdditionalRoles(DirContextOperations user,
-			String username) {
+	protected Set<GrantedAuthority> getAdditionalRoles(DirContextOperations user, String username) {
 		return null;
 	}
 
 	/**
 	 * Obtains the authorities for the user who's directory entry is represented by the
 	 * supplied LdapUserDetails object.
-	 *
 	 * @param user the user who's authorities are required
 	 * @return the set of roles granted to the user.
 	 */
 	@Override
-	public final Collection<GrantedAuthority> getGrantedAuthorities(
-			DirContextOperations user, String username) {
+	public final Collection<GrantedAuthority> getGrantedAuthorities(DirContextOperations user, String username) {
 		String userDn = user.getNameInNamespace();
 
 		if (logger.isDebugEnabled()) {
@@ -251,16 +244,13 @@ public class DefaultLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator
 		Set<GrantedAuthority> authorities = new HashSet<>();
 
 		if (logger.isDebugEnabled()) {
-			logger.debug("Searching for roles for user '" + username + "', DN = " + "'"
-					+ userDn + "', with filter " + this.groupSearchFilter
-					+ " in search base '" + getGroupSearchBase() + "'");
+			logger.debug("Searching for roles for user '" + username + "', DN = " + "'" + userDn + "', with filter "
+					+ this.groupSearchFilter + " in search base '" + getGroupSearchBase() + "'");
 		}
 
-		Set<Map<String, List<String>>> userRoles = getLdapTemplate()
-				.searchForMultipleAttributeValues(getGroupSearchBase(),
-						this.groupSearchFilter,
-						new String[] { userDn, username },
-						new String[] { this.groupRoleAttribute });
+		Set<Map<String, List<String>>> userRoles = getLdapTemplate().searchForMultipleAttributeValues(
+				getGroupSearchBase(), this.groupSearchFilter, new String[] { userDn, username },
+				new String[] { this.groupRoleAttribute });
 
 		if (logger.isDebugEnabled()) {
 			logger.debug("Roles from search: " + userRoles);
@@ -290,7 +280,6 @@ public class DefaultLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator
 
 	/**
 	 * The default role which will be assigned to all users.
-	 *
 	 * @param defaultRole the role name, including any desired prefix.
 	 */
 	public void setDefaultRole(String defaultRole) {
@@ -320,13 +309,11 @@ public class DefaultLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator
 	/**
 	 * If set to true, a subtree scope search will be performed. If false a single-level
 	 * search is used.
-	 *
 	 * @param searchSubtree set to true to enable searching of the entire tree below the
 	 * <tt>groupSearchBase</tt>.
 	 */
 	public void setSearchSubtree(boolean searchSubtree) {
-		int searchScope = searchSubtree ? SearchControls.SUBTREE_SCOPE
-				: SearchControls.ONELEVEL_SCOPE;
+		int searchScope = searchSubtree ? SearchControls.SUBTREE_SCOPE : SearchControls.ONELEVEL_SCOPE;
 		this.searchControls.setSearchScope(searchScope);
 	}
 
@@ -341,9 +328,8 @@ public class DefaultLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator
 	}
 
 	/**
-	 * Sets the mapping function which will be used to create instances of {@link GrantedAuthority}
-	 * given the context record.
-	 *
+	 * Sets the mapping function which will be used to create instances of
+	 * {@link GrantedAuthority} given the context record.
 	 * @param authorityMapper the mapping function
 	 */
 	public void setAuthorityMapper(Function<Map<String, List<String>>, GrantedAuthority> authorityMapper) {
@@ -419,4 +405,5 @@ public class DefaultLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator
 	private SearchControls getSearchControls() {
 		return this.searchControls;
 	}
+
 }
diff --git a/ldap/src/main/java/org/springframework/security/ldap/userdetails/InetOrgPerson.java b/ldap/src/main/java/org/springframework/security/ldap/userdetails/InetOrgPerson.java
index dc0969115b..4f28e05ae5 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/userdetails/InetOrgPerson.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/userdetails/InetOrgPerson.java
@@ -33,26 +33,43 @@ public class InetOrgPerson extends Person {
 	private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
 
 	private String carLicense;
+
 	// Person.cn
 	private String destinationIndicator;
+
 	private String departmentNumber;
+
 	// Person.description
 	private String displayName;
+
 	private String employeeNumber;
+
 	private String homePhone;
+
 	private String homePostalAddress;
+
 	private String initials;
+
 	private String mail;
+
 	private String mobile;
+
 	private String o;
+
 	private String ou;
+
 	private String postalAddress;
+
 	private String postalCode;
+
 	private String roomNumber;
+
 	private String street;
+
 	// Person.sn
 	// Person.telephoneNumber
 	private String title;
+
 	private String uid;
 
 	public String getUid() {
@@ -146,11 +163,12 @@ public class InetOrgPerson extends Person {
 		adapter.setAttributeValue("roomNumber", roomNumber);
 		adapter.setAttributeValue("street", street);
 		adapter.setAttributeValue("uid", uid);
-		adapter.setAttributeValues("objectclass", new String[] { "top", "person",
-				"organizationalPerson", "inetOrgPerson" });
+		adapter.setAttributeValues("objectclass",
+				new String[] { "top", "person", "organizationalPerson", "inetOrgPerson" });
 	}
 
 	public static class Essence extends Person.Essence {
+
 		public Essence() {
 		}
 
@@ -277,5 +295,7 @@ public class InetOrgPerson extends Person {
 		public void setHomePostalAddress(String homePostalAddress) {
 			((InetOrgPerson) instance).homePostalAddress = homePostalAddress;
 		}
+
 	}
+
 }
diff --git a/ldap/src/main/java/org/springframework/security/ldap/userdetails/InetOrgPersonContextMapper.java b/ldap/src/main/java/org/springframework/security/ldap/userdetails/InetOrgPersonContextMapper.java
index f75cbfca58..e3bc69af94 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/userdetails/InetOrgPersonContextMapper.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/userdetails/InetOrgPersonContextMapper.java
@@ -40,10 +40,10 @@ public class InetOrgPersonContextMapper implements UserDetailsContextMapper {
 	}
 
 	public void mapUserToContext(UserDetails user, DirContextAdapter ctx) {
-		Assert.isInstanceOf(InetOrgPerson.class, user,
-				"UserDetails must be an InetOrgPerson instance");
+		Assert.isInstanceOf(InetOrgPerson.class, user, "UserDetails must be an InetOrgPerson instance");
 
 		InetOrgPerson p = (InetOrgPerson) user;
 		p.populateContext(ctx);
 	}
+
 }
diff --git a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapAuthoritiesPopulator.java b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapAuthoritiesPopulator.java
index 0a18f2c36a..fc2562c4b5 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapAuthoritiesPopulator.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapAuthoritiesPopulator.java
@@ -32,17 +32,16 @@ import org.springframework.ldap.core.DirContextOperations;
  * @author Luke Taylor
  */
 public interface LdapAuthoritiesPopulator {
+
 	// ~ Methods
 	// ========================================================================================================
 
 	/**
 	 * Get the list of authorities for the user.
-	 *
 	 * @param userData the context object which was returned by the LDAP authenticator.
-	 *
 	 * @return the granted authorities for the given user.
 	 *
 	 */
-	Collection<? extends GrantedAuthority> getGrantedAuthorities(
-			DirContextOperations userData, String username);
+	Collection<? extends GrantedAuthority> getGrantedAuthorities(DirContextOperations userData, String username);
+
 }
diff --git a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapAuthority.java b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapAuthority.java
index 362bf0e874..dc8c80a0ff 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapAuthority.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapAuthority.java
@@ -31,12 +31,13 @@ import java.util.Map;
 public class LdapAuthority implements GrantedAuthority {
 
 	private String dn;
+
 	private String role;
+
 	private Map<String, List<String>> attributes;
 
 	/**
 	 * Constructs an LdapAuthority that has a role and a DN but no other attributes
-	 *
 	 * @param role
 	 * @param dn
 	 */
@@ -46,7 +47,6 @@ public class LdapAuthority implements GrantedAuthority {
 
 	/**
 	 * Constructs an LdapAuthority with the given role, DN and other LDAP attributes
-	 *
 	 * @param role
 	 * @param dn
 	 * @param attributes
@@ -62,7 +62,6 @@ public class LdapAuthority implements GrantedAuthority {
 
 	/**
 	 * Returns the LDAP attributes
-	 *
 	 * @return the LDAP attributes, map can be null
 	 */
 	public Map<String, List<String>> getAttributes() {
@@ -71,7 +70,6 @@ public class LdapAuthority implements GrantedAuthority {
 
 	/**
 	 * Returns the DN for this LDAP authority
-	 *
 	 * @return
 	 */
 	public String getDn() {
@@ -80,7 +78,6 @@ public class LdapAuthority implements GrantedAuthority {
 
 	/**
 	 * Returns the values for a specific attribute
-	 *
 	 * @param name the attribute name
 	 * @return a String array, never null but may be zero length
 	 */
@@ -97,7 +94,6 @@ public class LdapAuthority implements GrantedAuthority {
 
 	/**
 	 * Returns the first attribute value for a specified attribute
-	 *
 	 * @param name
 	 * @return the first attribute value for a specified attribute, may be null
 	 */
@@ -151,4 +147,5 @@ public class LdapAuthority implements GrantedAuthority {
 	public String toString() {
 		return "LdapAuthority{" + "dn='" + dn + '\'' + ", role='" + role + '\'' + '}';
 	}
+
 }
diff --git a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetails.java b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetails.java
index 4729184fca..f3963adc6a 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetails.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetails.java
@@ -25,13 +25,14 @@ import org.springframework.security.core.userdetails.UserDetails;
  * @author Luke Taylor
  */
 public interface LdapUserDetails extends UserDetails, CredentialsContainer {
+
 	// ~ Methods
 	// ========================================================================================================
 
 	/**
 	 * The DN of the entry for this user's account.
-	 *
 	 * @return the user's DN
 	 */
 	String getDn();
+
 }
diff --git a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsImpl.java b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsImpl.java
index 831aa3c1ac..543e769013 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsImpl.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsImpl.java
@@ -55,15 +55,24 @@ public class LdapUserDetailsImpl implements LdapUserDetails, PasswordPolicyData
 	// ================================================================================================
 
 	private String dn;
+
 	private String password;
+
 	private String username;
+
 	private Collection<GrantedAuthority> authorities = AuthorityUtils.NO_AUTHORITIES;
+
 	private boolean accountNonExpired = true;
+
 	private boolean accountNonLocked = true;
+
 	private boolean credentialsNonExpired = true;
+
 	private boolean enabled = true;
+
 	// PPolicy data
 	private int timeBeforeExpiration = Integer.MAX_VALUE;
+
 	private int graceLoginsRemaining = Integer.MAX_VALUE;
 
 	// ~ Constructors
@@ -152,8 +161,7 @@ public class LdapUserDetailsImpl implements LdapUserDetails, PasswordPolicyData
 		sb.append("Password: [PROTECTED]; ");
 		sb.append("Enabled: ").append(this.enabled).append("; ");
 		sb.append("AccountNonExpired: ").append(this.accountNonExpired).append("; ");
-		sb.append("CredentialsNonExpired: ").append(this.credentialsNonExpired)
-				.append("; ");
+		sb.append("CredentialsNonExpired: ").append(this.credentialsNonExpired).append("; ");
 		sb.append("AccountNonLocked: ").append(this.accountNonLocked).append("; ");
 
 		if (this.getAuthorities() != null && !this.getAuthorities().isEmpty()) {
@@ -185,7 +193,9 @@ public class LdapUserDetailsImpl implements LdapUserDetails, PasswordPolicyData
 	 * Variation of essence pattern. Used to create mutable intermediate object
 	 */
 	public static class Essence {
+
 		protected LdapUserDetailsImpl instance = createTarget();
+
 		private List<GrantedAuthority> mutableAuthorities = new ArrayList<>();
 
 		public Essence() {
@@ -230,8 +240,7 @@ public class LdapUserDetailsImpl implements LdapUserDetails, PasswordPolicyData
 		}
 
 		public LdapUserDetails createUserDetails() {
-			Assert.notNull(instance,
-					"Essence can only be used to create a single instance");
+			Assert.notNull(instance, "Essence can only be used to create a single instance");
 			Assert.notNull(instance.username, "username must not be null");
 			Assert.notNull(instance.getDn(), "Distinguished name must not be null");
 
@@ -292,5 +301,7 @@ public class LdapUserDetailsImpl implements LdapUserDetails, PasswordPolicyData
 		public void setGraceLoginsRemaining(int graceLoginsRemaining) {
 			instance.graceLoginsRemaining = graceLoginsRemaining;
 		}
+
 	}
+
 }
diff --git a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsManager.java b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsManager.java
index af8f214591..37d4078219 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsManager.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsManager.java
@@ -76,14 +76,14 @@ import org.springframework.util.Assert;
  * @since 2.0
  */
 public class LdapUserDetailsManager implements UserDetailsManager {
+
 	private final Log logger = LogFactory.getLog(LdapUserDetailsManager.class);
 
 	/**
 	 * The strategy for mapping usernames to LDAP distinguished names. This will be used
 	 * when building DNs for creating new users etc.
 	 */
-	LdapUsernameToDnMapper usernameMapper = new DefaultLdapUsernameToDnMapper("cn=users",
-			"uid");
+	LdapUsernameToDnMapper usernameMapper = new DefaultLdapUsernameToDnMapper("cn=users", "uid");
 
 	/** The DN under which groups are stored */
 	private DistinguishedName groupSearchBase = new DistinguishedName("cn=groups");
@@ -93,6 +93,7 @@ public class LdapUserDetailsManager implements UserDetailsManager {
 
 	/** The attribute which corresponds to the role name of a group. */
 	private String groupRoleAttributeName = "cn";
+
 	/** The attribute which contains members of a group */
 	private String groupMemberAttributeName = "uniquemember";
 
@@ -100,6 +101,7 @@ public class LdapUserDetailsManager implements UserDetailsManager {
 
 	/** The pattern to be used for the user search. {0} is the user's DN */
 	private String groupSearchFilter = "(uniquemember={0})";
+
 	/**
 	 * The strategy used to create a UserDetails object from the LDAP context, username
 	 * and list of authorities. This should be set to match the required UserDetails
@@ -140,16 +142,14 @@ public class LdapUserDetailsManager implements UserDetailsManager {
 		return userDetailsMapper.mapUserFromContext(userCtx, username, authorities);
 	}
 
-	private DirContextAdapter loadUserAsContext(final DistinguishedName dn,
-			final String username) {
+	private DirContextAdapter loadUserAsContext(final DistinguishedName dn, final String username) {
 		return (DirContextAdapter) template.executeReadOnly((ContextExecutor) ctx -> {
 			try {
 				Attributes attrs = ctx.getAttributes(dn, attributesToRetrieve);
 				return new DirContextAdapter(attrs, LdapUtils.getFullDn(dn, ctx));
 			}
 			catch (NameNotFoundException notFound) {
-				throw new UsernameNotFoundException(
-						"User " + username + " not found", notFound);
+				throw new UsernameNotFoundException("User " + username + " not found", notFound);
 			}
 		});
 	}
@@ -163,28 +163,25 @@ public class LdapUserDetailsManager implements UserDetailsManager {
 	 *
 	 * <p>
 	 * Configured one way, this method will modify the user's password via the
-	 * <a target="_blank" href="https://tools.ietf.org/html/rfc3062">
-	 *     LDAP Password Modify Extended Operation
-	 * </a>.
+	 * <a target="_blank" href="https://tools.ietf.org/html/rfc3062"> LDAP Password Modify
+	 * Extended Operation </a>.
 	 *
-	 * See {@link LdapUserDetailsManager#setUsePasswordModifyExtensionOperation(boolean)} for details.
+	 * See {@link LdapUserDetailsManager#setUsePasswordModifyExtensionOperation(boolean)}
+	 * for details.
 	 * </p>
 	 *
 	 * <p>
-	 * By default, though, if the old password is supplied, the update will be made by rebinding as the user,
-	 * thus modifying the password using the user's permissions. If
+	 * By default, though, if the old password is supplied, the update will be made by
+	 * rebinding as the user, thus modifying the password using the user's permissions. If
 	 * <code>oldPassword</code> is null, the update will be attempted using a standard
 	 * read/write context supplied by the context source.
 	 * </p>
-	 *
 	 * @param oldPassword the old password
 	 * @param newPassword the new value of the password.
 	 */
 	public void changePassword(final String oldPassword, final String newPassword) {
-		Authentication authentication = SecurityContextHolder.getContext()
-				.getAuthentication();
-		Assert.notNull(
-				authentication,
+		Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
+		Assert.notNull(authentication,
 				"No authentication object found in security context. Can't change current user's password!");
 
 		String username = authentication.getName();
@@ -195,32 +192,29 @@ public class LdapUserDetailsManager implements UserDetailsManager {
 
 		if (usePasswordModifyExtensionOperation) {
 			changePasswordUsingExtensionOperation(userDn, oldPassword, newPassword);
-		} else {
+		}
+		else {
 			changePasswordUsingAttributeModification(userDn, oldPassword, newPassword);
 		}
 	}
 
 	/**
-	 *
 	 * @param dn the distinguished name of the entry - may be either relative to the base
 	 * context or a complete DN including the name of the context (either is supported).
 	 * @param username the user whose roles are required.
 	 * @return the granted authorities returned by the group search
 	 */
 	@SuppressWarnings("unchecked")
-	List<GrantedAuthority> getUserAuthorities(final DistinguishedName dn,
-			final String username) {
+	List<GrantedAuthority> getUserAuthorities(final DistinguishedName dn, final String username) {
 		SearchExecutor se = ctx -> {
 			DistinguishedName fullDn = LdapUtils.getFullDn(dn, ctx);
 			SearchControls ctrls = new SearchControls();
 			ctrls.setReturningAttributes(new String[] { groupRoleAttributeName });
 
-			return ctx.search(groupSearchBase, groupSearchFilter, new String[] {
-					fullDn.toUrl(), username }, ctrls);
+			return ctx.search(groupSearchBase, groupSearchFilter, new String[] { fullDn.toUrl(), username }, ctrls);
 		};
 
-		AttributesMapperCallbackHandler roleCollector = new AttributesMapperCallbackHandler(
-				roleMapper);
+		AttributesMapperCallbackHandler roleCollector = new AttributesMapperCallbackHandler(roleMapper);
 
 		template.search(se, roleCollector);
 		return roleCollector.getList();
@@ -231,8 +225,7 @@ public class LdapUserDetailsManager implements UserDetailsManager {
 		copyToContext(user, ctx);
 		DistinguishedName dn = usernameMapper.buildDn(user.getUsername());
 
-		logger.debug("Creating new user '" + user.getUsername() + "' with DN '" + dn
-				+ "'");
+		logger.debug("Creating new user '" + user.getUsername() + "' with DN '" + dn + "'");
 
 		template.bind(dn, ctx, null);
 
@@ -259,8 +252,7 @@ public class LdapUserDetailsManager implements UserDetailsManager {
 		copyToContext(user, ctx);
 
 		// Remove the objectclass attribute from the list of mods (if present).
-		List<ModificationItem> mods = new LinkedList<>(Arrays.asList(ctx
-				.getModificationItems()));
+		List<ModificationItem> mods = new LinkedList<>(Arrays.asList(ctx.getModificationItems()));
 		ListIterator<ModificationItem> modIt = mods.listIterator();
 
 		while (modIt.hasNext()) {
@@ -302,7 +294,6 @@ public class LdapUserDetailsManager implements UserDetailsManager {
 
 	/**
 	 * Creates a DN from a group name.
-	 *
 	 * @param group the name of the group
 	 * @return the DN of the corresponding group, including the groupSearchBase
 	 */
@@ -317,13 +308,11 @@ public class LdapUserDetailsManager implements UserDetailsManager {
 		userDetailsMapper.mapUserToContext(user, ctx);
 	}
 
-	protected void addAuthorities(DistinguishedName userDn,
-			Collection<? extends GrantedAuthority> authorities) {
+	protected void addAuthorities(DistinguishedName userDn, Collection<? extends GrantedAuthority> authorities) {
 		modifyAuthorities(userDn, authorities, DirContext.ADD_ATTRIBUTE);
 	}
 
-	protected void removeAuthorities(DistinguishedName userDn,
-			Collection<? extends GrantedAuthority> authorities) {
+	protected void removeAuthorities(DistinguishedName userDn, Collection<? extends GrantedAuthority> authorities) {
 		modifyAuthorities(userDn, authorities, DirContext.REMOVE_ATTRIBUTE);
 	}
 
@@ -336,8 +325,7 @@ public class LdapUserDetailsManager implements UserDetailsManager {
 				ModificationItem addGroup = new ModificationItem(modType,
 						new BasicAttribute(groupMemberAttributeName, fullDn.toUrl()));
 
-				ctx.modifyAttributes(buildGroupDn(group),
-						new ModificationItem[] { addGroup });
+				ctx.modifyAttributes(buildGroupDn(group), new ModificationItem[] { addGroup });
 			}
 			return null;
 		});
@@ -384,7 +372,6 @@ public class LdapUserDetailsManager implements UserDetailsManager {
 	 * <p>
 	 * Usually this will be <tt>uniquemember</tt> (the default value) or <tt>member</tt>.
 	 * </p>
-	 *
 	 * @param groupMemberAttributeName the name of the attribute used to store group
 	 * members.
 	 */
@@ -401,17 +388,19 @@ public class LdapUserDetailsManager implements UserDetailsManager {
 	/**
 	 * Sets the method by which a user's password gets modified.
 	 *
-	 * If set to {@code true}, then {@link LdapUserDetailsManager#changePassword} will modify
-	 * the user's password by way of the
-	 * <a target="_blank" href="https://tools.ietf.org/html/rfc3062">Password Modify Extension Operation</a>.
+	 * If set to {@code true}, then {@link LdapUserDetailsManager#changePassword} will
+	 * modify the user's password by way of the
+	 * <a target="_blank" href="https://tools.ietf.org/html/rfc3062">Password Modify
+	 * Extension Operation</a>.
 	 *
-	 * If set to {@code false}, then {@link LdapUserDetailsManager#changePassword} will modify
-	 * the user's password by directly modifying attributes on the corresponding entry.
+	 * If set to {@code false}, then {@link LdapUserDetailsManager#changePassword} will
+	 * modify the user's password by directly modifying attributes on the corresponding
+	 * entry.
 	 *
-	 * Before using this setting, ensure that the corresponding LDAP server supports this extended operation.
+	 * Before using this setting, ensure that the corresponding LDAP server supports this
+	 * extended operation.
 	 *
 	 * By default, {@code usePasswordModifyExtensionOperation} is false.
-	 *
 	 * @param usePasswordModifyExtensionOperation
 	 * @since 4.2.9
 	 */
@@ -419,12 +408,11 @@ public class LdapUserDetailsManager implements UserDetailsManager {
 		this.usePasswordModifyExtensionOperation = usePasswordModifyExtensionOperation;
 	}
 
-	private void changePasswordUsingAttributeModification
-			(DistinguishedName userDn, String oldPassword, String newPassword) {
+	private void changePasswordUsingAttributeModification(DistinguishedName userDn, String oldPassword,
+			String newPassword) {
 
 		final ModificationItem[] passwordChange = new ModificationItem[] { new ModificationItem(
-				DirContext.REPLACE_ATTRIBUTE, new BasicAttribute(passwordAttributeName,
-				newPassword)) };
+				DirContext.REPLACE_ATTRIBUTE, new BasicAttribute(passwordAttributeName, newPassword)) };
 
 		if (oldPassword == null) {
 			template.modifyAttributes(userDn, passwordChange);
@@ -434,15 +422,14 @@ public class LdapUserDetailsManager implements UserDetailsManager {
 		template.executeReadWrite(dirCtx -> {
 			LdapContext ctx = (LdapContext) dirCtx;
 			ctx.removeFromEnvironment("com.sun.jndi.ldap.connect.pool");
-			ctx.addToEnvironment(Context.SECURITY_PRINCIPAL,
-					LdapUtils.getFullDn(userDn, ctx).toString());
+			ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, LdapUtils.getFullDn(userDn, ctx).toString());
 			ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, oldPassword);
 			// TODO: reconnect doesn't appear to actually change the credentials
 			try {
 				ctx.reconnect(null);
-			} catch (javax.naming.AuthenticationException e) {
-				throw new BadCredentialsException(
-						"Authentication for password change failed.");
+			}
+			catch (javax.naming.AuthenticationException e) {
+				throw new BadCredentialsException("Authentication for password change failed.");
 			}
 
 			ctx.modifyAttributes(userDn, passwordChange);
@@ -452,43 +439,45 @@ public class LdapUserDetailsManager implements UserDetailsManager {
 
 	}
 
-	private void changePasswordUsingExtensionOperation
-			(DistinguishedName userDn, String oldPassword, String newPassword) {
+	private void changePasswordUsingExtensionOperation(DistinguishedName userDn, String oldPassword,
+			String newPassword) {
 
 		template.executeReadWrite(dirCtx -> {
 			LdapContext ctx = (LdapContext) dirCtx;
 
 			String userIdentity = LdapUtils.getFullDn(userDn, ctx).encode();
-			PasswordModifyRequest request =
-					new PasswordModifyRequest(userIdentity, oldPassword, newPassword);
+			PasswordModifyRequest request = new PasswordModifyRequest(userIdentity, oldPassword, newPassword);
 
 			try {
 				return ctx.extendedOperation(request);
-			} catch (javax.naming.AuthenticationException e) {
-				throw new BadCredentialsException(
-						"Authentication for password change failed.");
+			}
+			catch (javax.naming.AuthenticationException e) {
+				throw new BadCredentialsException("Authentication for password change failed.");
 			}
 		});
 	}
 
 	/**
 	 * An implementation of the
-	 * <a target="_blank" href="https://tools.ietf.org/html/rfc3062">
-	 *    LDAP Password Modify Extended Operation
-	 * </a>
-	 * client request.
+	 * <a target="_blank" href="https://tools.ietf.org/html/rfc3062"> LDAP Password Modify
+	 * Extended Operation </a> client request.
 	 *
-	 * Can be directed at any LDAP server that supports the Password Modify Extended Operation.
+	 * Can be directed at any LDAP server that supports the Password Modify Extended
+	 * Operation.
 	 *
 	 * @author Josh Cummings
 	 * @since 4.2.9
 	 */
 	private static class PasswordModifyRequest implements ExtendedRequest {
+
 		private static final byte SEQUENCE_TYPE = 48;
 
 		private static final String PASSWORD_MODIFY_OID = "1.3.6.1.4.1.4203.1.11.1";
+
 		private static final byte USER_IDENTITY_OCTET_TYPE = -128;
+
 		private static final byte OLD_PASSWORD_OCTET_TYPE = -127;
+
 		private static final byte NEW_PASSWORD_OCTET_TYPE = -126;
 
 		private final ByteArrayOutputStream value = new ByteArrayOutputStream();
@@ -527,10 +516,9 @@ public class LdapUserDetailsManager implements UserDetailsManager {
 		}
 
 		/**
-		 * Only minimal support for
-		 * <a target="_blank" href="https://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf">
-		 *     BER encoding
-		 * </a>; just what is necessary for the Password Modify request.
+		 * Only minimal support for <a target="_blank" href=
+		 * "https://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf"> BER
+		 * encoding </a>; just what is necessary for the Password Modify request.
 		 *
 		 */
 		private void berEncode(byte type, byte[] src, ByteArrayOutputStream dest) {
@@ -540,19 +528,23 @@ public class LdapUserDetailsManager implements UserDetailsManager {
 
 			if (length < 128) {
 				dest.write(length);
-			} else if ((length & 0x0000_00FF) == length) {
+			}
+			else if ((length & 0x0000_00FF) == length) {
 				dest.write((byte) 0x81);
 				dest.write((byte) (length & 0xFF));
-			} else if ((length & 0x0000_FFFF) == length) {
+			}
+			else if ((length & 0x0000_FFFF) == length) {
 				dest.write((byte) 0x82);
 				dest.write((byte) ((length >> 8) & 0xFF));
 				dest.write((byte) (length & 0xFF));
-			} else if ((length & 0x00FF_FFFF) == length) {
+			}
+			else if ((length & 0x00FF_FFFF) == length) {
 				dest.write((byte) 0x83);
 				dest.write((byte) ((length >> 16) & 0xFF));
 				dest.write((byte) ((length >> 8) & 0xFF));
 				dest.write((byte) (length & 0xFF));
-			} else {
+			}
+			else {
 				dest.write((byte) 0x84);
 				dest.write((byte) ((length >> 24) & 0xFF));
 				dest.write((byte) ((length >> 16) & 0xFF));
@@ -562,9 +554,12 @@ public class LdapUserDetailsManager implements UserDetailsManager {
 
 			try {
 				dest.write(src);
-			} catch (IOException e) {
+			}
+			catch (IOException e) {
 				throw new IllegalArgumentException("Failed to BER encode provided value of type: " + type);
 			}
 		}
+
 	}
+
 }
diff --git a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsMapper.java b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsMapper.java
index 89df68fca1..970717bd58 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsMapper.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsMapper.java
@@ -38,13 +38,18 @@ import org.springframework.util.Assert;
  * @author Eddú Meléndez
  */
 public class LdapUserDetailsMapper implements UserDetailsContextMapper {
+
 	// ~ Instance fields
 	// ================================================================================================
 
 	private final Log logger = LogFactory.getLog(LdapUserDetailsMapper.class);
+
 	private String passwordAttributeName = "userPassword";
+
 	private String rolePrefix = "ROLE_";
+
 	private String[] roleAttributes = null;
+
 	private boolean convertToUpperCase = true;
 
 	// ~ Methods
@@ -69,13 +74,11 @@ public class LdapUserDetailsMapper implements UserDetailsContextMapper {
 		essence.setUsername(username);
 
 		// Map the roles
-		for (int i = 0; (this.roleAttributes != null)
-				&& (i < this.roleAttributes.length); i++) {
+		for (int i = 0; (this.roleAttributes != null) && (i < this.roleAttributes.length); i++) {
 			String[] rolesForAttribute = ctx.getStringAttributes(this.roleAttributes[i]);
 
 			if (rolesForAttribute == null) {
-				this.logger.debug("Couldn't read role attribute '"
-						+ this.roleAttributes[i] + "' for user " + dn);
+				this.logger.debug("Couldn't read role attribute '" + this.roleAttributes[i] + "' for user " + dn);
 				continue;
 			}
 
@@ -110,15 +113,13 @@ public class LdapUserDetailsMapper implements UserDetailsContextMapper {
 
 	@Override
 	public void mapUserToContext(UserDetails user, DirContextAdapter ctx) {
-		throw new UnsupportedOperationException(
-				"LdapUserDetailsMapper only supports reading from a context. Please"
-						+ " use a subclass if mapUserToContext() is required.");
+		throw new UnsupportedOperationException("LdapUserDetailsMapper only supports reading from a context. Please"
+				+ " use a subclass if mapUserToContext() is required.");
 	}
 
 	/**
 	 * Extension point to allow customized creation of the user's password from the
 	 * attribute stored in the directory.
-	 *
 	 * @param passwordValue the value of the password attribute
 	 * @return a String representation of the password.
 	 */
@@ -141,7 +142,6 @@ public class LdapUserDetailsMapper implements UserDetailsContextMapper {
 	 * <tt>rolePrefix</tt> and <tt>convertToUpperCase</tt> properties. Non-String
 	 * attributes are ignored.
 	 * </p>
-	 *
 	 * @param role the attribute returned from
 	 * @return the authority to be added to the list of authorities for the user, or null
 	 * if this attribute should be ignored.
@@ -159,7 +159,6 @@ public class LdapUserDetailsMapper implements UserDetailsContextMapper {
 	/**
 	 * Determines whether role field values will be converted to upper case when loaded.
 	 * The default is true.
-	 *
 	 * @param convertToUpperCase true if the roles should be converted to upper case.
 	 */
 	public void setConvertToUpperCase(boolean convertToUpperCase) {
@@ -169,7 +168,6 @@ public class LdapUserDetailsMapper implements UserDetailsContextMapper {
 	/**
 	 * The name of the attribute which contains the user's password. Defaults to
 	 * "userPassword".
-	 *
 	 * @param passwordAttributeName the name of the attribute
 	 */
 	public void setPasswordAttributeName(String passwordAttributeName) {
@@ -180,7 +178,6 @@ public class LdapUserDetailsMapper implements UserDetailsContextMapper {
 	 * The names of any attributes in the user's entry which represent application roles.
 	 * These will be converted to <tt>GrantedAuthority</tt>s and added to the list in the
 	 * returned LdapUserDetails object. The attribute values must be Strings by default.
-	 *
 	 * @param roleAttributes the names of the role attributes.
 	 */
 	public void setRoleAttributes(String[] roleAttributes) {
@@ -195,4 +192,5 @@ public class LdapUserDetailsMapper implements UserDetailsContextMapper {
 	public void setRolePrefix(String rolePrefix) {
 		this.rolePrefix = rolePrefix;
 	}
+
 }
diff --git a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsService.java b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsService.java
index 8a91097353..a02f714b94 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsService.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsService.java
@@ -35,24 +35,25 @@ import org.springframework.util.Assert;
  * @author Luke Taylor
  */
 public class LdapUserDetailsService implements UserDetailsService {
+
 	private final LdapUserSearch userSearch;
+
 	private final LdapAuthoritiesPopulator authoritiesPopulator;
+
 	private UserDetailsContextMapper userDetailsMapper = new LdapUserDetailsMapper();
 
 	public LdapUserDetailsService(LdapUserSearch userSearch) {
 		this(userSearch, new NullLdapAuthoritiesPopulator());
 	}
 
-	public LdapUserDetailsService(LdapUserSearch userSearch,
-			LdapAuthoritiesPopulator authoritiesPopulator) {
+	public LdapUserDetailsService(LdapUserSearch userSearch, LdapAuthoritiesPopulator authoritiesPopulator) {
 		Assert.notNull(userSearch, "userSearch must not be null");
 		Assert.notNull(authoritiesPopulator, "authoritiesPopulator must not be null");
 		this.userSearch = userSearch;
 		this.authoritiesPopulator = authoritiesPopulator;
 	}
 
-	public UserDetails loadUserByUsername(String username)
-			throws UsernameNotFoundException {
+	public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
 		DirContextOperations userData = userSearch.searchForUser(username);
 
 		return userDetailsMapper.mapUserFromContext(userData, username,
@@ -64,11 +65,12 @@ public class LdapUserDetailsService implements UserDetailsService {
 		this.userDetailsMapper = userDetailsMapper;
 	}
 
-	private static final class NullLdapAuthoritiesPopulator implements
-			LdapAuthoritiesPopulator {
-		public Collection<GrantedAuthority> getGrantedAuthorities(
-				DirContextOperations userDetails, String username) {
+	private static final class NullLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator {
+
+		public Collection<GrantedAuthority> getGrantedAuthorities(DirContextOperations userDetails, String username) {
 			return AuthorityUtils.NO_AUTHORITIES;
 		}
+
 	}
+
 }
diff --git a/ldap/src/main/java/org/springframework/security/ldap/userdetails/NestedLdapAuthoritiesPopulator.java b/ldap/src/main/java/org/springframework/security/ldap/userdetails/NestedLdapAuthoritiesPopulator.java
index 07e37b4cef..4aa2f0c61f 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/userdetails/NestedLdapAuthoritiesPopulator.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/userdetails/NestedLdapAuthoritiesPopulator.java
@@ -119,8 +119,8 @@ import org.springframework.util.StringUtils;
  */
 
 public class NestedLdapAuthoritiesPopulator extends DefaultLdapAuthoritiesPopulator {
-	private static final Log logger = LogFactory
-			.getLog(NestedLdapAuthoritiesPopulator.class);
+
+	private static final Log logger = LogFactory.getLog(NestedLdapAuthoritiesPopulator.class);
 
 	/**
 	 * The attribute names to retrieve for each LDAP group
@@ -135,13 +135,11 @@ public class NestedLdapAuthoritiesPopulator extends DefaultLdapAuthoritiesPopula
 	/**
 	 * Constructor for group search scenarios. <tt>userRoleAttributes</tt> may still be
 	 * set as a property.
-	 *
 	 * @param contextSource supplies the contexts used to search for user roles.
 	 * @param groupSearchBase if this is an empty string the search will be performed from
 	 * the root DN of the
 	 */
-	public NestedLdapAuthoritiesPopulator(ContextSource contextSource,
-			String groupSearchBase) {
+	public NestedLdapAuthoritiesPopulator(ContextSource contextSource, String groupSearchBase) {
 		super(contextSource, groupSearchBase);
 	}
 
@@ -163,45 +161,38 @@ public class NestedLdapAuthoritiesPopulator extends DefaultLdapAuthoritiesPopula
 
 	/**
 	 * Performs the nested group search
-	 *
 	 * @param userDn - the userDN to search for, will become the group DN for subsequent
 	 * searches
 	 * @param username - the username of the user
 	 * @param authorities - the authorities set that will be populated, must not be null
 	 * @param depth - the depth remaining, when 0 recursion will end
 	 */
-	private void performNestedSearch(String userDn, String username,
-			Set<GrantedAuthority> authorities, int depth) {
+	private void performNestedSearch(String userDn, String username, Set<GrantedAuthority> authorities, int depth) {
 		if (depth == 0) {
 			// back out of recursion
 			if (logger.isDebugEnabled()) {
-				logger.debug("Search aborted, max depth reached,"
-						+ " for roles for user '" + username + "', DN = " + "'" + userDn
-						+ "', with filter " + getGroupSearchFilter() + " in search base '"
+				logger.debug("Search aborted, max depth reached," + " for roles for user '" + username + "', DN = "
+						+ "'" + userDn + "', with filter " + getGroupSearchFilter() + " in search base '"
 						+ getGroupSearchBase() + "'");
 			}
 			return;
 		}
 
 		if (logger.isDebugEnabled()) {
-			logger.debug("Searching for roles for user '" + username + "', DN = " + "'"
-					+ userDn + "', with filter " + getGroupSearchFilter()
-					+ " in search base '" + getGroupSearchBase() + "'");
+			logger.debug("Searching for roles for user '" + username + "', DN = " + "'" + userDn + "', with filter "
+					+ getGroupSearchFilter() + " in search base '" + getGroupSearchBase() + "'");
 		}
 
 		if (getAttributeNames() == null) {
 			setAttributeNames(new HashSet<>());
 		}
-		if (StringUtils.hasText(getGroupRoleAttribute())
-				&& !getAttributeNames().contains(getGroupRoleAttribute())) {
+		if (StringUtils.hasText(getGroupRoleAttribute()) && !getAttributeNames().contains(getGroupRoleAttribute())) {
 			getAttributeNames().add(getGroupRoleAttribute());
 		}
 
-		Set<Map<String, List<String>>> userRoles = getLdapTemplate()
-				.searchForMultipleAttributeValues(getGroupSearchBase(),
-						getGroupSearchFilter(), new String[] { userDn, username },
-						getAttributeNames()
-								.toArray(new String[0]));
+		Set<Map<String, List<String>>> userRoles = getLdapTemplate().searchForMultipleAttributeValues(
+				getGroupSearchBase(), getGroupSearchFilter(), new String[] { userDn, username },
+				getAttributeNames().toArray(new String[0]));
 
 		if (logger.isDebugEnabled()) {
 			logger.debug("Roles from search: " + userRoles);
@@ -222,8 +213,7 @@ public class NestedLdapAuthoritiesPopulator extends DefaultLdapAuthoritiesPopula
 				role = getRolePrefix() + role;
 				// if the group already exist, we will not search for it's parents again.
 				// this prevents a forever loop for a misconfigured ldap directory
-				circular = circular
-						| (!authorities.add(new LdapAuthority(role, dn, record)));
+				circular = circular | (!authorities.add(new LdapAuthority(role, dn, record)));
 			}
 			String roleName = roles.size() > 0 ? roles.iterator().next() : dn;
 			if (!circular) {
@@ -236,7 +226,6 @@ public class NestedLdapAuthoritiesPopulator extends DefaultLdapAuthoritiesPopula
 	/**
 	 * Returns the attribute names that this populator has been configured to retrieve
 	 * Value can be null, represents fetch all attributes
-	 *
 	 * @return the attribute names or null for all
 	 */
 	private Set<String> getAttributeNames() {
@@ -245,7 +234,6 @@ public class NestedLdapAuthoritiesPopulator extends DefaultLdapAuthoritiesPopula
 
 	/**
 	 * Sets the attribute names to retrieve for each ldap groups. Null means retrieve all
-	 *
 	 * @param attributeNames - the names of the LDAP attributes to retrieve
 	 */
 	public void setAttributeNames(Set<String> attributeNames) {
@@ -255,7 +243,6 @@ public class NestedLdapAuthoritiesPopulator extends DefaultLdapAuthoritiesPopula
 	/**
 	 * How far should a nested search go. Depth is calculated in the number of levels we
 	 * search up for parent groups.
-	 *
 	 * @return the max search depth, default is 10
 	 */
 	private int getMaxSearchDepth() {
@@ -265,7 +252,6 @@ public class NestedLdapAuthoritiesPopulator extends DefaultLdapAuthoritiesPopula
 	/**
 	 * How far should a nested search go. Depth is calculated in the number of levels we
 	 * search up for parent groups.
-	 *
 	 * @param maxSearchDepth the max search depth
 	 */
 	public void setMaxSearchDepth(int maxSearchDepth) {
diff --git a/ldap/src/main/java/org/springframework/security/ldap/userdetails/Person.java b/ldap/src/main/java/org/springframework/security/ldap/userdetails/Person.java
index f68f5a6736..d8726e16ea 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/userdetails/Person.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/userdetails/Person.java
@@ -39,9 +39,13 @@ public class Person extends LdapUserDetailsImpl {
 	private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
 
 	private String givenName;
+
 	private String sn;
+
 	private String description;
+
 	private String telephoneNumber;
+
 	private List<String> cn = new ArrayList<>();
 
 	protected Person() {
@@ -144,5 +148,7 @@ public class Person extends LdapUserDetailsImpl {
 			// TODO: Check contents for null entries
 			return p;
 		}
+
 	}
+
 }
diff --git a/ldap/src/main/java/org/springframework/security/ldap/userdetails/PersonContextMapper.java b/ldap/src/main/java/org/springframework/security/ldap/userdetails/PersonContextMapper.java
index ba09ac79a0..288d34af9b 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/userdetails/PersonContextMapper.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/userdetails/PersonContextMapper.java
@@ -45,4 +45,5 @@ public class PersonContextMapper implements UserDetailsContextMapper {
 		Person p = (Person) user;
 		p.populateContext(ctx);
 	}
+
 }
diff --git a/ldap/src/main/java/org/springframework/security/ldap/userdetails/UserDetailsContextMapper.java b/ldap/src/main/java/org/springframework/security/ldap/userdetails/UserDetailsContextMapper.java
index 6c59f10ac2..81632818a1 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/userdetails/UserDetailsContextMapper.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/userdetails/UserDetailsContextMapper.java
@@ -36,7 +36,6 @@ public interface UserDetailsContextMapper {
 
 	/**
 	 * Creates a fully populated UserDetails object for use by the security framework.
-	 *
 	 * @param ctx the context object which contains the user information.
 	 * @param username the user's supplied login name.
 	 * @param authorities
@@ -50,4 +49,5 @@ public interface UserDetailsContextMapper {
 	 * object. Called when saving a user, for example.
 	 */
 	void mapUserToContext(UserDetails user, DirContextAdapter ctx);
+
 }
diff --git a/ldap/src/main/java/org/springframework/security/ldap/userdetails/package-info.java b/ldap/src/main/java/org/springframework/security/ldap/userdetails/package-info.java
index e53eeade05..d6c5da261f 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/userdetails/package-info.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/userdetails/package-info.java
@@ -18,4 +18,3 @@
  * contained in some of the standard LDAP types (such as {@code InetOrgPerson}).
  */
 package org.springframework.security.ldap.userdetails;
-
diff --git a/ldap/src/test/java/org/springframework/security/ldap/LdapUtilsTests.java b/ldap/src/test/java/org/springframework/security/ldap/LdapUtilsTests.java
index 8c9175a04a..3f260f4b7f 100644
--- a/ldap/src/test/java/org/springframework/security/ldap/LdapUtilsTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/LdapUtilsTests.java
@@ -43,8 +43,7 @@ public class LdapUtilsTests {
 	}
 
 	@Test
-	public void testGetRelativeNameReturnsEmptyStringForDnEqualToBaseName()
-			throws Exception {
+	public void testGetRelativeNameReturnsEmptyStringForDnEqualToBaseName() throws Exception {
 		final DirContext mockCtx = mock(DirContext.class);
 
 		when(mockCtx.getNameInNamespace()).thenReturn("dc=springframework,dc=org");
@@ -57,7 +56,8 @@ public class LdapUtilsTests {
 		final DirContext mockCtx = mock(DirContext.class);
 		when(mockCtx.getNameInNamespace()).thenReturn("");
 
-		assertThat(LdapUtils.getRelativeName("cn=jane,dc=springframework,dc=org", mockCtx)).isEqualTo("cn=jane,dc=springframework,dc=org");
+		assertThat(LdapUtils.getRelativeName("cn=jane,dc=springframework,dc=org", mockCtx))
+				.isEqualTo("cn=jane,dc=springframework,dc=org");
 	}
 
 	@Test
@@ -65,8 +65,8 @@ public class LdapUtilsTests {
 		final DirContext mockCtx = mock(DirContext.class);
 		when(mockCtx.getNameInNamespace()).thenReturn("dc=springsecurity,dc = org");
 
-		assertThat(LdapUtils.getRelativeName(
-				"cn=jane smith, dc = springsecurity , dc=org", mockCtx)).isEqualTo("cn=jane smith");
+		assertThat(LdapUtils.getRelativeName("cn=jane smith, dc = springsecurity , dc=org", mockCtx))
+				.isEqualTo("cn=jane smith");
 	}
 
 	@Test
@@ -75,19 +75,16 @@ public class LdapUtilsTests {
 		assertThat(LdapUtils.parseRootDnFromUrl("ldap://monkeymachine:11389")).isEqualTo("");
 		assertThat(LdapUtils.parseRootDnFromUrl("ldap://monkeymachine/")).isEqualTo("");
 		assertThat(LdapUtils.parseRootDnFromUrl("ldap://monkeymachine.co.uk/")).isEqualTo("");
-		assertThat(
-				LdapUtils
-						.parseRootDnFromUrl("ldaps://monkeymachine.co.uk/dc=springframework,dc=org")).isEqualTo("dc=springframework,dc=org");
-		assertThat(
-				LdapUtils.parseRootDnFromUrl("ldap:///dc=springframework,dc=org")).isEqualTo("dc=springframework,dc=org");
-		assertThat(
-				LdapUtils
-						.parseRootDnFromUrl("ldap://monkeymachine/dc=springframework,dc=org")).isEqualTo("dc=springframework,dc=org");
-		assertThat(
-				LdapUtils
-						.parseRootDnFromUrl("ldap://monkeymachine.co.uk/dc=springframework,dc=org/ou=blah")).isEqualTo("dc=springframework,dc=org/ou=blah");
-		assertThat(
-				LdapUtils
-						.parseRootDnFromUrl("ldap://monkeymachine.co.uk:389/dc=springframework,dc=org/ou=blah")).isEqualTo("dc=springframework,dc=org/ou=blah");
+		assertThat(LdapUtils.parseRootDnFromUrl("ldaps://monkeymachine.co.uk/dc=springframework,dc=org"))
+				.isEqualTo("dc=springframework,dc=org");
+		assertThat(LdapUtils.parseRootDnFromUrl("ldap:///dc=springframework,dc=org"))
+				.isEqualTo("dc=springframework,dc=org");
+		assertThat(LdapUtils.parseRootDnFromUrl("ldap://monkeymachine/dc=springframework,dc=org"))
+				.isEqualTo("dc=springframework,dc=org");
+		assertThat(LdapUtils.parseRootDnFromUrl("ldap://monkeymachine.co.uk/dc=springframework,dc=org/ou=blah"))
+				.isEqualTo("dc=springframework,dc=org/ou=blah");
+		assertThat(LdapUtils.parseRootDnFromUrl("ldap://monkeymachine.co.uk:389/dc=springframework,dc=org/ou=blah"))
+				.isEqualTo("dc=springframework,dc=org/ou=blah");
 	}
+
 }
diff --git a/ldap/src/test/java/org/springframework/security/ldap/SpringSecurityAuthenticationSourceTests.java b/ldap/src/test/java/org/springframework/security/ldap/SpringSecurityAuthenticationSourceTests.java
index 664a05dde7..e90379289e 100644
--- a/ldap/src/test/java/org/springframework/security/ldap/SpringSecurityAuthenticationSourceTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/SpringSecurityAuthenticationSourceTests.java
@@ -33,6 +33,7 @@ import org.junit.Test;
  * @author Luke Taylor
  */
 public class SpringSecurityAuthenticationSourceTests {
+
 	@Before
 	@After
 	public void clearContext() {
@@ -51,16 +52,14 @@ public class SpringSecurityAuthenticationSourceTests {
 		AuthenticationSource source = new SpringSecurityAuthenticationSource();
 
 		SecurityContextHolder.getContext().setAuthentication(
-				new AnonymousAuthenticationToken("key", "anonUser", AuthorityUtils
-						.createAuthorityList("ignored")));
+				new AnonymousAuthenticationToken("key", "anonUser", AuthorityUtils.createAuthorityList("ignored")));
 		assertThat(source.getPrincipal()).isEqualTo("");
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void getPrincipalRejectsNonLdapUserDetailsObject() {
 		AuthenticationSource source = new SpringSecurityAuthenticationSource();
-		SecurityContextHolder.getContext().setAuthentication(
-				new TestingAuthenticationToken(new Object(), "password"));
+		SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken(new Object(), "password"));
 
 		source.getPrincipal();
 	}
@@ -68,8 +67,7 @@ public class SpringSecurityAuthenticationSourceTests {
 	@Test
 	public void expectedCredentialsAreReturned() {
 		AuthenticationSource source = new SpringSecurityAuthenticationSource();
-		SecurityContextHolder.getContext().setAuthentication(
-				new TestingAuthenticationToken(new Object(), "password"));
+		SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken(new Object(), "password"));
 
 		assertThat(source.getCredentials()).isEqualTo("password");
 	}
@@ -80,9 +78,10 @@ public class SpringSecurityAuthenticationSourceTests {
 		user.setUsername("joe");
 		user.setDn(new DistinguishedName("uid=joe,ou=users"));
 		AuthenticationSource source = new SpringSecurityAuthenticationSource();
-		SecurityContextHolder.getContext().setAuthentication(
-				new TestingAuthenticationToken(user.createUserDetails(), null));
+		SecurityContextHolder.getContext()
+				.setAuthentication(new TestingAuthenticationToken(user.createUserDetails(), null));
 
 		assertThat(source.getPrincipal()).isEqualTo("uid=joe,ou=users");
 	}
+
 }
diff --git a/ldap/src/test/java/org/springframework/security/ldap/SpringSecurityLdapTemplateTests.java b/ldap/src/test/java/org/springframework/security/ldap/SpringSecurityLdapTemplateTests.java
index 5b7e362392..45afb11dd8 100644
--- a/ldap/src/test/java/org/springframework/security/ldap/SpringSecurityLdapTemplateTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/SpringSecurityLdapTemplateTests.java
@@ -37,10 +37,13 @@ public class SpringSecurityLdapTemplateTests {
 
 	@Mock
 	private DirContext ctx;
+
 	@Captor
 	private ArgumentCaptor<SearchControls> searchControls;
+
 	@Mock
 	private NamingEnumeration<SearchResult> resultsEnum;
+
 	@Mock
 	private SearchResult searchResult;
 
@@ -53,15 +56,13 @@ public class SpringSecurityLdapTemplateTests {
 		Object[] params = new Object[] {};
 		DirContextAdapter searchResultObject = mock(DirContextAdapter.class);
 
-		when(
-				ctx.search(any(DistinguishedName.class), eq(filter), eq(params),
-						searchControls.capture())).thenReturn(resultsEnum);
+		when(ctx.search(any(DistinguishedName.class), eq(filter), eq(params), searchControls.capture()))
+				.thenReturn(resultsEnum);
 		when(resultsEnum.hasMore()).thenReturn(true, false);
 		when(resultsEnum.next()).thenReturn(searchResult);
 		when(searchResult.getObject()).thenReturn(searchResultObject);
 
-		SpringSecurityLdapTemplate.searchForSingleEntryInternal(ctx,
-				mock(SearchControls.class), base, filter, params);
+		SpringSecurityLdapTemplate.searchForSingleEntryInternal(ctx, mock(SearchControls.class), base, filter, params);
 
 		assertThat(searchControls.getValue().getReturningObjFlag()).isTrue();
 	}
diff --git a/ldap/src/test/java/org/springframework/security/ldap/authentication/LdapAuthenticationProviderTests.java b/ldap/src/test/java/org/springframework/security/ldap/authentication/LdapAuthenticationProviderTests.java
index 87fd372b8b..0e367024c4 100644
--- a/ldap/src/test/java/org/springframework/security/ldap/authentication/LdapAuthenticationProviderTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/authentication/LdapAuthenticationProviderTests.java
@@ -51,36 +51,34 @@ public class LdapAuthenticationProviderTests {
 
 	@Test
 	public void testSupportsUsernamePasswordAuthenticationToken() {
-		LdapAuthenticationProvider ldapProvider = new LdapAuthenticationProvider(
-				new MockAuthenticator(), new MockAuthoritiesPopulator());
+		LdapAuthenticationProvider ldapProvider = new LdapAuthenticationProvider(new MockAuthenticator(),
+				new MockAuthoritiesPopulator());
 
 		assertThat(ldapProvider.supports(UsernamePasswordAuthenticationToken.class)).isTrue();
 	}
 
 	@Test
 	public void testDefaultMapperIsSet() {
-		LdapAuthenticationProvider ldapProvider = new LdapAuthenticationProvider(
-				new MockAuthenticator(), new MockAuthoritiesPopulator());
+		LdapAuthenticationProvider ldapProvider = new LdapAuthenticationProvider(new MockAuthenticator(),
+				new MockAuthoritiesPopulator());
 
 		assertThat(ldapProvider.getUserDetailsContextMapper() instanceof LdapUserDetailsMapper).isTrue();
 	}
 
 	@Test
 	public void testEmptyOrNullUserNameThrowsException() {
-		LdapAuthenticationProvider ldapProvider = new LdapAuthenticationProvider(
-				new MockAuthenticator(), new MockAuthoritiesPopulator());
+		LdapAuthenticationProvider ldapProvider = new LdapAuthenticationProvider(new MockAuthenticator(),
+				new MockAuthoritiesPopulator());
 
 		try {
-			ldapProvider.authenticate(new UsernamePasswordAuthenticationToken(null,
-					"password"));
+			ldapProvider.authenticate(new UsernamePasswordAuthenticationToken(null, "password"));
 			fail("Expected BadCredentialsException for empty username");
 		}
 		catch (BadCredentialsException expected) {
 		}
 
 		try {
-			ldapProvider.authenticate(new UsernamePasswordAuthenticationToken("",
-					"bobspassword"));
+			ldapProvider.authenticate(new UsernamePasswordAuthenticationToken("", "bobspassword"));
 			fail("Expected BadCredentialsException for null username");
 		}
 		catch (BadCredentialsException expected) {
@@ -90,26 +88,20 @@ public class LdapAuthenticationProviderTests {
 	@Test(expected = BadCredentialsException.class)
 	public void usernameNotFoundExceptionIsHiddenByDefault() {
 		final LdapAuthenticator authenticator = mock(LdapAuthenticator.class);
-		final UsernamePasswordAuthenticationToken joe = new UsernamePasswordAuthenticationToken(
-				"joe", "password");
-		when(authenticator.authenticate(joe)).thenThrow(
-				new UsernameNotFoundException("nobody"));
+		final UsernamePasswordAuthenticationToken joe = new UsernamePasswordAuthenticationToken("joe", "password");
+		when(authenticator.authenticate(joe)).thenThrow(new UsernameNotFoundException("nobody"));
 
-		LdapAuthenticationProvider provider = new LdapAuthenticationProvider(
-				authenticator);
+		LdapAuthenticationProvider provider = new LdapAuthenticationProvider(authenticator);
 		provider.authenticate(joe);
 	}
 
 	@Test(expected = UsernameNotFoundException.class)
 	public void usernameNotFoundExceptionIsNotHiddenIfConfigured() {
 		final LdapAuthenticator authenticator = mock(LdapAuthenticator.class);
-		final UsernamePasswordAuthenticationToken joe = new UsernamePasswordAuthenticationToken(
-				"joe", "password");
-		when(authenticator.authenticate(joe)).thenThrow(
-				new UsernameNotFoundException("nobody"));
+		final UsernamePasswordAuthenticationToken joe = new UsernamePasswordAuthenticationToken("joe", "password");
+		when(authenticator.authenticate(joe)).thenThrow(new UsernameNotFoundException("nobody"));
 
-		LdapAuthenticationProvider provider = new LdapAuthenticationProvider(
-				authenticator);
+		LdapAuthenticationProvider provider = new LdapAuthenticationProvider(authenticator);
 		provider.setHideUserNotFoundExceptions(false);
 		provider.authenticate(joe);
 	}
@@ -117,16 +109,15 @@ public class LdapAuthenticationProviderTests {
 	@Test
 	public void normalUsage() {
 		MockAuthoritiesPopulator populator = new MockAuthoritiesPopulator();
-		LdapAuthenticationProvider ldapProvider = new LdapAuthenticationProvider(
-				new MockAuthenticator(), populator);
+		LdapAuthenticationProvider ldapProvider = new LdapAuthenticationProvider(new MockAuthenticator(), populator);
 		LdapUserDetailsMapper userMapper = new LdapUserDetailsMapper();
 		userMapper.setRoleAttributes(new String[] { "ou" });
 		ldapProvider.setUserDetailsContextMapper(userMapper);
 
 		assertThat(ldapProvider.getAuthoritiesPopulator()).isNotNull();
 
-		UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(
-				"ben", "benspassword");
+		UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken("ben",
+				"benspassword");
 		Object authDetails = new Object();
 		authRequest.setDetails(authDetails);
 		Authentication authResult = ldapProvider.authenticate(authRequest);
@@ -138,20 +129,18 @@ public class LdapAuthenticationProviderTests {
 		assertThat(user.getUsername()).isEqualTo("ben");
 		assertThat(populator.getRequestedUsername()).isEqualTo("ben");
 
-		assertThat(AuthorityUtils.authorityListToSet(user.getAuthorities()))
-				.contains("ROLE_FROM_ENTRY");
-		assertThat(AuthorityUtils.authorityListToSet(user.getAuthorities()))
-				.contains("ROLE_FROM_POPULATOR");
+		assertThat(AuthorityUtils.authorityListToSet(user.getAuthorities())).contains("ROLE_FROM_ENTRY");
+		assertThat(AuthorityUtils.authorityListToSet(user.getAuthorities())).contains("ROLE_FROM_POPULATOR");
 	}
 
 	@Test
 	public void passwordIsSetFromUserDataIfUseAuthenticationRequestCredentialsIsFalse() {
-		LdapAuthenticationProvider ldapProvider = new LdapAuthenticationProvider(
-				new MockAuthenticator(), new MockAuthoritiesPopulator());
+		LdapAuthenticationProvider ldapProvider = new LdapAuthenticationProvider(new MockAuthenticator(),
+				new MockAuthoritiesPopulator());
 		ldapProvider.setUseAuthenticationRequestCredentials(false);
 
-		UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(
-				"ben", "benspassword");
+		UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken("ben",
+				"benspassword");
 		Authentication authResult = ldapProvider.authenticate(authRequest);
 		assertThat(authResult.getCredentials()).isEqualTo("{SHA}nFCebWjxfaLbHHG1Qk5UU4trbvQ=");
 
@@ -159,31 +148,26 @@ public class LdapAuthenticationProviderTests {
 
 	@Test
 	public void useWithNullAuthoritiesPopulatorReturnsCorrectRole() {
-		LdapAuthenticationProvider ldapProvider = new LdapAuthenticationProvider(
-				new MockAuthenticator());
+		LdapAuthenticationProvider ldapProvider = new LdapAuthenticationProvider(new MockAuthenticator());
 		LdapUserDetailsMapper userMapper = new LdapUserDetailsMapper();
 		userMapper.setRoleAttributes(new String[] { "ou" });
 		ldapProvider.setUserDetailsContextMapper(userMapper);
-		UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(
-				"ben", "benspassword");
-		UserDetails user = (UserDetails) ldapProvider.authenticate(authRequest)
-				.getPrincipal();
+		UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken("ben",
+				"benspassword");
+		UserDetails user = (UserDetails) ldapProvider.authenticate(authRequest).getPrincipal();
 		assertThat(user.getAuthorities()).hasSize(1);
-		assertThat(AuthorityUtils.authorityListToSet(user.getAuthorities()))
-				.contains("ROLE_FROM_ENTRY");
+		assertThat(AuthorityUtils.authorityListToSet(user.getAuthorities())).contains("ROLE_FROM_ENTRY");
 	}
 
 	@Test
 	public void authenticateWithNamingException() {
-		UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(
-				"ben", "benspassword");
+		UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken("ben",
+				"benspassword");
 		LdapAuthenticator mockAuthenticator = mock(LdapAuthenticator.class);
-		CommunicationException expectedCause = new CommunicationException(
-				new javax.naming.CommunicationException());
+		CommunicationException expectedCause = new CommunicationException(new javax.naming.CommunicationException());
 		when(mockAuthenticator.authenticate(authRequest)).thenThrow(expectedCause);
 
-		LdapAuthenticationProvider ldapProvider = new LdapAuthenticationProvider(
-				mockAuthenticator);
+		LdapAuthenticationProvider ldapProvider = new LdapAuthenticationProvider(mockAuthenticator);
 		try {
 			ldapProvider.authenticate(authRequest);
 			fail("Expected Exception");
@@ -205,28 +189,27 @@ public class LdapAuthenticationProviderTests {
 			String password = (String) authentication.getCredentials();
 
 			if (username.equals("ben") && password.equals("benspassword")) {
-				ctx.setDn(new DistinguishedName(
-						"cn=ben,ou=people,dc=springframework,dc=org"));
+				ctx.setDn(new DistinguishedName("cn=ben,ou=people,dc=springframework,dc=org"));
 				ctx.setAttributeValue("userPassword", "{SHA}nFCebWjxfaLbHHG1Qk5UU4trbvQ=");
 
 				return ctx;
 			}
 			else if (username.equals("jen") && password.equals("")) {
-				ctx.setDn(new DistinguishedName(
-						"cn=jen,ou=people,dc=springframework,dc=org"));
+				ctx.setDn(new DistinguishedName("cn=jen,ou=people,dc=springframework,dc=org"));
 
 				return ctx;
 			}
 
 			throw new BadCredentialsException("Authentication failed.");
 		}
+
 	}
 
 	class MockAuthoritiesPopulator implements LdapAuthoritiesPopulator {
+
 		String username;
 
-		public Collection<GrantedAuthority> getGrantedAuthorities(
-				DirContextOperations userCtx, String username) {
+		public Collection<GrantedAuthority> getGrantedAuthorities(DirContextOperations userCtx, String username) {
 			this.username = username;
 			return AuthorityUtils.createAuthorityList("ROLE_FROM_POPULATOR");
 		}
@@ -234,5 +217,7 @@ public class LdapAuthenticationProviderTests {
 		String getRequestedUsername() {
 			return username;
 		}
+
 	}
+
 }
diff --git a/ldap/src/test/java/org/springframework/security/ldap/authentication/MockUserSearch.java b/ldap/src/test/java/org/springframework/security/ldap/authentication/MockUserSearch.java
index cc846d9889..d22d6f2244 100644
--- a/ldap/src/test/java/org/springframework/security/ldap/authentication/MockUserSearch.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/authentication/MockUserSearch.java
@@ -21,11 +21,10 @@ import org.springframework.security.ldap.search.LdapUserSearch;
 import org.springframework.ldap.core.DirContextOperations;
 
 /**
- *
- *
  * @author Luke Taylor
  */
 public class MockUserSearch implements LdapUserSearch {
+
 	// ~ Instance fields
 	// ================================================================================================
 
@@ -47,4 +46,5 @@ public class MockUserSearch implements LdapUserSearch {
 	public DirContextOperations searchForUser(String username) {
 		return user;
 	}
+
 }
diff --git a/ldap/src/test/java/org/springframework/security/ldap/authentication/PasswordComparisonAuthenticatorMockTests.java b/ldap/src/test/java/org/springframework/security/ldap/authentication/PasswordComparisonAuthenticatorMockTests.java
index e2aff2a5f3..c7e92fa5b3 100644
--- a/ldap/src/test/java/org/springframework/security/ldap/authentication/PasswordComparisonAuthenticatorMockTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/authentication/PasswordComparisonAuthenticatorMockTests.java
@@ -29,7 +29,6 @@ import org.springframework.ldap.core.support.BaseLdapPathContextSource;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 
 /**
- *
  * @author Luke Taylor
  */
 public class PasswordComparisonAuthenticatorMockTests {
@@ -44,26 +43,22 @@ public class PasswordComparisonAuthenticatorMockTests {
 		final BasicAttributes attrs = new BasicAttributes();
 		attrs.put(new BasicAttribute("uid", "bob"));
 
-		PasswordComparisonAuthenticator authenticator = new PasswordComparisonAuthenticator(
-				source);
+		PasswordComparisonAuthenticator authenticator = new PasswordComparisonAuthenticator(source);
 
 		authenticator.setUserDnPatterns(new String[] { "cn={0},ou=people" });
 
 		// Get the mock to return an empty attribute set
 		when(source.getReadOnlyContext()).thenReturn(dirCtx);
-		when(dirCtx.getAttributes(eq("cn=Bob,ou=people"), any(String[].class)))
-				.thenReturn(attrs);
+		when(dirCtx.getAttributes(eq("cn=Bob,ou=people"), any(String[].class))).thenReturn(attrs);
 		when(dirCtx.getNameInNamespace()).thenReturn("dc=springframework,dc=org");
 
 		// Setup a single return value (i.e. success)
 		final NamingEnumeration searchResults = new BasicAttributes("", null).getAll();
 
-		when(
-				dirCtx.search(eq("cn=Bob,ou=people"), eq("(userPassword={0})"),
-						any(Object[].class), any(SearchControls.class))).thenReturn(
-				searchResults);
+		when(dirCtx.search(eq("cn=Bob,ou=people"), eq("(userPassword={0})"), any(Object[].class),
+				any(SearchControls.class))).thenReturn(searchResults);
 
-		authenticator.authenticate(new UsernamePasswordAuthenticationToken("Bob",
-				"bobspassword"));
+		authenticator.authenticate(new UsernamePasswordAuthenticationToken("Bob", "bobspassword"));
 	}
+
 }
diff --git a/ldap/src/test/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProviderTests.java b/ldap/src/test/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProviderTests.java
index 27226bd631..cfcd2a18e3 100644
--- a/ldap/src/test/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProviderTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProviderTests.java
@@ -64,20 +64,21 @@ import static org.springframework.security.ldap.authentication.ad.ActiveDirector
  * @author Rob Winch
  */
 public class ActiveDirectoryLdapAuthenticationProviderTests {
+
 	public static final String EXISTING_LDAP_PROVIDER = "ldap://192.168.1.200/";
+
 	public static final String NON_EXISTING_LDAP_PROVIDER = "ldap://192.168.1.201/";
 
 	@Rule
 	public ExpectedException thrown = ExpectedException.none();
 
 	ActiveDirectoryLdapAuthenticationProvider provider;
-	UsernamePasswordAuthenticationToken joe = new UsernamePasswordAuthenticationToken(
-			"joe", "password");
+
+	UsernamePasswordAuthenticationToken joe = new UsernamePasswordAuthenticationToken("joe", "password");
 
 	@Before
 	public void setUp() {
-		provider = new ActiveDirectoryLdapAuthenticationProvider("mydomain.eu",
-				"ldap://192.168.1.200/");
+		provider = new ActiveDirectoryLdapAuthenticationProvider("mydomain.eu", "ldap://192.168.1.200/");
 	}
 
 	@Test
@@ -101,12 +102,9 @@ public class ActiveDirectoryLdapAuthenticationProviderTests {
 		when(ctx.getNameInNamespace()).thenReturn("");
 
 		DirContextAdapter dca = new DirContextAdapter();
-		SearchResult sr = new SearchResult("CN=Joe Jannsen,CN=Users", dca,
-				dca.getAttributes());
-		when(
-				ctx.search(any(Name.class), eq(customSearchFilter), any(Object[].class),
-						any(SearchControls.class))).thenReturn(
-				new MockNamingEnumeration(sr));
+		SearchResult sr = new SearchResult("CN=Joe Jannsen,CN=Users", dca, dca.getAttributes());
+		when(ctx.search(any(Name.class), eq(customSearchFilter), any(Object[].class), any(SearchControls.class)))
+				.thenReturn(new MockNamingEnumeration(sr));
 
 		ActiveDirectoryLdapAuthenticationProvider customProvider = new ActiveDirectoryLdapAuthenticationProvider(
 				"mydomain.eu", "ldap://192.168.1.200/");
@@ -129,12 +127,9 @@ public class ActiveDirectoryLdapAuthenticationProviderTests {
 		when(ctx.getNameInNamespace()).thenReturn("");
 
 		DirContextAdapter dca = new DirContextAdapter();
-		SearchResult sr = new SearchResult("CN=Joe Jannsen,CN=Users", dca,
-				dca.getAttributes());
-		when(
-				ctx.search(any(Name.class), eq(defaultSearchFilter), any(Object[].class),
-						any(SearchControls.class))).thenReturn(
-				new MockNamingEnumeration(sr));
+		SearchResult sr = new SearchResult("CN=Joe Jannsen,CN=Users", dca, dca.getAttributes());
+		when(ctx.search(any(Name.class), eq(defaultSearchFilter), any(Object[].class), any(SearchControls.class)))
+				.thenReturn(new MockNamingEnumeration(sr));
 
 		ActiveDirectoryLdapAuthenticationProvider customProvider = new ActiveDirectoryLdapAuthenticationProvider(
 				"mydomain.eu", "ldap://192.168.1.200/");
@@ -145,8 +140,8 @@ public class ActiveDirectoryLdapAuthenticationProviderTests {
 
 		// then
 		assertThat(result.isAuthenticated()).isTrue();
-		verify(ctx).search(any(DistinguishedName.class), eq(defaultSearchFilter),
-				any(Object[].class), any(SearchControls.class));
+		verify(ctx).search(any(DistinguishedName.class), eq(defaultSearchFilter), any(Object[].class),
+				any(SearchControls.class));
 	}
 
 	// SEC-2897,SEC-2224
@@ -160,12 +155,9 @@ public class ActiveDirectoryLdapAuthenticationProviderTests {
 		when(ctx.getNameInNamespace()).thenReturn("");
 
 		DirContextAdapter dca = new DirContextAdapter();
-		SearchResult sr = new SearchResult("CN=Joe Jannsen,CN=Users", dca,
-				dca.getAttributes());
-		when(
-				ctx.search(any(Name.class), eq(defaultSearchFilter), captor.capture(),
-						any(SearchControls.class))).thenReturn(
-				new MockNamingEnumeration(sr));
+		SearchResult sr = new SearchResult("CN=Joe Jannsen,CN=Users", dca, dca.getAttributes());
+		when(ctx.search(any(Name.class), eq(defaultSearchFilter), captor.capture(), any(SearchControls.class)))
+				.thenReturn(new MockNamingEnumeration(sr));
 
 		ActiveDirectoryLdapAuthenticationProvider customProvider = new ActiveDirectoryLdapAuthenticationProvider(
 				"mydomain.eu", "ldap://192.168.1.200/");
@@ -190,20 +182,15 @@ public class ActiveDirectoryLdapAuthenticationProviderTests {
 	}
 
 	@Test
-	public void nullDomainIsSupportedIfAuthenticatingWithFullUserPrincipal()
-			throws Exception {
-		provider = new ActiveDirectoryLdapAuthenticationProvider(null,
-				"ldap://192.168.1.200/");
+	public void nullDomainIsSupportedIfAuthenticatingWithFullUserPrincipal() throws Exception {
+		provider = new ActiveDirectoryLdapAuthenticationProvider(null, "ldap://192.168.1.200/");
 		DirContext ctx = mock(DirContext.class);
 		when(ctx.getNameInNamespace()).thenReturn("");
 
 		DirContextAdapter dca = new DirContextAdapter();
-		SearchResult sr = new SearchResult("CN=Joe Jannsen,CN=Users", dca,
-				dca.getAttributes());
-		when(
-				ctx.search(eq(new DistinguishedName("DC=mydomain,DC=eu")),
-						any(String.class), any(Object[].class), any(SearchControls.class)))
-				.thenReturn(new MockNamingEnumeration(sr));
+		SearchResult sr = new SearchResult("CN=Joe Jannsen,CN=Users", dca, dca.getAttributes());
+		when(ctx.search(eq(new DistinguishedName("DC=mydomain,DC=eu")), any(String.class), any(Object[].class),
+				any(SearchControls.class))).thenReturn(new MockNamingEnumeration(sr));
 		provider.contextFactory = createContextFactoryReturning(ctx);
 
 		try {
@@ -213,17 +200,14 @@ public class ActiveDirectoryLdapAuthenticationProviderTests {
 		catch (BadCredentialsException expected) {
 		}
 
-		provider.authenticate(new UsernamePasswordAuthenticationToken("joe@mydomain.eu",
-				"password"));
+		provider.authenticate(new UsernamePasswordAuthenticationToken("joe@mydomain.eu", "password"));
 	}
 
 	@Test(expected = BadCredentialsException.class)
 	public void failedUserSearchCausesBadCredentials() throws Exception {
 		DirContext ctx = mock(DirContext.class);
 		when(ctx.getNameInNamespace()).thenReturn("");
-		when(
-				ctx.search(any(Name.class), any(String.class), any(Object[].class),
-						any(SearchControls.class)))
+		when(ctx.search(any(Name.class), any(String.class), any(Object[].class), any(SearchControls.class)))
 				.thenThrow(new NameNotFoundException());
 
 		provider.contextFactory = createContextFactoryReturning(ctx);
@@ -236,10 +220,8 @@ public class ActiveDirectoryLdapAuthenticationProviderTests {
 	public void noUserSearchCausesUsernameNotFound() throws Exception {
 		DirContext ctx = mock(DirContext.class);
 		when(ctx.getNameInNamespace()).thenReturn("");
-		when(
-				ctx.search(any(Name.class), any(String.class), any(Object[].class),
-						any(SearchControls.class))).thenReturn(
-				new EmptyEnumeration<>());
+		when(ctx.search(any(Name.class), any(String.class), any(Object[].class), any(SearchControls.class)))
+				.thenReturn(new EmptyEnumeration<>());
 
 		provider.contextFactory = createContextFactoryReturning(ctx);
 
@@ -260,12 +242,10 @@ public class ActiveDirectoryLdapAuthenticationProviderTests {
 		NamingEnumeration<SearchResult> searchResults = mock(NamingEnumeration.class);
 		when(searchResults.hasMore()).thenReturn(true, true, false);
 		SearchResult searchResult = mock(SearchResult.class);
-		when(searchResult.getObject()).thenReturn(new DirContextAdapter("ou=1"),
-				new DirContextAdapter("ou=2"));
+		when(searchResult.getObject()).thenReturn(new DirContextAdapter("ou=1"), new DirContextAdapter("ou=2"));
 		when(searchResults.next()).thenReturn(searchResult);
-		when(
-				ctx.search(any(Name.class), any(String.class), any(Object[].class),
-						any(SearchControls.class))).thenReturn(searchResults);
+		when(ctx.search(any(Name.class), any(String.class), any(Object[].class), any(SearchControls.class)))
+				.thenReturn(searchResults);
 
 		provider.contextFactory = createContextFactoryReturning(ctx);
 
@@ -276,24 +256,21 @@ public class ActiveDirectoryLdapAuthenticationProviderTests {
 
 	@Test(expected = BadCredentialsException.class)
 	public void userNotFoundIsCorrectlyMapped() {
-		provider.contextFactory = createContextFactoryThrowing(new AuthenticationException(
-				msg + "525, xxxx]"));
+		provider.contextFactory = createContextFactoryThrowing(new AuthenticationException(msg + "525, xxxx]"));
 		provider.setConvertSubErrorCodesToExceptions(true);
 		provider.authenticate(joe);
 	}
 
 	@Test(expected = BadCredentialsException.class)
 	public void incorrectPasswordIsCorrectlyMapped() {
-		provider.contextFactory = createContextFactoryThrowing(new AuthenticationException(
-				msg + "52e, xxxx]"));
+		provider.contextFactory = createContextFactoryThrowing(new AuthenticationException(msg + "52e, xxxx]"));
 		provider.setConvertSubErrorCodesToExceptions(true);
 		provider.authenticate(joe);
 	}
 
 	@Test(expected = BadCredentialsException.class)
 	public void notPermittedIsCorrectlyMapped() {
-		provider.contextFactory = createContextFactoryThrowing(new AuthenticationException(
-				msg + "530, xxxx]"));
+		provider.contextFactory = createContextFactoryThrowing(new AuthenticationException(msg + "530, xxxx]"));
 		provider.setConvertSubErrorCodesToExceptions(true);
 		provider.authenticate(joe);
 	}
@@ -301,22 +278,20 @@ public class ActiveDirectoryLdapAuthenticationProviderTests {
 	@Test
 	public void passwordNeedsResetIsCorrectlyMapped() {
 		final String dataCode = "773";
-		provider.contextFactory = createContextFactoryThrowing(new AuthenticationException(
-				msg + dataCode + ", xxxx]"));
+		provider.contextFactory = createContextFactoryThrowing(new AuthenticationException(msg + dataCode + ", xxxx]"));
 		provider.setConvertSubErrorCodesToExceptions(true);
 
 		thrown.expect(BadCredentialsException.class);
 		thrown.expect(new BaseMatcher<BadCredentialsException>() {
 			private Matcher<Object> causeInstance = CoreMatchers
 					.instanceOf(ActiveDirectoryAuthenticationException.class);
+
 			private Matcher<String> causeDataCode = CoreMatchers.equalTo(dataCode);
 
 			public boolean matches(Object that) {
 				Throwable t = (Throwable) that;
-				ActiveDirectoryAuthenticationException cause = (ActiveDirectoryAuthenticationException) t
-						.getCause();
-				return causeInstance.matches(cause)
-						&& causeDataCode.matches(cause.getDataCode());
+				ActiveDirectoryAuthenticationException cause = (ActiveDirectoryAuthenticationException) t.getCause();
+				return causeInstance.matches(cause) && causeDataCode.matches(cause.getDataCode());
 			}
 
 			public void describeTo(Description desc) {
@@ -332,8 +307,7 @@ public class ActiveDirectoryLdapAuthenticationProviderTests {
 
 	@Test(expected = CredentialsExpiredException.class)
 	public void expiredPasswordIsCorrectlyMapped() {
-		provider.contextFactory = createContextFactoryThrowing(new AuthenticationException(
-				msg + "532, xxxx]"));
+		provider.contextFactory = createContextFactoryThrowing(new AuthenticationException(msg + "532, xxxx]"));
 
 		try {
 			provider.authenticate(joe);
@@ -348,40 +322,35 @@ public class ActiveDirectoryLdapAuthenticationProviderTests {
 
 	@Test(expected = DisabledException.class)
 	public void accountDisabledIsCorrectlyMapped() {
-		provider.contextFactory = createContextFactoryThrowing(new AuthenticationException(
-				msg + "533, xxxx]"));
+		provider.contextFactory = createContextFactoryThrowing(new AuthenticationException(msg + "533, xxxx]"));
 		provider.setConvertSubErrorCodesToExceptions(true);
 		provider.authenticate(joe);
 	}
 
 	@Test(expected = AccountExpiredException.class)
 	public void accountExpiredIsCorrectlyMapped() {
-		provider.contextFactory = createContextFactoryThrowing(new AuthenticationException(
-				msg + "701, xxxx]"));
+		provider.contextFactory = createContextFactoryThrowing(new AuthenticationException(msg + "701, xxxx]"));
 		provider.setConvertSubErrorCodesToExceptions(true);
 		provider.authenticate(joe);
 	}
 
 	@Test(expected = LockedException.class)
 	public void accountLockedIsCorrectlyMapped() {
-		provider.contextFactory = createContextFactoryThrowing(new AuthenticationException(
-				msg + "775, xxxx]"));
+		provider.contextFactory = createContextFactoryThrowing(new AuthenticationException(msg + "775, xxxx]"));
 		provider.setConvertSubErrorCodesToExceptions(true);
 		provider.authenticate(joe);
 	}
 
 	@Test(expected = BadCredentialsException.class)
 	public void unknownErrorCodeIsCorrectlyMapped() {
-		provider.contextFactory = createContextFactoryThrowing(new AuthenticationException(
-				msg + "999, xxxx]"));
+		provider.contextFactory = createContextFactoryThrowing(new AuthenticationException(msg + "999, xxxx]"));
 		provider.setConvertSubErrorCodesToExceptions(true);
 		provider.authenticate(joe);
 	}
 
 	@Test(expected = BadCredentialsException.class)
 	public void errorWithNoSubcodeIsHandledCleanly() {
-		provider.contextFactory = createContextFactoryThrowing(new AuthenticationException(
-				msg));
+		provider.contextFactory = createContextFactoryThrowing(new AuthenticationException(msg));
 		provider.setConvertSubErrorCodesToExceptions(true);
 		provider.authenticate(joe);
 	}
@@ -389,22 +358,23 @@ public class ActiveDirectoryLdapAuthenticationProviderTests {
 	@Test(expected = org.springframework.ldap.CommunicationException.class)
 	public void nonAuthenticationExceptionIsConvertedToSpringLdapException() throws Throwable {
 		try {
-			provider.contextFactory = createContextFactoryThrowing(new CommunicationException(
-					msg));
+			provider.contextFactory = createContextFactoryThrowing(new CommunicationException(msg));
 			provider.authenticate(joe);
-		} catch (InternalAuthenticationServiceException e) {
-			// Since GH-8418 ldap communication exception is wrapped into InternalAuthenticationServiceException.
+		}
+		catch (InternalAuthenticationServiceException e) {
+			// Since GH-8418 ldap communication exception is wrapped into
+			// InternalAuthenticationServiceException.
 			// This test is about the wrapped exception, so we throw it.
 			throw e.getCause();
 		}
 	}
 
-	@Test(expected = org.springframework.security.authentication.InternalAuthenticationServiceException.class )
+	@Test(expected = org.springframework.security.authentication.InternalAuthenticationServiceException.class)
 	public void connectionExceptionIsWrappedInInternalException() throws Exception {
 		ActiveDirectoryLdapAuthenticationProvider noneReachableProvider = new ActiveDirectoryLdapAuthenticationProvider(
 				"mydomain.eu", NON_EXISTING_LDAP_PROVIDER, "dc=ad,dc=eu,dc=mydomain");
-		noneReachableProvider.setContextEnvironmentProperties(
-				Collections.singletonMap("com.sun.jndi.ldap.connect.timeout", "5"));
+		noneReachableProvider
+				.setContextEnvironmentProperties(Collections.singletonMap("com.sun.jndi.ldap.connect.timeout", "5"));
 		noneReachableProvider.doAuthentication(joe);
 	}
 
@@ -439,8 +409,8 @@ public class ActiveDirectoryLdapAuthenticationProviderTests {
 		}
 		catch (InternalAuthenticationServiceException expected) {
 			assertThat(expected.getCause()).isInstanceOf(org.springframework.ldap.CommunicationException.class);
-			org.springframework.ldap.CommunicationException cause =
-					(org.springframework.ldap.CommunicationException) expected.getCause();
+			org.springframework.ldap.CommunicationException cause = (org.springframework.ldap.CommunicationException) expected
+					.getCause();
 			assertThat(cause.getRootCause()).isInstanceOf(ClassNotFoundException.class);
 		}
 	}
@@ -463,20 +433,17 @@ public class ActiveDirectoryLdapAuthenticationProviderTests {
 		};
 	}
 
-	private void checkAuthentication(String rootDn,
-			ActiveDirectoryLdapAuthenticationProvider provider) throws NamingException {
+	private void checkAuthentication(String rootDn, ActiveDirectoryLdapAuthenticationProvider provider)
+			throws NamingException {
 		DirContext ctx = mock(DirContext.class);
 		when(ctx.getNameInNamespace()).thenReturn("");
 
 		DirContextAdapter dca = new DirContextAdapter();
-		SearchResult sr = new SearchResult("CN=Joe Jannsen,CN=Users", dca,
-				dca.getAttributes());
+		SearchResult sr = new SearchResult("CN=Joe Jannsen,CN=Users", dca, dca.getAttributes());
 		@SuppressWarnings("deprecation")
 		DistinguishedName searchBaseDn = new DistinguishedName(rootDn);
-		when(
-				ctx.search(eq(searchBaseDn), any(String.class), any(Object[].class),
-						any(SearchControls.class))).thenReturn(
-				new MockNamingEnumeration(sr)).thenReturn(new MockNamingEnumeration(sr));
+		when(ctx.search(eq(searchBaseDn), any(String.class), any(Object[].class), any(SearchControls.class)))
+				.thenReturn(new MockNamingEnumeration(sr)).thenReturn(new MockNamingEnumeration(sr));
 
 		provider.contextFactory = createContextFactoryReturning(ctx);
 
@@ -492,6 +459,7 @@ public class ActiveDirectoryLdapAuthenticationProviderTests {
 	}
 
 	static class MockNamingEnumeration implements NamingEnumeration<SearchResult> {
+
 		private SearchResult sr;
 
 		MockNamingEnumeration(SearchResult sr) {
@@ -518,5 +486,7 @@ public class ActiveDirectoryLdapAuthenticationProviderTests {
 		public SearchResult nextElement() {
 			return next();
 		}
+
 	}
+
 }
diff --git a/ldap/src/test/java/org/springframework/security/ldap/ppolicy/OpenLDAPIntegrationTestSuite.java b/ldap/src/test/java/org/springframework/security/ldap/ppolicy/OpenLDAPIntegrationTestSuite.java
index 02ed0e1c8f..4f6668d90c 100644
--- a/ldap/src/test/java/org/springframework/security/ldap/ppolicy/OpenLDAPIntegrationTestSuite.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/ppolicy/OpenLDAPIntegrationTestSuite.java
@@ -27,6 +27,7 @@ package org.springframework.security.ldap.ppolicy;
 public class OpenLDAPIntegrationTestSuite {
 
 	PasswordPolicyAwareContextSource cs;
+
 	/*
 	 * @Before public void createContextSource() throws Exception { cs = new
 	 * PasswordPolicyAwareContextSource("ldap://localhost:22389/dc=springsource,dc=com");
@@ -60,4 +61,5 @@ public class OpenLDAPIntegrationTestSuite {
 	 * = (LdapUserDetailsImpl) a.getPrincipal(); assertTrue(ud.getTimeBeforeExpiration() <
 	 * Integer.MAX_VALUE && ud.getTimeBeforeExpiration() > 0); }
 	 */
+
 }
diff --git a/ldap/src/test/java/org/springframework/security/ldap/ppolicy/PasswordPolicyAwareContextSourceTests.java b/ldap/src/test/java/org/springframework/security/ldap/ppolicy/PasswordPolicyAwareContextSourceTests.java
index fbe36fc031..c90ab5f98f 100644
--- a/ldap/src/test/java/org/springframework/security/ldap/ppolicy/PasswordPolicyAwareContextSourceTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/ppolicy/PasswordPolicyAwareContextSourceTests.java
@@ -32,14 +32,15 @@ import java.util.*;
  * @author Luke Taylor
  */
 public class PasswordPolicyAwareContextSourceTests {
+
 	private PasswordPolicyAwareContextSource ctxSource;
+
 	private final LdapContext ctx = mock(LdapContext.class);
 
 	@Before
 	public void setUp() {
 		reset(ctx);
-		ctxSource = new PasswordPolicyAwareContextSource(
-				"ldap://blah:789/dc=springframework,dc=org") {
+		ctxSource = new PasswordPolicyAwareContextSource("ldap://blah:789/dc=springframework,dc=org") {
 			@Override
 			protected DirContext createContext(Hashtable env) {
 				if ("manager".equals(env.get(Context.SECURITY_PRINCIPAL))) {
@@ -60,24 +61,20 @@ public class PasswordPolicyAwareContextSourceTests {
 	}
 
 	@Test(expected = UncategorizedLdapException.class)
-	public void standardExceptionIsPropagatedWhenExceptionRaisedAndNoControlsAreSet()
-			throws Exception {
-		doThrow(new NamingException("some LDAP exception")).when(ctx).reconnect(
-				any(Control[].class));
+	public void standardExceptionIsPropagatedWhenExceptionRaisedAndNoControlsAreSet() throws Exception {
+		doThrow(new NamingException("some LDAP exception")).when(ctx).reconnect(any(Control[].class));
 
 		ctxSource.getContext("user", "ignored");
 	}
 
 	@Test(expected = PasswordPolicyException.class)
-	public void lockedPasswordPolicyControlRaisesPasswordPolicyException()
-			throws Exception {
-		when(ctx.getResponseControls()).thenReturn(
-				new Control[] { new PasswordPolicyResponseControl(
-						PasswordPolicyResponseControlTests.OPENLDAP_LOCKED_CTRL) });
+	public void lockedPasswordPolicyControlRaisesPasswordPolicyException() throws Exception {
+		when(ctx.getResponseControls()).thenReturn(new Control[] {
+				new PasswordPolicyResponseControl(PasswordPolicyResponseControlTests.OPENLDAP_LOCKED_CTRL) });
 
-		doThrow(new NamingException("locked message")).when(ctx).reconnect(
-				any(Control[].class));
+		doThrow(new NamingException("locked message")).when(ctx).reconnect(any(Control[].class));
 
 		ctxSource.getContext("user", "ignored");
 	}
+
 }
diff --git a/ldap/src/test/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControlFactoryTests.java b/ldap/src/test/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControlFactoryTests.java
index c29f13b34f..e8a687fa52 100644
--- a/ldap/src/test/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControlFactoryTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControlFactoryTests.java
@@ -42,10 +42,10 @@ public class PasswordPolicyControlFactoryTests {
 		Control control = mock(Control.class);
 
 		when(control.getID()).thenReturn(PasswordPolicyControl.OID);
-		when(control.getEncodedValue()).thenReturn(
-				PasswordPolicyResponseControlTests.OPENLDAP_LOCKED_CTRL);
+		when(control.getEncodedValue()).thenReturn(PasswordPolicyResponseControlTests.OPENLDAP_LOCKED_CTRL);
 		Control result = ctrlFactory.getControlInstance(control);
 		assertThat(result).isNotNull();
 		assertThat(PasswordPolicyResponseControlTests.OPENLDAP_LOCKED_CTRL).isEqualTo(result.getEncodedValue());
 	}
+
 }
diff --git a/ldap/src/test/java/org/springframework/security/ldap/ppolicy/PasswordPolicyResponseControlTests.java b/ldap/src/test/java/org/springframework/security/ldap/ppolicy/PasswordPolicyResponseControlTests.java
index 9ed6c7cd31..d76ea93e19 100644
--- a/ldap/src/test/java/org/springframework/security/ldap/ppolicy/PasswordPolicyResponseControlTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/ppolicy/PasswordPolicyResponseControlTests.java
@@ -26,6 +26,7 @@ import org.junit.Test;
  * @author Luke Taylor
  */
 public class PasswordPolicyResponseControlTests {
+
 	// ~ Methods
 	// ========================================================================================================
 
@@ -94,8 +95,7 @@ public class PasswordPolicyResponseControlTests {
 
 	@Test
 	public void openLDAP496GraceLoginsRemainingCtrlIsParsedCorrectly() {
-		byte[] ctrlBytes = { 0x30, 0x06, (byte) 0xA0, 0x04, (byte) 0xA1, 0x02, 0x01,
-				(byte) 0xF0 };
+		byte[] ctrlBytes = { 0x30, 0x06, (byte) 0xA0, 0x04, (byte) 0xA1, 0x02, 0x01, (byte) 0xF0 };
 
 		PasswordPolicyResponseControl ctrl = new PasswordPolicyResponseControl(ctrlBytes);
 
@@ -103,13 +103,11 @@ public class PasswordPolicyResponseControlTests {
 		assertThat(ctrl.getGraceLoginsRemaining()).isEqualTo(496);
 	}
 
-	static final byte[] OPENLDAP_5_LOGINS_REMAINING_CTRL = { 0x30, 0x05, (byte) 0xA0,
-			0x03, (byte) 0xA1, 0x01, 0x05 };
+	static final byte[] OPENLDAP_5_LOGINS_REMAINING_CTRL = { 0x30, 0x05, (byte) 0xA0, 0x03, (byte) 0xA1, 0x01, 0x05 };
 
 	@Test
 	public void openLDAP5GraceLoginsRemainingCtrlIsParsedCorrectly() {
-		PasswordPolicyResponseControl ctrl = new PasswordPolicyResponseControl(
-				OPENLDAP_5_LOGINS_REMAINING_CTRL);
+		PasswordPolicyResponseControl ctrl = new PasswordPolicyResponseControl(OPENLDAP_5_LOGINS_REMAINING_CTRL);
 
 		assertThat(ctrl.hasWarning()).isTrue();
 		assertThat(ctrl.getGraceLoginsRemaining()).isEqualTo(5);
@@ -119,8 +117,7 @@ public class PasswordPolicyResponseControlTests {
 
 	@Test
 	public void openLDAPAccountLockedCtrlIsParsedCorrectly() {
-		PasswordPolicyResponseControl ctrl = new PasswordPolicyResponseControl(
-				OPENLDAP_LOCKED_CTRL);
+		PasswordPolicyResponseControl ctrl = new PasswordPolicyResponseControl(OPENLDAP_LOCKED_CTRL);
 
 		assertThat(ctrl.hasError() && ctrl.isLocked()).isTrue();
 		assertThat(ctrl.hasWarning()).isFalse();
@@ -135,4 +132,5 @@ public class PasswordPolicyResponseControlTests {
 		assertThat(ctrl.hasError() && ctrl.isExpired()).isTrue();
 		assertThat(ctrl.hasWarning()).isFalse();
 	}
+
 }
diff --git a/ldap/src/test/java/org/springframework/security/ldap/userdetails/InetOrgPersonTests.java b/ldap/src/test/java/org/springframework/security/ldap/userdetails/InetOrgPersonTests.java
index 168f725460..bb30851175 100644
--- a/ldap/src/test/java/org/springframework/security/ldap/userdetails/InetOrgPersonTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/userdetails/InetOrgPersonTests.java
@@ -95,11 +95,10 @@ public class InetOrgPersonTests {
 	public void mappingBackToContextMatchesOriginalData() {
 		DirContextAdapter ctx1 = createUserContext();
 		DirContextAdapter ctx2 = new DirContextAdapter();
-		ctx1.setAttributeValues("objectclass", new String[] { "top", "person",
-				"organizationalPerson", "inetOrgPerson" });
+		ctx1.setAttributeValues("objectclass",
+				new String[] { "top", "person", "organizationalPerson", "inetOrgPerson" });
 		ctx2.setDn(new DistinguishedName("ignored=ignored"));
-		InetOrgPerson p = (InetOrgPerson) (new InetOrgPerson.Essence(ctx1))
-				.createUserDetails();
+		InetOrgPerson p = (InetOrgPerson) (new InetOrgPerson.Essence(ctx1)).createUserDetails();
 		p.populateContext(ctx2);
 
 		assertThat(ctx2).isEqualTo(ctx1);
@@ -110,12 +109,10 @@ public class InetOrgPersonTests {
 		DirContextAdapter ctx1 = createUserContext();
 		DirContextAdapter ctx2 = new DirContextAdapter();
 		ctx2.setDn(new DistinguishedName("ignored=ignored"));
-		ctx1.setAttributeValues("objectclass", new String[] { "top", "person",
-				"organizationalPerson", "inetOrgPerson" });
-		InetOrgPerson p = (InetOrgPerson) (new InetOrgPerson.Essence(ctx1))
-				.createUserDetails();
-		InetOrgPerson p2 = (InetOrgPerson) new InetOrgPerson.Essence(p)
-				.createUserDetails();
+		ctx1.setAttributeValues("objectclass",
+				new String[] { "top", "person", "organizationalPerson", "inetOrgPerson" });
+		InetOrgPerson p = (InetOrgPerson) (new InetOrgPerson.Essence(ctx1)).createUserDetails();
+		InetOrgPerson p2 = (InetOrgPerson) new InetOrgPerson.Essence(p).createUserDetails();
 		p2.populateContext(ctx2);
 
 		assertThat(ctx2).isEqualTo(ctx1);
diff --git a/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapAuthorityTests.java b/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapAuthorityTests.java
index c6727986c7..b2d51183f2 100644
--- a/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapAuthorityTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapAuthorityTests.java
@@ -32,14 +32,14 @@ import static org.assertj.core.api.Assertions.assertThat;
 public class LdapAuthorityTests {
 
 	public static final String DN = "cn=filip,ou=Users,dc=test,dc=com";
+
 	LdapAuthority authority;
 
 	@Before
 	public void setUp() {
 		Map<String, List<String>> attributes = new HashMap<>();
 		attributes.put(SpringSecurityLdapTemplate.DN_KEY, Arrays.asList(DN));
-		attributes.put("mail",
-				Arrays.asList("filip@ldap.test.org", "filip@ldap.test2.org"));
+		attributes.put("mail", Arrays.asList("filip@ldap.test.org", "filip@ldap.test2.org"));
 		authority = new LdapAuthority("testRole", DN, attributes);
 	}
 
@@ -66,4 +66,5 @@ public class LdapAuthorityTests {
 		assertThat(authority.getAuthority()).isNotNull();
 		assertThat(authority.getAuthority()).isEqualTo("testRole");
 	}
+
 }
diff --git a/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsMapperTests.java b/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsMapperTests.java
index 1c8ca9e384..40dfe14fc9 100644
--- a/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsMapperTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsMapperTests.java
@@ -48,8 +48,8 @@ public class LdapUserDetailsMapperTests {
 		ctx.setAttributeValues("userRole", new String[] { "X", "Y", "Z" });
 		ctx.setAttributeValue("uid", "ani");
 
-		LdapUserDetailsImpl user = (LdapUserDetailsImpl) mapper.mapUserFromContext(ctx,
-				"ani", AuthorityUtils.NO_AUTHORITIES);
+		LdapUserDetailsImpl user = (LdapUserDetailsImpl) mapper.mapUserFromContext(ctx, "ani",
+				AuthorityUtils.NO_AUTHORITIES);
 
 		assertThat(user.getAuthorities()).hasSize(3);
 	}
@@ -66,12 +66,11 @@ public class LdapUserDetailsMapperTests {
 		BasicAttributes attrs = new BasicAttributes();
 		attrs.put(new BasicAttribute("userRole", "x"));
 
-		DirContextAdapter ctx = new DirContextAdapter(attrs,
-				new DistinguishedName("cn=someName"));
+		DirContextAdapter ctx = new DirContextAdapter(attrs, new DistinguishedName("cn=someName"));
 		ctx.setAttributeValue("uid", "ani");
 
-		LdapUserDetailsImpl user = (LdapUserDetailsImpl) mapper.mapUserFromContext(ctx,
-				"ani", AuthorityUtils.NO_AUTHORITIES);
+		LdapUserDetailsImpl user = (LdapUserDetailsImpl) mapper.mapUserFromContext(ctx, "ani",
+				AuthorityUtils.NO_AUTHORITIES);
 
 		assertThat(user.getAuthorities()).hasSize(1);
 		assertThat(AuthorityUtils.authorityListToSet(user.getAuthorities())).contains("ROLE_X");
@@ -85,8 +84,7 @@ public class LdapUserDetailsMapperTests {
 		BasicAttributes attrs = new BasicAttributes();
 		attrs.put(new BasicAttribute("myappsPassword", "mypassword".getBytes()));
 
-		DirContextAdapter ctx = new DirContextAdapter(attrs,
-				new DistinguishedName("cn=someName"));
+		DirContextAdapter ctx = new DirContextAdapter(attrs, new DistinguishedName("cn=someName"));
 		ctx.setAttributeValue("uid", "ani");
 
 		LdapUserDetails user = (LdapUserDetailsImpl) mapper.mapUserFromContext(ctx, "ani",
diff --git a/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsServiceTests.java b/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsServiceTests.java
index d8ff18881a..5c283eb01b 100644
--- a/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsServiceTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsServiceTests.java
@@ -49,36 +49,34 @@ public class LdapUserDetailsServiceTests {
 
 	@Test
 	public void correctAuthoritiesAreReturned() {
-		DirContextAdapter userData = new DirContextAdapter(new DistinguishedName(
-				"uid=joe"));
+		DirContextAdapter userData = new DirContextAdapter(new DistinguishedName("uid=joe"));
 
-		LdapUserDetailsService service = new LdapUserDetailsService(new MockUserSearch(
-				userData), new MockAuthoritiesPopulator());
+		LdapUserDetailsService service = new LdapUserDetailsService(new MockUserSearch(userData),
+				new MockAuthoritiesPopulator());
 		service.setUserDetailsMapper(new LdapUserDetailsMapper());
 
 		UserDetails user = service.loadUserByUsername("doesntmatterwegetjoeanyway");
 
-		Set<String> authorities = AuthorityUtils
-				.authorityListToSet(user.getAuthorities());
+		Set<String> authorities = AuthorityUtils.authorityListToSet(user.getAuthorities());
 		assertThat(authorities).hasSize(1);
 		assertThat(authorities.contains("ROLE_FROM_POPULATOR")).isTrue();
 	}
 
 	@Test
 	public void nullPopulatorConstructorReturnsEmptyAuthoritiesList() {
-		DirContextAdapter userData = new DirContextAdapter(new DistinguishedName(
-				"uid=joe"));
+		DirContextAdapter userData = new DirContextAdapter(new DistinguishedName("uid=joe"));
 
-		LdapUserDetailsService service = new LdapUserDetailsService(new MockUserSearch(
-				userData));
+		LdapUserDetailsService service = new LdapUserDetailsService(new MockUserSearch(userData));
 		UserDetails user = service.loadUserByUsername("doesntmatterwegetjoeanyway");
 		assertThat(user.getAuthorities()).isEmpty();
 	}
 
 	class MockAuthoritiesPopulator implements LdapAuthoritiesPopulator {
-		public Collection<GrantedAuthority> getGrantedAuthorities(
-				DirContextOperations userCtx, String username) {
+
+		public Collection<GrantedAuthority> getGrantedAuthorities(DirContextOperations userCtx, String username) {
 			return AuthorityUtils.createAuthorityList("ROLE_FROM_POPULATOR");
 		}
+
 	}
+
 }
diff --git a/ldap/src/test/java/org/springframework/security/ldap/userdetails/UserDetailsServiceLdapAuthoritiesPopulatorTests.java b/ldap/src/test/java/org/springframework/security/ldap/userdetails/UserDetailsServiceLdapAuthoritiesPopulatorTests.java
index 083f91c32d..cc96cfeefc 100644
--- a/ldap/src/test/java/org/springframework/security/ldap/userdetails/UserDetailsServiceLdapAuthoritiesPopulatorTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/userdetails/UserDetailsServiceLdapAuthoritiesPopulatorTests.java
@@ -42,12 +42,11 @@ public class UserDetailsServiceLdapAuthoritiesPopulatorTests {
 		List authorities = AuthorityUtils.createAuthorityList("ROLE_USER");
 		when(user.getAuthorities()).thenReturn(authorities);
 
-		UserDetailsServiceLdapAuthoritiesPopulator populator = new UserDetailsServiceLdapAuthoritiesPopulator(
-				uds);
-		Collection<? extends GrantedAuthority> auths = populator.getGrantedAuthorities(
-				new DirContextAdapter(), "joe");
+		UserDetailsServiceLdapAuthoritiesPopulator populator = new UserDetailsServiceLdapAuthoritiesPopulator(uds);
+		Collection<? extends GrantedAuthority> auths = populator.getGrantedAuthorities(new DirContextAdapter(), "joe");
 
 		assertThat(auths).hasSize(1);
 		assertThat(AuthorityUtils.authorityListToSet(auths).contains("ROLE_USER")).isTrue();
 	}
+
 }
diff --git a/messaging/src/main/java/org/springframework/security/messaging/access/expression/DefaultMessageSecurityExpressionHandler.java b/messaging/src/main/java/org/springframework/security/messaging/access/expression/DefaultMessageSecurityExpressionHandler.java
index dee415443a..c287fc8bf9 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/access/expression/DefaultMessageSecurityExpressionHandler.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/access/expression/DefaultMessageSecurityExpressionHandler.java
@@ -29,20 +29,17 @@ import org.springframework.util.Assert;
  * {@link MessageSecurityExpressionRoot}.
  *
  * @param <T> the type for the body of the Message
- *
  * @since 4.0
  * @author Rob Winch
  */
-public class DefaultMessageSecurityExpressionHandler<T> extends
-		AbstractSecurityExpressionHandler<Message<T>> {
+public class DefaultMessageSecurityExpressionHandler<T> extends AbstractSecurityExpressionHandler<Message<T>> {
 
 	private AuthenticationTrustResolver trustResolver = new AuthenticationTrustResolverImpl();
 
 	@Override
-	protected SecurityExpressionOperations createSecurityExpressionRoot(
-			Authentication authentication, Message<T> invocation) {
-		MessageSecurityExpressionRoot root = new MessageSecurityExpressionRoot(
-				authentication, invocation);
+	protected SecurityExpressionOperations createSecurityExpressionRoot(Authentication authentication,
+			Message<T> invocation) {
+		MessageSecurityExpressionRoot root = new MessageSecurityExpressionRoot(authentication, invocation);
 		root.setPermissionEvaluator(getPermissionEvaluator());
 		root.setTrustResolver(trustResolver);
 		root.setRoleHierarchy(getRoleHierarchy());
@@ -53,4 +50,5 @@ public class DefaultMessageSecurityExpressionHandler<T> extends
 		Assert.notNull(trustResolver, "trustResolver cannot be null");
 		this.trustResolver = trustResolver;
 	}
+
 }
diff --git a/messaging/src/main/java/org/springframework/security/messaging/access/expression/EvaluationContextPostProcessor.java b/messaging/src/main/java/org/springframework/security/messaging/access/expression/EvaluationContextPostProcessor.java
index 847969bca2..6009fe07a6 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/access/expression/EvaluationContextPostProcessor.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/access/expression/EvaluationContextPostProcessor.java
@@ -19,8 +19,7 @@ import org.springframework.expression.EvaluationContext;
 
 /**
  *
-/**
- * Allows post processing the {@link EvaluationContext}
+ * /** Allows post processing the {@link EvaluationContext}
  *
  * <p>
  * This API is intentionally kept package scope as it may evolve over time.
@@ -32,15 +31,13 @@ import org.springframework.expression.EvaluationContext;
 interface EvaluationContextPostProcessor<I> {
 
 	/**
-	 * Allows post processing of the {@link EvaluationContext}. Implementations
-	 * may return a new instance of {@link EvaluationContext} or modify the
-	 * {@link EvaluationContext} that was passed in.
-	 *
-	 * @param context
-	 *            the original {@link EvaluationContext}
-	 * @param invocation
-	 *            the security invocation object (i.e. Message)
+	 * Allows post processing of the {@link EvaluationContext}. Implementations may return
+	 * a new instance of {@link EvaluationContext} or modify the {@link EvaluationContext}
+	 * that was passed in.
+	 * @param context the original {@link EvaluationContext}
+	 * @param invocation the security invocation object (i.e. Message)
 	 * @return the upated context.
 	 */
 	EvaluationContext postProcess(EvaluationContext context, I invocation);
+
 }
diff --git a/messaging/src/main/java/org/springframework/security/messaging/access/expression/ExpressionBasedMessageSecurityMetadataSourceFactory.java b/messaging/src/main/java/org/springframework/security/messaging/access/expression/ExpressionBasedMessageSecurityMetadataSourceFactory.java
index 69934b64b4..b56c9de3ea 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/access/expression/ExpressionBasedMessageSecurityMetadataSourceFactory.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/access/expression/ExpressionBasedMessageSecurityMetadataSourceFactory.java
@@ -61,7 +61,6 @@ public final class ExpressionBasedMessageSecurityMetadataSourceFactory {
 	 *
 	 * <p>
 	 * For a complete listing of expressions see {@link MessageSecurityExpressionRoot}
-	 *
 	 * @param matcherToExpression an ordered mapping of {@link MessageMatcher} to Strings
 	 * that are turned into an Expression using
 	 * {@link DefaultMessageSecurityExpressionHandler#getExpressionParser()}
@@ -69,7 +68,8 @@ public final class ExpressionBasedMessageSecurityMetadataSourceFactory {
 	 */
 	public static MessageSecurityMetadataSource createExpressionMessageMetadataSource(
 			LinkedHashMap<MessageMatcher<?>, String> matcherToExpression) {
-		return createExpressionMessageMetadataSource(matcherToExpression, new DefaultMessageSecurityExpressionHandler<>());
+		return createExpressionMessageMetadataSource(matcherToExpression,
+				new DefaultMessageSecurityExpressionHandler<>());
 	}
 
 	/**
@@ -98,7 +98,6 @@ public final class ExpressionBasedMessageSecurityMetadataSourceFactory {
 	 * <p>
 	 * For a complete listing of expressions see {@link MessageSecurityExpressionRoot}
 	 * </p>
-	 *
 	 * @param matcherToExpression an ordered mapping of {@link MessageMatcher} to Strings
 	 * that are turned into an Expression using
 	 * {@link DefaultMessageSecurityExpressionHandler#getExpressionParser()}
@@ -106,15 +105,15 @@ public final class ExpressionBasedMessageSecurityMetadataSourceFactory {
 	 * @return the {@link MessageSecurityMetadataSource} to use. Cannot be null.
 	 */
 	public static MessageSecurityMetadataSource createExpressionMessageMetadataSource(
-			LinkedHashMap<MessageMatcher<?>, String> matcherToExpression, SecurityExpressionHandler<Message<Object>> handler) {
+			LinkedHashMap<MessageMatcher<?>, String> matcherToExpression,
+			SecurityExpressionHandler<Message<Object>> handler) {
 
 		LinkedHashMap<MessageMatcher<?>, Collection<ConfigAttribute>> matcherToAttrs = new LinkedHashMap<>();
 
 		for (Map.Entry<MessageMatcher<?>, String> entry : matcherToExpression.entrySet()) {
 			MessageMatcher<?> matcher = entry.getKey();
 			String rawExpression = entry.getValue();
-			Expression expression = handler.getExpressionParser().parseExpression(
-					rawExpression);
+			Expression expression = handler.getExpressionParser().parseExpression(rawExpression);
 			ConfigAttribute attribute = new MessageExpressionConfigAttribute(expression, matcher);
 			matcherToAttrs.put(matcher, Arrays.asList(attribute));
 		}
@@ -123,4 +122,5 @@ public final class ExpressionBasedMessageSecurityMetadataSourceFactory {
 
 	private ExpressionBasedMessageSecurityMetadataSourceFactory() {
 	}
+
 }
diff --git a/messaging/src/main/java/org/springframework/security/messaging/access/expression/MessageExpressionConfigAttribute.java b/messaging/src/main/java/org/springframework/security/messaging/access/expression/MessageExpressionConfigAttribute.java
index 51a599c7f0..84ffed8135 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/access/expression/MessageExpressionConfigAttribute.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/access/expression/MessageExpressionConfigAttribute.java
@@ -34,13 +34,13 @@ import java.util.Map;
  */
 @SuppressWarnings("serial")
 class MessageExpressionConfigAttribute implements ConfigAttribute, EvaluationContextPostProcessor<Message<?>> {
-	private final Expression authorizeExpression;
-	private final MessageMatcher<?> matcher;
 
+	private final Expression authorizeExpression;
+
+	private final MessageMatcher<?> matcher;
 
 	/**
 	 * Creates a new instance
-	 *
 	 * @param authorizeExpression the {@link Expression} to use. Cannot be null
 	 * @param matcher the {@link MessageMatcher} used to match the messages.
 	 */
@@ -51,7 +51,6 @@ class MessageExpressionConfigAttribute implements ConfigAttribute, EvaluationCon
 		this.matcher = matcher;
 	}
 
-
 	Expression getAuthorizeExpression() {
 		return authorizeExpression;
 	}
@@ -68,11 +67,13 @@ class MessageExpressionConfigAttribute implements ConfigAttribute, EvaluationCon
 	@Override
 	public EvaluationContext postProcess(EvaluationContext ctx, Message<?> message) {
 		if (matcher instanceof SimpDestinationMessageMatcher) {
-			final Map<String, String> variables = ((SimpDestinationMessageMatcher) matcher).extractPathVariables(message);
-			for (Map.Entry<String, String> entry : variables.entrySet()){
+			final Map<String, String> variables = ((SimpDestinationMessageMatcher) matcher)
+					.extractPathVariables(message);
+			for (Map.Entry<String, String> entry : variables.entrySet()) {
 				ctx.setVariable(entry.getKey(), entry.getValue());
 			}
 		}
 		return ctx;
 	}
+
 }
diff --git a/messaging/src/main/java/org/springframework/security/messaging/access/expression/MessageExpressionVoter.java b/messaging/src/main/java/org/springframework/security/messaging/access/expression/MessageExpressionVoter.java
index 0d06873e59..401ee8ae7a 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/access/expression/MessageExpressionVoter.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/access/expression/MessageExpressionVoter.java
@@ -38,10 +38,10 @@ import java.util.Collection;
  * @author Daniel Bustamante Ospina
  */
 public class MessageExpressionVoter<T> implements AccessDecisionVoter<Message<T>> {
+
 	private SecurityExpressionHandler<Message<T>> expressionHandler = new DefaultMessageSecurityExpressionHandler<>();
 
-	public int vote(Authentication authentication, Message<T> message,
-			Collection<ConfigAttribute> attributes) {
+	public int vote(Authentication authentication, Message<T> message, Collection<ConfigAttribute> attributes) {
 		assert authentication != null;
 		assert message != null;
 		assert attributes != null;
@@ -52,16 +52,13 @@ public class MessageExpressionVoter<T> implements AccessDecisionVoter<Message<T>
 			return ACCESS_ABSTAIN;
 		}
 
-		EvaluationContext ctx = expressionHandler.createEvaluationContext(authentication,
-				message);
+		EvaluationContext ctx = expressionHandler.createEvaluationContext(authentication, message);
 		ctx = attr.postProcess(ctx, message);
 
-		return ExpressionUtils.evaluateAsBoolean(attr.getAuthorizeExpression(), ctx) ? ACCESS_GRANTED
-				: ACCESS_DENIED;
+		return ExpressionUtils.evaluateAsBoolean(attr.getAuthorizeExpression(), ctx) ? ACCESS_GRANTED : ACCESS_DENIED;
 	}
 
-	private MessageExpressionConfigAttribute findConfigAttribute(
-			Collection<ConfigAttribute> attributes) {
+	private MessageExpressionConfigAttribute findConfigAttribute(Collection<ConfigAttribute> attributes) {
 		for (ConfigAttribute attribute : attributes) {
 			if (attribute instanceof MessageExpressionConfigAttribute) {
 				return (MessageExpressionConfigAttribute) attribute;
@@ -78,9 +75,9 @@ public class MessageExpressionVoter<T> implements AccessDecisionVoter<Message<T>
 		return Message.class.isAssignableFrom(clazz);
 	}
 
-	public void setExpressionHandler(
-			SecurityExpressionHandler<Message<T>> expressionHandler) {
+	public void setExpressionHandler(SecurityExpressionHandler<Message<T>> expressionHandler) {
 		Assert.notNull(expressionHandler, "expressionHandler cannot be null");
 		this.expressionHandler = expressionHandler;
 	}
+
 }
diff --git a/messaging/src/main/java/org/springframework/security/messaging/access/expression/MessageSecurityExpressionRoot.java b/messaging/src/main/java/org/springframework/security/messaging/access/expression/MessageSecurityExpressionRoot.java
index 2a7580f778..82ba70c3b8 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/access/expression/MessageSecurityExpressionRoot.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/access/expression/MessageSecurityExpressionRoot.java
@@ -33,4 +33,5 @@ public class MessageSecurityExpressionRoot extends SecurityExpressionRoot {
 		super(authentication);
 		this.message = message;
 	}
+
 }
diff --git a/messaging/src/main/java/org/springframework/security/messaging/access/intercept/ChannelSecurityInterceptor.java b/messaging/src/main/java/org/springframework/security/messaging/access/intercept/ChannelSecurityInterceptor.java
index 8efd76b741..77d6c31c13 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/access/intercept/ChannelSecurityInterceptor.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/access/intercept/ChannelSecurityInterceptor.java
@@ -36,15 +36,14 @@ import org.springframework.util.Assert;
  * @since 4.0
  * @author Rob Winch
  */
-public final class ChannelSecurityInterceptor extends AbstractSecurityInterceptor
-		implements ChannelInterceptor {
+public final class ChannelSecurityInterceptor extends AbstractSecurityInterceptor implements ChannelInterceptor {
+
 	private static final ThreadLocal<InterceptorStatusToken> tokenHolder = new ThreadLocal<>();
 
 	private final MessageSecurityMetadataSource metadataSource;
 
 	/**
 	 * Creates a new instance
-	 *
 	 * @param metadataSource the MessageSecurityMetadataSource to use. Cannot be null.
 	 *
 	 * @see DefaultMessageSecurityMetadataSource
@@ -78,8 +77,7 @@ public final class ChannelSecurityInterceptor extends AbstractSecurityIntercepto
 		afterInvocation(token, null);
 	}
 
-	public void afterSendCompletion(Message<?> message, MessageChannel channel,
-			boolean sent, Exception ex) {
+	public void afterSendCompletion(Message<?> message, MessageChannel channel, boolean sent, Exception ex) {
 		InterceptorStatusToken token = clearToken();
 		finallyInvocation(token);
 	}
@@ -92,8 +90,7 @@ public final class ChannelSecurityInterceptor extends AbstractSecurityIntercepto
 		return message;
 	}
 
-	public void afterReceiveCompletion(Message<?> message, MessageChannel channel,
-			Exception ex) {
+	public void afterReceiveCompletion(Message<?> message, MessageChannel channel, Exception ex) {
 	}
 
 	private InterceptorStatusToken clearToken() {
@@ -101,4 +98,5 @@ public final class ChannelSecurityInterceptor extends AbstractSecurityIntercepto
 		tokenHolder.remove();
 		return token;
 	}
+
 }
diff --git a/messaging/src/main/java/org/springframework/security/messaging/access/intercept/DefaultMessageSecurityMetadataSource.java b/messaging/src/main/java/org/springframework/security/messaging/access/intercept/DefaultMessageSecurityMetadataSource.java
index 13c661a0c1..f3ccfc7474 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/access/intercept/DefaultMessageSecurityMetadataSource.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/access/intercept/DefaultMessageSecurityMetadataSource.java
@@ -33,12 +33,11 @@ import java.util.*;
  *
  * @see ChannelSecurityInterceptor
  * @see ExpressionBasedMessageSecurityMetadataSourceFactory
- *
  * @since 4.0
  * @author Rob Winch
  */
-public final class DefaultMessageSecurityMetadataSource implements
-		MessageSecurityMetadataSource {
+public final class DefaultMessageSecurityMetadataSource implements MessageSecurityMetadataSource {
+
 	private final Map<MessageMatcher<?>, Collection<ConfigAttribute>> messageMap;
 
 	public DefaultMessageSecurityMetadataSource(
@@ -47,11 +46,9 @@ public final class DefaultMessageSecurityMetadataSource implements
 	}
 
 	@SuppressWarnings({ "rawtypes", "unchecked" })
-	public Collection<ConfigAttribute> getAttributes(Object object)
-			throws IllegalArgumentException {
+	public Collection<ConfigAttribute> getAttributes(Object object) throws IllegalArgumentException {
 		final Message message = (Message) object;
-		for (Map.Entry<MessageMatcher<?>, Collection<ConfigAttribute>> entry : messageMap
-				.entrySet()) {
+		for (Map.Entry<MessageMatcher<?>, Collection<ConfigAttribute>> entry : messageMap.entrySet()) {
 			if (entry.getKey().matches(message)) {
 				return entry.getValue();
 			}
@@ -72,4 +69,5 @@ public final class DefaultMessageSecurityMetadataSource implements
 	public boolean supports(Class<?> clazz) {
 		return Message.class.isAssignableFrom(clazz);
 	}
+
 }
diff --git a/messaging/src/main/java/org/springframework/security/messaging/access/intercept/MessageSecurityMetadataSource.java b/messaging/src/main/java/org/springframework/security/messaging/access/intercept/MessageSecurityMetadataSource.java
index fefca0620d..0b48b857f9 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/access/intercept/MessageSecurityMetadataSource.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/access/intercept/MessageSecurityMetadataSource.java
@@ -23,9 +23,9 @@ import org.springframework.security.access.SecurityMetadataSource;
  *
  * @see ChannelSecurityInterceptor
  * @see DefaultMessageSecurityMetadataSource
- *
  * @since 4.0
  * @author Rob Winch
  */
 public interface MessageSecurityMetadataSource extends SecurityMetadataSource {
+
 }
diff --git a/messaging/src/main/java/org/springframework/security/messaging/context/AuthenticationPrincipalArgumentResolver.java b/messaging/src/main/java/org/springframework/security/messaging/context/AuthenticationPrincipalArgumentResolver.java
index faebd3d2d9..ea1869a3d2 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/context/AuthenticationPrincipalArgumentResolver.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/context/AuthenticationPrincipalArgumentResolver.java
@@ -81,8 +81,7 @@ import org.springframework.util.StringUtils;
  * @author Rob Winch
  * @since 4.0
  */
-public final class AuthenticationPrincipalArgumentResolver
-		implements HandlerMethodArgumentResolver {
+public final class AuthenticationPrincipalArgumentResolver implements HandlerMethodArgumentResolver {
 
 	private ExpressionParser parser = new SpelExpressionParser();
 
@@ -106,15 +105,13 @@ public final class AuthenticationPrincipalArgumentResolver
 	 * org.springframework.messaging.Message)
 	 */
 	public Object resolveArgument(MethodParameter parameter, Message<?> message) {
-		Authentication authentication = SecurityContextHolder.getContext()
-				.getAuthentication();
+		Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
 		if (authentication == null) {
 			return null;
 		}
 		Object principal = authentication.getPrincipal();
 
-		AuthenticationPrincipal authPrincipal = findMethodAnnotation(
-				AuthenticationPrincipal.class, parameter);
+		AuthenticationPrincipal authPrincipal = findMethodAnnotation(AuthenticationPrincipal.class, parameter);
 
 		String expressionToParse = authPrincipal.expression();
 		if (StringUtils.hasLength(expressionToParse)) {
@@ -126,11 +123,9 @@ public final class AuthenticationPrincipalArgumentResolver
 			principal = expression.getValue(context);
 		}
 
-		if (principal != null
-				&& !parameter.getParameterType().isAssignableFrom(principal.getClass())) {
+		if (principal != null && !parameter.getParameterType().isAssignableFrom(principal.getClass())) {
 			if (authPrincipal.errorOnInvalidType()) {
-				throw new ClassCastException(principal + " is not assignable to "
-						+ parameter.getParameterType());
+				throw new ClassCastException(principal + " is not assignable to " + parameter.getParameterType());
 			}
 			else {
 				return null;
@@ -141,26 +136,24 @@ public final class AuthenticationPrincipalArgumentResolver
 
 	/**
 	 * Obtains the specified {@link Annotation} on the specified {@link MethodParameter}.
-	 *
 	 * @param annotationClass the class of the {@link Annotation} to find on the
 	 * {@link MethodParameter}
 	 * @param parameter the {@link MethodParameter} to search for an {@link Annotation}
 	 * @return the {@link Annotation} that was found or null.
 	 */
-	private <T extends Annotation> T findMethodAnnotation(Class<T> annotationClass,
-			MethodParameter parameter) {
+	private <T extends Annotation> T findMethodAnnotation(Class<T> annotationClass, MethodParameter parameter) {
 		T annotation = parameter.getParameterAnnotation(annotationClass);
 		if (annotation != null) {
 			return annotation;
 		}
 		Annotation[] annotationsToSearch = parameter.getParameterAnnotations();
 		for (Annotation toSearch : annotationsToSearch) {
-			annotation = AnnotationUtils.findAnnotation(toSearch.annotationType(),
-					annotationClass);
+			annotation = AnnotationUtils.findAnnotation(toSearch.annotationType(), annotationClass);
 			if (annotation != null) {
 				return annotation;
 			}
 		}
 		return null;
 	}
+
 }
diff --git a/messaging/src/main/java/org/springframework/security/messaging/context/SecurityContextChannelInterceptor.java b/messaging/src/main/java/org/springframework/security/messaging/context/SecurityContextChannelInterceptor.java
index 50f5113dd9..c391e39727 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/context/SecurityContextChannelInterceptor.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/context/SecurityContextChannelInterceptor.java
@@ -41,14 +41,15 @@ import org.springframework.util.Assert;
  */
 public final class SecurityContextChannelInterceptor extends ChannelInterceptorAdapter
 		implements ExecutorChannelInterceptor {
-	private final SecurityContext EMPTY_CONTEXT = SecurityContextHolder
-			.createEmptyContext();
+
+	private final SecurityContext EMPTY_CONTEXT = SecurityContextHolder.createEmptyContext();
+
 	private static final ThreadLocal<Stack<SecurityContext>> ORIGINAL_CONTEXT = new ThreadLocal<>();
 
 	private final String authenticationHeaderName;
 
-	private Authentication anonymous = new AnonymousAuthenticationToken("key",
-			"anonymous", AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS"));
+	private Authentication anonymous = new AnonymousAuthenticationToken("key", "anonymous",
+			AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS"));
 
 	/**
 	 * Creates a new instance using the header of the name
@@ -61,13 +62,11 @@ public final class SecurityContextChannelInterceptor extends ChannelInterceptorA
 	/**
 	 * Creates a new instance that uses the specified header to obtain the
 	 * {@link Authentication}.
-	 *
 	 * @param authenticationHeaderName the header name to obtain the
 	 * {@link Authentication}. Cannot be null.
 	 */
 	public SecurityContextChannelInterceptor(String authenticationHeaderName) {
-		Assert.notNull(authenticationHeaderName,
-				"authenticationHeaderName cannot be null");
+		Assert.notNull(authenticationHeaderName, "authenticationHeaderName cannot be null");
 		this.authenticationHeaderName = authenticationHeaderName;
 	}
 
@@ -78,7 +77,6 @@ public final class SecurityContextChannelInterceptor extends ChannelInterceptorA
 	 * new AnonymousAuthenticationToken(&quot;key&quot;, &quot;anonymous&quot;,
 	 * 		AuthorityUtils.createAuthorityList(&quot;ROLE_ANONYMOUS&quot;));
 	 * </pre>
-	 *
 	 * @param authentication the Authentication used for anonymous authentication. Cannot
 	 * be null.
 	 */
@@ -94,19 +92,16 @@ public final class SecurityContextChannelInterceptor extends ChannelInterceptorA
 	}
 
 	@Override
-	public void afterSendCompletion(Message<?> message, MessageChannel channel,
-			boolean sent, Exception ex) {
+	public void afterSendCompletion(Message<?> message, MessageChannel channel, boolean sent, Exception ex) {
 		cleanup();
 	}
 
-	public Message<?> beforeHandle(Message<?> message, MessageChannel channel,
-			MessageHandler handler) {
+	public Message<?> beforeHandle(Message<?> message, MessageChannel channel, MessageHandler handler) {
 		setup(message);
 		return message;
 	}
 
-	public void afterMessageHandled(Message<?> message, MessageChannel channel,
-			MessageHandler handler, Exception ex) {
+	public void afterMessageHandled(Message<?> message, MessageChannel channel, MessageHandler handler, Exception ex) {
 		cleanup();
 	}
 
@@ -158,4 +153,5 @@ public final class SecurityContextChannelInterceptor extends ChannelInterceptorA
 			SecurityContextHolder.clearContext();
 		}
 	}
+
 }
diff --git a/messaging/src/main/java/org/springframework/security/messaging/handler/invocation/reactive/AuthenticationPrincipalArgumentResolver.java b/messaging/src/main/java/org/springframework/security/messaging/handler/invocation/reactive/AuthenticationPrincipalArgumentResolver.java
index c34fb576ac..a62bae337e 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/handler/invocation/reactive/AuthenticationPrincipalArgumentResolver.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/handler/invocation/reactive/AuthenticationPrincipalArgumentResolver.java
@@ -86,18 +86,17 @@ import java.lang.annotation.Annotation;
  *     }
  * }
  * </pre>
+ *
  * @author Rob Winch
  * @since 5.2
  */
-public class AuthenticationPrincipalArgumentResolver
-		implements HandlerMethodArgumentResolver {
+public class AuthenticationPrincipalArgumentResolver implements HandlerMethodArgumentResolver {
 
 	private ExpressionParser parser = new SpelExpressionParser();
 
 	private BeanResolver beanResolver;
 
-	private ReactiveAdapterRegistry adapterRegistry = ReactiveAdapterRegistry
-			.getSharedInstance();
+	private ReactiveAdapterRegistry adapterRegistry = ReactiveAdapterRegistry.getSharedInstance();
 
 	/**
 	 * Sets the {@link BeanResolver} to be used on the expressions
@@ -109,8 +108,8 @@ public class AuthenticationPrincipalArgumentResolver
 
 	/**
 	 * Sets the {@link ReactiveAdapterRegistry} to be used.
-	 * @param adapterRegistry the {@link ReactiveAdapterRegistry} to use. Cannot be null. Default is
-	 * {@link ReactiveAdapterRegistry#getSharedInstance()}
+	 * @param adapterRegistry the {@link ReactiveAdapterRegistry} to use. Cannot be null.
+	 * Default is {@link ReactiveAdapterRegistry#getSharedInstance()}
 	 */
 	public void setAdapterRegistry(ReactiveAdapterRegistry adapterRegistry) {
 		Assert.notNull(adapterRegistry, "adapterRegistry cannot be null");
@@ -123,21 +122,16 @@ public class AuthenticationPrincipalArgumentResolver
 	}
 
 	public Mono<Object> resolveArgument(MethodParameter parameter, Message<?> message) {
-		ReactiveAdapter adapter = this.adapterRegistry
-				.getAdapter(parameter.getParameterType());
-		return ReactiveSecurityContextHolder.getContext()
-				.map(SecurityContext::getAuthentication).flatMap(a -> {
-					Object p = resolvePrincipal(parameter, a.getPrincipal());
-					Mono<Object> principal = Mono.justOrEmpty(p);
-					return adapter == null ?
-							principal :
-							Mono.just(adapter.fromPublisher(principal));
-				});
+		ReactiveAdapter adapter = this.adapterRegistry.getAdapter(parameter.getParameterType());
+		return ReactiveSecurityContextHolder.getContext().map(SecurityContext::getAuthentication).flatMap(a -> {
+			Object p = resolvePrincipal(parameter, a.getPrincipal());
+			Mono<Object> principal = Mono.justOrEmpty(p);
+			return adapter == null ? principal : Mono.just(adapter.fromPublisher(principal));
+		});
 	}
 
 	private Object resolvePrincipal(MethodParameter parameter, Object principal) {
-		AuthenticationPrincipal authPrincipal = findMethodAnnotation(
-				AuthenticationPrincipal.class, parameter);
+		AuthenticationPrincipal authPrincipal = findMethodAnnotation(AuthenticationPrincipal.class, parameter);
 
 		String expressionToParse = authPrincipal.expression();
 		if (StringUtils.hasLength(expressionToParse)) {
@@ -153,9 +147,7 @@ public class AuthenticationPrincipalArgumentResolver
 		if (isInvalidType(parameter, principal)) {
 
 			if (authPrincipal.errorOnInvalidType()) {
-				throw new ClassCastException(
-						principal + " is not assignable to " + parameter
-								.getParameterType());
+				throw new ClassCastException(principal + " is not assignable to " + parameter.getParameterType());
 			}
 			else {
 				return null;
@@ -170,8 +162,7 @@ public class AuthenticationPrincipalArgumentResolver
 			return false;
 		}
 		Class<?> typeToCheck = parameter.getParameterType();
-		boolean isParameterPublisher = Publisher.class
-				.isAssignableFrom(parameter.getParameterType());
+		boolean isParameterPublisher = Publisher.class.isAssignableFrom(parameter.getParameterType());
 		if (isParameterPublisher) {
 			ResolvableType resolvableType = ResolvableType.forMethodParameter(parameter);
 			Class<?> genericType = resolvableType.resolveGeneric(0);
@@ -185,26 +176,24 @@ public class AuthenticationPrincipalArgumentResolver
 
 	/**
 	 * Obtains the specified {@link Annotation} on the specified {@link MethodParameter}.
-	 *
 	 * @param annotationClass the class of the {@link Annotation} to find on the
-	 *                        {@link MethodParameter}
-	 * @param parameter       the {@link MethodParameter} to search for an {@link Annotation}
+	 * {@link MethodParameter}
+	 * @param parameter the {@link MethodParameter} to search for an {@link Annotation}
 	 * @return the {@link Annotation} that was found or null.
 	 */
-	private <T extends Annotation> T findMethodAnnotation(Class<T> annotationClass,
-			MethodParameter parameter) {
+	private <T extends Annotation> T findMethodAnnotation(Class<T> annotationClass, MethodParameter parameter) {
 		T annotation = parameter.getParameterAnnotation(annotationClass);
 		if (annotation != null) {
 			return annotation;
 		}
 		Annotation[] annotationsToSearch = parameter.getParameterAnnotations();
 		for (Annotation toSearch : annotationsToSearch) {
-			annotation = AnnotationUtils
-					.findAnnotation(toSearch.annotationType(), annotationClass);
+			annotation = AnnotationUtils.findAnnotation(toSearch.annotationType(), annotationClass);
 			if (annotation != null) {
 				return annotation;
 			}
 		}
 		return null;
 	}
+
 }
diff --git a/messaging/src/main/java/org/springframework/security/messaging/handler/invocation/reactive/CurrentSecurityContextArgumentResolver.java b/messaging/src/main/java/org/springframework/security/messaging/handler/invocation/reactive/CurrentSecurityContextArgumentResolver.java
index f771a7d03a..02c7e6a375 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/handler/invocation/reactive/CurrentSecurityContextArgumentResolver.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/handler/invocation/reactive/CurrentSecurityContextArgumentResolver.java
@@ -56,9 +56,9 @@ import java.lang.annotation.Annotation;
  * </pre>
  *
  * <p>
- * Will resolve the SecurityContext argument using the {@link ReactiveSecurityContextHolder}.
- * If the {@link SecurityContext} is empty, it will return null. If the types do not
- * match, null will be returned unless
+ * Will resolve the SecurityContext argument using the
+ * {@link ReactiveSecurityContextHolder}. If the {@link SecurityContext} is empty, it will
+ * return null. If the types do not match, null will be returned unless
  * {@link CurrentSecurityContext#errorOnInvalidType()} is true in which case a
  * {@link ClassCastException} will be thrown.
  *
@@ -85,18 +85,17 @@ import java.lang.annotation.Annotation;
  *     }
  * }
  * </pre>
+ *
  * @author Rob Winch
  * @since 5.2
  */
-public class CurrentSecurityContextArgumentResolver
-		implements HandlerMethodArgumentResolver {
+public class CurrentSecurityContextArgumentResolver implements HandlerMethodArgumentResolver {
 
 	private ExpressionParser parser = new SpelExpressionParser();
 
 	private BeanResolver beanResolver;
 
-	private ReactiveAdapterRegistry adapterRegistry = ReactiveAdapterRegistry
-			.getSharedInstance();
+	private ReactiveAdapterRegistry adapterRegistry = ReactiveAdapterRegistry.getSharedInstance();
 
 	/**
 	 * Sets the {@link BeanResolver} to be used on the expressions
@@ -108,8 +107,8 @@ public class CurrentSecurityContextArgumentResolver
 
 	/**
 	 * Sets the {@link ReactiveAdapterRegistry} to be used.
-	 * @param adapterRegistry the {@link ReactiveAdapterRegistry} to use. Cannot be null. Default is
-	 * {@link ReactiveAdapterRegistry#getSharedInstance()}
+	 * @param adapterRegistry the {@link ReactiveAdapterRegistry} to use. Cannot be null.
+	 * Default is {@link ReactiveAdapterRegistry#getSharedInstance()}
 	 */
 	public void setAdapterRegistry(ReactiveAdapterRegistry adapterRegistry) {
 		Assert.notNull(adapterRegistry, "adapterRegistry cannot be null");
@@ -122,21 +121,16 @@ public class CurrentSecurityContextArgumentResolver
 	}
 
 	public Mono<Object> resolveArgument(MethodParameter parameter, Message<?> message) {
-		ReactiveAdapter adapter = this.adapterRegistry
-				.getAdapter(parameter.getParameterType());
-		return ReactiveSecurityContextHolder.getContext()
-				.flatMap(securityContext -> {
-					Object sc = resolveSecurityContext(parameter, securityContext);
-					Mono<Object> result = Mono.justOrEmpty(sc);
-					return adapter == null ?
-							result :
-							Mono.just(adapter.fromPublisher(result));
-				});
+		ReactiveAdapter adapter = this.adapterRegistry.getAdapter(parameter.getParameterType());
+		return ReactiveSecurityContextHolder.getContext().flatMap(securityContext -> {
+			Object sc = resolveSecurityContext(parameter, securityContext);
+			Mono<Object> result = Mono.justOrEmpty(sc);
+			return adapter == null ? result : Mono.just(adapter.fromPublisher(result));
+		});
 	}
 
 	private Object resolveSecurityContext(MethodParameter parameter, Object securityContext) {
-		CurrentSecurityContext contextAnno = findMethodAnnotation(
-				CurrentSecurityContext.class, parameter);
+		CurrentSecurityContext contextAnno = findMethodAnnotation(CurrentSecurityContext.class, parameter);
 
 		String expressionToParse = contextAnno.expression();
 		if (StringUtils.hasLength(expressionToParse)) {
@@ -152,9 +146,7 @@ public class CurrentSecurityContextArgumentResolver
 		if (isInvalidType(parameter, securityContext)) {
 
 			if (contextAnno.errorOnInvalidType()) {
-				throw new ClassCastException(
-						securityContext + " is not assignable to " + parameter
-								.getParameterType());
+				throw new ClassCastException(securityContext + " is not assignable to " + parameter.getParameterType());
 			}
 			else {
 				return null;
@@ -169,8 +161,7 @@ public class CurrentSecurityContextArgumentResolver
 			return false;
 		}
 		Class<?> typeToCheck = parameter.getParameterType();
-		boolean isParameterPublisher = Publisher.class
-				.isAssignableFrom(parameter.getParameterType());
+		boolean isParameterPublisher = Publisher.class.isAssignableFrom(parameter.getParameterType());
 		if (isParameterPublisher) {
 			ResolvableType resolvableType = ResolvableType.forMethodParameter(parameter);
 			Class<?> genericType = resolvableType.resolveGeneric(0);
@@ -184,26 +175,24 @@ public class CurrentSecurityContextArgumentResolver
 
 	/**
 	 * Obtains the specified {@link Annotation} on the specified {@link MethodParameter}.
-	 *
 	 * @param annotationClass the class of the {@link Annotation} to find on the
-	 *                        {@link MethodParameter}
-	 * @param parameter       the {@link MethodParameter} to search for an {@link Annotation}
+	 * {@link MethodParameter}
+	 * @param parameter the {@link MethodParameter} to search for an {@link Annotation}
 	 * @return the {@link Annotation} that was found or null.
 	 */
-	private <T extends Annotation> T findMethodAnnotation(Class<T> annotationClass,
-			MethodParameter parameter) {
+	private <T extends Annotation> T findMethodAnnotation(Class<T> annotationClass, MethodParameter parameter) {
 		T annotation = parameter.getParameterAnnotation(annotationClass);
 		if (annotation != null) {
 			return annotation;
 		}
 		Annotation[] annotationsToSearch = parameter.getParameterAnnotations();
 		for (Annotation toSearch : annotationsToSearch) {
-			annotation = AnnotationUtils
-					.findAnnotation(toSearch.annotationType(), annotationClass);
+			annotation = AnnotationUtils.findAnnotation(toSearch.annotationType(), annotationClass);
 			if (annotation != null) {
 				return annotation;
 			}
 		}
 		return null;
 	}
+
 }
diff --git a/messaging/src/main/java/org/springframework/security/messaging/util/matcher/AbstractMessageMatcherComposite.java b/messaging/src/main/java/org/springframework/security/messaging/util/matcher/AbstractMessageMatcherComposite.java
index 7f13a639ba..9f03c4abc1 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/util/matcher/AbstractMessageMatcherComposite.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/util/matcher/AbstractMessageMatcherComposite.java
@@ -29,20 +29,19 @@ import org.apache.commons.logging.Log;
  * @since 4.0
  */
 abstract class AbstractMessageMatcherComposite<T> implements MessageMatcher<T> {
+
 	protected final Log LOGGER = getLog(getClass());
 
 	private final List<MessageMatcher<T>> messageMatchers;
 
 	/**
 	 * Creates a new instance
-	 *
 	 * @param messageMatchers the {@link MessageMatcher} instances to try
 	 */
 	AbstractMessageMatcherComposite(List<MessageMatcher<T>> messageMatchers) {
 		notEmpty(messageMatchers, "messageMatchers must contain a value");
 		if (messageMatchers.contains(null)) {
-			throw new IllegalArgumentException(
-					"messageMatchers cannot contain null values");
+			throw new IllegalArgumentException("messageMatchers cannot contain null values");
 		}
 		this.messageMatchers = messageMatchers;
 
@@ -50,7 +49,6 @@ abstract class AbstractMessageMatcherComposite<T> implements MessageMatcher<T> {
 
 	/**
 	 * Creates a new instance
-	 *
 	 * @param messageMatchers the {@link MessageMatcher} instances to try
 	 */
 	@SafeVarargs
@@ -66,4 +64,5 @@ abstract class AbstractMessageMatcherComposite<T> implements MessageMatcher<T> {
 	public String toString() {
 		return getClass().getSimpleName() + "[messageMatchers=" + messageMatchers + "]";
 	}
+
 }
diff --git a/messaging/src/main/java/org/springframework/security/messaging/util/matcher/AndMessageMatcher.java b/messaging/src/main/java/org/springframework/security/messaging/util/matcher/AndMessageMatcher.java
index 03cbc3c98c..9210f59347 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/util/matcher/AndMessageMatcher.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/util/matcher/AndMessageMatcher.java
@@ -26,9 +26,9 @@ import org.springframework.messaging.Message;
  * @since 4.0
  */
 public final class AndMessageMatcher<T> extends AbstractMessageMatcherComposite<T> {
+
 	/**
 	 * Creates a new instance
-	 *
 	 * @param messageMatchers the {@link MessageMatcher} instances to try
 	 */
 	public AndMessageMatcher(List<MessageMatcher<T>> messageMatchers) {
@@ -37,7 +37,6 @@ public final class AndMessageMatcher<T> extends AbstractMessageMatcherComposite<
 
 	/**
 	 * Creates a new instance
-	 *
 	 * @param messageMatchers the {@link MessageMatcher} instances to try
 	 */
 	@SafeVarargs
@@ -59,4 +58,5 @@ public final class AndMessageMatcher<T> extends AbstractMessageMatcherComposite<
 		LOGGER.debug("All messageMatchers returned true");
 		return true;
 	}
+
 }
\ No newline at end of file
diff --git a/messaging/src/main/java/org/springframework/security/messaging/util/matcher/MessageMatcher.java b/messaging/src/main/java/org/springframework/security/messaging/util/matcher/MessageMatcher.java
index 41e2a36229..cab226bb9f 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/util/matcher/MessageMatcher.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/util/matcher/MessageMatcher.java
@@ -46,4 +46,5 @@ public interface MessageMatcher<T> {
 			return "ANY_MESSAGE";
 		}
 	};
+
 }
diff --git a/messaging/src/main/java/org/springframework/security/messaging/util/matcher/OrMessageMatcher.java b/messaging/src/main/java/org/springframework/security/messaging/util/matcher/OrMessageMatcher.java
index b60a8d3d4d..90db0be394 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/util/matcher/OrMessageMatcher.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/util/matcher/OrMessageMatcher.java
@@ -26,9 +26,9 @@ import org.springframework.messaging.Message;
  * @since 4.0
  */
 public final class OrMessageMatcher<T> extends AbstractMessageMatcherComposite<T> {
+
 	/**
 	 * Creates a new instance
-	 *
 	 * @param messageMatchers the {@link MessageMatcher} instances to try
 	 */
 	public OrMessageMatcher(List<MessageMatcher<T>> messageMatchers) {
@@ -37,7 +37,6 @@ public final class OrMessageMatcher<T> extends AbstractMessageMatcherComposite<T
 
 	/**
 	 * Creates a new instance
-	 *
 	 * @param messageMatchers the {@link MessageMatcher} instances to try
 	 */
 	@SafeVarargs
@@ -59,4 +58,5 @@ public final class OrMessageMatcher<T> extends AbstractMessageMatcherComposite<T
 		LOGGER.debug("No matches found");
 		return false;
 	}
+
 }
diff --git a/messaging/src/main/java/org/springframework/security/messaging/util/matcher/SimpDestinationMessageMatcher.java b/messaging/src/main/java/org/springframework/security/messaging/util/matcher/SimpDestinationMessageMatcher.java
index 0db50c1982..54bb2deb73 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/util/matcher/SimpDestinationMessageMatcher.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/util/matcher/SimpDestinationMessageMatcher.java
@@ -36,9 +36,9 @@ import java.util.Map;
  * @author Rob Winch
  */
 public final class SimpDestinationMessageMatcher implements MessageMatcher<Object> {
+
 	public static final MessageMatcher<Object> NULL_DESTINATION_MATCHER = message -> {
-		String destination = SimpMessageHeaderAccessor.getDestination(message
-				.getHeaders());
+		String destination = SimpMessageHeaderAccessor.getDestination(message.getHeaders());
 		return destination == null;
 	};
 
@@ -49,6 +49,7 @@ public final class SimpDestinationMessageMatcher implements MessageMatcher<Objec
 	 * null, this matcher will match every Message.
 	 */
 	private final MessageMatcher<Object> messageTypeMatcher;
+
 	private final String pattern;
 
 	/**
@@ -77,7 +78,6 @@ public final class SimpDestinationMessageMatcher implements MessageMatcher<Objec
 	 * <li>{@code com/&#42;&#42;/test} - matches all destinations ending with {@code test}
 	 * underneath the {@code com} path</li>
 	 * </ul>
-	 *
 	 * @param pattern the pattern to use
 	 */
 	public SimpDestinationMessageMatcher(String pattern) {
@@ -87,7 +87,6 @@ public final class SimpDestinationMessageMatcher implements MessageMatcher<Objec
 	/**
 	 * <p>
 	 * Creates a new instance with the specified pattern and {@link PathMatcher}.
-	 *
 	 * @param pattern the pattern to use
 	 * @param pathMatcher the {@link PathMatcher} to use.
 	 */
@@ -99,24 +98,21 @@ public final class SimpDestinationMessageMatcher implements MessageMatcher<Objec
 	 * <p>
 	 * Creates a new instance with the specified pattern, {@link SimpMessageType}, and
 	 * {@link PathMatcher}.
-	 *
 	 * @param pattern the pattern to use
 	 * @param type the {@link SimpMessageType} to match on or null if any
 	 * {@link SimpMessageType} should be matched.
 	 * @param pathMatcher the {@link PathMatcher} to use.
 	 */
-	private SimpDestinationMessageMatcher(String pattern, SimpMessageType type,
-			PathMatcher pathMatcher) {
+	private SimpDestinationMessageMatcher(String pattern, SimpMessageType type, PathMatcher pathMatcher) {
 		Assert.notNull(pattern, "pattern cannot be null");
 		Assert.notNull(pathMatcher, "pathMatcher cannot be null");
 		if (!isTypeWithDestination(type)) {
-			throw new IllegalArgumentException("SimpMessageType " + type
-					+ " does not contain a destination and so cannot be matched on.");
+			throw new IllegalArgumentException(
+					"SimpMessageType " + type + " does not contain a destination and so cannot be matched on.");
 		}
 
 		this.matcher = pathMatcher;
-		this.messageTypeMatcher = type == null ? ANY_MESSAGE
-				: new SimpMessageTypeMatcher(type);
+		this.messageTypeMatcher = type == null ? ANY_MESSAGE : new SimpMessageTypeMatcher(type);
 		this.pattern = pattern;
 	}
 
@@ -125,17 +121,13 @@ public final class SimpDestinationMessageMatcher implements MessageMatcher<Objec
 			return false;
 		}
 
-		String destination = SimpMessageHeaderAccessor.getDestination(message
-				.getHeaders());
+		String destination = SimpMessageHeaderAccessor.getDestination(message.getHeaders());
 		return destination != null && matcher.match(pattern, destination);
 	}
 
-
-	public Map<String, String> extractPathVariables(Message<?> message){
-		final String destination = SimpMessageHeaderAccessor.getDestination(message
-				.getHeaders());
-		return destination != null ? matcher.extractUriTemplateVariables(pattern, destination)
-				: Collections.emptyMap();
+	public Map<String, String> extractPathVariables(Message<?> message) {
+		final String destination = SimpMessageHeaderAccessor.getDestination(message.getHeaders());
+		return destination != null ? matcher.extractUriTemplateVariables(pattern, destination) : Collections.emptyMap();
 	}
 
 	public MessageMatcher<Object> getMessageTypeMatcher() {
@@ -144,44 +136,37 @@ public final class SimpDestinationMessageMatcher implements MessageMatcher<Objec
 
 	@Override
 	public String toString() {
-		return "SimpDestinationMessageMatcher [matcher=" + matcher
-				+ ", messageTypeMatcher=" + messageTypeMatcher + ", pattern=" + pattern
-				+ "]";
+		return "SimpDestinationMessageMatcher [matcher=" + matcher + ", messageTypeMatcher=" + messageTypeMatcher
+				+ ", pattern=" + pattern + "]";
 	}
 
 	private boolean isTypeWithDestination(SimpMessageType type) {
 		if (type == null) {
 			return true;
 		}
-		return SimpMessageType.MESSAGE.equals(type)
-				|| SimpMessageType.SUBSCRIBE.equals(type);
+		return SimpMessageType.MESSAGE.equals(type) || SimpMessageType.SUBSCRIBE.equals(type);
 	}
 
 	/**
 	 * <p>
 	 * Creates a new instance with the specified pattern,
 	 * {@code SimpMessageType.SUBSCRIBE}, and {@link PathMatcher}.
-	 *
 	 * @param pattern the pattern to use
 	 * @param matcher the {@link PathMatcher} to use.
 	 */
-	public static SimpDestinationMessageMatcher createSubscribeMatcher(String pattern,
-			PathMatcher matcher) {
-		return new SimpDestinationMessageMatcher(pattern, SimpMessageType.SUBSCRIBE,
-				matcher);
+	public static SimpDestinationMessageMatcher createSubscribeMatcher(String pattern, PathMatcher matcher) {
+		return new SimpDestinationMessageMatcher(pattern, SimpMessageType.SUBSCRIBE, matcher);
 	}
 
 	/**
 	 * <p>
 	 * Creates a new instance with the specified pattern, {@code SimpMessageType.MESSAGE},
 	 * and {@link PathMatcher}.
-	 *
 	 * @param pattern the pattern to use
 	 * @param matcher the {@link PathMatcher} to use.
 	 */
-	public static SimpDestinationMessageMatcher createMessageMatcher(String pattern,
-			PathMatcher matcher) {
-		return new SimpDestinationMessageMatcher(pattern, SimpMessageType.MESSAGE,
-				matcher);
+	public static SimpDestinationMessageMatcher createMessageMatcher(String pattern, PathMatcher matcher) {
+		return new SimpDestinationMessageMatcher(pattern, SimpMessageType.MESSAGE, matcher);
 	}
+
 }
diff --git a/messaging/src/main/java/org/springframework/security/messaging/util/matcher/SimpMessageTypeMatcher.java b/messaging/src/main/java/org/springframework/security/messaging/util/matcher/SimpMessageTypeMatcher.java
index 24a66b8f3e..41af99f63b 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/util/matcher/SimpMessageTypeMatcher.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/util/matcher/SimpMessageTypeMatcher.java
@@ -31,11 +31,11 @@ import org.springframework.util.ObjectUtils;
  *
  */
 public class SimpMessageTypeMatcher implements MessageMatcher<Object> {
+
 	private final SimpMessageType typeToMatch;
 
 	/**
 	 * Creates a new instance
-	 *
 	 * @param typeToMatch the {@link SimpMessageType} that will result in a match. Cannot
 	 * be null.
 	 */
@@ -75,4 +75,5 @@ public class SimpMessageTypeMatcher implements MessageMatcher<Object> {
 	public String toString() {
 		return "SimpMessageTypeMatcher [typeToMatch=" + typeToMatch + "]";
 	}
+
 }
diff --git a/messaging/src/main/java/org/springframework/security/messaging/web/csrf/CsrfChannelInterceptor.java b/messaging/src/main/java/org/springframework/security/messaging/web/csrf/CsrfChannelInterceptor.java
index c59858e1a3..0e1a4623b2 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/web/csrf/CsrfChannelInterceptor.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/web/csrf/CsrfChannelInterceptor.java
@@ -37,8 +37,8 @@ import org.springframework.security.web.csrf.MissingCsrfTokenException;
  * @since 4.0
  */
 public final class CsrfChannelInterceptor extends ChannelInterceptorAdapter {
-	private final MessageMatcher<Object> matcher = new SimpMessageTypeMatcher(
-			SimpMessageType.CONNECT);
+
+	private final MessageMatcher<Object> matcher = new SimpMessageTypeMatcher(SimpMessageType.CONNECT);
 
 	@Override
 	public Message<?> preSend(Message<?> message, MessageChannel channel) {
@@ -46,8 +46,7 @@ public final class CsrfChannelInterceptor extends ChannelInterceptorAdapter {
 			return message;
 		}
 
-		Map<String, Object> sessionAttributes = SimpMessageHeaderAccessor
-				.getSessionAttributes(message.getHeaders());
+		Map<String, Object> sessionAttributes = SimpMessageHeaderAccessor.getSessionAttributes(message.getHeaders());
 		CsrfToken expectedToken = sessionAttributes == null ? null
 				: (CsrfToken) sessionAttributes.get(CsrfToken.class.getName());
 
@@ -64,4 +63,5 @@ public final class CsrfChannelInterceptor extends ChannelInterceptorAdapter {
 		}
 		throw new InvalidCsrfTokenException(expectedToken, actualTokenValue);
 	}
+
 }
diff --git a/messaging/src/main/java/org/springframework/security/messaging/web/socket/server/CsrfTokenHandshakeInterceptor.java b/messaging/src/main/java/org/springframework/security/messaging/web/socket/server/CsrfTokenHandshakeInterceptor.java
index 591b87dbb6..0918f6f2bb 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/web/socket/server/CsrfTokenHandshakeInterceptor.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/web/socket/server/CsrfTokenHandshakeInterceptor.java
@@ -36,11 +36,9 @@ import org.springframework.web.socket.server.HandshakeInterceptor;
  */
 public final class CsrfTokenHandshakeInterceptor implements HandshakeInterceptor {
 
-	public boolean beforeHandshake(ServerHttpRequest request,
-			ServerHttpResponse response, WebSocketHandler wsHandler,
+	public boolean beforeHandshake(ServerHttpRequest request, ServerHttpResponse response, WebSocketHandler wsHandler,
 			Map<String, Object> attributes) {
-		HttpServletRequest httpRequest = ((ServletServerHttpRequest) request)
-				.getServletRequest();
+		HttpServletRequest httpRequest = ((ServletServerHttpRequest) request).getServletRequest();
 		CsrfToken token = (CsrfToken) httpRequest.getAttribute(CsrfToken.class.getName());
 		if (token == null) {
 			return true;
@@ -49,7 +47,8 @@ public final class CsrfTokenHandshakeInterceptor implements HandshakeInterceptor
 		return true;
 	}
 
-	public void afterHandshake(ServerHttpRequest request, ServerHttpResponse response,
-			WebSocketHandler wsHandler, Exception exception) {
+	public void afterHandshake(ServerHttpRequest request, ServerHttpResponse response, WebSocketHandler wsHandler,
+			Exception exception) {
 	}
+
 }
diff --git a/messaging/src/test/java/org/springframework/security/messaging/access/expression/DefaultMessageSecurityExpressionHandlerTests.java b/messaging/src/test/java/org/springframework/security/messaging/access/expression/DefaultMessageSecurityExpressionHandlerTests.java
index d5dcdfc2c7..03f8b45913 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/access/expression/DefaultMessageSecurityExpressionHandlerTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/access/expression/DefaultMessageSecurityExpressionHandlerTests.java
@@ -38,8 +38,10 @@ import org.springframework.security.core.authority.AuthorityUtils;
 
 @RunWith(MockitoJUnitRunner.class)
 public class DefaultMessageSecurityExpressionHandlerTests {
+
 	@Mock
 	AuthenticationTrustResolver trustResolver;
+
 	@Mock
 	PermissionEvaluator permissionEvaluator;
 
@@ -61,10 +63,8 @@ public class DefaultMessageSecurityExpressionHandlerTests {
 	// SEC-2705
 	@Test
 	public void trustResolverPopulated() {
-		EvaluationContext context = handler.createEvaluationContext(authentication,
-				message);
-		Expression expression = handler.getExpressionParser().parseExpression(
-				"authenticated");
+		EvaluationContext context = handler.createEvaluationContext(authentication, message);
+		Expression expression = handler.getExpressionParser().parseExpression("authenticated");
 
 		assertThat(ExpressionUtils.evaluateAsBoolean(expression, context)).isFalse();
 	}
@@ -77,10 +77,8 @@ public class DefaultMessageSecurityExpressionHandlerTests {
 	@Test
 	public void trustResolverCustom() {
 		handler.setTrustResolver(trustResolver);
-		EvaluationContext context = handler.createEvaluationContext(authentication,
-				message);
-		Expression expression = handler.getExpressionParser().parseExpression(
-				"authenticated");
+		EvaluationContext context = handler.createEvaluationContext(authentication, message);
+		Expression expression = handler.getExpressionParser().parseExpression("authenticated");
 		when(trustResolver.isAnonymous(authentication)).thenReturn(false);
 
 		assertThat(ExpressionUtils.evaluateAsBoolean(expression, context)).isTrue();
@@ -92,10 +90,8 @@ public class DefaultMessageSecurityExpressionHandlerTests {
 		RoleHierarchyImpl roleHierarchy = new RoleHierarchyImpl();
 		roleHierarchy.setHierarchy("ROLE_ADMIN > ROLE_USER");
 		handler.setRoleHierarchy(roleHierarchy);
-		EvaluationContext context = handler.createEvaluationContext(authentication,
-				message);
-		Expression expression = handler.getExpressionParser().parseExpression(
-				"hasRole('ROLE_USER')");
+		EvaluationContext context = handler.createEvaluationContext(authentication, message);
+		Expression expression = handler.getExpressionParser().parseExpression("hasRole('ROLE_USER')");
 
 		assertThat(ExpressionUtils.evaluateAsBoolean(expression, context)).isTrue();
 	}
@@ -103,13 +99,11 @@ public class DefaultMessageSecurityExpressionHandlerTests {
 	@Test
 	public void permissionEvaluator() {
 		handler.setPermissionEvaluator(permissionEvaluator);
-		EvaluationContext context = handler.createEvaluationContext(authentication,
-				message);
-		Expression expression = handler.getExpressionParser().parseExpression(
-				"hasPermission(message, 'read')");
-		when(permissionEvaluator.hasPermission(authentication, message, "read"))
-				.thenReturn(true);
+		EvaluationContext context = handler.createEvaluationContext(authentication, message);
+		Expression expression = handler.getExpressionParser().parseExpression("hasPermission(message, 'read')");
+		when(permissionEvaluator.hasPermission(authentication, message, "read")).thenReturn(true);
 
 		assertThat(ExpressionUtils.evaluateAsBoolean(expression, context)).isTrue();
 	}
+
 }
diff --git a/messaging/src/test/java/org/springframework/security/messaging/access/expression/ExpressionBasedMessageSecurityMetadataSourceFactoryTests.java b/messaging/src/test/java/org/springframework/security/messaging/access/expression/ExpressionBasedMessageSecurityMetadataSourceFactoryTests.java
index 3d5f813866..61f9d05a4d 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/access/expression/ExpressionBasedMessageSecurityMetadataSourceFactoryTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/access/expression/ExpressionBasedMessageSecurityMetadataSourceFactoryTests.java
@@ -35,12 +35,16 @@ import java.util.LinkedHashMap;
 
 @RunWith(MockitoJUnitRunner.class)
 public class ExpressionBasedMessageSecurityMetadataSourceFactoryTests {
+
 	@Mock
 	MessageMatcher<Object> matcher1;
+
 	@Mock
 	MessageMatcher<Object> matcher2;
+
 	@Mock
 	Message<Object> message;
+
 	@Mock
 	Authentication authentication;
 
@@ -83,9 +87,8 @@ public class ExpressionBasedMessageSecurityMetadataSourceFactoryTests {
 		assertThat(attrs).hasSize(1);
 		ConfigAttribute attr = attrs.iterator().next();
 		assertThat(attr).isInstanceOf(MessageExpressionConfigAttribute.class);
-		assertThat(
-				((MessageExpressionConfigAttribute) attr).getAuthorizeExpression()
-						.getValue(rootObject)).isEqualTo(true);
+		assertThat(((MessageExpressionConfigAttribute) attr).getAuthorizeExpression().getValue(rootObject))
+				.isEqualTo(true);
 	}
 
 	@Test
@@ -97,8 +100,8 @@ public class ExpressionBasedMessageSecurityMetadataSourceFactoryTests {
 		assertThat(attrs).hasSize(1);
 		ConfigAttribute attr = attrs.iterator().next();
 		assertThat(attr).isInstanceOf(MessageExpressionConfigAttribute.class);
-		assertThat(
-				((MessageExpressionConfigAttribute) attr).getAuthorizeExpression()
-						.getValue(rootObject)).isEqualTo(false);
+		assertThat(((MessageExpressionConfigAttribute) attr).getAuthorizeExpression().getValue(rootObject))
+				.isEqualTo(false);
 	}
+
 }
diff --git a/messaging/src/test/java/org/springframework/security/messaging/access/expression/MessageExpressionConfigAttributeTests.java b/messaging/src/test/java/org/springframework/security/messaging/access/expression/MessageExpressionConfigAttributeTests.java
index 95d9a9f901..799aaf3df0 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/access/expression/MessageExpressionConfigAttributeTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/access/expression/MessageExpressionConfigAttributeTests.java
@@ -33,6 +33,7 @@ import static org.mockito.Mockito.*;
 
 @RunWith(MockitoJUnitRunner.class)
 public class MessageExpressionConfigAttributeTests {
+
 	@Mock
 	Expression expression;
 
@@ -76,7 +77,8 @@ public class MessageExpressionConfigAttributeTests {
 	@Test
 	public void postProcessContext() {
 		SimpDestinationMessageMatcher matcher = new SimpDestinationMessageMatcher("/topics/{topic}/**");
-		Message<?> message = MessageBuilder.withPayload("M").setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "/topics/someTopic/sub1").build();
+		Message<?> message = MessageBuilder.withPayload("M")
+				.setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "/topics/someTopic/sub1").build();
 		EvaluationContext context = mock(EvaluationContext.class);
 
 		attribute = new MessageExpressionConfigAttribute(expression, matcher);
@@ -84,4 +86,5 @@ public class MessageExpressionConfigAttributeTests {
 
 		verify(context).setVariable("topic", "someTopic");
 	}
+
 }
diff --git a/messaging/src/test/java/org/springframework/security/messaging/access/expression/MessageExpressionVoterTests.java b/messaging/src/test/java/org/springframework/security/messaging/access/expression/MessageExpressionVoterTests.java
index 93104c608a..b2daa2c874 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/access/expression/MessageExpressionVoterTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/access/expression/MessageExpressionVoterTests.java
@@ -38,17 +38,24 @@ import static org.springframework.security.access.AccessDecisionVoter.*;
 
 @RunWith(MockitoJUnitRunner.class)
 public class MessageExpressionVoterTests {
+
 	@Mock
 	Authentication authentication;
+
 	@Mock
 	Message<Object> message;
+
 	Collection<ConfigAttribute> attributes;
+
 	@Mock
 	Expression expression;
+
 	@Mock
 	MessageMatcher<?> matcher;
+
 	@Mock
 	SecurityExpressionHandler<Message> expressionHandler;
+
 	@Mock
 	EvaluationContext evaluationContext;
 
@@ -56,33 +63,27 @@ public class MessageExpressionVoterTests {
 
 	@Before
 	public void setup() {
-		attributes = Arrays
-				.<ConfigAttribute> asList(new MessageExpressionConfigAttribute(expression, matcher));
+		attributes = Arrays.<ConfigAttribute>asList(new MessageExpressionConfigAttribute(expression, matcher));
 
 		voter = new MessageExpressionVoter();
 	}
 
 	@Test
 	public void voteGranted() {
-		when(expression.getValue(any(EvaluationContext.class), eq(Boolean.class)))
-				.thenReturn(true);
-		assertThat(voter.vote(authentication, message, attributes)).isEqualTo(
-				ACCESS_GRANTED);
+		when(expression.getValue(any(EvaluationContext.class), eq(Boolean.class))).thenReturn(true);
+		assertThat(voter.vote(authentication, message, attributes)).isEqualTo(ACCESS_GRANTED);
 	}
 
 	@Test
 	public void voteDenied() {
-		when(expression.getValue(any(EvaluationContext.class), eq(Boolean.class)))
-				.thenReturn(false);
-		assertThat(voter.vote(authentication, message, attributes)).isEqualTo(
-				ACCESS_DENIED);
+		when(expression.getValue(any(EvaluationContext.class), eq(Boolean.class))).thenReturn(false);
+		assertThat(voter.vote(authentication, message, attributes)).isEqualTo(ACCESS_DENIED);
 	}
 
 	@Test
 	public void voteAbstain() {
-		attributes = Arrays.<ConfigAttribute> asList(new SecurityConfig("ROLE_USER"));
-		assertThat(voter.vote(authentication, message, attributes)).isEqualTo(
-				ACCESS_ABSTAIN);
+		attributes = Arrays.<ConfigAttribute>asList(new SecurityConfig("ROLE_USER"));
+		assertThat(voter.vote(authentication, message, attributes)).isEqualTo(ACCESS_ABSTAIN);
 	}
 
 	@Test
@@ -102,8 +103,7 @@ public class MessageExpressionVoterTests {
 
 	@Test
 	public void supportsMessageExpressionConfigAttributeTrue() {
-		assertThat(voter.supports(new MessageExpressionConfigAttribute(expression, matcher)))
-				.isTrue();
+		assertThat(voter.supports(new MessageExpressionConfigAttribute(expression, matcher))).isTrue();
 	}
 
 	@Test(expected = IllegalArgumentException.class)
@@ -114,29 +114,26 @@ public class MessageExpressionVoterTests {
 	@Test
 	public void customExpressionHandler() {
 		voter.setExpressionHandler(expressionHandler);
-		when(expressionHandler.createEvaluationContext(authentication, message))
-				.thenReturn(evaluationContext);
+		when(expressionHandler.createEvaluationContext(authentication, message)).thenReturn(evaluationContext);
 		when(expression.getValue(evaluationContext, Boolean.class)).thenReturn(true);
 
-		assertThat(voter.vote(authentication, message, attributes)).isEqualTo(
-				ACCESS_GRANTED);
+		assertThat(voter.vote(authentication, message, attributes)).isEqualTo(ACCESS_GRANTED);
 
 		verify(expressionHandler).createEvaluationContext(authentication, message);
 	}
 
 	@Test
-	public void postProcessEvaluationContext(){
+	public void postProcessEvaluationContext() {
 		final MessageExpressionConfigAttribute configAttribute = mock(MessageExpressionConfigAttribute.class);
 		voter.setExpressionHandler(expressionHandler);
 		when(expressionHandler.createEvaluationContext(authentication, message)).thenReturn(evaluationContext);
 		when(configAttribute.getAuthorizeExpression()).thenReturn(expression);
-		attributes = Arrays.<ConfigAttribute> asList(configAttribute);
+		attributes = Arrays.<ConfigAttribute>asList(configAttribute);
 		when(configAttribute.postProcess(evaluationContext, message)).thenReturn(evaluationContext);
-		when(expression.getValue(any(EvaluationContext.class), eq(Boolean.class)))
-				.thenReturn(true);
+		when(expression.getValue(any(EvaluationContext.class), eq(Boolean.class))).thenReturn(true);
 
-		assertThat(voter.vote(authentication, message, attributes)).isEqualTo(
-				ACCESS_GRANTED);
+		assertThat(voter.vote(authentication, message, attributes)).isEqualTo(ACCESS_GRANTED);
 		verify(configAttribute).postProcess(evaluationContext, message);
 	}
+
 }
diff --git a/messaging/src/test/java/org/springframework/security/messaging/access/intercept/ChannelSecurityInterceptorTests.java b/messaging/src/test/java/org/springframework/security/messaging/access/intercept/ChannelSecurityInterceptorTests.java
index 991186ea48..d961ecc141 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/access/intercept/ChannelSecurityInterceptorTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/access/intercept/ChannelSecurityInterceptorTests.java
@@ -44,16 +44,22 @@ import static org.mockito.Mockito.when;
 
 @RunWith(MockitoJUnitRunner.class)
 public class ChannelSecurityInterceptorTests {
+
 	@Mock
 	Message<Object> message;
+
 	@Mock
 	MessageChannel channel;
+
 	@Mock
 	MessageSecurityMetadataSource source;
+
 	@Mock
 	AccessDecisionManager accessDecisionManager;
+
 	@Mock
 	RunAsManager runAsManager;
+
 	@Mock
 	Authentication runAs;
 
@@ -65,7 +71,7 @@ public class ChannelSecurityInterceptorTests {
 
 	@Before
 	public void setup() {
-		attrs = Arrays.<ConfigAttribute> asList(new SecurityConfig("ROLE_USER"));
+		attrs = Arrays.<ConfigAttribute>asList(new SecurityConfig("ROLE_USER"));
 		interceptor = new ChannelSecurityInterceptor(source);
 		interceptor.setAccessDecisionManager(accessDecisionManager);
 		interceptor.setRunAsManager(runAsManager);
@@ -111,8 +117,8 @@ public class ChannelSecurityInterceptorTests {
 	@Test(expected = AccessDeniedException.class)
 	public void preSendDeny() {
 		when(source.getAttributes(message)).thenReturn(attrs);
-		doThrow(new AccessDeniedException("")).when(accessDecisionManager).decide(
-				any(Authentication.class), eq(message), eq(attrs));
+		doThrow(new AccessDeniedException("")).when(accessDecisionManager).decide(any(Authentication.class),
+				eq(message), eq(attrs));
 
 		interceptor.preSend(message, channel);
 	}
@@ -121,19 +127,15 @@ public class ChannelSecurityInterceptorTests {
 	@Test
 	public void preSendPostSendRunAs() {
 		when(source.getAttributes(message)).thenReturn(attrs);
-		when(
-				runAsManager.buildRunAs(any(Authentication.class), any(),
-						any(Collection.class))).thenReturn(runAs);
+		when(runAsManager.buildRunAs(any(Authentication.class), any(), any(Collection.class))).thenReturn(runAs);
 
 		Message<?> preSend = interceptor.preSend(message, channel);
 
-		assertThat(SecurityContextHolder.getContext().getAuthentication())
-				.isSameAs(runAs);
+		assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(runAs);
 
 		interceptor.postSend(preSend, channel, true);
 
-		assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(
-				originalAuth);
+		assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(originalAuth);
 	}
 
 	@Test
@@ -145,19 +147,15 @@ public class ChannelSecurityInterceptorTests {
 	@Test
 	public void preSendFinallySendRunAs() {
 		when(source.getAttributes(message)).thenReturn(attrs);
-		when(
-				runAsManager.buildRunAs(any(Authentication.class), any(),
-						any(Collection.class))).thenReturn(runAs);
+		when(runAsManager.buildRunAs(any(Authentication.class), any(), any(Collection.class))).thenReturn(runAs);
 
 		Message<?> preSend = interceptor.preSend(message, channel);
 
-		assertThat(SecurityContextHolder.getContext().getAuthentication())
-				.isSameAs(runAs);
+		assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(runAs);
 
 		interceptor.afterSendCompletion(preSend, channel, true, new RuntimeException());
 
-		assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(
-				originalAuth);
+		assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(originalAuth);
 	}
 
 	@Test
@@ -174,4 +172,5 @@ public class ChannelSecurityInterceptorTests {
 	public void afterReceiveCompletionNullExceptionNoExceptionThrown() {
 		interceptor.afterReceiveCompletion(message, channel, null);
 	}
+
 }
diff --git a/messaging/src/test/java/org/springframework/security/messaging/access/intercept/DefaultMessageSecurityMetadataSourceTests.java b/messaging/src/test/java/org/springframework/security/messaging/access/intercept/DefaultMessageSecurityMetadataSourceTests.java
index 6702abe267..a38dadc8f6 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/access/intercept/DefaultMessageSecurityMetadataSourceTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/access/intercept/DefaultMessageSecurityMetadataSourceTests.java
@@ -35,12 +35,16 @@ import static org.powermock.api.mockito.PowerMockito.when;
 
 @RunWith(MockitoJUnitRunner.class)
 public class DefaultMessageSecurityMetadataSourceTests {
+
 	@Mock
 	MessageMatcher<Object> matcher1;
+
 	@Mock
 	MessageMatcher<Object> matcher2;
+
 	@Mock
 	Message<?> message;
+
 	@Mock
 	Authentication authentication;
 
@@ -55,8 +59,8 @@ public class DefaultMessageSecurityMetadataSourceTests {
 	@Before
 	public void setup() {
 		messageMap = new LinkedHashMap<>();
-		messageMap.put(matcher1, Arrays.<ConfigAttribute> asList(config1));
-		messageMap.put(matcher2, Arrays.<ConfigAttribute> asList(config2));
+		messageMap.put(matcher1, Arrays.<ConfigAttribute>asList(config1));
+		messageMap.put(matcher2, Arrays.<ConfigAttribute>asList(config2));
 
 		source = new DefaultMessageSecurityMetadataSource(messageMap);
 	}
@@ -94,4 +98,5 @@ public class DefaultMessageSecurityMetadataSourceTests {
 	public void supportsTrue() {
 		assertThat(source.supports(Message.class)).isTrue();
 	}
+
 }
diff --git a/messaging/src/test/java/org/springframework/security/messaging/context/AuthenticationPrincipalArgumentResolverTests.java b/messaging/src/test/java/org/springframework/security/messaging/context/AuthenticationPrincipalArgumentResolverTests.java
index 55e31111b1..36628ad6d3 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/context/AuthenticationPrincipalArgumentResolverTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/context/AuthenticationPrincipalArgumentResolverTests.java
@@ -40,7 +40,9 @@ import org.springframework.util.ReflectionUtils;
  *
  */
 public class AuthenticationPrincipalArgumentResolverTests {
+
 	private Object expectedPrincipal;
+
 	private AuthenticationPrincipalArgumentResolver resolver;
 
 	@Before
@@ -82,38 +84,32 @@ public class AuthenticationPrincipalArgumentResolverTests {
 	@Test
 	public void resolveArgumentString() throws Exception {
 		setAuthenticationPrincipal("john");
-		assertThat(resolver.resolveArgument(showUserAnnotationString(), null)).isEqualTo(
-				expectedPrincipal);
+		assertThat(resolver.resolveArgument(showUserAnnotationString(), null)).isEqualTo(expectedPrincipal);
 	}
 
 	@Test
 	public void resolveArgumentPrincipalStringOnObject() throws Exception {
 		setAuthenticationPrincipal("john");
-		assertThat(resolver.resolveArgument(showUserAnnotationObject(), null)).isEqualTo(
-				expectedPrincipal);
+		assertThat(resolver.resolveArgument(showUserAnnotationObject(), null)).isEqualTo(expectedPrincipal);
 	}
 
 	@Test
 	public void resolveArgumentUserDetails() throws Exception {
-		setAuthenticationPrincipal(new User("user", "password",
-				AuthorityUtils.createAuthorityList("ROLE_USER")));
-		assertThat(resolver.resolveArgument(showUserAnnotationUserDetails(), null))
-				.isEqualTo(expectedPrincipal);
+		setAuthenticationPrincipal(new User("user", "password", AuthorityUtils.createAuthorityList("ROLE_USER")));
+		assertThat(resolver.resolveArgument(showUserAnnotationUserDetails(), null)).isEqualTo(expectedPrincipal);
 	}
 
 	@Test
 	public void resolveArgumentCustomUserPrincipal() throws Exception {
 		setAuthenticationPrincipal(new CustomUserPrincipal());
-		assertThat(
-				resolver.resolveArgument(showUserAnnotationCustomUserPrincipal(), null))
+		assertThat(resolver.resolveArgument(showUserAnnotationCustomUserPrincipal(), null))
 				.isEqualTo(expectedPrincipal);
 	}
 
 	@Test
 	public void resolveArgumentCustomAnnotation() throws Exception {
 		setAuthenticationPrincipal(new CustomUserPrincipal());
-		assertThat(resolver.resolveArgument(showUserCustomAnnotation(), null)).isEqualTo(
-				expectedPrincipal);
+		assertThat(resolver.resolveArgument(showUserCustomAnnotation(), null)).isEqualTo(expectedPrincipal);
 	}
 
 	@Test
@@ -121,8 +117,7 @@ public class AuthenticationPrincipalArgumentResolverTests {
 		CustomUserPrincipal principal = new CustomUserPrincipal();
 		setAuthenticationPrincipal(principal);
 		this.expectedPrincipal = principal.property;
-		assertThat(this.resolver.resolveArgument(showUserSpel(), null))
-				.isEqualTo(this.expectedPrincipal);
+		assertThat(this.resolver.resolveArgument(showUserSpel(), null)).isEqualTo(this.expectedPrincipal);
 	}
 
 	@Test
@@ -155,8 +150,7 @@ public class AuthenticationPrincipalArgumentResolverTests {
 	@Test
 	public void resolveArgumentObject() throws Exception {
 		setAuthenticationPrincipal(new Object());
-		assertThat(resolver.resolveArgument(showUserAnnotationObject(), null)).isEqualTo(
-				expectedPrincipal);
+		assertThat(resolver.resolveArgument(showUserAnnotationObject(), null)).isEqualTo(expectedPrincipal);
 	}
 
 	private MethodParameter showUserNoAnnotation() {
@@ -172,8 +166,7 @@ public class AuthenticationPrincipalArgumentResolverTests {
 	}
 
 	private MethodParameter showUserAnnotationCurrentUserErrorOnInvalidType() {
-		return getMethodParameter("showUserAnnotationCurrentUserErrorOnInvalidType",
-				String.class);
+		return getMethodParameter("showUserAnnotationCurrentUserErrorOnInvalidType", String.class);
 	}
 
 	private MethodParameter showUserAnnotationUserDetails() {
@@ -201,8 +194,7 @@ public class AuthenticationPrincipalArgumentResolverTests {
 	}
 
 	private MethodParameter getMethodParameter(String methodName, Class<?>... paramTypes) {
-		Method method = ReflectionUtils.findMethod(TestController.class, methodName,
-				paramTypes);
+		Method method = ReflectionUtils.findMethod(TestController.class, methodName, paramTypes);
 		return new MethodParameter(method, 0);
 	}
 
@@ -210,15 +202,18 @@ public class AuthenticationPrincipalArgumentResolverTests {
 	@Retention(RetentionPolicy.RUNTIME)
 	@AuthenticationPrincipal
 	static @interface CurrentUser {
+
 	}
 
 	@Target({ ElementType.PARAMETER })
 	@Retention(RetentionPolicy.RUNTIME)
 	@AuthenticationPrincipal(errorOnInvalidType = true)
 	static @interface CurrentUserErrorOnInvalidType {
+
 	}
 
 	public static class TestController {
+
 		public void showUserNoAnnotation(String user) {
 		}
 
@@ -229,8 +224,7 @@ public class AuthenticationPrincipalArgumentResolverTests {
 				@AuthenticationPrincipal(errorOnInvalidType = true) String user) {
 		}
 
-		public void showUserAnnotationCurrentUserErrorOnInvalidType(
-				@CurrentUserErrorOnInvalidType String user) {
+		public void showUserAnnotationCurrentUserErrorOnInvalidType(@CurrentUserErrorOnInvalidType String user) {
 		}
 
 		public void showUserAnnotation(@AuthenticationPrincipal UserDetails user) {
@@ -245,20 +239,23 @@ public class AuthenticationPrincipalArgumentResolverTests {
 		public void showUserAnnotation(@AuthenticationPrincipal Object user) {
 		}
 
-		public void showUserSpel(
-				@AuthenticationPrincipal(expression = "property") String user) {
+		public void showUserSpel(@AuthenticationPrincipal(expression = "property") String user) {
 		}
 
-		public void showUserSpelCopy(
-				@AuthenticationPrincipal(expression = "new org.springframework.security.messaging.context.AuthenticationPrincipalArgumentResolverTests$CopyUserPrincipal(#this)") CopyUserPrincipal user) {
+		public void showUserSpelCopy(@AuthenticationPrincipal(
+				expression = "new org.springframework.security.messaging.context.AuthenticationPrincipalArgumentResolverTests$CopyUserPrincipal(#this)") CopyUserPrincipal user) {
 		}
+
 	}
 
 	static class CustomUserPrincipal {
+
 		public final String property = "property";
+
 	}
 
 	public static class CopyUserPrincipal {
+
 		public final String property;
 
 		public CopyUserPrincipal(String property) {
@@ -273,8 +270,7 @@ public class AuthenticationPrincipalArgumentResolverTests {
 		public int hashCode() {
 			final int prime = 31;
 			int result = 1;
-			result = prime * result
-					+ ((this.property == null) ? 0 : this.property.hashCode());
+			result = prime * result + ((this.property == null) ? 0 : this.property.hashCode());
 			return result;
 		}
 
@@ -300,13 +296,13 @@ public class AuthenticationPrincipalArgumentResolverTests {
 			}
 			return true;
 		}
+
 	}
 
 	private void setAuthenticationPrincipal(Object principal) {
 		this.expectedPrincipal = principal;
 		SecurityContextHolder.getContext()
-				.setAuthentication(
-						new TestingAuthenticationToken(expectedPrincipal, "password",
-								"ROLE_USER"));
+				.setAuthentication(new TestingAuthenticationToken(expectedPrincipal, "password", "ROLE_USER"));
 	}
+
 }
diff --git a/messaging/src/test/java/org/springframework/security/messaging/context/SecurityContextChannelInterceptorTests.java b/messaging/src/test/java/org/springframework/security/messaging/context/SecurityContextChannelInterceptorTests.java
index 56e784bc6a..8352806911 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/context/SecurityContextChannelInterceptorTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/context/SecurityContextChannelInterceptorTests.java
@@ -39,10 +39,13 @@ import static org.springframework.security.core.context.SecurityContextHolder.*;
 
 @RunWith(MockitoJUnitRunner.class)
 public class SecurityContextChannelInterceptorTests {
+
 	@Mock
 	MessageChannel channel;
+
 	@Mock
 	MessageHandler handler;
+
 	@Mock
 	Principal principal;
 
@@ -82,8 +85,7 @@ public class SecurityContextChannelInterceptorTests {
 
 		interceptor.preSend(messageBuilder.build(), channel);
 
-		assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(
-				authentication);
+		assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(authentication);
 	}
 
 	@Test
@@ -92,8 +94,7 @@ public class SecurityContextChannelInterceptorTests {
 
 		interceptor.preSend(messageBuilder.build(), channel);
 
-		assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(
-				authentication);
+		assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(authentication);
 	}
 
 	@Test(expected = IllegalArgumentException.class)
@@ -103,8 +104,8 @@ public class SecurityContextChannelInterceptorTests {
 
 	@Test
 	public void preSendUsesCustomAnonymous() {
-		expectedAnonymous = new AnonymousAuthenticationToken("customKey",
-				"customAnonymous", AuthorityUtils.createAuthorityList("ROLE_CUSTOM"));
+		expectedAnonymous = new AnonymousAuthenticationToken("customKey", "customAnonymous",
+				AuthorityUtils.createAuthorityList("ROLE_CUSTOM"));
 		interceptor.setAnonymousAuthentication(expectedAnonymous);
 
 		interceptor.preSend(messageBuilder.build(), channel);
@@ -160,8 +161,7 @@ public class SecurityContextChannelInterceptorTests {
 
 		interceptor.beforeHandle(messageBuilder.build(), channel, handler);
 
-		assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(
-				authentication);
+		assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(authentication);
 	}
 
 	// SEC-2845
@@ -201,20 +201,17 @@ public class SecurityContextChannelInterceptorTests {
 	// SEC-2829
 	@Test
 	public void restoresOriginalContext() {
-		TestingAuthenticationToken original = new TestingAuthenticationToken("original",
-				"original", "ROLE_USER");
+		TestingAuthenticationToken original = new TestingAuthenticationToken("original", "original", "ROLE_USER");
 		SecurityContextHolder.getContext().setAuthentication(original);
 
 		messageBuilder.setHeader(SimpMessageHeaderAccessor.USER_HEADER, authentication);
 		interceptor.beforeHandle(messageBuilder.build(), channel, handler);
 
-		assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(
-				authentication);
+		assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(authentication);
 
 		interceptor.afterMessageHandled(messageBuilder.build(), channel, handler, null);
 
-		assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(
-				original);
+		assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(original);
 	}
 
 	/**
@@ -223,48 +220,41 @@ public class SecurityContextChannelInterceptorTests {
 	 */
 	@Test
 	public void restoresOriginalContextNestedThreeDeep() {
-		AnonymousAuthenticationToken anonymous = new AnonymousAuthenticationToken("key",
-				"anonymous", AuthorityUtils.createAuthorityList("ROLE_USER"));
+		AnonymousAuthenticationToken anonymous = new AnonymousAuthenticationToken("key", "anonymous",
+				AuthorityUtils.createAuthorityList("ROLE_USER"));
 
-		TestingAuthenticationToken origional = new TestingAuthenticationToken("original",
-				"origional", "ROLE_USER");
+		TestingAuthenticationToken origional = new TestingAuthenticationToken("original", "origional", "ROLE_USER");
 		SecurityContextHolder.getContext().setAuthentication(origional);
 
 		messageBuilder.setHeader(SimpMessageHeaderAccessor.USER_HEADER, authentication);
 		interceptor.beforeHandle(messageBuilder.build(), channel, handler);
 
-		assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(
-				authentication);
+		assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(authentication);
 
 		// start send websocket
 		messageBuilder.setHeader(SimpMessageHeaderAccessor.USER_HEADER, null);
 		interceptor.beforeHandle(messageBuilder.build(), channel, handler);
 
-		assertThat(SecurityContextHolder.getContext().getAuthentication().getName())
-				.isEqualTo(anonymous.getName());
+		assertThat(SecurityContextHolder.getContext().getAuthentication().getName()).isEqualTo(anonymous.getName());
 
 		interceptor.afterMessageHandled(messageBuilder.build(), channel, handler, null);
 
-		assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(
-				authentication);
+		assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(authentication);
 		// end send websocket
 
 		interceptor.afterMessageHandled(messageBuilder.build(), channel, handler, null);
 
-		assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(
-				origional);
+		assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(origional);
 	}
 
 	private void assertAnonymous() {
-		Authentication currentAuthentication = SecurityContextHolder.getContext()
-				.getAuthentication();
-		assertThat(currentAuthentication)
-				.isInstanceOf(AnonymousAuthenticationToken.class);
+		Authentication currentAuthentication = SecurityContextHolder.getContext().getAuthentication();
+		assertThat(currentAuthentication).isInstanceOf(AnonymousAuthenticationToken.class);
 
 		AnonymousAuthenticationToken anonymous = (AnonymousAuthenticationToken) currentAuthentication;
 		assertThat(anonymous.getName()).isEqualTo(expectedAnonymous.getName());
-		assertThat(anonymous.getAuthorities()).containsOnlyElementsOf(
-				expectedAnonymous.getAuthorities());
+		assertThat(anonymous.getAuthorities()).containsOnlyElementsOf(expectedAnonymous.getAuthorities());
 		assertThat(anonymous.getKeyHash()).isEqualTo(expectedAnonymous.getKeyHash());
 	}
+
 }
diff --git a/messaging/src/test/java/org/springframework/security/messaging/handler/invocation/ResolvableMethod.java b/messaging/src/test/java/org/springframework/security/messaging/handler/invocation/ResolvableMethod.java
index 7651e2eb2b..9f969752e4 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/handler/invocation/ResolvableMethod.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/handler/invocation/ResolvableMethod.java
@@ -57,27 +57,29 @@ import org.springframework.util.ReflectionUtils;
 import static java.util.stream.Collectors.joining;
 
 /**
- * NOTE: This class is a replica of the same class in spring-web so it can
- * be used for tests in spring-messaging.
+ * NOTE: This class is a replica of the same class in spring-web so it can be used for
+ * tests in spring-messaging.
  *
- * <p>Convenience class to resolve method parameters from hints.
+ * <p>
+ * Convenience class to resolve method parameters from hints.
  *
  * <h1>Background</h1>
  *
- * <p>When testing annotated methods we create test classes such as
- * "TestController" with a diverse range of method signatures representing
- * supported annotations and argument types. It becomes challenging to use
- * naming strategies to keep track of methods and arguments especially in
- * combination with variables for reflection metadata.
+ * <p>
+ * When testing annotated methods we create test classes such as "TestController" with a
+ * diverse range of method signatures representing supported annotations and argument
+ * types. It becomes challenging to use naming strategies to keep track of methods and
+ * arguments especially in combination with variables for reflection metadata.
  *
- * <p>The idea with {@link ResolvableMethod} is NOT to rely on naming techniques
- * but to use hints to zero in on method parameters. Such hints can be strongly
- * typed and explicit about what is being tested.
+ * <p>
+ * The idea with {@link ResolvableMethod} is NOT to rely on naming techniques but to use
+ * hints to zero in on method parameters. Such hints can be strongly typed and explicit
+ * about what is being tested.
  *
  * <h2>1. Declared Return Type</h2>
  *
- * When testing return types it's likely to have many methods with a unique
- * return type, possibly with or without an annotation.
+ * When testing return types it's likely to have many methods with a unique return type,
+ * possibly with or without an annotation.
  *
  * <pre>
  * import static org.springframework.web.method.ResolvableMethod.on;
@@ -100,8 +102,8 @@ import static java.util.stream.Collectors.joining;
  *
  * <h2>2. Method Arguments</h2>
  *
- * When testing method arguments it's more likely to have one or a small number
- * of methods with a wide array of argument types and parameter annotations.
+ * When testing method arguments it's more likely to have one or a small number of methods
+ * with a wide array of argument types and parameter annotations.
  *
  * <pre>
  * import static org.springframework.web.method.MvcAnnotationPredicates.requestParam;
@@ -136,16 +138,13 @@ public class ResolvableMethod {
 	// Matches ValueConstants.DEFAULT_NONE (spring-web and spring-messaging)
 	private static final String DEFAULT_VALUE_NONE = "\n\t\t\n\t\t\n\uE000\uE001\uE002\n\t\t\t\t\n";
 
-
 	private final Method method;
 
-
 	private ResolvableMethod(Method method) {
 		Assert.notNull(method, "'method' is required");
 		this.method = method;
 	}
 
-
 	/**
 	 * Return the resolved method.
 	 */
@@ -188,8 +187,8 @@ public class ResolvableMethod {
 	}
 
 	/**
-	 * Filter on method arguments with annotation.
-	 * See {@link org.springframework.web.method.MvcAnnotationPredicates}.
+	 * Filter on method arguments with annotation. See
+	 * {@link org.springframework.web.method.MvcAnnotationPredicates}.
 	 */
 	@SafeVarargs
 	public final ArgResolver annot(Predicate<MethodParameter>... filter) {
@@ -210,25 +209,21 @@ public class ResolvableMethod {
 		return new ArgResolver().annotNotPresent(annotationTypes);
 	}
 
-
 	@Override
 	public String toString() {
 		return "ResolvableMethod=" + formatMethod();
 	}
 
-
 	private String formatMethod() {
-		return (method().getName() +
-				Arrays.stream(this.method.getParameters())
-						.map(this::formatParameter)
-						.collect(joining(",\n\t", "(\n\t", "\n)")));
+		return (method().getName() + Arrays.stream(this.method.getParameters()).map(this::formatParameter)
+				.collect(joining(",\n\t", "(\n\t", "\n)")));
 	}
 
 	private String formatParameter(Parameter param) {
 		Annotation[] anns = param.getAnnotations();
-		return (anns.length > 0 ?
-				Arrays.stream(anns).map(this::formatAnnotation).collect(joining(",", "[", "]")) + " " + param :
-				param.toString());
+		return (anns.length > 0
+				? Arrays.stream(anns).map(this::formatAnnotation).collect(joining(",", "[", "]")) + " " + param
+				: param.toString());
 	}
 
 	private String formatAnnotation(Annotation annotation) {
@@ -242,8 +237,8 @@ public class ResolvableMethod {
 	}
 
 	private static ResolvableType toResolvableType(Class<?> type, Class<?>... generics) {
-		return (ObjectUtils.isEmpty(generics) ? ResolvableType.forClass(type) :
-				ResolvableType.forClassWithGenerics(type, generics));
+		return (ObjectUtils.isEmpty(generics) ? ResolvableType.forClass(type)
+				: ResolvableType.forClassWithGenerics(type, generics));
 	}
 
 	private static ResolvableType toResolvableType(Class<?> type, ResolvableType generic, ResolvableType... generics) {
@@ -253,7 +248,6 @@ public class ResolvableMethod {
 		return ResolvableType.forClassWithGenerics(type, genericTypes);
 	}
 
-
 	/**
 	 * Create a {@code ResolvableMethod} builder for the given handler class.
 	 */
@@ -261,7 +255,6 @@ public class ResolvableMethod {
 		return new Builder<>(objectClass);
 	}
 
-
 	/**
 	 * Builder for {@code ResolvableMethod}.
 	 */
@@ -271,13 +264,11 @@ public class ResolvableMethod {
 
 		private final List<Predicate<Method>> filters = new ArrayList<>(4);
 
-
 		private Builder(Class<?> objectClass) {
 			Assert.notNull(objectClass, "Class must not be null");
 			this.objectClass = objectClass;
 		}
 
-
 		private void addFilter(String message, Predicate<Method> filter) {
 			this.filters.add(new LabeledPredicate<>(message, filter));
 		}
@@ -294,15 +285,14 @@ public class ResolvableMethod {
 		 * Filter on methods with the given parameter types.
 		 */
 		public Builder<T> argTypes(Class<?>... argTypes) {
-			addFilter("argTypes=" + Arrays.toString(argTypes), method ->
-					ObjectUtils.isEmpty(argTypes) ? method.getParameterCount() == 0 :
-							Arrays.equals(method.getParameterTypes(), argTypes));
+			addFilter("argTypes=" + Arrays.toString(argTypes), method -> ObjectUtils.isEmpty(argTypes)
+					? method.getParameterCount() == 0 : Arrays.equals(method.getParameterTypes(), argTypes));
 			return this;
 		}
 
 		/**
-		 * Filter on annotated methods.
-		 * See {@link org.springframework.web.method.MvcAnnotationPredicates}.
+		 * Filter on annotated methods. See
+		 * {@link org.springframework.web.method.MvcAnnotationPredicates}.
 		 */
 		@SafeVarargs
 		public final Builder<T> annot(Predicate<Method>... filters) {
@@ -312,15 +302,14 @@ public class ResolvableMethod {
 
 		/**
 		 * Filter on methods annotated with the given annotation type.
-		 * @see #annot(Predicate[])
-		 * See {@link org.springframework.web.method.MvcAnnotationPredicates}.
+		 * @see #annot(Predicate[]) See
+		 * {@link org.springframework.web.method.MvcAnnotationPredicates}.
 		 */
 		@SafeVarargs
 		public final Builder<T> annotPresent(Class<? extends Annotation>... annotationTypes) {
 			String message = "annotationPresent=" + Arrays.toString(annotationTypes);
-			addFilter(message, method ->
-					Arrays.stream(annotationTypes).allMatch(annotType ->
-							AnnotatedElementUtils.findMergedAnnotation(method, annotType) != null));
+			addFilter(message, method -> Arrays.stream(annotationTypes)
+					.allMatch(annotType -> AnnotatedElementUtils.findMergedAnnotation(method, annotType) != null));
 			return this;
 		}
 
@@ -332,8 +321,8 @@ public class ResolvableMethod {
 			String message = "annotationNotPresent=" + Arrays.toString(annotationTypes);
 			addFilter(message, method -> {
 				if (annotationTypes.length != 0) {
-					return Arrays.stream(annotationTypes).noneMatch(annotType ->
-							AnnotatedElementUtils.findMergedAnnotation(method, annotType) != null);
+					return Arrays.stream(annotationTypes).noneMatch(
+							annotType -> AnnotatedElementUtils.findMergedAnnotation(method, annotType) != null);
 				}
 				else {
 					return method.getAnnotations().length == 0;
@@ -373,10 +362,11 @@ public class ResolvableMethod {
 		}
 
 		/**
-		 * Build a {@code ResolvableMethod} from the provided filters which must
-		 * resolve to a unique, single method.
-		 * <p>See additional resolveXxx shortcut methods going directly to
-		 * {@link Method} or return type parameter.
+		 * Build a {@code ResolvableMethod} from the provided filters which must resolve
+		 * to a unique, single method.
+		 * <p>
+		 * See additional resolveXxx shortcut methods going directly to {@link Method} or
+		 * return type parameter.
 		 * @throws IllegalStateException for no match or multiple matches
 		 */
 		public ResolvableMethod method() {
@@ -391,8 +381,8 @@ public class ResolvableMethod {
 		}
 
 		private String formatMethods(Set<Method> methods) {
-			return "\nMatched:\n" + methods.stream()
-					.map(Method::toGenericString).collect(joining(",\n\t", "[\n\t", "\n]"));
+			return "\nMatched:\n"
+					+ methods.stream().map(Method::toGenericString).collect(joining(",\n\t", "[\n\t", "\n]"));
 		}
 
 		public ResolvableMethod mockCall(Consumer<T> invoker) {
@@ -403,12 +393,12 @@ public class ResolvableMethod {
 			return new ResolvableMethod(method);
 		}
 
-
 		// Build & resolve shortcuts...
 
 		/**
 		 * Resolve and return the {@code Method} equivalent to:
-		 * <p>{@code build().method()}
+		 * <p>
+		 * {@code build().method()}
 		 */
 		public final Method resolveMethod() {
 			return method().method();
@@ -416,7 +406,8 @@ public class ResolvableMethod {
 
 		/**
 		 * Resolve and return the {@code Method} equivalent to:
-		 * <p>{@code named(methodName).build().method()}
+		 * <p>
+		 * {@code named(methodName).build().method()}
 		 */
 		public Method resolveMethod(String methodName) {
 			return named(methodName).method().method();
@@ -424,7 +415,8 @@ public class ResolvableMethod {
 
 		/**
 		 * Resolve and return the declared return type equivalent to:
-		 * <p>{@code build().returnType()}
+		 * <p>
+		 * {@code build().returnType()}
 		 */
 		public final MethodParameter resolveReturnType() {
 			return method().returnType();
@@ -432,7 +424,8 @@ public class ResolvableMethod {
 
 		/**
 		 * Shortcut to the unique return type equivalent to:
-		 * <p>{@code returning(returnType).build().returnType()}
+		 * <p>
+		 * {@code returning(returnType).build().returnType()}
 		 * @param returnType the return type
 		 * @param generics optional array of generic types
 		 */
@@ -442,7 +435,8 @@ public class ResolvableMethod {
 
 		/**
 		 * Shortcut to the unique return type equivalent to:
-		 * <p>{@code returning(returnType).build().returnType()}
+		 * <p>
+		 * {@code returning(returnType).build().returnType()}
 		 * @param returnType the return type
 		 * @param generic at least one generic type
 		 * @param generics optional extra generic types
@@ -457,20 +451,17 @@ public class ResolvableMethod {
 			return returning(returnType).method().returnType();
 		}
 
-
 		@Override
 		public String toString() {
-			return "ResolvableMethod.Builder[\n" +
-					"\tobjectClass = " + this.objectClass.getName() + ",\n" +
-					"\tfilters = " + formatFilters() + "\n]";
+			return "ResolvableMethod.Builder[\n" + "\tobjectClass = " + this.objectClass.getName() + ",\n"
+					+ "\tfilters = " + formatFilters() + "\n]";
 		}
 
 		private String formatFilters() {
-			return this.filters.stream().map(Object::toString)
-					.collect(joining(",\n\t\t", "[\n\t\t", "\n\t]"));
+			return this.filters.stream().map(Object::toString).collect(joining(",\n\t\t", "[\n\t\t", "\n\t]"));
 		}
-	}
 
+	}
 
 	/**
 	 * Predicate with a descriptive label.
@@ -481,13 +472,11 @@ public class ResolvableMethod {
 
 		private final Predicate<T> delegate;
 
-
 		private LabeledPredicate(String label, Predicate<T> delegate) {
 			this.label = label;
 			this.delegate = delegate;
 		}
 
-
 		@Override
 		public boolean test(T method) {
 			return this.delegate.test(method);
@@ -512,8 +501,8 @@ public class ResolvableMethod {
 		public String toString() {
 			return this.label;
 		}
-	}
 
+	}
 
 	/**
 	 * Resolver for method arguments.
@@ -522,15 +511,14 @@ public class ResolvableMethod {
 
 		private final List<Predicate<MethodParameter>> filters = new ArrayList<>(4);
 
-
 		@SafeVarargs
 		private ArgResolver(Predicate<MethodParameter>... filter) {
 			this.filters.addAll(Arrays.asList(filter));
 		}
 
 		/**
-		 * Filter on method arguments with annotations.
-		 * See {@link org.springframework.web.method.MvcAnnotationPredicates}.
+		 * Filter on method arguments with annotations. See
+		 * {@link org.springframework.web.method.MvcAnnotationPredicates}.
 		 */
 		@SafeVarargs
 		public final ArgResolver annot(Predicate<MethodParameter>... filters) {
@@ -541,8 +529,8 @@ public class ResolvableMethod {
 		/**
 		 * Filter on method arguments that have the given annotations.
 		 * @param annotationTypes the annotation types
-		 * @see #annot(Predicate[])
-		 * See {@link org.springframework.web.method.MvcAnnotationPredicates}.
+		 * @see #annot(Predicate[]) See
+		 * {@link org.springframework.web.method.MvcAnnotationPredicates}.
 		 */
 		@SafeVarargs
 		public final ArgResolver annotPresent(Class<? extends Annotation>... annotationTypes) {
@@ -556,10 +544,9 @@ public class ResolvableMethod {
 		 */
 		@SafeVarargs
 		public final ArgResolver annotNotPresent(Class<? extends Annotation>... annotationTypes) {
-			this.filters.add(param ->
-					(annotationTypes.length > 0 ?
-							Arrays.stream(annotationTypes).noneMatch(param::hasParameterAnnotation) :
-							param.getParameterAnnotations().length == 0));
+			this.filters.add(param -> (annotationTypes.length > 0
+					? Arrays.stream(annotationTypes).noneMatch(param::hasParameterAnnotation)
+					: param.getParameterAnnotations().length == 0));
 			return this;
 		}
 
@@ -593,14 +580,12 @@ public class ResolvableMethod {
 		 */
 		public final MethodParameter arg() {
 			List<MethodParameter> matches = applyFilters();
-			Assert.state(!matches.isEmpty(), () ->
-					"No matching arg in method\n" + formatMethod());
-			Assert.state(matches.size() == 1, () ->
-					"Multiple matching args in method\n" + formatMethod() + "\nMatches:\n\t" + matches);
+			Assert.state(!matches.isEmpty(), () -> "No matching arg in method\n" + formatMethod());
+			Assert.state(matches.size() == 1,
+					() -> "Multiple matching args in method\n" + formatMethod() + "\nMatches:\n\t" + matches);
 			return matches.get(0);
 		}
 
-
 		private List<MethodParameter> applyFilters() {
 			List<MethodParameter> matches = new ArrayList<>();
 			for (int i = 0; i < method.getParameterCount(); i++) {
@@ -612,15 +597,14 @@ public class ResolvableMethod {
 			}
 			return matches;
 		}
-	}
 
+	}
 
 	private static class MethodInvocationInterceptor
 			implements org.springframework.cglib.proxy.MethodInterceptor, MethodInterceptor {
 
 		private Method invokedMethod;
 
-
 		Method getInvokedMethod() {
 			return this.invokedMethod;
 		}
@@ -642,6 +626,7 @@ public class ResolvableMethod {
 		public Object invoke(org.aopalliance.intercept.MethodInvocation inv) throws Throwable {
 			return intercept(inv.getThis(), inv.getMethod(), inv.getArguments(), null);
 		}
+
 	}
 
 	@SuppressWarnings("unchecked")
@@ -658,7 +643,7 @@ public class ResolvableMethod {
 		else {
 			Enhancer enhancer = new Enhancer();
 			enhancer.setSuperclass(type);
-			enhancer.setInterfaces(new Class<?>[] {Supplier.class});
+			enhancer.setInterfaces(new Class<?>[] { Supplier.class });
 			enhancer.setNamingPolicy(SpringNamingPolicy.INSTANCE);
 			enhancer.setCallbackType(org.springframework.cglib.proxy.MethodInterceptor.class);
 
@@ -679,12 +664,13 @@ public class ResolvableMethod {
 					proxy = ReflectionUtils.accessibleConstructor(proxyClass).newInstance();
 				}
 				catch (Throwable ex) {
-					throw new IllegalStateException("Unable to instantiate proxy " +
-							"via both Objenesis and default constructor fails as well", ex);
+					throw new IllegalStateException(
+							"Unable to instantiate proxy " + "via both Objenesis and default constructor fails as well",
+							ex);
 				}
 			}
 
-			((Factory) proxy).setCallbacks(new Callback[] {interceptor});
+			((Factory) proxy).setCallbacks(new Callback[] { interceptor });
 			return (T) proxy;
 		}
 	}
diff --git a/messaging/src/test/java/org/springframework/security/messaging/handler/invocation/reactive/AuthenticationPrincipalArgumentResolverTests.java b/messaging/src/test/java/org/springframework/security/messaging/handler/invocation/reactive/AuthenticationPrincipalArgumentResolverTests.java
index c2748493cf..73ae9dfa76 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/handler/invocation/reactive/AuthenticationPrincipalArgumentResolverTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/handler/invocation/reactive/AuthenticationPrincipalArgumentResolverTests.java
@@ -36,6 +36,7 @@ import static org.assertj.core.api.Assertions.*;
  * @author Rob Winch
  */
 public class AuthenticationPrincipalArgumentResolverTests {
+
 	private AuthenticationPrincipalArgumentResolver resolver = new AuthenticationPrincipalArgumentResolver();
 
 	@Test
@@ -52,9 +53,9 @@ public class AuthenticationPrincipalArgumentResolverTests {
 	@Test
 	public void resolveArgumentWhenAuthenticationPrincipalThenFound() {
 		Authentication authentication = TestAuthentication.authenticatedUser();
-		Mono<UserDetails> result = (Mono<UserDetails>) this.resolver.resolveArgument(arg0("authenticationPrincipalOnMonoUserDetails"), null)
-				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication))
-				.block();
+		Mono<UserDetails> result = (Mono<UserDetails>) this.resolver
+				.resolveArgument(arg0("authenticationPrincipalOnMonoUserDetails"), null)
+				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication)).block();
 		assertThat(result.block()).isEqualTo(authentication.getPrincipal());
 	}
 
@@ -70,9 +71,9 @@ public class AuthenticationPrincipalArgumentResolverTests {
 	@Test
 	public void resolveArgumentWhenMonoAndAuthenticationPrincipalThenFound() {
 		Authentication authentication = TestAuthentication.authenticatedUser();
-		Mono<UserDetails> result = (Mono<UserDetails>) this.resolver.resolveArgument(arg0("currentUserOnMonoUserDetails"), null)
-				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication))
-				.block();
+		Mono<UserDetails> result = (Mono<UserDetails>) this.resolver
+				.resolveArgument(arg0("currentUserOnMonoUserDetails"), null)
+				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication)).block();
 		assertThat(result.block()).isEqualTo(authentication.getPrincipal());
 	}
 
@@ -83,14 +84,15 @@ public class AuthenticationPrincipalArgumentResolverTests {
 	@Test
 	public void resolveArgumentWhenExpressionThenFound() {
 		Authentication authentication = TestAuthentication.authenticatedUser();
-		Mono<String> result = (Mono<String>) this.resolver.resolveArgument(arg0("authenticationPrincipalExpression"), null)
-				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication))
-				.block();
+		Mono<String> result = (Mono<String>) this.resolver
+				.resolveArgument(arg0("authenticationPrincipalExpression"), null)
+				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication)).block();
 		assertThat(result.block()).isEqualTo(authentication.getName());
 	}
 
 	@SuppressWarnings("unused")
-	private void authenticationPrincipalExpression(@AuthenticationPrincipal(expression = "username") Mono<String> username) {
+	private void authenticationPrincipalExpression(
+			@AuthenticationPrincipal(expression = "username") Mono<String> username) {
 	}
 
 	@Test
@@ -109,5 +111,8 @@ public class AuthenticationPrincipalArgumentResolverTests {
 
 	@AuthenticationPrincipal
 	@Retention(RetentionPolicy.RUNTIME)
-	@interface CurrentUser {}
+	@interface CurrentUser {
+
+	}
+
 }
diff --git a/messaging/src/test/java/org/springframework/security/messaging/handler/invocation/reactive/CurrentSecurityContextArgumentResolverTests.java b/messaging/src/test/java/org/springframework/security/messaging/handler/invocation/reactive/CurrentSecurityContextArgumentResolverTests.java
index dba93aa552..d24540ceca 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/handler/invocation/reactive/CurrentSecurityContextArgumentResolverTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/handler/invocation/reactive/CurrentSecurityContextArgumentResolverTests.java
@@ -37,6 +37,7 @@ import static org.assertj.core.api.Assertions.assertThat;
  * @author Rob Winch
  */
 public class CurrentSecurityContextArgumentResolverTests {
+
 	private CurrentSecurityContextArgumentResolver resolver = new CurrentSecurityContextArgumentResolver();
 
 	@Test
@@ -46,16 +47,17 @@ public class CurrentSecurityContextArgumentResolverTests {
 
 	@Test
 	public void resolveArgumentWhenAuthenticationPrincipalAndEmptyContextThenNull() {
-		Object result = this.resolver.resolveArgument(arg0("currentSecurityContextOnMonoSecurityContext"), null).block();
+		Object result = this.resolver.resolveArgument(arg0("currentSecurityContextOnMonoSecurityContext"), null)
+				.block();
 		assertThat(result).isNull();
 	}
 
 	@Test
 	public void resolveArgumentWhenAuthenticationPrincipalThenFound() {
 		Authentication authentication = TestAuthentication.authenticatedUser();
-		Mono<SecurityContext> result = (Mono<SecurityContext>) this.resolver.resolveArgument(arg0("currentSecurityContextOnMonoSecurityContext"), null)
-				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication))
-				.block();
+		Mono<SecurityContext> result = (Mono<SecurityContext>) this.resolver
+				.resolveArgument(arg0("currentSecurityContextOnMonoSecurityContext"), null)
+				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication)).block();
 		assertThat(result.block().getAuthentication()).isEqualTo(authentication);
 	}
 
@@ -71,9 +73,9 @@ public class CurrentSecurityContextArgumentResolverTests {
 	@Test
 	public void resolveArgumentWhenMonoAndAuthenticationPrincipalThenFound() {
 		Authentication authentication = TestAuthentication.authenticatedUser();
-		Mono<UserDetails> result = (Mono<UserDetails>) this.resolver.resolveArgument(arg0("currentUserOnMonoUserDetails"), null)
-				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication))
-				.block();
+		Mono<UserDetails> result = (Mono<UserDetails>) this.resolver
+				.resolveArgument(arg0("currentUserOnMonoUserDetails"), null)
+				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication)).block();
 		assertThat(result.block()).isEqualTo(authentication.getPrincipal());
 	}
 
@@ -84,14 +86,15 @@ public class CurrentSecurityContextArgumentResolverTests {
 	@Test
 	public void resolveArgumentWhenExpressionThenFound() {
 		Authentication authentication = TestAuthentication.authenticatedUser();
-		Mono<String> result = (Mono<String>) this.resolver.resolveArgument(arg0("authenticationPrincipalExpression"), null)
-				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication))
-				.block();
+		Mono<String> result = (Mono<String>) this.resolver
+				.resolveArgument(arg0("authenticationPrincipalExpression"), null)
+				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication)).block();
 		assertThat(result.block()).isEqualTo(authentication.getName());
 	}
 
 	@SuppressWarnings("unused")
-	private void authenticationPrincipalExpression(@CurrentSecurityContext(expression = "authentication?.principal?.username") Mono<String> username) {
+	private void authenticationPrincipalExpression(
+			@CurrentSecurityContext(expression = "authentication?.principal?.username") Mono<String> username) {
 	}
 
 	@Test
@@ -110,5 +113,8 @@ public class CurrentSecurityContextArgumentResolverTests {
 
 	@CurrentSecurityContext(expression = "authentication?.principal")
 	@Retention(RetentionPolicy.RUNTIME)
-	@interface CurrentUser {}
+	@interface CurrentUser {
+
+	}
+
 }
diff --git a/messaging/src/test/java/org/springframework/security/messaging/util/matcher/AndMessageMatcherTests.java b/messaging/src/test/java/org/springframework/security/messaging/util/matcher/AndMessageMatcherTests.java
index f0d3777729..0a637e4fc4 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/util/matcher/AndMessageMatcherTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/util/matcher/AndMessageMatcherTests.java
@@ -30,6 +30,7 @@ import org.springframework.messaging.Message;
 
 @RunWith(MockitoJUnitRunner.class)
 public class AndMessageMatcherTests {
+
 	@Mock
 	private MessageMatcher<Object> delegate;
 
@@ -113,4 +114,5 @@ public class AndMessageMatcherTests {
 
 		assertThat(matcher.matches(message)).isFalse();
 	}
+
 }
diff --git a/messaging/src/test/java/org/springframework/security/messaging/util/matcher/OrMessageMatcherTests.java b/messaging/src/test/java/org/springframework/security/messaging/util/matcher/OrMessageMatcherTests.java
index 8f4843ab43..87295c0c58 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/util/matcher/OrMessageMatcherTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/util/matcher/OrMessageMatcherTests.java
@@ -30,6 +30,7 @@ import org.springframework.messaging.Message;
 
 @RunWith(MockitoJUnitRunner.class)
 public class OrMessageMatcherTests {
+
 	@Mock
 	private MessageMatcher<Object> delegate;
 
@@ -112,4 +113,5 @@ public class OrMessageMatcherTests {
 
 		assertThat(matcher.matches(message)).isTrue();
 	}
+
 }
diff --git a/messaging/src/test/java/org/springframework/security/messaging/util/matcher/SimpDestinationMessageMatcherTests.java b/messaging/src/test/java/org/springframework/security/messaging/util/matcher/SimpDestinationMessageMatcherTests.java
index 4ebe6cf797..daa8ba19de 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/util/matcher/SimpDestinationMessageMatcherTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/util/matcher/SimpDestinationMessageMatcherTests.java
@@ -26,6 +26,7 @@ import org.springframework.util.AntPathMatcher;
 import org.springframework.util.PathMatcher;
 
 public class SimpDestinationMessageMatcherTests {
+
 	MessageBuilder<String> messageBuilder;
 
 	SimpDestinationMessageMatcher matcher;
@@ -55,8 +56,7 @@ public class SimpDestinationMessageMatcherTests {
 
 	@Test
 	public void matchesAllWithDestination() {
-		messageBuilder.setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER,
-				"/destination/1");
+		messageBuilder.setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "/destination/1");
 
 		assertThat(matcher.matches(messageBuilder.build())).isTrue();
 	}
@@ -65,8 +65,7 @@ public class SimpDestinationMessageMatcherTests {
 	public void matchesSpecificWithDestination() {
 		matcher = new SimpDestinationMessageMatcher("/destination/1");
 
-		messageBuilder.setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER,
-				"/destination/1");
+		messageBuilder.setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "/destination/1");
 
 		assertThat(matcher.matches(messageBuilder.build())).isTrue();
 	}
@@ -75,43 +74,36 @@ public class SimpDestinationMessageMatcherTests {
 	public void matchesFalseWithDestination() {
 		matcher = new SimpDestinationMessageMatcher("/nomatch");
 
-		messageBuilder.setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER,
-				"/destination/1");
+		messageBuilder.setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "/destination/1");
 
 		assertThat(matcher.matches(messageBuilder.build())).isFalse();
 	}
 
 	@Test
 	public void matchesFalseMessageTypeNotDisconnectType() {
-		matcher = SimpDestinationMessageMatcher.createMessageMatcher("/match",
-				pathMatcher);
+		matcher = SimpDestinationMessageMatcher.createMessageMatcher("/match", pathMatcher);
 
-		messageBuilder.setHeader(SimpMessageHeaderAccessor.MESSAGE_TYPE_HEADER,
-				SimpMessageType.DISCONNECT);
+		messageBuilder.setHeader(SimpMessageHeaderAccessor.MESSAGE_TYPE_HEADER, SimpMessageType.DISCONNECT);
 
 		assertThat(matcher.matches(messageBuilder.build())).isFalse();
 	}
 
 	@Test
 	public void matchesTrueMessageType() {
-		matcher = SimpDestinationMessageMatcher.createMessageMatcher("/match",
-				pathMatcher);
+		matcher = SimpDestinationMessageMatcher.createMessageMatcher("/match", pathMatcher);
 
 		messageBuilder.setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "/match");
-		messageBuilder.setHeader(SimpMessageHeaderAccessor.MESSAGE_TYPE_HEADER,
-				SimpMessageType.MESSAGE);
+		messageBuilder.setHeader(SimpMessageHeaderAccessor.MESSAGE_TYPE_HEADER, SimpMessageType.MESSAGE);
 
 		assertThat(matcher.matches(messageBuilder.build())).isTrue();
 	}
 
 	@Test
 	public void matchesTrueSubscribeType() {
-		matcher = SimpDestinationMessageMatcher.createSubscribeMatcher("/match",
-				pathMatcher);
+		matcher = SimpDestinationMessageMatcher.createSubscribeMatcher("/match", pathMatcher);
 
 		messageBuilder.setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "/match");
-		messageBuilder.setHeader(SimpMessageHeaderAccessor.MESSAGE_TYPE_HEADER,
-				SimpMessageType.SUBSCRIBE);
+		messageBuilder.setHeader(SimpMessageHeaderAccessor.MESSAGE_TYPE_HEADER, SimpMessageType.SUBSCRIBE);
 
 		assertThat(matcher.matches(messageBuilder.build())).isTrue();
 	}
@@ -121,8 +113,7 @@ public class SimpDestinationMessageMatcherTests {
 		matcher = new SimpDestinationMessageMatcher("/match");
 
 		messageBuilder.setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "/match");
-		messageBuilder.setHeader(SimpMessageHeaderAccessor.MESSAGE_TYPE_HEADER,
-				SimpMessageType.MESSAGE);
+		messageBuilder.setHeader(SimpMessageHeaderAccessor.MESSAGE_TYPE_HEADER, SimpMessageType.MESSAGE);
 
 		assertThat(matcher.matches(messageBuilder.build())).isTrue();
 	}
@@ -132,8 +123,7 @@ public class SimpDestinationMessageMatcherTests {
 		matcher = new SimpDestinationMessageMatcher("/topics/{topic}/**");
 
 		messageBuilder.setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "/topics/someTopic/sub1");
-		messageBuilder.setHeader(SimpMessageHeaderAccessor.MESSAGE_TYPE_HEADER,
-				SimpMessageType.MESSAGE);
+		messageBuilder.setHeader(SimpMessageHeaderAccessor.MESSAGE_TYPE_HEADER, SimpMessageType.MESSAGE);
 
 		assertThat(matcher.extractPathVariables(messageBuilder.build()).get("topic")).isEqualTo("someTopic");
 	}
@@ -146,11 +136,9 @@ public class SimpDestinationMessageMatcherTests {
 
 	@Test
 	public void typeConstructorParameterIsTransmitted() {
-		matcher = SimpDestinationMessageMatcher.createMessageMatcher("/match",
-				pathMatcher);
+		matcher = SimpDestinationMessageMatcher.createMessageMatcher("/match", pathMatcher);
 
-		MessageMatcher<Object> expectedTypeMatcher = new SimpMessageTypeMatcher(
-				SimpMessageType.MESSAGE);
+		MessageMatcher<Object> expectedTypeMatcher = new SimpMessageTypeMatcher(SimpMessageType.MESSAGE);
 
 		assertThat(matcher.getMessageTypeMatcher()).isEqualTo(expectedTypeMatcher);
 
diff --git a/messaging/src/test/java/org/springframework/security/messaging/util/matcher/SimpMessageTypeMatcherTests.java b/messaging/src/test/java/org/springframework/security/messaging/util/matcher/SimpMessageTypeMatcherTests.java
index 0ef2cf05a4..57115af1b3 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/util/matcher/SimpMessageTypeMatcherTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/util/matcher/SimpMessageTypeMatcherTests.java
@@ -25,6 +25,7 @@ import org.springframework.messaging.simp.SimpMessageType;
 import org.springframework.messaging.support.MessageBuilder;
 
 public class SimpMessageTypeMatcherTests {
+
 	private SimpMessageTypeMatcher matcher;
 
 	@Before
@@ -39,20 +40,16 @@ public class SimpMessageTypeMatcherTests {
 
 	@Test
 	public void matchesMessageMessageTrue() {
-		Message<String> message = MessageBuilder
-				.withPayload("Hi")
-				.setHeader(SimpMessageHeaderAccessor.MESSAGE_TYPE_HEADER,
-						SimpMessageType.MESSAGE).build();
+		Message<String> message = MessageBuilder.withPayload("Hi")
+				.setHeader(SimpMessageHeaderAccessor.MESSAGE_TYPE_HEADER, SimpMessageType.MESSAGE).build();
 
 		assertThat(matcher.matches(message)).isTrue();
 	}
 
 	@Test
 	public void matchesMessageConnectFalse() {
-		Message<String> message = MessageBuilder
-				.withPayload("Hi")
-				.setHeader(SimpMessageHeaderAccessor.MESSAGE_TYPE_HEADER,
-						SimpMessageType.CONNECT).build();
+		Message<String> message = MessageBuilder.withPayload("Hi")
+				.setHeader(SimpMessageHeaderAccessor.MESSAGE_TYPE_HEADER, SimpMessageType.CONNECT).build();
 
 		assertThat(matcher.matches(message)).isFalse();
 	}
@@ -63,4 +60,5 @@ public class SimpMessageTypeMatcherTests {
 
 		assertThat(matcher.matches(message)).isFalse();
 	}
+
 }
diff --git a/messaging/src/test/java/org/springframework/security/messaging/web/csrf/CsrfChannelInterceptorTests.java b/messaging/src/test/java/org/springframework/security/messaging/web/csrf/CsrfChannelInterceptorTests.java
index 7c37cd4c60..71aab036d0 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/web/csrf/CsrfChannelInterceptorTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/web/csrf/CsrfChannelInterceptorTests.java
@@ -35,6 +35,7 @@ import org.springframework.security.web.csrf.MissingCsrfTokenException;
 
 @RunWith(MockitoJUnitRunner.class)
 public class CsrfChannelInterceptorTests {
+
 	@Mock
 	MessageChannel channel;
 
@@ -125,8 +126,7 @@ public class CsrfChannelInterceptorTests {
 
 	@Test(expected = InvalidCsrfTokenException.class)
 	public void preSendInvalidToken() {
-		messageHeaders.setNativeHeader(token.getHeaderName(), token.getToken()
-				+ "invalid");
+		messageHeaders.setNativeHeader(token.getHeaderName(), token.getToken() + "invalid");
 
 		interceptor.preSend(message(), channel);
 	}
@@ -149,4 +149,5 @@ public class CsrfChannelInterceptorTests {
 		Map<String, Object> headersToCopy = messageHeaders.toMap();
 		return MessageBuilder.withPayload("hi").copyHeaders(headersToCopy).build();
 	}
+
 }
diff --git a/messaging/src/test/java/org/springframework/security/messaging/web/socket/server/CsrfTokenHandshakeInterceptorTests.java b/messaging/src/test/java/org/springframework/security/messaging/web/socket/server/CsrfTokenHandshakeInterceptorTests.java
index 6a36e5de8c..027da27ecf 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/web/socket/server/CsrfTokenHandshakeInterceptorTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/web/socket/server/CsrfTokenHandshakeInterceptorTests.java
@@ -34,13 +34,14 @@ import java.util.Map;
 import static org.assertj.core.api.Assertions.assertThat;
 
 /**
- *
  * @author Rob Winch
  */
 @RunWith(MockitoJUnitRunner.class)
 public class CsrfTokenHandshakeInterceptorTests {
+
 	@Mock
 	WebSocketHandler wsHandler;
+
 	@Mock
 	ServerHttpResponse response;
 
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizationCodeOAuth2AuthorizedClientProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizationCodeOAuth2AuthorizedClientProvider.java
index 7ff23c3ceb..ff6d24e17b 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizationCodeOAuth2AuthorizedClientProvider.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizationCodeOAuth2AuthorizedClientProvider.java
@@ -21,8 +21,8 @@ import org.springframework.security.oauth2.core.AuthorizationGrantType;
 import org.springframework.util.Assert;
 
 /**
- * An implementation of an {@link OAuth2AuthorizedClientProvider}
- * for the {@link AuthorizationGrantType#AUTHORIZATION_CODE authorization_code} grant.
+ * An implementation of an {@link OAuth2AuthorizedClientProvider} for the
+ * {@link AuthorizationGrantType#AUTHORIZATION_CODE authorization_code} grant.
  *
  * @author Joe Grandja
  * @since 5.2
@@ -31,24 +31,28 @@ import org.springframework.util.Assert;
 public final class AuthorizationCodeOAuth2AuthorizedClientProvider implements OAuth2AuthorizedClientProvider {
 
 	/**
-	 * Attempt to authorize the {@link OAuth2AuthorizationContext#getClientRegistration() client} in the provided {@code context}.
-	 * Returns {@code null} if authorization is not supported,
-	 * e.g. the client's {@link ClientRegistration#getAuthorizationGrantType() authorization grant type}
-	 * is not {@link AuthorizationGrantType#AUTHORIZATION_CODE authorization_code} OR the client is already authorized.
-	 *
+	 * Attempt to authorize the {@link OAuth2AuthorizationContext#getClientRegistration()
+	 * client} in the provided {@code context}. Returns {@code null} if authorization is
+	 * not supported, e.g. the client's
+	 * {@link ClientRegistration#getAuthorizationGrantType() authorization grant type} is
+	 * not {@link AuthorizationGrantType#AUTHORIZATION_CODE authorization_code} OR the
+	 * client is already authorized.
 	 * @param context the context that holds authorization-specific state for the client
-	 * @return the {@link OAuth2AuthorizedClient} or {@code null} if authorization is not supported
+	 * @return the {@link OAuth2AuthorizedClient} or {@code null} if authorization is not
+	 * supported
 	 */
 	@Override
 	@Nullable
 	public OAuth2AuthorizedClient authorize(OAuth2AuthorizationContext context) {
 		Assert.notNull(context, "context cannot be null");
 
-		if (AuthorizationGrantType.AUTHORIZATION_CODE.equals(context.getClientRegistration().getAuthorizationGrantType()) &&
-				context.getAuthorizedClient() == null) {
-			// ClientAuthorizationRequiredException is caught by OAuth2AuthorizationRequestRedirectFilter which initiates authorization
+		if (AuthorizationGrantType.AUTHORIZATION_CODE.equals(
+				context.getClientRegistration().getAuthorizationGrantType()) && context.getAuthorizedClient() == null) {
+			// ClientAuthorizationRequiredException is caught by
+			// OAuth2AuthorizationRequestRedirectFilter which initiates authorization
 			throw new ClientAuthorizationRequiredException(context.getClientRegistration().getRegistrationId());
 		}
 		return null;
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizationCodeReactiveOAuth2AuthorizedClientProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizationCodeReactiveOAuth2AuthorizedClientProvider.java
index 002432bd37..d49feb2e6c 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizationCodeReactiveOAuth2AuthorizedClientProvider.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizationCodeReactiveOAuth2AuthorizedClientProvider.java
@@ -21,33 +21,39 @@ import org.springframework.util.Assert;
 import reactor.core.publisher.Mono;
 
 /**
- * An implementation of a {@link ReactiveOAuth2AuthorizedClientProvider}
- * for the {@link AuthorizationGrantType#AUTHORIZATION_CODE authorization_code} grant.
+ * An implementation of a {@link ReactiveOAuth2AuthorizedClientProvider} for the
+ * {@link AuthorizationGrantType#AUTHORIZATION_CODE authorization_code} grant.
  *
  * @author Joe Grandja
  * @since 5.2
  * @see ReactiveOAuth2AuthorizedClientProvider
  */
-public final class AuthorizationCodeReactiveOAuth2AuthorizedClientProvider implements ReactiveOAuth2AuthorizedClientProvider {
+public final class AuthorizationCodeReactiveOAuth2AuthorizedClientProvider
+		implements ReactiveOAuth2AuthorizedClientProvider {
 
 	/**
-	 * Attempt to authorize the {@link OAuth2AuthorizationContext#getClientRegistration() client} in the provided {@code context}.
-	 * Returns an empty {@code Mono} if authorization is not supported,
-	 * e.g. the client's {@link ClientRegistration#getAuthorizationGrantType() authorization grant type}
-	 * is not {@link AuthorizationGrantType#AUTHORIZATION_CODE authorization_code} OR the client is already authorized.
-	 *
+	 * Attempt to authorize the {@link OAuth2AuthorizationContext#getClientRegistration()
+	 * client} in the provided {@code context}. Returns an empty {@code Mono} if
+	 * authorization is not supported, e.g. the client's
+	 * {@link ClientRegistration#getAuthorizationGrantType() authorization grant type} is
+	 * not {@link AuthorizationGrantType#AUTHORIZATION_CODE authorization_code} OR the
+	 * client is already authorized.
 	 * @param context the context that holds authorization-specific state for the client
-	 * @return the {@link OAuth2AuthorizedClient} or an empty {@code Mono} if authorization is not supported
+	 * @return the {@link OAuth2AuthorizedClient} or an empty {@code Mono} if
+	 * authorization is not supported
 	 */
 	@Override
 	public Mono<OAuth2AuthorizedClient> authorize(OAuth2AuthorizationContext context) {
 		Assert.notNull(context, "context cannot be null");
 
-		if (AuthorizationGrantType.AUTHORIZATION_CODE.equals(context.getClientRegistration().getAuthorizationGrantType()) &&
-				context.getAuthorizedClient() == null) {
-			// ClientAuthorizationRequiredException is caught by OAuth2AuthorizationRequestRedirectWebFilter which initiates authorization
-			return Mono.error(() -> new ClientAuthorizationRequiredException(context.getClientRegistration().getRegistrationId()));
+		if (AuthorizationGrantType.AUTHORIZATION_CODE.equals(
+				context.getClientRegistration().getAuthorizationGrantType()) && context.getAuthorizedClient() == null) {
+			// ClientAuthorizationRequiredException is caught by
+			// OAuth2AuthorizationRequestRedirectWebFilter which initiates authorization
+			return Mono.error(() -> new ClientAuthorizationRequiredException(
+					context.getClientRegistration().getRegistrationId()));
 		}
 		return Mono.empty();
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizedClientServiceOAuth2AuthorizedClientManager.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizedClientServiceOAuth2AuthorizedClientManager.java
index 179e4f40a8..cc3eebd80c 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizedClientServiceOAuth2AuthorizedClientManager.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizedClientServiceOAuth2AuthorizedClientManager.java
@@ -33,35 +33,35 @@ import java.util.Map;
 import java.util.function.Function;
 
 /**
- * An implementation of an {@link OAuth2AuthorizedClientManager}
- * that is capable of operating outside of the context of a {@code HttpServletRequest},
- * e.g. in a scheduled/background thread and/or in the service-tier.
+ * An implementation of an {@link OAuth2AuthorizedClientManager} that is capable of
+ * operating outside of the context of a {@code HttpServletRequest}, e.g. in a
+ * scheduled/background thread and/or in the service-tier.
  *
  * <p>
- * (When operating <em>within</em> the context of a {@code HttpServletRequest},
- * use {@link DefaultOAuth2AuthorizedClientManager} instead.)
+ * (When operating <em>within</em> the context of a {@code HttpServletRequest}, use
+ * {@link DefaultOAuth2AuthorizedClientManager} instead.)
  *
  * <h2>Authorized Client Persistence</h2>
  *
  * <p>
- * This manager utilizes an {@link OAuth2AuthorizedClientService}
- * to persist {@link OAuth2AuthorizedClient}s.
+ * This manager utilizes an {@link OAuth2AuthorizedClientService} to persist
+ * {@link OAuth2AuthorizedClient}s.
  *
  * <p>
  * By default, when an authorization attempt succeeds, the {@link OAuth2AuthorizedClient}
- * will be saved in the {@link OAuth2AuthorizedClientService}.
- * This functionality can be changed by configuring a custom {@link OAuth2AuthorizationSuccessHandler}
- * via {@link #setAuthorizationSuccessHandler(OAuth2AuthorizationSuccessHandler)}.
+ * will be saved in the {@link OAuth2AuthorizedClientService}. This functionality can be
+ * changed by configuring a custom {@link OAuth2AuthorizationSuccessHandler} via
+ * {@link #setAuthorizationSuccessHandler(OAuth2AuthorizationSuccessHandler)}.
  *
  * <p>
  * By default, when an authorization attempt fails due to an
- * {@value OAuth2ErrorCodes#INVALID_GRANT} error,
- * the previously saved {@link OAuth2AuthorizedClient}
- * will be removed from the {@link OAuth2AuthorizedClientService}.
- * (The {@value OAuth2ErrorCodes#INVALID_GRANT} error can occur
- * when a refresh token that is no longer valid is used to retrieve a new access token.)
- * This functionality can be changed by configuring a custom {@link OAuth2AuthorizationFailureHandler}
- * via {@link #setAuthorizationFailureHandler(OAuth2AuthorizationFailureHandler)}.
+ * {@value OAuth2ErrorCodes#INVALID_GRANT} error, the previously saved
+ * {@link OAuth2AuthorizedClient} will be removed from the
+ * {@link OAuth2AuthorizedClientService}. (The {@value OAuth2ErrorCodes#INVALID_GRANT}
+ * error can occur when a refresh token that is no longer valid is used to retrieve a new
+ * access token.) This functionality can be changed by configuring a custom
+ * {@link OAuth2AuthorizationFailureHandler} via
+ * {@link #setAuthorizationFailureHandler(OAuth2AuthorizationFailureHandler)}.
  *
  * @author Joe Grandja
  * @since 5.2
@@ -72,36 +72,42 @@ import java.util.function.Function;
  * @see OAuth2AuthorizationFailureHandler
  */
 public final class AuthorizedClientServiceOAuth2AuthorizedClientManager implements OAuth2AuthorizedClientManager {
-	private static final OAuth2AuthorizedClientProvider DEFAULT_AUTHORIZED_CLIENT_PROVIDER =
-			OAuth2AuthorizedClientProviderBuilder.builder()
-					.clientCredentials()
-					.build();
+
+	private static final OAuth2AuthorizedClientProvider DEFAULT_AUTHORIZED_CLIENT_PROVIDER = OAuth2AuthorizedClientProviderBuilder
+			.builder().clientCredentials().build();
+
 	private final ClientRegistrationRepository clientRegistrationRepository;
+
 	private final OAuth2AuthorizedClientService authorizedClientService;
+
 	private OAuth2AuthorizedClientProvider authorizedClientProvider;
+
 	private Function<OAuth2AuthorizeRequest, Map<String, Object>> contextAttributesMapper;
+
 	private OAuth2AuthorizationSuccessHandler authorizationSuccessHandler;
+
 	private OAuth2AuthorizationFailureHandler authorizationFailureHandler;
 
 	/**
-	 * Constructs an {@code AuthorizedClientServiceOAuth2AuthorizedClientManager} using the provided parameters.
-	 *
+	 * Constructs an {@code AuthorizedClientServiceOAuth2AuthorizedClientManager} using
+	 * the provided parameters.
 	 * @param clientRegistrationRepository the repository of client registrations
 	 * @param authorizedClientService the authorized client service
 	 */
-	public AuthorizedClientServiceOAuth2AuthorizedClientManager(ClientRegistrationRepository clientRegistrationRepository,
-																OAuth2AuthorizedClientService authorizedClientService) {
+	public AuthorizedClientServiceOAuth2AuthorizedClientManager(
+			ClientRegistrationRepository clientRegistrationRepository,
+			OAuth2AuthorizedClientService authorizedClientService) {
 		Assert.notNull(clientRegistrationRepository, "clientRegistrationRepository cannot be null");
 		Assert.notNull(authorizedClientService, "authorizedClientService cannot be null");
 		this.clientRegistrationRepository = clientRegistrationRepository;
 		this.authorizedClientService = authorizedClientService;
 		this.authorizedClientProvider = DEFAULT_AUTHORIZED_CLIENT_PROVIDER;
 		this.contextAttributesMapper = new DefaultContextAttributesMapper();
-		this.authorizationSuccessHandler = (authorizedClient, principal, attributes) ->
-				authorizedClientService.saveAuthorizedClient(authorizedClient, principal);
+		this.authorizationSuccessHandler = (authorizedClient, principal, attributes) -> authorizedClientService
+				.saveAuthorizedClient(authorizedClient, principal);
 		this.authorizationFailureHandler = new RemoveAuthorizedClientOAuth2AuthorizationFailureHandler(
-				(clientRegistrationId, principal, attributes) ->
-						authorizedClientService.removeAuthorizedClient(clientRegistrationId, principal.getName()));
+				(clientRegistrationId, principal, attributes) -> authorizedClientService
+						.removeAuthorizedClient(clientRegistrationId, principal.getName()));
 	}
 
 	@Nullable
@@ -116,39 +122,45 @@ public final class AuthorizedClientServiceOAuth2AuthorizedClientManager implemen
 		OAuth2AuthorizationContext.Builder contextBuilder;
 		if (authorizedClient != null) {
 			contextBuilder = OAuth2AuthorizationContext.withAuthorizedClient(authorizedClient);
-		} else {
-			ClientRegistration clientRegistration = this.clientRegistrationRepository.findByRegistrationId(clientRegistrationId);
-			Assert.notNull(clientRegistration, "Could not find ClientRegistration with id '" + clientRegistrationId + "'");
-			authorizedClient = this.authorizedClientService.loadAuthorizedClient(clientRegistrationId, principal.getName());
+		}
+		else {
+			ClientRegistration clientRegistration = this.clientRegistrationRepository
+					.findByRegistrationId(clientRegistrationId);
+			Assert.notNull(clientRegistration,
+					"Could not find ClientRegistration with id '" + clientRegistrationId + "'");
+			authorizedClient = this.authorizedClientService.loadAuthorizedClient(clientRegistrationId,
+					principal.getName());
 			if (authorizedClient != null) {
 				contextBuilder = OAuth2AuthorizationContext.withAuthorizedClient(authorizedClient);
-			} else {
+			}
+			else {
 				contextBuilder = OAuth2AuthorizationContext.withClientRegistration(clientRegistration);
 			}
 		}
-		OAuth2AuthorizationContext authorizationContext = contextBuilder
-				.principal(principal)
-				.attributes(attributes -> {
-					Map<String, Object> contextAttributes = this.contextAttributesMapper.apply(authorizeRequest);
-					if (!CollectionUtils.isEmpty(contextAttributes)) {
-						attributes.putAll(contextAttributes);
-					}
-				})
-				.build();
+		OAuth2AuthorizationContext authorizationContext = contextBuilder.principal(principal).attributes(attributes -> {
+			Map<String, Object> contextAttributes = this.contextAttributesMapper.apply(authorizeRequest);
+			if (!CollectionUtils.isEmpty(contextAttributes)) {
+				attributes.putAll(contextAttributes);
+			}
+		}).build();
 
 		try {
 			authorizedClient = this.authorizedClientProvider.authorize(authorizationContext);
-		} catch (OAuth2AuthorizationException ex) {
+		}
+		catch (OAuth2AuthorizationException ex) {
 			this.authorizationFailureHandler.onAuthorizationFailure(ex, principal, Collections.emptyMap());
 			throw ex;
 		}
 
 		if (authorizedClient != null) {
-			this.authorizationSuccessHandler.onAuthorizationSuccess(
-					authorizedClient, principal, Collections.emptyMap());
-		} else {
-			// In the case of re-authorization, the returned `authorizedClient` may be null if re-authorization is not supported.
-			// For these cases, return the provided `authorizationContext.authorizedClient`.
+			this.authorizationSuccessHandler.onAuthorizationSuccess(authorizedClient, principal,
+					Collections.emptyMap());
+		}
+		else {
+			// In the case of re-authorization, the returned `authorizedClient` may be
+			// null if re-authorization is not supported.
+			// For these cases, return the provided
+			// `authorizationContext.authorizedClient`.
 			if (authorizationContext.getAuthorizedClient() != null) {
 				return authorizationContext.getAuthorizedClient();
 			}
@@ -158,9 +170,10 @@ public final class AuthorizedClientServiceOAuth2AuthorizedClientManager implemen
 	}
 
 	/**
-	 * Sets the {@link OAuth2AuthorizedClientProvider} used for authorizing (or re-authorizing) an OAuth 2.0 Client.
-	 *
-	 * @param authorizedClientProvider the {@link OAuth2AuthorizedClientProvider} used for authorizing (or re-authorizing) an OAuth 2.0 Client
+	 * Sets the {@link OAuth2AuthorizedClientProvider} used for authorizing (or
+	 * re-authorizing) an OAuth 2.0 Client.
+	 * @param authorizedClientProvider the {@link OAuth2AuthorizedClientProvider} used for
+	 * authorizing (or re-authorizing) an OAuth 2.0 Client
 	 */
 	public void setAuthorizedClientProvider(OAuth2AuthorizedClientProvider authorizedClientProvider) {
 		Assert.notNull(authorizedClientProvider, "authorizedClientProvider cannot be null");
@@ -168,24 +181,28 @@ public final class AuthorizedClientServiceOAuth2AuthorizedClientManager implemen
 	}
 
 	/**
-	 * Sets the {@code Function} used for mapping attribute(s) from the {@link OAuth2AuthorizeRequest} to a {@code Map} of attributes
-	 * to be associated to the {@link OAuth2AuthorizationContext#getAttributes() authorization context}.
-	 *
-	 * @param contextAttributesMapper the {@code Function} used for supplying the {@code Map} of attributes
-	 *                                   to the {@link OAuth2AuthorizationContext#getAttributes() authorization context}
+	 * Sets the {@code Function} used for mapping attribute(s) from the
+	 * {@link OAuth2AuthorizeRequest} to a {@code Map} of attributes to be associated to
+	 * the {@link OAuth2AuthorizationContext#getAttributes() authorization context}.
+	 * @param contextAttributesMapper the {@code Function} used for supplying the
+	 * {@code Map} of attributes to the {@link OAuth2AuthorizationContext#getAttributes()
+	 * authorization context}
 	 */
-	public void setContextAttributesMapper(Function<OAuth2AuthorizeRequest, Map<String, Object>> contextAttributesMapper) {
+	public void setContextAttributesMapper(
+			Function<OAuth2AuthorizeRequest, Map<String, Object>> contextAttributesMapper) {
 		Assert.notNull(contextAttributesMapper, "contextAttributesMapper cannot be null");
 		this.contextAttributesMapper = contextAttributesMapper;
 	}
 
 	/**
-	 * Sets the {@link OAuth2AuthorizationSuccessHandler} that handles successful authorizations.
+	 * Sets the {@link OAuth2AuthorizationSuccessHandler} that handles successful
+	 * authorizations.
 	 *
 	 * <p>
-	 * The default saves {@link OAuth2AuthorizedClient}s in the {@link OAuth2AuthorizedClientService}.
-	 *
-	 * @param authorizationSuccessHandler the {@link OAuth2AuthorizationSuccessHandler} that handles successful authorizations
+	 * The default saves {@link OAuth2AuthorizedClient}s in the
+	 * {@link OAuth2AuthorizedClientService}.
+	 * @param authorizationSuccessHandler the {@link OAuth2AuthorizationSuccessHandler}
+	 * that handles successful authorizations
 	 * @since 5.3
 	 */
 	public void setAuthorizationSuccessHandler(OAuth2AuthorizationSuccessHandler authorizationSuccessHandler) {
@@ -194,12 +211,14 @@ public final class AuthorizedClientServiceOAuth2AuthorizedClientManager implemen
 	}
 
 	/**
-	 * Sets the {@link OAuth2AuthorizationFailureHandler} that handles authorization failures.
+	 * Sets the {@link OAuth2AuthorizationFailureHandler} that handles authorization
+	 * failures.
 	 *
 	 * <p>
-	 * A {@link RemoveAuthorizedClientOAuth2AuthorizationFailureHandler} is used by default.
-	 *
-	 * @param authorizationFailureHandler the {@link OAuth2AuthorizationFailureHandler} that handles authorization failures
+	 * A {@link RemoveAuthorizedClientOAuth2AuthorizationFailureHandler} is used by
+	 * default.
+	 * @param authorizationFailureHandler the {@link OAuth2AuthorizationFailureHandler}
+	 * that handles authorization failures
 	 * @see RemoveAuthorizedClientOAuth2AuthorizationFailureHandler
 	 * @since 5.3
 	 */
@@ -209,9 +228,11 @@ public final class AuthorizedClientServiceOAuth2AuthorizedClientManager implemen
 	}
 
 	/**
-	 * The default implementation of the {@link #setContextAttributesMapper(Function) contextAttributesMapper}.
+	 * The default implementation of the {@link #setContextAttributesMapper(Function)
+	 * contextAttributesMapper}.
 	 */
-	public static class DefaultContextAttributesMapper implements Function<OAuth2AuthorizeRequest, Map<String, Object>> {
+	public static class DefaultContextAttributesMapper
+			implements Function<OAuth2AuthorizeRequest, Map<String, Object>> {
 
 		@Override
 		public Map<String, Object> apply(OAuth2AuthorizeRequest authorizeRequest) {
@@ -224,5 +245,7 @@ public final class AuthorizedClientServiceOAuth2AuthorizedClientManager implemen
 			}
 			return contextAttributes;
 		}
+
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager.java
index 3a446ec2da..0439c6bc1a 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager.java
@@ -28,34 +28,45 @@ import java.util.Map;
 import java.util.function.Function;
 
 /**
- * An implementation of a {@link ReactiveOAuth2AuthorizedClientManager}
- * that is capable of operating outside of the context of a {@link ServerWebExchange},
- * e.g. in a scheduled/background thread and/or in the service-tier.
+ * An implementation of a {@link ReactiveOAuth2AuthorizedClientManager} that is capable of
+ * operating outside of the context of a {@link ServerWebExchange}, e.g. in a
+ * scheduled/background thread and/or in the service-tier.
  *
- * <p>(When operating <em>within</em> the context of a {@link ServerWebExchange},
- * use {@link DefaultReactiveOAuth2AuthorizedClientManager} instead.)</p>
+ * <p>
+ * (When operating <em>within</em> the context of a {@link ServerWebExchange}, use
+ * {@link DefaultReactiveOAuth2AuthorizedClientManager} instead.)
+ * </p>
  *
- * <p>This is a reactive equivalent of {@link org.springframework.security.oauth2.client.AuthorizedClientServiceOAuth2AuthorizedClientManager}.</p>
+ * <p>
+ * This is a reactive equivalent of
+ * {@link org.springframework.security.oauth2.client.AuthorizedClientServiceOAuth2AuthorizedClientManager}.
+ * </p>
  *
  * <h2>Authorized Client Persistence</h2>
  *
- * <p>This client manager utilizes a {@link ReactiveOAuth2AuthorizedClientService}
- * to persist {@link OAuth2AuthorizedClient}s.</p>
+ * <p>
+ * This client manager utilizes a {@link ReactiveOAuth2AuthorizedClientService} to persist
+ * {@link OAuth2AuthorizedClient}s.
+ * </p>
  *
- * <p>By default, when an authorization attempt succeeds, the {@link OAuth2AuthorizedClient}
- * will be saved in the authorized client service.
- * This functionality can be changed by configuring a custom {@link ReactiveOAuth2AuthorizationSuccessHandler}
- * via {@link #setAuthorizationSuccessHandler(ReactiveOAuth2AuthorizationSuccessHandler)}.</p>
+ * <p>
+ * By default, when an authorization attempt succeeds, the {@link OAuth2AuthorizedClient}
+ * will be saved in the authorized client service. This functionality can be changed by
+ * configuring a custom {@link ReactiveOAuth2AuthorizationSuccessHandler} via
+ * {@link #setAuthorizationSuccessHandler(ReactiveOAuth2AuthorizationSuccessHandler)}.
+ * </p>
  *
- * <p>By default, when an authorization attempt fails due to an
+ * <p>
+ * By default, when an authorization attempt fails due to an
  * {@value org.springframework.security.oauth2.core.OAuth2ErrorCodes#INVALID_GRANT} error,
- * the previously saved {@link OAuth2AuthorizedClient}
- * will be removed from the authorized client service.
- * (The {@value org.springframework.security.oauth2.core.OAuth2ErrorCodes#INVALID_GRANT}
- * error generally occurs when a refresh token that is no longer valid
- * is used to retrieve a new access token.)
- * This functionality can be changed by configuring a custom {@link ReactiveOAuth2AuthorizationFailureHandler}
- * via {@link #setAuthorizationFailureHandler(ReactiveOAuth2AuthorizationFailureHandler)}.</p>
+ * the previously saved {@link OAuth2AuthorizedClient} will be removed from the authorized
+ * client service. (The
+ * {@value org.springframework.security.oauth2.core.OAuth2ErrorCodes#INVALID_GRANT} error
+ * generally occurs when a refresh token that is no longer valid is used to retrieve a new
+ * access token.) This functionality can be changed by configuring a custom
+ * {@link ReactiveOAuth2AuthorizationFailureHandler} via
+ * {@link #setAuthorizationFailureHandler(ReactiveOAuth2AuthorizationFailureHandler)}.
+ * </p>
  *
  * @author Ankur Pathak
  * @author Phil Clay
@@ -69,22 +80,26 @@ import java.util.function.Function;
 public final class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager
 		implements ReactiveOAuth2AuthorizedClientManager {
 
-	private static final ReactiveOAuth2AuthorizedClientProvider DEFAULT_AUTHORIZED_CLIENT_PROVIDER =
-			ReactiveOAuth2AuthorizedClientProviderBuilder.builder()
-					.clientCredentials()
-					.build();
+	private static final ReactiveOAuth2AuthorizedClientProvider DEFAULT_AUTHORIZED_CLIENT_PROVIDER = ReactiveOAuth2AuthorizedClientProviderBuilder
+			.builder().clientCredentials().build();
+
 	private final ReactiveClientRegistrationRepository clientRegistrationRepository;
+
 	private final ReactiveOAuth2AuthorizedClientService authorizedClientService;
+
 	private ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider = DEFAULT_AUTHORIZED_CLIENT_PROVIDER;
+
 	private Function<OAuth2AuthorizeRequest, Mono<Map<String, Object>>> contextAttributesMapper = new DefaultContextAttributesMapper();
+
 	private ReactiveOAuth2AuthorizationSuccessHandler authorizationSuccessHandler;
+
 	private ReactiveOAuth2AuthorizationFailureHandler authorizationFailureHandler;
 
 	/**
-	 * Constructs an {@code AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager} using the provided parameters.
-	 *
+	 * Constructs an {@code AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager}
+	 * using the provided parameters.
 	 * @param clientRegistrationRepository the repository of client registrations
-	 * @param authorizedClientService      the authorized client service
+	 * @param authorizedClientService the authorized client service
 	 */
 	public AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager(
 			ReactiveClientRegistrationRepository clientRegistrationRepository,
@@ -93,11 +108,11 @@ public final class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager
 		Assert.notNull(authorizedClientService, "authorizedClientService cannot be null");
 		this.clientRegistrationRepository = clientRegistrationRepository;
 		this.authorizedClientService = authorizedClientService;
-		this.authorizationSuccessHandler = (authorizedClient, principal, attributes) ->
-				authorizedClientService.saveAuthorizedClient(authorizedClient, principal);
+		this.authorizationSuccessHandler = (authorizedClient, principal, attributes) -> authorizedClientService
+				.saveAuthorizedClient(authorizedClient, principal);
 		this.authorizationFailureHandler = new RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler(
-				(clientRegistrationId, principal, attributes) ->
-						this.authorizedClientService.removeAuthorizedClient(clientRegistrationId, principal.getName()));
+				(clientRegistrationId, principal, attributes) -> this.authorizedClientService
+						.removeAuthorizedClient(clientRegistrationId, principal.getName()));
 	}
 
 	@Override
@@ -113,14 +128,17 @@ public final class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager
 		Authentication principal = authorizeRequest.getPrincipal();
 		return Mono.justOrEmpty(authorizeRequest.getAuthorizedClient())
 				.map(OAuth2AuthorizationContext::withAuthorizedClient)
-				.switchIfEmpty(Mono.defer(() -> this.clientRegistrationRepository.findByRegistrationId(clientRegistrationId)
-						.flatMap(clientRegistration -> this.authorizedClientService.loadAuthorizedClient(clientRegistrationId, principal.getName())
+				.switchIfEmpty(Mono.defer(() -> this.clientRegistrationRepository
+						.findByRegistrationId(clientRegistrationId)
+						.flatMap(clientRegistration -> this.authorizedClientService
+								.loadAuthorizedClient(clientRegistrationId, principal.getName())
 								.map(OAuth2AuthorizationContext::withAuthorizedClient)
-								.switchIfEmpty(Mono.fromSupplier(() -> OAuth2AuthorizationContext.withClientRegistration(clientRegistration))))
-						.switchIfEmpty(Mono.error(() -> new IllegalArgumentException("Could not find ClientRegistration with id '" + clientRegistrationId + "'")))))
+								.switchIfEmpty(Mono.fromSupplier(
+										() -> OAuth2AuthorizationContext.withClientRegistration(clientRegistration))))
+						.switchIfEmpty(Mono.error(() -> new IllegalArgumentException(
+								"Could not find ClientRegistration with id '" + clientRegistrationId + "'")))))
 				.flatMap(contextBuilder -> this.contextAttributesMapper.apply(authorizeRequest)
-						.defaultIfEmpty(Collections.emptyMap())
-						.map(contextAttributes -> {
+						.defaultIfEmpty(Collections.emptyMap()).map(contextAttributes -> {
 							OAuth2AuthorizationContext.Builder builder = contextBuilder.principal(principal);
 							if (!contextAttributes.isEmpty()) {
 								builder = builder.attributes(attributes -> attributes.putAll(contextAttributes));
@@ -130,39 +148,37 @@ public final class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager
 	}
 
 	/**
-	 * Performs authorization and then delegates to either the {@link #authorizationSuccessHandler}
-	 * or {@link #authorizationFailureHandler}, depending on the authorization result.
-	 *
+	 * Performs authorization and then delegates to either the
+	 * {@link #authorizationSuccessHandler} or {@link #authorizationFailureHandler},
+	 * depending on the authorization result.
 	 * @param authorizationContext the context to authorize
 	 * @param principal the principle to authorize
-	 * @return a {@link Mono} that emits the authorized client after the authorization attempt succeeds
-	 *         and the {@link #authorizationSuccessHandler} has completed,
-	 *         or completes with an exception after the authorization attempt fails
-	 *         and the {@link #authorizationFailureHandler} has completed
+	 * @return a {@link Mono} that emits the authorized client after the authorization
+	 * attempt succeeds and the {@link #authorizationSuccessHandler} has completed, or
+	 * completes with an exception after the authorization attempt fails and the
+	 * {@link #authorizationFailureHandler} has completed
 	 */
-	private Mono<OAuth2AuthorizedClient> authorize(
-			OAuth2AuthorizationContext authorizationContext,
+	private Mono<OAuth2AuthorizedClient> authorize(OAuth2AuthorizationContext authorizationContext,
 			Authentication principal) {
 		return this.authorizedClientProvider.authorize(authorizationContext)
-				// Delegate to the authorizationSuccessHandler of the successful authorization
-				.flatMap(authorizedClient -> this.authorizationSuccessHandler.onAuthorizationSuccess(
-								authorizedClient,
-								principal,
-								Collections.emptyMap())
+				// Delegate to the authorizationSuccessHandler of the successful
+				// authorization
+				.flatMap(authorizedClient -> this.authorizationSuccessHandler
+						.onAuthorizationSuccess(authorizedClient, principal, Collections.emptyMap())
 						.thenReturn(authorizedClient))
 				// Delegate to the authorizationFailureHandler of the failed authorization
-				.onErrorResume(OAuth2AuthorizationException.class, authorizationException -> this.authorizationFailureHandler.onAuthorizationFailure(
-								authorizationException,
-								principal,
-								Collections.emptyMap())
-						.then(Mono.error(authorizationException)))
+				.onErrorResume(OAuth2AuthorizationException.class,
+						authorizationException -> this.authorizationFailureHandler
+								.onAuthorizationFailure(authorizationException, principal, Collections.emptyMap())
+								.then(Mono.error(authorizationException)))
 				.switchIfEmpty(Mono.defer(() -> Mono.justOrEmpty(authorizationContext.getAuthorizedClient())));
 	}
 
 	/**
-	 * Sets the {@link ReactiveOAuth2AuthorizedClientProvider} used for authorizing (or re-authorizing) an OAuth 2.0 Client.
-	 *
-	 * @param authorizedClientProvider the {@link ReactiveOAuth2AuthorizedClientProvider} used for authorizing (or re-authorizing) an OAuth 2.0 Client
+	 * Sets the {@link ReactiveOAuth2AuthorizedClientProvider} used for authorizing (or
+	 * re-authorizing) an OAuth 2.0 Client.
+	 * @param authorizedClientProvider the {@link ReactiveOAuth2AuthorizedClientProvider}
+	 * used for authorizing (or re-authorizing) an OAuth 2.0 Client
 	 */
 	public void setAuthorizedClientProvider(ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider) {
 		Assert.notNull(authorizedClientProvider, "authorizedClientProvider cannot be null");
@@ -170,13 +186,15 @@ public final class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager
 	}
 
 	/**
-	 * Sets the {@code Function} used for mapping attribute(s) from the {@link OAuth2AuthorizeRequest} to a {@code Map} of attributes
-	 * to be associated to the {@link OAuth2AuthorizationContext#getAttributes() authorization context}.
-	 *
-	 * @param contextAttributesMapper the {@code Function} used for supplying the {@code Map} of attributes
-	 *                                to the {@link OAuth2AuthorizationContext#getAttributes() authorization context}
+	 * Sets the {@code Function} used for mapping attribute(s) from the
+	 * {@link OAuth2AuthorizeRequest} to a {@code Map} of attributes to be associated to
+	 * the {@link OAuth2AuthorizationContext#getAttributes() authorization context}.
+	 * @param contextAttributesMapper the {@code Function} used for supplying the
+	 * {@code Map} of attributes to the {@link OAuth2AuthorizationContext#getAttributes()
+	 * authorization context}
 	 */
-	public void setContextAttributesMapper(Function<OAuth2AuthorizeRequest, Mono<Map<String, Object>>> contextAttributesMapper) {
+	public void setContextAttributesMapper(
+			Function<OAuth2AuthorizeRequest, Mono<Map<String, Object>>> contextAttributesMapper) {
 		Assert.notNull(contextAttributesMapper, "contextAttributesMapper cannot be null");
 		this.contextAttributesMapper = contextAttributesMapper;
 	}
@@ -184,9 +202,10 @@ public final class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager
 	/**
 	 * Sets the handler that handles successful authorizations.
 	 *
-	 * The default saves {@link OAuth2AuthorizedClient}s in the {@link ReactiveOAuth2AuthorizedClientService}.
-	 *
-	 * @param authorizationSuccessHandler the handler that handles successful authorizations.
+	 * The default saves {@link OAuth2AuthorizedClient}s in the
+	 * {@link ReactiveOAuth2AuthorizedClientService}.
+	 * @param authorizationSuccessHandler the handler that handles successful
+	 * authorizations.
 	 * @since 5.3
 	 */
 	public void setAuthorizationSuccessHandler(ReactiveOAuth2AuthorizationSuccessHandler authorizationSuccessHandler) {
@@ -197,9 +216,10 @@ public final class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager
 	/**
 	 * Sets the handler that handles authorization failures.
 	 *
-	 * <p>A {@link RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler}
-	 * is used by default.</p>
-	 *
+	 * <p>
+	 * A {@link RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler} is used
+	 * by default.
+	 * </p>
 	 * @param authorizationFailureHandler the handler that handles authorization failures.
 	 * @see RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler
 	 * @since 5.3
@@ -210,16 +230,19 @@ public final class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager
 	}
 
 	/**
-	 * The default implementation of the {@link #setContextAttributesMapper(Function) contextAttributesMapper}.
+	 * The default implementation of the {@link #setContextAttributesMapper(Function)
+	 * contextAttributesMapper}.
 	 */
-	public static class DefaultContextAttributesMapper implements Function<OAuth2AuthorizeRequest, Mono<Map<String, Object>>> {
+	public static class DefaultContextAttributesMapper
+			implements Function<OAuth2AuthorizeRequest, Mono<Map<String, Object>>> {
 
-		private final AuthorizedClientServiceOAuth2AuthorizedClientManager.DefaultContextAttributesMapper mapper =
-				new AuthorizedClientServiceOAuth2AuthorizedClientManager.DefaultContextAttributesMapper();
+		private final AuthorizedClientServiceOAuth2AuthorizedClientManager.DefaultContextAttributesMapper mapper = new AuthorizedClientServiceOAuth2AuthorizedClientManager.DefaultContextAttributesMapper();
 
 		@Override
 		public Mono<Map<String, Object>> apply(OAuth2AuthorizeRequest authorizeRequest) {
 			return Mono.fromCallable(() -> mapper.apply(authorizeRequest));
 		}
+
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ClientAuthorizationException.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ClientAuthorizationException.java
index 0cbd6ee2c8..c6010c504f 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ClientAuthorizationException.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ClientAuthorizationException.java
@@ -20,8 +20,8 @@ import org.springframework.security.oauth2.core.OAuth2Error;
 import org.springframework.util.Assert;
 
 /**
- * This exception is thrown on the client side when an attempt to authenticate
- * or authorize an OAuth 2.0 client fails.
+ * This exception is thrown on the client side when an attempt to authenticate or
+ * authorize an OAuth 2.0 client fails.
  *
  * @author Phil Clay
  * @since 5.3
@@ -33,16 +33,15 @@ public class ClientAuthorizationException extends OAuth2AuthorizationException {
 
 	/**
 	 * Constructs a {@code ClientAuthorizationException} using the provided parameters.
-	 *
 	 * @param error the {@link OAuth2Error OAuth 2.0 Error}
 	 * @param clientRegistrationId the identifier for the client's registration
 	 */
 	public ClientAuthorizationException(OAuth2Error error, String clientRegistrationId) {
 		this(error, clientRegistrationId, error.toString());
 	}
+
 	/**
 	 * Constructs a {@code ClientAuthorizationException} using the provided parameters.
-	 *
 	 * @param error the {@link OAuth2Error OAuth 2.0 Error}
 	 * @param clientRegistrationId the identifier for the client's registration
 	 * @param message the exception message
@@ -55,7 +54,6 @@ public class ClientAuthorizationException extends OAuth2AuthorizationException {
 
 	/**
 	 * Constructs a {@code ClientAuthorizationException} using the provided parameters.
-	 *
 	 * @param error the {@link OAuth2Error OAuth 2.0 Error}
 	 * @param clientRegistrationId the identifier for the client's registration
 	 * @param cause the root cause
@@ -66,13 +64,13 @@ public class ClientAuthorizationException extends OAuth2AuthorizationException {
 
 	/**
 	 * Constructs a {@code ClientAuthorizationException} using the provided parameters.
-	 *
 	 * @param error the {@link OAuth2Error OAuth 2.0 Error}
 	 * @param clientRegistrationId the identifier for the client's registration
 	 * @param message the exception message
 	 * @param cause the root cause
 	 */
-	public ClientAuthorizationException(OAuth2Error error, String clientRegistrationId, String message, Throwable cause) {
+	public ClientAuthorizationException(OAuth2Error error, String clientRegistrationId, String message,
+			Throwable cause) {
 		super(error, message, cause);
 		Assert.hasText(clientRegistrationId, "clientRegistrationId cannot be empty");
 		this.clientRegistrationId = clientRegistrationId;
@@ -80,10 +78,10 @@ public class ClientAuthorizationException extends OAuth2AuthorizationException {
 
 	/**
 	 * Returns the identifier for the client's registration.
-	 *
 	 * @return the identifier for the client's registration
 	 */
 	public String getClientRegistrationId() {
 		return this.clientRegistrationId;
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ClientAuthorizationRequiredException.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ClientAuthorizationRequiredException.java
index d9b9e7a6a7..d951c99bc0 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ClientAuthorizationRequiredException.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ClientAuthorizationRequiredException.java
@@ -18,19 +18,20 @@ package org.springframework.security.oauth2.client;
 import org.springframework.security.oauth2.core.OAuth2Error;
 
 /**
- * This exception is thrown when an OAuth 2.0 Client is required
- * to obtain authorization from the Resource Owner.
+ * This exception is thrown when an OAuth 2.0 Client is required to obtain authorization
+ * from the Resource Owner.
  *
  * @author Joe Grandja
  * @since 5.1
  * @see OAuth2AuthorizedClient
  */
 public class ClientAuthorizationRequiredException extends ClientAuthorizationException {
+
 	private static final String CLIENT_AUTHORIZATION_REQUIRED_ERROR_CODE = "client_authorization_required";
 
 	/**
-	 * Constructs a {@code ClientAuthorizationRequiredException} using the provided parameters.
-	 *
+	 * Constructs a {@code ClientAuthorizationRequiredException} using the provided
+	 * parameters.
 	 * @param clientRegistrationId the identifier for the client's registration
 	 */
 	public ClientAuthorizationRequiredException(String clientRegistrationId) {
@@ -38,4 +39,5 @@ public class ClientAuthorizationRequiredException extends ClientAuthorizationExc
 				"Authorization required for Client Registration Id: " + clientRegistrationId, null),
 				clientRegistrationId);
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ClientCredentialsOAuth2AuthorizedClientProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ClientCredentialsOAuth2AuthorizedClientProvider.java
index ae5975d27f..20f5b318e1 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ClientCredentialsOAuth2AuthorizedClientProvider.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ClientCredentialsOAuth2AuthorizedClientProvider.java
@@ -31,8 +31,8 @@ import java.time.Duration;
 import java.time.Instant;
 
 /**
- * An implementation of an {@link OAuth2AuthorizedClientProvider}
- * for the {@link AuthorizationGrantType#CLIENT_CREDENTIALS client_credentials} grant.
+ * An implementation of an {@link OAuth2AuthorizedClientProvider} for the
+ * {@link AuthorizationGrantType#CLIENT_CREDENTIALS client_credentials} grant.
  *
  * @author Joe Grandja
  * @since 5.2
@@ -40,20 +40,24 @@ import java.time.Instant;
  * @see DefaultClientCredentialsTokenResponseClient
  */
 public final class ClientCredentialsOAuth2AuthorizedClientProvider implements OAuth2AuthorizedClientProvider {
-	private OAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest> accessTokenResponseClient =
-			new DefaultClientCredentialsTokenResponseClient();
+
+	private OAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest> accessTokenResponseClient = new DefaultClientCredentialsTokenResponseClient();
+
 	private Duration clockSkew = Duration.ofSeconds(60);
+
 	private Clock clock = Clock.systemUTC();
 
 	/**
-	 * Attempt to authorize (or re-authorize) the {@link OAuth2AuthorizationContext#getClientRegistration() client} in the provided {@code context}.
-	 * Returns {@code null} if authorization (or re-authorization) is not supported,
-	 * e.g. the client's {@link ClientRegistration#getAuthorizationGrantType() authorization grant type}
-	 * is not {@link AuthorizationGrantType#CLIENT_CREDENTIALS client_credentials} OR
-	 * the {@link OAuth2AuthorizedClient#getAccessToken() access token} is not expired.
-	 *
+	 * Attempt to authorize (or re-authorize) the
+	 * {@link OAuth2AuthorizationContext#getClientRegistration() client} in the provided
+	 * {@code context}. Returns {@code null} if authorization (or re-authorization) is not
+	 * supported, e.g. the client's {@link ClientRegistration#getAuthorizationGrantType()
+	 * authorization grant type} is not {@link AuthorizationGrantType#CLIENT_CREDENTIALS
+	 * client_credentials} OR the {@link OAuth2AuthorizedClient#getAccessToken() access
+	 * token} is not expired.
 	 * @param context the context that holds authorization-specific state for the client
-	 * @return the {@link OAuth2AuthorizedClient} or {@code null} if authorization (or re-authorization) is not supported
+	 * @return the {@link OAuth2AuthorizedClient} or {@code null} if authorization (or
+	 * re-authorization) is not supported
 	 */
 	@Override
 	@Nullable
@@ -67,7 +71,8 @@ public final class ClientCredentialsOAuth2AuthorizedClientProvider implements OA
 
 		OAuth2AuthorizedClient authorizedClient = context.getAuthorizedClient();
 		if (authorizedClient != null && !hasTokenExpired(authorizedClient.getAccessToken())) {
-			// If client is already authorized but access token is NOT expired than no need for re-authorization
+			// If client is already authorized but access token is NOT expired than no
+			// need for re-authorization
 			return null;
 		}
 
@@ -78,17 +83,19 @@ public final class ClientCredentialsOAuth2AuthorizedClientProvider implements OA
 		// Therefore, renewing an expired access token (re-authorization)
 		// is the same as acquiring a new access token (authorization).
 
-		OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest =
-				new OAuth2ClientCredentialsGrantRequest(clientRegistration);
+		OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest = new OAuth2ClientCredentialsGrantRequest(
+				clientRegistration);
 
 		OAuth2AccessTokenResponse tokenResponse;
 		try {
 			tokenResponse = this.accessTokenResponseClient.getTokenResponse(clientCredentialsGrantRequest);
-		} catch (OAuth2AuthorizationException ex) {
+		}
+		catch (OAuth2AuthorizationException ex) {
 			throw new ClientAuthorizationException(ex.getError(), clientRegistration.getRegistrationId(), ex);
 		}
 
-		return new OAuth2AuthorizedClient(clientRegistration, context.getPrincipal().getName(), tokenResponse.getAccessToken());
+		return new OAuth2AuthorizedClient(clientRegistration, context.getPrincipal().getName(),
+				tokenResponse.getAccessToken());
 	}
 
 	private boolean hasTokenExpired(AbstractOAuth2Token token) {
@@ -96,23 +103,26 @@ public final class ClientCredentialsOAuth2AuthorizedClientProvider implements OA
 	}
 
 	/**
-	 * Sets the client used when requesting an access token credential at the Token Endpoint for the {@code client_credentials} grant.
-	 *
-	 * @param accessTokenResponseClient the client used when requesting an access token credential at the Token Endpoint for the {@code client_credentials} grant
+	 * Sets the client used when requesting an access token credential at the Token
+	 * Endpoint for the {@code client_credentials} grant.
+	 * @param accessTokenResponseClient the client used when requesting an access token
+	 * credential at the Token Endpoint for the {@code client_credentials} grant
 	 */
-	public void setAccessTokenResponseClient(OAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest> accessTokenResponseClient) {
+	public void setAccessTokenResponseClient(
+			OAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest> accessTokenResponseClient) {
 		Assert.notNull(accessTokenResponseClient, "accessTokenResponseClient cannot be null");
 		this.accessTokenResponseClient = accessTokenResponseClient;
 	}
 
 	/**
 	 * Sets the maximum acceptable clock skew, which is used when checking the
-	 * {@link OAuth2AuthorizedClient#getAccessToken() access token} expiry. The default is 60 seconds.
+	 * {@link OAuth2AuthorizedClient#getAccessToken() access token} expiry. The default is
+	 * 60 seconds.
 	 *
 	 * <p>
-	 * An access token is considered expired if {@code OAuth2AccessToken#getExpiresAt() - clockSkew}
-	 * is before the current time {@code clock#instant()}.
-	 *
+	 * An access token is considered expired if
+	 * {@code OAuth2AccessToken#getExpiresAt() - clockSkew} is before the current time
+	 * {@code clock#instant()}.
 	 * @param clockSkew the maximum acceptable clock skew
 	 */
 	public void setClockSkew(Duration clockSkew) {
@@ -122,12 +132,13 @@ public final class ClientCredentialsOAuth2AuthorizedClientProvider implements OA
 	}
 
 	/**
-	 * Sets the {@link Clock} used in {@link Instant#now(Clock)} when checking the access token expiry.
-	 *
+	 * Sets the {@link Clock} used in {@link Instant#now(Clock)} when checking the access
+	 * token expiry.
 	 * @param clock the clock
 	 */
 	public void setClock(Clock clock) {
 		Assert.notNull(clock, "clock cannot be null");
 		this.clock = clock;
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ClientCredentialsReactiveOAuth2AuthorizedClientProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ClientCredentialsReactiveOAuth2AuthorizedClientProvider.java
index 71835832cb..3b9cfc78c3 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ClientCredentialsReactiveOAuth2AuthorizedClientProvider.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ClientCredentialsReactiveOAuth2AuthorizedClientProvider.java
@@ -30,29 +30,34 @@ import java.time.Duration;
 import java.time.Instant;
 
 /**
- * An implementation of a {@link ReactiveOAuth2AuthorizedClientProvider}
- * for the {@link AuthorizationGrantType#CLIENT_CREDENTIALS client_credentials} grant.
+ * An implementation of a {@link ReactiveOAuth2AuthorizedClientProvider} for the
+ * {@link AuthorizationGrantType#CLIENT_CREDENTIALS client_credentials} grant.
  *
  * @author Joe Grandja
  * @since 5.2
  * @see ReactiveOAuth2AuthorizedClientProvider
  * @see WebClientReactiveClientCredentialsTokenResponseClient
  */
-public final class ClientCredentialsReactiveOAuth2AuthorizedClientProvider implements ReactiveOAuth2AuthorizedClientProvider {
-	private ReactiveOAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest> accessTokenResponseClient =
-			new WebClientReactiveClientCredentialsTokenResponseClient();
+public final class ClientCredentialsReactiveOAuth2AuthorizedClientProvider
+		implements ReactiveOAuth2AuthorizedClientProvider {
+
+	private ReactiveOAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest> accessTokenResponseClient = new WebClientReactiveClientCredentialsTokenResponseClient();
+
 	private Duration clockSkew = Duration.ofSeconds(60);
+
 	private Clock clock = Clock.systemUTC();
 
 	/**
-	 * Attempt to authorize (or re-authorize) the {@link OAuth2AuthorizationContext#getClientRegistration() client} in the provided {@code context}.
-	 * Returns an empty {@code Mono} if authorization (or re-authorization) is not supported,
-	 * e.g. the client's {@link ClientRegistration#getAuthorizationGrantType() authorization grant type}
-	 * is not {@link AuthorizationGrantType#CLIENT_CREDENTIALS client_credentials} OR
-	 * the {@link OAuth2AuthorizedClient#getAccessToken() access token} is not expired.
-	 *
+	 * Attempt to authorize (or re-authorize) the
+	 * {@link OAuth2AuthorizationContext#getClientRegistration() client} in the provided
+	 * {@code context}. Returns an empty {@code Mono} if authorization (or
+	 * re-authorization) is not supported, e.g. the client's
+	 * {@link ClientRegistration#getAuthorizationGrantType() authorization grant type} is
+	 * not {@link AuthorizationGrantType#CLIENT_CREDENTIALS client_credentials} OR the
+	 * {@link OAuth2AuthorizedClient#getAccessToken() access token} is not expired.
 	 * @param context the context that holds authorization-specific state for the client
-	 * @return the {@link OAuth2AuthorizedClient} or an empty {@code Mono} if authorization (or re-authorization) is not supported
+	 * @return the {@link OAuth2AuthorizedClient} or an empty {@code Mono} if
+	 * authorization (or re-authorization) is not supported
 	 */
 	@Override
 	public Mono<OAuth2AuthorizedClient> authorize(OAuth2AuthorizationContext context) {
@@ -65,7 +70,8 @@ public final class ClientCredentialsReactiveOAuth2AuthorizedClientProvider imple
 
 		OAuth2AuthorizedClient authorizedClient = context.getAuthorizedClient();
 		if (authorizedClient != null && !hasTokenExpired(authorizedClient.getAccessToken())) {
-			// If client is already authorized but access token is NOT expired than no need for re-authorization
+			// If client is already authorized but access token is NOT expired than no
+			// need for re-authorization
 			return Mono.empty();
 		}
 
@@ -80,8 +86,8 @@ public final class ClientCredentialsReactiveOAuth2AuthorizedClientProvider imple
 				.flatMap(this.accessTokenResponseClient::getTokenResponse)
 				.onErrorMap(OAuth2AuthorizationException.class,
 						e -> new ClientAuthorizationException(e.getError(), clientRegistration.getRegistrationId(), e))
-				.map(tokenResponse -> new OAuth2AuthorizedClient(
-						clientRegistration, context.getPrincipal().getName(), tokenResponse.getAccessToken()));
+				.map(tokenResponse -> new OAuth2AuthorizedClient(clientRegistration, context.getPrincipal().getName(),
+						tokenResponse.getAccessToken()));
 	}
 
 	private boolean hasTokenExpired(AbstractOAuth2Token token) {
@@ -89,23 +95,26 @@ public final class ClientCredentialsReactiveOAuth2AuthorizedClientProvider imple
 	}
 
 	/**
-	 * Sets the client used when requesting an access token credential at the Token Endpoint for the {@code client_credentials} grant.
-	 *
-	 * @param accessTokenResponseClient the client used when requesting an access token credential at the Token Endpoint for the {@code client_credentials} grant
+	 * Sets the client used when requesting an access token credential at the Token
+	 * Endpoint for the {@code client_credentials} grant.
+	 * @param accessTokenResponseClient the client used when requesting an access token
+	 * credential at the Token Endpoint for the {@code client_credentials} grant
 	 */
-	public void setAccessTokenResponseClient(ReactiveOAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest> accessTokenResponseClient) {
+	public void setAccessTokenResponseClient(
+			ReactiveOAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest> accessTokenResponseClient) {
 		Assert.notNull(accessTokenResponseClient, "accessTokenResponseClient cannot be null");
 		this.accessTokenResponseClient = accessTokenResponseClient;
 	}
 
 	/**
 	 * Sets the maximum acceptable clock skew, which is used when checking the
-	 * {@link OAuth2AuthorizedClient#getAccessToken() access token} expiry. The default is 60 seconds.
+	 * {@link OAuth2AuthorizedClient#getAccessToken() access token} expiry. The default is
+	 * 60 seconds.
 	 *
 	 * <p>
-	 * An access token is considered expired if {@code OAuth2AccessToken#getExpiresAt() - clockSkew}
-	 * is before the current time {@code clock#instant()}.
-	 *
+	 * An access token is considered expired if
+	 * {@code OAuth2AccessToken#getExpiresAt() - clockSkew} is before the current time
+	 * {@code clock#instant()}.
 	 * @param clockSkew the maximum acceptable clock skew
 	 */
 	public void setClockSkew(Duration clockSkew) {
@@ -115,12 +124,13 @@ public final class ClientCredentialsReactiveOAuth2AuthorizedClientProvider imple
 	}
 
 	/**
-	 * Sets the {@link Clock} used in {@link Instant#now(Clock)} when checking the access token expiry.
-	 *
+	 * Sets the {@link Clock} used in {@link Instant#now(Clock)} when checking the access
+	 * token expiry.
 	 * @param clock the clock
 	 */
 	public void setClock(Clock clock) {
 		Assert.notNull(clock, "clock cannot be null");
 		this.clock = clock;
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/DelegatingOAuth2AuthorizedClientProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/DelegatingOAuth2AuthorizedClientProvider.java
index d57bcf8153..cd7148e25a 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/DelegatingOAuth2AuthorizedClientProvider.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/DelegatingOAuth2AuthorizedClientProvider.java
@@ -24,25 +24,27 @@ import java.util.Collections;
 import java.util.List;
 
 /**
- * An implementation of an {@link OAuth2AuthorizedClientProvider} that simply delegates
- * to it's internal {@code List} of {@link OAuth2AuthorizedClientProvider}(s).
+ * An implementation of an {@link OAuth2AuthorizedClientProvider} that simply delegates to
+ * it's internal {@code List} of {@link OAuth2AuthorizedClientProvider}(s).
  * <p>
  * Each provider is given a chance to
  * {@link OAuth2AuthorizedClientProvider#authorize(OAuth2AuthorizationContext) authorize}
- * the {@link OAuth2AuthorizationContext#getClientRegistration() client} in the provided context
- * with the first {@code non-null} {@link OAuth2AuthorizedClient} being returned.
+ * the {@link OAuth2AuthorizationContext#getClientRegistration() client} in the provided
+ * context with the first {@code non-null} {@link OAuth2AuthorizedClient} being returned.
  *
  * @author Joe Grandja
  * @since 5.2
  * @see OAuth2AuthorizedClientProvider
  */
 public final class DelegatingOAuth2AuthorizedClientProvider implements OAuth2AuthorizedClientProvider {
+
 	private final List<OAuth2AuthorizedClientProvider> authorizedClientProviders;
 
 	/**
-	 * Constructs a {@code DelegatingOAuth2AuthorizedClientProvider} using the provided parameters.
-	 *
-	 * @param authorizedClientProviders a list of {@link OAuth2AuthorizedClientProvider}(s)
+	 * Constructs a {@code DelegatingOAuth2AuthorizedClientProvider} using the provided
+	 * parameters.
+	 * @param authorizedClientProviders a list of
+	 * {@link OAuth2AuthorizedClientProvider}(s)
 	 */
 	public DelegatingOAuth2AuthorizedClientProvider(OAuth2AuthorizedClientProvider... authorizedClientProviders) {
 		Assert.notEmpty(authorizedClientProviders, "authorizedClientProviders cannot be empty");
@@ -50,9 +52,10 @@ public final class DelegatingOAuth2AuthorizedClientProvider implements OAuth2Aut
 	}
 
 	/**
-	 * Constructs a {@code DelegatingOAuth2AuthorizedClientProvider} using the provided parameters.
-	 *
-	 * @param authorizedClientProviders a {@code List} of {@link OAuth2AuthorizedClientProvider}(s)
+	 * Constructs a {@code DelegatingOAuth2AuthorizedClientProvider} using the provided
+	 * parameters.
+	 * @param authorizedClientProviders a {@code List} of
+	 * {@link OAuth2AuthorizedClientProvider}(s)
 	 */
 	public DelegatingOAuth2AuthorizedClientProvider(List<OAuth2AuthorizedClientProvider> authorizedClientProviders) {
 		Assert.notEmpty(authorizedClientProviders, "authorizedClientProviders cannot be empty");
@@ -71,4 +74,5 @@ public final class DelegatingOAuth2AuthorizedClientProvider implements OAuth2Aut
 		}
 		return null;
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/DelegatingReactiveOAuth2AuthorizedClientProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/DelegatingReactiveOAuth2AuthorizedClientProvider.java
index 1264d792c5..1d3c49e888 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/DelegatingReactiveOAuth2AuthorizedClientProvider.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/DelegatingReactiveOAuth2AuthorizedClientProvider.java
@@ -25,37 +25,44 @@ import java.util.Collections;
 import java.util.List;
 
 /**
- * An implementation of a {@link ReactiveOAuth2AuthorizedClientProvider} that simply delegates
- * to it's internal {@code List} of {@link ReactiveOAuth2AuthorizedClientProvider}(s).
+ * An implementation of a {@link ReactiveOAuth2AuthorizedClientProvider} that simply
+ * delegates to it's internal {@code List} of
+ * {@link ReactiveOAuth2AuthorizedClientProvider}(s).
  * <p>
  * Each provider is given a chance to
- * {@link ReactiveOAuth2AuthorizedClientProvider#authorize(OAuth2AuthorizationContext) authorize}
- * the {@link OAuth2AuthorizationContext#getClientRegistration() client} in the provided context
- * with the first available {@link OAuth2AuthorizedClient} being returned.
+ * {@link ReactiveOAuth2AuthorizedClientProvider#authorize(OAuth2AuthorizationContext)
+ * authorize} the {@link OAuth2AuthorizationContext#getClientRegistration() client} in the
+ * provided context with the first available {@link OAuth2AuthorizedClient} being
+ * returned.
  *
  * @author Joe Grandja
  * @since 5.2
  * @see ReactiveOAuth2AuthorizedClientProvider
  */
 public final class DelegatingReactiveOAuth2AuthorizedClientProvider implements ReactiveOAuth2AuthorizedClientProvider {
+
 	private final List<ReactiveOAuth2AuthorizedClientProvider> authorizedClientProviders;
 
 	/**
-	 * Constructs a {@code DelegatingReactiveOAuth2AuthorizedClientProvider} using the provided parameters.
-	 *
-	 * @param authorizedClientProviders a list of {@link ReactiveOAuth2AuthorizedClientProvider}(s)
+	 * Constructs a {@code DelegatingReactiveOAuth2AuthorizedClientProvider} using the
+	 * provided parameters.
+	 * @param authorizedClientProviders a list of
+	 * {@link ReactiveOAuth2AuthorizedClientProvider}(s)
 	 */
-	public DelegatingReactiveOAuth2AuthorizedClientProvider(ReactiveOAuth2AuthorizedClientProvider... authorizedClientProviders) {
+	public DelegatingReactiveOAuth2AuthorizedClientProvider(
+			ReactiveOAuth2AuthorizedClientProvider... authorizedClientProviders) {
 		Assert.notEmpty(authorizedClientProviders, "authorizedClientProviders cannot be empty");
 		this.authorizedClientProviders = Collections.unmodifiableList(Arrays.asList(authorizedClientProviders));
 	}
 
 	/**
-	 * Constructs a {@code DelegatingReactiveOAuth2AuthorizedClientProvider} using the provided parameters.
-	 *
-	 * @param authorizedClientProviders a {@code List} of {@link OAuth2AuthorizedClientProvider}(s)
+	 * Constructs a {@code DelegatingReactiveOAuth2AuthorizedClientProvider} using the
+	 * provided parameters.
+	 * @param authorizedClientProviders a {@code List} of
+	 * {@link OAuth2AuthorizedClientProvider}(s)
 	 */
-	public DelegatingReactiveOAuth2AuthorizedClientProvider(List<ReactiveOAuth2AuthorizedClientProvider> authorizedClientProviders) {
+	public DelegatingReactiveOAuth2AuthorizedClientProvider(
+			List<ReactiveOAuth2AuthorizedClientProvider> authorizedClientProviders) {
 		Assert.notEmpty(authorizedClientProviders, "authorizedClientProviders cannot be empty");
 		this.authorizedClientProviders = Collections.unmodifiableList(new ArrayList<>(authorizedClientProviders));
 	}
@@ -64,7 +71,7 @@ public final class DelegatingReactiveOAuth2AuthorizedClientProvider implements R
 	public Mono<OAuth2AuthorizedClient> authorize(OAuth2AuthorizationContext context) {
 		Assert.notNull(context, "context cannot be null");
 		return Flux.fromIterable(this.authorizedClientProviders)
-				.concatMap(authorizedClientProvider -> authorizedClientProvider.authorize(context))
-				.next();
+				.concatMap(authorizedClientProvider -> authorizedClientProvider.authorize(context)).next();
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/InMemoryOAuth2AuthorizedClientService.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/InMemoryOAuth2AuthorizedClientService.java
index 2164b4ba1d..480a659dfe 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/InMemoryOAuth2AuthorizedClientService.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/InMemoryOAuth2AuthorizedClientService.java
@@ -24,8 +24,8 @@ import java.util.Map;
 import java.util.concurrent.ConcurrentHashMap;
 
 /**
- * An {@link OAuth2AuthorizedClientService} that stores
- * {@link OAuth2AuthorizedClient Authorized Client(s)} in-memory.
+ * An {@link OAuth2AuthorizedClientService} that stores {@link OAuth2AuthorizedClient
+ * Authorized Client(s)} in-memory.
  *
  * @author Joe Grandja
  * @author Vedran Pavic
@@ -37,12 +37,14 @@ import java.util.concurrent.ConcurrentHashMap;
  * @see Authentication
  */
 public final class InMemoryOAuth2AuthorizedClientService implements OAuth2AuthorizedClientService {
+
 	private final Map<OAuth2AuthorizedClientId, OAuth2AuthorizedClient> authorizedClients;
+
 	private final ClientRegistrationRepository clientRegistrationRepository;
 
 	/**
-	 * Constructs an {@code InMemoryOAuth2AuthorizedClientService} using the provided parameters.
-	 *
+	 * Constructs an {@code InMemoryOAuth2AuthorizedClientService} using the provided
+	 * parameters.
 	 * @param clientRegistrationRepository the repository of client registrations
 	 */
 	public InMemoryOAuth2AuthorizedClientService(ClientRegistrationRepository clientRegistrationRepository) {
@@ -52,14 +54,16 @@ public final class InMemoryOAuth2AuthorizedClientService implements OAuth2Author
 	}
 
 	/**
-	 * Constructs an {@code InMemoryOAuth2AuthorizedClientService} using the provided parameters.
+	 * Constructs an {@code InMemoryOAuth2AuthorizedClientService} using the provided
+	 * parameters.
 	 *
 	 * @since 5.2
 	 * @param clientRegistrationRepository the repository of client registrations
-	 * @param authorizedClients the initial {@code Map} of authorized client(s) keyed by {@link OAuth2AuthorizedClientId}
+	 * @param authorizedClients the initial {@code Map} of authorized client(s) keyed by
+	 * {@link OAuth2AuthorizedClientId}
 	 */
 	public InMemoryOAuth2AuthorizedClientService(ClientRegistrationRepository clientRegistrationRepository,
-													Map<OAuth2AuthorizedClientId, OAuth2AuthorizedClient> authorizedClients) {
+			Map<OAuth2AuthorizedClientId, OAuth2AuthorizedClient> authorizedClients) {
 		Assert.notNull(clientRegistrationRepository, "clientRegistrationRepository cannot be null");
 		Assert.notEmpty(authorizedClients, "authorizedClients cannot be empty");
 		this.clientRegistrationRepository = clientRegistrationRepository;
@@ -68,7 +72,8 @@ public final class InMemoryOAuth2AuthorizedClientService implements OAuth2Author
 
 	@Override
 	@SuppressWarnings("unchecked")
-	public <T extends OAuth2AuthorizedClient> T loadAuthorizedClient(String clientRegistrationId, String principalName) {
+	public <T extends OAuth2AuthorizedClient> T loadAuthorizedClient(String clientRegistrationId,
+			String principalName) {
 		Assert.hasText(clientRegistrationId, "clientRegistrationId cannot be empty");
 		Assert.hasText(principalName, "principalName cannot be empty");
 		ClientRegistration registration = this.clientRegistrationRepository.findByRegistrationId(clientRegistrationId);
@@ -82,8 +87,8 @@ public final class InMemoryOAuth2AuthorizedClientService implements OAuth2Author
 	public void saveAuthorizedClient(OAuth2AuthorizedClient authorizedClient, Authentication principal) {
 		Assert.notNull(authorizedClient, "authorizedClient cannot be null");
 		Assert.notNull(principal, "principal cannot be null");
-		this.authorizedClients.put(new OAuth2AuthorizedClientId(authorizedClient.getClientRegistration().getRegistrationId(),
-				principal.getName()), authorizedClient);
+		this.authorizedClients.put(new OAuth2AuthorizedClientId(
+				authorizedClient.getClientRegistration().getRegistrationId(), principal.getName()), authorizedClient);
 	}
 
 	@Override
@@ -95,4 +100,5 @@ public final class InMemoryOAuth2AuthorizedClientService implements OAuth2Author
 			this.authorizedClients.remove(new OAuth2AuthorizedClientId(clientRegistrationId, principalName));
 		}
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/InMemoryReactiveOAuth2AuthorizedClientService.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/InMemoryReactiveOAuth2AuthorizedClientService.java
index 66091f8c90..4f58699305 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/InMemoryReactiveOAuth2AuthorizedClientService.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/InMemoryReactiveOAuth2AuthorizedClientService.java
@@ -25,8 +25,8 @@ import java.util.Map;
 import java.util.concurrent.ConcurrentHashMap;
 
 /**
- * An {@link OAuth2AuthorizedClientService} that stores
- * {@link OAuth2AuthorizedClient Authorized Client(s)} in-memory.
+ * An {@link OAuth2AuthorizedClientService} that stores {@link OAuth2AuthorizedClient
+ * Authorized Client(s)} in-memory.
  *
  * @author Rob Winch
  * @author Vedran Pavic
@@ -37,22 +37,26 @@ import java.util.concurrent.ConcurrentHashMap;
  * @see Authentication
  */
 public final class InMemoryReactiveOAuth2AuthorizedClientService implements ReactiveOAuth2AuthorizedClientService {
+
 	private final Map<OAuth2AuthorizedClientId, OAuth2AuthorizedClient> authorizedClients = new ConcurrentHashMap<>();
+
 	private final ReactiveClientRegistrationRepository clientRegistrationRepository;
 
 	/**
-	 * Constructs an {@code InMemoryReactiveOAuth2AuthorizedClientService} using the provided parameters.
-	 *
+	 * Constructs an {@code InMemoryReactiveOAuth2AuthorizedClientService} using the
+	 * provided parameters.
 	 * @param clientRegistrationRepository the repository of client registrations
 	 */
-	public InMemoryReactiveOAuth2AuthorizedClientService(ReactiveClientRegistrationRepository clientRegistrationRepository) {
+	public InMemoryReactiveOAuth2AuthorizedClientService(
+			ReactiveClientRegistrationRepository clientRegistrationRepository) {
 		Assert.notNull(clientRegistrationRepository, "clientRegistrationRepository cannot be null");
 		this.clientRegistrationRepository = clientRegistrationRepository;
 	}
 
 	@Override
 	@SuppressWarnings("unchecked")
-	public <T extends OAuth2AuthorizedClient> Mono<T> loadAuthorizedClient(String clientRegistrationId, String principalName) {
+	public <T extends OAuth2AuthorizedClient> Mono<T> loadAuthorizedClient(String clientRegistrationId,
+			String principalName) {
 		Assert.hasText(clientRegistrationId, "clientRegistrationId cannot be empty");
 		Assert.hasText(principalName, "principalName cannot be empty");
 		return (Mono<T>) this.clientRegistrationRepository.findByRegistrationId(clientRegistrationId)
@@ -77,7 +81,7 @@ public final class InMemoryReactiveOAuth2AuthorizedClientService implements Reac
 		Assert.hasText(principalName, "principalName cannot be empty");
 		return this.clientRegistrationRepository.findByRegistrationId(clientRegistrationId)
 				.map(clientRegistration -> new OAuth2AuthorizedClientId(clientRegistrationId, principalName))
-				.doOnNext(this.authorizedClients::remove)
-				.then(Mono.empty());
+				.doOnNext(this.authorizedClients::remove).then(Mono.empty());
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/JdbcOAuth2AuthorizedClientService.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/JdbcOAuth2AuthorizedClientService.java
index cd3da393ac..05bc2405d9 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/JdbcOAuth2AuthorizedClientService.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/JdbcOAuth2AuthorizedClientService.java
@@ -44,13 +44,14 @@ import java.util.Set;
 import java.util.function.Function;
 
 /**
- * A JDBC implementation of an {@link OAuth2AuthorizedClientService}
- * that uses a {@link JdbcOperations} for {@link OAuth2AuthorizedClient} persistence.
+ * A JDBC implementation of an {@link OAuth2AuthorizedClientService} that uses a
+ * {@link JdbcOperations} for {@link OAuth2AuthorizedClient} persistence.
  *
  * <p>
  * <b>NOTE:</b> This {@code OAuth2AuthorizedClientService} depends on the table definition
- * described in "classpath:org/springframework/security/oauth2/client/oauth2-client-schema.sql"
- * and therefore MUST be defined in the database schema.
+ * described in
+ * "classpath:org/springframework/security/oauth2/client/oauth2-client-schema.sql" and
+ * therefore MUST be defined in the database schema.
  *
  * @author Joe Grandja
  * @author Stav Shamir
@@ -61,41 +62,42 @@ import java.util.function.Function;
  * @see RowMapper
  */
 public class JdbcOAuth2AuthorizedClientService implements OAuth2AuthorizedClientService {
-	private static final String COLUMN_NAMES =
-			"client_registration_id, " +
-			"principal_name, " +
-			"access_token_type, " +
-			"access_token_value, " +
-			"access_token_issued_at, " +
-			"access_token_expires_at, " +
-			"access_token_scopes, " +
-			"refresh_token_value, " +
-			"refresh_token_issued_at";
+
+	private static final String COLUMN_NAMES = "client_registration_id, " + "principal_name, " + "access_token_type, "
+			+ "access_token_value, " + "access_token_issued_at, " + "access_token_expires_at, "
+			+ "access_token_scopes, " + "refresh_token_value, " + "refresh_token_issued_at";
+
 	private static final String TABLE_NAME = "oauth2_authorized_client";
+
 	private static final String PK_FILTER = "client_registration_id = ? AND principal_name = ?";
-	private static final String LOAD_AUTHORIZED_CLIENT_SQL = "SELECT " + COLUMN_NAMES +
-			" FROM " + TABLE_NAME + " WHERE " + PK_FILTER;
-	private static final String SAVE_AUTHORIZED_CLIENT_SQL = "INSERT INTO " + TABLE_NAME +
-			" (" + COLUMN_NAMES + ") VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)";
-	private static final String REMOVE_AUTHORIZED_CLIENT_SQL = "DELETE FROM " + TABLE_NAME +
-			" WHERE " + PK_FILTER;
-	private static final String UPDATE_AUTHORIZED_CLIENT_SQL = "UPDATE " + TABLE_NAME +
-			" SET access_token_type = ?, access_token_value = ?, access_token_issued_at = ?," +
-			" access_token_expires_at = ?, access_token_scopes = ?," +
-			" refresh_token_value = ?, refresh_token_issued_at = ?" +
-			" WHERE " + PK_FILTER;
+
+	private static final String LOAD_AUTHORIZED_CLIENT_SQL = "SELECT " + COLUMN_NAMES + " FROM " + TABLE_NAME
+			+ " WHERE " + PK_FILTER;
+
+	private static final String SAVE_AUTHORIZED_CLIENT_SQL = "INSERT INTO " + TABLE_NAME + " (" + COLUMN_NAMES
+			+ ") VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)";
+
+	private static final String REMOVE_AUTHORIZED_CLIENT_SQL = "DELETE FROM " + TABLE_NAME + " WHERE " + PK_FILTER;
+
+	private static final String UPDATE_AUTHORIZED_CLIENT_SQL = "UPDATE " + TABLE_NAME
+			+ " SET access_token_type = ?, access_token_value = ?, access_token_issued_at = ?,"
+			+ " access_token_expires_at = ?, access_token_scopes = ?,"
+			+ " refresh_token_value = ?, refresh_token_issued_at = ?" + " WHERE " + PK_FILTER;
+
 	protected final JdbcOperations jdbcOperations;
+
 	protected RowMapper<OAuth2AuthorizedClient> authorizedClientRowMapper;
+
 	protected Function<OAuth2AuthorizedClientHolder, List<SqlParameterValue>> authorizedClientParametersMapper;
 
 	/**
-	 * Constructs a {@code JdbcOAuth2AuthorizedClientService} using the provided parameters.
-	 *
+	 * Constructs a {@code JdbcOAuth2AuthorizedClientService} using the provided
+	 * parameters.
 	 * @param jdbcOperations the JDBC operations
 	 * @param clientRegistrationRepository the repository of client registrations
 	 */
-	public JdbcOAuth2AuthorizedClientService(
-			JdbcOperations jdbcOperations, ClientRegistrationRepository clientRegistrationRepository) {
+	public JdbcOAuth2AuthorizedClientService(JdbcOperations jdbcOperations,
+			ClientRegistrationRepository clientRegistrationRepository) {
 
 		Assert.notNull(jdbcOperations, "jdbcOperations cannot be null");
 		Assert.notNull(clientRegistrationRepository, "clientRegistrationRepository cannot be null");
@@ -106,18 +108,18 @@ public class JdbcOAuth2AuthorizedClientService implements OAuth2AuthorizedClient
 
 	@Override
 	@SuppressWarnings("unchecked")
-	public <T extends OAuth2AuthorizedClient> T loadAuthorizedClient(String clientRegistrationId, String principalName) {
+	public <T extends OAuth2AuthorizedClient> T loadAuthorizedClient(String clientRegistrationId,
+			String principalName) {
 		Assert.hasText(clientRegistrationId, "clientRegistrationId cannot be empty");
 		Assert.hasText(principalName, "principalName cannot be empty");
 
 		SqlParameterValue[] parameters = new SqlParameterValue[] {
 				new SqlParameterValue(Types.VARCHAR, clientRegistrationId),
-				new SqlParameterValue(Types.VARCHAR, principalName)
-		};
+				new SqlParameterValue(Types.VARCHAR, principalName) };
 		PreparedStatementSetter pss = new ArgumentPreparedStatementSetter(parameters);
 
-		List<OAuth2AuthorizedClient> result = this.jdbcOperations.query(
-				LOAD_AUTHORIZED_CLIENT_SQL, pss, this.authorizedClientRowMapper);
+		List<OAuth2AuthorizedClient> result = this.jdbcOperations.query(LOAD_AUTHORIZED_CLIENT_SQL, pss,
+				this.authorizedClientRowMapper);
 
 		return !result.isEmpty() ? (T) result.get(0) : null;
 	}
@@ -132,18 +134,20 @@ public class JdbcOAuth2AuthorizedClientService implements OAuth2AuthorizedClient
 
 		if (existsAuthorizedClient) {
 			updateAuthorizedClient(authorizedClient, principal);
-		} else {
+		}
+		else {
 			try {
 				insertAuthorizedClient(authorizedClient, principal);
-			} catch (DuplicateKeyException e) {
+			}
+			catch (DuplicateKeyException e) {
 				updateAuthorizedClient(authorizedClient, principal);
 			}
 		}
 	}
 
 	private void updateAuthorizedClient(OAuth2AuthorizedClient authorizedClient, Authentication principal) {
-		List<SqlParameterValue> parameters = this.authorizedClientParametersMapper.apply(
-				new OAuth2AuthorizedClientHolder(authorizedClient, principal));
+		List<SqlParameterValue> parameters = this.authorizedClientParametersMapper
+				.apply(new OAuth2AuthorizedClientHolder(authorizedClient, principal));
 
 		SqlParameterValue clientRegistrationIdParameter = parameters.remove(0);
 		SqlParameterValue principalNameParameter = parameters.remove(0);
@@ -156,8 +160,8 @@ public class JdbcOAuth2AuthorizedClientService implements OAuth2AuthorizedClient
 	}
 
 	private void insertAuthorizedClient(OAuth2AuthorizedClient authorizedClient, Authentication principal) {
-		List<SqlParameterValue> parameters = this.authorizedClientParametersMapper.apply(
-				new OAuth2AuthorizedClientHolder(authorizedClient, principal));
+		List<SqlParameterValue> parameters = this.authorizedClientParametersMapper
+				.apply(new OAuth2AuthorizedClientHolder(authorizedClient, principal));
 		PreparedStatementSetter pss = new ArgumentPreparedStatementSetter(parameters.toArray());
 
 		this.jdbcOperations.update(SAVE_AUTHORIZED_CLIENT_SQL, pss);
@@ -170,18 +174,18 @@ public class JdbcOAuth2AuthorizedClientService implements OAuth2AuthorizedClient
 
 		SqlParameterValue[] parameters = new SqlParameterValue[] {
 				new SqlParameterValue(Types.VARCHAR, clientRegistrationId),
-				new SqlParameterValue(Types.VARCHAR, principalName)
-		};
+				new SqlParameterValue(Types.VARCHAR, principalName) };
 		PreparedStatementSetter pss = new ArgumentPreparedStatementSetter(parameters);
 
 		this.jdbcOperations.update(REMOVE_AUTHORIZED_CLIENT_SQL, pss);
 	}
 
 	/**
-	 * Sets the {@link RowMapper} used for mapping the current row in {@code java.sql.ResultSet} to {@link OAuth2AuthorizedClient}.
-	 * The default is {@link OAuth2AuthorizedClientRowMapper}.
-	 *
-	 * @param authorizedClientRowMapper the {@link RowMapper} used for mapping the current row in {@code java.sql.ResultSet} to {@link OAuth2AuthorizedClient}
+	 * Sets the {@link RowMapper} used for mapping the current row in
+	 * {@code java.sql.ResultSet} to {@link OAuth2AuthorizedClient}. The default is
+	 * {@link OAuth2AuthorizedClientRowMapper}.
+	 * @param authorizedClientRowMapper the {@link RowMapper} used for mapping the current
+	 * row in {@code java.sql.ResultSet} to {@link OAuth2AuthorizedClient}
 	 */
 	public final void setAuthorizedClientRowMapper(RowMapper<OAuth2AuthorizedClient> authorizedClientRowMapper) {
 		Assert.notNull(authorizedClientRowMapper, "authorizedClientRowMapper cannot be null");
@@ -189,21 +193,24 @@ public class JdbcOAuth2AuthorizedClientService implements OAuth2AuthorizedClient
 	}
 
 	/**
-	 * Sets the {@code Function} used for mapping {@link OAuth2AuthorizedClientHolder} to a {@code List} of {@link SqlParameterValue}.
-	 * The default is {@link OAuth2AuthorizedClientParametersMapper}.
-	 *
-	 * @param authorizedClientParametersMapper the {@code Function} used for mapping {@link OAuth2AuthorizedClientHolder} to a {@code List} of {@link SqlParameterValue}
+	 * Sets the {@code Function} used for mapping {@link OAuth2AuthorizedClientHolder} to
+	 * a {@code List} of {@link SqlParameterValue}. The default is
+	 * {@link OAuth2AuthorizedClientParametersMapper}.
+	 * @param authorizedClientParametersMapper the {@code Function} used for mapping
+	 * {@link OAuth2AuthorizedClientHolder} to a {@code List} of {@link SqlParameterValue}
 	 */
-	public final void setAuthorizedClientParametersMapper(Function<OAuth2AuthorizedClientHolder, List<SqlParameterValue>> authorizedClientParametersMapper) {
+	public final void setAuthorizedClientParametersMapper(
+			Function<OAuth2AuthorizedClientHolder, List<SqlParameterValue>> authorizedClientParametersMapper) {
 		Assert.notNull(authorizedClientParametersMapper, "authorizedClientParametersMapper cannot be null");
 		this.authorizedClientParametersMapper = authorizedClientParametersMapper;
 	}
 
 	/**
-	 * The default {@link RowMapper} that maps the current row
-	 * in {@code java.sql.ResultSet} to {@link OAuth2AuthorizedClient}.
+	 * The default {@link RowMapper} that maps the current row in
+	 * {@code java.sql.ResultSet} to {@link OAuth2AuthorizedClient}.
 	 */
 	public static class OAuth2AuthorizedClientRowMapper implements RowMapper<OAuth2AuthorizedClient> {
+
 		protected final ClientRegistrationRepository clientRegistrationRepository;
 
 		public OAuth2AuthorizedClientRowMapper(ClientRegistrationRepository clientRegistrationRepository) {
@@ -214,17 +221,16 @@ public class JdbcOAuth2AuthorizedClientService implements OAuth2AuthorizedClient
 		@Override
 		public OAuth2AuthorizedClient mapRow(ResultSet rs, int rowNum) throws SQLException {
 			String clientRegistrationId = rs.getString("client_registration_id");
-			ClientRegistration clientRegistration = this.clientRegistrationRepository.findByRegistrationId(
-					clientRegistrationId);
+			ClientRegistration clientRegistration = this.clientRegistrationRepository
+					.findByRegistrationId(clientRegistrationId);
 			if (clientRegistration == null) {
-				throw new DataRetrievalFailureException("The ClientRegistration with id '" +
-						clientRegistrationId + "' exists in the data source, " +
-						"however, it was not found in the ClientRegistrationRepository.");
+				throw new DataRetrievalFailureException(
+						"The ClientRegistration with id '" + clientRegistrationId + "' exists in the data source, "
+								+ "however, it was not found in the ClientRegistrationRepository.");
 			}
 
 			OAuth2AccessToken.TokenType tokenType = null;
-			if (OAuth2AccessToken.TokenType.BEARER.getValue().equalsIgnoreCase(
-					rs.getString("access_token_type"))) {
+			if (OAuth2AccessToken.TokenType.BEARER.getValue().equalsIgnoreCase(rs.getString("access_token_type"))) {
 				tokenType = OAuth2AccessToken.TokenType.BEARER;
 			}
 			String tokenValue = new String(rs.getBytes("access_token_value"), StandardCharsets.UTF_8);
@@ -235,8 +241,7 @@ public class JdbcOAuth2AuthorizedClientService implements OAuth2AuthorizedClient
 			if (accessTokenScopes != null) {
 				scopes = StringUtils.commaDelimitedListToSet(accessTokenScopes);
 			}
-			OAuth2AccessToken accessToken = new OAuth2AccessToken(
-					tokenType, tokenValue, issuedAt, expiresAt, scopes);
+			OAuth2AccessToken accessToken = new OAuth2AccessToken(tokenType, tokenValue, issuedAt, expiresAt, scopes);
 
 			OAuth2RefreshToken refreshToken = null;
 			byte[] refreshTokenValue = rs.getBytes("refresh_token_value");
@@ -252,16 +257,17 @@ public class JdbcOAuth2AuthorizedClientService implements OAuth2AuthorizedClient
 
 			String principalName = rs.getString("principal_name");
 
-			return new OAuth2AuthorizedClient(
-					clientRegistration, principalName, accessToken, refreshToken);
+			return new OAuth2AuthorizedClient(clientRegistration, principalName, accessToken, refreshToken);
 		}
+
 	}
 
 	/**
-	 * The default {@code Function} that maps {@link OAuth2AuthorizedClientHolder}
-	 * to a {@code List} of {@link SqlParameterValue}.
+	 * The default {@code Function} that maps {@link OAuth2AuthorizedClientHolder} to a
+	 * {@code List} of {@link SqlParameterValue}.
 	 */
-	public static class OAuth2AuthorizedClientParametersMapper implements Function<OAuth2AuthorizedClientHolder, List<SqlParameterValue>> {
+	public static class OAuth2AuthorizedClientParametersMapper
+			implements Function<OAuth2AuthorizedClientHolder, List<SqlParameterValue>> {
 
 		@Override
 		public List<SqlParameterValue> apply(OAuth2AuthorizedClientHolder authorizedClientHolder) {
@@ -272,24 +278,18 @@ public class JdbcOAuth2AuthorizedClientService implements OAuth2AuthorizedClient
 			OAuth2RefreshToken refreshToken = authorizedClient.getRefreshToken();
 
 			List<SqlParameterValue> parameters = new ArrayList<>();
-			parameters.add(new SqlParameterValue(
-					Types.VARCHAR, clientRegistration.getRegistrationId()));
-			parameters.add(new SqlParameterValue(
-					Types.VARCHAR, principal.getName()));
-			parameters.add(new SqlParameterValue(
-					Types.VARCHAR, accessToken.getTokenType().getValue()));
-			parameters.add(new SqlParameterValue(
-					Types.BLOB, accessToken.getTokenValue().getBytes(StandardCharsets.UTF_8)));
-			parameters.add(new SqlParameterValue(
-					Types.TIMESTAMP, Timestamp.from(accessToken.getIssuedAt())));
-			parameters.add(new SqlParameterValue(
-					Types.TIMESTAMP, Timestamp.from(accessToken.getExpiresAt())));
+			parameters.add(new SqlParameterValue(Types.VARCHAR, clientRegistration.getRegistrationId()));
+			parameters.add(new SqlParameterValue(Types.VARCHAR, principal.getName()));
+			parameters.add(new SqlParameterValue(Types.VARCHAR, accessToken.getTokenType().getValue()));
+			parameters.add(
+					new SqlParameterValue(Types.BLOB, accessToken.getTokenValue().getBytes(StandardCharsets.UTF_8)));
+			parameters.add(new SqlParameterValue(Types.TIMESTAMP, Timestamp.from(accessToken.getIssuedAt())));
+			parameters.add(new SqlParameterValue(Types.TIMESTAMP, Timestamp.from(accessToken.getExpiresAt())));
 			String accessTokenScopes = null;
 			if (!CollectionUtils.isEmpty(accessToken.getScopes())) {
 				accessTokenScopes = StringUtils.collectionToDelimitedString(accessToken.getScopes(), ",");
 			}
-			parameters.add(new SqlParameterValue(
-					Types.VARCHAR, accessTokenScopes));
+			parameters.add(new SqlParameterValue(Types.VARCHAR, accessTokenScopes));
 			byte[] refreshTokenValue = null;
 			Timestamp refreshTokenIssuedAt = null;
 			if (refreshToken != null) {
@@ -298,25 +298,27 @@ public class JdbcOAuth2AuthorizedClientService implements OAuth2AuthorizedClient
 					refreshTokenIssuedAt = Timestamp.from(refreshToken.getIssuedAt());
 				}
 			}
-			parameters.add(new SqlParameterValue(
-					Types.BLOB, refreshTokenValue));
-			parameters.add(new SqlParameterValue(
-					Types.TIMESTAMP, refreshTokenIssuedAt));
+			parameters.add(new SqlParameterValue(Types.BLOB, refreshTokenValue));
+			parameters.add(new SqlParameterValue(Types.TIMESTAMP, refreshTokenIssuedAt));
 
 			return parameters;
 		}
+
 	}
 
 	/**
-	 * A holder for an {@link OAuth2AuthorizedClient} and End-User {@link Authentication} (Resource Owner).
+	 * A holder for an {@link OAuth2AuthorizedClient} and End-User {@link Authentication}
+	 * (Resource Owner).
 	 */
 	public static final class OAuth2AuthorizedClientHolder {
+
 		private final OAuth2AuthorizedClient authorizedClient;
+
 		private final Authentication principal;
 
 		/**
-		 * Constructs an {@code OAuth2AuthorizedClientHolder} using the provided parameters.
-		 *
+		 * Constructs an {@code OAuth2AuthorizedClientHolder} using the provided
+		 * parameters.
 		 * @param authorizedClient the authorized client
 		 * @param principal the End-User {@link Authentication} (Resource Owner)
 		 */
@@ -329,7 +331,6 @@ public class JdbcOAuth2AuthorizedClientService implements OAuth2AuthorizedClient
 
 		/**
 		 * Returns the {@link OAuth2AuthorizedClient}.
-		 *
 		 * @return the {@link OAuth2AuthorizedClient}
 		 */
 		public OAuth2AuthorizedClient getAuthorizedClient() {
@@ -338,11 +339,12 @@ public class JdbcOAuth2AuthorizedClientService implements OAuth2AuthorizedClient
 
 		/**
 		 * Returns the End-User {@link Authentication} (Resource Owner).
-		 *
 		 * @return the End-User {@link Authentication} (Resource Owner)
 		 */
 		public Authentication getPrincipal() {
 			return this.principal;
 		}
+
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizationContext.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizationContext.java
index 8bac099ae7..29fbf35c9c 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizationContext.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizationContext.java
@@ -28,33 +28,43 @@ import java.util.Map;
 import java.util.function.Consumer;
 
 /**
- * A context that holds authorization-specific state and is used by an {@link OAuth2AuthorizedClientProvider}
- * when attempting to authorize (or re-authorize) an OAuth 2.0 Client.
+ * A context that holds authorization-specific state and is used by an
+ * {@link OAuth2AuthorizedClientProvider} when attempting to authorize (or re-authorize)
+ * an OAuth 2.0 Client.
  *
  * @author Joe Grandja
  * @since 5.2
  * @see OAuth2AuthorizedClientProvider
  */
 public final class OAuth2AuthorizationContext {
-	/**
-	 * The name of the {@link #getAttribute(String) attribute} in the context associated to the value for the "request scope(s)".
-	 * The value of the attribute is a {@code String[]} of scope(s) to be requested by the {@link #getClientRegistration() client}.
-	 */
-	public static final String REQUEST_SCOPE_ATTRIBUTE_NAME = OAuth2AuthorizationContext.class.getName().concat(".REQUEST_SCOPE");
 
 	/**
-	 * The name of the {@link #getAttribute(String) attribute} in the context associated to the value for the resource owner's username.
+	 * The name of the {@link #getAttribute(String) attribute} in the context associated
+	 * to the value for the "request scope(s)". The value of the attribute is a
+	 * {@code String[]} of scope(s) to be requested by the {@link #getClientRegistration()
+	 * client}.
+	 */
+	public static final String REQUEST_SCOPE_ATTRIBUTE_NAME = OAuth2AuthorizationContext.class.getName()
+			.concat(".REQUEST_SCOPE");
+
+	/**
+	 * The name of the {@link #getAttribute(String) attribute} in the context associated
+	 * to the value for the resource owner's username.
 	 */
 	public static final String USERNAME_ATTRIBUTE_NAME = OAuth2AuthorizationContext.class.getName().concat(".USERNAME");
 
 	/**
-	 * The name of the {@link #getAttribute(String) attribute} in the context associated to the value for the resource owner's password.
+	 * The name of the {@link #getAttribute(String) attribute} in the context associated
+	 * to the value for the resource owner's password.
 	 */
 	public static final String PASSWORD_ATTRIBUTE_NAME = OAuth2AuthorizationContext.class.getName().concat(".PASSWORD");
 
 	private ClientRegistration clientRegistration;
+
 	private OAuth2AuthorizedClient authorizedClient;
+
 	private Authentication principal;
+
 	private Map<String, Object> attributes;
 
 	private OAuth2AuthorizationContext() {
@@ -62,7 +72,6 @@ public final class OAuth2AuthorizationContext {
 
 	/**
 	 * Returns the {@link ClientRegistration client registration}.
-	 *
 	 * @return the {@link ClientRegistration}
 	 */
 	public ClientRegistration getClientRegistration() {
@@ -70,10 +79,11 @@ public final class OAuth2AuthorizationContext {
 	}
 
 	/**
-	 * Returns the {@link OAuth2AuthorizedClient authorized client} or {@code null}
-	 * if the {@link #withClientRegistration(ClientRegistration) client registration} was supplied.
-	 *
-	 * @return the {@link OAuth2AuthorizedClient} or {@code null} if the client registration was supplied
+	 * Returns the {@link OAuth2AuthorizedClient authorized client} or {@code null} if the
+	 * {@link #withClientRegistration(ClientRegistration) client registration} was
+	 * supplied.
+	 * @return the {@link OAuth2AuthorizedClient} or {@code null} if the client
+	 * registration was supplied
 	 */
 	@Nullable
 	public OAuth2AuthorizedClient getAuthorizedClient() {
@@ -82,7 +92,6 @@ public final class OAuth2AuthorizationContext {
 
 	/**
 	 * Returns the {@code Principal} (to be) associated to the authorized client.
-	 *
 	 * @return the {@code Principal} (to be) associated to the authorized client
 	 */
 	public Authentication getPrincipal() {
@@ -91,7 +100,6 @@ public final class OAuth2AuthorizationContext {
 
 	/**
 	 * Returns the attributes associated to the context.
-	 *
 	 * @return a {@code Map} of the attributes associated to the context
 	 */
 	public Map<String, Object> getAttributes() {
@@ -99,8 +107,8 @@ public final class OAuth2AuthorizationContext {
 	}
 
 	/**
-	 * Returns the value of an attribute associated to the context or {@code null} if not available.
-	 *
+	 * Returns the value of an attribute associated to the context or {@code null} if not
+	 * available.
 	 * @param name the name of the attribute
 	 * @param <T> the type of the attribute
 	 * @return the value of the attribute associated to the context
@@ -113,7 +121,6 @@ public final class OAuth2AuthorizationContext {
 
 	/**
 	 * Returns a new {@link Builder} initialized with the {@link ClientRegistration}.
-	 *
 	 * @param clientRegistration the {@link ClientRegistration client registration}
 	 * @return the {@link Builder}
 	 */
@@ -123,7 +130,6 @@ public final class OAuth2AuthorizationContext {
 
 	/**
 	 * Returns a new {@link Builder} initialized with the {@link OAuth2AuthorizedClient}.
-	 *
 	 * @param authorizedClient the {@link OAuth2AuthorizedClient authorized client}
 	 * @return the {@link Builder}
 	 */
@@ -135,9 +141,13 @@ public final class OAuth2AuthorizationContext {
 	 * A builder for {@link OAuth2AuthorizationContext}.
 	 */
 	public static class Builder {
+
 		private ClientRegistration clientRegistration;
+
 		private OAuth2AuthorizedClient authorizedClient;
+
 		private Authentication principal;
+
 		private Map<String, Object> attributes;
 
 		private Builder(ClientRegistration clientRegistration) {
@@ -152,8 +162,8 @@ public final class OAuth2AuthorizationContext {
 
 		/**
 		 * Sets the {@code Principal} (to be) associated to the authorized client.
-		 *
-		 * @param principal the {@code Principal} (to be) associated to the authorized client
+		 * @param principal the {@code Principal} (to be) associated to the authorized
+		 * client
 		 * @return the {@link Builder}
 		 */
 		public Builder principal(Authentication principal) {
@@ -163,8 +173,8 @@ public final class OAuth2AuthorizationContext {
 
 		/**
 		 * Provides a {@link Consumer} access to the attributes associated to the context.
-		 *
-		 * @param attributesConsumer a {@link Consumer} of the attributes associated to the context
+		 * @param attributesConsumer a {@link Consumer} of the attributes associated to
+		 * the context
 		 * @return the {@link OAuth2AuthorizeRequest.Builder}
 		 */
 		public Builder attributes(Consumer<Map<String, Object>> attributesConsumer) {
@@ -177,7 +187,6 @@ public final class OAuth2AuthorizationContext {
 
 		/**
 		 * Sets an attribute associated to the context.
-		 *
 		 * @param name the name of the attribute
 		 * @param value the value of the attribute
 		 * @return the {@link Builder}
@@ -192,7 +201,6 @@ public final class OAuth2AuthorizationContext {
 
 		/**
 		 * Builds a new {@link OAuth2AuthorizationContext}.
-		 *
 		 * @return a {@link OAuth2AuthorizationContext}
 		 */
 		public OAuth2AuthorizationContext build() {
@@ -201,14 +209,16 @@ public final class OAuth2AuthorizationContext {
 			if (this.authorizedClient != null) {
 				context.clientRegistration = this.authorizedClient.getClientRegistration();
 				context.authorizedClient = this.authorizedClient;
-			} else {
+			}
+			else {
 				context.clientRegistration = this.clientRegistration;
 			}
 			context.principal = this.principal;
-			context.attributes = Collections.unmodifiableMap(
-					CollectionUtils.isEmpty(this.attributes) ?
-							Collections.emptyMap() : new LinkedHashMap<>(this.attributes));
+			context.attributes = Collections.unmodifiableMap(CollectionUtils.isEmpty(this.attributes)
+					? Collections.emptyMap() : new LinkedHashMap<>(this.attributes));
 			return context;
 		}
+
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizationFailureHandler.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizationFailureHandler.java
index c24141d8b4..7ddbecf503 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizationFailureHandler.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizationFailureHandler.java
@@ -21,8 +21,8 @@ import org.springframework.security.oauth2.core.OAuth2AuthorizationException;
 import java.util.Map;
 
 /**
- * Handles when an OAuth 2.0 Client fails to authorize (or re-authorize)
- * via the Authorization Server or Resource Server.
+ * Handles when an OAuth 2.0 Client fails to authorize (or re-authorize) via the
+ * Authorization Server or Resource Server.
  *
  * @author Joe Grandja
  * @since 5.3
@@ -33,16 +33,17 @@ import java.util.Map;
 public interface OAuth2AuthorizationFailureHandler {
 
 	/**
-	 * Called when an OAuth 2.0 Client fails to authorize (or re-authorize)
-	 * via the Authorization Server or Resource Server.
-	 *
+	 * Called when an OAuth 2.0 Client fails to authorize (or re-authorize) via the
+	 * Authorization Server or Resource Server.
 	 * @param authorizationException the exception that contains details about what failed
 	 * @param principal the {@code Principal} associated with the attempted authorization
-	 * @param attributes an immutable {@code Map} of (optional) attributes present under certain conditions.
-	 *                   For example, this might contain a {@code javax.servlet.http.HttpServletRequest}
-	 *                   and {@code javax.servlet.http.HttpServletResponse} if the authorization was performed
-	 *                   within the context of a {@code javax.servlet.ServletContext}.
+	 * @param attributes an immutable {@code Map} of (optional) attributes present under
+	 * certain conditions. For example, this might contain a
+	 * {@code javax.servlet.http.HttpServletRequest} and
+	 * {@code javax.servlet.http.HttpServletResponse} if the authorization was performed
+	 * within the context of a {@code javax.servlet.ServletContext}.
 	 */
-	void onAuthorizationFailure(OAuth2AuthorizationException authorizationException,
-			Authentication principal, Map<String, Object> attributes);
+	void onAuthorizationFailure(OAuth2AuthorizationException authorizationException, Authentication principal,
+			Map<String, Object> attributes);
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizationSuccessHandler.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizationSuccessHandler.java
index b350924ab5..c49129e26a 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizationSuccessHandler.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizationSuccessHandler.java
@@ -20,8 +20,8 @@ import org.springframework.security.core.Authentication;
 import java.util.Map;
 
 /**
- * Handles when an OAuth 2.0 Client has been successfully
- * authorized (or re-authorized) via the Authorization Server.
+ * Handles when an OAuth 2.0 Client has been successfully authorized (or re-authorized)
+ * via the Authorization Server.
  *
  * @author Joe Grandja
  * @since 5.3
@@ -32,16 +32,18 @@ import java.util.Map;
 public interface OAuth2AuthorizationSuccessHandler {
 
 	/**
-	 * Called when an OAuth 2.0 Client has been successfully
-	 * authorized (or re-authorized) via the Authorization Server.
-	 *
-	 * @param authorizedClient the client that was successfully authorized (or re-authorized)
+	 * Called when an OAuth 2.0 Client has been successfully authorized (or re-authorized)
+	 * via the Authorization Server.
+	 * @param authorizedClient the client that was successfully authorized (or
+	 * re-authorized)
 	 * @param principal the {@code Principal} associated with the authorized client
-	 * @param attributes an immutable {@code Map} of (optional) attributes present under certain conditions.
-	 *                   For example, this might contain a {@code javax.servlet.http.HttpServletRequest}
-	 *                   and {@code javax.servlet.http.HttpServletResponse} if the authorization was performed
-	 *                   within the context of a {@code javax.servlet.ServletContext}.
+	 * @param attributes an immutable {@code Map} of (optional) attributes present under
+	 * certain conditions. For example, this might contain a
+	 * {@code javax.servlet.http.HttpServletRequest} and
+	 * {@code javax.servlet.http.HttpServletResponse} if the authorization was performed
+	 * within the context of a {@code javax.servlet.ServletContext}.
 	 */
-	void onAuthorizationSuccess(OAuth2AuthorizedClient authorizedClient,
-			Authentication principal, Map<String, Object> attributes);
+	void onAuthorizationSuccess(OAuth2AuthorizedClient authorizedClient, Authentication principal,
+			Map<String, Object> attributes);
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizeRequest.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizeRequest.java
index a8aa973e2a..4520b2628e 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizeRequest.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizeRequest.java
@@ -30,17 +30,22 @@ import java.util.function.Consumer;
 
 /**
  * Represents a request the {@link OAuth2AuthorizedClientManager} uses to
- * {@link OAuth2AuthorizedClientManager#authorize(OAuth2AuthorizeRequest) authorize} (or re-authorize)
- * the {@link ClientRegistration client} identified by the provided {@link #getClientRegistrationId() clientRegistrationId}.
+ * {@link OAuth2AuthorizedClientManager#authorize(OAuth2AuthorizeRequest) authorize} (or
+ * re-authorize) the {@link ClientRegistration client} identified by the provided
+ * {@link #getClientRegistrationId() clientRegistrationId}.
  *
  * @author Joe Grandja
  * @since 5.2
  * @see OAuth2AuthorizedClientManager
  */
 public final class OAuth2AuthorizeRequest {
+
 	private String clientRegistrationId;
+
 	private OAuth2AuthorizedClient authorizedClient;
+
 	private Authentication principal;
+
 	private Map<String, Object> attributes;
 
 	private OAuth2AuthorizeRequest() {
@@ -48,7 +53,6 @@ public final class OAuth2AuthorizeRequest {
 
 	/**
 	 * Returns the identifier for the {@link ClientRegistration client registration}.
-	 *
 	 * @return the identifier for the client registration
 	 */
 	public String getClientRegistrationId() {
@@ -56,8 +60,8 @@ public final class OAuth2AuthorizeRequest {
 	}
 
 	/**
-	 * Returns the {@link OAuth2AuthorizedClient authorized client} or {@code null} if it was not provided.
-	 *
+	 * Returns the {@link OAuth2AuthorizedClient authorized client} or {@code null} if it
+	 * was not provided.
 	 * @return the {@link OAuth2AuthorizedClient} or {@code null} if it was not provided
 	 */
 	@Nullable
@@ -67,7 +71,6 @@ public final class OAuth2AuthorizeRequest {
 
 	/**
 	 * Returns the {@code Principal} (to be) associated to the authorized client.
-	 *
 	 * @return the {@code Principal} (to be) associated to the authorized client
 	 */
 	public Authentication getPrincipal() {
@@ -76,7 +79,6 @@ public final class OAuth2AuthorizeRequest {
 
 	/**
 	 * Returns the attributes associated to the request.
-	 *
 	 * @return a {@code Map} of the attributes associated to the request
 	 */
 	public Map<String, Object> getAttributes() {
@@ -84,8 +86,8 @@ public final class OAuth2AuthorizeRequest {
 	}
 
 	/**
-	 * Returns the value of an attribute associated to the request or {@code null} if not available.
-	 *
+	 * Returns the value of an attribute associated to the request or {@code null} if not
+	 * available.
 	 * @param name the name of the attribute
 	 * @param <T> the type of the attribute
 	 * @return the value of the attribute associated to the request
@@ -97,9 +99,10 @@ public final class OAuth2AuthorizeRequest {
 	}
 
 	/**
-	 * Returns a new {@link Builder} initialized with the identifier for the {@link ClientRegistration client registration}.
-	 *
-	 * @param clientRegistrationId the identifier for the {@link ClientRegistration client registration}
+	 * Returns a new {@link Builder} initialized with the identifier for the
+	 * {@link ClientRegistration client registration}.
+	 * @param clientRegistrationId the identifier for the {@link ClientRegistration client
+	 * registration}
 	 * @return the {@link Builder}
 	 */
 	public static Builder withClientRegistrationId(String clientRegistrationId) {
@@ -107,8 +110,8 @@ public final class OAuth2AuthorizeRequest {
 	}
 
 	/**
-	 * Returns a new {@link Builder} initialized with the {@link OAuth2AuthorizedClient authorized client}.
-	 *
+	 * Returns a new {@link Builder} initialized with the {@link OAuth2AuthorizedClient
+	 * authorized client}.
 	 * @param authorizedClient the {@link OAuth2AuthorizedClient authorized client}
 	 * @return the {@link Builder}
 	 */
@@ -120,9 +123,13 @@ public final class OAuth2AuthorizeRequest {
 	 * A builder for {@link OAuth2AuthorizeRequest}.
 	 */
 	public static class Builder {
+
 		private String clientRegistrationId;
+
 		private OAuth2AuthorizedClient authorizedClient;
+
 		private Authentication principal;
+
 		private Map<String, Object> attributes;
 
 		private Builder(String clientRegistrationId) {
@@ -136,10 +143,12 @@ public final class OAuth2AuthorizeRequest {
 		}
 
 		/**
-		 * Sets the name of the {@code Principal} (to be) associated to the authorized client.
+		 * Sets the name of the {@code Principal} (to be) associated to the authorized
+		 * client.
 		 *
 		 * @since 5.3
-		 * @param principalName the name of the {@code Principal} (to be) associated to the authorized client
+		 * @param principalName the name of the {@code Principal} (to be) associated to
+		 * the authorized client
 		 * @return the {@link Builder}
 		 */
 		public Builder principal(String principalName) {
@@ -164,8 +173,8 @@ public final class OAuth2AuthorizeRequest {
 
 		/**
 		 * Sets the {@code Principal} (to be) associated to the authorized client.
-		 *
-		 * @param principal the {@code Principal} (to be) associated to the authorized client
+		 * @param principal the {@code Principal} (to be) associated to the authorized
+		 * client
 		 * @return the {@link Builder}
 		 */
 		public Builder principal(Authentication principal) {
@@ -175,8 +184,8 @@ public final class OAuth2AuthorizeRequest {
 
 		/**
 		 * Provides a {@link Consumer} access to the attributes associated to the request.
-		 *
-		 * @param attributesConsumer a {@link Consumer} of the attributes associated to the request
+		 * @param attributesConsumer a {@link Consumer} of the attributes associated to
+		 * the request
 		 * @return the {@link Builder}
 		 */
 		public Builder attributes(Consumer<Map<String, Object>> attributesConsumer) {
@@ -189,7 +198,6 @@ public final class OAuth2AuthorizeRequest {
 
 		/**
 		 * Sets an attribute associated to the request.
-		 *
 		 * @param name the name of the attribute
 		 * @param value the value of the attribute
 		 * @return the {@link Builder}
@@ -204,23 +212,25 @@ public final class OAuth2AuthorizeRequest {
 
 		/**
 		 * Builds a new {@link OAuth2AuthorizeRequest}.
-		 *
 		 * @return a {@link OAuth2AuthorizeRequest}
 		 */
 		public OAuth2AuthorizeRequest build() {
 			Assert.notNull(this.principal, "principal cannot be null");
 			OAuth2AuthorizeRequest authorizeRequest = new OAuth2AuthorizeRequest();
 			if (this.authorizedClient != null) {
-				authorizeRequest.clientRegistrationId = this.authorizedClient.getClientRegistration().getRegistrationId();
+				authorizeRequest.clientRegistrationId = this.authorizedClient.getClientRegistration()
+						.getRegistrationId();
 				authorizeRequest.authorizedClient = this.authorizedClient;
-			} else {
+			}
+			else {
 				authorizeRequest.clientRegistrationId = this.clientRegistrationId;
 			}
 			authorizeRequest.principal = this.principal;
-			authorizeRequest.attributes = Collections.unmodifiableMap(
-					CollectionUtils.isEmpty(this.attributes) ?
-							Collections.emptyMap() : new LinkedHashMap<>(this.attributes));
+			authorizeRequest.attributes = Collections.unmodifiableMap(CollectionUtils.isEmpty(this.attributes)
+					? Collections.emptyMap() : new LinkedHashMap<>(this.attributes));
 			return authorizeRequest;
 		}
+
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClient.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClient.java
index e45fd060e6..04fa5b8cd1 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClient.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClient.java
@@ -27,12 +27,12 @@ import java.io.Serializable;
 /**
  * A representation of an OAuth 2.0 &quot;Authorized Client&quot;.
  * <p>
- * A client is considered &quot;authorized&quot; when the End-User (Resource Owner)
- * has granted authorization to the client to access it's protected resources.
+ * A client is considered &quot;authorized&quot; when the End-User (Resource Owner) has
+ * granted authorization to the client to access it's protected resources.
  * <p>
- * This class associates the {@link #getClientRegistration() Client}
- * to the {@link #getAccessToken() Access Token}
- * granted/authorized by the {@link #getPrincipalName() Resource Owner}.
+ * This class associates the {@link #getClientRegistration() Client} to the
+ * {@link #getAccessToken() Access Token} granted/authorized by the
+ * {@link #getPrincipalName() Resource Owner}.
  *
  * @author Joe Grandja
  * @since 5.0
@@ -41,33 +41,37 @@ import java.io.Serializable;
  * @see OAuth2RefreshToken
  */
 public class OAuth2AuthorizedClient implements Serializable {
+
 	private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
+
 	private final ClientRegistration clientRegistration;
+
 	private final String principalName;
+
 	private final OAuth2AccessToken accessToken;
+
 	private final OAuth2RefreshToken refreshToken;
 
 	/**
 	 * Constructs an {@code OAuth2AuthorizedClient} using the provided parameters.
-	 *
 	 * @param clientRegistration the authorized client's registration
 	 * @param principalName the name of the End-User {@code Principal} (Resource Owner)
 	 * @param accessToken the access token credential granted
 	 */
-	public OAuth2AuthorizedClient(ClientRegistration clientRegistration, String principalName, OAuth2AccessToken accessToken) {
+	public OAuth2AuthorizedClient(ClientRegistration clientRegistration, String principalName,
+			OAuth2AccessToken accessToken) {
 		this(clientRegistration, principalName, accessToken, null);
 	}
 
 	/**
 	 * Constructs an {@code OAuth2AuthorizedClient} using the provided parameters.
-	 *
 	 * @param clientRegistration the authorized client's registration
 	 * @param principalName the name of the End-User {@code Principal} (Resource Owner)
 	 * @param accessToken the access token credential granted
 	 * @param refreshToken the refresh token credential granted
 	 */
 	public OAuth2AuthorizedClient(ClientRegistration clientRegistration, String principalName,
-									OAuth2AccessToken accessToken, @Nullable OAuth2RefreshToken refreshToken) {
+			OAuth2AccessToken accessToken, @Nullable OAuth2RefreshToken refreshToken) {
 		Assert.notNull(clientRegistration, "clientRegistration cannot be null");
 		Assert.hasText(principalName, "principalName cannot be empty");
 		Assert.notNull(accessToken, "accessToken cannot be null");
@@ -79,7 +83,6 @@ public class OAuth2AuthorizedClient implements Serializable {
 
 	/**
 	 * Returns the authorized client's {@link ClientRegistration registration}.
-	 *
 	 * @return the {@link ClientRegistration}
 	 */
 	public ClientRegistration getClientRegistration() {
@@ -88,7 +91,6 @@ public class OAuth2AuthorizedClient implements Serializable {
 
 	/**
 	 * Returns the End-User's {@code Principal} name.
-	 *
 	 * @return the End-User's {@code Principal} name
 	 */
 	public String getPrincipalName() {
@@ -97,7 +99,6 @@ public class OAuth2AuthorizedClient implements Serializable {
 
 	/**
 	 * Returns the {@link OAuth2AccessToken access token} credential granted.
-	 *
 	 * @return the {@link OAuth2AccessToken}
 	 */
 	public OAuth2AccessToken getAccessToken() {
@@ -113,4 +114,5 @@ public class OAuth2AuthorizedClient implements Serializable {
 	public @Nullable OAuth2RefreshToken getRefreshToken() {
 		return this.refreshToken;
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientId.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientId.java
index 3c0cb7d40d..e36da1fa5e 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientId.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientId.java
@@ -30,13 +30,15 @@ import java.util.Objects;
  * @see OAuth2AuthorizedClientService
  */
 public final class OAuth2AuthorizedClientId implements Serializable {
+
 	private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
+
 	private final String clientRegistrationId;
+
 	private final String principalName;
 
 	/**
 	 * Constructs an {@code OAuth2AuthorizedClientId} using the provided parameters.
-	 *
 	 * @param clientRegistrationId the identifier for the client's registration
 	 * @param principalName the name of the End-User {@code Principal} (Resource Owner)
 	 */
@@ -64,4 +66,5 @@ public final class OAuth2AuthorizedClientId implements Serializable {
 	public int hashCode() {
 		return Objects.hash(this.clientRegistrationId, this.principalName);
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientManager.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientManager.java
index d8c0f1d3a1..4133fe8f6e 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientManager.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientManager.java
@@ -20,16 +20,16 @@ import org.springframework.security.oauth2.client.registration.ClientRegistratio
 import org.springframework.security.oauth2.client.web.OAuth2AuthorizedClientRepository;
 
 /**
- * Implementations of this interface are responsible for the overall management
- * of {@link OAuth2AuthorizedClient Authorized Client(s)}.
+ * Implementations of this interface are responsible for the overall management of
+ * {@link OAuth2AuthorizedClient Authorized Client(s)}.
  *
  * <p>
  * The primary responsibilities include:
  * <ol>
- *  <li>Authorizing (or re-authorizing) an OAuth 2.0 Client
- *  	by leveraging an {@link OAuth2AuthorizedClientProvider}(s).</li>
- *  <li>Delegating the persistence of an {@link OAuth2AuthorizedClient},
- *  	typically using an {@link OAuth2AuthorizedClientService} OR {@link OAuth2AuthorizedClientRepository}.</li>
+ * <li>Authorizing (or re-authorizing) an OAuth 2.0 Client by leveraging an
+ * {@link OAuth2AuthorizedClientProvider}(s).</li>
+ * <li>Delegating the persistence of an {@link OAuth2AuthorizedClient}, typically using an
+ * {@link OAuth2AuthorizedClientService} OR {@link OAuth2AuthorizedClientRepository}.</li>
  * </ol>
  *
  * @author Joe Grandja
@@ -43,20 +43,23 @@ import org.springframework.security.oauth2.client.web.OAuth2AuthorizedClientRepo
 public interface OAuth2AuthorizedClientManager {
 
 	/**
-	 * Attempt to authorize or re-authorize (if required) the {@link ClientRegistration client}
-	 * identified by the provided {@link OAuth2AuthorizeRequest#getClientRegistrationId() clientRegistrationId}.
-	 * Implementations must return {@code null} if authorization is not supported for the specified client,
-	 * e.g. the associated {@link OAuth2AuthorizedClientProvider}(s) does not support
-	 * the {@link ClientRegistration#getAuthorizationGrantType() authorization grant} type configured for the client.
+	 * Attempt to authorize or re-authorize (if required) the {@link ClientRegistration
+	 * client} identified by the provided
+	 * {@link OAuth2AuthorizeRequest#getClientRegistrationId() clientRegistrationId}.
+	 * Implementations must return {@code null} if authorization is not supported for the
+	 * specified client, e.g. the associated {@link OAuth2AuthorizedClientProvider}(s)
+	 * does not support the {@link ClientRegistration#getAuthorizationGrantType()
+	 * authorization grant} type configured for the client.
 	 *
 	 * <p>
-	 * In the case of re-authorization, implementations must return the provided {@link OAuth2AuthorizeRequest#getAuthorizedClient() authorized client}
-	 * if re-authorization is not supported for the client OR is not required,
-	 * e.g. a {@link OAuth2AuthorizedClient#getRefreshToken() refresh token} is not available OR
+	 * In the case of re-authorization, implementations must return the provided
+	 * {@link OAuth2AuthorizeRequest#getAuthorizedClient() authorized client} if
+	 * re-authorization is not supported for the client OR is not required, e.g. a
+	 * {@link OAuth2AuthorizedClient#getRefreshToken() refresh token} is not available OR
 	 * the {@link OAuth2AuthorizedClient#getAccessToken() access token} is not expired.
-	 *
 	 * @param authorizeRequest the authorize request
-	 * @return the {@link OAuth2AuthorizedClient} or {@code null} if authorization is not supported for the specified client
+	 * @return the {@link OAuth2AuthorizedClient} or {@code null} if authorization is not
+	 * supported for the specified client
 	 */
 	@Nullable
 	OAuth2AuthorizedClient authorize(OAuth2AuthorizeRequest authorizeRequest);
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientProvider.java
index ad96f4a985..d6f055c777 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientProvider.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientProvider.java
@@ -20,25 +20,30 @@ import org.springframework.security.oauth2.client.registration.ClientRegistratio
 import org.springframework.security.oauth2.core.AuthorizationGrantType;
 
 /**
- * A strategy for authorizing (or re-authorizing) an OAuth 2.0 Client.
- * Implementations will typically implement a specific {@link AuthorizationGrantType authorization grant} type.
+ * A strategy for authorizing (or re-authorizing) an OAuth 2.0 Client. Implementations
+ * will typically implement a specific {@link AuthorizationGrantType authorization grant}
+ * type.
  *
  * @author Joe Grandja
  * @since 5.2
  * @see OAuth2AuthorizedClient
  * @see OAuth2AuthorizationContext
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-1.3">Section 1.3 Authorization Grant</a>
+ * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-1.3">Section
+ * 1.3 Authorization Grant</a>
  */
 @FunctionalInterface
 public interface OAuth2AuthorizedClientProvider {
 
 	/**
-	 * Attempt to authorize (or re-authorize) the {@link OAuth2AuthorizationContext#getClientRegistration() client} in the provided context.
-	 * Implementations must return {@code null} if authorization is not supported for the specified client,
-	 * e.g. the provider doesn't support the {@link ClientRegistration#getAuthorizationGrantType() authorization grant} type configured for the client.
-	 *
+	 * Attempt to authorize (or re-authorize) the
+	 * {@link OAuth2AuthorizationContext#getClientRegistration() client} in the provided
+	 * context. Implementations must return {@code null} if authorization is not supported
+	 * for the specified client, e.g. the provider doesn't support the
+	 * {@link ClientRegistration#getAuthorizationGrantType() authorization grant} type
+	 * configured for the client.
 	 * @param context the context that holds authorization-specific state for the client
-	 * @return the {@link OAuth2AuthorizedClient} or {@code null} if authorization is not supported for the specified client
+	 * @return the {@link OAuth2AuthorizedClient} or {@code null} if authorization is not
+	 * supported for the specified client
 	 */
 	@Nullable
 	OAuth2AuthorizedClient authorize(OAuth2AuthorizationContext context);
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientProviderBuilder.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientProviderBuilder.java
index 7d02a4efcc..375eacffb3 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientProviderBuilder.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientProviderBuilder.java
@@ -32,11 +32,11 @@ import java.util.function.Consumer;
 
 /**
  * A builder that builds a {@link DelegatingOAuth2AuthorizedClientProvider} composed of
- * one or more {@link OAuth2AuthorizedClientProvider}(s) that implement specific authorization grants.
- * The supported authorization grants are {@link #authorizationCode() authorization_code},
- * {@link #refreshToken() refresh_token}, {@link #clientCredentials() client_credentials}
- * and {@link #password() password}.
- * In addition to the standard authorization grants, an implementation of an extension grant
+ * one or more {@link OAuth2AuthorizedClientProvider}(s) that implement specific
+ * authorization grants. The supported authorization grants are
+ * {@link #authorizationCode() authorization_code}, {@link #refreshToken() refresh_token},
+ * {@link #clientCredentials() client_credentials} and {@link #password() password}. In
+ * addition to the standard authorization grants, an implementation of an extension grant
  * may be supplied via {@link #provider(OAuth2AuthorizedClientProvider)}.
  *
  * @author Joe Grandja
@@ -49,14 +49,15 @@ import java.util.function.Consumer;
  * @see DelegatingOAuth2AuthorizedClientProvider
  */
 public final class OAuth2AuthorizedClientProviderBuilder {
+
 	private final Map<Class<?>, Builder> builders = new LinkedHashMap<>();
 
 	private OAuth2AuthorizedClientProviderBuilder() {
 	}
 
 	/**
-	 * Returns a new {@link OAuth2AuthorizedClientProviderBuilder} for configuring the supported authorization grant(s).
-	 *
+	 * Returns a new {@link OAuth2AuthorizedClientProviderBuilder} for configuring the
+	 * supported authorization grant(s).
 	 * @return the {@link OAuth2AuthorizedClientProviderBuilder}
 	 */
 	public static OAuth2AuthorizedClientProviderBuilder builder() {
@@ -64,9 +65,9 @@ public final class OAuth2AuthorizedClientProviderBuilder {
 	}
 
 	/**
-	 * Configures an {@link OAuth2AuthorizedClientProvider} to be composed with the {@link DelegatingOAuth2AuthorizedClientProvider}.
-	 * This may be used for implementations of extension authorization grants.
-	 *
+	 * Configures an {@link OAuth2AuthorizedClientProvider} to be composed with the
+	 * {@link DelegatingOAuth2AuthorizedClientProvider}. This may be used for
+	 * implementations of extension authorization grants.
 	 * @return the {@link OAuth2AuthorizedClientProviderBuilder}
 	 */
 	public OAuth2AuthorizedClientProviderBuilder provider(OAuth2AuthorizedClientProvider provider) {
@@ -77,11 +78,11 @@ public final class OAuth2AuthorizedClientProviderBuilder {
 
 	/**
 	 * Configures support for the {@code authorization_code} grant.
-	 *
 	 * @return the {@link OAuth2AuthorizedClientProviderBuilder}
 	 */
 	public OAuth2AuthorizedClientProviderBuilder authorizationCode() {
-		this.builders.computeIfAbsent(AuthorizationCodeOAuth2AuthorizedClientProvider.class, k -> new AuthorizationCodeGrantBuilder());
+		this.builders.computeIfAbsent(AuthorizationCodeOAuth2AuthorizedClientProvider.class,
+				k -> new AuthorizationCodeGrantBuilder());
 		return OAuth2AuthorizedClientProviderBuilder.this;
 	}
 
@@ -95,34 +96,34 @@ public final class OAuth2AuthorizedClientProviderBuilder {
 
 		/**
 		 * Builds an instance of {@link AuthorizationCodeOAuth2AuthorizedClientProvider}.
-		 *
 		 * @return the {@link AuthorizationCodeOAuth2AuthorizedClientProvider}
 		 */
 		@Override
 		public OAuth2AuthorizedClientProvider build() {
 			return new AuthorizationCodeOAuth2AuthorizedClientProvider();
 		}
+
 	}
 
 	/**
 	 * Configures support for the {@code refresh_token} grant.
-	 *
 	 * @return the {@link OAuth2AuthorizedClientProviderBuilder}
 	 */
 	public OAuth2AuthorizedClientProviderBuilder refreshToken() {
-		this.builders.computeIfAbsent(RefreshTokenOAuth2AuthorizedClientProvider.class, k -> new RefreshTokenGrantBuilder());
+		this.builders.computeIfAbsent(RefreshTokenOAuth2AuthorizedClientProvider.class,
+				k -> new RefreshTokenGrantBuilder());
 		return OAuth2AuthorizedClientProviderBuilder.this;
 	}
 
 	/**
 	 * Configures support for the {@code refresh_token} grant.
-	 *
-	 * @param builderConsumer a {@code Consumer} of {@link RefreshTokenGrantBuilder} used for further configuration
+	 * @param builderConsumer a {@code Consumer} of {@link RefreshTokenGrantBuilder} used
+	 * for further configuration
 	 * @return the {@link OAuth2AuthorizedClientProviderBuilder}
 	 */
 	public OAuth2AuthorizedClientProviderBuilder refreshToken(Consumer<RefreshTokenGrantBuilder> builderConsumer) {
-		RefreshTokenGrantBuilder builder = (RefreshTokenGrantBuilder) this.builders.computeIfAbsent(
-				RefreshTokenOAuth2AuthorizedClientProvider.class, k -> new RefreshTokenGrantBuilder());
+		RefreshTokenGrantBuilder builder = (RefreshTokenGrantBuilder) this.builders
+				.computeIfAbsent(RefreshTokenOAuth2AuthorizedClientProvider.class, k -> new RefreshTokenGrantBuilder());
 		builderConsumer.accept(builder);
 		return OAuth2AuthorizedClientProviderBuilder.this;
 	}
@@ -131,28 +132,33 @@ public final class OAuth2AuthorizedClientProviderBuilder {
 	 * A builder for the {@code refresh_token} grant.
 	 */
 	public class RefreshTokenGrantBuilder implements Builder {
+
 		private OAuth2AccessTokenResponseClient<OAuth2RefreshTokenGrantRequest> accessTokenResponseClient;
+
 		private Duration clockSkew;
+
 		private Clock clock;
 
 		private RefreshTokenGrantBuilder() {
 		}
 
 		/**
-		 * Sets the client used when requesting an access token credential at the Token Endpoint.
-		 *
-		 * @param accessTokenResponseClient the client used when requesting an access token credential at the Token Endpoint
+		 * Sets the client used when requesting an access token credential at the Token
+		 * Endpoint.
+		 * @param accessTokenResponseClient the client used when requesting an access
+		 * token credential at the Token Endpoint
 		 * @return the {@link RefreshTokenGrantBuilder}
 		 */
-		public RefreshTokenGrantBuilder accessTokenResponseClient(OAuth2AccessTokenResponseClient<OAuth2RefreshTokenGrantRequest> accessTokenResponseClient) {
+		public RefreshTokenGrantBuilder accessTokenResponseClient(
+				OAuth2AccessTokenResponseClient<OAuth2RefreshTokenGrantRequest> accessTokenResponseClient) {
 			this.accessTokenResponseClient = accessTokenResponseClient;
 			return this;
 		}
 
 		/**
-		 * Sets the maximum acceptable clock skew, which is used when checking the access token expiry.
-		 * An access token is considered expired if it's before {@code Instant.now(this.clock) - clockSkew}.
-		 *
+		 * Sets the maximum acceptable clock skew, which is used when checking the access
+		 * token expiry. An access token is considered expired if it's before
+		 * {@code Instant.now(this.clock) - clockSkew}.
 		 * @param clockSkew the maximum acceptable clock skew
 		 * @return the {@link RefreshTokenGrantBuilder}
 		 */
@@ -162,8 +168,8 @@ public final class OAuth2AuthorizedClientProviderBuilder {
 		}
 
 		/**
-		 * Sets the {@link Clock} used in {@link Instant#now(Clock)} when checking the access token expiry.
-		 *
+		 * Sets the {@link Clock} used in {@link Instant#now(Clock)} when checking the
+		 * access token expiry.
 		 * @param clock the clock
 		 * @return the {@link RefreshTokenGrantBuilder}
 		 */
@@ -174,7 +180,6 @@ public final class OAuth2AuthorizedClientProviderBuilder {
 
 		/**
 		 * Builds an instance of {@link RefreshTokenOAuth2AuthorizedClientProvider}.
-		 *
 		 * @return the {@link RefreshTokenOAuth2AuthorizedClientProvider}
 		 */
 		@Override
@@ -191,25 +196,27 @@ public final class OAuth2AuthorizedClientProviderBuilder {
 			}
 			return authorizedClientProvider;
 		}
+
 	}
 
 	/**
 	 * Configures support for the {@code client_credentials} grant.
-	 *
 	 * @return the {@link OAuth2AuthorizedClientProviderBuilder}
 	 */
 	public OAuth2AuthorizedClientProviderBuilder clientCredentials() {
-		this.builders.computeIfAbsent(ClientCredentialsOAuth2AuthorizedClientProvider.class, k -> new ClientCredentialsGrantBuilder());
+		this.builders.computeIfAbsent(ClientCredentialsOAuth2AuthorizedClientProvider.class,
+				k -> new ClientCredentialsGrantBuilder());
 		return OAuth2AuthorizedClientProviderBuilder.this;
 	}
 
 	/**
 	 * Configures support for the {@code client_credentials} grant.
-	 *
-	 * @param builderConsumer a {@code Consumer} of {@link ClientCredentialsGrantBuilder} used for further configuration
+	 * @param builderConsumer a {@code Consumer} of {@link ClientCredentialsGrantBuilder}
+	 * used for further configuration
 	 * @return the {@link OAuth2AuthorizedClientProviderBuilder}
 	 */
-	public OAuth2AuthorizedClientProviderBuilder clientCredentials(Consumer<ClientCredentialsGrantBuilder> builderConsumer) {
+	public OAuth2AuthorizedClientProviderBuilder clientCredentials(
+			Consumer<ClientCredentialsGrantBuilder> builderConsumer) {
 		ClientCredentialsGrantBuilder builder = (ClientCredentialsGrantBuilder) this.builders.computeIfAbsent(
 				ClientCredentialsOAuth2AuthorizedClientProvider.class, k -> new ClientCredentialsGrantBuilder());
 		builderConsumer.accept(builder);
@@ -220,28 +227,33 @@ public final class OAuth2AuthorizedClientProviderBuilder {
 	 * A builder for the {@code client_credentials} grant.
 	 */
 	public class ClientCredentialsGrantBuilder implements Builder {
+
 		private OAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest> accessTokenResponseClient;
+
 		private Duration clockSkew;
+
 		private Clock clock;
 
 		private ClientCredentialsGrantBuilder() {
 		}
 
 		/**
-		 * Sets the client used when requesting an access token credential at the Token Endpoint.
-		 *
-		 * @param accessTokenResponseClient the client used when requesting an access token credential at the Token Endpoint
+		 * Sets the client used when requesting an access token credential at the Token
+		 * Endpoint.
+		 * @param accessTokenResponseClient the client used when requesting an access
+		 * token credential at the Token Endpoint
 		 * @return the {@link ClientCredentialsGrantBuilder}
 		 */
-		public ClientCredentialsGrantBuilder accessTokenResponseClient(OAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest> accessTokenResponseClient) {
+		public ClientCredentialsGrantBuilder accessTokenResponseClient(
+				OAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest> accessTokenResponseClient) {
 			this.accessTokenResponseClient = accessTokenResponseClient;
 			return this;
 		}
 
 		/**
-		 * Sets the maximum acceptable clock skew, which is used when checking the access token expiry.
-		 * An access token is considered expired if it's before {@code Instant.now(this.clock) - clockSkew}.
-		 *
+		 * Sets the maximum acceptable clock skew, which is used when checking the access
+		 * token expiry. An access token is considered expired if it's before
+		 * {@code Instant.now(this.clock) - clockSkew}.
 		 * @param clockSkew the maximum acceptable clock skew
 		 * @return the {@link ClientCredentialsGrantBuilder}
 		 */
@@ -251,8 +263,8 @@ public final class OAuth2AuthorizedClientProviderBuilder {
 		}
 
 		/**
-		 * Sets the {@link Clock} used in {@link Instant#now(Clock)} when checking the access token expiry.
-		 *
+		 * Sets the {@link Clock} used in {@link Instant#now(Clock)} when checking the
+		 * access token expiry.
 		 * @param clock the clock
 		 * @return the {@link ClientCredentialsGrantBuilder}
 		 */
@@ -263,7 +275,6 @@ public final class OAuth2AuthorizedClientProviderBuilder {
 
 		/**
 		 * Builds an instance of {@link ClientCredentialsOAuth2AuthorizedClientProvider}.
-		 *
 		 * @return the {@link ClientCredentialsOAuth2AuthorizedClientProvider}
 		 */
 		@Override
@@ -280,11 +291,11 @@ public final class OAuth2AuthorizedClientProviderBuilder {
 			}
 			return authorizedClientProvider;
 		}
+
 	}
 
 	/**
 	 * Configures support for the {@code password} grant.
-	 *
 	 * @return the {@link OAuth2AuthorizedClientProviderBuilder}
 	 */
 	public OAuth2AuthorizedClientProviderBuilder password() {
@@ -294,13 +305,13 @@ public final class OAuth2AuthorizedClientProviderBuilder {
 
 	/**
 	 * Configures support for the {@code password} grant.
-	 *
-	 * @param builderConsumer a {@code Consumer} of {@link PasswordGrantBuilder} used for further configuration
+	 * @param builderConsumer a {@code Consumer} of {@link PasswordGrantBuilder} used for
+	 * further configuration
 	 * @return the {@link OAuth2AuthorizedClientProviderBuilder}
 	 */
 	public OAuth2AuthorizedClientProviderBuilder password(Consumer<PasswordGrantBuilder> builderConsumer) {
-		PasswordGrantBuilder builder = (PasswordGrantBuilder) this.builders.computeIfAbsent(
-				PasswordOAuth2AuthorizedClientProvider.class, k -> new PasswordGrantBuilder());
+		PasswordGrantBuilder builder = (PasswordGrantBuilder) this.builders
+				.computeIfAbsent(PasswordOAuth2AuthorizedClientProvider.class, k -> new PasswordGrantBuilder());
 		builderConsumer.accept(builder);
 		return OAuth2AuthorizedClientProviderBuilder.this;
 	}
@@ -309,28 +320,33 @@ public final class OAuth2AuthorizedClientProviderBuilder {
 	 * A builder for the {@code password} grant.
 	 */
 	public class PasswordGrantBuilder implements Builder {
+
 		private OAuth2AccessTokenResponseClient<OAuth2PasswordGrantRequest> accessTokenResponseClient;
+
 		private Duration clockSkew;
+
 		private Clock clock;
 
 		private PasswordGrantBuilder() {
 		}
 
 		/**
-		 * Sets the client used when requesting an access token credential at the Token Endpoint.
-		 *
-		 * @param accessTokenResponseClient the client used when requesting an access token credential at the Token Endpoint
+		 * Sets the client used when requesting an access token credential at the Token
+		 * Endpoint.
+		 * @param accessTokenResponseClient the client used when requesting an access
+		 * token credential at the Token Endpoint
 		 * @return the {@link PasswordGrantBuilder}
 		 */
-		public PasswordGrantBuilder accessTokenResponseClient(OAuth2AccessTokenResponseClient<OAuth2PasswordGrantRequest> accessTokenResponseClient) {
+		public PasswordGrantBuilder accessTokenResponseClient(
+				OAuth2AccessTokenResponseClient<OAuth2PasswordGrantRequest> accessTokenResponseClient) {
 			this.accessTokenResponseClient = accessTokenResponseClient;
 			return this;
 		}
 
 		/**
-		 * Sets the maximum acceptable clock skew, which is used when checking the access token expiry.
-		 * An access token is considered expired if it's before {@code Instant.now(this.clock) - clockSkew}.
-		 *
+		 * Sets the maximum acceptable clock skew, which is used when checking the access
+		 * token expiry. An access token is considered expired if it's before
+		 * {@code Instant.now(this.clock) - clockSkew}.
 		 * @param clockSkew the maximum acceptable clock skew
 		 * @return the {@link PasswordGrantBuilder}
 		 */
@@ -340,8 +356,8 @@ public final class OAuth2AuthorizedClientProviderBuilder {
 		}
 
 		/**
-		 * Sets the {@link Clock} used in {@link Instant#now(Clock)} when checking the access token expiry.
-		 *
+		 * Sets the {@link Clock} used in {@link Instant#now(Clock)} when checking the
+		 * access token expiry.
 		 * @param clock the clock
 		 * @return the {@link PasswordGrantBuilder}
 		 */
@@ -352,7 +368,6 @@ public final class OAuth2AuthorizedClientProviderBuilder {
 
 		/**
 		 * Builds an instance of {@link PasswordOAuth2AuthorizedClientProvider}.
-		 *
 		 * @return the {@link PasswordOAuth2AuthorizedClientProvider}
 		 */
 		@Override
@@ -369,12 +384,12 @@ public final class OAuth2AuthorizedClientProviderBuilder {
 			}
 			return authorizedClientProvider;
 		}
+
 	}
 
 	/**
-	 * Builds an instance of {@link DelegatingOAuth2AuthorizedClientProvider}
-	 * composed of one or more {@link OAuth2AuthorizedClientProvider}(s).
-	 *
+	 * Builds an instance of {@link DelegatingOAuth2AuthorizedClientProvider} composed of
+	 * one or more {@link OAuth2AuthorizedClientProvider}(s).
 	 * @return the {@link DelegatingOAuth2AuthorizedClientProvider}
 	 */
 	public OAuth2AuthorizedClientProvider build() {
@@ -386,6 +401,9 @@ public final class OAuth2AuthorizedClientProviderBuilder {
 	}
 
 	interface Builder {
+
 		OAuth2AuthorizedClientProvider build();
+
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientService.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientService.java
index 4a275287dd..47786cde16 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientService.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientService.java
@@ -20,12 +20,12 @@ import org.springframework.security.oauth2.client.registration.ClientRegistratio
 import org.springframework.security.oauth2.core.OAuth2AccessToken;
 
 /**
- * Implementations of this interface are responsible for the management
- * of {@link OAuth2AuthorizedClient Authorized Client(s)}, which provide the purpose
- * of associating an {@link OAuth2AuthorizedClient#getAccessToken() Access Token} credential
+ * Implementations of this interface are responsible for the management of
+ * {@link OAuth2AuthorizedClient Authorized Client(s)}, which provide the purpose of
+ * associating an {@link OAuth2AuthorizedClient#getAccessToken() Access Token} credential
  * to a {@link OAuth2AuthorizedClient#getClientRegistration() Client} and Resource Owner,
- * who is the {@link OAuth2AuthorizedClient#getPrincipalName() Principal}
- * that originally granted the authorization.
+ * who is the {@link OAuth2AuthorizedClient#getPrincipalName() Principal} that originally
+ * granted the authorization.
  *
  * @author Joe Grandja
  * @since 5.0
@@ -37,10 +37,9 @@ import org.springframework.security.oauth2.core.OAuth2AccessToken;
 public interface OAuth2AuthorizedClientService {
 
 	/**
-	 * Returns the {@link OAuth2AuthorizedClient} associated to the
-	 * provided client registration identifier and End-User's {@code Principal} name
-	 * or {@code null} if not available.
-	 *
+	 * Returns the {@link OAuth2AuthorizedClient} associated to the provided client
+	 * registration identifier and End-User's {@code Principal} name or {@code null} if
+	 * not available.
 	 * @param clientRegistrationId the identifier for the client's registration
 	 * @param principalName the name of the End-User {@code Principal} (Resource Owner)
 	 * @param <T> a type of OAuth2AuthorizedClient
@@ -49,18 +48,16 @@ public interface OAuth2AuthorizedClientService {
 	<T extends OAuth2AuthorizedClient> T loadAuthorizedClient(String clientRegistrationId, String principalName);
 
 	/**
-	 * Saves the {@link OAuth2AuthorizedClient} associating it to
-	 * the provided End-User {@link Authentication} (Resource Owner).
-	 *
+	 * Saves the {@link OAuth2AuthorizedClient} associating it to the provided End-User
+	 * {@link Authentication} (Resource Owner).
 	 * @param authorizedClient the authorized client
 	 * @param principal the End-User {@link Authentication} (Resource Owner)
 	 */
 	void saveAuthorizedClient(OAuth2AuthorizedClient authorizedClient, Authentication principal);
 
 	/**
-	 * Removes the {@link OAuth2AuthorizedClient} associated to the
-	 * provided client registration identifier and End-User's {@code Principal} name.
-	 *
+	 * Removes the {@link OAuth2AuthorizedClient} associated to the provided client
+	 * registration identifier and End-User's {@code Principal} name.
 	 * @param clientRegistrationId the identifier for the client's registration
 	 * @param principalName the name of the End-User {@code Principal} (Resource Owner)
 	 */
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/PasswordOAuth2AuthorizedClientProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/PasswordOAuth2AuthorizedClientProvider.java
index e40522a7e5..921f588031 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/PasswordOAuth2AuthorizedClientProvider.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/PasswordOAuth2AuthorizedClientProvider.java
@@ -32,8 +32,8 @@ import java.time.Duration;
 import java.time.Instant;
 
 /**
- * An implementation of an {@link OAuth2AuthorizedClientProvider}
- * for the {@link AuthorizationGrantType#PASSWORD password} grant.
+ * An implementation of an {@link OAuth2AuthorizedClientProvider} for the
+ * {@link AuthorizationGrantType#PASSWORD password} grant.
  *
  * @author Joe Grandja
  * @since 5.2
@@ -41,30 +41,36 @@ import java.time.Instant;
  * @see DefaultPasswordTokenResponseClient
  */
 public final class PasswordOAuth2AuthorizedClientProvider implements OAuth2AuthorizedClientProvider {
-	private OAuth2AccessTokenResponseClient<OAuth2PasswordGrantRequest> accessTokenResponseClient =
-			new DefaultPasswordTokenResponseClient();
+
+	private OAuth2AccessTokenResponseClient<OAuth2PasswordGrantRequest> accessTokenResponseClient = new DefaultPasswordTokenResponseClient();
+
 	private Duration clockSkew = Duration.ofSeconds(60);
+
 	private Clock clock = Clock.systemUTC();
 
 	/**
-	 * Attempt to authorize (or re-authorize) the {@link OAuth2AuthorizationContext#getClientRegistration() client} in the provided {@code context}.
-	 * Returns {@code null} if authorization (or re-authorization) is not supported,
-	 * e.g. the client's {@link ClientRegistration#getAuthorizationGrantType() authorization grant type}
-	 * is not {@link AuthorizationGrantType#PASSWORD password} OR
-	 * the {@link OAuth2AuthorizationContext#USERNAME_ATTRIBUTE_NAME username} and/or
-	 * {@link OAuth2AuthorizationContext#PASSWORD_ATTRIBUTE_NAME password} attributes
-	 * are not available in the provided {@code context} OR
-	 * the {@link OAuth2AuthorizedClient#getAccessToken() access token} is not expired.
+	 * Attempt to authorize (or re-authorize) the
+	 * {@link OAuth2AuthorizationContext#getClientRegistration() client} in the provided
+	 * {@code context}. Returns {@code null} if authorization (or re-authorization) is not
+	 * supported, e.g. the client's {@link ClientRegistration#getAuthorizationGrantType()
+	 * authorization grant type} is not {@link AuthorizationGrantType#PASSWORD password}
+	 * OR the {@link OAuth2AuthorizationContext#USERNAME_ATTRIBUTE_NAME username} and/or
+	 * {@link OAuth2AuthorizationContext#PASSWORD_ATTRIBUTE_NAME password} attributes are
+	 * not available in the provided {@code context} OR the
+	 * {@link OAuth2AuthorizedClient#getAccessToken() access token} is not expired.
 	 *
 	 * <p>
-	 * The following {@link OAuth2AuthorizationContext#getAttributes() context attributes} are supported:
+	 * The following {@link OAuth2AuthorizationContext#getAttributes() context attributes}
+	 * are supported:
 	 * <ol>
-	 *  <li>{@link OAuth2AuthorizationContext#USERNAME_ATTRIBUTE_NAME} (required) - a {@code String} value for the resource owner's username</li>
-	 *  <li>{@link OAuth2AuthorizationContext#PASSWORD_ATTRIBUTE_NAME} (required) - a {@code String} value for the resource owner's password</li>
+	 * <li>{@link OAuth2AuthorizationContext#USERNAME_ATTRIBUTE_NAME} (required) - a
+	 * {@code String} value for the resource owner's username</li>
+	 * <li>{@link OAuth2AuthorizationContext#PASSWORD_ATTRIBUTE_NAME} (required) - a
+	 * {@code String} value for the resource owner's password</li>
 	 * </ol>
-	 *
 	 * @param context the context that holds authorization-specific state for the client
-	 * @return the {@link OAuth2AuthorizedClient} or {@code null} if authorization (or re-authorization) is not supported
+	 * @return the {@link OAuth2AuthorizedClient} or {@code null} if authorization (or
+	 * re-authorization) is not supported
 	 */
 	@Override
 	@Nullable
@@ -85,23 +91,28 @@ public final class PasswordOAuth2AuthorizedClientProvider implements OAuth2Autho
 		}
 
 		if (authorizedClient != null && !hasTokenExpired(authorizedClient.getAccessToken())) {
-			// If client is already authorized and access token is NOT expired than no need for re-authorization
+			// If client is already authorized and access token is NOT expired than no
+			// need for re-authorization
 			return null;
 		}
 
-		if (authorizedClient != null && hasTokenExpired(authorizedClient.getAccessToken()) && authorizedClient.getRefreshToken() != null) {
-			// If client is already authorized and access token is expired and a refresh token is available,
-			// than return and allow RefreshTokenOAuth2AuthorizedClientProvider to handle the refresh
+		if (authorizedClient != null && hasTokenExpired(authorizedClient.getAccessToken())
+				&& authorizedClient.getRefreshToken() != null) {
+			// If client is already authorized and access token is expired and a refresh
+			// token is available,
+			// than return and allow RefreshTokenOAuth2AuthorizedClientProvider to handle
+			// the refresh
 			return null;
 		}
 
-		OAuth2PasswordGrantRequest passwordGrantRequest =
-				new OAuth2PasswordGrantRequest(clientRegistration, username, password);
+		OAuth2PasswordGrantRequest passwordGrantRequest = new OAuth2PasswordGrantRequest(clientRegistration, username,
+				password);
 
 		OAuth2AccessTokenResponse tokenResponse;
 		try {
 			tokenResponse = this.accessTokenResponseClient.getTokenResponse(passwordGrantRequest);
-		} catch (OAuth2AuthorizationException ex) {
+		}
+		catch (OAuth2AuthorizationException ex) {
 			throw new ClientAuthorizationException(ex.getError(), clientRegistration.getRegistrationId(), ex);
 		}
 
@@ -114,23 +125,26 @@ public final class PasswordOAuth2AuthorizedClientProvider implements OAuth2Autho
 	}
 
 	/**
-	 * Sets the client used when requesting an access token credential at the Token Endpoint for the {@code password} grant.
-	 *
-	 * @param accessTokenResponseClient the client used when requesting an access token credential at the Token Endpoint for the {@code password} grant
+	 * Sets the client used when requesting an access token credential at the Token
+	 * Endpoint for the {@code password} grant.
+	 * @param accessTokenResponseClient the client used when requesting an access token
+	 * credential at the Token Endpoint for the {@code password} grant
 	 */
-	public void setAccessTokenResponseClient(OAuth2AccessTokenResponseClient<OAuth2PasswordGrantRequest> accessTokenResponseClient) {
+	public void setAccessTokenResponseClient(
+			OAuth2AccessTokenResponseClient<OAuth2PasswordGrantRequest> accessTokenResponseClient) {
 		Assert.notNull(accessTokenResponseClient, "accessTokenResponseClient cannot be null");
 		this.accessTokenResponseClient = accessTokenResponseClient;
 	}
 
 	/**
 	 * Sets the maximum acceptable clock skew, which is used when checking the
-	 * {@link OAuth2AuthorizedClient#getAccessToken() access token} expiry. The default is 60 seconds.
+	 * {@link OAuth2AuthorizedClient#getAccessToken() access token} expiry. The default is
+	 * 60 seconds.
 	 *
 	 * <p>
-	 * An access token is considered expired if {@code OAuth2AccessToken#getExpiresAt() - clockSkew}
-	 * is before the current time {@code clock#instant()}.
-	 *
+	 * An access token is considered expired if
+	 * {@code OAuth2AccessToken#getExpiresAt() - clockSkew} is before the current time
+	 * {@code clock#instant()}.
 	 * @param clockSkew the maximum acceptable clock skew
 	 */
 	public void setClockSkew(Duration clockSkew) {
@@ -140,12 +154,13 @@ public final class PasswordOAuth2AuthorizedClientProvider implements OAuth2Autho
 	}
 
 	/**
-	 * Sets the {@link Clock} used in {@link Instant#now(Clock)} when checking the access token expiry.
-	 *
+	 * Sets the {@link Clock} used in {@link Instant#now(Clock)} when checking the access
+	 * token expiry.
 	 * @param clock the clock
 	 */
 	public void setClock(Clock clock) {
 		Assert.notNull(clock, "clock cannot be null");
 		this.clock = clock;
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/PasswordReactiveOAuth2AuthorizedClientProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/PasswordReactiveOAuth2AuthorizedClientProvider.java
index 971170aef6..b4ad2e52a8 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/PasswordReactiveOAuth2AuthorizedClientProvider.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/PasswordReactiveOAuth2AuthorizedClientProvider.java
@@ -31,8 +31,8 @@ import java.time.Duration;
 import java.time.Instant;
 
 /**
- * An implementation of a {@link ReactiveOAuth2AuthorizedClientProvider}
- * for the {@link AuthorizationGrantType#PASSWORD password} grant.
+ * An implementation of a {@link ReactiveOAuth2AuthorizedClientProvider} for the
+ * {@link AuthorizationGrantType#PASSWORD password} grant.
  *
  * @author Joe Grandja
  * @since 5.2
@@ -40,30 +40,37 @@ import java.time.Instant;
  * @see WebClientReactivePasswordTokenResponseClient
  */
 public final class PasswordReactiveOAuth2AuthorizedClientProvider implements ReactiveOAuth2AuthorizedClientProvider {
-	private ReactiveOAuth2AccessTokenResponseClient<OAuth2PasswordGrantRequest> accessTokenResponseClient =
-			new WebClientReactivePasswordTokenResponseClient();
+
+	private ReactiveOAuth2AccessTokenResponseClient<OAuth2PasswordGrantRequest> accessTokenResponseClient = new WebClientReactivePasswordTokenResponseClient();
+
 	private Duration clockSkew = Duration.ofSeconds(60);
+
 	private Clock clock = Clock.systemUTC();
 
 	/**
-	 * Attempt to authorize (or re-authorize) the {@link OAuth2AuthorizationContext#getClientRegistration() client} in the provided {@code context}.
-	 * Returns an empty {@code Mono} if authorization (or re-authorization) is not supported,
-	 * e.g. the client's {@link ClientRegistration#getAuthorizationGrantType() authorization grant type}
-	 * is not {@link AuthorizationGrantType#PASSWORD password} OR
-	 * the {@link OAuth2AuthorizationContext#USERNAME_ATTRIBUTE_NAME username} and/or
-	 * {@link OAuth2AuthorizationContext#PASSWORD_ATTRIBUTE_NAME password} attributes
-	 * are not available in the provided {@code context} OR
-	 * the {@link OAuth2AuthorizedClient#getAccessToken() access token} is not expired.
+	 * Attempt to authorize (or re-authorize) the
+	 * {@link OAuth2AuthorizationContext#getClientRegistration() client} in the provided
+	 * {@code context}. Returns an empty {@code Mono} if authorization (or
+	 * re-authorization) is not supported, e.g. the client's
+	 * {@link ClientRegistration#getAuthorizationGrantType() authorization grant type} is
+	 * not {@link AuthorizationGrantType#PASSWORD password} OR the
+	 * {@link OAuth2AuthorizationContext#USERNAME_ATTRIBUTE_NAME username} and/or
+	 * {@link OAuth2AuthorizationContext#PASSWORD_ATTRIBUTE_NAME password} attributes are
+	 * not available in the provided {@code context} OR the
+	 * {@link OAuth2AuthorizedClient#getAccessToken() access token} is not expired.
 	 *
 	 * <p>
-	 * The following {@link OAuth2AuthorizationContext#getAttributes() context attributes} are supported:
+	 * The following {@link OAuth2AuthorizationContext#getAttributes() context attributes}
+	 * are supported:
 	 * <ol>
-	 *  <li>{@link OAuth2AuthorizationContext#USERNAME_ATTRIBUTE_NAME} (required) - a {@code String} value for the resource owner's username</li>
-	 *  <li>{@link OAuth2AuthorizationContext#PASSWORD_ATTRIBUTE_NAME} (required) - a {@code String} value for the resource owner's password</li>
+	 * <li>{@link OAuth2AuthorizationContext#USERNAME_ATTRIBUTE_NAME} (required) - a
+	 * {@code String} value for the resource owner's username</li>
+	 * <li>{@link OAuth2AuthorizationContext#PASSWORD_ATTRIBUTE_NAME} (required) - a
+	 * {@code String} value for the resource owner's password</li>
 	 * </ol>
-	 *
 	 * @param context the context that holds authorization-specific state for the client
-	 * @return the {@link OAuth2AuthorizedClient} or an empty {@code Mono} if authorization (or re-authorization) is not supported
+	 * @return the {@link OAuth2AuthorizedClient} or an empty {@code Mono} if
+	 * authorization (or re-authorization) is not supported
 	 */
 	@Override
 	public Mono<OAuth2AuthorizedClient> authorize(OAuth2AuthorizationContext context) {
@@ -83,21 +90,24 @@ public final class PasswordReactiveOAuth2AuthorizedClientProvider implements Rea
 		}
 
 		if (authorizedClient != null && !hasTokenExpired(authorizedClient.getAccessToken())) {
-			// If client is already authorized and access token is NOT expired than no need for re-authorization
+			// If client is already authorized and access token is NOT expired than no
+			// need for re-authorization
 			return Mono.empty();
 		}
 
-		if (authorizedClient != null && hasTokenExpired(authorizedClient.getAccessToken()) && authorizedClient.getRefreshToken() != null) {
-			// If client is already authorized and access token is expired and a refresh token is available,
-			// than return and allow RefreshTokenReactiveOAuth2AuthorizedClientProvider to handle the refresh
+		if (authorizedClient != null && hasTokenExpired(authorizedClient.getAccessToken())
+				&& authorizedClient.getRefreshToken() != null) {
+			// If client is already authorized and access token is expired and a refresh
+			// token is available,
+			// than return and allow RefreshTokenReactiveOAuth2AuthorizedClientProvider to
+			// handle the refresh
 			return Mono.empty();
 		}
 
-		OAuth2PasswordGrantRequest passwordGrantRequest =
-				new OAuth2PasswordGrantRequest(clientRegistration, username, password);
+		OAuth2PasswordGrantRequest passwordGrantRequest = new OAuth2PasswordGrantRequest(clientRegistration, username,
+				password);
 
-		return Mono.just(passwordGrantRequest)
-				.flatMap(this.accessTokenResponseClient::getTokenResponse)
+		return Mono.just(passwordGrantRequest).flatMap(this.accessTokenResponseClient::getTokenResponse)
 				.onErrorMap(OAuth2AuthorizationException.class,
 						e -> new ClientAuthorizationException(e.getError(), clientRegistration.getRegistrationId(), e))
 				.map(tokenResponse -> new OAuth2AuthorizedClient(clientRegistration, context.getPrincipal().getName(),
@@ -109,23 +119,26 @@ public final class PasswordReactiveOAuth2AuthorizedClientProvider implements Rea
 	}
 
 	/**
-	 * Sets the client used when requesting an access token credential at the Token Endpoint for the {@code password} grant.
-	 *
-	 * @param accessTokenResponseClient the client used when requesting an access token credential at the Token Endpoint for the {@code password} grant
+	 * Sets the client used when requesting an access token credential at the Token
+	 * Endpoint for the {@code password} grant.
+	 * @param accessTokenResponseClient the client used when requesting an access token
+	 * credential at the Token Endpoint for the {@code password} grant
 	 */
-	public void setAccessTokenResponseClient(ReactiveOAuth2AccessTokenResponseClient<OAuth2PasswordGrantRequest> accessTokenResponseClient) {
+	public void setAccessTokenResponseClient(
+			ReactiveOAuth2AccessTokenResponseClient<OAuth2PasswordGrantRequest> accessTokenResponseClient) {
 		Assert.notNull(accessTokenResponseClient, "accessTokenResponseClient cannot be null");
 		this.accessTokenResponseClient = accessTokenResponseClient;
 	}
 
 	/**
 	 * Sets the maximum acceptable clock skew, which is used when checking the
-	 * {@link OAuth2AuthorizedClient#getAccessToken() access token} expiry. The default is 60 seconds.
+	 * {@link OAuth2AuthorizedClient#getAccessToken() access token} expiry. The default is
+	 * 60 seconds.
 	 *
 	 * <p>
-	 * An access token is considered expired if {@code OAuth2AccessToken#getExpiresAt() - clockSkew}
-	 * is before the current time {@code clock#instant()}.
-	 *
+	 * An access token is considered expired if
+	 * {@code OAuth2AccessToken#getExpiresAt() - clockSkew} is before the current time
+	 * {@code clock#instant()}.
 	 * @param clockSkew the maximum acceptable clock skew
 	 */
 	public void setClockSkew(Duration clockSkew) {
@@ -135,12 +148,13 @@ public final class PasswordReactiveOAuth2AuthorizedClientProvider implements Rea
 	}
 
 	/**
-	 * Sets the {@link Clock} used in {@link Instant#now(Clock)} when checking the access token expiry.
-	 *
+	 * Sets the {@link Clock} used in {@link Instant#now(Clock)} when checking the access
+	 * token expiry.
 	 * @param clock the clock
 	 */
 	public void setClock(Clock clock) {
 		Assert.notNull(clock, "clock cannot be null");
 		this.clock = clock;
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizationFailureHandler.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizationFailureHandler.java
index ed93e6cbf4..7a92cae654 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizationFailureHandler.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizationFailureHandler.java
@@ -22,9 +22,8 @@ import reactor.core.publisher.Mono;
 import java.util.Map;
 
 /**
- * Handles when an OAuth 2.0 Client
- * fails to authorize (or re-authorize)
- * via the authorization server or resource server.
+ * Handles when an OAuth 2.0 Client fails to authorize (or re-authorize) via the
+ * authorization server or resource server.
  *
  * @author Phil Clay
  * @since 5.3
@@ -33,19 +32,18 @@ import java.util.Map;
 public interface ReactiveOAuth2AuthorizationFailureHandler {
 
 	/**
-	 * Called when an OAuth 2.0 Client
-	 * fails to authorize (or re-authorize)
-	 * via the authorization server or resource server.
-	 *
+	 * Called when an OAuth 2.0 Client fails to authorize (or re-authorize) via the
+	 * authorization server or resource server.
 	 * @param authorizationException the exception that contains details about what failed
 	 * @param principal the {@code Principal} that was attempted to be authorized
-	 * @param attributes an immutable {@code Map} of extra optional attributes present under certain conditions.
-	 *                   For example, this might contain a {@link org.springframework.web.server.ServerWebExchange ServerWebExchange}
-	 *                   if the authorization was performed within the context of a {@code ServerWebExchange}.
-	 * @return an empty {@link Mono} that completes after this handler has finished handling the event.
+	 * @param attributes an immutable {@code Map} of extra optional attributes present
+	 * under certain conditions. For example, this might contain a
+	 * {@link org.springframework.web.server.ServerWebExchange ServerWebExchange} if the
+	 * authorization was performed within the context of a {@code ServerWebExchange}.
+	 * @return an empty {@link Mono} that completes after this handler has finished
+	 * handling the event.
 	 */
-	Mono<Void> onAuthorizationFailure(
-			OAuth2AuthorizationException authorizationException,
-			Authentication principal,
+	Mono<Void> onAuthorizationFailure(OAuth2AuthorizationException authorizationException, Authentication principal,
 			Map<String, Object> attributes);
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizationSuccessHandler.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizationSuccessHandler.java
index 1df3258f63..48ded751b9 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizationSuccessHandler.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizationSuccessHandler.java
@@ -21,8 +21,7 @@ import reactor.core.publisher.Mono;
 import java.util.Map;
 
 /**
- * Handles when an OAuth 2.0 Client
- * has been successfully authorized (or re-authorized)
+ * Handles when an OAuth 2.0 Client has been successfully authorized (or re-authorized)
  * via the authorization server.
  *
  * @author Phil Clay
@@ -32,20 +31,18 @@ import java.util.Map;
 public interface ReactiveOAuth2AuthorizationSuccessHandler {
 
 	/**
-	 * Called when an OAuth 2.0 Client
-	 * has been successfully authorized (or re-authorized)
+	 * Called when an OAuth 2.0 Client has been successfully authorized (or re-authorized)
 	 * via the authorization server.
-	 *
 	 * @param authorizedClient the client that was successfully authorized
 	 * @param principal the {@code Principal} associated with the authorized client
-	 * @param attributes an immutable {@code Map} of extra optional attributes present under certain conditions.
-	 *                   For example, this might contain a {@link org.springframework.web.server.ServerWebExchange ServerWebExchange}
-	 *                   if the authorization was performed within the context of a {@code ServerWebExchange}.
-	 * @return an empty {@link Mono} that completes after this handler has finished handling the event.
+	 * @param attributes an immutable {@code Map} of extra optional attributes present
+	 * under certain conditions. For example, this might contain a
+	 * {@link org.springframework.web.server.ServerWebExchange ServerWebExchange} if the
+	 * authorization was performed within the context of a {@code ServerWebExchange}.
+	 * @return an empty {@link Mono} that completes after this handler has finished
+	 * handling the event.
 	 */
-	Mono<Void> onAuthorizationSuccess(
-			OAuth2AuthorizedClient authorizedClient,
-			Authentication principal,
+	Mono<Void> onAuthorizationSuccess(OAuth2AuthorizedClient authorizedClient, Authentication principal,
 			Map<String, Object> attributes);
 
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientManager.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientManager.java
index 8730aaefb9..fb489614c9 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientManager.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientManager.java
@@ -20,16 +20,17 @@ import org.springframework.security.oauth2.client.web.server.ServerOAuth2Authori
 import reactor.core.publisher.Mono;
 
 /**
- * Implementations of this interface are responsible for the overall management
- * of {@link OAuth2AuthorizedClient Authorized Client(s)}.
+ * Implementations of this interface are responsible for the overall management of
+ * {@link OAuth2AuthorizedClient Authorized Client(s)}.
  *
  * <p>
  * The primary responsibilities include:
  * <ol>
- *  <li>Authorizing (or re-authorizing) an OAuth 2.0 Client
- *  	by leveraging a {@link ReactiveOAuth2AuthorizedClientProvider}(s).</li>
- *  <li>Delegating the persistence of an {@link OAuth2AuthorizedClient},
- *  	typically using a {@link ReactiveOAuth2AuthorizedClientService} OR {@link ServerOAuth2AuthorizedClientRepository}.</li>
+ * <li>Authorizing (or re-authorizing) an OAuth 2.0 Client by leveraging a
+ * {@link ReactiveOAuth2AuthorizedClientProvider}(s).</li>
+ * <li>Delegating the persistence of an {@link OAuth2AuthorizedClient}, typically using a
+ * {@link ReactiveOAuth2AuthorizedClientService} OR
+ * {@link ServerOAuth2AuthorizedClientRepository}.</li>
  * </ol>
  *
  * @author Joe Grandja
@@ -43,20 +44,24 @@ import reactor.core.publisher.Mono;
 public interface ReactiveOAuth2AuthorizedClientManager {
 
 	/**
-	 * Attempt to authorize or re-authorize (if required) the {@link ClientRegistration client}
-	 * identified by the provided {@link OAuth2AuthorizeRequest#getClientRegistrationId() clientRegistrationId}.
-	 * Implementations must return an empty {@code Mono} if authorization is not supported for the specified client,
-	 * e.g. the associated {@link ReactiveOAuth2AuthorizedClientProvider}(s) does not support
-	 * the {@link ClientRegistration#getAuthorizationGrantType() authorization grant} type configured for the client.
+	 * Attempt to authorize or re-authorize (if required) the {@link ClientRegistration
+	 * client} identified by the provided
+	 * {@link OAuth2AuthorizeRequest#getClientRegistrationId() clientRegistrationId}.
+	 * Implementations must return an empty {@code Mono} if authorization is not supported
+	 * for the specified client, e.g. the associated
+	 * {@link ReactiveOAuth2AuthorizedClientProvider}(s) does not support the
+	 * {@link ClientRegistration#getAuthorizationGrantType() authorization grant} type
+	 * configured for the client.
 	 *
 	 * <p>
-	 * In the case of re-authorization, implementations must return the provided {@link OAuth2AuthorizeRequest#getAuthorizedClient() authorized client}
-	 * if re-authorization is not supported for the client OR is not required,
-	 * e.g. a {@link OAuth2AuthorizedClient#getRefreshToken() refresh token} is not available OR
+	 * In the case of re-authorization, implementations must return the provided
+	 * {@link OAuth2AuthorizeRequest#getAuthorizedClient() authorized client} if
+	 * re-authorization is not supported for the client OR is not required, e.g. a
+	 * {@link OAuth2AuthorizedClient#getRefreshToken() refresh token} is not available OR
 	 * the {@link OAuth2AuthorizedClient#getAccessToken() access token} is not expired.
-	 *
 	 * @param authorizeRequest the authorize request
-	 * @return the {@link OAuth2AuthorizedClient} or an empty {@code Mono} if authorization is not supported for the specified client
+	 * @return the {@link OAuth2AuthorizedClient} or an empty {@code Mono} if
+	 * authorization is not supported for the specified client
 	 */
 	Mono<OAuth2AuthorizedClient> authorize(OAuth2AuthorizeRequest authorizeRequest);
 
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientProvider.java
index f5b775410c..e47a26305f 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientProvider.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientProvider.java
@@ -20,25 +20,30 @@ import org.springframework.security.oauth2.core.AuthorizationGrantType;
 import reactor.core.publisher.Mono;
 
 /**
- * A strategy for authorizing (or re-authorizing) an OAuth 2.0 Client.
- * Implementations will typically implement a specific {@link AuthorizationGrantType authorization grant} type.
+ * A strategy for authorizing (or re-authorizing) an OAuth 2.0 Client. Implementations
+ * will typically implement a specific {@link AuthorizationGrantType authorization grant}
+ * type.
  *
  * @author Joe Grandja
  * @since 5.2
  * @see OAuth2AuthorizedClient
  * @see OAuth2AuthorizationContext
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-1.3">Section 1.3 Authorization Grant</a>
+ * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-1.3">Section
+ * 1.3 Authorization Grant</a>
  */
 @FunctionalInterface
 public interface ReactiveOAuth2AuthorizedClientProvider {
 
 	/**
-	 * Attempt to authorize (or re-authorize) the {@link OAuth2AuthorizationContext#getClientRegistration() client} in the provided context.
-	 * Implementations must return an empty {@code Mono} if authorization is not supported for the specified client,
-	 * e.g. the provider doesn't support the {@link ClientRegistration#getAuthorizationGrantType() authorization grant} type configured for the client.
-	 *
+	 * Attempt to authorize (or re-authorize) the
+	 * {@link OAuth2AuthorizationContext#getClientRegistration() client} in the provided
+	 * context. Implementations must return an empty {@code Mono} if authorization is not
+	 * supported for the specified client, e.g. the provider doesn't support the
+	 * {@link ClientRegistration#getAuthorizationGrantType() authorization grant} type
+	 * configured for the client.
 	 * @param context the context that holds authorization-specific state for the client
-	 * @return the {@link OAuth2AuthorizedClient} or an empty {@code Mono} if authorization is not supported for the specified client
+	 * @return the {@link OAuth2AuthorizedClient} or an empty {@code Mono} if
+	 * authorization is not supported for the specified client
 	 */
 	Mono<OAuth2AuthorizedClient> authorize(OAuth2AuthorizationContext context);
 
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientProviderBuilder.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientProviderBuilder.java
index 482b5962ec..9cdf6d9ff4 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientProviderBuilder.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientProviderBuilder.java
@@ -31,12 +31,12 @@ import java.util.function.Consumer;
 import java.util.stream.Collectors;
 
 /**
- * A builder that builds a {@link DelegatingReactiveOAuth2AuthorizedClientProvider} composed of
- * one or more {@link ReactiveOAuth2AuthorizedClientProvider}(s) that implement specific authorization grants.
- * The supported authorization grants are {@link #authorizationCode() authorization_code},
- * {@link #refreshToken() refresh_token}, {@link #clientCredentials() client_credentials}
- * and {@link #password() password}.
- * In addition to the standard authorization grants, an implementation of an extension grant
+ * A builder that builds a {@link DelegatingReactiveOAuth2AuthorizedClientProvider}
+ * composed of one or more {@link ReactiveOAuth2AuthorizedClientProvider}(s) that
+ * implement specific authorization grants. The supported authorization grants are
+ * {@link #authorizationCode() authorization_code}, {@link #refreshToken() refresh_token},
+ * {@link #clientCredentials() client_credentials} and {@link #password() password}. In
+ * addition to the standard authorization grants, an implementation of an extension grant
  * may be supplied via {@link #provider(ReactiveOAuth2AuthorizedClientProvider)}.
  *
  * @author Joe Grandja
@@ -49,14 +49,15 @@ import java.util.stream.Collectors;
  * @see DelegatingReactiveOAuth2AuthorizedClientProvider
  */
 public final class ReactiveOAuth2AuthorizedClientProviderBuilder {
+
 	private final Map<Class<?>, Builder> builders = new LinkedHashMap<>();
 
 	private ReactiveOAuth2AuthorizedClientProviderBuilder() {
 	}
 
 	/**
-	 * Returns a new {@link ReactiveOAuth2AuthorizedClientProviderBuilder} for configuring the supported authorization grant(s).
-	 *
+	 * Returns a new {@link ReactiveOAuth2AuthorizedClientProviderBuilder} for configuring
+	 * the supported authorization grant(s).
 	 * @return the {@link ReactiveOAuth2AuthorizedClientProviderBuilder}
 	 */
 	public static ReactiveOAuth2AuthorizedClientProviderBuilder builder() {
@@ -64,9 +65,9 @@ public final class ReactiveOAuth2AuthorizedClientProviderBuilder {
 	}
 
 	/**
-	 * Configures a {@link ReactiveOAuth2AuthorizedClientProvider} to be composed with the {@link DelegatingReactiveOAuth2AuthorizedClientProvider}.
-	 * This may be used for implementations of extension authorization grants.
-	 *
+	 * Configures a {@link ReactiveOAuth2AuthorizedClientProvider} to be composed with the
+	 * {@link DelegatingReactiveOAuth2AuthorizedClientProvider}. This may be used for
+	 * implementations of extension authorization grants.
 	 * @return the {@link ReactiveOAuth2AuthorizedClientProviderBuilder}
 	 */
 	public ReactiveOAuth2AuthorizedClientProviderBuilder provider(ReactiveOAuth2AuthorizedClientProvider provider) {
@@ -77,11 +78,11 @@ public final class ReactiveOAuth2AuthorizedClientProviderBuilder {
 
 	/**
 	 * Configures support for the {@code authorization_code} grant.
-	 *
 	 * @return the {@link ReactiveOAuth2AuthorizedClientProviderBuilder}
 	 */
 	public ReactiveOAuth2AuthorizedClientProviderBuilder authorizationCode() {
-		this.builders.computeIfAbsent(AuthorizationCodeReactiveOAuth2AuthorizedClientProvider.class, k -> new AuthorizationCodeGrantBuilder());
+		this.builders.computeIfAbsent(AuthorizationCodeReactiveOAuth2AuthorizedClientProvider.class,
+				k -> new AuthorizationCodeGrantBuilder());
 		return ReactiveOAuth2AuthorizedClientProviderBuilder.this;
 	}
 
@@ -94,33 +95,35 @@ public final class ReactiveOAuth2AuthorizedClientProviderBuilder {
 		}
 
 		/**
-		 * Builds an instance of {@link AuthorizationCodeReactiveOAuth2AuthorizedClientProvider}.
-		 *
+		 * Builds an instance of
+		 * {@link AuthorizationCodeReactiveOAuth2AuthorizedClientProvider}.
 		 * @return the {@link AuthorizationCodeReactiveOAuth2AuthorizedClientProvider}
 		 */
 		@Override
 		public ReactiveOAuth2AuthorizedClientProvider build() {
 			return new AuthorizationCodeReactiveOAuth2AuthorizedClientProvider();
 		}
+
 	}
 
 	/**
 	 * Configures support for the {@code refresh_token} grant.
-	 *
 	 * @return the {@link ReactiveOAuth2AuthorizedClientProviderBuilder}
 	 */
 	public ReactiveOAuth2AuthorizedClientProviderBuilder refreshToken() {
-		this.builders.computeIfAbsent(RefreshTokenReactiveOAuth2AuthorizedClientProvider.class, k -> new RefreshTokenGrantBuilder());
+		this.builders.computeIfAbsent(RefreshTokenReactiveOAuth2AuthorizedClientProvider.class,
+				k -> new RefreshTokenGrantBuilder());
 		return ReactiveOAuth2AuthorizedClientProviderBuilder.this;
 	}
 
 	/**
 	 * Configures support for the {@code refresh_token} grant.
-	 *
-	 * @param builderConsumer a {@code Consumer} of {@link RefreshTokenGrantBuilder} used for further configuration
+	 * @param builderConsumer a {@code Consumer} of {@link RefreshTokenGrantBuilder} used
+	 * for further configuration
 	 * @return the {@link ReactiveOAuth2AuthorizedClientProviderBuilder}
 	 */
-	public ReactiveOAuth2AuthorizedClientProviderBuilder refreshToken(Consumer<RefreshTokenGrantBuilder> builderConsumer) {
+	public ReactiveOAuth2AuthorizedClientProviderBuilder refreshToken(
+			Consumer<RefreshTokenGrantBuilder> builderConsumer) {
 		RefreshTokenGrantBuilder builder = (RefreshTokenGrantBuilder) this.builders.computeIfAbsent(
 				RefreshTokenReactiveOAuth2AuthorizedClientProvider.class, k -> new RefreshTokenGrantBuilder());
 		builderConsumer.accept(builder);
@@ -131,28 +134,33 @@ public final class ReactiveOAuth2AuthorizedClientProviderBuilder {
 	 * A builder for the {@code refresh_token} grant.
 	 */
 	public class RefreshTokenGrantBuilder implements Builder {
+
 		private ReactiveOAuth2AccessTokenResponseClient<OAuth2RefreshTokenGrantRequest> accessTokenResponseClient;
+
 		private Duration clockSkew;
+
 		private Clock clock;
 
 		private RefreshTokenGrantBuilder() {
 		}
 
 		/**
-		 * Sets the client used when requesting an access token credential at the Token Endpoint.
-		 *
-		 * @param accessTokenResponseClient the client used when requesting an access token credential at the Token Endpoint
+		 * Sets the client used when requesting an access token credential at the Token
+		 * Endpoint.
+		 * @param accessTokenResponseClient the client used when requesting an access
+		 * token credential at the Token Endpoint
 		 * @return the {@link RefreshTokenGrantBuilder}
 		 */
-		public RefreshTokenGrantBuilder accessTokenResponseClient(ReactiveOAuth2AccessTokenResponseClient<OAuth2RefreshTokenGrantRequest> accessTokenResponseClient) {
+		public RefreshTokenGrantBuilder accessTokenResponseClient(
+				ReactiveOAuth2AccessTokenResponseClient<OAuth2RefreshTokenGrantRequest> accessTokenResponseClient) {
 			this.accessTokenResponseClient = accessTokenResponseClient;
 			return this;
 		}
 
 		/**
-		 * Sets the maximum acceptable clock skew, which is used when checking the access token expiry.
-		 * An access token is considered expired if it's before {@code Instant.now(this.clock) - clockSkew}.
-		 *
+		 * Sets the maximum acceptable clock skew, which is used when checking the access
+		 * token expiry. An access token is considered expired if it's before
+		 * {@code Instant.now(this.clock) - clockSkew}.
 		 * @param clockSkew the maximum acceptable clock skew
 		 * @return the {@link RefreshTokenGrantBuilder}
 		 */
@@ -162,8 +170,8 @@ public final class ReactiveOAuth2AuthorizedClientProviderBuilder {
 		}
 
 		/**
-		 * Sets the {@link Clock} used in {@link Instant#now(Clock)} when checking the access token expiry.
-		 *
+		 * Sets the {@link Clock} used in {@link Instant#now(Clock)} when checking the
+		 * access token expiry.
 		 * @param clock the clock
 		 * @return the {@link RefreshTokenGrantBuilder}
 		 */
@@ -173,8 +181,8 @@ public final class ReactiveOAuth2AuthorizedClientProviderBuilder {
 		}
 
 		/**
-		 * Builds an instance of {@link RefreshTokenReactiveOAuth2AuthorizedClientProvider}.
-		 *
+		 * Builds an instance of
+		 * {@link RefreshTokenReactiveOAuth2AuthorizedClientProvider}.
 		 * @return the {@link RefreshTokenReactiveOAuth2AuthorizedClientProvider}
 		 */
 		@Override
@@ -191,27 +199,30 @@ public final class ReactiveOAuth2AuthorizedClientProviderBuilder {
 			}
 			return authorizedClientProvider;
 		}
+
 	}
 
 	/**
 	 * Configures support for the {@code client_credentials} grant.
-	 *
 	 * @return the {@link ReactiveOAuth2AuthorizedClientProviderBuilder}
 	 */
 	public ReactiveOAuth2AuthorizedClientProviderBuilder clientCredentials() {
-		this.builders.computeIfAbsent(ClientCredentialsReactiveOAuth2AuthorizedClientProvider.class, k -> new ClientCredentialsGrantBuilder());
+		this.builders.computeIfAbsent(ClientCredentialsReactiveOAuth2AuthorizedClientProvider.class,
+				k -> new ClientCredentialsGrantBuilder());
 		return ReactiveOAuth2AuthorizedClientProviderBuilder.this;
 	}
 
 	/**
 	 * Configures support for the {@code client_credentials} grant.
-	 *
-	 * @param builderConsumer a {@code Consumer} of {@link ClientCredentialsGrantBuilder} used for further configuration
+	 * @param builderConsumer a {@code Consumer} of {@link ClientCredentialsGrantBuilder}
+	 * used for further configuration
 	 * @return the {@link ReactiveOAuth2AuthorizedClientProviderBuilder}
 	 */
-	public ReactiveOAuth2AuthorizedClientProviderBuilder clientCredentials(Consumer<ClientCredentialsGrantBuilder> builderConsumer) {
+	public ReactiveOAuth2AuthorizedClientProviderBuilder clientCredentials(
+			Consumer<ClientCredentialsGrantBuilder> builderConsumer) {
 		ClientCredentialsGrantBuilder builder = (ClientCredentialsGrantBuilder) this.builders.computeIfAbsent(
-				ClientCredentialsReactiveOAuth2AuthorizedClientProvider.class, k -> new ClientCredentialsGrantBuilder());
+				ClientCredentialsReactiveOAuth2AuthorizedClientProvider.class,
+				k -> new ClientCredentialsGrantBuilder());
 		builderConsumer.accept(builder);
 		return ReactiveOAuth2AuthorizedClientProviderBuilder.this;
 	}
@@ -220,28 +231,33 @@ public final class ReactiveOAuth2AuthorizedClientProviderBuilder {
 	 * A builder for the {@code client_credentials} grant.
 	 */
 	public class ClientCredentialsGrantBuilder implements Builder {
+
 		private ReactiveOAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest> accessTokenResponseClient;
+
 		private Duration clockSkew;
+
 		private Clock clock;
 
 		private ClientCredentialsGrantBuilder() {
 		}
 
 		/**
-		 * Sets the client used when requesting an access token credential at the Token Endpoint.
-		 *
-		 * @param accessTokenResponseClient the client used when requesting an access token credential at the Token Endpoint
+		 * Sets the client used when requesting an access token credential at the Token
+		 * Endpoint.
+		 * @param accessTokenResponseClient the client used when requesting an access
+		 * token credential at the Token Endpoint
 		 * @return the {@link ClientCredentialsGrantBuilder}
 		 */
-		public ClientCredentialsGrantBuilder accessTokenResponseClient(ReactiveOAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest> accessTokenResponseClient) {
+		public ClientCredentialsGrantBuilder accessTokenResponseClient(
+				ReactiveOAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest> accessTokenResponseClient) {
 			this.accessTokenResponseClient = accessTokenResponseClient;
 			return this;
 		}
 
 		/**
-		 * Sets the maximum acceptable clock skew, which is used when checking the access token expiry.
-		 * An access token is considered expired if it's before {@code Instant.now(this.clock) - clockSkew}.
-		 *
+		 * Sets the maximum acceptable clock skew, which is used when checking the access
+		 * token expiry. An access token is considered expired if it's before
+		 * {@code Instant.now(this.clock) - clockSkew}.
 		 * @param clockSkew the maximum acceptable clock skew
 		 * @return the {@link ClientCredentialsGrantBuilder}
 		 */
@@ -251,8 +267,8 @@ public final class ReactiveOAuth2AuthorizedClientProviderBuilder {
 		}
 
 		/**
-		 * Sets the {@link Clock} used in {@link Instant#now(Clock)} when checking the access token expiry.
-		 *
+		 * Sets the {@link Clock} used in {@link Instant#now(Clock)} when checking the
+		 * access token expiry.
 		 * @param clock the clock
 		 * @return the {@link ClientCredentialsGrantBuilder}
 		 */
@@ -262,8 +278,8 @@ public final class ReactiveOAuth2AuthorizedClientProviderBuilder {
 		}
 
 		/**
-		 * Builds an instance of {@link ClientCredentialsReactiveOAuth2AuthorizedClientProvider}.
-		 *
+		 * Builds an instance of
+		 * {@link ClientCredentialsReactiveOAuth2AuthorizedClientProvider}.
 		 * @return the {@link ClientCredentialsReactiveOAuth2AuthorizedClientProvider}
 		 */
 		@Override
@@ -280,27 +296,28 @@ public final class ReactiveOAuth2AuthorizedClientProviderBuilder {
 			}
 			return authorizedClientProvider;
 		}
+
 	}
 
 	/**
 	 * Configures support for the {@code password} grant.
-	 *
 	 * @return the {@link ReactiveOAuth2AuthorizedClientProviderBuilder}
 	 */
 	public ReactiveOAuth2AuthorizedClientProviderBuilder password() {
-		this.builders.computeIfAbsent(PasswordReactiveOAuth2AuthorizedClientProvider.class, k -> new PasswordGrantBuilder());
+		this.builders.computeIfAbsent(PasswordReactiveOAuth2AuthorizedClientProvider.class,
+				k -> new PasswordGrantBuilder());
 		return ReactiveOAuth2AuthorizedClientProviderBuilder.this;
 	}
 
 	/**
 	 * Configures support for the {@code password} grant.
-	 *
-	 * @param builderConsumer a {@code Consumer} of {@link PasswordGrantBuilder} used for further configuration
+	 * @param builderConsumer a {@code Consumer} of {@link PasswordGrantBuilder} used for
+	 * further configuration
 	 * @return the {@link ReactiveOAuth2AuthorizedClientProviderBuilder}
 	 */
 	public ReactiveOAuth2AuthorizedClientProviderBuilder password(Consumer<PasswordGrantBuilder> builderConsumer) {
-		PasswordGrantBuilder builder = (PasswordGrantBuilder) this.builders.computeIfAbsent(
-				PasswordReactiveOAuth2AuthorizedClientProvider.class, k -> new PasswordGrantBuilder());
+		PasswordGrantBuilder builder = (PasswordGrantBuilder) this.builders
+				.computeIfAbsent(PasswordReactiveOAuth2AuthorizedClientProvider.class, k -> new PasswordGrantBuilder());
 		builderConsumer.accept(builder);
 		return ReactiveOAuth2AuthorizedClientProviderBuilder.this;
 	}
@@ -309,28 +326,33 @@ public final class ReactiveOAuth2AuthorizedClientProviderBuilder {
 	 * A builder for the {@code password} grant.
 	 */
 	public class PasswordGrantBuilder implements Builder {
+
 		private ReactiveOAuth2AccessTokenResponseClient<OAuth2PasswordGrantRequest> accessTokenResponseClient;
+
 		private Duration clockSkew;
+
 		private Clock clock;
 
 		private PasswordGrantBuilder() {
 		}
 
 		/**
-		 * Sets the client used when requesting an access token credential at the Token Endpoint.
-		 *
-		 * @param accessTokenResponseClient the client used when requesting an access token credential at the Token Endpoint
+		 * Sets the client used when requesting an access token credential at the Token
+		 * Endpoint.
+		 * @param accessTokenResponseClient the client used when requesting an access
+		 * token credential at the Token Endpoint
 		 * @return the {@link PasswordGrantBuilder}
 		 */
-		public PasswordGrantBuilder accessTokenResponseClient(ReactiveOAuth2AccessTokenResponseClient<OAuth2PasswordGrantRequest> accessTokenResponseClient) {
+		public PasswordGrantBuilder accessTokenResponseClient(
+				ReactiveOAuth2AccessTokenResponseClient<OAuth2PasswordGrantRequest> accessTokenResponseClient) {
 			this.accessTokenResponseClient = accessTokenResponseClient;
 			return this;
 		}
 
 		/**
-		 * Sets the maximum acceptable clock skew, which is used when checking the access token expiry.
-		 * An access token is considered expired if it's before {@code Instant.now(this.clock) - clockSkew}.
-		 *
+		 * Sets the maximum acceptable clock skew, which is used when checking the access
+		 * token expiry. An access token is considered expired if it's before
+		 * {@code Instant.now(this.clock) - clockSkew}.
 		 * @param clockSkew the maximum acceptable clock skew
 		 * @return the {@link PasswordGrantBuilder}
 		 */
@@ -340,8 +362,8 @@ public final class ReactiveOAuth2AuthorizedClientProviderBuilder {
 		}
 
 		/**
-		 * Sets the {@link Clock} used in {@link Instant#now(Clock)} when checking the access token expiry.
-		 *
+		 * Sets the {@link Clock} used in {@link Instant#now(Clock)} when checking the
+		 * access token expiry.
 		 * @param clock the clock
 		 * @return the {@link PasswordGrantBuilder}
 		 */
@@ -352,7 +374,6 @@ public final class ReactiveOAuth2AuthorizedClientProviderBuilder {
 
 		/**
 		 * Builds an instance of {@link PasswordReactiveOAuth2AuthorizedClientProvider}.
-		 *
 		 * @return the {@link PasswordReactiveOAuth2AuthorizedClientProvider}
 		 */
 		@Override
@@ -369,23 +390,24 @@ public final class ReactiveOAuth2AuthorizedClientProviderBuilder {
 			}
 			return authorizedClientProvider;
 		}
+
 	}
 
 	/**
 	 * Builds an instance of {@link DelegatingReactiveOAuth2AuthorizedClientProvider}
 	 * composed of one or more {@link ReactiveOAuth2AuthorizedClientProvider}(s).
-	 *
 	 * @return the {@link DelegatingReactiveOAuth2AuthorizedClientProvider}
 	 */
 	public ReactiveOAuth2AuthorizedClientProvider build() {
-		List<ReactiveOAuth2AuthorizedClientProvider> authorizedClientProviders =
-				this.builders.values().stream()
-						.map(Builder::build)
-						.collect(Collectors.toList());
+		List<ReactiveOAuth2AuthorizedClientProvider> authorizedClientProviders = this.builders.values().stream()
+				.map(Builder::build).collect(Collectors.toList());
 		return new DelegatingReactiveOAuth2AuthorizedClientProvider(authorizedClientProviders);
 	}
 
 	interface Builder {
+
 		ReactiveOAuth2AuthorizedClientProvider build();
+
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientService.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientService.java
index 3e189f8b11..ac78d89aa0 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientService.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientService.java
@@ -22,12 +22,12 @@ import org.springframework.security.oauth2.core.OAuth2AccessToken;
 import reactor.core.publisher.Mono;
 
 /**
- * Implementations of this interface are responsible for the management
- * of {@link OAuth2AuthorizedClient Authorized Client(s)}, which provide the purpose
- * of associating an {@link OAuth2AuthorizedClient#getAccessToken() Access Token} credential
+ * Implementations of this interface are responsible for the management of
+ * {@link OAuth2AuthorizedClient Authorized Client(s)}, which provide the purpose of
+ * associating an {@link OAuth2AuthorizedClient#getAccessToken() Access Token} credential
  * to a {@link OAuth2AuthorizedClient#getClientRegistration() Client} and Resource Owner,
- * who is the {@link OAuth2AuthorizedClient#getPrincipalName() Principal}
- * that originally granted the authorization.
+ * who is the {@link OAuth2AuthorizedClient#getPrincipalName() Principal} that originally
+ * granted the authorization.
  *
  * @author Rob Winch
  * @since 5.1
@@ -39,32 +39,27 @@ import reactor.core.publisher.Mono;
 public interface ReactiveOAuth2AuthorizedClientService {
 
 	/**
-	 * Returns the {@link OAuth2AuthorizedClient} associated to the
-	 * provided client registration identifier and End-User's {@code Principal} name
-	 * or {@code null} if not available.
-	 *
+	 * Returns the {@link OAuth2AuthorizedClient} associated to the provided client
+	 * registration identifier and End-User's {@code Principal} name or {@code null} if
+	 * not available.
 	 * @param clientRegistrationId the identifier for the client's registration
 	 * @param principalName the name of the End-User {@code Principal} (Resource Owner)
 	 * @param <T> a type of OAuth2AuthorizedClient
 	 * @return the {@link OAuth2AuthorizedClient} or {@code null} if not available
 	 */
-	<T extends OAuth2AuthorizedClient> Mono<T> loadAuthorizedClient(String clientRegistrationId,
-			String principalName);
+	<T extends OAuth2AuthorizedClient> Mono<T> loadAuthorizedClient(String clientRegistrationId, String principalName);
 
 	/**
-	 * Saves the {@link OAuth2AuthorizedClient} associating it to
-	 * the provided End-User {@link Authentication} (Resource Owner).
-	 *
+	 * Saves the {@link OAuth2AuthorizedClient} associating it to the provided End-User
+	 * {@link Authentication} (Resource Owner).
 	 * @param authorizedClient the authorized client
 	 * @param principal the End-User {@link Authentication} (Resource Owner)
 	 */
-	Mono<Void> saveAuthorizedClient(OAuth2AuthorizedClient authorizedClient,
-			Authentication principal);
+	Mono<Void> saveAuthorizedClient(OAuth2AuthorizedClient authorizedClient, Authentication principal);
 
 	/**
-	 * Removes the {@link OAuth2AuthorizedClient} associated to the
-	 * provided client registration identifier and End-User's {@code Principal} name.
-	 *
+	 * Removes the {@link OAuth2AuthorizedClient} associated to the provided client
+	 * registration identifier and End-User's {@code Principal} name.
 	 * @param clientRegistrationId the identifier for the client's registration
 	 * @param principalName the name of the End-User {@code Principal} (Resource Owner)
 	 */
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RefreshTokenOAuth2AuthorizedClientProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RefreshTokenOAuth2AuthorizedClientProvider.java
index f77a44809b..2f19d5ec6d 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RefreshTokenOAuth2AuthorizedClientProvider.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RefreshTokenOAuth2AuthorizedClientProvider.java
@@ -34,8 +34,8 @@ import java.util.HashSet;
 import java.util.Set;
 
 /**
- * An implementation of an {@link OAuth2AuthorizedClientProvider}
- * for the {@link AuthorizationGrantType#REFRESH_TOKEN refresh_token} grant.
+ * An implementation of an {@link OAuth2AuthorizedClientProvider} for the
+ * {@link AuthorizationGrantType#REFRESH_TOKEN refresh_token} grant.
  *
  * @author Joe Grandja
  * @since 5.2
@@ -43,26 +43,32 @@ import java.util.Set;
  * @see DefaultRefreshTokenTokenResponseClient
  */
 public final class RefreshTokenOAuth2AuthorizedClientProvider implements OAuth2AuthorizedClientProvider {
-	private OAuth2AccessTokenResponseClient<OAuth2RefreshTokenGrantRequest> accessTokenResponseClient =
-			new DefaultRefreshTokenTokenResponseClient();
+
+	private OAuth2AccessTokenResponseClient<OAuth2RefreshTokenGrantRequest> accessTokenResponseClient = new DefaultRefreshTokenTokenResponseClient();
+
 	private Duration clockSkew = Duration.ofSeconds(60);
+
 	private Clock clock = Clock.systemUTC();
 
 	/**
-	 * Attempt to re-authorize the {@link OAuth2AuthorizationContext#getClientRegistration() client} in the provided {@code context}.
-	 * Returns {@code null} if re-authorization is not supported,
-	 * e.g. the client is not authorized OR the {@link OAuth2AuthorizedClient#getRefreshToken() refresh token}
-	 * is not available for the authorized client OR the {@link OAuth2AuthorizedClient#getAccessToken() access token} is not expired.
+	 * Attempt to re-authorize the
+	 * {@link OAuth2AuthorizationContext#getClientRegistration() client} in the provided
+	 * {@code context}. Returns {@code null} if re-authorization is not supported, e.g.
+	 * the client is not authorized OR the {@link OAuth2AuthorizedClient#getRefreshToken()
+	 * refresh token} is not available for the authorized client OR the
+	 * {@link OAuth2AuthorizedClient#getAccessToken() access token} is not expired.
 	 *
 	 * <p>
-	 * The following {@link OAuth2AuthorizationContext#getAttributes() context attributes} are supported:
+	 * The following {@link OAuth2AuthorizationContext#getAttributes() context attributes}
+	 * are supported:
 	 * <ol>
-	 *  <li>{@link OAuth2AuthorizationContext#REQUEST_SCOPE_ATTRIBUTE_NAME} (optional) - a {@code String[]} of scope(s)
-	 *  	to be requested by the {@link OAuth2AuthorizationContext#getClientRegistration() client}</li>
+	 * <li>{@link OAuth2AuthorizationContext#REQUEST_SCOPE_ATTRIBUTE_NAME} (optional) - a
+	 * {@code String[]} of scope(s) to be requested by the
+	 * {@link OAuth2AuthorizationContext#getClientRegistration() client}</li>
 	 * </ol>
-	 *
 	 * @param context the context that holds authorization-specific state for the client
-	 * @return the {@link OAuth2AuthorizedClient} or {@code null} if re-authorization is not supported
+	 * @return the {@link OAuth2AuthorizedClient} or {@code null} if re-authorization is
+	 * not supported
 	 */
 	@Override
 	@Nullable
@@ -70,17 +76,16 @@ public final class RefreshTokenOAuth2AuthorizedClientProvider implements OAuth2A
 		Assert.notNull(context, "context cannot be null");
 
 		OAuth2AuthorizedClient authorizedClient = context.getAuthorizedClient();
-		if (authorizedClient == null ||
-				authorizedClient.getRefreshToken() == null ||
-				!hasTokenExpired(authorizedClient.getAccessToken())) {
+		if (authorizedClient == null || authorizedClient.getRefreshToken() == null
+				|| !hasTokenExpired(authorizedClient.getAccessToken())) {
 			return null;
 		}
 
 		Object requestScope = context.getAttribute(OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME);
 		Set<String> scopes = Collections.emptySet();
 		if (requestScope != null) {
-			Assert.isInstanceOf(String[].class, requestScope,
-					"The context attribute must be of type String[] '" + OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME + "'");
+			Assert.isInstanceOf(String[].class, requestScope, "The context attribute must be of type String[] '"
+					+ OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME + "'");
 			scopes = new HashSet<>(Arrays.asList((String[]) requestScope));
 		}
 
@@ -91,8 +96,10 @@ public final class RefreshTokenOAuth2AuthorizedClientProvider implements OAuth2A
 		OAuth2AccessTokenResponse tokenResponse;
 		try {
 			tokenResponse = this.accessTokenResponseClient.getTokenResponse(refreshTokenGrantRequest);
-		} catch (OAuth2AuthorizationException ex) {
-			throw new ClientAuthorizationException(ex.getError(), authorizedClient.getClientRegistration().getRegistrationId(), ex);
+		}
+		catch (OAuth2AuthorizationException ex) {
+			throw new ClientAuthorizationException(ex.getError(),
+					authorizedClient.getClientRegistration().getRegistrationId(), ex);
 		}
 
 		return new OAuth2AuthorizedClient(context.getAuthorizedClient().getClientRegistration(),
@@ -104,23 +111,26 @@ public final class RefreshTokenOAuth2AuthorizedClientProvider implements OAuth2A
 	}
 
 	/**
-	 * Sets the client used when requesting an access token credential at the Token Endpoint for the {@code refresh_token} grant.
-	 *
-	 * @param accessTokenResponseClient the client used when requesting an access token credential at the Token Endpoint for the {@code refresh_token} grant
+	 * Sets the client used when requesting an access token credential at the Token
+	 * Endpoint for the {@code refresh_token} grant.
+	 * @param accessTokenResponseClient the client used when requesting an access token
+	 * credential at the Token Endpoint for the {@code refresh_token} grant
 	 */
-	public void setAccessTokenResponseClient(OAuth2AccessTokenResponseClient<OAuth2RefreshTokenGrantRequest> accessTokenResponseClient) {
+	public void setAccessTokenResponseClient(
+			OAuth2AccessTokenResponseClient<OAuth2RefreshTokenGrantRequest> accessTokenResponseClient) {
 		Assert.notNull(accessTokenResponseClient, "accessTokenResponseClient cannot be null");
 		this.accessTokenResponseClient = accessTokenResponseClient;
 	}
 
 	/**
 	 * Sets the maximum acceptable clock skew, which is used when checking the
-	 * {@link OAuth2AuthorizedClient#getAccessToken() access token} expiry. The default is 60 seconds.
+	 * {@link OAuth2AuthorizedClient#getAccessToken() access token} expiry. The default is
+	 * 60 seconds.
 	 *
 	 * <p>
-	 * An access token is considered expired if {@code OAuth2AccessToken#getExpiresAt() - clockSkew}
-	 * is before the current time {@code clock#instant()}.
-	 *
+	 * An access token is considered expired if
+	 * {@code OAuth2AccessToken#getExpiresAt() - clockSkew} is before the current time
+	 * {@code clock#instant()}.
 	 * @param clockSkew the maximum acceptable clock skew
 	 */
 	public void setClockSkew(Duration clockSkew) {
@@ -130,12 +140,13 @@ public final class RefreshTokenOAuth2AuthorizedClientProvider implements OAuth2A
 	}
 
 	/**
-	 * Sets the {@link Clock} used in {@link Instant#now(Clock)} when checking the access token expiry.
-	 *
+	 * Sets the {@link Clock} used in {@link Instant#now(Clock)} when checking the access
+	 * token expiry.
 	 * @param clock the clock
 	 */
 	public void setClock(Clock clock) {
 		Assert.notNull(clock, "clock cannot be null");
 		this.clock = clock;
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RefreshTokenReactiveOAuth2AuthorizedClientProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RefreshTokenReactiveOAuth2AuthorizedClientProvider.java
index f2526ed225..d96984b59a 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RefreshTokenReactiveOAuth2AuthorizedClientProvider.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RefreshTokenReactiveOAuth2AuthorizedClientProvider.java
@@ -34,61 +34,67 @@ import java.util.HashSet;
 import java.util.Set;
 
 /**
- * An implementation of a {@link ReactiveOAuth2AuthorizedClientProvider}
- * for the {@link AuthorizationGrantType#REFRESH_TOKEN refresh_token} grant.
+ * An implementation of a {@link ReactiveOAuth2AuthorizedClientProvider} for the
+ * {@link AuthorizationGrantType#REFRESH_TOKEN refresh_token} grant.
  *
  * @author Joe Grandja
  * @since 5.2
  * @see ReactiveOAuth2AuthorizedClientProvider
  * @see WebClientReactiveRefreshTokenTokenResponseClient
  */
-public final class RefreshTokenReactiveOAuth2AuthorizedClientProvider implements ReactiveOAuth2AuthorizedClientProvider {
-	private ReactiveOAuth2AccessTokenResponseClient<OAuth2RefreshTokenGrantRequest> accessTokenResponseClient =
-			new WebClientReactiveRefreshTokenTokenResponseClient();
+public final class RefreshTokenReactiveOAuth2AuthorizedClientProvider
+		implements ReactiveOAuth2AuthorizedClientProvider {
+
+	private ReactiveOAuth2AccessTokenResponseClient<OAuth2RefreshTokenGrantRequest> accessTokenResponseClient = new WebClientReactiveRefreshTokenTokenResponseClient();
+
 	private Duration clockSkew = Duration.ofSeconds(60);
+
 	private Clock clock = Clock.systemUTC();
 
 	/**
-	 * Attempt to re-authorize the {@link OAuth2AuthorizationContext#getClientRegistration() client} in the provided {@code context}.
-	 * Returns an empty {@code Mono} if re-authorization is not supported,
-	 * e.g. the client is not authorized OR the {@link OAuth2AuthorizedClient#getRefreshToken() refresh token}
-	 * is not available for the authorized client OR the {@link OAuth2AuthorizedClient#getAccessToken() access token} is not expired.
+	 * Attempt to re-authorize the
+	 * {@link OAuth2AuthorizationContext#getClientRegistration() client} in the provided
+	 * {@code context}. Returns an empty {@code Mono} if re-authorization is not
+	 * supported, e.g. the client is not authorized OR the
+	 * {@link OAuth2AuthorizedClient#getRefreshToken() refresh token} is not available for
+	 * the authorized client OR the {@link OAuth2AuthorizedClient#getAccessToken() access
+	 * token} is not expired.
 	 *
 	 * <p>
-	 * The following {@link OAuth2AuthorizationContext#getAttributes() context attributes} are supported:
+	 * The following {@link OAuth2AuthorizationContext#getAttributes() context attributes}
+	 * are supported:
 	 * <ol>
-	 *  <li>{@code "org.springframework.security.oauth2.client.REQUEST_SCOPE"} (optional) - a {@code String[]} of scope(s)
-	 *  	to be requested by the {@link OAuth2AuthorizationContext#getClientRegistration() client}</li>
+	 * <li>{@code "org.springframework.security.oauth2.client.REQUEST_SCOPE"} (optional) -
+	 * a {@code String[]} of scope(s) to be requested by the
+	 * {@link OAuth2AuthorizationContext#getClientRegistration() client}</li>
 	 * </ol>
-	 *
 	 * @param context the context that holds authorization-specific state for the client
-	 * @return the {@link OAuth2AuthorizedClient} or an empty {@code Mono} if re-authorization is not supported
+	 * @return the {@link OAuth2AuthorizedClient} or an empty {@code Mono} if
+	 * re-authorization is not supported
 	 */
 	@Override
 	public Mono<OAuth2AuthorizedClient> authorize(OAuth2AuthorizationContext context) {
 		Assert.notNull(context, "context cannot be null");
 
 		OAuth2AuthorizedClient authorizedClient = context.getAuthorizedClient();
-		if (authorizedClient == null ||
-				authorizedClient.getRefreshToken() == null ||
-				!hasTokenExpired(authorizedClient.getAccessToken())) {
+		if (authorizedClient == null || authorizedClient.getRefreshToken() == null
+				|| !hasTokenExpired(authorizedClient.getAccessToken())) {
 			return Mono.empty();
 		}
 
 		Object requestScope = context.getAttribute(OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME);
 		Set<String> scopes = Collections.emptySet();
 		if (requestScope != null) {
-			Assert.isInstanceOf(String[].class, requestScope,
-					"The context attribute must be of type String[] '" + OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME + "'");
+			Assert.isInstanceOf(String[].class, requestScope, "The context attribute must be of type String[] '"
+					+ OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME + "'");
 			scopes = new HashSet<>(Arrays.asList((String[]) requestScope));
 		}
 		ClientRegistration clientRegistration = context.getClientRegistration();
 
-		OAuth2RefreshTokenGrantRequest refreshTokenGrantRequest = new OAuth2RefreshTokenGrantRequest(
-				clientRegistration, authorizedClient.getAccessToken(), authorizedClient.getRefreshToken(), scopes);
+		OAuth2RefreshTokenGrantRequest refreshTokenGrantRequest = new OAuth2RefreshTokenGrantRequest(clientRegistration,
+				authorizedClient.getAccessToken(), authorizedClient.getRefreshToken(), scopes);
 
-		return Mono.just(refreshTokenGrantRequest)
-				.flatMap(this.accessTokenResponseClient::getTokenResponse)
+		return Mono.just(refreshTokenGrantRequest).flatMap(this.accessTokenResponseClient::getTokenResponse)
 				.onErrorMap(OAuth2AuthorizationException.class,
 						e -> new ClientAuthorizationException(e.getError(), clientRegistration.getRegistrationId(), e))
 				.map(tokenResponse -> new OAuth2AuthorizedClient(clientRegistration, context.getPrincipal().getName(),
@@ -100,23 +106,26 @@ public final class RefreshTokenReactiveOAuth2AuthorizedClientProvider implements
 	}
 
 	/**
-	 * Sets the client used when requesting an access token credential at the Token Endpoint for the {@code refresh_token} grant.
-	 *
-	 * @param accessTokenResponseClient the client used when requesting an access token credential at the Token Endpoint for the {@code refresh_token} grant
+	 * Sets the client used when requesting an access token credential at the Token
+	 * Endpoint for the {@code refresh_token} grant.
+	 * @param accessTokenResponseClient the client used when requesting an access token
+	 * credential at the Token Endpoint for the {@code refresh_token} grant
 	 */
-	public void setAccessTokenResponseClient(ReactiveOAuth2AccessTokenResponseClient<OAuth2RefreshTokenGrantRequest> accessTokenResponseClient) {
+	public void setAccessTokenResponseClient(
+			ReactiveOAuth2AccessTokenResponseClient<OAuth2RefreshTokenGrantRequest> accessTokenResponseClient) {
 		Assert.notNull(accessTokenResponseClient, "accessTokenResponseClient cannot be null");
 		this.accessTokenResponseClient = accessTokenResponseClient;
 	}
 
 	/**
 	 * Sets the maximum acceptable clock skew, which is used when checking the
-	 * {@link OAuth2AuthorizedClient#getAccessToken() access token} expiry. The default is 60 seconds.
+	 * {@link OAuth2AuthorizedClient#getAccessToken() access token} expiry. The default is
+	 * 60 seconds.
 	 *
 	 * <p>
-	 * An access token is considered expired if {@code OAuth2AccessToken#getExpiresAt() - clockSkew}
-	 * is before the current time {@code clock#instant()}.
-	 *
+	 * An access token is considered expired if
+	 * {@code OAuth2AccessToken#getExpiresAt() - clockSkew} is before the current time
+	 * {@code clock#instant()}.
 	 * @param clockSkew the maximum acceptable clock skew
 	 */
 	public void setClockSkew(Duration clockSkew) {
@@ -126,12 +135,13 @@ public final class RefreshTokenReactiveOAuth2AuthorizedClientProvider implements
 	}
 
 	/**
-	 * Sets the {@link Clock} used in {@link Instant#now(Clock)} when checking the access token expiry.
-	 *
+	 * Sets the {@link Clock} used in {@link Instant#now(Clock)} when checking the access
+	 * token expiry.
 	 * @param clock the clock
 	 */
 	public void setClock(Clock clock) {
 		Assert.notNull(clock, "clock cannot be null");
 		this.clock = clock;
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RemoveAuthorizedClientOAuth2AuthorizationFailureHandler.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RemoveAuthorizedClientOAuth2AuthorizationFailureHandler.java
index 1afe7f43d1..cb10fdb195 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RemoveAuthorizedClientOAuth2AuthorizationFailureHandler.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RemoveAuthorizedClientOAuth2AuthorizationFailureHandler.java
@@ -29,9 +29,9 @@ import java.util.Map;
 import java.util.Set;
 
 /**
- * An {@link OAuth2AuthorizationFailureHandler} that removes an {@link OAuth2AuthorizedClient}
- * when the {@link OAuth2Error#getErrorCode()} matches
- * one of the configured {@link OAuth2ErrorCodes OAuth 2.0 error codes}.
+ * An {@link OAuth2AuthorizationFailureHandler} that removes an
+ * {@link OAuth2AuthorizedClient} when the {@link OAuth2Error#getErrorCode()} matches one
+ * of the configured {@link OAuth2ErrorCodes OAuth 2.0 error codes}.
  *
  * @author Joe Grandja
  * @since 5.3
@@ -42,29 +42,34 @@ import java.util.Set;
 public class RemoveAuthorizedClientOAuth2AuthorizationFailureHandler implements OAuth2AuthorizationFailureHandler {
 
 	/**
-	 * The default OAuth 2.0 error codes that will trigger removal of an {@link OAuth2AuthorizedClient}.
+	 * The default OAuth 2.0 error codes that will trigger removal of an
+	 * {@link OAuth2AuthorizedClient}.
 	 * @see OAuth2ErrorCodes
 	 */
-	public static final Set<String>	DEFAULT_REMOVE_AUTHORIZED_CLIENT_ERROR_CODES = Collections.unmodifiableSet(new HashSet<>(Arrays.asList(
-			/*
-			 * Returned from Resource Servers when an access token provided is expired, revoked,
-			 * malformed, or invalid for other reasons.
-			 *
-			 * Note that this is needed because ServletOAuth2AuthorizedClientExchangeFilterFunction
-			 * delegates this type of failure received from a Resource Server
-			 * to this failure handler.
-			 */
-			OAuth2ErrorCodes.INVALID_TOKEN,
+	public static final Set<String> DEFAULT_REMOVE_AUTHORIZED_CLIENT_ERROR_CODES = Collections
+			.unmodifiableSet(new HashSet<>(Arrays.asList(
+					/*
+					 * Returned from Resource Servers when an access token provided is
+					 * expired, revoked, malformed, or invalid for other reasons.
+					 *
+					 * Note that this is needed because
+					 * ServletOAuth2AuthorizedClientExchangeFilterFunction delegates this
+					 * type of failure received from a Resource Server to this failure
+					 * handler.
+					 */
+					OAuth2ErrorCodes.INVALID_TOKEN,
 
-			/*
-			 * Returned from Authorization Servers when the authorization grant or refresh token is invalid, expired, revoked,
-			 * does not match the redirection URI used in the authorization request, or was issued to another client.
-			 */
-			OAuth2ErrorCodes.INVALID_GRANT
-	)));
+					/*
+					 * Returned from Authorization Servers when the authorization grant or
+					 * refresh token is invalid, expired, revoked, does not match the
+					 * redirection URI used in the authorization request, or was issued to
+					 * another client.
+					 */
+					OAuth2ErrorCodes.INVALID_GRANT)));
 
 	/**
-	 * The OAuth 2.0 error codes which will trigger removal of an {@link OAuth2AuthorizedClient}.
+	 * The OAuth 2.0 error codes which will trigger removal of an
+	 * {@link OAuth2AuthorizedClient}.
 	 * @see OAuth2ErrorCodes
 	 */
 	private final Set<String> removeAuthorizedClientErrorCodes;
@@ -84,68 +89,74 @@ public class RemoveAuthorizedClientOAuth2AuthorizationFailureHandler implements
 	public interface OAuth2AuthorizedClientRemover {
 
 		/**
-		 * Removes the {@link OAuth2AuthorizedClient} associated to the
-		 * provided client registration identifier and End-User {@link Authentication} (Resource Owner).
-		 *
+		 * Removes the {@link OAuth2AuthorizedClient} associated to the provided client
+		 * registration identifier and End-User {@link Authentication} (Resource Owner).
 		 * @param clientRegistrationId the identifier for the client's registration
 		 * @param principal the End-User {@link Authentication} (Resource Owner)
-		 * @param attributes an immutable {@code Map} of (optional) attributes present under certain conditions.
-		 *                   For example, this might contain a {@code javax.servlet.http.HttpServletRequest}
-		 *                   and {@code javax.servlet.http.HttpServletResponse} if the authorization was performed
-		 *                   within the context of a {@code javax.servlet.ServletContext}.
+		 * @param attributes an immutable {@code Map} of (optional) attributes present
+		 * under certain conditions. For example, this might contain a
+		 * {@code javax.servlet.http.HttpServletRequest} and
+		 * {@code javax.servlet.http.HttpServletResponse} if the authorization was
+		 * performed within the context of a {@code javax.servlet.ServletContext}.
 		 */
-		void removeAuthorizedClient(String clientRegistrationId, Authentication principal, Map<String, Object> attributes);
+		void removeAuthorizedClient(String clientRegistrationId, Authentication principal,
+				Map<String, Object> attributes);
+
 	}
 
 	/**
-	 * Constructs a {@code RemoveAuthorizedClientOAuth2AuthorizationFailureHandler} using the provided parameters.
-	 *
-	 * @param authorizedClientRemover the {@link OAuth2AuthorizedClientRemover} used for removing an {@link OAuth2AuthorizedClient}
-	 *                                if the error code is one of the {@link #DEFAULT_REMOVE_AUTHORIZED_CLIENT_ERROR_CODES}.
+	 * Constructs a {@code RemoveAuthorizedClientOAuth2AuthorizationFailureHandler} using
+	 * the provided parameters.
+	 * @param authorizedClientRemover the {@link OAuth2AuthorizedClientRemover} used for
+	 * removing an {@link OAuth2AuthorizedClient} if the error code is one of the
+	 * {@link #DEFAULT_REMOVE_AUTHORIZED_CLIENT_ERROR_CODES}.
 	 */
-	public RemoveAuthorizedClientOAuth2AuthorizationFailureHandler(OAuth2AuthorizedClientRemover authorizedClientRemover) {
+	public RemoveAuthorizedClientOAuth2AuthorizationFailureHandler(
+			OAuth2AuthorizedClientRemover authorizedClientRemover) {
 		this(authorizedClientRemover, DEFAULT_REMOVE_AUTHORIZED_CLIENT_ERROR_CODES);
 	}
 
 	/**
-	 * Constructs a {@code RemoveAuthorizedClientOAuth2AuthorizationFailureHandler} using the provided parameters.
-	 *
-	 * @param authorizedClientRemover the {@link OAuth2AuthorizedClientRemover} used for removing an {@link OAuth2AuthorizedClient}
-	 *                                if the error code is one of the {@link #removeAuthorizedClientErrorCodes}.
-	 * @param removeAuthorizedClientErrorCodes the OAuth 2.0 error codes which will trigger removal of an authorized client.
+	 * Constructs a {@code RemoveAuthorizedClientOAuth2AuthorizationFailureHandler} using
+	 * the provided parameters.
+	 * @param authorizedClientRemover the {@link OAuth2AuthorizedClientRemover} used for
+	 * removing an {@link OAuth2AuthorizedClient} if the error code is one of the
+	 * {@link #removeAuthorizedClientErrorCodes}.
+	 * @param removeAuthorizedClientErrorCodes the OAuth 2.0 error codes which will
+	 * trigger removal of an authorized client.
 	 * @see OAuth2ErrorCodes
 	 */
 	public RemoveAuthorizedClientOAuth2AuthorizationFailureHandler(
-			OAuth2AuthorizedClientRemover authorizedClientRemover,
-			Set<String> removeAuthorizedClientErrorCodes) {
+			OAuth2AuthorizedClientRemover authorizedClientRemover, Set<String> removeAuthorizedClientErrorCodes) {
 		Assert.notNull(authorizedClientRemover, "authorizedClientRemover cannot be null");
 		Assert.notNull(removeAuthorizedClientErrorCodes, "removeAuthorizedClientErrorCodes cannot be null");
-		this.removeAuthorizedClientErrorCodes = Collections.unmodifiableSet(new HashSet<>(removeAuthorizedClientErrorCodes));
+		this.removeAuthorizedClientErrorCodes = Collections
+				.unmodifiableSet(new HashSet<>(removeAuthorizedClientErrorCodes));
 		this.delegate = authorizedClientRemover;
 	}
 
 	@Override
-	public void onAuthorizationFailure(OAuth2AuthorizationException authorizationException,
-			Authentication principal, Map<String, Object> attributes) {
+	public void onAuthorizationFailure(OAuth2AuthorizationException authorizationException, Authentication principal,
+			Map<String, Object> attributes) {
 
-		if (authorizationException instanceof ClientAuthorizationException &&
-				hasRemovalErrorCode(authorizationException)) {
+		if (authorizationException instanceof ClientAuthorizationException
+				&& hasRemovalErrorCode(authorizationException)) {
 
 			ClientAuthorizationException clientAuthorizationException = (ClientAuthorizationException) authorizationException;
-			this.delegate.removeAuthorizedClient(
-					clientAuthorizationException.getClientRegistrationId(), principal, attributes);
+			this.delegate.removeAuthorizedClient(clientAuthorizationException.getClientRegistrationId(), principal,
+					attributes);
 		}
 	}
 
 	/**
-	 * Returns true if the given exception has an error code that
-	 * indicates that the authorized client should be removed.
-	 *
+	 * Returns true if the given exception has an error code that indicates that the
+	 * authorized client should be removed.
 	 * @param authorizationException the exception that caused the authorization failure
-	 * @return true if the given exception has an error code that
-	 * 		   indicates that the authorized client should be removed.
+	 * @return true if the given exception has an error code that indicates that the
+	 * authorized client should be removed.
 	 */
 	private boolean hasRemovalErrorCode(OAuth2AuthorizationException authorizationException) {
 		return this.removeAuthorizedClientErrorCodes.contains(authorizationException.getError().getErrorCode());
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler.java
index a0106ab40f..2d1e3225a8 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler.java
@@ -30,39 +30,45 @@ import java.util.Map;
 import java.util.Set;
 
 /**
- * A {@link ReactiveOAuth2AuthorizationFailureHandler} that removes an {@link OAuth2AuthorizedClient}
- * when the {@link OAuth2Error#getErrorCode()} matches
- * one of the configured {@link OAuth2ErrorCodes OAuth 2.0 error codes}.
+ * A {@link ReactiveOAuth2AuthorizationFailureHandler} that removes an
+ * {@link OAuth2AuthorizedClient} when the {@link OAuth2Error#getErrorCode()} matches one
+ * of the configured {@link OAuth2ErrorCodes OAuth 2.0 error codes}.
  *
  * @author Phil Clay
  * @since 5.3
  */
-public class RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler implements ReactiveOAuth2AuthorizationFailureHandler {
+public class RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler
+		implements ReactiveOAuth2AuthorizationFailureHandler {
 
 	/**
-	 * The default OAuth 2.0 error codes that will trigger removal of the authorized client.
+	 * The default OAuth 2.0 error codes that will trigger removal of the authorized
+	 * client.
 	 * @see OAuth2ErrorCodes
 	 */
-	public static final Set<String>	DEFAULT_REMOVE_AUTHORIZED_CLIENT_ERROR_CODES = Collections.unmodifiableSet(new HashSet<>(Arrays.asList(
-			/*
-			 * Returned from resource servers when an access token provided is expired, revoked,
-			 * malformed, or invalid for other reasons.
-			 *
-			 * Note that this is needed because the ServerOAuth2AuthorizedClientExchangeFilterFunction
-			 * delegates this type of failure received from a resource server
-			 * to this failure handler.
-			 */
-			OAuth2ErrorCodes.INVALID_TOKEN,
-			/*
-			 * Returned from authorization servers when a refresh token is invalid, expired, revoked,
-			 * does not match the redirection URI used in the authorization request, or was issued to another client.
-			 */
-			OAuth2ErrorCodes.INVALID_GRANT)));
+	public static final Set<String> DEFAULT_REMOVE_AUTHORIZED_CLIENT_ERROR_CODES = Collections
+			.unmodifiableSet(new HashSet<>(Arrays.asList(
+					/*
+					 * Returned from resource servers when an access token provided is
+					 * expired, revoked, malformed, or invalid for other reasons.
+					 *
+					 * Note that this is needed because the
+					 * ServerOAuth2AuthorizedClientExchangeFilterFunction delegates this
+					 * type of failure received from a resource server to this failure
+					 * handler.
+					 */
+					OAuth2ErrorCodes.INVALID_TOKEN,
+					/*
+					 * Returned from authorization servers when a refresh token is
+					 * invalid, expired, revoked, does not match the redirection URI used
+					 * in the authorization request, or was issued to another client.
+					 */
+					OAuth2ErrorCodes.INVALID_GRANT)));
 
 	/**
 	 * A delegate that removes an {@link OAuth2AuthorizedClient} from a
-	 * {@link ServerOAuth2AuthorizedClientRepository} or {@link ReactiveOAuth2AuthorizedClientService}
-	 * if the error code is one of the {@link #removeAuthorizedClientErrorCodes}.
+	 * {@link ServerOAuth2AuthorizedClientRepository} or
+	 * {@link ReactiveOAuth2AuthorizedClientService} if the error code is one of the
+	 * {@link #removeAuthorizedClientErrorCodes}.
 	 */
 	private final OAuth2AuthorizedClientRemover delegate;
 
@@ -74,49 +80,60 @@ public class RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler imp
 
 	/**
 	 * Removes an {@link OAuth2AuthorizedClient} from a
-	 * {@link ServerOAuth2AuthorizedClientRepository} or {@link ReactiveOAuth2AuthorizedClientService}.
+	 * {@link ServerOAuth2AuthorizedClientRepository} or
+	 * {@link ReactiveOAuth2AuthorizedClientService}.
 	 */
 	@FunctionalInterface
 	public interface OAuth2AuthorizedClientRemover {
 
 		/**
-		 * Removes the {@link OAuth2AuthorizedClient} associated to the
-		 * provided client registration identifier and End-User {@link Authentication} (Resource Owner).
-		 *
+		 * Removes the {@link OAuth2AuthorizedClient} associated to the provided client
+		 * registration identifier and End-User {@link Authentication} (Resource Owner).
 		 * @param clientRegistrationId the identifier for the client's registration
 		 * @param principal the End-User {@link Authentication} (Resource Owner)
-		 * @param attributes an immutable {@code Map} of extra optional attributes present under certain conditions.
-		 *                   For example, this might contain a {@link org.springframework.web.server.ServerWebExchange ServerWebExchange}
-		 *                   if the authorization was performed within the context of a {@code ServerWebExchange}.
-		 * @return an empty {@link Mono} that completes after this handler has finished handling the event.
+		 * @param attributes an immutable {@code Map} of extra optional attributes present
+		 * under certain conditions. For example, this might contain a
+		 * {@link org.springframework.web.server.ServerWebExchange ServerWebExchange} if
+		 * the authorization was performed within the context of a
+		 * {@code ServerWebExchange}.
+		 * @return an empty {@link Mono} that completes after this handler has finished
+		 * handling the event.
 		 */
-		Mono<Void> removeAuthorizedClient(String clientRegistrationId, Authentication principal, Map<String, Object> attributes);
+		Mono<Void> removeAuthorizedClient(String clientRegistrationId, Authentication principal,
+				Map<String, Object> attributes);
+
 	}
 
 	/**
-	 * Constructs a {@code RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler} using the provided parameters.
-	 *
-	 * @param authorizedClientRemover the {@link OAuth2AuthorizedClientRemover} used for removing an {@link OAuth2AuthorizedClient}
-	 *                                if the error code is one of the {@link #DEFAULT_REMOVE_AUTHORIZED_CLIENT_ERROR_CODES}.
+	 * Constructs a
+	 * {@code RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler} using the
+	 * provided parameters.
+	 * @param authorizedClientRemover the {@link OAuth2AuthorizedClientRemover} used for
+	 * removing an {@link OAuth2AuthorizedClient} if the error code is one of the
+	 * {@link #DEFAULT_REMOVE_AUTHORIZED_CLIENT_ERROR_CODES}.
 	 */
-	public RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler(OAuth2AuthorizedClientRemover authorizedClientRemover) {
+	public RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler(
+			OAuth2AuthorizedClientRemover authorizedClientRemover) {
 		this(authorizedClientRemover, DEFAULT_REMOVE_AUTHORIZED_CLIENT_ERROR_CODES);
 	}
 
 	/**
-	 * Constructs a {@code RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler} using the provided parameters.
-	 *
-	 * @param authorizedClientRemover the {@link OAuth2AuthorizedClientRemover} used for removing an {@link OAuth2AuthorizedClient}
-	 *                                if the error code is one of the {@link #removeAuthorizedClientErrorCodes}.
-	 * @param removeAuthorizedClientErrorCodes the OAuth 2.0 error codes which will trigger removal of an authorized client.
+	 * Constructs a
+	 * {@code RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler} using the
+	 * provided parameters.
+	 * @param authorizedClientRemover the {@link OAuth2AuthorizedClientRemover} used for
+	 * removing an {@link OAuth2AuthorizedClient} if the error code is one of the
+	 * {@link #removeAuthorizedClientErrorCodes}.
+	 * @param removeAuthorizedClientErrorCodes the OAuth 2.0 error codes which will
+	 * trigger removal of an authorized client.
 	 * @see OAuth2ErrorCodes
 	 */
 	public RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler(
-			OAuth2AuthorizedClientRemover authorizedClientRemover,
-			Set<String> removeAuthorizedClientErrorCodes) {
+			OAuth2AuthorizedClientRemover authorizedClientRemover, Set<String> removeAuthorizedClientErrorCodes) {
 		Assert.notNull(authorizedClientRemover, "authorizedClientRemover cannot be null");
 		Assert.notNull(removeAuthorizedClientErrorCodes, "removeAuthorizedClientErrorCodes cannot be null");
-		this.removeAuthorizedClientErrorCodes = Collections.unmodifiableSet(new HashSet<>(removeAuthorizedClientErrorCodes));
+		this.removeAuthorizedClientErrorCodes = Collections
+				.unmodifiableSet(new HashSet<>(removeAuthorizedClientErrorCodes));
 		this.delegate = authorizedClientRemover;
 	}
 
@@ -128,22 +145,23 @@ public class RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler imp
 				&& hasRemovalErrorCode(authorizationException)) {
 
 			ClientAuthorizationException clientAuthorizationException = (ClientAuthorizationException) authorizationException;
-			return this.delegate.removeAuthorizedClient(
-					clientAuthorizationException.getClientRegistrationId(), principal, attributes);
-		} else {
+			return this.delegate.removeAuthorizedClient(clientAuthorizationException.getClientRegistrationId(),
+					principal, attributes);
+		}
+		else {
 			return Mono.empty();
 		}
 	}
 
 	/**
-	 * Returns true if the given exception has an error code that
-	 * indicates that the authorized client should be removed.
-	 *
+	 * Returns true if the given exception has an error code that indicates that the
+	 * authorized client should be removed.
 	 * @param authorizationException the exception that caused the authorization failure
-	 * @return true if the given exception has an error code that
-	 * 		   indicates that the authorized client should be removed.
+	 * @return true if the given exception has an error code that indicates that the
+	 * authorized client should be removed.
 	 */
 	private boolean hasRemovalErrorCode(OAuth2AuthorizationException authorizationException) {
 		return this.removeAuthorizedClientErrorCodes.contains(authorizationException.getError().getErrorCode());
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/annotation/RegisteredOAuth2AuthorizedClient.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/annotation/RegisteredOAuth2AuthorizedClient.java
index 4bad4aff8e..86925cc002 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/annotation/RegisteredOAuth2AuthorizedClient.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/annotation/RegisteredOAuth2AuthorizedClient.java
@@ -26,12 +26,11 @@ import java.lang.annotation.RetentionPolicy;
 import java.lang.annotation.Target;
 
 /**
- * This annotation may be used to resolve a method parameter
- * to an argument value of type {@link OAuth2AuthorizedClient}.
+ * This annotation may be used to resolve a method parameter to an argument value of type
+ * {@link OAuth2AuthorizedClient}.
  *
  * <p>
- * For example:
- * <pre>
+ * For example: <pre>
  * &#64;Controller
  * public class MyController {
  *     &#64;GetMapping("/authorized-client")
@@ -52,18 +51,16 @@ public @interface RegisteredOAuth2AuthorizedClient {
 
 	/**
 	 * Sets the client registration identifier.
-	 *
 	 * @return the client registration identifier
 	 */
 	@AliasFor("value")
 	String registrationId() default "";
 
 	/**
-	 * The default attribute for this annotation.
-	 * This is an alias for {@link #registrationId()}.
-	 * For example, {@code @RegisteredOAuth2AuthorizedClient("login-client")} is equivalent to
+	 * The default attribute for this annotation. This is an alias for
+	 * {@link #registrationId()}. For example,
+	 * {@code @RegisteredOAuth2AuthorizedClient("login-client")} is equivalent to
 	 * {@code @RegisteredOAuth2AuthorizedClient(registrationId="login-client")}.
-	 *
 	 * @return the client registration identifier
 	 */
 	@AliasFor("registrationId")
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthenticationToken.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthenticationToken.java
index 73fd7d5b19..e63c363ad2 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthenticationToken.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthenticationToken.java
@@ -26,13 +26,13 @@ import org.springframework.util.Assert;
 import java.util.Collection;
 
 /**
- * An implementation of an {@link AbstractAuthenticationToken}
- * that represents an OAuth 2.0 {@link Authentication}.
+ * An implementation of an {@link AbstractAuthenticationToken} that represents an OAuth
+ * 2.0 {@link Authentication}.
  * <p>
- * The {@link Authentication} associates an {@link OAuth2User} {@code Principal}
- * to the identifier of the {@link #getAuthorizedClientRegistrationId() Authorized Client},
- * which the End-User ({@code Principal}) granted authorization to
- * so that it can access it's protected resources at the UserInfo Endpoint.
+ * The {@link Authentication} associates an {@link OAuth2User} {@code Principal} to the
+ * identifier of the {@link #getAuthorizedClientRegistrationId() Authorized Client}, which
+ * the End-User ({@code Principal}) granted authorization to so that it can access it's
+ * protected resources at the UserInfo Endpoint.
  *
  * @author Joe Grandja
  * @since 5.0
@@ -41,20 +41,22 @@ import java.util.Collection;
  * @see OAuth2AuthorizedClient
  */
 public class OAuth2AuthenticationToken extends AbstractAuthenticationToken {
+
 	private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
+
 	private final OAuth2User principal;
+
 	private final String authorizedClientRegistrationId;
 
 	/**
 	 * Constructs an {@code OAuth2AuthenticationToken} using the provided parameters.
-	 *
 	 * @param principal the user {@code Principal} registered with the OAuth 2.0 Provider
 	 * @param authorities the authorities granted to the user
-	 * @param authorizedClientRegistrationId the registration identifier of the {@link OAuth2AuthorizedClient Authorized Client}
+	 * @param authorizedClientRegistrationId the registration identifier of the
+	 * {@link OAuth2AuthorizedClient Authorized Client}
 	 */
-	public OAuth2AuthenticationToken(OAuth2User principal,
-									Collection<? extends GrantedAuthority> authorities,
-									String authorizedClientRegistrationId) {
+	public OAuth2AuthenticationToken(OAuth2User principal, Collection<? extends GrantedAuthority> authorities,
+			String authorizedClientRegistrationId) {
 		super(authorities);
 		Assert.notNull(principal, "principal cannot be null");
 		Assert.hasText(authorizedClientRegistrationId, "authorizedClientRegistrationId cannot be empty");
@@ -75,11 +77,12 @@ public class OAuth2AuthenticationToken extends AbstractAuthenticationToken {
 	}
 
 	/**
-	 * Returns the registration identifier of the {@link OAuth2AuthorizedClient Authorized Client}.
-	 *
+	 * Returns the registration identifier of the {@link OAuth2AuthorizedClient Authorized
+	 * Client}.
 	 * @return the registration identifier of the Authorized Client.
 	 */
 	public String getAuthorizedClientRegistrationId() {
 		return this.authorizedClientRegistrationId;
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationProvider.java
index 4ad62b09ce..a2b3b900a9 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationProvider.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationProvider.java
@@ -28,32 +28,41 @@ import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResp
 import org.springframework.util.Assert;
 
 /**
- * An implementation of an {@link AuthenticationProvider} for the OAuth 2.0 Authorization Code Grant.
+ * An implementation of an {@link AuthenticationProvider} for the OAuth 2.0 Authorization
+ * Code Grant.
  *
  * <p>
- * This {@link AuthenticationProvider} is responsible for authenticating
- * an Authorization Code credential with the Authorization Server's Token Endpoint
- * and if valid, exchanging it for an Access Token credential.
+ * This {@link AuthenticationProvider} is responsible for authenticating an Authorization
+ * Code credential with the Authorization Server's Token Endpoint and if valid, exchanging
+ * it for an Access Token credential.
  *
  * @author Joe Grandja
  * @since 5.1
  * @see OAuth2AuthorizationCodeAuthenticationToken
  * @see OAuth2AccessTokenResponseClient
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1">Section 4.1 Authorization Code Grant Flow</a>
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1.3">Section 4.1.3 Access Token Request</a>
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1.4">Section 4.1.4 Access Token Response</a>
+ * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1">Section
+ * 4.1 Authorization Code Grant Flow</a>
+ * @see <a target="_blank" href=
+ * "https://tools.ietf.org/html/rfc6749#section-4.1.3">Section 4.1.3 Access Token
+ * Request</a>
+ * @see <a target="_blank" href=
+ * "https://tools.ietf.org/html/rfc6749#section-4.1.4">Section 4.1.4 Access Token
+ * Response</a>
  */
 public class OAuth2AuthorizationCodeAuthenticationProvider implements AuthenticationProvider {
+
 	private static final String INVALID_STATE_PARAMETER_ERROR_CODE = "invalid_state_parameter";
+
 	private final OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient;
 
 	/**
-	 * Constructs an {@code OAuth2AuthorizationCodeAuthenticationProvider} using the provided parameters.
-	 *
-	 * @param accessTokenResponseClient the client used for requesting the access token credential from the Token Endpoint
+	 * Constructs an {@code OAuth2AuthorizationCodeAuthenticationProvider} using the
+	 * provided parameters.
+	 * @param accessTokenResponseClient the client used for requesting the access token
+	 * credential from the Token Endpoint
 	 */
 	public OAuth2AuthorizationCodeAuthenticationProvider(
-		OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient) {
+			OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient) {
 
 		Assert.notNull(accessTokenResponseClient, "accessTokenResponseClient cannot be null");
 		this.accessTokenResponseClient = accessTokenResponseClient;
@@ -61,35 +70,29 @@ public class OAuth2AuthorizationCodeAuthenticationProvider implements Authentica
 
 	@Override
 	public Authentication authenticate(Authentication authentication) throws AuthenticationException {
-		OAuth2AuthorizationCodeAuthenticationToken authorizationCodeAuthentication =
-			(OAuth2AuthorizationCodeAuthenticationToken) authentication;
+		OAuth2AuthorizationCodeAuthenticationToken authorizationCodeAuthentication = (OAuth2AuthorizationCodeAuthenticationToken) authentication;
 
-		OAuth2AuthorizationResponse authorizationResponse = authorizationCodeAuthentication
-				.getAuthorizationExchange().getAuthorizationResponse();
+		OAuth2AuthorizationResponse authorizationResponse = authorizationCodeAuthentication.getAuthorizationExchange()
+				.getAuthorizationResponse();
 		if (authorizationResponse.statusError()) {
 			throw new OAuth2AuthorizationException(authorizationResponse.getError());
 		}
 
-		OAuth2AuthorizationRequest authorizationRequest = authorizationCodeAuthentication
-				.getAuthorizationExchange().getAuthorizationRequest();
+		OAuth2AuthorizationRequest authorizationRequest = authorizationCodeAuthentication.getAuthorizationExchange()
+				.getAuthorizationRequest();
 		if (!authorizationResponse.getState().equals(authorizationRequest.getState())) {
 			OAuth2Error oauth2Error = new OAuth2Error(INVALID_STATE_PARAMETER_ERROR_CODE);
 			throw new OAuth2AuthorizationException(oauth2Error);
 		}
 
-		OAuth2AccessTokenResponse accessTokenResponse =
-			this.accessTokenResponseClient.getTokenResponse(
-				new OAuth2AuthorizationCodeGrantRequest(
-					authorizationCodeAuthentication.getClientRegistration(),
-					authorizationCodeAuthentication.getAuthorizationExchange()));
+		OAuth2AccessTokenResponse accessTokenResponse = this.accessTokenResponseClient.getTokenResponse(
+				new OAuth2AuthorizationCodeGrantRequest(authorizationCodeAuthentication.getClientRegistration(),
+						authorizationCodeAuthentication.getAuthorizationExchange()));
 
-		OAuth2AuthorizationCodeAuthenticationToken authenticationResult =
-			new OAuth2AuthorizationCodeAuthenticationToken(
+		OAuth2AuthorizationCodeAuthenticationToken authenticationResult = new OAuth2AuthorizationCodeAuthenticationToken(
 				authorizationCodeAuthentication.getClientRegistration(),
-				authorizationCodeAuthentication.getAuthorizationExchange(),
-				accessTokenResponse.getAccessToken(),
-				accessTokenResponse.getRefreshToken(),
-				accessTokenResponse.getAdditionalParameters());
+				authorizationCodeAuthentication.getAuthorizationExchange(), accessTokenResponse.getAccessToken(),
+				accessTokenResponse.getRefreshToken(), accessTokenResponse.getAdditionalParameters());
 		authenticationResult.setDetails(authorizationCodeAuthentication.getDetails());
 
 		return authenticationResult;
@@ -99,4 +102,5 @@ public class OAuth2AuthorizationCodeAuthenticationProvider implements Authentica
 	public boolean supports(Class<?> authentication) {
 		return OAuth2AuthorizationCodeAuthenticationToken.class.isAssignableFrom(authentication);
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationToken.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationToken.java
index 3c45b3e1d7..09f642289d 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationToken.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationToken.java
@@ -37,24 +37,31 @@ import java.util.Map;
  * @see ClientRegistration
  * @see OAuth2AuthorizationExchange
  * @see OAuth2AccessToken
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1">Section 4.1 Authorization Code Grant Flow</a>
+ * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1">Section
+ * 4.1 Authorization Code Grant Flow</a>
  */
 public class OAuth2AuthorizationCodeAuthenticationToken extends AbstractAuthenticationToken {
+
 	private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
+
 	private Map<String, Object> additionalParameters = new HashMap<>();
+
 	private ClientRegistration clientRegistration;
+
 	private OAuth2AuthorizationExchange authorizationExchange;
+
 	private OAuth2AccessToken accessToken;
+
 	private OAuth2RefreshToken refreshToken;
 
 	/**
-	 * This constructor should be used when the Authorization Request/Response is complete.
-	 *
+	 * This constructor should be used when the Authorization Request/Response is
+	 * complete.
 	 * @param clientRegistration the client registration
 	 * @param authorizationExchange the authorization exchange
 	 */
 	public OAuth2AuthorizationCodeAuthenticationToken(ClientRegistration clientRegistration,
-														OAuth2AuthorizationExchange authorizationExchange) {
+			OAuth2AuthorizationExchange authorizationExchange) {
 		super(Collections.emptyList());
 		Assert.notNull(clientRegistration, "clientRegistration cannot be null");
 		Assert.notNull(authorizationExchange, "authorizationExchange cannot be null");
@@ -65,35 +72,32 @@ public class OAuth2AuthorizationCodeAuthenticationToken extends AbstractAuthenti
 	/**
 	 * This constructor should be used when the Access Token Request/Response is complete,
 	 * which indicates that the Authorization Code Grant flow has fully completed.
-	 *
 	 * @param clientRegistration the client registration
 	 * @param authorizationExchange the authorization exchange
 	 * @param accessToken the access token credential
 	 */
 	public OAuth2AuthorizationCodeAuthenticationToken(ClientRegistration clientRegistration,
-														OAuth2AuthorizationExchange authorizationExchange,
-														OAuth2AccessToken accessToken) {
+			OAuth2AuthorizationExchange authorizationExchange, OAuth2AccessToken accessToken) {
 		this(clientRegistration, authorizationExchange, accessToken, null);
 	}
 
 	/**
 	 * This constructor should be used when the Access Token Request/Response is complete,
 	 * which indicates that the Authorization Code Grant flow has fully completed.
-	 *
 	 * @param clientRegistration the client registration
 	 * @param authorizationExchange the authorization exchange
 	 * @param accessToken the access token credential
 	 * @param refreshToken the refresh token credential
 	 */
 	public OAuth2AuthorizationCodeAuthenticationToken(ClientRegistration clientRegistration,
-														OAuth2AuthorizationExchange authorizationExchange,
-														OAuth2AccessToken accessToken,
-														@Nullable OAuth2RefreshToken refreshToken) {
+			OAuth2AuthorizationExchange authorizationExchange, OAuth2AccessToken accessToken,
+			@Nullable OAuth2RefreshToken refreshToken) {
 		this(clientRegistration, authorizationExchange, accessToken, refreshToken, Collections.emptyMap());
 	}
 
-	public OAuth2AuthorizationCodeAuthenticationToken(ClientRegistration clientRegistration, OAuth2AuthorizationExchange authorizationExchange, OAuth2AccessToken accessToken, OAuth2RefreshToken refreshToken,
-			Map<String, Object> additionalParameters) {
+	public OAuth2AuthorizationCodeAuthenticationToken(ClientRegistration clientRegistration,
+			OAuth2AuthorizationExchange authorizationExchange, OAuth2AccessToken accessToken,
+			OAuth2RefreshToken refreshToken, Map<String, Object> additionalParameters) {
 		this(clientRegistration, authorizationExchange);
 		Assert.notNull(accessToken, "accessToken cannot be null");
 		this.accessToken = accessToken;
@@ -109,14 +113,12 @@ public class OAuth2AuthorizationCodeAuthenticationToken extends AbstractAuthenti
 
 	@Override
 	public Object getCredentials() {
-		return this.accessToken != null ?
-			this.accessToken.getTokenValue() :
-			this.authorizationExchange.getAuthorizationResponse().getCode();
+		return this.accessToken != null ? this.accessToken.getTokenValue()
+				: this.authorizationExchange.getAuthorizationResponse().getCode();
 	}
 
 	/**
 	 * Returns the {@link ClientRegistration client registration}.
-	 *
 	 * @return the {@link ClientRegistration}
 	 */
 	public ClientRegistration getClientRegistration() {
@@ -125,7 +127,6 @@ public class OAuth2AuthorizationCodeAuthenticationToken extends AbstractAuthenti
 
 	/**
 	 * Returns the {@link OAuth2AuthorizationExchange authorization exchange}.
-	 *
 	 * @return the {@link OAuth2AuthorizationExchange}
 	 */
 	public OAuth2AuthorizationExchange getAuthorizationExchange() {
@@ -134,7 +135,6 @@ public class OAuth2AuthorizationCodeAuthenticationToken extends AbstractAuthenti
 
 	/**
 	 * Returns the {@link OAuth2AccessToken access token}.
-	 *
 	 * @return the {@link OAuth2AccessToken}
 	 */
 	public OAuth2AccessToken getAccessToken() {
@@ -143,7 +143,6 @@ public class OAuth2AuthorizationCodeAuthenticationToken extends AbstractAuthenti
 
 	/**
 	 * Returns the {@link OAuth2RefreshToken refresh token}.
-	 *
 	 * @return the {@link OAuth2RefreshToken}
 	 */
 	public @Nullable OAuth2RefreshToken getRefreshToken() {
@@ -152,10 +151,10 @@ public class OAuth2AuthorizationCodeAuthenticationToken extends AbstractAuthenti
 
 	/**
 	 * Returns the additional parameters
-	 *
 	 * @return the additional parameters
 	 */
 	public Map<String, Object> getAdditionalParameters() {
 		return this.additionalParameters;
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeReactiveAuthenticationManager.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeReactiveAuthenticationManager.java
index 28e4d7bdfe..0e4d36bab5 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeReactiveAuthenticationManager.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeReactiveAuthenticationManager.java
@@ -36,18 +36,20 @@ import reactor.core.publisher.Mono;
 import java.util.function.Function;
 
 /**
- * An implementation of an {@link org.springframework.security.authentication.AuthenticationProvider} for OAuth 2.0 Login,
- * which leverages the OAuth 2.0 Authorization Code Grant Flow.
+ * An implementation of an
+ * {@link org.springframework.security.authentication.AuthenticationProvider} for OAuth
+ * 2.0 Login, which leverages the OAuth 2.0 Authorization Code Grant Flow.
  *
- * This {@link org.springframework.security.authentication.AuthenticationProvider} is responsible for authenticating
- * an Authorization Code credential with the Authorization Server's Token Endpoint
- * and if valid, exchanging it for an Access Token credential.
+ * This {@link org.springframework.security.authentication.AuthenticationProvider} is
+ * responsible for authenticating an Authorization Code credential with the Authorization
+ * Server's Token Endpoint and if valid, exchanging it for an Access Token credential.
  * <p>
- * It will also obtain the user attributes of the End-User (Resource Owner)
- * from the UserInfo Endpoint using an {@link org.springframework.security.oauth2.client.userinfo.OAuth2UserService},
- * which will create a {@code Principal} in the form of an {@link OAuth2User}.
- * The {@code OAuth2User} is then associated to the {@link OAuth2LoginAuthenticationToken}
- * to complete the authentication.
+ * It will also obtain the user attributes of the End-User (Resource Owner) from the
+ * UserInfo Endpoint using an
+ * {@link org.springframework.security.oauth2.client.userinfo.OAuth2UserService}, which
+ * will create a {@code Principal} in the form of an {@link OAuth2User}. The
+ * {@code OAuth2User} is then associated to the {@link OAuth2LoginAuthenticationToken} to
+ * complete the authentication.
  *
  * @author Rob Winch
  * @since 5.1
@@ -55,12 +57,19 @@ import java.util.function.Function;
  * @see ReactiveOAuth2AccessTokenResponseClient
  * @see ReactiveOAuth2UserService
  * @see OAuth2User
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1">Section 4.1 Authorization Code Grant Flow</a>
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1.3">Section 4.1.3 Access Token Request</a>
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1.4">Section 4.1.4 Access Token Response</a>
+ * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1">Section
+ * 4.1 Authorization Code Grant Flow</a>
+ * @see <a target="_blank" href=
+ * "https://tools.ietf.org/html/rfc6749#section-4.1.3">Section 4.1.3 Access Token
+ * Request</a>
+ * @see <a target="_blank" href=
+ * "https://tools.ietf.org/html/rfc6749#section-4.1.4">Section 4.1.4 Access Token
+ * Response</a>
  */
 public class OAuth2AuthorizationCodeReactiveAuthenticationManager implements ReactiveAuthenticationManager {
+
 	private static final String INVALID_STATE_PARAMETER_ERROR_CODE = "invalid_state_parameter";
+
 	private final ReactiveOAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient;
 
 	public OAuth2AuthorizationCodeReactiveAuthenticationManager(
@@ -74,33 +83,36 @@ public class OAuth2AuthorizationCodeReactiveAuthenticationManager implements Rea
 		return Mono.defer(() -> {
 			OAuth2AuthorizationCodeAuthenticationToken token = (OAuth2AuthorizationCodeAuthenticationToken) authentication;
 
-			OAuth2AuthorizationResponse authorizationResponse = token.getAuthorizationExchange().getAuthorizationResponse();
+			OAuth2AuthorizationResponse authorizationResponse = token.getAuthorizationExchange()
+					.getAuthorizationResponse();
 			if (authorizationResponse.statusError()) {
 				return Mono.error(new OAuth2AuthorizationException(authorizationResponse.getError()));
 			}
 
-			OAuth2AuthorizationRequest authorizationRequest = token.getAuthorizationExchange().getAuthorizationRequest();
+			OAuth2AuthorizationRequest authorizationRequest = token.getAuthorizationExchange()
+					.getAuthorizationRequest();
 			if (!authorizationResponse.getState().equals(authorizationRequest.getState())) {
 				OAuth2Error oauth2Error = new OAuth2Error(INVALID_STATE_PARAMETER_ERROR_CODE);
 				return Mono.error(new OAuth2AuthorizationException(oauth2Error));
 			}
 
 			OAuth2AuthorizationCodeGrantRequest authzRequest = new OAuth2AuthorizationCodeGrantRequest(
-					token.getClientRegistration(),
-					token.getAuthorizationExchange());
+					token.getClientRegistration(), token.getAuthorizationExchange());
 
-			return this.accessTokenResponseClient.getTokenResponse(authzRequest)
-					.map(onSuccess(token));
+			return this.accessTokenResponseClient.getTokenResponse(authzRequest).map(onSuccess(token));
 		});
 	}
 
-	private Function<OAuth2AccessTokenResponse, OAuth2AuthorizationCodeAuthenticationToken> onSuccess(OAuth2AuthorizationCodeAuthenticationToken token) {
+	private Function<OAuth2AccessTokenResponse, OAuth2AuthorizationCodeAuthenticationToken> onSuccess(
+			OAuth2AuthorizationCodeAuthenticationToken token) {
 		return accessTokenResponse -> {
 			ClientRegistration registration = token.getClientRegistration();
 			OAuth2AuthorizationExchange exchange = token.getAuthorizationExchange();
 			OAuth2AccessToken accessToken = accessTokenResponse.getAccessToken();
 			OAuth2RefreshToken refreshToken = accessTokenResponse.getRefreshToken();
-			return new OAuth2AuthorizationCodeAuthenticationToken(registration, exchange, accessToken, refreshToken, accessTokenResponse.getAdditionalParameters());
+			return new OAuth2AuthorizationCodeAuthenticationToken(registration, exchange, accessToken, refreshToken,
+					accessTokenResponse.getAdditionalParameters());
 		};
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProvider.java
index 8d3b70234d..d27e0fe7c2 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProvider.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProvider.java
@@ -35,18 +35,18 @@ import java.util.Collection;
 import java.util.Map;
 
 /**
- * An implementation of an {@link AuthenticationProvider} for OAuth 2.0 Login,
- * which leverages the OAuth 2.0 Authorization Code Grant Flow.
+ * An implementation of an {@link AuthenticationProvider} for OAuth 2.0 Login, which
+ * leverages the OAuth 2.0 Authorization Code Grant Flow.
  *
- * This {@link AuthenticationProvider} is responsible for authenticating
- * an Authorization Code credential with the Authorization Server's Token Endpoint
- * and if valid, exchanging it for an Access Token credential.
+ * This {@link AuthenticationProvider} is responsible for authenticating an Authorization
+ * Code credential with the Authorization Server's Token Endpoint and if valid, exchanging
+ * it for an Access Token credential.
  * <p>
- * It will also obtain the user attributes of the End-User (Resource Owner)
- * from the UserInfo Endpoint using an {@link OAuth2UserService},
- * which will create a {@code Principal} in the form of an {@link OAuth2User}.
- * The {@code OAuth2User} is then associated to the {@link OAuth2LoginAuthenticationToken}
- * to complete the authentication.
+ * It will also obtain the user attributes of the End-User (Resource Owner) from the
+ * UserInfo Endpoint using an {@link OAuth2UserService}, which will create a
+ * {@code Principal} in the form of an {@link OAuth2User}. The {@code OAuth2User} is then
+ * associated to the {@link OAuth2LoginAuthenticationToken} to complete the
+ * authentication.
  *
  * @author Joe Grandja
  * @since 5.0
@@ -54,40 +54,51 @@ import java.util.Map;
  * @see OAuth2AccessTokenResponseClient
  * @see OAuth2UserService
  * @see OAuth2User
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1">Section 4.1 Authorization Code Grant Flow</a>
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1.3">Section 4.1.3 Access Token Request</a>
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1.4">Section 4.1.4 Access Token Response</a>
+ * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1">Section
+ * 4.1 Authorization Code Grant Flow</a>
+ * @see <a target="_blank" href=
+ * "https://tools.ietf.org/html/rfc6749#section-4.1.3">Section 4.1.3 Access Token
+ * Request</a>
+ * @see <a target="_blank" href=
+ * "https://tools.ietf.org/html/rfc6749#section-4.1.4">Section 4.1.4 Access Token
+ * Response</a>
  */
 public class OAuth2LoginAuthenticationProvider implements AuthenticationProvider {
+
 	private final OAuth2AuthorizationCodeAuthenticationProvider authorizationCodeAuthenticationProvider;
+
 	private final OAuth2UserService<OAuth2UserRequest, OAuth2User> userService;
+
 	private GrantedAuthoritiesMapper authoritiesMapper = (authorities -> authorities);
 
 	/**
-	 * Constructs an {@code OAuth2LoginAuthenticationProvider} using the provided parameters.
-	 *
-	 * @param accessTokenResponseClient the client used for requesting the access token credential from the Token Endpoint
-	 * @param userService the service used for obtaining the user attributes of the End-User from the UserInfo Endpoint
+	 * Constructs an {@code OAuth2LoginAuthenticationProvider} using the provided
+	 * parameters.
+	 * @param accessTokenResponseClient the client used for requesting the access token
+	 * credential from the Token Endpoint
+	 * @param userService the service used for obtaining the user attributes of the
+	 * End-User from the UserInfo Endpoint
 	 */
 	public OAuth2LoginAuthenticationProvider(
-		OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient,
-		OAuth2UserService<OAuth2UserRequest, OAuth2User> userService) {
+			OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient,
+			OAuth2UserService<OAuth2UserRequest, OAuth2User> userService) {
 
 		Assert.notNull(userService, "userService cannot be null");
-		this.authorizationCodeAuthenticationProvider = new OAuth2AuthorizationCodeAuthenticationProvider(accessTokenResponseClient);
+		this.authorizationCodeAuthenticationProvider = new OAuth2AuthorizationCodeAuthenticationProvider(
+				accessTokenResponseClient);
 		this.userService = userService;
 	}
 
 	@Override
 	public Authentication authenticate(Authentication authentication) throws AuthenticationException {
-		OAuth2LoginAuthenticationToken loginAuthenticationToken =
-			(OAuth2LoginAuthenticationToken) authentication;
+		OAuth2LoginAuthenticationToken loginAuthenticationToken = (OAuth2LoginAuthenticationToken) authentication;
 
-		// Section 3.1.2.1 Authentication Request - https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
+		// Section 3.1.2.1 Authentication Request -
+		// https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
 		// scope
-		// 		REQUIRED. OpenID Connect requests MUST contain the "openid" scope value.
-		if (loginAuthenticationToken.getAuthorizationExchange()
-			.getAuthorizationRequest().getScopes().contains("openid")) {
+		// REQUIRED. OpenID Connect requests MUST contain the "openid" scope value.
+		if (loginAuthenticationToken.getAuthorizationExchange().getAuthorizationRequest().getScopes()
+				.contains("openid")) {
 			// This is an OpenID Connect Authentication Request so return null
 			// and let OidcAuthorizationCodeAuthenticationProvider handle it instead
 			return null;
@@ -99,7 +110,8 @@ public class OAuth2LoginAuthenticationProvider implements AuthenticationProvider
 					.authenticate(new OAuth2AuthorizationCodeAuthenticationToken(
 							loginAuthenticationToken.getClientRegistration(),
 							loginAuthenticationToken.getAuthorizationExchange()));
-		} catch (OAuth2AuthorizationException ex) {
+		}
+		catch (OAuth2AuthorizationException ex) {
 			OAuth2Error oauth2Error = ex.getError();
 			throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
 		}
@@ -110,26 +122,23 @@ public class OAuth2LoginAuthenticationProvider implements AuthenticationProvider
 		OAuth2User oauth2User = this.userService.loadUser(new OAuth2UserRequest(
 				loginAuthenticationToken.getClientRegistration(), accessToken, additionalParameters));
 
-		Collection<? extends GrantedAuthority> mappedAuthorities =
-			this.authoritiesMapper.mapAuthorities(oauth2User.getAuthorities());
+		Collection<? extends GrantedAuthority> mappedAuthorities = this.authoritiesMapper
+				.mapAuthorities(oauth2User.getAuthorities());
 
 		OAuth2LoginAuthenticationToken authenticationResult = new OAuth2LoginAuthenticationToken(
-			loginAuthenticationToken.getClientRegistration(),
-			loginAuthenticationToken.getAuthorizationExchange(),
-			oauth2User,
-			mappedAuthorities,
-			accessToken,
-			authorizationCodeAuthenticationToken.getRefreshToken());
+				loginAuthenticationToken.getClientRegistration(), loginAuthenticationToken.getAuthorizationExchange(),
+				oauth2User, mappedAuthorities, accessToken, authorizationCodeAuthenticationToken.getRefreshToken());
 		authenticationResult.setDetails(loginAuthenticationToken.getDetails());
 
 		return authenticationResult;
 	}
 
 	/**
-	 * Sets the {@link GrantedAuthoritiesMapper} used for mapping {@link OAuth2User#getAuthorities()}
-	 * to a new set of authorities which will be associated to the {@link OAuth2LoginAuthenticationToken}.
-	 *
-	 * @param authoritiesMapper the {@link GrantedAuthoritiesMapper} used for mapping the user's authorities
+	 * Sets the {@link GrantedAuthoritiesMapper} used for mapping
+	 * {@link OAuth2User#getAuthorities()} to a new set of authorities which will be
+	 * associated to the {@link OAuth2LoginAuthenticationToken}.
+	 * @param authoritiesMapper the {@link GrantedAuthoritiesMapper} used for mapping the
+	 * user's authorities
 	 */
 	public final void setAuthoritiesMapper(GrantedAuthoritiesMapper authoritiesMapper) {
 		Assert.notNull(authoritiesMapper, "authoritiesMapper cannot be null");
@@ -140,4 +149,5 @@ public class OAuth2LoginAuthenticationProvider implements AuthenticationProvider
 	public boolean supports(Class<?> authentication) {
 		return OAuth2LoginAuthenticationToken.class.isAssignableFrom(authentication);
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationToken.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationToken.java
index a8fc5fd128..e0976bbe98 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationToken.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationToken.java
@@ -30,8 +30,8 @@ import java.util.Collection;
 import java.util.Collections;
 
 /**
- * An {@link AbstractAuthenticationToken} for OAuth 2.0 Login,
- * which leverages the OAuth 2.0 Authorization Code Grant Flow.
+ * An {@link AbstractAuthenticationToken} for OAuth 2.0 Login, which leverages the OAuth
+ * 2.0 Authorization Code Grant Flow.
  *
  * @author Joe Grandja
  * @since 5.0
@@ -40,24 +40,31 @@ import java.util.Collections;
  * @see ClientRegistration
  * @see OAuth2AuthorizationExchange
  * @see OAuth2AccessToken
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1">Section 4.1 Authorization Code Grant Flow</a>
+ * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1">Section
+ * 4.1 Authorization Code Grant Flow</a>
  */
 public class OAuth2LoginAuthenticationToken extends AbstractAuthenticationToken {
+
 	private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
+
 	private OAuth2User principal;
+
 	private ClientRegistration clientRegistration;
+
 	private OAuth2AuthorizationExchange authorizationExchange;
+
 	private OAuth2AccessToken accessToken;
+
 	private OAuth2RefreshToken refreshToken;
 
 	/**
-	 * This constructor should be used when the Authorization Request/Response is complete.
-	 *
+	 * This constructor should be used when the Authorization Request/Response is
+	 * complete.
 	 * @param clientRegistration the client registration
 	 * @param authorizationExchange the authorization exchange
 	 */
 	public OAuth2LoginAuthenticationToken(ClientRegistration clientRegistration,
-											OAuth2AuthorizationExchange authorizationExchange) {
+			OAuth2AuthorizationExchange authorizationExchange) {
 
 		super(Collections.emptyList());
 		Assert.notNull(clientRegistration, "clientRegistration cannot be null");
@@ -69,9 +76,8 @@ public class OAuth2LoginAuthenticationToken extends AbstractAuthenticationToken
 
 	/**
 	 * This constructor should be used when the Access Token Request/Response is complete,
-	 * which indicates that the Authorization Code Grant flow has fully completed
-	 * and OAuth 2.0 Login has been achieved.
-	 *
+	 * which indicates that the Authorization Code Grant flow has fully completed and
+	 * OAuth 2.0 Login has been achieved.
 	 * @param clientRegistration the client registration
 	 * @param authorizationExchange the authorization exchange
 	 * @param principal the user {@code Principal} registered with the OAuth 2.0 Provider
@@ -79,18 +85,15 @@ public class OAuth2LoginAuthenticationToken extends AbstractAuthenticationToken
 	 * @param accessToken the access token credential
 	 */
 	public OAuth2LoginAuthenticationToken(ClientRegistration clientRegistration,
-											OAuth2AuthorizationExchange authorizationExchange,
-											OAuth2User principal,
-											Collection<? extends GrantedAuthority> authorities,
-											OAuth2AccessToken accessToken) {
+			OAuth2AuthorizationExchange authorizationExchange, OAuth2User principal,
+			Collection<? extends GrantedAuthority> authorities, OAuth2AccessToken accessToken) {
 		this(clientRegistration, authorizationExchange, principal, authorities, accessToken, null);
 	}
 
 	/**
 	 * This constructor should be used when the Access Token Request/Response is complete,
-	 * which indicates that the Authorization Code Grant flow has fully completed
-	 * and OAuth 2.0 Login has been achieved.
-	 *
+	 * which indicates that the Authorization Code Grant flow has fully completed and
+	 * OAuth 2.0 Login has been achieved.
 	 * @param clientRegistration the client registration
 	 * @param authorizationExchange the authorization exchange
 	 * @param principal the user {@code Principal} registered with the OAuth 2.0 Provider
@@ -99,11 +102,9 @@ public class OAuth2LoginAuthenticationToken extends AbstractAuthenticationToken
 	 * @param refreshToken the refresh token credential
 	 */
 	public OAuth2LoginAuthenticationToken(ClientRegistration clientRegistration,
-											OAuth2AuthorizationExchange authorizationExchange,
-											OAuth2User principal,
-											Collection<? extends GrantedAuthority> authorities,
-											OAuth2AccessToken accessToken,
-											@Nullable OAuth2RefreshToken refreshToken) {
+			OAuth2AuthorizationExchange authorizationExchange, OAuth2User principal,
+			Collection<? extends GrantedAuthority> authorities, OAuth2AccessToken accessToken,
+			@Nullable OAuth2RefreshToken refreshToken) {
 		super(authorities);
 		Assert.notNull(clientRegistration, "clientRegistration cannot be null");
 		Assert.notNull(authorizationExchange, "authorizationExchange cannot be null");
@@ -129,7 +130,6 @@ public class OAuth2LoginAuthenticationToken extends AbstractAuthenticationToken
 
 	/**
 	 * Returns the {@link ClientRegistration client registration}.
-	 *
 	 * @return the {@link ClientRegistration}
 	 */
 	public ClientRegistration getClientRegistration() {
@@ -138,7 +138,6 @@ public class OAuth2LoginAuthenticationToken extends AbstractAuthenticationToken
 
 	/**
 	 * Returns the {@link OAuth2AuthorizationExchange authorization exchange}.
-	 *
 	 * @return the {@link OAuth2AuthorizationExchange}
 	 */
 	public OAuth2AuthorizationExchange getAuthorizationExchange() {
@@ -147,7 +146,6 @@ public class OAuth2LoginAuthenticationToken extends AbstractAuthenticationToken
 
 	/**
 	 * Returns the {@link OAuth2AccessToken access token}.
-	 *
 	 * @return the {@link OAuth2AccessToken}
 	 */
 	public OAuth2AccessToken getAccessToken() {
@@ -163,4 +161,5 @@ public class OAuth2LoginAuthenticationToken extends AbstractAuthenticationToken
 	public @Nullable OAuth2RefreshToken getRefreshToken() {
 		return this.refreshToken;
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginReactiveAuthenticationManager.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginReactiveAuthenticationManager.java
index 9fb1820ff5..e157b3ae40 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginReactiveAuthenticationManager.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginReactiveAuthenticationManager.java
@@ -34,18 +34,20 @@ import java.util.Collection;
 import java.util.Map;
 
 /**
- * An implementation of an {@link org.springframework.security.authentication.AuthenticationProvider} for OAuth 2.0 Login,
- * which leverages the OAuth 2.0 Authorization Code Grant Flow.
+ * An implementation of an
+ * {@link org.springframework.security.authentication.AuthenticationProvider} for OAuth
+ * 2.0 Login, which leverages the OAuth 2.0 Authorization Code Grant Flow.
  *
- * This {@link org.springframework.security.authentication.AuthenticationProvider} is responsible for authenticating
- * an Authorization Code credential with the Authorization Server's Token Endpoint
- * and if valid, exchanging it for an Access Token credential.
+ * This {@link org.springframework.security.authentication.AuthenticationProvider} is
+ * responsible for authenticating an Authorization Code credential with the Authorization
+ * Server's Token Endpoint and if valid, exchanging it for an Access Token credential.
  * <p>
- * It will also obtain the user attributes of the End-User (Resource Owner)
- * from the UserInfo Endpoint using an {@link org.springframework.security.oauth2.client.userinfo.OAuth2UserService},
- * which will create a {@code Principal} in the form of an {@link OAuth2User}.
- * The {@code OAuth2User} is then associated to the {@link OAuth2LoginAuthenticationToken}
- * to complete the authentication.
+ * It will also obtain the user attributes of the End-User (Resource Owner) from the
+ * UserInfo Endpoint using an
+ * {@link org.springframework.security.oauth2.client.userinfo.OAuth2UserService}, which
+ * will create a {@code Principal} in the form of an {@link OAuth2User}. The
+ * {@code OAuth2User} is then associated to the {@link OAuth2LoginAuthenticationToken} to
+ * complete the authentication.
  *
  * @author Rob Winch
  * @since 5.1
@@ -53,12 +55,17 @@ import java.util.Map;
  * @see org.springframework.security.oauth2.client.endpoint.ReactiveOAuth2AccessTokenResponseClient
  * @see org.springframework.security.oauth2.client.userinfo.ReactiveOAuth2UserService
  * @see OAuth2User
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1">Section 4.1 Authorization Code Grant Flow</a>
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1.3">Section 4.1.3 Access Token Request</a>
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1.4">Section 4.1.4 Access Token Response</a>
+ * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1">Section
+ * 4.1 Authorization Code Grant Flow</a>
+ * @see <a target="_blank" href=
+ * "https://tools.ietf.org/html/rfc6749#section-4.1.3">Section 4.1.3 Access Token
+ * Request</a>
+ * @see <a target="_blank" href=
+ * "https://tools.ietf.org/html/rfc6749#section-4.1.4">Section 4.1.4 Access Token
+ * Response</a>
  */
-public class OAuth2LoginReactiveAuthenticationManager implements
-		ReactiveAuthenticationManager {
+public class OAuth2LoginReactiveAuthenticationManager implements ReactiveAuthenticationManager {
+
 	private final ReactiveAuthenticationManager authorizationCodeManager;
 
 	private final ReactiveOAuth2UserService<OAuth2UserRequest, OAuth2User> userService;
@@ -70,7 +77,8 @@ public class OAuth2LoginReactiveAuthenticationManager implements
 			ReactiveOAuth2UserService<OAuth2UserRequest, OAuth2User> userService) {
 		Assert.notNull(accessTokenResponseClient, "accessTokenResponseClient cannot be null");
 		Assert.notNull(userService, "userService cannot be null");
-		this.authorizationCodeManager = new OAuth2AuthorizationCodeReactiveAuthenticationManager(accessTokenResponseClient);
+		this.authorizationCodeManager = new OAuth2AuthorizationCodeReactiveAuthenticationManager(
+				accessTokenResponseClient);
 		this.userService = userService;
 	}
 
@@ -79,28 +87,32 @@ public class OAuth2LoginReactiveAuthenticationManager implements
 		return Mono.defer(() -> {
 			OAuth2AuthorizationCodeAuthenticationToken token = (OAuth2AuthorizationCodeAuthenticationToken) authentication;
 
-			// Section 3.1.2.1 Authentication Request - https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
-			// scope REQUIRED. OpenID Connect requests MUST contain the "openid" scope value.
-			if (token.getAuthorizationExchange()
-					.getAuthorizationRequest().getScopes().contains("openid")) {
+			// Section 3.1.2.1 Authentication Request -
+			// https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
+			// scope REQUIRED. OpenID Connect requests MUST contain the "openid" scope
+			// value.
+			if (token.getAuthorizationExchange().getAuthorizationRequest().getScopes().contains("openid")) {
 				// This is an OpenID Connect Authentication Request so return null
-				// and let OidcAuthorizationCodeReactiveAuthenticationManager handle it instead once one is created
+				// and let OidcAuthorizationCodeReactiveAuthenticationManager handle it
+				// instead once one is created
 				return Mono.empty();
 			}
 
 			return this.authorizationCodeManager.authenticate(token)
-					.onErrorMap(OAuth2AuthorizationException.class, e -> new OAuth2AuthenticationException(e.getError(), e.getError().toString()))
-					.cast(OAuth2AuthorizationCodeAuthenticationToken.class)
-					.flatMap(this::onSuccess);
+					.onErrorMap(OAuth2AuthorizationException.class,
+							e -> new OAuth2AuthenticationException(e.getError(), e.getError().toString()))
+					.cast(OAuth2AuthorizationCodeAuthenticationToken.class).flatMap(this::onSuccess);
 		});
 	}
 
 	/**
-	 * Sets the {@link GrantedAuthoritiesMapper} used for mapping {@link OAuth2User#getAuthorities()}
-	 * to a new set of authorities which will be associated to the {@link OAuth2LoginAuthenticationToken}.
+	 * Sets the {@link GrantedAuthoritiesMapper} used for mapping
+	 * {@link OAuth2User#getAuthorities()} to a new set of authorities which will be
+	 * associated to the {@link OAuth2LoginAuthenticationToken}.
 	 *
 	 * @since 5.4
-	 * @param authoritiesMapper the {@link GrantedAuthoritiesMapper} used for mapping the user's authorities
+	 * @param authoritiesMapper the {@link GrantedAuthoritiesMapper} used for mapping the
+	 * user's authorities
 	 */
 	public final void setAuthoritiesMapper(GrantedAuthoritiesMapper authoritiesMapper) {
 		Assert.notNull(authoritiesMapper, "authoritiesMapper cannot be null");
@@ -110,20 +122,17 @@ public class OAuth2LoginReactiveAuthenticationManager implements
 	private Mono<OAuth2LoginAuthenticationToken> onSuccess(OAuth2AuthorizationCodeAuthenticationToken authentication) {
 		OAuth2AccessToken accessToken = authentication.getAccessToken();
 		Map<String, Object> additionalParameters = authentication.getAdditionalParameters();
-		OAuth2UserRequest userRequest = new OAuth2UserRequest(authentication.getClientRegistration(), accessToken, additionalParameters);
-		return this.userService.loadUser(userRequest)
-				.map(oauth2User -> {
-					Collection<? extends GrantedAuthority> mappedAuthorities =
-							this.authoritiesMapper.mapAuthorities(oauth2User.getAuthorities());
+		OAuth2UserRequest userRequest = new OAuth2UserRequest(authentication.getClientRegistration(), accessToken,
+				additionalParameters);
+		return this.userService.loadUser(userRequest).map(oauth2User -> {
+			Collection<? extends GrantedAuthority> mappedAuthorities = this.authoritiesMapper
+					.mapAuthorities(oauth2User.getAuthorities());
 
-					OAuth2LoginAuthenticationToken authenticationResult = new OAuth2LoginAuthenticationToken(
-							authentication.getClientRegistration(),
-							authentication.getAuthorizationExchange(),
-							oauth2User,
-							mappedAuthorities,
-							accessToken,
-							authentication.getRefreshToken());
-					return authenticationResult;
-				});
+			OAuth2LoginAuthenticationToken authenticationResult = new OAuth2LoginAuthenticationToken(
+					authentication.getClientRegistration(), authentication.getAuthorizationExchange(), oauth2User,
+					mappedAuthorities, accessToken, authentication.getRefreshToken());
+			return authenticationResult;
+		});
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/package-info.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/package-info.java
index 1fe301ac98..8ca0e3b135 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/package-info.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/package-info.java
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 /**
- * Support classes and interfaces for authenticating and authorizing a client
- * with an OAuth 2.0 Authorization Server using a specific authorization grant flow.
+ * Support classes and interfaces for authenticating and authorizing a client with an
+ * OAuth 2.0 Authorization Server using a specific authorization grant flow.
  */
 package org.springframework.security.oauth2.client.authentication;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/AbstractOAuth2AuthorizationGrantRequest.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/AbstractOAuth2AuthorizationGrantRequest.java
index d1c7f26aa4..900f2c828b 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/AbstractOAuth2AuthorizationGrantRequest.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/AbstractOAuth2AuthorizationGrantRequest.java
@@ -19,21 +19,22 @@ import org.springframework.security.oauth2.core.AuthorizationGrantType;
 import org.springframework.util.Assert;
 
 /**
- * Base implementation of an OAuth 2.0 Authorization Grant request
- * that holds an authorization grant credential and is used when
- * initiating a request to the Authorization Server's Token Endpoint.
+ * Base implementation of an OAuth 2.0 Authorization Grant request that holds an
+ * authorization grant credential and is used when initiating a request to the
+ * Authorization Server's Token Endpoint.
  *
  * @author Joe Grandja
  * @since 5.0
  * @see AuthorizationGrantType
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-1.3">Section 1.3 Authorization Grant</a>
+ * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-1.3">Section
+ * 1.3 Authorization Grant</a>
  */
 public abstract class AbstractOAuth2AuthorizationGrantRequest {
+
 	private final AuthorizationGrantType authorizationGrantType;
 
 	/**
 	 * Sub-class constructor.
-	 *
 	 * @param authorizationGrantType the authorization grant type
 	 */
 	protected AbstractOAuth2AuthorizationGrantRequest(AuthorizationGrantType authorizationGrantType) {
@@ -43,10 +44,10 @@ public abstract class AbstractOAuth2AuthorizationGrantRequest {
 
 	/**
 	 * Returns the authorization grant type.
-	 *
 	 * @return the authorization grant type
 	 */
 	public AuthorizationGrantType getGrantType() {
 		return this.authorizationGrantType;
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/AbstractWebClientReactiveOAuth2AccessTokenResponseClient.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/AbstractWebClientReactiveOAuth2AccessTokenResponseClient.java
index 2991b855a8..a9397e8c2a 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/AbstractWebClientReactiveOAuth2AccessTokenResponseClient.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/AbstractWebClientReactiveOAuth2AccessTokenResponseClient.java
@@ -35,17 +35,22 @@ import java.util.Set;
 import static org.springframework.security.oauth2.core.web.reactive.function.OAuth2BodyExtractors.oauth2AccessTokenResponse;
 
 /**
- * Abstract base class for all of the {@code WebClientReactive*TokenResponseClient}s
- * that communicate to the Authorization Server's Token Endpoint.
+ * Abstract base class for all of the {@code WebClientReactive*TokenResponseClient}s that
+ * communicate to the Authorization Server's Token Endpoint.
  *
- * <p>Submits a form request body specific to the type of grant request.</p>
+ * <p>
+ * Submits a form request body specific to the type of grant request.
+ * </p>
  *
- * <p>Accepts a JSON response body containing an OAuth 2.0 Access token or error.</p>
+ * <p>
+ * Accepts a JSON response body containing an OAuth 2.0 Access token or error.
+ * </p>
  *
  * @author Phil Clay
  * @since 5.3
  * @param <T> type of grant request
- * @see <a href="https://tools.ietf.org/html/rfc6749#section-3.2">RFC-6749 Token Endpoint</a>
+ * @see <a href="https://tools.ietf.org/html/rfc6749#section-3.2">RFC-6749 Token
+ * Endpoint</a>
  * @see WebClientReactiveAuthorizationCodeTokenResponseClient
  * @see WebClientReactiveClientCredentialsTokenResponseClient
  * @see WebClientReactivePasswordTokenResponseClient
@@ -59,17 +64,15 @@ abstract class AbstractWebClientReactiveOAuth2AccessTokenResponseClient<T extend
 	@Override
 	public Mono<OAuth2AccessTokenResponse> getTokenResponse(T grantRequest) {
 		Assert.notNull(grantRequest, "grantRequest cannot be null");
-		return Mono.defer(() -> this.webClient.post()
-				.uri(clientRegistration(grantRequest).getProviderDetails().getTokenUri())
-				.headers(headers -> populateTokenRequestHeaders(grantRequest, headers))
-				.body(createTokenRequestBody(grantRequest))
-				.exchange()
-				.flatMap(response -> readTokenResponse(grantRequest, response)));
+		return Mono.defer(
+				() -> this.webClient.post().uri(clientRegistration(grantRequest).getProviderDetails().getTokenUri())
+						.headers(headers -> populateTokenRequestHeaders(grantRequest, headers))
+						.body(createTokenRequestBody(grantRequest)).exchange()
+						.flatMap(response -> readTokenResponse(grantRequest, response)));
 	}
 
 	/**
 	 * Returns the {@link ClientRegistration} for the given {@code grantRequest}.
-	 *
 	 * @param grantRequest the grant request
 	 * @return the {@link ClientRegistration} for the given {@code grantRequest}.
 	 */
@@ -77,7 +80,6 @@ abstract class AbstractWebClientReactiveOAuth2AccessTokenResponseClient<T extend
 
 	/**
 	 * Populates the headers for the token request.
-	 *
 	 * @param grantRequest the grant request
 	 * @param headers the headers to populate
 	 */
@@ -93,30 +95,34 @@ abstract class AbstractWebClientReactiveOAuth2AccessTokenResponseClient<T extend
 	/**
 	 * Creates and returns the body for the token request.
 	 *
-	 * <p>This method pre-populates the body with some standard properties,
-	 * and then delegates to {@link #populateTokenRequestBody(AbstractOAuth2AuthorizationGrantRequest, BodyInserters.FormInserter)}
-	 * for subclasses to further populate the body before returning.</p>
-	 *
+	 * <p>
+	 * This method pre-populates the body with some standard properties, and then
+	 * delegates to
+	 * {@link #populateTokenRequestBody(AbstractOAuth2AuthorizationGrantRequest, BodyInserters.FormInserter)}
+	 * for subclasses to further populate the body before returning.
+	 * </p>
 	 * @param grantRequest the grant request
 	 * @return the body for the token request.
 	 */
 	private BodyInserters.FormInserter<String> createTokenRequestBody(T grantRequest) {
-		BodyInserters.FormInserter<String> body = BodyInserters
-				.fromFormData(OAuth2ParameterNames.GRANT_TYPE, grantRequest.getGrantType().getValue());
+		BodyInserters.FormInserter<String> body = BodyInserters.fromFormData(OAuth2ParameterNames.GRANT_TYPE,
+				grantRequest.getGrantType().getValue());
 		return populateTokenRequestBody(grantRequest, body);
 	}
 
 	/**
 	 * Populates the body of the token request.
 	 *
-	 * <p>By default, populates properties that are common to all grant types.
-	 * Subclasses can extend this method to populate grant type specific properties.</p>
-	 *
+	 * <p>
+	 * By default, populates properties that are common to all grant types. Subclasses can
+	 * extend this method to populate grant type specific properties.
+	 * </p>
 	 * @param grantRequest the grant request
 	 * @param body the body to populate
 	 * @return the populated body
 	 */
-	BodyInserters.FormInserter<String> populateTokenRequestBody(T grantRequest, BodyInserters.FormInserter<String> body) {
+	BodyInserters.FormInserter<String> populateTokenRequestBody(T grantRequest,
+			BodyInserters.FormInserter<String> body) {
 		ClientRegistration clientRegistration = clientRegistration(grantRequest);
 		if (!ClientAuthenticationMethod.BASIC.equals(clientRegistration.getClientAuthenticationMethod())) {
 			body.with(OAuth2ParameterNames.CLIENT_ID, clientRegistration.getClientId());
@@ -126,31 +132,30 @@ abstract class AbstractWebClientReactiveOAuth2AccessTokenResponseClient<T extend
 		}
 		Set<String> scopes = scopes(grantRequest);
 		if (!CollectionUtils.isEmpty(scopes)) {
-			body.with(OAuth2ParameterNames.SCOPE,
-					StringUtils.collectionToDelimitedString(scopes, " "));
+			body.with(OAuth2ParameterNames.SCOPE, StringUtils.collectionToDelimitedString(scopes, " "));
 		}
 		return body;
 	}
 
 	/**
 	 * Returns the scopes to include as a property in the token request.
-	 *
 	 * @param grantRequest the grant request
 	 * @return the scopes to include as a property in the token request.
 	 */
 	abstract Set<String> scopes(T grantRequest);
 
 	/**
-	 * Returns the scopes to include in the response if the authorization
-	 * server returned no scopes in the response.
-	 *
-	 * <p>As per <a href="https://tools.ietf.org/html/rfc6749#section-5.1">RFC-6749 Section 5.1 Successful Access Token Response</a>,
-	 * if AccessTokenResponse.scope is empty, then default to the scope
-	 * originally requested by the client in the Token Request.</p>
+	 * Returns the scopes to include in the response if the authorization server returned
+	 * no scopes in the response.
 	 *
+	 * <p>
+	 * As per <a href="https://tools.ietf.org/html/rfc6749#section-5.1">RFC-6749 Section
+	 * 5.1 Successful Access Token Response</a>, if AccessTokenResponse.scope is empty,
+	 * then default to the scope originally requested by the client in the Token Request.
+	 * </p>
 	 * @param grantRequest the grant request
-	 * @return the scopes to include in the response if the authorization
-	 *         server returned no scopes.
+	 * @return the scopes to include in the response if the authorization server returned
+	 * no scopes.
 	 */
 	Set<String> defaultScopes(T grantRequest) {
 		return scopes(grantRequest);
@@ -158,7 +163,6 @@ abstract class AbstractWebClientReactiveOAuth2AccessTokenResponseClient<T extend
 
 	/**
 	 * Reads the token response from the response body.
-	 *
 	 * @param grantRequest the request for which the response was received.
 	 * @param response the client response from which to read
 	 * @return the token response from the response body.
@@ -169,30 +173,30 @@ abstract class AbstractWebClientReactiveOAuth2AccessTokenResponseClient<T extend
 	}
 
 	/**
-	 * Populates the given {@link OAuth2AccessTokenResponse} with additional details
-	 * from the grant request.
-	 *
+	 * Populates the given {@link OAuth2AccessTokenResponse} with additional details from
+	 * the grant request.
 	 * @param grantRequest the request for which the response was received.
 	 * @param tokenResponse the original token response
-	 * @return a token response optionally populated with additional details from the request.
+	 * @return a token response optionally populated with additional details from the
+	 * request.
 	 */
 	OAuth2AccessTokenResponse populateTokenResponse(T grantRequest, OAuth2AccessTokenResponse tokenResponse) {
 		if (CollectionUtils.isEmpty(tokenResponse.getAccessToken().getScopes())) {
 			Set<String> defaultScopes = defaultScopes(grantRequest);
-			tokenResponse = OAuth2AccessTokenResponse.withResponse(tokenResponse)
-					.scopes(defaultScopes)
-					.build();
+			tokenResponse = OAuth2AccessTokenResponse.withResponse(tokenResponse).scopes(defaultScopes).build();
 		}
 		return tokenResponse;
 	}
 
 	/**
-	 * Sets the {@link WebClient} used when requesting the OAuth 2.0 Access Token Response.
-	 *
-	 * @param webClient the {@link WebClient} used when requesting the Access Token Response
+	 * Sets the {@link WebClient} used when requesting the OAuth 2.0 Access Token
+	 * Response.
+	 * @param webClient the {@link WebClient} used when requesting the Access Token
+	 * Response
 	 */
 	public void setWebClient(WebClient webClient) {
 		Assert.notNull(webClient, "webClient cannot be null");
 		this.webClient = webClient;
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/DefaultAuthorizationCodeTokenResponseClient.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/DefaultAuthorizationCodeTokenResponseClient.java
index 174dc75e43..656d55c195 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/DefaultAuthorizationCodeTokenResponseClient.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/DefaultAuthorizationCodeTokenResponseClient.java
@@ -36,36 +36,42 @@ import org.springframework.web.client.RestTemplate;
 import java.util.Arrays;
 
 /**
- * The default implementation of an {@link OAuth2AccessTokenResponseClient}
- * for the {@link AuthorizationGrantType#AUTHORIZATION_CODE authorization_code} grant.
- * This implementation uses a {@link RestOperations} when requesting
- * an access token credential at the Authorization Server's Token Endpoint.
+ * The default implementation of an {@link OAuth2AccessTokenResponseClient} for the
+ * {@link AuthorizationGrantType#AUTHORIZATION_CODE authorization_code} grant. This
+ * implementation uses a {@link RestOperations} when requesting an access token credential
+ * at the Authorization Server's Token Endpoint.
  *
  * @author Joe Grandja
  * @since 5.1
  * @see OAuth2AccessTokenResponseClient
  * @see OAuth2AuthorizationCodeGrantRequest
  * @see OAuth2AccessTokenResponse
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1.3">Section 4.1.3 Access Token Request (Authorization Code Grant)</a>
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1.4">Section 4.1.4 Access Token Response (Authorization Code Grant)</a>
+ * @see <a target="_blank" href=
+ * "https://tools.ietf.org/html/rfc6749#section-4.1.3">Section 4.1.3 Access Token Request
+ * (Authorization Code Grant)</a>
+ * @see <a target="_blank" href=
+ * "https://tools.ietf.org/html/rfc6749#section-4.1.4">Section 4.1.4 Access Token Response
+ * (Authorization Code Grant)</a>
  */
-public final class DefaultAuthorizationCodeTokenResponseClient implements OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> {
+public final class DefaultAuthorizationCodeTokenResponseClient
+		implements OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> {
+
 	private static final String INVALID_TOKEN_RESPONSE_ERROR_CODE = "invalid_token_response";
 
-	private Converter<OAuth2AuthorizationCodeGrantRequest, RequestEntity<?>> requestEntityConverter =
-			new OAuth2AuthorizationCodeGrantRequestEntityConverter();
+	private Converter<OAuth2AuthorizationCodeGrantRequest, RequestEntity<?>> requestEntityConverter = new OAuth2AuthorizationCodeGrantRequestEntityConverter();
 
 	private RestOperations restOperations;
 
 	public DefaultAuthorizationCodeTokenResponseClient() {
-		RestTemplate restTemplate = new RestTemplate(Arrays.asList(
-				new FormHttpMessageConverter(), new OAuth2AccessTokenResponseHttpMessageConverter()));
+		RestTemplate restTemplate = new RestTemplate(
+				Arrays.asList(new FormHttpMessageConverter(), new OAuth2AccessTokenResponseHttpMessageConverter()));
 		restTemplate.setErrorHandler(new OAuth2ErrorResponseErrorHandler());
 		this.restOperations = restTemplate;
 	}
 
 	@Override
-	public OAuth2AccessTokenResponse getTokenResponse(OAuth2AuthorizationCodeGrantRequest authorizationCodeGrantRequest) {
+	public OAuth2AccessTokenResponse getTokenResponse(
+			OAuth2AuthorizationCodeGrantRequest authorizationCodeGrantRequest) {
 		Assert.notNull(authorizationCodeGrantRequest, "authorizationCodeGrantRequest cannot be null");
 
 		RequestEntity<?> request = this.requestEntityConverter.convert(authorizationCodeGrantRequest);
@@ -73,9 +79,12 @@ public final class DefaultAuthorizationCodeTokenResponseClient implements OAuth2
 		ResponseEntity<OAuth2AccessTokenResponse> response;
 		try {
 			response = this.restOperations.exchange(request, OAuth2AccessTokenResponse.class);
-		} catch (RestClientException ex) {
+		}
+		catch (RestClientException ex) {
 			OAuth2Error oauth2Error = new OAuth2Error(INVALID_TOKEN_RESPONSE_ERROR_CODE,
-					"An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response: " + ex.getMessage(), null);
+					"An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response: "
+							+ ex.getMessage(),
+					null);
 			throw new OAuth2AuthorizationException(oauth2Error, ex);
 		}
 
@@ -87,38 +96,43 @@ public final class DefaultAuthorizationCodeTokenResponseClient implements OAuth2
 			// If AccessTokenResponse.scope is empty, then default to the scope
 			// originally requested by the client in the Token Request
 			tokenResponse = OAuth2AccessTokenResponse.withResponse(tokenResponse)
-					.scopes(authorizationCodeGrantRequest.getClientRegistration().getScopes())
-					.build();
+					.scopes(authorizationCodeGrantRequest.getClientRegistration().getScopes()).build();
 		}
 
 		return tokenResponse;
 	}
 
 	/**
-	 * Sets the {@link Converter} used for converting the {@link OAuth2AuthorizationCodeGrantRequest}
-	 * to a {@link RequestEntity} representation of the OAuth 2.0 Access Token Request.
-	 *
-	 * @param requestEntityConverter the {@link Converter} used for converting to a {@link RequestEntity} representation of the Access Token Request
+	 * Sets the {@link Converter} used for converting the
+	 * {@link OAuth2AuthorizationCodeGrantRequest} to a {@link RequestEntity}
+	 * representation of the OAuth 2.0 Access Token Request.
+	 * @param requestEntityConverter the {@link Converter} used for converting to a
+	 * {@link RequestEntity} representation of the Access Token Request
 	 */
-	public void setRequestEntityConverter(Converter<OAuth2AuthorizationCodeGrantRequest, RequestEntity<?>> requestEntityConverter) {
+	public void setRequestEntityConverter(
+			Converter<OAuth2AuthorizationCodeGrantRequest, RequestEntity<?>> requestEntityConverter) {
 		Assert.notNull(requestEntityConverter, "requestEntityConverter cannot be null");
 		this.requestEntityConverter = requestEntityConverter;
 	}
 
 	/**
-	 * Sets the {@link RestOperations} used when requesting the OAuth 2.0 Access Token Response.
+	 * Sets the {@link RestOperations} used when requesting the OAuth 2.0 Access Token
+	 * Response.
 	 *
 	 * <p>
-	 * <b>NOTE:</b> At a minimum, the supplied {@code restOperations} must be configured with the following:
+	 * <b>NOTE:</b> At a minimum, the supplied {@code restOperations} must be configured
+	 * with the following:
 	 * <ol>
-	 *  <li>{@link HttpMessageConverter}'s - {@link FormHttpMessageConverter} and {@link OAuth2AccessTokenResponseHttpMessageConverter}</li>
-	 *  <li>{@link ResponseErrorHandler} - {@link OAuth2ErrorResponseErrorHandler}</li>
+	 * <li>{@link HttpMessageConverter}'s - {@link FormHttpMessageConverter} and
+	 * {@link OAuth2AccessTokenResponseHttpMessageConverter}</li>
+	 * <li>{@link ResponseErrorHandler} - {@link OAuth2ErrorResponseErrorHandler}</li>
 	 * </ol>
-	 *
-	 * @param restOperations the {@link RestOperations} used when requesting the Access Token Response
+	 * @param restOperations the {@link RestOperations} used when requesting the Access
+	 * Token Response
 	 */
 	public void setRestOperations(RestOperations restOperations) {
 		Assert.notNull(restOperations, "restOperations cannot be null");
 		this.restOperations = restOperations;
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/DefaultClientCredentialsTokenResponseClient.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/DefaultClientCredentialsTokenResponseClient.java
index fdd5eb1e75..155d1f8d22 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/DefaultClientCredentialsTokenResponseClient.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/DefaultClientCredentialsTokenResponseClient.java
@@ -36,36 +36,42 @@ import org.springframework.web.client.RestTemplate;
 import java.util.Arrays;
 
 /**
- * The default implementation of an {@link OAuth2AccessTokenResponseClient}
- * for the {@link AuthorizationGrantType#CLIENT_CREDENTIALS client_credentials} grant.
- * This implementation uses a {@link RestOperations} when requesting
- * an access token credential at the Authorization Server's Token Endpoint.
+ * The default implementation of an {@link OAuth2AccessTokenResponseClient} for the
+ * {@link AuthorizationGrantType#CLIENT_CREDENTIALS client_credentials} grant. This
+ * implementation uses a {@link RestOperations} when requesting an access token credential
+ * at the Authorization Server's Token Endpoint.
  *
  * @author Joe Grandja
  * @since 5.1
  * @see OAuth2AccessTokenResponseClient
  * @see OAuth2ClientCredentialsGrantRequest
  * @see OAuth2AccessTokenResponse
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.4.2">Section 4.4.2 Access Token Request (Client Credentials Grant)</a>
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.4.3">Section 4.4.3 Access Token Response (Client Credentials Grant)</a>
+ * @see <a target="_blank" href=
+ * "https://tools.ietf.org/html/rfc6749#section-4.4.2">Section 4.4.2 Access Token Request
+ * (Client Credentials Grant)</a>
+ * @see <a target="_blank" href=
+ * "https://tools.ietf.org/html/rfc6749#section-4.4.3">Section 4.4.3 Access Token Response
+ * (Client Credentials Grant)</a>
  */
-public final class DefaultClientCredentialsTokenResponseClient implements OAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest> {
+public final class DefaultClientCredentialsTokenResponseClient
+		implements OAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest> {
+
 	private static final String INVALID_TOKEN_RESPONSE_ERROR_CODE = "invalid_token_response";
 
-	private Converter<OAuth2ClientCredentialsGrantRequest, RequestEntity<?>> requestEntityConverter =
-			new OAuth2ClientCredentialsGrantRequestEntityConverter();
+	private Converter<OAuth2ClientCredentialsGrantRequest, RequestEntity<?>> requestEntityConverter = new OAuth2ClientCredentialsGrantRequestEntityConverter();
 
 	private RestOperations restOperations;
 
 	public DefaultClientCredentialsTokenResponseClient() {
-		RestTemplate restTemplate = new RestTemplate(Arrays.asList(
-				new FormHttpMessageConverter(), new OAuth2AccessTokenResponseHttpMessageConverter()));
+		RestTemplate restTemplate = new RestTemplate(
+				Arrays.asList(new FormHttpMessageConverter(), new OAuth2AccessTokenResponseHttpMessageConverter()));
 		restTemplate.setErrorHandler(new OAuth2ErrorResponseErrorHandler());
 		this.restOperations = restTemplate;
 	}
 
 	@Override
-	public OAuth2AccessTokenResponse getTokenResponse(OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest) {
+	public OAuth2AccessTokenResponse getTokenResponse(
+			OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest) {
 		Assert.notNull(clientCredentialsGrantRequest, "clientCredentialsGrantRequest cannot be null");
 
 		RequestEntity<?> request = this.requestEntityConverter.convert(clientCredentialsGrantRequest);
@@ -73,9 +79,12 @@ public final class DefaultClientCredentialsTokenResponseClient implements OAuth2
 		ResponseEntity<OAuth2AccessTokenResponse> response;
 		try {
 			response = this.restOperations.exchange(request, OAuth2AccessTokenResponse.class);
-		} catch (RestClientException ex) {
+		}
+		catch (RestClientException ex) {
 			OAuth2Error oauth2Error = new OAuth2Error(INVALID_TOKEN_RESPONSE_ERROR_CODE,
-					"An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response: " + ex.getMessage(), null);
+					"An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response: "
+							+ ex.getMessage(),
+					null);
 			throw new OAuth2AuthorizationException(oauth2Error, ex);
 		}
 
@@ -87,38 +96,43 @@ public final class DefaultClientCredentialsTokenResponseClient implements OAuth2
 			// If AccessTokenResponse.scope is empty, then default to the scope
 			// originally requested by the client in the Token Request
 			tokenResponse = OAuth2AccessTokenResponse.withResponse(tokenResponse)
-					.scopes(clientCredentialsGrantRequest.getClientRegistration().getScopes())
-					.build();
+					.scopes(clientCredentialsGrantRequest.getClientRegistration().getScopes()).build();
 		}
 
 		return tokenResponse;
 	}
 
 	/**
-	 * Sets the {@link Converter} used for converting the {@link OAuth2ClientCredentialsGrantRequest}
-	 * to a {@link RequestEntity} representation of the OAuth 2.0 Access Token Request.
-	 *
-	 * @param requestEntityConverter the {@link Converter} used for converting to a {@link RequestEntity} representation of the Access Token Request
+	 * Sets the {@link Converter} used for converting the
+	 * {@link OAuth2ClientCredentialsGrantRequest} to a {@link RequestEntity}
+	 * representation of the OAuth 2.0 Access Token Request.
+	 * @param requestEntityConverter the {@link Converter} used for converting to a
+	 * {@link RequestEntity} representation of the Access Token Request
 	 */
-	public void setRequestEntityConverter(Converter<OAuth2ClientCredentialsGrantRequest, RequestEntity<?>> requestEntityConverter) {
+	public void setRequestEntityConverter(
+			Converter<OAuth2ClientCredentialsGrantRequest, RequestEntity<?>> requestEntityConverter) {
 		Assert.notNull(requestEntityConverter, "requestEntityConverter cannot be null");
 		this.requestEntityConverter = requestEntityConverter;
 	}
 
 	/**
-	 * Sets the {@link RestOperations} used when requesting the OAuth 2.0 Access Token Response.
+	 * Sets the {@link RestOperations} used when requesting the OAuth 2.0 Access Token
+	 * Response.
 	 *
 	 * <p>
-	 * <b>NOTE:</b> At a minimum, the supplied {@code restOperations} must be configured with the following:
+	 * <b>NOTE:</b> At a minimum, the supplied {@code restOperations} must be configured
+	 * with the following:
 	 * <ol>
-	 *  <li>{@link HttpMessageConverter}'s - {@link FormHttpMessageConverter} and {@link OAuth2AccessTokenResponseHttpMessageConverter}</li>
-	 *  <li>{@link ResponseErrorHandler} - {@link OAuth2ErrorResponseErrorHandler}</li>
+	 * <li>{@link HttpMessageConverter}'s - {@link FormHttpMessageConverter} and
+	 * {@link OAuth2AccessTokenResponseHttpMessageConverter}</li>
+	 * <li>{@link ResponseErrorHandler} - {@link OAuth2ErrorResponseErrorHandler}</li>
 	 * </ol>
-	 *
-	 * @param restOperations the {@link RestOperations} used when requesting the Access Token Response
+	 * @param restOperations the {@link RestOperations} used when requesting the Access
+	 * Token Response
 	 */
 	public void setRestOperations(RestOperations restOperations) {
 		Assert.notNull(restOperations, "restOperations cannot be null");
 		this.restOperations = restOperations;
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/DefaultPasswordTokenResponseClient.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/DefaultPasswordTokenResponseClient.java
index e2f7180d2e..05e71120c4 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/DefaultPasswordTokenResponseClient.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/DefaultPasswordTokenResponseClient.java
@@ -36,30 +36,35 @@ import org.springframework.web.client.RestTemplate;
 import java.util.Arrays;
 
 /**
- * The default implementation of an {@link OAuth2AccessTokenResponseClient}
- * for the {@link AuthorizationGrantType#PASSWORD password} grant.
- * This implementation uses a {@link RestOperations} when requesting
- * an access token credential at the Authorization Server's Token Endpoint.
+ * The default implementation of an {@link OAuth2AccessTokenResponseClient} for the
+ * {@link AuthorizationGrantType#PASSWORD password} grant. This implementation uses a
+ * {@link RestOperations} when requesting an access token credential at the Authorization
+ * Server's Token Endpoint.
  *
  * @author Joe Grandja
  * @since 5.2
  * @see OAuth2AccessTokenResponseClient
  * @see OAuth2PasswordGrantRequest
  * @see OAuth2AccessTokenResponse
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.3.2">Section 4.3.2 Access Token Request (Resource Owner Password Credentials Grant)</a>
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.3.3">Section 4.3.3 Access Token Response (Resource Owner Password Credentials Grant)</a>
+ * @see <a target="_blank" href=
+ * "https://tools.ietf.org/html/rfc6749#section-4.3.2">Section 4.3.2 Access Token Request
+ * (Resource Owner Password Credentials Grant)</a>
+ * @see <a target="_blank" href=
+ * "https://tools.ietf.org/html/rfc6749#section-4.3.3">Section 4.3.3 Access Token Response
+ * (Resource Owner Password Credentials Grant)</a>
  */
-public final class DefaultPasswordTokenResponseClient implements OAuth2AccessTokenResponseClient<OAuth2PasswordGrantRequest> {
+public final class DefaultPasswordTokenResponseClient
+		implements OAuth2AccessTokenResponseClient<OAuth2PasswordGrantRequest> {
+
 	private static final String INVALID_TOKEN_RESPONSE_ERROR_CODE = "invalid_token_response";
 
-	private Converter<OAuth2PasswordGrantRequest, RequestEntity<?>> requestEntityConverter =
-			new OAuth2PasswordGrantRequestEntityConverter();
+	private Converter<OAuth2PasswordGrantRequest, RequestEntity<?>> requestEntityConverter = new OAuth2PasswordGrantRequestEntityConverter();
 
 	private RestOperations restOperations;
 
 	public DefaultPasswordTokenResponseClient() {
-		RestTemplate restTemplate = new RestTemplate(Arrays.asList(
-				new FormHttpMessageConverter(), new OAuth2AccessTokenResponseHttpMessageConverter()));
+		RestTemplate restTemplate = new RestTemplate(
+				Arrays.asList(new FormHttpMessageConverter(), new OAuth2AccessTokenResponseHttpMessageConverter()));
 		restTemplate.setErrorHandler(new OAuth2ErrorResponseErrorHandler());
 		this.restOperations = restTemplate;
 	}
@@ -73,9 +78,12 @@ public final class DefaultPasswordTokenResponseClient implements OAuth2AccessTok
 		ResponseEntity<OAuth2AccessTokenResponse> response;
 		try {
 			response = this.restOperations.exchange(request, OAuth2AccessTokenResponse.class);
-		} catch (RestClientException ex) {
+		}
+		catch (RestClientException ex) {
 			OAuth2Error oauth2Error = new OAuth2Error(INVALID_TOKEN_RESPONSE_ERROR_CODE,
-					"An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response: " + ex.getMessage(), null);
+					"An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response: "
+							+ ex.getMessage(),
+					null);
 			throw new OAuth2AuthorizationException(oauth2Error, ex);
 		}
 
@@ -87,38 +95,43 @@ public final class DefaultPasswordTokenResponseClient implements OAuth2AccessTok
 			// If AccessTokenResponse.scope is empty, then default to the scope
 			// originally requested by the client in the Token Request
 			tokenResponse = OAuth2AccessTokenResponse.withResponse(tokenResponse)
-					.scopes(passwordGrantRequest.getClientRegistration().getScopes())
-					.build();
+					.scopes(passwordGrantRequest.getClientRegistration().getScopes()).build();
 		}
 
 		return tokenResponse;
 	}
 
 	/**
-	 * Sets the {@link Converter} used for converting the {@link OAuth2PasswordGrantRequest}
-	 * to a {@link RequestEntity} representation of the OAuth 2.0 Access Token Request.
-	 *
-	 * @param requestEntityConverter the {@link Converter} used for converting to a {@link RequestEntity} representation of the Access Token Request
+	 * Sets the {@link Converter} used for converting the
+	 * {@link OAuth2PasswordGrantRequest} to a {@link RequestEntity} representation of the
+	 * OAuth 2.0 Access Token Request.
+	 * @param requestEntityConverter the {@link Converter} used for converting to a
+	 * {@link RequestEntity} representation of the Access Token Request
 	 */
-	public void setRequestEntityConverter(Converter<OAuth2PasswordGrantRequest, RequestEntity<?>> requestEntityConverter) {
+	public void setRequestEntityConverter(
+			Converter<OAuth2PasswordGrantRequest, RequestEntity<?>> requestEntityConverter) {
 		Assert.notNull(requestEntityConverter, "requestEntityConverter cannot be null");
 		this.requestEntityConverter = requestEntityConverter;
 	}
 
 	/**
-	 * Sets the {@link RestOperations} used when requesting the OAuth 2.0 Access Token Response.
+	 * Sets the {@link RestOperations} used when requesting the OAuth 2.0 Access Token
+	 * Response.
 	 *
 	 * <p>
-	 * <b>NOTE:</b> At a minimum, the supplied {@code restOperations} must be configured with the following:
+	 * <b>NOTE:</b> At a minimum, the supplied {@code restOperations} must be configured
+	 * with the following:
 	 * <ol>
-	 *  <li>{@link HttpMessageConverter}'s - {@link FormHttpMessageConverter} and {@link OAuth2AccessTokenResponseHttpMessageConverter}</li>
-	 *  <li>{@link ResponseErrorHandler} - {@link OAuth2ErrorResponseErrorHandler}</li>
+	 * <li>{@link HttpMessageConverter}'s - {@link FormHttpMessageConverter} and
+	 * {@link OAuth2AccessTokenResponseHttpMessageConverter}</li>
+	 * <li>{@link ResponseErrorHandler} - {@link OAuth2ErrorResponseErrorHandler}</li>
 	 * </ol>
-	 *
-	 * @param restOperations the {@link RestOperations} used when requesting the Access Token Response
+	 * @param restOperations the {@link RestOperations} used when requesting the Access
+	 * Token Response
 	 */
 	public void setRestOperations(RestOperations restOperations) {
 		Assert.notNull(restOperations, "restOperations cannot be null");
 		this.restOperations = restOperations;
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/DefaultRefreshTokenTokenResponseClient.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/DefaultRefreshTokenTokenResponseClient.java
index 0efd37d8eb..4cd267db54 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/DefaultRefreshTokenTokenResponseClient.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/DefaultRefreshTokenTokenResponseClient.java
@@ -36,29 +36,31 @@ import org.springframework.web.client.RestTemplate;
 import java.util.Arrays;
 
 /**
- * The default implementation of an {@link OAuth2AccessTokenResponseClient}
- * for the {@link AuthorizationGrantType#REFRESH_TOKEN refresh_token} grant.
- * This implementation uses a {@link RestOperations} when requesting
- * an access token credential at the Authorization Server's Token Endpoint.
+ * The default implementation of an {@link OAuth2AccessTokenResponseClient} for the
+ * {@link AuthorizationGrantType#REFRESH_TOKEN refresh_token} grant. This implementation
+ * uses a {@link RestOperations} when requesting an access token credential at the
+ * Authorization Server's Token Endpoint.
  *
  * @author Joe Grandja
  * @since 5.2
  * @see OAuth2AccessTokenResponseClient
  * @see OAuth2RefreshTokenGrantRequest
  * @see OAuth2AccessTokenResponse
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-6">Section 6 Refreshing an Access Token</a>
+ * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-6">Section 6
+ * Refreshing an Access Token</a>
  */
-public final class DefaultRefreshTokenTokenResponseClient implements OAuth2AccessTokenResponseClient<OAuth2RefreshTokenGrantRequest> {
+public final class DefaultRefreshTokenTokenResponseClient
+		implements OAuth2AccessTokenResponseClient<OAuth2RefreshTokenGrantRequest> {
+
 	private static final String INVALID_TOKEN_RESPONSE_ERROR_CODE = "invalid_token_response";
 
-	private Converter<OAuth2RefreshTokenGrantRequest, RequestEntity<?>> requestEntityConverter =
-			new OAuth2RefreshTokenGrantRequestEntityConverter();
+	private Converter<OAuth2RefreshTokenGrantRequest, RequestEntity<?>> requestEntityConverter = new OAuth2RefreshTokenGrantRequestEntityConverter();
 
 	private RestOperations restOperations;
 
 	public DefaultRefreshTokenTokenResponseClient() {
-		RestTemplate restTemplate = new RestTemplate(Arrays.asList(
-				new FormHttpMessageConverter(), new OAuth2AccessTokenResponseHttpMessageConverter()));
+		RestTemplate restTemplate = new RestTemplate(
+				Arrays.asList(new FormHttpMessageConverter(), new OAuth2AccessTokenResponseHttpMessageConverter()));
 		restTemplate.setErrorHandler(new OAuth2ErrorResponseErrorHandler());
 		this.restOperations = restTemplate;
 	}
@@ -72,17 +74,21 @@ public final class DefaultRefreshTokenTokenResponseClient implements OAuth2Acces
 		ResponseEntity<OAuth2AccessTokenResponse> response;
 		try {
 			response = this.restOperations.exchange(request, OAuth2AccessTokenResponse.class);
-		} catch (RestClientException ex) {
+		}
+		catch (RestClientException ex) {
 			OAuth2Error oauth2Error = new OAuth2Error(INVALID_TOKEN_RESPONSE_ERROR_CODE,
-					"An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response: " + ex.getMessage(), null);
+					"An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response: "
+							+ ex.getMessage(),
+					null);
 			throw new OAuth2AuthorizationException(oauth2Error, ex);
 		}
 
 		OAuth2AccessTokenResponse tokenResponse = response.getBody();
 
-		if (CollectionUtils.isEmpty(tokenResponse.getAccessToken().getScopes()) ||
-				tokenResponse.getRefreshToken() == null) {
-			OAuth2AccessTokenResponse.Builder tokenResponseBuilder = OAuth2AccessTokenResponse.withResponse(tokenResponse);
+		if (CollectionUtils.isEmpty(tokenResponse.getAccessToken().getScopes())
+				|| tokenResponse.getRefreshToken() == null) {
+			OAuth2AccessTokenResponse.Builder tokenResponseBuilder = OAuth2AccessTokenResponse
+					.withResponse(tokenResponse);
 
 			if (CollectionUtils.isEmpty(tokenResponse.getAccessToken().getScopes())) {
 				// As per spec, in Section 5.1 Successful Access Token Response
@@ -104,30 +110,36 @@ public final class DefaultRefreshTokenTokenResponseClient implements OAuth2Acces
 	}
 
 	/**
-	 * Sets the {@link Converter} used for converting the {@link OAuth2RefreshTokenGrantRequest}
-	 * to a {@link RequestEntity} representation of the OAuth 2.0 Access Token Request.
-	 *
-	 * @param requestEntityConverter the {@link Converter} used for converting to a {@link RequestEntity} representation of the Access Token Request
+	 * Sets the {@link Converter} used for converting the
+	 * {@link OAuth2RefreshTokenGrantRequest} to a {@link RequestEntity} representation of
+	 * the OAuth 2.0 Access Token Request.
+	 * @param requestEntityConverter the {@link Converter} used for converting to a
+	 * {@link RequestEntity} representation of the Access Token Request
 	 */
-	public void setRequestEntityConverter(Converter<OAuth2RefreshTokenGrantRequest, RequestEntity<?>> requestEntityConverter) {
+	public void setRequestEntityConverter(
+			Converter<OAuth2RefreshTokenGrantRequest, RequestEntity<?>> requestEntityConverter) {
 		Assert.notNull(requestEntityConverter, "requestEntityConverter cannot be null");
 		this.requestEntityConverter = requestEntityConverter;
 	}
 
 	/**
-	 * Sets the {@link RestOperations} used when requesting the OAuth 2.0 Access Token Response.
+	 * Sets the {@link RestOperations} used when requesting the OAuth 2.0 Access Token
+	 * Response.
 	 *
 	 * <p>
-	 * <b>NOTE:</b> At a minimum, the supplied {@code restOperations} must be configured with the following:
+	 * <b>NOTE:</b> At a minimum, the supplied {@code restOperations} must be configured
+	 * with the following:
 	 * <ol>
-	 *  <li>{@link HttpMessageConverter}'s - {@link FormHttpMessageConverter} and {@link OAuth2AccessTokenResponseHttpMessageConverter}</li>
-	 *  <li>{@link ResponseErrorHandler} - {@link OAuth2ErrorResponseErrorHandler}</li>
+	 * <li>{@link HttpMessageConverter}'s - {@link FormHttpMessageConverter} and
+	 * {@link OAuth2AccessTokenResponseHttpMessageConverter}</li>
+	 * <li>{@link ResponseErrorHandler} - {@link OAuth2ErrorResponseErrorHandler}</li>
 	 * </ol>
-	 *
-	 * @param restOperations the {@link RestOperations} used when requesting the Access Token Response
+	 * @param restOperations the {@link RestOperations} used when requesting the Access
+	 * Token Response
 	 */
 	public void setRestOperations(RestOperations restOperations) {
 		Assert.notNull(restOperations, "restOperations cannot be null");
 		this.restOperations = restOperations;
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/NimbusAuthorizationCodeTokenResponseClient.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/NimbusAuthorizationCodeTokenResponseClient.java
index cac276aa67..ea3e1ffbd8 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/NimbusAuthorizationCodeTokenResponseClient.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/NimbusAuthorizationCodeTokenResponseClient.java
@@ -15,7 +15,6 @@
  */
 package org.springframework.security.oauth2.client.endpoint;
 
-
 import com.nimbusds.oauth2.sdk.AccessTokenResponse;
 import com.nimbusds.oauth2.sdk.AuthorizationCode;
 import com.nimbusds.oauth2.sdk.AuthorizationCodeGrant;
@@ -48,8 +47,8 @@ import java.util.Map;
 import java.util.Set;
 
 /**
- * An implementation of an {@link OAuth2AccessTokenResponseClient} that &quot;exchanges&quot;
- * an authorization code credential for an access token credential
+ * An implementation of an {@link OAuth2AccessTokenResponseClient} that
+ * &quot;exchanges&quot; an authorization code credential for an access token credential
  * at the Authorization Server's Token Endpoint.
  *
  * <p>
@@ -61,12 +60,20 @@ import java.util.Set;
  * @see OAuth2AccessTokenResponseClient
  * @see OAuth2AuthorizationCodeGrantRequest
  * @see OAuth2AccessTokenResponse
- * @see <a target="_blank" href="https://connect2id.com/products/nimbus-oauth-openid-connect-sdk">Nimbus OAuth 2.0 SDK</a>
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1.3">Section 4.1.3 Access Token Request (Authorization Code Grant)</a>
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1.4">Section 4.1.4 Access Token Response (Authorization Code Grant)</a>
+ * @see <a target="_blank" href=
+ * "https://connect2id.com/products/nimbus-oauth-openid-connect-sdk">Nimbus OAuth 2.0
+ * SDK</a>
+ * @see <a target="_blank" href=
+ * "https://tools.ietf.org/html/rfc6749#section-4.1.3">Section 4.1.3 Access Token Request
+ * (Authorization Code Grant)</a>
+ * @see <a target="_blank" href=
+ * "https://tools.ietf.org/html/rfc6749#section-4.1.4">Section 4.1.4 Access Token Response
+ * (Authorization Code Grant)</a>
  */
 @Deprecated
-public class NimbusAuthorizationCodeTokenResponseClient implements OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> {
+public class NimbusAuthorizationCodeTokenResponseClient
+		implements OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> {
+
 	private static final String INVALID_TOKEN_RESPONSE_ERROR_CODE = "invalid_token_response";
 
 	@Override
@@ -75,8 +82,9 @@ public class NimbusAuthorizationCodeTokenResponseClient implements OAuth2AccessT
 
 		// Build the authorization code grant request for the token endpoint
 		AuthorizationCode authorizationCode = new AuthorizationCode(
-			authorizationGrantRequest.getAuthorizationExchange().getAuthorizationResponse().getCode());
-		URI redirectUri = toURI(authorizationGrantRequest.getAuthorizationExchange().getAuthorizationRequest().getRedirectUri());
+				authorizationGrantRequest.getAuthorizationExchange().getAuthorizationResponse().getCode());
+		URI redirectUri = toURI(
+				authorizationGrantRequest.getAuthorizationExchange().getAuthorizationRequest().getRedirectUri());
 		AuthorizationGrant authorizationCodeGrant = new AuthorizationCodeGrant(authorizationCode, redirectUri);
 		URI tokenUri = toURI(clientRegistration.getProviderDetails().getTokenUri());
 
@@ -86,7 +94,8 @@ public class NimbusAuthorizationCodeTokenResponseClient implements OAuth2AccessT
 		ClientAuthentication clientAuthentication;
 		if (ClientAuthenticationMethod.POST.equals(clientRegistration.getClientAuthenticationMethod())) {
 			clientAuthentication = new ClientSecretPost(clientId, clientSecret);
-		} else {
+		}
+		else {
 			clientAuthentication = new ClientSecretBasic(clientId, clientSecret);
 		}
 
@@ -99,9 +108,12 @@ public class NimbusAuthorizationCodeTokenResponseClient implements OAuth2AccessT
 			httpRequest.setConnectTimeout(30000);
 			httpRequest.setReadTimeout(30000);
 			tokenResponse = com.nimbusds.oauth2.sdk.TokenResponse.parse(httpRequest.send());
-		} catch (ParseException | IOException ex) {
+		}
+		catch (ParseException | IOException ex) {
 			OAuth2Error oauth2Error = new OAuth2Error(INVALID_TOKEN_RESPONSE_ERROR_CODE,
-					"An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response: " + ex.getMessage(), null);
+					"An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response: "
+							+ ex.getMessage(),
+					null);
 			throw new OAuth2AuthorizationException(oauth2Error, ex);
 		}
 
@@ -111,7 +123,8 @@ public class NimbusAuthorizationCodeTokenResponseClient implements OAuth2AccessT
 			OAuth2Error oauth2Error;
 			if (errorObject == null) {
 				oauth2Error = new OAuth2Error(OAuth2ErrorCodes.SERVER_ERROR);
-			} else {
+			}
+			else {
 				oauth2Error = new OAuth2Error(
 						errorObject.getCode() != null ? errorObject.getCode() : OAuth2ErrorCodes.SERVER_ERROR,
 						errorObject.getDescription(),
@@ -124,7 +137,8 @@ public class NimbusAuthorizationCodeTokenResponseClient implements OAuth2AccessT
 
 		String accessToken = accessTokenResponse.getTokens().getAccessToken().getValue();
 		OAuth2AccessToken.TokenType accessTokenType = null;
-		if (OAuth2AccessToken.TokenType.BEARER.getValue().equalsIgnoreCase(accessTokenResponse.getTokens().getAccessToken().getType().getValue())) {
+		if (OAuth2AccessToken.TokenType.BEARER.getValue()
+				.equalsIgnoreCase(accessTokenResponse.getTokens().getAccessToken().getType().getValue())) {
 			accessTokenType = OAuth2AccessToken.TokenType.BEARER;
 		}
 		long expiresIn = accessTokenResponse.getTokens().getAccessToken().getLifetime();
@@ -136,10 +150,10 @@ public class NimbusAuthorizationCodeTokenResponseClient implements OAuth2AccessT
 		Set<String> scopes;
 		if (CollectionUtils.isEmpty(accessTokenResponse.getTokens().getAccessToken().getScope())) {
 			scopes = new LinkedHashSet<>(
-				authorizationGrantRequest.getAuthorizationExchange().getAuthorizationRequest().getScopes());
-		} else {
-			scopes = new LinkedHashSet<>(
-				accessTokenResponse.getTokens().getAccessToken().getScope().toStringList());
+					authorizationGrantRequest.getAuthorizationExchange().getAuthorizationRequest().getScopes());
+		}
+		else {
+			scopes = new LinkedHashSet<>(accessTokenResponse.getTokens().getAccessToken().getScope().toStringList());
 		}
 
 		String refreshToken = null;
@@ -149,20 +163,17 @@ public class NimbusAuthorizationCodeTokenResponseClient implements OAuth2AccessT
 
 		Map<String, Object> additionalParameters = new LinkedHashMap<>(accessTokenResponse.getCustomParameters());
 
-		return OAuth2AccessTokenResponse.withToken(accessToken)
-			.tokenType(accessTokenType)
-			.expiresIn(expiresIn)
-			.scopes(scopes)
-			.refreshToken(refreshToken)
-			.additionalParameters(additionalParameters)
-			.build();
+		return OAuth2AccessTokenResponse.withToken(accessToken).tokenType(accessTokenType).expiresIn(expiresIn)
+				.scopes(scopes).refreshToken(refreshToken).additionalParameters(additionalParameters).build();
 	}
 
 	private static URI toURI(String uriStr) {
 		try {
 			return new URI(uriStr);
-		} catch (Exception ex) {
+		}
+		catch (Exception ex) {
 			throw new IllegalArgumentException("An error occurred parsing URI: " + uriStr, ex);
 		}
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2AccessTokenResponseClient.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2AccessTokenResponseClient.java
index cf86174324..7afbde5e98 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2AccessTokenResponseClient.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2AccessTokenResponseClient.java
@@ -15,35 +15,42 @@
  */
 package org.springframework.security.oauth2.client.endpoint;
 
-
 import org.springframework.security.oauth2.core.AuthorizationGrantType;
 import org.springframework.security.oauth2.core.OAuth2AuthorizationException;
 import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
 
 /**
- * A strategy for &quot;exchanging&quot; an authorization grant credential
- * (e.g. an Authorization Code) for an access token credential
- * at the Authorization Server's Token Endpoint.
+ * A strategy for &quot;exchanging&quot; an authorization grant credential (e.g. an
+ * Authorization Code) for an access token credential at the Authorization Server's Token
+ * Endpoint.
  *
  * @author Joe Grandja
  * @since 5.0
  * @see AbstractOAuth2AuthorizationGrantRequest
  * @see OAuth2AccessTokenResponse
  * @see AuthorizationGrantType
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-1.3">Section 1.3 Authorization Grant</a>
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1.3">Section 4.1.3 Access Token Request (Authorization Code Grant)</a>
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1.4">Section 4.1.4 Access Token Response (Authorization Code Grant)</a>
+ * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-1.3">Section
+ * 1.3 Authorization Grant</a>
+ * @see <a target="_blank" href=
+ * "https://tools.ietf.org/html/rfc6749#section-4.1.3">Section 4.1.3 Access Token Request
+ * (Authorization Code Grant)</a>
+ * @see <a target="_blank" href=
+ * "https://tools.ietf.org/html/rfc6749#section-4.1.4">Section 4.1.4 Access Token Response
+ * (Authorization Code Grant)</a>
  */
 @FunctionalInterface
-public interface OAuth2AccessTokenResponseClient<T extends AbstractOAuth2AuthorizationGrantRequest>  {
+public interface OAuth2AccessTokenResponseClient<T extends AbstractOAuth2AuthorizationGrantRequest> {
 
 	/**
-	 * Exchanges the authorization grant credential, provided in the authorization grant request,
-	 * for an access token credential at the Authorization Server's Token Endpoint.
-	 *
-	 * @param authorizationGrantRequest the authorization grant request that contains the authorization grant credential
-	 * @return an {@link OAuth2AccessTokenResponse} that contains the {@link OAuth2AccessTokenResponse#getAccessToken() access token} credential
-	 * @throws OAuth2AuthorizationException if an error occurs while attempting to exchange for the access token credential
+	 * Exchanges the authorization grant credential, provided in the authorization grant
+	 * request, for an access token credential at the Authorization Server's Token
+	 * Endpoint.
+	 * @param authorizationGrantRequest the authorization grant request that contains the
+	 * authorization grant credential
+	 * @return an {@link OAuth2AccessTokenResponse} that contains the
+	 * {@link OAuth2AccessTokenResponse#getAccessToken() access token} credential
+	 * @throws OAuth2AuthorizationException if an error occurs while attempting to
+	 * exchange for the access token credential
 	 */
 	OAuth2AccessTokenResponse getTokenResponse(T authorizationGrantRequest);
 
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequest.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequest.java
index 3b4c36c670..7fff7206d1 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequest.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequest.java
@@ -21,28 +21,33 @@ import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExch
 import org.springframework.util.Assert;
 
 /**
- * An OAuth 2.0 Authorization Code Grant request that holds an Authorization Code credential,
- * which was granted by the Resource Owner to the {@link #getClientRegistration() Client}.
+ * An OAuth 2.0 Authorization Code Grant request that holds an Authorization Code
+ * credential, which was granted by the Resource Owner to the
+ * {@link #getClientRegistration() Client}.
  *
  * @author Joe Grandja
  * @since 5.0
  * @see AbstractOAuth2AuthorizationGrantRequest
  * @see ClientRegistration
  * @see OAuth2AuthorizationExchange
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-1.3.1">Section 1.3.1 Authorization Code Grant</a>
+ * @see <a target="_blank" href=
+ * "https://tools.ietf.org/html/rfc6749#section-1.3.1">Section 1.3.1 Authorization Code
+ * Grant</a>
  */
 public class OAuth2AuthorizationCodeGrantRequest extends AbstractOAuth2AuthorizationGrantRequest {
+
 	private final ClientRegistration clientRegistration;
+
 	private final OAuth2AuthorizationExchange authorizationExchange;
 
 	/**
-	 * Constructs an {@code OAuth2AuthorizationCodeGrantRequest} using the provided parameters.
-	 *
+	 * Constructs an {@code OAuth2AuthorizationCodeGrantRequest} using the provided
+	 * parameters.
 	 * @param clientRegistration the client registration
 	 * @param authorizationExchange the authorization exchange
 	 */
 	public OAuth2AuthorizationCodeGrantRequest(ClientRegistration clientRegistration,
-												OAuth2AuthorizationExchange authorizationExchange) {
+			OAuth2AuthorizationExchange authorizationExchange) {
 		super(AuthorizationGrantType.AUTHORIZATION_CODE);
 		Assert.notNull(clientRegistration, "clientRegistration cannot be null");
 		Assert.notNull(authorizationExchange, "authorizationExchange cannot be null");
@@ -52,7 +57,6 @@ public class OAuth2AuthorizationCodeGrantRequest extends AbstractOAuth2Authoriza
 
 	/**
 	 * Returns the {@link ClientRegistration client registration}.
-	 *
 	 * @return the {@link ClientRegistration}
 	 */
 	public ClientRegistration getClientRegistration() {
@@ -61,10 +65,10 @@ public class OAuth2AuthorizationCodeGrantRequest extends AbstractOAuth2Authoriza
 
 	/**
 	 * Returns the {@link OAuth2AuthorizationExchange authorization exchange}.
-	 *
 	 * @return the {@link OAuth2AuthorizationExchange}
 	 */
 	public OAuth2AuthorizationExchange getAuthorizationExchange() {
 		return this.authorizationExchange;
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestEntityConverter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestEntityConverter.java
index a8a088a77a..146e3f4ab8 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestEntityConverter.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestEntityConverter.java
@@ -31,9 +31,9 @@ import org.springframework.web.util.UriComponentsBuilder;
 import java.net.URI;
 
 /**
- * A {@link Converter} that converts the provided {@link OAuth2AuthorizationCodeGrantRequest}
- * to a {@link RequestEntity} representation of an OAuth 2.0 Access Token Request
- * for the Authorization Code Grant.
+ * A {@link Converter} that converts the provided
+ * {@link OAuth2AuthorizationCodeGrantRequest} to a {@link RequestEntity} representation
+ * of an OAuth 2.0 Access Token Request for the Authorization Code Grant.
  *
  * @author Joe Grandja
  * @since 5.1
@@ -41,11 +41,11 @@ import java.net.URI;
  * @see OAuth2AuthorizationCodeGrantRequest
  * @see RequestEntity
  */
-public class OAuth2AuthorizationCodeGrantRequestEntityConverter implements Converter<OAuth2AuthorizationCodeGrantRequest, RequestEntity<?>> {
+public class OAuth2AuthorizationCodeGrantRequestEntityConverter
+		implements Converter<OAuth2AuthorizationCodeGrantRequest, RequestEntity<?>> {
 
 	/**
 	 * Returns the {@link RequestEntity} used for the Access Token Request.
-	 *
 	 * @param authorizationCodeGrantRequest the authorization code grant request
 	 * @return the {@link RequestEntity} used for the Access Token Request
 	 */
@@ -55,20 +55,21 @@ public class OAuth2AuthorizationCodeGrantRequestEntityConverter implements Conve
 
 		HttpHeaders headers = OAuth2AuthorizationGrantRequestEntityUtils.getTokenRequestHeaders(clientRegistration);
 		MultiValueMap<String, String> formParameters = this.buildFormParameters(authorizationCodeGrantRequest);
-		URI uri = UriComponentsBuilder.fromUriString(clientRegistration.getProviderDetails().getTokenUri())
-				.build()
+		URI uri = UriComponentsBuilder.fromUriString(clientRegistration.getProviderDetails().getTokenUri()).build()
 				.toUri();
 
 		return new RequestEntity<>(formParameters, headers, HttpMethod.POST, uri);
 	}
 
 	/**
-	 * Returns a {@link MultiValueMap} of the form parameters used for the Access Token Request body.
-	 *
+	 * Returns a {@link MultiValueMap} of the form parameters used for the Access Token
+	 * Request body.
 	 * @param authorizationCodeGrantRequest the authorization code grant request
-	 * @return a {@link MultiValueMap} of the form parameters used for the Access Token Request body
+	 * @return a {@link MultiValueMap} of the form parameters used for the Access Token
+	 * Request body
 	 */
-	private MultiValueMap<String, String> buildFormParameters(OAuth2AuthorizationCodeGrantRequest authorizationCodeGrantRequest) {
+	private MultiValueMap<String, String> buildFormParameters(
+			OAuth2AuthorizationCodeGrantRequest authorizationCodeGrantRequest) {
 		ClientRegistration clientRegistration = authorizationCodeGrantRequest.getClientRegistration();
 		OAuth2AuthorizationExchange authorizationExchange = authorizationCodeGrantRequest.getAuthorizationExchange();
 
@@ -76,7 +77,8 @@ public class OAuth2AuthorizationCodeGrantRequestEntityConverter implements Conve
 		formParameters.add(OAuth2ParameterNames.GRANT_TYPE, authorizationCodeGrantRequest.getGrantType().getValue());
 		formParameters.add(OAuth2ParameterNames.CODE, authorizationExchange.getAuthorizationResponse().getCode());
 		String redirectUri = authorizationExchange.getAuthorizationRequest().getRedirectUri();
-		String codeVerifier = authorizationExchange.getAuthorizationRequest().getAttribute(PkceParameterNames.CODE_VERIFIER);
+		String codeVerifier = authorizationExchange.getAuthorizationRequest()
+				.getAttribute(PkceParameterNames.CODE_VERIFIER);
 		if (redirectUri != null) {
 			formParameters.add(OAuth2ParameterNames.REDIRECT_URI, redirectUri);
 		}
@@ -92,4 +94,5 @@ public class OAuth2AuthorizationCodeGrantRequestEntityConverter implements Conve
 
 		return formParameters;
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationGrantRequestEntityUtils.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationGrantRequestEntityUtils.java
index a1ed924307..2fe790d956 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationGrantRequestEntityUtils.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationGrantRequestEntityUtils.java
@@ -27,10 +27,10 @@ import java.util.Collections;
 import static org.springframework.http.MediaType.APPLICATION_FORM_URLENCODED_VALUE;
 
 /**
- * Utility methods used by the {@link Converter}'s that convert
- * from an implementation of an {@link AbstractOAuth2AuthorizationGrantRequest}
- * to a {@link RequestEntity} representation of an OAuth 2.0 Access Token Request
- * for the specific Authorization Grant.
+ * Utility methods used by the {@link Converter}'s that convert from an implementation of
+ * an {@link AbstractOAuth2AuthorizationGrantRequest} to a {@link RequestEntity}
+ * representation of an OAuth 2.0 Access Token Request for the specific Authorization
+ * Grant.
  *
  * @author Joe Grandja
  * @since 5.1
@@ -38,6 +38,7 @@ import static org.springframework.http.MediaType.APPLICATION_FORM_URLENCODED_VAL
  * @see OAuth2ClientCredentialsGrantRequestEntityConverter
  */
 final class OAuth2AuthorizationGrantRequestEntityUtils {
+
 	private static HttpHeaders DEFAULT_TOKEN_REQUEST_HEADERS = getDefaultTokenRequestHeaders();
 
 	static HttpHeaders getTokenRequestHeaders(ClientRegistration clientRegistration) {
@@ -56,4 +57,5 @@ final class OAuth2AuthorizationGrantRequestEntityUtils {
 		headers.setContentType(contentType);
 		return headers;
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequest.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequest.java
index 8764d2068b..4b4c6574fc 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequest.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequest.java
@@ -20,21 +20,24 @@ import org.springframework.security.oauth2.core.AuthorizationGrantType;
 import org.springframework.util.Assert;
 
 /**
- * An OAuth 2.0 Client Credentials Grant request that holds
- * the client's credentials in {@link #getClientRegistration()}.
+ * An OAuth 2.0 Client Credentials Grant request that holds the client's credentials in
+ * {@link #getClientRegistration()}.
  *
  * @author Joe Grandja
  * @since 5.1
  * @see AbstractOAuth2AuthorizationGrantRequest
  * @see ClientRegistration
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-1.3.4">Section 1.3.4 Client Credentials Grant</a>
+ * @see <a target="_blank" href=
+ * "https://tools.ietf.org/html/rfc6749#section-1.3.4">Section 1.3.4 Client Credentials
+ * Grant</a>
  */
 public class OAuth2ClientCredentialsGrantRequest extends AbstractOAuth2AuthorizationGrantRequest {
+
 	private final ClientRegistration clientRegistration;
 
 	/**
-	 * Constructs an {@code OAuth2ClientCredentialsGrantRequest} using the provided parameters.
-	 *
+	 * Constructs an {@code OAuth2ClientCredentialsGrantRequest} using the provided
+	 * parameters.
 	 * @param clientRegistration the client registration
 	 */
 	public OAuth2ClientCredentialsGrantRequest(ClientRegistration clientRegistration) {
@@ -47,10 +50,10 @@ public class OAuth2ClientCredentialsGrantRequest extends AbstractOAuth2Authoriza
 
 	/**
 	 * Returns the {@link ClientRegistration client registration}.
-	 *
 	 * @return the {@link ClientRegistration}
 	 */
 	public ClientRegistration getClientRegistration() {
 		return this.clientRegistration;
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestEntityConverter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestEntityConverter.java
index 75c0398cc7..bfbd63f12b 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestEntityConverter.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestEntityConverter.java
@@ -31,9 +31,9 @@ import org.springframework.web.util.UriComponentsBuilder;
 import java.net.URI;
 
 /**
- * A {@link Converter} that converts the provided {@link OAuth2ClientCredentialsGrantRequest}
- * to a {@link RequestEntity} representation of an OAuth 2.0 Access Token Request
- * for the Client Credentials Grant.
+ * A {@link Converter} that converts the provided
+ * {@link OAuth2ClientCredentialsGrantRequest} to a {@link RequestEntity} representation
+ * of an OAuth 2.0 Access Token Request for the Client Credentials Grant.
  *
  * @author Joe Grandja
  * @since 5.1
@@ -41,11 +41,11 @@ import java.net.URI;
  * @see OAuth2ClientCredentialsGrantRequest
  * @see RequestEntity
  */
-public class OAuth2ClientCredentialsGrantRequestEntityConverter implements Converter<OAuth2ClientCredentialsGrantRequest, RequestEntity<?>> {
+public class OAuth2ClientCredentialsGrantRequestEntityConverter
+		implements Converter<OAuth2ClientCredentialsGrantRequest, RequestEntity<?>> {
 
 	/**
 	 * Returns the {@link RequestEntity} used for the Access Token Request.
-	 *
 	 * @param clientCredentialsGrantRequest the client credentials grant request
 	 * @return the {@link RequestEntity} used for the Access Token Request
 	 */
@@ -55,20 +55,21 @@ public class OAuth2ClientCredentialsGrantRequestEntityConverter implements Conve
 
 		HttpHeaders headers = OAuth2AuthorizationGrantRequestEntityUtils.getTokenRequestHeaders(clientRegistration);
 		MultiValueMap<String, String> formParameters = this.buildFormParameters(clientCredentialsGrantRequest);
-		URI uri = UriComponentsBuilder.fromUriString(clientRegistration.getProviderDetails().getTokenUri())
-				.build()
+		URI uri = UriComponentsBuilder.fromUriString(clientRegistration.getProviderDetails().getTokenUri()).build()
 				.toUri();
 
 		return new RequestEntity<>(formParameters, headers, HttpMethod.POST, uri);
 	}
 
 	/**
-	 * Returns a {@link MultiValueMap} of the form parameters used for the Access Token Request body.
-	 *
+	 * Returns a {@link MultiValueMap} of the form parameters used for the Access Token
+	 * Request body.
 	 * @param clientCredentialsGrantRequest the client credentials grant request
-	 * @return a {@link MultiValueMap} of the form parameters used for the Access Token Request body
+	 * @return a {@link MultiValueMap} of the form parameters used for the Access Token
+	 * Request body
 	 */
-	private MultiValueMap<String, String> buildFormParameters(OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest) {
+	private MultiValueMap<String, String> buildFormParameters(
+			OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest) {
 		ClientRegistration clientRegistration = clientCredentialsGrantRequest.getClientRegistration();
 
 		MultiValueMap<String, String> formParameters = new LinkedMultiValueMap<>();
@@ -84,4 +85,5 @@ public class OAuth2ClientCredentialsGrantRequestEntityConverter implements Conve
 
 		return formParameters;
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2PasswordGrantRequest.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2PasswordGrantRequest.java
index 0898fc32a0..69901df2e7 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2PasswordGrantRequest.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2PasswordGrantRequest.java
@@ -20,22 +20,26 @@ import org.springframework.security.oauth2.core.AuthorizationGrantType;
 import org.springframework.util.Assert;
 
 /**
- * An OAuth 2.0 Resource Owner Password Credentials Grant request
- * that holds the resource owner's credentials.
+ * An OAuth 2.0 Resource Owner Password Credentials Grant request that holds the resource
+ * owner's credentials.
  *
  * @author Joe Grandja
  * @since 5.2
  * @see AbstractOAuth2AuthorizationGrantRequest
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-1.3.3">Section 1.3.3 Resource Owner Password Credentials</a>
+ * @see <a target="_blank" href=
+ * "https://tools.ietf.org/html/rfc6749#section-1.3.3">Section 1.3.3 Resource Owner
+ * Password Credentials</a>
  */
 public class OAuth2PasswordGrantRequest extends AbstractOAuth2AuthorizationGrantRequest {
+
 	private final ClientRegistration clientRegistration;
+
 	private final String username;
+
 	private final String password;
 
 	/**
 	 * Constructs an {@code OAuth2PasswordGrantRequest} using the provided parameters.
-	 *
 	 * @param clientRegistration the client registration
 	 * @param username the resource owner's username
 	 * @param password the resource owner's password
@@ -54,7 +58,6 @@ public class OAuth2PasswordGrantRequest extends AbstractOAuth2AuthorizationGrant
 
 	/**
 	 * Returns the {@link ClientRegistration client registration}.
-	 *
 	 * @return the {@link ClientRegistration}
 	 */
 	public ClientRegistration getClientRegistration() {
@@ -63,7 +66,6 @@ public class OAuth2PasswordGrantRequest extends AbstractOAuth2AuthorizationGrant
 
 	/**
 	 * Returns the resource owner's username.
-	 *
 	 * @return the resource owner's username
 	 */
 	public String getUsername() {
@@ -72,10 +74,10 @@ public class OAuth2PasswordGrantRequest extends AbstractOAuth2AuthorizationGrant
 
 	/**
 	 * Returns the resource owner's password.
-	 *
 	 * @return the resource owner's password
 	 */
 	public String getPassword() {
 		return this.password;
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2PasswordGrantRequestEntityConverter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2PasswordGrantRequestEntityConverter.java
index f2ba2b40a0..465b27071c 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2PasswordGrantRequestEntityConverter.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2PasswordGrantRequestEntityConverter.java
@@ -31,9 +31,9 @@ import org.springframework.web.util.UriComponentsBuilder;
 import java.net.URI;
 
 /**
- * A {@link Converter} that converts the provided {@link OAuth2PasswordGrantRequest}
- * to a {@link RequestEntity} representation of an OAuth 2.0 Access Token Request
- * for the Resource Owner Password Credentials Grant.
+ * A {@link Converter} that converts the provided {@link OAuth2PasswordGrantRequest} to a
+ * {@link RequestEntity} representation of an OAuth 2.0 Access Token Request for the
+ * Resource Owner Password Credentials Grant.
  *
  * @author Joe Grandja
  * @since 5.2
@@ -41,11 +41,11 @@ import java.net.URI;
  * @see OAuth2PasswordGrantRequest
  * @see RequestEntity
  */
-public class OAuth2PasswordGrantRequestEntityConverter implements Converter<OAuth2PasswordGrantRequest, RequestEntity<?>> {
+public class OAuth2PasswordGrantRequestEntityConverter
+		implements Converter<OAuth2PasswordGrantRequest, RequestEntity<?>> {
 
 	/**
 	 * Returns the {@link RequestEntity} used for the Access Token Request.
-	 *
 	 * @param passwordGrantRequest the password grant request
 	 * @return the {@link RequestEntity} used for the Access Token Request
 	 */
@@ -55,18 +55,18 @@ public class OAuth2PasswordGrantRequestEntityConverter implements Converter<OAut
 
 		HttpHeaders headers = OAuth2AuthorizationGrantRequestEntityUtils.getTokenRequestHeaders(clientRegistration);
 		MultiValueMap<String, String> formParameters = buildFormParameters(passwordGrantRequest);
-		URI uri = UriComponentsBuilder.fromUriString(clientRegistration.getProviderDetails().getTokenUri())
-				.build()
+		URI uri = UriComponentsBuilder.fromUriString(clientRegistration.getProviderDetails().getTokenUri()).build()
 				.toUri();
 
 		return new RequestEntity<>(formParameters, headers, HttpMethod.POST, uri);
 	}
 
 	/**
-	 * Returns a {@link MultiValueMap} of the form parameters used for the Access Token Request body.
-	 *
+	 * Returns a {@link MultiValueMap} of the form parameters used for the Access Token
+	 * Request body.
 	 * @param passwordGrantRequest the password grant request
-	 * @return a {@link MultiValueMap} of the form parameters used for the Access Token Request body
+	 * @return a {@link MultiValueMap} of the form parameters used for the Access Token
+	 * Request body
 	 */
 	private MultiValueMap<String, String> buildFormParameters(OAuth2PasswordGrantRequest passwordGrantRequest) {
 		ClientRegistration clientRegistration = passwordGrantRequest.getClientRegistration();
@@ -86,4 +86,5 @@ public class OAuth2PasswordGrantRequestEntityConverter implements Converter<OAut
 
 		return formParameters;
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2RefreshTokenGrantRequest.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2RefreshTokenGrantRequest.java
index a93b76fdd4..f94b5fafd2 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2RefreshTokenGrantRequest.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2RefreshTokenGrantRequest.java
@@ -26,43 +26,46 @@ import java.util.LinkedHashSet;
 import java.util.Set;
 
 /**
- * An OAuth 2.0 Refresh Token Grant request that holds the {@link OAuth2RefreshToken refresh token} credential
- * granted to the {@link #getClientRegistration() client}.
+ * An OAuth 2.0 Refresh Token Grant request that holds the {@link OAuth2RefreshToken
+ * refresh token} credential granted to the {@link #getClientRegistration() client}.
  *
  * @author Joe Grandja
  * @since 5.2
  * @see AbstractOAuth2AuthorizationGrantRequest
  * @see OAuth2RefreshToken
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-6">Section 6 Refreshing an Access Token</a>
+ * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-6">Section 6
+ * Refreshing an Access Token</a>
  */
 public class OAuth2RefreshTokenGrantRequest extends AbstractOAuth2AuthorizationGrantRequest {
+
 	private final ClientRegistration clientRegistration;
+
 	private final OAuth2AccessToken accessToken;
+
 	private final OAuth2RefreshToken refreshToken;
+
 	private final Set<String> scopes;
 
 	/**
 	 * Constructs an {@code OAuth2RefreshTokenGrantRequest} using the provided parameters.
-	 *
 	 * @param clientRegistration the authorized client's registration
 	 * @param accessToken the access token credential granted
 	 * @param refreshToken the refresh token credential granted
 	 */
 	public OAuth2RefreshTokenGrantRequest(ClientRegistration clientRegistration, OAuth2AccessToken accessToken,
-											OAuth2RefreshToken refreshToken) {
+			OAuth2RefreshToken refreshToken) {
 		this(clientRegistration, accessToken, refreshToken, Collections.emptySet());
 	}
 
 	/**
 	 * Constructs an {@code OAuth2RefreshTokenGrantRequest} using the provided parameters.
-	 *
 	 * @param clientRegistration the authorized client's registration
 	 * @param accessToken the access token credential granted
 	 * @param refreshToken the refresh token credential granted
 	 * @param scopes the scopes to request
 	 */
 	public OAuth2RefreshTokenGrantRequest(ClientRegistration clientRegistration, OAuth2AccessToken accessToken,
-											OAuth2RefreshToken refreshToken, Set<String> scopes) {
+			OAuth2RefreshToken refreshToken, Set<String> scopes) {
 		super(AuthorizationGrantType.REFRESH_TOKEN);
 		Assert.notNull(clientRegistration, "clientRegistration cannot be null");
 		Assert.notNull(accessToken, "accessToken cannot be null");
@@ -70,13 +73,12 @@ public class OAuth2RefreshTokenGrantRequest extends AbstractOAuth2AuthorizationG
 		this.clientRegistration = clientRegistration;
 		this.accessToken = accessToken;
 		this.refreshToken = refreshToken;
-		this.scopes = Collections.unmodifiableSet(scopes != null ?
-				new LinkedHashSet<>(scopes) : Collections.emptySet());
+		this.scopes = Collections
+				.unmodifiableSet(scopes != null ? new LinkedHashSet<>(scopes) : Collections.emptySet());
 	}
 
 	/**
 	 * Returns the authorized client's {@link ClientRegistration registration}.
-	 *
 	 * @return the {@link ClientRegistration}
 	 */
 	public ClientRegistration getClientRegistration() {
@@ -85,7 +87,6 @@ public class OAuth2RefreshTokenGrantRequest extends AbstractOAuth2AuthorizationG
 
 	/**
 	 * Returns the {@link OAuth2AccessToken access token} credential granted.
-	 *
 	 * @return the {@link OAuth2AccessToken}
 	 */
 	public OAuth2AccessToken getAccessToken() {
@@ -94,7 +95,6 @@ public class OAuth2RefreshTokenGrantRequest extends AbstractOAuth2AuthorizationG
 
 	/**
 	 * Returns the {@link OAuth2RefreshToken refresh token} credential granted.
-	 *
 	 * @return the {@link OAuth2RefreshToken}
 	 */
 	public OAuth2RefreshToken getRefreshToken() {
@@ -103,10 +103,10 @@ public class OAuth2RefreshTokenGrantRequest extends AbstractOAuth2AuthorizationG
 
 	/**
 	 * Returns the scope(s) to request.
-	 *
 	 * @return the scope(s) to request
 	 */
 	public Set<String> getScopes() {
 		return this.scopes;
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2RefreshTokenGrantRequestEntityConverter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2RefreshTokenGrantRequestEntityConverter.java
index 00cac8beed..8bf4cfd3b3 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2RefreshTokenGrantRequestEntityConverter.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2RefreshTokenGrantRequestEntityConverter.java
@@ -32,8 +32,8 @@ import java.net.URI;
 
 /**
  * A {@link Converter} that converts the provided {@link OAuth2RefreshTokenGrantRequest}
- * to a {@link RequestEntity} representation of an OAuth 2.0 Access Token Request
- * for the Refresh Token Grant.
+ * to a {@link RequestEntity} representation of an OAuth 2.0 Access Token Request for the
+ * Refresh Token Grant.
  *
  * @author Joe Grandja
  * @since 5.2
@@ -41,11 +41,11 @@ import java.net.URI;
  * @see OAuth2RefreshTokenGrantRequest
  * @see RequestEntity
  */
-public class OAuth2RefreshTokenGrantRequestEntityConverter implements Converter<OAuth2RefreshTokenGrantRequest, RequestEntity<?>> {
+public class OAuth2RefreshTokenGrantRequestEntityConverter
+		implements Converter<OAuth2RefreshTokenGrantRequest, RequestEntity<?>> {
 
 	/**
 	 * Returns the {@link RequestEntity} used for the Access Token Request.
-	 *
 	 * @param refreshTokenGrantRequest the refresh token grant request
 	 * @return the {@link RequestEntity} used for the Access Token Request
 	 */
@@ -55,18 +55,18 @@ public class OAuth2RefreshTokenGrantRequestEntityConverter implements Converter<
 
 		HttpHeaders headers = OAuth2AuthorizationGrantRequestEntityUtils.getTokenRequestHeaders(clientRegistration);
 		MultiValueMap<String, String> formParameters = buildFormParameters(refreshTokenGrantRequest);
-		URI uri = UriComponentsBuilder.fromUriString(clientRegistration.getProviderDetails().getTokenUri())
-				.build()
+		URI uri = UriComponentsBuilder.fromUriString(clientRegistration.getProviderDetails().getTokenUri()).build()
 				.toUri();
 
 		return new RequestEntity<>(formParameters, headers, HttpMethod.POST, uri);
 	}
 
 	/**
-	 * Returns a {@link MultiValueMap} of the form parameters used for the Access Token Request body.
-	 *
+	 * Returns a {@link MultiValueMap} of the form parameters used for the Access Token
+	 * Request body.
 	 * @param refreshTokenGrantRequest the refresh token grant request
-	 * @return a {@link MultiValueMap} of the form parameters used for the Access Token Request body
+	 * @return a {@link MultiValueMap} of the form parameters used for the Access Token
+	 * Request body
 	 */
 	private MultiValueMap<String, String> buildFormParameters(OAuth2RefreshTokenGrantRequest refreshTokenGrantRequest) {
 		ClientRegistration clientRegistration = refreshTokenGrantRequest.getClientRegistration();
@@ -86,4 +86,5 @@ public class OAuth2RefreshTokenGrantRequestEntityConverter implements Converter<
 
 		return formParameters;
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/ReactiveOAuth2AccessTokenResponseClient.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/ReactiveOAuth2AccessTokenResponseClient.java
index f0196bdcc3..fa09352341 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/ReactiveOAuth2AccessTokenResponseClient.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/ReactiveOAuth2AccessTokenResponseClient.java
@@ -21,29 +21,37 @@ import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenRespon
 import reactor.core.publisher.Mono;
 
 /**
- * A reactive strategy for &quot;exchanging&quot; an authorization grant credential
- * (e.g. an Authorization Code) for an access token credential
- * at the Authorization Server's Token Endpoint.
+ * A reactive strategy for &quot;exchanging&quot; an authorization grant credential (e.g.
+ * an Authorization Code) for an access token credential at the Authorization Server's
+ * Token Endpoint.
  *
  * @author Rob Winch
  * @since 5.1
  * @see AbstractOAuth2AuthorizationGrantRequest
  * @see OAuth2AccessTokenResponse
  * @see AuthorizationGrantType
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-1.3">Section 1.3 Authorization Grant</a>
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1.3">Section 4.1.3 Access Token Request (Authorization Code Grant)</a>
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1.4">Section 4.1.4 Access Token Response (Authorization Code Grant)</a>
+ * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-1.3">Section
+ * 1.3 Authorization Grant</a>
+ * @see <a target="_blank" href=
+ * "https://tools.ietf.org/html/rfc6749#section-4.1.3">Section 4.1.3 Access Token Request
+ * (Authorization Code Grant)</a>
+ * @see <a target="_blank" href=
+ * "https://tools.ietf.org/html/rfc6749#section-4.1.4">Section 4.1.4 Access Token Response
+ * (Authorization Code Grant)</a>
  */
 @FunctionalInterface
-public interface ReactiveOAuth2AccessTokenResponseClient<T extends AbstractOAuth2AuthorizationGrantRequest>  {
+public interface ReactiveOAuth2AccessTokenResponseClient<T extends AbstractOAuth2AuthorizationGrantRequest> {
 
 	/**
-	 * Exchanges the authorization grant credential, provided in the authorization grant request,
-	 * for an access token credential at the Authorization Server's Token Endpoint.
-	 *
-	 * @param authorizationGrantRequest the authorization grant request that contains the authorization grant credential
-	 * @return an {@link OAuth2AccessTokenResponse} that contains the {@link OAuth2AccessTokenResponse#getAccessToken() access token} credential
-	 * @throws OAuth2AuthorizationException if an error occurs while attempting to exchange for the access token credential
+	 * Exchanges the authorization grant credential, provided in the authorization grant
+	 * request, for an access token credential at the Authorization Server's Token
+	 * Endpoint.
+	 * @param authorizationGrantRequest the authorization grant request that contains the
+	 * authorization grant credential
+	 * @return an {@link OAuth2AccessTokenResponse} that contains the
+	 * {@link OAuth2AccessTokenResponse#getAccessToken() access token} credential
+	 * @throws OAuth2AuthorizationException if an error occurs while attempting to
+	 * exchange for the access token credential
 	 */
 	Mono<OAuth2AccessTokenResponse> getTokenResponse(T authorizationGrantRequest);
 
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveAuthorizationCodeTokenResponseClient.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveAuthorizationCodeTokenResponseClient.java
index 80cbe4cafd..8ada808580 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveAuthorizationCodeTokenResponseClient.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveAuthorizationCodeTokenResponseClient.java
@@ -27,8 +27,8 @@ import java.util.Collections;
 import java.util.Set;
 
 /**
- * An implementation of a {@link ReactiveOAuth2AccessTokenResponseClient} that &quot;exchanges&quot;
- * an authorization code credential for an access token credential
+ * An implementation of a {@link ReactiveOAuth2AccessTokenResponseClient} that
+ * &quot;exchanges&quot; an authorization code credential for an access token credential
  * at the Authorization Server's Token Endpoint.
  *
  * <p>
@@ -39,13 +39,20 @@ import java.util.Set;
  * @see ReactiveOAuth2AccessTokenResponseClient
  * @see OAuth2AuthorizationCodeGrantRequest
  * @see OAuth2AccessTokenResponse
- * @see <a target="_blank" href="https://connect2id.com/products/nimbus-oauth-openid-connect-sdk">Nimbus OAuth 2.0 SDK</a>
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1.3">Section 4.1.3 Access Token Request (Authorization Code Grant)</a>
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1.4">Section 4.1.4 Access Token Response (Authorization Code Grant)</a>
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc7636#section-4.2">Section 4.2 Client Creates the Code Challenge</a>
+ * @see <a target="_blank" href=
+ * "https://connect2id.com/products/nimbus-oauth-openid-connect-sdk">Nimbus OAuth 2.0
+ * SDK</a>
+ * @see <a target="_blank" href=
+ * "https://tools.ietf.org/html/rfc6749#section-4.1.3">Section 4.1.3 Access Token Request
+ * (Authorization Code Grant)</a>
+ * @see <a target="_blank" href=
+ * "https://tools.ietf.org/html/rfc6749#section-4.1.4">Section 4.1.4 Access Token Response
+ * (Authorization Code Grant)</a>
+ * @see <a target="_blank" href="https://tools.ietf.org/html/rfc7636#section-4.2">Section
+ * 4.2 Client Creates the Code Challenge</a>
  */
-public class WebClientReactiveAuthorizationCodeTokenResponseClient extends
-		AbstractWebClientReactiveOAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> {
+public class WebClientReactiveAuthorizationCodeTokenResponseClient
+		extends AbstractWebClientReactiveOAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> {
 
 	@Override
 	ClientRegistration clientRegistration(OAuth2AuthorizationCodeGrantRequest grantRequest) {
@@ -63,8 +70,7 @@ public class WebClientReactiveAuthorizationCodeTokenResponseClient extends
 	}
 
 	@Override
-	BodyInserters.FormInserter<String> populateTokenRequestBody(
-			OAuth2AuthorizationCodeGrantRequest grantRequest,
+	BodyInserters.FormInserter<String> populateTokenRequestBody(OAuth2AuthorizationCodeGrantRequest grantRequest,
 			BodyInserters.FormInserter<String> body) {
 		super.populateTokenRequestBody(grantRequest, body);
 		OAuth2AuthorizationExchange authorizationExchange = grantRequest.getAuthorizationExchange();
@@ -74,10 +80,12 @@ public class WebClientReactiveAuthorizationCodeTokenResponseClient extends
 		if (redirectUri != null) {
 			body.with(OAuth2ParameterNames.REDIRECT_URI, redirectUri);
 		}
-		String codeVerifier = authorizationExchange.getAuthorizationRequest().getAttribute(PkceParameterNames.CODE_VERIFIER);
+		String codeVerifier = authorizationExchange.getAuthorizationRequest()
+				.getAttribute(PkceParameterNames.CODE_VERIFIER);
 		if (codeVerifier != null) {
 			body.with(PkceParameterNames.CODE_VERIFIER, codeVerifier);
 		}
 		return body;
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveClientCredentialsTokenResponseClient.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveClientCredentialsTokenResponseClient.java
index b5f4142ef6..95c01b2672 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveClientCredentialsTokenResponseClient.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveClientCredentialsTokenResponseClient.java
@@ -21,21 +21,27 @@ import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenRespon
 import java.util.Set;
 
 /**
- * An implementation of a {@link ReactiveOAuth2AccessTokenResponseClient} that &quot;exchanges&quot;
- * a client credential for an access token credential
- * at the Authorization Server's Token Endpoint.
+ * An implementation of a {@link ReactiveOAuth2AccessTokenResponseClient} that
+ * &quot;exchanges&quot; a client credential for an access token credential at the
+ * Authorization Server's Token Endpoint.
  *
  * @author Rob Winch
  * @since 5.1
  * @see ReactiveOAuth2AccessTokenResponseClient
  * @see OAuth2AuthorizationCodeGrantRequest
  * @see OAuth2AccessTokenResponse
- * @see <a target="_blank" href="https://connect2id.com/products/nimbus-oauth-openid-connect-sdk">Nimbus OAuth 2.0 SDK</a>
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1.3">Section 4.1.3 Access Token Request (Authorization Code Grant)</a>
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1.4">Section 4.1.4 Access Token Response (Authorization Code Grant)</a>
+ * @see <a target="_blank" href=
+ * "https://connect2id.com/products/nimbus-oauth-openid-connect-sdk">Nimbus OAuth 2.0
+ * SDK</a>
+ * @see <a target="_blank" href=
+ * "https://tools.ietf.org/html/rfc6749#section-4.1.3">Section 4.1.3 Access Token Request
+ * (Authorization Code Grant)</a>
+ * @see <a target="_blank" href=
+ * "https://tools.ietf.org/html/rfc6749#section-4.1.4">Section 4.1.4 Access Token Response
+ * (Authorization Code Grant)</a>
  */
-public class WebClientReactiveClientCredentialsTokenResponseClient extends
-		AbstractWebClientReactiveOAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest> {
+public class WebClientReactiveClientCredentialsTokenResponseClient
+		extends AbstractWebClientReactiveOAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest> {
 
 	@Override
 	ClientRegistration clientRegistration(OAuth2ClientCredentialsGrantRequest grantRequest) {
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/WebClientReactivePasswordTokenResponseClient.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/WebClientReactivePasswordTokenResponseClient.java
index 442e2543fc..354b2b3368 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/WebClientReactivePasswordTokenResponseClient.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/WebClientReactivePasswordTokenResponseClient.java
@@ -25,21 +25,25 @@ import org.springframework.web.reactive.function.client.WebClient;
 import java.util.Set;
 
 /**
- * An implementation of a {@link ReactiveOAuth2AccessTokenResponseClient}
- * for the {@link AuthorizationGrantType#PASSWORD password} grant.
- * This implementation uses {@link WebClient} when requesting
- * an access token credential at the Authorization Server's Token Endpoint.
+ * An implementation of a {@link ReactiveOAuth2AccessTokenResponseClient} for the
+ * {@link AuthorizationGrantType#PASSWORD password} grant. This implementation uses
+ * {@link WebClient} when requesting an access token credential at the Authorization
+ * Server's Token Endpoint.
  *
  * @author Joe Grandja
  * @since 5.2
  * @see ReactiveOAuth2AccessTokenResponseClient
  * @see OAuth2PasswordGrantRequest
  * @see OAuth2AccessTokenResponse
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.3.2">Section 4.3.2 Access Token Request (Resource Owner Password Credentials Grant)</a>
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.3.3">Section 4.3.3 Access Token Response (Resource Owner Password Credentials Grant)</a>
+ * @see <a target="_blank" href=
+ * "https://tools.ietf.org/html/rfc6749#section-4.3.2">Section 4.3.2 Access Token Request
+ * (Resource Owner Password Credentials Grant)</a>
+ * @see <a target="_blank" href=
+ * "https://tools.ietf.org/html/rfc6749#section-4.3.3">Section 4.3.3 Access Token Response
+ * (Resource Owner Password Credentials Grant)</a>
  */
-public final class WebClientReactivePasswordTokenResponseClient extends
-		AbstractWebClientReactiveOAuth2AccessTokenResponseClient<OAuth2PasswordGrantRequest> {
+public final class WebClientReactivePasswordTokenResponseClient
+		extends AbstractWebClientReactiveOAuth2AccessTokenResponseClient<OAuth2PasswordGrantRequest> {
 
 	@Override
 	ClientRegistration clientRegistration(OAuth2PasswordGrantRequest grantRequest) {
@@ -52,12 +56,11 @@ public final class WebClientReactivePasswordTokenResponseClient extends
 	}
 
 	@Override
-	BodyInserters.FormInserter<String> populateTokenRequestBody(
-			OAuth2PasswordGrantRequest grantRequest,
+	BodyInserters.FormInserter<String> populateTokenRequestBody(OAuth2PasswordGrantRequest grantRequest,
 			BodyInserters.FormInserter<String> body) {
 		return super.populateTokenRequestBody(grantRequest, body)
-			.with(OAuth2ParameterNames.USERNAME, grantRequest.getUsername())
-			.with(OAuth2ParameterNames.PASSWORD, grantRequest.getPassword());
+				.with(OAuth2ParameterNames.USERNAME, grantRequest.getUsername())
+				.with(OAuth2ParameterNames.PASSWORD, grantRequest.getPassword());
 	}
 
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveRefreshTokenTokenResponseClient.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveRefreshTokenTokenResponseClient.java
index 9ad787af7f..e0d4924e1e 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveRefreshTokenTokenResponseClient.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveRefreshTokenTokenResponseClient.java
@@ -26,20 +26,21 @@ import org.springframework.web.reactive.function.client.WebClient;
 import java.util.Set;
 
 /**
- * An implementation of a {@link ReactiveOAuth2AccessTokenResponseClient}
- * for the {@link AuthorizationGrantType#REFRESH_TOKEN refresh_token} grant.
- * This implementation uses {@link WebClient} when requesting
- * an access token credential at the Authorization Server's Token Endpoint.
+ * An implementation of a {@link ReactiveOAuth2AccessTokenResponseClient} for the
+ * {@link AuthorizationGrantType#REFRESH_TOKEN refresh_token} grant. This implementation
+ * uses {@link WebClient} when requesting an access token credential at the Authorization
+ * Server's Token Endpoint.
  *
  * @author Joe Grandja
  * @since 5.2
  * @see ReactiveOAuth2AccessTokenResponseClient
  * @see OAuth2RefreshTokenGrantRequest
  * @see OAuth2AccessTokenResponse
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-6">Section 6 Refreshing an Access Token</a>
+ * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-6">Section 6
+ * Refreshing an Access Token</a>
  */
-public final class WebClientReactiveRefreshTokenTokenResponseClient extends
-		AbstractWebClientReactiveOAuth2AccessTokenResponseClient<OAuth2RefreshTokenGrantRequest> {
+public final class WebClientReactiveRefreshTokenTokenResponseClient
+		extends AbstractWebClientReactiveOAuth2AccessTokenResponseClient<OAuth2RefreshTokenGrantRequest> {
 
 	@Override
 	ClientRegistration clientRegistration(OAuth2RefreshTokenGrantRequest grantRequest) {
@@ -57,24 +58,23 @@ public final class WebClientReactiveRefreshTokenTokenResponseClient extends
 	}
 
 	@Override
-	BodyInserters.FormInserter<String> populateTokenRequestBody(
-			OAuth2RefreshTokenGrantRequest grantRequest,
+	BodyInserters.FormInserter<String> populateTokenRequestBody(OAuth2RefreshTokenGrantRequest grantRequest,
 			BodyInserters.FormInserter<String> body) {
-		return super.populateTokenRequestBody(grantRequest, body)
-			.with(OAuth2ParameterNames.REFRESH_TOKEN, grantRequest.getRefreshToken().getTokenValue());
+		return super.populateTokenRequestBody(grantRequest, body).with(OAuth2ParameterNames.REFRESH_TOKEN,
+				grantRequest.getRefreshToken().getTokenValue());
 	}
 
 	@Override
-	OAuth2AccessTokenResponse populateTokenResponse(
-			OAuth2RefreshTokenGrantRequest grantRequest,
+	OAuth2AccessTokenResponse populateTokenResponse(OAuth2RefreshTokenGrantRequest grantRequest,
 			OAuth2AccessTokenResponse accessTokenResponse) {
 
-		if (!CollectionUtils.isEmpty(accessTokenResponse.getAccessToken().getScopes()) &&
-				accessTokenResponse.getRefreshToken() != null) {
+		if (!CollectionUtils.isEmpty(accessTokenResponse.getAccessToken().getScopes())
+				&& accessTokenResponse.getRefreshToken() != null) {
 			return accessTokenResponse;
 		}
 
-		OAuth2AccessTokenResponse.Builder tokenResponseBuilder = OAuth2AccessTokenResponse.withResponse(accessTokenResponse);
+		OAuth2AccessTokenResponse.Builder tokenResponseBuilder = OAuth2AccessTokenResponse
+				.withResponse(accessTokenResponse);
 		if (CollectionUtils.isEmpty(accessTokenResponse.getAccessToken().getScopes())) {
 			tokenResponseBuilder.scopes(defaultScopes(grantRequest));
 		}
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/package-info.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/package-info.java
index a443ff76b9..fa3b2f41ba 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/package-info.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/package-info.java
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 /**
- * Classes and interfaces providing support to the client
- * for initiating requests to the Authorization Server's Protocol Endpoints.
+ * Classes and interfaces providing support to the client for initiating requests to the
+ * Authorization Server's Protocol Endpoints.
  */
 package org.springframework.security.oauth2.client.endpoint;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/http/OAuth2ErrorResponseErrorHandler.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/http/OAuth2ErrorResponseErrorHandler.java
index 3f865a5897..2aad49caa6 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/http/OAuth2ErrorResponseErrorHandler.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/http/OAuth2ErrorResponseErrorHandler.java
@@ -38,7 +38,9 @@ import java.io.IOException;
  * @since 5.1
  */
 public class OAuth2ErrorResponseErrorHandler implements ResponseErrorHandler {
+
 	private final OAuth2ErrorHttpMessageConverter oauth2ErrorConverter = new OAuth2ErrorHttpMessageConverter();
+
 	private final ResponseErrorHandler defaultErrorHandler = new DefaultResponseErrorHandler();
 
 	@Override
@@ -71,16 +73,17 @@ public class OAuth2ErrorResponseErrorHandler implements ResponseErrorHandler {
 		BearerTokenError bearerTokenError;
 		try {
 			bearerTokenError = BearerTokenError.parse(wwwAuthenticateHeader);
-		} catch (Exception ex) {
+		}
+		catch (Exception ex) {
 			return null;
 		}
 
-		String errorCode = bearerTokenError.getCode() != null ?
-				bearerTokenError.getCode() : OAuth2ErrorCodes.SERVER_ERROR;
+		String errorCode = bearerTokenError.getCode() != null ? bearerTokenError.getCode()
+				: OAuth2ErrorCodes.SERVER_ERROR;
 		String errorDescription = bearerTokenError.getDescription();
-		String errorUri = bearerTokenError.getURI() != null ?
-				bearerTokenError.getURI().toString() : null;
+		String errorUri = bearerTokenError.getURI() != null ? bearerTokenError.getURI().toString() : null;
 
 		return new OAuth2Error(errorCode, errorDescription, errorUri);
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/ClientRegistrationDeserializer.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/ClientRegistrationDeserializer.java
index 9e12424f74..84c17c15fd 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/ClientRegistrationDeserializer.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/ClientRegistrationDeserializer.java
@@ -43,12 +43,12 @@ import static org.springframework.security.oauth2.client.jackson2.JsonNodeUtils.
  * @see ClientRegistrationMixin
  */
 final class ClientRegistrationDeserializer extends JsonDeserializer<ClientRegistration> {
-	private static final StdConverter<JsonNode, ClientAuthenticationMethod> CLIENT_AUTHENTICATION_METHOD_CONVERTER =
-			new StdConverters.ClientAuthenticationMethodConverter();
-	private static final StdConverter<JsonNode, AuthorizationGrantType> AUTHORIZATION_GRANT_TYPE_CONVERTER =
-			new StdConverters.AuthorizationGrantTypeConverter();
-	private static final StdConverter<JsonNode, AuthenticationMethod> AUTHENTICATION_METHOD_CONVERTER =
-			new StdConverters.AuthenticationMethodConverter();
+
+	private static final StdConverter<JsonNode, ClientAuthenticationMethod> CLIENT_AUTHENTICATION_METHOD_CONVERTER = new StdConverters.ClientAuthenticationMethodConverter();
+
+	private static final StdConverter<JsonNode, AuthorizationGrantType> AUTHORIZATION_GRANT_TYPE_CONVERTER = new StdConverters.AuthorizationGrantTypeConverter();
+
+	private static final StdConverter<JsonNode, AuthenticationMethod> AUTHENTICATION_METHOD_CONVERTER = new StdConverters.AuthenticationMethodConverter();
 
 	@Override
 	public ClientRegistration deserialize(JsonParser parser, DeserializationContext context) throws IOException {
@@ -57,29 +57,26 @@ final class ClientRegistrationDeserializer extends JsonDeserializer<ClientRegist
 		JsonNode providerDetailsNode = findObjectNode(clientRegistrationNode, "providerDetails");
 		JsonNode userInfoEndpointNode = findObjectNode(providerDetailsNode, "userInfoEndpoint");
 
-		return ClientRegistration
-				.withRegistrationId(findStringValue(clientRegistrationNode, "registrationId"))
+		return ClientRegistration.withRegistrationId(findStringValue(clientRegistrationNode, "registrationId"))
 				.clientId(findStringValue(clientRegistrationNode, "clientId"))
 				.clientSecret(findStringValue(clientRegistrationNode, "clientSecret"))
-				.clientAuthenticationMethod(
-						CLIENT_AUTHENTICATION_METHOD_CONVERTER.convert(
-								findObjectNode(clientRegistrationNode, "clientAuthenticationMethod")))
-				.authorizationGrantType(
-						AUTHORIZATION_GRANT_TYPE_CONVERTER.convert(
-								findObjectNode(clientRegistrationNode, "authorizationGrantType")))
+				.clientAuthenticationMethod(CLIENT_AUTHENTICATION_METHOD_CONVERTER
+						.convert(findObjectNode(clientRegistrationNode, "clientAuthenticationMethod")))
+				.authorizationGrantType(AUTHORIZATION_GRANT_TYPE_CONVERTER
+						.convert(findObjectNode(clientRegistrationNode, "authorizationGrantType")))
 				.redirectUri(findStringValue(clientRegistrationNode, "redirectUri"))
 				.scope(findValue(clientRegistrationNode, "scopes", SET_TYPE_REFERENCE, mapper))
 				.clientName(findStringValue(clientRegistrationNode, "clientName"))
 				.authorizationUri(findStringValue(providerDetailsNode, "authorizationUri"))
 				.tokenUri(findStringValue(providerDetailsNode, "tokenUri"))
 				.userInfoUri(findStringValue(userInfoEndpointNode, "uri"))
-				.userInfoAuthenticationMethod(
-						AUTHENTICATION_METHOD_CONVERTER.convert(
-								findObjectNode(userInfoEndpointNode, "authenticationMethod")))
+				.userInfoAuthenticationMethod(AUTHENTICATION_METHOD_CONVERTER
+						.convert(findObjectNode(userInfoEndpointNode, "authenticationMethod")))
 				.userNameAttributeName(findStringValue(userInfoEndpointNode, "userNameAttributeName"))
 				.jwkSetUri(findStringValue(providerDetailsNode, "jwkSetUri"))
-				.issuerUri(findStringValue(providerDetailsNode, "issuerUri"))
-				.providerConfigurationMetadata(findValue(providerDetailsNode, "configurationMetadata", MAP_TYPE_REFERENCE, mapper))
+				.issuerUri(findStringValue(providerDetailsNode, "issuerUri")).providerConfigurationMetadata(
+						findValue(providerDetailsNode, "configurationMetadata", MAP_TYPE_REFERENCE, mapper))
 				.build();
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/ClientRegistrationMixin.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/ClientRegistrationMixin.java
index a60708495c..50b7118969 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/ClientRegistrationMixin.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/ClientRegistrationMixin.java
@@ -22,8 +22,8 @@ import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
 
 /**
- * This mixin class is used to serialize/deserialize {@link ClientRegistration}.
- * It also registers a custom deserializer {@link ClientRegistrationDeserializer}.
+ * This mixin class is used to serialize/deserialize {@link ClientRegistration}. It also
+ * registers a custom deserializer {@link ClientRegistrationDeserializer}.
  *
  * @author Joe Grandja
  * @since 5.3
@@ -37,4 +37,5 @@ import org.springframework.security.oauth2.client.registration.ClientRegistratio
 		isGetterVisibility = JsonAutoDetect.Visibility.NONE)
 @JsonIgnoreProperties(ignoreUnknown = true)
 abstract class ClientRegistrationMixin {
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/DefaultOAuth2UserMixin.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/DefaultOAuth2UserMixin.java
index 056b27d59e..4743b62f3d 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/DefaultOAuth2UserMixin.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/DefaultOAuth2UserMixin.java
@@ -41,9 +41,9 @@ import java.util.Map;
 abstract class DefaultOAuth2UserMixin {
 
 	@JsonCreator
-	DefaultOAuth2UserMixin(
-			@JsonProperty("authorities") Collection<? extends GrantedAuthority> authorities,
+	DefaultOAuth2UserMixin(@JsonProperty("authorities") Collection<? extends GrantedAuthority> authorities,
 			@JsonProperty("attributes") Map<String, Object> attributes,
 			@JsonProperty("nameAttributeKey") String nameAttributeKey) {
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/DefaultOidcUserMixin.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/DefaultOidcUserMixin.java
index 003b6e707e..dcbee5ef45 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/DefaultOidcUserMixin.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/DefaultOidcUserMixin.java
@@ -38,14 +38,13 @@ import java.util.Collection;
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS)
 @JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE,
 		isGetterVisibility = JsonAutoDetect.Visibility.NONE)
-@JsonIgnoreProperties(value = {"attributes"}, ignoreUnknown = true)
+@JsonIgnoreProperties(value = { "attributes" }, ignoreUnknown = true)
 abstract class DefaultOidcUserMixin {
 
 	@JsonCreator
-	DefaultOidcUserMixin(
-			@JsonProperty("authorities") Collection<? extends GrantedAuthority> authorities,
-			@JsonProperty("idToken") OidcIdToken idToken,
-			@JsonProperty("userInfo") OidcUserInfo userInfo,
+	DefaultOidcUserMixin(@JsonProperty("authorities") Collection<? extends GrantedAuthority> authorities,
+			@JsonProperty("idToken") OidcIdToken idToken, @JsonProperty("userInfo") OidcUserInfo userInfo,
 			@JsonProperty("nameAttributeKey") String nameAttributeKey) {
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/JsonNodeUtils.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/JsonNodeUtils.java
index d9320227b7..6e9afbb2ed 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/JsonNodeUtils.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/JsonNodeUtils.java
@@ -29,9 +29,11 @@ import java.util.Set;
  * @since 5.3
  */
 abstract class JsonNodeUtils {
-	static final TypeReference<Set<String>> SET_TYPE_REFERENCE = new TypeReference<Set<String>>() {};
-	static final TypeReference<Map<String, Object>> MAP_TYPE_REFERENCE = new TypeReference<Map<String, Object>>() {};
 
+	static final TypeReference<Set<String>> SET_TYPE_REFERENCE = new TypeReference<Set<String>>() {
+	};
+	static final TypeReference<Map<String, Object>> MAP_TYPE_REFERENCE = new TypeReference<Map<String, Object>>() {
+	};
 
 	static String findStringValue(JsonNode jsonNode, String fieldName) {
 		if (jsonNode == null) {
@@ -44,7 +46,8 @@ abstract class JsonNodeUtils {
 		return null;
 	}
 
-	static <T> T findValue(JsonNode jsonNode, String fieldName, TypeReference<T> valueTypeReference, ObjectMapper mapper) {
+	static <T> T findValue(JsonNode jsonNode, String fieldName, TypeReference<T> valueTypeReference,
+			ObjectMapper mapper) {
 		if (jsonNode == null) {
 			return null;
 		}
@@ -65,4 +68,5 @@ abstract class JsonNodeUtils {
 		}
 		return null;
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AccessTokenMixin.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AccessTokenMixin.java
index f94eb87178..a6ca1d18ff 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AccessTokenMixin.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AccessTokenMixin.java
@@ -42,10 +42,10 @@ abstract class OAuth2AccessTokenMixin {
 
 	@JsonCreator
 	OAuth2AccessTokenMixin(
-			@JsonProperty("tokenType") @JsonDeserialize(converter = StdConverters.AccessTokenTypeConverter.class) OAuth2AccessToken.TokenType tokenType,
-			@JsonProperty("tokenValue") String tokenValue,
-			@JsonProperty("issuedAt") Instant issuedAt,
-			@JsonProperty("expiresAt") Instant expiresAt,
-			@JsonProperty("scopes") Set<String> scopes) {
+			@JsonProperty("tokenType") @JsonDeserialize(
+					converter = StdConverters.AccessTokenTypeConverter.class) OAuth2AccessToken.TokenType tokenType,
+			@JsonProperty("tokenValue") String tokenValue, @JsonProperty("issuedAt") Instant issuedAt,
+			@JsonProperty("expiresAt") Instant expiresAt, @JsonProperty("scopes") Set<String> scopes) {
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationExceptionMixin.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationExceptionMixin.java
index 187eb16d8e..9175b10e9e 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationExceptionMixin.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationExceptionMixin.java
@@ -34,13 +34,13 @@ import org.springframework.security.oauth2.core.OAuth2Error;
  */
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS)
 @JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE,
-				isGetterVisibility = JsonAutoDetect.Visibility.NONE)
-@JsonIgnoreProperties(ignoreUnknown = true, value = {"cause", "stackTrace", "suppressedExceptions"})
+		isGetterVisibility = JsonAutoDetect.Visibility.NONE)
+@JsonIgnoreProperties(ignoreUnknown = true, value = { "cause", "stackTrace", "suppressedExceptions" })
 abstract class OAuth2AuthenticationExceptionMixin {
 
 	@JsonCreator
-	OAuth2AuthenticationExceptionMixin(
-			@JsonProperty("error") OAuth2Error error,
+	OAuth2AuthenticationExceptionMixin(@JsonProperty("error") OAuth2Error error,
 			@JsonProperty("detailMessage") String message) {
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationTokenMixin.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationTokenMixin.java
index ebd3c1b77c..cbfec890c2 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationTokenMixin.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationTokenMixin.java
@@ -37,13 +37,13 @@ import java.util.Collection;
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS)
 @JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE,
 		isGetterVisibility = JsonAutoDetect.Visibility.NONE)
-@JsonIgnoreProperties(value = {"authenticated"}, ignoreUnknown = true)
+@JsonIgnoreProperties(value = { "authenticated" }, ignoreUnknown = true)
 abstract class OAuth2AuthenticationTokenMixin {
 
 	@JsonCreator
-	OAuth2AuthenticationTokenMixin(
-			@JsonProperty("principal") OAuth2User principal,
+	OAuth2AuthenticationTokenMixin(@JsonProperty("principal") OAuth2User principal,
 			@JsonProperty("authorities") Collection<? extends GrantedAuthority> authorities,
 			@JsonProperty("authorizedClientRegistrationId") String authorizedClientRegistrationId) {
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizationRequestDeserializer.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizationRequestDeserializer.java
index ae3d64ae38..6c2e4a1753 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizationRequestDeserializer.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizationRequestDeserializer.java
@@ -42,35 +42,38 @@ import static org.springframework.security.oauth2.client.jackson2.JsonNodeUtils.
  * @see OAuth2AuthorizationRequestMixin
  */
 final class OAuth2AuthorizationRequestDeserializer extends JsonDeserializer<OAuth2AuthorizationRequest> {
-	private static final StdConverter<JsonNode, AuthorizationGrantType> AUTHORIZATION_GRANT_TYPE_CONVERTER =
-			new StdConverters.AuthorizationGrantTypeConverter();
+
+	private static final StdConverter<JsonNode, AuthorizationGrantType> AUTHORIZATION_GRANT_TYPE_CONVERTER = new StdConverters.AuthorizationGrantTypeConverter();
 
 	@Override
-	public OAuth2AuthorizationRequest deserialize(JsonParser parser, DeserializationContext context) throws IOException {
+	public OAuth2AuthorizationRequest deserialize(JsonParser parser, DeserializationContext context)
+			throws IOException {
 		ObjectMapper mapper = (ObjectMapper) parser.getCodec();
 		JsonNode authorizationRequestNode = mapper.readTree(parser);
 
-		AuthorizationGrantType authorizationGrantType = AUTHORIZATION_GRANT_TYPE_CONVERTER.convert(
-				findObjectNode(authorizationRequestNode, "authorizationGrantType"));
+		AuthorizationGrantType authorizationGrantType = AUTHORIZATION_GRANT_TYPE_CONVERTER
+				.convert(findObjectNode(authorizationRequestNode, "authorizationGrantType"));
 
 		OAuth2AuthorizationRequest.Builder builder;
 		if (AuthorizationGrantType.AUTHORIZATION_CODE.equals(authorizationGrantType)) {
 			builder = OAuth2AuthorizationRequest.authorizationCode();
-		} else if (AuthorizationGrantType.IMPLICIT.equals(authorizationGrantType)) {
+		}
+		else if (AuthorizationGrantType.IMPLICIT.equals(authorizationGrantType)) {
 			builder = OAuth2AuthorizationRequest.implicit();
-		} else {
+		}
+		else {
 			throw new JsonParseException(parser, "Invalid authorizationGrantType");
 		}
 
-		return builder
-				.authorizationUri(findStringValue(authorizationRequestNode, "authorizationUri"))
+		return builder.authorizationUri(findStringValue(authorizationRequestNode, "authorizationUri"))
 				.clientId(findStringValue(authorizationRequestNode, "clientId"))
 				.redirectUri(findStringValue(authorizationRequestNode, "redirectUri"))
 				.scopes(findValue(authorizationRequestNode, "scopes", SET_TYPE_REFERENCE, mapper))
 				.state(findStringValue(authorizationRequestNode, "state"))
-				.additionalParameters(findValue(authorizationRequestNode, "additionalParameters", MAP_TYPE_REFERENCE, mapper))
+				.additionalParameters(
+						findValue(authorizationRequestNode, "additionalParameters", MAP_TYPE_REFERENCE, mapper))
 				.authorizationRequestUri(findStringValue(authorizationRequestNode, "authorizationRequestUri"))
-				.attributes(findValue(authorizationRequestNode, "attributes", MAP_TYPE_REFERENCE, mapper))
-				.build();
+				.attributes(findValue(authorizationRequestNode, "attributes", MAP_TYPE_REFERENCE, mapper)).build();
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizationRequestMixin.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizationRequestMixin.java
index 4e85728a1f..760b536780 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizationRequestMixin.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizationRequestMixin.java
@@ -37,4 +37,5 @@ import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequ
 		isGetterVisibility = JsonAutoDetect.Visibility.NONE)
 @JsonIgnoreProperties(ignoreUnknown = true)
 abstract class OAuth2AuthorizationRequestMixin {
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizedClientMixin.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizedClientMixin.java
index 3ca81104eb..f56c4d1ca1 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizedClientMixin.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizedClientMixin.java
@@ -40,10 +40,10 @@ import org.springframework.security.oauth2.core.OAuth2RefreshToken;
 abstract class OAuth2AuthorizedClientMixin {
 
 	@JsonCreator
-	OAuth2AuthorizedClientMixin(
-			@JsonProperty("clientRegistration") ClientRegistration clientRegistration,
+	OAuth2AuthorizedClientMixin(@JsonProperty("clientRegistration") ClientRegistration clientRegistration,
 			@JsonProperty("principalName") String principalName,
 			@JsonProperty("accessToken") OAuth2AccessToken accessToken,
 			@JsonProperty("refreshToken") OAuth2RefreshToken refreshToken) {
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2ClientJackson2Module.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2ClientJackson2Module.java
index 4aa70fc847..5ed27cf913 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2ClientJackson2Module.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2ClientJackson2Module.java
@@ -36,36 +36,37 @@ import org.springframework.security.oauth2.core.user.OAuth2UserAuthority;
 import java.util.Collections;
 
 /**
- * Jackson {@code Module} for {@code spring-security-oauth2-client},
- * that registers the following mix-in annotations:
+ * Jackson {@code Module} for {@code spring-security-oauth2-client}, that registers the
+ * following mix-in annotations:
  *
  * <ul>
- *     <li>{@link OAuth2AuthorizationRequestMixin}</li>
- *     <li>{@link ClientRegistrationMixin}</li>
- *     <li>{@link OAuth2AccessTokenMixin}</li>
- *     <li>{@link OAuth2RefreshTokenMixin}</li>
- *     <li>{@link OAuth2AuthorizedClientMixin}</li>
- *     <li>{@link OAuth2UserAuthorityMixin}</li>
- *     <li>{@link DefaultOAuth2UserMixin}</li>
- *     <li>{@link OidcIdTokenMixin}</li>
- *     <li>{@link OidcUserInfoMixin}</li>
- *     <li>{@link OidcUserAuthorityMixin}</li>
- *     <li>{@link DefaultOidcUserMixin}</li>
- *     <li>{@link OAuth2AuthenticationTokenMixin}</li>
- *     <li>{@link OAuth2AuthenticationExceptionMixin}</li>
- *     <li>{@link OAuth2ErrorMixin}</li>
+ * <li>{@link OAuth2AuthorizationRequestMixin}</li>
+ * <li>{@link ClientRegistrationMixin}</li>
+ * <li>{@link OAuth2AccessTokenMixin}</li>
+ * <li>{@link OAuth2RefreshTokenMixin}</li>
+ * <li>{@link OAuth2AuthorizedClientMixin}</li>
+ * <li>{@link OAuth2UserAuthorityMixin}</li>
+ * <li>{@link DefaultOAuth2UserMixin}</li>
+ * <li>{@link OidcIdTokenMixin}</li>
+ * <li>{@link OidcUserInfoMixin}</li>
+ * <li>{@link OidcUserAuthorityMixin}</li>
+ * <li>{@link DefaultOidcUserMixin}</li>
+ * <li>{@link OAuth2AuthenticationTokenMixin}</li>
+ * <li>{@link OAuth2AuthenticationExceptionMixin}</li>
+ * <li>{@link OAuth2ErrorMixin}</li>
  * </ul>
  *
- * If not already enabled, default typing will be automatically enabled
- * as type info is required to properly serialize/deserialize objects.
- * In order to use this module just add it to your {@code ObjectMapper} configuration.
+ * If not already enabled, default typing will be automatically enabled as type info is
+ * required to properly serialize/deserialize objects. In order to use this module just
+ * add it to your {@code ObjectMapper} configuration.
  *
  * <pre>
  *     ObjectMapper mapper = new ObjectMapper();
  *     mapper.registerModule(new OAuth2ClientJackson2Module());
  * </pre>
  *
- * <b>NOTE:</b> Use {@link SecurityJackson2Modules#getModules(ClassLoader)} to get a list of all security modules.
+ * <b>NOTE:</b> Use {@link SecurityJackson2Modules#getModules(ClassLoader)} to get a list
+ * of all security modules.
  *
  * @author Joe Grandja
  * @since 5.3
@@ -94,7 +95,8 @@ public class OAuth2ClientJackson2Module extends SimpleModule {
 	@Override
 	public void setupModule(SetupContext context) {
 		SecurityJackson2Modules.enableDefaultTyping(context.getOwner());
-		context.setMixInAnnotations(Collections.unmodifiableMap(Collections.emptyMap()).getClass(), UnmodifiableMapMixin.class);
+		context.setMixInAnnotations(Collections.unmodifiableMap(Collections.emptyMap()).getClass(),
+				UnmodifiableMapMixin.class);
 		context.setMixInAnnotations(OAuth2AuthorizationRequest.class, OAuth2AuthorizationRequestMixin.class);
 		context.setMixInAnnotations(ClientRegistration.class, ClientRegistrationMixin.class);
 		context.setMixInAnnotations(OAuth2AccessToken.class, OAuth2AccessTokenMixin.class);
@@ -110,4 +112,5 @@ public class OAuth2ClientJackson2Module extends SimpleModule {
 		context.setMixInAnnotations(OAuth2AuthenticationException.class, OAuth2AuthenticationExceptionMixin.class);
 		context.setMixInAnnotations(OAuth2Error.class, OAuth2ErrorMixin.class);
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2ErrorMixin.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2ErrorMixin.java
index aba0c5b61f..3d59400d42 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2ErrorMixin.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2ErrorMixin.java
@@ -34,14 +34,13 @@ import org.springframework.security.oauth2.core.OAuth2Error;
  */
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS)
 @JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE,
-				isGetterVisibility = JsonAutoDetect.Visibility.NONE)
+		isGetterVisibility = JsonAutoDetect.Visibility.NONE)
 @JsonIgnoreProperties(ignoreUnknown = true)
 abstract class OAuth2ErrorMixin {
 
 	@JsonCreator
-	OAuth2ErrorMixin(
-			@JsonProperty("errorCode") String errorCode,
-			@JsonProperty("description") String description,
+	OAuth2ErrorMixin(@JsonProperty("errorCode") String errorCode, @JsonProperty("description") String description,
 			@JsonProperty("uri") String uri) {
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2RefreshTokenMixin.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2RefreshTokenMixin.java
index 191fb3e2d1..71c54c45c4 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2RefreshTokenMixin.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2RefreshTokenMixin.java
@@ -39,8 +39,7 @@ import java.time.Instant;
 abstract class OAuth2RefreshTokenMixin {
 
 	@JsonCreator
-	OAuth2RefreshTokenMixin(
-			@JsonProperty("tokenValue") String tokenValue,
-			@JsonProperty("issuedAt") Instant issuedAt) {
+	OAuth2RefreshTokenMixin(@JsonProperty("tokenValue") String tokenValue, @JsonProperty("issuedAt") Instant issuedAt) {
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2UserAuthorityMixin.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2UserAuthorityMixin.java
index 02509a3575..481a64e18c 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2UserAuthorityMixin.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2UserAuthorityMixin.java
@@ -39,8 +39,8 @@ import java.util.Map;
 abstract class OAuth2UserAuthorityMixin {
 
 	@JsonCreator
-	OAuth2UserAuthorityMixin(
-			@JsonProperty("authority") String authority,
+	OAuth2UserAuthorityMixin(@JsonProperty("authority") String authority,
 			@JsonProperty("attributes") Map<String, Object> attributes) {
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OidcIdTokenMixin.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OidcIdTokenMixin.java
index d795e157b7..2f687460b7 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OidcIdTokenMixin.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OidcIdTokenMixin.java
@@ -40,10 +40,8 @@ import java.util.Map;
 abstract class OidcIdTokenMixin {
 
 	@JsonCreator
-	OidcIdTokenMixin(
-			@JsonProperty("tokenValue") String tokenValue,
-			@JsonProperty("issuedAt") Instant issuedAt,
-			@JsonProperty("expiresAt") Instant expiresAt,
-			@JsonProperty("claims") Map<String, Object> claims) {
+	OidcIdTokenMixin(@JsonProperty("tokenValue") String tokenValue, @JsonProperty("issuedAt") Instant issuedAt,
+			@JsonProperty("expiresAt") Instant expiresAt, @JsonProperty("claims") Map<String, Object> claims) {
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OidcUserAuthorityMixin.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OidcUserAuthorityMixin.java
index 1ab4de1ac2..324b69160b 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OidcUserAuthorityMixin.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OidcUserAuthorityMixin.java
@@ -35,13 +35,12 @@ import org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority;
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS)
 @JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE,
 		isGetterVisibility = JsonAutoDetect.Visibility.NONE)
-@JsonIgnoreProperties(value = {"attributes"}, ignoreUnknown = true)
+@JsonIgnoreProperties(value = { "attributes" }, ignoreUnknown = true)
 abstract class OidcUserAuthorityMixin {
 
 	@JsonCreator
-	OidcUserAuthorityMixin(
-			@JsonProperty("authority") String authority,
-			@JsonProperty("idToken") OidcIdToken idToken,
+	OidcUserAuthorityMixin(@JsonProperty("authority") String authority, @JsonProperty("idToken") OidcIdToken idToken,
 			@JsonProperty("userInfo") OidcUserInfo userInfo) {
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OidcUserInfoMixin.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OidcUserInfoMixin.java
index 89b131fbdb..83d624e467 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OidcUserInfoMixin.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OidcUserInfoMixin.java
@@ -41,4 +41,5 @@ abstract class OidcUserInfoMixin {
 	@JsonCreator
 	OidcUserInfoMixin(@JsonProperty("claims") Map<String, Object> claims) {
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/StdConverters.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/StdConverters.java
index 10510e5baf..ec6ecde107 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/StdConverters.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/StdConverters.java
@@ -33,6 +33,7 @@ import static org.springframework.security.oauth2.client.jackson2.JsonNodeUtils.
 abstract class StdConverters {
 
 	static final class AccessTokenTypeConverter extends StdConverter<JsonNode, OAuth2AccessToken.TokenType> {
+
 		@Override
 		public OAuth2AccessToken.TokenType convert(JsonNode jsonNode) {
 			String value = findStringValue(jsonNode, "value");
@@ -41,52 +42,67 @@ abstract class StdConverters {
 			}
 			return null;
 		}
+
 	}
 
 	static final class ClientAuthenticationMethodConverter extends StdConverter<JsonNode, ClientAuthenticationMethod> {
+
 		@Override
 		public ClientAuthenticationMethod convert(JsonNode jsonNode) {
 			String value = findStringValue(jsonNode, "value");
 			if (ClientAuthenticationMethod.BASIC.getValue().equalsIgnoreCase(value)) {
 				return ClientAuthenticationMethod.BASIC;
-			} else if (ClientAuthenticationMethod.POST.getValue().equalsIgnoreCase(value)) {
+			}
+			else if (ClientAuthenticationMethod.POST.getValue().equalsIgnoreCase(value)) {
 				return ClientAuthenticationMethod.POST;
-			} else if (ClientAuthenticationMethod.NONE.getValue().equalsIgnoreCase(value)) {
+			}
+			else if (ClientAuthenticationMethod.NONE.getValue().equalsIgnoreCase(value)) {
 				return ClientAuthenticationMethod.NONE;
 			}
 			return null;
 		}
+
 	}
 
 	static final class AuthorizationGrantTypeConverter extends StdConverter<JsonNode, AuthorizationGrantType> {
+
 		@Override
 		public AuthorizationGrantType convert(JsonNode jsonNode) {
 			String value = findStringValue(jsonNode, "value");
 			if (AuthorizationGrantType.AUTHORIZATION_CODE.getValue().equalsIgnoreCase(value)) {
 				return AuthorizationGrantType.AUTHORIZATION_CODE;
-			} else if (AuthorizationGrantType.IMPLICIT.getValue().equalsIgnoreCase(value)) {
+			}
+			else if (AuthorizationGrantType.IMPLICIT.getValue().equalsIgnoreCase(value)) {
 				return AuthorizationGrantType.IMPLICIT;
-			} else if (AuthorizationGrantType.CLIENT_CREDENTIALS.getValue().equalsIgnoreCase(value)) {
+			}
+			else if (AuthorizationGrantType.CLIENT_CREDENTIALS.getValue().equalsIgnoreCase(value)) {
 				return AuthorizationGrantType.CLIENT_CREDENTIALS;
-			} else if (AuthorizationGrantType.PASSWORD.getValue().equalsIgnoreCase(value)) {
+			}
+			else if (AuthorizationGrantType.PASSWORD.getValue().equalsIgnoreCase(value)) {
 				return AuthorizationGrantType.PASSWORD;
 			}
 			return null;
 		}
+
 	}
 
 	static final class AuthenticationMethodConverter extends StdConverter<JsonNode, AuthenticationMethod> {
+
 		@Override
 		public AuthenticationMethod convert(JsonNode jsonNode) {
 			String value = findStringValue(jsonNode, "value");
 			if (AuthenticationMethod.HEADER.getValue().equalsIgnoreCase(value)) {
 				return AuthenticationMethod.HEADER;
-			} else if (AuthenticationMethod.FORM.getValue().equalsIgnoreCase(value)) {
+			}
+			else if (AuthenticationMethod.FORM.getValue().equalsIgnoreCase(value)) {
 				return AuthenticationMethod.FORM;
-			} else if (AuthenticationMethod.QUERY.getValue().equalsIgnoreCase(value)) {
+			}
+			else if (AuthenticationMethod.QUERY.getValue().equalsIgnoreCase(value)) {
 				return AuthenticationMethod.QUERY;
 			}
 			return null;
 		}
+
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/UnmodifiableMapDeserializer.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/UnmodifiableMapDeserializer.java
index e7f97a1b87..03070f3be8 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/UnmodifiableMapDeserializer.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/UnmodifiableMapDeserializer.java
@@ -49,4 +49,5 @@ final class UnmodifiableMapDeserializer extends JsonDeserializer<Map<?, ?>> {
 		}
 		return Collections.unmodifiableMap(result);
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/UnmodifiableMapMixin.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/UnmodifiableMapMixin.java
index 18753d4154..577c3e3064 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/UnmodifiableMapMixin.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/UnmodifiableMapMixin.java
@@ -23,8 +23,9 @@ import java.util.Collections;
 import java.util.Map;
 
 /**
- * This mixin class is used to serialize/deserialize {@link Collections#unmodifiableMap(Map)}.
- * It also registers a custom deserializer {@link UnmodifiableMapDeserializer}.
+ * This mixin class is used to serialize/deserialize
+ * {@link Collections#unmodifiableMap(Map)}. It also registers a custom deserializer
+ * {@link UnmodifiableMapDeserializer}.
  *
  * @author Joe Grandja
  * @since 5.3
@@ -39,4 +40,5 @@ abstract class UnmodifiableMapMixin {
 	@JsonCreator
 	UnmodifiableMapMixin(Map<?, ?> map) {
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/DefaultOidcIdTokenValidatorFactory.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/DefaultOidcIdTokenValidatorFactory.java
index 70c5a6749c..3e7d066e63 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/DefaultOidcIdTokenValidatorFactory.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/DefaultOidcIdTokenValidatorFactory.java
@@ -24,7 +24,6 @@ import org.springframework.security.oauth2.jwt.JwtTimestampValidator;
 import java.util.function.Function;
 
 /**
- *
  * @author Joe Grandja
  * @since 5.2
  */
@@ -32,7 +31,8 @@ class DefaultOidcIdTokenValidatorFactory implements Function<ClientRegistration,
 
 	@Override
 	public OAuth2TokenValidator<Jwt> apply(ClientRegistration clientRegistration) {
-		return new DelegatingOAuth2TokenValidator<>(
-				new JwtTimestampValidator(), new OidcIdTokenValidator(clientRegistration));
+		return new DelegatingOAuth2TokenValidator<>(new JwtTimestampValidator(),
+				new OidcIdTokenValidator(clientRegistration));
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProvider.java
index 9246502d74..afe63b2b23 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProvider.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProvider.java
@@ -51,18 +51,18 @@ import java.util.Collection;
 import java.util.Map;
 
 /**
- * An implementation of an {@link AuthenticationProvider}
- * for the OpenID Connect Core 1.0 Authorization Code Grant Flow.
+ * An implementation of an {@link AuthenticationProvider} for the OpenID Connect Core 1.0
+ * Authorization Code Grant Flow.
  * <p>
- * This {@link AuthenticationProvider} is responsible for authenticating
- * an Authorization Code credential with the Authorization Server's Token Endpoint
- * and if valid, exchanging it for an Access Token credential.
+ * This {@link AuthenticationProvider} is responsible for authenticating an Authorization
+ * Code credential with the Authorization Server's Token Endpoint and if valid, exchanging
+ * it for an Access Token credential.
  * <p>
- * It will also obtain the user attributes of the End-User (Resource Owner)
- * from the UserInfo Endpoint using an {@link OAuth2UserService},
- * which will create a {@code Principal} in the form of an {@link OidcUser}.
- * The {@code OidcUser} is then associated to the {@link OAuth2LoginAuthenticationToken}
- * to complete the authentication.
+ * It will also obtain the user attributes of the End-User (Resource Owner) from the
+ * UserInfo Endpoint using an {@link OAuth2UserService}, which will create a
+ * {@code Principal} in the form of an {@link OidcUser}. The {@code OidcUser} is then
+ * associated to the {@link OAuth2LoginAuthenticationToken} to complete the
+ * authentication.
  *
  * @author Joe Grandja
  * @author Mark Heckler
@@ -72,28 +72,43 @@ import java.util.Map;
  * @see OidcUserService
  * @see OidcUser
  * @see OidcIdTokenDecoderFactory
- * @see <a target="_blank" href="https://openid.net/specs/openid-connect-core-1_0.html#CodeFlowAuth">Section 3.1 Authorization Code Grant Flow</a>
- * @see <a target="_blank" href="https://openid.net/specs/openid-connect-core-1_0.html#TokenRequest">Section 3.1.3.1 Token Request</a>
- * @see <a target="_blank" href="https://openid.net/specs/openid-connect-core-1_0.html#TokenResponse">Section 3.1.3.3 Token Response</a>
+ * @see <a target="_blank" href=
+ * "https://openid.net/specs/openid-connect-core-1_0.html#CodeFlowAuth">Section 3.1
+ * Authorization Code Grant Flow</a>
+ * @see <a target="_blank" href=
+ * "https://openid.net/specs/openid-connect-core-1_0.html#TokenRequest">Section 3.1.3.1
+ * Token Request</a>
+ * @see <a target="_blank" href=
+ * "https://openid.net/specs/openid-connect-core-1_0.html#TokenResponse">Section 3.1.3.3
+ * Token Response</a>
  */
 public class OidcAuthorizationCodeAuthenticationProvider implements AuthenticationProvider {
+
 	private static final String INVALID_STATE_PARAMETER_ERROR_CODE = "invalid_state_parameter";
+
 	private static final String INVALID_ID_TOKEN_ERROR_CODE = "invalid_id_token";
+
 	private static final String INVALID_NONCE_ERROR_CODE = "invalid_nonce";
+
 	private final OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient;
+
 	private final OAuth2UserService<OidcUserRequest, OidcUser> userService;
+
 	private JwtDecoderFactory<ClientRegistration> jwtDecoderFactory = new OidcIdTokenDecoderFactory();
+
 	private GrantedAuthoritiesMapper authoritiesMapper = (authorities -> authorities);
 
 	/**
-	 * Constructs an {@code OidcAuthorizationCodeAuthenticationProvider} using the provided parameters.
-	 *
-	 * @param accessTokenResponseClient the client used for requesting the access token credential from the Token Endpoint
-	 * @param userService the service used for obtaining the user attributes of the End-User from the UserInfo Endpoint
+	 * Constructs an {@code OidcAuthorizationCodeAuthenticationProvider} using the
+	 * provided parameters.
+	 * @param accessTokenResponseClient the client used for requesting the access token
+	 * credential from the Token Endpoint
+	 * @param userService the service used for obtaining the user attributes of the
+	 * End-User from the UserInfo Endpoint
 	 */
 	public OidcAuthorizationCodeAuthenticationProvider(
-		OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient,
-		OAuth2UserService<OidcUserRequest, OidcUser> userService) {
+			OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient,
+			OAuth2UserService<OidcUserRequest, OidcUser> userService) {
 
 		Assert.notNull(accessTokenResponseClient, "accessTokenResponseClient cannot be null");
 		Assert.notNull(userService, "userService cannot be null");
@@ -103,27 +118,27 @@ public class OidcAuthorizationCodeAuthenticationProvider implements Authenticati
 
 	@Override
 	public Authentication authenticate(Authentication authentication) throws AuthenticationException {
-		OAuth2LoginAuthenticationToken authorizationCodeAuthentication =
-			(OAuth2LoginAuthenticationToken) authentication;
+		OAuth2LoginAuthenticationToken authorizationCodeAuthentication = (OAuth2LoginAuthenticationToken) authentication;
 
-		// Section 3.1.2.1 Authentication Request - https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
+		// Section 3.1.2.1 Authentication Request -
+		// https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
 		// scope
-		// 		REQUIRED. OpenID Connect requests MUST contain the "openid" scope value.
-		if (!authorizationCodeAuthentication.getAuthorizationExchange()
-			.getAuthorizationRequest().getScopes().contains(OidcScopes.OPENID)) {
+		// REQUIRED. OpenID Connect requests MUST contain the "openid" scope value.
+		if (!authorizationCodeAuthentication.getAuthorizationExchange().getAuthorizationRequest().getScopes()
+				.contains(OidcScopes.OPENID)) {
 			// This is NOT an OpenID Connect Authentication Request so return null
 			// and let OAuth2LoginAuthenticationProvider handle it instead
 			return null;
 		}
 
-		OAuth2AuthorizationRequest authorizationRequest = authorizationCodeAuthentication
-			.getAuthorizationExchange().getAuthorizationRequest();
-		OAuth2AuthorizationResponse authorizationResponse = authorizationCodeAuthentication
-			.getAuthorizationExchange().getAuthorizationResponse();
+		OAuth2AuthorizationRequest authorizationRequest = authorizationCodeAuthentication.getAuthorizationExchange()
+				.getAuthorizationRequest();
+		OAuth2AuthorizationResponse authorizationResponse = authorizationCodeAuthentication.getAuthorizationExchange()
+				.getAuthorizationResponse();
 
 		if (authorizationResponse.statusError()) {
-			throw new OAuth2AuthenticationException(
-				authorizationResponse.getError(), authorizationResponse.getError().toString());
+			throw new OAuth2AuthenticationException(authorizationResponse.getError(),
+					authorizationResponse.getError().toString());
 		}
 
 		if (!authorizationResponse.getState().equals(authorizationRequest.getState())) {
@@ -134,10 +149,10 @@ public class OidcAuthorizationCodeAuthenticationProvider implements Authenticati
 		OAuth2AccessTokenResponse accessTokenResponse;
 		try {
 			accessTokenResponse = this.accessTokenResponseClient.getTokenResponse(
-					new OAuth2AuthorizationCodeGrantRequest(
-							authorizationCodeAuthentication.getClientRegistration(),
+					new OAuth2AuthorizationCodeGrantRequest(authorizationCodeAuthentication.getClientRegistration(),
 							authorizationCodeAuthentication.getAuthorizationExchange()));
-		} catch (OAuth2AuthorizationException ex) {
+		}
+		catch (OAuth2AuthorizationException ex) {
 			OAuth2Error oauth2Error = ex.getError();
 			throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
 		}
@@ -146,10 +161,10 @@ public class OidcAuthorizationCodeAuthenticationProvider implements Authenticati
 
 		Map<String, Object> additionalParameters = accessTokenResponse.getAdditionalParameters();
 		if (!additionalParameters.containsKey(OidcParameterNames.ID_TOKEN)) {
-			OAuth2Error invalidIdTokenError = new OAuth2Error(
-				INVALID_ID_TOKEN_ERROR_CODE,
-				"Missing (required) ID Token in Token Response for Client Registration: " + clientRegistration.getRegistrationId(),
-				null);
+			OAuth2Error invalidIdTokenError = new OAuth2Error(INVALID_ID_TOKEN_ERROR_CODE,
+					"Missing (required) ID Token in Token Response for Client Registration: "
+							+ clientRegistration.getRegistrationId(),
+					null);
 			throw new OAuth2AuthenticationException(invalidIdTokenError, invalidIdTokenError.toString());
 		}
 		OidcIdToken idToken = createOidcToken(clientRegistration, accessTokenResponse);
@@ -160,7 +175,8 @@ public class OidcAuthorizationCodeAuthenticationProvider implements Authenticati
 			String nonceHash;
 			try {
 				nonceHash = createHash(requestNonce);
-			} catch (NoSuchAlgorithmException e) {
+			}
+			catch (NoSuchAlgorithmException e) {
 				OAuth2Error oauth2Error = new OAuth2Error(INVALID_NONCE_ERROR_CODE);
 				throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
 			}
@@ -171,29 +187,28 @@ public class OidcAuthorizationCodeAuthenticationProvider implements Authenticati
 			}
 		}
 
-		OidcUser oidcUser = this.userService.loadUser(new OidcUserRequest(
-				clientRegistration, accessTokenResponse.getAccessToken(), idToken, additionalParameters));
-		Collection<? extends GrantedAuthority> mappedAuthorities =
-			this.authoritiesMapper.mapAuthorities(oidcUser.getAuthorities());
+		OidcUser oidcUser = this.userService.loadUser(new OidcUserRequest(clientRegistration,
+				accessTokenResponse.getAccessToken(), idToken, additionalParameters));
+		Collection<? extends GrantedAuthority> mappedAuthorities = this.authoritiesMapper
+				.mapAuthorities(oidcUser.getAuthorities());
 
 		OAuth2LoginAuthenticationToken authenticationResult = new OAuth2LoginAuthenticationToken(
-			authorizationCodeAuthentication.getClientRegistration(),
-			authorizationCodeAuthentication.getAuthorizationExchange(),
-			oidcUser,
-			mappedAuthorities,
-			accessTokenResponse.getAccessToken(),
-			accessTokenResponse.getRefreshToken());
+				authorizationCodeAuthentication.getClientRegistration(),
+				authorizationCodeAuthentication.getAuthorizationExchange(), oidcUser, mappedAuthorities,
+				accessTokenResponse.getAccessToken(), accessTokenResponse.getRefreshToken());
 		authenticationResult.setDetails(authorizationCodeAuthentication.getDetails());
 
 		return authenticationResult;
 	}
 
 	/**
-	 * Sets the {@link JwtDecoderFactory} used for {@link OidcIdToken} signature verification.
-	 * The factory returns a {@link JwtDecoder} associated to the provided {@link ClientRegistration}.
+	 * Sets the {@link JwtDecoderFactory} used for {@link OidcIdToken} signature
+	 * verification. The factory returns a {@link JwtDecoder} associated to the provided
+	 * {@link ClientRegistration}.
 	 *
 	 * @since 5.2
-	 * @param jwtDecoderFactory the {@link JwtDecoderFactory} used for {@link OidcIdToken} signature verification
+	 * @param jwtDecoderFactory the {@link JwtDecoderFactory} used for {@link OidcIdToken}
+	 * signature verification
 	 */
 	public final void setJwtDecoderFactory(JwtDecoderFactory<ClientRegistration> jwtDecoderFactory) {
 		Assert.notNull(jwtDecoderFactory, "jwtDecoderFactory cannot be null");
@@ -201,10 +216,11 @@ public class OidcAuthorizationCodeAuthenticationProvider implements Authenticati
 	}
 
 	/**
-	 * Sets the {@link GrantedAuthoritiesMapper} used for mapping {@link OidcUser#getAuthorities()}}
-	 * to a new set of authorities which will be associated to the {@link OAuth2LoginAuthenticationToken}.
-	 *
-	 * @param authoritiesMapper the {@link GrantedAuthoritiesMapper} used for mapping the user's authorities
+	 * Sets the {@link GrantedAuthoritiesMapper} used for mapping
+	 * {@link OidcUser#getAuthorities()}} to a new set of authorities which will be
+	 * associated to the {@link OAuth2LoginAuthenticationToken}.
+	 * @param authoritiesMapper the {@link GrantedAuthoritiesMapper} used for mapping the
+	 * user's authorities
 	 */
 	public final void setAuthoritiesMapper(GrantedAuthoritiesMapper authoritiesMapper) {
 		Assert.notNull(authoritiesMapper, "authoritiesMapper cannot be null");
@@ -216,16 +232,20 @@ public class OidcAuthorizationCodeAuthenticationProvider implements Authenticati
 		return OAuth2LoginAuthenticationToken.class.isAssignableFrom(authentication);
 	}
 
-	private OidcIdToken createOidcToken(ClientRegistration clientRegistration, OAuth2AccessTokenResponse accessTokenResponse) {
+	private OidcIdToken createOidcToken(ClientRegistration clientRegistration,
+			OAuth2AccessTokenResponse accessTokenResponse) {
 		JwtDecoder jwtDecoder = this.jwtDecoderFactory.createDecoder(clientRegistration);
 		Jwt jwt;
 		try {
-			jwt = jwtDecoder.decode((String) accessTokenResponse.getAdditionalParameters().get(OidcParameterNames.ID_TOKEN));
-		} catch (JwtException ex) {
+			jwt = jwtDecoder
+					.decode((String) accessTokenResponse.getAdditionalParameters().get(OidcParameterNames.ID_TOKEN));
+		}
+		catch (JwtException ex) {
 			OAuth2Error invalidIdTokenError = new OAuth2Error(INVALID_ID_TOKEN_ERROR_CODE, ex.getMessage(), null);
 			throw new OAuth2AuthenticationException(invalidIdTokenError, invalidIdTokenError.toString(), ex);
 		}
-		OidcIdToken idToken = new OidcIdToken(jwt.getTokenValue(), jwt.getIssuedAt(), jwt.getExpiresAt(), jwt.getClaims());
+		OidcIdToken idToken = new OidcIdToken(jwt.getTokenValue(), jwt.getIssuedAt(), jwt.getExpiresAt(),
+				jwt.getClaims());
 		return idToken;
 	}
 
@@ -234,4 +254,5 @@ public class OidcAuthorizationCodeAuthenticationProvider implements Authenticati
 		byte[] digest = md.digest(nonce.getBytes(StandardCharsets.US_ASCII));
 		return Base64.getUrlEncoder().withoutPadding().encodeToString(digest);
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManager.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManager.java
index a413dca145..f1b8ef5b19 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManager.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManager.java
@@ -51,18 +51,20 @@ import java.util.Collection;
 import java.util.Map;
 
 /**
- * An implementation of an {@link org.springframework.security.authentication.AuthenticationProvider} for OAuth 2.0 Login,
- * which leverages the OAuth 2.0 Authorization Code Grant Flow.
+ * An implementation of an
+ * {@link org.springframework.security.authentication.AuthenticationProvider} for OAuth
+ * 2.0 Login, which leverages the OAuth 2.0 Authorization Code Grant Flow.
  * <p>
- * This {@link org.springframework.security.authentication.AuthenticationProvider} is responsible for authenticating
- * an Authorization Code credential with the Authorization Server's Token Endpoint
- * and if valid, exchanging it for an Access Token credential.
+ * This {@link org.springframework.security.authentication.AuthenticationProvider} is
+ * responsible for authenticating an Authorization Code credential with the Authorization
+ * Server's Token Endpoint and if valid, exchanging it for an Access Token credential.
  * <p>
- * It will also obtain the user attributes of the End-User (Resource Owner)
- * from the UserInfo Endpoint using an {@link org.springframework.security.oauth2.client.userinfo.OAuth2UserService},
- * which will create a {@code Principal} in the form of an {@link OAuth2User}.
- * The {@code OAuth2User} is then associated to the {@link OAuth2LoginAuthenticationToken}
- * to complete the authentication.
+ * It will also obtain the user attributes of the End-User (Resource Owner) from the
+ * UserInfo Endpoint using an
+ * {@link org.springframework.security.oauth2.client.userinfo.OAuth2UserService}, which
+ * will create a {@code Principal} in the form of an {@link OAuth2User}. The
+ * {@code OAuth2User} is then associated to the {@link OAuth2LoginAuthenticationToken} to
+ * complete the authentication.
  *
  * @author Rob Winch
  * @author Mark Heckler
@@ -72,15 +74,21 @@ import java.util.Map;
  * @see ReactiveOAuth2UserService
  * @see OAuth2User
  * @see ReactiveOidcIdTokenDecoderFactory
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1">Section 4.1 Authorization Code Grant Flow</a>
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1.3">Section 4.1.3 Access Token Request</a>
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1.4">Section 4.1.4 Access Token Response</a>
+ * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1">Section
+ * 4.1 Authorization Code Grant Flow</a>
+ * @see <a target="_blank" href=
+ * "https://tools.ietf.org/html/rfc6749#section-4.1.3">Section 4.1.3 Access Token
+ * Request</a>
+ * @see <a target="_blank" href=
+ * "https://tools.ietf.org/html/rfc6749#section-4.1.4">Section 4.1.4 Access Token
+ * Response</a>
  */
-public class OidcAuthorizationCodeReactiveAuthenticationManager implements
-		ReactiveAuthenticationManager {
+public class OidcAuthorizationCodeReactiveAuthenticationManager implements ReactiveAuthenticationManager {
 
 	private static final String INVALID_STATE_PARAMETER_ERROR_CODE = "invalid_state_parameter";
+
 	private static final String INVALID_ID_TOKEN_ERROR_CODE = "invalid_id_token";
+
 	private static final String INVALID_NONCE_ERROR_CODE = "invalid_nonce";
 
 	private final ReactiveOAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient;
@@ -105,52 +113,57 @@ public class OidcAuthorizationCodeReactiveAuthenticationManager implements
 		return Mono.defer(() -> {
 			OAuth2AuthorizationCodeAuthenticationToken authorizationCodeAuthentication = (OAuth2AuthorizationCodeAuthenticationToken) authentication;
 
-			// Section 3.1.2.1 Authentication Request - https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
-			// scope REQUIRED. OpenID Connect requests MUST contain the "openid" scope value.
-			if (!authorizationCodeAuthentication.getAuthorizationExchange()
-					.getAuthorizationRequest().getScopes().contains("openid")) {
+			// Section 3.1.2.1 Authentication Request -
+			// https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
+			// scope REQUIRED. OpenID Connect requests MUST contain the "openid" scope
+			// value.
+			if (!authorizationCodeAuthentication.getAuthorizationExchange().getAuthorizationRequest().getScopes()
+					.contains("openid")) {
 				// This is an OpenID Connect Authentication Request so return empty
 				// and let OAuth2LoginReactiveAuthenticationManager handle it instead
 				return Mono.empty();
 			}
 
-
-			OAuth2AuthorizationRequest authorizationRequest = authorizationCodeAuthentication
-					.getAuthorizationExchange().getAuthorizationRequest();
+			OAuth2AuthorizationRequest authorizationRequest = authorizationCodeAuthentication.getAuthorizationExchange()
+					.getAuthorizationRequest();
 			OAuth2AuthorizationResponse authorizationResponse = authorizationCodeAuthentication
 					.getAuthorizationExchange().getAuthorizationResponse();
 
 			if (authorizationResponse.statusError()) {
-				return Mono.error(new OAuth2AuthenticationException(
-						authorizationResponse.getError(), authorizationResponse.getError().toString()));
+				return Mono.error(new OAuth2AuthenticationException(authorizationResponse.getError(),
+						authorizationResponse.getError().toString()));
 			}
 
 			if (!authorizationResponse.getState().equals(authorizationRequest.getState())) {
 				OAuth2Error oauth2Error = new OAuth2Error(INVALID_STATE_PARAMETER_ERROR_CODE);
-				return Mono.error(new OAuth2AuthenticationException(
-						oauth2Error, oauth2Error.toString()));
+				return Mono.error(new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString()));
 			}
 
 			OAuth2AuthorizationCodeGrantRequest authzRequest = new OAuth2AuthorizationCodeGrantRequest(
 					authorizationCodeAuthentication.getClientRegistration(),
 					authorizationCodeAuthentication.getAuthorizationExchange());
 
-			return this.accessTokenResponseClient.getTokenResponse(authzRequest)
-					.flatMap(accessTokenResponse -> authenticationResult(authorizationCodeAuthentication, accessTokenResponse))
-					.onErrorMap(OAuth2AuthorizationException.class, e -> new OAuth2AuthenticationException(e.getError(), e.getError().toString()))
+			return this.accessTokenResponseClient.getTokenResponse(authzRequest).flatMap(
+					accessTokenResponse -> authenticationResult(authorizationCodeAuthentication, accessTokenResponse))
+					.onErrorMap(OAuth2AuthorizationException.class,
+							e -> new OAuth2AuthenticationException(e.getError(), e.getError().toString()))
 					.onErrorMap(JwtException.class, e -> {
-						OAuth2Error invalidIdTokenError = new OAuth2Error(INVALID_ID_TOKEN_ERROR_CODE, e.getMessage(), null);
-						return new OAuth2AuthenticationException(invalidIdTokenError, invalidIdTokenError.toString(), e);
+						OAuth2Error invalidIdTokenError = new OAuth2Error(INVALID_ID_TOKEN_ERROR_CODE, e.getMessage(),
+								null);
+						return new OAuth2AuthenticationException(invalidIdTokenError, invalidIdTokenError.toString(),
+								e);
 					});
 		});
 	}
 
 	/**
-	 * Sets the {@link ReactiveJwtDecoderFactory} used for {@link OidcIdToken} signature verification.
-	 * The factory returns a {@link ReactiveJwtDecoder} associated to the provided {@link ClientRegistration}.
+	 * Sets the {@link ReactiveJwtDecoderFactory} used for {@link OidcIdToken} signature
+	 * verification. The factory returns a {@link ReactiveJwtDecoder} associated to the
+	 * provided {@link ClientRegistration}.
 	 *
 	 * @since 5.2
-	 * @param jwtDecoderFactory the {@link ReactiveJwtDecoderFactory} used for {@link OidcIdToken} signature verification
+	 * @param jwtDecoderFactory the {@link ReactiveJwtDecoderFactory} used for
+	 * {@link OidcIdToken} signature verification
 	 */
 	public final void setJwtDecoderFactory(ReactiveJwtDecoderFactory<ClientRegistration> jwtDecoderFactory) {
 		Assert.notNull(jwtDecoderFactory, "jwtDecoderFactory cannot be null");
@@ -158,26 +171,30 @@ public class OidcAuthorizationCodeReactiveAuthenticationManager implements
 	}
 
 	/**
-	 * Sets the {@link GrantedAuthoritiesMapper} used for mapping {@link OidcUser#getAuthorities()}
-	 * to a new set of authorities which will be associated to the {@link OAuth2LoginAuthenticationToken}.
+	 * Sets the {@link GrantedAuthoritiesMapper} used for mapping
+	 * {@link OidcUser#getAuthorities()} to a new set of authorities which will be
+	 * associated to the {@link OAuth2LoginAuthenticationToken}.
 	 *
 	 * @since 5.4
-	 * @param authoritiesMapper the {@link GrantedAuthoritiesMapper} used for mapping the user's authorities
+	 * @param authoritiesMapper the {@link GrantedAuthoritiesMapper} used for mapping the
+	 * user's authorities
 	 */
 	public final void setAuthoritiesMapper(GrantedAuthoritiesMapper authoritiesMapper) {
 		Assert.notNull(authoritiesMapper, "authoritiesMapper cannot be null");
 		this.authoritiesMapper = authoritiesMapper;
 	}
 
-	private Mono<OAuth2LoginAuthenticationToken> authenticationResult(OAuth2AuthorizationCodeAuthenticationToken authorizationCodeAuthentication, OAuth2AccessTokenResponse accessTokenResponse) {
+	private Mono<OAuth2LoginAuthenticationToken> authenticationResult(
+			OAuth2AuthorizationCodeAuthenticationToken authorizationCodeAuthentication,
+			OAuth2AccessTokenResponse accessTokenResponse) {
 		OAuth2AccessToken accessToken = accessTokenResponse.getAccessToken();
 		ClientRegistration clientRegistration = authorizationCodeAuthentication.getClientRegistration();
 		Map<String, Object> additionalParameters = accessTokenResponse.getAdditionalParameters();
 
 		if (!additionalParameters.containsKey(OidcParameterNames.ID_TOKEN)) {
-			OAuth2Error invalidIdTokenError = new OAuth2Error(
-					INVALID_ID_TOKEN_ERROR_CODE,
-					"Missing (required) ID Token in Token Response for Client Registration: " + clientRegistration.getRegistrationId(),
+			OAuth2Error invalidIdTokenError = new OAuth2Error(INVALID_ID_TOKEN_ERROR_CODE,
+					"Missing (required) ID Token in Token Response for Client Registration: "
+							+ clientRegistration.getRegistrationId(),
 					null);
 			return Mono.error(new OAuth2AuthenticationException(invalidIdTokenError, invalidIdTokenError.toString()));
 		}
@@ -185,36 +202,34 @@ public class OidcAuthorizationCodeReactiveAuthenticationManager implements
 		return createOidcToken(clientRegistration, accessTokenResponse)
 				.doOnNext(idToken -> validateNonce(authorizationCodeAuthentication, idToken))
 				.map(idToken -> new OidcUserRequest(clientRegistration, accessToken, idToken, additionalParameters))
-				.flatMap(this.userService::loadUser)
-				.map(oauth2User -> {
-					Collection<? extends GrantedAuthority> mappedAuthorities =
-							this.authoritiesMapper.mapAuthorities(oauth2User.getAuthorities());
+				.flatMap(this.userService::loadUser).map(oauth2User -> {
+					Collection<? extends GrantedAuthority> mappedAuthorities = this.authoritiesMapper
+							.mapAuthorities(oauth2User.getAuthorities());
 
-					return new OAuth2LoginAuthenticationToken(
-							authorizationCodeAuthentication.getClientRegistration(),
-							authorizationCodeAuthentication.getAuthorizationExchange(),
-							oauth2User,
-							mappedAuthorities,
-							accessToken,
-							accessTokenResponse.getRefreshToken());
+					return new OAuth2LoginAuthenticationToken(authorizationCodeAuthentication.getClientRegistration(),
+							authorizationCodeAuthentication.getAuthorizationExchange(), oauth2User, mappedAuthorities,
+							accessToken, accessTokenResponse.getRefreshToken());
 				});
 	}
 
-	private Mono<OidcIdToken> createOidcToken(ClientRegistration clientRegistration, OAuth2AccessTokenResponse accessTokenResponse) {
+	private Mono<OidcIdToken> createOidcToken(ClientRegistration clientRegistration,
+			OAuth2AccessTokenResponse accessTokenResponse) {
 		ReactiveJwtDecoder jwtDecoder = this.jwtDecoderFactory.createDecoder(clientRegistration);
 		String rawIdToken = (String) accessTokenResponse.getAdditionalParameters().get(OidcParameterNames.ID_TOKEN);
-		return jwtDecoder.decode(rawIdToken)
-				.map(jwt -> new OidcIdToken(jwt.getTokenValue(), jwt.getIssuedAt(), jwt.getExpiresAt(), jwt.getClaims()));
+		return jwtDecoder.decode(rawIdToken).map(
+				jwt -> new OidcIdToken(jwt.getTokenValue(), jwt.getIssuedAt(), jwt.getExpiresAt(), jwt.getClaims()));
 	}
 
-	private static Mono<OidcIdToken> validateNonce(OAuth2AuthorizationCodeAuthenticationToken authorizationCodeAuthentication, OidcIdToken idToken) {
-		String requestNonce = authorizationCodeAuthentication.getAuthorizationExchange()
-				.getAuthorizationRequest().getAttribute(OidcParameterNames.NONCE);
+	private static Mono<OidcIdToken> validateNonce(
+			OAuth2AuthorizationCodeAuthenticationToken authorizationCodeAuthentication, OidcIdToken idToken) {
+		String requestNonce = authorizationCodeAuthentication.getAuthorizationExchange().getAuthorizationRequest()
+				.getAttribute(OidcParameterNames.NONCE);
 		if (requestNonce != null) {
 			String nonceHash;
 			try {
 				nonceHash = createHash(requestNonce);
-			} catch (NoSuchAlgorithmException e) {
+			}
+			catch (NoSuchAlgorithmException e) {
 				OAuth2Error oauth2Error = new OAuth2Error(INVALID_NONCE_ERROR_CODE);
 				throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
 			}
@@ -233,4 +248,5 @@ public class OidcAuthorizationCodeReactiveAuthenticationManager implements
 		byte[] digest = md.digest(nonce.getBytes(StandardCharsets.US_ASCII));
 		return Base64.getUrlEncoder().withoutPadding().encodeToString(digest);
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenDecoderFactory.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenDecoderFactory.java
index da51f71d62..10d48ea8e4 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenDecoderFactory.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenDecoderFactory.java
@@ -51,9 +51,9 @@ import static org.springframework.security.oauth2.jwt.NimbusJwtDecoder.withJwkSe
 import static org.springframework.security.oauth2.jwt.NimbusJwtDecoder.withSecretKey;
 
 /**
- * A {@link JwtDecoderFactory factory} that provides a {@link JwtDecoder}
- * used for {@link OidcIdToken} signature verification.
- * The provided {@link JwtDecoder} is associated to a specific {@link ClientRegistration}.
+ * A {@link JwtDecoderFactory factory} that provides a {@link JwtDecoder} used for
+ * {@link OidcIdToken} signature verification. The provided {@link JwtDecoder} is
+ * associated to a specific {@link ClientRegistration}.
  *
  * @author Joe Grandja
  * @author Rafael Dominguez
@@ -64,7 +64,9 @@ import static org.springframework.security.oauth2.jwt.NimbusJwtDecoder.withSecre
  * @see OidcIdToken
  */
 public final class OidcIdTokenDecoderFactory implements JwtDecoderFactory<ClientRegistration> {
+
 	private static final String MISSING_SIGNATURE_VERIFIER_ERROR_CODE = "missing_signature_verifier";
+
 	private static Map<JwsAlgorithm, String> jcaAlgorithmMappings = new HashMap<JwsAlgorithm, String>() {
 		{
 			put(MacAlgorithm.HS256, "HmacSHA256");
@@ -72,18 +74,23 @@ public final class OidcIdTokenDecoderFactory implements JwtDecoderFactory<Client
 			put(MacAlgorithm.HS512, "HmacSHA512");
 		}
 	};
-	private static final Converter<Map<String, Object>, Map<String, Object>> DEFAULT_CLAIM_TYPE_CONVERTER =
-			new ClaimTypeConverter(createDefaultClaimTypeConverters());
+
+	private static final Converter<Map<String, Object>, Map<String, Object>> DEFAULT_CLAIM_TYPE_CONVERTER = new ClaimTypeConverter(
+			createDefaultClaimTypeConverters());
+
 	private final Map<String, JwtDecoder> jwtDecoders = new ConcurrentHashMap<>();
+
 	private Function<ClientRegistration, OAuth2TokenValidator<Jwt>> jwtValidatorFactory = new DefaultOidcIdTokenValidatorFactory();
+
 	private Function<ClientRegistration, JwsAlgorithm> jwsAlgorithmResolver = clientRegistration -> SignatureAlgorithm.RS256;
-	private Function<ClientRegistration, Converter<Map<String, Object>, Map<String, Object>>> claimTypeConverterFactory =
-			clientRegistration -> DEFAULT_CLAIM_TYPE_CONVERTER;
+
+	private Function<ClientRegistration, Converter<Map<String, Object>, Map<String, Object>>> claimTypeConverterFactory = clientRegistration -> DEFAULT_CLAIM_TYPE_CONVERTER;
 
 	/**
-	 * Returns the default {@link Converter}'s used for type conversion of claim values for an {@link OidcIdToken}.
-	 *
-	 * @return a {@link Map} of {@link Converter}'s keyed by {@link IdTokenClaimNames claim name}
+	 * Returns the default {@link Converter}'s used for type conversion of claim values
+	 * for an {@link OidcIdToken}.
+	 * @return a {@link Map} of {@link Converter}'s keyed by {@link IdTokenClaimNames
+	 * claim name}
 	 */
 	public static Map<String, Converter<Object, ?>> createDefaultClaimTypeConverters() {
 		Converter<Object, ?> booleanConverter = getConverter(TypeDescriptor.valueOf(Boolean.class));
@@ -118,8 +125,8 @@ public final class OidcIdTokenDecoderFactory implements JwtDecoderFactory<Client
 		return this.jwtDecoders.computeIfAbsent(clientRegistration.getRegistrationId(), key -> {
 			NimbusJwtDecoder jwtDecoder = buildDecoder(clientRegistration);
 			jwtDecoder.setJwtValidator(this.jwtValidatorFactory.apply(clientRegistration));
-			Converter<Map<String, Object>, Map<String, Object>> claimTypeConverter =
-					this.claimTypeConverterFactory.apply(clientRegistration);
+			Converter<Map<String, Object>, Map<String, Object>> claimTypeConverter = this.claimTypeConverterFactory
+					.apply(clientRegistration);
 			if (claimTypeConverter != null) {
 				jwtDecoder.setClaimSetConverter(claimTypeConverter);
 			}
@@ -134,68 +141,68 @@ public final class OidcIdTokenDecoderFactory implements JwtDecoderFactory<Client
 			//
 			// 6. If the ID Token is received via direct communication between the Client
 			// and the Token Endpoint (which it is in this flow),
-			// the TLS server validation MAY be used to validate the issuer in place of checking the token signature.
-			// The Client MUST validate the signature of all other ID Tokens according to JWS [JWS]
+			// the TLS server validation MAY be used to validate the issuer in place of
+			// checking the token signature.
+			// The Client MUST validate the signature of all other ID Tokens according to
+			// JWS [JWS]
 			// using the algorithm specified in the JWT alg Header Parameter.
 			// The Client MUST use the keys provided by the Issuer.
 			//
-			// 7. The alg value SHOULD be the default of RS256 or the algorithm sent by the Client
+			// 7. The alg value SHOULD be the default of RS256 or the algorithm sent by
+			// the Client
 			// in the id_token_signed_response_alg parameter during Registration.
 
 			String jwkSetUri = clientRegistration.getProviderDetails().getJwkSetUri();
 			if (!StringUtils.hasText(jwkSetUri)) {
-				OAuth2Error oauth2Error = new OAuth2Error(
-						MISSING_SIGNATURE_VERIFIER_ERROR_CODE,
-						"Failed to find a Signature Verifier for Client Registration: '" +
-								clientRegistration.getRegistrationId() +
-								"'. Check to ensure you have configured the JwkSet URI.",
-						null
-				);
+				OAuth2Error oauth2Error = new OAuth2Error(MISSING_SIGNATURE_VERIFIER_ERROR_CODE,
+						"Failed to find a Signature Verifier for Client Registration: '"
+								+ clientRegistration.getRegistrationId()
+								+ "'. Check to ensure you have configured the JwkSet URI.",
+						null);
 				throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
 			}
 			return withJwkSetUri(jwkSetUri).jwsAlgorithm((SignatureAlgorithm) jwsAlgorithm).build();
-		} else if (jwsAlgorithm != null && MacAlgorithm.class.isAssignableFrom(jwsAlgorithm.getClass())) {
+		}
+		else if (jwsAlgorithm != null && MacAlgorithm.class.isAssignableFrom(jwsAlgorithm.getClass())) {
 			// https://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation
 			//
-			// 8. If the JWT alg Header Parameter uses a MAC based algorithm such as HS256, HS384, or HS512,
+			// 8. If the JWT alg Header Parameter uses a MAC based algorithm such as
+			// HS256, HS384, or HS512,
 			// the octets of the UTF-8 representation of the client_secret
 			// corresponding to the client_id contained in the aud (audience) Claim
 			// are used as the key to validate the signature.
-			// For MAC based algorithms, the behavior is unspecified if the aud is multi-valued or
+			// For MAC based algorithms, the behavior is unspecified if the aud is
+			// multi-valued or
 			// if an azp value is present that is different than the aud value.
 
 			String clientSecret = clientRegistration.getClientSecret();
 			if (!StringUtils.hasText(clientSecret)) {
-				OAuth2Error oauth2Error = new OAuth2Error(
-						MISSING_SIGNATURE_VERIFIER_ERROR_CODE,
-						"Failed to find a Signature Verifier for Client Registration: '" +
-								clientRegistration.getRegistrationId() +
-								"'. Check to ensure you have configured the client secret.",
-						null
-				);
+				OAuth2Error oauth2Error = new OAuth2Error(MISSING_SIGNATURE_VERIFIER_ERROR_CODE,
+						"Failed to find a Signature Verifier for Client Registration: '"
+								+ clientRegistration.getRegistrationId()
+								+ "'. Check to ensure you have configured the client secret.",
+						null);
 				throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
 			}
-			SecretKeySpec secretKeySpec = new SecretKeySpec(
-					clientSecret.getBytes(StandardCharsets.UTF_8), jcaAlgorithmMappings.get(jwsAlgorithm));
+			SecretKeySpec secretKeySpec = new SecretKeySpec(clientSecret.getBytes(StandardCharsets.UTF_8),
+					jcaAlgorithmMappings.get(jwsAlgorithm));
 			return withSecretKey(secretKeySpec).macAlgorithm((MacAlgorithm) jwsAlgorithm).build();
 		}
 
-		OAuth2Error oauth2Error = new OAuth2Error(
-				MISSING_SIGNATURE_VERIFIER_ERROR_CODE,
-				"Failed to find a Signature Verifier for Client Registration: '" +
-						clientRegistration.getRegistrationId() +
-						"'. Check to ensure you have configured a valid JWS Algorithm: '" +
-						jwsAlgorithm + "'",
-				null
-		);
+		OAuth2Error oauth2Error = new OAuth2Error(MISSING_SIGNATURE_VERIFIER_ERROR_CODE,
+				"Failed to find a Signature Verifier for Client Registration: '"
+						+ clientRegistration.getRegistrationId()
+						+ "'. Check to ensure you have configured a valid JWS Algorithm: '" + jwsAlgorithm + "'",
+				null);
 		throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
 	}
 
 	/**
-	 * Sets the factory that provides an {@link OAuth2TokenValidator}, which is used by the {@link JwtDecoder}.
-	 * The default composes {@link JwtTimestampValidator} and {@link OidcIdTokenValidator}.
-	 *
-	 * @param jwtValidatorFactory the factory that provides an {@link OAuth2TokenValidator}
+	 * Sets the factory that provides an {@link OAuth2TokenValidator}, which is used by
+	 * the {@link JwtDecoder}. The default composes {@link JwtTimestampValidator} and
+	 * {@link OidcIdTokenValidator}.
+	 * @param jwtValidatorFactory the factory that provides an
+	 * {@link OAuth2TokenValidator}
 	 */
 	public void setJwtValidatorFactory(Function<ClientRegistration, OAuth2TokenValidator<Jwt>> jwtValidatorFactory) {
 		Assert.notNull(jwtValidatorFactory, "jwtValidatorFactory cannot be null");
@@ -204,11 +211,11 @@ public final class OidcIdTokenDecoderFactory implements JwtDecoderFactory<Client
 
 	/**
 	 * Sets the resolver that provides the expected {@link JwsAlgorithm JWS algorithm}
-	 * used for the signature or MAC on the {@link OidcIdToken ID Token}.
-	 * The default resolves to {@link SignatureAlgorithm#RS256 RS256} for all {@link ClientRegistration clients}.
-	 *
-	 * @param jwsAlgorithmResolver the resolver that provides the expected {@link JwsAlgorithm JWS algorithm}
-	 *                             for a specific {@link ClientRegistration client}
+	 * used for the signature or MAC on the {@link OidcIdToken ID Token}. The default
+	 * resolves to {@link SignatureAlgorithm#RS256 RS256} for all
+	 * {@link ClientRegistration clients}.
+	 * @param jwsAlgorithmResolver the resolver that provides the expected
+	 * {@link JwsAlgorithm JWS algorithm} for a specific {@link ClientRegistration client}
 	 */
 	public void setJwsAlgorithmResolver(Function<ClientRegistration, JwsAlgorithm> jwsAlgorithmResolver) {
 		Assert.notNull(jwsAlgorithmResolver, "jwsAlgorithmResolver cannot be null");
@@ -216,14 +223,17 @@ public final class OidcIdTokenDecoderFactory implements JwtDecoderFactory<Client
 	}
 
 	/**
-	 * Sets the factory that provides a {@link Converter} used for type conversion of claim values for an {@link OidcIdToken}.
-	 * The default is {@link ClaimTypeConverter} for all {@link ClientRegistration clients}.
-	 *
-	 * @param claimTypeConverterFactory the factory that provides a {@link Converter} used for type conversion
-	 *                                  of claim values for a specific {@link ClientRegistration client}
+	 * Sets the factory that provides a {@link Converter} used for type conversion of
+	 * claim values for an {@link OidcIdToken}. The default is {@link ClaimTypeConverter}
+	 * for all {@link ClientRegistration clients}.
+	 * @param claimTypeConverterFactory the factory that provides a {@link Converter} used
+	 * for type conversion of claim values for a specific {@link ClientRegistration
+	 * client}
 	 */
-	public void setClaimTypeConverterFactory(Function<ClientRegistration, Converter<Map<String, Object>, Map<String, Object>>> claimTypeConverterFactory) {
+	public void setClaimTypeConverterFactory(
+			Function<ClientRegistration, Converter<Map<String, Object>, Map<String, Object>>> claimTypeConverterFactory) {
 		Assert.notNull(claimTypeConverterFactory, "claimTypeConverterFactory cannot be null");
 		this.claimTypeConverterFactory = claimTypeConverterFactory;
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenValidator.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenValidator.java
index 03ae739a7b..21a80d8b14 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenValidator.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenValidator.java
@@ -36,20 +36,26 @@ import java.util.Map;
 import java.util.Objects;
 
 /**
- * An {@link OAuth2TokenValidator} responsible for
- * validating the claims in an {@link OidcIdToken ID Token}.
+ * An {@link OAuth2TokenValidator} responsible for validating the claims in an
+ * {@link OidcIdToken ID Token}.
  *
  * @author Rob Winch
  * @author Joe Grandja
  * @since 5.1
  * @see OAuth2TokenValidator
  * @see Jwt
- * @see <a target="_blank" href="https://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation">ID Token Validation</a>
+ * @see <a target="_blank" href=
+ * "https://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation">ID Token
+ * Validation</a>
  */
 public final class OidcIdTokenValidator implements OAuth2TokenValidator<Jwt> {
+
 	private static final Duration DEFAULT_CLOCK_SKEW = Duration.ofSeconds(60);
+
 	private final ClientRegistration clientRegistration;
+
 	private Duration clockSkew = DEFAULT_CLOCK_SKEW;
+
 	private Clock clock = Clock.systemUTC();
 
 	public OidcIdTokenValidator(ClientRegistration clientRegistration) {
@@ -59,7 +65,7 @@ public final class OidcIdTokenValidator implements OAuth2TokenValidator<Jwt> {
 
 	@Override
 	public OAuth2TokenValidatorResult validate(Jwt idToken) {
-		// 3.1.3.7  ID Token Validation
+		// 3.1.3.7 ID Token Validation
 		// https://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation
 
 		Map<String, Object> invalidClaims = validateRequiredClaims(idToken);
@@ -67,7 +73,8 @@ public final class OidcIdTokenValidator implements OAuth2TokenValidator<Jwt> {
 			return OAuth2TokenValidatorResult.failure(invalidIdToken(invalidClaims));
 		}
 
-		// 2. The Issuer Identifier for the OpenID Provider (which is typically obtained during Discovery)
+		// 2. The Issuer Identifier for the OpenID Provider (which is typically obtained
+		// during Discovery)
 		// MUST exactly match the value of the iss (issuer) Claim.
 		String metadataIssuer = this.clientRegistration.getProviderDetails().getIssuerUri();
 
@@ -75,10 +82,12 @@ public final class OidcIdTokenValidator implements OAuth2TokenValidator<Jwt> {
 			invalidClaims.put(IdTokenClaimNames.ISS, idToken.getIssuer());
 		}
 
-		// 3. The Client MUST validate that the aud (audience) Claim contains its client_id value
+		// 3. The Client MUST validate that the aud (audience) Claim contains its
+		// client_id value
 		// registered at the Issuer identified by the iss (issuer) Claim as an audience.
 		// The aud (audience) Claim MAY contain an array with more than one element.
-		// The ID Token MUST be rejected if the ID Token does not list the Client as a valid audience,
+		// The ID Token MUST be rejected if the ID Token does not list the Client as a
+		// valid audience,
 		// or if it contains additional audiences not trusted by the Client.
 		if (!idToken.getAudience().contains(this.clientRegistration.getClientId())) {
 			invalidClaims.put(IdTokenClaimNames.AUD, idToken.getAudience());
@@ -97,7 +106,8 @@ public final class OidcIdTokenValidator implements OAuth2TokenValidator<Jwt> {
 			invalidClaims.put(IdTokenClaimNames.AZP, authorizedParty);
 		}
 
-		// 7. The alg value SHOULD be the default of RS256 or the algorithm sent by the Client
+		// 7. The alg value SHOULD be the default of RS256 or the algorithm sent by the
+		// Client
 		// in the id_token_signed_response_alg parameter during Registration.
 		// TODO Depends on gh-4413
 
@@ -107,7 +117,8 @@ public final class OidcIdTokenValidator implements OAuth2TokenValidator<Jwt> {
 			invalidClaims.put(IdTokenClaimNames.EXP, idToken.getExpiresAt());
 		}
 
-		// 10. The iat Claim can be used to reject tokens that were issued too far away from the current time,
+		// 10. The iat Claim can be used to reject tokens that were issued too far away
+		// from the current time,
 		// limiting the amount of time that nonces need to be stored to prevent attacks.
 		// The acceptable range is Client specific.
 		if (now.plus(this.clockSkew).isBefore(idToken.getIssuedAt())) {
@@ -122,9 +133,9 @@ public final class OidcIdTokenValidator implements OAuth2TokenValidator<Jwt> {
 	}
 
 	/**
-	 * Sets the maximum acceptable clock skew. The default is 60 seconds.
-	 * The clock skew is used when validating the {@link JwtClaimNames#EXP exp}
-	 * and {@link JwtClaimNames#IAT iat} claims.
+	 * Sets the maximum acceptable clock skew. The default is 60 seconds. The clock skew
+	 * is used when validating the {@link JwtClaimNames#EXP exp} and
+	 * {@link JwtClaimNames#IAT iat} claims.
 	 *
 	 * @since 5.2
 	 * @param clockSkew the maximum acceptable clock skew
@@ -136,9 +147,8 @@ public final class OidcIdTokenValidator implements OAuth2TokenValidator<Jwt> {
 	}
 
 	/**
-	 * Sets the {@link Clock} used in {@link Instant#now(Clock)}
-	 * when validating the {@link JwtClaimNames#EXP exp}
-	 * and {@link JwtClaimNames#IAT iat} claims.
+	 * Sets the {@link Clock} used in {@link Instant#now(Clock)} when validating the
+	 * {@link JwtClaimNames#EXP exp} and {@link JwtClaimNames#IAT iat} claims.
 	 *
 	 * @since 5.3
 	 * @param clock the clock
@@ -149,8 +159,7 @@ public final class OidcIdTokenValidator implements OAuth2TokenValidator<Jwt> {
 	}
 
 	private static OAuth2Error invalidIdToken(Map<String, Object> invalidClaims) {
-		return new OAuth2Error("invalid_id_token",
-				"The ID Token contains invalid claims: " + invalidClaims,
+		return new OAuth2Error("invalid_id_token", "The ID Token contains invalid claims: " + invalidClaims,
 				"https://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation");
 	}
 
@@ -180,4 +189,5 @@ public final class OidcIdTokenValidator implements OAuth2TokenValidator<Jwt> {
 
 		return requiredClaims;
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/ReactiveOidcIdTokenDecoderFactory.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/ReactiveOidcIdTokenDecoderFactory.java
index 6661efb7ed..c4421c1fbf 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/ReactiveOidcIdTokenDecoderFactory.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/ReactiveOidcIdTokenDecoderFactory.java
@@ -52,8 +52,8 @@ import static org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder.w
 
 /**
  * A {@link ReactiveJwtDecoderFactory factory} that provides a {@link ReactiveJwtDecoder}
- * used for {@link OidcIdToken} signature verification.
- * The provided {@link ReactiveJwtDecoder} is associated to a specific {@link ClientRegistration}.
+ * used for {@link OidcIdToken} signature verification. The provided
+ * {@link ReactiveJwtDecoder} is associated to a specific {@link ClientRegistration}.
  *
  * @author Joe Grandja
  * @author Rafael Dominguez
@@ -64,7 +64,9 @@ import static org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder.w
  * @see OidcIdToken
  */
 public final class ReactiveOidcIdTokenDecoderFactory implements ReactiveJwtDecoderFactory<ClientRegistration> {
+
 	private static final String MISSING_SIGNATURE_VERIFIER_ERROR_CODE = "missing_signature_verifier";
+
 	private static Map<JwsAlgorithm, String> jcaAlgorithmMappings = new HashMap<JwsAlgorithm, String>() {
 		{
 			put(MacAlgorithm.HS256, "HmacSHA256");
@@ -72,18 +74,23 @@ public final class ReactiveOidcIdTokenDecoderFactory implements ReactiveJwtDecod
 			put(MacAlgorithm.HS512, "HmacSHA512");
 		}
 	};
-	private static final Converter<Map<String, Object>, Map<String, Object>> DEFAULT_CLAIM_TYPE_CONVERTER =
-			new ClaimTypeConverter(createDefaultClaimTypeConverters());
+
+	private static final Converter<Map<String, Object>, Map<String, Object>> DEFAULT_CLAIM_TYPE_CONVERTER = new ClaimTypeConverter(
+			createDefaultClaimTypeConverters());
+
 	private final Map<String, ReactiveJwtDecoder> jwtDecoders = new ConcurrentHashMap<>();
+
 	private Function<ClientRegistration, OAuth2TokenValidator<Jwt>> jwtValidatorFactory = new DefaultOidcIdTokenValidatorFactory();
+
 	private Function<ClientRegistration, JwsAlgorithm> jwsAlgorithmResolver = clientRegistration -> SignatureAlgorithm.RS256;
-	private Function<ClientRegistration, Converter<Map<String, Object>, Map<String, Object>>> claimTypeConverterFactory =
-			clientRegistration -> DEFAULT_CLAIM_TYPE_CONVERTER;
+
+	private Function<ClientRegistration, Converter<Map<String, Object>, Map<String, Object>>> claimTypeConverterFactory = clientRegistration -> DEFAULT_CLAIM_TYPE_CONVERTER;
 
 	/**
-	 * Returns the default {@link Converter}'s used for type conversion of claim values for an {@link OidcIdToken}.
-	 *
-	 * @return a {@link Map} of {@link Converter}'s keyed by {@link IdTokenClaimNames claim name}
+	 * Returns the default {@link Converter}'s used for type conversion of claim values
+	 * for an {@link OidcIdToken}.
+	 * @return a {@link Map} of {@link Converter}'s keyed by {@link IdTokenClaimNames
+	 * claim name}
 	 */
 	public static Map<String, Converter<Object, ?>> createDefaultClaimTypeConverters() {
 		Converter<Object, ?> booleanConverter = getConverter(TypeDescriptor.valueOf(Boolean.class));
@@ -118,8 +125,8 @@ public final class ReactiveOidcIdTokenDecoderFactory implements ReactiveJwtDecod
 		return this.jwtDecoders.computeIfAbsent(clientRegistration.getRegistrationId(), key -> {
 			NimbusReactiveJwtDecoder jwtDecoder = buildDecoder(clientRegistration);
 			jwtDecoder.setJwtValidator(this.jwtValidatorFactory.apply(clientRegistration));
-			Converter<Map<String, Object>, Map<String, Object>> claimTypeConverter =
-					this.claimTypeConverterFactory.apply(clientRegistration);
+			Converter<Map<String, Object>, Map<String, Object>> claimTypeConverter = this.claimTypeConverterFactory
+					.apply(clientRegistration);
 			if (claimTypeConverter != null) {
 				jwtDecoder.setClaimSetConverter(claimTypeConverter);
 			}
@@ -134,68 +141,68 @@ public final class ReactiveOidcIdTokenDecoderFactory implements ReactiveJwtDecod
 			//
 			// 6. If the ID Token is received via direct communication between the Client
 			// and the Token Endpoint (which it is in this flow),
-			// the TLS server validation MAY be used to validate the issuer in place of checking the token signature.
-			// The Client MUST validate the signature of all other ID Tokens according to JWS [JWS]
+			// the TLS server validation MAY be used to validate the issuer in place of
+			// checking the token signature.
+			// The Client MUST validate the signature of all other ID Tokens according to
+			// JWS [JWS]
 			// using the algorithm specified in the JWT alg Header Parameter.
 			// The Client MUST use the keys provided by the Issuer.
 			//
-			// 7. The alg value SHOULD be the default of RS256 or the algorithm sent by the Client
+			// 7. The alg value SHOULD be the default of RS256 or the algorithm sent by
+			// the Client
 			// in the id_token_signed_response_alg parameter during Registration.
 
 			String jwkSetUri = clientRegistration.getProviderDetails().getJwkSetUri();
 			if (!StringUtils.hasText(jwkSetUri)) {
-				OAuth2Error oauth2Error = new OAuth2Error(
-						MISSING_SIGNATURE_VERIFIER_ERROR_CODE,
-						"Failed to find a Signature Verifier for Client Registration: '" +
-								clientRegistration.getRegistrationId() +
-								"'. Check to ensure you have configured the JwkSet URI.",
-						null
-				);
+				OAuth2Error oauth2Error = new OAuth2Error(MISSING_SIGNATURE_VERIFIER_ERROR_CODE,
+						"Failed to find a Signature Verifier for Client Registration: '"
+								+ clientRegistration.getRegistrationId()
+								+ "'. Check to ensure you have configured the JwkSet URI.",
+						null);
 				throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
 			}
 			return withJwkSetUri(jwkSetUri).jwsAlgorithm((SignatureAlgorithm) jwsAlgorithm).build();
-		} else if (jwsAlgorithm != null && MacAlgorithm.class.isAssignableFrom(jwsAlgorithm.getClass())) {
+		}
+		else if (jwsAlgorithm != null && MacAlgorithm.class.isAssignableFrom(jwsAlgorithm.getClass())) {
 			// https://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation
 			//
-			// 8. If the JWT alg Header Parameter uses a MAC based algorithm such as HS256, HS384, or HS512,
+			// 8. If the JWT alg Header Parameter uses a MAC based algorithm such as
+			// HS256, HS384, or HS512,
 			// the octets of the UTF-8 representation of the client_secret
 			// corresponding to the client_id contained in the aud (audience) Claim
 			// are used as the key to validate the signature.
-			// For MAC based algorithms, the behavior is unspecified if the aud is multi-valued or
+			// For MAC based algorithms, the behavior is unspecified if the aud is
+			// multi-valued or
 			// if an azp value is present that is different than the aud value.
 
 			String clientSecret = clientRegistration.getClientSecret();
 			if (!StringUtils.hasText(clientSecret)) {
-				OAuth2Error oauth2Error = new OAuth2Error(
-						MISSING_SIGNATURE_VERIFIER_ERROR_CODE,
-						"Failed to find a Signature Verifier for Client Registration: '" +
-								clientRegistration.getRegistrationId() +
-								"'. Check to ensure you have configured the client secret.",
-						null
-				);
+				OAuth2Error oauth2Error = new OAuth2Error(MISSING_SIGNATURE_VERIFIER_ERROR_CODE,
+						"Failed to find a Signature Verifier for Client Registration: '"
+								+ clientRegistration.getRegistrationId()
+								+ "'. Check to ensure you have configured the client secret.",
+						null);
 				throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
 			}
-			SecretKeySpec secretKeySpec = new SecretKeySpec(
-					clientSecret.getBytes(StandardCharsets.UTF_8), jcaAlgorithmMappings.get(jwsAlgorithm));
+			SecretKeySpec secretKeySpec = new SecretKeySpec(clientSecret.getBytes(StandardCharsets.UTF_8),
+					jcaAlgorithmMappings.get(jwsAlgorithm));
 			return withSecretKey(secretKeySpec).macAlgorithm((MacAlgorithm) jwsAlgorithm).build();
 		}
 
-		OAuth2Error oauth2Error = new OAuth2Error(
-				MISSING_SIGNATURE_VERIFIER_ERROR_CODE,
-				"Failed to find a Signature Verifier for Client Registration: '" +
-						clientRegistration.getRegistrationId() +
-						"'. Check to ensure you have configured a valid JWS Algorithm: '" +
-						jwsAlgorithm + "'",
-				null
-		);
+		OAuth2Error oauth2Error = new OAuth2Error(MISSING_SIGNATURE_VERIFIER_ERROR_CODE,
+				"Failed to find a Signature Verifier for Client Registration: '"
+						+ clientRegistration.getRegistrationId()
+						+ "'. Check to ensure you have configured a valid JWS Algorithm: '" + jwsAlgorithm + "'",
+				null);
 		throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
 	}
 
 	/**
-	 * Sets the factory that provides an {@link OAuth2TokenValidator}, which is used by the {@link ReactiveJwtDecoder}.
-	 * The default composes {@link JwtTimestampValidator} and {@link OidcIdTokenValidator}.
-	 *
-	 * @param jwtValidatorFactory the factory that provides an {@link OAuth2TokenValidator}
+	 * Sets the factory that provides an {@link OAuth2TokenValidator}, which is used by
+	 * the {@link ReactiveJwtDecoder}. The default composes {@link JwtTimestampValidator}
+	 * and {@link OidcIdTokenValidator}.
+	 * @param jwtValidatorFactory the factory that provides an
+	 * {@link OAuth2TokenValidator}
 	 */
 	public void setJwtValidatorFactory(Function<ClientRegistration, OAuth2TokenValidator<Jwt>> jwtValidatorFactory) {
 		Assert.notNull(jwtValidatorFactory, "jwtValidatorFactory cannot be null");
@@ -204,11 +211,11 @@ public final class ReactiveOidcIdTokenDecoderFactory implements ReactiveJwtDecod
 
 	/**
 	 * Sets the resolver that provides the expected {@link JwsAlgorithm JWS algorithm}
-	 * used for the signature or MAC on the {@link OidcIdToken ID Token}.
-	 * The default resolves to {@link SignatureAlgorithm#RS256 RS256} for all {@link ClientRegistration clients}.
-	 *
-	 * @param jwsAlgorithmResolver the resolver that provides the expected {@link JwsAlgorithm JWS algorithm}
-	 *                             for a specific {@link ClientRegistration client}
+	 * used for the signature or MAC on the {@link OidcIdToken ID Token}. The default
+	 * resolves to {@link SignatureAlgorithm#RS256 RS256} for all
+	 * {@link ClientRegistration clients}.
+	 * @param jwsAlgorithmResolver the resolver that provides the expected
+	 * {@link JwsAlgorithm JWS algorithm} for a specific {@link ClientRegistration client}
 	 */
 	public void setJwsAlgorithmResolver(Function<ClientRegistration, JwsAlgorithm> jwsAlgorithmResolver) {
 		Assert.notNull(jwsAlgorithmResolver, "jwsAlgorithmResolver cannot be null");
@@ -216,14 +223,17 @@ public final class ReactiveOidcIdTokenDecoderFactory implements ReactiveJwtDecod
 	}
 
 	/**
-	 * Sets the factory that provides a {@link Converter} used for type conversion of claim values for an {@link OidcIdToken}.
-	 * The default is {@link ClaimTypeConverter} for all {@link ClientRegistration clients}.
-	 *
-	 * @param claimTypeConverterFactory the factory that provides a {@link Converter} used for type conversion
-	 *                                  of claim values for a specific {@link ClientRegistration client}
+	 * Sets the factory that provides a {@link Converter} used for type conversion of
+	 * claim values for an {@link OidcIdToken}. The default is {@link ClaimTypeConverter}
+	 * for all {@link ClientRegistration clients}.
+	 * @param claimTypeConverterFactory the factory that provides a {@link Converter} used
+	 * for type conversion of claim values for a specific {@link ClientRegistration
+	 * client}
 	 */
-	public void setClaimTypeConverterFactory(Function<ClientRegistration, Converter<Map<String, Object>, Map<String, Object>>> claimTypeConverterFactory) {
+	public void setClaimTypeConverterFactory(
+			Function<ClientRegistration, Converter<Map<String, Object>, Map<String, Object>>> claimTypeConverterFactory) {
 		Assert.notNull(claimTypeConverterFactory, "claimTypeConverterFactory cannot be null");
 		this.claimTypeConverterFactory = claimTypeConverterFactory;
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/package-info.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/package-info.java
index 6e60be59e7..04db3acbee 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/package-info.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/package-info.java
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 /**
- * Support classes and interfaces for authenticating and authorizing a client
- * with an OpenID Connect 1.0 Provider using a specific authorization grant flow.
+ * Support classes and interfaces for authenticating and authorizing a client with an
+ * OpenID Connect 1.0 Provider using a specific authorization grant flow.
  */
 package org.springframework.security.oauth2.client.oidc.authentication;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcReactiveOAuth2UserService.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcReactiveOAuth2UserService.java
index 5893d799d8..713c696f3d 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcReactiveOAuth2UserService.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcReactiveOAuth2UserService.java
@@ -46,7 +46,8 @@ import java.util.Set;
 import java.util.function.Function;
 
 /**
- * An implementation of an {@link ReactiveOAuth2UserService} that supports OpenID Connect 1.0 Provider's.
+ * An implementation of an {@link ReactiveOAuth2UserService} that supports OpenID Connect
+ * 1.0 Provider's.
  *
  * @author Rob Winch
  * @since 5.1
@@ -56,24 +57,24 @@ import java.util.function.Function;
  * @see DefaultOidcUser
  * @see OidcUserInfo
  */
-public class OidcReactiveOAuth2UserService implements
-		ReactiveOAuth2UserService<OidcUserRequest, OidcUser> {
+public class OidcReactiveOAuth2UserService implements ReactiveOAuth2UserService<OidcUserRequest, OidcUser> {
 
 	private static final String INVALID_USER_INFO_RESPONSE_ERROR_CODE = "invalid_user_info_response";
 
-	private static final Converter<Map<String, Object>, Map<String, Object>> DEFAULT_CLAIM_TYPE_CONVERTER =
-			new ClaimTypeConverter(createDefaultClaimTypeConverters());
+	private static final Converter<Map<String, Object>, Map<String, Object>> DEFAULT_CLAIM_TYPE_CONVERTER = new ClaimTypeConverter(
+			createDefaultClaimTypeConverters());
 
 	private ReactiveOAuth2UserService<OAuth2UserRequest, OAuth2User> oauth2UserService = new DefaultReactiveOAuth2UserService();
 
-	private Function<ClientRegistration, Converter<Map<String, Object>, Map<String, Object>>> claimTypeConverterFactory =
-			clientRegistration -> DEFAULT_CLAIM_TYPE_CONVERTER;
+	private Function<ClientRegistration, Converter<Map<String, Object>, Map<String, Object>>> claimTypeConverterFactory = clientRegistration -> DEFAULT_CLAIM_TYPE_CONVERTER;
 
 	/**
-	 * Returns the default {@link Converter}'s used for type conversion of claim values for an {@link OidcUserInfo}.
-
+	 * Returns the default {@link Converter}'s used for type conversion of claim values
+	 * for an {@link OidcUserInfo}.
+	 *
 	 * @since 5.2
-	 * @return a {@link Map} of {@link Converter}'s keyed by {@link StandardClaimNames claim name}
+	 * @return a {@link Map} of {@link Converter}'s keyed by {@link StandardClaimNames
+	 * claim name}
 	 */
 	public static Map<String, Converter<Object, ?>> createDefaultClaimTypeConverters() {
 		Converter<Object, ?> booleanConverter = getConverter(TypeDescriptor.valueOf(Boolean.class));
@@ -94,25 +95,25 @@ public class OidcReactiveOAuth2UserService implements
 	@Override
 	public Mono<OidcUser> loadUser(OidcUserRequest userRequest) throws OAuth2AuthenticationException {
 		Assert.notNull(userRequest, "userRequest cannot be null");
-		return getUserInfo(userRequest)
-			.map(userInfo -> new OidcUserAuthority(userRequest.getIdToken(), userInfo))
-			.defaultIfEmpty(new OidcUserAuthority(userRequest.getIdToken(), null))
-			.map(authority -> {
-				OidcUserInfo userInfo = authority.getUserInfo();
-				Set<GrantedAuthority> authorities = new HashSet<>();
-				authorities.add(authority);
-				OAuth2AccessToken token = userRequest.getAccessToken();
-				for (String scope : token.getScopes()) {
-					authorities.add(new SimpleGrantedAuthority("SCOPE_" + scope));
-				}
-				String userNameAttributeName = userRequest.getClientRegistration()
-							.getProviderDetails().getUserInfoEndpoint().getUserNameAttributeName();
-				if (StringUtils.hasText(userNameAttributeName)) {
-					return new DefaultOidcUser(authorities, userRequest.getIdToken(), userInfo, userNameAttributeName);
-				} else {
-					return new DefaultOidcUser(authorities, userRequest.getIdToken(), userInfo);
-				}
-			});
+		return getUserInfo(userRequest).map(userInfo -> new OidcUserAuthority(userRequest.getIdToken(), userInfo))
+				.defaultIfEmpty(new OidcUserAuthority(userRequest.getIdToken(), null)).map(authority -> {
+					OidcUserInfo userInfo = authority.getUserInfo();
+					Set<GrantedAuthority> authorities = new HashSet<>();
+					authorities.add(authority);
+					OAuth2AccessToken token = userRequest.getAccessToken();
+					for (String scope : token.getScopes()) {
+						authorities.add(new SimpleGrantedAuthority("SCOPE_" + scope));
+					}
+					String userNameAttributeName = userRequest.getClientRegistration().getProviderDetails()
+							.getUserInfoEndpoint().getUserNameAttributeName();
+					if (StringUtils.hasText(userNameAttributeName)) {
+						return new DefaultOidcUser(authorities, userRequest.getIdToken(), userInfo,
+								userNameAttributeName);
+					}
+					else {
+						return new DefaultOidcUser(authorities, userRequest.getIdToken(), userInfo);
+					}
+				});
 	}
 
 	private Mono<OidcUserInfo> getUserInfo(OidcUserRequest userRequest) {
@@ -120,25 +121,22 @@ public class OidcReactiveOAuth2UserService implements
 			return Mono.empty();
 		}
 
-		return this.oauth2UserService.loadUser(userRequest)
-			.map(OAuth2User::getAttributes)
-			.map(claims -> convertClaims(claims, userRequest.getClientRegistration()))
-			.map(OidcUserInfo::new)
-			.doOnNext(userInfo -> {
-				String subject = userInfo.getSubject();
-				if (subject == null || !subject.equals(userRequest.getIdToken().getSubject())) {
-					OAuth2Error oauth2Error = new OAuth2Error(INVALID_USER_INFO_RESPONSE_ERROR_CODE);
-					throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
-				}
-			});
+		return this.oauth2UserService.loadUser(userRequest).map(OAuth2User::getAttributes)
+				.map(claims -> convertClaims(claims, userRequest.getClientRegistration())).map(OidcUserInfo::new)
+				.doOnNext(userInfo -> {
+					String subject = userInfo.getSubject();
+					if (subject == null || !subject.equals(userRequest.getIdToken().getSubject())) {
+						OAuth2Error oauth2Error = new OAuth2Error(INVALID_USER_INFO_RESPONSE_ERROR_CODE);
+						throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
+					}
+				});
 	}
 
 	private Map<String, Object> convertClaims(Map<String, Object> claims, ClientRegistration clientRegistration) {
-		Converter<Map<String, Object>, Map<String, Object>> claimTypeConverter =
-				this.claimTypeConverterFactory.apply(clientRegistration);
-		return claimTypeConverter != null ?
-				claimTypeConverter.convert(claims) :
-				DEFAULT_CLAIM_TYPE_CONVERTER.convert(claims);
+		Converter<Map<String, Object>, Map<String, Object>> claimTypeConverter = this.claimTypeConverterFactory
+				.apply(clientRegistration);
+		return claimTypeConverter != null ? claimTypeConverter.convert(claims)
+				: DEFAULT_CLAIM_TYPE_CONVERTER.convert(claims);
 	}
 
 	public void setOauth2UserService(ReactiveOAuth2UserService<OAuth2UserRequest, OAuth2User> oauth2UserService) {
@@ -147,15 +145,19 @@ public class OidcReactiveOAuth2UserService implements
 	}
 
 	/**
-	 * Sets the factory that provides a {@link Converter} used for type conversion of claim values for an {@link OidcUserInfo}.
-	 * The default is {@link ClaimTypeConverter} for all {@link ClientRegistration clients}.
+	 * Sets the factory that provides a {@link Converter} used for type conversion of
+	 * claim values for an {@link OidcUserInfo}. The default is {@link ClaimTypeConverter}
+	 * for all {@link ClientRegistration clients}.
 	 *
 	 * @since 5.2
-	 * @param claimTypeConverterFactory the factory that provides a {@link Converter} used for type conversion
-	 *                                  of claim values for a specific {@link ClientRegistration client}
+	 * @param claimTypeConverterFactory the factory that provides a {@link Converter} used
+	 * for type conversion of claim values for a specific {@link ClientRegistration
+	 * client}
 	 */
-	public final void setClaimTypeConverterFactory(Function<ClientRegistration, Converter<Map<String, Object>, Map<String, Object>>> claimTypeConverterFactory) {
+	public final void setClaimTypeConverterFactory(
+			Function<ClientRegistration, Converter<Map<String, Object>, Map<String, Object>>> claimTypeConverterFactory) {
 		Assert.notNull(claimTypeConverterFactory, "claimTypeConverterFactory cannot be null");
 		this.claimTypeConverterFactory = claimTypeConverterFactory;
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequest.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequest.java
index ce8c52d8c4..33f4c4a004 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequest.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequest.java
@@ -25,8 +25,8 @@ import java.util.Collections;
 import java.util.Map;
 
 /**
- * Represents a request the {@link OidcUserService} uses
- * when initiating a request to the UserInfo Endpoint.
+ * Represents a request the {@link OidcUserService} uses when initiating a request to the
+ * UserInfo Endpoint.
  *
  * @author Joe Grandja
  * @since 5.0
@@ -36,17 +36,16 @@ import java.util.Map;
  * @see OidcUserService
  */
 public class OidcUserRequest extends OAuth2UserRequest {
+
 	private final OidcIdToken idToken;
 
 	/**
 	 * Constructs an {@code OidcUserRequest} using the provided parameters.
-	 *
 	 * @param clientRegistration the client registration
 	 * @param accessToken the access token credential
 	 * @param idToken the ID Token
 	 */
-	public OidcUserRequest(ClientRegistration clientRegistration,
-							OAuth2AccessToken accessToken, OidcIdToken idToken) {
+	public OidcUserRequest(ClientRegistration clientRegistration, OAuth2AccessToken accessToken, OidcIdToken idToken) {
 
 		this(clientRegistration, accessToken, idToken, Collections.emptyMap());
 	}
@@ -60,8 +59,8 @@ public class OidcUserRequest extends OAuth2UserRequest {
 	 * @param idToken the ID Token
 	 * @param additionalParameters the additional parameters, may be empty
 	 */
-	public OidcUserRequest(ClientRegistration clientRegistration, OAuth2AccessToken accessToken,
-							OidcIdToken idToken, Map<String, Object> additionalParameters) {
+	public OidcUserRequest(ClientRegistration clientRegistration, OAuth2AccessToken accessToken, OidcIdToken idToken,
+			Map<String, Object> additionalParameters) {
 
 		super(clientRegistration, accessToken, additionalParameters);
 		Assert.notNull(idToken, "idToken cannot be null");
@@ -70,10 +69,10 @@ public class OidcUserRequest extends OAuth2UserRequest {
 
 	/**
 	 * Returns the {@link OidcIdToken ID Token} containing claims about the user.
-	 *
 	 * @return the {@link OidcIdToken} containing claims about the user.
 	 */
 	public OidcIdToken getIdToken() {
 		return this.idToken;
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestUtils.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestUtils.java
index 5a7787d351..6045a44fa9 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestUtils.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestUtils.java
@@ -30,13 +30,14 @@ import org.springframework.util.StringUtils;
 final class OidcUserRequestUtils {
 
 	/**
-	 * Determines if an {@link OidcUserRequest} should attempt to retrieve the user info endpoint. Will return true if
-	 * all of the following are true:
+	 * Determines if an {@link OidcUserRequest} should attempt to retrieve the user info
+	 * endpoint. Will return true if all of the following are true:
 	 *
 	 * <ul>
-	 *     <li>The user info endpoint is defined on the ClientRegistration</li>
-	 *     <li>The Client Registration uses the {@link AuthorizationGrantType#AUTHORIZATION_CODE} and scopes in the
-	 *       access token are defined in the {@link ClientRegistration}</li>
+	 * <li>The user info endpoint is defined on the ClientRegistration</li>
+	 * <li>The Client Registration uses the
+	 * {@link AuthorizationGrantType#AUTHORIZATION_CODE} and scopes in the access token
+	 * are defined in the {@link ClientRegistration}</li>
 	 * </ul>
 	 * @param userRequest
 	 * @return
@@ -44,27 +45,32 @@ final class OidcUserRequestUtils {
 	static boolean shouldRetrieveUserInfo(OidcUserRequest userRequest) {
 		// Auto-disabled if UserInfo Endpoint URI is not provided
 		ClientRegistration clientRegistration = userRequest.getClientRegistration();
-		if (StringUtils.isEmpty(clientRegistration.getProviderDetails()
-				.getUserInfoEndpoint().getUri())) {
+		if (StringUtils.isEmpty(clientRegistration.getProviderDetails().getUserInfoEndpoint().getUri())) {
 
 			return false;
 		}
 
 		// The Claims requested by the profile, email, address, and phone scope values
 		// are returned from the UserInfo Endpoint (as described in Section 5.3.2),
-		// when a response_type value is used that results in an Access Token being issued.
-		// However, when no Access Token is issued, which is the case for the response_type=id_token,
+		// when a response_type value is used that results in an Access Token being
+		// issued.
+		// However, when no Access Token is issued, which is the case for the
+		// response_type=id_token,
 		// the resulting Claims are returned in the ID Token.
-		// The Authorization Code Grant Flow, which is response_type=code, results in an Access Token being issued.
+		// The Authorization Code Grant Flow, which is response_type=code, results in an
+		// Access Token being issued.
 		if (AuthorizationGrantType.AUTHORIZATION_CODE.equals(clientRegistration.getAuthorizationGrantType())) {
 
-			// Return true if there is at least one match between the authorized scope(s) and UserInfo scope(s)
-			return CollectionUtils
-					.containsAny(userRequest.getAccessToken().getScopes(), userRequest.getClientRegistration().getScopes());
+			// Return true if there is at least one match between the authorized scope(s)
+			// and UserInfo scope(s)
+			return CollectionUtils.containsAny(userRequest.getAccessToken().getScopes(),
+					userRequest.getClientRegistration().getScopes());
 		}
 
 		return false;
 	}
 
-	private OidcUserRequestUtils() {}
+	private OidcUserRequestUtils() {
+	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserService.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserService.java
index 3fb35f5ada..7d30cee451 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserService.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserService.java
@@ -50,7 +50,8 @@ import org.springframework.util.CollectionUtils;
 import org.springframework.util.StringUtils;
 
 /**
- * An implementation of an {@link OAuth2UserService} that supports OpenID Connect 1.0 Provider's.
+ * An implementation of an {@link OAuth2UserService} that supports OpenID Connect 1.0
+ * Provider's.
  *
  * @author Joe Grandja
  * @since 5.0
@@ -61,20 +62,26 @@ import org.springframework.util.StringUtils;
  * @see OidcUserInfo
  */
 public class OidcUserService implements OAuth2UserService<OidcUserRequest, OidcUser> {
+
 	private static final String INVALID_USER_INFO_RESPONSE_ERROR_CODE = "invalid_user_info_response";
-	private static final Converter<Map<String, Object>, Map<String, Object>> DEFAULT_CLAIM_TYPE_CONVERTER =
-			new ClaimTypeConverter(createDefaultClaimTypeConverters());
-	private Set<String> accessibleScopes = new HashSet<>(Arrays.asList(
-			OidcScopes.PROFILE, OidcScopes.EMAIL, OidcScopes.ADDRESS, OidcScopes.PHONE));
+
+	private static final Converter<Map<String, Object>, Map<String, Object>> DEFAULT_CLAIM_TYPE_CONVERTER = new ClaimTypeConverter(
+			createDefaultClaimTypeConverters());
+
+	private Set<String> accessibleScopes = new HashSet<>(
+			Arrays.asList(OidcScopes.PROFILE, OidcScopes.EMAIL, OidcScopes.ADDRESS, OidcScopes.PHONE));
+
 	private OAuth2UserService<OAuth2UserRequest, OAuth2User> oauth2UserService = new DefaultOAuth2UserService();
-	private Function<ClientRegistration, Converter<Map<String, Object>, Map<String, Object>>> claimTypeConverterFactory =
-			clientRegistration -> DEFAULT_CLAIM_TYPE_CONVERTER;
+
+	private Function<ClientRegistration, Converter<Map<String, Object>, Map<String, Object>>> claimTypeConverterFactory = clientRegistration -> DEFAULT_CLAIM_TYPE_CONVERTER;
 
 	/**
-	 * Returns the default {@link Converter}'s used for type conversion of claim values for an {@link OidcUserInfo}.
-
+	 * Returns the default {@link Converter}'s used for type conversion of claim values
+	 * for an {@link OidcUserInfo}.
+	 *
 	 * @since 5.2
-	 * @return a {@link Map} of {@link Converter}'s keyed by {@link StandardClaimNames claim name}
+	 * @return a {@link Map} of {@link Converter}'s keyed by {@link StandardClaimNames
+	 * claim name}
 	 */
 	public static Map<String, Converter<Object, ?>> createDefaultClaimTypeConverters() {
 		Converter<Object, ?> booleanConverter = getConverter(TypeDescriptor.valueOf(Boolean.class));
@@ -100,11 +107,12 @@ public class OidcUserService implements OAuth2UserService<OidcUserRequest, OidcU
 			OAuth2User oauth2User = this.oauth2UserService.loadUser(userRequest);
 
 			Map<String, Object> claims;
-			Converter<Map<String, Object>, Map<String, Object>> claimTypeConverter =
-					this.claimTypeConverterFactory.apply(userRequest.getClientRegistration());
+			Converter<Map<String, Object>, Map<String, Object>> claimTypeConverter = this.claimTypeConverterFactory
+					.apply(userRequest.getClientRegistration());
 			if (claimTypeConverter != null) {
 				claims = claimTypeConverter.convert(oauth2User.getAttributes());
-			} else {
+			}
+			else {
 				claims = DEFAULT_CLAIM_TYPE_CONVERTER.convert(oauth2User.getAttributes());
 			}
 			userInfo = new OidcUserInfo(claims);
@@ -117,7 +125,8 @@ public class OidcUserService implements OAuth2UserService<OidcUserRequest, OidcU
 				throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
 			}
 
-			// 2) Due to the possibility of token substitution attacks (see Section 16.11),
+			// 2) Due to the possibility of token substitution attacks (see Section
+			// 16.11),
 			// the UserInfo Response is not guaranteed to be about the End-User
 			// identified by the sub (subject) element of the ID Token.
 			// The sub Claim in the UserInfo Response MUST be verified to exactly match
@@ -138,11 +147,12 @@ public class OidcUserService implements OAuth2UserService<OidcUserRequest, OidcU
 
 		OidcUser user;
 
-		String userNameAttributeName = userRequest.getClientRegistration()
-			.getProviderDetails().getUserInfoEndpoint().getUserNameAttributeName();
+		String userNameAttributeName = userRequest.getClientRegistration().getProviderDetails().getUserInfoEndpoint()
+				.getUserNameAttributeName();
 		if (StringUtils.hasText(userNameAttributeName)) {
 			user = new DefaultOidcUser(authorities, userRequest.getIdToken(), userInfo, userNameAttributeName);
-		} else {
+		}
+		else {
 			user = new DefaultOidcUser(authorities, userRequest.getIdToken(), userInfo);
 		}
 
@@ -151,24 +161,28 @@ public class OidcUserService implements OAuth2UserService<OidcUserRequest, OidcU
 
 	private boolean shouldRetrieveUserInfo(OidcUserRequest userRequest) {
 		// Auto-disabled if UserInfo Endpoint URI is not provided
-		if (StringUtils.isEmpty(userRequest.getClientRegistration().getProviderDetails()
-			.getUserInfoEndpoint().getUri())) {
+		if (StringUtils
+				.isEmpty(userRequest.getClientRegistration().getProviderDetails().getUserInfoEndpoint().getUri())) {
 
 			return false;
 		}
 
 		// The Claims requested by the profile, email, address, and phone scope values
 		// are returned from the UserInfo Endpoint (as described in Section 5.3.2),
-		// when a response_type value is used that results in an Access Token being issued.
-		// However, when no Access Token is issued, which is the case for the response_type=id_token,
+		// when a response_type value is used that results in an Access Token being
+		// issued.
+		// However, when no Access Token is issued, which is the case for the
+		// response_type=id_token,
 		// the resulting Claims are returned in the ID Token.
-		// The Authorization Code Grant Flow, which is response_type=code, results in an Access Token being issued.
-		if (AuthorizationGrantType.AUTHORIZATION_CODE.equals(
-			userRequest.getClientRegistration().getAuthorizationGrantType())) {
+		// The Authorization Code Grant Flow, which is response_type=code, results in an
+		// Access Token being issued.
+		if (AuthorizationGrantType.AUTHORIZATION_CODE
+				.equals(userRequest.getClientRegistration().getAuthorizationGrantType())) {
 
-			// Return true if there is at least one match between the authorized scope(s) and accessible scope(s)
-			return this.accessibleScopes.isEmpty() ||
-					CollectionUtils.containsAny(userRequest.getAccessToken().getScopes(), this.accessibleScopes);
+			// Return true if there is at least one match between the authorized scope(s)
+			// and accessible scope(s)
+			return this.accessibleScopes.isEmpty()
+					|| CollectionUtils.containsAny(userRequest.getAccessToken().getScopes(), this.accessibleScopes);
 		}
 
 		return false;
@@ -178,7 +192,8 @@ public class OidcUserService implements OAuth2UserService<OidcUserRequest, OidcU
 	 * Sets the {@link OAuth2UserService} used when requesting the user info resource.
 	 *
 	 * @since 5.1
-	 * @param oauth2UserService the {@link OAuth2UserService} used when requesting the user info resource.
+	 * @param oauth2UserService the {@link OAuth2UserService} used when requesting the
+	 * user info resource.
 	 */
 	public final void setOauth2UserService(OAuth2UserService<OAuth2UserRequest, OAuth2User> oauth2UserService) {
 		Assert.notNull(oauth2UserService, "oauth2UserService cannot be null");
@@ -186,24 +201,29 @@ public class OidcUserService implements OAuth2UserService<OidcUserRequest, OidcU
 	}
 
 	/**
-	 * Sets the factory that provides a {@link Converter} used for type conversion of claim values for an {@link OidcUserInfo}.
-	 * The default is {@link ClaimTypeConverter} for all {@link ClientRegistration clients}.
+	 * Sets the factory that provides a {@link Converter} used for type conversion of
+	 * claim values for an {@link OidcUserInfo}. The default is {@link ClaimTypeConverter}
+	 * for all {@link ClientRegistration clients}.
 	 *
 	 * @since 5.2
-	 * @param claimTypeConverterFactory the factory that provides a {@link Converter} used for type conversion
-	 *                                  of claim values for a specific {@link ClientRegistration client}
+	 * @param claimTypeConverterFactory the factory that provides a {@link Converter} used
+	 * for type conversion of claim values for a specific {@link ClientRegistration
+	 * client}
 	 */
-	public final void setClaimTypeConverterFactory(Function<ClientRegistration, Converter<Map<String, Object>, Map<String, Object>>> claimTypeConverterFactory) {
+	public final void setClaimTypeConverterFactory(
+			Function<ClientRegistration, Converter<Map<String, Object>, Map<String, Object>>> claimTypeConverterFactory) {
 		Assert.notNull(claimTypeConverterFactory, "claimTypeConverterFactory cannot be null");
 		this.claimTypeConverterFactory = claimTypeConverterFactory;
 	}
 
 	/**
-	 * Sets the scope(s) that allow access to the user info resource.
-	 * The default is {@link OidcScopes#PROFILE profile}, {@link OidcScopes#EMAIL email}, {@link OidcScopes#ADDRESS address} and {@link OidcScopes#PHONE phone}.
-	 * The scope(s) are checked against the "granted" scope(s) associated to the {@link OidcUserRequest#getAccessToken() access token}
-	 * to determine if the user info resource is accessible or not.
-	 * If there is at least one match, the user info resource will be requested, otherwise it will not.
+	 * Sets the scope(s) that allow access to the user info resource. The default is
+	 * {@link OidcScopes#PROFILE profile}, {@link OidcScopes#EMAIL email},
+	 * {@link OidcScopes#ADDRESS address} and {@link OidcScopes#PHONE phone}. The scope(s)
+	 * are checked against the "granted" scope(s) associated to the
+	 * {@link OidcUserRequest#getAccessToken() access token} to determine if the user info
+	 * resource is accessible or not. If there is at least one match, the user info
+	 * resource will be requested, otherwise it will not.
 	 *
 	 * @since 5.2
 	 * @param accessibleScopes the scope(s) that allow access to the user info resource
@@ -212,4 +232,5 @@ public class OidcUserService implements OAuth2UserService<OidcUserRequest, OidcU
 		Assert.notNull(accessibleScopes, "accessibleScopes cannot be null");
 		this.accessibleScopes = accessibleScopes;
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/package-info.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/package-info.java
index 22e306921d..1a0f82f568 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/package-info.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/package-info.java
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 /**
- * Classes and interfaces providing support to the client for initiating requests
- * to the OpenID Connect 1.0 Provider's UserInfo Endpoint.
+ * Classes and interfaces providing support to the client for initiating requests to the
+ * OpenID Connect 1.0 Provider's UserInfo Endpoint.
  */
 package org.springframework.security.oauth2.client.oidc.userinfo;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/web/logout/OidcClientInitiatedLogoutSuccessHandler.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/web/logout/OidcClientInitiatedLogoutSuccessHandler.java
index 2e329cfa8b..49fa376e41 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/web/logout/OidcClientInitiatedLogoutSuccessHandler.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/web/logout/OidcClientInitiatedLogoutSuccessHandler.java
@@ -38,10 +38,13 @@ import org.springframework.web.util.UriComponentsBuilder;
  *
  * @author Josh Cummings
  * @since 5.2
- * @see <a href="https://openid.net/specs/openid-connect-session-1_0.html#RPLogout">RP-Initiated Logout</a>
+ * @see <a href=
+ * "https://openid.net/specs/openid-connect-session-1_0.html#RPLogout">RP-Initiated
+ * Logout</a>
  * @see org.springframework.security.web.authentication.logout.LogoutSuccessHandler
  */
 public final class OidcClientInitiatedLogoutSuccessHandler extends SimpleUrlLogoutSuccessHandler {
+
 	private final ClientRegistrationRepository clientRegistrationRepository;
 
 	private String postLogoutRedirectUri;
@@ -52,8 +55,8 @@ public final class OidcClientInitiatedLogoutSuccessHandler extends SimpleUrlLogo
 	}
 
 	@Override
-	protected String determineTargetUrl(HttpServletRequest request,
-			HttpServletResponse response, Authentication authentication) {
+	protected String determineTargetUrl(HttpServletRequest request, HttpServletResponse response,
+			Authentication authentication) {
 		String targetUrl = null;
 		URI endSessionEndpoint;
 		if (authentication instanceof OAuth2AuthenticationToken && authentication.getPrincipal() instanceof OidcUser) {
@@ -96,16 +99,11 @@ public final class OidcClientInitiatedLogoutSuccessHandler extends SimpleUrlLogo
 			return null;
 		}
 		UriComponents uriComponents = UriComponentsBuilder.fromHttpUrl(UrlUtils.buildFullRequestUrl(request))
-				.replacePath(request.getContextPath())
-				.replaceQuery(null)
-				.fragment(null)
-				.build();
+				.replacePath(request.getContextPath()).replaceQuery(null).fragment(null).build();
 		return UriComponentsBuilder.fromUriString(this.postLogoutRedirectUri)
-				.buildAndExpand(Collections.singletonMap("baseUrl", uriComponents.toUriString()))
-				.toUri();
+				.buildAndExpand(Collections.singletonMap("baseUrl", uriComponents.toUriString())).toUri();
 	}
 
-
 	private String endpointUri(URI endSessionEndpoint, String idToken, URI postLogoutRedirectUri) {
 		UriComponentsBuilder builder = UriComponentsBuilder.fromUri(endSessionEndpoint);
 		builder.queryParam("id_token_hint", idToken);
@@ -117,8 +115,8 @@ public final class OidcClientInitiatedLogoutSuccessHandler extends SimpleUrlLogo
 
 	/**
 	 * Set the post logout redirect uri to use
-	 *
-	 * @param postLogoutRedirectUri - A valid URL to which the OP should redirect after logging out the user
+	 * @param postLogoutRedirectUri - A valid URL to which the OP should redirect after
+	 * logging out the user
 	 * @deprecated {@link #setPostLogoutRedirectUri(String)}
 	 */
 	@Deprecated
@@ -135,15 +133,15 @@ public final class OidcClientInitiatedLogoutSuccessHandler extends SimpleUrlLogo
 	 * 	handler.setPostLogoutRedirectUri("{baseUrl}");
 	 * </pre>
 	 *
-	 * will make so that {@code post_logout_redirect_uri} will be set to the base url for the client
-	 * application.
-	 *
-	 * @param postLogoutRedirectUri - A template for creating the {@code post_logout_redirect_uri}
-	 * query parameter
+	 * will make so that {@code post_logout_redirect_uri} will be set to the base url for
+	 * the client application.
+	 * @param postLogoutRedirectUri - A template for creating the
+	 * {@code post_logout_redirect_uri} query parameter
 	 * @since 5.3
 	 */
 	public void setPostLogoutRedirectUri(String postLogoutRedirectUri) {
 		Assert.notNull(postLogoutRedirectUri, "postLogoutRedirectUri cannot be null");
 		this.postLogoutRedirectUri = postLogoutRedirectUri;
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/web/server/logout/OidcClientInitiatedServerLogoutSuccessHandler.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/web/server/logout/OidcClientInitiatedServerLogoutSuccessHandler.java
index ce4a5dac77..c3eac99e96 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/web/server/logout/OidcClientInitiatedServerLogoutSuccessHandler.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/web/server/logout/OidcClientInitiatedServerLogoutSuccessHandler.java
@@ -42,27 +42,30 @@ import org.springframework.web.util.UriComponentsBuilder;
  *
  * @author Josh Cummings
  * @since 5.2
- * @see <a href="https://openid.net/specs/openid-connect-session-1_0.html#RPLogout">RP-Initiated Logout</a>
+ * @see <a href=
+ * "https://openid.net/specs/openid-connect-session-1_0.html#RPLogout">RP-Initiated
+ * Logout</a>
  * @see org.springframework.security.web.server.authentication.logout.ServerLogoutSuccessHandler
  */
-public class OidcClientInitiatedServerLogoutSuccessHandler
-		implements ServerLogoutSuccessHandler {
+public class OidcClientInitiatedServerLogoutSuccessHandler implements ServerLogoutSuccessHandler {
 
 	private final ServerRedirectStrategy redirectStrategy = new DefaultServerRedirectStrategy();
-	private final RedirectServerLogoutSuccessHandler serverLogoutSuccessHandler
-			= new RedirectServerLogoutSuccessHandler();
+
+	private final RedirectServerLogoutSuccessHandler serverLogoutSuccessHandler = new RedirectServerLogoutSuccessHandler();
+
 	private final ReactiveClientRegistrationRepository clientRegistrationRepository;
 
 	private String postLogoutRedirectUri;
 
 	/**
-	 * Constructs an {@link OidcClientInitiatedServerLogoutSuccessHandler} with the provided parameters
-	 *
-	 * @param clientRegistrationRepository The {@link ReactiveClientRegistrationRepository} to use to derive
-	 * the end_session_endpoint value
+	 * Constructs an {@link OidcClientInitiatedServerLogoutSuccessHandler} with the
+	 * provided parameters
+	 * @param clientRegistrationRepository The
+	 * {@link ReactiveClientRegistrationRepository} to use to derive the
+	 * end_session_endpoint value
 	 */
-	public OidcClientInitiatedServerLogoutSuccessHandler
-			(ReactiveClientRegistrationRepository clientRegistrationRepository) {
+	public OidcClientInitiatedServerLogoutSuccessHandler(
+			ReactiveClientRegistrationRepository clientRegistrationRepository) {
 
 		Assert.notNull(clientRegistrationRepository, "clientRegistrationRepository cannot be null");
 		this.clientRegistrationRepository = clientRegistrationRepository;
@@ -73,13 +76,11 @@ public class OidcClientInitiatedServerLogoutSuccessHandler
 	 */
 	@Override
 	public Mono<Void> onLogoutSuccess(WebFilterExchange exchange, Authentication authentication) {
-		return Mono.just(authentication)
-				.filter(OAuth2AuthenticationToken.class::isInstance)
+		return Mono.just(authentication).filter(OAuth2AuthenticationToken.class::isInstance)
 				.filter(token -> authentication.getPrincipal() instanceof OidcUser)
 				.map(OAuth2AuthenticationToken.class::cast)
 				.map(OAuth2AuthenticationToken::getAuthorizedClientRegistrationId)
-				.flatMap(this.clientRegistrationRepository::findByRegistrationId)
-				.flatMap(clientRegistration -> {
+				.flatMap(this.clientRegistrationRepository::findByRegistrationId).flatMap(clientRegistration -> {
 					URI endSessionEndpoint = endSessionEndpoint(clientRegistration);
 					if (endSessionEndpoint == null) {
 						return Mono.empty();
@@ -88,8 +89,8 @@ public class OidcClientInitiatedServerLogoutSuccessHandler
 					URI postLogoutRedirectUri = postLogoutRedirectUri(exchange.getExchange().getRequest());
 					return Mono.just(endpointUri(endSessionEndpoint, idToken, postLogoutRedirectUri));
 				})
-				.switchIfEmpty(this.serverLogoutSuccessHandler
-						.onLogoutSuccess(exchange, authentication).then(Mono.empty()))
+				.switchIfEmpty(
+						this.serverLogoutSuccessHandler.onLogoutSuccess(exchange, authentication).then(Mono.empty()))
 				.flatMap(endpointUri -> this.redirectStrategy.sendRedirect(exchange.getExchange(), endpointUri));
 	}
 
@@ -124,19 +125,15 @@ public class OidcClientInitiatedServerLogoutSuccessHandler
 			return null;
 		}
 		UriComponents uriComponents = UriComponentsBuilder.fromUri(request.getURI())
-				.replacePath(request.getPath().contextPath().value())
-				.replaceQuery(null)
-				.fragment(null)
-				.build();
+				.replacePath(request.getPath().contextPath().value()).replaceQuery(null).fragment(null).build();
 		return UriComponentsBuilder.fromUriString(this.postLogoutRedirectUri)
-				.buildAndExpand(Collections.singletonMap("baseUrl", uriComponents.toUriString()))
-				.toUri();
+				.buildAndExpand(Collections.singletonMap("baseUrl", uriComponents.toUriString())).toUri();
 	}
 
 	/**
 	 * Set the post logout redirect uri to use
-	 *
-	 * @param postLogoutRedirectUri - A valid URL to which the OP should redirect after logging out the user
+	 * @param postLogoutRedirectUri - A valid URL to which the OP should redirect after
+	 * logging out the user
 	 * @deprecated {@link #setPostLogoutRedirectUri(String)}
 	 */
 	@Deprecated
@@ -153,11 +150,10 @@ public class OidcClientInitiatedServerLogoutSuccessHandler
 	 * 	handler.setPostLogoutRedirectUri("{baseUrl}");
 	 * </pre>
 	 *
-	 * will make so that {@code post_logout_redirect_uri} will be set to the base url for the client
-	 * application.
-	 *
-	 * @param postLogoutRedirectUri - A template for creating the {@code post_logout_redirect_uri}
-	 * query parameter
+	 * will make so that {@code post_logout_redirect_uri} will be set to the base url for
+	 * the client application.
+	 * @param postLogoutRedirectUri - A template for creating the
+	 * {@code post_logout_redirect_uri} query parameter
 	 * @since 5.3
 	 */
 	public void setPostLogoutRedirectUri(String postLogoutRedirectUri) {
@@ -166,12 +162,13 @@ public class OidcClientInitiatedServerLogoutSuccessHandler
 	}
 
 	/**
-	 * The URL to redirect to after successfully logging out when not originally an OIDC login
-	 *
+	 * The URL to redirect to after successfully logging out when not originally an OIDC
+	 * login
 	 * @param logoutSuccessUrl the url to redirect to. Default is "/login?logout".
 	 */
 	public void setLogoutSuccessUrl(URI logoutSuccessUrl) {
 		Assert.notNull(logoutSuccessUrl, "logoutSuccessUrl cannot be null");
 		this.serverLogoutSuccessHandler.setLogoutSuccessUrl(logoutSuccessUrl);
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistration.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistration.java
index 939778b2ee..241fb22755 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistration.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistration.java
@@ -36,22 +36,34 @@ import org.springframework.util.StringUtils;
 import static java.util.Collections.EMPTY_MAP;
 
 /**
- * A representation of a client registration with an OAuth 2.0 or OpenID Connect 1.0 Provider.
+ * A representation of a client registration with an OAuth 2.0 or OpenID Connect 1.0
+ * Provider.
  *
  * @author Joe Grandja
  * @since 5.0
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-2">Section 2 Client Registration</a>
+ * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-2">Section 2
+ * Client Registration</a>
  */
 public final class ClientRegistration implements Serializable {
+
 	private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
+
 	private String registrationId;
+
 	private String clientId;
+
 	private String clientSecret;
+
 	private ClientAuthenticationMethod clientAuthenticationMethod;
+
 	private AuthorizationGrantType authorizationGrantType;
+
 	private String redirectUri;
+
 	private Set<String> scopes = Collections.emptySet();
+
 	private ProviderDetails providerDetails = new ProviderDetails();
+
 	private String clientName;
 
 	private ClientRegistration() {
@@ -59,7 +71,6 @@ public final class ClientRegistration implements Serializable {
 
 	/**
 	 * Returns the identifier for the registration.
-	 *
 	 * @return the identifier for the registration
 	 */
 	public String getRegistrationId() {
@@ -68,7 +79,6 @@ public final class ClientRegistration implements Serializable {
 
 	/**
 	 * Returns the client identifier.
-	 *
 	 * @return the client identifier
 	 */
 	public String getClientId() {
@@ -77,7 +87,6 @@ public final class ClientRegistration implements Serializable {
 
 	/**
 	 * Returns the client secret.
-	 *
 	 * @return the client secret
 	 */
 	public String getClientSecret() {
@@ -85,9 +94,8 @@ public final class ClientRegistration implements Serializable {
 	}
 
 	/**
-	 * Returns the {@link ClientAuthenticationMethod authentication method} used
-	 * when authenticating the client with the authorization server.
-	 *
+	 * Returns the {@link ClientAuthenticationMethod authentication method} used when
+	 * authenticating the client with the authorization server.
 	 * @return the {@link ClientAuthenticationMethod}
 	 */
 	public ClientAuthenticationMethod getClientAuthenticationMethod() {
@@ -95,8 +103,8 @@ public final class ClientRegistration implements Serializable {
 	}
 
 	/**
-	 * Returns the {@link AuthorizationGrantType authorization grant type} used for the client.
-	 *
+	 * Returns the {@link AuthorizationGrantType authorization grant type} used for the
+	 * client.
 	 * @return the {@link AuthorizationGrantType}
 	 */
 	public AuthorizationGrantType getAuthorizationGrantType() {
@@ -105,7 +113,6 @@ public final class ClientRegistration implements Serializable {
 
 	/**
 	 * Returns the uri (or uri template) for the redirection endpoint.
-	 *
 	 * @deprecated Use {@link #getRedirectUri()} instead
 	 * @return the uri (or uri template) for the redirection endpoint
 	 */
@@ -118,14 +125,17 @@ public final class ClientRegistration implements Serializable {
 	 * Returns the uri (or uri template) for the redirection endpoint.
 	 *
 	 * <br />
-	 * The supported uri template variables are: {baseScheme}, {baseHost}, {basePort}, {basePath} and {registrationId}.
+	 * The supported uri template variables are: {baseScheme}, {baseHost}, {basePort},
+	 * {basePath} and {registrationId}.
 	 *
 	 * <br />
-	 * <b>NOTE:</b> {baseUrl} is also supported, which is the same as {baseScheme}://{baseHost}{basePort}{basePath}.
+	 * <b>NOTE:</b> {baseUrl} is also supported, which is the same as
+	 * {baseScheme}://{baseHost}{basePort}{basePath}.
 	 *
 	 * <br />
-	 * Configuring uri template variables is especially useful when the client is running behind a Proxy Server.
-	 * This ensures that the X-Forwarded-* headers are used when expanding the redirect-uri.
+	 * Configuring uri template variables is especially useful when the client is running
+	 * behind a Proxy Server. This ensures that the X-Forwarded-* headers are used when
+	 * expanding the redirect-uri.
 	 *
 	 * @since 5.4
 	 * @return the uri (or uri template) for the redirection endpoint
@@ -136,7 +146,6 @@ public final class ClientRegistration implements Serializable {
 
 	/**
 	 * Returns the scope(s) used for the client.
-	 *
 	 * @return the {@code Set} of scope(s)
 	 */
 	public Set<String> getScopes() {
@@ -145,7 +154,6 @@ public final class ClientRegistration implements Serializable {
 
 	/**
 	 * Returns the details of the provider.
-	 *
 	 * @return the {@link ProviderDetails}
 	 */
 	public ProviderDetails getProviderDetails() {
@@ -154,7 +162,6 @@ public final class ClientRegistration implements Serializable {
 
 	/**
 	 * Returns the logical name of the client or registration.
-	 *
 	 * @return the client or registration name
 	 */
 	public String getClientName() {
@@ -163,29 +170,30 @@ public final class ClientRegistration implements Serializable {
 
 	@Override
 	public String toString() {
-		return "ClientRegistration{"
-			+ "registrationId='" + this.registrationId + '\''
-			+ ", clientId='" + this.clientId + '\''
-			+ ", clientSecret='" + this.clientSecret + '\''
-			+ ", clientAuthenticationMethod=" + this.clientAuthenticationMethod
-			+ ", authorizationGrantType=" + this.authorizationGrantType
-			+ ", redirectUri='" + this.redirectUri + '\''
-			+ ", scopes=" + this.scopes
-			+ ", providerDetails=" + this.providerDetails
-			+ ", clientName='" + this.clientName
-			+ '\'' + '}';
+		return "ClientRegistration{" + "registrationId='" + this.registrationId + '\'' + ", clientId='" + this.clientId
+				+ '\'' + ", clientSecret='" + this.clientSecret + '\'' + ", clientAuthenticationMethod="
+				+ this.clientAuthenticationMethod + ", authorizationGrantType=" + this.authorizationGrantType
+				+ ", redirectUri='" + this.redirectUri + '\'' + ", scopes=" + this.scopes + ", providerDetails="
+				+ this.providerDetails + ", clientName='" + this.clientName + '\'' + '}';
 	}
 
 	/**
 	 * Details of the Provider.
 	 */
 	public class ProviderDetails implements Serializable {
+
 		private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
+
 		private String authorizationUri;
+
 		private String tokenUri;
+
 		private UserInfoEndpoint userInfoEndpoint = new UserInfoEndpoint();
+
 		private String jwkSetUri;
+
 		private String issuerUri;
+
 		private Map<String, Object> configurationMetadata = Collections.emptyMap();
 
 		private ProviderDetails() {
@@ -193,7 +201,6 @@ public final class ClientRegistration implements Serializable {
 
 		/**
 		 * Returns the uri for the authorization endpoint.
-		 *
 		 * @return the uri for the authorization endpoint
 		 */
 		public String getAuthorizationUri() {
@@ -202,7 +209,6 @@ public final class ClientRegistration implements Serializable {
 
 		/**
 		 * Returns the uri for the token endpoint.
-		 *
 		 * @return the uri for the token endpoint
 		 */
 		public String getTokenUri() {
@@ -211,7 +217,6 @@ public final class ClientRegistration implements Serializable {
 
 		/**
 		 * Returns the details of the {@link UserInfoEndpoint UserInfo Endpoint}.
-		 *
 		 * @return the {@link UserInfoEndpoint}
 		 */
 		public UserInfoEndpoint getUserInfoEndpoint() {
@@ -220,7 +225,6 @@ public final class ClientRegistration implements Serializable {
 
 		/**
 		 * Returns the uri for the JSON Web Key (JWK) Set endpoint.
-		 *
 		 * @return the uri for the JSON Web Key (JWK) Set endpoint
 		 */
 		public String getJwkSetUri() {
@@ -228,11 +232,12 @@ public final class ClientRegistration implements Serializable {
 		}
 
 		/**
-		 * Returns the issuer identifier uri for the OpenID Connect 1.0 provider
-		 * or the OAuth 2.0 Authorization Server.
+		 * Returns the issuer identifier uri for the OpenID Connect 1.0 provider or the
+		 * OAuth 2.0 Authorization Server.
 		 *
 		 * @since 5.4
-		 * @return the issuer identifier uri for the OpenID Connect 1.0 provider or the OAuth 2.0 Authorization Server
+		 * @return the issuer identifier uri for the OpenID Connect 1.0 provider or the
+		 * OAuth 2.0 Authorization Server
 		 */
 		public String getIssuerUri() {
 			return this.issuerUri;
@@ -252,9 +257,13 @@ public final class ClientRegistration implements Serializable {
 		 * Details of the UserInfo Endpoint.
 		 */
 		public class UserInfoEndpoint implements Serializable {
+
 			private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
+
 			private String uri;
+
 			private AuthenticationMethod authenticationMethod = AuthenticationMethod.HEADER;
+
 			private String userNameAttributeName;
 
 			private UserInfoEndpoint() {
@@ -262,7 +271,6 @@ public final class ClientRegistration implements Serializable {
 
 			/**
 			 * Returns the uri for the user info endpoint.
-			 *
 			 * @return the uri for the user info endpoint
 			 */
 			public String getUri() {
@@ -280,19 +288,22 @@ public final class ClientRegistration implements Serializable {
 			}
 
 			/**
-			 * Returns the attribute name used to access the user's name from the user info response.
-			 *
-			 * @return the attribute name used to access the user's name from the user info response
+			 * Returns the attribute name used to access the user's name from the user
+			 * info response.
+			 * @return the attribute name used to access the user's name from the user
+			 * info response
 			 */
 			public String getUserNameAttributeName() {
 				return this.userNameAttributeName;
 			}
+
 		}
+
 	}
 
 	/**
-	 * Returns a new {@link Builder}, initialized with the provided registration identifier.
-	 *
+	 * Returns a new {@link Builder}, initialized with the provided registration
+	 * identifier.
 	 * @param registrationId the identifier for the registration
 	 * @return the {@link Builder}
 	 */
@@ -302,8 +313,8 @@ public final class ClientRegistration implements Serializable {
 	}
 
 	/**
-	 * Returns a new {@link Builder}, initialized with the provided {@link ClientRegistration}.
-	 *
+	 * Returns a new {@link Builder}, initialized with the provided
+	 * {@link ClientRegistration}.
 	 * @param clientRegistration the {@link ClientRegistration} to copy from
 	 * @return the {@link Builder}
 	 */
@@ -316,22 +327,39 @@ public final class ClientRegistration implements Serializable {
 	 * A builder for {@link ClientRegistration}.
 	 */
 	public static class Builder implements Serializable {
+
 		private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
+
 		private String registrationId;
+
 		private String clientId;
+
 		private String clientSecret;
+
 		private ClientAuthenticationMethod clientAuthenticationMethod;
+
 		private AuthorizationGrantType authorizationGrantType;
+
 		private String redirectUri;
+
 		private Set<String> scopes;
+
 		private String authorizationUri;
+
 		private String tokenUri;
+
 		private String userInfoUri;
+
 		private AuthenticationMethod userInfoAuthenticationMethod = AuthenticationMethod.HEADER;
+
 		private String userNameAttributeName;
+
 		private String jwkSetUri;
+
 		private String issuerUri;
+
 		private Map<String, Object> configurationMetadata = Collections.emptyMap();
+
 		private String clientName;
 
 		private Builder(String registrationId) {
@@ -362,7 +390,6 @@ public final class ClientRegistration implements Serializable {
 
 		/**
 		 * Sets the registration id.
-		 *
 		 * @param registrationId the registration id
 		 * @return the {@link Builder}
 		 */
@@ -373,7 +400,6 @@ public final class ClientRegistration implements Serializable {
 
 		/**
 		 * Sets the client identifier.
-		 *
 		 * @param clientId the client identifier
 		 * @return the {@link Builder}
 		 */
@@ -384,7 +410,6 @@ public final class ClientRegistration implements Serializable {
 
 		/**
 		 * Sets the client secret.
-		 *
 		 * @param clientSecret the client secret
 		 * @return the {@link Builder}
 		 */
@@ -394,9 +419,8 @@ public final class ClientRegistration implements Serializable {
 		}
 
 		/**
-		 * Sets the {@link ClientAuthenticationMethod authentication method} used
-		 * when authenticating the client with the authorization server.
-		 *
+		 * Sets the {@link ClientAuthenticationMethod authentication method} used when
+		 * authenticating the client with the authorization server.
 		 * @param clientAuthenticationMethod the authentication method used for the client
 		 * @return the {@link Builder}
 		 */
@@ -406,8 +430,8 @@ public final class ClientRegistration implements Serializable {
 		}
 
 		/**
-		 * Sets the {@link AuthorizationGrantType authorization grant type} used for the client.
-		 *
+		 * Sets the {@link AuthorizationGrantType authorization grant type} used for the
+		 * client.
 		 * @param authorizationGrantType the authorization grant type used for the client
 		 * @return the {@link Builder}
 		 */
@@ -418,9 +442,9 @@ public final class ClientRegistration implements Serializable {
 
 		/**
 		 * Sets the uri (or uri template) for the redirection endpoint.
-		 *
 		 * @deprecated Use {@link #redirectUri(String)} instead
-		 * @param redirectUriTemplate the uri (or uri template) for the redirection endpoint
+		 * @param redirectUriTemplate the uri (or uri template) for the redirection
+		 * endpoint
 		 * @return the {@link Builder}
 		 */
 		@Deprecated
@@ -432,14 +456,17 @@ public final class ClientRegistration implements Serializable {
 		 * Sets the uri (or uri template) for the redirection endpoint.
 		 *
 		 * <br />
-		 * The supported uri template variables are: {baseScheme}, {baseHost}, {basePort}, {basePath} and {registrationId}.
+		 * The supported uri template variables are: {baseScheme}, {baseHost}, {basePort},
+		 * {basePath} and {registrationId}.
 		 *
 		 * <br />
-		 * <b>NOTE:</b> {baseUrl} is also supported, which is the same as {baseScheme}://{baseHost}{basePort}{basePath}.
+		 * <b>NOTE:</b> {baseUrl} is also supported, which is the same as
+		 * {baseScheme}://{baseHost}{basePort}{basePath}.
 		 *
 		 * <br />
-		 * Configuring uri template variables is especially useful when the client is running behind a Proxy Server.
-		 * This ensures that the X-Forwarded-* headers are used when expanding the redirect-uri.
+		 * Configuring uri template variables is especially useful when the client is
+		 * running behind a Proxy Server. This ensures that the X-Forwarded-* headers are
+		 * used when expanding the redirect-uri.
 		 *
 		 * @since 5.4
 		 * @param redirectUri the uri (or uri template) for the redirection endpoint
@@ -452,35 +479,30 @@ public final class ClientRegistration implements Serializable {
 
 		/**
 		 * Sets the scope(s) used for the client.
-		 *
 		 * @param scope the scope(s) used for the client
 		 * @return the {@link Builder}
 		 */
 		public Builder scope(String... scope) {
 			if (scope != null && scope.length > 0) {
-				this.scopes = Collections.unmodifiableSet(
-						new LinkedHashSet<>(Arrays.asList(scope)));
+				this.scopes = Collections.unmodifiableSet(new LinkedHashSet<>(Arrays.asList(scope)));
 			}
 			return this;
 		}
 
 		/**
 		 * Sets the scope(s) used for the client.
-		 *
 		 * @param scope the scope(s) used for the client
 		 * @return the {@link Builder}
 		 */
 		public Builder scope(Collection<String> scope) {
 			if (scope != null && !scope.isEmpty()) {
-				this.scopes = Collections.unmodifiableSet(
-						new LinkedHashSet<>(scope));
+				this.scopes = Collections.unmodifiableSet(new LinkedHashSet<>(scope));
 			}
 			return this;
 		}
 
 		/**
 		 * Sets the uri for the authorization endpoint.
-		 *
 		 * @param authorizationUri the uri for the authorization endpoint
 		 * @return the {@link Builder}
 		 */
@@ -491,7 +513,6 @@ public final class ClientRegistration implements Serializable {
 
 		/**
 		 * Sets the uri for the token endpoint.
-		 *
 		 * @param tokenUri the uri for the token endpoint
 		 * @return the {@link Builder}
 		 */
@@ -502,7 +523,6 @@ public final class ClientRegistration implements Serializable {
 
 		/**
 		 * Sets the uri for the user info endpoint.
-		 *
 		 * @param userInfoUri the uri for the user info endpoint
 		 * @return the {@link Builder}
 		 */
@@ -515,7 +535,8 @@ public final class ClientRegistration implements Serializable {
 		 * Sets the authentication method for the user info endpoint.
 		 *
 		 * @since 5.1
-		 * @param userInfoAuthenticationMethod the authentication method for the user info endpoint
+		 * @param userInfoAuthenticationMethod the authentication method for the user info
+		 * endpoint
 		 * @return the {@link Builder}
 		 */
 		public Builder userInfoAuthenticationMethod(AuthenticationMethod userInfoAuthenticationMethod) {
@@ -524,9 +545,10 @@ public final class ClientRegistration implements Serializable {
 		}
 
 		/**
-		 * Sets the attribute name used to access the user's name from the user info response.
-		 *
-		 * @param userNameAttributeName the attribute name used to access the user's name from the user info response
+		 * Sets the attribute name used to access the user's name from the user info
+		 * response.
+		 * @param userNameAttributeName the attribute name used to access the user's name
+		 * from the user info response
 		 * @return the {@link Builder}
 		 */
 		public Builder userNameAttributeName(String userNameAttributeName) {
@@ -536,7 +558,6 @@ public final class ClientRegistration implements Serializable {
 
 		/**
 		 * Sets the uri for the JSON Web Key (JWK) Set endpoint.
-		 *
 		 * @param jwkSetUri the uri for the JSON Web Key (JWK) Set endpoint
 		 * @return the {@link Builder}
 		 */
@@ -546,11 +567,12 @@ public final class ClientRegistration implements Serializable {
 		}
 
 		/**
-		 * Sets the issuer identifier uri for the OpenID Connect 1.0 provider
-		 * or the OAuth 2.0 Authorization Server.
+		 * Sets the issuer identifier uri for the OpenID Connect 1.0 provider or the OAuth
+		 * 2.0 Authorization Server.
 		 *
 		 * @since 5.4
-		 * @param issuerUri the issuer identifier uri for the OpenID Connect 1.0 provider or the OAuth 2.0 Authorization Server
+		 * @param issuerUri the issuer identifier uri for the OpenID Connect 1.0 provider
+		 * or the OAuth 2.0 Authorization Server
 		 * @return the {@link Builder}
 		 */
 		public Builder issuerUri(String issuerUri) {
@@ -562,7 +584,8 @@ public final class ClientRegistration implements Serializable {
 		 * Sets the metadata describing the provider's configuration.
 		 *
 		 * @since 5.1
-		 * @param configurationMetadata the metadata describing the provider's configuration
+		 * @param configurationMetadata the metadata describing the provider's
+		 * configuration
 		 * @return the {@link Builder}
 		 */
 		public Builder providerConfigurationMetadata(Map<String, Object> configurationMetadata) {
@@ -574,7 +597,6 @@ public final class ClientRegistration implements Serializable {
 
 		/**
 		 * Sets the logical name of the client or registration.
-		 *
 		 * @param clientName the client or registration name
 		 * @return the {@link Builder}
 		 */
@@ -585,18 +607,20 @@ public final class ClientRegistration implements Serializable {
 
 		/**
 		 * Builds a new {@link ClientRegistration}.
-		 *
 		 * @return a {@link ClientRegistration}
 		 */
 		public ClientRegistration build() {
 			Assert.notNull(this.authorizationGrantType, "authorizationGrantType cannot be null");
 			if (AuthorizationGrantType.CLIENT_CREDENTIALS.equals(this.authorizationGrantType)) {
 				this.validateClientCredentialsGrantType();
-			} else if (AuthorizationGrantType.PASSWORD.equals(this.authorizationGrantType)) {
+			}
+			else if (AuthorizationGrantType.PASSWORD.equals(this.authorizationGrantType)) {
 				this.validatePasswordGrantType();
-			} else if (AuthorizationGrantType.IMPLICIT.equals(this.authorizationGrantType)) {
+			}
+			else if (AuthorizationGrantType.IMPLICIT.equals(this.authorizationGrantType)) {
 				this.validateImplicitGrantType();
-			} else if (AuthorizationGrantType.AUTHORIZATION_CODE.equals(this.authorizationGrantType)) {
+			}
+			else if (AuthorizationGrantType.AUTHORIZATION_CODE.equals(this.authorizationGrantType)) {
 				this.validateAuthorizationCodeGrantType();
 			}
 			this.validateScopes();
@@ -611,11 +635,13 @@ public final class ClientRegistration implements Serializable {
 			clientRegistration.clientSecret = StringUtils.hasText(this.clientSecret) ? this.clientSecret : "";
 			if (this.clientAuthenticationMethod != null) {
 				clientRegistration.clientAuthenticationMethod = this.clientAuthenticationMethod;
-			} else {
-				if (AuthorizationGrantType.AUTHORIZATION_CODE.equals(this.authorizationGrantType) &&
-						!StringUtils.hasText(this.clientSecret)) {
+			}
+			else {
+				if (AuthorizationGrantType.AUTHORIZATION_CODE.equals(this.authorizationGrantType)
+						&& !StringUtils.hasText(this.clientSecret)) {
 					clientRegistration.clientAuthenticationMethod = ClientAuthenticationMethod.NONE;
-				} else {
+				}
+				else {
 					clientRegistration.clientAuthenticationMethod = ClientAuthenticationMethod.BASIC;
 				}
 			}
@@ -634,8 +660,8 @@ public final class ClientRegistration implements Serializable {
 			providerDetails.configurationMetadata = Collections.unmodifiableMap(this.configurationMetadata);
 			clientRegistration.providerDetails = providerDetails;
 
-			clientRegistration.clientName = StringUtils.hasText(this.clientName) ?
-					this.clientName : this.registrationId;
+			clientRegistration.clientName = StringUtils.hasText(this.clientName) ? this.clientName
+					: this.registrationId;
 
 			return clientRegistration;
 		}
@@ -686,15 +712,14 @@ public final class ClientRegistration implements Serializable {
 		}
 
 		private static boolean validateScope(String scope) {
-			return scope == null ||
-					scope.chars().allMatch(c ->
-							withinTheRangeOf(c, 0x21, 0x21) ||
-							withinTheRangeOf(c, 0x23, 0x5B) ||
-							withinTheRangeOf(c, 0x5D, 0x7E));
+			return scope == null || scope.chars().allMatch(c -> withinTheRangeOf(c, 0x21, 0x21)
+					|| withinTheRangeOf(c, 0x23, 0x5B) || withinTheRangeOf(c, 0x5D, 0x7E));
 		}
 
 		private static boolean withinTheRangeOf(int c, int min, int max) {
 			return c >= min && c <= max;
 		}
+
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistrationRepository.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistrationRepository.java
index 10d27ec1ef..95df03b20c 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistrationRepository.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistrationRepository.java
@@ -19,11 +19,10 @@ package org.springframework.security.oauth2.client.registration;
  * A repository for OAuth 2.0 / OpenID Connect 1.0 {@link ClientRegistration}(s).
  *
  * <p>
- * <b>NOTE:</b> Client registration information is ultimately stored and owned
- * by the associated Authorization Server.
- * Therefore, this repository provides the capability to store a sub-set copy
- * of the <i>primary</i> client registration information
- * externally from the Authorization Server.
+ * <b>NOTE:</b> Client registration information is ultimately stored and owned by the
+ * associated Authorization Server. Therefore, this repository provides the capability to
+ * store a sub-set copy of the <i>primary</i> client registration information externally
+ * from the Authorization Server.
  *
  * @author Joe Grandja
  * @since 5.0
@@ -32,8 +31,8 @@ package org.springframework.security.oauth2.client.registration;
 public interface ClientRegistrationRepository {
 
 	/**
-	 * Returns the client registration identified by the provided {@code registrationId}, or {@code null} if not found.
-	 *
+	 * Returns the client registration identified by the provided {@code registrationId},
+	 * or {@code null} if not found.
 	 * @param registrationId the registration identifier
 	 * @return the {@link ClientRegistration} if found, otherwise {@code null}
 	 */
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistrations.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistrations.java
index b8be1d4d42..aa68f450c1 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistrations.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistrations.java
@@ -42,10 +42,11 @@ import org.springframework.web.client.RestTemplate;
 import org.springframework.web.util.UriComponentsBuilder;
 
 /**
- * Allows creating a {@link ClientRegistration.Builder} from an
- * <a href="https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig">OpenID Provider Configuration</a>
- * or <a href="https://tools.ietf.org/html/rfc8414#section-3">Authorization Server Metadata</a> based on
- * provided issuer.
+ * Allows creating a {@link ClientRegistration.Builder} from an <a href=
+ * "https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig">OpenID
+ * Provider Configuration</a> or
+ * <a href="https://tools.ietf.org/html/rfc8414#section-3">Authorization Server
+ * Metadata</a> based on provided issuer.
  *
  * @author Rob Winch
  * @author Josh Cummings
@@ -53,24 +54,31 @@ import org.springframework.web.util.UriComponentsBuilder;
  * @since 5.1
  */
 public final class ClientRegistrations {
+
 	private static final String OIDC_METADATA_PATH = "/.well-known/openid-configuration";
+
 	private static final String OAUTH_METADATA_PATH = "/.well-known/oauth-authorization-server";
+
 	private static final RestTemplate rest = new RestTemplate();
-	private static final ParameterizedTypeReference<Map<String, Object>> typeReference =
-			new ParameterizedTypeReference<Map<String, Object>>() {};
+
+	private static final ParameterizedTypeReference<Map<String, Object>> typeReference = new ParameterizedTypeReference<Map<String, Object>>() {
+	};
 
 	/**
-	 * Creates a {@link ClientRegistration.Builder}  using the provided
-	 * <a href="https://openid.net/specs/openid-connect-core-1_0.html#IssuerIdentifier">Issuer</a> by making an
-	 * <a href="https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationRequest">OpenID Provider
-	 * Configuration Request</a> and using the values in the
-	 * <a href="https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationResponse">OpenID
-	 * Provider Configuration Response</a> to initialize the {@link ClientRegistration.Builder}.
+	 * Creates a {@link ClientRegistration.Builder} using the provided <a href=
+	 * "https://openid.net/specs/openid-connect-core-1_0.html#IssuerIdentifier">Issuer</a>
+	 * by making an <a href=
+	 * "https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationRequest">OpenID
+	 * Provider Configuration Request</a> and using the values in the <a href=
+	 * "https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationResponse">OpenID
+	 * Provider Configuration Response</a> to initialize the
+	 * {@link ClientRegistration.Builder}.
 	 *
 	 * <p>
-	 * For example, if the issuer provided is "https://example.com", then an "OpenID Provider Configuration Request" will
-	 * be made to "https://example.com/.well-known/openid-configuration". The result is expected to be an "OpenID
-	 * Provider Configuration Response".
+	 * For example, if the issuer provided is "https://example.com", then an "OpenID
+	 * Provider Configuration Request" will be made to
+	 * "https://example.com/.well-known/openid-configuration". The result is expected to
+	 * be an "OpenID Provider Configuration Response".
 	 * </p>
 	 *
 	 * <p>
@@ -82,8 +90,10 @@ public final class ClientRegistrations {
 	 *     .clientSecret("client-secret")
 	 *     .build();
 	 * </pre>
-	 * @param issuer the <a href="https://openid.net/specs/openid-connect-core-1_0.html#IssuerIdentifier">Issuer</a>
-	 * @return a {@link ClientRegistration.Builder} that was initialized by the OpenID Provider Configuration.
+	 * @param issuer the <a href=
+	 * "https://openid.net/specs/openid-connect-core-1_0.html#IssuerIdentifier">Issuer</a>
+	 * @return a {@link ClientRegistration.Builder} that was initialized by the OpenID
+	 * Provider Configuration.
 	 */
 	public static ClientRegistration.Builder fromOidcIssuerLocation(String issuer) {
 		Assert.hasText(issuer, "issuer cannot be empty");
@@ -91,29 +101,25 @@ public final class ClientRegistrations {
 	}
 
 	/**
-	 * Creates a {@link ClientRegistration.Builder}  using the provided
-	 * <a href="https://openid.net/specs/openid-connect-core-1_0.html#IssuerIdentifier">Issuer</a> by querying
-	 * three different discovery endpoints serially, using the values in the first successful response to
-	 * initialize. If an endpoint returns anything other than a 200 or a 4xx, the method will exit without
-	 * attempting subsequent endpoints.
+	 * Creates a {@link ClientRegistration.Builder} using the provided <a href=
+	 * "https://openid.net/specs/openid-connect-core-1_0.html#IssuerIdentifier">Issuer</a>
+	 * by querying three different discovery endpoints serially, using the values in the
+	 * first successful response to initialize. If an endpoint returns anything other than
+	 * a 200 or a 4xx, the method will exit without attempting subsequent endpoints.
 	 *
-	 * The three endpoints are computed as follows, given that the {@code issuer} is composed of a {@code host}
-	 * and a {@code path}:
+	 * The three endpoints are computed as follows, given that the {@code issuer} is
+	 * composed of a {@code host} and a {@code path}:
 	 *
 	 * <ol>
-	 * 	<li>
-	 * 	   {@code host/.well-known/openid-configuration/path}, as defined in
-	 * 	   <a href="https://tools.ietf.org/html/rfc8414#section-5">RFC 8414's Compatibility Notes</a>.
-	 *  </li>
-	 *  <li>
-	 *      {@code issuer/.well-known/openid-configuration}, as defined in
-	 *  	<a href="https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationRequest">
-	 * 	    OpenID Provider Configuration</a>.
-	 *  </li>
-	 *  <li>
-	 *      {@code host/.well-known/oauth-authorization-server/path}, as defined in
-	 *  	<a href="https://tools.ietf.org/html/rfc8414#section-3.1">Authorization Server Metadata Request</a>.
-	 *  </li>
+	 * <li>{@code host/.well-known/openid-configuration/path}, as defined in
+	 * <a href="https://tools.ietf.org/html/rfc8414#section-5">RFC 8414's Compatibility
+	 * Notes</a>.</li>
+	 * <li>{@code issuer/.well-known/openid-configuration}, as defined in <a href=
+	 * "https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationRequest">
+	 * OpenID Provider Configuration</a>.</li>
+	 * <li>{@code host/.well-known/oauth-authorization-server/path}, as defined in
+	 * <a href="https://tools.ietf.org/html/rfc8414#section-3.1">Authorization Server
+	 * Metadata Request</a>.</li>
 	 * </ol>
 	 *
 	 * Note that the second endpoint is the equivalent of calling
@@ -128,9 +134,9 @@ public final class ClientRegistrations {
 	 *     .clientSecret("client-secret")
 	 *     .build();
 	 * </pre>
-	 *
 	 * @param issuer
-	 * @return a {@link ClientRegistration.Builder} that was initialized by one of the described endpoints
+	 * @return a {@link ClientRegistration.Builder} that was initialized by one of the
+	 * described endpoints
 	 */
 	public static ClientRegistration.Builder fromIssuerLocation(String issuer) {
 		Assert.hasText(issuer, "issuer cannot be empty");
@@ -139,8 +145,8 @@ public final class ClientRegistrations {
 	}
 
 	private static Supplier<ClientRegistration.Builder> oidc(URI issuer) {
-		URI uri = UriComponentsBuilder.fromUri(issuer)
-				.replacePath(issuer.getPath() + OIDC_METADATA_PATH).build(Collections.emptyMap());
+		URI uri = UriComponentsBuilder.fromUri(issuer).replacePath(issuer.getPath() + OIDC_METADATA_PATH)
+				.build(Collections.emptyMap());
 
 		return () -> {
 			RequestEntity<Void> request = RequestEntity.get(uri).build();
@@ -156,14 +162,14 @@ public final class ClientRegistrations {
 	}
 
 	private static Supplier<ClientRegistration.Builder> oidcRfc8414(URI issuer) {
-		URI uri = UriComponentsBuilder.fromUri(issuer)
-				.replacePath(OIDC_METADATA_PATH + issuer.getPath()).build(Collections.emptyMap());
+		URI uri = UriComponentsBuilder.fromUri(issuer).replacePath(OIDC_METADATA_PATH + issuer.getPath())
+				.build(Collections.emptyMap());
 		return getRfc8414Builder(issuer, uri);
 	}
 
 	private static Supplier<ClientRegistration.Builder> oauth(URI issuer) {
-		URI uri = UriComponentsBuilder.fromUri(issuer)
-				.replacePath(OAUTH_METADATA_PATH + issuer.getPath()).build(Collections.emptyMap());
+		URI uri = UriComponentsBuilder.fromUri(issuer).replacePath(OAUTH_METADATA_PATH + issuer.getPath())
+				.build(Collections.emptyMap());
 		return getRfc8414Builder(issuer, uri);
 	}
 
@@ -188,73 +194,79 @@ public final class ClientRegistrations {
 	}
 
 	@SafeVarargs
-	private static ClientRegistration.Builder getBuilder(String issuer, Supplier<ClientRegistration.Builder>... suppliers) {
+	private static ClientRegistration.Builder getBuilder(String issuer,
+			Supplier<ClientRegistration.Builder>... suppliers) {
 		String errorMessage = "Unable to resolve Configuration with the provided Issuer of \"" + issuer + "\"";
 		for (Supplier<ClientRegistration.Builder> supplier : suppliers) {
 			try {
 				return supplier.get();
-			} catch (HttpClientErrorException e) {
+			}
+			catch (HttpClientErrorException e) {
 				if (!e.getStatusCode().is4xxClientError()) {
 					throw e;
 				}
 				// else try another endpoint
-			} catch (IllegalArgumentException | IllegalStateException e) {
+			}
+			catch (IllegalArgumentException | IllegalStateException e) {
 				throw e;
-			} catch (RuntimeException e) {
+			}
+			catch (RuntimeException e) {
 				throw new IllegalArgumentException(errorMessage, e);
 			}
 		}
 		throw new IllegalArgumentException(errorMessage);
 	}
 
-	private static <T> T parse(Map<String, Object> body,
-			ThrowingFunction<JSONObject, T, ParseException> parser) {
+	private static <T> T parse(Map<String, Object> body, ThrowingFunction<JSONObject, T, ParseException> parser) {
 
 		try {
 			return parser.apply(new JSONObject(body));
-		} catch (ParseException e) {
+		}
+		catch (ParseException e) {
 			throw new RuntimeException(e);
 		}
 	}
 
 	private interface ThrowingFunction<S, T, E extends Throwable> {
+
 		T apply(S src) throws E;
+
 	}
 
-	private static ClientRegistration.Builder withProviderConfiguration(AuthorizationServerMetadata metadata, String issuer) {
+	private static ClientRegistration.Builder withProviderConfiguration(AuthorizationServerMetadata metadata,
+			String issuer) {
 		String metadataIssuer = metadata.getIssuer().getValue();
 		if (!issuer.equals(metadataIssuer)) {
-			throw new IllegalStateException("The Issuer \"" + metadataIssuer + "\" provided in the configuration metadata did "
-					+ "not match the requested issuer \"" + issuer + "\"");
+			throw new IllegalStateException(
+					"The Issuer \"" + metadataIssuer + "\" provided in the configuration metadata did "
+							+ "not match the requested issuer \"" + issuer + "\"");
 		}
 
 		String name = URI.create(issuer).getHost();
-		ClientAuthenticationMethod method = getClientAuthenticationMethod(issuer, metadata.getTokenEndpointAuthMethods());
+		ClientAuthenticationMethod method = getClientAuthenticationMethod(issuer,
+				metadata.getTokenEndpointAuthMethods());
 		List<GrantType> grantTypes = metadata.getGrantTypes();
 		// If null, the default includes authorization_code
 		if (grantTypes != null && !grantTypes.contains(GrantType.AUTHORIZATION_CODE)) {
-			throw new IllegalArgumentException("Only AuthorizationGrantType.AUTHORIZATION_CODE is supported. The issuer \"" + issuer +
-					"\" returned a configuration of " + grantTypes);
+			throw new IllegalArgumentException(
+					"Only AuthorizationGrantType.AUTHORIZATION_CODE is supported. The issuer \"" + issuer
+							+ "\" returned a configuration of " + grantTypes);
 		}
 		List<String> scopes = getScopes(metadata);
 		Map<String, Object> configurationMetadata = new LinkedHashMap<>(metadata.toJSONObject());
 
-		return ClientRegistration.withRegistrationId(name)
-				.userNameAttributeName(IdTokenClaimNames.SUB)
-				.scope(scopes)
-				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
-				.clientAuthenticationMethod(method)
+		return ClientRegistration.withRegistrationId(name).userNameAttributeName(IdTokenClaimNames.SUB).scope(scopes)
+				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).clientAuthenticationMethod(method)
 				.redirectUri("{baseUrl}/{action}/oauth2/code/{registrationId}")
 				.authorizationUri(metadata.getAuthorizationEndpointURI().toASCIIString())
 				.providerConfigurationMetadata(configurationMetadata)
-				.tokenUri(metadata.getTokenEndpointURI().toASCIIString())
-				.issuerUri(issuer)
-				.clientName(issuer);
+				.tokenUri(metadata.getTokenEndpointURI().toASCIIString()).issuerUri(issuer).clientName(issuer);
 	}
 
 	private static ClientAuthenticationMethod getClientAuthenticationMethod(String issuer,
 			List<com.nimbusds.oauth2.sdk.auth.ClientAuthenticationMethod> metadataAuthMethods) {
-		if (metadataAuthMethods == null || metadataAuthMethods.contains(com.nimbusds.oauth2.sdk.auth.ClientAuthenticationMethod.CLIENT_SECRET_BASIC)) {
+		if (metadataAuthMethods == null || metadataAuthMethods
+				.contains(com.nimbusds.oauth2.sdk.auth.ClientAuthenticationMethod.CLIENT_SECRET_BASIC)) {
 			// If null, the default includes client_secret_basic
 			return ClientAuthenticationMethod.BASIC;
 		}
@@ -265,7 +277,8 @@ public final class ClientRegistrations {
 			return ClientAuthenticationMethod.NONE;
 		}
 		throw new IllegalArgumentException("Only ClientAuthenticationMethod.BASIC, ClientAuthenticationMethod.POST and "
-				+ "ClientAuthenticationMethod.NONE are supported. The issuer \"" + issuer + "\" returned a configuration of " + metadataAuthMethods);
+				+ "ClientAuthenticationMethod.NONE are supported. The issuer \"" + issuer
+				+ "\" returned a configuration of " + metadataAuthMethods);
 	}
 
 	private static List<String> getScopes(AuthorizationServerMetadata metadata) {
@@ -273,11 +286,13 @@ public final class ClientRegistrations {
 		if (scope == null) {
 			// If null, default to "openid" which must be supported
 			return Collections.singletonList(OidcScopes.OPENID);
-		} else {
+		}
+		else {
 			return scope.toStringList();
 		}
 	}
 
-	private ClientRegistrations() {}
+	private ClientRegistrations() {
+	}
 
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/InMemoryClientRegistrationRepository.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/InMemoryClientRegistrationRepository.java
index 7378d5fe4f..ca81eeee9b 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/InMemoryClientRegistrationRepository.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/InMemoryClientRegistrationRepository.java
@@ -25,7 +25,8 @@ import java.util.Map;
 import java.util.concurrent.ConcurrentHashMap;
 
 /**
- * A {@link ClientRegistrationRepository} that stores {@link ClientRegistration}(s) in-memory.
+ * A {@link ClientRegistrationRepository} that stores {@link ClientRegistration}(s)
+ * in-memory.
  *
  * @author Joe Grandja
  * @author Rob Winch
@@ -34,12 +35,14 @@ import java.util.concurrent.ConcurrentHashMap;
  * @see ClientRegistrationRepository
  * @see ClientRegistration
  */
-public final class InMemoryClientRegistrationRepository implements ClientRegistrationRepository, Iterable<ClientRegistration> {
+public final class InMemoryClientRegistrationRepository
+		implements ClientRegistrationRepository, Iterable<ClientRegistration> {
+
 	private final Map<String, ClientRegistration> registrations;
 
 	/**
-	 * Constructs an {@code InMemoryClientRegistrationRepository} using the provided parameters.
-	 *
+	 * Constructs an {@code InMemoryClientRegistrationRepository} using the provided
+	 * parameters.
 	 * @param registrations the client registration(s)
 	 */
 	public InMemoryClientRegistrationRepository(ClientRegistration... registrations) {
@@ -47,8 +50,8 @@ public final class InMemoryClientRegistrationRepository implements ClientRegistr
 	}
 
 	/**
-	 * Constructs an {@code InMemoryClientRegistrationRepository} using the provided parameters.
-	 *
+	 * Constructs an {@code InMemoryClientRegistrationRepository} using the provided
+	 * parameters.
 	 * @param registrations the client registration(s)
 	 */
 	public InMemoryClientRegistrationRepository(List<ClientRegistration> registrations) {
@@ -64,8 +67,7 @@ public final class InMemoryClientRegistrationRepository implements ClientRegistr
 		ConcurrentHashMap<String, ClientRegistration> result = new ConcurrentHashMap<>();
 		for (ClientRegistration registration : registrations) {
 			if (result.containsKey(registration.getRegistrationId())) {
-				throw new IllegalStateException(String.format("Duplicate key %s",
-						registration.getRegistrationId()));
+				throw new IllegalStateException(String.format("Duplicate key %s", registration.getRegistrationId()));
 			}
 			result.put(registration.getRegistrationId(), registration);
 		}
@@ -73,8 +75,9 @@ public final class InMemoryClientRegistrationRepository implements ClientRegistr
 	}
 
 	/**
-	 * Constructs an {@code InMemoryClientRegistrationRepository} using the provided {@code Map}
-	 * of {@link ClientRegistration#getRegistrationId() registration id} to {@link ClientRegistration}.
+	 * Constructs an {@code InMemoryClientRegistrationRepository} using the provided
+	 * {@code Map} of {@link ClientRegistration#getRegistrationId() registration id} to
+	 * {@link ClientRegistration}.
 	 *
 	 * @since 5.2
 	 * @param registrations the {@code Map} of client registration(s)
@@ -92,11 +95,11 @@ public final class InMemoryClientRegistrationRepository implements ClientRegistr
 
 	/**
 	 * Returns an {@code Iterator} of {@link ClientRegistration}.
-	 *
 	 * @return an {@code Iterator<ClientRegistration>}
 	 */
 	@Override
 	public Iterator<ClientRegistration> iterator() {
 		return this.registrations.values().iterator();
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/InMemoryReactiveClientRegistrationRepository.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/InMemoryReactiveClientRegistrationRepository.java
index 98ba597c41..43a0d8c408 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/InMemoryReactiveClientRegistrationRepository.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/InMemoryReactiveClientRegistrationRepository.java
@@ -27,7 +27,8 @@ import reactor.core.publisher.Mono;
 import org.springframework.util.Assert;
 
 /**
- * A Reactive {@link ClientRegistrationRepository} that stores {@link ClientRegistration}(s) in-memory.
+ * A Reactive {@link ClientRegistrationRepository} that stores
+ * {@link ClientRegistration}(s) in-memory.
  *
  * @author Rob Winch
  * @author Ebert Toribio
@@ -41,8 +42,8 @@ public final class InMemoryReactiveClientRegistrationRepository
 	private final Map<String, ClientRegistration> clientIdToClientRegistration;
 
 	/**
-	 * Constructs an {@code InMemoryReactiveClientRegistrationRepository} using the provided parameters.
-	 *
+	 * Constructs an {@code InMemoryReactiveClientRegistrationRepository} using the
+	 * provided parameters.
 	 * @param registrations the client registration(s)
 	 */
 	public InMemoryReactiveClientRegistrationRepository(ClientRegistration... registrations) {
@@ -55,8 +56,8 @@ public final class InMemoryReactiveClientRegistrationRepository
 	}
 
 	/**
-	 * Constructs an {@code InMemoryReactiveClientRegistrationRepository} using the provided parameters.
-	 *
+	 * Constructs an {@code InMemoryReactiveClientRegistrationRepository} using the
+	 * provided parameters.
 	 * @param registrations the client registration(s)
 	 */
 	public InMemoryReactiveClientRegistrationRepository(List<ClientRegistration> registrations) {
@@ -70,7 +71,6 @@ public final class InMemoryReactiveClientRegistrationRepository
 
 	/**
 	 * Returns an {@code Iterator} of {@link ClientRegistration}.
-	 *
 	 * @return an {@code Iterator<ClientRegistration>}
 	 */
 	@Override
@@ -84,11 +84,11 @@ public final class InMemoryReactiveClientRegistrationRepository
 		for (ClientRegistration registration : registrations) {
 			Assert.notNull(registration, "no registration can be null");
 			if (result.containsKey(registration.getRegistrationId())) {
-				throw new IllegalStateException(String.format("Duplicate key %s",
-						registration.getRegistrationId()));
+				throw new IllegalStateException(String.format("Duplicate key %s", registration.getRegistrationId()));
 			}
 			result.put(registration.getRegistrationId(), registration);
 		}
 		return Collections.unmodifiableMap(result);
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ReactiveClientRegistrationRepository.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ReactiveClientRegistrationRepository.java
index 731e414141..3d9c82aaf4 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ReactiveClientRegistrationRepository.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ReactiveClientRegistrationRepository.java
@@ -22,11 +22,10 @@ import reactor.core.publisher.Mono;
  * A reactive repository for OAuth 2.0 / OpenID Connect 1.0 {@link ClientRegistration}(s).
  *
  * <p>
- * <b>NOTE:</b> Client registration information is ultimately stored and owned
- * by the associated Authorization Server.
- * Therefore, this repository provides the capability to store a sub-set copy
- * of the <i>primary</i> client registration information
- * externally from the Authorization Server.
+ * <b>NOTE:</b> Client registration information is ultimately stored and owned by the
+ * associated Authorization Server. Therefore, this repository provides the capability to
+ * store a sub-set copy of the <i>primary</i> client registration information externally
+ * from the Authorization Server.
  *
  * @author Rob Winch
  * @since 5.1
@@ -35,8 +34,8 @@ import reactor.core.publisher.Mono;
 public interface ReactiveClientRegistrationRepository {
 
 	/**
-	 * Returns the client registration identified by the provided {@code registrationId}, or {@code null} if not found.
-	 *
+	 * Returns the client registration identified by the provided {@code registrationId},
+	 * or {@code null} if not found.
 	 * @param registrationId the registration identifier
 	 * @return the {@link ClientRegistration} if found, otherwise {@code null}
 	 */
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/package-info.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/package-info.java
index 9f133f1165..437fb51e69 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/package-info.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/package-info.java
@@ -14,6 +14,7 @@
  * limitations under the License.
  */
 /**
- * Classes and interfaces that provide support for {@link org.springframework.security.oauth2.client.registration.ClientRegistration}.
+ * Classes and interfaces that provide support for
+ * {@link org.springframework.security.oauth2.client.registration.ClientRegistration}.
  */
 package org.springframework.security.oauth2.client.registration;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/CustomUserTypesOAuth2UserService.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/CustomUserTypesOAuth2UserService.java
index df77620f91..d50ea1e56c 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/CustomUserTypesOAuth2UserService.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/CustomUserTypesOAuth2UserService.java
@@ -34,16 +34,19 @@ import java.util.LinkedHashMap;
 import java.util.Map;
 
 /**
- * An implementation of an {@link OAuth2UserService} that supports custom {@link OAuth2User} types.
+ * An implementation of an {@link OAuth2UserService} that supports custom
+ * {@link OAuth2User} types.
  * <p>
- * The custom user type(s) is supplied via the constructor,
- * using a {@code Map} of {@link OAuth2User} type(s) keyed by {@code String},
- * which represents the {@link ClientRegistration#getRegistrationId() Registration Id} of the Client.
- *
- * @deprecated It is recommended to use a delegation-based strategy of an {@link OAuth2UserService} to support custom {@link OAuth2User} types,
- * as it provides much greater flexibility compared to this implementation.
- * See the <a target="_blank" href="https://docs.spring.io/spring-security/site/docs/current/reference/html5/#oauth2login-advanced-map-authorities-oauth2userservice">reference manual</a> for details on how to implement.
+ * The custom user type(s) is supplied via the constructor, using a {@code Map} of
+ * {@link OAuth2User} type(s) keyed by {@code String}, which represents the
+ * {@link ClientRegistration#getRegistrationId() Registration Id} of the Client.
  *
+ * @deprecated It is recommended to use a delegation-based strategy of an
+ * {@link OAuth2UserService} to support custom {@link OAuth2User} types, as it provides
+ * much greater flexibility compared to this implementation. See the
+ * <a target="_blank" href=
+ * "https://docs.spring.io/spring-security/site/docs/current/reference/html5/#oauth2login-advanced-map-authorities-oauth2userservice">reference
+ * manual</a> for details on how to implement.
  * @author Joe Grandja
  * @since 5.0
  * @see OAuth2UserService
@@ -53,6 +56,7 @@ import java.util.Map;
  */
 @Deprecated
 public class CustomUserTypesOAuth2UserService implements OAuth2UserService<OAuth2UserRequest, OAuth2User> {
+
 	private static final String INVALID_USER_INFO_RESPONSE_ERROR_CODE = "invalid_user_info_response";
 
 	private final Map<String, Class<? extends OAuth2User>> customUserTypes;
@@ -62,9 +66,10 @@ public class CustomUserTypesOAuth2UserService implements OAuth2UserService<OAuth
 	private RestOperations restOperations;
 
 	/**
-	 * Constructs a {@code CustomUserTypesOAuth2UserService} using the provided parameters.
-	 *
-	 * @param customUserTypes a {@code Map} of {@link OAuth2User} type(s) keyed by {@link ClientRegistration#getRegistrationId() Registration Id}
+	 * Constructs a {@code CustomUserTypesOAuth2UserService} using the provided
+	 * parameters.
+	 * @param customUserTypes a {@code Map} of {@link OAuth2User} type(s) keyed by
+	 * {@link ClientRegistration#getRegistrationId() Registration Id}
 	 */
 	public CustomUserTypesOAuth2UserService(Map<String, Class<? extends OAuth2User>> customUserTypes) {
 		Assert.notEmpty(customUserTypes, "customUserTypes cannot be empty");
@@ -88,7 +93,8 @@ public class CustomUserTypesOAuth2UserService implements OAuth2UserService<OAuth
 		ResponseEntity<? extends OAuth2User> response;
 		try {
 			response = this.restOperations.exchange(request, customUserType);
-		} catch (RestClientException ex) {
+		}
+		catch (RestClientException ex) {
 			OAuth2Error oauth2Error = new OAuth2Error(INVALID_USER_INFO_RESPONSE_ERROR_CODE,
 					"An error occurred while attempting to retrieve the UserInfo Resource: " + ex.getMessage(), null);
 			throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString(), ex);
@@ -100,11 +106,12 @@ public class CustomUserTypesOAuth2UserService implements OAuth2UserService<OAuth
 	}
 
 	/**
-	 * Sets the {@link Converter} used for converting the {@link OAuth2UserRequest}
-	 * to a {@link RequestEntity} representation of the UserInfo Request.
+	 * Sets the {@link Converter} used for converting the {@link OAuth2UserRequest} to a
+	 * {@link RequestEntity} representation of the UserInfo Request.
 	 *
 	 * @since 5.1
-	 * @param requestEntityConverter the {@link Converter} used for converting to a {@link RequestEntity} representation of the UserInfo Request
+	 * @param requestEntityConverter the {@link Converter} used for converting to a
+	 * {@link RequestEntity} representation of the UserInfo Request
 	 */
 	public final void setRequestEntityConverter(Converter<OAuth2UserRequest, RequestEntity<?>> requestEntityConverter) {
 		Assert.notNull(requestEntityConverter, "requestEntityConverter cannot be null");
@@ -115,16 +122,19 @@ public class CustomUserTypesOAuth2UserService implements OAuth2UserService<OAuth
 	 * Sets the {@link RestOperations} used when requesting the UserInfo resource.
 	 *
 	 * <p>
-	 * <b>NOTE:</b> At a minimum, the supplied {@code restOperations} must be configured with the following:
+	 * <b>NOTE:</b> At a minimum, the supplied {@code restOperations} must be configured
+	 * with the following:
 	 * <ol>
-	 *  <li>{@link ResponseErrorHandler} - {@link OAuth2ErrorResponseErrorHandler}</li>
+	 * <li>{@link ResponseErrorHandler} - {@link OAuth2ErrorResponseErrorHandler}</li>
 	 * </ol>
 	 *
 	 * @since 5.1
-	 * @param restOperations the {@link RestOperations} used when requesting the UserInfo resource
+	 * @param restOperations the {@link RestOperations} used when requesting the UserInfo
+	 * resource
 	 */
 	public final void setRestOperations(RestOperations restOperations) {
 		Assert.notNull(restOperations, "restOperations cannot be null");
 		this.restOperations = restOperations;
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DefaultOAuth2UserService.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DefaultOAuth2UserService.java
index b3d00a077c..98bd846240 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DefaultOAuth2UserService.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DefaultOAuth2UserService.java
@@ -43,14 +43,17 @@ import org.springframework.web.client.RestTemplate;
 import org.springframework.web.client.UnknownContentTypeException;
 
 /**
- * An implementation of an {@link OAuth2UserService} that supports standard OAuth 2.0 Provider's.
+ * An implementation of an {@link OAuth2UserService} that supports standard OAuth 2.0
+ * Provider's.
  * <p>
  * For standard OAuth 2.0 Provider's, the attribute name used to access the user's name
  * from the UserInfo response is required and therefore must be available via
- * {@link ClientRegistration.ProviderDetails.UserInfoEndpoint#getUserNameAttributeName() UserInfoEndpoint.getUserNameAttributeName()}.
+ * {@link ClientRegistration.ProviderDetails.UserInfoEndpoint#getUserNameAttributeName()
+ * UserInfoEndpoint.getUserNameAttributeName()}.
  * <p>
- * <b>NOTE:</b> Attribute names are <b>not</b> standardized between providers and therefore will vary.
- * Please consult the provider's API documentation for the set of supported user attribute names.
+ * <b>NOTE:</b> Attribute names are <b>not</b> standardized between providers and
+ * therefore will vary. Please consult the provider's API documentation for the set of
+ * supported user attribute names.
  *
  * @author Joe Grandja
  * @since 5.0
@@ -60,14 +63,15 @@ import org.springframework.web.client.UnknownContentTypeException;
  * @see DefaultOAuth2User
  */
 public class DefaultOAuth2UserService implements OAuth2UserService<OAuth2UserRequest, OAuth2User> {
+
 	private static final String MISSING_USER_INFO_URI_ERROR_CODE = "missing_user_info_uri";
 
 	private static final String MISSING_USER_NAME_ATTRIBUTE_ERROR_CODE = "missing_user_name_attribute";
 
 	private static final String INVALID_USER_INFO_RESPONSE_ERROR_CODE = "invalid_user_info_response";
 
-	private static final ParameterizedTypeReference<Map<String, Object>> PARAMETERIZED_RESPONSE_TYPE =
-			new ParameterizedTypeReference<Map<String, Object>>() {};
+	private static final ParameterizedTypeReference<Map<String, Object>> PARAMETERIZED_RESPONSE_TYPE = new ParameterizedTypeReference<Map<String, Object>>() {
+	};
 
 	private Converter<OAuth2UserRequest, RequestEntity<?>> requestEntityConverter = new OAuth2UserRequestEntityConverter();
 
@@ -83,24 +87,21 @@ public class DefaultOAuth2UserService implements OAuth2UserService<OAuth2UserReq
 	public OAuth2User loadUser(OAuth2UserRequest userRequest) throws OAuth2AuthenticationException {
 		Assert.notNull(userRequest, "userRequest cannot be null");
 
-		if (!StringUtils.hasText(userRequest.getClientRegistration().getProviderDetails().getUserInfoEndpoint().getUri())) {
-			OAuth2Error oauth2Error = new OAuth2Error(
-				MISSING_USER_INFO_URI_ERROR_CODE,
-				"Missing required UserInfo Uri in UserInfoEndpoint for Client Registration: " +
-					userRequest.getClientRegistration().getRegistrationId(),
-				null
-			);
+		if (!StringUtils
+				.hasText(userRequest.getClientRegistration().getProviderDetails().getUserInfoEndpoint().getUri())) {
+			OAuth2Error oauth2Error = new OAuth2Error(MISSING_USER_INFO_URI_ERROR_CODE,
+					"Missing required UserInfo Uri in UserInfoEndpoint for Client Registration: "
+							+ userRequest.getClientRegistration().getRegistrationId(),
+					null);
 			throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
 		}
-		String userNameAttributeName = userRequest.getClientRegistration().getProviderDetails()
-				.getUserInfoEndpoint().getUserNameAttributeName();
+		String userNameAttributeName = userRequest.getClientRegistration().getProviderDetails().getUserInfoEndpoint()
+				.getUserNameAttributeName();
 		if (!StringUtils.hasText(userNameAttributeName)) {
-			OAuth2Error oauth2Error = new OAuth2Error(
-				MISSING_USER_NAME_ATTRIBUTE_ERROR_CODE,
-				"Missing required \"user name\" attribute name in UserInfoEndpoint for Client Registration: " +
-					userRequest.getClientRegistration().getRegistrationId(),
-				null
-			);
+			OAuth2Error oauth2Error = new OAuth2Error(MISSING_USER_NAME_ATTRIBUTE_ERROR_CODE,
+					"Missing required \"user name\" attribute name in UserInfoEndpoint for Client Registration: "
+							+ userRequest.getClientRegistration().getRegistrationId(),
+					null);
 			throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
 		}
 
@@ -109,32 +110,36 @@ public class DefaultOAuth2UserService implements OAuth2UserService<OAuth2UserReq
 		ResponseEntity<Map<String, Object>> response;
 		try {
 			response = this.restOperations.exchange(request, PARAMETERIZED_RESPONSE_TYPE);
-		} catch (OAuth2AuthorizationException ex) {
+		}
+		catch (OAuth2AuthorizationException ex) {
 			OAuth2Error oauth2Error = ex.getError();
 			StringBuilder errorDetails = new StringBuilder();
 			errorDetails.append("Error details: [");
-			errorDetails.append("UserInfo Uri: ").append(
-					userRequest.getClientRegistration().getProviderDetails().getUserInfoEndpoint().getUri());
+			errorDetails.append("UserInfo Uri: ")
+					.append(userRequest.getClientRegistration().getProviderDetails().getUserInfoEndpoint().getUri());
 			errorDetails.append(", Error Code: ").append(oauth2Error.getErrorCode());
 			if (oauth2Error.getDescription() != null) {
 				errorDetails.append(", Error Description: ").append(oauth2Error.getDescription());
 			}
 			errorDetails.append("]");
 			oauth2Error = new OAuth2Error(INVALID_USER_INFO_RESPONSE_ERROR_CODE,
-					"An error occurred while attempting to retrieve the UserInfo Resource: " + errorDetails.toString(), null);
+					"An error occurred while attempting to retrieve the UserInfo Resource: " + errorDetails.toString(),
+					null);
 			throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString(), ex);
-		} catch (UnknownContentTypeException ex) {
-			String errorMessage = "An error occurred while attempting to retrieve the UserInfo Resource from '" +
-					userRequest.getClientRegistration().getProviderDetails().getUserInfoEndpoint().getUri() +
-					"': response contains invalid content type '" + ex.getContentType().toString() + "'. " +
-					"The UserInfo Response should return a JSON object (content type 'application/json') " +
-					"that contains a collection of name and value pairs of the claims about the authenticated End-User. " +
-					"Please ensure the UserInfo Uri in UserInfoEndpoint for Client Registration '" +
-					userRequest.getClientRegistration().getRegistrationId() + "' conforms to the UserInfo Endpoint, " +
-					"as defined in OpenID Connect 1.0: 'https://openid.net/specs/openid-connect-core-1_0.html#UserInfo'";
+		}
+		catch (UnknownContentTypeException ex) {
+			String errorMessage = "An error occurred while attempting to retrieve the UserInfo Resource from '"
+					+ userRequest.getClientRegistration().getProviderDetails().getUserInfoEndpoint().getUri()
+					+ "': response contains invalid content type '" + ex.getContentType().toString() + "'. "
+					+ "The UserInfo Response should return a JSON object (content type 'application/json') "
+					+ "that contains a collection of name and value pairs of the claims about the authenticated End-User. "
+					+ "Please ensure the UserInfo Uri in UserInfoEndpoint for Client Registration '"
+					+ userRequest.getClientRegistration().getRegistrationId() + "' conforms to the UserInfo Endpoint, "
+					+ "as defined in OpenID Connect 1.0: 'https://openid.net/specs/openid-connect-core-1_0.html#UserInfo'";
 			OAuth2Error oauth2Error = new OAuth2Error(INVALID_USER_INFO_RESPONSE_ERROR_CODE, errorMessage, null);
 			throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString(), ex);
-		} catch (RestClientException ex) {
+		}
+		catch (RestClientException ex) {
 			OAuth2Error oauth2Error = new OAuth2Error(INVALID_USER_INFO_RESPONSE_ERROR_CODE,
 					"An error occurred while attempting to retrieve the UserInfo Resource: " + ex.getMessage(), null);
 			throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString(), ex);
@@ -152,11 +157,12 @@ public class DefaultOAuth2UserService implements OAuth2UserService<OAuth2UserReq
 	}
 
 	/**
-	 * Sets the {@link Converter} used for converting the {@link OAuth2UserRequest}
-	 * to a {@link RequestEntity} representation of the UserInfo Request.
+	 * Sets the {@link Converter} used for converting the {@link OAuth2UserRequest} to a
+	 * {@link RequestEntity} representation of the UserInfo Request.
 	 *
 	 * @since 5.1
-	 * @param requestEntityConverter the {@link Converter} used for converting to a {@link RequestEntity} representation of the UserInfo Request
+	 * @param requestEntityConverter the {@link Converter} used for converting to a
+	 * {@link RequestEntity} representation of the UserInfo Request
 	 */
 	public final void setRequestEntityConverter(Converter<OAuth2UserRequest, RequestEntity<?>> requestEntityConverter) {
 		Assert.notNull(requestEntityConverter, "requestEntityConverter cannot be null");
@@ -167,16 +173,19 @@ public class DefaultOAuth2UserService implements OAuth2UserService<OAuth2UserReq
 	 * Sets the {@link RestOperations} used when requesting the UserInfo resource.
 	 *
 	 * <p>
-	 * <b>NOTE:</b> At a minimum, the supplied {@code restOperations} must be configured with the following:
+	 * <b>NOTE:</b> At a minimum, the supplied {@code restOperations} must be configured
+	 * with the following:
 	 * <ol>
-	 *  <li>{@link ResponseErrorHandler} - {@link OAuth2ErrorResponseErrorHandler}</li>
+	 * <li>{@link ResponseErrorHandler} - {@link OAuth2ErrorResponseErrorHandler}</li>
 	 * </ol>
 	 *
 	 * @since 5.1
-	 * @param restOperations the {@link RestOperations} used when requesting the UserInfo resource
+	 * @param restOperations the {@link RestOperations} used when requesting the UserInfo
+	 * resource
 	 */
 	public final void setRestOperations(RestOperations restOperations) {
 		Assert.notNull(restOperations, "restOperations cannot be null");
 		this.restOperations = restOperations;
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserService.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserService.java
index 8e547be7f9..e654eb571d 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserService.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserService.java
@@ -16,7 +16,6 @@
 
 package org.springframework.security.oauth2.client.userinfo;
 
-
 import java.io.IOException;
 import java.util.HashSet;
 import java.util.Map;
@@ -49,14 +48,17 @@ import net.minidev.json.JSONObject;
 import reactor.core.publisher.Mono;
 
 /**
- * An implementation of an {@link ReactiveOAuth2UserService} that supports standard OAuth 2.0 Provider's.
+ * An implementation of an {@link ReactiveOAuth2UserService} that supports standard OAuth
+ * 2.0 Provider's.
  * <p>
  * For standard OAuth 2.0 Provider's, the attribute name used to access the user's name
  * from the UserInfo response is required and therefore must be available via
- * {@link org.springframework.security.oauth2.client.registration.ClientRegistration.ProviderDetails.UserInfoEndpoint#getUserNameAttributeName() UserInfoEndpoint.getUserNameAttributeName()}.
+ * {@link org.springframework.security.oauth2.client.registration.ClientRegistration.ProviderDetails.UserInfoEndpoint#getUserNameAttributeName()
+ * UserInfoEndpoint.getUserNameAttributeName()}.
  * <p>
- * <b>NOTE:</b> Attribute names are <b>not</b> standardized between providers and therefore will vary.
- * Please consult the provider's API documentation for the set of supported user attribute names.
+ * <b>NOTE:</b> Attribute names are <b>not</b> standardized between providers and
+ * therefore will vary. Please consult the provider's API documentation for the set of
+ * supported user attribute names.
  *
  * @author Rob Winch
  * @since 5.1
@@ -66,34 +68,33 @@ import reactor.core.publisher.Mono;
  * @see DefaultOAuth2User
  */
 public class DefaultReactiveOAuth2UserService implements ReactiveOAuth2UserService<OAuth2UserRequest, OAuth2User> {
+
 	private static final String INVALID_USER_INFO_RESPONSE_ERROR_CODE = "invalid_user_info_response";
+
 	private static final String MISSING_USER_INFO_URI_ERROR_CODE = "missing_user_info_uri";
+
 	private static final String MISSING_USER_NAME_ATTRIBUTE_ERROR_CODE = "missing_user_name_attribute";
 
 	private WebClient webClient = WebClient.create();
 
 	@Override
-	public Mono<OAuth2User> loadUser(OAuth2UserRequest userRequest)
-			throws OAuth2AuthenticationException {
+	public Mono<OAuth2User> loadUser(OAuth2UserRequest userRequest) throws OAuth2AuthenticationException {
 		return Mono.defer(() -> {
 			Assert.notNull(userRequest, "userRequest cannot be null");
 
-			String userInfoUri = userRequest.getClientRegistration().getProviderDetails()
-					.getUserInfoEndpoint().getUri();
-			if (!StringUtils.hasText(
-					userInfoUri)) {
-				OAuth2Error oauth2Error = new OAuth2Error(
-						MISSING_USER_INFO_URI_ERROR_CODE,
+			String userInfoUri = userRequest.getClientRegistration().getProviderDetails().getUserInfoEndpoint()
+					.getUri();
+			if (!StringUtils.hasText(userInfoUri)) {
+				OAuth2Error oauth2Error = new OAuth2Error(MISSING_USER_INFO_URI_ERROR_CODE,
 						"Missing required UserInfo Uri in UserInfoEndpoint for Client Registration: "
 								+ userRequest.getClientRegistration().getRegistrationId(),
 						null);
 				throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
 			}
-			String userNameAttributeName = userRequest.getClientRegistration().getProviderDetails().getUserInfoEndpoint()
-					.getUserNameAttributeName();
+			String userNameAttributeName = userRequest.getClientRegistration().getProviderDetails()
+					.getUserInfoEndpoint().getUserNameAttributeName();
 			if (!StringUtils.hasText(userNameAttributeName)) {
-				OAuth2Error oauth2Error = new OAuth2Error(
-						MISSING_USER_NAME_ATTRIBUTE_ERROR_CODE,
+				OAuth2Error oauth2Error = new OAuth2Error(MISSING_USER_NAME_ATTRIBUTE_ERROR_CODE,
 						"Missing required \"user name\" attribute name in UserInfoEndpoint for Client Registration: "
 								+ userRequest.getClientRegistration().getRegistrationId(),
 						null);
@@ -107,28 +108,23 @@ public class DefaultReactiveOAuth2UserService implements ReactiveOAuth2UserServi
 					.getUserInfoEndpoint().getAuthenticationMethod();
 			WebClient.RequestHeadersSpec<?> requestHeadersSpec;
 			if (AuthenticationMethod.FORM.equals(authenticationMethod)) {
-				requestHeadersSpec = this.webClient.post()
-						.uri(userInfoUri)
+				requestHeadersSpec = this.webClient.post().uri(userInfoUri)
 						.header(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_VALUE)
 						.header(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_FORM_URLENCODED_VALUE)
 						.syncBody("access_token=" + userRequest.getAccessToken().getTokenValue());
-			} else {
-				requestHeadersSpec = this.webClient.get()
-						.uri(userInfoUri)
+			}
+			else {
+				requestHeadersSpec = this.webClient.get().uri(userInfoUri)
 						.header(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_VALUE)
 						.headers(headers -> headers.setBearerAuth(userRequest.getAccessToken().getTokenValue()));
 			}
-			Mono<Map<String, Object>> userAttributes = requestHeadersSpec
-					.retrieve()
+			Mono<Map<String, Object>> userAttributes = requestHeadersSpec.retrieve()
 					.onStatus(s -> s != HttpStatus.OK, response -> parse(response).map(userInfoErrorResponse -> {
 						String description = userInfoErrorResponse.getErrorObject().getDescription();
-						OAuth2Error oauth2Error = new OAuth2Error(
-								INVALID_USER_INFO_RESPONSE_ERROR_CODE, description,
+						OAuth2Error oauth2Error = new OAuth2Error(INVALID_USER_INFO_RESPONSE_ERROR_CODE, description,
 								null);
-						throw new OAuth2AuthenticationException(oauth2Error,
-								oauth2Error.toString());
-					}))
-					.bodyToMono(typeReference);
+						throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
+					})).bodyToMono(typeReference);
 
 			return userAttributes.map(attrs -> {
 				GrantedAuthority authority = new OAuth2UserAuthority(attrs);
@@ -140,24 +136,27 @@ public class DefaultReactiveOAuth2UserService implements ReactiveOAuth2UserServi
 				}
 
 				return new DefaultOAuth2User(authorities, attrs, userNameAttributeName);
-			})
-			.onErrorMap(IOException.class, e -> new AuthenticationServiceException("Unable to access the userInfoEndpoint " + userInfoUri, e))
-			.onErrorMap(UnsupportedMediaTypeException.class, e -> {
-				String errorMessage = "An error occurred while attempting to retrieve the UserInfo Resource from '" +
-						userRequest.getClientRegistration().getProviderDetails().getUserInfoEndpoint().getUri() +
-						"': response contains invalid content type '" + e.getContentType().toString() + "'. " +
-						"The UserInfo Response should return a JSON object (content type 'application/json') " +
-						"that contains a collection of name and value pairs of the claims about the authenticated End-User. " +
-						"Please ensure the UserInfo Uri in UserInfoEndpoint for Client Registration '" +
-						userRequest.getClientRegistration().getRegistrationId() + "' conforms to the UserInfo Endpoint, " +
-						"as defined in OpenID Connect 1.0: 'https://openid.net/specs/openid-connect-core-1_0.html#UserInfo'";
-				OAuth2Error oauth2Error = new OAuth2Error(INVALID_USER_INFO_RESPONSE_ERROR_CODE, errorMessage, null);
-				throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString(), e);
-			})
-			.onErrorMap(t -> !(t instanceof AuthenticationServiceException), t -> {
-				OAuth2Error oauth2Error = new OAuth2Error(INVALID_USER_INFO_RESPONSE_ERROR_CODE,  "An error occurred reading the UserInfo Success response: " + t.getMessage(), null);
-				return new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString(), t);
-			});
+			}).onErrorMap(IOException.class,
+					e -> new AuthenticationServiceException("Unable to access the userInfoEndpoint " + userInfoUri, e))
+					.onErrorMap(UnsupportedMediaTypeException.class, e -> {
+						String errorMessage = "An error occurred while attempting to retrieve the UserInfo Resource from '"
+								+ userRequest.getClientRegistration().getProviderDetails().getUserInfoEndpoint()
+										.getUri()
+								+ "': response contains invalid content type '" + e.getContentType().toString() + "'. "
+								+ "The UserInfo Response should return a JSON object (content type 'application/json') "
+								+ "that contains a collection of name and value pairs of the claims about the authenticated End-User. "
+								+ "Please ensure the UserInfo Uri in UserInfoEndpoint for Client Registration '"
+								+ userRequest.getClientRegistration().getRegistrationId()
+								+ "' conforms to the UserInfo Endpoint, "
+								+ "as defined in OpenID Connect 1.0: 'https://openid.net/specs/openid-connect-core-1_0.html#UserInfo'";
+						OAuth2Error oauth2Error = new OAuth2Error(INVALID_USER_INFO_RESPONSE_ERROR_CODE, errorMessage,
+								null);
+						throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString(), e);
+					}).onErrorMap(t -> !(t instanceof AuthenticationServiceException), t -> {
+						OAuth2Error oauth2Error = new OAuth2Error(INVALID_USER_INFO_RESPONSE_ERROR_CODE,
+								"An error occurred reading the UserInfo Success response: " + t.getMessage(), null);
+						return new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString(), t);
+					});
 		});
 	}
 
@@ -179,11 +178,11 @@ public class DefaultReactiveOAuth2UserService implements ReactiveOAuth2UserServi
 			return Mono.fromCallable(() -> UserInfoErrorResponse.parse(wwwAuth));
 		}
 
-		ParameterizedTypeReference<Map<String, String>> typeReference =
-				new ParameterizedTypeReference<Map<String, String>>() {};
+		ParameterizedTypeReference<Map<String, String>> typeReference = new ParameterizedTypeReference<Map<String, String>>() {
+		};
 		// Other error?
-		return httpResponse
-			.bodyToMono(typeReference)
-			.map(body -> new UserInfoErrorResponse(ErrorObject.parse(new JSONObject(body))));
+		return httpResponse.bodyToMono(typeReference)
+				.map(body -> new UserInfoErrorResponse(ErrorObject.parse(new JSONObject(body))));
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DelegatingOAuth2UserService.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DelegatingOAuth2UserService.java
index a44058f2c2..3105049c01 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DelegatingOAuth2UserService.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DelegatingOAuth2UserService.java
@@ -25,28 +25,28 @@ import java.util.List;
 import java.util.Objects;
 
 /**
- * An implementation of an {@link OAuth2UserService} that simply delegates
- * to it's internal {@code List} of {@link OAuth2UserService}(s).
+ * An implementation of an {@link OAuth2UserService} that simply delegates to it's
+ * internal {@code List} of {@link OAuth2UserService}(s).
  * <p>
  * Each {@link OAuth2UserService} is given a chance to
- * {@link OAuth2UserService#loadUser(OAuth2UserRequest) load} an {@link OAuth2User}
- * with the first {@code non-null} {@link OAuth2User} being returned.
+ * {@link OAuth2UserService#loadUser(OAuth2UserRequest) load} an {@link OAuth2User} with
+ * the first {@code non-null} {@link OAuth2User} being returned.
  *
  * @author Joe Grandja
  * @since 5.0
  * @see OAuth2UserService
  * @see OAuth2UserRequest
  * @see OAuth2User
- *
  * @param <R> The type of OAuth 2.0 User Request
  * @param <U> The type of OAuth 2.0 User
  */
-public class DelegatingOAuth2UserService<R extends OAuth2UserRequest, U extends OAuth2User> implements OAuth2UserService<R, U> {
+public class DelegatingOAuth2UserService<R extends OAuth2UserRequest, U extends OAuth2User>
+		implements OAuth2UserService<R, U> {
+
 	private final List<OAuth2UserService<R, U>> userServices;
 
 	/**
 	 * Constructs a {@code DelegatingOAuth2UserService} using the provided parameters.
-	 *
 	 * @param userServices a {@code List} of {@link OAuth2UserService}(s)
 	 */
 	public DelegatingOAuth2UserService(List<OAuth2UserService<R, U>> userServices) {
@@ -57,10 +57,8 @@ public class DelegatingOAuth2UserService<R extends OAuth2UserRequest, U extends
 	@Override
 	public U loadUser(R userRequest) throws OAuth2AuthenticationException {
 		Assert.notNull(userRequest, "userRequest cannot be null");
-		return this.userServices.stream()
-			.map(userService -> userService.loadUser(userRequest))
-			.filter(Objects::nonNull)
-			.findFirst()
-			.orElse(null);
+		return this.userServices.stream().map(userService -> userService.loadUser(userRequest)).filter(Objects::nonNull)
+				.findFirst().orElse(null);
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequest.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequest.java
index 34dc78f7b5..0b0490c9f5 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequest.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequest.java
@@ -25,8 +25,8 @@ import java.util.LinkedHashMap;
 import java.util.Map;
 
 /**
- * Represents a request the {@link OAuth2UserService} uses
- * when initiating a request to the UserInfo Endpoint.
+ * Represents a request the {@link OAuth2UserService} uses when initiating a request to
+ * the UserInfo Endpoint.
  *
  * @author Joe Grandja
  * @since 5.0
@@ -35,13 +35,15 @@ import java.util.Map;
  * @see OAuth2UserService
  */
 public class OAuth2UserRequest {
+
 	private final ClientRegistration clientRegistration;
+
 	private final OAuth2AccessToken accessToken;
+
 	private final Map<String, Object> additionalParameters;
 
 	/**
 	 * Constructs an {@code OAuth2UserRequest} using the provided parameters.
-	 *
 	 * @param clientRegistration the client registration
 	 * @param accessToken the access token
 	 */
@@ -58,19 +60,17 @@ public class OAuth2UserRequest {
 	 * @param additionalParameters the additional parameters, may be empty
 	 */
 	public OAuth2UserRequest(ClientRegistration clientRegistration, OAuth2AccessToken accessToken,
-								Map<String, Object> additionalParameters) {
+			Map<String, Object> additionalParameters) {
 		Assert.notNull(clientRegistration, "clientRegistration cannot be null");
 		Assert.notNull(accessToken, "accessToken cannot be null");
 		this.clientRegistration = clientRegistration;
 		this.accessToken = accessToken;
-		this.additionalParameters = Collections.unmodifiableMap(
-				CollectionUtils.isEmpty(additionalParameters) ?
-				Collections.emptyMap() : new LinkedHashMap<>(additionalParameters));
+		this.additionalParameters = Collections.unmodifiableMap(CollectionUtils.isEmpty(additionalParameters)
+				? Collections.emptyMap() : new LinkedHashMap<>(additionalParameters));
 	}
 
 	/**
 	 * Returns the {@link ClientRegistration client registration}.
-	 *
 	 * @return the {@link ClientRegistration}
 	 */
 	public ClientRegistration getClientRegistration() {
@@ -79,7 +79,6 @@ public class OAuth2UserRequest {
 
 	/**
 	 * Returns the {@link OAuth2AccessToken access token}.
-	 *
 	 * @return the {@link OAuth2AccessToken}
 	 */
 	public OAuth2AccessToken getAccessToken() {
@@ -95,4 +94,5 @@ public class OAuth2UserRequest {
 	public Map<String, Object> getAdditionalParameters() {
 		return this.additionalParameters;
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequestEntityConverter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequestEntityConverter.java
index f373a21012..09379adf3f 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequestEntityConverter.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequestEntityConverter.java
@@ -33,8 +33,8 @@ import java.util.Collections;
 import static org.springframework.http.MediaType.APPLICATION_FORM_URLENCODED_VALUE;
 
 /**
- * A {@link Converter} that converts the provided {@link OAuth2UserRequest}
- * to a {@link RequestEntity} representation of a request for the UserInfo Endpoint.
+ * A {@link Converter} that converts the provided {@link OAuth2UserRequest} to a
+ * {@link RequestEntity} representation of a request for the UserInfo Endpoint.
  *
  * @author Joe Grandja
  * @since 5.1
@@ -43,11 +43,12 @@ import static org.springframework.http.MediaType.APPLICATION_FORM_URLENCODED_VAL
  * @see RequestEntity
  */
 public class OAuth2UserRequestEntityConverter implements Converter<OAuth2UserRequest, RequestEntity<?>> {
-	private static final MediaType DEFAULT_CONTENT_TYPE = MediaType.valueOf(APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8");
+
+	private static final MediaType DEFAULT_CONTENT_TYPE = MediaType
+			.valueOf(APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8");
 
 	/**
 	 * Returns the {@link RequestEntity} used for the UserInfo Request.
-	 *
 	 * @param userRequest the user request
 	 * @return the {@link RequestEntity} used for the UserInfo Request
 	 */
@@ -56,14 +57,14 @@ public class OAuth2UserRequestEntityConverter implements Converter<OAuth2UserReq
 		ClientRegistration clientRegistration = userRequest.getClientRegistration();
 
 		HttpMethod httpMethod = HttpMethod.GET;
-		if (AuthenticationMethod.FORM.equals(clientRegistration.getProviderDetails().getUserInfoEndpoint().getAuthenticationMethod())) {
+		if (AuthenticationMethod.FORM
+				.equals(clientRegistration.getProviderDetails().getUserInfoEndpoint().getAuthenticationMethod())) {
 			httpMethod = HttpMethod.POST;
 		}
 		HttpHeaders headers = new HttpHeaders();
 		headers.setAccept(Collections.singletonList(MediaType.APPLICATION_JSON));
-		URI uri = UriComponentsBuilder.fromUriString(clientRegistration.getProviderDetails().getUserInfoEndpoint().getUri())
-				.build()
-				.toUri();
+		URI uri = UriComponentsBuilder
+				.fromUriString(clientRegistration.getProviderDetails().getUserInfoEndpoint().getUri()).build().toUri();
 
 		RequestEntity<?> request;
 		if (HttpMethod.POST.equals(httpMethod)) {
@@ -71,11 +72,13 @@ public class OAuth2UserRequestEntityConverter implements Converter<OAuth2UserReq
 			MultiValueMap<String, String> formParameters = new LinkedMultiValueMap<>();
 			formParameters.add(OAuth2ParameterNames.ACCESS_TOKEN, userRequest.getAccessToken().getTokenValue());
 			request = new RequestEntity<>(formParameters, headers, httpMethod, uri);
-		} else {
+		}
+		else {
 			headers.setBearerAuth(userRequest.getAccessToken().getTokenValue());
 			request = new RequestEntity<>(headers, httpMethod, uri);
 		}
 
 		return request;
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserService.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserService.java
index 2aae74a0d9..1c61f31fc0 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserService.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserService.java
@@ -20,18 +20,17 @@ import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
 import org.springframework.security.oauth2.core.user.OAuth2User;
 
 /**
- * Implementations of this interface are responsible for obtaining the user attributes
- * of the End-User (Resource Owner) from the UserInfo Endpoint
- * using the {@link OAuth2UserRequest#getAccessToken() Access Token}
- * granted to the {@link OAuth2UserRequest#getClientRegistration() Client}
- * and returning an {@link AuthenticatedPrincipal} in the form of an {@link OAuth2User}.
+ * Implementations of this interface are responsible for obtaining the user attributes of
+ * the End-User (Resource Owner) from the UserInfo Endpoint using the
+ * {@link OAuth2UserRequest#getAccessToken() Access Token} granted to the
+ * {@link OAuth2UserRequest#getClientRegistration() Client} and returning an
+ * {@link AuthenticatedPrincipal} in the form of an {@link OAuth2User}.
  *
  * @author Joe Grandja
  * @since 5.0
  * @see OAuth2UserRequest
  * @see OAuth2User
  * @see AuthenticatedPrincipal
- *
  * @param <R> The type of OAuth 2.0 User Request
  * @param <U> The type of OAuth 2.0 User
  */
@@ -39,11 +38,12 @@ import org.springframework.security.oauth2.core.user.OAuth2User;
 public interface OAuth2UserService<R extends OAuth2UserRequest, U extends OAuth2User> {
 
 	/**
-	 * Returns an {@link OAuth2User} after obtaining the user attributes of the End-User from the UserInfo Endpoint.
-	 *
+	 * Returns an {@link OAuth2User} after obtaining the user attributes of the End-User
+	 * from the UserInfo Endpoint.
 	 * @param userRequest the user request
 	 * @return an {@link OAuth2User}
-	 * @throws OAuth2AuthenticationException if an error occurs while attempting to obtain the user attributes from the UserInfo Endpoint
+	 * @throws OAuth2AuthenticationException if an error occurs while attempting to obtain
+	 * the user attributes from the UserInfo Endpoint
 	 */
 	U loadUser(R userRequest) throws OAuth2AuthenticationException;
 
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/ReactiveOAuth2UserService.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/ReactiveOAuth2UserService.java
index f166c27326..be73af0f98 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/ReactiveOAuth2UserService.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/ReactiveOAuth2UserService.java
@@ -21,18 +21,17 @@ import org.springframework.security.oauth2.core.user.OAuth2User;
 import reactor.core.publisher.Mono;
 
 /**
- * Implementations of this interface are responsible for obtaining the user attributes
- * of the End-User (Resource Owner) from the UserInfo Endpoint
- * using the {@link OAuth2UserRequest#getAccessToken() Access Token}
- * granted to the {@link OAuth2UserRequest#getClientRegistration() Client}
- * and returning an {@link AuthenticatedPrincipal} in the form of an {@link OAuth2User}.
+ * Implementations of this interface are responsible for obtaining the user attributes of
+ * the End-User (Resource Owner) from the UserInfo Endpoint using the
+ * {@link OAuth2UserRequest#getAccessToken() Access Token} granted to the
+ * {@link OAuth2UserRequest#getClientRegistration() Client} and returning an
+ * {@link AuthenticatedPrincipal} in the form of an {@link OAuth2User}.
  *
  * @author Rob Winch
  * @since 5.1
  * @see OAuth2UserRequest
  * @see OAuth2User
  * @see AuthenticatedPrincipal
- *
  * @param <R> The type of OAuth 2.0 User Request
  * @param <U> The type of OAuth 2.0 User
  */
@@ -40,11 +39,12 @@ import reactor.core.publisher.Mono;
 public interface ReactiveOAuth2UserService<R extends OAuth2UserRequest, U extends OAuth2User> {
 
 	/**
-	 * Returns an {@link OAuth2User} after obtaining the user attributes of the End-User from the UserInfo Endpoint.
-	 *
+	 * Returns an {@link OAuth2User} after obtaining the user attributes of the End-User
+	 * from the UserInfo Endpoint.
 	 * @param userRequest the user request
 	 * @return an {@link OAuth2User}
-	 * @throws OAuth2AuthenticationException if an error occurs while attempting to obtain the user attributes from the UserInfo Endpoint
+	 * @throws OAuth2AuthenticationException if an error occurs while attempting to obtain
+	 * the user attributes from the UserInfo Endpoint
 	 */
 	Mono<U> loadUser(R userRequest) throws OAuth2AuthenticationException;
 
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/package-info.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/package-info.java
index 2d698369b9..c66ac1a8e7 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/package-info.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/package-info.java
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 /**
- * Classes and interfaces providing support to the client for initiating requests
- * to the OAuth 2.0 Authorization Server's UserInfo Endpoint.
+ * Classes and interfaces providing support to the client for initiating requests to the
+ * OAuth 2.0 Authorization Server's UserInfo Endpoint.
  */
 package org.springframework.security.oauth2.client.userinfo;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthenticatedPrincipalOAuth2AuthorizedClientRepository.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthenticatedPrincipalOAuth2AuthorizedClientRepository.java
index fef8ffac71..62527e9035 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthenticatedPrincipalOAuth2AuthorizedClientRepository.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthenticatedPrincipalOAuth2AuthorizedClientRepository.java
@@ -26,12 +26,12 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 /**
- * An implementation of an {@link OAuth2AuthorizedClientRepository} that
- * delegates to the provided {@link OAuth2AuthorizedClientService} if the current
- * {@code Principal} is authenticated, otherwise,
- * to the default (or provided) {@link OAuth2AuthorizedClientRepository}
- * if the current request is unauthenticated (or anonymous).
- * The default {@code OAuth2AuthorizedClientRepository} is {@link HttpSessionOAuth2AuthorizedClientRepository}.
+ * An implementation of an {@link OAuth2AuthorizedClientRepository} that delegates to the
+ * provided {@link OAuth2AuthorizedClientService} if the current {@code Principal} is
+ * authenticated, otherwise, to the default (or provided)
+ * {@link OAuth2AuthorizedClientRepository} if the current request is unauthenticated (or
+ * anonymous). The default {@code OAuth2AuthorizedClientRepository} is
+ * {@link HttpSessionOAuth2AuthorizedClientRepository}.
  *
  * @author Joe Grandja
  * @since 5.1
@@ -41,64 +41,76 @@ import javax.servlet.http.HttpServletResponse;
  * @see HttpSessionOAuth2AuthorizedClientRepository
  */
 public final class AuthenticatedPrincipalOAuth2AuthorizedClientRepository implements OAuth2AuthorizedClientRepository {
+
 	private final AuthenticationTrustResolver authenticationTrustResolver = new AuthenticationTrustResolverImpl();
+
 	private final OAuth2AuthorizedClientService authorizedClientService;
+
 	private OAuth2AuthorizedClientRepository anonymousAuthorizedClientRepository = new HttpSessionOAuth2AuthorizedClientRepository();
 
 	/**
-	 * Constructs a {@code AuthenticatedPrincipalOAuth2AuthorizedClientRepository} using the provided parameters.
-	 *
+	 * Constructs a {@code AuthenticatedPrincipalOAuth2AuthorizedClientRepository} using
+	 * the provided parameters.
 	 * @param authorizedClientService the authorized client service
 	 */
-	public AuthenticatedPrincipalOAuth2AuthorizedClientRepository(OAuth2AuthorizedClientService authorizedClientService) {
+	public AuthenticatedPrincipalOAuth2AuthorizedClientRepository(
+			OAuth2AuthorizedClientService authorizedClientService) {
 		Assert.notNull(authorizedClientService, "authorizedClientService cannot be null");
 		this.authorizedClientService = authorizedClientService;
 	}
 
 	/**
-	 * Sets the {@link OAuth2AuthorizedClientRepository} used for requests that are unauthenticated (or anonymous).
-	 * The default is {@link HttpSessionOAuth2AuthorizedClientRepository}.
-	 *
-	 * @param anonymousAuthorizedClientRepository the repository used for requests that are unauthenticated (or anonymous)
+	 * Sets the {@link OAuth2AuthorizedClientRepository} used for requests that are
+	 * unauthenticated (or anonymous). The default is
+	 * {@link HttpSessionOAuth2AuthorizedClientRepository}.
+	 * @param anonymousAuthorizedClientRepository the repository used for requests that
+	 * are unauthenticated (or anonymous)
 	 */
-	public void setAnonymousAuthorizedClientRepository(OAuth2AuthorizedClientRepository anonymousAuthorizedClientRepository) {
+	public void setAnonymousAuthorizedClientRepository(
+			OAuth2AuthorizedClientRepository anonymousAuthorizedClientRepository) {
 		Assert.notNull(anonymousAuthorizedClientRepository, "anonymousAuthorizedClientRepository cannot be null");
 		this.anonymousAuthorizedClientRepository = anonymousAuthorizedClientRepository;
 	}
 
 	@Override
-	public <T extends OAuth2AuthorizedClient> T loadAuthorizedClient(String clientRegistrationId, Authentication principal,
-																		HttpServletRequest request) {
+	public <T extends OAuth2AuthorizedClient> T loadAuthorizedClient(String clientRegistrationId,
+			Authentication principal, HttpServletRequest request) {
 		if (this.isPrincipalAuthenticated(principal)) {
 			return this.authorizedClientService.loadAuthorizedClient(clientRegistrationId, principal.getName());
-		} else {
-			return this.anonymousAuthorizedClientRepository.loadAuthorizedClient(clientRegistrationId, principal, request);
+		}
+		else {
+			return this.anonymousAuthorizedClientRepository.loadAuthorizedClient(clientRegistrationId, principal,
+					request);
 		}
 	}
 
 	@Override
 	public void saveAuthorizedClient(OAuth2AuthorizedClient authorizedClient, Authentication principal,
-										HttpServletRequest request, HttpServletResponse response) {
+			HttpServletRequest request, HttpServletResponse response) {
 		if (this.isPrincipalAuthenticated(principal)) {
 			this.authorizedClientService.saveAuthorizedClient(authorizedClient, principal);
-		} else {
-			this.anonymousAuthorizedClientRepository.saveAuthorizedClient(authorizedClient, principal, request, response);
+		}
+		else {
+			this.anonymousAuthorizedClientRepository.saveAuthorizedClient(authorizedClient, principal, request,
+					response);
 		}
 	}
 
 	@Override
 	public void removeAuthorizedClient(String clientRegistrationId, Authentication principal,
-										HttpServletRequest request, HttpServletResponse response) {
+			HttpServletRequest request, HttpServletResponse response) {
 		if (this.isPrincipalAuthenticated(principal)) {
 			this.authorizedClientService.removeAuthorizedClient(clientRegistrationId, principal.getName());
-		} else {
-			this.anonymousAuthorizedClientRepository.removeAuthorizedClient(clientRegistrationId, principal, request, response);
+		}
+		else {
+			this.anonymousAuthorizedClientRepository.removeAuthorizedClient(clientRegistrationId, principal, request,
+					response);
 		}
 	}
 
 	private boolean isPrincipalAuthenticated(Authentication authentication) {
-		return authentication != null &&
-				!this.authenticationTrustResolver.isAnonymous(authentication) &&
-				authentication.isAuthenticated();
+		return authentication != null && !this.authenticationTrustResolver.isAnonymous(authentication)
+				&& authentication.isAuthenticated();
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthorizationRequestRepository.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthorizationRequestRepository.java
index c2114a0aa8..46a0d041e1 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthorizationRequestRepository.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthorizationRequestRepository.java
@@ -21,58 +21,57 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 /**
- * Implementations of this interface are responsible for the persistence
- * of {@link OAuth2AuthorizationRequest} between requests.
+ * Implementations of this interface are responsible for the persistence of
+ * {@link OAuth2AuthorizationRequest} between requests.
  *
  * <p>
- * Used by the {@link OAuth2AuthorizationRequestRedirectFilter} for persisting the Authorization Request
- * before it initiates the authorization code grant flow.
- * As well, used by the {@link OAuth2LoginAuthenticationFilter} for resolving
- * the associated Authorization Request when handling the callback of the Authorization Response.
+ * Used by the {@link OAuth2AuthorizationRequestRedirectFilter} for persisting the
+ * Authorization Request before it initiates the authorization code grant flow. As well,
+ * used by the {@link OAuth2LoginAuthenticationFilter} for resolving the associated
+ * Authorization Request when handling the callback of the Authorization Response.
  *
  * @author Joe Grandja
  * @since 5.0
  * @see OAuth2AuthorizationRequest
  * @see HttpSessionOAuth2AuthorizationRequestRepository
- *
  * @param <T> The type of OAuth 2.0 Authorization Request
  */
 public interface AuthorizationRequestRepository<T extends OAuth2AuthorizationRequest> {
 
 	/**
-	 * Returns the {@link OAuth2AuthorizationRequest} associated to the provided {@code HttpServletRequest}
-	 * or {@code null} if not available.
-	 *
+	 * Returns the {@link OAuth2AuthorizationRequest} associated to the provided
+	 * {@code HttpServletRequest} or {@code null} if not available.
 	 * @param request the {@code HttpServletRequest}
 	 * @return the {@link OAuth2AuthorizationRequest} or {@code null} if not available
 	 */
 	T loadAuthorizationRequest(HttpServletRequest request);
 
 	/**
-	 * Persists the {@link OAuth2AuthorizationRequest} associating it to
-	 * the provided {@code HttpServletRequest} and/or {@code HttpServletResponse}.
-	 *
+	 * Persists the {@link OAuth2AuthorizationRequest} associating it to the provided
+	 * {@code HttpServletRequest} and/or {@code HttpServletResponse}.
 	 * @param authorizationRequest the {@link OAuth2AuthorizationRequest}
 	 * @param request the {@code HttpServletRequest}
 	 * @param response the {@code HttpServletResponse}
 	 */
-	void saveAuthorizationRequest(T authorizationRequest, HttpServletRequest request,
-									HttpServletResponse response);
+	void saveAuthorizationRequest(T authorizationRequest, HttpServletRequest request, HttpServletResponse response);
 
 	/**
 	 * Removes and returns the {@link OAuth2AuthorizationRequest} associated to the
 	 * provided {@code HttpServletRequest} or if not available returns {@code null}.
-	 *
-	 * @deprecated Use {@link #removeAuthorizationRequest(HttpServletRequest, HttpServletResponse)} instead
+	 * @deprecated Use
+	 * {@link #removeAuthorizationRequest(HttpServletRequest, HttpServletResponse)}
+	 * instead
 	 * @param request the {@code HttpServletRequest}
-	 * @return the removed {@link OAuth2AuthorizationRequest} or {@code null} if not available
+	 * @return the removed {@link OAuth2AuthorizationRequest} or {@code null} if not
+	 * available
 	 */
 	@Deprecated
 	T removeAuthorizationRequest(HttpServletRequest request);
 
 	/**
 	 * Removes and returns the {@link OAuth2AuthorizationRequest} associated to the
-	 * provided {@code HttpServletRequest} and {@code HttpServletResponse} or if not available returns {@code null}.
+	 * provided {@code HttpServletRequest} and {@code HttpServletResponse} or if not
+	 * available returns {@code null}.
 	 *
 	 * @since 5.1
 	 * @param request the {@code HttpServletRequest}
@@ -82,4 +81,5 @@ public interface AuthorizationRequestRepository<T extends OAuth2AuthorizationReq
 	default T removeAuthorizationRequest(HttpServletRequest request, HttpServletResponse response) {
 		return removeAuthorizationRequest(request);
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolver.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolver.java
index d3c495dd3b..ae4665a735 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolver.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolver.java
@@ -45,12 +45,14 @@ import java.util.function.Consumer;
 
 /**
  * An implementation of an {@link OAuth2AuthorizationRequestResolver} that attempts to
- * resolve an {@link OAuth2AuthorizationRequest} from the provided {@code HttpServletRequest}
- * using the default request {@code URI} pattern {@code /oauth2/authorization/{registrationId}}.
+ * resolve an {@link OAuth2AuthorizationRequest} from the provided
+ * {@code HttpServletRequest} using the default request {@code URI} pattern
+ * {@code /oauth2/authorization/{registrationId}}.
  *
  * <p>
- * <b>NOTE:</b> The default base {@code URI} {@code /oauth2/authorization} may be overridden
- * via it's constructor {@link #DefaultOAuth2AuthorizationRequestResolver(ClientRegistrationRepository, String)}.
+ * <b>NOTE:</b> The default base {@code URI} {@code /oauth2/authorization} may be
+ * overridden via it's constructor
+ * {@link #DefaultOAuth2AuthorizationRequestResolver(ClientRegistrationRepository, String)}.
  *
  * @author Joe Grandja
  * @author Rob Winch
@@ -61,22 +63,32 @@ import java.util.function.Consumer;
  * @see OAuth2AuthorizationRequestRedirectFilter
  */
 public final class DefaultOAuth2AuthorizationRequestResolver implements OAuth2AuthorizationRequestResolver {
+
 	private static final String REGISTRATION_ID_URI_VARIABLE_NAME = "registrationId";
+
 	private static final char PATH_DELIMITER = '/';
+
 	private final ClientRegistrationRepository clientRegistrationRepository;
+
 	private final AntPathRequestMatcher authorizationRequestMatcher;
+
 	private final StringKeyGenerator stateGenerator = new Base64StringKeyGenerator(Base64.getUrlEncoder());
-	private final StringKeyGenerator secureKeyGenerator = new Base64StringKeyGenerator(Base64.getUrlEncoder().withoutPadding(), 96);
-	private Consumer<OAuth2AuthorizationRequest.Builder> authorizationRequestCustomizer = customizer -> {};
+
+	private final StringKeyGenerator secureKeyGenerator = new Base64StringKeyGenerator(
+			Base64.getUrlEncoder().withoutPadding(), 96);
+
+	private Consumer<OAuth2AuthorizationRequest.Builder> authorizationRequestCustomizer = customizer -> {
+	};
 
 	/**
-	 * Constructs a {@code DefaultOAuth2AuthorizationRequestResolver} using the provided parameters.
-	 *
+	 * Constructs a {@code DefaultOAuth2AuthorizationRequestResolver} using the provided
+	 * parameters.
 	 * @param clientRegistrationRepository the repository of client registrations
-	 * @param authorizationRequestBaseUri the base {@code URI} used for resolving authorization requests
+	 * @param authorizationRequestBaseUri the base {@code URI} used for resolving
+	 * authorization requests
 	 */
 	public DefaultOAuth2AuthorizationRequestResolver(ClientRegistrationRepository clientRegistrationRepository,
-														String authorizationRequestBaseUri) {
+			String authorizationRequestBaseUri) {
 		Assert.notNull(clientRegistrationRepository, "clientRegistrationRepository cannot be null");
 		Assert.hasText(authorizationRequestBaseUri, "authorizationRequestBaseUri cannot be empty");
 		this.clientRegistrationRepository = clientRegistrationRepository;
@@ -104,13 +116,15 @@ public final class DefaultOAuth2AuthorizationRequestResolver implements OAuth2Au
 	}
 
 	/**
-	 * Sets the {@code Consumer} to be provided the {@link OAuth2AuthorizationRequest.Builder}
-	 * allowing for further customizations.
+	 * Sets the {@code Consumer} to be provided the
+	 * {@link OAuth2AuthorizationRequest.Builder} allowing for further customizations.
 	 *
 	 * @since 5.3
-	 * @param authorizationRequestCustomizer the {@code Consumer} to be provided the {@link OAuth2AuthorizationRequest.Builder}
+	 * @param authorizationRequestCustomizer the {@code Consumer} to be provided the
+	 * {@link OAuth2AuthorizationRequest.Builder}
 	 */
-	public void setAuthorizationRequestCustomizer(Consumer<OAuth2AuthorizationRequest.Builder> authorizationRequestCustomizer) {
+	public void setAuthorizationRequestCustomizer(
+			Consumer<OAuth2AuthorizationRequest.Builder> authorizationRequestCustomizer) {
 		Assert.notNull(authorizationRequestCustomizer, "authorizationRequestCustomizer cannot be null");
 		this.authorizationRequestCustomizer = authorizationRequestCustomizer;
 	}
@@ -123,7 +137,8 @@ public final class DefaultOAuth2AuthorizationRequestResolver implements OAuth2Au
 		return action;
 	}
 
-	private OAuth2AuthorizationRequest resolve(HttpServletRequest request, String registrationId, String redirectUriAction) {
+	private OAuth2AuthorizationRequest resolve(HttpServletRequest request, String registrationId,
+			String redirectUriAction) {
 		if (registrationId == null) {
 			return null;
 		}
@@ -140,34 +155,35 @@ public final class DefaultOAuth2AuthorizationRequestResolver implements OAuth2Au
 		if (AuthorizationGrantType.AUTHORIZATION_CODE.equals(clientRegistration.getAuthorizationGrantType())) {
 			builder = OAuth2AuthorizationRequest.authorizationCode();
 			Map<String, Object> additionalParameters = new HashMap<>();
-			if (!CollectionUtils.isEmpty(clientRegistration.getScopes()) &&
-					clientRegistration.getScopes().contains(OidcScopes.OPENID)) {
-				// Section 3.1.2.1 Authentication Request - https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
+			if (!CollectionUtils.isEmpty(clientRegistration.getScopes())
+					&& clientRegistration.getScopes().contains(OidcScopes.OPENID)) {
+				// Section 3.1.2.1 Authentication Request -
+				// https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
 				// scope
-				// 		REQUIRED. OpenID Connect requests MUST contain the "openid" scope value.
+				// REQUIRED. OpenID Connect requests MUST contain the "openid" scope
+				// value.
 				addNonceParameters(attributes, additionalParameters);
 			}
 			if (ClientAuthenticationMethod.NONE.equals(clientRegistration.getClientAuthenticationMethod())) {
 				addPkceParameters(attributes, additionalParameters);
 			}
 			builder.additionalParameters(additionalParameters);
-		} else if (AuthorizationGrantType.IMPLICIT.equals(clientRegistration.getAuthorizationGrantType())) {
+		}
+		else if (AuthorizationGrantType.IMPLICIT.equals(clientRegistration.getAuthorizationGrantType())) {
 			builder = OAuth2AuthorizationRequest.implicit();
-		} else {
-			throw new IllegalArgumentException("Invalid Authorization Grant Type ("  +
-					clientRegistration.getAuthorizationGrantType().getValue() +
-					") for Client Registration with Id: " + clientRegistration.getRegistrationId());
+		}
+		else {
+			throw new IllegalArgumentException(
+					"Invalid Authorization Grant Type (" + clientRegistration.getAuthorizationGrantType().getValue()
+							+ ") for Client Registration with Id: " + clientRegistration.getRegistrationId());
 		}
 
 		String redirectUriStr = expandRedirectUri(request, clientRegistration, redirectUriAction);
 
-		builder
-				.clientId(clientRegistration.getClientId())
+		builder.clientId(clientRegistration.getClientId())
 				.authorizationUri(clientRegistration.getProviderDetails().getAuthorizationUri())
-				.redirectUri(redirectUriStr)
-				.scopes(clientRegistration.getScopes())
-				.state(this.stateGenerator.generateKey())
-				.attributes(attributes);
+				.redirectUri(redirectUriStr).scopes(clientRegistration.getScopes())
+				.state(this.stateGenerator.generateKey()).attributes(attributes);
 
 		this.authorizationRequestCustomizer.accept(builder);
 
@@ -176,14 +192,15 @@ public final class DefaultOAuth2AuthorizationRequestResolver implements OAuth2Au
 
 	private String resolveRegistrationId(HttpServletRequest request) {
 		if (this.authorizationRequestMatcher.matches(request)) {
-			return this.authorizationRequestMatcher
-					.matcher(request).getVariables().get(REGISTRATION_ID_URI_VARIABLE_NAME);
+			return this.authorizationRequestMatcher.matcher(request).getVariables()
+					.get(REGISTRATION_ID_URI_VARIABLE_NAME);
 		}
 		return null;
 	}
 
 	/**
-	 * Expands the {@link ClientRegistration#getRedirectUri()} with following provided variables:<br/>
+	 * Expands the {@link ClientRegistration#getRedirectUri()} with following provided
+	 * variables:<br/>
 	 * - baseUrl (e.g. https://localhost/app) <br/>
 	 * - baseScheme (e.g. https) <br/>
 	 * - baseHost (e.g. localhost) <br/>
@@ -194,19 +211,17 @@ public final class DefaultOAuth2AuthorizationRequestResolver implements OAuth2Au
 	 * <p/>
 	 * Null variables are provided as empty strings.
 	 * <p/>
-	 * Default redirectUri is: {@code org.springframework.security.config.oauth2.client.CommonOAuth2Provider#DEFAULT_REDIRECT_URL}
-	 *
+	 * Default redirectUri is:
+	 * {@code org.springframework.security.config.oauth2.client.CommonOAuth2Provider#DEFAULT_REDIRECT_URL}
 	 * @return expanded URI
 	 */
-	private static String expandRedirectUri(HttpServletRequest request, ClientRegistration clientRegistration, String action) {
+	private static String expandRedirectUri(HttpServletRequest request, ClientRegistration clientRegistration,
+			String action) {
 		Map<String, String> uriVariables = new HashMap<>();
 		uriVariables.put("registrationId", clientRegistration.getRegistrationId());
 
 		UriComponents uriComponents = UriComponentsBuilder.fromHttpUrl(UrlUtils.buildFullRequestUrl(request))
-				.replacePath(request.getContextPath())
-				.replaceQuery(null)
-				.fragment(null)
-				.build();
+				.replacePath(request.getContextPath()).replaceQuery(null).fragment(null).build();
 		String scheme = uriComponents.getScheme();
 		uriVariables.put("baseScheme", scheme == null ? "" : scheme);
 		String host = uriComponents.getHost();
@@ -225,19 +240,21 @@ public final class DefaultOAuth2AuthorizationRequestResolver implements OAuth2Au
 
 		uriVariables.put("action", action == null ? "" : action);
 
-		return UriComponentsBuilder.fromUriString(clientRegistration.getRedirectUri())
-				.buildAndExpand(uriVariables)
+		return UriComponentsBuilder.fromUriString(clientRegistration.getRedirectUri()).buildAndExpand(uriVariables)
 				.toUriString();
 	}
 
 	/**
 	 * Creates nonce and its hash for use in OpenID Connect 1.0 Authentication Requests.
-	 *
-	 * @param attributes where the {@link OidcParameterNames#NONCE} is stored for the authentication request
-	 * @param additionalParameters where the {@link OidcParameterNames#NONCE} hash is added for the authentication request
+	 * @param attributes where the {@link OidcParameterNames#NONCE} is stored for the
+	 * authentication request
+	 * @param additionalParameters where the {@link OidcParameterNames#NONCE} hash is
+	 * added for the authentication request
 	 *
 	 * @since 5.2
-	 * @see <a target="_blank" href="https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest">3.1.2.1.  Authentication Request</a>
+	 * @see <a target="_blank" href=
+	 * "https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest">3.1.2.1.
+	 * Authentication Request</a>
 	 */
 	private void addNonceParameters(Map<String, Object> attributes, Map<String, Object> additionalParameters) {
 		try {
@@ -245,20 +262,27 @@ public final class DefaultOAuth2AuthorizationRequestResolver implements OAuth2Au
 			String nonceHash = createHash(nonce);
 			attributes.put(OidcParameterNames.NONCE, nonce);
 			additionalParameters.put(OidcParameterNames.NONCE, nonceHash);
-		} catch (NoSuchAlgorithmException e) { }
+		}
+		catch (NoSuchAlgorithmException e) {
+		}
 	}
 
 	/**
-	 * Creates and adds additional PKCE parameters for use in the OAuth 2.0 Authorization and Access Token Requests
-	 *
-	 * @param attributes where {@link PkceParameterNames#CODE_VERIFIER} is stored for the token request
-	 * @param additionalParameters where {@link PkceParameterNames#CODE_CHALLENGE} and, usually,
-	 * {@link PkceParameterNames#CODE_CHALLENGE_METHOD} are added to be used in the authorization request.
+	 * Creates and adds additional PKCE parameters for use in the OAuth 2.0 Authorization
+	 * and Access Token Requests
+	 * @param attributes where {@link PkceParameterNames#CODE_VERIFIER} is stored for the
+	 * token request
+	 * @param additionalParameters where {@link PkceParameterNames#CODE_CHALLENGE} and,
+	 * usually, {@link PkceParameterNames#CODE_CHALLENGE_METHOD} are added to be used in
+	 * the authorization request.
 	 *
 	 * @since 5.2
-	 * @see <a target="_blank" href="https://tools.ietf.org/html/rfc7636#section-1.1">1.1.  Protocol Flow</a>
-	 * @see <a target="_blank" href="https://tools.ietf.org/html/rfc7636#section-4.1">4.1.  Client Creates a Code Verifier</a>
-	 * @see <a target="_blank" href="https://tools.ietf.org/html/rfc7636#section-4.2">4.2.  Client Creates the Code Challenge</a>
+	 * @see <a target="_blank" href="https://tools.ietf.org/html/rfc7636#section-1.1">1.1.
+	 * Protocol Flow</a>
+	 * @see <a target="_blank" href="https://tools.ietf.org/html/rfc7636#section-4.1">4.1.
+	 * Client Creates a Code Verifier</a>
+	 * @see <a target="_blank" href="https://tools.ietf.org/html/rfc7636#section-4.2">4.2.
+	 * Client Creates the Code Challenge</a>
 	 */
 	private void addPkceParameters(Map<String, Object> attributes, Map<String, Object> additionalParameters) {
 		String codeVerifier = this.secureKeyGenerator.generateKey();
@@ -267,7 +291,8 @@ public final class DefaultOAuth2AuthorizationRequestResolver implements OAuth2Au
 			String codeChallenge = createHash(codeVerifier);
 			additionalParameters.put(PkceParameterNames.CODE_CHALLENGE, codeChallenge);
 			additionalParameters.put(PkceParameterNames.CODE_CHALLENGE_METHOD, "S256");
-		} catch (NoSuchAlgorithmException e) {
+		}
+		catch (NoSuchAlgorithmException e) {
 			additionalParameters.put(PkceParameterNames.CODE_CHALLENGE, codeVerifier);
 		}
 	}
@@ -277,4 +302,5 @@ public final class DefaultOAuth2AuthorizationRequestResolver implements OAuth2Au
 		byte[] digest = md.digest(value.getBytes(StandardCharsets.US_ASCII));
 		return Base64.getUrlEncoder().withoutPadding().encodeToString(digest);
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManager.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManager.java
index 708db52020..78bc7af340 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManager.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManager.java
@@ -47,34 +47,34 @@ import java.util.Map;
 import java.util.function.Function;
 
 /**
- * The default implementation of an {@link OAuth2AuthorizedClientManager}
- * for use within the context of a {@code HttpServletRequest}.
+ * The default implementation of an {@link OAuth2AuthorizedClientManager} for use within
+ * the context of a {@code HttpServletRequest}.
  *
  * <p>
- * (When operating <em>outside</em> of the context of a {@code HttpServletRequest},
- * use {@link AuthorizedClientServiceOAuth2AuthorizedClientManager} instead.)
+ * (When operating <em>outside</em> of the context of a {@code HttpServletRequest}, use
+ * {@link AuthorizedClientServiceOAuth2AuthorizedClientManager} instead.)
  *
  * <h2>Authorized Client Persistence</h2>
  *
  * <p>
- * This manager utilizes an {@link OAuth2AuthorizedClientRepository}
- * to persist {@link OAuth2AuthorizedClient}s.
+ * This manager utilizes an {@link OAuth2AuthorizedClientRepository} to persist
+ * {@link OAuth2AuthorizedClient}s.
  *
  * <p>
  * By default, when an authorization attempt succeeds, the {@link OAuth2AuthorizedClient}
- * will be saved in the {@link OAuth2AuthorizedClientRepository}.
- * This functionality can be changed by configuring a custom {@link OAuth2AuthorizationSuccessHandler}
- * via {@link #setAuthorizationSuccessHandler(OAuth2AuthorizationSuccessHandler)}.
+ * will be saved in the {@link OAuth2AuthorizedClientRepository}. This functionality can
+ * be changed by configuring a custom {@link OAuth2AuthorizationSuccessHandler} via
+ * {@link #setAuthorizationSuccessHandler(OAuth2AuthorizationSuccessHandler)}.
  *
  * <p>
  * By default, when an authorization attempt fails due to an
- * {@value OAuth2ErrorCodes#INVALID_GRANT} error,
- * the previously saved {@link OAuth2AuthorizedClient}
- * will be removed from the {@link OAuth2AuthorizedClientRepository}.
- * (The {@value OAuth2ErrorCodes#INVALID_GRANT} error can occur
- * when a refresh token that is no longer valid is used to retrieve a new access token.)
- * This functionality can be changed by configuring a custom {@link OAuth2AuthorizationFailureHandler}
- * via {@link #setAuthorizationFailureHandler(OAuth2AuthorizationFailureHandler)}.
+ * {@value OAuth2ErrorCodes#INVALID_GRANT} error, the previously saved
+ * {@link OAuth2AuthorizedClient} will be removed from the
+ * {@link OAuth2AuthorizedClientRepository}. (The {@value OAuth2ErrorCodes#INVALID_GRANT}
+ * error can occur when a refresh token that is no longer valid is used to retrieve a new
+ * access token.) This functionality can be changed by configuring a custom
+ * {@link OAuth2AuthorizationFailureHandler} via
+ * {@link #setAuthorizationFailureHandler(OAuth2AuthorizationFailureHandler)}.
  *
  * @author Joe Grandja
  * @since 5.2
@@ -84,43 +84,45 @@ import java.util.function.Function;
  * @see OAuth2AuthorizationFailureHandler
  */
 public final class DefaultOAuth2AuthorizedClientManager implements OAuth2AuthorizedClientManager {
-	private static final OAuth2AuthorizedClientProvider DEFAULT_AUTHORIZED_CLIENT_PROVIDER =
-			OAuth2AuthorizedClientProviderBuilder.builder()
-					.authorizationCode()
-					.refreshToken()
-					.clientCredentials()
-					.password()
-					.build();
+
+	private static final OAuth2AuthorizedClientProvider DEFAULT_AUTHORIZED_CLIENT_PROVIDER = OAuth2AuthorizedClientProviderBuilder
+			.builder().authorizationCode().refreshToken().clientCredentials().password().build();
+
 	private final ClientRegistrationRepository clientRegistrationRepository;
+
 	private final OAuth2AuthorizedClientRepository authorizedClientRepository;
+
 	private OAuth2AuthorizedClientProvider authorizedClientProvider;
+
 	private Function<OAuth2AuthorizeRequest, Map<String, Object>> contextAttributesMapper;
+
 	private OAuth2AuthorizationSuccessHandler authorizationSuccessHandler;
+
 	private OAuth2AuthorizationFailureHandler authorizationFailureHandler;
 
 	/**
-	 * Constructs a {@code DefaultOAuth2AuthorizedClientManager} using the provided parameters.
-	 *
+	 * Constructs a {@code DefaultOAuth2AuthorizedClientManager} using the provided
+	 * parameters.
 	 * @param clientRegistrationRepository the repository of client registrations
 	 * @param authorizedClientRepository the repository of authorized clients
 	 */
 	public DefaultOAuth2AuthorizedClientManager(ClientRegistrationRepository clientRegistrationRepository,
-												OAuth2AuthorizedClientRepository authorizedClientRepository) {
+			OAuth2AuthorizedClientRepository authorizedClientRepository) {
 		Assert.notNull(clientRegistrationRepository, "clientRegistrationRepository cannot be null");
 		Assert.notNull(authorizedClientRepository, "authorizedClientRepository cannot be null");
 		this.clientRegistrationRepository = clientRegistrationRepository;
 		this.authorizedClientRepository = authorizedClientRepository;
 		this.authorizedClientProvider = DEFAULT_AUTHORIZED_CLIENT_PROVIDER;
 		this.contextAttributesMapper = new DefaultContextAttributesMapper();
-		this.authorizationSuccessHandler = (authorizedClient, principal, attributes) ->
-				authorizedClientRepository.saveAuthorizedClient(authorizedClient, principal,
+		this.authorizationSuccessHandler = (authorizedClient, principal, attributes) -> authorizedClientRepository
+				.saveAuthorizedClient(authorizedClient, principal,
 						(HttpServletRequest) attributes.get(HttpServletRequest.class.getName()),
 						(HttpServletResponse) attributes.get(HttpServletResponse.class.getName()));
 		this.authorizationFailureHandler = new RemoveAuthorizedClientOAuth2AuthorizationFailureHandler(
-				(clientRegistrationId, principal, attributes) ->
-						authorizedClientRepository.removeAuthorizedClient(clientRegistrationId, principal,
-								(HttpServletRequest) attributes.get(HttpServletRequest.class.getName()),
-								(HttpServletResponse) attributes.get(HttpServletResponse.class.getName())));
+				(clientRegistrationId, principal, attributes) -> authorizedClientRepository.removeAuthorizedClient(
+						clientRegistrationId, principal,
+						(HttpServletRequest) attributes.get(HttpServletRequest.class.getName()),
+						(HttpServletResponse) attributes.get(HttpServletResponse.class.getName())));
 	}
 
 	@Nullable
@@ -140,41 +142,46 @@ public final class DefaultOAuth2AuthorizedClientManager implements OAuth2Authori
 		OAuth2AuthorizationContext.Builder contextBuilder;
 		if (authorizedClient != null) {
 			contextBuilder = OAuth2AuthorizationContext.withAuthorizedClient(authorizedClient);
-		} else {
-			authorizedClient = this.authorizedClientRepository.loadAuthorizedClient(
-					clientRegistrationId, principal, servletRequest);
+		}
+		else {
+			authorizedClient = this.authorizedClientRepository.loadAuthorizedClient(clientRegistrationId, principal,
+					servletRequest);
 			if (authorizedClient != null) {
 				contextBuilder = OAuth2AuthorizationContext.withAuthorizedClient(authorizedClient);
-			} else {
-				ClientRegistration clientRegistration = this.clientRegistrationRepository.findByRegistrationId(clientRegistrationId);
-				Assert.notNull(clientRegistration, "Could not find ClientRegistration with id '" + clientRegistrationId + "'");
+			}
+			else {
+				ClientRegistration clientRegistration = this.clientRegistrationRepository
+						.findByRegistrationId(clientRegistrationId);
+				Assert.notNull(clientRegistration,
+						"Could not find ClientRegistration with id '" + clientRegistrationId + "'");
 				contextBuilder = OAuth2AuthorizationContext.withClientRegistration(clientRegistration);
 			}
 		}
-		OAuth2AuthorizationContext authorizationContext = contextBuilder
-				.principal(principal)
-				.attributes(attributes -> {
-					Map<String, Object> contextAttributes = this.contextAttributesMapper.apply(authorizeRequest);
-					if (!CollectionUtils.isEmpty(contextAttributes)) {
-						attributes.putAll(contextAttributes);
-					}
-				})
-				.build();
+		OAuth2AuthorizationContext authorizationContext = contextBuilder.principal(principal).attributes(attributes -> {
+			Map<String, Object> contextAttributes = this.contextAttributesMapper.apply(authorizeRequest);
+			if (!CollectionUtils.isEmpty(contextAttributes)) {
+				attributes.putAll(contextAttributes);
+			}
+		}).build();
 
 		try {
 			authorizedClient = this.authorizedClientProvider.authorize(authorizationContext);
-		} catch (OAuth2AuthorizationException ex) {
-			this.authorizationFailureHandler.onAuthorizationFailure(
-					ex, principal, createAttributes(servletRequest, servletResponse));
+		}
+		catch (OAuth2AuthorizationException ex) {
+			this.authorizationFailureHandler.onAuthorizationFailure(ex, principal,
+					createAttributes(servletRequest, servletResponse));
 			throw ex;
 		}
 
 		if (authorizedClient != null) {
-			this.authorizationSuccessHandler.onAuthorizationSuccess(
-					authorizedClient, principal, createAttributes(servletRequest, servletResponse));
-		} else {
-			// In the case of re-authorization, the returned `authorizedClient` may be null if re-authorization is not supported.
-			// For these cases, return the provided `authorizationContext.authorizedClient`.
+			this.authorizationSuccessHandler.onAuthorizationSuccess(authorizedClient, principal,
+					createAttributes(servletRequest, servletResponse));
+		}
+		else {
+			// In the case of re-authorization, the returned `authorizedClient` may be
+			// null if re-authorization is not supported.
+			// For these cases, return the provided
+			// `authorizationContext.authorizedClient`.
 			if (authorizationContext.getAuthorizedClient() != null) {
 				return authorizationContext.getAuthorizedClient();
 			}
@@ -183,7 +190,8 @@ public final class DefaultOAuth2AuthorizedClientManager implements OAuth2Authori
 		return authorizedClient;
 	}
 
-	private static Map<String, Object> createAttributes(HttpServletRequest servletRequest, HttpServletResponse servletResponse) {
+	private static Map<String, Object> createAttributes(HttpServletRequest servletRequest,
+			HttpServletResponse servletResponse) {
 		Map<String, Object> attributes = new HashMap<>();
 		attributes.put(HttpServletRequest.class.getName(), servletRequest);
 		attributes.put(HttpServletResponse.class.getName(), servletResponse);
@@ -206,16 +214,17 @@ public final class DefaultOAuth2AuthorizedClientManager implements OAuth2Authori
 		if (servletResponse == null) {
 			RequestAttributes requestAttributes = RequestContextHolder.getRequestAttributes();
 			if (requestAttributes instanceof ServletRequestAttributes) {
-				servletResponse =  ((ServletRequestAttributes) requestAttributes).getResponse();
+				servletResponse = ((ServletRequestAttributes) requestAttributes).getResponse();
 			}
 		}
 		return servletResponse;
 	}
 
 	/**
-	 * Sets the {@link OAuth2AuthorizedClientProvider} used for authorizing (or re-authorizing) an OAuth 2.0 Client.
-	 *
-	 * @param authorizedClientProvider the {@link OAuth2AuthorizedClientProvider} used for authorizing (or re-authorizing) an OAuth 2.0 Client
+	 * Sets the {@link OAuth2AuthorizedClientProvider} used for authorizing (or
+	 * re-authorizing) an OAuth 2.0 Client.
+	 * @param authorizedClientProvider the {@link OAuth2AuthorizedClientProvider} used for
+	 * authorizing (or re-authorizing) an OAuth 2.0 Client
 	 */
 	public void setAuthorizedClientProvider(OAuth2AuthorizedClientProvider authorizedClientProvider) {
 		Assert.notNull(authorizedClientProvider, "authorizedClientProvider cannot be null");
@@ -223,24 +232,28 @@ public final class DefaultOAuth2AuthorizedClientManager implements OAuth2Authori
 	}
 
 	/**
-	 * Sets the {@code Function} used for mapping attribute(s) from the {@link OAuth2AuthorizeRequest} to a {@code Map} of attributes
-	 * to be associated to the {@link OAuth2AuthorizationContext#getAttributes() authorization context}.
-	 *
-	 * @param contextAttributesMapper the {@code Function} used for supplying the {@code Map} of attributes
-	 *                                   to the {@link OAuth2AuthorizationContext#getAttributes() authorization context}
+	 * Sets the {@code Function} used for mapping attribute(s) from the
+	 * {@link OAuth2AuthorizeRequest} to a {@code Map} of attributes to be associated to
+	 * the {@link OAuth2AuthorizationContext#getAttributes() authorization context}.
+	 * @param contextAttributesMapper the {@code Function} used for supplying the
+	 * {@code Map} of attributes to the {@link OAuth2AuthorizationContext#getAttributes()
+	 * authorization context}
 	 */
-	public void setContextAttributesMapper(Function<OAuth2AuthorizeRequest, Map<String, Object>> contextAttributesMapper) {
+	public void setContextAttributesMapper(
+			Function<OAuth2AuthorizeRequest, Map<String, Object>> contextAttributesMapper) {
 		Assert.notNull(contextAttributesMapper, "contextAttributesMapper cannot be null");
 		this.contextAttributesMapper = contextAttributesMapper;
 	}
 
 	/**
-	 * Sets the {@link OAuth2AuthorizationSuccessHandler} that handles successful authorizations.
+	 * Sets the {@link OAuth2AuthorizationSuccessHandler} that handles successful
+	 * authorizations.
 	 *
 	 * <p>
-	 * The default saves {@link OAuth2AuthorizedClient}s in the {@link OAuth2AuthorizedClientRepository}.
-	 *
-	 * @param authorizationSuccessHandler the {@link OAuth2AuthorizationSuccessHandler} that handles successful authorizations
+	 * The default saves {@link OAuth2AuthorizedClient}s in the
+	 * {@link OAuth2AuthorizedClientRepository}.
+	 * @param authorizationSuccessHandler the {@link OAuth2AuthorizationSuccessHandler}
+	 * that handles successful authorizations
 	 * @since 5.3
 	 */
 	public void setAuthorizationSuccessHandler(OAuth2AuthorizationSuccessHandler authorizationSuccessHandler) {
@@ -249,12 +262,14 @@ public final class DefaultOAuth2AuthorizedClientManager implements OAuth2Authori
 	}
 
 	/**
-	 * Sets the {@link OAuth2AuthorizationFailureHandler} that handles authorization failures.
+	 * Sets the {@link OAuth2AuthorizationFailureHandler} that handles authorization
+	 * failures.
 	 *
 	 * <p>
-	 * A {@link RemoveAuthorizedClientOAuth2AuthorizationFailureHandler} is used by default.
-	 *
-	 * @param authorizationFailureHandler the {@link OAuth2AuthorizationFailureHandler} that handles authorization failures
+	 * A {@link RemoveAuthorizedClientOAuth2AuthorizationFailureHandler} is used by
+	 * default.
+	 * @param authorizationFailureHandler the {@link OAuth2AuthorizationFailureHandler}
+	 * that handles authorization failures
 	 * @see RemoveAuthorizedClientOAuth2AuthorizationFailureHandler
 	 * @since 5.3
 	 */
@@ -264,9 +279,11 @@ public final class DefaultOAuth2AuthorizedClientManager implements OAuth2Authori
 	}
 
 	/**
-	 * The default implementation of the {@link #setContextAttributesMapper(Function) contextAttributesMapper}.
+	 * The default implementation of the {@link #setContextAttributesMapper(Function)
+	 * contextAttributesMapper}.
 	 */
-	public static class DefaultContextAttributesMapper implements Function<OAuth2AuthorizeRequest, Map<String, Object>> {
+	public static class DefaultContextAttributesMapper
+			implements Function<OAuth2AuthorizeRequest, Map<String, Object>> {
 
 		@Override
 		public Map<String, Object> apply(OAuth2AuthorizeRequest authorizeRequest) {
@@ -280,5 +297,7 @@ public final class DefaultOAuth2AuthorizedClientManager implements OAuth2Authori
 			}
 			return contextAttributes;
 		}
+
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultReactiveOAuth2AuthorizedClientManager.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultReactiveOAuth2AuthorizedClientManager.java
index fbeef271d4..c7fac35606 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultReactiveOAuth2AuthorizedClientManager.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultReactiveOAuth2AuthorizedClientManager.java
@@ -42,33 +42,44 @@ import java.util.Map;
 import java.util.function.Function;
 
 /**
- * The default implementation of a {@link ReactiveOAuth2AuthorizedClientManager}
- * for use within the context of a {@link ServerWebExchange}.
+ * The default implementation of a {@link ReactiveOAuth2AuthorizedClientManager} for use
+ * within the context of a {@link ServerWebExchange}.
  *
- * <p>(When operating <em>outside</em> of the context of a {@link ServerWebExchange},
- * use {@link org.springframework.security.oauth2.client.AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager} instead.)</p>
+ * <p>
+ * (When operating <em>outside</em> of the context of a {@link ServerWebExchange}, use
+ * {@link org.springframework.security.oauth2.client.AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager
+ * AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager} instead.)
+ * </p>
  *
- * <p>This is a reactive equivalent of {@link DefaultOAuth2AuthorizedClientManager}.</p>
+ * <p>
+ * This is a reactive equivalent of {@link DefaultOAuth2AuthorizedClientManager}.
+ * </p>
  *
  * <h2>Authorized Client Persistence</h2>
  *
- * <p>This client manager utilizes a {@link ServerOAuth2AuthorizedClientRepository}
- * to persist {@link OAuth2AuthorizedClient}s.</p>
+ * <p>
+ * This client manager utilizes a {@link ServerOAuth2AuthorizedClientRepository} to
+ * persist {@link OAuth2AuthorizedClient}s.
+ * </p>
  *
- * <p>By default, when an authorization attempt succeeds, the {@link OAuth2AuthorizedClient}
- * will be saved in the authorized client repository.
- * This functionality can be changed by configuring a custom {@link ReactiveOAuth2AuthorizationSuccessHandler}
- * via {@link #setAuthorizationSuccessHandler(ReactiveOAuth2AuthorizationSuccessHandler)}.</p>
+ * <p>
+ * By default, when an authorization attempt succeeds, the {@link OAuth2AuthorizedClient}
+ * will be saved in the authorized client repository. This functionality can be changed by
+ * configuring a custom {@link ReactiveOAuth2AuthorizationSuccessHandler} via
+ * {@link #setAuthorizationSuccessHandler(ReactiveOAuth2AuthorizationSuccessHandler)}.
+ * </p>
  *
- * <p>By default, when an authorization attempt fails due to an
+ * <p>
+ * By default, when an authorization attempt fails due to an
  * {@value org.springframework.security.oauth2.core.OAuth2ErrorCodes#INVALID_GRANT} error,
- * the previously saved {@link OAuth2AuthorizedClient}
- * will be removed from the authorized client repository.
- * (The {@value org.springframework.security.oauth2.core.OAuth2ErrorCodes#INVALID_GRANT}
- * error generally occurs when a refresh token that is no longer valid
- * is used to retrieve a new access token.)
- * This functionality can be changed by configuring a custom {@link ReactiveOAuth2AuthorizationFailureHandler}
- * via {@link #setAuthorizationFailureHandler(ReactiveOAuth2AuthorizationFailureHandler)}.</p>
+ * the previously saved {@link OAuth2AuthorizedClient} will be removed from the authorized
+ * client repository. (The
+ * {@value org.springframework.security.oauth2.core.OAuth2ErrorCodes#INVALID_GRANT} error
+ * generally occurs when a refresh token that is no longer valid is used to retrieve a new
+ * access token.) This functionality can be changed by configuring a custom
+ * {@link ReactiveOAuth2AuthorizationFailureHandler} via
+ * {@link #setAuthorizationFailureHandler(ReactiveOAuth2AuthorizationFailureHandler)}.
+ * </p>
  *
  * @author Joe Grandja
  * @author Phil Clay
@@ -79,44 +90,45 @@ import java.util.function.Function;
  * @see ReactiveOAuth2AuthorizationFailureHandler
  */
 public final class DefaultReactiveOAuth2AuthorizedClientManager implements ReactiveOAuth2AuthorizedClientManager {
-	private static final ReactiveOAuth2AuthorizedClientProvider DEFAULT_AUTHORIZED_CLIENT_PROVIDER =
-			ReactiveOAuth2AuthorizedClientProviderBuilder.builder()
-					.authorizationCode()
-					.refreshToken()
-					.clientCredentials()
-					.password()
-					.build();
+
+	private static final ReactiveOAuth2AuthorizedClientProvider DEFAULT_AUTHORIZED_CLIENT_PROVIDER = ReactiveOAuth2AuthorizedClientProviderBuilder
+			.builder().authorizationCode().refreshToken().clientCredentials().password().build();
 
 	private static final Mono<ServerWebExchange> currentServerWebExchangeMono = Mono.subscriberContext()
-			.filter(c -> c.hasKey(ServerWebExchange.class))
-			.map(c -> c.get(ServerWebExchange.class));
+			.filter(c -> c.hasKey(ServerWebExchange.class)).map(c -> c.get(ServerWebExchange.class));
 
 	private final ReactiveClientRegistrationRepository clientRegistrationRepository;
+
 	private final ServerOAuth2AuthorizedClientRepository authorizedClientRepository;
+
 	private ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider = DEFAULT_AUTHORIZED_CLIENT_PROVIDER;
+
 	private Function<OAuth2AuthorizeRequest, Mono<Map<String, Object>>> contextAttributesMapper = new DefaultContextAttributesMapper();
+
 	private ReactiveOAuth2AuthorizationSuccessHandler authorizationSuccessHandler;
+
 	private ReactiveOAuth2AuthorizationFailureHandler authorizationFailureHandler;
 
 	/**
-	 * Constructs a {@code DefaultReactiveOAuth2AuthorizedClientManager} using the provided parameters.
-	 *
+	 * Constructs a {@code DefaultReactiveOAuth2AuthorizedClientManager} using the
+	 * provided parameters.
 	 * @param clientRegistrationRepository the repository of client registrations
 	 * @param authorizedClientRepository the repository of authorized clients
 	 */
-	public DefaultReactiveOAuth2AuthorizedClientManager(ReactiveClientRegistrationRepository clientRegistrationRepository,
-														ServerOAuth2AuthorizedClientRepository authorizedClientRepository) {
+	public DefaultReactiveOAuth2AuthorizedClientManager(
+			ReactiveClientRegistrationRepository clientRegistrationRepository,
+			ServerOAuth2AuthorizedClientRepository authorizedClientRepository) {
 		Assert.notNull(clientRegistrationRepository, "clientRegistrationRepository cannot be null");
 		Assert.notNull(authorizedClientRepository, "authorizedClientRepository cannot be null");
 		this.clientRegistrationRepository = clientRegistrationRepository;
 		this.authorizedClientRepository = authorizedClientRepository;
-		this.authorizationSuccessHandler = (authorizedClient, principal, attributes) ->
-				authorizedClientRepository.saveAuthorizedClient(authorizedClient, principal,
+		this.authorizationSuccessHandler = (authorizedClient, principal, attributes) -> authorizedClientRepository
+				.saveAuthorizedClient(authorizedClient, principal,
 						(ServerWebExchange) attributes.get(ServerWebExchange.class.getName()));
 		this.authorizationFailureHandler = new RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler(
-				(clientRegistrationId, principal, attributes) ->
-						authorizedClientRepository.removeAuthorizedClient(clientRegistrationId, principal,
-								(ServerWebExchange) attributes.get(ServerWebExchange.class.getName())));
+				(clientRegistrationId, principal, attributes) -> authorizedClientRepository.removeAuthorizedClient(
+						clientRegistrationId, principal,
+						(ServerWebExchange) attributes.get(ServerWebExchange.class.getName())));
 	}
 
 	@Override
@@ -130,60 +142,60 @@ public final class DefaultReactiveOAuth2AuthorizedClientManager implements React
 				.switchIfEmpty(currentServerWebExchangeMono)
 				.switchIfEmpty(Mono.error(() -> new IllegalArgumentException("serverWebExchange cannot be null")))
 				.flatMap(serverWebExchange -> Mono.justOrEmpty(authorizeRequest.getAuthorizedClient())
-						.switchIfEmpty(Mono.defer(() -> loadAuthorizedClient(clientRegistrationId, principal, serverWebExchange)))
+						.switchIfEmpty(Mono
+								.defer(() -> loadAuthorizedClient(clientRegistrationId, principal, serverWebExchange)))
 						.flatMap(authorizedClient -> {
 							// Re-authorize
 							return authorizationContext(authorizeRequest, authorizedClient)
-									.flatMap(authorizationContext -> authorize(authorizationContext, principal, serverWebExchange))
-									// Default to the existing authorizedClient if the client was not re-authorized
-									.defaultIfEmpty(authorizeRequest.getAuthorizedClient() != null ?
-											authorizeRequest.getAuthorizedClient() : authorizedClient);
-						})
-						.switchIfEmpty(Mono.defer(() ->
-								// Authorize
-								this.clientRegistrationRepository.findByRegistrationId(clientRegistrationId)
-										.switchIfEmpty(Mono.error(() -> new IllegalArgumentException(
-												"Could not find ClientRegistration with id '" + clientRegistrationId + "'")))
-										.flatMap(clientRegistration -> authorizationContext(authorizeRequest, clientRegistration))
-										.flatMap(authorizationContext -> authorize(authorizationContext, principal, serverWebExchange))
-								)
-						));
+									.flatMap(authorizationContext -> authorize(authorizationContext, principal,
+											serverWebExchange))
+									// Default to the existing authorizedClient if the
+									// client was not re-authorized
+									.defaultIfEmpty(authorizeRequest.getAuthorizedClient() != null
+											? authorizeRequest.getAuthorizedClient() : authorizedClient);
+						}).switchIfEmpty(Mono.defer(() ->
+						// Authorize
+						this.clientRegistrationRepository.findByRegistrationId(clientRegistrationId)
+								.switchIfEmpty(Mono.error(() -> new IllegalArgumentException(
+										"Could not find ClientRegistration with id '" + clientRegistrationId + "'")))
+								.flatMap(clientRegistration -> authorizationContext(authorizeRequest,
+										clientRegistration))
+								.flatMap(authorizationContext -> authorize(authorizationContext, principal,
+										serverWebExchange)))));
 	}
 
-	private Mono<OAuth2AuthorizedClient> loadAuthorizedClient(String clientRegistrationId, Authentication principal, ServerWebExchange serverWebExchange) {
+	private Mono<OAuth2AuthorizedClient> loadAuthorizedClient(String clientRegistrationId, Authentication principal,
+			ServerWebExchange serverWebExchange) {
 		return this.authorizedClientRepository.loadAuthorizedClient(clientRegistrationId, principal, serverWebExchange);
 	}
 
 	/**
-	 * Performs authorization and then delegates to either the {@link #authorizationSuccessHandler}
-	 * or {@link #authorizationFailureHandler}, depending on the authorization result.
-	 *
+	 * Performs authorization and then delegates to either the
+	 * {@link #authorizationSuccessHandler} or {@link #authorizationFailureHandler},
+	 * depending on the authorization result.
 	 * @param authorizationContext the context to authorize
 	 * @param principal the principle to authorize
 	 * @param serverWebExchange the currently active exchange
-	 * @return a {@link Mono} that emits the authorized client after the authorization attempt succeeds
-	 *         and the {@link #authorizationSuccessHandler} has completed,
-	 *         or completes with an exception after the authorization attempt fails
-	 *         and the {@link #authorizationFailureHandler} has completed
+	 * @return a {@link Mono} that emits the authorized client after the authorization
+	 * attempt succeeds and the {@link #authorizationSuccessHandler} has completed, or
+	 * completes with an exception after the authorization attempt fails and the
+	 * {@link #authorizationFailureHandler} has completed
 	 */
-	private Mono<OAuth2AuthorizedClient> authorize(
-			OAuth2AuthorizationContext authorizationContext,
-			Authentication principal,
-			ServerWebExchange serverWebExchange) {
+	private Mono<OAuth2AuthorizedClient> authorize(OAuth2AuthorizationContext authorizationContext,
+			Authentication principal, ServerWebExchange serverWebExchange) {
 
 		return this.authorizedClientProvider.authorize(authorizationContext)
-				// Delegate to the authorizationSuccessHandler of the successful authorization
-				.flatMap(authorizedClient -> this.authorizationSuccessHandler.onAuthorizationSuccess(
-								authorizedClient,
-								principal,
-								createAttributes(serverWebExchange))
+				// Delegate to the authorizationSuccessHandler of the successful
+				// authorization
+				.flatMap(authorizedClient -> this.authorizationSuccessHandler
+						.onAuthorizationSuccess(authorizedClient, principal, createAttributes(serverWebExchange))
 						.thenReturn(authorizedClient))
 				// Delegate to the authorizationFailureHandler of the failed authorization
-				.onErrorResume(OAuth2AuthorizationException.class, authorizationException -> this.authorizationFailureHandler.onAuthorizationFailure(
-								authorizationException,
-								principal,
-								createAttributes(serverWebExchange))
-						.then(Mono.error(authorizationException)));
+				.onErrorResume(OAuth2AuthorizationException.class,
+						authorizationException -> this.authorizationFailureHandler
+								.onAuthorizationFailure(authorizationException, principal,
+										createAttributes(serverWebExchange))
+								.then(Mono.error(authorizationException)));
 	}
 
 	private Map<String, Object> createAttributes(ServerWebExchange serverWebExchange) {
@@ -191,37 +203,32 @@ public final class DefaultReactiveOAuth2AuthorizedClientManager implements React
 	}
 
 	private Mono<OAuth2AuthorizationContext> authorizationContext(OAuth2AuthorizeRequest authorizeRequest,
-																	OAuth2AuthorizedClient authorizedClient) {
-		return Mono.just(authorizeRequest)
-				.flatMap(this.contextAttributesMapper)
+			OAuth2AuthorizedClient authorizedClient) {
+		return Mono.just(authorizeRequest).flatMap(this.contextAttributesMapper)
 				.map(attrs -> OAuth2AuthorizationContext.withAuthorizedClient(authorizedClient)
-						.principal(authorizeRequest.getPrincipal())
-						.attributes(attributes -> {
+						.principal(authorizeRequest.getPrincipal()).attributes(attributes -> {
 							if (!CollectionUtils.isEmpty(attrs)) {
 								attributes.putAll(attrs);
 							}
-						})
-						.build());
+						}).build());
 	}
 
 	private Mono<OAuth2AuthorizationContext> authorizationContext(OAuth2AuthorizeRequest authorizeRequest,
-																	ClientRegistration clientRegistration) {
-		return Mono.just(authorizeRequest)
-				.flatMap(this.contextAttributesMapper)
+			ClientRegistration clientRegistration) {
+		return Mono.just(authorizeRequest).flatMap(this.contextAttributesMapper)
 				.map(attrs -> OAuth2AuthorizationContext.withClientRegistration(clientRegistration)
-						.principal(authorizeRequest.getPrincipal())
-						.attributes(attributes -> {
+						.principal(authorizeRequest.getPrincipal()).attributes(attributes -> {
 							if (!CollectionUtils.isEmpty(attrs)) {
 								attributes.putAll(attrs);
 							}
-						})
-						.build());
+						}).build());
 	}
 
 	/**
-	 * Sets the {@link ReactiveOAuth2AuthorizedClientProvider} used for authorizing (or re-authorizing) an OAuth 2.0 Client.
-	 *
-	 * @param authorizedClientProvider the {@link ReactiveOAuth2AuthorizedClientProvider} used for authorizing (or re-authorizing) an OAuth 2.0 Client
+	 * Sets the {@link ReactiveOAuth2AuthorizedClientProvider} used for authorizing (or
+	 * re-authorizing) an OAuth 2.0 Client.
+	 * @param authorizedClientProvider the {@link ReactiveOAuth2AuthorizedClientProvider}
+	 * used for authorizing (or re-authorizing) an OAuth 2.0 Client
 	 */
 	public void setAuthorizedClientProvider(ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider) {
 		Assert.notNull(authorizedClientProvider, "authorizedClientProvider cannot be null");
@@ -229,13 +236,15 @@ public final class DefaultReactiveOAuth2AuthorizedClientManager implements React
 	}
 
 	/**
-	 * Sets the {@code Function} used for mapping attribute(s) from the {@link OAuth2AuthorizeRequest} to a {@code Map} of attributes
-	 * to be associated to the {@link OAuth2AuthorizationContext#getAttributes() authorization context}.
-	 *
-	 * @param contextAttributesMapper the {@code Function} used for supplying the {@code Map} of attributes
-	 *                                   to the {@link OAuth2AuthorizationContext#getAttributes() authorization context}
+	 * Sets the {@code Function} used for mapping attribute(s) from the
+	 * {@link OAuth2AuthorizeRequest} to a {@code Map} of attributes to be associated to
+	 * the {@link OAuth2AuthorizationContext#getAttributes() authorization context}.
+	 * @param contextAttributesMapper the {@code Function} used for supplying the
+	 * {@code Map} of attributes to the {@link OAuth2AuthorizationContext#getAttributes()
+	 * authorization context}
 	 */
-	public void setContextAttributesMapper(Function<OAuth2AuthorizeRequest, Mono<Map<String, Object>>> contextAttributesMapper) {
+	public void setContextAttributesMapper(
+			Function<OAuth2AuthorizeRequest, Mono<Map<String, Object>>> contextAttributesMapper) {
 		Assert.notNull(contextAttributesMapper, "contextAttributesMapper cannot be null");
 		this.contextAttributesMapper = contextAttributesMapper;
 	}
@@ -243,9 +252,10 @@ public final class DefaultReactiveOAuth2AuthorizedClientManager implements React
 	/**
 	 * Sets the handler that handles successful authorizations.
 	 *
-	 * The default saves {@link OAuth2AuthorizedClient}s in the {@link ServerOAuth2AuthorizedClientRepository}.
-	 *
-	 * @param authorizationSuccessHandler the handler that handles successful authorizations.
+	 * The default saves {@link OAuth2AuthorizedClient}s in the
+	 * {@link ServerOAuth2AuthorizedClientRepository}.
+	 * @param authorizationSuccessHandler the handler that handles successful
+	 * authorizations.
 	 * @since 5.3
 	 */
 	public void setAuthorizationSuccessHandler(ReactiveOAuth2AuthorizationSuccessHandler authorizationSuccessHandler) {
@@ -256,9 +266,10 @@ public final class DefaultReactiveOAuth2AuthorizedClientManager implements React
 	/**
 	 * Sets the handler that handles authorization failures.
 	 *
-	 * <p>A {@link RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler}
-	 * is used by default.</p>
-	 *
+	 * <p>
+	 * A {@link RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler} is used
+	 * by default.
+	 * </p>
 	 * @param authorizationFailureHandler the handler that handles authorization failures.
 	 * @see RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler
 	 * @since 5.3
@@ -269,26 +280,27 @@ public final class DefaultReactiveOAuth2AuthorizedClientManager implements React
 	}
 
 	/**
-	 * The default implementation of the {@link #setContextAttributesMapper(Function) contextAttributesMapper}.
+	 * The default implementation of the {@link #setContextAttributesMapper(Function)
+	 * contextAttributesMapper}.
 	 */
-	public static class DefaultContextAttributesMapper implements Function<OAuth2AuthorizeRequest, Mono<Map<String, Object>>> {
+	public static class DefaultContextAttributesMapper
+			implements Function<OAuth2AuthorizeRequest, Mono<Map<String, Object>>> {
 
 		@Override
 		public Mono<Map<String, Object>> apply(OAuth2AuthorizeRequest authorizeRequest) {
 			ServerWebExchange serverWebExchange = authorizeRequest.getAttribute(ServerWebExchange.class.getName());
-			return Mono.justOrEmpty(serverWebExchange)
-					.switchIfEmpty(currentServerWebExchangeMono)
-					.flatMap(exchange -> {
-						Map<String, Object> contextAttributes = Collections.emptyMap();
-						String scope = exchange.getRequest().getQueryParams().getFirst(OAuth2ParameterNames.SCOPE);
-						if (StringUtils.hasText(scope)) {
-							contextAttributes = new HashMap<>();
-							contextAttributes.put(OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME,
-									StringUtils.delimitedListToStringArray(scope, " "));
-						}
-						return Mono.just(contextAttributes);
-					})
-					.defaultIfEmpty(Collections.emptyMap());
+			return Mono.justOrEmpty(serverWebExchange).switchIfEmpty(currentServerWebExchangeMono).flatMap(exchange -> {
+				Map<String, Object> contextAttributes = Collections.emptyMap();
+				String scope = exchange.getRequest().getQueryParams().getFirst(OAuth2ParameterNames.SCOPE);
+				if (StringUtils.hasText(scope)) {
+					contextAttributes = new HashMap<>();
+					contextAttributes.put(OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME,
+							StringUtils.delimitedListToStringArray(scope, " "));
+				}
+				return Mono.just(contextAttributes);
+			}).defaultIfEmpty(Collections.emptyMap());
 		}
+
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizationRequestRepository.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizationRequestRepository.java
index 58ea54f53e..9ff3664282 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizationRequestRepository.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizationRequestRepository.java
@@ -35,9 +35,11 @@ import java.util.Map;
  * @see AuthorizationRequestRepository
  * @see OAuth2AuthorizationRequest
  */
-public final class HttpSessionOAuth2AuthorizationRequestRepository implements AuthorizationRequestRepository<OAuth2AuthorizationRequest> {
-	private static final String DEFAULT_AUTHORIZATION_REQUEST_ATTR_NAME =
-			HttpSessionOAuth2AuthorizationRequestRepository.class.getName() +  ".AUTHORIZATION_REQUEST";
+public final class HttpSessionOAuth2AuthorizationRequestRepository
+		implements AuthorizationRequestRepository<OAuth2AuthorizationRequest> {
+
+	private static final String DEFAULT_AUTHORIZATION_REQUEST_ATTR_NAME = HttpSessionOAuth2AuthorizationRequestRepository.class
+			.getName() + ".AUTHORIZATION_REQUEST";
 
 	private final String sessionAttributeName = DEFAULT_AUTHORIZATION_REQUEST_ATTR_NAME;
 
@@ -54,7 +56,7 @@ public final class HttpSessionOAuth2AuthorizationRequestRepository implements Au
 
 	@Override
 	public void saveAuthorizationRequest(OAuth2AuthorizationRequest authorizationRequest, HttpServletRequest request,
-											HttpServletResponse response) {
+			HttpServletResponse response) {
 		Assert.notNull(request, "request cannot be null");
 		Assert.notNull(response, "response cannot be null");
 		if (authorizationRequest == null) {
@@ -79,14 +81,16 @@ public final class HttpSessionOAuth2AuthorizationRequestRepository implements Au
 		OAuth2AuthorizationRequest originalRequest = authorizationRequests.remove(stateParameter);
 		if (!authorizationRequests.isEmpty()) {
 			request.getSession().setAttribute(this.sessionAttributeName, authorizationRequests);
-		} else {
+		}
+		else {
 			request.getSession().removeAttribute(this.sessionAttributeName);
 		}
 		return originalRequest;
 	}
 
 	@Override
-	public OAuth2AuthorizationRequest removeAuthorizationRequest(HttpServletRequest request, HttpServletResponse response) {
+	public OAuth2AuthorizationRequest removeAuthorizationRequest(HttpServletRequest request,
+			HttpServletResponse response) {
 		Assert.notNull(response, "response cannot be null");
 		return this.removeAuthorizationRequest(request);
 	}
@@ -101,17 +105,20 @@ public final class HttpSessionOAuth2AuthorizationRequestRepository implements Au
 	}
 
 	/**
-	 * Gets a non-null and mutable map of {@link OAuth2AuthorizationRequest#getState()} to an {@link OAuth2AuthorizationRequest}
+	 * Gets a non-null and mutable map of {@link OAuth2AuthorizationRequest#getState()} to
+	 * an {@link OAuth2AuthorizationRequest}
 	 * @param request
-	 * @return a non-null and mutable map of {@link OAuth2AuthorizationRequest#getState()} to an {@link OAuth2AuthorizationRequest}.
+	 * @return a non-null and mutable map of {@link OAuth2AuthorizationRequest#getState()}
+	 * to an {@link OAuth2AuthorizationRequest}.
 	 */
 	private Map<String, OAuth2AuthorizationRequest> getAuthorizationRequests(HttpServletRequest request) {
 		HttpSession session = request.getSession(false);
-		Map<String, OAuth2AuthorizationRequest> authorizationRequests = session == null ? null :
-				(Map<String, OAuth2AuthorizationRequest>) session.getAttribute(this.sessionAttributeName);
+		Map<String, OAuth2AuthorizationRequest> authorizationRequests = session == null ? null
+				: (Map<String, OAuth2AuthorizationRequest>) session.getAttribute(this.sessionAttributeName);
 		if (authorizationRequests == null) {
 			return new HashMap<>();
 		}
 		return authorizationRequests;
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizedClientRepository.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizedClientRepository.java
index 6d608cf066..ea3e519712 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizedClientRepository.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizedClientRepository.java
@@ -35,14 +35,16 @@ import java.util.Map;
  * @see OAuth2AuthorizedClient
  */
 public final class HttpSessionOAuth2AuthorizedClientRepository implements OAuth2AuthorizedClientRepository {
-	private static final String DEFAULT_AUTHORIZED_CLIENTS_ATTR_NAME =
-			HttpSessionOAuth2AuthorizedClientRepository.class.getName() +  ".AUTHORIZED_CLIENTS";
+
+	private static final String DEFAULT_AUTHORIZED_CLIENTS_ATTR_NAME = HttpSessionOAuth2AuthorizedClientRepository.class
+			.getName() + ".AUTHORIZED_CLIENTS";
+
 	private final String sessionAttributeName = DEFAULT_AUTHORIZED_CLIENTS_ATTR_NAME;
 
 	@SuppressWarnings("unchecked")
 	@Override
-	public <T extends OAuth2AuthorizedClient> T loadAuthorizedClient(String clientRegistrationId, Authentication principal,
-																		HttpServletRequest request) {
+	public <T extends OAuth2AuthorizedClient> T loadAuthorizedClient(String clientRegistrationId,
+			Authentication principal, HttpServletRequest request) {
 		Assert.hasText(clientRegistrationId, "clientRegistrationId cannot be empty");
 		Assert.notNull(request, "request cannot be null");
 		return (T) this.getAuthorizedClients(request).get(clientRegistrationId);
@@ -50,7 +52,7 @@ public final class HttpSessionOAuth2AuthorizedClientRepository implements OAuth2
 
 	@Override
 	public void saveAuthorizedClient(OAuth2AuthorizedClient authorizedClient, Authentication principal,
-										HttpServletRequest request, HttpServletResponse response) {
+			HttpServletRequest request, HttpServletResponse response) {
 		Assert.notNull(authorizedClient, "authorizedClient cannot be null");
 		Assert.notNull(request, "request cannot be null");
 		Assert.notNull(response, "response cannot be null");
@@ -61,7 +63,7 @@ public final class HttpSessionOAuth2AuthorizedClientRepository implements OAuth2
 
 	@Override
 	public void removeAuthorizedClient(String clientRegistrationId, Authentication principal,
-										HttpServletRequest request, HttpServletResponse response) {
+			HttpServletRequest request, HttpServletResponse response) {
 		Assert.hasText(clientRegistrationId, "clientRegistrationId cannot be empty");
 		Assert.notNull(request, "request cannot be null");
 		Map<String, OAuth2AuthorizedClient> authorizedClients = this.getAuthorizedClients(request);
@@ -69,7 +71,8 @@ public final class HttpSessionOAuth2AuthorizedClientRepository implements OAuth2
 			if (authorizedClients.remove(clientRegistrationId) != null) {
 				if (!authorizedClients.isEmpty()) {
 					request.getSession().setAttribute(this.sessionAttributeName, authorizedClients);
-				} else {
+				}
+				else {
 					request.getSession().removeAttribute(this.sessionAttributeName);
 				}
 			}
@@ -79,11 +82,12 @@ public final class HttpSessionOAuth2AuthorizedClientRepository implements OAuth2
 	@SuppressWarnings("unchecked")
 	private Map<String, OAuth2AuthorizedClient> getAuthorizedClients(HttpServletRequest request) {
 		HttpSession session = request.getSession(false);
-		Map<String, OAuth2AuthorizedClient> authorizedClients = session == null ? null :
-				(Map<String, OAuth2AuthorizedClient>) session.getAttribute(this.sessionAttributeName);
+		Map<String, OAuth2AuthorizedClient> authorizedClients = session == null ? null
+				: (Map<String, OAuth2AuthorizedClient>) session.getAttribute(this.sessionAttributeName);
 		if (authorizedClients == null) {
 			authorizedClients = new HashMap<>();
 		}
 		return authorizedClients;
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilter.java
index 8d2f157c45..96be281fba 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilter.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilter.java
@@ -56,30 +56,29 @@ import java.util.Objects;
 import java.util.Set;
 
 /**
- * A {@code Filter} for the OAuth 2.0 Authorization Code Grant,
- * which handles the processing of the OAuth 2.0 Authorization Response.
+ * A {@code Filter} for the OAuth 2.0 Authorization Code Grant, which handles the
+ * processing of the OAuth 2.0 Authorization Response.
  *
  * <p>
  * The OAuth 2.0 Authorization Response is processed as follows:
  *
  * <ul>
- * <li>
- *	Assuming the End-User (Resource Owner) has granted access to the Client, the Authorization Server will append the
- *	{@link OAuth2ParameterNames#CODE code} and {@link OAuth2ParameterNames#STATE state} parameters
- *	to the {@link OAuth2ParameterNames#REDIRECT_URI redirect_uri} (provided in the Authorization Request)
- *	and redirect the End-User's user-agent back to this {@code Filter} (the Client).
- * </li>
- * <li>
- *  This {@code Filter} will then create an {@link OAuth2AuthorizationCodeAuthenticationToken} with
- *  the {@link OAuth2ParameterNames#CODE code} received and
- *  delegate it to the {@link AuthenticationManager} to authenticate.
- * </li>
- * <li>
- *  Upon a successful authentication, an {@link OAuth2AuthorizedClient Authorized Client} is created by associating the
- *  {@link OAuth2AuthorizationCodeAuthenticationToken#getClientRegistration() client} to the
- *  {@link OAuth2AuthorizationCodeAuthenticationToken#getAccessToken() access token} and current {@code Principal}
- *  and saving it via the {@link OAuth2AuthorizedClientRepository}.
- * </li>
+ * <li>Assuming the End-User (Resource Owner) has granted access to the Client, the
+ * Authorization Server will append the {@link OAuth2ParameterNames#CODE code} and
+ * {@link OAuth2ParameterNames#STATE state} parameters to the
+ * {@link OAuth2ParameterNames#REDIRECT_URI redirect_uri} (provided in the Authorization
+ * Request) and redirect the End-User's user-agent back to this {@code Filter} (the
+ * Client).</li>
+ * <li>This {@code Filter} will then create an
+ * {@link OAuth2AuthorizationCodeAuthenticationToken} with the
+ * {@link OAuth2ParameterNames#CODE code} received and delegate it to the
+ * {@link AuthenticationManager} to authenticate.</li>
+ * <li>Upon a successful authentication, an {@link OAuth2AuthorizedClient Authorized
+ * Client} is created by associating the
+ * {@link OAuth2AuthorizationCodeAuthenticationToken#getClientRegistration() client} to
+ * the {@link OAuth2AuthorizationCodeAuthenticationToken#getAccessToken() access token}
+ * and current {@code Principal} and saving it via the
+ * {@link OAuth2AuthorizedClientRepository}.</li>
  * </ul>
  *
  * @author Joe Grandja
@@ -94,29 +93,37 @@ import java.util.Set;
  * @see ClientRegistrationRepository
  * @see OAuth2AuthorizedClient
  * @see OAuth2AuthorizedClientRepository
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1">Section 4.1 Authorization Code Grant</a>
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1.2">Section 4.1.2 Authorization Response</a>
+ * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1">Section
+ * 4.1 Authorization Code Grant</a>
+ * @see <a target="_blank" href=
+ * "https://tools.ietf.org/html/rfc6749#section-4.1.2">Section 4.1.2 Authorization
+ * Response</a>
  */
 public class OAuth2AuthorizationCodeGrantFilter extends OncePerRequestFilter {
+
 	private final ClientRegistrationRepository clientRegistrationRepository;
+
 	private final OAuth2AuthorizedClientRepository authorizedClientRepository;
+
 	private final AuthenticationManager authenticationManager;
-	private AuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository =
-		new HttpSessionOAuth2AuthorizationRequestRepository();
+
+	private AuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository = new HttpSessionOAuth2AuthorizationRequestRepository();
+
 	private final AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource = new WebAuthenticationDetailsSource();
+
 	private final RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
+
 	private RequestCache requestCache = new HttpSessionRequestCache();
 
 	/**
-	 * Constructs an {@code OAuth2AuthorizationCodeGrantFilter} using the provided parameters.
-	 *
+	 * Constructs an {@code OAuth2AuthorizationCodeGrantFilter} using the provided
+	 * parameters.
 	 * @param clientRegistrationRepository the repository of client registrations
 	 * @param authorizedClientRepository the authorized client repository
 	 * @param authenticationManager the authentication manager
 	 */
 	public OAuth2AuthorizationCodeGrantFilter(ClientRegistrationRepository clientRegistrationRepository,
-												OAuth2AuthorizedClientRepository authorizedClientRepository,
-												AuthenticationManager authenticationManager) {
+			OAuth2AuthorizedClientRepository authorizedClientRepository, AuthenticationManager authenticationManager) {
 		Assert.notNull(clientRegistrationRepository, "clientRegistrationRepository cannot be null");
 		Assert.notNull(authorizedClientRepository, "authorizedClientRepository cannot be null");
 		Assert.notNull(authenticationManager, "authenticationManager cannot be null");
@@ -127,20 +134,23 @@ public class OAuth2AuthorizationCodeGrantFilter extends OncePerRequestFilter {
 
 	/**
 	 * Sets the repository for stored {@link OAuth2AuthorizationRequest}'s.
-	 *
-	 * @param authorizationRequestRepository the repository for stored {@link OAuth2AuthorizationRequest}'s
+	 * @param authorizationRequestRepository the repository for stored
+	 * {@link OAuth2AuthorizationRequest}'s
 	 */
-	public final void setAuthorizationRequestRepository(AuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository) {
+	public final void setAuthorizationRequestRepository(
+			AuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository) {
 		Assert.notNull(authorizationRequestRepository, "authorizationRequestRepository cannot be null");
 		this.authorizationRequestRepository = authorizationRequestRepository;
 	}
 
 	/**
-	 * Sets the {@link RequestCache} used for loading a previously saved request (if available)
-	 * and replaying it after completing the processing of the OAuth 2.0 Authorization Response.
+	 * Sets the {@link RequestCache} used for loading a previously saved request (if
+	 * available) and replaying it after completing the processing of the OAuth 2.0
+	 * Authorization Response.
 	 *
 	 * @since 5.4
-	 * @param requestCache the cache used for loading a previously saved request (if available)
+	 * @param requestCache the cache used for loading a previously saved request (if
+	 * available)
 	 */
 	public final void setRequestCache(RequestCache requestCache) {
 		Assert.notNull(requestCache, "requestCache cannot be null");
@@ -149,7 +159,7 @@ public class OAuth2AuthorizationCodeGrantFilter extends OncePerRequestFilter {
 
 	@Override
 	protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
-		throws ServletException, IOException {
+			throws ServletException, IOException {
 
 		if (matchesAuthorizationResponse(request)) {
 			processAuthorizationResponse(request, response);
@@ -164,7 +174,8 @@ public class OAuth2AuthorizationCodeGrantFilter extends OncePerRequestFilter {
 		if (!OAuth2AuthorizationResponseUtils.isAuthorizationResponse(params)) {
 			return false;
 		}
-		OAuth2AuthorizationRequest authorizationRequest = this.authorizationRequestRepository.loadAuthorizationRequest(request);
+		OAuth2AuthorizationRequest authorizationRequest = this.authorizationRequestRepository
+				.loadAuthorizationRequest(request);
 		if (authorizationRequest == null) {
 			return false;
 		}
@@ -172,50 +183,55 @@ public class OAuth2AuthorizationCodeGrantFilter extends OncePerRequestFilter {
 		// Compare redirect_uri
 		UriComponents requestUri = UriComponentsBuilder.fromUriString(UrlUtils.buildFullRequestUrl(request)).build();
 		UriComponents redirectUri = UriComponentsBuilder.fromUriString(authorizationRequest.getRedirectUri()).build();
-		Set<Map.Entry<String, List<String>>> requestUriParameters = new LinkedHashSet<>(requestUri.getQueryParams().entrySet());
-		Set<Map.Entry<String, List<String>>> redirectUriParameters = new LinkedHashSet<>(redirectUri.getQueryParams().entrySet());
-		// Remove the additional request parameters (if any) from the authorization response (request)
-		// before doing an exact comparison with the authorizationRequest.getRedirectUri() parameters (if any)
+		Set<Map.Entry<String, List<String>>> requestUriParameters = new LinkedHashSet<>(
+				requestUri.getQueryParams().entrySet());
+		Set<Map.Entry<String, List<String>>> redirectUriParameters = new LinkedHashSet<>(
+				redirectUri.getQueryParams().entrySet());
+		// Remove the additional request parameters (if any) from the authorization
+		// response (request)
+		// before doing an exact comparison with the authorizationRequest.getRedirectUri()
+		// parameters (if any)
 		requestUriParameters.retainAll(redirectUriParameters);
 
-		if (Objects.equals(requestUri.getScheme(), redirectUri.getScheme()) &&
-				Objects.equals(requestUri.getUserInfo(), redirectUri.getUserInfo()) &&
-				Objects.equals(requestUri.getHost(), redirectUri.getHost()) &&
-				Objects.equals(requestUri.getPort(), redirectUri.getPort()) &&
-				Objects.equals(requestUri.getPath(), redirectUri.getPath()) &&
-				Objects.equals(requestUriParameters.toString(), redirectUriParameters.toString())) {
+		if (Objects.equals(requestUri.getScheme(), redirectUri.getScheme())
+				&& Objects.equals(requestUri.getUserInfo(), redirectUri.getUserInfo())
+				&& Objects.equals(requestUri.getHost(), redirectUri.getHost())
+				&& Objects.equals(requestUri.getPort(), redirectUri.getPort())
+				&& Objects.equals(requestUri.getPath(), redirectUri.getPath())
+				&& Objects.equals(requestUriParameters.toString(), redirectUriParameters.toString())) {
 			return true;
 		}
 		return false;
 	}
 
 	private void processAuthorizationResponse(HttpServletRequest request, HttpServletResponse response)
-		throws IOException {
+			throws IOException {
 
-		OAuth2AuthorizationRequest authorizationRequest =
-				this.authorizationRequestRepository.removeAuthorizationRequest(request, response);
+		OAuth2AuthorizationRequest authorizationRequest = this.authorizationRequestRepository
+				.removeAuthorizationRequest(request, response);
 
 		String registrationId = authorizationRequest.getAttribute(OAuth2ParameterNames.REGISTRATION_ID);
 		ClientRegistration clientRegistration = this.clientRegistrationRepository.findByRegistrationId(registrationId);
 
 		MultiValueMap<String, String> params = OAuth2AuthorizationResponseUtils.toMultiMap(request.getParameterMap());
 		String redirectUri = UrlUtils.buildFullRequestUrl(request);
-		OAuth2AuthorizationResponse authorizationResponse = OAuth2AuthorizationResponseUtils.convert(params, redirectUri);
+		OAuth2AuthorizationResponse authorizationResponse = OAuth2AuthorizationResponseUtils.convert(params,
+				redirectUri);
 
 		OAuth2AuthorizationCodeAuthenticationToken authenticationRequest = new OAuth2AuthorizationCodeAuthenticationToken(
-			clientRegistration, new OAuth2AuthorizationExchange(authorizationRequest, authorizationResponse));
+				clientRegistration, new OAuth2AuthorizationExchange(authorizationRequest, authorizationResponse));
 		authenticationRequest.setDetails(this.authenticationDetailsSource.buildDetails(request));
 
 		OAuth2AuthorizationCodeAuthenticationToken authenticationResult;
 
 		try {
-			authenticationResult = (OAuth2AuthorizationCodeAuthenticationToken)
-				this.authenticationManager.authenticate(authenticationRequest);
-		} catch (OAuth2AuthorizationException ex) {
+			authenticationResult = (OAuth2AuthorizationCodeAuthenticationToken) this.authenticationManager
+					.authenticate(authenticationRequest);
+		}
+		catch (OAuth2AuthorizationException ex) {
 			OAuth2Error error = ex.getError();
-			UriComponentsBuilder uriBuilder = UriComponentsBuilder
-				.fromUriString(authorizationRequest.getRedirectUri())
-				.queryParam(OAuth2ParameterNames.ERROR, error.getErrorCode());
+			UriComponentsBuilder uriBuilder = UriComponentsBuilder.fromUriString(authorizationRequest.getRedirectUri())
+					.queryParam(OAuth2ParameterNames.ERROR, error.getErrorCode());
 			if (!StringUtils.isEmpty(error.getDescription())) {
 				uriBuilder.queryParam(OAuth2ParameterNames.ERROR_DESCRIPTION, error.getDescription());
 			}
@@ -230,12 +246,11 @@ public class OAuth2AuthorizationCodeGrantFilter extends OncePerRequestFilter {
 		String principalName = currentAuthentication != null ? currentAuthentication.getName() : "anonymousUser";
 
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(
-			authenticationResult.getClientRegistration(),
-			principalName,
-			authenticationResult.getAccessToken(),
-			authenticationResult.getRefreshToken());
+				authenticationResult.getClientRegistration(), principalName, authenticationResult.getAccessToken(),
+				authenticationResult.getRefreshToken());
 
-		this.authorizedClientRepository.saveAuthorizedClient(authorizedClient, currentAuthentication, request, response);
+		this.authorizedClientRepository.saveAuthorizedClient(authorizedClient, currentAuthentication, request,
+				response);
 
 		String redirectUrl = authorizationRequest.getRedirectUri();
 		SavedRequest savedRequest = this.requestCache.getRequest(request, response);
@@ -246,4 +261,5 @@ public class OAuth2AuthorizationCodeGrantFilter extends OncePerRequestFilter {
 
 		this.redirectStrategy.sendRedirect(request, response, redirectUrl);
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilter.java
index 0953200255..2544f57fa5 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilter.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilter.java
@@ -36,31 +36,34 @@ import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
 
 /**
- * This {@code Filter} initiates the authorization code grant or implicit grant flow
- * by redirecting the End-User's user-agent to the Authorization Server's Authorization Endpoint.
+ * This {@code Filter} initiates the authorization code grant or implicit grant flow by
+ * redirecting the End-User's user-agent to the Authorization Server's Authorization
+ * Endpoint.
  *
  * <p>
- * It builds the OAuth 2.0 Authorization Request,
- * which is used as the redirect {@code URI} to the Authorization Endpoint.
- * The redirect {@code URI} will include the client identifier, requested scope(s), state,
- * response type, and a redirection URI which the authorization server will send the user-agent back to
- * once access is granted (or denied) by the End-User (Resource Owner).
+ * It builds the OAuth 2.0 Authorization Request, which is used as the redirect
+ * {@code URI} to the Authorization Endpoint. The redirect {@code URI} will include the
+ * client identifier, requested scope(s), state, response type, and a redirection URI
+ * which the authorization server will send the user-agent back to once access is granted
+ * (or denied) by the End-User (Resource Owner).
  *
  * <p>
- * By default, this {@code Filter} responds to authorization requests
- * at the {@code URI} {@code /oauth2/authorization/{registrationId}}
- * using the default {@link OAuth2AuthorizationRequestResolver}.
- * The {@code URI} template variable {@code {registrationId}} represents the
- * {@link ClientRegistration#getRegistrationId() registration identifier} of the client
- * that is used for initiating the OAuth 2.0 Authorization Request.
+ * By default, this {@code Filter} responds to authorization requests at the {@code URI}
+ * {@code /oauth2/authorization/{registrationId}} using the default
+ * {@link OAuth2AuthorizationRequestResolver}. The {@code URI} template variable
+ * {@code {registrationId}} represents the {@link ClientRegistration#getRegistrationId()
+ * registration identifier} of the client that is used for initiating the OAuth 2.0
+ * Authorization Request.
  *
  * <p>
- * The default base {@code URI} {@code /oauth2/authorization} may be overridden
- * via the constructor {@link #OAuth2AuthorizationRequestRedirectFilter(ClientRegistrationRepository, String)},
- * or alternatively, an {@code OAuth2AuthorizationRequestResolver} may be provided to the constructor
+ * The default base {@code URI} {@code /oauth2/authorization} may be overridden via the
+ * constructor
+ * {@link #OAuth2AuthorizationRequestRedirectFilter(ClientRegistrationRepository, String)},
+ * or alternatively, an {@code OAuth2AuthorizationRequestResolver} may be provided to the
+ * constructor
  * {@link #OAuth2AuthorizationRequestRedirectFilter(OAuth2AuthorizationRequestResolver)}
  * to override the resolving of authorization requests.
-
+ *
  * @author Joe Grandja
  * @author Rob Winch
  * @since 5.0
@@ -69,26 +72,37 @@ import java.io.IOException;
  * @see AuthorizationRequestRepository
  * @see ClientRegistration
  * @see ClientRegistrationRepository
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1">Section 4.1 Authorization Code Grant</a>
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1.1">Section 4.1.1 Authorization Request (Authorization Code)</a>
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.2">Section 4.2 Implicit Grant</a>
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.2.1">Section 4.2.1 Authorization Request (Implicit)</a>
+ * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1">Section
+ * 4.1 Authorization Code Grant</a>
+ * @see <a target="_blank" href=
+ * "https://tools.ietf.org/html/rfc6749#section-4.1.1">Section 4.1.1 Authorization Request
+ * (Authorization Code)</a>
+ * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.2">Section
+ * 4.2 Implicit Grant</a>
+ * @see <a target="_blank" href=
+ * "https://tools.ietf.org/html/rfc6749#section-4.2.1">Section 4.2.1 Authorization Request
+ * (Implicit)</a>
  */
 public class OAuth2AuthorizationRequestRedirectFilter extends OncePerRequestFilter {
+
 	/**
 	 * The default base {@code URI} used for authorization requests.
 	 */
 	public static final String DEFAULT_AUTHORIZATION_REQUEST_BASE_URI = "/oauth2/authorization";
+
 	private final ThrowableAnalyzer throwableAnalyzer = new DefaultThrowableAnalyzer();
+
 	private final RedirectStrategy authorizationRedirectStrategy = new DefaultRedirectStrategy();
+
 	private OAuth2AuthorizationRequestResolver authorizationRequestResolver;
-	private AuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository =
-		new HttpSessionOAuth2AuthorizationRequestRepository();
+
+	private AuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository = new HttpSessionOAuth2AuthorizationRequestRepository();
+
 	private RequestCache requestCache = new HttpSessionRequestCache();
 
 	/**
-	 * Constructs an {@code OAuth2AuthorizationRequestRedirectFilter} using the provided parameters.
-	 *
+	 * Constructs an {@code OAuth2AuthorizationRequestRedirectFilter} using the provided
+	 * parameters.
 	 * @param clientRegistrationRepository the repository of client registrations
 	 */
 	public OAuth2AuthorizationRequestRedirectFilter(ClientRegistrationRepository clientRegistrationRepository) {
@@ -96,24 +110,27 @@ public class OAuth2AuthorizationRequestRedirectFilter extends OncePerRequestFilt
 	}
 
 	/**
-	 * Constructs an {@code OAuth2AuthorizationRequestRedirectFilter} using the provided parameters.
-	 *
+	 * Constructs an {@code OAuth2AuthorizationRequestRedirectFilter} using the provided
+	 * parameters.
 	 * @param clientRegistrationRepository the repository of client registrations
-	 * @param authorizationRequestBaseUri the base {@code URI} used for authorization requests
+	 * @param authorizationRequestBaseUri the base {@code URI} used for authorization
+	 * requests
 	 */
 	public OAuth2AuthorizationRequestRedirectFilter(ClientRegistrationRepository clientRegistrationRepository,
-													String authorizationRequestBaseUri) {
+			String authorizationRequestBaseUri) {
 		Assert.notNull(clientRegistrationRepository, "clientRegistrationRepository cannot be null");
 		Assert.hasText(authorizationRequestBaseUri, "authorizationRequestBaseUri cannot be empty");
-		this.authorizationRequestResolver = new DefaultOAuth2AuthorizationRequestResolver(
-				clientRegistrationRepository, authorizationRequestBaseUri);
+		this.authorizationRequestResolver = new DefaultOAuth2AuthorizationRequestResolver(clientRegistrationRepository,
+				authorizationRequestBaseUri);
 	}
 
 	/**
-	 * Constructs an {@code OAuth2AuthorizationRequestRedirectFilter} using the provided parameters.
+	 * Constructs an {@code OAuth2AuthorizationRequestRedirectFilter} using the provided
+	 * parameters.
 	 *
 	 * @since 5.1
-	 * @param authorizationRequestResolver the resolver used for resolving authorization requests
+	 * @param authorizationRequestResolver the resolver used for resolving authorization
+	 * requests
 	 */
 	public OAuth2AuthorizationRequestRedirectFilter(OAuth2AuthorizationRequestResolver authorizationRequestResolver) {
 		Assert.notNull(authorizationRequestResolver, "authorizationRequestResolver cannot be null");
@@ -122,18 +139,18 @@ public class OAuth2AuthorizationRequestRedirectFilter extends OncePerRequestFilt
 
 	/**
 	 * Sets the repository used for storing {@link OAuth2AuthorizationRequest}'s.
-	 *
-	 * @param authorizationRequestRepository the repository used for storing {@link OAuth2AuthorizationRequest}'s
+	 * @param authorizationRequestRepository the repository used for storing
+	 * {@link OAuth2AuthorizationRequest}'s
 	 */
-	public final void setAuthorizationRequestRepository(AuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository) {
+	public final void setAuthorizationRequestRepository(
+			AuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository) {
 		Assert.notNull(authorizationRequestRepository, "authorizationRequestRepository cannot be null");
 		this.authorizationRequestRepository = authorizationRequestRepository;
 	}
 
 	/**
-	 * Sets the {@link RequestCache} used for storing the current request
-	 * before redirecting the OAuth 2.0 Authorization Request.
-	 *
+	 * Sets the {@link RequestCache} used for storing the current request before
+	 * redirecting the OAuth 2.0 Authorization Request.
 	 * @param requestCache the cache used for storing the current request
 	 */
 	public final void setRequestCache(RequestCache requestCache) {
@@ -151,29 +168,34 @@ public class OAuth2AuthorizationRequestRedirectFilter extends OncePerRequestFilt
 				this.sendRedirectForAuthorization(request, response, authorizationRequest);
 				return;
 			}
-		} catch (Exception failed) {
+		}
+		catch (Exception failed) {
 			this.unsuccessfulRedirectForAuthorization(request, response, failed);
 			return;
 		}
 
 		try {
 			filterChain.doFilter(request, response);
-		} catch (IOException ex) {
+		}
+		catch (IOException ex) {
 			throw ex;
-		} catch (Exception ex) {
+		}
+		catch (Exception ex) {
 			// Check to see if we need to handle ClientAuthorizationRequiredException
 			Throwable[] causeChain = this.throwableAnalyzer.determineCauseChain(ex);
 			ClientAuthorizationRequiredException authzEx = (ClientAuthorizationRequiredException) this.throwableAnalyzer
-				.getFirstThrowableOfType(ClientAuthorizationRequiredException.class, causeChain);
+					.getFirstThrowableOfType(ClientAuthorizationRequiredException.class, causeChain);
 			if (authzEx != null) {
 				try {
-					OAuth2AuthorizationRequest authorizationRequest = this.authorizationRequestResolver.resolve(request, authzEx.getClientRegistrationId());
+					OAuth2AuthorizationRequest authorizationRequest = this.authorizationRequestResolver.resolve(request,
+							authzEx.getClientRegistrationId());
 					if (authorizationRequest == null) {
 						throw authzEx;
 					}
 					this.sendRedirectForAuthorization(request, response, authorizationRequest);
 					this.requestCache.saveRequest(request, response);
-				} catch (Exception failed) {
+				}
+				catch (Exception failed) {
 					this.unsuccessfulRedirectForAuthorization(request, response, failed);
 				}
 				return;
@@ -181,33 +203,38 @@ public class OAuth2AuthorizationRequestRedirectFilter extends OncePerRequestFilt
 
 			if (ex instanceof ServletException) {
 				throw (ServletException) ex;
-			} else if (ex instanceof RuntimeException) {
+			}
+			else if (ex instanceof RuntimeException) {
 				throw (RuntimeException) ex;
-			} else {
+			}
+			else {
 				throw new RuntimeException(ex);
 			}
 		}
 	}
 
 	private void sendRedirectForAuthorization(HttpServletRequest request, HttpServletResponse response,
-												OAuth2AuthorizationRequest authorizationRequest) throws IOException {
+			OAuth2AuthorizationRequest authorizationRequest) throws IOException {
 
 		if (AuthorizationGrantType.AUTHORIZATION_CODE.equals(authorizationRequest.getGrantType())) {
 			this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, request, response);
 		}
-		this.authorizationRedirectStrategy.sendRedirect(request, response, authorizationRequest.getAuthorizationRequestUri());
+		this.authorizationRedirectStrategy.sendRedirect(request, response,
+				authorizationRequest.getAuthorizationRequestUri());
 	}
 
 	private void unsuccessfulRedirectForAuthorization(HttpServletRequest request, HttpServletResponse response,
-														Exception failed) throws IOException {
+			Exception failed) throws IOException {
 
 		if (logger.isErrorEnabled()) {
 			logger.error("Authorization Request failed: " + failed.toString(), failed);
 		}
-		response.sendError(HttpStatus.INTERNAL_SERVER_ERROR.value(), HttpStatus.INTERNAL_SERVER_ERROR.getReasonPhrase());
+		response.sendError(HttpStatus.INTERNAL_SERVER_ERROR.value(),
+				HttpStatus.INTERNAL_SERVER_ERROR.getReasonPhrase());
 	}
 
 	private static final class DefaultThrowableAnalyzer extends ThrowableAnalyzer {
+
 		protected void initExtractorMap() {
 			super.initExtractorMap();
 			registerExtractor(ServletException.class, throwable -> {
@@ -215,5 +242,7 @@ public class OAuth2AuthorizationRequestRedirectFilter extends OncePerRequestFilt
 				return ((ServletException) throwable).getRootCause();
 			});
 		}
+
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestResolver.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestResolver.java
index 10940c2373..372dfd290a 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestResolver.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestResolver.java
@@ -20,9 +20,10 @@ import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequ
 import javax.servlet.http.HttpServletRequest;
 
 /**
- * Implementations of this interface are capable of resolving
- * an {@link OAuth2AuthorizationRequest} from the provided {@code HttpServletRequest}.
- * Used by the {@link OAuth2AuthorizationRequestRedirectFilter} for resolving Authorization Requests.
+ * Implementations of this interface are capable of resolving an
+ * {@link OAuth2AuthorizationRequest} from the provided {@code HttpServletRequest}. Used
+ * by the {@link OAuth2AuthorizationRequestRedirectFilter} for resolving Authorization
+ * Requests.
  *
  * @author Joe Grandja
  * @author Rob Winch
@@ -33,21 +34,21 @@ import javax.servlet.http.HttpServletRequest;
 public interface OAuth2AuthorizationRequestResolver {
 
 	/**
-	 * Returns the {@link OAuth2AuthorizationRequest} resolved from
-	 * the provided {@code HttpServletRequest} or {@code null} if not available.
-	 *
+	 * Returns the {@link OAuth2AuthorizationRequest} resolved from the provided
+	 * {@code HttpServletRequest} or {@code null} if not available.
 	 * @param request the {@code HttpServletRequest}
-	 * @return the resolved {@link OAuth2AuthorizationRequest} or {@code null} if not available
+	 * @return the resolved {@link OAuth2AuthorizationRequest} or {@code null} if not
+	 * available
 	 */
 	OAuth2AuthorizationRequest resolve(HttpServletRequest request);
 
 	/**
-	 * Returns the {@link OAuth2AuthorizationRequest} resolved from
-	 * the provided {@code HttpServletRequest} or {@code null} if not available.
-	 *
+	 * Returns the {@link OAuth2AuthorizationRequest} resolved from the provided
+	 * {@code HttpServletRequest} or {@code null} if not available.
 	 * @param request the {@code HttpServletRequest}
 	 * @param clientRegistrationId the clientRegistrationId to use
-	 * @return the resolved {@link OAuth2AuthorizationRequest} or {@code null} if not available
+	 * @return the resolved {@link OAuth2AuthorizationRequest} or {@code null} if not
+	 * available
 	 */
 	OAuth2AuthorizationRequest resolve(HttpServletRequest request, String clientRegistrationId);
 
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationResponseUtils.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationResponseUtils.java
index 5443c895fb..23bcd88174 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationResponseUtils.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationResponseUtils.java
@@ -52,13 +52,13 @@ final class OAuth2AuthorizationResponseUtils {
 	}
 
 	static boolean isAuthorizationResponseSuccess(MultiValueMap<String, String> request) {
-		return StringUtils.hasText(request.getFirst(OAuth2ParameterNames.CODE)) &&
-			StringUtils.hasText(request.getFirst(OAuth2ParameterNames.STATE));
+		return StringUtils.hasText(request.getFirst(OAuth2ParameterNames.CODE))
+				&& StringUtils.hasText(request.getFirst(OAuth2ParameterNames.STATE));
 	}
 
 	static boolean isAuthorizationResponseError(MultiValueMap<String, String> request) {
-		return StringUtils.hasText(request.getFirst(OAuth2ParameterNames.ERROR)) &&
-			StringUtils.hasText(request.getFirst(OAuth2ParameterNames.STATE));
+		return StringUtils.hasText(request.getFirst(OAuth2ParameterNames.ERROR))
+				&& StringUtils.hasText(request.getFirst(OAuth2ParameterNames.STATE));
 	}
 
 	static OAuth2AuthorizationResponse convert(MultiValueMap<String, String> request, String redirectUri) {
@@ -67,19 +67,14 @@ final class OAuth2AuthorizationResponseUtils {
 		String state = request.getFirst(OAuth2ParameterNames.STATE);
 
 		if (StringUtils.hasText(code)) {
-			return OAuth2AuthorizationResponse.success(code)
-				.redirectUri(redirectUri)
-				.state(state)
-				.build();
-		} else {
+			return OAuth2AuthorizationResponse.success(code).redirectUri(redirectUri).state(state).build();
+		}
+		else {
 			String errorDescription = request.getFirst(OAuth2ParameterNames.ERROR_DESCRIPTION);
 			String errorUri = request.getFirst(OAuth2ParameterNames.ERROR_URI);
-			return OAuth2AuthorizationResponse.error(errorCode)
-				.redirectUri(redirectUri)
-				.errorDescription(errorDescription)
-				.errorUri(errorUri)
-				.state(state)
-				.build();
+			return OAuth2AuthorizationResponse.error(errorCode).redirectUri(redirectUri)
+					.errorDescription(errorDescription).errorUri(errorUri).state(state).build();
 		}
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizedClientRepository.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizedClientRepository.java
index b509f614dc..459c3f966e 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizedClientRepository.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizedClientRepository.java
@@ -24,15 +24,15 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 /**
- * Implementations of this interface are responsible for the persistence
- * of {@link OAuth2AuthorizedClient Authorized Client(s)} between requests.
+ * Implementations of this interface are responsible for the persistence of
+ * {@link OAuth2AuthorizedClient Authorized Client(s)} between requests.
  *
  * <p>
- * The primary purpose of an {@link OAuth2AuthorizedClient Authorized Client}
- * is to associate an {@link OAuth2AuthorizedClient#getAccessToken() Access Token} credential
- * to a {@link OAuth2AuthorizedClient#getClientRegistration() Client} and Resource Owner,
- * who is the {@link OAuth2AuthorizedClient#getPrincipalName() Principal}
- * that originally granted the authorization.
+ * The primary purpose of an {@link OAuth2AuthorizedClient Authorized Client} is to
+ * associate an {@link OAuth2AuthorizedClient#getAccessToken() Access Token} credential to
+ * a {@link OAuth2AuthorizedClient#getClientRegistration() Client} and Resource Owner, who
+ * is the {@link OAuth2AuthorizedClient#getPrincipalName() Principal} that originally
+ * granted the authorization.
  *
  * @author Joe Grandja
  * @since 5.1
@@ -44,10 +44,9 @@ import javax.servlet.http.HttpServletResponse;
 public interface OAuth2AuthorizedClientRepository {
 
 	/**
-	 * Returns the {@link OAuth2AuthorizedClient} associated to the
-	 * provided client registration identifier and End-User {@link Authentication} (Resource Owner)
-	 * or {@code null} if not available.
-	 *
+	 * Returns the {@link OAuth2AuthorizedClient} associated to the provided client
+	 * registration identifier and End-User {@link Authentication} (Resource Owner) or
+	 * {@code null} if not available.
 	 * @param clientRegistrationId the identifier for the client's registration
 	 * @param principal the End-User {@link Authentication} (Resource Owner)
 	 * @param request the {@code HttpServletRequest}
@@ -55,30 +54,28 @@ public interface OAuth2AuthorizedClientRepository {
 	 * @return the {@link OAuth2AuthorizedClient} or {@code null} if not available
 	 */
 	<T extends OAuth2AuthorizedClient> T loadAuthorizedClient(String clientRegistrationId, Authentication principal,
-																HttpServletRequest request);
+			HttpServletRequest request);
 
 	/**
-	 * Saves the {@link OAuth2AuthorizedClient} associating it to
-	 * the provided End-User {@link Authentication} (Resource Owner).
-	 *
+	 * Saves the {@link OAuth2AuthorizedClient} associating it to the provided End-User
+	 * {@link Authentication} (Resource Owner).
 	 * @param authorizedClient the authorized client
 	 * @param principal the End-User {@link Authentication} (Resource Owner)
 	 * @param request the {@code HttpServletRequest}
 	 * @param response the {@code HttpServletResponse}
 	 */
 	void saveAuthorizedClient(OAuth2AuthorizedClient authorizedClient, Authentication principal,
-								HttpServletRequest request, HttpServletResponse response);
+			HttpServletRequest request, HttpServletResponse response);
 
 	/**
-	 * Removes the {@link OAuth2AuthorizedClient} associated to the
-	 * provided client registration identifier and End-User {@link Authentication} (Resource Owner).
-	 *
+	 * Removes the {@link OAuth2AuthorizedClient} associated to the provided client
+	 * registration identifier and End-User {@link Authentication} (Resource Owner).
 	 * @param clientRegistrationId the identifier for the client's registration
 	 * @param principal the End-User {@link Authentication} (Resource Owner)
 	 * @param request the {@code HttpServletRequest}
 	 * @param response the {@code HttpServletResponse}
 	 */
-	void removeAuthorizedClient(String clientRegistrationId, Authentication principal,
-								HttpServletRequest request, HttpServletResponse response);
+	void removeAuthorizedClient(String clientRegistrationId, Authentication principal, HttpServletRequest request,
+			HttpServletResponse response);
 
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilter.java
index d98922fe3a..b622d9019e 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilter.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilter.java
@@ -43,36 +43,34 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 /**
- * An implementation of an {@link AbstractAuthenticationProcessingFilter} for OAuth 2.0 Login.
+ * An implementation of an {@link AbstractAuthenticationProcessingFilter} for OAuth 2.0
+ * Login.
  *
  * <p>
- * This authentication {@code Filter} handles the processing of an OAuth 2.0 Authorization Response
- * for the authorization code grant flow and delegates an {@link OAuth2LoginAuthenticationToken}
- * to the {@link AuthenticationManager} to log in the End-User.
+ * This authentication {@code Filter} handles the processing of an OAuth 2.0 Authorization
+ * Response for the authorization code grant flow and delegates an
+ * {@link OAuth2LoginAuthenticationToken} to the {@link AuthenticationManager} to log in
+ * the End-User.
  *
  * <p>
  * The OAuth 2.0 Authorization Response is processed as follows:
  *
  * <ul>
- * <li>
- *	Assuming the End-User (Resource Owner) has granted access to the Client, the Authorization Server will append the
- *	{@link OAuth2ParameterNames#CODE code} and {@link OAuth2ParameterNames#STATE state} parameters
- *	to the {@link OAuth2ParameterNames#REDIRECT_URI redirect_uri} (provided in the Authorization Request)
- *	and redirect the End-User's user-agent back to this {@code Filter} (the Client).
- * </li>
- * <li>
- *  This {@code Filter} will then create an {@link OAuth2LoginAuthenticationToken} with
- *  the {@link OAuth2ParameterNames#CODE code} received and
- *  delegate it to the {@link AuthenticationManager} to authenticate.
- * </li>
- * <li>
- *  Upon a successful authentication, an {@link OAuth2AuthenticationToken} is created (representing the End-User {@code Principal})
- *  and associated to the {@link OAuth2AuthorizedClient Authorized Client} using the {@link OAuth2AuthorizedClientRepository}.
- * </li>
- * <li>
- *  Finally, the {@link OAuth2AuthenticationToken} is returned and ultimately stored
- *  in the {@link SecurityContextRepository} to complete the authentication processing.
- * </li>
+ * <li>Assuming the End-User (Resource Owner) has granted access to the Client, the
+ * Authorization Server will append the {@link OAuth2ParameterNames#CODE code} and
+ * {@link OAuth2ParameterNames#STATE state} parameters to the
+ * {@link OAuth2ParameterNames#REDIRECT_URI redirect_uri} (provided in the Authorization
+ * Request) and redirect the End-User's user-agent back to this {@code Filter} (the
+ * Client).</li>
+ * <li>This {@code Filter} will then create an {@link OAuth2LoginAuthenticationToken} with
+ * the {@link OAuth2ParameterNames#CODE code} received and delegate it to the
+ * {@link AuthenticationManager} to authenticate.</li>
+ * <li>Upon a successful authentication, an {@link OAuth2AuthenticationToken} is created
+ * (representing the End-User {@code Principal}) and associated to the
+ * {@link OAuth2AuthorizedClient Authorized Client} using the
+ * {@link OAuth2AuthorizedClientRepository}.</li>
+ * <li>Finally, the {@link OAuth2AuthenticationToken} is returned and ultimately stored in
+ * the {@link SecurityContextRepository} to complete the authentication processing.</li>
  * </ul>
  *
  * @author Joe Grandja
@@ -88,57 +86,68 @@ import javax.servlet.http.HttpServletResponse;
  * @see ClientRegistrationRepository
  * @see OAuth2AuthorizedClient
  * @see OAuth2AuthorizedClientRepository
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1">Section 4.1 Authorization Code Grant</a>
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1.2">Section 4.1.2 Authorization Response</a>
+ * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1">Section
+ * 4.1 Authorization Code Grant</a>
+ * @see <a target="_blank" href=
+ * "https://tools.ietf.org/html/rfc6749#section-4.1.2">Section 4.1.2 Authorization
+ * Response</a>
  */
 public class OAuth2LoginAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
-	/**
-	 * The default {@code URI} where this {@code Filter} processes authentication requests.
-	 */
-	public static final String DEFAULT_FILTER_PROCESSES_URI = "/login/oauth2/code/*";
-	private static final String AUTHORIZATION_REQUEST_NOT_FOUND_ERROR_CODE = "authorization_request_not_found";
-	private static final String CLIENT_REGISTRATION_NOT_FOUND_ERROR_CODE = "client_registration_not_found";
-	private ClientRegistrationRepository clientRegistrationRepository;
-	private OAuth2AuthorizedClientRepository authorizedClientRepository;
-	private AuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository =
-		new HttpSessionOAuth2AuthorizationRequestRepository();
 
 	/**
-	 * Constructs an {@code OAuth2LoginAuthenticationFilter} using the provided parameters.
-	 *
+	 * The default {@code URI} where this {@code Filter} processes authentication
+	 * requests.
+	 */
+	public static final String DEFAULT_FILTER_PROCESSES_URI = "/login/oauth2/code/*";
+
+	private static final String AUTHORIZATION_REQUEST_NOT_FOUND_ERROR_CODE = "authorization_request_not_found";
+
+	private static final String CLIENT_REGISTRATION_NOT_FOUND_ERROR_CODE = "client_registration_not_found";
+
+	private ClientRegistrationRepository clientRegistrationRepository;
+
+	private OAuth2AuthorizedClientRepository authorizedClientRepository;
+
+	private AuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository = new HttpSessionOAuth2AuthorizationRequestRepository();
+
+	/**
+	 * Constructs an {@code OAuth2LoginAuthenticationFilter} using the provided
+	 * parameters.
 	 * @param clientRegistrationRepository the repository of client registrations
 	 * @param authorizedClientService the authorized client service
 	 */
 	public OAuth2LoginAuthenticationFilter(ClientRegistrationRepository clientRegistrationRepository,
-											OAuth2AuthorizedClientService authorizedClientService) {
+			OAuth2AuthorizedClientService authorizedClientService) {
 		this(clientRegistrationRepository, authorizedClientService, DEFAULT_FILTER_PROCESSES_URI);
 	}
 
 	/**
-	 * Constructs an {@code OAuth2LoginAuthenticationFilter} using the provided parameters.
-	 *
+	 * Constructs an {@code OAuth2LoginAuthenticationFilter} using the provided
+	 * parameters.
 	 * @param clientRegistrationRepository the repository of client registrations
 	 * @param authorizedClientService the authorized client service
-	 * @param filterProcessesUrl the {@code URI} where this {@code Filter} will process the authentication requests
+	 * @param filterProcessesUrl the {@code URI} where this {@code Filter} will process
+	 * the authentication requests
 	 */
 	public OAuth2LoginAuthenticationFilter(ClientRegistrationRepository clientRegistrationRepository,
-											OAuth2AuthorizedClientService authorizedClientService,
-											String filterProcessesUrl) {
+			OAuth2AuthorizedClientService authorizedClientService, String filterProcessesUrl) {
 		this(clientRegistrationRepository,
-				new AuthenticatedPrincipalOAuth2AuthorizedClientRepository(authorizedClientService), filterProcessesUrl);
+				new AuthenticatedPrincipalOAuth2AuthorizedClientRepository(authorizedClientService),
+				filterProcessesUrl);
 	}
 
 	/**
-	 * Constructs an {@code OAuth2LoginAuthenticationFilter} using the provided parameters.
+	 * Constructs an {@code OAuth2LoginAuthenticationFilter} using the provided
+	 * parameters.
 	 *
 	 * @since 5.1
 	 * @param clientRegistrationRepository the repository of client registrations
 	 * @param authorizedClientRepository the authorized client repository
-	 * @param filterProcessesUrl the {@code URI} where this {@code Filter} will process the authentication requests
+	 * @param filterProcessesUrl the {@code URI} where this {@code Filter} will process
+	 * the authentication requests
 	 */
 	public OAuth2LoginAuthenticationFilter(ClientRegistrationRepository clientRegistrationRepository,
-											OAuth2AuthorizedClientRepository authorizedClientRepository,
-											String filterProcessesUrl) {
+			OAuth2AuthorizedClientRepository authorizedClientRepository, String filterProcessesUrl) {
 		super(filterProcessesUrl);
 		Assert.notNull(clientRegistrationRepository, "clientRegistrationRepository cannot be null");
 		Assert.notNull(authorizedClientRepository, "authorizedClientRepository cannot be null");
@@ -156,8 +165,8 @@ public class OAuth2LoginAuthenticationFilter extends AbstractAuthenticationProce
 			throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
 		}
 
-		OAuth2AuthorizationRequest authorizationRequest =
-				this.authorizationRequestRepository.removeAuthorizationRequest(request, response);
+		OAuth2AuthorizationRequest authorizationRequest = this.authorizationRequestRepository
+				.removeAuthorizationRequest(request, response);
 		if (authorizationRequest == null) {
 			OAuth2Error oauth2Error = new OAuth2Error(AUTHORIZATION_REQUEST_NOT_FOUND_ERROR_CODE);
 			throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
@@ -170,31 +179,27 @@ public class OAuth2LoginAuthenticationFilter extends AbstractAuthenticationProce
 					"Client Registration not found with Id: " + registrationId, null);
 			throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
 		}
-		String redirectUri = UriComponentsBuilder.fromHttpUrl(UrlUtils.buildFullRequestUrl(request))
-				.replaceQuery(null)
-				.build()
-				.toUriString();
-		OAuth2AuthorizationResponse authorizationResponse = OAuth2AuthorizationResponseUtils.convert(params, redirectUri);
+		String redirectUri = UriComponentsBuilder.fromHttpUrl(UrlUtils.buildFullRequestUrl(request)).replaceQuery(null)
+				.build().toUriString();
+		OAuth2AuthorizationResponse authorizationResponse = OAuth2AuthorizationResponseUtils.convert(params,
+				redirectUri);
 
 		Object authenticationDetails = this.authenticationDetailsSource.buildDetails(request);
-		OAuth2LoginAuthenticationToken authenticationRequest = new OAuth2LoginAuthenticationToken(
-				clientRegistration, new OAuth2AuthorizationExchange(authorizationRequest, authorizationResponse));
+		OAuth2LoginAuthenticationToken authenticationRequest = new OAuth2LoginAuthenticationToken(clientRegistration,
+				new OAuth2AuthorizationExchange(authorizationRequest, authorizationResponse));
 		authenticationRequest.setDetails(authenticationDetails);
 
-		OAuth2LoginAuthenticationToken authenticationResult =
-			(OAuth2LoginAuthenticationToken) this.getAuthenticationManager().authenticate(authenticationRequest);
+		OAuth2LoginAuthenticationToken authenticationResult = (OAuth2LoginAuthenticationToken) this
+				.getAuthenticationManager().authenticate(authenticationRequest);
 
 		OAuth2AuthenticationToken oauth2Authentication = new OAuth2AuthenticationToken(
-			authenticationResult.getPrincipal(),
-			authenticationResult.getAuthorities(),
-			authenticationResult.getClientRegistration().getRegistrationId());
+				authenticationResult.getPrincipal(), authenticationResult.getAuthorities(),
+				authenticationResult.getClientRegistration().getRegistrationId());
 		oauth2Authentication.setDetails(authenticationDetails);
 
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(
-			authenticationResult.getClientRegistration(),
-			oauth2Authentication.getName(),
-			authenticationResult.getAccessToken(),
-			authenticationResult.getRefreshToken());
+				authenticationResult.getClientRegistration(), oauth2Authentication.getName(),
+				authenticationResult.getAccessToken(), authenticationResult.getRefreshToken());
 
 		this.authorizedClientRepository.saveAuthorizedClient(authorizedClient, oauth2Authentication, request, response);
 
@@ -203,11 +208,13 @@ public class OAuth2LoginAuthenticationFilter extends AbstractAuthenticationProce
 
 	/**
 	 * Sets the repository for stored {@link OAuth2AuthorizationRequest}'s.
-	 *
-	 * @param authorizationRequestRepository the repository for stored {@link OAuth2AuthorizationRequest}'s
+	 * @param authorizationRequestRepository the repository for stored
+	 * {@link OAuth2AuthorizationRequest}'s
 	 */
-	public final void setAuthorizationRequestRepository(AuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository) {
+	public final void setAuthorizationRequestRepository(
+			AuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository) {
 		Assert.notNull(authorizationRequestRepository, "authorizationRequestRepository cannot be null");
 		this.authorizationRequestRepository = authorizationRequestRepository;
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolver.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolver.java
index 8241f1bce1..c01e94da0c 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolver.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolver.java
@@ -47,12 +47,12 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 /**
- * An implementation of a {@link HandlerMethodArgumentResolver} that is capable
- * of resolving a method parameter to an argument value of type {@link OAuth2AuthorizedClient}.
+ * An implementation of a {@link HandlerMethodArgumentResolver} that is capable of
+ * resolving a method parameter to an argument value of type
+ * {@link OAuth2AuthorizedClient}.
  *
  * <p>
- * For example:
- * <pre>
+ * For example: <pre>
  * &#64;Controller
  * public class MyController {
  *     &#64;GetMapping("/authorized-client")
@@ -67,16 +67,21 @@ import javax.servlet.http.HttpServletResponse;
  * @see RegisteredOAuth2AuthorizedClient
  */
 public final class OAuth2AuthorizedClientArgumentResolver implements HandlerMethodArgumentResolver {
-	private static final Authentication ANONYMOUS_AUTHENTICATION = new AnonymousAuthenticationToken(
-			"anonymous", "anonymousUser", AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS"));
+
+	private static final Authentication ANONYMOUS_AUTHENTICATION = new AnonymousAuthenticationToken("anonymous",
+			"anonymousUser", AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS"));
+
 	private OAuth2AuthorizedClientManager authorizedClientManager;
+
 	private boolean defaultAuthorizedClientManager;
 
 	/**
-	 * Constructs an {@code OAuth2AuthorizedClientArgumentResolver} using the provided parameters.
+	 * Constructs an {@code OAuth2AuthorizedClientArgumentResolver} using the provided
+	 * parameters.
 	 *
 	 * @since 5.2
-	 * @param authorizedClientManager the {@link OAuth2AuthorizedClientManager} which manages the authorized client(s)
+	 * @param authorizedClientManager the {@link OAuth2AuthorizedClientManager} which
+	 * manages the authorized client(s)
 	 */
 	public OAuth2AuthorizedClientArgumentResolver(OAuth2AuthorizedClientManager authorizedClientManager) {
 		Assert.notNull(authorizedClientManager, "authorizedClientManager cannot be null");
@@ -84,40 +89,37 @@ public final class OAuth2AuthorizedClientArgumentResolver implements HandlerMeth
 	}
 
 	/**
-	 * Constructs an {@code OAuth2AuthorizedClientArgumentResolver} using the provided parameters.
-	 *
+	 * Constructs an {@code OAuth2AuthorizedClientArgumentResolver} using the provided
+	 * parameters.
 	 * @param clientRegistrationRepository the repository of client registrations
 	 * @param authorizedClientRepository the repository of authorized clients
 	 */
 	public OAuth2AuthorizedClientArgumentResolver(ClientRegistrationRepository clientRegistrationRepository,
-													OAuth2AuthorizedClientRepository authorizedClientRepository) {
+			OAuth2AuthorizedClientRepository authorizedClientRepository) {
 		Assert.notNull(clientRegistrationRepository, "clientRegistrationRepository cannot be null");
 		Assert.notNull(authorizedClientRepository, "authorizedClientRepository cannot be null");
-		this.authorizedClientManager = new DefaultOAuth2AuthorizedClientManager(
-				clientRegistrationRepository, authorizedClientRepository);
+		this.authorizedClientManager = new DefaultOAuth2AuthorizedClientManager(clientRegistrationRepository,
+				authorizedClientRepository);
 		this.defaultAuthorizedClientManager = true;
 	}
 
 	@Override
 	public boolean supportsParameter(MethodParameter parameter) {
 		Class<?> parameterType = parameter.getParameterType();
-		return (OAuth2AuthorizedClient.class.isAssignableFrom(parameterType) &&
-				(AnnotatedElementUtils.findMergedAnnotation(
-						parameter.getParameter(), RegisteredOAuth2AuthorizedClient.class) != null));
+		return (OAuth2AuthorizedClient.class.isAssignableFrom(parameterType) && (AnnotatedElementUtils
+				.findMergedAnnotation(parameter.getParameter(), RegisteredOAuth2AuthorizedClient.class) != null));
 	}
 
 	@NonNull
 	@Override
-	public Object resolveArgument(MethodParameter parameter,
-									@Nullable ModelAndViewContainer mavContainer,
-									NativeWebRequest webRequest,
-									@Nullable WebDataBinderFactory binderFactory) {
+	public Object resolveArgument(MethodParameter parameter, @Nullable ModelAndViewContainer mavContainer,
+			NativeWebRequest webRequest, @Nullable WebDataBinderFactory binderFactory) {
 
 		String clientRegistrationId = this.resolveClientRegistrationId(parameter);
 		if (StringUtils.isEmpty(clientRegistrationId)) {
-			throw new IllegalArgumentException("Unable to resolve the Client Registration Identifier. " +
-					"It must be provided via @RegisteredOAuth2AuthorizedClient(\"client1\") or " +
-					"@RegisteredOAuth2AuthorizedClient(registrationId = \"client1\").");
+			throw new IllegalArgumentException("Unable to resolve the Client Registration Identifier. "
+					+ "It must be provided via @RegisteredOAuth2AuthorizedClient(\"client1\") or "
+					+ "@RegisteredOAuth2AuthorizedClient(registrationId = \"client1\").");
 		}
 
 		Authentication principal = SecurityContextHolder.getContext().getAuthentication();
@@ -128,26 +130,26 @@ public final class OAuth2AuthorizedClientArgumentResolver implements HandlerMeth
 		HttpServletResponse servletResponse = webRequest.getNativeResponse(HttpServletResponse.class);
 
 		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest.withClientRegistrationId(clientRegistrationId)
-				.principal(principal)
-				.attribute(HttpServletRequest.class.getName(), servletRequest)
-				.attribute(HttpServletResponse.class.getName(), servletResponse)
-				.build();
+				.principal(principal).attribute(HttpServletRequest.class.getName(), servletRequest)
+				.attribute(HttpServletResponse.class.getName(), servletResponse).build();
 
 		return this.authorizedClientManager.authorize(authorizeRequest);
 	}
 
 	private String resolveClientRegistrationId(MethodParameter parameter) {
-		RegisteredOAuth2AuthorizedClient authorizedClientAnnotation = AnnotatedElementUtils.findMergedAnnotation(
-				parameter.getParameter(), RegisteredOAuth2AuthorizedClient.class);
+		RegisteredOAuth2AuthorizedClient authorizedClientAnnotation = AnnotatedElementUtils
+				.findMergedAnnotation(parameter.getParameter(), RegisteredOAuth2AuthorizedClient.class);
 
 		Authentication principal = SecurityContextHolder.getContext().getAuthentication();
 
 		String clientRegistrationId = null;
 		if (!StringUtils.isEmpty(authorizedClientAnnotation.registrationId())) {
 			clientRegistrationId = authorizedClientAnnotation.registrationId();
-		} else if (!StringUtils.isEmpty(authorizedClientAnnotation.value())) {
+		}
+		else if (!StringUtils.isEmpty(authorizedClientAnnotation.value())) {
 			clientRegistrationId = authorizedClientAnnotation.value();
-		} else if (principal != null && OAuth2AuthenticationToken.class.isAssignableFrom(principal.getClass())) {
+		}
+		else if (principal != null && OAuth2AuthenticationToken.class.isAssignableFrom(principal.getClass())) {
 			clientRegistrationId = ((OAuth2AuthenticationToken) principal).getAuthorizedClientRegistrationId();
 		}
 
@@ -155,34 +157,41 @@ public final class OAuth2AuthorizedClientArgumentResolver implements HandlerMeth
 	}
 
 	/**
-	 * Sets the client used when requesting an access token credential at the Token Endpoint for the {@code client_credentials} grant.
-	 *
-	 * @deprecated Use {@link #OAuth2AuthorizedClientArgumentResolver(OAuth2AuthorizedClientManager)} instead.
-	 * 				Create an instance of {@link ClientCredentialsOAuth2AuthorizedClientProvider} configured with a
-	 * 				{@link ClientCredentialsOAuth2AuthorizedClientProvider#setAccessTokenResponseClient(OAuth2AccessTokenResponseClient) DefaultClientCredentialsTokenResponseClient}
-	 * 				(or a custom one) and than supply it to {@link DefaultOAuth2AuthorizedClientManager#setAuthorizedClientProvider(OAuth2AuthorizedClientProvider) DefaultOAuth2AuthorizedClientManager}.
-	 *
-	 * @param clientCredentialsTokenResponseClient the client used when requesting an access token credential at the Token Endpoint for the {@code client_credentials} grant
+	 * Sets the client used when requesting an access token credential at the Token
+	 * Endpoint for the {@code client_credentials} grant.
+	 * @deprecated Use
+	 * {@link #OAuth2AuthorizedClientArgumentResolver(OAuth2AuthorizedClientManager)}
+	 * instead. Create an instance of
+	 * {@link ClientCredentialsOAuth2AuthorizedClientProvider} configured with a
+	 * {@link ClientCredentialsOAuth2AuthorizedClientProvider#setAccessTokenResponseClient(OAuth2AccessTokenResponseClient)
+	 * DefaultClientCredentialsTokenResponseClient} (or a custom one) and than supply it
+	 * to
+	 * {@link DefaultOAuth2AuthorizedClientManager#setAuthorizedClientProvider(OAuth2AuthorizedClientProvider)
+	 * DefaultOAuth2AuthorizedClientManager}.
+	 * @param clientCredentialsTokenResponseClient the client used when requesting an
+	 * access token credential at the Token Endpoint for the {@code client_credentials}
+	 * grant
 	 */
 	@Deprecated
 	public void setClientCredentialsTokenResponseClient(
 			OAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest> clientCredentialsTokenResponseClient) {
 		Assert.notNull(clientCredentialsTokenResponseClient, "clientCredentialsTokenResponseClient cannot be null");
-		Assert.state(this.defaultAuthorizedClientManager, "The client cannot be set when the constructor used is \"OAuth2AuthorizedClientArgumentResolver(OAuth2AuthorizedClientManager)\". " +
-				"Instead, use the constructor \"OAuth2AuthorizedClientArgumentResolver(ClientRegistrationRepository, OAuth2AuthorizedClientRepository)\".");
+		Assert.state(this.defaultAuthorizedClientManager,
+				"The client cannot be set when the constructor used is \"OAuth2AuthorizedClientArgumentResolver(OAuth2AuthorizedClientManager)\". "
+						+ "Instead, use the constructor \"OAuth2AuthorizedClientArgumentResolver(ClientRegistrationRepository, OAuth2AuthorizedClientRepository)\".");
 		updateDefaultAuthorizedClientManager(clientCredentialsTokenResponseClient);
 	}
 
 	private void updateDefaultAuthorizedClientManager(
 			OAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest> clientCredentialsTokenResponseClient) {
 
-		OAuth2AuthorizedClientProvider authorizedClientProvider =
-				OAuth2AuthorizedClientProviderBuilder.builder()
-						.authorizationCode()
-						.refreshToken()
-						.clientCredentials(configurer -> configurer.accessTokenResponseClient(clientCredentialsTokenResponseClient))
-						.password()
-						.build();
-		((DefaultOAuth2AuthorizedClientManager) this.authorizedClientManager).setAuthorizedClientProvider(authorizedClientProvider);
+		OAuth2AuthorizedClientProvider authorizedClientProvider = OAuth2AuthorizedClientProviderBuilder.builder()
+				.authorizationCode().refreshToken()
+				.clientCredentials(
+						configurer -> configurer.accessTokenResponseClient(clientCredentialsTokenResponseClient))
+				.password().build();
+		((DefaultOAuth2AuthorizedClientManager) this.authorizedClientManager)
+				.setAuthorizedClientProvider(authorizedClientProvider);
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunction.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunction.java
index 8291e26704..945f6e68e7 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunction.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunction.java
@@ -67,26 +67,37 @@ import java.util.stream.Collectors;
 import java.util.stream.Stream;
 
 /**
- * Provides an easy mechanism for using an {@link OAuth2AuthorizedClient} to make OAuth2 requests by including the
- * token as a Bearer Token.
+ * Provides an easy mechanism for using an {@link OAuth2AuthorizedClient} to make OAuth2
+ * requests by including the token as a Bearer Token.
  *
  * <h3>Authentication and Authorization Failures</h3>
  *
- * <p>Since 5.3, this filter function has the ability to forward authentication (HTTP 401 Unauthorized)
- * and authorization (HTTP 403 Forbidden) failures from an OAuth 2.0 Resource Server to a
- * {@link ReactiveOAuth2AuthorizationFailureHandler}.
- * A {@link RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler} can be used
- * to remove the cached {@link OAuth2AuthorizedClient}, so that future requests will result
- * in a new token being retrieved from an Authorization Server, and sent to the Resource Server.</p>
+ * <p>
+ * Since 5.3, this filter function has the ability to forward authentication (HTTP 401
+ * Unauthorized) and authorization (HTTP 403 Forbidden) failures from an OAuth 2.0
+ * Resource Server to a {@link ReactiveOAuth2AuthorizationFailureHandler}. A
+ * {@link RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler} can be used to
+ * remove the cached {@link OAuth2AuthorizedClient}, so that future requests will result
+ * in a new token being retrieved from an Authorization Server, and sent to the Resource
+ * Server.
+ * </p>
  *
- * <p>If the {@link #ServerOAuth2AuthorizedClientExchangeFilterFunction(ReactiveClientRegistrationRepository, ServerOAuth2AuthorizedClientRepository)}
- * constructor is used, a {@link RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler}
- * will be configured automatically.</p>
+ * <p>
+ * If the
+ * {@link #ServerOAuth2AuthorizedClientExchangeFilterFunction(ReactiveClientRegistrationRepository, ServerOAuth2AuthorizedClientRepository)}
+ * constructor is used, a
+ * {@link RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler} will be
+ * configured automatically.
+ * </p>
  *
- * <p>If the {@link #ServerOAuth2AuthorizedClientExchangeFilterFunction(ReactiveOAuth2AuthorizedClientManager)}
- * constructor is used, a {@link RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler}
- * will <em>NOT</em> be configured automatically.
- * It is recommended that you configure one via {@link #setAuthorizationFailureHandler(ReactiveOAuth2AuthorizationFailureHandler)}.</p>
+ * <p>
+ * If the
+ * {@link #ServerOAuth2AuthorizedClientExchangeFilterFunction(ReactiveOAuth2AuthorizedClientManager)}
+ * constructor is used, a
+ * {@link RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler} will
+ * <em>NOT</em> be configured automatically. It is recommended that you configure one via
+ * {@link #setAuthorizationFailureHandler(ReactiveOAuth2AuthorizationFailureHandler)}.
+ * </p>
  *
  * @author Rob Winch
  * @author Joe Grandja
@@ -94,36 +105,37 @@ import java.util.stream.Stream;
  * @since 5.1
  */
 public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements ExchangeFilterFunction {
+
 	/**
 	 * The request attribute name used to locate the {@link OAuth2AuthorizedClient}.
 	 */
 	private static final String OAUTH2_AUTHORIZED_CLIENT_ATTR_NAME = OAuth2AuthorizedClient.class.getName();
 
 	/**
-	 * The client request attribute name used to locate the {@link ClientRegistration#getRegistrationId()}
+	 * The client request attribute name used to locate the
+	 * {@link ClientRegistration#getRegistrationId()}
 	 */
-	private static final String CLIENT_REGISTRATION_ID_ATTR_NAME = OAuth2AuthorizedClient.class.getName().concat(".CLIENT_REGISTRATION_ID");
+	private static final String CLIENT_REGISTRATION_ID_ATTR_NAME = OAuth2AuthorizedClient.class.getName()
+			.concat(".CLIENT_REGISTRATION_ID");
 
 	/**
-	 * The request attribute name used to locate the {@link org.springframework.web.server.ServerWebExchange}.
+	 * The request attribute name used to locate the
+	 * {@link org.springframework.web.server.ServerWebExchange}.
 	 */
 	private static final String SERVER_WEB_EXCHANGE_ATTR_NAME = ServerWebExchange.class.getName();
 
-	private static final AnonymousAuthenticationToken ANONYMOUS_USER_TOKEN = new AnonymousAuthenticationToken("anonymous", "anonymousUser",
-			AuthorityUtils.createAuthorityList("ROLE_USER"));
+	private static final AnonymousAuthenticationToken ANONYMOUS_USER_TOKEN = new AnonymousAuthenticationToken(
+			"anonymous", "anonymousUser", AuthorityUtils.createAuthorityList("ROLE_USER"));
 
 	private final Mono<Authentication> currentAuthenticationMono = ReactiveSecurityContextHolder.getContext()
-			.map(SecurityContext::getAuthentication)
-			.defaultIfEmpty(ANONYMOUS_USER_TOKEN);
+			.map(SecurityContext::getAuthentication).defaultIfEmpty(ANONYMOUS_USER_TOKEN);
 
 	private final Mono<String> clientRegistrationIdMono = currentAuthenticationMono
 			.filter(t -> this.defaultOAuth2AuthorizedClient && t instanceof OAuth2AuthenticationToken)
-			.cast(OAuth2AuthenticationToken.class)
-			.map(OAuth2AuthenticationToken::getAuthorizedClientRegistrationId);
+			.cast(OAuth2AuthenticationToken.class).map(OAuth2AuthenticationToken::getAuthorizedClientRegistrationId);
 
 	private final Mono<ServerWebExchange> currentServerWebExchangeMono = Mono.subscriberContext()
-			.filter(c -> c.hasKey(ServerWebExchange.class))
-			.map(c -> c.get(ServerWebExchange.class));
+			.filter(c -> c.hasKey(ServerWebExchange.class)).map(c -> c.get(ServerWebExchange.class));
 
 	private final ReactiveOAuth2AuthorizedClientManager authorizedClientManager;
 
@@ -143,62 +155,72 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements
 
 	@FunctionalInterface
 	private interface ClientResponseHandler {
+
 		Mono<ClientResponse> handleResponse(ClientRequest request, Mono<ClientResponse> response);
+
 	}
 
 	/**
-	 * Constructs a {@code ServerOAuth2AuthorizedClientExchangeFilterFunction} using the provided parameters.
+	 * Constructs a {@code ServerOAuth2AuthorizedClientExchangeFilterFunction} using the
+	 * provided parameters.
 	 *
-	 * <p>When this constructor is used, authentication (HTTP 401) and authorization (HTTP 403)
-	 * failures returned from a OAuth 2.0 Resource Server will <em>NOT</em> be forwarded to a
-	 * {@link ReactiveOAuth2AuthorizationFailureHandler}.
-	 * Therefore, future requests to the Resource Server will most likely use the same (most likely invalid) token,
-	 * resulting in the same errors returned from the Resource Server.
-	 * It is recommended to configure a {@link RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler}
-	 * via {@link #setAuthorizationFailureHandler(ReactiveOAuth2AuthorizationFailureHandler)}
+	 * <p>
+	 * When this constructor is used, authentication (HTTP 401) and authorization (HTTP
+	 * 403) failures returned from a OAuth 2.0 Resource Server will <em>NOT</em> be
+	 * forwarded to a {@link ReactiveOAuth2AuthorizationFailureHandler}. Therefore, future
+	 * requests to the Resource Server will most likely use the same (most likely invalid)
+	 * token, resulting in the same errors returned from the Resource Server. It is
+	 * recommended to configure a
+	 * {@link RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler} via
+	 * {@link #setAuthorizationFailureHandler(ReactiveOAuth2AuthorizationFailureHandler)}
 	 * so that authentication and authorization failures returned from a Resource Server
-	 * will result in removing the authorized client, so that a new token is retrieved for future requests.</p>
+	 * will result in removing the authorized client, so that a new token is retrieved for
+	 * future requests.
+	 * </p>
 	 *
 	 * @since 5.2
-	 * @param authorizedClientManager the {@link ReactiveOAuth2AuthorizedClientManager} which manages the authorized client(s)
+	 * @param authorizedClientManager the {@link ReactiveOAuth2AuthorizedClientManager}
+	 * which manages the authorized client(s)
 	 */
-	public ServerOAuth2AuthorizedClientExchangeFilterFunction(ReactiveOAuth2AuthorizedClientManager authorizedClientManager) {
+	public ServerOAuth2AuthorizedClientExchangeFilterFunction(
+			ReactiveOAuth2AuthorizedClientManager authorizedClientManager) {
 		Assert.notNull(authorizedClientManager, "authorizedClientManager cannot be null");
 		this.authorizedClientManager = authorizedClientManager;
-		this.clientResponseHandler =  (request, responseMono) -> responseMono;
+		this.clientResponseHandler = (request, responseMono) -> responseMono;
 	}
 
 	/**
-	 * Constructs a {@code ServerOAuth2AuthorizedClientExchangeFilterFunction} using the provided parameters.
-	 *
-	 * <p>Since 5.3, when this constructor is used, authentication (HTTP 401)
-	 * and authorization (HTTP 403) failures returned from an OAuth 2.0 Resource Server
-	 * will be forwarded to a {@link RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler},
-	 * which will potentially remove the {@link OAuth2AuthorizedClient} from the given
-	 * {@link ServerOAuth2AuthorizedClientRepository}, depending on the OAuth 2.0 error code returned.
-	 * Authentication failures returned from an OAuth 2.0 Resource Server typically indicate
-	 * that the token is invalid, and should not be used in future requests.
-	 * Removing the authorized client from the repository will ensure that the existing
-	 * token will not be sent for future requests to the Resource Server,
-	 * and a new token is retrieved from Authorization Server and used for
-	 * future requests to the Resource Server.</p>
+	 * Constructs a {@code ServerOAuth2AuthorizedClientExchangeFilterFunction} using the
+	 * provided parameters.
 	 *
+	 * <p>
+	 * Since 5.3, when this constructor is used, authentication (HTTP 401) and
+	 * authorization (HTTP 403) failures returned from an OAuth 2.0 Resource Server will
+	 * be forwarded to a
+	 * {@link RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler}, which will
+	 * potentially remove the {@link OAuth2AuthorizedClient} from the given
+	 * {@link ServerOAuth2AuthorizedClientRepository}, depending on the OAuth 2.0 error
+	 * code returned. Authentication failures returned from an OAuth 2.0 Resource Server
+	 * typically indicate that the token is invalid, and should not be used in future
+	 * requests. Removing the authorized client from the repository will ensure that the
+	 * existing token will not be sent for future requests to the Resource Server, and a
+	 * new token is retrieved from Authorization Server and used for future requests to
+	 * the Resource Server.
+	 * </p>
 	 * @param clientRegistrationRepository the repository of client registrations
 	 * @param authorizedClientRepository the repository of authorized clients
 	 */
-	public ServerOAuth2AuthorizedClientExchangeFilterFunction(ReactiveClientRegistrationRepository clientRegistrationRepository,
-																ServerOAuth2AuthorizedClientRepository authorizedClientRepository) {
+	public ServerOAuth2AuthorizedClientExchangeFilterFunction(
+			ReactiveClientRegistrationRepository clientRegistrationRepository,
+			ServerOAuth2AuthorizedClientRepository authorizedClientRepository) {
 
-		ReactiveOAuth2AuthorizationFailureHandler authorizationFailureHandler =
-				new RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler(
-						(clientRegistrationId, principal, attributes) ->
-								authorizedClientRepository.removeAuthorizedClient(clientRegistrationId, principal,
-										(ServerWebExchange) attributes.get(ServerWebExchange.class.getName())));
+		ReactiveOAuth2AuthorizationFailureHandler authorizationFailureHandler = new RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler(
+				(clientRegistrationId, principal, attributes) -> authorizedClientRepository.removeAuthorizedClient(
+						clientRegistrationId, principal,
+						(ServerWebExchange) attributes.get(ServerWebExchange.class.getName())));
 
-		this.authorizedClientManager = createDefaultAuthorizedClientManager(
-				clientRegistrationRepository,
-				authorizedClientRepository,
-				authorizationFailureHandler);
+		this.authorizedClientManager = createDefaultAuthorizedClientManager(clientRegistrationRepository,
+				authorizedClientRepository, authorizationFailureHandler);
 		this.clientResponseHandler = new AuthorizationFailureForwarder(authorizationFailureHandler);
 		this.defaultAuthorizedClientManager = true;
 	}
@@ -210,32 +232,27 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements
 
 		// gh-7544
 		if (authorizedClientRepository instanceof UnAuthenticatedServerOAuth2AuthorizedClientRepository) {
-			UnAuthenticatedReactiveOAuth2AuthorizedClientManager unauthenticatedAuthorizedClientManager =
-					new UnAuthenticatedReactiveOAuth2AuthorizedClientManager(
-							clientRegistrationRepository,
-							(UnAuthenticatedServerOAuth2AuthorizedClientRepository) authorizedClientRepository,
-							authorizationFailureHandler);
-			unauthenticatedAuthorizedClientManager.setAuthorizedClientProvider(
-					ReactiveOAuth2AuthorizedClientProviderBuilder.builder()
-							.authorizationCode()
-							.refreshToken()
-							.clientCredentials()
-							.password()
-							.build());
+			UnAuthenticatedReactiveOAuth2AuthorizedClientManager unauthenticatedAuthorizedClientManager = new UnAuthenticatedReactiveOAuth2AuthorizedClientManager(
+					clientRegistrationRepository,
+					(UnAuthenticatedServerOAuth2AuthorizedClientRepository) authorizedClientRepository,
+					authorizationFailureHandler);
+			unauthenticatedAuthorizedClientManager
+					.setAuthorizedClientProvider(ReactiveOAuth2AuthorizedClientProviderBuilder.builder()
+							.authorizationCode().refreshToken().clientCredentials().password().build());
 			return unauthenticatedAuthorizedClientManager;
 		}
 
-		DefaultReactiveOAuth2AuthorizedClientManager authorizedClientManager =
-				new DefaultReactiveOAuth2AuthorizedClientManager(
-						clientRegistrationRepository, authorizedClientRepository);
+		DefaultReactiveOAuth2AuthorizedClientManager authorizedClientManager = new DefaultReactiveOAuth2AuthorizedClientManager(
+				clientRegistrationRepository, authorizedClientRepository);
 		authorizedClientManager.setAuthorizationFailureHandler(authorizationFailureHandler);
 
 		return authorizedClientManager;
 	}
 
 	/**
-	 * Modifies the {@link ClientRequest#attributes()} to include the {@link OAuth2AuthorizedClient} to be used for
-	 * providing the Bearer Token. Example usage:
+	 * Modifies the {@link ClientRequest#attributes()} to include the
+	 * {@link OAuth2AuthorizedClient} to be used for providing the Bearer Token. Example
+	 * usage:
 	 *
 	 * <pre>
 	 * WebClient webClient = WebClient.builder()
@@ -257,11 +274,10 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements
 	 * <li>A refresh token is present on the OAuth2AuthorizedClient</li>
 	 * <li>The access token will be expired in
 	 * {@link #setAccessTokenExpiresSkew(Duration)}</li>
-	 * <li>The {@link ReactiveSecurityContextHolder} will be used to attempt to save
-	 * the token. If it is empty, then the principal name on the OAuth2AuthorizedClient
-	 * will be used to create an Authentication for saving.</li>
+	 * <li>The {@link ReactiveSecurityContextHolder} will be used to attempt to save the
+	 * token. If it is empty, then the principal name on the OAuth2AuthorizedClient will
+	 * be used to create an Authentication for saving.</li>
 	 * </ul>
-	 *
 	 * @param authorizedClient the {@link OAuth2AuthorizedClient} to use.
 	 * @return the {@link Consumer} to populate the
 	 */
@@ -274,8 +290,8 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements
 	}
 
 	/**
-	 * Modifies the {@link ClientRequest#attributes()} to include the {@link ServerWebExchange} to be used for
-	 * providing the Bearer Token. Example usage:
+	 * Modifies the {@link ClientRequest#attributes()} to include the
+	 * {@link ServerWebExchange} to be used for providing the Bearer Token. Example usage:
 	 *
 	 * <pre>
 	 * WebClient webClient = WebClient.builder()
@@ -301,9 +317,9 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements
 	}
 
 	/**
-	 * Modifies the {@link ClientRequest#attributes()} to include the {@link ClientRegistration#getRegistrationId()} to
-	 * be used to look up the {@link OAuth2AuthorizedClient}.
-	 *
+	 * Modifies the {@link ClientRequest#attributes()} to include the
+	 * {@link ClientRegistration#getRegistrationId()} to be used to look up the
+	 * {@link OAuth2AuthorizedClient}.
 	 * @param clientRegistrationId the {@link ClientRegistration#getRegistrationId()} to
 	 * be used to look up the {@link OAuth2AuthorizedClient}.
 	 * @return the {@link Consumer} to populate the attributes
@@ -321,19 +337,21 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements
 	}
 
 	/**
-	 * If true, a default {@link OAuth2AuthorizedClient} can be discovered from the current Authentication. It is
-	 * recommended to be cautious with this feature since all HTTP requests will receive the access token if it can be
-	 * resolved from the current Authentication.
-	 * @param defaultOAuth2AuthorizedClient true if a default {@link OAuth2AuthorizedClient} should be used, else false.
-	 *                                      Default is false.
+	 * If true, a default {@link OAuth2AuthorizedClient} can be discovered from the
+	 * current Authentication. It is recommended to be cautious with this feature since
+	 * all HTTP requests will receive the access token if it can be resolved from the
+	 * current Authentication.
+	 * @param defaultOAuth2AuthorizedClient true if a default
+	 * {@link OAuth2AuthorizedClient} should be used, else false. Default is false.
 	 */
 	public void setDefaultOAuth2AuthorizedClient(boolean defaultOAuth2AuthorizedClient) {
 		this.defaultOAuth2AuthorizedClient = defaultOAuth2AuthorizedClient;
 	}
 
 	/**
-	 * If set, will be used as the default {@link ClientRegistration#getRegistrationId()}. It is
-	 * recommended to be cautious with this feature since all HTTP requests will receive the access token.
+	 * If set, will be used as the default {@link ClientRegistration#getRegistrationId()}.
+	 * It is recommended to be cautious with this feature since all HTTP requests will
+	 * receive the access token.
 	 * @param clientRegistrationId the id to use
 	 */
 	public void setDefaultClientRegistrationId(String clientRegistrationId) {
@@ -341,41 +359,48 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements
 	}
 
 	/**
-	 * Sets the {@link ReactiveOAuth2AccessTokenResponseClient} used for getting an {@link OAuth2AuthorizedClient} for the client_credentials grant.
-	 *
-	 * @deprecated Use {@link #ServerOAuth2AuthorizedClientExchangeFilterFunction(ReactiveOAuth2AuthorizedClientManager)} instead.
-	 * 				Create an instance of {@link ClientCredentialsReactiveOAuth2AuthorizedClientProvider} configured with a
-	 * 				{@link ClientCredentialsReactiveOAuth2AuthorizedClientProvider#setAccessTokenResponseClient(ReactiveOAuth2AccessTokenResponseClient) WebClientReactiveClientCredentialsTokenResponseClient}
-	 * 				(or a custom one) and than supply it to {@link DefaultReactiveOAuth2AuthorizedClientManager#setAuthorizedClientProvider(ReactiveOAuth2AuthorizedClientProvider) DefaultReactiveOAuth2AuthorizedClientManager}.
-	 *
+	 * Sets the {@link ReactiveOAuth2AccessTokenResponseClient} used for getting an
+	 * {@link OAuth2AuthorizedClient} for the client_credentials grant.
+	 * @deprecated Use
+	 * {@link #ServerOAuth2AuthorizedClientExchangeFilterFunction(ReactiveOAuth2AuthorizedClientManager)}
+	 * instead. Create an instance of
+	 * {@link ClientCredentialsReactiveOAuth2AuthorizedClientProvider} configured with a
+	 * {@link ClientCredentialsReactiveOAuth2AuthorizedClientProvider#setAccessTokenResponseClient(ReactiveOAuth2AccessTokenResponseClient)
+	 * WebClientReactiveClientCredentialsTokenResponseClient} (or a custom one) and than
+	 * supply it to
+	 * {@link DefaultReactiveOAuth2AuthorizedClientManager#setAuthorizedClientProvider(ReactiveOAuth2AuthorizedClientProvider)
+	 * DefaultReactiveOAuth2AuthorizedClientManager}.
 	 * @param clientCredentialsTokenResponseClient the client to use
 	 */
 	@Deprecated
 	public void setClientCredentialsTokenResponseClient(
 			ReactiveOAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest> clientCredentialsTokenResponseClient) {
 		Assert.notNull(clientCredentialsTokenResponseClient, "clientCredentialsTokenResponseClient cannot be null");
-		Assert.state(this.defaultAuthorizedClientManager, "The client cannot be set when the constructor used is \"ServerOAuth2AuthorizedClientExchangeFilterFunction(ReactiveOAuth2AuthorizedClientManager)\". " +
-				"Instead, use the constructor \"ServerOAuth2AuthorizedClientExchangeFilterFunction(ClientRegistrationRepository, OAuth2AuthorizedClientRepository)\".");
+		Assert.state(this.defaultAuthorizedClientManager,
+				"The client cannot be set when the constructor used is \"ServerOAuth2AuthorizedClientExchangeFilterFunction(ReactiveOAuth2AuthorizedClientManager)\". "
+						+ "Instead, use the constructor \"ServerOAuth2AuthorizedClientExchangeFilterFunction(ClientRegistrationRepository, OAuth2AuthorizedClientRepository)\".");
 		this.clientCredentialsTokenResponseClient = clientCredentialsTokenResponseClient;
 		updateDefaultAuthorizedClientManager();
 	}
 
 	private void updateDefaultAuthorizedClientManager() {
-		ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider =
-				ReactiveOAuth2AuthorizedClientProviderBuilder.builder()
-						.authorizationCode()
-						.refreshToken(configurer -> configurer.clockSkew(this.accessTokenExpiresSkew))
-						.clientCredentials(this::updateClientCredentialsProvider)
-						.password(configurer -> configurer.clockSkew(this.accessTokenExpiresSkew))
-						.build();
+		ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider = ReactiveOAuth2AuthorizedClientProviderBuilder
+				.builder().authorizationCode()
+				.refreshToken(configurer -> configurer.clockSkew(this.accessTokenExpiresSkew))
+				.clientCredentials(this::updateClientCredentialsProvider)
+				.password(configurer -> configurer.clockSkew(this.accessTokenExpiresSkew)).build();
 		if (this.authorizedClientManager instanceof UnAuthenticatedReactiveOAuth2AuthorizedClientManager) {
-			((UnAuthenticatedReactiveOAuth2AuthorizedClientManager) this.authorizedClientManager).setAuthorizedClientProvider(authorizedClientProvider);
-		} else {
-			((DefaultReactiveOAuth2AuthorizedClientManager) this.authorizedClientManager).setAuthorizedClientProvider(authorizedClientProvider);
+			((UnAuthenticatedReactiveOAuth2AuthorizedClientManager) this.authorizedClientManager)
+					.setAuthorizedClientProvider(authorizedClientProvider);
+		}
+		else {
+			((DefaultReactiveOAuth2AuthorizedClientManager) this.authorizedClientManager)
+					.setAuthorizedClientProvider(authorizedClientProvider);
 		}
 	}
 
-	private void updateClientCredentialsProvider(ReactiveOAuth2AuthorizedClientProviderBuilder.ClientCredentialsGrantBuilder builder) {
+	private void updateClientCredentialsProvider(
+			ReactiveOAuth2AuthorizedClientProviderBuilder.ClientCredentialsGrantBuilder builder) {
 		if (this.clientCredentialsTokenResponseClient != null) {
 			builder.accessTokenResponseClient(this.clientCredentialsTokenResponseClient);
 		}
@@ -385,26 +410,27 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements
 	/**
 	 * An access token will be considered expired by comparing its expiration to now +
 	 * this skewed Duration. The default is 1 minute.
-	 *
-	 * @deprecated The {@code accessTokenExpiresSkew} should be configured with the specific {@link ReactiveOAuth2AuthorizedClientProvider} implementation,
-	 * 				e.g. {@link ClientCredentialsReactiveOAuth2AuthorizedClientProvider#setClockSkew(Duration) ClientCredentialsReactiveOAuth2AuthorizedClientProvider} or
-	 * 				{@link RefreshTokenReactiveOAuth2AuthorizedClientProvider#setClockSkew(Duration) RefreshTokenReactiveOAuth2AuthorizedClientProvider}.
-	 *
+	 * @deprecated The {@code accessTokenExpiresSkew} should be configured with the
+	 * specific {@link ReactiveOAuth2AuthorizedClientProvider} implementation, e.g.
+	 * {@link ClientCredentialsReactiveOAuth2AuthorizedClientProvider#setClockSkew(Duration)
+	 * ClientCredentialsReactiveOAuth2AuthorizedClientProvider} or
+	 * {@link RefreshTokenReactiveOAuth2AuthorizedClientProvider#setClockSkew(Duration)
+	 * RefreshTokenReactiveOAuth2AuthorizedClientProvider}.
 	 * @param accessTokenExpiresSkew the Duration to use.
 	 */
 	@Deprecated
 	public void setAccessTokenExpiresSkew(Duration accessTokenExpiresSkew) {
 		Assert.notNull(accessTokenExpiresSkew, "accessTokenExpiresSkew cannot be null");
-		Assert.state(this.defaultAuthorizedClientManager, "The accessTokenExpiresSkew cannot be set when the constructor used is \"ServerOAuth2AuthorizedClientExchangeFilterFunction(ReactiveOAuth2AuthorizedClientManager)\". " +
-				"Instead, use the constructor \"ServerOAuth2AuthorizedClientExchangeFilterFunction(ClientRegistrationRepository, OAuth2AuthorizedClientRepository)\".");
+		Assert.state(this.defaultAuthorizedClientManager,
+				"The accessTokenExpiresSkew cannot be set when the constructor used is \"ServerOAuth2AuthorizedClientExchangeFilterFunction(ReactiveOAuth2AuthorizedClientManager)\". "
+						+ "Instead, use the constructor \"ServerOAuth2AuthorizedClientExchangeFilterFunction(ClientRegistrationRepository, OAuth2AuthorizedClientRepository)\".");
 		this.accessTokenExpiresSkew = accessTokenExpiresSkew;
 		updateDefaultAuthorizedClientManager();
 	}
 
 	@Override
 	public Mono<ClientResponse> filter(ClientRequest request, ExchangeFunction next) {
-		return authorizedClient(request)
-				.map(authorizedClient -> bearer(request, authorizedClient))
+		return authorizedClient(request).map(authorizedClient -> bearer(request, authorizedClient))
 				.flatMap(requestWithBearer -> exchangeAndHandleResponse(requestWithBearer, next))
 				.switchIfEmpty(Mono.defer(() -> exchangeAndHandleResponse(request, next)));
 	}
@@ -417,10 +443,10 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements
 	private Mono<OAuth2AuthorizedClient> authorizedClient(ClientRequest request) {
 		OAuth2AuthorizedClient authorizedClientFromAttrs = oauth2AuthorizedClient(request);
 		return Mono.justOrEmpty(authorizedClientFromAttrs)
-				.switchIfEmpty(Mono.defer(() ->
-						authorizeRequest(request).flatMap(this.authorizedClientManager::authorize)))
-				.flatMap(authorizedClient ->
-						reauthorizeRequest(request, authorizedClient).flatMap(this.authorizedClientManager::authorize));
+				.switchIfEmpty(
+						Mono.defer(() -> authorizeRequest(request).flatMap(this.authorizedClientManager::authorize)))
+				.flatMap(authorizedClient -> reauthorizeRequest(request, authorizedClient)
+						.flatMap(this.authorizedClientManager::authorize));
 	}
 
 	private Mono<OAuth2AuthorizeRequest> authorizeRequest(ClientRequest request) {
@@ -428,21 +454,20 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements
 
 		Mono<Optional<ServerWebExchange>> serverWebExchange = effectiveServerWebExchange(request);
 
-		return Mono.zip(clientRegistrationId, this.currentAuthenticationMono, serverWebExchange)
-				.map(t3 -> {
-					OAuth2AuthorizeRequest.Builder builder = OAuth2AuthorizeRequest.withClientRegistrationId(t3.getT1()).principal(t3.getT2());
-					t3.getT3().ifPresent(exchange -> builder.attribute(ServerWebExchange.class.getName(), exchange));
-					return builder.build();
-				});
+		return Mono.zip(clientRegistrationId, this.currentAuthenticationMono, serverWebExchange).map(t3 -> {
+			OAuth2AuthorizeRequest.Builder builder = OAuth2AuthorizeRequest.withClientRegistrationId(t3.getT1())
+					.principal(t3.getT2());
+			t3.getT3().ifPresent(exchange -> builder.attribute(ServerWebExchange.class.getName(), exchange));
+			return builder.build();
+		});
 	}
 
 	/**
-	 * Returns a {@link Mono} the emits the {@code clientRegistrationId}
-	 * that is active for the given request.
-	 *
+	 * Returns a {@link Mono} the emits the {@code clientRegistrationId} that is active
+	 * for the given request.
 	 * @param request the request for which to retrieve the {@code clientRegistrationId}
-	 * @return a mono that emits the {@code clientRegistrationId}
-	 * 	       that is active for the given request.
+	 * @return a mono that emits the {@code clientRegistrationId} that is active for the
+	 * given request.
 	 */
 	private Mono<String> effectiveClientRegistrationId(ClientRequest request) {
 		return Mono.justOrEmpty(clientRegistrationId(request))
@@ -451,53 +476,57 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements
 	}
 
 	/**
-	 * Returns a {@link Mono} that emits an {@link Optional} for the {@link ServerWebExchange}
-	 * that is active for the given request.
-	 *
-	 * <p>The returned {@link Mono} will never complete empty.
-	 * Instead, it will emit an empty {@link Optional} if no exchange is active.</p>
+	 * Returns a {@link Mono} that emits an {@link Optional} for the
+	 * {@link ServerWebExchange} that is active for the given request.
 	 *
+	 * <p>
+	 * The returned {@link Mono} will never complete empty. Instead, it will emit an empty
+	 * {@link Optional} if no exchange is active.
+	 * </p>
 	 * @param request the request for which to retrieve the exchange
-	 * @return a {@link Mono} that emits an {@link Optional} for the {@link ServerWebExchange}
-	 * 	       that is active for the given request.
+	 * @return a {@link Mono} that emits an {@link Optional} for the
+	 * {@link ServerWebExchange} that is active for the given request.
 	 */
 	private Mono<Optional<ServerWebExchange>> effectiveServerWebExchange(ClientRequest request) {
-		return Mono.justOrEmpty(serverWebExchange(request))
-				.switchIfEmpty(currentServerWebExchangeMono)
-				.map(Optional::of)
-				.defaultIfEmpty(Optional.empty());
+		return Mono.justOrEmpty(serverWebExchange(request)).switchIfEmpty(currentServerWebExchangeMono)
+				.map(Optional::of).defaultIfEmpty(Optional.empty());
 	}
 
-	private Mono<OAuth2AuthorizeRequest> reauthorizeRequest(ClientRequest request, OAuth2AuthorizedClient authorizedClient) {
+	private Mono<OAuth2AuthorizeRequest> reauthorizeRequest(ClientRequest request,
+			OAuth2AuthorizedClient authorizedClient) {
 		Mono<Optional<ServerWebExchange>> serverWebExchange = effectiveServerWebExchange(request);
 
-		return Mono.zip(this.currentAuthenticationMono, serverWebExchange)
-				.map(t2 -> {
-					OAuth2AuthorizeRequest.Builder builder = OAuth2AuthorizeRequest.withAuthorizedClient(authorizedClient).principal(t2.getT1());
-					t2.getT2().ifPresent(exchange -> builder.attribute(ServerWebExchange.class.getName(), exchange));
-					return builder.build();
-				});
+		return Mono.zip(this.currentAuthenticationMono, serverWebExchange).map(t2 -> {
+			OAuth2AuthorizeRequest.Builder builder = OAuth2AuthorizeRequest.withAuthorizedClient(authorizedClient)
+					.principal(t2.getT1());
+			t2.getT2().ifPresent(exchange -> builder.attribute(ServerWebExchange.class.getName(), exchange));
+			return builder.build();
+		});
 	}
 
 	private ClientRequest bearer(ClientRequest request, OAuth2AuthorizedClient authorizedClient) {
 		return ClientRequest.from(request)
-					.headers(headers -> headers.setBearerAuth(authorizedClient.getAccessToken().getTokenValue()))
-					.build();
+				.headers(headers -> headers.setBearerAuth(authorizedClient.getAccessToken().getTokenValue())).build();
 	}
 
 	/**
-	 * Sets the handler that handles authentication and authorization failures when communicating
-	 * to the OAuth 2.0 Resource Server.
+	 * Sets the handler that handles authentication and authorization failures when
+	 * communicating to the OAuth 2.0 Resource Server.
 	 *
-	 * <p>For example, a {@link RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler}
-	 * is typically used to remove the cached {@link OAuth2AuthorizedClient},
-	 * so that the same token is no longer used in future requests to the Resource Server.</p>
+	 * <p>
+	 * For example, a
+	 * {@link RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler} is
+	 * typically used to remove the cached {@link OAuth2AuthorizedClient}, so that the
+	 * same token is no longer used in future requests to the Resource Server.
+	 * </p>
 	 *
-	 * <p>The failure handler used by default depends on which constructor was used
-	 * to construct this {@link ServerOAuth2AuthorizedClientExchangeFilterFunction}.
-	 * See the constructors for more details.</p>
-	 *
-	 * @param authorizationFailureHandler the handler that handles authentication and authorization failures.
+	 * <p>
+	 * The failure handler used by default depends on which constructor was used to
+	 * construct this {@link ServerOAuth2AuthorizedClientExchangeFilterFunction}. See the
+	 * constructors for more details.
+	 * </p>
+	 * @param authorizationFailureHandler the handler that handles authentication and
+	 * authorization failures.
 	 * @since 5.3
 	 */
 	public void setAuthorizationFailureHandler(ReactiveOAuth2AuthorizationFailureHandler authorizationFailureHandler) {
@@ -505,11 +534,17 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements
 		this.clientResponseHandler = new AuthorizationFailureForwarder(authorizationFailureHandler);
 	}
 
-	private static class UnAuthenticatedReactiveOAuth2AuthorizedClientManager implements ReactiveOAuth2AuthorizedClientManager {
+	private static class UnAuthenticatedReactiveOAuth2AuthorizedClientManager
+			implements ReactiveOAuth2AuthorizedClientManager {
+
 		private final ReactiveClientRegistrationRepository clientRegistrationRepository;
+
 		private final UnAuthenticatedServerOAuth2AuthorizedClientRepository authorizedClientRepository;
+
 		private final ReactiveOAuth2AuthorizationSuccessHandler authorizationSuccessHandler;
+
 		private final ReactiveOAuth2AuthorizationFailureHandler authorizationFailureHandler;
+
 		private ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider;
 
 		private UnAuthenticatedReactiveOAuth2AuthorizedClientManager(
@@ -518,8 +553,8 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements
 				ReactiveOAuth2AuthorizationFailureHandler authorizationFailureHandler) {
 			this.clientRegistrationRepository = clientRegistrationRepository;
 			this.authorizedClientRepository = authorizedClientRepository;
-			this.authorizationSuccessHandler = (authorizedClient, principal, attributes) ->
-					authorizedClientRepository.saveAuthorizedClient(authorizedClient, principal, null);
+			this.authorizationSuccessHandler = (authorizedClient, principal, attributes) -> authorizedClientRepository
+					.saveAuthorizedClient(authorizedClient, principal, null);
 			this.authorizationFailureHandler = authorizationFailureHandler;
 		}
 
@@ -530,60 +565,61 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements
 			String clientRegistrationId = authorizeRequest.getClientRegistrationId();
 			Authentication principal = authorizeRequest.getPrincipal();
 
-			return Mono.justOrEmpty(authorizeRequest.getAuthorizedClient())
-					.switchIfEmpty(Mono.defer(() -> this.authorizedClientRepository.loadAuthorizedClient(clientRegistrationId, principal, null)))
+			return Mono.justOrEmpty(authorizeRequest.getAuthorizedClient()).switchIfEmpty(Mono.defer(
+					() -> this.authorizedClientRepository.loadAuthorizedClient(clientRegistrationId, principal, null)))
 					.flatMap(authorizedClient -> {
 						// Re-authorize
-						return Mono.just(OAuth2AuthorizationContext.withAuthorizedClient(authorizedClient).principal(principal).build())
+						return Mono
+								.just(OAuth2AuthorizationContext.withAuthorizedClient(authorizedClient)
+										.principal(principal).build())
 								.flatMap(authorizationContext -> authorize(authorizationContext, principal))
-								// Default to the existing authorizedClient if the client was not re-authorized
-								.defaultIfEmpty(authorizeRequest.getAuthorizedClient() != null ?
-										authorizeRequest.getAuthorizedClient() : authorizedClient);
-					})
-					.switchIfEmpty(Mono.defer(() ->
-						// Authorize
-						this.clientRegistrationRepository.findByRegistrationId(clientRegistrationId)
-								.switchIfEmpty(Mono.error(() -> new IllegalArgumentException(
-										"Could not find ClientRegistration with id '" + clientRegistrationId + "'")))
-								.flatMap(clientRegistration -> Mono.just(OAuth2AuthorizationContext.withClientRegistration(clientRegistration).principal(principal).build()))
-								.flatMap(authorizationContext -> authorize(authorizationContext, principal))
-					));
+								// Default to the existing authorizedClient if the client
+								// was not re-authorized
+								.defaultIfEmpty(authorizeRequest.getAuthorizedClient() != null
+										? authorizeRequest.getAuthorizedClient() : authorizedClient);
+					}).switchIfEmpty(Mono.defer(() ->
+					// Authorize
+					this.clientRegistrationRepository.findByRegistrationId(clientRegistrationId)
+							.switchIfEmpty(Mono.error(() -> new IllegalArgumentException(
+									"Could not find ClientRegistration with id '" + clientRegistrationId + "'")))
+							.flatMap(clientRegistration -> Mono.just(OAuth2AuthorizationContext
+									.withClientRegistration(clientRegistration).principal(principal).build()))
+							.flatMap(authorizationContext -> authorize(authorizationContext, principal))));
 		}
 
 		/**
-		 * Performs authorization and then delegates to either the {@link #authorizationSuccessHandler}
-		 * or {@link #authorizationFailureHandler}, depending on the authorization result.
-		 *
+		 * Performs authorization and then delegates to either the
+		 * {@link #authorizationSuccessHandler} or {@link #authorizationFailureHandler},
+		 * depending on the authorization result.
 		 * @param authorizationContext the context to authorize
 		 * @param principal the principle to authorize
-		 * @return a {@link Mono} that emits the authorized client after the authorization attempt succeeds
-		 *         and the {@link #authorizationSuccessHandler} has completed,
-		 *         or completes with an exception after the authorization attempt fails
-		 *         and the {@link #authorizationFailureHandler} has completed
+		 * @return a {@link Mono} that emits the authorized client after the authorization
+		 * attempt succeeds and the {@link #authorizationSuccessHandler} has completed, or
+		 * completes with an exception after the authorization attempt fails and the
+		 * {@link #authorizationFailureHandler} has completed
 		 */
-		private Mono<OAuth2AuthorizedClient> authorize(
-				OAuth2AuthorizationContext authorizationContext,
+		private Mono<OAuth2AuthorizedClient> authorize(OAuth2AuthorizationContext authorizationContext,
 				Authentication principal) {
 
 			return this.authorizedClientProvider.authorize(authorizationContext)
-					// Delegates to the authorizationSuccessHandler of the successful authorization
-					.flatMap(authorizedClient -> this.authorizationSuccessHandler.onAuthorizationSuccess(
-									authorizedClient,
-									principal,
-									Collections.emptyMap())
+					// Delegates to the authorizationSuccessHandler of the successful
+					// authorization
+					.flatMap(authorizedClient -> this.authorizationSuccessHandler
+							.onAuthorizationSuccess(authorizedClient, principal, Collections.emptyMap())
 							.thenReturn(authorizedClient))
-					// Delegates to  the authorizationFailureHandler of the failed authorization
-					.onErrorResume(OAuth2AuthorizationException.class, authorizationException -> this.authorizationFailureHandler.onAuthorizationFailure(
-									authorizationException,
-									principal,
-									Collections.emptyMap())
-							.then(Mono.error(authorizationException)));
+					// Delegates to the authorizationFailureHandler of the failed
+					// authorization
+					.onErrorResume(OAuth2AuthorizationException.class,
+							authorizationException -> this.authorizationFailureHandler
+									.onAuthorizationFailure(authorizationException, principal, Collections.emptyMap())
+									.then(Mono.error(authorizationException)));
 		}
 
 		private void setAuthorizedClientProvider(ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider) {
 			Assert.notNull(authorizedClientProvider, "authorizedClientProvider cannot be null");
 			this.authorizedClientProvider = authorizedClientProvider;
 		}
+
 	}
 
 	/**
@@ -595,15 +631,14 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements
 	private class AuthorizationFailureForwarder implements ClientResponseHandler {
 
 		/**
-		 * A map of HTTP Status Code to OAuth 2.0 Error codes for
-		 * HTTP status codes that should be interpreted as
-		 * authentication or authorization failures.
+		 * A map of HTTP Status Code to OAuth 2.0 Error codes for HTTP status codes that
+		 * should be interpreted as authentication or authorization failures.
 		 */
 		private final Map<Integer, String> httpStatusToOAuth2ErrorCodeMap;
 
 		/**
-		 * The {@link ReactiveOAuth2AuthorizationFailureHandler} to notify
-		 * when an authentication/authorization failure occurs.
+		 * The {@link ReactiveOAuth2AuthorizationFailureHandler} to notify when an
+		 * authentication/authorization failure occurs.
 		 */
 		private final ReactiveOAuth2AuthorizationFailureHandler authorizationFailureHandler;
 
@@ -619,30 +654,26 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements
 
 		@Override
 		public Mono<ClientResponse> handleResponse(ClientRequest request, Mono<ClientResponse> responseMono) {
-			return responseMono
-				.flatMap(response -> handleResponse(request, response)
-						.thenReturn(response))
-				.onErrorResume(WebClientResponseException.class, e -> handleWebClientResponseException(request, e)
-						.then(Mono.error(e)))
-				.onErrorResume(OAuth2AuthorizationException.class, e -> handleAuthorizationException(request, e)
-						.then(Mono.error(e)));
+			return responseMono.flatMap(response -> handleResponse(request, response).thenReturn(response))
+					.onErrorResume(WebClientResponseException.class,
+							e -> handleWebClientResponseException(request, e).then(Mono.error(e)))
+					.onErrorResume(OAuth2AuthorizationException.class,
+							e -> handleAuthorizationException(request, e).then(Mono.error(e)));
 		}
 
 		private Mono<Void> handleResponse(ClientRequest request, ClientResponse response) {
-			return Mono.justOrEmpty(resolveErrorIfPossible(response))
-					.flatMap(oauth2Error -> {
-						Mono<Optional<ServerWebExchange>> serverWebExchange = effectiveServerWebExchange(request);
+			return Mono.justOrEmpty(resolveErrorIfPossible(response)).flatMap(oauth2Error -> {
+				Mono<Optional<ServerWebExchange>> serverWebExchange = effectiveServerWebExchange(request);
 
-						Mono<String> clientRegistrationId = effectiveClientRegistrationId(request);
+				Mono<String> clientRegistrationId = effectiveClientRegistrationId(request);
 
-						return Mono.zip(currentAuthenticationMono, serverWebExchange, clientRegistrationId)
-								.flatMap(tuple3 -> handleAuthorizationFailure(
-										tuple3.getT1(),              // Authentication principal
-										tuple3.getT2().orElse(null), // ServerWebExchange exchange
-										new ClientAuthorizationException(
-												oauth2Error,
-												tuple3.getT3())));      // String clientRegistrationId
-					});
+				return Mono.zip(currentAuthenticationMono, serverWebExchange, clientRegistrationId)
+						.flatMap(tuple3 -> handleAuthorizationFailure(tuple3.getT1(), // Authentication
+																						// principal
+								tuple3.getT2().orElse(null), // ServerWebExchange exchange
+								new ClientAuthorizationException(oauth2Error, tuple3.getT3()))); // String
+																									// clientRegistrationId
+			});
 		}
 
 		private OAuth2Error resolveErrorIfPossible(ClientResponse response) {
@@ -651,8 +682,7 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements
 				String wwwAuthenticateHeader = response.headers().header(HttpHeaders.WWW_AUTHENTICATE).get(0);
 				Map<String, String> authParameters = parseAuthParameters(wwwAuthenticateHeader);
 				if (authParameters.containsKey(OAuth2ParameterNames.ERROR)) {
-					return new OAuth2Error(
-							authParameters.get(OAuth2ParameterNames.ERROR),
+					return new OAuth2Error(authParameters.get(OAuth2ParameterNames.ERROR),
 							authParameters.get(OAuth2ParameterNames.ERROR_DESCRIPTION),
 							authParameters.get(OAuth2ParameterNames.ERROR_URI));
 				}
@@ -662,89 +692,77 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements
 
 		private OAuth2Error resolveErrorIfPossible(int statusCode) {
 			if (this.httpStatusToOAuth2ErrorCodeMap.containsKey(statusCode)) {
-				return new OAuth2Error(
-						this.httpStatusToOAuth2ErrorCodeMap.get(statusCode),
-						null,
+				return new OAuth2Error(this.httpStatusToOAuth2ErrorCodeMap.get(statusCode), null,
 						"https://tools.ietf.org/html/rfc6750#section-3.1");
 			}
 			return null;
 		}
 
 		private Map<String, String> parseAuthParameters(String wwwAuthenticateHeader) {
-			return Stream.of(wwwAuthenticateHeader)
-					.filter(header -> !StringUtils.isEmpty(header))
+			return Stream.of(wwwAuthenticateHeader).filter(header -> !StringUtils.isEmpty(header))
 					.filter(header -> header.toLowerCase().startsWith("bearer"))
-					.map(header -> header.substring("bearer".length()))
-					.map(header -> header.split(","))
-					.flatMap(Stream::of)
-					.map(parameter -> parameter.split("="))
-					.filter(parameter -> parameter.length > 1)
-					.collect(Collectors.toMap(
-							parameters -> parameters[0].trim(),
-							parameters -> parameters[1].trim().replace("\"", "")));
+					.map(header -> header.substring("bearer".length())).map(header -> header.split(","))
+					.flatMap(Stream::of).map(parameter -> parameter.split("="))
+					.filter(parameter -> parameter.length > 1).collect(Collectors.toMap(
+							parameters -> parameters[0].trim(), parameters -> parameters[1].trim().replace("\"", "")));
 		}
 
 		/**
-		 * Handles the given http status code returned from a resource server
-		 * by notifying the authorization failure handler if the http status
-		 * code is in the {@link #httpStatusToOAuth2ErrorCodeMap}.
-		 *
+		 * Handles the given http status code returned from a resource server by notifying
+		 * the authorization failure handler if the http status code is in the
+		 * {@link #httpStatusToOAuth2ErrorCodeMap}.
 		 * @param request the request being processed
 		 * @param exception The root cause exception for the failure
-		 * @return a {@link Mono} that completes empty after the authorization failure handler completes.
+		 * @return a {@link Mono} that completes empty after the authorization failure
+		 * handler completes.
 		 */
-		private Mono<Void> handleWebClientResponseException(ClientRequest request, WebClientResponseException exception) {
-			return Mono.justOrEmpty(resolveErrorIfPossible(exception.getRawStatusCode()))
-					.flatMap(oauth2Error -> {
-						Mono<Optional<ServerWebExchange>> serverWebExchange = effectiveServerWebExchange(request);
+		private Mono<Void> handleWebClientResponseException(ClientRequest request,
+				WebClientResponseException exception) {
+			return Mono.justOrEmpty(resolveErrorIfPossible(exception.getRawStatusCode())).flatMap(oauth2Error -> {
+				Mono<Optional<ServerWebExchange>> serverWebExchange = effectiveServerWebExchange(request);
 
-						Mono<String> clientRegistrationId = effectiveClientRegistrationId(request);
+				Mono<String> clientRegistrationId = effectiveClientRegistrationId(request);
 
-						return Mono.zip(currentAuthenticationMono, serverWebExchange, clientRegistrationId)
-								.flatMap(tuple3 -> handleAuthorizationFailure(
-										tuple3.getT1(),              // Authentication principal
-										tuple3.getT2().orElse(null), // ServerWebExchange exchange
-										new ClientAuthorizationException(
-												oauth2Error,
-												tuple3.getT3(),      // String clientRegistrationId
-												exception)));
-					});
+				return Mono.zip(currentAuthenticationMono, serverWebExchange, clientRegistrationId)
+						.flatMap(tuple3 -> handleAuthorizationFailure(tuple3.getT1(), // Authentication
+																						// principal
+								tuple3.getT2().orElse(null), // ServerWebExchange exchange
+								new ClientAuthorizationException(oauth2Error, tuple3.getT3(), // String
+																								// clientRegistrationId
+										exception)));
+			});
 		}
 
 		/**
-		 * Handles the given OAuth2AuthorizationException that occurred downstream
-		 * by notifying the authorization failure handler.
-		 *
+		 * Handles the given OAuth2AuthorizationException that occurred downstream by
+		 * notifying the authorization failure handler.
 		 * @param request the request being processed
 		 * @param exception the authorization exception to include in the failure event.
-		 * @return a {@link Mono} that completes empty after the authorization failure handler completes.
+		 * @return a {@link Mono} that completes empty after the authorization failure
+		 * handler completes.
 		 */
 		private Mono<Void> handleAuthorizationException(ClientRequest request, OAuth2AuthorizationException exception) {
 			Mono<Optional<ServerWebExchange>> serverWebExchange = effectiveServerWebExchange(request);
 
 			return Mono.zip(currentAuthenticationMono, serverWebExchange)
-					.flatMap(tuple2 -> handleAuthorizationFailure(
-							tuple2.getT1(),              // Authentication principal
+					.flatMap(tuple2 -> handleAuthorizationFailure(tuple2.getT1(), // Authentication
+																					// principal
 							tuple2.getT2().orElse(null), // ServerWebExchange exchange
 							exception));
 		}
 
 		/**
 		 * Delegates to the authorization failure handler of the failed authorization.
-		 *
 		 * @param principal the principal associated with the failed authorization attempt
 		 * @param exchange the currently active exchange
 		 * @param exception the authorization exception to include in the failure event.
-		 * @return a {@link Mono} that completes empty after the authorization failure handler completes.
+		 * @return a {@link Mono} that completes empty after the authorization failure
+		 * handler completes.
 		 */
-		private Mono<Void> handleAuthorizationFailure(
-				Authentication principal,
-				ServerWebExchange exchange,
+		private Mono<Void> handleAuthorizationFailure(Authentication principal, ServerWebExchange exchange,
 				OAuth2AuthorizationException exception) {
 
-			return this.authorizationFailureHandler.onAuthorizationFailure(
-					exception,
-					principal,
+			return this.authorizationFailureHandler.onAuthorizationFailure(exception, principal,
 					createAttributes(exchange));
 		}
 
@@ -754,5 +772,7 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements
 			}
 			return Collections.singletonMap(ServerWebExchange.class.getName(), exchange);
 		}
+
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunction.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunction.java
index 8694121c8e..3acaede9b3 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunction.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunction.java
@@ -69,8 +69,9 @@ import java.util.stream.Collectors;
 import java.util.stream.Stream;
 
 /**
- * Provides an easy mechanism for using an {@link OAuth2AuthorizedClient} to make OAuth 2.0 requests
- * by including the {@link OAuth2AuthorizedClient#getAccessToken() access token} as a bearer token.
+ * Provides an easy mechanism for using an {@link OAuth2AuthorizedClient} to make OAuth
+ * 2.0 requests by including the {@link OAuth2AuthorizedClient#getAccessToken() access
+ * token} as a bearer token.
  *
  * <p>
  * <b>NOTE:</b>This class is intended to be used in a {@code Servlet} environment.
@@ -95,23 +96,25 @@ import java.util.stream.Stream;
  * <h3>Authentication and Authorization Failures</h3>
  *
  * <p>
- * Since 5.3, this filter function has the ability to forward authentication (HTTP 401 Unauthorized)
- * and authorization (HTTP 403 Forbidden) failures from an OAuth 2.0 Resource Server
- * to a {@link OAuth2AuthorizationFailureHandler}.
- * A {@link RemoveAuthorizedClientOAuth2AuthorizationFailureHandler} can be used
- * to remove the cached {@link OAuth2AuthorizedClient}, so that future requests will result
- * in a new token being retrieved from an Authorization Server, and sent to the Resource Server.
+ * Since 5.3, this filter function has the ability to forward authentication (HTTP 401
+ * Unauthorized) and authorization (HTTP 403 Forbidden) failures from an OAuth 2.0
+ * Resource Server to a {@link OAuth2AuthorizationFailureHandler}. A
+ * {@link RemoveAuthorizedClientOAuth2AuthorizationFailureHandler} can be used to remove
+ * the cached {@link OAuth2AuthorizedClient}, so that future requests will result in a new
+ * token being retrieved from an Authorization Server, and sent to the Resource Server.
  *
  * <p>
- * If the {@link #ServletOAuth2AuthorizedClientExchangeFilterFunction(ClientRegistrationRepository, OAuth2AuthorizedClientRepository)}
+ * If the
+ * {@link #ServletOAuth2AuthorizedClientExchangeFilterFunction(ClientRegistrationRepository, OAuth2AuthorizedClientRepository)}
  * constructor is used, a {@link RemoveAuthorizedClientOAuth2AuthorizationFailureHandler}
  * will be configured automatically.
  *
  * <p>
- * If the {@link #ServletOAuth2AuthorizedClientExchangeFilterFunction(OAuth2AuthorizedClientManager)}
+ * If the
+ * {@link #ServletOAuth2AuthorizedClientExchangeFilterFunction(OAuth2AuthorizedClientManager)}
  * constructor is used, a {@link RemoveAuthorizedClientOAuth2AuthorizationFailureHandler}
- * will <em>NOT</em> be configured automatically.
- * It is recommended that you configure one via {@link #setAuthorizationFailureHandler(OAuth2AuthorizationFailureHandler)}.
+ * will <em>NOT</em> be configured automatically. It is recommended that you configure one
+ * via {@link #setAuthorizationFailureHandler(OAuth2AuthorizationFailureHandler)}.
  *
  * @author Rob Winch
  * @author Joe Grandja
@@ -124,7 +127,8 @@ import java.util.stream.Stream;
  */
 public final class ServletOAuth2AuthorizedClientExchangeFilterFunction implements ExchangeFilterFunction {
 
-	// Same key as in SecurityReactorContextConfiguration.SecurityReactorContextSubscriber.SECURITY_CONTEXT_ATTRIBUTES
+	// Same key as in
+	// SecurityReactorContextConfiguration.SecurityReactorContextSubscriber.SECURITY_CONTEXT_ATTRIBUTES
 	static final String SECURITY_REACTOR_CONTEXT_ATTRIBUTES_KEY = "org.springframework.security.SECURITY_CONTEXT_ATTRIBUTES";
 
 	/**
@@ -132,13 +136,17 @@ public final class ServletOAuth2AuthorizedClientExchangeFilterFunction implement
 	 */
 	private static final String OAUTH2_AUTHORIZED_CLIENT_ATTR_NAME = OAuth2AuthorizedClient.class.getName();
 
-	private static final String CLIENT_REGISTRATION_ID_ATTR_NAME = OAuth2AuthorizedClient.class.getName().concat(".CLIENT_REGISTRATION_ID");
+	private static final String CLIENT_REGISTRATION_ID_ATTR_NAME = OAuth2AuthorizedClient.class.getName()
+			.concat(".CLIENT_REGISTRATION_ID");
+
 	private static final String AUTHENTICATION_ATTR_NAME = Authentication.class.getName();
+
 	private static final String HTTP_SERVLET_REQUEST_ATTR_NAME = HttpServletRequest.class.getName();
+
 	private static final String HTTP_SERVLET_RESPONSE_ATTR_NAME = HttpServletResponse.class.getName();
 
-	private static final Authentication ANONYMOUS_AUTHENTICATION = new AnonymousAuthenticationToken(
-			"anonymous", "anonymousUser", AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS"));
+	private static final Authentication ANONYMOUS_AUTHENTICATION = new AnonymousAuthenticationToken("anonymous",
+			"anonymousUser", AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS"));
 
 	@Deprecated
 	private Duration accessTokenExpiresSkew = Duration.ofMinutes(1);
@@ -158,51 +166,57 @@ public final class ServletOAuth2AuthorizedClientExchangeFilterFunction implement
 
 	@FunctionalInterface
 	private interface ClientResponseHandler {
+
 		Mono<ClientResponse> handleResponse(ClientRequest request, Mono<ClientResponse> response);
+
 	}
 
 	public ServletOAuth2AuthorizedClientExchangeFilterFunction() {
 	}
 
 	/**
-	 * Constructs a {@code ServletOAuth2AuthorizedClientExchangeFilterFunction} using the provided parameters.
+	 * Constructs a {@code ServletOAuth2AuthorizedClientExchangeFilterFunction} using the
+	 * provided parameters.
 	 *
 	 * <p>
-	 * When this constructor is used, authentication (HTTP 401) and authorization (HTTP 403)
-	 * failures returned from an OAuth 2.0 Resource Server will <em>NOT</em> be forwarded to an
-	 * {@link OAuth2AuthorizationFailureHandler}.
-	 * Therefore, future requests to the Resource Server will most likely use the same (likely invalid) token,
-	 * resulting in the same errors returned from the Resource Server.
-	 * It is recommended to configure a {@link RemoveAuthorizedClientOAuth2AuthorizationFailureHandler}
-	 * via {@link #setAuthorizationFailureHandler(OAuth2AuthorizationFailureHandler)}
-	 * so that authentication and authorization failures returned from a Resource Server
-	 * will result in removing the authorized client, so that a new token is retrieved for future requests.
+	 * When this constructor is used, authentication (HTTP 401) and authorization (HTTP
+	 * 403) failures returned from an OAuth 2.0 Resource Server will <em>NOT</em> be
+	 * forwarded to an {@link OAuth2AuthorizationFailureHandler}. Therefore, future
+	 * requests to the Resource Server will most likely use the same (likely invalid)
+	 * token, resulting in the same errors returned from the Resource Server. It is
+	 * recommended to configure a
+	 * {@link RemoveAuthorizedClientOAuth2AuthorizationFailureHandler} via
+	 * {@link #setAuthorizationFailureHandler(OAuth2AuthorizationFailureHandler)} so that
+	 * authentication and authorization failures returned from a Resource Server will
+	 * result in removing the authorized client, so that a new token is retrieved for
+	 * future requests.
 	 *
 	 * @since 5.2
-	 * @param authorizedClientManager the {@link OAuth2AuthorizedClientManager} which manages the authorized client(s)
+	 * @param authorizedClientManager the {@link OAuth2AuthorizedClientManager} which
+	 * manages the authorized client(s)
 	 */
 	public ServletOAuth2AuthorizedClientExchangeFilterFunction(OAuth2AuthorizedClientManager authorizedClientManager) {
 		Assert.notNull(authorizedClientManager, "authorizedClientManager cannot be null");
 		this.authorizedClientManager = authorizedClientManager;
-		this.clientResponseHandler =  (request, responseMono) -> responseMono;
+		this.clientResponseHandler = (request, responseMono) -> responseMono;
 	}
 
 	/**
-	 * Constructs a {@code ServletOAuth2AuthorizedClientExchangeFilterFunction} using the provided parameters.
+	 * Constructs a {@code ServletOAuth2AuthorizedClientExchangeFilterFunction} using the
+	 * provided parameters.
 	 *
 	 * <p>
-	 * Since 5.3, when this constructor is used, authentication (HTTP 401)
-	 * and authorization (HTTP 403) failures returned from an OAuth 2.0 Resource Server
-	 * will be forwarded to a {@link RemoveAuthorizedClientOAuth2AuthorizationFailureHandler},
+	 * Since 5.3, when this constructor is used, authentication (HTTP 401) and
+	 * authorization (HTTP 403) failures returned from an OAuth 2.0 Resource Server will
+	 * be forwarded to a {@link RemoveAuthorizedClientOAuth2AuthorizationFailureHandler},
 	 * which will potentially remove the {@link OAuth2AuthorizedClient} from the given
-	 * {@link OAuth2AuthorizedClientRepository}, depending on the OAuth 2.0 error code returned.
-	 * Authentication failures returned from an OAuth 2.0 Resource Server typically indicate
-	 * that the token is invalid, and should not be used in future requests.
-	 * Removing the authorized client from the repository will ensure that the existing
-	 * token will not be sent for future requests to the Resource Server,
-	 * and a new token is retrieved from the Authorization Server and used for
-	 * future requests to the Resource Server.
-	 *
+	 * {@link OAuth2AuthorizedClientRepository}, depending on the OAuth 2.0 error code
+	 * returned. Authentication failures returned from an OAuth 2.0 Resource Server
+	 * typically indicate that the token is invalid, and should not be used in future
+	 * requests. Removing the authorized client from the repository will ensure that the
+	 * existing token will not be sent for future requests to the Resource Server, and a
+	 * new token is retrieved from the Authorization Server and used for future requests
+	 * to the Resource Server.
 	 * @param clientRegistrationRepository the repository of client registrations
 	 * @param authorizedClientRepository the repository of authorized clients
 	 */
@@ -210,15 +224,13 @@ public final class ServletOAuth2AuthorizedClientExchangeFilterFunction implement
 			ClientRegistrationRepository clientRegistrationRepository,
 			OAuth2AuthorizedClientRepository authorizedClientRepository) {
 
-		OAuth2AuthorizationFailureHandler authorizationFailureHandler =
-				new RemoveAuthorizedClientOAuth2AuthorizationFailureHandler(
-						(clientRegistrationId, principal, attributes) ->
-								authorizedClientRepository.removeAuthorizedClient(clientRegistrationId, principal,
-										(HttpServletRequest) attributes.get(HttpServletRequest.class.getName()),
-										(HttpServletResponse) attributes.get(HttpServletResponse.class.getName())));
-		DefaultOAuth2AuthorizedClientManager defaultAuthorizedClientManager =
-				new DefaultOAuth2AuthorizedClientManager(
-						clientRegistrationRepository, authorizedClientRepository);
+		OAuth2AuthorizationFailureHandler authorizationFailureHandler = new RemoveAuthorizedClientOAuth2AuthorizationFailureHandler(
+				(clientRegistrationId, principal, attributes) -> authorizedClientRepository.removeAuthorizedClient(
+						clientRegistrationId, principal,
+						(HttpServletRequest) attributes.get(HttpServletRequest.class.getName()),
+						(HttpServletResponse) attributes.get(HttpServletResponse.class.getName())));
+		DefaultOAuth2AuthorizedClientManager defaultAuthorizedClientManager = new DefaultOAuth2AuthorizedClientManager(
+				clientRegistrationRepository, authorizedClientRepository);
 		defaultAuthorizedClientManager.setAuthorizationFailureHandler(authorizationFailureHandler);
 		this.authorizedClientManager = defaultAuthorizedClientManager;
 		this.defaultAuthorizedClientManager = true;
@@ -226,37 +238,41 @@ public final class ServletOAuth2AuthorizedClientExchangeFilterFunction implement
 	}
 
 	/**
-	 * Sets the {@link OAuth2AccessTokenResponseClient} used for getting an {@link OAuth2AuthorizedClient} for the client_credentials grant.
-	 *
-	 * @deprecated Use {@link #ServletOAuth2AuthorizedClientExchangeFilterFunction(OAuth2AuthorizedClientManager)} instead.
-	 * 				Create an instance of {@link ClientCredentialsOAuth2AuthorizedClientProvider} configured with a
-	 * 				{@link ClientCredentialsOAuth2AuthorizedClientProvider#setAccessTokenResponseClient(OAuth2AccessTokenResponseClient) DefaultClientCredentialsTokenResponseClient}
-	 * 				(or a custom one) and than supply it to {@link DefaultOAuth2AuthorizedClientManager#setAuthorizedClientProvider(OAuth2AuthorizedClientProvider) DefaultOAuth2AuthorizedClientManager}.
-	 *
+	 * Sets the {@link OAuth2AccessTokenResponseClient} used for getting an
+	 * {@link OAuth2AuthorizedClient} for the client_credentials grant.
+	 * @deprecated Use
+	 * {@link #ServletOAuth2AuthorizedClientExchangeFilterFunction(OAuth2AuthorizedClientManager)}
+	 * instead. Create an instance of
+	 * {@link ClientCredentialsOAuth2AuthorizedClientProvider} configured with a
+	 * {@link ClientCredentialsOAuth2AuthorizedClientProvider#setAccessTokenResponseClient(OAuth2AccessTokenResponseClient)
+	 * DefaultClientCredentialsTokenResponseClient} (or a custom one) and than supply it
+	 * to
+	 * {@link DefaultOAuth2AuthorizedClientManager#setAuthorizedClientProvider(OAuth2AuthorizedClientProvider)
+	 * DefaultOAuth2AuthorizedClientManager}.
 	 * @param clientCredentialsTokenResponseClient the client to use
 	 */
 	@Deprecated
 	public void setClientCredentialsTokenResponseClient(
 			OAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest> clientCredentialsTokenResponseClient) {
 		Assert.notNull(clientCredentialsTokenResponseClient, "clientCredentialsTokenResponseClient cannot be null");
-		Assert.state(this.defaultAuthorizedClientManager, "The client cannot be set when the constructor used is \"ServletOAuth2AuthorizedClientExchangeFilterFunction(OAuth2AuthorizedClientManager)\". " +
-				"Instead, use the constructor \"ServletOAuth2AuthorizedClientExchangeFilterFunction(ClientRegistrationRepository, OAuth2AuthorizedClientRepository)\".");
+		Assert.state(this.defaultAuthorizedClientManager,
+				"The client cannot be set when the constructor used is \"ServletOAuth2AuthorizedClientExchangeFilterFunction(OAuth2AuthorizedClientManager)\". "
+						+ "Instead, use the constructor \"ServletOAuth2AuthorizedClientExchangeFilterFunction(ClientRegistrationRepository, OAuth2AuthorizedClientRepository)\".");
 		this.clientCredentialsTokenResponseClient = clientCredentialsTokenResponseClient;
 		updateDefaultAuthorizedClientManager();
 	}
 
 	private void updateDefaultAuthorizedClientManager() {
-		OAuth2AuthorizedClientProvider authorizedClientProvider =
-				OAuth2AuthorizedClientProviderBuilder.builder()
-						.authorizationCode()
-						.refreshToken(configurer -> configurer.clockSkew(this.accessTokenExpiresSkew))
-						.clientCredentials(this::updateClientCredentialsProvider)
-						.password(configurer -> configurer.clockSkew(this.accessTokenExpiresSkew))
-						.build();
-		((DefaultOAuth2AuthorizedClientManager) this.authorizedClientManager).setAuthorizedClientProvider(authorizedClientProvider);
+		OAuth2AuthorizedClientProvider authorizedClientProvider = OAuth2AuthorizedClientProviderBuilder.builder()
+				.authorizationCode().refreshToken(configurer -> configurer.clockSkew(this.accessTokenExpiresSkew))
+				.clientCredentials(this::updateClientCredentialsProvider)
+				.password(configurer -> configurer.clockSkew(this.accessTokenExpiresSkew)).build();
+		((DefaultOAuth2AuthorizedClientManager) this.authorizedClientManager)
+				.setAuthorizedClientProvider(authorizedClientProvider);
 	}
 
-	private void updateClientCredentialsProvider(OAuth2AuthorizedClientProviderBuilder.ClientCredentialsGrantBuilder builder) {
+	private void updateClientCredentialsProvider(
+			OAuth2AuthorizedClientProviderBuilder.ClientCredentialsGrantBuilder builder) {
 		if (this.clientCredentialsTokenResponseClient != null) {
 			builder.accessTokenResponseClient(this.clientCredentialsTokenResponseClient);
 		}
@@ -264,19 +280,21 @@ public final class ServletOAuth2AuthorizedClientExchangeFilterFunction implement
 	}
 
 	/**
-	 * If true, a default {@link OAuth2AuthorizedClient} can be discovered from the current Authentication. It is
-	 * recommended to be cautious with this feature since all HTTP requests will receive the access token if it can be
-	 * resolved from the current Authentication.
-	 * @param defaultOAuth2AuthorizedClient true if a default {@link OAuth2AuthorizedClient} should be used, else false.
-	 *                                      Default is false.
+	 * If true, a default {@link OAuth2AuthorizedClient} can be discovered from the
+	 * current Authentication. It is recommended to be cautious with this feature since
+	 * all HTTP requests will receive the access token if it can be resolved from the
+	 * current Authentication.
+	 * @param defaultOAuth2AuthorizedClient true if a default
+	 * {@link OAuth2AuthorizedClient} should be used, else false. Default is false.
 	 */
 	public void setDefaultOAuth2AuthorizedClient(boolean defaultOAuth2AuthorizedClient) {
 		this.defaultOAuth2AuthorizedClient = defaultOAuth2AuthorizedClient;
 	}
 
 	/**
-	 * If set, will be used as the default {@link ClientRegistration#getRegistrationId()}. It is
-	 * recommended to be cautious with this feature since all HTTP requests will receive the access token.
+	 * If set, will be used as the default {@link ClientRegistration#getRegistrationId()}.
+	 * It is recommended to be cautious with this feature since all HTTP requests will
+	 * receive the access token.
 	 * @param clientRegistrationId the id to use
 	 */
 	public void setDefaultClientRegistrationId(String clientRegistrationId) {
@@ -284,7 +302,8 @@ public final class ServletOAuth2AuthorizedClientExchangeFilterFunction implement
 	}
 
 	/**
-	 * Configures the builder with {@link #defaultRequest()} and adds this as a {@link ExchangeFilterFunction}
+	 * Configures the builder with {@link #defaultRequest()} and adds this as a
+	 * {@link ExchangeFilterFunction}
 	 * @return the {@link Consumer} to configure the builder
 	 */
 	public Consumer<WebClient.Builder> oauth2Configuration() {
@@ -292,10 +311,12 @@ public final class ServletOAuth2AuthorizedClientExchangeFilterFunction implement
 	}
 
 	/**
-	 * Provides defaults for the {@link HttpServletRequest} and the {@link HttpServletResponse} using
-	 * {@link RequestContextHolder}. It also provides defaults for the {@link Authentication} using
-	 * {@link SecurityContextHolder}. It also can default the {@link OAuth2AuthorizedClient} using the
-	 * {@link #clientRegistrationId(String)} or the {@link #authentication(Authentication)}.
+	 * Provides defaults for the {@link HttpServletRequest} and the
+	 * {@link HttpServletResponse} using {@link RequestContextHolder}. It also provides
+	 * defaults for the {@link Authentication} using {@link SecurityContextHolder}. It
+	 * also can default the {@link OAuth2AuthorizedClient} using the
+	 * {@link #clientRegistrationId(String)} or the
+	 * {@link #authentication(Authentication)}.
 	 * @return the {@link Consumer} to populate the attributes
 	 */
 	public Consumer<WebClient.RequestHeadersSpec<?>> defaultRequest() {
@@ -306,9 +327,8 @@ public final class ServletOAuth2AuthorizedClientExchangeFilterFunction implement
 	}
 
 	/**
-	 * Modifies the {@link ClientRequest#attributes()} to include the {@link OAuth2AuthorizedClient} to be used for
-	 * providing the Bearer Token.
-	 *
+	 * Modifies the {@link ClientRequest#attributes()} to include the
+	 * {@link OAuth2AuthorizedClient} to be used for providing the Bearer Token.
 	 * @param authorizedClient the {@link OAuth2AuthorizedClient} to use.
 	 * @return the {@link Consumer} to populate the attributes
 	 */
@@ -316,16 +336,17 @@ public final class ServletOAuth2AuthorizedClientExchangeFilterFunction implement
 		return attributes -> {
 			if (authorizedClient == null) {
 				attributes.remove(OAUTH2_AUTHORIZED_CLIENT_ATTR_NAME);
-			} else {
+			}
+			else {
 				attributes.put(OAUTH2_AUTHORIZED_CLIENT_ATTR_NAME, authorizedClient);
 			}
 		};
 	}
 
 	/**
-	 * Modifies the {@link ClientRequest#attributes()} to include the {@link ClientRegistration#getRegistrationId()} to
-	 * be used to look up the {@link OAuth2AuthorizedClient}.
-	 *
+	 * Modifies the {@link ClientRequest#attributes()} to include the
+	 * {@link ClientRegistration#getRegistrationId()} to be used to look up the
+	 * {@link OAuth2AuthorizedClient}.
 	 * @param clientRegistrationId the {@link ClientRegistration#getRegistrationId()} to
 	 * be used to look up the {@link OAuth2AuthorizedClient}.
 	 * @return the {@link Consumer} to populate the attributes
@@ -335,10 +356,10 @@ public final class ServletOAuth2AuthorizedClientExchangeFilterFunction implement
 	}
 
 	/**
-	 * Modifies the {@link ClientRequest#attributes()} to include the {@link Authentication} used to
-	 * look up and save the {@link OAuth2AuthorizedClient}. The value is defaulted in
+	 * Modifies the {@link ClientRequest#attributes()} to include the
+	 * {@link Authentication} used to look up and save the {@link OAuth2AuthorizedClient}.
+	 * The value is defaulted in
 	 * {@link ServletOAuth2AuthorizedClientExchangeFilterFunction#defaultRequest()}
-	 *
 	 * @param authentication the {@link Authentication} to use.
 	 * @return the {@link Consumer} to populate the attributes
 	 */
@@ -347,10 +368,10 @@ public final class ServletOAuth2AuthorizedClientExchangeFilterFunction implement
 	}
 
 	/**
-	 * Modifies the {@link ClientRequest#attributes()} to include the {@link HttpServletRequest} used to
-	 * look up and save the {@link OAuth2AuthorizedClient}. The value is defaulted in
+	 * Modifies the {@link ClientRequest#attributes()} to include the
+	 * {@link HttpServletRequest} used to look up and save the
+	 * {@link OAuth2AuthorizedClient}. The value is defaulted in
 	 * {@link ServletOAuth2AuthorizedClientExchangeFilterFunction#defaultRequest()}
-	 *
 	 * @param request the {@link HttpServletRequest} to use.
 	 * @return the {@link Consumer} to populate the attributes
 	 */
@@ -359,10 +380,10 @@ public final class ServletOAuth2AuthorizedClientExchangeFilterFunction implement
 	}
 
 	/**
-	 * Modifies the {@link ClientRequest#attributes()} to include the {@link HttpServletResponse} used to
-	 * save the {@link OAuth2AuthorizedClient}. The value is defaulted in
+	 * Modifies the {@link ClientRequest#attributes()} to include the
+	 * {@link HttpServletResponse} used to save the {@link OAuth2AuthorizedClient}. The
+	 * value is defaulted in
 	 * {@link ServletOAuth2AuthorizedClientExchangeFilterFunction#defaultRequest()}
-	 *
 	 * @param response the {@link HttpServletResponse} to use.
 	 * @return the {@link Consumer} to populate the attributes
 	 */
@@ -373,38 +394,39 @@ public final class ServletOAuth2AuthorizedClientExchangeFilterFunction implement
 	/**
 	 * An access token will be considered expired by comparing its expiration to now +
 	 * this skewed Duration. The default is 1 minute.
-	 *
-	 * @deprecated The {@code accessTokenExpiresSkew} should be configured with the specific {@link OAuth2AuthorizedClientProvider} implementation,
-	 * 				e.g. {@link ClientCredentialsOAuth2AuthorizedClientProvider#setClockSkew(Duration) ClientCredentialsOAuth2AuthorizedClientProvider} or
-	 * 				{@link RefreshTokenOAuth2AuthorizedClientProvider#setClockSkew(Duration) RefreshTokenOAuth2AuthorizedClientProvider}.
-	 *
+	 * @deprecated The {@code accessTokenExpiresSkew} should be configured with the
+	 * specific {@link OAuth2AuthorizedClientProvider} implementation, e.g.
+	 * {@link ClientCredentialsOAuth2AuthorizedClientProvider#setClockSkew(Duration)
+	 * ClientCredentialsOAuth2AuthorizedClientProvider} or
+	 * {@link RefreshTokenOAuth2AuthorizedClientProvider#setClockSkew(Duration)
+	 * RefreshTokenOAuth2AuthorizedClientProvider}.
 	 * @param accessTokenExpiresSkew the Duration to use.
 	 */
 	@Deprecated
 	public void setAccessTokenExpiresSkew(Duration accessTokenExpiresSkew) {
 		Assert.notNull(accessTokenExpiresSkew, "accessTokenExpiresSkew cannot be null");
-		Assert.state(this.defaultAuthorizedClientManager, "The accessTokenExpiresSkew cannot be set when the constructor used is \"ServletOAuth2AuthorizedClientExchangeFilterFunction(OAuth2AuthorizedClientManager)\". " +
-				"Instead, use the constructor \"ServletOAuth2AuthorizedClientExchangeFilterFunction(ClientRegistrationRepository, OAuth2AuthorizedClientRepository)\".");
+		Assert.state(this.defaultAuthorizedClientManager,
+				"The accessTokenExpiresSkew cannot be set when the constructor used is \"ServletOAuth2AuthorizedClientExchangeFilterFunction(OAuth2AuthorizedClientManager)\". "
+						+ "Instead, use the constructor \"ServletOAuth2AuthorizedClientExchangeFilterFunction(ClientRegistrationRepository, OAuth2AuthorizedClientRepository)\".");
 		this.accessTokenExpiresSkew = accessTokenExpiresSkew;
 		updateDefaultAuthorizedClientManager();
 	}
 
 	/**
-	 * Sets the {@link OAuth2AuthorizationFailureHandler} that handles
-	 * authentication and authorization failures when communicating
-	 * to the OAuth 2.0 Resource Server.
+	 * Sets the {@link OAuth2AuthorizationFailureHandler} that handles authentication and
+	 * authorization failures when communicating to the OAuth 2.0 Resource Server.
 	 *
 	 * <p>
-	 * For example, a {@link RemoveAuthorizedClientOAuth2AuthorizationFailureHandler}
-	 * is typically used to remove the cached {@link OAuth2AuthorizedClient},
-	 * so that the same token is no longer used in future requests to the Resource Server.
+	 * For example, a {@link RemoveAuthorizedClientOAuth2AuthorizationFailureHandler} is
+	 * typically used to remove the cached {@link OAuth2AuthorizedClient}, so that the
+	 * same token is no longer used in future requests to the Resource Server.
 	 *
 	 * <p>
-	 * The failure handler used by default depends on which constructor was used
-	 * to construct this {@link ServletOAuth2AuthorizedClientExchangeFilterFunction}.
-	 * See the constructors for more details.
-	 *
-	 * @param authorizationFailureHandler the {@link OAuth2AuthorizationFailureHandler} that handles authentication and authorization failures
+	 * The failure handler used by default depends on which constructor was used to
+	 * construct this {@link ServletOAuth2AuthorizedClientExchangeFilterFunction}. See the
+	 * constructors for more details.
+	 * @param authorizationFailureHandler the {@link OAuth2AuthorizationFailureHandler}
+	 * that handles authentication and authorization failures
 	 * @since 5.3
 	 */
 	public void setAuthorizationFailureHandler(OAuth2AuthorizationFailureHandler authorizationFailureHandler) {
@@ -417,11 +439,9 @@ public final class ServletOAuth2AuthorizedClientExchangeFilterFunction implement
 		return mergeRequestAttributesIfNecessary(request)
 				.filter(req -> req.attribute(OAUTH2_AUTHORIZED_CLIENT_ATTR_NAME).isPresent())
 				.flatMap(req -> reauthorizeClient(getOAuth2AuthorizedClient(req.attributes()), req))
-				.switchIfEmpty(Mono.defer(() ->
-						mergeRequestAttributesIfNecessary(request)
-								.filter(req -> resolveClientRegistrationId(req) != null)
-								.flatMap(req -> authorizeClient(resolveClientRegistrationId(req), req))
-				))
+				.switchIfEmpty(Mono.defer(() -> mergeRequestAttributesIfNecessary(request)
+						.filter(req -> resolveClientRegistrationId(req) != null)
+						.flatMap(req -> authorizeClient(resolveClientRegistrationId(req), req))))
 				.map(authorizedClient -> bearer(request, authorizedClient))
 				.flatMap(requestWithBearer -> exchangeAndHandleResponse(requestWithBearer, next))
 				.switchIfEmpty(Mono.defer(() -> exchangeAndHandleResponse(request, next)));
@@ -433,24 +453,25 @@ public final class ServletOAuth2AuthorizedClientExchangeFilterFunction implement
 	}
 
 	private Mono<ClientRequest> mergeRequestAttributesIfNecessary(ClientRequest request) {
-		if (!request.attribute(HTTP_SERVLET_REQUEST_ATTR_NAME).isPresent() ||
-				!request.attribute(HTTP_SERVLET_RESPONSE_ATTR_NAME).isPresent() ||
-				!request.attribute(AUTHENTICATION_ATTR_NAME).isPresent()) {
+		if (!request.attribute(HTTP_SERVLET_REQUEST_ATTR_NAME).isPresent()
+				|| !request.attribute(HTTP_SERVLET_RESPONSE_ATTR_NAME).isPresent()
+				|| !request.attribute(AUTHENTICATION_ATTR_NAME).isPresent()) {
 			return mergeRequestAttributesFromContext(request);
-		} else {
+		}
+		else {
 			return Mono.just(request);
 		}
 	}
 
 	private Mono<ClientRequest> mergeRequestAttributesFromContext(ClientRequest request) {
 		ClientRequest.Builder builder = ClientRequest.from(request);
-		return Mono.subscriberContext()
-				.map(ctx -> builder.attributes(attrs -> populateRequestAttributes(attrs, ctx)))
+		return Mono.subscriberContext().map(ctx -> builder.attributes(attrs -> populateRequestAttributes(attrs, ctx)))
 				.map(ClientRequest.Builder::build);
 	}
 
 	private void populateRequestAttributes(Map<String, Object> attrs, Context ctx) {
-		// NOTE: SecurityReactorContextConfiguration.SecurityReactorContextSubscriber adds this key
+		// NOTE: SecurityReactorContextConfiguration.SecurityReactorContextSubscriber adds
+		// this key
 		if (!ctx.hasKey(SECURITY_REACTOR_CONTEXT_ATTRIBUTES_KEY)) {
 			return;
 		}
@@ -470,13 +491,12 @@ public final class ServletOAuth2AuthorizedClientExchangeFilterFunction implement
 	}
 
 	private void populateDefaultRequestResponse(Map<String, Object> attrs) {
-		if (attrs.containsKey(HTTP_SERVLET_REQUEST_ATTR_NAME) &&
-				attrs.containsKey(HTTP_SERVLET_RESPONSE_ATTR_NAME)) {
+		if (attrs.containsKey(HTTP_SERVLET_REQUEST_ATTR_NAME) && attrs.containsKey(HTTP_SERVLET_RESPONSE_ATTR_NAME)) {
 			return;
 		}
 		RequestAttributes context = RequestContextHolder.getRequestAttributes();
 		if (context instanceof ServletRequestAttributes) {
-			attrs.putIfAbsent(HTTP_SERVLET_REQUEST_ATTR_NAME,  ((ServletRequestAttributes) context).getRequest());
+			attrs.putIfAbsent(HTTP_SERVLET_REQUEST_ATTR_NAME, ((ServletRequestAttributes) context).getRequest());
 			attrs.putIfAbsent(HTTP_SERVLET_RESPONSE_ATTR_NAME, ((ServletRequestAttributes) context).getResponse());
 		}
 	}
@@ -496,8 +516,7 @@ public final class ServletOAuth2AuthorizedClientExchangeFilterFunction implement
 			clientRegistrationId = this.defaultClientRegistrationId;
 		}
 		Authentication authentication = getAuthentication(attrs);
-		if (clientRegistrationId == null
-				&& this.defaultOAuth2AuthorizedClient
+		if (clientRegistrationId == null && this.defaultOAuth2AuthorizedClient
 				&& authentication instanceof OAuth2AuthenticationToken) {
 			clientRegistrationId = ((OAuth2AuthenticationToken) authentication).getAuthorizedClientRegistrationId();
 		}
@@ -516,7 +535,8 @@ public final class ServletOAuth2AuthorizedClientExchangeFilterFunction implement
 		HttpServletRequest servletRequest = getRequest(attrs);
 		HttpServletResponse servletResponse = getResponse(attrs);
 
-		OAuth2AuthorizeRequest.Builder builder = OAuth2AuthorizeRequest.withClientRegistrationId(clientRegistrationId).principal(authentication);
+		OAuth2AuthorizeRequest.Builder builder = OAuth2AuthorizeRequest.withClientRegistrationId(clientRegistrationId)
+				.principal(authentication);
 		builder.attributes(attributes -> {
 			if (servletRequest != null) {
 				attributes.put(HttpServletRequest.class.getName(), servletRequest);
@@ -531,10 +551,12 @@ public final class ServletOAuth2AuthorizedClientExchangeFilterFunction implement
 		// 'authorizedClientManager.authorize()' needs to be executed
 		// on a dedicated thread via subscribeOn(Schedulers.boundedElastic())
 		// since it performs a blocking I/O operation using RestTemplate internally
-		return Mono.fromSupplier(() -> this.authorizedClientManager.authorize(authorizeRequest)).subscribeOn(Schedulers.boundedElastic());
+		return Mono.fromSupplier(() -> this.authorizedClientManager.authorize(authorizeRequest))
+				.subscribeOn(Schedulers.boundedElastic());
 	}
 
-	private Mono<OAuth2AuthorizedClient> reauthorizeClient(OAuth2AuthorizedClient authorizedClient, ClientRequest request) {
+	private Mono<OAuth2AuthorizedClient> reauthorizeClient(OAuth2AuthorizedClient authorizedClient,
+			ClientRequest request) {
 		if (this.authorizedClientManager == null) {
 			return Mono.just(authorizedClient);
 		}
@@ -546,7 +568,8 @@ public final class ServletOAuth2AuthorizedClientExchangeFilterFunction implement
 		HttpServletRequest servletRequest = getRequest(attrs);
 		HttpServletResponse servletResponse = getResponse(attrs);
 
-		OAuth2AuthorizeRequest.Builder builder = OAuth2AuthorizeRequest.withAuthorizedClient(authorizedClient).principal(authentication);
+		OAuth2AuthorizeRequest.Builder builder = OAuth2AuthorizeRequest.withAuthorizedClient(authorizedClient)
+				.principal(authentication);
 		builder.attributes(attributes -> {
 			if (servletRequest != null) {
 				attributes.put(HttpServletRequest.class.getName(), servletRequest);
@@ -561,14 +584,14 @@ public final class ServletOAuth2AuthorizedClientExchangeFilterFunction implement
 		// 'authorizedClientManager.authorize()' needs to be executed
 		// on a dedicated thread via subscribeOn(Schedulers.boundedElastic())
 		// since it performs a blocking I/O operation using RestTemplate internally
-		return Mono.fromSupplier(() -> this.authorizedClientManager.authorize(reauthorizeRequest)).subscribeOn(Schedulers.boundedElastic());
+		return Mono.fromSupplier(() -> this.authorizedClientManager.authorize(reauthorizeRequest))
+				.subscribeOn(Schedulers.boundedElastic());
 	}
 
 	private ClientRequest bearer(ClientRequest request, OAuth2AuthorizedClient authorizedClient) {
 		return ClientRequest.from(request)
-					.headers(headers -> headers.setBearerAuth(authorizedClient.getAccessToken().getTokenValue()))
-					.attributes(oauth2AuthorizedClient(authorizedClient))
-					.build();
+				.headers(headers -> headers.setBearerAuth(authorizedClient.getAccessToken().getTokenValue()))
+				.attributes(oauth2AuthorizedClient(authorizedClient)).build();
 	}
 
 	static OAuth2AuthorizedClient getOAuth2AuthorizedClient(Map<String, Object> attrs) {
@@ -616,15 +639,14 @@ public final class ServletOAuth2AuthorizedClientExchangeFilterFunction implement
 	private static class AuthorizationFailureForwarder implements ClientResponseHandler {
 
 		/**
-		 * A map of HTTP status code to OAuth 2.0 error code for
-		 * HTTP status codes that should be interpreted as
-		 * authentication or authorization failures.
+		 * A map of HTTP status code to OAuth 2.0 error code for HTTP status codes that
+		 * should be interpreted as authentication or authorization failures.
 		 */
 		private final Map<Integer, String> httpStatusToOAuth2ErrorCodeMap;
 
 		/**
-		 * The {@link OAuth2AuthorizationFailureHandler} to notify
-		 * when an authentication/authorization failure occurs.
+		 * The {@link OAuth2AuthorizationFailureHandler} to notify when an
+		 * authentication/authorization failure occurs.
 		 */
 		private final OAuth2AuthorizationFailureHandler authorizationFailureHandler;
 
@@ -640,33 +662,30 @@ public final class ServletOAuth2AuthorizedClientExchangeFilterFunction implement
 
 		@Override
 		public Mono<ClientResponse> handleResponse(ClientRequest request, Mono<ClientResponse> responseMono) {
-			return responseMono
-					.flatMap(response -> handleResponse(request, response)
-							.thenReturn(response))
-					.onErrorResume(WebClientResponseException.class, e -> handleWebClientResponseException(request, e)
-							.then(Mono.error(e)))
-					.onErrorResume(OAuth2AuthorizationException.class, e -> handleAuthorizationException(request, e)
-							.then(Mono.error(e)));
+			return responseMono.flatMap(response -> handleResponse(request, response).thenReturn(response))
+					.onErrorResume(WebClientResponseException.class,
+							e -> handleWebClientResponseException(request, e).then(Mono.error(e)))
+					.onErrorResume(OAuth2AuthorizationException.class,
+							e -> handleAuthorizationException(request, e).then(Mono.error(e)));
 		}
 
 		private Mono<Void> handleResponse(ClientRequest request, ClientResponse response) {
-			return Mono.justOrEmpty(resolveErrorIfPossible(response))
-					.flatMap(oauth2Error -> {
-						Map<String, Object> attrs = request.attributes();
-						OAuth2AuthorizedClient authorizedClient = getOAuth2AuthorizedClient(attrs);
-						if (authorizedClient == null) {
-							return Mono.empty();
-						}
+			return Mono.justOrEmpty(resolveErrorIfPossible(response)).flatMap(oauth2Error -> {
+				Map<String, Object> attrs = request.attributes();
+				OAuth2AuthorizedClient authorizedClient = getOAuth2AuthorizedClient(attrs);
+				if (authorizedClient == null) {
+					return Mono.empty();
+				}
 
-						ClientAuthorizationException authorizationException = new ClientAuthorizationException(
-								oauth2Error, authorizedClient.getClientRegistration().getRegistrationId());
+				ClientAuthorizationException authorizationException = new ClientAuthorizationException(oauth2Error,
+						authorizedClient.getClientRegistration().getRegistrationId());
 
-						Authentication principal = createAuthentication(authorizedClient.getPrincipalName());
-						HttpServletRequest servletRequest = getRequest(attrs);
-						HttpServletResponse servletResponse = getResponse(attrs);
+				Authentication principal = createAuthentication(authorizedClient.getPrincipalName());
+				HttpServletRequest servletRequest = getRequest(attrs);
+				HttpServletResponse servletResponse = getResponse(attrs);
 
-						return handleAuthorizationFailure(authorizationException, principal, servletRequest, servletResponse);
-					});
+				return handleAuthorizationFailure(authorizationException, principal, servletRequest, servletResponse);
+			});
 		}
 
 		private OAuth2Error resolveErrorIfPossible(ClientResponse response) {
@@ -675,8 +694,7 @@ public final class ServletOAuth2AuthorizedClientExchangeFilterFunction implement
 				String wwwAuthenticateHeader = response.headers().header(HttpHeaders.WWW_AUTHENTICATE).get(0);
 				Map<String, String> authParameters = parseAuthParameters(wwwAuthenticateHeader);
 				if (authParameters.containsKey(OAuth2ParameterNames.ERROR)) {
-					return new OAuth2Error(
-							authParameters.get(OAuth2ParameterNames.ERROR),
+					return new OAuth2Error(authParameters.get(OAuth2ParameterNames.ERROR),
 							authParameters.get(OAuth2ParameterNames.ERROR_DESCRIPTION),
 							authParameters.get(OAuth2ParameterNames.ERROR_URI));
 				}
@@ -686,103 +704,102 @@ public final class ServletOAuth2AuthorizedClientExchangeFilterFunction implement
 
 		private OAuth2Error resolveErrorIfPossible(int statusCode) {
 			if (this.httpStatusToOAuth2ErrorCodeMap.containsKey(statusCode)) {
-				return new OAuth2Error(
-						this.httpStatusToOAuth2ErrorCodeMap.get(statusCode),
-						null,
+				return new OAuth2Error(this.httpStatusToOAuth2ErrorCodeMap.get(statusCode), null,
 						"https://tools.ietf.org/html/rfc6750#section-3.1");
 			}
 			return null;
 		}
 
 		private Map<String, String> parseAuthParameters(String wwwAuthenticateHeader) {
-			return Stream.of(wwwAuthenticateHeader)
-					.filter(header -> !StringUtils.isEmpty(header))
+			return Stream.of(wwwAuthenticateHeader).filter(header -> !StringUtils.isEmpty(header))
 					.filter(header -> header.toLowerCase().startsWith("bearer"))
-					.map(header -> header.substring("bearer".length()))
-					.map(header -> header.split(","))
-					.flatMap(Stream::of)
-					.map(parameter -> parameter.split("="))
-					.filter(parameter -> parameter.length > 1)
-					.collect(Collectors.toMap(
-							parameters -> parameters[0].trim(),
-							parameters -> parameters[1].trim().replace("\"", "")));
+					.map(header -> header.substring("bearer".length())).map(header -> header.split(","))
+					.flatMap(Stream::of).map(parameter -> parameter.split("="))
+					.filter(parameter -> parameter.length > 1).collect(Collectors.toMap(
+							parameters -> parameters[0].trim(), parameters -> parameters[1].trim().replace("\"", "")));
 		}
 
 		/**
-		 * Handles the given http status code returned from a resource server
-		 * by notifying the authorization failure handler if the http status
-		 * code is in the {@link #httpStatusToOAuth2ErrorCodeMap}.
-		 *
+		 * Handles the given http status code returned from a resource server by notifying
+		 * the authorization failure handler if the http status code is in the
+		 * {@link #httpStatusToOAuth2ErrorCodeMap}.
 		 * @param request the request being processed
 		 * @param exception The root cause exception for the failure
-		 * @return a {@link Mono} that completes empty after the authorization failure handler completes
+		 * @return a {@link Mono} that completes empty after the authorization failure
+		 * handler completes
 		 */
-		private Mono<Void> handleWebClientResponseException(ClientRequest request, WebClientResponseException exception) {
-			return Mono.justOrEmpty(resolveErrorIfPossible(exception.getRawStatusCode()))
-					.flatMap(oauth2Error -> {
-						Map<String, Object> attrs = request.attributes();
-						OAuth2AuthorizedClient authorizedClient = getOAuth2AuthorizedClient(attrs);
-						if (authorizedClient == null) {
-							return Mono.empty();
-						}
+		private Mono<Void> handleWebClientResponseException(ClientRequest request,
+				WebClientResponseException exception) {
+			return Mono.justOrEmpty(resolveErrorIfPossible(exception.getRawStatusCode())).flatMap(oauth2Error -> {
+				Map<String, Object> attrs = request.attributes();
+				OAuth2AuthorizedClient authorizedClient = getOAuth2AuthorizedClient(attrs);
+				if (authorizedClient == null) {
+					return Mono.empty();
+				}
 
-						ClientAuthorizationException authorizationException = new ClientAuthorizationException(
-								oauth2Error, authorizedClient.getClientRegistration().getRegistrationId(), exception);
+				ClientAuthorizationException authorizationException = new ClientAuthorizationException(oauth2Error,
+						authorizedClient.getClientRegistration().getRegistrationId(), exception);
 
-						Authentication principal = createAuthentication(authorizedClient.getPrincipalName());
-						HttpServletRequest servletRequest = getRequest(attrs);
-						HttpServletResponse servletResponse = getResponse(attrs);
+				Authentication principal = createAuthentication(authorizedClient.getPrincipalName());
+				HttpServletRequest servletRequest = getRequest(attrs);
+				HttpServletResponse servletResponse = getResponse(attrs);
 
-						return handleAuthorizationFailure(authorizationException, principal, servletRequest, servletResponse);
-					});
+				return handleAuthorizationFailure(authorizationException, principal, servletRequest, servletResponse);
+			});
 		}
 
 		/**
 		 * Handles the given {@link OAuth2AuthorizationException} that occurred downstream
 		 * by notifying the authorization failure handler.
-		 *
 		 * @param request the request being processed
-		 * @param authorizationException the authorization exception to include in the failure event
-		 * @return a {@link Mono} that completes empty after the authorization failure handler completes
+		 * @param authorizationException the authorization exception to include in the
+		 * failure event
+		 * @return a {@link Mono} that completes empty after the authorization failure
+		 * handler completes
 		 */
-		private Mono<Void> handleAuthorizationException(ClientRequest request, OAuth2AuthorizationException authorizationException) {
-			return Mono.justOrEmpty(request)
-					.flatMap(req -> {
-						Map<String, Object> attrs = req.attributes();
-						OAuth2AuthorizedClient authorizedClient = getOAuth2AuthorizedClient(attrs);
-						if (authorizedClient == null) {
-							return Mono.empty();
-						}
+		private Mono<Void> handleAuthorizationException(ClientRequest request,
+				OAuth2AuthorizationException authorizationException) {
+			return Mono.justOrEmpty(request).flatMap(req -> {
+				Map<String, Object> attrs = req.attributes();
+				OAuth2AuthorizedClient authorizedClient = getOAuth2AuthorizedClient(attrs);
+				if (authorizedClient == null) {
+					return Mono.empty();
+				}
 
-						Authentication principal = createAuthentication(authorizedClient.getPrincipalName());
-						HttpServletRequest servletRequest = getRequest(attrs);
-						HttpServletResponse servletResponse = getResponse(attrs);
+				Authentication principal = createAuthentication(authorizedClient.getPrincipalName());
+				HttpServletRequest servletRequest = getRequest(attrs);
+				HttpServletResponse servletResponse = getResponse(attrs);
 
-						return handleAuthorizationFailure(authorizationException, principal, servletRequest, servletResponse);
-					});
+				return handleAuthorizationFailure(authorizationException, principal, servletRequest, servletResponse);
+			});
 		}
 
 		/**
-		 * Delegates the failed authorization to the {@link OAuth2AuthorizationFailureHandler}.
-		 *
-		 * @param exception the {@link OAuth2AuthorizationException} to include in the failure event
+		 * Delegates the failed authorization to the
+		 * {@link OAuth2AuthorizationFailureHandler}.
+		 * @param exception the {@link OAuth2AuthorizationException} to include in the
+		 * failure event
 		 * @param principal the principal associated with the failed authorization attempt
 		 * @param servletRequest the currently active {@code HttpServletRequest}
 		 * @param servletResponse the currently active {@code HttpServletResponse}
-		 * @return a {@link Mono} that completes empty after the {@link OAuth2AuthorizationFailureHandler} completes
+		 * @return a {@link Mono} that completes empty after the
+		 * {@link OAuth2AuthorizationFailureHandler} completes
 		 */
-		private Mono<Void> handleAuthorizationFailure(OAuth2AuthorizationException exception,
-				Authentication principal, HttpServletRequest servletRequest, HttpServletResponse servletResponse) {
-			Runnable runnable = () -> this.authorizationFailureHandler.onAuthorizationFailure(
-					exception, principal, createAttributes(servletRequest, servletResponse));
+		private Mono<Void> handleAuthorizationFailure(OAuth2AuthorizationException exception, Authentication principal,
+				HttpServletRequest servletRequest, HttpServletResponse servletResponse) {
+			Runnable runnable = () -> this.authorizationFailureHandler.onAuthorizationFailure(exception, principal,
+					createAttributes(servletRequest, servletResponse));
 			return Mono.fromRunnable(runnable).subscribeOn(Schedulers.boundedElastic()).then();
 		}
 
-		private static Map<String, Object> createAttributes(HttpServletRequest servletRequest, HttpServletResponse servletResponse) {
+		private static Map<String, Object> createAttributes(HttpServletRequest servletRequest,
+				HttpServletResponse servletResponse) {
 			Map<String, Object> attributes = new HashMap<>();
 			attributes.put(HttpServletRequest.class.getName(), servletRequest);
 			attributes.put(HttpServletResponse.class.getName(), servletResponse);
 			return attributes;
 		}
+
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/result/method/annotation/OAuth2AuthorizedClientArgumentResolver.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/result/method/annotation/OAuth2AuthorizedClientArgumentResolver.java
index 798fafc30c..b79bce181f 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/result/method/annotation/OAuth2AuthorizedClientArgumentResolver.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/result/method/annotation/OAuth2AuthorizedClientArgumentResolver.java
@@ -39,12 +39,12 @@ import org.springframework.web.server.ServerWebExchange;
 import reactor.core.publisher.Mono;
 
 /**
- * An implementation of a {@link HandlerMethodArgumentResolver} that is capable
- * of resolving a method parameter to an argument value of type {@link OAuth2AuthorizedClient}.
+ * An implementation of a {@link HandlerMethodArgumentResolver} that is capable of
+ * resolving a method parameter to an argument value of type
+ * {@link OAuth2AuthorizedClient}.
  *
  * <p>
- * For example:
- * <pre>
+ * For example: <pre>
  * &#64;Controller
  * public class MyController {
  *     &#64;GetMapping("/authorized-client")
@@ -60,15 +60,19 @@ import reactor.core.publisher.Mono;
  * @see RegisteredOAuth2AuthorizedClient
  */
 public final class OAuth2AuthorizedClientArgumentResolver implements HandlerMethodArgumentResolver {
+
 	private static final AnonymousAuthenticationToken ANONYMOUS_USER_TOKEN = new AnonymousAuthenticationToken(
 			"anonymous", "anonymousUser", AuthorityUtils.createAuthorityList("ROLE_USER"));
+
 	private ReactiveOAuth2AuthorizedClientManager authorizedClientManager;
 
 	/**
-	 * Constructs an {@code OAuth2AuthorizedClientArgumentResolver} using the provided parameters.
+	 * Constructs an {@code OAuth2AuthorizedClientArgumentResolver} using the provided
+	 * parameters.
 	 *
 	 * @since 5.2
-	 * @param authorizedClientManager the {@link ReactiveOAuth2AuthorizedClientManager} which manages the authorized client(s)
+	 * @param authorizedClientManager the {@link ReactiveOAuth2AuthorizedClientManager}
+	 * which manages the authorized client(s)
 	 */
 	public OAuth2AuthorizedClientArgumentResolver(ReactiveOAuth2AuthorizedClientManager authorizedClientManager) {
 		Assert.notNull(authorizedClientManager, "authorizedClientManager cannot be null");
@@ -76,35 +80,36 @@ public final class OAuth2AuthorizedClientArgumentResolver implements HandlerMeth
 	}
 
 	/**
-	 * Constructs an {@code OAuth2AuthorizedClientArgumentResolver} using the provided parameters.
-	 *
+	 * Constructs an {@code OAuth2AuthorizedClientArgumentResolver} using the provided
+	 * parameters.
 	 * @param clientRegistrationRepository the repository of client registrations
 	 * @param authorizedClientRepository the repository of authorized clients
 	 */
 	public OAuth2AuthorizedClientArgumentResolver(ReactiveClientRegistrationRepository clientRegistrationRepository,
-													ServerOAuth2AuthorizedClientRepository authorizedClientRepository) {
+			ServerOAuth2AuthorizedClientRepository authorizedClientRepository) {
 		Assert.notNull(clientRegistrationRepository, "clientRegistrationRepository cannot be null");
 		Assert.notNull(authorizedClientRepository, "authorizedClientRepository cannot be null");
-		this.authorizedClientManager = new DefaultReactiveOAuth2AuthorizedClientManager(
-				clientRegistrationRepository, authorizedClientRepository);
+		this.authorizedClientManager = new DefaultReactiveOAuth2AuthorizedClientManager(clientRegistrationRepository,
+				authorizedClientRepository);
 	}
 
 	@Override
 	public boolean supportsParameter(MethodParameter parameter) {
-		return AnnotatedElementUtils.findMergedAnnotation(parameter.getParameter(), RegisteredOAuth2AuthorizedClient.class) != null;
+		return AnnotatedElementUtils.findMergedAnnotation(parameter.getParameter(),
+				RegisteredOAuth2AuthorizedClient.class) != null;
 	}
 
 	@Override
-	public Mono<Object> resolveArgument(MethodParameter parameter, BindingContext bindingContext, ServerWebExchange exchange) {
+	public Mono<Object> resolveArgument(MethodParameter parameter, BindingContext bindingContext,
+			ServerWebExchange exchange) {
 		return Mono.defer(() -> {
 			RegisteredOAuth2AuthorizedClient authorizedClientAnnotation = AnnotatedElementUtils
 					.findMergedAnnotation(parameter.getParameter(), RegisteredOAuth2AuthorizedClient.class);
 
-			String clientRegistrationId = StringUtils.hasLength(authorizedClientAnnotation.registrationId()) ?
-					authorizedClientAnnotation.registrationId() : null;
+			String clientRegistrationId = StringUtils.hasLength(authorizedClientAnnotation.registrationId())
+					? authorizedClientAnnotation.registrationId() : null;
 
-			return authorizeRequest(clientRegistrationId, exchange)
-					.flatMap(this.authorizedClientManager::authorize);
+			return authorizeRequest(clientRegistrationId, exchange).flatMap(this.authorizedClientManager::authorize);
 		});
 	}
 
@@ -113,35 +118,30 @@ public final class OAuth2AuthorizedClientArgumentResolver implements HandlerMeth
 
 		Mono<String> defaultedRegistrationId = Mono.justOrEmpty(registrationId)
 				.switchIfEmpty(clientRegistrationId(defaultedAuthentication))
-				.switchIfEmpty(Mono.error(() -> new IllegalArgumentException("The clientRegistrationId could not be resolved. Please provide one")));
+				.switchIfEmpty(Mono.error(() -> new IllegalArgumentException(
+						"The clientRegistrationId could not be resolved. Please provide one")));
 
 		Mono<ServerWebExchange> defaultedExchange = Mono.justOrEmpty(exchange)
 				.switchIfEmpty(currentServerWebExchange());
 
 		return Mono.zip(defaultedRegistrationId, defaultedAuthentication, defaultedExchange)
-				.map(t3 -> OAuth2AuthorizeRequest.withClientRegistrationId(t3.getT1())
-						.principal(t3.getT2())
-						.attribute(ServerWebExchange.class.getName(), t3.getT3())
-						.build()
-				);
+				.map(t3 -> OAuth2AuthorizeRequest.withClientRegistrationId(t3.getT1()).principal(t3.getT2())
+						.attribute(ServerWebExchange.class.getName(), t3.getT3()).build());
 	}
 
 	private Mono<Authentication> currentAuthentication() {
-		return ReactiveSecurityContextHolder.getContext()
-				.map(SecurityContext::getAuthentication)
+		return ReactiveSecurityContextHolder.getContext().map(SecurityContext::getAuthentication)
 				.defaultIfEmpty(ANONYMOUS_USER_TOKEN);
 	}
 
 	private Mono<String> clientRegistrationId(Mono<Authentication> authentication) {
-		return authentication
-				.filter(t -> t instanceof OAuth2AuthenticationToken)
-				.cast(OAuth2AuthenticationToken.class)
+		return authentication.filter(t -> t instanceof OAuth2AuthenticationToken).cast(OAuth2AuthenticationToken.class)
 				.map(OAuth2AuthenticationToken::getAuthorizedClientRegistrationId);
 	}
 
 	private Mono<ServerWebExchange> currentServerWebExchange() {
-		return Mono.subscriberContext()
-				.filter(c -> c.hasKey(ServerWebExchange.class))
+		return Mono.subscriberContext().filter(c -> c.hasKey(ServerWebExchange.class))
 				.map(c -> c.get(ServerWebExchange.class));
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/AuthenticatedPrincipalServerOAuth2AuthorizedClientRepository.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/AuthenticatedPrincipalServerOAuth2AuthorizedClientRepository.java
index 6357dc38c9..79746fe621 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/AuthenticatedPrincipalServerOAuth2AuthorizedClientRepository.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/AuthenticatedPrincipalServerOAuth2AuthorizedClientRepository.java
@@ -28,12 +28,12 @@ import org.springframework.web.server.ServerWebExchange;
 import reactor.core.publisher.Mono;
 
 /**
- * An implementation of an {@link ServerOAuth2AuthorizedClientRepository} that
- * delegates to the provided {@link ServerOAuth2AuthorizedClientRepository} if the current
- * {@code Principal} is authenticated, otherwise,
- * to the default (or provided) {@link ServerOAuth2AuthorizedClientRepository}
- * if the current request is unauthenticated (or anonymous).
- * The default {@code ReactiveOAuth2AuthorizedClientRepository} is
+ * An implementation of an {@link ServerOAuth2AuthorizedClientRepository} that delegates
+ * to the provided {@link ServerOAuth2AuthorizedClientRepository} if the current
+ * {@code Principal} is authenticated, otherwise, to the default (or provided)
+ * {@link ServerOAuth2AuthorizedClientRepository} if the current request is
+ * unauthenticated (or anonymous). The default
+ * {@code ReactiveOAuth2AuthorizedClientRepository} is
  * {@link WebSessionServerOAuth2AuthorizedClientRepository}.
  *
  * @author Rob Winch
@@ -45,25 +45,29 @@ import reactor.core.publisher.Mono;
  */
 public final class AuthenticatedPrincipalServerOAuth2AuthorizedClientRepository
 		implements ServerOAuth2AuthorizedClientRepository {
+
 	private final AuthenticationTrustResolver authenticationTrustResolver = new AuthenticationTrustResolverImpl();
+
 	private final ReactiveOAuth2AuthorizedClientService authorizedClientService;
+
 	private ServerOAuth2AuthorizedClientRepository anonymousAuthorizedClientRepository = new WebSessionServerOAuth2AuthorizedClientRepository();
 
 	/**
 	 * Creates an instance
-	 *
 	 * @param authorizedClientService the authorized client service
 	 */
-	public AuthenticatedPrincipalServerOAuth2AuthorizedClientRepository(ReactiveOAuth2AuthorizedClientService authorizedClientService) {
+	public AuthenticatedPrincipalServerOAuth2AuthorizedClientRepository(
+			ReactiveOAuth2AuthorizedClientService authorizedClientService) {
 		Assert.notNull(authorizedClientService, "authorizedClientService cannot be null");
 		this.authorizedClientService = authorizedClientService;
 	}
 
 	/**
-	 * Sets the {@link ServerOAuth2AuthorizedClientRepository} used for requests that are unauthenticated (or anonymous).
-	 * The default is {@link WebSessionServerOAuth2AuthorizedClientRepository}.
-	 *
-	 * @param anonymousAuthorizedClientRepository the repository used for requests that are unauthenticated (or anonymous)
+	 * Sets the {@link ServerOAuth2AuthorizedClientRepository} used for requests that are
+	 * unauthenticated (or anonymous). The default is
+	 * {@link WebSessionServerOAuth2AuthorizedClientRepository}.
+	 * @param anonymousAuthorizedClientRepository the repository used for requests that
+	 * are unauthenticated (or anonymous)
 	 */
 	public void setAnonymousAuthorizedClientRepository(
 			ServerOAuth2AuthorizedClientRepository anonymousAuthorizedClientRepository) {
@@ -72,12 +76,14 @@ public final class AuthenticatedPrincipalServerOAuth2AuthorizedClientRepository
 	}
 
 	@Override
-	public <T extends OAuth2AuthorizedClient> Mono<T> loadAuthorizedClient(String clientRegistrationId, Authentication principal,
-																		ServerWebExchange exchange) {
+	public <T extends OAuth2AuthorizedClient> Mono<T> loadAuthorizedClient(String clientRegistrationId,
+			Authentication principal, ServerWebExchange exchange) {
 		if (this.isPrincipalAuthenticated(principal)) {
 			return this.authorizedClientService.loadAuthorizedClient(clientRegistrationId, principal.getName());
-		} else {
-			return this.anonymousAuthorizedClientRepository.loadAuthorizedClient(clientRegistrationId, principal, exchange);
+		}
+		else {
+			return this.anonymousAuthorizedClientRepository.loadAuthorizedClient(clientRegistrationId, principal,
+					exchange);
 		}
 	}
 
@@ -86,7 +92,8 @@ public final class AuthenticatedPrincipalServerOAuth2AuthorizedClientRepository
 			ServerWebExchange exchange) {
 		if (this.isPrincipalAuthenticated(principal)) {
 			return this.authorizedClientService.saveAuthorizedClient(authorizedClient, principal);
-		} else {
+		}
+		else {
 			return this.anonymousAuthorizedClientRepository.saveAuthorizedClient(authorizedClient, principal, exchange);
 		}
 	}
@@ -96,14 +103,16 @@ public final class AuthenticatedPrincipalServerOAuth2AuthorizedClientRepository
 			ServerWebExchange exchange) {
 		if (this.isPrincipalAuthenticated(principal)) {
 			return this.authorizedClientService.removeAuthorizedClient(clientRegistrationId, principal.getName());
-		} else {
-			return this.anonymousAuthorizedClientRepository.removeAuthorizedClient(clientRegistrationId, principal, exchange);
+		}
+		else {
+			return this.anonymousAuthorizedClientRepository.removeAuthorizedClient(clientRegistrationId, principal,
+					exchange);
 		}
 	}
 
 	private boolean isPrincipalAuthenticated(Authentication authentication) {
-		return authentication != null &&
-				!this.authenticationTrustResolver.isAnonymous(authentication) &&
-				authentication.isAuthenticated();
+		return authentication != null && !this.authenticationTrustResolver.isAnonymous(authentication)
+				&& authentication.isAuthenticated();
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolver.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolver.java
index 3aee38b289..ca751132f3 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolver.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolver.java
@@ -51,26 +51,29 @@ import java.util.function.Consumer;
 /**
  * The default implementation of {@link ServerOAuth2AuthorizationRequestResolver}.
  *
- * The {@link ClientRegistration#getRegistrationId()} is extracted from the request using the
- * {@link #DEFAULT_AUTHORIZATION_REQUEST_PATTERN}. The injected {@link ReactiveClientRegistrationRepository} is then
- * used to resolve the {@link ClientRegistration} and create the {@link OAuth2AuthorizationRequest}.
+ * The {@link ClientRegistration#getRegistrationId()} is extracted from the request using
+ * the {@link #DEFAULT_AUTHORIZATION_REQUEST_PATTERN}. The injected
+ * {@link ReactiveClientRegistrationRepository} is then used to resolve the
+ * {@link ClientRegistration} and create the {@link OAuth2AuthorizationRequest}.
  *
  * @author Rob Winch
  * @author Mark Heckler
  * @since 5.1
  */
-public class DefaultServerOAuth2AuthorizationRequestResolver
-		implements ServerOAuth2AuthorizationRequestResolver {
+public class DefaultServerOAuth2AuthorizationRequestResolver implements ServerOAuth2AuthorizationRequestResolver {
 
 	/**
-	 * The name of the path variable that contains the {@link ClientRegistration#getRegistrationId()}
+	 * The name of the path variable that contains the
+	 * {@link ClientRegistration#getRegistrationId()}
 	 */
 	public static final String DEFAULT_REGISTRATION_ID_URI_VARIABLE_NAME = "registrationId";
 
 	/**
-	 * The default pattern used to resolve the {@link ClientRegistration#getRegistrationId()}
+	 * The default pattern used to resolve the
+	 * {@link ClientRegistration#getRegistrationId()}
 	 */
-	public static final String DEFAULT_AUTHORIZATION_REQUEST_PATTERN = "/oauth2/authorization/{" + DEFAULT_REGISTRATION_ID_URI_VARIABLE_NAME + "}";
+	public static final String DEFAULT_AUTHORIZATION_REQUEST_PATTERN = "/oauth2/authorization/{"
+			+ DEFAULT_REGISTRATION_ID_URI_VARIABLE_NAME + "}";
 
 	private static final char PATH_DELIMITER = '/';
 
@@ -80,26 +83,33 @@ public class DefaultServerOAuth2AuthorizationRequestResolver
 
 	private final StringKeyGenerator stateGenerator = new Base64StringKeyGenerator(Base64.getUrlEncoder());
 
-	private final StringKeyGenerator secureKeyGenerator = new Base64StringKeyGenerator(Base64.getUrlEncoder().withoutPadding(), 96);
+	private final StringKeyGenerator secureKeyGenerator = new Base64StringKeyGenerator(
+			Base64.getUrlEncoder().withoutPadding(), 96);
 
-	private Consumer<OAuth2AuthorizationRequest.Builder> authorizationRequestCustomizer = customizer -> {};
+	private Consumer<OAuth2AuthorizationRequest.Builder> authorizationRequestCustomizer = customizer -> {
+	};
 
 	/**
 	 * Creates a new instance
-	 * @param clientRegistrationRepository the repository to resolve the {@link ClientRegistration}
+	 * @param clientRegistrationRepository the repository to resolve the
+	 * {@link ClientRegistration}
 	 */
-	public DefaultServerOAuth2AuthorizationRequestResolver(ReactiveClientRegistrationRepository clientRegistrationRepository) {
-		this(clientRegistrationRepository, new PathPatternParserServerWebExchangeMatcher(
-				DEFAULT_AUTHORIZATION_REQUEST_PATTERN));
+	public DefaultServerOAuth2AuthorizationRequestResolver(
+			ReactiveClientRegistrationRepository clientRegistrationRepository) {
+		this(clientRegistrationRepository,
+				new PathPatternParserServerWebExchangeMatcher(DEFAULT_AUTHORIZATION_REQUEST_PATTERN));
 	}
 
 	/**
 	 * Creates a new instance
-	 * @param clientRegistrationRepository the repository to resolve the {@link ClientRegistration}
-	 * @param authorizationRequestMatcher the matcher that determines if the request is a match and extracts the
-	 * {@link #DEFAULT_REGISTRATION_ID_URI_VARIABLE_NAME} from the path variables.
+	 * @param clientRegistrationRepository the repository to resolve the
+	 * {@link ClientRegistration}
+	 * @param authorizationRequestMatcher the matcher that determines if the request is a
+	 * match and extracts the {@link #DEFAULT_REGISTRATION_ID_URI_VARIABLE_NAME} from the
+	 * path variables.
 	 */
-	public DefaultServerOAuth2AuthorizationRequestResolver(ReactiveClientRegistrationRepository clientRegistrationRepository,
+	public DefaultServerOAuth2AuthorizationRequestResolver(
+			ReactiveClientRegistrationRepository clientRegistrationRepository,
 			ServerWebExchangeMatcher authorizationRequestMatcher) {
 		Assert.notNull(clientRegistrationRepository, "clientRegistrationRepository cannot be null");
 		Assert.notNull(authorizationRequestMatcher, "authorizationRequestMatcher cannot be null");
@@ -109,36 +119,35 @@ public class DefaultServerOAuth2AuthorizationRequestResolver
 
 	@Override
 	public Mono<OAuth2AuthorizationRequest> resolve(ServerWebExchange exchange) {
-		return this.authorizationRequestMatcher.matches(exchange)
-				.filter(matchResult -> matchResult.isMatch())
+		return this.authorizationRequestMatcher.matches(exchange).filter(matchResult -> matchResult.isMatch())
 				.map(ServerWebExchangeMatcher.MatchResult::getVariables)
-				.map(variables -> variables.get(DEFAULT_REGISTRATION_ID_URI_VARIABLE_NAME))
-				.cast(String.class)
+				.map(variables -> variables.get(DEFAULT_REGISTRATION_ID_URI_VARIABLE_NAME)).cast(String.class)
 				.flatMap(clientRegistrationId -> resolve(exchange, clientRegistrationId));
 	}
 
 	@Override
-	public Mono<OAuth2AuthorizationRequest> resolve(ServerWebExchange exchange,
-			String clientRegistrationId) {
+	public Mono<OAuth2AuthorizationRequest> resolve(ServerWebExchange exchange, String clientRegistrationId) {
 		return this.findByRegistrationId(exchange, clientRegistrationId)
-			.map(clientRegistration -> authorizationRequest(exchange, clientRegistration));
+				.map(clientRegistration -> authorizationRequest(exchange, clientRegistration));
 	}
 
 	/**
-	 * Sets the {@code Consumer} to be provided the {@link OAuth2AuthorizationRequest.Builder}
-	 * allowing for further customizations.
+	 * Sets the {@code Consumer} to be provided the
+	 * {@link OAuth2AuthorizationRequest.Builder} allowing for further customizations.
 	 *
 	 * @since 5.3
-	 * @param authorizationRequestCustomizer the {@code Consumer} to be provided the {@link OAuth2AuthorizationRequest.Builder}
+	 * @param authorizationRequestCustomizer the {@code Consumer} to be provided the
+	 * {@link OAuth2AuthorizationRequest.Builder}
 	 */
-	public final void setAuthorizationRequestCustomizer(Consumer<OAuth2AuthorizationRequest.Builder> authorizationRequestCustomizer) {
+	public final void setAuthorizationRequestCustomizer(
+			Consumer<OAuth2AuthorizationRequest.Builder> authorizationRequestCustomizer) {
 		Assert.notNull(authorizationRequestCustomizer, "authorizationRequestCustomizer cannot be null");
 		this.authorizationRequestCustomizer = authorizationRequestCustomizer;
 	}
 
 	private Mono<ClientRegistration> findByRegistrationId(ServerWebExchange exchange, String clientRegistration) {
-		return this.clientRegistrationRepository.findByRegistrationId(clientRegistration)
-				.switchIfEmpty(Mono.error(() -> new ResponseStatusException(HttpStatus.BAD_REQUEST, "Invalid client registration id")));
+		return this.clientRegistrationRepository.findByRegistrationId(clientRegistration).switchIfEmpty(Mono
+				.error(() -> new ResponseStatusException(HttpStatus.BAD_REQUEST, "Invalid client registration id")));
 	}
 
 	private OAuth2AuthorizationRequest authorizationRequest(ServerWebExchange exchange,
@@ -152,31 +161,32 @@ public class DefaultServerOAuth2AuthorizationRequestResolver
 		if (AuthorizationGrantType.AUTHORIZATION_CODE.equals(clientRegistration.getAuthorizationGrantType())) {
 			builder = OAuth2AuthorizationRequest.authorizationCode();
 			Map<String, Object> additionalParameters = new HashMap<>();
-			if (!CollectionUtils.isEmpty(clientRegistration.getScopes()) &&
-					clientRegistration.getScopes().contains(OidcScopes.OPENID)) {
-				// Section 3.1.2.1 Authentication Request - https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
+			if (!CollectionUtils.isEmpty(clientRegistration.getScopes())
+					&& clientRegistration.getScopes().contains(OidcScopes.OPENID)) {
+				// Section 3.1.2.1 Authentication Request -
+				// https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
 				// scope
-				// 		REQUIRED. OpenID Connect requests MUST contain the "openid" scope value.
+				// REQUIRED. OpenID Connect requests MUST contain the "openid" scope
+				// value.
 				addNonceParameters(attributes, additionalParameters);
 			}
 			if (ClientAuthenticationMethod.NONE.equals(clientRegistration.getClientAuthenticationMethod())) {
 				addPkceParameters(attributes, additionalParameters);
 			}
 			builder.additionalParameters(additionalParameters);
-		} else if (AuthorizationGrantType.IMPLICIT.equals(clientRegistration.getAuthorizationGrantType())) {
+		}
+		else if (AuthorizationGrantType.IMPLICIT.equals(clientRegistration.getAuthorizationGrantType())) {
 			builder = OAuth2AuthorizationRequest.implicit();
-		} else {
+		}
+		else {
 			throw new IllegalArgumentException(
 					"Invalid Authorization Grant Type (" + clientRegistration.getAuthorizationGrantType().getValue()
 							+ ") for Client Registration with Id: " + clientRegistration.getRegistrationId());
 		}
-		builder
-				.clientId(clientRegistration.getClientId())
+		builder.clientId(clientRegistration.getClientId())
 				.authorizationUri(clientRegistration.getProviderDetails().getAuthorizationUri())
-				.redirectUri(redirectUriStr)
-				.scopes(clientRegistration.getScopes())
-				.state(this.stateGenerator.generateKey())
-				.attributes(attributes);
+				.redirectUri(redirectUriStr).scopes(clientRegistration.getScopes())
+				.state(this.stateGenerator.generateKey()).attributes(attributes);
 
 		this.authorizationRequestCustomizer.accept(builder);
 
@@ -184,7 +194,8 @@ public class DefaultServerOAuth2AuthorizationRequestResolver
 	}
 
 	/**
-	 * Expands the {@link ClientRegistration#getRedirectUri()} with following provided variables:<br/>
+	 * Expands the {@link ClientRegistration#getRedirectUri()} with following provided
+	 * variables:<br/>
 	 * - baseUrl (e.g. https://localhost/app) <br/>
 	 * - baseScheme (e.g. https) <br/>
 	 * - baseHost (e.g. localhost) <br/>
@@ -195,8 +206,8 @@ public class DefaultServerOAuth2AuthorizationRequestResolver
 	 * <p/>
 	 * Null variables are provided as empty strings.
 	 * <p/>
-	 * Default redirectUri is: {@code org.springframework.security.config.oauth2.client.CommonOAuth2Provider#DEFAULT_REDIRECT_URL}
-	 *
+	 * Default redirectUri is:
+	 * {@code org.springframework.security.config.oauth2.client.CommonOAuth2Provider#DEFAULT_REDIRECT_URL}
 	 * @return expanded URI
 	 */
 	private static String expandRedirectUri(ServerHttpRequest request, ClientRegistration clientRegistration) {
@@ -204,10 +215,7 @@ public class DefaultServerOAuth2AuthorizationRequestResolver
 		uriVariables.put("registrationId", clientRegistration.getRegistrationId());
 
 		UriComponents uriComponents = UriComponentsBuilder.fromUri(request.getURI())
-				.replacePath(request.getPath().contextPath().value())
-				.replaceQuery(null)
-				.fragment(null)
-				.build();
+				.replacePath(request.getPath().contextPath().value()).replaceQuery(null).fragment(null).build();
 		String scheme = uriComponents.getScheme();
 		uriVariables.put("baseScheme", scheme == null ? "" : scheme);
 		String host = uriComponents.getHost();
@@ -230,19 +238,21 @@ public class DefaultServerOAuth2AuthorizationRequestResolver
 		}
 		uriVariables.put("action", action);
 
-		return UriComponentsBuilder.fromUriString(clientRegistration.getRedirectUri())
-				.buildAndExpand(uriVariables)
+		return UriComponentsBuilder.fromUriString(clientRegistration.getRedirectUri()).buildAndExpand(uriVariables)
 				.toUriString();
 	}
 
 	/**
 	 * Creates nonce and its hash for use in OpenID Connect 1.0 Authentication Requests.
-	 *
-	 * @param attributes where the {@link OidcParameterNames#NONCE} is stored for the authentication request
-	 * @param additionalParameters where the {@link OidcParameterNames#NONCE} hash is added for the authentication request
+	 * @param attributes where the {@link OidcParameterNames#NONCE} is stored for the
+	 * authentication request
+	 * @param additionalParameters where the {@link OidcParameterNames#NONCE} hash is
+	 * added for the authentication request
 	 *
 	 * @since 5.2
-	 * @see <a target="_blank" href="https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest">3.1.2.1.  Authentication Request</a>
+	 * @see <a target="_blank" href=
+	 * "https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest">3.1.2.1.
+	 * Authentication Request</a>
 	 */
 	private void addNonceParameters(Map<String, Object> attributes, Map<String, Object> additionalParameters) {
 		try {
@@ -250,20 +260,27 @@ public class DefaultServerOAuth2AuthorizationRequestResolver
 			String nonceHash = createHash(nonce);
 			attributes.put(OidcParameterNames.NONCE, nonce);
 			additionalParameters.put(OidcParameterNames.NONCE, nonceHash);
-		} catch (NoSuchAlgorithmException e) { }
+		}
+		catch (NoSuchAlgorithmException e) {
+		}
 	}
 
 	/**
-	 * Creates and adds additional PKCE parameters for use in the OAuth 2.0 Authorization and Access Token Requests
-	 *
-	 * @param attributes where {@link PkceParameterNames#CODE_VERIFIER} is stored for the token request
-	 * @param additionalParameters where {@link PkceParameterNames#CODE_CHALLENGE} and, usually,
-	 * {@link PkceParameterNames#CODE_CHALLENGE_METHOD} are added to be used in the authorization request.
+	 * Creates and adds additional PKCE parameters for use in the OAuth 2.0 Authorization
+	 * and Access Token Requests
+	 * @param attributes where {@link PkceParameterNames#CODE_VERIFIER} is stored for the
+	 * token request
+	 * @param additionalParameters where {@link PkceParameterNames#CODE_CHALLENGE} and,
+	 * usually, {@link PkceParameterNames#CODE_CHALLENGE_METHOD} are added to be used in
+	 * the authorization request.
 	 *
 	 * @since 5.2
-	 * @see <a target="_blank" href="https://tools.ietf.org/html/rfc7636#section-1.1">1.1.  Protocol Flow</a>
-	 * @see <a target="_blank" href="https://tools.ietf.org/html/rfc7636#section-4.1">4.1.  Client Creates a Code Verifier</a>
-	 * @see <a target="_blank" href="https://tools.ietf.org/html/rfc7636#section-4.2">4.2.  Client Creates the Code Challenge</a>
+	 * @see <a target="_blank" href="https://tools.ietf.org/html/rfc7636#section-1.1">1.1.
+	 * Protocol Flow</a>
+	 * @see <a target="_blank" href="https://tools.ietf.org/html/rfc7636#section-4.1">4.1.
+	 * Client Creates a Code Verifier</a>
+	 * @see <a target="_blank" href="https://tools.ietf.org/html/rfc7636#section-4.2">4.2.
+	 * Client Creates the Code Challenge</a>
 	 */
 	private void addPkceParameters(Map<String, Object> attributes, Map<String, Object> additionalParameters) {
 		String codeVerifier = this.secureKeyGenerator.generateKey();
@@ -272,7 +289,8 @@ public class DefaultServerOAuth2AuthorizationRequestResolver
 			String codeChallenge = createHash(codeVerifier);
 			additionalParameters.put(PkceParameterNames.CODE_CHALLENGE, codeChallenge);
 			additionalParameters.put(PkceParameterNames.CODE_CHALLENGE_METHOD, "S256");
-		} catch (NoSuchAlgorithmException e) {
+		}
+		catch (NoSuchAlgorithmException e) {
 			additionalParameters.put(PkceParameterNames.CODE_CHALLENGE, codeVerifier);
 		}
 	}
@@ -282,4 +300,5 @@ public class DefaultServerOAuth2AuthorizationRequestResolver
 		byte[] digest = md.digest(value.getBytes(StandardCharsets.US_ASCII));
 		return Base64.getUrlEncoder().withoutPadding().encodeToString(digest);
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationCodeGrantWebFilter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationCodeGrantWebFilter.java
index a8d10bff0e..30d860bff7 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationCodeGrantWebFilter.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationCodeGrantWebFilter.java
@@ -56,30 +56,29 @@ import java.util.Objects;
 import java.util.Set;
 
 /**
- * A {@code Filter} for the OAuth 2.0 Authorization Code Grant,
- * which handles the processing of the OAuth 2.0 Authorization Response.
+ * A {@code Filter} for the OAuth 2.0 Authorization Code Grant, which handles the
+ * processing of the OAuth 2.0 Authorization Response.
  *
  * <p>
  * The OAuth 2.0 Authorization Response is processed as follows:
  *
  * <ul>
- * <li>
- *	Assuming the End-User (Resource Owner) has granted access to the Client, the Authorization Server will append the
- *	{@link OAuth2ParameterNames#CODE code} and {@link OAuth2ParameterNames#STATE state} parameters
- *	to the {@link OAuth2ParameterNames#REDIRECT_URI redirect_uri} (provided in the Authorization Request)
- *	and redirect the End-User's user-agent back to this {@code Filter} (the Client).
- * </li>
- * <li>
- *  This {@code Filter} will then create an {@link OAuth2AuthorizationCodeAuthenticationToken} with
- *  the {@link OAuth2ParameterNames#CODE code} received and
- *  delegate it to the {@link ReactiveAuthenticationManager} to authenticate.
- * </li>
- * <li>
- *  Upon a successful authentication, an {@link OAuth2AuthorizedClient Authorized Client} is created by associating the
- *  {@link OAuth2AuthorizationCodeAuthenticationToken#getClientRegistration() client} to the
- *  {@link OAuth2AuthorizationCodeAuthenticationToken#getAccessToken() access token} and current {@code Principal}
- *  and saving it via the {@link ServerOAuth2AuthorizedClientRepository}.
- * </li>
+ * <li>Assuming the End-User (Resource Owner) has granted access to the Client, the
+ * Authorization Server will append the {@link OAuth2ParameterNames#CODE code} and
+ * {@link OAuth2ParameterNames#STATE state} parameters to the
+ * {@link OAuth2ParameterNames#REDIRECT_URI redirect_uri} (provided in the Authorization
+ * Request) and redirect the End-User's user-agent back to this {@code Filter} (the
+ * Client).</li>
+ * <li>This {@code Filter} will then create an
+ * {@link OAuth2AuthorizationCodeAuthenticationToken} with the
+ * {@link OAuth2ParameterNames#CODE code} received and delegate it to the
+ * {@link ReactiveAuthenticationManager} to authenticate.</li>
+ * <li>Upon a successful authentication, an {@link OAuth2AuthorizedClient Authorized
+ * Client} is created by associating the
+ * {@link OAuth2AuthorizationCodeAuthenticationToken#getClientRegistration() client} to
+ * the {@link OAuth2AuthorizationCodeAuthenticationToken#getAccessToken() access token}
+ * and current {@code Principal} and saving it via the
+ * {@link ServerOAuth2AuthorizedClientRepository}.</li>
  * </ul>
  *
  * @author Rob Winch
@@ -95,16 +94,19 @@ import java.util.Set;
  * @see ReactiveClientRegistrationRepository
  * @see OAuth2AuthorizedClient
  * @see ServerOAuth2AuthorizedClientRepository
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1">Section 4.1 Authorization Code Grant</a>
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1.2">Section 4.1.2 Authorization Response</a>
+ * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1">Section
+ * 4.1 Authorization Code Grant</a>
+ * @see <a target="_blank" href=
+ * "https://tools.ietf.org/html/rfc6749#section-4.1.2">Section 4.1.2 Authorization
+ * Response</a>
  */
 public class OAuth2AuthorizationCodeGrantWebFilter implements WebFilter {
+
 	private final ReactiveAuthenticationManager authenticationManager;
 
 	private final ServerOAuth2AuthorizedClientRepository authorizedClientRepository;
 
-	private ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository =
-			new WebSessionOAuth2ServerAuthorizationRequestRepository();
+	private ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository = new WebSessionOAuth2ServerAuthorizationRequestRepository();
 
 	private ServerAuthenticationSuccessHandler authenticationSuccessHandler;
 
@@ -119,10 +121,9 @@ public class OAuth2AuthorizationCodeGrantWebFilter implements WebFilter {
 	private ServerRequestCache requestCache = new WebSessionServerRequestCache();
 
 	private AnonymousAuthenticationToken anonymousToken = new AnonymousAuthenticationToken("key", "anonymous",
-					AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS"));
+			AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS"));
 
-	public OAuth2AuthorizationCodeGrantWebFilter(
-			ReactiveAuthenticationManager authenticationManager,
+	public OAuth2AuthorizationCodeGrantWebFilter(ReactiveAuthenticationManager authenticationManager,
 			ReactiveClientRegistrationRepository clientRegistrationRepository,
 			ServerOAuth2AuthorizedClientRepository authorizedClientRepository) {
 		Assert.notNull(authenticationManager, "authenticationManager cannot be null");
@@ -131,20 +132,18 @@ public class OAuth2AuthorizationCodeGrantWebFilter implements WebFilter {
 		this.authenticationManager = authenticationManager;
 		this.authorizedClientRepository = authorizedClientRepository;
 		this.requiresAuthenticationMatcher = this::matchesAuthorizationResponse;
-		ServerOAuth2AuthorizationCodeAuthenticationTokenConverter authenticationConverter =
-				new ServerOAuth2AuthorizationCodeAuthenticationTokenConverter(clientRegistrationRepository);
+		ServerOAuth2AuthorizationCodeAuthenticationTokenConverter authenticationConverter = new ServerOAuth2AuthorizationCodeAuthenticationTokenConverter(
+				clientRegistrationRepository);
 		authenticationConverter.setAuthorizationRequestRepository(this.authorizationRequestRepository);
 		this.authenticationConverter = authenticationConverter;
 		this.defaultAuthenticationConverter = true;
-		RedirectServerAuthenticationSuccessHandler authenticationSuccessHandler =
-				new RedirectServerAuthenticationSuccessHandler();
+		RedirectServerAuthenticationSuccessHandler authenticationSuccessHandler = new RedirectServerAuthenticationSuccessHandler();
 		authenticationSuccessHandler.setRequestCache(this.requestCache);
 		this.authenticationSuccessHandler = authenticationSuccessHandler;
 		this.authenticationFailureHandler = (webFilterExchange, exception) -> Mono.error(exception);
 	}
 
-	public OAuth2AuthorizationCodeGrantWebFilter(
-			ReactiveAuthenticationManager authenticationManager,
+	public OAuth2AuthorizationCodeGrantWebFilter(ReactiveAuthenticationManager authenticationManager,
 			ServerAuthenticationConverter authenticationConverter,
 			ServerOAuth2AuthorizedClientRepository authorizedClientRepository) {
 		Assert.notNull(authenticationManager, "authenticationManager cannot be null");
@@ -154,19 +153,19 @@ public class OAuth2AuthorizationCodeGrantWebFilter implements WebFilter {
 		this.authorizedClientRepository = authorizedClientRepository;
 		this.requiresAuthenticationMatcher = this::matchesAuthorizationResponse;
 		this.authenticationConverter = authenticationConverter;
-		RedirectServerAuthenticationSuccessHandler authenticationSuccessHandler =
-				new RedirectServerAuthenticationSuccessHandler();
+		RedirectServerAuthenticationSuccessHandler authenticationSuccessHandler = new RedirectServerAuthenticationSuccessHandler();
 		authenticationSuccessHandler.setRequestCache(this.requestCache);
 		this.authenticationSuccessHandler = authenticationSuccessHandler;
 		this.authenticationFailureHandler = (webFilterExchange, exception) -> Mono.error(exception);
 	}
 
 	/**
-	 * Sets the repository used for storing {@link OAuth2AuthorizationRequest}'s.
-	 * The default is {@link WebSessionOAuth2ServerAuthorizationRequestRepository}.
+	 * Sets the repository used for storing {@link OAuth2AuthorizationRequest}'s. The
+	 * default is {@link WebSessionOAuth2ServerAuthorizationRequestRepository}.
 	 *
 	 * @since 5.2
-	 * @param authorizationRequestRepository the repository used for storing {@link OAuth2AuthorizationRequest}'s
+	 * @param authorizationRequestRepository the repository used for storing
+	 * {@link OAuth2AuthorizationRequest}'s
 	 */
 	public final void setAuthorizationRequestRepository(
 			ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository) {
@@ -183,11 +182,13 @@ public class OAuth2AuthorizationCodeGrantWebFilter implements WebFilter {
 	}
 
 	/**
-	 * Sets the {@link ServerRequestCache} used for loading a previously saved request (if available)
-	 * and replaying it after completing the processing of the OAuth 2.0 Authorization Response.
+	 * Sets the {@link ServerRequestCache} used for loading a previously saved request (if
+	 * available) and replaying it after completing the processing of the OAuth 2.0
+	 * Authorization Response.
 	 *
 	 * @since 5.4
-	 * @param requestCache the cache used for loading a previously saved request (if available)
+	 * @param requestCache the cache used for loading a previously saved request (if
+	 * available)
 	 */
 	public final void setRequestCache(ServerRequestCache requestCache) {
 		Assert.notNull(requestCache, "requestCache cannot be null");
@@ -196,17 +197,17 @@ public class OAuth2AuthorizationCodeGrantWebFilter implements WebFilter {
 	}
 
 	private void updateDefaultAuthenticationSuccessHandler() {
-		((RedirectServerAuthenticationSuccessHandler) this.authenticationSuccessHandler).setRequestCache(this.requestCache);
+		((RedirectServerAuthenticationSuccessHandler) this.authenticationSuccessHandler)
+				.setRequestCache(this.requestCache);
 	}
 
 	@Override
 	public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
 		return this.requiresAuthenticationMatcher.matches(exchange)
 				.filter(ServerWebExchangeMatcher.MatchResult::isMatch)
-				.flatMap(matchResult ->
-						this.authenticationConverter.convert(exchange)
-								.onErrorMap(OAuth2AuthorizationException.class, e -> new OAuth2AuthenticationException(
-										e.getError(), e.getError().toString())))
+				.flatMap(matchResult -> this.authenticationConverter.convert(exchange).onErrorMap(
+						OAuth2AuthorizationException.class,
+						e -> new OAuth2AuthenticationException(e.getError(), e.getError().toString())))
 				.switchIfEmpty(chain.filter(exchange).then(Mono.empty()))
 				.flatMap(token -> authenticate(exchange, chain, token))
 				.onErrorResume(AuthenticationException.class, e -> this.authenticationFailureHandler
@@ -216,59 +217,58 @@ public class OAuth2AuthorizationCodeGrantWebFilter implements WebFilter {
 	private Mono<Void> authenticate(ServerWebExchange exchange, WebFilterChain chain, Authentication token) {
 		WebFilterExchange webFilterExchange = new WebFilterExchange(exchange, chain);
 		return this.authenticationManager.authenticate(token)
-				.onErrorMap(OAuth2AuthorizationException.class, e -> new OAuth2AuthenticationException(
-						e.getError(), e.getError().toString()))
-				.switchIfEmpty(Mono.defer(() -> Mono.error(new IllegalStateException("No provider found for " + token.getClass()))))
+				.onErrorMap(OAuth2AuthorizationException.class,
+						e -> new OAuth2AuthenticationException(e.getError(), e.getError().toString()))
+				.switchIfEmpty(Mono.defer(
+						() -> Mono.error(new IllegalStateException("No provider found for " + token.getClass()))))
 				.flatMap(authentication -> onAuthenticationSuccess(authentication, webFilterExchange))
-				.onErrorResume(AuthenticationException.class, e -> this.authenticationFailureHandler
-						.onAuthenticationFailure(webFilterExchange, e));
+				.onErrorResume(AuthenticationException.class,
+						e -> this.authenticationFailureHandler.onAuthenticationFailure(webFilterExchange, e));
 	}
 
 	private Mono<Void> onAuthenticationSuccess(Authentication authentication, WebFilterExchange webFilterExchange) {
 		OAuth2AuthorizationCodeAuthenticationToken authenticationResult = (OAuth2AuthorizationCodeAuthenticationToken) authentication;
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(
-				authenticationResult.getClientRegistration(),
-				authenticationResult.getName(),
-				authenticationResult.getAccessToken(),
-				authenticationResult.getRefreshToken());
-		return this.authenticationSuccessHandler
-					.onAuthenticationSuccess(webFilterExchange, authentication)
-					.then(ReactiveSecurityContextHolder.getContext()
-							.map(SecurityContext::getAuthentication)
-							.defaultIfEmpty(this.anonymousToken)
-							.flatMap(principal -> this.authorizedClientRepository.saveAuthorizedClient(authorizedClient, principal, webFilterExchange.getExchange()))
-					);
+				authenticationResult.getClientRegistration(), authenticationResult.getName(),
+				authenticationResult.getAccessToken(), authenticationResult.getRefreshToken());
+		return this.authenticationSuccessHandler.onAuthenticationSuccess(webFilterExchange, authentication)
+				.then(ReactiveSecurityContextHolder.getContext().map(SecurityContext::getAuthentication)
+						.defaultIfEmpty(this.anonymousToken).flatMap(principal -> this.authorizedClientRepository
+								.saveAuthorizedClient(authorizedClient, principal, webFilterExchange.getExchange())));
 	}
 
 	private Mono<ServerWebExchangeMatcher.MatchResult> matchesAuthorizationResponse(ServerWebExchange exchange) {
-		return Mono.just(exchange)
-				.filter(exch -> OAuth2AuthorizationResponseUtils.isAuthorizationResponse(exch.getRequest().getQueryParams()))
+		return Mono.just(exchange).filter(
+				exch -> OAuth2AuthorizationResponseUtils.isAuthorizationResponse(exch.getRequest().getQueryParams()))
 				.flatMap(exch -> this.authorizationRequestRepository.loadAuthorizationRequest(exchange)
-						.flatMap(authorizationRequest ->
-								matchesRedirectUri(exch.getRequest().getURI(), authorizationRequest.getRedirectUri())))
+						.flatMap(authorizationRequest -> matchesRedirectUri(exch.getRequest().getURI(),
+								authorizationRequest.getRedirectUri())))
 				.switchIfEmpty(ServerWebExchangeMatcher.MatchResult.notMatch());
 	}
 
-	private static Mono<ServerWebExchangeMatcher.MatchResult> matchesRedirectUri(
-			URI authorizationResponseUri, String authorizationRequestRedirectUri) {
+	private static Mono<ServerWebExchangeMatcher.MatchResult> matchesRedirectUri(URI authorizationResponseUri,
+			String authorizationRequestRedirectUri) {
 		UriComponents requestUri = UriComponentsBuilder.fromUri(authorizationResponseUri).build();
 		UriComponents redirectUri = UriComponentsBuilder.fromUriString(authorizationRequestRedirectUri).build();
-		Set<Map.Entry<String, List<String>>> requestUriParameters =
-				new LinkedHashSet<>(requestUri.getQueryParams().entrySet());
-		Set<Map.Entry<String, List<String>>> redirectUriParameters =
-				new LinkedHashSet<>(redirectUri.getQueryParams().entrySet());
-		// Remove the additional request parameters (if any) from the authorization response (request)
-		// before doing an exact comparison with the authorizationRequest.getRedirectUri() parameters (if any)
+		Set<Map.Entry<String, List<String>>> requestUriParameters = new LinkedHashSet<>(
+				requestUri.getQueryParams().entrySet());
+		Set<Map.Entry<String, List<String>>> redirectUriParameters = new LinkedHashSet<>(
+				redirectUri.getQueryParams().entrySet());
+		// Remove the additional request parameters (if any) from the authorization
+		// response (request)
+		// before doing an exact comparison with the authorizationRequest.getRedirectUri()
+		// parameters (if any)
 		requestUriParameters.retainAll(redirectUriParameters);
 
-		if (Objects.equals(requestUri.getScheme(), redirectUri.getScheme()) &&
-				Objects.equals(requestUri.getUserInfo(), redirectUri.getUserInfo()) &&
-				Objects.equals(requestUri.getHost(), redirectUri.getHost()) &&
-				Objects.equals(requestUri.getPort(), redirectUri.getPort()) &&
-				Objects.equals(requestUri.getPath(), redirectUri.getPath()) &&
-				Objects.equals(requestUriParameters.toString(), redirectUriParameters.toString())) {
+		if (Objects.equals(requestUri.getScheme(), redirectUri.getScheme())
+				&& Objects.equals(requestUri.getUserInfo(), redirectUri.getUserInfo())
+				&& Objects.equals(requestUri.getHost(), redirectUri.getHost())
+				&& Objects.equals(requestUri.getPort(), redirectUri.getPort())
+				&& Objects.equals(requestUri.getPath(), redirectUri.getPath())
+				&& Objects.equals(requestUriParameters.toString(), redirectUriParameters.toString())) {
 			return ServerWebExchangeMatcher.MatchResult.match();
 		}
 		return ServerWebExchangeMatcher.MatchResult.notMatch();
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationRequestRedirectWebFilter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationRequestRedirectWebFilter.java
index 907ebdfffb..0c2cfd56ed 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationRequestRedirectWebFilter.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationRequestRedirectWebFilter.java
@@ -36,22 +36,23 @@ import reactor.core.publisher.Mono;
 import java.net.URI;
 
 /**
- * This {@code WebFilter} initiates the authorization code grant or implicit grant flow
- * by redirecting the End-User's user-agent to the Authorization Server's Authorization Endpoint.
+ * This {@code WebFilter} initiates the authorization code grant or implicit grant flow by
+ * redirecting the End-User's user-agent to the Authorization Server's Authorization
+ * Endpoint.
  *
  * <p>
- * It builds the OAuth 2.0 Authorization Request,
- * which is used as the redirect {@code URI} to the Authorization Endpoint.
- * The redirect {@code URI} will include the client identifier, requested scope(s), state,
- * response type, and a redirection URI which the authorization server will send the user-agent back to
- * once access is granted (or denied) by the End-User (Resource Owner).
+ * It builds the OAuth 2.0 Authorization Request, which is used as the redirect
+ * {@code URI} to the Authorization Endpoint. The redirect {@code URI} will include the
+ * client identifier, requested scope(s), state, response type, and a redirection URI
+ * which the authorization server will send the user-agent back to once access is granted
+ * (or denied) by the End-User (Resource Owner).
  *
  * <p>
- * By default, this {@code Filter} responds to authorization requests
- * at the {@code URI} {@code /oauth2/authorization/{registrationId}}.
- * The {@code URI} template variable {@code {registrationId}} represents the
- * {@link ClientRegistration#getRegistrationId() registration identifier} of the client
- * that is used for initiating the OAuth 2.0 Authorization Request.
+ * By default, this {@code Filter} responds to authorization requests at the {@code URI}
+ * {@code /oauth2/authorization/{registrationId}}. The {@code URI} template variable
+ * {@code {registrationId}} represents the {@link ClientRegistration#getRegistrationId()
+ * registration identifier} of the client that is used for initiating the OAuth 2.0
+ * Authorization Request.
  *
  * @author Rob Winch
  * @since 5.1
@@ -59,41 +60,53 @@ import java.net.URI;
  * @see AuthorizationRequestRepository
  * @see ClientRegistration
  * @see ClientRegistrationRepository
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1">Section 4.1 Authorization Code Grant</a>
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1.1">Section 4.1.1 Authorization Request (Authorization Code)</a>
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.2">Section 4.2 Implicit Grant</a>
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.2.1">Section 4.2.1 Authorization Request (Implicit)</a>
+ * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1">Section
+ * 4.1 Authorization Code Grant</a>
+ * @see <a target="_blank" href=
+ * "https://tools.ietf.org/html/rfc6749#section-4.1.1">Section 4.1.1 Authorization Request
+ * (Authorization Code)</a>
+ * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.2">Section
+ * 4.2 Implicit Grant</a>
+ * @see <a target="_blank" href=
+ * "https://tools.ietf.org/html/rfc6749#section-4.2.1">Section 4.2.1 Authorization Request
+ * (Implicit)</a>
  */
 public class OAuth2AuthorizationRequestRedirectWebFilter implements WebFilter {
+
 	private final ServerRedirectStrategy authorizationRedirectStrategy = new DefaultServerRedirectStrategy();
+
 	private final ServerOAuth2AuthorizationRequestResolver authorizationRequestResolver;
-	private ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository =
-		new WebSessionOAuth2ServerAuthorizationRequestRepository();
+
+	private ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository = new WebSessionOAuth2ServerAuthorizationRequestRepository();
+
 	private ServerRequestCache requestCache = new WebSessionServerRequestCache();
 
 	/**
-	 * Constructs an {@code OAuth2AuthorizationRequestRedirectFilter} using the provided parameters.
-	 *
+	 * Constructs an {@code OAuth2AuthorizationRequestRedirectFilter} using the provided
+	 * parameters.
 	 * @param clientRegistrationRepository the repository of client registrations
 	 */
-	public OAuth2AuthorizationRequestRedirectWebFilter(ReactiveClientRegistrationRepository clientRegistrationRepository) {
-		this.authorizationRequestResolver = new DefaultServerOAuth2AuthorizationRequestResolver(clientRegistrationRepository);
+	public OAuth2AuthorizationRequestRedirectWebFilter(
+			ReactiveClientRegistrationRepository clientRegistrationRepository) {
+		this.authorizationRequestResolver = new DefaultServerOAuth2AuthorizationRequestResolver(
+				clientRegistrationRepository);
 	}
 
 	/**
-	 * Constructs an {@code OAuth2AuthorizationRequestRedirectFilter} using the provided parameters.
-	 *
+	 * Constructs an {@code OAuth2AuthorizationRequestRedirectFilter} using the provided
+	 * parameters.
 	 * @param authorizationRequestResolver the resolver to use
 	 */
-	public OAuth2AuthorizationRequestRedirectWebFilter(ServerOAuth2AuthorizationRequestResolver authorizationRequestResolver) {
+	public OAuth2AuthorizationRequestRedirectWebFilter(
+			ServerOAuth2AuthorizationRequestResolver authorizationRequestResolver) {
 		Assert.notNull(authorizationRequestResolver, "authorizationRequestResolver cannot be null");
 		this.authorizationRequestResolver = authorizationRequestResolver;
 	}
 
 	/**
 	 * Sets the repository used for storing {@link OAuth2AuthorizationRequest}'s.
-	 *
-	 * @param authorizationRequestRepository the repository used for storing {@link OAuth2AuthorizationRequest}'s
+	 * @param authorizationRequestRepository the repository used for storing
+	 * {@link OAuth2AuthorizationRequest}'s
 	 */
 	public final void setAuthorizationRequestRepository(
 			ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository) {
@@ -113,10 +126,11 @@ public class OAuth2AuthorizationRequestRedirectWebFilter implements WebFilter {
 	@Override
 	public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
 		return this.authorizationRequestResolver.resolve(exchange)
-			.switchIfEmpty(chain.filter(exchange).then(Mono.empty()))
-			.onErrorResume(ClientAuthorizationRequiredException.class, e -> this.requestCache.saveRequest(exchange)
-				.then(this.authorizationRequestResolver.resolve(exchange, e.getClientRegistrationId())))
-			.flatMap(clientRegistration -> sendRedirectForAuthorization(exchange, clientRegistration));
+				.switchIfEmpty(chain.filter(exchange).then(Mono.empty()))
+				.onErrorResume(ClientAuthorizationRequiredException.class,
+						e -> this.requestCache.saveRequest(exchange)
+								.then(this.authorizationRequestResolver.resolve(exchange, e.getClientRegistrationId())))
+				.flatMap(clientRegistration -> sendRedirectForAuthorization(exchange, clientRegistration));
 	}
 
 	private Mono<Void> sendRedirectForAuthorization(ServerWebExchange exchange,
@@ -128,11 +142,11 @@ public class OAuth2AuthorizationRequestRedirectWebFilter implements WebFilter {
 						.saveAuthorizationRequest(authorizationRequest, exchange);
 			}
 
-			URI redirectUri = UriComponentsBuilder
-					.fromUriString(authorizationRequest.getAuthorizationRequestUri())
+			URI redirectUri = UriComponentsBuilder.fromUriString(authorizationRequest.getAuthorizationRequestUri())
 					.build(true).toUri();
 			return saveAuthorizationRequest
 					.then(this.authorizationRedirectStrategy.sendRedirect(exchange, redirectUri));
 		});
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationResponseUtils.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationResponseUtils.java
index 423c785302..f14e0898f5 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationResponseUtils.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationResponseUtils.java
@@ -52,13 +52,13 @@ final class OAuth2AuthorizationResponseUtils {
 	}
 
 	static boolean isAuthorizationResponseSuccess(MultiValueMap<String, String> request) {
-		return StringUtils.hasText(request.getFirst(OAuth2ParameterNames.CODE)) &&
-			StringUtils.hasText(request.getFirst(OAuth2ParameterNames.STATE));
+		return StringUtils.hasText(request.getFirst(OAuth2ParameterNames.CODE))
+				&& StringUtils.hasText(request.getFirst(OAuth2ParameterNames.STATE));
 	}
 
 	static boolean isAuthorizationResponseError(MultiValueMap<String, String> request) {
-		return StringUtils.hasText(request.getFirst(OAuth2ParameterNames.ERROR)) &&
-			StringUtils.hasText(request.getFirst(OAuth2ParameterNames.STATE));
+		return StringUtils.hasText(request.getFirst(OAuth2ParameterNames.ERROR))
+				&& StringUtils.hasText(request.getFirst(OAuth2ParameterNames.STATE));
 	}
 
 	static OAuth2AuthorizationResponse convert(MultiValueMap<String, String> request, String redirectUri) {
@@ -67,19 +67,14 @@ final class OAuth2AuthorizationResponseUtils {
 		String state = request.getFirst(OAuth2ParameterNames.STATE);
 
 		if (StringUtils.hasText(code)) {
-			return OAuth2AuthorizationResponse.success(code)
-				.redirectUri(redirectUri)
-				.state(state)
-				.build();
-		} else {
+			return OAuth2AuthorizationResponse.success(code).redirectUri(redirectUri).state(state).build();
+		}
+		else {
 			String errorDescription = request.getFirst(OAuth2ParameterNames.ERROR_DESCRIPTION);
 			String errorUri = request.getFirst(OAuth2ParameterNames.ERROR_URI);
-			return OAuth2AuthorizationResponse.error(errorCode)
-				.redirectUri(redirectUri)
-				.errorDescription(errorDescription)
-				.errorUri(errorUri)
-				.state(state)
-				.build();
+			return OAuth2AuthorizationResponse.error(errorCode).redirectUri(redirectUri)
+					.errorDescription(errorDescription).errorUri(errorUri).state(state).build();
 		}
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/ServerAuthorizationRequestRepository.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/ServerAuthorizationRequestRepository.java
index ee180a8faf..b102117a97 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/ServerAuthorizationRequestRepository.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/ServerAuthorizationRequestRepository.java
@@ -25,48 +25,46 @@ import org.springframework.web.server.ServerWebExchange;
 import reactor.core.publisher.Mono;
 
 /**
- * Implementations of this interface are responsible for the persistence
- * of {@link OAuth2AuthorizationRequest} between requests.
+ * Implementations of this interface are responsible for the persistence of
+ * {@link OAuth2AuthorizationRequest} between requests.
  *
  * <p>
- * Used by the {@link OAuth2AuthorizationRequestRedirectFilter} for persisting the Authorization Request
- * before it initiates the authorization code grant flow.
- * As well, used by the {@link OAuth2LoginAuthenticationFilter} for resolving
- * the associated Authorization Request when handling the callback of the Authorization Response.
+ * Used by the {@link OAuth2AuthorizationRequestRedirectFilter} for persisting the
+ * Authorization Request before it initiates the authorization code grant flow. As well,
+ * used by the {@link OAuth2LoginAuthenticationFilter} for resolving the associated
+ * Authorization Request when handling the callback of the Authorization Response.
  *
  * @author Rob Winch
  * @since 5.1
  * @see OAuth2AuthorizationRequest
  * @see HttpSessionOAuth2AuthorizationRequestRepository
- *
  * @param <T> The type of OAuth 2.0 Authorization Request
  */
 public interface ServerAuthorizationRequestRepository<T extends OAuth2AuthorizationRequest> {
 
 	/**
-	 * Returns the {@link OAuth2AuthorizationRequest} associated to the provided {@code HttpServletRequest}
-	 * or {@code null} if not available.
-	 *
+	 * Returns the {@link OAuth2AuthorizationRequest} associated to the provided
+	 * {@code HttpServletRequest} or {@code null} if not available.
 	 * @param exchange the {@code ServerWebExchange}
 	 * @return the {@link OAuth2AuthorizationRequest} or {@code null} if not available
 	 */
 	Mono<T> loadAuthorizationRequest(ServerWebExchange exchange);
 
 	/**
-	 * Persists the {@link OAuth2AuthorizationRequest} associating it to
-	 * the provided {@code HttpServletRequest} and/or {@code HttpServletResponse}.
-	 *
+	 * Persists the {@link OAuth2AuthorizationRequest} associating it to the provided
+	 * {@code HttpServletRequest} and/or {@code HttpServletResponse}.
 	 * @param authorizationRequest the {@link OAuth2AuthorizationRequest}
-	 * @param exchange             the {@code ServerWebExchange}
+	 * @param exchange the {@code ServerWebExchange}
 	 */
 	Mono<Void> saveAuthorizationRequest(T authorizationRequest, ServerWebExchange exchange);
 
 	/**
 	 * Removes and returns the {@link OAuth2AuthorizationRequest} associated to the
 	 * provided {@code HttpServletRequest} or if not available returns {@code null}.
-	 *
 	 * @param exchange the {@code ServerWebExchange}
-	 * @return the removed {@link OAuth2AuthorizationRequest} or {@code null} if not available
+	 * @return the removed {@link OAuth2AuthorizationRequest} or {@code null} if not
+	 * available
 	 */
 	Mono<T> removeAuthorizationRequest(ServerWebExchange exchange);
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizationCodeAuthenticationTokenConverter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizationCodeAuthenticationTokenConverter.java
index 6ff9d34fd1..36da4d9696 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizationCodeAuthenticationTokenConverter.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizationCodeAuthenticationTokenConverter.java
@@ -32,21 +32,21 @@ import org.springframework.web.util.UriComponentsBuilder;
 import reactor.core.publisher.Mono;
 
 /**
- * Converts from a {@link ServerWebExchange} to an {@link OAuth2AuthorizationCodeAuthenticationToken} that can be authenticated. The
+ * Converts from a {@link ServerWebExchange} to an
+ * {@link OAuth2AuthorizationCodeAuthenticationToken} that can be authenticated. The
  * converter does not validate any errors it only performs a conversion.
+ *
  * @author Rob Winch
  * @since 5.1
  * @see org.springframework.security.web.server.authentication.AuthenticationWebFilter#setServerAuthenticationConverter(ServerAuthenticationConverter)
  */
-public class ServerOAuth2AuthorizationCodeAuthenticationTokenConverter
-		implements ServerAuthenticationConverter {
+public class ServerOAuth2AuthorizationCodeAuthenticationTokenConverter implements ServerAuthenticationConverter {
 
 	static final String AUTHORIZATION_REQUEST_NOT_FOUND_ERROR_CODE = "authorization_request_not_found";
 
 	static final String CLIENT_REGISTRATION_NOT_FOUND_ERROR_CODE = "client_registration_not_found";
 
-	private ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository =
-			new WebSessionOAuth2ServerAuthorizationRequestRepository();
+	private ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository = new WebSessionOAuth2ServerAuthorizationRequestRepository();
 
 	private final ReactiveClientRegistrationRepository clientRegistrationRepository;
 
@@ -70,8 +70,8 @@ public class ServerOAuth2AuthorizationCodeAuthenticationTokenConverter
 	@Override
 	public Mono<Authentication> convert(ServerWebExchange serverWebExchange) {
 		return this.authorizationRequestRepository.removeAuthorizationRequest(serverWebExchange)
-			.switchIfEmpty(oauth2AuthorizationException(AUTHORIZATION_REQUEST_NOT_FOUND_ERROR_CODE))
-			.flatMap(authorizationRequest -> authenticationRequest(serverWebExchange, authorizationRequest));
+				.switchIfEmpty(oauth2AuthorizationException(AUTHORIZATION_REQUEST_NOT_FOUND_ERROR_CODE))
+				.flatMap(authorizationRequest -> authenticationRequest(serverWebExchange, authorizationRequest));
 	}
 
 	private <T> Mono<T> oauth2AuthorizationException(String errorCode) {
@@ -81,30 +81,27 @@ public class ServerOAuth2AuthorizationCodeAuthenticationTokenConverter
 		});
 	}
 
-	private Mono<OAuth2AuthorizationCodeAuthenticationToken> authenticationRequest(ServerWebExchange exchange, OAuth2AuthorizationRequest authorizationRequest) {
-		return Mono.just(authorizationRequest)
-				.map(OAuth2AuthorizationRequest::getAttributes)
-				.flatMap(attributes -> {
-					String id = (String) attributes.get(OAuth2ParameterNames.REGISTRATION_ID);
-					if (id == null) {
-						return oauth2AuthorizationException(CLIENT_REGISTRATION_NOT_FOUND_ERROR_CODE);
-					}
-					return this.clientRegistrationRepository.findByRegistrationId(id);
-				})
-				.switchIfEmpty(oauth2AuthorizationException(CLIENT_REGISTRATION_NOT_FOUND_ERROR_CODE))
+	private Mono<OAuth2AuthorizationCodeAuthenticationToken> authenticationRequest(ServerWebExchange exchange,
+			OAuth2AuthorizationRequest authorizationRequest) {
+		return Mono.just(authorizationRequest).map(OAuth2AuthorizationRequest::getAttributes).flatMap(attributes -> {
+			String id = (String) attributes.get(OAuth2ParameterNames.REGISTRATION_ID);
+			if (id == null) {
+				return oauth2AuthorizationException(CLIENT_REGISTRATION_NOT_FOUND_ERROR_CODE);
+			}
+			return this.clientRegistrationRepository.findByRegistrationId(id);
+		}).switchIfEmpty(oauth2AuthorizationException(CLIENT_REGISTRATION_NOT_FOUND_ERROR_CODE))
 				.map(clientRegistration -> {
 					OAuth2AuthorizationResponse authorizationResponse = convertResponse(exchange);
 					OAuth2AuthorizationCodeAuthenticationToken authenticationRequest = new OAuth2AuthorizationCodeAuthenticationToken(
-							clientRegistration, new OAuth2AuthorizationExchange(authorizationRequest, authorizationResponse));
+							clientRegistration,
+							new OAuth2AuthorizationExchange(authorizationRequest, authorizationResponse));
 					return authenticationRequest;
 				});
 	}
 
 	private static OAuth2AuthorizationResponse convertResponse(ServerWebExchange exchange) {
-		String redirectUri = UriComponentsBuilder.fromUri(exchange.getRequest().getURI())
-				.build()
-				.toUriString();
-		return OAuth2AuthorizationResponseUtils
-				.convert(exchange.getRequest().getQueryParams(), redirectUri);
+		String redirectUri = UriComponentsBuilder.fromUri(exchange.getRequest().getURI()).build().toUriString();
+		return OAuth2AuthorizationResponseUtils.convert(exchange.getRequest().getQueryParams(), redirectUri);
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizationRequestResolver.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizationRequestResolver.java
index e33d419b6e..b750bba16c 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizationRequestResolver.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizationRequestResolver.java
@@ -20,9 +20,10 @@ import org.springframework.web.server.ServerWebExchange;
 import reactor.core.publisher.Mono;
 
 /**
- * Implementations of this interface are capable of resolving
- * an {@link OAuth2AuthorizationRequest} from the provided {@code ServerWebExchange}.
- * Used by the {@link OAuth2AuthorizationRequestRedirectWebFilter} for resolving Authorization Requests.
+ * Implementations of this interface are capable of resolving an
+ * {@link OAuth2AuthorizationRequest} from the provided {@code ServerWebExchange}. Used by
+ * the {@link OAuth2AuthorizationRequestRedirectWebFilter} for resolving Authorization
+ * Requests.
  *
  * @author Rob Winch
  * @since 5.1
@@ -32,21 +33,21 @@ import reactor.core.publisher.Mono;
 public interface ServerOAuth2AuthorizationRequestResolver {
 
 	/**
-	 * Returns the {@link OAuth2AuthorizationRequest} resolved from
-	 * the provided {@code HttpServletRequest} or {@code null} if not available.
-	 *
+	 * Returns the {@link OAuth2AuthorizationRequest} resolved from the provided
+	 * {@code HttpServletRequest} or {@code null} if not available.
 	 * @param exchange the {@code ServerWebExchange}
-	 * @return the resolved {@link OAuth2AuthorizationRequest} or {@code null} if not available
+	 * @return the resolved {@link OAuth2AuthorizationRequest} or {@code null} if not
+	 * available
 	 */
 	Mono<OAuth2AuthorizationRequest> resolve(ServerWebExchange exchange);
 
 	/**
-	 * Returns the {@link OAuth2AuthorizationRequest} resolved from
-	 * the provided {@code HttpServletRequest} or {@code null} if not available.
-	 *
+	 * Returns the {@link OAuth2AuthorizationRequest} resolved from the provided
+	 * {@code HttpServletRequest} or {@code null} if not available.
 	 * @param exchange the {@code ServerWebExchange}
 	 * @param clientRegistrationId the client registration id
-	 * @return the resolved {@link OAuth2AuthorizationRequest} or {@code null} if not available
+	 * @return the resolved {@link OAuth2AuthorizationRequest} or {@code null} if not
+	 * available
 	 */
 	Mono<OAuth2AuthorizationRequest> resolve(ServerWebExchange exchange, String clientRegistrationId);
 
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizedClientRepository.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizedClientRepository.java
index 9491f71361..8c86b30bf5 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizedClientRepository.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizedClientRepository.java
@@ -23,15 +23,15 @@ import org.springframework.web.server.ServerWebExchange;
 import reactor.core.publisher.Mono;
 
 /**
- * Implementations of this interface are responsible for the persistence
- * of {@link OAuth2AuthorizedClient Authorized Client(s)} between requests.
+ * Implementations of this interface are responsible for the persistence of
+ * {@link OAuth2AuthorizedClient Authorized Client(s)} between requests.
  *
  * <p>
- * The primary purpose of an {@link OAuth2AuthorizedClient Authorized Client}
- * is to associate an {@link OAuth2AuthorizedClient#getAccessToken() Access Token} credential
- * to a {@link OAuth2AuthorizedClient#getClientRegistration() Client} and Resource Owner,
- * who is the {@link OAuth2AuthorizedClient#getPrincipalName() Principal}
- * that originally granted the authorization.
+ * The primary purpose of an {@link OAuth2AuthorizedClient Authorized Client} is to
+ * associate an {@link OAuth2AuthorizedClient#getAccessToken() Access Token} credential to
+ * a {@link OAuth2AuthorizedClient#getClientRegistration() Client} and Resource Owner, who
+ * is the {@link OAuth2AuthorizedClient#getPrincipalName() Principal} that originally
+ * granted the authorization.
  *
  * @author Rob Winch
  * @since 5.1
@@ -43,10 +43,9 @@ import reactor.core.publisher.Mono;
 public interface ServerOAuth2AuthorizedClientRepository {
 
 	/**
-	 * Returns the {@link OAuth2AuthorizedClient} associated to the
-	 * provided client registration identifier and End-User {@link Authentication} (Resource Owner)
-	 * or {@code null} if not available.
-	 *
+	 * Returns the {@link OAuth2AuthorizedClient} associated to the provided client
+	 * registration identifier and End-User {@link Authentication} (Resource Owner) or
+	 * {@code null} if not available.
 	 * @param clientRegistrationId the identifier for the client's registration
 	 * @param principal the End-User {@link Authentication} (Resource Owner)
 	 * @param exchange the {@code ServerWebExchange}
@@ -57,20 +56,18 @@ public interface ServerOAuth2AuthorizedClientRepository {
 			Authentication principal, ServerWebExchange exchange);
 
 	/**
-	 * Saves the {@link OAuth2AuthorizedClient} associating it to
-	 * the provided End-User {@link Authentication} (Resource Owner).
-	 *
+	 * Saves the {@link OAuth2AuthorizedClient} associating it to the provided End-User
+	 * {@link Authentication} (Resource Owner).
 	 * @param authorizedClient the authorized client
 	 * @param principal the End-User {@link Authentication} (Resource Owner)
 	 * @param exchange the {@code ServerWebExchange}
 	 */
-	Mono<Void> saveAuthorizedClient(OAuth2AuthorizedClient authorizedClient,
-			Authentication principal, ServerWebExchange exchange);
+	Mono<Void> saveAuthorizedClient(OAuth2AuthorizedClient authorizedClient, Authentication principal,
+			ServerWebExchange exchange);
 
 	/**
-	 * Removes the {@link OAuth2AuthorizedClient} associated to the
-	 * provided client registration identifier and End-User {@link Authentication} (Resource Owner).
-	 *
+	 * Removes the {@link OAuth2AuthorizedClient} associated to the provided client
+	 * registration identifier and End-User {@link Authentication} (Resource Owner).
 	 * @param clientRegistrationId the identifier for the client's registration
 	 * @param principal the End-User {@link Authentication} (Resource Owner)
 	 * @param exchange the {@code ServerWebExchange}
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/UnAuthenticatedServerOAuth2AuthorizedClientRepository.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/UnAuthenticatedServerOAuth2AuthorizedClientRepository.java
index 05356df521..e77a10b9b8 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/UnAuthenticatedServerOAuth2AuthorizedClientRepository.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/UnAuthenticatedServerOAuth2AuthorizedClientRepository.java
@@ -29,17 +29,19 @@ import java.util.Map;
 import java.util.concurrent.ConcurrentHashMap;
 
 /**
- * Provides support for an unauthenticated user. This is useful when running as a process with no
- * user associated to it. The implementation ensures that {@link ServerWebExchange} is null and that the
- * {@link Authentication} is either null or anonymous to prevent using it incorrectly.
- *
- * @deprecated Use {@link AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager} instead
+ * Provides support for an unauthenticated user. This is useful when running as a process
+ * with no user associated to it. The implementation ensures that
+ * {@link ServerWebExchange} is null and that the {@link Authentication} is either null or
+ * anonymous to prevent using it incorrectly.
  *
+ * @deprecated Use {@link AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager}
+ * instead
  * @author Rob Winch
  * @since 5.1
  */
 @Deprecated
 public class UnAuthenticatedServerOAuth2AuthorizedClientRepository implements ServerOAuth2AuthorizedClientRepository {
+
 	private final AuthenticationTrustResolver trustResolver = new AuthenticationTrustResolverImpl();
 
 	private final Map<String, OAuth2AuthorizedClient> clientRegistrationIdToAuthorizedClient = new ConcurrentHashMap<>();
@@ -55,9 +57,8 @@ public class UnAuthenticatedServerOAuth2AuthorizedClientRepository implements Se
 	}
 
 	@Override
-	public Mono<Void> saveAuthorizedClient(
-			OAuth2AuthorizedClient authorizedClient,
-			Authentication authentication, ServerWebExchange serverWebExchange) {
+	public Mono<Void> saveAuthorizedClient(OAuth2AuthorizedClient authorizedClient, Authentication authentication,
+			ServerWebExchange serverWebExchange) {
 		Assert.notNull(authorizedClient, "authorizedClient cannot be null");
 		Assert.isNull(serverWebExchange, "serverWebExchange must be null");
 		Assert.isTrue(isUnauthenticated(authentication), "The user " + authentication + " should not be authenticated");
@@ -79,4 +80,5 @@ public class UnAuthenticatedServerOAuth2AuthorizedClientRepository implements Se
 	private boolean isUnauthenticated(Authentication authentication) {
 		return authentication == null || this.trustResolver.isAnonymous(authentication);
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/WebSessionOAuth2ServerAuthorizationRequestRepository.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/WebSessionOAuth2ServerAuthorizationRequestRepository.java
index 2ad3026ca4..2422c80aaf 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/WebSessionOAuth2ServerAuthorizationRequestRepository.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/WebSessionOAuth2ServerAuthorizationRequestRepository.java
@@ -41,14 +41,13 @@ import reactor.core.publisher.Mono;
 public final class WebSessionOAuth2ServerAuthorizationRequestRepository
 		implements ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest> {
 
-	private static final String DEFAULT_AUTHORIZATION_REQUEST_ATTR_NAME =
-			WebSessionOAuth2ServerAuthorizationRequestRepository.class.getName() +  ".AUTHORIZATION_REQUEST";
+	private static final String DEFAULT_AUTHORIZATION_REQUEST_ATTR_NAME = WebSessionOAuth2ServerAuthorizationRequestRepository.class
+			.getName() + ".AUTHORIZATION_REQUEST";
 
 	private final String sessionAttributeName = DEFAULT_AUTHORIZATION_REQUEST_ATTR_NAME;
 
 	@Override
-	public Mono<OAuth2AuthorizationRequest> loadAuthorizationRequest(
-			ServerWebExchange exchange) {
+	public Mono<OAuth2AuthorizationRequest> loadAuthorizationRequest(ServerWebExchange exchange) {
 		String state = getStateParameter(exchange);
 		if (state == null) {
 			return Mono.empty();
@@ -59,42 +58,44 @@ public final class WebSessionOAuth2ServerAuthorizationRequestRepository
 	}
 
 	@Override
-	public Mono<Void> saveAuthorizationRequest(
-			OAuth2AuthorizationRequest authorizationRequest, ServerWebExchange exchange) {
+	public Mono<Void> saveAuthorizationRequest(OAuth2AuthorizationRequest authorizationRequest,
+			ServerWebExchange exchange) {
 		Assert.notNull(authorizationRequest, "authorizationRequest cannot be null");
 		return saveStateToAuthorizationRequest(exchange)
-				.doOnNext(stateToAuthorizationRequest -> stateToAuthorizationRequest.put(authorizationRequest.getState(), authorizationRequest))
+				.doOnNext(stateToAuthorizationRequest -> stateToAuthorizationRequest
+						.put(authorizationRequest.getState(), authorizationRequest))
 				.then();
 	}
 
 	@Override
-	public Mono<OAuth2AuthorizationRequest> removeAuthorizationRequest(
-			ServerWebExchange exchange) {
+	public Mono<OAuth2AuthorizationRequest> removeAuthorizationRequest(ServerWebExchange exchange) {
 		String state = getStateParameter(exchange);
 		if (state == null) {
 			return Mono.empty();
 		}
-		return exchange.getSession()
-			.map(WebSession::getAttributes)
-			.handle((sessionAttrs, sink) -> {
-				Map<String, OAuth2AuthorizationRequest> stateToAuthzRequest = sessionAttrsMapStateToAuthorizationRequest(sessionAttrs);
-				if (stateToAuthzRequest == null) {
-					sink.complete();
-					return;
-				}
-				OAuth2AuthorizationRequest removedValue = stateToAuthzRequest.remove(state);
-				if (stateToAuthzRequest.isEmpty()) {
-					sessionAttrs.remove(this.sessionAttributeName);
-				} else if (removedValue != null) {
-					// gh-7327 Overwrite the existing Map to ensure the state is saved for distributed sessions
-					sessionAttrs.put(this.sessionAttributeName, stateToAuthzRequest);
-				}
-				if (removedValue == null) {
-					sink.complete();
-				} else {
-					sink.next(removedValue);
-				}
-			});
+		return exchange.getSession().map(WebSession::getAttributes).handle((sessionAttrs, sink) -> {
+			Map<String, OAuth2AuthorizationRequest> stateToAuthzRequest = sessionAttrsMapStateToAuthorizationRequest(
+					sessionAttrs);
+			if (stateToAuthzRequest == null) {
+				sink.complete();
+				return;
+			}
+			OAuth2AuthorizationRequest removedValue = stateToAuthzRequest.remove(state);
+			if (stateToAuthzRequest.isEmpty()) {
+				sessionAttrs.remove(this.sessionAttributeName);
+			}
+			else if (removedValue != null) {
+				// gh-7327 Overwrite the existing Map to ensure the state is saved for
+				// distributed sessions
+				sessionAttrs.put(this.sessionAttributeName, stateToAuthzRequest);
+			}
+			if (removedValue == null) {
+				sink.complete();
+			}
+			else {
+				sink.next(removedValue);
+			}
+		});
 	}
 
 	/**
@@ -114,28 +115,30 @@ public final class WebSessionOAuth2ServerAuthorizationRequestRepository
 	private Mono<Map<String, OAuth2AuthorizationRequest>> getStateToAuthorizationRequest(ServerWebExchange exchange) {
 		Assert.notNull(exchange, "exchange cannot be null");
 
-		return getSessionAttributes(exchange)
-			.flatMap(sessionAttrs -> Mono.justOrEmpty(this.sessionAttrsMapStateToAuthorizationRequest(sessionAttrs)));
+		return getSessionAttributes(exchange).flatMap(
+				sessionAttrs -> Mono.justOrEmpty(this.sessionAttrsMapStateToAuthorizationRequest(sessionAttrs)));
 	}
 
 	private Mono<Map<String, OAuth2AuthorizationRequest>> saveStateToAuthorizationRequest(ServerWebExchange exchange) {
 		Assert.notNull(exchange, "exchange cannot be null");
 
-		return getSessionAttributes(exchange)
-			.doOnNext(sessionAttrs -> {
-				Object stateToAuthzRequest = sessionAttrs.get(this.sessionAttributeName);
+		return getSessionAttributes(exchange).doOnNext(sessionAttrs -> {
+			Object stateToAuthzRequest = sessionAttrs.get(this.sessionAttributeName);
 
-				if (stateToAuthzRequest == null) {
-					stateToAuthzRequest = new HashMap<String, OAuth2AuthorizationRequest>();
-				}
+			if (stateToAuthzRequest == null) {
+				stateToAuthzRequest = new HashMap<String, OAuth2AuthorizationRequest>();
+			}
 
-				// No matter stateToAuthzRequest was in session or not, we should always put it into session again
-				// in case of redis or hazelcast session. #6215
-				sessionAttrs.put(this.sessionAttributeName, stateToAuthzRequest);
-			}).flatMap(sessionAttrs -> Mono.justOrEmpty(this.sessionAttrsMapStateToAuthorizationRequest(sessionAttrs)));
+			// No matter stateToAuthzRequest was in session or not, we should always put
+			// it into session again
+			// in case of redis or hazelcast session. #6215
+			sessionAttrs.put(this.sessionAttributeName, stateToAuthzRequest);
+		}).flatMap(sessionAttrs -> Mono.justOrEmpty(this.sessionAttrsMapStateToAuthorizationRequest(sessionAttrs)));
 	}
 
-	private Map<String, OAuth2AuthorizationRequest> sessionAttrsMapStateToAuthorizationRequest(Map<String, Object> sessionAttrs) {
+	private Map<String, OAuth2AuthorizationRequest> sessionAttrsMapStateToAuthorizationRequest(
+			Map<String, Object> sessionAttrs) {
 		return (Map<String, OAuth2AuthorizationRequest>) sessionAttrs.get(this.sessionAttributeName);
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/WebSessionServerOAuth2AuthorizedClientRepository.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/WebSessionServerOAuth2AuthorizedClientRepository.java
index 2c3538e852..a066fb5399 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/WebSessionServerOAuth2AuthorizedClientRepository.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/WebSessionServerOAuth2AuthorizedClientRepository.java
@@ -35,21 +35,21 @@ import java.util.Map;
  * @see OAuth2AuthorizedClientRepository
  * @see OAuth2AuthorizedClient
  */
-public final class WebSessionServerOAuth2AuthorizedClientRepository
-		implements ServerOAuth2AuthorizedClientRepository {
-	private static final String DEFAULT_AUTHORIZED_CLIENTS_ATTR_NAME =
-			WebSessionServerOAuth2AuthorizedClientRepository.class.getName() +  ".AUTHORIZED_CLIENTS";
+public final class WebSessionServerOAuth2AuthorizedClientRepository implements ServerOAuth2AuthorizedClientRepository {
+
+	private static final String DEFAULT_AUTHORIZED_CLIENTS_ATTR_NAME = WebSessionServerOAuth2AuthorizedClientRepository.class
+			.getName() + ".AUTHORIZED_CLIENTS";
+
 	private final String sessionAttributeName = DEFAULT_AUTHORIZED_CLIENTS_ATTR_NAME;
 
 	@Override
 	@SuppressWarnings("unchecked")
-	public <T extends OAuth2AuthorizedClient> Mono<T> loadAuthorizedClient(String clientRegistrationId, Authentication principal,
-			ServerWebExchange exchange) {
+	public <T extends OAuth2AuthorizedClient> Mono<T> loadAuthorizedClient(String clientRegistrationId,
+			Authentication principal, ServerWebExchange exchange) {
 		Assert.hasText(clientRegistrationId, "clientRegistrationId cannot be empty");
 		Assert.notNull(exchange, "exchange cannot be null");
-		return exchange.getSession()
-			.map(this::getAuthorizedClients)
-			.flatMap(clients -> Mono.justOrEmpty((T) clients.get(clientRegistrationId)));
+		return exchange.getSession().map(this::getAuthorizedClients)
+				.flatMap(clients -> Mono.justOrEmpty((T) clients.get(clientRegistrationId)));
 	}
 
 	@Override
@@ -57,13 +57,11 @@ public final class WebSessionServerOAuth2AuthorizedClientRepository
 			ServerWebExchange exchange) {
 		Assert.notNull(authorizedClient, "authorizedClient cannot be null");
 		Assert.notNull(exchange, "exchange cannot be null");
-		return exchange.getSession()
-			.doOnSuccess(session -> {
-				Map<String, OAuth2AuthorizedClient> authorizedClients = getAuthorizedClients(session);
-				authorizedClients.put(authorizedClient.getClientRegistration().getRegistrationId(), authorizedClient);
-				session.getAttributes().put(this.sessionAttributeName, authorizedClients);
-			})
-			.then(Mono.empty());
+		return exchange.getSession().doOnSuccess(session -> {
+			Map<String, OAuth2AuthorizedClient> authorizedClients = getAuthorizedClients(session);
+			authorizedClients.put(authorizedClient.getClientRegistration().getRegistrationId(), authorizedClient);
+			session.getAttributes().put(this.sessionAttributeName, authorizedClients);
+		}).then(Mono.empty());
 	}
 
 	@Override
@@ -71,26 +69,26 @@ public final class WebSessionServerOAuth2AuthorizedClientRepository
 			ServerWebExchange exchange) {
 		Assert.hasText(clientRegistrationId, "clientRegistrationId cannot be empty");
 		Assert.notNull(exchange, "exchange cannot be null");
-		return exchange.getSession()
-			.doOnSuccess(session -> {
-				Map<String, OAuth2AuthorizedClient> authorizedClients = getAuthorizedClients(session);
-				authorizedClients.remove(clientRegistrationId);
-				if (authorizedClients.isEmpty()) {
-					session.getAttributes().remove(this.sessionAttributeName);
-				} else {
-					session.getAttributes().put(this.sessionAttributeName, authorizedClients);
-				}
-			})
-			.then(Mono.empty());
+		return exchange.getSession().doOnSuccess(session -> {
+			Map<String, OAuth2AuthorizedClient> authorizedClients = getAuthorizedClients(session);
+			authorizedClients.remove(clientRegistrationId);
+			if (authorizedClients.isEmpty()) {
+				session.getAttributes().remove(this.sessionAttributeName);
+			}
+			else {
+				session.getAttributes().put(this.sessionAttributeName, authorizedClients);
+			}
+		}).then(Mono.empty());
 	}
 
 	@SuppressWarnings("unchecked")
 	private Map<String, OAuth2AuthorizedClient> getAuthorizedClients(WebSession session) {
-		Map<String, OAuth2AuthorizedClient> authorizedClients = session == null ? null :
-				(Map<String, OAuth2AuthorizedClient>) session.getAttribute(this.sessionAttributeName);
+		Map<String, OAuth2AuthorizedClient> authorizedClients = session == null ? null
+				: (Map<String, OAuth2AuthorizedClient>) session.getAttribute(this.sessionAttributeName);
 		if (authorizedClients == null) {
 			authorizedClients = new HashMap<>();
 		}
 		return authorizedClients;
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/authentication/OAuth2LoginAuthenticationWebFilter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/authentication/OAuth2LoginAuthenticationWebFilter.java
index 9c3a2ba8f5..0c3fdc5a78 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/authentication/OAuth2LoginAuthenticationWebFilter.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/authentication/OAuth2LoginAuthenticationWebFilter.java
@@ -27,8 +27,9 @@ import org.springframework.util.Assert;
 import reactor.core.publisher.Mono;
 
 /**
- * A specialized {@link AuthenticationWebFilter} that converts from an {@link OAuth2LoginAuthenticationToken} to an
- * {@link OAuth2AuthenticationToken} and saves the {@link OAuth2AuthorizedClient}
+ * A specialized {@link AuthenticationWebFilter} that converts from an
+ * {@link OAuth2LoginAuthenticationToken} to an {@link OAuth2AuthenticationToken} and
+ * saves the {@link OAuth2AuthorizedClient}
  *
  * @author Rob Winch
  * @since 5.1
@@ -39,12 +40,10 @@ public class OAuth2LoginAuthenticationWebFilter extends AuthenticationWebFilter
 
 	/**
 	 * Creates an instance
-	 *
 	 * @param authenticationManager the authentication manager to use
 	 * @param authorizedClientRepository
 	 */
-	public OAuth2LoginAuthenticationWebFilter(
-			ReactiveAuthenticationManager authenticationManager,
+	public OAuth2LoginAuthenticationWebFilter(ReactiveAuthenticationManager authenticationManager,
 			ServerOAuth2AuthorizedClientRepository authorizedClientRepository) {
 		super(authenticationManager);
 		Assert.notNull(authorizedClientRepository, "authorizedClientService cannot be null");
@@ -52,19 +51,17 @@ public class OAuth2LoginAuthenticationWebFilter extends AuthenticationWebFilter
 	}
 
 	@Override
-	protected Mono<Void> onAuthenticationSuccess(Authentication authentication,
-			WebFilterExchange webFilterExchange) {
+	protected Mono<Void> onAuthenticationSuccess(Authentication authentication, WebFilterExchange webFilterExchange) {
 		OAuth2LoginAuthenticationToken authenticationResult = (OAuth2LoginAuthenticationToken) authentication;
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(
-				authenticationResult.getClientRegistration(),
-				authenticationResult.getName(),
-				authenticationResult.getAccessToken(),
-				authenticationResult.getRefreshToken());
-		OAuth2AuthenticationToken result =  new OAuth2AuthenticationToken(
-				authenticationResult.getPrincipal(),
+				authenticationResult.getClientRegistration(), authenticationResult.getName(),
+				authenticationResult.getAccessToken(), authenticationResult.getRefreshToken());
+		OAuth2AuthenticationToken result = new OAuth2AuthenticationToken(authenticationResult.getPrincipal(),
 				authenticationResult.getAuthorities(),
 				authenticationResult.getClientRegistration().getRegistrationId());
-		return this.authorizedClientRepository.saveAuthorizedClient(authorizedClient, authenticationResult, webFilterExchange.getExchange())
+		return this.authorizedClientRepository
+				.saveAuthorizedClient(authorizedClient, authenticationResult, webFilterExchange.getExchange())
 				.then(super.onAuthenticationSuccess(result, webFilterExchange));
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizationCodeOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizationCodeOAuth2AuthorizedClientProviderTests.java
index c393b9f323..921d3d03a4 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizationCodeOAuth2AuthorizedClientProviderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizationCodeOAuth2AuthorizedClientProviderTests.java
@@ -32,17 +32,21 @@ import static org.assertj.core.api.Assertions.assertThatThrownBy;
  * @author Joe Grandja
  */
 public class AuthorizationCodeOAuth2AuthorizedClientProviderTests {
+
 	private AuthorizationCodeOAuth2AuthorizedClientProvider authorizedClientProvider;
+
 	private ClientRegistration clientRegistration;
+
 	private OAuth2AuthorizedClient authorizedClient;
+
 	private Authentication principal;
 
 	@Before
 	public void setup() {
 		this.authorizedClientProvider = new AuthorizationCodeOAuth2AuthorizedClientProvider();
 		this.clientRegistration = TestClientRegistrations.clientRegistration().build();
-		this.authorizedClient = new OAuth2AuthorizedClient(
-				this.clientRegistration, "principal", TestOAuth2AccessTokens.scopes("read", "write"));
+		this.authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, "principal",
+				TestOAuth2AccessTokens.scopes("read", "write"));
 		this.principal = new TestingAuthenticationToken("principal", "password");
 	}
 
@@ -56,29 +60,24 @@ public class AuthorizationCodeOAuth2AuthorizedClientProviderTests {
 	public void authorizeWhenNotAuthorizationCodeThenUnableToAuthorize() {
 		ClientRegistration clientCredentialsClient = TestClientRegistrations.clientCredentials().build();
 
-		OAuth2AuthorizationContext authorizationContext =
-				OAuth2AuthorizationContext.withClientRegistration(clientCredentialsClient)
-						.principal(this.principal)
-						.build();
+		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
+				.withClientRegistration(clientCredentialsClient).principal(this.principal).build();
 		assertThat(this.authorizedClientProvider.authorize(authorizationContext)).isNull();
 	}
 
 	@Test
 	public void authorizeWhenAuthorizationCodeAndAuthorizedThenNotAuthorize() {
-		OAuth2AuthorizationContext authorizationContext =
-				OAuth2AuthorizationContext.withAuthorizedClient(this.authorizedClient)
-						.principal(this.principal)
-						.build();
+		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
+				.withAuthorizedClient(this.authorizedClient).principal(this.principal).build();
 		assertThat(this.authorizedClientProvider.authorize(authorizationContext)).isNull();
 	}
 
 	@Test
 	public void authorizeWhenAuthorizationCodeAndNotAuthorizedThenAuthorize() {
-		OAuth2AuthorizationContext authorizationContext =
-				OAuth2AuthorizationContext.withClientRegistration(this.clientRegistration)
-						.principal(this.principal)
-						.build();
+		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
+				.withClientRegistration(this.clientRegistration).principal(this.principal).build();
 		assertThatThrownBy(() -> this.authorizedClientProvider.authorize(authorizationContext))
 				.isInstanceOf(ClientAuthorizationRequiredException.class);
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizationCodeReactiveOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizationCodeReactiveOAuth2AuthorizedClientProviderTests.java
index 97bf724011..2e6d4ce9c9 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizationCodeReactiveOAuth2AuthorizedClientProviderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizationCodeReactiveOAuth2AuthorizedClientProviderTests.java
@@ -32,17 +32,21 @@ import static org.assertj.core.api.Assertions.assertThatThrownBy;
  * @author Joe Grandja
  */
 public class AuthorizationCodeReactiveOAuth2AuthorizedClientProviderTests {
+
 	private AuthorizationCodeReactiveOAuth2AuthorizedClientProvider authorizedClientProvider;
+
 	private ClientRegistration clientRegistration;
+
 	private OAuth2AuthorizedClient authorizedClient;
+
 	private Authentication principal;
 
 	@Before
 	public void setup() {
 		this.authorizedClientProvider = new AuthorizationCodeReactiveOAuth2AuthorizedClientProvider();
 		this.clientRegistration = TestClientRegistrations.clientRegistration().build();
-		this.authorizedClient = new OAuth2AuthorizedClient(
-				this.clientRegistration, "principal", TestOAuth2AccessTokens.scopes("read", "write"));
+		this.authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, "principal",
+				TestOAuth2AccessTokens.scopes("read", "write"));
 		this.principal = new TestingAuthenticationToken("principal", "password");
 	}
 
@@ -56,29 +60,24 @@ public class AuthorizationCodeReactiveOAuth2AuthorizedClientProviderTests {
 	public void authorizeWhenNotAuthorizationCodeThenUnableToAuthorize() {
 		ClientRegistration clientCredentialsClient = TestClientRegistrations.clientCredentials().build();
 
-		OAuth2AuthorizationContext authorizationContext =
-				OAuth2AuthorizationContext.withClientRegistration(clientCredentialsClient)
-						.principal(this.principal)
-						.build();
+		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
+				.withClientRegistration(clientCredentialsClient).principal(this.principal).build();
 		assertThat(this.authorizedClientProvider.authorize(authorizationContext).block()).isNull();
 	}
 
 	@Test
 	public void authorizeWhenAuthorizationCodeAndAuthorizedThenNotAuthorize() {
-		OAuth2AuthorizationContext authorizationContext =
-				OAuth2AuthorizationContext.withAuthorizedClient(this.authorizedClient)
-						.principal(this.principal)
-						.build();
+		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
+				.withAuthorizedClient(this.authorizedClient).principal(this.principal).build();
 		assertThat(this.authorizedClientProvider.authorize(authorizationContext).block()).isNull();
 	}
 
 	@Test
 	public void authorizeWhenAuthorizationCodeAndNotAuthorizedThenAuthorize() {
-		OAuth2AuthorizationContext authorizationContext =
-				OAuth2AuthorizationContext.withClientRegistration(this.clientRegistration)
-						.principal(this.principal)
-						.build();
+		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
+				.withClientRegistration(this.clientRegistration).principal(this.principal).build();
 		assertThatThrownBy(() -> this.authorizedClientProvider.authorize(authorizationContext).block())
 				.isInstanceOf(ClientAuthorizationRequiredException.class);
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceOAuth2AuthorizedClientManagerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceOAuth2AuthorizedClientManagerTests.java
index 9ca0f88929..b176d88d9b 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceOAuth2AuthorizedClientManagerTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceOAuth2AuthorizedClientManagerTests.java
@@ -50,16 +50,27 @@ import static org.mockito.Mockito.when;
  * @author Joe Grandja
  */
 public class AuthorizedClientServiceOAuth2AuthorizedClientManagerTests {
+
 	private ClientRegistrationRepository clientRegistrationRepository;
+
 	private OAuth2AuthorizedClientService authorizedClientService;
+
 	private OAuth2AuthorizedClientProvider authorizedClientProvider;
+
 	private Function contextAttributesMapper;
+
 	private OAuth2AuthorizationSuccessHandler authorizationSuccessHandler;
+
 	private OAuth2AuthorizationFailureHandler authorizationFailureHandler;
+
 	private AuthorizedClientServiceOAuth2AuthorizedClientManager authorizedClientManager;
+
 	private ClientRegistration clientRegistration;
+
 	private Authentication principal;
+
 	private OAuth2AuthorizedClient authorizedClient;
+
 	private ArgumentCaptor<OAuth2AuthorizationContext> authorizationContextCaptor;
 
 	@SuppressWarnings("unchecked")
@@ -71,13 +82,14 @@ public class AuthorizedClientServiceOAuth2AuthorizedClientManagerTests {
 		this.contextAttributesMapper = mock(Function.class);
 		this.authorizationSuccessHandler = spy(new OAuth2AuthorizationSuccessHandler() {
 			@Override
-			public void onAuthorizationSuccess(OAuth2AuthorizedClient authorizedClient, Authentication principal, Map<String, Object> attributes) {
+			public void onAuthorizationSuccess(OAuth2AuthorizedClient authorizedClient, Authentication principal,
+					Map<String, Object> attributes) {
 				authorizedClientService.saveAuthorizedClient(authorizedClient, principal);
 			}
 		});
 		this.authorizationFailureHandler = spy(new RemoveAuthorizedClientOAuth2AuthorizationFailureHandler(
-				(clientRegistrationId, principal, attributes) ->
-						this.authorizedClientService.removeAuthorizedClient(clientRegistrationId, principal.getName())));
+				(clientRegistrationId, principal, attributes) -> this.authorizedClientService
+						.removeAuthorizedClient(clientRegistrationId, principal.getName())));
 		this.authorizedClientManager = new AuthorizedClientServiceOAuth2AuthorizedClientManager(
 				this.clientRegistrationRepository, this.authorizedClientService);
 		this.authorizedClientManager.setAuthorizedClientProvider(this.authorizedClientProvider);
@@ -93,58 +105,54 @@ public class AuthorizedClientServiceOAuth2AuthorizedClientManagerTests {
 
 	@Test
 	public void constructorWhenClientRegistrationRepositoryIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> new AuthorizedClientServiceOAuth2AuthorizedClientManager(null, this.authorizedClientService))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("clientRegistrationRepository cannot be null");
+		assertThatThrownBy(
+				() -> new AuthorizedClientServiceOAuth2AuthorizedClientManager(null, this.authorizedClientService))
+						.isInstanceOf(IllegalArgumentException.class)
+						.hasMessage("clientRegistrationRepository cannot be null");
 	}
 
 	@Test
 	public void constructorWhenOAuth2AuthorizedClientServiceIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> new AuthorizedClientServiceOAuth2AuthorizedClientManager(this.clientRegistrationRepository, null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("authorizedClientService cannot be null");
+		assertThatThrownBy(
+				() -> new AuthorizedClientServiceOAuth2AuthorizedClientManager(this.clientRegistrationRepository, null))
+						.isInstanceOf(IllegalArgumentException.class)
+						.hasMessage("authorizedClientService cannot be null");
 	}
 
 	@Test
 	public void setAuthorizedClientProviderWhenNullThenThrowIllegalArgumentException() {
 		assertThatThrownBy(() -> this.authorizedClientManager.setAuthorizedClientProvider(null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("authorizedClientProvider cannot be null");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("authorizedClientProvider cannot be null");
 	}
 
 	@Test
 	public void setContextAttributesMapperWhenNullThenThrowIllegalArgumentException() {
 		assertThatThrownBy(() -> this.authorizedClientManager.setContextAttributesMapper(null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("contextAttributesMapper cannot be null");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("contextAttributesMapper cannot be null");
 	}
 
 	@Test
 	public void setAuthorizationSuccessHandlerWhenNullThenThrowIllegalArgumentException() {
 		assertThatThrownBy(() -> this.authorizedClientManager.setAuthorizationSuccessHandler(null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("authorizationSuccessHandler cannot be null");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("authorizationSuccessHandler cannot be null");
 	}
 
 	@Test
 	public void setAuthorizationFailureHandlerWhenNullThenThrowIllegalArgumentException() {
 		assertThatThrownBy(() -> this.authorizedClientManager.setAuthorizationFailureHandler(null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("authorizationFailureHandler cannot be null");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("authorizationFailureHandler cannot be null");
 	}
 
 	@Test
 	public void authorizeWhenRequestIsNullThenThrowIllegalArgumentException() {
 		assertThatThrownBy(() -> this.authorizedClientManager.authorize(null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("authorizeRequest cannot be null");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("authorizeRequest cannot be null");
 	}
 
 	@Test
 	public void authorizeWhenClientRegistrationNotFoundThenThrowIllegalArgumentException() {
-		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest.withClientRegistrationId("invalid-registration-id")
-				.principal(this.principal)
-				.build();
+		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
+				.withClientRegistrationId("invalid-registration-id").principal(this.principal).build();
 		assertThatThrownBy(() -> this.authorizedClientManager.authorize(authorizeRequest))
 				.isInstanceOf(IllegalArgumentException.class)
 				.hasMessage("Could not find ClientRegistration with id 'invalid-registration-id'");
@@ -153,11 +161,11 @@ public class AuthorizedClientServiceOAuth2AuthorizedClientManagerTests {
 	@SuppressWarnings("unchecked")
 	@Test
 	public void authorizeWhenNotAuthorizedAndUnsupportedProviderThenNotAuthorized() {
-		when(this.clientRegistrationRepository.findByRegistrationId(
-				eq(this.clientRegistration.getRegistrationId()))).thenReturn(this.clientRegistration);
+		when(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
+				.thenReturn(this.clientRegistration);
 
-		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest.withClientRegistrationId(this.clientRegistration.getRegistrationId())
-				.principal(this.principal)
+		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
+				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
 				.build();
 		OAuth2AuthorizedClient authorizedClient = this.authorizedClientManager.authorize(authorizeRequest);
 
@@ -177,13 +185,14 @@ public class AuthorizedClientServiceOAuth2AuthorizedClientManagerTests {
 	@SuppressWarnings("unchecked")
 	@Test
 	public void authorizeWhenNotAuthorizedAndSupportedProviderThenAuthorized() {
-		when(this.clientRegistrationRepository.findByRegistrationId(
-				eq(this.clientRegistration.getRegistrationId()))).thenReturn(this.clientRegistration);
+		when(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
+				.thenReturn(this.clientRegistration);
 
-		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))).thenReturn(this.authorizedClient);
+		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
+				.thenReturn(this.authorizedClient);
 
-		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest.withClientRegistrationId(this.clientRegistration.getRegistrationId())
-				.principal(this.principal)
+		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
+				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
 				.build();
 		OAuth2AuthorizedClient authorizedClient = this.authorizedClientManager.authorize(authorizeRequest);
 
@@ -196,28 +205,27 @@ public class AuthorizedClientServiceOAuth2AuthorizedClientManagerTests {
 		assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal);
 
 		assertThat(authorizedClient).isSameAs(this.authorizedClient);
-		verify(this.authorizationSuccessHandler).onAuthorizationSuccess(
-				eq(this.authorizedClient), eq(this.principal), any());
-		verify(this.authorizedClientService).saveAuthorizedClient(
-				eq(this.authorizedClient), eq(this.principal));
+		verify(this.authorizationSuccessHandler).onAuthorizationSuccess(eq(this.authorizedClient), eq(this.principal),
+				any());
+		verify(this.authorizedClientService).saveAuthorizedClient(eq(this.authorizedClient), eq(this.principal));
 	}
 
 	@SuppressWarnings("unchecked")
 	@Test
 	public void authorizeWhenAuthorizedAndSupportedProviderThenReauthorized() {
-		when(this.clientRegistrationRepository.findByRegistrationId(
-				eq(this.clientRegistration.getRegistrationId()))).thenReturn(this.clientRegistration);
-		when(this.authorizedClientService.loadAuthorizedClient(
-				eq(this.clientRegistration.getRegistrationId()), eq(this.principal.getName()))).thenReturn(this.authorizedClient);
+		when(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
+				.thenReturn(this.clientRegistration);
+		when(this.authorizedClientService.loadAuthorizedClient(eq(this.clientRegistration.getRegistrationId()),
+				eq(this.principal.getName()))).thenReturn(this.authorizedClient);
 
-		OAuth2AuthorizedClient reauthorizedClient = new OAuth2AuthorizedClient(
-				this.clientRegistration, this.principal.getName(),
-				TestOAuth2AccessTokens.noScopes(), TestOAuth2RefreshTokens.refreshToken());
+		OAuth2AuthorizedClient reauthorizedClient = new OAuth2AuthorizedClient(this.clientRegistration,
+				this.principal.getName(), TestOAuth2AccessTokens.noScopes(), TestOAuth2RefreshTokens.refreshToken());
 
-		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))).thenReturn(reauthorizedClient);
+		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
+				.thenReturn(reauthorizedClient);
 
-		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest.withClientRegistrationId(this.clientRegistration.getRegistrationId())
-				.principal(this.principal)
+		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
+				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
 				.build();
 		OAuth2AuthorizedClient authorizedClient = this.authorizedClientManager.authorize(authorizeRequest);
 
@@ -230,18 +238,16 @@ public class AuthorizedClientServiceOAuth2AuthorizedClientManagerTests {
 		assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal);
 
 		assertThat(authorizedClient).isSameAs(reauthorizedClient);
-		verify(this.authorizationSuccessHandler).onAuthorizationSuccess(
-				eq(reauthorizedClient), eq(this.principal), any());
-		verify(this.authorizedClientService).saveAuthorizedClient(
-				eq(reauthorizedClient), eq(this.principal));
+		verify(this.authorizationSuccessHandler).onAuthorizationSuccess(eq(reauthorizedClient), eq(this.principal),
+				any());
+		verify(this.authorizedClientService).saveAuthorizedClient(eq(reauthorizedClient), eq(this.principal));
 	}
 
 	@SuppressWarnings("unchecked")
 	@Test
 	public void reauthorizeWhenUnsupportedProviderThenNotReauthorized() {
 		OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient)
-				.principal(this.principal)
-				.build();
+				.principal(this.principal).build();
 		OAuth2AuthorizedClient authorizedClient = this.authorizedClientManager.authorize(reauthorizeRequest);
 
 		verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture());
@@ -260,15 +266,14 @@ public class AuthorizedClientServiceOAuth2AuthorizedClientManagerTests {
 	@SuppressWarnings("unchecked")
 	@Test
 	public void reauthorizeWhenSupportedProviderThenReauthorized() {
-		OAuth2AuthorizedClient reauthorizedClient = new OAuth2AuthorizedClient(
-				this.clientRegistration, this.principal.getName(),
-				TestOAuth2AccessTokens.noScopes(), TestOAuth2RefreshTokens.refreshToken());
+		OAuth2AuthorizedClient reauthorizedClient = new OAuth2AuthorizedClient(this.clientRegistration,
+				this.principal.getName(), TestOAuth2AccessTokens.noScopes(), TestOAuth2RefreshTokens.refreshToken());
 
-		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))).thenReturn(reauthorizedClient);
+		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
+				.thenReturn(reauthorizedClient);
 
 		OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient)
-				.principal(this.principal)
-				.build();
+				.principal(this.principal).build();
 		OAuth2AuthorizedClient authorizedClient = this.authorizedClientManager.authorize(reauthorizeRequest);
 
 		verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture());
@@ -280,29 +285,26 @@ public class AuthorizedClientServiceOAuth2AuthorizedClientManagerTests {
 		assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal);
 
 		assertThat(authorizedClient).isSameAs(reauthorizedClient);
-		verify(this.authorizationSuccessHandler).onAuthorizationSuccess(
-				eq(reauthorizedClient), eq(this.principal), any());
-		verify(this.authorizedClientService).saveAuthorizedClient(
-				eq(reauthorizedClient), eq(this.principal));
+		verify(this.authorizationSuccessHandler).onAuthorizationSuccess(eq(reauthorizedClient), eq(this.principal),
+				any());
+		verify(this.authorizedClientService).saveAuthorizedClient(eq(reauthorizedClient), eq(this.principal));
 	}
 
 	@SuppressWarnings("unchecked")
 	@Test
 	public void reauthorizeWhenRequestAttributeScopeThenMappedToContext() {
-		OAuth2AuthorizedClient reauthorizedClient = new OAuth2AuthorizedClient(
-				this.clientRegistration, this.principal.getName(),
-				TestOAuth2AccessTokens.noScopes(), TestOAuth2RefreshTokens.refreshToken());
+		OAuth2AuthorizedClient reauthorizedClient = new OAuth2AuthorizedClient(this.clientRegistration,
+				this.principal.getName(), TestOAuth2AccessTokens.noScopes(), TestOAuth2RefreshTokens.refreshToken());
 
-		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))).thenReturn(reauthorizedClient);
+		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
+				.thenReturn(reauthorizedClient);
 
 		// Override the mock with the default
 		this.authorizedClientManager.setContextAttributesMapper(
 				new AuthorizedClientServiceOAuth2AuthorizedClientManager.DefaultContextAttributesMapper());
 
 		OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient)
-				.principal(this.principal)
-				.attribute(OAuth2ParameterNames.SCOPE, "read write")
-				.build();
+				.principal(this.principal).attribute(OAuth2ParameterNames.SCOPE, "read write").build();
 		OAuth2AuthorizedClient authorizedClient = this.authorizedClientManager.authorize(reauthorizeRequest);
 
 		verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture());
@@ -311,15 +313,16 @@ public class AuthorizedClientServiceOAuth2AuthorizedClientManagerTests {
 		assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration);
 		assertThat(authorizationContext.getAuthorizedClient()).isSameAs(this.authorizedClient);
 		assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal);
-		assertThat(authorizationContext.getAttributes()).containsKey(OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME);
-		String[] requestScopeAttribute = authorizationContext.getAttribute(OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME);
+		assertThat(authorizationContext.getAttributes())
+				.containsKey(OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME);
+		String[] requestScopeAttribute = authorizationContext
+				.getAttribute(OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME);
 		assertThat(requestScopeAttribute).contains("read", "write");
 
 		assertThat(authorizedClient).isSameAs(reauthorizedClient);
-		verify(this.authorizationSuccessHandler).onAuthorizationSuccess(
-				eq(reauthorizedClient), eq(this.principal), any());
-		verify(this.authorizedClientService).saveAuthorizedClient(
-				eq(reauthorizedClient), eq(this.principal));
+		verify(this.authorizationSuccessHandler).onAuthorizationSuccess(eq(reauthorizedClient), eq(this.principal),
+				any());
+		verify(this.authorizedClientService).saveAuthorizedClient(eq(reauthorizedClient), eq(this.principal));
 	}
 
 	@Test
@@ -332,36 +335,34 @@ public class AuthorizedClientServiceOAuth2AuthorizedClientManagerTests {
 				.thenThrow(authorizationException);
 
 		OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient)
-				.principal(this.principal)
-				.build();
+				.principal(this.principal).build();
 
 		assertThatCode(() -> this.authorizedClientManager.authorize(reauthorizeRequest))
 				.isEqualTo(authorizationException);
 
-		verify(this.authorizationFailureHandler).onAuthorizationFailure(
-				eq(authorizationException), eq(this.principal), any());
-		verify(this.authorizedClientService).removeAuthorizedClient(
-				eq(this.clientRegistration.getRegistrationId()), eq(this.principal.getName()));
+		verify(this.authorizationFailureHandler).onAuthorizationFailure(eq(authorizationException), eq(this.principal),
+				any());
+		verify(this.authorizedClientService).removeAuthorizedClient(eq(this.clientRegistration.getRegistrationId()),
+				eq(this.principal.getName()));
 	}
 
 	@Test
 	public void reauthorizeWhenErrorCodeDoesNotMatchThenDoNotRemoveAuthorizedClient() {
 		ClientAuthorizationException authorizationException = new ClientAuthorizationException(
-				new OAuth2Error("non-matching-error-code", null, null),
-				this.clientRegistration.getRegistrationId());
+				new OAuth2Error("non-matching-error-code", null, null), this.clientRegistration.getRegistrationId());
 
 		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
 				.thenThrow(authorizationException);
 
 		OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient)
-				.principal(this.principal)
-				.build();
+				.principal(this.principal).build();
 
 		assertThatCode(() -> this.authorizedClientManager.authorize(reauthorizeRequest))
 				.isEqualTo(authorizationException);
 
-		verify(this.authorizationFailureHandler).onAuthorizationFailure(
-				eq(authorizationException), eq(this.principal), any());
+		verify(this.authorizationFailureHandler).onAuthorizationFailure(eq(authorizationException), eq(this.principal),
+				any());
 		verifyNoInteractions(this.authorizedClientService);
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests.java
index 01d38442d2..8bcd9e335d 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests.java
@@ -53,16 +53,27 @@ import static org.mockito.Mockito.when;
  * @author Phil Clay
  */
 public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests {
+
 	private ReactiveClientRegistrationRepository clientRegistrationRepository;
+
 	private ReactiveOAuth2AuthorizedClientService authorizedClientService;
+
 	private ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider;
+
 	private Function<OAuth2AuthorizeRequest, Mono<Map<String, Object>>> contextAttributesMapper;
+
 	private AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager authorizedClientManager;
+
 	private ClientRegistration clientRegistration;
+
 	private Authentication principal;
+
 	private OAuth2AuthorizedClient authorizedClient;
+
 	private ArgumentCaptor<OAuth2AuthorizationContext> authorizationContextCaptor;
+
 	private PublisherProbe<Void> saveAuthorizedClientProbe;
+
 	private PublisherProbe<Void> removeAuthorizedClientProbe;
 
 	@SuppressWarnings("unchecked")
@@ -71,9 +82,11 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests {
 		this.clientRegistrationRepository = mock(ReactiveClientRegistrationRepository.class);
 		this.authorizedClientService = mock(ReactiveOAuth2AuthorizedClientService.class);
 		this.saveAuthorizedClientProbe = PublisherProbe.empty();
-		when(this.authorizedClientService.saveAuthorizedClient(any(), any())).thenReturn(this.saveAuthorizedClientProbe.mono());
+		when(this.authorizedClientService.saveAuthorizedClient(any(), any()))
+				.thenReturn(this.saveAuthorizedClientProbe.mono());
 		this.removeAuthorizedClientProbe = PublisherProbe.empty();
-		when(this.authorizedClientService.removeAuthorizedClient(any(), any())).thenReturn(this.removeAuthorizedClientProbe.mono());
+		when(this.authorizedClientService.removeAuthorizedClient(any(), any()))
+				.thenReturn(this.removeAuthorizedClientProbe.mono());
 		this.authorizedClientProvider = mock(ReactiveOAuth2AuthorizedClientProvider.class);
 		this.contextAttributesMapper = mock(Function.class);
 		when(this.contextAttributesMapper.apply(any())).thenReturn(Mono.empty());
@@ -90,59 +103,53 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests {
 
 	@Test
 	public void constructorWhenClientRegistrationRepositoryIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> new AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager(null, this.authorizedClientService))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("clientRegistrationRepository cannot be null");
+		assertThatThrownBy(() -> new AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager(null,
+				this.authorizedClientService)).isInstanceOf(IllegalArgumentException.class)
+						.hasMessage("clientRegistrationRepository cannot be null");
 	}
 
 	@Test
 	public void constructorWhenOAuth2AuthorizedClientServiceIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> new AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager(this.clientRegistrationRepository, null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("authorizedClientService cannot be null");
+		assertThatThrownBy(() -> new AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager(
+				this.clientRegistrationRepository, null)).isInstanceOf(IllegalArgumentException.class)
+						.hasMessage("authorizedClientService cannot be null");
 	}
 
 	@Test
 	public void setAuthorizedClientProviderWhenNullThenThrowIllegalArgumentException() {
 		assertThatThrownBy(() -> this.authorizedClientManager.setAuthorizedClientProvider(null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("authorizedClientProvider cannot be null");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("authorizedClientProvider cannot be null");
 	}
 
 	@Test
 	public void setContextAttributesMapperWhenNullThenThrowIllegalArgumentException() {
 		assertThatThrownBy(() -> this.authorizedClientManager.setContextAttributesMapper(null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("contextAttributesMapper cannot be null");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("contextAttributesMapper cannot be null");
 	}
 
 	@Test
 	public void setAuthorizationSuccessHandlerWhenNullThenThrowIllegalArgumentException() {
 		assertThatThrownBy(() -> this.authorizedClientManager.setAuthorizationSuccessHandler(null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("authorizationSuccessHandler cannot be null");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("authorizationSuccessHandler cannot be null");
 	}
 
 	@Test
 	public void setAuthorizationFailureHandlerWhenNullThenThrowIllegalArgumentException() {
 		assertThatThrownBy(() -> this.authorizedClientManager.setAuthorizationFailureHandler(null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("authorizationFailureHandler cannot be null");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("authorizationFailureHandler cannot be null");
 	}
 
 	@Test
 	public void authorizeWhenRequestIsNullThenThrowIllegalArgumentException() {
 		assertThatThrownBy(() -> this.authorizedClientManager.authorize(null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("authorizeRequest cannot be null");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("authorizeRequest cannot be null");
 	}
 
 	@Test
 	public void authorizeWhenClientRegistrationNotFoundThenThrowIllegalArgumentException() {
 		String clientRegistrationId = "invalid-registration-id";
 		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest.withClientRegistrationId(clientRegistrationId)
-				.principal(this.principal)
-				.build();
+				.principal(this.principal).build();
 		when(this.clientRegistrationRepository.findByRegistrationId(clientRegistrationId)).thenReturn(Mono.empty());
 		StepVerifier.create(this.authorizedClientManager.authorize(authorizeRequest))
 				.verifyError(IllegalArgumentException.class);
@@ -152,14 +159,13 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests {
 	@SuppressWarnings("unchecked")
 	@Test
 	public void authorizeWhenNotAuthorizedAndUnsupportedProviderThenNotAuthorized() {
-		when(this.clientRegistrationRepository.findByRegistrationId(
-				eq(this.clientRegistration.getRegistrationId()))).thenReturn(Mono.just(this.clientRegistration));
-		when(this.authorizedClientService.loadAuthorizedClient(
-				any(), any())).thenReturn(Mono.empty());
+		when(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
+				.thenReturn(Mono.just(this.clientRegistration));
+		when(this.authorizedClientService.loadAuthorizedClient(any(), any())).thenReturn(Mono.empty());
 
 		when(authorizedClientProvider.authorize(any())).thenReturn(Mono.empty());
-		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest.withClientRegistrationId(this.clientRegistration.getRegistrationId())
-				.principal(this.principal)
+		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
+				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
 				.build();
 		Mono<OAuth2AuthorizedClient> authorizedClient = this.authorizedClientManager.authorize(authorizeRequest);
 
@@ -173,29 +179,27 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests {
 		assertThat(authorizationContext.getAuthorizedClient()).isNull();
 		assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal);
 
-		verify(this.authorizedClientService, never()).saveAuthorizedClient(
-				any(OAuth2AuthorizedClient.class), eq(this.principal));
+		verify(this.authorizedClientService, never()).saveAuthorizedClient(any(OAuth2AuthorizedClient.class),
+				eq(this.principal));
 	}
 
 	@SuppressWarnings("unchecked")
 	@Test
 	public void authorizeWhenNotAuthorizedAndSupportedProviderThenAuthorized() {
-		when(this.clientRegistrationRepository.findByRegistrationId(
-				eq(this.clientRegistration.getRegistrationId()))).thenReturn(Mono.just(this.clientRegistration));
+		when(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
+				.thenReturn(Mono.just(this.clientRegistration));
 
-		when(this.authorizedClientService.loadAuthorizedClient(
-				any(), any())).thenReturn(Mono.empty());
+		when(this.authorizedClientService.loadAuthorizedClient(any(), any())).thenReturn(Mono.empty());
 
-		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))).thenReturn(Mono.just(this.authorizedClient));
+		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
+				.thenReturn(Mono.just(this.authorizedClient));
 
-		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest.withClientRegistrationId(this.clientRegistration.getRegistrationId())
-				.principal(this.principal)
+		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
+				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
 				.build();
 		Mono<OAuth2AuthorizedClient> authorizedClient = this.authorizedClientManager.authorize(authorizeRequest);
 
-		StepVerifier.create(authorizedClient)
-				.expectNext(this.authorizedClient)
-				.verifyComplete();
+		StepVerifier.create(authorizedClient).expectNext(this.authorizedClient).verifyComplete();
 
 		verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture());
 		verify(this.contextAttributesMapper).apply(eq(authorizeRequest));
@@ -205,8 +209,7 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests {
 		assertThat(authorizationContext.getAuthorizedClient()).isNull();
 		assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal);
 
-		verify(this.authorizedClientService).saveAuthorizedClient(
-				eq(this.authorizedClient), eq(this.principal));
+		verify(this.authorizedClientService).saveAuthorizedClient(eq(this.authorizedClient), eq(this.principal));
 		this.saveAuthorizedClientProbe.assertWasSubscribed();
 		verify(this.authorizedClientService, never()).removeAuthorizedClient(any(), any());
 	}
@@ -214,25 +217,24 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests {
 	@SuppressWarnings("unchecked")
 	@Test
 	public void authorizeWhenNotAuthorizedAndSupportedProviderAndCustomSuccessHandlerThenInvokeCustomSuccessHandler() {
-		when(this.clientRegistrationRepository.findByRegistrationId(
-				eq(this.clientRegistration.getRegistrationId()))).thenReturn(Mono.just(this.clientRegistration));
+		when(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
+				.thenReturn(Mono.just(this.clientRegistration));
 
-		when(this.authorizedClientService.loadAuthorizedClient(
-				any(), any())).thenReturn(Mono.empty());
+		when(this.authorizedClientService.loadAuthorizedClient(any(), any())).thenReturn(Mono.empty());
 
-		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))).thenReturn(Mono.just(this.authorizedClient));
+		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
+				.thenReturn(Mono.just(this.authorizedClient));
 
-		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest.withClientRegistrationId(this.clientRegistration.getRegistrationId())
-				.principal(this.principal)
+		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
+				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
 				.build();
 		PublisherProbe<Void> authorizationSuccessHandlerProbe = PublisherProbe.empty();
-		this.authorizedClientManager.setAuthorizationSuccessHandler((client, principal, attributes) -> authorizationSuccessHandlerProbe.mono());
+		this.authorizedClientManager.setAuthorizationSuccessHandler(
+				(client, principal, attributes) -> authorizationSuccessHandlerProbe.mono());
 
 		Mono<OAuth2AuthorizedClient> authorizedClient = this.authorizedClientManager.authorize(authorizeRequest);
 
-		StepVerifier.create(authorizedClient)
-				.expectNext(this.authorizedClient)
-				.verifyComplete();
+		StepVerifier.create(authorizedClient).expectNext(this.authorizedClient).verifyComplete();
 
 		verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture());
 		verify(this.contextAttributesMapper).apply(eq(authorizeRequest));
@@ -249,24 +251,23 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests {
 
 	@Test
 	public void authorizeWhenInvalidTokenThenRemoveAuthorizedClient() {
-		when(this.clientRegistrationRepository.findByRegistrationId(
-				eq(this.clientRegistration.getRegistrationId()))).thenReturn(Mono.just(this.clientRegistration));
+		when(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
+				.thenReturn(Mono.just(this.clientRegistration));
 
-		when(this.authorizedClientService.loadAuthorizedClient(
-				any(), any())).thenReturn(Mono.empty());
+		when(this.authorizedClientService.loadAuthorizedClient(any(), any())).thenReturn(Mono.empty());
 
-		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest.withClientRegistrationId(this.clientRegistration.getRegistrationId())
-				.principal(this.principal)
+		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
+				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
 				.build();
 
 		ClientAuthorizationException exception = new ClientAuthorizationException(
 				new OAuth2Error(OAuth2ErrorCodes.INVALID_TOKEN, null, null),
 				this.clientRegistration.getRegistrationId());
 
-		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))).thenReturn(Mono.error(exception));
+		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
+				.thenReturn(Mono.error(exception));
 
-		assertThatCode(() -> this.authorizedClientManager.authorize(authorizeRequest).block())
-				.isEqualTo(exception);
+		assertThatCode(() -> this.authorizedClientManager.authorize(authorizeRequest).block()).isEqualTo(exception);
 
 		verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture());
 		verify(this.contextAttributesMapper).apply(eq(authorizeRequest));
@@ -276,32 +277,31 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests {
 		assertThat(authorizationContext.getAuthorizedClient()).isNull();
 		assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal);
 
-		verify(this.authorizedClientService).removeAuthorizedClient(
-				eq(this.clientRegistration.getRegistrationId()), eq(this.principal.getName()));
+		verify(this.authorizedClientService).removeAuthorizedClient(eq(this.clientRegistration.getRegistrationId()),
+				eq(this.principal.getName()));
 		this.removeAuthorizedClientProbe.assertWasSubscribed();
 		verify(this.authorizedClientService, never()).saveAuthorizedClient(any(), any());
 	}
 
 	@Test
 	public void authorizeWhenInvalidGrantThenRemoveAuthorizedClient() {
-		when(this.clientRegistrationRepository.findByRegistrationId(
-				eq(this.clientRegistration.getRegistrationId()))).thenReturn(Mono.just(this.clientRegistration));
+		when(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
+				.thenReturn(Mono.just(this.clientRegistration));
 
-		when(this.authorizedClientService.loadAuthorizedClient(
-				any(), any())).thenReturn(Mono.empty());
+		when(this.authorizedClientService.loadAuthorizedClient(any(), any())).thenReturn(Mono.empty());
 
-		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest.withClientRegistrationId(this.clientRegistration.getRegistrationId())
-				.principal(this.principal)
+		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
+				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
 				.build();
 
 		ClientAuthorizationException exception = new ClientAuthorizationException(
 				new OAuth2Error(OAuth2ErrorCodes.INVALID_GRANT, null, null),
 				this.clientRegistration.getRegistrationId());
 
-		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))).thenReturn(Mono.error(exception));
+		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
+				.thenReturn(Mono.error(exception));
 
-		assertThatCode(() -> this.authorizedClientManager.authorize(authorizeRequest).block())
-				.isEqualTo(exception);
+		assertThatCode(() -> this.authorizedClientManager.authorize(authorizeRequest).block()).isEqualTo(exception);
 
 		verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture());
 		verify(this.contextAttributesMapper).apply(eq(authorizeRequest));
@@ -311,32 +311,31 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests {
 		assertThat(authorizationContext.getAuthorizedClient()).isNull();
 		assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal);
 
-		verify(this.authorizedClientService).removeAuthorizedClient(
-				eq(this.clientRegistration.getRegistrationId()), eq(this.principal.getName()));
+		verify(this.authorizedClientService).removeAuthorizedClient(eq(this.clientRegistration.getRegistrationId()),
+				eq(this.principal.getName()));
 		this.removeAuthorizedClientProbe.assertWasSubscribed();
 		verify(this.authorizedClientService, never()).saveAuthorizedClient(any(), any());
 	}
 
 	@Test
 	public void authorizeWhenServerErrorThenDoNotRemoveAuthorizedClient() {
-		when(this.clientRegistrationRepository.findByRegistrationId(
-				eq(this.clientRegistration.getRegistrationId()))).thenReturn(Mono.just(this.clientRegistration));
+		when(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
+				.thenReturn(Mono.just(this.clientRegistration));
 
-		when(this.authorizedClientService.loadAuthorizedClient(
-				any(), any())).thenReturn(Mono.empty());
+		when(this.authorizedClientService.loadAuthorizedClient(any(), any())).thenReturn(Mono.empty());
 
-		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest.withClientRegistrationId(this.clientRegistration.getRegistrationId())
-				.principal(this.principal)
+		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
+				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
 				.build();
 
 		ClientAuthorizationException exception = new ClientAuthorizationException(
 				new OAuth2Error(OAuth2ErrorCodes.SERVER_ERROR, null, null),
 				this.clientRegistration.getRegistrationId());
 
-		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))).thenReturn(Mono.error(exception));
+		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
+				.thenReturn(Mono.error(exception));
 
-		assertThatCode(() -> this.authorizedClientManager.authorize(authorizeRequest).block())
-				.isEqualTo(exception);
+		assertThatCode(() -> this.authorizedClientManager.authorize(authorizeRequest).block()).isEqualTo(exception);
 
 		verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture());
 		verify(this.contextAttributesMapper).apply(eq(authorizeRequest));
@@ -352,23 +351,22 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests {
 
 	@Test
 	public void authorizeWhenOAuth2AuthorizationExceptionThenDoNotRemoveAuthorizedClient() {
-		when(this.clientRegistrationRepository.findByRegistrationId(
-				eq(this.clientRegistration.getRegistrationId()))).thenReturn(Mono.just(this.clientRegistration));
+		when(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
+				.thenReturn(Mono.just(this.clientRegistration));
 
-		when(this.authorizedClientService.loadAuthorizedClient(
-				any(), any())).thenReturn(Mono.empty());
+		when(this.authorizedClientService.loadAuthorizedClient(any(), any())).thenReturn(Mono.empty());
 
-		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest.withClientRegistrationId(this.clientRegistration.getRegistrationId())
-				.principal(this.principal)
+		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
+				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
 				.build();
 
 		OAuth2AuthorizationException exception = new OAuth2AuthorizationException(
 				new OAuth2Error(OAuth2ErrorCodes.INVALID_GRANT, null, null));
 
-		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))).thenReturn(Mono.error(exception));
+		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
+				.thenReturn(Mono.error(exception));
 
-		assertThatCode(() -> this.authorizedClientManager.authorize(authorizeRequest).block())
-				.isEqualTo(exception);
+		assertThatCode(() -> this.authorizedClientManager.authorize(authorizeRequest).block()).isEqualTo(exception);
 
 		verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture());
 		verify(this.contextAttributesMapper).apply(eq(authorizeRequest));
@@ -384,26 +382,26 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests {
 
 	@Test
 	public void authorizeWhenOAuth2AuthorizationExceptionAndCustomFailureHandlerThenInvokeCustomFailureHandler() {
-		when(this.clientRegistrationRepository.findByRegistrationId(
-				eq(this.clientRegistration.getRegistrationId()))).thenReturn(Mono.just(this.clientRegistration));
+		when(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
+				.thenReturn(Mono.just(this.clientRegistration));
 
-		when(this.authorizedClientService.loadAuthorizedClient(
-				any(), any())).thenReturn(Mono.empty());
+		when(this.authorizedClientService.loadAuthorizedClient(any(), any())).thenReturn(Mono.empty());
 
-		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest.withClientRegistrationId(this.clientRegistration.getRegistrationId())
-				.principal(this.principal)
+		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
+				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
 				.build();
 
 		OAuth2AuthorizationException exception = new OAuth2AuthorizationException(
 				new OAuth2Error(OAuth2ErrorCodes.INVALID_GRANT, null, null));
 
-		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))).thenReturn(Mono.error(exception));
+		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
+				.thenReturn(Mono.error(exception));
 
 		PublisherProbe<Void> authorizationFailureHandlerProbe = PublisherProbe.empty();
-		this.authorizedClientManager.setAuthorizationFailureHandler((client, principal, attributes) -> authorizationFailureHandlerProbe.mono());
+		this.authorizedClientManager.setAuthorizationFailureHandler(
+				(client, principal, attributes) -> authorizationFailureHandlerProbe.mono());
 
-		assertThatCode(() -> this.authorizedClientManager.authorize(authorizeRequest).block())
-				.isEqualTo(exception);
+		assertThatCode(() -> this.authorizedClientManager.authorize(authorizeRequest).block()).isEqualTo(exception);
 
 		verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture());
 		verify(this.contextAttributesMapper).apply(eq(authorizeRequest));
@@ -421,25 +419,23 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests {
 	@SuppressWarnings("unchecked")
 	@Test
 	public void authorizeWhenAuthorizedAndSupportedProviderThenReauthorized() {
-		when(this.clientRegistrationRepository.findByRegistrationId(
-				eq(this.clientRegistration.getRegistrationId()))).thenReturn(Mono.just(this.clientRegistration));
-		when(this.authorizedClientService.loadAuthorizedClient(
-				eq(this.clientRegistration.getRegistrationId()), eq(this.principal.getName()))).thenReturn(Mono.just(this.authorizedClient));
+		when(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
+				.thenReturn(Mono.just(this.clientRegistration));
+		when(this.authorizedClientService.loadAuthorizedClient(eq(this.clientRegistration.getRegistrationId()),
+				eq(this.principal.getName()))).thenReturn(Mono.just(this.authorizedClient));
 
-		OAuth2AuthorizedClient reauthorizedClient = new OAuth2AuthorizedClient(
-				this.clientRegistration, this.principal.getName(),
-				TestOAuth2AccessTokens.noScopes(), TestOAuth2RefreshTokens.refreshToken());
+		OAuth2AuthorizedClient reauthorizedClient = new OAuth2AuthorizedClient(this.clientRegistration,
+				this.principal.getName(), TestOAuth2AccessTokens.noScopes(), TestOAuth2RefreshTokens.refreshToken());
 
-		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))).thenReturn(Mono.just(reauthorizedClient));
+		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
+				.thenReturn(Mono.just(reauthorizedClient));
 
-		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest.withClientRegistrationId(this.clientRegistration.getRegistrationId())
-				.principal(this.principal)
+		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
+				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
 				.build();
 		Mono<OAuth2AuthorizedClient> authorizedClient = this.authorizedClientManager.authorize(authorizeRequest);
 
-		StepVerifier.create(authorizedClient)
-				.expectNext(reauthorizedClient)
-				.verifyComplete();
+		StepVerifier.create(authorizedClient).expectNext(reauthorizedClient).verifyComplete();
 		verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture());
 		verify(this.contextAttributesMapper).apply(eq(authorizeRequest));
 
@@ -448,8 +444,7 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests {
 		assertThat(authorizationContext.getAuthorizedClient()).isSameAs(this.authorizedClient);
 		assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal);
 
-		verify(this.authorizedClientService).saveAuthorizedClient(
-				eq(reauthorizedClient), eq(this.principal));
+		verify(this.authorizedClientService).saveAuthorizedClient(eq(reauthorizedClient), eq(this.principal));
 		this.saveAuthorizedClientProbe.assertWasSubscribed();
 		verify(this.authorizedClientService, never()).removeAuthorizedClient(any(), any());
 	}
@@ -459,13 +454,10 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests {
 	public void reauthorizeWhenUnsupportedProviderThenNotReauthorized() {
 		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))).thenReturn(Mono.empty());
 		OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient)
-				.principal(this.principal)
-				.build();
+				.principal(this.principal).build();
 		Mono<OAuth2AuthorizedClient> authorizedClient = this.authorizedClientManager.authorize(reauthorizeRequest);
 
-		StepVerifier.create(authorizedClient)
-				.expectNext(this.authorizedClient)
-				.verifyComplete();
+		StepVerifier.create(authorizedClient).expectNext(this.authorizedClient).verifyComplete();
 		verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture());
 		verify(this.contextAttributesMapper).apply(eq(reauthorizeRequest));
 
@@ -474,27 +466,24 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests {
 		assertThat(authorizationContext.getAuthorizedClient()).isSameAs(this.authorizedClient);
 		assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal);
 
-		verify(this.authorizedClientService, never()).saveAuthorizedClient(
-				any(OAuth2AuthorizedClient.class), eq(this.principal));
+		verify(this.authorizedClientService, never()).saveAuthorizedClient(any(OAuth2AuthorizedClient.class),
+				eq(this.principal));
 	}
 
 	@SuppressWarnings("unchecked")
 	@Test
 	public void reauthorizeWhenSupportedProviderThenReauthorized() {
-		OAuth2AuthorizedClient reauthorizedClient = new OAuth2AuthorizedClient(
-				this.clientRegistration, this.principal.getName(),
-				TestOAuth2AccessTokens.noScopes(), TestOAuth2RefreshTokens.refreshToken());
+		OAuth2AuthorizedClient reauthorizedClient = new OAuth2AuthorizedClient(this.clientRegistration,
+				this.principal.getName(), TestOAuth2AccessTokens.noScopes(), TestOAuth2RefreshTokens.refreshToken());
 
-		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))).thenReturn(Mono.just(reauthorizedClient));
+		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
+				.thenReturn(Mono.just(reauthorizedClient));
 
 		OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient)
-				.principal(this.principal)
-				.build();
+				.principal(this.principal).build();
 		Mono<OAuth2AuthorizedClient> authorizedClient = this.authorizedClientManager.authorize(reauthorizeRequest);
 
-		StepVerifier.create(authorizedClient)
-				.expectNext(reauthorizedClient)
-				.verifyComplete();
+		StepVerifier.create(authorizedClient).expectNext(reauthorizedClient).verifyComplete();
 
 		verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture());
 		verify(this.contextAttributesMapper).apply(eq(reauthorizeRequest));
@@ -504,8 +493,7 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests {
 		assertThat(authorizationContext.getAuthorizedClient()).isSameAs(this.authorizedClient);
 		assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal);
 
-		verify(this.authorizedClientService).saveAuthorizedClient(
-				eq(reauthorizedClient), eq(this.principal));
+		verify(this.authorizedClientService).saveAuthorizedClient(eq(reauthorizedClient), eq(this.principal));
 		this.saveAuthorizedClientProbe.assertWasSubscribed();
 		verify(this.authorizedClientService, never()).removeAuthorizedClient(any(), any());
 	}
@@ -513,25 +501,21 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests {
 	@SuppressWarnings("unchecked")
 	@Test
 	public void reauthorizeWhenRequestAttributeScopeThenMappedToContext() {
-		OAuth2AuthorizedClient reauthorizedClient = new OAuth2AuthorizedClient(
-				this.clientRegistration, this.principal.getName(),
-				TestOAuth2AccessTokens.noScopes(), TestOAuth2RefreshTokens.refreshToken());
+		OAuth2AuthorizedClient reauthorizedClient = new OAuth2AuthorizedClient(this.clientRegistration,
+				this.principal.getName(), TestOAuth2AccessTokens.noScopes(), TestOAuth2RefreshTokens.refreshToken());
 
-		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))).thenReturn(Mono.just(reauthorizedClient));
+		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
+				.thenReturn(Mono.just(reauthorizedClient));
 
 		OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient)
-				.principal(this.principal)
-				.attribute(OAuth2ParameterNames.SCOPE, "read write")
-				.build();
+				.principal(this.principal).attribute(OAuth2ParameterNames.SCOPE, "read write").build();
 
-		this.authorizedClientManager.setContextAttributesMapper(new AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager.DefaultContextAttributesMapper());
+		this.authorizedClientManager.setContextAttributesMapper(
+				new AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager.DefaultContextAttributesMapper());
 		Mono<OAuth2AuthorizedClient> authorizedClient = this.authorizedClientManager.authorize(reauthorizeRequest);
 
-		StepVerifier.create(authorizedClient)
-				.expectNext(reauthorizedClient)
-				.verifyComplete();
-		verify(this.authorizedClientService).saveAuthorizedClient(
-				eq(reauthorizedClient), eq(this.principal));
+		StepVerifier.create(authorizedClient).expectNext(reauthorizedClient).verifyComplete();
+		verify(this.authorizedClientService).saveAuthorizedClient(eq(reauthorizedClient), eq(this.principal));
 		this.saveAuthorizedClientProbe.assertWasSubscribed();
 		verify(this.authorizedClientService, never()).removeAuthorizedClient(any(), any());
 
@@ -541,9 +525,12 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests {
 		assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration);
 		assertThat(authorizationContext.getAuthorizedClient()).isSameAs(this.authorizedClient);
 		assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal);
-		assertThat(authorizationContext.getAttributes()).containsKey(OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME);
-		String[] requestScopeAttribute = authorizationContext.getAttribute(OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME);
+		assertThat(authorizationContext.getAttributes())
+				.containsKey(OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME);
+		String[] requestScopeAttribute = authorizationContext
+				.getAttribute(OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME);
 		assertThat(requestScopeAttribute).contains("read", "write");
 
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ClientCredentialsOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ClientCredentialsOAuth2AuthorizedClientProviderTests.java
index c2b85c7a30..9255fdfd6b 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ClientCredentialsOAuth2AuthorizedClientProviderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ClientCredentialsOAuth2AuthorizedClientProviderTests.java
@@ -43,9 +43,13 @@ import static org.mockito.Mockito.when;
  * @author Joe Grandja
  */
 public class ClientCredentialsOAuth2AuthorizedClientProviderTests {
+
 	private ClientCredentialsOAuth2AuthorizedClientProvider authorizedClientProvider;
+
 	private OAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest> accessTokenResponseClient;
+
 	private ClientRegistration clientRegistration;
+
 	private Authentication principal;
 
 	@Before
@@ -60,46 +64,39 @@ public class ClientCredentialsOAuth2AuthorizedClientProviderTests {
 	@Test
 	public void setAccessTokenResponseClientWhenClientIsNullThenThrowIllegalArgumentException() {
 		assertThatThrownBy(() -> this.authorizedClientProvider.setAccessTokenResponseClient(null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("accessTokenResponseClient cannot be null");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("accessTokenResponseClient cannot be null");
 	}
 
 	@Test
 	public void setClockSkewWhenNullThenThrowIllegalArgumentException() {
 		assertThatThrownBy(() -> this.authorizedClientProvider.setClockSkew(null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("clockSkew cannot be null");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("clockSkew cannot be null");
 	}
 
 	@Test
 	public void setClockSkewWhenNegativeSecondsThenThrowIllegalArgumentException() {
 		assertThatThrownBy(() -> this.authorizedClientProvider.setClockSkew(Duration.ofSeconds(-1)))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("clockSkew must be >= 0");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("clockSkew must be >= 0");
 	}
 
 	@Test
 	public void setClockWhenNullThenThrowIllegalArgumentException() {
 		assertThatThrownBy(() -> this.authorizedClientProvider.setClock(null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("clock cannot be null");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("clock cannot be null");
 	}
 
 	@Test
 	public void authorizeWhenContextIsNullThenThrowIllegalArgumentException() {
 		assertThatThrownBy(() -> this.authorizedClientProvider.authorize(null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("context cannot be null");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("context cannot be null");
 	}
 
 	@Test
 	public void authorizeWhenNotClientCredentialsThenUnableToAuthorize() {
 		ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build();
 
-		OAuth2AuthorizationContext authorizationContext =
-				OAuth2AuthorizationContext.withClientRegistration(clientRegistration)
-						.principal(this.principal)
-						.build();
+		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
+				.withClientRegistration(clientRegistration).principal(this.principal).build();
 		assertThat(this.authorizedClientProvider.authorize(authorizationContext)).isNull();
 	}
 
@@ -108,10 +105,8 @@ public class ClientCredentialsOAuth2AuthorizedClientProviderTests {
 		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build();
 		when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(accessTokenResponse);
 
-		OAuth2AuthorizationContext authorizationContext =
-				OAuth2AuthorizationContext.withClientRegistration(this.clientRegistration)
-						.principal(this.principal)
-						.build();
+		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
+				.withClientRegistration(this.clientRegistration).principal(this.principal).build();
 		OAuth2AuthorizedClient authorizedClient = this.authorizedClientProvider.authorize(authorizationContext);
 
 		assertThat(authorizedClient.getClientRegistration()).isSameAs(this.clientRegistration);
@@ -123,18 +118,16 @@ public class ClientCredentialsOAuth2AuthorizedClientProviderTests {
 	public void authorizeWhenClientCredentialsAndTokenExpiredThenReauthorize() {
 		Instant issuedAt = Instant.now().minus(Duration.ofDays(1));
 		Instant expiresAt = issuedAt.plus(Duration.ofMinutes(60));
-		OAuth2AccessToken accessToken = new OAuth2AccessToken(
-				OAuth2AccessToken.TokenType.BEARER, "access-token-1234", issuedAt, expiresAt);
-		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(
-				this.clientRegistration, this.principal.getName(), accessToken);
+		OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, "access-token-1234",
+				issuedAt, expiresAt);
+		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration,
+				this.principal.getName(), accessToken);
 
 		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build();
 		when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(accessTokenResponse);
 
-		OAuth2AuthorizationContext authorizationContext =
-				OAuth2AuthorizationContext.withAuthorizedClient(authorizedClient)
-						.principal(this.principal)
-						.build();
+		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
+				.withAuthorizedClient(authorizedClient).principal(this.principal).build();
 		authorizedClient = this.authorizedClientProvider.authorize(authorizationContext);
 
 		assertThat(authorizedClient.getClientRegistration()).isSameAs(this.clientRegistration);
@@ -144,13 +137,11 @@ public class ClientCredentialsOAuth2AuthorizedClientProviderTests {
 
 	@Test
 	public void authorizeWhenClientCredentialsAndTokenNotExpiredThenNotReauthorize() {
-		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(
-				this.clientRegistration, this.principal.getName(), TestOAuth2AccessTokens.noScopes());
+		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration,
+				this.principal.getName(), TestOAuth2AccessTokens.noScopes());
 
-		OAuth2AuthorizationContext authorizationContext =
-				OAuth2AuthorizationContext.withAuthorizedClient(authorizedClient)
-						.principal(this.principal)
-						.build();
+		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
+				.withAuthorizedClient(authorizedClient).principal(this.principal).build();
 		assertThat(this.authorizedClientProvider.authorize(authorizationContext)).isNull();
 	}
 
@@ -160,21 +151,20 @@ public class ClientCredentialsOAuth2AuthorizedClientProviderTests {
 		Instant now = Instant.now();
 		Instant issuedAt = now.minus(Duration.ofMinutes(60));
 		Instant expiresAt = now.minus(Duration.ofMinutes(1));
-		OAuth2AccessToken expiresInOneMinAccessToken = new OAuth2AccessToken(
-				OAuth2AccessToken.TokenType.BEARER, "access-token-1234", issuedAt, expiresAt);
-		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(
-				this.clientRegistration, this.principal.getName(), expiresInOneMinAccessToken);
+		OAuth2AccessToken expiresInOneMinAccessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,
+				"access-token-1234", issuedAt, expiresAt);
+		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration,
+				this.principal.getName(), expiresInOneMinAccessToken);
 
-		// Shorten the lifespan of the access token by 90 seconds, which will ultimately force it to expire on the client
+		// Shorten the lifespan of the access token by 90 seconds, which will ultimately
+		// force it to expire on the client
 		this.authorizedClientProvider.setClockSkew(Duration.ofSeconds(90));
 
 		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build();
 		when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(accessTokenResponse);
 
-		OAuth2AuthorizationContext authorizationContext =
-				OAuth2AuthorizationContext.withAuthorizedClient(authorizedClient)
-						.principal(this.principal)
-						.build();
+		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
+				.withAuthorizedClient(authorizedClient).principal(this.principal).build();
 
 		OAuth2AuthorizedClient reauthorizedClient = this.authorizedClientProvider.authorize(authorizationContext);
 
@@ -182,4 +172,5 @@ public class ClientCredentialsOAuth2AuthorizedClientProviderTests {
 		assertThat(reauthorizedClient.getPrincipalName()).isEqualTo(this.principal.getName());
 		assertThat(reauthorizedClient.getAccessToken()).isEqualTo(accessTokenResponse.getAccessToken());
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ClientCredentialsReactiveOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ClientCredentialsReactiveOAuth2AuthorizedClientProviderTests.java
index af33a645ac..607b00036a 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ClientCredentialsReactiveOAuth2AuthorizedClientProviderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ClientCredentialsReactiveOAuth2AuthorizedClientProviderTests.java
@@ -44,9 +44,13 @@ import static org.mockito.Mockito.when;
  * @author Joe Grandja
  */
 public class ClientCredentialsReactiveOAuth2AuthorizedClientProviderTests {
+
 	private ClientCredentialsReactiveOAuth2AuthorizedClientProvider authorizedClientProvider;
+
 	private ReactiveOAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest> accessTokenResponseClient;
+
 	private ClientRegistration clientRegistration;
+
 	private Authentication principal;
 
 	@Before
@@ -61,46 +65,39 @@ public class ClientCredentialsReactiveOAuth2AuthorizedClientProviderTests {
 	@Test
 	public void setAccessTokenResponseClientWhenClientIsNullThenThrowIllegalArgumentException() {
 		assertThatThrownBy(() -> this.authorizedClientProvider.setAccessTokenResponseClient(null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("accessTokenResponseClient cannot be null");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("accessTokenResponseClient cannot be null");
 	}
 
 	@Test
 	public void setClockSkewWhenNullThenThrowIllegalArgumentException() {
 		assertThatThrownBy(() -> this.authorizedClientProvider.setClockSkew(null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("clockSkew cannot be null");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("clockSkew cannot be null");
 	}
 
 	@Test
 	public void setClockSkewWhenNegativeSecondsThenThrowIllegalArgumentException() {
 		assertThatThrownBy(() -> this.authorizedClientProvider.setClockSkew(Duration.ofSeconds(-1)))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("clockSkew must be >= 0");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("clockSkew must be >= 0");
 	}
 
 	@Test
 	public void setClockWhenNullThenThrowIllegalArgumentException() {
 		assertThatThrownBy(() -> this.authorizedClientProvider.setClock(null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("clock cannot be null");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("clock cannot be null");
 	}
 
 	@Test
 	public void authorizeWhenContextIsNullThenThrowIllegalArgumentException() {
 		assertThatThrownBy(() -> this.authorizedClientProvider.authorize(null).block())
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("context cannot be null");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("context cannot be null");
 	}
 
 	@Test
 	public void authorizeWhenNotClientCredentialsThenUnableToAuthorize() {
 		ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build();
 
-		OAuth2AuthorizationContext authorizationContext =
-				OAuth2AuthorizationContext.withClientRegistration(clientRegistration)
-						.principal(this.principal)
-						.build();
+		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
+				.withClientRegistration(clientRegistration).principal(this.principal).build();
 		assertThat(this.authorizedClientProvider.authorize(authorizationContext).block()).isNull();
 	}
 
@@ -109,10 +106,8 @@ public class ClientCredentialsReactiveOAuth2AuthorizedClientProviderTests {
 		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build();
 		when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(Mono.just(accessTokenResponse));
 
-		OAuth2AuthorizationContext authorizationContext =
-				OAuth2AuthorizationContext.withClientRegistration(this.clientRegistration)
-						.principal(this.principal)
-						.build();
+		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
+				.withClientRegistration(this.clientRegistration).principal(this.principal).build();
 		OAuth2AuthorizedClient authorizedClient = this.authorizedClientProvider.authorize(authorizationContext).block();
 
 		assertThat(authorizedClient.getClientRegistration()).isSameAs(this.clientRegistration);
@@ -124,18 +119,16 @@ public class ClientCredentialsReactiveOAuth2AuthorizedClientProviderTests {
 	public void authorizeWhenClientCredentialsAndTokenExpiredThenReauthorize() {
 		Instant issuedAt = Instant.now().minus(Duration.ofDays(1));
 		Instant expiresAt = issuedAt.plus(Duration.ofMinutes(60));
-		OAuth2AccessToken accessToken = new OAuth2AccessToken(
-				OAuth2AccessToken.TokenType.BEARER, "access-token-1234", issuedAt, expiresAt);
-		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(
-				this.clientRegistration, this.principal.getName(), accessToken);
+		OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, "access-token-1234",
+				issuedAt, expiresAt);
+		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration,
+				this.principal.getName(), accessToken);
 
 		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build();
 		when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(Mono.just(accessTokenResponse));
 
-		OAuth2AuthorizationContext authorizationContext =
-				OAuth2AuthorizationContext.withAuthorizedClient(authorizedClient)
-						.principal(this.principal)
-						.build();
+		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
+				.withAuthorizedClient(authorizedClient).principal(this.principal).build();
 		authorizedClient = this.authorizedClientProvider.authorize(authorizationContext).block();
 
 		assertThat(authorizedClient.getClientRegistration()).isSameAs(this.clientRegistration);
@@ -145,13 +138,11 @@ public class ClientCredentialsReactiveOAuth2AuthorizedClientProviderTests {
 
 	@Test
 	public void authorizeWhenClientCredentialsAndTokenNotExpiredThenNotReauthorize() {
-		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(
-				this.clientRegistration, this.principal.getName(), TestOAuth2AccessTokens.noScopes());
+		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration,
+				this.principal.getName(), TestOAuth2AccessTokens.noScopes());
 
-		OAuth2AuthorizationContext authorizationContext =
-				OAuth2AuthorizationContext.withAuthorizedClient(authorizedClient)
-						.principal(this.principal)
-						.build();
+		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
+				.withAuthorizedClient(authorizedClient).principal(this.principal).build();
 		assertThat(this.authorizedClientProvider.authorize(authorizationContext).block()).isNull();
 	}
 
@@ -161,26 +152,27 @@ public class ClientCredentialsReactiveOAuth2AuthorizedClientProviderTests {
 		Instant now = Instant.now();
 		Instant issuedAt = now.minus(Duration.ofMinutes(60));
 		Instant expiresAt = now.minus(Duration.ofMinutes(1));
-		OAuth2AccessToken expiresInOneMinAccessToken = new OAuth2AccessToken(
-				OAuth2AccessToken.TokenType.BEARER, "access-token-1234", issuedAt, expiresAt);
-		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(
-				this.clientRegistration, this.principal.getName(), expiresInOneMinAccessToken);
+		OAuth2AccessToken expiresInOneMinAccessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,
+				"access-token-1234", issuedAt, expiresAt);
+		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration,
+				this.principal.getName(), expiresInOneMinAccessToken);
 
-		// Shorten the lifespan of the access token by 90 seconds, which will ultimately force it to expire on the client
+		// Shorten the lifespan of the access token by 90 seconds, which will ultimately
+		// force it to expire on the client
 		this.authorizedClientProvider.setClockSkew(Duration.ofSeconds(90));
 
 		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build();
 		when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(Mono.just(accessTokenResponse));
 
-		OAuth2AuthorizationContext authorizationContext =
-				OAuth2AuthorizationContext.withAuthorizedClient(authorizedClient)
-						.principal(this.principal)
-						.build();
+		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
+				.withAuthorizedClient(authorizedClient).principal(this.principal).build();
 
-		OAuth2AuthorizedClient reauthorizedClient = this.authorizedClientProvider.authorize(authorizationContext).block();
+		OAuth2AuthorizedClient reauthorizedClient = this.authorizedClientProvider.authorize(authorizationContext)
+				.block();
 
 		assertThat(reauthorizedClient.getClientRegistration()).isSameAs(this.clientRegistration);
 		assertThat(reauthorizedClient.getPrincipalName()).isEqualTo(this.principal.getName());
 		assertThat(reauthorizedClient.getAccessToken()).isEqualTo(accessTokenResponse.getAccessToken());
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/DelegatingOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/DelegatingOAuth2AuthorizedClientProviderTests.java
index f930233aa8..5ec89f06b7 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/DelegatingOAuth2AuthorizedClientProviderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/DelegatingOAuth2AuthorizedClientProviderTests.java
@@ -49,8 +49,7 @@ public class DelegatingOAuth2AuthorizedClientProviderTests {
 	public void authorizeWhenContextIsNullThenThrowIllegalArgumentException() {
 		DelegatingOAuth2AuthorizedClientProvider delegate = new DelegatingOAuth2AuthorizedClientProvider(
 				mock(OAuth2AuthorizedClientProvider.class));
-		assertThatThrownBy(() -> delegate.authorize(null))
-				.isInstanceOf(IllegalArgumentException.class)
+		assertThatThrownBy(() -> delegate.authorize(null)).isInstanceOf(IllegalArgumentException.class)
 				.hasMessage("context cannot be null");
 	}
 
@@ -58,17 +57,17 @@ public class DelegatingOAuth2AuthorizedClientProviderTests {
 	public void authorizeWhenProviderCanAuthorizeThenReturnAuthorizedClient() {
 		Authentication principal = new TestingAuthenticationToken("principal", "password");
 		ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build();
-		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(
-				clientRegistration, principal.getName(), TestOAuth2AccessTokens.noScopes());
+		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(clientRegistration, principal.getName(),
+				TestOAuth2AccessTokens.noScopes());
 
 		OAuth2AuthorizedClientProvider authorizedClientProvider = mock(OAuth2AuthorizedClientProvider.class);
 		when(authorizedClientProvider.authorize(any())).thenReturn(authorizedClient);
 
 		DelegatingOAuth2AuthorizedClientProvider delegate = new DelegatingOAuth2AuthorizedClientProvider(
-				mock(OAuth2AuthorizedClientProvider.class), mock(OAuth2AuthorizedClientProvider.class), authorizedClientProvider);
+				mock(OAuth2AuthorizedClientProvider.class), mock(OAuth2AuthorizedClientProvider.class),
+				authorizedClientProvider);
 		OAuth2AuthorizationContext context = OAuth2AuthorizationContext.withClientRegistration(clientRegistration)
-				.principal(principal)
-				.build();
+				.principal(principal).build();
 		OAuth2AuthorizedClient reauthorizedClient = delegate.authorize(context);
 		assertThat(reauthorizedClient).isSameAs(authorizedClient);
 	}
@@ -77,11 +76,11 @@ public class DelegatingOAuth2AuthorizedClientProviderTests {
 	public void authorizeWhenProviderCantAuthorizeThenReturnNull() {
 		ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build();
 		OAuth2AuthorizationContext context = OAuth2AuthorizationContext.withClientRegistration(clientRegistration)
-				.principal(new TestingAuthenticationToken("principal", "password"))
-				.build();
+				.principal(new TestingAuthenticationToken("principal", "password")).build();
 
 		DelegatingOAuth2AuthorizedClientProvider delegate = new DelegatingOAuth2AuthorizedClientProvider(
 				mock(OAuth2AuthorizedClientProvider.class), mock(OAuth2AuthorizedClientProvider.class));
 		assertThat(delegate.authorize(context)).isNull();
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/DelegatingReactiveOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/DelegatingReactiveOAuth2AuthorizedClientProviderTests.java
index 45ddf6e528..c136b6232a 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/DelegatingReactiveOAuth2AuthorizedClientProviderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/DelegatingReactiveOAuth2AuthorizedClientProviderTests.java
@@ -40,8 +40,8 @@ public class DelegatingReactiveOAuth2AuthorizedClientProviderTests {
 
 	@Test
 	public void constructorWhenProvidersIsEmptyThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> new DelegatingReactiveOAuth2AuthorizedClientProvider(new ReactiveOAuth2AuthorizedClientProvider[0]))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatThrownBy(() -> new DelegatingReactiveOAuth2AuthorizedClientProvider(
+				new ReactiveOAuth2AuthorizedClientProvider[0])).isInstanceOf(IllegalArgumentException.class);
 		assertThatThrownBy(() -> new DelegatingReactiveOAuth2AuthorizedClientProvider(Collections.emptyList()))
 				.isInstanceOf(IllegalArgumentException.class);
 	}
@@ -50,8 +50,7 @@ public class DelegatingReactiveOAuth2AuthorizedClientProviderTests {
 	public void authorizeWhenContextIsNullThenThrowIllegalArgumentException() {
 		DelegatingReactiveOAuth2AuthorizedClientProvider delegate = new DelegatingReactiveOAuth2AuthorizedClientProvider(
 				mock(ReactiveOAuth2AuthorizedClientProvider.class));
-		assertThatThrownBy(() -> delegate.authorize(null).block())
-				.isInstanceOf(IllegalArgumentException.class)
+		assertThatThrownBy(() -> delegate.authorize(null).block()).isInstanceOf(IllegalArgumentException.class)
 				.hasMessage("context cannot be null");
 	}
 
@@ -59,21 +58,23 @@ public class DelegatingReactiveOAuth2AuthorizedClientProviderTests {
 	public void authorizeWhenProviderCanAuthorizeThenReturnAuthorizedClient() {
 		Authentication principal = new TestingAuthenticationToken("principal", "password");
 		ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build();
-		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(
-				clientRegistration, principal.getName(), TestOAuth2AccessTokens.noScopes());
+		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(clientRegistration, principal.getName(),
+				TestOAuth2AccessTokens.noScopes());
 
-		ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider1 = mock(ReactiveOAuth2AuthorizedClientProvider.class);
+		ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider1 = mock(
+				ReactiveOAuth2AuthorizedClientProvider.class);
 		when(authorizedClientProvider1.authorize(any())).thenReturn(Mono.empty());
-		ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider2 = mock(ReactiveOAuth2AuthorizedClientProvider.class);
+		ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider2 = mock(
+				ReactiveOAuth2AuthorizedClientProvider.class);
 		when(authorizedClientProvider2.authorize(any())).thenReturn(Mono.empty());
-		ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider3 = mock(ReactiveOAuth2AuthorizedClientProvider.class);
+		ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider3 = mock(
+				ReactiveOAuth2AuthorizedClientProvider.class);
 		when(authorizedClientProvider3.authorize(any())).thenReturn(Mono.just(authorizedClient));
 
 		DelegatingReactiveOAuth2AuthorizedClientProvider delegate = new DelegatingReactiveOAuth2AuthorizedClientProvider(
 				authorizedClientProvider1, authorizedClientProvider2, authorizedClientProvider3);
 		OAuth2AuthorizationContext context = OAuth2AuthorizationContext.withClientRegistration(clientRegistration)
-				.principal(principal)
-				.build();
+				.principal(principal).build();
 		OAuth2AuthorizedClient reauthorizedClient = delegate.authorize(context).block();
 		assertThat(reauthorizedClient).isSameAs(authorizedClient);
 	}
@@ -82,16 +83,18 @@ public class DelegatingReactiveOAuth2AuthorizedClientProviderTests {
 	public void authorizeWhenProviderCantAuthorizeThenReturnNull() {
 		ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build();
 		OAuth2AuthorizationContext context = OAuth2AuthorizationContext.withClientRegistration(clientRegistration)
-				.principal(new TestingAuthenticationToken("principal", "password"))
-				.build();
+				.principal(new TestingAuthenticationToken("principal", "password")).build();
 
-		ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider1 = mock(ReactiveOAuth2AuthorizedClientProvider.class);
+		ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider1 = mock(
+				ReactiveOAuth2AuthorizedClientProvider.class);
 		when(authorizedClientProvider1.authorize(any())).thenReturn(Mono.empty());
-		ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider2 = mock(ReactiveOAuth2AuthorizedClientProvider.class);
+		ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider2 = mock(
+				ReactiveOAuth2AuthorizedClientProvider.class);
 		when(authorizedClientProvider2.authorize(any())).thenReturn(Mono.empty());
 
 		DelegatingReactiveOAuth2AuthorizedClientProvider delegate = new DelegatingReactiveOAuth2AuthorizedClientProvider(
 				authorizedClientProvider1, authorizedClientProvider2);
 		assertThat(delegate.authorize(context).block()).isNull();
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryOAuth2AuthorizedClientServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryOAuth2AuthorizedClientServiceTests.java
index dbb00dbfcc..6561adab35 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryOAuth2AuthorizedClientServiceTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryOAuth2AuthorizedClientServiceTests.java
@@ -39,24 +39,23 @@ import static org.mockito.Mockito.when;
  * @author Vedran Pavic
  */
 public class InMemoryOAuth2AuthorizedClientServiceTests {
+
 	private String principalName1 = "principal-1";
+
 	private String principalName2 = "principal-2";
 
 	private ClientRegistration registration1 = TestClientRegistrations.clientRegistration().build();
 
 	private ClientRegistration registration2 = TestClientRegistrations.clientRegistration2().build();
 
-	private ClientRegistration registration3 = TestClientRegistrations.clientRegistration()
-			.clientId("client-3")
-			.registrationId("registration-3")
-			.build();
+	private ClientRegistration registration3 = TestClientRegistrations.clientRegistration().clientId("client-3")
+			.registrationId("registration-3").build();
 
-	private ClientRegistrationRepository clientRegistrationRepository =
-		new InMemoryClientRegistrationRepository(this.registration1, this.registration2, this.registration3);
-
-	private InMemoryOAuth2AuthorizedClientService authorizedClientService =
-		new InMemoryOAuth2AuthorizedClientService(this.clientRegistrationRepository);
+	private ClientRegistrationRepository clientRegistrationRepository = new InMemoryClientRegistrationRepository(
+			this.registration1, this.registration2, this.registration3);
 
+	private InMemoryOAuth2AuthorizedClientService authorizedClientService = new InMemoryOAuth2AuthorizedClientService(
+			this.clientRegistrationRepository);
 
 	@Test(expected = IllegalArgumentException.class)
 	public void constructorWhenClientRegistrationRepositoryIsNullThenThrowIllegalArgumentException() {
@@ -66,8 +65,7 @@ public class InMemoryOAuth2AuthorizedClientServiceTests {
 	@Test
 	public void constructorWhenAuthorizedClientsIsNullThenThrowIllegalArgumentException() {
 		assertThatThrownBy(() -> new InMemoryOAuth2AuthorizedClientService(this.clientRegistrationRepository, null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("authorizedClients cannot be empty");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("authorizedClients cannot be empty");
 	}
 
 	@Test
@@ -82,8 +80,8 @@ public class InMemoryOAuth2AuthorizedClientServiceTests {
 
 		InMemoryOAuth2AuthorizedClientService authorizedClientService = new InMemoryOAuth2AuthorizedClientService(
 				clientRegistrationRepository, authorizedClients);
-		assertThat((OAuth2AuthorizedClient) authorizedClientService.loadAuthorizedClient(
-				registrationId, this.principalName1)).isNotNull();
+		assertThat((OAuth2AuthorizedClient) authorizedClientService.loadAuthorizedClient(registrationId,
+				this.principalName1)).isNotNull();
 	}
 
 	@Test(expected = IllegalArgumentException.class)
@@ -98,15 +96,15 @@ public class InMemoryOAuth2AuthorizedClientServiceTests {
 
 	@Test
 	public void loadAuthorizedClientWhenClientRegistrationNotFoundThenReturnNull() {
-		OAuth2AuthorizedClient authorizedClient = this.authorizedClientService.loadAuthorizedClient(
-			"registration-not-found", this.principalName1);
+		OAuth2AuthorizedClient authorizedClient = this.authorizedClientService
+				.loadAuthorizedClient("registration-not-found", this.principalName1);
 		assertThat(authorizedClient).isNull();
 	}
 
 	@Test
 	public void loadAuthorizedClientWhenClientRegistrationFoundButNotAssociatedToPrincipalThenReturnNull() {
-		OAuth2AuthorizedClient authorizedClient = this.authorizedClientService.loadAuthorizedClient(
-			this.registration1.getRegistrationId(), "principal-not-found");
+		OAuth2AuthorizedClient authorizedClient = this.authorizedClientService
+				.loadAuthorizedClient(this.registration1.getRegistrationId(), "principal-not-found");
 		assertThat(authorizedClient).isNull();
 	}
 
@@ -115,12 +113,12 @@ public class InMemoryOAuth2AuthorizedClientServiceTests {
 		Authentication authentication = mock(Authentication.class);
 		when(authentication.getName()).thenReturn(this.principalName1);
 
-		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(
-			this.registration1, this.principalName1, mock(OAuth2AccessToken.class));
+		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration1, this.principalName1,
+				mock(OAuth2AccessToken.class));
 		this.authorizedClientService.saveAuthorizedClient(authorizedClient, authentication);
 
-		OAuth2AuthorizedClient loadedAuthorizedClient = this.authorizedClientService.loadAuthorizedClient(
-			this.registration1.getRegistrationId(), this.principalName1);
+		OAuth2AuthorizedClient loadedAuthorizedClient = this.authorizedClientService
+				.loadAuthorizedClient(this.registration1.getRegistrationId(), this.principalName1);
 		assertThat(loadedAuthorizedClient).isEqualTo(authorizedClient);
 	}
 
@@ -139,12 +137,12 @@ public class InMemoryOAuth2AuthorizedClientServiceTests {
 		Authentication authentication = mock(Authentication.class);
 		when(authentication.getName()).thenReturn(this.principalName2);
 
-		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(
-			this.registration3, this.principalName2, mock(OAuth2AccessToken.class));
+		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration3, this.principalName2,
+				mock(OAuth2AccessToken.class));
 		this.authorizedClientService.saveAuthorizedClient(authorizedClient, authentication);
 
-		OAuth2AuthorizedClient loadedAuthorizedClient = this.authorizedClientService.loadAuthorizedClient(
-			this.registration3.getRegistrationId(), this.principalName2);
+		OAuth2AuthorizedClient loadedAuthorizedClient = this.authorizedClientService
+				.loadAuthorizedClient(this.registration3.getRegistrationId(), this.principalName2);
 		assertThat(loadedAuthorizedClient).isEqualTo(authorizedClient);
 	}
 
@@ -163,18 +161,20 @@ public class InMemoryOAuth2AuthorizedClientServiceTests {
 		Authentication authentication = mock(Authentication.class);
 		when(authentication.getName()).thenReturn(this.principalName2);
 
-		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(
-			this.registration2, this.principalName2, mock(OAuth2AccessToken.class));
+		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration2, this.principalName2,
+				mock(OAuth2AccessToken.class));
 		this.authorizedClientService.saveAuthorizedClient(authorizedClient, authentication);
 
-		OAuth2AuthorizedClient loadedAuthorizedClient = this.authorizedClientService.loadAuthorizedClient(
-			this.registration2.getRegistrationId(), this.principalName2);
+		OAuth2AuthorizedClient loadedAuthorizedClient = this.authorizedClientService
+				.loadAuthorizedClient(this.registration2.getRegistrationId(), this.principalName2);
 		assertThat(loadedAuthorizedClient).isNotNull();
 
-		this.authorizedClientService.removeAuthorizedClient(this.registration2.getRegistrationId(), this.principalName2);
+		this.authorizedClientService.removeAuthorizedClient(this.registration2.getRegistrationId(),
+				this.principalName2);
 
-		loadedAuthorizedClient = this.authorizedClientService.loadAuthorizedClient(
-			this.registration2.getRegistrationId(), this.principalName2);
+		loadedAuthorizedClient = this.authorizedClientService
+				.loadAuthorizedClient(this.registration2.getRegistrationId(), this.principalName2);
 		assertThat(loadedAuthorizedClient).isNull();
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryReactiveOAuth2AuthorizedClientServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryReactiveOAuth2AuthorizedClientServiceTests.java
index 2d05534822..69aa766928 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryReactiveOAuth2AuthorizedClientServiceTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryReactiveOAuth2AuthorizedClientServiceTests.java
@@ -43,6 +43,7 @@ import static org.mockito.Mockito.when;
  */
 @RunWith(MockitoJUnitRunner.class)
 public class InMemoryReactiveOAuth2AuthorizedClientServiceTests {
+
 	@Mock
 	private ReactiveClientRegistrationRepository clientRegistrationRepository;
 
@@ -54,24 +55,16 @@ public class InMemoryReactiveOAuth2AuthorizedClientServiceTests {
 
 	private Authentication principal = new TestingAuthenticationToken(this.principalName, "notused");
 
-	OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,
-			"token",
-			Instant.now(),
+	OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, "token", Instant.now(),
 			Instant.now().plus(Duration.ofDays(1)));
 
 	private ClientRegistration clientRegistration = ClientRegistration.withRegistrationId(this.clientRegistrationId)
 			.redirectUri("{baseUrl}/{action}/oauth2/code/{registrationId}")
 			.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
-			.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
-			.scope("read:user")
+			.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).scope("read:user")
 			.authorizationUri("https://github.com/login/oauth/authorize")
-			.tokenUri("https://github.com/login/oauth/access_token")
-			.userInfoUri("https://api.github.com/user")
-			.userNameAttributeName("id")
-			.clientName("GitHub")
-			.clientId("clientId")
-			.clientSecret("clientSecret")
-			.build();
+			.tokenUri("https://github.com/login/oauth/access_token").userInfoUri("https://api.github.com/user")
+			.userNameAttributeName("id").clientName("GitHub").clientId("clientId").clientSecret("clientSecret").build();
 
 	@Before
 	public void setup() {
@@ -89,58 +82,64 @@ public class InMemoryReactiveOAuth2AuthorizedClientServiceTests {
 	@Test
 	public void loadAuthorizedClientWhenClientRegistrationIdNullThenIllegalArgumentException() {
 		this.clientRegistrationId = null;
-		assertThatThrownBy(() -> this.authorizedClientService.loadAuthorizedClient(this.clientRegistrationId, this.principalName))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatThrownBy(
+				() -> this.authorizedClientService.loadAuthorizedClient(this.clientRegistrationId, this.principalName))
+						.isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
 	public void loadAuthorizedClientWhenClientRegistrationIdEmptyThenIllegalArgumentException() {
 		this.clientRegistrationId = "";
-		assertThatThrownBy(() -> this.authorizedClientService.loadAuthorizedClient(this.clientRegistrationId, this.principalName))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatThrownBy(
+				() -> this.authorizedClientService.loadAuthorizedClient(this.clientRegistrationId, this.principalName))
+						.isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
 	public void loadAuthorizedClientWhenPrincipalNameNullThenIllegalArgumentException() {
 		this.principalName = null;
-		assertThatThrownBy(() -> this.authorizedClientService.loadAuthorizedClient(this.clientRegistrationId, this.principalName))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatThrownBy(
+				() -> this.authorizedClientService.loadAuthorizedClient(this.clientRegistrationId, this.principalName))
+						.isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
 	public void loadAuthorizedClientWhenPrincipalNameEmptyThenIllegalArgumentException() {
 		this.principalName = "";
-		assertThatThrownBy(() -> this.authorizedClientService.loadAuthorizedClient(this.clientRegistrationId, this.principalName))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatThrownBy(
+				() -> this.authorizedClientService.loadAuthorizedClient(this.clientRegistrationId, this.principalName))
+						.isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
 	public void loadAuthorizedClientWhenClientRegistrationIdNotFoundThenEmpty() {
 		when(this.clientRegistrationRepository.findByRegistrationId(this.clientRegistrationId))
 				.thenReturn(Mono.empty());
-		StepVerifier
-			.create(this.authorizedClientService.loadAuthorizedClient(this.clientRegistrationId, this.principalName))
-			.verifyComplete();
+		StepVerifier.create(
+				this.authorizedClientService.loadAuthorizedClient(this.clientRegistrationId, this.principalName))
+				.verifyComplete();
 	}
 
 	@Test
 	public void loadAuthorizedClientWhenClientRegistrationFoundAndNotAuthorizedClientThenEmpty() {
-		when(this.clientRegistrationRepository.findByRegistrationId(this.clientRegistrationId)).thenReturn(Mono.just(this.clientRegistration));
-		StepVerifier
-				.create(this.authorizedClientService.loadAuthorizedClient(this.clientRegistrationId, this.principalName))
+		when(this.clientRegistrationRepository.findByRegistrationId(this.clientRegistrationId))
+				.thenReturn(Mono.just(this.clientRegistration));
+		StepVerifier.create(
+				this.authorizedClientService.loadAuthorizedClient(this.clientRegistrationId, this.principalName))
 				.verifyComplete();
 	}
 
 	@Test
 	public void loadAuthorizedClientWhenClientRegistrationFoundThenFound() {
-		when(this.clientRegistrationRepository.findByRegistrationId(this.clientRegistrationId)).thenReturn(Mono.just(this.clientRegistration));
-		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, this.principalName, this.accessToken);
-		Mono<OAuth2AuthorizedClient> saveAndLoad = this.authorizedClientService.saveAuthorizedClient(authorizedClient, this.principal)
+		when(this.clientRegistrationRepository.findByRegistrationId(this.clientRegistrationId))
+				.thenReturn(Mono.just(this.clientRegistration));
+		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration,
+				this.principalName, this.accessToken);
+		Mono<OAuth2AuthorizedClient> saveAndLoad = this.authorizedClientService
+				.saveAuthorizedClient(authorizedClient, this.principal)
 				.then(this.authorizedClientService.loadAuthorizedClient(this.clientRegistrationId, this.principalName));
 
-		StepVerifier.create(saveAndLoad)
-			.expectNext(authorizedClient)
-			.verifyComplete();
+		StepVerifier.create(saveAndLoad).expectNext(authorizedClient).verifyComplete();
 	}
 
 	@Test
@@ -152,7 +151,8 @@ public class InMemoryReactiveOAuth2AuthorizedClientServiceTests {
 
 	@Test
 	public void saveAuthorizedClientWhenPrincipalNullThenIllegalArgumentException() {
-		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, this.principalName, this.accessToken);
+		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration,
+				this.principalName, this.accessToken);
 		this.principal = null;
 		assertThatThrownBy(() -> this.authorizedClientService.saveAuthorizedClient(authorizedClient, this.principal))
 				.isInstanceOf(IllegalArgumentException.class);
@@ -161,51 +161,59 @@ public class InMemoryReactiveOAuth2AuthorizedClientServiceTests {
 	@Test
 	public void removeAuthorizedClientWhenClientRegistrationIdNullThenIllegalArgumentException() {
 		this.clientRegistrationId = null;
-		assertThatThrownBy(() -> this.authorizedClientService.loadAuthorizedClient(this.clientRegistrationId, this.principalName))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatThrownBy(
+				() -> this.authorizedClientService.loadAuthorizedClient(this.clientRegistrationId, this.principalName))
+						.isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
 	public void removeAuthorizedClientWhenClientRegistrationIdEmptyThenIllegalArgumentException() {
 		this.clientRegistrationId = "";
-		assertThatThrownBy(() -> this.authorizedClientService.loadAuthorizedClient(this.clientRegistrationId, this.principalName))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatThrownBy(
+				() -> this.authorizedClientService.loadAuthorizedClient(this.clientRegistrationId, this.principalName))
+						.isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
 	public void removeAuthorizedClientWhenPrincipalNameNullThenIllegalArgumentException() {
 		this.principalName = null;
-		assertThatThrownBy(() -> this.authorizedClientService.removeAuthorizedClient(this.clientRegistrationId, this.principalName))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatThrownBy(() -> this.authorizedClientService.removeAuthorizedClient(this.clientRegistrationId,
+				this.principalName)).isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
 	public void removeAuthorizedClientWhenPrincipalNameEmptyThenIllegalArgumentException() {
 		this.principalName = "";
-		assertThatThrownBy(() -> this.authorizedClientService.removeAuthorizedClient(this.clientRegistrationId, this.principalName))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatThrownBy(() -> this.authorizedClientService.removeAuthorizedClient(this.clientRegistrationId,
+				this.principalName)).isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
 	public void removeAuthorizedClientWhenClientIdThenNoException() {
-		when(this.clientRegistrationRepository.findByRegistrationId(this.clientRegistrationId)).thenReturn(Mono.empty());
-		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, this.principalName, this.accessToken);
-		Mono<Void> saveAndDeleteAndLoad = this.authorizedClientService.saveAuthorizedClient(authorizedClient, this.principal)
-				.then(this.authorizedClientService.removeAuthorizedClient(this.clientRegistrationId, this.principalName));
+		when(this.clientRegistrationRepository.findByRegistrationId(this.clientRegistrationId))
+				.thenReturn(Mono.empty());
+		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration,
+				this.principalName, this.accessToken);
+		Mono<Void> saveAndDeleteAndLoad = this.authorizedClientService
+				.saveAuthorizedClient(authorizedClient, this.principal).then(this.authorizedClientService
+						.removeAuthorizedClient(this.clientRegistrationId, this.principalName));
 
-		StepVerifier.create(saveAndDeleteAndLoad)
-				.verifyComplete();
+		StepVerifier.create(saveAndDeleteAndLoad).verifyComplete();
 	}
 
 	@Test
 	public void removeAuthorizedClientWhenClientRegistrationFoundRemovedThenNotFound() {
-		when(this.clientRegistrationRepository.findByRegistrationId(this.clientRegistrationId)).thenReturn(Mono.just(this.clientRegistration));
-		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, this.principalName, this.accessToken);
-		Mono<OAuth2AuthorizedClient> saveAndDeleteAndLoad = this.authorizedClientService.saveAuthorizedClient(authorizedClient, this.principal)
-				.then(this.authorizedClientService.removeAuthorizedClient(this.clientRegistrationId, this.principalName))
+		when(this.clientRegistrationRepository.findByRegistrationId(this.clientRegistrationId))
+				.thenReturn(Mono.just(this.clientRegistration));
+		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration,
+				this.principalName, this.accessToken);
+		Mono<OAuth2AuthorizedClient> saveAndDeleteAndLoad = this.authorizedClientService
+				.saveAuthorizedClient(authorizedClient, this.principal)
+				.then(this.authorizedClientService.removeAuthorizedClient(this.clientRegistrationId,
+						this.principalName))
 				.then(this.authorizedClientService.loadAuthorizedClient(this.clientRegistrationId, this.principalName));
 
-		StepVerifier.create(saveAndDeleteAndLoad)
-				.verifyComplete();
+		StepVerifier.create(saveAndDeleteAndLoad).verifyComplete();
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/JdbcOAuth2AuthorizedClientServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/JdbcOAuth2AuthorizedClientServiceTests.java
index 78fe9c30fb..978da44b57 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/JdbcOAuth2AuthorizedClientServiceTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/JdbcOAuth2AuthorizedClientServiceTests.java
@@ -68,12 +68,19 @@ import static org.mockito.Mockito.when;
  * @author Stav Shamir
  */
 public class JdbcOAuth2AuthorizedClientServiceTests {
+
 	private static final String OAUTH2_CLIENT_SCHEMA_SQL_RESOURCE = "org/springframework/security/oauth2/client/oauth2-client-schema.sql";
+
 	private static int principalId = 1000;
+
 	private ClientRegistration clientRegistration;
+
 	private ClientRegistrationRepository clientRegistrationRepository;
+
 	private EmbeddedDatabase db;
+
 	private JdbcOperations jdbcOperations;
+
 	private JdbcOAuth2AuthorizedClientService authorizedClientService;
 
 	@Before
@@ -83,8 +90,8 @@ public class JdbcOAuth2AuthorizedClientServiceTests {
 		when(this.clientRegistrationRepository.findByRegistrationId(any())).thenReturn(this.clientRegistration);
 		this.db = createDb();
 		this.jdbcOperations = new JdbcTemplate(this.db);
-		this.authorizedClientService = new JdbcOAuth2AuthorizedClientService(
-				this.jdbcOperations, this.clientRegistrationRepository);
+		this.authorizedClientService = new JdbcOAuth2AuthorizedClientService(this.jdbcOperations,
+				this.clientRegistrationRepository);
 	}
 
 	@After
@@ -95,22 +102,19 @@ public class JdbcOAuth2AuthorizedClientServiceTests {
 	@Test
 	public void constructorWhenJdbcOperationsIsNullThenThrowIllegalArgumentException() {
 		assertThatThrownBy(() -> new JdbcOAuth2AuthorizedClientService(null, this.clientRegistrationRepository))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("jdbcOperations cannot be null");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("jdbcOperations cannot be null");
 	}
 
 	@Test
 	public void constructorWhenClientRegistrationRepositoryIsNullThenThrowIllegalArgumentException() {
 		assertThatThrownBy(() -> new JdbcOAuth2AuthorizedClientService(this.jdbcOperations, null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("clientRegistrationRepository cannot be null");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("clientRegistrationRepository cannot be null");
 	}
 
 	@Test
 	public void setAuthorizedClientRowMapperWhenNullThenThrowIllegalArgumentException() {
 		assertThatThrownBy(() -> this.authorizedClientService.setAuthorizedClientRowMapper(null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("authorizedClientRowMapper cannot be null");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("authorizedClientRowMapper cannot be null");
 	}
 
 	@Test
@@ -123,21 +127,20 @@ public class JdbcOAuth2AuthorizedClientServiceTests {
 	@Test
 	public void loadAuthorizedClientWhenClientRegistrationIdIsNullThenThrowIllegalArgumentException() {
 		assertThatThrownBy(() -> this.authorizedClientService.loadAuthorizedClient(null, "principalName"))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("clientRegistrationId cannot be empty");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("clientRegistrationId cannot be empty");
 	}
 
 	@Test
 	public void loadAuthorizedClientWhenPrincipalNameIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.authorizedClientService.loadAuthorizedClient(this.clientRegistration.getRegistrationId(), null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("principalName cannot be empty");
+		assertThatThrownBy(() -> this.authorizedClientService
+				.loadAuthorizedClient(this.clientRegistration.getRegistrationId(), null))
+						.isInstanceOf(IllegalArgumentException.class).hasMessage("principalName cannot be empty");
 	}
 
 	@Test
 	public void loadAuthorizedClientWhenDoesNotExistThenReturnNull() {
-		OAuth2AuthorizedClient authorizedClient = this.authorizedClientService.loadAuthorizedClient(
-				"registration-not-found", "principalName");
+		OAuth2AuthorizedClient authorizedClient = this.authorizedClientService
+				.loadAuthorizedClient("registration-not-found", "principalName");
 		assertThat(authorizedClient).isNull();
 	}
 
@@ -148,19 +151,25 @@ public class JdbcOAuth2AuthorizedClientServiceTests {
 
 		this.authorizedClientService.saveAuthorizedClient(expected, principal);
 
-		OAuth2AuthorizedClient authorizedClient = this.authorizedClientService.loadAuthorizedClient(
-				this.clientRegistration.getRegistrationId(), principal.getName());
+		OAuth2AuthorizedClient authorizedClient = this.authorizedClientService
+				.loadAuthorizedClient(this.clientRegistration.getRegistrationId(), principal.getName());
 
 		assertThat(authorizedClient).isNotNull();
 		assertThat(authorizedClient.getClientRegistration()).isEqualTo(expected.getClientRegistration());
 		assertThat(authorizedClient.getPrincipalName()).isEqualTo(expected.getPrincipalName());
-		assertThat(authorizedClient.getAccessToken().getTokenType()).isEqualTo(expected.getAccessToken().getTokenType());
-		assertThat(authorizedClient.getAccessToken().getTokenValue()).isEqualTo(expected.getAccessToken().getTokenValue());
-		assertThat(authorizedClient.getAccessToken().getIssuedAt()).isCloseTo(expected.getAccessToken().getIssuedAt(), within(1, ChronoUnit.MILLIS));
-		assertThat(authorizedClient.getAccessToken().getExpiresAt()).isCloseTo(expected.getAccessToken().getExpiresAt(), within(1, ChronoUnit.MILLIS));
+		assertThat(authorizedClient.getAccessToken().getTokenType())
+				.isEqualTo(expected.getAccessToken().getTokenType());
+		assertThat(authorizedClient.getAccessToken().getTokenValue())
+				.isEqualTo(expected.getAccessToken().getTokenValue());
+		assertThat(authorizedClient.getAccessToken().getIssuedAt()).isCloseTo(expected.getAccessToken().getIssuedAt(),
+				within(1, ChronoUnit.MILLIS));
+		assertThat(authorizedClient.getAccessToken().getExpiresAt()).isCloseTo(expected.getAccessToken().getExpiresAt(),
+				within(1, ChronoUnit.MILLIS));
 		assertThat(authorizedClient.getAccessToken().getScopes()).isEqualTo(expected.getAccessToken().getScopes());
-		assertThat(authorizedClient.getRefreshToken().getTokenValue()).isEqualTo(expected.getRefreshToken().getTokenValue());
-		assertThat(authorizedClient.getRefreshToken().getIssuedAt()).isCloseTo(expected.getRefreshToken().getIssuedAt(), within(1, ChronoUnit.MILLIS));
+		assertThat(authorizedClient.getRefreshToken().getTokenValue())
+				.isEqualTo(expected.getRefreshToken().getTokenValue());
+		assertThat(authorizedClient.getRefreshToken().getIssuedAt()).isCloseTo(expected.getRefreshToken().getIssuedAt(),
+				within(1, ChronoUnit.MILLIS));
 	}
 
 	@Test
@@ -171,10 +180,11 @@ public class JdbcOAuth2AuthorizedClientServiceTests {
 
 		this.authorizedClientService.saveAuthorizedClient(expected, principal);
 
-		assertThatThrownBy(() -> this.authorizedClientService.loadAuthorizedClient(this.clientRegistration.getRegistrationId(), principal.getName()))
-				.isInstanceOf(DataRetrievalFailureException.class)
-				.hasMessage("The ClientRegistration with id '" + this.clientRegistration.getRegistrationId() +
-						"' exists in the data source, however, it was not found in the ClientRegistrationRepository.");
+		assertThatThrownBy(() -> this.authorizedClientService
+				.loadAuthorizedClient(this.clientRegistration.getRegistrationId(), principal.getName()))
+						.isInstanceOf(DataRetrievalFailureException.class)
+						.hasMessage("The ClientRegistration with id '" + this.clientRegistration.getRegistrationId()
+								+ "' exists in the data source, however, it was not found in the ClientRegistrationRepository.");
 	}
 
 	@Test
@@ -182,8 +192,7 @@ public class JdbcOAuth2AuthorizedClientServiceTests {
 		Authentication principal = createPrincipal();
 
 		assertThatThrownBy(() -> this.authorizedClientService.saveAuthorizedClient(null, principal))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("authorizedClient cannot be null");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("authorizedClient cannot be null");
 	}
 
 	@Test
@@ -192,8 +201,7 @@ public class JdbcOAuth2AuthorizedClientServiceTests {
 		OAuth2AuthorizedClient authorizedClient = createAuthorizedClient(principal, this.clientRegistration);
 
 		assertThatThrownBy(() -> this.authorizedClientService.saveAuthorizedClient(authorizedClient, null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("principal cannot be null");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("principal cannot be null");
 	}
 
 	@Test
@@ -203,19 +211,25 @@ public class JdbcOAuth2AuthorizedClientServiceTests {
 
 		this.authorizedClientService.saveAuthorizedClient(expected, principal);
 
-		OAuth2AuthorizedClient authorizedClient = this.authorizedClientService.loadAuthorizedClient(
-				this.clientRegistration.getRegistrationId(), principal.getName());
+		OAuth2AuthorizedClient authorizedClient = this.authorizedClientService
+				.loadAuthorizedClient(this.clientRegistration.getRegistrationId(), principal.getName());
 
 		assertThat(authorizedClient).isNotNull();
 		assertThat(authorizedClient.getClientRegistration()).isEqualTo(expected.getClientRegistration());
 		assertThat(authorizedClient.getPrincipalName()).isEqualTo(expected.getPrincipalName());
-		assertThat(authorizedClient.getAccessToken().getTokenType()).isEqualTo(expected.getAccessToken().getTokenType());
-		assertThat(authorizedClient.getAccessToken().getTokenValue()).isEqualTo(expected.getAccessToken().getTokenValue());
-		assertThat(authorizedClient.getAccessToken().getIssuedAt()).isCloseTo(expected.getAccessToken().getIssuedAt(), within(1, ChronoUnit.MILLIS));
-		assertThat(authorizedClient.getAccessToken().getExpiresAt()).isCloseTo(expected.getAccessToken().getExpiresAt(), within(1, ChronoUnit.MILLIS));
+		assertThat(authorizedClient.getAccessToken().getTokenType())
+				.isEqualTo(expected.getAccessToken().getTokenType());
+		assertThat(authorizedClient.getAccessToken().getTokenValue())
+				.isEqualTo(expected.getAccessToken().getTokenValue());
+		assertThat(authorizedClient.getAccessToken().getIssuedAt()).isCloseTo(expected.getAccessToken().getIssuedAt(),
+				within(1, ChronoUnit.MILLIS));
+		assertThat(authorizedClient.getAccessToken().getExpiresAt()).isCloseTo(expected.getAccessToken().getExpiresAt(),
+				within(1, ChronoUnit.MILLIS));
 		assertThat(authorizedClient.getAccessToken().getScopes()).isEqualTo(expected.getAccessToken().getScopes());
-		assertThat(authorizedClient.getRefreshToken().getTokenValue()).isEqualTo(expected.getRefreshToken().getTokenValue());
-		assertThat(authorizedClient.getRefreshToken().getIssuedAt()).isCloseTo(expected.getRefreshToken().getIssuedAt(), within(1, ChronoUnit.MILLIS));
+		assertThat(authorizedClient.getRefreshToken().getTokenValue())
+				.isEqualTo(expected.getRefreshToken().getTokenValue());
+		assertThat(authorizedClient.getRefreshToken().getIssuedAt()).isCloseTo(expected.getRefreshToken().getIssuedAt(),
+				within(1, ChronoUnit.MILLIS));
 
 		// Test save/load of NOT NULL attributes only
 		principal = createPrincipal();
@@ -223,16 +237,20 @@ public class JdbcOAuth2AuthorizedClientServiceTests {
 
 		this.authorizedClientService.saveAuthorizedClient(expected, principal);
 
-		authorizedClient = this.authorizedClientService.loadAuthorizedClient(
-				this.clientRegistration.getRegistrationId(), principal.getName());
+		authorizedClient = this.authorizedClientService
+				.loadAuthorizedClient(this.clientRegistration.getRegistrationId(), principal.getName());
 
 		assertThat(authorizedClient).isNotNull();
 		assertThat(authorizedClient.getClientRegistration()).isEqualTo(expected.getClientRegistration());
 		assertThat(authorizedClient.getPrincipalName()).isEqualTo(expected.getPrincipalName());
-		assertThat(authorizedClient.getAccessToken().getTokenType()).isEqualTo(expected.getAccessToken().getTokenType());
-		assertThat(authorizedClient.getAccessToken().getTokenValue()).isEqualTo(expected.getAccessToken().getTokenValue());
-		assertThat(authorizedClient.getAccessToken().getIssuedAt()).isCloseTo(expected.getAccessToken().getIssuedAt(), within(1, ChronoUnit.MILLIS));
-		assertThat(authorizedClient.getAccessToken().getExpiresAt()).isCloseTo(expected.getAccessToken().getExpiresAt(), within(1, ChronoUnit.MILLIS));
+		assertThat(authorizedClient.getAccessToken().getTokenType())
+				.isEqualTo(expected.getAccessToken().getTokenType());
+		assertThat(authorizedClient.getAccessToken().getTokenValue())
+				.isEqualTo(expected.getAccessToken().getTokenValue());
+		assertThat(authorizedClient.getAccessToken().getIssuedAt()).isCloseTo(expected.getAccessToken().getIssuedAt(),
+				within(1, ChronoUnit.MILLIS));
+		assertThat(authorizedClient.getAccessToken().getExpiresAt()).isCloseTo(expected.getAccessToken().getExpiresAt(),
+				within(1, ChronoUnit.MILLIS));
 		assertThat(authorizedClient.getAccessToken().getScopes()).isEmpty();
 		assertThat(authorizedClient.getRefreshToken()).isNull();
 	}
@@ -249,36 +267,43 @@ public class JdbcOAuth2AuthorizedClientServiceTests {
 		this.authorizedClientService.saveAuthorizedClient(updatedClient, principal);
 
 		// Then the saved client is updated
-		OAuth2AuthorizedClient savedClient = this.authorizedClientService.loadAuthorizedClient(
-				this.clientRegistration.getRegistrationId(), principal.getName());
+		OAuth2AuthorizedClient savedClient = this.authorizedClientService
+				.loadAuthorizedClient(this.clientRegistration.getRegistrationId(), principal.getName());
 
 		assertThat(savedClient).isNotNull();
 		assertThat(savedClient.getClientRegistration()).isEqualTo(updatedClient.getClientRegistration());
 		assertThat(savedClient.getPrincipalName()).isEqualTo(updatedClient.getPrincipalName());
-		assertThat(savedClient.getAccessToken().getTokenType()).isEqualTo(updatedClient.getAccessToken().getTokenType());
-		assertThat(savedClient.getAccessToken().getTokenValue()).isEqualTo(updatedClient.getAccessToken().getTokenValue());
-		assertThat(savedClient.getAccessToken().getIssuedAt()).isCloseTo(updatedClient.getAccessToken().getIssuedAt(), within(1, ChronoUnit.MILLIS));
-		assertThat(savedClient.getAccessToken().getExpiresAt()).isCloseTo(updatedClient.getAccessToken().getExpiresAt(), within(1, ChronoUnit.MILLIS));
+		assertThat(savedClient.getAccessToken().getTokenType())
+				.isEqualTo(updatedClient.getAccessToken().getTokenType());
+		assertThat(savedClient.getAccessToken().getTokenValue())
+				.isEqualTo(updatedClient.getAccessToken().getTokenValue());
+		assertThat(savedClient.getAccessToken().getIssuedAt()).isCloseTo(updatedClient.getAccessToken().getIssuedAt(),
+				within(1, ChronoUnit.MILLIS));
+		assertThat(savedClient.getAccessToken().getExpiresAt()).isCloseTo(updatedClient.getAccessToken().getExpiresAt(),
+				within(1, ChronoUnit.MILLIS));
 		assertThat(savedClient.getAccessToken().getScopes()).isEqualTo(updatedClient.getAccessToken().getScopes());
-		assertThat(savedClient.getRefreshToken().getTokenValue()).isEqualTo(updatedClient.getRefreshToken().getTokenValue());
-		assertThat(savedClient.getRefreshToken().getIssuedAt()).isCloseTo(updatedClient.getRefreshToken().getIssuedAt(), within(1, ChronoUnit.MILLIS));
+		assertThat(savedClient.getRefreshToken().getTokenValue())
+				.isEqualTo(updatedClient.getRefreshToken().getTokenValue());
+		assertThat(savedClient.getRefreshToken().getIssuedAt()).isCloseTo(updatedClient.getRefreshToken().getIssuedAt(),
+				within(1, ChronoUnit.MILLIS));
 	}
 
 	@Test
 	public void saveLoadAuthorizedClientWhenCustomStrategiesSetThenCalled() throws Exception {
-		JdbcOAuth2AuthorizedClientService.OAuth2AuthorizedClientRowMapper authorizedClientRowMapper =
-				spy(new JdbcOAuth2AuthorizedClientService.OAuth2AuthorizedClientRowMapper(this.clientRegistrationRepository));
+		JdbcOAuth2AuthorizedClientService.OAuth2AuthorizedClientRowMapper authorizedClientRowMapper = spy(
+				new JdbcOAuth2AuthorizedClientService.OAuth2AuthorizedClientRowMapper(
+						this.clientRegistrationRepository));
 		this.authorizedClientService.setAuthorizedClientRowMapper(authorizedClientRowMapper);
-		JdbcOAuth2AuthorizedClientService.OAuth2AuthorizedClientParametersMapper authorizedClientParametersMapper =
-				spy(new JdbcOAuth2AuthorizedClientService.OAuth2AuthorizedClientParametersMapper());
+		JdbcOAuth2AuthorizedClientService.OAuth2AuthorizedClientParametersMapper authorizedClientParametersMapper = spy(
+				new JdbcOAuth2AuthorizedClientService.OAuth2AuthorizedClientParametersMapper());
 		this.authorizedClientService.setAuthorizedClientParametersMapper(authorizedClientParametersMapper);
 
 		Authentication principal = createPrincipal();
 		OAuth2AuthorizedClient authorizedClient = createAuthorizedClient(principal, this.clientRegistration);
 
 		this.authorizedClientService.saveAuthorizedClient(authorizedClient, principal);
-		this.authorizedClientService.loadAuthorizedClient(
-				this.clientRegistration.getRegistrationId(), principal.getName());
+		this.authorizedClientService.loadAuthorizedClient(this.clientRegistration.getRegistrationId(),
+				principal.getName());
 
 		verify(authorizedClientRowMapper).mapRow(any(), anyInt());
 		verify(authorizedClientParametersMapper).apply(any());
@@ -287,15 +312,14 @@ public class JdbcOAuth2AuthorizedClientServiceTests {
 	@Test
 	public void removeAuthorizedClientWhenClientRegistrationIdIsNullThenThrowIllegalArgumentException() {
 		assertThatThrownBy(() -> this.authorizedClientService.removeAuthorizedClient(null, "principalName"))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("clientRegistrationId cannot be empty");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("clientRegistrationId cannot be empty");
 	}
 
 	@Test
 	public void removeAuthorizedClientWhenPrincipalNameIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.authorizedClientService.removeAuthorizedClient(this.clientRegistration.getRegistrationId(), null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("principalName cannot be empty");
+		assertThatThrownBy(() -> this.authorizedClientService
+				.removeAuthorizedClient(this.clientRegistration.getRegistrationId(), null))
+						.isInstanceOf(IllegalArgumentException.class).hasMessage("principalName cannot be empty");
 	}
 
 	@Test
@@ -305,39 +329,37 @@ public class JdbcOAuth2AuthorizedClientServiceTests {
 
 		this.authorizedClientService.saveAuthorizedClient(authorizedClient, principal);
 
-		authorizedClient = this.authorizedClientService.loadAuthorizedClient(
-				this.clientRegistration.getRegistrationId(), principal.getName());
+		authorizedClient = this.authorizedClientService
+				.loadAuthorizedClient(this.clientRegistration.getRegistrationId(), principal.getName());
 		assertThat(authorizedClient).isNotNull();
 
-		this.authorizedClientService.removeAuthorizedClient(
-				this.clientRegistration.getRegistrationId(), principal.getName());
+		this.authorizedClientService.removeAuthorizedClient(this.clientRegistration.getRegistrationId(),
+				principal.getName());
 
-		authorizedClient = this.authorizedClientService.loadAuthorizedClient(
-				this.clientRegistration.getRegistrationId(), principal.getName());
+		authorizedClient = this.authorizedClientService
+				.loadAuthorizedClient(this.clientRegistration.getRegistrationId(), principal.getName());
 		assertThat(authorizedClient).isNull();
 	}
 
 	@Test
 	public void tableDefinitionWhenCustomThenAbleToOverride() {
-		CustomTableDefinitionJdbcOAuth2AuthorizedClientService customAuthorizedClientService =
-				new CustomTableDefinitionJdbcOAuth2AuthorizedClientService(
-						new JdbcTemplate(createDb("custom-oauth2-client-schema.sql")),
-						this.clientRegistrationRepository);
+		CustomTableDefinitionJdbcOAuth2AuthorizedClientService customAuthorizedClientService = new CustomTableDefinitionJdbcOAuth2AuthorizedClientService(
+				new JdbcTemplate(createDb("custom-oauth2-client-schema.sql")), this.clientRegistrationRepository);
 
 		Authentication principal = createPrincipal();
 		OAuth2AuthorizedClient authorizedClient = createAuthorizedClient(principal, this.clientRegistration);
 
 		customAuthorizedClientService.saveAuthorizedClient(authorizedClient, principal);
 
-		authorizedClient = customAuthorizedClientService.loadAuthorizedClient(
-				this.clientRegistration.getRegistrationId(), principal.getName());
+		authorizedClient = customAuthorizedClientService
+				.loadAuthorizedClient(this.clientRegistration.getRegistrationId(), principal.getName());
 		assertThat(authorizedClient).isNotNull();
 
-		customAuthorizedClientService.removeAuthorizedClient(
-				this.clientRegistration.getRegistrationId(), principal.getName());
+		customAuthorizedClientService.removeAuthorizedClient(this.clientRegistration.getRegistrationId(),
+				principal.getName());
 
-		authorizedClient = customAuthorizedClientService.loadAuthorizedClient(
-				this.clientRegistration.getRegistrationId(), principal.getName());
+		authorizedClient = customAuthorizedClientService
+				.loadAuthorizedClient(this.clientRegistration.getRegistrationId(), principal.getName());
 		assertThat(authorizedClient).isNull();
 	}
 
@@ -346,19 +368,16 @@ public class JdbcOAuth2AuthorizedClientServiceTests {
 	}
 
 	private static EmbeddedDatabase createDb(String schema) {
-		return new EmbeddedDatabaseBuilder()
-				.generateUniqueName(true)
-				.setType(EmbeddedDatabaseType.HSQL)
-				.setScriptEncoding("UTF-8")
-				.addScript(schema)
-				.build();
+		return new EmbeddedDatabaseBuilder().generateUniqueName(true).setType(EmbeddedDatabaseType.HSQL)
+				.setScriptEncoding("UTF-8").addScript(schema).build();
 	}
 
 	private static Authentication createPrincipal() {
 		return new TestingAuthenticationToken("principal-" + principalId++, "password");
 	}
 
-	private static OAuth2AuthorizedClient createAuthorizedClient(Authentication principal, ClientRegistration clientRegistration) {
+	private static OAuth2AuthorizedClient createAuthorizedClient(Authentication principal,
+			ClientRegistration clientRegistration) {
 		return createAuthorizedClient(principal, clientRegistration, false);
 	}
 
@@ -367,60 +386,59 @@ public class JdbcOAuth2AuthorizedClientServiceTests {
 		OAuth2AccessToken accessToken;
 		if (!requiredAttributesOnly) {
 			accessToken = TestOAuth2AccessTokens.scopes("read", "write");
-		} else {
+		}
+		else {
 			accessToken = TestOAuth2AccessTokens.noScopes();
 		}
 		OAuth2RefreshToken refreshToken = null;
 		if (!requiredAttributesOnly) {
 			refreshToken = TestOAuth2RefreshTokens.refreshToken();
 		}
-		return new OAuth2AuthorizedClient(
-				clientRegistration, principal.getName(), accessToken, refreshToken);
+		return new OAuth2AuthorizedClient(clientRegistration, principal.getName(), accessToken, refreshToken);
 	}
 
-	private static class CustomTableDefinitionJdbcOAuth2AuthorizedClientService extends JdbcOAuth2AuthorizedClientService {
-		private static final String COLUMN_NAMES =
-				"clientRegistrationId, " +
-				"principalName, " +
-				"accessTokenType, " +
-				"accessTokenValue, " +
-				"accessTokenIssuedAt, " +
-				"accessTokenExpiresAt, " +
-				"accessTokenScopes, " +
-				"refreshTokenValue, " +
-				"refreshTokenIssuedAt";
-		private static final String TABLE_NAME = "oauth2AuthorizedClient";
-		private static final String PK_FILTER = "clientRegistrationId = ? AND principalName = ?";
-		private static final String LOAD_AUTHORIZED_CLIENT_SQL = "SELECT " + COLUMN_NAMES +
-				" FROM " + TABLE_NAME + " WHERE " + PK_FILTER;
-		private static final String SAVE_AUTHORIZED_CLIENT_SQL = "INSERT INTO " + TABLE_NAME +
-				" (" + COLUMN_NAMES + ") VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)";
-		private static final String REMOVE_AUTHORIZED_CLIENT_SQL = "DELETE FROM " + TABLE_NAME +
-				" WHERE " + PK_FILTER;
+	private static class CustomTableDefinitionJdbcOAuth2AuthorizedClientService
+			extends JdbcOAuth2AuthorizedClientService {
 
-		private CustomTableDefinitionJdbcOAuth2AuthorizedClientService(
-				JdbcOperations jdbcOperations, ClientRegistrationRepository clientRegistrationRepository) {
+		private static final String COLUMN_NAMES = "clientRegistrationId, " + "principalName, " + "accessTokenType, "
+				+ "accessTokenValue, " + "accessTokenIssuedAt, " + "accessTokenExpiresAt, " + "accessTokenScopes, "
+				+ "refreshTokenValue, " + "refreshTokenIssuedAt";
+
+		private static final String TABLE_NAME = "oauth2AuthorizedClient";
+
+		private static final String PK_FILTER = "clientRegistrationId = ? AND principalName = ?";
+
+		private static final String LOAD_AUTHORIZED_CLIENT_SQL = "SELECT " + COLUMN_NAMES + " FROM " + TABLE_NAME
+				+ " WHERE " + PK_FILTER;
+
+		private static final String SAVE_AUTHORIZED_CLIENT_SQL = "INSERT INTO " + TABLE_NAME + " (" + COLUMN_NAMES
+				+ ") VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)";
+
+		private static final String REMOVE_AUTHORIZED_CLIENT_SQL = "DELETE FROM " + TABLE_NAME + " WHERE " + PK_FILTER;
+
+		private CustomTableDefinitionJdbcOAuth2AuthorizedClientService(JdbcOperations jdbcOperations,
+				ClientRegistrationRepository clientRegistrationRepository) {
 			super(jdbcOperations, clientRegistrationRepository);
 			setAuthorizedClientRowMapper(new OAuth2AuthorizedClientRowMapper(clientRegistrationRepository));
 		}
 
 		@Override
 		@SuppressWarnings("unchecked")
-		public <T extends OAuth2AuthorizedClient> T loadAuthorizedClient(String clientRegistrationId, String principalName) {
+		public <T extends OAuth2AuthorizedClient> T loadAuthorizedClient(String clientRegistrationId,
+				String principalName) {
 			SqlParameterValue[] parameters = new SqlParameterValue[] {
 					new SqlParameterValue(Types.VARCHAR, clientRegistrationId),
-					new SqlParameterValue(Types.VARCHAR, principalName)
-			};
+					new SqlParameterValue(Types.VARCHAR, principalName) };
 			PreparedStatementSetter pss = new ArgumentPreparedStatementSetter(parameters);
-			List<OAuth2AuthorizedClient> result = this.jdbcOperations.query(
-					LOAD_AUTHORIZED_CLIENT_SQL, pss, this.authorizedClientRowMapper);
+			List<OAuth2AuthorizedClient> result = this.jdbcOperations.query(LOAD_AUTHORIZED_CLIENT_SQL, pss,
+					this.authorizedClientRowMapper);
 			return !result.isEmpty() ? (T) result.get(0) : null;
 		}
 
 		@Override
 		public void saveAuthorizedClient(OAuth2AuthorizedClient authorizedClient, Authentication principal) {
-			List<SqlParameterValue> parameters = this.authorizedClientParametersMapper.apply(
-					new OAuth2AuthorizedClientHolder(authorizedClient, principal));
+			List<SqlParameterValue> parameters = this.authorizedClientParametersMapper
+					.apply(new OAuth2AuthorizedClientHolder(authorizedClient, principal));
 			PreparedStatementSetter pss = new ArgumentPreparedStatementSetter(parameters.toArray());
 			this.jdbcOperations.update(SAVE_AUTHORIZED_CLIENT_SQL, pss);
 		}
@@ -429,13 +447,13 @@ public class JdbcOAuth2AuthorizedClientServiceTests {
 		public void removeAuthorizedClient(String clientRegistrationId, String principalName) {
 			SqlParameterValue[] parameters = new SqlParameterValue[] {
 					new SqlParameterValue(Types.VARCHAR, clientRegistrationId),
-					new SqlParameterValue(Types.VARCHAR, principalName)
-			};
+					new SqlParameterValue(Types.VARCHAR, principalName) };
 			PreparedStatementSetter pss = new ArgumentPreparedStatementSetter(parameters);
 			this.jdbcOperations.update(REMOVE_AUTHORIZED_CLIENT_SQL, pss);
 		}
 
 		private static class OAuth2AuthorizedClientRowMapper implements RowMapper<OAuth2AuthorizedClient> {
+
 			private final ClientRegistrationRepository clientRegistrationRepository;
 
 			private OAuth2AuthorizedClientRowMapper(ClientRegistrationRepository clientRegistrationRepository) {
@@ -446,17 +464,16 @@ public class JdbcOAuth2AuthorizedClientServiceTests {
 			@Override
 			public OAuth2AuthorizedClient mapRow(ResultSet rs, int rowNum) throws SQLException {
 				String clientRegistrationId = rs.getString("clientRegistrationId");
-				ClientRegistration clientRegistration = this.clientRegistrationRepository.findByRegistrationId(
-						clientRegistrationId);
+				ClientRegistration clientRegistration = this.clientRegistrationRepository
+						.findByRegistrationId(clientRegistrationId);
 				if (clientRegistration == null) {
-					throw new DataRetrievalFailureException("The ClientRegistration with id '" +
-							clientRegistrationId + "' exists in the data source, " +
-							"however, it was not found in the ClientRegistrationRepository.");
+					throw new DataRetrievalFailureException(
+							"The ClientRegistration with id '" + clientRegistrationId + "' exists in the data source, "
+									+ "however, it was not found in the ClientRegistrationRepository.");
 				}
 
 				OAuth2AccessToken.TokenType tokenType = null;
-				if (OAuth2AccessToken.TokenType.BEARER.getValue().equalsIgnoreCase(
-						rs.getString("accessTokenType"))) {
+				if (OAuth2AccessToken.TokenType.BEARER.getValue().equalsIgnoreCase(rs.getString("accessTokenType"))) {
 					tokenType = OAuth2AccessToken.TokenType.BEARER;
 				}
 				String tokenValue = new String(rs.getBytes("accessTokenValue"), StandardCharsets.UTF_8);
@@ -467,8 +484,8 @@ public class JdbcOAuth2AuthorizedClientServiceTests {
 				if (accessTokenScopes != null) {
 					scopes = StringUtils.commaDelimitedListToSet(accessTokenScopes);
 				}
-				OAuth2AccessToken accessToken = new OAuth2AccessToken(
-						tokenType, tokenValue, issuedAt, expiresAt, scopes);
+				OAuth2AccessToken accessToken = new OAuth2AccessToken(tokenType, tokenValue, issuedAt, expiresAt,
+						scopes);
 
 				OAuth2RefreshToken refreshToken = null;
 				byte[] refreshTokenValue = rs.getBytes("refreshTokenValue");
@@ -484,9 +501,11 @@ public class JdbcOAuth2AuthorizedClientServiceTests {
 
 				String principalName = rs.getString("principalName");
 
-				return new OAuth2AuthorizedClient(
-						clientRegistration, principalName, accessToken, refreshToken);
+				return new OAuth2AuthorizedClient(clientRegistration, principalName, accessToken, refreshToken);
 			}
+
 		}
+
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizationContextTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizationContextTests.java
index 9749b6ded7..5c4a86c8d4 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizationContextTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizationContextTests.java
@@ -31,52 +31,51 @@ import static org.assertj.core.api.Assertions.*;
  * @author Joe Grandja
  */
 public class OAuth2AuthorizationContextTests {
+
 	private ClientRegistration clientRegistration;
+
 	private OAuth2AuthorizedClient authorizedClient;
+
 	private Authentication principal;
 
 	@Before
 	public void setup() {
 		this.clientRegistration = TestClientRegistrations.clientRegistration().build();
-		this.authorizedClient = new OAuth2AuthorizedClient(
-				this.clientRegistration, "principal", TestOAuth2AccessTokens.scopes("read", "write"));
+		this.authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, "principal",
+				TestOAuth2AccessTokens.scopes("read", "write"));
 		this.principal = new TestingAuthenticationToken("principal", "password");
 	}
 
 	@Test
 	public void withClientRegistrationWhenNullThenThrowIllegalArgumentException() {
 		assertThatThrownBy(() -> OAuth2AuthorizationContext.withClientRegistration(null).build())
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("clientRegistration cannot be null");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("clientRegistration cannot be null");
 	}
 
 	@Test
 	public void withAuthorizedClientWhenNullThenThrowIllegalArgumentException() {
 		assertThatThrownBy(() -> OAuth2AuthorizationContext.withAuthorizedClient(null).build())
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("authorizedClient cannot be null");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("authorizedClient cannot be null");
 	}
 
 	@Test
 	public void withClientRegistrationWhenPrincipalIsNullThenThrowIllegalArgumentException() {
 		assertThatThrownBy(() -> OAuth2AuthorizationContext.withClientRegistration(this.clientRegistration).build())
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("principal cannot be null");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("principal cannot be null");
 	}
 
 	@Test
 	public void withAuthorizedClientWhenAllValuesProvidedThenAllValuesAreSet() {
-		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext.withAuthorizedClient(this.authorizedClient)
-				.principal(this.principal)
-				.attributes(attributes -> {
+		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
+				.withAuthorizedClient(this.authorizedClient).principal(this.principal).attributes(attributes -> {
 					attributes.put("attribute1", "value1");
 					attributes.put("attribute2", "value2");
-				})
-				.build();
+				}).build();
 		assertThat(authorizationContext.getClientRegistration()).isSameAs(this.clientRegistration);
 		assertThat(authorizationContext.getAuthorizedClient()).isSameAs(this.authorizedClient);
 		assertThat(authorizationContext.getPrincipal()).isSameAs(this.principal);
-		assertThat(authorizationContext.getAttributes()).contains(
-				entry("attribute1", "value1"), entry("attribute2", "value2"));
+		assertThat(authorizationContext.getAttributes()).contains(entry("attribute1", "value1"),
+				entry("attribute2", "value2"));
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizeRequestTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizeRequestTests.java
index 37c7e89eef..b52a3b99d5 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizeRequestTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizeRequestTests.java
@@ -33,49 +33,49 @@ import static org.assertj.core.api.Assertions.entry;
  * @author Joe Grandja
  */
 public class OAuth2AuthorizeRequestTests {
+
 	private ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build();
+
 	private Authentication principal = new TestingAuthenticationToken("principal", "password");
-	private OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(
-			this.clientRegistration, this.principal.getName(),
-			TestOAuth2AccessTokens.scopes("read", "write"), TestOAuth2RefreshTokens.refreshToken());
+
+	private OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration,
+			this.principal.getName(), TestOAuth2AccessTokens.scopes("read", "write"),
+			TestOAuth2RefreshTokens.refreshToken());
 
 	@Test
 	public void withClientRegistrationIdWhenClientRegistrationIdIsNullThenThrowIllegalArgumentException() {
 		assertThatThrownBy(() -> OAuth2AuthorizeRequest.withClientRegistrationId(null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("clientRegistrationId cannot be empty");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("clientRegistrationId cannot be empty");
 	}
 
 	@Test
 	public void withAuthorizedClientWhenAuthorizedClientIsNullThenThrowIllegalArgumentException() {
 		assertThatThrownBy(() -> OAuth2AuthorizeRequest.withAuthorizedClient(null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("authorizedClient cannot be null");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("authorizedClient cannot be null");
 	}
 
 	@Test
 	public void withClientRegistrationIdWhenPrincipalIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> OAuth2AuthorizeRequest.withClientRegistrationId(this.clientRegistration.getRegistrationId()).build())
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("principal cannot be null");
+		assertThatThrownBy(() -> OAuth2AuthorizeRequest
+				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).build())
+						.isInstanceOf(IllegalArgumentException.class).hasMessage("principal cannot be null");
 	}
 
 	@Test
 	public void withClientRegistrationIdWhenPrincipalNameIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> OAuth2AuthorizeRequest.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal((String) null).build())
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("principalName cannot be empty");
+		assertThatThrownBy(() -> OAuth2AuthorizeRequest
+				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal((String) null).build())
+						.isInstanceOf(IllegalArgumentException.class).hasMessage("principalName cannot be empty");
 	}
 
 	@Test
 	public void withClientRegistrationIdWhenAllValuesProvidedThenAllValuesAreSet() {
-		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest.withClientRegistrationId(this.clientRegistration.getRegistrationId())
-				.principal(this.principal)
+		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
+				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
 				.attributes(attrs -> {
 					attrs.put("name1", "value1");
 					attrs.put("name2", "value2");
-				})
-				.build();
+				}).build();
 
 		assertThat(authorizeRequest.getClientRegistrationId()).isEqualTo(this.clientRegistration.getRegistrationId());
 		assertThat(authorizeRequest.getAuthorizedClient()).isNull();
@@ -86,14 +86,13 @@ public class OAuth2AuthorizeRequestTests {
 	@Test
 	public void withAuthorizedClientWhenAllValuesProvidedThenAllValuesAreSet() {
 		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient)
-				.principal(this.principal)
-				.attributes(attrs -> {
+				.principal(this.principal).attributes(attrs -> {
 					attrs.put("name1", "value1");
 					attrs.put("name2", "value2");
-				})
-				.build();
+				}).build();
 
-		assertThat(authorizeRequest.getClientRegistrationId()).isEqualTo(this.authorizedClient.getClientRegistration().getRegistrationId());
+		assertThat(authorizeRequest.getClientRegistrationId())
+				.isEqualTo(this.authorizedClient.getClientRegistration().getRegistrationId());
 		assertThat(authorizeRequest.getAuthorizedClient()).isEqualTo(this.authorizedClient);
 		assertThat(authorizeRequest.getPrincipal()).isEqualTo(this.principal);
 		assertThat(authorizeRequest.getAttributes()).contains(entry("name1", "value1"), entry("name2", "value2"));
@@ -101,12 +100,13 @@ public class OAuth2AuthorizeRequestTests {
 
 	@Test
 	public void withClientRegistrationIdWhenPrincipalNameProvidedThenPrincipalCreated() {
-		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest.withClientRegistrationId(this.clientRegistration.getRegistrationId())
-				.principal("principalName")
+		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
+				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal("principalName")
 				.build();
 
 		assertThat(authorizeRequest.getClientRegistrationId()).isEqualTo(this.clientRegistration.getRegistrationId());
 		assertThat(authorizeRequest.getAuthorizedClient()).isNull();
 		assertThat(authorizeRequest.getPrincipal().getName()).isEqualTo("principalName");
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientIdTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientIdTests.java
index 338f929eaf..b5f803e27e 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientIdTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientIdTests.java
@@ -30,15 +30,13 @@ public class OAuth2AuthorizedClientIdTests {
 	@Test
 	public void constructorWhenRegistrationIdNullThenThrowIllegalArgumentException() {
 		assertThatThrownBy(() -> new OAuth2AuthorizedClientId(null, "test-principal"))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("clientRegistrationId cannot be empty");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("clientRegistrationId cannot be empty");
 	}
 
 	@Test
 	public void constructorWhenPrincipalNameNullThenThrowIllegalArgumentException() {
 		assertThatThrownBy(() -> new OAuth2AuthorizedClientId("test-client", null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("principalName cannot be empty");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("principalName cannot be empty");
 	}
 
 	@Test
@@ -82,4 +80,5 @@ public class OAuth2AuthorizedClientIdTests {
 		OAuth2AuthorizedClientId id2 = new OAuth2AuthorizedClientId("test-client", "test-principal2");
 		assertThat(id1.hashCode()).isNotEqualTo(id2.hashCode());
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientProviderBuilderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientProviderBuilderTests.java
index d2ea51f1b9..473e28e0d2 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientProviderBuilderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientProviderBuilderTests.java
@@ -46,10 +46,15 @@ import static org.mockito.Mockito.*;
  * @author Joe Grandja
  */
 public class OAuth2AuthorizedClientProviderBuilderTests {
+
 	private RestOperations accessTokenClient;
+
 	private DefaultClientCredentialsTokenResponseClient clientCredentialsTokenResponseClient;
+
 	private DefaultRefreshTokenTokenResponseClient refreshTokenTokenResponseClient;
+
 	private DefaultPasswordTokenResponseClient passwordTokenResponseClient;
+
 	private Authentication principal;
 
 	@SuppressWarnings("unchecked")
@@ -76,36 +81,28 @@ public class OAuth2AuthorizedClientProviderBuilderTests {
 
 	@Test
 	public void buildWhenAuthorizationCodeProviderThenProviderAuthorizes() {
-		OAuth2AuthorizedClientProvider authorizedClientProvider =
-				OAuth2AuthorizedClientProviderBuilder.builder()
-						.authorizationCode()
-						.build();
+		OAuth2AuthorizedClientProvider authorizedClientProvider = OAuth2AuthorizedClientProviderBuilder.builder()
+				.authorizationCode().build();
 
-		OAuth2AuthorizationContext authorizationContext =
-				OAuth2AuthorizationContext.withClientRegistration(TestClientRegistrations.clientRegistration().build())
-						.principal(this.principal)
-						.build();
+		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
+				.withClientRegistration(TestClientRegistrations.clientRegistration().build()).principal(this.principal)
+				.build();
 		assertThatThrownBy(() -> authorizedClientProvider.authorize(authorizationContext))
 				.isInstanceOf(ClientAuthorizationRequiredException.class);
 	}
 
 	@Test
 	public void buildWhenRefreshTokenProviderThenProviderReauthorizes() {
-		OAuth2AuthorizedClientProvider authorizedClientProvider =
-				OAuth2AuthorizedClientProviderBuilder.builder()
-						.refreshToken(configurer -> configurer.accessTokenResponseClient(this.refreshTokenTokenResponseClient))
-						.build();
+		OAuth2AuthorizedClientProvider authorizedClientProvider = OAuth2AuthorizedClientProviderBuilder.builder()
+				.refreshToken(configurer -> configurer.accessTokenResponseClient(this.refreshTokenTokenResponseClient))
+				.build();
 
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(
-				TestClientRegistrations.clientRegistration().build(),
-				this.principal.getName(),
-				expiredAccessToken(),
+				TestClientRegistrations.clientRegistration().build(), this.principal.getName(), expiredAccessToken(),
 				TestOAuth2RefreshTokens.refreshToken());
 
-		OAuth2AuthorizationContext authorizationContext =
-				OAuth2AuthorizationContext.withAuthorizedClient(authorizedClient)
-						.principal(this.principal)
-						.build();
+		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
+				.withAuthorizedClient(authorizedClient).principal(this.principal).build();
 		OAuth2AuthorizedClient reauthorizedClient = authorizedClientProvider.authorize(authorizationContext);
 
 		assertThat(reauthorizedClient).isNotNull();
@@ -114,15 +111,14 @@ public class OAuth2AuthorizedClientProviderBuilderTests {
 
 	@Test
 	public void buildWhenClientCredentialsProviderThenProviderAuthorizes() {
-		OAuth2AuthorizedClientProvider authorizedClientProvider =
-				OAuth2AuthorizedClientProviderBuilder.builder()
-						.clientCredentials(configurer -> configurer.accessTokenResponseClient(this.clientCredentialsTokenResponseClient))
-						.build();
+		OAuth2AuthorizedClientProvider authorizedClientProvider = OAuth2AuthorizedClientProviderBuilder.builder()
+				.clientCredentials(
+						configurer -> configurer.accessTokenResponseClient(this.clientCredentialsTokenResponseClient))
+				.build();
 
-		OAuth2AuthorizationContext authorizationContext =
-				OAuth2AuthorizationContext.withClientRegistration(TestClientRegistrations.clientCredentials().build())
-						.principal(this.principal)
-						.build();
+		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
+				.withClientRegistration(TestClientRegistrations.clientCredentials().build()).principal(this.principal)
+				.build();
 		OAuth2AuthorizedClient authorizedClient = authorizedClientProvider.authorize(authorizationContext);
 
 		assertThat(authorizedClient).isNotNull();
@@ -131,17 +127,13 @@ public class OAuth2AuthorizedClientProviderBuilderTests {
 
 	@Test
 	public void buildWhenPasswordProviderThenProviderAuthorizes() {
-		OAuth2AuthorizedClientProvider authorizedClientProvider =
-				OAuth2AuthorizedClientProviderBuilder.builder()
-						.password(configurer -> configurer.accessTokenResponseClient(this.passwordTokenResponseClient))
-						.build();
+		OAuth2AuthorizedClientProvider authorizedClientProvider = OAuth2AuthorizedClientProviderBuilder.builder()
+				.password(configurer -> configurer.accessTokenResponseClient(this.passwordTokenResponseClient)).build();
 
-		OAuth2AuthorizationContext authorizationContext =
-				OAuth2AuthorizationContext.withClientRegistration(TestClientRegistrations.password().build())
-						.principal(this.principal)
-						.attribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, "username")
-						.attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, "password")
-						.build();
+		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
+				.withClientRegistration(TestClientRegistrations.password().build()).principal(this.principal)
+				.attribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, "username")
+				.attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, "password").build();
 		OAuth2AuthorizedClient authorizedClient = authorizedClientProvider.authorize(authorizationContext);
 
 		assertThat(authorizedClient).isNotNull();
@@ -150,79 +142,65 @@ public class OAuth2AuthorizedClientProviderBuilderTests {
 
 	@Test
 	public void buildWhenAllProvidersThenProvidersAuthorize() {
-		OAuth2AuthorizedClientProvider authorizedClientProvider =
-				OAuth2AuthorizedClientProviderBuilder.builder()
-						.authorizationCode()
-						.refreshToken(configurer -> configurer.accessTokenResponseClient(this.refreshTokenTokenResponseClient))
-						.clientCredentials(configurer -> configurer.accessTokenResponseClient(this.clientCredentialsTokenResponseClient))
-						.password(configurer -> configurer.accessTokenResponseClient(this.passwordTokenResponseClient))
-						.build();
+		OAuth2AuthorizedClientProvider authorizedClientProvider = OAuth2AuthorizedClientProviderBuilder.builder()
+				.authorizationCode()
+				.refreshToken(configurer -> configurer.accessTokenResponseClient(this.refreshTokenTokenResponseClient))
+				.clientCredentials(
+						configurer -> configurer.accessTokenResponseClient(this.clientCredentialsTokenResponseClient))
+				.password(configurer -> configurer.accessTokenResponseClient(this.passwordTokenResponseClient)).build();
 
 		ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build();
 
-
 		// authorization_code
-		OAuth2AuthorizationContext authorizationCodeContext =
-				OAuth2AuthorizationContext.withClientRegistration(clientRegistration)
-						.principal(this.principal)
-						.build();
+		OAuth2AuthorizationContext authorizationCodeContext = OAuth2AuthorizationContext
+				.withClientRegistration(clientRegistration).principal(this.principal).build();
 		assertThatThrownBy(() -> authorizedClientProvider.authorize(authorizationCodeContext))
 				.isInstanceOf(ClientAuthorizationRequiredException.class);
 
-
 		// refresh_token
-		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(
-				clientRegistration,
-				this.principal.getName(),
-				expiredAccessToken(),
-				TestOAuth2RefreshTokens.refreshToken());
+		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(clientRegistration,
+				this.principal.getName(), expiredAccessToken(), TestOAuth2RefreshTokens.refreshToken());
 
-		OAuth2AuthorizationContext refreshTokenContext =
-				OAuth2AuthorizationContext.withAuthorizedClient(authorizedClient)
-						.principal(this.principal)
-						.build();
+		OAuth2AuthorizationContext refreshTokenContext = OAuth2AuthorizationContext
+				.withAuthorizedClient(authorizedClient).principal(this.principal).build();
 		OAuth2AuthorizedClient reauthorizedClient = authorizedClientProvider.authorize(refreshTokenContext);
 
 		assertThat(reauthorizedClient).isNotNull();
-		verify(this.accessTokenClient, times(1)).exchange(any(RequestEntity.class), eq(OAuth2AccessTokenResponse.class));
-
+		verify(this.accessTokenClient, times(1)).exchange(any(RequestEntity.class),
+				eq(OAuth2AccessTokenResponse.class));
 
 		// client_credentials
-		OAuth2AuthorizationContext clientCredentialsContext =
-				OAuth2AuthorizationContext.withClientRegistration(TestClientRegistrations.clientCredentials().build())
-						.principal(this.principal)
-						.build();
+		OAuth2AuthorizationContext clientCredentialsContext = OAuth2AuthorizationContext
+				.withClientRegistration(TestClientRegistrations.clientCredentials().build()).principal(this.principal)
+				.build();
 		authorizedClient = authorizedClientProvider.authorize(clientCredentialsContext);
 
 		assertThat(authorizedClient).isNotNull();
-		verify(this.accessTokenClient, times(2)).exchange(any(RequestEntity.class), eq(OAuth2AccessTokenResponse.class));
+		verify(this.accessTokenClient, times(2)).exchange(any(RequestEntity.class),
+				eq(OAuth2AccessTokenResponse.class));
 
 		// password
-		OAuth2AuthorizationContext passwordContext =
-				OAuth2AuthorizationContext.withClientRegistration(TestClientRegistrations.password().build())
-						.principal(this.principal)
-						.attribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, "username")
-						.attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, "password")
-						.build();
+		OAuth2AuthorizationContext passwordContext = OAuth2AuthorizationContext
+				.withClientRegistration(TestClientRegistrations.password().build()).principal(this.principal)
+				.attribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, "username")
+				.attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, "password").build();
 		authorizedClient = authorizedClientProvider.authorize(passwordContext);
 
 		assertThat(authorizedClient).isNotNull();
-		verify(this.accessTokenClient, times(3)).exchange(any(RequestEntity.class), eq(OAuth2AccessTokenResponse.class));
+		verify(this.accessTokenClient, times(3)).exchange(any(RequestEntity.class),
+				eq(OAuth2AccessTokenResponse.class));
 	}
 
 	@Test
 	public void buildWhenCustomProviderThenProviderCalled() {
 		OAuth2AuthorizedClientProvider customProvider = mock(OAuth2AuthorizedClientProvider.class);
 
-		OAuth2AuthorizedClientProvider authorizedClientProvider =
-				OAuth2AuthorizedClientProviderBuilder.builder()
-						.provider(customProvider)
-						.build();
+		OAuth2AuthorizedClientProvider authorizedClientProvider = OAuth2AuthorizedClientProviderBuilder.builder()
+				.provider(customProvider).build();
 
-		OAuth2AuthorizationContext authorizationContext =
-				OAuth2AuthorizationContext.withClientRegistration(TestClientRegistrations.clientRegistration().build())
-						.principal(this.principal)
-						.build();
+		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
+				.withClientRegistration(TestClientRegistrations.clientRegistration().build()).principal(this.principal)
+				.build();
 		authorizedClientProvider.authorize(authorizationContext);
 
 		verify(customProvider).authorize(any(OAuth2AuthorizationContext.class));
@@ -233,4 +211,5 @@ public class OAuth2AuthorizedClientProviderBuilderTests {
 		Instant expiresAt = issuedAt.plus(Duration.ofMinutes(60));
 		return new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, "access-token-1234", issuedAt, expiresAt);
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientTests.java
index 64925ee25d..942c460ea2 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientTests.java
@@ -31,8 +31,11 @@ import static org.springframework.security.oauth2.core.TestOAuth2AccessTokens.no
  * @author Joe Grandja
  */
 public class OAuth2AuthorizedClientTests {
+
 	private ClientRegistration clientRegistration;
+
 	private String principalName;
+
 	private OAuth2AccessToken accessToken;
 
 	@Before
@@ -59,11 +62,12 @@ public class OAuth2AuthorizedClientTests {
 
 	@Test
 	public void constructorWhenAllParametersProvidedAndValidThenCreated() {
-		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(
-			this.clientRegistration, this.principalName, this.accessToken);
+		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration,
+				this.principalName, this.accessToken);
 
 		assertThat(authorizedClient.getClientRegistration()).isEqualTo(this.clientRegistration);
 		assertThat(authorizedClient.getPrincipalName()).isEqualTo(this.principalName);
 		assertThat(authorizedClient.getAccessToken()).isEqualTo(this.accessToken);
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/PasswordOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/PasswordOAuth2AuthorizedClientProviderTests.java
index 8e2dcb1182..5507ddbcdd 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/PasswordOAuth2AuthorizedClientProviderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/PasswordOAuth2AuthorizedClientProviderTests.java
@@ -43,9 +43,13 @@ import static org.mockito.Mockito.when;
  * @author Joe Grandja
  */
 public class PasswordOAuth2AuthorizedClientProviderTests {
+
 	private PasswordOAuth2AuthorizedClientProvider authorizedClientProvider;
+
 	private OAuth2AccessTokenResponseClient<OAuth2PasswordGrantRequest> accessTokenResponseClient;
+
 	private ClientRegistration clientRegistration;
+
 	private Authentication principal;
 
 	@Before
@@ -60,68 +64,57 @@ public class PasswordOAuth2AuthorizedClientProviderTests {
 	@Test
 	public void setAccessTokenResponseClientWhenClientIsNullThenThrowIllegalArgumentException() {
 		assertThatThrownBy(() -> this.authorizedClientProvider.setAccessTokenResponseClient(null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("accessTokenResponseClient cannot be null");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("accessTokenResponseClient cannot be null");
 	}
 
 	@Test
 	public void setClockSkewWhenNullThenThrowIllegalArgumentException() {
 		assertThatThrownBy(() -> this.authorizedClientProvider.setClockSkew(null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("clockSkew cannot be null");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("clockSkew cannot be null");
 	}
 
 	@Test
 	public void setClockSkewWhenNegativeSecondsThenThrowIllegalArgumentException() {
 		assertThatThrownBy(() -> this.authorizedClientProvider.setClockSkew(Duration.ofSeconds(-1)))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("clockSkew must be >= 0");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("clockSkew must be >= 0");
 	}
 
 	@Test
 	public void setClockWhenNullThenThrowIllegalArgumentException() {
 		assertThatThrownBy(() -> this.authorizedClientProvider.setClock(null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("clock cannot be null");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("clock cannot be null");
 	}
 
 	@Test
 	public void authorizeWhenContextIsNullThenThrowIllegalArgumentException() {
 		assertThatThrownBy(() -> this.authorizedClientProvider.authorize(null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("context cannot be null");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("context cannot be null");
 	}
 
 	@Test
 	public void authorizeWhenNotPasswordThenUnableToAuthorize() {
 		ClientRegistration clientRegistration = TestClientRegistrations.clientCredentials().build();
 
-		OAuth2AuthorizationContext authorizationContext =
-				OAuth2AuthorizationContext.withClientRegistration(clientRegistration)
-						.principal(this.principal)
-						.build();
+		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
+				.withClientRegistration(clientRegistration).principal(this.principal).build();
 		assertThat(this.authorizedClientProvider.authorize(authorizationContext)).isNull();
 	}
 
 	@Test
 	public void authorizeWhenPasswordAndNotAuthorizedAndEmptyUsernameThenUnableToAuthorize() {
-		OAuth2AuthorizationContext authorizationContext =
-				OAuth2AuthorizationContext.withClientRegistration(this.clientRegistration)
-						.principal(this.principal)
-						.attribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, null)
-						.attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, "password")
-						.build();
+		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
+				.withClientRegistration(this.clientRegistration).principal(this.principal)
+				.attribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, null)
+				.attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, "password").build();
 		assertThat(this.authorizedClientProvider.authorize(authorizationContext)).isNull();
 	}
 
 	@Test
 	public void authorizeWhenPasswordAndNotAuthorizedAndEmptyPasswordThenUnableToAuthorize() {
-		OAuth2AuthorizationContext authorizationContext =
-				OAuth2AuthorizationContext.withClientRegistration(this.clientRegistration)
-						.principal(this.principal)
-						.attribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, "username")
-						.attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, null)
-						.build();
+		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
+				.withClientRegistration(this.clientRegistration).principal(this.principal)
+				.attribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, "username")
+				.attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, null).build();
 		assertThat(this.authorizedClientProvider.authorize(authorizationContext)).isNull();
 	}
 
@@ -130,12 +123,10 @@ public class PasswordOAuth2AuthorizedClientProviderTests {
 		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build();
 		when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(accessTokenResponse);
 
-		OAuth2AuthorizationContext authorizationContext =
-				OAuth2AuthorizationContext.withClientRegistration(this.clientRegistration)
-						.principal(this.principal)
-						.attribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, "username")
-						.attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, "password")
-						.build();
+		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
+				.withClientRegistration(this.clientRegistration).principal(this.principal)
+				.attribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, "username")
+				.attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, "password").build();
 		OAuth2AuthorizedClient authorizedClient = this.authorizedClientProvider.authorize(authorizationContext);
 
 		assertThat(authorizedClient.getClientRegistration()).isSameAs(this.clientRegistration);
@@ -147,20 +138,19 @@ public class PasswordOAuth2AuthorizedClientProviderTests {
 	public void authorizeWhenPasswordAndAuthorizedWithoutRefreshTokenAndTokenExpiredThenReauthorize() {
 		Instant issuedAt = Instant.now().minus(Duration.ofDays(1));
 		Instant expiresAt = issuedAt.plus(Duration.ofMinutes(60));
-		OAuth2AccessToken accessToken = new OAuth2AccessToken(
-				OAuth2AccessToken.TokenType.BEARER, "access-token-expired", issuedAt, expiresAt);
-		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(
-				this.clientRegistration, this.principal.getName(), accessToken);	// without refresh token
+		OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,
+				"access-token-expired", issuedAt, expiresAt);
+		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration,
+				this.principal.getName(), accessToken); // without refresh token
 
 		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build();
 		when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(accessTokenResponse);
 
-		OAuth2AuthorizationContext authorizationContext =
-				OAuth2AuthorizationContext.withAuthorizedClient(authorizedClient)
-						.attribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, "username")
-						.attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, "password")
-						.principal(this.principal)
-						.build();
+		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
+				.withAuthorizedClient(authorizedClient)
+				.attribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, "username")
+				.attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, "password").principal(this.principal)
+				.build();
 		authorizedClient = this.authorizedClientProvider.authorize(authorizationContext);
 
 		assertThat(authorizedClient.getClientRegistration()).isSameAs(this.clientRegistration);
@@ -173,18 +163,18 @@ public class PasswordOAuth2AuthorizedClientProviderTests {
 	public void authorizeWhenPasswordAndAuthorizedWithRefreshTokenAndTokenExpiredThenNotReauthorize() {
 		Instant issuedAt = Instant.now().minus(Duration.ofDays(1));
 		Instant expiresAt = issuedAt.plus(Duration.ofMinutes(60));
-		OAuth2AccessToken accessToken = new OAuth2AccessToken(
-				OAuth2AccessToken.TokenType.BEARER, "access-token-expired", issuedAt, expiresAt);
-		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(
-				this.clientRegistration, this.principal.getName(),
-				accessToken, TestOAuth2RefreshTokens.refreshToken());	// with refresh token
+		OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,
+				"access-token-expired", issuedAt, expiresAt);
+		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration,
+				this.principal.getName(), accessToken, TestOAuth2RefreshTokens.refreshToken()); // with
+																								// refresh
+																								// token
 
-		OAuth2AuthorizationContext authorizationContext =
-				OAuth2AuthorizationContext.withAuthorizedClient(authorizedClient)
-						.attribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, "username")
-						.attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, "password")
-						.principal(this.principal)
-						.build();
+		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
+				.withAuthorizedClient(authorizedClient)
+				.attribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, "username")
+				.attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, "password").principal(this.principal)
+				.build();
 		assertThat(this.authorizedClientProvider.authorize(authorizationContext)).isNull();
 	}
 
@@ -194,23 +184,24 @@ public class PasswordOAuth2AuthorizedClientProviderTests {
 		Instant now = Instant.now();
 		Instant issuedAt = now.minus(Duration.ofMinutes(60));
 		Instant expiresAt = now.minus(Duration.ofMinutes(1));
-		OAuth2AccessToken expiresInOneMinAccessToken = new OAuth2AccessToken(
-				OAuth2AccessToken.TokenType.BEARER, "access-token-1234", issuedAt, expiresAt);
-		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(
-				this.clientRegistration, this.principal.getName(), expiresInOneMinAccessToken);		// without refresh token
+		OAuth2AccessToken expiresInOneMinAccessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,
+				"access-token-1234", issuedAt, expiresAt);
+		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration,
+				this.principal.getName(), expiresInOneMinAccessToken); // without refresh
+																		// token
 
-		// Shorten the lifespan of the access token by 90 seconds, which will ultimately force it to expire on the client
+		// Shorten the lifespan of the access token by 90 seconds, which will ultimately
+		// force it to expire on the client
 		this.authorizedClientProvider.setClockSkew(Duration.ofSeconds(90));
 
 		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build();
 		when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(accessTokenResponse);
 
-		OAuth2AuthorizationContext authorizationContext =
-				OAuth2AuthorizationContext.withAuthorizedClient(authorizedClient)
-						.attribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, "username")
-						.attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, "password")
-						.principal(this.principal)
-						.build();
+		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
+				.withAuthorizedClient(authorizedClient)
+				.attribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, "username")
+				.attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, "password").principal(this.principal)
+				.build();
 
 		OAuth2AuthorizedClient reauthorizedClient = this.authorizedClientProvider.authorize(authorizationContext);
 
@@ -218,4 +209,5 @@ public class PasswordOAuth2AuthorizedClientProviderTests {
 		assertThat(reauthorizedClient.getPrincipalName()).isEqualTo(this.principal.getName());
 		assertThat(reauthorizedClient.getAccessToken()).isEqualTo(accessTokenResponse.getAccessToken());
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/PasswordReactiveOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/PasswordReactiveOAuth2AuthorizedClientProviderTests.java
index 9fefec4b1f..272c710fce 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/PasswordReactiveOAuth2AuthorizedClientProviderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/PasswordReactiveOAuth2AuthorizedClientProviderTests.java
@@ -44,9 +44,13 @@ import static org.mockito.Mockito.when;
  * @author Joe Grandja
  */
 public class PasswordReactiveOAuth2AuthorizedClientProviderTests {
+
 	private PasswordReactiveOAuth2AuthorizedClientProvider authorizedClientProvider;
+
 	private ReactiveOAuth2AccessTokenResponseClient<OAuth2PasswordGrantRequest> accessTokenResponseClient;
+
 	private ClientRegistration clientRegistration;
+
 	private Authentication principal;
 
 	@Before
@@ -61,68 +65,57 @@ public class PasswordReactiveOAuth2AuthorizedClientProviderTests {
 	@Test
 	public void setAccessTokenResponseClientWhenClientIsNullThenThrowIllegalArgumentException() {
 		assertThatThrownBy(() -> this.authorizedClientProvider.setAccessTokenResponseClient(null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("accessTokenResponseClient cannot be null");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("accessTokenResponseClient cannot be null");
 	}
 
 	@Test
 	public void setClockSkewWhenNullThenThrowIllegalArgumentException() {
 		assertThatThrownBy(() -> this.authorizedClientProvider.setClockSkew(null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("clockSkew cannot be null");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("clockSkew cannot be null");
 	}
 
 	@Test
 	public void setClockSkewWhenNegativeSecondsThenThrowIllegalArgumentException() {
 		assertThatThrownBy(() -> this.authorizedClientProvider.setClockSkew(Duration.ofSeconds(-1)))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("clockSkew must be >= 0");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("clockSkew must be >= 0");
 	}
 
 	@Test
 	public void setClockWhenNullThenThrowIllegalArgumentException() {
 		assertThatThrownBy(() -> this.authorizedClientProvider.setClock(null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("clock cannot be null");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("clock cannot be null");
 	}
 
 	@Test
 	public void authorizeWhenContextIsNullThenThrowIllegalArgumentException() {
 		assertThatThrownBy(() -> this.authorizedClientProvider.authorize(null).block())
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("context cannot be null");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("context cannot be null");
 	}
 
 	@Test
 	public void authorizeWhenNotPasswordThenUnableToAuthorize() {
 		ClientRegistration clientRegistration = TestClientRegistrations.clientCredentials().build();
 
-		OAuth2AuthorizationContext authorizationContext =
-				OAuth2AuthorizationContext.withClientRegistration(clientRegistration)
-						.principal(this.principal)
-						.build();
+		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
+				.withClientRegistration(clientRegistration).principal(this.principal).build();
 		assertThat(this.authorizedClientProvider.authorize(authorizationContext).block()).isNull();
 	}
 
 	@Test
 	public void authorizeWhenPasswordAndNotAuthorizedAndEmptyUsernameThenUnableToAuthorize() {
-		OAuth2AuthorizationContext authorizationContext =
-				OAuth2AuthorizationContext.withClientRegistration(this.clientRegistration)
-						.principal(this.principal)
-						.attribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, null)
-						.attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, "password")
-						.build();
+		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
+				.withClientRegistration(this.clientRegistration).principal(this.principal)
+				.attribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, null)
+				.attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, "password").build();
 		assertThat(this.authorizedClientProvider.authorize(authorizationContext).block()).isNull();
 	}
 
 	@Test
 	public void authorizeWhenPasswordAndNotAuthorizedAndEmptyPasswordThenUnableToAuthorize() {
-		OAuth2AuthorizationContext authorizationContext =
-				OAuth2AuthorizationContext.withClientRegistration(this.clientRegistration)
-						.principal(this.principal)
-						.attribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, "username")
-						.attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, null)
-						.build();
+		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
+				.withClientRegistration(this.clientRegistration).principal(this.principal)
+				.attribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, "username")
+				.attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, null).build();
 		assertThat(this.authorizedClientProvider.authorize(authorizationContext).block()).isNull();
 	}
 
@@ -131,12 +124,10 @@ public class PasswordReactiveOAuth2AuthorizedClientProviderTests {
 		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build();
 		when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(Mono.just(accessTokenResponse));
 
-		OAuth2AuthorizationContext authorizationContext =
-				OAuth2AuthorizationContext.withClientRegistration(this.clientRegistration)
-						.principal(this.principal)
-						.attribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, "username")
-						.attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, "password")
-						.build();
+		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
+				.withClientRegistration(this.clientRegistration).principal(this.principal)
+				.attribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, "username")
+				.attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, "password").build();
 		OAuth2AuthorizedClient authorizedClient = this.authorizedClientProvider.authorize(authorizationContext).block();
 
 		assertThat(authorizedClient.getClientRegistration()).isSameAs(this.clientRegistration);
@@ -148,20 +139,19 @@ public class PasswordReactiveOAuth2AuthorizedClientProviderTests {
 	public void authorizeWhenPasswordAndAuthorizedWithoutRefreshTokenAndTokenExpiredThenReauthorize() {
 		Instant issuedAt = Instant.now().minus(Duration.ofDays(1));
 		Instant expiresAt = issuedAt.plus(Duration.ofMinutes(60));
-		OAuth2AccessToken accessToken = new OAuth2AccessToken(
-				OAuth2AccessToken.TokenType.BEARER, "access-token-expired", issuedAt, expiresAt);
-		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(
-				this.clientRegistration, this.principal.getName(), accessToken);	// without refresh token
+		OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,
+				"access-token-expired", issuedAt, expiresAt);
+		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration,
+				this.principal.getName(), accessToken); // without refresh token
 
 		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build();
 		when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(Mono.just(accessTokenResponse));
 
-		OAuth2AuthorizationContext authorizationContext =
-				OAuth2AuthorizationContext.withAuthorizedClient(authorizedClient)
-						.attribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, "username")
-						.attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, "password")
-						.principal(this.principal)
-						.build();
+		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
+				.withAuthorizedClient(authorizedClient)
+				.attribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, "username")
+				.attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, "password").principal(this.principal)
+				.build();
 		authorizedClient = this.authorizedClientProvider.authorize(authorizationContext).block();
 
 		assertThat(authorizedClient.getClientRegistration()).isSameAs(this.clientRegistration);
@@ -174,18 +164,18 @@ public class PasswordReactiveOAuth2AuthorizedClientProviderTests {
 	public void authorizeWhenPasswordAndAuthorizedWithRefreshTokenAndTokenExpiredThenNotReauthorize() {
 		Instant issuedAt = Instant.now().minus(Duration.ofDays(1));
 		Instant expiresAt = issuedAt.plus(Duration.ofMinutes(60));
-		OAuth2AccessToken accessToken = new OAuth2AccessToken(
-				OAuth2AccessToken.TokenType.BEARER, "access-token-expired", issuedAt, expiresAt);
-		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(
-				this.clientRegistration, this.principal.getName(),
-				accessToken, TestOAuth2RefreshTokens.refreshToken());	// with refresh token
+		OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,
+				"access-token-expired", issuedAt, expiresAt);
+		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration,
+				this.principal.getName(), accessToken, TestOAuth2RefreshTokens.refreshToken()); // with
+																								// refresh
+																								// token
 
-		OAuth2AuthorizationContext authorizationContext =
-				OAuth2AuthorizationContext.withAuthorizedClient(authorizedClient)
-						.attribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, "username")
-						.attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, "password")
-						.principal(this.principal)
-						.build();
+		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
+				.withAuthorizedClient(authorizedClient)
+				.attribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, "username")
+				.attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, "password").principal(this.principal)
+				.build();
 		assertThat(this.authorizedClientProvider.authorize(authorizationContext).block()).isNull();
 	}
 
@@ -195,28 +185,31 @@ public class PasswordReactiveOAuth2AuthorizedClientProviderTests {
 		Instant now = Instant.now();
 		Instant issuedAt = now.minus(Duration.ofMinutes(60));
 		Instant expiresAt = now.minus(Duration.ofMinutes(1));
-		OAuth2AccessToken expiresInOneMinAccessToken = new OAuth2AccessToken(
-				OAuth2AccessToken.TokenType.BEARER, "access-token-1234", issuedAt, expiresAt);
-		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(
-				this.clientRegistration, this.principal.getName(), expiresInOneMinAccessToken);		// without refresh token
+		OAuth2AccessToken expiresInOneMinAccessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,
+				"access-token-1234", issuedAt, expiresAt);
+		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration,
+				this.principal.getName(), expiresInOneMinAccessToken); // without refresh
+																		// token
 
-		// Shorten the lifespan of the access token by 90 seconds, which will ultimately force it to expire on the client
+		// Shorten the lifespan of the access token by 90 seconds, which will ultimately
+		// force it to expire on the client
 		this.authorizedClientProvider.setClockSkew(Duration.ofSeconds(90));
 
 		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build();
 		when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(Mono.just(accessTokenResponse));
 
-		OAuth2AuthorizationContext authorizationContext =
-				OAuth2AuthorizationContext.withAuthorizedClient(authorizedClient)
-						.attribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, "username")
-						.attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, "password")
-						.principal(this.principal)
-						.build();
+		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
+				.withAuthorizedClient(authorizedClient)
+				.attribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, "username")
+				.attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, "password").principal(this.principal)
+				.build();
 
-		OAuth2AuthorizedClient reauthorizedClient = this.authorizedClientProvider.authorize(authorizationContext).block();
+		OAuth2AuthorizedClient reauthorizedClient = this.authorizedClientProvider.authorize(authorizationContext)
+				.block();
 
 		assertThat(reauthorizedClient.getClientRegistration()).isSameAs(this.clientRegistration);
 		assertThat(reauthorizedClient.getPrincipalName()).isEqualTo(this.principal.getName());
 		assertThat(reauthorizedClient.getAccessToken()).isEqualTo(accessTokenResponse.getAccessToken());
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientProviderBuilderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientProviderBuilderTests.java
index be877f2ce0..cf4e77b63b 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientProviderBuilderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientProviderBuilderTests.java
@@ -45,8 +45,11 @@ import static org.mockito.Mockito.*;
  * @author Joe Grandja
  */
 public class ReactiveOAuth2AuthorizedClientProviderBuilderTests {
+
 	private ClientRegistration.Builder clientRegistrationBuilder;
+
 	private Authentication principal;
+
 	private MockWebServer server;
 
 	@Before
@@ -71,43 +74,29 @@ public class ReactiveOAuth2AuthorizedClientProviderBuilderTests {
 
 	@Test
 	public void buildWhenAuthorizationCodeProviderThenProviderAuthorizes() {
-		ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider =
-				ReactiveOAuth2AuthorizedClientProviderBuilder.builder()
-						.authorizationCode()
-						.build();
+		ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider = ReactiveOAuth2AuthorizedClientProviderBuilder
+				.builder().authorizationCode().build();
 
-		OAuth2AuthorizationContext authorizationContext =
-				OAuth2AuthorizationContext.withClientRegistration(this.clientRegistrationBuilder.build())
-						.principal(this.principal)
-						.build();
+		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
+				.withClientRegistration(this.clientRegistrationBuilder.build()).principal(this.principal).build();
 		assertThatThrownBy(() -> authorizedClientProvider.authorize(authorizationContext).block())
 				.isInstanceOf(ClientAuthorizationRequiredException.class);
 	}
 
 	@Test
 	public void buildWhenRefreshTokenProviderThenProviderReauthorizes() throws Exception {
-		String accessTokenSuccessResponse = "{\n" +
-				"	\"access_token\": \"access-token-1234\",\n" +
-				"   \"token_type\": \"bearer\",\n" +
-				"   \"expires_in\": \"3600\"\n" +
-				"}\n";
+		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
+				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
 
-		ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider =
-				ReactiveOAuth2AuthorizedClientProviderBuilder.builder()
-						.refreshToken()
-						.build();
+		ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider = ReactiveOAuth2AuthorizedClientProviderBuilder
+				.builder().refreshToken().build();
 
-		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(
-				this.clientRegistrationBuilder.build(),
-				this.principal.getName(),
-				expiredAccessToken(),
-				TestOAuth2RefreshTokens.refreshToken());
+		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistrationBuilder.build(),
+				this.principal.getName(), expiredAccessToken(), TestOAuth2RefreshTokens.refreshToken());
 
-		OAuth2AuthorizationContext authorizationContext =
-				OAuth2AuthorizationContext.withAuthorizedClient(authorizedClient)
-						.principal(this.principal)
-						.build();
+		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
+				.withAuthorizedClient(authorizedClient).principal(this.principal).build();
 		OAuth2AuthorizedClient reauthorizedClient = authorizedClientProvider.authorize(authorizationContext).block();
 
 		assertThat(reauthorizedClient).isNotNull();
@@ -121,22 +110,17 @@ public class ReactiveOAuth2AuthorizedClientProviderBuilderTests {
 
 	@Test
 	public void buildWhenClientCredentialsProviderThenProviderAuthorizes() throws Exception {
-		String accessTokenSuccessResponse = "{\n" +
-				"	\"access_token\": \"access-token-1234\",\n" +
-				"   \"token_type\": \"bearer\",\n" +
-				"   \"expires_in\": \"3600\"\n" +
-				"}\n";
+		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
+				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
 
-		ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider =
-				ReactiveOAuth2AuthorizedClientProviderBuilder.builder()
-						.clientCredentials()
-						.build();
+		ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider = ReactiveOAuth2AuthorizedClientProviderBuilder
+				.builder().clientCredentials().build();
 
-		OAuth2AuthorizationContext authorizationContext =
-				OAuth2AuthorizationContext.withClientRegistration(this.clientRegistrationBuilder.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS).build())
-						.principal(this.principal)
-						.build();
+		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
+				.withClientRegistration(this.clientRegistrationBuilder
+						.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS).build())
+				.principal(this.principal).build();
 		OAuth2AuthorizedClient authorizedClient = authorizedClientProvider.authorize(authorizationContext).block();
 
 		assertThat(authorizedClient).isNotNull();
@@ -150,24 +134,18 @@ public class ReactiveOAuth2AuthorizedClientProviderBuilderTests {
 
 	@Test
 	public void buildWhenPasswordProviderThenProviderAuthorizes() throws Exception {
-		String accessTokenSuccessResponse = "{\n" +
-				"	\"access_token\": \"access-token-1234\",\n" +
-				"   \"token_type\": \"bearer\",\n" +
-				"   \"expires_in\": \"3600\"\n" +
-				"}\n";
+		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
+				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
 
-		ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider =
-				ReactiveOAuth2AuthorizedClientProviderBuilder.builder()
-						.password()
-						.build();
+		ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider = ReactiveOAuth2AuthorizedClientProviderBuilder
+				.builder().password().build();
 
-		OAuth2AuthorizationContext authorizationContext =
-				OAuth2AuthorizationContext.withClientRegistration(this.clientRegistrationBuilder.authorizationGrantType(AuthorizationGrantType.PASSWORD).build())
-						.principal(this.principal)
-						.attribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, "username")
-						.attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, "password")
-						.build();
+		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
+				.withClientRegistration(
+						this.clientRegistrationBuilder.authorizationGrantType(AuthorizationGrantType.PASSWORD).build())
+				.principal(this.principal).attribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, "username")
+				.attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, "password").build();
 		OAuth2AuthorizedClient authorizedClient = authorizedClientProvider.authorize(authorizationContext).block();
 
 		assertThat(authorizedClient).isNotNull();
@@ -181,43 +159,27 @@ public class ReactiveOAuth2AuthorizedClientProviderBuilderTests {
 
 	@Test
 	public void buildWhenAllProvidersThenProvidersAuthorize() throws Exception {
-		String accessTokenSuccessResponse = "{\n" +
-				"	\"access_token\": \"access-token-1234\",\n" +
-				"   \"token_type\": \"bearer\",\n" +
-				"   \"expires_in\": \"3600\"\n" +
-				"}\n";
+		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
+				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
 
-		ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider =
-				ReactiveOAuth2AuthorizedClientProviderBuilder.builder()
-						.authorizationCode()
-						.refreshToken()
-						.clientCredentials()
-						.password()
-						.build();
+		ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider = ReactiveOAuth2AuthorizedClientProviderBuilder
+				.builder().authorizationCode().refreshToken().clientCredentials().password().build();
 
 		// authorization_code
-		OAuth2AuthorizationContext authorizationCodeContext =
-				OAuth2AuthorizationContext.withClientRegistration(this.clientRegistrationBuilder.build())
-						.principal(this.principal)
-						.build();
+		OAuth2AuthorizationContext authorizationCodeContext = OAuth2AuthorizationContext
+				.withClientRegistration(this.clientRegistrationBuilder.build()).principal(this.principal).build();
 		assertThatThrownBy(() -> authorizedClientProvider.authorize(authorizationCodeContext).block())
 				.isInstanceOf(ClientAuthorizationRequiredException.class);
 
-
 		// refresh_token
-		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(
-				this.clientRegistrationBuilder.build(),
-				this.principal.getName(),
-				expiredAccessToken(),
-				TestOAuth2RefreshTokens.refreshToken());
+		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistrationBuilder.build(),
+				this.principal.getName(), expiredAccessToken(), TestOAuth2RefreshTokens.refreshToken());
 
-		OAuth2AuthorizationContext refreshTokenContext =
-				OAuth2AuthorizationContext.withAuthorizedClient(authorizedClient)
-						.principal(this.principal)
-						.build();
+		OAuth2AuthorizationContext refreshTokenContext = OAuth2AuthorizationContext
+				.withAuthorizedClient(authorizedClient).principal(this.principal).build();
 		OAuth2AuthorizedClient reauthorizedClient = authorizedClientProvider.authorize(refreshTokenContext).block();
 
 		assertThat(reauthorizedClient).isNotNull();
@@ -228,12 +190,11 @@ public class ReactiveOAuth2AuthorizedClientProviderBuilderTests {
 		String formParameters = recordedRequest.getBody().readUtf8();
 		assertThat(formParameters).contains("grant_type=refresh_token");
 
-
 		// client_credentials
-		OAuth2AuthorizationContext clientCredentialsContext =
-				OAuth2AuthorizationContext.withClientRegistration(this.clientRegistrationBuilder.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS).build())
-						.principal(this.principal)
-						.build();
+		OAuth2AuthorizationContext clientCredentialsContext = OAuth2AuthorizationContext
+				.withClientRegistration(this.clientRegistrationBuilder
+						.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS).build())
+				.principal(this.principal).build();
 		authorizedClient = authorizedClientProvider.authorize(clientCredentialsContext).block();
 
 		assertThat(authorizedClient).isNotNull();
@@ -245,12 +206,11 @@ public class ReactiveOAuth2AuthorizedClientProviderBuilderTests {
 		assertThat(formParameters).contains("grant_type=client_credentials");
 
 		// password
-		OAuth2AuthorizationContext passwordContext =
-				OAuth2AuthorizationContext.withClientRegistration(this.clientRegistrationBuilder.authorizationGrantType(AuthorizationGrantType.PASSWORD).build())
-						.principal(this.principal)
-						.attribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, "username")
-						.attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, "password")
-						.build();
+		OAuth2AuthorizationContext passwordContext = OAuth2AuthorizationContext
+				.withClientRegistration(
+						this.clientRegistrationBuilder.authorizationGrantType(AuthorizationGrantType.PASSWORD).build())
+				.principal(this.principal).attribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, "username")
+				.attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, "password").build();
 		authorizedClient = authorizedClientProvider.authorize(passwordContext).block();
 
 		assertThat(authorizedClient).isNotNull();
@@ -267,15 +227,11 @@ public class ReactiveOAuth2AuthorizedClientProviderBuilderTests {
 		ReactiveOAuth2AuthorizedClientProvider customProvider = mock(ReactiveOAuth2AuthorizedClientProvider.class);
 		when(customProvider.authorize(any())).thenReturn(Mono.empty());
 
-		ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider =
-				ReactiveOAuth2AuthorizedClientProviderBuilder.builder()
-						.provider(customProvider)
-						.build();
+		ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider = ReactiveOAuth2AuthorizedClientProviderBuilder
+				.builder().provider(customProvider).build();
 
-		OAuth2AuthorizationContext authorizationContext =
-				OAuth2AuthorizationContext.withClientRegistration(this.clientRegistrationBuilder.build())
-						.principal(this.principal)
-						.build();
+		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
+				.withClientRegistration(this.clientRegistrationBuilder.build()).principal(this.principal).build();
 		authorizedClientProvider.authorize(authorizationContext).block();
 
 		verify(customProvider).authorize(any(OAuth2AuthorizationContext.class));
@@ -288,8 +244,7 @@ public class ReactiveOAuth2AuthorizedClientProviderBuilderTests {
 	}
 
 	private MockResponse jsonResponse(String json) {
-		return new MockResponse()
-				.setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE)
-				.setBody(json);
+		return new MockResponse().setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE).setBody(json);
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/RefreshTokenOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/RefreshTokenOAuth2AuthorizedClientProviderTests.java
index 3b373000b3..1676183e8c 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/RefreshTokenOAuth2AuthorizedClientProviderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/RefreshTokenOAuth2AuthorizedClientProviderTests.java
@@ -45,10 +45,15 @@ import static org.mockito.Mockito.*;
  * @author Joe Grandja
  */
 public class RefreshTokenOAuth2AuthorizedClientProviderTests {
+
 	private RefreshTokenOAuth2AuthorizedClientProvider authorizedClientProvider;
+
 	private OAuth2AccessTokenResponseClient<OAuth2RefreshTokenGrantRequest> accessTokenResponseClient;
+
 	private ClientRegistration clientRegistration;
+
 	private Authentication principal;
+
 	private OAuth2AuthorizedClient authorizedClient;
 
 	@Before
@@ -60,8 +65,8 @@ public class RefreshTokenOAuth2AuthorizedClientProviderTests {
 		this.principal = new TestingAuthenticationToken("principal", "password");
 		Instant issuedAt = Instant.now().minus(Duration.ofDays(1));
 		Instant expiresAt = issuedAt.plus(Duration.ofMinutes(60));
-		OAuth2AccessToken expiredAccessToken = new OAuth2AccessToken(
-				OAuth2AccessToken.TokenType.BEARER, "access-token-1234", issuedAt, expiresAt);
+		OAuth2AccessToken expiredAccessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,
+				"access-token-1234", issuedAt, expiresAt);
 		this.authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, this.principal.getName(),
 				expiredAccessToken, TestOAuth2RefreshTokens.refreshToken());
 	}
@@ -69,56 +74,47 @@ public class RefreshTokenOAuth2AuthorizedClientProviderTests {
 	@Test
 	public void setAccessTokenResponseClientWhenClientIsNullThenThrowIllegalArgumentException() {
 		assertThatThrownBy(() -> this.authorizedClientProvider.setAccessTokenResponseClient(null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("accessTokenResponseClient cannot be null");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("accessTokenResponseClient cannot be null");
 	}
 
 	@Test
 	public void setClockSkewWhenNullThenThrowIllegalArgumentException() {
 		assertThatThrownBy(() -> this.authorizedClientProvider.setClockSkew(null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("clockSkew cannot be null");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("clockSkew cannot be null");
 	}
 
 	@Test
 	public void setClockSkewWhenNegativeSecondsThenThrowIllegalArgumentException() {
 		assertThatThrownBy(() -> this.authorizedClientProvider.setClockSkew(Duration.ofSeconds(-1)))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("clockSkew must be >= 0");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("clockSkew must be >= 0");
 	}
 
 	@Test
 	public void setClockWhenNullThenThrowIllegalArgumentException() {
 		assertThatThrownBy(() -> this.authorizedClientProvider.setClock(null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("clock cannot be null");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("clock cannot be null");
 	}
 
 	@Test
 	public void authorizeWhenContextIsNullThenThrowIllegalArgumentException() {
 		assertThatThrownBy(() -> this.authorizedClientProvider.authorize(null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("context cannot be null");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("context cannot be null");
 	}
 
 	@Test
 	public void authorizeWhenNotAuthorizedThenUnableToReauthorize() {
-		OAuth2AuthorizationContext authorizationContext =
-				OAuth2AuthorizationContext.withClientRegistration(this.clientRegistration)
-						.principal(this.principal)
-						.build();
+		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
+				.withClientRegistration(this.clientRegistration).principal(this.principal).build();
 		assertThat(this.authorizedClientProvider.authorize(authorizationContext)).isNull();
 	}
 
 	@Test
 	public void authorizeWhenAuthorizedAndRefreshTokenIsNullThenUnableToReauthorize() {
-		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(
-				this.clientRegistration, this.principal.getName(), this.authorizedClient.getAccessToken());
+		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration,
+				this.principal.getName(), this.authorizedClient.getAccessToken());
 
-		OAuth2AuthorizationContext authorizationContext =
-				OAuth2AuthorizationContext.withAuthorizedClient(authorizedClient)
-						.principal(this.principal)
-						.build();
+		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
+				.withAuthorizedClient(authorizedClient).principal(this.principal).build();
 		assertThat(this.authorizedClientProvider.authorize(authorizationContext)).isNull();
 	}
 
@@ -127,10 +123,8 @@ public class RefreshTokenOAuth2AuthorizedClientProviderTests {
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration,
 				this.principal.getName(), TestOAuth2AccessTokens.noScopes(), this.authorizedClient.getRefreshToken());
 
-		OAuth2AuthorizationContext authorizationContext =
-				OAuth2AuthorizationContext.withAuthorizedClient(authorizedClient)
-						.principal(this.principal)
-						.build();
+		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
+				.withAuthorizedClient(authorizedClient).principal(this.principal).build();
 		assertThat(this.authorizedClientProvider.authorize(authorizationContext)).isNull();
 	}
 
@@ -138,25 +132,23 @@ public class RefreshTokenOAuth2AuthorizedClientProviderTests {
 	@Test
 	public void authorizeWhenAuthorizedAndAccessTokenNotExpiredButClockSkewForcesExpiryThenReauthorize() {
 		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse()
-				.refreshToken("new-refresh-token")
-				.build();
+				.refreshToken("new-refresh-token").build();
 		when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(accessTokenResponse);
 
 		Instant now = Instant.now();
 		Instant issuedAt = now.minus(Duration.ofMinutes(60));
 		Instant expiresAt = now.minus(Duration.ofMinutes(1));
-		OAuth2AccessToken expiresInOneMinAccessToken = new OAuth2AccessToken(
-				OAuth2AccessToken.TokenType.BEARER, "access-token-1234", issuedAt, expiresAt);
-		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, this.principal.getName(),
-				expiresInOneMinAccessToken, this.authorizedClient.getRefreshToken());
+		OAuth2AccessToken expiresInOneMinAccessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,
+				"access-token-1234", issuedAt, expiresAt);
+		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration,
+				this.principal.getName(), expiresInOneMinAccessToken, this.authorizedClient.getRefreshToken());
 
-		// Shorten the lifespan of the access token by 90 seconds, which will ultimately force it to expire on the client
+		// Shorten the lifespan of the access token by 90 seconds, which will ultimately
+		// force it to expire on the client
 		this.authorizedClientProvider.setClockSkew(Duration.ofSeconds(90));
 
-		OAuth2AuthorizationContext authorizationContext =
-				OAuth2AuthorizationContext.withAuthorizedClient(authorizedClient)
-						.principal(this.principal)
-						.build();
+		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
+				.withAuthorizedClient(authorizedClient).principal(this.principal).build();
 
 		OAuth2AuthorizedClient reauthorizedClient = this.authorizedClientProvider.authorize(authorizationContext);
 
@@ -169,14 +161,11 @@ public class RefreshTokenOAuth2AuthorizedClientProviderTests {
 	@Test
 	public void authorizeWhenAuthorizedAndAccessTokenExpiredThenReauthorize() {
 		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse()
-				.refreshToken("new-refresh-token")
-				.build();
+				.refreshToken("new-refresh-token").build();
 		when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(accessTokenResponse);
 
-		OAuth2AuthorizationContext authorizationContext =
-				OAuth2AuthorizationContext.withAuthorizedClient(this.authorizedClient)
-						.principal(this.principal)
-						.build();
+		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
+				.withAuthorizedClient(this.authorizedClient).principal(this.principal).build();
 
 		OAuth2AuthorizedClient reauthorizedClient = this.authorizedClientProvider.authorize(authorizationContext);
 
@@ -189,37 +178,34 @@ public class RefreshTokenOAuth2AuthorizedClientProviderTests {
 	@Test
 	public void authorizeWhenAuthorizedAndRequestScopeProvidedThenScopeRequested() {
 		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse()
-				.refreshToken("new-refresh-token")
-				.build();
+				.refreshToken("new-refresh-token").build();
 		when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(accessTokenResponse);
 
 		String[] requestScope = new String[] { "read", "write" };
-		OAuth2AuthorizationContext authorizationContext =
-				OAuth2AuthorizationContext.withAuthorizedClient(this.authorizedClient)
-						.principal(this.principal)
-						.attribute(OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME, requestScope)
-						.build();
+		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
+				.withAuthorizedClient(this.authorizedClient).principal(this.principal)
+				.attribute(OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME, requestScope).build();
 
 		this.authorizedClientProvider.authorize(authorizationContext);
 
-		ArgumentCaptor<OAuth2RefreshTokenGrantRequest> refreshTokenGrantRequestArgCaptor =
-				ArgumentCaptor.forClass(OAuth2RefreshTokenGrantRequest.class);
+		ArgumentCaptor<OAuth2RefreshTokenGrantRequest> refreshTokenGrantRequestArgCaptor = ArgumentCaptor
+				.forClass(OAuth2RefreshTokenGrantRequest.class);
 		verify(this.accessTokenResponseClient).getTokenResponse(refreshTokenGrantRequestArgCaptor.capture());
-		assertThat(refreshTokenGrantRequestArgCaptor.getValue().getScopes()).isEqualTo(new HashSet<>(Arrays.asList(requestScope)));
+		assertThat(refreshTokenGrantRequestArgCaptor.getValue().getScopes())
+				.isEqualTo(new HashSet<>(Arrays.asList(requestScope)));
 	}
 
 	@Test
 	public void authorizeWhenAuthorizedAndInvalidRequestScopeProvidedThenThrowIllegalArgumentException() {
 		String invalidRequestScope = "read write";
-		OAuth2AuthorizationContext authorizationContext =
-				OAuth2AuthorizationContext.withAuthorizedClient(this.authorizedClient)
-						.principal(this.principal)
-						.attribute(OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME, invalidRequestScope)
-						.build();
+		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
+				.withAuthorizedClient(this.authorizedClient).principal(this.principal)
+				.attribute(OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME, invalidRequestScope).build();
 
 		assertThatThrownBy(() -> this.authorizedClientProvider.authorize(authorizationContext))
 				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessageStartingWith("The context attribute must be of type String[] '" +
-						OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME + "'");
+				.hasMessageStartingWith("The context attribute must be of type String[] '"
+						+ OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME + "'");
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/RefreshTokenReactiveOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/RefreshTokenReactiveOAuth2AuthorizedClientProviderTests.java
index 6ba450f15c..82d915ee40 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/RefreshTokenReactiveOAuth2AuthorizedClientProviderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/RefreshTokenReactiveOAuth2AuthorizedClientProviderTests.java
@@ -46,10 +46,15 @@ import static org.mockito.Mockito.*;
  * @author Joe Grandja
  */
 public class RefreshTokenReactiveOAuth2AuthorizedClientProviderTests {
+
 	private RefreshTokenReactiveOAuth2AuthorizedClientProvider authorizedClientProvider;
+
 	private ReactiveOAuth2AccessTokenResponseClient<OAuth2RefreshTokenGrantRequest> accessTokenResponseClient;
+
 	private ClientRegistration clientRegistration;
+
 	private Authentication principal;
+
 	private OAuth2AuthorizedClient authorizedClient;
 
 	@Before
@@ -61,8 +66,8 @@ public class RefreshTokenReactiveOAuth2AuthorizedClientProviderTests {
 		this.principal = new TestingAuthenticationToken("principal", "password");
 		Instant issuedAt = Instant.now().minus(Duration.ofDays(1));
 		Instant expiresAt = issuedAt.plus(Duration.ofMinutes(60));
-		OAuth2AccessToken expiredAccessToken = new OAuth2AccessToken(
-				OAuth2AccessToken.TokenType.BEARER, "access-token-1234", issuedAt, expiresAt);
+		OAuth2AccessToken expiredAccessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,
+				"access-token-1234", issuedAt, expiresAt);
 		this.authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, this.principal.getName(),
 				expiredAccessToken, TestOAuth2RefreshTokens.refreshToken());
 	}
@@ -70,56 +75,47 @@ public class RefreshTokenReactiveOAuth2AuthorizedClientProviderTests {
 	@Test
 	public void setAccessTokenResponseClientWhenClientIsNullThenThrowIllegalArgumentException() {
 		assertThatThrownBy(() -> this.authorizedClientProvider.setAccessTokenResponseClient(null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("accessTokenResponseClient cannot be null");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("accessTokenResponseClient cannot be null");
 	}
 
 	@Test
 	public void setClockSkewWhenNullThenThrowIllegalArgumentException() {
 		assertThatThrownBy(() -> this.authorizedClientProvider.setClockSkew(null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("clockSkew cannot be null");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("clockSkew cannot be null");
 	}
 
 	@Test
 	public void setClockSkewWhenNegativeSecondsThenThrowIllegalArgumentException() {
 		assertThatThrownBy(() -> this.authorizedClientProvider.setClockSkew(Duration.ofSeconds(-1)))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("clockSkew must be >= 0");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("clockSkew must be >= 0");
 	}
 
 	@Test
 	public void setClockWhenNullThenThrowIllegalArgumentException() {
 		assertThatThrownBy(() -> this.authorizedClientProvider.setClock(null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("clock cannot be null");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("clock cannot be null");
 	}
 
 	@Test
 	public void authorizeWhenContextIsNullThenThrowIllegalArgumentException() {
 		assertThatThrownBy(() -> this.authorizedClientProvider.authorize(null).block())
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("context cannot be null");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("context cannot be null");
 	}
 
 	@Test
 	public void authorizeWhenNotAuthorizedThenUnableToReauthorize() {
-		OAuth2AuthorizationContext authorizationContext =
-				OAuth2AuthorizationContext.withClientRegistration(this.clientRegistration)
-						.principal(this.principal)
-						.build();
+		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
+				.withClientRegistration(this.clientRegistration).principal(this.principal).build();
 		assertThat(this.authorizedClientProvider.authorize(authorizationContext).block()).isNull();
 	}
 
 	@Test
 	public void authorizeWhenAuthorizedAndRefreshTokenIsNullThenUnableToReauthorize() {
-		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(
-				this.clientRegistration, this.principal.getName(), this.authorizedClient.getAccessToken());
+		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration,
+				this.principal.getName(), this.authorizedClient.getAccessToken());
 
-		OAuth2AuthorizationContext authorizationContext =
-				OAuth2AuthorizationContext.withAuthorizedClient(authorizedClient)
-						.principal(this.principal)
-						.build();
+		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
+				.withAuthorizedClient(authorizedClient).principal(this.principal).build();
 		assertThat(this.authorizedClientProvider.authorize(authorizationContext).block()).isNull();
 	}
 
@@ -128,10 +124,8 @@ public class RefreshTokenReactiveOAuth2AuthorizedClientProviderTests {
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration,
 				this.principal.getName(), TestOAuth2AccessTokens.noScopes(), this.authorizedClient.getRefreshToken());
 
-		OAuth2AuthorizationContext authorizationContext =
-				OAuth2AuthorizationContext.withAuthorizedClient(authorizedClient)
-						.principal(this.principal)
-						.build();
+		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
+				.withAuthorizedClient(authorizedClient).principal(this.principal).build();
 		assertThat(this.authorizedClientProvider.authorize(authorizationContext).block()).isNull();
 	}
 
@@ -139,27 +133,26 @@ public class RefreshTokenReactiveOAuth2AuthorizedClientProviderTests {
 	@Test
 	public void authorizeWhenAuthorizedAndAccessTokenNotExpiredButClockSkewForcesExpiryThenReauthorize() {
 		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse()
-				.refreshToken("new-refresh-token")
-				.build();
+				.refreshToken("new-refresh-token").build();
 		when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(Mono.just(accessTokenResponse));
 
 		Instant now = Instant.now();
 		Instant issuedAt = now.minus(Duration.ofMinutes(60));
 		Instant expiresAt = now.minus(Duration.ofMinutes(1));
-		OAuth2AccessToken expiresInOneMinAccessToken = new OAuth2AccessToken(
-				OAuth2AccessToken.TokenType.BEARER, "access-token-1234", issuedAt, expiresAt);
-		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, this.principal.getName(),
-				expiresInOneMinAccessToken, this.authorizedClient.getRefreshToken());
+		OAuth2AccessToken expiresInOneMinAccessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,
+				"access-token-1234", issuedAt, expiresAt);
+		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration,
+				this.principal.getName(), expiresInOneMinAccessToken, this.authorizedClient.getRefreshToken());
 
-		// Shorten the lifespan of the access token by 90 seconds, which will ultimately force it to expire on the client
+		// Shorten the lifespan of the access token by 90 seconds, which will ultimately
+		// force it to expire on the client
 		this.authorizedClientProvider.setClockSkew(Duration.ofSeconds(90));
 
-		OAuth2AuthorizationContext authorizationContext =
-				OAuth2AuthorizationContext.withAuthorizedClient(authorizedClient)
-						.principal(this.principal)
-						.build();
+		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
+				.withAuthorizedClient(authorizedClient).principal(this.principal).build();
 
-		OAuth2AuthorizedClient reauthorizedClient = this.authorizedClientProvider.authorize(authorizationContext).block();
+		OAuth2AuthorizedClient reauthorizedClient = this.authorizedClientProvider.authorize(authorizationContext)
+				.block();
 
 		assertThat(reauthorizedClient.getClientRegistration()).isSameAs(this.clientRegistration);
 		assertThat(reauthorizedClient.getPrincipalName()).isEqualTo(this.principal.getName());
@@ -170,16 +163,14 @@ public class RefreshTokenReactiveOAuth2AuthorizedClientProviderTests {
 	@Test
 	public void authorizeWhenAuthorizedAndAccessTokenExpiredThenReauthorize() {
 		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse()
-				.refreshToken("new-refresh-token")
-				.build();
+				.refreshToken("new-refresh-token").build();
 		when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(Mono.just(accessTokenResponse));
 
-		OAuth2AuthorizationContext authorizationContext =
-				OAuth2AuthorizationContext.withAuthorizedClient(this.authorizedClient)
-						.principal(this.principal)
-						.build();
+		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
+				.withAuthorizedClient(this.authorizedClient).principal(this.principal).build();
 
-		OAuth2AuthorizedClient reauthorizedClient = this.authorizedClientProvider.authorize(authorizationContext).block();
+		OAuth2AuthorizedClient reauthorizedClient = this.authorizedClientProvider.authorize(authorizationContext)
+				.block();
 
 		assertThat(reauthorizedClient.getClientRegistration()).isSameAs(this.clientRegistration);
 		assertThat(reauthorizedClient.getPrincipalName()).isEqualTo(this.principal.getName());
@@ -190,37 +181,34 @@ public class RefreshTokenReactiveOAuth2AuthorizedClientProviderTests {
 	@Test
 	public void authorizeWhenAuthorizedAndRequestScopeProvidedThenScopeRequested() {
 		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse()
-				.refreshToken("new-refresh-token")
-				.build();
+				.refreshToken("new-refresh-token").build();
 		when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(Mono.just(accessTokenResponse));
 
 		String[] requestScope = new String[] { "read", "write" };
-		OAuth2AuthorizationContext authorizationContext =
-				OAuth2AuthorizationContext.withAuthorizedClient(this.authorizedClient)
-						.principal(this.principal)
-						.attribute(OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME, requestScope)
-						.build();
+		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
+				.withAuthorizedClient(this.authorizedClient).principal(this.principal)
+				.attribute(OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME, requestScope).build();
 
 		this.authorizedClientProvider.authorize(authorizationContext).block();
 
-		ArgumentCaptor<OAuth2RefreshTokenGrantRequest> refreshTokenGrantRequestArgCaptor =
-				ArgumentCaptor.forClass(OAuth2RefreshTokenGrantRequest.class);
+		ArgumentCaptor<OAuth2RefreshTokenGrantRequest> refreshTokenGrantRequestArgCaptor = ArgumentCaptor
+				.forClass(OAuth2RefreshTokenGrantRequest.class);
 		verify(this.accessTokenResponseClient).getTokenResponse(refreshTokenGrantRequestArgCaptor.capture());
-		assertThat(refreshTokenGrantRequestArgCaptor.getValue().getScopes()).isEqualTo(new HashSet<>(Arrays.asList(requestScope)));
+		assertThat(refreshTokenGrantRequestArgCaptor.getValue().getScopes())
+				.isEqualTo(new HashSet<>(Arrays.asList(requestScope)));
 	}
 
 	@Test
 	public void authorizeWhenAuthorizedAndInvalidRequestScopeProvidedThenThrowIllegalArgumentException() {
 		String invalidRequestScope = "read write";
-		OAuth2AuthorizationContext authorizationContext =
-				OAuth2AuthorizationContext.withAuthorizedClient(this.authorizedClient)
-						.principal(this.principal)
-						.attribute(OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME, invalidRequestScope)
-						.build();
+		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
+				.withAuthorizedClient(this.authorizedClient).principal(this.principal)
+				.attribute(OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME, invalidRequestScope).build();
 
 		assertThatThrownBy(() -> this.authorizedClientProvider.authorize(authorizationContext).block())
 				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessageStartingWith("The context attribute must be of type String[] '" +
-						OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME + "'");
+				.hasMessageStartingWith("The context attribute must be of type String[] '"
+						+ OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME + "'");
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthenticationTokenTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthenticationTokenTests.java
index 8e0823fe76..13cfd2be38 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthenticationTokenTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthenticationTokenTests.java
@@ -32,8 +32,11 @@ import static org.mockito.Mockito.mock;
  * @author Joe Grandja
  */
 public class OAuth2AuthenticationTokenTests {
+
 	private OAuth2User principal;
+
 	private Collection<? extends GrantedAuthority> authorities;
+
 	private String authorizedClientRegistrationId;
 
 	@Before
@@ -65,8 +68,8 @@ public class OAuth2AuthenticationTokenTests {
 
 	@Test
 	public void constructorWhenAllParametersProvidedAndValidThenCreated() {
-		OAuth2AuthenticationToken authentication = new OAuth2AuthenticationToken(
-			this.principal, this.authorities, this.authorizedClientRegistrationId);
+		OAuth2AuthenticationToken authentication = new OAuth2AuthenticationToken(this.principal, this.authorities,
+				this.authorizedClientRegistrationId);
 
 		assertThat(authentication.getPrincipal()).isEqualTo(this.principal);
 		assertThat(authentication.getCredentials()).isEqualTo("");
@@ -74,4 +77,5 @@ public class OAuth2AuthenticationTokenTests {
 		assertThat(authentication.getAuthorizedClientRegistrationId()).isEqualTo(this.authorizedClientRegistrationId);
 		assertThat(authentication.isAuthenticated()).isEqualTo(true);
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationProviderTests.java
index 41ebe4a1e6..46e79722d2 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationProviderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationProviderTests.java
@@ -49,9 +49,13 @@ import static org.springframework.security.oauth2.core.endpoint.TestOAuth2Author
  * @author Joe Grandja
  */
 public class OAuth2AuthorizationCodeAuthenticationProviderTests {
+
 	private ClientRegistration clientRegistration;
+
 	private OAuth2AuthorizationRequest authorizationRequest;
+
 	private OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient;
+
 	private OAuth2AuthorizationCodeAuthenticationProvider authenticationProvider;
 
 	@Before
@@ -77,26 +81,24 @@ public class OAuth2AuthorizationCodeAuthenticationProviderTests {
 	@Test
 	public void authenticateWhenAuthorizationErrorResponseThenThrowOAuth2AuthorizationException() {
 		OAuth2AuthorizationResponse authorizationResponse = error().errorCode(OAuth2ErrorCodes.INVALID_REQUEST).build();
-		OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(
-				this.authorizationRequest, authorizationResponse);
+		OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(this.authorizationRequest,
+				authorizationResponse);
 
 		assertThatThrownBy(() -> {
 			this.authenticationProvider.authenticate(
-					new OAuth2AuthorizationCodeAuthenticationToken(
-							this.clientRegistration, authorizationExchange));
+					new OAuth2AuthorizationCodeAuthenticationToken(this.clientRegistration, authorizationExchange));
 		}).isInstanceOf(OAuth2AuthorizationException.class).hasMessageContaining(OAuth2ErrorCodes.INVALID_REQUEST);
 	}
 
 	@Test
 	public void authenticateWhenAuthorizationResponseStateNotEqualAuthorizationRequestStateThenThrowOAuth2AuthorizationException() {
 		OAuth2AuthorizationResponse authorizationResponse = success().state("67890").build();
-		OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(
-				this.authorizationRequest, authorizationResponse);
+		OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(this.authorizationRequest,
+				authorizationResponse);
 
 		assertThatThrownBy(() -> {
 			this.authenticationProvider.authenticate(
-					new OAuth2AuthorizationCodeAuthenticationToken(
-							this.clientRegistration, authorizationExchange));
+					new OAuth2AuthorizationCodeAuthenticationToken(this.clientRegistration, authorizationExchange));
 		}).isInstanceOf(OAuth2AuthorizationException.class).hasMessageContaining("invalid_state_parameter");
 	}
 
@@ -105,11 +107,11 @@ public class OAuth2AuthorizationCodeAuthenticationProviderTests {
 		OAuth2AccessTokenResponse accessTokenResponse = accessTokenResponse().refreshToken("refresh").build();
 		when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(accessTokenResponse);
 
-		OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(
-				this.authorizationRequest, success().build());
-		OAuth2AuthorizationCodeAuthenticationToken authenticationResult =
-			(OAuth2AuthorizationCodeAuthenticationToken) this.authenticationProvider.authenticate(
-				new OAuth2AuthorizationCodeAuthenticationToken(this.clientRegistration, authorizationExchange));
+		OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(this.authorizationRequest,
+				success().build());
+		OAuth2AuthorizationCodeAuthenticationToken authenticationResult = (OAuth2AuthorizationCodeAuthenticationToken) this.authenticationProvider
+				.authenticate(
+						new OAuth2AuthorizationCodeAuthenticationToken(this.clientRegistration, authorizationExchange));
 
 		assertThat(authenticationResult.isAuthenticated()).isTrue();
 		assertThat(authenticationResult.getPrincipal()).isEqualTo(this.clientRegistration.getClientId());
@@ -143,4 +145,5 @@ public class OAuth2AuthorizationCodeAuthenticationProviderTests {
 		assertThat(authentication.getAdditionalParameters())
 				.containsAllEntriesOf(accessTokenResponse.getAdditionalParameters());
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationTokenTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationTokenTests.java
index e153e63e56..33d2e8a7e8 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationTokenTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationTokenTests.java
@@ -37,15 +37,17 @@ import static org.springframework.security.oauth2.core.endpoint.TestOAuth2Author
  * @author Joe Grandja
  */
 public class OAuth2AuthorizationCodeAuthenticationTokenTests {
+
 	private ClientRegistration clientRegistration;
+
 	private OAuth2AuthorizationExchange authorizationExchange;
+
 	private OAuth2AccessToken accessToken;
 
 	@Before
 	public void setUp() {
 		this.clientRegistration = clientRegistration().build();
-		this.authorizationExchange = new OAuth2AuthorizationExchange(request().build(),
-				success().code("code").build());
+		this.authorizationExchange = new OAuth2AuthorizationExchange(request().build(), success().code("code").build());
 		this.accessToken = noScopes();
 	}
 
@@ -63,11 +65,12 @@ public class OAuth2AuthorizationCodeAuthenticationTokenTests {
 
 	@Test
 	public void constructorAuthorizationRequestResponseWhenAllParametersProvidedAndValidThenCreated() {
-		OAuth2AuthorizationCodeAuthenticationToken authentication =
-			new OAuth2AuthorizationCodeAuthenticationToken(this.clientRegistration, this.authorizationExchange);
+		OAuth2AuthorizationCodeAuthenticationToken authentication = new OAuth2AuthorizationCodeAuthenticationToken(
+				this.clientRegistration, this.authorizationExchange);
 
 		assertThat(authentication.getPrincipal()).isEqualTo(this.clientRegistration.getClientId());
-		assertThat(authentication.getCredentials()).isEqualTo(this.authorizationExchange.getAuthorizationResponse().getCode());
+		assertThat(authentication.getCredentials())
+				.isEqualTo(this.authorizationExchange.getAuthorizationResponse().getCode());
 		assertThat(authentication.getAuthorities()).isEqualTo(Collections.emptyList());
 		assertThat(authentication.getClientRegistration()).isEqualTo(this.clientRegistration);
 		assertThat(authentication.getAuthorizationExchange()).isEqualTo(this.authorizationExchange);
@@ -77,26 +80,27 @@ public class OAuth2AuthorizationCodeAuthenticationTokenTests {
 
 	@Test
 	public void constructorTokenRequestResponseWhenClientRegistrationIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> new OAuth2AuthorizationCodeAuthenticationToken(null, this.authorizationExchange, this.accessToken))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatThrownBy(() -> new OAuth2AuthorizationCodeAuthenticationToken(null, this.authorizationExchange,
+				this.accessToken)).isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
 	public void constructorTokenRequestResponseWhenAuthorizationExchangeIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> new OAuth2AuthorizationCodeAuthenticationToken(this.clientRegistration, null, this.accessToken))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatThrownBy(
+				() -> new OAuth2AuthorizationCodeAuthenticationToken(this.clientRegistration, null, this.accessToken))
+						.isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
 	public void constructorTokenRequestResponseWhenAccessTokenIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> new OAuth2AuthorizationCodeAuthenticationToken(this.clientRegistration, this.authorizationExchange, null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatThrownBy(() -> new OAuth2AuthorizationCodeAuthenticationToken(this.clientRegistration,
+				this.authorizationExchange, null)).isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
 	public void constructorTokenRequestResponseWhenAllParametersProvidedAndValidThenCreated() {
 		OAuth2AuthorizationCodeAuthenticationToken authentication = new OAuth2AuthorizationCodeAuthenticationToken(
-			this.clientRegistration, this.authorizationExchange, this.accessToken);
+				this.clientRegistration, this.authorizationExchange, this.accessToken);
 
 		assertThat(authentication.getPrincipal()).isEqualTo(this.clientRegistration.getClientId());
 		assertThat(authentication.getCredentials()).isEqualTo(this.accessToken.getTokenValue());
@@ -106,4 +110,5 @@ public class OAuth2AuthorizationCodeAuthenticationTokenTests {
 		assertThat(authentication.getAccessToken()).isEqualTo(this.accessToken);
 		assertThat(authentication.isAuthenticated()).isEqualTo(true);
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeReactiveAuthenticationManagerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeReactiveAuthenticationManagerTests.java
index f375342212..101adcf47b 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeReactiveAuthenticationManagerTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeReactiveAuthenticationManagerTests.java
@@ -48,6 +48,7 @@ import static org.mockito.Mockito.when;
  */
 @RunWith(MockitoJUnitRunner.class)
 public class OAuth2AuthorizationCodeReactiveAuthenticationManagerTests {
+
 	@Mock
 	private ReactiveOAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient;
 
@@ -59,8 +60,7 @@ public class OAuth2AuthorizationCodeReactiveAuthenticationManagerTests {
 
 	private OAuth2AuthorizationResponse.Builder authorizationResponse = TestOAuth2AuthorizationResponses.success();
 
-	private OAuth2AccessTokenResponse.Builder tokenResponse = TestOAuth2AccessTokenResponses
-			.accessTokenResponse();
+	private OAuth2AccessTokenResponse.Builder tokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse();
 
 	@Before
 	public void setup() {
@@ -70,15 +70,13 @@ public class OAuth2AuthorizationCodeReactiveAuthenticationManagerTests {
 	@Test
 	public void authenticateWhenErrorThenOAuth2AuthorizationException() {
 		this.authorizationResponse = TestOAuth2AuthorizationResponses.error();
-		assertThatCode(() -> authenticate())
-				.isInstanceOf(OAuth2AuthorizationException.class);
+		assertThatCode(() -> authenticate()).isInstanceOf(OAuth2AuthorizationException.class);
 	}
 
 	@Test
 	public void authenticateWhenStateNotEqualThenOAuth2AuthorizationException() {
 		this.authorizationRequest.state("notequal");
-		assertThatCode(() -> authenticate())
-				.isInstanceOf(OAuth2AuthorizationException.class);
+		assertThatCode(() -> authenticate()).isInstanceOf(OAuth2AuthorizationException.class);
 	}
 
 	@Test
@@ -101,17 +99,18 @@ public class OAuth2AuthorizationCodeReactiveAuthenticationManagerTests {
 
 	@Test
 	public void authenticateWhenOAuth2AuthorizationExceptionThenOAuth2AuthorizationException() {
-		when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(Mono.error(() -> new OAuth2AuthorizationException(new OAuth2Error("error"))));
+		when(this.accessTokenResponseClient.getTokenResponse(any()))
+				.thenReturn(Mono.error(() -> new OAuth2AuthorizationException(new OAuth2Error("error"))));
 
-		assertThatCode(() -> authenticate())
-				.isInstanceOf(OAuth2AuthorizationException.class);
+		assertThatCode(() -> authenticate()).isInstanceOf(OAuth2AuthorizationException.class);
 	}
 
 	private OAuth2AuthorizationCodeAuthenticationToken authenticate() {
-		OAuth2AuthorizationExchange exchange = new OAuth2AuthorizationExchange(
-				this.authorizationRequest.build(), this.authorizationResponse.build());
+		OAuth2AuthorizationExchange exchange = new OAuth2AuthorizationExchange(this.authorizationRequest.build(),
+				this.authorizationResponse.build());
 		OAuth2AuthorizationCodeAuthenticationToken token = new OAuth2AuthorizationCodeAuthenticationToken(
 				this.registration.build(), exchange);
 		return (OAuth2AuthorizationCodeAuthenticationToken) this.manager.authenticate(token).block();
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProviderTests.java
index 8a2aaa10d1..c60f2ce919 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProviderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProviderTests.java
@@ -64,12 +64,19 @@ import static org.springframework.security.oauth2.core.endpoint.TestOAuth2Author
  * @author Joe Grandja
  */
 public class OAuth2LoginAuthenticationProviderTests {
+
 	private ClientRegistration clientRegistration;
+
 	private OAuth2AuthorizationRequest authorizationRequest;
+
 	private OAuth2AuthorizationResponse authorizationResponse;
+
 	private OAuth2AuthorizationExchange authorizationExchange;
+
 	private OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient;
+
 	private OAuth2UserService<OAuth2UserRequest, OAuth2User> userService;
+
 	private OAuth2LoginAuthenticationProvider authenticationProvider;
 
 	@Rule
@@ -81,10 +88,12 @@ public class OAuth2LoginAuthenticationProviderTests {
 		this.clientRegistration = clientRegistration().build();
 		this.authorizationRequest = request().scope("scope1", "scope2").build();
 		this.authorizationResponse = success().build();
-		this.authorizationExchange = new OAuth2AuthorizationExchange(this.authorizationRequest, this.authorizationResponse);
+		this.authorizationExchange = new OAuth2AuthorizationExchange(this.authorizationRequest,
+				this.authorizationResponse);
 		this.accessTokenResponseClient = mock(OAuth2AccessTokenResponseClient.class);
 		this.userService = mock(OAuth2UserService.class);
-		this.authenticationProvider = new OAuth2LoginAuthenticationProvider(this.accessTokenResponseClient, this.userService);
+		this.authenticationProvider = new OAuth2LoginAuthenticationProvider(this.accessTokenResponseClient,
+				this.userService);
 	}
 
 	@Test
@@ -113,12 +122,11 @@ public class OAuth2LoginAuthenticationProviderTests {
 	@Test
 	public void authenticateWhenAuthorizationRequestContainsOpenidScopeThenReturnNull() {
 		OAuth2AuthorizationRequest authorizationRequest = request().scope("openid").build();
-		OAuth2AuthorizationExchange authorizationExchange =
-				new OAuth2AuthorizationExchange(authorizationRequest, this.authorizationResponse);
+		OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(authorizationRequest,
+				this.authorizationResponse);
 
-		OAuth2LoginAuthenticationToken authentication =
-			(OAuth2LoginAuthenticationToken) this.authenticationProvider.authenticate(
-				new OAuth2LoginAuthenticationToken(this.clientRegistration, authorizationExchange));
+		OAuth2LoginAuthenticationToken authentication = (OAuth2LoginAuthenticationToken) this.authenticationProvider
+				.authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, authorizationExchange));
 
 		assertThat(authentication).isNull();
 	}
@@ -128,13 +136,12 @@ public class OAuth2LoginAuthenticationProviderTests {
 		this.exception.expect(OAuth2AuthenticationException.class);
 		this.exception.expectMessage(containsString(OAuth2ErrorCodes.INVALID_REQUEST));
 
-		OAuth2AuthorizationResponse authorizationResponse =
-				error().errorCode(OAuth2ErrorCodes.INVALID_REQUEST).build();
-		OAuth2AuthorizationExchange authorizationExchange =
-				new OAuth2AuthorizationExchange(this.authorizationRequest, authorizationResponse);
+		OAuth2AuthorizationResponse authorizationResponse = error().errorCode(OAuth2ErrorCodes.INVALID_REQUEST).build();
+		OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(this.authorizationRequest,
+				authorizationResponse);
 
-		this.authenticationProvider.authenticate(
-			new OAuth2LoginAuthenticationToken(this.clientRegistration, authorizationExchange));
+		this.authenticationProvider
+				.authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, authorizationExchange));
 	}
 
 	@Test
@@ -142,13 +149,12 @@ public class OAuth2LoginAuthenticationProviderTests {
 		this.exception.expect(OAuth2AuthenticationException.class);
 		this.exception.expectMessage(containsString("invalid_state_parameter"));
 
-		OAuth2AuthorizationResponse authorizationResponse =
-				success().state("67890").build();
-		OAuth2AuthorizationExchange authorizationExchange =
-				new OAuth2AuthorizationExchange(this.authorizationRequest, authorizationResponse);
+		OAuth2AuthorizationResponse authorizationResponse = success().state("67890").build();
+		OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(this.authorizationRequest,
+				authorizationResponse);
 
-		this.authenticationProvider.authenticate(
-			new OAuth2LoginAuthenticationToken(this.clientRegistration, authorizationExchange));
+		this.authenticationProvider
+				.authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, authorizationExchange));
 	}
 
 	@Test
@@ -158,13 +164,11 @@ public class OAuth2LoginAuthenticationProviderTests {
 
 		OAuth2User principal = mock(OAuth2User.class);
 		List<GrantedAuthority> authorities = AuthorityUtils.createAuthorityList("ROLE_USER");
-		when(principal.getAuthorities()).thenAnswer(
-			(Answer<List<GrantedAuthority>>) invocation -> authorities);
+		when(principal.getAuthorities()).thenAnswer((Answer<List<GrantedAuthority>>) invocation -> authorities);
 		when(this.userService.loadUser(any())).thenReturn(principal);
 
-		OAuth2LoginAuthenticationToken authentication =
-			(OAuth2LoginAuthenticationToken) this.authenticationProvider.authenticate(
-				new OAuth2LoginAuthenticationToken(this.clientRegistration, this.authorizationExchange));
+		OAuth2LoginAuthenticationToken authentication = (OAuth2LoginAuthenticationToken) this.authenticationProvider
+				.authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, this.authorizationExchange));
 
 		assertThat(authentication.isAuthenticated()).isTrue();
 		assertThat(authentication.getPrincipal()).isEqualTo(principal);
@@ -183,19 +187,17 @@ public class OAuth2LoginAuthenticationProviderTests {
 
 		OAuth2User principal = mock(OAuth2User.class);
 		List<GrantedAuthority> authorities = AuthorityUtils.createAuthorityList("ROLE_USER");
-		when(principal.getAuthorities()).thenAnswer(
-			(Answer<List<GrantedAuthority>>) invocation -> authorities);
+		when(principal.getAuthorities()).thenAnswer((Answer<List<GrantedAuthority>>) invocation -> authorities);
 		when(this.userService.loadUser(any())).thenReturn(principal);
 
 		List<GrantedAuthority> mappedAuthorities = AuthorityUtils.createAuthorityList("ROLE_OAUTH2_USER");
 		GrantedAuthoritiesMapper authoritiesMapper = mock(GrantedAuthoritiesMapper.class);
-		when(authoritiesMapper.mapAuthorities(anyCollection())).thenAnswer(
-			(Answer<List<GrantedAuthority>>) invocation -> mappedAuthorities);
+		when(authoritiesMapper.mapAuthorities(anyCollection()))
+				.thenAnswer((Answer<List<GrantedAuthority>>) invocation -> mappedAuthorities);
 		this.authenticationProvider.setAuthoritiesMapper(authoritiesMapper);
 
-		OAuth2LoginAuthenticationToken authentication =
-			(OAuth2LoginAuthenticationToken) this.authenticationProvider.authenticate(
-				new OAuth2LoginAuthenticationToken(this.clientRegistration, this.authorizationExchange));
+		OAuth2LoginAuthenticationToken authentication = (OAuth2LoginAuthenticationToken) this.authenticationProvider
+				.authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, this.authorizationExchange));
 
 		assertThat(authentication.getAuthorities()).isEqualTo(mappedAuthorities);
 	}
@@ -208,16 +210,15 @@ public class OAuth2LoginAuthenticationProviderTests {
 
 		OAuth2User principal = mock(OAuth2User.class);
 		List<GrantedAuthority> authorities = AuthorityUtils.createAuthorityList("ROLE_USER");
-		when(principal.getAuthorities()).thenAnswer(
-				(Answer<List<GrantedAuthority>>) invocation -> authorities);
+		when(principal.getAuthorities()).thenAnswer((Answer<List<GrantedAuthority>>) invocation -> authorities);
 		ArgumentCaptor<OAuth2UserRequest> userRequestArgCaptor = ArgumentCaptor.forClass(OAuth2UserRequest.class);
 		when(this.userService.loadUser(userRequestArgCaptor.capture())).thenReturn(principal);
 
-		this.authenticationProvider.authenticate(
-				new OAuth2LoginAuthenticationToken(this.clientRegistration, this.authorizationExchange));
+		this.authenticationProvider
+				.authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, this.authorizationExchange));
 
-		assertThat(userRequestArgCaptor.getValue().getAdditionalParameters()).containsAllEntriesOf(
-				accessTokenResponse.getAdditionalParameters());
+		assertThat(userRequestArgCaptor.getValue().getAdditionalParameters())
+				.containsAllEntriesOf(accessTokenResponse.getAdditionalParameters());
 	}
 
 	private OAuth2AccessTokenResponse accessTokenSuccessResponse() {
@@ -227,14 +228,10 @@ public class OAuth2LoginAuthenticationProviderTests {
 		additionalParameters.put("param1", "value1");
 		additionalParameters.put("param2", "value2");
 
-		return OAuth2AccessTokenResponse
-				.withToken("access-token-1234")
-				.tokenType(OAuth2AccessToken.TokenType.BEARER)
-				.expiresIn(expiresAt.getEpochSecond())
-				.scopes(scopes)
-				.refreshToken("refresh-token-1234")
-				.additionalParameters(additionalParameters)
-				.build();
+		return OAuth2AccessTokenResponse.withToken("access-token-1234").tokenType(OAuth2AccessToken.TokenType.BEARER)
+				.expiresIn(expiresAt.getEpochSecond()).scopes(scopes).refreshToken("refresh-token-1234")
+				.additionalParameters(additionalParameters).build();
 
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationTokenTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationTokenTests.java
index 66feaa0838..c2c3c312e0 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationTokenTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationTokenTests.java
@@ -40,10 +40,15 @@ import static org.springframework.security.oauth2.core.endpoint.TestOAuth2Author
  * @author Joe Grandja
  */
 public class OAuth2LoginAuthenticationTokenTests {
+
 	private OAuth2User principal;
+
 	private Collection<? extends GrantedAuthority> authorities;
+
 	private ClientRegistration clientRegistration;
+
 	private OAuth2AuthorizationExchange authorizationExchange;
+
 	private OAuth2AccessToken accessToken;
 
 	@Before
@@ -51,8 +56,7 @@ public class OAuth2LoginAuthenticationTokenTests {
 		this.principal = mock(OAuth2User.class);
 		this.authorities = Collections.emptyList();
 		this.clientRegistration = clientRegistration().build();
-		this.authorizationExchange = new OAuth2AuthorizationExchange(
-				request().build(), success().code("code").build());
+		this.authorizationExchange = new OAuth2AuthorizationExchange(request().build(), success().code("code").build());
 		this.accessToken = noScopes();
 	}
 
@@ -68,8 +72,8 @@ public class OAuth2LoginAuthenticationTokenTests {
 
 	@Test
 	public void constructorAuthorizationRequestResponseWhenAllParametersProvidedAndValidThenCreated() {
-		OAuth2LoginAuthenticationToken authentication = new OAuth2LoginAuthenticationToken(
-			this.clientRegistration, this.authorizationExchange);
+		OAuth2LoginAuthenticationToken authentication = new OAuth2LoginAuthenticationToken(this.clientRegistration,
+				this.authorizationExchange);
 
 		assertThat(authentication.getPrincipal()).isNull();
 		assertThat(authentication.getCredentials()).isEqualTo("");
@@ -82,44 +86,44 @@ public class OAuth2LoginAuthenticationTokenTests {
 
 	@Test(expected = IllegalArgumentException.class)
 	public void constructorTokenRequestResponseWhenClientRegistrationIsNullThenThrowIllegalArgumentException() {
-		new OAuth2LoginAuthenticationToken(null, this.authorizationExchange, this.principal,
-			this.authorities, this.accessToken);
+		new OAuth2LoginAuthenticationToken(null, this.authorizationExchange, this.principal, this.authorities,
+				this.accessToken);
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void constructorTokenRequestResponseWhenAuthorizationExchangeIsNullThenThrowIllegalArgumentException() {
-		new OAuth2LoginAuthenticationToken(this.clientRegistration, null, this.principal,
-			this.authorities, this.accessToken);
+		new OAuth2LoginAuthenticationToken(this.clientRegistration, null, this.principal, this.authorities,
+				this.accessToken);
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void constructorTokenRequestResponseWhenPrincipalIsNullThenThrowIllegalArgumentException() {
-		new OAuth2LoginAuthenticationToken(this.clientRegistration, this.authorizationExchange, null,
-			this.authorities, this.accessToken);
+		new OAuth2LoginAuthenticationToken(this.clientRegistration, this.authorizationExchange, null, this.authorities,
+				this.accessToken);
 	}
 
 	@Test
 	public void constructorTokenRequestResponseWhenAuthoritiesIsNullThenCreated() {
-		new OAuth2LoginAuthenticationToken(this.clientRegistration, this.authorizationExchange,
-			this.principal, null, this.accessToken);
+		new OAuth2LoginAuthenticationToken(this.clientRegistration, this.authorizationExchange, this.principal, null,
+				this.accessToken);
 	}
 
 	@Test
 	public void constructorTokenRequestResponseWhenAuthoritiesIsEmptyThenCreated() {
-		new OAuth2LoginAuthenticationToken(this.clientRegistration, this.authorizationExchange,
-			this.principal, Collections.emptyList(), this.accessToken);
+		new OAuth2LoginAuthenticationToken(this.clientRegistration, this.authorizationExchange, this.principal,
+				Collections.emptyList(), this.accessToken);
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void constructorTokenRequestResponseWhenAccessTokenIsNullThenThrowIllegalArgumentException() {
 		new OAuth2LoginAuthenticationToken(this.clientRegistration, this.authorizationExchange, this.principal,
-			this.authorities, null);
+				this.authorities, null);
 	}
 
 	@Test
 	public void constructorTokenRequestResponseWhenAllParametersProvidedAndValidThenCreated() {
-		OAuth2LoginAuthenticationToken authentication = new OAuth2LoginAuthenticationToken(
-			this.clientRegistration, this.authorizationExchange, this.principal, this.authorities, this.accessToken);
+		OAuth2LoginAuthenticationToken authentication = new OAuth2LoginAuthenticationToken(this.clientRegistration,
+				this.authorizationExchange, this.principal, this.authorities, this.accessToken);
 
 		assertThat(authentication.getPrincipal()).isEqualTo(this.principal);
 		assertThat(authentication.getCredentials()).isEqualTo("");
@@ -129,4 +133,5 @@ public class OAuth2LoginAuthenticationTokenTests {
 		assertThat(authentication.getAccessToken()).isEqualTo(this.accessToken);
 		assertThat(authentication.isAuthenticated()).isEqualTo(true);
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginReactiveAuthenticationManagerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginReactiveAuthenticationManagerTests.java
index dd27077582..dbba4bbb0c 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginReactiveAuthenticationManagerTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginReactiveAuthenticationManagerTests.java
@@ -59,13 +59,13 @@ import org.springframework.security.oauth2.core.user.OAuth2User;
 
 import reactor.core.publisher.Mono;
 
-
 /**
  * @author Rob Winch
  * @since 5.1
  */
 @RunWith(MockitoJUnitRunner.class)
 public class OAuth2LoginReactiveAuthenticationManagerTests {
+
 	@Mock
 	private ReactiveOAuth2UserService<OAuth2UserRequest, OAuth2User> userService;
 
@@ -77,8 +77,7 @@ public class OAuth2LoginReactiveAuthenticationManagerTests {
 
 	private ClientRegistration.Builder registration = TestClientRegistrations.clientRegistration();
 
-	OAuth2AuthorizationResponse.Builder authorizationResponseBldr = OAuth2AuthorizationResponse
-			.success("code")
+	OAuth2AuthorizationResponse.Builder authorizationResponseBldr = OAuth2AuthorizationResponse.success("code")
 			.state("state");
 
 	private OAuth2LoginReactiveAuthenticationManager manager;
@@ -91,33 +90,33 @@ public class OAuth2LoginReactiveAuthenticationManagerTests {
 	@Test
 	public void constructorWhenNullAccessTokenResponseClientThenIllegalArgumentException() {
 		this.accessTokenResponseClient = null;
-		assertThatThrownBy(() -> new OAuth2LoginReactiveAuthenticationManager(this.accessTokenResponseClient, this.userService))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatThrownBy(
+				() -> new OAuth2LoginReactiveAuthenticationManager(this.accessTokenResponseClient, this.userService))
+						.isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
 	public void constructorWhenNullUserServiceThenIllegalArgumentException() {
 		this.userService = null;
-		assertThatThrownBy(() -> new OAuth2LoginReactiveAuthenticationManager(this.accessTokenResponseClient, this.userService))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatThrownBy(
+				() -> new OAuth2LoginReactiveAuthenticationManager(this.accessTokenResponseClient, this.userService))
+						.isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
 	public void setAuthoritiesMapperWhenAuthoritiesMapperIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.manager.setAuthoritiesMapper(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatThrownBy(() -> this.manager.setAuthoritiesMapper(null)).isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
 	public void authenticateWhenNoSubscriptionThenDoesNothing() {
-		// we didn't do anything because it should cause a ClassCastException (as verified below)
+		// we didn't do anything because it should cause a ClassCastException (as verified
+		// below)
 		TestingAuthenticationToken token = new TestingAuthenticationToken("a", "b");
 
-		assertThatCode(()-> this.manager.authenticate(token))
-			.doesNotThrowAnyException();
+		assertThatCode(() -> this.manager.authenticate(token)).doesNotThrowAnyException();
 
-		assertThatThrownBy(() -> this.manager.authenticate(token).block())
-			.isInstanceOf(Throwable.class);
+		assertThatThrownBy(() -> this.manager.authenticate(token).block()).isInstanceOf(Throwable.class);
 	}
 
 	@Test
@@ -129,9 +128,7 @@ public class OAuth2LoginReactiveAuthenticationManagerTests {
 
 	@Test
 	public void authenticationWhenErrorThenOAuth2AuthenticationException() {
-		this.authorizationResponseBldr = OAuth2AuthorizationResponse
-				.error("error")
-				.state("state");
+		this.authorizationResponseBldr = OAuth2AuthorizationResponse.error("error").state("state");
 		assertThatThrownBy(() -> this.manager.authenticate(loginToken()).block())
 				.isInstanceOf(OAuth2AuthenticationException.class);
 	}
@@ -146,8 +143,7 @@ public class OAuth2LoginReactiveAuthenticationManagerTests {
 	@Test
 	public void authenticationWhenOAuth2UserNotFoundThenEmpty() {
 		OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("foo")
-				.tokenType(OAuth2AccessToken.TokenType.BEARER)
-				.build();
+				.tokenType(OAuth2AccessToken.TokenType.BEARER).build();
 		when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(Mono.just(accessTokenResponse));
 		when(this.userService.loadUser(any())).thenReturn(Mono.empty());
 		assertThat(this.manager.authenticate(loginToken()).block()).isNull();
@@ -156,13 +152,14 @@ public class OAuth2LoginReactiveAuthenticationManagerTests {
 	@Test
 	public void authenticationWhenOAuth2UserFoundThenSuccess() {
 		OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("foo")
-				.tokenType(OAuth2AccessToken.TokenType.BEARER)
-				.build();
+				.tokenType(OAuth2AccessToken.TokenType.BEARER).build();
 		when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(Mono.just(accessTokenResponse));
-		DefaultOAuth2User user = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("ROLE_USER"), Collections.singletonMap("user", "rob"), "user");
+		DefaultOAuth2User user = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("ROLE_USER"),
+				Collections.singletonMap("user", "rob"), "user");
 		when(this.userService.loadUser(any())).thenReturn(Mono.just(user));
 
-		OAuth2LoginAuthenticationToken result = (OAuth2LoginAuthenticationToken) this.manager.authenticate(loginToken()).block();
+		OAuth2LoginAuthenticationToken result = (OAuth2LoginAuthenticationToken) this.manager.authenticate(loginToken())
+				.block();
 
 		assertThat(result.getPrincipal()).isEqualTo(user);
 		assertThat(result.getAuthorities()).containsOnlyElementsOf(user.getAuthorities());
@@ -176,11 +173,10 @@ public class OAuth2LoginReactiveAuthenticationManagerTests {
 		additionalParameters.put("param1", "value1");
 		additionalParameters.put("param2", "value2");
 		OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("foo")
-				.tokenType(OAuth2AccessToken.TokenType.BEARER)
-				.additionalParameters(additionalParameters)
-				.build();
+				.tokenType(OAuth2AccessToken.TokenType.BEARER).additionalParameters(additionalParameters).build();
 		when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(Mono.just(accessTokenResponse));
-		DefaultOAuth2User user = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("ROLE_USER"), Collections.singletonMap("user", "rob"), "user");
+		DefaultOAuth2User user = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("ROLE_USER"),
+				Collections.singletonMap("user", "rob"), "user");
 		ArgumentCaptor<OAuth2UserRequest> userRequestArgCaptor = ArgumentCaptor.forClass(OAuth2UserRequest.class);
 		when(this.userService.loadUser(userRequestArgCaptor.capture())).thenReturn(Mono.just(user));
 
@@ -193,36 +189,34 @@ public class OAuth2LoginReactiveAuthenticationManagerTests {
 	@Test
 	public void authenticateWhenAuthoritiesMapperSetThenReturnMappedAuthorities() {
 		OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("foo")
-				.tokenType(OAuth2AccessToken.TokenType.BEARER)
-				.build();
+				.tokenType(OAuth2AccessToken.TokenType.BEARER).build();
 		when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(Mono.just(accessTokenResponse));
-		DefaultOAuth2User user = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("ROLE_USER"), Collections.singletonMap("user", "rob"), "user");
+		DefaultOAuth2User user = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("ROLE_USER"),
+				Collections.singletonMap("user", "rob"), "user");
 		when(this.userService.loadUser(any())).thenReturn(Mono.just(user));
 		List<GrantedAuthority> mappedAuthorities = AuthorityUtils.createAuthorityList("ROLE_OAUTH_USER");
 		GrantedAuthoritiesMapper authoritiesMapper = mock(GrantedAuthoritiesMapper.class);
-		when(authoritiesMapper.mapAuthorities(anyCollection())).thenAnswer((Answer<List<GrantedAuthority>>) invocation -> mappedAuthorities);
+		when(authoritiesMapper.mapAuthorities(anyCollection()))
+				.thenAnswer((Answer<List<GrantedAuthority>>) invocation -> mappedAuthorities);
 		manager.setAuthoritiesMapper(authoritiesMapper);
 
-		OAuth2LoginAuthenticationToken result = (OAuth2LoginAuthenticationToken) this.manager.authenticate(loginToken()).block();
+		OAuth2LoginAuthenticationToken result = (OAuth2LoginAuthenticationToken) this.manager.authenticate(loginToken())
+				.block();
 
 		assertThat(result.getAuthorities()).isEqualTo(mappedAuthorities);
 	}
 
 	private OAuth2AuthorizationCodeAuthenticationToken loginToken() {
 		ClientRegistration clientRegistration = this.registration.build();
-		OAuth2AuthorizationRequest authorizationRequest = OAuth2AuthorizationRequest
-				.authorizationCode()
-				.state("state")
+		OAuth2AuthorizationRequest authorizationRequest = OAuth2AuthorizationRequest.authorizationCode().state("state")
 				.clientId(clientRegistration.getClientId())
 				.authorizationUri(clientRegistration.getProviderDetails().getAuthorizationUri())
-				.redirectUri(clientRegistration.getRedirectUri())
-				.scopes(clientRegistration.getScopes())
-				.build();
+				.redirectUri(clientRegistration.getRedirectUri()).scopes(clientRegistration.getScopes()).build();
 		OAuth2AuthorizationResponse authorizationResponse = this.authorizationResponseBldr
-				.redirectUri(clientRegistration.getRedirectUri())
-				.build();
+				.redirectUri(clientRegistration.getRedirectUri()).build();
 		OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(authorizationRequest,
 				authorizationResponse);
 		return new OAuth2AuthorizationCodeAuthenticationToken(clientRegistration, authorizationExchange);
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/TestOAuth2AuthenticationTokens.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/TestOAuth2AuthenticationTokens.java
index e3b3815287..ead6b2d65d 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/TestOAuth2AuthenticationTokens.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/TestOAuth2AuthenticationTokens.java
@@ -38,4 +38,5 @@ public class TestOAuth2AuthenticationTokens {
 		String registrationId = "registration-id";
 		return new OAuth2AuthenticationToken(principal, principal.getAuthorities(), registrationId);
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/TestOAuth2AuthorizationCodeAuthenticationTokens.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/TestOAuth2AuthorizationCodeAuthenticationTokens.java
index a17ec5008f..5951b62808 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/TestOAuth2AuthorizationCodeAuthenticationTokens.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/TestOAuth2AuthorizationCodeAuthenticationTokens.java
@@ -44,4 +44,5 @@ public class TestOAuth2AuthorizationCodeAuthenticationTokens {
 		OAuth2RefreshToken refreshToken = TestOAuth2RefreshTokens.refreshToken();
 		return new OAuth2AuthorizationCodeAuthenticationToken(registration, exchange, accessToken, refreshToken);
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultAuthorizationCodeTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultAuthorizationCodeTokenResponseClientTests.java
index 2ac1750edb..24793c06f6 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultAuthorizationCodeTokenResponseClientTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultAuthorizationCodeTokenResponseClientTests.java
@@ -46,9 +46,11 @@ import static org.assertj.core.api.Assertions.assertThatThrownBy;
  * @author Joe Grandja
  */
 public class DefaultAuthorizationCodeTokenResponseClientTests {
-	private DefaultAuthorizationCodeTokenResponseClient tokenResponseClient =
-			new DefaultAuthorizationCodeTokenResponseClient();
+
+	private DefaultAuthorizationCodeTokenResponseClient tokenResponseClient = new DefaultAuthorizationCodeTokenResponseClient();
+
 	private ClientRegistration clientRegistration;
+
 	private MockWebServer server;
 
 	@Before
@@ -56,19 +58,12 @@ public class DefaultAuthorizationCodeTokenResponseClientTests {
 		this.server = new MockWebServer();
 		this.server.start();
 		String tokenUri = this.server.url("/oauth2/token").toString();
-		this.clientRegistration = ClientRegistration.withRegistrationId("registration-1")
-				.clientId("client-1")
-				.clientSecret("secret")
-				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
+		this.clientRegistration = ClientRegistration.withRegistrationId("registration-1").clientId("client-1")
+				.clientSecret("secret").clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
 				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
-				.redirectUri("https://client.com/callback/client-1")
-				.scope("read", "write")
-				.authorizationUri("https://provider.com/oauth2/authorize")
-				.tokenUri(tokenUri)
-				.userInfoUri("https://provider.com/user")
-				.userNameAttributeName("id")
-				.clientName("client-1")
-				.build();
+				.redirectUri("https://client.com/callback/client-1").scope("read", "write")
+				.authorizationUri("https://provider.com/oauth2/authorize").tokenUri(tokenUri)
+				.userInfoUri("https://provider.com/user").userNameAttributeName("id").clientName("client-1").build();
 	}
 
 	@After
@@ -96,28 +91,25 @@ public class DefaultAuthorizationCodeTokenResponseClientTests {
 
 	@Test
 	public void getTokenResponseWhenSuccessResponseThenReturnAccessTokenResponse() throws Exception {
-		String accessTokenSuccessResponse = "{\n" +
-				"	\"access_token\": \"access-token-1234\",\n" +
-				"   \"token_type\": \"bearer\",\n" +
-				"   \"expires_in\": \"3600\",\n" +
-				"   \"scope\": \"read write\",\n" +
-				"   \"refresh_token\": \"refresh-token-1234\",\n" +
-				"   \"custom_parameter_1\": \"custom-value-1\",\n" +
-				"   \"custom_parameter_2\": \"custom-value-2\"\n" +
-				"}\n";
+		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
+				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\",\n"
+				+ "   \"scope\": \"read write\",\n" + "   \"refresh_token\": \"refresh-token-1234\",\n"
+				+ "   \"custom_parameter_1\": \"custom-value-1\",\n" + "   \"custom_parameter_2\": \"custom-value-2\"\n"
+				+ "}\n";
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
 
 		Instant expiresAtBefore = Instant.now().plusSeconds(3600);
 
-		OAuth2AccessTokenResponse accessTokenResponse =
-				this.tokenResponseClient.getTokenResponse(this.authorizationCodeGrantRequest());
+		OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient
+				.getTokenResponse(this.authorizationCodeGrantRequest());
 
 		Instant expiresAtAfter = Instant.now().plusSeconds(3600);
 
 		RecordedRequest recordedRequest = this.server.takeRequest();
 		assertThat(recordedRequest.getMethod()).isEqualTo(HttpMethod.POST.toString());
 		assertThat(recordedRequest.getHeader(HttpHeaders.ACCEPT)).isEqualTo(MediaType.APPLICATION_JSON_UTF8_VALUE);
-		assertThat(recordedRequest.getHeader(HttpHeaders.CONTENT_TYPE)).isEqualTo(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8");
+		assertThat(recordedRequest.getHeader(HttpHeaders.CONTENT_TYPE))
+				.isEqualTo(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8");
 
 		String formParameters = recordedRequest.getBody().readUtf8();
 		assertThat(formParameters).contains("grant_type=authorization_code");
@@ -136,11 +128,8 @@ public class DefaultAuthorizationCodeTokenResponseClientTests {
 
 	@Test
 	public void getTokenResponseWhenClientAuthenticationBasicThenAuthorizationHeaderIsSent() throws Exception {
-		String accessTokenSuccessResponse = "{\n" +
-				"	\"access_token\": \"access-token-1234\",\n" +
-				"   \"token_type\": \"bearer\",\n" +
-				"   \"expires_in\": \"3600\"\n" +
-				"}\n";
+		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
+				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
 
 		this.tokenResponseClient.getTokenResponse(this.authorizationCodeGrantRequest());
@@ -151,16 +140,12 @@ public class DefaultAuthorizationCodeTokenResponseClientTests {
 
 	@Test
 	public void getTokenResponseWhenClientAuthenticationPostThenFormParametersAreSent() throws Exception {
-		String accessTokenSuccessResponse = "{\n" +
-				"	\"access_token\": \"access-token-1234\",\n" +
-				"   \"token_type\": \"bearer\",\n" +
-				"   \"expires_in\": \"3600\"\n" +
-				"}\n";
+		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
+				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
 
 		ClientRegistration clientRegistration = this.from(this.clientRegistration)
-				.clientAuthenticationMethod(ClientAuthenticationMethod.POST)
-				.build();
+				.clientAuthenticationMethod(ClientAuthenticationMethod.POST).build();
 
 		this.tokenResponseClient.getTokenResponse(this.authorizationCodeGrantRequest(clientRegistration));
 
@@ -174,61 +159,51 @@ public class DefaultAuthorizationCodeTokenResponseClientTests {
 
 	@Test
 	public void getTokenResponseWhenSuccessResponseAndNotBearerTokenTypeThenThrowOAuth2AuthorizationException() {
-		String accessTokenSuccessResponse = "{\n" +
-				"	\"access_token\": \"access-token-1234\",\n" +
-				"   \"token_type\": \"not-bearer\",\n" +
-				"   \"expires_in\": \"3600\"\n" +
-				"}\n";
+		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
+				+ "   \"token_type\": \"not-bearer\",\n" + "   \"expires_in\": \"3600\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
 
 		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(this.authorizationCodeGrantRequest()))
 				.isInstanceOf(OAuth2AuthorizationException.class)
-				.hasMessageContaining("[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response")
+				.hasMessageContaining(
+						"[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response")
 				.hasMessageContaining("tokenType cannot be null");
 	}
 
 	@Test
 	public void getTokenResponseWhenSuccessResponseAndMissingTokenTypeParameterThenThrowOAuth2AuthorizationException() {
-		String accessTokenSuccessResponse = "{\n" +
-				"	\"access_token\": \"access-token-1234\"\n" +
-				"}\n";
+		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
 
 		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(this.authorizationCodeGrantRequest()))
 				.isInstanceOf(OAuth2AuthorizationException.class)
-				.hasMessageContaining("[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response")
+				.hasMessageContaining(
+						"[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response")
 				.hasMessageContaining("tokenType cannot be null");
 	}
 
 	@Test
 	public void getTokenResponseWhenSuccessResponseIncludesScopeThenAccessTokenHasResponseScope() {
-		String accessTokenSuccessResponse = "{\n" +
-				"	\"access_token\": \"access-token-1234\",\n" +
-				"   \"token_type\": \"bearer\",\n" +
-				"   \"expires_in\": \"3600\",\n" +
-				"   \"refresh_token\": \"refresh-token-1234\",\n" +
-				"   \"scope\": \"read\"\n" +
-				"}\n";
+		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
+				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\",\n"
+				+ "   \"refresh_token\": \"refresh-token-1234\",\n" + "   \"scope\": \"read\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
 
-		OAuth2AccessTokenResponse accessTokenResponse =
-				this.tokenResponseClient.getTokenResponse(this.authorizationCodeGrantRequest());
+		OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient
+				.getTokenResponse(this.authorizationCodeGrantRequest());
 
 		assertThat(accessTokenResponse.getAccessToken().getScopes()).containsExactly("read");
 	}
 
 	@Test
 	public void getTokenResponseWhenSuccessResponseDoesNotIncludeScopeThenAccessTokenHasDefaultScope() {
-		String accessTokenSuccessResponse = "{\n" +
-				"	\"access_token\": \"access-token-1234\",\n" +
-				"   \"token_type\": \"bearer\",\n" +
-				"   \"expires_in\": \"3600\",\n" +
-				"   \"refresh_token\": \"refresh-token-1234\"\n" +
-				"}\n";
+		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
+				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\",\n"
+				+ "   \"refresh_token\": \"refresh-token-1234\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
 
-		OAuth2AccessTokenResponse accessTokenResponse =
-				this.tokenResponseClient.getTokenResponse(this.authorizationCodeGrantRequest());
+		OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient
+				.getTokenResponse(this.authorizationCodeGrantRequest());
 
 		assertThat(accessTokenResponse.getAccessToken().getScopes()).containsExactly("read", "write");
 	}
@@ -236,43 +211,35 @@ public class DefaultAuthorizationCodeTokenResponseClientTests {
 	@Test
 	public void getTokenResponseWhenTokenUriInvalidThenThrowOAuth2AuthorizationException() {
 		String invalidTokenUri = "https://invalid-provider.com/oauth2/token";
-		ClientRegistration clientRegistration = this.from(this.clientRegistration)
-				.tokenUri(invalidTokenUri)
-				.build();
+		ClientRegistration clientRegistration = this.from(this.clientRegistration).tokenUri(invalidTokenUri).build();
 
-		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(this.authorizationCodeGrantRequest(clientRegistration)))
-				.isInstanceOf(OAuth2AuthorizationException.class)
-				.hasMessageContaining("[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response");
+		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(this.authorizationCodeGrantRequest(
+				clientRegistration))).isInstanceOf(OAuth2AuthorizationException.class).hasMessageContaining(
+						"[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response");
 	}
 
 	@Test
 	public void getTokenResponseWhenMalformedResponseThenThrowOAuth2AuthorizationException() {
-		String accessTokenSuccessResponse = "{\n" +
-				"	\"access_token\": \"access-token-1234\",\n" +
-				"   \"token_type\": \"bearer\",\n" +
-				"   \"expires_in\": \"3600\",\n" +
-				"   \"scope\": \"read write\",\n" +
-				"   \"refresh_token\": \"refresh-token-1234\",\n" +
-				"   \"custom_parameter_1\": \"custom-value-1\",\n" +
-				"   \"custom_parameter_2\": \"custom-value-2\"\n";
-//			"}\n";		// Make the JSON invalid/malformed
+		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
+				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\",\n"
+				+ "   \"scope\": \"read write\",\n" + "   \"refresh_token\": \"refresh-token-1234\",\n"
+				+ "   \"custom_parameter_1\": \"custom-value-1\",\n"
+				+ "   \"custom_parameter_2\": \"custom-value-2\"\n";
+		// "}\n"; // Make the JSON invalid/malformed
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
 
 		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(this.authorizationCodeGrantRequest()))
-				.isInstanceOf(OAuth2AuthorizationException.class)
-				.hasMessageContaining("[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response");
+				.isInstanceOf(OAuth2AuthorizationException.class).hasMessageContaining(
+						"[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response");
 	}
 
 	@Test
 	public void getTokenResponseWhenErrorResponseThenThrowOAuth2AuthorizationException() {
-		String accessTokenErrorResponse = "{\n" +
-				"   \"error\": \"unauthorized_client\"\n" +
-				"}\n";
+		String accessTokenErrorResponse = "{\n" + "   \"error\": \"unauthorized_client\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(accessTokenErrorResponse).setResponseCode(400));
 
 		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(this.authorizationCodeGrantRequest()))
-				.isInstanceOf(OAuth2AuthorizationException.class)
-				.hasMessageContaining("[unauthorized_client]");
+				.isInstanceOf(OAuth2AuthorizationException.class).hasMessageContaining("[unauthorized_client]");
 	}
 
 	@Test
@@ -280,52 +247,42 @@ public class DefaultAuthorizationCodeTokenResponseClientTests {
 		this.server.enqueue(new MockResponse().setResponseCode(500));
 
 		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(this.authorizationCodeGrantRequest()))
-				.isInstanceOf(OAuth2AuthorizationException.class)
-				.hasMessageContaining("[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response");
+				.isInstanceOf(OAuth2AuthorizationException.class).hasMessageContaining(
+						"[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response");
 	}
 
 	private OAuth2AuthorizationCodeGrantRequest authorizationCodeGrantRequest() {
 		return this.authorizationCodeGrantRequest(this.clientRegistration);
 	}
 
-	private OAuth2AuthorizationCodeGrantRequest authorizationCodeGrantRequest(
-			ClientRegistration clientRegistration) {
-		OAuth2AuthorizationRequest authorizationRequest = OAuth2AuthorizationRequest
-				.authorizationCode()
-				.clientId(clientRegistration.getClientId())
-				.state("state-1234")
+	private OAuth2AuthorizationCodeGrantRequest authorizationCodeGrantRequest(ClientRegistration clientRegistration) {
+		OAuth2AuthorizationRequest authorizationRequest = OAuth2AuthorizationRequest.authorizationCode()
+				.clientId(clientRegistration.getClientId()).state("state-1234")
 				.authorizationUri(clientRegistration.getProviderDetails().getAuthorizationUri())
-				.redirectUri(clientRegistration.getRedirectUri())
-				.scopes(clientRegistration.getScopes())
-				.build();
-		OAuth2AuthorizationResponse authorizationResponse = OAuth2AuthorizationResponse
-				.success("code-1234")
-				.state("state-1234")
-				.redirectUri(clientRegistration.getRedirectUri())
-				.build();
-		OAuth2AuthorizationExchange authorizationExchange =
-				new OAuth2AuthorizationExchange(authorizationRequest, authorizationResponse);
+				.redirectUri(clientRegistration.getRedirectUri()).scopes(clientRegistration.getScopes()).build();
+		OAuth2AuthorizationResponse authorizationResponse = OAuth2AuthorizationResponse.success("code-1234")
+				.state("state-1234").redirectUri(clientRegistration.getRedirectUri()).build();
+		OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(authorizationRequest,
+				authorizationResponse);
 		return new OAuth2AuthorizationCodeGrantRequest(clientRegistration, authorizationExchange);
 	}
 
 	private MockResponse jsonResponse(String json) {
-		return new MockResponse()
-				.setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE)
-				.setBody(json);
+		return new MockResponse().setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE).setBody(json);
 	}
 
 	private ClientRegistration.Builder from(ClientRegistration registration) {
 		return ClientRegistration.withRegistrationId(registration.getRegistrationId())
-				.clientId(registration.getClientId())
-				.clientSecret(registration.getClientSecret())
+				.clientId(registration.getClientId()).clientSecret(registration.getClientSecret())
 				.clientAuthenticationMethod(registration.getClientAuthenticationMethod())
 				.authorizationGrantType(registration.getAuthorizationGrantType())
-				.redirectUri(registration.getRedirectUri())
-				.scope(registration.getScopes())
+				.redirectUri(registration.getRedirectUri()).scope(registration.getScopes())
 				.authorizationUri(registration.getProviderDetails().getAuthorizationUri())
 				.tokenUri(registration.getProviderDetails().getTokenUri())
 				.userInfoUri(registration.getProviderDetails().getUserInfoEndpoint().getUri())
-				.userNameAttributeName(registration.getProviderDetails().getUserInfoEndpoint().getUserNameAttributeName())
+				.userNameAttributeName(
+						registration.getProviderDetails().getUserInfoEndpoint().getUserNameAttributeName())
 				.clientName(registration.getClientName());
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultClientCredentialsTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultClientCredentialsTokenResponseClientTests.java
index b24de2720b..345a4aeb35 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultClientCredentialsTokenResponseClientTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultClientCredentialsTokenResponseClientTests.java
@@ -43,8 +43,11 @@ import static org.assertj.core.api.Assertions.assertThatThrownBy;
  * @author Joe Grandja
  */
 public class DefaultClientCredentialsTokenResponseClientTests {
+
 	private DefaultClientCredentialsTokenResponseClient tokenResponseClient = new DefaultClientCredentialsTokenResponseClient();
+
 	private ClientRegistration clientRegistration;
+
 	private MockWebServer server;
 
 	@Before
@@ -52,14 +55,10 @@ public class DefaultClientCredentialsTokenResponseClientTests {
 		this.server = new MockWebServer();
 		this.server.start();
 		String tokenUri = this.server.url("/oauth2/token").toString();
-		this.clientRegistration = ClientRegistration.withRegistrationId("registration-1")
-				.clientId("client-1")
-				.clientSecret("secret")
-				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
-				.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS)
-				.scope("read", "write")
-				.tokenUri(tokenUri)
-				.build();
+		this.clientRegistration = ClientRegistration.withRegistrationId("registration-1").clientId("client-1")
+				.clientSecret("secret").clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
+				.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS).scope("read", "write")
+				.tokenUri(tokenUri).build();
 	}
 
 	@After
@@ -87,29 +86,27 @@ public class DefaultClientCredentialsTokenResponseClientTests {
 
 	@Test
 	public void getTokenResponseWhenSuccessResponseThenReturnAccessTokenResponse() throws Exception {
-		String accessTokenSuccessResponse = "{\n" +
-				"	\"access_token\": \"access-token-1234\",\n" +
-				"   \"token_type\": \"bearer\",\n" +
-				"   \"expires_in\": \"3600\",\n" +
-				"   \"scope\": \"read write\",\n" +
-				"   \"custom_parameter_1\": \"custom-value-1\",\n" +
-				"   \"custom_parameter_2\": \"custom-value-2\"\n" +
-				"}\n";
+		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
+				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\",\n"
+				+ "   \"scope\": \"read write\",\n" + "   \"custom_parameter_1\": \"custom-value-1\",\n"
+				+ "   \"custom_parameter_2\": \"custom-value-2\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
 
 		Instant expiresAtBefore = Instant.now().plusSeconds(3600);
 
-		OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest =
-				new OAuth2ClientCredentialsGrantRequest(this.clientRegistration);
+		OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest = new OAuth2ClientCredentialsGrantRequest(
+				this.clientRegistration);
 
-		OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient.getTokenResponse(clientCredentialsGrantRequest);
+		OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient
+				.getTokenResponse(clientCredentialsGrantRequest);
 
 		Instant expiresAtAfter = Instant.now().plusSeconds(3600);
 
 		RecordedRequest recordedRequest = this.server.takeRequest();
 		assertThat(recordedRequest.getMethod()).isEqualTo(HttpMethod.POST.toString());
 		assertThat(recordedRequest.getHeader(HttpHeaders.ACCEPT)).isEqualTo(MediaType.APPLICATION_JSON_UTF8_VALUE);
-		assertThat(recordedRequest.getHeader(HttpHeaders.CONTENT_TYPE)).isEqualTo(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8");
+		assertThat(recordedRequest.getHeader(HttpHeaders.CONTENT_TYPE))
+				.isEqualTo(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8");
 
 		String formParameters = recordedRequest.getBody().readUtf8();
 		assertThat(formParameters).contains("grant_type=client_credentials");
@@ -127,15 +124,12 @@ public class DefaultClientCredentialsTokenResponseClientTests {
 
 	@Test
 	public void getTokenResponseWhenClientAuthenticationBasicThenAuthorizationHeaderIsSent() throws Exception {
-		String accessTokenSuccessResponse = "{\n" +
-				"	\"access_token\": \"access-token-1234\",\n" +
-				"   \"token_type\": \"bearer\",\n" +
-				"   \"expires_in\": \"3600\"\n" +
-				"}\n";
+		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
+				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
 
-		OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest =
-				new OAuth2ClientCredentialsGrantRequest(this.clientRegistration);
+		OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest = new OAuth2ClientCredentialsGrantRequest(
+				this.clientRegistration);
 
 		this.tokenResponseClient.getTokenResponse(clientCredentialsGrantRequest);
 
@@ -145,19 +139,15 @@ public class DefaultClientCredentialsTokenResponseClientTests {
 
 	@Test
 	public void getTokenResponseWhenClientAuthenticationPostThenFormParametersAreSent() throws Exception {
-		String accessTokenSuccessResponse = "{\n" +
-				"	\"access_token\": \"access-token-1234\",\n" +
-				"   \"token_type\": \"bearer\",\n" +
-				"   \"expires_in\": \"3600\"\n" +
-				"}\n";
+		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
+				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
 
 		ClientRegistration clientRegistration = this.from(this.clientRegistration)
-				.clientAuthenticationMethod(ClientAuthenticationMethod.POST)
-				.build();
+				.clientAuthenticationMethod(ClientAuthenticationMethod.POST).build();
 
-		OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest =
-				new OAuth2ClientCredentialsGrantRequest(clientRegistration);
+		OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest = new OAuth2ClientCredentialsGrantRequest(
+				clientRegistration);
 
 		this.tokenResponseClient.getTokenResponse(clientCredentialsGrantRequest);
 
@@ -171,69 +161,62 @@ public class DefaultClientCredentialsTokenResponseClientTests {
 
 	@Test
 	public void getTokenResponseWhenSuccessResponseAndNotBearerTokenTypeThenThrowOAuth2AuthorizationException() {
-		String accessTokenSuccessResponse = "{\n" +
-				"	\"access_token\": \"access-token-1234\",\n" +
-				"   \"token_type\": \"not-bearer\",\n" +
-				"   \"expires_in\": \"3600\"\n" +
-				"}\n";
+		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
+				+ "   \"token_type\": \"not-bearer\",\n" + "   \"expires_in\": \"3600\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
 
-		OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest =
-				new OAuth2ClientCredentialsGrantRequest(this.clientRegistration);
+		OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest = new OAuth2ClientCredentialsGrantRequest(
+				this.clientRegistration);
 
 		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(clientCredentialsGrantRequest))
 				.isInstanceOf(OAuth2AuthorizationException.class)
-				.hasMessageContaining("[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response")
+				.hasMessageContaining(
+						"[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response")
 				.hasMessageContaining("tokenType cannot be null");
 	}
 
 	@Test
 	public void getTokenResponseWhenSuccessResponseAndMissingTokenTypeParameterThenThrowOAuth2AuthorizationException() {
-		String accessTokenSuccessResponse = "{\n" +
-				"	\"access_token\": \"access-token-1234\"\n" +
-				"}\n";
+		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
 
-		OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest =
-				new OAuth2ClientCredentialsGrantRequest(this.clientRegistration);
+		OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest = new OAuth2ClientCredentialsGrantRequest(
+				this.clientRegistration);
 
 		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(clientCredentialsGrantRequest))
 				.isInstanceOf(OAuth2AuthorizationException.class)
-				.hasMessageContaining("[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response")
+				.hasMessageContaining(
+						"[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response")
 				.hasMessageContaining("tokenType cannot be null");
 	}
 
 	@Test
 	public void getTokenResponseWhenSuccessResponseIncludesScopeThenAccessTokenHasResponseScope() {
-		String accessTokenSuccessResponse = "{\n" +
-				"	\"access_token\": \"access-token-1234\",\n" +
-				"   \"token_type\": \"bearer\",\n" +
-				"   \"expires_in\": \"3600\",\n" +
-				"   \"scope\": \"read\"\n" +
-				"}\n";
+		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
+				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\",\n" + "   \"scope\": \"read\"\n"
+				+ "}\n";
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
 
-		OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest =
-				new OAuth2ClientCredentialsGrantRequest(this.clientRegistration);
+		OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest = new OAuth2ClientCredentialsGrantRequest(
+				this.clientRegistration);
 
-		OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient.getTokenResponse(clientCredentialsGrantRequest);
+		OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient
+				.getTokenResponse(clientCredentialsGrantRequest);
 
 		assertThat(accessTokenResponse.getAccessToken().getScopes()).containsExactly("read");
 	}
 
 	@Test
 	public void getTokenResponseWhenSuccessResponseDoesNotIncludeScopeThenAccessTokenHasDefaultScope() {
-		String accessTokenSuccessResponse = "{\n" +
-				"	\"access_token\": \"access-token-1234\",\n" +
-				"   \"token_type\": \"bearer\",\n" +
-				"   \"expires_in\": \"3600\"\n" +
-				"}\n";
+		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
+				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
 
-		OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest =
-				new OAuth2ClientCredentialsGrantRequest(this.clientRegistration);
+		OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest = new OAuth2ClientCredentialsGrantRequest(
+				this.clientRegistration);
 
-		OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient.getTokenResponse(clientCredentialsGrantRequest);
+		OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient
+				.getTokenResponse(clientCredentialsGrantRequest);
 
 		assertThat(accessTokenResponse.getAccessToken().getScopes()).containsExactly("read", "write");
 	}
@@ -241,78 +224,67 @@ public class DefaultClientCredentialsTokenResponseClientTests {
 	@Test
 	public void getTokenResponseWhenTokenUriInvalidThenThrowOAuth2AuthorizationException() {
 		String invalidTokenUri = "https://invalid-provider.com/oauth2/token";
-		ClientRegistration clientRegistration = this.from(this.clientRegistration)
-				.tokenUri(invalidTokenUri)
-				.build();
+		ClientRegistration clientRegistration = this.from(this.clientRegistration).tokenUri(invalidTokenUri).build();
 
-		OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest =
-				new OAuth2ClientCredentialsGrantRequest(clientRegistration);
+		OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest = new OAuth2ClientCredentialsGrantRequest(
+				clientRegistration);
 
 		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(clientCredentialsGrantRequest))
-				.isInstanceOf(OAuth2AuthorizationException.class)
-				.hasMessageContaining("[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response");
+				.isInstanceOf(OAuth2AuthorizationException.class).hasMessageContaining(
+						"[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response");
 	}
 
 	@Test
 	public void getTokenResponseWhenMalformedResponseThenThrowOAuth2AuthorizationException() {
-		String accessTokenSuccessResponse = "{\n" +
-				"	\"access_token\": \"access-token-1234\",\n" +
-				"   \"token_type\": \"bearer\",\n" +
-				"   \"expires_in\": \"3600\",\n" +
-				"   \"scope\": \"read write\",\n" +
-				"   \"custom_parameter_1\": \"custom-value-1\",\n" +
-				"   \"custom_parameter_2\": \"custom-value-2\"\n";
-//			"}\n";		// Make the JSON invalid/malformed
+		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
+				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\",\n"
+				+ "   \"scope\": \"read write\",\n" + "   \"custom_parameter_1\": \"custom-value-1\",\n"
+				+ "   \"custom_parameter_2\": \"custom-value-2\"\n";
+		// "}\n"; // Make the JSON invalid/malformed
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
 
-		OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest =
-				new OAuth2ClientCredentialsGrantRequest(this.clientRegistration);
+		OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest = new OAuth2ClientCredentialsGrantRequest(
+				this.clientRegistration);
 
 		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(clientCredentialsGrantRequest))
-				.isInstanceOf(OAuth2AuthorizationException.class)
-				.hasMessageContaining("[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response");
+				.isInstanceOf(OAuth2AuthorizationException.class).hasMessageContaining(
+						"[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response");
 	}
 
 	@Test
 	public void getTokenResponseWhenErrorResponseThenThrowOAuth2AuthorizationException() {
-		String accessTokenErrorResponse = "{\n" +
-				"   \"error\": \"unauthorized_client\"\n" +
-				"}\n";
+		String accessTokenErrorResponse = "{\n" + "   \"error\": \"unauthorized_client\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(accessTokenErrorResponse).setResponseCode(400));
 
-		OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest =
-				new OAuth2ClientCredentialsGrantRequest(this.clientRegistration);
+		OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest = new OAuth2ClientCredentialsGrantRequest(
+				this.clientRegistration);
 
 		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(clientCredentialsGrantRequest))
-				.isInstanceOf(OAuth2AuthorizationException.class)
-				.hasMessageContaining("[unauthorized_client]");
+				.isInstanceOf(OAuth2AuthorizationException.class).hasMessageContaining("[unauthorized_client]");
 	}
 
 	@Test
 	public void getTokenResponseWhenServerErrorResponseThenThrowOAuth2AuthorizationException() {
 		this.server.enqueue(new MockResponse().setResponseCode(500));
 
-		OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest =
-				new OAuth2ClientCredentialsGrantRequest(this.clientRegistration);
+		OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest = new OAuth2ClientCredentialsGrantRequest(
+				this.clientRegistration);
 
 		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(clientCredentialsGrantRequest))
-				.isInstanceOf(OAuth2AuthorizationException.class)
-				.hasMessageContaining("[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response");
+				.isInstanceOf(OAuth2AuthorizationException.class).hasMessageContaining(
+						"[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response");
 	}
 
 	private MockResponse jsonResponse(String json) {
-		return new MockResponse()
-				.setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE)
-				.setBody(json);
+		return new MockResponse().setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE).setBody(json);
 	}
 
 	private ClientRegistration.Builder from(ClientRegistration registration) {
 		return ClientRegistration.withRegistrationId(registration.getRegistrationId())
-				.clientId(registration.getClientId())
-				.clientSecret(registration.getClientSecret())
+				.clientId(registration.getClientId()).clientSecret(registration.getClientSecret())
 				.clientAuthenticationMethod(registration.getClientAuthenticationMethod())
-				.authorizationGrantType(registration.getAuthorizationGrantType())
-				.scope(registration.getScopes())
+				.authorizationGrantType(registration.getAuthorizationGrantType()).scope(registration.getScopes())
 				.tokenUri(registration.getProviderDetails().getTokenUri());
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultPasswordTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultPasswordTokenResponseClientTests.java
index 6390ae3959..0e52a574cd 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultPasswordTokenResponseClientTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultPasswordTokenResponseClientTests.java
@@ -44,10 +44,15 @@ import static org.assertj.core.api.Assertions.assertThatThrownBy;
  * @author Joe Grandja
  */
 public class DefaultPasswordTokenResponseClientTests {
+
 	private DefaultPasswordTokenResponseClient tokenResponseClient = new DefaultPasswordTokenResponseClient();
+
 	private ClientRegistration.Builder clientRegistrationBuilder;
+
 	private String username = "user1";
+
 	private String password = "password";
+
 	private MockWebServer server;
 
 	@Before
@@ -56,9 +61,7 @@ public class DefaultPasswordTokenResponseClientTests {
 		this.server.start();
 		String tokenUri = this.server.url("/oauth2/token").toString();
 		this.clientRegistrationBuilder = TestClientRegistrations.clientRegistration()
-				.authorizationGrantType(AuthorizationGrantType.PASSWORD)
-				.scope("read", "write")
-				.tokenUri(tokenUri);
+				.authorizationGrantType(AuthorizationGrantType.PASSWORD).scope("read", "write").tokenUri(tokenUri);
 	}
 
 	@After
@@ -86,18 +89,15 @@ public class DefaultPasswordTokenResponseClientTests {
 
 	@Test
 	public void getTokenResponseWhenSuccessResponseThenReturnAccessTokenResponse() throws Exception {
-		String accessTokenSuccessResponse = "{\n" +
-				"	\"access_token\": \"access-token-1234\",\n" +
-				"   \"token_type\": \"bearer\",\n" +
-				"   \"expires_in\": \"3600\"\n" +
-				"}\n";
+		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
+				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
 
 		Instant expiresAtBefore = Instant.now().plusSeconds(3600);
 
 		ClientRegistration clientRegistration = this.clientRegistrationBuilder.build();
-		OAuth2PasswordGrantRequest passwordGrantRequest = new OAuth2PasswordGrantRequest(
-				clientRegistration, this.username, this.password);
+		OAuth2PasswordGrantRequest passwordGrantRequest = new OAuth2PasswordGrantRequest(clientRegistration,
+				this.username, this.password);
 
 		OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient.getTokenResponse(passwordGrantRequest);
 
@@ -106,7 +106,8 @@ public class DefaultPasswordTokenResponseClientTests {
 		RecordedRequest recordedRequest = this.server.takeRequest();
 		assertThat(recordedRequest.getMethod()).isEqualTo(HttpMethod.POST.toString());
 		assertThat(recordedRequest.getHeader(HttpHeaders.ACCEPT)).isEqualTo(MediaType.APPLICATION_JSON_UTF8_VALUE);
-		assertThat(recordedRequest.getHeader(HttpHeaders.CONTENT_TYPE)).isEqualTo(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8");
+		assertThat(recordedRequest.getHeader(HttpHeaders.CONTENT_TYPE))
+				.isEqualTo(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8");
 
 		String formParameters = recordedRequest.getBody().readUtf8();
 		assertThat(formParameters).contains("grant_type=password");
@@ -117,24 +118,21 @@ public class DefaultPasswordTokenResponseClientTests {
 		assertThat(accessTokenResponse.getAccessToken().getTokenValue()).isEqualTo("access-token-1234");
 		assertThat(accessTokenResponse.getAccessToken().getTokenType()).isEqualTo(OAuth2AccessToken.TokenType.BEARER);
 		assertThat(accessTokenResponse.getAccessToken().getExpiresAt()).isBetween(expiresAtBefore, expiresAtAfter);
-		assertThat(accessTokenResponse.getAccessToken().getScopes()).containsExactly(clientRegistration.getScopes().toArray(new String[0]));
+		assertThat(accessTokenResponse.getAccessToken().getScopes())
+				.containsExactly(clientRegistration.getScopes().toArray(new String[0]));
 		assertThat(accessTokenResponse.getRefreshToken()).isNull();
 	}
 
 	@Test
 	public void getTokenResponseWhenClientAuthenticationPostThenFormParametersAreSent() throws Exception {
-		String accessTokenSuccessResponse = "{\n" +
-				"	\"access_token\": \"access-token-1234\",\n" +
-				"   \"token_type\": \"bearer\",\n" +
-				"   \"expires_in\": \"3600\"\n" +
-				"}\n";
+		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
+				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
 
 		ClientRegistration clientRegistration = this.clientRegistrationBuilder
-				.clientAuthenticationMethod(ClientAuthenticationMethod.POST)
-				.build();
-		OAuth2PasswordGrantRequest passwordGrantRequest = new OAuth2PasswordGrantRequest(
-				clientRegistration, this.username, this.password);
+				.clientAuthenticationMethod(ClientAuthenticationMethod.POST).build();
+		OAuth2PasswordGrantRequest passwordGrantRequest = new OAuth2PasswordGrantRequest(clientRegistration,
+				this.username, this.password);
 
 		this.tokenResponseClient.getTokenResponse(passwordGrantRequest);
 
@@ -148,11 +146,8 @@ public class DefaultPasswordTokenResponseClientTests {
 
 	@Test
 	public void getTokenResponseWhenSuccessResponseAndNotBearerTokenTypeThenThrowOAuth2AuthorizationException() {
-		String accessTokenSuccessResponse = "{\n" +
-				"	\"access_token\": \"access-token-1234\",\n" +
-				"   \"token_type\": \"not-bearer\",\n" +
-				"   \"expires_in\": \"3600\"\n" +
-				"}\n";
+		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
+				+ "   \"token_type\": \"not-bearer\",\n" + "   \"expires_in\": \"3600\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
 
 		OAuth2PasswordGrantRequest passwordGrantRequest = new OAuth2PasswordGrantRequest(
@@ -160,18 +155,16 @@ public class DefaultPasswordTokenResponseClientTests {
 
 		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(passwordGrantRequest))
 				.isInstanceOf(OAuth2AuthorizationException.class)
-				.hasMessageContaining("[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response")
+				.hasMessageContaining(
+						"[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response")
 				.hasMessageContaining("tokenType cannot be null");
 	}
 
 	@Test
 	public void getTokenResponseWhenSuccessResponseIncludesScopeThenAccessTokenHasResponseScope() throws Exception {
-		String accessTokenSuccessResponse = "{\n" +
-				"	\"access_token\": \"access-token-1234\",\n" +
-				"   \"token_type\": \"bearer\",\n" +
-				"   \"expires_in\": \"3600\",\n" +
-				"   \"scope\": \"read\"\n" +
-				"}\n";
+		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
+				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\",\n" + "   \"scope\": \"read\"\n"
+				+ "}\n";
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
 
 		OAuth2PasswordGrantRequest passwordGrantRequest = new OAuth2PasswordGrantRequest(
@@ -188,17 +181,14 @@ public class DefaultPasswordTokenResponseClientTests {
 
 	@Test
 	public void getTokenResponseWhenErrorResponseThenThrowOAuth2AuthorizationException() {
-		String accessTokenErrorResponse = "{\n" +
-				"   \"error\": \"unauthorized_client\"\n" +
-				"}\n";
+		String accessTokenErrorResponse = "{\n" + "   \"error\": \"unauthorized_client\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(accessTokenErrorResponse).setResponseCode(400));
 
 		OAuth2PasswordGrantRequest passwordGrantRequest = new OAuth2PasswordGrantRequest(
 				this.clientRegistrationBuilder.build(), this.username, this.password);
 
 		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(passwordGrantRequest))
-				.isInstanceOf(OAuth2AuthorizationException.class)
-				.hasMessageContaining("[unauthorized_client]");
+				.isInstanceOf(OAuth2AuthorizationException.class).hasMessageContaining("[unauthorized_client]");
 	}
 
 	@Test
@@ -209,13 +199,12 @@ public class DefaultPasswordTokenResponseClientTests {
 				this.clientRegistrationBuilder.build(), this.username, this.password);
 
 		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(passwordGrantRequest))
-				.isInstanceOf(OAuth2AuthorizationException.class)
-				.hasMessageContaining("[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response");
+				.isInstanceOf(OAuth2AuthorizationException.class).hasMessageContaining(
+						"[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response");
 	}
 
 	private MockResponse jsonResponse(String json) {
-		return new MockResponse()
-				.setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE)
-				.setBody(json);
+		return new MockResponse().setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE).setBody(json);
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultRefreshTokenTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultRefreshTokenTokenResponseClientTests.java
index 44c455a944..25c786f36c 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultRefreshTokenTokenResponseClientTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultRefreshTokenTokenResponseClientTests.java
@@ -47,10 +47,15 @@ import static org.assertj.core.api.Assertions.assertThatThrownBy;
  * @author Joe Grandja
  */
 public class DefaultRefreshTokenTokenResponseClientTests {
+
 	private DefaultRefreshTokenTokenResponseClient tokenResponseClient = new DefaultRefreshTokenTokenResponseClient();
+
 	private ClientRegistration.Builder clientRegistrationBuilder;
+
 	private OAuth2AccessToken accessToken;
+
 	private OAuth2RefreshToken refreshToken;
+
 	private MockWebServer server;
 
 	@Before
@@ -88,11 +93,8 @@ public class DefaultRefreshTokenTokenResponseClientTests {
 
 	@Test
 	public void getTokenResponseWhenSuccessResponseThenReturnAccessTokenResponse() throws Exception {
-		String accessTokenSuccessResponse = "{\n" +
-				"	\"access_token\": \"access-token-1234\",\n" +
-				"   \"token_type\": \"bearer\",\n" +
-				"   \"expires_in\": \"3600\"\n" +
-				"}\n";
+		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
+				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
 
 		Instant expiresAtBefore = Instant.now().plusSeconds(3600);
@@ -100,14 +102,16 @@ public class DefaultRefreshTokenTokenResponseClientTests {
 		OAuth2RefreshTokenGrantRequest refreshTokenGrantRequest = new OAuth2RefreshTokenGrantRequest(
 				this.clientRegistrationBuilder.build(), this.accessToken, this.refreshToken);
 
-		OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient.getTokenResponse(refreshTokenGrantRequest);
+		OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient
+				.getTokenResponse(refreshTokenGrantRequest);
 
 		Instant expiresAtAfter = Instant.now().plusSeconds(3600);
 
 		RecordedRequest recordedRequest = this.server.takeRequest();
 		assertThat(recordedRequest.getMethod()).isEqualTo(HttpMethod.POST.toString());
 		assertThat(recordedRequest.getHeader(HttpHeaders.ACCEPT)).isEqualTo(MediaType.APPLICATION_JSON_UTF8_VALUE);
-		assertThat(recordedRequest.getHeader(HttpHeaders.CONTENT_TYPE)).isEqualTo(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8");
+		assertThat(recordedRequest.getHeader(HttpHeaders.CONTENT_TYPE))
+				.isEqualTo(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8");
 		assertThat(recordedRequest.getHeader(HttpHeaders.AUTHORIZATION)).startsWith("Basic ");
 
 		String formParameters = recordedRequest.getBody().readUtf8();
@@ -117,25 +121,22 @@ public class DefaultRefreshTokenTokenResponseClientTests {
 		assertThat(accessTokenResponse.getAccessToken().getTokenValue()).isEqualTo("access-token-1234");
 		assertThat(accessTokenResponse.getAccessToken().getTokenType()).isEqualTo(OAuth2AccessToken.TokenType.BEARER);
 		assertThat(accessTokenResponse.getAccessToken().getExpiresAt()).isBetween(expiresAtBefore, expiresAtAfter);
-		assertThat(accessTokenResponse.getAccessToken().getScopes()).containsExactly(this.accessToken.getScopes().toArray(new String[0]));
+		assertThat(accessTokenResponse.getAccessToken().getScopes())
+				.containsExactly(this.accessToken.getScopes().toArray(new String[0]));
 		assertThat(accessTokenResponse.getRefreshToken().getTokenValue()).isEqualTo(this.refreshToken.getTokenValue());
 	}
 
 	@Test
 	public void getTokenResponseWhenClientAuthenticationPostThenFormParametersAreSent() throws Exception {
-		String accessTokenSuccessResponse = "{\n" +
-				"	\"access_token\": \"access-token-1234\",\n" +
-				"   \"token_type\": \"bearer\",\n" +
-				"   \"expires_in\": \"3600\"\n" +
-				"}\n";
+		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
+				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
 
 		ClientRegistration clientRegistration = this.clientRegistrationBuilder
-				.clientAuthenticationMethod(ClientAuthenticationMethod.POST)
-				.build();
+				.clientAuthenticationMethod(ClientAuthenticationMethod.POST).build();
 
-		OAuth2RefreshTokenGrantRequest refreshTokenGrantRequest =
-				new OAuth2RefreshTokenGrantRequest(clientRegistration, this.accessToken, this.refreshToken);
+		OAuth2RefreshTokenGrantRequest refreshTokenGrantRequest = new OAuth2RefreshTokenGrantRequest(clientRegistration,
+				this.accessToken, this.refreshToken);
 
 		this.tokenResponseClient.getTokenResponse(refreshTokenGrantRequest);
 
@@ -149,11 +150,8 @@ public class DefaultRefreshTokenTokenResponseClientTests {
 
 	@Test
 	public void getTokenResponseWhenSuccessResponseAndNotBearerTokenTypeThenThrowOAuth2AuthorizationException() {
-		String accessTokenSuccessResponse = "{\n" +
-				"	\"access_token\": \"access-token-1234\",\n" +
-				"   \"token_type\": \"not-bearer\",\n" +
-				"   \"expires_in\": \"3600\"\n" +
-				"}\n";
+		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
+				+ "   \"token_type\": \"not-bearer\",\n" + "   \"expires_in\": \"3600\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
 
 		OAuth2RefreshTokenGrantRequest refreshTokenGrantRequest = new OAuth2RefreshTokenGrantRequest(
@@ -161,24 +159,24 @@ public class DefaultRefreshTokenTokenResponseClientTests {
 
 		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(refreshTokenGrantRequest))
 				.isInstanceOf(OAuth2AuthorizationException.class)
-				.hasMessageContaining("[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response")
+				.hasMessageContaining(
+						"[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response")
 				.hasMessageContaining("tokenType cannot be null");
 	}
 
 	@Test
 	public void getTokenResponseWhenSuccessResponseIncludesScopeThenAccessTokenHasResponseScope() throws Exception {
-		String accessTokenSuccessResponse = "{\n" +
-				"	\"access_token\": \"access-token-1234\",\n" +
-				"   \"token_type\": \"bearer\",\n" +
-				"   \"expires_in\": \"3600\",\n" +
-				"   \"scope\": \"read\"\n" +
-				"}\n";
+		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
+				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\",\n" + "   \"scope\": \"read\"\n"
+				+ "}\n";
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
 
 		OAuth2RefreshTokenGrantRequest refreshTokenGrantRequest = new OAuth2RefreshTokenGrantRequest(
-				this.clientRegistrationBuilder.build(), this.accessToken, this.refreshToken, Collections.singleton("read"));
+				this.clientRegistrationBuilder.build(), this.accessToken, this.refreshToken,
+				Collections.singleton("read"));
 
-		OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient.getTokenResponse(refreshTokenGrantRequest);
+		OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient
+				.getTokenResponse(refreshTokenGrantRequest);
 
 		RecordedRequest recordedRequest = this.server.takeRequest();
 		String formParameters = recordedRequest.getBody().readUtf8();
@@ -189,17 +187,14 @@ public class DefaultRefreshTokenTokenResponseClientTests {
 
 	@Test
 	public void getTokenResponseWhenErrorResponseThenThrowOAuth2AuthorizationException() {
-		String accessTokenErrorResponse = "{\n" +
-				"   \"error\": \"unauthorized_client\"\n" +
-				"}\n";
+		String accessTokenErrorResponse = "{\n" + "   \"error\": \"unauthorized_client\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(accessTokenErrorResponse).setResponseCode(400));
 
 		OAuth2RefreshTokenGrantRequest refreshTokenGrantRequest = new OAuth2RefreshTokenGrantRequest(
 				this.clientRegistrationBuilder.build(), this.accessToken, this.refreshToken);
 
 		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(refreshTokenGrantRequest))
-				.isInstanceOf(OAuth2AuthorizationException.class)
-				.hasMessageContaining("[unauthorized_client]");
+				.isInstanceOf(OAuth2AuthorizationException.class).hasMessageContaining("[unauthorized_client]");
 	}
 
 	@Test
@@ -210,13 +205,12 @@ public class DefaultRefreshTokenTokenResponseClientTests {
 				this.clientRegistrationBuilder.build(), this.accessToken, this.refreshToken);
 
 		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(refreshTokenGrantRequest))
-				.isInstanceOf(OAuth2AuthorizationException.class)
-				.hasMessageContaining("[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response");
+				.isInstanceOf(OAuth2AuthorizationException.class).hasMessageContaining(
+						"[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response");
 	}
 
 	private MockResponse jsonResponse(String json) {
-		return new MockResponse()
-				.setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE)
-				.setBody(json);
+		return new MockResponse().setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE).setBody(json);
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/NimbusAuthorizationCodeTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/NimbusAuthorizationCodeTokenResponseClientTests.java
index e26cb0b18d..27f5322891 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/NimbusAuthorizationCodeTokenResponseClientTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/NimbusAuthorizationCodeTokenResponseClientTests.java
@@ -47,10 +47,15 @@ import static org.springframework.security.oauth2.core.endpoint.TestOAuth2Author
  * @author Joe Grandja
  */
 public class NimbusAuthorizationCodeTokenResponseClientTests {
+
 	private ClientRegistration.Builder clientRegistrationBuilder;
+
 	private OAuth2AuthorizationRequest authorizationRequest;
+
 	private OAuth2AuthorizationResponse authorizationResponse;
+
 	private OAuth2AuthorizationExchange authorizationExchange;
+
 	private NimbusAuthorizationCodeTokenResponseClient tokenResponseClient = new NimbusAuthorizationCodeTokenResponseClient();
 
 	@Rule
@@ -62,25 +67,21 @@ public class NimbusAuthorizationCodeTokenResponseClientTests {
 				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC);
 		this.authorizationRequest = request().build();
 		this.authorizationResponse = success().build();
-		this.authorizationExchange = new OAuth2AuthorizationExchange(this.authorizationRequest, this.authorizationResponse);
+		this.authorizationExchange = new OAuth2AuthorizationExchange(this.authorizationRequest,
+				this.authorizationResponse);
 	}
 
 	@Test
 	public void getTokenResponseWhenSuccessResponseThenReturnAccessTokenResponse() throws Exception {
 		MockWebServer server = new MockWebServer();
 
-		String accessTokenSuccessResponse = "{\n" +
-			"	\"access_token\": \"access-token-1234\",\n" +
-			"   \"token_type\": \"bearer\",\n" +
-			"   \"expires_in\": \"3600\",\n" +
-			"   \"scope\": \"openid profile\",\n" +
-			"	\"refresh_token\": \"refresh-token-1234\",\n" +
-			"   \"custom_parameter_1\": \"custom-value-1\",\n" +
-			"   \"custom_parameter_2\": \"custom-value-2\"\n" +
-			"}\n";
-		server.enqueue(new MockResponse()
-			.setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE)
-			.setBody(accessTokenSuccessResponse));
+		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
+				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\",\n"
+				+ "   \"scope\": \"openid profile\",\n" + "	\"refresh_token\": \"refresh-token-1234\",\n"
+				+ "   \"custom_parameter_1\": \"custom-value-1\",\n" + "   \"custom_parameter_2\": \"custom-value-2\"\n"
+				+ "}\n";
+		server.enqueue(new MockResponse().setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE)
+				.setBody(accessTokenSuccessResponse));
 		server.start();
 
 		String tokenUri = server.url("/oauth2/token").toString();
@@ -88,9 +89,9 @@ public class NimbusAuthorizationCodeTokenResponseClientTests {
 
 		Instant expiresAtBefore = Instant.now().plusSeconds(3600);
 
-		OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient.getTokenResponse(
-			new OAuth2AuthorizationCodeGrantRequest(
-					this.clientRegistrationBuilder.build(), this.authorizationExchange));
+		OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient
+				.getTokenResponse(new OAuth2AuthorizationCodeGrantRequest(this.clientRegistrationBuilder.build(),
+						this.authorizationExchange));
 
 		Instant expiresAtAfter = Instant.now().plusSeconds(3600);
 
@@ -112,12 +113,11 @@ public class NimbusAuthorizationCodeTokenResponseClientTests {
 
 		String redirectUri = "http:\\example.com";
 		OAuth2AuthorizationRequest authorizationRequest = request().redirectUri(redirectUri).build();
-		OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(
-				authorizationRequest, this.authorizationResponse);
+		OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(authorizationRequest,
+				this.authorizationResponse);
 
 		this.tokenResponseClient.getTokenResponse(
-			new OAuth2AuthorizationCodeGrantRequest(
-					this.clientRegistrationBuilder.build(), authorizationExchange));
+				new OAuth2AuthorizationCodeGrantRequest(this.clientRegistrationBuilder.build(), authorizationExchange));
 	}
 
 	@Test
@@ -127,9 +127,8 @@ public class NimbusAuthorizationCodeTokenResponseClientTests {
 		String tokenUri = "http:\\provider.com\\oauth2\\token";
 		this.clientRegistrationBuilder.tokenUri(tokenUri);
 
-		this.tokenResponseClient.getTokenResponse(
-			new OAuth2AuthorizationCodeGrantRequest(
-					this.clientRegistrationBuilder.build(), this.authorizationExchange));
+		this.tokenResponseClient.getTokenResponse(new OAuth2AuthorizationCodeGrantRequest(
+				this.clientRegistrationBuilder.build(), this.authorizationExchange));
 	}
 
 	@Test
@@ -139,28 +138,24 @@ public class NimbusAuthorizationCodeTokenResponseClientTests {
 
 		MockWebServer server = new MockWebServer();
 
-		String accessTokenSuccessResponse = "{\n" +
-			"	\"access_token\": \"access-token-1234\",\n" +
-			"   \"token_type\": \"bearer\",\n" +
-			"   \"expires_in\": \"3600\",\n" +
-			"   \"scope\": \"openid profile\",\n" +
-			"   \"custom_parameter_1\": \"custom-value-1\",\n" +
-			"   \"custom_parameter_2\": \"custom-value-2\"\n";
-//			"}\n";		// Make the JSON invalid/malformed
+		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
+				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\",\n"
+				+ "   \"scope\": \"openid profile\",\n" + "   \"custom_parameter_1\": \"custom-value-1\",\n"
+				+ "   \"custom_parameter_2\": \"custom-value-2\"\n";
+		// "}\n"; // Make the JSON invalid/malformed
 
-		server.enqueue(new MockResponse()
-			.setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE)
-			.setBody(accessTokenSuccessResponse));
+		server.enqueue(new MockResponse().setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE)
+				.setBody(accessTokenSuccessResponse));
 		server.start();
 
 		String tokenUri = server.url("/oauth2/token").toString();
 		this.clientRegistrationBuilder.tokenUri(tokenUri);
 
 		try {
-			this.tokenResponseClient.getTokenResponse(
-				new OAuth2AuthorizationCodeGrantRequest(
-						this.clientRegistrationBuilder.build(), this.authorizationExchange));
-		} finally {
+			this.tokenResponseClient.getTokenResponse(new OAuth2AuthorizationCodeGrantRequest(
+					this.clientRegistrationBuilder.build(), this.authorizationExchange));
+		}
+		finally {
 			server.shutdown();
 		}
 	}
@@ -172,9 +167,8 @@ public class NimbusAuthorizationCodeTokenResponseClientTests {
 		String tokenUri = "https://invalid-provider.com/oauth2/token";
 		this.clientRegistrationBuilder.tokenUri(tokenUri);
 
-		this.tokenResponseClient.getTokenResponse(
-			new OAuth2AuthorizationCodeGrantRequest(
-					this.clientRegistrationBuilder.build(), this.authorizationExchange));
+		this.tokenResponseClient.getTokenResponse(new OAuth2AuthorizationCodeGrantRequest(
+				this.clientRegistrationBuilder.build(), this.authorizationExchange));
 	}
 
 	@Test
@@ -184,23 +178,19 @@ public class NimbusAuthorizationCodeTokenResponseClientTests {
 
 		MockWebServer server = new MockWebServer();
 
-		String accessTokenErrorResponse = "{\n" +
-			"   \"error\": \"unauthorized_client\"\n" +
-			"}\n";
-		server.enqueue(new MockResponse()
-			.setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE)
-			.setResponseCode(500)
-			.setBody(accessTokenErrorResponse));
+		String accessTokenErrorResponse = "{\n" + "   \"error\": \"unauthorized_client\"\n" + "}\n";
+		server.enqueue(new MockResponse().setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE)
+				.setResponseCode(500).setBody(accessTokenErrorResponse));
 		server.start();
 
 		String tokenUri = server.url("/oauth2/token").toString();
 		this.clientRegistrationBuilder.tokenUri(tokenUri);
 
 		try {
-			this.tokenResponseClient.getTokenResponse(
-				new OAuth2AuthorizationCodeGrantRequest(
-						this.clientRegistrationBuilder.build(), this.authorizationExchange));
-		} finally {
+			this.tokenResponseClient.getTokenResponse(new OAuth2AuthorizationCodeGrantRequest(
+					this.clientRegistrationBuilder.build(), this.authorizationExchange));
+		}
+		finally {
 			server.shutdown();
 		}
 	}
@@ -220,70 +210,63 @@ public class NimbusAuthorizationCodeTokenResponseClientTests {
 		this.clientRegistrationBuilder.tokenUri(tokenUri);
 
 		try {
-			this.tokenResponseClient.getTokenResponse(
-					new OAuth2AuthorizationCodeGrantRequest(
-							this.clientRegistrationBuilder.build(), this.authorizationExchange));
-		} finally {
+			this.tokenResponseClient.getTokenResponse(new OAuth2AuthorizationCodeGrantRequest(
+					this.clientRegistrationBuilder.build(), this.authorizationExchange));
+		}
+		finally {
 			server.shutdown();
 		}
 	}
 
 	@Test
-	public void getTokenResponseWhenSuccessResponseAndNotBearerTokenTypeThenThrowOAuth2AuthorizationException() throws Exception {
+	public void getTokenResponseWhenSuccessResponseAndNotBearerTokenTypeThenThrowOAuth2AuthorizationException()
+			throws Exception {
 		this.exception.expect(OAuth2AuthorizationException.class);
 		this.exception.expectMessage(containsString("invalid_token_response"));
 
 		MockWebServer server = new MockWebServer();
 
-		String accessTokenSuccessResponse = "{\n" +
-			"	\"access_token\": \"access-token-1234\",\n" +
-			"   \"token_type\": \"not-bearer\",\n" +
-			"   \"expires_in\": \"3600\"\n" +
-			"}\n";
+		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
+				+ "   \"token_type\": \"not-bearer\",\n" + "   \"expires_in\": \"3600\"\n" + "}\n";
 
-		server.enqueue(new MockResponse()
-			.setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE)
-			.setBody(accessTokenSuccessResponse));
+		server.enqueue(new MockResponse().setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE)
+				.setBody(accessTokenSuccessResponse));
 		server.start();
 
 		String tokenUri = server.url("/oauth2/token").toString();
 		this.clientRegistrationBuilder.tokenUri(tokenUri);
 
 		try {
-			this.tokenResponseClient.getTokenResponse(
-				new OAuth2AuthorizationCodeGrantRequest(
-						this.clientRegistrationBuilder.build(), this.authorizationExchange));
-		} finally {
+			this.tokenResponseClient.getTokenResponse(new OAuth2AuthorizationCodeGrantRequest(
+					this.clientRegistrationBuilder.build(), this.authorizationExchange));
+		}
+		finally {
 			server.shutdown();
 		}
 	}
 
 	@Test
-	public void getTokenResponseWhenSuccessResponseIncludesScopeThenReturnAccessTokenResponseUsingResponseScope() throws Exception {
+	public void getTokenResponseWhenSuccessResponseIncludesScopeThenReturnAccessTokenResponseUsingResponseScope()
+			throws Exception {
 		MockWebServer server = new MockWebServer();
 
-		String accessTokenSuccessResponse = "{\n" +
-			"	\"access_token\": \"access-token-1234\",\n" +
-			"   \"token_type\": \"bearer\",\n" +
-			"   \"expires_in\": \"3600\",\n" +
-			"   \"scope\": \"openid profile\"\n" +
-			"}\n";
-		server.enqueue(new MockResponse()
-			.setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE)
-			.setBody(accessTokenSuccessResponse));
+		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
+				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\",\n"
+				+ "   \"scope\": \"openid profile\"\n" + "}\n";
+		server.enqueue(new MockResponse().setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE)
+				.setBody(accessTokenSuccessResponse));
 		server.start();
 
 		String tokenUri = server.url("/oauth2/token").toString();
 		this.clientRegistrationBuilder.tokenUri(tokenUri);
 
-		OAuth2AuthorizationRequest authorizationRequest =
-				request().scope("openid", "profile", "email", "address").build();
-		OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(
-				authorizationRequest, this.authorizationResponse);
+		OAuth2AuthorizationRequest authorizationRequest = request().scope("openid", "profile", "email", "address")
+				.build();
+		OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(authorizationRequest,
+				this.authorizationResponse);
 
 		OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient.getTokenResponse(
-			new OAuth2AuthorizationCodeGrantRequest(
-					this.clientRegistrationBuilder.build(), authorizationExchange));
+				new OAuth2AuthorizationCodeGrantRequest(this.clientRegistrationBuilder.build(), authorizationExchange));
 
 		server.shutdown();
 
@@ -291,33 +274,31 @@ public class NimbusAuthorizationCodeTokenResponseClientTests {
 	}
 
 	@Test
-	public void getTokenResponseWhenSuccessResponseDoesNotIncludeScopeThenReturnAccessTokenResponseUsingRequestedScope() throws Exception {
+	public void getTokenResponseWhenSuccessResponseDoesNotIncludeScopeThenReturnAccessTokenResponseUsingRequestedScope()
+			throws Exception {
 		MockWebServer server = new MockWebServer();
 
-		String accessTokenSuccessResponse = "{\n" +
-			"	\"access_token\": \"access-token-1234\",\n" +
-			"   \"token_type\": \"bearer\",\n" +
-			"   \"expires_in\": \"3600\"\n" +
-			"}\n";
-		server.enqueue(new MockResponse()
-			.setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE)
-			.setBody(accessTokenSuccessResponse));
+		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
+				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\"\n" + "}\n";
+		server.enqueue(new MockResponse().setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE)
+				.setBody(accessTokenSuccessResponse));
 		server.start();
 
 		String tokenUri = server.url("/oauth2/token").toString();
 		this.clientRegistrationBuilder.tokenUri(tokenUri);
 
-		OAuth2AuthorizationRequest authorizationRequest =
-				request().scope("openid", "profile", "email", "address").build();
-		OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(
-				authorizationRequest, this.authorizationResponse);
+		OAuth2AuthorizationRequest authorizationRequest = request().scope("openid", "profile", "email", "address")
+				.build();
+		OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(authorizationRequest,
+				this.authorizationResponse);
 
 		OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient.getTokenResponse(
-			new OAuth2AuthorizationCodeGrantRequest(
-					this.clientRegistrationBuilder.build(), authorizationExchange));
+				new OAuth2AuthorizationCodeGrantRequest(this.clientRegistrationBuilder.build(), authorizationExchange));
 
 		server.shutdown();
 
-		assertThat(accessTokenResponse.getAccessToken().getScopes()).containsExactly("openid", "profile", "email", "address");
+		assertThat(accessTokenResponse.getAccessToken().getScopes()).containsExactly("openid", "profile", "email",
+				"address");
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestEntityConverterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestEntityConverterTests.java
index ab3003f98e..2fc9a2c6e0 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestEntityConverterTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestEntityConverterTests.java
@@ -44,31 +44,24 @@ import static org.springframework.http.MediaType.APPLICATION_FORM_URLENCODED_VAL
  * @author Joe Grandja
  */
 public class OAuth2AuthorizationCodeGrantRequestEntityConverterTests {
+
 	private OAuth2AuthorizationCodeGrantRequestEntityConverter converter = new OAuth2AuthorizationCodeGrantRequestEntityConverter();
+
 	private ClientRegistration.Builder clientRegistrationBuilder = ClientRegistration
-				.withRegistrationId("registration-1")
-				.clientId("client-1")
-				.clientSecret("secret")
-				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
-				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
-				.redirectUri("https://client.com/callback/client-1")
-				.scope("read", "write")
-				.authorizationUri("https://provider.com/oauth2/authorize")
-				.tokenUri("https://provider.com/oauth2/token")
-				.userInfoUri("https://provider.com/user")
-				.userNameAttributeName("id")
-				.clientName("client-1");
+			.withRegistrationId("registration-1").clientId("client-1").clientSecret("secret")
+			.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
+			.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
+			.redirectUri("https://client.com/callback/client-1").scope("read", "write")
+			.authorizationUri("https://provider.com/oauth2/authorize").tokenUri("https://provider.com/oauth2/token")
+			.userInfoUri("https://provider.com/user").userNameAttributeName("id").clientName("client-1");
+
 	private OAuth2AuthorizationRequest.Builder authorizationRequestBuilder = OAuth2AuthorizationRequest
-				.authorizationCode()
-				.clientId("client-1")
-				.state("state-1234")
-				.authorizationUri("https://provider.com/oauth2/authorize")
-				.redirectUri("https://client.com/callback/client-1")
-				.scopes(new HashSet(Arrays.asList("read", "write")));
+			.authorizationCode().clientId("client-1").state("state-1234")
+			.authorizationUri("https://provider.com/oauth2/authorize")
+			.redirectUri("https://client.com/callback/client-1").scopes(new HashSet(Arrays.asList("read", "write")));
+
 	private OAuth2AuthorizationResponse.Builder authorizationResponseBuilder = OAuth2AuthorizationResponse
-				.success("code-1234")
-				.state("state-1234")
-				.redirectUri("https://client.com/callback/client-1");
+			.success("code-1234").state("state-1234").redirectUri("https://client.com/callback/client-1");
 
 	@SuppressWarnings("unchecked")
 	@Test
@@ -76,39 +69,37 @@ public class OAuth2AuthorizationCodeGrantRequestEntityConverterTests {
 		ClientRegistration clientRegistration = clientRegistrationBuilder.build();
 		OAuth2AuthorizationRequest authorizationRequest = authorizationRequestBuilder.build();
 		OAuth2AuthorizationResponse authorizationResponse = authorizationResponseBuilder.build();
-		OAuth2AuthorizationExchange authorizationExchange =
-				new OAuth2AuthorizationExchange(authorizationRequest, authorizationResponse);
+		OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(authorizationRequest,
+				authorizationResponse);
 		OAuth2AuthorizationCodeGrantRequest authorizationCodeGrantRequest = new OAuth2AuthorizationCodeGrantRequest(
 				clientRegistration, authorizationExchange);
 
 		RequestEntity<?> requestEntity = this.converter.convert(authorizationCodeGrantRequest);
 
 		assertThat(requestEntity.getMethod()).isEqualTo(HttpMethod.POST);
-		assertThat(requestEntity.getUrl().toASCIIString()).isEqualTo(
-				clientRegistration.getProviderDetails().getTokenUri());
+		assertThat(requestEntity.getUrl().toASCIIString())
+				.isEqualTo(clientRegistration.getProviderDetails().getTokenUri());
 
 		HttpHeaders headers = requestEntity.getHeaders();
 		assertThat(headers.getAccept()).contains(MediaType.APPLICATION_JSON_UTF8);
-		assertThat(headers.getContentType()).isEqualTo(
-				MediaType.valueOf(APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8"));
+		assertThat(headers.getContentType())
+				.isEqualTo(MediaType.valueOf(APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8"));
 		assertThat(headers.getFirst(HttpHeaders.AUTHORIZATION)).startsWith("Basic ");
 
 		MultiValueMap<String, String> formParameters = (MultiValueMap<String, String>) requestEntity.getBody();
-		assertThat(formParameters.getFirst(OAuth2ParameterNames.GRANT_TYPE)).isEqualTo(
-				AuthorizationGrantType.AUTHORIZATION_CODE.getValue());
+		assertThat(formParameters.getFirst(OAuth2ParameterNames.GRANT_TYPE))
+				.isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE.getValue());
 		assertThat(formParameters.getFirst(OAuth2ParameterNames.CODE)).isEqualTo("code-1234");
 		assertThat(formParameters.getFirst(OAuth2ParameterNames.CLIENT_ID)).isNull();
-		assertThat(formParameters.getFirst(OAuth2ParameterNames.REDIRECT_URI)).isEqualTo(
-				clientRegistration.getRedirectUri());
+		assertThat(formParameters.getFirst(OAuth2ParameterNames.REDIRECT_URI))
+				.isEqualTo(clientRegistration.getRedirectUri());
 	}
 
 	@SuppressWarnings("unchecked")
 	@Test
 	public void convertWhenPkceGrantRequestValidThenConverts() {
-		ClientRegistration clientRegistration = clientRegistrationBuilder
-				.clientAuthenticationMethod(null)
-				.clientSecret(null)
-				.build();
+		ClientRegistration clientRegistration = clientRegistrationBuilder.clientAuthenticationMethod(null)
+				.clientSecret(null).build();
 
 		Map<String, Object> attributes = new HashMap<>();
 		attributes.put(PkceParameterNames.CODE_VERIFIER, "code-verifier-1234");
@@ -117,36 +108,35 @@ public class OAuth2AuthorizationCodeGrantRequestEntityConverterTests {
 		additionalParameters.put(PkceParameterNames.CODE_CHALLENGE, "code-challenge-1234");
 		additionalParameters.put(PkceParameterNames.CODE_CHALLENGE_METHOD, "S256");
 
-		OAuth2AuthorizationRequest authorizationRequest = authorizationRequestBuilder
-				.attributes(attributes)
-				.additionalParameters(additionalParameters)
-				.build();
+		OAuth2AuthorizationRequest authorizationRequest = authorizationRequestBuilder.attributes(attributes)
+				.additionalParameters(additionalParameters).build();
 
 		OAuth2AuthorizationResponse authorizationResponse = authorizationResponseBuilder.build();
-		OAuth2AuthorizationExchange authorizationExchange =
-				new OAuth2AuthorizationExchange(authorizationRequest, authorizationResponse);
+		OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(authorizationRequest,
+				authorizationResponse);
 		OAuth2AuthorizationCodeGrantRequest authorizationCodeGrantRequest = new OAuth2AuthorizationCodeGrantRequest(
 				clientRegistration, authorizationExchange);
 
 		RequestEntity<?> requestEntity = this.converter.convert(authorizationCodeGrantRequest);
 
 		assertThat(requestEntity.getMethod()).isEqualTo(HttpMethod.POST);
-		assertThat(requestEntity.getUrl().toASCIIString()).isEqualTo(
-				clientRegistration.getProviderDetails().getTokenUri());
+		assertThat(requestEntity.getUrl().toASCIIString())
+				.isEqualTo(clientRegistration.getProviderDetails().getTokenUri());
 
 		HttpHeaders headers = requestEntity.getHeaders();
 		assertThat(headers.getAccept()).contains(MediaType.APPLICATION_JSON_UTF8);
-		assertThat(headers.getContentType()).isEqualTo(
-				MediaType.valueOf(APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8"));
+		assertThat(headers.getContentType())
+				.isEqualTo(MediaType.valueOf(APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8"));
 		assertThat(headers.getFirst(HttpHeaders.AUTHORIZATION)).isNull();
 
 		MultiValueMap<String, String> formParameters = (MultiValueMap<String, String>) requestEntity.getBody();
-		assertThat(formParameters.getFirst(OAuth2ParameterNames.GRANT_TYPE)).isEqualTo(
-				AuthorizationGrantType.AUTHORIZATION_CODE.getValue());
+		assertThat(formParameters.getFirst(OAuth2ParameterNames.GRANT_TYPE))
+				.isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE.getValue());
 		assertThat(formParameters.getFirst(OAuth2ParameterNames.CODE)).isEqualTo("code-1234");
-		assertThat(formParameters.getFirst(OAuth2ParameterNames.REDIRECT_URI)).isEqualTo(
-				clientRegistration.getRedirectUri());
+		assertThat(formParameters.getFirst(OAuth2ParameterNames.REDIRECT_URI))
+				.isEqualTo(clientRegistration.getRedirectUri());
 		assertThat(formParameters.getFirst(OAuth2ParameterNames.CLIENT_ID)).isEqualTo("client-1");
 		assertThat(formParameters.getFirst(PkceParameterNames.CODE_VERIFIER)).isEqualTo("code-verifier-1234");
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestTests.java
index 991ec80c0a..2a70175ca1 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestTests.java
@@ -32,7 +32,9 @@ import static org.springframework.security.oauth2.core.endpoint.TestOAuth2Author
  * @author Joe Grandja
  */
 public class OAuth2AuthorizationCodeGrantRequestTests {
+
 	private ClientRegistration clientRegistration;
+
 	private OAuth2AuthorizationExchange authorizationExchange;
 
 	@Before
@@ -53,11 +55,12 @@ public class OAuth2AuthorizationCodeGrantRequestTests {
 
 	@Test
 	public void constructorWhenAllParametersProvidedAndValidThenCreated() {
-		OAuth2AuthorizationCodeGrantRequest authorizationCodeGrantRequest =
-			new OAuth2AuthorizationCodeGrantRequest(this.clientRegistration, this.authorizationExchange);
+		OAuth2AuthorizationCodeGrantRequest authorizationCodeGrantRequest = new OAuth2AuthorizationCodeGrantRequest(
+				this.clientRegistration, this.authorizationExchange);
 
 		assertThat(authorizationCodeGrantRequest.getClientRegistration()).isEqualTo(this.clientRegistration);
 		assertThat(authorizationCodeGrantRequest.getAuthorizationExchange()).isEqualTo(this.authorizationExchange);
 		assertThat(authorizationCodeGrantRequest.getGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestEntityConverterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestEntityConverterTests.java
index 28233c9a16..72a9735ca9 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestEntityConverterTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestEntityConverterTests.java
@@ -36,19 +36,18 @@ import static org.springframework.http.MediaType.APPLICATION_FORM_URLENCODED_VAL
  * @author Joe Grandja
  */
 public class OAuth2ClientCredentialsGrantRequestEntityConverterTests {
+
 	private OAuth2ClientCredentialsGrantRequestEntityConverter converter = new OAuth2ClientCredentialsGrantRequestEntityConverter();
+
 	private OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest;
 
 	@Before
 	public void setup() {
 		ClientRegistration clientRegistration = ClientRegistration.withRegistrationId("registration-1")
-				.clientId("client-1")
-				.clientSecret("secret")
+				.clientId("client-1").clientSecret("secret")
 				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
-				.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS)
-				.scope("read", "write")
-				.tokenUri("https://provider.com/oauth2/token")
-				.build();
+				.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS).scope("read", "write")
+				.tokenUri("https://provider.com/oauth2/token").build();
 		this.clientCredentialsGrantRequest = new OAuth2ClientCredentialsGrantRequest(clientRegistration);
 	}
 
@@ -60,18 +59,19 @@ public class OAuth2ClientCredentialsGrantRequestEntityConverterTests {
 		ClientRegistration clientRegistration = this.clientCredentialsGrantRequest.getClientRegistration();
 
 		assertThat(requestEntity.getMethod()).isEqualTo(HttpMethod.POST);
-		assertThat(requestEntity.getUrl().toASCIIString()).isEqualTo(
-				clientRegistration.getProviderDetails().getTokenUri());
+		assertThat(requestEntity.getUrl().toASCIIString())
+				.isEqualTo(clientRegistration.getProviderDetails().getTokenUri());
 
 		HttpHeaders headers = requestEntity.getHeaders();
 		assertThat(headers.getAccept()).contains(MediaType.APPLICATION_JSON_UTF8);
-		assertThat(headers.getContentType()).isEqualTo(
-				MediaType.valueOf(APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8"));
+		assertThat(headers.getContentType())
+				.isEqualTo(MediaType.valueOf(APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8"));
 		assertThat(headers.getFirst(HttpHeaders.AUTHORIZATION)).startsWith("Basic ");
 
 		MultiValueMap<String, String> formParameters = (MultiValueMap<String, String>) requestEntity.getBody();
-		assertThat(formParameters.getFirst(OAuth2ParameterNames.GRANT_TYPE)).isEqualTo(
-				AuthorizationGrantType.CLIENT_CREDENTIALS.getValue());
+		assertThat(formParameters.getFirst(OAuth2ParameterNames.GRANT_TYPE))
+				.isEqualTo(AuthorizationGrantType.CLIENT_CREDENTIALS.getValue());
 		assertThat(formParameters.getFirst(OAuth2ParameterNames.SCOPE)).isEqualTo("read write");
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestTests.java
index 965a552404..b6c4bf7f2b 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestTests.java
@@ -30,18 +30,15 @@ import static org.assertj.core.api.Java6Assertions.assertThatThrownBy;
  * @author Joe Grandja
  */
 public class OAuth2ClientCredentialsGrantRequestTests {
+
 	private ClientRegistration clientRegistration;
 
 	@Before
 	public void setup() {
-		this.clientRegistration = ClientRegistration.withRegistrationId("registration-1")
-				.clientId("client-1")
-				.clientSecret("secret")
-				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
-				.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS)
-				.scope("read", "write")
-				.tokenUri("https://provider.com/oauth2/token")
-				.build();
+		this.clientRegistration = ClientRegistration.withRegistrationId("registration-1").clientId("client-1")
+				.clientSecret("secret").clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
+				.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS).scope("read", "write")
+				.tokenUri("https://provider.com/oauth2/token").build();
 	}
 
 	@Test
@@ -53,24 +50,22 @@ public class OAuth2ClientCredentialsGrantRequestTests {
 	@Test
 	public void constructorWhenClientRegistrationInvalidGrantTypeThenThrowIllegalArgumentException() {
 		ClientRegistration clientRegistration = ClientRegistration.withRegistrationId("registration-1")
-				.clientId("client-1")
-				.authorizationGrantType(AuthorizationGrantType.IMPLICIT)
-				.redirectUri("https://localhost:8080/redirect-uri")
-				.authorizationUri("https://provider.com/oauth2/auth")
-				.clientName("Client 1")
-				.build();
+				.clientId("client-1").authorizationGrantType(AuthorizationGrantType.IMPLICIT)
+				.redirectUri("https://localhost:8080/redirect-uri").authorizationUri("https://provider.com/oauth2/auth")
+				.clientName("Client 1").build();
 
 		assertThatThrownBy(() -> new OAuth2ClientCredentialsGrantRequest(clientRegistration))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("clientRegistration.authorizationGrantType must be AuthorizationGrantType.CLIENT_CREDENTIALS");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage(
+						"clientRegistration.authorizationGrantType must be AuthorizationGrantType.CLIENT_CREDENTIALS");
 	}
 
 	@Test
 	public void constructorWhenValidParametersProvidedThenCreated() {
-		OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest =
-				new OAuth2ClientCredentialsGrantRequest(this.clientRegistration);
+		OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest = new OAuth2ClientCredentialsGrantRequest(
+				this.clientRegistration);
 
 		assertThat(clientCredentialsGrantRequest.getClientRegistration()).isEqualTo(this.clientRegistration);
 		assertThat(clientCredentialsGrantRequest.getGrantType()).isEqualTo(AuthorizationGrantType.CLIENT_CREDENTIALS);
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2PasswordGrantRequestEntityConverterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2PasswordGrantRequestEntityConverterTests.java
index 0fd6eb4a2c..a2146f925f 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2PasswordGrantRequestEntityConverterTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2PasswordGrantRequestEntityConverterTests.java
@@ -36,15 +36,15 @@ import static org.springframework.http.MediaType.APPLICATION_FORM_URLENCODED_VAL
  * @author Joe Grandja
  */
 public class OAuth2PasswordGrantRequestEntityConverterTests {
+
 	private OAuth2PasswordGrantRequestEntityConverter converter = new OAuth2PasswordGrantRequestEntityConverter();
+
 	private OAuth2PasswordGrantRequest passwordGrantRequest;
 
 	@Before
 	public void setup() {
 		ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration()
-				.authorizationGrantType(AuthorizationGrantType.PASSWORD)
-				.scope("read", "write")
-				.build();
+				.authorizationGrantType(AuthorizationGrantType.PASSWORD).scope("read", "write").build();
 		this.passwordGrantRequest = new OAuth2PasswordGrantRequest(clientRegistration, "user1", "password");
 	}
 
@@ -56,18 +56,18 @@ public class OAuth2PasswordGrantRequestEntityConverterTests {
 		ClientRegistration clientRegistration = this.passwordGrantRequest.getClientRegistration();
 
 		assertThat(requestEntity.getMethod()).isEqualTo(HttpMethod.POST);
-		assertThat(requestEntity.getUrl().toASCIIString()).isEqualTo(
-				clientRegistration.getProviderDetails().getTokenUri());
+		assertThat(requestEntity.getUrl().toASCIIString())
+				.isEqualTo(clientRegistration.getProviderDetails().getTokenUri());
 
 		HttpHeaders headers = requestEntity.getHeaders();
 		assertThat(headers.getAccept()).contains(MediaType.APPLICATION_JSON_UTF8);
-		assertThat(headers.getContentType()).isEqualTo(
-				MediaType.valueOf(APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8"));
+		assertThat(headers.getContentType())
+				.isEqualTo(MediaType.valueOf(APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8"));
 		assertThat(headers.getFirst(HttpHeaders.AUTHORIZATION)).startsWith("Basic ");
 
 		MultiValueMap<String, String> formParameters = (MultiValueMap<String, String>) requestEntity.getBody();
-		assertThat(formParameters.getFirst(OAuth2ParameterNames.GRANT_TYPE)).isEqualTo(
-				AuthorizationGrantType.PASSWORD.getValue());
+		assertThat(formParameters.getFirst(OAuth2ParameterNames.GRANT_TYPE))
+				.isEqualTo(AuthorizationGrantType.PASSWORD.getValue());
 		assertThat(formParameters.getFirst(OAuth2ParameterNames.USERNAME)).isEqualTo("user1");
 		assertThat(formParameters.getFirst(OAuth2ParameterNames.PASSWORD)).isEqualTo("password");
 		assertThat(formParameters.getFirst(OAuth2ParameterNames.SCOPE)).isEqualTo("read write");
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2PasswordGrantRequestTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2PasswordGrantRequestTests.java
index 7c821f9897..e736b5b83d 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2PasswordGrantRequestTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2PasswordGrantRequestTests.java
@@ -29,36 +29,34 @@ import static org.assertj.core.api.Assertions.assertThatThrownBy;
  * @author Joe Grandja
  */
 public class OAuth2PasswordGrantRequestTests {
+
 	private ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration()
 			.authorizationGrantType(AuthorizationGrantType.PASSWORD).build();
+
 	private String username = "user1";
+
 	private String password = "password";
 
 	@Test
 	public void constructorWhenClientRegistrationIsNullThenThrowIllegalArgumentException() {
 		assertThatThrownBy(() -> new OAuth2PasswordGrantRequest(null, this.username, this.password))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("clientRegistration cannot be null");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("clientRegistration cannot be null");
 	}
 
 	@Test
 	public void constructorWhenUsernameIsEmptyThenThrowIllegalArgumentException() {
 		assertThatThrownBy(() -> new OAuth2PasswordGrantRequest(this.clientRegistration, null, this.password))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("username cannot be empty");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("username cannot be empty");
 		assertThatThrownBy(() -> new OAuth2PasswordGrantRequest(this.clientRegistration, "", this.password))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("username cannot be empty");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("username cannot be empty");
 	}
 
 	@Test
 	public void constructorWhenPasswordIsEmptyThenThrowIllegalArgumentException() {
 		assertThatThrownBy(() -> new OAuth2PasswordGrantRequest(this.clientRegistration, this.username, null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("password cannot be empty");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("password cannot be empty");
 		assertThatThrownBy(() -> new OAuth2PasswordGrantRequest(this.clientRegistration, this.username, ""))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("password cannot be empty");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("password cannot be empty");
 	}
 
 	@Test
@@ -71,11 +69,12 @@ public class OAuth2PasswordGrantRequestTests {
 
 	@Test
 	public void constructorWhenValidParametersProvidedThenCreated() {
-		OAuth2PasswordGrantRequest passwordGrantRequest = new OAuth2PasswordGrantRequest(
-				this.clientRegistration, this.username, this.password);
+		OAuth2PasswordGrantRequest passwordGrantRequest = new OAuth2PasswordGrantRequest(this.clientRegistration,
+				this.username, this.password);
 		assertThat(passwordGrantRequest.getGrantType()).isEqualTo(AuthorizationGrantType.PASSWORD);
 		assertThat(passwordGrantRequest.getClientRegistration()).isSameAs(this.clientRegistration);
 		assertThat(passwordGrantRequest.getUsername()).isEqualTo(this.username);
 		assertThat(passwordGrantRequest.getPassword()).isEqualTo(this.password);
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2RefreshTokenGrantRequestEntityConverterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2RefreshTokenGrantRequestEntityConverterTests.java
index 2f73174039..240f23a3b2 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2RefreshTokenGrantRequestEntityConverterTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2RefreshTokenGrantRequestEntityConverterTests.java
@@ -41,16 +41,16 @@ import static org.springframework.http.MediaType.APPLICATION_FORM_URLENCODED_VAL
  * @author Joe Grandja
  */
 public class OAuth2RefreshTokenGrantRequestEntityConverterTests {
+
 	private OAuth2RefreshTokenGrantRequestEntityConverter converter = new OAuth2RefreshTokenGrantRequestEntityConverter();
+
 	private OAuth2RefreshTokenGrantRequest refreshTokenGrantRequest;
 
 	@Before
 	public void setup() {
 		this.refreshTokenGrantRequest = new OAuth2RefreshTokenGrantRequest(
-				TestClientRegistrations.clientRegistration().build(),
-				TestOAuth2AccessTokens.scopes("read", "write"),
-				TestOAuth2RefreshTokens.refreshToken(),
-				Collections.singleton("read"));
+				TestClientRegistrations.clientRegistration().build(), TestOAuth2AccessTokens.scopes("read", "write"),
+				TestOAuth2RefreshTokens.refreshToken(), Collections.singleton("read"));
 	}
 
 	@SuppressWarnings("unchecked")
@@ -62,20 +62,20 @@ public class OAuth2RefreshTokenGrantRequestEntityConverterTests {
 		OAuth2RefreshToken refreshToken = this.refreshTokenGrantRequest.getRefreshToken();
 
 		assertThat(requestEntity.getMethod()).isEqualTo(HttpMethod.POST);
-		assertThat(requestEntity.getUrl().toASCIIString()).isEqualTo(
-				clientRegistration.getProviderDetails().getTokenUri());
+		assertThat(requestEntity.getUrl().toASCIIString())
+				.isEqualTo(clientRegistration.getProviderDetails().getTokenUri());
 
 		HttpHeaders headers = requestEntity.getHeaders();
 		assertThat(headers.getAccept()).contains(MediaType.APPLICATION_JSON_UTF8);
-		assertThat(headers.getContentType()).isEqualTo(
-				MediaType.valueOf(APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8"));
+		assertThat(headers.getContentType())
+				.isEqualTo(MediaType.valueOf(APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8"));
 		assertThat(headers.getFirst(HttpHeaders.AUTHORIZATION)).startsWith("Basic ");
 
 		MultiValueMap<String, String> formParameters = (MultiValueMap<String, String>) requestEntity.getBody();
-		assertThat(formParameters.getFirst(OAuth2ParameterNames.GRANT_TYPE)).isEqualTo(
-				AuthorizationGrantType.REFRESH_TOKEN.getValue());
-		assertThat(formParameters.getFirst(OAuth2ParameterNames.REFRESH_TOKEN)).isEqualTo(
-				refreshToken.getTokenValue());
+		assertThat(formParameters.getFirst(OAuth2ParameterNames.GRANT_TYPE))
+				.isEqualTo(AuthorizationGrantType.REFRESH_TOKEN.getValue());
+		assertThat(formParameters.getFirst(OAuth2ParameterNames.REFRESH_TOKEN)).isEqualTo(refreshToken.getTokenValue());
 		assertThat(formParameters.getFirst(OAuth2ParameterNames.SCOPE)).isEqualTo("read");
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2RefreshTokenGrantRequestTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2RefreshTokenGrantRequestTests.java
index dc90a388a5..b0595f15a8 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2RefreshTokenGrantRequestTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2RefreshTokenGrantRequestTests.java
@@ -37,8 +37,11 @@ import static org.assertj.core.api.Assertions.assertThatThrownBy;
  * @author Joe Grandja
  */
 public class OAuth2RefreshTokenGrantRequestTests {
+
 	private ClientRegistration clientRegistration;
+
 	private OAuth2AccessToken accessToken;
+
 	private OAuth2RefreshToken refreshToken;
 
 	@Before
@@ -51,22 +54,19 @@ public class OAuth2RefreshTokenGrantRequestTests {
 	@Test
 	public void constructorWhenClientRegistrationIsNullThenThrowIllegalArgumentException() {
 		assertThatThrownBy(() -> new OAuth2RefreshTokenGrantRequest(null, this.accessToken, this.refreshToken))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("clientRegistration cannot be null");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("clientRegistration cannot be null");
 	}
 
 	@Test
 	public void constructorWhenAccessTokenIsNullThenThrowIllegalArgumentException() {
 		assertThatThrownBy(() -> new OAuth2RefreshTokenGrantRequest(this.clientRegistration, null, this.refreshToken))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("accessToken cannot be null");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("accessToken cannot be null");
 	}
 
 	@Test
 	public void constructorWhenRefreshTokenIsNullThenThrowIllegalArgumentException() {
 		assertThatThrownBy(() -> new OAuth2RefreshTokenGrantRequest(this.clientRegistration, this.accessToken, null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("refreshToken cannot be null");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("refreshToken cannot be null");
 	}
 
 	@Test
@@ -79,4 +79,5 @@ public class OAuth2RefreshTokenGrantRequestTests {
 		assertThat(refreshTokenGrantRequest.getRefreshToken()).isSameAs(this.refreshToken);
 		assertThat(refreshTokenGrantRequest.getScopes()).isEqualTo(scopes);
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveAuthorizationCodeTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveAuthorizationCodeTokenResponseClientTests.java
index 64186e10cb..190b925f2b 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveAuthorizationCodeTokenResponseClientTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveAuthorizationCodeTokenResponseClientTests.java
@@ -51,6 +51,7 @@ import static org.mockito.Mockito.when;
  * @since 5.1
  */
 public class WebClientReactiveAuthorizationCodeTokenResponseClientTests {
+
 	private ClientRegistration.Builder clientRegistration;
 
 	private WebClientReactiveAuthorizationCodeTokenResponseClient tokenResponseClient = new WebClientReactiveAuthorizationCodeTokenResponseClient();
@@ -64,8 +65,7 @@ public class WebClientReactiveAuthorizationCodeTokenResponseClientTests {
 
 		String tokenUri = this.server.url("/oauth2/token").toString();
 
-		this.clientRegistration = TestClientRegistrations.clientRegistration()
-				.tokenUri(tokenUri);
+		this.clientRegistration = TestClientRegistrations.clientRegistration().tokenUri(tokenUri);
 	}
 
 	@After
@@ -75,30 +75,26 @@ public class WebClientReactiveAuthorizationCodeTokenResponseClientTests {
 
 	@Test
 	public void getTokenResponseWhenSuccessResponseThenReturnAccessTokenResponse() throws Exception {
-		String accessTokenSuccessResponse = "{\n" +
-				"	\"access_token\": \"access-token-1234\",\n" +
-				"   \"token_type\": \"bearer\",\n" +
-				"   \"expires_in\": \"3600\",\n" +
-				"   \"scope\": \"openid profile\",\n" +
-				"	\"refresh_token\": \"refresh-token-1234\",\n" +
-				"   \"custom_parameter_1\": \"custom-value-1\",\n" +
-				"   \"custom_parameter_2\": \"custom-value-2\"\n" +
-				"}\n";
+		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
+				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\",\n"
+				+ "   \"scope\": \"openid profile\",\n" + "	\"refresh_token\": \"refresh-token-1234\",\n"
+				+ "   \"custom_parameter_1\": \"custom-value-1\",\n" + "   \"custom_parameter_2\": \"custom-value-2\"\n"
+				+ "}\n";
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
 
-
 		Instant expiresAtBefore = Instant.now().plusSeconds(3600);
 
-		OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient.getTokenResponse(authorizationCodeGrantRequest()).block();
+		OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient
+				.getTokenResponse(authorizationCodeGrantRequest()).block();
 		String body = this.server.takeRequest().getBody().readUtf8();
 
-		assertThat(body).isEqualTo("grant_type=authorization_code&code=code&redirect_uri=%7BbaseUrl%7D%2F%7Baction%7D%2Foauth2%2Fcode%2F%7BregistrationId%7D");
+		assertThat(body).isEqualTo(
+				"grant_type=authorization_code&code=code&redirect_uri=%7BbaseUrl%7D%2F%7Baction%7D%2Foauth2%2Fcode%2F%7BregistrationId%7D");
 
 		Instant expiresAtAfter = Instant.now().plusSeconds(3600);
 
 		assertThat(accessTokenResponse.getAccessToken().getTokenValue()).isEqualTo("access-token-1234");
-		assertThat(accessTokenResponse.getAccessToken().getTokenType()).isEqualTo(
-				OAuth2AccessToken.TokenType.BEARER);
+		assertThat(accessTokenResponse.getAccessToken().getTokenType()).isEqualTo(OAuth2AccessToken.TokenType.BEARER);
 		assertThat(accessTokenResponse.getAccessToken().getExpiresAt()).isBetween(expiresAtBefore, expiresAtAfter);
 		assertThat(accessTokenResponse.getAccessToken().getScopes()).containsExactly("openid", "profile");
 		assertThat(accessTokenResponse.getRefreshToken().getTokenValue()).isEqualTo("refresh-token-1234");
@@ -107,172 +103,167 @@ public class WebClientReactiveAuthorizationCodeTokenResponseClientTests {
 		assertThat(accessTokenResponse.getAdditionalParameters()).containsEntry("custom_parameter_2", "custom-value-2");
 	}
 
-//	@Test
-//	public void getTokenResponseWhenRedirectUriMalformedThenThrowIllegalArgumentException() throws Exception {
-//		this.exception.expect(IllegalArgumentException.class);
-//
-//		String redirectUri = "http:\\example.com";
-//		when(this.clientRegistration.getRedirectUri()).thenReturn(redirectUri);
-//
-//		this.tokenResponseClient.getTokenResponse(
-//				new OAuth2AuthorizationCodeGrantRequest(this.clientRegistration, this.authorizationExchange));
-//	}
-//
-//	@Test
-//	public void getTokenResponseWhenTokenUriMalformedThenThrowIllegalArgumentException() throws Exception {
-//		this.exception.expect(IllegalArgumentException.class);
-//
-//		String tokenUri = "http:\\provider.com\\oauth2\\token";
-//		when(this.providerDetails.getTokenUri()).thenReturn(tokenUri);
-//
-//		this.tokenResponseClient.getTokenResponse(
-//				new OAuth2AuthorizationCodeGrantRequest(this.clientRegistration, this.authorizationExchange));
-//	}
-//
-//	@Test
-//	public void getTokenResponseWhenSuccessResponseInvalidThenThrowOAuth2AuthorizationException() throws Exception {
-//		this.exception.expect(OAuth2AuthorizationException.class);
-//		this.exception.expectMessage(containsString("invalid_token_response"));
-//
-//		MockWebServer server = new MockWebServer();
-//
-//		String accessTokenSuccessResponse = "{\n" +
-//				"	\"access_token\": \"access-token-1234\",\n" +
-//				"   \"token_type\": \"bearer\",\n" +
-//				"   \"expires_in\": \"3600\",\n" +
-//				"   \"scope\": \"openid profile\",\n" +
-//				"   \"custom_parameter_1\": \"custom-value-1\",\n" +
-//				"   \"custom_parameter_2\": \"custom-value-2\"\n";
-//		//			"}\n";		// Make the JSON invalid/malformed
-//
-//		server.enqueue(new MockResponse()
-//				.setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE)
-//				.setBody(accessTokenSuccessResponse));
-//		server.start();
-//
-//		String tokenUri = server.url("/oauth2/token").toString();
-//		when(this.providerDetails.getTokenUri()).thenReturn(tokenUri);
-//
-//		try {
-//			this.tokenResponseClient.getTokenResponse(
-//					new OAuth2AuthorizationCodeGrantRequest(this.clientRegistration, this.authorizationExchange));
-//		} finally {
-//			server.shutdown();
-//		}
-//	}
-//
-//	@Test
-//	public void getTokenResponseWhenTokenUriInvalidThenThrowAuthenticationServiceException() throws Exception {
-//		this.exception.expect(AuthenticationServiceException.class);
-//
-//		String tokenUri = "https://invalid-provider.com/oauth2/token";
-//		when(this.providerDetails.getTokenUri()).thenReturn(tokenUri);
-//
-//		this.tokenResponseClient.getTokenResponse(
-//				new OAuth2AuthorizationCodeGrantRequest(this.clientRegistration, this.authorizationExchange));
-//	}
-//
+	// @Test
+	// public void
+	// getTokenResponseWhenRedirectUriMalformedThenThrowIllegalArgumentException() throws
+	// Exception {
+	// this.exception.expect(IllegalArgumentException.class);
+	//
+	// String redirectUri = "http:\\example.com";
+	// when(this.clientRegistration.getRedirectUri()).thenReturn(redirectUri);
+	//
+	// this.tokenResponseClient.getTokenResponse(
+	// new OAuth2AuthorizationCodeGrantRequest(this.clientRegistration,
+	// this.authorizationExchange));
+	// }
+	//
+	// @Test
+	// public void
+	// getTokenResponseWhenTokenUriMalformedThenThrowIllegalArgumentException() throws
+	// Exception {
+	// this.exception.expect(IllegalArgumentException.class);
+	//
+	// String tokenUri = "http:\\provider.com\\oauth2\\token";
+	// when(this.providerDetails.getTokenUri()).thenReturn(tokenUri);
+	//
+	// this.tokenResponseClient.getTokenResponse(
+	// new OAuth2AuthorizationCodeGrantRequest(this.clientRegistration,
+	// this.authorizationExchange));
+	// }
+	//
+	// @Test
+	// public void
+	// getTokenResponseWhenSuccessResponseInvalidThenThrowOAuth2AuthorizationException()
+	// throws Exception {
+	// this.exception.expect(OAuth2AuthorizationException.class);
+	// this.exception.expectMessage(containsString("invalid_token_response"));
+	//
+	// MockWebServer server = new MockWebServer();
+	//
+	// String accessTokenSuccessResponse = "{\n" +
+	// " \"access_token\": \"access-token-1234\",\n" +
+	// " \"token_type\": \"bearer\",\n" +
+	// " \"expires_in\": \"3600\",\n" +
+	// " \"scope\": \"openid profile\",\n" +
+	// " \"custom_parameter_1\": \"custom-value-1\",\n" +
+	// " \"custom_parameter_2\": \"custom-value-2\"\n";
+	// // "}\n"; // Make the JSON invalid/malformed
+	//
+	// server.enqueue(new MockResponse()
+	// .setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE)
+	// .setBody(accessTokenSuccessResponse));
+	// server.start();
+	//
+	// String tokenUri = server.url("/oauth2/token").toString();
+	// when(this.providerDetails.getTokenUri()).thenReturn(tokenUri);
+	//
+	// try {
+	// this.tokenResponseClient.getTokenResponse(
+	// new OAuth2AuthorizationCodeGrantRequest(this.clientRegistration,
+	// this.authorizationExchange));
+	// } finally {
+	// server.shutdown();
+	// }
+	// }
+	//
+	// @Test
+	// public void
+	// getTokenResponseWhenTokenUriInvalidThenThrowAuthenticationServiceException() throws
+	// Exception {
+	// this.exception.expect(AuthenticationServiceException.class);
+	//
+	// String tokenUri = "https://invalid-provider.com/oauth2/token";
+	// when(this.providerDetails.getTokenUri()).thenReturn(tokenUri);
+	//
+	// this.tokenResponseClient.getTokenResponse(
+	// new OAuth2AuthorizationCodeGrantRequest(this.clientRegistration,
+	// this.authorizationExchange));
+	// }
+	//
 	@Test
 	public void getTokenResponseWhenErrorResponseThenThrowOAuth2AuthorizationException() {
-		String accessTokenErrorResponse = "{\n" +
-				"   \"error\": \"unauthorized_client\"\n" +
-				"}\n";
+		String accessTokenErrorResponse = "{\n" + "   \"error\": \"unauthorized_client\"\n" + "}\n";
 
-		this.server.enqueue(jsonResponse(accessTokenErrorResponse).setResponseCode(HttpStatus.INTERNAL_SERVER_ERROR.value()));
+		this.server.enqueue(
+				jsonResponse(accessTokenErrorResponse).setResponseCode(HttpStatus.INTERNAL_SERVER_ERROR.value()));
 
 		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(authorizationCodeGrantRequest()).block())
-			.isInstanceOfSatisfying(OAuth2AuthorizationException.class, e -> assertThat(e.getError().getErrorCode()).isEqualTo("unauthorized_client"))
-			.hasMessageContaining("unauthorized_client");
+				.isInstanceOfSatisfying(OAuth2AuthorizationException.class,
+						e -> assertThat(e.getError().getErrorCode()).isEqualTo("unauthorized_client"))
+				.hasMessageContaining("unauthorized_client");
 	}
 
 	// gh-5594
 	@Test
 	public void getTokenResponseWhenServerErrorResponseThenThrowOAuth2AuthorizationException() {
 		String accessTokenErrorResponse = "{}";
-		this.server.enqueue(jsonResponse(accessTokenErrorResponse).setResponseCode(HttpStatus.INTERNAL_SERVER_ERROR.value()));
+		this.server.enqueue(
+				jsonResponse(accessTokenErrorResponse).setResponseCode(HttpStatus.INTERNAL_SERVER_ERROR.value()));
 
 		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(authorizationCodeGrantRequest()).block())
-				.isInstanceOf(OAuth2AuthorizationException.class)
-				.hasMessageContaining("server_error");
+				.isInstanceOf(OAuth2AuthorizationException.class).hasMessageContaining("server_error");
 	}
 
 	@Test
 	public void getTokenResponseWhenSuccessResponseAndNotBearerTokenTypeThenThrowOAuth2AuthorizationException() {
-		String accessTokenSuccessResponse = "{\n" +
-				"	\"access_token\": \"access-token-1234\",\n" +
-				"   \"token_type\": \"not-bearer\",\n" +
-				"   \"expires_in\": \"3600\"\n" +
-				"}\n";
+		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
+				+ "   \"token_type\": \"not-bearer\",\n" + "   \"expires_in\": \"3600\"\n" + "}\n";
 
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
 
 		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(authorizationCodeGrantRequest()).block())
-				.isInstanceOf(OAuth2AuthorizationException.class)
-				.hasMessageContaining("invalid_token_response");
+				.isInstanceOf(OAuth2AuthorizationException.class).hasMessageContaining("invalid_token_response");
 	}
 
 	@Test
 	public void getTokenResponseWhenSuccessResponseIncludesScopeThenReturnAccessTokenResponseUsingResponseScope() {
-		String accessTokenSuccessResponse = "{\n" +
-				"	\"access_token\": \"access-token-1234\",\n" +
-				"   \"token_type\": \"bearer\",\n" +
-				"   \"expires_in\": \"3600\",\n" +
-				"   \"scope\": \"openid profile\"\n" +
-				"}\n";
+		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
+				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\",\n"
+				+ "   \"scope\": \"openid profile\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
 
 		this.clientRegistration.scope("openid", "profile", "email", "address");
 
-		OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient.getTokenResponse(authorizationCodeGrantRequest()).block();
+		OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient
+				.getTokenResponse(authorizationCodeGrantRequest()).block();
 
 		assertThat(accessTokenResponse.getAccessToken().getScopes()).containsExactly("openid", "profile");
 	}
 
 	@Test
 	public void getTokenResponseWhenSuccessResponseDoesNotIncludeScopeThenReturnAccessTokenResponseUsingRequestedScope() {
-		String accessTokenSuccessResponse = "{\n" +
-				"	\"access_token\": \"access-token-1234\",\n" +
-				"   \"token_type\": \"bearer\",\n" +
-				"   \"expires_in\": \"3600\"\n" +
-				"}\n";
+		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
+				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
 
-
 		this.clientRegistration.scope("openid", "profile", "email", "address");
 
-		OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient.getTokenResponse(authorizationCodeGrantRequest()).block();
+		OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient
+				.getTokenResponse(authorizationCodeGrantRequest()).block();
 
-		assertThat(accessTokenResponse.getAccessToken().getScopes()).containsExactly("openid", "profile", "email", "address");
+		assertThat(accessTokenResponse.getAccessToken().getScopes()).containsExactly("openid", "profile", "email",
+				"address");
 	}
 
 	private OAuth2AuthorizationCodeGrantRequest authorizationCodeGrantRequest() {
 		ClientRegistration registration = this.clientRegistration.build();
-		OAuth2AuthorizationRequest authorizationRequest = OAuth2AuthorizationRequest
-				.authorizationCode()
-				.clientId(registration.getClientId())
-				.state("state")
+		OAuth2AuthorizationRequest authorizationRequest = OAuth2AuthorizationRequest.authorizationCode()
+				.clientId(registration.getClientId()).state("state")
 				.authorizationUri(registration.getProviderDetails().getAuthorizationUri())
-				.redirectUri(registration.getRedirectUri())
-				.scopes(registration.getScopes())
-				.build();
-		OAuth2AuthorizationResponse authorizationResponse = OAuth2AuthorizationResponse
-				.success("code")
-				.state("state")
-				.redirectUri(registration.getRedirectUri())
-				.build();
+				.redirectUri(registration.getRedirectUri()).scopes(registration.getScopes()).build();
+		OAuth2AuthorizationResponse authorizationResponse = OAuth2AuthorizationResponse.success("code").state("state")
+				.redirectUri(registration.getRedirectUri()).build();
 		OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(authorizationRequest,
 				authorizationResponse);
 		return new OAuth2AuthorizationCodeGrantRequest(registration, authorizationExchange);
 	}
 
 	private MockResponse jsonResponse(String json) {
-		return new MockResponse()
-			.setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE)
-			.setBody(json);
+		return new MockResponse().setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE).setBody(json);
 	}
 
-	@Test(expected=IllegalArgumentException.class)
-	public void setWebClientNullThenIllegalArgumentException(){
+	@Test(expected = IllegalArgumentException.class)
+	public void setWebClientNullThenIllegalArgumentException() {
 		tokenResponseClient.setWebClient(null);
 	}
 
@@ -283,40 +274,35 @@ public class WebClientReactiveAuthorizationCodeTokenResponseClientTests {
 
 		tokenResponseClient.setWebClient(customClient);
 
-		String accessTokenSuccessResponse = "{\n" +
-				"	\"access_token\": \"access-token-1234\",\n" +
-				"   \"token_type\": \"bearer\",\n" +
-				"   \"expires_in\": \"3600\",\n" +
-				"   \"scope\": \"openid profile\"\n" +
-				"}\n";
+		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
+				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\",\n"
+				+ "   \"scope\": \"openid profile\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
 
 		this.clientRegistration.scope("openid", "profile", "email", "address");
 
-		OAuth2AccessTokenResponse response = this.tokenResponseClient.getTokenResponse(authorizationCodeGrantRequest()).block();
+		OAuth2AccessTokenResponse response = this.tokenResponseClient.getTokenResponse(authorizationCodeGrantRequest())
+				.block();
 
 		verify(customClient, atLeastOnce()).post();
 	}
 
 	@Test
-	public void getTokenResponseWhenOAuth2AuthorizationRequestContainsPkceParametersThenTokenRequestBodyShouldContainCodeVerifier() throws Exception {
-		String accessTokenSuccessResponse = "{\n" +
-				"	\"access_token\": \"access-token-1234\",\n" +
-				"   \"token_type\": \"bearer\",\n" +
-				"   \"expires_in\": \"3600\"\n" +
-				"}\n";
+	public void getTokenResponseWhenOAuth2AuthorizationRequestContainsPkceParametersThenTokenRequestBodyShouldContainCodeVerifier()
+			throws Exception {
+		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
+				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
 
 		this.tokenResponseClient.getTokenResponse(pkceAuthorizationCodeGrantRequest()).block();
 		String body = this.server.takeRequest().getBody().readUtf8();
 
-		assertThat(body).isEqualTo("grant_type=authorization_code&client_id=client-id&code=code&redirect_uri=%7BbaseUrl%7D%2F%7Baction%7D%2Foauth2%2Fcode%2F%7BregistrationId%7D&code_verifier=code-verifier-1234");
+		assertThat(body).isEqualTo(
+				"grant_type=authorization_code&client_id=client-id&code=code&redirect_uri=%7BbaseUrl%7D%2F%7Baction%7D%2Foauth2%2Fcode%2F%7BregistrationId%7D&code_verifier=code-verifier-1234");
 	}
 
 	private OAuth2AuthorizationCodeGrantRequest pkceAuthorizationCodeGrantRequest() {
-		ClientRegistration registration = this.clientRegistration
-				.clientAuthenticationMethod(null)
-				.clientSecret(null)
+		ClientRegistration registration = this.clientRegistration.clientAuthenticationMethod(null).clientSecret(null)
 				.build();
 
 		Map<String, Object> attributes = new HashMap<>();
@@ -326,23 +312,16 @@ public class WebClientReactiveAuthorizationCodeTokenResponseClientTests {
 		additionalParameters.put(PkceParameterNames.CODE_CHALLENGE, "code-challenge-1234");
 		additionalParameters.put(PkceParameterNames.CODE_CHALLENGE_METHOD, "S256");
 
-		OAuth2AuthorizationRequest authorizationRequest = OAuth2AuthorizationRequest
-				.authorizationCode()
-				.clientId(registration.getClientId())
-				.state("state")
+		OAuth2AuthorizationRequest authorizationRequest = OAuth2AuthorizationRequest.authorizationCode()
+				.clientId(registration.getClientId()).state("state")
 				.authorizationUri(registration.getProviderDetails().getAuthorizationUri())
-				.redirectUri(registration.getRedirectUri())
-				.scopes(registration.getScopes())
-				.attributes(attributes)
-				.additionalParameters(additionalParameters)
-				.build();
-		OAuth2AuthorizationResponse authorizationResponse = OAuth2AuthorizationResponse
-				.success("code")
-				.state("state")
-				.redirectUri(registration.getRedirectUri())
-				.build();
+				.redirectUri(registration.getRedirectUri()).scopes(registration.getScopes()).attributes(attributes)
+				.additionalParameters(additionalParameters).build();
+		OAuth2AuthorizationResponse authorizationResponse = OAuth2AuthorizationResponse.success("code").state("state")
+				.redirectUri(registration.getRedirectUri()).build();
 		OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(authorizationRequest,
 				authorizationResponse);
 		return new OAuth2AuthorizationCodeGrantRequest(registration, authorizationExchange);
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveClientCredentialsTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveClientCredentialsTokenResponseClientTests.java
index 5128f7b779..4c1f2da432 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveClientCredentialsTokenResponseClientTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveClientCredentialsTokenResponseClientTests.java
@@ -56,8 +56,7 @@ public class WebClientReactiveClientCredentialsTokenResponseClientTests {
 		this.server = new MockWebServer();
 		this.server.start();
 
-		this.clientRegistration = TestClientRegistrations
-				.clientCredentials()
+		this.clientRegistration = TestClientRegistrations.clientCredentials()
 				.tokenUri(this.server.url("/oauth2/token").uri().toASCIIString());
 	}
 
@@ -69,37 +68,29 @@ public class WebClientReactiveClientCredentialsTokenResponseClientTests {
 
 	@Test
 	public void getTokenResponseWhenHeaderThenSuccess() throws Exception {
-		enqueueJson("{\n"
-				+ "  \"access_token\":\"MTQ0NjJkZmQ5OTM2NDE1ZTZjNGZmZjI3\",\n"
-				+ "  \"token_type\":\"bearer\",\n"
-				+ "  \"expires_in\":3600,\n"
-				+ "  \"refresh_token\":\"IwOGYzYTlmM2YxOTQ5MGE3YmNmMDFkNTVk\",\n"
-				+ "  \"scope\":\"create\"\n"
-				+ "}");
-		OAuth2ClientCredentialsGrantRequest request = new OAuth2ClientCredentialsGrantRequest(this.clientRegistration
-				.build());
+		enqueueJson("{\n" + "  \"access_token\":\"MTQ0NjJkZmQ5OTM2NDE1ZTZjNGZmZjI3\",\n"
+				+ "  \"token_type\":\"bearer\",\n" + "  \"expires_in\":3600,\n"
+				+ "  \"refresh_token\":\"IwOGYzYTlmM2YxOTQ5MGE3YmNmMDFkNTVk\",\n" + "  \"scope\":\"create\"\n" + "}");
+		OAuth2ClientCredentialsGrantRequest request = new OAuth2ClientCredentialsGrantRequest(
+				this.clientRegistration.build());
 
 		OAuth2AccessTokenResponse response = this.client.getTokenResponse(request).block();
 		RecordedRequest actualRequest = this.server.takeRequest();
 		String body = actualRequest.getUtf8Body();
 
 		assertThat(response.getAccessToken()).isNotNull();
-		assertThat(actualRequest.getHeader(HttpHeaders.AUTHORIZATION)).isEqualTo("Basic Y2xpZW50LWlkOmNsaWVudC1zZWNyZXQ=");
+		assertThat(actualRequest.getHeader(HttpHeaders.AUTHORIZATION))
+				.isEqualTo("Basic Y2xpZW50LWlkOmNsaWVudC1zZWNyZXQ=");
 		assertThat(body).isEqualTo("grant_type=client_credentials&scope=read%3Auser");
 	}
 
 	@Test
 	public void getTokenResponseWhenPostThenSuccess() throws Exception {
 		ClientRegistration registration = this.clientRegistration
-				.clientAuthenticationMethod(ClientAuthenticationMethod.POST)
-				.build();
-		enqueueJson("{\n"
-				+ "  \"access_token\":\"MTQ0NjJkZmQ5OTM2NDE1ZTZjNGZmZjI3\",\n"
-				+ "  \"token_type\":\"bearer\",\n"
-				+ "  \"expires_in\":3600,\n"
-				+ "  \"refresh_token\":\"IwOGYzYTlmM2YxOTQ5MGE3YmNmMDFkNTVk\",\n"
-				+ "  \"scope\":\"create\"\n"
-				+ "}");
+				.clientAuthenticationMethod(ClientAuthenticationMethod.POST).build();
+		enqueueJson("{\n" + "  \"access_token\":\"MTQ0NjJkZmQ5OTM2NDE1ZTZjNGZmZjI3\",\n"
+				+ "  \"token_type\":\"bearer\",\n" + "  \"expires_in\":3600,\n"
+				+ "  \"refresh_token\":\"IwOGYzYTlmM2YxOTQ5MGE3YmNmMDFkNTVk\",\n" + "  \"scope\":\"create\"\n" + "}");
 
 		OAuth2ClientCredentialsGrantRequest request = new OAuth2ClientCredentialsGrantRequest(registration);
 
@@ -109,18 +100,16 @@ public class WebClientReactiveClientCredentialsTokenResponseClientTests {
 
 		assertThat(response.getAccessToken()).isNotNull();
 		assertThat(actualRequest.getHeader(HttpHeaders.AUTHORIZATION)).isNull();
-		assertThat(body).isEqualTo("grant_type=client_credentials&client_id=client-id&client_secret=client-secret&scope=read%3Auser");
+		assertThat(body).isEqualTo(
+				"grant_type=client_credentials&client_id=client-id&client_secret=client-secret&scope=read%3Auser");
 	}
 
 	@Test
 	public void getTokenResponseWhenNoScopeThenClientRegistrationScopesDefaulted() {
 		ClientRegistration registration = this.clientRegistration.build();
-		enqueueJson("{\n"
-				+ "  \"access_token\":\"MTQ0NjJkZmQ5OTM2NDE1ZTZjNGZmZjI3\",\n"
-				+ "  \"token_type\":\"bearer\",\n"
-				+ "  \"expires_in\":3600,\n"
-				+ "  \"refresh_token\":\"IwOGYzYTlmM2YxOTQ5MGE3YmNmMDFkNTVk\"\n"
-				+ "}");
+		enqueueJson("{\n" + "  \"access_token\":\"MTQ0NjJkZmQ5OTM2NDE1ZTZjNGZmZjI3\",\n"
+				+ "  \"token_type\":\"bearer\",\n" + "  \"expires_in\":3600,\n"
+				+ "  \"refresh_token\":\"IwOGYzYTlmM2YxOTQ5MGE3YmNmMDFkNTVk\"\n" + "}");
 		OAuth2ClientCredentialsGrantRequest request = new OAuth2ClientCredentialsGrantRequest(registration);
 
 		OAuth2AccessTokenResponse response = this.client.getTokenResponse(request).block();
@@ -128,8 +117,8 @@ public class WebClientReactiveClientCredentialsTokenResponseClientTests {
 		assertThat(response.getAccessToken().getScopes()).isEqualTo(registration.getScopes());
 	}
 
-	@Test(expected=IllegalArgumentException.class)
-	public void setWebClientNullThenIllegalArgumentException(){
+	@Test(expected = IllegalArgumentException.class)
+	public void setWebClientNullThenIllegalArgumentException() {
 		client.setWebClient(null);
 	}
 
@@ -140,12 +129,9 @@ public class WebClientReactiveClientCredentialsTokenResponseClientTests {
 
 		this.client.setWebClient(customClient);
 		ClientRegistration registration = this.clientRegistration.build();
-		enqueueJson("{\n"
-				+ "  \"access_token\":\"MTQ0NjJkZmQ5OTM2NDE1ZTZjNGZmZjI3\",\n"
-				+ "  \"token_type\":\"bearer\",\n"
-				+ "  \"expires_in\":3600,\n"
-				+ "  \"refresh_token\":\"IwOGYzYTlmM2YxOTQ5MGE3YmNmMDFkNTVk\"\n"
-				+ "}");
+		enqueueJson("{\n" + "  \"access_token\":\"MTQ0NjJkZmQ5OTM2NDE1ZTZjNGZmZjI3\",\n"
+				+ "  \"token_type\":\"bearer\",\n" + "  \"expires_in\":3600,\n"
+				+ "  \"refresh_token\":\"IwOGYzYTlmM2YxOTQ5MGE3YmNmMDFkNTVk\"\n" + "}");
 		OAuth2ClientCredentialsGrantRequest request = new OAuth2ClientCredentialsGrantRequest(registration);
 
 		OAuth2AccessTokenResponse response = this.client.getTokenResponse(request).block();
@@ -161,23 +147,23 @@ public class WebClientReactiveClientCredentialsTokenResponseClientTests {
 		OAuth2ClientCredentialsGrantRequest request = new OAuth2ClientCredentialsGrantRequest(registration);
 
 		assertThatThrownBy(() -> this.client.getTokenResponse(request).block())
-				.isInstanceOfSatisfying(OAuth2AuthorizationException.class, e -> assertThat(e.getError().getErrorCode()).isEqualTo("invalid_token_response"))
+				.isInstanceOfSatisfying(OAuth2AuthorizationException.class,
+						e -> assertThat(e.getError().getErrorCode()).isEqualTo("invalid_token_response"))
 				.hasMessageContaining("[invalid_token_response]")
 				.hasMessageContaining("Empty OAuth 2.0 Access Token Response");
 
 	}
 
-	private void enqueueUnexpectedResponse(){
-		MockResponse response = new MockResponse()
-				.setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE)
+	private void enqueueUnexpectedResponse() {
+		MockResponse response = new MockResponse().setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE)
 				.setResponseCode(301);
 		this.server.enqueue(response);
 	}
 
 	private void enqueueJson(String body) {
-		MockResponse response = new MockResponse()
-				.setBody(body)
-				.setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE);
+		MockResponse response = new MockResponse().setBody(body).setHeader(HttpHeaders.CONTENT_TYPE,
+				MediaType.APPLICATION_JSON_VALUE);
 		this.server.enqueue(response);
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactivePasswordTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactivePasswordTokenResponseClientTests.java
index 2cef538c1e..12001a2f47 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactivePasswordTokenResponseClientTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactivePasswordTokenResponseClientTests.java
@@ -42,10 +42,15 @@ import static org.assertj.core.api.Assertions.assertThatThrownBy;
  * @author Joe Grandja
  */
 public class WebClientReactivePasswordTokenResponseClientTests {
+
 	private WebClientReactivePasswordTokenResponseClient tokenResponseClient = new WebClientReactivePasswordTokenResponseClient();
+
 	private ClientRegistration.Builder clientRegistrationBuilder;
+
 	private String username = "user1";
+
 	private String password = "password";
+
 	private MockWebServer server;
 
 	@Before
@@ -75,27 +80,26 @@ public class WebClientReactivePasswordTokenResponseClientTests {
 
 	@Test
 	public void getTokenResponseWhenSuccessResponseThenReturnAccessTokenResponse() throws Exception {
-		String accessTokenSuccessResponse = "{\n" +
-				"	\"access_token\": \"access-token-1234\",\n" +
-				"   \"token_type\": \"bearer\",\n" +
-				"   \"expires_in\": \"3600\"\n" +
-				"}\n";
+		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
+				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
 
 		Instant expiresAtBefore = Instant.now().plusSeconds(3600);
 
 		ClientRegistration clientRegistration = this.clientRegistrationBuilder.build();
-		OAuth2PasswordGrantRequest passwordGrantRequest = new OAuth2PasswordGrantRequest(
-				clientRegistration, this.username, this.password);
+		OAuth2PasswordGrantRequest passwordGrantRequest = new OAuth2PasswordGrantRequest(clientRegistration,
+				this.username, this.password);
 
-		OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient.getTokenResponse(passwordGrantRequest).block();
+		OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient.getTokenResponse(passwordGrantRequest)
+				.block();
 
 		Instant expiresAtAfter = Instant.now().plusSeconds(3600);
 
 		RecordedRequest recordedRequest = this.server.takeRequest();
 		assertThat(recordedRequest.getMethod()).isEqualTo(HttpMethod.POST.toString());
 		assertThat(recordedRequest.getHeader(HttpHeaders.ACCEPT)).isEqualTo(MediaType.APPLICATION_JSON_VALUE);
-		assertThat(recordedRequest.getHeader(HttpHeaders.CONTENT_TYPE)).isEqualTo(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8");
+		assertThat(recordedRequest.getHeader(HttpHeaders.CONTENT_TYPE))
+				.isEqualTo(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8");
 
 		String formParameters = recordedRequest.getBody().readUtf8();
 		assertThat(formParameters).contains("grant_type=password");
@@ -106,24 +110,21 @@ public class WebClientReactivePasswordTokenResponseClientTests {
 		assertThat(accessTokenResponse.getAccessToken().getTokenValue()).isEqualTo("access-token-1234");
 		assertThat(accessTokenResponse.getAccessToken().getTokenType()).isEqualTo(OAuth2AccessToken.TokenType.BEARER);
 		assertThat(accessTokenResponse.getAccessToken().getExpiresAt()).isBetween(expiresAtBefore, expiresAtAfter);
-		assertThat(accessTokenResponse.getAccessToken().getScopes()).containsExactly(clientRegistration.getScopes().toArray(new String[0]));
+		assertThat(accessTokenResponse.getAccessToken().getScopes())
+				.containsExactly(clientRegistration.getScopes().toArray(new String[0]));
 		assertThat(accessTokenResponse.getRefreshToken()).isNull();
 	}
 
 	@Test
 	public void getTokenResponseWhenClientAuthenticationPostThenFormParametersAreSent() throws Exception {
-		String accessTokenSuccessResponse = "{\n" +
-				"	\"access_token\": \"access-token-1234\",\n" +
-				"   \"token_type\": \"bearer\",\n" +
-				"   \"expires_in\": \"3600\"\n" +
-				"}\n";
+		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
+				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
 
 		ClientRegistration clientRegistration = this.clientRegistrationBuilder
-				.clientAuthenticationMethod(ClientAuthenticationMethod.POST)
-				.build();
-		OAuth2PasswordGrantRequest passwordGrantRequest = new OAuth2PasswordGrantRequest(
-				clientRegistration, this.username, this.password);
+				.clientAuthenticationMethod(ClientAuthenticationMethod.POST).build();
+		OAuth2PasswordGrantRequest passwordGrantRequest = new OAuth2PasswordGrantRequest(clientRegistration,
+				this.username, this.password);
 
 		this.tokenResponseClient.getTokenResponse(passwordGrantRequest).block();
 
@@ -137,18 +138,16 @@ public class WebClientReactivePasswordTokenResponseClientTests {
 
 	@Test
 	public void getTokenResponseWhenSuccessResponseAndNotBearerTokenTypeThenThrowOAuth2AuthorizationException() {
-		String accessTokenSuccessResponse = "{\n" +
-				"	\"access_token\": \"access-token-1234\",\n" +
-				"   \"token_type\": \"not-bearer\",\n" +
-				"   \"expires_in\": \"3600\"\n" +
-				"}\n";
+		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
+				+ "   \"token_type\": \"not-bearer\",\n" + "   \"expires_in\": \"3600\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
 
 		OAuth2PasswordGrantRequest passwordGrantRequest = new OAuth2PasswordGrantRequest(
 				this.clientRegistrationBuilder.build(), this.username, this.password);
 
 		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(passwordGrantRequest).block())
-				.isInstanceOfSatisfying(OAuth2AuthorizationException.class, e -> assertThat(e.getError().getErrorCode()).isEqualTo("invalid_token_response"))
+				.isInstanceOfSatisfying(OAuth2AuthorizationException.class,
+						e -> assertThat(e.getError().getErrorCode()).isEqualTo("invalid_token_response"))
 				.hasMessageContaining("[invalid_token_response]")
 				.hasMessageContaining("An error occurred parsing the Access Token response")
 				.hasCauseInstanceOf(Throwable.class);
@@ -156,18 +155,16 @@ public class WebClientReactivePasswordTokenResponseClientTests {
 
 	@Test
 	public void getTokenResponseWhenSuccessResponseIncludesScopeThenAccessTokenHasResponseScope() throws Exception {
-		String accessTokenSuccessResponse = "{\n" +
-				"	\"access_token\": \"access-token-1234\",\n" +
-				"   \"token_type\": \"bearer\",\n" +
-				"   \"expires_in\": \"3600\",\n" +
-				"   \"scope\": \"read\"\n" +
-				"}\n";
+		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
+				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\",\n" + "   \"scope\": \"read\"\n"
+				+ "}\n";
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
 
 		OAuth2PasswordGrantRequest passwordGrantRequest = new OAuth2PasswordGrantRequest(
 				this.clientRegistrationBuilder.build(), this.username, this.password);
 
-		OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient.getTokenResponse(passwordGrantRequest).block();
+		OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient.getTokenResponse(passwordGrantRequest)
+				.block();
 
 		RecordedRequest recordedRequest = this.server.takeRequest();
 		String formParameters = recordedRequest.getBody().readUtf8();
@@ -178,16 +175,15 @@ public class WebClientReactivePasswordTokenResponseClientTests {
 
 	@Test
 	public void getTokenResponseWhenErrorResponseThenThrowOAuth2AuthorizationException() {
-		String accessTokenErrorResponse = "{\n" +
-				"   \"error\": \"unauthorized_client\"\n" +
-				"}\n";
+		String accessTokenErrorResponse = "{\n" + "   \"error\": \"unauthorized_client\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(accessTokenErrorResponse).setResponseCode(400));
 
 		OAuth2PasswordGrantRequest passwordGrantRequest = new OAuth2PasswordGrantRequest(
 				this.clientRegistrationBuilder.build(), this.username, this.password);
 
 		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(passwordGrantRequest).block())
-				.isInstanceOfSatisfying(OAuth2AuthorizationException.class, e -> assertThat(e.getError().getErrorCode()).isEqualTo("unauthorized_client"))
+				.isInstanceOfSatisfying(OAuth2AuthorizationException.class,
+						e -> assertThat(e.getError().getErrorCode()).isEqualTo("unauthorized_client"))
 				.hasMessageContaining("[unauthorized_client]");
 	}
 
@@ -199,14 +195,14 @@ public class WebClientReactivePasswordTokenResponseClientTests {
 				this.clientRegistrationBuilder.build(), this.username, this.password);
 
 		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(passwordGrantRequest).block())
-				.isInstanceOfSatisfying(OAuth2AuthorizationException.class, e -> assertThat(e.getError().getErrorCode()).isEqualTo("invalid_token_response"))
+				.isInstanceOfSatisfying(OAuth2AuthorizationException.class,
+						e -> assertThat(e.getError().getErrorCode()).isEqualTo("invalid_token_response"))
 				.hasMessageContaining("[invalid_token_response]")
 				.hasMessageContaining("Empty OAuth 2.0 Access Token Response");
 	}
 
 	private MockResponse jsonResponse(String json) {
-		return new MockResponse()
-				.setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE)
-				.setBody(json);
+		return new MockResponse().setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE).setBody(json);
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveRefreshTokenTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveRefreshTokenTokenResponseClientTests.java
index 272e175b9e..3c461eeb9b 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveRefreshTokenTokenResponseClientTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveRefreshTokenTokenResponseClientTests.java
@@ -46,10 +46,15 @@ import static org.assertj.core.api.Assertions.assertThatThrownBy;
  * @author Joe Grandja
  */
 public class WebClientReactiveRefreshTokenTokenResponseClientTests {
+
 	private WebClientReactiveRefreshTokenTokenResponseClient tokenResponseClient = new WebClientReactiveRefreshTokenTokenResponseClient();
+
 	private ClientRegistration.Builder clientRegistrationBuilder;
+
 	private OAuth2AccessToken accessToken;
+
 	private OAuth2RefreshToken refreshToken;
+
 	private MockWebServer server;
 
 	@Before
@@ -81,11 +86,8 @@ public class WebClientReactiveRefreshTokenTokenResponseClientTests {
 
 	@Test
 	public void getTokenResponseWhenSuccessResponseThenReturnAccessTokenResponse() throws Exception {
-		String accessTokenSuccessResponse = "{\n" +
-				"	\"access_token\": \"access-token-1234\",\n" +
-				"   \"token_type\": \"bearer\",\n" +
-				"   \"expires_in\": \"3600\"\n" +
-				"}\n";
+		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
+				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
 
 		Instant expiresAtBefore = Instant.now().plusSeconds(3600);
@@ -93,14 +95,16 @@ public class WebClientReactiveRefreshTokenTokenResponseClientTests {
 		OAuth2RefreshTokenGrantRequest refreshTokenGrantRequest = new OAuth2RefreshTokenGrantRequest(
 				this.clientRegistrationBuilder.build(), this.accessToken, this.refreshToken);
 
-		OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient.getTokenResponse(refreshTokenGrantRequest).block();
+		OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient
+				.getTokenResponse(refreshTokenGrantRequest).block();
 
 		Instant expiresAtAfter = Instant.now().plusSeconds(3600);
 
 		RecordedRequest recordedRequest = this.server.takeRequest();
 		assertThat(recordedRequest.getMethod()).isEqualTo(HttpMethod.POST.toString());
 		assertThat(recordedRequest.getHeader(HttpHeaders.ACCEPT)).isEqualTo(MediaType.APPLICATION_JSON_VALUE);
-		assertThat(recordedRequest.getHeader(HttpHeaders.CONTENT_TYPE)).isEqualTo(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8");
+		assertThat(recordedRequest.getHeader(HttpHeaders.CONTENT_TYPE))
+				.isEqualTo(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8");
 		assertThat(recordedRequest.getHeader(HttpHeaders.AUTHORIZATION)).startsWith("Basic ");
 
 		String formParameters = recordedRequest.getBody().readUtf8();
@@ -110,25 +114,22 @@ public class WebClientReactiveRefreshTokenTokenResponseClientTests {
 		assertThat(accessTokenResponse.getAccessToken().getTokenValue()).isEqualTo("access-token-1234");
 		assertThat(accessTokenResponse.getAccessToken().getTokenType()).isEqualTo(OAuth2AccessToken.TokenType.BEARER);
 		assertThat(accessTokenResponse.getAccessToken().getExpiresAt()).isBetween(expiresAtBefore, expiresAtAfter);
-		assertThat(accessTokenResponse.getAccessToken().getScopes()).containsExactly(this.accessToken.getScopes().toArray(new String[0]));
+		assertThat(accessTokenResponse.getAccessToken().getScopes())
+				.containsExactly(this.accessToken.getScopes().toArray(new String[0]));
 		assertThat(accessTokenResponse.getRefreshToken().getTokenValue()).isEqualTo(this.refreshToken.getTokenValue());
 	}
 
 	@Test
 	public void getTokenResponseWhenClientAuthenticationPostThenFormParametersAreSent() throws Exception {
-		String accessTokenSuccessResponse = "{\n" +
-				"	\"access_token\": \"access-token-1234\",\n" +
-				"   \"token_type\": \"bearer\",\n" +
-				"   \"expires_in\": \"3600\"\n" +
-				"}\n";
+		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
+				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
 
 		ClientRegistration clientRegistration = this.clientRegistrationBuilder
-				.clientAuthenticationMethod(ClientAuthenticationMethod.POST)
-				.build();
+				.clientAuthenticationMethod(ClientAuthenticationMethod.POST).build();
 
-		OAuth2RefreshTokenGrantRequest refreshTokenGrantRequest = new OAuth2RefreshTokenGrantRequest(
-				clientRegistration, this.accessToken, this.refreshToken);
+		OAuth2RefreshTokenGrantRequest refreshTokenGrantRequest = new OAuth2RefreshTokenGrantRequest(clientRegistration,
+				this.accessToken, this.refreshToken);
 
 		this.tokenResponseClient.getTokenResponse(refreshTokenGrantRequest).block();
 
@@ -142,37 +143,32 @@ public class WebClientReactiveRefreshTokenTokenResponseClientTests {
 
 	@Test
 	public void getTokenResponseWhenSuccessResponseAndNotBearerTokenTypeThenThrowOAuth2AuthorizationException() {
-		String accessTokenSuccessResponse = "{\n" +
-				"	\"access_token\": \"access-token-1234\",\n" +
-				"   \"token_type\": \"not-bearer\",\n" +
-				"   \"expires_in\": \"3600\"\n" +
-				"}\n";
+		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
+				+ "   \"token_type\": \"not-bearer\",\n" + "   \"expires_in\": \"3600\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
 
 		OAuth2RefreshTokenGrantRequest refreshTokenGrantRequest = new OAuth2RefreshTokenGrantRequest(
 				this.clientRegistrationBuilder.build(), this.accessToken, this.refreshToken);
 
 		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(refreshTokenGrantRequest).block())
-				.isInstanceOf(OAuth2AuthorizationException.class)
-				.hasMessageContaining("[invalid_token_response]")
+				.isInstanceOf(OAuth2AuthorizationException.class).hasMessageContaining("[invalid_token_response]")
 				.hasMessageContaining("An error occurred parsing the Access Token response")
 				.hasCauseInstanceOf(Throwable.class);
 	}
 
 	@Test
 	public void getTokenResponseWhenSuccessResponseIncludesScopeThenAccessTokenHasResponseScope() throws Exception {
-		String accessTokenSuccessResponse = "{\n" +
-				"	\"access_token\": \"access-token-1234\",\n" +
-				"   \"token_type\": \"bearer\",\n" +
-				"   \"expires_in\": \"3600\",\n" +
-				"   \"scope\": \"read\"\n" +
-				"}\n";
+		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
+				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\",\n" + "   \"scope\": \"read\"\n"
+				+ "}\n";
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
 
 		OAuth2RefreshTokenGrantRequest refreshTokenGrantRequest = new OAuth2RefreshTokenGrantRequest(
-				this.clientRegistrationBuilder.build(), this.accessToken, this.refreshToken, Collections.singleton("read"));
+				this.clientRegistrationBuilder.build(), this.accessToken, this.refreshToken,
+				Collections.singleton("read"));
 
-		OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient.getTokenResponse(refreshTokenGrantRequest).block();
+		OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient
+				.getTokenResponse(refreshTokenGrantRequest).block();
 
 		RecordedRequest recordedRequest = this.server.takeRequest();
 		String formParameters = recordedRequest.getBody().readUtf8();
@@ -183,16 +179,15 @@ public class WebClientReactiveRefreshTokenTokenResponseClientTests {
 
 	@Test
 	public void getTokenResponseWhenErrorResponseThenThrowOAuth2AuthorizationException() {
-		String accessTokenErrorResponse = "{\n" +
-				"   \"error\": \"unauthorized_client\"\n" +
-				"}\n";
+		String accessTokenErrorResponse = "{\n" + "   \"error\": \"unauthorized_client\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(accessTokenErrorResponse).setResponseCode(400));
 
 		OAuth2RefreshTokenGrantRequest refreshTokenGrantRequest = new OAuth2RefreshTokenGrantRequest(
 				this.clientRegistrationBuilder.build(), this.accessToken, this.refreshToken);
 
 		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(refreshTokenGrantRequest).block())
-				.isInstanceOfSatisfying(OAuth2AuthorizationException.class, e -> assertThat(e.getError().getErrorCode()).isEqualTo("unauthorized_client"))
+				.isInstanceOfSatisfying(OAuth2AuthorizationException.class,
+						e -> assertThat(e.getError().getErrorCode()).isEqualTo("unauthorized_client"))
 				.hasMessageContaining("[unauthorized_client]");
 	}
 
@@ -204,14 +199,14 @@ public class WebClientReactiveRefreshTokenTokenResponseClientTests {
 				this.clientRegistrationBuilder.build(), this.accessToken, this.refreshToken);
 
 		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(refreshTokenGrantRequest).block())
-				.isInstanceOfSatisfying(OAuth2AuthorizationException.class, e -> assertThat(e.getError().getErrorCode()).isEqualTo("invalid_token_response"))
+				.isInstanceOfSatisfying(OAuth2AuthorizationException.class,
+						e -> assertThat(e.getError().getErrorCode()).isEqualTo("invalid_token_response"))
 				.hasMessageContaining("[invalid_token_response]")
 				.hasMessageContaining("Empty OAuth 2.0 Access Token Response");
 	}
 
 	private MockResponse jsonResponse(String json) {
-		return new MockResponse()
-				.setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE)
-				.setBody(json);
+		return new MockResponse().setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE).setBody(json);
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/http/OAuth2ErrorResponseErrorHandlerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/http/OAuth2ErrorResponseErrorHandlerTests.java
index 98e2b72bb2..1652e8a9fc 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/http/OAuth2ErrorResponseErrorHandlerTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/http/OAuth2ErrorResponseErrorHandlerTests.java
@@ -29,17 +29,15 @@ import static org.assertj.core.api.Assertions.assertThatThrownBy;
  * @author Joe Grandja
  */
 public class OAuth2ErrorResponseErrorHandlerTests {
+
 	private OAuth2ErrorResponseErrorHandler errorHandler = new OAuth2ErrorResponseErrorHandler();
 
 	@Test
 	public void handleErrorWhenErrorResponseBodyThenHandled() {
-		String errorResponse = "{\n" +
-				"	\"error\": \"unauthorized_client\",\n" +
-				"   \"error_description\": \"The client is not authorized\"\n" +
-				"}\n";
+		String errorResponse = "{\n" + "	\"error\": \"unauthorized_client\",\n"
+				+ "   \"error_description\": \"The client is not authorized\"\n" + "}\n";
 
-		MockClientHttpResponse response = new MockClientHttpResponse(
-				errorResponse.getBytes(), HttpStatus.BAD_REQUEST);
+		MockClientHttpResponse response = new MockClientHttpResponse(errorResponse.getBytes(), HttpStatus.BAD_REQUEST);
 
 		assertThatThrownBy(() -> this.errorHandler.handleError(response))
 				.isInstanceOf(OAuth2AuthorizationException.class)
@@ -50,12 +48,12 @@ public class OAuth2ErrorResponseErrorHandlerTests {
 	public void handleErrorWhenErrorResponseWwwAuthenticateHeaderThenHandled() {
 		String wwwAuthenticateHeader = "Bearer realm=\"auth-realm\" error=\"insufficient_scope\" error_description=\"The access token expired\"";
 
-		MockClientHttpResponse response = new MockClientHttpResponse(
-				new byte[0], HttpStatus.BAD_REQUEST);
+		MockClientHttpResponse response = new MockClientHttpResponse(new byte[0], HttpStatus.BAD_REQUEST);
 		response.getHeaders().add(HttpHeaders.WWW_AUTHENTICATE, wwwAuthenticateHeader);
 
 		assertThatThrownBy(() -> this.errorHandler.handleError(response))
 				.isInstanceOf(OAuth2AuthorizationException.class)
 				.hasMessage("[insufficient_scope] The access token expired");
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationExceptionMixinTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationExceptionMixinTests.java
index 537c90026d..574cf4c566 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationExceptionMixinTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationExceptionMixinTests.java
@@ -46,11 +46,9 @@ public class OAuth2AuthenticationExceptionMixinTests {
 
 	@Test
 	public void serializeWhenMixinRegisteredThenSerializes() throws Exception {
-		OAuth2AuthenticationException exception = new OAuth2AuthenticationException(new OAuth2Error(
-				"[authorization_request_not_found]",
-				"Authorization Request Not Found",
-				"/foo/bar"
-		), "Authorization Request Not Found");
+		OAuth2AuthenticationException exception = new OAuth2AuthenticationException(
+				new OAuth2Error("[authorization_request_not_found]", "Authorization Request Not Found", "/foo/bar"),
+				"Authorization Request Not Found");
 
 		String serializedJson = this.mapper.writeValueAsString(exception);
 		String expected = asJson(exception);
@@ -60,8 +58,7 @@ public class OAuth2AuthenticationExceptionMixinTests {
 	@Test
 	public void serializeWhenRequiredAttributesOnlyThenSerializes() throws Exception {
 		OAuth2AuthenticationException exception = new OAuth2AuthenticationException(
-				new OAuth2Error("[authorization_request_not_found]")
-		);
+				new OAuth2Error("[authorization_request_not_found]"));
 
 		String serializedJson = this.mapper.writeValueAsString(exception);
 		String expected = asJson(exception);
@@ -70,22 +67,19 @@ public class OAuth2AuthenticationExceptionMixinTests {
 
 	@Test
 	public void deserializeWhenMixinNotRegisteredThenThrowJsonProcessingException() {
-		String json = asJson(new OAuth2AuthenticationException(
-				new OAuth2Error("[authorization_request_not_found]")
-		));
+		String json = asJson(new OAuth2AuthenticationException(new OAuth2Error("[authorization_request_not_found]")));
 		assertThatThrownBy(() -> new ObjectMapper().readValue(json, OAuth2AuthenticationException.class))
 				.isInstanceOf(JsonProcessingException.class);
 	}
 
 	@Test
 	public void deserializeWhenMixinRegisteredThenDeserializes() throws Exception {
-		OAuth2AuthenticationException expected = new OAuth2AuthenticationException(new OAuth2Error(
-				"[authorization_request_not_found]",
-				"Authorization Request Not Found",
-				"/foo/bar"
-		), "Authorization Request Not Found");
+		OAuth2AuthenticationException expected = new OAuth2AuthenticationException(
+				new OAuth2Error("[authorization_request_not_found]", "Authorization Request Not Found", "/foo/bar"),
+				"Authorization Request Not Found");
 
-		OAuth2AuthenticationException exception = this.mapper.readValue(asJson(expected), OAuth2AuthenticationException.class);
+		OAuth2AuthenticationException exception = this.mapper.readValue(asJson(expected),
+				OAuth2AuthenticationException.class);
 		assertThat(exception).isNotNull();
 		assertThat(exception.getCause()).isNull();
 		assertThat(exception.getMessage()).isEqualTo(expected.getMessage());
@@ -100,10 +94,10 @@ public class OAuth2AuthenticationExceptionMixinTests {
 	@Test
 	public void deserializeWhenRequiredAttributesOnlyThenDeserializes() throws Exception {
 		OAuth2AuthenticationException expected = new OAuth2AuthenticationException(
-				new OAuth2Error("[authorization_request_not_found]")
-		);
+				new OAuth2Error("[authorization_request_not_found]"));
 
-		OAuth2AuthenticationException exception = this.mapper.readValue(asJson(expected), OAuth2AuthenticationException.class);
+		OAuth2AuthenticationException exception = this.mapper.readValue(asJson(expected),
+				OAuth2AuthenticationException.class);
 		assertThat(exception).isNotNull();
 		assertThat(exception.getCause()).isNull();
 		assertThat(exception.getMessage()).isNull();
@@ -133,8 +127,7 @@ public class OAuth2AuthenticationExceptionMixinTests {
 	}
 
 	private String jsonStringOrNull(String input) {
-		return input != null
-				? "\"" + input + "\""
-				: "null";
+		return input != null ? "\"" + input + "\"" : "null";
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationTokenMixinTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationTokenMixinTests.java
index 8ac3721ecc..88154d9a96 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationTokenMixinTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationTokenMixinTests.java
@@ -54,6 +54,7 @@ import static org.springframework.security.oauth2.core.oidc.StandardClaimNames.N
  * @author Joe Grandja
  */
 public class OAuth2AuthenticationTokenMixinTests {
+
 	private ObjectMapper mapper;
 
 	@Before
@@ -82,8 +83,8 @@ public class OAuth2AuthenticationTokenMixinTests {
 	public void serializeWhenRequiredAttributesOnlyThenSerializes() throws Exception {
 		DefaultOidcUser principal = TestOidcUsers.create();
 		principal = new DefaultOidcUser(principal.getAuthorities(), principal.getIdToken());
-		OAuth2AuthenticationToken authentication = new OAuth2AuthenticationToken(
-				principal, Collections.emptyList(), "registration-id");
+		OAuth2AuthenticationToken authentication = new OAuth2AuthenticationToken(principal, Collections.emptyList(),
+				"registration-id");
 		String expectedJson = asJson(authentication);
 		String json = this.mapper.writeValueAsString(authentication);
 		JSONAssert.assertEquals(expectedJson, json, true);
@@ -103,95 +104,72 @@ public class OAuth2AuthenticationTokenMixinTests {
 		OAuth2AuthenticationToken expectedAuthentication = TestOAuth2AuthenticationTokens.oidcAuthenticated();
 		String json = asJson(expectedAuthentication);
 		OAuth2AuthenticationToken authentication = this.mapper.readValue(json, OAuth2AuthenticationToken.class);
-		assertThat(authentication.getAuthorities())
-				.containsExactlyElementsOf(expectedAuthentication.getAuthorities());
-		assertThat(authentication.getDetails())
-				.isEqualTo(expectedAuthentication.getDetails());
-		assertThat(authentication.isAuthenticated())
-				.isEqualTo(expectedAuthentication.isAuthenticated());
+		assertThat(authentication.getAuthorities()).containsExactlyElementsOf(expectedAuthentication.getAuthorities());
+		assertThat(authentication.getDetails()).isEqualTo(expectedAuthentication.getDetails());
+		assertThat(authentication.isAuthenticated()).isEqualTo(expectedAuthentication.isAuthenticated());
 		assertThat(authentication.getAuthorizedClientRegistrationId())
 				.isEqualTo(expectedAuthentication.getAuthorizedClientRegistrationId());
 		DefaultOidcUser expectedOidcUser = (DefaultOidcUser) expectedAuthentication.getPrincipal();
 		DefaultOidcUser oidcUser = (DefaultOidcUser) authentication.getPrincipal();
 		assertThat(oidcUser.getAuthorities().containsAll(expectedOidcUser.getAuthorities())).isTrue();
-		assertThat(oidcUser.getAttributes())
-				.containsExactlyEntriesOf(expectedOidcUser.getAttributes());
-		assertThat(oidcUser.getName())
-				.isEqualTo(expectedOidcUser.getName());
+		assertThat(oidcUser.getAttributes()).containsExactlyEntriesOf(expectedOidcUser.getAttributes());
+		assertThat(oidcUser.getName()).isEqualTo(expectedOidcUser.getName());
 		OidcIdToken expectedIdToken = expectedOidcUser.getIdToken();
 		OidcIdToken idToken = oidcUser.getIdToken();
-		assertThat(idToken.getTokenValue())
-				.isEqualTo(expectedIdToken.getTokenValue());
-		assertThat(idToken.getIssuedAt())
-				.isEqualTo(expectedIdToken.getIssuedAt());
-		assertThat(idToken.getExpiresAt())
-				.isEqualTo(expectedIdToken.getExpiresAt());
-		assertThat(idToken.getClaims())
-				.containsExactlyEntriesOf(expectedIdToken.getClaims());
+		assertThat(idToken.getTokenValue()).isEqualTo(expectedIdToken.getTokenValue());
+		assertThat(idToken.getIssuedAt()).isEqualTo(expectedIdToken.getIssuedAt());
+		assertThat(idToken.getExpiresAt()).isEqualTo(expectedIdToken.getExpiresAt());
+		assertThat(idToken.getClaims()).containsExactlyEntriesOf(expectedIdToken.getClaims());
 		OidcUserInfo expectedUserInfo = expectedOidcUser.getUserInfo();
 		OidcUserInfo userInfo = oidcUser.getUserInfo();
-		assertThat(userInfo.getClaims())
-				.containsExactlyEntriesOf(expectedUserInfo.getClaims());
+		assertThat(userInfo.getClaims()).containsExactlyEntriesOf(expectedUserInfo.getClaims());
 
 		// OAuth2User
 		expectedAuthentication = TestOAuth2AuthenticationTokens.authenticated();
 		json = asJson(expectedAuthentication);
 		authentication = this.mapper.readValue(json, OAuth2AuthenticationToken.class);
-		assertThat(authentication.getAuthorities())
-				.containsExactlyElementsOf(expectedAuthentication.getAuthorities());
-		assertThat(authentication.getDetails())
-				.isEqualTo(expectedAuthentication.getDetails());
-		assertThat(authentication.isAuthenticated())
-				.isEqualTo(expectedAuthentication.isAuthenticated());
+		assertThat(authentication.getAuthorities()).containsExactlyElementsOf(expectedAuthentication.getAuthorities());
+		assertThat(authentication.getDetails()).isEqualTo(expectedAuthentication.getDetails());
+		assertThat(authentication.isAuthenticated()).isEqualTo(expectedAuthentication.isAuthenticated());
 		assertThat(authentication.getAuthorizedClientRegistrationId())
 				.isEqualTo(expectedAuthentication.getAuthorizedClientRegistrationId());
 		DefaultOAuth2User expectedOauth2User = (DefaultOAuth2User) expectedAuthentication.getPrincipal();
 		DefaultOAuth2User oauth2User = (DefaultOAuth2User) authentication.getPrincipal();
 		assertThat(oauth2User.getAuthorities().containsAll(expectedOauth2User.getAuthorities())).isTrue();
-		assertThat(oauth2User.getAttributes())
-				.containsExactlyEntriesOf(expectedOauth2User.getAttributes());
-		assertThat(oauth2User.getName())
-				.isEqualTo(expectedOauth2User.getName());
+		assertThat(oauth2User.getAttributes()).containsExactlyEntriesOf(expectedOauth2User.getAttributes());
+		assertThat(oauth2User.getName()).isEqualTo(expectedOauth2User.getName());
 	}
 
 	@Test
 	public void deserializeWhenRequiredAttributesOnlyThenDeserializes() throws Exception {
 		DefaultOidcUser expectedPrincipal = TestOidcUsers.create();
 		expectedPrincipal = new DefaultOidcUser(expectedPrincipal.getAuthorities(), expectedPrincipal.getIdToken());
-		OAuth2AuthenticationToken expectedAuthentication = new OAuth2AuthenticationToken(
-				expectedPrincipal, Collections.emptyList(), "registration-id");
+		OAuth2AuthenticationToken expectedAuthentication = new OAuth2AuthenticationToken(expectedPrincipal,
+				Collections.emptyList(), "registration-id");
 		String json = asJson(expectedAuthentication);
 		OAuth2AuthenticationToken authentication = this.mapper.readValue(json, OAuth2AuthenticationToken.class);
 		assertThat(authentication.getAuthorities()).isEmpty();
-		assertThat(authentication.getDetails())
-				.isEqualTo(expectedAuthentication.getDetails());
-		assertThat(authentication.isAuthenticated())
-				.isEqualTo(expectedAuthentication.isAuthenticated());
+		assertThat(authentication.getDetails()).isEqualTo(expectedAuthentication.getDetails());
+		assertThat(authentication.isAuthenticated()).isEqualTo(expectedAuthentication.isAuthenticated());
 		assertThat(authentication.getAuthorizedClientRegistrationId())
 				.isEqualTo(expectedAuthentication.getAuthorizedClientRegistrationId());
 		DefaultOidcUser principal = (DefaultOidcUser) authentication.getPrincipal();
 		assertThat(principal.getAuthorities().containsAll(expectedPrincipal.getAuthorities())).isTrue();
-		assertThat(principal.getAttributes())
-				.containsExactlyEntriesOf(expectedPrincipal.getAttributes());
-		assertThat(principal.getName())
-				.isEqualTo(expectedPrincipal.getName());
+		assertThat(principal.getAttributes()).containsExactlyEntriesOf(expectedPrincipal.getAttributes());
+		assertThat(principal.getName()).isEqualTo(expectedPrincipal.getName());
 		OidcIdToken expectedIdToken = expectedPrincipal.getIdToken();
 		OidcIdToken idToken = principal.getIdToken();
-		assertThat(idToken.getTokenValue())
-				.isEqualTo(expectedIdToken.getTokenValue());
-		assertThat(idToken.getIssuedAt())
-				.isEqualTo(expectedIdToken.getIssuedAt());
-		assertThat(idToken.getExpiresAt())
-				.isEqualTo(expectedIdToken.getExpiresAt());
-		assertThat(idToken.getClaims())
-				.containsExactlyEntriesOf(expectedIdToken.getClaims());
+		assertThat(idToken.getTokenValue()).isEqualTo(expectedIdToken.getTokenValue());
+		assertThat(idToken.getIssuedAt()).isEqualTo(expectedIdToken.getIssuedAt());
+		assertThat(idToken.getExpiresAt()).isEqualTo(expectedIdToken.getExpiresAt());
+		assertThat(idToken.getClaims()).containsExactlyEntriesOf(expectedIdToken.getClaims());
 		assertThat(principal.getUserInfo()).isNull();
 	}
 
 	private static String asJson(OAuth2AuthenticationToken authentication) {
-		String principalJson = authentication.getPrincipal() instanceof DefaultOidcUser ?
-				asJson((DefaultOidcUser) authentication.getPrincipal()) :
-				asJson((DefaultOAuth2User) authentication.getPrincipal());
+		String principalJson = authentication.getPrincipal() instanceof DefaultOidcUser
+				? asJson((DefaultOidcUser) authentication.getPrincipal())
+				: asJson((DefaultOAuth2User) authentication.getPrincipal());
 		// @formatter:off
 		return "{\n" +
 				"  \"@class\": \"org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken\",\n" +
@@ -236,17 +214,16 @@ public class OAuth2AuthenticationTokenMixinTests {
 		for (GrantedAuthority authority : authorities) {
 			if (authority instanceof OidcUserAuthority) {
 				oidcUserAuthority = (OidcUserAuthority) authority;
-			} else if (authority instanceof OAuth2UserAuthority) {
+			}
+			else if (authority instanceof OAuth2UserAuthority) {
 				oauth2UserAuthority = (OAuth2UserAuthority) authority;
-			} else if (authority instanceof SimpleGrantedAuthority) {
+			}
+			else if (authority instanceof SimpleGrantedAuthority) {
 				simpleAuthorities.add((SimpleGrantedAuthority) authority);
 			}
 		}
-		String authoritiesJson = oidcUserAuthority != null ?
-				asJson(oidcUserAuthority) :
-				oauth2UserAuthority != null ?
-						asJson(oauth2UserAuthority) :
-						"";
+		String authoritiesJson = oidcUserAuthority != null ? asJson(oidcUserAuthority)
+				: oauth2UserAuthority != null ? asJson(oauth2UserAuthority) : "";
 		if (!simpleAuthorities.isEmpty()) {
 			if (!StringUtils.isEmpty(authoritiesJson)) {
 				authoritiesJson += ",";
@@ -351,4 +328,5 @@ public class OAuth2AuthenticationTokenMixinTests {
 		}
 		return DecimalUtils.toBigDecimal(instant.getEpochSecond(), instant.getNano()).toString();
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizationRequestMixinTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizationRequestMixinTests.java
index 2630efeabc..32bd7413db 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizationRequestMixinTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizationRequestMixinTests.java
@@ -40,7 +40,9 @@ import static org.assertj.core.api.Assertions.assertThatThrownBy;
  * @author Joe Grandja
  */
 public class OAuth2AuthorizationRequestMixinTests {
+
 	private ObjectMapper mapper;
+
 	private OAuth2AuthorizationRequest.Builder authorizationRequestBuilder;
 
 	@Before
@@ -51,8 +53,7 @@ public class OAuth2AuthorizationRequestMixinTests {
 		Map<String, Object> additionalParameters = new LinkedHashMap<>();
 		additionalParameters.put("param1", "value1");
 		additionalParameters.put("param2", "value2");
-		this.authorizationRequestBuilder = TestOAuth2AuthorizationRequests.request()
-				.scope("read", "write")
+		this.authorizationRequestBuilder = TestOAuth2AuthorizationRequests.request().scope("read", "write")
 				.additionalParameters(additionalParameters);
 	}
 
@@ -66,13 +67,8 @@ public class OAuth2AuthorizationRequestMixinTests {
 
 	@Test
 	public void serializeWhenRequiredAttributesOnlyThenSerializes() throws Exception {
-		OAuth2AuthorizationRequest authorizationRequest =
-				this.authorizationRequestBuilder
-						.scopes(null)
-						.state(null)
-						.additionalParameters(Map::clear)
-						.attributes(Map::clear)
-						.build();
+		OAuth2AuthorizationRequest authorizationRequest = this.authorizationRequestBuilder.scopes(null).state(null)
+				.additionalParameters(Map::clear).attributes(Map::clear).build();
 		String expectedJson = asJson(authorizationRequest);
 		String json = this.mapper.writeValueAsString(authorizationRequest);
 		JSONAssert.assertEquals(expectedJson, json, true);
@@ -92,18 +88,12 @@ public class OAuth2AuthorizationRequestMixinTests {
 		OAuth2AuthorizationRequest authorizationRequest = this.mapper.readValue(json, OAuth2AuthorizationRequest.class);
 		assertThat(authorizationRequest.getAuthorizationUri())
 				.isEqualTo(expectedAuthorizationRequest.getAuthorizationUri());
-		assertThat(authorizationRequest.getGrantType())
-				.isEqualTo(expectedAuthorizationRequest.getGrantType());
-		assertThat(authorizationRequest.getResponseType())
-				.isEqualTo(expectedAuthorizationRequest.getResponseType());
-		assertThat(authorizationRequest.getClientId())
-				.isEqualTo(expectedAuthorizationRequest.getClientId());
-		assertThat(authorizationRequest.getRedirectUri())
-				.isEqualTo(expectedAuthorizationRequest.getRedirectUri());
-		assertThat(authorizationRequest.getScopes())
-				.isEqualTo(expectedAuthorizationRequest.getScopes());
-		assertThat(authorizationRequest.getState())
-				.isEqualTo(expectedAuthorizationRequest.getState());
+		assertThat(authorizationRequest.getGrantType()).isEqualTo(expectedAuthorizationRequest.getGrantType());
+		assertThat(authorizationRequest.getResponseType()).isEqualTo(expectedAuthorizationRequest.getResponseType());
+		assertThat(authorizationRequest.getClientId()).isEqualTo(expectedAuthorizationRequest.getClientId());
+		assertThat(authorizationRequest.getRedirectUri()).isEqualTo(expectedAuthorizationRequest.getRedirectUri());
+		assertThat(authorizationRequest.getScopes()).isEqualTo(expectedAuthorizationRequest.getScopes());
+		assertThat(authorizationRequest.getState()).isEqualTo(expectedAuthorizationRequest.getState());
 		assertThat(authorizationRequest.getAdditionalParameters())
 				.containsExactlyEntriesOf(expectedAuthorizationRequest.getAdditionalParameters());
 		assertThat(authorizationRequest.getAuthorizationRequestUri())
@@ -114,25 +104,16 @@ public class OAuth2AuthorizationRequestMixinTests {
 
 	@Test
 	public void deserializeWhenRequiredAttributesOnlyThenDeserializes() throws Exception {
-		OAuth2AuthorizationRequest expectedAuthorizationRequest =
-				this.authorizationRequestBuilder
-						.scopes(null)
-						.state(null)
-						.additionalParameters(Map::clear)
-						.attributes(Map::clear)
-						.build();
+		OAuth2AuthorizationRequest expectedAuthorizationRequest = this.authorizationRequestBuilder.scopes(null)
+				.state(null).additionalParameters(Map::clear).attributes(Map::clear).build();
 		String json = asJson(expectedAuthorizationRequest);
 		OAuth2AuthorizationRequest authorizationRequest = this.mapper.readValue(json, OAuth2AuthorizationRequest.class);
 		assertThat(authorizationRequest.getAuthorizationUri())
 				.isEqualTo(expectedAuthorizationRequest.getAuthorizationUri());
-		assertThat(authorizationRequest.getGrantType())
-				.isEqualTo(expectedAuthorizationRequest.getGrantType());
-		assertThat(authorizationRequest.getResponseType())
-				.isEqualTo(expectedAuthorizationRequest.getResponseType());
-		assertThat(authorizationRequest.getClientId())
-				.isEqualTo(expectedAuthorizationRequest.getClientId());
-		assertThat(authorizationRequest.getRedirectUri())
-				.isEqualTo(expectedAuthorizationRequest.getRedirectUri());
+		assertThat(authorizationRequest.getGrantType()).isEqualTo(expectedAuthorizationRequest.getGrantType());
+		assertThat(authorizationRequest.getResponseType()).isEqualTo(expectedAuthorizationRequest.getResponseType());
+		assertThat(authorizationRequest.getClientId()).isEqualTo(expectedAuthorizationRequest.getClientId());
+		assertThat(authorizationRequest.getRedirectUri()).isEqualTo(expectedAuthorizationRequest.getRedirectUri());
 		assertThat(authorizationRequest.getScopes()).isEmpty();
 		assertThat(authorizationRequest.getState()).isNull();
 		assertThat(authorizationRequest.getAdditionalParameters()).isEmpty();
@@ -146,8 +127,7 @@ public class OAuth2AuthorizationRequestMixinTests {
 		OAuth2AuthorizationRequest authorizationRequest = this.authorizationRequestBuilder.build();
 		String json = asJson(authorizationRequest).replace("authorization_code", "client_credentials");
 		assertThatThrownBy(() -> this.mapper.readValue(json, OAuth2AuthorizationRequest.class))
-				.isInstanceOf(JsonParseException.class)
-				.hasMessageContaining("Invalid authorizationGrantType");
+				.isInstanceOf(JsonParseException.class).hasMessageContaining("Invalid authorizationGrantType");
 	}
 
 	private static String asJson(OAuth2AuthorizationRequest authorizationRequest) {
@@ -194,4 +174,5 @@ public class OAuth2AuthorizationRequestMixinTests {
 				"}";
 		// @formatter:on
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizedClientMixinTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizedClientMixinTests.java
index 893e99d5a0..71e4be37f8 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizedClientMixinTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizedClientMixinTests.java
@@ -46,10 +46,15 @@ import static org.assertj.core.api.Assertions.assertThatThrownBy;
  * @author Joe Grandja
  */
 public class OAuth2AuthorizedClientMixinTests {
+
 	private ObjectMapper mapper;
+
 	private ClientRegistration.Builder clientRegistrationBuilder;
+
 	private OAuth2AccessToken accessToken;
+
 	private OAuth2RefreshToken refreshToken;
+
 	private String principalName;
 
 	@Before
@@ -60,8 +65,7 @@ public class OAuth2AuthorizedClientMixinTests {
 		Map<String, Object> providerConfigurationMetadata = new LinkedHashMap<>();
 		providerConfigurationMetadata.put("config1", "value1");
 		providerConfigurationMetadata.put("config2", "value2");
-		this.clientRegistrationBuilder = TestClientRegistrations.clientRegistration()
-				.scope("read", "write")
+		this.clientRegistrationBuilder = TestClientRegistrations.clientRegistration().scope("read", "write")
 				.providerConfigurationMetadata(providerConfigurationMetadata);
 		this.accessToken = TestOAuth2AccessTokens.scopes("read", "write");
 		this.refreshToken = TestOAuth2RefreshTokens.refreshToken();
@@ -70,8 +74,8 @@ public class OAuth2AuthorizedClientMixinTests {
 
 	@Test
 	public void serializeWhenMixinRegisteredThenSerializes() throws Exception {
-		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(
-				this.clientRegistrationBuilder.build(), this.principalName, this.accessToken, this.refreshToken);
+		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistrationBuilder.build(),
+				this.principalName, this.accessToken, this.refreshToken);
 		String expectedJson = asJson(authorizedClient);
 		String json = this.mapper.writeValueAsString(authorizedClient);
 		JSONAssert.assertEquals(expectedJson, json, true);
@@ -79,17 +83,10 @@ public class OAuth2AuthorizedClientMixinTests {
 
 	@Test
 	public void serializeWhenRequiredAttributesOnlyThenSerializes() throws Exception {
-		ClientRegistration clientRegistration =
-				TestClientRegistrations.clientRegistration()
-						.clientSecret(null)
-						.clientName(null)
-						.userInfoUri(null)
-						.userNameAttributeName(null)
-						.jwkSetUri(null)
-						.issuerUri(null)
-						.build();
-		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(
-				clientRegistration, this.principalName, TestOAuth2AccessTokens.noScopes());
+		ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().clientSecret(null)
+				.clientName(null).userInfoUri(null).userNameAttributeName(null).jwkSetUri(null).issuerUri(null).build();
+		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(clientRegistration, this.principalName,
+				TestOAuth2AccessTokens.noScopes());
 		String expectedJson = asJson(authorizedClient);
 		String json = this.mapper.writeValueAsString(authorizedClient);
 		JSONAssert.assertEquals(expectedJson, json, true);
@@ -97,8 +94,8 @@ public class OAuth2AuthorizedClientMixinTests {
 
 	@Test
 	public void deserializeWhenMixinNotRegisteredThenThrowJsonProcessingException() {
-		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(
-				this.clientRegistrationBuilder.build(), this.principalName, this.accessToken);
+		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistrationBuilder.build(),
+				this.principalName, this.accessToken);
 		String json = asJson(authorizedClient);
 		assertThatThrownBy(() -> new ObjectMapper().readValue(json, OAuth2AuthorizedClient.class))
 				.isInstanceOf(JsonProcessingException.class);
@@ -109,120 +106,88 @@ public class OAuth2AuthorizedClientMixinTests {
 		ClientRegistration expectedClientRegistration = this.clientRegistrationBuilder.build();
 		OAuth2AccessToken expectedAccessToken = this.accessToken;
 		OAuth2RefreshToken expectedRefreshToken = this.refreshToken;
-		OAuth2AuthorizedClient expectedAuthorizedClient = new OAuth2AuthorizedClient(
-				expectedClientRegistration, this.principalName, expectedAccessToken, expectedRefreshToken);
+		OAuth2AuthorizedClient expectedAuthorizedClient = new OAuth2AuthorizedClient(expectedClientRegistration,
+				this.principalName, expectedAccessToken, expectedRefreshToken);
 		String json = asJson(expectedAuthorizedClient);
 		OAuth2AuthorizedClient authorizedClient = this.mapper.readValue(json, OAuth2AuthorizedClient.class);
 		ClientRegistration clientRegistration = authorizedClient.getClientRegistration();
-		assertThat(clientRegistration.getRegistrationId())
-				.isEqualTo(expectedClientRegistration.getRegistrationId());
-		assertThat(clientRegistration.getClientId())
-				.isEqualTo(expectedClientRegistration.getClientId());
-		assertThat(clientRegistration.getClientSecret())
-				.isEqualTo(expectedClientRegistration.getClientSecret());
+		assertThat(clientRegistration.getRegistrationId()).isEqualTo(expectedClientRegistration.getRegistrationId());
+		assertThat(clientRegistration.getClientId()).isEqualTo(expectedClientRegistration.getClientId());
+		assertThat(clientRegistration.getClientSecret()).isEqualTo(expectedClientRegistration.getClientSecret());
 		assertThat(clientRegistration.getClientAuthenticationMethod())
 				.isEqualTo(expectedClientRegistration.getClientAuthenticationMethod());
 		assertThat(clientRegistration.getAuthorizationGrantType())
 				.isEqualTo(expectedClientRegistration.getAuthorizationGrantType());
-		assertThat(clientRegistration.getRedirectUri())
-				.isEqualTo(expectedClientRegistration.getRedirectUri());
-		assertThat(clientRegistration.getScopes())
-				.isEqualTo(expectedClientRegistration.getScopes());
+		assertThat(clientRegistration.getRedirectUri()).isEqualTo(expectedClientRegistration.getRedirectUri());
+		assertThat(clientRegistration.getScopes()).isEqualTo(expectedClientRegistration.getScopes());
 		assertThat(clientRegistration.getProviderDetails().getAuthorizationUri())
 				.isEqualTo(expectedClientRegistration.getProviderDetails().getAuthorizationUri());
 		assertThat(clientRegistration.getProviderDetails().getTokenUri())
 				.isEqualTo(expectedClientRegistration.getProviderDetails().getTokenUri());
 		assertThat(clientRegistration.getProviderDetails().getUserInfoEndpoint().getUri())
 				.isEqualTo(expectedClientRegistration.getProviderDetails().getUserInfoEndpoint().getUri());
-		assertThat(clientRegistration.getProviderDetails().getUserInfoEndpoint().getAuthenticationMethod())
-				.isEqualTo(expectedClientRegistration.getProviderDetails().getUserInfoEndpoint().getAuthenticationMethod());
-		assertThat(clientRegistration.getProviderDetails().getUserInfoEndpoint().getUserNameAttributeName())
-				.isEqualTo(expectedClientRegistration.getProviderDetails().getUserInfoEndpoint().getUserNameAttributeName());
+		assertThat(clientRegistration.getProviderDetails().getUserInfoEndpoint().getAuthenticationMethod()).isEqualTo(
+				expectedClientRegistration.getProviderDetails().getUserInfoEndpoint().getAuthenticationMethod());
+		assertThat(clientRegistration.getProviderDetails().getUserInfoEndpoint().getUserNameAttributeName()).isEqualTo(
+				expectedClientRegistration.getProviderDetails().getUserInfoEndpoint().getUserNameAttributeName());
 		assertThat(clientRegistration.getProviderDetails().getJwkSetUri())
 				.isEqualTo(expectedClientRegistration.getProviderDetails().getJwkSetUri());
 		assertThat(clientRegistration.getProviderDetails().getIssuerUri())
 				.isEqualTo(expectedClientRegistration.getProviderDetails().getIssuerUri());
 		assertThat(clientRegistration.getProviderDetails().getConfigurationMetadata())
 				.containsExactlyEntriesOf(clientRegistration.getProviderDetails().getConfigurationMetadata());
-		assertThat(clientRegistration.getClientName())
-				.isEqualTo(expectedClientRegistration.getClientName());
-		assertThat(authorizedClient.getPrincipalName())
-				.isEqualTo(expectedAuthorizedClient.getPrincipalName());
+		assertThat(clientRegistration.getClientName()).isEqualTo(expectedClientRegistration.getClientName());
+		assertThat(authorizedClient.getPrincipalName()).isEqualTo(expectedAuthorizedClient.getPrincipalName());
 		OAuth2AccessToken accessToken = authorizedClient.getAccessToken();
-		assertThat(accessToken.getTokenType())
-				.isEqualTo(expectedAccessToken.getTokenType());
-		assertThat(accessToken.getScopes())
-				.isEqualTo(expectedAccessToken.getScopes());
-		assertThat(accessToken.getTokenValue())
-				.isEqualTo(expectedAccessToken.getTokenValue());
-		assertThat(accessToken.getIssuedAt())
-				.isEqualTo(expectedAccessToken.getIssuedAt());
-		assertThat(accessToken.getExpiresAt())
-				.isEqualTo(expectedAccessToken.getExpiresAt());
+		assertThat(accessToken.getTokenType()).isEqualTo(expectedAccessToken.getTokenType());
+		assertThat(accessToken.getScopes()).isEqualTo(expectedAccessToken.getScopes());
+		assertThat(accessToken.getTokenValue()).isEqualTo(expectedAccessToken.getTokenValue());
+		assertThat(accessToken.getIssuedAt()).isEqualTo(expectedAccessToken.getIssuedAt());
+		assertThat(accessToken.getExpiresAt()).isEqualTo(expectedAccessToken.getExpiresAt());
 		OAuth2RefreshToken refreshToken = authorizedClient.getRefreshToken();
-		assertThat(refreshToken.getTokenValue())
-				.isEqualTo(expectedRefreshToken.getTokenValue());
-		assertThat(refreshToken.getIssuedAt())
-				.isEqualTo(expectedRefreshToken.getIssuedAt());
-		assertThat(refreshToken.getExpiresAt())
-				.isEqualTo(expectedRefreshToken.getExpiresAt());
+		assertThat(refreshToken.getTokenValue()).isEqualTo(expectedRefreshToken.getTokenValue());
+		assertThat(refreshToken.getIssuedAt()).isEqualTo(expectedRefreshToken.getIssuedAt());
+		assertThat(refreshToken.getExpiresAt()).isEqualTo(expectedRefreshToken.getExpiresAt());
 	}
 
 	@Test
 	public void deserializeWhenRequiredAttributesOnlyThenDeserializes() throws Exception {
-		ClientRegistration expectedClientRegistration =
-				TestClientRegistrations.clientRegistration()
-						.clientSecret(null)
-						.clientName(null)
-						.userInfoUri(null)
-						.userNameAttributeName(null)
-						.jwkSetUri(null)
-						.issuerUri(null)
-						.build();
+		ClientRegistration expectedClientRegistration = TestClientRegistrations.clientRegistration().clientSecret(null)
+				.clientName(null).userInfoUri(null).userNameAttributeName(null).jwkSetUri(null).issuerUri(null).build();
 		OAuth2AccessToken expectedAccessToken = TestOAuth2AccessTokens.noScopes();
-		OAuth2AuthorizedClient expectedAuthorizedClient = new OAuth2AuthorizedClient(
-				expectedClientRegistration, this.principalName, expectedAccessToken);
+		OAuth2AuthorizedClient expectedAuthorizedClient = new OAuth2AuthorizedClient(expectedClientRegistration,
+				this.principalName, expectedAccessToken);
 		String json = asJson(expectedAuthorizedClient);
 		OAuth2AuthorizedClient authorizedClient = this.mapper.readValue(json, OAuth2AuthorizedClient.class);
 		ClientRegistration clientRegistration = authorizedClient.getClientRegistration();
-		assertThat(clientRegistration.getRegistrationId())
-				.isEqualTo(expectedClientRegistration.getRegistrationId());
-		assertThat(clientRegistration.getClientId())
-				.isEqualTo(expectedClientRegistration.getClientId());
+		assertThat(clientRegistration.getRegistrationId()).isEqualTo(expectedClientRegistration.getRegistrationId());
+		assertThat(clientRegistration.getClientId()).isEqualTo(expectedClientRegistration.getClientId());
 		assertThat(clientRegistration.getClientSecret()).isEmpty();
 		assertThat(clientRegistration.getClientAuthenticationMethod())
 				.isEqualTo(expectedClientRegistration.getClientAuthenticationMethod());
 		assertThat(clientRegistration.getAuthorizationGrantType())
 				.isEqualTo(expectedClientRegistration.getAuthorizationGrantType());
-		assertThat(clientRegistration.getRedirectUri())
-				.isEqualTo(expectedClientRegistration.getRedirectUri());
-		assertThat(clientRegistration.getScopes())
-				.isEqualTo(expectedClientRegistration.getScopes());
+		assertThat(clientRegistration.getRedirectUri()).isEqualTo(expectedClientRegistration.getRedirectUri());
+		assertThat(clientRegistration.getScopes()).isEqualTo(expectedClientRegistration.getScopes());
 		assertThat(clientRegistration.getProviderDetails().getAuthorizationUri())
 				.isEqualTo(expectedClientRegistration.getProviderDetails().getAuthorizationUri());
 		assertThat(clientRegistration.getProviderDetails().getTokenUri())
 				.isEqualTo(expectedClientRegistration.getProviderDetails().getTokenUri());
 		assertThat(clientRegistration.getProviderDetails().getUserInfoEndpoint().getUri()).isNull();
-		assertThat(clientRegistration.getProviderDetails().getUserInfoEndpoint().getAuthenticationMethod())
-				.isEqualTo(expectedClientRegistration.getProviderDetails().getUserInfoEndpoint().getAuthenticationMethod());
+		assertThat(clientRegistration.getProviderDetails().getUserInfoEndpoint().getAuthenticationMethod()).isEqualTo(
+				expectedClientRegistration.getProviderDetails().getUserInfoEndpoint().getAuthenticationMethod());
 		assertThat(clientRegistration.getProviderDetails().getUserInfoEndpoint().getUserNameAttributeName()).isNull();
 		assertThat(clientRegistration.getProviderDetails().getJwkSetUri()).isNull();
 		assertThat(clientRegistration.getProviderDetails().getIssuerUri()).isNull();
 		assertThat(clientRegistration.getProviderDetails().getConfigurationMetadata()).isEmpty();
-		assertThat(clientRegistration.getClientName())
-				.isEqualTo(clientRegistration.getRegistrationId());
-		assertThat(authorizedClient.getPrincipalName())
-				.isEqualTo(expectedAuthorizedClient.getPrincipalName());
+		assertThat(clientRegistration.getClientName()).isEqualTo(clientRegistration.getRegistrationId());
+		assertThat(authorizedClient.getPrincipalName()).isEqualTo(expectedAuthorizedClient.getPrincipalName());
 		OAuth2AccessToken accessToken = authorizedClient.getAccessToken();
-		assertThat(accessToken.getTokenType())
-				.isEqualTo(expectedAccessToken.getTokenType());
+		assertThat(accessToken.getTokenType()).isEqualTo(expectedAccessToken.getTokenType());
 		assertThat(accessToken.getScopes()).isEmpty();
-		assertThat(accessToken.getTokenValue())
-				.isEqualTo(expectedAccessToken.getTokenValue());
-		assertThat(accessToken.getIssuedAt())
-				.isEqualTo(expectedAccessToken.getIssuedAt());
-		assertThat(accessToken.getExpiresAt())
-				.isEqualTo(expectedAccessToken.getExpiresAt());
+		assertThat(accessToken.getTokenValue()).isEqualTo(expectedAccessToken.getTokenValue());
+		assertThat(accessToken.getIssuedAt()).isEqualTo(expectedAccessToken.getIssuedAt());
+		assertThat(accessToken.getExpiresAt()).isEqualTo(expectedAccessToken.getExpiresAt());
 		assertThat(authorizedClient.getRefreshToken()).isNull();
 	}
 
@@ -333,4 +298,5 @@ public class OAuth2AuthorizedClientMixinTests {
 		}
 		return DecimalUtils.toBigDecimal(instant.getEpochSecond(), instant.getNano()).toString();
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProviderTests.java
index 4c9fc9acbe..667a256004 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProviderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProviderTests.java
@@ -76,15 +76,26 @@ import static org.springframework.security.oauth2.jwt.TestJwts.jwt;
  * @author Mark Heckler
  */
 public class OidcAuthorizationCodeAuthenticationProviderTests {
+
 	private ClientRegistration clientRegistration;
+
 	private OAuth2AuthorizationRequest authorizationRequest;
+
 	private OAuth2AuthorizationResponse authorizationResponse;
+
 	private OAuth2AuthorizationExchange authorizationExchange;
+
 	private OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient;
+
 	private OAuth2AccessTokenResponse accessTokenResponse;
+
 	private OAuth2UserService<OidcUserRequest, OidcUser> userService;
+
 	private OidcAuthorizationCodeAuthenticationProvider authenticationProvider;
-	private StringKeyGenerator secureKeyGenerator = new Base64StringKeyGenerator(Base64.getUrlEncoder().withoutPadding(), 96);
+
+	private StringKeyGenerator secureKeyGenerator = new Base64StringKeyGenerator(
+			Base64.getUrlEncoder().withoutPadding(), 96);
+
 	private String nonceHash;
 
 	@Rule
@@ -101,19 +112,19 @@ public class OidcAuthorizationCodeAuthenticationProviderTests {
 			this.nonceHash = createHash(nonce);
 			attributes.put(OidcParameterNames.NONCE, nonce);
 			additionalParameters.put(OidcParameterNames.NONCE, this.nonceHash);
-		} catch (NoSuchAlgorithmException e) { }
-		this.authorizationRequest = request()
-				.scope("openid", "profile", "email")
-				.attributes(attributes)
-				.additionalParameters(additionalParameters)
-				.build();
+		}
+		catch (NoSuchAlgorithmException e) {
+		}
+		this.authorizationRequest = request().scope("openid", "profile", "email").attributes(attributes)
+				.additionalParameters(additionalParameters).build();
 		this.authorizationResponse = success().build();
-		this.authorizationExchange = new OAuth2AuthorizationExchange(this.authorizationRequest, this.authorizationResponse);
+		this.authorizationExchange = new OAuth2AuthorizationExchange(this.authorizationRequest,
+				this.authorizationResponse);
 		this.accessTokenResponseClient = mock(OAuth2AccessTokenResponseClient.class);
 		this.accessTokenResponse = this.accessTokenSuccessResponse();
 		this.userService = mock(OAuth2UserService.class);
-		this.authenticationProvider =
-			new OidcAuthorizationCodeAuthenticationProvider(this.accessTokenResponseClient, this.userService);
+		this.authenticationProvider = new OidcAuthorizationCodeAuthenticationProvider(this.accessTokenResponseClient,
+				this.userService);
 
 		when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(this.accessTokenResponse);
 	}
@@ -150,12 +161,11 @@ public class OidcAuthorizationCodeAuthenticationProviderTests {
 	@Test
 	public void authenticateWhenAuthorizationRequestDoesNotContainOpenidScopeThenReturnNull() {
 		OAuth2AuthorizationRequest authorizationRequest = request().scope("scope1").build();
-		OAuth2AuthorizationExchange authorizationExchange =
-				new OAuth2AuthorizationExchange(authorizationRequest, this.authorizationResponse);
+		OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(authorizationRequest,
+				this.authorizationResponse);
 
-		OAuth2LoginAuthenticationToken authentication =
-			(OAuth2LoginAuthenticationToken) this.authenticationProvider.authenticate(
-				new OAuth2LoginAuthenticationToken(this.clientRegistration, authorizationExchange));
+		OAuth2LoginAuthenticationToken authentication = (OAuth2LoginAuthenticationToken) this.authenticationProvider
+				.authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, authorizationExchange));
 
 		assertThat(authentication).isNull();
 	}
@@ -166,11 +176,11 @@ public class OidcAuthorizationCodeAuthenticationProviderTests {
 		this.exception.expectMessage(containsString(OAuth2ErrorCodes.INVALID_SCOPE));
 
 		OAuth2AuthorizationResponse authorizationResponse = error().errorCode(OAuth2ErrorCodes.INVALID_SCOPE).build();
-		OAuth2AuthorizationExchange authorizationExchange =
-				new OAuth2AuthorizationExchange(this.authorizationRequest, authorizationResponse);
+		OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(this.authorizationRequest,
+				authorizationResponse);
 
-		this.authenticationProvider.authenticate(
-			new OAuth2LoginAuthenticationToken(this.clientRegistration, authorizationExchange));
+		this.authenticationProvider
+				.authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, authorizationExchange));
 	}
 
 	@Test
@@ -179,11 +189,11 @@ public class OidcAuthorizationCodeAuthenticationProviderTests {
 		this.exception.expectMessage(containsString("invalid_state_parameter"));
 
 		OAuth2AuthorizationResponse authorizationResponse = success().state("89012").build();
-		OAuth2AuthorizationExchange authorizationExchange =
-				new OAuth2AuthorizationExchange(this.authorizationRequest, authorizationResponse);
+		OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(this.authorizationRequest,
+				authorizationResponse);
 
-		this.authenticationProvider.authenticate(
-			new OAuth2LoginAuthenticationToken(this.clientRegistration, authorizationExchange));
+		this.authenticationProvider
+				.authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, authorizationExchange));
 	}
 
 	@Test
@@ -191,14 +201,12 @@ public class OidcAuthorizationCodeAuthenticationProviderTests {
 		this.exception.expect(OAuth2AuthenticationException.class);
 		this.exception.expectMessage(containsString("invalid_id_token"));
 
-		OAuth2AccessTokenResponse accessTokenResponse =
-				OAuth2AccessTokenResponse.withResponse(this.accessTokenSuccessResponse())
-						.additionalParameters(Collections.emptyMap())
-						.build();
+		OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse
+				.withResponse(this.accessTokenSuccessResponse()).additionalParameters(Collections.emptyMap()).build();
 		when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(accessTokenResponse);
 
-		this.authenticationProvider.authenticate(
-			new OAuth2LoginAuthenticationToken(this.clientRegistration, this.authorizationExchange));
+		this.authenticationProvider
+				.authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, this.authorizationExchange));
 	}
 
 	@Test
@@ -208,8 +216,8 @@ public class OidcAuthorizationCodeAuthenticationProviderTests {
 
 		ClientRegistration clientRegistration = clientRegistration().jwkSetUri(null).build();
 
-		this.authenticationProvider.authenticate(
-			new OAuth2LoginAuthenticationToken(clientRegistration, this.authorizationExchange));
+		this.authenticationProvider
+				.authenticate(new OAuth2LoginAuthenticationToken(clientRegistration, this.authorizationExchange));
 	}
 
 	@Test
@@ -221,8 +229,8 @@ public class OidcAuthorizationCodeAuthenticationProviderTests {
 		when(jwtDecoder.decode(anyString())).thenThrow(new JwtException("ID Token Validation Error"));
 		this.authenticationProvider.setJwtDecoderFactory(registration -> jwtDecoder);
 
-		this.authenticationProvider.authenticate(
-				new OAuth2LoginAuthenticationToken(this.clientRegistration, this.authorizationExchange));
+		this.authenticationProvider
+				.authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, this.authorizationExchange));
 	}
 
 	@Test
@@ -238,8 +246,8 @@ public class OidcAuthorizationCodeAuthenticationProviderTests {
 		claims.put(IdTokenClaimNames.NONCE, "invalid-nonce-hash");
 		this.setUpIdToken(claims);
 
-		this.authenticationProvider.authenticate(
-				new OAuth2LoginAuthenticationToken(this.clientRegistration, this.authorizationExchange));
+		this.authenticationProvider
+				.authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, this.authorizationExchange));
 	}
 
 	@Test
@@ -254,13 +262,11 @@ public class OidcAuthorizationCodeAuthenticationProviderTests {
 
 		OidcUser principal = mock(OidcUser.class);
 		List<GrantedAuthority> authorities = AuthorityUtils.createAuthorityList("ROLE_USER");
-		when(principal.getAuthorities()).thenAnswer(
-			(Answer<List<GrantedAuthority>>) invocation -> authorities);
+		when(principal.getAuthorities()).thenAnswer((Answer<List<GrantedAuthority>>) invocation -> authorities);
 		when(this.userService.loadUser(any())).thenReturn(principal);
 
-		OAuth2LoginAuthenticationToken authentication =
-			(OAuth2LoginAuthenticationToken) this.authenticationProvider.authenticate(
-				new OAuth2LoginAuthenticationToken(this.clientRegistration, this.authorizationExchange));
+		OAuth2LoginAuthenticationToken authentication = (OAuth2LoginAuthenticationToken) this.authenticationProvider
+				.authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, this.authorizationExchange));
 
 		assertThat(authentication.isAuthenticated()).isTrue();
 		assertThat(authentication.getPrincipal()).isEqualTo(principal);
@@ -284,19 +290,17 @@ public class OidcAuthorizationCodeAuthenticationProviderTests {
 
 		OidcUser principal = mock(OidcUser.class);
 		List<GrantedAuthority> authorities = AuthorityUtils.createAuthorityList("ROLE_USER");
-		when(principal.getAuthorities()).thenAnswer(
-			(Answer<List<GrantedAuthority>>) invocation -> authorities);
+		when(principal.getAuthorities()).thenAnswer((Answer<List<GrantedAuthority>>) invocation -> authorities);
 		when(this.userService.loadUser(any())).thenReturn(principal);
 
 		List<GrantedAuthority> mappedAuthorities = AuthorityUtils.createAuthorityList("ROLE_OIDC_USER");
 		GrantedAuthoritiesMapper authoritiesMapper = mock(GrantedAuthoritiesMapper.class);
-		when(authoritiesMapper.mapAuthorities(anyCollection())).thenAnswer(
-			(Answer<List<GrantedAuthority>>) invocation -> mappedAuthorities);
+		when(authoritiesMapper.mapAuthorities(anyCollection()))
+				.thenAnswer((Answer<List<GrantedAuthority>>) invocation -> mappedAuthorities);
 		this.authenticationProvider.setAuthoritiesMapper(authoritiesMapper);
 
-		OAuth2LoginAuthenticationToken authentication =
-			(OAuth2LoginAuthenticationToken) this.authenticationProvider.authenticate(
-				new OAuth2LoginAuthenticationToken(this.clientRegistration, this.authorizationExchange));
+		OAuth2LoginAuthenticationToken authentication = (OAuth2LoginAuthenticationToken) this.authenticationProvider
+				.authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, this.authorizationExchange));
 
 		assertThat(authentication.getAuthorities()).isEqualTo(mappedAuthorities);
 	}
@@ -314,16 +318,15 @@ public class OidcAuthorizationCodeAuthenticationProviderTests {
 
 		OidcUser principal = mock(OidcUser.class);
 		List<GrantedAuthority> authorities = AuthorityUtils.createAuthorityList("ROLE_USER");
-		when(principal.getAuthorities()).thenAnswer(
-				(Answer<List<GrantedAuthority>>) invocation -> authorities);
+		when(principal.getAuthorities()).thenAnswer((Answer<List<GrantedAuthority>>) invocation -> authorities);
 		ArgumentCaptor<OidcUserRequest> userRequestArgCaptor = ArgumentCaptor.forClass(OidcUserRequest.class);
 		when(this.userService.loadUser(userRequestArgCaptor.capture())).thenReturn(principal);
 
-		this.authenticationProvider.authenticate(new OAuth2LoginAuthenticationToken(
-				this.clientRegistration, this.authorizationExchange));
+		this.authenticationProvider
+				.authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, this.authorizationExchange));
 
-		assertThat(userRequestArgCaptor.getValue().getAdditionalParameters()).containsAllEntriesOf(
-				this.accessTokenResponse.getAdditionalParameters());
+		assertThat(userRequestArgCaptor.getValue().getAdditionalParameters())
+				.containsAllEntriesOf(this.accessTokenResponse.getAdditionalParameters());
 	}
 
 	private void setUpIdToken(Map<String, Object> claims) {
@@ -341,14 +344,10 @@ public class OidcAuthorizationCodeAuthenticationProviderTests {
 		additionalParameters.put("param2", "value2");
 		additionalParameters.put(OidcParameterNames.ID_TOKEN, "id-token");
 
-		return OAuth2AccessTokenResponse
-				.withToken("access-token-1234")
-				.tokenType(OAuth2AccessToken.TokenType.BEARER)
-				.expiresIn(expiresAt.getEpochSecond())
-				.scopes(scopes)
-				.refreshToken("refresh-token-1234")
-				.additionalParameters(additionalParameters)
-				.build();
+		return OAuth2AccessTokenResponse.withToken("access-token-1234").tokenType(OAuth2AccessToken.TokenType.BEARER)
+				.expiresIn(expiresAt.getEpochSecond()).scopes(scopes).refreshToken("refresh-token-1234")
+				.additionalParameters(additionalParameters).build();
 
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManagerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManagerTests.java
index 4faec435a1..ea88bf4460 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManagerTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManagerTests.java
@@ -81,6 +81,7 @@ import static org.springframework.security.oauth2.jwt.TestJwts.jwt;
  */
 @RunWith(MockitoJUnitRunner.class)
 public class OidcAuthorizationCodeReactiveAuthenticationManagerTests {
+
 	@Mock
 	private ReactiveOAuth2UserService<OidcUserRequest, OidcUser> userService;
 
@@ -90,62 +91,59 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests {
 	@Mock
 	private ReactiveJwtDecoder jwtDecoder;
 
-	private ClientRegistration.Builder registration = TestClientRegistrations.clientRegistration()
-			.scope("openid");
+	private ClientRegistration.Builder registration = TestClientRegistrations.clientRegistration().scope("openid");
 
-	private OAuth2AuthorizationResponse.Builder authorizationResponseBldr = OAuth2AuthorizationResponse
-			.success("code")
+	private OAuth2AuthorizationResponse.Builder authorizationResponseBldr = OAuth2AuthorizationResponse.success("code")
 			.state("state");
 
 	private OidcIdToken idToken = TestOidcIdTokens.idToken().build();
 
 	private OidcAuthorizationCodeReactiveAuthenticationManager manager;
 
-	private StringKeyGenerator secureKeyGenerator = new Base64StringKeyGenerator(Base64.getUrlEncoder().withoutPadding(), 96);
+	private StringKeyGenerator secureKeyGenerator = new Base64StringKeyGenerator(
+			Base64.getUrlEncoder().withoutPadding(), 96);
 
 	private String nonceHash;
 
 	@Before
 	public void setup() {
-		this.manager = new OidcAuthorizationCodeReactiveAuthenticationManager(this.accessTokenResponseClient, this.userService);
+		this.manager = new OidcAuthorizationCodeReactiveAuthenticationManager(this.accessTokenResponseClient,
+				this.userService);
 	}
 
 	@Test
 	public void constructorWhenNullAccessTokenResponseClientThenIllegalArgumentException() {
 		this.accessTokenResponseClient = null;
-		assertThatThrownBy(() -> new OidcAuthorizationCodeReactiveAuthenticationManager(this.accessTokenResponseClient, this.userService))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatThrownBy(() -> new OidcAuthorizationCodeReactiveAuthenticationManager(this.accessTokenResponseClient,
+				this.userService)).isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
 	public void constructorWhenNullUserServiceThenIllegalArgumentException() {
 		this.userService = null;
-		assertThatThrownBy(() -> new OidcAuthorizationCodeReactiveAuthenticationManager(this.accessTokenResponseClient, this.userService))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatThrownBy(() -> new OidcAuthorizationCodeReactiveAuthenticationManager(this.accessTokenResponseClient,
+				this.userService)).isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
 	public void setJwtDecoderFactoryWhenNullThenIllegalArgumentException() {
-		assertThatThrownBy(() -> this.manager.setJwtDecoderFactory(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatThrownBy(() -> this.manager.setJwtDecoderFactory(null)).isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
 	public void setAuthoritiesMapperWhenAuthoritiesMapperIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.manager.setAuthoritiesMapper(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatThrownBy(() -> this.manager.setAuthoritiesMapper(null)).isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
 	public void authenticateWhenNoSubscriptionThenDoesNothing() {
-		// we didn't do anything because it should cause a ClassCastException (as verified below)
+		// we didn't do anything because it should cause a ClassCastException (as verified
+		// below)
 		TestingAuthenticationToken token = new TestingAuthenticationToken("a", "b");
 
-		assertThatCode(()-> this.manager.authenticate(token))
-				.doesNotThrowAnyException();
+		assertThatCode(() -> this.manager.authenticate(token)).doesNotThrowAnyException();
 
-		assertThatThrownBy(() -> this.manager.authenticate(token).block())
-				.isInstanceOf(Throwable.class);
+		assertThatThrownBy(() -> this.manager.authenticate(token).block()).isInstanceOf(Throwable.class);
 	}
 
 	@Test
@@ -156,9 +154,7 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests {
 
 	@Test
 	public void authenticationWhenErrorThenOAuth2AuthenticationException() {
-		this.authorizationResponseBldr = OAuth2AuthorizationResponse
-				.error("error")
-				.state("state");
+		this.authorizationResponseBldr = OAuth2AuthorizationResponse.error("error").state("state");
 		assertThatThrownBy(() -> this.manager.authenticate(loginToken()).block())
 				.isInstanceOf(OAuth2AuthenticationException.class);
 	}
@@ -173,8 +169,8 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests {
 	@Test
 	public void authenticateWhenIdTokenValidationErrorThenOAuth2AuthenticationException() {
 		OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("foo")
-				.tokenType(OAuth2AccessToken.TokenType.BEARER)
-				.additionalParameters(Collections.singletonMap(OidcParameterNames.ID_TOKEN, this.idToken.getTokenValue()))
+				.tokenType(OAuth2AccessToken.TokenType.BEARER).additionalParameters(
+						Collections.singletonMap(OidcParameterNames.ID_TOKEN, this.idToken.getTokenValue()))
 				.build();
 		when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(Mono.just(accessTokenResponse));
 
@@ -189,8 +185,8 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests {
 	@Test
 	public void authenticateWhenIdTokenInvalidNonceThenOAuth2AuthenticationException() {
 		OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("foo")
-				.tokenType(OAuth2AccessToken.TokenType.BEARER)
-				.additionalParameters(Collections.singletonMap(OidcParameterNames.ID_TOKEN, this.idToken.getTokenValue()))
+				.tokenType(OAuth2AccessToken.TokenType.BEARER).additionalParameters(
+						Collections.singletonMap(OidcParameterNames.ID_TOKEN, this.idToken.getTokenValue()))
 				.build();
 
 		OAuth2AuthorizationCodeAuthenticationToken authorizationCodeAuthentication = loginToken();
@@ -207,15 +203,15 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests {
 		this.manager.setJwtDecoderFactory(c -> this.jwtDecoder);
 
 		assertThatThrownBy(() -> this.manager.authenticate(authorizationCodeAuthentication).block())
-				.isInstanceOf(OAuth2AuthenticationException.class)
-				.hasMessageContaining("[invalid_nonce]");
+				.isInstanceOf(OAuth2AuthenticationException.class).hasMessageContaining("[invalid_nonce]");
 	}
 
 	@Test
 	public void authenticationWhenOAuth2UserNotFoundThenEmpty() {
 		OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("foo")
 				.tokenType(OAuth2AccessToken.TokenType.BEARER)
-				.additionalParameters(Collections.singletonMap(OidcParameterNames.ID_TOKEN, "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ."))
+				.additionalParameters(Collections.singletonMap(OidcParameterNames.ID_TOKEN,
+						"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ."))
 				.build();
 
 		OAuth2AuthorizationCodeAuthenticationToken authorizationCodeAuthentication = loginToken();
@@ -237,8 +233,8 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests {
 	@Test
 	public void authenticationWhenOAuth2UserFoundThenSuccess() {
 		OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("foo")
-				.tokenType(OAuth2AccessToken.TokenType.BEARER)
-				.additionalParameters(Collections.singletonMap(OidcParameterNames.ID_TOKEN, this.idToken.getTokenValue()))
+				.tokenType(OAuth2AccessToken.TokenType.BEARER).additionalParameters(
+						Collections.singletonMap(OidcParameterNames.ID_TOKEN, this.idToken.getTokenValue()))
 				.build();
 
 		OAuth2AuthorizationCodeAuthenticationToken authorizationCodeAuthentication = loginToken();
@@ -256,7 +252,8 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests {
 		when(this.jwtDecoder.decode(any())).thenReturn(Mono.just(idToken));
 		this.manager.setJwtDecoderFactory(c -> this.jwtDecoder);
 
-		OAuth2LoginAuthenticationToken result = (OAuth2LoginAuthenticationToken) this.manager.authenticate(authorizationCodeAuthentication).block();
+		OAuth2LoginAuthenticationToken result = (OAuth2LoginAuthenticationToken) this.manager
+				.authenticate(authorizationCodeAuthentication).block();
 
 		assertThat(result.getPrincipal()).isEqualTo(user);
 		assertThat(result.getAuthorities()).containsOnlyElementsOf(user.getAuthorities());
@@ -267,9 +264,9 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests {
 	public void authenticationWhenRefreshTokenThenRefreshTokenInAuthorizedClient() {
 		OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("foo")
 				.tokenType(OAuth2AccessToken.TokenType.BEARER)
-				.additionalParameters(Collections.singletonMap(OidcParameterNames.ID_TOKEN, this.idToken.getTokenValue()))
-				.refreshToken("refresh-token")
-				.build();
+				.additionalParameters(
+						Collections.singletonMap(OidcParameterNames.ID_TOKEN, this.idToken.getTokenValue()))
+				.refreshToken("refresh-token").build();
 
 		OAuth2AuthorizationCodeAuthenticationToken authorizationCodeAuthentication = loginToken();
 
@@ -286,7 +283,8 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests {
 		when(this.jwtDecoder.decode(any())).thenReturn(Mono.just(idToken));
 		this.manager.setJwtDecoderFactory(c -> this.jwtDecoder);
 
-		OAuth2LoginAuthenticationToken result = (OAuth2LoginAuthenticationToken) this.manager.authenticate(authorizationCodeAuthentication).block();
+		OAuth2LoginAuthenticationToken result = (OAuth2LoginAuthenticationToken) this.manager
+				.authenticate(authorizationCodeAuthentication).block();
 
 		assertThat(result.getPrincipal()).isEqualTo(user);
 		assertThat(result.getAuthorities()).containsOnlyElementsOf(user.getAuthorities());
@@ -303,9 +301,7 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests {
 		additionalParameters.put("param1", "value1");
 		additionalParameters.put("param2", "value2");
 		OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("foo")
-				.tokenType(OAuth2AccessToken.TokenType.BEARER)
-				.additionalParameters(additionalParameters)
-				.build();
+				.tokenType(OAuth2AccessToken.TokenType.BEARER).additionalParameters(additionalParameters).build();
 
 		OAuth2AuthorizationCodeAuthenticationToken authorizationCodeAuthentication = loginToken();
 
@@ -333,8 +329,8 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests {
 	public void authenticateWhenAuthoritiesMapperSetThenReturnMappedAuthorities() {
 		ClientRegistration clientRegistration = this.registration.build();
 		OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("foo")
-				.tokenType(OAuth2AccessToken.TokenType.BEARER)
-				.additionalParameters(Collections.singletonMap(OidcParameterNames.ID_TOKEN, this.idToken.getTokenValue()))
+				.tokenType(OAuth2AccessToken.TokenType.BEARER).additionalParameters(
+						Collections.singletonMap(OidcParameterNames.ID_TOKEN, this.idToken.getTokenValue()))
 				.build();
 
 		OAuth2AuthorizationCodeAuthenticationToken authorizationCodeAuthentication = loginToken();
@@ -346,7 +342,6 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests {
 		claims.put(IdTokenClaimNames.NONCE, this.nonceHash);
 		Jwt idToken = jwt().claims(c -> c.putAll(claims)).build();
 
-
 		when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(Mono.just(accessTokenResponse));
 		DefaultOidcUser user = new DefaultOidcUser(AuthorityUtils.createAuthorityList("ROLE_USER"), this.idToken);
 		ArgumentCaptor<OidcUserRequest> userRequestArgCaptor = ArgumentCaptor.forClass(OidcUserRequest.class);
@@ -354,8 +349,8 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests {
 
 		List<GrantedAuthority> mappedAuthorities = AuthorityUtils.createAuthorityList("ROLE_OIDC_USER");
 		GrantedAuthoritiesMapper authoritiesMapper = mock(GrantedAuthoritiesMapper.class);
-		when(authoritiesMapper.mapAuthorities(anyCollection())).thenAnswer(
-				(Answer<List<GrantedAuthority>>) invocation -> mappedAuthorities);
+		when(authoritiesMapper.mapAuthorities(anyCollection()))
+				.thenAnswer((Answer<List<GrantedAuthority>>) invocation -> mappedAuthorities);
 		when(this.jwtDecoder.decode(any())).thenReturn(Mono.just(idToken));
 		this.manager.setJwtDecoderFactory(c -> this.jwtDecoder);
 		this.manager.setAuthoritiesMapper(authoritiesMapper);
@@ -374,22 +369,19 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests {
 			this.nonceHash = createHash(nonce);
 			attributes.put(OidcParameterNames.NONCE, nonce);
 			additionalParameters.put(OidcParameterNames.NONCE, this.nonceHash);
-		} catch (NoSuchAlgorithmException e) { }
-		OAuth2AuthorizationRequest authorizationRequest = OAuth2AuthorizationRequest
-				.authorizationCode()
-				.state("state")
+		}
+		catch (NoSuchAlgorithmException e) {
+		}
+		OAuth2AuthorizationRequest authorizationRequest = OAuth2AuthorizationRequest.authorizationCode().state("state")
 				.clientId(clientRegistration.getClientId())
 				.authorizationUri(clientRegistration.getProviderDetails().getAuthorizationUri())
-				.redirectUri(clientRegistration.getRedirectUri())
-				.scopes(clientRegistration.getScopes())
-				.additionalParameters(additionalParameters)
-				.attributes(attributes)
-				.build();
+				.redirectUri(clientRegistration.getRedirectUri()).scopes(clientRegistration.getScopes())
+				.additionalParameters(additionalParameters).attributes(attributes).build();
 		OAuth2AuthorizationResponse authorizationResponse = this.authorizationResponseBldr
-				.redirectUri(clientRegistration.getRedirectUri())
-				.build();
+				.redirectUri(clientRegistration.getRedirectUri()).build();
 		OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(authorizationRequest,
 				authorizationResponse);
 		return new OAuth2AuthorizationCodeAuthenticationToken(clientRegistration, authorizationExchange);
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenDecoderFactoryTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenDecoderFactoryTests.java
index 0b26a0d03f..3679a7797e 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenDecoderFactoryTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenDecoderFactoryTests.java
@@ -44,8 +44,7 @@ import static org.mockito.Mockito.*;
  */
 public class OidcIdTokenDecoderFactoryTests {
 
-	private ClientRegistration.Builder registration = TestClientRegistrations.clientRegistration()
-			.scope("openid");
+	private ClientRegistration.Builder registration = TestClientRegistrations.clientRegistration().scope("openid");
 
 	private OidcIdTokenDecoderFactory idTokenDecoderFactory;
 
@@ -56,7 +55,8 @@ public class OidcIdTokenDecoderFactoryTests {
 
 	@Test
 	public void createDefaultClaimTypeConvertersWhenCalledThenDefaultsAreCorrect() {
-		Map<String, Converter<Object, ?>> claimTypeConverters = OidcIdTokenDecoderFactory.createDefaultClaimTypeConverters();
+		Map<String, Converter<Object, ?>> claimTypeConverters = OidcIdTokenDecoderFactory
+				.createDefaultClaimTypeConverters();
 		assertThat(claimTypeConverters).containsKey(IdTokenClaimNames.ISS);
 		assertThat(claimTypeConverters).containsKey(IdTokenClaimNames.AUD);
 		assertThat(claimTypeConverters).containsKey(IdTokenClaimNames.NONCE);
@@ -97,9 +97,9 @@ public class OidcIdTokenDecoderFactoryTests {
 	public void createDecoderWhenJwsAlgorithmDefaultAndJwkSetUriEmptyThenThrowOAuth2AuthenticationException() {
 		assertThatThrownBy(() -> this.idTokenDecoderFactory.createDecoder(this.registration.jwkSetUri(null).build()))
 				.isInstanceOf(OAuth2AuthenticationException.class)
-				.hasMessage("[missing_signature_verifier] Failed to find a Signature Verifier " +
-						"for Client Registration: 'registration-id'. " +
-						"Check to ensure you have configured the JwkSet URI.");
+				.hasMessage("[missing_signature_verifier] Failed to find a Signature Verifier "
+						+ "for Client Registration: 'registration-id'. "
+						+ "Check to ensure you have configured the JwkSet URI.");
 	}
 
 	@Test
@@ -107,9 +107,9 @@ public class OidcIdTokenDecoderFactoryTests {
 		this.idTokenDecoderFactory.setJwsAlgorithmResolver(clientRegistration -> SignatureAlgorithm.ES256);
 		assertThatThrownBy(() -> this.idTokenDecoderFactory.createDecoder(this.registration.jwkSetUri(null).build()))
 				.isInstanceOf(OAuth2AuthenticationException.class)
-				.hasMessage("[missing_signature_verifier] Failed to find a Signature Verifier " +
-						"for Client Registration: 'registration-id'. " +
-						"Check to ensure you have configured the JwkSet URI.");
+				.hasMessage("[missing_signature_verifier] Failed to find a Signature Verifier "
+						+ "for Client Registration: 'registration-id'. "
+						+ "Check to ensure you have configured the JwkSet URI.");
 	}
 
 	@Test
@@ -117,9 +117,9 @@ public class OidcIdTokenDecoderFactoryTests {
 		this.idTokenDecoderFactory.setJwsAlgorithmResolver(clientRegistration -> MacAlgorithm.HS256);
 		assertThatThrownBy(() -> this.idTokenDecoderFactory.createDecoder(this.registration.clientSecret(null).build()))
 				.isInstanceOf(OAuth2AuthenticationException.class)
-				.hasMessage("[missing_signature_verifier] Failed to find a Signature Verifier " +
-						"for Client Registration: 'registration-id'. " +
-						"Check to ensure you have configured the client secret.");
+				.hasMessage("[missing_signature_verifier] Failed to find a Signature Verifier "
+						+ "for Client Registration: 'registration-id'. "
+						+ "Check to ensure you have configured the client secret.");
 	}
 
 	@Test
@@ -127,15 +127,14 @@ public class OidcIdTokenDecoderFactoryTests {
 		this.idTokenDecoderFactory.setJwsAlgorithmResolver(clientRegistration -> null);
 		assertThatThrownBy(() -> this.idTokenDecoderFactory.createDecoder(this.registration.build()))
 				.isInstanceOf(OAuth2AuthenticationException.class)
-				.hasMessage("[missing_signature_verifier] Failed to find a Signature Verifier " +
-						"for Client Registration: 'registration-id'. " +
-						"Check to ensure you have configured a valid JWS Algorithm: 'null'");
+				.hasMessage("[missing_signature_verifier] Failed to find a Signature Verifier "
+						+ "for Client Registration: 'registration-id'. "
+						+ "Check to ensure you have configured a valid JWS Algorithm: 'null'");
 	}
 
 	@Test
 	public void createDecoderWhenClientRegistrationValidThenReturnDecoder() {
-		assertThat(this.idTokenDecoderFactory.createDecoder(this.registration.build()))
-				.isNotNull();
+		assertThat(this.idTokenDecoderFactory.createDecoder(this.registration.build())).isNotNull();
 	}
 
 	@Test
@@ -160,8 +159,7 @@ public class OidcIdTokenDecoderFactoryTests {
 
 		ClientRegistration clientRegistration = this.registration.build();
 
-		when(customJwsAlgorithmResolver.apply(same(clientRegistration)))
-				.thenReturn(MacAlgorithm.HS256);
+		when(customJwsAlgorithmResolver.apply(same(clientRegistration))).thenReturn(MacAlgorithm.HS256);
 
 		this.idTokenDecoderFactory.createDecoder(clientRegistration);
 
@@ -170,7 +168,8 @@ public class OidcIdTokenDecoderFactoryTests {
 
 	@Test
 	public void createDecoderWhenCustomClaimTypeConverterFactorySetThenApplied() {
-		Function<ClientRegistration, Converter<Map<String, Object>, Map<String, Object>>> customClaimTypeConverterFactory = mock(Function.class);
+		Function<ClientRegistration, Converter<Map<String, Object>, Map<String, Object>>> customClaimTypeConverterFactory = mock(
+				Function.class);
 		this.idTokenDecoderFactory.setClaimTypeConverterFactory(customClaimTypeConverterFactory);
 
 		ClientRegistration clientRegistration = this.registration.build();
@@ -182,4 +181,5 @@ public class OidcIdTokenDecoderFactoryTests {
 
 		verify(customClaimTypeConverterFactory).apply(same(clientRegistration));
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenValidatorTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenValidatorTests.java
index 098fe8d1f2..e813ac2da7 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenValidatorTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenValidatorTests.java
@@ -41,11 +41,17 @@ import static org.assertj.core.api.Assertions.assertThatThrownBy;
  * @since 5.1
  */
 public class OidcIdTokenValidatorTests {
+
 	private ClientRegistration.Builder registration = TestClientRegistrations.clientRegistration();
+
 	private Map<String, Object> headers = new HashMap<>();
+
 	private Map<String, Object> claims = new HashMap<>();
+
 	private Instant issuedAt = Instant.now();
+
 	private Instant expiresAt = this.issuedAt.plusSeconds(3600);
+
 	private Duration clockSkew = Duration.ofSeconds(60);
 
 	@Before
@@ -61,12 +67,10 @@ public class OidcIdTokenValidatorTests {
 		assertThat(this.validateIdToken()).isEmpty();
 	}
 
-
 	@Test
 	public void setClockSkewWhenNullThenThrowIllegalArgumentException() {
 		OidcIdTokenValidator idTokenValidator = new OidcIdTokenValidator(this.registration.build());
-		assertThatThrownBy(() -> idTokenValidator.setClockSkew(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatThrownBy(() -> idTokenValidator.setClockSkew(null)).isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
@@ -79,38 +83,33 @@ public class OidcIdTokenValidatorTests {
 	@Test
 	public void setClockWhenNullThenThrowIllegalArgumentException() {
 		OidcIdTokenValidator idTokenValidator = new OidcIdTokenValidator(this.registration.build());
-		assertThatThrownBy(() -> idTokenValidator.setClock(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatThrownBy(() -> idTokenValidator.setClock(null)).isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
 	public void validateWhenIssuerNullThenHasErrors() {
 		this.claims.remove(IdTokenClaimNames.ISS);
-		assertThat(this.validateIdToken())
-				.hasSize(1)
-				.extracting(OAuth2Error::getDescription)
+		assertThat(this.validateIdToken()).hasSize(1).extracting(OAuth2Error::getDescription)
 				.allMatch(msg -> msg.contains(IdTokenClaimNames.ISS));
 	}
 
 	@Test
 	public void validateWhenMetadataIssuerMismatchThenHasErrors() {
 		/*
-		 * When the issuer is set in the provider metadata, and it does not match the issuer in the ID Token,
-		 * the validation must fail
+		 * When the issuer is set in the provider metadata, and it does not match the
+		 * issuer in the ID Token, the validation must fail
 		 */
 		this.registration = this.registration.issuerUri("https://somethingelse.com");
 
-		assertThat(this.validateIdToken())
-				.hasSize(1)
-				.extracting(OAuth2Error::getDescription)
+		assertThat(this.validateIdToken()).hasSize(1).extracting(OAuth2Error::getDescription)
 				.allMatch(msg -> msg.contains(IdTokenClaimNames.ISS));
 	}
 
 	@Test
 	public void validateWhenMetadataIssuerMatchThenNoErrors() {
 		/*
-		 * When the issuer is set in the provider metadata, and it does match the issuer in the ID Token,
-		 * the validation must succeed
+		 * When the issuer is set in the provider metadata, and it does match the issuer
+		 * in the ID Token, the validation must succeed
 		 */
 		this.registration = this.registration.issuerUri("https://example.com");
 
@@ -120,54 +119,42 @@ public class OidcIdTokenValidatorTests {
 	@Test
 	public void validateWhenSubNullThenHasErrors() {
 		this.claims.remove(IdTokenClaimNames.SUB);
-		assertThat(this.validateIdToken())
-				.hasSize(1)
-				.extracting(OAuth2Error::getDescription)
+		assertThat(this.validateIdToken()).hasSize(1).extracting(OAuth2Error::getDescription)
 				.allMatch(msg -> msg.contains(IdTokenClaimNames.SUB));
 	}
 
 	@Test
 	public void validateWhenAudNullThenHasErrors() {
 		this.claims.remove(IdTokenClaimNames.AUD);
-		assertThat(this.validateIdToken())
-				.hasSize(1)
-				.extracting(OAuth2Error::getDescription)
+		assertThat(this.validateIdToken()).hasSize(1).extracting(OAuth2Error::getDescription)
 				.allMatch(msg -> msg.contains(IdTokenClaimNames.AUD));
 	}
 
 	@Test
 	public void validateWhenIssuedAtNullThenHasErrors() {
 		this.issuedAt = null;
-		assertThat(this.validateIdToken())
-				.hasSize(1)
-				.extracting(OAuth2Error::getDescription)
+		assertThat(this.validateIdToken()).hasSize(1).extracting(OAuth2Error::getDescription)
 				.allMatch(msg -> msg.contains(IdTokenClaimNames.IAT));
 	}
 
 	@Test
 	public void validateWhenExpiresAtNullThenHasErrors() {
 		this.expiresAt = null;
-		assertThat(this.validateIdToken())
-				.hasSize(1)
-				.extracting(OAuth2Error::getDescription)
+		assertThat(this.validateIdToken()).hasSize(1).extracting(OAuth2Error::getDescription)
 				.allMatch(msg -> msg.contains(IdTokenClaimNames.EXP));
 	}
 
 	@Test
 	public void validateWhenAudMultipleAndAzpNullThenHasErrors() {
 		this.claims.put(IdTokenClaimNames.AUD, Arrays.asList("client-id", "other"));
-		assertThat(this.validateIdToken())
-				.hasSize(1)
-				.extracting(OAuth2Error::getDescription)
+		assertThat(this.validateIdToken()).hasSize(1).extracting(OAuth2Error::getDescription)
 				.allMatch(msg -> msg.contains(IdTokenClaimNames.AZP));
 	}
 
 	@Test
 	public void validateWhenAzpNotClientIdThenHasErrors() {
 		this.claims.put(IdTokenClaimNames.AZP, "other");
-		assertThat(this.validateIdToken())
-				.hasSize(1)
-				.extracting(OAuth2Error::getDescription)
+		assertThat(this.validateIdToken()).hasSize(1).extracting(OAuth2Error::getDescription)
 				.allMatch(msg -> msg.contains(IdTokenClaimNames.AZP));
 	}
 
@@ -182,18 +169,14 @@ public class OidcIdTokenValidatorTests {
 	public void validateWhenMultipleAudAzpNotClientIdThenHasErrors() {
 		this.claims.put(IdTokenClaimNames.AUD, Arrays.asList("client-id-1", "client-id-2"));
 		this.claims.put(IdTokenClaimNames.AZP, "other-client");
-		assertThat(this.validateIdToken())
-				.hasSize(1)
-				.extracting(OAuth2Error::getDescription)
+		assertThat(this.validateIdToken()).hasSize(1).extracting(OAuth2Error::getDescription)
 				.allMatch(msg -> msg.contains(IdTokenClaimNames.AZP));
 	}
 
 	@Test
 	public void validateWhenAudNotClientIdThenHasErrors() {
 		this.claims.put(IdTokenClaimNames.AUD, Collections.singletonList("other-client"));
-		assertThat(this.validateIdToken())
-				.hasSize(1)
-				.extracting(OAuth2Error::getDescription)
+		assertThat(this.validateIdToken()).hasSize(1).extracting(OAuth2Error::getDescription)
 				.allMatch(msg -> msg.contains(IdTokenClaimNames.AUD));
 	}
 
@@ -210,9 +193,7 @@ public class OidcIdTokenValidatorTests {
 		this.issuedAt = Instant.now().minus(Duration.ofSeconds(60));
 		this.expiresAt = this.issuedAt.plus(Duration.ofSeconds(30));
 		this.clockSkew = Duration.ofSeconds(0);
-		assertThat(this.validateIdToken())
-				.hasSize(1)
-				.extracting(OAuth2Error::getDescription)
+		assertThat(this.validateIdToken()).hasSize(1).extracting(OAuth2Error::getDescription)
 				.allMatch(msg -> msg.contains(IdTokenClaimNames.EXP));
 	}
 
@@ -229,9 +210,7 @@ public class OidcIdTokenValidatorTests {
 		this.issuedAt = Instant.now().plus(Duration.ofMinutes(1));
 		this.expiresAt = this.issuedAt.plus(Duration.ofSeconds(60));
 		this.clockSkew = Duration.ofMinutes(0);
-		assertThat(this.validateIdToken())
-				.hasSize(1)
-				.extracting(OAuth2Error::getDescription)
+		assertThat(this.validateIdToken()).hasSize(1).extracting(OAuth2Error::getDescription)
 				.allMatch(msg -> msg.contains(IdTokenClaimNames.IAT));
 	}
 
@@ -240,9 +219,7 @@ public class OidcIdTokenValidatorTests {
 		this.issuedAt = Instant.now().minus(Duration.ofSeconds(10));
 		this.expiresAt = this.issuedAt.plus(Duration.ofSeconds(5));
 		this.clockSkew = Duration.ofSeconds(0);
-		assertThat(this.validateIdToken())
-				.hasSize(1)
-				.extracting(OAuth2Error::getDescription)
+		assertThat(this.validateIdToken()).hasSize(1).extracting(OAuth2Error::getDescription)
 				.allMatch(msg -> msg.contains(IdTokenClaimNames.EXP));
 	}
 
@@ -252,9 +229,7 @@ public class OidcIdTokenValidatorTests {
 		this.claims.remove(IdTokenClaimNames.AUD);
 		this.issuedAt = null;
 		this.expiresAt = null;
-		assertThat(this.validateIdToken())
-				.hasSize(1)
-				.extracting(OAuth2Error::getDescription)
+		assertThat(this.validateIdToken()).hasSize(1).extracting(OAuth2Error::getDescription)
 				.allMatch(msg -> msg.contains(IdTokenClaimNames.SUB))
 				.allMatch(msg -> msg.contains(IdTokenClaimNames.AUD))
 				.allMatch(msg -> msg.contains(IdTokenClaimNames.IAT))
@@ -265,21 +240,16 @@ public class OidcIdTokenValidatorTests {
 	public void validateFormatError() {
 		this.claims.remove(IdTokenClaimNames.SUB);
 		this.claims.remove(IdTokenClaimNames.AUD);
-		assertThat(this.validateIdToken())
-				.hasSize(1)
-				.extracting(OAuth2Error::getDescription)
+		assertThat(this.validateIdToken()).hasSize(1).extracting(OAuth2Error::getDescription)
 				.allMatch(msg -> msg.equals("The ID Token contains invalid claims: {sub=null, aud=null}"));
 	}
 
 	private Collection<OAuth2Error> validateIdToken() {
-		Jwt idToken = Jwt.withTokenValue("token")
-			.issuedAt(this.issuedAt)
-			.expiresAt(this.expiresAt)
-			.headers(h -> h.putAll(this.headers))
-			.claims(c -> c.putAll(this.claims))
-			.build();
+		Jwt idToken = Jwt.withTokenValue("token").issuedAt(this.issuedAt).expiresAt(this.expiresAt)
+				.headers(h -> h.putAll(this.headers)).claims(c -> c.putAll(this.claims)).build();
 		OidcIdTokenValidator validator = new OidcIdTokenValidator(this.registration.build());
 		validator.setClockSkew(this.clockSkew);
 		return validator.validate(idToken).getErrors();
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/ReactiveOidcIdTokenDecoderFactoryTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/ReactiveOidcIdTokenDecoderFactoryTests.java
index bb2122a5cc..dc9f2b0513 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/ReactiveOidcIdTokenDecoderFactoryTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/ReactiveOidcIdTokenDecoderFactoryTests.java
@@ -44,8 +44,7 @@ import static org.mockito.Mockito.*;
  */
 public class ReactiveOidcIdTokenDecoderFactoryTests {
 
-	private ClientRegistration.Builder registration = TestClientRegistrations.clientRegistration()
-			.scope("openid");
+	private ClientRegistration.Builder registration = TestClientRegistrations.clientRegistration().scope("openid");
 
 	private ReactiveOidcIdTokenDecoderFactory idTokenDecoderFactory;
 
@@ -56,7 +55,8 @@ public class ReactiveOidcIdTokenDecoderFactoryTests {
 
 	@Test
 	public void createDefaultClaimTypeConvertersWhenCalledThenDefaultsAreCorrect() {
-		Map<String, Converter<Object, ?>> claimTypeConverters = ReactiveOidcIdTokenDecoderFactory.createDefaultClaimTypeConverters();
+		Map<String, Converter<Object, ?>> claimTypeConverters = ReactiveOidcIdTokenDecoderFactory
+				.createDefaultClaimTypeConverters();
 		assertThat(claimTypeConverters).containsKey(IdTokenClaimNames.ISS);
 		assertThat(claimTypeConverters).containsKey(IdTokenClaimNames.AUD);
 		assertThat(claimTypeConverters).containsKey(IdTokenClaimNames.NONCE);
@@ -97,9 +97,9 @@ public class ReactiveOidcIdTokenDecoderFactoryTests {
 	public void createDecoderWhenJwsAlgorithmDefaultAndJwkSetUriEmptyThenThrowOAuth2AuthenticationException() {
 		assertThatThrownBy(() -> this.idTokenDecoderFactory.createDecoder(this.registration.jwkSetUri(null).build()))
 				.isInstanceOf(OAuth2AuthenticationException.class)
-				.hasMessage("[missing_signature_verifier] Failed to find a Signature Verifier " +
-						"for Client Registration: 'registration-id'. " +
-						"Check to ensure you have configured the JwkSet URI.");
+				.hasMessage("[missing_signature_verifier] Failed to find a Signature Verifier "
+						+ "for Client Registration: 'registration-id'. "
+						+ "Check to ensure you have configured the JwkSet URI.");
 	}
 
 	@Test
@@ -107,9 +107,9 @@ public class ReactiveOidcIdTokenDecoderFactoryTests {
 		this.idTokenDecoderFactory.setJwsAlgorithmResolver(clientRegistration -> SignatureAlgorithm.ES256);
 		assertThatThrownBy(() -> this.idTokenDecoderFactory.createDecoder(this.registration.jwkSetUri(null).build()))
 				.isInstanceOf(OAuth2AuthenticationException.class)
-				.hasMessage("[missing_signature_verifier] Failed to find a Signature Verifier " +
-						"for Client Registration: 'registration-id'. " +
-						"Check to ensure you have configured the JwkSet URI.");
+				.hasMessage("[missing_signature_verifier] Failed to find a Signature Verifier "
+						+ "for Client Registration: 'registration-id'. "
+						+ "Check to ensure you have configured the JwkSet URI.");
 	}
 
 	@Test
@@ -117,9 +117,9 @@ public class ReactiveOidcIdTokenDecoderFactoryTests {
 		this.idTokenDecoderFactory.setJwsAlgorithmResolver(clientRegistration -> MacAlgorithm.HS256);
 		assertThatThrownBy(() -> this.idTokenDecoderFactory.createDecoder(this.registration.clientSecret(null).build()))
 				.isInstanceOf(OAuth2AuthenticationException.class)
-				.hasMessage("[missing_signature_verifier] Failed to find a Signature Verifier " +
-						"for Client Registration: 'registration-id'. " +
-						"Check to ensure you have configured the client secret.");
+				.hasMessage("[missing_signature_verifier] Failed to find a Signature Verifier "
+						+ "for Client Registration: 'registration-id'. "
+						+ "Check to ensure you have configured the client secret.");
 	}
 
 	@Test
@@ -127,15 +127,14 @@ public class ReactiveOidcIdTokenDecoderFactoryTests {
 		this.idTokenDecoderFactory.setJwsAlgorithmResolver(clientRegistration -> null);
 		assertThatThrownBy(() -> this.idTokenDecoderFactory.createDecoder(this.registration.build()))
 				.isInstanceOf(OAuth2AuthenticationException.class)
-				.hasMessage("[missing_signature_verifier] Failed to find a Signature Verifier " +
-						"for Client Registration: 'registration-id'. " +
-						"Check to ensure you have configured a valid JWS Algorithm: 'null'");
+				.hasMessage("[missing_signature_verifier] Failed to find a Signature Verifier "
+						+ "for Client Registration: 'registration-id'. "
+						+ "Check to ensure you have configured a valid JWS Algorithm: 'null'");
 	}
 
 	@Test
 	public void createDecoderWhenClientRegistrationValidThenReturnDecoder() {
-		assertThat(this.idTokenDecoderFactory.createDecoder(this.registration.build()))
-				.isNotNull();
+		assertThat(this.idTokenDecoderFactory.createDecoder(this.registration.build())).isNotNull();
 	}
 
 	@Test
@@ -160,8 +159,7 @@ public class ReactiveOidcIdTokenDecoderFactoryTests {
 
 		ClientRegistration clientRegistration = this.registration.build();
 
-		when(customJwsAlgorithmResolver.apply(same(clientRegistration)))
-				.thenReturn(MacAlgorithm.HS256);
+		when(customJwsAlgorithmResolver.apply(same(clientRegistration))).thenReturn(MacAlgorithm.HS256);
 
 		this.idTokenDecoderFactory.createDecoder(clientRegistration);
 
@@ -170,7 +168,8 @@ public class ReactiveOidcIdTokenDecoderFactoryTests {
 
 	@Test
 	public void createDecoderWhenCustomClaimTypeConverterFactorySetThenApplied() {
-		Function<ClientRegistration, Converter<Map<String, Object>, Map<String, Object>>> customClaimTypeConverterFactory = mock(Function.class);
+		Function<ClientRegistration, Converter<Map<String, Object>, Map<String, Object>>> customClaimTypeConverterFactory = mock(
+				Function.class);
 		this.idTokenDecoderFactory.setClaimTypeConverterFactory(customClaimTypeConverterFactory);
 
 		ClientRegistration clientRegistration = this.registration.build();
@@ -182,4 +181,5 @@ public class ReactiveOidcIdTokenDecoderFactoryTests {
 
 		verify(customClaimTypeConverterFactory).apply(same(clientRegistration));
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcReactiveOAuth2UserServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcReactiveOAuth2UserServiceTests.java
index e84e9f38dd..52c101f0c9 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcReactiveOAuth2UserServiceTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcReactiveOAuth2UserServiceTests.java
@@ -69,6 +69,7 @@ import static org.springframework.security.oauth2.core.oidc.TestOidcIdTokens.idT
  */
 @RunWith(MockitoJUnitRunner.class)
 public class OidcReactiveOAuth2UserServiceTests {
+
 	@Mock
 	private ReactiveOAuth2UserService<OAuth2UserRequest, OAuth2User> oauth2UserService;
 
@@ -77,11 +78,8 @@ public class OidcReactiveOAuth2UserServiceTests {
 
 	private OidcIdToken idToken = idToken().build();
 
-	private OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,
-			"token",
-			Instant.now(),
-			Instant.now().plus(Duration.ofDays(1)),
-			Collections.singleton("read:user"));
+	private OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, "token",
+			Instant.now(), Instant.now().plus(Duration.ofDays(1)), Collections.singleton("read:user"));
 
 	private OidcReactiveOAuth2UserService userService = new OidcReactiveOAuth2UserService();
 
@@ -92,7 +90,8 @@ public class OidcReactiveOAuth2UserServiceTests {
 
 	@Test
 	public void createDefaultClaimTypeConvertersWhenCalledThenDefaultsAreCorrect() {
-		Map<String, Converter<Object, ?>> claimTypeConverters = OidcReactiveOAuth2UserService.createDefaultClaimTypeConverters();
+		Map<String, Converter<Object, ?>> claimTypeConverters = OidcReactiveOAuth2UserService
+				.createDefaultClaimTypeConverters();
 		assertThat(claimTypeConverters).containsKey(StandardClaimNames.EMAIL_VERIFIED);
 		assertThat(claimTypeConverters).containsKey(StandardClaimNames.PHONE_NUMBER_VERIFIED);
 		assertThat(claimTypeConverters).containsKey(StandardClaimNames.UPDATED_AT);
@@ -124,11 +123,12 @@ public class OidcReactiveOAuth2UserServiceTests {
 
 	@Test
 	public void loadUserWhenOAuth2UserSubjectNullThenOAuth2AuthenticationException() {
-		OAuth2User oauth2User = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("ROLE_USER"), Collections.singletonMap("user", "rob"), "user");
+		OAuth2User oauth2User = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("ROLE_USER"),
+				Collections.singletonMap("user", "rob"), "user");
 		when(this.oauth2UserService.loadUser(any())).thenReturn(Mono.just(oauth2User));
 
 		assertThatCode(() -> this.userService.loadUser(userRequest()).block())
-			.isInstanceOf(OAuth2AuthenticationException.class);
+				.isInstanceOf(OAuth2AuthenticationException.class);
 	}
 
 	@Test
@@ -136,8 +136,8 @@ public class OidcReactiveOAuth2UserServiceTests {
 		Map<String, Object> attributes = new HashMap<>();
 		attributes.put(StandardClaimNames.SUB, "not-equal");
 		attributes.put("user", "rob");
-		OAuth2User oauth2User = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("ROLE_USER"),
-				attributes, "user");
+		OAuth2User oauth2User = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("ROLE_USER"), attributes,
+				"user");
 		when(this.oauth2UserService.loadUser(any())).thenReturn(Mono.just(oauth2User));
 
 		assertThatCode(() -> this.userService.loadUser(userRequest()).block())
@@ -149,8 +149,8 @@ public class OidcReactiveOAuth2UserServiceTests {
 		Map<String, Object> attributes = new HashMap<>();
 		attributes.put(StandardClaimNames.SUB, "subject");
 		attributes.put("user", "rob");
-		OAuth2User oauth2User = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("ROLE_USER"),
-				attributes, "user");
+		OAuth2User oauth2User = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("ROLE_USER"), attributes,
+				"user");
 		when(this.oauth2UserService.loadUser(any())).thenReturn(Mono.just(oauth2User));
 
 		assertThat(this.userService.loadUser(userRequest()).block().getUserInfo()).isNotNull();
@@ -162,8 +162,8 @@ public class OidcReactiveOAuth2UserServiceTests {
 		Map<String, Object> attributes = new HashMap<>();
 		attributes.put(StandardClaimNames.SUB, "subject");
 		attributes.put("user", "rob");
-		OAuth2User oauth2User = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("ROLE_USER"),
-				attributes, "user");
+		OAuth2User oauth2User = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("ROLE_USER"), attributes,
+				"user");
 		when(this.oauth2UserService.loadUser(any())).thenReturn(Mono.just(oauth2User));
 
 		assertThat(this.userService.loadUser(userRequest()).block().getName()).isEqualTo("rob");
@@ -174,13 +174,14 @@ public class OidcReactiveOAuth2UserServiceTests {
 		Map<String, Object> attributes = new HashMap<>();
 		attributes.put(StandardClaimNames.SUB, "subject");
 		attributes.put("user", "rob");
-		OAuth2User oauth2User = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("ROLE_USER"),
-				attributes, "user");
+		OAuth2User oauth2User = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("ROLE_USER"), attributes,
+				"user");
 		when(this.oauth2UserService.loadUser(any())).thenReturn(Mono.just(oauth2User));
 
 		OidcUserRequest userRequest = userRequest();
 
-		Function<ClientRegistration, Converter<Map<String, Object>, Map<String, Object>>> customClaimTypeConverterFactory = mock(Function.class);
+		Function<ClientRegistration, Converter<Map<String, Object>, Map<String, Object>>> customClaimTypeConverterFactory = mock(
+				Function.class);
 		this.userService.setClaimTypeConverterFactory(customClaimTypeConverterFactory);
 
 		when(customClaimTypeConverterFactory.apply(same(userRequest.getClientRegistration())))
@@ -194,8 +195,8 @@ public class OidcReactiveOAuth2UserServiceTests {
 	@Test
 	public void loadUserWhenTokenContainsScopesThenIndividualScopeAuthorities() {
 		OidcReactiveOAuth2UserService userService = new OidcReactiveOAuth2UserService();
-		OidcUserRequest request = new OidcUserRequest(
-				clientRegistration().build(), scopes("message:read", "message:write"), idToken().build());
+		OidcUserRequest request = new OidcUserRequest(clientRegistration().build(),
+				scopes("message:read", "message:write"), idToken().build());
 		OidcUser user = userService.loadUser(request).block();
 
 		assertThat(user.getAuthorities()).hasSize(3);
@@ -208,8 +209,7 @@ public class OidcReactiveOAuth2UserServiceTests {
 	@Test
 	public void loadUserWhenTokenDoesNotContainScopesThenNoScopeAuthorities() {
 		OidcReactiveOAuth2UserService userService = new OidcReactiveOAuth2UserService();
-		OidcUserRequest request = new OidcUserRequest(
-				clientRegistration().build(), noScopes(), idToken().build());
+		OidcUserRequest request = new OidcUserRequest(clientRegistration().build(), noScopes(), idToken().build());
 		OidcUser user = userService.loadUser(request).block();
 
 		assertThat(user.getAuthorities()).hasSize(1);
@@ -220,4 +220,5 @@ public class OidcReactiveOAuth2UserServiceTests {
 	private OidcUserRequest userRequest() {
 		return new OidcUserRequest(this.registration.build(), this.accessToken, this.idToken);
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestTests.java
index b1e2b5481b..88f668af69 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestTests.java
@@ -39,17 +39,20 @@ import static org.springframework.security.oauth2.core.oidc.TestOidcIdTokens.idT
  * @author Joe Grandja
  */
 public class OidcUserRequestTests {
+
 	private ClientRegistration clientRegistration;
+
 	private OAuth2AccessToken accessToken;
+
 	private OidcIdToken idToken;
+
 	private Map<String, Object> additionalParameters;
 
 	@Before
 	public void setUp() {
 		this.clientRegistration = clientRegistration().build();
-		this.accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,
-				"access-token-1234", Instant.now(), Instant.now().plusSeconds(60),
-				new LinkedHashSet<>(Arrays.asList("scope1", "scope2")));
+		this.accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, "access-token-1234", Instant.now(),
+				Instant.now().plusSeconds(60), new LinkedHashSet<>(Arrays.asList("scope1", "scope2")));
 		this.idToken = idToken().authorizedParty(this.clientRegistration.getClientId()).build();
 		this.additionalParameters = new HashMap<>();
 		this.additionalParameters.put("param1", "value1");
@@ -76,12 +79,13 @@ public class OidcUserRequestTests {
 
 	@Test
 	public void constructorWhenAllParametersProvidedAndValidThenCreated() {
-		OidcUserRequest userRequest = new OidcUserRequest(
-			this.clientRegistration, this.accessToken, this.idToken, this.additionalParameters);
+		OidcUserRequest userRequest = new OidcUserRequest(this.clientRegistration, this.accessToken, this.idToken,
+				this.additionalParameters);
 
 		assertThat(userRequest.getClientRegistration()).isEqualTo(this.clientRegistration);
 		assertThat(userRequest.getAccessToken()).isEqualTo(this.accessToken);
 		assertThat(userRequest.getIdToken()).isEqualTo(this.idToken);
 		assertThat(userRequest.getAdditionalParameters()).containsAllEntriesOf(this.additionalParameters);
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestUtilsTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestUtilsTests.java
index f5270813f7..79fc3ad856 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestUtilsTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestUtilsTests.java
@@ -36,15 +36,13 @@ import static org.assertj.core.api.Assertions.assertThat;
  * @since 5.1
  */
 public class OidcUserRequestUtilsTests {
+
 	private ClientRegistration.Builder registration = TestClientRegistrations.clientRegistration();
 
 	OidcIdToken idToken = TestOidcIdTokens.idToken().build();
 
-	OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,
-			"token",
-			Instant.now(),
-			Instant.now().plus(Duration.ofDays(1)),
-			Collections.singleton("read:user"));
+	OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, "token", Instant.now(),
+			Instant.now().plus(Duration.ofDays(1)), Collections.singleton("read:user"));
 
 	@Test
 	public void shouldRetrieveUserInfoWhenEndpointDefinedAndScopesOverlapThenTrue() {
@@ -75,4 +73,5 @@ public class OidcUserRequestUtilsTests {
 	private OidcUserRequest userRequest() {
 		return new OidcUserRequest(this.registration.build(), this.accessToken, this.idToken);
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserServiceTests.java
index 8a5a495d7a..9f3c338456 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserServiceTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserServiceTests.java
@@ -69,10 +69,15 @@ import static org.springframework.security.oauth2.core.oidc.TestOidcIdTokens.idT
  * @author Joe Grandja
  */
 public class OidcUserServiceTests {
+
 	private ClientRegistration.Builder clientRegistrationBuilder;
+
 	private OAuth2AccessToken accessToken;
+
 	private OidcIdToken idToken;
+
 	private OidcUserService userService = new OidcUserService();
+
 	private MockWebServer server;
 
 	@Rule
@@ -82,8 +87,7 @@ public class OidcUserServiceTests {
 	public void setup() throws Exception {
 		this.server = new MockWebServer();
 		this.server.start();
-		this.clientRegistrationBuilder = clientRegistration()
-				.userInfoUri(null)
+		this.clientRegistrationBuilder = clientRegistration().userInfoUri(null)
 				.userInfoAuthenticationMethod(AuthenticationMethod.HEADER)
 				.userNameAttributeName(StandardClaimNames.SUB);
 
@@ -141,116 +145,92 @@ public class OidcUserServiceTests {
 
 	@Test
 	public void loadUserWhenUserInfoUriIsNullThenUserInfoEndpointNotRequested() {
-		OidcUser user = this.userService.loadUser(
-			new OidcUserRequest(this.clientRegistrationBuilder.build(), this.accessToken, this.idToken));
+		OidcUser user = this.userService
+				.loadUser(new OidcUserRequest(this.clientRegistrationBuilder.build(), this.accessToken, this.idToken));
 		assertThat(user.getUserInfo()).isNull();
 	}
 
 	@Test
 	public void loadUserWhenNonStandardScopesAuthorizedThenUserInfoEndpointNotRequested() {
-		ClientRegistration clientRegistration = this.clientRegistrationBuilder
-				.userInfoUri("https://provider.com/user").build();
+		ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri("https://provider.com/user")
+				.build();
 		this.accessToken = scopes("scope1", "scope2");
 
-		OidcUser user = this.userService.loadUser(
-			new OidcUserRequest(clientRegistration, this.accessToken, this.idToken));
+		OidcUser user = this.userService
+				.loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken));
 		assertThat(user.getUserInfo()).isNull();
 	}
 
 	// gh-6886
 	@Test
 	public void loadUserWhenNonStandardScopesAuthorizedAndAccessibleScopesMatchThenUserInfoEndpointRequested() {
-		String userInfoResponse = "{\n" +
-				"	\"sub\": \"subject1\",\n" +
-				"   \"name\": \"first last\",\n" +
-				"   \"given_name\": \"first\",\n" +
-				"   \"family_name\": \"last\",\n" +
-				"   \"preferred_username\": \"user1\",\n" +
-				"   \"email\": \"user1@example.com\"\n" +
-				"}\n";
+		String userInfoResponse = "{\n" + "	\"sub\": \"subject1\",\n" + "   \"name\": \"first last\",\n"
+				+ "   \"given_name\": \"first\",\n" + "   \"family_name\": \"last\",\n"
+				+ "   \"preferred_username\": \"user1\",\n" + "   \"email\": \"user1@example.com\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(userInfoResponse));
 
 		String userInfoUri = this.server.url("/user").toString();
 
-		ClientRegistration clientRegistration = this.clientRegistrationBuilder
-				.userInfoUri(userInfoUri).build();
+		ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).build();
 
 		this.accessToken = scopes("scope1", "scope2");
 		this.userService.setAccessibleScopes(Collections.singleton("scope2"));
 
-		OidcUser user = this.userService.loadUser(
-				new OidcUserRequest(clientRegistration, this.accessToken, this.idToken));
+		OidcUser user = this.userService
+				.loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken));
 		assertThat(user.getUserInfo()).isNotNull();
 	}
 
 	// gh-6886
 	@Test
 	public void loadUserWhenNonStandardScopesAuthorizedAndAccessibleScopesEmptyThenUserInfoEndpointRequested() {
-		String userInfoResponse = "{\n" +
-				"	\"sub\": \"subject1\",\n" +
-				"   \"name\": \"first last\",\n" +
-				"   \"given_name\": \"first\",\n" +
-				"   \"family_name\": \"last\",\n" +
-				"   \"preferred_username\": \"user1\",\n" +
-				"   \"email\": \"user1@example.com\"\n" +
-				"}\n";
+		String userInfoResponse = "{\n" + "	\"sub\": \"subject1\",\n" + "   \"name\": \"first last\",\n"
+				+ "   \"given_name\": \"first\",\n" + "   \"family_name\": \"last\",\n"
+				+ "   \"preferred_username\": \"user1\",\n" + "   \"email\": \"user1@example.com\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(userInfoResponse));
 
 		String userInfoUri = this.server.url("/user").toString();
 
-		ClientRegistration clientRegistration = this.clientRegistrationBuilder
-				.userInfoUri(userInfoUri).build();
+		ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).build();
 
 		this.accessToken = scopes("scope1", "scope2");
 		this.userService.setAccessibleScopes(Collections.emptySet());
 
-		OidcUser user = this.userService.loadUser(
-				new OidcUserRequest(clientRegistration, this.accessToken, this.idToken));
+		OidcUser user = this.userService
+				.loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken));
 		assertThat(user.getUserInfo()).isNotNull();
 	}
 
 	// gh-6886
 	@Test
 	public void loadUserWhenStandardScopesAuthorizedThenUserInfoEndpointRequested() {
-		String userInfoResponse = "{\n" +
-				"	\"sub\": \"subject1\",\n" +
-				"   \"name\": \"first last\",\n" +
-				"   \"given_name\": \"first\",\n" +
-				"   \"family_name\": \"last\",\n" +
-				"   \"preferred_username\": \"user1\",\n" +
-				"   \"email\": \"user1@example.com\"\n" +
-				"}\n";
+		String userInfoResponse = "{\n" + "	\"sub\": \"subject1\",\n" + "   \"name\": \"first last\",\n"
+				+ "   \"given_name\": \"first\",\n" + "   \"family_name\": \"last\",\n"
+				+ "   \"preferred_username\": \"user1\",\n" + "   \"email\": \"user1@example.com\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(userInfoResponse));
 
 		String userInfoUri = this.server.url("/user").toString();
 
-		ClientRegistration clientRegistration = this.clientRegistrationBuilder
-				.userInfoUri(userInfoUri).build();
+		ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).build();
 
-		OidcUser user = this.userService.loadUser(
-				new OidcUserRequest(clientRegistration, this.accessToken, this.idToken));
+		OidcUser user = this.userService
+				.loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken));
 		assertThat(user.getUserInfo()).isNotNull();
 	}
 
 	@Test
 	public void loadUserWhenUserInfoSuccessResponseThenReturnUser() {
-		String userInfoResponse = "{\n" +
-			"	\"sub\": \"subject1\",\n" +
-			"   \"name\": \"first last\",\n" +
-			"   \"given_name\": \"first\",\n" +
-			"   \"family_name\": \"last\",\n" +
-			"   \"preferred_username\": \"user1\",\n" +
-			"   \"email\": \"user1@example.com\"\n" +
-			"}\n";
+		String userInfoResponse = "{\n" + "	\"sub\": \"subject1\",\n" + "   \"name\": \"first last\",\n"
+				+ "   \"given_name\": \"first\",\n" + "   \"family_name\": \"last\",\n"
+				+ "   \"preferred_username\": \"user1\",\n" + "   \"email\": \"user1@example.com\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(userInfoResponse));
 
 		String userInfoUri = this.server.url("/user").toString();
 
-		ClientRegistration clientRegistration = this.clientRegistrationBuilder
-			.userInfoUri(userInfoUri).build();
+		ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).build();
 
-		OidcUser user = this.userService.loadUser(
-			new OidcUserRequest(clientRegistration, this.accessToken, this.idToken));
+		OidcUser user = this.userService
+				.loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken));
 
 		assertThat(user.getIdToken()).isNotNull();
 		assertThat(user.getUserInfo()).isNotNull();
@@ -278,16 +258,13 @@ public class OidcUserServiceTests {
 		this.exception.expect(OAuth2AuthenticationException.class);
 		this.exception.expectMessage(containsString("invalid_user_info_response"));
 
-		String userInfoResponse = "{\n" +
-				"	\"email\": \"full_name@provider.com\",\n" +
-				"	\"name\": \"full name\"\n" +
-				"}\n";
+		String userInfoResponse = "{\n" + "	\"email\": \"full_name@provider.com\",\n" + "	\"name\": \"full name\"\n"
+				+ "}\n";
 		this.server.enqueue(jsonResponse(userInfoResponse));
 
 		String userInfoUri = this.server.url("/user").toString();
 
-		ClientRegistration clientRegistration = this.clientRegistrationBuilder
-				.userInfoUri(userInfoUri)
+		ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri)
 				.userNameAttributeName(StandardClaimNames.EMAIL).build();
 
 		this.userService.loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken));
@@ -298,15 +275,12 @@ public class OidcUserServiceTests {
 		this.exception.expect(OAuth2AuthenticationException.class);
 		this.exception.expectMessage(containsString("invalid_user_info_response"));
 
-		String userInfoResponse = "{\n" +
-			"	\"sub\": \"other-subject\"\n" +
-			"}\n";
+		String userInfoResponse = "{\n" + "	\"sub\": \"other-subject\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(userInfoResponse));
 
 		String userInfoUri = this.server.url("/user").toString();
 
-		ClientRegistration clientRegistration = this.clientRegistrationBuilder
-				.userInfoUri(userInfoUri).build();
+		ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).build();
 
 		this.userService.loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken));
 	}
@@ -314,22 +288,18 @@ public class OidcUserServiceTests {
 	@Test
 	public void loadUserWhenUserInfoSuccessResponseInvalidThenThrowOAuth2AuthenticationException() {
 		this.exception.expect(OAuth2AuthenticationException.class);
-		this.exception.expectMessage(containsString("[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource"));
+		this.exception.expectMessage(containsString(
+				"[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource"));
 
-		String userInfoResponse = "{\n" +
-			"	\"sub\": \"subject1\",\n" +
-			"   \"name\": \"first last\",\n" +
-			"   \"given_name\": \"first\",\n" +
-			"   \"family_name\": \"last\",\n" +
-			"   \"preferred_username\": \"user1\",\n" +
-			"   \"email\": \"user1@example.com\"\n";
-//			"}\n";		// Make the JSON invalid/malformed
+		String userInfoResponse = "{\n" + "	\"sub\": \"subject1\",\n" + "   \"name\": \"first last\",\n"
+				+ "   \"given_name\": \"first\",\n" + "   \"family_name\": \"last\",\n"
+				+ "   \"preferred_username\": \"user1\",\n" + "   \"email\": \"user1@example.com\"\n";
+		// "}\n"; // Make the JSON invalid/malformed
 		this.server.enqueue(jsonResponse(userInfoResponse));
 
 		String userInfoUri = this.server.url("/user").toString();
 
-		ClientRegistration clientRegistration = this.clientRegistrationBuilder
-				.userInfoUri(userInfoUri).build();
+		ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).build();
 
 		this.userService.loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken));
 	}
@@ -337,14 +307,14 @@ public class OidcUserServiceTests {
 	@Test
 	public void loadUserWhenServerErrorThenThrowOAuth2AuthenticationException() {
 		this.exception.expect(OAuth2AuthenticationException.class);
-		this.exception.expectMessage(containsString("[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource: 500 Server Error"));
+		this.exception.expectMessage(containsString(
+				"[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource: 500 Server Error"));
 
 		this.server.enqueue(new MockResponse().setResponseCode(500));
 
 		String userInfoUri = server.url("/user").toString();
 
-		ClientRegistration clientRegistration = this.clientRegistrationBuilder
-				.userInfoUri(userInfoUri).build();
+		ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).build();
 
 		this.userService.loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken));
 	}
@@ -352,36 +322,30 @@ public class OidcUserServiceTests {
 	@Test
 	public void loadUserWhenUserInfoUriInvalidThenThrowOAuth2AuthenticationException() {
 		this.exception.expect(OAuth2AuthenticationException.class);
-		this.exception.expectMessage(containsString("[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource"));
+		this.exception.expectMessage(containsString(
+				"[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource"));
 
 		String userInfoUri = "https://invalid-provider.com/user";
 
-		ClientRegistration clientRegistration = this.clientRegistrationBuilder
-				.userInfoUri(userInfoUri).build();
+		ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).build();
 
 		this.userService.loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken));
 	}
 
 	@Test
 	public void loadUserWhenCustomUserNameAttributeNameThenGetNameReturnsCustomUserName() {
-		String userInfoResponse = "{\n" +
-			"	\"sub\": \"subject1\",\n" +
-			"   \"name\": \"first last\",\n" +
-			"   \"given_name\": \"first\",\n" +
-			"   \"family_name\": \"last\",\n" +
-			"   \"preferred_username\": \"user1\",\n" +
-			"   \"email\": \"user1@example.com\"\n" +
-			"}\n";
+		String userInfoResponse = "{\n" + "	\"sub\": \"subject1\",\n" + "   \"name\": \"first last\",\n"
+				+ "   \"given_name\": \"first\",\n" + "   \"family_name\": \"last\",\n"
+				+ "   \"preferred_username\": \"user1\",\n" + "   \"email\": \"user1@example.com\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(userInfoResponse));
 
 		String userInfoUri = this.server.url("/user").toString();
 
-		ClientRegistration clientRegistration = this.clientRegistrationBuilder
-				.userInfoUri(userInfoUri)
+		ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri)
 				.userNameAttributeName(StandardClaimNames.EMAIL).build();
 
-		OidcUser user = this.userService.loadUser(
-			new OidcUserRequest(clientRegistration, this.accessToken, this.idToken));
+		OidcUser user = this.userService
+				.loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken));
 
 		assertThat(user.getName()).isEqualTo("user1@example.com");
 	}
@@ -389,20 +353,14 @@ public class OidcUserServiceTests {
 	// gh-5294
 	@Test
 	public void loadUserWhenUserInfoSuccessResponseThenAcceptHeaderJson() throws Exception {
-		String userInfoResponse = "{\n" +
-				"	\"sub\": \"subject1\",\n" +
-				"   \"name\": \"first last\",\n" +
-				"   \"given_name\": \"first\",\n" +
-				"   \"family_name\": \"last\",\n" +
-				"   \"preferred_username\": \"user1\",\n" +
-				"   \"email\": \"user1@example.com\"\n" +
-				"}\n";
+		String userInfoResponse = "{\n" + "	\"sub\": \"subject1\",\n" + "   \"name\": \"first last\",\n"
+				+ "   \"given_name\": \"first\",\n" + "   \"family_name\": \"last\",\n"
+				+ "   \"preferred_username\": \"user1\",\n" + "   \"email\": \"user1@example.com\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(userInfoResponse));
 
 		String userInfoUri = this.server.url("/user").toString();
 
-		ClientRegistration clientRegistration = this.clientRegistrationBuilder
-				.userInfoUri(userInfoUri).build();
+		ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).build();
 
 		this.userService.loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken));
 		assertThat(this.server.takeRequest(1, TimeUnit.SECONDS).getHeader(HttpHeaders.ACCEPT))
@@ -412,45 +370,34 @@ public class OidcUserServiceTests {
 	// gh-5500
 	@Test
 	public void loadUserWhenAuthenticationMethodHeaderSuccessResponseThenHttpMethodGet() throws Exception {
-		String userInfoResponse = "{\n" +
-				"	\"sub\": \"subject1\",\n" +
-				"   \"name\": \"first last\",\n" +
-				"   \"given_name\": \"first\",\n" +
-				"   \"family_name\": \"last\",\n" +
-				"   \"preferred_username\": \"user1\",\n" +
-				"   \"email\": \"user1@example.com\"\n" +
-				"}\n";
+		String userInfoResponse = "{\n" + "	\"sub\": \"subject1\",\n" + "   \"name\": \"first last\",\n"
+				+ "   \"given_name\": \"first\",\n" + "   \"family_name\": \"last\",\n"
+				+ "   \"preferred_username\": \"user1\",\n" + "   \"email\": \"user1@example.com\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(userInfoResponse));
 
 		String userInfoUri = this.server.url("/user").toString();
 
-		ClientRegistration clientRegistration = this.clientRegistrationBuilder
-				.userInfoUri(userInfoUri).build();
+		ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).build();
 
 		this.userService.loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken));
 		RecordedRequest request = this.server.takeRequest();
 		assertThat(request.getMethod()).isEqualTo(HttpMethod.GET.name());
 		assertThat(request.getHeader(HttpHeaders.ACCEPT)).isEqualTo(MediaType.APPLICATION_JSON_VALUE);
-		assertThat(request.getHeader(HttpHeaders.AUTHORIZATION)).isEqualTo("Bearer " + this.accessToken.getTokenValue());
+		assertThat(request.getHeader(HttpHeaders.AUTHORIZATION))
+				.isEqualTo("Bearer " + this.accessToken.getTokenValue());
 	}
 
 	// gh-5500
 	@Test
 	public void loadUserWhenAuthenticationMethodFormSuccessResponseThenHttpMethodPost() throws Exception {
-		String userInfoResponse = "{\n" +
-				"	\"sub\": \"subject1\",\n" +
-				"   \"name\": \"first last\",\n" +
-				"   \"given_name\": \"first\",\n" +
-				"   \"family_name\": \"last\",\n" +
-				"   \"preferred_username\": \"user1\",\n" +
-				"   \"email\": \"user1@example.com\"\n" +
-				"}\n";
+		String userInfoResponse = "{\n" + "	\"sub\": \"subject1\",\n" + "   \"name\": \"first last\",\n"
+				+ "   \"given_name\": \"first\",\n" + "   \"family_name\": \"last\",\n"
+				+ "   \"preferred_username\": \"user1\",\n" + "   \"email\": \"user1@example.com\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(userInfoResponse));
 
 		String userInfoUri = this.server.url("/user").toString();
 
-		ClientRegistration clientRegistration = this.clientRegistrationBuilder
-				.userInfoUri(userInfoUri)
+		ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri)
 				.userInfoAuthenticationMethod(AuthenticationMethod.FORM).build();
 
 		this.userService.loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken));
@@ -463,23 +410,17 @@ public class OidcUserServiceTests {
 
 	@Test
 	public void loadUserWhenCustomClaimTypeConverterFactorySetThenApplied() {
-		String userInfoResponse = "{\n" +
-				"	\"sub\": \"subject1\",\n" +
-				"   \"name\": \"first last\",\n" +
-				"   \"given_name\": \"first\",\n" +
-				"   \"family_name\": \"last\",\n" +
-				"   \"preferred_username\": \"user1\",\n" +
-				"   \"email\": \"user1@example.com\"\n" +
-				"}\n";
+		String userInfoResponse = "{\n" + "	\"sub\": \"subject1\",\n" + "   \"name\": \"first last\",\n"
+				+ "   \"given_name\": \"first\",\n" + "   \"family_name\": \"last\",\n"
+				+ "   \"preferred_username\": \"user1\",\n" + "   \"email\": \"user1@example.com\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(userInfoResponse));
 
 		String userInfoUri = this.server.url("/user").toString();
 
-		ClientRegistration clientRegistration = this.clientRegistrationBuilder
-				.userInfoUri(userInfoUri)
-				.build();
+		ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).build();
 
-		Function<ClientRegistration, Converter<Map<String, Object>, Map<String, Object>>> customClaimTypeConverterFactory = mock(Function.class);
+		Function<ClientRegistration, Converter<Map<String, Object>, Map<String, Object>>> customClaimTypeConverterFactory = mock(
+				Function.class);
 		this.userService.setClaimTypeConverterFactory(customClaimTypeConverterFactory);
 
 		when(customClaimTypeConverterFactory.apply(same(clientRegistration)))
@@ -507,8 +448,7 @@ public class OidcUserServiceTests {
 	@Test
 	public void loadUserWhenTokenDoesNotContainScopesThenNoScopeAuthorities() {
 		OidcUserService userService = new OidcUserService();
-		OidcUserRequest request = new OidcUserRequest(clientRegistration().build(),
-				noScopes(), idToken().build());
+		OidcUserRequest request = new OidcUserRequest(clientRegistration().build(), noScopes(), idToken().build());
 		OidcUser user = userService.loadUser(request);
 
 		assertThat(user.getAuthorities()).hasSize(1);
@@ -517,8 +457,7 @@ public class OidcUserServiceTests {
 	}
 
 	private MockResponse jsonResponse(String json) {
-		return new MockResponse()
-				.setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE)
-				.setBody(json);
+		return new MockResponse().setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE).setBody(json);
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/logout/OidcClientInitiatedLogoutSuccessHandlerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/logout/OidcClientInitiatedLogoutSuccessHandlerTests.java
index 59a7c08150..8413106273 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/logout/OidcClientInitiatedLogoutSuccessHandlerTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/logout/OidcClientInitiatedLogoutSuccessHandlerTests.java
@@ -47,14 +47,15 @@ import static org.mockito.Mockito.mock;
  */
 @RunWith(MockitoJUnitRunner.class)
 public class OidcClientInitiatedLogoutSuccessHandlerTests {
-	ClientRegistration registration = TestClientRegistrations
-			.clientRegistration()
-			.providerConfigurationMetadata(
-					Collections.singletonMap("end_session_endpoint", "https://endpoint"))
+
+	ClientRegistration registration = TestClientRegistrations.clientRegistration()
+			.providerConfigurationMetadata(Collections.singletonMap("end_session_endpoint", "https://endpoint"))
 			.build();
+
 	ClientRegistrationRepository repository = new InMemoryClientRegistrationRepository(registration);
 
 	MockHttpServletRequest request;
+
 	MockHttpServletResponse response;
 
 	OidcClientInitiatedLogoutSuccessHandler handler;
@@ -67,12 +68,9 @@ public class OidcClientInitiatedLogoutSuccessHandlerTests {
 	}
 
 	@Test
-	public void logoutWhenOidcRedirectUrlConfiguredThenRedirects()
-			throws IOException, ServletException {
-		OAuth2AuthenticationToken token = new OAuth2AuthenticationToken(
-				TestOidcUsers.create(),
-				AuthorityUtils.NO_AUTHORITIES,
-				this.registration.getRegistrationId());
+	public void logoutWhenOidcRedirectUrlConfiguredThenRedirects() throws IOException, ServletException {
+		OAuth2AuthenticationToken token = new OAuth2AuthenticationToken(TestOidcUsers.create(),
+				AuthorityUtils.NO_AUTHORITIES, this.registration.getRegistrationId());
 
 		this.request.setUserPrincipal(token);
 		this.handler.onLogoutSuccess(this.request, this.response, token);
@@ -81,8 +79,7 @@ public class OidcClientInitiatedLogoutSuccessHandlerTests {
 	}
 
 	@Test
-	public void logoutWhenNotOAuth2AuthenticationThenDefaults()
-			throws IOException, ServletException {
+	public void logoutWhenNotOAuth2AuthenticationThenDefaults() throws IOException, ServletException {
 		Authentication token = mock(Authentication.class);
 
 		this.request.setUserPrincipal(token);
@@ -93,12 +90,9 @@ public class OidcClientInitiatedLogoutSuccessHandlerTests {
 	}
 
 	@Test
-	public void logoutWhenNotOidcUserThenDefaults()
-			throws IOException, ServletException {
-		OAuth2AuthenticationToken token = new OAuth2AuthenticationToken(
-				TestOAuth2Users.create(),
-				AuthorityUtils.NO_AUTHORITIES,
-				this.registration.getRegistrationId());
+	public void logoutWhenNotOidcUserThenDefaults() throws IOException, ServletException {
+		OAuth2AuthenticationToken token = new OAuth2AuthenticationToken(TestOAuth2Users.create(),
+				AuthorityUtils.NO_AUTHORITIES, this.registration.getRegistrationId());
 
 		this.request.setUserPrincipal(token);
 		this.handler.setDefaultTargetUrl("https://default");
@@ -108,17 +102,14 @@ public class OidcClientInitiatedLogoutSuccessHandlerTests {
 	}
 
 	@Test
-	public void logoutWhenClientRegistrationHasNoEndSessionEndpointThenDefaults()
-			throws Exception {
+	public void logoutWhenClientRegistrationHasNoEndSessionEndpointThenDefaults() throws Exception {
 
 		ClientRegistration registration = TestClientRegistrations.clientRegistration().build();
 		ClientRegistrationRepository repository = new InMemoryClientRegistrationRepository(registration);
 		OidcClientInitiatedLogoutSuccessHandler handler = new OidcClientInitiatedLogoutSuccessHandler(repository);
 
-		OAuth2AuthenticationToken token = new OAuth2AuthenticationToken(
-				TestOidcUsers.create(),
-				AuthorityUtils.NO_AUTHORITIES,
-				registration.getRegistrationId());
+		OAuth2AuthenticationToken token = new OAuth2AuthenticationToken(TestOidcUsers.create(),
+				AuthorityUtils.NO_AUTHORITIES, registration.getRegistrationId());
 
 		this.request.setUserPrincipal(token);
 		handler.setDefaultTargetUrl("https://default");
@@ -128,31 +119,25 @@ public class OidcClientInitiatedLogoutSuccessHandlerTests {
 	}
 
 	@Test
-	public void logoutWhenUsingPostLogoutRedirectUriThenIncludesItInRedirect()
-			throws IOException, ServletException {
+	public void logoutWhenUsingPostLogoutRedirectUriThenIncludesItInRedirect() throws IOException, ServletException {
 
-		OAuth2AuthenticationToken token = new OAuth2AuthenticationToken(
-				TestOidcUsers.create(),
-				AuthorityUtils.NO_AUTHORITIES,
-				this.registration.getRegistrationId());
+		OAuth2AuthenticationToken token = new OAuth2AuthenticationToken(TestOidcUsers.create(),
+				AuthorityUtils.NO_AUTHORITIES, this.registration.getRegistrationId());
 
 		this.handler.setPostLogoutRedirectUri(URI.create("https://postlogout?encodedparam=value"));
 		this.request.setUserPrincipal(token);
 		this.handler.onLogoutSuccess(this.request, this.response, token);
 
-		assertThat(this.response.getRedirectedUrl()).isEqualTo("https://endpoint?" +
-				"id_token_hint=id-token&" +
-				"post_logout_redirect_uri=https://postlogout?encodedparam%3Dvalue");
+		assertThat(this.response.getRedirectedUrl()).isEqualTo("https://endpoint?" + "id_token_hint=id-token&"
+				+ "post_logout_redirect_uri=https://postlogout?encodedparam%3Dvalue");
 	}
 
 	@Test
 	public void logoutWhenUsingPostLogoutRedirectUriTemplateThenBuildsItForRedirect()
 			throws IOException, ServletException {
 
-		OAuth2AuthenticationToken token = new OAuth2AuthenticationToken(
-				TestOidcUsers.create(),
-				AuthorityUtils.NO_AUTHORITIES,
-				this.registration.getRegistrationId());
+		OAuth2AuthenticationToken token = new OAuth2AuthenticationToken(TestOidcUsers.create(),
+				AuthorityUtils.NO_AUTHORITIES, this.registration.getRegistrationId());
 		this.handler.setPostLogoutRedirectUri("{baseUrl}");
 		this.request.setScheme("https");
 		this.request.setServerPort(443);
@@ -160,9 +145,8 @@ public class OidcClientInitiatedLogoutSuccessHandlerTests {
 		this.request.setUserPrincipal(token);
 		this.handler.onLogoutSuccess(this.request, this.response, token);
 
-		assertThat(this.response.getRedirectedUrl()).isEqualTo("https://endpoint?" +
-				"id_token_hint=id-token&" +
-				"post_logout_redirect_uri=https://rp.example.org");
+		assertThat(this.response.getRedirectedUrl()).isEqualTo(
+				"https://endpoint?" + "id_token_hint=id-token&" + "post_logout_redirect_uri=https://rp.example.org");
 	}
 
 	@Test
@@ -176,4 +160,5 @@ public class OidcClientInitiatedLogoutSuccessHandlerTests {
 		assertThatThrownBy(() -> this.handler.setPostLogoutRedirectUri((String) null))
 				.isInstanceOf(IllegalArgumentException.class);
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/server/logout/OidcClientInitiatedServerLogoutSuccessHandlerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/server/logout/OidcClientInitiatedServerLogoutSuccessHandlerTests.java
index 0dd7ad7209..3ef91ffb3c 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/server/logout/OidcClientInitiatedServerLogoutSuccessHandlerTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/server/logout/OidcClientInitiatedServerLogoutSuccessHandlerTests.java
@@ -49,14 +49,15 @@ import static org.mockito.Mockito.when;
  * Tests for {@link OidcClientInitiatedServerLogoutSuccessHandler}
  */
 public class OidcClientInitiatedServerLogoutSuccessHandlerTests {
-	ClientRegistration registration = TestClientRegistrations
-			.clientRegistration()
-			.providerConfigurationMetadata(
-					Collections.singletonMap("end_session_endpoint", "https://endpoint"))
+
+	ClientRegistration registration = TestClientRegistrations.clientRegistration()
+			.providerConfigurationMetadata(Collections.singletonMap("end_session_endpoint", "https://endpoint"))
 			.build();
+
 	ReactiveClientRegistrationRepository repository = new InMemoryReactiveClientRegistrationRepository(registration);
 
 	ServerWebExchange exchange;
+
 	WebFilterChain chain;
 
 	OidcClientInitiatedServerLogoutSuccessHandler handler;
@@ -72,10 +73,8 @@ public class OidcClientInitiatedServerLogoutSuccessHandlerTests {
 
 	@Test
 	public void logoutWhenOidcRedirectUrlConfiguredThenRedirects() {
-		OAuth2AuthenticationToken token = new OAuth2AuthenticationToken(
-				TestOidcUsers.create(),
-				AuthorityUtils.NO_AUTHORITIES,
-				this.registration.getRegistrationId());
+		OAuth2AuthenticationToken token = new OAuth2AuthenticationToken(TestOidcUsers.create(),
+				AuthorityUtils.NO_AUTHORITIES, this.registration.getRegistrationId());
 
 		when(this.exchange.getPrincipal()).thenReturn(Mono.just(token));
 		WebFilterExchange f = new WebFilterExchange(exchange, this.chain);
@@ -99,10 +98,8 @@ public class OidcClientInitiatedServerLogoutSuccessHandlerTests {
 
 	@Test
 	public void logoutWhenNotOidcUserThenDefaults() {
-		OAuth2AuthenticationToken token = new OAuth2AuthenticationToken(
-				TestOAuth2Users.create(),
-				AuthorityUtils.NO_AUTHORITIES,
-				this.registration.getRegistrationId());
+		OAuth2AuthenticationToken token = new OAuth2AuthenticationToken(TestOAuth2Users.create(),
+				AuthorityUtils.NO_AUTHORITIES, this.registration.getRegistrationId());
 
 		when(this.exchange.getPrincipal()).thenReturn(Mono.just(token));
 		WebFilterExchange f = new WebFilterExchange(exchange, this.chain);
@@ -117,15 +114,13 @@ public class OidcClientInitiatedServerLogoutSuccessHandlerTests {
 	public void logoutWhenClientRegistrationHasNoEndSessionEndpointThenDefaults() {
 
 		ClientRegistration registration = TestClientRegistrations.clientRegistration().build();
-		ReactiveClientRegistrationRepository repository =
-				new InMemoryReactiveClientRegistrationRepository(registration);
-		OidcClientInitiatedServerLogoutSuccessHandler handler =
-				new OidcClientInitiatedServerLogoutSuccessHandler(repository);
+		ReactiveClientRegistrationRepository repository = new InMemoryReactiveClientRegistrationRepository(
+				registration);
+		OidcClientInitiatedServerLogoutSuccessHandler handler = new OidcClientInitiatedServerLogoutSuccessHandler(
+				repository);
 
-		OAuth2AuthenticationToken token = new OAuth2AuthenticationToken(
-				TestOidcUsers.create(),
-				AuthorityUtils.NO_AUTHORITIES,
-				registration.getRegistrationId());
+		OAuth2AuthenticationToken token = new OAuth2AuthenticationToken(TestOidcUsers.create(),
+				AuthorityUtils.NO_AUTHORITIES, registration.getRegistrationId());
 
 		when(this.exchange.getPrincipal()).thenReturn(Mono.just(token));
 		WebFilterExchange f = new WebFilterExchange(exchange, this.chain);
@@ -139,10 +134,8 @@ public class OidcClientInitiatedServerLogoutSuccessHandlerTests {
 	@Test
 	public void logoutWhenUsingPostLogoutRedirectUriThenIncludesItInRedirect() {
 
-		OAuth2AuthenticationToken token = new OAuth2AuthenticationToken(
-				TestOidcUsers.create(),
-				AuthorityUtils.NO_AUTHORITIES,
-				this.registration.getRegistrationId());
+		OAuth2AuthenticationToken token = new OAuth2AuthenticationToken(TestOidcUsers.create(),
+				AuthorityUtils.NO_AUTHORITIES, this.registration.getRegistrationId());
 
 		when(this.exchange.getPrincipal()).thenReturn(Mono.just(token));
 		WebFilterExchange f = new WebFilterExchange(exchange, this.chain);
@@ -150,20 +143,16 @@ public class OidcClientInitiatedServerLogoutSuccessHandlerTests {
 		this.handler.setPostLogoutRedirectUri(URI.create("https://postlogout?encodedparam=value"));
 		this.handler.onLogoutSuccess(f, token).block();
 
-		assertThat(redirectedUrl(this.exchange))
-				.isEqualTo("https://endpoint?" +
-						"id_token_hint=id-token&" +
-						"post_logout_redirect_uri=https://postlogout?encodedparam%3Dvalue");
+		assertThat(redirectedUrl(this.exchange)).isEqualTo("https://endpoint?" + "id_token_hint=id-token&"
+				+ "post_logout_redirect_uri=https://postlogout?encodedparam%3Dvalue");
 	}
 
 	@Test
 	public void logoutWhenUsingPostLogoutRedirectUriTemplateThenBuildsItForRedirect()
 			throws IOException, ServletException {
 
-		OAuth2AuthenticationToken token = new OAuth2AuthenticationToken(
-				TestOidcUsers.create(),
-				AuthorityUtils.NO_AUTHORITIES,
-				this.registration.getRegistrationId());
+		OAuth2AuthenticationToken token = new OAuth2AuthenticationToken(TestOidcUsers.create(),
+				AuthorityUtils.NO_AUTHORITIES, this.registration.getRegistrationId());
 		when(this.exchange.getPrincipal()).thenReturn(Mono.just(token));
 		MockServerHttpRequest request = MockServerHttpRequest.get("https://rp.example.org/").build();
 		when(this.exchange.getRequest()).thenReturn(request);
@@ -172,10 +161,8 @@ public class OidcClientInitiatedServerLogoutSuccessHandlerTests {
 		this.handler.setPostLogoutRedirectUri("{baseUrl}");
 		this.handler.onLogoutSuccess(f, token).block();
 
-		assertThat(redirectedUrl(this.exchange))
-				.isEqualTo("https://endpoint?" +
-						"id_token_hint=id-token&" +
-						"post_logout_redirect_uri=https://rp.example.org");
+		assertThat(redirectedUrl(this.exchange)).isEqualTo(
+				"https://endpoint?" + "id_token_hint=id-token&" + "post_logout_redirect_uri=https://rp.example.org");
 	}
 
 	@Test
@@ -193,4 +180,5 @@ public class OidcClientInitiatedServerLogoutSuccessHandlerTests {
 	private String redirectedUrl(ServerWebExchange exchange) {
 		return exchange.getResponse().getHeaders().getFirst("Location");
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationTests.java
index f934e1fb34..b841824ae5 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationTests.java
@@ -39,19 +39,30 @@ import static org.springframework.security.oauth2.client.registration.TestClient
  * @author Joe Grandja
  */
 public class ClientRegistrationTests {
+
 	private static final String REGISTRATION_ID = "registration-1";
+
 	private static final String CLIENT_ID = "client-1";
+
 	private static final String CLIENT_SECRET = "secret";
+
 	private static final String REDIRECT_URI = "https://example.com";
-	private static final Set<String> SCOPES = Collections.unmodifiableSet(
-			Stream.of("openid", "profile", "email").collect(Collectors.toSet()));
+
+	private static final Set<String> SCOPES = Collections
+			.unmodifiableSet(Stream.of("openid", "profile", "email").collect(Collectors.toSet()));
+
 	private static final String AUTHORIZATION_URI = "https://provider.com/oauth2/authorization";
+
 	private static final String TOKEN_URI = "https://provider.com/oauth2/token";
+
 	private static final String JWK_SET_URI = "https://provider.com/oauth2/keys";
+
 	private static final String ISSUER_URI = "https://provider.com";
+
 	private static final String CLIENT_NAME = "Client 1";
-	private static final Map<String, Object> PROVIDER_CONFIGURATION_METADATA =
-			Collections.unmodifiableMap(createProviderConfigurationMetadata());
+
+	private static final Map<String, Object> PROVIDER_CONFIGURATION_METADATA = Collections
+			.unmodifiableMap(createProviderConfigurationMetadata());
 
 	private static Map<String, Object> createProviderConfigurationMetadata() {
 		Map<String, Object> configurationMetadata = new LinkedHashMap<>();
@@ -62,38 +73,21 @@ public class ClientRegistrationTests {
 
 	@Test(expected = IllegalArgumentException.class)
 	public void buildWhenAuthorizationGrantTypeIsNullThenThrowIllegalArgumentException() {
-		ClientRegistration.withRegistrationId(REGISTRATION_ID)
-			.clientId(CLIENT_ID)
-			.clientSecret(CLIENT_SECRET)
-			.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
-			.authorizationGrantType(null)
-			.redirectUri(REDIRECT_URI)
-			.scope(SCOPES.toArray(new String[0]))
-			.authorizationUri(AUTHORIZATION_URI)
-			.tokenUri(TOKEN_URI)
-			.userInfoAuthenticationMethod(AuthenticationMethod.FORM)
-			.jwkSetUri(JWK_SET_URI)
-			.clientName(CLIENT_NAME)
-			.build();
+		ClientRegistration.withRegistrationId(REGISTRATION_ID).clientId(CLIENT_ID).clientSecret(CLIENT_SECRET)
+				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC).authorizationGrantType(null)
+				.redirectUri(REDIRECT_URI).scope(SCOPES.toArray(new String[0])).authorizationUri(AUTHORIZATION_URI)
+				.tokenUri(TOKEN_URI).userInfoAuthenticationMethod(AuthenticationMethod.FORM).jwkSetUri(JWK_SET_URI)
+				.clientName(CLIENT_NAME).build();
 	}
 
 	@Test
 	public void buildWhenAuthorizationCodeGrantAllAttributesProvidedThenAllAttributesAreSet() {
-		ClientRegistration registration = ClientRegistration.withRegistrationId(REGISTRATION_ID)
-			.clientId(CLIENT_ID)
-			.clientSecret(CLIENT_SECRET)
-			.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
-			.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
-			.redirectUri(REDIRECT_URI)
-			.scope(SCOPES.toArray(new String[0]))
-			.authorizationUri(AUTHORIZATION_URI)
-			.tokenUri(TOKEN_URI)
-			.userInfoAuthenticationMethod(AuthenticationMethod.FORM)
-			.jwkSetUri(JWK_SET_URI)
-			.issuerUri(ISSUER_URI)
-			.providerConfigurationMetadata(PROVIDER_CONFIGURATION_METADATA)
-			.clientName(CLIENT_NAME)
-			.build();
+		ClientRegistration registration = ClientRegistration.withRegistrationId(REGISTRATION_ID).clientId(CLIENT_ID)
+				.clientSecret(CLIENT_SECRET).clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
+				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).redirectUri(REDIRECT_URI)
+				.scope(SCOPES.toArray(new String[0])).authorizationUri(AUTHORIZATION_URI).tokenUri(TOKEN_URI)
+				.userInfoAuthenticationMethod(AuthenticationMethod.FORM).jwkSetUri(JWK_SET_URI).issuerUri(ISSUER_URI)
+				.providerConfigurationMetadata(PROVIDER_CONFIGURATION_METADATA).clientName(CLIENT_NAME).build();
 
 		assertThat(registration.getRegistrationId()).isEqualTo(REGISTRATION_ID);
 		assertThat(registration.getClientId()).isEqualTo(CLIENT_ID);
@@ -104,61 +98,42 @@ public class ClientRegistrationTests {
 		assertThat(registration.getScopes()).isEqualTo(SCOPES);
 		assertThat(registration.getProviderDetails().getAuthorizationUri()).isEqualTo(AUTHORIZATION_URI);
 		assertThat(registration.getProviderDetails().getTokenUri()).isEqualTo(TOKEN_URI);
-		assertThat(registration.getProviderDetails().getUserInfoEndpoint().getAuthenticationMethod()).isEqualTo(AuthenticationMethod.FORM);
+		assertThat(registration.getProviderDetails().getUserInfoEndpoint().getAuthenticationMethod())
+				.isEqualTo(AuthenticationMethod.FORM);
 		assertThat(registration.getProviderDetails().getJwkSetUri()).isEqualTo(JWK_SET_URI);
 		assertThat(registration.getProviderDetails().getIssuerUri()).isEqualTo(ISSUER_URI);
-		assertThat(registration.getProviderDetails().getConfigurationMetadata()).isEqualTo(PROVIDER_CONFIGURATION_METADATA);
+		assertThat(registration.getProviderDetails().getConfigurationMetadata())
+				.isEqualTo(PROVIDER_CONFIGURATION_METADATA);
 		assertThat(registration.getClientName()).isEqualTo(CLIENT_NAME);
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void buildWhenAuthorizationCodeGrantRegistrationIdIsNullThenThrowIllegalArgumentException() {
-		ClientRegistration.withRegistrationId(null)
-			.clientId(CLIENT_ID)
-			.clientSecret(CLIENT_SECRET)
-			.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
-			.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
-			.redirectUri(REDIRECT_URI)
-			.scope(SCOPES.toArray(new String[0]))
-			.authorizationUri(AUTHORIZATION_URI)
-			.tokenUri(TOKEN_URI)
-			.userInfoAuthenticationMethod(AuthenticationMethod.FORM)
-			.jwkSetUri(JWK_SET_URI)
-			.clientName(CLIENT_NAME)
-			.build();
+		ClientRegistration.withRegistrationId(null).clientId(CLIENT_ID).clientSecret(CLIENT_SECRET)
+				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
+				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).redirectUri(REDIRECT_URI)
+				.scope(SCOPES.toArray(new String[0])).authorizationUri(AUTHORIZATION_URI).tokenUri(TOKEN_URI)
+				.userInfoAuthenticationMethod(AuthenticationMethod.FORM).jwkSetUri(JWK_SET_URI).clientName(CLIENT_NAME)
+				.build();
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void buildWhenAuthorizationCodeGrantClientIdIsNullThenThrowIllegalArgumentException() {
-		ClientRegistration.withRegistrationId(REGISTRATION_ID)
-			.clientId(null)
-			.clientSecret(CLIENT_SECRET)
-			.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
-			.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
-			.redirectUri(REDIRECT_URI)
-			.scope(SCOPES.toArray(new String[0]))
-			.authorizationUri(AUTHORIZATION_URI)
-			.tokenUri(TOKEN_URI)
-			.userInfoAuthenticationMethod(AuthenticationMethod.FORM)
-			.jwkSetUri(JWK_SET_URI)
-			.clientName(CLIENT_NAME)
-			.build();
+		ClientRegistration.withRegistrationId(REGISTRATION_ID).clientId(null).clientSecret(CLIENT_SECRET)
+				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
+				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).redirectUri(REDIRECT_URI)
+				.scope(SCOPES.toArray(new String[0])).authorizationUri(AUTHORIZATION_URI).tokenUri(TOKEN_URI)
+				.userInfoAuthenticationMethod(AuthenticationMethod.FORM).jwkSetUri(JWK_SET_URI).clientName(CLIENT_NAME)
+				.build();
 	}
 
 	@Test
 	public void buildWhenAuthorizationCodeGrantClientSecretIsNullThenDefaultToEmpty() {
 		ClientRegistration clientRegistration = ClientRegistration.withRegistrationId(REGISTRATION_ID)
-				.clientId(CLIENT_ID)
-				.clientSecret(null)
-				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
-				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
-				.redirectUri(REDIRECT_URI)
-				.scope(SCOPES.toArray(new String[0]))
-				.authorizationUri(AUTHORIZATION_URI)
-				.tokenUri(TOKEN_URI)
-				.userInfoAuthenticationMethod(AuthenticationMethod.FORM)
-				.jwkSetUri(JWK_SET_URI)
-				.clientName(CLIENT_NAME)
+				.clientId(CLIENT_ID).clientSecret(null).clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
+				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).redirectUri(REDIRECT_URI)
+				.scope(SCOPES.toArray(new String[0])).authorizationUri(AUTHORIZATION_URI).tokenUri(TOKEN_URI)
+				.userInfoAuthenticationMethod(AuthenticationMethod.FORM).jwkSetUri(JWK_SET_URI).clientName(CLIENT_NAME)
 				.build();
 		assertThat(clientRegistration.getClientSecret()).isEqualTo("");
 	}
@@ -166,16 +141,10 @@ public class ClientRegistrationTests {
 	@Test
 	public void buildWhenAuthorizationCodeGrantClientAuthenticationMethodNotProvidedThenDefaultToBasic() {
 		ClientRegistration clientRegistration = ClientRegistration.withRegistrationId(REGISTRATION_ID)
-				.clientId(CLIENT_ID)
-				.clientSecret(CLIENT_SECRET)
-				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
-				.redirectUri(REDIRECT_URI)
-				.scope(SCOPES.toArray(new String[0]))
-				.authorizationUri(AUTHORIZATION_URI)
-				.tokenUri(TOKEN_URI)
-				.userInfoAuthenticationMethod(AuthenticationMethod.FORM)
-				.jwkSetUri(JWK_SET_URI)
-				.clientName(CLIENT_NAME)
+				.clientId(CLIENT_ID).clientSecret(CLIENT_SECRET)
+				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).redirectUri(REDIRECT_URI)
+				.scope(SCOPES.toArray(new String[0])).authorizationUri(AUTHORIZATION_URI).tokenUri(TOKEN_URI)
+				.userInfoAuthenticationMethod(AuthenticationMethod.FORM).jwkSetUri(JWK_SET_URI).clientName(CLIENT_NAME)
 				.build();
 		assertThat(clientRegistration.getClientAuthenticationMethod()).isEqualTo(ClientAuthenticationMethod.BASIC);
 	}
@@ -183,16 +152,10 @@ public class ClientRegistrationTests {
 	@Test
 	public void buildWhenAuthorizationCodeGrantClientAuthenticationMethodNotProvidedAndClientSecretNullThenDefaultToNone() {
 		ClientRegistration clientRegistration = ClientRegistration.withRegistrationId(REGISTRATION_ID)
-				.clientId(CLIENT_ID)
-				.clientSecret(null)
-				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
-				.redirectUri(REDIRECT_URI)
-				.scope(SCOPES.toArray(new String[0]))
-				.authorizationUri(AUTHORIZATION_URI)
-				.tokenUri(TOKEN_URI)
-				.userInfoAuthenticationMethod(AuthenticationMethod.FORM)
-				.jwkSetUri(JWK_SET_URI)
-				.clientName(CLIENT_NAME)
+				.clientId(CLIENT_ID).clientSecret(null)
+				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).redirectUri(REDIRECT_URI)
+				.scope(SCOPES.toArray(new String[0])).authorizationUri(AUTHORIZATION_URI).tokenUri(TOKEN_URI)
+				.userInfoAuthenticationMethod(AuthenticationMethod.FORM).jwkSetUri(JWK_SET_URI).clientName(CLIENT_NAME)
 				.build();
 		assertThat(clientRegistration.getClientAuthenticationMethod()).isEqualTo(ClientAuthenticationMethod.NONE);
 	}
@@ -200,154 +163,94 @@ public class ClientRegistrationTests {
 	@Test
 	public void buildWhenAuthorizationCodeGrantClientAuthenticationMethodNotProvidedAndClientSecretBlankThenDefaultToNone() {
 		ClientRegistration clientRegistration = ClientRegistration.withRegistrationId(REGISTRATION_ID)
-				.clientId(CLIENT_ID)
-				.clientSecret(" ")
-				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
-				.redirectUri(REDIRECT_URI)
-				.scope(SCOPES.toArray(new String[0]))
-				.authorizationUri(AUTHORIZATION_URI)
-				.tokenUri(TOKEN_URI)
-				.userInfoAuthenticationMethod(AuthenticationMethod.FORM)
-				.jwkSetUri(JWK_SET_URI)
-				.clientName(CLIENT_NAME)
-				.build();
+				.clientId(CLIENT_ID).clientSecret(" ").authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
+				.redirectUri(REDIRECT_URI).scope(SCOPES.toArray(new String[0])).authorizationUri(AUTHORIZATION_URI)
+				.tokenUri(TOKEN_URI).userInfoAuthenticationMethod(AuthenticationMethod.FORM).jwkSetUri(JWK_SET_URI)
+				.clientName(CLIENT_NAME).build();
 		assertThat(clientRegistration.getClientAuthenticationMethod()).isEqualTo(ClientAuthenticationMethod.NONE);
 		assertThat(clientRegistration.getClientSecret()).isEqualTo("");
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void buildWhenAuthorizationCodeGrantRedirectUriIsNullThenThrowIllegalArgumentException() {
-		ClientRegistration.withRegistrationId(REGISTRATION_ID)
-			.clientId(CLIENT_ID)
-			.clientSecret(CLIENT_SECRET)
-			.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
-			.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
-			.redirectUri(null)
-			.scope(SCOPES.toArray(new String[0]))
-			.authorizationUri(AUTHORIZATION_URI)
-			.tokenUri(TOKEN_URI)
-			.userInfoAuthenticationMethod(AuthenticationMethod.FORM)
-			.jwkSetUri(JWK_SET_URI)
-			.clientName(CLIENT_NAME)
-			.build();
+		ClientRegistration.withRegistrationId(REGISTRATION_ID).clientId(CLIENT_ID).clientSecret(CLIENT_SECRET)
+				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
+				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).redirectUri(null)
+				.scope(SCOPES.toArray(new String[0])).authorizationUri(AUTHORIZATION_URI).tokenUri(TOKEN_URI)
+				.userInfoAuthenticationMethod(AuthenticationMethod.FORM).jwkSetUri(JWK_SET_URI).clientName(CLIENT_NAME)
+				.build();
 	}
 
 	// gh-5494
 	@Test
 	public void buildWhenAuthorizationCodeGrantScopeIsNullThenScopeNotRequired() {
-		ClientRegistration.withRegistrationId(REGISTRATION_ID)
-			.clientId(CLIENT_ID)
-			.clientSecret(CLIENT_SECRET)
-			.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
-			.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
-			.redirectUri(REDIRECT_URI)
-			.scope((String[]) null)
-			.authorizationUri(AUTHORIZATION_URI)
-			.tokenUri(TOKEN_URI)
-			.userInfoAuthenticationMethod(AuthenticationMethod.FORM)
-			.jwkSetUri(JWK_SET_URI)
-			.clientName(CLIENT_NAME)
-			.build();
+		ClientRegistration.withRegistrationId(REGISTRATION_ID).clientId(CLIENT_ID).clientSecret(CLIENT_SECRET)
+				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
+				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).redirectUri(REDIRECT_URI)
+				.scope((String[]) null).authorizationUri(AUTHORIZATION_URI).tokenUri(TOKEN_URI)
+				.userInfoAuthenticationMethod(AuthenticationMethod.FORM).jwkSetUri(JWK_SET_URI).clientName(CLIENT_NAME)
+				.build();
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void buildWhenAuthorizationCodeGrantAuthorizationUriIsNullThenThrowIllegalArgumentException() {
-		ClientRegistration.withRegistrationId(REGISTRATION_ID)
-			.clientId(CLIENT_ID)
-			.clientSecret(CLIENT_SECRET)
-			.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
-			.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
-			.redirectUri(REDIRECT_URI)
-			.scope(SCOPES.toArray(new String[0]))
-			.authorizationUri(null)
-			.tokenUri(TOKEN_URI)
-			.userInfoAuthenticationMethod(AuthenticationMethod.FORM)
-			.jwkSetUri(JWK_SET_URI)
-			.clientName(CLIENT_NAME)
-			.build();
+		ClientRegistration.withRegistrationId(REGISTRATION_ID).clientId(CLIENT_ID).clientSecret(CLIENT_SECRET)
+				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
+				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).redirectUri(REDIRECT_URI)
+				.scope(SCOPES.toArray(new String[0])).authorizationUri(null).tokenUri(TOKEN_URI)
+				.userInfoAuthenticationMethod(AuthenticationMethod.FORM).jwkSetUri(JWK_SET_URI).clientName(CLIENT_NAME)
+				.build();
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void buildWhenAuthorizationCodeGrantTokenUriIsNullThenThrowIllegalArgumentException() {
-		ClientRegistration.withRegistrationId(REGISTRATION_ID)
-			.clientId(CLIENT_ID)
-			.clientSecret(CLIENT_SECRET)
-			.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
-			.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
-			.redirectUri(REDIRECT_URI)
-			.scope(SCOPES.toArray(new String[0]))
-			.authorizationUri(AUTHORIZATION_URI)
-			.tokenUri(null)
-			.userInfoAuthenticationMethod(AuthenticationMethod.FORM)
-			.jwkSetUri(JWK_SET_URI)
-			.clientName(CLIENT_NAME)
-			.build();
+		ClientRegistration.withRegistrationId(REGISTRATION_ID).clientId(CLIENT_ID).clientSecret(CLIENT_SECRET)
+				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
+				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).redirectUri(REDIRECT_URI)
+				.scope(SCOPES.toArray(new String[0])).authorizationUri(AUTHORIZATION_URI).tokenUri(null)
+				.userInfoAuthenticationMethod(AuthenticationMethod.FORM).jwkSetUri(JWK_SET_URI).clientName(CLIENT_NAME)
+				.build();
 	}
 
 	@Test
 	public void buildWhenAuthorizationCodeGrantClientNameNotProvidedThenDefaultToRegistrationId() {
 		ClientRegistration clientRegistration = ClientRegistration.withRegistrationId(REGISTRATION_ID)
-				.clientId(CLIENT_ID)
-				.clientSecret(CLIENT_SECRET)
+				.clientId(CLIENT_ID).clientSecret(CLIENT_SECRET)
 				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
-				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
-				.redirectUri(REDIRECT_URI)
-				.scope(SCOPES.toArray(new String[0]))
-				.authorizationUri(AUTHORIZATION_URI)
-				.tokenUri(TOKEN_URI)
-				.userInfoAuthenticationMethod(AuthenticationMethod.FORM)
-				.jwkSetUri(JWK_SET_URI)
-				.build();
+				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).redirectUri(REDIRECT_URI)
+				.scope(SCOPES.toArray(new String[0])).authorizationUri(AUTHORIZATION_URI).tokenUri(TOKEN_URI)
+				.userInfoAuthenticationMethod(AuthenticationMethod.FORM).jwkSetUri(JWK_SET_URI).build();
 		assertThat(clientRegistration.getClientName()).isEqualTo(clientRegistration.getRegistrationId());
 	}
 
 	@Test
 	public void buildWhenAuthorizationCodeGrantScopeDoesNotContainOpenidThenJwkSetUriNotRequired() {
-		ClientRegistration.withRegistrationId(REGISTRATION_ID)
-			.clientId(CLIENT_ID)
-			.clientSecret(CLIENT_SECRET)
-			.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
-			.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
-			.redirectUri(REDIRECT_URI)
-			.scope("scope1")
-			.authorizationUri(AUTHORIZATION_URI)
-			.userInfoAuthenticationMethod(AuthenticationMethod.FORM)
-			.tokenUri(TOKEN_URI)
-			.clientName(CLIENT_NAME)
-			.build();
+		ClientRegistration.withRegistrationId(REGISTRATION_ID).clientId(CLIENT_ID).clientSecret(CLIENT_SECRET)
+				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
+				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).redirectUri(REDIRECT_URI)
+				.scope("scope1").authorizationUri(AUTHORIZATION_URI)
+				.userInfoAuthenticationMethod(AuthenticationMethod.FORM).tokenUri(TOKEN_URI).clientName(CLIENT_NAME)
+				.build();
 	}
 
 	// gh-5494
 	@Test
 	public void buildWhenAuthorizationCodeGrantScopeIsNullThenJwkSetUriNotRequired() {
-		ClientRegistration.withRegistrationId(REGISTRATION_ID)
-				.clientId(CLIENT_ID)
-				.clientSecret(CLIENT_SECRET)
+		ClientRegistration.withRegistrationId(REGISTRATION_ID).clientId(CLIENT_ID).clientSecret(CLIENT_SECRET)
 				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
-				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
-				.redirectUri(REDIRECT_URI)
-				.authorizationUri(AUTHORIZATION_URI)
-				.tokenUri(TOKEN_URI)
-				.clientName(CLIENT_NAME)
-				.build();
+				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).redirectUri(REDIRECT_URI)
+				.authorizationUri(AUTHORIZATION_URI).tokenUri(TOKEN_URI).clientName(CLIENT_NAME).build();
 	}
 
 	@Test
 	public void buildWhenAuthorizationCodeGrantProviderConfigurationMetadataIsNullThenDefaultToEmpty() {
 		ClientRegistration clientRegistration = ClientRegistration.withRegistrationId(REGISTRATION_ID)
-				.clientId(CLIENT_ID)
-				.clientSecret(CLIENT_SECRET)
+				.clientId(CLIENT_ID).clientSecret(CLIENT_SECRET)
 				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
-				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
-				.redirectUri(REDIRECT_URI)
-				.scope(SCOPES.toArray(new String[0]))
-				.authorizationUri(AUTHORIZATION_URI)
-				.tokenUri(TOKEN_URI)
-				.userInfoAuthenticationMethod(AuthenticationMethod.HEADER)
-				.providerConfigurationMetadata(null)
-				.jwkSetUri(JWK_SET_URI)
-				.clientName(CLIENT_NAME)
-				.build();
+				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).redirectUri(REDIRECT_URI)
+				.scope(SCOPES.toArray(new String[0])).authorizationUri(AUTHORIZATION_URI).tokenUri(TOKEN_URI)
+				.userInfoAuthenticationMethod(AuthenticationMethod.HEADER).providerConfigurationMetadata(null)
+				.jwkSetUri(JWK_SET_URI).clientName(CLIENT_NAME).build();
 		assertThat(clientRegistration.getProviderDetails().getConfigurationMetadata()).isNotNull();
 		assertThat(clientRegistration.getProviderDetails().getConfigurationMetadata()).isEmpty();
 	}
@@ -355,18 +258,12 @@ public class ClientRegistrationTests {
 	@Test
 	public void buildWhenAuthorizationCodeGrantProviderConfigurationMetadataEmptyThenIsEmpty() {
 		ClientRegistration clientRegistration = ClientRegistration.withRegistrationId(REGISTRATION_ID)
-				.clientId(CLIENT_ID)
-				.clientSecret(CLIENT_SECRET)
+				.clientId(CLIENT_ID).clientSecret(CLIENT_SECRET)
 				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
-				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
-				.redirectUri(REDIRECT_URI)
-				.scope(SCOPES.toArray(new String[0]))
-				.authorizationUri(AUTHORIZATION_URI)
-				.tokenUri(TOKEN_URI)
+				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).redirectUri(REDIRECT_URI)
+				.scope(SCOPES.toArray(new String[0])).authorizationUri(AUTHORIZATION_URI).tokenUri(TOKEN_URI)
 				.userInfoAuthenticationMethod(AuthenticationMethod.HEADER)
-				.providerConfigurationMetadata(Collections.emptyMap())
-				.jwkSetUri(JWK_SET_URI)
-				.clientName(CLIENT_NAME)
+				.providerConfigurationMetadata(Collections.emptyMap()).jwkSetUri(JWK_SET_URI).clientName(CLIENT_NAME)
 				.build();
 		assertThat(clientRegistration.getProviderDetails().getConfigurationMetadata()).isNotNull();
 		assertThat(clientRegistration.getProviderDetails().getConfigurationMetadata()).isEmpty();
@@ -374,15 +271,10 @@ public class ClientRegistrationTests {
 
 	@Test
 	public void buildWhenImplicitGrantAllAttributesProvidedThenAllAttributesAreSet() {
-		ClientRegistration registration = ClientRegistration.withRegistrationId(REGISTRATION_ID)
-			.clientId(CLIENT_ID)
-			.authorizationGrantType(AuthorizationGrantType.IMPLICIT)
-			.redirectUri(REDIRECT_URI)
-			.scope(SCOPES.toArray(new String[0]))
-			.authorizationUri(AUTHORIZATION_URI)
-			.userInfoAuthenticationMethod(AuthenticationMethod.FORM)
-			.clientName(CLIENT_NAME)
-			.build();
+		ClientRegistration registration = ClientRegistration.withRegistrationId(REGISTRATION_ID).clientId(CLIENT_ID)
+				.authorizationGrantType(AuthorizationGrantType.IMPLICIT).redirectUri(REDIRECT_URI)
+				.scope(SCOPES.toArray(new String[0])).authorizationUri(AUTHORIZATION_URI)
+				.userInfoAuthenticationMethod(AuthenticationMethod.FORM).clientName(CLIENT_NAME).build();
 
 		assertThat(registration.getRegistrationId()).isEqualTo(REGISTRATION_ID);
 		assertThat(registration.getClientId()).isEqualTo(CLIENT_ID);
@@ -390,86 +282,58 @@ public class ClientRegistrationTests {
 		assertThat(registration.getRedirectUri()).isEqualTo(REDIRECT_URI);
 		assertThat(registration.getScopes()).isEqualTo(SCOPES);
 		assertThat(registration.getProviderDetails().getAuthorizationUri()).isEqualTo(AUTHORIZATION_URI);
-		assertThat(registration.getProviderDetails().getUserInfoEndpoint().getAuthenticationMethod()).isEqualTo(AuthenticationMethod.FORM);
+		assertThat(registration.getProviderDetails().getUserInfoEndpoint().getAuthenticationMethod())
+				.isEqualTo(AuthenticationMethod.FORM);
 		assertThat(registration.getClientName()).isEqualTo(CLIENT_NAME);
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void buildWhenImplicitGrantRegistrationIdIsNullThenThrowIllegalArgumentException() {
-		ClientRegistration.withRegistrationId(null)
-			.clientId(CLIENT_ID)
-			.authorizationGrantType(AuthorizationGrantType.IMPLICIT)
-			.redirectUri(REDIRECT_URI)
-			.scope(SCOPES.toArray(new String[0]))
-			.authorizationUri(AUTHORIZATION_URI)
-			.userInfoAuthenticationMethod(AuthenticationMethod.FORM)
-			.clientName(CLIENT_NAME)
-			.build();
+		ClientRegistration.withRegistrationId(null).clientId(CLIENT_ID)
+				.authorizationGrantType(AuthorizationGrantType.IMPLICIT).redirectUri(REDIRECT_URI)
+				.scope(SCOPES.toArray(new String[0])).authorizationUri(AUTHORIZATION_URI)
+				.userInfoAuthenticationMethod(AuthenticationMethod.FORM).clientName(CLIENT_NAME).build();
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void buildWhenImplicitGrantClientIdIsNullThenThrowIllegalArgumentException() {
-		ClientRegistration.withRegistrationId(REGISTRATION_ID)
-			.clientId(null)
-			.authorizationGrantType(AuthorizationGrantType.IMPLICIT)
-			.redirectUri(REDIRECT_URI)
-			.scope(SCOPES.toArray(new String[0]))
-			.authorizationUri(AUTHORIZATION_URI)
-			.userInfoAuthenticationMethod(AuthenticationMethod.FORM)
-			.clientName(CLIENT_NAME)
-			.build();
+		ClientRegistration.withRegistrationId(REGISTRATION_ID).clientId(null)
+				.authorizationGrantType(AuthorizationGrantType.IMPLICIT).redirectUri(REDIRECT_URI)
+				.scope(SCOPES.toArray(new String[0])).authorizationUri(AUTHORIZATION_URI)
+				.userInfoAuthenticationMethod(AuthenticationMethod.FORM).clientName(CLIENT_NAME).build();
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void buildWhenImplicitGrantRedirectUriIsNullThenThrowIllegalArgumentException() {
-		ClientRegistration.withRegistrationId(REGISTRATION_ID)
-			.clientId(CLIENT_ID)
-			.authorizationGrantType(AuthorizationGrantType.IMPLICIT)
-			.redirectUri(null)
-			.scope(SCOPES.toArray(new String[0]))
-			.authorizationUri(AUTHORIZATION_URI)
-			.userInfoAuthenticationMethod(AuthenticationMethod.FORM)
-			.clientName(CLIENT_NAME)
-			.build();
+		ClientRegistration.withRegistrationId(REGISTRATION_ID).clientId(CLIENT_ID)
+				.authorizationGrantType(AuthorizationGrantType.IMPLICIT).redirectUri(null)
+				.scope(SCOPES.toArray(new String[0])).authorizationUri(AUTHORIZATION_URI)
+				.userInfoAuthenticationMethod(AuthenticationMethod.FORM).clientName(CLIENT_NAME).build();
 	}
 
 	// gh-5494
 	@Test
 	public void buildWhenImplicitGrantScopeIsNullThenScopeNotRequired() {
-		ClientRegistration.withRegistrationId(REGISTRATION_ID)
-			.clientId(CLIENT_ID)
-			.authorizationGrantType(AuthorizationGrantType.IMPLICIT)
-			.redirectUri(REDIRECT_URI)
-			.scope((String[]) null)
-			.authorizationUri(AUTHORIZATION_URI)
-			.userInfoAuthenticationMethod(AuthenticationMethod.FORM)
-			.clientName(CLIENT_NAME)
-			.build();
+		ClientRegistration.withRegistrationId(REGISTRATION_ID).clientId(CLIENT_ID)
+				.authorizationGrantType(AuthorizationGrantType.IMPLICIT).redirectUri(REDIRECT_URI)
+				.scope((String[]) null).authorizationUri(AUTHORIZATION_URI)
+				.userInfoAuthenticationMethod(AuthenticationMethod.FORM).clientName(CLIENT_NAME).build();
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void buildWhenImplicitGrantAuthorizationUriIsNullThenThrowIllegalArgumentException() {
-		ClientRegistration.withRegistrationId(REGISTRATION_ID)
-			.clientId(CLIENT_ID)
-			.authorizationGrantType(AuthorizationGrantType.IMPLICIT)
-			.redirectUri(REDIRECT_URI)
-			.scope(SCOPES.toArray(new String[0]))
-			.authorizationUri(null)
-			.userInfoAuthenticationMethod(AuthenticationMethod.FORM)
-			.clientName(CLIENT_NAME)
-			.build();
+		ClientRegistration.withRegistrationId(REGISTRATION_ID).clientId(CLIENT_ID)
+				.authorizationGrantType(AuthorizationGrantType.IMPLICIT).redirectUri(REDIRECT_URI)
+				.scope(SCOPES.toArray(new String[0])).authorizationUri(null)
+				.userInfoAuthenticationMethod(AuthenticationMethod.FORM).clientName(CLIENT_NAME).build();
 	}
 
 	@Test
 	public void buildWhenImplicitGrantClientNameNotProvidedThenDefaultToRegistrationId() {
 		ClientRegistration clientRegistration = ClientRegistration.withRegistrationId(REGISTRATION_ID)
-				.clientId(CLIENT_ID)
-				.authorizationGrantType(AuthorizationGrantType.IMPLICIT)
-				.redirectUri(REDIRECT_URI)
-				.scope(SCOPES.toArray(new String[0]))
-				.authorizationUri(AUTHORIZATION_URI)
-				.userInfoAuthenticationMethod(AuthenticationMethod.FORM)
-				.build();
+				.clientId(CLIENT_ID).authorizationGrantType(AuthorizationGrantType.IMPLICIT).redirectUri(REDIRECT_URI)
+				.scope(SCOPES.toArray(new String[0])).authorizationUri(AUTHORIZATION_URI)
+				.userInfoAuthenticationMethod(AuthenticationMethod.FORM).build();
 		assertThat(clientRegistration.getClientName()).isEqualTo(clientRegistration.getRegistrationId());
 	}
 
@@ -477,33 +341,21 @@ public class ClientRegistrationTests {
 	public void buildWhenOverrideRegistrationIdThenOverridden() {
 		String overriddenId = "override";
 		ClientRegistration registration = ClientRegistration.withRegistrationId(REGISTRATION_ID)
-				.registrationId(overriddenId)
-				.clientId(CLIENT_ID)
-				.clientSecret(CLIENT_SECRET)
+				.registrationId(overriddenId).clientId(CLIENT_ID).clientSecret(CLIENT_SECRET)
 				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
-				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
-				.redirectUri(REDIRECT_URI)
-				.scope(SCOPES.toArray(new String[0]))
-				.authorizationUri(AUTHORIZATION_URI)
-				.tokenUri(TOKEN_URI)
-				.jwkSetUri(JWK_SET_URI)
-				.clientName(CLIENT_NAME)
-				.build();
+				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).redirectUri(REDIRECT_URI)
+				.scope(SCOPES.toArray(new String[0])).authorizationUri(AUTHORIZATION_URI).tokenUri(TOKEN_URI)
+				.jwkSetUri(JWK_SET_URI).clientName(CLIENT_NAME).build();
 
 		assertThat(registration.getRegistrationId()).isEqualTo(overriddenId);
 	}
 
 	@Test
 	public void buildWhenClientCredentialsGrantAllAttributesProvidedThenAllAttributesAreSet() {
-		ClientRegistration registration = ClientRegistration.withRegistrationId(REGISTRATION_ID)
-				.clientId(CLIENT_ID)
-				.clientSecret(CLIENT_SECRET)
-				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
-				.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS)
-				.scope(SCOPES.toArray(new String[0]))
-				.tokenUri(TOKEN_URI)
-				.clientName(CLIENT_NAME)
-				.build();
+		ClientRegistration registration = ClientRegistration.withRegistrationId(REGISTRATION_ID).clientId(CLIENT_ID)
+				.clientSecret(CLIENT_SECRET).clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
+				.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS).scope(SCOPES.toArray(new String[0]))
+				.tokenUri(TOKEN_URI).clientName(CLIENT_NAME).build();
 
 		assertThat(registration.getRegistrationId()).isEqualTo(REGISTRATION_ID);
 		assertThat(registration.getClientId()).isEqualTo(CLIENT_ID);
@@ -517,96 +369,63 @@ public class ClientRegistrationTests {
 
 	@Test
 	public void buildWhenClientCredentialsGrantRegistrationIdIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() ->
-				ClientRegistration.withRegistrationId(null)
-						.clientId(CLIENT_ID)
-						.clientSecret(CLIENT_SECRET)
-						.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
-						.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS)
-						.tokenUri(TOKEN_URI)
-						.build()
-		).isInstanceOf(IllegalArgumentException.class);
+		assertThatThrownBy(() -> ClientRegistration.withRegistrationId(null).clientId(CLIENT_ID)
+				.clientSecret(CLIENT_SECRET).clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
+				.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS).tokenUri(TOKEN_URI).build())
+						.isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
 	public void buildWhenClientCredentialsGrantClientIdIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() ->
-				ClientRegistration.withRegistrationId(REGISTRATION_ID)
-						.clientId(null)
-						.clientSecret(CLIENT_SECRET)
-						.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
-						.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS)
-						.tokenUri(TOKEN_URI)
-						.build()
-		).isInstanceOf(IllegalArgumentException.class);
+		assertThatThrownBy(() -> ClientRegistration.withRegistrationId(REGISTRATION_ID).clientId(null)
+				.clientSecret(CLIENT_SECRET).clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
+				.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS).tokenUri(TOKEN_URI).build())
+						.isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
 	public void buildWhenClientCredentialsGrantClientSecretIsNullThenDefaultToEmpty() {
 		ClientRegistration clientRegistration = ClientRegistration.withRegistrationId(REGISTRATION_ID)
-				.clientId(CLIENT_ID)
-				.clientSecret(null)
-				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
-				.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS)
-				.tokenUri(TOKEN_URI)
-				.build();
+				.clientId(CLIENT_ID).clientSecret(null).clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
+				.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS).tokenUri(TOKEN_URI).build();
 		assertThat(clientRegistration.getClientSecret()).isEqualTo("");
 	}
 
 	@Test
 	public void buildWhenClientCredentialsGrantClientAuthenticationMethodNotProvidedThenDefaultToBasic() {
 		ClientRegistration clientRegistration = ClientRegistration.withRegistrationId(REGISTRATION_ID)
-				.clientId(CLIENT_ID)
-				.clientSecret(CLIENT_SECRET)
-				.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS)
-				.tokenUri(TOKEN_URI)
-				.build();
+				.clientId(CLIENT_ID).clientSecret(CLIENT_SECRET)
+				.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS).tokenUri(TOKEN_URI).build();
 		assertThat(clientRegistration.getClientAuthenticationMethod()).isEqualTo(ClientAuthenticationMethod.BASIC);
 	}
 
 	@Test
 	public void buildWhenClientCredentialsGrantTokenUriIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() ->
-				ClientRegistration.withRegistrationId(REGISTRATION_ID)
-						.clientId(CLIENT_ID)
-						.clientSecret(CLIENT_SECRET)
-						.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
-						.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS)
-						.tokenUri(null)
-						.build()
-		).isInstanceOf(IllegalArgumentException.class);
+		assertThatThrownBy(() -> ClientRegistration.withRegistrationId(REGISTRATION_ID).clientId(CLIENT_ID)
+				.clientSecret(CLIENT_SECRET).clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
+				.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS).tokenUri(null).build())
+						.isInstanceOf(IllegalArgumentException.class);
 	}
 
 	// gh-6256
 	@Test
 	public void buildWhenScopesContainASpaceThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() ->
-				TestClientRegistrations.clientCredentials()
-						.scope("openid profile email")
-						.build()
-		).isInstanceOf(IllegalArgumentException.class);
+		assertThatThrownBy(() -> TestClientRegistrations.clientCredentials().scope("openid profile email").build())
+				.isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
 	public void buildWhenScopesContainAnInvalidCharacterThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() ->
-				TestClientRegistrations.clientCredentials()
-						.scope("an\"invalid\"scope")
-						.build()
-		).isInstanceOf(IllegalArgumentException.class);
+		assertThatThrownBy(() -> TestClientRegistrations.clientCredentials().scope("an\"invalid\"scope").build())
+				.isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
 	public void buildWhenPasswordGrantAllAttributesProvidedThenAllAttributesAreSet() {
-		ClientRegistration registration = ClientRegistration.withRegistrationId(REGISTRATION_ID)
-				.clientId(CLIENT_ID)
-				.clientSecret(CLIENT_SECRET)
-				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
-				.authorizationGrantType(AuthorizationGrantType.PASSWORD)
-				.scope(SCOPES.toArray(new String[0]))
-				.tokenUri(TOKEN_URI)
-				.clientName(CLIENT_NAME)
-				.build();
+		ClientRegistration registration = ClientRegistration.withRegistrationId(REGISTRATION_ID).clientId(CLIENT_ID)
+				.clientSecret(CLIENT_SECRET).clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
+				.authorizationGrantType(AuthorizationGrantType.PASSWORD).scope(SCOPES.toArray(new String[0]))
+				.tokenUri(TOKEN_URI).clientName(CLIENT_NAME).build();
 
 		assertThat(registration.getRegistrationId()).isEqualTo(REGISTRATION_ID);
 		assertThat(registration.getClientId()).isEqualTo(CLIENT_ID);
@@ -620,78 +439,51 @@ public class ClientRegistrationTests {
 
 	@Test
 	public void buildWhenPasswordGrantRegistrationIdIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() ->
-				ClientRegistration.withRegistrationId(null)
-						.clientId(CLIENT_ID)
-						.clientSecret(CLIENT_SECRET)
-						.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
-						.authorizationGrantType(AuthorizationGrantType.PASSWORD)
-						.tokenUri(TOKEN_URI)
-						.build()
-		).isInstanceOf(IllegalArgumentException.class);
+		assertThatThrownBy(() -> ClientRegistration.withRegistrationId(null).clientId(CLIENT_ID)
+				.clientSecret(CLIENT_SECRET).clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
+				.authorizationGrantType(AuthorizationGrantType.PASSWORD).tokenUri(TOKEN_URI).build())
+						.isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
 	public void buildWhenPasswordGrantClientIdIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() ->
-				ClientRegistration.withRegistrationId(REGISTRATION_ID)
-						.clientId(null)
-						.clientSecret(CLIENT_SECRET)
-						.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
-						.authorizationGrantType(AuthorizationGrantType.PASSWORD)
-						.tokenUri(TOKEN_URI)
-						.build()
-		).isInstanceOf(IllegalArgumentException.class);
+		assertThatThrownBy(() -> ClientRegistration.withRegistrationId(REGISTRATION_ID).clientId(null)
+				.clientSecret(CLIENT_SECRET).clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
+				.authorizationGrantType(AuthorizationGrantType.PASSWORD).tokenUri(TOKEN_URI).build())
+						.isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
 	public void buildWhenPasswordGrantClientSecretIsNullThenDefaultToEmpty() {
 		ClientRegistration clientRegistration = ClientRegistration.withRegistrationId(REGISTRATION_ID)
-				.clientId(CLIENT_ID)
-				.clientSecret(null)
-				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
-				.authorizationGrantType(AuthorizationGrantType.PASSWORD)
-				.tokenUri(TOKEN_URI)
-				.build();
+				.clientId(CLIENT_ID).clientSecret(null).clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
+				.authorizationGrantType(AuthorizationGrantType.PASSWORD).tokenUri(TOKEN_URI).build();
 		assertThat(clientRegistration.getClientSecret()).isEqualTo("");
 	}
 
 	@Test
 	public void buildWhenPasswordGrantClientAuthenticationMethodNotProvidedThenDefaultToBasic() {
 		ClientRegistration clientRegistration = ClientRegistration.withRegistrationId(REGISTRATION_ID)
-				.clientId(CLIENT_ID)
-				.clientSecret(CLIENT_SECRET)
-				.authorizationGrantType(AuthorizationGrantType.PASSWORD)
-				.tokenUri(TOKEN_URI)
-				.build();
+				.clientId(CLIENT_ID).clientSecret(CLIENT_SECRET).authorizationGrantType(AuthorizationGrantType.PASSWORD)
+				.tokenUri(TOKEN_URI).build();
 		assertThat(clientRegistration.getClientAuthenticationMethod()).isEqualTo(ClientAuthenticationMethod.BASIC);
 	}
 
 	@Test
 	public void buildWhenPasswordGrantTokenUriIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() ->
-				ClientRegistration.withRegistrationId(REGISTRATION_ID)
-						.clientId(CLIENT_ID)
-						.clientSecret(CLIENT_SECRET)
-						.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
-						.authorizationGrantType(AuthorizationGrantType.PASSWORD)
-						.tokenUri(null)
-						.build()
-		).isInstanceOf(IllegalArgumentException.class);
+		assertThatThrownBy(() -> ClientRegistration.withRegistrationId(REGISTRATION_ID).clientId(CLIENT_ID)
+				.clientSecret(CLIENT_SECRET).clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
+				.authorizationGrantType(AuthorizationGrantType.PASSWORD).tokenUri(null).build())
+						.isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
 	public void buildWhenCustomGrantAllAttributesProvidedThenAllAttributesAreSet() {
 		AuthorizationGrantType customGrantType = new AuthorizationGrantType("CUSTOM");
-		ClientRegistration registration = ClientRegistration.withRegistrationId(REGISTRATION_ID)
-				.clientId(CLIENT_ID)
-				.clientSecret(CLIENT_SECRET)
-				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
-				.authorizationGrantType(customGrantType)
-				.scope(SCOPES.toArray(new String[0]))
-				.tokenUri(TOKEN_URI)
-				.clientName(CLIENT_NAME)
-				.build();
+		ClientRegistration registration = ClientRegistration.withRegistrationId(REGISTRATION_ID).clientId(CLIENT_ID)
+				.clientSecret(CLIENT_SECRET).clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
+				.authorizationGrantType(customGrantType).scope(SCOPES.toArray(new String[0])).tokenUri(TOKEN_URI)
+				.clientName(CLIENT_NAME).build();
 
 		assertThat(registration.getRegistrationId()).isEqualTo(REGISTRATION_ID);
 		assertThat(registration.getClientId()).isEqualTo(CLIENT_ID);
@@ -724,21 +516,18 @@ public class ClientRegistrationTests {
 		assertThat(clientRegistration.getClientSecret()).isEqualTo(updated.getClientSecret());
 		assertThat(clientRegistration.getClientAuthenticationMethod())
 				.isEqualTo(updated.getClientAuthenticationMethod());
-		assertThat(clientRegistration.getAuthorizationGrantType())
-				.isEqualTo(updated.getAuthorizationGrantType());
-		assertThat(clientRegistration.getRedirectUri())
-				.isEqualTo(updated.getRedirectUri());
+		assertThat(clientRegistration.getAuthorizationGrantType()).isEqualTo(updated.getAuthorizationGrantType());
+		assertThat(clientRegistration.getRedirectUri()).isEqualTo(updated.getRedirectUri());
 		assertThat(clientRegistration.getScopes()).isEqualTo(updated.getScopes());
 
 		ClientRegistration.ProviderDetails providerDetails = clientRegistration.getProviderDetails();
 		ClientRegistration.ProviderDetails updatedProviderDetails = updated.getProviderDetails();
-		assertThat(providerDetails.getAuthorizationUri())
-				.isEqualTo(updatedProviderDetails.getAuthorizationUri());
-		assertThat(providerDetails.getTokenUri())
-				.isEqualTo(updatedProviderDetails.getTokenUri());
+		assertThat(providerDetails.getAuthorizationUri()).isEqualTo(updatedProviderDetails.getAuthorizationUri());
+		assertThat(providerDetails.getTokenUri()).isEqualTo(updatedProviderDetails.getTokenUri());
 
 		ClientRegistration.ProviderDetails.UserInfoEndpoint userInfoEndpoint = providerDetails.getUserInfoEndpoint();
-		ClientRegistration.ProviderDetails.UserInfoEndpoint updatedUserInfoEndpoint = updatedProviderDetails.getUserInfoEndpoint();
+		ClientRegistration.ProviderDetails.UserInfoEndpoint updatedUserInfoEndpoint = updatedProviderDetails
+				.getUserInfoEndpoint();
 		assertThat(userInfoEndpoint.getUri()).isEqualTo(updatedUserInfoEndpoint.getUri());
 		assertThat(userInfoEndpoint.getAuthenticationMethod())
 				.isEqualTo(updatedUserInfoEndpoint.getAuthenticationMethod());
@@ -756,20 +545,18 @@ public class ClientRegistrationTests {
 	@Test
 	public void buildWhenClientRegistrationValuesOverriddenThenPropagated() {
 		ClientRegistration clientRegistration = clientRegistration().build();
-		ClientRegistration updated = withClientRegistration(clientRegistration)
-				.clientSecret("a-new-secret")
+		ClientRegistration updated = withClientRegistration(clientRegistration).clientSecret("a-new-secret")
 				.scope("a-new-scope")
-				.providerConfigurationMetadata(Collections.singletonMap("a-new-config", "a-new-value"))
-				.build();
+				.providerConfigurationMetadata(Collections.singletonMap("a-new-config", "a-new-value")).build();
 
 		assertThat(clientRegistration.getClientSecret()).isNotEqualTo(updated.getClientSecret());
 		assertThat(updated.getClientSecret()).isEqualTo("a-new-secret");
 		assertThat(clientRegistration.getScopes()).doesNotContain("a-new-scope");
 		assertThat(updated.getScopes()).containsExactly("a-new-scope");
-		assertThat(clientRegistration.getProviderDetails().getConfigurationMetadata())
-				.doesNotContainKey("a-new-config").doesNotContainValue("a-new-value");
-		assertThat(updated.getProviderDetails().getConfigurationMetadata())
-				.containsOnlyKeys("a-new-config").containsValue("a-new-value");
+		assertThat(clientRegistration.getProviderDetails().getConfigurationMetadata()).doesNotContainKey("a-new-config")
+				.doesNotContainValue("a-new-value");
+		assertThat(updated.getProviderDetails().getConfigurationMetadata()).containsOnlyKeys("a-new-config")
+				.containsValue("a-new-value");
 	}
 
 	// gh-8903
@@ -777,13 +564,10 @@ public class ClientRegistrationTests {
 	public void buildWhenCustomClientAuthenticationMethodProvidedThenSet() {
 		ClientAuthenticationMethod clientAuthenticationMethod = new ClientAuthenticationMethod("tls_client_auth");
 		ClientRegistration clientRegistration = ClientRegistration.withRegistrationId(REGISTRATION_ID)
-				.clientId(CLIENT_ID)
-				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
-				.clientAuthenticationMethod(clientAuthenticationMethod)
-				.redirectUri(REDIRECT_URI)
-				.authorizationUri(AUTHORIZATION_URI)
-				.tokenUri(TOKEN_URI)
-				.build();
+				.clientId(CLIENT_ID).authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
+				.clientAuthenticationMethod(clientAuthenticationMethod).redirectUri(REDIRECT_URI)
+				.authorizationUri(AUTHORIZATION_URI).tokenUri(TOKEN_URI).build();
 		assertThat(clientRegistration.getClientAuthenticationMethod()).isEqualTo(clientAuthenticationMethod);
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationsTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationsTests.java
index 2f3a239738..ee51e2cf1d 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationsTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationsTests.java
@@ -47,60 +47,27 @@ public class ClientRegistrationsTests {
 	/**
 	 * Contains all optional parameters that are found in ClientRegistration
 	 */
-	private static final String DEFAULT_RESPONSE =
-			"{\n"
+	private static final String DEFAULT_RESPONSE = "{\n"
 			+ "    \"authorization_endpoint\": \"https://example.com/o/oauth2/v2/auth\", \n"
-			+ "    \"claims_supported\": [\n"
-			+ "        \"aud\", \n"
-			+ "        \"email\", \n"
-			+ "        \"email_verified\", \n"
-			+ "        \"exp\", \n"
-			+ "        \"family_name\", \n"
-			+ "        \"given_name\", \n"
-			+ "        \"iat\", \n"
-			+ "        \"iss\", \n"
-			+ "        \"locale\", \n"
-			+ "        \"name\", \n"
-			+ "        \"picture\", \n"
-			+ "        \"sub\"\n"
-			+ "    ], \n"
-			+ "    \"code_challenge_methods_supported\": [\n"
-			+ "        \"plain\", \n"
-			+ "        \"S256\"\n"
-			+ "    ], \n"
-			+ "    \"id_token_signing_alg_values_supported\": [\n"
-			+ "        \"RS256\"\n"
-			+ "    ], \n"
+			+ "    \"claims_supported\": [\n" + "        \"aud\", \n" + "        \"email\", \n"
+			+ "        \"email_verified\", \n" + "        \"exp\", \n" + "        \"family_name\", \n"
+			+ "        \"given_name\", \n" + "        \"iat\", \n" + "        \"iss\", \n" + "        \"locale\", \n"
+			+ "        \"name\", \n" + "        \"picture\", \n" + "        \"sub\"\n" + "    ], \n"
+			+ "    \"code_challenge_methods_supported\": [\n" + "        \"plain\", \n" + "        \"S256\"\n"
+			+ "    ], \n" + "    \"id_token_signing_alg_values_supported\": [\n" + "        \"RS256\"\n" + "    ], \n"
 			+ "    \"issuer\": \"https://example.com\", \n"
-			+ "    \"jwks_uri\": \"https://example.com/oauth2/v3/certs\", \n"
-			+ "    \"response_types_supported\": [\n"
-			+ "        \"code\", \n"
-			+ "        \"token\", \n"
-			+ "        \"id_token\", \n"
-			+ "        \"code token\", \n"
-			+ "        \"code id_token\", \n"
-			+ "        \"token id_token\", \n"
-			+ "        \"code token id_token\", \n"
-			+ "        \"none\"\n"
-			+ "    ], \n"
+			+ "    \"jwks_uri\": \"https://example.com/oauth2/v3/certs\", \n" + "    \"response_types_supported\": [\n"
+			+ "        \"code\", \n" + "        \"token\", \n" + "        \"id_token\", \n"
+			+ "        \"code token\", \n" + "        \"code id_token\", \n" + "        \"token id_token\", \n"
+			+ "        \"code token id_token\", \n" + "        \"none\"\n" + "    ], \n"
 			+ "    \"revocation_endpoint\": \"https://example.com/o/oauth2/revoke\", \n"
-			+ "    \"scopes_supported\": [\n"
-			+ "        \"openid\", \n"
-			+ "        \"email\", \n"
-			+ "        \"profile\"\n"
-			+ "    ], \n"
-			+ "    \"subject_types_supported\": [\n"
-			+ "        \"public\"\n"
-			+ "    ], \n"
-			+ "    \"grant_types_supported\" : [\"authorization_code\"], \n"
+			+ "    \"scopes_supported\": [\n" + "        \"openid\", \n" + "        \"email\", \n"
+			+ "        \"profile\"\n" + "    ], \n" + "    \"subject_types_supported\": [\n" + "        \"public\"\n"
+			+ "    ], \n" + "    \"grant_types_supported\" : [\"authorization_code\"], \n"
 			+ "    \"token_endpoint\": \"https://example.com/oauth2/v4/token\", \n"
-			+ "    \"token_endpoint_auth_methods_supported\": [\n"
-			+ "        \"client_secret_post\", \n"
-			+ "        \"client_secret_basic\", \n"
-			+ "        \"none\"\n"
-			+ "    ], \n"
-			+ "    \"userinfo_endpoint\": \"https://example.com/oauth2/v3/userinfo\"\n"
-			+ "}";
+			+ "    \"token_endpoint_auth_methods_supported\": [\n" + "        \"client_secret_post\", \n"
+			+ "        \"client_secret_basic\", \n" + "        \"none\"\n" + "    ], \n"
+			+ "    \"userinfo_endpoint\": \"https://example.com/oauth2/v3/userinfo\"\n" + "}";
 
 	private MockWebServer server;
 
@@ -114,7 +81,8 @@ public class ClientRegistrationsTests {
 	public void setup() throws Exception {
 		this.server = new MockWebServer();
 		this.server.start();
-		this.response = this.mapper.readValue(DEFAULT_RESPONSE, new TypeReference<Map<String, Object>>(){});
+		this.response = this.mapper.readValue(DEFAULT_RESPONSE, new TypeReference<Map<String, Object>>() {
+		});
 	}
 
 	@After
@@ -132,10 +100,11 @@ public class ClientRegistrationsTests {
 
 	/**
 	 *
-	 * Test compatibility with OpenID v1 discovery endpoint by making a
-	 * <a href="https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationRequest">OpenID Provider
-	 * Configuration Request</a> as highlighted <a href="https://tools.ietf.org/html/rfc8414#section-5">
-	 * Compatibility Notes</a> of <a href="https://tools.ietf.org/html/rfc8414">RFC 8414</a> specification.
+	 * Test compatibility with OpenID v1 discovery endpoint by making a <a href=
+	 * "https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationRequest">OpenID
+	 * Provider Configuration Request</a> as highlighted
+	 * <a href="https://tools.ietf.org/html/rfc8414#section-5"> Compatibility Notes</a> of
+	 * <a href="https://tools.ietf.org/html/rfc8414">RFC 8414</a> specification.
 	 */
 	@Test
 	public void issuerWhenOidcFallbackAllInformationThenSuccess() throws Exception {
@@ -152,8 +121,7 @@ public class ClientRegistrationsTests {
 		assertIssuerMetadata(registration, provider);
 	}
 
-	private void assertIssuerMetadata(ClientRegistration registration,
-			ClientRegistration.ProviderDetails provider) {
+	private void assertIssuerMetadata(ClientRegistration registration, ClientRegistration.ProviderDetails provider) {
 		assertThat(registration.getClientAuthenticationMethod()).isEqualTo(ClientAuthenticationMethod.BASIC);
 		assertThat(registration.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
 		assertThat(registration.getRegistrationId()).isEqualTo(this.server.getHostName());
@@ -166,15 +134,15 @@ public class ClientRegistrationsTests {
 		assertThat(provider.getConfigurationMetadata()).containsKeys("authorization_endpoint", "claims_supported",
 				"code_challenge_methods_supported", "id_token_signing_alg_values_supported", "issuer", "jwks_uri",
 				"response_types_supported", "revocation_endpoint", "scopes_supported", "subject_types_supported",
-				"grant_types_supported", "token_endpoint", "token_endpoint_auth_methods_supported", "userinfo_endpoint");
+				"grant_types_supported", "token_endpoint", "token_endpoint_auth_methods_supported",
+				"userinfo_endpoint");
 	}
 
 	// gh-7512
 	@Test
 	public void issuerWhenResponseMissingJwksUriThenThrowsIllegalArgumentException() throws Exception {
 		this.response.remove("jwks_uri");
-		assertThatThrownBy(() -> registration("").build())
-				.isInstanceOf(IllegalArgumentException.class)
+		assertThatThrownBy(() -> registration("").build()).isInstanceOf(IllegalArgumentException.class)
 				.hasMessageContaining("The public JWK set URI must not be null");
 	}
 
@@ -225,8 +193,8 @@ public class ClientRegistrationsTests {
 	/**
 	 * https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata
 	 *
-	 * RECOMMENDED. JSON array containing a list of the OAuth 2.0 [RFC6749] scope values that this server supports. The
-	 * server MUST support the openid scope value.
+	 * RECOMMENDED. JSON array containing a list of the OAuth 2.0 [RFC6749] scope values
+	 * that this server supports. The server MUST support the openid scope value.
 	 * @throws Exception
 	 */
 	@Test
@@ -256,7 +224,6 @@ public class ClientRegistrationsTests {
 		assertThat(registration.getScopes()).containsOnly("openid");
 	}
 
-
 	@Test
 	public void issuerWhenGrantTypesSupportedNullThenDefaulted() throws Exception {
 		this.response.remove("grant_types_supported");
@@ -276,24 +243,25 @@ public class ClientRegistrationsTests {
 	}
 
 	/**
-	 * We currently only support authorization_code, so verify we have a meaningful error until we add support.
+	 * We currently only support authorization_code, so verify we have a meaningful error
+	 * until we add support.
 	 */
 	@Test
 	public void issuerWhenGrantTypesSupportedInvalidThenException() {
 		this.response.put("grant_types_supported", Arrays.asList("implicit"));
 
-		assertThatThrownBy(() -> registration(""))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessageContaining("Only AuthorizationGrantType.AUTHORIZATION_CODE is supported. The issuer \"" + this.issuer + "\" returned a configuration of [implicit]");
+		assertThatThrownBy(() -> registration("")).isInstanceOf(IllegalArgumentException.class)
+				.hasMessageContaining("Only AuthorizationGrantType.AUTHORIZATION_CODE is supported. The issuer \""
+						+ this.issuer + "\" returned a configuration of [implicit]");
 	}
 
 	@Test
 	public void issuerWhenOAuth2GrantTypesSupportedInvalidThenException() {
 		this.response.put("grant_types_supported", Arrays.asList("implicit"));
 
-		assertThatThrownBy(() -> registrationOAuth2("", null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessageContaining("Only AuthorizationGrantType.AUTHORIZATION_CODE is supported. The issuer \"" + this.issuer + "\" returned a configuration of [implicit]");
+		assertThatThrownBy(() -> registrationOAuth2("", null)).isInstanceOf(IllegalArgumentException.class)
+				.hasMessageContaining("Only AuthorizationGrantType.AUTHORIZATION_CODE is supported. The issuer \""
+						+ this.issuer + "\" returned a configuration of [implicit]");
 	}
 
 	@Test
@@ -351,24 +319,26 @@ public class ClientRegistrationsTests {
 	}
 
 	/**
-	 * We currently only support client_secret_basic, so verify we have a meaningful error until we add support.
+	 * We currently only support client_secret_basic, so verify we have a meaningful error
+	 * until we add support.
 	 */
 	@Test
 	public void issuerWhenTokenEndpointAuthMethodsInvalidThenException() {
 		this.response.put("token_endpoint_auth_methods_supported", Arrays.asList("tls_client_auth"));
 
-		assertThatThrownBy(() -> registration(""))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessageContaining("Only ClientAuthenticationMethod.BASIC, ClientAuthenticationMethod.POST and ClientAuthenticationMethod.NONE are supported. The issuer \"" + this.issuer + "\" returned a configuration of [tls_client_auth]");
+		assertThatThrownBy(() -> registration("")).isInstanceOf(IllegalArgumentException.class).hasMessageContaining(
+				"Only ClientAuthenticationMethod.BASIC, ClientAuthenticationMethod.POST and ClientAuthenticationMethod.NONE are supported. The issuer \""
+						+ this.issuer + "\" returned a configuration of [tls_client_auth]");
 	}
 
 	@Test
 	public void issuerWhenOAuth2TokenEndpointAuthMethodsInvalidThenException() {
 		this.response.put("token_endpoint_auth_methods_supported", Arrays.asList("tls_client_auth"));
 
-		assertThatThrownBy(() -> registrationOAuth2("", null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessageContaining("Only ClientAuthenticationMethod.BASIC, ClientAuthenticationMethod.POST and ClientAuthenticationMethod.NONE are supported. The issuer \"" + this.issuer + "\" returned a configuration of [tls_client_auth]");
+		assertThatThrownBy(() -> registrationOAuth2("", null)).isInstanceOf(IllegalArgumentException.class)
+				.hasMessageContaining(
+						"Only ClientAuthenticationMethod.BASIC, ClientAuthenticationMethod.POST and ClientAuthenticationMethod.NONE are supported. The issuer \""
+								+ this.issuer + "\" returned a configuration of [tls_client_auth]");
 	}
 
 	@Test
@@ -384,41 +354,39 @@ public class ClientRegistrationsTests {
 	}
 
 	@Test
-	public void issuerWhenOpenIdConfigurationDoesNotMatchThenMeaningfulErrorMessage()  throws Exception {
+	public void issuerWhenOpenIdConfigurationDoesNotMatchThenMeaningfulErrorMessage() throws Exception {
 		this.issuer = createIssuerFromServer("");
 		String body = this.mapper.writeValueAsString(this.response);
-		MockResponse mockResponse = new MockResponse()
-				.setBody(body)
-				.setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE);
+		MockResponse mockResponse = new MockResponse().setBody(body).setHeader(HttpHeaders.CONTENT_TYPE,
+				MediaType.APPLICATION_JSON_VALUE);
 		this.server.enqueue(mockResponse);
-		assertThatThrownBy(() -> ClientRegistrations.fromOidcIssuerLocation(this.issuer))
-				.hasMessageContaining("The Issuer \"https://example.com\" provided in the configuration metadata did not match the requested issuer \"" + this.issuer + "\"");
+		assertThatThrownBy(() -> ClientRegistrations.fromOidcIssuerLocation(this.issuer)).hasMessageContaining(
+				"The Issuer \"https://example.com\" provided in the configuration metadata did not match the requested issuer \""
+						+ this.issuer + "\"");
 	}
 
 	@Test
-	public void issuerWhenOAuth2ConfigurationDoesNotMatchThenMeaningfulErrorMessage()  throws Exception {
+	public void issuerWhenOAuth2ConfigurationDoesNotMatchThenMeaningfulErrorMessage() throws Exception {
 		this.issuer = createIssuerFromServer("");
 		String body = this.mapper.writeValueAsString(this.response);
-		MockResponse mockResponse = new MockResponse()
-				.setBody(body)
-				.setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE);
+		MockResponse mockResponse = new MockResponse().setBody(body).setHeader(HttpHeaders.CONTENT_TYPE,
+				MediaType.APPLICATION_JSON_VALUE);
 		this.server.enqueue(mockResponse);
-		assertThatThrownBy(() -> ClientRegistrations.fromIssuerLocation(this.issuer))
-				.hasMessageContaining("The Issuer \"https://example.com\" provided in the configuration metadata did not match the requested issuer \"" + this.issuer + "\"");
+		assertThatThrownBy(() -> ClientRegistrations.fromIssuerLocation(this.issuer)).hasMessageContaining(
+				"The Issuer \"https://example.com\" provided in the configuration metadata did not match the requested issuer \""
+						+ this.issuer + "\"");
 	}
 
 	private ClientRegistration.Builder registration(String path) throws Exception {
 		this.issuer = createIssuerFromServer(path);
 		this.response.put("issuer", this.issuer);
 		String body = this.mapper.writeValueAsString(this.response);
-		MockResponse mockResponse = new MockResponse()
-				.setBody(body)
-				.setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE);
+		MockResponse mockResponse = new MockResponse().setBody(body).setHeader(HttpHeaders.CONTENT_TYPE,
+				MediaType.APPLICATION_JSON_VALUE);
 		this.server.enqueue(mockResponse);
 
-		return ClientRegistrations.fromOidcIssuerLocation(this.issuer)
-			.clientId("client-id")
-			.clientSecret("client-secret");
+		return ClientRegistrations.fromOidcIssuerLocation(this.issuer).clientId("client-id")
+				.clientSecret("client-secret");
 	}
 
 	private ClientRegistration.Builder registrationOAuth2(String path, String body) throws Exception {
@@ -430,10 +398,10 @@ public class ClientRegistrationsTests {
 		final Dispatcher dispatcher = new Dispatcher() {
 			@Override
 			public MockResponse dispatch(RecordedRequest request) {
-				switch(request.getPath()) {
-					case "/.well-known/oauth-authorization-server/issuer1":
-					case "/.well-known/oauth-authorization-server/":
-						return buildSuccessMockResponse(responseBody);
+				switch (request.getPath()) {
+				case "/.well-known/oauth-authorization-server/issuer1":
+				case "/.well-known/oauth-authorization-server/":
+					return buildSuccessMockResponse(responseBody);
 				}
 				return new MockResponse().setResponseCode(404);
 			}
@@ -441,23 +409,21 @@ public class ClientRegistrationsTests {
 
 		this.server.setDispatcher(dispatcher);
 
-		return ClientRegistrations.fromIssuerLocation(this.issuer)
-				.clientId("client-id")
-				.clientSecret("client-secret");
+		return ClientRegistrations.fromIssuerLocation(this.issuer).clientId("client-id").clientSecret("client-secret");
 	}
 
-
 	private String createIssuerFromServer(String path) {
 		return this.server.url(path).toString();
 	}
 
 	/**
-	 * Simulates a situation when the ClientRegistration is used with a legacy application where the OIDC
-	 * Discovery Endpoint is "/issuer1/.well-known/openid-configuration" instead of
-	 * "/.well-known/openid-configuration/issuer1" in which case the first attempt results in HTTP 404 and
-	 * the subsequent call results in 200 OK.
+	 * Simulates a situation when the ClientRegistration is used with a legacy application
+	 * where the OIDC Discovery Endpoint is "/issuer1/.well-known/openid-configuration"
+	 * instead of "/.well-known/openid-configuration/issuer1" in which case the first
+	 * attempt results in HTTP 404 and the subsequent call results in 200 OK.
 	 *
-	 * @see <a href="https://tools.ietf.org/html/rfc8414#section-5">Section 5</a> for more details.
+	 * @see <a href="https://tools.ietf.org/html/rfc8414#section-5">Section 5</a> for more
+	 * details.
 	 */
 	private ClientRegistration.Builder registrationOidcFallback(String path, String body) throws Exception {
 		this.issuer = createIssuerFromServer(path);
@@ -468,24 +434,22 @@ public class ClientRegistrationsTests {
 		final Dispatcher dispatcher = new Dispatcher() {
 			@Override
 			public MockResponse dispatch(RecordedRequest request) {
-				switch(request.getPath()) {
-					case "/issuer1/.well-known/openid-configuration":
-					case "/.well-known/openid-configuration/":
-						return buildSuccessMockResponse(responseBody);
+				switch (request.getPath()) {
+				case "/issuer1/.well-known/openid-configuration":
+				case "/.well-known/openid-configuration/":
+					return buildSuccessMockResponse(responseBody);
 				}
 				return new MockResponse().setResponseCode(404);
 			}
 		};
 		this.server.setDispatcher(dispatcher);
 
-		return ClientRegistrations.fromIssuerLocation(this.issuer)
-				.clientId("client-id")
-				.clientSecret("client-secret");
+		return ClientRegistrations.fromIssuerLocation(this.issuer).clientId("client-id").clientSecret("client-secret");
 	}
 
 	private MockResponse buildSuccessMockResponse(String body) {
-		return new MockResponse().setResponseCode(200)
-				.setBody(body)
-				.setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE);
+		return new MockResponse().setResponseCode(200).setBody(body).setHeader(HttpHeaders.CONTENT_TYPE,
+				MediaType.APPLICATION_JSON_VALUE);
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/InMemoryClientRegistrationRepositoryTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/InMemoryClientRegistrationRepositoryTests.java
index 0778afafec..182ef5b3d2 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/InMemoryClientRegistrationRepositoryTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/InMemoryClientRegistrationRepositoryTests.java
@@ -34,6 +34,7 @@ import static org.assertj.core.api.Assertions.assertThat;
  * @since 5.0
  */
 public class InMemoryClientRegistrationRepositoryTests {
+
 	private ClientRegistration registration = TestClientRegistrations.clientRegistration().build();
 
 	private InMemoryClientRegistrationRepository clients = new InMemoryClientRegistrationRepository(this.registration);
@@ -94,4 +95,5 @@ public class InMemoryClientRegistrationRepositoryTests {
 	public void iteratorWhenGetThenContainsAll() {
 		assertThat(this.clients).containsOnly(this.registration);
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/InMemoryReactiveClientRegistrationRepositoryTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/InMemoryReactiveClientRegistrationRepositoryTests.java
index 5ca19c509b..92fccfc27f 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/InMemoryReactiveClientRegistrationRepositoryTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/InMemoryReactiveClientRegistrationRepositoryTests.java
@@ -44,7 +44,7 @@ public class InMemoryReactiveClientRegistrationRepositoryTests {
 	@Test
 	public void constructorWhenZeroVarArgsThenIllegalArgumentException() {
 		assertThatThrownBy(() -> new InMemoryReactiveClientRegistrationRepository())
-			.isInstanceOf(IllegalArgumentException.class);
+				.isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
@@ -77,8 +77,7 @@ public class InMemoryReactiveClientRegistrationRepositoryTests {
 	@Test
 	public void findByRegistrationIdWhenValidIdThenFound() {
 		StepVerifier.create(this.repository.findByRegistrationId(this.registration.getRegistrationId()))
-				.expectNext(this.registration)
-				.verifyComplete();
+				.expectNext(this.registration).verifyComplete();
 	}
 
 	@Test
@@ -91,4 +90,5 @@ public class InMemoryReactiveClientRegistrationRepositoryTests {
 	public void iteratorWhenContainsGithubThenContains() {
 		assertThat(this.repository).containsOnly(this.registration);
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/TestClientRegistrations.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/TestClientRegistrations.java
index 37f65b6487..f108252f7a 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/TestClientRegistrations.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/TestClientRegistrations.java
@@ -24,53 +24,41 @@ import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
  * @since 5.1
  */
 public class TestClientRegistrations {
+
 	public static ClientRegistration.Builder clientRegistration() {
 		return ClientRegistration.withRegistrationId("registration-id")
-			.redirectUri("{baseUrl}/{action}/oauth2/code/{registrationId}")
-			.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
-			.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
-			.scope("read:user")
-			.authorizationUri("https://example.com/login/oauth/authorize")
-			.tokenUri("https://example.com/login/oauth/access_token")
-			.jwkSetUri("https://example.com/oauth2/jwk")
-			.issuerUri("https://example.com")
-			.userInfoUri("https://api.example.com/user")
-			.userNameAttributeName("id")
-			.clientName("Client Name")
-			.clientId("client-id")
-			.clientSecret("client-secret");
+				.redirectUri("{baseUrl}/{action}/oauth2/code/{registrationId}")
+				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
+				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).scope("read:user")
+				.authorizationUri("https://example.com/login/oauth/authorize")
+				.tokenUri("https://example.com/login/oauth/access_token").jwkSetUri("https://example.com/oauth2/jwk")
+				.issuerUri("https://example.com").userInfoUri("https://api.example.com/user")
+				.userNameAttributeName("id").clientName("Client Name").clientId("client-id")
+				.clientSecret("client-secret");
 	}
 
 	public static ClientRegistration.Builder clientRegistration2() {
 		return ClientRegistration.withRegistrationId("registration-id-2")
 				.redirectUri("{baseUrl}/{action}/oauth2/code/{registrationId}")
 				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
-				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
-				.scope("read:user")
+				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).scope("read:user")
 				.authorizationUri("https://example.com/login/oauth/authorize")
-				.tokenUri("https://example.com/login/oauth/access_token")
-				.userInfoUri("https://api.example.com/user")
-				.userNameAttributeName("id")
-				.clientName("Client Name")
-				.clientId("client-id-2")
+				.tokenUri("https://example.com/login/oauth/access_token").userInfoUri("https://api.example.com/user")
+				.userNameAttributeName("id").clientName("Client Name").clientId("client-id-2")
 				.clientSecret("client-secret");
 	}
 
 	public static ClientRegistration.Builder clientCredentials() {
-		return clientRegistration()
-				.registrationId("client-credentials")
-				.clientId("client-id")
+		return clientRegistration().registrationId("client-credentials").clientId("client-id")
 				.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS);
 	}
 
 	public static ClientRegistration.Builder password() {
 		return ClientRegistration.withRegistrationId("password")
 				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
-				.authorizationGrantType(AuthorizationGrantType.PASSWORD)
-				.scope("read", "write")
-				.tokenUri("https://example.com/login/oauth/access_token")
-				.clientName("Client Name")
-				.clientId("client-id")
-				.clientSecret("client-secret");
+				.authorizationGrantType(AuthorizationGrantType.PASSWORD).scope("read", "write")
+				.tokenUri("https://example.com/login/oauth/access_token").clientName("Client Name")
+				.clientId("client-id").clientSecret("client-secret");
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/CustomUserTypesOAuth2UserServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/CustomUserTypesOAuth2UserServiceTests.java
index 3305a1ebd9..1fde0671fd 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/CustomUserTypesOAuth2UserServiceTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/CustomUserTypesOAuth2UserServiceTests.java
@@ -51,9 +51,13 @@ import static org.springframework.security.oauth2.core.TestOAuth2AccessTokens.no
  * @author Eddú Meléndez
  */
 public class CustomUserTypesOAuth2UserServiceTests {
+
 	private ClientRegistration.Builder clientRegistrationBuilder;
+
 	private OAuth2AccessToken accessToken;
+
 	private CustomUserTypesOAuth2UserService userService;
+
 	private MockWebServer server;
 
 	@Rule
@@ -109,8 +113,8 @@ public class CustomUserTypesOAuth2UserServiceTests {
 
 	@Test
 	public void loadUserWhenCustomUserTypeNotFoundThenReturnNull() {
-		ClientRegistration clientRegistration =
-				clientRegistration().registrationId("other-client-registration-id-1").build();
+		ClientRegistration clientRegistration = clientRegistration().registrationId("other-client-registration-id-1")
+				.build();
 
 		OAuth2User user = this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken));
 		assertThat(user).isNull();
@@ -118,18 +122,13 @@ public class CustomUserTypesOAuth2UserServiceTests {
 
 	@Test
 	public void loadUserWhenUserInfoSuccessResponseThenReturnUser() {
-		String userInfoResponse = "{\n" +
-			"	\"id\": \"12345\",\n" +
-			"   \"name\": \"first last\",\n" +
-			"   \"login\": \"user1\",\n" +
-			"   \"email\": \"user1@example.com\"\n" +
-			"}\n";
+		String userInfoResponse = "{\n" + "	\"id\": \"12345\",\n" + "   \"name\": \"first last\",\n"
+				+ "   \"login\": \"user1\",\n" + "   \"email\": \"user1@example.com\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(userInfoResponse));
 
 		String userInfoUri = this.server.url("/user").toString();
 
-		ClientRegistration clientRegistration = this.clientRegistrationBuilder
-				.userInfoUri(userInfoUri).build();
+		ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).build();
 
 		OAuth2User user = this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken));
 
@@ -147,20 +146,17 @@ public class CustomUserTypesOAuth2UserServiceTests {
 	@Test
 	public void loadUserWhenUserInfoSuccessResponseInvalidThenThrowOAuth2AuthenticationException() {
 		this.exception.expect(OAuth2AuthenticationException.class);
-		this.exception.expectMessage(containsString("[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource"));
+		this.exception.expectMessage(containsString(
+				"[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource"));
 
-		String userInfoResponse = "{\n" +
-			"	\"id\": \"12345\",\n" +
-			"   \"name\": \"first last\",\n" +
-			"   \"login\": \"user1\",\n" +
-			"   \"email\": \"user1@example.com\"\n";
-//			"}\n";		// Make the JSON invalid/malformed
+		String userInfoResponse = "{\n" + "	\"id\": \"12345\",\n" + "   \"name\": \"first last\",\n"
+				+ "   \"login\": \"user1\",\n" + "   \"email\": \"user1@example.com\"\n";
+		// "}\n"; // Make the JSON invalid/malformed
 		this.server.enqueue(jsonResponse(userInfoResponse));
 
 		String userInfoUri = this.server.url("/user").toString();
 
-		ClientRegistration clientRegistration = this.clientRegistrationBuilder
-				.userInfoUri(userInfoUri).build();
+		ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).build();
 
 		this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken));
 	}
@@ -168,14 +164,14 @@ public class CustomUserTypesOAuth2UserServiceTests {
 	@Test
 	public void loadUserWhenServerErrorThenThrowOAuth2AuthenticationException() {
 		this.exception.expect(OAuth2AuthenticationException.class);
-		this.exception.expectMessage(containsString("[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource: 500 Server Error"));
+		this.exception.expectMessage(containsString(
+				"[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource: 500 Server Error"));
 
 		this.server.enqueue(new MockResponse().setResponseCode(500));
 
 		String userInfoUri = this.server.url("/user").toString();
 
-		ClientRegistration clientRegistration = this.clientRegistrationBuilder
-				.userInfoUri(userInfoUri).build();
+		ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).build();
 
 		this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken));
 	}
@@ -183,35 +179,36 @@ public class CustomUserTypesOAuth2UserServiceTests {
 	@Test
 	public void loadUserWhenUserInfoUriInvalidThenThrowOAuth2AuthenticationException() {
 		this.exception.expect(OAuth2AuthenticationException.class);
-		this.exception.expectMessage(containsString("[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource"));
+		this.exception.expectMessage(containsString(
+				"[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource"));
 
 		String userInfoUri = "https://invalid-provider.com/user";
 
-		ClientRegistration clientRegistration = this.clientRegistrationBuilder
-				.userInfoUri(userInfoUri).build();
+		ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).build();
 
 		this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken));
 	}
 
 	private ClientRegistration.Builder withRegistrationId(String registrationId) {
-		return ClientRegistration
-				.withRegistrationId(registrationId)
-				.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS)
-				.clientId("client")
+		return ClientRegistration.withRegistrationId(registrationId)
+				.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS).clientId("client")
 				.tokenUri("/token");
 	}
 
 	private MockResponse jsonResponse(String json) {
-		return new MockResponse()
-				.setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE)
-				.setBody(json);
+		return new MockResponse().setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE).setBody(json);
 	}
 
 	public static class CustomOAuth2User implements OAuth2User {
+
 		private List<GrantedAuthority> authorities = AuthorityUtils.createAuthorityList("ROLE_USER");
+
 		private String id;
+
 		private String name;
+
 		private String login;
+
 		private String email;
 
 		public CustomOAuth2User() {
@@ -264,5 +261,7 @@ public class CustomUserTypesOAuth2UserServiceTests {
 		public void setEmail(String email) {
 			this.email = email;
 		}
+
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultOAuth2UserServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultOAuth2UserServiceTests.java
index 6324322bea..2343e07b14 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultOAuth2UserServiceTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultOAuth2UserServiceTests.java
@@ -64,9 +64,13 @@ import static org.springframework.security.oauth2.core.TestOAuth2AccessTokens.sc
  * @author Eddú Meléndez
  */
 public class DefaultOAuth2UserServiceTests {
+
 	private ClientRegistration.Builder clientRegistrationBuilder;
+
 	private OAuth2AccessToken accessToken;
+
 	private DefaultOAuth2UserService userService = new DefaultOAuth2UserService();
+
 	private MockWebServer server;
 
 	@Rule
@@ -76,9 +80,7 @@ public class DefaultOAuth2UserServiceTests {
 	public void setup() throws Exception {
 		this.server = new MockWebServer();
 		this.server.start();
-		this.clientRegistrationBuilder = clientRegistration()
-				.userInfoUri(null)
-				.userNameAttributeName(null);
+		this.clientRegistrationBuilder = clientRegistration().userInfoUri(null).userNameAttributeName(null);
 		this.accessToken = noScopes();
 	}
 
@@ -119,29 +121,22 @@ public class DefaultOAuth2UserServiceTests {
 		this.exception.expect(OAuth2AuthenticationException.class);
 		this.exception.expectMessage(containsString("missing_user_name_attribute"));
 
-		ClientRegistration clientRegistration = this.clientRegistrationBuilder
-				.userInfoUri("https://provider.com/user").build();
+		ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri("https://provider.com/user")
+				.build();
 		this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken));
 	}
 
 	@Test
 	public void loadUserWhenUserInfoSuccessResponseThenReturnUser() {
-		String userInfoResponse = "{\n" +
-			"	\"user-name\": \"user1\",\n" +
-			"   \"first-name\": \"first\",\n" +
-			"   \"last-name\": \"last\",\n" +
-			"   \"middle-name\": \"middle\",\n" +
-			"   \"address\": \"address\",\n" +
-			"   \"email\": \"user1@example.com\"\n" +
-			"}\n";
+		String userInfoResponse = "{\n" + "	\"user-name\": \"user1\",\n" + "   \"first-name\": \"first\",\n"
+				+ "   \"last-name\": \"last\",\n" + "   \"middle-name\": \"middle\",\n"
+				+ "   \"address\": \"address\",\n" + "   \"email\": \"user1@example.com\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(userInfoResponse));
 
 		String userInfoUri = this.server.url("/user").toString();
 
-		ClientRegistration clientRegistration = this.clientRegistrationBuilder
-				.userInfoUri(userInfoUri)
-				.userInfoAuthenticationMethod(AuthenticationMethod.HEADER)
-				.userNameAttributeName("user-name").build();
+		ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri)
+				.userInfoAuthenticationMethod(AuthenticationMethod.HEADER).userNameAttributeName("user-name").build();
 
 		OAuth2User user = this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken));
 
@@ -164,24 +159,19 @@ public class DefaultOAuth2UserServiceTests {
 	@Test
 	public void loadUserWhenUserInfoSuccessResponseInvalidThenThrowOAuth2AuthenticationException() {
 		this.exception.expect(OAuth2AuthenticationException.class);
-		this.exception.expectMessage(containsString("[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource"));
+		this.exception.expectMessage(containsString(
+				"[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource"));
 
-		String userInfoResponse = "{\n" +
-			"	\"user-name\": \"user1\",\n" +
-			"   \"first-name\": \"first\",\n" +
-			"   \"last-name\": \"last\",\n" +
-			"   \"middle-name\": \"middle\",\n" +
-			"   \"address\": \"address\",\n" +
-			"   \"email\": \"user1@example.com\"\n";
-//			"}\n";		// Make the JSON invalid/malformed
+		String userInfoResponse = "{\n" + "	\"user-name\": \"user1\",\n" + "   \"first-name\": \"first\",\n"
+				+ "   \"last-name\": \"last\",\n" + "   \"middle-name\": \"middle\",\n"
+				+ "   \"address\": \"address\",\n" + "   \"email\": \"user1@example.com\"\n";
+		// "}\n"; // Make the JSON invalid/malformed
 		this.server.enqueue(jsonResponse(userInfoResponse));
 
 		String userInfoUri = this.server.url("/user").toString();
 
-		ClientRegistration clientRegistration = this.clientRegistrationBuilder
-				.userInfoUri(userInfoUri)
-				.userInfoAuthenticationMethod(AuthenticationMethod.HEADER)
-				.userNameAttributeName("user-name").build();
+		ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri)
+				.userInfoAuthenticationMethod(AuthenticationMethod.HEADER).userNameAttributeName("user-name").build();
 
 		this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken));
 	}
@@ -189,8 +179,10 @@ public class DefaultOAuth2UserServiceTests {
 	@Test
 	public void loadUserWhenUserInfoErrorResponseWwwAuthenticateHeaderThenThrowOAuth2AuthenticationException() {
 		this.exception.expect(OAuth2AuthenticationException.class);
-		this.exception.expectMessage(containsString("[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource"));
-		this.exception.expectMessage(containsString("Error Code: insufficient_scope, Error Description: The access token expired"));
+		this.exception.expectMessage(containsString(
+				"[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource"));
+		this.exception.expectMessage(
+				containsString("Error Code: insufficient_scope, Error Description: The access token expired"));
 
 		String wwwAuthenticateHeader = "Bearer realm=\"auth-realm\" error=\"insufficient_scope\" error_description=\"The access token expired\"";
 
@@ -201,10 +193,8 @@ public class DefaultOAuth2UserServiceTests {
 
 		String userInfoUri = this.server.url("/user").toString();
 
-		ClientRegistration clientRegistration = this.clientRegistrationBuilder
-				.userInfoUri(userInfoUri)
-				.userInfoAuthenticationMethod(AuthenticationMethod.HEADER)
-				.userNameAttributeName("user-name").build();
+		ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri)
+				.userInfoAuthenticationMethod(AuthenticationMethod.HEADER).userNameAttributeName("user-name").build();
 
 		this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken));
 	}
@@ -212,20 +202,17 @@ public class DefaultOAuth2UserServiceTests {
 	@Test
 	public void loadUserWhenUserInfoErrorResponseThenThrowOAuth2AuthenticationException() {
 		this.exception.expect(OAuth2AuthenticationException.class);
-		this.exception.expectMessage(containsString("[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource"));
+		this.exception.expectMessage(containsString(
+				"[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource"));
 		this.exception.expectMessage(containsString("Error Code: invalid_token"));
 
-		String userInfoErrorResponse = "{\n" +
-				"   \"error\": \"invalid_token\"\n" +
-				"}\n";
+		String userInfoErrorResponse = "{\n" + "   \"error\": \"invalid_token\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(userInfoErrorResponse).setResponseCode(400));
 
 		String userInfoUri = this.server.url("/user").toString();
 
-		ClientRegistration clientRegistration = this.clientRegistrationBuilder
-				.userInfoUri(userInfoUri)
-				.userInfoAuthenticationMethod(AuthenticationMethod.HEADER)
-				.userNameAttributeName("user-name").build();
+		ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri)
+				.userInfoAuthenticationMethod(AuthenticationMethod.HEADER).userNameAttributeName("user-name").build();
 
 		this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken));
 	}
@@ -233,16 +220,15 @@ public class DefaultOAuth2UserServiceTests {
 	@Test
 	public void loadUserWhenServerErrorThenThrowOAuth2AuthenticationException() {
 		this.exception.expect(OAuth2AuthenticationException.class);
-		this.exception.expectMessage(containsString("[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource: 500 Server Error"));
+		this.exception.expectMessage(containsString(
+				"[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource: 500 Server Error"));
 
 		this.server.enqueue(new MockResponse().setResponseCode(500));
 
 		String userInfoUri = this.server.url("/user").toString();
 
-		ClientRegistration clientRegistration = this.clientRegistrationBuilder
-				.userInfoUri(userInfoUri)
-				.userInfoAuthenticationMethod(AuthenticationMethod.HEADER)
-				.userNameAttributeName("user-name").build();
+		ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri)
+				.userInfoAuthenticationMethod(AuthenticationMethod.HEADER).userNameAttributeName("user-name").build();
 
 		this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken));
 	}
@@ -250,14 +236,13 @@ public class DefaultOAuth2UserServiceTests {
 	@Test
 	public void loadUserWhenUserInfoUriInvalidThenThrowOAuth2AuthenticationException() {
 		this.exception.expect(OAuth2AuthenticationException.class);
-		this.exception.expectMessage(containsString("[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource"));
+		this.exception.expectMessage(containsString(
+				"[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource"));
 
 		String userInfoUri = "https://invalid-provider.com/user";
 
-		ClientRegistration clientRegistration = this.clientRegistrationBuilder
-				.userInfoUri(userInfoUri)
-				.userInfoAuthenticationMethod(AuthenticationMethod.HEADER)
-				.userNameAttributeName("user-name").build();
+		ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri)
+				.userInfoAuthenticationMethod(AuthenticationMethod.HEADER).userNameAttributeName("user-name").build();
 
 		this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken));
 	}
@@ -265,22 +250,15 @@ public class DefaultOAuth2UserServiceTests {
 	// gh-5294
 	@Test
 	public void loadUserWhenUserInfoSuccessResponseThenAcceptHeaderJson() throws Exception {
-		String userInfoResponse = "{\n" +
-				"	\"user-name\": \"user1\",\n" +
-				"   \"first-name\": \"first\",\n" +
-				"   \"last-name\": \"last\",\n" +
-				"   \"middle-name\": \"middle\",\n" +
-				"   \"address\": \"address\",\n" +
-				"   \"email\": \"user1@example.com\"\n" +
-				"}\n";
+		String userInfoResponse = "{\n" + "	\"user-name\": \"user1\",\n" + "   \"first-name\": \"first\",\n"
+				+ "   \"last-name\": \"last\",\n" + "   \"middle-name\": \"middle\",\n"
+				+ "   \"address\": \"address\",\n" + "   \"email\": \"user1@example.com\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(userInfoResponse));
 
 		String userInfoUri = this.server.url("/user").toString();
 
-		ClientRegistration clientRegistration = this.clientRegistrationBuilder
-				.userInfoUri(userInfoUri)
-				.userInfoAuthenticationMethod(AuthenticationMethod.HEADER)
-				.userNameAttributeName("user-name").build();
+		ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri)
+				.userInfoAuthenticationMethod(AuthenticationMethod.HEADER).userNameAttributeName("user-name").build();
 
 		this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken));
 		assertThat(this.server.takeRequest(1, TimeUnit.SECONDS).getHeader(HttpHeaders.ACCEPT))
@@ -290,49 +268,36 @@ public class DefaultOAuth2UserServiceTests {
 	// gh-5500
 	@Test
 	public void loadUserWhenAuthenticationMethodHeaderSuccessResponseThenHttpMethodGet() throws Exception {
-		String userInfoResponse = "{\n" +
-				"	\"user-name\": \"user1\",\n" +
-				"   \"first-name\": \"first\",\n" +
-				"   \"last-name\": \"last\",\n" +
-				"   \"middle-name\": \"middle\",\n" +
-				"   \"address\": \"address\",\n" +
-				"   \"email\": \"user1@example.com\"\n" +
-				"}\n";
+		String userInfoResponse = "{\n" + "	\"user-name\": \"user1\",\n" + "   \"first-name\": \"first\",\n"
+				+ "   \"last-name\": \"last\",\n" + "   \"middle-name\": \"middle\",\n"
+				+ "   \"address\": \"address\",\n" + "   \"email\": \"user1@example.com\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(userInfoResponse));
 
 		String userInfoUri = this.server.url("/user").toString();
 
-		ClientRegistration clientRegistration = this.clientRegistrationBuilder
-				.userInfoUri(userInfoUri)
-				.userInfoAuthenticationMethod(AuthenticationMethod.HEADER)
-				.userNameAttributeName("user-name").build();
+		ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri)
+				.userInfoAuthenticationMethod(AuthenticationMethod.HEADER).userNameAttributeName("user-name").build();
 
 		this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken));
 		RecordedRequest request = this.server.takeRequest();
 		assertThat(request.getMethod()).isEqualTo(HttpMethod.GET.name());
 		assertThat(request.getHeader(HttpHeaders.ACCEPT)).isEqualTo(MediaType.APPLICATION_JSON_VALUE);
-		assertThat(request.getHeader(HttpHeaders.AUTHORIZATION)).isEqualTo("Bearer " + this.accessToken.getTokenValue());
+		assertThat(request.getHeader(HttpHeaders.AUTHORIZATION))
+				.isEqualTo("Bearer " + this.accessToken.getTokenValue());
 	}
 
 	// gh-5500
 	@Test
 	public void loadUserWhenAuthenticationMethodFormSuccessResponseThenHttpMethodPost() throws Exception {
-		String userInfoResponse = "{\n" +
-				"	\"user-name\": \"user1\",\n" +
-				"   \"first-name\": \"first\",\n" +
-				"   \"last-name\": \"last\",\n" +
-				"   \"middle-name\": \"middle\",\n" +
-				"   \"address\": \"address\",\n" +
-				"   \"email\": \"user1@example.com\"\n" +
-				"}\n";
+		String userInfoResponse = "{\n" + "	\"user-name\": \"user1\",\n" + "   \"first-name\": \"first\",\n"
+				+ "   \"last-name\": \"last\",\n" + "   \"middle-name\": \"middle\",\n"
+				+ "   \"address\": \"address\",\n" + "   \"email\": \"user1@example.com\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(userInfoResponse));
 
 		String userInfoUri = this.server.url("/user").toString();
 
-		ClientRegistration clientRegistration = this.clientRegistrationBuilder
-				.userInfoUri(userInfoUri)
-				.userInfoAuthenticationMethod(AuthenticationMethod.FORM)
-				.userNameAttributeName("user-name").build();
+		ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri)
+				.userInfoAuthenticationMethod(AuthenticationMethod.FORM).userNameAttributeName("user-name").build();
 
 		this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken));
 		RecordedRequest request = this.server.takeRequest();
@@ -347,8 +312,8 @@ public class DefaultOAuth2UserServiceTests {
 		Map<String, Object> body = new HashMap<>();
 		body.put("id", "id");
 		DefaultOAuth2UserService userService = withMockResponse(body);
-		OAuth2UserRequest request = new OAuth2UserRequest(
-				clientRegistration().build(), scopes("message:read", "message:write"));
+		OAuth2UserRequest request = new OAuth2UserRequest(clientRegistration().build(),
+				scopes("message:read", "message:write"));
 		OAuth2User user = userService.loadUser(request);
 
 		assertThat(user.getAuthorities()).hasSize(3);
@@ -363,8 +328,7 @@ public class DefaultOAuth2UserServiceTests {
 		Map<String, Object> body = new HashMap<>();
 		body.put("id", "id");
 		DefaultOAuth2UserService userService = withMockResponse(body);
-		OAuth2UserRequest request = new OAuth2UserRequest(
-				clientRegistration().build(), noScopes());
+		OAuth2UserRequest request = new OAuth2UserRequest(clientRegistration().build(), noScopes());
 		OAuth2User user = userService.loadUser(request);
 
 		assertThat(user.getAuthorities()).hasSize(1);
@@ -379,18 +343,16 @@ public class DefaultOAuth2UserServiceTests {
 
 		this.exception.expect(OAuth2AuthenticationException.class);
 		this.exception.expectMessage(containsString(
-				"[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource " +
-						"from '" + userInfoUri + "': response contains invalid content type 'text/plain'."));
+				"[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource "
+						+ "from '" + userInfoUri + "': response contains invalid content type 'text/plain'."));
 
 		MockResponse response = new MockResponse();
 		response.setHeader(HttpHeaders.CONTENT_TYPE, MediaType.TEXT_PLAIN_VALUE);
 		response.setBody("invalid content type");
 		this.server.enqueue(response);
 
-		ClientRegistration clientRegistration = this.clientRegistrationBuilder
-				.userInfoUri(userInfoUri)
-				.userInfoAuthenticationMethod(AuthenticationMethod.HEADER)
-				.userNameAttributeName("user-name").build();
+		ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri)
+				.userInfoAuthenticationMethod(AuthenticationMethod.HEADER).userNameAttributeName("user-name").build();
 
 		this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken));
 	}
@@ -408,8 +370,7 @@ public class DefaultOAuth2UserServiceTests {
 	}
 
 	private MockResponse jsonResponse(String json) {
-		return new MockResponse()
-				.setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE)
-				.setBody(json);
+		return new MockResponse().setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE).setBody(json);
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserServiceTests.java
index 476033286a..c4bbe2b1e2 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserServiceTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserServiceTests.java
@@ -65,12 +65,13 @@ import static org.springframework.security.oauth2.core.TestOAuth2AccessTokens.sc
  * @since 5.1
  */
 public class DefaultReactiveOAuth2UserServiceTests {
+
 	private ClientRegistration.Builder clientRegistration;
 
 	private DefaultReactiveOAuth2UserService userService = new DefaultReactiveOAuth2UserService();
 
-	private OAuth2AccessToken accessToken = new OAuth2AccessToken(
-			OAuth2AccessToken.TokenType.BEARER, "access-token", Instant.now(), Instant.now().plus(Duration.ofDays(1)));
+	private OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, "access-token",
+			Instant.now(), Instant.now().plus(Duration.ofDays(1)));
 
 	private MockWebServer server;
 
@@ -81,8 +82,7 @@ public class DefaultReactiveOAuth2UserServiceTests {
 
 		String userInfoUri = this.server.url("/user").toString();
 
-		this.clientRegistration = TestClientRegistrations.clientRegistration()
-				.userInfoUri(userInfoUri);
+		this.clientRegistration = TestClientRegistrations.clientRegistration().userInfoUri(userInfoUri);
 	}
 
 	@After
@@ -93,20 +93,15 @@ public class DefaultReactiveOAuth2UserServiceTests {
 	@Test
 	public void loadUserWhenUserRequestIsNullThenThrowIllegalArgumentException() {
 		OAuth2UserRequest request = null;
-		StepVerifier.create(this.userService.loadUser(request))
-			.expectError(IllegalArgumentException.class)
-			.verify();
+		StepVerifier.create(this.userService.loadUser(request)).expectError(IllegalArgumentException.class).verify();
 	}
 
 	@Test
 	public void loadUserWhenUserInfoUriIsNullThenThrowOAuth2AuthenticationException() {
 		this.clientRegistration.userInfoUri(null);
 
-		StepVerifier.create(this.userService.loadUser(oauth2UserRequest()))
-				.expectErrorSatisfies(t -> assertThat(t)
-						.isInstanceOf(OAuth2AuthenticationException.class)
-						.hasMessageContaining("missing_user_info_uri")
-				)
+		StepVerifier.create(this.userService.loadUser(oauth2UserRequest())).expectErrorSatisfies(t -> assertThat(t)
+				.isInstanceOf(OAuth2AuthenticationException.class).hasMessageContaining("missing_user_info_uri"))
 				.verify();
 	}
 
@@ -114,24 +109,16 @@ public class DefaultReactiveOAuth2UserServiceTests {
 	public void loadUserWhenUserNameAttributeNameIsNullThenThrowOAuth2AuthenticationException() {
 		this.clientRegistration.userNameAttributeName(null);
 
-		StepVerifier.create(this.userService.loadUser(oauth2UserRequest()))
-				.expectErrorSatisfies(t -> assertThat(t)
-						.isInstanceOf(OAuth2AuthenticationException.class)
-						.hasMessageContaining("missing_user_name_attribute")
-				)
+		StepVerifier.create(this.userService.loadUser(oauth2UserRequest())).expectErrorSatisfies(t -> assertThat(t)
+				.isInstanceOf(OAuth2AuthenticationException.class).hasMessageContaining("missing_user_name_attribute"))
 				.verify();
 	}
 
 	@Test
 	public void loadUserWhenUserInfoSuccessResponseThenReturnUser() {
-		String userInfoResponse = "{\n" +
-				"	\"id\": \"user1\",\n" +
-				"   \"first-name\": \"first\",\n" +
-				"   \"last-name\": \"last\",\n" +
-				"   \"middle-name\": \"middle\",\n" +
-				"   \"address\": \"address\",\n" +
-				"   \"email\": \"user1@example.com\"\n" +
-				"}\n";
+		String userInfoResponse = "{\n" + "	\"id\": \"user1\",\n" + "   \"first-name\": \"first\",\n"
+				+ "   \"last-name\": \"last\",\n" + "   \"middle-name\": \"middle\",\n"
+				+ "   \"address\": \"address\",\n" + "   \"email\": \"user1@example.com\"\n" + "}\n";
 		enqueueApplicationJsonBody(userInfoResponse);
 
 		OAuth2User user = this.userService.loadUser(oauth2UserRequest()).block();
@@ -156,14 +143,9 @@ public class DefaultReactiveOAuth2UserServiceTests {
 	@Test
 	public void loadUserWhenAuthenticationMethodHeaderSuccessResponseThenHttpMethodGet() throws Exception {
 		this.clientRegistration.userInfoAuthenticationMethod(AuthenticationMethod.HEADER);
-		String userInfoResponse = "{\n" +
-				"	\"id\": \"user1\",\n" +
-				"   \"first-name\": \"first\",\n" +
-				"   \"last-name\": \"last\",\n" +
-				"   \"middle-name\": \"middle\",\n" +
-				"   \"address\": \"address\",\n" +
-				"   \"email\": \"user1@example.com\"\n" +
-				"}\n";
+		String userInfoResponse = "{\n" + "	\"id\": \"user1\",\n" + "   \"first-name\": \"first\",\n"
+				+ "   \"last-name\": \"last\",\n" + "   \"middle-name\": \"middle\",\n"
+				+ "   \"address\": \"address\",\n" + "   \"email\": \"user1@example.com\"\n" + "}\n";
 		enqueueApplicationJsonBody(userInfoResponse);
 
 		this.userService.loadUser(oauth2UserRequest()).block();
@@ -171,21 +153,17 @@ public class DefaultReactiveOAuth2UserServiceTests {
 		RecordedRequest request = this.server.takeRequest();
 		assertThat(request.getMethod()).isEqualTo(HttpMethod.GET.name());
 		assertThat(request.getHeader(HttpHeaders.ACCEPT)).isEqualTo(MediaType.APPLICATION_JSON_VALUE);
-		assertThat(request.getHeader(HttpHeaders.AUTHORIZATION)).isEqualTo("Bearer " + this.accessToken.getTokenValue());
+		assertThat(request.getHeader(HttpHeaders.AUTHORIZATION))
+				.isEqualTo("Bearer " + this.accessToken.getTokenValue());
 	}
 
 	// gh-5500
 	@Test
 	public void loadUserWhenAuthenticationMethodFormSuccessResponseThenHttpMethodPost() throws Exception {
-		this.clientRegistration.userInfoAuthenticationMethod( AuthenticationMethod.FORM);
-		String userInfoResponse = "{\n" +
-				"	\"id\": \"user1\",\n" +
-				"   \"first-name\": \"first\",\n" +
-				"   \"last-name\": \"last\",\n" +
-				"   \"middle-name\": \"middle\",\n" +
-				"   \"address\": \"address\",\n" +
-				"   \"email\": \"user1@example.com\"\n" +
-				"}\n";
+		this.clientRegistration.userInfoAuthenticationMethod(AuthenticationMethod.FORM);
+		String userInfoResponse = "{\n" + "	\"id\": \"user1\",\n" + "   \"first-name\": \"first\",\n"
+				+ "   \"last-name\": \"last\",\n" + "   \"middle-name\": \"middle\",\n"
+				+ "   \"address\": \"address\",\n" + "   \"email\": \"user1@example.com\"\n" + "}\n";
 		enqueueApplicationJsonBody(userInfoResponse);
 
 		this.userService.loadUser(oauth2UserRequest()).block();
@@ -199,28 +177,23 @@ public class DefaultReactiveOAuth2UserServiceTests {
 
 	@Test
 	public void loadUserWhenUserInfoSuccessResponseInvalidThenThrowOAuth2AuthenticationException() {
-		String userInfoResponse = "{\n" +
-				"	\"id\": \"user1\",\n" +
-				"   \"first-name\": \"first\",\n" +
-				"   \"last-name\": \"last\",\n" +
-				"   \"middle-name\": \"middle\",\n" +
-				"   \"address\": \"address\",\n" +
-				"   \"email\": \"user1@example.com\"\n";
-		//			"}\n";		// Make the JSON invalid/malformed
+		String userInfoResponse = "{\n" + "	\"id\": \"user1\",\n" + "   \"first-name\": \"first\",\n"
+				+ "   \"last-name\": \"last\",\n" + "   \"middle-name\": \"middle\",\n"
+				+ "   \"address\": \"address\",\n" + "   \"email\": \"user1@example.com\"\n";
+		// "}\n"; // Make the JSON invalid/malformed
 		enqueueApplicationJsonBody(userInfoResponse);
 
 		assertThatThrownBy(() -> this.userService.loadUser(oauth2UserRequest()).block())
-			.isInstanceOf(OAuth2AuthenticationException.class)
-			.hasMessageContaining("invalid_user_info_response");
+				.isInstanceOf(OAuth2AuthenticationException.class).hasMessageContaining("invalid_user_info_response");
 	}
 
 	@Test
 	public void loadUserWhenUserInfoErrorResponseThenThrowOAuth2AuthenticationException() {
-		this.server.enqueue(new MockResponse().setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE).setResponseCode(500).setBody("{}"));
+		this.server.enqueue(new MockResponse().setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE)
+				.setResponseCode(500).setBody("{}"));
 
 		assertThatThrownBy(() -> this.userService.loadUser(oauth2UserRequest()).block())
-				.isInstanceOf(OAuth2AuthenticationException.class)
-				.hasMessageContaining("invalid_user_info_response");
+				.isInstanceOf(OAuth2AuthenticationException.class).hasMessageContaining("invalid_user_info_response");
 	}
 
 	@Test
@@ -235,8 +208,8 @@ public class DefaultReactiveOAuth2UserServiceTests {
 		Map<String, Object> body = new HashMap<>();
 		body.put("id", "id");
 		DefaultReactiveOAuth2UserService userService = withMockResponse(body);
-		OAuth2UserRequest request = new OAuth2UserRequest(
-				clientRegistration().build(), scopes("message:read", "message:write"));
+		OAuth2UserRequest request = new OAuth2UserRequest(clientRegistration().build(),
+				scopes("message:read", "message:write"));
 		OAuth2User user = userService.loadUser(request).block();
 
 		assertThat(user.getAuthorities()).hasSize(3);
@@ -251,8 +224,7 @@ public class DefaultReactiveOAuth2UserServiceTests {
 		Map<String, Object> body = new HashMap<>();
 		body.put("id", "id");
 		DefaultReactiveOAuth2UserService userService = withMockResponse(body);
-		OAuth2UserRequest request = new OAuth2UserRequest(
-				clientRegistration().build(), noScopes());
+		OAuth2UserRequest request = new OAuth2UserRequest(clientRegistration().build(), noScopes());
 		OAuth2User user = userService.loadUser(request).block();
 
 		assertThat(user.getAuthorities()).hasSize(1);
@@ -271,10 +243,11 @@ public class DefaultReactiveOAuth2UserServiceTests {
 		OAuth2UserRequest userRequest = oauth2UserRequest();
 
 		assertThatThrownBy(() -> this.userService.loadUser(userRequest).block())
-				.isInstanceOf(OAuth2AuthenticationException.class)
-				.hasMessageContaining("[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource from '" +
-						userRequest.getClientRegistration().getProviderDetails().getUserInfoEndpoint().getUri() + "': " +
-						"response contains invalid content type 'text/plain'");
+				.isInstanceOf(OAuth2AuthenticationException.class).hasMessageContaining(
+						"[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource from '"
+								+ userRequest.getClientRegistration().getProviderDetails().getUserInfoEndpoint()
+										.getUri()
+								+ "': " + "response contains invalid content type 'text/plain'");
 	}
 
 	private DefaultReactiveOAuth2UserService withMockResponse(Map<String, Object> body) {
@@ -284,10 +257,8 @@ public class DefaultReactiveOAuth2UserServiceTests {
 		WebClient.ResponseSpec clientResponse = mock(WebClient.ResponseSpec.class);
 		when(rest.get()).thenReturn(spec);
 		when(spec.retrieve()).thenReturn(clientResponse);
-		when(clientResponse.onStatus(any(Predicate.class), any(Function.class)))
-				.thenReturn(clientResponse);
-		when(clientResponse.bodyToMono(any(ParameterizedTypeReference.class)))
-				.thenReturn(Mono.just(body));
+		when(clientResponse.onStatus(any(Predicate.class), any(Function.class))).thenReturn(clientResponse);
+		when(clientResponse.bodyToMono(any(ParameterizedTypeReference.class))).thenReturn(Mono.just(body));
 
 		DefaultReactiveOAuth2UserService userService = new DefaultReactiveOAuth2UserService();
 		userService.setWebClient(rest);
@@ -300,8 +271,8 @@ public class DefaultReactiveOAuth2UserServiceTests {
 
 	private void enqueueApplicationJsonBody(String json) {
 
-		this.server.enqueue(new MockResponse()
-				.setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE)
-				.setBody(json));
+		this.server.enqueue(
+				new MockResponse().setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE).setBody(json));
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DelegatingOAuth2UserServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DelegatingOAuth2UserServiceTests.java
index f43b18a0ae..976841b553 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DelegatingOAuth2UserServiceTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DelegatingOAuth2UserServiceTests.java
@@ -46,8 +46,7 @@ public class DelegatingOAuth2UserServiceTests {
 	@Test(expected = IllegalArgumentException.class)
 	@SuppressWarnings("unchecked")
 	public void loadUserWhenUserRequestIsNullThenThrowIllegalArgumentException() {
-		DelegatingOAuth2UserService<OAuth2UserRequest, OAuth2User> delegatingUserService =
-			new DelegatingOAuth2UserService<>(
+		DelegatingOAuth2UserService<OAuth2UserRequest, OAuth2User> delegatingUserService = new DelegatingOAuth2UserService<>(
 				Arrays.asList(mock(OAuth2UserService.class), mock(OAuth2UserService.class)));
 		delegatingUserService.loadUser(null);
 	}
@@ -61,8 +60,8 @@ public class DelegatingOAuth2UserServiceTests {
 		OAuth2User mockUser = mock(OAuth2User.class);
 		when(userService3.loadUser(any(OAuth2UserRequest.class))).thenReturn(mockUser);
 
-		DelegatingOAuth2UserService<OAuth2UserRequest, OAuth2User> delegatingUserService =
-			new DelegatingOAuth2UserService<>(Arrays.asList(userService1, userService2, userService3));
+		DelegatingOAuth2UserService<OAuth2UserRequest, OAuth2User> delegatingUserService = new DelegatingOAuth2UserService<>(
+				Arrays.asList(userService1, userService2, userService3));
 
 		OAuth2User loadedUser = delegatingUserService.loadUser(mock(OAuth2UserRequest.class));
 		assertThat(loadedUser).isEqualTo(mockUser);
@@ -75,10 +74,11 @@ public class DelegatingOAuth2UserServiceTests {
 		OAuth2UserService<OAuth2UserRequest, OAuth2User> userService2 = mock(OAuth2UserService.class);
 		OAuth2UserService<OAuth2UserRequest, OAuth2User> userService3 = mock(OAuth2UserService.class);
 
-		DelegatingOAuth2UserService<OAuth2UserRequest, OAuth2User> delegatingUserService =
-			new DelegatingOAuth2UserService<>(Arrays.asList(userService1, userService2, userService3));
+		DelegatingOAuth2UserService<OAuth2UserRequest, OAuth2User> delegatingUserService = new DelegatingOAuth2UserService<>(
+				Arrays.asList(userService1, userService2, userService3));
 
 		OAuth2User loadedUser = delegatingUserService.loadUser(mock(OAuth2UserRequest.class));
 		assertThat(loadedUser).isNull();
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequestEntityConverterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequestEntityConverterTests.java
index 4ad9d4e4aa..1d24762f7d 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequestEntityConverterTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequestEntityConverterTests.java
@@ -40,56 +40,54 @@ import static org.springframework.http.MediaType.APPLICATION_FORM_URLENCODED_VAL
  * @author Joe Grandja
  */
 public class OAuth2UserRequestEntityConverterTests {
+
 	private OAuth2UserRequestEntityConverter converter = new OAuth2UserRequestEntityConverter();
 
 	@SuppressWarnings("unchecked")
 	@Test
 	public void convertWhenAuthenticationMethodHeaderThenGetRequest() {
 		ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build();
-		OAuth2UserRequest userRequest = new OAuth2UserRequest(
-				clientRegistration, this.createAccessToken());
+		OAuth2UserRequest userRequest = new OAuth2UserRequest(clientRegistration, this.createAccessToken());
 
 		RequestEntity<?> requestEntity = this.converter.convert(userRequest);
 
 		assertThat(requestEntity.getMethod()).isEqualTo(HttpMethod.GET);
-		assertThat(requestEntity.getUrl().toASCIIString()).isEqualTo(
-				clientRegistration.getProviderDetails().getUserInfoEndpoint().getUri());
+		assertThat(requestEntity.getUrl().toASCIIString())
+				.isEqualTo(clientRegistration.getProviderDetails().getUserInfoEndpoint().getUri());
 
 		HttpHeaders headers = requestEntity.getHeaders();
 		assertThat(headers.getAccept()).contains(MediaType.APPLICATION_JSON);
-		assertThat(headers.getFirst(HttpHeaders.AUTHORIZATION)).isEqualTo(
-				"Bearer " + userRequest.getAccessToken().getTokenValue());
+		assertThat(headers.getFirst(HttpHeaders.AUTHORIZATION))
+				.isEqualTo("Bearer " + userRequest.getAccessToken().getTokenValue());
 	}
 
 	@SuppressWarnings("unchecked")
 	@Test
 	public void convertWhenAuthenticationMethodFormThenPostRequest() {
 		ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration()
-				.userInfoAuthenticationMethod(AuthenticationMethod.FORM)
-				.build();
-		OAuth2UserRequest userRequest = new OAuth2UserRequest(
-				clientRegistration, this.createAccessToken());
+				.userInfoAuthenticationMethod(AuthenticationMethod.FORM).build();
+		OAuth2UserRequest userRequest = new OAuth2UserRequest(clientRegistration, this.createAccessToken());
 
 		RequestEntity<?> requestEntity = this.converter.convert(userRequest);
 
 		assertThat(requestEntity.getMethod()).isEqualTo(HttpMethod.POST);
-		assertThat(requestEntity.getUrl().toASCIIString()).isEqualTo(
-				clientRegistration.getProviderDetails().getUserInfoEndpoint().getUri());
+		assertThat(requestEntity.getUrl().toASCIIString())
+				.isEqualTo(clientRegistration.getProviderDetails().getUserInfoEndpoint().getUri());
 
 		HttpHeaders headers = requestEntity.getHeaders();
 		assertThat(headers.getAccept()).contains(MediaType.APPLICATION_JSON);
-		assertThat(headers.getContentType()).isEqualTo(
-				MediaType.valueOf(APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8"));
+		assertThat(headers.getContentType())
+				.isEqualTo(MediaType.valueOf(APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8"));
 
 		MultiValueMap<String, String> formParameters = (MultiValueMap<String, String>) requestEntity.getBody();
-		assertThat(formParameters.getFirst(OAuth2ParameterNames.ACCESS_TOKEN)).isEqualTo(
-				userRequest.getAccessToken().getTokenValue());
+		assertThat(formParameters.getFirst(OAuth2ParameterNames.ACCESS_TOKEN))
+				.isEqualTo(userRequest.getAccessToken().getTokenValue());
 	}
 
 	private OAuth2AccessToken createAccessToken() {
-		OAuth2AccessToken accessToken = new OAuth2AccessToken(
-				OAuth2AccessToken.TokenType.BEARER, "access-token-1234", Instant.now(),
-				Instant.now().plusSeconds(3600), new LinkedHashSet<>(Arrays.asList("read", "write")));
+		OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, "access-token-1234",
+				Instant.now(), Instant.now().plusSeconds(3600), new LinkedHashSet<>(Arrays.asList("read", "write")));
 		return accessToken;
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequestTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequestTests.java
index 48dcd5eea4..4b683b86cb 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequestTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequestTests.java
@@ -37,26 +37,23 @@ import static org.assertj.core.api.Assertions.assertThatThrownBy;
  * @author Joe Grandja
  */
 public class OAuth2UserRequestTests {
+
 	private ClientRegistration clientRegistration;
+
 	private OAuth2AccessToken accessToken;
+
 	private Map<String, Object> additionalParameters;
 
 	@Before
 	public void setUp() {
-		this.clientRegistration = ClientRegistration.withRegistrationId("registration-1")
-				.clientId("client-1")
-				.clientSecret("secret")
-				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
-				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
-				.redirectUri("https://client.com")
+		this.clientRegistration = ClientRegistration.withRegistrationId("registration-1").clientId("client-1")
+				.clientSecret("secret").clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
+				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).redirectUri("https://client.com")
 				.scope(new LinkedHashSet<>(Arrays.asList("scope1", "scope2")))
 				.authorizationUri("https://provider.com/oauth2/authorization")
-				.tokenUri("https://provider.com/oauth2/token")
-				.clientName("Client 1")
-				.build();
-		this.accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,
-				"access-token-1234", Instant.now(), Instant.now().plusSeconds(60),
-				new LinkedHashSet<>(Arrays.asList("scope1", "scope2")));
+				.tokenUri("https://provider.com/oauth2/token").clientName("Client 1").build();
+		this.accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, "access-token-1234", Instant.now(),
+				Instant.now().plusSeconds(60), new LinkedHashSet<>(Arrays.asList("scope1", "scope2")));
 		this.additionalParameters = new HashMap<>();
 		this.additionalParameters.put("param1", "value1");
 		this.additionalParameters.put("param2", "value2");
@@ -76,11 +73,12 @@ public class OAuth2UserRequestTests {
 
 	@Test
 	public void constructorWhenAllParametersProvidedAndValidThenCreated() {
-		OAuth2UserRequest userRequest = new OAuth2UserRequest(
-				this.clientRegistration, this.accessToken, this.additionalParameters);
+		OAuth2UserRequest userRequest = new OAuth2UserRequest(this.clientRegistration, this.accessToken,
+				this.additionalParameters);
 
 		assertThat(userRequest.getClientRegistration()).isEqualTo(this.clientRegistration);
 		assertThat(userRequest.getAccessToken()).isEqualTo(this.accessToken);
 		assertThat(userRequest.getAdditionalParameters()).containsAllEntriesOf(this.additionalParameters);
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/AuthenticatedPrincipalOAuth2AuthorizedClientRepositoryTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/AuthenticatedPrincipalOAuth2AuthorizedClientRepositoryTests.java
index e625e362b7..6d1f516676 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/AuthenticatedPrincipalOAuth2AuthorizedClientRepositoryTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/AuthenticatedPrincipalOAuth2AuthorizedClientRepositoryTests.java
@@ -36,20 +36,29 @@ import static org.mockito.Mockito.verify;
  * @author Joe Grandja
  */
 public class AuthenticatedPrincipalOAuth2AuthorizedClientRepositoryTests {
+
 	private String registrationId = "registrationId";
+
 	private String principalName = "principalName";
+
 	private OAuth2AuthorizedClientService authorizedClientService;
+
 	private OAuth2AuthorizedClientRepository anonymousAuthorizedClientRepository;
+
 	private AuthenticatedPrincipalOAuth2AuthorizedClientRepository authorizedClientRepository;
+
 	private MockHttpServletRequest request;
+
 	private MockHttpServletResponse response;
 
 	@Before
 	public void setup() {
 		this.authorizedClientService = mock(OAuth2AuthorizedClientService.class);
 		this.anonymousAuthorizedClientRepository = mock(OAuth2AuthorizedClientRepository.class);
-		this.authorizedClientRepository = new AuthenticatedPrincipalOAuth2AuthorizedClientRepository(this.authorizedClientService);
-		this.authorizedClientRepository.setAnonymousAuthorizedClientRepository(this.anonymousAuthorizedClientRepository);
+		this.authorizedClientRepository = new AuthenticatedPrincipalOAuth2AuthorizedClientRepository(
+				this.authorizedClientService);
+		this.authorizedClientRepository
+				.setAnonymousAuthorizedClientRepository(this.anonymousAuthorizedClientRepository);
 		this.request = new MockHttpServletRequest();
 		this.response = new MockHttpServletResponse();
 	}
@@ -77,14 +86,16 @@ public class AuthenticatedPrincipalOAuth2AuthorizedClientRepositoryTests {
 	public void loadAuthorizedClientWhenAnonymousPrincipalThenLoadFromAnonymousRepository() {
 		Authentication authentication = this.createAnonymousPrincipal();
 		this.authorizedClientRepository.loadAuthorizedClient(this.registrationId, authentication, this.request);
-		verify(this.anonymousAuthorizedClientRepository).loadAuthorizedClient(this.registrationId, authentication, this.request);
+		verify(this.anonymousAuthorizedClientRepository).loadAuthorizedClient(this.registrationId, authentication,
+				this.request);
 	}
 
 	@Test
 	public void saveAuthorizedClientWhenAuthenticatedPrincipalThenSaveToService() {
 		Authentication authentication = this.createAuthenticatedPrincipal();
 		OAuth2AuthorizedClient authorizedClient = mock(OAuth2AuthorizedClient.class);
-		this.authorizedClientRepository.saveAuthorizedClient(authorizedClient, authentication, this.request, this.response);
+		this.authorizedClientRepository.saveAuthorizedClient(authorizedClient, authentication, this.request,
+				this.response);
 		verify(this.authorizedClientService).saveAuthorizedClient(authorizedClient, authentication);
 	}
 
@@ -92,22 +103,27 @@ public class AuthenticatedPrincipalOAuth2AuthorizedClientRepositoryTests {
 	public void saveAuthorizedClientWhenAnonymousPrincipalThenSaveToAnonymousRepository() {
 		Authentication authentication = this.createAnonymousPrincipal();
 		OAuth2AuthorizedClient authorizedClient = mock(OAuth2AuthorizedClient.class);
-		this.authorizedClientRepository.saveAuthorizedClient(authorizedClient, authentication, this.request, this.response);
-		verify(this.anonymousAuthorizedClientRepository).saveAuthorizedClient(authorizedClient, authentication, this.request, this.response);
+		this.authorizedClientRepository.saveAuthorizedClient(authorizedClient, authentication, this.request,
+				this.response);
+		verify(this.anonymousAuthorizedClientRepository).saveAuthorizedClient(authorizedClient, authentication,
+				this.request, this.response);
 	}
 
 	@Test
 	public void removeAuthorizedClientWhenAuthenticatedPrincipalThenRemoveFromService() {
 		Authentication authentication = this.createAuthenticatedPrincipal();
-		this.authorizedClientRepository.removeAuthorizedClient(this.registrationId, authentication, this.request, this.response);
+		this.authorizedClientRepository.removeAuthorizedClient(this.registrationId, authentication, this.request,
+				this.response);
 		verify(this.authorizedClientService).removeAuthorizedClient(this.registrationId, this.principalName);
 	}
 
 	@Test
 	public void removeAuthorizedClientWhenAnonymousPrincipalThenRemoveFromAnonymousRepository() {
 		Authentication authentication = this.createAnonymousPrincipal();
-		this.authorizedClientRepository.removeAuthorizedClient(this.registrationId, authentication, this.request, this.response);
-		verify(this.anonymousAuthorizedClientRepository).removeAuthorizedClient(this.registrationId, authentication, this.request, this.response);
+		this.authorizedClientRepository.removeAuthorizedClient(this.registrationId, authentication, this.request,
+				this.response);
+		verify(this.anonymousAuthorizedClientRepository).removeAuthorizedClient(this.registrationId, authentication,
+				this.request, this.response);
 	}
 
 	private Authentication createAuthenticatedPrincipal() {
@@ -117,6 +133,8 @@ public class AuthenticatedPrincipalOAuth2AuthorizedClientRepositoryTests {
 	}
 
 	private Authentication createAnonymousPrincipal() {
-		return new AnonymousAuthenticationToken("key-1234", "anonymousUser", AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS"));
+		return new AnonymousAuthenticationToken("key-1234", "anonymousUser",
+				AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS"));
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolverTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolverTests.java
index 2a861520a5..06272933ec 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolverTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolverTests.java
@@ -45,13 +45,21 @@ import static org.assertj.core.api.Assertions.entry;
  * @author Joe Grandja
  */
 public class DefaultOAuth2AuthorizationRequestResolverTests {
+
 	private ClientRegistration registration1;
+
 	private ClientRegistration registration2;
+
 	private ClientRegistration fineRedirectUriTemplateRegistration;
+
 	private ClientRegistration pkceRegistration;
+
 	private ClientRegistration oidcRegistration;
+
 	private ClientRegistrationRepository clientRegistrationRepository;
+
 	private final String authorizationRequestBaseUri = "/oauth2/authorization";
+
 	private DefaultOAuth2AuthorizationRequestResolver resolver;
 
 	@Before
@@ -60,19 +68,15 @@ public class DefaultOAuth2AuthorizationRequestResolverTests {
 		this.registration2 = TestClientRegistrations.clientRegistration2().build();
 		this.fineRedirectUriTemplateRegistration = fineRedirectUriTemplateClientRegistration().build();
 		this.pkceRegistration = TestClientRegistrations.clientRegistration()
-				.registrationId("pkce-client-registration-id")
-				.clientId("pkce-client-id")
-				.clientAuthenticationMethod(ClientAuthenticationMethod.NONE)
-				.clientSecret(null)
-				.build();
-		this.oidcRegistration = TestClientRegistrations.clientRegistration()
-				.registrationId("oidc-registration-id")
+				.registrationId("pkce-client-registration-id").clientId("pkce-client-id")
+				.clientAuthenticationMethod(ClientAuthenticationMethod.NONE).clientSecret(null).build();
+		this.oidcRegistration = TestClientRegistrations.clientRegistration().registrationId("oidc-registration-id")
 				.scope(OidcScopes.OPENID).build();
-		this.clientRegistrationRepository = new InMemoryClientRegistrationRepository(
-				this.registration1, this.registration2, this.fineRedirectUriTemplateRegistration,
-				this.pkceRegistration, this.oidcRegistration);
-		this.resolver = new DefaultOAuth2AuthorizationRequestResolver(
-				this.clientRegistrationRepository, this.authorizationRequestBaseUri);
+		this.clientRegistrationRepository = new InMemoryClientRegistrationRepository(this.registration1,
+				this.registration2, this.fineRedirectUriTemplateRegistration, this.pkceRegistration,
+				this.oidcRegistration);
+		this.resolver = new DefaultOAuth2AuthorizationRequestResolver(this.clientRegistrationRepository,
+				this.authorizationRequestBaseUri);
 	}
 
 	@Test
@@ -125,13 +129,14 @@ public class DefaultOAuth2AuthorizationRequestResolverTests {
 	@Test
 	public void resolveWhenAuthorizationRequestWithInvalidClientThenThrowIllegalArgumentException() {
 		ClientRegistration clientRegistration = this.registration1;
-		String requestUri = this.authorizationRequestBaseUri + "/" + clientRegistration.getRegistrationId() + "-invalid";
+		String requestUri = this.authorizationRequestBaseUri + "/" + clientRegistration.getRegistrationId()
+				+ "-invalid";
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri);
 		request.setServletPath(requestUri);
 
-		assertThatThrownBy(() -> this.resolver.resolve(request))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("Invalid Client Registration with Id: " + clientRegistration.getRegistrationId() + "-invalid");
+		assertThatThrownBy(() -> this.resolver.resolve(request)).isInstanceOf(IllegalArgumentException.class)
+				.hasMessage(
+						"Invalid Client Registration with Id: " + clientRegistration.getRegistrationId() + "-invalid");
 	}
 
 	@Test
@@ -143,8 +148,8 @@ public class DefaultOAuth2AuthorizationRequestResolverTests {
 
 		OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request);
 		assertThat(authorizationRequest).isNotNull();
-		assertThat(authorizationRequest.getAuthorizationUri()).isEqualTo(
-				clientRegistration.getProviderDetails().getAuthorizationUri());
+		assertThat(authorizationRequest.getAuthorizationUri())
+				.isEqualTo(clientRegistration.getProviderDetails().getAuthorizationUri());
 		assertThat(authorizationRequest.getGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
 		assertThat(authorizationRequest.getResponseType()).isEqualTo(OAuth2AuthorizationResponseType.CODE);
 		assertThat(authorizationRequest.getClientId()).isEqualTo(clientRegistration.getClientId());
@@ -152,14 +157,14 @@ public class DefaultOAuth2AuthorizationRequestResolverTests {
 				.isEqualTo("http://localhost/login/oauth2/code/" + clientRegistration.getRegistrationId());
 		assertThat(authorizationRequest.getScopes()).isEqualTo(clientRegistration.getScopes());
 		assertThat(authorizationRequest.getState()).isNotNull();
-		assertThat(authorizationRequest.getAdditionalParameters()).doesNotContainKey(OAuth2ParameterNames.REGISTRATION_ID);
+		assertThat(authorizationRequest.getAdditionalParameters())
+				.doesNotContainKey(OAuth2ParameterNames.REGISTRATION_ID);
 		assertThat(authorizationRequest.getAttributes())
 				.containsExactly(entry(OAuth2ParameterNames.REGISTRATION_ID, clientRegistration.getRegistrationId()));
 		assertThat(authorizationRequest.getAuthorizationRequestUri())
-				.matches("https://example.com/login/oauth/authorize\\?" +
-						"response_type=code&client_id=client-id&" +
-						"scope=read:user&state=.{15,}&" +
-						"redirect_uri=http://localhost/login/oauth2/code/registration-id");
+				.matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id&"
+						+ "scope=read:user&state=.{15,}&"
+						+ "redirect_uri=http://localhost/login/oauth2/code/registration-id");
 	}
 
 	@Test
@@ -169,7 +174,8 @@ public class DefaultOAuth2AuthorizationRequestResolverTests {
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri);
 		request.setServletPath(requestUri);
 
-		OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request, clientRegistration.getRegistrationId());
+		OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request,
+				clientRegistration.getRegistrationId());
 		assertThat(authorizationRequest).isNotNull();
 		assertThat(authorizationRequest.getAttributes())
 				.containsExactly(entry(OAuth2ParameterNames.REGISTRATION_ID, clientRegistration.getRegistrationId()));
@@ -183,10 +189,9 @@ public class DefaultOAuth2AuthorizationRequestResolverTests {
 		request.setServletPath(requestUri);
 
 		OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request);
-		assertThat(authorizationRequest.getRedirectUri()).isNotEqualTo(
-				clientRegistration.getRedirectUri());
-		assertThat(authorizationRequest.getRedirectUri()).isEqualTo(
-				"http://localhost/login/oauth2/code/" + clientRegistration.getRegistrationId());
+		assertThat(authorizationRequest.getRedirectUri()).isNotEqualTo(clientRegistration.getRedirectUri());
+		assertThat(authorizationRequest.getRedirectUri())
+				.isEqualTo("http://localhost/login/oauth2/code/" + clientRegistration.getRegistrationId());
 	}
 
 	@Test
@@ -199,8 +204,8 @@ public class DefaultOAuth2AuthorizationRequestResolverTests {
 
 		OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request);
 		assertThat(authorizationRequest.getRedirectUri()).isNotEqualTo(clientRegistration.getRedirectUri());
-		assertThat(authorizationRequest.getRedirectUri()).isEqualTo(
-				"http://localhost:8080/login/oauth2/code/" + clientRegistration.getRegistrationId());
+		assertThat(authorizationRequest.getRedirectUri())
+				.isEqualTo("http://localhost:8080/login/oauth2/code/" + clientRegistration.getRegistrationId());
 	}
 
 	@Test
@@ -214,8 +219,8 @@ public class DefaultOAuth2AuthorizationRequestResolverTests {
 
 		OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request);
 		assertThat(authorizationRequest.getRedirectUri()).isNotEqualTo(clientRegistration.getRedirectUri());
-		assertThat(authorizationRequest.getRedirectUri()).isEqualTo(
-				"https://localhost:8081/login/oauth2/code/" + clientRegistration.getRegistrationId());
+		assertThat(authorizationRequest.getRedirectUri())
+				.isEqualTo("https://localhost:8081/login/oauth2/code/" + clientRegistration.getRegistrationId());
 	}
 
 	@Test
@@ -229,8 +234,8 @@ public class DefaultOAuth2AuthorizationRequestResolverTests {
 
 		OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request);
 		assertThat(authorizationRequest.getRedirectUri()).isNotEqualTo(clientRegistration.getRedirectUri());
-		assertThat(authorizationRequest.getRedirectUri()).isEqualTo(
-				"http://localhost/login/oauth2/code/" + clientRegistration.getRegistrationId());
+		assertThat(authorizationRequest.getRedirectUri())
+				.isEqualTo("http://localhost/login/oauth2/code/" + clientRegistration.getRegistrationId());
 	}
 
 	@Test
@@ -244,8 +249,8 @@ public class DefaultOAuth2AuthorizationRequestResolverTests {
 
 		OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request);
 		assertThat(authorizationRequest.getRedirectUri()).isNotEqualTo(clientRegistration.getRedirectUri());
-		assertThat(authorizationRequest.getRedirectUri()).isEqualTo(
-				"https://localhost/login/oauth2/code/" + clientRegistration.getRegistrationId());
+		assertThat(authorizationRequest.getRedirectUri())
+				.isEqualTo("https://localhost/login/oauth2/code/" + clientRegistration.getRegistrationId());
 	}
 
 	@Test
@@ -259,8 +264,8 @@ public class DefaultOAuth2AuthorizationRequestResolverTests {
 
 		OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request);
 		assertThat(authorizationRequest.getRedirectUri()).isNotEqualTo(clientRegistration.getRedirectUri());
-		assertThat(authorizationRequest.getRedirectUri()).isEqualTo(
-				"https://localhost/login/oauth2/code/" + clientRegistration.getRegistrationId());
+		assertThat(authorizationRequest.getRedirectUri())
+				.isEqualTo("https://localhost/login/oauth2/code/" + clientRegistration.getRegistrationId());
 	}
 
 	// gh-5520
@@ -273,10 +278,9 @@ public class DefaultOAuth2AuthorizationRequestResolverTests {
 		request.setQueryString("foo=bar");
 
 		OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request);
-		assertThat(authorizationRequest.getRedirectUri()).isNotEqualTo(
-				clientRegistration.getRedirectUri());
-		assertThat(authorizationRequest.getRedirectUri()).isEqualTo(
-				"http://localhost/login/oauth2/code/" + clientRegistration.getRegistrationId());
+		assertThat(authorizationRequest.getRedirectUri()).isNotEqualTo(clientRegistration.getRedirectUri());
+		assertThat(authorizationRequest.getRedirectUri())
+				.isEqualTo("http://localhost/login/oauth2/code/" + clientRegistration.getRegistrationId());
 	}
 
 	@Test
@@ -291,10 +295,9 @@ public class DefaultOAuth2AuthorizationRequestResolverTests {
 
 		OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request);
 		assertThat(authorizationRequest.getAuthorizationRequestUri())
-				.matches("https://example.com/login/oauth/authorize\\?" +
-						"response_type=code&client_id=client-id&" +
-						"scope=read:user&state=.{15,}&" +
-						"redirect_uri=http://localhost/login/oauth2/code/registration-id");
+				.matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id&"
+						+ "scope=read:user&state=.{15,}&"
+						+ "redirect_uri=http://localhost/login/oauth2/code/registration-id");
 	}
 
 	@Test
@@ -309,10 +312,9 @@ public class DefaultOAuth2AuthorizationRequestResolverTests {
 
 		OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request);
 		assertThat(authorizationRequest.getAuthorizationRequestUri())
-				.matches("https://example.com/login/oauth/authorize\\?" +
-						"response_type=code&client_id=client-id&" +
-						"scope=read:user&state=.{15,}&" +
-						"redirect_uri=https://example.com/login/oauth2/code/registration-id");
+				.matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id&"
+						+ "scope=read:user&state=.{15,}&"
+						+ "redirect_uri=https://example.com/login/oauth2/code/registration-id");
 	}
 
 	@Test
@@ -322,12 +324,12 @@ public class DefaultOAuth2AuthorizationRequestResolverTests {
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri);
 		request.setServletPath(requestUri);
 
-		OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request, clientRegistration.getRegistrationId());
+		OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request,
+				clientRegistration.getRegistrationId());
 		assertThat(authorizationRequest.getAuthorizationRequestUri())
-				.matches("https://example.com/login/oauth/authorize\\?" +
-						"response_type=code&client_id=client-id&" +
-						"scope=read:user&state=.{15,}&" +
-						"redirect_uri=http://localhost/authorize/oauth2/code/registration-id");
+				.matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id&"
+						+ "scope=read:user&state=.{15,}&"
+						+ "redirect_uri=http://localhost/authorize/oauth2/code/registration-id");
 	}
 
 	@Test
@@ -339,10 +341,9 @@ public class DefaultOAuth2AuthorizationRequestResolverTests {
 
 		OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request);
 		assertThat(authorizationRequest.getAuthorizationRequestUri())
-				.matches("https://example.com/login/oauth/authorize\\?" +
-						"response_type=code&client_id=client-id-2&" +
-						"scope=read:user&state=.{15,}&" +
-						"redirect_uri=http://localhost/login/oauth2/code/registration-id-2");
+				.matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id-2&"
+						+ "scope=read:user&state=.{15,}&"
+						+ "redirect_uri=http://localhost/login/oauth2/code/registration-id-2");
 	}
 
 	@Test
@@ -355,10 +356,9 @@ public class DefaultOAuth2AuthorizationRequestResolverTests {
 
 		OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request);
 		assertThat(authorizationRequest.getAuthorizationRequestUri())
-				.matches("https://example.com/login/oauth/authorize\\?" +
-						"response_type=code&client_id=client-id&" +
-						"scope=read:user&state=.{15,}&" +
-						"redirect_uri=http://localhost/authorize/oauth2/code/registration-id");
+				.matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id&"
+						+ "scope=read:user&state=.{15,}&"
+						+ "redirect_uri=http://localhost/authorize/oauth2/code/registration-id");
 	}
 
 	@Test
@@ -371,10 +371,9 @@ public class DefaultOAuth2AuthorizationRequestResolverTests {
 
 		OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request);
 		assertThat(authorizationRequest.getAuthorizationRequestUri())
-				.matches("https://example.com/login/oauth/authorize\\?" +
-						"response_type=code&client_id=client-id-2&" +
-						"scope=read:user&state=.{15,}&" +
-						"redirect_uri=http://localhost/login/oauth2/code/registration-id-2");
+				.matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id-2&"
+						+ "scope=read:user&state=.{15,}&"
+						+ "redirect_uri=http://localhost/login/oauth2/code/registration-id-2");
 	}
 
 	@Test
@@ -386,8 +385,8 @@ public class DefaultOAuth2AuthorizationRequestResolverTests {
 
 		OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request);
 		assertThat(authorizationRequest).isNotNull();
-		assertThat(authorizationRequest.getAuthorizationUri()).isEqualTo(
-				clientRegistration.getProviderDetails().getAuthorizationUri());
+		assertThat(authorizationRequest.getAuthorizationUri())
+				.isEqualTo(clientRegistration.getProviderDetails().getAuthorizationUri());
 		assertThat(authorizationRequest.getGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
 		assertThat(authorizationRequest.getResponseType()).isEqualTo(OAuth2AuthorizationResponseType.CODE);
 		assertThat(authorizationRequest.getClientId()).isEqualTo(clientRegistration.getClientId());
@@ -395,22 +394,21 @@ public class DefaultOAuth2AuthorizationRequestResolverTests {
 				.isEqualTo("http://localhost/login/oauth2/code/" + clientRegistration.getRegistrationId());
 		assertThat(authorizationRequest.getScopes()).isEqualTo(clientRegistration.getScopes());
 		assertThat(authorizationRequest.getState()).isNotNull();
-		assertThat(authorizationRequest.getAdditionalParameters()).doesNotContainKey(OAuth2ParameterNames.REGISTRATION_ID);
+		assertThat(authorizationRequest.getAdditionalParameters())
+				.doesNotContainKey(OAuth2ParameterNames.REGISTRATION_ID);
 		assertThat(authorizationRequest.getAdditionalParameters()).containsKey(PkceParameterNames.CODE_CHALLENGE);
 		assertThat(authorizationRequest.getAdditionalParameters())
 				.contains(entry(PkceParameterNames.CODE_CHALLENGE_METHOD, "S256"));
 		assertThat(authorizationRequest.getAttributes())
 				.contains(entry(OAuth2ParameterNames.REGISTRATION_ID, clientRegistration.getRegistrationId()));
-		assertThat(authorizationRequest.getAttributes())
-				.containsKey(PkceParameterNames.CODE_VERIFIER);
-		assertThat((String) authorizationRequest.getAttribute(PkceParameterNames.CODE_VERIFIER)).matches("^([a-zA-Z0-9\\-\\.\\_\\~]){128}$");
+		assertThat(authorizationRequest.getAttributes()).containsKey(PkceParameterNames.CODE_VERIFIER);
+		assertThat((String) authorizationRequest.getAttribute(PkceParameterNames.CODE_VERIFIER))
+				.matches("^([a-zA-Z0-9\\-\\.\\_\\~]){128}$");
 		assertThat(authorizationRequest.getAuthorizationRequestUri())
-				.matches("https://example.com/login/oauth/authorize\\?" +
-						"response_type=code&client_id=pkce-client-id&" +
-						"scope=read:user&state=.{15,}&" +
-						"redirect_uri=http://localhost/login/oauth2/code/pkce-client-registration-id&" +
-						"code_challenge_method=S256&" +
-						"code_challenge=([a-zA-Z0-9\\-\\.\\_\\~]){43}");
+				.matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=pkce-client-id&"
+						+ "scope=read:user&state=.{15,}&"
+						+ "redirect_uri=http://localhost/login/oauth2/code/pkce-client-registration-id&"
+						+ "code_challenge_method=S256&" + "code_challenge=([a-zA-Z0-9\\-\\.\\_\\~]){43}");
 	}
 
 	@Test
@@ -422,8 +420,8 @@ public class DefaultOAuth2AuthorizationRequestResolverTests {
 
 		OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request);
 		assertThat(authorizationRequest).isNotNull();
-		assertThat(authorizationRequest.getAuthorizationUri()).isEqualTo(
-				clientRegistration.getProviderDetails().getAuthorizationUri());
+		assertThat(authorizationRequest.getAuthorizationUri())
+				.isEqualTo(clientRegistration.getProviderDetails().getAuthorizationUri());
 		assertThat(authorizationRequest.getGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
 		assertThat(authorizationRequest.getResponseType()).isEqualTo(OAuth2AuthorizationResponseType.CODE);
 		assertThat(authorizationRequest.getClientId()).isEqualTo(clientRegistration.getClientId());
@@ -431,18 +429,19 @@ public class DefaultOAuth2AuthorizationRequestResolverTests {
 				.isEqualTo("http://localhost/login/oauth2/code/" + clientRegistration.getRegistrationId());
 		assertThat(authorizationRequest.getScopes()).isEqualTo(clientRegistration.getScopes());
 		assertThat(authorizationRequest.getState()).isNotNull();
-		assertThat(authorizationRequest.getAdditionalParameters()).doesNotContainKey(OAuth2ParameterNames.REGISTRATION_ID);
+		assertThat(authorizationRequest.getAdditionalParameters())
+				.doesNotContainKey(OAuth2ParameterNames.REGISTRATION_ID);
 		assertThat(authorizationRequest.getAdditionalParameters()).containsKey(OidcParameterNames.NONCE);
 		assertThat(authorizationRequest.getAttributes())
 				.contains(entry(OAuth2ParameterNames.REGISTRATION_ID, clientRegistration.getRegistrationId()));
 		assertThat(authorizationRequest.getAttributes()).containsKey(OidcParameterNames.NONCE);
-		assertThat((String) authorizationRequest.getAttribute(OidcParameterNames.NONCE)).matches("^([a-zA-Z0-9\\-\\.\\_\\~]){128}$");
+		assertThat((String) authorizationRequest.getAttribute(OidcParameterNames.NONCE))
+				.matches("^([a-zA-Z0-9\\-\\.\\_\\~]){128}$");
 		assertThat(authorizationRequest.getAuthorizationRequestUri())
-				.matches("https://example.com/login/oauth/authorize\\?" +
-						"response_type=code&client_id=client-id&" +
-						"scope=openid&state=.{15,}&" +
-						"redirect_uri=http://localhost/login/oauth2/code/oidc-registration-id&" +
-						"nonce=([a-zA-Z0-9\\-\\.\\_\\~]){43}");
+				.matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id&"
+						+ "scope=openid&state=.{15,}&"
+						+ "redirect_uri=http://localhost/login/oauth2/code/oidc-registration-id&"
+						+ "nonce=([a-zA-Z0-9\\-\\.\\_\\~]){43}");
 	}
 
 	// gh-7696
@@ -453,19 +452,18 @@ public class DefaultOAuth2AuthorizationRequestResolverTests {
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri);
 		request.setServletPath(requestUri);
 
-		this.resolver.setAuthorizationRequestCustomizer(customizer -> customizer
-				.additionalParameters(params -> params.remove(OidcParameterNames.NONCE))
-				.attributes(attrs -> attrs.remove(OidcParameterNames.NONCE)));
+		this.resolver.setAuthorizationRequestCustomizer(
+				customizer -> customizer.additionalParameters(params -> params.remove(OidcParameterNames.NONCE))
+						.attributes(attrs -> attrs.remove(OidcParameterNames.NONCE)));
 
 		OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request);
 		assertThat(authorizationRequest.getAdditionalParameters()).doesNotContainKey(OidcParameterNames.NONCE);
 		assertThat(authorizationRequest.getAttributes()).doesNotContainKey(OidcParameterNames.NONCE);
 		assertThat(authorizationRequest.getAttributes()).containsKey(OAuth2ParameterNames.REGISTRATION_ID);
 		assertThat(authorizationRequest.getAuthorizationRequestUri())
-				.matches("https://example.com/login/oauth/authorize\\?" +
-						"response_type=code&client_id=client-id&" +
-						"scope=openid&state=.{15,}&" +
-						"redirect_uri=http://localhost/login/oauth2/code/oidc-registration-id");
+				.matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id&"
+						+ "scope=openid&state=.{15,}&"
+						+ "redirect_uri=http://localhost/login/oauth2/code/oidc-registration-id");
 	}
 
 	@Test
@@ -475,21 +473,17 @@ public class DefaultOAuth2AuthorizationRequestResolverTests {
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri);
 		request.setServletPath(requestUri);
 
-		this.resolver.setAuthorizationRequestCustomizer(customizer ->
-				customizer.authorizationRequestUri(uriBuilder -> {
-					uriBuilder.queryParam("param1", "value1");
-					return uriBuilder.build();
-				})
-		);
+		this.resolver.setAuthorizationRequestCustomizer(customizer -> customizer.authorizationRequestUri(uriBuilder -> {
+			uriBuilder.queryParam("param1", "value1");
+			return uriBuilder.build();
+		}));
 
 		OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request);
 		assertThat(authorizationRequest.getAuthorizationRequestUri())
-				.matches("https://example.com/login/oauth/authorize\\?" +
-						"response_type=code&client_id=client-id&" +
-						"scope=openid&state=.{15,}&" +
-						"redirect_uri=http://localhost/login/oauth2/code/oidc-registration-id&" +
-						"nonce=([a-zA-Z0-9\\-\\.\\_\\~]){43}&" +
-						"param1=value1");
+				.matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id&"
+						+ "scope=openid&state=.{15,}&"
+						+ "redirect_uri=http://localhost/login/oauth2/code/oidc-registration-id&"
+						+ "nonce=([a-zA-Z0-9\\-\\.\\_\\~]){43}&" + "param1=value1");
 	}
 
 	@Test
@@ -499,35 +493,27 @@ public class DefaultOAuth2AuthorizationRequestResolverTests {
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri);
 		request.setServletPath(requestUri);
 
-		this.resolver.setAuthorizationRequestCustomizer(customizer ->
-				customizer.parameters(params -> {
-					params.put("appid", params.get("client_id"));
-					params.remove("client_id");
-				})
-		);
+		this.resolver.setAuthorizationRequestCustomizer(customizer -> customizer.parameters(params -> {
+			params.put("appid", params.get("client_id"));
+			params.remove("client_id");
+		}));
 
 		OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request);
-		assertThat(authorizationRequest.getAuthorizationRequestUri())
-				.matches("https://example.com/login/oauth/authorize\\?" +
-						"response_type=code&" +
-						"scope=openid&state=.{15,}&" +
-						"redirect_uri=http://localhost/login/oauth2/code/oidc-registration-id&" +
-						"nonce=([a-zA-Z0-9\\-\\.\\_\\~]){43}&" +
-						"appid=client-id");
+		assertThat(authorizationRequest.getAuthorizationRequestUri()).matches(
+				"https://example.com/login/oauth/authorize\\?" + "response_type=code&" + "scope=openid&state=.{15,}&"
+						+ "redirect_uri=http://localhost/login/oauth2/code/oidc-registration-id&"
+						+ "nonce=([a-zA-Z0-9\\-\\.\\_\\~]){43}&" + "appid=client-id");
 	}
 
 	private static ClientRegistration.Builder fineRedirectUriTemplateClientRegistration() {
 		return ClientRegistration.withRegistrationId("fine-redirect-uri-template-client-registration")
 				.redirectUri("{baseScheme}://{baseHost}{basePort}{basePath}/{action}/oauth2/code/{registrationId}")
 				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
-				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
-				.scope("read:user")
+				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).scope("read:user")
 				.authorizationUri("https://example.com/login/oauth/authorize")
-				.tokenUri("https://example.com/login/oauth/access_token")
-				.userInfoUri("https://api.example.com/user")
-				.userNameAttributeName("id")
-				.clientName("Fine Redirect Uri Template Client")
-				.clientId("fine-redirect-uri-template-client")
-				.clientSecret("client-secret");
+				.tokenUri("https://example.com/login/oauth/access_token").userInfoUri("https://api.example.com/user")
+				.userNameAttributeName("id").clientName("Fine Redirect Uri Template Client")
+				.clientId("fine-redirect-uri-template-client").clientSecret("client-secret");
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManagerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManagerTests.java
index aa13f0c879..df43c8d154 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManagerTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManagerTests.java
@@ -64,18 +64,31 @@ import static org.mockito.Mockito.when;
  * @author Joe Grandja
  */
 public class DefaultOAuth2AuthorizedClientManagerTests {
+
 	private ClientRegistrationRepository clientRegistrationRepository;
+
 	private OAuth2AuthorizedClientRepository authorizedClientRepository;
+
 	private OAuth2AuthorizedClientProvider authorizedClientProvider;
+
 	private Function contextAttributesMapper;
+
 	private OAuth2AuthorizationSuccessHandler authorizationSuccessHandler;
+
 	private OAuth2AuthorizationFailureHandler authorizationFailureHandler;
+
 	private DefaultOAuth2AuthorizedClientManager authorizedClientManager;
+
 	private ClientRegistration clientRegistration;
+
 	private Authentication principal;
+
 	private OAuth2AuthorizedClient authorizedClient;
+
 	private MockHttpServletRequest request;
+
 	private MockHttpServletResponse response;
+
 	private ArgumentCaptor<OAuth2AuthorizationContext> authorizationContextCaptor;
 
 	@SuppressWarnings("unchecked")
@@ -87,19 +100,20 @@ public class DefaultOAuth2AuthorizedClientManagerTests {
 		this.contextAttributesMapper = mock(Function.class);
 		this.authorizationSuccessHandler = spy(new OAuth2AuthorizationSuccessHandler() {
 			@Override
-			public void onAuthorizationSuccess(OAuth2AuthorizedClient authorizedClient, Authentication principal, Map<String, Object> attributes) {
+			public void onAuthorizationSuccess(OAuth2AuthorizedClient authorizedClient, Authentication principal,
+					Map<String, Object> attributes) {
 				authorizedClientRepository.saveAuthorizedClient(authorizedClient, principal,
 						(HttpServletRequest) attributes.get(HttpServletRequest.class.getName()),
 						(HttpServletResponse) attributes.get(HttpServletResponse.class.getName()));
 			}
 		});
-		this.authorizationFailureHandler = spy(new RemoveAuthorizedClientOAuth2AuthorizationFailureHandler(
-				(clientRegistrationId, principal, attributes) ->
-						authorizedClientRepository.removeAuthorizedClient(clientRegistrationId, principal,
-								(HttpServletRequest) attributes.get(HttpServletRequest.class.getName()),
+		this.authorizationFailureHandler = spy(
+				new RemoveAuthorizedClientOAuth2AuthorizationFailureHandler((clientRegistrationId, principal,
+						attributes) -> authorizedClientRepository.removeAuthorizedClient(clientRegistrationId,
+								principal, (HttpServletRequest) attributes.get(HttpServletRequest.class.getName()),
 								(HttpServletResponse) attributes.get(HttpServletResponse.class.getName()))));
-		this.authorizedClientManager = new DefaultOAuth2AuthorizedClientManager(
-				this.clientRegistrationRepository, this.authorizedClientRepository);
+		this.authorizedClientManager = new DefaultOAuth2AuthorizedClientManager(this.clientRegistrationRepository,
+				this.authorizedClientRepository);
 		this.authorizedClientManager.setAuthorizedClientProvider(this.authorizedClientProvider);
 		this.authorizedClientManager.setContextAttributesMapper(this.contextAttributesMapper);
 		this.authorizedClientManager.setAuthorizationSuccessHandler(this.authorizationSuccessHandler);
@@ -116,82 +130,70 @@ public class DefaultOAuth2AuthorizedClientManagerTests {
 	@Test
 	public void constructorWhenClientRegistrationRepositoryIsNullThenThrowIllegalArgumentException() {
 		assertThatThrownBy(() -> new DefaultOAuth2AuthorizedClientManager(null, this.authorizedClientRepository))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("clientRegistrationRepository cannot be null");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("clientRegistrationRepository cannot be null");
 	}
 
 	@Test
 	public void constructorWhenOAuth2AuthorizedClientRepositoryIsNullThenThrowIllegalArgumentException() {
 		assertThatThrownBy(() -> new DefaultOAuth2AuthorizedClientManager(this.clientRegistrationRepository, null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("authorizedClientRepository cannot be null");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("authorizedClientRepository cannot be null");
 	}
 
 	@Test
 	public void setAuthorizedClientProviderWhenNullThenThrowIllegalArgumentException() {
 		assertThatThrownBy(() -> this.authorizedClientManager.setAuthorizedClientProvider(null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("authorizedClientProvider cannot be null");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("authorizedClientProvider cannot be null");
 	}
 
 	@Test
 	public void setContextAttributesMapperWhenNullThenThrowIllegalArgumentException() {
 		assertThatThrownBy(() -> this.authorizedClientManager.setContextAttributesMapper(null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("contextAttributesMapper cannot be null");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("contextAttributesMapper cannot be null");
 	}
 
 	@Test
 	public void setAuthorizationSuccessHandlerWhenNullThenThrowIllegalArgumentException() {
 		assertThatThrownBy(() -> this.authorizedClientManager.setAuthorizationSuccessHandler(null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("authorizationSuccessHandler cannot be null");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("authorizationSuccessHandler cannot be null");
 	}
 
 	@Test
 	public void setAuthorizationFailureHandlerWhenNullThenThrowIllegalArgumentException() {
 		assertThatThrownBy(() -> this.authorizedClientManager.setAuthorizationFailureHandler(null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("authorizationFailureHandler cannot be null");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("authorizationFailureHandler cannot be null");
 	}
 
 	@Test
 	public void authorizeWhenRequestIsNullThenThrowIllegalArgumentException() {
 		assertThatThrownBy(() -> this.authorizedClientManager.authorize(null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("authorizeRequest cannot be null");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("authorizeRequest cannot be null");
 	}
 
 	@Test
 	public void authorizeWhenHttpServletRequestIsNullThenThrowIllegalArgumentException() {
-		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest.withClientRegistrationId(this.clientRegistration.getRegistrationId())
-				.principal(this.principal)
+		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
+				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
 				.build();
 		assertThatThrownBy(() -> this.authorizedClientManager.authorize(authorizeRequest))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("servletRequest cannot be null");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("servletRequest cannot be null");
 	}
 
 	@Test
 	public void authorizeWhenHttpServletResponseIsNullThenThrowIllegalArgumentException() {
-		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest.withClientRegistrationId(this.clientRegistration.getRegistrationId())
-				.principal(this.principal)
-				.attribute(HttpServletRequest.class.getName(), this.request)
-				.build();
+		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
+				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
+				.attribute(HttpServletRequest.class.getName(), this.request).build();
 		assertThatThrownBy(() -> this.authorizedClientManager.authorize(authorizeRequest))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("servletResponse cannot be null");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("servletResponse cannot be null");
 	}
 
 	@Test
 	public void authorizeWhenClientRegistrationNotFoundThenThrowIllegalArgumentException() {
-		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest.withClientRegistrationId("invalid-registration-id")
-				.principal(this.principal)
-				.attributes(attrs -> {
+		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
+				.withClientRegistrationId("invalid-registration-id").principal(this.principal).attributes(attrs -> {
 					attrs.put(HttpServletRequest.class.getName(), this.request);
 					attrs.put(HttpServletResponse.class.getName(), this.response);
-				})
-				.build();
+				}).build();
 		assertThatThrownBy(() -> this.authorizedClientManager.authorize(authorizeRequest))
 				.isInstanceOf(IllegalArgumentException.class)
 				.hasMessage("Could not find ClientRegistration with id 'invalid-registration-id'");
@@ -200,16 +202,15 @@ public class DefaultOAuth2AuthorizedClientManagerTests {
 	@SuppressWarnings("unchecked")
 	@Test
 	public void authorizeWhenNotAuthorizedAndUnsupportedProviderThenNotAuthorized() {
-		when(this.clientRegistrationRepository.findByRegistrationId(
-				eq(this.clientRegistration.getRegistrationId()))).thenReturn(this.clientRegistration);
+		when(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
+				.thenReturn(this.clientRegistration);
 
-		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest.withClientRegistrationId(this.clientRegistration.getRegistrationId())
-				.principal(this.principal)
+		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
+				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
 				.attributes(attrs -> {
 					attrs.put(HttpServletRequest.class.getName(), this.request);
 					attrs.put(HttpServletResponse.class.getName(), this.response);
-				})
-				.build();
+				}).build();
 		OAuth2AuthorizedClient authorizedClient = this.authorizedClientManager.authorize(authorizeRequest);
 
 		verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture());
@@ -228,18 +229,18 @@ public class DefaultOAuth2AuthorizedClientManagerTests {
 	@SuppressWarnings("unchecked")
 	@Test
 	public void authorizeWhenNotAuthorizedAndSupportedProviderThenAuthorized() {
-		when(this.clientRegistrationRepository.findByRegistrationId(
-				eq(this.clientRegistration.getRegistrationId()))).thenReturn(this.clientRegistration);
+		when(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
+				.thenReturn(this.clientRegistration);
 
-		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))).thenReturn(this.authorizedClient);
+		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
+				.thenReturn(this.authorizedClient);
 
-		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest.withClientRegistrationId(this.clientRegistration.getRegistrationId())
-				.principal(this.principal)
+		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
+				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
 				.attributes(attrs -> {
 					attrs.put(HttpServletRequest.class.getName(), this.request);
 					attrs.put(HttpServletResponse.class.getName(), this.response);
-				})
-				.build();
+				}).build();
 		OAuth2AuthorizedClient authorizedClient = this.authorizedClientManager.authorize(authorizeRequest);
 
 		verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture());
@@ -251,33 +252,32 @@ public class DefaultOAuth2AuthorizedClientManagerTests {
 		assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal);
 
 		assertThat(authorizedClient).isSameAs(this.authorizedClient);
-		verify(this.authorizationSuccessHandler).onAuthorizationSuccess(
-				eq(this.authorizedClient), eq(this.principal), any());
-		verify(this.authorizedClientRepository).saveAuthorizedClient(
-				eq(this.authorizedClient), eq(this.principal), eq(this.request), eq(this.response));
+		verify(this.authorizationSuccessHandler).onAuthorizationSuccess(eq(this.authorizedClient), eq(this.principal),
+				any());
+		verify(this.authorizedClientRepository).saveAuthorizedClient(eq(this.authorizedClient), eq(this.principal),
+				eq(this.request), eq(this.response));
 	}
 
 	@SuppressWarnings("unchecked")
 	@Test
 	public void authorizeWhenAuthorizedAndSupportedProviderThenReauthorized() {
-		when(this.clientRegistrationRepository.findByRegistrationId(
-				eq(this.clientRegistration.getRegistrationId()))).thenReturn(this.clientRegistration);
-		when(this.authorizedClientRepository.loadAuthorizedClient(
-				eq(this.clientRegistration.getRegistrationId()), eq(this.principal), eq(this.request))).thenReturn(this.authorizedClient);
+		when(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
+				.thenReturn(this.clientRegistration);
+		when(this.authorizedClientRepository.loadAuthorizedClient(eq(this.clientRegistration.getRegistrationId()),
+				eq(this.principal), eq(this.request))).thenReturn(this.authorizedClient);
 
-		OAuth2AuthorizedClient reauthorizedClient = new OAuth2AuthorizedClient(
-				this.clientRegistration, this.principal.getName(),
-				TestOAuth2AccessTokens.noScopes(), TestOAuth2RefreshTokens.refreshToken());
+		OAuth2AuthorizedClient reauthorizedClient = new OAuth2AuthorizedClient(this.clientRegistration,
+				this.principal.getName(), TestOAuth2AccessTokens.noScopes(), TestOAuth2RefreshTokens.refreshToken());
 
-		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))).thenReturn(reauthorizedClient);
+		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
+				.thenReturn(reauthorizedClient);
 
-		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest.withClientRegistrationId(this.clientRegistration.getRegistrationId())
-				.principal(this.principal)
+		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
+				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
 				.attributes(attrs -> {
 					attrs.put(HttpServletRequest.class.getName(), this.request);
 					attrs.put(HttpServletResponse.class.getName(), this.response);
-				})
-				.build();
+				}).build();
 		OAuth2AuthorizedClient authorizedClient = this.authorizedClientManager.authorize(authorizeRequest);
 
 		verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture());
@@ -289,18 +289,19 @@ public class DefaultOAuth2AuthorizedClientManagerTests {
 		assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal);
 
 		assertThat(authorizedClient).isSameAs(reauthorizedClient);
-		verify(this.authorizationSuccessHandler).onAuthorizationSuccess(
-				eq(reauthorizedClient), eq(this.principal), any());
-		verify(this.authorizedClientRepository).saveAuthorizedClient(
-				eq(reauthorizedClient), eq(this.principal), eq(this.request), eq(this.response));
+		verify(this.authorizationSuccessHandler).onAuthorizationSuccess(eq(reauthorizedClient), eq(this.principal),
+				any());
+		verify(this.authorizedClientRepository).saveAuthorizedClient(eq(reauthorizedClient), eq(this.principal),
+				eq(this.request), eq(this.response));
 	}
 
 	@Test
 	public void authorizeWhenRequestParameterUsernamePasswordThenMappedToContext() {
-		when(this.clientRegistrationRepository.findByRegistrationId(
-				eq(this.clientRegistration.getRegistrationId()))).thenReturn(this.clientRegistration);
+		when(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
+				.thenReturn(this.clientRegistration);
 
-		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))).thenReturn(this.authorizedClient);
+		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
+				.thenReturn(this.authorizedClient);
 
 		// Set custom contextAttributesMapper
 		this.authorizedClientManager.setContextAttributesMapper(authorizeRequest -> {
@@ -318,13 +319,12 @@ public class DefaultOAuth2AuthorizedClientManagerTests {
 		this.request.addParameter(OAuth2ParameterNames.USERNAME, "username");
 		this.request.addParameter(OAuth2ParameterNames.PASSWORD, "password");
 
-		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest.withClientRegistrationId(this.clientRegistration.getRegistrationId())
-				.principal(this.principal)
+		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
+				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
 				.attributes(attrs -> {
 					attrs.put(HttpServletRequest.class.getName(), this.request);
 					attrs.put(HttpServletResponse.class.getName(), this.response);
-				})
-				.build();
+				}).build();
 		this.authorizedClientManager.authorize(authorizeRequest);
 
 		verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture());
@@ -340,12 +340,10 @@ public class DefaultOAuth2AuthorizedClientManagerTests {
 	@Test
 	public void reauthorizeWhenUnsupportedProviderThenNotReauthorized() {
 		OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient)
-				.principal(this.principal)
-				.attributes(attrs -> {
+				.principal(this.principal).attributes(attrs -> {
 					attrs.put(HttpServletRequest.class.getName(), this.request);
 					attrs.put(HttpServletResponse.class.getName(), this.response);
-				})
-				.build();
+				}).build();
 		OAuth2AuthorizedClient authorizedClient = this.authorizedClientManager.authorize(reauthorizeRequest);
 
 		verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture());
@@ -358,26 +356,24 @@ public class DefaultOAuth2AuthorizedClientManagerTests {
 
 		assertThat(authorizedClient).isSameAs(this.authorizedClient);
 		verifyNoInteractions(this.authorizationSuccessHandler);
-		verify(this.authorizedClientRepository, never()).saveAuthorizedClient(
-				any(OAuth2AuthorizedClient.class), eq(this.principal), eq(this.request), eq(this.response));
+		verify(this.authorizedClientRepository, never()).saveAuthorizedClient(any(OAuth2AuthorizedClient.class),
+				eq(this.principal), eq(this.request), eq(this.response));
 	}
 
 	@SuppressWarnings("unchecked")
 	@Test
 	public void reauthorizeWhenSupportedProviderThenReauthorized() {
-		OAuth2AuthorizedClient reauthorizedClient = new OAuth2AuthorizedClient(
-				this.clientRegistration, this.principal.getName(),
-				TestOAuth2AccessTokens.noScopes(), TestOAuth2RefreshTokens.refreshToken());
+		OAuth2AuthorizedClient reauthorizedClient = new OAuth2AuthorizedClient(this.clientRegistration,
+				this.principal.getName(), TestOAuth2AccessTokens.noScopes(), TestOAuth2RefreshTokens.refreshToken());
 
-		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))).thenReturn(reauthorizedClient);
+		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
+				.thenReturn(reauthorizedClient);
 
 		OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient)
-				.principal(this.principal)
-				.attributes(attrs -> {
+				.principal(this.principal).attributes(attrs -> {
 					attrs.put(HttpServletRequest.class.getName(), this.request);
 					attrs.put(HttpServletResponse.class.getName(), this.response);
-				})
-				.build();
+				}).build();
 		OAuth2AuthorizedClient authorizedClient = this.authorizedClientManager.authorize(reauthorizeRequest);
 
 		verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture());
@@ -389,39 +385,38 @@ public class DefaultOAuth2AuthorizedClientManagerTests {
 		assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal);
 
 		assertThat(authorizedClient).isSameAs(reauthorizedClient);
-		verify(this.authorizationSuccessHandler).onAuthorizationSuccess(
-				eq(reauthorizedClient), eq(this.principal), any());
-		verify(this.authorizedClientRepository).saveAuthorizedClient(
-				eq(reauthorizedClient), eq(this.principal), eq(this.request), eq(this.response));
+		verify(this.authorizationSuccessHandler).onAuthorizationSuccess(eq(reauthorizedClient), eq(this.principal),
+				any());
+		verify(this.authorizedClientRepository).saveAuthorizedClient(eq(reauthorizedClient), eq(this.principal),
+				eq(this.request), eq(this.response));
 	}
 
 	@Test
 	public void reauthorizeWhenRequestParameterScopeThenMappedToContext() {
-		OAuth2AuthorizedClient reauthorizedClient = new OAuth2AuthorizedClient(
-				this.clientRegistration, this.principal.getName(),
-				TestOAuth2AccessTokens.noScopes(), TestOAuth2RefreshTokens.refreshToken());
+		OAuth2AuthorizedClient reauthorizedClient = new OAuth2AuthorizedClient(this.clientRegistration,
+				this.principal.getName(), TestOAuth2AccessTokens.noScopes(), TestOAuth2RefreshTokens.refreshToken());
 
-		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))).thenReturn(reauthorizedClient);
+		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
+				.thenReturn(reauthorizedClient);
 
 		// Override the mock with the default
-		this.authorizedClientManager.setContextAttributesMapper(
-				new DefaultOAuth2AuthorizedClientManager.DefaultContextAttributesMapper());
+		this.authorizedClientManager
+				.setContextAttributesMapper(new DefaultOAuth2AuthorizedClientManager.DefaultContextAttributesMapper());
 
 		this.request.addParameter(OAuth2ParameterNames.SCOPE, "read write");
 
 		OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient)
-				.principal(this.principal)
-				.attributes(attrs -> {
+				.principal(this.principal).attributes(attrs -> {
 					attrs.put(HttpServletRequest.class.getName(), this.request);
 					attrs.put(HttpServletResponse.class.getName(), this.response);
-				})
-				.build();
+				}).build();
 		this.authorizedClientManager.authorize(reauthorizeRequest);
 
 		verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture());
 
 		OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue();
-		String[] requestScopeAttribute = authorizationContext.getAttribute(OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME);
+		String[] requestScopeAttribute = authorizationContext
+				.getAttribute(OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME);
 		assertThat(requestScopeAttribute).contains("read", "write");
 	}
 
@@ -435,44 +430,40 @@ public class DefaultOAuth2AuthorizedClientManagerTests {
 				.thenThrow(authorizationException);
 
 		OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient)
-				.principal(this.principal)
-				.attributes(attrs -> {
+				.principal(this.principal).attributes(attrs -> {
 					attrs.put(HttpServletRequest.class.getName(), this.request);
 					attrs.put(HttpServletResponse.class.getName(), this.response);
-				})
-				.build();
+				}).build();
 
 		assertThatCode(() -> this.authorizedClientManager.authorize(reauthorizeRequest))
 				.isEqualTo(authorizationException);
 
-		verify(this.authorizationFailureHandler).onAuthorizationFailure(
-				eq(authorizationException), eq(this.principal), any());
-		verify(this.authorizedClientRepository).removeAuthorizedClient(
-				eq(this.clientRegistration.getRegistrationId()), eq(this.principal), eq(this.request), eq(this.response));
+		verify(this.authorizationFailureHandler).onAuthorizationFailure(eq(authorizationException), eq(this.principal),
+				any());
+		verify(this.authorizedClientRepository).removeAuthorizedClient(eq(this.clientRegistration.getRegistrationId()),
+				eq(this.principal), eq(this.request), eq(this.response));
 	}
 
 	@Test
 	public void reauthorizeWhenErrorCodeDoesNotMatchThenDoNotRemoveAuthorizedClient() {
 		ClientAuthorizationException authorizationException = new ClientAuthorizationException(
-				new OAuth2Error("non-matching-error-code", null, null),
-				this.clientRegistration.getRegistrationId());
+				new OAuth2Error("non-matching-error-code", null, null), this.clientRegistration.getRegistrationId());
 
 		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
 				.thenThrow(authorizationException);
 
 		OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient)
-				.principal(this.principal)
-				.attributes(attrs -> {
+				.principal(this.principal).attributes(attrs -> {
 					attrs.put(HttpServletRequest.class.getName(), this.request);
 					attrs.put(HttpServletResponse.class.getName(), this.response);
-				})
-				.build();
+				}).build();
 
 		assertThatCode(() -> this.authorizedClientManager.authorize(reauthorizeRequest))
 				.isEqualTo(authorizationException);
 
-		verify(this.authorizationFailureHandler).onAuthorizationFailure(
-				eq(authorizationException), eq(this.principal), any());
+		verify(this.authorizationFailureHandler).onAuthorizationFailure(eq(authorizationException), eq(this.principal),
+				any());
 		verifyNoInteractions(this.authorizedClientRepository);
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultReactiveOAuth2AuthorizedClientManagerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultReactiveOAuth2AuthorizedClientManagerTests.java
index de74b188fc..070a1367df 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultReactiveOAuth2AuthorizedClientManagerTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultReactiveOAuth2AuthorizedClientManagerTests.java
@@ -59,37 +59,51 @@ import static org.mockito.Mockito.*;
  * @author Joe Grandja
  */
 public class DefaultReactiveOAuth2AuthorizedClientManagerTests {
+
 	private ReactiveClientRegistrationRepository clientRegistrationRepository;
+
 	private ServerOAuth2AuthorizedClientRepository authorizedClientRepository;
+
 	private ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider;
+
 	private Function contextAttributesMapper;
+
 	private DefaultReactiveOAuth2AuthorizedClientManager authorizedClientManager;
+
 	private ClientRegistration clientRegistration;
+
 	private Authentication principal;
+
 	private OAuth2AuthorizedClient authorizedClient;
+
 	private MockServerWebExchange serverWebExchange;
+
 	private Context context;
+
 	private ArgumentCaptor<OAuth2AuthorizationContext> authorizationContextCaptor;
+
 	private PublisherProbe<OAuth2AuthorizedClient> loadAuthorizedClientProbe;
+
 	private PublisherProbe<Void> saveAuthorizedClientProbe;
+
 	private PublisherProbe<Void> removeAuthorizedClientProbe;
 
 	@SuppressWarnings("unchecked")
 	@Before
 	public void setup() {
 		this.clientRegistrationRepository = mock(ReactiveClientRegistrationRepository.class);
-		when(this.clientRegistrationRepository.findByRegistrationId(
-				anyString())).thenReturn(Mono.empty());
+		when(this.clientRegistrationRepository.findByRegistrationId(anyString())).thenReturn(Mono.empty());
 		this.authorizedClientRepository = mock(ServerOAuth2AuthorizedClientRepository.class);
 		this.loadAuthorizedClientProbe = PublisherProbe.empty();
-		when(this.authorizedClientRepository.loadAuthorizedClient(
-				anyString(), any(Authentication.class), any(ServerWebExchange.class))).thenReturn(this.loadAuthorizedClientProbe.mono());
+		when(this.authorizedClientRepository.loadAuthorizedClient(anyString(), any(Authentication.class),
+				any(ServerWebExchange.class))).thenReturn(this.loadAuthorizedClientProbe.mono());
 		this.saveAuthorizedClientProbe = PublisherProbe.empty();
-		when(this.authorizedClientRepository.saveAuthorizedClient(
-				any(OAuth2AuthorizedClient.class), any(Authentication.class), any(ServerWebExchange.class))).thenReturn(this.saveAuthorizedClientProbe.mono());
+		when(this.authorizedClientRepository.saveAuthorizedClient(any(OAuth2AuthorizedClient.class),
+				any(Authentication.class), any(ServerWebExchange.class)))
+						.thenReturn(this.saveAuthorizedClientProbe.mono());
 		this.removeAuthorizedClientProbe = PublisherProbe.empty();
-		when(this.authorizedClientRepository.removeAuthorizedClient(
-				any(String.class), any(Authentication.class), any(ServerWebExchange.class))).thenReturn(this.removeAuthorizedClientProbe.mono());
+		when(this.authorizedClientRepository.removeAuthorizedClient(any(String.class), any(Authentication.class),
+				any(ServerWebExchange.class))).thenReturn(this.removeAuthorizedClientProbe.mono());
 		this.authorizedClientProvider = mock(ReactiveOAuth2AuthorizedClientProvider.class);
 		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))).thenReturn(Mono.empty());
 		this.contextAttributesMapper = mock(Function.class);
@@ -109,81 +123,77 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests {
 
 	@Test
 	public void constructorWhenClientRegistrationRepositoryIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> new DefaultReactiveOAuth2AuthorizedClientManager(null, this.authorizedClientRepository))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("clientRegistrationRepository cannot be null");
+		assertThatThrownBy(
+				() -> new DefaultReactiveOAuth2AuthorizedClientManager(null, this.authorizedClientRepository))
+						.isInstanceOf(IllegalArgumentException.class)
+						.hasMessage("clientRegistrationRepository cannot be null");
 	}
 
 	@Test
 	public void constructorWhenOAuth2AuthorizedClientRepositoryIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> new DefaultReactiveOAuth2AuthorizedClientManager(this.clientRegistrationRepository, null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("authorizedClientRepository cannot be null");
+		assertThatThrownBy(
+				() -> new DefaultReactiveOAuth2AuthorizedClientManager(this.clientRegistrationRepository, null))
+						.isInstanceOf(IllegalArgumentException.class)
+						.hasMessage("authorizedClientRepository cannot be null");
 	}
 
 	@Test
 	public void setAuthorizedClientProviderWhenNullThenThrowIllegalArgumentException() {
 		assertThatThrownBy(() -> this.authorizedClientManager.setAuthorizedClientProvider(null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("authorizedClientProvider cannot be null");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("authorizedClientProvider cannot be null");
 	}
 
 	@Test
 	public void setAuthorizationSuccessHandlerWhenNullThenThrowIllegalArgumentException() {
 		assertThatThrownBy(() -> this.authorizedClientManager.setAuthorizationSuccessHandler(null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("authorizationSuccessHandler cannot be null");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("authorizationSuccessHandler cannot be null");
 	}
 
 	@Test
 	public void setAuthorizationFailureHandlerWhenNullThenThrowIllegalArgumentException() {
 		assertThatThrownBy(() -> this.authorizedClientManager.setAuthorizationFailureHandler(null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("authorizationFailureHandler cannot be null");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("authorizationFailureHandler cannot be null");
 	}
 
 	@Test
 	public void setContextAttributesMapperWhenNullThenThrowIllegalArgumentException() {
 		assertThatThrownBy(() -> this.authorizedClientManager.setContextAttributesMapper(null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("contextAttributesMapper cannot be null");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("contextAttributesMapper cannot be null");
 	}
 
 	@Test
 	public void authorizeWhenRequestIsNullThenThrowIllegalArgumentException() {
 		assertThatThrownBy(() -> this.authorizedClientManager.authorize(null).block())
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("authorizeRequest cannot be null");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("authorizeRequest cannot be null");
 	}
 
 	@Test
 	public void authorizeWhenExchangeIsNullThenThrowIllegalArgumentException() {
-		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest.withClientRegistrationId(this.clientRegistration.getRegistrationId())
-				.principal(this.principal)
+		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
+				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
 				.build();
 		assertThatThrownBy(() -> this.authorizedClientManager.authorize(authorizeRequest).block())
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("serverWebExchange cannot be null");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("serverWebExchange cannot be null");
 	}
 
 	@Test
 	public void authorizeWhenClientRegistrationNotFoundThenThrowIllegalArgumentException() {
-		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest.withClientRegistrationId("invalid-registration-id")
-				.principal(this.principal)
-				.build();
-		assertThatThrownBy(() -> this.authorizedClientManager.authorize(authorizeRequest).subscriberContext(this.context).block())
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("Could not find ClientRegistration with id 'invalid-registration-id'");
+		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
+				.withClientRegistrationId("invalid-registration-id").principal(this.principal).build();
+		assertThatThrownBy(
+				() -> this.authorizedClientManager.authorize(authorizeRequest).subscriberContext(this.context).block())
+						.isInstanceOf(IllegalArgumentException.class)
+						.hasMessage("Could not find ClientRegistration with id 'invalid-registration-id'");
 	}
 
 	@SuppressWarnings("unchecked")
 	@Test
 	public void authorizeWhenNotAuthorizedAndUnsupportedProviderThenNotAuthorized() {
-		when(this.clientRegistrationRepository.findByRegistrationId(
-				eq(this.clientRegistration.getRegistrationId()))).thenReturn(Mono.just(this.clientRegistration));
+		when(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
+				.thenReturn(Mono.just(this.clientRegistration));
 
-		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest.withClientRegistrationId(this.clientRegistration.getRegistrationId())
-				.principal(this.principal)
+		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
+				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
 				.build();
 		OAuth2AuthorizedClient authorizedClient = this.authorizedClientManager.authorize(authorizeRequest)
 				.subscriberContext(this.context).block();
@@ -204,13 +214,13 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests {
 	@SuppressWarnings("unchecked")
 	@Test
 	public void authorizeWhenNotAuthorizedAndSupportedProviderThenAuthorized() {
-		when(this.clientRegistrationRepository.findByRegistrationId(
-				eq(this.clientRegistration.getRegistrationId()))).thenReturn(Mono.just(this.clientRegistration));
-		when(this.authorizedClientProvider.authorize(
-				any(OAuth2AuthorizationContext.class))).thenReturn(Mono.just(this.authorizedClient));
+		when(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
+				.thenReturn(Mono.just(this.clientRegistration));
+		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
+				.thenReturn(Mono.just(this.authorizedClient));
 
-		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest.withClientRegistrationId(this.clientRegistration.getRegistrationId())
-				.principal(this.principal)
+		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
+				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
 				.build();
 		OAuth2AuthorizedClient authorizedClient = this.authorizedClientManager.authorize(authorizeRequest)
 				.subscriberContext(this.context).block();
@@ -224,8 +234,8 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests {
 		assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal);
 
 		assertThat(authorizedClient).isSameAs(this.authorizedClient);
-		verify(this.authorizedClientRepository).saveAuthorizedClient(
-				eq(this.authorizedClient), eq(this.principal), eq(this.serverWebExchange));
+		verify(this.authorizedClientRepository).saveAuthorizedClient(eq(this.authorizedClient), eq(this.principal),
+				eq(this.serverWebExchange));
 		this.saveAuthorizedClientProbe.assertWasSubscribed();
 		verify(this.authorizedClientRepository, never()).removeAuthorizedClient(any(), any(), any());
 	}
@@ -233,17 +243,18 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests {
 	@SuppressWarnings("unchecked")
 	@Test
 	public void authorizeWhenNotAuthorizedAndSupportedProviderAndCustomSuccessHandlerThenInvokeCustomSuccessHandler() {
-		when(this.clientRegistrationRepository.findByRegistrationId(
-				eq(this.clientRegistration.getRegistrationId()))).thenReturn(Mono.just(this.clientRegistration));
-		when(this.authorizedClientProvider.authorize(
-				any(OAuth2AuthorizationContext.class))).thenReturn(Mono.just(this.authorizedClient));
+		when(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
+				.thenReturn(Mono.just(this.clientRegistration));
+		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
+				.thenReturn(Mono.just(this.authorizedClient));
 
-		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest.withClientRegistrationId(this.clientRegistration.getRegistrationId())
-				.principal(this.principal)
+		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
+				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
 				.build();
 
 		PublisherProbe<Void> authorizationSuccessHandlerProbe = PublisherProbe.empty();
-		this.authorizedClientManager.setAuthorizationSuccessHandler((client, principal, attributes) -> authorizationSuccessHandlerProbe.mono());
+		this.authorizedClientManager.setAuthorizationSuccessHandler(
+				(client, principal, attributes) -> authorizationSuccessHandlerProbe.mono());
 
 		OAuth2AuthorizedClient authorizedClient = this.authorizedClientManager.authorize(authorizeRequest)
 				.subscriberContext(this.context).block();
@@ -265,23 +276,23 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests {
 	@SuppressWarnings("unchecked")
 	@Test
 	public void authorizeWhenInvalidTokenThenRemoveAuthorizedClient() {
-		when(this.clientRegistrationRepository.findByRegistrationId(
-				eq(this.clientRegistration.getRegistrationId()))).thenReturn(Mono.just(this.clientRegistration));
+		when(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
+				.thenReturn(Mono.just(this.clientRegistration));
 
-		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest.withClientRegistrationId(this.clientRegistration.getRegistrationId())
-				.principal(this.principal)
+		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
+				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
 				.build();
 
 		ClientAuthorizationException exception = new ClientAuthorizationException(
 				new OAuth2Error(OAuth2ErrorCodes.INVALID_TOKEN, null, null),
 				this.clientRegistration.getRegistrationId());
 
-		when(this.authorizedClientProvider.authorize(
-				any(OAuth2AuthorizationContext.class))).thenReturn(Mono.error(exception));
+		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
+				.thenReturn(Mono.error(exception));
 
-		assertThatCode(() -> this.authorizedClientManager.authorize(authorizeRequest)
-				.subscriberContext(this.context).block())
-				.isEqualTo(exception);
+		assertThatCode(
+				() -> this.authorizedClientManager.authorize(authorizeRequest).subscriberContext(this.context).block())
+						.isEqualTo(exception);
 
 		verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture());
 		verify(this.contextAttributesMapper).apply(eq(authorizeRequest));
@@ -291,8 +302,8 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests {
 		assertThat(authorizationContext.getAuthorizedClient()).isNull();
 		assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal);
 
-		verify(this.authorizedClientRepository).removeAuthorizedClient(
-				eq(this.clientRegistration.getRegistrationId()), eq(this.principal), eq(this.serverWebExchange));
+		verify(this.authorizedClientRepository).removeAuthorizedClient(eq(this.clientRegistration.getRegistrationId()),
+				eq(this.principal), eq(this.serverWebExchange));
 		this.removeAuthorizedClientProbe.assertWasSubscribed();
 		verify(this.authorizedClientRepository, never()).saveAuthorizedClient(any(), any(), any());
 	}
@@ -300,23 +311,23 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests {
 	@SuppressWarnings("unchecked")
 	@Test
 	public void authorizeWhenInvalidGrantThenRemoveAuthorizedClient() {
-		when(this.clientRegistrationRepository.findByRegistrationId(
-				eq(this.clientRegistration.getRegistrationId()))).thenReturn(Mono.just(this.clientRegistration));
+		when(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
+				.thenReturn(Mono.just(this.clientRegistration));
 
-		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest.withClientRegistrationId(this.clientRegistration.getRegistrationId())
-				.principal(this.principal)
+		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
+				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
 				.build();
 
 		ClientAuthorizationException exception = new ClientAuthorizationException(
 				new OAuth2Error(OAuth2ErrorCodes.INVALID_GRANT, null, null),
 				this.clientRegistration.getRegistrationId());
 
-		when(this.authorizedClientProvider.authorize(
-				any(OAuth2AuthorizationContext.class))).thenReturn(Mono.error(exception));
+		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
+				.thenReturn(Mono.error(exception));
 
-		assertThatCode(() -> this.authorizedClientManager.authorize(authorizeRequest)
-				.subscriberContext(this.context).block())
-				.isEqualTo(exception);
+		assertThatCode(
+				() -> this.authorizedClientManager.authorize(authorizeRequest).subscriberContext(this.context).block())
+						.isEqualTo(exception);
 
 		verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture());
 		verify(this.contextAttributesMapper).apply(eq(authorizeRequest));
@@ -326,8 +337,8 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests {
 		assertThat(authorizationContext.getAuthorizedClient()).isNull();
 		assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal);
 
-		verify(this.authorizedClientRepository).removeAuthorizedClient(
-				eq(this.clientRegistration.getRegistrationId()), eq(this.principal), eq(this.serverWebExchange));
+		verify(this.authorizedClientRepository).removeAuthorizedClient(eq(this.clientRegistration.getRegistrationId()),
+				eq(this.principal), eq(this.serverWebExchange));
 		this.removeAuthorizedClientProbe.assertWasSubscribed();
 		verify(this.authorizedClientRepository, never()).saveAuthorizedClient(any(), any(), any());
 	}
@@ -335,23 +346,23 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests {
 	@SuppressWarnings("unchecked")
 	@Test
 	public void authorizeWhenServerErrorThenDoNotRemoveAuthorizedClient() {
-		when(this.clientRegistrationRepository.findByRegistrationId(
-				eq(this.clientRegistration.getRegistrationId()))).thenReturn(Mono.just(this.clientRegistration));
+		when(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
+				.thenReturn(Mono.just(this.clientRegistration));
 
-		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest.withClientRegistrationId(this.clientRegistration.getRegistrationId())
-				.principal(this.principal)
+		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
+				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
 				.build();
 
 		ClientAuthorizationException exception = new ClientAuthorizationException(
 				new OAuth2Error(OAuth2ErrorCodes.SERVER_ERROR, null, null),
 				this.clientRegistration.getRegistrationId());
 
-		when(this.authorizedClientProvider.authorize(
-				any(OAuth2AuthorizationContext.class))).thenReturn(Mono.error(exception));
+		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
+				.thenReturn(Mono.error(exception));
 
-		assertThatCode(() -> this.authorizedClientManager.authorize(authorizeRequest)
-				.subscriberContext(this.context).block())
-				.isEqualTo(exception);
+		assertThatCode(
+				() -> this.authorizedClientManager.authorize(authorizeRequest).subscriberContext(this.context).block())
+						.isEqualTo(exception);
 
 		verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture());
 		verify(this.contextAttributesMapper).apply(eq(authorizeRequest));
@@ -368,22 +379,22 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests {
 	@SuppressWarnings("unchecked")
 	@Test
 	public void authorizeWhenOAuth2AuthorizationExceptionThenDoNotRemoveAuthorizedClient() {
-		when(this.clientRegistrationRepository.findByRegistrationId(
-				eq(this.clientRegistration.getRegistrationId()))).thenReturn(Mono.just(this.clientRegistration));
+		when(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
+				.thenReturn(Mono.just(this.clientRegistration));
 
-		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest.withClientRegistrationId(this.clientRegistration.getRegistrationId())
-				.principal(this.principal)
+		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
+				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
 				.build();
 
 		OAuth2AuthorizationException exception = new OAuth2AuthorizationException(
 				new OAuth2Error(OAuth2ErrorCodes.INVALID_GRANT, null, null));
 
-		when(this.authorizedClientProvider.authorize(
-				any(OAuth2AuthorizationContext.class))).thenReturn(Mono.error(exception));
+		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
+				.thenReturn(Mono.error(exception));
 
-		assertThatCode(() -> this.authorizedClientManager.authorize(authorizeRequest)
-				.subscriberContext(this.context).block())
-				.isEqualTo(exception);
+		assertThatCode(
+				() -> this.authorizedClientManager.authorize(authorizeRequest).subscriberContext(this.context).block())
+						.isEqualTo(exception);
 
 		verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture());
 		verify(this.contextAttributesMapper).apply(eq(authorizeRequest));
@@ -400,25 +411,26 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests {
 	@SuppressWarnings("unchecked")
 	@Test
 	public void authorizeWhenOAuth2AuthorizationExceptionAndCustomFailureHandlerThenInvokeCustomFailureHandler() {
-		when(this.clientRegistrationRepository.findByRegistrationId(
-				eq(this.clientRegistration.getRegistrationId()))).thenReturn(Mono.just(this.clientRegistration));
+		when(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
+				.thenReturn(Mono.just(this.clientRegistration));
 
-		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest.withClientRegistrationId(this.clientRegistration.getRegistrationId())
-				.principal(this.principal)
+		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
+				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
 				.build();
 
 		OAuth2AuthorizationException exception = new OAuth2AuthorizationException(
 				new OAuth2Error(OAuth2ErrorCodes.INVALID_GRANT, null, null));
 
-		when(this.authorizedClientProvider.authorize(
-				any(OAuth2AuthorizationContext.class))).thenReturn(Mono.error(exception));
+		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
+				.thenReturn(Mono.error(exception));
 
 		PublisherProbe<Void> authorizationFailureHandlerProbe = PublisherProbe.empty();
-		this.authorizedClientManager.setAuthorizationFailureHandler((client, principal, attributes) -> authorizationFailureHandlerProbe.mono());
+		this.authorizedClientManager.setAuthorizationFailureHandler(
+				(client, principal, attributes) -> authorizationFailureHandlerProbe.mono());
 
-		assertThatCode(() -> this.authorizedClientManager.authorize(authorizeRequest)
-				.subscriberContext(this.context).block())
-				.isEqualTo(exception);
+		assertThatCode(
+				() -> this.authorizedClientManager.authorize(authorizeRequest).subscriberContext(this.context).block())
+						.isEqualTo(exception);
 
 		verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture());
 		verify(this.contextAttributesMapper).apply(eq(authorizeRequest));
@@ -432,23 +444,24 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests {
 		verify(this.authorizedClientRepository, never()).removeAuthorizedClient(any(), any(), any());
 		verify(this.authorizedClientRepository, never()).saveAuthorizedClient(any(), any(), any());
 	}
+
 	@SuppressWarnings("unchecked")
 	@Test
 	public void authorizeWhenAuthorizedAndSupportedProviderThenReauthorized() {
-		when(this.clientRegistrationRepository.findByRegistrationId(
-				eq(this.clientRegistration.getRegistrationId()))).thenReturn(Mono.just(this.clientRegistration));
+		when(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
+				.thenReturn(Mono.just(this.clientRegistration));
 		this.loadAuthorizedClientProbe = PublisherProbe.of(Mono.just(this.authorizedClient));
-		when(this.authorizedClientRepository.loadAuthorizedClient(
-				eq(this.clientRegistration.getRegistrationId()), eq(this.principal), eq(this.serverWebExchange))).thenReturn(this.loadAuthorizedClientProbe.mono());
+		when(this.authorizedClientRepository.loadAuthorizedClient(eq(this.clientRegistration.getRegistrationId()),
+				eq(this.principal), eq(this.serverWebExchange))).thenReturn(this.loadAuthorizedClientProbe.mono());
 
-		OAuth2AuthorizedClient reauthorizedClient = new OAuth2AuthorizedClient(
-				this.clientRegistration, this.principal.getName(),
-				TestOAuth2AccessTokens.noScopes(), TestOAuth2RefreshTokens.refreshToken());
+		OAuth2AuthorizedClient reauthorizedClient = new OAuth2AuthorizedClient(this.clientRegistration,
+				this.principal.getName(), TestOAuth2AccessTokens.noScopes(), TestOAuth2RefreshTokens.refreshToken());
 
-		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))).thenReturn(Mono.just(reauthorizedClient));
+		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
+				.thenReturn(Mono.just(reauthorizedClient));
 
-		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest.withClientRegistrationId(this.clientRegistration.getRegistrationId())
-				.principal(this.principal)
+		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
+				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
 				.build();
 		OAuth2AuthorizedClient authorizedClient = this.authorizedClientManager.authorize(authorizeRequest)
 				.subscriberContext(this.context).block();
@@ -462,43 +475,38 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests {
 		assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal);
 
 		assertThat(authorizedClient).isSameAs(reauthorizedClient);
-		verify(this.authorizedClientRepository).saveAuthorizedClient(
-				eq(reauthorizedClient), eq(this.principal), eq(this.serverWebExchange));
+		verify(this.authorizedClientRepository).saveAuthorizedClient(eq(reauthorizedClient), eq(this.principal),
+				eq(this.serverWebExchange));
 		this.saveAuthorizedClientProbe.assertWasSubscribed();
 		verify(this.authorizedClientRepository, never()).removeAuthorizedClient(any(), any(), any());
 	}
 
 	@Test
 	public void authorizeWhenRequestFormParameterUsernamePasswordThenMappedToContext() {
-		when(this.clientRegistrationRepository.findByRegistrationId(
-				eq(this.clientRegistration.getRegistrationId()))).thenReturn(Mono.just(this.clientRegistration));
+		when(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
+				.thenReturn(Mono.just(this.clientRegistration));
 
-		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))).thenReturn(Mono.just(this.authorizedClient));
+		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
+				.thenReturn(Mono.just(this.authorizedClient));
 
 		// Set custom contextAttributesMapper capable of mapping the form parameters
-		this.authorizedClientManager.setContextAttributesMapper(authorizeRequest ->
-				currentServerWebExchange()
-					.flatMap(ServerWebExchange::getFormData)
-					.map(formData -> {
-						Map<String, Object> contextAttributes = new HashMap<>();
-						String username = formData.getFirst(OAuth2ParameterNames.USERNAME);
-						contextAttributes.put(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, username);
-						String password = formData.getFirst(OAuth2ParameterNames.PASSWORD);
-						contextAttributes.put(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, password);
-						return contextAttributes;
-					})
-		);
+		this.authorizedClientManager.setContextAttributesMapper(
+				authorizeRequest -> currentServerWebExchange().flatMap(ServerWebExchange::getFormData).map(formData -> {
+					Map<String, Object> contextAttributes = new HashMap<>();
+					String username = formData.getFirst(OAuth2ParameterNames.USERNAME);
+					contextAttributes.put(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, username);
+					String password = formData.getFirst(OAuth2ParameterNames.PASSWORD);
+					contextAttributes.put(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, password);
+					return contextAttributes;
+				}));
 
-		this.serverWebExchange = MockServerWebExchange.builder(
-				MockServerHttpRequest
-						.post("/")
-						.contentType(MediaType.APPLICATION_FORM_URLENCODED)
-						.body("username=username&password=password"))
+		this.serverWebExchange = MockServerWebExchange.builder(MockServerHttpRequest.post("/")
+				.contentType(MediaType.APPLICATION_FORM_URLENCODED).body("username=username&password=password"))
 				.build();
 		this.context = Context.of(ServerWebExchange.class, this.serverWebExchange);
 
-		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest.withClientRegistrationId(this.clientRegistration.getRegistrationId())
-				.principal(this.principal)
+		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
+				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
 				.build();
 		this.authorizedClientManager.authorize(authorizeRequest).subscriberContext(this.context).block();
 
@@ -515,8 +523,7 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests {
 	@Test
 	public void reauthorizeWhenUnsupportedProviderThenNotReauthorized() {
 		OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient)
-				.principal(this.principal)
-				.build();
+				.principal(this.principal).build();
 		OAuth2AuthorizedClient authorizedClient = this.authorizedClientManager.authorize(reauthorizeRequest)
 				.subscriberContext(this.context).block();
 
@@ -535,15 +542,14 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests {
 	@SuppressWarnings("unchecked")
 	@Test
 	public void reauthorizeWhenSupportedProviderThenReauthorized() {
-		OAuth2AuthorizedClient reauthorizedClient = new OAuth2AuthorizedClient(
-				this.clientRegistration, this.principal.getName(),
-				TestOAuth2AccessTokens.noScopes(), TestOAuth2RefreshTokens.refreshToken());
+		OAuth2AuthorizedClient reauthorizedClient = new OAuth2AuthorizedClient(this.clientRegistration,
+				this.principal.getName(), TestOAuth2AccessTokens.noScopes(), TestOAuth2RefreshTokens.refreshToken());
 
-		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))).thenReturn(Mono.just(reauthorizedClient));
+		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
+				.thenReturn(Mono.just(reauthorizedClient));
 
 		OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient)
-				.principal(this.principal)
-				.build();
+				.principal(this.principal).build();
 		OAuth2AuthorizedClient authorizedClient = this.authorizedClientManager.authorize(reauthorizeRequest)
 				.subscriberContext(this.context).block();
 
@@ -556,46 +562,43 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests {
 		assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal);
 
 		assertThat(authorizedClient).isSameAs(reauthorizedClient);
-		verify(this.authorizedClientRepository).saveAuthorizedClient(
-				eq(reauthorizedClient), eq(this.principal), eq(this.serverWebExchange));
+		verify(this.authorizedClientRepository).saveAuthorizedClient(eq(reauthorizedClient), eq(this.principal),
+				eq(this.serverWebExchange));
 		this.saveAuthorizedClientProbe.assertWasSubscribed();
 		verify(this.authorizedClientRepository, never()).removeAuthorizedClient(any(), any(), any());
 	}
 
 	@Test
 	public void reauthorizeWhenRequestParameterScopeThenMappedToContext() {
-		OAuth2AuthorizedClient reauthorizedClient = new OAuth2AuthorizedClient(
-				this.clientRegistration, this.principal.getName(),
-				TestOAuth2AccessTokens.noScopes(), TestOAuth2RefreshTokens.refreshToken());
+		OAuth2AuthorizedClient reauthorizedClient = new OAuth2AuthorizedClient(this.clientRegistration,
+				this.principal.getName(), TestOAuth2AccessTokens.noScopes(), TestOAuth2RefreshTokens.refreshToken());
 
-		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))).thenReturn(Mono.just(reauthorizedClient));
+		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
+				.thenReturn(Mono.just(reauthorizedClient));
 
 		// Override the mock with the default
 		this.authorizedClientManager.setContextAttributesMapper(
 				new DefaultReactiveOAuth2AuthorizedClientManager.DefaultContextAttributesMapper());
 
-		this.serverWebExchange = MockServerWebExchange.builder(
-				MockServerHttpRequest
-						.get("/")
-						.queryParam(OAuth2ParameterNames.SCOPE, "read write"))
-				.build();
+		this.serverWebExchange = MockServerWebExchange
+				.builder(MockServerHttpRequest.get("/").queryParam(OAuth2ParameterNames.SCOPE, "read write")).build();
 		this.context = Context.of(ServerWebExchange.class, this.serverWebExchange);
 
 		OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient)
-				.principal(this.principal)
-				.build();
+				.principal(this.principal).build();
 		this.authorizedClientManager.authorize(reauthorizeRequest).subscriberContext(this.context).block();
 
 		verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture());
 
 		OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue();
-		String[] requestScopeAttribute = authorizationContext.getAttribute(OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME);
+		String[] requestScopeAttribute = authorizationContext
+				.getAttribute(OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME);
 		assertThat(requestScopeAttribute).contains("read", "write");
 	}
 
 	private Mono<ServerWebExchange> currentServerWebExchange() {
-		return Mono.subscriberContext()
-				.filter(c -> c.hasKey(ServerWebExchange.class))
+		return Mono.subscriberContext().filter(c -> c.hasKey(ServerWebExchange.class))
 				.map(c -> c.get(ServerWebExchange.class));
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizationRequestRepositoryTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizationRequestRepositoryTests.java
index fe8fc5514a..9f4de6dc62 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizationRequestRepositoryTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizationRequestRepositoryTests.java
@@ -37,8 +37,8 @@ import static org.assertj.core.api.Assertions.assertThatThrownBy;
  */
 @RunWith(MockitoJUnitRunner.class)
 public class HttpSessionOAuth2AuthorizationRequestRepositoryTests {
-	private HttpSessionOAuth2AuthorizationRequestRepository authorizationRequestRepository =
-		new HttpSessionOAuth2AuthorizationRequestRepository();
+
+	private HttpSessionOAuth2AuthorizationRequestRepository authorizationRequestRepository = new HttpSessionOAuth2AuthorizationRequestRepository();
 
 	@Test(expected = IllegalArgumentException.class)
 	public void loadAuthorizationRequestWhenHttpServletRequestIsNullThenThrowIllegalArgumentException() {
@@ -49,8 +49,8 @@ public class HttpSessionOAuth2AuthorizationRequestRepositoryTests {
 	public void loadAuthorizationRequestWhenNotSavedThenReturnNull() {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.addParameter(OAuth2ParameterNames.STATE, "state-1234");
-		OAuth2AuthorizationRequest authorizationRequest =
-			this.authorizationRequestRepository.loadAuthorizationRequest(request);
+		OAuth2AuthorizationRequest authorizationRequest = this.authorizationRequestRepository
+				.loadAuthorizationRequest(request);
 
 		assertThat(authorizationRequest).isNull();
 	}
@@ -64,8 +64,8 @@ public class HttpSessionOAuth2AuthorizationRequestRepositoryTests {
 
 		this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, request, response);
 		request.addParameter(OAuth2ParameterNames.STATE, authorizationRequest.getState());
-		OAuth2AuthorizationRequest loadedAuthorizationRequest =
-			this.authorizationRequestRepository.loadAuthorizationRequest(request);
+		OAuth2AuthorizationRequest loadedAuthorizationRequest = this.authorizationRequestRepository
+				.loadAuthorizationRequest(request);
 
 		assertThat(loadedAuthorizationRequest).isEqualTo(authorizationRequest);
 	}
@@ -89,20 +89,20 @@ public class HttpSessionOAuth2AuthorizationRequestRepositoryTests {
 		this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest3, request, response);
 
 		request.addParameter(OAuth2ParameterNames.STATE, state1);
-		OAuth2AuthorizationRequest loadedAuthorizationRequest1 =
-			this.authorizationRequestRepository.loadAuthorizationRequest(request);
+		OAuth2AuthorizationRequest loadedAuthorizationRequest1 = this.authorizationRequestRepository
+				.loadAuthorizationRequest(request);
 		assertThat(loadedAuthorizationRequest1).isEqualTo(authorizationRequest1);
 
 		request.removeParameter(OAuth2ParameterNames.STATE);
 		request.addParameter(OAuth2ParameterNames.STATE, state2);
-		OAuth2AuthorizationRequest loadedAuthorizationRequest2 =
-			this.authorizationRequestRepository.loadAuthorizationRequest(request);
+		OAuth2AuthorizationRequest loadedAuthorizationRequest2 = this.authorizationRequestRepository
+				.loadAuthorizationRequest(request);
 		assertThat(loadedAuthorizationRequest2).isEqualTo(authorizationRequest2);
 
 		request.removeParameter(OAuth2ParameterNames.STATE);
 		request.addParameter(OAuth2ParameterNames.STATE, state3);
-		OAuth2AuthorizationRequest loadedAuthorizationRequest3 =
-			this.authorizationRequestRepository.loadAuthorizationRequest(request);
+		OAuth2AuthorizationRequest loadedAuthorizationRequest3 = this.authorizationRequestRepository
+				.loadAuthorizationRequest(request);
 		assertThat(loadedAuthorizationRequest3).isEqualTo(authorizationRequest3);
 	}
 
@@ -111,8 +111,8 @@ public class HttpSessionOAuth2AuthorizationRequestRepositoryTests {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 
 		OAuth2AuthorizationRequest authorizationRequest = createAuthorizationRequest().build();
-		this.authorizationRequestRepository.saveAuthorizationRequest(
-			authorizationRequest, request, new MockHttpServletResponse());
+		this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, request,
+				new MockHttpServletResponse());
 
 		assertThat(this.authorizationRequestRepository.loadAuthorizationRequest(request)).isNull();
 	}
@@ -121,28 +121,24 @@ public class HttpSessionOAuth2AuthorizationRequestRepositoryTests {
 	public void saveAuthorizationRequestWhenHttpServletRequestIsNullThenThrowIllegalArgumentException() {
 		OAuth2AuthorizationRequest authorizationRequest = createAuthorizationRequest().build();
 
-		assertThatThrownBy(() -> this.authorizationRequestRepository.saveAuthorizationRequest(
-			authorizationRequest, null, new MockHttpServletResponse()))
-			.isInstanceOf(IllegalArgumentException.class);
+		assertThatThrownBy(() -> this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest,
+				null, new MockHttpServletResponse())).isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
 	public void saveAuthorizationRequestWhenHttpServletResponseIsNullThenThrowIllegalArgumentException() {
 		OAuth2AuthorizationRequest authorizationRequest = createAuthorizationRequest().build();
 
-		assertThatThrownBy(() -> this.authorizationRequestRepository.saveAuthorizationRequest(
-				authorizationRequest, new MockHttpServletRequest(), null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatThrownBy(() -> this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest,
+				new MockHttpServletRequest(), null)).isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
 	public void saveAuthorizationRequestWhenStateNullThenThrowIllegalArgumentException() {
-		OAuth2AuthorizationRequest authorizationRequest = createAuthorizationRequest()
-				.state(null)
-				.build();
-		assertThatThrownBy(() -> this.authorizationRequestRepository.saveAuthorizationRequest(
-			authorizationRequest, new MockHttpServletRequest(), new MockHttpServletResponse()))
-			.isInstanceOf(IllegalArgumentException.class);
+		OAuth2AuthorizationRequest authorizationRequest = createAuthorizationRequest().state(null).build();
+		assertThatThrownBy(() -> this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest,
+				new MockHttpServletRequest(), new MockHttpServletResponse()))
+						.isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
@@ -150,12 +146,12 @@ public class HttpSessionOAuth2AuthorizationRequestRepositoryTests {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 
 		OAuth2AuthorizationRequest authorizationRequest = createAuthorizationRequest().build();
-		this.authorizationRequestRepository.saveAuthorizationRequest(
-			authorizationRequest, request, new MockHttpServletResponse());
+		this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, request,
+				new MockHttpServletResponse());
 
 		request.addParameter(OAuth2ParameterNames.STATE, authorizationRequest.getState());
-		OAuth2AuthorizationRequest loadedAuthorizationRequest =
-			this.authorizationRequestRepository.loadAuthorizationRequest(request);
+		OAuth2AuthorizationRequest loadedAuthorizationRequest = this.authorizationRequestRepository
+				.loadAuthorizationRequest(request);
 
 		assertThat(loadedAuthorizationRequest).isEqualTo(authorizationRequest);
 	}
@@ -166,12 +162,12 @@ public class HttpSessionOAuth2AuthorizationRequestRepositoryTests {
 		request.setSession(new MockDistributedHttpSession());
 
 		OAuth2AuthorizationRequest authorizationRequest = createAuthorizationRequest().build();
-		this.authorizationRequestRepository.saveAuthorizationRequest(
-				authorizationRequest, request, new MockHttpServletResponse());
+		this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, request,
+				new MockHttpServletResponse());
 
 		request.addParameter(OAuth2ParameterNames.STATE, authorizationRequest.getState());
-		OAuth2AuthorizationRequest loadedAuthorizationRequest =
-				this.authorizationRequestRepository.loadAuthorizationRequest(request);
+		OAuth2AuthorizationRequest loadedAuthorizationRequest = this.authorizationRequestRepository
+				.loadAuthorizationRequest(request);
 
 		assertThat(loadedAuthorizationRequest).isEqualTo(authorizationRequest);
 	}
@@ -182,16 +178,16 @@ public class HttpSessionOAuth2AuthorizationRequestRepositoryTests {
 		request.setSession(new MockDistributedHttpSession());
 
 		OAuth2AuthorizationRequest authorizationRequest1 = createAuthorizationRequest().build();
-		this.authorizationRequestRepository.saveAuthorizationRequest(
-				authorizationRequest1, request, new MockHttpServletResponse());
+		this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest1, request,
+				new MockHttpServletResponse());
 
 		OAuth2AuthorizationRequest authorizationRequest2 = createAuthorizationRequest().build();
-		this.authorizationRequestRepository.saveAuthorizationRequest(
-				authorizationRequest2, request, new MockHttpServletResponse());
+		this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest2, request,
+				new MockHttpServletResponse());
 
 		request.addParameter(OAuth2ParameterNames.STATE, authorizationRequest2.getState());
-		OAuth2AuthorizationRequest loadedAuthorizationRequest =
-				this.authorizationRequestRepository.loadAuthorizationRequest(request);
+		OAuth2AuthorizationRequest loadedAuthorizationRequest = this.authorizationRequestRepository
+				.loadAuthorizationRequest(request);
 
 		assertThat(loadedAuthorizationRequest).isEqualTo(authorizationRequest2);
 	}
@@ -201,32 +197,33 @@ public class HttpSessionOAuth2AuthorizationRequestRepositoryTests {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
 
-
 		OAuth2AuthorizationRequest authorizationRequest = createAuthorizationRequest().build();
 
-		this.authorizationRequestRepository.saveAuthorizationRequest(		// Save
-			authorizationRequest, request, response);
+		this.authorizationRequestRepository.saveAuthorizationRequest( // Save
+				authorizationRequest, request, response);
 
 		request.addParameter(OAuth2ParameterNames.STATE, authorizationRequest.getState());
-		this.authorizationRequestRepository.saveAuthorizationRequest(		// Null value removes
-			null, request, response);
+		this.authorizationRequestRepository.saveAuthorizationRequest( // Null value
+																		// removes
+				null, request, response);
 
-		OAuth2AuthorizationRequest loadedAuthorizationRequest =
-			this.authorizationRequestRepository.loadAuthorizationRequest(request);
+		OAuth2AuthorizationRequest loadedAuthorizationRequest = this.authorizationRequestRepository
+				.loadAuthorizationRequest(request);
 
 		assertThat(loadedAuthorizationRequest).isNull();
 	}
 
 	@Test
 	public void removeAuthorizationRequestWhenHttpServletRequestIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.authorizationRequestRepository.removeAuthorizationRequest(
-				null, new MockHttpServletResponse())).isInstanceOf(IllegalArgumentException.class);
+		assertThatThrownBy(() -> this.authorizationRequestRepository.removeAuthorizationRequest(null,
+				new MockHttpServletResponse())).isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
 	public void removeAuthorizationRequestWhenHttpServletResponseIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.authorizationRequestRepository.removeAuthorizationRequest(
-				new MockHttpServletRequest(), null)).isInstanceOf(IllegalArgumentException.class);
+		assertThatThrownBy(() -> this.authorizationRequestRepository
+				.removeAuthorizationRequest(new MockHttpServletRequest(), null))
+						.isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
@@ -236,14 +233,13 @@ public class HttpSessionOAuth2AuthorizationRequestRepositoryTests {
 
 		OAuth2AuthorizationRequest authorizationRequest = createAuthorizationRequest().build();
 
-		this.authorizationRequestRepository.saveAuthorizationRequest(
-			authorizationRequest, request, response);
+		this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, request, response);
 
 		request.addParameter(OAuth2ParameterNames.STATE, authorizationRequest.getState());
-		OAuth2AuthorizationRequest removedAuthorizationRequest =
-			this.authorizationRequestRepository.removeAuthorizationRequest(request, response);
-		OAuth2AuthorizationRequest loadedAuthorizationRequest =
-			this.authorizationRequestRepository.loadAuthorizationRequest(request);
+		OAuth2AuthorizationRequest removedAuthorizationRequest = this.authorizationRequestRepository
+				.removeAuthorizationRequest(request, response);
+		OAuth2AuthorizationRequest loadedAuthorizationRequest = this.authorizationRequestRepository
+				.loadAuthorizationRequest(request);
 
 		assertThat(removedAuthorizationRequest).isNotNull();
 		assertThat(loadedAuthorizationRequest).isNull();
@@ -257,15 +253,14 @@ public class HttpSessionOAuth2AuthorizationRequestRepositoryTests {
 
 		OAuth2AuthorizationRequest authorizationRequest = createAuthorizationRequest().build();
 
-		this.authorizationRequestRepository.saveAuthorizationRequest(
-				authorizationRequest, request, response);
+		this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, request, response);
 
 		request.addParameter(OAuth2ParameterNames.STATE, authorizationRequest.getState());
-		OAuth2AuthorizationRequest removedAuthorizationRequest =
-				this.authorizationRequestRepository.removeAuthorizationRequest(request, response);
+		OAuth2AuthorizationRequest removedAuthorizationRequest = this.authorizationRequestRepository
+				.removeAuthorizationRequest(request, response);
 
-		String sessionAttributeName = HttpSessionOAuth2AuthorizationRequestRepository.class.getName() +
-				".AUTHORIZATION_REQUEST";
+		String sessionAttributeName = HttpSessionOAuth2AuthorizationRequestRepository.class.getName()
+				+ ".AUTHORIZATION_REQUEST";
 
 		assertThat(removedAuthorizationRequest).isNotNull();
 		assertThat(request.getSession().getAttribute(sessionAttributeName)).isNull();
@@ -278,20 +273,19 @@ public class HttpSessionOAuth2AuthorizationRequestRepositoryTests {
 
 		MockHttpServletResponse response = new MockHttpServletResponse();
 
-		OAuth2AuthorizationRequest removedAuthorizationRequest =
-			this.authorizationRequestRepository.removeAuthorizationRequest(request, response);
+		OAuth2AuthorizationRequest removedAuthorizationRequest = this.authorizationRequestRepository
+				.removeAuthorizationRequest(request, response);
 
 		assertThat(removedAuthorizationRequest).isNull();
 	}
 
 	private OAuth2AuthorizationRequest.Builder createAuthorizationRequest() {
-		return OAuth2AuthorizationRequest.authorizationCode()
-				.authorizationUri("https://example.com/oauth2/authorize")
-				.clientId("client-id-1234")
-				.state("state-1234");
+		return OAuth2AuthorizationRequest.authorizationCode().authorizationUri("https://example.com/oauth2/authorize")
+				.clientId("client-id-1234").state("state-1234");
 	}
 
 	static class MockDistributedHttpSession extends MockHttpSession {
+
 		@Override
 		public Object getAttribute(String name) {
 			return wrap(super.getAttribute(name));
@@ -308,5 +302,7 @@ public class HttpSessionOAuth2AuthorizationRequestRepositoryTests {
 			}
 			return object;
 		}
+
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizedClientRepositoryTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizedClientRepositoryTests.java
index 9646ce8c1e..60a4020465 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizedClientRepositoryTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizedClientRepositoryTests.java
@@ -37,6 +37,7 @@ import static org.mockito.Mockito.mock;
  * @author Joe Grandja
  */
 public class HttpSessionOAuth2AuthorizedClientRepositoryTests {
+
 	private String principalName1 = "principalName-1";
 
 	private ClientRegistration registration1 = TestClientRegistrations.clientRegistration().build();
@@ -47,8 +48,7 @@ public class HttpSessionOAuth2AuthorizedClientRepositoryTests {
 
 	private String registrationId2 = this.registration2.getRegistrationId();
 
-	private HttpSessionOAuth2AuthorizedClientRepository authorizedClientRepository =
-			new HttpSessionOAuth2AuthorizedClientRepository();
+	private HttpSessionOAuth2AuthorizedClientRepository authorizedClientRepository = new HttpSessionOAuth2AuthorizedClientRepository();
 
 	private MockHttpServletRequest request;
 
@@ -79,63 +79,66 @@ public class HttpSessionOAuth2AuthorizedClientRepositoryTests {
 
 	@Test
 	public void loadAuthorizedClientWhenClientRegistrationNotFoundThenReturnNull() {
-		OAuth2AuthorizedClient authorizedClient =
-				this.authorizedClientRepository.loadAuthorizedClient("registration-not-found", null, this.request);
+		OAuth2AuthorizedClient authorizedClient = this.authorizedClientRepository
+				.loadAuthorizedClient("registration-not-found", null, this.request);
 		assertThat(authorizedClient).isNull();
 	}
 
 	@Test
 	public void loadAuthorizedClientWhenSavedThenReturnAuthorizedClient() {
-		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(
-				this.registration1, this.principalName1, mock(OAuth2AccessToken.class));
+		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration1, this.principalName1,
+				mock(OAuth2AccessToken.class));
 		this.authorizedClientRepository.saveAuthorizedClient(authorizedClient, null, this.request, this.response);
 
-		OAuth2AuthorizedClient loadedAuthorizedClient =
-				this.authorizedClientRepository.loadAuthorizedClient(this.registrationId1, null, this.request);
+		OAuth2AuthorizedClient loadedAuthorizedClient = this.authorizedClientRepository
+				.loadAuthorizedClient(this.registrationId1, null, this.request);
 		assertThat(loadedAuthorizedClient).isEqualTo(authorizedClient);
 	}
 
 	@Test
 	public void saveAuthorizedClientWhenAuthorizedClientIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.authorizedClientRepository.saveAuthorizedClient(null, null, this.request, this.response))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatThrownBy(
+				() -> this.authorizedClientRepository.saveAuthorizedClient(null, null, this.request, this.response))
+						.isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
 	public void saveAuthorizedClientWhenAuthenticationIsNullThenExceptionNotThrown() {
-		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(
-				this.registration2, this.principalName1, mock(OAuth2AccessToken.class));
+		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration2, this.principalName1,
+				mock(OAuth2AccessToken.class));
 		this.authorizedClientRepository.saveAuthorizedClient(authorizedClient, null, this.request, this.response);
 	}
 
 	@Test
 	public void saveAuthorizedClientWhenRequestIsNullThenThrowIllegalArgumentException() {
-		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(
-				this.registration2, this.principalName1, mock(OAuth2AccessToken.class));
-		assertThatThrownBy(() -> this.authorizedClientRepository.saveAuthorizedClient(authorizedClient, null, null, this.response))
-				.isInstanceOf(IllegalArgumentException.class);
+		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration2, this.principalName1,
+				mock(OAuth2AccessToken.class));
+		assertThatThrownBy(
+				() -> this.authorizedClientRepository.saveAuthorizedClient(authorizedClient, null, null, this.response))
+						.isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
 	public void saveAuthorizedClientWhenResponseIsNullThenThrowIllegalArgumentException() {
-		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(
-				this.registration2, this.principalName1, mock(OAuth2AccessToken.class));
-		assertThatThrownBy(() -> this.authorizedClientRepository.saveAuthorizedClient(authorizedClient, null, this.request, null))
-				.isInstanceOf(IllegalArgumentException.class);
+		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration2, this.principalName1,
+				mock(OAuth2AccessToken.class));
+		assertThatThrownBy(
+				() -> this.authorizedClientRepository.saveAuthorizedClient(authorizedClient, null, this.request, null))
+						.isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
 	public void saveAuthorizedClientWhenSavedThenSavedToSession() {
-		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(
-				this.registration2, this.principalName1, mock(OAuth2AccessToken.class));
+		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration2, this.principalName1,
+				mock(OAuth2AccessToken.class));
 		this.authorizedClientRepository.saveAuthorizedClient(authorizedClient, null, this.request, this.response);
 
 		HttpSession session = this.request.getSession(false);
 		assertThat(session).isNotNull();
 
 		@SuppressWarnings("unchecked")
-		Map<String, OAuth2AuthorizedClient> authorizedClients = (Map<String, OAuth2AuthorizedClient>)
-				session.getAttribute(HttpSessionOAuth2AuthorizedClientRepository.class.getName() + ".AUTHORIZED_CLIENTS");
+		Map<String, OAuth2AuthorizedClient> authorizedClients = (Map<String, OAuth2AuthorizedClient>) session
+				.getAttribute(HttpSessionOAuth2AuthorizedClientRepository.class.getName() + ".AUTHORIZED_CLIENTS");
 		assertThat(authorizedClients).isNotEmpty();
 		assertThat(authorizedClients).hasSize(1);
 		assertThat(authorizedClients.values().iterator().next()).isSameAs(authorizedClient);
@@ -143,8 +146,9 @@ public class HttpSessionOAuth2AuthorizedClientRepositoryTests {
 
 	@Test
 	public void removeAuthorizedClientWhenClientRegistrationIdIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.authorizedClientRepository.removeAuthorizedClient(
-				null, null, this.request, this.response)).isInstanceOf(IllegalArgumentException.class);
+		assertThatThrownBy(
+				() -> this.authorizedClientRepository.removeAuthorizedClient(null, null, this.request, this.response))
+						.isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
@@ -154,8 +158,8 @@ public class HttpSessionOAuth2AuthorizedClientRepositoryTests {
 
 	@Test
 	public void removeAuthorizedClientWhenRequestIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.authorizedClientRepository.removeAuthorizedClient(
-				this.registrationId1, null, null, this.response)).isInstanceOf(IllegalArgumentException.class);
+		assertThatThrownBy(() -> this.authorizedClientRepository.removeAuthorizedClient(this.registrationId1, null,
+				null, this.response)).isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
@@ -165,74 +169,72 @@ public class HttpSessionOAuth2AuthorizedClientRepositoryTests {
 
 	@Test
 	public void removeAuthorizedClientWhenNotSavedThenSessionNotCreated() {
-		this.authorizedClientRepository.removeAuthorizedClient(
-				this.registrationId2, null, this.request, this.response);
+		this.authorizedClientRepository.removeAuthorizedClient(this.registrationId2, null, this.request, this.response);
 		assertThat(this.request.getSession(false)).isNull();
 	}
 
 	@Test
 	public void removeAuthorizedClientWhenClient1SavedAndClient2RemovedThenClient1NotRemoved() {
-		OAuth2AuthorizedClient authorizedClient1 = new OAuth2AuthorizedClient(
-				this.registration1, this.principalName1, mock(OAuth2AccessToken.class));
+		OAuth2AuthorizedClient authorizedClient1 = new OAuth2AuthorizedClient(this.registration1, this.principalName1,
+				mock(OAuth2AccessToken.class));
 		this.authorizedClientRepository.saveAuthorizedClient(authorizedClient1, null, this.request, this.response);
 
 		// Remove registrationId2 (never added so is not removed either)
-		this.authorizedClientRepository.removeAuthorizedClient(
-				this.registrationId2, null, this.request, this.response);
+		this.authorizedClientRepository.removeAuthorizedClient(this.registrationId2, null, this.request, this.response);
 
-		OAuth2AuthorizedClient loadedAuthorizedClient1 = this.authorizedClientRepository.loadAuthorizedClient(
-				this.registrationId1, null, this.request);
+		OAuth2AuthorizedClient loadedAuthorizedClient1 = this.authorizedClientRepository
+				.loadAuthorizedClient(this.registrationId1, null, this.request);
 		assertThat(loadedAuthorizedClient1).isNotNull();
 		assertThat(loadedAuthorizedClient1).isSameAs(authorizedClient1);
 	}
 
 	@Test
 	public void removeAuthorizedClientWhenSavedThenRemoved() {
-		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(
-				this.registration2, this.principalName1, mock(OAuth2AccessToken.class));
+		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration2, this.principalName1,
+				mock(OAuth2AccessToken.class));
 		this.authorizedClientRepository.saveAuthorizedClient(authorizedClient, null, this.request, this.response);
-		OAuth2AuthorizedClient loadedAuthorizedClient = this.authorizedClientRepository.loadAuthorizedClient(
-				this.registrationId2, null, this.request);
+		OAuth2AuthorizedClient loadedAuthorizedClient = this.authorizedClientRepository
+				.loadAuthorizedClient(this.registrationId2, null, this.request);
 		assertThat(loadedAuthorizedClient).isSameAs(authorizedClient);
-		this.authorizedClientRepository.removeAuthorizedClient(
-				this.registrationId2, null, this.request, this.response);
-		loadedAuthorizedClient = this.authorizedClientRepository.loadAuthorizedClient(
-				this.registrationId2, null, this.request);
+		this.authorizedClientRepository.removeAuthorizedClient(this.registrationId2, null, this.request, this.response);
+		loadedAuthorizedClient = this.authorizedClientRepository.loadAuthorizedClient(this.registrationId2, null,
+				this.request);
 		assertThat(loadedAuthorizedClient).isNull();
 	}
 
 	@Test
 	public void removeAuthorizedClientWhenSavedThenRemovedFromSession() {
-		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(
-				this.registration1, this.principalName1, mock(OAuth2AccessToken.class));
+		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration1, this.principalName1,
+				mock(OAuth2AccessToken.class));
 		this.authorizedClientRepository.saveAuthorizedClient(authorizedClient, null, this.request, this.response);
-		OAuth2AuthorizedClient loadedAuthorizedClient = this.authorizedClientRepository.loadAuthorizedClient(
-				this.registrationId1, null, this.request);
+		OAuth2AuthorizedClient loadedAuthorizedClient = this.authorizedClientRepository
+				.loadAuthorizedClient(this.registrationId1, null, this.request);
 		assertThat(loadedAuthorizedClient).isSameAs(authorizedClient);
-		this.authorizedClientRepository.removeAuthorizedClient(
-				this.registrationId1, null, this.request, this.response);
+		this.authorizedClientRepository.removeAuthorizedClient(this.registrationId1, null, this.request, this.response);
 
 		HttpSession session = this.request.getSession(false);
 		assertThat(session).isNotNull();
-		assertThat(session.getAttribute(HttpSessionOAuth2AuthorizedClientRepository.class.getName() + ".AUTHORIZED_CLIENTS")).isNull();
+		assertThat(session
+				.getAttribute(HttpSessionOAuth2AuthorizedClientRepository.class.getName() + ".AUTHORIZED_CLIENTS"))
+						.isNull();
 	}
 
 	@Test
 	public void removeAuthorizedClientWhenClient1Client2SavedAndClient1RemovedThenClient2NotRemoved() {
-		OAuth2AuthorizedClient authorizedClient1 = new OAuth2AuthorizedClient(
-				this.registration1, this.principalName1, mock(OAuth2AccessToken.class));
+		OAuth2AuthorizedClient authorizedClient1 = new OAuth2AuthorizedClient(this.registration1, this.principalName1,
+				mock(OAuth2AccessToken.class));
 		this.authorizedClientRepository.saveAuthorizedClient(authorizedClient1, null, this.request, this.response);
 
-		OAuth2AuthorizedClient authorizedClient2 = new OAuth2AuthorizedClient(
-				this.registration2, this.principalName1, mock(OAuth2AccessToken.class));
+		OAuth2AuthorizedClient authorizedClient2 = new OAuth2AuthorizedClient(this.registration2, this.principalName1,
+				mock(OAuth2AccessToken.class));
 		this.authorizedClientRepository.saveAuthorizedClient(authorizedClient2, null, this.request, this.response);
 
-		this.authorizedClientRepository.removeAuthorizedClient(
-				this.registrationId1, null, this.request, this.response);
+		this.authorizedClientRepository.removeAuthorizedClient(this.registrationId1, null, this.request, this.response);
 
-		OAuth2AuthorizedClient loadedAuthorizedClient2 = this.authorizedClientRepository.loadAuthorizedClient(
-				this.registrationId2, null, this.request);
+		OAuth2AuthorizedClient loadedAuthorizedClient2 = this.authorizedClientRepository
+				.loadAuthorizedClient(this.registrationId2, null, this.request);
 		assertThat(loadedAuthorizedClient2).isNotNull();
 		assertThat(loadedAuthorizedClient2).isSameAs(authorizedClient2);
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilterTests.java
index d1dba0d899..765cec6535 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilterTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilterTests.java
@@ -75,13 +75,21 @@ import static org.springframework.security.oauth2.core.endpoint.TestOAuth2Author
  * @author Parikshit Dutta
  */
 public class OAuth2AuthorizationCodeGrantFilterTests {
+
 	private ClientRegistration registration1;
+
 	private String principalName1 = "principal-1";
+
 	private ClientRegistrationRepository clientRegistrationRepository;
+
 	private OAuth2AuthorizedClientService authorizedClientService;
+
 	private OAuth2AuthorizedClientRepository authorizedClientRepository;
+
 	private AuthenticationManager authenticationManager;
+
 	private AuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository;
+
 	private OAuth2AuthorizationCodeGrantFilter filter;
 
 	@Before
@@ -89,11 +97,12 @@ public class OAuth2AuthorizationCodeGrantFilterTests {
 		this.registration1 = TestClientRegistrations.clientRegistration().build();
 		this.clientRegistrationRepository = new InMemoryClientRegistrationRepository(this.registration1);
 		this.authorizedClientService = new InMemoryOAuth2AuthorizedClientService(this.clientRegistrationRepository);
-		this.authorizedClientRepository = new AuthenticatedPrincipalOAuth2AuthorizedClientRepository(this.authorizedClientService);
+		this.authorizedClientRepository = new AuthenticatedPrincipalOAuth2AuthorizedClientRepository(
+				this.authorizedClientService);
 		this.authorizationRequestRepository = new HttpSessionOAuth2AuthorizationRequestRepository();
 		this.authenticationManager = mock(AuthenticationManager.class);
-		this.filter = spy(new OAuth2AuthorizationCodeGrantFilter(
-			this.clientRegistrationRepository, this.authorizedClientRepository, this.authenticationManager));
+		this.filter = spy(new OAuth2AuthorizationCodeGrantFilter(this.clientRegistrationRepository,
+				this.authorizedClientRepository, this.authenticationManager));
 		this.filter.setAuthorizationRequestRepository(this.authorizationRequestRepository);
 		TestingAuthenticationToken authentication = new TestingAuthenticationToken(this.principalName1, "password");
 		authentication.setAuthenticated(true);
@@ -109,20 +118,20 @@ public class OAuth2AuthorizationCodeGrantFilterTests {
 
 	@Test
 	public void constructorWhenClientRegistrationRepositoryIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> new OAuth2AuthorizationCodeGrantFilter(null, this.authorizedClientRepository, this.authenticationManager))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatThrownBy(() -> new OAuth2AuthorizationCodeGrantFilter(null, this.authorizedClientRepository,
+				this.authenticationManager)).isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
 	public void constructorWhenAuthorizedClientRepositoryIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> new OAuth2AuthorizationCodeGrantFilter(this.clientRegistrationRepository, null, this.authenticationManager))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatThrownBy(() -> new OAuth2AuthorizationCodeGrantFilter(this.clientRegistrationRepository, null,
+				this.authenticationManager)).isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
 	public void constructorWhenAuthenticationManagerIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> new OAuth2AuthorizationCodeGrantFilter(this.clientRegistrationRepository, this.authorizedClientRepository, null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatThrownBy(() -> new OAuth2AuthorizationCodeGrantFilter(this.clientRegistrationRepository,
+				this.authorizedClientRepository, null)).isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
@@ -133,8 +142,7 @@ public class OAuth2AuthorizationCodeGrantFilterTests {
 
 	@Test
 	public void setRequestCacheWhenRequestCacheIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.filter.setRequestCache(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatThrownBy(() -> this.filter.setRequestCache(null)).isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
@@ -142,7 +150,8 @@ public class OAuth2AuthorizationCodeGrantFilterTests {
 		String requestUri = "/path";
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri);
 		request.setServletPath(requestUri);
-		// NOTE: A valid Authorization Response contains either a 'code' or 'error' parameter.
+		// NOTE: A valid Authorization Response contains either a 'code' or 'error'
+		// parameter.
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		FilterChain filterChain = mock(FilterChain.class);
 
@@ -195,7 +204,8 @@ public class OAuth2AuthorizationCodeGrantFilterTests {
 		this.filter.doFilter(authorizationResponse, response, filterChain);
 		verifyNoInteractions(filterChain);
 
-		// 2) redirect_uri with query parameters AND authorization response additional parameters
+		// 2) redirect_uri with query parameters AND authorization response additional
+		// parameters
 		Map<String, String> additionalParameters = new LinkedHashMap<>();
 		additionalParameters.put("auth-param1", "value1");
 		additionalParameters.put("auth-param2", "value2");
@@ -232,8 +242,7 @@ public class OAuth2AuthorizationCodeGrantFilterTests {
 		parametersNotMatch = new LinkedHashMap<>();
 		parametersNotMatch.put("param2", "value2");
 		parametersNotMatch.put("param1", "value1");
-		authorizationResponse = createAuthorizationResponse(
-				createAuthorizationRequest(requestUri, parametersNotMatch));
+		authorizationResponse = createAuthorizationResponse(createAuthorizationRequest(requestUri, parametersNotMatch));
 		authorizationResponse.setSession(authorizationRequest.getSession());
 		this.filter.doFilter(authorizationResponse, response, filterChain);
 		verify(filterChain, times(2)).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
@@ -241,8 +250,7 @@ public class OAuth2AuthorizationCodeGrantFilterTests {
 		// 3) Parameter missing
 		parametersNotMatch = new LinkedHashMap<>(parameters);
 		parametersNotMatch.remove("param2");
-		authorizationResponse = createAuthorizationResponse(
-				createAuthorizationRequest(requestUri, parametersNotMatch));
+		authorizationResponse = createAuthorizationResponse(createAuthorizationRequest(requestUri, parametersNotMatch));
 		authorizationResponse.setSession(authorizationRequest.getSession());
 		this.filter.doFilter(authorizationResponse, response, filterChain);
 		verify(filterChain, times(3)).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
@@ -272,7 +280,7 @@ public class OAuth2AuthorizationCodeGrantFilterTests {
 
 		OAuth2Error error = new OAuth2Error(OAuth2ErrorCodes.INVALID_GRANT);
 		when(this.authenticationManager.authenticate(any(Authentication.class)))
-			.thenThrow(new OAuth2AuthorizationException(error));
+				.thenThrow(new OAuth2AuthorizationException(error));
 
 		this.filter.doFilter(authorizationResponse, response, filterChain);
 
@@ -290,8 +298,8 @@ public class OAuth2AuthorizationCodeGrantFilterTests {
 
 		this.filter.doFilter(authorizationResponse, response, filterChain);
 
-		OAuth2AuthorizedClient authorizedClient = this.authorizedClientService.loadAuthorizedClient(
-			this.registration1.getRegistrationId(), this.principalName1);
+		OAuth2AuthorizedClient authorizedClient = this.authorizedClientService
+				.loadAuthorizedClient(this.registration1.getRegistrationId(), this.principalName1);
 		assertThat(authorizedClient).isNotNull();
 		assertThat(authorizedClient.getClientRegistration()).isEqualTo(this.registration1);
 		assertThat(authorizedClient.getPrincipalName()).isEqualTo(this.principalName1);
@@ -356,9 +364,10 @@ public class OAuth2AuthorizationCodeGrantFilterTests {
 	}
 
 	@Test
-	public void doFilterWhenAuthorizationSucceedsAndAnonymousAccessThenAuthorizedClientSavedToHttpSession() throws Exception {
-		AnonymousAuthenticationToken anonymousPrincipal =
-				new AnonymousAuthenticationToken("key-1234", "anonymousUser", AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS"));
+	public void doFilterWhenAuthorizationSucceedsAndAnonymousAccessThenAuthorizedClientSavedToHttpSession()
+			throws Exception {
+		AnonymousAuthenticationToken anonymousPrincipal = new AnonymousAuthenticationToken("key-1234", "anonymousUser",
+				AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS"));
 		SecurityContext securityContext = SecurityContextHolder.createEmptyContext();
 		securityContext.setAuthentication(anonymousPrincipal);
 		SecurityContextHolder.setContext(securityContext);
@@ -383,17 +392,18 @@ public class OAuth2AuthorizationCodeGrantFilterTests {
 		assertThat(session).isNotNull();
 
 		@SuppressWarnings("unchecked")
-		Map<String, OAuth2AuthorizedClient> authorizedClients = (Map<String, OAuth2AuthorizedClient>)
-				session.getAttribute(HttpSessionOAuth2AuthorizedClientRepository.class.getName() + ".AUTHORIZED_CLIENTS");
+		Map<String, OAuth2AuthorizedClient> authorizedClients = (Map<String, OAuth2AuthorizedClient>) session
+				.getAttribute(HttpSessionOAuth2AuthorizedClientRepository.class.getName() + ".AUTHORIZED_CLIENTS");
 		assertThat(authorizedClients).isNotEmpty();
 		assertThat(authorizedClients).hasSize(1);
 		assertThat(authorizedClients.values().iterator().next()).isSameAs(authorizedClient);
 	}
 
 	@Test
-	public void doFilterWhenAuthorizationSucceedsAndAnonymousAccessNullAuthenticationThenAuthorizedClientSavedToHttpSession() throws Exception {
+	public void doFilterWhenAuthorizationSucceedsAndAnonymousAccessNullAuthenticationThenAuthorizedClientSavedToHttpSession()
+			throws Exception {
 		SecurityContext securityContext = SecurityContextHolder.createEmptyContext();
-		SecurityContextHolder.setContext(securityContext);		// null Authentication
+		SecurityContextHolder.setContext(securityContext); // null Authentication
 
 		MockHttpServletRequest authorizationRequest = createAuthorizationRequest("/callback/client-1");
 		MockHttpServletRequest authorizationResponse = createAuthorizationResponse(authorizationRequest);
@@ -404,8 +414,8 @@ public class OAuth2AuthorizationCodeGrantFilterTests {
 
 		this.filter.doFilter(authorizationResponse, response, filterChain);
 
-		OAuth2AuthorizedClient authorizedClient = this.authorizedClientRepository.loadAuthorizedClient(
-				this.registration1.getRegistrationId(), null, authorizationResponse);
+		OAuth2AuthorizedClient authorizedClient = this.authorizedClientRepository
+				.loadAuthorizedClient(this.registration1.getRegistrationId(), null, authorizationResponse);
 		assertThat(authorizedClient).isNotNull();
 		assertThat(authorizedClient.getClientRegistration()).isEqualTo(this.registration1);
 		assertThat(authorizedClient.getPrincipalName()).isEqualTo("anonymousUser");
@@ -415,8 +425,8 @@ public class OAuth2AuthorizationCodeGrantFilterTests {
 		assertThat(session).isNotNull();
 
 		@SuppressWarnings("unchecked")
-		Map<String, OAuth2AuthorizedClient> authorizedClients = (Map<String, OAuth2AuthorizedClient>)
-				session.getAttribute(HttpSessionOAuth2AuthorizedClientRepository.class.getName() + ".AUTHORIZED_CLIENTS");
+		Map<String, OAuth2AuthorizedClient> authorizedClients = (Map<String, OAuth2AuthorizedClient>) session
+				.getAttribute(HttpSessionOAuth2AuthorizedClientRepository.class.getName() + ".AUTHORIZED_CLIENTS");
 		assertThat(authorizedClients).isNotEmpty();
 		assertThat(authorizedClients).hasSize(1);
 		assertThat(authorizedClients.values().iterator().next()).isSameAs(authorizedClient);
@@ -426,15 +436,14 @@ public class OAuth2AuthorizationCodeGrantFilterTests {
 		return createAuthorizationRequest(requestUri, new LinkedHashMap<>());
 	}
 
-	private static MockHttpServletRequest createAuthorizationRequest(String requestUri, Map<String, String> parameters) {
+	private static MockHttpServletRequest createAuthorizationRequest(String requestUri,
+			Map<String, String> parameters) {
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri);
 		request.setServletPath(requestUri);
 		if (!CollectionUtils.isEmpty(parameters)) {
 			parameters.forEach(request::addParameter);
-			request.setQueryString(
-					parameters.entrySet().stream()
-							.map(e -> e.getKey() + "=" + e.getValue())
-							.collect(Collectors.joining("&")));
+			request.setQueryString(parameters.entrySet().stream().map(e -> e.getKey() + "=" + e.getValue())
+					.collect(Collectors.joining("&")));
 		}
 		return request;
 	}
@@ -443,36 +452,34 @@ public class OAuth2AuthorizationCodeGrantFilterTests {
 		return createAuthorizationResponse(authorizationRequest, new LinkedHashMap<>());
 	}
 
-	private static MockHttpServletRequest createAuthorizationResponse(
-			MockHttpServletRequest authorizationRequest, Map<String, String> additionalParameters) {
-		MockHttpServletRequest authorizationResponse = new MockHttpServletRequest(
-				authorizationRequest.getMethod(), authorizationRequest.getRequestURI());
+	private static MockHttpServletRequest createAuthorizationResponse(MockHttpServletRequest authorizationRequest,
+			Map<String, String> additionalParameters) {
+		MockHttpServletRequest authorizationResponse = new MockHttpServletRequest(authorizationRequest.getMethod(),
+				authorizationRequest.getRequestURI());
 		authorizationResponse.setServletPath(authorizationRequest.getRequestURI());
 		authorizationRequest.getParameterMap().forEach(authorizationResponse::addParameter);
 		authorizationResponse.addParameter(OAuth2ParameterNames.CODE, "code");
 		authorizationResponse.addParameter(OAuth2ParameterNames.STATE, "state");
 		additionalParameters.forEach(authorizationResponse::addParameter);
-		authorizationResponse.setQueryString(
-				authorizationResponse.getParameterMap().entrySet().stream()
-						.map(e -> e.getKey() + "=" + e.getValue()[0])
-						.collect(Collectors.joining("&")));
+		authorizationResponse.setQueryString(authorizationResponse.getParameterMap().entrySet().stream()
+				.map(e -> e.getKey() + "=" + e.getValue()[0]).collect(Collectors.joining("&")));
 		authorizationResponse.setSession(authorizationRequest.getSession());
 		return authorizationResponse;
 	}
 
 	private void setUpAuthorizationRequest(HttpServletRequest request, HttpServletResponse response,
-											ClientRegistration registration) {
+			ClientRegistration registration) {
 		Map<String, Object> attributes = new HashMap<>();
 		attributes.put(OAuth2ParameterNames.REGISTRATION_ID, registration.getRegistrationId());
-		OAuth2AuthorizationRequest authorizationRequest = request()
-				.attributes(attributes)
+		OAuth2AuthorizationRequest authorizationRequest = request().attributes(attributes)
 				.redirectUri(UrlUtils.buildFullRequestUrl(request)).build();
 		this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, request, response);
 	}
 
 	private void setUpAuthenticationResult(ClientRegistration registration) {
-		OAuth2AuthorizationCodeAuthenticationToken authentication =
-				new OAuth2AuthorizationCodeAuthenticationToken(registration, success(), noScopes(), refreshToken());
+		OAuth2AuthorizationCodeAuthenticationToken authentication = new OAuth2AuthorizationCodeAuthenticationToken(
+				registration, success(), noScopes(), refreshToken());
 		when(this.authenticationManager.authenticate(any(Authentication.class))).thenReturn(authentication);
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilterTests.java
index 7cc320e770..3208657a9c 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilterTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilterTests.java
@@ -51,24 +51,28 @@ import static org.mockito.Mockito.*;
  * @author Joe Grandja
  */
 public class OAuth2AuthorizationRequestRedirectFilterTests {
+
 	private ClientRegistration registration1;
+
 	private ClientRegistration registration2;
+
 	private ClientRegistration registration3;
+
 	private ClientRegistrationRepository clientRegistrationRepository;
+
 	private OAuth2AuthorizationRequestRedirectFilter filter;
+
 	private RequestCache requestCache;
 
 	@Before
 	public void setUp() {
 		this.registration1 = TestClientRegistrations.clientRegistration().build();
 		this.registration2 = TestClientRegistrations.clientRegistration2().build();
-		this.registration3 = TestClientRegistrations.clientRegistration()
-			.registrationId("registration-3")
-			.authorizationGrantType(AuthorizationGrantType.IMPLICIT)
-			.redirectUri("{baseUrl}/authorize/oauth2/implicit/{registrationId}")
-			.build();
-		this.clientRegistrationRepository = new InMemoryClientRegistrationRepository(
-			this.registration1, this.registration2, this.registration3);
+		this.registration3 = TestClientRegistrations.clientRegistration().registrationId("registration-3")
+				.authorizationGrantType(AuthorizationGrantType.IMPLICIT)
+				.redirectUri("{baseUrl}/authorize/oauth2/implicit/{registrationId}").build();
+		this.clientRegistrationRepository = new InMemoryClientRegistrationRepository(this.registration1,
+				this.registration2, this.registration3);
 		this.filter = new OAuth2AuthorizationRequestRedirectFilter(this.clientRegistrationRepository);
 		this.requestCache = mock(RequestCache.class);
 		this.filter.setRequestCache(this.requestCache);
@@ -78,8 +82,7 @@ public class OAuth2AuthorizationRequestRedirectFilterTests {
 	public void constructorWhenClientRegistrationRepositoryIsNullThenThrowIllegalArgumentException() {
 		Constructor<OAuth2AuthorizationRequestRedirectFilter> constructor = ClassUtils.getConstructorIfAvailable(
 				OAuth2AuthorizationRequestRedirectFilter.class, ClientRegistrationRepository.class);
-		assertThatThrownBy(() -> constructor.newInstance(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatThrownBy(() -> constructor.newInstance(null)).isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
@@ -92,8 +95,7 @@ public class OAuth2AuthorizationRequestRedirectFilterTests {
 	public void constructorWhenAuthorizationRequestResolverIsNullThenThrowIllegalArgumentException() {
 		Constructor<OAuth2AuthorizationRequestRedirectFilter> constructor = ClassUtils.getConstructorIfAvailable(
 				OAuth2AuthorizationRequestRedirectFilter.class, OAuth2AuthorizationRequestResolver.class);
-		assertThatThrownBy(() -> constructor.newInstance(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatThrownBy(() -> constructor.newInstance(null)).isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
@@ -104,8 +106,7 @@ public class OAuth2AuthorizationRequestRedirectFilterTests {
 
 	@Test
 	public void setRequestCacheWhenRequestCacheIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.filter.setRequestCache(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatThrownBy(() -> this.filter.setRequestCache(null)).isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
@@ -123,8 +124,8 @@ public class OAuth2AuthorizationRequestRedirectFilterTests {
 
 	@Test
 	public void doFilterWhenAuthorizationRequestWithInvalidClientThenStatusInternalServerError() throws Exception {
-		String requestUri = OAuth2AuthorizationRequestRedirectFilter.DEFAULT_AUTHORIZATION_REQUEST_BASE_URI +
-			"/" + this.registration1.getRegistrationId() + "-invalid";
+		String requestUri = OAuth2AuthorizationRequestRedirectFilter.DEFAULT_AUTHORIZATION_REQUEST_BASE_URI + "/"
+				+ this.registration1.getRegistrationId() + "-invalid";
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri);
 		request.setServletPath(requestUri);
 		MockHttpServletResponse response = new MockHttpServletResponse();
@@ -140,8 +141,8 @@ public class OAuth2AuthorizationRequestRedirectFilterTests {
 
 	@Test
 	public void doFilterWhenAuthorizationRequestOAuth2LoginThenRedirectForAuthorization() throws Exception {
-		String requestUri = OAuth2AuthorizationRequestRedirectFilter.DEFAULT_AUTHORIZATION_REQUEST_BASE_URI +
-			"/" + this.registration1.getRegistrationId();
+		String requestUri = OAuth2AuthorizationRequestRedirectFilter.DEFAULT_AUTHORIZATION_REQUEST_BASE_URI + "/"
+				+ this.registration1.getRegistrationId();
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri);
 		request.setServletPath(requestUri);
 		MockHttpServletResponse response = new MockHttpServletResponse();
@@ -151,36 +152,35 @@ public class OAuth2AuthorizationRequestRedirectFilterTests {
 
 		verifyZeroInteractions(filterChain);
 
-		assertThat(response.getRedirectedUrl()).matches("https://example.com/login/oauth/authorize\\?" +
-				"response_type=code&client_id=client-id&" +
-				"scope=read:user&state=.{15,}&" +
-				"redirect_uri=http://localhost/login/oauth2/code/registration-id");
+		assertThat(response.getRedirectedUrl()).matches("https://example.com/login/oauth/authorize\\?"
+				+ "response_type=code&client_id=client-id&" + "scope=read:user&state=.{15,}&"
+				+ "redirect_uri=http://localhost/login/oauth2/code/registration-id");
 	}
 
 	@Test
 	public void doFilterWhenAuthorizationRequestOAuth2LoginThenAuthorizationRequestSaved() throws Exception {
-		String requestUri = OAuth2AuthorizationRequestRedirectFilter.DEFAULT_AUTHORIZATION_REQUEST_BASE_URI +
-			"/" + this.registration2.getRegistrationId();
+		String requestUri = OAuth2AuthorizationRequestRedirectFilter.DEFAULT_AUTHORIZATION_REQUEST_BASE_URI + "/"
+				+ this.registration2.getRegistrationId();
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri);
 		request.setServletPath(requestUri);
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		FilterChain filterChain = mock(FilterChain.class);
 
-		AuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository =
-				mock(AuthorizationRequestRepository.class);
+		AuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository = mock(
+				AuthorizationRequestRepository.class);
 		this.filter.setAuthorizationRequestRepository(authorizationRequestRepository);
 
 		this.filter.doFilter(request, response, filterChain);
 
 		verifyZeroInteractions(filterChain);
-		verify(authorizationRequestRepository).saveAuthorizationRequest(
-			any(OAuth2AuthorizationRequest.class), any(HttpServletRequest.class), any(HttpServletResponse.class));
+		verify(authorizationRequestRepository).saveAuthorizationRequest(any(OAuth2AuthorizationRequest.class),
+				any(HttpServletRequest.class), any(HttpServletResponse.class));
 	}
 
 	@Test
 	public void doFilterWhenAuthorizationRequestImplicitGrantThenRedirectForAuthorization() throws Exception {
-		String requestUri = OAuth2AuthorizationRequestRedirectFilter.DEFAULT_AUTHORIZATION_REQUEST_BASE_URI +
-			"/" + this.registration3.getRegistrationId();
+		String requestUri = OAuth2AuthorizationRequestRedirectFilter.DEFAULT_AUTHORIZATION_REQUEST_BASE_URI + "/"
+				+ this.registration3.getRegistrationId();
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri);
 		request.setServletPath(requestUri);
 		MockHttpServletResponse response = new MockHttpServletResponse();
@@ -190,36 +190,36 @@ public class OAuth2AuthorizationRequestRedirectFilterTests {
 
 		verifyZeroInteractions(filterChain);
 
-		assertThat(response.getRedirectedUrl()).matches("https://example.com/login/oauth/authorize\\?" +
-				"response_type=token&client_id=client-id&" +
-				"scope=read:user&state=.{15,}&" +
-				"redirect_uri=http://localhost/authorize/oauth2/implicit/registration-3");
+		assertThat(response.getRedirectedUrl()).matches("https://example.com/login/oauth/authorize\\?"
+				+ "response_type=token&client_id=client-id&" + "scope=read:user&state=.{15,}&"
+				+ "redirect_uri=http://localhost/authorize/oauth2/implicit/registration-3");
 	}
 
 	@Test
 	public void doFilterWhenAuthorizationRequestImplicitGrantThenAuthorizationRequestNotSaved() throws Exception {
-		String requestUri = OAuth2AuthorizationRequestRedirectFilter.DEFAULT_AUTHORIZATION_REQUEST_BASE_URI +
-			"/" + this.registration3.getRegistrationId();
+		String requestUri = OAuth2AuthorizationRequestRedirectFilter.DEFAULT_AUTHORIZATION_REQUEST_BASE_URI + "/"
+				+ this.registration3.getRegistrationId();
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri);
 		request.setServletPath(requestUri);
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		FilterChain filterChain = mock(FilterChain.class);
 
-		AuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository =
-				mock(AuthorizationRequestRepository.class);
+		AuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository = mock(
+				AuthorizationRequestRepository.class);
 		this.filter.setAuthorizationRequestRepository(authorizationRequestRepository);
 
 		this.filter.doFilter(request, response, filterChain);
 
 		verifyZeroInteractions(filterChain);
-		verify(authorizationRequestRepository, times(0)).saveAuthorizationRequest(
-				any(OAuth2AuthorizationRequest.class), any(HttpServletRequest.class), any(HttpServletResponse.class));
+		verify(authorizationRequestRepository, times(0)).saveAuthorizationRequest(any(OAuth2AuthorizationRequest.class),
+				any(HttpServletRequest.class), any(HttpServletResponse.class));
 	}
 
 	@Test
 	public void doFilterWhenCustomAuthorizationRequestBaseUriThenRedirectForAuthorization() throws Exception {
 		String authorizationRequestBaseUri = "/custom/authorization";
-		this.filter = new OAuth2AuthorizationRequestRedirectFilter(this.clientRegistrationRepository, authorizationRequestBaseUri);
+		this.filter = new OAuth2AuthorizationRequestRedirectFilter(this.clientRegistrationRepository,
+				authorizationRequestBaseUri);
 
 		String requestUri = authorizationRequestBaseUri + "/" + this.registration1.getRegistrationId();
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri);
@@ -231,44 +231,44 @@ public class OAuth2AuthorizationRequestRedirectFilterTests {
 
 		verifyZeroInteractions(filterChain);
 
-		assertThat(response.getRedirectedUrl()).matches("https://example.com/login/oauth/authorize\\?" +
-				"response_type=code&client_id=client-id&" +
-				"scope=read:user&state=.{15,}&" +
-				"redirect_uri=http://localhost/login/oauth2/code/registration-id");
+		assertThat(response.getRedirectedUrl()).matches("https://example.com/login/oauth/authorize\\?"
+				+ "response_type=code&client_id=client-id&" + "scope=read:user&state=.{15,}&"
+				+ "redirect_uri=http://localhost/login/oauth2/code/registration-id");
 	}
 
 	@Test
-	public void doFilterWhenNotAuthorizationRequestAndClientAuthorizationRequiredExceptionThrownThenRedirectForAuthorization() throws Exception {
+	public void doFilterWhenNotAuthorizationRequestAndClientAuthorizationRequiredExceptionThrownThenRedirectForAuthorization()
+			throws Exception {
 		String requestUri = "/path";
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri);
 		request.setServletPath(requestUri);
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		FilterChain filterChain = mock(FilterChain.class);
 
-		doThrow(new ClientAuthorizationRequiredException(this.registration1.getRegistrationId()))
-			.when(filterChain).doFilter(any(ServletRequest.class), any(ServletResponse.class));
+		doThrow(new ClientAuthorizationRequiredException(this.registration1.getRegistrationId())).when(filterChain)
+				.doFilter(any(ServletRequest.class), any(ServletResponse.class));
 
 		this.filter.doFilter(request, response, filterChain);
 
 		verify(filterChain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
 
-		assertThat(response.getRedirectedUrl()).matches("https://example.com/login/oauth/authorize\\?" +
-				"response_type=code&client_id=client-id&" +
-				"scope=read:user&state=.{15,}&" +
-				"redirect_uri=http://localhost/authorize/oauth2/code/registration-id");
+		assertThat(response.getRedirectedUrl()).matches("https://example.com/login/oauth/authorize\\?"
+				+ "response_type=code&client_id=client-id&" + "scope=read:user&state=.{15,}&"
+				+ "redirect_uri=http://localhost/authorize/oauth2/code/registration-id");
 		verify(this.requestCache).saveRequest(any(HttpServletRequest.class), any(HttpServletResponse.class));
 	}
 
 	@Test
-	public void doFilterWhenNotAuthorizationRequestAndClientAuthorizationRequiredExceptionThrownButAuthorizationRequestNotResolvedThenStatusInternalServerError() throws Exception {
+	public void doFilterWhenNotAuthorizationRequestAndClientAuthorizationRequiredExceptionThrownButAuthorizationRequestNotResolvedThenStatusInternalServerError()
+			throws Exception {
 		String requestUri = "/path";
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri);
 		request.setServletPath(requestUri);
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		FilterChain filterChain = mock(FilterChain.class);
 
-		doThrow(new ClientAuthorizationRequiredException(this.registration1.getRegistrationId()))
-				.when(filterChain).doFilter(any(ServletRequest.class), any(ServletResponse.class));
+		doThrow(new ClientAuthorizationRequiredException(this.registration1.getRegistrationId())).when(filterChain)
+				.doFilter(any(ServletRequest.class), any(ServletResponse.class));
 
 		OAuth2AuthorizationRequestResolver resolver = mock(OAuth2AuthorizationRequestResolver.class);
 		OAuth2AuthorizationRequestRedirectFilter filter = new OAuth2AuthorizationRequestRedirectFilter(resolver);
@@ -285,9 +285,10 @@ public class OAuth2AuthorizationRequestRedirectFilterTests {
 
 	// gh-4911
 	@Test
-	public void doFilterWhenAuthorizationRequestAndAdditionalParametersProvidedThenAuthorizationRequestIncludesAdditionalParameters() throws Exception {
-		String requestUri = OAuth2AuthorizationRequestRedirectFilter.DEFAULT_AUTHORIZATION_REQUEST_BASE_URI +
-				"/" + this.registration1.getRegistrationId();
+	public void doFilterWhenAuthorizationRequestAndAdditionalParametersProvidedThenAuthorizationRequestIncludesAdditionalParameters()
+			throws Exception {
+		String requestUri = OAuth2AuthorizationRequestRedirectFilter.DEFAULT_AUTHORIZATION_REQUEST_BASE_URI + "/"
+				+ this.registration1.getRegistrationId();
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri);
 		request.setServletPath(requestUri);
 		request.addParameter("idp", "https://other.provider.com");
@@ -295,14 +296,13 @@ public class OAuth2AuthorizationRequestRedirectFilterTests {
 		FilterChain filterChain = mock(FilterChain.class);
 
 		OAuth2AuthorizationRequestResolver defaultAuthorizationRequestResolver = new DefaultOAuth2AuthorizationRequestResolver(
-				this.clientRegistrationRepository, OAuth2AuthorizationRequestRedirectFilter.DEFAULT_AUTHORIZATION_REQUEST_BASE_URI);
+				this.clientRegistrationRepository,
+				OAuth2AuthorizationRequestRedirectFilter.DEFAULT_AUTHORIZATION_REQUEST_BASE_URI);
 
 		OAuth2AuthorizationRequestResolver resolver = mock(OAuth2AuthorizationRequestResolver.class);
 		OAuth2AuthorizationRequest result = OAuth2AuthorizationRequest
 				.from(defaultAuthorizationRequestResolver.resolve(request))
-				.additionalParameters(
-						Collections.singletonMap("idp", request.getParameter("idp")))
-				.build();
+				.additionalParameters(Collections.singletonMap("idp", request.getParameter("idp"))).build();
 		when(resolver.resolve(any())).thenReturn(result);
 		OAuth2AuthorizationRequestRedirectFilter filter = new OAuth2AuthorizationRequestRedirectFilter(resolver);
 
@@ -310,18 +310,18 @@ public class OAuth2AuthorizationRequestRedirectFilterTests {
 
 		verifyZeroInteractions(filterChain);
 
-		assertThat(response.getRedirectedUrl()).matches("https://example.com/login/oauth/authorize\\?" +
-				"response_type=code&client_id=client-id&" +
-				"scope=read:user&state=.{15,}&" +
-				"redirect_uri=http://localhost/login/oauth2/code/registration-id&" +
-				"idp=https://other.provider.com");
+		assertThat(response.getRedirectedUrl()).matches("https://example.com/login/oauth/authorize\\?"
+				+ "response_type=code&client_id=client-id&" + "scope=read:user&state=.{15,}&"
+				+ "redirect_uri=http://localhost/login/oauth2/code/registration-id&"
+				+ "idp=https://other.provider.com");
 	}
 
 	// gh-4911, gh-5244
 	@Test
-	public void doFilterWhenAuthorizationRequestAndCustomAuthorizationRequestUriSetThenCustomAuthorizationRequestUriUsed() throws Exception {
-		String requestUri = OAuth2AuthorizationRequestRedirectFilter.DEFAULT_AUTHORIZATION_REQUEST_BASE_URI +
-				"/" + this.registration1.getRegistrationId();
+	public void doFilterWhenAuthorizationRequestAndCustomAuthorizationRequestUriSetThenCustomAuthorizationRequestUriUsed()
+			throws Exception {
+		String requestUri = OAuth2AuthorizationRequestRedirectFilter.DEFAULT_AUTHORIZATION_REQUEST_BASE_URI + "/"
+				+ this.registration1.getRegistrationId();
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri);
 		request.setServletPath(requestUri);
 		String loginHintParamName = "login_hint";
@@ -330,7 +330,8 @@ public class OAuth2AuthorizationRequestRedirectFilterTests {
 		FilterChain filterChain = mock(FilterChain.class);
 
 		OAuth2AuthorizationRequestResolver defaultAuthorizationRequestResolver = new DefaultOAuth2AuthorizationRequestResolver(
-				this.clientRegistrationRepository, OAuth2AuthorizationRequestRedirectFilter.DEFAULT_AUTHORIZATION_REQUEST_BASE_URI);
+				this.clientRegistrationRepository,
+				OAuth2AuthorizationRequestRedirectFilter.DEFAULT_AUTHORIZATION_REQUEST_BASE_URI);
 
 		OAuth2AuthorizationRequestResolver resolver = mock(OAuth2AuthorizationRequestResolver.class);
 
@@ -339,14 +340,11 @@ public class OAuth2AuthorizationRequestRedirectFilterTests {
 		additionalParameters.put(loginHintParamName, request.getParameter(loginHintParamName));
 		String customAuthorizationRequestUri = UriComponentsBuilder
 				.fromUriString(defaultAuthorizationRequest.getAuthorizationRequestUri())
-				.queryParam(loginHintParamName, additionalParameters.get(loginHintParamName))
-				.build(true).toUriString();
+				.queryParam(loginHintParamName, additionalParameters.get(loginHintParamName)).build(true).toUriString();
 		OAuth2AuthorizationRequest result = OAuth2AuthorizationRequest
 				.from(defaultAuthorizationRequestResolver.resolve(request))
-				.additionalParameters(
-						Collections.singletonMap("idp", request.getParameter("idp")))
-				.authorizationRequestUri(customAuthorizationRequestUri)
-				.build();
+				.additionalParameters(Collections.singletonMap("idp", request.getParameter("idp")))
+				.authorizationRequestUri(customAuthorizationRequestUri).build();
 		when(resolver.resolve(any())).thenReturn(result);
 
 		OAuth2AuthorizationRequestRedirectFilter filter = new OAuth2AuthorizationRequestRedirectFilter(resolver);
@@ -355,10 +353,10 @@ public class OAuth2AuthorizationRequestRedirectFilterTests {
 
 		verifyZeroInteractions(filterChain);
 
-		assertThat(response.getRedirectedUrl()).matches("https://example.com/login/oauth/authorize\\?" +
-				"response_type=code&client_id=client-id&" +
-				"scope=read:user&state=.{15,}&" +
-				"redirect_uri=http://localhost/login/oauth2/code/registration-id&" +
-				"login_hint=user@provider\\.com");
+		assertThat(response.getRedirectedUrl()).matches("https://example.com/login/oauth/authorize\\?"
+				+ "response_type=code&client_id=client-id&" + "scope=read:user&state=.{15,}&"
+				+ "redirect_uri=http://localhost/login/oauth2/code/registration-id&"
+				+ "login_hint=user@provider\\.com");
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilterTests.java
index 07f8ebed92..00e584296f 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilterTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilterTests.java
@@ -72,27 +72,40 @@ import static org.springframework.security.oauth2.core.endpoint.TestOAuth2Author
  * @author Joe Grandja
  */
 public class OAuth2LoginAuthenticationFilterTests {
+
 	private ClientRegistration registration1;
+
 	private ClientRegistration registration2;
+
 	private String principalName1 = "principal-1";
+
 	private ClientRegistrationRepository clientRegistrationRepository;
+
 	private OAuth2AuthorizedClientRepository authorizedClientRepository;
+
 	private OAuth2AuthorizedClientService authorizedClientService;
+
 	private AuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository;
+
 	private AuthenticationFailureHandler failureHandler;
+
 	private AuthenticationManager authenticationManager;
+
 	private AuthenticationDetailsSource authenticationDetailsSource;
+
 	private OAuth2LoginAuthenticationToken loginAuthentication;
+
 	private OAuth2LoginAuthenticationFilter filter;
 
 	@Before
 	public void setUp() {
 		this.registration1 = TestClientRegistrations.clientRegistration().build();
 		this.registration2 = TestClientRegistrations.clientRegistration2().build();
-		this.clientRegistrationRepository = new InMemoryClientRegistrationRepository(
-			this.registration1, this.registration2);
+		this.clientRegistrationRepository = new InMemoryClientRegistrationRepository(this.registration1,
+				this.registration2);
 		this.authorizedClientService = new InMemoryOAuth2AuthorizedClientService(this.clientRegistrationRepository);
-		this.authorizedClientRepository = new AuthenticatedPrincipalOAuth2AuthorizedClientRepository(this.authorizedClientService);
+		this.authorizedClientRepository = new AuthenticatedPrincipalOAuth2AuthorizedClientRepository(
+				this.authorizedClientService);
 		this.authorizationRequestRepository = new HttpSessionOAuth2AuthorizationRequestRepository();
 		this.failureHandler = mock(AuthenticationFailureHandler.class);
 		this.authenticationManager = mock(AuthenticationManager.class);
@@ -121,13 +134,13 @@ public class OAuth2LoginAuthenticationFilterTests {
 	public void constructorWhenAuthorizedClientRepositoryIsNullThenThrowIllegalArgumentException() {
 		assertThatThrownBy(() -> new OAuth2LoginAuthenticationFilter(this.clientRegistrationRepository,
 				(OAuth2AuthorizedClientRepository) null, OAuth2LoginAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI))
-				.isInstanceOf(IllegalArgumentException.class);
+						.isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
 	public void constructorWhenFilterProcessesUrlIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> new OAuth2LoginAuthenticationFilter(this.clientRegistrationRepository, this.authorizedClientRepository, null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatThrownBy(() -> new OAuth2LoginAuthenticationFilter(this.clientRegistrationRepository,
+				this.authorizedClientRepository, null)).isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
@@ -147,7 +160,8 @@ public class OAuth2LoginAuthenticationFilterTests {
 		this.filter.doFilter(request, response, filterChain);
 
 		verify(filterChain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
-		verify(this.filter, never()).attemptAuthentication(any(HttpServletRequest.class), any(HttpServletResponse.class));
+		verify(this.filter, never()).attemptAuthentication(any(HttpServletRequest.class),
+				any(HttpServletResponse.class));
 	}
 
 	@Test
@@ -164,17 +178,20 @@ public class OAuth2LoginAuthenticationFilterTests {
 
 		this.filter.doFilter(request, response, filterChain);
 
-		ArgumentCaptor<AuthenticationException> authenticationExceptionArgCaptor = ArgumentCaptor.forClass(AuthenticationException.class);
-		verify(this.failureHandler).onAuthenticationFailure(any(HttpServletRequest.class), any(HttpServletResponse.class),
-			authenticationExceptionArgCaptor.capture());
+		ArgumentCaptor<AuthenticationException> authenticationExceptionArgCaptor = ArgumentCaptor
+				.forClass(AuthenticationException.class);
+		verify(this.failureHandler).onAuthenticationFailure(any(HttpServletRequest.class),
+				any(HttpServletResponse.class), authenticationExceptionArgCaptor.capture());
 
 		assertThat(authenticationExceptionArgCaptor.getValue()).isInstanceOf(OAuth2AuthenticationException.class);
-		OAuth2AuthenticationException authenticationException = (OAuth2AuthenticationException) authenticationExceptionArgCaptor.getValue();
+		OAuth2AuthenticationException authenticationException = (OAuth2AuthenticationException) authenticationExceptionArgCaptor
+				.getValue();
 		assertThat(authenticationException.getError().getErrorCode()).isEqualTo(OAuth2ErrorCodes.INVALID_REQUEST);
 	}
 
 	@Test
-	public void doFilterWhenAuthorizationResponseAuthorizationRequestNotFoundThenAuthorizationRequestNotFoundError() throws Exception {
+	public void doFilterWhenAuthorizationResponseAuthorizationRequestNotFoundThenAuthorizationRequestNotFoundError()
+			throws Exception {
 		String requestUri = "/login/oauth2/code/" + this.registration2.getRegistrationId();
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri);
 		request.setServletPath(requestUri);
@@ -186,18 +203,21 @@ public class OAuth2LoginAuthenticationFilterTests {
 
 		this.filter.doFilter(request, response, filterChain);
 
-		ArgumentCaptor<AuthenticationException> authenticationExceptionArgCaptor = ArgumentCaptor.forClass(AuthenticationException.class);
-		verify(this.failureHandler).onAuthenticationFailure(any(HttpServletRequest.class), any(HttpServletResponse.class),
-			authenticationExceptionArgCaptor.capture());
+		ArgumentCaptor<AuthenticationException> authenticationExceptionArgCaptor = ArgumentCaptor
+				.forClass(AuthenticationException.class);
+		verify(this.failureHandler).onAuthenticationFailure(any(HttpServletRequest.class),
+				any(HttpServletResponse.class), authenticationExceptionArgCaptor.capture());
 
 		assertThat(authenticationExceptionArgCaptor.getValue()).isInstanceOf(OAuth2AuthenticationException.class);
-		OAuth2AuthenticationException authenticationException = (OAuth2AuthenticationException) authenticationExceptionArgCaptor.getValue();
+		OAuth2AuthenticationException authenticationException = (OAuth2AuthenticationException) authenticationExceptionArgCaptor
+				.getValue();
 		assertThat(authenticationException.getError().getErrorCode()).isEqualTo("authorization_request_not_found");
 	}
 
 	// gh-5251
 	@Test
-	public void doFilterWhenAuthorizationResponseClientRegistrationNotFoundThenClientRegistrationNotFoundError() throws Exception {
+	public void doFilterWhenAuthorizationResponseClientRegistrationNotFoundThenClientRegistrationNotFoundError()
+			throws Exception {
 		String requestUri = "/login/oauth2/code/" + this.registration2.getRegistrationId();
 		String state = "state";
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri);
@@ -209,28 +229,25 @@ public class OAuth2LoginAuthenticationFilterTests {
 		FilterChain filterChain = mock(FilterChain.class);
 
 		ClientRegistration registrationNotFound = ClientRegistration.withRegistrationId("registration-not-found")
-				.clientId("client-1")
-				.clientSecret("secret")
+				.clientId("client-1").clientSecret("secret")
 				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
 				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
-				.redirectUri("{baseUrl}/login/oauth2/code/{registrationId}")
-				.scope("user")
-				.authorizationUri("https://provider.com/oauth2/authorize")
-				.tokenUri("https://provider.com/oauth2/token")
-				.userInfoUri("https://provider.com/oauth2/user")
-				.userNameAttributeName("id")
-				.clientName("client-1")
+				.redirectUri("{baseUrl}/login/oauth2/code/{registrationId}").scope("user")
+				.authorizationUri("https://provider.com/oauth2/authorize").tokenUri("https://provider.com/oauth2/token")
+				.userInfoUri("https://provider.com/oauth2/user").userNameAttributeName("id").clientName("client-1")
 				.build();
 		this.setUpAuthorizationRequest(request, response, registrationNotFound, state);
 
 		this.filter.doFilter(request, response, filterChain);
 
-		ArgumentCaptor<AuthenticationException> authenticationExceptionArgCaptor = ArgumentCaptor.forClass(AuthenticationException.class);
-		verify(this.failureHandler).onAuthenticationFailure(any(HttpServletRequest.class), any(HttpServletResponse.class),
-				authenticationExceptionArgCaptor.capture());
+		ArgumentCaptor<AuthenticationException> authenticationExceptionArgCaptor = ArgumentCaptor
+				.forClass(AuthenticationException.class);
+		verify(this.failureHandler).onAuthenticationFailure(any(HttpServletRequest.class),
+				any(HttpServletResponse.class), authenticationExceptionArgCaptor.capture());
 
 		assertThat(authenticationExceptionArgCaptor.getValue()).isInstanceOf(OAuth2AuthenticationException.class);
-		OAuth2AuthenticationException authenticationException = (OAuth2AuthenticationException) authenticationExceptionArgCaptor.getValue();
+		OAuth2AuthenticationException authenticationException = (OAuth2AuthenticationException) authenticationExceptionArgCaptor
+				.getValue();
 		assertThat(authenticationException.getError().getErrorCode()).isEqualTo("client_registration_not_found");
 	}
 
@@ -271,8 +288,8 @@ public class OAuth2LoginAuthenticationFilterTests {
 
 		this.filter.doFilter(request, response, filterChain);
 
-		OAuth2AuthorizedClient authorizedClient = this.authorizedClientRepository.loadAuthorizedClient(
-			this.registration1.getRegistrationId(), this.loginAuthentication, request);
+		OAuth2AuthorizedClient authorizedClient = this.authorizedClientRepository
+				.loadAuthorizedClient(this.registration1.getRegistrationId(), this.loginAuthentication, request);
 		assertThat(authorizedClient).isNotNull();
 		assertThat(authorizedClient.getClientRegistration()).isEqualTo(this.registration1);
 		assertThat(authorizedClient.getPrincipalName()).isEqualTo(this.principalName1);
@@ -283,8 +300,8 @@ public class OAuth2LoginAuthenticationFilterTests {
 	@Test
 	public void doFilterWhenCustomFilterProcessesUrlThenFilterProcesses() throws Exception {
 		String filterProcessesUrl = "/login/oauth2/custom/*";
-		this.filter = spy(new OAuth2LoginAuthenticationFilter(
-			this.clientRegistrationRepository, this.authorizedClientRepository, filterProcessesUrl));
+		this.filter = spy(new OAuth2LoginAuthenticationFilter(this.clientRegistrationRepository,
+				this.authorizedClientRepository, filterProcessesUrl));
 		this.filter.setAuthenticationManager(this.authenticationManager);
 
 		String requestUri = "/login/oauth2/custom/" + this.registration2.getRegistrationId();
@@ -308,7 +325,8 @@ public class OAuth2LoginAuthenticationFilterTests {
 
 	// gh-5890
 	@Test
-	public void doFilterWhenAuthorizationResponseHasDefaultPort80ThenRedirectUriMatchingExcludesPort() throws Exception {
+	public void doFilterWhenAuthorizationResponseHasDefaultPort80ThenRedirectUriMatchingExcludesPort()
+			throws Exception {
 		String requestUri = "/login/oauth2/code/" + this.registration2.getRegistrationId();
 		String state = "state";
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri);
@@ -330,9 +348,12 @@ public class OAuth2LoginAuthenticationFilterTests {
 		ArgumentCaptor<Authentication> authenticationArgCaptor = ArgumentCaptor.forClass(Authentication.class);
 		verify(this.authenticationManager).authenticate(authenticationArgCaptor.capture());
 
-		OAuth2LoginAuthenticationToken authentication = (OAuth2LoginAuthenticationToken) authenticationArgCaptor.getValue();
-		OAuth2AuthorizationRequest authorizationRequest = authentication.getAuthorizationExchange().getAuthorizationRequest();
-		OAuth2AuthorizationResponse authorizationResponse = authentication.getAuthorizationExchange().getAuthorizationResponse();
+		OAuth2LoginAuthenticationToken authentication = (OAuth2LoginAuthenticationToken) authenticationArgCaptor
+				.getValue();
+		OAuth2AuthorizationRequest authorizationRequest = authentication.getAuthorizationExchange()
+				.getAuthorizationRequest();
+		OAuth2AuthorizationResponse authorizationResponse = authentication.getAuthorizationExchange()
+				.getAuthorizationResponse();
 
 		String expectedRedirectUri = "http://localhost/login/oauth2/code/registration-id-2";
 		assertThat(authorizationRequest.getRedirectUri()).isEqualTo(expectedRedirectUri);
@@ -341,7 +362,8 @@ public class OAuth2LoginAuthenticationFilterTests {
 
 	// gh-5890
 	@Test
-	public void doFilterWhenAuthorizationResponseHasDefaultPort443ThenRedirectUriMatchingExcludesPort() throws Exception {
+	public void doFilterWhenAuthorizationResponseHasDefaultPort443ThenRedirectUriMatchingExcludesPort()
+			throws Exception {
 		String requestUri = "/login/oauth2/code/" + this.registration2.getRegistrationId();
 		String state = "state";
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri);
@@ -363,9 +385,12 @@ public class OAuth2LoginAuthenticationFilterTests {
 		ArgumentCaptor<Authentication> authenticationArgCaptor = ArgumentCaptor.forClass(Authentication.class);
 		verify(this.authenticationManager).authenticate(authenticationArgCaptor.capture());
 
-		OAuth2LoginAuthenticationToken authentication = (OAuth2LoginAuthenticationToken) authenticationArgCaptor.getValue();
-		OAuth2AuthorizationRequest authorizationRequest = authentication.getAuthorizationExchange().getAuthorizationRequest();
-		OAuth2AuthorizationResponse authorizationResponse = authentication.getAuthorizationExchange().getAuthorizationResponse();
+		OAuth2LoginAuthenticationToken authentication = (OAuth2LoginAuthenticationToken) authenticationArgCaptor
+				.getValue();
+		OAuth2AuthorizationRequest authorizationRequest = authentication.getAuthorizationExchange()
+				.getAuthorizationRequest();
+		OAuth2AuthorizationResponse authorizationResponse = authentication.getAuthorizationExchange()
+				.getAuthorizationResponse();
 
 		String expectedRedirectUri = "https://example.com/login/oauth2/code/registration-id-2";
 		assertThat(authorizationRequest.getRedirectUri()).isEqualTo(expectedRedirectUri);
@@ -374,7 +399,8 @@ public class OAuth2LoginAuthenticationFilterTests {
 
 	// gh-5890
 	@Test
-	public void doFilterWhenAuthorizationResponseHasNonDefaultPortThenRedirectUriMatchingIncludesPort() throws Exception {
+	public void doFilterWhenAuthorizationResponseHasNonDefaultPortThenRedirectUriMatchingIncludesPort()
+			throws Exception {
 		String requestUri = "/login/oauth2/code/" + this.registration2.getRegistrationId();
 		String state = "state";
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri);
@@ -396,9 +422,12 @@ public class OAuth2LoginAuthenticationFilterTests {
 		ArgumentCaptor<Authentication> authenticationArgCaptor = ArgumentCaptor.forClass(Authentication.class);
 		verify(this.authenticationManager).authenticate(authenticationArgCaptor.capture());
 
-		OAuth2LoginAuthenticationToken authentication = (OAuth2LoginAuthenticationToken) authenticationArgCaptor.getValue();
-		OAuth2AuthorizationRequest authorizationRequest = authentication.getAuthorizationExchange().getAuthorizationRequest();
-		OAuth2AuthorizationResponse authorizationResponse = authentication.getAuthorizationExchange().getAuthorizationResponse();
+		OAuth2LoginAuthenticationToken authentication = (OAuth2LoginAuthenticationToken) authenticationArgCaptor
+				.getValue();
+		OAuth2AuthorizationRequest authorizationRequest = authentication.getAuthorizationExchange()
+				.getAuthorizationRequest();
+		OAuth2AuthorizationResponse authorizationResponse = authentication.getAuthorizationExchange()
+				.getAuthorizationResponse();
 
 		String expectedRedirectUri = "https://example.com:9090/login/oauth2/code/registration-id-2";
 		assertThat(authorizationRequest.getRedirectUri()).isEqualTo(expectedRedirectUri);
@@ -429,34 +458,26 @@ public class OAuth2LoginAuthenticationFilterTests {
 	}
 
 	private void setUpAuthorizationRequest(HttpServletRequest request, HttpServletResponse response,
-											ClientRegistration registration, String state) {
+			ClientRegistration registration, String state) {
 		Map<String, Object> attributes = new HashMap<>();
 		attributes.put(OAuth2ParameterNames.REGISTRATION_ID, registration.getRegistrationId());
 		OAuth2AuthorizationRequest authorizationRequest = OAuth2AuthorizationRequest.authorizationCode()
 				.authorizationUri(registration.getProviderDetails().getAuthorizationUri())
-				.clientId(registration.getClientId())
-				.redirectUri(expandRedirectUri(request, registration))
-				.scopes(registration.getScopes())
-				.state(state)
-				.attributes(attributes)
-				.build();
+				.clientId(registration.getClientId()).redirectUri(expandRedirectUri(request, registration))
+				.scopes(registration.getScopes()).state(state).attributes(attributes).build();
 		this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, request, response);
 	}
 
 	private String expandRedirectUri(HttpServletRequest request, ClientRegistration clientRegistration) {
-		String baseUrl = UriComponentsBuilder.fromHttpUrl(UrlUtils.buildFullRequestUrl(request))
-				.replaceQuery(null)
-				.replacePath(request.getContextPath())
-				.build()
-				.toUriString();
+		String baseUrl = UriComponentsBuilder.fromHttpUrl(UrlUtils.buildFullRequestUrl(request)).replaceQuery(null)
+				.replacePath(request.getContextPath()).build().toUriString();
 
 		Map<String, String> uriVariables = new HashMap<>();
 		uriVariables.put("baseUrl", baseUrl);
 		uriVariables.put("action", "login");
 		uriVariables.put("registrationId", clientRegistration.getRegistrationId());
 
-		return UriComponentsBuilder.fromUriString(clientRegistration.getRedirectUri())
-				.buildAndExpand(uriVariables)
+		return UriComponentsBuilder.fromUriString(clientRegistration.getRedirectUri()).buildAndExpand(uriVariables)
 				.toUriString();
 	}
 
@@ -474,4 +495,5 @@ public class OAuth2LoginAuthenticationFilterTests {
 		when(this.loginAuthentication.isAuthenticated()).thenReturn(true);
 		when(this.authenticationManager.authenticate(any(Authentication.class))).thenReturn(this.loginAuthentication);
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolverTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolverTests.java
index ba563f4399..088a992959 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolverTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolverTests.java
@@ -69,17 +69,29 @@ import static org.mockito.Mockito.*;
  * @author Joe Grandja
  */
 public class OAuth2AuthorizedClientArgumentResolverTests {
+
 	private TestingAuthenticationToken authentication;
+
 	private String principalName = "principal-1";
+
 	private ClientRegistration registration1;
+
 	private ClientRegistration registration2;
+
 	private ClientRegistration registration3;
+
 	private ClientRegistrationRepository clientRegistrationRepository;
+
 	private OAuth2AuthorizedClient authorizedClient1;
+
 	private OAuth2AuthorizedClient authorizedClient2;
+
 	private OAuth2AuthorizedClientRepository authorizedClientRepository;
+
 	private OAuth2AuthorizedClientArgumentResolver argumentResolver;
+
 	private MockHttpServletRequest request;
+
 	private MockHttpServletResponse response;
 
 	@Before
@@ -89,49 +101,35 @@ public class OAuth2AuthorizedClientArgumentResolverTests {
 		securityContext.setAuthentication(this.authentication);
 		SecurityContextHolder.setContext(securityContext);
 
-		this.registration1 = ClientRegistration.withRegistrationId("client1")
-				.clientId("client-1")
-				.clientSecret("secret")
-				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
+		this.registration1 = ClientRegistration.withRegistrationId("client1").clientId("client-1")
+				.clientSecret("secret").clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
 				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
-				.redirectUri("{baseUrl}/login/oauth2/code/{registrationId}")
-				.scope("user")
-				.authorizationUri("https://provider.com/oauth2/authorize")
-				.tokenUri("https://provider.com/oauth2/token")
-				.userInfoUri("https://provider.com/oauth2/user")
-				.userNameAttributeName("id")
-				.clientName("client-1")
-				.build();
-		this.registration2 = ClientRegistration.withRegistrationId("client2")
-				.clientId("client-2")
-				.clientSecret("secret")
-				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
-				.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS)
-				.scope("read", "write")
-				.tokenUri("https://provider.com/oauth2/token")
+				.redirectUri("{baseUrl}/login/oauth2/code/{registrationId}").scope("user")
+				.authorizationUri("https://provider.com/oauth2/authorize").tokenUri("https://provider.com/oauth2/token")
+				.userInfoUri("https://provider.com/oauth2/user").userNameAttributeName("id").clientName("client-1")
 				.build();
+		this.registration2 = ClientRegistration.withRegistrationId("client2").clientId("client-2")
+				.clientSecret("secret").clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
+				.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS).scope("read", "write")
+				.tokenUri("https://provider.com/oauth2/token").build();
 		this.registration3 = TestClientRegistrations.password().registrationId("client3").build();
-		this.clientRegistrationRepository = new InMemoryClientRegistrationRepository(
-				this.registration1, this.registration2, this.registration3);
+		this.clientRegistrationRepository = new InMemoryClientRegistrationRepository(this.registration1,
+				this.registration2, this.registration3);
 		this.authorizedClientRepository = mock(OAuth2AuthorizedClientRepository.class);
-		OAuth2AuthorizedClientProvider authorizedClientProvider =
-				OAuth2AuthorizedClientProviderBuilder.builder()
-						.authorizationCode()
-						.refreshToken()
-						.clientCredentials()
-						.build();
+		OAuth2AuthorizedClientProvider authorizedClientProvider = OAuth2AuthorizedClientProviderBuilder.builder()
+				.authorizationCode().refreshToken().clientCredentials().build();
 		DefaultOAuth2AuthorizedClientManager authorizedClientManager = new DefaultOAuth2AuthorizedClientManager(
 				this.clientRegistrationRepository, this.authorizedClientRepository);
 		authorizedClientManager.setAuthorizedClientProvider(authorizedClientProvider);
 		this.argumentResolver = new OAuth2AuthorizedClientArgumentResolver(authorizedClientManager);
-		this.authorizedClient1 = new OAuth2AuthorizedClient(this.registration1, this.principalName, mock(OAuth2AccessToken.class));
-		when(this.authorizedClientRepository.loadAuthorizedClient(
-				eq(this.registration1.getRegistrationId()), any(Authentication.class), any(HttpServletRequest.class)))
-				.thenReturn(this.authorizedClient1);
-		this.authorizedClient2 = new OAuth2AuthorizedClient(this.registration2, this.principalName, mock(OAuth2AccessToken.class));
-		when(this.authorizedClientRepository.loadAuthorizedClient(
-				eq(this.registration2.getRegistrationId()), any(Authentication.class), any(HttpServletRequest.class)))
-				.thenReturn(this.authorizedClient2);
+		this.authorizedClient1 = new OAuth2AuthorizedClient(this.registration1, this.principalName,
+				mock(OAuth2AccessToken.class));
+		when(this.authorizedClientRepository.loadAuthorizedClient(eq(this.registration1.getRegistrationId()),
+				any(Authentication.class), any(HttpServletRequest.class))).thenReturn(this.authorizedClient1);
+		this.authorizedClient2 = new OAuth2AuthorizedClient(this.registration2, this.principalName,
+				mock(OAuth2AccessToken.class));
+		when(this.authorizedClientRepository.loadAuthorizedClient(eq(this.registration2.getRegistrationId()),
+				any(Authentication.class), any(HttpServletRequest.class))).thenReturn(this.authorizedClient2);
 		this.request = new MockHttpServletRequest();
 		this.response = new MockHttpServletResponse();
 	}
@@ -168,21 +166,24 @@ public class OAuth2AuthorizedClientArgumentResolverTests {
 
 	@Test
 	public void setClientCredentialsTokenResponseClientWhenNotDefaultAuthorizedClientManagerThenThrowIllegalStateException() {
-		assertThatThrownBy(() -> this.argumentResolver.setClientCredentialsTokenResponseClient(new DefaultClientCredentialsTokenResponseClient()))
-				.isInstanceOf(IllegalStateException.class)
-				.hasMessage("The client cannot be set when the constructor used is \"OAuth2AuthorizedClientArgumentResolver(OAuth2AuthorizedClientManager)\". " +
-						"Instead, use the constructor \"OAuth2AuthorizedClientArgumentResolver(ClientRegistrationRepository, OAuth2AuthorizedClientRepository)\".");
+		assertThatThrownBy(() -> this.argumentResolver
+				.setClientCredentialsTokenResponseClient(new DefaultClientCredentialsTokenResponseClient()))
+						.isInstanceOf(IllegalStateException.class).hasMessage(
+								"The client cannot be set when the constructor used is \"OAuth2AuthorizedClientArgumentResolver(OAuth2AuthorizedClientManager)\". "
+										+ "Instead, use the constructor \"OAuth2AuthorizedClientArgumentResolver(ClientRegistrationRepository, OAuth2AuthorizedClientRepository)\".");
 	}
 
 	@Test
 	public void supportsParameterWhenParameterTypeOAuth2AuthorizedClientThenTrue() {
-		MethodParameter methodParameter = this.getMethodParameter("paramTypeAuthorizedClient", OAuth2AuthorizedClient.class);
+		MethodParameter methodParameter = this.getMethodParameter("paramTypeAuthorizedClient",
+				OAuth2AuthorizedClient.class);
 		assertThat(this.argumentResolver.supportsParameter(methodParameter)).isTrue();
 	}
 
 	@Test
 	public void supportsParameterWhenParameterTypeOAuth2AuthorizedClientWithoutAnnotationThenFalse() {
-		MethodParameter methodParameter = this.getMethodParameter("paramTypeAuthorizedClientWithoutAnnotation", OAuth2AuthorizedClient.class);
+		MethodParameter methodParameter = this.getMethodParameter("paramTypeAuthorizedClientWithoutAnnotation",
+				OAuth2AuthorizedClient.class);
 		assertThat(this.argumentResolver.supportsParameter(methodParameter)).isFalse();
 	}
 
@@ -194,7 +195,8 @@ public class OAuth2AuthorizedClientArgumentResolverTests {
 
 	@Test
 	public void supportsParameterWhenParameterTypeUnsupportedWithoutAnnotationThenFalse() {
-		MethodParameter methodParameter = this.getMethodParameter("paramTypeUnsupportedWithoutAnnotation", String.class);
+		MethodParameter methodParameter = this.getMethodParameter("paramTypeUnsupportedWithoutAnnotation",
+				String.class);
 		assertThat(this.argumentResolver.supportsParameter(methodParameter)).isFalse();
 	}
 
@@ -202,8 +204,8 @@ public class OAuth2AuthorizedClientArgumentResolverTests {
 	public void resolveArgumentWhenRegistrationIdEmptyAndNotOAuth2AuthenticationThenThrowIllegalArgumentException() {
 		MethodParameter methodParameter = this.getMethodParameter("registrationIdEmpty", OAuth2AuthorizedClient.class);
 		assertThatThrownBy(() -> this.argumentResolver.resolveArgument(methodParameter, null, null, null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("Unable to resolve the Client Registration Identifier. It must be provided via @RegisteredOAuth2AuthorizedClient(\"client1\") or @RegisteredOAuth2AuthorizedClient(registrationId = \"client1\").");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage(
+						"Unable to resolve the Client Registration Identifier. It must be provided via @RegisteredOAuth2AuthorizedClient(\"client1\") or @RegisteredOAuth2AuthorizedClient(registrationId = \"client1\").");
 	}
 
 	@Test
@@ -214,77 +216,79 @@ public class OAuth2AuthorizedClientArgumentResolverTests {
 		securityContext.setAuthentication(authentication);
 		SecurityContextHolder.setContext(securityContext);
 		MethodParameter methodParameter = this.getMethodParameter("registrationIdEmpty", OAuth2AuthorizedClient.class);
-		assertThat(this.argumentResolver.resolveArgument(
-				methodParameter, null, new ServletWebRequest(this.request, this.response), null)).isSameAs(this.authorizedClient1);
+		assertThat(this.argumentResolver.resolveArgument(methodParameter, null,
+				new ServletWebRequest(this.request, this.response), null)).isSameAs(this.authorizedClient1);
 	}
 
 	@Test
 	public void resolveArgumentWhenAuthorizedClientFoundThenResolves() throws Exception {
-		MethodParameter methodParameter = this.getMethodParameter("paramTypeAuthorizedClient", OAuth2AuthorizedClient.class);
-		assertThat(this.argumentResolver.resolveArgument(
-				methodParameter, null, new ServletWebRequest(this.request, this.response), null)).isSameAs(this.authorizedClient1);
+		MethodParameter methodParameter = this.getMethodParameter("paramTypeAuthorizedClient",
+				OAuth2AuthorizedClient.class);
+		assertThat(this.argumentResolver.resolveArgument(methodParameter, null,
+				new ServletWebRequest(this.request, this.response), null)).isSameAs(this.authorizedClient1);
 	}
 
 	@Test
 	public void resolveArgumentWhenRegistrationIdInvalidThenThrowIllegalArgumentException() {
-		MethodParameter methodParameter = this.getMethodParameter("registrationIdInvalid", OAuth2AuthorizedClient.class);
-		assertThatThrownBy(() -> this.argumentResolver.resolveArgument(methodParameter, null, new ServletWebRequest(this.request, this.response), null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("Could not find ClientRegistration with id 'invalid'");
+		MethodParameter methodParameter = this.getMethodParameter("registrationIdInvalid",
+				OAuth2AuthorizedClient.class);
+		assertThatThrownBy(() -> this.argumentResolver.resolveArgument(methodParameter, null,
+				new ServletWebRequest(this.request, this.response), null)).isInstanceOf(IllegalArgumentException.class)
+						.hasMessage("Could not find ClientRegistration with id 'invalid'");
 	}
 
 	@Test
 	public void resolveArgumentWhenAuthorizedClientNotFoundForAuthorizationCodeClientThenThrowClientAuthorizationRequiredException() {
 		when(this.authorizedClientRepository.loadAuthorizedClient(anyString(), any(), any(HttpServletRequest.class)))
 				.thenReturn(null);
-		MethodParameter methodParameter = this.getMethodParameter("paramTypeAuthorizedClient", OAuth2AuthorizedClient.class);
-		assertThatThrownBy(() -> this.argumentResolver.resolveArgument(methodParameter, null, new ServletWebRequest(this.request, this.response), null))
-				.isInstanceOf(ClientAuthorizationRequiredException.class);
+		MethodParameter methodParameter = this.getMethodParameter("paramTypeAuthorizedClient",
+				OAuth2AuthorizedClient.class);
+		assertThatThrownBy(() -> this.argumentResolver.resolveArgument(methodParameter, null,
+				new ServletWebRequest(this.request, this.response), null))
+						.isInstanceOf(ClientAuthorizationRequiredException.class);
 	}
 
 	@SuppressWarnings("unchecked")
 	@Test
-	public void resolveArgumentWhenAuthorizedClientNotFoundForClientCredentialsClientThenResolvesFromTokenResponseClient() throws Exception {
-		OAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest> clientCredentialsTokenResponseClient =
-				mock(OAuth2AccessTokenResponseClient.class);
-		ClientCredentialsOAuth2AuthorizedClientProvider clientCredentialsAuthorizedClientProvider =
-				new ClientCredentialsOAuth2AuthorizedClientProvider();
+	public void resolveArgumentWhenAuthorizedClientNotFoundForClientCredentialsClientThenResolvesFromTokenResponseClient()
+			throws Exception {
+		OAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest> clientCredentialsTokenResponseClient = mock(
+				OAuth2AccessTokenResponseClient.class);
+		ClientCredentialsOAuth2AuthorizedClientProvider clientCredentialsAuthorizedClientProvider = new ClientCredentialsOAuth2AuthorizedClientProvider();
 		clientCredentialsAuthorizedClientProvider.setAccessTokenResponseClient(clientCredentialsTokenResponseClient);
 		DefaultOAuth2AuthorizedClientManager authorizedClientManager = new DefaultOAuth2AuthorizedClientManager(
 				this.clientRegistrationRepository, this.authorizedClientRepository);
 		authorizedClientManager.setAuthorizedClientProvider(clientCredentialsAuthorizedClientProvider);
 		this.argumentResolver = new OAuth2AuthorizedClientArgumentResolver(authorizedClientManager);
 
-		OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse
-				.withToken("access-token-1234")
-				.tokenType(OAuth2AccessToken.TokenType.BEARER)
-				.expiresIn(3600)
-				.build();
+		OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("access-token-1234")
+				.tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(3600).build();
 		when(clientCredentialsTokenResponseClient.getTokenResponse(any())).thenReturn(accessTokenResponse);
 
 		when(this.authorizedClientRepository.loadAuthorizedClient(anyString(), any(), any(HttpServletRequest.class)))
 				.thenReturn(null);
-		MethodParameter methodParameter = this.getMethodParameter("clientCredentialsClient", OAuth2AuthorizedClient.class);
+		MethodParameter methodParameter = this.getMethodParameter("clientCredentialsClient",
+				OAuth2AuthorizedClient.class);
 
-		OAuth2AuthorizedClient authorizedClient = (OAuth2AuthorizedClient) this.argumentResolver.resolveArgument(
-				methodParameter, null, new ServletWebRequest(this.request, this.response), null);
+		OAuth2AuthorizedClient authorizedClient = (OAuth2AuthorizedClient) this.argumentResolver
+				.resolveArgument(methodParameter, null, new ServletWebRequest(this.request, this.response), null);
 
 		assertThat(authorizedClient).isNotNull();
 		assertThat(authorizedClient.getClientRegistration()).isSameAs(this.registration2);
 		assertThat(authorizedClient.getPrincipalName()).isEqualTo(this.principalName);
 		assertThat(authorizedClient.getAccessToken()).isSameAs(accessTokenResponse.getAccessToken());
 
-		verify(this.authorizedClientRepository).saveAuthorizedClient(
-				eq(authorizedClient), eq(this.authentication), any(HttpServletRequest.class), any(HttpServletResponse.class));
+		verify(this.authorizedClientRepository).saveAuthorizedClient(eq(authorizedClient), eq(this.authentication),
+				any(HttpServletRequest.class), any(HttpServletResponse.class));
 	}
 
 	@SuppressWarnings("unchecked")
 	@Test
-	public void resolveArgumentWhenAuthorizedClientNotFoundForPasswordClientThenResolvesFromTokenResponseClient() throws Exception {
-		OAuth2AccessTokenResponseClient<OAuth2PasswordGrantRequest> passwordTokenResponseClient =
-				mock(OAuth2AccessTokenResponseClient.class);
-		PasswordOAuth2AuthorizedClientProvider passwordAuthorizedClientProvider =
-				new PasswordOAuth2AuthorizedClientProvider();
+	public void resolveArgumentWhenAuthorizedClientNotFoundForPasswordClientThenResolvesFromTokenResponseClient()
+			throws Exception {
+		OAuth2AccessTokenResponseClient<OAuth2PasswordGrantRequest> passwordTokenResponseClient = mock(
+				OAuth2AccessTokenResponseClient.class);
+		PasswordOAuth2AuthorizedClientProvider passwordAuthorizedClientProvider = new PasswordOAuth2AuthorizedClientProvider();
 		passwordAuthorizedClientProvider.setAccessTokenResponseClient(passwordTokenResponseClient);
 		DefaultOAuth2AuthorizedClientManager authorizedClientManager = new DefaultOAuth2AuthorizedClientManager(
 				this.clientRegistrationRepository, this.authorizedClientRepository);
@@ -305,11 +309,8 @@ public class OAuth2AuthorizedClientArgumentResolverTests {
 
 		this.argumentResolver = new OAuth2AuthorizedClientArgumentResolver(authorizedClientManager);
 
-		OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse
-				.withToken("access-token-1234")
-				.tokenType(OAuth2AccessToken.TokenType.BEARER)
-				.expiresIn(3600)
-				.build();
+		OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("access-token-1234")
+				.tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(3600).build();
 		when(passwordTokenResponseClient.getTokenResponse(any())).thenReturn(accessTokenResponse);
 
 		when(this.authorizedClientRepository.loadAuthorizedClient(anyString(), any(), any(HttpServletRequest.class)))
@@ -319,16 +320,16 @@ public class OAuth2AuthorizedClientArgumentResolverTests {
 		this.request.setParameter(OAuth2ParameterNames.USERNAME, "username");
 		this.request.setParameter(OAuth2ParameterNames.PASSWORD, "password");
 
-		OAuth2AuthorizedClient authorizedClient = (OAuth2AuthorizedClient) this.argumentResolver.resolveArgument(
-				methodParameter, null, new ServletWebRequest(this.request, this.response), null);
+		OAuth2AuthorizedClient authorizedClient = (OAuth2AuthorizedClient) this.argumentResolver
+				.resolveArgument(methodParameter, null, new ServletWebRequest(this.request, this.response), null);
 
 		assertThat(authorizedClient).isNotNull();
 		assertThat(authorizedClient.getClientRegistration()).isSameAs(this.registration3);
 		assertThat(authorizedClient.getPrincipalName()).isEqualTo(this.principalName);
 		assertThat(authorizedClient.getAccessToken()).isSameAs(accessTokenResponse.getAccessToken());
 
-		verify(this.authorizedClientRepository).saveAuthorizedClient(
-				eq(authorizedClient), eq(this.authentication), any(HttpServletRequest.class), any(HttpServletResponse.class));
+		verify(this.authorizedClientRepository).saveAuthorizedClient(eq(authorizedClient), eq(this.authentication),
+				any(HttpServletRequest.class), any(HttpServletResponse.class));
 	}
 
 	private MethodParameter getMethodParameter(String methodName, Class<?>... paramTypes) {
@@ -337,7 +338,9 @@ public class OAuth2AuthorizedClientArgumentResolverTests {
 	}
 
 	static class TestController {
-		void paramTypeAuthorizedClient(@RegisteredOAuth2AuthorizedClient("client1") OAuth2AuthorizedClient authorizedClient) {
+
+		void paramTypeAuthorizedClient(
+				@RegisteredOAuth2AuthorizedClient("client1") OAuth2AuthorizedClient authorizedClient) {
 		}
 
 		void paramTypeAuthorizedClientWithoutAnnotation(OAuth2AuthorizedClient authorizedClient) {
@@ -352,13 +355,17 @@ public class OAuth2AuthorizedClientArgumentResolverTests {
 		void registrationIdEmpty(@RegisteredOAuth2AuthorizedClient OAuth2AuthorizedClient authorizedClient) {
 		}
 
-		void registrationIdInvalid(@RegisteredOAuth2AuthorizedClient("invalid") OAuth2AuthorizedClient authorizedClient) {
+		void registrationIdInvalid(
+				@RegisteredOAuth2AuthorizedClient("invalid") OAuth2AuthorizedClient authorizedClient) {
 		}
 
-		void clientCredentialsClient(@RegisteredOAuth2AuthorizedClient("client2") OAuth2AuthorizedClient authorizedClient) {
+		void clientCredentialsClient(
+				@RegisteredOAuth2AuthorizedClient("client2") OAuth2AuthorizedClient authorizedClient) {
 		}
 
 		void passwordClient(@RegisteredOAuth2AuthorizedClient("client3") OAuth2AuthorizedClient authorizedClient) {
 		}
+
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/MockExchangeFunction.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/MockExchangeFunction.java
index ac9f31b6ff..e581fca243 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/MockExchangeFunction.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/MockExchangeFunction.java
@@ -32,6 +32,7 @@ import java.util.List;
  * @since 5.1
  */
 public class MockExchangeFunction implements ExchangeFunction {
+
 	private List<ClientRequest> requests = new ArrayList<>();
 
 	private ClientResponse response = mock(ClientResponse.class);
@@ -55,4 +56,5 @@ public class MockExchangeFunction implements ExchangeFunction {
 			return Mono.just(this.response);
 		});
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionITests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionITests.java
index f656d981a1..9bc02e8427 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionITests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionITests.java
@@ -70,12 +70,19 @@ import static org.springframework.security.oauth2.client.web.reactive.function.c
 public class ServerOAuth2AuthorizedClientExchangeFilterFunctionITests {
 
 	private ReactiveClientRegistrationRepository clientRegistrationRepository;
+
 	private ServerOAuth2AuthorizedClientRepository authorizedClientRepository;
+
 	private ServerOAuth2AuthorizedClientExchangeFilterFunction authorizedClientFilter;
+
 	private MockWebServer server;
+
 	private String serverUrl;
+
 	private WebClient webClient;
+
 	private Authentication authentication;
+
 	private MockServerWebExchange exchange;
 
 	@Before
@@ -86,23 +93,20 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionITests {
 		this.authorizedClientRepository = spy(new ServerOAuth2AuthorizedClientRepository() {
 
 			@Override
-			public <T extends OAuth2AuthorizedClient> Mono<T> loadAuthorizedClient(
-					String clientRegistrationId,
+			public <T extends OAuth2AuthorizedClient> Mono<T> loadAuthorizedClient(String clientRegistrationId,
 					Authentication principal, ServerWebExchange exchange) {
 				return delegate.loadAuthorizedClient(clientRegistrationId, principal, exchange);
 			}
 
 			@Override
-			public Mono<Void> saveAuthorizedClient(
-					OAuth2AuthorizedClient authorizedClient,
-					Authentication principal, ServerWebExchange exchange) {
+			public Mono<Void> saveAuthorizedClient(OAuth2AuthorizedClient authorizedClient, Authentication principal,
+					ServerWebExchange exchange) {
 				return delegate.saveAuthorizedClient(authorizedClient, principal, exchange);
 			}
 
 			@Override
-			public Mono<Void> removeAuthorizedClient(
-					String clientRegistrationId,
-					Authentication principal, ServerWebExchange exchange) {
+			public Mono<Void> removeAuthorizedClient(String clientRegistrationId, Authentication principal,
+					ServerWebExchange exchange) {
 				return delegate.removeAuthorizedClient(clientRegistrationId, principal, exchange);
 			}
 
@@ -112,9 +116,7 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionITests {
 		this.server = new MockWebServer();
 		this.server.start();
 		this.serverUrl = this.server.url("/").toString();
-		this.webClient = WebClient.builder()
-				.filter(this.authorizedClientFilter)
-				.build();
+		this.webClient = WebClient.builder().filter(this.authorizedClientFilter).build();
 		this.authentication = new TestingAuthenticationToken("principal", "password");
 		this.exchange = MockServerWebExchange.builder(MockServerHttpRequest.get("/").build()).build();
 	}
@@ -126,83 +128,67 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionITests {
 
 	@Test
 	public void requestWhenNotAuthorizedThenAuthorizeAndSendRequest() {
-		String accessTokenResponse = "{\n" +
-				"	\"access_token\": \"access-token-1234\",\n" +
-				"   \"token_type\": \"bearer\",\n" +
-				"   \"expires_in\": \"3600\",\n" +
-				"   \"scope\": \"read write\"\n" +
-				"}\n";
-		String clientResponse = "{\n" +
-				"	\"attribute1\": \"value1\",\n" +
-				"	\"attribute2\": \"value2\"\n" +
-				"}\n";
+		String accessTokenResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
+				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\",\n"
+				+ "   \"scope\": \"read write\"\n" + "}\n";
+		String clientResponse = "{\n" + "	\"attribute1\": \"value1\",\n" + "	\"attribute2\": \"value2\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(accessTokenResponse));
 		this.server.enqueue(jsonResponse(clientResponse));
 
-		ClientRegistration clientRegistration = TestClientRegistrations.clientCredentials().tokenUri(this.serverUrl).build();
-		when(this.clientRegistrationRepository.findByRegistrationId(eq(clientRegistration.getRegistrationId()))).thenReturn(Mono.just(clientRegistration));
+		ClientRegistration clientRegistration = TestClientRegistrations.clientCredentials().tokenUri(this.serverUrl)
+				.build();
+		when(this.clientRegistrationRepository.findByRegistrationId(eq(clientRegistration.getRegistrationId())))
+				.thenReturn(Mono.just(clientRegistration));
 
-		this.webClient
-				.get()
-				.uri(this.serverUrl)
-				.attributes(clientRegistrationId(clientRegistration.getRegistrationId()))
-				.retrieve()
-				.bodyToMono(String.class)
-				.subscriberContext(Context.of(ServerWebExchange.class, this.exchange))
-				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication))
-				.block();
+		this.webClient.get().uri(this.serverUrl)
+				.attributes(clientRegistrationId(clientRegistration.getRegistrationId())).retrieve()
+				.bodyToMono(String.class).subscriberContext(Context.of(ServerWebExchange.class, this.exchange))
+				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication)).block();
 
 		assertThat(this.server.getRequestCount()).isEqualTo(2);
 
-		ArgumentCaptor<OAuth2AuthorizedClient> authorizedClientCaptor = ArgumentCaptor.forClass(OAuth2AuthorizedClient.class);
-		verify(this.authorizedClientRepository).saveAuthorizedClient(
-				authorizedClientCaptor.capture(), eq(this.authentication), eq(this.exchange));
+		ArgumentCaptor<OAuth2AuthorizedClient> authorizedClientCaptor = ArgumentCaptor
+				.forClass(OAuth2AuthorizedClient.class);
+		verify(this.authorizedClientRepository).saveAuthorizedClient(authorizedClientCaptor.capture(),
+				eq(this.authentication), eq(this.exchange));
 		assertThat(authorizedClientCaptor.getValue().getClientRegistration()).isSameAs(clientRegistration);
 	}
 
 	@Test
 	public void requestWhenAuthorizedButExpiredThenRefreshAndSendRequest() {
-		String accessTokenResponse = "{\n" +
-				"	\"access_token\": \"refreshed-access-token\",\n" +
-				"   \"token_type\": \"bearer\",\n" +
-				"   \"expires_in\": \"3600\"\n" +
-				"}\n";
-		String clientResponse = "{\n" +
-				"	\"attribute1\": \"value1\",\n" +
-				"	\"attribute2\": \"value2\"\n" +
-				"}\n";
+		String accessTokenResponse = "{\n" + "	\"access_token\": \"refreshed-access-token\",\n"
+				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\"\n" + "}\n";
+		String clientResponse = "{\n" + "	\"attribute1\": \"value1\",\n" + "	\"attribute2\": \"value2\"\n" + "}\n";
 
 		this.server.enqueue(jsonResponse(accessTokenResponse));
 		this.server.enqueue(jsonResponse(clientResponse));
 
-		ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().tokenUri(this.serverUrl).build();
-		when(this.clientRegistrationRepository.findByRegistrationId(eq(clientRegistration.getRegistrationId()))).thenReturn(Mono.just(clientRegistration));
+		ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().tokenUri(this.serverUrl)
+				.build();
+		when(this.clientRegistrationRepository.findByRegistrationId(eq(clientRegistration.getRegistrationId())))
+				.thenReturn(Mono.just(clientRegistration));
 
 		Instant issuedAt = Instant.now().minus(Duration.ofDays(1));
 		Instant expiresAt = issuedAt.plus(Duration.ofHours(1));
 		OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,
 				"expired-access-token", issuedAt, expiresAt, new HashSet<>(Arrays.asList("read", "write")));
 		OAuth2RefreshToken refreshToken = TestOAuth2RefreshTokens.refreshToken();
-		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(
-				clientRegistration, this.authentication.getName(), accessToken, refreshToken);
+		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(clientRegistration,
+				this.authentication.getName(), accessToken, refreshToken);
 		doReturn(Mono.just(authorizedClient)).when(this.authorizedClientRepository).loadAuthorizedClient(
 				eq(clientRegistration.getRegistrationId()), eq(this.authentication), eq(this.exchange));
 
-		this.webClient
-				.get()
-				.uri(this.serverUrl)
-				.attributes(clientRegistrationId(clientRegistration.getRegistrationId()))
-				.retrieve()
-				.bodyToMono(String.class)
-				.subscriberContext(Context.of(ServerWebExchange.class, this.exchange))
-				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication))
-				.block();
+		this.webClient.get().uri(this.serverUrl)
+				.attributes(clientRegistrationId(clientRegistration.getRegistrationId())).retrieve()
+				.bodyToMono(String.class).subscriberContext(Context.of(ServerWebExchange.class, this.exchange))
+				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication)).block();
 
 		assertThat(this.server.getRequestCount()).isEqualTo(2);
 
-		ArgumentCaptor<OAuth2AuthorizedClient> authorizedClientCaptor = ArgumentCaptor.forClass(OAuth2AuthorizedClient.class);
-		verify(this.authorizedClientRepository).saveAuthorizedClient(
-				authorizedClientCaptor.capture(), eq(this.authentication), eq(this.exchange));
+		ArgumentCaptor<OAuth2AuthorizedClient> authorizedClientCaptor = ArgumentCaptor
+				.forClass(OAuth2AuthorizedClient.class);
+		verify(this.authorizedClientRepository).saveAuthorizedClient(authorizedClientCaptor.capture(),
+				eq(this.authentication), eq(this.exchange));
 		OAuth2AuthorizedClient refreshedAuthorizedClient = authorizedClientCaptor.getValue();
 		assertThat(refreshedAuthorizedClient.getClientRegistration()).isSameAs(clientRegistration);
 		assertThat(refreshedAuthorizedClient.getAccessToken().getTokenValue()).isEqualTo("refreshed-access-token");
@@ -210,124 +196,104 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionITests {
 
 	@Test
 	public void requestMultipleWhenNoneAuthorizedThenAuthorizeAndSendRequest() {
-		String accessTokenResponse = "{\n" +
-				"	\"access_token\": \"access-token-1234\",\n" +
-				"   \"token_type\": \"bearer\",\n" +
-				"   \"expires_in\": \"3600\",\n" +
-				"   \"scope\": \"read write\"\n" +
-				"}\n";
-		String clientResponse = "{\n" +
-				"	\"attribute1\": \"value1\",\n" +
-				"	\"attribute2\": \"value2\"\n" +
-				"}\n";
+		String accessTokenResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
+				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\",\n"
+				+ "   \"scope\": \"read write\"\n" + "}\n";
+		String clientResponse = "{\n" + "	\"attribute1\": \"value1\",\n" + "	\"attribute2\": \"value2\"\n" + "}\n";
 
 		// Client 1
 		this.server.enqueue(jsonResponse(accessTokenResponse));
 		this.server.enqueue(jsonResponse(clientResponse));
 
-		ClientRegistration clientRegistration1 = TestClientRegistrations.clientCredentials()
-				.registrationId("client-1").tokenUri(this.serverUrl).build();
-		when(this.clientRegistrationRepository.findByRegistrationId(eq(clientRegistration1.getRegistrationId()))).thenReturn(Mono.just(clientRegistration1));
+		ClientRegistration clientRegistration1 = TestClientRegistrations.clientCredentials().registrationId("client-1")
+				.tokenUri(this.serverUrl).build();
+		when(this.clientRegistrationRepository.findByRegistrationId(eq(clientRegistration1.getRegistrationId())))
+				.thenReturn(Mono.just(clientRegistration1));
 
 		// Client 2
 		this.server.enqueue(jsonResponse(accessTokenResponse));
 		this.server.enqueue(jsonResponse(clientResponse));
 
-		ClientRegistration clientRegistration2 = TestClientRegistrations.clientCredentials()
-				.registrationId("client-2").tokenUri(this.serverUrl).build();
-		when(this.clientRegistrationRepository.findByRegistrationId(eq(clientRegistration2.getRegistrationId()))).thenReturn(Mono.just(clientRegistration2));
+		ClientRegistration clientRegistration2 = TestClientRegistrations.clientCredentials().registrationId("client-2")
+				.tokenUri(this.serverUrl).build();
+		when(this.clientRegistrationRepository.findByRegistrationId(eq(clientRegistration2.getRegistrationId())))
+				.thenReturn(Mono.just(clientRegistration2));
 
-		this.webClient
-				.get()
-				.uri(this.serverUrl)
-				.attributes(clientRegistrationId(clientRegistration1.getRegistrationId()))
-				.retrieve()
+		this.webClient.get().uri(this.serverUrl)
+				.attributes(clientRegistrationId(clientRegistration1.getRegistrationId())).retrieve()
 				.bodyToMono(String.class)
-				.flatMap(response -> this.webClient
-						.get()
-						.uri(this.serverUrl)
-						.attributes(clientRegistrationId(clientRegistration2.getRegistrationId()))
-						.retrieve()
+				.flatMap(response -> this.webClient.get().uri(this.serverUrl)
+						.attributes(clientRegistrationId(clientRegistration2.getRegistrationId())).retrieve()
 						.bodyToMono(String.class))
 				.subscriberContext(Context.of(ServerWebExchange.class, this.exchange))
-				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication))
-				.block();
+				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication)).block();
 
 		assertThat(this.server.getRequestCount()).isEqualTo(4);
 
-		ArgumentCaptor<OAuth2AuthorizedClient> authorizedClientCaptor = ArgumentCaptor.forClass(OAuth2AuthorizedClient.class);
-		verify(this.authorizedClientRepository, times(2)).saveAuthorizedClient(
-				authorizedClientCaptor.capture(), eq(this.authentication), eq(this.exchange));
+		ArgumentCaptor<OAuth2AuthorizedClient> authorizedClientCaptor = ArgumentCaptor
+				.forClass(OAuth2AuthorizedClient.class);
+		verify(this.authorizedClientRepository, times(2)).saveAuthorizedClient(authorizedClientCaptor.capture(),
+				eq(this.authentication), eq(this.exchange));
 		assertThat(authorizedClientCaptor.getAllValues().get(0).getClientRegistration()).isSameAs(clientRegistration1);
 		assertThat(authorizedClientCaptor.getAllValues().get(1).getClientRegistration()).isSameAs(clientRegistration2);
 	}
 
 	/**
-	 * When a non-expired {@link OAuth2AuthorizedClient} exists
-	 * but the resource server returns 401,
-	 * then remove the {@link OAuth2AuthorizedClient} from the repository.
+	 * When a non-expired {@link OAuth2AuthorizedClient} exists but the resource server
+	 * returns 401, then remove the {@link OAuth2AuthorizedClient} from the repository.
 	 */
 	@Test
 	public void requestWhenUnauthorizedThenReAuthorize() {
-		String accessTokenResponse = "{\n" +
-				"	\"access_token\": \"access-token-1234\",\n" +
-				"   \"token_type\": \"bearer\",\n" +
-				"   \"expires_in\": \"3600\",\n" +
-				"   \"scope\": \"read write\"\n" +
-				"}\n";
-		String clientResponse = "{\n" +
-				"	\"attribute1\": \"value1\",\n" +
-				"	\"attribute2\": \"value2\"\n" +
-				"}\n";
+		String accessTokenResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
+				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\",\n"
+				+ "   \"scope\": \"read write\"\n" + "}\n";
+		String clientResponse = "{\n" + "	\"attribute1\": \"value1\",\n" + "	\"attribute2\": \"value2\"\n" + "}\n";
 		this.server.enqueue(new MockResponse().setResponseCode(HttpStatus.UNAUTHORIZED.value()));
 		this.server.enqueue(jsonResponse(accessTokenResponse));
 		this.server.enqueue(jsonResponse(clientResponse));
 
-		ClientRegistration clientRegistration = TestClientRegistrations.clientCredentials().tokenUri(this.serverUrl).build();
-		when(this.clientRegistrationRepository.findByRegistrationId(eq(clientRegistration.getRegistrationId()))).thenReturn(Mono.just(clientRegistration));
+		ClientRegistration clientRegistration = TestClientRegistrations.clientCredentials().tokenUri(this.serverUrl)
+				.build();
+		when(this.clientRegistrationRepository.findByRegistrationId(eq(clientRegistration.getRegistrationId())))
+				.thenReturn(Mono.just(clientRegistration));
 
 		OAuth2AccessToken accessToken = TestOAuth2AccessTokens.scopes("read", "write");
 		OAuth2RefreshToken refreshToken = TestOAuth2RefreshTokens.refreshToken();
-		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(
-				clientRegistration, this.authentication.getName(), accessToken, refreshToken);
-		doReturn(Mono.just(authorizedClient))
-				.doReturn(Mono.empty())
-				.when(this.authorizedClientRepository).loadAuthorizedClient(
-						eq(clientRegistration.getRegistrationId()), eq(this.authentication), eq(this.exchange));
+		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(clientRegistration,
+				this.authentication.getName(), accessToken, refreshToken);
+		doReturn(Mono.just(authorizedClient)).doReturn(Mono.empty()).when(this.authorizedClientRepository)
+				.loadAuthorizedClient(eq(clientRegistration.getRegistrationId()), eq(this.authentication),
+						eq(this.exchange));
 
-		Mono<String> requestMono = this.webClient
-				.get()
-				.uri(this.serverUrl)
-				.attributes(clientRegistrationId(clientRegistration.getRegistrationId()))
-				.retrieve()
-				.bodyToMono(String.class)
-				.subscriberContext(Context.of(ServerWebExchange.class, this.exchange))
+		Mono<String> requestMono = this.webClient.get().uri(this.serverUrl)
+				.attributes(clientRegistrationId(clientRegistration.getRegistrationId())).retrieve()
+				.bodyToMono(String.class).subscriberContext(Context.of(ServerWebExchange.class, this.exchange))
 				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication));
 
 		// first try should fail, and remove the cached authorized client
-		assertThatCode(requestMono::block)
-				.isInstanceOfSatisfying(WebClientResponseException.class, e -> assertThat(e.getStatusCode()).isEqualTo(HttpStatus.UNAUTHORIZED));
+		assertThatCode(requestMono::block).isInstanceOfSatisfying(WebClientResponseException.class,
+				e -> assertThat(e.getStatusCode()).isEqualTo(HttpStatus.UNAUTHORIZED));
 
 		assertThat(this.server.getRequestCount()).isEqualTo(1);
 
 		verify(this.authorizedClientRepository, never()).saveAuthorizedClient(any(), any(), any());
-		verify(this.authorizedClientRepository).removeAuthorizedClient(
-				eq(clientRegistration.getRegistrationId()), eq(this.authentication), eq(this.exchange));
+		verify(this.authorizedClientRepository).removeAuthorizedClient(eq(clientRegistration.getRegistrationId()),
+				eq(this.authentication), eq(this.exchange));
 
 		// second try should retrieve the authorized client and succeed
 		requestMono.block();
 
 		assertThat(this.server.getRequestCount()).isEqualTo(3);
 
-		ArgumentCaptor<OAuth2AuthorizedClient> authorizedClientCaptor = ArgumentCaptor.forClass(OAuth2AuthorizedClient.class);
-		verify(this.authorizedClientRepository).saveAuthorizedClient(
-				authorizedClientCaptor.capture(), eq(this.authentication), eq(this.exchange));
+		ArgumentCaptor<OAuth2AuthorizedClient> authorizedClientCaptor = ArgumentCaptor
+				.forClass(OAuth2AuthorizedClient.class);
+		verify(this.authorizedClientRepository).saveAuthorizedClient(authorizedClientCaptor.capture(),
+				eq(this.authentication), eq(this.exchange));
 		assertThat(authorizedClientCaptor.getValue().getClientRegistration()).isSameAs(clientRegistration);
 	}
 
 	private MockResponse jsonResponse(String json) {
-		return new MockResponse()
-				.setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE)
-				.setBody(json);
+		return new MockResponse().setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE).setBody(json);
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionTests.java
index 15a603953a..50612fc76a 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionTests.java
@@ -115,6 +115,7 @@ import static org.springframework.security.oauth2.client.web.reactive.function.c
  */
 @RunWith(MockitoJUnitRunner.class)
 public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
+
 	@Mock
 	private ServerOAuth2AuthorizedClientRepository authorizedClientRepository;
 
@@ -151,25 +152,21 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 
 	private MockExchangeFunction exchange = new MockExchangeFunction();
 
-	private ClientRegistration registration = TestClientRegistrations.clientRegistration()
-			.build();
+	private ClientRegistration registration = TestClientRegistrations.clientRegistration().build();
 
-	private OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,
-			"token-0",
-			Instant.now(),
-			Instant.now().plus(Duration.ofDays(1)));
+	private OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, "token-0",
+			Instant.now(), Instant.now().plus(Duration.ofDays(1)));
 
 	private DefaultReactiveOAuth2AuthorizedClientManager authorizedClientManager;
 
 	@Before
 	public void setup() {
-		ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider =
-				ReactiveOAuth2AuthorizedClientProviderBuilder.builder()
-						.authorizationCode()
-						.refreshToken(configurer -> configurer.accessTokenResponseClient(this.refreshTokenTokenResponseClient))
-						.clientCredentials(configurer -> configurer.accessTokenResponseClient(this.clientCredentialsTokenResponseClient))
-						.password(configurer -> configurer.accessTokenResponseClient(this.passwordTokenResponseClient))
-						.build();
+		ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider = ReactiveOAuth2AuthorizedClientProviderBuilder
+				.builder().authorizationCode()
+				.refreshToken(configurer -> configurer.accessTokenResponseClient(this.refreshTokenTokenResponseClient))
+				.clientCredentials(
+						configurer -> configurer.accessTokenResponseClient(this.clientCredentialsTokenResponseClient))
+				.password(configurer -> configurer.accessTokenResponseClient(this.passwordTokenResponseClient)).build();
 		this.authorizedClientManager = new DefaultReactiveOAuth2AuthorizedClientManager(
 				this.clientRegistrationRepository, this.authorizedClientRepository);
 		this.authorizedClientManager.setAuthorizedClientProvider(authorizedClientProvider);
@@ -193,24 +190,24 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 
 	@Test
 	public void setClientCredentialsTokenResponseClientWhenNotDefaultAuthorizedClientManagerThenThrowIllegalStateException() {
-		assertThatThrownBy(() -> this.function.setClientCredentialsTokenResponseClient(new WebClientReactiveClientCredentialsTokenResponseClient()))
-				.isInstanceOf(IllegalStateException.class)
-				.hasMessage("The client cannot be set when the constructor used is \"ServerOAuth2AuthorizedClientExchangeFilterFunction(ReactiveOAuth2AuthorizedClientManager)\". " +
-						"Instead, use the constructor \"ServerOAuth2AuthorizedClientExchangeFilterFunction(ClientRegistrationRepository, OAuth2AuthorizedClientRepository)\".");
+		assertThatThrownBy(() -> this.function
+				.setClientCredentialsTokenResponseClient(new WebClientReactiveClientCredentialsTokenResponseClient()))
+						.isInstanceOf(IllegalStateException.class).hasMessage(
+								"The client cannot be set when the constructor used is \"ServerOAuth2AuthorizedClientExchangeFilterFunction(ReactiveOAuth2AuthorizedClientManager)\". "
+										+ "Instead, use the constructor \"ServerOAuth2AuthorizedClientExchangeFilterFunction(ClientRegistrationRepository, OAuth2AuthorizedClientRepository)\".");
 	}
 
 	@Test
 	public void setAccessTokenExpiresSkewWhenNotDefaultAuthorizedClientManagerThenThrowIllegalStateException() {
 		assertThatThrownBy(() -> this.function.setAccessTokenExpiresSkew(Duration.ofSeconds(30)))
-				.isInstanceOf(IllegalStateException.class)
-				.hasMessage("The accessTokenExpiresSkew cannot be set when the constructor used is \"ServerOAuth2AuthorizedClientExchangeFilterFunction(ReactiveOAuth2AuthorizedClientManager)\". " +
-						"Instead, use the constructor \"ServerOAuth2AuthorizedClientExchangeFilterFunction(ClientRegistrationRepository, OAuth2AuthorizedClientRepository)\".");
+				.isInstanceOf(IllegalStateException.class).hasMessage(
+						"The accessTokenExpiresSkew cannot be set when the constructor used is \"ServerOAuth2AuthorizedClientExchangeFilterFunction(ReactiveOAuth2AuthorizedClientManager)\". "
+								+ "Instead, use the constructor \"ServerOAuth2AuthorizedClientExchangeFilterFunction(ClientRegistrationRepository, OAuth2AuthorizedClientRepository)\".");
 	}
 
 	@Test
 	public void filterWhenAuthorizedClientNullThenAuthorizationHeaderNull() {
-		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
-			.build();
+		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com")).build();
 
 		this.function.filter(request, this.exchange).block();
 
@@ -219,31 +216,26 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 
 	@Test
 	public void filterWhenAuthorizedClientThenAuthorizationHeader() {
-		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration,
-				"principalName", this.accessToken);
+		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
+				this.accessToken);
 		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
-				.attributes(oauth2AuthorizedClient(authorizedClient))
-				.build();
+				.attributes(oauth2AuthorizedClient(authorizedClient)).build();
 
-		this.function.filter(request, this.exchange)
-				.subscriberContext(serverWebExchange())
-				.block();
+		this.function.filter(request, this.exchange).subscriberContext(serverWebExchange()).block();
 
-		assertThat(this.exchange.getRequest().headers().getFirst(HttpHeaders.AUTHORIZATION)).isEqualTo("Bearer " + this.accessToken.getTokenValue());
+		assertThat(this.exchange.getRequest().headers().getFirst(HttpHeaders.AUTHORIZATION))
+				.isEqualTo("Bearer " + this.accessToken.getTokenValue());
 	}
 
 	@Test
 	public void filterWhenExistingAuthorizationThenSingleAuthorizationHeader() {
-		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration,
-				"principalName", this.accessToken);
+		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
+				this.accessToken);
 		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
-				.header(HttpHeaders.AUTHORIZATION, "Existing")
-				.attributes(oauth2AuthorizedClient(authorizedClient))
+				.header(HttpHeaders.AUTHORIZATION, "Existing").attributes(oauth2AuthorizedClient(authorizedClient))
 				.build();
 
-		this.function.filter(request, this.exchange)
-				.subscriberContext(serverWebExchange())
-				.block();
+		this.function.filter(request, this.exchange).subscriberContext(serverWebExchange()).block();
 
 		HttpHeaders headers = this.exchange.getRequest().headers();
 		assertThat(headers.get(HttpHeaders.AUTHORIZATION)).containsOnly("Bearer " + this.accessToken.getTokenValue());
@@ -252,31 +244,26 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 	@Test
 	public void filterWhenClientCredentialsTokenExpiredThenGetNewToken() {
 		OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("new-token")
-				.tokenType(OAuth2AccessToken.TokenType.BEARER)
-				.expiresIn(360)
-				.build();
-		when(this.clientCredentialsTokenResponseClient.getTokenResponse(any())).thenReturn(Mono.just(accessTokenResponse));
+				.tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(360).build();
+		when(this.clientCredentialsTokenResponseClient.getTokenResponse(any()))
+				.thenReturn(Mono.just(accessTokenResponse));
 
 		ClientRegistration registration = TestClientRegistrations.clientCredentials().build();
 		Instant issuedAt = Instant.now().minus(Duration.ofDays(1));
 		Instant accessTokenExpiresAt = issuedAt.plus(Duration.ofHours(1));
 		OAuth2AccessToken accessToken = new OAuth2AccessToken(this.accessToken.getTokenType(),
-				this.accessToken.getTokenValue(),
-				issuedAt,
-				accessTokenExpiresAt);
-		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(registration,
-				"principalName", accessToken, null);
+				this.accessToken.getTokenValue(), issuedAt, accessTokenExpiresAt);
+		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(registration, "principalName", accessToken,
+				null);
 
 		TestingAuthenticationToken authentication = new TestingAuthenticationToken("test", "this");
 
 		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
-				.attributes(oauth2AuthorizedClient(authorizedClient))
-				.build();
+				.attributes(oauth2AuthorizedClient(authorizedClient)).build();
 
 		this.function.filter(request, this.exchange)
 				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication))
-				.subscriberContext(serverWebExchange())
-				.block();
+				.subscriberContext(serverWebExchange()).block();
 
 		verify(this.clientCredentialsTokenResponseClient).getTokenResponse(any());
 		verify(this.authorizedClientRepository).saveAuthorizedClient(any(), eq(authentication), any());
@@ -295,16 +282,14 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		TestingAuthenticationToken authentication = new TestingAuthenticationToken("test", "this");
 		ClientRegistration registration = TestClientRegistrations.clientCredentials().build();
 
-		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(registration,
-				"principalName", this.accessToken, null);
+		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(registration, "principalName",
+				this.accessToken, null);
 		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
-				.attributes(oauth2AuthorizedClient(authorizedClient))
-				.build();
+				.attributes(oauth2AuthorizedClient(authorizedClient)).build();
 
 		this.function.filter(request, this.exchange)
 				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication))
-				.subscriberContext(serverWebExchange())
-				.block();
+				.subscriberContext(serverWebExchange()).block();
 
 		verify(this.clientCredentialsTokenResponseClient, never()).getTokenResponse(any());
 
@@ -320,34 +305,28 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 	@Test
 	public void filterWhenRefreshRequiredThenRefresh() {
 		OAuth2AccessTokenResponse response = OAuth2AccessTokenResponse.withToken("token-1")
-				.tokenType(OAuth2AccessToken.TokenType.BEARER)
-				.expiresIn(3600)
-				.refreshToken("refresh-1")
-				.build();
+				.tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(3600).refreshToken("refresh-1").build();
 		when(this.refreshTokenTokenResponseClient.getTokenResponse(any())).thenReturn(Mono.just(response));
 
 		Instant issuedAt = Instant.now().minus(Duration.ofDays(1));
 		Instant accessTokenExpiresAt = issuedAt.plus(Duration.ofHours(1));
-		this.accessToken = new OAuth2AccessToken(this.accessToken.getTokenType(),
-				this.accessToken.getTokenValue(),
-				issuedAt,
-				accessTokenExpiresAt);
+		this.accessToken = new OAuth2AccessToken(this.accessToken.getTokenType(), this.accessToken.getTokenValue(),
+				issuedAt, accessTokenExpiresAt);
 		OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", issuedAt);
-		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration,
-				"principalName", this.accessToken, refreshToken);
+		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
+				this.accessToken, refreshToken);
 
 		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
-				.attributes(oauth2AuthorizedClient(authorizedClient))
-				.build();
+				.attributes(oauth2AuthorizedClient(authorizedClient)).build();
 
 		TestingAuthenticationToken authentication = new TestingAuthenticationToken("test", "this");
 		this.function.filter(request, this.exchange)
 				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication))
-				.subscriberContext(serverWebExchange())
-				.block();
+				.subscriberContext(serverWebExchange()).block();
 
 		verify(this.refreshTokenTokenResponseClient).getTokenResponse(any());
-		verify(this.authorizedClientRepository).saveAuthorizedClient(this.authorizedClientCaptor.capture(), eq(authentication), any());
+		verify(this.authorizedClientRepository).saveAuthorizedClient(this.authorizedClientCaptor.capture(),
+				eq(authentication), any());
 
 		OAuth2AuthorizedClient newAuthorizedClient = authorizedClientCaptor.getValue();
 		assertThat(newAuthorizedClient.getAccessToken()).isEqualTo(response.getAccessToken());
@@ -366,29 +345,21 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 	@Test
 	public void filterWhenRefreshRequiredAndEmptyReactiveSecurityContextThenSaved() {
 		OAuth2AccessTokenResponse response = OAuth2AccessTokenResponse.withToken("token-1")
-				.tokenType(OAuth2AccessToken.TokenType.BEARER)
-				.expiresIn(3600)
-				.refreshToken("refresh-1")
-				.build();
+				.tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(3600).refreshToken("refresh-1").build();
 		when(this.refreshTokenTokenResponseClient.getTokenResponse(any())).thenReturn(Mono.just(response));
 		Instant issuedAt = Instant.now().minus(Duration.ofDays(1));
 
 		Instant accessTokenExpiresAt = issuedAt.plus(Duration.ofHours(1));
-		this.accessToken = new OAuth2AccessToken(this.accessToken.getTokenType(),
-				this.accessToken.getTokenValue(),
-				issuedAt,
-				accessTokenExpiresAt);
+		this.accessToken = new OAuth2AccessToken(this.accessToken.getTokenType(), this.accessToken.getTokenValue(),
+				issuedAt, accessTokenExpiresAt);
 
 		OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", issuedAt);
-		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration,
-				"principalName", this.accessToken, refreshToken);
+		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
+				this.accessToken, refreshToken);
 		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
-				.attributes(oauth2AuthorizedClient(authorizedClient))
-				.build();
+				.attributes(oauth2AuthorizedClient(authorizedClient)).build();
 
-		this.function.filter(request, this.exchange)
-				.subscriberContext(serverWebExchange())
-				.block();
+		this.function.filter(request, this.exchange).subscriberContext(serverWebExchange()).block();
 
 		verify(this.refreshTokenTokenResponseClient).getTokenResponse(any());
 		verify(this.authorizedClientRepository).saveAuthorizedClient(any(), any(), any());
@@ -405,15 +376,12 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 
 	@Test
 	public void filterWhenRefreshTokenNullThenShouldRefreshFalse() {
-		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration,
-				"principalName", this.accessToken);
+		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
+				this.accessToken);
 		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
-				.attributes(oauth2AuthorizedClient(authorizedClient))
-				.build();
+				.attributes(oauth2AuthorizedClient(authorizedClient)).build();
 
-		this.function.filter(request, this.exchange)
-				.subscriberContext(serverWebExchange())
-				.block();
+		this.function.filter(request, this.exchange).subscriberContext(serverWebExchange()).block();
 
 		List<ClientRequest> requests = this.exchange.getRequests();
 		assertThat(requests).hasSize(1);
@@ -428,15 +396,12 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 	@Test
 	public void filterWhenNotExpiredThenShouldRefreshFalse() {
 		OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", this.accessToken.getIssuedAt());
-		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration,
-				"principalName", this.accessToken, refreshToken);
+		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
+				this.accessToken, refreshToken);
 		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
-				.attributes(oauth2AuthorizedClient(authorizedClient))
-				.build();
+				.attributes(oauth2AuthorizedClient(authorizedClient)).build();
 
-		this.function.filter(request, this.exchange)
-				.subscriberContext(serverWebExchange())
-				.block();
+		this.function.filter(request, this.exchange).subscriberContext(serverWebExchange()).block();
 
 		List<ClientRequest> requests = this.exchange.getRequests();
 		assertThat(requests).hasSize(1);
@@ -456,34 +421,28 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		when(authorizationFailureHandler.onAuthorizationFailure(any(), any(), any())).thenReturn(publisherProbe.mono());
 
 		OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", this.accessToken.getIssuedAt());
-		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration,
-				"principalName", this.accessToken, refreshToken);
+		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
+				this.accessToken, refreshToken);
 		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
-				.attributes(oauth2AuthorizedClient(authorizedClient))
-				.build();
+				.attributes(oauth2AuthorizedClient(authorizedClient)).build();
 
 		when(exchange.getResponse().rawStatusCode()).thenReturn(HttpStatus.UNAUTHORIZED.value());
 
-		this.function.filter(request, this.exchange)
-				.subscriberContext(serverWebExchange())
-				.block();
+		this.function.filter(request, this.exchange).subscriberContext(serverWebExchange()).block();
 
 		assertThat(publisherProbe.wasSubscribed()).isTrue();
 
-		verify(authorizationFailureHandler).onAuthorizationFailure(
-				authorizationExceptionCaptor.capture(),
-				authenticationCaptor.capture(),
-				attributesCaptor.capture());
+		verify(authorizationFailureHandler).onAuthorizationFailure(authorizationExceptionCaptor.capture(),
+				authenticationCaptor.capture(), attributesCaptor.capture());
 
-		assertThat(authorizationExceptionCaptor.getValue())
-				.isInstanceOfSatisfying(ClientAuthorizationException.class, e -> {
+		assertThat(authorizationExceptionCaptor.getValue()).isInstanceOfSatisfying(ClientAuthorizationException.class,
+				e -> {
 					assertThat(e.getClientRegistrationId()).isEqualTo(registration.getRegistrationId());
 					assertThat(e.getError().getErrorCode()).isEqualTo("invalid_token");
 					assertThat(e).hasNoCause();
 					assertThat(e).hasMessageContaining("[invalid_token]");
 				});
-		assertThat(authenticationCaptor.getValue())
-				.isInstanceOf(AnonymousAuthenticationToken.class);
+		assertThat(authenticationCaptor.getValue()).isInstanceOf(AnonymousAuthenticationToken.class);
 		assertThat(attributesCaptor.getValue())
 				.containsExactly(entry(ServerWebExchange.class.getName(), this.serverWebExchange));
 	}
@@ -496,42 +455,32 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		when(authorizationFailureHandler.onAuthorizationFailure(any(), any(), any())).thenReturn(publisherProbe.mono());
 
 		OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", this.accessToken.getIssuedAt());
-		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration,
-				"principalName", this.accessToken, refreshToken);
+		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
+				this.accessToken, refreshToken);
 		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
-				.attributes(oauth2AuthorizedClient(authorizedClient))
-				.build();
+				.attributes(oauth2AuthorizedClient(authorizedClient)).build();
 
-		WebClientResponseException exception = WebClientResponseException.create(
-				HttpStatus.UNAUTHORIZED.value(),
-				HttpStatus.UNAUTHORIZED.getReasonPhrase(),
-				HttpHeaders.EMPTY,
-				new byte[0],
-				StandardCharsets.UTF_8);
+		WebClientResponseException exception = WebClientResponseException.create(HttpStatus.UNAUTHORIZED.value(),
+				HttpStatus.UNAUTHORIZED.getReasonPhrase(), HttpHeaders.EMPTY, new byte[0], StandardCharsets.UTF_8);
 
 		ExchangeFunction throwingExchangeFunction = r -> Mono.error(exception);
 
 		assertThatCode(() -> this.function.filter(request, throwingExchangeFunction)
-				.subscriberContext(serverWebExchange())
-				.block())
-				.isEqualTo(exception);
+				.subscriberContext(serverWebExchange()).block()).isEqualTo(exception);
 
 		assertThat(publisherProbe.wasSubscribed()).isTrue();
 
-		verify(authorizationFailureHandler).onAuthorizationFailure(
-				authorizationExceptionCaptor.capture(),
-				authenticationCaptor.capture(),
-				attributesCaptor.capture());
+		verify(authorizationFailureHandler).onAuthorizationFailure(authorizationExceptionCaptor.capture(),
+				authenticationCaptor.capture(), attributesCaptor.capture());
 
-		assertThat(authorizationExceptionCaptor.getValue())
-				.isInstanceOfSatisfying(ClientAuthorizationException.class, e -> {
+		assertThat(authorizationExceptionCaptor.getValue()).isInstanceOfSatisfying(ClientAuthorizationException.class,
+				e -> {
 					assertThat(e.getClientRegistrationId()).isEqualTo(registration.getRegistrationId());
 					assertThat(e.getError().getErrorCode()).isEqualTo("invalid_token");
 					assertThat(e).hasCause(exception);
 					assertThat(e).hasMessageContaining("[invalid_token]");
 				});
-		assertThat(authenticationCaptor.getValue())
-				.isInstanceOf(AnonymousAuthenticationToken.class);
+		assertThat(authenticationCaptor.getValue()).isInstanceOf(AnonymousAuthenticationToken.class);
 		assertThat(attributesCaptor.getValue())
 				.containsExactly(entry(ServerWebExchange.class.getName(), this.serverWebExchange));
 	}
@@ -544,34 +493,28 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		when(authorizationFailureHandler.onAuthorizationFailure(any(), any(), any())).thenReturn(publisherProbe.mono());
 
 		OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", this.accessToken.getIssuedAt());
-		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration,
-				"principalName", this.accessToken, refreshToken);
+		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
+				this.accessToken, refreshToken);
 		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
-				.attributes(oauth2AuthorizedClient(authorizedClient))
-				.build();
+				.attributes(oauth2AuthorizedClient(authorizedClient)).build();
 
 		when(exchange.getResponse().rawStatusCode()).thenReturn(HttpStatus.FORBIDDEN.value());
 
-		this.function.filter(request, this.exchange)
-				.subscriberContext(serverWebExchange())
-				.block();
+		this.function.filter(request, this.exchange).subscriberContext(serverWebExchange()).block();
 
 		assertThat(publisherProbe.wasSubscribed()).isTrue();
 
-		verify(authorizationFailureHandler).onAuthorizationFailure(
-				authorizationExceptionCaptor.capture(),
-				authenticationCaptor.capture(),
-				attributesCaptor.capture());
+		verify(authorizationFailureHandler).onAuthorizationFailure(authorizationExceptionCaptor.capture(),
+				authenticationCaptor.capture(), attributesCaptor.capture());
 
-		assertThat(authorizationExceptionCaptor.getValue())
-				.isInstanceOfSatisfying(ClientAuthorizationException.class, e -> {
+		assertThat(authorizationExceptionCaptor.getValue()).isInstanceOfSatisfying(ClientAuthorizationException.class,
+				e -> {
 					assertThat(e.getClientRegistrationId()).isEqualTo(registration.getRegistrationId());
 					assertThat(e.getError().getErrorCode()).isEqualTo("insufficient_scope");
 					assertThat(e).hasNoCause();
 					assertThat(e).hasMessageContaining("[insufficient_scope]");
 				});
-		assertThat(authenticationCaptor.getValue())
-				.isInstanceOf(AnonymousAuthenticationToken.class);
+		assertThat(authenticationCaptor.getValue()).isInstanceOf(AnonymousAuthenticationToken.class);
 		assertThat(attributesCaptor.getValue())
 				.containsExactly(entry(ServerWebExchange.class.getName(), this.serverWebExchange));
 	}
@@ -584,42 +527,32 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		when(authorizationFailureHandler.onAuthorizationFailure(any(), any(), any())).thenReturn(publisherProbe.mono());
 
 		OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", this.accessToken.getIssuedAt());
-		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration,
-				"principalName", this.accessToken, refreshToken);
+		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
+				this.accessToken, refreshToken);
 		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
-				.attributes(oauth2AuthorizedClient(authorizedClient))
-				.build();
+				.attributes(oauth2AuthorizedClient(authorizedClient)).build();
 
-		WebClientResponseException exception = WebClientResponseException.create(
-				HttpStatus.FORBIDDEN.value(),
-				HttpStatus.FORBIDDEN.getReasonPhrase(),
-				HttpHeaders.EMPTY,
-				new byte[0],
-				StandardCharsets.UTF_8);
+		WebClientResponseException exception = WebClientResponseException.create(HttpStatus.FORBIDDEN.value(),
+				HttpStatus.FORBIDDEN.getReasonPhrase(), HttpHeaders.EMPTY, new byte[0], StandardCharsets.UTF_8);
 
 		ExchangeFunction throwingExchangeFunction = r -> Mono.error(exception);
 
 		assertThatCode(() -> this.function.filter(request, throwingExchangeFunction)
-						.subscriberContext(serverWebExchange())
-						.block())
-				.isEqualTo(exception);
+				.subscriberContext(serverWebExchange()).block()).isEqualTo(exception);
 
 		assertThat(publisherProbe.wasSubscribed()).isTrue();
 
-		verify(authorizationFailureHandler).onAuthorizationFailure(
-				authorizationExceptionCaptor.capture(),
-				authenticationCaptor.capture(),
-				attributesCaptor.capture());
+		verify(authorizationFailureHandler).onAuthorizationFailure(authorizationExceptionCaptor.capture(),
+				authenticationCaptor.capture(), attributesCaptor.capture());
 
-		assertThat(authorizationExceptionCaptor.getValue())
-				.isInstanceOfSatisfying(ClientAuthorizationException.class, e -> {
+		assertThat(authorizationExceptionCaptor.getValue()).isInstanceOfSatisfying(ClientAuthorizationException.class,
+				e -> {
 					assertThat(e.getClientRegistrationId()).isEqualTo(registration.getRegistrationId());
 					assertThat(e.getError().getErrorCode()).isEqualTo("insufficient_scope");
 					assertThat(e).hasCause(exception);
 					assertThat(e).hasMessageContaining("[insufficient_scope]");
 				});
-		assertThat(authenticationCaptor.getValue())
-				.isInstanceOf(AnonymousAuthenticationToken.class);
+		assertThat(authenticationCaptor.getValue()).isInstanceOf(AnonymousAuthenticationToken.class);
 		assertThat(attributesCaptor.getValue())
 				.containsExactly(entry(ServerWebExchange.class.getName(), this.serverWebExchange));
 	}
@@ -632,42 +565,37 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		when(authorizationFailureHandler.onAuthorizationFailure(any(), any(), any())).thenReturn(publisherProbe.mono());
 
 		OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", this.accessToken.getIssuedAt());
-		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration,
-				"principalName", this.accessToken, refreshToken);
+		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
+				this.accessToken, refreshToken);
 		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
-				.attributes(oauth2AuthorizedClient(authorizedClient))
-				.build();
+				.attributes(oauth2AuthorizedClient(authorizedClient)).build();
 
-		String wwwAuthenticateHeader = "Bearer error=\"insufficient_scope\", " +
-				"error_description=\"The request requires higher privileges than provided by the access token.\", " +
-				"error_uri=\"https://tools.ietf.org/html/rfc6750#section-3.1\"";
+		String wwwAuthenticateHeader = "Bearer error=\"insufficient_scope\", "
+				+ "error_description=\"The request requires higher privileges than provided by the access token.\", "
+				+ "error_uri=\"https://tools.ietf.org/html/rfc6750#section-3.1\"";
 		ClientResponse.Headers headers = mock(ClientResponse.Headers.class);
 		when(headers.header(eq(HttpHeaders.WWW_AUTHENTICATE)))
 				.thenReturn(Collections.singletonList(wwwAuthenticateHeader));
 		when(this.exchange.getResponse().headers()).thenReturn(headers);
 
-		this.function.filter(request, this.exchange)
-				.subscriberContext(serverWebExchange())
-				.block();
+		this.function.filter(request, this.exchange).subscriberContext(serverWebExchange()).block();
 
 		assertThat(publisherProbe.wasSubscribed()).isTrue();
 
-		verify(authorizationFailureHandler).onAuthorizationFailure(
-				authorizationExceptionCaptor.capture(),
-				authenticationCaptor.capture(),
-				attributesCaptor.capture());
+		verify(authorizationFailureHandler).onAuthorizationFailure(authorizationExceptionCaptor.capture(),
+				authenticationCaptor.capture(), attributesCaptor.capture());
 
-		assertThat(authorizationExceptionCaptor.getValue())
-				.isInstanceOfSatisfying(ClientAuthorizationException.class, e -> {
+		assertThat(authorizationExceptionCaptor.getValue()).isInstanceOfSatisfying(ClientAuthorizationException.class,
+				e -> {
 					assertThat(e.getClientRegistrationId()).isEqualTo(registration.getRegistrationId());
 					assertThat(e.getError().getErrorCode()).isEqualTo(OAuth2ErrorCodes.INSUFFICIENT_SCOPE);
-					assertThat(e.getError().getDescription()).isEqualTo("The request requires higher privileges than provided by the access token.");
+					assertThat(e.getError().getDescription())
+							.isEqualTo("The request requires higher privileges than provided by the access token.");
 					assertThat(e.getError().getUri()).isEqualTo("https://tools.ietf.org/html/rfc6750#section-3.1");
 					assertThat(e).hasNoCause();
 					assertThat(e).hasMessageContaining(OAuth2ErrorCodes.INSUFFICIENT_SCOPE);
 				});
-		assertThat(authenticationCaptor.getValue())
-				.isInstanceOf(AnonymousAuthenticationToken.class);
+		assertThat(authenticationCaptor.getValue()).isInstanceOf(AnonymousAuthenticationToken.class);
 		assertThat(attributesCaptor.getValue())
 				.containsExactly(entry(ServerWebExchange.class.getName(), this.serverWebExchange));
 	}
@@ -680,32 +608,26 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		when(authorizationFailureHandler.onAuthorizationFailure(any(), any(), any())).thenReturn(publisherProbe.mono());
 
 		OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", this.accessToken.getIssuedAt());
-		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration,
-				"principalName", this.accessToken, refreshToken);
+		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
+				this.accessToken, refreshToken);
 		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
-				.attributes(oauth2AuthorizedClient(authorizedClient))
-				.build();
+				.attributes(oauth2AuthorizedClient(authorizedClient)).build();
 
-		OAuth2AuthorizationException exception = new OAuth2AuthorizationException(new OAuth2Error(OAuth2ErrorCodes.INVALID_TOKEN, null, null));
+		OAuth2AuthorizationException exception = new OAuth2AuthorizationException(
+				new OAuth2Error(OAuth2ErrorCodes.INVALID_TOKEN, null, null));
 
 		ExchangeFunction throwingExchangeFunction = r -> Mono.error(exception);
 
 		assertThatCode(() -> this.function.filter(request, throwingExchangeFunction)
-						.subscriberContext(serverWebExchange())
-						.block())
-				.isEqualTo(exception);
+				.subscriberContext(serverWebExchange()).block()).isEqualTo(exception);
 
 		assertThat(publisherProbe.wasSubscribed()).isTrue();
 
-		verify(authorizationFailureHandler).onAuthorizationFailure(
-				authorizationExceptionCaptor.capture(),
-				authenticationCaptor.capture(),
-				attributesCaptor.capture());
+		verify(authorizationFailureHandler).onAuthorizationFailure(authorizationExceptionCaptor.capture(),
+				authenticationCaptor.capture(), attributesCaptor.capture());
 
-		assertThat(authorizationExceptionCaptor.getValue())
-				.isSameAs(exception);
-		assertThat(authenticationCaptor.getValue())
-				.isInstanceOf(AnonymousAuthenticationToken.class);
+		assertThat(authorizationExceptionCaptor.getValue()).isSameAs(exception);
+		assertThat(authenticationCaptor.getValue()).isInstanceOf(AnonymousAuthenticationToken.class);
 		assertThat(attributesCaptor.getValue())
 				.containsExactly(entry(ServerWebExchange.class.getName(), this.serverWebExchange));
 	}
@@ -715,17 +637,14 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		function.setAuthorizationFailureHandler(authorizationFailureHandler);
 
 		OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", this.accessToken.getIssuedAt());
-		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration,
-				"principalName", this.accessToken, refreshToken);
+		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
+				this.accessToken, refreshToken);
 		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
-				.attributes(oauth2AuthorizedClient(authorizedClient))
-				.build();
+				.attributes(oauth2AuthorizedClient(authorizedClient)).build();
 
 		when(exchange.getResponse().rawStatusCode()).thenReturn(HttpStatus.BAD_REQUEST.value());
 
-		this.function.filter(request, this.exchange)
-				.subscriberContext(serverWebExchange())
-				.block();
+		this.function.filter(request, this.exchange).subscriberContext(serverWebExchange()).block();
 
 		verify(authorizationFailureHandler, never()).onAuthorizationFailure(any(), any(), any());
 	}
@@ -736,46 +655,39 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		ClientRegistration registration = TestClientRegistrations.password().build();
 
 		OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("new-token")
-				.tokenType(OAuth2AccessToken.TokenType.BEARER)
-				.expiresIn(360)
-				.build();
+				.tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(360).build();
 		when(this.passwordTokenResponseClient.getTokenResponse(any())).thenReturn(Mono.just(accessTokenResponse));
 
-		when(this.clientRegistrationRepository.findByRegistrationId(eq(registration.getRegistrationId()))).thenReturn(Mono.just(registration));
-		when(this.authorizedClientRepository.loadAuthorizedClient(eq(registration.getRegistrationId()), eq(authentication), any())).thenReturn(Mono.empty());
+		when(this.clientRegistrationRepository.findByRegistrationId(eq(registration.getRegistrationId())))
+				.thenReturn(Mono.just(registration));
+		when(this.authorizedClientRepository.loadAuthorizedClient(eq(registration.getRegistrationId()),
+				eq(authentication), any())).thenReturn(Mono.empty());
 
 		// Set custom contextAttributesMapper capable of mapping the form parameters
 		this.authorizedClientManager.setContextAttributesMapper(authorizeRequest -> {
 			ServerWebExchange serverWebExchange = authorizeRequest.getAttribute(ServerWebExchange.class.getName());
-			return Mono.just(serverWebExchange)
-					.flatMap(ServerWebExchange::getFormData)
-					.map(formData -> {
-						Map<String, Object> contextAttributes = new HashMap<>();
-						String username = formData.getFirst(OAuth2ParameterNames.USERNAME);
-						String password = formData.getFirst(OAuth2ParameterNames.PASSWORD);
-						if (StringUtils.hasText(username) && StringUtils.hasText(password)) {
-							contextAttributes.put(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, username);
-							contextAttributes.put(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, password);
-						}
-						return contextAttributes;
-					});
+			return Mono.just(serverWebExchange).flatMap(ServerWebExchange::getFormData).map(formData -> {
+				Map<String, Object> contextAttributes = new HashMap<>();
+				String username = formData.getFirst(OAuth2ParameterNames.USERNAME);
+				String password = formData.getFirst(OAuth2ParameterNames.PASSWORD);
+				if (StringUtils.hasText(username) && StringUtils.hasText(password)) {
+					contextAttributes.put(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, username);
+					contextAttributes.put(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, password);
+				}
+				return contextAttributes;
+			});
 		});
 
-		this.serverWebExchange = MockServerWebExchange.builder(
-				MockServerHttpRequest
-						.post("/")
-						.contentType(MediaType.APPLICATION_FORM_URLENCODED)
-						.body("username=username&password=password"))
+		this.serverWebExchange = MockServerWebExchange.builder(MockServerHttpRequest.post("/")
+				.contentType(MediaType.APPLICATION_FORM_URLENCODED).body("username=username&password=password"))
 				.build();
 
 		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
-				.attributes(clientRegistrationId(registration.getRegistrationId()))
-				.build();
+				.attributes(clientRegistrationId(registration.getRegistrationId())).build();
 
 		this.function.filter(request, this.exchange)
 				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication))
-				.subscriberContext(serverWebExchange())
-				.block();
+				.subscriberContext(serverWebExchange()).block();
 
 		verify(this.passwordTokenResponseClient).getTokenResponse(any());
 		verify(this.authorizedClientRepository).saveAuthorizedClient(any(), eq(authentication), any());
@@ -792,16 +704,14 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 	@Test
 	public void filterWhenClientRegistrationIdThenAuthorizedClientResolved() {
 		OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", this.accessToken.getIssuedAt());
-		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration,
-				"principalName", this.accessToken, refreshToken);
-		when(this.authorizedClientRepository.loadAuthorizedClient(any(), any(), any())).thenReturn(Mono.just(authorizedClient));
+		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
+				this.accessToken, refreshToken);
+		when(this.authorizedClientRepository.loadAuthorizedClient(any(), any(), any()))
+				.thenReturn(Mono.just(authorizedClient));
 		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
-				.attributes(clientRegistrationId(this.registration.getRegistrationId()))
-				.build();
+				.attributes(clientRegistrationId(this.registration.getRegistrationId())).build();
 
-		this.function.filter(request, this.exchange)
-				.subscriberContext(serverWebExchange())
-				.block();
+		this.function.filter(request, this.exchange).subscriberContext(serverWebExchange()).block();
 
 		List<ClientRequest> requests = this.exchange.getRequests();
 		assertThat(requests).hasSize(1);
@@ -817,15 +727,13 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 	public void filterWhenDefaultClientRegistrationIdThenAuthorizedClientResolved() {
 		this.function.setDefaultClientRegistrationId(this.registration.getRegistrationId());
 		OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", this.accessToken.getIssuedAt());
-		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration,
-				"principalName", this.accessToken, refreshToken);
-		when(this.authorizedClientRepository.loadAuthorizedClient(any(), any(), any())).thenReturn(Mono.just(authorizedClient));
-		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
-				.build();
+		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
+				this.accessToken, refreshToken);
+		when(this.authorizedClientRepository.loadAuthorizedClient(any(), any(), any()))
+				.thenReturn(Mono.just(authorizedClient));
+		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com")).build();
 
-		this.function.filter(request, this.exchange)
-				.subscriberContext(serverWebExchange())
-				.block();
+		this.function.filter(request, this.exchange).subscriberContext(serverWebExchange()).block();
 
 		List<ClientRequest> requests = this.exchange.getRequests();
 		assertThat(requests).hasSize(1);
@@ -842,20 +750,19 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		this.function.setDefaultOAuth2AuthorizedClient(true);
 
 		OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", this.accessToken.getIssuedAt());
-		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration,
-				"principalName", this.accessToken, refreshToken);
-		when(this.authorizedClientRepository.loadAuthorizedClient(any(), any(), any())).thenReturn(Mono.just(authorizedClient));
-		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
-				.build();
+		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
+				this.accessToken, refreshToken);
+		when(this.authorizedClientRepository.loadAuthorizedClient(any(), any(), any()))
+				.thenReturn(Mono.just(authorizedClient));
+		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com")).build();
 
-		OAuth2User user = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("ROLE_USER"), Collections
-				.singletonMap("user", "rob"), "user");
-		OAuth2AuthenticationToken authentication = new OAuth2AuthenticationToken(user, user.getAuthorities(), "client-id");
-		this.function
-				.filter(request, this.exchange)
+		OAuth2User user = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("ROLE_USER"),
+				Collections.singletonMap("user", "rob"), "user");
+		OAuth2AuthenticationToken authentication = new OAuth2AuthenticationToken(user, user.getAuthorities(),
+				"client-id");
+		this.function.filter(request, this.exchange)
 				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication))
-				.subscriberContext(serverWebExchange())
-				.block();
+				.subscriberContext(serverWebExchange()).block();
 
 		List<ClientRequest> requests = this.exchange.getRequests();
 		assertThat(requests).hasSize(1);
@@ -869,17 +776,15 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 
 	@Test
 	public void filterWhenDefaultOAuth2AuthorizedClientFalseThenEmpty() {
-		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
-				.build();
+		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com")).build();
 
-		OAuth2User user = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("ROLE_USER"), Collections
-				.singletonMap("user", "rob"), "user");
-		OAuth2AuthenticationToken authentication = new OAuth2AuthenticationToken(user, user.getAuthorities(), "client-id");
+		OAuth2User user = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("ROLE_USER"),
+				Collections.singletonMap("user", "rob"), "user");
+		OAuth2AuthenticationToken authentication = new OAuth2AuthenticationToken(user, user.getAuthorities(),
+				"client-id");
 
-		this.function
-				.filter(request, this.exchange)
-				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication))
-				.block();
+		this.function.filter(request, this.exchange)
+				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication)).block();
 
 		List<ClientRequest> requests = this.exchange.getRequests();
 		assertThat(requests).hasSize(1);
@@ -890,41 +795,41 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 	@Test
 	public void filterWhenClientRegistrationIdAndServerWebExchangeFromContextThenServerWebExchangeFromContext() {
 		OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", this.accessToken.getIssuedAt());
-		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration,
-				"principalName", this.accessToken, refreshToken);
-		when(this.authorizedClientRepository.loadAuthorizedClient(any(), any(), any())).thenReturn(Mono.just(authorizedClient));
+		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
+				this.accessToken, refreshToken);
+		when(this.authorizedClientRepository.loadAuthorizedClient(any(), any(), any()))
+				.thenReturn(Mono.just(authorizedClient));
 		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
-				.attributes(clientRegistrationId(this.registration.getRegistrationId()))
-				.build();
+				.attributes(clientRegistrationId(this.registration.getRegistrationId())).build();
 
-		this.function.filter(request, this.exchange)
-				.subscriberContext(serverWebExchange())
-				.block();
+		this.function.filter(request, this.exchange).subscriberContext(serverWebExchange()).block();
 
-		verify(this.authorizedClientRepository).loadAuthorizedClient(eq(this.registration.getRegistrationId()), any(), eq(this.serverWebExchange));
+		verify(this.authorizedClientRepository).loadAuthorizedClient(eq(this.registration.getRegistrationId()), any(),
+				eq(this.serverWebExchange));
 	}
 
 	// gh-7544
 	@Test
 	public void filterWhenClientCredentialsClientNotAuthorizedAndOutsideRequestContextThenGetNewToken() {
-		// Use UnAuthenticatedServerOAuth2AuthorizedClientRepository when operating outside of a request context
-		ServerOAuth2AuthorizedClientRepository unauthenticatedAuthorizedClientRepository = spy(new UnAuthenticatedServerOAuth2AuthorizedClientRepository());
-		this.function = new ServerOAuth2AuthorizedClientExchangeFilterFunction(
-				this.clientRegistrationRepository, unauthenticatedAuthorizedClientRepository);
+		// Use UnAuthenticatedServerOAuth2AuthorizedClientRepository when operating
+		// outside of a request context
+		ServerOAuth2AuthorizedClientRepository unauthenticatedAuthorizedClientRepository = spy(
+				new UnAuthenticatedServerOAuth2AuthorizedClientRepository());
+		this.function = new ServerOAuth2AuthorizedClientExchangeFilterFunction(this.clientRegistrationRepository,
+				unauthenticatedAuthorizedClientRepository);
 		this.function.setClientCredentialsTokenResponseClient(this.clientCredentialsTokenResponseClient);
 
 		OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("new-token")
-				.tokenType(OAuth2AccessToken.TokenType.BEARER)
-				.expiresIn(360)
-				.build();
-		when(this.clientCredentialsTokenResponseClient.getTokenResponse(any())).thenReturn(Mono.just(accessTokenResponse));
+				.tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(360).build();
+		when(this.clientCredentialsTokenResponseClient.getTokenResponse(any()))
+				.thenReturn(Mono.just(accessTokenResponse));
 
 		ClientRegistration registration = TestClientRegistrations.clientCredentials().build();
-		when(this.clientRegistrationRepository.findByRegistrationId(eq(registration.getRegistrationId()))).thenReturn(Mono.just(registration));
+		when(this.clientRegistrationRepository.findByRegistrationId(eq(registration.getRegistrationId())))
+				.thenReturn(Mono.just(registration));
 
 		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
-				.attributes(clientRegistrationId(registration.getRegistrationId()))
-				.build();
+				.attributes(clientRegistrationId(registration.getRegistrationId())).build();
 
 		this.function.filter(request, this.exchange).block();
 
@@ -978,4 +883,5 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		request.body().insert(body, context).block();
 		return body.getBodyAsString().block();
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionITests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionITests.java
index 4fc245d31b..280323e56b 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionITests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionITests.java
@@ -63,26 +63,36 @@ import static org.springframework.security.oauth2.client.web.reactive.function.c
  * @author Joe Grandja
  */
 public class ServletOAuth2AuthorizedClientExchangeFilterFunctionITests {
+
 	private ClientRegistrationRepository clientRegistrationRepository;
+
 	private OAuth2AuthorizedClientRepository authorizedClientRepository;
+
 	private ServletOAuth2AuthorizedClientExchangeFilterFunction authorizedClientFilter;
+
 	private MockWebServer server;
+
 	private String serverUrl;
+
 	private WebClient webClient;
+
 	private Authentication authentication;
+
 	private MockHttpServletRequest request;
+
 	private MockHttpServletResponse response;
 
 	@BeforeClass
 	public static void setUpBlockingChecks() {
 		// IMPORTANT:
-		// Before enabling BlockHound, we need to white-list `java.lang.Class.getPackage()`.
+		// Before enabling BlockHound, we need to white-list
+		// `java.lang.Class.getPackage()`.
 		// When the JVM loads `java.lang.Package.getSystemPackage()`, it attempts to
-		// `java.lang.Package.loadManifest()` which is blocking I/O and triggers BlockHound to error.
-		// NOTE: This is an issue with JDK 8. It's been tested on JDK 10 and works fine w/o this white-list.
-		BlockHound.builder()
-				.allowBlockingCallsInside(Class.class.getName(), "getPackage")
-				.install();
+		// `java.lang.Package.loadManifest()` which is blocking I/O and triggers
+		// BlockHound to error.
+		// NOTE: This is an issue with JDK 8. It's been tested on JDK 10 and works fine
+		// w/o this white-list.
+		BlockHound.builder().allowBlockingCallsInside(Class.class.getName(), "getPackage").install();
 	}
 
 	@Before
@@ -92,17 +102,20 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionITests {
 				new InMemoryOAuth2AuthorizedClientService(this.clientRegistrationRepository));
 		this.authorizedClientRepository = spy(new OAuth2AuthorizedClientRepository() {
 			@Override
-			public <T extends OAuth2AuthorizedClient> T loadAuthorizedClient(String clientRegistrationId, Authentication principal, HttpServletRequest request) {
+			public <T extends OAuth2AuthorizedClient> T loadAuthorizedClient(String clientRegistrationId,
+					Authentication principal, HttpServletRequest request) {
 				return delegate.loadAuthorizedClient(clientRegistrationId, principal, request);
 			}
 
 			@Override
-			public void saveAuthorizedClient(OAuth2AuthorizedClient authorizedClient, Authentication principal, HttpServletRequest request, HttpServletResponse response) {
+			public void saveAuthorizedClient(OAuth2AuthorizedClient authorizedClient, Authentication principal,
+					HttpServletRequest request, HttpServletResponse response) {
 				delegate.saveAuthorizedClient(authorizedClient, principal, request, response);
 			}
 
 			@Override
-			public void removeAuthorizedClient(String clientRegistrationId, Authentication principal, HttpServletRequest request, HttpServletResponse response) {
+			public void removeAuthorizedClient(String clientRegistrationId, Authentication principal,
+					HttpServletRequest request, HttpServletResponse response) {
 				delegate.removeAuthorizedClient(clientRegistrationId, principal, request, response);
 			}
 		});
@@ -111,9 +124,7 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionITests {
 		this.server = new MockWebServer();
 		this.server.start();
 		this.serverUrl = this.server.url("/").toString();
-		this.webClient = WebClient.builder()
-				.apply(this.authorizedClientFilter.oauth2Configuration())
-				.build();
+		this.webClient = WebClient.builder().apply(this.authorizedClientFilter.oauth2Configuration()).build();
 		this.authentication = new TestingAuthenticationToken("principal", "password");
 		SecurityContextHolder.getContext().setAuthentication(this.authentication);
 		this.request = new MockHttpServletRequest();
@@ -130,80 +141,66 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionITests {
 
 	@Test
 	public void requestWhenNotAuthorizedThenAuthorizeAndSendRequest() {
-		String accessTokenResponse = "{\n" +
-				"	\"access_token\": \"access-token-1234\",\n" +
-				"   \"token_type\": \"bearer\",\n" +
-				"   \"expires_in\": \"3600\",\n" +
-				"   \"scope\": \"read write\"\n" +
-				"}\n";
-		String clientResponse = "{\n" +
-				"	\"attribute1\": \"value1\",\n" +
-				"	\"attribute2\": \"value2\"\n" +
-				"}\n";
+		String accessTokenResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
+				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\",\n"
+				+ "   \"scope\": \"read write\"\n" + "}\n";
+		String clientResponse = "{\n" + "	\"attribute1\": \"value1\",\n" + "	\"attribute2\": \"value2\"\n" + "}\n";
 
 		this.server.enqueue(jsonResponse(accessTokenResponse));
 		this.server.enqueue(jsonResponse(clientResponse));
 
-		ClientRegistration clientRegistration = TestClientRegistrations.clientCredentials().tokenUri(this.serverUrl).build();
-		when(this.clientRegistrationRepository.findByRegistrationId(eq(clientRegistration.getRegistrationId()))).thenReturn(clientRegistration);
+		ClientRegistration clientRegistration = TestClientRegistrations.clientCredentials().tokenUri(this.serverUrl)
+				.build();
+		when(this.clientRegistrationRepository.findByRegistrationId(eq(clientRegistration.getRegistrationId())))
+				.thenReturn(clientRegistration);
 
-		this.webClient
-				.get()
-				.uri(this.serverUrl)
-				.attributes(clientRegistrationId(clientRegistration.getRegistrationId()))
-				.retrieve()
-				.bodyToMono(String.class)
-				.block();
+		this.webClient.get().uri(this.serverUrl)
+				.attributes(clientRegistrationId(clientRegistration.getRegistrationId())).retrieve()
+				.bodyToMono(String.class).block();
 
 		assertThat(this.server.getRequestCount()).isEqualTo(2);
 
-		ArgumentCaptor<OAuth2AuthorizedClient> authorizedClientCaptor = ArgumentCaptor.forClass(OAuth2AuthorizedClient.class);
-		verify(this.authorizedClientRepository).saveAuthorizedClient(
-				authorizedClientCaptor.capture(), eq(this.authentication), eq(this.request), eq(this.response));
+		ArgumentCaptor<OAuth2AuthorizedClient> authorizedClientCaptor = ArgumentCaptor
+				.forClass(OAuth2AuthorizedClient.class);
+		verify(this.authorizedClientRepository).saveAuthorizedClient(authorizedClientCaptor.capture(),
+				eq(this.authentication), eq(this.request), eq(this.response));
 		assertThat(authorizedClientCaptor.getValue().getClientRegistration()).isSameAs(clientRegistration);
 	}
 
 	@Test
 	public void requestWhenAuthorizedButExpiredThenRefreshAndSendRequest() {
-		String accessTokenResponse = "{\n" +
-				"	\"access_token\": \"refreshed-access-token\",\n" +
-				"   \"token_type\": \"bearer\",\n" +
-				"   \"expires_in\": \"3600\"\n" +
-				"}\n";
-		String clientResponse = "{\n" +
-				"	\"attribute1\": \"value1\",\n" +
-				"	\"attribute2\": \"value2\"\n" +
-				"}\n";
+		String accessTokenResponse = "{\n" + "	\"access_token\": \"refreshed-access-token\",\n"
+				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\"\n" + "}\n";
+		String clientResponse = "{\n" + "	\"attribute1\": \"value1\",\n" + "	\"attribute2\": \"value2\"\n" + "}\n";
 
 		this.server.enqueue(jsonResponse(accessTokenResponse));
 		this.server.enqueue(jsonResponse(clientResponse));
 
-		ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().tokenUri(this.serverUrl).build();
-		when(this.clientRegistrationRepository.findByRegistrationId(eq(clientRegistration.getRegistrationId()))).thenReturn(clientRegistration);
+		ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().tokenUri(this.serverUrl)
+				.build();
+		when(this.clientRegistrationRepository.findByRegistrationId(eq(clientRegistration.getRegistrationId())))
+				.thenReturn(clientRegistration);
 
 		Instant issuedAt = Instant.now().minus(Duration.ofDays(1));
 		Instant expiresAt = issuedAt.plus(Duration.ofHours(1));
 		OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,
 				"expired-access-token", issuedAt, expiresAt, new HashSet<>(Arrays.asList("read", "write")));
 		OAuth2RefreshToken refreshToken = TestOAuth2RefreshTokens.refreshToken();
-		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(
-				clientRegistration, this.authentication.getName(), accessToken, refreshToken);
+		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(clientRegistration,
+				this.authentication.getName(), accessToken, refreshToken);
 		doReturn(authorizedClient).when(this.authorizedClientRepository).loadAuthorizedClient(
 				eq(clientRegistration.getRegistrationId()), eq(this.authentication), eq(this.request));
 
-		this.webClient
-				.get()
-				.uri(this.serverUrl)
-				.attributes(clientRegistrationId(clientRegistration.getRegistrationId()))
-				.retrieve()
-				.bodyToMono(String.class)
-				.block();
+		this.webClient.get().uri(this.serverUrl)
+				.attributes(clientRegistrationId(clientRegistration.getRegistrationId())).retrieve()
+				.bodyToMono(String.class).block();
 
 		assertThat(this.server.getRequestCount()).isEqualTo(2);
 
-		ArgumentCaptor<OAuth2AuthorizedClient> authorizedClientCaptor = ArgumentCaptor.forClass(OAuth2AuthorizedClient.class);
-		verify(this.authorizedClientRepository).saveAuthorizedClient(
-				authorizedClientCaptor.capture(), eq(this.authentication), eq(this.request), eq(this.response));
+		ArgumentCaptor<OAuth2AuthorizedClient> authorizedClientCaptor = ArgumentCaptor
+				.forClass(OAuth2AuthorizedClient.class);
+		verify(this.authorizedClientRepository).saveAuthorizedClient(authorizedClientCaptor.capture(),
+				eq(this.authentication), eq(this.request), eq(this.response));
 		OAuth2AuthorizedClient refreshedAuthorizedClient = authorizedClientCaptor.getValue();
 		assertThat(refreshedAuthorizedClient.getClientRegistration()).isSameAs(clientRegistration);
 		assertThat(refreshedAuthorizedClient.getAccessToken().getTokenValue()).isEqualTo("refreshed-access-token");
@@ -211,53 +208,43 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionITests {
 
 	@Test
 	public void requestMultipleWhenNoneAuthorizedThenAuthorizeAndSendRequest() {
-		String accessTokenResponse = "{\n" +
-				"	\"access_token\": \"access-token-1234\",\n" +
-				"   \"token_type\": \"bearer\",\n" +
-				"   \"expires_in\": \"3600\",\n" +
-				"   \"scope\": \"read write\"\n" +
-				"}\n";
-		String clientResponse = "{\n" +
-				"	\"attribute1\": \"value1\",\n" +
-				"	\"attribute2\": \"value2\"\n" +
-				"}\n";
+		String accessTokenResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
+				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\",\n"
+				+ "   \"scope\": \"read write\"\n" + "}\n";
+		String clientResponse = "{\n" + "	\"attribute1\": \"value1\",\n" + "	\"attribute2\": \"value2\"\n" + "}\n";
 
 		// Client 1
 		this.server.enqueue(jsonResponse(accessTokenResponse));
 		this.server.enqueue(jsonResponse(clientResponse));
 
-		ClientRegistration clientRegistration1 = TestClientRegistrations.clientCredentials()
-				.registrationId("client-1").tokenUri(this.serverUrl).build();
-		when(this.clientRegistrationRepository.findByRegistrationId(eq(clientRegistration1.getRegistrationId()))).thenReturn(clientRegistration1);
+		ClientRegistration clientRegistration1 = TestClientRegistrations.clientCredentials().registrationId("client-1")
+				.tokenUri(this.serverUrl).build();
+		when(this.clientRegistrationRepository.findByRegistrationId(eq(clientRegistration1.getRegistrationId())))
+				.thenReturn(clientRegistration1);
 
 		// Client 2
 		this.server.enqueue(jsonResponse(accessTokenResponse));
 		this.server.enqueue(jsonResponse(clientResponse));
 
-		ClientRegistration clientRegistration2 = TestClientRegistrations.clientCredentials()
-				.registrationId("client-2").tokenUri(this.serverUrl).build();
-		when(this.clientRegistrationRepository.findByRegistrationId(eq(clientRegistration2.getRegistrationId()))).thenReturn(clientRegistration2);
+		ClientRegistration clientRegistration2 = TestClientRegistrations.clientCredentials().registrationId("client-2")
+				.tokenUri(this.serverUrl).build();
+		when(this.clientRegistrationRepository.findByRegistrationId(eq(clientRegistration2.getRegistrationId())))
+				.thenReturn(clientRegistration2);
 
-		this.webClient
-				.get()
-				.uri(this.serverUrl)
-				.attributes(clientRegistrationId(clientRegistration1.getRegistrationId()))
-				.retrieve()
+		this.webClient.get().uri(this.serverUrl)
+				.attributes(clientRegistrationId(clientRegistration1.getRegistrationId())).retrieve()
 				.bodyToMono(String.class)
-				.flatMap(response -> this.webClient
-						.get()
-						.uri(this.serverUrl)
-						.attributes(clientRegistrationId(clientRegistration2.getRegistrationId()))
-						.retrieve()
+				.flatMap(response -> this.webClient.get().uri(this.serverUrl)
+						.attributes(clientRegistrationId(clientRegistration2.getRegistrationId())).retrieve()
 						.bodyToMono(String.class))
-				.subscriberContext(context())
-				.block();
+				.subscriberContext(context()).block();
 
 		assertThat(this.server.getRequestCount()).isEqualTo(4);
 
-		ArgumentCaptor<OAuth2AuthorizedClient> authorizedClientCaptor = ArgumentCaptor.forClass(OAuth2AuthorizedClient.class);
-		verify(this.authorizedClientRepository, times(2)).saveAuthorizedClient(
-				authorizedClientCaptor.capture(), eq(this.authentication), eq(this.request), eq(this.response));
+		ArgumentCaptor<OAuth2AuthorizedClient> authorizedClientCaptor = ArgumentCaptor
+				.forClass(OAuth2AuthorizedClient.class);
+		verify(this.authorizedClientRepository, times(2)).saveAuthorizedClient(authorizedClientCaptor.capture(),
+				eq(this.authentication), eq(this.request), eq(this.response));
 		assertThat(authorizedClientCaptor.getAllValues().get(0).getClientRegistration()).isSameAs(clientRegistration1);
 		assertThat(authorizedClientCaptor.getAllValues().get(1).getClientRegistration()).isSameAs(clientRegistration2);
 	}
@@ -271,8 +258,7 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionITests {
 	}
 
 	private MockResponse jsonResponse(String json) {
-		return new MockResponse()
-				.setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE)
-				.setBody(json);
+		return new MockResponse().setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE).setBody(json);
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionTests.java
index 2a0c9cf841..726f7891c1 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionTests.java
@@ -129,28 +129,40 @@ import static org.springframework.security.oauth2.client.web.reactive.function.c
  */
 @RunWith(MockitoJUnitRunner.class)
 public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
+
 	@Mock
 	private OAuth2AuthorizedClientRepository authorizedClientRepository;
+
 	@Mock
 	private ClientRegistrationRepository clientRegistrationRepository;
+
 	@Mock
 	private OAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest> clientCredentialsTokenResponseClient;
+
 	@Mock
 	private OAuth2AccessTokenResponseClient<OAuth2RefreshTokenGrantRequest> refreshTokenTokenResponseClient;
+
 	@Mock
 	private OAuth2AccessTokenResponseClient<OAuth2PasswordGrantRequest> passwordTokenResponseClient;
+
 	@Mock
 	private OAuth2AuthorizationFailureHandler authorizationFailureHandler;
+
 	@Captor
 	private ArgumentCaptor<OAuth2AuthorizationException> authorizationExceptionCaptor;
+
 	@Captor
 	private ArgumentCaptor<Authentication> authenticationCaptor;
+
 	@Captor
 	private ArgumentCaptor<Map<String, Object>> attributesCaptor;
+
 	@Mock
 	private WebClient.RequestHeadersSpec<?> spec;
+
 	@Captor
 	private ArgumentCaptor<Consumer<Map<String, Object>>> attrs;
+
 	@Captor
 	private ArgumentCaptor<OAuth2AuthorizedClient> authorizedClientCaptor;
 
@@ -169,23 +181,20 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 
 	private ClientRegistration registration = TestClientRegistrations.clientRegistration().build();
 
-	private OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,
-			"token-0",
-			Instant.now(),
-			Instant.now().plus(Duration.ofDays(1)));
+	private OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, "token-0",
+			Instant.now(), Instant.now().plus(Duration.ofDays(1)));
 
 	@Before
 	public void setup() {
 		this.authentication = new TestingAuthenticationToken("test", "this");
-		OAuth2AuthorizedClientProvider authorizedClientProvider =
-				OAuth2AuthorizedClientProviderBuilder.builder()
-						.authorizationCode()
-						.refreshToken(configurer -> configurer.accessTokenResponseClient(this.refreshTokenTokenResponseClient))
-						.clientCredentials(configurer -> configurer.accessTokenResponseClient(this.clientCredentialsTokenResponseClient))
-						.password(configurer -> configurer.accessTokenResponseClient(this.passwordTokenResponseClient))
-						.build();
-		this.authorizedClientManager = new DefaultOAuth2AuthorizedClientManager(
-				this.clientRegistrationRepository, this.authorizedClientRepository);
+		OAuth2AuthorizedClientProvider authorizedClientProvider = OAuth2AuthorizedClientProviderBuilder.builder()
+				.authorizationCode()
+				.refreshToken(configurer -> configurer.accessTokenResponseClient(this.refreshTokenTokenResponseClient))
+				.clientCredentials(
+						configurer -> configurer.accessTokenResponseClient(this.clientCredentialsTokenResponseClient))
+				.password(configurer -> configurer.accessTokenResponseClient(this.passwordTokenResponseClient)).build();
+		this.authorizedClientManager = new DefaultOAuth2AuthorizedClientManager(this.clientRegistrationRepository,
+				this.authorizedClientRepository);
 		this.authorizedClientManager.setAuthorizedClientProvider(authorizedClientProvider);
 		this.function = new ServletOAuth2AuthorizedClientExchangeFilterFunction(this.authorizedClientManager);
 	}
@@ -211,18 +220,19 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 
 	@Test
 	public void setClientCredentialsTokenResponseClientWhenNotDefaultAuthorizedClientManagerThenThrowIllegalStateException() {
-		assertThatThrownBy(() -> this.function.setClientCredentialsTokenResponseClient(new DefaultClientCredentialsTokenResponseClient()))
-				.isInstanceOf(IllegalStateException.class)
-				.hasMessage("The client cannot be set when the constructor used is \"ServletOAuth2AuthorizedClientExchangeFilterFunction(OAuth2AuthorizedClientManager)\". " +
-						"Instead, use the constructor \"ServletOAuth2AuthorizedClientExchangeFilterFunction(ClientRegistrationRepository, OAuth2AuthorizedClientRepository)\".");
+		assertThatThrownBy(() -> this.function
+				.setClientCredentialsTokenResponseClient(new DefaultClientCredentialsTokenResponseClient()))
+						.isInstanceOf(IllegalStateException.class).hasMessage(
+								"The client cannot be set when the constructor used is \"ServletOAuth2AuthorizedClientExchangeFilterFunction(OAuth2AuthorizedClientManager)\". "
+										+ "Instead, use the constructor \"ServletOAuth2AuthorizedClientExchangeFilterFunction(ClientRegistrationRepository, OAuth2AuthorizedClientRepository)\".");
 	}
 
 	@Test
 	public void setAccessTokenExpiresSkewWhenNotDefaultAuthorizedClientManagerThenThrowIllegalStateException() {
 		assertThatThrownBy(() -> this.function.setAccessTokenExpiresSkew(Duration.ofSeconds(30)))
-				.isInstanceOf(IllegalStateException.class)
-				.hasMessage("The accessTokenExpiresSkew cannot be set when the constructor used is \"ServletOAuth2AuthorizedClientExchangeFilterFunction(OAuth2AuthorizedClientManager)\". " +
-						"Instead, use the constructor \"ServletOAuth2AuthorizedClientExchangeFilterFunction(ClientRegistrationRepository, OAuth2AuthorizedClientRepository)\".");
+				.isInstanceOf(IllegalStateException.class).hasMessage(
+						"The accessTokenExpiresSkew cannot be set when the constructor used is \"ServletOAuth2AuthorizedClientExchangeFilterFunction(OAuth2AuthorizedClientManager)\". "
+								+ "Instead, use the constructor \"ServletOAuth2AuthorizedClientExchangeFilterFunction(ClientRegistrationRepository, OAuth2AuthorizedClientRepository)\".");
 	}
 
 	@Test
@@ -267,8 +277,7 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 
 	@Test
 	public void filterWhenAuthorizedClientNullThenAuthorizationHeaderNull() {
-		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
-				.build();
+		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com")).build();
 
 		this.function.filter(request, this.exchange).block();
 
@@ -277,31 +286,29 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 
 	@Test
 	public void filterWhenAuthorizedClientThenAuthorizationHeader() {
-		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration,
-				"principalName", this.accessToken);
+		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
+				this.accessToken);
 
 		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
 				.attributes(oauth2AuthorizedClient(authorizedClient))
 				.attributes(httpServletRequest(new MockHttpServletRequest()))
-				.attributes(httpServletResponse(new MockHttpServletResponse()))
-				.build();
+				.attributes(httpServletResponse(new MockHttpServletResponse())).build();
 
 		this.function.filter(request, this.exchange).block();
 
-		assertThat(this.exchange.getRequest().headers().getFirst(HttpHeaders.AUTHORIZATION)).isEqualTo("Bearer " + this.accessToken.getTokenValue());
+		assertThat(this.exchange.getRequest().headers().getFirst(HttpHeaders.AUTHORIZATION))
+				.isEqualTo("Bearer " + this.accessToken.getTokenValue());
 	}
 
 	@Test
 	public void filterWhenExistingAuthorizationThenSingleAuthorizationHeader() {
-		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration,
-				"principalName", this.accessToken);
+		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
+				this.accessToken);
 
 		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
-				.header(HttpHeaders.AUTHORIZATION, "Existing")
-				.attributes(oauth2AuthorizedClient(authorizedClient))
+				.header(HttpHeaders.AUTHORIZATION, "Existing").attributes(oauth2AuthorizedClient(authorizedClient))
 				.attributes(httpServletRequest(new MockHttpServletRequest()))
-				.attributes(httpServletResponse(new MockHttpServletResponse()))
-				.build();
+				.attributes(httpServletResponse(new MockHttpServletResponse())).build();
 
 		this.function.filter(request, this.exchange).block();
 
@@ -312,34 +319,27 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 	@Test
 	public void filterWhenRefreshRequiredThenRefresh() {
 		OAuth2AccessTokenResponse response = OAuth2AccessTokenResponse.withToken("token-1")
-				.tokenType(OAuth2AccessToken.TokenType.BEARER)
-				.expiresIn(3600)
-				.refreshToken("refresh-1")
-				.build();
+				.tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(3600).refreshToken("refresh-1").build();
 		when(this.refreshTokenTokenResponseClient.getTokenResponse(any())).thenReturn(response);
 
 		Instant issuedAt = Instant.now().minus(Duration.ofDays(1));
 		Instant accessTokenExpiresAt = issuedAt.plus(Duration.ofHours(1));
-		this.accessToken = new OAuth2AccessToken(this.accessToken.getTokenType(),
-				this.accessToken.getTokenValue(),
-				issuedAt,
-				accessTokenExpiresAt);
+		this.accessToken = new OAuth2AccessToken(this.accessToken.getTokenType(), this.accessToken.getTokenValue(),
+				issuedAt, accessTokenExpiresAt);
 		OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", issuedAt);
-		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration,
-				"principalName", this.accessToken, refreshToken);
+		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
+				this.accessToken, refreshToken);
 
 		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
-				.attributes(oauth2AuthorizedClient(authorizedClient))
-				.attributes(authentication(this.authentication))
+				.attributes(oauth2AuthorizedClient(authorizedClient)).attributes(authentication(this.authentication))
 				.attributes(httpServletRequest(new MockHttpServletRequest()))
-				.attributes(httpServletResponse(new MockHttpServletResponse()))
-				.build();
+				.attributes(httpServletResponse(new MockHttpServletResponse())).build();
 
 		this.function.filter(request, this.exchange).block();
 
 		verify(this.refreshTokenTokenResponseClient).getTokenResponse(any());
-		verify(this.authorizedClientRepository).saveAuthorizedClient(
-				this.authorizedClientCaptor.capture(), eq(this.authentication), any(), any());
+		verify(this.authorizedClientRepository).saveAuthorizedClient(this.authorizedClientCaptor.capture(),
+				eq(this.authentication), any(), any());
 
 		OAuth2AuthorizedClient newAuthorizedClient = authorizedClientCaptor.getValue();
 		assertThat(newAuthorizedClient.getAccessToken()).isEqualTo(response.getAccessToken());
@@ -358,9 +358,8 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 	@Test
 	public void filterWhenRefreshRequiredThenRefreshAndResponseDoesNotContainRefreshToken() {
 		OAuth2AccessTokenResponse response = OAuth2AccessTokenResponse.withToken("token-1")
-				.tokenType(OAuth2AccessToken.TokenType.BEARER)
-				.expiresIn(3600)
-//				.refreshToken(xxx)  // No refreshToken in response
+				.tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(3600)
+				// .refreshToken(xxx) // No refreshToken in response
 				.build();
 
 		RestOperations refreshTokenClient = mock(RestOperations.class);
@@ -378,25 +377,22 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 
 		Instant issuedAt = Instant.now().minus(Duration.ofDays(1));
 		Instant accessTokenExpiresAt = issuedAt.plus(Duration.ofHours(1));
-		this.accessToken = new OAuth2AccessToken(this.accessToken.getTokenType(),
-				this.accessToken.getTokenValue(),
-				issuedAt,
-				accessTokenExpiresAt);
+		this.accessToken = new OAuth2AccessToken(this.accessToken.getTokenType(), this.accessToken.getTokenValue(),
+				issuedAt, accessTokenExpiresAt);
 		OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", issuedAt);
-		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration,
-				"principalName", this.accessToken, refreshToken);
+		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
+				this.accessToken, refreshToken);
 
 		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
-				.attributes(oauth2AuthorizedClient(authorizedClient))
-				.attributes(authentication(this.authentication))
+				.attributes(oauth2AuthorizedClient(authorizedClient)).attributes(authentication(this.authentication))
 				.attributes(httpServletRequest(new MockHttpServletRequest()))
-				.attributes(httpServletResponse(new MockHttpServletResponse()))
-				.build();
+				.attributes(httpServletResponse(new MockHttpServletResponse())).build();
 
 		this.function.filter(request, this.exchange).block();
 
 		verify(refreshTokenClient).exchange(any(RequestEntity.class), eq(OAuth2AccessTokenResponse.class));
-		verify(this.authorizedClientRepository).saveAuthorizedClient(this.authorizedClientCaptor.capture(), eq(this.authentication), any(), any());
+		verify(this.authorizedClientRepository).saveAuthorizedClient(this.authorizedClientCaptor.capture(),
+				eq(this.authentication), any(), any());
 
 		OAuth2AuthorizedClient newAuthorizedClient = authorizedClientCaptor.getValue();
 		assertThat(newAuthorizedClient.getAccessToken()).isEqualTo(response.getAccessToken());
@@ -415,19 +411,18 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 	@Test
 	public void filterWhenClientCredentialsTokenNotExpiredThenUseCurrentToken() {
 		this.registration = TestClientRegistrations.clientCredentials().build();
-		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration,
-				"principalName", this.accessToken, null);
+		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
+				this.accessToken, null);
 
 		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
-				.attributes(oauth2AuthorizedClient(authorizedClient))
-				.attributes(authentication(this.authentication))
+				.attributes(oauth2AuthorizedClient(authorizedClient)).attributes(authentication(this.authentication))
 				.attributes(httpServletRequest(new MockHttpServletRequest()))
-				.attributes(httpServletResponse(new MockHttpServletResponse()))
-				.build();
+				.attributes(httpServletResponse(new MockHttpServletResponse())).build();
 
 		this.function.filter(request, this.exchange).block();
 
-		verify(this.authorizedClientRepository, never()).saveAuthorizedClient(any(), eq(this.authentication), any(), any());
+		verify(this.authorizedClientRepository, never()).saveAuthorizedClient(any(), eq(this.authentication), any(),
+				any());
 
 		verify(clientCredentialsTokenResponseClient, never()).getTokenResponse(any());
 
@@ -445,27 +440,21 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 	public void filterWhenClientCredentialsTokenExpiredThenGetNewToken() {
 		this.registration = TestClientRegistrations.clientCredentials().build();
 
-		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses
-				.accessTokenResponse().build();
-		when(this.clientCredentialsTokenResponseClient.getTokenResponse(any())).thenReturn(
-				accessTokenResponse);
+		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build();
+		when(this.clientCredentialsTokenResponseClient.getTokenResponse(any())).thenReturn(accessTokenResponse);
 
 		Instant issuedAt = Instant.now().minus(Duration.ofDays(1));
 		Instant accessTokenExpiresAt = issuedAt.plus(Duration.ofHours(1));
-		this.accessToken = new OAuth2AccessToken(this.accessToken.getTokenType(),
-				this.accessToken.getTokenValue(),
-				issuedAt,
-				accessTokenExpiresAt);
+		this.accessToken = new OAuth2AccessToken(this.accessToken.getTokenType(), this.accessToken.getTokenValue(),
+				issuedAt, accessTokenExpiresAt);
 
-		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration,
-				"principalName", this.accessToken, null);
+		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
+				this.accessToken, null);
 
 		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
-				.attributes(oauth2AuthorizedClient(authorizedClient))
-				.attributes(authentication(this.authentication))
+				.attributes(oauth2AuthorizedClient(authorizedClient)).attributes(authentication(this.authentication))
 				.attributes(httpServletRequest(new MockHttpServletRequest()))
-				.attributes(httpServletResponse(new MockHttpServletResponse()))
-				.build();
+				.attributes(httpServletResponse(new MockHttpServletResponse())).build();
 
 		this.function.filter(request, this.exchange).block();
 
@@ -486,13 +475,12 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 	@Test
 	public void filterWhenPasswordClientNotAuthorizedThenGetNewToken() {
 		OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("new-token")
-				.tokenType(OAuth2AccessToken.TokenType.BEARER)
-				.expiresIn(360)
-				.build();
+				.tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(360).build();
 		when(this.passwordTokenResponseClient.getTokenResponse(any())).thenReturn(accessTokenResponse);
 
 		ClientRegistration registration = TestClientRegistrations.password().build();
-		when(this.clientRegistrationRepository.findByRegistrationId(eq(registration.getRegistrationId()))).thenReturn(registration);
+		when(this.clientRegistrationRepository.findByRegistrationId(eq(registration.getRegistrationId())))
+				.thenReturn(registration);
 
 		// Set custom contextAttributesMapper
 		this.authorizedClientManager.setContextAttributesMapper(authorizeRequest -> {
@@ -514,10 +502,8 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 
 		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
 				.attributes(clientRegistrationId(registration.getRegistrationId()))
-				.attributes(authentication(this.authentication))
-				.attributes(httpServletRequest(servletRequest))
-				.attributes(httpServletResponse(servletResponse))
-				.build();
+				.attributes(authentication(this.authentication)).attributes(httpServletRequest(servletRequest))
+				.attributes(httpServletResponse(servletResponse)).build();
 
 		this.function.filter(request, this.exchange).block();
 
@@ -536,25 +522,21 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 	@Test
 	public void filterWhenRefreshRequiredAndEmptyReactiveSecurityContextThenSaved() {
 		OAuth2AccessTokenResponse response = OAuth2AccessTokenResponse.withToken("token-1")
-				.tokenType(OAuth2AccessToken.TokenType.BEARER)
-				.expiresIn(3600)
-				.refreshToken("refresh-1")
-				.build();
+				.tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(3600).refreshToken("refresh-1").build();
 		when(this.refreshTokenTokenResponseClient.getTokenResponse(any())).thenReturn(response);
 
 		Instant issuedAt = Instant.now().minus(Duration.ofDays(1));
 		Instant accessTokenExpiresAt = issuedAt.plus(Duration.ofHours(1));
-		this.accessToken = new OAuth2AccessToken(this.accessToken.getTokenType(),
-				this.accessToken.getTokenValue(), issuedAt, accessTokenExpiresAt);
+		this.accessToken = new OAuth2AccessToken(this.accessToken.getTokenType(), this.accessToken.getTokenValue(),
+				issuedAt, accessTokenExpiresAt);
 		OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", issuedAt);
-		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration,
-				"principalName", this.accessToken, refreshToken);
+		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
+				this.accessToken, refreshToken);
 
 		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
 				.attributes(oauth2AuthorizedClient(authorizedClient))
 				.attributes(httpServletRequest(new MockHttpServletRequest()))
-				.attributes(httpServletResponse(new MockHttpServletResponse()))
-				.build();
+				.attributes(httpServletResponse(new MockHttpServletResponse())).build();
 
 		this.function.filter(request, this.exchange).block();
 
@@ -573,14 +555,13 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 
 	@Test
 	public void filterWhenRefreshTokenNullThenShouldRefreshFalse() {
-		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration,
-				"principalName", this.accessToken);
+		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
+				this.accessToken);
 
 		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
 				.attributes(oauth2AuthorizedClient(authorizedClient))
 				.attributes(httpServletRequest(new MockHttpServletRequest()))
-				.attributes(httpServletResponse(new MockHttpServletResponse()))
-				.build();
+				.attributes(httpServletResponse(new MockHttpServletResponse())).build();
 
 		this.function.filter(request, this.exchange).block();
 
@@ -597,14 +578,13 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 	@Test
 	public void filterWhenNotExpiredThenShouldRefreshFalse() {
 		OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", this.accessToken.getIssuedAt());
-		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration,
-				"principalName", this.accessToken, refreshToken);
+		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
+				this.accessToken, refreshToken);
 
 		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
 				.attributes(oauth2AuthorizedClient(authorizedClient))
 				.attributes(httpServletRequest(new MockHttpServletRequest()))
-				.attributes(httpServletResponse(new MockHttpServletResponse()))
-				.build();
+				.attributes(httpServletResponse(new MockHttpServletResponse())).build();
 
 		this.function.filter(request, this.exchange).block();
 
@@ -628,14 +608,15 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 
 		OAuth2User user = mock(OAuth2User.class);
 		List<GrantedAuthority> authorities = AuthorityUtils.createAuthorityList("ROLE_USER");
-		OAuth2AuthenticationToken authentication = new OAuth2AuthenticationToken(
-				user, authorities, this.registration.getRegistrationId());
+		OAuth2AuthenticationToken authentication = new OAuth2AuthenticationToken(user, authorities,
+				this.registration.getRegistrationId());
 
-		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(
-				this.registration, "principalName", this.accessToken);
+		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
+				this.accessToken);
 
-		when(this.authorizedClientRepository.loadAuthorizedClient(eq(authentication.getAuthorizedClientRegistrationId()),
-				eq(authentication), eq(servletRequest))).thenReturn(authorizedClient);
+		when(this.authorizedClientRepository.loadAuthorizedClient(
+				eq(authentication.getAuthorizedClientRegistrationId()), eq(authentication), eq(servletRequest)))
+						.thenReturn(authorizedClient);
 
 		// Default request attributes set
 		final ClientRequest request1 = ClientRequest.create(GET, URI.create("https://example1.com"))
@@ -646,10 +627,8 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 
 		Context context = context(servletRequest, servletResponse, authentication);
 
-		this.function.filter(request1, this.exchange)
-				.flatMap(response -> this.function.filter(request2, this.exchange))
-				.subscriberContext(context)
-				.block();
+		this.function.filter(request1, this.exchange).flatMap(response -> this.function.filter(request2, this.exchange))
+				.subscriberContext(context).block();
 
 		List<ClientRequest> requests = this.exchange.getRequests();
 		assertThat(requests).hasSize(2);
@@ -678,15 +657,13 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 	}
 
 	private void assertHttpStatusInvokesFailureHandler(HttpStatus httpStatus, String expectedErrorCode) {
-		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(
-				this.registration, "principalName", this.accessToken);
+		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
+				this.accessToken);
 		MockHttpServletRequest servletRequest = new MockHttpServletRequest();
 		MockHttpServletResponse servletResponse = new MockHttpServletResponse();
 		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
-				.attributes(oauth2AuthorizedClient(authorizedClient))
-				.attributes(httpServletRequest(servletRequest))
-				.attributes(httpServletResponse(servletResponse))
-				.build();
+				.attributes(oauth2AuthorizedClient(authorizedClient)).attributes(httpServletRequest(servletRequest))
+				.attributes(httpServletResponse(servletResponse)).build();
 
 		when(this.exchange.getResponse().rawStatusCode()).thenReturn(httpStatus.value());
 		when(this.exchange.getResponse().headers()).thenReturn(mock(ClientResponse.Headers.class));
@@ -694,10 +671,8 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 
 		this.function.filter(request, this.exchange).block();
 
-		verify(this.authorizationFailureHandler).onAuthorizationFailure(
-				this.authorizationExceptionCaptor.capture(),
-				this.authenticationCaptor.capture(),
-				this.attributesCaptor.capture());
+		verify(this.authorizationFailureHandler).onAuthorizationFailure(this.authorizationExceptionCaptor.capture(),
+				this.authenticationCaptor.capture(), this.attributesCaptor.capture());
 
 		assertThat(this.authorizationExceptionCaptor.getValue())
 				.isInstanceOfSatisfying(ClientAuthorizationException.class, e -> {
@@ -706,29 +681,25 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 					assertThat(e).hasNoCause();
 					assertThat(e).hasMessageContaining(expectedErrorCode);
 				});
-		assertThat(this.authenticationCaptor.getValue().getName())
-				.isEqualTo(authorizedClient.getPrincipalName());
-		assertThat(this.attributesCaptor.getValue())
-				.containsExactly(
-						entry(HttpServletRequest.class.getName(), servletRequest),
-						entry(HttpServletResponse.class.getName(), servletResponse));
+		assertThat(this.authenticationCaptor.getValue().getName()).isEqualTo(authorizedClient.getPrincipalName());
+		assertThat(this.attributesCaptor.getValue()).containsExactly(
+				entry(HttpServletRequest.class.getName(), servletRequest),
+				entry(HttpServletResponse.class.getName(), servletResponse));
 	}
 
 	@Test
 	public void filterWhenWWWAuthenticateHeaderIncludesErrorThenInvokeFailureHandler() {
-		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(
-				this.registration, "principalName", this.accessToken);
+		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
+				this.accessToken);
 		MockHttpServletRequest servletRequest = new MockHttpServletRequest();
 		MockHttpServletResponse servletResponse = new MockHttpServletResponse();
 		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
-				.attributes(oauth2AuthorizedClient(authorizedClient))
-				.attributes(httpServletRequest(servletRequest))
-				.attributes(httpServletResponse(servletResponse))
-				.build();
+				.attributes(oauth2AuthorizedClient(authorizedClient)).attributes(httpServletRequest(servletRequest))
+				.attributes(httpServletResponse(servletResponse)).build();
 
-		String wwwAuthenticateHeader = "Bearer error=\"insufficient_scope\", " +
-				"error_description=\"The request requires higher privileges than provided by the access token.\", " +
-				"error_uri=\"https://tools.ietf.org/html/rfc6750#section-3.1\"";
+		String wwwAuthenticateHeader = "Bearer error=\"insufficient_scope\", "
+				+ "error_description=\"The request requires higher privileges than provided by the access token.\", "
+				+ "error_uri=\"https://tools.ietf.org/html/rfc6750#section-3.1\"";
 		ClientResponse.Headers headers = mock(ClientResponse.Headers.class);
 		when(headers.header(eq(HttpHeaders.WWW_AUTHENTICATE)))
 				.thenReturn(Collections.singletonList(wwwAuthenticateHeader));
@@ -737,69 +708,57 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 
 		this.function.filter(request, this.exchange).block();
 
-		verify(this.authorizationFailureHandler).onAuthorizationFailure(
-				this.authorizationExceptionCaptor.capture(),
-				this.authenticationCaptor.capture(),
-				this.attributesCaptor.capture());
+		verify(this.authorizationFailureHandler).onAuthorizationFailure(this.authorizationExceptionCaptor.capture(),
+				this.authenticationCaptor.capture(), this.attributesCaptor.capture());
 
 		assertThat(this.authorizationExceptionCaptor.getValue())
 				.isInstanceOfSatisfying(ClientAuthorizationException.class, e -> {
 					assertThat(e.getClientRegistrationId()).isEqualTo(this.registration.getRegistrationId());
 					assertThat(e.getError().getErrorCode()).isEqualTo(OAuth2ErrorCodes.INSUFFICIENT_SCOPE);
-					assertThat(e.getError().getDescription()).isEqualTo("The request requires higher privileges than provided by the access token.");
+					assertThat(e.getError().getDescription())
+							.isEqualTo("The request requires higher privileges than provided by the access token.");
 					assertThat(e.getError().getUri()).isEqualTo("https://tools.ietf.org/html/rfc6750#section-3.1");
 					assertThat(e).hasNoCause();
 					assertThat(e).hasMessageContaining(OAuth2ErrorCodes.INSUFFICIENT_SCOPE);
 				});
-		assertThat(this.authenticationCaptor.getValue().getName())
-				.isEqualTo(authorizedClient.getPrincipalName());
-		assertThat(this.attributesCaptor.getValue())
-				.containsExactly(
-						entry(HttpServletRequest.class.getName(), servletRequest),
-						entry(HttpServletResponse.class.getName(), servletResponse));
+		assertThat(this.authenticationCaptor.getValue().getName()).isEqualTo(authorizedClient.getPrincipalName());
+		assertThat(this.attributesCaptor.getValue()).containsExactly(
+				entry(HttpServletRequest.class.getName(), servletRequest),
+				entry(HttpServletResponse.class.getName(), servletResponse));
 	}
 
 	@Test
 	public void filterWhenUnauthorizedWithWebClientExceptionThenInvokeFailureHandler() {
-		assertHttpStatusWithWebClientExceptionInvokesFailureHandler(
-				HttpStatus.UNAUTHORIZED, OAuth2ErrorCodes.INVALID_TOKEN);
+		assertHttpStatusWithWebClientExceptionInvokesFailureHandler(HttpStatus.UNAUTHORIZED,
+				OAuth2ErrorCodes.INVALID_TOKEN);
 	}
 
 	@Test
 	public void filterWhenForbiddenWithWebClientExceptionThenInvokeFailureHandler() {
-		assertHttpStatusWithWebClientExceptionInvokesFailureHandler(
-				HttpStatus.FORBIDDEN, OAuth2ErrorCodes.INSUFFICIENT_SCOPE);
+		assertHttpStatusWithWebClientExceptionInvokesFailureHandler(HttpStatus.FORBIDDEN,
+				OAuth2ErrorCodes.INSUFFICIENT_SCOPE);
 	}
 
-	private void assertHttpStatusWithWebClientExceptionInvokesFailureHandler(
-			HttpStatus httpStatus, String expectedErrorCode) {
+	private void assertHttpStatusWithWebClientExceptionInvokesFailureHandler(HttpStatus httpStatus,
+			String expectedErrorCode) {
 
-		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(
-				this.registration, "principalName", this.accessToken);
+		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
+				this.accessToken);
 		MockHttpServletRequest servletRequest = new MockHttpServletRequest();
 		MockHttpServletResponse servletResponse = new MockHttpServletResponse();
 		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
-				.attributes(oauth2AuthorizedClient(authorizedClient))
-				.attributes(httpServletRequest(servletRequest))
-				.attributes(httpServletResponse(servletResponse))
-				.build();
+				.attributes(oauth2AuthorizedClient(authorizedClient)).attributes(httpServletRequest(servletRequest))
+				.attributes(httpServletResponse(servletResponse)).build();
 
-		WebClientResponseException exception = WebClientResponseException.create(
-				httpStatus.value(),
-				httpStatus.getReasonPhrase(),
-				HttpHeaders.EMPTY,
-				new byte[0],
-				StandardCharsets.UTF_8);
+		WebClientResponseException exception = WebClientResponseException.create(httpStatus.value(),
+				httpStatus.getReasonPhrase(), HttpHeaders.EMPTY, new byte[0], StandardCharsets.UTF_8);
 		ExchangeFunction throwingExchangeFunction = r -> Mono.error(exception);
 		this.function.setAuthorizationFailureHandler(this.authorizationFailureHandler);
 
-		assertThatCode(() -> this.function.filter(request, throwingExchangeFunction).block())
-				.isEqualTo(exception);
+		assertThatCode(() -> this.function.filter(request, throwingExchangeFunction).block()).isEqualTo(exception);
 
-		verify(this.authorizationFailureHandler).onAuthorizationFailure(
-				this.authorizationExceptionCaptor.capture(),
-				this.authenticationCaptor.capture(),
-				this.attributesCaptor.capture());
+		verify(this.authorizationFailureHandler).onAuthorizationFailure(this.authorizationExceptionCaptor.capture(),
+				this.authenticationCaptor.capture(), this.attributesCaptor.capture());
 
 		assertThat(this.authorizationExceptionCaptor.getValue())
 				.isInstanceOfSatisfying(ClientAuthorizationException.class, e -> {
@@ -808,25 +767,21 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 					assertThat(e).hasCause(exception);
 					assertThat(e).hasMessageContaining(expectedErrorCode);
 				});
-		assertThat(this.authenticationCaptor.getValue().getName())
-				.isEqualTo(authorizedClient.getPrincipalName());
-		assertThat(this.attributesCaptor.getValue())
-				.containsExactly(
-						entry(HttpServletRequest.class.getName(), servletRequest),
-						entry(HttpServletResponse.class.getName(), servletResponse));
+		assertThat(this.authenticationCaptor.getValue().getName()).isEqualTo(authorizedClient.getPrincipalName());
+		assertThat(this.attributesCaptor.getValue()).containsExactly(
+				entry(HttpServletRequest.class.getName(), servletRequest),
+				entry(HttpServletResponse.class.getName(), servletResponse));
 	}
 
 	@Test
 	public void filterWhenAuthorizationExceptionThenInvokeFailureHandler() {
-		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(
-				this.registration, "principalName", this.accessToken);
+		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
+				this.accessToken);
 		MockHttpServletRequest servletRequest = new MockHttpServletRequest();
 		MockHttpServletResponse servletResponse = new MockHttpServletResponse();
 		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
-				.attributes(oauth2AuthorizedClient(authorizedClient))
-				.attributes(httpServletRequest(servletRequest))
-				.attributes(httpServletResponse(servletResponse))
-				.build();
+				.attributes(oauth2AuthorizedClient(authorizedClient)).attributes(httpServletRequest(servletRequest))
+				.attributes(httpServletResponse(servletResponse)).build();
 
 		OAuth2AuthorizationException authorizationException = new OAuth2AuthorizationException(
 				new OAuth2Error(OAuth2ErrorCodes.INVALID_TOKEN));
@@ -836,10 +791,8 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		assertThatCode(() -> this.function.filter(request, throwingExchangeFunction).block())
 				.isEqualTo(authorizationException);
 
-		verify(this.authorizationFailureHandler).onAuthorizationFailure(
-				this.authorizationExceptionCaptor.capture(),
-				this.authenticationCaptor.capture(),
-				this.attributesCaptor.capture());
+		verify(this.authorizationFailureHandler).onAuthorizationFailure(this.authorizationExceptionCaptor.capture(),
+				this.authenticationCaptor.capture(), this.attributesCaptor.capture());
 
 		assertThat(this.authorizationExceptionCaptor.getValue())
 				.isInstanceOfSatisfying(OAuth2AuthorizationException.class, e -> {
@@ -847,25 +800,21 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 					assertThat(e).hasNoCause();
 					assertThat(e).hasMessageContaining(OAuth2ErrorCodes.INVALID_TOKEN);
 				});
-		assertThat(this.authenticationCaptor.getValue().getName())
-				.isEqualTo(authorizedClient.getPrincipalName());
-		assertThat(this.attributesCaptor.getValue())
-				.containsExactly(
-						entry(HttpServletRequest.class.getName(), servletRequest),
-						entry(HttpServletResponse.class.getName(), servletResponse));
+		assertThat(this.authenticationCaptor.getValue().getName()).isEqualTo(authorizedClient.getPrincipalName());
+		assertThat(this.attributesCaptor.getValue()).containsExactly(
+				entry(HttpServletRequest.class.getName(), servletRequest),
+				entry(HttpServletResponse.class.getName(), servletResponse));
 	}
 
 	@Test
 	public void filterWhenOtherHttpStatusThenDoesNotInvokeFailureHandler() {
-		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(
-				this.registration, "principalName", this.accessToken);
+		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
+				this.accessToken);
 		MockHttpServletRequest servletRequest = new MockHttpServletRequest();
 		MockHttpServletResponse servletResponse = new MockHttpServletResponse();
 		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
-				.attributes(oauth2AuthorizedClient(authorizedClient))
-				.attributes(httpServletRequest(servletRequest))
-				.attributes(httpServletResponse(servletResponse))
-				.build();
+				.attributes(oauth2AuthorizedClient(authorizedClient)).attributes(httpServletRequest(servletRequest))
+				.attributes(httpServletResponse(servletResponse)).build();
 
 		when(this.exchange.getResponse().rawStatusCode()).thenReturn(HttpStatus.BAD_REQUEST.value());
 		when(this.exchange.getResponse().headers()).thenReturn(mock(ClientResponse.Headers.class));
@@ -876,7 +825,8 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		verifyNoInteractions(this.authorizationFailureHandler);
 	}
 
-	private Context context(HttpServletRequest servletRequest, HttpServletResponse servletResponse, Authentication authentication) {
+	private Context context(HttpServletRequest servletRequest, HttpServletResponse servletResponse,
+			Authentication authentication) {
 		Map<Object, Object> contextAttributes = new HashMap<>();
 		contextAttributes.put(HttpServletRequest.class, servletRequest);
 		contextAttributes.put(HttpServletResponse.class, servletResponse);
@@ -917,4 +867,5 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		request.body().insert(body, context).block();
 		return body.getBodyAsString().block();
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/result/method/annotation/OAuth2AuthorizedClientArgumentResolverTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/result/method/annotation/OAuth2AuthorizedClientArgumentResolverTests.java
index 0c66fb9f44..5068c43d65 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/result/method/annotation/OAuth2AuthorizedClientArgumentResolverTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/result/method/annotation/OAuth2AuthorizedClientArgumentResolverTests.java
@@ -59,34 +59,36 @@ import static org.mockito.Mockito.when;
  */
 @RunWith(MockitoJUnitRunner.class)
 public class OAuth2AuthorizedClientArgumentResolverTests {
+
 	@Mock
 	private ReactiveClientRegistrationRepository clientRegistrationRepository;
+
 	@Mock
 	private ServerOAuth2AuthorizedClientRepository authorizedClientRepository;
 
 	private ServerWebExchange serverWebExchange = MockServerWebExchange.builder(MockServerHttpRequest.get("/")).build();
 
 	private OAuth2AuthorizedClientArgumentResolver argumentResolver;
+
 	private ClientRegistration clientRegistration;
+
 	private OAuth2AuthorizedClient authorizedClient;
+
 	private Authentication authentication = new TestingAuthenticationToken("test", "this");
 
 	@Before
 	public void setUp() {
-		ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider =
-				ReactiveOAuth2AuthorizedClientProviderBuilder.builder()
-						.authorizationCode()
-						.refreshToken()
-						.clientCredentials()
-						.build();
+		ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider = ReactiveOAuth2AuthorizedClientProviderBuilder
+				.builder().authorizationCode().refreshToken().clientCredentials().build();
 		DefaultReactiveOAuth2AuthorizedClientManager authorizedClientManager = new DefaultReactiveOAuth2AuthorizedClientManager(
 				this.clientRegistrationRepository, this.authorizedClientRepository);
 		authorizedClientManager.setAuthorizedClientProvider(authorizedClientProvider);
 		this.argumentResolver = new OAuth2AuthorizedClientArgumentResolver(authorizedClientManager);
 		this.clientRegistration = TestClientRegistrations.clientRegistration().build();
-		this.authorizedClient = new OAuth2AuthorizedClient(
-				this.clientRegistration, this.authentication.getName(), TestOAuth2AccessTokens.noScopes());
-		when(this.authorizedClientRepository.loadAuthorizedClient(anyString(), any(), any())).thenReturn(Mono.just(this.authorizedClient));
+		this.authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, this.authentication.getName(),
+				TestOAuth2AccessTokens.noScopes());
+		when(this.authorizedClientRepository.loadAuthorizedClient(anyString(), any(), any()))
+				.thenReturn(Mono.just(this.authorizedClient));
 	}
 
 	@Test
@@ -109,34 +111,37 @@ public class OAuth2AuthorizedClientArgumentResolverTests {
 
 	@Test
 	public void supportsParameterWhenParameterTypeOAuth2AuthorizedClientThenTrue() {
-		MethodParameter methodParameter = this.getMethodParameter("paramTypeAuthorizedClient", OAuth2AuthorizedClient.class);
+		MethodParameter methodParameter = this.getMethodParameter("paramTypeAuthorizedClient",
+				OAuth2AuthorizedClient.class);
 		assertThat(this.argumentResolver.supportsParameter(methodParameter)).isTrue();
 	}
 
 	@Test
 	public void supportsParameterWhenParameterTypeOAuth2AuthorizedClientWithoutAnnotationThenFalse() {
-		MethodParameter methodParameter = this.getMethodParameter("paramTypeAuthorizedClientWithoutAnnotation", OAuth2AuthorizedClient.class);
+		MethodParameter methodParameter = this.getMethodParameter("paramTypeAuthorizedClientWithoutAnnotation",
+				OAuth2AuthorizedClient.class);
 		assertThat(this.argumentResolver.supportsParameter(methodParameter)).isFalse();
 	}
 
 	@Test
 	public void supportsParameterWhenParameterTypeUnsupportedWithoutAnnotationThenFalse() {
-		MethodParameter methodParameter = this.getMethodParameter("paramTypeUnsupportedWithoutAnnotation", String.class);
+		MethodParameter methodParameter = this.getMethodParameter("paramTypeUnsupportedWithoutAnnotation",
+				String.class);
 		assertThat(this.argumentResolver.supportsParameter(methodParameter)).isFalse();
 	}
 
 	@Test
 	public void resolveArgumentWhenRegistrationIdEmptyAndNotOAuth2AuthenticationThenThrowIllegalArgumentException() {
 		MethodParameter methodParameter = this.getMethodParameter("registrationIdEmpty", OAuth2AuthorizedClient.class);
-		assertThatThrownBy(() -> resolveArgument(methodParameter))
-				.isInstanceOf(IllegalArgumentException.class)
+		assertThatThrownBy(() -> resolveArgument(methodParameter)).isInstanceOf(IllegalArgumentException.class)
 				.hasMessage("The clientRegistrationId could not be resolved. Please provide one");
 	}
 
 	@Test
 	public void resolveArgumentWhenRegistrationIdEmptyAndOAuth2AuthenticationThenResolves() {
 		this.authentication = mock(OAuth2AuthenticationToken.class);
-		when(((OAuth2AuthenticationToken) this.authentication).getAuthorizedClientRegistrationId()).thenReturn("client1");
+		when(((OAuth2AuthenticationToken) this.authentication).getAuthorizedClientRegistrationId())
+				.thenReturn("client1");
 		MethodParameter methodParameter = this.getMethodParameter("registrationIdEmpty", OAuth2AuthorizedClient.class);
 		resolveArgument(methodParameter);
 	}
@@ -144,30 +149,34 @@ public class OAuth2AuthorizedClientArgumentResolverTests {
 	@Test
 	public void resolveArgumentWhenParameterTypeOAuth2AuthorizedClientAndCurrentAuthenticationNullThenResolves() {
 		this.authentication = null;
-		MethodParameter methodParameter = this.getMethodParameter("paramTypeAuthorizedClient", OAuth2AuthorizedClient.class);
+		MethodParameter methodParameter = this.getMethodParameter("paramTypeAuthorizedClient",
+				OAuth2AuthorizedClient.class);
 		assertThat(resolveArgument(methodParameter)).isSameAs(this.authorizedClient);
 	}
 
 	@Test
 	public void resolveArgumentWhenOAuth2AuthorizedClientFoundThenResolves() {
-		MethodParameter methodParameter = this.getMethodParameter("paramTypeAuthorizedClient", OAuth2AuthorizedClient.class);
+		MethodParameter methodParameter = this.getMethodParameter("paramTypeAuthorizedClient",
+				OAuth2AuthorizedClient.class);
 		assertThat(resolveArgument(methodParameter)).isSameAs(this.authorizedClient);
 	}
 
 	@Test
 	public void resolveArgumentWhenOAuth2AuthorizedClientNotFoundThenThrowClientAuthorizationRequiredException() {
-		when(this.clientRegistrationRepository.findByRegistrationId(any())).thenReturn(Mono.just(this.clientRegistration));
+		when(this.clientRegistrationRepository.findByRegistrationId(any()))
+				.thenReturn(Mono.just(this.clientRegistration));
 		when(this.authorizedClientRepository.loadAuthorizedClient(anyString(), any(), any())).thenReturn(Mono.empty());
-		MethodParameter methodParameter = this.getMethodParameter("paramTypeAuthorizedClient", OAuth2AuthorizedClient.class);
+		MethodParameter methodParameter = this.getMethodParameter("paramTypeAuthorizedClient",
+				OAuth2AuthorizedClient.class);
 		assertThatThrownBy(() -> resolveArgument(methodParameter))
 				.isInstanceOf(ClientAuthorizationRequiredException.class);
 	}
 
 	private Object resolveArgument(MethodParameter methodParameter) {
 		return this.argumentResolver.resolveArgument(methodParameter, null, null)
-				.subscriberContext(this.authentication == null ? Context.empty() : ReactiveSecurityContextHolder.withAuthentication(this.authentication))
-				.subscriberContext(serverWebExchange())
-				.block();
+				.subscriberContext(this.authentication == null ? Context.empty()
+						: ReactiveSecurityContextHolder.withAuthentication(this.authentication))
+				.subscriberContext(serverWebExchange()).block();
 	}
 
 	private Context serverWebExchange() {
@@ -175,13 +184,14 @@ public class OAuth2AuthorizedClientArgumentResolverTests {
 	}
 
 	private MethodParameter getMethodParameter(String methodName, Class<?>... paramTypes) {
-		Method method = ReflectionUtils.findMethod(
-				TestController.class, methodName, paramTypes);
+		Method method = ReflectionUtils.findMethod(TestController.class, methodName, paramTypes);
 		return new MethodParameter(method, 0);
 	}
 
 	static class TestController {
-		void paramTypeAuthorizedClient(@RegisteredOAuth2AuthorizedClient("client1") OAuth2AuthorizedClient authorizedClient) {
+
+		void paramTypeAuthorizedClient(
+				@RegisteredOAuth2AuthorizedClient("client1") OAuth2AuthorizedClient authorizedClient) {
 		}
 
 		void paramTypeAuthorizedClientWithoutAnnotation(OAuth2AuthorizedClient authorizedClient) {
@@ -195,5 +205,7 @@ public class OAuth2AuthorizedClientArgumentResolverTests {
 
 		void registrationIdEmpty(@RegisteredOAuth2AuthorizedClient OAuth2AuthorizedClient authorizedClient) {
 		}
+
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/AuthenticatedPrincipalServerOAuth2AuthorizedClientRepositoryTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/AuthenticatedPrincipalServerOAuth2AuthorizedClientRepositoryTests.java
index 0021ebd6bf..274413e8a7 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/AuthenticatedPrincipalServerOAuth2AuthorizedClientRepositoryTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/AuthenticatedPrincipalServerOAuth2AuthorizedClientRepositoryTests.java
@@ -37,14 +37,18 @@ import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.when;
 
 /**
- *
  * @author Rob Winch
  */
 public class AuthenticatedPrincipalServerOAuth2AuthorizedClientRepositoryTests {
+
 	private String registrationId = "registrationId";
+
 	private String principalName = "principalName";
+
 	private ReactiveOAuth2AuthorizedClientService authorizedClientService;
+
 	private ServerOAuth2AuthorizedClientRepository anonymousAuthorizedClientRepository;
+
 	private AuthenticatedPrincipalServerOAuth2AuthorizedClientRepository authorizedClientRepository;
 
 	private MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/"));
@@ -52,10 +56,11 @@ public class AuthenticatedPrincipalServerOAuth2AuthorizedClientRepositoryTests {
 	@Before
 	public void setup() {
 		this.authorizedClientService = mock(ReactiveOAuth2AuthorizedClientService.class);
-		this.anonymousAuthorizedClientRepository = mock(
-				ServerOAuth2AuthorizedClientRepository.class);
-		this.authorizedClientRepository = new AuthenticatedPrincipalServerOAuth2AuthorizedClientRepository(this.authorizedClientService);
-		this.authorizedClientRepository.setAnonymousAuthorizedClientRepository(this.anonymousAuthorizedClientRepository);
+		this.anonymousAuthorizedClientRepository = mock(ServerOAuth2AuthorizedClientRepository.class);
+		this.authorizedClientRepository = new AuthenticatedPrincipalServerOAuth2AuthorizedClientRepository(
+				this.authorizedClientService);
+		this.authorizedClientRepository
+				.setAnonymousAuthorizedClientRepository(this.anonymousAuthorizedClientRepository);
 	}
 
 	@Test
@@ -74,16 +79,20 @@ public class AuthenticatedPrincipalServerOAuth2AuthorizedClientRepositoryTests {
 	public void loadAuthorizedClientWhenAuthenticatedPrincipalThenLoadFromService() {
 		when(this.authorizedClientService.loadAuthorizedClient(any(), any())).thenReturn(Mono.empty());
 		Authentication authentication = this.createAuthenticatedPrincipal();
-		this.authorizedClientRepository.loadAuthorizedClient(this.registrationId, authentication, this.exchange).block();
+		this.authorizedClientRepository.loadAuthorizedClient(this.registrationId, authentication, this.exchange)
+				.block();
 		verify(this.authorizedClientService).loadAuthorizedClient(this.registrationId, this.principalName);
 	}
 
 	@Test
 	public void loadAuthorizedClientWhenAnonymousPrincipalThenLoadFromAnonymousRepository() {
-		when(this.anonymousAuthorizedClientRepository.loadAuthorizedClient(any(), any(), any())).thenReturn(Mono.empty());
+		when(this.anonymousAuthorizedClientRepository.loadAuthorizedClient(any(), any(), any()))
+				.thenReturn(Mono.empty());
 		Authentication authentication = this.createAnonymousPrincipal();
-		this.authorizedClientRepository.loadAuthorizedClient(this.registrationId, authentication, this.exchange).block();
-		verify(this.anonymousAuthorizedClientRepository).loadAuthorizedClient(this.registrationId, authentication, this.exchange);
+		this.authorizedClientRepository.loadAuthorizedClient(this.registrationId, authentication, this.exchange)
+				.block();
+		verify(this.anonymousAuthorizedClientRepository).loadAuthorizedClient(this.registrationId, authentication,
+				this.exchange);
 	}
 
 	@Test
@@ -97,27 +106,33 @@ public class AuthenticatedPrincipalServerOAuth2AuthorizedClientRepositoryTests {
 
 	@Test
 	public void saveAuthorizedClientWhenAnonymousPrincipalThenSaveToAnonymousRepository() {
-		when(this.anonymousAuthorizedClientRepository.saveAuthorizedClient(any(), any(), any())).thenReturn(Mono.empty());
+		when(this.anonymousAuthorizedClientRepository.saveAuthorizedClient(any(), any(), any()))
+				.thenReturn(Mono.empty());
 		Authentication authentication = this.createAnonymousPrincipal();
 		OAuth2AuthorizedClient authorizedClient = mock(OAuth2AuthorizedClient.class);
 		this.authorizedClientRepository.saveAuthorizedClient(authorizedClient, authentication, this.exchange).block();
-		verify(this.anonymousAuthorizedClientRepository).saveAuthorizedClient(authorizedClient, authentication, this.exchange);
+		verify(this.anonymousAuthorizedClientRepository).saveAuthorizedClient(authorizedClient, authentication,
+				this.exchange);
 	}
 
 	@Test
 	public void removeAuthorizedClientWhenAuthenticatedPrincipalThenRemoveFromService() {
 		when(this.authorizedClientService.removeAuthorizedClient(any(), any())).thenReturn(Mono.empty());
 		Authentication authentication = this.createAuthenticatedPrincipal();
-		this.authorizedClientRepository.removeAuthorizedClient(this.registrationId, authentication, this.exchange).block();
+		this.authorizedClientRepository.removeAuthorizedClient(this.registrationId, authentication, this.exchange)
+				.block();
 		verify(this.authorizedClientService).removeAuthorizedClient(this.registrationId, this.principalName);
 	}
 
 	@Test
 	public void removeAuthorizedClientWhenAnonymousPrincipalThenRemoveFromAnonymousRepository() {
-		when(this.anonymousAuthorizedClientRepository.removeAuthorizedClient(any(), any(), any())).thenReturn(Mono.empty());
+		when(this.anonymousAuthorizedClientRepository.removeAuthorizedClient(any(), any(), any()))
+				.thenReturn(Mono.empty());
 		Authentication authentication = this.createAnonymousPrincipal();
-		this.authorizedClientRepository.removeAuthorizedClient(this.registrationId, authentication, this.exchange).block();
-		verify(this.anonymousAuthorizedClientRepository).removeAuthorizedClient(this.registrationId, authentication, this.exchange);
+		this.authorizedClientRepository.removeAuthorizedClient(this.registrationId, authentication, this.exchange)
+				.block();
+		verify(this.anonymousAuthorizedClientRepository).removeAuthorizedClient(this.registrationId, authentication,
+				this.exchange);
 	}
 
 	private Authentication createAuthenticatedPrincipal() {
@@ -127,6 +142,8 @@ public class AuthenticatedPrincipalServerOAuth2AuthorizedClientRepositoryTests {
 	}
 
 	private Authentication createAnonymousPrincipal() {
-		return new AnonymousAuthenticationToken("key-1234", "anonymousUser", AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS"));
+		return new AnonymousAuthenticationToken("key-1234", "anonymousUser",
+				AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS"));
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolverTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolverTests.java
index 958799b014..868db33116 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolverTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolverTests.java
@@ -49,6 +49,7 @@ import static org.mockito.Mockito.when;
  */
 @RunWith(MockitoJUnitRunner.class)
 public class DefaultServerOAuth2AuthorizationRequestResolverTests {
+
 	@Mock
 	private ReactiveClientRegistrationRepository clientRegistrationRepository;
 
@@ -74,90 +75,78 @@ public class DefaultServerOAuth2AuthorizationRequestResolverTests {
 
 	@Test
 	public void resolveWhenClientRegistrationNotFoundMatchThenBadRequest() {
-		when(this.clientRegistrationRepository.findByRegistrationId(any())).thenReturn(
-				Mono.empty());
+		when(this.clientRegistrationRepository.findByRegistrationId(any())).thenReturn(Mono.empty());
 
-		ResponseStatusException expected = catchThrowableOfType(() -> resolve("/oauth2/authorization/not-found-id"), ResponseStatusException.class);
+		ResponseStatusException expected = catchThrowableOfType(() -> resolve("/oauth2/authorization/not-found-id"),
+				ResponseStatusException.class);
 
 		assertThat(expected.getStatus()).isEqualTo(HttpStatus.BAD_REQUEST);
 	}
 
 	@Test
 	public void resolveWhenClientRegistrationFoundThenWorks() {
-		when(this.clientRegistrationRepository.findByRegistrationId(any())).thenReturn(
-				Mono.just(this.registration));
+		when(this.clientRegistrationRepository.findByRegistrationId(any())).thenReturn(Mono.just(this.registration));
 
 		OAuth2AuthorizationRequest request = resolve("/oauth2/authorization/not-found-id");
 
-		assertThat(request.getAuthorizationRequestUri()).matches("https://example.com/login/oauth/authorize\\?" +
-				"response_type=code&client_id=client-id&" +
-				"scope=read:user&state=.*?&" +
-				"redirect_uri=/login/oauth2/code/registration-id");
+		assertThat(request.getAuthorizationRequestUri())
+				.matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id&"
+						+ "scope=read:user&state=.*?&" + "redirect_uri=/login/oauth2/code/registration-id");
 	}
 
 	@Test
 	public void resolveWhenForwardedHeadersClientRegistrationFoundThenWorks() {
-		when(this.clientRegistrationRepository.findByRegistrationId(any())).thenReturn(
-				Mono.just(this.registration));
-		ServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/oauth2/authorization/id").header("X-Forwarded-Host", "evil.com"));
+		when(this.clientRegistrationRepository.findByRegistrationId(any())).thenReturn(Mono.just(this.registration));
+		ServerWebExchange exchange = MockServerWebExchange
+				.from(MockServerHttpRequest.get("/oauth2/authorization/id").header("X-Forwarded-Host", "evil.com"));
 
 		OAuth2AuthorizationRequest request = this.resolver.resolve(exchange).block();
 
-		assertThat(request.getAuthorizationRequestUri()).matches("https://example.com/login/oauth/authorize\\?" +
-				"response_type=code&client_id=client-id&" +
-				"scope=read:user&state=.*?&" +
-				"redirect_uri=/login/oauth2/code/registration-id");
+		assertThat(request.getAuthorizationRequestUri())
+				.matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id&"
+						+ "scope=read:user&state=.*?&" + "redirect_uri=/login/oauth2/code/registration-id");
 	}
 
 	@Test
 	public void resolveWhenAuthorizationRequestWithValidPkceClientThenResolves() {
-		when(this.clientRegistrationRepository.findByRegistrationId(any())).thenReturn(
-				Mono.just(TestClientRegistrations.clientRegistration()
-						.clientAuthenticationMethod(ClientAuthenticationMethod.NONE)
-						.clientSecret(null)
-						.build()));
+		when(this.clientRegistrationRepository.findByRegistrationId(any()))
+				.thenReturn(Mono.just(TestClientRegistrations.clientRegistration()
+						.clientAuthenticationMethod(ClientAuthenticationMethod.NONE).clientSecret(null).build()));
 
 		OAuth2AuthorizationRequest request = resolve("/oauth2/authorization/registration-id");
 
-		assertThat((String) request.getAttribute(PkceParameterNames.CODE_VERIFIER)).matches("^([a-zA-Z0-9\\-\\.\\_\\~]){128}$");
+		assertThat((String) request.getAttribute(PkceParameterNames.CODE_VERIFIER))
+				.matches("^([a-zA-Z0-9\\-\\.\\_\\~]){128}$");
 
-		assertThat(request.getAuthorizationRequestUri()).matches("https://example.com/login/oauth/authorize\\?" +
-				"response_type=code&client_id=client-id&" +
-				"scope=read:user&state=.*?&" +
-				"redirect_uri=/login/oauth2/code/registration-id&" +
-				"code_challenge_method=S256&" +
-				"code_challenge=([a-zA-Z0-9\\-\\.\\_\\~]){43}");
+		assertThat(request.getAuthorizationRequestUri())
+				.matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id&"
+						+ "scope=read:user&state=.*?&" + "redirect_uri=/login/oauth2/code/registration-id&"
+						+ "code_challenge_method=S256&" + "code_challenge=([a-zA-Z0-9\\-\\.\\_\\~]){43}");
 	}
 
 	@Test
 	public void resolveWhenAuthenticationRequestWithValidOidcClientThenResolves() {
-		when(this.clientRegistrationRepository.findByRegistrationId(any())).thenReturn(
-				Mono.just(TestClientRegistrations.clientRegistration()
-						.scope(OidcScopes.OPENID)
-						.build()));
+		when(this.clientRegistrationRepository.findByRegistrationId(any()))
+				.thenReturn(Mono.just(TestClientRegistrations.clientRegistration().scope(OidcScopes.OPENID).build()));
 
 		OAuth2AuthorizationRequest request = resolve("/oauth2/authorization/registration-id");
 
 		assertThat((String) request.getAttribute(OidcParameterNames.NONCE)).matches("^([a-zA-Z0-9\\-\\.\\_\\~]){128}$");
 
-		assertThat(request.getAuthorizationRequestUri()).matches("https://example.com/login/oauth/authorize\\?" +
-				"response_type=code&client_id=client-id&" +
-				"scope=openid&state=.*?&" +
-				"redirect_uri=/login/oauth2/code/registration-id&" +
-				"nonce=([a-zA-Z0-9\\-\\.\\_\\~]){43}");
+		assertThat(request.getAuthorizationRequestUri()).matches("https://example.com/login/oauth/authorize\\?"
+				+ "response_type=code&client_id=client-id&" + "scope=openid&state=.*?&"
+				+ "redirect_uri=/login/oauth2/code/registration-id&" + "nonce=([a-zA-Z0-9\\-\\.\\_\\~]){43}");
 	}
 
 	// gh-7696
 	@Test
 	public void resolveWhenAuthorizationRequestCustomizerRemovesNonceThenQueryExcludesNonce() {
-		when(this.clientRegistrationRepository.findByRegistrationId(any())).thenReturn(
-				Mono.just(TestClientRegistrations.clientRegistration()
-						.scope(OidcScopes.OPENID)
-						.build()));
+		when(this.clientRegistrationRepository.findByRegistrationId(any()))
+				.thenReturn(Mono.just(TestClientRegistrations.clientRegistration().scope(OidcScopes.OPENID).build()));
 
-		this.resolver.setAuthorizationRequestCustomizer(customizer -> customizer
-				.additionalParameters(params -> params.remove(OidcParameterNames.NONCE))
-				.attributes(attrs -> attrs.remove(OidcParameterNames.NONCE)));
+		this.resolver.setAuthorizationRequestCustomizer(
+				customizer -> customizer.additionalParameters(params -> params.remove(OidcParameterNames.NONCE))
+						.attributes(attrs -> attrs.remove(OidcParameterNames.NONCE)));
 
 		OAuth2AuthorizationRequest authorizationRequest = resolve("/oauth2/authorization/registration-id");
 
@@ -165,64 +154,49 @@ public class DefaultServerOAuth2AuthorizationRequestResolverTests {
 		assertThat(authorizationRequest.getAttributes()).doesNotContainKey(OidcParameterNames.NONCE);
 		assertThat(authorizationRequest.getAttributes()).containsKey(OAuth2ParameterNames.REGISTRATION_ID);
 		assertThat(authorizationRequest.getAuthorizationRequestUri())
-				.matches("https://example.com/login/oauth/authorize\\?" +
-						"response_type=code&client_id=client-id&" +
-						"scope=openid&state=.{15,}&" +
-						"redirect_uri=/login/oauth2/code/registration-id");
+				.matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id&"
+						+ "scope=openid&state=.{15,}&" + "redirect_uri=/login/oauth2/code/registration-id");
 	}
 
 	@Test
 	public void resolveWhenAuthorizationRequestCustomizerAddsParameterThenQueryIncludesParameter() {
-		when(this.clientRegistrationRepository.findByRegistrationId(any())).thenReturn(
-				Mono.just(TestClientRegistrations.clientRegistration()
-						.scope(OidcScopes.OPENID)
-						.build()));
+		when(this.clientRegistrationRepository.findByRegistrationId(any()))
+				.thenReturn(Mono.just(TestClientRegistrations.clientRegistration().scope(OidcScopes.OPENID).build()));
 
-		this.resolver.setAuthorizationRequestCustomizer(customizer ->
-				customizer.authorizationRequestUri(uriBuilder -> {
-					uriBuilder.queryParam("param1", "value1");
-					return uriBuilder.build();
-				})
-		);
+		this.resolver.setAuthorizationRequestCustomizer(customizer -> customizer.authorizationRequestUri(uriBuilder -> {
+			uriBuilder.queryParam("param1", "value1");
+			return uriBuilder.build();
+		}));
 
 		OAuth2AuthorizationRequest authorizationRequest = resolve("/oauth2/authorization/registration-id");
 
 		assertThat(authorizationRequest.getAuthorizationRequestUri())
-				.matches("https://example.com/login/oauth/authorize\\?" +
-						"response_type=code&client_id=client-id&" +
-						"scope=openid&state=.{15,}&" +
-						"redirect_uri=/login/oauth2/code/registration-id&" +
-						"nonce=([a-zA-Z0-9\\-\\.\\_\\~]){43}&" +
-						"param1=value1");
+				.matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id&"
+						+ "scope=openid&state=.{15,}&" + "redirect_uri=/login/oauth2/code/registration-id&"
+						+ "nonce=([a-zA-Z0-9\\-\\.\\_\\~]){43}&" + "param1=value1");
 	}
 
 	@Test
 	public void resolveWhenAuthorizationRequestCustomizerOverridesParameterThenQueryIncludesParameter() {
-		when(this.clientRegistrationRepository.findByRegistrationId(any())).thenReturn(
-				Mono.just(TestClientRegistrations.clientRegistration()
-						.scope(OidcScopes.OPENID)
-						.build()));
+		when(this.clientRegistrationRepository.findByRegistrationId(any()))
+				.thenReturn(Mono.just(TestClientRegistrations.clientRegistration().scope(OidcScopes.OPENID).build()));
 
-		this.resolver.setAuthorizationRequestCustomizer(customizer ->
-				customizer.parameters(params -> {
-					params.put("appid", params.get("client_id"));
-					params.remove("client_id");
-				})
-		);
+		this.resolver.setAuthorizationRequestCustomizer(customizer -> customizer.parameters(params -> {
+			params.put("appid", params.get("client_id"));
+			params.remove("client_id");
+		}));
 
 		OAuth2AuthorizationRequest authorizationRequest = resolve("/oauth2/authorization/registration-id");
 
 		assertThat(authorizationRequest.getAuthorizationRequestUri())
-				.matches("https://example.com/login/oauth/authorize\\?" +
-						"response_type=code&" +
-						"scope=openid&state=.{15,}&" +
-						"redirect_uri=/login/oauth2/code/registration-id&" +
-						"nonce=([a-zA-Z0-9\\-\\.\\_\\~]){43}&" +
-						"appid=client-id");
+				.matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&"
+						+ "scope=openid&state=.{15,}&" + "redirect_uri=/login/oauth2/code/registration-id&"
+						+ "nonce=([a-zA-Z0-9\\-\\.\\_\\~]){43}&" + "appid=client-id");
 	}
 
 	private OAuth2AuthorizationRequest resolve(String path) {
 		ServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get(path));
 		return this.resolver.resolve(exchange).block();
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationCodeGrantWebFilterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationCodeGrantWebFilterTests.java
index 1efd84389e..8eefa4b920 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationCodeGrantWebFilterTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationCodeGrantWebFilterTests.java
@@ -64,63 +64,62 @@ import static org.springframework.security.oauth2.core.endpoint.TestOAuth2Author
  */
 @RunWith(MockitoJUnitRunner.class)
 public class OAuth2AuthorizationCodeGrantWebFilterTests {
+
 	private OAuth2AuthorizationCodeGrantWebFilter filter;
+
 	@Mock
 	private ReactiveAuthenticationManager authenticationManager;
+
 	@Mock
 	private ReactiveClientRegistrationRepository clientRegistrationRepository;
+
 	@Mock
 	private ServerOAuth2AuthorizedClientRepository authorizedClientRepository;
+
 	@Mock
 	private ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository;
 
 	@Before
 	public void setup() {
-		this.filter = new OAuth2AuthorizationCodeGrantWebFilter(
-				this.authenticationManager, this.clientRegistrationRepository,
-				this.authorizedClientRepository);
+		this.filter = new OAuth2AuthorizationCodeGrantWebFilter(this.authenticationManager,
+				this.clientRegistrationRepository, this.authorizedClientRepository);
 		this.filter.setAuthorizationRequestRepository(this.authorizationRequestRepository);
 	}
 
 	@Test
 	public void constructorWhenAuthenticationManagerNullThenIllegalArgumentException() {
 		this.authenticationManager = null;
-		assertThatCode(() -> new OAuth2AuthorizationCodeGrantWebFilter(
-				this.authenticationManager, this.clientRegistrationRepository,
-				this.authorizedClientRepository))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatCode(() -> new OAuth2AuthorizationCodeGrantWebFilter(this.authenticationManager,
+				this.clientRegistrationRepository, this.authorizedClientRepository))
+						.isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
 	public void constructorWhenClientRegistrationRepositoryNullThenIllegalArgumentException() {
 		this.clientRegistrationRepository = null;
-		assertThatCode(() -> new OAuth2AuthorizationCodeGrantWebFilter(
-				this.authenticationManager, this.clientRegistrationRepository,
-				this.authorizedClientRepository))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatCode(() -> new OAuth2AuthorizationCodeGrantWebFilter(this.authenticationManager,
+				this.clientRegistrationRepository, this.authorizedClientRepository))
+						.isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
 	public void constructorWhenAuthorizedClientRepositoryNullThenIllegalArgumentException() {
 		this.authorizedClientRepository = null;
-		assertThatCode(() -> new OAuth2AuthorizationCodeGrantWebFilter(
-				this.authenticationManager, this.clientRegistrationRepository,
-				this.authorizedClientRepository))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatCode(() -> new OAuth2AuthorizationCodeGrantWebFilter(this.authenticationManager,
+				this.clientRegistrationRepository, this.authorizedClientRepository))
+						.isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
 	public void setRequestCacheWhenRequestCacheIsNullThenThrowIllegalArgumentException() {
-		assertThatCode(() -> this.filter.setRequestCache(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatCode(() -> this.filter.setRequestCache(null)).isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
 	public void filterWhenNotMatchThenAuthenticationManagerNotCalled() {
-		MockServerWebExchange exchange = MockServerWebExchange
-				.from(MockServerHttpRequest.get("/"));
-		DefaultWebFilterChain chain = new DefaultWebFilterChain(
-				e -> e.getResponse().setComplete(), Collections.emptyList());
+		MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/"));
+		DefaultWebFilterChain chain = new DefaultWebFilterChain(e -> e.getResponse().setComplete(),
+				Collections.emptyList());
 
 		this.filter.filter(exchange, chain).block();
 
@@ -130,41 +129,37 @@ public class OAuth2AuthorizationCodeGrantWebFilterTests {
 	@Test
 	public void filterWhenMatchThenAuthorizedClientSaved() {
 		ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build();
-		when(this.clientRegistrationRepository.findByRegistrationId(any()))
-				.thenReturn(Mono.just(clientRegistration));
+		when(this.clientRegistrationRepository.findByRegistrationId(any())).thenReturn(Mono.just(clientRegistration));
 
-		MockServerHttpRequest authorizationRequest =
-				createAuthorizationRequest("/authorization/callback");
-		OAuth2AuthorizationRequest oauth2AuthorizationRequest =
-				createOAuth2AuthorizationRequest(authorizationRequest, clientRegistration);
+		MockServerHttpRequest authorizationRequest = createAuthorizationRequest("/authorization/callback");
+		OAuth2AuthorizationRequest oauth2AuthorizationRequest = createOAuth2AuthorizationRequest(authorizationRequest,
+				clientRegistration);
 		when(this.authorizationRequestRepository.loadAuthorizationRequest(any()))
 				.thenReturn(Mono.just(oauth2AuthorizationRequest));
 		when(this.authorizationRequestRepository.removeAuthorizationRequest(any()))
 				.thenReturn(Mono.just(oauth2AuthorizationRequest));
 
-		when(this.authorizedClientRepository.saveAuthorizedClient(any(), any(), any()))
-				.thenReturn(Mono.empty());
+		when(this.authorizedClientRepository.saveAuthorizedClient(any(), any(), any())).thenReturn(Mono.empty());
 		when(this.authenticationManager.authenticate(any()))
 				.thenReturn(Mono.just(TestOAuth2AuthorizationCodeAuthenticationTokens.authenticated()));
 
 		MockServerHttpRequest authorizationResponse = createAuthorizationResponse(authorizationRequest);
 		MockServerWebExchange exchange = MockServerWebExchange.from(authorizationResponse);
-		DefaultWebFilterChain chain = new DefaultWebFilterChain(
-				e -> e.getResponse().setComplete(), Collections.emptyList());
+		DefaultWebFilterChain chain = new DefaultWebFilterChain(e -> e.getResponse().setComplete(),
+				Collections.emptyList());
 
 		this.filter.filter(exchange, chain).block();
 
-		verify(this.authorizedClientRepository).saveAuthorizedClient(any(), any(AnonymousAuthenticationToken.class), any());
+		verify(this.authorizedClientRepository).saveAuthorizedClient(any(), any(AnonymousAuthenticationToken.class),
+				any());
 	}
 
 	// gh-7966
 	@Test
 	public void filterWhenAuthorizationRequestRedirectUriParametersMatchThenProcessed() {
 		ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build();
-		when(this.clientRegistrationRepository.findByRegistrationId(any()))
-				.thenReturn(Mono.just(clientRegistration));
-		when(this.authorizedClientRepository.saveAuthorizedClient(any(), any(), any()))
-				.thenReturn(Mono.empty());
+		when(this.clientRegistrationRepository.findByRegistrationId(any())).thenReturn(Mono.just(clientRegistration));
+		when(this.authorizedClientRepository.saveAuthorizedClient(any(), any(), any())).thenReturn(Mono.empty());
 		when(this.authenticationManager.authenticate(any()))
 				.thenReturn(Mono.just(TestOAuth2AuthorizationCodeAuthenticationTokens.authenticated()));
 
@@ -172,10 +167,9 @@ public class OAuth2AuthorizationCodeGrantWebFilterTests {
 		Map<String, String> parameters = new LinkedHashMap<>();
 		parameters.put("param1", "value1");
 		parameters.put("param2", "value2");
-		MockServerHttpRequest authorizationRequest =
-				createAuthorizationRequest("/authorization/callback", parameters);
-		OAuth2AuthorizationRequest oauth2AuthorizationRequest =
-				createOAuth2AuthorizationRequest(authorizationRequest, clientRegistration);
+		MockServerHttpRequest authorizationRequest = createAuthorizationRequest("/authorization/callback", parameters);
+		OAuth2AuthorizationRequest oauth2AuthorizationRequest = createOAuth2AuthorizationRequest(authorizationRequest,
+				clientRegistration);
 		when(this.authorizationRequestRepository.loadAuthorizationRequest(any()))
 				.thenReturn(Mono.just(oauth2AuthorizationRequest));
 		when(this.authorizationRequestRepository.removeAuthorizationRequest(any()))
@@ -183,13 +177,14 @@ public class OAuth2AuthorizationCodeGrantWebFilterTests {
 
 		MockServerHttpRequest authorizationResponse = createAuthorizationResponse(authorizationRequest);
 		MockServerWebExchange exchange = MockServerWebExchange.from(authorizationResponse);
-		DefaultWebFilterChain chain = new DefaultWebFilterChain(
-				e -> e.getResponse().setComplete(), Collections.emptyList());
+		DefaultWebFilterChain chain = new DefaultWebFilterChain(e -> e.getResponse().setComplete(),
+				Collections.emptyList());
 
 		this.filter.filter(exchange, chain).block();
 		verify(this.authenticationManager, times(1)).authenticate(any());
 
-		// 2) redirect_uri with query parameters AND authorization response additional parameters
+		// 2) redirect_uri with query parameters AND authorization response additional
+		// parameters
 		Map<String, String> additionalParameters = new LinkedHashMap<>();
 		additionalParameters.put("auth-param1", "value1");
 		additionalParameters.put("auth-param2", "value2");
@@ -207,11 +202,10 @@ public class OAuth2AuthorizationCodeGrantWebFilterTests {
 		Map<String, String> parameters = new LinkedHashMap<>();
 		parameters.put("param1", "value1");
 		parameters.put("param2", "value2");
-		MockServerHttpRequest authorizationRequest =
-				createAuthorizationRequest(requestUri, parameters);
+		MockServerHttpRequest authorizationRequest = createAuthorizationRequest(requestUri, parameters);
 		ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build();
-		OAuth2AuthorizationRequest oauth2AuthorizationRequest =
-				createOAuth2AuthorizationRequest(authorizationRequest, clientRegistration);
+		OAuth2AuthorizationRequest oauth2AuthorizationRequest = createOAuth2AuthorizationRequest(authorizationRequest,
+				clientRegistration);
 		when(this.authorizationRequestRepository.loadAuthorizationRequest(any()))
 				.thenReturn(Mono.just(oauth2AuthorizationRequest));
 
@@ -221,8 +215,8 @@ public class OAuth2AuthorizationCodeGrantWebFilterTests {
 		MockServerHttpRequest authorizationResponse = createAuthorizationResponse(
 				createAuthorizationRequest(requestUri, parametersNotMatch));
 		MockServerWebExchange exchange = MockServerWebExchange.from(authorizationResponse);
-		DefaultWebFilterChain chain = new DefaultWebFilterChain(
-				e -> e.getResponse().setComplete(), Collections.emptyList());
+		DefaultWebFilterChain chain = new DefaultWebFilterChain(e -> e.getResponse().setComplete(),
+				Collections.emptyList());
 
 		this.filter.filter(exchange, chain).block();
 		verifyNoInteractions(this.authenticationManager);
@@ -231,8 +225,7 @@ public class OAuth2AuthorizationCodeGrantWebFilterTests {
 		parametersNotMatch = new LinkedHashMap<>();
 		parametersNotMatch.put("param2", "value2");
 		parametersNotMatch.put("param1", "value1");
-		authorizationResponse = createAuthorizationResponse(
-				createAuthorizationRequest(requestUri, parametersNotMatch));
+		authorizationResponse = createAuthorizationResponse(createAuthorizationRequest(requestUri, parametersNotMatch));
 		exchange = MockServerWebExchange.from(authorizationResponse);
 
 		this.filter.filter(exchange, chain).block();
@@ -241,8 +234,7 @@ public class OAuth2AuthorizationCodeGrantWebFilterTests {
 		// 3) Parameter missing
 		parametersNotMatch = new LinkedHashMap<>(parameters);
 		parametersNotMatch.remove("param2");
-		authorizationResponse = createAuthorizationResponse(
-				createAuthorizationRequest(requestUri, parametersNotMatch));
+		authorizationResponse = createAuthorizationResponse(createAuthorizationRequest(requestUri, parametersNotMatch));
 		exchange = MockServerWebExchange.from(authorizationResponse);
 
 		this.filter.filter(exchange, chain).block();
@@ -252,16 +244,14 @@ public class OAuth2AuthorizationCodeGrantWebFilterTests {
 	@Test
 	public void filterWhenAuthorizationSucceedsAndRequestCacheConfiguredThenRequestCacheUsed() {
 		ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build();
-		when(this.clientRegistrationRepository.findByRegistrationId(any()))
-				.thenReturn(Mono.just(clientRegistration));
-		when(this.authorizedClientRepository.saveAuthorizedClient(any(), any(), any()))
-				.thenReturn(Mono.empty());
+		when(this.clientRegistrationRepository.findByRegistrationId(any())).thenReturn(Mono.just(clientRegistration));
+		when(this.authorizedClientRepository.saveAuthorizedClient(any(), any(), any())).thenReturn(Mono.empty());
 		when(this.authenticationManager.authenticate(any()))
 				.thenReturn(Mono.just(TestOAuth2AuthorizationCodeAuthenticationTokens.authenticated()));
 
 		MockServerHttpRequest authorizationRequest = createAuthorizationRequest("/authorization/callback");
-		OAuth2AuthorizationRequest oauth2AuthorizationRequest =
-				createOAuth2AuthorizationRequest(authorizationRequest, clientRegistration);
+		OAuth2AuthorizationRequest oauth2AuthorizationRequest = createOAuth2AuthorizationRequest(authorizationRequest,
+				clientRegistration);
 		when(this.authorizationRequestRepository.loadAuthorizationRequest(any()))
 				.thenReturn(Mono.just(oauth2AuthorizationRequest));
 		when(this.authorizationRequestRepository.removeAuthorizationRequest(any()))
@@ -269,11 +259,12 @@ public class OAuth2AuthorizationCodeGrantWebFilterTests {
 
 		MockServerHttpRequest authorizationResponse = createAuthorizationResponse(authorizationRequest);
 		MockServerWebExchange exchange = MockServerWebExchange.from(authorizationResponse);
-		DefaultWebFilterChain chain = new DefaultWebFilterChain(
-				e -> e.getResponse().setComplete(), Collections.emptyList());
+		DefaultWebFilterChain chain = new DefaultWebFilterChain(e -> e.getResponse().setComplete(),
+				Collections.emptyList());
 
 		ServerRequestCache requestCache = mock(ServerRequestCache.class);
-		when(requestCache.getRedirectUri(any(ServerWebExchange.class))).thenReturn(Mono.just(URI.create("/saved-request")));
+		when(requestCache.getRedirectUri(any(ServerWebExchange.class)))
+				.thenReturn(Mono.just(URI.create("/saved-request")));
 
 		this.filter.setRequestCache(requestCache);
 
@@ -289,10 +280,9 @@ public class OAuth2AuthorizationCodeGrantWebFilterTests {
 		ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build();
 		when(this.clientRegistrationRepository.findByRegistrationId(any())).thenReturn(Mono.empty());
 
-		MockServerHttpRequest authorizationRequest =
-				createAuthorizationRequest("/authorization/callback");
-		OAuth2AuthorizationRequest oauth2AuthorizationRequest =
-				createOAuth2AuthorizationRequest(authorizationRequest, clientRegistration);
+		MockServerHttpRequest authorizationRequest = createAuthorizationRequest("/authorization/callback");
+		OAuth2AuthorizationRequest oauth2AuthorizationRequest = createOAuth2AuthorizationRequest(authorizationRequest,
+				clientRegistration);
 		when(this.authorizationRequestRepository.loadAuthorizationRequest(any()))
 				.thenReturn(Mono.just(oauth2AuthorizationRequest));
 		when(this.authorizationRequestRepository.removeAuthorizationRequest(any()))
@@ -300,13 +290,12 @@ public class OAuth2AuthorizationCodeGrantWebFilterTests {
 
 		MockServerHttpRequest authorizationResponse = createAuthorizationResponse(authorizationRequest);
 		MockServerWebExchange exchange = MockServerWebExchange.from(authorizationResponse);
-		DefaultWebFilterChain chain = new DefaultWebFilterChain(
-				e -> e.getResponse().setComplete(), Collections.emptyList());
+		DefaultWebFilterChain chain = new DefaultWebFilterChain(e -> e.getResponse().setComplete(),
+				Collections.emptyList());
 
 		assertThatThrownBy(() -> this.filter.filter(exchange, chain).block())
 				.isInstanceOf(OAuth2AuthenticationException.class)
-				.extracting(ex -> ((OAuth2AuthenticationException) ex).getError())
-				.extracting("errorCode")
+				.extracting(ex -> ((OAuth2AuthenticationException) ex).getError()).extracting("errorCode")
 				.isEqualTo("client_registration_not_found");
 		verifyNoInteractions(this.authenticationManager);
 	}
@@ -315,13 +304,11 @@ public class OAuth2AuthorizationCodeGrantWebFilterTests {
 	@Test
 	public void filterWhenAuthenticationManagerThrowsOAuth2AuthorizationExceptionThenMappedToOAuth2AuthenticationException() {
 		ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build();
-		when(this.clientRegistrationRepository.findByRegistrationId(any()))
-				.thenReturn(Mono.just(clientRegistration));
+		when(this.clientRegistrationRepository.findByRegistrationId(any())).thenReturn(Mono.just(clientRegistration));
 
-		MockServerHttpRequest authorizationRequest =
-				createAuthorizationRequest("/authorization/callback");
-		OAuth2AuthorizationRequest oauth2AuthorizationRequest =
-				createOAuth2AuthorizationRequest(authorizationRequest, clientRegistration);
+		MockServerHttpRequest authorizationRequest = createAuthorizationRequest("/authorization/callback");
+		OAuth2AuthorizationRequest oauth2AuthorizationRequest = createOAuth2AuthorizationRequest(authorizationRequest,
+				clientRegistration);
 		when(this.authorizationRequestRepository.loadAuthorizationRequest(any()))
 				.thenReturn(Mono.just(oauth2AuthorizationRequest));
 		when(this.authorizationRequestRepository.removeAuthorizationRequest(any()))
@@ -332,13 +319,12 @@ public class OAuth2AuthorizationCodeGrantWebFilterTests {
 
 		MockServerHttpRequest authorizationResponse = createAuthorizationResponse(authorizationRequest);
 		MockServerWebExchange exchange = MockServerWebExchange.from(authorizationResponse);
-		DefaultWebFilterChain chain = new DefaultWebFilterChain(
-				e -> e.getResponse().setComplete(), Collections.emptyList());
+		DefaultWebFilterChain chain = new DefaultWebFilterChain(e -> e.getResponse().setComplete(),
+				Collections.emptyList());
 
 		assertThatThrownBy(() -> this.filter.filter(exchange, chain).block())
 				.isInstanceOf(OAuth2AuthenticationException.class)
-				.extracting(ex -> ((OAuth2AuthenticationException) ex).getError())
-				.extracting("errorCode")
+				.extracting(ex -> ((OAuth2AuthenticationException) ex).getError()).extracting("errorCode")
 				.isEqualTo("authorization_error");
 	}
 
@@ -346,10 +332,7 @@ public class OAuth2AuthorizationCodeGrantWebFilterTests {
 			MockServerHttpRequest authorizationRequest, ClientRegistration registration) {
 		Map<String, Object> attributes = new HashMap<>();
 		attributes.put(OAuth2ParameterNames.REGISTRATION_ID, registration.getRegistrationId());
-		return request()
-				.attributes(attributes)
-				.redirectUri(authorizationRequest.getURI().toString())
-				.build();
+		return request().attributes(attributes).redirectUri(authorizationRequest.getURI().toString()).build();
 	}
 
 	private static MockServerHttpRequest createAuthorizationRequest(String requestUri) {
@@ -357,8 +340,7 @@ public class OAuth2AuthorizationCodeGrantWebFilterTests {
 	}
 
 	private static MockServerHttpRequest createAuthorizationRequest(String requestUri, Map<String, String> parameters) {
-		MockServerHttpRequest.BaseBuilder<?> builder = MockServerHttpRequest
-				.get(requestUri);
+		MockServerHttpRequest.BaseBuilder<?> builder = MockServerHttpRequest.get(requestUri);
 		if (!CollectionUtils.isEmpty(parameters)) {
 			parameters.forEach(builder::queryParam);
 		}
@@ -369,8 +351,8 @@ public class OAuth2AuthorizationCodeGrantWebFilterTests {
 		return createAuthorizationResponse(authorizationRequest, new LinkedHashMap<>());
 	}
 
-	private static MockServerHttpRequest createAuthorizationResponse(
-			MockServerHttpRequest authorizationRequest, Map<String, String> additionalParameters) {
+	private static MockServerHttpRequest createAuthorizationResponse(MockServerHttpRequest authorizationRequest,
+			Map<String, String> additionalParameters) {
 		MockServerHttpRequest.BaseBuilder<?> builder = MockServerHttpRequest
 				.get(authorizationRequest.getURI().toString());
 		builder.queryParam(OAuth2ParameterNames.CODE, "code");
@@ -379,4 +361,5 @@ public class OAuth2AuthorizationCodeGrantWebFilterTests {
 		builder.cookies(authorizationRequest.getCookies());
 		return builder.build();
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationRequestRedirectWebFilterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationRequestRedirectWebFilterTests.java
index dd5d8443db..6a146fae58 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationRequestRedirectWebFilterTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationRequestRedirectWebFilterTests.java
@@ -48,6 +48,7 @@ import static org.mockito.Mockito.when;
  */
 @RunWith(MockitoJUnitRunner.class)
 public class OAuth2AuthorizationRequestRedirectWebFilterTests {
+
 	@Mock
 	private ReactiveClientRegistrationRepository clientRepository;
 
@@ -67,27 +68,25 @@ public class OAuth2AuthorizationRequestRedirectWebFilterTests {
 	public void setup() {
 		this.filter = new OAuth2AuthorizationRequestRedirectWebFilter(this.clientRepository);
 		this.filter.setAuthorizationRequestRepository(this.authzRequestRepository);
-		FilteringWebHandler webHandler = new FilteringWebHandler(e -> e.getResponse().setComplete(), Arrays.asList(this.filter));
+		FilteringWebHandler webHandler = new FilteringWebHandler(e -> e.getResponse().setComplete(),
+				Arrays.asList(this.filter));
 
 		this.client = WebTestClient.bindToWebHandler(webHandler).build();
-		when(this.clientRepository.findByRegistrationId(this.registration.getRegistrationId())).thenReturn(
-				Mono.just(this.registration));
-		when(this.authzRequestRepository.saveAuthorizationRequest(any(), any())).thenReturn(
-				Mono.empty());
+		when(this.clientRepository.findByRegistrationId(this.registration.getRegistrationId()))
+				.thenReturn(Mono.just(this.registration));
+		when(this.authzRequestRepository.saveAuthorizationRequest(any(), any())).thenReturn(Mono.empty());
 	}
 
 	@Test
 	public void constructorWhenClientRegistrationRepositoryNullThenIllegalArgumentException() {
 		this.clientRepository = null;
 		assertThatThrownBy(() -> new OAuth2AuthorizationRequestRedirectWebFilter(this.clientRepository))
-			.isInstanceOf(IllegalArgumentException.class);
+				.isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
 	public void filterWhenDoesNotMatchThenClientRegistrationRepositoryNotSubscribed() {
-		this.client.get()
-				.exchange()
-				.expectStatus().isOk();
+		this.client.get().exchange().expectStatus().isOk();
 
 		verifyZeroInteractions(this.clientRepository, this.authzRequestRepository);
 	}
@@ -95,18 +94,13 @@ public class OAuth2AuthorizationRequestRedirectWebFilterTests {
 	@Test
 	public void filterWhenDoesMatchThenClientRegistrationRepositoryNotSubscribed() {
 		FluxExchangeResult<String> result = this.client.get()
-				.uri("https://example.com/oauth2/authorization/registration-id").exchange()
-				.expectStatus().is3xxRedirection().returnResult(String.class);
+				.uri("https://example.com/oauth2/authorization/registration-id").exchange().expectStatus()
+				.is3xxRedirection().returnResult(String.class);
 		result.assertWithDiagnostics(() -> {
 			URI location = result.getResponseHeaders().getLocation();
-			assertThat(location)
-					.hasScheme("https")
-					.hasHost("example.com")
-					.hasPath("/login/oauth/authorize")
-					.hasParameter("response_type", "code")
-					.hasParameter("client_id", "client-id")
-					.hasParameter("scope", "read:user")
-					.hasParameter("state")
+			assertThat(location).hasScheme("https").hasHost("example.com").hasPath("/login/oauth/authorize")
+					.hasParameter("response_type", "code").hasParameter("client_id", "client-id")
+					.hasParameter("scope", "read:user").hasParameter("state")
 					.hasParameter("redirect_uri", "https://example.com/login/oauth2/code/registration-id");
 		});
 		verify(this.authzRequestRepository).saveAuthorizationRequest(any(), any());
@@ -116,32 +110,25 @@ public class OAuth2AuthorizationRequestRedirectWebFilterTests {
 	@Test
 	public void filterWhenDoesMatchThenResolveRedirectUriExpandedExcludesQueryString() {
 		FluxExchangeResult<String> result = this.client.get()
-				.uri("https://example.com/oauth2/authorization/registration-id?foo=bar").exchange()
-				.expectStatus().is3xxRedirection().returnResult(String.class);
+				.uri("https://example.com/oauth2/authorization/registration-id?foo=bar").exchange().expectStatus()
+				.is3xxRedirection().returnResult(String.class);
 		result.assertWithDiagnostics(() -> {
 			URI location = result.getResponseHeaders().getLocation();
-			assertThat(location)
-					.hasScheme("https")
-					.hasHost("example.com")
-					.hasPath("/login/oauth/authorize")
-					.hasParameter("response_type", "code")
-					.hasParameter("client_id", "client-id")
-					.hasParameter("scope", "read:user")
-					.hasParameter("state")
+			assertThat(location).hasScheme("https").hasHost("example.com").hasPath("/login/oauth/authorize")
+					.hasParameter("response_type", "code").hasParameter("client_id", "client-id")
+					.hasParameter("scope", "read:user").hasParameter("state")
 					.hasParameter("redirect_uri", "https://example.com/login/oauth2/code/registration-id");
 		});
 	}
 
 	@Test
 	public void filterWhenExceptionThenRedirected() {
-		FilteringWebHandler webHandler = new FilteringWebHandler(e -> Mono.error(new ClientAuthorizationRequiredException(this.registration
-				.getRegistrationId())), Arrays.asList(this.filter));
+		FilteringWebHandler webHandler = new FilteringWebHandler(
+				e -> Mono.error(new ClientAuthorizationRequiredException(this.registration.getRegistrationId())),
+				Arrays.asList(this.filter));
 		this.client = WebTestClient.bindToWebHandler(webHandler).build();
-		FluxExchangeResult<String> result = this.client.get()
-				.uri("https://example.com/foo").exchange()
-				.expectStatus()
-				.is3xxRedirection()
-				.returnResult(String.class);
+		FluxExchangeResult<String> result = this.client.get().uri("https://example.com/foo").exchange().expectStatus()
+				.is3xxRedirection().returnResult(String.class);
 	}
 
 	@Test
@@ -152,11 +139,7 @@ public class OAuth2AuthorizationRequestRedirectWebFilterTests {
 				e -> Mono.error(new ClientAuthorizationRequiredException(this.registration.getRegistrationId())),
 				Arrays.asList(this.filter));
 		this.client = WebTestClient.bindToWebHandler(webHandler).build();
-		this.client.get()
-				.uri("https://example.com/foo")
-				.exchange()
-				.expectStatus()
-				.is3xxRedirection()
+		this.client.get().uri("https://example.com/foo").exchange().expectStatus().is3xxRedirection()
 				.returnResult(String.class);
 		verify(this.requestCache).saveRequest(any());
 	}
@@ -164,12 +147,9 @@ public class OAuth2AuthorizationRequestRedirectWebFilterTests {
 	@Test
 	public void filterWhenPathMatchesThenRequestSessionAttributeNotSaved() {
 		this.filter.setRequestCache(this.requestCache);
-		this.client.get()
-				.uri("https://example.com/oauth2/authorization/registration-id")
-				.exchange()
-				.expectStatus()
-				.is3xxRedirection()
-				.returnResult(String.class);
+		this.client.get().uri("https://example.com/oauth2/authorization/registration-id").exchange().expectStatus()
+				.is3xxRedirection().returnResult(String.class);
 		verifyZeroInteractions(this.requestCache);
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizationCodeAuthenticationTokenConverterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizationCodeAuthenticationTokenConverterTests.java
index feb4ab5d7c..75e833fa86 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizationCodeAuthenticationTokenConverterTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizationCodeAuthenticationTokenConverterTests.java
@@ -48,6 +48,7 @@ import static org.mockito.Mockito.when;
  */
 @RunWith(MockitoJUnitRunner.class)
 public class ServerOAuth2AuthorizationCodeAuthenticationTokenConverterTests {
+
 	@Mock
 	private ReactiveClientRegistrationRepository clientRegistrationRepository;
 
@@ -59,22 +60,14 @@ public class ServerOAuth2AuthorizationCodeAuthenticationTokenConverterTests {
 	private ClientRegistration clientRegistration = ClientRegistration.withRegistrationId(this.clientRegistrationId)
 			.redirectUri("{baseUrl}/{action}/oauth2/code/{registrationId}")
 			.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
-			.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
-			.scope("read:user")
+			.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).scope("read:user")
 			.authorizationUri("https://github.com/login/oauth/authorize")
-			.tokenUri("https://github.com/login/oauth/access_token")
-			.userInfoUri("https://api.github.com/user")
-			.userNameAttributeName("id")
-			.clientName("GitHub")
-			.clientId("clientId")
-			.clientSecret("clientSecret")
-			.build();
+			.tokenUri("https://github.com/login/oauth/access_token").userInfoUri("https://api.github.com/user")
+			.userNameAttributeName("id").clientName("GitHub").clientId("clientId").clientSecret("clientSecret").build();
 
 	private OAuth2AuthorizationRequest.Builder authorizationRequest = OAuth2AuthorizationRequest.authorizationCode()
-			.authorizationUri("https://example.com/oauth2/authorize")
-			.clientId("client-id")
-			.redirectUri("http://localhost/client-1")
-			.state("state")
+			.authorizationUri("https://example.com/oauth2/authorize").clientId("client-id")
+			.redirectUri("http://localhost/client-1").state("state")
 			.attributes(Collections.singletonMap(OAuth2ParameterNames.REGISTRATION_ID, this.clientRegistrationId));
 
 	private final MockServerHttpRequest.BaseBuilder<?> request = MockServerHttpRequest.get("/");
@@ -83,7 +76,8 @@ public class ServerOAuth2AuthorizationCodeAuthenticationTokenConverterTests {
 
 	@Before
 	public void setup() {
-		this.converter = new ServerOAuth2AuthorizationCodeAuthenticationTokenConverter(this.clientRegistrationRepository);
+		this.converter = new ServerOAuth2AuthorizationCodeAuthenticationTokenConverter(
+				this.clientRegistrationRepository);
 		this.converter.setAuthorizationRequestRepository(this.authorizationRequestRepository);
 	}
 
@@ -91,35 +85,38 @@ public class ServerOAuth2AuthorizationCodeAuthenticationTokenConverterTests {
 	public void applyWhenAuthorizationRequestEmptyThenOAuth2AuthorizationException() {
 		when(this.authorizationRequestRepository.removeAuthorizationRequest(any())).thenReturn(Mono.empty());
 
-		assertThatThrownBy(() -> applyConverter())
-				.isInstanceOf(OAuth2AuthorizationException.class);
+		assertThatThrownBy(() -> applyConverter()).isInstanceOf(OAuth2AuthorizationException.class);
 	}
 
 	@Test
 	public void applyWhenAttributesMissingThenOAuth2AuthorizationException() {
 		this.authorizationRequest.attributes(Map::clear);
-		when(this.authorizationRequestRepository.removeAuthorizationRequest(any())).thenReturn(Mono.just(this.authorizationRequest.build()));
+		when(this.authorizationRequestRepository.removeAuthorizationRequest(any()))
+				.thenReturn(Mono.just(this.authorizationRequest.build()));
 
-		assertThatThrownBy(() -> applyConverter())
-				.isInstanceOf(OAuth2AuthorizationException.class)
-				.hasMessageContaining(ServerOAuth2AuthorizationCodeAuthenticationTokenConverter.CLIENT_REGISTRATION_NOT_FOUND_ERROR_CODE);
+		assertThatThrownBy(() -> applyConverter()).isInstanceOf(OAuth2AuthorizationException.class)
+				.hasMessageContaining(
+						ServerOAuth2AuthorizationCodeAuthenticationTokenConverter.CLIENT_REGISTRATION_NOT_FOUND_ERROR_CODE);
 	}
 
 	@Test
 	public void applyWhenClientRegistrationMissingThenOAuth2AuthorizationException() {
-		when(this.authorizationRequestRepository.removeAuthorizationRequest(any())).thenReturn(Mono.just(this.authorizationRequest.build()));
+		when(this.authorizationRequestRepository.removeAuthorizationRequest(any()))
+				.thenReturn(Mono.just(this.authorizationRequest.build()));
 		when(this.clientRegistrationRepository.findByRegistrationId(any())).thenReturn(Mono.empty());
 
-		assertThatThrownBy(() -> applyConverter())
-				.isInstanceOf(OAuth2AuthorizationException.class)
-				.hasMessageContaining(ServerOAuth2AuthorizationCodeAuthenticationTokenConverter.CLIENT_REGISTRATION_NOT_FOUND_ERROR_CODE);
+		assertThatThrownBy(() -> applyConverter()).isInstanceOf(OAuth2AuthorizationException.class)
+				.hasMessageContaining(
+						ServerOAuth2AuthorizationCodeAuthenticationTokenConverter.CLIENT_REGISTRATION_NOT_FOUND_ERROR_CODE);
 	}
 
 	@Test
 	public void applyWhenCodeParameterNotFoundThenErrorCode() {
 		this.request.queryParam(OAuth2ParameterNames.ERROR, "error");
-		when(this.authorizationRequestRepository.removeAuthorizationRequest(any())).thenReturn(Mono.just(this.authorizationRequest.build()));
-		when(this.clientRegistrationRepository.findByRegistrationId(any())).thenReturn(Mono.just(this.clientRegistration));
+		when(this.authorizationRequestRepository.removeAuthorizationRequest(any()))
+				.thenReturn(Mono.just(this.authorizationRequest.build()));
+		when(this.clientRegistrationRepository.findByRegistrationId(any()))
+				.thenReturn(Mono.just(this.clientRegistration));
 
 		assertThat(applyConverter().getAuthorizationExchange().getAuthorizationResponse().getError().getErrorCode())
 				.isEqualTo("error");
@@ -128,13 +125,14 @@ public class ServerOAuth2AuthorizationCodeAuthenticationTokenConverterTests {
 	@Test
 	public void applyWhenCodeParameterFoundThenCode() {
 		this.request.queryParam(OAuth2ParameterNames.CODE, "code");
-		when(this.authorizationRequestRepository.removeAuthorizationRequest(any())).thenReturn(Mono.just(this.authorizationRequest.build()));
-		when(this.clientRegistrationRepository.findByRegistrationId(any())).thenReturn(Mono.just(this.clientRegistration));
+		when(this.authorizationRequestRepository.removeAuthorizationRequest(any()))
+				.thenReturn(Mono.just(this.authorizationRequest.build()));
+		when(this.clientRegistrationRepository.findByRegistrationId(any()))
+				.thenReturn(Mono.just(this.clientRegistration));
 
 		OAuth2AuthorizationCodeAuthenticationToken result = applyConverter();
 
-		OAuth2AuthorizationResponse exchange = result
-				.getAuthorizationExchange().getAuthorizationResponse();
+		OAuth2AuthorizationResponse exchange = result.getAuthorizationExchange().getAuthorizationResponse();
 		assertThat(exchange.getError()).isNull();
 		assertThat(exchange.getCode()).isEqualTo("code");
 	}
@@ -143,4 +141,5 @@ public class ServerOAuth2AuthorizationCodeAuthenticationTokenConverterTests {
 		MockServerWebExchange exchange = MockServerWebExchange.from(this.request);
 		return (OAuth2AuthorizationCodeAuthenticationToken) this.converter.convert(exchange).block();
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/UnAuthenticatedServerOAuth2AuthorizedClientRepositoryTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/UnAuthenticatedServerOAuth2AuthorizedClientRepositoryTests.java
index 67486bebf1..1a3f6632c9 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/UnAuthenticatedServerOAuth2AuthorizedClientRepositoryTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/UnAuthenticatedServerOAuth2AuthorizedClientRepositoryTests.java
@@ -37,8 +37,8 @@ import static org.assertj.core.api.Assertions.*;
  * @author Rob Winch
  */
 public class UnAuthenticatedServerOAuth2AuthorizedClientRepositoryTests {
-	private UnAuthenticatedServerOAuth2AuthorizedClientRepository repository =
-		new UnAuthenticatedServerOAuth2AuthorizedClientRepository();
+
+	private UnAuthenticatedServerOAuth2AuthorizedClientRepository repository = new UnAuthenticatedServerOAuth2AuthorizedClientRepository();
 
 	private ClientRegistration clientRegistration = TestClientRegistrations.clientCredentials().build();
 
@@ -46,7 +46,8 @@ public class UnAuthenticatedServerOAuth2AuthorizedClientRepositoryTests {
 
 	private ServerWebExchange exchange;
 
-	private Authentication anonymous = new AnonymousAuthenticationToken("key", "anonymous", AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS"));
+	private Authentication anonymous = new AnonymousAuthenticationToken("key", "anonymous",
+			AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS"));
 
 	private Authentication authentication;
 
@@ -63,47 +64,53 @@ public class UnAuthenticatedServerOAuth2AuthorizedClientRepositoryTests {
 	@Test
 	public void loadAuthorizedClientWhenClientRegistrationIdNullThenIllegalArgumentException() {
 		this.clientRegistrationId = null;
-		assertThatThrownBy(() -> this.repository.loadAuthorizedClient(this.clientRegistrationId, this.authentication, this.exchange).block())
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatThrownBy(() -> this.repository
+				.loadAuthorizedClient(this.clientRegistrationId, this.authentication, this.exchange).block())
+						.isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
 	public void loadAuthorizedClientWhenAuthenticationNotNullThenIllegalArgumentException() {
 		this.authentication = new TestingAuthenticationToken("a", "b", "ROLE_USER");
-		assertThatThrownBy(() -> this.repository.loadAuthorizedClient(this.clientRegistrationId, this.authentication, this.exchange).block())
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatThrownBy(() -> this.repository
+				.loadAuthorizedClient(this.clientRegistrationId, this.authentication, this.exchange).block())
+						.isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
 	public void loadAuthorizedClientWhenServerWebExchangeNotNullThenIllegalArgumentException() {
 		this.exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/").build());
-		assertThatThrownBy(() -> this.repository.loadAuthorizedClient(this.clientRegistrationId, this.authentication, this.exchange).block())
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatThrownBy(() -> this.repository
+				.loadAuthorizedClient(this.clientRegistrationId, this.authentication, this.exchange).block())
+						.isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
 	public void loadAuthorizedClientWhenNotFoundThenEmpty() {
-		assertThat(this.repository.loadAuthorizedClient(this.clientRegistrationId, this.authentication, this.exchange).block()).isNull();
+		assertThat(this.repository.loadAuthorizedClient(this.clientRegistrationId, this.authentication, this.exchange)
+				.block()).isNull();
 	}
 
 	@Test
 	public void loadAuthorizedClientWhenFoundThenFound() {
 		this.repository.saveAuthorizedClient(this.authorizedClient, this.authentication, this.exchange).block();
 
-		assertThat(this.repository.loadAuthorizedClient(this.clientRegistrationId, this.authentication, this.exchange).block()).isEqualTo(this.authorizedClient);
+		assertThat(this.repository.loadAuthorizedClient(this.clientRegistrationId, this.authentication, this.exchange)
+				.block()).isEqualTo(this.authorizedClient);
 	}
 
 	@Test
 	public void loadAuthorizedClientWhenMultipleThenFound() {
 		ClientRegistration otherClientRegistration = TestClientRegistrations.clientRegistration()
-				.registrationId("other-client-registration")
-				.build();
-		OAuth2AuthorizedClient otherAuthorizedClient = new OAuth2AuthorizedClient(otherClientRegistration, "anonymousUser", this.authorizedClient.getAccessToken());
+				.registrationId("other-client-registration").build();
+		OAuth2AuthorizedClient otherAuthorizedClient = new OAuth2AuthorizedClient(otherClientRegistration,
+				"anonymousUser", this.authorizedClient.getAccessToken());
 
 		this.repository.saveAuthorizedClient(this.authorizedClient, this.authentication, this.exchange).block();
 		this.repository.saveAuthorizedClient(otherAuthorizedClient, this.authentication, this.exchange).block();
 
-		assertThat(this.repository.loadAuthorizedClient(this.clientRegistrationId, this.authentication, this.exchange).block()).isEqualTo(this.authorizedClient);
+		assertThat(this.repository.loadAuthorizedClient(this.clientRegistrationId, this.authentication, this.exchange)
+				.block()).isEqualTo(this.authorizedClient);
 	}
 
 	@Test
@@ -111,7 +118,8 @@ public class UnAuthenticatedServerOAuth2AuthorizedClientRepositoryTests {
 		this.authentication = this.anonymous;
 		this.repository.saveAuthorizedClient(this.authorizedClient, this.authentication, this.exchange).block();
 
-		assertThat(this.repository.loadAuthorizedClient(this.clientRegistrationId, this.authentication, this.exchange).block()).isEqualTo(this.authorizedClient);
+		assertThat(this.repository.loadAuthorizedClient(this.clientRegistrationId, this.authentication, this.exchange)
+				.block()).isEqualTo(this.authorizedClient);
 	}
 
 	// saveAuthorizedClient
@@ -119,22 +127,25 @@ public class UnAuthenticatedServerOAuth2AuthorizedClientRepositoryTests {
 	@Test
 	public void saveAuthorizedClientWhenAuthorizedClientNullThenIllegalArgumentException() {
 		this.authorizedClient = null;
-		assertThatThrownBy(() -> this.repository.saveAuthorizedClient(this.authorizedClient, this.authentication, this.exchange).block())
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatThrownBy(() -> this.repository
+				.saveAuthorizedClient(this.authorizedClient, this.authentication, this.exchange).block())
+						.isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
 	public void saveAuthorizedClientWhenAuthenticationNotNullThenIllegalArgumentException() {
 		this.authentication = new TestingAuthenticationToken("a", "b", "ROLE_USER");
-		assertThatThrownBy(() -> this.repository.saveAuthorizedClient(this.authorizedClient, this.authentication, this.exchange).block())
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatThrownBy(() -> this.repository
+				.saveAuthorizedClient(this.authorizedClient, this.authentication, this.exchange).block())
+						.isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
 	public void saveAuthorizedClientWhenServerWebExchangeNotNullThenIllegalArgumentException() {
 		this.exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/").build());
-		assertThatThrownBy(() -> this.repository.saveAuthorizedClient(this.authorizedClient, this.authentication, this.exchange).block())
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatThrownBy(() -> this.repository
+				.saveAuthorizedClient(this.authorizedClient, this.authentication, this.exchange).block())
+						.isInstanceOf(IllegalArgumentException.class);
 	}
 
 	// removeAuthorizedClient
@@ -142,22 +153,25 @@ public class UnAuthenticatedServerOAuth2AuthorizedClientRepositoryTests {
 	@Test
 	public void removeAuthorizedClientWhenClientRegistrationIdNullThenIllegalArgumentException() {
 		this.clientRegistrationId = null;
-		assertThatThrownBy(() -> this.repository.removeAuthorizedClient(this.clientRegistrationId, this.authentication, this.exchange).block())
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatThrownBy(() -> this.repository
+				.removeAuthorizedClient(this.clientRegistrationId, this.authentication, this.exchange).block())
+						.isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
 	public void removeAuthorizedClientWhenAuthenticationNotNullThenIllegalArgumentException() {
 		this.authentication = new TestingAuthenticationToken("a", "b", "ROLE_USER");
-		assertThatThrownBy(() -> this.repository.removeAuthorizedClient(this.clientRegistrationId, this.authentication, this.exchange).block())
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatThrownBy(() -> this.repository
+				.removeAuthorizedClient(this.clientRegistrationId, this.authentication, this.exchange).block())
+						.isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
 	public void removeAuthorizedClientWhenServerWebExchangeNotNullThenIllegalArgumentException() {
 		this.exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/").build());
-		assertThatThrownBy(() -> this.repository.removeAuthorizedClient(this.clientRegistrationId, this.authentication, this.exchange).block())
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatThrownBy(() -> this.repository
+				.removeAuthorizedClient(this.clientRegistrationId, this.authentication, this.exchange).block())
+						.isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
@@ -165,6 +179,8 @@ public class UnAuthenticatedServerOAuth2AuthorizedClientRepositoryTests {
 		this.repository.saveAuthorizedClient(this.authorizedClient, this.authentication, this.exchange).block();
 		this.repository.removeAuthorizedClient(this.clientRegistrationId, this.authentication, this.exchange).block();
 
-		assertThat(this.repository.loadAuthorizedClient(this.clientRegistrationId, this.authentication, this.exchange).block()).isNull();
+		assertThat(this.repository.loadAuthorizedClient(this.clientRegistrationId, this.authentication, this.exchange)
+				.block()).isNull();
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/WebSessionOAuth2ServerAuthorizationRequestRepositoryTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/WebSessionOAuth2ServerAuthorizationRequestRepositoryTests.java
index b4e11c05be..1130ee5d3e 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/WebSessionOAuth2ServerAuthorizationRequestRepositoryTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/WebSessionOAuth2ServerAuthorizationRequestRepositoryTests.java
@@ -49,61 +49,54 @@ import reactor.test.StepVerifier;
  */
 public class WebSessionOAuth2ServerAuthorizationRequestRepositoryTests {
 
-	private WebSessionOAuth2ServerAuthorizationRequestRepository repository =
-			new WebSessionOAuth2ServerAuthorizationRequestRepository();
+	private WebSessionOAuth2ServerAuthorizationRequestRepository repository = new WebSessionOAuth2ServerAuthorizationRequestRepository();
 
 	private OAuth2AuthorizationRequest authorizationRequest = OAuth2AuthorizationRequest.authorizationCode()
-			.authorizationUri("https://example.com/oauth2/authorize")
-			.clientId("client-id")
-			.redirectUri("http://localhost/client-1")
-			.state("state")
-			.build();
+			.authorizationUri("https://example.com/oauth2/authorize").clientId("client-id")
+			.redirectUri("http://localhost/client-1").state("state").build();
 
-	private ServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/")
-			.queryParam(OAuth2ParameterNames.STATE, "state"));
+	private ServerWebExchange exchange = MockServerWebExchange
+			.from(MockServerHttpRequest.get("/").queryParam(OAuth2ParameterNames.STATE, "state"));
 
 	@Test
 	public void loadAuthorizationRequestWhenNullExchangeThenIllegalArgumentException() {
 		this.exchange = null;
 		assertThatThrownBy(() -> this.repository.loadAuthorizationRequest(this.exchange))
-			.isInstanceOf(IllegalArgumentException.class);
+				.isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
 	public void loadAuthorizationRequestWhenNoSessionThenEmpty() {
-		StepVerifier.create(this.repository.loadAuthorizationRequest(this.exchange))
-				.verifyComplete();
+		StepVerifier.create(this.repository.loadAuthorizationRequest(this.exchange)).verifyComplete();
 
 		assertSessionStartedIs(false);
 	}
 
 	@Test
 	public void loadAuthorizationRequestWhenSessionAndNoRequestThenEmpty() {
-		Mono<OAuth2AuthorizationRequest> setAttrThenLoad = this.exchange.getSession()
-				.map(WebSession::getAttributes).doOnNext(attrs -> attrs.put("foo", "bar"))
+		Mono<OAuth2AuthorizationRequest> setAttrThenLoad = this.exchange.getSession().map(WebSession::getAttributes)
+				.doOnNext(attrs -> attrs.put("foo", "bar"))
 				.then(this.repository.loadAuthorizationRequest(this.exchange));
 
-		StepVerifier.create(setAttrThenLoad)
-				.verifyComplete();
+		StepVerifier.create(setAttrThenLoad).verifyComplete();
 	}
 
 	@Test
 	public void loadAuthorizationRequestWhenNoStateParamThenEmpty() {
 		this.exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/"));
-		Mono<OAuth2AuthorizationRequest> saveAndLoad = this.repository.saveAuthorizationRequest(this.authorizationRequest, this.exchange)
+		Mono<OAuth2AuthorizationRequest> saveAndLoad = this.repository
+				.saveAuthorizationRequest(this.authorizationRequest, this.exchange)
 				.then(this.repository.loadAuthorizationRequest(this.exchange));
 
-		StepVerifier.create(saveAndLoad)
-				.verifyComplete();
+		StepVerifier.create(saveAndLoad).verifyComplete();
 	}
 
 	@Test
 	public void loadAuthorizationRequestWhenSavedThenAuthorizationRequest() {
-		Mono<OAuth2AuthorizationRequest> saveAndLoad = this.repository.saveAuthorizationRequest(this.authorizationRequest, this.exchange)
+		Mono<OAuth2AuthorizationRequest> saveAndLoad = this.repository
+				.saveAuthorizationRequest(this.authorizationRequest, this.exchange)
 				.then(this.repository.loadAuthorizationRequest(this.exchange));
-		StepVerifier.create(saveAndLoad)
-				.expectNext(this.authorizationRequest)
-				.verifyComplete();
+		StepVerifier.create(saveAndLoad).expectNext(this.authorizationRequest).verifyComplete();
 	}
 
 	@Test
@@ -113,30 +106,25 @@ public class WebSessionOAuth2ServerAuthorizationRequestRepositoryTests {
 				.queryParam(OAuth2ParameterNames.STATE, oldState).build();
 
 		OAuth2AuthorizationRequest oldAuthorizationRequest = OAuth2AuthorizationRequest.authorizationCode()
-				.authorizationUri("https://example.com/oauth2/authorize")
-				.clientId("client-id")
-				.redirectUri("http://localhost/client-1")
-				.state(oldState)
-				.build();
+				.authorizationUri("https://example.com/oauth2/authorize").clientId("client-id")
+				.redirectUri("http://localhost/client-1").state(oldState).build();
 
 		WebSessionManager sessionManager = e -> this.exchange.getSession();
 
-		this.exchange = new DefaultServerWebExchange(this.exchange.getRequest(), new MockServerHttpResponse(), sessionManager,
-				ServerCodecConfigurer.create(), new AcceptHeaderLocaleContextResolver());
-		ServerWebExchange oldExchange = new DefaultServerWebExchange(oldRequest, new MockServerHttpResponse(), sessionManager,
-				ServerCodecConfigurer.create(), new AcceptHeaderLocaleContextResolver());
+		this.exchange = new DefaultServerWebExchange(this.exchange.getRequest(), new MockServerHttpResponse(),
+				sessionManager, ServerCodecConfigurer.create(), new AcceptHeaderLocaleContextResolver());
+		ServerWebExchange oldExchange = new DefaultServerWebExchange(oldRequest, new MockServerHttpResponse(),
+				sessionManager, ServerCodecConfigurer.create(), new AcceptHeaderLocaleContextResolver());
 
-		Mono<OAuth2AuthorizationRequest> saveAndSaveAndLoad = this.repository.saveAuthorizationRequest(oldAuthorizationRequest, oldExchange)
+		Mono<OAuth2AuthorizationRequest> saveAndSaveAndLoad = this.repository
+				.saveAuthorizationRequest(oldAuthorizationRequest, oldExchange)
 				.then(this.repository.saveAuthorizationRequest(this.authorizationRequest, this.exchange))
 				.then(this.repository.loadAuthorizationRequest(oldExchange));
 
-		StepVerifier.create(saveAndSaveAndLoad)
-				.expectNext(oldAuthorizationRequest)
-				.verifyComplete();
+		StepVerifier.create(saveAndSaveAndLoad).expectNext(oldAuthorizationRequest).verifyComplete();
 
 		StepVerifier.create(this.repository.loadAuthorizationRequest(this.exchange))
-				.expectNext(this.authorizationRequest)
-				.verifyComplete();
+				.expectNext(this.authorizationRequest).verifyComplete();
 	}
 
 	@Test
@@ -165,8 +153,7 @@ public class WebSessionOAuth2ServerAuthorizationRequestRepositoryTests {
 
 	@Test
 	public void removeAuthorizationRequestWhenNotPresentThenThrowsIllegalArgumentException() {
-		StepVerifier.create(this.repository.removeAuthorizationRequest(this.exchange))
-				.verifyComplete();
+		StepVerifier.create(this.repository.removeAuthorizationRequest(this.exchange)).verifyComplete();
 		assertSessionStartedIs(false);
 	}
 
@@ -176,31 +163,23 @@ public class WebSessionOAuth2ServerAuthorizationRequestRepositoryTests {
 				.saveAuthorizationRequest(this.authorizationRequest, this.exchange)
 				.then(this.repository.removeAuthorizationRequest(this.exchange));
 
-		StepVerifier.create(saveAndRemove).expectNext(this.authorizationRequest)
-				.verifyComplete();
+		StepVerifier.create(saveAndRemove).expectNext(this.authorizationRequest).verifyComplete();
 
-		StepVerifier.create(this.exchange.getSession()
-				.map(WebSession::getAttributes)
-				.map(Map::isEmpty))
-				.expectNext(true)
-				.verifyComplete();
+		StepVerifier.create(this.exchange.getSession().map(WebSession::getAttributes).map(Map::isEmpty))
+				.expectNext(true).verifyComplete();
 	}
 
 	// gh-5599
 	@Test
 	public void removeAuthorizationRequestWhenStateMissingThenNoErrors() {
 		MockServerHttpRequest otherState = MockServerHttpRequest.get("/")
-				.queryParam(OAuth2ParameterNames.STATE, "other")
-				.build();
-		ServerWebExchange otherStateExchange = this.exchange.mutate()
-				.request(otherState)
-				.build();
+				.queryParam(OAuth2ParameterNames.STATE, "other").build();
+		ServerWebExchange otherStateExchange = this.exchange.mutate().request(otherState).build();
 		Mono<OAuth2AuthorizationRequest> saveAndRemove = this.repository
 				.saveAuthorizationRequest(this.authorizationRequest, this.exchange)
 				.then(this.repository.removeAuthorizationRequest(otherStateExchange));
 
-		StepVerifier.create(saveAndRemove)
-				.verifyComplete();
+		StepVerifier.create(saveAndRemove).verifyComplete();
 	}
 
 	@Test
@@ -210,32 +189,26 @@ public class WebSessionOAuth2ServerAuthorizationRequestRepositoryTests {
 				.queryParam(OAuth2ParameterNames.STATE, oldState).build();
 
 		OAuth2AuthorizationRequest oldAuthorizationRequest = OAuth2AuthorizationRequest.authorizationCode()
-				.authorizationUri("https://example.com/oauth2/authorize")
-				.clientId("client-id")
-				.redirectUri("http://localhost/client-1")
-				.state(oldState)
-				.build();
+				.authorizationUri("https://example.com/oauth2/authorize").clientId("client-id")
+				.redirectUri("http://localhost/client-1").state(oldState).build();
 
 		WebSessionManager sessionManager = e -> this.exchange.getSession();
 
-		this.exchange = new DefaultServerWebExchange(this.exchange.getRequest(), new MockServerHttpResponse(), sessionManager,
-				ServerCodecConfigurer.create(), new AcceptHeaderLocaleContextResolver());
-		ServerWebExchange oldExchange = new DefaultServerWebExchange(oldRequest, new MockServerHttpResponse(), sessionManager,
-				ServerCodecConfigurer.create(), new AcceptHeaderLocaleContextResolver());
+		this.exchange = new DefaultServerWebExchange(this.exchange.getRequest(), new MockServerHttpResponse(),
+				sessionManager, ServerCodecConfigurer.create(), new AcceptHeaderLocaleContextResolver());
+		ServerWebExchange oldExchange = new DefaultServerWebExchange(oldRequest, new MockServerHttpResponse(),
+				sessionManager, ServerCodecConfigurer.create(), new AcceptHeaderLocaleContextResolver());
 
-		Mono<OAuth2AuthorizationRequest> saveAndSaveAndRemove = this.repository.saveAuthorizationRequest(oldAuthorizationRequest, oldExchange)
+		Mono<OAuth2AuthorizationRequest> saveAndSaveAndRemove = this.repository
+				.saveAuthorizationRequest(oldAuthorizationRequest, oldExchange)
 				.then(this.repository.saveAuthorizationRequest(this.authorizationRequest, this.exchange))
 				.then(this.repository.removeAuthorizationRequest(this.exchange));
 
-		StepVerifier.create(saveAndSaveAndRemove)
-				.expectNext(this.authorizationRequest)
-				.verifyComplete();
+		StepVerifier.create(saveAndSaveAndRemove).expectNext(this.authorizationRequest).verifyComplete();
 
-		StepVerifier.create(this.repository.loadAuthorizationRequest(this.exchange))
-				.verifyComplete();
+		StepVerifier.create(this.repository.loadAuthorizationRequest(this.exchange)).verifyComplete();
 
-		StepVerifier.create(this.repository.loadAuthorizationRequest(oldExchange))
-				.expectNext(oldAuthorizationRequest)
+		StepVerifier.create(this.repository.loadAuthorizationRequest(oldExchange)).expectNext(oldAuthorizationRequest)
 				.verifyComplete();
 	}
 
@@ -247,40 +220,34 @@ public class WebSessionOAuth2ServerAuthorizationRequestRepositoryTests {
 				.queryParam(OAuth2ParameterNames.STATE, oldState).build();
 
 		OAuth2AuthorizationRequest oldAuthorizationRequest = OAuth2AuthorizationRequest.authorizationCode()
-				.authorizationUri("https://example.com/oauth2/authorize")
-				.clientId("client-id")
-				.redirectUri("http://localhost/client-1")
-				.state(oldState)
-				.build();
+				.authorizationUri("https://example.com/oauth2/authorize").clientId("client-id")
+				.redirectUri("http://localhost/client-1").state(oldState).build();
 
 		Map<String, Object> sessionAttrs = spy(new HashMap<>());
 		WebSession session = mock(WebSession.class);
 		when(session.getAttributes()).thenReturn(sessionAttrs);
 		WebSessionManager sessionManager = e -> Mono.just(session);
 
-		this.exchange = new DefaultServerWebExchange(this.exchange.getRequest(), new MockServerHttpResponse(), sessionManager,
-				ServerCodecConfigurer.create(), new AcceptHeaderLocaleContextResolver());
-		ServerWebExchange oldExchange = new DefaultServerWebExchange(oldRequest, new MockServerHttpResponse(), sessionManager,
-				ServerCodecConfigurer.create(), new AcceptHeaderLocaleContextResolver());
+		this.exchange = new DefaultServerWebExchange(this.exchange.getRequest(), new MockServerHttpResponse(),
+				sessionManager, ServerCodecConfigurer.create(), new AcceptHeaderLocaleContextResolver());
+		ServerWebExchange oldExchange = new DefaultServerWebExchange(oldRequest, new MockServerHttpResponse(),
+				sessionManager, ServerCodecConfigurer.create(), new AcceptHeaderLocaleContextResolver());
 
-		Mono<OAuth2AuthorizationRequest> saveAndSaveAndRemove = this.repository.saveAuthorizationRequest(oldAuthorizationRequest, oldExchange)
+		Mono<OAuth2AuthorizationRequest> saveAndSaveAndRemove = this.repository
+				.saveAuthorizationRequest(oldAuthorizationRequest, oldExchange)
 				.then(this.repository.saveAuthorizationRequest(this.authorizationRequest, this.exchange))
 				.then(this.repository.removeAuthorizationRequest(this.exchange));
 
-		StepVerifier.create(saveAndSaveAndRemove)
-				.expectNext(this.authorizationRequest)
-				.verifyComplete();
+		StepVerifier.create(saveAndSaveAndRemove).expectNext(this.authorizationRequest).verifyComplete();
 
-		StepVerifier.create(this.repository.loadAuthorizationRequest(this.exchange))
-				.verifyComplete();
+		StepVerifier.create(this.repository.loadAuthorizationRequest(this.exchange)).verifyComplete();
 
 		verify(sessionAttrs, times(3)).put(any(), any());
 	}
 
 	private void assertSessionStartedIs(boolean expected) {
 		Mono<Boolean> isStarted = this.exchange.getSession().map(WebSession::isStarted);
-		StepVerifier.create(isStarted)
-			.expectNext(expected)
-			.verifyComplete();
+		StepVerifier.create(isStarted).expectNext(expected).verifyComplete();
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/WebSessionServerOAuth2AuthorizedClientRepositoryTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/WebSessionServerOAuth2AuthorizedClientRepositoryTests.java
index bc72b2a30a..0b74c0396e 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/WebSessionServerOAuth2AuthorizedClientRepositoryTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/WebSessionServerOAuth2AuthorizedClientRepositoryTests.java
@@ -33,8 +33,8 @@ import static org.mockito.Mockito.mock;
  * @since 5.1
  */
 public class WebSessionServerOAuth2AuthorizedClientRepositoryTests {
-	private WebSessionServerOAuth2AuthorizedClientRepository authorizedClientRepository =
-			new WebSessionServerOAuth2AuthorizedClientRepository();
+
+	private WebSessionServerOAuth2AuthorizedClientRepository authorizedClientRepository = new WebSessionServerOAuth2AuthorizedClientRepository();
 
 	private MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/"));
 
@@ -43,14 +43,16 @@ public class WebSessionServerOAuth2AuthorizedClientRepositoryTests {
 	private ClientRegistration registration2 = TestClientRegistrations.clientRegistration2().build();
 
 	private String registrationId1 = this.registration1.getRegistrationId();
-	private String registrationId2 = this.registration2.getRegistrationId();
-	private String principalName1 = "principalName-1";
 
+	private String registrationId2 = this.registration2.getRegistrationId();
+
+	private String principalName1 = "principalName-1";
 
 	@Test
 	public void loadAuthorizedClientWhenClientRegistrationIdIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.authorizedClientRepository.loadAuthorizedClient(null, null, this.exchange).block())
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatThrownBy(
+				() -> this.authorizedClientRepository.loadAuthorizedClient(null, null, this.exchange).block())
+						.isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
@@ -60,53 +62,56 @@ public class WebSessionServerOAuth2AuthorizedClientRepositoryTests {
 
 	@Test
 	public void loadAuthorizedClientWhenRequestIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.authorizedClientRepository.loadAuthorizedClient(this.registrationId1, null, null).block())
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatThrownBy(
+				() -> this.authorizedClientRepository.loadAuthorizedClient(this.registrationId1, null, null).block())
+						.isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
 	public void loadAuthorizedClientWhenClientRegistrationNotFoundThenReturnNull() {
-		OAuth2AuthorizedClient authorizedClient =
-				this.authorizedClientRepository.loadAuthorizedClient("registration-not-found", null, this.exchange).block();
+		OAuth2AuthorizedClient authorizedClient = this.authorizedClientRepository
+				.loadAuthorizedClient("registration-not-found", null, this.exchange).block();
 		assertThat(authorizedClient).isNull();
 	}
 
 	@Test
 	public void loadAuthorizedClientWhenSavedThenReturnAuthorizedClient() {
-		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(
-				this.registration1, this.principalName1, mock(OAuth2AccessToken.class));
+		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration1, this.principalName1,
+				mock(OAuth2AccessToken.class));
 		this.authorizedClientRepository.saveAuthorizedClient(authorizedClient, null, this.exchange).block();
 
-		OAuth2AuthorizedClient loadedAuthorizedClient =
-				this.authorizedClientRepository.loadAuthorizedClient(this.registrationId1, null, this.exchange).block();
+		OAuth2AuthorizedClient loadedAuthorizedClient = this.authorizedClientRepository
+				.loadAuthorizedClient(this.registrationId1, null, this.exchange).block();
 		assertThat(loadedAuthorizedClient).isEqualTo(authorizedClient);
 	}
 
 	@Test
 	public void saveAuthorizedClientWhenAuthorizedClientIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.authorizedClientRepository.saveAuthorizedClient(null, null, this.exchange).block())
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatThrownBy(
+				() -> this.authorizedClientRepository.saveAuthorizedClient(null, null, this.exchange).block())
+						.isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
 	public void saveAuthorizedClientWhenAuthenticationIsNullThenExceptionNotThrown() {
-		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(
-				this.registration2, this.principalName1, mock(OAuth2AccessToken.class));
+		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration2, this.principalName1,
+				mock(OAuth2AccessToken.class));
 		this.authorizedClientRepository.saveAuthorizedClient(authorizedClient, null, this.exchange).block();
 	}
 
 	@Test
 	public void saveAuthorizedClientWhenRequestIsNullThenThrowIllegalArgumentException() {
-		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(
-				this.registration2, this.principalName1, mock(OAuth2AccessToken.class));
-		assertThatThrownBy(() -> this.authorizedClientRepository.saveAuthorizedClient(authorizedClient, null, null).block())
-				.isInstanceOf(IllegalArgumentException.class);
+		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration2, this.principalName1,
+				mock(OAuth2AccessToken.class));
+		assertThatThrownBy(
+				() -> this.authorizedClientRepository.saveAuthorizedClient(authorizedClient, null, null).block())
+						.isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
 	public void saveAuthorizedClientWhenSavedThenSavedToSession() {
-		OAuth2AuthorizedClient expected = new OAuth2AuthorizedClient(
-				this.registration2, this.principalName1, mock(OAuth2AccessToken.class));
+		OAuth2AuthorizedClient expected = new OAuth2AuthorizedClient(this.registration2, this.principalName1,
+				mock(OAuth2AccessToken.class));
 		this.authorizedClientRepository.saveAuthorizedClient(expected, null, this.exchange).block();
 
 		OAuth2AuthorizedClient result = this.authorizedClientRepository
@@ -117,8 +122,8 @@ public class WebSessionServerOAuth2AuthorizedClientRepositoryTests {
 
 	@Test
 	public void removeAuthorizedClientWhenClientRegistrationIdIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.authorizedClientRepository.removeAuthorizedClient(
-				null, null, this.exchange)).isInstanceOf(IllegalArgumentException.class);
+		assertThatThrownBy(() -> this.authorizedClientRepository.removeAuthorizedClient(null, null, this.exchange))
+				.isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
@@ -128,59 +133,55 @@ public class WebSessionServerOAuth2AuthorizedClientRepositoryTests {
 
 	@Test
 	public void removeAuthorizedClientWhenRequestIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.authorizedClientRepository.removeAuthorizedClient(
-				this.registrationId1, null, null)).isInstanceOf(IllegalArgumentException.class);
+		assertThatThrownBy(
+				() -> this.authorizedClientRepository.removeAuthorizedClient(this.registrationId1, null, null))
+						.isInstanceOf(IllegalArgumentException.class);
 	}
 
-
 	@Test
 	public void removeAuthorizedClientWhenNotSavedThenSessionNotCreated() {
-		this.authorizedClientRepository.removeAuthorizedClient(
-				this.registrationId2, null, this.exchange);
+		this.authorizedClientRepository.removeAuthorizedClient(this.registrationId2, null, this.exchange);
 		assertThat(this.exchange.getSession().block().isStarted()).isFalse();
 	}
 
 	@Test
 	public void removeAuthorizedClientWhenClient1SavedAndClient2RemovedThenClient1NotRemoved() {
-		OAuth2AuthorizedClient authorizedClient1 = new OAuth2AuthorizedClient(
-				this.registration1, this.principalName1, mock(OAuth2AccessToken.class));
+		OAuth2AuthorizedClient authorizedClient1 = new OAuth2AuthorizedClient(this.registration1, this.principalName1,
+				mock(OAuth2AccessToken.class));
 		this.authorizedClientRepository.saveAuthorizedClient(authorizedClient1, null, this.exchange).block();
 
 		// Remove registrationId2 (never added so is not removed either)
-		this.authorizedClientRepository.removeAuthorizedClient(
-				this.registrationId2, null, this.exchange);
+		this.authorizedClientRepository.removeAuthorizedClient(this.registrationId2, null, this.exchange);
 
-		OAuth2AuthorizedClient loadedAuthorizedClient1 = this.authorizedClientRepository.loadAuthorizedClient(
-				this.registrationId1, null, this.exchange).block();
+		OAuth2AuthorizedClient loadedAuthorizedClient1 = this.authorizedClientRepository
+				.loadAuthorizedClient(this.registrationId1, null, this.exchange).block();
 		assertThat(loadedAuthorizedClient1).isNotNull();
 		assertThat(loadedAuthorizedClient1).isSameAs(authorizedClient1);
 	}
 
 	@Test
 	public void removeAuthorizedClientWhenSavedThenRemoved() {
-		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(
-				this.registration2, this.principalName1, mock(OAuth2AccessToken.class));
+		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration2, this.principalName1,
+				mock(OAuth2AccessToken.class));
 		this.authorizedClientRepository.saveAuthorizedClient(authorizedClient, null, this.exchange).block();
-		OAuth2AuthorizedClient loadedAuthorizedClient = this.authorizedClientRepository.loadAuthorizedClient(
-				this.registrationId2, null, this.exchange).block();
+		OAuth2AuthorizedClient loadedAuthorizedClient = this.authorizedClientRepository
+				.loadAuthorizedClient(this.registrationId2, null, this.exchange).block();
 		assertThat(loadedAuthorizedClient).isSameAs(authorizedClient);
-		this.authorizedClientRepository.removeAuthorizedClient(
-				this.registrationId2, null, this.exchange).block();
-		loadedAuthorizedClient = this.authorizedClientRepository.loadAuthorizedClient(
-				this.registrationId2, null, this.exchange).block();
+		this.authorizedClientRepository.removeAuthorizedClient(this.registrationId2, null, this.exchange).block();
+		loadedAuthorizedClient = this.authorizedClientRepository
+				.loadAuthorizedClient(this.registrationId2, null, this.exchange).block();
 		assertThat(loadedAuthorizedClient).isNull();
 	}
 
 	@Test
 	public void removeAuthorizedClientWhenSavedThenRemovedFromSession() {
-		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(
-				this.registration1, this.principalName1, mock(OAuth2AccessToken.class));
+		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration1, this.principalName1,
+				mock(OAuth2AccessToken.class));
 		this.authorizedClientRepository.saveAuthorizedClient(authorizedClient, null, this.exchange).block();
-		OAuth2AuthorizedClient loadedAuthorizedClient = this.authorizedClientRepository.loadAuthorizedClient(
-				this.registrationId1, null, this.exchange).block();
+		OAuth2AuthorizedClient loadedAuthorizedClient = this.authorizedClientRepository
+				.loadAuthorizedClient(this.registrationId1, null, this.exchange).block();
 		assertThat(loadedAuthorizedClient).isSameAs(authorizedClient);
-		this.authorizedClientRepository.removeAuthorizedClient(
-				this.registrationId1, null, this.exchange).block();
+		this.authorizedClientRepository.removeAuthorizedClient(this.registrationId1, null, this.exchange).block();
 
 		WebSession session = this.exchange.getSession().block();
 		assertThat(session).isNotNull();
@@ -189,20 +190,20 @@ public class WebSessionServerOAuth2AuthorizedClientRepositoryTests {
 
 	@Test
 	public void removeAuthorizedClientWhenClient1Client2SavedAndClient1RemovedThenClient2NotRemoved() {
-		OAuth2AuthorizedClient authorizedClient1 = new OAuth2AuthorizedClient(
-				this.registration1, this.principalName1, mock(OAuth2AccessToken.class));
+		OAuth2AuthorizedClient authorizedClient1 = new OAuth2AuthorizedClient(this.registration1, this.principalName1,
+				mock(OAuth2AccessToken.class));
 		this.authorizedClientRepository.saveAuthorizedClient(authorizedClient1, null, this.exchange).block();
 
-		OAuth2AuthorizedClient authorizedClient2 = new OAuth2AuthorizedClient(
-				this.registration2, this.principalName1, mock(OAuth2AccessToken.class));
+		OAuth2AuthorizedClient authorizedClient2 = new OAuth2AuthorizedClient(this.registration2, this.principalName1,
+				mock(OAuth2AccessToken.class));
 		this.authorizedClientRepository.saveAuthorizedClient(authorizedClient2, null, this.exchange).block();
 
-		this.authorizedClientRepository.removeAuthorizedClient(
-				this.registrationId1, null, this.exchange).block();
+		this.authorizedClientRepository.removeAuthorizedClient(this.registrationId1, null, this.exchange).block();
 
-		OAuth2AuthorizedClient loadedAuthorizedClient2 = this.authorizedClientRepository.loadAuthorizedClient(
-				this.registrationId2, null, this.exchange).block();
+		OAuth2AuthorizedClient loadedAuthorizedClient2 = this.authorizedClientRepository
+				.loadAuthorizedClient(this.registrationId2, null, this.exchange).block();
 		assertThat(loadedAuthorizedClient2).isNotNull();
 		assertThat(loadedAuthorizedClient2).isSameAs(authorizedClient2);
 	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/authentication/OAuth2LoginAuthenticationWebFilterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/authentication/OAuth2LoginAuthenticationWebFilterTests.java
index ea3c8dd359..ba9ce10a63 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/authentication/OAuth2LoginAuthenticationWebFilterTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/authentication/OAuth2LoginAuthenticationWebFilterTests.java
@@ -52,28 +52,29 @@ import static org.mockito.Mockito.when;
  */
 @RunWith(MockitoJUnitRunner.class)
 public class OAuth2LoginAuthenticationWebFilterTests {
+
 	@Mock
 	private ReactiveAuthenticationManager authenticationManager;
+
 	@Mock
 	private ServerOAuth2AuthorizedClientRepository authorizedClientRepository;
 
 	private OAuth2LoginAuthenticationWebFilter filter;
-	private WebFilterExchange webFilterExchange;
 
+	private WebFilterExchange webFilterExchange;
 
 	private ClientRegistration.Builder registration = TestClientRegistrations.clientRegistration();
 
-
-	private OAuth2AuthorizationResponse.Builder authorizationResponseBldr = OAuth2AuthorizationResponse
-			.success("code")
+	private OAuth2AuthorizationResponse.Builder authorizationResponseBldr = OAuth2AuthorizationResponse.success("code")
 			.state("state");
 
 	@Before
 	public void setup() {
-		this.filter = new OAuth2LoginAuthenticationWebFilter(this.authenticationManager, this.authorizedClientRepository);
-		this.webFilterExchange = new WebFilterExchange(MockServerWebExchange.from(MockServerHttpRequest.get("/")), new DefaultWebFilterChain(exchange -> exchange.getResponse().setComplete()));
-		when(this.authorizedClientRepository.saveAuthorizedClient(any(), any(), any()))
-				.thenReturn(Mono.empty());
+		this.filter = new OAuth2LoginAuthenticationWebFilter(this.authenticationManager,
+				this.authorizedClientRepository);
+		this.webFilterExchange = new WebFilterExchange(MockServerWebExchange.from(MockServerHttpRequest.get("/")),
+				new DefaultWebFilterChain(exchange -> exchange.getResponse().setComplete()));
+		when(this.authorizedClientRepository.saveAuthorizedClient(any(), any(), any())).thenReturn(Mono.empty());
 	}
 
 	@Test
@@ -84,27 +85,21 @@ public class OAuth2LoginAuthenticationWebFilterTests {
 	}
 
 	private OAuth2LoginAuthenticationToken loginToken() {
-		OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,
-				"token",
-				Instant.now(),
-				Instant.now().plus(Duration.ofDays(1)),
-				Collections.singleton("user"));
-		DefaultOAuth2User user = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("ROLE_USER"), Collections
-				.singletonMap("user", "rob"), "user");
+		OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, "token",
+				Instant.now(), Instant.now().plus(Duration.ofDays(1)), Collections.singleton("user"));
+		DefaultOAuth2User user = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("ROLE_USER"),
+				Collections.singletonMap("user", "rob"), "user");
 		ClientRegistration clientRegistration = this.registration.build();
-		OAuth2AuthorizationRequest authorizationRequest = OAuth2AuthorizationRequest
-				.authorizationCode()
-				.state("state")
+		OAuth2AuthorizationRequest authorizationRequest = OAuth2AuthorizationRequest.authorizationCode().state("state")
 				.clientId(clientRegistration.getClientId())
 				.authorizationUri(clientRegistration.getProviderDetails().getAuthorizationUri())
-				.redirectUri(clientRegistration.getRedirectUri())
-				.scopes(clientRegistration.getScopes())
-				.build();
+				.redirectUri(clientRegistration.getRedirectUri()).scopes(clientRegistration.getScopes()).build();
 		OAuth2AuthorizationResponse authorizationResponse = this.authorizationResponseBldr
-				.redirectUri(clientRegistration.getRedirectUri())
-				.build();
+				.redirectUri(clientRegistration.getRedirectUri()).build();
 		OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(authorizationRequest,
 				authorizationResponse);
-		return new OAuth2LoginAuthenticationToken(clientRegistration, authorizationExchange, user, user.getAuthorities(), accessToken);
+		return new OAuth2LoginAuthenticationToken(clientRegistration, authorizationExchange, user,
+				user.getAuthorities(), accessToken);
 	}
+
 }
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/AbstractOAuth2Token.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/AbstractOAuth2Token.java
index e1dc4d5903..d007bfdcc2 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/AbstractOAuth2Token.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/AbstractOAuth2Token.java
@@ -30,14 +30,17 @@ import java.time.Instant;
  * @see OAuth2AccessToken
  */
 public abstract class AbstractOAuth2Token implements Serializable {
+
 	private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
+
 	private final String tokenValue;
+
 	private final Instant issuedAt;
+
 	private final Instant expiresAt;
 
 	/**
 	 * Sub-class constructor.
-	 *
 	 * @param tokenValue the token value
 	 */
 	protected AbstractOAuth2Token(String tokenValue) {
@@ -46,10 +49,10 @@ public abstract class AbstractOAuth2Token implements Serializable {
 
 	/**
 	 * Sub-class constructor.
-	 *
 	 * @param tokenValue the token value
 	 * @param issuedAt the time at which the token was issued, may be null
-	 * @param expiresAt the expiration time on or after which the token MUST NOT be accepted, may be null
+	 * @param expiresAt the expiration time on or after which the token MUST NOT be
+	 * accepted, may be null
 	 */
 	protected AbstractOAuth2Token(String tokenValue, @Nullable Instant issuedAt, @Nullable Instant expiresAt) {
 		Assert.hasText(tokenValue, "tokenValue cannot be empty");
@@ -63,7 +66,6 @@ public abstract class AbstractOAuth2Token implements Serializable {
 
 	/**
 	 * Returns the token value.
-	 *
 	 * @return the token value
 	 */
 	public String getTokenValue() {
@@ -72,7 +74,6 @@ public abstract class AbstractOAuth2Token implements Serializable {
 
 	/**
 	 * Returns the time at which the token was issued.
-	 *
 	 * @return the time the token was issued or null
 	 */
 	public @Nullable Instant getIssuedAt() {
@@ -81,7 +82,6 @@ public abstract class AbstractOAuth2Token implements Serializable {
 
 	/**
 	 * Returns the expiration time on or after which the token MUST NOT be accepted.
-	 *
 	 * @return the expiration time of the token or null
 	 */
 	public @Nullable Instant getExpiresAt() {
@@ -105,7 +105,8 @@ public abstract class AbstractOAuth2Token implements Serializable {
 		if (this.getIssuedAt() != null ? !this.getIssuedAt().equals(that.getIssuedAt()) : that.getIssuedAt() != null) {
 			return false;
 		}
-		return this.getExpiresAt() != null ? this.getExpiresAt().equals(that.getExpiresAt()) : that.getExpiresAt() == null;
+		return this.getExpiresAt() != null ? this.getExpiresAt().equals(that.getExpiresAt())
+				: that.getExpiresAt() == null;
 	}
 
 	@Override
@@ -115,4 +116,5 @@ public abstract class AbstractOAuth2Token implements Serializable {
 		result = 31 * result + (this.getExpiresAt() != null ? this.getExpiresAt().hashCode() : 0);
 		return result;
 	}
+
 }
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/AuthenticationMethod.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/AuthenticationMethod.java
index 16f7a96c34..ed5882ef02 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/AuthenticationMethod.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/AuthenticationMethod.java
@@ -21,22 +21,28 @@ import org.springframework.security.core.SpringSecurityCoreVersion;
 import org.springframework.util.Assert;
 
 /**
- * The authentication method used when sending bearer access tokens in resource requests to resource servers.
+ * The authentication method used when sending bearer access tokens in resource requests
+ * to resource servers.
  *
  * @author MyeongHyeon Lee
  * @since 5.1
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6750#section-2">Section 2 Authenticated Requests</a>
+ * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6750#section-2">Section 2
+ * Authenticated Requests</a>
  */
 public final class AuthenticationMethod implements Serializable {
+
 	private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
+
 	public static final AuthenticationMethod HEADER = new AuthenticationMethod("header");
+
 	public static final AuthenticationMethod FORM = new AuthenticationMethod("form");
+
 	public static final AuthenticationMethod QUERY = new AuthenticationMethod("query");
+
 	private final String value;
 
 	/**
 	 * Constructs an {@code AuthenticationMethod} using the provided value.
-	 *
 	 * @param value the value of the authentication method type
 	 */
 	public AuthenticationMethod(String value) {
@@ -46,7 +52,6 @@ public final class AuthenticationMethod implements Serializable {
 
 	/**
 	 * Returns the value of the authentication method type.
-	 *
 	 * @return the value of the authentication method type
 	 */
 	public String getValue() {
@@ -69,4 +74,5 @@ public final class AuthenticationMethod implements Serializable {
 	public int hashCode() {
 		return this.getValue().hashCode();
 	}
+
 }
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/AuthorizationGrantType.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/AuthorizationGrantType.java
index db0b8eb014..1ad5709b83 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/AuthorizationGrantType.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/AuthorizationGrantType.java
@@ -22,39 +22,46 @@ import java.io.Serializable;
 
 /**
  * An authorization grant is a credential representing the resource owner's authorization
- * (to access it's protected resources) to the client and used by the client to obtain an access token.
+ * (to access it's protected resources) to the client and used by the client to obtain an
+ * access token.
  *
  * <p>
- * The OAuth 2.0 Authorization Framework defines four standard grant types:
- * authorization code, implicit, resource owner password credentials, and client credentials.
- * It also provides an extensibility mechanism for defining additional grant types.
+ * The OAuth 2.0 Authorization Framework defines four standard grant types: authorization
+ * code, implicit, resource owner password credentials, and client credentials. It also
+ * provides an extensibility mechanism for defining additional grant types.
  *
  * @author Joe Grandja
  * @since 5.0
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-1.3">Section 1.3 Authorization Grant</a>
+ * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-1.3">Section
+ * 1.3 Authorization Grant</a>
  */
 public final class AuthorizationGrantType implements Serializable {
+
 	private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
+
 	public static final AuthorizationGrantType AUTHORIZATION_CODE = new AuthorizationGrantType("authorization_code");
 
 	/**
-	 * It is not recommended to use the implicit flow
-	 * due to the inherent risks of returning access tokens in an HTTP redirect
-	 * without any confirmation that it has been received by the client.
+	 * It is not recommended to use the implicit flow due to the inherent risks of
+	 * returning access tokens in an HTTP redirect without any confirmation that it has
+	 * been received by the client.
 	 *
-	 * @see <a target="_blank" href="https://oauth.net/2/grant-types/implicit/">OAuth 2.0 Implicit Grant</a>
+	 * @see <a target="_blank" href="https://oauth.net/2/grant-types/implicit/">OAuth 2.0
+	 * Implicit Grant</a>
 	 */
 	@Deprecated
 	public static final AuthorizationGrantType IMPLICIT = new AuthorizationGrantType("implicit");
 
 	public static final AuthorizationGrantType REFRESH_TOKEN = new AuthorizationGrantType("refresh_token");
+
 	public static final AuthorizationGrantType CLIENT_CREDENTIALS = new AuthorizationGrantType("client_credentials");
+
 	public static final AuthorizationGrantType PASSWORD = new AuthorizationGrantType("password");
+
 	private final String value;
 
 	/**
 	 * Constructs an {@code AuthorizationGrantType} using the provided value.
-	 *
 	 * @param value the value of the authorization grant type
 	 */
 	public AuthorizationGrantType(String value) {
@@ -64,7 +71,6 @@ public final class AuthorizationGrantType implements Serializable {
 
 	/**
 	 * Returns the value of the authorization grant type.
-	 *
 	 * @return the value of the authorization grant type
 	 */
 	public String getValue() {
@@ -87,4 +93,5 @@ public final class AuthorizationGrantType implements Serializable {
 	public int hashCode() {
 		return this.getValue().hashCode();
 	}
+
 }
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/ClaimAccessor.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/ClaimAccessor.java
index 33c8e29ced..44295ab3bb 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/ClaimAccessor.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/ClaimAccessor.java
@@ -34,14 +34,13 @@ public interface ClaimAccessor {
 
 	/**
 	 * Returns a set of claims that may be used for assertions.
-	 *
 	 * @return a {@code Map} of claims
 	 */
 	Map<String, Object> getClaims();
 
 	/**
-	 * Returns the claim value as a {@code T} type.
-	 * The claim value is expected to be of type {@code T}.
+	 * Returns the claim value as a {@code T} type. The claim value is expected to be of
+	 * type {@code T}.
 	 *
 	 * @since 5.2
 	 * @param claim the name of the claim
@@ -54,8 +53,8 @@ public interface ClaimAccessor {
 	}
 
 	/**
-	 * Returns {@code true} if the claim exists in {@link #getClaims()}, otherwise {@code false}.
-	 *
+	 * Returns {@code true} if the claim exists in {@link #getClaims()}, otherwise
+	 * {@code false}.
 	 * @param claim the name of the claim
 	 * @return {@code true} if the claim exists, otherwise {@code false}
 	 */
@@ -65,30 +64,29 @@ public interface ClaimAccessor {
 	}
 
 	/**
-	 * Returns the claim value as a {@code String} or {@code null} if it does not exist or is equal to {@code null}.
-	 *
+	 * Returns the claim value as a {@code String} or {@code null} if it does not exist or
+	 * is equal to {@code null}.
 	 * @param claim the name of the claim
-	 * @return the claim value or {@code null} if it does not exist or is equal to {@code null}
+	 * @return the claim value or {@code null} if it does not exist or is equal to
+	 * {@code null}
 	 */
 	default String getClaimAsString(String claim) {
-		return !containsClaim(claim) ? null :
-				ClaimConversionService.getSharedInstance().convert(getClaims().get(claim), String.class);
+		return !containsClaim(claim) ? null
+				: ClaimConversionService.getSharedInstance().convert(getClaims().get(claim), String.class);
 	}
 
 	/**
 	 * Returns the claim value as a {@code Boolean} or {@code null} if it does not exist.
-	 *
 	 * @param claim the name of the claim
 	 * @return the claim value or {@code null} if it does not exist
 	 */
 	default Boolean getClaimAsBoolean(String claim) {
-		return !containsClaim(claim) ? null :
-				ClaimConversionService.getSharedInstance().convert(getClaims().get(claim), Boolean.class);
+		return !containsClaim(claim) ? null
+				: ClaimConversionService.getSharedInstance().convert(getClaims().get(claim), Boolean.class);
 	}
 
 	/**
 	 * Returns the claim value as an {@code Instant} or {@code null} if it does not exist.
-	 *
 	 * @param claim the name of the claim
 	 * @return the claim value or {@code null} if it does not exist
 	 */
@@ -99,15 +97,14 @@ public interface ClaimAccessor {
 		Object claimValue = getClaims().get(claim);
 		Instant convertedValue = ClaimConversionService.getSharedInstance().convert(claimValue, Instant.class);
 		if (convertedValue == null) {
-			throw new IllegalArgumentException("Unable to convert claim '" + claim +
-					"' of type '" + claimValue.getClass() + "' to Instant.");
+			throw new IllegalArgumentException(
+					"Unable to convert claim '" + claim + "' of type '" + claimValue.getClass() + "' to Instant.");
 		}
 		return convertedValue;
 	}
 
 	/**
 	 * Returns the claim value as an {@code URL} or {@code null} if it does not exist.
-	 *
 	 * @param claim the name of the claim
 	 * @return the claim value or {@code null} if it does not exist
 	 */
@@ -118,18 +115,18 @@ public interface ClaimAccessor {
 		Object claimValue = getClaims().get(claim);
 		URL convertedValue = ClaimConversionService.getSharedInstance().convert(claimValue, URL.class);
 		if (convertedValue == null) {
-			throw new IllegalArgumentException("Unable to convert claim '" + claim +
-					"' of type '" + claimValue.getClass() + "' to URL.");
+			throw new IllegalArgumentException(
+					"Unable to convert claim '" + claim + "' of type '" + claimValue.getClass() + "' to URL.");
 		}
 		return convertedValue;
 	}
 
 	/**
-	 * Returns the claim value as a {@code Map<String, Object>}
-	 * or {@code null} if it does not exist or cannot be assigned to a {@code Map}.
-	 *
+	 * Returns the claim value as a {@code Map<String, Object>} or {@code null} if it does
+	 * not exist or cannot be assigned to a {@code Map}.
 	 * @param claim the name of the claim
-	 * @return the claim value or {@code null} if it does not exist or cannot be assigned to a {@code Map}
+	 * @return the claim value or {@code null} if it does not exist or cannot be assigned
+	 * to a {@code Map}
 	 */
 	@SuppressWarnings("unchecked")
 	default Map<String, Object> getClaimAsMap(String claim) {
@@ -137,24 +134,24 @@ public interface ClaimAccessor {
 			return null;
 		}
 		final TypeDescriptor sourceDescriptor = TypeDescriptor.valueOf(Object.class);
-		final TypeDescriptor targetDescriptor = TypeDescriptor.map(
-				Map.class, TypeDescriptor.valueOf(String.class), TypeDescriptor.valueOf(Object.class));
+		final TypeDescriptor targetDescriptor = TypeDescriptor.map(Map.class, TypeDescriptor.valueOf(String.class),
+				TypeDescriptor.valueOf(Object.class));
 		Object claimValue = getClaims().get(claim);
-		Map<String, Object> convertedValue = (Map<String, Object>) ClaimConversionService.getSharedInstance().convert(
-				claimValue, sourceDescriptor, targetDescriptor);
+		Map<String, Object> convertedValue = (Map<String, Object>) ClaimConversionService.getSharedInstance()
+				.convert(claimValue, sourceDescriptor, targetDescriptor);
 		if (convertedValue == null) {
-			throw new IllegalArgumentException("Unable to convert claim '" + claim +
-					"' of type '" + claimValue.getClass() + "' to Map.");
+			throw new IllegalArgumentException(
+					"Unable to convert claim '" + claim + "' of type '" + claimValue.getClass() + "' to Map.");
 		}
 		return convertedValue;
 	}
 
 	/**
-	 * Returns the claim value as a {@code List<String>}
-	 * or {@code null} if it does not exist or cannot be assigned to a {@code List}.
-	 *
+	 * Returns the claim value as a {@code List<String>} or {@code null} if it does not
+	 * exist or cannot be assigned to a {@code List}.
 	 * @param claim the name of the claim
-	 * @return the claim value or {@code null} if it does not exist or cannot be assigned to a {@code List}
+	 * @return the claim value or {@code null} if it does not exist or cannot be assigned
+	 * to a {@code List}
 	 */
 	@SuppressWarnings("unchecked")
 	default List<String> getClaimAsStringList(String claim) {
@@ -162,15 +159,16 @@ public interface ClaimAccessor {
 			return null;
 		}
 		final TypeDescriptor sourceDescriptor = TypeDescriptor.valueOf(Object.class);
-		final TypeDescriptor targetDescriptor = TypeDescriptor.collection(
-				List.class, TypeDescriptor.valueOf(String.class));
+		final TypeDescriptor targetDescriptor = TypeDescriptor.collection(List.class,
+				TypeDescriptor.valueOf(String.class));
 		Object claimValue = getClaims().get(claim);
-		List<String> convertedValue = (List<String>) ClaimConversionService.getSharedInstance().convert(
-				claimValue, sourceDescriptor, targetDescriptor);
+		List<String> convertedValue = (List<String>) ClaimConversionService.getSharedInstance().convert(claimValue,
+				sourceDescriptor, targetDescriptor);
 		if (convertedValue == null) {
-			throw new IllegalArgumentException("Unable to convert claim '" + claim +
-					"' of type '" + claimValue.getClass() + "' to List.");
+			throw new IllegalArgumentException(
+					"Unable to convert claim '" + claim + "' of type '" + claimValue.getClass() + "' to List.");
 		}
 		return convertedValue;
 	}
+
 }
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/ClientAuthenticationMethod.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/ClientAuthenticationMethod.java
index 48ecaaa0ca..2f988f68c1 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/ClientAuthenticationMethod.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/ClientAuthenticationMethod.java
@@ -21,15 +21,20 @@ import org.springframework.util.Assert;
 import java.io.Serializable;
 
 /**
- * The authentication method used when authenticating the client with the authorization server.
+ * The authentication method used when authenticating the client with the authorization
+ * server.
  *
  * @author Joe Grandja
  * @since 5.0
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-2.3">Section 2.3 Client Authentication</a>
+ * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-2.3">Section
+ * 2.3 Client Authentication</a>
  */
 public final class ClientAuthenticationMethod implements Serializable {
+
 	private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
+
 	public static final ClientAuthenticationMethod BASIC = new ClientAuthenticationMethod("basic");
+
 	public static final ClientAuthenticationMethod POST = new ClientAuthenticationMethod("post");
 
 	/**
@@ -41,7 +46,6 @@ public final class ClientAuthenticationMethod implements Serializable {
 
 	/**
 	 * Constructs a {@code ClientAuthenticationMethod} using the provided value.
-	 *
 	 * @param value the value of the client authentication method
 	 */
 	public ClientAuthenticationMethod(String value) {
@@ -51,7 +55,6 @@ public final class ClientAuthenticationMethod implements Serializable {
 
 	/**
 	 * Returns the value of the client authentication method.
-	 *
 	 * @return the value of the client authentication method
 	 */
 	public String getValue() {
@@ -74,4 +77,5 @@ public final class ClientAuthenticationMethod implements Serializable {
 	public int hashCode() {
 		return this.getValue().hashCode();
 	}
+
 }
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/DefaultOAuth2AuthenticatedPrincipal.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/DefaultOAuth2AuthenticatedPrincipal.java
index 8b8dd8c677..e32052c943 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/DefaultOAuth2AuthenticatedPrincipal.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/DefaultOAuth2AuthenticatedPrincipal.java
@@ -34,13 +34,16 @@ import static org.springframework.security.core.authority.AuthorityUtils.NO_AUTH
  * @since 5.2
  */
 public final class DefaultOAuth2AuthenticatedPrincipal implements OAuth2AuthenticatedPrincipal, Serializable {
+
 	private final Map<String, Object> attributes;
+
 	private final Collection<GrantedAuthority> authorities;
+
 	private final String name;
 
 	/**
-	 * Constructs an {@code DefaultOAuth2AuthenticatedPrincipal} using the provided parameters.
-	 *
+	 * Constructs an {@code DefaultOAuth2AuthenticatedPrincipal} using the provided
+	 * parameters.
 	 * @param attributes the attributes of the OAuth 2.0 token
 	 * @param authorities the authorities of the OAuth 2.0 token
 	 */
@@ -51,8 +54,8 @@ public final class DefaultOAuth2AuthenticatedPrincipal implements OAuth2Authenti
 	}
 
 	/**
-	 * Constructs an {@code DefaultOAuth2AuthenticatedPrincipal} using the provided parameters.
-	 *
+	 * Constructs an {@code DefaultOAuth2AuthenticatedPrincipal} using the provided
+	 * parameters.
 	 * @param name the name attached to the OAuth 2.0 token
 	 * @param attributes the attributes of the OAuth 2.0 token
 	 * @param authorities the authorities of the OAuth 2.0 token
@@ -62,14 +65,12 @@ public final class DefaultOAuth2AuthenticatedPrincipal implements OAuth2Authenti
 
 		Assert.notEmpty(attributes, "attributes cannot be empty");
 		this.attributes = Collections.unmodifiableMap(attributes);
-		this.authorities = authorities == null ?
-				NO_AUTHORITIES : Collections.unmodifiableCollection(authorities);
+		this.authorities = authorities == null ? NO_AUTHORITIES : Collections.unmodifiableCollection(authorities);
 		this.name = name == null ? (String) this.attributes.get("sub") : name;
 	}
 
 	/**
 	 * Gets the attributes of the OAuth 2.0 token in map form.
-	 *
 	 * @return a {@link Map} of the attribute's objects keyed by the attribute's names
 	 */
 	public Map<String, Object> getAttributes() {
@@ -91,4 +92,5 @@ public final class DefaultOAuth2AuthenticatedPrincipal implements OAuth2Authenti
 	public String getName() {
 		return this.name;
 	}
+
 }
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/DelegatingOAuth2TokenValidator.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/DelegatingOAuth2TokenValidator.java
index 785d3cf248..3a37ec669f 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/DelegatingOAuth2TokenValidator.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/DelegatingOAuth2TokenValidator.java
@@ -26,19 +26,17 @@ import org.springframework.util.Assert;
  * A composite validator
  *
  * @param <T> the type of {@link AbstractOAuth2Token} this validator validates
- *
  * @author Josh Cummings
  * @since 5.1
  */
-public final class DelegatingOAuth2TokenValidator<T extends AbstractOAuth2Token>
-		implements OAuth2TokenValidator<T> {
+public final class DelegatingOAuth2TokenValidator<T extends AbstractOAuth2Token> implements OAuth2TokenValidator<T> {
 
 	private final Collection<OAuth2TokenValidator<T>> tokenValidators;
 
 	/**
 	 * Constructs a {@code DelegatingOAuth2TokenValidator} using the provided validators.
-	 *
-	 * @param tokenValidators the {@link Collection} of {@link OAuth2TokenValidator}s to use
+	 * @param tokenValidators the {@link Collection} of {@link OAuth2TokenValidator}s to
+	 * use
 	 */
 	public DelegatingOAuth2TokenValidator(Collection<OAuth2TokenValidator<T>> tokenValidators) {
 		Assert.notNull(tokenValidators, "tokenValidators cannot be null");
@@ -48,7 +46,6 @@ public final class DelegatingOAuth2TokenValidator<T extends AbstractOAuth2Token>
 
 	/**
 	 * Constructs a {@code DelegatingOAuth2TokenValidator} using the provided validators.
-	 *
 	 * @param tokenValidators the collection of {@link OAuth2TokenValidator}s to use
 	 */
 	@SafeVarargs
@@ -63,10 +60,11 @@ public final class DelegatingOAuth2TokenValidator<T extends AbstractOAuth2Token>
 	public OAuth2TokenValidatorResult validate(T token) {
 		Collection<OAuth2Error> errors = new ArrayList<>();
 
-		for ( OAuth2TokenValidator<T> validator : this.tokenValidators) {
+		for (OAuth2TokenValidator<T> validator : this.tokenValidators) {
 			errors.addAll(validator.validate(token).getErrors());
 		}
 
 		return OAuth2TokenValidatorResult.failure(errors);
 	}
+
 }
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2AccessToken.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2AccessToken.java
index b2ff587f0d..633696e201 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2AccessToken.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2AccessToken.java
@@ -24,29 +24,33 @@ import java.util.Collections;
 import java.util.Set;
 
 /**
- * An implementation of an {@link AbstractOAuth2Token} representing an OAuth 2.0 Access Token.
+ * An implementation of an {@link AbstractOAuth2Token} representing an OAuth 2.0 Access
+ * Token.
  *
  * <p>
- * An access token is a credential that represents an authorization
- * granted by the resource owner to the client.
- * It is primarily used by the client to access protected resources on either a
- * resource server or the authorization server that originally issued the access token.
+ * An access token is a credential that represents an authorization granted by the
+ * resource owner to the client. It is primarily used by the client to access protected
+ * resources on either a resource server or the authorization server that originally
+ * issued the access token.
  *
  * @author Joe Grandja
  * @since 5.0
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-1.4">Section 1.4 Access Token</a>
+ * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-1.4">Section
+ * 1.4 Access Token</a>
  */
 public class OAuth2AccessToken extends AbstractOAuth2Token {
+
 	private final TokenType tokenType;
+
 	private final Set<String> scopes;
 
 	/**
 	 * Constructs an {@code OAuth2AccessToken} using the provided parameters.
-	 *
 	 * @param tokenType the token type
 	 * @param tokenValue the token value
 	 * @param issuedAt the time at which the token was issued
-	 * @param expiresAt the expiration time on or after which the token MUST NOT be accepted
+	 * @param expiresAt the expiration time on or after which the token MUST NOT be
+	 * accepted
 	 */
 	public OAuth2AccessToken(TokenType tokenType, String tokenValue, Instant issuedAt, Instant expiresAt) {
 		this(tokenType, tokenValue, issuedAt, expiresAt, Collections.emptySet());
@@ -54,24 +58,23 @@ public class OAuth2AccessToken extends AbstractOAuth2Token {
 
 	/**
 	 * Constructs an {@code OAuth2AccessToken} using the provided parameters.
-	 *
 	 * @param tokenType the token type
 	 * @param tokenValue the token value
 	 * @param issuedAt the time at which the token was issued
-	 * @param expiresAt the expiration time on or after which the token MUST NOT be accepted
+	 * @param expiresAt the expiration time on or after which the token MUST NOT be
+	 * accepted
 	 * @param scopes the scope(s) associated to the token
 	 */
-	public OAuth2AccessToken(TokenType tokenType, String tokenValue, Instant issuedAt, Instant expiresAt, Set<String> scopes) {
+	public OAuth2AccessToken(TokenType tokenType, String tokenValue, Instant issuedAt, Instant expiresAt,
+			Set<String> scopes) {
 		super(tokenValue, issuedAt, expiresAt);
 		Assert.notNull(tokenType, "tokenType cannot be null");
 		this.tokenType = tokenType;
-		this.scopes = Collections.unmodifiableSet(
-			scopes != null ? scopes : Collections.emptySet());
+		this.scopes = Collections.unmodifiableSet(scopes != null ? scopes : Collections.emptySet());
 	}
 
 	/**
 	 * Returns the {@link TokenType token type}.
-	 *
 	 * @return the {@link TokenType}
 	 */
 	public TokenType getTokenType() {
@@ -80,7 +83,6 @@ public class OAuth2AccessToken extends AbstractOAuth2Token {
 
 	/**
 	 * Returns the scope(s) associated to the token.
-	 *
 	 * @return the scope(s) associated to the token
 	 */
 	public Set<String> getScopes() {
@@ -90,11 +92,16 @@ public class OAuth2AccessToken extends AbstractOAuth2Token {
 	/**
 	 * Access Token Types.
 	 *
-	 * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-7.1">Section 7.1 Access Token Types</a>
+	 * @see <a target="_blank" href=
+	 * "https://tools.ietf.org/html/rfc6749#section-7.1">Section 7.1 Access Token
+	 * Types</a>
 	 */
 	public static final class TokenType implements Serializable {
+
 		private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
+
 		public static final TokenType BEARER = new TokenType("Bearer");
+
 		private final String value;
 
 		private TokenType(String value) {
@@ -104,7 +111,6 @@ public class OAuth2AccessToken extends AbstractOAuth2Token {
 
 		/**
 		 * Returns the value of the token type.
-		 *
 		 * @return the value of the token type
 		 */
 		public String getValue() {
@@ -127,5 +133,7 @@ public class OAuth2AccessToken extends AbstractOAuth2Token {
 		public int hashCode() {
 			return this.getValue().hashCode();
 		}
+
 	}
+
 }
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2AuthenticatedPrincipal.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2AuthenticatedPrincipal.java
index b3329d2f77..f056aba43d 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2AuthenticatedPrincipal.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2AuthenticatedPrincipal.java
@@ -24,16 +24,16 @@ import org.springframework.security.core.AuthenticatedPrincipal;
 import org.springframework.security.core.GrantedAuthority;
 
 /**
- * An {@link AuthenticatedPrincipal} that represents the principal
- * associated with an OAuth 2.0 token.
+ * An {@link AuthenticatedPrincipal} that represents the principal associated with an
+ * OAuth 2.0 token.
  *
  * @author Josh Cummings
  * @since 5.2
  */
 public interface OAuth2AuthenticatedPrincipal extends AuthenticatedPrincipal {
+
 	/**
 	 * Get the OAuth 2.0 token attribute by name
-	 *
 	 * @param name the name of the attribute
 	 * @param <A> the type of the attribute
 	 * @return the attribute or {@code null} otherwise
@@ -45,15 +45,13 @@ public interface OAuth2AuthenticatedPrincipal extends AuthenticatedPrincipal {
 
 	/**
 	 * Get the OAuth 2.0 token attributes
-	 *
 	 * @return the OAuth 2.0 token attributes
 	 */
 	Map<String, Object> getAttributes();
 
 	/**
-	 * Get the {@link Collection} of {@link GrantedAuthority}s associated
-	 * with this OAuth 2.0 token
-	 *
+	 * Get the {@link Collection} of {@link GrantedAuthority}s associated with this OAuth
+	 * 2.0 token
 	 * @return the OAuth 2.0 token authorities
 	 */
 	Collection<? extends GrantedAuthority> getAuthorities();
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2AuthenticationException.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2AuthenticationException.java
index 0f9383181b..7feff6c666 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2AuthenticationException.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2AuthenticationException.java
@@ -25,24 +25,25 @@ import org.springframework.util.Assert;
  * <p>
  * There are a number of scenarios where an error may occur, for example:
  * <ul>
- *  <li>The authorization request or token request is missing a required parameter</li>
- *	<li>Missing or invalid client identifier</li>
- *	<li>Invalid or mismatching redirection URI</li>
- *	<li>The requested scope is invalid, unknown, or malformed</li>
- *	<li>The resource owner or authorization server denied the access request</li>
- *	<li>Client authentication failed</li>
- *	<li>The provided authorization grant (authorization code, resource owner credentials) is invalid, expired, or revoked</li>
+ * <li>The authorization request or token request is missing a required parameter</li>
+ * <li>Missing or invalid client identifier</li>
+ * <li>Invalid or mismatching redirection URI</li>
+ * <li>The requested scope is invalid, unknown, or malformed</li>
+ * <li>The resource owner or authorization server denied the access request</li>
+ * <li>Client authentication failed</li>
+ * <li>The provided authorization grant (authorization code, resource owner credentials)
+ * is invalid, expired, or revoked</li>
  * </ul>
  *
  * @author Joe Grandja
  * @since 5.0
  */
 public class OAuth2AuthenticationException extends AuthenticationException {
+
 	private OAuth2Error error;
 
 	/**
 	 * Constructs an {@code OAuth2AuthenticationException} using the provided parameters.
-	 *
 	 * @param error the {@link OAuth2Error OAuth 2.0 Error}
 	 */
 	public OAuth2AuthenticationException(OAuth2Error error) {
@@ -51,7 +52,6 @@ public class OAuth2AuthenticationException extends AuthenticationException {
 
 	/**
 	 * Constructs an {@code OAuth2AuthenticationException} using the provided parameters.
-	 *
 	 * @param error the {@link OAuth2Error OAuth 2.0 Error}
 	 * @param cause the root cause
 	 */
@@ -61,7 +61,6 @@ public class OAuth2AuthenticationException extends AuthenticationException {
 
 	/**
 	 * Constructs an {@code OAuth2AuthenticationException} using the provided parameters.
-	 *
 	 * @param error the {@link OAuth2Error OAuth 2.0 Error}
 	 * @param message the detail message
 	 */
@@ -72,7 +71,6 @@ public class OAuth2AuthenticationException extends AuthenticationException {
 
 	/**
 	 * Constructs an {@code OAuth2AuthenticationException} using the provided parameters.
-	 *
 	 * @param error the {@link OAuth2Error OAuth 2.0 Error}
 	 * @param message the detail message
 	 * @param cause the root cause
@@ -84,7 +82,6 @@ public class OAuth2AuthenticationException extends AuthenticationException {
 
 	/**
 	 * Returns the {@link OAuth2Error OAuth 2.0 Error}.
-	 *
 	 * @return the {@link OAuth2Error}
 	 */
 	public OAuth2Error getError() {
@@ -95,4 +92,5 @@ public class OAuth2AuthenticationException extends AuthenticationException {
 		Assert.notNull(error, "error cannot be null");
 		this.error = error;
 	}
+
 }
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2AuthorizationException.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2AuthorizationException.java
index a894c6d6eb..5902a048a4 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2AuthorizationException.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2AuthorizationException.java
@@ -24,11 +24,11 @@ import org.springframework.util.Assert;
  * @since 5.1
  */
 public class OAuth2AuthorizationException extends RuntimeException {
+
 	private OAuth2Error error;
 
 	/**
 	 * Constructs an {@code OAuth2AuthorizationException} using the provided parameters.
-	 *
 	 * @param error the {@link OAuth2Error OAuth 2.0 Error}
 	 */
 	public OAuth2AuthorizationException(OAuth2Error error) {
@@ -37,7 +37,6 @@ public class OAuth2AuthorizationException extends RuntimeException {
 
 	/**
 	 * Constructs an {@code OAuth2AuthorizationException} using the provided parameters.
-	 *
 	 * @param error the {@link OAuth2Error OAuth 2.0 Error}
 	 * @param message the exception message
 	 * @since 5.3
@@ -50,7 +49,6 @@ public class OAuth2AuthorizationException extends RuntimeException {
 
 	/**
 	 * Constructs an {@code OAuth2AuthorizationException} using the provided parameters.
-	 *
 	 * @param error the {@link OAuth2Error OAuth 2.0 Error}
 	 * @param cause the root cause
 	 */
@@ -60,7 +58,6 @@ public class OAuth2AuthorizationException extends RuntimeException {
 
 	/**
 	 * Constructs an {@code OAuth2AuthorizationException} using the provided parameters.
-	 *
 	 * @param error the {@link OAuth2Error OAuth 2.0 Error}
 	 * @param message the exception message
 	 * @param cause the root cause
@@ -74,10 +71,10 @@ public class OAuth2AuthorizationException extends RuntimeException {
 
 	/**
 	 * Returns the {@link OAuth2Error OAuth 2.0 Error}.
-	 *
 	 * @return the {@link OAuth2Error}
 	 */
 	public OAuth2Error getError() {
 		return this.error;
 	}
+
 }
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2Error.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2Error.java
index 22d306a01b..032afe23f7 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2Error.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2Error.java
@@ -24,25 +24,29 @@ import java.io.Serializable;
  * A representation of an OAuth 2.0 Error.
  *
  * <p>
- * At a minimum, an error response will contain an error code.
- * The error code may be one of the standard codes defined by the specification,
- * or a new code defined in the OAuth Extensions Error Registry,
- * for cases where protocol extensions require additional error code(s) above the standard codes.
+ * At a minimum, an error response will contain an error code. The error code may be one
+ * of the standard codes defined by the specification, or a new code defined in the OAuth
+ * Extensions Error Registry, for cases where protocol extensions require additional error
+ * code(s) above the standard codes.
  *
  * @author Joe Grandja
  * @since 5.0
  * @see OAuth2ErrorCodes
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-11.4">Section 11.4 OAuth Extensions Error Registry</a>
+ * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-11.4">Section
+ * 11.4 OAuth Extensions Error Registry</a>
  */
 public class OAuth2Error implements Serializable {
+
 	private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
+
 	private final String errorCode;
+
 	private final String description;
+
 	private final String uri;
 
 	/**
 	 * Constructs an {@code OAuth2Error} using the provided parameters.
-	 *
 	 * @param errorCode the error code
 	 */
 	public OAuth2Error(String errorCode) {
@@ -51,7 +55,6 @@ public class OAuth2Error implements Serializable {
 
 	/**
 	 * Constructs an {@code OAuth2Error} using the provided parameters.
-	 *
 	 * @param errorCode the error code
 	 * @param description the error description
 	 * @param uri the error uri
@@ -65,7 +68,6 @@ public class OAuth2Error implements Serializable {
 
 	/**
 	 * Returns the error code.
-	 *
 	 * @return the error code
 	 */
 	public final String getErrorCode() {
@@ -74,7 +76,6 @@ public class OAuth2Error implements Serializable {
 
 	/**
 	 * Returns the error description.
-	 *
 	 * @return the error description
 	 */
 	public final String getDescription() {
@@ -83,7 +84,6 @@ public class OAuth2Error implements Serializable {
 
 	/**
 	 * Returns the error uri.
-	 *
 	 * @return the error uri
 	 */
 	public final String getUri() {
@@ -92,7 +92,7 @@ public class OAuth2Error implements Serializable {
 
 	@Override
 	public String toString() {
-		return "[" + this.getErrorCode() + "] " +
-				(this.getDescription() != null ? this.getDescription() : "");
+		return "[" + this.getErrorCode() + "] " + (this.getDescription() != null ? this.getDescription() : "");
 	}
+
 }
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2ErrorCodes.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2ErrorCodes.java
index 7a8f7a1677..11045ead48 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2ErrorCodes.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2ErrorCodes.java
@@ -24,20 +24,21 @@ package org.springframework.security.oauth2.core;
 public interface OAuth2ErrorCodes {
 
 	/**
-	 * {@code invalid_request} - The request is missing a required parameter,
-	 * includes an invalid parameter value,
-	 * includes a parameter more than once, or is otherwise malformed.
+	 * {@code invalid_request} - The request is missing a required parameter, includes an
+	 * invalid parameter value, includes a parameter more than once, or is otherwise
+	 * malformed.
 	 */
 	String INVALID_REQUEST = "invalid_request";
 
 	/**
-	 * {@code unauthorized_client} - The client is not authorized to request
-	 * an authorization code or access token using this method.
+	 * {@code unauthorized_client} - The client is not authorized to request an
+	 * authorization code or access token using this method.
 	 */
 	String UNAUTHORIZED_CLIENT = "unauthorized_client";
 
 	/**
-	 * {@code access_denied} - The resource owner or authorization server denied the request.
+	 * {@code access_denied} - The resource owner or authorization server denied the
+	 * request.
 	 */
 	String ACCESS_DENIED = "access_denied";
 
@@ -54,62 +55,66 @@ public interface OAuth2ErrorCodes {
 	String INVALID_SCOPE = "invalid_scope";
 
 	/**
-	 * {@code insufficient_scope} - The request requires higher privileges than
-	 *  provided by the access token.
-	 *  The resource server SHOULD respond with the HTTP 403 (Forbidden)
-	 *  status code and MAY include the "scope" attribute with the scope
-	 *  necessary to access the protected resource.
+	 * {@code insufficient_scope} - The request requires higher privileges than provided
+	 * by the access token. The resource server SHOULD respond with the HTTP 403
+	 * (Forbidden) status code and MAY include the "scope" attribute with the scope
+	 * necessary to access the protected resource.
 	 *
-	 * @see <a href="https://tools.ietf.org/html/rfc6750#section-3.1">RFC-6750 - Section 3.1 - Error Codes</a>
+	 * @see <a href="https://tools.ietf.org/html/rfc6750#section-3.1">RFC-6750 - Section
+	 * 3.1 - Error Codes</a>
 	 */
 	String INSUFFICIENT_SCOPE = "insufficient_scope";
 
 	/**
-	 * {@code invalid_token} - The access token provided is expired, revoked,
-	 * malformed, or invalid for other reasons.
-	 * The resource SHOULD respond with the HTTP 401 (Unauthorized) status code.
-	 * The client MAY request a new access token and retry the protected resource request.
+	 * {@code invalid_token} - The access token provided is expired, revoked, malformed,
+	 * or invalid for other reasons. The resource SHOULD respond with the HTTP 401
+	 * (Unauthorized) status code. The client MAY request a new access token and retry the
+	 * protected resource request.
 	 *
-	 * @see <a href="https://tools.ietf.org/html/rfc6750#section-3.1">RFC-6750 - Section 3.1 - Error Codes</a>
+	 * @see <a href="https://tools.ietf.org/html/rfc6750#section-3.1">RFC-6750 - Section
+	 * 3.1 - Error Codes</a>
 	 */
 	String INVALID_TOKEN = "invalid_token";
 
 	/**
-	 * {@code server_error} - The authorization server encountered an
-	 * unexpected condition that prevented it from fulfilling the request.
-	 * (This error code is needed because a 500 Internal Server Error HTTP status code
-	 * cannot be returned to the client via a HTTP redirect.)
+	 * {@code server_error} - The authorization server encountered an unexpected condition
+	 * that prevented it from fulfilling the request. (This error code is needed because a
+	 * 500 Internal Server Error HTTP status code cannot be returned to the client via a
+	 * HTTP redirect.)
 	 */
 	String SERVER_ERROR = "server_error";
 
 	/**
-	 * {@code temporarily_unavailable} - The authorization server is currently unable
-	 * to handle the request due to a temporary overloading or maintenance of the server.
+	 * {@code temporarily_unavailable} - The authorization server is currently unable to
+	 * handle the request due to a temporary overloading or maintenance of the server.
 	 * (This error code is needed because a 503 Service Unavailable HTTP status code
 	 * cannot be returned to the client via an HTTP redirect.)
 	 */
 	String TEMPORARILY_UNAVAILABLE = "temporarily_unavailable";
 
 	/**
-	 * {@code invalid_client} - Client authentication failed (e.g., unknown client,
-	 * no client authentication included, or unsupported authentication method).
-	 * The authorization server MAY return a HTTP 401 (Unauthorized) status code
-	 * to indicate which HTTP authentication schemes are supported.
-	 * If the client attempted to authenticate via the &quot;Authorization&quot; request header field,
-	 * the authorization server MUST respond with a HTTP 401 (Unauthorized) status code and
-	 * include the &quot;WWW-Authenticate&quot; response header field matching the authentication scheme used by the client.
+	 * {@code invalid_client} - Client authentication failed (e.g., unknown client, no
+	 * client authentication included, or unsupported authentication method). The
+	 * authorization server MAY return a HTTP 401 (Unauthorized) status code to indicate
+	 * which HTTP authentication schemes are supported. If the client attempted to
+	 * authenticate via the &quot;Authorization&quot; request header field, the
+	 * authorization server MUST respond with a HTTP 401 (Unauthorized) status code and
+	 * include the &quot;WWW-Authenticate&quot; response header field matching the
+	 * authentication scheme used by the client.
 	 */
 	String INVALID_CLIENT = "invalid_client";
 
 	/**
-	 * {@code invalid_grant} - The provided authorization grant
-	 * (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked,
-	 * does not match the redirection URI used in the authorization request, or was issued to another client.
+	 * {@code invalid_grant} - The provided authorization grant (e.g., authorization code,
+	 * resource owner credentials) or refresh token is invalid, expired, revoked, does not
+	 * match the redirection URI used in the authorization request, or was issued to
+	 * another client.
 	 */
 	String INVALID_GRANT = "invalid_grant";
 
 	/**
-	 * {@code unsupported_grant_type} - The authorization grant type is not supported by the authorization server.
+	 * {@code unsupported_grant_type} - The authorization grant type is not supported by
+	 * the authorization server.
 	 */
 	String UNSUPPORTED_GRANT_TYPE = "unsupported_grant_type";
 
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2RefreshToken.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2RefreshToken.java
index e52f364399..71e2df1770 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2RefreshToken.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2RefreshToken.java
@@ -18,28 +18,30 @@ package org.springframework.security.oauth2.core;
 import java.time.Instant;
 
 /**
- * An implementation of an {@link AbstractOAuth2Token} representing an OAuth 2.0 Refresh Token.
+ * An implementation of an {@link AbstractOAuth2Token} representing an OAuth 2.0 Refresh
+ * Token.
  *
  * <p>
- * A refresh token is a credential that represents an authorization
- * granted by the resource owner to the client.
- * It is used by the client to obtain a new access token when the current access token
- * becomes invalid or expires, or to obtain additional access tokens with identical or narrower scope.
+ * A refresh token is a credential that represents an authorization granted by the
+ * resource owner to the client. It is used by the client to obtain a new access token
+ * when the current access token becomes invalid or expires, or to obtain additional
+ * access tokens with identical or narrower scope.
  *
  * @author Joe Grandja
  * @since 5.1
  * @see OAuth2AccessToken
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-1.5">Section 1.5 Refresh Token</a>
+ * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-1.5">Section
+ * 1.5 Refresh Token</a>
  */
 public class OAuth2RefreshToken extends AbstractOAuth2Token {
 
 	/**
 	 * Constructs an {@code OAuth2RefreshToken} using the provided parameters.
-	 *
 	 * @param tokenValue the token value
 	 * @param issuedAt the time at which the token was issued
 	 */
 	public OAuth2RefreshToken(String tokenValue, Instant issuedAt) {
 		super(tokenValue, issuedAt, null);
 	}
+
 }
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2TokenValidator.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2TokenValidator.java
index 95cd5153df..48270aac54 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2TokenValidator.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2TokenValidator.java
@@ -16,8 +16,8 @@
 package org.springframework.security.oauth2.core;
 
 /**
- * Implementations of this interface are responsible for &quot;verifying&quot;
- * the validity and/or constraints of the attributes contained in an OAuth 2.0 Token.
+ * Implementations of this interface are responsible for &quot;verifying&quot; the
+ * validity and/or constraints of the attributes contained in an OAuth 2.0 Token.
  *
  * @author Joe Grandja
  * @author Josh Cummings
@@ -28,9 +28,9 @@ public interface OAuth2TokenValidator<T extends AbstractOAuth2Token> {
 
 	/**
 	 * Verify the validity and/or constraints of the provided OAuth 2.0 Token.
-	 *
 	 * @param token an OAuth 2.0 token
 	 * @return OAuth2TokenValidationResult the success or failure detail of the validation
 	 */
 	OAuth2TokenValidatorResult validate(T token);
+
 }
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2TokenValidatorResult.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2TokenValidatorResult.java
index 0922360aef..4a7b4bc1cc 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2TokenValidatorResult.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2TokenValidatorResult.java
@@ -30,6 +30,7 @@ import org.springframework.util.Assert;
  * @since 5.1
  */
 public final class OAuth2TokenValidatorResult {
+
 	static final OAuth2TokenValidatorResult NO_ERRORS = new OAuth2TokenValidatorResult(Collections.emptyList());
 
 	private final Collection<OAuth2Error> errors;
@@ -41,7 +42,6 @@ public final class OAuth2TokenValidatorResult {
 
 	/**
 	 * Say whether this result indicates success
-	 *
 	 * @return whether this result has errors
 	 */
 	public boolean hasErrors() {
@@ -50,8 +50,8 @@ public final class OAuth2TokenValidatorResult {
 
 	/**
 	 * Return error details regarding the validation attempt
-	 *
-	 * @return the collection of results in this result, if any; returns an empty list otherwise
+	 * @return the collection of results in this result, if any; returns an empty list
+	 * otherwise
 	 */
 	public Collection<OAuth2Error> getErrors() {
 		return this.errors;
@@ -59,7 +59,6 @@ public final class OAuth2TokenValidatorResult {
 
 	/**
 	 * Construct a successful {@link OAuth2TokenValidatorResult}
-	 *
 	 * @return an {@link OAuth2TokenValidatorResult} with no errors
 	 */
 	public static OAuth2TokenValidatorResult success() {
@@ -68,7 +67,6 @@ public final class OAuth2TokenValidatorResult {
 
 	/**
 	 * Construct a failure {@link OAuth2TokenValidatorResult} with the provided detail
-	 *
 	 * @param errors the list of errors
 	 * @return an {@link OAuth2TokenValidatorResult} with the errors specified
 	 */
@@ -78,7 +76,6 @@ public final class OAuth2TokenValidatorResult {
 
 	/**
 	 * Construct a failure {@link OAuth2TokenValidatorResult} with the provided detail
-	 *
 	 * @param errors the list of errors
 	 * @return an {@link OAuth2TokenValidatorResult} with the errors specified
 	 */
@@ -89,4 +86,5 @@ public final class OAuth2TokenValidatorResult {
 
 		return new OAuth2TokenValidatorResult(errors);
 	}
+
 }
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ClaimConversionService.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ClaimConversionService.java
index a871537534..21939b0933 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ClaimConversionService.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ClaimConversionService.java
@@ -21,8 +21,8 @@ import org.springframework.core.convert.support.GenericConversionService;
 import org.springframework.security.oauth2.core.ClaimAccessor;
 
 /**
- * A {@link ConversionService} configured with converters
- * that provide type conversion for claim values.
+ * A {@link ConversionService} configured with converters that provide type conversion for
+ * claim values.
  *
  * @author Joe Grandja
  * @since 5.2
@@ -30,6 +30,7 @@ import org.springframework.security.oauth2.core.ClaimAccessor;
  * @see ClaimAccessor
  */
 public final class ClaimConversionService extends GenericConversionService {
+
 	private static volatile ClaimConversionService sharedInstance;
 
 	private ClaimConversionService() {
@@ -38,7 +39,6 @@ public final class ClaimConversionService extends GenericConversionService {
 
 	/**
 	 * Returns a shared instance of {@code ClaimConversionService}.
-	 *
 	 * @return a shared instance of {@code ClaimConversionService}
 	 */
 	public static ClaimConversionService getSharedInstance() {
@@ -56,9 +56,8 @@ public final class ClaimConversionService extends GenericConversionService {
 	}
 
 	/**
-	 * Adds the converters that provide type conversion for claim values
-	 * to the provided {@link ConverterRegistry}.
-	 *
+	 * Adds the converters that provide type conversion for claim values to the provided
+	 * {@link ConverterRegistry}.
 	 * @param converterRegistry the registry of converters to add to
 	 */
 	public static void addConverters(ConverterRegistry converterRegistry) {
@@ -69,4 +68,5 @@ public final class ClaimConversionService extends GenericConversionService {
 		converterRegistry.addConverter(new ObjectToListStringConverter());
 		converterRegistry.addConverter(new ObjectToMapStringObjectConverter());
 	}
+
 }
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ClaimTypeConverter.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ClaimTypeConverter.java
index 098cb86a01..44d88c4fb4 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ClaimTypeConverter.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ClaimTypeConverter.java
@@ -32,12 +32,13 @@ import java.util.Map;
  * @see Converter
  */
 public final class ClaimTypeConverter implements Converter<Map<String, Object>, Map<String, Object>> {
+
 	private final Map<String, Converter<Object, ?>> claimTypeConverters;
 
 	/**
 	 * Constructs a {@code ClaimTypeConverter} using the provided parameters.
-	 *
-	 * @param claimTypeConverters a {@link Map} of {@link Converter}(s) keyed by claim name
+	 * @param claimTypeConverters a {@link Map} of {@link Converter}(s) keyed by claim
+	 * name
 	 */
 	public ClaimTypeConverter(Map<String, Converter<Object, ?>> claimTypeConverters) {
 		Assert.notEmpty(claimTypeConverters, "claimTypeConverters cannot be empty");
@@ -64,4 +65,5 @@ public final class ClaimTypeConverter implements Converter<Map<String, Object>,
 
 		return result;
 	}
+
 }
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ObjectToBooleanConverter.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ObjectToBooleanConverter.java
index 82c2243308..10d21f0fda 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ObjectToBooleanConverter.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ObjectToBooleanConverter.java
@@ -42,4 +42,5 @@ final class ObjectToBooleanConverter implements GenericConverter {
 		}
 		return Boolean.valueOf(source.toString());
 	}
+
 }
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ObjectToInstantConverter.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ObjectToInstantConverter.java
index 65ddaae9d5..c86edb8b9c 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ObjectToInstantConverter.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ObjectToInstantConverter.java
@@ -50,14 +50,17 @@ final class ObjectToInstantConverter implements GenericConverter {
 		}
 		try {
 			return Instant.ofEpochSecond(Long.parseLong(source.toString()));
-		} catch (Exception ex) {
+		}
+		catch (Exception ex) {
 			// Ignore
 		}
 		try {
 			return Instant.parse(source.toString());
-		} catch (Exception ex) {
+		}
+		catch (Exception ex) {
 			// Ignore
 		}
 		return null;
 	}
+
 }
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ObjectToListStringConverter.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ObjectToListStringConverter.java
index daba913f25..cbc13b7a47 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ObjectToListStringConverter.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ObjectToListStringConverter.java
@@ -42,10 +42,9 @@ final class ObjectToListStringConverter implements ConditionalGenericConverter {
 
 	@Override
 	public boolean matches(TypeDescriptor sourceType, TypeDescriptor targetType) {
-		if (targetType.getElementTypeDescriptor() == null ||
-				targetType.getElementTypeDescriptor().getType().equals(String.class) ||
-				sourceType == null ||
-				ClassUtils.isAssignable(sourceType.getType(), targetType.getElementTypeDescriptor().getType())) {
+		if (targetType.getElementTypeDescriptor() == null
+				|| targetType.getElementTypeDescriptor().getType().equals(String.class) || sourceType == null
+				|| ClassUtils.isAssignable(sourceType.getType(), targetType.getElementTypeDescriptor().getType())) {
 			return true;
 		}
 		return false;
@@ -73,4 +72,5 @@ final class ObjectToListStringConverter implements ConditionalGenericConverter {
 		}
 		return Collections.singletonList(source.toString());
 	}
+
 }
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ObjectToMapStringObjectConverter.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ObjectToMapStringObjectConverter.java
index 6db09f9cf1..0ba486c558 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ObjectToMapStringObjectConverter.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ObjectToMapStringObjectConverter.java
@@ -36,8 +36,8 @@ final class ObjectToMapStringObjectConverter implements ConditionalGenericConver
 
 	@Override
 	public boolean matches(TypeDescriptor sourceType, TypeDescriptor targetType) {
-		if (targetType.getElementTypeDescriptor() == null ||
-				targetType.getMapKeyTypeDescriptor().getType().equals(String.class)) {
+		if (targetType.getElementTypeDescriptor() == null
+				|| targetType.getMapKeyTypeDescriptor().getType().equals(String.class)) {
 			return true;
 		}
 		return false;
@@ -59,4 +59,5 @@ final class ObjectToMapStringObjectConverter implements ConditionalGenericConver
 		sourceMap.forEach((k, v) -> result.put(k.toString(), v));
 		return result;
 	}
+
 }
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ObjectToStringConverter.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ObjectToStringConverter.java
index 8a73b71e74..1f843f3646 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ObjectToStringConverter.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ObjectToStringConverter.java
@@ -36,4 +36,5 @@ final class ObjectToStringConverter implements GenericConverter {
 	public Object convert(Object source, TypeDescriptor sourceType, TypeDescriptor targetType) {
 		return source == null ? null : source.toString();
 	}
+
 }
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ObjectToURLConverter.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ObjectToURLConverter.java
index f24020a378..483a31b2fb 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ObjectToURLConverter.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ObjectToURLConverter.java
@@ -44,9 +44,11 @@ final class ObjectToURLConverter implements GenericConverter {
 		}
 		try {
 			return new URI(source.toString()).toURL();
-		} catch (Exception ex) {
+		}
+		catch (Exception ex) {
 			// Ignore
 		}
 		return null;
 	}
+
 }
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/MapOAuth2AccessTokenResponseConverter.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/MapOAuth2AccessTokenResponseConverter.java
index 3cc3aa0ede..b11e904ad0 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/MapOAuth2AccessTokenResponseConverter.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/MapOAuth2AccessTokenResponseConverter.java
@@ -27,29 +27,27 @@ import org.springframework.security.oauth2.core.OAuth2AccessToken;
 import org.springframework.util.StringUtils;
 
 /**
- * A {@link Converter} that converts the provided
- * OAuth 2.0 Access Token Response parameters to an {@link OAuth2AccessTokenResponse}.
+ * A {@link Converter} that converts the provided OAuth 2.0 Access Token Response
+ * parameters to an {@link OAuth2AccessTokenResponse}.
  *
  * @author Joe Grandja
  * @author Nikita Konev
  * @since 5.3
  */
-public final class MapOAuth2AccessTokenResponseConverter implements Converter<Map<String, String>, OAuth2AccessTokenResponse> {
-	private static final Set<String> TOKEN_RESPONSE_PARAMETER_NAMES = new HashSet<>(Arrays.asList(
-			OAuth2ParameterNames.ACCESS_TOKEN,
-			OAuth2ParameterNames.EXPIRES_IN,
-			OAuth2ParameterNames.REFRESH_TOKEN,
-			OAuth2ParameterNames.SCOPE,
-			OAuth2ParameterNames.TOKEN_TYPE
-	));
+public final class MapOAuth2AccessTokenResponseConverter
+		implements Converter<Map<String, String>, OAuth2AccessTokenResponse> {
+
+	private static final Set<String> TOKEN_RESPONSE_PARAMETER_NAMES = new HashSet<>(
+			Arrays.asList(OAuth2ParameterNames.ACCESS_TOKEN, OAuth2ParameterNames.EXPIRES_IN,
+					OAuth2ParameterNames.REFRESH_TOKEN, OAuth2ParameterNames.SCOPE, OAuth2ParameterNames.TOKEN_TYPE));
 
 	@Override
 	public OAuth2AccessTokenResponse convert(Map<String, String> tokenResponseParameters) {
 		String accessToken = tokenResponseParameters.get(OAuth2ParameterNames.ACCESS_TOKEN);
 
 		OAuth2AccessToken.TokenType accessTokenType = null;
-		if (OAuth2AccessToken.TokenType.BEARER.getValue().equalsIgnoreCase(
-				tokenResponseParameters.get(OAuth2ParameterNames.TOKEN_TYPE))) {
+		if (OAuth2AccessToken.TokenType.BEARER.getValue()
+				.equalsIgnoreCase(tokenResponseParameters.get(OAuth2ParameterNames.TOKEN_TYPE))) {
 			accessTokenType = OAuth2AccessToken.TokenType.BEARER;
 		}
 
@@ -57,7 +55,8 @@ public final class MapOAuth2AccessTokenResponseConverter implements Converter<Ma
 		if (tokenResponseParameters.containsKey(OAuth2ParameterNames.EXPIRES_IN)) {
 			try {
 				expiresIn = Long.parseLong(tokenResponseParameters.get(OAuth2ParameterNames.EXPIRES_IN));
-			} catch (NumberFormatException ex) {
+			}
+			catch (NumberFormatException ex) {
 			}
 		}
 
@@ -76,12 +75,8 @@ public final class MapOAuth2AccessTokenResponseConverter implements Converter<Ma
 			}
 		}
 
-		return OAuth2AccessTokenResponse.withToken(accessToken)
-				.tokenType(accessTokenType)
-				.expiresIn(expiresIn)
-				.scopes(scopes)
-				.refreshToken(refreshToken)
-				.additionalParameters(additionalParameters)
-				.build();
+		return OAuth2AccessTokenResponse.withToken(accessToken).tokenType(accessTokenType).expiresIn(expiresIn)
+				.scopes(scopes).refreshToken(refreshToken).additionalParameters(additionalParameters).build();
 	}
+
 }
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponse.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponse.java
index 5bd0df5696..56399c53bc 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponse.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponse.java
@@ -33,11 +33,15 @@ import java.util.Set;
  * @since 5.0
  * @see OAuth2AccessToken
  * @see OAuth2RefreshToken
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-5.1">Section 5.1 Access Token Response</a>
+ * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-5.1">Section
+ * 5.1 Access Token Response</a>
  */
 public final class OAuth2AccessTokenResponse {
+
 	private OAuth2AccessToken accessToken;
+
 	private OAuth2RefreshToken refreshToken;
+
 	private Map<String, Object> additionalParameters;
 
 	private OAuth2AccessTokenResponse() {
@@ -45,7 +49,6 @@ public final class OAuth2AccessTokenResponse {
 
 	/**
 	 * Returns the {@link OAuth2AccessToken Access Token}.
-	 *
 	 * @return the {@link OAuth2AccessToken}
 	 */
 	public OAuth2AccessToken getAccessToken() {
@@ -64,8 +67,8 @@ public final class OAuth2AccessTokenResponse {
 
 	/**
 	 * Returns the additional parameters returned in the response.
-	 *
-	 * @return a {@code Map} of the additional parameters returned in the response, may be empty.
+	 * @return a {@code Map} of the additional parameters returned in the response, may be
+	 * empty.
 	 */
 	public Map<String, Object> getAdditionalParameters() {
 		return this.additionalParameters;
@@ -73,7 +76,6 @@ public final class OAuth2AccessTokenResponse {
 
 	/**
 	 * Returns a new {@link Builder}, initialized with the provided access token value.
-	 *
 	 * @param tokenValue the value of the access token
 	 * @return the {@link Builder}
 	 */
@@ -83,7 +85,6 @@ public final class OAuth2AccessTokenResponse {
 
 	/**
 	 * Returns a new {@link Builder}, initialized with the provided response.
-	 *
 	 * @param response the response to initialize the builder with
 	 * @return the {@link Builder}
 	 */
@@ -95,13 +96,21 @@ public final class OAuth2AccessTokenResponse {
 	 * A builder for {@link OAuth2AccessTokenResponse}.
 	 */
 	public static class Builder {
+
 		private String tokenValue;
+
 		private OAuth2AccessToken.TokenType tokenType;
+
 		private Instant issuedAt;
+
 		private Instant expiresAt;
+
 		private long expiresIn;
+
 		private Set<String> scopes;
+
 		private String refreshToken;
+
 		private Map<String, Object> additionalParameters;
 
 		private Builder(OAuth2AccessTokenResponse response) {
@@ -111,8 +120,7 @@ public final class OAuth2AccessTokenResponse {
 			this.issuedAt = accessToken.getIssuedAt();
 			this.expiresAt = accessToken.getExpiresAt();
 			this.scopes = accessToken.getScopes();
-			this.refreshToken = response.getRefreshToken() == null ?
-					null : response.getRefreshToken().getTokenValue();
+			this.refreshToken = response.getRefreshToken() == null ? null : response.getRefreshToken().getTokenValue();
 			this.additionalParameters = response.getAdditionalParameters();
 		}
 
@@ -122,7 +130,6 @@ public final class OAuth2AccessTokenResponse {
 
 		/**
 		 * Sets the {@link OAuth2AccessToken.TokenType token type}.
-		 *
 		 * @param tokenType the type of token issued
 		 * @return the {@link Builder}
 		 */
@@ -133,7 +140,6 @@ public final class OAuth2AccessTokenResponse {
 
 		/**
 		 * Sets the lifetime (in seconds) of the access token.
-		 *
 		 * @param expiresIn the lifetime of the access token, in seconds.
 		 * @return the {@link Builder}
 		 */
@@ -145,7 +151,6 @@ public final class OAuth2AccessTokenResponse {
 
 		/**
 		 * Sets the scope(s) associated to the access token.
-		 *
 		 * @param scopes the scope(s) associated to the access token.
 		 * @return the {@link Builder}
 		 */
@@ -156,7 +161,6 @@ public final class OAuth2AccessTokenResponse {
 
 		/**
 		 * Sets the refresh token associated to the access token.
-		 *
 		 * @param refreshToken the refresh token associated to the access token.
 		 * @return the {@link Builder}
 		 */
@@ -167,7 +171,6 @@ public final class OAuth2AccessTokenResponse {
 
 		/**
 		 * Sets the additional parameters returned in the response.
-		 *
 		 * @param additionalParameters the additional parameters returned in the response
 		 * @return the {@link Builder}
 		 */
@@ -178,7 +181,6 @@ public final class OAuth2AccessTokenResponse {
 
 		/**
 		 * Builds a new {@link OAuth2AccessTokenResponse}.
-		 *
 		 * @return a {@link OAuth2AccessTokenResponse}
 		 */
 		public OAuth2AccessTokenResponse build() {
@@ -186,13 +188,14 @@ public final class OAuth2AccessTokenResponse {
 			Instant expiresAt = getExpiresAt();
 
 			OAuth2AccessTokenResponse accessTokenResponse = new OAuth2AccessTokenResponse();
-			accessTokenResponse.accessToken = new OAuth2AccessToken(
-				this.tokenType, this.tokenValue, issuedAt, expiresAt, this.scopes);
+			accessTokenResponse.accessToken = new OAuth2AccessToken(this.tokenType, this.tokenValue, issuedAt,
+					expiresAt, this.scopes);
 			if (StringUtils.hasText(this.refreshToken)) {
 				accessTokenResponse.refreshToken = new OAuth2RefreshToken(this.refreshToken, issuedAt);
 			}
-			accessTokenResponse.additionalParameters = Collections.unmodifiableMap(
-				CollectionUtils.isEmpty(this.additionalParameters) ? Collections.emptyMap() : this.additionalParameters);
+			accessTokenResponse.additionalParameters = Collections
+					.unmodifiableMap(CollectionUtils.isEmpty(this.additionalParameters) ? Collections.emptyMap()
+							: this.additionalParameters);
 			return accessTokenResponse;
 		}
 
@@ -204,19 +207,21 @@ public final class OAuth2AccessTokenResponse {
 		}
 
 		/**
-		 * expires_in is RECOMMENDED, as per spec https://tools.ietf.org/html/rfc6749#section-5.1
-		 * Therefore, expires_in may not be returned in the Access Token response which would result in the default value of 0.
-		 * For these instances, default the expiresAt to +1 second from issuedAt time.
+		 * expires_in is RECOMMENDED, as per spec
+		 * https://tools.ietf.org/html/rfc6749#section-5.1 Therefore, expires_in may not
+		 * be returned in the Access Token response which would result in the default
+		 * value of 0. For these instances, default the expiresAt to +1 second from
+		 * issuedAt time.
 		 * @return
 		 */
 		private Instant getExpiresAt() {
 			if (this.expiresAt == null) {
 				Instant issuedAt = getIssuedAt();
-				this.expiresAt = this.expiresIn > 0 ?
-								issuedAt.plusSeconds(this.expiresIn) :
-								issuedAt.plusSeconds(1);
+				this.expiresAt = this.expiresIn > 0 ? issuedAt.plusSeconds(this.expiresIn) : issuedAt.plusSeconds(1);
 			}
 			return this.expiresAt;
 		}
+
 	}
+
 }
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseMapConverter.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseMapConverter.java
index cc023ee4ce..c9aefa2d4e 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseMapConverter.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseMapConverter.java
@@ -25,14 +25,15 @@ import org.springframework.util.CollectionUtils;
 import org.springframework.util.StringUtils;
 
 /**
- * A {@link Converter} that converts the provided {@link OAuth2AccessTokenResponse}
- * to a {@code Map} representation of the OAuth 2.0 Access Token Response parameters.
+ * A {@link Converter} that converts the provided {@link OAuth2AccessTokenResponse} to a
+ * {@code Map} representation of the OAuth 2.0 Access Token Response parameters.
  *
  * @author Joe Grandja
  * @author Nikita Konev
  * @since 5.3
  */
-public final class OAuth2AccessTokenResponseMapConverter implements Converter<OAuth2AccessTokenResponse, Map<String, String>> {
+public final class OAuth2AccessTokenResponseMapConverter
+		implements Converter<OAuth2AccessTokenResponse, Map<String, String>> {
 
 	@Override
 	public Map<String, String> convert(OAuth2AccessTokenResponse tokenResponse) {
@@ -61,4 +62,5 @@ public final class OAuth2AccessTokenResponseMapConverter implements Converter<OA
 
 		return parameters;
 	}
+
 }
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationExchange.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationExchange.java
index e17c9ae0b3..fb62b59069 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationExchange.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationExchange.java
@@ -18,8 +18,8 @@ package org.springframework.security.oauth2.core.endpoint;
 import org.springframework.util.Assert;
 
 /**
- * An &quot;exchange&quot; of an OAuth 2.0 Authorization Request and Response
- * for the authorization code grant type.
+ * An &quot;exchange&quot; of an OAuth 2.0 Authorization Request and Response for the
+ * authorization code grant type.
  *
  * @author Joe Grandja
  * @since 5.0
@@ -27,18 +27,21 @@ import org.springframework.util.Assert;
  * @see OAuth2AuthorizationResponse
  */
 public final class OAuth2AuthorizationExchange {
+
 	private final OAuth2AuthorizationRequest authorizationRequest;
+
 	private final OAuth2AuthorizationResponse authorizationResponse;
 
 	/**
 	 * Constructs a new {@code OAuth2AuthorizationExchange} with the provided
 	 * Authorization Request and Authorization Response.
-	 *
-	 * @param authorizationRequest the {@link OAuth2AuthorizationRequest Authorization Request}
-	 * @param authorizationResponse the {@link OAuth2AuthorizationResponse Authorization Response}
+	 * @param authorizationRequest the {@link OAuth2AuthorizationRequest Authorization
+	 * Request}
+	 * @param authorizationResponse the {@link OAuth2AuthorizationResponse Authorization
+	 * Response}
 	 */
 	public OAuth2AuthorizationExchange(OAuth2AuthorizationRequest authorizationRequest,
-										OAuth2AuthorizationResponse authorizationResponse) {
+			OAuth2AuthorizationResponse authorizationResponse) {
 		Assert.notNull(authorizationRequest, "authorizationRequest cannot be null");
 		Assert.notNull(authorizationResponse, "authorizationResponse cannot be null");
 		this.authorizationRequest = authorizationRequest;
@@ -47,7 +50,6 @@ public final class OAuth2AuthorizationExchange {
 
 	/**
 	 * Returns the {@link OAuth2AuthorizationRequest Authorization Request}.
-	 *
 	 * @return the {@link OAuth2AuthorizationRequest}
 	 */
 	public OAuth2AuthorizationRequest getAuthorizationRequest() {
@@ -56,10 +58,10 @@ public final class OAuth2AuthorizationExchange {
 
 	/**
 	 * Returns the {@link OAuth2AuthorizationResponse Authorization Response}.
-	 *
 	 * @return the {@link OAuth2AuthorizationResponse}
 	 */
 	public OAuth2AuthorizationResponse getAuthorizationResponse() {
 		return this.authorizationResponse;
 	}
+
 }
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequest.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequest.java
index 9323ce2a53..48274effe8 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequest.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequest.java
@@ -39,27 +39,42 @@ import java.util.function.Consumer;
 import java.util.function.Function;
 
 /**
- * A representation of an OAuth 2.0 Authorization Request
- * for the authorization code grant type or implicit grant type.
+ * A representation of an OAuth 2.0 Authorization Request for the authorization code grant
+ * type or implicit grant type.
  *
  * @author Joe Grandja
  * @since 5.0
  * @see AuthorizationGrantType
  * @see OAuth2AuthorizationResponseType
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1.1">Section 4.1.1 Authorization Code Grant Request</a>
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.2.1">Section 4.2.1 Implicit Grant Request</a>
+ * @see <a target="_blank" href=
+ * "https://tools.ietf.org/html/rfc6749#section-4.1.1">Section 4.1.1 Authorization Code
+ * Grant Request</a>
+ * @see <a target="_blank" href=
+ * "https://tools.ietf.org/html/rfc6749#section-4.2.1">Section 4.2.1 Implicit Grant
+ * Request</a>
  */
 public final class OAuth2AuthorizationRequest implements Serializable {
+
 	private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
+
 	private String authorizationUri;
+
 	private AuthorizationGrantType authorizationGrantType;
+
 	private OAuth2AuthorizationResponseType responseType;
+
 	private String clientId;
+
 	private String redirectUri;
+
 	private Set<String> scopes;
+
 	private String state;
+
 	private Map<String, Object> additionalParameters;
+
 	private String authorizationRequestUri;
+
 	private Map<String, Object> attributes;
 
 	private OAuth2AuthorizationRequest() {
@@ -67,7 +82,6 @@ public final class OAuth2AuthorizationRequest implements Serializable {
 
 	/**
 	 * Returns the uri for the authorization endpoint.
-	 *
 	 * @return the uri for the authorization endpoint
 	 */
 	public String getAuthorizationUri() {
@@ -76,7 +90,6 @@ public final class OAuth2AuthorizationRequest implements Serializable {
 
 	/**
 	 * Returns the {@link AuthorizationGrantType grant type}.
-	 *
 	 * @return the {@link AuthorizationGrantType}
 	 */
 	public AuthorizationGrantType getGrantType() {
@@ -85,7 +98,6 @@ public final class OAuth2AuthorizationRequest implements Serializable {
 
 	/**
 	 * Returns the {@link OAuth2AuthorizationResponseType response type}.
-	 *
 	 * @return the {@link OAuth2AuthorizationResponseType}
 	 */
 	public OAuth2AuthorizationResponseType getResponseType() {
@@ -94,7 +106,6 @@ public final class OAuth2AuthorizationRequest implements Serializable {
 
 	/**
 	 * Returns the client identifier.
-	 *
 	 * @return the client identifier
 	 */
 	public String getClientId() {
@@ -103,7 +114,6 @@ public final class OAuth2AuthorizationRequest implements Serializable {
 
 	/**
 	 * Returns the uri for the redirection endpoint.
-	 *
 	 * @return the uri for the redirection endpoint
 	 */
 	public String getRedirectUri() {
@@ -112,7 +122,6 @@ public final class OAuth2AuthorizationRequest implements Serializable {
 
 	/**
 	 * Returns the scope(s).
-	 *
 	 * @return the scope(s), or an empty {@code Set} if not available
 	 */
 	public Set<String> getScopes() {
@@ -121,7 +130,6 @@ public final class OAuth2AuthorizationRequest implements Serializable {
 
 	/**
 	 * Returns the state.
-	 *
 	 * @return the state
 	 */
 	public String getState() {
@@ -130,8 +138,8 @@ public final class OAuth2AuthorizationRequest implements Serializable {
 
 	/**
 	 * Returns the additional parameter(s) used in the request.
-	 *
-	 * @return a {@code Map} of the additional parameter(s), or an empty {@code Map} if not available
+	 * @return a {@code Map} of the additional parameter(s), or an empty {@code Map} if
+	 * not available
 	 */
 	public Map<String, Object> getAdditionalParameters() {
 		return this.additionalParameters;
@@ -153,7 +161,8 @@ public final class OAuth2AuthorizationRequest implements Serializable {
 	 * @since 5.2
 	 * @param name the name of the attribute
 	 * @param <T> the type of the attribute
-	 * @return the value of the attribute associated to the request, or {@code null} if not available
+	 * @return the value of the attribute associated to the request, or {@code null} if
+	 * not available
 	 */
 	@SuppressWarnings("unchecked")
 	public <T> T getAttribute(String name) {
@@ -161,14 +170,16 @@ public final class OAuth2AuthorizationRequest implements Serializable {
 	}
 
 	/**
-	 * Returns the {@code URI} string representation of the OAuth 2.0 Authorization Request.
+	 * Returns the {@code URI} string representation of the OAuth 2.0 Authorization
+	 * Request.
 	 *
 	 * <p>
 	 * <b>NOTE:</b> The {@code URI} string is encoded in the
 	 * {@code application/x-www-form-urlencoded} MIME format.
 	 *
 	 * @since 5.1
-	 * @return the {@code URI} string representation of the OAuth 2.0 Authorization Request
+	 * @return the {@code URI} string representation of the OAuth 2.0 Authorization
+	 * Request
 	 */
 	public String getAuthorizationRequestUri() {
 		return this.authorizationRequestUri;
@@ -176,7 +187,6 @@ public final class OAuth2AuthorizationRequest implements Serializable {
 
 	/**
 	 * Returns a new {@link Builder}, initialized with the authorization code grant type.
-	 *
 	 * @return the {@link Builder}
 	 */
 	public static Builder authorizationCode() {
@@ -185,11 +195,11 @@ public final class OAuth2AuthorizationRequest implements Serializable {
 
 	/**
 	 * Returns a new {@link Builder}, initialized with the implicit grant type.
-	 *
-	 * @deprecated It is not recommended to use the implicit flow
-	 * due to the inherent risks of returning access tokens in an HTTP redirect
-	 * without any confirmation that it has been received by the client.
-	 * @see <a target="_blank" href="https://oauth.net/2/grant-types/implicit/">OAuth 2.0 Implicit Grant</a>
+	 * @deprecated It is not recommended to use the implicit flow due to the inherent
+	 * risks of returning access tokens in an HTTP redirect without any confirmation that
+	 * it has been received by the client.
+	 * @see <a target="_blank" href="https://oauth.net/2/grant-types/implicit/">OAuth 2.0
+	 * Implicit Grant</a>
 	 * @return the {@link Builder}
 	 */
 	@Deprecated
@@ -198,11 +208,12 @@ public final class OAuth2AuthorizationRequest implements Serializable {
 	}
 
 	/**
-	 * Returns a new {@link Builder}, initialized with the values
-	 * from the provided {@code authorizationRequest}.
+	 * Returns a new {@link Builder}, initialized with the values from the provided
+	 * {@code authorizationRequest}.
 	 *
 	 * @since 5.1
-	 * @param authorizationRequest the authorization request used for initializing the {@link Builder}
+	 * @param authorizationRequest the authorization request used for initializing the
+	 * {@link Builder}
 	 * @return the {@link Builder}
 	 */
 	public static Builder from(OAuth2AuthorizationRequest authorizationRequest) {
@@ -210,10 +221,8 @@ public final class OAuth2AuthorizationRequest implements Serializable {
 
 		return new Builder(authorizationRequest.getGrantType())
 				.authorizationUri(authorizationRequest.getAuthorizationUri())
-				.clientId(authorizationRequest.getClientId())
-				.redirectUri(authorizationRequest.getRedirectUri())
-				.scopes(authorizationRequest.getScopes())
-				.state(authorizationRequest.getState())
+				.clientId(authorizationRequest.getClientId()).redirectUri(authorizationRequest.getRedirectUri())
+				.scopes(authorizationRequest.getScopes()).state(authorizationRequest.getState())
 				.additionalParameters(authorizationRequest.getAdditionalParameters())
 				.attributes(authorizationRequest.getAttributes());
 	}
@@ -222,18 +231,32 @@ public final class OAuth2AuthorizationRequest implements Serializable {
 	 * A builder for {@link OAuth2AuthorizationRequest}.
 	 */
 	public static class Builder {
+
 		private String authorizationUri;
+
 		private AuthorizationGrantType authorizationGrantType;
+
 		private OAuth2AuthorizationResponseType responseType;
+
 		private String clientId;
+
 		private String redirectUri;
+
 		private Set<String> scopes;
+
 		private String state;
+
 		private Map<String, Object> additionalParameters = new LinkedHashMap<>();
-		private Consumer<Map<String, Object>> parametersConsumer = params -> {};
+
+		private Consumer<Map<String, Object>> parametersConsumer = params -> {
+		};
+
 		private Map<String, Object> attributes = new LinkedHashMap<>();
+
 		private String authorizationRequestUri;
+
 		private Function<UriBuilder, URI> authorizationRequestUriFunction = builder -> builder.build();
+
 		private final DefaultUriBuilderFactory uriBuilderFactory;
 
 		private Builder(AuthorizationGrantType authorizationGrantType) {
@@ -241,18 +264,19 @@ public final class OAuth2AuthorizationRequest implements Serializable {
 			this.authorizationGrantType = authorizationGrantType;
 			if (AuthorizationGrantType.AUTHORIZATION_CODE.equals(authorizationGrantType)) {
 				this.responseType = OAuth2AuthorizationResponseType.CODE;
-			} else if (AuthorizationGrantType.IMPLICIT.equals(authorizationGrantType)) {
+			}
+			else if (AuthorizationGrantType.IMPLICIT.equals(authorizationGrantType)) {
 				this.responseType = OAuth2AuthorizationResponseType.TOKEN;
 			}
 			this.uriBuilderFactory = new DefaultUriBuilderFactory();
 			// The supplied authorizationUri may contain encoded parameters
-			// so disable encoding in UriBuilder and instead apply encoding within this builder
+			// so disable encoding in UriBuilder and instead apply encoding within this
+			// builder
 			this.uriBuilderFactory.setEncodingMode(DefaultUriBuilderFactory.EncodingMode.NONE);
 		}
 
 		/**
 		 * Sets the uri for the authorization endpoint.
-		 *
 		 * @param authorizationUri the uri for the authorization endpoint
 		 * @return the {@link Builder}
 		 */
@@ -263,7 +287,6 @@ public final class OAuth2AuthorizationRequest implements Serializable {
 
 		/**
 		 * Sets the client identifier.
-		 *
 		 * @param clientId the client identifier
 		 * @return the {@link Builder}
 		 */
@@ -274,7 +297,6 @@ public final class OAuth2AuthorizationRequest implements Serializable {
 
 		/**
 		 * Sets the uri for the redirection endpoint.
-		 *
 		 * @param redirectUri the uri for the redirection endpoint
 		 * @return the {@link Builder}
 		 */
@@ -285,7 +307,6 @@ public final class OAuth2AuthorizationRequest implements Serializable {
 
 		/**
 		 * Sets the scope(s).
-		 *
 		 * @param scope the scope(s)
 		 * @return the {@link Builder}
 		 */
@@ -298,7 +319,6 @@ public final class OAuth2AuthorizationRequest implements Serializable {
 
 		/**
 		 * Sets the scope(s).
-		 *
 		 * @param scopes the scope(s)
 		 * @return the {@link Builder}
 		 */
@@ -309,7 +329,6 @@ public final class OAuth2AuthorizationRequest implements Serializable {
 
 		/**
 		 * Sets the state.
-		 *
 		 * @param state the state
 		 * @return the {@link Builder}
 		 */
@@ -320,7 +339,6 @@ public final class OAuth2AuthorizationRequest implements Serializable {
 
 		/**
 		 * Sets the additional parameter(s) used in the request.
-		 *
 		 * @param additionalParameters the additional parameter(s) used in the request
 		 * @return the {@link Builder}
 		 */
@@ -336,7 +354,8 @@ public final class OAuth2AuthorizationRequest implements Serializable {
 		 * allowing the ability to add, replace, or remove.
 		 *
 		 * @since 5.3
-		 * @param additionalParametersConsumer a {@code Consumer} of the additional parameters
+		 * @param additionalParametersConsumer a {@code Consumer} of the additional
+		 * parameters
 		 */
 		public Builder additionalParameters(Consumer<Map<String, Object>> additionalParametersConsumer) {
 			if (additionalParametersConsumer != null) {
@@ -346,8 +365,8 @@ public final class OAuth2AuthorizationRequest implements Serializable {
 		}
 
 		/**
-		 * A {@code Consumer} to be provided access to all the parameters
-		 * allowing the ability to add, replace, or remove.
+		 * A {@code Consumer} to be provided access to all the parameters allowing the
+		 * ability to add, replace, or remove.
 		 *
 		 * @since 5.3
 		 * @param parametersConsumer a {@code Consumer} of all the parameters
@@ -374,8 +393,8 @@ public final class OAuth2AuthorizationRequest implements Serializable {
 		}
 
 		/**
-		 * A {@code Consumer} to be provided access to the attribute(s)
-		 * allowing the ability to add, replace, or remove.
+		 * A {@code Consumer} to be provided access to the attribute(s) allowing the
+		 * ability to add, replace, or remove.
 		 *
 		 * @since 5.3
 		 * @param attributesConsumer a {@code Consumer} of the attribute(s)
@@ -388,14 +407,16 @@ public final class OAuth2AuthorizationRequest implements Serializable {
 		}
 
 		/**
-		 * Sets the {@code URI} string representation of the OAuth 2.0 Authorization Request.
+		 * Sets the {@code URI} string representation of the OAuth 2.0 Authorization
+		 * Request.
 		 *
 		 * <p>
 		 * <b>NOTE:</b> The {@code URI} string is <b>required</b> to be encoded in the
 		 * {@code application/x-www-form-urlencoded} MIME format.
 		 *
 		 * @since 5.1
-		 * @param authorizationRequestUri the {@code URI} string representation of the OAuth 2.0 Authorization Request
+		 * @param authorizationRequestUri the {@code URI} string representation of the
+		 * OAuth 2.0 Authorization Request
 		 * @return the {@link Builder}
 		 */
 		public Builder authorizationRequestUri(String authorizationRequestUri) {
@@ -404,11 +425,12 @@ public final class OAuth2AuthorizationRequest implements Serializable {
 		}
 
 		/**
-		 * A {@code Function} to be provided a {@code UriBuilder} representation
-		 * of the OAuth 2.0 Authorization Request allowing for further customizations.
+		 * A {@code Function} to be provided a {@code UriBuilder} representation of the
+		 * OAuth 2.0 Authorization Request allowing for further customizations.
 		 *
 		 * @since 5.3
-		 * @param authorizationRequestUriFunction a {@code Function} to be provided a {@code UriBuilder} representation of the OAuth 2.0 Authorization Request
+		 * @param authorizationRequestUriFunction a {@code Function} to be provided a
+		 * {@code UriBuilder} representation of the OAuth 2.0 Authorization Request
 		 */
 		public Builder authorizationRequestUri(Function<UriBuilder, URI> authorizationRequestUriFunction) {
 			if (authorizationRequestUriFunction != null) {
@@ -419,7 +441,6 @@ public final class OAuth2AuthorizationRequest implements Serializable {
 
 		/**
 		 * Builds a new {@link OAuth2AuthorizationRequest}.
-		 *
 		 * @return a {@link OAuth2AuthorizationRequest}
 		 */
 		public OAuth2AuthorizationRequest build() {
@@ -437,25 +458,21 @@ public final class OAuth2AuthorizationRequest implements Serializable {
 			authorizationRequest.redirectUri = this.redirectUri;
 			authorizationRequest.state = this.state;
 			authorizationRequest.scopes = Collections.unmodifiableSet(
-				CollectionUtils.isEmpty(this.scopes) ?
-					Collections.emptySet() : new LinkedHashSet<>(this.scopes));
+					CollectionUtils.isEmpty(this.scopes) ? Collections.emptySet() : new LinkedHashSet<>(this.scopes));
 			authorizationRequest.additionalParameters = Collections.unmodifiableMap(this.additionalParameters);
 			authorizationRequest.attributes = Collections.unmodifiableMap(this.attributes);
-			authorizationRequest.authorizationRequestUri =
-					StringUtils.hasText(this.authorizationRequestUri) ?
-							this.authorizationRequestUri : this.buildAuthorizationRequestUri();
+			authorizationRequest.authorizationRequestUri = StringUtils.hasText(this.authorizationRequestUri)
+					? this.authorizationRequestUri : this.buildAuthorizationRequestUri();
 
 			return authorizationRequest;
 		}
 
 		private String buildAuthorizationRequestUri() {
-			Map<String, Object> parameters = getParameters();	// Not encoded
+			Map<String, Object> parameters = getParameters(); // Not encoded
 			this.parametersConsumer.accept(parameters);
 			MultiValueMap<String, String> queryParams = new LinkedMultiValueMap<>();
-			parameters.forEach((k, v) -> queryParams.set(
-					encodeQueryParam(k), encodeQueryParam(String.valueOf(v))));		// Encoded
-			UriBuilder uriBuilder = this.uriBuilderFactory.uriString(this.authorizationUri)
-					.queryParams(queryParams);
+			parameters.forEach((k, v) -> queryParams.set(encodeQueryParam(k), encodeQueryParam(String.valueOf(v)))); // Encoded
+			UriBuilder uriBuilder = this.uriBuilderFactory.uriString(this.authorizationUri).queryParams(queryParams);
 			return this.authorizationRequestUriFunction.apply(uriBuilder).toString();
 		}
 
@@ -464,8 +481,7 @@ public final class OAuth2AuthorizationRequest implements Serializable {
 			parameters.put(OAuth2ParameterNames.RESPONSE_TYPE, this.responseType.getValue());
 			parameters.put(OAuth2ParameterNames.CLIENT_ID, this.clientId);
 			if (!CollectionUtils.isEmpty(this.scopes)) {
-				parameters.put(OAuth2ParameterNames.SCOPE,
-						StringUtils.collectionToDelimitedString(this.scopes, " "));
+				parameters.put(OAuth2ParameterNames.SCOPE, StringUtils.collectionToDelimitedString(this.scopes, " "));
 			}
 			if (this.state != null) {
 				parameters.put(OAuth2ParameterNames.STATE, this.state);
@@ -481,5 +497,7 @@ public final class OAuth2AuthorizationRequest implements Serializable {
 		private static String encodeQueryParam(String value) {
 			return UriUtils.encodeQueryParam(value, StandardCharsets.UTF_8);
 		}
+
 	}
+
 }
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationResponse.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationResponse.java
index 1e34de0ac4..a43785e4b2 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationResponse.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationResponse.java
@@ -20,17 +20,24 @@ import org.springframework.util.Assert;
 import org.springframework.util.StringUtils;
 
 /**
- * A representation of an OAuth 2.0 Authorization Response for the authorization code grant type.
+ * A representation of an OAuth 2.0 Authorization Response for the authorization code
+ * grant type.
  *
  * @author Joe Grandja
  * @since 5.0
  * @see OAuth2Error
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1.2">Section 4.1.2 Authorization Response</a>
+ * @see <a target="_blank" href=
+ * "https://tools.ietf.org/html/rfc6749#section-4.1.2">Section 4.1.2 Authorization
+ * Response</a>
  */
 public final class OAuth2AuthorizationResponse {
+
 	private String redirectUri;
+
 	private String state;
+
 	private String code;
+
 	private OAuth2Error error;
 
 	private OAuth2AuthorizationResponse() {
@@ -38,7 +45,6 @@ public final class OAuth2AuthorizationResponse {
 
 	/**
 	 * Returns the uri where the response was redirected to.
-	 *
 	 * @return the uri where the response was redirected to
 	 */
 	public String getRedirectUri() {
@@ -47,7 +53,6 @@ public final class OAuth2AuthorizationResponse {
 
 	/**
 	 * Returns the state.
-	 *
 	 * @return the state
 	 */
 	public String getState() {
@@ -56,7 +61,6 @@ public final class OAuth2AuthorizationResponse {
 
 	/**
 	 * Returns the authorization code.
-	 *
 	 * @return the authorization code
 	 */
 	public String getCode() {
@@ -64,18 +68,20 @@ public final class OAuth2AuthorizationResponse {
 	}
 
 	/**
-	 * Returns the {@link OAuth2Error OAuth 2.0 Error} if the Authorization Request failed, otherwise {@code null}.
-	 *
-	 * @return the {@link OAuth2Error} if the Authorization Request failed, otherwise {@code null}
+	 * Returns the {@link OAuth2Error OAuth 2.0 Error} if the Authorization Request
+	 * failed, otherwise {@code null}.
+	 * @return the {@link OAuth2Error} if the Authorization Request failed, otherwise
+	 * {@code null}
 	 */
 	public OAuth2Error getError() {
 		return this.error;
 	}
 
 	/**
-	 * Returns {@code true} if the Authorization Request succeeded, otherwise {@code false}.
-	 *
-	 * @return {@code true} if the Authorization Request succeeded, otherwise {@code false}
+	 * Returns {@code true} if the Authorization Request succeeded, otherwise
+	 * {@code false}.
+	 * @return {@code true} if the Authorization Request succeeded, otherwise
+	 * {@code false}
 	 */
 	public boolean statusOk() {
 		return !this.statusError();
@@ -83,7 +89,6 @@ public final class OAuth2AuthorizationResponse {
 
 	/**
 	 * Returns {@code true} if the Authorization Request failed, otherwise {@code false}.
-	 *
 	 * @return {@code true} if the Authorization Request failed, otherwise {@code false}
 	 */
 	public boolean statusError() {
@@ -92,7 +97,6 @@ public final class OAuth2AuthorizationResponse {
 
 	/**
 	 * Returns a new {@link Builder}, initialized with the authorization code.
-	 *
 	 * @param code the authorization code
 	 * @return the {@link Builder}
 	 */
@@ -103,7 +107,6 @@ public final class OAuth2AuthorizationResponse {
 
 	/**
 	 * Returns a new {@link Builder}, initialized with the error code.
-	 *
 	 * @param errorCode the error code
 	 * @return the {@link Builder}
 	 */
@@ -116,11 +119,17 @@ public final class OAuth2AuthorizationResponse {
 	 * A builder for {@link OAuth2AuthorizationResponse}.
 	 */
 	public static class Builder {
+
 		private String redirectUri;
+
 		private String state;
+
 		private String code;
+
 		private String errorCode;
+
 		private String errorDescription;
+
 		private String errorUri;
 
 		private Builder() {
@@ -128,7 +137,6 @@ public final class OAuth2AuthorizationResponse {
 
 		/**
 		 * Sets the uri where the response was redirected to.
-		 *
 		 * @param redirectUri the uri where the response was redirected to
 		 * @return the {@link Builder}
 		 */
@@ -139,7 +147,6 @@ public final class OAuth2AuthorizationResponse {
 
 		/**
 		 * Sets the state.
-		 *
 		 * @param state the state
 		 * @return the {@link Builder}
 		 */
@@ -150,7 +157,6 @@ public final class OAuth2AuthorizationResponse {
 
 		/**
 		 * Sets the authorization code.
-		 *
 		 * @param code the authorization code
 		 * @return the {@link Builder}
 		 */
@@ -161,7 +167,6 @@ public final class OAuth2AuthorizationResponse {
 
 		/**
 		 * Sets the error code.
-		 *
 		 * @param errorCode the error code
 		 * @return the {@link Builder}
 		 */
@@ -172,7 +177,6 @@ public final class OAuth2AuthorizationResponse {
 
 		/**
 		 * Sets the error description.
-		 *
 		 * @param errorDescription the error description
 		 * @return the {@link Builder}
 		 */
@@ -183,7 +187,6 @@ public final class OAuth2AuthorizationResponse {
 
 		/**
 		 * Sets the error uri.
-		 *
 		 * @param errorUri the error uri
 		 * @return the {@link Builder}
 		 */
@@ -194,7 +197,6 @@ public final class OAuth2AuthorizationResponse {
 
 		/**
 		 * Builds a new {@link OAuth2AuthorizationResponse}.
-		 *
 		 * @return a {@link OAuth2AuthorizationResponse}
 		 */
 		public OAuth2AuthorizationResponse build() {
@@ -208,11 +210,13 @@ public final class OAuth2AuthorizationResponse {
 			authorizationResponse.state = this.state;
 			if (StringUtils.hasText(this.code)) {
 				authorizationResponse.code = this.code;
-			} else {
-				authorizationResponse.error = new OAuth2Error(
-					this.errorCode, this.errorDescription, this.errorUri);
+			}
+			else {
+				authorizationResponse.error = new OAuth2Error(this.errorCode, this.errorDescription, this.errorUri);
 			}
 			return authorizationResponse;
 		}
+
 	}
+
 }
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationResponseType.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationResponseType.java
index ffcdb4329c..70d6b0976e 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationResponseType.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationResponseType.java
@@ -21,22 +21,29 @@ import org.springframework.util.Assert;
 import java.io.Serializable;
 
 /**
- * The {@code response_type} parameter is consumed by the authorization endpoint which
- * is used by the authorization code grant type and implicit grant type.
- * The client sets the {@code response_type} parameter with the desired grant type before initiating the authorization request.
+ * The {@code response_type} parameter is consumed by the authorization endpoint which is
+ * used by the authorization code grant type and implicit grant type. The client sets the
+ * {@code response_type} parameter with the desired grant type before initiating the
+ * authorization request.
  *
  * <p>
- * The {@code response_type} parameter value may be one of &quot;code&quot; for requesting an authorization code or
- * &quot;token&quot; for requesting an access token (implicit grant).
-
+ * The {@code response_type} parameter value may be one of &quot;code&quot; for requesting
+ * an authorization code or &quot;token&quot; for requesting an access token (implicit
+ * grant).
+ *
  * @author Joe Grandja
  * @since 5.0
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-3.1.1">Section 3.1.1 Response Type</a>
+ * @see <a target="_blank" href=
+ * "https://tools.ietf.org/html/rfc6749#section-3.1.1">Section 3.1.1 Response Type</a>
  */
 public final class OAuth2AuthorizationResponseType implements Serializable {
+
 	private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
+
 	public static final OAuth2AuthorizationResponseType CODE = new OAuth2AuthorizationResponseType("code");
+
 	public static final OAuth2AuthorizationResponseType TOKEN = new OAuth2AuthorizationResponseType("token");
+
 	private final String value;
 
 	private OAuth2AuthorizationResponseType(String value) {
@@ -46,7 +53,6 @@ public final class OAuth2AuthorizationResponseType implements Serializable {
 
 	/**
 	 * Returns the value of the authorization response type.
-	 *
 	 * @return the value of the authorization response type
 	 */
 	public String getValue() {
@@ -69,4 +75,5 @@ public final class OAuth2AuthorizationResponseType implements Serializable {
 	public int hashCode() {
 		return this.getValue().hashCode();
 	}
+
 }
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2ParameterNames.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2ParameterNames.java
index 3bb5b2e910..52125853e2 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2ParameterNames.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2ParameterNames.java
@@ -16,12 +16,13 @@
 package org.springframework.security.oauth2.core.endpoint;
 
 /**
- * Standard and custom (non-standard) parameter names defined in the OAuth Parameters Registry
- * and used by the authorization endpoint and token endpoint.
+ * Standard and custom (non-standard) parameter names defined in the OAuth Parameters
+ * Registry and used by the authorization endpoint and token endpoint.
  *
  * @author Joe Grandja
  * @since 5.0
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-11.2">11.2 OAuth Parameters Registry</a>
+ * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-11.2">11.2
+ * OAuth Parameters Registry</a>
  */
 public interface OAuth2ParameterNames {
 
@@ -51,7 +52,8 @@ public interface OAuth2ParameterNames {
 	String REDIRECT_URI = "redirect_uri";
 
 	/**
-	 * {@code scope} - used in Authorization Request, Authorization Response, Access Token Request and Access Token Response.
+	 * {@code scope} - used in Authorization Request, Authorization Response, Access Token
+	 * Request and Access Token Response.
 	 */
 	String SCOPE = "scope";
 
@@ -101,7 +103,8 @@ public interface OAuth2ParameterNames {
 	String ERROR = "error";
 
 	/**
-	 * {@code error_description} - used in Authorization Response and Access Token Response.
+	 * {@code error_description} - used in Authorization Response and Access Token
+	 * Response.
 	 */
 	String ERROR_DESCRIPTION = "error_description";
 
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/PkceParameterNames.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/PkceParameterNames.java
index d258a55874..1d66dc5756 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/PkceParameterNames.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/PkceParameterNames.java
@@ -16,13 +16,14 @@
 package org.springframework.security.oauth2.core.endpoint;
 
 /**
- * Standard parameter names defined in the OAuth Parameters Registry
- * and used by the authorization endpoint and token endpoint.
+ * Standard parameter names defined in the OAuth Parameters Registry and used by the
+ * authorization endpoint and token endpoint.
  *
  * @author Stephen Doxsee
  * @author Kevin Bolduc
  * @since 5.2
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc7636#section-6.1">6.1 OAuth Parameters Registry</a>
+ * @see <a target="_blank" href="https://tools.ietf.org/html/rfc7636#section-6.1">6.1
+ * OAuth Parameters Registry</a>
  */
 public interface PkceParameterNames {
 
@@ -40,4 +41,5 @@ public interface PkceParameterNames {
 	 * {@code code_verifier} - used in Token Request.
 	 */
 	String CODE_VERIFIER = "code_verifier";
+
 }
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/package-info.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/package-info.java
index 6c214c76ff..29564190f2 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/package-info.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/package-info.java
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 /**
- * Support classes that model the OAuth 2.0 Request and Response messages
- * from the Authorization Endpoint and Token Endpoint.
+ * Support classes that model the OAuth 2.0 Request and Response messages from the
+ * Authorization Endpoint and Token Endpoint.
  */
 package org.springframework.security.oauth2.core.endpoint;
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/http/converter/HttpMessageConverters.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/http/converter/HttpMessageConverters.java
index 799599a125..4a1e104c5f 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/http/converter/HttpMessageConverters.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/http/converter/HttpMessageConverters.java
@@ -29,14 +29,17 @@ import org.springframework.util.ClassUtils;
  * @since 5.1
  */
 final class HttpMessageConverters {
+
 	private static final boolean jackson2Present;
+
 	private static final boolean gsonPresent;
+
 	private static final boolean jsonbPresent;
 
 	static {
 		ClassLoader classLoader = HttpMessageConverters.class.getClassLoader();
-		jackson2Present = ClassUtils.isPresent("com.fasterxml.jackson.databind.ObjectMapper", classLoader) &&
-				ClassUtils.isPresent("com.fasterxml.jackson.core.JsonGenerator", classLoader);
+		jackson2Present = ClassUtils.isPresent("com.fasterxml.jackson.databind.ObjectMapper", classLoader)
+				&& ClassUtils.isPresent("com.fasterxml.jackson.core.JsonGenerator", classLoader);
 		gsonPresent = ClassUtils.isPresent("com.google.gson.Gson", classLoader);
 		jsonbPresent = ClassUtils.isPresent("javax.json.bind.Jsonb", classLoader);
 	}
@@ -44,11 +47,14 @@ final class HttpMessageConverters {
 	static GenericHttpMessageConverter<Object> getJsonMessageConverter() {
 		if (jackson2Present) {
 			return new MappingJackson2HttpMessageConverter();
-		} else if (gsonPresent) {
+		}
+		else if (gsonPresent) {
 			return new GsonHttpMessageConverter();
-		} else if (jsonbPresent) {
+		}
+		else if (jsonbPresent) {
 			return new JsonbHttpMessageConverter();
 		}
 		return null;
 	}
+
 }
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/http/converter/OAuth2AccessTokenResponseHttpMessageConverter.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/http/converter/OAuth2AccessTokenResponseHttpMessageConverter.java
index 71e79119ee..020cc32874 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/http/converter/OAuth2AccessTokenResponseHttpMessageConverter.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/http/converter/OAuth2AccessTokenResponseHttpMessageConverter.java
@@ -36,26 +36,27 @@ import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenRespon
 import org.springframework.util.Assert;
 
 /**
- * A {@link HttpMessageConverter} for an {@link OAuth2AccessTokenResponse OAuth 2.0 Access Token Response}.
+ * A {@link HttpMessageConverter} for an {@link OAuth2AccessTokenResponse OAuth 2.0 Access
+ * Token Response}.
  *
  * @see AbstractHttpMessageConverter
  * @see OAuth2AccessTokenResponse
  * @author Joe Grandja
  * @since 5.1
  */
-public class OAuth2AccessTokenResponseHttpMessageConverter extends AbstractHttpMessageConverter<OAuth2AccessTokenResponse> {
+public class OAuth2AccessTokenResponseHttpMessageConverter
+		extends AbstractHttpMessageConverter<OAuth2AccessTokenResponse> {
+
 	private static final Charset DEFAULT_CHARSET = StandardCharsets.UTF_8;
 
-	private static final ParameterizedTypeReference<Map<String, Object>> PARAMETERIZED_RESPONSE_TYPE =
-			new ParameterizedTypeReference<Map<String, Object>>() {};
+	private static final ParameterizedTypeReference<Map<String, Object>> PARAMETERIZED_RESPONSE_TYPE = new ParameterizedTypeReference<Map<String, Object>>() {
+	};
 
 	private GenericHttpMessageConverter<Object> jsonMessageConverter = HttpMessageConverters.getJsonMessageConverter();
 
-	protected Converter<Map<String, String>, OAuth2AccessTokenResponse> tokenResponseConverter =
-			new MapOAuth2AccessTokenResponseConverter();
+	protected Converter<Map<String, String>, OAuth2AccessTokenResponse> tokenResponseConverter = new MapOAuth2AccessTokenResponseConverter();
 
-	protected Converter<OAuth2AccessTokenResponse, Map<String, String>> tokenResponseParametersConverter =
-			new OAuth2AccessTokenResponseMapConverter();
+	protected Converter<OAuth2AccessTokenResponse, Map<String, String>> tokenResponseParametersConverter = new OAuth2AccessTokenResponseMapConverter();
 
 	public OAuth2AccessTokenResponseHttpMessageConverter() {
 		super(DEFAULT_CHARSET, MediaType.APPLICATION_JSON, new MediaType("application", "*+json"));
@@ -67,23 +68,23 @@ public class OAuth2AccessTokenResponseHttpMessageConverter extends AbstractHttpM
 	}
 
 	@Override
-	protected OAuth2AccessTokenResponse readInternal(Class<? extends OAuth2AccessTokenResponse> clazz, HttpInputMessage inputMessage)
-			throws HttpMessageNotReadableException {
+	protected OAuth2AccessTokenResponse readInternal(Class<? extends OAuth2AccessTokenResponse> clazz,
+			HttpInputMessage inputMessage) throws HttpMessageNotReadableException {
 
 		try {
 			// gh-6463
-			// Parse parameter values as Object in order to handle potential JSON Object and then convert values to String
+			// Parse parameter values as Object in order to handle potential JSON Object
+			// and then convert values to String
 			@SuppressWarnings("unchecked")
-			Map<String, Object> tokenResponseParameters = (Map<String, Object>) this.jsonMessageConverter.read(
-					PARAMETERIZED_RESPONSE_TYPE.getType(), null, inputMessage);
-			return this.tokenResponseConverter.convert(
-					tokenResponseParameters.entrySet().stream()
-							.collect(Collectors.toMap(
-									Map.Entry::getKey,
-									entry -> String.valueOf(entry.getValue()))));
-		} catch (Exception ex) {
-			throw new HttpMessageNotReadableException("An error occurred reading the OAuth 2.0 Access Token Response: " +
-					ex.getMessage(), ex, inputMessage);
+			Map<String, Object> tokenResponseParameters = (Map<String, Object>) this.jsonMessageConverter
+					.read(PARAMETERIZED_RESPONSE_TYPE.getType(), null, inputMessage);
+			return this.tokenResponseConverter.convert(tokenResponseParameters.entrySet().stream()
+					.collect(Collectors.toMap(Map.Entry::getKey, entry -> String.valueOf(entry.getValue()))));
+		}
+		catch (Exception ex) {
+			throw new HttpMessageNotReadableException(
+					"An error occurred reading the OAuth 2.0 Access Token Response: " + ex.getMessage(), ex,
+					inputMessage);
 		}
 	}
 
@@ -93,31 +94,36 @@ public class OAuth2AccessTokenResponseHttpMessageConverter extends AbstractHttpM
 
 		try {
 			Map<String, String> tokenResponseParameters = this.tokenResponseParametersConverter.convert(tokenResponse);
-			this.jsonMessageConverter.write(
-					tokenResponseParameters, PARAMETERIZED_RESPONSE_TYPE.getType(), MediaType.APPLICATION_JSON, outputMessage);
-		} catch (Exception ex) {
-			throw new HttpMessageNotWritableException("An error occurred writing the OAuth 2.0 Access Token Response: " + ex.getMessage(), ex);
+			this.jsonMessageConverter.write(tokenResponseParameters, PARAMETERIZED_RESPONSE_TYPE.getType(),
+					MediaType.APPLICATION_JSON, outputMessage);
+		}
+		catch (Exception ex) {
+			throw new HttpMessageNotWritableException(
+					"An error occurred writing the OAuth 2.0 Access Token Response: " + ex.getMessage(), ex);
 		}
 	}
 
 	/**
-	 * Sets the {@link Converter} used for converting the OAuth 2.0 Access Token Response parameters
-	 * to an {@link OAuth2AccessTokenResponse}.
-	 *
-	 * @param tokenResponseConverter the {@link Converter} used for converting to an {@link OAuth2AccessTokenResponse}
+	 * Sets the {@link Converter} used for converting the OAuth 2.0 Access Token Response
+	 * parameters to an {@link OAuth2AccessTokenResponse}.
+	 * @param tokenResponseConverter the {@link Converter} used for converting to an
+	 * {@link OAuth2AccessTokenResponse}
 	 */
-	public final void setTokenResponseConverter(Converter<Map<String, String>, OAuth2AccessTokenResponse> tokenResponseConverter) {
+	public final void setTokenResponseConverter(
+			Converter<Map<String, String>, OAuth2AccessTokenResponse> tokenResponseConverter) {
 		Assert.notNull(tokenResponseConverter, "tokenResponseConverter cannot be null");
 		this.tokenResponseConverter = tokenResponseConverter;
 	}
 
 	/**
-	 * Sets the {@link Converter} used for converting the {@link OAuth2AccessTokenResponse}
-	 * to a {@code Map} representation of the OAuth 2.0 Access Token Response parameters.
-	 *
-	 * @param tokenResponseParametersConverter the {@link Converter} used for converting to a {@code Map} representation of the Access Token Response parameters
+	 * Sets the {@link Converter} used for converting the
+	 * {@link OAuth2AccessTokenResponse} to a {@code Map} representation of the OAuth 2.0
+	 * Access Token Response parameters.
+	 * @param tokenResponseParametersConverter the {@link Converter} used for converting
+	 * to a {@code Map} representation of the Access Token Response parameters
 	 */
-	public final void setTokenResponseParametersConverter(Converter<OAuth2AccessTokenResponse, Map<String, String>> tokenResponseParametersConverter) {
+	public final void setTokenResponseParametersConverter(
+			Converter<OAuth2AccessTokenResponse, Map<String, String>> tokenResponseParametersConverter) {
 		Assert.notNull(tokenResponseParametersConverter, "tokenResponseParametersConverter cannot be null");
 		this.tokenResponseParametersConverter = tokenResponseParametersConverter;
 	}
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/http/converter/OAuth2ErrorHttpMessageConverter.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/http/converter/OAuth2ErrorHttpMessageConverter.java
index a9901c97d9..52082de420 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/http/converter/OAuth2ErrorHttpMessageConverter.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/http/converter/OAuth2ErrorHttpMessageConverter.java
@@ -45,10 +45,11 @@ import java.util.stream.Collectors;
  * @since 5.1
  */
 public class OAuth2ErrorHttpMessageConverter extends AbstractHttpMessageConverter<OAuth2Error> {
+
 	private static final Charset DEFAULT_CHARSET = StandardCharsets.UTF_8;
 
-	private static final ParameterizedTypeReference<Map<String, Object>> PARAMETERIZED_RESPONSE_TYPE =
-			new ParameterizedTypeReference<Map<String, Object>>() {};
+	private static final ParameterizedTypeReference<Map<String, Object>> PARAMETERIZED_RESPONSE_TYPE = new ParameterizedTypeReference<Map<String, Object>>() {
+	};
 
 	private GenericHttpMessageConverter<Object> jsonMessageConverter = HttpMessageConverters.getJsonMessageConverter();
 
@@ -71,18 +72,17 @@ public class OAuth2ErrorHttpMessageConverter extends AbstractHttpMessageConverte
 
 		try {
 			// gh-8157
-			// Parse parameter values as Object in order to handle potential JSON Object and then convert values to String
+			// Parse parameter values as Object in order to handle potential JSON Object
+			// and then convert values to String
 			@SuppressWarnings("unchecked")
-			Map<String, Object> errorParameters = (Map<String, Object>) this.jsonMessageConverter.read(
-					PARAMETERIZED_RESPONSE_TYPE.getType(), null, inputMessage);
-			return this.errorConverter.convert(
-					errorParameters.entrySet().stream()
-							.collect(Collectors.toMap(
-									Map.Entry::getKey,
-									entry -> String.valueOf(entry.getValue()))));
-		} catch (Exception ex) {
-			throw new HttpMessageNotReadableException("An error occurred reading the OAuth 2.0 Error: " +
-					ex.getMessage(), ex, inputMessage);
+			Map<String, Object> errorParameters = (Map<String, Object>) this.jsonMessageConverter
+					.read(PARAMETERIZED_RESPONSE_TYPE.getType(), null, inputMessage);
+			return this.errorConverter.convert(errorParameters.entrySet().stream()
+					.collect(Collectors.toMap(Map.Entry::getKey, entry -> String.valueOf(entry.getValue()))));
+		}
+		catch (Exception ex) {
+			throw new HttpMessageNotReadableException(
+					"An error occurred reading the OAuth 2.0 Error: " + ex.getMessage(), ex, inputMessage);
 		}
 	}
 
@@ -92,18 +92,20 @@ public class OAuth2ErrorHttpMessageConverter extends AbstractHttpMessageConverte
 
 		try {
 			Map<String, String> errorParameters = this.errorParametersConverter.convert(oauth2Error);
-			this.jsonMessageConverter.write(
-					errorParameters, PARAMETERIZED_RESPONSE_TYPE.getType(), MediaType.APPLICATION_JSON, outputMessage);
-		} catch (Exception ex) {
-			throw new HttpMessageNotWritableException("An error occurred writing the OAuth 2.0 Error: " + ex.getMessage(), ex);
+			this.jsonMessageConverter.write(errorParameters, PARAMETERIZED_RESPONSE_TYPE.getType(),
+					MediaType.APPLICATION_JSON, outputMessage);
+		}
+		catch (Exception ex) {
+			throw new HttpMessageNotWritableException(
+					"An error occurred writing the OAuth 2.0 Error: " + ex.getMessage(), ex);
 		}
 	}
 
 	/**
-	 * Sets the {@link Converter} used for converting the OAuth 2.0 Error parameters
-	 * to an {@link OAuth2Error}.
-	 *
-	 * @param errorConverter the {@link Converter} used for converting to an {@link OAuth2Error}
+	 * Sets the {@link Converter} used for converting the OAuth 2.0 Error parameters to an
+	 * {@link OAuth2Error}.
+	 * @param errorConverter the {@link Converter} used for converting to an
+	 * {@link OAuth2Error}
 	 */
 	public final void setErrorConverter(Converter<Map<String, String>, OAuth2Error> errorConverter) {
 		Assert.notNull(errorConverter, "errorConverter cannot be null");
@@ -111,19 +113,20 @@ public class OAuth2ErrorHttpMessageConverter extends AbstractHttpMessageConverte
 	}
 
 	/**
-	 * Sets the {@link Converter} used for converting the {@link OAuth2Error}
-	 * to a {@code Map} representation of the OAuth 2.0 Error parameters.
-	 *
-	 * @param errorParametersConverter the {@link Converter} used for converting to a {@code Map} representation of the Error parameters
+	 * Sets the {@link Converter} used for converting the {@link OAuth2Error} to a
+	 * {@code Map} representation of the OAuth 2.0 Error parameters.
+	 * @param errorParametersConverter the {@link Converter} used for converting to a
+	 * {@code Map} representation of the Error parameters
 	 */
-	public final void setErrorParametersConverter(Converter<OAuth2Error, Map<String, String>> errorParametersConverter) {
+	public final void setErrorParametersConverter(
+			Converter<OAuth2Error, Map<String, String>> errorParametersConverter) {
 		Assert.notNull(errorParametersConverter, "errorParametersConverter cannot be null");
 		this.errorParametersConverter = errorParametersConverter;
 	}
 
 	/**
-	 * A {@link Converter} that converts the provided
-	 * OAuth 2.0 Error parameters to an {@link OAuth2Error}.
+	 * A {@link Converter} that converts the provided OAuth 2.0 Error parameters to an
+	 * {@link OAuth2Error}.
 	 */
 	private static class OAuth2ErrorConverter implements Converter<Map<String, String>, OAuth2Error> {
 
@@ -135,11 +138,12 @@ public class OAuth2ErrorHttpMessageConverter extends AbstractHttpMessageConverte
 
 			return new OAuth2Error(errorCode, errorDescription, errorUri);
 		}
+
 	}
 
 	/**
-	 * A {@link Converter} that converts the provided {@link OAuth2Error}
-	 * to a {@code Map} representation of OAuth 2.0 Error parameters.
+	 * A {@link Converter} that converts the provided {@link OAuth2Error} to a {@code Map}
+	 * representation of OAuth 2.0 Error parameters.
 	 */
 	private static class OAuth2ErrorParametersConverter implements Converter<OAuth2Error, Map<String, String>> {
 
@@ -157,5 +161,7 @@ public class OAuth2ErrorHttpMessageConverter extends AbstractHttpMessageConverte
 
 			return parameters;
 		}
+
 	}
+
 }
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/AddressStandardClaim.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/AddressStandardClaim.java
index 47037a3127..53de6bb22e 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/AddressStandardClaim.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/AddressStandardClaim.java
@@ -16,55 +16,55 @@
 package org.springframework.security.oauth2.core.oidc;
 
 /**
- * The Address Claim represents a physical mailing address defined by the OpenID Connect Core 1.0 specification
- * that can be returned either in the UserInfo Response or the ID Token.
+ * The Address Claim represents a physical mailing address defined by the OpenID Connect
+ * Core 1.0 specification that can be returned either in the UserInfo Response or the ID
+ * Token.
  *
  * @author Joe Grandja
  * @since 5.0
- * @see <a target="_blank" href="https://openid.net/specs/openid-connect-core-1_0.html#AddressClaim">Address Claim</a>
- * @see <a target="_blank" href="https://openid.net/specs/openid-connect-core-1_0.html#UserInfoResponse">UserInfo Response</a>
- * @see <a target="_blank" href="https://openid.net/specs/openid-connect-core-1_0.html#IDToken">ID Token</a>
+ * @see <a target="_blank" href=
+ * "https://openid.net/specs/openid-connect-core-1_0.html#AddressClaim">Address Claim</a>
+ * @see <a target="_blank" href=
+ * "https://openid.net/specs/openid-connect-core-1_0.html#UserInfoResponse">UserInfo
+ * Response</a>
+ * @see <a target="_blank" href=
+ * "https://openid.net/specs/openid-connect-core-1_0.html#IDToken">ID Token</a>
  */
 public interface AddressStandardClaim {
 
 	/**
 	 * Returns the full mailing address, formatted for display.
-	 *
 	 * @return the full mailing address
 	 */
 	String getFormatted();
 
 	/**
-	 * Returns the full street address, which may include house number, street name, P.O. Box, etc.
-	 *
+	 * Returns the full street address, which may include house number, street name, P.O.
+	 * Box, etc.
 	 * @return the full street address
 	 */
 	String getStreetAddress();
 
 	/**
 	 * Returns the city or locality.
-	 *
 	 * @return the city or locality
 	 */
 	String getLocality();
 
 	/**
 	 * Returns the state, province, prefecture, or region.
-	 *
 	 * @return the state, province, prefecture, or region
 	 */
 	String getRegion();
 
 	/**
 	 * Returns the zip code or postal code.
-	 *
 	 * @return the zip code or postal code
 	 */
 	String getPostalCode();
 
 	/**
 	 * Returns the country.
-	 *
 	 * @return the country
 	 */
 	String getCountry();
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/DefaultAddressStandardClaim.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/DefaultAddressStandardClaim.java
index 48e2fc8eb5..62b68f3f49 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/DefaultAddressStandardClaim.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/DefaultAddressStandardClaim.java
@@ -25,11 +25,17 @@ import java.util.Map;
  * @see AddressStandardClaim
  */
 public final class DefaultAddressStandardClaim implements AddressStandardClaim {
+
 	private String formatted;
+
 	private String streetAddress;
+
 	private String locality;
+
 	private String region;
+
 	private String postalCode;
+
 	private String country;
 
 	private DefaultAddressStandardClaim() {
@@ -76,10 +82,12 @@ public final class DefaultAddressStandardClaim implements AddressStandardClaim {
 
 		AddressStandardClaim that = (AddressStandardClaim) obj;
 
-		if (this.getFormatted() != null ? !this.getFormatted().equals(that.getFormatted()) : that.getFormatted() != null) {
+		if (this.getFormatted() != null ? !this.getFormatted().equals(that.getFormatted())
+				: that.getFormatted() != null) {
 			return false;
 		}
-		if (this.getStreetAddress() != null ? !this.getStreetAddress().equals(that.getStreetAddress()) : that.getStreetAddress() != null) {
+		if (this.getStreetAddress() != null ? !this.getStreetAddress().equals(that.getStreetAddress())
+				: that.getStreetAddress() != null) {
 			return false;
 		}
 		if (this.getLocality() != null ? !this.getLocality().equals(that.getLocality()) : that.getLocality() != null) {
@@ -88,7 +96,8 @@ public final class DefaultAddressStandardClaim implements AddressStandardClaim {
 		if (this.getRegion() != null ? !this.getRegion().equals(that.getRegion()) : that.getRegion() != null) {
 			return false;
 		}
-		if (this.getPostalCode() != null ? !this.getPostalCode().equals(that.getPostalCode()) : that.getPostalCode() != null) {
+		if (this.getPostalCode() != null ? !this.getPostalCode().equals(that.getPostalCode())
+				: that.getPostalCode() != null) {
 			return false;
 		}
 		return this.getCountry() != null ? this.getCountry().equals(that.getCountry()) : that.getCountry() == null;
@@ -109,17 +118,29 @@ public final class DefaultAddressStandardClaim implements AddressStandardClaim {
 	 * A builder for {@link DefaultAddressStandardClaim}.
 	 */
 	public static class Builder {
+
 		private static final String FORMATTED_FIELD_NAME = "formatted";
+
 		private static final String STREET_ADDRESS_FIELD_NAME = "street_address";
+
 		private static final String LOCALITY_FIELD_NAME = "locality";
+
 		private static final String REGION_FIELD_NAME = "region";
+
 		private static final String POSTAL_CODE_FIELD_NAME = "postal_code";
+
 		private static final String COUNTRY_FIELD_NAME = "country";
+
 		private String formatted;
+
 		private String streetAddress;
+
 		private String locality;
+
 		private String region;
+
 		private String postalCode;
+
 		private String country;
 
 		/**
@@ -129,8 +150,8 @@ public final class DefaultAddressStandardClaim implements AddressStandardClaim {
 		}
 
 		/**
-		 * Constructs and initializes the address attributes using the provided {@code addressFields}.
-		 *
+		 * Constructs and initializes the address attributes using the provided
+		 * {@code addressFields}.
 		 * @param addressFields the fields used to initialize the address attributes
 		 */
 		public Builder(Map<String, Object> addressFields) {
@@ -144,7 +165,6 @@ public final class DefaultAddressStandardClaim implements AddressStandardClaim {
 
 		/**
 		 * Sets the full mailing address, formatted for display.
-		 *
 		 * @param formatted the full mailing address
 		 * @return the {@link Builder}
 		 */
@@ -154,8 +174,8 @@ public final class DefaultAddressStandardClaim implements AddressStandardClaim {
 		}
 
 		/**
-		 * Sets the full street address, which may include house number, street name, P.O. Box, etc.
-		 *
+		 * Sets the full street address, which may include house number, street name, P.O.
+		 * Box, etc.
 		 * @param streetAddress the full street address
 		 * @return the {@link Builder}
 		 */
@@ -166,7 +186,6 @@ public final class DefaultAddressStandardClaim implements AddressStandardClaim {
 
 		/**
 		 * Sets the city or locality.
-		 *
 		 * @param locality the city or locality
 		 * @return the {@link Builder}
 		 */
@@ -177,7 +196,6 @@ public final class DefaultAddressStandardClaim implements AddressStandardClaim {
 
 		/**
 		 * Sets the state, province, prefecture, or region.
-		 *
 		 * @param region the state, province, prefecture, or region
 		 * @return the {@link Builder}
 		 */
@@ -188,7 +206,6 @@ public final class DefaultAddressStandardClaim implements AddressStandardClaim {
 
 		/**
 		 * Sets the zip code or postal code.
-		 *
 		 * @param postalCode the zip code or postal code
 		 * @return the {@link Builder}
 		 */
@@ -199,7 +216,6 @@ public final class DefaultAddressStandardClaim implements AddressStandardClaim {
 
 		/**
 		 * Sets the country.
-		 *
 		 * @param country the country
 		 * @return the {@link Builder}
 		 */
@@ -210,7 +226,6 @@ public final class DefaultAddressStandardClaim implements AddressStandardClaim {
 
 		/**
 		 * Builds a new {@link DefaultAddressStandardClaim}.
-		 *
 		 * @return a {@link AddressStandardClaim}
 		 */
 		public AddressStandardClaim build() {
@@ -224,5 +239,7 @@ public final class DefaultAddressStandardClaim implements AddressStandardClaim {
 
 			return address;
 		}
+
 	}
+
 }
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/IdTokenClaimAccessor.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/IdTokenClaimAccessor.java
index 0170f933ec..beb6107052 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/IdTokenClaimAccessor.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/IdTokenClaimAccessor.java
@@ -22,16 +22,20 @@ import java.time.Instant;
 import java.util.List;
 
 /**
- * A {@link ClaimAccessor} for the &quot;claims&quot; that can be returned in the ID Token,
- * which provides information about the authentication of an End-User by an Authorization Server.
+ * A {@link ClaimAccessor} for the &quot;claims&quot; that can be returned in the ID
+ * Token, which provides information about the authentication of an End-User by an
+ * Authorization Server.
  *
  * @see ClaimAccessor
  * @see StandardClaimAccessor
  * @see StandardClaimNames
  * @see IdTokenClaimNames
  * @see OidcIdToken
- * @see <a target="_blank" href="https://openid.net/specs/openid-connect-core-1_0.html#IDToken">ID Token</a>
- * @see <a target="_blank" href="https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims">Standard Claims</a>
+ * @see <a target="_blank" href=
+ * "https://openid.net/specs/openid-connect-core-1_0.html#IDToken">ID Token</a>
+ * @see <a target="_blank" href=
+ * "https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims">Standard
+ * Claims</a>
  * @author Joe Grandja
  * @since 5.0
  */
@@ -39,7 +43,6 @@ public interface IdTokenClaimAccessor extends StandardClaimAccessor {
 
 	/**
 	 * Returns the Issuer identifier {@code (iss)}.
-	 *
 	 * @return the Issuer identifier
 	 */
 	default URL getIssuer() {
@@ -48,7 +51,6 @@ public interface IdTokenClaimAccessor extends StandardClaimAccessor {
 
 	/**
 	 * Returns the Subject identifier {@code (sub)}.
-	 *
 	 * @return the Subject identifier
 	 */
 	default String getSubject() {
@@ -57,7 +59,6 @@ public interface IdTokenClaimAccessor extends StandardClaimAccessor {
 
 	/**
 	 * Returns the Audience(s) {@code (aud)} that this ID Token is intended for.
-	 *
 	 * @return the Audience(s) that this ID Token is intended for
 	 */
 	default List<String> getAudience() {
@@ -65,8 +66,8 @@ public interface IdTokenClaimAccessor extends StandardClaimAccessor {
 	}
 
 	/**
-	 * Returns the Expiration time {@code (exp)} on or after which the ID Token MUST NOT be accepted.
-	 *
+	 * Returns the Expiration time {@code (exp)} on or after which the ID Token MUST NOT
+	 * be accepted.
 	 * @return the Expiration time on or after which the ID Token MUST NOT be accepted
 	 */
 	default Instant getExpiresAt() {
@@ -75,7 +76,6 @@ public interface IdTokenClaimAccessor extends StandardClaimAccessor {
 
 	/**
 	 * Returns the time at which the ID Token was issued {@code (iat)}.
-	 *
 	 * @return the time at which the ID Token was issued
 	 */
 	default Instant getIssuedAt() {
@@ -84,7 +84,6 @@ public interface IdTokenClaimAccessor extends StandardClaimAccessor {
 
 	/**
 	 * Returns the time when the End-User authentication occurred {@code (auth_time)}.
-	 *
 	 * @return the time when the End-User authentication occurred
 	 */
 	default Instant getAuthenticatedAt() {
@@ -92,9 +91,8 @@ public interface IdTokenClaimAccessor extends StandardClaimAccessor {
 	}
 
 	/**
-	 * Returns a {@code String} value {@code (nonce)} used to associate a Client session with an ID Token,
-	 * and to mitigate replay attacks.
-	 *
+	 * Returns a {@code String} value {@code (nonce)} used to associate a Client session
+	 * with an ID Token, and to mitigate replay attacks.
 	 * @return the nonce used to associate a Client session with an ID Token
 	 */
 	default String getNonce() {
@@ -103,7 +101,6 @@ public interface IdTokenClaimAccessor extends StandardClaimAccessor {
 
 	/**
 	 * Returns the Authentication Context Class Reference {@code (acr)}.
-	 *
 	 * @return the Authentication Context Class Reference
 	 */
 	default String getAuthenticationContextClass() {
@@ -112,7 +109,6 @@ public interface IdTokenClaimAccessor extends StandardClaimAccessor {
 
 	/**
 	 * Returns the Authentication Methods References {@code (amr)}.
-	 *
 	 * @return the Authentication Methods References
 	 */
 	default List<String> getAuthenticationMethods() {
@@ -121,7 +117,6 @@ public interface IdTokenClaimAccessor extends StandardClaimAccessor {
 
 	/**
 	 * Returns the Authorized party {@code (azp)} to which the ID Token was issued.
-	 *
 	 * @return the Authorized party to which the ID Token was issued
 	 */
 	default String getAuthorizedParty() {
@@ -130,7 +125,6 @@ public interface IdTokenClaimAccessor extends StandardClaimAccessor {
 
 	/**
 	 * Returns the Access Token hash value {@code (at_hash)}.
-	 *
 	 * @return the Access Token hash value
 	 */
 	default String getAccessTokenHash() {
@@ -139,10 +133,10 @@ public interface IdTokenClaimAccessor extends StandardClaimAccessor {
 
 	/**
 	 * Returns the Authorization Code hash value {@code (c_hash)}.
-	 *
 	 * @return the Authorization Code hash value
 	 */
 	default String getAuthorizationCodeHash() {
 		return this.getClaimAsString(IdTokenClaimNames.C_HASH);
 	}
+
 }
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/IdTokenClaimNames.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/IdTokenClaimNames.java
index c73b604f3d..b8707c7e8e 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/IdTokenClaimNames.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/IdTokenClaimNames.java
@@ -16,13 +16,14 @@
 package org.springframework.security.oauth2.core.oidc;
 
 /**
- * The names of the &quot;claims&quot; defined by the OpenID Connect Core 1.0 specification
- * that can be returned in the ID Token.
+ * The names of the &quot;claims&quot; defined by the OpenID Connect Core 1.0
+ * specification that can be returned in the ID Token.
  *
  * @author Joe Grandja
  * @since 5.0
  * @see OidcIdToken
- * @see <a target="_blank" href="https://openid.net/specs/openid-connect-core-1_0.html#IDToken">ID Token</a>
+ * @see <a target="_blank" href=
+ * "https://openid.net/specs/openid-connect-core-1_0.html#IDToken">ID Token</a>
  */
 
 public interface IdTokenClaimNames {
@@ -43,7 +44,8 @@ public interface IdTokenClaimNames {
 	String AUD = "aud";
 
 	/**
-	 * {@code exp} - the Expiration time on or after which the ID Token MUST NOT be accepted
+	 * {@code exp} - the Expiration time on or after which the ID Token MUST NOT be
+	 * accepted
 	 */
 	String EXP = "exp";
 
@@ -58,8 +60,8 @@ public interface IdTokenClaimNames {
 	String AUTH_TIME = "auth_time";
 
 	/**
-	 * {@code nonce} - a {@code String} value used to associate a Client session with an ID Token,
-	 * and to mitigate replay attacks.
+	 * {@code nonce} - a {@code String} value used to associate a Client session with an
+	 * ID Token, and to mitigate replay attacks.
 	 */
 	String NONCE = "nonce";
 
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/OidcIdToken.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/OidcIdToken.java
index 5f3740dc43..4738c784b5 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/OidcIdToken.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/OidcIdToken.java
@@ -40,29 +40,34 @@ import static org.springframework.security.oauth2.core.oidc.IdTokenClaimNames.NO
 import static org.springframework.security.oauth2.core.oidc.IdTokenClaimNames.SUB;
 
 /**
- * An implementation of an {@link AbstractOAuth2Token} representing an OpenID Connect Core 1.0 ID Token.
+ * An implementation of an {@link AbstractOAuth2Token} representing an OpenID Connect Core
+ * 1.0 ID Token.
  *
  * <p>
- * The {@code OidcIdToken} is a security token that contains &quot;claims&quot;
- * about the authentication of an End-User by an Authorization Server.
+ * The {@code OidcIdToken} is a security token that contains &quot;claims&quot; about the
+ * authentication of an End-User by an Authorization Server.
  *
  * @author Joe Grandja
  * @since 5.0
  * @see AbstractOAuth2Token
  * @see IdTokenClaimAccessor
  * @see StandardClaimAccessor
- * @see <a target="_blank" href="https://openid.net/specs/openid-connect-core-1_0.html#IDToken">ID Token</a>
- * @see <a target="_blank" href="https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims">Standard Claims</a>
+ * @see <a target="_blank" href=
+ * "https://openid.net/specs/openid-connect-core-1_0.html#IDToken">ID Token</a>
+ * @see <a target="_blank" href=
+ * "https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims">Standard
+ * Claims</a>
  */
 public class OidcIdToken extends AbstractOAuth2Token implements IdTokenClaimAccessor {
+
 	private final Map<String, Object> claims;
 
 	/**
 	 * Constructs a {@code OidcIdToken} using the provided parameters.
-	 *
 	 * @param tokenValue the ID Token value
 	 * @param issuedAt the time at which the ID Token was issued {@code (iat)}
-	 * @param expiresAt the expiration time {@code (exp)} on or after which the ID Token MUST NOT be accepted
+	 * @param expiresAt the expiration time {@code (exp)} on or after which the ID Token
+	 * MUST NOT be accepted
 	 * @param claims the claims about the authentication of the End-User
 	 */
 	public OidcIdToken(String tokenValue, Instant issuedAt, Instant expiresAt, Map<String, Object> claims) {
@@ -78,7 +83,6 @@ public class OidcIdToken extends AbstractOAuth2Token implements IdTokenClaimAcce
 
 	/**
 	 * Create a {@link Builder} based on the given token value
-	 *
 	 * @param tokenValue the token value to use
 	 * @return the {@link Builder} for further configuration
 	 * @since 5.3
@@ -94,7 +98,9 @@ public class OidcIdToken extends AbstractOAuth2Token implements IdTokenClaimAcce
 	 * @since 5.3
 	 */
 	public static final class Builder {
+
 		private String tokenValue;
+
 		private final Map<String, Object> claims = new LinkedHashMap<>();
 
 		private Builder(String tokenValue) {
@@ -103,7 +109,6 @@ public class OidcIdToken extends AbstractOAuth2Token implements IdTokenClaimAcce
 
 		/**
 		 * Use this token value in the resulting {@link OidcIdToken}
-		 *
 		 * @param tokenValue The token value to use
 		 * @return the {@link Builder} for further configurations
 		 */
@@ -114,7 +119,6 @@ public class OidcIdToken extends AbstractOAuth2Token implements IdTokenClaimAcce
 
 		/**
 		 * Use this claim in the resulting {@link OidcIdToken}
-		 *
 		 * @param name The claim name
 		 * @param value The claim value
 		 * @return the {@link Builder} for further configurations
@@ -125,8 +129,8 @@ public class OidcIdToken extends AbstractOAuth2Token implements IdTokenClaimAcce
 		}
 
 		/**
-		 * Provides access to every {@link #claim(String, Object)}
-		 * declared so far with the possibility to add, replace, or remove.
+		 * Provides access to every {@link #claim(String, Object)} declared so far with
+		 * the possibility to add, replace, or remove.
 		 * @param claimsConsumer the consumer
 		 * @return the {@link Builder} for further configurations
 		 */
@@ -137,7 +141,6 @@ public class OidcIdToken extends AbstractOAuth2Token implements IdTokenClaimAcce
 
 		/**
 		 * Use this access token hash in the resulting {@link OidcIdToken}
-		 *
 		 * @param accessTokenHash The access token hash to use
 		 * @return the {@link Builder} for further configurations
 		 */
@@ -147,7 +150,6 @@ public class OidcIdToken extends AbstractOAuth2Token implements IdTokenClaimAcce
 
 		/**
 		 * Use this audience in the resulting {@link OidcIdToken}
-		 *
 		 * @param audience The audience(s) to use
 		 * @return the {@link Builder} for further configurations
 		 */
@@ -157,7 +159,6 @@ public class OidcIdToken extends AbstractOAuth2Token implements IdTokenClaimAcce
 
 		/**
 		 * Use this authentication {@link Instant} in the resulting {@link OidcIdToken}
-		 *
 		 * @param authenticatedAt The authentication {@link Instant} to use
 		 * @return the {@link Builder} for further configurations
 		 */
@@ -166,9 +167,10 @@ public class OidcIdToken extends AbstractOAuth2Token implements IdTokenClaimAcce
 		}
 
 		/**
-		 * Use this authentication context class reference in the resulting {@link OidcIdToken}
-		 *
-		 * @param authenticationContextClass The authentication context class reference to use
+		 * Use this authentication context class reference in the resulting
+		 * {@link OidcIdToken}
+		 * @param authenticationContextClass The authentication context class reference to
+		 * use
 		 * @return the {@link Builder} for further configurations
 		 */
 		public Builder authenticationContextClass(String authenticationContextClass) {
@@ -177,7 +179,6 @@ public class OidcIdToken extends AbstractOAuth2Token implements IdTokenClaimAcce
 
 		/**
 		 * Use these authentication methods in the resulting {@link OidcIdToken}
-		 *
 		 * @param authenticationMethods The authentication methods to use
 		 * @return the {@link Builder} for further configurations
 		 */
@@ -187,7 +188,6 @@ public class OidcIdToken extends AbstractOAuth2Token implements IdTokenClaimAcce
 
 		/**
 		 * Use this authorization code hash in the resulting {@link OidcIdToken}
-		 *
 		 * @param authorizationCodeHash The authorization code hash to use
 		 * @return the {@link Builder} for further configurations
 		 */
@@ -197,7 +197,6 @@ public class OidcIdToken extends AbstractOAuth2Token implements IdTokenClaimAcce
 
 		/**
 		 * Use this authorized party in the resulting {@link OidcIdToken}
-		 *
 		 * @param authorizedParty The authorized party to use
 		 * @return the {@link Builder} for further configurations
 		 */
@@ -207,7 +206,6 @@ public class OidcIdToken extends AbstractOAuth2Token implements IdTokenClaimAcce
 
 		/**
 		 * Use this expiration in the resulting {@link OidcIdToken}
-		 *
 		 * @param expiresAt The expiration to use
 		 * @return the {@link Builder} for further configurations
 		 */
@@ -217,7 +215,6 @@ public class OidcIdToken extends AbstractOAuth2Token implements IdTokenClaimAcce
 
 		/**
 		 * Use this issued-at timestamp in the resulting {@link OidcIdToken}
-		 *
 		 * @param issuedAt The issued-at timestamp to use
 		 * @return the {@link Builder} for further configurations
 		 */
@@ -227,7 +224,6 @@ public class OidcIdToken extends AbstractOAuth2Token implements IdTokenClaimAcce
 
 		/**
 		 * Use this issuer in the resulting {@link OidcIdToken}
-		 *
 		 * @param issuer The issuer to use
 		 * @return the {@link Builder} for further configurations
 		 */
@@ -237,7 +233,6 @@ public class OidcIdToken extends AbstractOAuth2Token implements IdTokenClaimAcce
 
 		/**
 		 * Use this nonce in the resulting {@link OidcIdToken}
-		 *
 		 * @param nonce The nonce to use
 		 * @return the {@link Builder} for further configurations
 		 */
@@ -247,7 +242,6 @@ public class OidcIdToken extends AbstractOAuth2Token implements IdTokenClaimAcce
 
 		/**
 		 * Use this subject in the resulting {@link OidcIdToken}
-		 *
 		 * @param subject The subject to use
 		 * @return the {@link Builder} for further configurations
 		 */
@@ -257,7 +251,6 @@ public class OidcIdToken extends AbstractOAuth2Token implements IdTokenClaimAcce
 
 		/**
 		 * Build the {@link OidcIdToken}
-		 *
 		 * @return The constructed {@link OidcIdToken}
 		 */
 		public OidcIdToken build() {
@@ -272,5 +265,7 @@ public class OidcIdToken extends AbstractOAuth2Token implements IdTokenClaimAcce
 			}
 			return (Instant) timestamp;
 		}
+
 	}
+
 }
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/OidcScopes.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/OidcScopes.java
index e8b70c757a..253db42356 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/OidcScopes.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/OidcScopes.java
@@ -18,17 +18,19 @@ package org.springframework.security.oauth2.core.oidc;
 import org.springframework.security.oauth2.core.OAuth2AccessToken;
 
 /**
- * The scope values defined by the OpenID Connect Core 1.0 specification
- * that can be used to request {@link StandardClaimNames claims}.
+ * The scope values defined by the OpenID Connect Core 1.0 specification that can be used
+ * to request {@link StandardClaimNames claims}.
  * <p>
- * The scope(s) associated to an {@link OAuth2AccessToken} determine what claims (resources)
- * will be available when they are used to access OAuth 2.0 Protected Endpoints,
- * such as the UserInfo Endpoint.
+ * The scope(s) associated to an {@link OAuth2AccessToken} determine what claims
+ * (resources) will be available when they are used to access OAuth 2.0 Protected
+ * Endpoints, such as the UserInfo Endpoint.
  *
  * @author Joe Grandja
  * @since 5.0
  * @see StandardClaimNames
- * @see <a target="_blank" href="https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims">Requesting Claims using Scope Values</a>
+ * @see <a target="_blank" href=
+ * "https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims">Requesting Claims
+ * using Scope Values</a>
  */
 public interface OidcScopes {
 
@@ -45,7 +47,8 @@ public interface OidcScopes {
 	String PROFILE = "profile";
 
 	/**
-	 * The {@code email} scope requests access to the {@code email} and {@code email_verified} claims.
+	 * The {@code email} scope requests access to the {@code email} and
+	 * {@code email_verified} claims.
 	 */
 	String EMAIL = "email";
 
@@ -55,7 +58,8 @@ public interface OidcScopes {
 	String ADDRESS = "address";
 
 	/**
-	 * The {@code phone} scope requests access to the {@code phone_number} and {@code phone_number_verified} claims.
+	 * The {@code phone} scope requests access to the {@code phone_number} and
+	 * {@code phone_number_verified} claims.
 	 */
 	String PHONE = "phone";
 
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/OidcUserInfo.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/OidcUserInfo.java
index 5de4899ff6..1269de2164 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/OidcUserInfo.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/OidcUserInfo.java
@@ -47,26 +47,33 @@ import static org.springframework.security.oauth2.core.oidc.StandardClaimNames.W
 import static org.springframework.security.oauth2.core.oidc.StandardClaimNames.ZONEINFO;
 
 /**
- * A representation of a UserInfo Response that is returned
- * from the OAuth 2.0 Protected Resource UserInfo Endpoint.
+ * A representation of a UserInfo Response that is returned from the OAuth 2.0 Protected
+ * Resource UserInfo Endpoint.
  *
  * <p>
- * The {@code OidcUserInfo} contains a set of &quot;Standard Claims&quot; about the authentication of an End-User.
+ * The {@code OidcUserInfo} contains a set of &quot;Standard Claims&quot; about the
+ * authentication of an End-User.
  *
  * @author Joe Grandja
  * @since 5.0
  * @see StandardClaimAccessor
- * @see <a target="_blank" href="https://openid.net/specs/openid-connect-core-1_0.html#UserInfoResponse">UserInfo Response</a>
- * @see <a target="_blank" href="https://openid.net/specs/openid-connect-core-1_0.html#UserInfo">UserInfo Endpoint</a>
- * @see <a target="_blank" href="https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims">Standard Claims</a>
+ * @see <a target="_blank" href=
+ * "https://openid.net/specs/openid-connect-core-1_0.html#UserInfoResponse">UserInfo
+ * Response</a>
+ * @see <a target="_blank" href=
+ * "https://openid.net/specs/openid-connect-core-1_0.html#UserInfo">UserInfo Endpoint</a>
+ * @see <a target="_blank" href=
+ * "https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims">Standard
+ * Claims</a>
  */
 public class OidcUserInfo implements StandardClaimAccessor, Serializable {
+
 	private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
+
 	private final Map<String, Object> claims;
 
 	/**
 	 * Constructs a {@code OidcUserInfo} using the provided parameters.
-	 *
 	 * @param claims the claims about the authentication of the End-User
 	 */
 	public OidcUserInfo(Map<String, Object> claims) {
@@ -100,7 +107,6 @@ public class OidcUserInfo implements StandardClaimAccessor, Serializable {
 
 	/**
 	 * Create a {@link Builder}
-	 *
 	 * @return the {@link Builder} for further configuration
 	 * @since 5.3
 	 */
@@ -115,13 +121,14 @@ public class OidcUserInfo implements StandardClaimAccessor, Serializable {
 	 * @since 5.3
 	 */
 	public static final class Builder {
+
 		private final Map<String, Object> claims = new LinkedHashMap<>();
 
-		private Builder() {}
+		private Builder() {
+		}
 
 		/**
 		 * Use this claim in the resulting {@link OidcUserInfo}
-		 *
 		 * @param name The claim name
 		 * @param value The claim value
 		 * @return the {@link Builder} for further configurations
@@ -132,8 +139,8 @@ public class OidcUserInfo implements StandardClaimAccessor, Serializable {
 		}
 
 		/**
-		 * Provides access to every {@link #claim(String, Object)}
-		 * declared so far with the possibility to add, replace, or remove.
+		 * Provides access to every {@link #claim(String, Object)} declared so far with
+		 * the possibility to add, replace, or remove.
 		 * @param claimsConsumer the consumer
 		 * @return the {@link Builder} for further configurations
 		 */
@@ -144,7 +151,6 @@ public class OidcUserInfo implements StandardClaimAccessor, Serializable {
 
 		/**
 		 * Use this address in the resulting {@link OidcUserInfo}
-		 *
 		 * @param address The address to use
 		 * @return the {@link Builder} for further configurations
 		 */
@@ -154,7 +160,6 @@ public class OidcUserInfo implements StandardClaimAccessor, Serializable {
 
 		/**
 		 * Use this birthdate in the resulting {@link OidcUserInfo}
-		 *
 		 * @param birthdate The birthdate to use
 		 * @return the {@link Builder} for further configurations
 		 */
@@ -164,7 +169,6 @@ public class OidcUserInfo implements StandardClaimAccessor, Serializable {
 
 		/**
 		 * Use this email in the resulting {@link OidcUserInfo}
-		 *
 		 * @param email The email to use
 		 * @return the {@link Builder} for further configurations
 		 */
@@ -174,7 +178,6 @@ public class OidcUserInfo implements StandardClaimAccessor, Serializable {
 
 		/**
 		 * Use this verified-email indicator in the resulting {@link OidcUserInfo}
-		 *
 		 * @param emailVerified The verified-email indicator to use
 		 * @return the {@link Builder} for further configurations
 		 */
@@ -184,7 +187,6 @@ public class OidcUserInfo implements StandardClaimAccessor, Serializable {
 
 		/**
 		 * Use this family name in the resulting {@link OidcUserInfo}
-		 *
 		 * @param familyName The family name to use
 		 * @return the {@link Builder} for further configurations
 		 */
@@ -194,7 +196,6 @@ public class OidcUserInfo implements StandardClaimAccessor, Serializable {
 
 		/**
 		 * Use this gender in the resulting {@link OidcUserInfo}
-		 *
 		 * @param gender The gender to use
 		 * @return the {@link Builder} for further configurations
 		 */
@@ -204,7 +205,6 @@ public class OidcUserInfo implements StandardClaimAccessor, Serializable {
 
 		/**
 		 * Use this given name in the resulting {@link OidcUserInfo}
-		 *
 		 * @param givenName The given name to use
 		 * @return the {@link Builder} for further configurations
 		 */
@@ -214,7 +214,6 @@ public class OidcUserInfo implements StandardClaimAccessor, Serializable {
 
 		/**
 		 * Use this locale in the resulting {@link OidcUserInfo}
-		 *
 		 * @param locale The locale to use
 		 * @return the {@link Builder} for further configurations
 		 */
@@ -224,7 +223,6 @@ public class OidcUserInfo implements StandardClaimAccessor, Serializable {
 
 		/**
 		 * Use this middle name in the resulting {@link OidcUserInfo}
-		 *
 		 * @param middleName The middle name to use
 		 * @return the {@link Builder} for further configurations
 		 */
@@ -234,7 +232,6 @@ public class OidcUserInfo implements StandardClaimAccessor, Serializable {
 
 		/**
 		 * Use this name in the resulting {@link OidcUserInfo}
-		 *
 		 * @param name The name to use
 		 * @return the {@link Builder} for further configurations
 		 */
@@ -244,7 +241,6 @@ public class OidcUserInfo implements StandardClaimAccessor, Serializable {
 
 		/**
 		 * Use this nickname in the resulting {@link OidcUserInfo}
-		 *
 		 * @param nickname The nickname to use
 		 * @return the {@link Builder} for further configurations
 		 */
@@ -254,7 +250,6 @@ public class OidcUserInfo implements StandardClaimAccessor, Serializable {
 
 		/**
 		 * Use this picture in the resulting {@link OidcUserInfo}
-		 *
 		 * @param picture The picture to use
 		 * @return the {@link Builder} for further configurations
 		 */
@@ -264,7 +259,6 @@ public class OidcUserInfo implements StandardClaimAccessor, Serializable {
 
 		/**
 		 * Use this phone number in the resulting {@link OidcUserInfo}
-		 *
 		 * @param phoneNumber The phone number to use
 		 * @return the {@link Builder} for further configurations
 		 */
@@ -274,7 +268,6 @@ public class OidcUserInfo implements StandardClaimAccessor, Serializable {
 
 		/**
 		 * Use this verified-phone-number indicator in the resulting {@link OidcUserInfo}
-		 *
 		 * @param phoneNumberVerified The verified-phone-number indicator to use
 		 * @return the {@link Builder} for further configurations
 		 */
@@ -284,7 +277,6 @@ public class OidcUserInfo implements StandardClaimAccessor, Serializable {
 
 		/**
 		 * Use this preferred username in the resulting {@link OidcUserInfo}
-		 *
 		 * @param preferredUsername The preferred username to use
 		 * @return the {@link Builder} for further configurations
 		 */
@@ -294,7 +286,6 @@ public class OidcUserInfo implements StandardClaimAccessor, Serializable {
 
 		/**
 		 * Use this profile in the resulting {@link OidcUserInfo}
-		 *
 		 * @param profile The profile to use
 		 * @return the {@link Builder} for further configurations
 		 */
@@ -304,7 +295,6 @@ public class OidcUserInfo implements StandardClaimAccessor, Serializable {
 
 		/**
 		 * Use this subject in the resulting {@link OidcUserInfo}
-		 *
 		 * @param subject The subject to use
 		 * @return the {@link Builder} for further configurations
 		 */
@@ -314,7 +304,6 @@ public class OidcUserInfo implements StandardClaimAccessor, Serializable {
 
 		/**
 		 * Use this updated-at {@link Instant} in the resulting {@link OidcUserInfo}
-		 *
 		 * @param updatedAt The updated-at {@link Instant} to use
 		 * @return the {@link Builder} for further configurations
 		 */
@@ -324,7 +313,6 @@ public class OidcUserInfo implements StandardClaimAccessor, Serializable {
 
 		/**
 		 * Use this website in the resulting {@link OidcUserInfo}
-		 *
 		 * @param website The website to use
 		 * @return the {@link Builder} for further configurations
 		 */
@@ -334,7 +322,6 @@ public class OidcUserInfo implements StandardClaimAccessor, Serializable {
 
 		/**
 		 * Use this zoneinfo in the resulting {@link OidcUserInfo}
-		 *
 		 * @param zoneinfo The zoneinfo to use
 		 * @return the {@link Builder} for further configurations
 		 */
@@ -344,11 +331,12 @@ public class OidcUserInfo implements StandardClaimAccessor, Serializable {
 
 		/**
 		 * Build the {@link OidcUserInfo}
-		 *
 		 * @return The constructed {@link OidcUserInfo}
 		 */
 		public OidcUserInfo build() {
 			return new OidcUserInfo(this.claims);
 		}
+
 	}
+
 }
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/StandardClaimAccessor.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/StandardClaimAccessor.java
index 455e0f8f36..e99c53959c 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/StandardClaimAccessor.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/StandardClaimAccessor.java
@@ -22,14 +22,18 @@ import java.time.Instant;
 import java.util.Map;
 
 /**
- * A {@link ClaimAccessor} for the &quot;Standard Claims&quot; that can be returned
- * either in the UserInfo Response or the ID Token.
+ * A {@link ClaimAccessor} for the &quot;Standard Claims&quot; that can be returned either
+ * in the UserInfo Response or the ID Token.
  *
  * @see ClaimAccessor
  * @see StandardClaimNames
  * @see OidcUserInfo
- * @see <a target="_blank" href="https://openid.net/specs/openid-connect-core-1_0.html#UserInfoResponse">UserInfo Response</a>
- * @see <a target="_blank" href="https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims">Standard Claims</a>
+ * @see <a target="_blank" href=
+ * "https://openid.net/specs/openid-connect-core-1_0.html#UserInfoResponse">UserInfo
+ * Response</a>
+ * @see <a target="_blank" href=
+ * "https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims">Standard
+ * Claims</a>
  * @author Joe Grandja
  * @since 5.0
  */
@@ -37,7 +41,6 @@ public interface StandardClaimAccessor extends ClaimAccessor {
 
 	/**
 	 * Returns the Subject identifier {@code (sub)}.
-	 *
 	 * @return the Subject identifier
 	 */
 	default String getSubject() {
@@ -46,7 +49,6 @@ public interface StandardClaimAccessor extends ClaimAccessor {
 
 	/**
 	 * Returns the user's full name {@code (name)} in displayable form.
-	 *
 	 * @return the user's full name
 	 */
 	default String getFullName() {
@@ -55,7 +57,6 @@ public interface StandardClaimAccessor extends ClaimAccessor {
 
 	/**
 	 * Returns the user's given name(s) or first name(s) {@code (given_name)}.
-	 *
 	 * @return the user's given name(s)
 	 */
 	default String getGivenName() {
@@ -64,7 +65,6 @@ public interface StandardClaimAccessor extends ClaimAccessor {
 
 	/**
 	 * Returns the user's surname(s) or last name(s) {@code (family_name)}.
-	 *
 	 * @return the user's family names(s)
 	 */
 	default String getFamilyName() {
@@ -73,7 +73,6 @@ public interface StandardClaimAccessor extends ClaimAccessor {
 
 	/**
 	 * Returns the user's middle name(s) {@code (middle_name)}.
-	 *
 	 * @return the user's middle name(s)
 	 */
 	default String getMiddleName() {
@@ -81,8 +80,8 @@ public interface StandardClaimAccessor extends ClaimAccessor {
 	}
 
 	/**
-	 * Returns the user's nick name {@code (nickname)} that may or may not be the same as the {@code (given_name)}.
-	 *
+	 * Returns the user's nick name {@code (nickname)} that may or may not be the same as
+	 * the {@code (given_name)}.
 	 * @return the user's nick name
 	 */
 	default String getNickName() {
@@ -90,8 +89,8 @@ public interface StandardClaimAccessor extends ClaimAccessor {
 	}
 
 	/**
-	 * Returns the preferred username {@code (preferred_username)} that the user wishes to be referred to.
-	 *
+	 * Returns the preferred username {@code (preferred_username)} that the user wishes to
+	 * be referred to.
 	 * @return the user's preferred user name
 	 */
 	default String getPreferredUsername() {
@@ -100,7 +99,6 @@ public interface StandardClaimAccessor extends ClaimAccessor {
 
 	/**
 	 * Returns the URL of the user's profile page {@code (profile)}.
-	 *
 	 * @return the URL of the user's profile page
 	 */
 	default String getProfile() {
@@ -109,7 +107,6 @@ public interface StandardClaimAccessor extends ClaimAccessor {
 
 	/**
 	 * Returns the URL of the user's profile picture {@code (picture)}.
-	 *
 	 * @return the URL of the user's profile picture
 	 */
 	default String getPicture() {
@@ -118,7 +115,6 @@ public interface StandardClaimAccessor extends ClaimAccessor {
 
 	/**
 	 * Returns the URL of the user's web page or blog {@code (website)}.
-	 *
 	 * @return the URL of the user's web page or blog
 	 */
 	default String getWebsite() {
@@ -127,7 +123,6 @@ public interface StandardClaimAccessor extends ClaimAccessor {
 
 	/**
 	 * Returns the user's preferred e-mail address {@code (email)}.
-	 *
 	 * @return the user's preferred e-mail address
 	 */
 	default String getEmail() {
@@ -135,9 +130,10 @@ public interface StandardClaimAccessor extends ClaimAccessor {
 	}
 
 	/**
-	 * Returns {@code true} if the user's e-mail address has been verified {@code (email_verified)}, otherwise {@code false}.
-	 *
-	 * @return {@code true} if the user's e-mail address has been verified, otherwise {@code false}
+	 * Returns {@code true} if the user's e-mail address has been verified
+	 * {@code (email_verified)}, otherwise {@code false}.
+	 * @return {@code true} if the user's e-mail address has been verified, otherwise
+	 * {@code false}
 	 */
 	default Boolean getEmailVerified() {
 		return this.getClaimAsBoolean(StandardClaimNames.EMAIL_VERIFIED);
@@ -145,7 +141,6 @@ public interface StandardClaimAccessor extends ClaimAccessor {
 
 	/**
 	 * Returns the user's gender {@code (gender)}.
-	 *
 	 * @return the user's gender
 	 */
 	default String getGender() {
@@ -154,7 +149,6 @@ public interface StandardClaimAccessor extends ClaimAccessor {
 
 	/**
 	 * Returns the user's birth date {@code (birthdate)}.
-	 *
 	 * @return the user's birth date
 	 */
 	default String getBirthdate() {
@@ -163,7 +157,6 @@ public interface StandardClaimAccessor extends ClaimAccessor {
 
 	/**
 	 * Returns the user's time zone {@code (zoneinfo)}.
-	 *
 	 * @return the user's time zone
 	 */
 	default String getZoneInfo() {
@@ -172,7 +165,6 @@ public interface StandardClaimAccessor extends ClaimAccessor {
 
 	/**
 	 * Returns the user's locale {@code (locale)}.
-	 *
 	 * @return the user's locale
 	 */
 	default String getLocale() {
@@ -181,7 +173,6 @@ public interface StandardClaimAccessor extends ClaimAccessor {
 
 	/**
 	 * Returns the user's preferred phone number {@code (phone_number)}.
-	 *
 	 * @return the user's preferred phone number
 	 */
 	default String getPhoneNumber() {
@@ -189,9 +180,10 @@ public interface StandardClaimAccessor extends ClaimAccessor {
 	}
 
 	/**
-	 * Returns {@code true} if the user's phone number has been verified {@code (phone_number_verified)}, otherwise {@code false}.
-	 *
-	 * @return {@code true} if the user's phone number has been verified, otherwise {@code false}
+	 * Returns {@code true} if the user's phone number has been verified
+	 * {@code (phone_number_verified)}, otherwise {@code false}.
+	 * @return {@code true} if the user's phone number has been verified, otherwise
+	 * {@code false}
 	 */
 	default Boolean getPhoneNumberVerified() {
 		return this.getClaimAsBoolean(StandardClaimNames.PHONE_NUMBER_VERIFIED);
@@ -199,22 +191,20 @@ public interface StandardClaimAccessor extends ClaimAccessor {
 
 	/**
 	 * Returns the user's preferred postal address {@code (address)}.
-	 *
 	 * @return the user's preferred postal address
 	 */
 	default AddressStandardClaim getAddress() {
 		Map<String, Object> addressFields = this.getClaimAsMap(StandardClaimNames.ADDRESS);
-		return (!CollectionUtils.isEmpty(addressFields) ?
-			new DefaultAddressStandardClaim.Builder(addressFields).build() :
-			new DefaultAddressStandardClaim.Builder().build());
+		return (!CollectionUtils.isEmpty(addressFields) ? new DefaultAddressStandardClaim.Builder(addressFields).build()
+				: new DefaultAddressStandardClaim.Builder().build());
 	}
 
 	/**
 	 * Returns the time the user's information was last updated {@code (updated_at)}.
-	 *
 	 * @return the time the user's information was last updated
 	 */
 	default Instant getUpdatedAt() {
 		return this.getClaimAsInstant(StandardClaimNames.UPDATED_AT);
 	}
+
 }
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/StandardClaimNames.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/StandardClaimNames.java
index e57b4df7a0..0e465c1e23 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/StandardClaimNames.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/StandardClaimNames.java
@@ -16,14 +16,19 @@
 package org.springframework.security.oauth2.core.oidc;
 
 /**
- * The names of the &quot;Standard Claims&quot; defined by the OpenID Connect Core 1.0 specification
- * that can be returned either in the UserInfo Response or the ID Token.
+ * The names of the &quot;Standard Claims&quot; defined by the OpenID Connect Core 1.0
+ * specification that can be returned either in the UserInfo Response or the ID Token.
  *
  * @author Joe Grandja
  * @since 5.0
- * @see <a target="_blank" href="https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims">Standard Claims</a>
- * @see <a target="_blank" href="https://openid.net/specs/openid-connect-core-1_0.html#UserInfoResponse">UserInfo Response</a>
- * @see <a target="_blank" href="https://openid.net/specs/openid-connect-core-1_0.html#IDToken">ID Token</a>
+ * @see <a target="_blank" href=
+ * "https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims">Standard
+ * Claims</a>
+ * @see <a target="_blank" href=
+ * "https://openid.net/specs/openid-connect-core-1_0.html#UserInfoResponse">UserInfo
+ * Response</a>
+ * @see <a target="_blank" href=
+ * "https://openid.net/specs/openid-connect-core-1_0.html#IDToken">ID Token</a>
  */
 public interface StandardClaimNames {
 
@@ -53,12 +58,14 @@ public interface StandardClaimNames {
 	String MIDDLE_NAME = "middle_name";
 
 	/**
-	 * {@code nickname} - the user's nick name that may or may not be the same as the {@code given_name}
+	 * {@code nickname} - the user's nick name that may or may not be the same as the
+	 * {@code given_name}
 	 */
 	String NICKNAME = "nickname";
 
 	/**
-	 * {@code preferred_username} - the preferred username that the user wishes to be referred to
+	 * {@code preferred_username} - the preferred username that the user wishes to be
+	 * referred to
 	 */
 	String PREFERRED_USERNAME = "preferred_username";
 
@@ -83,7 +90,8 @@ public interface StandardClaimNames {
 	String EMAIL = "email";
 
 	/**
-	 * {@code email_verified} - {@code true} if the user's e-mail address has been verified, otherwise {@code false}
+	 * {@code email_verified} - {@code true} if the user's e-mail address has been
+	 * verified, otherwise {@code false}
 	 */
 	String EMAIL_VERIFIED = "email_verified";
 
@@ -113,7 +121,8 @@ public interface StandardClaimNames {
 	String PHONE_NUMBER = "phone_number";
 
 	/**
-	 * {@code phone_number_verified} - {@code true} if the user's phone number has been verified, otherwise {@code false}
+	 * {@code phone_number_verified} - {@code true} if the user's phone number has been
+	 * verified, otherwise {@code false}
 	 */
 	String PHONE_NUMBER_VERIFIED = "phone_number_verified";
 
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/endpoint/OidcParameterNames.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/endpoint/OidcParameterNames.java
index 827c4557b2..b157408940 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/endpoint/OidcParameterNames.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/endpoint/OidcParameterNames.java
@@ -16,13 +16,15 @@
 package org.springframework.security.oauth2.core.oidc.endpoint;
 
 /**
- * Standard parameter names defined in the OAuth Parameters Registry
- * and used by the authorization endpoint and token endpoint.
+ * Standard parameter names defined in the OAuth Parameters Registry and used by the
+ * authorization endpoint and token endpoint.
  *
  * @author Joe Grandja
  * @author Mark Heckler
  * @since 5.0
- * @see <a target="_blank" href="https://openid.net/specs/openid-connect-core-1_0.html#OAuthParametersRegistry">18.2 OAuth Parameters Registration</a>
+ * @see <a target="_blank" href=
+ * "https://openid.net/specs/openid-connect-core-1_0.html#OAuthParametersRegistry">18.2
+ * OAuth Parameters Registration</a>
  */
 public interface OidcParameterNames {
 
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/DefaultOidcUser.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/DefaultOidcUser.java
index b162ba85ae..34ab430cf8 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/DefaultOidcUser.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/DefaultOidcUser.java
@@ -29,8 +29,8 @@ import java.util.Map;
  * The default implementation of an {@link OidcUser}.
  *
  * <p>
- * The default claim used for accessing the &quot;name&quot; of the
- * user {@code Principal} from {@link #getClaims()} is {@link IdTokenClaimNames#SUB}.
+ * The default claim used for accessing the &quot;name&quot; of the user {@code Principal}
+ * from {@link #getClaims()} is {@link IdTokenClaimNames#SUB}.
  *
  * @author Joe Grandja
  * @author Vedran Pavic
@@ -41,12 +41,13 @@ import java.util.Map;
  * @see OidcUserInfo
  */
 public class DefaultOidcUser extends DefaultOAuth2User implements OidcUser {
+
 	private final OidcIdToken idToken;
+
 	private final OidcUserInfo userInfo;
 
 	/**
 	 * Constructs a {@code DefaultOidcUser} using the provided parameters.
-	 *
 	 * @param authorities the authorities granted to the user
 	 * @param idToken the {@link OidcIdToken ID Token} containing claims about the user
 	 */
@@ -56,36 +57,39 @@ public class DefaultOidcUser extends DefaultOAuth2User implements OidcUser {
 
 	/**
 	 * Constructs a {@code DefaultOidcUser} using the provided parameters.
-	 *
 	 * @param authorities the authorities granted to the user
 	 * @param idToken the {@link OidcIdToken ID Token} containing claims about the user
-	 * @param nameAttributeKey the key used to access the user's &quot;name&quot; from {@link #getAttributes()}
+	 * @param nameAttributeKey the key used to access the user's &quot;name&quot; from
+	 * {@link #getAttributes()}
 	 */
-	public DefaultOidcUser(Collection<? extends GrantedAuthority> authorities, OidcIdToken idToken, String nameAttributeKey) {
+	public DefaultOidcUser(Collection<? extends GrantedAuthority> authorities, OidcIdToken idToken,
+			String nameAttributeKey) {
 		this(authorities, idToken, null, nameAttributeKey);
 	}
 
 	/**
 	 * Constructs a {@code DefaultOidcUser} using the provided parameters.
-	 *
 	 * @param authorities the authorities granted to the user
 	 * @param idToken the {@link OidcIdToken ID Token} containing claims about the user
-	 * @param userInfo the {@link OidcUserInfo UserInfo} containing claims about the user, may be {@code null}
+	 * @param userInfo the {@link OidcUserInfo UserInfo} containing claims about the user,
+	 * may be {@code null}
 	 */
-	public DefaultOidcUser(Collection<? extends GrantedAuthority> authorities, OidcIdToken idToken, OidcUserInfo userInfo) {
+	public DefaultOidcUser(Collection<? extends GrantedAuthority> authorities, OidcIdToken idToken,
+			OidcUserInfo userInfo) {
 		this(authorities, idToken, userInfo, IdTokenClaimNames.SUB);
 	}
 
 	/**
 	 * Constructs a {@code DefaultOidcUser} using the provided parameters.
-	 *
 	 * @param authorities the authorities granted to the user
 	 * @param idToken the {@link OidcIdToken ID Token} containing claims about the user
-	 * @param userInfo the {@link OidcUserInfo UserInfo} containing claims about the user, may be {@code null}
-	 * @param nameAttributeKey the key used to access the user's &quot;name&quot; from {@link #getAttributes()}
+	 * @param userInfo the {@link OidcUserInfo UserInfo} containing claims about the user,
+	 * may be {@code null}
+	 * @param nameAttributeKey the key used to access the user's &quot;name&quot; from
+	 * {@link #getAttributes()}
 	 */
 	public DefaultOidcUser(Collection<? extends GrantedAuthority> authorities, OidcIdToken idToken,
-							OidcUserInfo userInfo, String nameAttributeKey) {
+			OidcUserInfo userInfo, String nameAttributeKey) {
 		super(authorities, OidcUserAuthority.collectClaims(idToken, userInfo), nameAttributeKey);
 		this.idToken = idToken;
 		this.userInfo = userInfo;
@@ -105,4 +109,5 @@ public class DefaultOidcUser extends DefaultOAuth2User implements OidcUser {
 	public OidcUserInfo getUserInfo() {
 		return this.userInfo;
 	}
+
 }
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/OidcUser.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/OidcUser.java
index 15b3014061..e975c06f1a 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/OidcUser.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/OidcUser.java
@@ -26,17 +26,18 @@ import org.springframework.security.oauth2.core.user.OAuth2User;
 import java.util.Map;
 
 /**
- * A representation of a user {@code Principal}
- * that is registered with an OpenID Connect 1.0 Provider.
+ * A representation of a user {@code Principal} that is registered with an OpenID Connect
+ * 1.0 Provider.
  *
  * <p>
- * An {@code OidcUser} contains &quot;claims&quot; about the authentication of the End-User.
- * The claims are aggregated from the {@link OidcIdToken} and the {@link OidcUserInfo} (if available).
+ * An {@code OidcUser} contains &quot;claims&quot; about the authentication of the
+ * End-User. The claims are aggregated from the {@link OidcIdToken} and the
+ * {@link OidcUserInfo} (if available).
  *
  * <p>
  * Implementation instances of this interface represent an {@link AuthenticatedPrincipal}
- * which is associated to an {@link Authentication} object
- * and may be accessed via {@link Authentication#getPrincipal()}.
+ * which is associated to an {@link Authentication} object and may be accessed via
+ * {@link Authentication#getPrincipal()}.
  *
  * @author Joe Grandja
  * @since 5.0
@@ -46,30 +47,31 @@ import java.util.Map;
  * @see OidcUserInfo
  * @see IdTokenClaimAccessor
  * @see StandardClaimAccessor
- * @see <a target="_blank" href="https://openid.net/specs/openid-connect-core-1_0.html#IDToken">ID Token</a>
- * @see <a target="_blank" href="https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims">Standard Claims</a>
+ * @see <a target="_blank" href=
+ * "https://openid.net/specs/openid-connect-core-1_0.html#IDToken">ID Token</a>
+ * @see <a target="_blank" href=
+ * "https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims">Standard
+ * Claims</a>
  */
 public interface OidcUser extends OAuth2User, IdTokenClaimAccessor {
 
 	/**
-	 * Returns the claims about the user.
-	 * The claims are aggregated from {@link #getIdToken()} and {@link #getUserInfo()} (if available).
-	 *
+	 * Returns the claims about the user. The claims are aggregated from
+	 * {@link #getIdToken()} and {@link #getUserInfo()} (if available).
 	 * @return a {@code Map} of claims about the user
 	 */
 	Map<String, Object> getClaims();
 
 	/**
 	 * Returns the {@link OidcUserInfo UserInfo} containing claims about the user.
-	 *
 	 * @return the {@link OidcUserInfo} containing claims about the user.
 	 */
 	OidcUserInfo getUserInfo();
 
 	/**
 	 * Returns the {@link OidcIdToken ID Token} containing claims about the user.
-	 *
 	 * @return the {@link OidcIdToken} containing claims about the user.
 	 */
 	OidcIdToken getIdToken();
+
 }
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/OidcUserAuthority.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/OidcUserAuthority.java
index 2d215b1326..210c310b85 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/OidcUserAuthority.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/OidcUserAuthority.java
@@ -32,12 +32,13 @@ import java.util.Map;
  * @see OidcUser
  */
 public class OidcUserAuthority extends OAuth2UserAuthority {
+
 	private final OidcIdToken idToken;
+
 	private final OidcUserInfo userInfo;
 
 	/**
 	 * Constructs a {@code OidcUserAuthority} using the provided parameters.
-	 *
 	 * @param idToken the {@link OidcIdToken ID Token} containing claims about the user
 	 */
 	public OidcUserAuthority(OidcIdToken idToken) {
@@ -45,11 +46,11 @@ public class OidcUserAuthority extends OAuth2UserAuthority {
 	}
 
 	/**
-	 * Constructs a {@code OidcUserAuthority} using the provided parameters
-	 * and defaults {@link #getAuthority()} to {@code ROLE_USER}.
-	 *
+	 * Constructs a {@code OidcUserAuthority} using the provided parameters and defaults
+	 * {@link #getAuthority()} to {@code ROLE_USER}.
 	 * @param idToken the {@link OidcIdToken ID Token} containing claims about the user
-	 * @param userInfo the {@link OidcUserInfo UserInfo} containing claims about the user, may be {@code null}
+	 * @param userInfo the {@link OidcUserInfo UserInfo} containing claims about the user,
+	 * may be {@code null}
 	 */
 	public OidcUserAuthority(OidcIdToken idToken, OidcUserInfo userInfo) {
 		this("ROLE_USER", idToken, userInfo);
@@ -57,10 +58,10 @@ public class OidcUserAuthority extends OAuth2UserAuthority {
 
 	/**
 	 * Constructs a {@code OidcUserAuthority} using the provided parameters.
-	 *
 	 * @param authority the authority granted to the user
 	 * @param idToken the {@link OidcIdToken ID Token} containing claims about the user
-	 * @param userInfo the {@link OidcUserInfo UserInfo} containing claims about the user, may be {@code null}
+	 * @param userInfo the {@link OidcUserInfo UserInfo} containing claims about the user,
+	 * may be {@code null}
 	 */
 	public OidcUserAuthority(String authority, OidcIdToken idToken, OidcUserInfo userInfo) {
 		super(authority, collectClaims(idToken, userInfo));
@@ -70,7 +71,6 @@ public class OidcUserAuthority extends OAuth2UserAuthority {
 
 	/**
 	 * Returns the {@link OidcIdToken ID Token} containing claims about the user.
-	 *
 	 * @return the {@link OidcIdToken} containing claims about the user.
 	 */
 	public OidcIdToken getIdToken() {
@@ -78,8 +78,8 @@ public class OidcUserAuthority extends OAuth2UserAuthority {
 	}
 
 	/**
-	 * Returns the {@link OidcUserInfo UserInfo} containing claims about the user, may be {@code null}.
-	 *
+	 * Returns the {@link OidcUserInfo UserInfo} containing claims about the user, may be
+	 * {@code null}.
 	 * @return the {@link OidcUserInfo} containing claims about the user, or {@code null}
 	 */
 	public OidcUserInfo getUserInfo() {
@@ -103,9 +103,7 @@ public class OidcUserAuthority extends OAuth2UserAuthority {
 		if (!this.getIdToken().equals(that.getIdToken())) {
 			return false;
 		}
-		return this.getUserInfo() != null ?
-			this.getUserInfo().equals(that.getUserInfo()) :
-			that.getUserInfo() == null;
+		return this.getUserInfo() != null ? this.getUserInfo().equals(that.getUserInfo()) : that.getUserInfo() == null;
 	}
 
 	@Override
@@ -125,4 +123,5 @@ public class OidcUserAuthority extends OAuth2UserAuthority {
 		claims.putAll(idToken.getClaims());
 		return claims;
 	}
+
 }
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/package-info.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/package-info.java
index 3af0286c26..eaaf28ff6d 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/package-info.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/package-info.java
@@ -14,6 +14,7 @@
  * limitations under the License.
  */
 /**
- * Provides a model for an OpenID Connect Core 1.0 representation of a user {@code Principal}.
+ * Provides a model for an OpenID Connect Core 1.0 representation of a user
+ * {@code Principal}.
  */
 package org.springframework.security.oauth2.core.oidc.user;
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/package-info.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/package-info.java
index 77190dd447..e723882d6c 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/package-info.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/package-info.java
@@ -14,6 +14,7 @@
  * limitations under the License.
  */
 /**
- * Core classes and interfaces providing support for the OAuth 2.0 Authorization Framework.
+ * Core classes and interfaces providing support for the OAuth 2.0 Authorization
+ * Framework.
  */
 package org.springframework.security.oauth2.core;
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/user/DefaultOAuth2User.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/user/DefaultOAuth2User.java
index 7657d6b1b7..c31312a8ad 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/user/DefaultOAuth2User.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/user/DefaultOAuth2User.java
@@ -34,12 +34,11 @@ import java.util.LinkedHashSet;
  * The default implementation of an {@link OAuth2User}.
  *
  * <p>
- * User attribute names are <b>not</b> standardized between providers
- * and therefore it is required to supply the <i>key</i>
- * for the user's &quot;name&quot; attribute to one of the constructors.
- * The <i>key</i> will be used for accessing the &quot;name&quot; of the
- * {@code Principal} (user) via {@link #getAttributes()}
- * and returning it from {@link #getName()}.
+ * User attribute names are <b>not</b> standardized between providers and therefore it is
+ * required to supply the <i>key</i> for the user's &quot;name&quot; attribute to one of
+ * the constructors. The <i>key</i> will be used for accessing the &quot;name&quot; of the
+ * {@code Principal} (user) via {@link #getAttributes()} and returning it from
+ * {@link #getName()}.
  *
  * @author Joe Grandja
  * @author Eddú Meléndez
@@ -47,19 +46,24 @@ import java.util.LinkedHashSet;
  * @since 5.0
  */
 public class DefaultOAuth2User implements OAuth2User, Serializable {
+
 	private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
+
 	private final Set<GrantedAuthority> authorities;
+
 	private final Map<String, Object> attributes;
+
 	private final String nameAttributeKey;
 
 	/**
 	 * Constructs a {@code DefaultOAuth2User} using the provided parameters.
-	 *
-	 * @param authorities      the authorities granted to the user
-	 * @param attributes       the attributes about the user
-	 * @param nameAttributeKey the key used to access the user's &quot;name&quot; from {@link #getAttributes()}
+	 * @param authorities the authorities granted to the user
+	 * @param attributes the attributes about the user
+	 * @param nameAttributeKey the key used to access the user's &quot;name&quot; from
+	 * {@link #getAttributes()}
 	 */
-	public DefaultOAuth2User(Collection<? extends GrantedAuthority> authorities, Map<String, Object> attributes, String nameAttributeKey) {
+	public DefaultOAuth2User(Collection<? extends GrantedAuthority> authorities, Map<String, Object> attributes,
+			String nameAttributeKey) {
 		Assert.notEmpty(authorities, "authorities cannot be empty");
 		Assert.notEmpty(attributes, "attributes cannot be empty");
 		Assert.hasText(nameAttributeKey, "nameAttributeKey cannot be empty");
@@ -87,8 +91,8 @@ public class DefaultOAuth2User implements OAuth2User, Serializable {
 	}
 
 	private Set<GrantedAuthority> sortAuthorities(Collection<? extends GrantedAuthority> authorities) {
-		SortedSet<GrantedAuthority> sortedAuthorities =
-				new TreeSet<>(Comparator.comparing(GrantedAuthority::getAuthority));
+		SortedSet<GrantedAuthority> sortedAuthorities = new TreeSet<>(
+				Comparator.comparing(GrantedAuthority::getAuthority));
 		sortedAuthorities.addAll(authorities);
 		return sortedAuthorities;
 	}
@@ -133,4 +137,5 @@ public class DefaultOAuth2User implements OAuth2User, Serializable {
 		sb.append("]");
 		return sb.toString();
 	}
+
 }
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/user/OAuth2User.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/user/OAuth2User.java
index f25db96c01..d361098ede 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/user/OAuth2User.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/user/OAuth2User.java
@@ -19,23 +19,24 @@ import org.springframework.security.core.Authentication;
 import org.springframework.security.oauth2.core.OAuth2AuthenticatedPrincipal;
 
 /**
- * A representation of a user {@code Principal}
- * that is registered with an OAuth 2.0 Provider.
+ * A representation of a user {@code Principal} that is registered with an OAuth 2.0
+ * Provider.
  *
  * <p>
- * An OAuth 2.0 user is composed of one or more attributes, for example,
- * first name, middle name, last name, email, phone number, address, etc.
- * Each user attribute has a &quot;name&quot; and &quot;value&quot; and
- * is keyed by the &quot;name&quot; in {@link #getAttributes()}.
+ * An OAuth 2.0 user is composed of one or more attributes, for example, first name,
+ * middle name, last name, email, phone number, address, etc. Each user attribute has a
+ * &quot;name&quot; and &quot;value&quot; and is keyed by the &quot;name&quot; in
+ * {@link #getAttributes()}.
  *
  * <p>
- * <b>NOTE:</b> Attribute names are <b>not</b> standardized between providers and therefore will vary.
- * Please consult the provider's API documentation for the set of supported user attribute names.
+ * <b>NOTE:</b> Attribute names are <b>not</b> standardized between providers and
+ * therefore will vary. Please consult the provider's API documentation for the set of
+ * supported user attribute names.
  *
  * <p>
- * Implementation instances of this interface represent an {@link OAuth2AuthenticatedPrincipal}
- * which is associated to an {@link Authentication} object
- * and may be accessed via {@link Authentication#getPrincipal()}.
+ * Implementation instances of this interface represent an
+ * {@link OAuth2AuthenticatedPrincipal} which is associated to an {@link Authentication}
+ * object and may be accessed via {@link Authentication#getPrincipal()}.
  *
  * @author Joe Grandja
  * @author Eddú Meléndez
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/user/OAuth2UserAuthority.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/user/OAuth2UserAuthority.java
index 161fc1f64c..d0e513bcd6 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/user/OAuth2UserAuthority.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/user/OAuth2UserAuthority.java
@@ -31,14 +31,16 @@ import java.util.Map;
  * @see OAuth2User
  */
 public class OAuth2UserAuthority implements GrantedAuthority {
+
 	private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
+
 	private final String authority;
+
 	private final Map<String, Object> attributes;
 
 	/**
-	 * Constructs a {@code OAuth2UserAuthority} using the provided parameters
-	 * and defaults {@link #getAuthority()} to {@code ROLE_USER}.
-	 *
+	 * Constructs a {@code OAuth2UserAuthority} using the provided parameters and defaults
+	 * {@link #getAuthority()} to {@code ROLE_USER}.
 	 * @param attributes the attributes about the user
 	 */
 	public OAuth2UserAuthority(Map<String, Object> attributes) {
@@ -47,7 +49,6 @@ public class OAuth2UserAuthority implements GrantedAuthority {
 
 	/**
 	 * Constructs a {@code OAuth2UserAuthority} using the provided parameters.
-	 *
 	 * @param authority the authority granted to the user
 	 * @param attributes the attributes about the user
 	 */
@@ -65,7 +66,6 @@ public class OAuth2UserAuthority implements GrantedAuthority {
 
 	/**
 	 * Returns the attributes about the user.
-	 *
 	 * @return a {@code Map} of attributes about the user
 	 */
 	public Map<String, Object> getAttributes() {
@@ -100,4 +100,5 @@ public class OAuth2UserAuthority implements GrantedAuthority {
 	public String toString() {
 		return this.getAuthority();
 	}
+
 }
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/web/reactive/function/OAuth2AccessTokenResponseBodyExtractor.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/web/reactive/function/OAuth2AccessTokenResponseBodyExtractor.java
index b6de896d32..fdd4407674 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/web/reactive/function/OAuth2AccessTokenResponseBodyExtractor.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/web/reactive/function/OAuth2AccessTokenResponseBodyExtractor.java
@@ -41,7 +41,9 @@ import java.util.Map;
 import java.util.Set;
 
 /**
- * Provides a way to create an {@link OAuth2AccessTokenResponse} from a {@link ReactiveHttpInputMessage}
+ * Provides a way to create an {@link OAuth2AccessTokenResponse} from a
+ * {@link ReactiveHttpInputMessage}
+ *
  * @author Rob Winch
  * @since 5.1
  */
@@ -50,16 +52,18 @@ class OAuth2AccessTokenResponseBodyExtractor
 
 	private static final String INVALID_TOKEN_RESPONSE_ERROR_CODE = "invalid_token_response";
 
-	OAuth2AccessTokenResponseBodyExtractor() {}
+	OAuth2AccessTokenResponseBodyExtractor() {
+	}
 
 	@Override
-	public Mono<OAuth2AccessTokenResponse> extract(ReactiveHttpInputMessage inputMessage,
-			Context context) {
-		ParameterizedTypeReference<Map<String, Object>> type = new ParameterizedTypeReference<Map<String, Object>>() {};
+	public Mono<OAuth2AccessTokenResponse> extract(ReactiveHttpInputMessage inputMessage, Context context) {
+		ParameterizedTypeReference<Map<String, Object>> type = new ParameterizedTypeReference<Map<String, Object>>() {
+		};
 		BodyExtractor<Mono<Map<String, Object>>, ReactiveHttpInputMessage> delegate = BodyExtractors.toMono(type);
 		return delegate.extract(inputMessage, context)
 				.onErrorMap(e -> new OAuth2AuthorizationException(
-						invalidTokenResponse("An error occurred parsing the Access Token response: " + e.getMessage()), e))
+						invalidTokenResponse("An error occurred parsing the Access Token response: " + e.getMessage()),
+						e))
 				.switchIfEmpty(Mono.error(() -> new OAuth2AuthorizationException(
 						invalidTokenResponse("Empty OAuth 2.0 Access Token Response"))))
 				.map(OAuth2AccessTokenResponseBodyExtractor::parse)
@@ -79,23 +83,20 @@ class OAuth2AccessTokenResponseBodyExtractor
 	}
 
 	private static OAuth2Error invalidTokenResponse(String message) {
-		return new OAuth2Error(
-				INVALID_TOKEN_RESPONSE_ERROR_CODE,
-				message,
-				null);
+		return new OAuth2Error(INVALID_TOKEN_RESPONSE_ERROR_CODE, message, null);
 	}
 
 	private static Mono<AccessTokenResponse> oauth2AccessTokenResponse(TokenResponse tokenResponse) {
 		if (tokenResponse.indicatesSuccess()) {
-			return Mono.just(tokenResponse)
-					.cast(AccessTokenResponse.class);
+			return Mono.just(tokenResponse).cast(AccessTokenResponse.class);
 		}
 		TokenErrorResponse tokenErrorResponse = (TokenErrorResponse) tokenResponse;
 		ErrorObject errorObject = tokenErrorResponse.getErrorObject();
 		OAuth2Error oauth2Error;
 		if (errorObject == null) {
 			oauth2Error = new OAuth2Error(OAuth2ErrorCodes.SERVER_ERROR);
-		} else {
+		}
+		else {
 			oauth2Error = new OAuth2Error(
 					errorObject.getCode() != null ? errorObject.getCode() : OAuth2ErrorCodes.SERVER_ERROR,
 					errorObject.getDescription(),
@@ -107,14 +108,13 @@ class OAuth2AccessTokenResponseBodyExtractor
 	private static OAuth2AccessTokenResponse oauth2AccessTokenResponse(AccessTokenResponse accessTokenResponse) {
 		AccessToken accessToken = accessTokenResponse.getTokens().getAccessToken();
 		OAuth2AccessToken.TokenType accessTokenType = null;
-		if (OAuth2AccessToken.TokenType.BEARER.getValue()
-				.equalsIgnoreCase(accessToken.getType().getValue())) {
+		if (OAuth2AccessToken.TokenType.BEARER.getValue().equalsIgnoreCase(accessToken.getType().getValue())) {
 			accessTokenType = OAuth2AccessToken.TokenType.BEARER;
 		}
 		long expiresIn = accessToken.getLifetime();
 
-		Set<String> scopes = accessToken.getScope() == null ?
-				Collections.emptySet() : new LinkedHashSet<>(accessToken.getScope().toStringList());
+		Set<String> scopes = accessToken.getScope() == null ? Collections.emptySet()
+				: new LinkedHashSet<>(accessToken.getScope().toStringList());
 
 		String refreshToken = null;
 		if (accessTokenResponse.getTokens().getRefreshToken() != null) {
@@ -123,12 +123,9 @@ class OAuth2AccessTokenResponseBodyExtractor
 
 		Map<String, Object> additionalParameters = new LinkedHashMap<>(accessTokenResponse.getCustomParameters());
 
-		return OAuth2AccessTokenResponse.withToken(accessToken.getValue())
-				.tokenType(accessTokenType)
-				.expiresIn(expiresIn)
-				.scopes(scopes)
-				.refreshToken(refreshToken)
-				.additionalParameters(additionalParameters)
-				.build();
+		return OAuth2AccessTokenResponse.withToken(accessToken.getValue()).tokenType(accessTokenType)
+				.expiresIn(expiresIn).scopes(scopes).refreshToken(refreshToken)
+				.additionalParameters(additionalParameters).build();
 	}
+
 }
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/web/reactive/function/OAuth2BodyExtractors.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/web/reactive/function/OAuth2BodyExtractors.java
index 4818f7a064..10625ce160 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/web/reactive/function/OAuth2BodyExtractors.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/web/reactive/function/OAuth2BodyExtractors.java
@@ -23,6 +23,7 @@ import reactor.core.publisher.Mono;
 
 /**
  * Static factory methods for OAuth2 {@link BodyExtractor} implementations.
+ *
  * @author Rob Winch
  * @since 5.1
  */
@@ -36,5 +37,7 @@ public abstract class OAuth2BodyExtractors {
 		return new OAuth2AccessTokenResponseBodyExtractor();
 	}
 
-	private OAuth2BodyExtractors() {}
+	private OAuth2BodyExtractors() {
+	}
+
 }
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/AuthenticationMethodTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/AuthenticationMethodTests.java
index 3a0f698659..ce937dea1a 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/AuthenticationMethodTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/AuthenticationMethodTests.java
@@ -45,4 +45,5 @@ public class AuthenticationMethodTests {
 	public void getValueWhenFormAuthenticationTypeThenReturnQuery() {
 		assertThat(AuthenticationMethod.QUERY.getValue()).isEqualTo("query");
 	}
+
 }
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/AuthorizationGrantTypeTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/AuthorizationGrantTypeTests.java
index 8205e162ca..9142d08a9e 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/AuthorizationGrantTypeTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/AuthorizationGrantTypeTests.java
@@ -50,4 +50,5 @@ public class AuthorizationGrantTypeTests {
 	public void getValueWhenPasswordGrantTypeThenReturnPassword() {
 		assertThat(AuthorizationGrantType.PASSWORD.getValue()).isEqualTo("password");
 	}
+
 }
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/ClaimAccessorTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/ClaimAccessorTests.java
index 29fa8154bd..4a5a8a2854 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/ClaimAccessorTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/ClaimAccessorTests.java
@@ -34,7 +34,9 @@ import static org.assertj.core.api.Assertions.catchThrowable;
  * @author Joe Grandja
  */
 public class ClaimAccessorTests {
+
 	private Map<String, Object> claims = new HashMap<>();
+
 	private ClaimAccessor claimAccessor = (() -> this.claims);
 
 	@Before
@@ -49,8 +51,8 @@ public class ClaimAccessorTests {
 		String claimName = "date";
 		this.claims.put(claimName, Date.from(expectedClaimValue));
 
-		assertThat(this.claimAccessor.getClaimAsInstant(claimName)).isBetween(
-				expectedClaimValue.minusSeconds(1), expectedClaimValue.plusSeconds(1));
+		assertThat(this.claimAccessor.getClaimAsInstant(claimName)).isBetween(expectedClaimValue.minusSeconds(1),
+				expectedClaimValue.plusSeconds(1));
 	}
 
 	// gh-5191
@@ -60,8 +62,8 @@ public class ClaimAccessorTests {
 		String claimName = "longSeconds";
 		this.claims.put(claimName, expectedClaimValue.getEpochSecond());
 
-		assertThat(this.claimAccessor.getClaimAsInstant(claimName)).isBetween(
-				expectedClaimValue.minusSeconds(1), expectedClaimValue.plusSeconds(1));
+		assertThat(this.claimAccessor.getClaimAsInstant(claimName)).isBetween(expectedClaimValue.minusSeconds(1),
+				expectedClaimValue.plusSeconds(1));
 	}
 
 	@Test
@@ -70,8 +72,8 @@ public class ClaimAccessorTests {
 		String claimName = "instant";
 		this.claims.put(claimName, expectedClaimValue);
 
-		assertThat(this.claimAccessor.getClaimAsInstant(claimName)).isBetween(
-				expectedClaimValue.minusSeconds(1), expectedClaimValue.plusSeconds(1));
+		assertThat(this.claimAccessor.getClaimAsInstant(claimName)).isBetween(expectedClaimValue.minusSeconds(1),
+				expectedClaimValue.plusSeconds(1));
 	}
 
 	// gh-5250
@@ -81,8 +83,8 @@ public class ClaimAccessorTests {
 		String claimName = "integerSeconds";
 		this.claims.put(claimName, Long.valueOf(expectedClaimValue.getEpochSecond()).intValue());
 
-		assertThat(this.claimAccessor.getClaimAsInstant(claimName)).isBetween(
-				expectedClaimValue.minusSeconds(1), expectedClaimValue.plusSeconds(1));
+		assertThat(this.claimAccessor.getClaimAsInstant(claimName)).isBetween(expectedClaimValue.minusSeconds(1),
+				expectedClaimValue.plusSeconds(1));
 	}
 
 	// gh-5250
@@ -92,8 +94,8 @@ public class ClaimAccessorTests {
 		String claimName = "doubleSeconds";
 		this.claims.put(claimName, Long.valueOf(expectedClaimValue.getEpochSecond()).doubleValue());
 
-		assertThat(this.claimAccessor.getClaimAsInstant(claimName)).isBetween(
-				expectedClaimValue.minusSeconds(1), expectedClaimValue.plusSeconds(1));
+		assertThat(this.claimAccessor.getClaimAsInstant(claimName)).isBetween(expectedClaimValue.minusSeconds(1),
+				expectedClaimValue.plusSeconds(1));
 	}
 
 	// gh-5608
@@ -140,8 +142,11 @@ public class ClaimAccessorTests {
 		String claimName = "boolean";
 		this.claims.put(claimName, expectedClaimValue);
 
-		Throwable thrown = catchThrowable(() -> { boolean actualClaimValue = this.claimAccessor.getClaim(claimName); });
+		Throwable thrown = catchThrowable(() -> {
+			boolean actualClaimValue = this.claimAccessor.getClaim(claimName);
+		});
 
 		assertThat(thrown).isInstanceOf(ClassCastException.class);
 	}
+
 }
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/ClientAuthenticationMethodTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/ClientAuthenticationMethodTests.java
index 174388b7ac..fcea86cdf2 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/ClientAuthenticationMethodTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/ClientAuthenticationMethodTests.java
@@ -45,4 +45,5 @@ public class ClientAuthenticationMethodTests {
 	public void getValueWhenAuthenticationMethodNoneThenReturnNone() {
 		assertThat(ClientAuthenticationMethod.NONE.getValue()).isEqualTo("none");
 	}
+
 }
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/DefaultOAuth2AuthenticatedPrincipalTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/DefaultOAuth2AuthenticatedPrincipalTests.java
index 8d794e7a09..012fc99b46 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/DefaultOAuth2AuthenticatedPrincipalTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/DefaultOAuth2AuthenticatedPrincipalTests.java
@@ -34,8 +34,11 @@ import static org.assertj.core.api.Assertions.assertThatCode;
  * @author Josh Cummings
  */
 public class DefaultOAuth2AuthenticatedPrincipalTests {
+
 	String name = "test-subject";
+
 	Map<String, Object> attributes = Collections.singletonMap("sub", this.name);
+
 	Collection<GrantedAuthority> authorities = AuthorityUtils.createAuthorityList("SCOPE_read");
 
 	@Test
@@ -49,33 +52,34 @@ public class DefaultOAuth2AuthenticatedPrincipalTests {
 
 	@Test
 	public void constructorWhenAuthoritiesIsNullOrEmptyThenNoAuthorities() {
-		Collection<? extends GrantedAuthority> authorities =
-				new DefaultOAuth2AuthenticatedPrincipal(this.attributes, null).getAuthorities();
+		Collection<? extends GrantedAuthority> authorities = new DefaultOAuth2AuthenticatedPrincipal(this.attributes,
+				null).getAuthorities();
 		assertThat(authorities).isEmpty();
 
-		authorities = new DefaultOAuth2AuthenticatedPrincipal(this.attributes,
-				Collections.emptyList()).getAuthorities();
+		authorities = new DefaultOAuth2AuthenticatedPrincipal(this.attributes, Collections.emptyList())
+				.getAuthorities();
 		assertThat(authorities).isEmpty();
 	}
 
 	@Test
 	public void constructorWhenNameIsNullThenFallsbackToSubAttribute() {
-		OAuth2AuthenticatedPrincipal principal =
-				new DefaultOAuth2AuthenticatedPrincipal(null, this.attributes, this.authorities);
+		OAuth2AuthenticatedPrincipal principal = new DefaultOAuth2AuthenticatedPrincipal(null, this.attributes,
+				this.authorities);
 		assertThat(principal.getName()).isEqualTo(this.attributes.get("sub"));
 	}
 
 	@Test
 	public void getNameWhenInConstructorThenReturns() {
-		OAuth2AuthenticatedPrincipal principal =
-				new DefaultOAuth2AuthenticatedPrincipal("other-subject", this.attributes, this.authorities);
+		OAuth2AuthenticatedPrincipal principal = new DefaultOAuth2AuthenticatedPrincipal("other-subject",
+				this.attributes, this.authorities);
 		assertThat(principal.getName()).isEqualTo("other-subject");
 	}
 
 	@Test
 	public void getAttributeWhenGivenKeyThenReturnsValue() {
-		OAuth2AuthenticatedPrincipal principal =
-				new DefaultOAuth2AuthenticatedPrincipal(this.attributes, this.authorities);
+		OAuth2AuthenticatedPrincipal principal = new DefaultOAuth2AuthenticatedPrincipal(this.attributes,
+				this.authorities);
 		assertThat((String) principal.getAttribute("sub")).isEqualTo("test-subject");
 	}
+
 }
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/DelegatingOAuth2TokenValidatorTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/DelegatingOAuth2TokenValidatorTests.java
index eb9bc26bbc..621318f6a6 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/DelegatingOAuth2TokenValidatorTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/DelegatingOAuth2TokenValidatorTests.java
@@ -34,13 +34,12 @@ import static org.mockito.Mockito.when;
  * @author Josh Cummings
  */
 public class DelegatingOAuth2TokenValidatorTests {
-	private static final OAuth2Error DETAIL = new OAuth2Error(
-			"error", "description", "uri");
+
+	private static final OAuth2Error DETAIL = new OAuth2Error("error", "description", "uri");
 
 	@Test
 	public void validateWhenNoValidatorsConfiguredThenReturnsSuccessfulResult() {
-		DelegatingOAuth2TokenValidator<AbstractOAuth2Token> tokenValidator =
-				new DelegatingOAuth2TokenValidator<>();
+		DelegatingOAuth2TokenValidator<AbstractOAuth2Token> tokenValidator = new DelegatingOAuth2TokenValidator<>();
 		AbstractOAuth2Token token = mock(AbstractOAuth2Token.class);
 
 		assertThat(tokenValidator.validate(token).hasErrors()).isFalse();
@@ -51,17 +50,14 @@ public class DelegatingOAuth2TokenValidatorTests {
 		OAuth2TokenValidator<AbstractOAuth2Token> success = mock(OAuth2TokenValidator.class);
 		OAuth2TokenValidator<AbstractOAuth2Token> failure = mock(OAuth2TokenValidator.class);
 
-		when(success.validate(any(AbstractOAuth2Token.class)))
-				.thenReturn(OAuth2TokenValidatorResult.success());
-		when(failure.validate(any(AbstractOAuth2Token.class)))
-				.thenReturn(OAuth2TokenValidatorResult.failure(DETAIL));
+		when(success.validate(any(AbstractOAuth2Token.class))).thenReturn(OAuth2TokenValidatorResult.success());
+		when(failure.validate(any(AbstractOAuth2Token.class))).thenReturn(OAuth2TokenValidatorResult.failure(DETAIL));
 
-		DelegatingOAuth2TokenValidator<AbstractOAuth2Token> tokenValidator =
-				new DelegatingOAuth2TokenValidator<>(Arrays.asList(success, failure));
+		DelegatingOAuth2TokenValidator<AbstractOAuth2Token> tokenValidator = new DelegatingOAuth2TokenValidator<>(
+				Arrays.asList(success, failure));
 		AbstractOAuth2Token token = mock(AbstractOAuth2Token.class);
 
-		OAuth2TokenValidatorResult result =
-				tokenValidator.validate(token);
+		OAuth2TokenValidatorResult result = tokenValidator.validate(token);
 
 		assertThat(result.hasErrors()).isTrue();
 		assertThat(result.getErrors()).containsExactly(DETAIL);
@@ -79,12 +75,11 @@ public class DelegatingOAuth2TokenValidatorTests {
 		when(secondFailure.validate(any(AbstractOAuth2Token.class)))
 				.thenReturn(OAuth2TokenValidatorResult.failure(otherDetail));
 
-		DelegatingOAuth2TokenValidator<AbstractOAuth2Token> tokenValidator =
-				new DelegatingOAuth2TokenValidator<>(firstFailure, secondFailure);
+		DelegatingOAuth2TokenValidator<AbstractOAuth2Token> tokenValidator = new DelegatingOAuth2TokenValidator<>(
+				firstFailure, secondFailure);
 		AbstractOAuth2Token token = mock(AbstractOAuth2Token.class);
 
-		OAuth2TokenValidatorResult result =
-				tokenValidator.validate(token);
+		OAuth2TokenValidatorResult result = tokenValidator.validate(token);
 
 		assertThat(result.hasErrors()).isTrue();
 		assertThat(result.getErrors()).containsExactly(DETAIL, otherDetail);
@@ -95,17 +90,14 @@ public class DelegatingOAuth2TokenValidatorTests {
 		OAuth2TokenValidator<AbstractOAuth2Token> firstSuccess = mock(OAuth2TokenValidator.class);
 		OAuth2TokenValidator<AbstractOAuth2Token> secondSuccess = mock(OAuth2TokenValidator.class);
 
-		when(firstSuccess.validate(any(AbstractOAuth2Token.class)))
-				.thenReturn(OAuth2TokenValidatorResult.success());
-		when(secondSuccess.validate(any(AbstractOAuth2Token.class)))
-				.thenReturn(OAuth2TokenValidatorResult.success());
+		when(firstSuccess.validate(any(AbstractOAuth2Token.class))).thenReturn(OAuth2TokenValidatorResult.success());
+		when(secondSuccess.validate(any(AbstractOAuth2Token.class))).thenReturn(OAuth2TokenValidatorResult.success());
 
-		DelegatingOAuth2TokenValidator<AbstractOAuth2Token> tokenValidator =
-				new DelegatingOAuth2TokenValidator<>(Arrays.asList(firstSuccess, secondSuccess));
+		DelegatingOAuth2TokenValidator<AbstractOAuth2Token> tokenValidator = new DelegatingOAuth2TokenValidator<>(
+				Arrays.asList(firstSuccess, secondSuccess));
 		AbstractOAuth2Token token = mock(AbstractOAuth2Token.class);
 
-		OAuth2TokenValidatorResult result =
-				tokenValidator.validate(token);
+		OAuth2TokenValidatorResult result = tokenValidator.validate(token);
 
 		assertThat(result.hasErrors()).isFalse();
 		assertThat(result.getErrors()).isEmpty();
@@ -113,9 +105,9 @@ public class DelegatingOAuth2TokenValidatorTests {
 
 	@Test
 	public void constructorWhenInvokedWithNullValidatorListThenThrowsIllegalArgumentException() {
-		assertThatCode(() -> new DelegatingOAuth2TokenValidator<>
-				((Collection<OAuth2TokenValidator<AbstractOAuth2Token>>) null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatCode(() -> new DelegatingOAuth2TokenValidator<>(
+				(Collection<OAuth2TokenValidator<AbstractOAuth2Token>>) null))
+						.isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
@@ -123,15 +115,13 @@ public class DelegatingOAuth2TokenValidatorTests {
 		OAuth2TokenValidator<AbstractOAuth2Token> firstSuccess = mock(OAuth2TokenValidator.class);
 		OAuth2TokenValidator<AbstractOAuth2Token> secondSuccess = mock(OAuth2TokenValidator.class);
 
-		when(firstSuccess.validate(any(AbstractOAuth2Token.class)))
-				.thenReturn(OAuth2TokenValidatorResult.success());
-		when(secondSuccess.validate(any(AbstractOAuth2Token.class)))
-				.thenReturn(OAuth2TokenValidatorResult.success());
+		when(firstSuccess.validate(any(AbstractOAuth2Token.class))).thenReturn(OAuth2TokenValidatorResult.success());
+		when(secondSuccess.validate(any(AbstractOAuth2Token.class))).thenReturn(OAuth2TokenValidatorResult.success());
 
-		DelegatingOAuth2TokenValidator<AbstractOAuth2Token> firstValidator =
-				new DelegatingOAuth2TokenValidator<>(Arrays.asList(firstSuccess, secondSuccess));
-		DelegatingOAuth2TokenValidator<AbstractOAuth2Token> secondValidator =
-				new DelegatingOAuth2TokenValidator<>(firstSuccess, secondSuccess);
+		DelegatingOAuth2TokenValidator<AbstractOAuth2Token> firstValidator = new DelegatingOAuth2TokenValidator<>(
+				Arrays.asList(firstSuccess, secondSuccess));
+		DelegatingOAuth2TokenValidator<AbstractOAuth2Token> secondValidator = new DelegatingOAuth2TokenValidator<>(
+				firstSuccess, secondSuccess);
 
 		AbstractOAuth2Token token = mock(AbstractOAuth2Token.class);
 
@@ -141,4 +131,5 @@ public class DelegatingOAuth2TokenValidatorTests {
 		verify(firstSuccess, times(2)).validate(token);
 		verify(secondSuccess, times(2)).validate(token);
 	}
+
 }
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2AccessTokenTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2AccessTokenTests.java
index ccede95337..4a63db8351 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2AccessTokenTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2AccessTokenTests.java
@@ -31,10 +31,15 @@ import static org.assertj.core.api.Assertions.assertThat;
  * @author Joe Grandja
  */
 public class OAuth2AccessTokenTests {
+
 	private static final OAuth2AccessToken.TokenType TOKEN_TYPE = OAuth2AccessToken.TokenType.BEARER;
+
 	private static final String TOKEN_VALUE = "access-token";
+
 	private static final Instant ISSUED_AT = Instant.now();
+
 	private static final Instant EXPIRES_AT = Instant.from(ISSUED_AT).plusSeconds(60);
+
 	private static final Set<String> SCOPES = new LinkedHashSet<>(Arrays.asList("scope1", "scope2"));
 
 	@Test
@@ -64,8 +69,7 @@ public class OAuth2AccessTokenTests {
 
 	@Test
 	public void constructorWhenAllParametersProvidedAndValidThenCreated() {
-		OAuth2AccessToken accessToken = new OAuth2AccessToken(
-			TOKEN_TYPE, TOKEN_VALUE, ISSUED_AT, EXPIRES_AT, SCOPES);
+		OAuth2AccessToken accessToken = new OAuth2AccessToken(TOKEN_TYPE, TOKEN_VALUE, ISSUED_AT, EXPIRES_AT, SCOPES);
 
 		assertThat(accessToken.getTokenType()).isEqualTo(TOKEN_TYPE);
 		assertThat(accessToken.getTokenValue()).isEqualTo(TOKEN_VALUE);
@@ -77,8 +81,7 @@ public class OAuth2AccessTokenTests {
 	// gh-5492
 	@Test
 	public void constructorWhenCreatedThenIsSerializableAndDeserializable() {
-		OAuth2AccessToken accessToken = new OAuth2AccessToken(
-				TOKEN_TYPE, TOKEN_VALUE, ISSUED_AT, EXPIRES_AT, SCOPES);
+		OAuth2AccessToken accessToken = new OAuth2AccessToken(TOKEN_TYPE, TOKEN_VALUE, ISSUED_AT, EXPIRES_AT, SCOPES);
 		byte[] serialized = SerializationUtils.serialize(accessToken);
 		accessToken = (OAuth2AccessToken) SerializationUtils.deserialize(serialized);
 
@@ -89,4 +92,5 @@ public class OAuth2AccessTokenTests {
 		assertThat(accessToken.getExpiresAt()).isEqualTo(EXPIRES_AT);
 		assertThat(accessToken.getScopes()).isEqualTo(SCOPES);
 	}
+
 }
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2ErrorTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2ErrorTests.java
index 9cc9b12299..bacc7a3e0d 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2ErrorTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2ErrorTests.java
@@ -25,8 +25,11 @@ import static org.assertj.core.api.Assertions.assertThat;
  * @author Joe Grandja
  */
 public class OAuth2ErrorTests {
+
 	private static final String ERROR_CODE = "error-code";
+
 	private static final String ERROR_DESCRIPTION = "error-description";
+
 	private static final String ERROR_URI = "error-uri";
 
 	@Test(expected = IllegalArgumentException.class)
@@ -42,4 +45,5 @@ public class OAuth2ErrorTests {
 		assertThat(error.getDescription()).isEqualTo(ERROR_DESCRIPTION);
 		assertThat(error.getUri()).isEqualTo(ERROR_URI);
 	}
+
 }
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2TokenValidatorResultTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2TokenValidatorResultTests.java
index 22c56c1576..940d485a9b 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2TokenValidatorResultTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2TokenValidatorResultTests.java
@@ -28,8 +28,8 @@ import static org.assertj.core.api.Assertions.assertThat;
  * @author Josh Cummings
  */
 public class OAuth2TokenValidatorResultTests {
-	private static final OAuth2Error DETAIL = new OAuth2Error(
-			"error", "description", "uri");
+
+	private static final OAuth2Error DETAIL = new OAuth2Error("error", "description", "uri");
 
 	@Test
 	public void successWhenInvokedThenReturnsSuccessfulResult() {
@@ -52,4 +52,5 @@ public class OAuth2TokenValidatorResultTests {
 		assertThat(failure.hasErrors()).isTrue();
 		assertThat(failure.getErrors()).containsExactly(DETAIL, DETAIL);
 	}
+
 }
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/TestOAuth2AccessTokens.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/TestOAuth2AccessTokens.java
index 62ca87ff48..c4ba056f9f 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/TestOAuth2AccessTokens.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/TestOAuth2AccessTokens.java
@@ -26,18 +26,15 @@ import java.util.HashSet;
  * @since 5.1
  */
 public class TestOAuth2AccessTokens {
+
 	public static OAuth2AccessToken noScopes() {
-		return new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,
-				"no-scopes",
-				Instant.now(),
+		return new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, "no-scopes", Instant.now(),
 				Instant.now().plus(Duration.ofDays(1)));
 	}
 
 	public static OAuth2AccessToken scopes(String... scopes) {
-		return new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,
-				"scopes",
-				Instant.now(),
-				Instant.now().plus(Duration.ofDays(1)),
-				new HashSet<>(Arrays.asList(scopes)));
+		return new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, "scopes", Instant.now(),
+				Instant.now().plus(Duration.ofDays(1)), new HashSet<>(Arrays.asList(scopes)));
 	}
+
 }
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/TestOAuth2RefreshTokens.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/TestOAuth2RefreshTokens.java
index 8face452f5..69d56d33bb 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/TestOAuth2RefreshTokens.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/TestOAuth2RefreshTokens.java
@@ -23,7 +23,9 @@ import java.time.Instant;
  * @since 5.1
  */
 public class TestOAuth2RefreshTokens {
+
 	public static OAuth2RefreshToken refreshToken() {
 		return new OAuth2RefreshToken("refresh-token", Instant.now());
 	}
+
 }
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/converter/ClaimConversionServiceTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/converter/ClaimConversionServiceTests.java
index c7b8cc3571..42cb3ffdb4 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/converter/ClaimConversionServiceTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/converter/ClaimConversionServiceTests.java
@@ -38,6 +38,7 @@ import static org.assertj.core.api.Assertions.assertThat;
  * @since 5.2
  */
 public class ClaimConversionServiceTests {
+
 	private final ConversionService conversionService = ClaimConversionService.getSharedInstance();
 
 	@Test
@@ -104,7 +105,8 @@ public class ClaimConversionServiceTests {
 		Instant instant = Instant.now();
 		assertThat(this.conversionService.convert(String.valueOf(instant.getEpochSecond()), Instant.class))
 				.isEqualTo(instant.truncatedTo(ChronoUnit.SECONDS));
-		assertThat(this.conversionService.convert(String.valueOf(instant.toString()), Instant.class)).isEqualTo(instant);
+		assertThat(this.conversionService.convert(String.valueOf(instant.toString()), Instant.class))
+				.isEqualTo(instant);
 	}
 
 	@Test
@@ -179,8 +181,7 @@ public class ClaimConversionServiceTests {
 	@Test
 	public void convertListStringWhenNotConvertibleThenReturnSingletonList() {
 		String string = "not-convertible-list";
-		assertThat(this.conversionService.convert(string, List.class))
-				.isEqualTo(Collections.singletonList(string));
+		assertThat(this.conversionService.convert(string, List.class)).isEqualTo(Collections.singletonList(string));
 	}
 
 	@Test
@@ -224,4 +225,5 @@ public class ClaimConversionServiceTests {
 		List<String> notConvertibleList = Lists.list("1", "2", "3", "4");
 		assertThat(this.conversionService.convert(notConvertibleList, Map.class)).isNull();
 	}
+
 }
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/converter/ClaimTypeConverterTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/converter/ClaimTypeConverterTests.java
index fee193f8e4..9996851324 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/converter/ClaimTypeConverterTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/converter/ClaimTypeConverterTests.java
@@ -38,13 +38,21 @@ import static org.assertj.core.api.Assertions.assertThatThrownBy;
  * @since 5.2
  */
 public class ClaimTypeConverterTests {
+
 	private static final String STRING_CLAIM = "string-claim";
+
 	private static final String BOOLEAN_CLAIM = "boolean-claim";
+
 	private static final String INSTANT_CLAIM = "instant-claim";
+
 	private static final String URL_CLAIM = "url-claim";
+
 	private static final String COLLECTION_STRING_CLAIM = "collection-string-claim";
+
 	private static final String LIST_STRING_CLAIM = "list-string-claim";
+
 	private static final String MAP_STRING_OBJECT_CLAIM = "map-string-object-claim";
+
 	private ClaimTypeConverter claimTypeConverter;
 
 	@Before
@@ -58,8 +66,8 @@ public class ClaimTypeConverterTests {
 				TypeDescriptor.collection(Collection.class, TypeDescriptor.valueOf(String.class)));
 		Converter<Object, ?> listStringConverter = getConverter(
 				TypeDescriptor.collection(List.class, TypeDescriptor.valueOf(String.class)));
-		Converter<Object, ?> mapStringObjectConverter = getConverter(
-				TypeDescriptor.map(Map.class, TypeDescriptor.valueOf(String.class), TypeDescriptor.valueOf(Object.class)));
+		Converter<Object, ?> mapStringObjectConverter = getConverter(TypeDescriptor.map(Map.class,
+				TypeDescriptor.valueOf(String.class), TypeDescriptor.valueOf(Object.class)));
 
 		Map<String, Converter<Object, ?>> claimTypeConverters = new HashMap<>();
 		claimTypeConverters.put(STRING_CLAIM, stringConverter);
@@ -79,8 +87,7 @@ public class ClaimTypeConverterTests {
 
 	@Test
 	public void constructorWhenConvertersNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> new ClaimTypeConverter(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatThrownBy(() -> new ClaimTypeConverter(null)).isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
@@ -167,4 +174,5 @@ public class ClaimTypeConverterTests {
 
 		assertThat(claims.get("claim1")).isSameAs("value1");
 	}
+
 }
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/MapOAuth2AccessTokenResponseConverterTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/MapOAuth2AccessTokenResponseConverterTests.java
index 6af7ed499d..e1bd4d0247 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/MapOAuth2AccessTokenResponseConverterTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/MapOAuth2AccessTokenResponseConverterTests.java
@@ -41,7 +41,6 @@ public class MapOAuth2AccessTokenResponseConverterTests {
 		this.messageConverter = new MapOAuth2AccessTokenResponseConverter();
 	}
 
-
 	@Test
 	public void shouldConvertFull() {
 		Map<String, String> map = new HashMap<>();
@@ -123,4 +122,5 @@ public class MapOAuth2AccessTokenResponseConverterTests {
 		Assert.assertNotNull(additionalParameters);
 		Assert.assertEquals(0, additionalParameters.size());
 	}
+
 }
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseMapConverterTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseMapConverterTests.java
index 980155b6c9..0b6abc2dee 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseMapConverterTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseMapConverterTests.java
@@ -40,7 +40,6 @@ public class OAuth2AccessTokenResponseMapConverterTests {
 		this.messageConverter = new OAuth2AccessTokenResponseMapConverter();
 	}
 
-
 	@Test
 	public void convertFull() {
 		Map<String, Object> additionalParameters = new HashMap<>();
@@ -51,14 +50,9 @@ public class OAuth2AccessTokenResponseMapConverterTests {
 		scopes.add("read");
 		scopes.add("write");
 
-		OAuth2AccessTokenResponse build = OAuth2AccessTokenResponse
-				.withToken("access-token-value-1234")
-				.expiresIn(3699)
-				.additionalParameters(additionalParameters)
-				.refreshToken("refresh-token-value-1234")
-				.scopes(scopes)
-				.tokenType(OAuth2AccessToken.TokenType.BEARER)
-				.build();
+		OAuth2AccessTokenResponse build = OAuth2AccessTokenResponse.withToken("access-token-value-1234").expiresIn(3699)
+				.additionalParameters(additionalParameters).refreshToken("refresh-token-value-1234").scopes(scopes)
+				.tokenType(OAuth2AccessToken.TokenType.BEARER).build();
 		Map<String, String> result = messageConverter.convert(build);
 		Assert.assertEquals(7, result.size());
 
@@ -73,10 +67,8 @@ public class OAuth2AccessTokenResponseMapConverterTests {
 
 	@Test
 	public void convertMinimal() {
-		OAuth2AccessTokenResponse build = OAuth2AccessTokenResponse
-				.withToken("access-token-value-1234")
-				.tokenType(OAuth2AccessToken.TokenType.BEARER)
-				.build();
+		OAuth2AccessTokenResponse build = OAuth2AccessTokenResponse.withToken("access-token-value-1234")
+				.tokenType(OAuth2AccessToken.TokenType.BEARER).build();
 		Map<String, String> result = messageConverter.convert(build);
 		Assert.assertEquals(3, result.size());
 
@@ -84,4 +76,5 @@ public class OAuth2AccessTokenResponseMapConverterTests {
 		Assert.assertEquals("Bearer", result.get("token_type"));
 		Assert.assertNotNull(result.get("expires_in"));
 	}
+
 }
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseTests.java
index 8f2d3aa1cb..0e678aef39 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseTests.java
@@ -34,46 +34,38 @@ import static org.assertj.core.api.Assertions.assertThat;
  * @author Joe Grandja
  */
 public class OAuth2AccessTokenResponseTests {
+
 	private static final String TOKEN_VALUE = "access-token";
+
 	private static final String REFRESH_TOKEN_VALUE = "refresh-token";
+
 	private static final long EXPIRES_IN = Instant.now().plusSeconds(5).toEpochMilli();
 
 	@Test(expected = IllegalArgumentException.class)
 	public void buildWhenTokenValueIsNullThenThrowIllegalArgumentException() {
-		OAuth2AccessTokenResponse.withToken(null)
-			.tokenType(OAuth2AccessToken.TokenType.BEARER)
-			.expiresIn(EXPIRES_IN)
-			.build();
+		OAuth2AccessTokenResponse.withToken(null).tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(EXPIRES_IN)
+				.build();
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void buildWhenTokenTypeIsNullThenThrowIllegalArgumentException() {
-		OAuth2AccessTokenResponse.withToken(TOKEN_VALUE)
-			.tokenType(null)
-			.expiresIn(EXPIRES_IN)
-			.build();
+		OAuth2AccessTokenResponse.withToken(TOKEN_VALUE).tokenType(null).expiresIn(EXPIRES_IN).build();
 	}
 
 	@Test
 	public void buildWhenExpiresInIsZeroThenExpiresAtOneSecondAfterIssueAt() {
-		OAuth2AccessTokenResponse tokenResponse = OAuth2AccessTokenResponse
-			.withToken(TOKEN_VALUE)
-			.tokenType(OAuth2AccessToken.TokenType.BEARER)
-			.expiresIn(0)
-			.build();
-		assertThat(tokenResponse.getAccessToken().getExpiresAt()).isEqualTo(
-			tokenResponse.getAccessToken().getIssuedAt().plusSeconds(1));
+		OAuth2AccessTokenResponse tokenResponse = OAuth2AccessTokenResponse.withToken(TOKEN_VALUE)
+				.tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(0).build();
+		assertThat(tokenResponse.getAccessToken().getExpiresAt())
+				.isEqualTo(tokenResponse.getAccessToken().getIssuedAt().plusSeconds(1));
 	}
 
 	@Test
 	public void buildWhenExpiresInIsNegativeThenExpiresAtOneSecondAfterIssueAt() {
-		OAuth2AccessTokenResponse tokenResponse = OAuth2AccessTokenResponse
-			.withToken(TOKEN_VALUE)
-			.tokenType(OAuth2AccessToken.TokenType.BEARER)
-			.expiresIn(-1L)
-			.build();
-		assertThat(tokenResponse.getAccessToken().getExpiresAt()).isEqualTo(
-			tokenResponse.getAccessToken().getIssuedAt().plusSeconds(1));
+		OAuth2AccessTokenResponse tokenResponse = OAuth2AccessTokenResponse.withToken(TOKEN_VALUE)
+				.tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(-1L).build();
+		assertThat(tokenResponse.getAccessToken().getExpiresAt())
+				.isEqualTo(tokenResponse.getAccessToken().getIssuedAt().plusSeconds(1));
 	}
 
 	@Test
@@ -84,14 +76,9 @@ public class OAuth2AccessTokenResponseTests {
 		additionalParameters.put("param1", "value1");
 		additionalParameters.put("param2", "value2");
 
-		OAuth2AccessTokenResponse tokenResponse = OAuth2AccessTokenResponse
-			.withToken(TOKEN_VALUE)
-			.tokenType(OAuth2AccessToken.TokenType.BEARER)
-			.expiresIn(expiresAt.toEpochMilli())
-			.scopes(scopes)
-			.refreshToken(REFRESH_TOKEN_VALUE)
-			.additionalParameters(additionalParameters)
-			.build();
+		OAuth2AccessTokenResponse tokenResponse = OAuth2AccessTokenResponse.withToken(TOKEN_VALUE)
+				.tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(expiresAt.toEpochMilli()).scopes(scopes)
+				.refreshToken(REFRESH_TOKEN_VALUE).additionalParameters(additionalParameters).build();
 
 		assertThat(tokenResponse.getAccessToken()).isNotNull();
 		assertThat(tokenResponse.getAccessToken().getTokenValue()).isEqualTo(TOKEN_VALUE);
@@ -111,24 +98,21 @@ public class OAuth2AccessTokenResponseTests {
 		additionalParameters.put("param1", "value1");
 		additionalParameters.put("param2", "value2");
 
-		OAuth2AccessTokenResponse tokenResponse = OAuth2AccessTokenResponse
-				.withToken(TOKEN_VALUE)
-				.tokenType(OAuth2AccessToken.TokenType.BEARER)
-				.expiresIn(expiresAt.toEpochMilli())
-				.scopes(scopes)
-				.refreshToken(REFRESH_TOKEN_VALUE)
-				.additionalParameters(additionalParameters)
-				.build();
+		OAuth2AccessTokenResponse tokenResponse = OAuth2AccessTokenResponse.withToken(TOKEN_VALUE)
+				.tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(expiresAt.toEpochMilli()).scopes(scopes)
+				.refreshToken(REFRESH_TOKEN_VALUE).additionalParameters(additionalParameters).build();
 
-		OAuth2AccessTokenResponse withResponse = OAuth2AccessTokenResponse.withResponse(tokenResponse)
-				.build();
+		OAuth2AccessTokenResponse withResponse = OAuth2AccessTokenResponse.withResponse(tokenResponse).build();
 
-		assertThat(withResponse.getAccessToken().getTokenValue()).isEqualTo(tokenResponse.getAccessToken().getTokenValue());
+		assertThat(withResponse.getAccessToken().getTokenValue())
+				.isEqualTo(tokenResponse.getAccessToken().getTokenValue());
 		assertThat(withResponse.getAccessToken().getTokenType()).isEqualTo(OAuth2AccessToken.TokenType.BEARER);
 		assertThat(withResponse.getAccessToken().getIssuedAt()).isEqualTo(tokenResponse.getAccessToken().getIssuedAt());
-		assertThat(withResponse.getAccessToken().getExpiresAt()).isEqualTo(tokenResponse.getAccessToken().getExpiresAt());
+		assertThat(withResponse.getAccessToken().getExpiresAt())
+				.isEqualTo(tokenResponse.getAccessToken().getExpiresAt());
 		assertThat(withResponse.getAccessToken().getScopes()).isEqualTo(tokenResponse.getAccessToken().getScopes());
-		assertThat(withResponse.getRefreshToken().getTokenValue()).isEqualTo(tokenResponse.getRefreshToken().getTokenValue());
+		assertThat(withResponse.getRefreshToken().getTokenValue())
+				.isEqualTo(tokenResponse.getRefreshToken().getTokenValue());
 		assertThat(withResponse.getAdditionalParameters()).isEqualTo(tokenResponse.getAdditionalParameters());
 	}
 
@@ -140,33 +124,26 @@ public class OAuth2AccessTokenResponseTests {
 		additionalParameters.put("param1", "value1");
 		additionalParameters.put("param2", "value2");
 
-		OAuth2AccessTokenResponse tokenResponse = OAuth2AccessTokenResponse
-				.withToken(TOKEN_VALUE)
-				.tokenType(OAuth2AccessToken.TokenType.BEARER)
-				.expiresIn(expiresAt.toEpochMilli())
-				.scopes(scopes)
-				.additionalParameters(additionalParameters)
-				.build();
+		OAuth2AccessTokenResponse tokenResponse = OAuth2AccessTokenResponse.withToken(TOKEN_VALUE)
+				.tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(expiresAt.toEpochMilli()).scopes(scopes)
+				.additionalParameters(additionalParameters).build();
 
-		OAuth2AccessTokenResponse withResponse = OAuth2AccessTokenResponse.withResponse(tokenResponse)
-				.build();
+		OAuth2AccessTokenResponse withResponse = OAuth2AccessTokenResponse.withResponse(tokenResponse).build();
 
 		assertThat(withResponse.getRefreshToken()).isNull();
 	}
 
 	@Test
 	public void buildWhenResponseAndExpiresInThenExpiresAtEqualToIssuedAtPlusExpiresIn() {
-		OAuth2AccessTokenResponse tokenResponse = OAuth2AccessTokenResponse
-				.withToken(TOKEN_VALUE)
-				.tokenType(OAuth2AccessToken.TokenType.BEARER)
-				.build();
+		OAuth2AccessTokenResponse tokenResponse = OAuth2AccessTokenResponse.withToken(TOKEN_VALUE)
+				.tokenType(OAuth2AccessToken.TokenType.BEARER).build();
 
 		long expiresIn = 30;
 		OAuth2AccessTokenResponse withResponse = OAuth2AccessTokenResponse.withResponse(tokenResponse)
-				.expiresIn(expiresIn)
-				.build();
+				.expiresIn(expiresIn).build();
 
-		assertThat(withResponse.getAccessToken().getExpiresAt()).isEqualTo(
-				withResponse.getAccessToken().getIssuedAt().plusSeconds(expiresIn));
+		assertThat(withResponse.getAccessToken().getExpiresAt())
+				.isEqualTo(withResponse.getAccessToken().getIssuedAt().plusSeconds(expiresIn));
 	}
+
 }
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationExchangeTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationExchangeTests.java
index 6986e19496..7c8cb0bc0e 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationExchangeTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationExchangeTests.java
@@ -42,9 +42,10 @@ public class OAuth2AuthorizationExchangeTests {
 	public void constructorWhenRequiredArgsProvidedThenCreated() {
 		OAuth2AuthorizationRequest authorizationRequest = request().build();
 		OAuth2AuthorizationResponse authorizationResponse = success().build();
-		OAuth2AuthorizationExchange authorizationExchange =
-			new OAuth2AuthorizationExchange(authorizationRequest, authorizationResponse);
+		OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(authorizationRequest,
+				authorizationResponse);
 		assertThat(authorizationExchange.getAuthorizationRequest()).isEqualTo(authorizationRequest);
 		assertThat(authorizationExchange.getAuthorizationResponse()).isEqualTo(authorizationResponse);
 	}
+
 }
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequestTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequestTests.java
index 8f0745d4f2..4805ed0770 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequestTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequestTests.java
@@ -36,113 +36,70 @@ import static org.assertj.core.api.Assertions.assertThatThrownBy;
  * @author Joe Grandja
  */
 public class OAuth2AuthorizationRequestTests {
+
 	private static final String AUTHORIZATION_URI = "https://provider.com/oauth2/authorize";
+
 	private static final String CLIENT_ID = "client-id";
+
 	private static final String REDIRECT_URI = "https://example.com";
+
 	private static final Set<String> SCOPES = new LinkedHashSet<>(Arrays.asList("scope1", "scope2"));
+
 	private static final String STATE = "state";
 
 	@Test
 	public void buildWhenAuthorizationUriIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() ->
-				OAuth2AuthorizationRequest.authorizationCode()
-					.authorizationUri(null)
-					.clientId(CLIENT_ID)
-					.redirectUri(REDIRECT_URI)
-					.scopes(SCOPES)
-					.state(STATE)
-					.build()
-		).isInstanceOf(IllegalArgumentException.class);
+		assertThatThrownBy(() -> OAuth2AuthorizationRequest.authorizationCode().authorizationUri(null)
+				.clientId(CLIENT_ID).redirectUri(REDIRECT_URI).scopes(SCOPES).state(STATE).build())
+						.isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
 	public void buildWhenClientIdIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() ->
-				OAuth2AuthorizationRequest.authorizationCode()
-					.authorizationUri(AUTHORIZATION_URI)
-					.clientId(null)
-					.redirectUri(REDIRECT_URI)
-					.scopes(SCOPES)
-					.state(STATE)
-					.build()
-		).isInstanceOf(IllegalArgumentException.class);
+		assertThatThrownBy(() -> OAuth2AuthorizationRequest.authorizationCode().authorizationUri(AUTHORIZATION_URI)
+				.clientId(null).redirectUri(REDIRECT_URI).scopes(SCOPES).state(STATE).build())
+						.isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
 	public void buildWhenRedirectUriIsNullForImplicitThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() ->
-				OAuth2AuthorizationRequest.implicit()
-					.authorizationUri(AUTHORIZATION_URI)
-					.clientId(CLIENT_ID)
-					.redirectUri(null)
-					.scopes(SCOPES)
-					.state(STATE)
-					.build()
-		).isInstanceOf(IllegalArgumentException.class);
+		assertThatThrownBy(() -> OAuth2AuthorizationRequest.implicit().authorizationUri(AUTHORIZATION_URI)
+				.clientId(CLIENT_ID).redirectUri(null).scopes(SCOPES).state(STATE).build())
+						.isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
 	public void buildWhenRedirectUriIsNullForAuthorizationCodeThenDoesNotThrowAnyException() {
-		assertThatCode(() ->
-				OAuth2AuthorizationRequest.authorizationCode()
-					.authorizationUri(AUTHORIZATION_URI)
-					.clientId(CLIENT_ID)
-					.redirectUri(null)
-					.scopes(SCOPES)
-					.state(STATE)
-					.build())
-				.doesNotThrowAnyException();
+		assertThatCode(() -> OAuth2AuthorizationRequest.authorizationCode().authorizationUri(AUTHORIZATION_URI)
+				.clientId(CLIENT_ID).redirectUri(null).scopes(SCOPES).state(STATE).build()).doesNotThrowAnyException();
 	}
 
 	@Test
 	public void buildWhenScopesIsNullThenDoesNotThrowAnyException() {
-		assertThatCode(() ->
-				OAuth2AuthorizationRequest.authorizationCode()
-					.authorizationUri(AUTHORIZATION_URI)
-					.clientId(CLIENT_ID)
-					.redirectUri(REDIRECT_URI)
-					.scopes(null)
-					.state(STATE)
-					.build())
-				.doesNotThrowAnyException();
+		assertThatCode(() -> OAuth2AuthorizationRequest.authorizationCode().authorizationUri(AUTHORIZATION_URI)
+				.clientId(CLIENT_ID).redirectUri(REDIRECT_URI).scopes(null).state(STATE).build())
+						.doesNotThrowAnyException();
 	}
 
 	@Test
 	public void buildWhenStateIsNullThenDoesNotThrowAnyException() {
-		assertThatCode(() ->
-				OAuth2AuthorizationRequest.authorizationCode()
-					.authorizationUri(AUTHORIZATION_URI)
-					.clientId(CLIENT_ID)
-					.redirectUri(REDIRECT_URI)
-					.scopes(SCOPES)
-					.state(null)
-					.build())
-				.doesNotThrowAnyException();
+		assertThatCode(() -> OAuth2AuthorizationRequest.authorizationCode().authorizationUri(AUTHORIZATION_URI)
+				.clientId(CLIENT_ID).redirectUri(REDIRECT_URI).scopes(SCOPES).state(null).build())
+						.doesNotThrowAnyException();
 	}
 
 	@Test
 	public void buildWhenAdditionalParametersEmptyThenDoesNotThrowAnyException() {
-		assertThatCode(() ->
-				OAuth2AuthorizationRequest.authorizationCode()
-					.authorizationUri(AUTHORIZATION_URI)
-					.clientId(CLIENT_ID)
-					.redirectUri(REDIRECT_URI)
-					.scopes(SCOPES)
-					.state(STATE)
-					.additionalParameters(Map::clear)
-					.build())
-				.doesNotThrowAnyException();
+		assertThatCode(() -> OAuth2AuthorizationRequest.authorizationCode().authorizationUri(AUTHORIZATION_URI)
+				.clientId(CLIENT_ID).redirectUri(REDIRECT_URI).scopes(SCOPES).state(STATE)
+				.additionalParameters(Map::clear).build()).doesNotThrowAnyException();
 	}
 
 	@Test
 	public void buildWhenImplicitThenGrantTypeResponseTypeIsSet() {
 		OAuth2AuthorizationRequest authorizationRequest = OAuth2AuthorizationRequest.implicit()
-				.authorizationUri(AUTHORIZATION_URI)
-				.clientId(CLIENT_ID)
-				.redirectUri(REDIRECT_URI)
-				.scopes(SCOPES)
-				.state(STATE)
-				.build();
+				.authorizationUri(AUTHORIZATION_URI).clientId(CLIENT_ID).redirectUri(REDIRECT_URI).scopes(SCOPES)
+				.state(STATE).build();
 		assertThat(authorizationRequest.getGrantType()).isEqualTo(AuthorizationGrantType.IMPLICIT);
 		assertThat(authorizationRequest.getResponseType()).isEqualTo(OAuth2AuthorizationResponseType.TOKEN);
 	}
@@ -150,11 +107,7 @@ public class OAuth2AuthorizationRequestTests {
 	@Test
 	public void buildWhenAuthorizationCodeThenGrantTypeResponseTypeIsSet() {
 		OAuth2AuthorizationRequest authorizationRequest = OAuth2AuthorizationRequest.authorizationCode()
-				.authorizationUri(AUTHORIZATION_URI)
-				.clientId(CLIENT_ID)
-				.redirectUri(null)
-				.scopes(SCOPES)
-				.state(STATE)
+				.authorizationUri(AUTHORIZATION_URI).clientId(CLIENT_ID).redirectUri(null).scopes(SCOPES).state(STATE)
 				.build();
 		assertThat(authorizationRequest.getGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
 		assertThat(authorizationRequest.getResponseType()).isEqualTo(OAuth2AuthorizationResponseType.CODE);
@@ -171,15 +124,9 @@ public class OAuth2AuthorizationRequestTests {
 		attributes.put("attribute2", "value2");
 
 		OAuth2AuthorizationRequest authorizationRequest = OAuth2AuthorizationRequest.authorizationCode()
-				.authorizationUri(AUTHORIZATION_URI)
-				.clientId(CLIENT_ID)
-				.redirectUri(REDIRECT_URI)
-				.scopes(SCOPES)
-				.state(STATE)
-				.additionalParameters(additionalParameters)
-				.attributes(attributes)
-				.authorizationRequestUri(AUTHORIZATION_URI)
-				.build();
+				.authorizationUri(AUTHORIZATION_URI).clientId(CLIENT_ID).redirectUri(REDIRECT_URI).scopes(SCOPES)
+				.state(STATE).additionalParameters(additionalParameters).attributes(attributes)
+				.authorizationRequestUri(AUTHORIZATION_URI).build();
 
 		assertThat(authorizationRequest.getAuthorizationUri()).isEqualTo(AUTHORIZATION_URI);
 		assertThat(authorizationRequest.getGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
@@ -196,43 +143,27 @@ public class OAuth2AuthorizationRequestTests {
 	@Test
 	public void buildWhenScopesMultiThenSeparatedByEncodedSpace() {
 		OAuth2AuthorizationRequest authorizationRequest = OAuth2AuthorizationRequest.implicit()
-				.authorizationUri(AUTHORIZATION_URI)
-				.clientId(CLIENT_ID)
-				.redirectUri(REDIRECT_URI)
-				.scopes(SCOPES)
-				.state(STATE)
-				.build();
+				.authorizationUri(AUTHORIZATION_URI).clientId(CLIENT_ID).redirectUri(REDIRECT_URI).scopes(SCOPES)
+				.state(STATE).build();
 
 		assertThat(authorizationRequest.getAuthorizationRequestUri())
-				.isEqualTo("https://provider.com/oauth2/authorize?" +
-						"response_type=token&client_id=client-id&" +
-						"scope=scope1%20scope2&state=state&" +
-						"redirect_uri=https://example.com");
+				.isEqualTo("https://provider.com/oauth2/authorize?" + "response_type=token&client_id=client-id&"
+						+ "scope=scope1%20scope2&state=state&" + "redirect_uri=https://example.com");
 	}
 
 	@Test
 	public void buildWhenAuthorizationRequestUriSetThenOverridesDefault() {
 		OAuth2AuthorizationRequest authorizationRequest = OAuth2AuthorizationRequest.authorizationCode()
-				.authorizationUri(AUTHORIZATION_URI)
-				.clientId(CLIENT_ID)
-				.redirectUri(REDIRECT_URI)
-				.scopes(SCOPES)
-				.state(STATE)
-				.authorizationRequestUri(AUTHORIZATION_URI)
-				.build();
+				.authorizationUri(AUTHORIZATION_URI).clientId(CLIENT_ID).redirectUri(REDIRECT_URI).scopes(SCOPES)
+				.state(STATE).authorizationRequestUri(AUTHORIZATION_URI).build();
 		assertThat(authorizationRequest.getAuthorizationRequestUri()).isEqualTo(AUTHORIZATION_URI);
 	}
 
 	@Test
 	public void buildWhenAuthorizationRequestUriFunctionSetThenOverridesDefault() {
 		OAuth2AuthorizationRequest authorizationRequest = OAuth2AuthorizationRequest.authorizationCode()
-				.authorizationUri(AUTHORIZATION_URI)
-				.clientId(CLIENT_ID)
-				.redirectUri(REDIRECT_URI)
-				.scopes(SCOPES)
-				.state(STATE)
-				.authorizationRequestUri(uriBuilder -> URI.create(AUTHORIZATION_URI))
-				.build();
+				.authorizationUri(AUTHORIZATION_URI).clientId(CLIENT_ID).redirectUri(REDIRECT_URI).scopes(SCOPES)
+				.state(STATE).authorizationRequestUri(uriBuilder -> URI.create(AUTHORIZATION_URI)).build();
 		assertThat(authorizationRequest.getAuthorizationRequestUri()).isEqualTo(AUTHORIZATION_URI);
 	}
 
@@ -243,30 +174,22 @@ public class OAuth2AuthorizationRequestTests {
 		additionalParameters.put("param2", "value2");
 
 		OAuth2AuthorizationRequest authorizationRequest = OAuth2AuthorizationRequest.authorizationCode()
-				.authorizationUri(AUTHORIZATION_URI)
-				.clientId(CLIENT_ID)
-				.redirectUri(REDIRECT_URI)
-				.scopes(SCOPES)
-				.state(STATE)
-				.additionalParameters(additionalParameters)
-				.build();
+				.authorizationUri(AUTHORIZATION_URI).clientId(CLIENT_ID).redirectUri(REDIRECT_URI).scopes(SCOPES)
+				.state(STATE).additionalParameters(additionalParameters).build();
 
 		assertThat(authorizationRequest.getAuthorizationRequestUri()).isNotNull();
-		assertThat(authorizationRequest.getAuthorizationRequestUri())
-				.isEqualTo("https://provider.com/oauth2/authorize?" +
-						"response_type=code&client_id=client-id&" +
-						"scope=scope1%20scope2&state=state&" +
-						"redirect_uri=https://example.com&param1=value1&param2=value2");
+		assertThat(authorizationRequest.getAuthorizationRequestUri()).isEqualTo("https://provider.com/oauth2/authorize?"
+				+ "response_type=code&client_id=client-id&" + "scope=scope1%20scope2&state=state&"
+				+ "redirect_uri=https://example.com&param1=value1&param2=value2");
 	}
 
 	@Test
 	public void buildWhenRequiredParametersSetThenAuthorizationRequestUriIncludesRequiredParametersOnly() {
 		OAuth2AuthorizationRequest authorizationRequest = OAuth2AuthorizationRequest.authorizationCode()
-				.authorizationUri(AUTHORIZATION_URI)
-				.clientId(CLIENT_ID)
-				.build();
+				.authorizationUri(AUTHORIZATION_URI).clientId(CLIENT_ID).build();
 
-		assertThat(authorizationRequest.getAuthorizationRequestUri()).isEqualTo("https://provider.com/oauth2/authorize?response_type=code&client_id=client-id");
+		assertThat(authorizationRequest.getAuthorizationRequestUri())
+				.isEqualTo("https://provider.com/oauth2/authorize?response_type=code&client_id=client-id");
 	}
 
 	@Test
@@ -285,58 +208,50 @@ public class OAuth2AuthorizationRequestTests {
 		attributes.put("attribute2", "value2");
 
 		OAuth2AuthorizationRequest authorizationRequest = OAuth2AuthorizationRequest.authorizationCode()
-				.authorizationUri(AUTHORIZATION_URI)
-				.clientId(CLIENT_ID)
-				.redirectUri(REDIRECT_URI)
-				.scopes(SCOPES)
-				.state(STATE)
-				.additionalParameters(additionalParameters)
-				.attributes(attributes)
+				.authorizationUri(AUTHORIZATION_URI).clientId(CLIENT_ID).redirectUri(REDIRECT_URI).scopes(SCOPES)
+				.state(STATE).additionalParameters(additionalParameters).attributes(attributes).build();
+
+		OAuth2AuthorizationRequest authorizationRequestCopy = OAuth2AuthorizationRequest.from(authorizationRequest)
 				.build();
 
-		OAuth2AuthorizationRequest authorizationRequestCopy =
-				OAuth2AuthorizationRequest.from(authorizationRequest).build();
-
-		assertThat(authorizationRequestCopy.getAuthorizationUri()).isEqualTo(authorizationRequest.getAuthorizationUri());
+		assertThat(authorizationRequestCopy.getAuthorizationUri())
+				.isEqualTo(authorizationRequest.getAuthorizationUri());
 		assertThat(authorizationRequestCopy.getGrantType()).isEqualTo(authorizationRequest.getGrantType());
 		assertThat(authorizationRequestCopy.getResponseType()).isEqualTo(authorizationRequest.getResponseType());
 		assertThat(authorizationRequestCopy.getClientId()).isEqualTo(authorizationRequest.getClientId());
 		assertThat(authorizationRequestCopy.getRedirectUri()).isEqualTo(authorizationRequest.getRedirectUri());
 		assertThat(authorizationRequestCopy.getScopes()).isEqualTo(authorizationRequest.getScopes());
 		assertThat(authorizationRequestCopy.getState()).isEqualTo(authorizationRequest.getState());
-		assertThat(authorizationRequestCopy.getAdditionalParameters()).isEqualTo(authorizationRequest.getAdditionalParameters());
+		assertThat(authorizationRequestCopy.getAdditionalParameters())
+				.isEqualTo(authorizationRequest.getAdditionalParameters());
 		assertThat(authorizationRequestCopy.getAttributes()).isEqualTo(authorizationRequest.getAttributes());
-		assertThat(authorizationRequestCopy.getAuthorizationRequestUri()).isEqualTo(authorizationRequest.getAuthorizationRequestUri());
+		assertThat(authorizationRequestCopy.getAuthorizationRequestUri())
+				.isEqualTo(authorizationRequest.getAuthorizationRequestUri());
 	}
 
 	@Test
 	public void buildWhenAuthorizationUriIncludesQueryParameterThenAuthorizationRequestUrlIncludesIt() {
-		OAuth2AuthorizationRequest authorizationRequest =
-				TestOAuth2AuthorizationRequests.request()
-						.authorizationUri(AUTHORIZATION_URI +
-								"?param1=value1&param2=value2").build();
+		OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request()
+				.authorizationUri(AUTHORIZATION_URI + "?param1=value1&param2=value2").build();
 
 		assertThat(authorizationRequest.getAuthorizationRequestUri()).isNotNull();
-		assertThat(authorizationRequest.getAuthorizationRequestUri())
-				.isEqualTo("https://provider.com/oauth2/authorize?" +
-						"param1=value1&param2=value2&" +
-						"response_type=code&client_id=client-id&state=state&" +
-						"redirect_uri=https://example.com/authorize/oauth2/code/registration-id");
+		assertThat(authorizationRequest.getAuthorizationRequestUri()).isEqualTo("https://provider.com/oauth2/authorize?"
+				+ "param1=value1&param2=value2&" + "response_type=code&client_id=client-id&state=state&"
+				+ "redirect_uri=https://example.com/authorize/oauth2/code/registration-id");
 	}
 
 	@Test
 	public void buildWhenAuthorizationUriIncludesEscapedQueryParameterThenAuthorizationRequestUrlIncludesIt() {
-		OAuth2AuthorizationRequest authorizationRequest =
-				TestOAuth2AuthorizationRequests.request()
-						.authorizationUri(AUTHORIZATION_URI +
-								"?claims=%7B%22userinfo%22%3A%7B%22email_verified%22%3A%7B%22essential%22%3Atrue%7D%7D%7D").build();
+		OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request()
+				.authorizationUri(AUTHORIZATION_URI
+						+ "?claims=%7B%22userinfo%22%3A%7B%22email_verified%22%3A%7B%22essential%22%3Atrue%7D%7D%7D")
+				.build();
 
 		assertThat(authorizationRequest.getAuthorizationRequestUri()).isNotNull();
-		assertThat(authorizationRequest.getAuthorizationRequestUri())
-				.isEqualTo("https://provider.com/oauth2/authorize?" +
-						"claims=%7B%22userinfo%22%3A%7B%22email_verified%22%3A%7B%22essential%22%3Atrue%7D%7D%7D&" +
-						"response_type=code&client_id=client-id&state=state&" +
-						"redirect_uri=https://example.com/authorize/oauth2/code/registration-id");
+		assertThat(authorizationRequest.getAuthorizationRequestUri()).isEqualTo("https://provider.com/oauth2/authorize?"
+				+ "claims=%7B%22userinfo%22%3A%7B%22email_verified%22%3A%7B%22essential%22%3Atrue%7D%7D%7D&"
+				+ "response_type=code&client_id=client-id&state=state&"
+				+ "redirect_uri=https://example.com/authorize/oauth2/code/registration-id");
 	}
 
 	@Test
@@ -345,16 +260,14 @@ public class OAuth2AuthorizationRequestTests {
 		additionalParameters.put("item amount", "19.95" + '\u20ac');
 		additionalParameters.put("item name", "H" + '\u00c5' + "M" + '\u00d6');
 		additionalParameters.put('\u00e2' + "ge", "4" + '\u00bd');
-		OAuth2AuthorizationRequest authorizationRequest =
-				TestOAuth2AuthorizationRequests.request()
-						.additionalParameters(additionalParameters)
-						.build();
+		OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request()
+				.additionalParameters(additionalParameters).build();
 
 		assertThat(authorizationRequest.getAuthorizationRequestUri()).isNotNull();
-		assertThat(authorizationRequest.getAuthorizationRequestUri())
-				.isEqualTo("https://example.com/login/oauth/authorize?" +
-						"response_type=code&client_id=client-id&state=state&" +
-						"redirect_uri=https://example.com/authorize/oauth2/code/registration-id&" +
-						"item%20amount=19.95%E2%82%AC&%C3%A2ge=4%C2%BD&item%20name=H%C3%85M%C3%96");
+		assertThat(authorizationRequest.getAuthorizationRequestUri()).isEqualTo(
+				"https://example.com/login/oauth/authorize?" + "response_type=code&client_id=client-id&state=state&"
+						+ "redirect_uri=https://example.com/authorize/oauth2/code/registration-id&"
+						+ "item%20amount=19.95%E2%82%AC&%C3%A2ge=4%C2%BD&item%20name=H%C3%85M%C3%96");
 	}
+
 }
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationResponseTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationResponseTests.java
index 00bd042b70..d3757fe5dd 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationResponseTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationResponseTests.java
@@ -26,43 +26,40 @@ import static org.assertj.core.api.Assertions.assertThatCode;
  * @author Joe Grandja
  */
 public class OAuth2AuthorizationResponseTests {
+
 	private static final String AUTH_CODE = "auth-code";
+
 	private static final String REDIRECT_URI = "https://example.com";
+
 	private static final String STATE = "state";
+
 	private static final String ERROR_CODE = "error-code";
+
 	private static final String ERROR_DESCRIPTION = "error-description";
+
 	private static final String ERROR_URI = "error-uri";
 
 	@Test(expected = IllegalArgumentException.class)
 	public void buildSuccessResponseWhenAuthCodeIsNullThenThrowIllegalArgumentException() {
-		OAuth2AuthorizationResponse.success(null)
-			.redirectUri(REDIRECT_URI)
-			.state(STATE)
-			.build();
+		OAuth2AuthorizationResponse.success(null).redirectUri(REDIRECT_URI).state(STATE).build();
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void buildSuccessResponseWhenRedirectUriIsNullThenThrowIllegalArgumentException() {
-		OAuth2AuthorizationResponse.success(AUTH_CODE)
-			.redirectUri(null)
-			.state(STATE)
-			.build();
+		OAuth2AuthorizationResponse.success(AUTH_CODE).redirectUri(null).state(STATE).build();
 	}
 
 	@Test
 	public void buildSuccessResponseWhenStateIsNullThenDoesNotThrowAnyException() {
-		assertThatCode(() -> OAuth2AuthorizationResponse.success(AUTH_CODE)
-			.redirectUri(REDIRECT_URI)
-			.state(null)
-			.build()).doesNotThrowAnyException();
+		assertThatCode(
+				() -> OAuth2AuthorizationResponse.success(AUTH_CODE).redirectUri(REDIRECT_URI).state(null).build())
+						.doesNotThrowAnyException();
 	}
 
 	@Test
 	public void buildSuccessResponseWhenAllAttributesProvidedThenAllAttributesAreSet() {
 		OAuth2AuthorizationResponse authorizationResponse = OAuth2AuthorizationResponse.success(AUTH_CODE)
-			.redirectUri(REDIRECT_URI)
-			.state(STATE)
-			.build();
+				.redirectUri(REDIRECT_URI).state(STATE).build();
 		assertThat(authorizationResponse.getCode()).isEqualTo(AUTH_CODE);
 		assertThat(authorizationResponse.getRedirectUri()).isEqualTo(REDIRECT_URI);
 		assertThat(authorizationResponse.getState()).isEqualTo(STATE);
@@ -70,45 +67,31 @@ public class OAuth2AuthorizationResponseTests {
 
 	@Test(expected = IllegalArgumentException.class)
 	public void buildSuccessResponseWhenErrorCodeIsSetThenThrowIllegalArgumentException() {
-		OAuth2AuthorizationResponse.success(AUTH_CODE)
-			.redirectUri(REDIRECT_URI)
-			.state(STATE)
-			.errorCode(ERROR_CODE)
-			.build();
+		OAuth2AuthorizationResponse.success(AUTH_CODE).redirectUri(REDIRECT_URI).state(STATE).errorCode(ERROR_CODE)
+				.build();
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void buildErrorResponseWhenErrorCodeIsNullThenThrowIllegalArgumentException() {
-		OAuth2AuthorizationResponse.error(null)
-			.redirectUri(REDIRECT_URI)
-			.state(STATE)
-			.build();
+		OAuth2AuthorizationResponse.error(null).redirectUri(REDIRECT_URI).state(STATE).build();
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void buildErrorResponseWhenRedirectUriIsNullThenThrowIllegalArgumentException() {
-		OAuth2AuthorizationResponse.error(ERROR_CODE)
-			.redirectUri(null)
-			.state(STATE)
-			.build();
+		OAuth2AuthorizationResponse.error(ERROR_CODE).redirectUri(null).state(STATE).build();
 	}
 
 	@Test
 	public void buildErrorResponseWhenStateIsNullThenDoesNotThrowAnyException() {
-		assertThatCode(() -> OAuth2AuthorizationResponse.error(ERROR_CODE)
-			.redirectUri(REDIRECT_URI)
-			.state(null)
-			.build()).doesNotThrowAnyException();
+		assertThatCode(
+				() -> OAuth2AuthorizationResponse.error(ERROR_CODE).redirectUri(REDIRECT_URI).state(null).build())
+						.doesNotThrowAnyException();
 	}
 
 	@Test
 	public void buildErrorResponseWhenAllAttributesProvidedThenAllAttributesAreSet() {
 		OAuth2AuthorizationResponse authorizationResponse = OAuth2AuthorizationResponse.error(ERROR_CODE)
-			.errorDescription(ERROR_DESCRIPTION)
-			.errorUri(ERROR_URI)
-			.redirectUri(REDIRECT_URI)
-			.state(STATE)
-			.build();
+				.errorDescription(ERROR_DESCRIPTION).errorUri(ERROR_URI).redirectUri(REDIRECT_URI).state(STATE).build();
 		assertThat(authorizationResponse.getError().getErrorCode()).isEqualTo(ERROR_CODE);
 		assertThat(authorizationResponse.getError().getDescription()).isEqualTo(ERROR_DESCRIPTION);
 		assertThat(authorizationResponse.getError().getUri()).isEqualTo(ERROR_URI);
@@ -118,10 +101,7 @@ public class OAuth2AuthorizationResponseTests {
 
 	@Test(expected = IllegalArgumentException.class)
 	public void buildErrorResponseWhenAuthCodeIsSetThenThrowIllegalArgumentException() {
-		OAuth2AuthorizationResponse.error(ERROR_CODE)
-			.redirectUri(REDIRECT_URI)
-			.state(STATE)
-			.code(AUTH_CODE)
-			.build();
+		OAuth2AuthorizationResponse.error(ERROR_CODE).redirectUri(REDIRECT_URI).state(STATE).code(AUTH_CODE).build();
 	}
+
 }
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationResponseTypeTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationResponseTypeTests.java
index dd963fa0a1..f039a93683 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationResponseTypeTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationResponseTypeTests.java
@@ -35,4 +35,5 @@ public class OAuth2AuthorizationResponseTypeTests {
 	public void getValueWhenResponseTypeTokenThenReturnToken() {
 		assertThat(OAuth2AuthorizationResponseType.TOKEN.getValue()).isEqualTo("token");
 	}
+
 }
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TestOAuth2AccessTokenResponses.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TestOAuth2AccessTokenResponses.java
index 3cee5f9ef1..7cc0bf27f5 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TestOAuth2AccessTokenResponses.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TestOAuth2AccessTokenResponses.java
@@ -27,15 +27,15 @@ import java.util.Map;
  * @since 5.1
  */
 public class TestOAuth2AccessTokenResponses {
+
 	public static OAuth2AccessTokenResponse.Builder accessTokenResponse() {
-		return OAuth2AccessTokenResponse.withToken("token")
-				.tokenType(OAuth2AccessToken.TokenType.BEARER);
+		return OAuth2AccessTokenResponse.withToken("token").tokenType(OAuth2AccessToken.TokenType.BEARER);
 	}
 
 	public static OAuth2AccessTokenResponse.Builder oidcAccessTokenResponse() {
 		Map<String, Object> additionalParameters = new HashMap<>();
 		additionalParameters.put(OidcParameterNames.ID_TOKEN, "id-token");
-		return accessTokenResponse()
-				.additionalParameters(additionalParameters);
+		return accessTokenResponse().additionalParameters(additionalParameters);
 	}
+
 }
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TestOAuth2AuthorizationExchanges.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TestOAuth2AuthorizationExchanges.java
index 98fdbec1dc..68cb45df48 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TestOAuth2AuthorizationExchanges.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TestOAuth2AuthorizationExchanges.java
@@ -34,4 +34,5 @@ public class TestOAuth2AuthorizationExchanges {
 		OAuth2AuthorizationResponse response = TestOAuth2AuthorizationResponses.error().build();
 		return new OAuth2AuthorizationExchange(request, response);
 	}
+
 }
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TestOAuth2AuthorizationRequests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TestOAuth2AuthorizationRequests.java
index b160cdbf32..ccfa6679c0 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TestOAuth2AuthorizationRequests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TestOAuth2AuthorizationRequests.java
@@ -24,20 +24,20 @@ import java.util.Map;
  * @since 5.1
  */
 public class TestOAuth2AuthorizationRequests {
+
 	public static OAuth2AuthorizationRequest.Builder request() {
 		String registrationId = "registration-id";
 		String clientId = "client-id";
 		Map<String, Object> attributes = new HashMap<>();
 		attributes.put(OAuth2ParameterNames.REGISTRATION_ID, registrationId);
 		return OAuth2AuthorizationRequest.authorizationCode()
-				.authorizationUri("https://example.com/login/oauth/authorize")
-				.clientId(clientId)
-				.redirectUri("https://example.com/authorize/oauth2/code/registration-id")
-				.state("state")
+				.authorizationUri("https://example.com/login/oauth/authorize").clientId(clientId)
+				.redirectUri("https://example.com/authorize/oauth2/code/registration-id").state("state")
 				.attributes(attributes);
 	}
 
 	public static OAuth2AuthorizationRequest.Builder oidcRequest() {
 		return request().scope("openid");
 	}
+
 }
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TestOAuth2AuthorizationResponses.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TestOAuth2AuthorizationResponses.java
index 7ad7085c71..fbed4c0fef 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TestOAuth2AuthorizationResponses.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TestOAuth2AuthorizationResponses.java
@@ -23,8 +23,7 @@ package org.springframework.security.oauth2.core.endpoint;
 public class TestOAuth2AuthorizationResponses {
 
 	public static OAuth2AuthorizationResponse.Builder success() {
-		return OAuth2AuthorizationResponse.success("authorization-code")
-				.state("state")
+		return OAuth2AuthorizationResponse.success("authorization-code").state("state")
 				.redirectUri("https://example.com/authorize/oauth2/code/registration-id");
 	}
 
@@ -33,4 +32,5 @@ public class TestOAuth2AuthorizationResponses {
 				.redirectUri("https://example.com/authorize/oauth2/code/registration-id")
 				.errorUri("https://example.com/error");
 	}
+
 }
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/http/converter/OAuth2AccessTokenResponseHttpMessageConverterTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/http/converter/OAuth2AccessTokenResponseHttpMessageConverterTests.java
index e3ef18ee84..798e32ec78 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/http/converter/OAuth2AccessTokenResponseHttpMessageConverterTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/http/converter/OAuth2AccessTokenResponseHttpMessageConverterTests.java
@@ -44,6 +44,7 @@ import static org.mockito.Mockito.when;
  * @author Joe Grandja
  */
 public class OAuth2AccessTokenResponseHttpMessageConverterTests {
+
 	private OAuth2AccessTokenResponseHttpMessageConverter messageConverter;
 
 	@Before
@@ -70,25 +71,21 @@ public class OAuth2AccessTokenResponseHttpMessageConverterTests {
 
 	@Test
 	public void readInternalWhenSuccessfulTokenResponseThenReadOAuth2AccessTokenResponse() throws Exception {
-		String tokenResponse = "{\n" +
-				"	\"access_token\": \"access-token-1234\",\n" +
-				"   \"token_type\": \"bearer\",\n" +
-				"   \"expires_in\": \"3600\",\n" +
-				"   \"scope\": \"read write\",\n" +
-				"   \"refresh_token\": \"refresh-token-1234\",\n" +
-				"   \"custom_parameter_1\": \"custom-value-1\",\n" +
-				"   \"custom_parameter_2\": \"custom-value-2\"\n" +
-				"}\n";
+		String tokenResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
+				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\",\n"
+				+ "   \"scope\": \"read write\",\n" + "   \"refresh_token\": \"refresh-token-1234\",\n"
+				+ "   \"custom_parameter_1\": \"custom-value-1\",\n" + "   \"custom_parameter_2\": \"custom-value-2\"\n"
+				+ "}\n";
 
-		MockClientHttpResponse response = new MockClientHttpResponse(
-				tokenResponse.getBytes(), HttpStatus.OK);
+		MockClientHttpResponse response = new MockClientHttpResponse(tokenResponse.getBytes(), HttpStatus.OK);
 
-		OAuth2AccessTokenResponse accessTokenResponse = this.messageConverter.readInternal(
-				OAuth2AccessTokenResponse.class, response);
+		OAuth2AccessTokenResponse accessTokenResponse = this.messageConverter
+				.readInternal(OAuth2AccessTokenResponse.class, response);
 
 		assertThat(accessTokenResponse.getAccessToken().getTokenValue()).isEqualTo("access-token-1234");
 		assertThat(accessTokenResponse.getAccessToken().getTokenType()).isEqualTo(OAuth2AccessToken.TokenType.BEARER);
-		assertThat(accessTokenResponse.getAccessToken().getExpiresAt()).isBeforeOrEqualTo(Instant.now().plusSeconds(3600));
+		assertThat(accessTokenResponse.getAccessToken().getExpiresAt())
+				.isBeforeOrEqualTo(Instant.now().plusSeconds(3600));
 		assertThat(accessTokenResponse.getAccessToken().getScopes()).containsExactly("read", "write");
 		assertThat(accessTokenResponse.getRefreshToken().getTokenValue()).isEqualTo("refresh-token-1234");
 		assertThat(accessTokenResponse.getAdditionalParameters()).containsExactly(
@@ -99,56 +96,46 @@ public class OAuth2AccessTokenResponseHttpMessageConverterTests {
 	// gh-6463
 	@Test
 	public void readInternalWhenSuccessfulTokenResponseWithObjectThenReadOAuth2AccessTokenResponse() {
-		String tokenResponse = "{\n" +
-				"	\"access_token\": \"access-token-1234\",\n" +
-				"   \"token_type\": \"bearer\",\n" +
-				"   \"expires_in\": 3600,\n" +
-				"   \"scope\": \"read write\",\n" +
-				"   \"refresh_token\": \"refresh-token-1234\",\n" +
-				"   \"custom_object_1\": {\"name1\": \"value1\"},\n" +
-				"   \"custom_object_2\": [\"value1\", \"value2\"],\n" +
-				"   \"custom_parameter_1\": \"custom-value-1\",\n" +
-				"   \"custom_parameter_2\": \"custom-value-2\"\n" +
-				"}\n";
+		String tokenResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
+				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": 3600,\n" + "   \"scope\": \"read write\",\n"
+				+ "   \"refresh_token\": \"refresh-token-1234\",\n"
+				+ "   \"custom_object_1\": {\"name1\": \"value1\"},\n"
+				+ "   \"custom_object_2\": [\"value1\", \"value2\"],\n"
+				+ "   \"custom_parameter_1\": \"custom-value-1\",\n" + "   \"custom_parameter_2\": \"custom-value-2\"\n"
+				+ "}\n";
 
-		MockClientHttpResponse response = new MockClientHttpResponse(
-				tokenResponse.getBytes(), HttpStatus.OK);
+		MockClientHttpResponse response = new MockClientHttpResponse(tokenResponse.getBytes(), HttpStatus.OK);
 
-		OAuth2AccessTokenResponse accessTokenResponse = this.messageConverter.readInternal(
-				OAuth2AccessTokenResponse.class, response);
+		OAuth2AccessTokenResponse accessTokenResponse = this.messageConverter
+				.readInternal(OAuth2AccessTokenResponse.class, response);
 
 		assertThat(accessTokenResponse.getAccessToken().getTokenValue()).isEqualTo("access-token-1234");
 		assertThat(accessTokenResponse.getAccessToken().getTokenType()).isEqualTo(OAuth2AccessToken.TokenType.BEARER);
-		assertThat(accessTokenResponse.getAccessToken().getExpiresAt()).isBeforeOrEqualTo(Instant.now().plusSeconds(3600));
+		assertThat(accessTokenResponse.getAccessToken().getExpiresAt())
+				.isBeforeOrEqualTo(Instant.now().plusSeconds(3600));
 		assertThat(accessTokenResponse.getAccessToken().getScopes()).containsExactly("read", "write");
 		assertThat(accessTokenResponse.getRefreshToken().getTokenValue()).isEqualTo("refresh-token-1234");
 		assertThat(accessTokenResponse.getAdditionalParameters()).containsExactly(
-				entry("custom_object_1", "{name1=value1}"),
-				entry("custom_object_2", "[value1, value2]"),
-				entry("custom_parameter_1", "custom-value-1"),
-				entry("custom_parameter_2", "custom-value-2"));
+				entry("custom_object_1", "{name1=value1}"), entry("custom_object_2", "[value1, value2]"),
+				entry("custom_parameter_1", "custom-value-1"), entry("custom_parameter_2", "custom-value-2"));
 	}
 
 	// gh-8108
 	@Test
 	public void readInternalWhenSuccessfulTokenResponseWithNullValueThenReadOAuth2AccessTokenResponse() {
-		String tokenResponse = "{\n" +
-				"	\"access_token\": \"access-token-1234\",\n" +
-				"   \"token_type\": \"bearer\",\n" +
-				"   \"expires_in\": 3600,\n" +
-				"   \"scope\": null,\n" +
-				"   \"refresh_token\": \"refresh-token-1234\"\n" +
-				"}\n";
+		String tokenResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
+				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": 3600,\n" + "   \"scope\": null,\n"
+				+ "   \"refresh_token\": \"refresh-token-1234\"\n" + "}\n";
 
-		MockClientHttpResponse response = new MockClientHttpResponse(
-				tokenResponse.getBytes(), HttpStatus.OK);
+		MockClientHttpResponse response = new MockClientHttpResponse(tokenResponse.getBytes(), HttpStatus.OK);
 
-		OAuth2AccessTokenResponse accessTokenResponse = this.messageConverter.readInternal(
-				OAuth2AccessTokenResponse.class, response);
+		OAuth2AccessTokenResponse accessTokenResponse = this.messageConverter
+				.readInternal(OAuth2AccessTokenResponse.class, response);
 
 		assertThat(accessTokenResponse.getAccessToken().getTokenValue()).isEqualTo("access-token-1234");
 		assertThat(accessTokenResponse.getAccessToken().getTokenType()).isEqualTo(OAuth2AccessToken.TokenType.BEARER);
-		assertThat(accessTokenResponse.getAccessToken().getExpiresAt()).isBeforeOrEqualTo(Instant.now().plusSeconds(3600));
+		assertThat(accessTokenResponse.getAccessToken().getExpiresAt())
+				.isBeforeOrEqualTo(Instant.now().plusSeconds(3600));
 		assertThat(accessTokenResponse.getAccessToken().getScopes()).containsExactly("null");
 		assertThat(accessTokenResponse.getRefreshToken().getTokenValue()).isEqualTo("refresh-token-1234");
 	}
@@ -161,8 +148,7 @@ public class OAuth2AccessTokenResponseHttpMessageConverterTests {
 
 		String tokenResponse = "{}";
 
-		MockClientHttpResponse response = new MockClientHttpResponse(
-				tokenResponse.getBytes(), HttpStatus.OK);
+		MockClientHttpResponse response = new MockClientHttpResponse(tokenResponse.getBytes(), HttpStatus.OK);
 
 		assertThatThrownBy(() -> this.messageConverter.readInternal(OAuth2AccessTokenResponse.class, response))
 				.isInstanceOf(HttpMessageNotReadableException.class)
@@ -177,14 +163,9 @@ public class OAuth2AccessTokenResponseHttpMessageConverterTests {
 		additionalParameters.put("custom_parameter_1", "custom-value-1");
 		additionalParameters.put("custom_parameter_2", "custom-value-2");
 
-		OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse
-				.withToken("access-token-1234")
-				.tokenType(OAuth2AccessToken.TokenType.BEARER)
-				.expiresIn(expiresAt.toEpochMilli())
-				.scopes(scopes)
-				.refreshToken("refresh-token-1234")
-				.additionalParameters(additionalParameters)
-				.build();
+		OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("access-token-1234")
+				.tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(expiresAt.toEpochMilli()).scopes(scopes)
+				.refreshToken("refresh-token-1234").additionalParameters(additionalParameters).build();
 
 		MockHttpOutputMessage outputMessage = new MockHttpOutputMessage();
 		this.messageConverter.writeInternal(accessTokenResponse, outputMessage);
@@ -205,10 +186,8 @@ public class OAuth2AccessTokenResponseHttpMessageConverterTests {
 		when(tokenResponseParametersConverter.convert(any())).thenThrow(RuntimeException.class);
 		this.messageConverter.setTokenResponseParametersConverter(tokenResponseParametersConverter);
 
-		OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse
-				.withToken("access-token-1234")
-				.tokenType(OAuth2AccessToken.TokenType.BEARER)
-				.expiresIn(Instant.now().plusSeconds(3600).toEpochMilli())
+		OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("access-token-1234")
+				.tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(Instant.now().plusSeconds(3600).toEpochMilli())
 				.build();
 
 		MockHttpOutputMessage outputMessage = new MockHttpOutputMessage();
@@ -217,4 +196,5 @@ public class OAuth2AccessTokenResponseHttpMessageConverterTests {
 				.isInstanceOf(HttpMessageNotWritableException.class)
 				.hasMessageContaining("An error occurred writing the OAuth 2.0 Access Token Response");
 	}
+
 }
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/http/converter/OAuth2ErrorHttpMessageConverterTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/http/converter/OAuth2ErrorHttpMessageConverterTests.java
index 11211aad56..ace827314c 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/http/converter/OAuth2ErrorHttpMessageConverterTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/http/converter/OAuth2ErrorHttpMessageConverterTests.java
@@ -37,6 +37,7 @@ import static org.mockito.Mockito.when;
  * @author Joe Grandja
  */
 public class OAuth2ErrorHttpMessageConverterTests {
+
 	private OAuth2ErrorHttpMessageConverter messageConverter;
 
 	@Before
@@ -63,14 +64,11 @@ public class OAuth2ErrorHttpMessageConverterTests {
 
 	@Test
 	public void readInternalWhenErrorResponseThenReadOAuth2Error() throws Exception {
-		String errorResponse = "{\n" +
-				"	\"error\": \"unauthorized_client\",\n" +
-				"   \"error_description\": \"The client is not authorized\",\n" +
-				"   \"error_uri\": \"https://tools.ietf.org/html/rfc6749#section-5.2\"\n" +
-				"}\n";
+		String errorResponse = "{\n" + "	\"error\": \"unauthorized_client\",\n"
+				+ "   \"error_description\": \"The client is not authorized\",\n"
+				+ "   \"error_uri\": \"https://tools.ietf.org/html/rfc6749#section-5.2\"\n" + "}\n";
 
-		MockClientHttpResponse response = new MockClientHttpResponse(
-				errorResponse.getBytes(), HttpStatus.BAD_REQUEST);
+		MockClientHttpResponse response = new MockClientHttpResponse(errorResponse.getBytes(), HttpStatus.BAD_REQUEST);
 
 		OAuth2Error oauth2Error = this.messageConverter.readInternal(OAuth2Error.class, response);
 		assertThat(oauth2Error.getErrorCode()).isEqualTo("unauthorized_client");
@@ -81,15 +79,11 @@ public class OAuth2ErrorHttpMessageConverterTests {
 	// gh-8157
 	@Test
 	public void readInternalWhenErrorResponseWithObjectThenReadOAuth2Error() throws Exception {
-		String errorResponse = "{\n" +
-				"	\"error\": \"unauthorized_client\",\n" +
-				"   \"error_description\": \"The client is not authorized\",\n" +
-				"   \"error_codes\": [65001],\n" +
-				"   \"error_uri\": \"https://tools.ietf.org/html/rfc6749#section-5.2\"\n" +
-				"}\n";
+		String errorResponse = "{\n" + "	\"error\": \"unauthorized_client\",\n"
+				+ "   \"error_description\": \"The client is not authorized\",\n" + "   \"error_codes\": [65001],\n"
+				+ "   \"error_uri\": \"https://tools.ietf.org/html/rfc6749#section-5.2\"\n" + "}\n";
 
-		MockClientHttpResponse response = new MockClientHttpResponse(
-				errorResponse.getBytes(), HttpStatus.BAD_REQUEST);
+		MockClientHttpResponse response = new MockClientHttpResponse(errorResponse.getBytes(), HttpStatus.BAD_REQUEST);
 
 		OAuth2Error oauth2Error = this.messageConverter.readInternal(OAuth2Error.class, response);
 		assertThat(oauth2Error.getErrorCode()).isEqualTo("unauthorized_client");
@@ -105,8 +99,7 @@ public class OAuth2ErrorHttpMessageConverterTests {
 
 		String errorResponse = "{}";
 
-		MockClientHttpResponse response = new MockClientHttpResponse(
-				errorResponse.getBytes(), HttpStatus.BAD_REQUEST);
+		MockClientHttpResponse response = new MockClientHttpResponse(errorResponse.getBytes(), HttpStatus.BAD_REQUEST);
 
 		assertThatThrownBy(() -> this.messageConverter.readInternal(OAuth2Error.class, response))
 				.isInstanceOf(HttpMessageNotReadableException.class)
@@ -115,8 +108,8 @@ public class OAuth2ErrorHttpMessageConverterTests {
 
 	@Test
 	public void writeInternalWhenOAuth2ErrorThenWriteErrorResponse() throws Exception {
-		OAuth2Error oauth2Error = new OAuth2Error("unauthorized_client",
-				"The client is not authorized", "https://tools.ietf.org/html/rfc6749#section-5.2");
+		OAuth2Error oauth2Error = new OAuth2Error("unauthorized_client", "The client is not authorized",
+				"https://tools.ietf.org/html/rfc6749#section-5.2");
 
 		MockHttpOutputMessage outputMessage = new MockHttpOutputMessage();
 		this.messageConverter.writeInternal(oauth2Error, outputMessage);
@@ -133,8 +126,8 @@ public class OAuth2ErrorHttpMessageConverterTests {
 		when(errorParametersConverter.convert(any())).thenThrow(RuntimeException.class);
 		this.messageConverter.setErrorParametersConverter(errorParametersConverter);
 
-		OAuth2Error oauth2Error = new OAuth2Error("unauthorized_client",
-				"The client is not authorized", "https://tools.ietf.org/html/rfc6749#section-5.2");
+		OAuth2Error oauth2Error = new OAuth2Error("unauthorized_client", "The client is not authorized",
+				"https://tools.ietf.org/html/rfc6749#section-5.2");
 
 		MockHttpOutputMessage outputMessage = new MockHttpOutputMessage();
 
@@ -142,4 +135,5 @@ public class OAuth2ErrorHttpMessageConverterTests {
 				.isInstanceOf(HttpMessageNotWritableException.class)
 				.hasMessageContaining("An error occurred writing the OAuth 2.0 Error");
 	}
+
 }
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/DefaultAddressStandardClaimTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/DefaultAddressStandardClaimTests.java
index f22653985e..f9f3aa6312 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/DefaultAddressStandardClaimTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/DefaultAddressStandardClaimTests.java
@@ -28,6 +28,7 @@ import static org.assertj.core.api.Assertions.assertThat;
  * @author Joe Grandja
  */
 public class DefaultAddressStandardClaimTests {
+
 	static final String FORMATTED_FIELD_NAME = "formatted";
 	static final String STREET_ADDRESS_FIELD_NAME = "street_address";
 	static final String LOCALITY_FIELD_NAME = "locality";
@@ -43,15 +44,9 @@ public class DefaultAddressStandardClaimTests {
 
 	@Test
 	public void buildWhenAllAttributesProvidedThenAllAttributesAreSet() {
-		AddressStandardClaim addressStandardClaim =
-			new DefaultAddressStandardClaim.Builder()
-			.formatted(FORMATTED)
-			.streetAddress(STREET_ADDRESS)
-			.locality(LOCALITY)
-			.region(REGION)
-			.postalCode(POSTAL_CODE)
-			.country(COUNTRY)
-			.build();
+		AddressStandardClaim addressStandardClaim = new DefaultAddressStandardClaim.Builder().formatted(FORMATTED)
+				.streetAddress(STREET_ADDRESS).locality(LOCALITY).region(REGION).postalCode(POSTAL_CODE)
+				.country(COUNTRY).build();
 
 		assertThat(addressStandardClaim.getFormatted()).isEqualTo(FORMATTED);
 		assertThat(addressStandardClaim.getStreetAddress()).isEqualTo(STREET_ADDRESS);
@@ -71,9 +66,7 @@ public class DefaultAddressStandardClaimTests {
 		addressFields.put(POSTAL_CODE_FIELD_NAME, POSTAL_CODE);
 		addressFields.put(COUNTRY_FIELD_NAME, COUNTRY);
 
-		AddressStandardClaim addressStandardClaim =
-			new DefaultAddressStandardClaim.Builder(addressFields)
-			.build();
+		AddressStandardClaim addressStandardClaim = new DefaultAddressStandardClaim.Builder(addressFields).build();
 
 		assertThat(addressStandardClaim.getFormatted()).isEqualTo(FORMATTED);
 		assertThat(addressStandardClaim.getStreetAddress()).isEqualTo(STREET_ADDRESS);
@@ -82,4 +75,5 @@ public class DefaultAddressStandardClaimTests {
 		assertThat(addressStandardClaim.getPostalCode()).isEqualTo(POSTAL_CODE);
 		assertThat(addressStandardClaim.getCountry()).isEqualTo(COUNTRY);
 	}
+
 }
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcIdTokenBuilderTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcIdTokenBuilderTests.java
index c3b049eb06..50d4bb5223 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcIdTokenBuilderTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcIdTokenBuilderTests.java
@@ -30,19 +30,14 @@ import static org.springframework.security.oauth2.core.oidc.IdTokenClaimNames.SU
  * Tests for {@link OidcUserInfo}
  */
 public class OidcIdTokenBuilderTests {
+
 	@Test
 	public void buildWhenCalledTwiceThenGeneratesTwoOidcIdTokens() {
 		OidcIdToken.Builder idTokenBuilder = OidcIdToken.withTokenValue("token");
 
-		OidcIdToken first = idTokenBuilder
-				.tokenValue("V1")
-				.claim("TEST_CLAIM_1", "C1")
-				.build();
+		OidcIdToken first = idTokenBuilder.tokenValue("V1").claim("TEST_CLAIM_1", "C1").build();
 
-		OidcIdToken second = idTokenBuilder
-				.tokenValue("V2")
-				.claim("TEST_CLAIM_1", "C2")
-				.claim("TEST_CLAIM_2", "C3")
+		OidcIdToken second = idTokenBuilder.tokenValue("V2").claim("TEST_CLAIM_1", "C2").claim("TEST_CLAIM_2", "C3")
 				.build();
 
 		assertThat(first.getClaims()).hasSize(1);
@@ -61,16 +56,13 @@ public class OidcIdTokenBuilderTests {
 
 		Instant now = Instant.now();
 
-		OidcIdToken idToken = idTokenBuilder
-				.expiresAt(now).build();
+		OidcIdToken idToken = idTokenBuilder.expiresAt(now).build();
 		assertThat(idToken.getExpiresAt()).isSameAs(now);
 
-		idToken = idTokenBuilder
-				.expiresAt(now).build();
+		idToken = idTokenBuilder.expiresAt(now).build();
 		assertThat(idToken.getExpiresAt()).isSameAs(now);
 
-		assertThatCode(() -> idTokenBuilder
-				.claim(EXP, "not an instant").build())
+		assertThatCode(() -> idTokenBuilder.claim(EXP, "not an instant").build())
 				.isInstanceOf(IllegalArgumentException.class);
 	}
 
@@ -80,16 +72,13 @@ public class OidcIdTokenBuilderTests {
 
 		Instant now = Instant.now();
 
-		OidcIdToken idToken = idTokenBuilder
-				.issuedAt(now).build();
+		OidcIdToken idToken = idTokenBuilder.issuedAt(now).build();
 		assertThat(idToken.getIssuedAt()).isSameAs(now);
 
-		idToken = idTokenBuilder
-				.issuedAt(now).build();
+		idToken = idTokenBuilder.issuedAt(now).build();
 		assertThat(idToken.getIssuedAt()).isSameAs(now);
 
-		assertThatCode(() -> idTokenBuilder
-				.claim(IAT, "not an instant").build())
+		assertThatCode(() -> idTokenBuilder.claim(IAT, "not an instant").build())
 				.isInstanceOf(IllegalArgumentException.class);
 	}
 
@@ -100,26 +89,18 @@ public class OidcIdTokenBuilderTests {
 		String generic = new String("sub");
 		String named = new String("sub");
 
-		OidcIdToken idToken = idTokenBuilder
-				.subject(named)
-				.claim(SUB, generic).build();
+		OidcIdToken idToken = idTokenBuilder.subject(named).claim(SUB, generic).build();
 		assertThat(idToken.getSubject()).isSameAs(generic);
 
-		idToken = idTokenBuilder
-				.claim(SUB, generic)
-				.subject(named).build();
+		idToken = idTokenBuilder.claim(SUB, generic).subject(named).build();
 		assertThat(idToken.getSubject()).isSameAs(named);
 	}
 
 	@Test
 	public void claimsWhenRemovingAClaimThenIsNotPresent() {
-		OidcIdToken.Builder idTokenBuilder = OidcIdToken.withTokenValue("token")
-				.claim("needs", "a claim");
+		OidcIdToken.Builder idTokenBuilder = OidcIdToken.withTokenValue("token").claim("needs", "a claim");
 
-		OidcIdToken idToken = idTokenBuilder
-				.subject("sub")
-				.claims(claims -> claims.remove(SUB))
-				.build();
+		OidcIdToken idToken = idTokenBuilder.subject("sub").claims(claims -> claims.remove(SUB)).build();
 		assertThat(idToken.getSubject()).isNull();
 	}
 
@@ -129,11 +110,10 @@ public class OidcIdTokenBuilderTests {
 
 		String name = new String("name");
 		String value = new String("value");
-		OidcIdToken idToken = idTokenBuilder
-				.claims(claims -> claims.put(name, value))
-				.build();
+		OidcIdToken idToken = idTokenBuilder.claims(claims -> claims.put(name, value)).build();
 
 		assertThat(idToken.getClaims()).hasSize(1);
 		assertThat(idToken.getClaims().get(name)).isSameAs(value);
 	}
+
 }
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcIdTokenTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcIdTokenTests.java
index 15a04e6b0a..55e722a704 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcIdTokenTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcIdTokenTests.java
@@ -32,33 +32,57 @@ import static org.assertj.core.api.Assertions.assertThat;
  * @author Joe Grandja
  */
 public class OidcIdTokenTests {
+
 	private static final String ISS_CLAIM = "iss";
+
 	private static final String SUB_CLAIM = "sub";
+
 	private static final String AUD_CLAIM = "aud";
+
 	private static final String IAT_CLAIM = "iat";
+
 	private static final String EXP_CLAIM = "exp";
+
 	private static final String AUTH_TIME_CLAIM = "auth_time";
+
 	private static final String NONCE_CLAIM = "nonce";
+
 	private static final String ACR_CLAIM = "acr";
+
 	private static final String AMR_CLAIM = "amr";
+
 	private static final String AZP_CLAIM = "azp";
+
 	private static final String AT_HASH_CLAIM = "at_hash";
+
 	private static final String C_HASH_CLAIM = "c_hash";
 
 	private static final String ISS_VALUE = "https://provider.com";
+
 	private static final String SUB_VALUE = "subject1";
+
 	private static final List<String> AUD_VALUE = Arrays.asList("aud1", "aud2");
+
 	private static final long IAT_VALUE = Instant.now().toEpochMilli();
+
 	private static final long EXP_VALUE = Instant.now().plusSeconds(60).toEpochMilli();
+
 	private static final long AUTH_TIME_VALUE = Instant.now().minusSeconds(5).toEpochMilli();
+
 	private static final String NONCE_VALUE = "nonce";
+
 	private static final String ACR_VALUE = "acr";
+
 	private static final List<String> AMR_VALUE = Arrays.asList("amr1", "amr2");
+
 	private static final String AZP_VALUE = "azp";
+
 	private static final String AT_HASH_VALUE = "at_hash";
+
 	private static final String C_HASH_VALUE = "c_hash";
 
 	private static final Map<String, Object> CLAIMS;
+
 	private static final String ID_TOKEN_VALUE = "id-token-value";
 
 	static {
@@ -84,14 +108,14 @@ public class OidcIdTokenTests {
 
 	@Test(expected = IllegalArgumentException.class)
 	public void constructorWhenClaimsIsEmptyThenThrowIllegalArgumentException() {
-		new OidcIdToken(ID_TOKEN_VALUE, Instant.ofEpochMilli(IAT_VALUE),
-			Instant.ofEpochMilli(EXP_VALUE), Collections.emptyMap());
+		new OidcIdToken(ID_TOKEN_VALUE, Instant.ofEpochMilli(IAT_VALUE), Instant.ofEpochMilli(EXP_VALUE),
+				Collections.emptyMap());
 	}
 
 	@Test
 	public void constructorWhenParametersProvidedAndValidThenCreated() {
 		OidcIdToken idToken = new OidcIdToken(ID_TOKEN_VALUE, Instant.ofEpochMilli(IAT_VALUE),
-			Instant.ofEpochMilli(EXP_VALUE), CLAIMS);
+				Instant.ofEpochMilli(EXP_VALUE), CLAIMS);
 
 		assertThat(idToken.getClaims()).isEqualTo(CLAIMS);
 		assertThat(idToken.getTokenValue()).isEqualTo(ID_TOKEN_VALUE);
@@ -108,4 +132,5 @@ public class OidcIdTokenTests {
 		assertThat(idToken.getAccessTokenHash()).isEqualTo(AT_HASH_VALUE);
 		assertThat(idToken.getAuthorizationCodeHash()).isEqualTo(C_HASH_VALUE);
 	}
+
 }
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcUserInfoBuilderTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcUserInfoBuilderTests.java
index 9b1c057016..ce6fddf320 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcUserInfoBuilderTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcUserInfoBuilderTests.java
@@ -25,18 +25,14 @@ import static org.springframework.security.oauth2.core.oidc.IdTokenClaimNames.SU
  * Tests for {@link OidcUserInfo}
  */
 public class OidcUserInfoBuilderTests {
+
 	@Test
 	public void buildWhenCalledTwiceThenGeneratesTwoOidcUserInfos() {
 		OidcUserInfo.Builder userInfoBuilder = OidcUserInfo.builder();
 
-		OidcUserInfo first = userInfoBuilder
-				.claim("TEST_CLAIM_1", "C1")
-				.build();
+		OidcUserInfo first = userInfoBuilder.claim("TEST_CLAIM_1", "C1").build();
 
-		OidcUserInfo second = userInfoBuilder
-				.claim("TEST_CLAIM_1", "C2")
-				.claim("TEST_CLAIM_2", "C3")
-				.build();
+		OidcUserInfo second = userInfoBuilder.claim("TEST_CLAIM_1", "C2").claim("TEST_CLAIM_2", "C3").build();
 
 		assertThat(first.getClaims()).hasSize(1);
 		assertThat(first.getClaims().get("TEST_CLAIM_1")).isEqualTo("C1");
@@ -53,26 +49,18 @@ public class OidcUserInfoBuilderTests {
 		String generic = new String("sub");
 		String named = new String("sub");
 
-		OidcUserInfo userInfo = userInfoBuilder
-				.subject(named)
-				.claim(SUB, generic).build();
+		OidcUserInfo userInfo = userInfoBuilder.subject(named).claim(SUB, generic).build();
 		assertThat(userInfo.getSubject()).isSameAs(generic);
 
-		userInfo = userInfoBuilder
-				.claim(SUB, generic)
-				.subject(named).build();
+		userInfo = userInfoBuilder.claim(SUB, generic).subject(named).build();
 		assertThat(userInfo.getSubject()).isSameAs(named);
 	}
 
 	@Test
 	public void claimsWhenRemovingAClaimThenIsNotPresent() {
-		OidcUserInfo.Builder userInfoBuilder = OidcUserInfo.builder()
-				.claim("needs", "a claim");
+		OidcUserInfo.Builder userInfoBuilder = OidcUserInfo.builder().claim("needs", "a claim");
 
-		OidcUserInfo userInfo = userInfoBuilder
-				.subject("sub")
-				.claims(claims -> claims.remove(SUB))
-				.build();
+		OidcUserInfo userInfo = userInfoBuilder.subject("sub").claims(claims -> claims.remove(SUB)).build();
 		assertThat(userInfo.getSubject()).isNull();
 	}
 
@@ -82,11 +70,10 @@ public class OidcUserInfoBuilderTests {
 
 		String name = new String("name");
 		String value = new String("value");
-		OidcUserInfo userInfo = userInfoBuilder
-				.claims(claims -> claims.put(name, value))
-				.build();
+		OidcUserInfo userInfo = userInfoBuilder.claims(claims -> claims.put(name, value)).build();
 
 		assertThat(userInfo.getClaims()).hasSize(1);
 		assertThat(userInfo.getClaims().get(name)).isSameAs(value);
 	}
+
 }
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcUserInfoTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcUserInfoTests.java
index c94e798d84..81827d0cb3 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcUserInfoTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcUserInfoTests.java
@@ -31,46 +31,85 @@ import static org.springframework.security.oauth2.core.oidc.DefaultAddressStanda
  * @author Joe Grandja
  */
 public class OidcUserInfoTests {
+
 	private static final String SUB_CLAIM = "sub";
+
 	private static final String NAME_CLAIM = "name";
+
 	private static final String GIVEN_NAME_CLAIM = "given_name";
+
 	private static final String FAMILY_NAME_CLAIM = "family_name";
+
 	private static final String MIDDLE_NAME_CLAIM = "middle_name";
+
 	private static final String NICKNAME_CLAIM = "nickname";
+
 	private static final String PREFERRED_USERNAME_CLAIM = "preferred_username";
+
 	private static final String PROFILE_CLAIM = "profile";
+
 	private static final String PICTURE_CLAIM = "picture";
+
 	private static final String WEBSITE_CLAIM = "website";
+
 	private static final String EMAIL_CLAIM = "email";
+
 	private static final String EMAIL_VERIFIED_CLAIM = "email_verified";
+
 	private static final String GENDER_CLAIM = "gender";
+
 	private static final String BIRTHDATE_CLAIM = "birthdate";
+
 	private static final String ZONEINFO_CLAIM = "zoneinfo";
+
 	private static final String LOCALE_CLAIM = "locale";
+
 	private static final String PHONE_NUMBER_CLAIM = "phone_number";
+
 	private static final String PHONE_NUMBER_VERIFIED_CLAIM = "phone_number_verified";
+
 	private static final String ADDRESS_CLAIM = "address";
+
 	private static final String UPDATED_AT_CLAIM = "updated_at";
 
 	private static final String SUB_VALUE = "subject1";
+
 	private static final String NAME_VALUE = "full_name";
+
 	private static final String GIVEN_NAME_VALUE = "given_name";
+
 	private static final String FAMILY_NAME_VALUE = "family_name";
+
 	private static final String MIDDLE_NAME_VALUE = "middle_name";
+
 	private static final String NICKNAME_VALUE = "nickname";
+
 	private static final String PREFERRED_USERNAME_VALUE = "preferred_username";
+
 	private static final String PROFILE_VALUE = "profile";
+
 	private static final String PICTURE_VALUE = "picture";
+
 	private static final String WEBSITE_VALUE = "website";
+
 	private static final String EMAIL_VALUE = "email";
+
 	private static final Boolean EMAIL_VERIFIED_VALUE = true;
+
 	private static final String GENDER_VALUE = "gender";
+
 	private static final String BIRTHDATE_VALUE = "birthdate";
+
 	private static final String ZONEINFO_VALUE = "zoneinfo";
+
 	private static final String LOCALE_VALUE = "locale";
+
 	private static final String PHONE_NUMBER_VALUE = "phone_number";
+
 	private static final Boolean PHONE_NUMBER_VERIFIED_VALUE = true;
+
 	private static final Map<String, Object> ADDRESS_VALUE;
+
 	private static final long UPDATED_AT_VALUE = Instant.now().minusSeconds(60).toEpochMilli();
 
 	private static final Map<String, Object> CLAIMS;
@@ -139,4 +178,5 @@ public class OidcUserInfoTests {
 		assertThat(userInfo.getAddress()).isEqualTo(new DefaultAddressStandardClaim.Builder(ADDRESS_VALUE).build());
 		assertThat(userInfo.getUpdatedAt().getEpochSecond()).isEqualTo(UPDATED_AT_VALUE);
 	}
+
 }
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/TestOidcIdTokens.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/TestOidcIdTokens.java
index a866554f54..a97d9c94b6 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/TestOidcIdTokens.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/TestOidcIdTokens.java
@@ -26,12 +26,10 @@ import static org.springframework.security.oauth2.core.oidc.OidcIdToken.withToke
  * @author Josh Cummings
  */
 public class TestOidcIdTokens {
+
 	public static OidcIdToken.Builder idToken() {
-		return withTokenValue("id-token")
-				.issuer("https://example.com")
-				.subject("subject")
-				.issuedAt(Instant.now())
-				.expiresAt(Instant.now().plusSeconds(86400))
-				.claim("id", "id");
+		return withTokenValue("id-token").issuer("https://example.com").subject("subject").issuedAt(Instant.now())
+				.expiresAt(Instant.now().plusSeconds(86400)).claim("id", "id");
 	}
+
 }
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/user/DefaultOidcUserTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/user/DefaultOidcUserTests.java
index 2fad69684f..edba3543bb 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/user/DefaultOidcUserTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/user/DefaultOidcUserTests.java
@@ -39,12 +39,19 @@ import static org.assertj.core.api.Assertions.assertThat;
  * @author Joe Grandja
  */
 public class DefaultOidcUserTests {
+
 	private static final SimpleGrantedAuthority AUTHORITY = new SimpleGrantedAuthority("ROLE_USER");
+
 	private static final Set<GrantedAuthority> AUTHORITIES = Collections.singleton(AUTHORITY);
+
 	private static final String SUBJECT = "test-subject";
+
 	private static final String EMAIL = "test-subject@example.com";
+
 	private static final String NAME = "test-name";
+
 	private static final Map<String, Object> ID_TOKEN_CLAIMS = new HashMap<>();
+
 	private static final Map<String, Object> USER_INFO_CLAIMS = new HashMap<>();
 
 	static {
@@ -54,7 +61,9 @@ public class DefaultOidcUserTests {
 		USER_INFO_CLAIMS.put(StandardClaimNames.EMAIL, EMAIL);
 	}
 
-	private static final OidcIdToken ID_TOKEN = new OidcIdToken("id-token-value", Instant.EPOCH, Instant.MAX, ID_TOKEN_CLAIMS);
+	private static final OidcIdToken ID_TOKEN = new OidcIdToken("id-token-value", Instant.EPOCH, Instant.MAX,
+			ID_TOKEN_CLAIMS);
+
 	private static final OidcUserInfo USER_INFO = new OidcUserInfo(USER_INFO_CLAIMS);
 
 	@Test(expected = IllegalArgumentException.class)
@@ -100,29 +109,30 @@ public class DefaultOidcUserTests {
 	public void constructorWhenAuthoritiesIdTokenUserInfoProvidedThenCreated() {
 		DefaultOidcUser user = new DefaultOidcUser(AUTHORITIES, ID_TOKEN, USER_INFO);
 
-		assertThat(user.getClaims()).containsOnlyKeys(
-			IdTokenClaimNames.ISS, IdTokenClaimNames.SUB, StandardClaimNames.NAME, StandardClaimNames.EMAIL);
+		assertThat(user.getClaims()).containsOnlyKeys(IdTokenClaimNames.ISS, IdTokenClaimNames.SUB,
+				StandardClaimNames.NAME, StandardClaimNames.EMAIL);
 		assertThat(user.getIdToken()).isEqualTo(ID_TOKEN);
 		assertThat(user.getUserInfo()).isEqualTo(USER_INFO);
 		assertThat(user.getName()).isEqualTo(SUBJECT);
 		assertThat(user.getAuthorities()).hasSize(1);
 		assertThat(user.getAuthorities().iterator().next()).isEqualTo(AUTHORITY);
-		assertThat(user.getAttributes()).containsOnlyKeys(
-			IdTokenClaimNames.ISS, IdTokenClaimNames.SUB, StandardClaimNames.NAME, StandardClaimNames.EMAIL);
+		assertThat(user.getAttributes()).containsOnlyKeys(IdTokenClaimNames.ISS, IdTokenClaimNames.SUB,
+				StandardClaimNames.NAME, StandardClaimNames.EMAIL);
 	}
 
 	@Test
 	public void constructorWhenAllParametersProvidedAndValidThenCreated() {
 		DefaultOidcUser user = new DefaultOidcUser(AUTHORITIES, ID_TOKEN, USER_INFO, StandardClaimNames.EMAIL);
 
-		assertThat(user.getClaims()).containsOnlyKeys(
-			IdTokenClaimNames.ISS, IdTokenClaimNames.SUB, StandardClaimNames.NAME, StandardClaimNames.EMAIL);
+		assertThat(user.getClaims()).containsOnlyKeys(IdTokenClaimNames.ISS, IdTokenClaimNames.SUB,
+				StandardClaimNames.NAME, StandardClaimNames.EMAIL);
 		assertThat(user.getIdToken()).isEqualTo(ID_TOKEN);
 		assertThat(user.getUserInfo()).isEqualTo(USER_INFO);
 		assertThat(user.getName()).isEqualTo(EMAIL);
 		assertThat(user.getAuthorities()).hasSize(1);
 		assertThat(user.getAuthorities().iterator().next()).isEqualTo(AUTHORITY);
-		assertThat(user.getAttributes()).containsOnlyKeys(
-			IdTokenClaimNames.ISS, IdTokenClaimNames.SUB, StandardClaimNames.NAME, StandardClaimNames.EMAIL);
+		assertThat(user.getAttributes()).containsOnlyKeys(IdTokenClaimNames.ISS, IdTokenClaimNames.SUB,
+				StandardClaimNames.NAME, StandardClaimNames.EMAIL);
 	}
+
 }
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/user/OidcUserAuthorityTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/user/OidcUserAuthorityTests.java
index d859b74d56..0331d1cf69 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/user/OidcUserAuthorityTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/user/OidcUserAuthorityTests.java
@@ -34,11 +34,17 @@ import static org.assertj.core.api.Assertions.assertThatCode;
  * @author Joe Grandja
  */
 public class OidcUserAuthorityTests {
+
 	private static final String AUTHORITY = "ROLE_USER";
+
 	private static final String SUBJECT = "test-subject";
+
 	private static final String EMAIL = "test-subject@example.com";
+
 	private static final String NAME = "test-name";
+
 	private static final Map<String, Object> ID_TOKEN_CLAIMS = new HashMap<>();
+
 	private static final Map<String, Object> USER_INFO_CLAIMS = new HashMap<>();
 
 	static {
@@ -48,7 +54,9 @@ public class OidcUserAuthorityTests {
 		USER_INFO_CLAIMS.put(StandardClaimNames.EMAIL, EMAIL);
 	}
 
-	private static final OidcIdToken ID_TOKEN = new OidcIdToken("id-token-value", Instant.EPOCH, Instant.MAX, ID_TOKEN_CLAIMS);
+	private static final OidcIdToken ID_TOKEN = new OidcIdToken("id-token-value", Instant.EPOCH, Instant.MAX,
+			ID_TOKEN_CLAIMS);
+
 	private static final OidcUserInfo USER_INFO = new OidcUserInfo(USER_INFO_CLAIMS);
 
 	@Test(expected = IllegalArgumentException.class)
@@ -73,7 +81,8 @@ public class OidcUserAuthorityTests {
 		assertThat(userAuthority.getIdToken()).isEqualTo(ID_TOKEN);
 		assertThat(userAuthority.getUserInfo()).isEqualTo(USER_INFO);
 		assertThat(userAuthority.getAuthority()).isEqualTo(AUTHORITY);
-		assertThat(userAuthority.getAttributes()).containsOnlyKeys(
-			IdTokenClaimNames.ISS, IdTokenClaimNames.SUB, StandardClaimNames.NAME, StandardClaimNames.EMAIL);
+		assertThat(userAuthority.getAttributes()).containsOnlyKeys(IdTokenClaimNames.ISS, IdTokenClaimNames.SUB,
+				StandardClaimNames.NAME, StandardClaimNames.EMAIL);
 	}
+
 }
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/user/TestOidcUsers.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/user/TestOidcUsers.java
index d53cbf49f4..b71ef0aa80 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/user/TestOidcUsers.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/user/TestOidcUsers.java
@@ -34,35 +34,25 @@ public class TestOidcUsers {
 	public static DefaultOidcUser create() {
 		OidcIdToken idToken = idToken();
 		OidcUserInfo userInfo = userInfo();
-		return new DefaultOidcUser(
-				authorities(idToken, userInfo), idToken, userInfo);
+		return new DefaultOidcUser(authorities(idToken, userInfo), idToken, userInfo);
 	}
 
 	private static OidcIdToken idToken() {
 		Instant issuedAt = Instant.now();
 		Instant expiresAt = issuedAt.plusSeconds(3600);
-		return OidcIdToken.withTokenValue("id-token")
-				.issuedAt(issuedAt)
-				.expiresAt(expiresAt)
-				.subject("subject")
+		return OidcIdToken.withTokenValue("id-token").issuedAt(issuedAt).expiresAt(expiresAt).subject("subject")
 				.issuer("http://localhost/issuer")
 				.audience(Collections.unmodifiableSet(new LinkedHashSet<>(Collections.singletonList("client"))))
-				.authorizedParty("client")
-				.build();
+				.authorizedParty("client").build();
 	}
 
 	private static OidcUserInfo userInfo() {
-		return OidcUserInfo.builder()
-				.subject("subject")
-				.name("full name")
-				.build();
+		return OidcUserInfo.builder().subject("subject").name("full name").build();
 	}
 
 	private static Collection<? extends GrantedAuthority> authorities(OidcIdToken idToken, OidcUserInfo userInfo) {
-		return new LinkedHashSet<>(
-				Arrays.asList(
-						new OidcUserAuthority(idToken, userInfo),
-						new SimpleGrantedAuthority("SCOPE_read"),
-						new SimpleGrantedAuthority("SCOPE_write")));
+		return new LinkedHashSet<>(Arrays.asList(new OidcUserAuthority(idToken, userInfo),
+				new SimpleGrantedAuthority("SCOPE_read"), new SimpleGrantedAuthority("SCOPE_write")));
 	}
+
 }
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/user/DefaultOAuth2UserTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/user/DefaultOAuth2UserTests.java
index 3642b54abb..ff82d711db 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/user/DefaultOAuth2UserTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/user/DefaultOAuth2UserTests.java
@@ -34,12 +34,16 @@ import static org.assertj.core.api.Assertions.assertThat;
  * @author Joe Grandja
  */
 public class DefaultOAuth2UserTests {
+
 	private static final SimpleGrantedAuthority AUTHORITY = new SimpleGrantedAuthority("ROLE_USER");
+
 	private static final Set<GrantedAuthority> AUTHORITIES = Collections.singleton(AUTHORITY);
+
 	private static final String ATTRIBUTE_NAME_KEY = "username";
+
 	private static final String USERNAME = "test";
-	private static final Map<String, Object> ATTRIBUTES = Collections.singletonMap(
-		ATTRIBUTE_NAME_KEY, USERNAME);
+
+	private static final Map<String, Object> ATTRIBUTES = Collections.singletonMap(ATTRIBUTE_NAME_KEY, USERNAME);
 
 	@Test(expected = IllegalArgumentException.class)
 	public void constructorWhenAuthoritiesIsNullThenThrowIllegalArgumentException() {
@@ -87,4 +91,5 @@ public class DefaultOAuth2UserTests {
 		DefaultOAuth2User user = new DefaultOAuth2User(AUTHORITIES, ATTRIBUTES, ATTRIBUTE_NAME_KEY);
 		SerializationUtils.serialize(user);
 	}
+
 }
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/user/OAuth2UserAuthorityTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/user/OAuth2UserAuthorityTests.java
index ef37d2ab01..dca030c8e4 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/user/OAuth2UserAuthorityTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/user/OAuth2UserAuthorityTests.java
@@ -28,7 +28,9 @@ import static org.assertj.core.api.Assertions.assertThat;
  * @author Joe Grandja
  */
 public class OAuth2UserAuthorityTests {
+
 	private static final String AUTHORITY = "ROLE_USER";
+
 	private static final Map<String, Object> ATTRIBUTES = Collections.singletonMap("username", "test");
 
 	@Test(expected = IllegalArgumentException.class)
@@ -53,4 +55,5 @@ public class OAuth2UserAuthorityTests {
 		assertThat(userAuthority.getAuthority()).isEqualTo(AUTHORITY);
 		assertThat(userAuthority.getAttributes()).isEqualTo(ATTRIBUTES);
 	}
+
 }
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/user/TestOAuth2Users.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/user/TestOAuth2Users.java
index 456f6376aa..bdf2c155d5 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/user/TestOAuth2Users.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/user/TestOAuth2Users.java
@@ -39,10 +39,8 @@ public class TestOAuth2Users {
 	}
 
 	private static Collection<GrantedAuthority> authorities(Map<String, Object> attributes) {
-		return new LinkedHashSet<>(
-				Arrays.asList(
-						new OAuth2UserAuthority(attributes),
-						new SimpleGrantedAuthority("SCOPE_read"),
-						new SimpleGrantedAuthority("SCOPE_write")));
+		return new LinkedHashSet<>(Arrays.asList(new OAuth2UserAuthority(attributes),
+				new SimpleGrantedAuthority("SCOPE_read"), new SimpleGrantedAuthority("SCOPE_write")));
 	}
+
 }
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/web/reactive/function/OAuth2BodyExtractorsTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/web/reactive/function/OAuth2BodyExtractorsTests.java
index 48f7cd19da..61de352edd 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/web/reactive/function/OAuth2BodyExtractorsTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/web/reactive/function/OAuth2BodyExtractorsTests.java
@@ -93,8 +93,7 @@ public class OAuth2BodyExtractorsTests {
 
 		Mono<OAuth2AccessTokenResponse> result = extractor.extract(response, this.context);
 
-		assertThatCode(result::block)
-				.isInstanceOf(OAuth2AuthorizationException.class)
+		assertThatCode(result::block).isInstanceOf(OAuth2AuthorizationException.class)
 				.hasMessageContaining("An error occurred parsing the Access Token response");
 	}
 
@@ -107,8 +106,7 @@ public class OAuth2BodyExtractorsTests {
 
 		Mono<OAuth2AccessTokenResponse> result = extractor.extract(response, this.context);
 
-		assertThatCode(result::block)
-				.isInstanceOf(OAuth2AuthorizationException.class)
+		assertThatCode(result::block).isInstanceOf(OAuth2AuthorizationException.class)
 				.hasMessageContaining("Empty OAuth 2.0 Access Token Response");
 	}
 
@@ -119,13 +117,10 @@ public class OAuth2BodyExtractorsTests {
 
 		MockClientHttpResponse response = new MockClientHttpResponse(HttpStatus.OK);
 		response.getHeaders().setContentType(MediaType.APPLICATION_JSON);
-		response.setBody("{\n"
-			+ "       \"access_token\":\"2YotnFZFEjr1zCsicMWpAA\",\n"
-			+ "       \"token_type\":\"Bearer\",\n"
-			+ "       \"expires_in\":3600,\n"
-			+ "       \"refresh_token\":\"tGzv3JOkF0XG5Qx2TlKWIA\",\n"
-			+ "       \"example_parameter\":\"example_value\"\n"
-			+ "     }");
+		response.setBody(
+				"{\n" + "       \"access_token\":\"2YotnFZFEjr1zCsicMWpAA\",\n" + "       \"token_type\":\"Bearer\",\n"
+						+ "       \"expires_in\":3600,\n" + "       \"refresh_token\":\"tGzv3JOkF0XG5Qx2TlKWIA\",\n"
+						+ "       \"example_parameter\":\"example_value\"\n" + "     }");
 
 		Instant now = Instant.now();
 		OAuth2AccessTokenResponse result = extractor.extract(response, this.context).block();
@@ -137,7 +132,6 @@ public class OAuth2BodyExtractorsTests {
 		assertThat(result.getAdditionalParameters()).containsEntry("example_parameter", "example_value");
 	}
 
-
 	@Test
 	// gh-6087
 	public void oauth2AccessTokenResponseWhenMultipleAttributeTypesThenCreated() {
@@ -146,14 +140,10 @@ public class OAuth2BodyExtractorsTests {
 
 		MockClientHttpResponse response = new MockClientHttpResponse(HttpStatus.OK);
 		response.getHeaders().setContentType(MediaType.APPLICATION_JSON);
-		response.setBody("{\n"
-				+ "       \"access_token\":\"2YotnFZFEjr1zCsicMWpAA\",\n"
-				+ "       \"token_type\":\"Bearer\",\n"
-				+ "       \"expires_in\":3600,\n"
-				+ "       \"refresh_token\":\"tGzv3JOkF0XG5Qx2TlKWIA\",\n"
-				+ "       \"subjson\":{}, \n"
-				+ "		  \"list\":[]  \n"
-				+ "     }");
+		response.setBody(
+				"{\n" + "       \"access_token\":\"2YotnFZFEjr1zCsicMWpAA\",\n" + "       \"token_type\":\"Bearer\",\n"
+						+ "       \"expires_in\":3600,\n" + "       \"refresh_token\":\"tGzv3JOkF0XG5Qx2TlKWIA\",\n"
+						+ "       \"subjson\":{}, \n" + "		  \"list\":[]  \n" + "     }");
 
 		Instant now = Instant.now();
 		OAuth2AccessTokenResponse result = extractor.extract(response, this.context).block();
@@ -165,4 +155,5 @@ public class OAuth2BodyExtractorsTests {
 		assertThat(result.getAdditionalParameters().get("subjson")).isInstanceOfAny(Map.class);
 		assertThat(result.getAdditionalParameters().get("list")).isInstanceOfAny(List.class);
 	}
+
 }
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jose/jws/JwsAlgorithm.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jose/jws/JwsAlgorithm.java
index d815208940..59f66b248a 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jose/jws/JwsAlgorithm.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jose/jws/JwsAlgorithm.java
@@ -16,15 +16,19 @@
 package org.springframework.security.oauth2.jose.jws;
 
 /**
- * Super interface for cryptographic algorithms defined by the JSON Web Algorithms (JWA) specification
- * and used by JSON Web Signature (JWS) to digitally sign or create a MAC
- * of the contents of the JWS Protected Header and JWS Payload.
+ * Super interface for cryptographic algorithms defined by the JSON Web Algorithms (JWA)
+ * specification and used by JSON Web Signature (JWS) to digitally sign or create a MAC of
+ * the contents of the JWS Protected Header and JWS Payload.
  *
  * @author Joe Grandja
  * @since 5.2
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc7518">JSON Web Algorithms (JWA)</a>
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc7515">JSON Web Signature (JWS)</a>
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc7518#section-3">Cryptographic Algorithms for Digital Signatures and MACs</a>
+ * @see <a target="_blank" href="https://tools.ietf.org/html/rfc7518">JSON Web Algorithms
+ * (JWA)</a>
+ * @see <a target="_blank" href="https://tools.ietf.org/html/rfc7515">JSON Web Signature
+ * (JWS)</a>
+ * @see <a target="_blank" href=
+ * "https://tools.ietf.org/html/rfc7518#section-3">Cryptographic Algorithms for Digital
+ * Signatures and MACs</a>
  */
 public interface JwsAlgorithm {
 
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jose/jws/JwsAlgorithms.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jose/jws/JwsAlgorithms.java
index b3ef013e6b..c4b26be816 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jose/jws/JwsAlgorithms.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jose/jws/JwsAlgorithms.java
@@ -16,15 +16,19 @@
 package org.springframework.security.oauth2.jose.jws;
 
 /**
- * The cryptographic algorithms defined by the JSON Web Algorithms (JWA) specification
- * and used by JSON Web Signature (JWS) to digitally sign or create a MAC
- * of the contents of the JWS Protected Header and JWS Payload.
+ * The cryptographic algorithms defined by the JSON Web Algorithms (JWA) specification and
+ * used by JSON Web Signature (JWS) to digitally sign or create a MAC of the contents of
+ * the JWS Protected Header and JWS Payload.
  *
  * @author Joe Grandja
  * @since 5.0
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc7518">JSON Web Algorithms (JWA)</a>
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc7515">JSON Web Signature (JWS)</a>
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc7518#section-3">Cryptographic Algorithms for Digital Signatures and MACs</a>
+ * @see <a target="_blank" href="https://tools.ietf.org/html/rfc7518">JSON Web Algorithms
+ * (JWA)</a>
+ * @see <a target="_blank" href="https://tools.ietf.org/html/rfc7515">JSON Web Signature
+ * (JWS)</a>
+ * @see <a target="_blank" href=
+ * "https://tools.ietf.org/html/rfc7518#section-3">Cryptographic Algorithms for Digital
+ * Signatures and MACs</a>
  */
 public interface JwsAlgorithms {
 
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jose/jws/MacAlgorithm.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jose/jws/MacAlgorithm.java
index 2f525b9a5c..6e0b02967c 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jose/jws/MacAlgorithm.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jose/jws/MacAlgorithm.java
@@ -15,17 +15,21 @@
  */
 package org.springframework.security.oauth2.jose.jws;
 
-
 /**
- * An enumeration of the cryptographic algorithms defined by the JSON Web Algorithms (JWA) specification
- * and used by JSON Web Signature (JWS) to create a MAC of the contents of the JWS Protected Header and JWS Payload.
+ * An enumeration of the cryptographic algorithms defined by the JSON Web Algorithms (JWA)
+ * specification and used by JSON Web Signature (JWS) to create a MAC of the contents of
+ * the JWS Protected Header and JWS Payload.
  *
  * @author Joe Grandja
  * @since 5.2
  * @see JwsAlgorithm
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc7518">JSON Web Algorithms (JWA)</a>
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc7515">JSON Web Signature (JWS)</a>
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc7518#section-3">Cryptographic Algorithms for Digital Signatures and MACs</a>
+ * @see <a target="_blank" href="https://tools.ietf.org/html/rfc7518">JSON Web Algorithms
+ * (JWA)</a>
+ * @see <a target="_blank" href="https://tools.ietf.org/html/rfc7515">JSON Web Signature
+ * (JWS)</a>
+ * @see <a target="_blank" href=
+ * "https://tools.ietf.org/html/rfc7518#section-3">Cryptographic Algorithms for Digital
+ * Signatures and MACs</a>
  */
 public enum MacAlgorithm implements JwsAlgorithm {
 
@@ -44,7 +48,6 @@ public enum MacAlgorithm implements JwsAlgorithm {
 	 */
 	HS512(JwsAlgorithms.HS512);
 
-
 	private final String name;
 
 	MacAlgorithm(String name) {
@@ -53,7 +56,6 @@ public enum MacAlgorithm implements JwsAlgorithm {
 
 	/**
 	 * Attempt to resolve the provided algorithm name to a {@code MacAlgorithm}.
-	 *
 	 * @param name the algorithm name
 	 * @return the resolved {@code MacAlgorithm}, or {@code null} if not found
 	 */
@@ -68,11 +70,11 @@ public enum MacAlgorithm implements JwsAlgorithm {
 
 	/**
 	 * Returns the algorithm name.
-	 *
 	 * @return the algorithm name
 	 */
 	@Override
 	public String getName() {
 		return this.name;
 	}
+
 }
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jose/jws/SignatureAlgorithm.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jose/jws/SignatureAlgorithm.java
index 8ea0d884b7..6e572209f6 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jose/jws/SignatureAlgorithm.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jose/jws/SignatureAlgorithm.java
@@ -16,15 +16,20 @@
 package org.springframework.security.oauth2.jose.jws;
 
 /**
- * An enumeration of the cryptographic algorithms defined by the JSON Web Algorithms (JWA) specification
- * and used by JSON Web Signature (JWS) to digitally sign the contents of the JWS Protected Header and JWS Payload.
+ * An enumeration of the cryptographic algorithms defined by the JSON Web Algorithms (JWA)
+ * specification and used by JSON Web Signature (JWS) to digitally sign the contents of
+ * the JWS Protected Header and JWS Payload.
  *
  * @author Joe Grandja
  * @since 5.2
  * @see JwsAlgorithm
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc7518">JSON Web Algorithms (JWA)</a>
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc7515">JSON Web Signature (JWS)</a>
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc7518#section-3">Cryptographic Algorithms for Digital Signatures and MACs</a>
+ * @see <a target="_blank" href="https://tools.ietf.org/html/rfc7518">JSON Web Algorithms
+ * (JWA)</a>
+ * @see <a target="_blank" href="https://tools.ietf.org/html/rfc7515">JSON Web Signature
+ * (JWS)</a>
+ * @see <a target="_blank" href=
+ * "https://tools.ietf.org/html/rfc7518#section-3">Cryptographic Algorithms for Digital
+ * Signatures and MACs</a>
  */
 public enum SignatureAlgorithm implements JwsAlgorithm {
 
@@ -73,7 +78,6 @@ public enum SignatureAlgorithm implements JwsAlgorithm {
 	 */
 	PS512(JwsAlgorithms.PS512);
 
-
 	private final String name;
 
 	SignatureAlgorithm(String name) {
@@ -82,7 +86,6 @@ public enum SignatureAlgorithm implements JwsAlgorithm {
 
 	/**
 	 * Attempt to resolve the provided algorithm name to a {@code SignatureAlgorithm}.
-	 *
 	 * @param name the algorithm name
 	 * @return the resolved {@code SignatureAlgorithm}, or {@code null} if not found
 	 */
@@ -97,11 +100,11 @@ public enum SignatureAlgorithm implements JwsAlgorithm {
 
 	/**
 	 * Returns the algorithm name.
-	 *
 	 * @return the algorithm name
 	 */
 	@Override
 	public String getName() {
 		return this.name;
 	}
+
 }
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/BadJwtException.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/BadJwtException.java
index 11aa05b9f9..3a30545179 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/BadJwtException.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/BadJwtException.java
@@ -17,13 +17,15 @@
 package org.springframework.security.oauth2.jwt;
 
 /**
- * An exception similar to {@link org.springframework.security.authentication.BadCredentialsException}
- * that indicates a {@link Jwt} that is invalid in some way.
+ * An exception similar to
+ * {@link org.springframework.security.authentication.BadCredentialsException} that
+ * indicates a {@link Jwt} that is invalid in some way.
  *
  * @author Josh Cummings
  * @since 5.3
  */
 public class BadJwtException extends JwtException {
+
 	public BadJwtException(String message) {
 		super(message);
 	}
@@ -31,4 +33,5 @@ public class BadJwtException extends JwtException {
 	public BadJwtException(String message, Throwable cause) {
 		super(message, cause);
 	}
+
 }
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/Jwt.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/Jwt.java
index e5e09f0117..6e3b431e20 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/Jwt.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/Jwt.java
@@ -34,29 +34,34 @@ import static org.springframework.security.oauth2.jwt.JwtClaimNames.NBF;
 import static org.springframework.security.oauth2.jwt.JwtClaimNames.SUB;
 
 /**
- * An implementation of an {@link AbstractOAuth2Token} representing a JSON Web Token (JWT).
+ * An implementation of an {@link AbstractOAuth2Token} representing a JSON Web Token
+ * (JWT).
  *
  * <p>
  * JWTs represent a set of &quot;claims&quot; as a JSON object that may be encoded in a
- * JSON Web Signature (JWS) and/or JSON Web Encryption (JWE) structure.
- * The JSON object, also known as the JWT Claims Set, consists of one or more claim name/value pairs.
- * The claim name is a {@code String} and the claim value is an arbitrary JSON object.
+ * JSON Web Signature (JWS) and/or JSON Web Encryption (JWE) structure. The JSON object,
+ * also known as the JWT Claims Set, consists of one or more claim name/value pairs. The
+ * claim name is a {@code String} and the claim value is an arbitrary JSON object.
  *
  * @author Joe Grandja
  * @since 5.0
  * @see AbstractOAuth2Token
  * @see JwtClaimAccessor
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc7519">JSON Web Token (JWT)</a>
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc7515">JSON Web Signature (JWS)</a>
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc7516">JSON Web Encryption (JWE)</a>
+ * @see <a target="_blank" href="https://tools.ietf.org/html/rfc7519">JSON Web Token
+ * (JWT)</a>
+ * @see <a target="_blank" href="https://tools.ietf.org/html/rfc7515">JSON Web Signature
+ * (JWS)</a>
+ * @see <a target="_blank" href="https://tools.ietf.org/html/rfc7516">JSON Web Encryption
+ * (JWE)</a>
  */
 public class Jwt extends AbstractOAuth2Token implements JwtClaimAccessor {
+
 	private final Map<String, Object> headers;
+
 	private final Map<String, Object> claims;
 
 	/**
 	 * Constructs a {@code Jwt} using the provided parameters.
-	 *
 	 * @param tokenValue the token value
 	 * @param issuedAt the time at which the JWT was issued
 	 * @param expiresAt the expiration time on or after which the JWT MUST NOT be accepted
@@ -64,8 +69,8 @@ public class Jwt extends AbstractOAuth2Token implements JwtClaimAccessor {
 	 * @param claims the JWT Claims Set
 	 *
 	 */
-	public Jwt(String tokenValue, Instant issuedAt, Instant expiresAt,
-				Map<String, Object> headers, Map<String, Object> claims) {
+	public Jwt(String tokenValue, Instant issuedAt, Instant expiresAt, Map<String, Object> headers,
+			Map<String, Object> claims) {
 		super(tokenValue, issuedAt, expiresAt);
 		Assert.notEmpty(headers, "headers cannot be empty");
 		Assert.notEmpty(claims, "claims cannot be empty");
@@ -75,7 +80,6 @@ public class Jwt extends AbstractOAuth2Token implements JwtClaimAccessor {
 
 	/**
 	 * Returns the JOSE header(s).
-	 *
 	 * @return a {@code Map} of the JOSE header(s)
 	 */
 	public Map<String, Object> getHeaders() {
@@ -84,7 +88,6 @@ public class Jwt extends AbstractOAuth2Token implements JwtClaimAccessor {
 
 	/**
 	 * Returns the JWT Claims Set.
-	 *
 	 * @return a {@code Map} of the JWT Claims Set
 	 */
 	@Override
@@ -94,7 +97,6 @@ public class Jwt extends AbstractOAuth2Token implements JwtClaimAccessor {
 
 	/**
 	 * Return a {@link Jwt.Builder}
-	 *
 	 * @return A {@link Jwt.Builder}
 	 */
 	public static Builder withTokenValue(String tokenValue) {
@@ -109,8 +111,11 @@ public class Jwt extends AbstractOAuth2Token implements JwtClaimAccessor {
 	 * @since 5.2
 	 */
 	public final static class Builder {
+
 		private String tokenValue;
+
 		private final Map<String, Object> claims = new LinkedHashMap<>();
+
 		private final Map<String, Object> headers = new LinkedHashMap<>();
 
 		private Builder(String tokenValue) {
@@ -119,7 +124,6 @@ public class Jwt extends AbstractOAuth2Token implements JwtClaimAccessor {
 
 		/**
 		 * Use this token value in the resulting {@link Jwt}
-		 *
 		 * @param tokenValue The token value to use
 		 * @return the {@link Builder} for further configurations
 		 */
@@ -130,7 +134,6 @@ public class Jwt extends AbstractOAuth2Token implements JwtClaimAccessor {
 
 		/**
 		 * Use this claim in the resulting {@link Jwt}
-		 *
 		 * @param name The claim name
 		 * @param value The claim value
 		 * @return the {@link Builder} for further configurations
@@ -141,8 +144,8 @@ public class Jwt extends AbstractOAuth2Token implements JwtClaimAccessor {
 		}
 
 		/**
-		 * Provides access to every {@link #claim(String, Object)}
-		 * declared so far with the possibility to add, replace, or remove.
+		 * Provides access to every {@link #claim(String, Object)} declared so far with
+		 * the possibility to add, replace, or remove.
 		 * @param claimsConsumer the consumer
 		 * @return the {@link Builder} for further configurations
 		 */
@@ -153,7 +156,6 @@ public class Jwt extends AbstractOAuth2Token implements JwtClaimAccessor {
 
 		/**
 		 * Use this header in the resulting {@link Jwt}
-		 *
 		 * @param name The header name
 		 * @param value The header value
 		 * @return the {@link Builder} for further configurations
@@ -164,8 +166,8 @@ public class Jwt extends AbstractOAuth2Token implements JwtClaimAccessor {
 		}
 
 		/**
-		 * Provides access to every {@link #header(String, Object)}
-		 * declared so far with the possibility to add, replace, or remove.
+		 * Provides access to every {@link #header(String, Object)} declared so far with
+		 * the possibility to add, replace, or remove.
 		 * @param headersConsumer the consumer
 		 * @return the {@link Builder} for further configurations
 		 */
@@ -176,7 +178,6 @@ public class Jwt extends AbstractOAuth2Token implements JwtClaimAccessor {
 
 		/**
 		 * Use this audience in the resulting {@link Jwt}
-		 *
 		 * @param audience The audience(s) to use
 		 * @return the {@link Builder} for further configurations
 		 */
@@ -186,7 +187,6 @@ public class Jwt extends AbstractOAuth2Token implements JwtClaimAccessor {
 
 		/**
 		 * Use this expiration in the resulting {@link Jwt}
-		 *
 		 * @param expiresAt The expiration to use
 		 * @return the {@link Builder} for further configurations
 		 */
@@ -197,7 +197,6 @@ public class Jwt extends AbstractOAuth2Token implements JwtClaimAccessor {
 
 		/**
 		 * Use this identifier in the resulting {@link Jwt}
-		 *
 		 * @param jti The identifier to use
 		 * @return the {@link Builder} for further configurations
 		 */
@@ -208,7 +207,6 @@ public class Jwt extends AbstractOAuth2Token implements JwtClaimAccessor {
 
 		/**
 		 * Use this issued-at timestamp in the resulting {@link Jwt}
-		 *
 		 * @param issuedAt The issued-at timestamp to use
 		 * @return the {@link Builder} for further configurations
 		 */
@@ -219,7 +217,6 @@ public class Jwt extends AbstractOAuth2Token implements JwtClaimAccessor {
 
 		/**
 		 * Use this issuer in the resulting {@link Jwt}
-		 *
 		 * @param issuer The issuer to use
 		 * @return the {@link Builder} for further configurations
 		 */
@@ -230,7 +227,6 @@ public class Jwt extends AbstractOAuth2Token implements JwtClaimAccessor {
 
 		/**
 		 * Use this not-before timestamp in the resulting {@link Jwt}
-		 *
 		 * @param notBefore The not-before timestamp to use
 		 * @return the {@link Builder} for further configurations
 		 */
@@ -241,7 +237,6 @@ public class Jwt extends AbstractOAuth2Token implements JwtClaimAccessor {
 
 		/**
 		 * Use this subject in the resulting {@link Jwt}
-		 *
 		 * @param subject The subject to use
 		 * @return the {@link Builder} for further configurations
 		 */
@@ -252,7 +247,6 @@ public class Jwt extends AbstractOAuth2Token implements JwtClaimAccessor {
 
 		/**
 		 * Build the {@link Jwt}
-		 *
 		 * @return The constructed {@link Jwt}
 		 */
 		public Jwt build() {
@@ -267,5 +261,7 @@ public class Jwt extends AbstractOAuth2Token implements JwtClaimAccessor {
 			}
 			return (Instant) timestamp;
 		}
+
 	}
+
 }
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtClaimAccessor.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtClaimAccessor.java
index f7d5740201..8c9fc4bf4b 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtClaimAccessor.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtClaimAccessor.java
@@ -22,21 +22,22 @@ import java.time.Instant;
 import java.util.List;
 
 /**
- * A {@link ClaimAccessor} for the &quot;claims&quot; that may be contained
- * in the JSON object JWT Claims Set of a JSON Web Token (JWT).
+ * A {@link ClaimAccessor} for the &quot;claims&quot; that may be contained in the JSON
+ * object JWT Claims Set of a JSON Web Token (JWT).
  *
  * @author Joe Grandja
  * @since 5.0
  * @see ClaimAccessor
  * @see JwtClaimNames
  * @see Jwt
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc7519#section-4.1">Registered Claim Names</a>
+ * @see <a target="_blank" href=
+ * "https://tools.ietf.org/html/rfc7519#section-4.1">Registered Claim Names</a>
  */
 public interface JwtClaimAccessor extends ClaimAccessor {
 
 	/**
-	 * Returns the Issuer {@code (iss)} claim which identifies the principal that issued the JWT.
-	 *
+	 * Returns the Issuer {@code (iss)} claim which identifies the principal that issued
+	 * the JWT.
 	 * @return the Issuer identifier
 	 */
 	default URL getIssuer() {
@@ -44,9 +45,8 @@ public interface JwtClaimAccessor extends ClaimAccessor {
 	}
 
 	/**
-	 * Returns the Subject {@code (sub)} claim which identifies the principal
-	 * that is the subject of the JWT.
-	 *
+	 * Returns the Subject {@code (sub)} claim which identifies the principal that is the
+	 * subject of the JWT.
 	 * @return the Subject identifier
 	 */
 	default String getSubject() {
@@ -54,9 +54,8 @@ public interface JwtClaimAccessor extends ClaimAccessor {
 	}
 
 	/**
-	 * Returns the Audience {@code (aud)} claim which identifies the recipient(s)
-	 * that the JWT is intended for.
-	 *
+	 * Returns the Audience {@code (aud)} claim which identifies the recipient(s) that the
+	 * JWT is intended for.
 	 * @return the Audience(s) that this JWT intended for
 	 */
 	default List<String> getAudience() {
@@ -64,28 +63,28 @@ public interface JwtClaimAccessor extends ClaimAccessor {
 	}
 
 	/**
-	 * Returns the Expiration time {@code (exp)} claim which identifies the expiration time
-	 * on or after which the JWT MUST NOT be accepted for processing.
-	 *
-	 * @return the Expiration time on or after which the JWT MUST NOT be accepted for processing
+	 * Returns the Expiration time {@code (exp)} claim which identifies the expiration
+	 * time on or after which the JWT MUST NOT be accepted for processing.
+	 * @return the Expiration time on or after which the JWT MUST NOT be accepted for
+	 * processing
 	 */
 	default Instant getExpiresAt() {
 		return this.getClaimAsInstant(JwtClaimNames.EXP);
 	}
 
 	/**
-	 * Returns the Not Before {@code (nbf)} claim which identifies the time
-	 * before which the JWT MUST NOT be accepted for processing.
-	 *
-	 * @return the Not Before time before which the JWT MUST NOT be accepted for processing
+	 * Returns the Not Before {@code (nbf)} claim which identifies the time before which
+	 * the JWT MUST NOT be accepted for processing.
+	 * @return the Not Before time before which the JWT MUST NOT be accepted for
+	 * processing
 	 */
 	default Instant getNotBefore() {
 		return this.getClaimAsInstant(JwtClaimNames.NBF);
 	}
 
 	/**
-	 * Returns the Issued at {@code (iat)} claim which identifies the time at which the JWT was issued.
-	 *
+	 * Returns the Issued at {@code (iat)} claim which identifies the time at which the
+	 * JWT was issued.
 	 * @return the Issued at claim which identifies the time at which the JWT was issued
 	 */
 	default Instant getIssuedAt() {
@@ -93,11 +92,12 @@ public interface JwtClaimAccessor extends ClaimAccessor {
 	}
 
 	/**
-	 * Returns the JWT ID {@code (jti)} claim which provides a unique identifier for the JWT.
-	 *
+	 * Returns the JWT ID {@code (jti)} claim which provides a unique identifier for the
+	 * JWT.
 	 * @return the JWT ID claim which provides a unique identifier for the JWT
 	 */
 	default String getId() {
 		return this.getClaimAsString(JwtClaimNames.JTI);
 	}
+
 }
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtClaimNames.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtClaimNames.java
index aad5c0f452..247c3a8818 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtClaimNames.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtClaimNames.java
@@ -16,13 +16,14 @@
 package org.springframework.security.oauth2.jwt;
 
 /**
- * The Registered Claim Names defined by the JSON Web Token (JWT) specification
- * that may be contained in the JSON object JWT Claims Set.
+ * The Registered Claim Names defined by the JSON Web Token (JWT) specification that may
+ * be contained in the JSON object JWT Claims Set.
  *
  * @author Joe Grandja
  * @since 5.0
  * @see JwtClaimAccessor
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc7519#section-4">JWT Claims</a>
+ * @see <a target="_blank" href="https://tools.ietf.org/html/rfc7519#section-4">JWT
+ * Claims</a>
  */
 public interface JwtClaimNames {
 
@@ -32,22 +33,26 @@ public interface JwtClaimNames {
 	String ISS = "iss";
 
 	/**
-	 * {@code sub} - the Subject claim identifies the principal that is the subject of the JWT
+	 * {@code sub} - the Subject claim identifies the principal that is the subject of the
+	 * JWT
 	 */
 	String SUB = "sub";
 
 	/**
-	 * {@code aud} - the Audience claim identifies the recipient(s) that the JWT is intended for
+	 * {@code aud} - the Audience claim identifies the recipient(s) that the JWT is
+	 * intended for
 	 */
 	String AUD = "aud";
 
 	/**
-	 * {@code exp} - the Expiration time claim identifies the expiration time on or after which the JWT MUST NOT be accepted for processing
+	 * {@code exp} - the Expiration time claim identifies the expiration time on or after
+	 * which the JWT MUST NOT be accepted for processing
 	 */
 	String EXP = "exp";
 
 	/**
-	 * {@code nbf} - the Not Before claim identifies the time before which the JWT MUST NOT be accepted for processing
+	 * {@code nbf} - the Not Before claim identifies the time before which the JWT MUST
+	 * NOT be accepted for processing
 	 */
 	String NBF = "nbf";
 
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtClaimValidator.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtClaimValidator.java
index c9b4a91d5b..fb0882a658 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtClaimValidator.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtClaimValidator.java
@@ -15,32 +15,36 @@
  */
 package org.springframework.security.oauth2.jwt;
 
+import java.util.function.Predicate;
+
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+
 import org.springframework.security.oauth2.core.OAuth2Error;
 import org.springframework.security.oauth2.core.OAuth2ErrorCodes;
 import org.springframework.security.oauth2.core.OAuth2TokenValidator;
 import org.springframework.security.oauth2.core.OAuth2TokenValidatorResult;
 import org.springframework.util.Assert;
 
-import java.util.function.Predicate;
-
 /**
- * Validates a claim in a {@link Jwt} against a provided {@link java.util.function.Predicate}
+ * Validates a claim in a {@link Jwt} against a provided
+ * {@link java.util.function.Predicate}
  *
  * @author Zeeshan Adnan
  * @since 5.3
  */
 public final class JwtClaimValidator<T> implements OAuth2TokenValidator<Jwt> {
+
 	private final Log logger = LogFactory.getLog(getClass());
 
 	private final String claim;
+
 	private final Predicate<T> test;
+
 	private final OAuth2Error error;
 
 	/**
 	 * Constructs a {@link JwtClaimValidator} using the provided parameters
-	 *
 	 * @param claim - is the name of the claim in {@link Jwt} to validate.
 	 * @param test - is the predicate function for the claim to test against.
 	 */
@@ -49,8 +53,7 @@ public final class JwtClaimValidator<T> implements OAuth2TokenValidator<Jwt> {
 		Assert.notNull(test, "test can not be null");
 		this.claim = claim;
 		this.test = test;
-		this.error = new OAuth2Error(OAuth2ErrorCodes.INVALID_REQUEST,
-				"The " + this.claim + " claim is not valid",
+		this.error = new OAuth2Error(OAuth2ErrorCodes.INVALID_REQUEST, "The " + this.claim + " claim is not valid",
 				"https://tools.ietf.org/html/rfc6750#section-3.1");
 	}
 
@@ -61,11 +64,13 @@ public final class JwtClaimValidator<T> implements OAuth2TokenValidator<Jwt> {
 	public OAuth2TokenValidatorResult validate(Jwt token) {
 		Assert.notNull(token, "token cannot be null");
 		T claimValue = token.getClaim(this.claim);
-		if (test.test(claimValue)) {
+		if (this.test.test(claimValue)) {
 			return OAuth2TokenValidatorResult.success();
-		} else {
-			logger.debug(error.getDescription());
-			return OAuth2TokenValidatorResult.failure(error);
+		}
+		else {
+			this.logger.debug(this.error.getDescription());
+			return OAuth2TokenValidatorResult.failure(this.error);
 		}
 	}
+
 }
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtDecoder.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtDecoder.java
index 020f6362eb..e1a47036f4 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtDecoder.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtDecoder.java
@@ -16,33 +16,39 @@
 package org.springframework.security.oauth2.jwt;
 
 /**
- * Implementations of this interface are responsible for &quot;decoding&quot;
- * a JSON Web Token (JWT) from it's compact claims representation format to a {@link Jwt}.
+ * Implementations of this interface are responsible for &quot;decoding&quot; a JSON Web
+ * Token (JWT) from it's compact claims representation format to a {@link Jwt}.
  *
  * <p>
- * JWTs may be represented using the JWS Compact Serialization format for a
- * JSON Web Signature (JWS) structure or JWE Compact Serialization format for a
- * JSON Web Encryption (JWE) structure. Therefore, implementors are responsible
- * for verifying a JWS and/or decrypting a JWE.
+ * JWTs may be represented using the JWS Compact Serialization format for a JSON Web
+ * Signature (JWS) structure or JWE Compact Serialization format for a JSON Web Encryption
+ * (JWE) structure. Therefore, implementors are responsible for verifying a JWS and/or
+ * decrypting a JWE.
  *
  * @author Joe Grandja
  * @since 5.0
  * @see Jwt
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc7519">JSON Web Token (JWT)</a>
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc7515">JSON Web Signature (JWS)</a>
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc7516">JSON Web Encryption (JWE)</a>
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc7515#section-3.1">JWS Compact Serialization</a>
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc7516#section-3.1">JWE Compact Serialization</a>
+ * @see <a target="_blank" href="https://tools.ietf.org/html/rfc7519">JSON Web Token
+ * (JWT)</a>
+ * @see <a target="_blank" href="https://tools.ietf.org/html/rfc7515">JSON Web Signature
+ * (JWS)</a>
+ * @see <a target="_blank" href="https://tools.ietf.org/html/rfc7516">JSON Web Encryption
+ * (JWE)</a>
+ * @see <a target="_blank" href="https://tools.ietf.org/html/rfc7515#section-3.1">JWS
+ * Compact Serialization</a>
+ * @see <a target="_blank" href="https://tools.ietf.org/html/rfc7516#section-3.1">JWE
+ * Compact Serialization</a>
  */
 @FunctionalInterface
 public interface JwtDecoder {
 
 	/**
-	 * Decodes the JWT from it's compact claims representation format and returns a {@link Jwt}.
-	 *
+	 * Decodes the JWT from it's compact claims representation format and returns a
+	 * {@link Jwt}.
 	 * @param token the JWT value
 	 * @return a {@link Jwt}
 	 * @throws JwtException if an error occurs while attempting to decode the JWT
 	 */
 	Jwt decode(String token) throws JwtException;
+
 }
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtDecoderFactory.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtDecoderFactory.java
index 094cc96086..f8d4898238 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtDecoderFactory.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtDecoderFactory.java
@@ -16,22 +16,20 @@
 package org.springframework.security.oauth2.jwt;
 
 /**
- * A factory for {@link JwtDecoder}(s).
- * This factory should be supplied with a type that provides
- * contextual information used to create a specific {@code JwtDecoder}.
+ * A factory for {@link JwtDecoder}(s). This factory should be supplied with a type that
+ * provides contextual information used to create a specific {@code JwtDecoder}.
  *
  * @author Joe Grandja
  * @since 5.2
  * @see JwtDecoder
- *
- * @param <C> The type that provides contextual information used to create a specific {@code JwtDecoder}.
+ * @param <C> The type that provides contextual information used to create a specific
+ * {@code JwtDecoder}.
  */
 @FunctionalInterface
 public interface JwtDecoderFactory<C> {
 
 	/**
 	 * Creates a {@code JwtDecoder} using the supplied "contextual" type.
-	 *
 	 * @param context the type that provides contextual information
 	 * @return a {@link JwtDecoder}
 	 */
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtDecoderProviderConfigurationUtils.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtDecoderProviderConfigurationUtils.java
index 2496abb5b1..b730f48b53 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtDecoderProviderConfigurationUtils.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtDecoderProviderConfigurationUtils.java
@@ -27,21 +27,26 @@ import java.util.Collections;
 import java.util.Map;
 
 /**
- * Allows resolving configuration from an
- * <a href="https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig">OpenID Provider Configuration</a> or
- * <a href="https://tools.ietf.org/html/rfc8414#section-3.1">Authorization Server Metadata Request</a> based on provided
- * issuer and method invoked.
+ * Allows resolving configuration from an <a href=
+ * "https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig">OpenID
+ * Provider Configuration</a> or
+ * <a href="https://tools.ietf.org/html/rfc8414#section-3.1">Authorization Server Metadata
+ * Request</a> based on provided issuer and method invoked.
  *
  * @author Thomas Vitale
  * @author Rafiullah Hamedy
  * @since 5.2
  */
 class JwtDecoderProviderConfigurationUtils {
+
 	private static final String OIDC_METADATA_PATH = "/.well-known/openid-configuration";
+
 	private static final String OAUTH_METADATA_PATH = "/.well-known/oauth-authorization-server";
+
 	private static final RestTemplate rest = new RestTemplate();
-	private static final ParameterizedTypeReference<Map<String, Object>> typeReference =
-			new ParameterizedTypeReference<Map<String, Object>>() {};
+
+	private static final ParameterizedTypeReference<Map<String, Object>> typeReference = new ParameterizedTypeReference<Map<String, Object>>() {
+	};
 
 	static Map<String, Object> getConfigurationForOidcIssuerLocation(String oidcIssuerLocation) {
 		return getConfiguration(oidcIssuerLocation, oidc(URI.create(oidcIssuerLocation)));
@@ -58,14 +63,13 @@ class JwtDecoderProviderConfigurationUtils {
 			metadataIssuer = configuration.get("issuer").toString();
 		}
 		if (!issuer.equals(metadataIssuer)) {
-			throw new IllegalStateException("The Issuer \"" + metadataIssuer + "\" provided in the configuration did not "
-					+ "match the requested issuer \"" + issuer + "\"");
+			throw new IllegalStateException("The Issuer \"" + metadataIssuer
+					+ "\" provided in the configuration did not " + "match the requested issuer \"" + issuer + "\"");
 		}
 	}
 
 	private static Map<String, Object> getConfiguration(String issuer, URI... uris) {
-		String errorMessage = "Unable to resolve the Configuration with the provided Issuer of " +
-				"\"" + issuer + "\"";
+		String errorMessage = "Unable to resolve the Configuration with the provided Issuer of " + "\"" + issuer + "\"";
 		for (URI uri : uris) {
 			try {
 				RequestEntity<Void> request = RequestEntity.get(uri).build();
@@ -77,11 +81,13 @@ class JwtDecoderProviderConfigurationUtils {
 				}
 
 				return configuration;
-			} catch (IllegalArgumentException e) {
+			}
+			catch (IllegalArgumentException e) {
 				throw e;
-			} catch (RuntimeException e) {
-				if (!(e instanceof HttpClientErrorException &&
-						((HttpClientErrorException) e).getStatusCode().is4xxClientError())) {
+			}
+			catch (RuntimeException e) {
+				if (!(e instanceof HttpClientErrorException
+						&& ((HttpClientErrorException) e).getStatusCode().is4xxClientError())) {
 					throw new IllegalArgumentException(errorMessage, e);
 				}
 				// else try another endpoint
@@ -91,20 +97,18 @@ class JwtDecoderProviderConfigurationUtils {
 	}
 
 	private static URI oidc(URI issuer) {
-		return UriComponentsBuilder.fromUri(issuer)
-				.replacePath(issuer.getPath() + OIDC_METADATA_PATH)
+		return UriComponentsBuilder.fromUri(issuer).replacePath(issuer.getPath() + OIDC_METADATA_PATH)
 				.build(Collections.emptyMap());
 	}
 
 	private static URI oidcRfc8414(URI issuer) {
-		return UriComponentsBuilder.fromUri(issuer)
-				.replacePath(OIDC_METADATA_PATH + issuer.getPath())
+		return UriComponentsBuilder.fromUri(issuer).replacePath(OIDC_METADATA_PATH + issuer.getPath())
 				.build(Collections.emptyMap());
 	}
 
 	private static URI oauth(URI issuer) {
-		return UriComponentsBuilder.fromUri(issuer)
-				.replacePath(OAUTH_METADATA_PATH + issuer.getPath())
+		return UriComponentsBuilder.fromUri(issuer).replacePath(OAUTH_METADATA_PATH + issuer.getPath())
 				.build(Collections.emptyMap());
 	}
+
 }
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtDecoders.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtDecoders.java
index 0d2f233198..b4acb42b9b 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtDecoders.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtDecoders.java
@@ -23,10 +23,11 @@ import org.springframework.util.Assert;
 import static org.springframework.security.oauth2.jwt.NimbusJwtDecoder.withJwkSetUri;
 
 /**
- * Allows creating a {@link JwtDecoder} from an
- * <a href="https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig">OpenID Provider Configuration</a> or
- * <a href="https://tools.ietf.org/html/rfc8414#section-3.1">Authorization Server Metadata Request</a> based on provided
- * issuer and method invoked.
+ * Allows creating a {@link JwtDecoder} from an <a href=
+ * "https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig">OpenID
+ * Provider Configuration</a> or
+ * <a href="https://tools.ietf.org/html/rfc8414#section-3.1">Authorization Server Metadata
+ * Request</a> based on provided issuer and method invoked.
  *
  * @author Josh Cummings
  * @author Rafiullah Hamedy
@@ -35,68 +36,69 @@ import static org.springframework.security.oauth2.jwt.NimbusJwtDecoder.withJwkSe
 public final class JwtDecoders {
 
 	/**
-	 * Creates a {@link JwtDecoder} using the provided
-	 * <a href="https://openid.net/specs/openid-connect-core-1_0.html#IssuerIdentifier">Issuer</a> by making an
-	 * <a href="https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationRequest">OpenID Provider
-	 * Configuration Request</a> and using the values in the
-	 * <a href="https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationResponse">OpenID
+	 * Creates a {@link JwtDecoder} using the provided <a href=
+	 * "https://openid.net/specs/openid-connect-core-1_0.html#IssuerIdentifier">Issuer</a>
+	 * by making an <a href=
+	 * "https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationRequest">OpenID
+	 * Provider Configuration Request</a> and using the values in the <a href=
+	 * "https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationResponse">OpenID
 	 * Provider Configuration Response</a> to initialize the {@link JwtDecoder}.
-	 *
-	 * @param oidcIssuerLocation the <a href="https://openid.net/specs/openid-connect-core-1_0.html#IssuerIdentifier">Issuer</a>
-	 * @return a {@link JwtDecoder} that was initialized by the OpenID Provider Configuration.
+	 * @param oidcIssuerLocation the <a href=
+	 * "https://openid.net/specs/openid-connect-core-1_0.html#IssuerIdentifier">Issuer</a>
+	 * @return a {@link JwtDecoder} that was initialized by the OpenID Provider
+	 * Configuration.
 	 */
 	public static JwtDecoder fromOidcIssuerLocation(String oidcIssuerLocation) {
 		Assert.hasText(oidcIssuerLocation, "oidcIssuerLocation cannot be empty");
-		Map<String, Object> configuration = JwtDecoderProviderConfigurationUtils.getConfigurationForOidcIssuerLocation(oidcIssuerLocation);
+		Map<String, Object> configuration = JwtDecoderProviderConfigurationUtils
+				.getConfigurationForOidcIssuerLocation(oidcIssuerLocation);
 		return withProviderConfiguration(configuration, oidcIssuerLocation);
 	}
 
 	/**
-	 * Creates a {@link JwtDecoder} using the provided
-	 * <a href="https://openid.net/specs/openid-connect-core-1_0.html#IssuerIdentifier">Issuer</a> by querying
-	 * three different discovery endpoints serially, using the values in the first successful response to
-	 * initialize. If an endpoint returns anything other than a 200 or a 4xx, the method will exit without
-	 * attempting subsequent endpoints.
+	 * Creates a {@link JwtDecoder} using the provided <a href=
+	 * "https://openid.net/specs/openid-connect-core-1_0.html#IssuerIdentifier">Issuer</a>
+	 * by querying three different discovery endpoints serially, using the values in the
+	 * first successful response to initialize. If an endpoint returns anything other than
+	 * a 200 or a 4xx, the method will exit without attempting subsequent endpoints.
 	 *
-	 * The three endpoints are computed as follows, given that the {@code issuer} is composed of a {@code host}
-	 * and a {@code path}:
+	 * The three endpoints are computed as follows, given that the {@code issuer} is
+	 * composed of a {@code host} and a {@code path}:
 	 *
 	 * <ol>
-	 * 	<li>
-	 * 	   {@code host/.well-known/openid-configuration/path}, as defined in
-	 * 	   <a href="https://tools.ietf.org/html/rfc8414#section-5">RFC 8414's Compatibility Notes</a>.
-	 *  </li>
-	 *  <li>
-	 *      {@code issuer/.well-known/openid-configuration}, as defined in
-	 *  	<a href="https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationRequest">
-	 * 	    OpenID Provider Configuration</a>.
-	 *  </li>
-	 *  <li>
-	 *      {@code host/.well-known/oauth-authorization-server/path}, as defined in
-	 *  	<a href="https://tools.ietf.org/html/rfc8414#section-3.1">Authorization Server Metadata Request</a>.
-	 *  </li>
+	 * <li>{@code host/.well-known/openid-configuration/path}, as defined in
+	 * <a href="https://tools.ietf.org/html/rfc8414#section-5">RFC 8414's Compatibility
+	 * Notes</a>.</li>
+	 * <li>{@code issuer/.well-known/openid-configuration}, as defined in <a href=
+	 * "https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationRequest">
+	 * OpenID Provider Configuration</a>.</li>
+	 * <li>{@code host/.well-known/oauth-authorization-server/path}, as defined in
+	 * <a href="https://tools.ietf.org/html/rfc8414#section-3.1">Authorization Server
+	 * Metadata Request</a>.</li>
 	 * </ol>
 	 *
 	 * Note that the second endpoint is the equivalent of calling
 	 * {@link JwtDecoders#fromOidcIssuerLocation(String)}
-	 *
-	 * @param issuer the <a href="https://openid.net/specs/openid-connect-core-1_0.html#IssuerIdentifier">Issuer</a>
+	 * @param issuer the <a href=
+	 * "https://openid.net/specs/openid-connect-core-1_0.html#IssuerIdentifier">Issuer</a>
 	 * @return a {@link JwtDecoder} that was initialized by one of the described endpoints
 	 */
 	public static JwtDecoder fromIssuerLocation(String issuer) {
 		Assert.hasText(issuer, "issuer cannot be empty");
-		Map<String, Object> configuration = JwtDecoderProviderConfigurationUtils.getConfigurationForIssuerLocation(issuer);
+		Map<String, Object> configuration = JwtDecoderProviderConfigurationUtils
+				.getConfigurationForIssuerLocation(issuer);
 		return withProviderConfiguration(configuration, issuer);
 	}
 
 	/**
-	 * Validate provided issuer and build {@link JwtDecoder} from
-	 * <a href="https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationResponse">OpenID Provider
-	 * Configuration Response</a> and <a href="https://tools.ietf.org/html/rfc8414#section-3.2">Authorization Server Metadata
-	 * Response</a>.
-	 *
+	 * Validate provided issuer and build {@link JwtDecoder} from <a href=
+	 * "https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationResponse">OpenID
+	 * Provider Configuration Response</a> and
+	 * <a href="https://tools.ietf.org/html/rfc8414#section-3.2">Authorization Server
+	 * Metadata Response</a>.
 	 * @param configuration the configuration values
-	 * @param issuer the <a href="https://openid.net/specs/openid-connect-core-1_0.html#IssuerIdentifier">Issuer</a>
+	 * @param issuer the <a href=
+	 * "https://openid.net/specs/openid-connect-core-1_0.html#IssuerIdentifier">Issuer</a>
 	 * @return {@link JwtDecoder}
 	 */
 	private static JwtDecoder withProviderConfiguration(Map<String, Object> configuration, String issuer) {
@@ -108,5 +110,7 @@ public final class JwtDecoders {
 		return jwtDecoder;
 	}
 
-	private JwtDecoders() {}
+	private JwtDecoders() {
+	}
+
 }
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtException.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtException.java
index fe3f58cadb..80f9c9d6f3 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtException.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtException.java
@@ -25,7 +25,6 @@ public class JwtException extends RuntimeException {
 
 	/**
 	 * Constructs a {@code JwtException} using the provided parameters.
-	 *
 	 * @param message the detail message
 	 */
 	public JwtException(String message) {
@@ -34,11 +33,11 @@ public class JwtException extends RuntimeException {
 
 	/**
 	 * Constructs a {@code JwtException} using the provided parameters.
-	 *
 	 * @param message the detail message
 	 * @param cause the root cause
 	 */
 	public JwtException(String message, Throwable cause) {
 		super(message, cause);
 	}
+
 }
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtIssuerValidator.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtIssuerValidator.java
index da9beacce8..6f0c085621 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtIssuerValidator.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtIssuerValidator.java
@@ -33,7 +33,6 @@ public final class JwtIssuerValidator implements OAuth2TokenValidator<Jwt> {
 
 	/**
 	 * Constructs a {@link JwtIssuerValidator} using the provided parameters
-	 *
 	 * @param issuer - The issuer that each {@link Jwt} should have.
 	 */
 	public JwtIssuerValidator(String issuer) {
@@ -49,4 +48,5 @@ public final class JwtIssuerValidator implements OAuth2TokenValidator<Jwt> {
 		Assert.notNull(token, "token cannot be null");
 		return this.validator.validate(token);
 	}
+
 }
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtTimestampValidator.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtTimestampValidator.java
index eef9dc8e8e..21ddb58aab 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtTimestampValidator.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtTimestampValidator.java
@@ -30,20 +30,23 @@ import org.springframework.security.oauth2.core.OAuth2TokenValidatorResult;
 import org.springframework.util.Assert;
 
 /**
- * An implementation of {@link OAuth2TokenValidator} for verifying claims in a Jwt-based access token
+ * An implementation of {@link OAuth2TokenValidator} for verifying claims in a Jwt-based
+ * access token
  *
  * <p>
- * Because clocks can differ between the Jwt source, say the Authorization Server, and its destination, say the
- * Resource Server, there is a default clock leeway exercised when deciding if the current time is within the Jwt's
- * specified operating window
+ * Because clocks can differ between the Jwt source, say the Authorization Server, and its
+ * destination, say the Resource Server, there is a default clock leeway exercised when
+ * deciding if the current time is within the Jwt's specified operating window
  *
  * @author Josh Cummings
  * @since 5.1
  * @see Jwt
  * @see OAuth2TokenValidator
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc7519">JSON Web Token (JWT)</a>
+ * @see <a target="_blank" href="https://tools.ietf.org/html/rfc7519">JSON Web Token
+ * (JWT)</a>
  */
 public final class JwtTimestampValidator implements OAuth2TokenValidator<Jwt> {
+
 	private final Log logger = LogFactory.getLog(getClass());
 
 	private static final Duration DEFAULT_MAX_CLOCK_SKEW = Duration.of(60, ChronoUnit.SECONDS);
@@ -94,21 +97,18 @@ public final class JwtTimestampValidator implements OAuth2TokenValidator<Jwt> {
 
 	private OAuth2Error createOAuth2Error(String reason) {
 		logger.debug(reason);
-		return new OAuth2Error(
-				OAuth2ErrorCodes.INVALID_REQUEST,
-				reason,
+		return new OAuth2Error(OAuth2ErrorCodes.INVALID_REQUEST, reason,
 				"https://tools.ietf.org/html/rfc6750#section-3.1");
 	}
 
 	/**
-	 * '
-	 * Use this {@link Clock} with {@link Instant#now()} for assessing
-	 * timestamp validity
-	 *
+	 * ' Use this {@link Clock} with {@link Instant#now()} for assessing timestamp
+	 * validity
 	 * @param clock
 	 */
 	public void setClock(Clock clock) {
 		Assert.notNull(clock, "clock cannot be null");
 		this.clock = clock;
 	}
+
 }
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtValidationException.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtValidationException.java
index 3ea9e11050..cc028423e0 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtValidationException.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtValidationException.java
@@ -23,13 +23,13 @@ import org.springframework.security.oauth2.core.OAuth2TokenValidatorResult;
 import org.springframework.util.Assert;
 
 /**
- * An exception that results from an unsuccessful
- * {@link OAuth2TokenValidatorResult}
+ * An exception that results from an unsuccessful {@link OAuth2TokenValidatorResult}
  *
  * @author Josh Cummings
  * @since 5.1
  */
 public class JwtValidationException extends BadJwtException {
+
 	private final Collection<OAuth2Error> errors;
 
 	/**
@@ -47,9 +47,9 @@ public class JwtValidationException extends BadJwtException {
 	 *  	throw new JwtValidationException(errors.iterator().next().getDescription(), errors);
 	 * 	}
 	 * </pre>
-	 *
 	 * @param message - the exception message
-	 * @param errors - a list of {@link OAuth2Error}s with extra detail about the validation result
+	 * @param errors - a list of {@link OAuth2Error}s with extra detail about the
+	 * validation result
 	 */
 	public JwtValidationException(String message, Collection<OAuth2Error> errors) {
 		super(message);
@@ -65,4 +65,5 @@ public class JwtValidationException extends BadJwtException {
 	public Collection<OAuth2Error> getErrors() {
 		return this.errors;
 	}
+
 }
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtValidators.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtValidators.java
index 9630c944fd..ceb3738fa2 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtValidators.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtValidators.java
@@ -24,6 +24,7 @@ import org.springframework.security.oauth2.core.OAuth2TokenValidator;
 
 /**
  * Provides factory methods for creating {@code OAuth2TokenValidator<Jwt>}
+ *
  * @author Josh Cummings
  * @author Rob Winch
  * @since 5.1
@@ -32,14 +33,17 @@ public final class JwtValidators {
 
 	/**
 	 * <p>
-	 * Create a {@link Jwt} Validator that contains all standard validators when an issuer is known.
+	 * Create a {@link Jwt} Validator that contains all standard validators when an issuer
+	 * is known.
 	 * </p>
 	 * <p>
-	 * User's wanting to leverage the defaults plus additional validation can add the result of this
-	 * method to {@code DelegatingOAuth2TokenValidator} along with the additional validators.
+	 * User's wanting to leverage the defaults plus additional validation can add the
+	 * result of this method to {@code DelegatingOAuth2TokenValidator} along with the
+	 * additional validators.
 	 * </p>
 	 * @param issuer the issuer
-	 * @return - a delegating validator containing all standard validators as well as any supplied
+	 * @return - a delegating validator containing all standard validators as well as any
+	 * supplied
 	 */
 	public static OAuth2TokenValidator<Jwt> createDefaultWithIssuer(String issuer) {
 		List<OAuth2TokenValidator<Jwt>> validators = new ArrayList<>();
@@ -53,14 +57,18 @@ public final class JwtValidators {
 	 * Create a {@link Jwt} Validator that contains all standard validators.
 	 * </p>
 	 * <p>
-	 * User's wanting to leverage the defaults plus additional validation can add the result of this
-	 * method to {@code DelegatingOAuth2TokenValidator} along with the additional validators.
+	 * User's wanting to leverage the defaults plus additional validation can add the
+	 * result of this method to {@code DelegatingOAuth2TokenValidator} along with the
+	 * additional validators.
 	 * </p>
-	 * @return - a delegating validator containing all standard validators as well as any supplied
+	 * @return - a delegating validator containing all standard validators as well as any
+	 * supplied
 	 */
 	public static OAuth2TokenValidator<Jwt> createDefault() {
 		return new DelegatingOAuth2TokenValidator<>(Arrays.asList(new JwtTimestampValidator()));
 	}
 
-	private JwtValidators() {}
+	private JwtValidators() {
+	}
+
 }
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/MappedJwtClaimSetConverter.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/MappedJwtClaimSetConverter.java
index 50a6d382dc..bb8d502446 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/MappedJwtClaimSetConverter.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/MappedJwtClaimSetConverter.java
@@ -31,27 +31,33 @@ import java.util.HashMap;
 import java.util.Map;
 
 /**
- * Converts a JWT claim set, claim by claim. Can be configured with custom converters
- * by claim name.
+ * Converts a JWT claim set, claim by claim. Can be configured with custom converters by
+ * claim name.
  *
  * @author Josh Cummings
  * @since 5.1
  * @see ClaimTypeConverter
  */
 public final class MappedJwtClaimSetConverter implements Converter<Map<String, Object>, Map<String, Object>> {
+
 	private final static ConversionService CONVERSION_SERVICE = ClaimConversionService.getSharedInstance();
+
 	private final static TypeDescriptor OBJECT_TYPE_DESCRIPTOR = TypeDescriptor.valueOf(Object.class);
+
 	private final static TypeDescriptor STRING_TYPE_DESCRIPTOR = TypeDescriptor.valueOf(String.class);
+
 	private final static TypeDescriptor INSTANT_TYPE_DESCRIPTOR = TypeDescriptor.valueOf(Instant.class);
+
 	private final static TypeDescriptor URL_TYPE_DESCRIPTOR = TypeDescriptor.valueOf(URL.class);
+
 	private final Map<String, Converter<Object, ?>> claimTypeConverters;
+
 	private final Converter<Map<String, Object>, Map<String, Object>> delegate;
 
 	/**
 	 * Constructs a {@link MappedJwtClaimSetConverter} with the provided arguments
 	 *
 	 * This will completely replace any set of default converters.
-	 *
 	 * @param claimTypeConverters The {@link Map} of converters to use
 	 */
 	public MappedJwtClaimSetConverter(Map<String, Converter<Object, ?>> claimTypeConverters) {
@@ -64,26 +70,26 @@ public final class MappedJwtClaimSetConverter implements Converter<Map<String, O
 	 * Construct a {@link MappedJwtClaimSetConverter}, overriding individual claim
 	 * converters with the provided {@link Map} of {@link Converter}s.
 	 *
-	 * For example, the following would give an instance that is configured with only the default
-	 * claim converters:
+	 * For example, the following would give an instance that is configured with only the
+	 * default claim converters:
 	 *
 	 * <pre>
 	 * 	MappedJwtClaimSetConverter.withDefaults(Collections.emptyMap());
 	 * </pre>
 	 *
-	 * Or, the following would supply a custom converter for the subject, leaving the other defaults
-	 * in place:
+	 * Or, the following would supply a custom converter for the subject, leaving the
+	 * other defaults in place:
 	 *
 	 * <pre>
 	 * 	MappedJwtClaimsSetConverter.withDefaults(
 	 * 		Collections.singletonMap(JwtClaimNames.SUB, new UserDetailsServiceJwtSubjectConverter()));
 	 * </pre>
 	 *
-	 * To completely replace the underlying {@link Map} of converters, see {@link MappedJwtClaimSetConverter#MappedJwtClaimSetConverter(Map)}.
-	 *
+	 * To completely replace the underlying {@link Map} of converters, see
+	 * {@link MappedJwtClaimSetConverter#MappedJwtClaimSetConverter(Map)}.
 	 * @param claimTypeConverters
-	 * @return An instance of {@link MappedJwtClaimSetConverter} that contains the converters provided,
-	 *   plus any defaults that were not overridden.
+	 * @return An instance of {@link MappedJwtClaimSetConverter} that contains the
+	 * converters provided, plus any defaults that were not overridden.
 	 */
 	public static MappedJwtClaimSetConverter withDefaults(Map<String, Converter<Object, ?>> claimTypeConverters) {
 		Assert.notNull(claimTypeConverters, "claimTypeConverters cannot be null");
@@ -131,7 +137,8 @@ public final class MappedJwtClaimSetConverter implements Converter<Map<String, O
 		if (source instanceof String && ((String) source).contains(":")) {
 			try {
 				return new URI((String) source).toString();
-			} catch (Exception ex) {
+			}
+			catch (Exception ex) {
 				throw new IllegalStateException("Could not coerce " + source + " into a URI String", ex);
 			}
 		}
@@ -178,4 +185,5 @@ public final class MappedJwtClaimSetConverter implements Converter<Map<String, O
 		}
 		return result;
 	}
+
 }
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoder.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoder.java
index 317d23a30d..5c0ebbd528 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoder.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoder.java
@@ -69,7 +69,8 @@ import org.springframework.web.client.RestOperations;
 import org.springframework.web.client.RestTemplate;
 
 /**
- * A low-level Nimbus implementation of {@link JwtDecoder} which takes a raw Nimbus configuration.
+ * A low-level Nimbus implementation of {@link JwtDecoder} which takes a raw Nimbus
+ * configuration.
  *
  * @author Josh Cummings
  * @author Joe Grandja
@@ -77,18 +78,18 @@ import org.springframework.web.client.RestTemplate;
  * @since 5.2
  */
 public final class NimbusJwtDecoder implements JwtDecoder {
-	private static final String DECODING_ERROR_MESSAGE_TEMPLATE =
-			"An error occurred while attempting to decode the Jwt: %s";
+
+	private static final String DECODING_ERROR_MESSAGE_TEMPLATE = "An error occurred while attempting to decode the Jwt: %s";
 
 	private final JWTProcessor<SecurityContext> jwtProcessor;
 
-	private Converter<Map<String, Object>, Map<String, Object>> claimSetConverter =
-			MappedJwtClaimSetConverter.withDefaults(Collections.emptyMap());
+	private Converter<Map<String, Object>, Map<String, Object>> claimSetConverter = MappedJwtClaimSetConverter
+			.withDefaults(Collections.emptyMap());
+
 	private OAuth2TokenValidator<Jwt> jwtValidator = JwtValidators.createDefault();
 
 	/**
 	 * Configures a {@link NimbusJwtDecoder} with the given parameters
-	 *
 	 * @param jwtProcessor - the {@link JWTProcessor} to use
 	 */
 	public NimbusJwtDecoder(JWTProcessor<SecurityContext> jwtProcessor) {
@@ -98,7 +99,6 @@ public final class NimbusJwtDecoder implements JwtDecoder {
 
 	/**
 	 * Use this {@link Jwt} Validator
-	 *
 	 * @param jwtValidator - the Jwt Validator to use
 	 */
 	public void setJwtValidator(OAuth2TokenValidator<Jwt> jwtValidator) {
@@ -108,7 +108,6 @@ public final class NimbusJwtDecoder implements JwtDecoder {
 
 	/**
 	 * Use the following {@link Converter} for manipulating the JWT's claim set
-	 *
 	 * @param claimSetConverter the {@link Converter} to use
 	 */
 	public void setClaimSetConverter(Converter<Map<String, Object>, Map<String, Object>> claimSetConverter) {
@@ -118,7 +117,6 @@ public final class NimbusJwtDecoder implements JwtDecoder {
 
 	/**
 	 * Decode and validate the JWT from its compact claims representation format
-	 *
 	 * @param token the JWT value
 	 * @return a validated {@link Jwt}
 	 * @throws JwtException
@@ -136,7 +134,8 @@ public final class NimbusJwtDecoder implements JwtDecoder {
 	private JWT parse(String token) {
 		try {
 			return JWTParser.parse(token);
-		} catch (Exception ex) {
+		}
+		catch (Exception ex) {
 			throw new BadJwtException(String.format(DECODING_ERROR_MESSAGE_TEMPLATE, ex.getMessage()), ex);
 		}
 	}
@@ -149,51 +148,50 @@ public final class NimbusJwtDecoder implements JwtDecoder {
 			Map<String, Object> headers = new LinkedHashMap<>(parsedJwt.getHeader().toJSONObject());
 			Map<String, Object> claims = this.claimSetConverter.convert(jwtClaimsSet.getClaims());
 
-			return Jwt.withTokenValue(token)
-					.headers(h -> h.putAll(headers))
-					.claims(c -> c.putAll(claims))
-					.build();
-		} catch (RemoteKeySourceException ex) {
+			return Jwt.withTokenValue(token).headers(h -> h.putAll(headers)).claims(c -> c.putAll(claims)).build();
+		}
+		catch (RemoteKeySourceException ex) {
 			if (ex.getCause() instanceof ParseException) {
 				throw new JwtException(String.format(DECODING_ERROR_MESSAGE_TEMPLATE, "Malformed Jwk set"));
-			} else {
+			}
+			else {
 				throw new JwtException(String.format(DECODING_ERROR_MESSAGE_TEMPLATE, ex.getMessage()), ex);
 			}
-		} catch (JOSEException ex) {
+		}
+		catch (JOSEException ex) {
 			throw new JwtException(String.format(DECODING_ERROR_MESSAGE_TEMPLATE, ex.getMessage()), ex);
-		} catch (Exception ex) {
+		}
+		catch (Exception ex) {
 			if (ex.getCause() instanceof ParseException) {
 				throw new BadJwtException(String.format(DECODING_ERROR_MESSAGE_TEMPLATE, "Malformed payload"));
-			} else {
+			}
+			else {
 				throw new BadJwtException(String.format(DECODING_ERROR_MESSAGE_TEMPLATE, ex.getMessage()), ex);
 			}
 		}
 	}
 
-	private Jwt validateJwt(Jwt jwt){
+	private Jwt validateJwt(Jwt jwt) {
 		OAuth2TokenValidatorResult result = this.jwtValidator.validate(jwt);
 		if (result.hasErrors()) {
 			Collection<OAuth2Error> errors = result.getErrors();
 			String validationErrorString = "Unable to validate Jwt";
 			for (OAuth2Error oAuth2Error : errors) {
 				if (!StringUtils.isEmpty(oAuth2Error.getDescription())) {
-					validationErrorString = String.format(
-							DECODING_ERROR_MESSAGE_TEMPLATE, oAuth2Error.getDescription());
+					validationErrorString = String.format(DECODING_ERROR_MESSAGE_TEMPLATE,
+							oAuth2Error.getDescription());
 					break;
 				}
 			}
-			throw new JwtValidationException(
-					validationErrorString,
-					result.getErrors());
+			throw new JwtValidationException(validationErrorString, result.getErrors());
 		}
 
 		return jwt;
 	}
 
 	/**
-	 * Use the given
-	 * <a href="https://tools.ietf.org/html/rfc7517#section-5">JWK Set</a> uri.
-	 *
+	 * Use the given <a href="https://tools.ietf.org/html/rfc7517#section-5">JWK Set</a>
+	 * uri.
 	 * @param jwkSetUri the JWK Set uri to use
 	 * @return a {@link JwkSetUriJwtDecoderBuilder} for further configurations
 	 */
@@ -203,7 +201,6 @@ public final class NimbusJwtDecoder implements JwtDecoder {
 
 	/**
 	 * Use the given public key to validate JWTs
-	 *
 	 * @param key the public key to use
 	 * @return a {@link PublicKeyJwtDecoderBuilder} for further configurations
 	 */
@@ -213,7 +210,6 @@ public final class NimbusJwtDecoder implements JwtDecoder {
 
 	/**
 	 * Use the given {@code SecretKey} to validate the MAC on a JSON Web Signature (JWS).
-	 *
 	 * @param secretKey the {@code SecretKey} used to validate the MAC
 	 * @return a {@link SecretKeyJwtDecoderBuilder} for further configurations
 	 */
@@ -223,26 +219,32 @@ public final class NimbusJwtDecoder implements JwtDecoder {
 
 	/**
 	 * A builder for creating {@link NimbusJwtDecoder} instances based on a
-	 * <a target="_blank" href="https://tools.ietf.org/html/rfc7517#section-5">JWK Set</a> uri.
+	 * <a target="_blank" href="https://tools.ietf.org/html/rfc7517#section-5">JWK Set</a>
+	 * uri.
 	 */
 	public static final class JwkSetUriJwtDecoderBuilder {
+
 		private String jwkSetUri;
+
 		private Set<SignatureAlgorithm> signatureAlgorithms = new HashSet<>();
+
 		private RestOperations restOperations = new RestTemplate();
+
 		private Cache cache;
+
 		private Consumer<ConfigurableJWTProcessor<SecurityContext>> jwtProcessorCustomizer;
 
 		private JwkSetUriJwtDecoderBuilder(String jwkSetUri) {
 			Assert.hasText(jwkSetUri, "jwkSetUri cannot be empty");
 			this.jwkSetUri = jwkSetUri;
-			this.jwtProcessorCustomizer = (processor) -> {};
+			this.jwtProcessorCustomizer = (processor) -> {
+			};
 		}
 
 		/**
 		 * Append the given signing
-		 * <a href="https://tools.ietf.org/html/rfc7515#section-4.1.1" target="_blank">algorithm</a>
-		 * to the set of algorithms to use.
-		 *
+		 * <a href="https://tools.ietf.org/html/rfc7515#section-4.1.1" target=
+		 * "_blank">algorithm</a> to the set of algorithms to use.
 		 * @param signatureAlgorithm the algorithm to use
 		 * @return a {@link JwkSetUriJwtDecoderBuilder} for further configurations
 		 */
@@ -254,10 +256,10 @@ public final class NimbusJwtDecoder implements JwtDecoder {
 
 		/**
 		 * Configure the list of
-		 * <a href="https://tools.ietf.org/html/rfc7515#section-4.1.1" target="_blank">algorithms</a>
-		 * to use with the given {@link Consumer}.
-		 *
-		 * @param signatureAlgorithmsConsumer a {@link Consumer} for further configuring the algorithm list
+		 * <a href="https://tools.ietf.org/html/rfc7515#section-4.1.1" target=
+		 * "_blank">algorithms</a> to use with the given {@link Consumer}.
+		 * @param signatureAlgorithmsConsumer a {@link Consumer} for further configuring
+		 * the algorithm list
 		 * @return a {@link JwkSetUriJwtDecoderBuilder} for further configurations
 		 */
 		public JwkSetUriJwtDecoderBuilder jwsAlgorithms(Consumer<Set<SignatureAlgorithm>> signatureAlgorithmsConsumer) {
@@ -267,11 +269,11 @@ public final class NimbusJwtDecoder implements JwtDecoder {
 		}
 
 		/**
-		 * Use the given {@link RestOperations} to coordinate with the authorization servers indicated in the
-		 * <a href="https://tools.ietf.org/html/rfc7517#section-5">JWK Set</a> uri
-		 * as well as the
-		 * <a href="https://openid.net/specs/openid-connect-core-1_0.html#IssuerIdentifier">Issuer</a>.
-		 *
+		 * Use the given {@link RestOperations} to coordinate with the authorization
+		 * servers indicated in the
+		 * <a href="https://tools.ietf.org/html/rfc7517#section-5">JWK Set</a> uri as well
+		 * as the <a href=
+		 * "https://openid.net/specs/openid-connect-core-1_0.html#IssuerIdentifier">Issuer</a>.
 		 * @param restOperations
 		 * @return
 		 */
@@ -284,7 +286,6 @@ public final class NimbusJwtDecoder implements JwtDecoder {
 		/**
 		 * Use the given {@link Cache} to store
 		 * <a href="https://tools.ietf.org/html/rfc7517#section-5">JWK Set</a>.
-		 *
 		 * @param cache the {@link Cache} to be used to store JWK Set
 		 * @return a {@link JwkSetUriJwtDecoderBuilder} for further configurations
 		 * @since 5.4
@@ -296,14 +297,15 @@ public final class NimbusJwtDecoder implements JwtDecoder {
 		}
 
 		/**
-		 * Use the given {@link Consumer} to customize the {@link JWTProcessor ConfigurableJWTProcessor} before
-		 * passing it to the build {@link NimbusJwtDecoder}.
-		 *
+		 * Use the given {@link Consumer} to customize the {@link JWTProcessor
+		 * ConfigurableJWTProcessor} before passing it to the build
+		 * {@link NimbusJwtDecoder}.
 		 * @param jwtProcessorCustomizer the callback used to alter the processor
 		 * @return a {@link JwkSetUriJwtDecoderBuilder} for further configurations
 		 * @since 5.4
 		 */
-		public JwkSetUriJwtDecoderBuilder jwtProcessorCustomizer(Consumer<ConfigurableJWTProcessor<SecurityContext>> jwtProcessorCustomizer) {
+		public JwkSetUriJwtDecoderBuilder jwtProcessorCustomizer(
+				Consumer<ConfigurableJWTProcessor<SecurityContext>> jwtProcessorCustomizer) {
 			Assert.notNull(jwtProcessorCustomizer, "jwtProcessorCustomizer cannot be null");
 			this.jwtProcessorCustomizer = jwtProcessorCustomizer;
 			return this;
@@ -312,7 +314,8 @@ public final class NimbusJwtDecoder implements JwtDecoder {
 		JWSKeySelector<SecurityContext> jwsKeySelector(JWKSource<SecurityContext> jwkSource) {
 			if (this.signatureAlgorithms.isEmpty()) {
 				return new JWSVerificationKeySelector<>(JWSAlgorithm.RS256, jwkSource);
-			} else {
+			}
+			else {
 				Set<JWSAlgorithm> jwsAlgorithms = new HashSet<>();
 				for (SignatureAlgorithm signatureAlgorithm : this.signatureAlgorithms) {
 					JWSAlgorithm jwsAlgorithm = JWSAlgorithm.parse(signatureAlgorithm.getName());
@@ -337,7 +340,8 @@ public final class NimbusJwtDecoder implements JwtDecoder {
 			jwtProcessor.setJWSKeySelector(jwsKeySelector(jwkSource));
 
 			// Spring Security validates the claim set independent from Nimbus
-			jwtProcessor.setJWTClaimsSetVerifier((claims, context) -> { });
+			jwtProcessor.setJWTClaimsSetVerifier((claims, context) -> {
+			});
 
 			this.jwtProcessorCustomizer.accept(jwtProcessor);
 
@@ -346,7 +350,6 @@ public final class NimbusJwtDecoder implements JwtDecoder {
 
 		/**
 		 * Build the configured {@link NimbusJwtDecoder}.
-		 *
 		 * @return the configured {@link NimbusJwtDecoder}
 		 */
 		public NimbusJwtDecoder build() {
@@ -356,12 +359,14 @@ public final class NimbusJwtDecoder implements JwtDecoder {
 		private static URL toURL(String url) {
 			try {
 				return new URL(url);
-			} catch (MalformedURLException ex) {
+			}
+			catch (MalformedURLException ex) {
 				throw new IllegalArgumentException("Invalid JWK Set URL \"" + url + "\" : " + ex.getMessage(), ex);
 			}
 		}
 
 		private static class NoOpJwkSetCache implements JWKSetCache {
+
 			@Override
 			public void put(JWKSet jwkSet) {
 			}
@@ -375,10 +380,13 @@ public final class NimbusJwtDecoder implements JwtDecoder {
 			public boolean requiresRefresh() {
 				return true;
 			}
+
 		}
 
 		private static class CachingResourceRetriever implements ResourceRetriever {
+
 			private final Cache cache;
+
 			private final ResourceRetriever resourceRetriever;
 
 			CachingResourceRetriever(Cache cache, ResourceRetriever resourceRetriever) {
@@ -392,22 +400,27 @@ public final class NimbusJwtDecoder implements JwtDecoder {
 				try {
 					jwkSet = this.cache.get(url.toString(),
 							() -> this.resourceRetriever.retrieveResource(url).getContent());
-				} catch (Cache.ValueRetrievalException ex) {
+				}
+				catch (Cache.ValueRetrievalException ex) {
 					Throwable thrownByValueLoader = ex.getCause();
 					if (thrownByValueLoader instanceof IOException) {
 						throw (IOException) thrownByValueLoader;
 					}
 					throw new IOException(thrownByValueLoader);
-				} catch (Exception ex) {
+				}
+				catch (Exception ex) {
 					throw new IOException(ex);
 				}
 
 				return new Resource(jwkSet, "UTF-8");
 			}
+
 		}
 
 		private static class RestOperationsResourceRetriever implements ResourceRetriever {
+
 			private static final MediaType APPLICATION_JWK_SET_JSON = new MediaType("application", "jwk-set+json");
+
 			private final RestOperations restOperations;
 
 			RestOperationsResourceRetriever(RestOperations restOperations) {
@@ -424,7 +437,8 @@ public final class NimbusJwtDecoder implements JwtDecoder {
 				try {
 					RequestEntity<Void> request = new RequestEntity<>(headers, HttpMethod.GET, url.toURI());
 					response = this.restOperations.exchange(request, String.class);
-				} catch (Exception ex) {
+				}
+				catch (Exception ex) {
 					throw new IOException(ex);
 				}
 
@@ -434,31 +448,38 @@ public final class NimbusJwtDecoder implements JwtDecoder {
 
 				return new Resource(response.getBody(), "UTF-8");
 			}
+
 		}
+
 	}
 
 	/**
 	 * A builder for creating {@link NimbusJwtDecoder} instances based on a public key.
 	 */
 	public static final class PublicKeyJwtDecoderBuilder {
+
 		private JWSAlgorithm jwsAlgorithm;
+
 		private RSAPublicKey key;
+
 		private Consumer<ConfigurableJWTProcessor<SecurityContext>> jwtProcessorCustomizer;
 
 		private PublicKeyJwtDecoderBuilder(RSAPublicKey key) {
 			Assert.notNull(key, "key cannot be null");
 			this.jwsAlgorithm = JWSAlgorithm.RS256;
 			this.key = key;
-			this.jwtProcessorCustomizer = (processor) -> {};
+			this.jwtProcessorCustomizer = (processor) -> {
+			};
 		}
 
 		/**
 		 * Use the given signing
-		 * <a href="https://tools.ietf.org/html/rfc7515#section-4.1.1" target="_blank">algorithm</a>.
+		 * <a href="https://tools.ietf.org/html/rfc7515#section-4.1.1" target=
+		 * "_blank">algorithm</a>.
 		 *
 		 * The value should be one of
-		 * <a href="https://tools.ietf.org/html/rfc7518#section-3.3" target="_blank">RS256, RS384, or RS512</a>.
-		 *
+		 * <a href="https://tools.ietf.org/html/rfc7518#section-3.3" target=
+		 * "_blank">RS256, RS384, or RS512</a>.
 		 * @param signatureAlgorithm the algorithm to use
 		 * @return a {@link PublicKeyJwtDecoderBuilder} for further configurations
 		 */
@@ -469,14 +490,15 @@ public final class NimbusJwtDecoder implements JwtDecoder {
 		}
 
 		/**
-		 * Use the given {@link Consumer} to customize the {@link JWTProcessor ConfigurableJWTProcessor} before
-		 * passing it to the build {@link NimbusJwtDecoder}.
-		 *
+		 * Use the given {@link Consumer} to customize the {@link JWTProcessor
+		 * ConfigurableJWTProcessor} before passing it to the build
+		 * {@link NimbusJwtDecoder}.
 		 * @param jwtProcessorCustomizer the callback used to alter the processor
 		 * @return a {@link PublicKeyJwtDecoderBuilder} for further configurations
 		 * @since 5.4
 		 */
-		public PublicKeyJwtDecoderBuilder jwtProcessorCustomizer(Consumer<ConfigurableJWTProcessor<SecurityContext>> jwtProcessorCustomizer) {
+		public PublicKeyJwtDecoderBuilder jwtProcessorCustomizer(
+				Consumer<ConfigurableJWTProcessor<SecurityContext>> jwtProcessorCustomizer) {
 			Assert.notNull(jwtProcessorCustomizer, "jwtProcessorCustomizer cannot be null");
 			this.jwtProcessorCustomizer = jwtProcessorCustomizer;
 			return this;
@@ -484,18 +506,18 @@ public final class NimbusJwtDecoder implements JwtDecoder {
 
 		JWTProcessor<SecurityContext> processor() {
 			if (!JWSAlgorithm.Family.RSA.contains(this.jwsAlgorithm)) {
-				throw new IllegalStateException("The provided key is of type RSA; " +
-						"however the signature algorithm is of some other type: " +
-						this.jwsAlgorithm + ". Please indicate one of RS256, RS384, or RS512.");
+				throw new IllegalStateException(
+						"The provided key is of type RSA; " + "however the signature algorithm is of some other type: "
+								+ this.jwsAlgorithm + ". Please indicate one of RS256, RS384, or RS512.");
 			}
 
-			JWSKeySelector<SecurityContext> jwsKeySelector =
-					new SingleKeyJWSKeySelector<>(this.jwsAlgorithm, this.key);
+			JWSKeySelector<SecurityContext> jwsKeySelector = new SingleKeyJWSKeySelector<>(this.jwsAlgorithm, this.key);
 			DefaultJWTProcessor<SecurityContext> jwtProcessor = new DefaultJWTProcessor<>();
 			jwtProcessor.setJWSKeySelector(jwsKeySelector);
 
 			// Spring Security validates the claim set independent from Nimbus
-			jwtProcessor.setJWTClaimsSetVerifier((claims, context) -> { });
+			jwtProcessor.setJWTClaimsSetVerifier((claims, context) -> {
+			});
 
 			this.jwtProcessorCustomizer.accept(jwtProcessor);
 
@@ -504,36 +526,41 @@ public final class NimbusJwtDecoder implements JwtDecoder {
 
 		/**
 		 * Build the configured {@link NimbusJwtDecoder}.
-		 *
 		 * @return the configured {@link NimbusJwtDecoder}
 		 */
 		public NimbusJwtDecoder build() {
 			return new NimbusJwtDecoder(processor());
 		}
+
 	}
 
 	/**
-	 * A builder for creating {@link NimbusJwtDecoder} instances based on a {@code SecretKey}.
+	 * A builder for creating {@link NimbusJwtDecoder} instances based on a
+	 * {@code SecretKey}.
 	 */
 	public static final class SecretKeyJwtDecoderBuilder {
+
 		private final SecretKey secretKey;
+
 		private JWSAlgorithm jwsAlgorithm = JWSAlgorithm.HS256;
+
 		private Consumer<ConfigurableJWTProcessor<SecurityContext>> jwtProcessorCustomizer;
 
 		private SecretKeyJwtDecoderBuilder(SecretKey secretKey) {
 			Assert.notNull(secretKey, "secretKey cannot be null");
 			this.secretKey = secretKey;
-			this.jwtProcessorCustomizer = (processor) -> {};
+			this.jwtProcessorCustomizer = (processor) -> {
+			};
 		}
 
 		/**
 		 * Use the given
-		 * <a href="https://tools.ietf.org/html/rfc7515#section-4.1.1" target="_blank">algorithm</a>
-		 * when generating the MAC.
+		 * <a href="https://tools.ietf.org/html/rfc7515#section-4.1.1" target=
+		 * "_blank">algorithm</a> when generating the MAC.
 		 *
 		 * The value should be one of
-		 * <a href="https://tools.ietf.org/html/rfc7518#section-3.2" target="_blank">HS256, HS384 or HS512</a>.
-		 *
+		 * <a href="https://tools.ietf.org/html/rfc7518#section-3.2" target=
+		 * "_blank">HS256, HS384 or HS512</a>.
 		 * @param macAlgorithm the MAC algorithm to use
 		 * @return a {@link SecretKeyJwtDecoderBuilder} for further configurations
 		 */
@@ -544,14 +571,15 @@ public final class NimbusJwtDecoder implements JwtDecoder {
 		}
 
 		/**
-		 * Use the given {@link Consumer} to customize the {@link JWTProcessor ConfigurableJWTProcessor} before
-		 * passing it to the build {@link NimbusJwtDecoder}.
-		 *
+		 * Use the given {@link Consumer} to customize the {@link JWTProcessor
+		 * ConfigurableJWTProcessor} before passing it to the build
+		 * {@link NimbusJwtDecoder}.
 		 * @param jwtProcessorCustomizer the callback used to alter the processor
 		 * @return a {@link SecretKeyJwtDecoderBuilder} for further configurations
 		 * @since 5.4
 		 */
-		public SecretKeyJwtDecoderBuilder jwtProcessorCustomizer(Consumer<ConfigurableJWTProcessor<SecurityContext>> jwtProcessorCustomizer) {
+		public SecretKeyJwtDecoderBuilder jwtProcessorCustomizer(
+				Consumer<ConfigurableJWTProcessor<SecurityContext>> jwtProcessorCustomizer) {
 			Assert.notNull(jwtProcessorCustomizer, "jwtProcessorCustomizer cannot be null");
 			this.jwtProcessorCustomizer = jwtProcessorCustomizer;
 			return this;
@@ -559,7 +587,6 @@ public final class NimbusJwtDecoder implements JwtDecoder {
 
 		/**
 		 * Build the configured {@link NimbusJwtDecoder}.
-		 *
 		 * @return the configured {@link NimbusJwtDecoder}
 		 */
 		public NimbusJwtDecoder build() {
@@ -567,17 +594,20 @@ public final class NimbusJwtDecoder implements JwtDecoder {
 		}
 
 		JWTProcessor<SecurityContext> processor() {
-			JWSKeySelector<SecurityContext> jwsKeySelector =
-					new SingleKeyJWSKeySelector<>(this.jwsAlgorithm, this.secretKey);
+			JWSKeySelector<SecurityContext> jwsKeySelector = new SingleKeyJWSKeySelector<>(this.jwsAlgorithm,
+					this.secretKey);
 			DefaultJWTProcessor<SecurityContext> jwtProcessor = new DefaultJWTProcessor<>();
 			jwtProcessor.setJWSKeySelector(jwsKeySelector);
 
 			// Spring Security validates the claim set independent from Nimbus
-			jwtProcessor.setJWTClaimsSetVerifier((claims, context) -> { });
+			jwtProcessor.setJWTClaimsSetVerifier((claims, context) -> {
+			});
 
 			this.jwtProcessorCustomizer.accept(jwtProcessor);
 
 			return jwtProcessor;
 		}
+
 	}
+
 }
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderJwkSupport.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderJwkSupport.java
index 8d698d01ae..c8b4f435a6 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderJwkSupport.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderJwkSupport.java
@@ -28,38 +28,43 @@ import java.util.Map;
 import static org.springframework.security.oauth2.jwt.NimbusJwtDecoder.withJwkSetUri;
 
 /**
- * An implementation of a {@link JwtDecoder} that "decodes" a
- * JSON Web Token (JWT) and additionally verifies it's digital signature if the JWT is a
- * JSON Web Signature (JWS). The public key used for verification is obtained from the
- * JSON Web Key (JWK) Set {@code URL} supplied via the constructor.
+ * An implementation of a {@link JwtDecoder} that "decodes" a JSON Web Token (JWT) and
+ * additionally verifies it's digital signature if the JWT is a JSON Web Signature (JWS).
+ * The public key used for verification is obtained from the JSON Web Key (JWK) Set
+ * {@code URL} supplied via the constructor.
  *
  * <p>
  * <b>NOTE:</b> This implementation uses the Nimbus JOSE + JWT SDK internally.
  *
  * @deprecated Use {@link NimbusJwtDecoder} or {@link JwtDecoders} instead
- *
  * @author Joe Grandja
  * @author Josh Cummings
  * @since 5.0
  * @see JwtDecoder
  * @see NimbusJwtDecoder
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc7519">JSON Web Token (JWT)</a>
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc7515">JSON Web Signature (JWS)</a>
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc7517">JSON Web Key (JWK)</a>
- * @see <a target="_blank" href="https://connect2id.com/products/nimbus-jose-jwt">Nimbus JOSE + JWT SDK</a>
+ * @see <a target="_blank" href="https://tools.ietf.org/html/rfc7519">JSON Web Token
+ * (JWT)</a>
+ * @see <a target="_blank" href="https://tools.ietf.org/html/rfc7515">JSON Web Signature
+ * (JWS)</a>
+ * @see <a target="_blank" href="https://tools.ietf.org/html/rfc7517">JSON Web Key
+ * (JWK)</a>
+ * @see <a target="_blank" href="https://connect2id.com/products/nimbus-jose-jwt">Nimbus
+ * JOSE + JWT SDK</a>
  */
 @Deprecated
 public final class NimbusJwtDecoderJwkSupport implements JwtDecoder {
+
 	private NimbusJwtDecoder.JwkSetUriJwtDecoderBuilder jwtDecoderBuilder;
+
 	private OAuth2TokenValidator<Jwt> jwtValidator = JwtValidators.createDefault();
-	private Converter<Map<String, Object>, Map<String, Object>> claimSetConverter =
-			MappedJwtClaimSetConverter.withDefaults(Collections.emptyMap());
+
+	private Converter<Map<String, Object>, Map<String, Object>> claimSetConverter = MappedJwtClaimSetConverter
+			.withDefaults(Collections.emptyMap());
 
 	private NimbusJwtDecoder delegate;
 
 	/**
 	 * Constructs a {@code NimbusJwtDecoderJwkSupport} using the provided parameters.
-	 *
 	 * @param jwkSetUrl the JSON Web Key (JWK) Set {@code URL}
 	 */
 	public NimbusJwtDecoderJwkSupport(String jwkSetUrl) {
@@ -68,9 +73,9 @@ public final class NimbusJwtDecoderJwkSupport implements JwtDecoder {
 
 	/**
 	 * Constructs a {@code NimbusJwtDecoderJwkSupport} using the provided parameters.
-	 *
 	 * @param jwkSetUrl the JSON Web Key (JWK) Set {@code URL}
-	 * @param jwsAlgorithm the JSON Web Algorithm (JWA) used for verifying the digital signatures
+	 * @param jwsAlgorithm the JSON Web Algorithm (JWA) used for verifying the digital
+	 * signatures
 	 */
 	public NimbusJwtDecoderJwkSupport(String jwkSetUrl, String jwsAlgorithm) {
 		Assert.hasText(jwkSetUrl, "jwkSetUrl cannot be empty");
@@ -94,7 +99,6 @@ public final class NimbusJwtDecoderJwkSupport implements JwtDecoder {
 
 	/**
 	 * Use this {@link Jwt} Validator
-	 *
 	 * @param jwtValidator - the Jwt Validator to use
 	 */
 	public void setJwtValidator(OAuth2TokenValidator<Jwt> jwtValidator) {
@@ -105,7 +109,6 @@ public final class NimbusJwtDecoderJwkSupport implements JwtDecoder {
 
 	/**
 	 * Use the following {@link Converter} for manipulating the JWT's claim set
-	 *
 	 * @param claimSetConverter the {@link Converter} to use
 	 */
 	public void setClaimSetConverter(Converter<Map<String, Object>, Map<String, Object>> claimSetConverter) {
@@ -118,11 +121,13 @@ public final class NimbusJwtDecoderJwkSupport implements JwtDecoder {
 	 * Sets the {@link RestOperations} used when requesting the JSON Web Key (JWK) Set.
 	 *
 	 * @since 5.1
-	 * @param restOperations the {@link RestOperations} used when requesting the JSON Web Key (JWK) Set
+	 * @param restOperations the {@link RestOperations} used when requesting the JSON Web
+	 * Key (JWK) Set
 	 */
 	public void setRestOperations(RestOperations restOperations) {
 		Assert.notNull(restOperations, "restOperations cannot be null");
 		this.jwtDecoderBuilder = this.jwtDecoderBuilder.restOperations(restOperations);
 		this.delegate = makeDelegate();
 	}
+
 }
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoder.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoder.java
index 9bbedfd306..2cbfbaf8ce 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoder.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoder.java
@@ -62,9 +62,9 @@ import java.util.function.Consumer;
 import java.util.function.Function;
 
 /**
- * An implementation of a {@link ReactiveJwtDecoder} that &quot;decodes&quot; a
- * JSON Web Token (JWT) and additionally verifies it's digital signature if the JWT is a
- * JSON Web Signature (JWS).
+ * An implementation of a {@link ReactiveJwtDecoder} that &quot;decodes&quot; a JSON Web
+ * Token (JWT) and additionally verifies it's digital signature if the JWT is a JSON Web
+ * Signature (JWS).
  *
  * <p>
  * <b>NOTE:</b> This implementation uses the Nimbus JOSE + JWT SDK internally.
@@ -73,21 +73,26 @@ import java.util.function.Function;
  * @author Joe Grandja
  * @since 5.1
  * @see ReactiveJwtDecoder
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc7519">JSON Web Token (JWT)</a>
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc7515">JSON Web Signature (JWS)</a>
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc7517">JSON Web Key (JWK)</a>
- * @see <a target="_blank" href="https://connect2id.com/products/nimbus-jose-jwt">Nimbus JOSE + JWT SDK</a>
+ * @see <a target="_blank" href="https://tools.ietf.org/html/rfc7519">JSON Web Token
+ * (JWT)</a>
+ * @see <a target="_blank" href="https://tools.ietf.org/html/rfc7515">JSON Web Signature
+ * (JWS)</a>
+ * @see <a target="_blank" href="https://tools.ietf.org/html/rfc7517">JSON Web Key
+ * (JWK)</a>
+ * @see <a target="_blank" href="https://connect2id.com/products/nimbus-jose-jwt">Nimbus
+ * JOSE + JWT SDK</a>
  */
 public final class NimbusReactiveJwtDecoder implements ReactiveJwtDecoder {
+
 	private final Converter<JWT, Mono<JWTClaimsSet>> jwtProcessor;
 
 	private OAuth2TokenValidator<Jwt> jwtValidator = JwtValidators.createDefault();
-	private Converter<Map<String, Object>, Map<String, Object>> claimSetConverter =
-			MappedJwtClaimSetConverter.withDefaults(Collections.emptyMap());
+
+	private Converter<Map<String, Object>, Map<String, Object>> claimSetConverter = MappedJwtClaimSetConverter
+			.withDefaults(Collections.emptyMap());
 
 	/**
 	 * Constructs a {@code NimbusReactiveJwtDecoder} using the provided parameters.
-	 *
 	 * @param jwkSetUrl the JSON Web Key (JWK) Set {@code URL}
 	 */
 	public NimbusReactiveJwtDecoder(String jwkSetUrl) {
@@ -96,7 +101,6 @@ public final class NimbusReactiveJwtDecoder implements ReactiveJwtDecoder {
 
 	/**
 	 * Constructs a {@code NimbusReactiveJwtDecoder} using the provided parameters.
-	 *
 	 * @param publicKey the {@code RSAPublicKey} used to verify the signature
 	 * @since 5.2
 	 */
@@ -106,8 +110,8 @@ public final class NimbusReactiveJwtDecoder implements ReactiveJwtDecoder {
 
 	/**
 	 * Constructs a {@code NimbusReactiveJwtDecoder} using the provided parameters.
-	 *
-	 * @param jwtProcessor the {@link Converter} used to process and verify the signed Jwt and return the Jwt Claim Set
+	 * @param jwtProcessor the {@link Converter} used to process and verify the signed Jwt
+	 * and return the Jwt Claim Set
 	 * @since 5.2
 	 */
 	public NimbusReactiveJwtDecoder(Converter<JWT, Mono<JWTClaimsSet>> jwtProcessor) {
@@ -116,7 +120,6 @@ public final class NimbusReactiveJwtDecoder implements ReactiveJwtDecoder {
 
 	/**
 	 * Use the provided {@link OAuth2TokenValidator} to validate incoming {@link Jwt}s.
-	 *
 	 * @param jwtValidator the {@link OAuth2TokenValidator} to use
 	 */
 	public void setJwtValidator(OAuth2TokenValidator<Jwt> jwtValidator) {
@@ -126,7 +129,6 @@ public final class NimbusReactiveJwtDecoder implements ReactiveJwtDecoder {
 
 	/**
 	 * Use the following {@link Converter} for manipulating the JWT's claim set
-	 *
 	 * @param claimSetConverter the {@link Converter} to use
 	 */
 	public void setClaimSetConverter(Converter<Map<String, Object>, Map<String, Object>> claimSetConverter) {
@@ -146,20 +148,22 @@ public final class NimbusReactiveJwtDecoder implements ReactiveJwtDecoder {
 	private JWT parse(String token) {
 		try {
 			return JWTParser.parse(token);
-		} catch (Exception ex) {
+		}
+		catch (Exception ex) {
 			throw new BadJwtException("An error occurred while attempting to decode the Jwt: " + ex.getMessage(), ex);
 		}
 	}
 
 	private Mono<Jwt> decode(JWT parsedToken) {
 		try {
-			return this.jwtProcessor.convert(parsedToken)
-				.map(set -> createJwt(parsedToken, set))
-				.map(this::validateJwt)
-				.onErrorMap(e -> !(e instanceof IllegalStateException) && !(e instanceof JwtException), e -> new JwtException("An error occurred while attempting to decode the Jwt: ", e));
-		} catch (JwtException ex) {
+			return this.jwtProcessor.convert(parsedToken).map(set -> createJwt(parsedToken, set)).map(this::validateJwt)
+					.onErrorMap(e -> !(e instanceof IllegalStateException) && !(e instanceof JwtException),
+							e -> new JwtException("An error occurred while attempting to decode the Jwt: ", e));
+		}
+		catch (JwtException ex) {
 			throw ex;
-		} catch (RuntimeException ex) {
+		}
+		catch (RuntimeException ex) {
 			throw new JwtException("An error occurred while attempting to decode the Jwt: " + ex.getMessage(), ex);
 		}
 	}
@@ -169,11 +173,10 @@ public final class NimbusReactiveJwtDecoder implements ReactiveJwtDecoder {
 			Map<String, Object> headers = new LinkedHashMap<>(parsedJwt.getHeader().toJSONObject());
 			Map<String, Object> claims = this.claimSetConverter.convert(jwtClaimsSet.getClaims());
 
-			return Jwt.withTokenValue(parsedJwt.getParsedString())
-					.headers(h -> h.putAll(headers))
-					.claims(c -> c.putAll(claims))
-					.build();
-		} catch (Exception ex) {
+			return Jwt.withTokenValue(parsedJwt.getParsedString()).headers(h -> h.putAll(headers))
+					.claims(c -> c.putAll(claims)).build();
+		}
+		catch (Exception ex) {
 			throw new BadJwtException("An error occurred while attempting to decode the Jwt: " + ex.getMessage(), ex);
 		}
 	}
@@ -196,9 +199,8 @@ public final class NimbusReactiveJwtDecoder implements ReactiveJwtDecoder {
 	}
 
 	/**
-	 * Use the given
-	 * <a href="https://tools.ietf.org/html/rfc7517#section-5">JWK Set</a> uri to validate JWTs.
-	 *
+	 * Use the given <a href="https://tools.ietf.org/html/rfc7517#section-5">JWK Set</a>
+	 * uri to validate JWTs.
 	 * @param jwkSetUri the JWK Set uri to use
 	 * @return a {@link JwkSetUriReactiveJwtDecoderBuilder} for further configurations
 	 *
@@ -210,7 +212,6 @@ public final class NimbusReactiveJwtDecoder implements ReactiveJwtDecoder {
 
 	/**
 	 * Use the given public key to validate JWTs
-	 *
 	 * @param key the public key to use
 	 * @return a {@link PublicKeyReactiveJwtDecoderBuilder} for further configurations
 	 *
@@ -222,7 +223,6 @@ public final class NimbusReactiveJwtDecoder implements ReactiveJwtDecoder {
 
 	/**
 	 * Use the given {@code SecretKey} to validate the MAC on a JSON Web Signature (JWS).
-	 *
 	 * @param secretKey the {@code SecretKey} used to validate the MAC
 	 * @return a {@link SecretKeyReactiveJwtDecoderBuilder} for further configurations
 	 *
@@ -234,7 +234,6 @@ public final class NimbusReactiveJwtDecoder implements ReactiveJwtDecoder {
 
 	/**
 	 * Use the given {@link Function} to validate JWTs
-	 *
 	 * @param source the {@link Function}
 	 * @return a {@link JwkSourceReactiveJwtDecoderBuilder} for further configurations
 	 *
@@ -246,27 +245,32 @@ public final class NimbusReactiveJwtDecoder implements ReactiveJwtDecoder {
 
 	/**
 	 * A builder for creating {@link NimbusReactiveJwtDecoder} instances based on a
-	 * <a target="_blank" href="https://tools.ietf.org/html/rfc7517#section-5">JWK Set</a> uri.
+	 * <a target="_blank" href="https://tools.ietf.org/html/rfc7517#section-5">JWK Set</a>
+	 * uri.
 	 *
 	 * @since 5.2
 	 */
 	public static final class JwkSetUriReactiveJwtDecoderBuilder {
+
 		private final String jwkSetUri;
+
 		private Set<SignatureAlgorithm> signatureAlgorithms = new HashSet<>();
+
 		private WebClient webClient = WebClient.create();
+
 		private Consumer<ConfigurableJWTProcessor<JWKSecurityContext>> jwtProcessorCustomizer;
 
 		private JwkSetUriReactiveJwtDecoderBuilder(String jwkSetUri) {
 			Assert.hasText(jwkSetUri, "jwkSetUri cannot be empty");
 			this.jwkSetUri = jwkSetUri;
-			this.jwtProcessorCustomizer = (processor) -> {};
+			this.jwtProcessorCustomizer = (processor) -> {
+			};
 		}
 
 		/**
 		 * Append the given signing
-		 * <a href="https://tools.ietf.org/html/rfc7515#section-4.1.1" target="_blank">algorithm</a>
-		 * to the set of algorithms to use.
-		 *
+		 * <a href="https://tools.ietf.org/html/rfc7515#section-4.1.1" target=
+		 * "_blank">algorithm</a> to the set of algorithms to use.
 		 * @param signatureAlgorithm the algorithm to use
 		 * @return a {@link JwkSetUriReactiveJwtDecoderBuilder} for further configurations
 		 */
@@ -278,24 +282,24 @@ public final class NimbusReactiveJwtDecoder implements ReactiveJwtDecoder {
 
 		/**
 		 * Configure the list of
-		 * <a href="https://tools.ietf.org/html/rfc7515#section-4.1.1" target="_blank">algorithms</a>
-		 * to use with the given {@link Consumer}.
-		 *
-		 * @param signatureAlgorithmsConsumer a {@link Consumer} for further configuring the algorithm list
+		 * <a href="https://tools.ietf.org/html/rfc7515#section-4.1.1" target=
+		 * "_blank">algorithms</a> to use with the given {@link Consumer}.
+		 * @param signatureAlgorithmsConsumer a {@link Consumer} for further configuring
+		 * the algorithm list
 		 * @return a {@link JwkSetUriReactiveJwtDecoderBuilder} for further configurations
 		 */
-		public JwkSetUriReactiveJwtDecoderBuilder jwsAlgorithms(Consumer<Set<SignatureAlgorithm>> signatureAlgorithmsConsumer) {
+		public JwkSetUriReactiveJwtDecoderBuilder jwsAlgorithms(
+				Consumer<Set<SignatureAlgorithm>> signatureAlgorithmsConsumer) {
 			Assert.notNull(signatureAlgorithmsConsumer, "signatureAlgorithmsConsumer cannot be null");
 			signatureAlgorithmsConsumer.accept(this.signatureAlgorithms);
 			return this;
 		}
 
 		/**
-		 * Use the given {@link WebClient} to coordinate with the authorization servers indicated in the
-		 * <a href="https://tools.ietf.org/html/rfc7517#section-5">JWK Set</a> uri
-		 * as well as the
-		 * <a href="https://openid.net/specs/openid-connect-core-1_0.html#IssuerIdentifier">Issuer</a>.
-		 *
+		 * Use the given {@link WebClient} to coordinate with the authorization servers
+		 * indicated in the <a href="https://tools.ietf.org/html/rfc7517#section-5">JWK
+		 * Set</a> uri as well as the <a href=
+		 * "https://openid.net/specs/openid-connect-core-1_0.html#IssuerIdentifier">Issuer</a>.
 		 * @param webClient
 		 * @return a {@link JwkSetUriReactiveJwtDecoderBuilder} for further configurations
 		 */
@@ -306,14 +310,15 @@ public final class NimbusReactiveJwtDecoder implements ReactiveJwtDecoder {
 		}
 
 		/**
-		 * Use the given {@link Consumer} to customize the {@link JWTProcessor ConfigurableJWTProcessor} before
-		 * passing it to the build {@link NimbusReactiveJwtDecoder}.
-		 *
+		 * Use the given {@link Consumer} to customize the {@link JWTProcessor
+		 * ConfigurableJWTProcessor} before passing it to the build
+		 * {@link NimbusReactiveJwtDecoder}.
 		 * @param jwtProcessorCustomizer the callback used to alter the processor
 		 * @return a {@link JwkSetUriReactiveJwtDecoderBuilder} for further configurations
 		 * @since 5.4
 		 */
-		public JwkSetUriReactiveJwtDecoderBuilder jwtProcessorCustomizer(Consumer<ConfigurableJWTProcessor<JWKSecurityContext>> jwtProcessorCustomizer) {
+		public JwkSetUriReactiveJwtDecoderBuilder jwtProcessorCustomizer(
+				Consumer<ConfigurableJWTProcessor<JWKSecurityContext>> jwtProcessorCustomizer) {
 			Assert.notNull(jwtProcessorCustomizer, "jwtProcessorCustomizer cannot be null");
 			this.jwtProcessorCustomizer = jwtProcessorCustomizer;
 			return this;
@@ -321,7 +326,6 @@ public final class NimbusReactiveJwtDecoder implements ReactiveJwtDecoder {
 
 		/**
 		 * Build the configured {@link NimbusReactiveJwtDecoder}.
-		 *
 		 * @return the configured {@link NimbusReactiveJwtDecoder}
 		 */
 		public NimbusReactiveJwtDecoder build() {
@@ -331,7 +335,8 @@ public final class NimbusReactiveJwtDecoder implements ReactiveJwtDecoder {
 		JWSKeySelector<JWKSecurityContext> jwsKeySelector(JWKSource<JWKSecurityContext> jwkSource) {
 			if (this.signatureAlgorithms.isEmpty()) {
 				return new JWSVerificationKeySelector<>(JWSAlgorithm.RS256, jwkSource);
-			} else {
+			}
+			else {
 				Set<JWSAlgorithm> jwsAlgorithms = new HashSet<>();
 				for (SignatureAlgorithm signatureAlgorithm : this.signatureAlgorithms) {
 					JWSAlgorithm jwsAlgorithm = JWSAlgorithm.parse(signatureAlgorithm.getName());
@@ -346,7 +351,8 @@ public final class NimbusReactiveJwtDecoder implements ReactiveJwtDecoder {
 			DefaultJWTProcessor<JWKSecurityContext> jwtProcessor = new DefaultJWTProcessor<>();
 			JWSKeySelector<JWKSecurityContext> jwsKeySelector = jwsKeySelector(jwkSource);
 			jwtProcessor.setJWSKeySelector(jwsKeySelector);
-			jwtProcessor.setJWTClaimsSetVerifier((claims, context) -> {});
+			jwtProcessor.setJWTClaimsSetVerifier((claims, context) -> {
+			});
 
 			this.jwtProcessorCustomizer.accept(jwtProcessor);
 
@@ -356,8 +362,7 @@ public final class NimbusReactiveJwtDecoder implements ReactiveJwtDecoder {
 			Function<JWSAlgorithm, Boolean> expectedJwsAlgorithms = getExpectedJwsAlgorithms(jwsKeySelector);
 			return jwt -> {
 				JWKSelector selector = createSelector(expectedJwsAlgorithms, jwt.getHeader());
-				return source.get(selector)
-						.onErrorMap(e -> new IllegalStateException("Could not obtain the keys", e))
+				return source.get(selector).onErrorMap(e -> new IllegalStateException("Could not obtain the keys", e))
 						.map(jwkList -> createClaimsSet(jwtProcessor, jwt, new JWKSecurityContext(jwkList)));
 			};
 		}
@@ -377,31 +382,37 @@ public final class NimbusReactiveJwtDecoder implements ReactiveJwtDecoder {
 
 			return new JWKSelector(JWKMatcher.forJWSHeader(jwsHeader));
 		}
+
 	}
 
 	/**
-	 * A builder for creating {@link NimbusReactiveJwtDecoder} instances based on a public key.
+	 * A builder for creating {@link NimbusReactiveJwtDecoder} instances based on a public
+	 * key.
 	 *
 	 * @since 5.2
 	 */
 	public static final class PublicKeyReactiveJwtDecoderBuilder {
+
 		private final RSAPublicKey key;
+
 		private JWSAlgorithm jwsAlgorithm;
+
 		private Consumer<ConfigurableJWTProcessor<SecurityContext>> jwtProcessorCustomizer;
 
 		private PublicKeyReactiveJwtDecoderBuilder(RSAPublicKey key) {
 			Assert.notNull(key, "key cannot be null");
 			this.key = key;
 			this.jwsAlgorithm = JWSAlgorithm.RS256;
-			this.jwtProcessorCustomizer = (processor) -> {};
+			this.jwtProcessorCustomizer = (processor) -> {
+			};
 		}
 
 		/**
 		 * Use the given signing
-		 * <a href="https://tools.ietf.org/html/rfc7515#section-4.1.1" target="_blank">algorithm</a>.
-		 * The value should be one of
-		 * <a href="https://tools.ietf.org/html/rfc7518#section-3.3" target="_blank">RS256, RS384, or RS512</a>.
-		 *
+		 * <a href="https://tools.ietf.org/html/rfc7515#section-4.1.1" target=
+		 * "_blank">algorithm</a>. The value should be one of
+		 * <a href="https://tools.ietf.org/html/rfc7518#section-3.3" target=
+		 * "_blank">RS256, RS384, or RS512</a>.
 		 * @param signatureAlgorithm the algorithm to use
 		 * @return a {@link PublicKeyReactiveJwtDecoderBuilder} for further configurations
 		 */
@@ -412,14 +423,15 @@ public final class NimbusReactiveJwtDecoder implements ReactiveJwtDecoder {
 		}
 
 		/**
-		 * Use the given {@link Consumer} to customize the {@link JWTProcessor ConfigurableJWTProcessor} before
-		 * passing it to the build {@link NimbusReactiveJwtDecoder}.
-		 *
+		 * Use the given {@link Consumer} to customize the {@link JWTProcessor
+		 * ConfigurableJWTProcessor} before passing it to the build
+		 * {@link NimbusReactiveJwtDecoder}.
 		 * @param jwtProcessorCustomizer the callback used to alter the processor
 		 * @return a {@link PublicKeyReactiveJwtDecoderBuilder} for further configurations
 		 * @since 5.4
 		 */
-		public PublicKeyReactiveJwtDecoderBuilder jwtProcessorCustomizer(Consumer<ConfigurableJWTProcessor<SecurityContext>> jwtProcessorCustomizer) {
+		public PublicKeyReactiveJwtDecoderBuilder jwtProcessorCustomizer(
+				Consumer<ConfigurableJWTProcessor<SecurityContext>> jwtProcessorCustomizer) {
 			Assert.notNull(jwtProcessorCustomizer, "jwtProcessorCustomizer cannot be null");
 			this.jwtProcessorCustomizer = jwtProcessorCustomizer;
 			return this;
@@ -427,7 +439,6 @@ public final class NimbusReactiveJwtDecoder implements ReactiveJwtDecoder {
 
 		/**
 		 * Build the configured {@link NimbusReactiveJwtDecoder}.
-		 *
 		 * @return the configured {@link NimbusReactiveJwtDecoder}
 		 */
 		public NimbusReactiveJwtDecoder build() {
@@ -436,49 +447,55 @@ public final class NimbusReactiveJwtDecoder implements ReactiveJwtDecoder {
 
 		Converter<JWT, Mono<JWTClaimsSet>> processor() {
 			if (!JWSAlgorithm.Family.RSA.contains(this.jwsAlgorithm)) {
-				throw new IllegalStateException("The provided key is of type RSA; " +
-						"however the signature algorithm is of some other type: " +
-						this.jwsAlgorithm + ". Please indicate one of RS256, RS384, or RS512.");
+				throw new IllegalStateException(
+						"The provided key is of type RSA; " + "however the signature algorithm is of some other type: "
+								+ this.jwsAlgorithm + ". Please indicate one of RS256, RS384, or RS512.");
 			}
 
-			JWSKeySelector<SecurityContext> jwsKeySelector =
-					new SingleKeyJWSKeySelector<>(this.jwsAlgorithm, this.key);
+			JWSKeySelector<SecurityContext> jwsKeySelector = new SingleKeyJWSKeySelector<>(this.jwsAlgorithm, this.key);
 			DefaultJWTProcessor<SecurityContext> jwtProcessor = new DefaultJWTProcessor<>();
 			jwtProcessor.setJWSKeySelector(jwsKeySelector);
 
 			// Spring Security validates the claim set independent from Nimbus
-			jwtProcessor.setJWTClaimsSetVerifier((claims, context) -> { });
+			jwtProcessor.setJWTClaimsSetVerifier((claims, context) -> {
+			});
 
 			this.jwtProcessorCustomizer.accept(jwtProcessor);
 
 			return jwt -> Mono.just(createClaimsSet(jwtProcessor, jwt, null));
 		}
+
 	}
 
 	/**
-	 * A builder for creating {@link NimbusReactiveJwtDecoder} instances based on a {@code SecretKey}.
+	 * A builder for creating {@link NimbusReactiveJwtDecoder} instances based on a
+	 * {@code SecretKey}.
 	 *
 	 * @since 5.2
 	 */
 	public static final class SecretKeyReactiveJwtDecoderBuilder {
+
 		private final SecretKey secretKey;
+
 		private JWSAlgorithm jwsAlgorithm = JWSAlgorithm.HS256;
+
 		private Consumer<ConfigurableJWTProcessor<SecurityContext>> jwtProcessorCustomizer;
 
 		private SecretKeyReactiveJwtDecoderBuilder(SecretKey secretKey) {
 			Assert.notNull(secretKey, "secretKey cannot be null");
 			this.secretKey = secretKey;
-			this.jwtProcessorCustomizer = (processor) -> {};
+			this.jwtProcessorCustomizer = (processor) -> {
+			};
 		}
 
 		/**
 		 * Use the given
-		 * <a href="https://tools.ietf.org/html/rfc7515#section-4.1.1" target="_blank">algorithm</a>
-		 * when generating the MAC.
+		 * <a href="https://tools.ietf.org/html/rfc7515#section-4.1.1" target=
+		 * "_blank">algorithm</a> when generating the MAC.
 		 *
 		 * The value should be one of
-		 * <a href="https://tools.ietf.org/html/rfc7518#section-3.2" target="_blank">HS256, HS384 or HS512</a>.
-		 *
+		 * <a href="https://tools.ietf.org/html/rfc7518#section-3.2" target=
+		 * "_blank">HS256, HS384 or HS512</a>.
 		 * @param macAlgorithm the MAC algorithm to use
 		 * @return a {@link SecretKeyReactiveJwtDecoderBuilder} for further configurations
 		 */
@@ -489,14 +506,15 @@ public final class NimbusReactiveJwtDecoder implements ReactiveJwtDecoder {
 		}
 
 		/**
-		 * Use the given {@link Consumer} to customize the {@link JWTProcessor ConfigurableJWTProcessor} before
-		 * passing it to the build {@link NimbusReactiveJwtDecoder}.
-		 *
+		 * Use the given {@link Consumer} to customize the {@link JWTProcessor
+		 * ConfigurableJWTProcessor} before passing it to the build
+		 * {@link NimbusReactiveJwtDecoder}.
 		 * @param jwtProcessorCustomizer the callback used to alter the processor
 		 * @return a {@link SecretKeyReactiveJwtDecoderBuilder} for further configurations
 		 * @since 5.4
 		 */
-		public SecretKeyReactiveJwtDecoderBuilder jwtProcessorCustomizer(Consumer<ConfigurableJWTProcessor<SecurityContext>> jwtProcessorCustomizer) {
+		public SecretKeyReactiveJwtDecoderBuilder jwtProcessorCustomizer(
+				Consumer<ConfigurableJWTProcessor<SecurityContext>> jwtProcessorCustomizer) {
 			Assert.notNull(jwtProcessorCustomizer, "jwtProcessorCustomizer cannot be null");
 			this.jwtProcessorCustomizer = jwtProcessorCustomizer;
 			return this;
@@ -504,7 +522,6 @@ public final class NimbusReactiveJwtDecoder implements ReactiveJwtDecoder {
 
 		/**
 		 * Build the configured {@link NimbusReactiveJwtDecoder}.
-		 *
 		 * @return the configured {@link NimbusReactiveJwtDecoder}
 		 */
 		public NimbusReactiveJwtDecoder build() {
@@ -512,18 +529,20 @@ public final class NimbusReactiveJwtDecoder implements ReactiveJwtDecoder {
 		}
 
 		Converter<JWT, Mono<JWTClaimsSet>> processor() {
-			JWSKeySelector<SecurityContext> jwsKeySelector =
-					new SingleKeyJWSKeySelector<>(this.jwsAlgorithm, this.secretKey);
+			JWSKeySelector<SecurityContext> jwsKeySelector = new SingleKeyJWSKeySelector<>(this.jwsAlgorithm,
+					this.secretKey);
 			DefaultJWTProcessor<SecurityContext> jwtProcessor = new DefaultJWTProcessor<>();
 			jwtProcessor.setJWSKeySelector(jwsKeySelector);
 
 			// Spring Security validates the claim set independent from Nimbus
-			jwtProcessor.setJWTClaimsSetVerifier((claims, context) -> { });
+			jwtProcessor.setJWTClaimsSetVerifier((claims, context) -> {
+			});
 
 			this.jwtProcessorCustomizer.accept(jwtProcessor);
 
 			return jwt -> Mono.just(createClaimsSet(jwtProcessor, jwt, null));
 		}
+
 	}
 
 	/**
@@ -532,20 +551,24 @@ public final class NimbusReactiveJwtDecoder implements ReactiveJwtDecoder {
 	 * @since 5.2
 	 */
 	public static final class JwkSourceReactiveJwtDecoderBuilder {
+
 		private final Function<SignedJWT, Flux<JWK>> jwkSource;
+
 		private JWSAlgorithm jwsAlgorithm = JWSAlgorithm.RS256;
+
 		private Consumer<ConfigurableJWTProcessor<JWKSecurityContext>> jwtProcessorCustomizer;
 
 		private JwkSourceReactiveJwtDecoderBuilder(Function<SignedJWT, Flux<JWK>> jwkSource) {
 			Assert.notNull(jwkSource, "jwkSource cannot be null");
 			this.jwkSource = jwkSource;
-			this.jwtProcessorCustomizer = (processor) -> {};
+			this.jwtProcessorCustomizer = (processor) -> {
+			};
 		}
 
 		/**
 		 * Use the given signing
-		 * <a href="https://tools.ietf.org/html/rfc7515#section-4.1.1" target="_blank">algorithm</a>.
-		 *
+		 * <a href="https://tools.ietf.org/html/rfc7515#section-4.1.1" target=
+		 * "_blank">algorithm</a>.
 		 * @param jwsAlgorithm the algorithm to use
 		 * @return a {@link JwkSourceReactiveJwtDecoderBuilder} for further configurations
 		 */
@@ -556,14 +579,15 @@ public final class NimbusReactiveJwtDecoder implements ReactiveJwtDecoder {
 		}
 
 		/**
-		 * Use the given {@link Consumer} to customize the {@link JWTProcessor ConfigurableJWTProcessor} before
-		 * passing it to the build {@link NimbusReactiveJwtDecoder}.
-		 *
+		 * Use the given {@link Consumer} to customize the {@link JWTProcessor
+		 * ConfigurableJWTProcessor} before passing it to the build
+		 * {@link NimbusReactiveJwtDecoder}.
 		 * @param jwtProcessorCustomizer the callback used to alter the processor
 		 * @return a {@link JwkSourceReactiveJwtDecoderBuilder} for further configurations
 		 * @since 5.4
 		 */
-		public JwkSourceReactiveJwtDecoderBuilder jwtProcessorCustomizer(Consumer<ConfigurableJWTProcessor<JWKSecurityContext>> jwtProcessorCustomizer) {
+		public JwkSourceReactiveJwtDecoderBuilder jwtProcessorCustomizer(
+				Consumer<ConfigurableJWTProcessor<JWKSecurityContext>> jwtProcessorCustomizer) {
 			Assert.notNull(jwtProcessorCustomizer, "jwtProcessorCustomizer cannot be null");
 			this.jwtProcessorCustomizer = jwtProcessorCustomizer;
 			return this;
@@ -571,7 +595,6 @@ public final class NimbusReactiveJwtDecoder implements ReactiveJwtDecoder {
 
 		/**
 		 * Build the configured {@link NimbusReactiveJwtDecoder}.
-		 *
 		 * @return the configured {@link NimbusReactiveJwtDecoder}
 		 */
 		public NimbusReactiveJwtDecoder build() {
@@ -580,28 +603,29 @@ public final class NimbusReactiveJwtDecoder implements ReactiveJwtDecoder {
 
 		Converter<JWT, Mono<JWTClaimsSet>> processor() {
 			JWKSecurityContextJWKSet jwkSource = new JWKSecurityContextJWKSet();
-			JWSKeySelector<JWKSecurityContext> jwsKeySelector =
-					new JWSVerificationKeySelector<>(this.jwsAlgorithm, jwkSource);
+			JWSKeySelector<JWKSecurityContext> jwsKeySelector = new JWSVerificationKeySelector<>(this.jwsAlgorithm,
+					jwkSource);
 			DefaultJWTProcessor<JWKSecurityContext> jwtProcessor = new DefaultJWTProcessor<>();
 			jwtProcessor.setJWSKeySelector(jwsKeySelector);
-			jwtProcessor.setJWTClaimsSetVerifier((claims, context) -> {});
+			jwtProcessor.setJWTClaimsSetVerifier((claims, context) -> {
+			});
 
 			this.jwtProcessorCustomizer.accept(jwtProcessor);
 
 			return jwt -> {
 				if (jwt instanceof SignedJWT) {
 					return this.jwkSource.apply((SignedJWT) jwt)
-							.onErrorMap(e -> new IllegalStateException("Could not obtain the keys", e))
-							.collectList()
+							.onErrorMap(e -> new IllegalStateException("Could not obtain the keys", e)).collectList()
 							.map(jwks -> createClaimsSet(jwtProcessor, jwt, new JWKSecurityContext(jwks)));
 				}
 				throw new BadJwtException("Unsupported algorithm of " + jwt.getHeader().getAlgorithm());
 			};
 		}
+
 	}
 
 	private static <C extends SecurityContext> JWTClaimsSet createClaimsSet(JWTProcessor<C> jwtProcessor,
-																			JWT parsedToken, C context) {
+			JWT parsedToken, C context) {
 		try {
 			return jwtProcessor.process(parsedToken, context);
 		}
@@ -612,4 +636,5 @@ public final class NimbusReactiveJwtDecoder implements ReactiveJwtDecoder {
 			throw new JwtException("Failed to validate the token", e);
 		}
 	}
+
 }
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveJWKSource.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveJWKSource.java
index 7ffbbc7a82..a13866f122 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveJWKSource.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveJWKSource.java
@@ -24,9 +24,12 @@ import java.util.List;
 
 /**
  * A reactive version of {@link com.nimbusds.jose.jwk.source.JWKSource}
+ *
  * @author Rob Winch
  * @since 5.1
  */
 interface ReactiveJWKSource {
+
 	Mono<List<JWK>> get(JWKSelector jwkSelector);
+
 }
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveJWKSourceAdapter.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveJWKSourceAdapter.java
index 784688e05d..24da1b0984 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveJWKSourceAdapter.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveJWKSourceAdapter.java
@@ -26,10 +26,12 @@ import java.util.List;
 
 /**
  * Adapts a {@link JWKSource} to a {@link ReactiveJWKSource} which must be non-blocking.
+ *
  * @author Rob Winch
  * @since 5.1
  */
 class ReactiveJWKSourceAdapter implements ReactiveJWKSource {
+
 	private final JWKSource<SecurityContext> source;
 
 	/**
@@ -44,4 +46,5 @@ class ReactiveJWKSourceAdapter implements ReactiveJWKSource {
 	public Mono<List<JWK>> get(JWKSelector jwkSelector) {
 		return Mono.fromCallable(() -> this.source.get(jwkSelector, null));
 	}
+
 }
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveJwtDecoder.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveJwtDecoder.java
index 7f7431e49c..7f94e310e6 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveJwtDecoder.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveJwtDecoder.java
@@ -18,30 +18,35 @@ package org.springframework.security.oauth2.jwt;
 import reactor.core.publisher.Mono;
 
 /**
- * Implementations of this interface are responsible for &quot;decoding&quot;
- * a JSON Web Token (JWT) from it's compact claims representation format to a {@link Jwt}.
+ * Implementations of this interface are responsible for &quot;decoding&quot; a JSON Web
+ * Token (JWT) from it's compact claims representation format to a {@link Jwt}.
  *
  * <p>
- * JWTs may be represented using the JWS Compact Serialization format for a
- * JSON Web Signature (JWS) structure or JWE Compact Serialization format for a
- * JSON Web Encryption (JWE) structure. Therefore, implementors are responsible
- * for verifying a JWS and/or decrypting a JWE.
+ * JWTs may be represented using the JWS Compact Serialization format for a JSON Web
+ * Signature (JWS) structure or JWE Compact Serialization format for a JSON Web Encryption
+ * (JWE) structure. Therefore, implementors are responsible for verifying a JWS and/or
+ * decrypting a JWE.
  *
  * @author Rob Winch
  * @since 5.1
  * @see Jwt
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc7519">JSON Web Token (JWT)</a>
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc7515">JSON Web Signature (JWS)</a>
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc7516">JSON Web Encryption (JWE)</a>
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc7515#section-3.1">JWS Compact Serialization</a>
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc7516#section-3.1">JWE Compact Serialization</a>
+ * @see <a target="_blank" href="https://tools.ietf.org/html/rfc7519">JSON Web Token
+ * (JWT)</a>
+ * @see <a target="_blank" href="https://tools.ietf.org/html/rfc7515">JSON Web Signature
+ * (JWS)</a>
+ * @see <a target="_blank" href="https://tools.ietf.org/html/rfc7516">JSON Web Encryption
+ * (JWE)</a>
+ * @see <a target="_blank" href="https://tools.ietf.org/html/rfc7515#section-3.1">JWS
+ * Compact Serialization</a>
+ * @see <a target="_blank" href="https://tools.ietf.org/html/rfc7516#section-3.1">JWE
+ * Compact Serialization</a>
  */
 @FunctionalInterface
 public interface ReactiveJwtDecoder {
 
 	/**
-	 * Decodes the JWT from it's compact claims representation format and returns a {@link Jwt}.
-	 *
+	 * Decodes the JWT from it's compact claims representation format and returns a
+	 * {@link Jwt}.
 	 * @param token the JWT value
 	 * @return a {@link Jwt}
 	 * @throws JwtException if an error occurs while attempting to decode the JWT
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveJwtDecoderFactory.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveJwtDecoderFactory.java
index cc93890fc5..61b1ce0ac2 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveJwtDecoderFactory.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveJwtDecoderFactory.java
@@ -16,22 +16,21 @@
 package org.springframework.security.oauth2.jwt;
 
 /**
- * A factory for {@link ReactiveJwtDecoder}(s).
- * This factory should be supplied with a type that provides
- * contextual information used to create a specific {@code ReactiveJwtDecoder}.
+ * A factory for {@link ReactiveJwtDecoder}(s). This factory should be supplied with a
+ * type that provides contextual information used to create a specific
+ * {@code ReactiveJwtDecoder}.
  *
  * @author Joe Grandja
  * @since 5.2
  * @see ReactiveJwtDecoder
- *
- * @param <C> The type that provides contextual information used to create a specific {@code ReactiveJwtDecoder}.
+ * @param <C> The type that provides contextual information used to create a specific
+ * {@code ReactiveJwtDecoder}.
  */
 @FunctionalInterface
 public interface ReactiveJwtDecoderFactory<C> {
 
 	/**
 	 * Creates a {@code ReactiveJwtDecoder} using the supplied "contextual" type.
-	 *
 	 * @param context the type that provides contextual information
 	 * @return a {@link ReactiveJwtDecoder}
 	 */
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveJwtDecoders.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveJwtDecoders.java
index d062b515cf..702ca0eaef 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveJwtDecoders.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveJwtDecoders.java
@@ -23,10 +23,11 @@ import org.springframework.util.Assert;
 import static org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder.withJwkSetUri;
 
 /**
- * Allows creating a {@link ReactiveJwtDecoder} from an
- * <a href="https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig">OpenID Provider Configuration</a> or
- * <a href="https://tools.ietf.org/html/rfc8414#section-3.1">Authorization Server Metadata Request</a> based on provided
- * issuer and method invoked.
+ * Allows creating a {@link ReactiveJwtDecoder} from an <a href=
+ * "https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig">OpenID
+ * Provider Configuration</a> or
+ * <a href="https://tools.ietf.org/html/rfc8414#section-3.1">Authorization Server Metadata
+ * Request</a> based on provided issuer and method invoked.
  *
  * @author Josh Cummings
  * @since 5.1
@@ -34,68 +35,70 @@ import static org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder.w
 public final class ReactiveJwtDecoders {
 
 	/**
-	 * Creates a {@link ReactiveJwtDecoder} using the provided
-	 * <a href="https://openid.net/specs/openid-connect-core-1_0.html#IssuerIdentifier">Issuer</a> by making an
-	 * <a href="https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationRequest">OpenID Provider
-	 * Configuration Request</a> and using the values in the
-	 * <a href="https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationResponse">OpenID
+	 * Creates a {@link ReactiveJwtDecoder} using the provided <a href=
+	 * "https://openid.net/specs/openid-connect-core-1_0.html#IssuerIdentifier">Issuer</a>
+	 * by making an <a href=
+	 * "https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationRequest">OpenID
+	 * Provider Configuration Request</a> and using the values in the <a href=
+	 * "https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationResponse">OpenID
 	 * Provider Configuration Response</a> to initialize the {@link ReactiveJwtDecoder}.
-	 *
-	 * @param oidcIssuerLocation the <a href="https://openid.net/specs/openid-connect-core-1_0.html#IssuerIdentifier">Issuer</a>
-	 * @return a {@link ReactiveJwtDecoder} that was initialized by the OpenID Provider Configuration.
+	 * @param oidcIssuerLocation the <a href=
+	 * "https://openid.net/specs/openid-connect-core-1_0.html#IssuerIdentifier">Issuer</a>
+	 * @return a {@link ReactiveJwtDecoder} that was initialized by the OpenID Provider
+	 * Configuration.
 	 */
 	public static ReactiveJwtDecoder fromOidcIssuerLocation(String oidcIssuerLocation) {
 		Assert.hasText(oidcIssuerLocation, "oidcIssuerLocation cannot be empty");
-		Map<String, Object> configuration = JwtDecoderProviderConfigurationUtils.getConfigurationForOidcIssuerLocation(oidcIssuerLocation);
+		Map<String, Object> configuration = JwtDecoderProviderConfigurationUtils
+				.getConfigurationForOidcIssuerLocation(oidcIssuerLocation);
 		return withProviderConfiguration(configuration, oidcIssuerLocation);
 	}
 
 	/**
-	 * Creates a {@link ReactiveJwtDecoder} using the provided
-	 * <a href="https://openid.net/specs/openid-connect-core-1_0.html#IssuerIdentifier">Issuer</a> by querying
-	 * three different discovery endpoints serially, using the values in the first successful response to
-	 * initialize. If an endpoint returns anything other than a 200 or a 4xx, the method will exit without
-	 * attempting subsequent endpoints.
+	 * Creates a {@link ReactiveJwtDecoder} using the provided <a href=
+	 * "https://openid.net/specs/openid-connect-core-1_0.html#IssuerIdentifier">Issuer</a>
+	 * by querying three different discovery endpoints serially, using the values in the
+	 * first successful response to initialize. If an endpoint returns anything other than
+	 * a 200 or a 4xx, the method will exit without attempting subsequent endpoints.
 	 *
-	 * The three endpoints are computed as follows, given that the {@code issuer} is composed of a {@code host}
-	 * and a {@code path}:
+	 * The three endpoints are computed as follows, given that the {@code issuer} is
+	 * composed of a {@code host} and a {@code path}:
 	 *
 	 * <ol>
-	 * 	<li>
-	 * 	   {@code host/.well-known/openid-configuration/path}, as defined in
-	 * 	   <a href="https://tools.ietf.org/html/rfc8414#section-5">RFC 8414's Compatibility Notes</a>.
-	 *  </li>
-	 *  <li>
-	 *      {@code issuer/.well-known/openid-configuration}, as defined in
-	 *  	<a href="https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationRequest">
-	 * 	    OpenID Provider Configuration</a>.
-	 *  </li>
-	 *  <li>
-	 *      {@code host/.well-known/oauth-authorization-server/path}, as defined in
-	 *  	<a href="https://tools.ietf.org/html/rfc8414#section-3.1">Authorization Server Metadata Request</a>.
-	 *  </li>
+	 * <li>{@code host/.well-known/openid-configuration/path}, as defined in
+	 * <a href="https://tools.ietf.org/html/rfc8414#section-5">RFC 8414's Compatibility
+	 * Notes</a>.</li>
+	 * <li>{@code issuer/.well-known/openid-configuration}, as defined in <a href=
+	 * "https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationRequest">
+	 * OpenID Provider Configuration</a>.</li>
+	 * <li>{@code host/.well-known/oauth-authorization-server/path}, as defined in
+	 * <a href="https://tools.ietf.org/html/rfc8414#section-3.1">Authorization Server
+	 * Metadata Request</a>.</li>
 	 * </ol>
 	 *
 	 * Note that the second endpoint is the equivalent of calling
 	 * {@link ReactiveJwtDecoders#fromOidcIssuerLocation(String)}
-	 *
-	 * @param issuer the <a href="https://openid.net/specs/openid-connect-core-1_0.html#IssuerIdentifier">Issuer</a>
-	 * @return a {@link ReactiveJwtDecoder} that was initialized by one of the described endpoints
+	 * @param issuer the <a href=
+	 * "https://openid.net/specs/openid-connect-core-1_0.html#IssuerIdentifier">Issuer</a>
+	 * @return a {@link ReactiveJwtDecoder} that was initialized by one of the described
+	 * endpoints
 	 */
 	public static ReactiveJwtDecoder fromIssuerLocation(String issuer) {
 		Assert.hasText(issuer, "issuer cannot be empty");
-		Map<String, Object> configuration = JwtDecoderProviderConfigurationUtils.getConfigurationForIssuerLocation(issuer);
+		Map<String, Object> configuration = JwtDecoderProviderConfigurationUtils
+				.getConfigurationForIssuerLocation(issuer);
 		return withProviderConfiguration(configuration, issuer);
 	}
 
 	/**
-	 * Build {@link ReactiveJwtDecoder} from
-	 * <a href="https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationResponse">OpenID Provider
-	 * Configuration Response</a> and <a href="https://tools.ietf.org/html/rfc8414#section-3.2">Authorization Server Metadata
-	 * Response</a>.
-	 *
+	 * Build {@link ReactiveJwtDecoder} from <a href=
+	 * "https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationResponse">OpenID
+	 * Provider Configuration Response</a> and
+	 * <a href="https://tools.ietf.org/html/rfc8414#section-3.2">Authorization Server
+	 * Metadata Response</a>.
 	 * @param configuration the configuration values
-	 * @param issuer the <a href="https://openid.net/specs/openid-connect-core-1_0.html#IssuerIdentifier">Issuer</a>
+	 * @param issuer the <a href=
+	 * "https://openid.net/specs/openid-connect-core-1_0.html#IssuerIdentifier">Issuer</a>
 	 * @return {@link ReactiveJwtDecoder}
 	 */
 	private static ReactiveJwtDecoder withProviderConfiguration(Map<String, Object> configuration, String issuer) {
@@ -107,5 +110,7 @@ public final class ReactiveJwtDecoders {
 		return jwtDecoder;
 	}
 
-	private ReactiveJwtDecoders() {}
+	private ReactiveJwtDecoders() {
+	}
+
 }
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveRemoteJWKSource.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveRemoteJWKSource.java
index 36c4e47703..922a279ee2 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveRemoteJWKSource.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveRemoteJWKSource.java
@@ -37,6 +37,7 @@ import org.springframework.web.reactive.function.client.WebClient;
  * @since 5.1
  */
 class ReactiveRemoteJWKSource implements ReactiveJWKSource {
+
 	/**
 	 * The cached JWK set.
 	 */
@@ -52,8 +53,7 @@ class ReactiveRemoteJWKSource implements ReactiveJWKSource {
 	}
 
 	public Mono<List<JWK>> get(JWKSelector jwkSelector) {
-		return this.cachedJWKSet.get()
-				.switchIfEmpty(Mono.defer(() -> getJWKSet()))
+		return this.cachedJWKSet.get().switchIfEmpty(Mono.defer(() -> getJWKSet()))
 				.flatMap(jwkSet -> get(jwkSelector, jwkSet))
 				.switchIfEmpty(Mono.defer(() -> getJWKSet().map(jwkSet -> jwkSelector.select(jwkSet))));
 	}
@@ -90,19 +90,12 @@ class ReactiveRemoteJWKSource implements ReactiveJWKSource {
 
 	/**
 	 * Updates the cached JWK set from the configured URL.
-	 *
 	 * @return The updated JWK set.
-	 *
 	 * @throws RemoteKeySourceException If JWK retrieval failed.
 	 */
 	private Mono<JWKSet> getJWKSet() {
-		return this.webClient.get()
-				.uri(this.jwkSetURL)
-				.retrieve()
-				.bodyToMono(String.class)
-				.map(this::parse)
-				.doOnNext(jwkSet -> this.cachedJWKSet.set(Mono.just(jwkSet)))
-				.cache();
+		return this.webClient.get().uri(this.jwkSetURL).retrieve().bodyToMono(String.class).map(this::parse)
+				.doOnNext(jwkSet -> this.cachedJWKSet.set(Mono.just(jwkSet))).cache();
 	}
 
 	private JWKSet parse(String body) {
@@ -116,9 +109,7 @@ class ReactiveRemoteJWKSource implements ReactiveJWKSource {
 
 	/**
 	 * Returns the first specified key ID (kid) for a JWK matcher.
-	 *
 	 * @param jwkMatcher The JWK matcher. Must not be {@code null}.
-	 *
 	 * @return The first key ID, {@code null} if none.
 	 */
 	protected static String getFirstSpecifiedKeyID(final JWKMatcher jwkMatcher) {
@@ -129,7 +120,7 @@ class ReactiveRemoteJWKSource implements ReactiveJWKSource {
 			return null;
 		}
 
-		for (String id: keyIDs) {
+		for (String id : keyIDs) {
 			if (id != null) {
 				return id;
 			}
@@ -140,4 +131,5 @@ class ReactiveRemoteJWKSource implements ReactiveJWKSource {
 	public void setWebClient(WebClient webClient) {
 		this.webClient = webClient;
 	}
+
 }
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/SingleKeyJWSKeySelector.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/SingleKeyJWSKeySelector.java
index 4111a2866e..677e06ed60 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/SingleKeyJWSKeySelector.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/SingleKeyJWSKeySelector.java
@@ -34,7 +34,9 @@ import org.springframework.util.Assert;
  * @since 5.2
  */
 final class SingleKeyJWSKeySelector<C extends SecurityContext> implements JWSKeySelector<C> {
+
 	private final List<Key> keySet;
+
 	private final JWSAlgorithm expectedJwsAlgorithm;
 
 	SingleKeyJWSKeySelector(JWSAlgorithm expectedJwsAlgorithm, Key key) {
@@ -51,4 +53,5 @@ final class SingleKeyJWSKeySelector<C extends SecurityContext> implements JWSKey
 		}
 		return this.keySet;
 	}
+
 }
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jose/TestKeys.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jose/TestKeys.java
index 555d92b347..4871860b55 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jose/TestKeys.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jose/TestKeys.java
@@ -31,29 +31,29 @@ import javax.crypto.spec.SecretKeySpec;
  * @since 5.2
  */
 public class TestKeys {
+
 	public static final KeyFactory kf;
 
 	static {
 		try {
 			kf = KeyFactory.getInstance("RSA");
-		} catch (NoSuchAlgorithmException e) {
+		}
+		catch (NoSuchAlgorithmException e) {
 			throw new IllegalStateException(e);
 		}
 	}
 
 	public static final String DEFAULT_ENCODED_SECRET_KEY = "bCzY/M48bbkwBEWjmNSIEPfwApcvXOnkCxORBEbPr+4=";
 
-	public static final SecretKey DEFAULT_SECRET_KEY =
-			new SecretKeySpec(Base64.getDecoder().decode(DEFAULT_ENCODED_SECRET_KEY), "AES");
+	public static final SecretKey DEFAULT_SECRET_KEY = new SecretKeySpec(
+			Base64.getDecoder().decode(DEFAULT_ENCODED_SECRET_KEY), "AES");
 
-	public static final String DEFAULT_RSA_PUBLIC_KEY =
-			"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3FlqJr5TRskIQIgdE3Dd" +
-			"7D9lboWdcTUT8a+fJR7MAvQm7XXNoYkm3v7MQL1NYtDvL2l8CAnc0WdSTINU6IRv" +
-			"c5Kqo2Q4csNX9SHOmEfzoROjQqahEcve1jBXluoCXdYuYpx4/1tfRgG6ii4Uhxh6" +
-			"iI8qNMJQX+fLfqhbfYfxBQVRPywBkAbIP4x1EAsbC6FSNmkhCxiMNqEgxaIpY8C2" +
-			"kJdJ/ZIV+WW4noDdzpKqHcwmB8FsrumlVY/DNVvUSDIipiq9PbP4H99TXN1o746o" +
-			"RaNa07rq1hoCgMSSy+85SagCoxlmyE+D+of9SsMY8Ol9t0rdzpobBuhyJ/o5dfvj" +
-			"KwIDAQAB";
+	public static final String DEFAULT_RSA_PUBLIC_KEY = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3FlqJr5TRskIQIgdE3Dd"
+			+ "7D9lboWdcTUT8a+fJR7MAvQm7XXNoYkm3v7MQL1NYtDvL2l8CAnc0WdSTINU6IRv"
+			+ "c5Kqo2Q4csNX9SHOmEfzoROjQqahEcve1jBXluoCXdYuYpx4/1tfRgG6ii4Uhxh6"
+			+ "iI8qNMJQX+fLfqhbfYfxBQVRPywBkAbIP4x1EAsbC6FSNmkhCxiMNqEgxaIpY8C2"
+			+ "kJdJ/ZIV+WW4noDdzpKqHcwmB8FsrumlVY/DNVvUSDIipiq9PbP4H99TXN1o746o"
+			+ "RaNa07rq1hoCgMSSy+85SagCoxlmyE+D+of9SsMY8Ol9t0rdzpobBuhyJ/o5dfvj" + "KwIDAQAB";
 
 	public static final RSAPublicKey DEFAULT_PUBLIC_KEY = publicKey();
 
@@ -61,38 +61,37 @@ public class TestKeys {
 		X509EncodedKeySpec spec = new X509EncodedKeySpec(Base64.getDecoder().decode(DEFAULT_RSA_PUBLIC_KEY));
 		try {
 			return (RSAPublicKey) kf.generatePublic(spec);
-		} catch (InvalidKeySpecException e) {
+		}
+		catch (InvalidKeySpecException e) {
 			throw new IllegalArgumentException(e);
 		}
 	}
 
-	public static final String DEFAULT_RSA_PRIVATE_KEY =
-			"MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDcWWomvlNGyQhA" +
-			"iB0TcN3sP2VuhZ1xNRPxr58lHswC9Cbtdc2hiSbe/sxAvU1i0O8vaXwICdzRZ1JM" +
-			"g1TohG9zkqqjZDhyw1f1Ic6YR/OhE6NCpqERy97WMFeW6gJd1i5inHj/W19GAbqK" +
-			"LhSHGHqIjyo0wlBf58t+qFt9h/EFBVE/LAGQBsg/jHUQCxsLoVI2aSELGIw2oSDF" +
-			"oiljwLaQl0n9khX5ZbiegN3OkqodzCYHwWyu6aVVj8M1W9RIMiKmKr09s/gf31Nc" +
-			"3WjvjqhFo1rTuurWGgKAxJLL7zlJqAKjGWbIT4P6h/1Kwxjw6X23St3OmhsG6HIn" +
-			"+jl1++MrAgMBAAECggEBAMf820wop3pyUOwI3aLcaH7YFx5VZMzvqJdNlvpg1jbE" +
-			"E2Sn66b1zPLNfOIxLcBG8x8r9Ody1Bi2Vsqc0/5o3KKfdgHvnxAB3Z3dPh2WCDek" +
-			"lCOVClEVoLzziTuuTdGO5/CWJXdWHcVzIjPxmK34eJXioiLaTYqN3XKqKMdpD0ZG" +
-			"mtNTGvGf+9fQ4i94t0WqIxpMpGt7NM4RHy3+Onggev0zLiDANC23mWrTsUgect/7" +
-			"62TYg8g1bKwLAb9wCBT+BiOuCc2wrArRLOJgUkj/F4/gtrR9ima34SvWUyoUaKA0" +
-			"bi4YBX9l8oJwFGHbU9uFGEMnH0T/V0KtIB7qetReywkCgYEA9cFyfBIQrYISV/OA" +
-			"+Z0bo3vh2aL0QgKrSXZ924cLt7itQAHNZ2ya+e3JRlTczi5mnWfjPWZ6eJB/8MlH" +
-			"Gpn12o/POEkU+XjZZSPe1RWGt5g0S3lWqyx9toCS9ACXcN9tGbaqcFSVI73zVTRA" +
-			"8J9grR0fbGn7jaTlTX2tnlOTQ60CgYEA5YjYpEq4L8UUMFkuj+BsS3u0oEBnzuHd" +
-			"I9LEHmN+CMPosvabQu5wkJXLuqo2TxRnAznsA8R3pCLkdPGoWMCiWRAsCn979TdY" +
-			"QbqO2qvBAD2Q19GtY7lIu6C35/enQWzJUMQE3WW0OvjLzZ0l/9mA2FBRR+3F9A1d" +
-			"rBdnmv0c3TcCgYEAi2i+ggVZcqPbtgrLOk5WVGo9F1GqUBvlgNn30WWNTx4zIaEk" +
-			"HSxtyaOLTxtq2odV7Kr3LGiKxwPpn/T+Ief+oIp92YcTn+VfJVGw4Z3BezqbR8lA" +
-			"Uf/+HF5ZfpMrVXtZD4Igs3I33Duv4sCuqhEvLWTc44pHifVloozNxYfRfU0CgYBN" +
-			"HXa7a6cJ1Yp829l62QlJKtx6Ymj95oAnQu5Ez2ROiZMqXRO4nucOjGUP55Orac1a" +
-			"FiGm+mC/skFS0MWgW8evaHGDbWU180wheQ35hW6oKAb7myRHtr4q20ouEtQMdQIF" +
-			"snV39G1iyqeeAsf7dxWElydXpRi2b68i3BIgzhzebQKBgQCdUQuTsqV9y/JFpu6H" +
-			"c5TVvhG/ubfBspI5DhQqIGijnVBzFT//UfIYMSKJo75qqBEyP2EJSmCsunWsAFsM" +
-			"TszuiGTkrKcZy9G0wJqPztZZl2F2+bJgnA6nBEV7g5PA4Af+QSmaIhRwqGDAuROR" +
-			"47jndeyIaMTNETEmOnms+as17g==";
+	public static final String DEFAULT_RSA_PRIVATE_KEY = "MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDcWWomvlNGyQhA"
+			+ "iB0TcN3sP2VuhZ1xNRPxr58lHswC9Cbtdc2hiSbe/sxAvU1i0O8vaXwICdzRZ1JM"
+			+ "g1TohG9zkqqjZDhyw1f1Ic6YR/OhE6NCpqERy97WMFeW6gJd1i5inHj/W19GAbqK"
+			+ "LhSHGHqIjyo0wlBf58t+qFt9h/EFBVE/LAGQBsg/jHUQCxsLoVI2aSELGIw2oSDF"
+			+ "oiljwLaQl0n9khX5ZbiegN3OkqodzCYHwWyu6aVVj8M1W9RIMiKmKr09s/gf31Nc"
+			+ "3WjvjqhFo1rTuurWGgKAxJLL7zlJqAKjGWbIT4P6h/1Kwxjw6X23St3OmhsG6HIn"
+			+ "+jl1++MrAgMBAAECggEBAMf820wop3pyUOwI3aLcaH7YFx5VZMzvqJdNlvpg1jbE"
+			+ "E2Sn66b1zPLNfOIxLcBG8x8r9Ody1Bi2Vsqc0/5o3KKfdgHvnxAB3Z3dPh2WCDek"
+			+ "lCOVClEVoLzziTuuTdGO5/CWJXdWHcVzIjPxmK34eJXioiLaTYqN3XKqKMdpD0ZG"
+			+ "mtNTGvGf+9fQ4i94t0WqIxpMpGt7NM4RHy3+Onggev0zLiDANC23mWrTsUgect/7"
+			+ "62TYg8g1bKwLAb9wCBT+BiOuCc2wrArRLOJgUkj/F4/gtrR9ima34SvWUyoUaKA0"
+			+ "bi4YBX9l8oJwFGHbU9uFGEMnH0T/V0KtIB7qetReywkCgYEA9cFyfBIQrYISV/OA"
+			+ "+Z0bo3vh2aL0QgKrSXZ924cLt7itQAHNZ2ya+e3JRlTczi5mnWfjPWZ6eJB/8MlH"
+			+ "Gpn12o/POEkU+XjZZSPe1RWGt5g0S3lWqyx9toCS9ACXcN9tGbaqcFSVI73zVTRA"
+			+ "8J9grR0fbGn7jaTlTX2tnlOTQ60CgYEA5YjYpEq4L8UUMFkuj+BsS3u0oEBnzuHd"
+			+ "I9LEHmN+CMPosvabQu5wkJXLuqo2TxRnAznsA8R3pCLkdPGoWMCiWRAsCn979TdY"
+			+ "QbqO2qvBAD2Q19GtY7lIu6C35/enQWzJUMQE3WW0OvjLzZ0l/9mA2FBRR+3F9A1d"
+			+ "rBdnmv0c3TcCgYEAi2i+ggVZcqPbtgrLOk5WVGo9F1GqUBvlgNn30WWNTx4zIaEk"
+			+ "HSxtyaOLTxtq2odV7Kr3LGiKxwPpn/T+Ief+oIp92YcTn+VfJVGw4Z3BezqbR8lA"
+			+ "Uf/+HF5ZfpMrVXtZD4Igs3I33Duv4sCuqhEvLWTc44pHifVloozNxYfRfU0CgYBN"
+			+ "HXa7a6cJ1Yp829l62QlJKtx6Ymj95oAnQu5Ez2ROiZMqXRO4nucOjGUP55Orac1a"
+			+ "FiGm+mC/skFS0MWgW8evaHGDbWU180wheQ35hW6oKAb7myRHtr4q20ouEtQMdQIF"
+			+ "snV39G1iyqeeAsf7dxWElydXpRi2b68i3BIgzhzebQKBgQCdUQuTsqV9y/JFpu6H"
+			+ "c5TVvhG/ubfBspI5DhQqIGijnVBzFT//UfIYMSKJo75qqBEyP2EJSmCsunWsAFsM"
+			+ "TszuiGTkrKcZy9G0wJqPztZZl2F2+bJgnA6nBEV7g5PA4Af+QSmaIhRwqGDAuROR" + "47jndeyIaMTNETEmOnms+as17g==";
 
 	public static final RSAPrivateKey DEFAULT_PRIVATE_KEY = privateKey();
 
@@ -100,8 +99,10 @@ public class TestKeys {
 		PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(Base64.getDecoder().decode(DEFAULT_RSA_PRIVATE_KEY));
 		try {
 			return (RSAPrivateKey) kf.generatePrivate(spec);
-		} catch (InvalidKeySpecException e) {
+		}
+		catch (InvalidKeySpecException e) {
 			throw new IllegalArgumentException(e);
 		}
 	}
+
 }
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jose/jws/MacAlgorithmTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jose/jws/MacAlgorithmTests.java
index cea7ef5054..085b53d0fb 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jose/jws/MacAlgorithmTests.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jose/jws/MacAlgorithmTests.java
@@ -38,4 +38,5 @@ public class MacAlgorithmTests {
 	public void fromWhenAlgorithmInvalidThenDoesNotResolve() {
 		assertThat(MacAlgorithm.from("invalid")).isNull();
 	}
+
 }
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jose/jws/SignatureAlgorithmTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jose/jws/SignatureAlgorithmTests.java
index 4b2c19f018..5942491975 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jose/jws/SignatureAlgorithmTests.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jose/jws/SignatureAlgorithmTests.java
@@ -44,4 +44,5 @@ public class SignatureAlgorithmTests {
 	public void fromWhenAlgorithmInvalidThenDoesNotResolve() {
 		assertThat(SignatureAlgorithm.from("invalid")).isNull();
 	}
+
 }
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtBuilderTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtBuilderTests.java
index 4004ef9400..c0941bb83e 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtBuilderTests.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtBuilderTests.java
@@ -37,19 +37,10 @@ public class JwtBuilderTests {
 	public void buildWhenCalledTwiceThenGeneratesTwoJwts() {
 		Jwt.Builder jwtBuilder = Jwt.withTokenValue("token");
 
-		Jwt first = jwtBuilder
-				.tokenValue("V1")
-				.header("TEST_HEADER_1", "H1")
-				.claim("TEST_CLAIM_1", "C1")
-				.build();
+		Jwt first = jwtBuilder.tokenValue("V1").header("TEST_HEADER_1", "H1").claim("TEST_CLAIM_1", "C1").build();
 
-		Jwt second = jwtBuilder
-				.tokenValue("V2")
-				.header("TEST_HEADER_1", "H2")
-				.header("TEST_HEADER_2", "H3")
-				.claim("TEST_CLAIM_1", "C2")
-				.claim("TEST_CLAIM_2", "C3")
-				.build();
+		Jwt second = jwtBuilder.tokenValue("V2").header("TEST_HEADER_1", "H2").header("TEST_HEADER_2", "H3")
+				.claim("TEST_CLAIM_1", "C2").claim("TEST_CLAIM_2", "C3").build();
 
 		assertThat(first.getHeaders()).hasSize(1);
 		assertThat(first.getHeaders().get("TEST_HEADER_1")).isEqualTo("H1");
@@ -68,86 +59,65 @@ public class JwtBuilderTests {
 
 	@Test
 	public void expiresAtWhenUsingGenericOrNamedClaimMethodRequiresInstant() {
-		Jwt.Builder jwtBuilder = Jwt.withTokenValue("token")
-				.header("needs", "a header");
+		Jwt.Builder jwtBuilder = Jwt.withTokenValue("token").header("needs", "a header");
 
 		Instant now = Instant.now();
 
-		Jwt jwt = jwtBuilder
-				.expiresAt(now).build();
+		Jwt jwt = jwtBuilder.expiresAt(now).build();
 		assertThat(jwt.getExpiresAt()).isSameAs(now);
 
-		jwt = jwtBuilder
-				.expiresAt(now).build();
+		jwt = jwtBuilder.expiresAt(now).build();
 		assertThat(jwt.getExpiresAt()).isSameAs(now);
 
-		assertThatCode(() -> jwtBuilder
-				.claim(EXP, "not an instant").build())
+		assertThatCode(() -> jwtBuilder.claim(EXP, "not an instant").build())
 				.isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
 	public void issuedAtWhenUsingGenericOrNamedClaimMethodRequiresInstant() {
-		Jwt.Builder jwtBuilder = Jwt.withTokenValue("token")
-				.header("needs", "a header");
+		Jwt.Builder jwtBuilder = Jwt.withTokenValue("token").header("needs", "a header");
 
 		Instant now = Instant.now();
 
-		Jwt jwt = jwtBuilder
-				.issuedAt(now).build();
+		Jwt jwt = jwtBuilder.issuedAt(now).build();
 		assertThat(jwt.getIssuedAt()).isSameAs(now);
 
-		jwt = jwtBuilder
-				.issuedAt(now).build();
+		jwt = jwtBuilder.issuedAt(now).build();
 		assertThat(jwt.getIssuedAt()).isSameAs(now);
 
-		assertThatCode(() -> jwtBuilder
-				.claim(IAT, "not an instant").build())
+		assertThatCode(() -> jwtBuilder.claim(IAT, "not an instant").build())
 				.isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
 	public void subjectWhenUsingGenericOrNamedClaimMethodThenLastOneWins() {
-		Jwt.Builder jwtBuilder = Jwt.withTokenValue("token")
-				.header("needs", "a header");
+		Jwt.Builder jwtBuilder = Jwt.withTokenValue("token").header("needs", "a header");
 
 		String generic = new String("sub");
 		String named = new String("sub");
 
-		Jwt jwt = jwtBuilder
-				.subject(named)
-				.claim(SUB, generic).build();
+		Jwt jwt = jwtBuilder.subject(named).claim(SUB, generic).build();
 		assertThat(jwt.getSubject()).isSameAs(generic);
 
-		jwt = jwtBuilder
-				.claim(SUB, generic)
-				.subject(named).build();
+		jwt = jwtBuilder.claim(SUB, generic).subject(named).build();
 		assertThat(jwt.getSubject()).isSameAs(named);
 	}
 
 	@Test
 	public void claimsWhenRemovingAClaimThenIsNotPresent() {
-		Jwt.Builder jwtBuilder = Jwt.withTokenValue("token")
-				.claim("needs", "a claim")
-				.header("needs", "a header");
+		Jwt.Builder jwtBuilder = Jwt.withTokenValue("token").claim("needs", "a claim").header("needs", "a header");
 
-		Jwt jwt = jwtBuilder
-				.subject("sub")
-				.claims(claims -> claims.remove(SUB))
-				.build();
+		Jwt jwt = jwtBuilder.subject("sub").claims(claims -> claims.remove(SUB)).build();
 		assertThat(jwt.getSubject()).isNull();
 	}
 
 	@Test
 	public void claimsWhenAddingAClaimThenIsPresent() {
-		Jwt.Builder jwtBuilder = Jwt.withTokenValue("token")
-				.header("needs", "a header");
+		Jwt.Builder jwtBuilder = Jwt.withTokenValue("token").header("needs", "a header");
 
 		String name = new String("name");
 		String value = new String("value");
-		Jwt jwt = jwtBuilder
-				.claims(claims -> claims.put(name, value))
-				.build();
+		Jwt jwt = jwtBuilder.claims(claims -> claims.put(name, value)).build();
 
 		assertThat(jwt.getClaims()).hasSize(1);
 		assertThat(jwt.getClaims().get(name)).isSameAs(value);
@@ -155,27 +125,19 @@ public class JwtBuilderTests {
 
 	@Test
 	public void headersWhenRemovingAClaimThenIsNotPresent() {
-		Jwt.Builder jwtBuilder = Jwt.withTokenValue("token")
-				.claim("needs", "a claim")
-				.header("needs", "a header");
+		Jwt.Builder jwtBuilder = Jwt.withTokenValue("token").claim("needs", "a claim").header("needs", "a header");
 
-		Jwt jwt = jwtBuilder
-				.header("alg", "none")
-				.headers(headers -> headers.remove("alg"))
-				.build();
+		Jwt jwt = jwtBuilder.header("alg", "none").headers(headers -> headers.remove("alg")).build();
 		assertThat(jwt.getHeaders().get("alg")).isNull();
 	}
 
 	@Test
 	public void headersWhenAddingAClaimThenIsPresent() {
-		Jwt.Builder jwtBuilder = Jwt.withTokenValue("token")
-				.claim("needs", "a claim");
+		Jwt.Builder jwtBuilder = Jwt.withTokenValue("token").claim("needs", "a claim");
 
 		String name = new String("name");
 		String value = new String("value");
-		Jwt jwt = jwtBuilder
-				.headers(headers -> headers.put(name, value))
-				.build();
+		Jwt jwt = jwtBuilder.headers(headers -> headers.put(name, value)).build();
 
 		assertThat(jwt.getHeaders()).hasSize(1);
 		assertThat(jwt.getHeaders().get(name)).isSameAs(value);
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtClaimValidatorTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtClaimValidatorTests.java
index 968af2a8ab..de223c8d76 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtClaimValidatorTests.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtClaimValidatorTests.java
@@ -33,20 +33,19 @@ import static org.springframework.security.oauth2.jwt.TestJwts.jwt;
 public class JwtClaimValidatorTests {
 
 	private static final Predicate<String> test = claim -> claim.equals("http://test");
+
 	private final JwtClaimValidator<String> validator = new JwtClaimValidator<>(ISS, test);
 
 	@Test
 	public void validateWhenClaimPassesTheTestThenReturnsSuccess() {
 		Jwt jwt = jwt().claim(ISS, "http://test").build();
-		assertThat(validator.validate(jwt))
-				.isEqualTo(OAuth2TokenValidatorResult.success());
+		assertThat(validator.validate(jwt)).isEqualTo(OAuth2TokenValidatorResult.success());
 	}
 
 	@Test
 	public void validateWhenClaimFailsTheTestThenReturnsFailure() {
 		Jwt jwt = jwt().claim(ISS, "http://abc").build();
-		assertThat(validator.validate(jwt).getErrors().isEmpty())
-				.isFalse();
+		assertThat(validator.validate(jwt).getErrors().isEmpty()).isFalse();
 	}
 
 	@Test
@@ -56,14 +55,13 @@ public class JwtClaimValidatorTests {
 	}
 
 	@Test
-	public void validateWhenTestIsNullThenThrowsIllegalArgumentException(){
-		assertThatThrownBy(() -> new JwtClaimValidator<>(ISS, null))
-				.isInstanceOf(IllegalArgumentException.class);
+	public void validateWhenTestIsNullThenThrowsIllegalArgumentException() {
+		assertThatThrownBy(() -> new JwtClaimValidator<>(ISS, null)).isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
 	public void validateWhenJwtIsNullThenThrowsIllegalArgumentException() {
-		assertThatThrownBy(() -> validator.validate(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatThrownBy(() -> validator.validate(null)).isInstanceOf(IllegalArgumentException.class);
 	}
+
 }
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtDecodersTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtDecodersTests.java
index 8fa7ee5869..618e9f081e 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtDecodersTests.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtDecodersTests.java
@@ -47,40 +47,31 @@ import static org.assertj.core.api.Assertions.assertThatCode;
  * @author Rafiullah Hamedy
  */
 public class JwtDecodersTests {
+
 	/**
-	 * Contains those parameters required to construct a JwtDecoder as well as any required parameters
+	 * Contains those parameters required to construct a JwtDecoder as well as any
+	 * required parameters
 	 */
-	private static final String DEFAULT_RESPONSE_TEMPLATE =
-			"{\n"
-					+ "    \"authorization_endpoint\": \"https://example.com/o/oauth2/v2/auth\", \n"
-					+ "    \"id_token_signing_alg_values_supported\": [\n"
-					+ "        \"RS256\"\n"
-					+ "    ], \n"
-					+ "    \"issuer\": \"%s\", \n"
-					+ "    \"jwks_uri\": \"%s/.well-known/jwks.json\", \n"
-					+ "    \"response_types_supported\": [\n"
-					+ "        \"code\", \n"
-					+ "        \"token\", \n"
-					+ "        \"id_token\", \n"
-					+ "        \"code token\", \n"
-					+ "        \"code id_token\", \n"
-					+ "        \"token id_token\", \n"
-					+ "        \"code token id_token\", \n"
-					+ "        \"none\"\n"
-					+ "    ], \n"
-					+ "    \"subject_types_supported\": [\n"
-					+ "        \"public\"\n"
-					+ "    ], \n"
-					+ "    \"token_endpoint\": \"https://example.com/oauth2/v4/token\"\n"
-					+ "}";
+	private static final String DEFAULT_RESPONSE_TEMPLATE = "{\n"
+			+ "    \"authorization_endpoint\": \"https://example.com/o/oauth2/v2/auth\", \n"
+			+ "    \"id_token_signing_alg_values_supported\": [\n" + "        \"RS256\"\n" + "    ], \n"
+			+ "    \"issuer\": \"%s\", \n" + "    \"jwks_uri\": \"%s/.well-known/jwks.json\", \n"
+			+ "    \"response_types_supported\": [\n" + "        \"code\", \n" + "        \"token\", \n"
+			+ "        \"id_token\", \n" + "        \"code token\", \n" + "        \"code id_token\", \n"
+			+ "        \"token id_token\", \n" + "        \"code token id_token\", \n" + "        \"none\"\n"
+			+ "    ], \n" + "    \"subject_types_supported\": [\n" + "        \"public\"\n" + "    ], \n"
+			+ "    \"token_endpoint\": \"https://example.com/oauth2/v4/token\"\n" + "}";
 
 	private static final String JWK_SET = "{\"keys\":[{\"p\":\"49neceJFs8R6n7WamRGy45F5Tv0YM-R2ODK3eSBUSLOSH2tAqjEVKOkLE5fiNA3ygqq15NcKRadB2pTVf-Yb5ZIBuKzko8bzYIkIqYhSh_FAdEEr0vHF5fq_yWSvc6swsOJGqvBEtuqtJY027u-G2gAQasCQdhyejer68zsTn8M\",\"kty\":\"RSA\",\"q\":\"tWR-ysspjZ73B6p2vVRVyHwP3KQWL5KEQcdgcmMOE_P_cPs98vZJfLhxobXVmvzuEWBpRSiqiuyKlQnpstKt94Cy77iO8m8ISfF3C9VyLWXi9HUGAJb99irWABFl3sNDff5K2ODQ8CmuXLYM25OwN3ikbrhEJozlXg_NJFSGD4E\",\"d\":\"FkZHYZlw5KSoqQ1i2RA2kCUygSUOf1OqMt3uomtXuUmqKBm_bY7PCOhmwbvbn4xZYEeHuTR8Xix-0KpHe3NKyWrtRjkq1T_un49_1LLVUhJ0dL-9_x0xRquVjhl_XrsRXaGMEHs8G9pLTvXQ1uST585gxIfmCe0sxPZLvwoic-bXf64UZ9BGRV3lFexWJQqCZp2S21HfoU7wiz6kfLRNi-K4xiVNB1gswm_8o5lRuY7zB9bRARQ3TS2G4eW7p5sxT3CgsGiQD3_wPugU8iDplqAjgJ5ofNJXZezoj0t6JMB_qOpbrmAM1EnomIPebSLW7Ky9SugEd6KMdL5lW6AuAQ\",\"e\":\"AQAB\",\"use\":\"sig\",\"kid\":\"one\",\"qi\":\"wdkFu_tV2V1l_PWUUimG516Zvhqk2SWDw1F7uNDD-Lvrv_WNRIJVzuffZ8WYiPy8VvYQPJUrT2EXL8P0ocqwlaSTuXctrORcbjwgxDQDLsiZE0C23HYzgi0cofbScsJdhcBg7d07LAf7cdJWG0YVl1FkMCsxUlZ2wTwHfKWf-v4\",\"dp\":\"uwnPxqC-IxG4r33-SIT02kZC1IqC4aY7PWq0nePiDEQMQWpjjNH50rlq9EyLzbtdRdIouo-jyQXB01K15-XXJJ60dwrGLYNVqfsTd0eGqD1scYJGHUWG9IDgCsxyEnuG3s0AwbW2UolWVSsU2xMZGb9PurIUZECeD1XDZwMp2s0\",\"dq\":\"hra786AunB8TF35h8PpROzPoE9VJJMuLrc6Esm8eZXMwopf0yhxfN2FEAvUoTpLJu93-UH6DKenCgi16gnQ0_zt1qNNIVoRfg4rw_rjmsxCYHTVL3-RDeC8X_7TsEySxW0EgFTHh-nr6I6CQrAJjPM88T35KHtdFATZ7BCBB8AE\",\"n\":\"oXJ8OyOv_eRnce4akdanR4KYRfnC2zLV4uYNQpcFn6oHL0dj7D6kxQmsXoYgJV8ZVDn71KGmuLvolxsDncc2UrhyMBY6DVQVgMSVYaPCTgW76iYEKGgzTEw5IBRQL9w3SRJWd3VJTZZQjkXef48Ocz06PGF3lhbz4t5UEZtdF4rIe7u-977QwHuh7yRPBQ3sII-cVoOUMgaXB9SHcGF2iZCtPzL_IffDUcfhLQteGebhW8A6eUHgpD5A1PQ-JCw_G7UOzZAjjDjtNM2eqm8j-Ms_gqnm4MiCZ4E-9pDN77CAAPVN7kuX6ejs9KBXpk01z48i9fORYk9u7rAkh1HuQw\"}]}";
+
 	private static final String ISSUER_MISMATCH = "eyJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJodHRwczpcL1wvd3Jvbmdpc3N1ZXIiLCJleHAiOjQ2ODcyNTYwNDl9.Ax8LMI6rhB9Pv_CE3kFi1JPuLj9gZycifWrLeDpkObWEEVAsIls9zAhNFyJlG-Oo7up6_mDhZgeRfyKnpSF5GhKJtXJDCzwg0ZDVUE6rS0QadSxsMMGbl7c4y0lG_7TfLX2iWeNJukJj_oSW9KzW4FsBp1BoocWjrreesqQU3fZHbikH-c_Fs2TsAIpHnxflyEzfOFWpJ8D4DtzHXqfvieMwpy42xsPZK3LR84zlasf0Ne1tC_hLHvyHRdAXwn0CMoKxc7-8j0r9Mq8kAzUsPn9If7bMLqGkxUcTPdk5x7opAUajDZx95SXHLmtztNtBa2S6EfPJXuPKG6tM5Wq5Ug";
 
 	private static final String OIDC_METADATA_PATH = "/.well-known/openid-configuration";
+
 	private static final String OAUTH_METADATA_PATH = "/.well-known/oauth-authorization-server";
 
 	private MockWebServer server;
+
 	private String issuer;
 
 	@Before
@@ -99,8 +90,7 @@ public class JwtDecodersTests {
 	public void issuerWhenResponseIsTypicalThenReturnedDecoderValidatesIssuer() {
 		prepareConfigurationResponse();
 		JwtDecoder decoder = JwtDecoders.fromOidcIssuerLocation(this.issuer);
-		assertThatCode(() -> decoder.decode(ISSUER_MISMATCH))
-				.isInstanceOf(JwtValidationException.class)
+		assertThatCode(() -> decoder.decode(ISSUER_MISMATCH)).isInstanceOf(JwtValidationException.class)
 				.hasMessageContaining("The iss claim is not valid");
 	}
 
@@ -108,8 +98,7 @@ public class JwtDecodersTests {
 	public void issuerWhenOidcFallbackResponseIsTypicalThenReturnedDecoderValidatesIssuer() {
 		prepareConfigurationResponseOidc();
 		JwtDecoder decoder = JwtDecoders.fromIssuerLocation(this.issuer);
-		assertThatCode(() -> decoder.decode(ISSUER_MISMATCH))
-				.isInstanceOf(JwtValidationException.class)
+		assertThatCode(() -> decoder.decode(ISSUER_MISMATCH)).isInstanceOf(JwtValidationException.class)
 				.hasMessageContaining("The iss claim is not valid");
 	}
 
@@ -117,8 +106,7 @@ public class JwtDecodersTests {
 	public void issuerWhenOAuth2ResponseIsTypicalThenReturnedDecoderValidatesIssuer() {
 		prepareConfigurationResponseOAuth2();
 		JwtDecoder decoder = JwtDecoders.fromIssuerLocation(this.issuer);
-		assertThatCode(() -> decoder.decode(ISSUER_MISMATCH))
-				.isInstanceOf(JwtValidationException.class)
+		assertThatCode(() -> decoder.decode(ISSUER_MISMATCH)).isInstanceOf(JwtValidationException.class)
 				.hasMessageContaining("The iss claim is not valid");
 	}
 
@@ -149,22 +137,19 @@ public class JwtDecodersTests {
 	@Test
 	public void issuerWhenResponseIsNonCompliantThenThrowsRuntimeException() {
 		prepareConfigurationResponse("{ \"missing_required_keys\" : \"and_values\" }");
-		assertThatCode(() -> JwtDecoders.fromOidcIssuerLocation(this.issuer))
-				.isInstanceOf(RuntimeException.class);
+		assertThatCode(() -> JwtDecoders.fromOidcIssuerLocation(this.issuer)).isInstanceOf(RuntimeException.class);
 	}
 
 	@Test
 	public void issuerWhenOidcFallbackResponseIsNonCompliantThenThrowsRuntimeException() {
 		prepareConfigurationResponseOidc("{ \"missing_required_keys\" : \"and_values\" }");
-		assertThatCode(() -> JwtDecoders.fromIssuerLocation(this.issuer))
-				.isInstanceOf(RuntimeException.class);
+		assertThatCode(() -> JwtDecoders.fromIssuerLocation(this.issuer)).isInstanceOf(RuntimeException.class);
 	}
 
 	@Test
 	public void issuerWhenOAuth2ResponseIsNonCompliantThenThrowsRuntimeException() {
 		prepareConfigurationResponseOAuth2("{ \"missing_required_keys\" : \"and_values\" }");
-		assertThatCode(() -> JwtDecoders.fromIssuerLocation(this.issuer))
-				.isInstanceOf(RuntimeException.class);
+		assertThatCode(() -> JwtDecoders.fromIssuerLocation(this.issuer)).isInstanceOf(RuntimeException.class);
 	}
 
 	// gh-7512
@@ -173,8 +158,7 @@ public class JwtDecodersTests {
 			throws JsonMappingException, JsonProcessingException {
 		prepareConfigurationResponse(this.buildResponseWithMissingJwksUri());
 		assertThatCode(() -> JwtDecoders.fromOidcIssuerLocation(this.issuer))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("The public JWK set URI must not be null");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("The public JWK set URI must not be null");
 	}
 
 	// gh-7512
@@ -182,8 +166,7 @@ public class JwtDecodersTests {
 	public void issuerWhenOidcFallbackResponseDoesNotContainJwksUriThenThrowsIllegalArgumentException()
 			throws JsonMappingException, JsonProcessingException {
 		prepareConfigurationResponseOidc(this.buildResponseWithMissingJwksUri());
-		assertThatCode(() -> JwtDecoders.fromIssuerLocation(this.issuer))
-				.isInstanceOf(IllegalArgumentException.class)
+		assertThatCode(() -> JwtDecoders.fromIssuerLocation(this.issuer)).isInstanceOf(IllegalArgumentException.class)
 				.hasMessage("The public JWK set URI must not be null");
 	}
 
@@ -192,56 +175,49 @@ public class JwtDecodersTests {
 	public void issuerWhenOAuth2ResponseDoesNotContainJwksUriThenThrowsIllegalArgumentException()
 			throws JsonMappingException, JsonProcessingException {
 		prepareConfigurationResponseOAuth2(this.buildResponseWithMissingJwksUri());
-		assertThatCode(() -> JwtDecoders.fromIssuerLocation(this.issuer))
-				.isInstanceOf(IllegalArgumentException.class)
+		assertThatCode(() -> JwtDecoders.fromIssuerLocation(this.issuer)).isInstanceOf(IllegalArgumentException.class)
 				.hasMessage("The public JWK set URI must not be null");
 	}
 
 	@Test
 	public void issuerWhenResponseIsMalformedThenThrowsRuntimeException() {
 		prepareConfigurationResponse("malformed");
-		assertThatCode(() -> JwtDecoders.fromOidcIssuerLocation(this.issuer))
-				.isInstanceOf(RuntimeException.class);
+		assertThatCode(() -> JwtDecoders.fromOidcIssuerLocation(this.issuer)).isInstanceOf(RuntimeException.class);
 	}
 
 	@Test
 	public void issuerWhenOidcFallbackResponseIsMalformedThenThrowsRuntimeException() {
 		prepareConfigurationResponseOidc("malformed");
-		assertThatCode(() -> JwtDecoders.fromIssuerLocation(this.issuer))
-				.isInstanceOf(RuntimeException.class);
+		assertThatCode(() -> JwtDecoders.fromIssuerLocation(this.issuer)).isInstanceOf(RuntimeException.class);
 	}
 
 	@Test
 	public void issuerWhenOAuth2ResponseIsMalformedThenThrowsRuntimeException() {
 		prepareConfigurationResponseOAuth2("malformed");
-		assertThatCode(() -> JwtDecoders.fromIssuerLocation(this.issuer))
-				.isInstanceOf(RuntimeException.class);
+		assertThatCode(() -> JwtDecoders.fromIssuerLocation(this.issuer)).isInstanceOf(RuntimeException.class);
 	}
 
 	@Test
 	public void issuerWhenRespondingIssuerMismatchesRequestedIssuerThenThrowsIllegalStateException() {
 		prepareConfigurationResponse(String.format(DEFAULT_RESPONSE_TEMPLATE, this.issuer + "/wrong", this.issuer));
-		assertThatCode(() -> JwtDecoders.fromOidcIssuerLocation(this.issuer))
-				.isInstanceOf(IllegalStateException.class);
+		assertThatCode(() -> JwtDecoders.fromOidcIssuerLocation(this.issuer)).isInstanceOf(IllegalStateException.class);
 	}
 
 	@Test
 	public void issuerWhenOidcFallbackRespondingIssuerMismatchesRequestedIssuerThenThrowsIllegalStateException() {
 		prepareConfigurationResponseOidc(String.format(DEFAULT_RESPONSE_TEMPLATE, this.issuer + "/wrong", this.issuer));
-		assertThatCode(() -> JwtDecoders.fromIssuerLocation(this.issuer))
-				.isInstanceOf(IllegalStateException.class);
+		assertThatCode(() -> JwtDecoders.fromIssuerLocation(this.issuer)).isInstanceOf(IllegalStateException.class);
 	}
 
 	@Test
 	public void issuerWhenOAuth2RespondingIssuerMismatchesRequestedIssuerThenThrowsIllegalStateException() {
-		prepareConfigurationResponseOAuth2(String.format(DEFAULT_RESPONSE_TEMPLATE, this.issuer + "/wrong", this.issuer));
-		assertThatCode(() -> JwtDecoders.fromIssuerLocation(this.issuer))
-				.isInstanceOf(IllegalStateException.class);
+		prepareConfigurationResponseOAuth2(
+				String.format(DEFAULT_RESPONSE_TEMPLATE, this.issuer + "/wrong", this.issuer));
+		assertThatCode(() -> JwtDecoders.fromIssuerLocation(this.issuer)).isInstanceOf(IllegalStateException.class);
 	}
 
 	@Test
-	public void issuerWhenRequestedIssuerIsUnresponsiveThenThrowsIllegalArgumentException()
-			throws Exception {
+	public void issuerWhenRequestedIssuerIsUnresponsiveThenThrowsIllegalArgumentException() throws Exception {
 
 		this.server.shutdown();
 		assertThatCode(() -> JwtDecoders.fromOidcIssuerLocation("https://issuer"))
@@ -296,8 +272,7 @@ public class JwtDecodersTests {
 			@Override
 			public MockResponse dispatch(RecordedRequest request) {
 				return Optional.of(request).map(RecordedRequest::getRequestUrl).map(HttpUrl::toString)
-						.map(responses::get)
-						.orElse(new MockResponse().setResponseCode(404));
+						.map(responses::get).orElse(new MockResponse().setResponseCode(404));
 			}
 		};
 		this.server.setDispatcher(dispatcher);
@@ -309,14 +284,12 @@ public class JwtDecodersTests {
 
 	private String oidc() {
 		URI uri = URI.create(this.issuer);
-		return UriComponentsBuilder.fromUri(uri)
-				.replacePath(uri.getPath() + OIDC_METADATA_PATH).toUriString();
+		return UriComponentsBuilder.fromUri(uri).replacePath(uri.getPath() + OIDC_METADATA_PATH).toUriString();
 	}
 
 	private String oauth() {
 		URI uri = URI.create(this.issuer);
-		return UriComponentsBuilder.fromUri(uri)
-				.replacePath(OAUTH_METADATA_PATH + uri.getPath()).toUriString();
+		return UriComponentsBuilder.fromUri(uri).replacePath(OAUTH_METADATA_PATH + uri.getPath()).toUriString();
 	}
 
 	private String jwks() {
@@ -324,16 +297,16 @@ public class JwtDecodersTests {
 	}
 
 	private MockResponse response(String body) {
-		return new MockResponse()
-				.setBody(body)
-				.setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE);
+		return new MockResponse().setBody(body).setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE);
 	}
 
 	public String buildResponseWithMissingJwksUri() throws JsonMappingException, JsonProcessingException {
 		ObjectMapper mapper = new ObjectMapper();
 		Map<String, Object> response = mapper.readValue(DEFAULT_RESPONSE_TEMPLATE,
-				new TypeReference<Map<String, Object>>(){});
+				new TypeReference<Map<String, Object>>() {
+				});
 		response.remove("jwks_uri");
 		return mapper.writeValueAsString(response);
 	}
+
 }
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtIssuerValidatorTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtIssuerValidatorTests.java
index ba0a42c0ca..688ef5ef65 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtIssuerValidatorTests.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtIssuerValidatorTests.java
@@ -28,6 +28,7 @@ import static org.springframework.security.oauth2.jwt.TestJwts.jwt;
  * @since 5.1
  */
 public class JwtIssuerValidatorTests {
+
 	private static final String ISSUER = "https://issuer";
 
 	private final JwtIssuerValidator validator = new JwtIssuerValidator(ISSUER);
@@ -36,8 +37,7 @@ public class JwtIssuerValidatorTests {
 	public void validateWhenIssuerMatchesThenReturnsSuccess() {
 		Jwt jwt = jwt().claim("iss", ISSUER).build();
 
-		assertThat(this.validator.validate(jwt))
-				.isEqualTo(OAuth2TokenValidatorResult.success());
+		assertThat(this.validator.validate(jwt)).isEqualTo(OAuth2TokenValidatorResult.success());
 	}
 
 	@Test
@@ -63,19 +63,17 @@ public class JwtIssuerValidatorTests {
 		Jwt jwt = jwt().claim(JwtClaimNames.ISS, "issuer").build();
 		JwtIssuerValidator validator = new JwtIssuerValidator("issuer");
 
-		assertThat(validator.validate(jwt))
-				.isEqualTo(OAuth2TokenValidatorResult.success());
+		assertThat(validator.validate(jwt)).isEqualTo(OAuth2TokenValidatorResult.success());
 	}
 
 	@Test
 	public void validateWhenJwtIsNullThenThrowsIllegalArgumentException() {
-		assertThatCode(() -> this.validator.validate(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatCode(() -> this.validator.validate(null)).isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
 	public void constructorWhenNullIssuerIsGivenThenThrowsIllegalArgumentException() {
-		assertThatCode(() -> new JwtIssuerValidator(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatCode(() -> new JwtIssuerValidator(null)).isInstanceOf(IllegalArgumentException.class);
 	}
+
 }
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtTests.java
index e59716da74..ba686bf90e 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtTests.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtTests.java
@@ -33,24 +33,39 @@ import static org.assertj.core.api.Assertions.assertThat;
  * @author Joe Grandja
  */
 public class JwtTests {
+
 	private static final String ISS_CLAIM = "iss";
+
 	private static final String SUB_CLAIM = "sub";
+
 	private static final String AUD_CLAIM = "aud";
+
 	private static final String EXP_CLAIM = "exp";
+
 	private static final String NBF_CLAIM = "nbf";
+
 	private static final String IAT_CLAIM = "iat";
+
 	private static final String JTI_CLAIM = "jti";
 
 	private static final String ISS_VALUE = "https://provider.com";
+
 	private static final String SUB_VALUE = "subject1";
+
 	private static final List<String> AUD_VALUE = Arrays.asList("aud1", "aud2");
+
 	private static final long EXP_VALUE = Instant.now().plusSeconds(60).toEpochMilli();
+
 	private static final long NBF_VALUE = Instant.now().plusSeconds(5).toEpochMilli();
+
 	private static final long IAT_VALUE = Instant.now().toEpochMilli();
+
 	private static final String JTI_VALUE = "jwt-id-1";
 
 	private static final Map<String, Object> HEADERS;
+
 	private static final Map<String, Object> CLAIMS;
+
 	private static final String JWT_TOKEN_VALUE = "jwt-token-value";
 
 	static {
@@ -74,20 +89,20 @@ public class JwtTests {
 
 	@Test(expected = IllegalArgumentException.class)
 	public void constructorWhenHeadersIsEmptyThenThrowIllegalArgumentException() {
-		new Jwt(JWT_TOKEN_VALUE, Instant.ofEpochMilli(IAT_VALUE),
-			Instant.ofEpochMilli(EXP_VALUE), Collections.emptyMap(), CLAIMS);
+		new Jwt(JWT_TOKEN_VALUE, Instant.ofEpochMilli(IAT_VALUE), Instant.ofEpochMilli(EXP_VALUE),
+				Collections.emptyMap(), CLAIMS);
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void constructorWhenClaimsIsEmptyThenThrowIllegalArgumentException() {
-		new Jwt(JWT_TOKEN_VALUE, Instant.ofEpochMilli(IAT_VALUE),
-			Instant.ofEpochMilli(EXP_VALUE), HEADERS, Collections.emptyMap());
+		new Jwt(JWT_TOKEN_VALUE, Instant.ofEpochMilli(IAT_VALUE), Instant.ofEpochMilli(EXP_VALUE), HEADERS,
+				Collections.emptyMap());
 	}
 
 	@Test
 	public void constructorWhenParametersProvidedAndValidThenCreated() {
-		Jwt jwt = new Jwt(JWT_TOKEN_VALUE, Instant.ofEpochMilli(IAT_VALUE),
-			Instant.ofEpochMilli(EXP_VALUE), HEADERS, CLAIMS);
+		Jwt jwt = new Jwt(JWT_TOKEN_VALUE, Instant.ofEpochMilli(IAT_VALUE), Instant.ofEpochMilli(EXP_VALUE), HEADERS,
+				CLAIMS);
 
 		assertThat(jwt.getTokenValue()).isEqualTo(JWT_TOKEN_VALUE);
 		assertThat(jwt.getHeaders()).isEqualTo(HEADERS);
@@ -100,4 +115,5 @@ public class JwtTests {
 		assertThat(jwt.getIssuedAt().toEpochMilli()).isEqualTo(IAT_VALUE);
 		assertThat(jwt.getId()).isEqualTo(JTI_VALUE);
 	}
+
 }
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtTimestampValidatorTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtTimestampValidatorTests.java
index ee2f85825f..34b7bf0915 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtTimestampValidatorTests.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtTimestampValidatorTests.java
@@ -41,10 +41,15 @@ import static org.springframework.security.oauth2.jwt.TestJwts.jwt;
  * @author Josh Cummings
  */
 public class JwtTimestampValidatorTests {
+
 	private static final Clock MOCK_NOW = Clock.fixed(Instant.ofEpochMilli(0), ZoneId.systemDefault());
+
 	private static final String MOCK_TOKEN_VALUE = "token";
+
 	private static final Instant MOCK_ISSUED_AT = Instant.MIN;
+
 	private static final Map<String, Object> MOCK_HEADER = Collections.singletonMap("alg", JwsAlgorithms.RS256);
+
 	private static final Map<String, Object> MOCK_CLAIM_SET = Collections.singletonMap("some", "claim");
 
 	@Test
@@ -86,18 +91,15 @@ public class JwtTimestampValidatorTests {
 		Instant justOverOneDayAgo = now.minus(oneDayOff).minusSeconds(10);
 		Instant justOverOneDayFromNow = now.plus(oneDayOff).plusSeconds(10);
 
-		Jwt jwt = jwt()
-				.expiresAt(almostOneDayAgo)
-				.notBefore(almostOneDayFromNow)
-				.build();
+		Jwt jwt = jwt().expiresAt(almostOneDayAgo).notBefore(almostOneDayFromNow).build();
 
 		assertThat(jwtValidator.validate(jwt).hasErrors()).isFalse();
 
 		jwt = jwt().expiresAt(justOverOneDayAgo).build();
 
 		OAuth2TokenValidatorResult result = jwtValidator.validate(jwt);
-		Collection<String> messages =
-				result.getErrors().stream().map(OAuth2Error::getDescription).collect(Collectors.toList());
+		Collection<String> messages = result.getErrors().stream().map(OAuth2Error::getDescription)
+				.collect(Collectors.toList());
 
 		assertThat(result.hasErrors()).isTrue();
 		assertThat(messages).contains("Jwt expired at " + justOverOneDayAgo);
@@ -105,8 +107,7 @@ public class JwtTimestampValidatorTests {
 		jwt = jwt().notBefore(justOverOneDayFromNow).build();
 
 		result = jwtValidator.validate(jwt);
-		messages =
-				result.getErrors().stream().map(OAuth2Error::getDescription).collect(Collectors.toList());
+		messages = result.getErrors().stream().map(OAuth2Error::getDescription).collect(Collectors.toList());
 
 		assertThat(result.hasErrors()).isTrue();
 		assertThat(messages).contains("Jwt used before " + justOverOneDayFromNow);
@@ -137,10 +138,7 @@ public class JwtTimestampValidatorTests {
 
 	@Test
 	public void validateWhenNotBeforeIsValidAndExpiryIsNotSpecifiedThenReturnsSuccessfulResult() {
-		Jwt jwt = jwt()
-				.claims(c -> c.remove(EXP))
-				.notBefore(Instant.MIN)
-				.build();
+		Jwt jwt = jwt().claims(c -> c.remove(EXP)).notBefore(Instant.MIN).build();
 
 		JwtTimestampValidator jwtValidator = new JwtTimestampValidator();
 		assertThat(jwtValidator.validate(jwt).hasErrors()).isFalse();
@@ -156,10 +154,7 @@ public class JwtTimestampValidatorTests {
 
 	@Test
 	public void validateWhenBothExpiryAndNotBeforeAreValidThenReturnsSuccessfulResult() {
-		Jwt jwt = jwt()
-				.expiresAt(Instant.now(MOCK_NOW))
-				.notBefore(Instant.now(MOCK_NOW))
-				.build();
+		Jwt jwt = jwt().expiresAt(Instant.now(MOCK_NOW)).notBefore(Instant.now(MOCK_NOW)).build();
 
 		JwtTimestampValidator jwtValidator = new JwtTimestampValidator(Duration.ofNanos(0));
 		jwtValidator.setClock(MOCK_NOW);
@@ -171,13 +166,12 @@ public class JwtTimestampValidatorTests {
 	public void setClockWhenInvokedWithNullThenThrowsIllegalArgumentException() {
 		JwtTimestampValidator jwtValidator = new JwtTimestampValidator();
 
-		assertThatCode(() -> jwtValidator.setClock(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatCode(() -> jwtValidator.setClock(null)).isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
 	public void constructorWhenInvokedWithNullDurationThenThrowsIllegalArgumentException() {
-		assertThatCode(() -> new JwtTimestampValidator(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatCode(() -> new JwtTimestampValidator(null)).isInstanceOf(IllegalArgumentException.class);
 	}
+
 }
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/MappedJwtClaimSetConverterTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/MappedJwtClaimSetConverterTests.java
index 322890449d..49bf8f04ee 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/MappedJwtClaimSetConverterTests.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/MappedJwtClaimSetConverterTests.java
@@ -42,6 +42,7 @@ import static org.mockito.Mockito.when;
  * @author Josh Cummings
  */
 public class MappedJwtClaimSetConverterTests {
+
 	@Test
 	public void convertWhenUsingCustomExpiresAtConverterThenIssuedAtConverterStillConsultsIt() {
 		Instant at = Instant.ofEpochMilli(1000000000000L);
@@ -54,14 +55,12 @@ public class MappedJwtClaimSetConverterTests {
 		Map<String, Object> source = new HashMap<>();
 		Map<String, Object> target = converter.convert(source);
 
-		assertThat(target.get(JwtClaimNames.IAT)).
-				isEqualTo(Instant.ofEpochMilli(at.toEpochMilli()).minusSeconds(1));
+		assertThat(target.get(JwtClaimNames.IAT)).isEqualTo(Instant.ofEpochMilli(at.toEpochMilli()).minusSeconds(1));
 	}
 
 	@Test
 	public void convertWhenUsingDefaultsThenBasesIssuedAtOffOfExpiration() {
-		MappedJwtClaimSetConverter converter =
-				MappedJwtClaimSetConverter.withDefaults(Collections.emptyMap());
+		MappedJwtClaimSetConverter converter = MappedJwtClaimSetConverter.withDefaults(Collections.emptyMap());
 
 		Map<String, Object> source = Collections.singletonMap(JwtClaimNames.EXP, 1000000000L);
 		Map<String, Object> target = converter.convert(source);
@@ -72,8 +71,7 @@ public class MappedJwtClaimSetConverterTests {
 
 	@Test
 	public void convertWhenUsingDefaultsThenCoercesAudienceAccordingToJwtSpec() {
-		MappedJwtClaimSetConverter converter =
-				MappedJwtClaimSetConverter.withDefaults(Collections.emptyMap());
+		MappedJwtClaimSetConverter converter = MappedJwtClaimSetConverter.withDefaults(Collections.emptyMap());
 
 		Map<String, Object> source = Collections.singletonMap(JwtClaimNames.AUD, "audience");
 		Map<String, Object> target = converter.convert(source);
@@ -90,8 +88,7 @@ public class MappedJwtClaimSetConverterTests {
 
 	@Test
 	public void convertWhenUsingDefaultsThenCoercesAllAttributesInJwtSpec() {
-		MappedJwtClaimSetConverter converter =
-				MappedJwtClaimSetConverter.withDefaults(Collections.emptyMap());
+		MappedJwtClaimSetConverter converter = MappedJwtClaimSetConverter.withDefaults(Collections.emptyMap());
 
 		Map<String, Object> source = new HashMap<>();
 		source.put(JwtClaimNames.JTI, 1);
@@ -142,8 +139,7 @@ public class MappedJwtClaimSetConverterTests {
 
 	@Test
 	public void convertWhenConverterReturnsNullThenClaimIsRemoved() {
-		MappedJwtClaimSetConverter converter = MappedJwtClaimSetConverter
-				.withDefaults(Collections.emptyMap());
+		MappedJwtClaimSetConverter converter = MappedJwtClaimSetConverter.withDefaults(Collections.emptyMap());
 
 		Map<String, Object> source = Collections.singletonMap(JwtClaimNames.ISS, null);
 		Map<String, Object> target = converter.convert(source);
@@ -193,8 +189,7 @@ public class MappedJwtClaimSetConverterTests {
 
 	@Test
 	public void convertWhenUsingDefaultsThenFailedConversionThrowsIllegalStateException() {
-		MappedJwtClaimSetConverter converter = MappedJwtClaimSetConverter
-				.withDefaults(Collections.emptyMap());
+		MappedJwtClaimSetConverter converter = MappedJwtClaimSetConverter.withDefaults(Collections.emptyMap());
 
 		Map<String, Object> badIssuer = Collections.singletonMap(JwtClaimNames.ISS, "https://badly formed iss");
 		assertThatCode(() -> converter.convert(badIssuer)).isInstanceOf(IllegalStateException.class);
@@ -212,8 +207,7 @@ public class MappedJwtClaimSetConverterTests {
 	// gh-6073
 	@Test
 	public void convertWhenIssuerIsNotAUriThenConvertsToString() {
-		MappedJwtClaimSetConverter converter = MappedJwtClaimSetConverter
-				.withDefaults(Collections.emptyMap());
+		MappedJwtClaimSetConverter converter = MappedJwtClaimSetConverter.withDefaults(Collections.emptyMap());
 
 		Map<String, Object> nonUriIssuer = Collections.singletonMap(JwtClaimNames.ISS, "issuer");
 		Map<String, Object> target = converter.convert(nonUriIssuer);
@@ -223,8 +217,7 @@ public class MappedJwtClaimSetConverterTests {
 	// gh-6073
 	@Test
 	public void convertWhenIssuerIsOfTypeURLThenConvertsToString() throws Exception {
-		MappedJwtClaimSetConverter converter = MappedJwtClaimSetConverter
-				.withDefaults(Collections.emptyMap());
+		MappedJwtClaimSetConverter converter = MappedJwtClaimSetConverter.withDefaults(Collections.emptyMap());
 
 		Map<String, Object> issuer = Collections.singletonMap(JwtClaimNames.ISS, new URL("https://issuer"));
 		Map<String, Object> target = converter.convert(issuer);
@@ -233,8 +226,7 @@ public class MappedJwtClaimSetConverterTests {
 
 	@Test
 	public void constructWhenAnyParameterIsNullThenIllegalArgumentException() {
-		assertThatCode(() -> new MappedJwtClaimSetConverter(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatCode(() -> new MappedJwtClaimSetConverter(null)).isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
@@ -242,4 +234,5 @@ public class MappedJwtClaimSetConverterTests {
 		assertThatCode(() -> MappedJwtClaimSetConverter.withDefaults(null))
 				.isInstanceOf(IllegalArgumentException.class);
 	}
+
 }
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderJwkSupportTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderJwkSupportTests.java
index 2597dd2638..937d0bdd41 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderJwkSupportTests.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderJwkSupportTests.java
@@ -53,22 +53,26 @@ import static org.mockito.Mockito.when;
  * @author Josh Cummings
  */
 public class NimbusJwtDecoderJwkSupportTests {
+
 	private static final String JWK_SET_URL = "https://provider.com/oauth2/keys";
+
 	private static final String JWS_ALGORITHM = JwsAlgorithms.RS256;
 
 	private static final String JWK_SET = "{\"keys\":[{\"p\":\"49neceJFs8R6n7WamRGy45F5Tv0YM-R2ODK3eSBUSLOSH2tAqjEVKOkLE5fiNA3ygqq15NcKRadB2pTVf-Yb5ZIBuKzko8bzYIkIqYhSh_FAdEEr0vHF5fq_yWSvc6swsOJGqvBEtuqtJY027u-G2gAQasCQdhyejer68zsTn8M\",\"kty\":\"RSA\",\"q\":\"tWR-ysspjZ73B6p2vVRVyHwP3KQWL5KEQcdgcmMOE_P_cPs98vZJfLhxobXVmvzuEWBpRSiqiuyKlQnpstKt94Cy77iO8m8ISfF3C9VyLWXi9HUGAJb99irWABFl3sNDff5K2ODQ8CmuXLYM25OwN3ikbrhEJozlXg_NJFSGD4E\",\"d\":\"FkZHYZlw5KSoqQ1i2RA2kCUygSUOf1OqMt3uomtXuUmqKBm_bY7PCOhmwbvbn4xZYEeHuTR8Xix-0KpHe3NKyWrtRjkq1T_un49_1LLVUhJ0dL-9_x0xRquVjhl_XrsRXaGMEHs8G9pLTvXQ1uST585gxIfmCe0sxPZLvwoic-bXf64UZ9BGRV3lFexWJQqCZp2S21HfoU7wiz6kfLRNi-K4xiVNB1gswm_8o5lRuY7zB9bRARQ3TS2G4eW7p5sxT3CgsGiQD3_wPugU8iDplqAjgJ5ofNJXZezoj0t6JMB_qOpbrmAM1EnomIPebSLW7Ky9SugEd6KMdL5lW6AuAQ\",\"e\":\"AQAB\",\"use\":\"sig\",\"kid\":\"one\",\"qi\":\"wdkFu_tV2V1l_PWUUimG516Zvhqk2SWDw1F7uNDD-Lvrv_WNRIJVzuffZ8WYiPy8VvYQPJUrT2EXL8P0ocqwlaSTuXctrORcbjwgxDQDLsiZE0C23HYzgi0cofbScsJdhcBg7d07LAf7cdJWG0YVl1FkMCsxUlZ2wTwHfKWf-v4\",\"dp\":\"uwnPxqC-IxG4r33-SIT02kZC1IqC4aY7PWq0nePiDEQMQWpjjNH50rlq9EyLzbtdRdIouo-jyQXB01K15-XXJJ60dwrGLYNVqfsTd0eGqD1scYJGHUWG9IDgCsxyEnuG3s0AwbW2UolWVSsU2xMZGb9PurIUZECeD1XDZwMp2s0\",\"dq\":\"hra786AunB8TF35h8PpROzPoE9VJJMuLrc6Esm8eZXMwopf0yhxfN2FEAvUoTpLJu93-UH6DKenCgi16gnQ0_zt1qNNIVoRfg4rw_rjmsxCYHTVL3-RDeC8X_7TsEySxW0EgFTHh-nr6I6CQrAJjPM88T35KHtdFATZ7BCBB8AE\",\"n\":\"oXJ8OyOv_eRnce4akdanR4KYRfnC2zLV4uYNQpcFn6oHL0dj7D6kxQmsXoYgJV8ZVDn71KGmuLvolxsDncc2UrhyMBY6DVQVgMSVYaPCTgW76iYEKGgzTEw5IBRQL9w3SRJWd3VJTZZQjkXef48Ocz06PGF3lhbz4t5UEZtdF4rIe7u-977QwHuh7yRPBQ3sII-cVoOUMgaXB9SHcGF2iZCtPzL_IffDUcfhLQteGebhW8A6eUHgpD5A1PQ-JCw_G7UOzZAjjDjtNM2eqm8j-Ms_gqnm4MiCZ4E-9pDN77CAAPVN7kuX6ejs9KBXpk01z48i9fORYk9u7rAkh1HuQw\"}]}";
+
 	private static final String MALFORMED_JWK_SET = "malformed";
 
 	private static final String SIGNED_JWT = "eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJ0ZXN0LXN1YmplY3QiLCJzY3AiOlsibWVzc2FnZTpyZWFkIl0sImV4cCI6NDY4Mzg5Nzc3Nn0.LtMVtIiRIwSyc3aX35Zl0JVwLTcQZAB3dyBOMHNaHCKUljwMrf20a_gT79LfhjDzE_fUVUmFiAO32W1vFnYpZSVaMDUgeIOIOpxfoe9shj_uYenAwIS-_UxqGVIJiJoXNZh_MK80ShNpvsQwamxWEEOAMBtpWNiVYNDMdfgho9n3o5_Z7Gjy8RLBo1tbDREbO9kTFwGIxm_EYpezmRCRq4w1DdS6UDW321hkwMxPnCMSWOvp-hRpmgY2yjzLgPJ6Aucmg9TJ8jloAP1DjJoF1gRR7NTAk8LOGkSjTzVYDYMbCF51YdpojhItSk80YzXiEsv1mTz4oMM49jXBmfXFMA";
+
 	private static final String MALFORMED_JWT = "eyJhbGciOiJSUzI1NiJ9.eyJuYmYiOnt9LCJleHAiOjQ2ODQyMjUwODd9.guoQvujdWvd3xw7FYQEn4D6-gzM_WqFvXdmvAUNSLbxG7fv2_LLCNujPdrBHJoYPbOwS1BGNxIKQWS1tylvqzmr1RohQ-RZ2iAM1HYQzboUlkoMkcd8ENM__ELqho8aNYBfqwkNdUOyBFoy7Syu_w2SoJADw2RTjnesKO6CVVa05bW118pDS4xWxqC4s7fnBjmZoTn4uQ-Kt9YSQZQk8YQxkJSiyanozzgyfgXULA6mPu1pTNU3FVFaK1i1av_xtH_zAPgb647ZeaNe4nahgqC5h8nhOlm8W2dndXbwAt29nd2ZWBsru_QwZz83XSKLhTPFz-mPBByZZDsyBbIHf9A";
+
 	private static final String UNSIGNED_JWT = "eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0.eyJleHAiOi0yMDMzMjI0OTcsImp0aSI6IjEyMyIsInR5cCI6IkpXVCJ9.";
 
 	private NimbusJwtDecoderJwkSupport jwtDecoder = new NimbusJwtDecoderJwkSupport(JWK_SET_URL, JWS_ALGORITHM);
 
 	@Test
 	public void constructorWhenJwkSetUrlIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> new NimbusJwtDecoderJwkSupport(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatThrownBy(() -> new NimbusJwtDecoderJwkSupport(null)).isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
@@ -91,8 +95,7 @@ public class NimbusJwtDecoderJwkSupportTests {
 
 	@Test
 	public void decodeWhenJwtInvalidThenThrowJwtException() {
-		assertThatThrownBy(() -> this.jwtDecoder.decode("invalid"))
-				.isInstanceOf(JwtException.class);
+		assertThatThrownBy(() -> this.jwtDecoder.decode("invalid")).isInstanceOf(JwtException.class);
 	}
 
 	// gh-5168
@@ -111,19 +114,17 @@ public class NimbusJwtDecoderJwkSupportTests {
 	// gh-5457
 	@Test
 	public void decodeWhenPlainJwtThenExceptionDoesNotMentionClass() {
-		assertThatCode(() -> this.jwtDecoder.decode(UNSIGNED_JWT))
-				.isInstanceOf(JwtException.class)
+		assertThatCode(() -> this.jwtDecoder.decode(UNSIGNED_JWT)).isInstanceOf(JwtException.class)
 				.hasMessageContaining("Unsupported algorithm of none");
 	}
 
 	@Test
 	public void decodeWhenJwtIsMalformedThenReturnsStockException() throws Exception {
-		try ( MockWebServer server = new MockWebServer() ) {
+		try (MockWebServer server = new MockWebServer()) {
 			server.enqueue(new MockResponse().setBody(JWK_SET));
 			String jwkSetUrl = server.url("/.well-known/jwks.json").toString();
 			NimbusJwtDecoderJwkSupport jwtDecoder = new NimbusJwtDecoderJwkSupport(jwkSetUrl);
-			assertThatCode(() -> jwtDecoder.decode(MALFORMED_JWT))
-					.isInstanceOf(JwtException.class)
+			assertThatCode(() -> jwtDecoder.decode(MALFORMED_JWT)).isInstanceOf(JwtException.class)
 					.hasMessage("An error occurred while attempting to decode the Jwt: Malformed payload");
 			server.shutdown();
 		}
@@ -131,12 +132,11 @@ public class NimbusJwtDecoderJwkSupportTests {
 
 	@Test
 	public void decodeWhenJwkResponseIsMalformedThenReturnsStockException() throws Exception {
-		try ( MockWebServer server = new MockWebServer() ) {
+		try (MockWebServer server = new MockWebServer()) {
 			server.enqueue(new MockResponse().setBody(MALFORMED_JWK_SET));
 			String jwkSetUrl = server.url("/.well-known/jwks.json").toString();
 			NimbusJwtDecoderJwkSupport jwtDecoder = new NimbusJwtDecoderJwkSupport(jwkSetUrl);
-			assertThatCode(() -> jwtDecoder.decode(SIGNED_JWT))
-					.isInstanceOf(JwtException.class)
+			assertThatCode(() -> jwtDecoder.decode(SIGNED_JWT)).isInstanceOf(JwtException.class)
 					.hasMessage("An error occurred while attempting to decode the Jwt: Malformed Jwk set");
 			server.shutdown();
 		}
@@ -144,12 +144,11 @@ public class NimbusJwtDecoderJwkSupportTests {
 
 	@Test
 	public void decodeWhenJwkEndpointIsUnresponsiveThenReturnsJwtException() throws Exception {
-		try ( MockWebServer server = new MockWebServer() ) {
+		try (MockWebServer server = new MockWebServer()) {
 			server.enqueue(new MockResponse().setBody(MALFORMED_JWK_SET));
 			String jwkSetUrl = server.url("/.well-known/jwks.json").toString();
 			NimbusJwtDecoderJwkSupport jwtDecoder = new NimbusJwtDecoderJwkSupport(jwkSetUrl);
-			assertThatCode(() -> jwtDecoder.decode(SIGNED_JWT))
-					.isInstanceOf(JwtException.class)
+			assertThatCode(() -> jwtDecoder.decode(SIGNED_JWT)).isInstanceOf(JwtException.class)
 					.hasMessageContaining("An error occurred while attempting to decode the Jwt");
 			server.shutdown();
 		}
@@ -158,7 +157,7 @@ public class NimbusJwtDecoderJwkSupportTests {
 	// gh-5603
 	@Test
 	public void decodeWhenCustomRestOperationsSetThenUsed() throws Exception {
-		try ( MockWebServer server = new MockWebServer() ) {
+		try (MockWebServer server = new MockWebServer()) {
 			server.enqueue(new MockResponse().setBody(JWK_SET));
 			String jwkSetUrl = server.url("/.well-known/jwks.json").toString();
 			NimbusJwtDecoderJwkSupport jwtDecoder = new NimbusJwtDecoderJwkSupport(jwkSetUrl);
@@ -172,7 +171,7 @@ public class NimbusJwtDecoderJwkSupportTests {
 
 	@Test
 	public void decodeWhenJwtFailsValidationThenReturnsCorrespondingErrorMessage() throws Exception {
-		try ( MockWebServer server = new MockWebServer() ) {
+		try (MockWebServer server = new MockWebServer()) {
 			server.enqueue(new MockResponse().setBody(JWK_SET));
 			String jwkSetUrl = server.url("/.well-known/jwks.json").toString();
 
@@ -184,15 +183,14 @@ public class NimbusJwtDecoderJwkSupportTests {
 			when(jwtValidator.validate(any(Jwt.class))).thenReturn(OAuth2TokenValidatorResult.failure(failure));
 			decoder.setJwtValidator(jwtValidator);
 
-			assertThatCode(() -> decoder.decode(SIGNED_JWT))
-					.isInstanceOf(JwtValidationException.class)
+			assertThatCode(() -> decoder.decode(SIGNED_JWT)).isInstanceOf(JwtValidationException.class)
 					.hasMessageContaining("mock-description");
 		}
 	}
 
 	@Test
 	public void decodeWhenJwtValidationHasTwoErrorsThenJwtExceptionMessageShowsFirstError() throws Exception {
-		try ( MockWebServer server = new MockWebServer() ) {
+		try (MockWebServer server = new MockWebServer()) {
 			server.enqueue(new MockResponse().setBody(JWK_SET));
 			String jwkSetUrl = server.url("/.well-known/jwks.json").toString();
 
@@ -206,8 +204,7 @@ public class NimbusJwtDecoderJwkSupportTests {
 			when(jwtValidator.validate(any(Jwt.class))).thenReturn(result);
 			decoder.setJwtValidator(jwtValidator);
 
-			assertThatCode(() -> decoder.decode(SIGNED_JWT))
-					.isInstanceOf(JwtValidationException.class)
+			assertThatCode(() -> decoder.decode(SIGNED_JWT)).isInstanceOf(JwtValidationException.class)
 					.hasMessageContaining("mock-description")
 					.hasFieldOrPropertyWithValue("errors", Arrays.asList(firstFailure, secondFailure));
 		}
@@ -215,7 +212,7 @@ public class NimbusJwtDecoderJwkSupportTests {
 
 	@Test
 	public void decodeWhenUsingSignedJwtThenReturnsClaimsGivenByClaimSetConverter() throws Exception {
-		try ( MockWebServer server = new MockWebServer() ) {
+		try (MockWebServer server = new MockWebServer()) {
 			server.enqueue(new MockResponse().setBody(JWK_SET));
 			String jwkSetUrl = server.url("/.well-known/jwks.json").toString();
 
@@ -233,8 +230,7 @@ public class NimbusJwtDecoderJwkSupportTests {
 
 	@Test
 	public void setClaimSetConverterWhenIsNullThenThrowsIllegalArgumentException() {
-		assertThatCode(() -> jwtDecoder.setClaimSetConverter(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatCode(() -> jwtDecoder.setClaimSetConverter(null)).isInstanceOf(IllegalArgumentException.class);
 	}
 
 	private static RestOperations mockJwkSetResponse(String response) {
@@ -243,4 +239,5 @@ public class NimbusJwtDecoderJwkSupportTests {
 				.thenReturn(new ResponseEntity<>(response, HttpStatus.OK));
 		return restOperations;
 	}
+
 }
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderTests.java
index 9e1e8e95b3..82cb1e729c 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderTests.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderTests.java
@@ -96,17 +96,25 @@ import static org.springframework.security.oauth2.jwt.NimbusJwtDecoder.withSecre
  * @author Mykyta Bezverkhyi
  */
 public class NimbusJwtDecoderTests {
+
 	private static final String JWK_SET = "{\"keys\":[{\"p\":\"49neceJFs8R6n7WamRGy45F5Tv0YM-R2ODK3eSBUSLOSH2tAqjEVKOkLE5fiNA3ygqq15NcKRadB2pTVf-Yb5ZIBuKzko8bzYIkIqYhSh_FAdEEr0vHF5fq_yWSvc6swsOJGqvBEtuqtJY027u-G2gAQasCQdhyejer68zsTn8M\",\"kty\":\"RSA\",\"q\":\"tWR-ysspjZ73B6p2vVRVyHwP3KQWL5KEQcdgcmMOE_P_cPs98vZJfLhxobXVmvzuEWBpRSiqiuyKlQnpstKt94Cy77iO8m8ISfF3C9VyLWXi9HUGAJb99irWABFl3sNDff5K2ODQ8CmuXLYM25OwN3ikbrhEJozlXg_NJFSGD4E\",\"d\":\"FkZHYZlw5KSoqQ1i2RA2kCUygSUOf1OqMt3uomtXuUmqKBm_bY7PCOhmwbvbn4xZYEeHuTR8Xix-0KpHe3NKyWrtRjkq1T_un49_1LLVUhJ0dL-9_x0xRquVjhl_XrsRXaGMEHs8G9pLTvXQ1uST585gxIfmCe0sxPZLvwoic-bXf64UZ9BGRV3lFexWJQqCZp2S21HfoU7wiz6kfLRNi-K4xiVNB1gswm_8o5lRuY7zB9bRARQ3TS2G4eW7p5sxT3CgsGiQD3_wPugU8iDplqAjgJ5ofNJXZezoj0t6JMB_qOpbrmAM1EnomIPebSLW7Ky9SugEd6KMdL5lW6AuAQ\",\"e\":\"AQAB\",\"use\":\"sig\",\"kid\":\"one\",\"qi\":\"wdkFu_tV2V1l_PWUUimG516Zvhqk2SWDw1F7uNDD-Lvrv_WNRIJVzuffZ8WYiPy8VvYQPJUrT2EXL8P0ocqwlaSTuXctrORcbjwgxDQDLsiZE0C23HYzgi0cofbScsJdhcBg7d07LAf7cdJWG0YVl1FkMCsxUlZ2wTwHfKWf-v4\",\"dp\":\"uwnPxqC-IxG4r33-SIT02kZC1IqC4aY7PWq0nePiDEQMQWpjjNH50rlq9EyLzbtdRdIouo-jyQXB01K15-XXJJ60dwrGLYNVqfsTd0eGqD1scYJGHUWG9IDgCsxyEnuG3s0AwbW2UolWVSsU2xMZGb9PurIUZECeD1XDZwMp2s0\",\"dq\":\"hra786AunB8TF35h8PpROzPoE9VJJMuLrc6Esm8eZXMwopf0yhxfN2FEAvUoTpLJu93-UH6DKenCgi16gnQ0_zt1qNNIVoRfg4rw_rjmsxCYHTVL3-RDeC8X_7TsEySxW0EgFTHh-nr6I6CQrAJjPM88T35KHtdFATZ7BCBB8AE\",\"n\":\"oXJ8OyOv_eRnce4akdanR4KYRfnC2zLV4uYNQpcFn6oHL0dj7D6kxQmsXoYgJV8ZVDn71KGmuLvolxsDncc2UrhyMBY6DVQVgMSVYaPCTgW76iYEKGgzTEw5IBRQL9w3SRJWd3VJTZZQjkXef48Ocz06PGF3lhbz4t5UEZtdF4rIe7u-977QwHuh7yRPBQ3sII-cVoOUMgaXB9SHcGF2iZCtPzL_IffDUcfhLQteGebhW8A6eUHgpD5A1PQ-JCw_G7UOzZAjjDjtNM2eqm8j-Ms_gqnm4MiCZ4E-9pDN77CAAPVN7kuX6ejs9KBXpk01z48i9fORYk9u7rAkh1HuQw\"}]}";
+
 	private static final String MALFORMED_JWK_SET = "malformed";
 
 	private static final String SIGNED_JWT = "eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJ0ZXN0LXN1YmplY3QiLCJzY3AiOlsibWVzc2FnZTpyZWFkIl0sImV4cCI6NDY4Mzg5Nzc3Nn0.LtMVtIiRIwSyc3aX35Zl0JVwLTcQZAB3dyBOMHNaHCKUljwMrf20a_gT79LfhjDzE_fUVUmFiAO32W1vFnYpZSVaMDUgeIOIOpxfoe9shj_uYenAwIS-_UxqGVIJiJoXNZh_MK80ShNpvsQwamxWEEOAMBtpWNiVYNDMdfgho9n3o5_Z7Gjy8RLBo1tbDREbO9kTFwGIxm_EYpezmRCRq4w1DdS6UDW321hkwMxPnCMSWOvp-hRpmgY2yjzLgPJ6Aucmg9TJ8jloAP1DjJoF1gRR7NTAk8LOGkSjTzVYDYMbCF51YdpojhItSk80YzXiEsv1mTz4oMM49jXBmfXFMA";
+
 	private static final String MALFORMED_JWT = "eyJhbGciOiJSUzI1NiJ9.eyJuYmYiOnt9LCJleHAiOjQ2ODQyMjUwODd9.guoQvujdWvd3xw7FYQEn4D6-gzM_WqFvXdmvAUNSLbxG7fv2_LLCNujPdrBHJoYPbOwS1BGNxIKQWS1tylvqzmr1RohQ-RZ2iAM1HYQzboUlkoMkcd8ENM__ELqho8aNYBfqwkNdUOyBFoy7Syu_w2SoJADw2RTjnesKO6CVVa05bW118pDS4xWxqC4s7fnBjmZoTn4uQ-Kt9YSQZQk8YQxkJSiyanozzgyfgXULA6mPu1pTNU3FVFaK1i1av_xtH_zAPgb647ZeaNe4nahgqC5h8nhOlm8W2dndXbwAt29nd2ZWBsru_QwZz83XSKLhTPFz-mPBByZZDsyBbIHf9A";
+
 	private static final String UNSIGNED_JWT = "eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0.eyJleHAiOi0yMDMzMjI0OTcsImp0aSI6IjEyMyIsInR5cCI6IkpXVCJ9.";
+
 	private static final String EMPTY_EXP_CLAIM_JWT = "eyJhbGciOiJSUzI1NiJ9.eyJhdWQiOiJhdWRpZW5jZSJ9.D1eT0jpBEpuh74p-YT-uF81Z7rkVqIpUtJ5hWWFiVShZ9s8NIntK4Q1GlvlziiySSaVYaXtpTmDB3c8r-Z5Mj4ibihiueCSq7jaPD3sA8IMQKL-L6Uol8MSD_lSFE2n3fVBTxFeaejBKfZsDxnhzgpy8g7PncR47w8NHs-7tKO4qw7G_SV3hkNpDNoqZTfMImxyWEebgKM2pJAhN4das2CO1KAjYMfEByLcgYncE8fzdYPJhMFo2XRRSQABoeUBuKSAwIntBaOGvcb-qII_Hefc5U0cmpNItG75F2XfX803plKI4FFpAxJsbPKWSQmhs6bZOrhx0x74pY5LS3ghmJw";
 
 	private static final String JWK_SET_URI = "https://issuer/.well-known/jwks.json";
+
 	private static final String RS512_SIGNED_JWT = "eyJhbGciOiJSUzUxMiJ9.eyJzdWIiOiJ0ZXN0LXN1YmplY3QiLCJleHAiOjE5NzQzMjYxMTl9.LKAx-60EBfD7jC1jb1eKcjO4uLvf3ssISV-8tN-qp7gAjSvKvj4YA9-V2mIb6jcS1X_xGmNy6EIimZXpWaBR3nJmeu-jpe85u4WaW2Ztr8ecAi-dTO7ZozwdtljKuBKKvj4u1nF70zyCNl15AozSG0W1ASrjUuWrJtfyDG6WoZ8VfNMuhtU-xUYUFvscmeZKUYQcJ1KS-oV5tHeF8aNiwQoiPC_9KXCOZtNEJFdq6-uzFdHxvOP2yex5Gbmg5hXonauIFXG2ZPPGdXzm-5xkhBpgM8U7A_6wb3So8wBvLYYm2245QUump63AJRAy8tQpwt4n9MvQxQgS3z9R-NK92A";
+
 	private static final String RS256_SIGNED_JWT = "eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJ0ZXN0LXN1YmplY3QiLCJleHAiOjE5NzQzMjYzMzl9.CT-H2OWEqmSs1NWmnta5ealLFvM8OlbQTjGhfRcKLNxrTrzsOkqBJl-AN3k16BQU7mS32o744TiiZ29NcDlxPsr1MqTlN86-dobPiuNIDLp3A1bOVdXMcVFuMYkrNv0yW0tGS9OjEqsCCuZDkZ1by6AhsHLbGwRY-6AQdcRouZygGpOQu1hNun5j8q5DpSTY4AXKARIFlF-O3OpVbPJ0ebr3Ki-i3U9p_55H0e4-wx2bqcApWlqgofl1I8NKWacbhZgn81iibup2W7E0CzCzh71u1Mcy3xk1sYePx-dwcxJnHmxJReBBWjJZEAeCrkbnn_OCuo2fA-EQyNJtlN5F2w";
+
 	private static final String VERIFY_KEY = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq4yKxb6SNePdDmQi9xFCrP6QvHosErQzryknQTTTffs0t3cy3Er3lIceuhZ7yQNSCDfPFqG8GoyoKhuChRiA5D+J2ab7bqTa1QJKfnCyERoscftgN2fXPHjHoiKbpGV2tMVw8mXl//tePOAiKbMJaBUnlAvJgkk1rVm08dSwpLC1sr2M19euf9jwnRGkMRZuhp9iCPgECRke5T8Ixpv0uQjSmGHnWUKTFlbj8sM83suROR1Ue64JSGScANc5vk3huJ/J97qTC+K2oKj6L8d9O8dpc4obijEOJwpydNvTYDgbiivYeSB00KS9jlBkQ5B2QqLvLVEygDl3dp59nGx6YQIDAQAB";
 
 	private static final MediaType APPLICATION_JWK_SET_JSON = new MediaType("application", "jwk-set+json");
@@ -122,14 +130,12 @@ public class NimbusJwtDecoderTests {
 
 	@Test
 	public void constructorWhenJwtProcessorIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> new NimbusJwtDecoder(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatThrownBy(() -> new NimbusJwtDecoder(null)).isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
 	public void setClaimSetConverterWhenIsNullThenThrowsIllegalArgumentException() {
-		assertThatCode(() -> this.jwtDecoder.setClaimSetConverter(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatCode(() -> this.jwtDecoder.setClaimSetConverter(null)).isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
@@ -140,35 +146,30 @@ public class NimbusJwtDecoderTests {
 
 	@Test
 	public void decodeWhenJwtInvalidThenThrowJwtException() {
-		assertThatThrownBy(() -> this.jwtDecoder.decode("invalid"))
-				.isInstanceOf(BadJwtException.class);
+		assertThatThrownBy(() -> this.jwtDecoder.decode("invalid")).isInstanceOf(BadJwtException.class);
 	}
 
 	// gh-5168
 	@Test
 	public void decodeWhenExpClaimNullThenDoesNotThrowException() {
-		assertThatCode(() -> this.jwtDecoder.decode(EMPTY_EXP_CLAIM_JWT))
-				.doesNotThrowAnyException();
+		assertThatCode(() -> this.jwtDecoder.decode(EMPTY_EXP_CLAIM_JWT)).doesNotThrowAnyException();
 	}
 
 	@Test
 	public void decodeWhenIatClaimNullThenDoesNotThrowException() {
-		assertThatCode(() -> this.jwtDecoder.decode(SIGNED_JWT))
-				.doesNotThrowAnyException();
+		assertThatCode(() -> this.jwtDecoder.decode(SIGNED_JWT)).doesNotThrowAnyException();
 	}
 
 	// gh-5457
 	@Test
 	public void decodeWhenPlainJwtThenExceptionDoesNotMentionClass() {
-		assertThatCode(() -> this.jwtDecoder.decode(UNSIGNED_JWT))
-				.isInstanceOf(BadJwtException.class)
+		assertThatCode(() -> this.jwtDecoder.decode(UNSIGNED_JWT)).isInstanceOf(BadJwtException.class)
 				.hasMessageContaining("Unsupported algorithm of none");
 	}
 
 	@Test
 	public void decodeWhenJwtIsMalformedThenReturnsStockException() {
-		assertThatCode(() -> this.jwtDecoder.decode(MALFORMED_JWT))
-				.isInstanceOf(BadJwtException.class)
+		assertThatCode(() -> this.jwtDecoder.decode(MALFORMED_JWT)).isInstanceOf(BadJwtException.class)
 				.hasMessage("An error occurred while attempting to decode the Jwt: Malformed payload");
 	}
 
@@ -177,12 +178,10 @@ public class NimbusJwtDecoderTests {
 		OAuth2Error failure = new OAuth2Error("mock-error", "mock-description", "mock-uri");
 
 		OAuth2TokenValidator<Jwt> jwtValidator = mock(OAuth2TokenValidator.class);
-		when(jwtValidator.validate(any(Jwt.class)))
-				.thenReturn(OAuth2TokenValidatorResult.failure(failure));
+		when(jwtValidator.validate(any(Jwt.class))).thenReturn(OAuth2TokenValidatorResult.failure(failure));
 		this.jwtDecoder.setJwtValidator(jwtValidator);
 
-		assertThatCode(() -> this.jwtDecoder.decode(SIGNED_JWT))
-				.isInstanceOf(JwtValidationException.class)
+		assertThatCode(() -> this.jwtDecoder.decode(SIGNED_JWT)).isInstanceOf(JwtValidationException.class)
 				.hasMessageContaining("mock-description");
 	}
 
@@ -196,8 +195,7 @@ public class NimbusJwtDecoderTests {
 		when(jwtValidator.validate(any(Jwt.class))).thenReturn(result);
 		this.jwtDecoder.setJwtValidator(jwtValidator);
 
-		assertThatCode(() -> this.jwtDecoder.decode(SIGNED_JWT))
-				.isInstanceOf(JwtValidationException.class)
+		assertThatCode(() -> this.jwtDecoder.decode(SIGNED_JWT)).isInstanceOf(JwtValidationException.class)
 				.hasMessageContaining("mock-description")
 				.hasFieldOrPropertyWithValue("errors", Arrays.asList(firstFailure, secondFailure));
 	}
@@ -213,16 +211,14 @@ public class NimbusJwtDecoderTests {
 		OAuth2TokenValidatorResult result = OAuth2TokenValidatorResult.failure(errorEmpty, error, error2);
 		when(jwtValidator.validate(any(Jwt.class))).thenReturn(result);
 
-		Assertions.assertThatCode(() -> this.jwtDecoder.decode(SIGNED_JWT))
-				.isInstanceOf(JwtValidationException.class)
+		Assertions.assertThatCode(() -> this.jwtDecoder.decode(SIGNED_JWT)).isInstanceOf(JwtValidationException.class)
 				.hasMessageContaining("mock-description");
 	}
 
 	@Test
 	public void decodeWhenUsingSignedJwtThenReturnsClaimsGivenByClaimSetConverter() {
 		Converter<Map<String, Object>, Map<String, Object>> claimSetConverter = mock(Converter.class);
-		when(claimSetConverter.convert(any(Map.class)))
-				.thenReturn(Collections.singletonMap("custom", "value"));
+		when(claimSetConverter.convert(any(Map.class))).thenReturn(Collections.singletonMap("custom", "value"));
 		this.jwtDecoder.setClaimSetConverter(claimSetConverter);
 
 		Jwt jwt = this.jwtDecoder.decode(SIGNED_JWT);
@@ -238,8 +234,7 @@ public class NimbusJwtDecoderTests {
 
 		when(claimSetConverter.convert(any(Map.class))).thenThrow(new IllegalArgumentException("bad conversion"));
 
-		assertThatCode(() -> this.jwtDecoder.decode(SIGNED_JWT))
-				.isInstanceOf(BadJwtException.class);
+		assertThatCode(() -> this.jwtDecoder.decode(SIGNED_JWT)).isInstanceOf(BadJwtException.class);
 	}
 
 	@Test
@@ -252,21 +247,19 @@ public class NimbusJwtDecoderTests {
 	@Test
 	public void decodeWhenJwkResponseIsMalformedThenReturnsStockException() {
 		NimbusJwtDecoder jwtDecoder = new NimbusJwtDecoder(withSigning(MALFORMED_JWK_SET));
-		assertThatCode(() -> jwtDecoder.decode(SIGNED_JWT))
-				.isInstanceOf(JwtException.class)
+		assertThatCode(() -> jwtDecoder.decode(SIGNED_JWT)).isInstanceOf(JwtException.class)
 				.isNotInstanceOf(BadJwtException.class)
 				.hasMessage("An error occurred while attempting to decode the Jwt: Malformed Jwk set");
 	}
 
 	@Test
 	public void decodeWhenJwkEndpointIsUnresponsiveThenReturnsJwtException() throws Exception {
-		try ( MockWebServer server = new MockWebServer() ) {
+		try (MockWebServer server = new MockWebServer()) {
 			String jwkSetUri = server.url("/.well-known/jwks.json").toString();
 			NimbusJwtDecoder jwtDecoder = withJwkSetUri(jwkSetUri).build();
 
 			server.shutdown();
-			assertThatCode(() -> jwtDecoder.decode(SIGNED_JWT))
-					.isInstanceOf(JwtException.class)
+			assertThatCode(() -> jwtDecoder.decode(SIGNED_JWT)).isInstanceOf(JwtException.class)
 					.isNotInstanceOf(BadJwtException.class)
 					.hasMessageContaining("An error occurred while attempting to decode the Jwt");
 		}
@@ -274,14 +267,13 @@ public class NimbusJwtDecoderTests {
 
 	@Test
 	public void decodeWhenJwkEndpointIsUnresponsiveAndCacheIsConfiguredThenReturnsJwtException() throws Exception {
-		try ( MockWebServer server = new MockWebServer() ) {
+		try (MockWebServer server = new MockWebServer()) {
 			Cache cache = new ConcurrentMapCache("test-jwk-set-cache");
 			String jwkSetUri = server.url("/.well-known/jwks.json").toString();
 			NimbusJwtDecoder jwtDecoder = withJwkSetUri(jwkSetUri).cache(cache).build();
 
 			server.shutdown();
-			assertThatCode(() -> jwtDecoder.decode(SIGNED_JWT))
-					.isInstanceOf(JwtException.class)
+			assertThatCode(() -> jwtDecoder.decode(SIGNED_JWT)).isInstanceOf(JwtException.class)
 					.isNotInstanceOf(BadJwtException.class)
 					.hasMessageContaining("An error occurred while attempting to decode the Jwt");
 		}
@@ -312,32 +304,25 @@ public class NimbusJwtDecoderTests {
 
 	@Test
 	public void withPublicKeyWhenNullThenThrowsException() {
-		assertThatThrownBy(() -> withPublicKey(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatThrownBy(() -> withPublicKey(null)).isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
 	public void buildWhenSignatureAlgorithmMismatchesKeyTypeThenThrowsException() {
-		Assertions.assertThatCode(() -> withPublicKey(key())
-				.signatureAlgorithm(SignatureAlgorithm.ES256)
-				.build())
+		Assertions.assertThatCode(() -> withPublicKey(key()).signatureAlgorithm(SignatureAlgorithm.ES256).build())
 				.isInstanceOf(IllegalStateException.class);
 	}
 
 	@Test
 	public void decodeWhenUsingPublicKeyThenSuccessfullyDecodes() throws Exception {
 		NimbusJwtDecoder decoder = withPublicKey(key()).build();
-		assertThat(decoder.decode(RS256_SIGNED_JWT))
-				.extracting(Jwt::getSubject)
-				.isEqualTo("test-subject");
+		assertThat(decoder.decode(RS256_SIGNED_JWT)).extracting(Jwt::getSubject).isEqualTo("test-subject");
 	}
 
 	@Test
 	public void decodeWhenUsingPublicKeyWithRs512ThenSuccessfullyDecodes() throws Exception {
 		NimbusJwtDecoder decoder = withPublicKey(key()).signatureAlgorithm(SignatureAlgorithm.RS512).build();
-		assertThat(decoder.decode(RS512_SIGNED_JWT))
-				.extracting(Jwt::getSubject)
-				.isEqualTo("test-subject");
+		assertThat(decoder.decode(RS512_SIGNED_JWT)).extracting(Jwt::getSubject).isEqualTo("test-subject");
 	}
 
 	// gh-7049
@@ -346,22 +331,17 @@ public class NimbusJwtDecoderTests {
 		RSAPublicKey publicKey = TestKeys.DEFAULT_PUBLIC_KEY;
 		RSAPrivateKey privateKey = TestKeys.DEFAULT_PRIVATE_KEY;
 		JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.RS256).keyID("one").build();
-		JWTClaimsSet claimsSet = new JWTClaimsSet.Builder()
-				.subject("test-subject")
-				.expirationTime(Date.from(Instant.now().plusSeconds(60)))
-				.build();
+		JWTClaimsSet claimsSet = new JWTClaimsSet.Builder().subject("test-subject")
+				.expirationTime(Date.from(Instant.now().plusSeconds(60))).build();
 		SignedJWT signedJwt = signedJwt(privateKey, header, claimsSet);
 		NimbusJwtDecoder decoder = withPublicKey(publicKey).signatureAlgorithm(SignatureAlgorithm.RS256).build();
-		assertThat(decoder.decode(signedJwt.serialize()))
-				.extracting(Jwt::getSubject)
-				.isEqualTo("test-subject");
+		assertThat(decoder.decode(signedJwt.serialize())).extracting(Jwt::getSubject).isEqualTo("test-subject");
 	}
 
 	@Test
 	public void decodeWhenSignatureMismatchesAlgorithmThenThrowsException() throws Exception {
 		NimbusJwtDecoder decoder = withPublicKey(key()).signatureAlgorithm(SignatureAlgorithm.RS512).build();
-		Assertions.assertThatCode(() -> decoder.decode(RS256_SIGNED_JWT))
-				.isInstanceOf(BadJwtException.class);
+		Assertions.assertThatCode(() -> decoder.decode(RS256_SIGNED_JWT)).isInstanceOf(BadJwtException.class);
 	}
 
 	// gh-8730
@@ -370,13 +350,12 @@ public class NimbusJwtDecoderTests {
 		RSAPublicKey publicKey = TestKeys.DEFAULT_PUBLIC_KEY;
 		RSAPrivateKey privateKey = TestKeys.DEFAULT_PRIVATE_KEY;
 		JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.RS256).type(new JOSEObjectType("JWS")).build();
-		JWTClaimsSet claimsSet = new JWTClaimsSet.Builder()
-				.expirationTime(Date.from(Instant.now().plusSeconds(60)))
+		JWTClaimsSet claimsSet = new JWTClaimsSet.Builder().expirationTime(Date.from(Instant.now().plusSeconds(60)))
 				.build();
 		SignedJWT signedJwt = signedJwt(privateKey, header, claimsSet);
-		NimbusJwtDecoder decoder = withPublicKey(publicKey)
-				.signatureAlgorithm(SignatureAlgorithm.RS256)
-				.jwtProcessorCustomizer(p -> p.setJWSTypeVerifier(new DefaultJOSEObjectTypeVerifier<>(new JOSEObjectType("JWS"))))
+		NimbusJwtDecoder decoder = withPublicKey(publicKey).signatureAlgorithm(SignatureAlgorithm.RS256)
+				.jwtProcessorCustomizer(
+						p -> p.setJWSTypeVerifier(new DefaultJOSEObjectTypeVerifier<>(new JOSEObjectType("JWS"))))
 				.build();
 		assertThat(decoder.decode(signedJwt.serialize()).containsClaim(JwtClaimNames.EXP)).isNotNull();
 	}
@@ -384,14 +363,12 @@ public class NimbusJwtDecoderTests {
 	@Test
 	public void withPublicKeyWhenJwtProcessorCustomizerNullThenThrowsIllegalArgumentException() {
 		assertThatThrownBy(() -> withPublicKey(key()).jwtProcessorCustomizer(null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("jwtProcessorCustomizer cannot be null");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("jwtProcessorCustomizer cannot be null");
 	}
 
 	@Test
 	public void withSecretKeyWhenNullThenThrowsIllegalArgumentException() {
-		assertThatThrownBy(() -> withSecretKey(null))
-				.isInstanceOf(IllegalArgumentException.class)
+		assertThatThrownBy(() -> withSecretKey(null)).isInstanceOf(IllegalArgumentException.class)
 				.hasMessage("secretKey cannot be null");
 	}
 
@@ -399,37 +376,29 @@ public class NimbusJwtDecoderTests {
 	public void withSecretKeyWhenMacAlgorithmNullThenThrowsIllegalArgumentException() {
 		SecretKey secretKey = TestKeys.DEFAULT_SECRET_KEY;
 		assertThatThrownBy(() -> withSecretKey(secretKey).macAlgorithm(null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("macAlgorithm cannot be null");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("macAlgorithm cannot be null");
 	}
 
 	@Test
 	public void decodeWhenUsingSecretKeyThenSuccessfullyDecodes() throws Exception {
 		SecretKey secretKey = TestKeys.DEFAULT_SECRET_KEY;
 		MacAlgorithm macAlgorithm = MacAlgorithm.HS256;
-		JWTClaimsSet claimsSet = new JWTClaimsSet.Builder()
-				.subject("test-subject")
-				.expirationTime(Date.from(Instant.now().plusSeconds(60)))
-				.build();
+		JWTClaimsSet claimsSet = new JWTClaimsSet.Builder().subject("test-subject")
+				.expirationTime(Date.from(Instant.now().plusSeconds(60))).build();
 		SignedJWT signedJWT = signedJwt(secretKey, macAlgorithm, claimsSet);
 		NimbusJwtDecoder decoder = withSecretKey(secretKey).macAlgorithm(macAlgorithm).build();
-		assertThat(decoder.decode(signedJWT.serialize()))
-				.extracting(Jwt::getSubject)
-				.isEqualTo("test-subject");
+		assertThat(decoder.decode(signedJWT.serialize())).extracting(Jwt::getSubject).isEqualTo("test-subject");
 	}
 
 	@Test
 	public void decodeWhenUsingSecretKeyAndIncorrectAlgorithmThenThrowsJwtException() throws Exception {
 		SecretKey secretKey = TestKeys.DEFAULT_SECRET_KEY;
 		MacAlgorithm macAlgorithm = MacAlgorithm.HS256;
-		JWTClaimsSet claimsSet = new JWTClaimsSet.Builder()
-				.subject("test-subject")
-				.expirationTime(Date.from(Instant.now().plusSeconds(60)))
-				.build();
+		JWTClaimsSet claimsSet = new JWTClaimsSet.Builder().subject("test-subject")
+				.expirationTime(Date.from(Instant.now().plusSeconds(60))).build();
 		SignedJWT signedJWT = signedJwt(secretKey, macAlgorithm, claimsSet);
 		NimbusJwtDecoder decoder = withSecretKey(secretKey).macAlgorithm(MacAlgorithm.HS512).build();
-		assertThatThrownBy(() -> decoder.decode(signedJWT.serialize()))
-				.isInstanceOf(BadJwtException.class)
+		assertThatThrownBy(() -> decoder.decode(signedJWT.serialize())).isInstanceOf(BadJwtException.class)
 				.hasMessageContaining("Unsupported algorithm of HS256");
 	}
 
@@ -438,15 +407,11 @@ public class NimbusJwtDecoderTests {
 	public void decodeWhenUsingSecertKeyWithKidThenStillUsesKey() throws Exception {
 		SecretKey secretKey = TestKeys.DEFAULT_SECRET_KEY;
 		JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.HS256).keyID("one").build();
-		JWTClaimsSet claimsSet = new JWTClaimsSet.Builder()
-				.subject("test-subject")
-				.expirationTime(Date.from(Instant.now().plusSeconds(60)))
-				.build();
+		JWTClaimsSet claimsSet = new JWTClaimsSet.Builder().subject("test-subject")
+				.expirationTime(Date.from(Instant.now().plusSeconds(60))).build();
 		SignedJWT signedJwt = signedJwt(secretKey, header, claimsSet);
 		NimbusJwtDecoder decoder = withSecretKey(secretKey).macAlgorithm(MacAlgorithm.HS256).build();
-		assertThat(decoder.decode(signedJwt.serialize()))
-				.extracting(Jwt::getSubject)
-				.isEqualTo("test-subject");
+		assertThat(decoder.decode(signedJwt.serialize())).extracting(Jwt::getSubject).isEqualTo("test-subject");
 	}
 
 	// gh-8730
@@ -454,13 +419,12 @@ public class NimbusJwtDecoderTests {
 	public void withSecretKeyWhenUsingCustomTypeHeaderThenSuccessfullyDecodes() throws Exception {
 		SecretKey secretKey = TestKeys.DEFAULT_SECRET_KEY;
 		JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.HS256).type(new JOSEObjectType("JWS")).build();
-		JWTClaimsSet claimsSet = new JWTClaimsSet.Builder()
-				.expirationTime(Date.from(Instant.now().plusSeconds(60)))
+		JWTClaimsSet claimsSet = new JWTClaimsSet.Builder().expirationTime(Date.from(Instant.now().plusSeconds(60)))
 				.build();
 		SignedJWT signedJwt = signedJwt(secretKey, header, claimsSet);
-		NimbusJwtDecoder decoder = withSecretKey(secretKey)
-				.macAlgorithm(MacAlgorithm.HS256)
-				.jwtProcessorCustomizer(p -> p.setJWSTypeVerifier(new DefaultJOSEObjectTypeVerifier<>(new JOSEObjectType("JWS"))))
+		NimbusJwtDecoder decoder = withSecretKey(secretKey).macAlgorithm(MacAlgorithm.HS256)
+				.jwtProcessorCustomizer(
+						p -> p.setJWSTypeVerifier(new DefaultJOSEObjectTypeVerifier<>(new JOSEObjectType("JWS"))))
 				.build();
 		assertThat(decoder.decode(signedJwt.serialize()).containsClaim(JwtClaimNames.EXP)).isNotNull();
 	}
@@ -469,50 +433,38 @@ public class NimbusJwtDecoderTests {
 	public void withSecretKeyWhenJwtProcessorCustomizerNullThenThrowsIllegalArgumentException() {
 		SecretKey secretKey = TestKeys.DEFAULT_SECRET_KEY;
 		assertThatThrownBy(() -> withSecretKey(secretKey).jwtProcessorCustomizer(null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("jwtProcessorCustomizer cannot be null");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("jwtProcessorCustomizer cannot be null");
 	}
 
 	@Test
 	public void jwsKeySelectorWhenNoAlgorithmThenReturnsRS256Selector() {
 		JWKSource<SecurityContext> jwkSource = mock(JWKSource.class);
-		JWSKeySelector<SecurityContext> jwsKeySelector =
-				withJwkSetUri(JWK_SET_URI).jwsKeySelector(jwkSource);
+		JWSKeySelector<SecurityContext> jwsKeySelector = withJwkSetUri(JWK_SET_URI).jwsKeySelector(jwkSource);
 		assertThat(jwsKeySelector instanceof JWSVerificationKeySelector);
-		JWSVerificationKeySelector<?> jwsVerificationKeySelector =
-				(JWSVerificationKeySelector<?>) jwsKeySelector;
-		assertThat(jwsVerificationKeySelector.isAllowed(JWSAlgorithm.RS256))
-				.isTrue();
+		JWSVerificationKeySelector<?> jwsVerificationKeySelector = (JWSVerificationKeySelector<?>) jwsKeySelector;
+		assertThat(jwsVerificationKeySelector.isAllowed(JWSAlgorithm.RS256)).isTrue();
 	}
 
 	@Test
 	public void jwsKeySelectorWhenOneAlgorithmThenReturnsSingleSelector() {
 		JWKSource<SecurityContext> jwkSource = mock(JWKSource.class);
-		JWSKeySelector<SecurityContext> jwsKeySelector =
-				withJwkSetUri(JWK_SET_URI).jwsAlgorithm(SignatureAlgorithm.RS512)
-						.jwsKeySelector(jwkSource);
+		JWSKeySelector<SecurityContext> jwsKeySelector = withJwkSetUri(JWK_SET_URI)
+				.jwsAlgorithm(SignatureAlgorithm.RS512).jwsKeySelector(jwkSource);
 		assertThat(jwsKeySelector instanceof JWSVerificationKeySelector);
-		JWSVerificationKeySelector<?> jwsVerificationKeySelector =
-				(JWSVerificationKeySelector<?>) jwsKeySelector;
-		assertThat(jwsVerificationKeySelector.isAllowed(JWSAlgorithm.RS512))
-				.isTrue();
+		JWSVerificationKeySelector<?> jwsVerificationKeySelector = (JWSVerificationKeySelector<?>) jwsKeySelector;
+		assertThat(jwsVerificationKeySelector.isAllowed(JWSAlgorithm.RS512)).isTrue();
 	}
 
 	@Test
 	public void jwsKeySelectorWhenMultipleAlgorithmThenReturnsCompositeSelector() {
 		JWKSource<SecurityContext> jwkSource = mock(JWKSource.class);
-		JWSKeySelector<SecurityContext> jwsKeySelector =
-				withJwkSetUri(JWK_SET_URI)
-						.jwsAlgorithm(SignatureAlgorithm.RS256)
-						.jwsAlgorithm(SignatureAlgorithm.RS512)
-						.jwsKeySelector(jwkSource);
+		JWSKeySelector<SecurityContext> jwsKeySelector = withJwkSetUri(JWK_SET_URI)
+				.jwsAlgorithm(SignatureAlgorithm.RS256).jwsAlgorithm(SignatureAlgorithm.RS512)
+				.jwsKeySelector(jwkSource);
 		assertThat(jwsKeySelector instanceof JWSVerificationKeySelector);
-		JWSVerificationKeySelector<?> jwsAlgorithmMapKeySelector =
-				(JWSVerificationKeySelector<?>) jwsKeySelector;
-		assertThat(jwsAlgorithmMapKeySelector.isAllowed(JWSAlgorithm.RS256))
-				.isTrue();
-		assertThat(jwsAlgorithmMapKeySelector.isAllowed(JWSAlgorithm.RS512))
-				.isTrue();
+		JWSVerificationKeySelector<?> jwsAlgorithmMapKeySelector = (JWSVerificationKeySelector<?>) jwsKeySelector;
+		assertThat(jwsAlgorithmMapKeySelector.isAllowed(JWSAlgorithm.RS256)).isTrue();
+		assertThat(jwsAlgorithmMapKeySelector.isAllowed(JWSAlgorithm.RS512)).isTrue();
 	}
 
 	// gh-7290
@@ -521,9 +473,7 @@ public class NimbusJwtDecoderTests {
 		RestOperations restOperations = mock(RestOperations.class);
 		when(restOperations.exchange(any(RequestEntity.class), eq(String.class)))
 				.thenReturn(new ResponseEntity<>(JWK_SET, HttpStatus.OK));
-		JWTProcessor<SecurityContext> processor = withJwkSetUri(JWK_SET_URI)
-				.restOperations(restOperations)
-				.processor();
+		JWTProcessor<SecurityContext> processor = withJwkSetUri(JWK_SET_URI).restOperations(restOperations).processor();
 		NimbusJwtDecoder jwtDecoder = new NimbusJwtDecoder(processor);
 		jwtDecoder.decode(SIGNED_JWT);
 		ArgumentCaptor<RequestEntity> requestEntityCaptor = ArgumentCaptor.forClass(RequestEntity.class);
@@ -539,10 +489,7 @@ public class NimbusJwtDecoderTests {
 		RestOperations restOperations = mock(RestOperations.class);
 		when(restOperations.exchange(any(RequestEntity.class), eq(String.class)))
 				.thenReturn(new ResponseEntity<>(JWK_SET, HttpStatus.OK));
-		NimbusJwtDecoder jwtDecoder = withJwkSetUri(JWK_SET_URI)
-				.restOperations(restOperations)
-				.cache(cache)
-				.build();
+		NimbusJwtDecoder jwtDecoder = withJwkSetUri(JWK_SET_URI).restOperations(restOperations).cache(cache).build();
 		// when
 		jwtDecoder.decode(SIGNED_JWT);
 		// then
@@ -560,10 +507,7 @@ public class NimbusJwtDecoderTests {
 		RestOperations restOperations = mock(RestOperations.class);
 		Cache cache = mock(Cache.class);
 		when(cache.get(eq(JWK_SET_URI), any(Callable.class))).thenReturn(JWK_SET);
-		NimbusJwtDecoder jwtDecoder = withJwkSetUri(JWK_SET_URI)
-				.cache(cache)
-				.restOperations(restOperations)
-				.build();
+		NimbusJwtDecoder jwtDecoder = withJwkSetUri(JWK_SET_URI).cache(cache).restOperations(restOperations).build();
 		// when
 		jwtDecoder.decode(SIGNED_JWT);
 		// then
@@ -579,13 +523,9 @@ public class NimbusJwtDecoderTests {
 		RestOperations restOperations = mock(RestOperations.class);
 		when(restOperations.exchange(any(RequestEntity.class), eq(String.class)))
 				.thenThrow(new RestClientException("Cannot retrieve JWK Set"));
-		NimbusJwtDecoder jwtDecoder = withJwkSetUri(JWK_SET_URI)
-				.restOperations(restOperations)
-				.cache(cache)
-				.build();
+		NimbusJwtDecoder jwtDecoder = withJwkSetUri(JWK_SET_URI).restOperations(restOperations).cache(cache).build();
 		// then
-		assertThatCode(() -> jwtDecoder.decode(SIGNED_JWT))
-				.isInstanceOf(JwtException.class)
+		assertThatCode(() -> jwtDecoder.decode(SIGNED_JWT)).isInstanceOf(JwtException.class)
 				.isNotInstanceOf(BadJwtException.class)
 				.hasMessageContaining("An error occurred while attempting to decode the Jwt");
 	}
@@ -596,20 +536,18 @@ public class NimbusJwtDecoderTests {
 		RestOperations restOperations = mock(RestOperations.class);
 		when(restOperations.exchange(any(RequestEntity.class), eq(String.class)))
 				.thenReturn(new ResponseEntity<>(JWK_SET, HttpStatus.OK));
-		NimbusJwtDecoder jwtDecoder = withJwkSetUri(JWK_SET_URI)
-				.restOperations(restOperations)
-				.jwtProcessorCustomizer(p -> p.setJWSTypeVerifier(new DefaultJOSEObjectTypeVerifier<>(new JOSEObjectType("JWS"))))
+		NimbusJwtDecoder jwtDecoder = withJwkSetUri(JWK_SET_URI).restOperations(restOperations)
+				.jwtProcessorCustomizer(
+						p -> p.setJWSTypeVerifier(new DefaultJOSEObjectTypeVerifier<>(new JOSEObjectType("JWS"))))
 				.build();
-		assertThatCode(() -> jwtDecoder.decode(SIGNED_JWT))
-				.isInstanceOf(BadJwtException.class)
-				.hasMessageContaining("An error occurred while attempting to decode the Jwt: Required JOSE header \"typ\" (type) parameter is missing");
+		assertThatCode(() -> jwtDecoder.decode(SIGNED_JWT)).isInstanceOf(BadJwtException.class).hasMessageContaining(
+				"An error occurred while attempting to decode the Jwt: Required JOSE header \"typ\" (type) parameter is missing");
 	}
 
 	@Test
 	public void withJwkSetUriWhenJwtProcessorCustomizerNullThenThrowsIllegalArgumentException() {
 		assertThatThrownBy(() -> withJwkSetUri(JWK_SET_URI).jwtProcessorCustomizer(null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("jwtProcessorCustomizer cannot be null");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("jwtProcessorCustomizer cannot be null");
 	}
 
 	private RSAPublicKey key() throws InvalidKeySpecException {
@@ -618,7 +556,8 @@ public class NimbusJwtDecoderTests {
 		return (RSAPublicKey) kf.generatePublic(spec);
 	}
 
-	private SignedJWT signedJwt(SecretKey secretKey, MacAlgorithm jwsAlgorithm, JWTClaimsSet claimsSet) throws Exception {
+	private SignedJWT signedJwt(SecretKey secretKey, MacAlgorithm jwsAlgorithm, JWTClaimsSet claimsSet)
+			throws Exception {
 		return signedJwt(secretKey, new JWSHeader(JWSAlgorithm.parse(jwsAlgorithm.getName())), claimsSet);
 	}
 
@@ -642,9 +581,7 @@ public class NimbusJwtDecoderTests {
 		RestOperations restOperations = mock(RestOperations.class);
 		when(restOperations.exchange(any(RequestEntity.class), eq(String.class)))
 				.thenReturn(new ResponseEntity<>(jwkResponse, HttpStatus.OK));
-		return withJwkSetUri(JWK_SET_URI)
-				.restOperations(restOperations)
-				.processor();
+		return withJwkSetUri(JWK_SET_URI).restOperations(restOperations).processor();
 	}
 
 	private static JWTProcessor<SecurityContext> withoutSigning() {
@@ -652,16 +589,19 @@ public class NimbusJwtDecoderTests {
 	}
 
 	private static class MockJwtProcessor extends DefaultJWTProcessor<SecurityContext> {
+
 		@Override
-		public JWTClaimsSet process(SignedJWT signedJWT, SecurityContext context)
-				throws BadJOSEException {
+		public JWTClaimsSet process(SignedJWT signedJWT, SecurityContext context) throws BadJOSEException {
 
 			try {
 				return signedJWT.getJWTClaimsSet();
-			} catch (ParseException e) {
+			}
+			catch (ParseException e) {
 				// Payload not a JSON object
 				throw new BadJWTException(e.getMessage(), e);
 			}
 		}
+
 	}
+
 }
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoderTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoderTests.java
index 8c884dc8ab..2927e89441 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoderTests.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoderTests.java
@@ -84,27 +84,26 @@ import static org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder.w
 public class NimbusReactiveJwtDecoderTests {
 
 	private String expired = "eyJraWQiOiJrZXktaWQtMSIsImFsZyI6IlJTMjU2In0.eyJzY29wZSI6Im1lc3NhZ2U6cmVhZCIsImV4cCI6MTUyOTkzNzYzMX0.Dt5jFOKkB8zAmjciwvlGkj4LNStXWH0HNIfr8YYajIthBIpVgY5Hg_JL8GBmUFzKDgyusT0q60OOg8_Pdi4Lu-VTWyYutLSlNUNayMlyBaVEWfyZJnh2_OwMZr1vRys6HF-o1qZldhwcfvczHg61LwPa1ISoqaAltDTzBu9cGISz2iBUCuR0x71QhbuRNyJdjsyS96NqiM_TspyiOSxmlNch2oAef1MssOQ23CrKilIvEDsz_zk5H94q7rH0giWGdEHCENESsTJS0zvzH6r2xIWjd5WnihFpCPkwznEayxaEhrdvJqT_ceyXCIfY4m3vujPQHNDG0UshpwvDuEbPUg";
+
 	private String messageReadToken = "eyJraWQiOiJrZXktaWQtMSIsImFsZyI6IlJTMjU2In0.eyJzY29wZSI6Im1lc3NhZ2U6cmVhZCIsImV4cCI6OTIyMzM3MjAwNjA5NjM3NX0.bnQ8IJDXmQbmIXWku0YT1HOyV_3d0iQSA_0W2CmPyELhsxFETzBEEcZ0v0xCBiswDT51rwD83wbX3YXxb84fM64AhpU8wWOxLjha4J6HJX2JnlG47ydaAVD7eWGSYTavyyQ-CwUjQWrfMVcObFZLYG11ydzRYOR9-aiHcK3AobcTcS8jZFeI8EGQV_Cd3IJ018uFCf6VnXLv7eV2kRt08Go2RiPLW47ExvD7Dzzz_wDBKfb4pNem7fDvuzB3UPcp5m9QvLZicnbS_6AvDi6P1y_DFJf-1T5gkGmX5piDH1L1jg2Yl6tjmXbk5B3VhsyjJuXE6gzq1d-xie0Z1NVOxw";
+
 	private String unsignedToken = "eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0.eyJleHAiOi0yMDMzMjI0OTcsImp0aSI6IjEyMyIsInR5cCI6IkpXVCJ9.";
-	private String jwkSet =
-		"{\n"
-		+ "   \"keys\":[\n"
-		+ "      {\n"
-		+ "         \"kty\":\"RSA\",\n"
-		+ "         \"e\":\"AQAB\",\n"
-		+ "         \"use\":\"sig\",\n"
-		+ "         \"kid\":\"key-id-1\",\n"
-		+ "         \"n\":\"qL48v1clgFw-Evm145pmh8nRYiNt72Gupsshn7Qs8dxEydCRp1DPOV_PahPk1y2nvldBNIhfNL13JOAiJ6BTiF-2ICuICAhDArLMnTH61oL1Hepq8W1xpa9gxsnL1P51thvfmiiT4RTW57koy4xIWmIp8ZXXfYgdH2uHJ9R0CQBuYKe7nEOObjxCFWC8S30huOfW2cYtv0iB23h6w5z2fDLjddX6v_FXM7ktcokgpm3_XmvT_-bL6_GGwz9k6kJOyMTubecr-WT__le8ikY66zlplYXRQh6roFfFCL21Pt8xN5zrk-0AMZUnmi8F2S2ztSBmAVJ7H71ELXsURBVZpw\"\n"
-		+ "      }\n"
-		+ "   ]\n"
-		+ "}";
+
+	private String jwkSet = "{\n" + "   \"keys\":[\n" + "      {\n" + "         \"kty\":\"RSA\",\n"
+			+ "         \"e\":\"AQAB\",\n" + "         \"use\":\"sig\",\n" + "         \"kid\":\"key-id-1\",\n"
+			+ "         \"n\":\"qL48v1clgFw-Evm145pmh8nRYiNt72Gupsshn7Qs8dxEydCRp1DPOV_PahPk1y2nvldBNIhfNL13JOAiJ6BTiF-2ICuICAhDArLMnTH61oL1Hepq8W1xpa9gxsnL1P51thvfmiiT4RTW57koy4xIWmIp8ZXXfYgdH2uHJ9R0CQBuYKe7nEOObjxCFWC8S30huOfW2cYtv0iB23h6w5z2fDLjddX6v_FXM7ktcokgpm3_XmvT_-bL6_GGwz9k6kJOyMTubecr-WT__le8ikY66zlplYXRQh6roFfFCL21Pt8xN5zrk-0AMZUnmi8F2S2ztSBmAVJ7H71ELXsURBVZpw\"\n"
+			+ "      }\n" + "   ]\n" + "}";
+
 	private String jwkSetUri = "https://issuer/certs";
 
 	private String rsa512 = "eyJhbGciOiJSUzUxMiJ9.eyJzdWIiOiJ0ZXN0LXN1YmplY3QiLCJleHAiOjE5NzQzMjYxMTl9.LKAx-60EBfD7jC1jb1eKcjO4uLvf3ssISV-8tN-qp7gAjSvKvj4YA9-V2mIb6jcS1X_xGmNy6EIimZXpWaBR3nJmeu-jpe85u4WaW2Ztr8ecAi-dTO7ZozwdtljKuBKKvj4u1nF70zyCNl15AozSG0W1ASrjUuWrJtfyDG6WoZ8VfNMuhtU-xUYUFvscmeZKUYQcJ1KS-oV5tHeF8aNiwQoiPC_9KXCOZtNEJFdq6-uzFdHxvOP2yex5Gbmg5hXonauIFXG2ZPPGdXzm-5xkhBpgM8U7A_6wb3So8wBvLYYm2245QUump63AJRAy8tQpwt4n9MvQxQgS3z9R-NK92A";
+
 	private String rsa256 = "eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJ0ZXN0LXN1YmplY3QiLCJleHAiOjE5NzQzMjYzMzl9.CT-H2OWEqmSs1NWmnta5ealLFvM8OlbQTjGhfRcKLNxrTrzsOkqBJl-AN3k16BQU7mS32o744TiiZ29NcDlxPsr1MqTlN86-dobPiuNIDLp3A1bOVdXMcVFuMYkrNv0yW0tGS9OjEqsCCuZDkZ1by6AhsHLbGwRY-6AQdcRouZygGpOQu1hNun5j8q5DpSTY4AXKARIFlF-O3OpVbPJ0ebr3Ki-i3U9p_55H0e4-wx2bqcApWlqgofl1I8NKWacbhZgn81iibup2W7E0CzCzh71u1Mcy3xk1sYePx-dwcxJnHmxJReBBWjJZEAeCrkbnn_OCuo2fA-EQyNJtlN5F2w";
+
 	private String publicKey = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq4yKxb6SNePdDmQi9xFCrP6QvHosErQzryknQTTTffs0t3cy3Er3lIceuhZ7yQNSCDfPFqG8GoyoKhuChRiA5D+J2ab7bqTa1QJKfnCyERoscftgN2fXPHjHoiKbpGV2tMVw8mXl//tePOAiKbMJaBUnlAvJgkk1rVm08dSwpLC1sr2M19euf9jwnRGkMRZuhp9iCPgECRke5T8Ixpv0uQjSmGHnWUKTFlbj8sM83suROR1Ue64JSGScANc5vk3huJ/J97qTC+K2oKj6L8d9O8dpc4obijEOJwpydNvTYDgbiivYeSB00KS9jlBkQ5B2QqLvLVEygDl3dp59nGx6YQIDAQAB";
 
 	private MockWebServer server;
+
 	private NimbusReactiveJwtDecoder decoder;
 
 	private static KeyFactory kf;
@@ -132,8 +131,7 @@ public class NimbusReactiveJwtDecoderTests {
 		this.decoder = new NimbusReactiveJwtDecoder("https://s");
 
 		assertThatCode(() -> this.decoder.decode(this.messageReadToken).block())
-			.isInstanceOf(IllegalStateException.class)
-			.hasCauseInstanceOf(UnknownHostException.class);
+				.isInstanceOf(IllegalStateException.class).hasCauseInstanceOf(UnknownHostException.class);
 
 	}
 
@@ -146,14 +144,14 @@ public class NimbusReactiveJwtDecoderTests {
 
 	@Test
 	public void decodeWhenRSAPublicKeyThenSuccess() throws Exception {
-		byte[] bytes = Base64.getDecoder().decode("MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqL48v1clgFw+Evm145pmh8nRYiNt72Gupsshn7Qs8dxEydCRp1DPOV/PahPk1y2nvldBNIhfNL13JOAiJ6BTiF+2ICuICAhDArLMnTH61oL1Hepq8W1xpa9gxsnL1P51thvfmiiT4RTW57koy4xIWmIp8ZXXfYgdH2uHJ9R0CQBuYKe7nEOObjxCFWC8S30huOfW2cYtv0iB23h6w5z2fDLjddX6v/FXM7ktcokgpm3/XmvT/+bL6/GGwz9k6kJOyMTubecr+WT//le8ikY66zlplYXRQh6roFfFCL21Pt8xN5zrk+0AMZUnmi8F2S2ztSBmAVJ7H71ELXsURBVZpwIDAQAB");
+		byte[] bytes = Base64.getDecoder().decode(
+				"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqL48v1clgFw+Evm145pmh8nRYiNt72Gupsshn7Qs8dxEydCRp1DPOV/PahPk1y2nvldBNIhfNL13JOAiJ6BTiF+2ICuICAhDArLMnTH61oL1Hepq8W1xpa9gxsnL1P51thvfmiiT4RTW57koy4xIWmIp8ZXXfYgdH2uHJ9R0CQBuYKe7nEOObjxCFWC8S30huOfW2cYtv0iB23h6w5z2fDLjddX6v/FXM7ktcokgpm3/XmvT/+bL6/GGwz9k6kJOyMTubecr+WT//le8ikY66zlplYXRQh6roFfFCL21Pt8xN5zrk+0AMZUnmi8F2S2ztSBmAVJ7H71ELXsURBVZpwIDAQAB");
 		RSAPublicKey publicKey = (RSAPublicKey) KeyFactory.getInstance("RSA")
 				.generatePublic(new X509EncodedKeySpec(bytes));
 		this.decoder = new NimbusReactiveJwtDecoder(publicKey);
 		String noKeyId = "eyJhbGciOiJSUzI1NiJ9.eyJzY29wZSI6IiIsImV4cCI6OTIyMzM3MjAwNjA5NjM3NX0.hNVuHSUkxdLZrDfqdmKcOi0ggmNaDuB4ZPxPtJl1gwBiXzIGN6Hwl24O2BfBZiHFKUTQDs4_RvzD71mEG3DvUrcKmdYWqIB1l8KNmxQLUDG-cAPIpJmRJgCh50tf8OhOE_Cb9E1HcsOUb47kT9iz-VayNBcmo6BmyZLdEGhsdGBrc3Mkz2dd_0PF38I2Hf_cuSjn9gBjFGtiPEXJvob3PEjVTSx_zvodT8D9p3An1R3YBZf5JSd1cQisrXgDX2k1Jmf7UKKWzgfyCgnEtRWWbsUdPqo3rSEY9GDC1iSQXsFTTC1FT_JJDkwzGf011fsU5O_Ko28TARibmKTCxAKNRQ";
 
-		assertThatCode(() -> this.decoder.decode(noKeyId).block())
-			.doesNotThrowAnyException();
+		assertThatCode(() -> this.decoder.decode(noKeyId).block()).doesNotThrowAnyException();
 	}
 
 	@Test
@@ -167,14 +165,12 @@ public class NimbusReactiveJwtDecoderTests {
 
 	@Test
 	public void decodeWhenExpiredThenFail() {
-		assertThatCode(() -> this.decoder.decode(this.expired).block())
-				.isInstanceOf(JwtValidationException.class);
+		assertThatCode(() -> this.decoder.decode(this.expired).block()).isInstanceOf(JwtValidationException.class);
 	}
 
 	@Test
 	public void decodeWhenNoPeriodThenFail() {
-		assertThatCode(() -> this.decoder.decode("").block())
-				.isInstanceOf(BadJwtException.class);
+		assertThatCode(() -> this.decoder.decode("").block()).isInstanceOf(BadJwtException.class);
 	}
 
 	@Test
@@ -186,27 +182,27 @@ public class NimbusReactiveJwtDecoderTests {
 
 	@Test
 	public void decodeWhenInvalidSignatureThenFail() {
-		assertThatCode(() -> this.decoder.decode(this.messageReadToken.substring(0, this.messageReadToken.length() - 2)).block())
-				.isInstanceOf(BadJwtException.class);
+		assertThatCode(() -> this.decoder.decode(this.messageReadToken.substring(0, this.messageReadToken.length() - 2))
+				.block()).isInstanceOf(BadJwtException.class);
 	}
 
 	@Test
 	public void decodeWhenAlgNoneThenFail() {
-		assertThatCode(() -> this.decoder.decode("ew0KICAiYWxnIjogIm5vbmUiLA0KICAidHlwIjogIkpXVCINCn0.ew0KICAic3ViIjogIjEyMzQ1Njc4OTAiLA0KICAibmFtZSI6ICJKb2huIERvZSIsDQogICJpYXQiOiAxNTE2MjM5MDIyDQp9.").block())
-			.isInstanceOf(BadJwtException.class)
-			.hasMessage("Unsupported algorithm of none");
+		assertThatCode(() -> this.decoder.decode(
+				"ew0KICAiYWxnIjogIm5vbmUiLA0KICAidHlwIjogIkpXVCINCn0.ew0KICAic3ViIjogIjEyMzQ1Njc4OTAiLA0KICAibmFtZSI6ICJKb2huIERvZSIsDQogICJpYXQiOiAxNTE2MjM5MDIyDQp9.")
+				.block()).isInstanceOf(BadJwtException.class).hasMessage("Unsupported algorithm of none");
 	}
 
 	@Test
 	public void decodeWhenInvalidAlgMismatchThenFail() {
-		assertThatCode(() -> this.decoder.decode("ew0KICAiYWxnIjogIkVTMjU2IiwNCiAgInR5cCI6ICJKV1QiDQp9.ew0KICAic3ViIjogIjEyMzQ1Njc4OTAiLA0KICAibmFtZSI6ICJKb2huIERvZSIsDQogICJpYXQiOiAxNTE2MjM5MDIyDQp9.").block())
-				.isInstanceOf(BadJwtException.class);
+		assertThatCode(() -> this.decoder.decode(
+				"ew0KICAiYWxnIjogIkVTMjU2IiwNCiAgInR5cCI6ICJKV1QiDQp9.ew0KICAic3ViIjogIjEyMzQ1Njc4OTAiLA0KICAibmFtZSI6ICJKb2huIERvZSIsDQogICJpYXQiOiAxNTE2MjM5MDIyDQp9.")
+				.block()).isInstanceOf(BadJwtException.class);
 	}
 
 	@Test
 	public void decodeWhenUnsignedTokenThenMessageDoesNotMentionClass() {
-		assertThatCode(() -> this.decoder.decode(this.unsignedToken).block())
-				.isInstanceOf(BadJwtException.class)
+		assertThatCode(() -> this.decoder.decode(this.unsignedToken).block()).isInstanceOf(BadJwtException.class)
 				.hasMessage("Unsupported algorithm of none");
 	}
 
@@ -220,8 +216,7 @@ public class NimbusReactiveJwtDecoderTests {
 		when(jwtValidator.validate(any(Jwt.class))).thenReturn(result);
 
 		assertThatCode(() -> this.decoder.decode(this.messageReadToken).block())
-				.isInstanceOf(JwtValidationException.class)
-				.hasMessageContaining("mock-description");
+				.isInstanceOf(JwtValidationException.class).hasMessageContaining("mock-description");
 	}
 
 	@Test
@@ -236,8 +231,7 @@ public class NimbusReactiveJwtDecoderTests {
 		when(jwtValidator.validate(any(Jwt.class))).thenReturn(result);
 
 		assertThatCode(() -> this.decoder.decode(this.messageReadToken).block())
-				.isInstanceOf(JwtValidationException.class)
-				.hasMessageContaining("mock-description");
+				.isInstanceOf(JwtValidationException.class).hasMessageContaining("mock-description");
 	}
 
 	@Test
@@ -261,20 +255,17 @@ public class NimbusReactiveJwtDecoderTests {
 
 		when(claimSetConverter.convert(any(Map.class))).thenThrow(new IllegalArgumentException("bad conversion"));
 
-		assertThatCode(() -> this.decoder.decode(this.messageReadToken).block())
-				.isInstanceOf(BadJwtException.class);
+		assertThatCode(() -> this.decoder.decode(this.messageReadToken).block()).isInstanceOf(BadJwtException.class);
 	}
 
 	@Test
 	public void setJwtValidatorWhenGivenNullThrowsIllegalArgumentException() {
-		assertThatCode(() -> this.decoder.setJwtValidator(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatCode(() -> this.decoder.setJwtValidator(null)).isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
 	public void setClaimSetConverterWhenNullThrowsIllegalArgumentException() {
-		assertThatCode(() -> this.decoder.setClaimSetConverter(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatCode(() -> this.decoder.setClaimSetConverter(null)).isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
@@ -291,8 +282,7 @@ public class NimbusReactiveJwtDecoderTests {
 	@Test
 	public void withJwkSetUriWhenJwtProcessorCustomizerNullThenThrowsIllegalArgumentException() {
 		assertThatCode(() -> withJwkSetUri(jwkSetUri).jwtProcessorCustomizer(null).build())
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("jwtProcessorCustomizer cannot be null");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("jwtProcessorCustomizer cannot be null");
 	}
 
 	@Test
@@ -306,9 +296,7 @@ public class NimbusReactiveJwtDecoderTests {
 	public void decodeWhenSignedThenOk() {
 		WebClient webClient = mockJwkSetResponse(this.jwkSet);
 		NimbusReactiveJwtDecoder decoder = withJwkSetUri(this.jwkSetUri).webClient(webClient).build();
-		assertThat(decoder.decode(messageReadToken).block())
-				.extracting(Jwt::getExpiresAt)
-				.isNotNull();
+		assertThat(decoder.decode(messageReadToken).block()).extracting(Jwt::getExpiresAt).isNotNull();
 		verify(webClient).get();
 	}
 
@@ -316,66 +304,55 @@ public class NimbusReactiveJwtDecoderTests {
 	@Test
 	public void withJwkSetUriWhenUsingCustomTypeHeaderThenRefuseOmittedType() {
 		WebClient webClient = mockJwkSetResponse(this.jwkSet);
-		NimbusReactiveJwtDecoder decoder = withJwkSetUri(this.jwkSetUri)
-				.webClient(webClient)
-				.jwtProcessorCustomizer(p -> p.setJWSTypeVerifier(new DefaultJOSEObjectTypeVerifier<>(new JOSEObjectType("JWS"))))
+		NimbusReactiveJwtDecoder decoder = withJwkSetUri(this.jwkSetUri).webClient(webClient)
+				.jwtProcessorCustomizer(
+						p -> p.setJWSTypeVerifier(new DefaultJOSEObjectTypeVerifier<>(new JOSEObjectType("JWS"))))
 				.build();
-		assertThatCode(() -> decoder.decode(messageReadToken).block())
-				.isInstanceOf(BadJwtException.class)
+		assertThatCode(() -> decoder.decode(messageReadToken).block()).isInstanceOf(BadJwtException.class)
 				.hasRootCauseMessage("Required JOSE header \"typ\" (type) parameter is missing");
 	}
 
 	@Test
 	public void withPublicKeyWhenNullThenThrowsException() {
-		assertThatThrownBy(() -> withPublicKey(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatThrownBy(() -> withPublicKey(null)).isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
 	public void buildWhenSignatureAlgorithmMismatchesKeyTypeThenThrowsException() {
-		assertThatCode(() -> withPublicKey(key())
-				.signatureAlgorithm(SignatureAlgorithm.ES256)
-				.build())
+		assertThatCode(() -> withPublicKey(key()).signatureAlgorithm(SignatureAlgorithm.ES256).build())
 				.isInstanceOf(IllegalStateException.class);
 	}
 
 	@Test
 	public void buildWhenJwtProcessorCustomizerNullThenThrowsIllegalArgumentException() {
 		assertThatCode(() -> withPublicKey(key()).jwtProcessorCustomizer(null).build())
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("jwtProcessorCustomizer cannot be null");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("jwtProcessorCustomizer cannot be null");
 	}
 
 	@Test
 	public void decodeWhenUsingPublicKeyThenSuccessfullyDecodes() throws Exception {
 		NimbusReactiveJwtDecoder decoder = withPublicKey(key()).build();
-		assertThat(decoder.decode(this.rsa256).block())
-				.extracting(Jwt::getSubject)
-				.isEqualTo("test-subject");
+		assertThat(decoder.decode(this.rsa256).block()).extracting(Jwt::getSubject).isEqualTo("test-subject");
 	}
 
 	@Test
 	public void decodeWhenUsingPublicKeyWithRs512ThenSuccessfullyDecodes() throws Exception {
-		NimbusReactiveJwtDecoder decoder =
-				withPublicKey(key()).signatureAlgorithm(SignatureAlgorithm.RS512).build();
-		assertThat(decoder.decode(this.rsa512).block())
-				.extracting(Jwt::getSubject)
-				.isEqualTo("test-subject");
+		NimbusReactiveJwtDecoder decoder = withPublicKey(key()).signatureAlgorithm(SignatureAlgorithm.RS512).build();
+		assertThat(decoder.decode(this.rsa512).block()).extracting(Jwt::getSubject).isEqualTo("test-subject");
 	}
 
 	@Test
 	public void decodeWhenSignatureMismatchesAlgorithmThenThrowsException() throws Exception {
-		NimbusReactiveJwtDecoder decoder =
-				withPublicKey(key()).signatureAlgorithm(SignatureAlgorithm.RS512).build();
-		assertThatCode(() -> decoder.decode(this.rsa256).block())
-				.isInstanceOf(BadJwtException.class);
+		NimbusReactiveJwtDecoder decoder = withPublicKey(key()).signatureAlgorithm(SignatureAlgorithm.RS512).build();
+		assertThatCode(() -> decoder.decode(this.rsa256).block()).isInstanceOf(BadJwtException.class);
 	}
 
 	// gh-8730
 	@Test
 	public void withPublicKeyWhenUsingCustomTypeHeaderThenRefuseOmittedType() throws Exception {
 		NimbusReactiveJwtDecoder decoder = withPublicKey(key())
-				.jwtProcessorCustomizer(p -> p.setJWSTypeVerifier(new DefaultJOSEObjectTypeVerifier<>(new JOSEObjectType("JWS"))))
+				.jwtProcessorCustomizer(
+						p -> p.setJWSTypeVerifier(new DefaultJOSEObjectTypeVerifier<>(new JOSEObjectType("JWS"))))
 				.build();
 
 		AssertionsForClassTypes.assertThatCode(() -> decoder.decode(this.rsa256).block())
@@ -385,44 +362,38 @@ public class NimbusReactiveJwtDecoderTests {
 
 	@Test
 	public void withJwkSourceWhenNullThenThrowsException() {
-		assertThatCode(() -> withJwkSource(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatCode(() -> withJwkSource(null)).isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
 	public void withJwkSourceWhenJwtProcessorCustomizerNullThenThrowsIllegalArgumentException() {
 		assertThatCode(() -> withJwkSource(jwt -> Flux.empty()).jwtProcessorCustomizer(null).build())
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("jwtProcessorCustomizer cannot be null");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("jwtProcessorCustomizer cannot be null");
 	}
 
 	@Test
 	public void decodeWhenCustomJwkSourceResolutionThenDecodes() {
-		NimbusReactiveJwtDecoder decoder =
-				withJwkSource(jwt -> Flux.fromIterable(parseJWKSet(this.jwkSet).getKeys()))
-						.build();
+		NimbusReactiveJwtDecoder decoder = withJwkSource(jwt -> Flux.fromIterable(parseJWKSet(this.jwkSet).getKeys()))
+				.build();
 
-		assertThat(decoder.decode(this.messageReadToken).block())
-				.extracting(Jwt::getExpiresAt)
-				.isNotNull();
+		assertThat(decoder.decode(this.messageReadToken).block()).extracting(Jwt::getExpiresAt).isNotNull();
 	}
 
 	// gh-8730
 	@Test
 	public void withJwkSourceWhenUsingCustomTypeHeaderThenRefuseOmittedType() {
 		NimbusReactiveJwtDecoder decoder = withJwkSource(jwt -> Flux.empty())
-				.jwtProcessorCustomizer(p -> p.setJWSTypeVerifier(new DefaultJOSEObjectTypeVerifier<>(new JOSEObjectType("JWS"))))
+				.jwtProcessorCustomizer(
+						p -> p.setJWSTypeVerifier(new DefaultJOSEObjectTypeVerifier<>(new JOSEObjectType("JWS"))))
 				.build();
 
-		assertThatCode(() -> decoder.decode(this.messageReadToken).block())
-				.isInstanceOf(BadJwtException.class)
+		assertThatCode(() -> decoder.decode(this.messageReadToken).block()).isInstanceOf(BadJwtException.class)
 				.hasRootCauseMessage("Required JOSE header \"typ\" (type) parameter is missing");
 	}
 
 	@Test
 	public void withSecretKeyWhenSecretKeyNullThenThrowsIllegalArgumentException() {
-		assertThatThrownBy(() -> withSecretKey(null))
-				.isInstanceOf(IllegalArgumentException.class)
+		assertThatThrownBy(() -> withSecretKey(null)).isInstanceOf(IllegalArgumentException.class)
 				.hasMessage("secretKey cannot be null");
 	}
 
@@ -430,26 +401,22 @@ public class NimbusReactiveJwtDecoderTests {
 	public void withSecretKeyWhenJwtProcessorCustomizerNullThenThrowsIllegalArgumentException() {
 		SecretKey secretKey = TestKeys.DEFAULT_SECRET_KEY;
 		assertThatThrownBy(() -> withSecretKey(secretKey).jwtProcessorCustomizer(null).build())
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("jwtProcessorCustomizer cannot be null");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("jwtProcessorCustomizer cannot be null");
 	}
 
 	@Test
 	public void withSecretKeyWhenMacAlgorithmNullThenThrowsIllegalArgumentException() {
 		SecretKey secretKey = TestKeys.DEFAULT_SECRET_KEY;
 		assertThatThrownBy(() -> withSecretKey(secretKey).macAlgorithm(null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("macAlgorithm cannot be null");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("macAlgorithm cannot be null");
 	}
 
 	@Test
 	public void decodeWhenSecretKeyThenSuccess() throws Exception {
 		SecretKey secretKey = TestKeys.DEFAULT_SECRET_KEY;
 		MacAlgorithm macAlgorithm = MacAlgorithm.HS256;
-		JWTClaimsSet claimsSet = new JWTClaimsSet.Builder()
-				.subject("test-subject")
-				.expirationTime(Date.from(Instant.now().plusSeconds(60)))
-				.build();
+		JWTClaimsSet claimsSet = new JWTClaimsSet.Builder().subject("test-subject")
+				.expirationTime(Date.from(Instant.now().plusSeconds(60))).build();
 		SignedJWT signedJWT = signedJwt(secretKey, macAlgorithm, claimsSet);
 
 		this.decoder = withSecretKey(secretKey).macAlgorithm(macAlgorithm).build();
@@ -462,10 +429,10 @@ public class NimbusReactiveJwtDecoderTests {
 	public void withSecretKeyWhenUsingCustomTypeHeaderThenRefuseOmittedType() {
 		SecretKey secretKey = TestKeys.DEFAULT_SECRET_KEY;
 		NimbusReactiveJwtDecoder decoder = withSecretKey(secretKey)
-				.jwtProcessorCustomizer(p -> p.setJWSTypeVerifier(new DefaultJOSEObjectTypeVerifier<>(new JOSEObjectType("JWS"))))
+				.jwtProcessorCustomizer(
+						p -> p.setJWSTypeVerifier(new DefaultJOSEObjectTypeVerifier<>(new JOSEObjectType("JWS"))))
 				.build();
-		assertThatCode(() -> decoder.decode(messageReadToken).block())
-				.isInstanceOf(BadJwtException.class)
+		assertThatCode(() -> decoder.decode(messageReadToken).block()).isInstanceOf(BadJwtException.class)
 				.hasRootCauseMessage("Required JOSE header \"typ\" (type) parameter is missing");
 	}
 
@@ -473,10 +440,8 @@ public class NimbusReactiveJwtDecoderTests {
 	public void decodeWhenSecretKeyAndAlgorithmMismatchThenThrowsJwtException() throws Exception {
 		SecretKey secretKey = TestKeys.DEFAULT_SECRET_KEY;
 		MacAlgorithm macAlgorithm = MacAlgorithm.HS256;
-		JWTClaimsSet claimsSet = new JWTClaimsSet.Builder()
-				.subject("test-subject")
-				.expirationTime(Date.from(Instant.now().plusSeconds(60)))
-				.build();
+		JWTClaimsSet claimsSet = new JWTClaimsSet.Builder().subject("test-subject")
+				.expirationTime(Date.from(Instant.now().plusSeconds(60))).build();
 		SignedJWT signedJWT = signedJwt(secretKey, macAlgorithm, claimsSet);
 
 		this.decoder = withSecretKey(secretKey).macAlgorithm(MacAlgorithm.HS512).build();
@@ -487,46 +452,36 @@ public class NimbusReactiveJwtDecoderTests {
 	@Test
 	public void jwsKeySelectorWhenNoAlgorithmThenReturnsRS256Selector() {
 		JWKSource<JWKSecurityContext> jwkSource = mock(JWKSource.class);
-		JWSKeySelector<JWKSecurityContext> jwsKeySelector =
-				withJwkSetUri(this.jwkSetUri).jwsKeySelector(jwkSource);
+		JWSKeySelector<JWKSecurityContext> jwsKeySelector = withJwkSetUri(this.jwkSetUri).jwsKeySelector(jwkSource);
 		assertThat(jwsKeySelector instanceof JWSVerificationKeySelector);
-		JWSVerificationKeySelector<JWKSecurityContext> jwsVerificationKeySelector =
-				(JWSVerificationKeySelector<JWKSecurityContext>) jwsKeySelector;
-		assertThat(jwsVerificationKeySelector.isAllowed(JWSAlgorithm.RS256))
-				.isTrue();
+		JWSVerificationKeySelector<JWKSecurityContext> jwsVerificationKeySelector = (JWSVerificationKeySelector<JWKSecurityContext>) jwsKeySelector;
+		assertThat(jwsVerificationKeySelector.isAllowed(JWSAlgorithm.RS256)).isTrue();
 	}
 
 	@Test
 	public void jwsKeySelectorWhenOneAlgorithmThenReturnsSingleSelector() {
 		JWKSource<JWKSecurityContext> jwkSource = mock(JWKSource.class);
-		JWSKeySelector<JWKSecurityContext> jwsKeySelector =
-				withJwkSetUri(this.jwkSetUri).jwsAlgorithm(SignatureAlgorithm.RS512)
-						.jwsKeySelector(jwkSource);
+		JWSKeySelector<JWKSecurityContext> jwsKeySelector = withJwkSetUri(this.jwkSetUri)
+				.jwsAlgorithm(SignatureAlgorithm.RS512).jwsKeySelector(jwkSource);
 		assertThat(jwsKeySelector instanceof JWSVerificationKeySelector);
-		JWSVerificationKeySelector<JWKSecurityContext> jwsVerificationKeySelector =
-				(JWSVerificationKeySelector<JWKSecurityContext>) jwsKeySelector;
-		assertThat(jwsVerificationKeySelector.isAllowed(JWSAlgorithm.RS512))
-				.isTrue();
+		JWSVerificationKeySelector<JWKSecurityContext> jwsVerificationKeySelector = (JWSVerificationKeySelector<JWKSecurityContext>) jwsKeySelector;
+		assertThat(jwsVerificationKeySelector.isAllowed(JWSAlgorithm.RS512)).isTrue();
 	}
 
 	@Test
 	public void jwsKeySelectorWhenMultipleAlgorithmThenReturnsCompositeSelector() {
 		JWKSource<JWKSecurityContext> jwkSource = mock(JWKSource.class);
-		JWSKeySelector<JWKSecurityContext> jwsKeySelector =
-				withJwkSetUri(this.jwkSetUri)
-						.jwsAlgorithm(SignatureAlgorithm.RS256)
-						.jwsAlgorithm(SignatureAlgorithm.RS512)
-						.jwsKeySelector(jwkSource);
+		JWSKeySelector<JWKSecurityContext> jwsKeySelector = withJwkSetUri(this.jwkSetUri)
+				.jwsAlgorithm(SignatureAlgorithm.RS256).jwsAlgorithm(SignatureAlgorithm.RS512)
+				.jwsKeySelector(jwkSource);
 		assertThat(jwsKeySelector instanceof JWSVerificationKeySelector);
-		JWSVerificationKeySelector<?> jwsAlgorithmMapKeySelector =
-				(JWSVerificationKeySelector<?>) jwsKeySelector;
-		assertThat(jwsAlgorithmMapKeySelector.isAllowed(JWSAlgorithm.RS256))
-				.isTrue();
-		assertThat(jwsAlgorithmMapKeySelector.isAllowed(JWSAlgorithm.RS512))
-				.isTrue();
+		JWSVerificationKeySelector<?> jwsAlgorithmMapKeySelector = (JWSVerificationKeySelector<?>) jwsKeySelector;
+		assertThat(jwsAlgorithmMapKeySelector.isAllowed(JWSAlgorithm.RS256)).isTrue();
+		assertThat(jwsAlgorithmMapKeySelector.isAllowed(JWSAlgorithm.RS512)).isTrue();
 	}
 
-	private SignedJWT signedJwt(SecretKey secretKey, MacAlgorithm jwsAlgorithm, JWTClaimsSet claimsSet) throws Exception {
+	private SignedJWT signedJwt(SecretKey secretKey, MacAlgorithm jwsAlgorithm, JWTClaimsSet claimsSet)
+			throws Exception {
 		SignedJWT signedJWT = new SignedJWT(new JWSHeader(JWSAlgorithm.parse(jwsAlgorithm.getName())), claimsSet);
 		JWSSigner signer = new MACSigner(secretKey);
 		signedJWT.sign(signer);
@@ -536,7 +491,8 @@ public class NimbusReactiveJwtDecoderTests {
 	private JWKSet parseJWKSet(String jwkSet) {
 		try {
 			return JWKSet.parse(jwkSet);
-		} catch (ParseException e) {
+		}
+		catch (ParseException e) {
 			throw new IllegalArgumentException(e);
 		}
 	}
@@ -557,4 +513,5 @@ public class NimbusReactiveJwtDecoderTests {
 		when(spec.retrieve()).thenReturn(responseSpec);
 		return webClient;
 	}
+
 }
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/ReactiveJwtDecodersTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/ReactiveJwtDecodersTests.java
index 3e6b411fc5..4cb9b91789 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/ReactiveJwtDecodersTests.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/ReactiveJwtDecodersTests.java
@@ -46,40 +46,31 @@ import static org.assertj.core.api.Assertions.assertThatCode;
  * @author Rafiullah Hamedy
  */
 public class ReactiveJwtDecodersTests {
+
 	/**
-	 * Contains those parameters required to construct a ReactiveJwtDecoder as well as any required parameters
+	 * Contains those parameters required to construct a ReactiveJwtDecoder as well as any
+	 * required parameters
 	 */
-	private static final String DEFAULT_RESPONSE_TEMPLATE =
-			"{\n"
-					+ "    \"authorization_endpoint\": \"https://example.com/o/oauth2/v2/auth\", \n"
-					+ "    \"id_token_signing_alg_values_supported\": [\n"
-					+ "        \"RS256\"\n"
-					+ "    ], \n"
-					+ "    \"issuer\": \"%s\", \n"
-					+ "    \"jwks_uri\": \"%s/.well-known/jwks.json\", \n"
-					+ "    \"response_types_supported\": [\n"
-					+ "        \"code\", \n"
-					+ "        \"token\", \n"
-					+ "        \"id_token\", \n"
-					+ "        \"code token\", \n"
-					+ "        \"code id_token\", \n"
-					+ "        \"token id_token\", \n"
-					+ "        \"code token id_token\", \n"
-					+ "        \"none\"\n"
-					+ "    ], \n"
-					+ "    \"subject_types_supported\": [\n"
-					+ "        \"public\"\n"
-					+ "    ], \n"
-					+ "    \"token_endpoint\": \"https://example.com/oauth2/v4/token\"\n"
-					+ "}";
+	private static final String DEFAULT_RESPONSE_TEMPLATE = "{\n"
+			+ "    \"authorization_endpoint\": \"https://example.com/o/oauth2/v2/auth\", \n"
+			+ "    \"id_token_signing_alg_values_supported\": [\n" + "        \"RS256\"\n" + "    ], \n"
+			+ "    \"issuer\": \"%s\", \n" + "    \"jwks_uri\": \"%s/.well-known/jwks.json\", \n"
+			+ "    \"response_types_supported\": [\n" + "        \"code\", \n" + "        \"token\", \n"
+			+ "        \"id_token\", \n" + "        \"code token\", \n" + "        \"code id_token\", \n"
+			+ "        \"token id_token\", \n" + "        \"code token id_token\", \n" + "        \"none\"\n"
+			+ "    ], \n" + "    \"subject_types_supported\": [\n" + "        \"public\"\n" + "    ], \n"
+			+ "    \"token_endpoint\": \"https://example.com/oauth2/v4/token\"\n" + "}";
 
 	private static final String JWK_SET = "{\"keys\":[{\"p\":\"49neceJFs8R6n7WamRGy45F5Tv0YM-R2ODK3eSBUSLOSH2tAqjEVKOkLE5fiNA3ygqq15NcKRadB2pTVf-Yb5ZIBuKzko8bzYIkIqYhSh_FAdEEr0vHF5fq_yWSvc6swsOJGqvBEtuqtJY027u-G2gAQasCQdhyejer68zsTn8M\",\"kty\":\"RSA\",\"q\":\"tWR-ysspjZ73B6p2vVRVyHwP3KQWL5KEQcdgcmMOE_P_cPs98vZJfLhxobXVmvzuEWBpRSiqiuyKlQnpstKt94Cy77iO8m8ISfF3C9VyLWXi9HUGAJb99irWABFl3sNDff5K2ODQ8CmuXLYM25OwN3ikbrhEJozlXg_NJFSGD4E\",\"d\":\"FkZHYZlw5KSoqQ1i2RA2kCUygSUOf1OqMt3uomtXuUmqKBm_bY7PCOhmwbvbn4xZYEeHuTR8Xix-0KpHe3NKyWrtRjkq1T_un49_1LLVUhJ0dL-9_x0xRquVjhl_XrsRXaGMEHs8G9pLTvXQ1uST585gxIfmCe0sxPZLvwoic-bXf64UZ9BGRV3lFexWJQqCZp2S21HfoU7wiz6kfLRNi-K4xiVNB1gswm_8o5lRuY7zB9bRARQ3TS2G4eW7p5sxT3CgsGiQD3_wPugU8iDplqAjgJ5ofNJXZezoj0t6JMB_qOpbrmAM1EnomIPebSLW7Ky9SugEd6KMdL5lW6AuAQ\",\"e\":\"AQAB\",\"use\":\"sig\",\"kid\":\"one\",\"qi\":\"wdkFu_tV2V1l_PWUUimG516Zvhqk2SWDw1F7uNDD-Lvrv_WNRIJVzuffZ8WYiPy8VvYQPJUrT2EXL8P0ocqwlaSTuXctrORcbjwgxDQDLsiZE0C23HYzgi0cofbScsJdhcBg7d07LAf7cdJWG0YVl1FkMCsxUlZ2wTwHfKWf-v4\",\"dp\":\"uwnPxqC-IxG4r33-SIT02kZC1IqC4aY7PWq0nePiDEQMQWpjjNH50rlq9EyLzbtdRdIouo-jyQXB01K15-XXJJ60dwrGLYNVqfsTd0eGqD1scYJGHUWG9IDgCsxyEnuG3s0AwbW2UolWVSsU2xMZGb9PurIUZECeD1XDZwMp2s0\",\"dq\":\"hra786AunB8TF35h8PpROzPoE9VJJMuLrc6Esm8eZXMwopf0yhxfN2FEAvUoTpLJu93-UH6DKenCgi16gnQ0_zt1qNNIVoRfg4rw_rjmsxCYHTVL3-RDeC8X_7TsEySxW0EgFTHh-nr6I6CQrAJjPM88T35KHtdFATZ7BCBB8AE\",\"n\":\"oXJ8OyOv_eRnce4akdanR4KYRfnC2zLV4uYNQpcFn6oHL0dj7D6kxQmsXoYgJV8ZVDn71KGmuLvolxsDncc2UrhyMBY6DVQVgMSVYaPCTgW76iYEKGgzTEw5IBRQL9w3SRJWd3VJTZZQjkXef48Ocz06PGF3lhbz4t5UEZtdF4rIe7u-977QwHuh7yRPBQ3sII-cVoOUMgaXB9SHcGF2iZCtPzL_IffDUcfhLQteGebhW8A6eUHgpD5A1PQ-JCw_G7UOzZAjjDjtNM2eqm8j-Ms_gqnm4MiCZ4E-9pDN77CAAPVN7kuX6ejs9KBXpk01z48i9fORYk9u7rAkh1HuQw\"}]}";
+
 	private static final String ISSUER_MISMATCH = "eyJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJodHRwczpcL1wvd3Jvbmdpc3N1ZXIiLCJleHAiOjQ2ODcyNTYwNDl9.Ax8LMI6rhB9Pv_CE3kFi1JPuLj9gZycifWrLeDpkObWEEVAsIls9zAhNFyJlG-Oo7up6_mDhZgeRfyKnpSF5GhKJtXJDCzwg0ZDVUE6rS0QadSxsMMGbl7c4y0lG_7TfLX2iWeNJukJj_oSW9KzW4FsBp1BoocWjrreesqQU3fZHbikH-c_Fs2TsAIpHnxflyEzfOFWpJ8D4DtzHXqfvieMwpy42xsPZK3LR84zlasf0Ne1tC_hLHvyHRdAXwn0CMoKxc7-8j0r9Mq8kAzUsPn9If7bMLqGkxUcTPdk5x7opAUajDZx95SXHLmtztNtBa2S6EfPJXuPKG6tM5Wq5Ug";
 
 	private static final String OIDC_METADATA_PATH = "/.well-known/openid-configuration";
+
 	private static final String OAUTH_METADATA_PATH = "/.well-known/oauth-authorization-server";
 
 	private MockWebServer server;
+
 	private String issuer;
 
 	@Before
@@ -101,8 +92,7 @@ public class ReactiveJwtDecodersTests {
 
 		ReactiveJwtDecoder decoder = ReactiveJwtDecoders.fromOidcIssuerLocation(this.issuer);
 
-		assertThatCode(() -> decoder.decode(ISSUER_MISMATCH).block())
-				.isInstanceOf(JwtValidationException.class)
+		assertThatCode(() -> decoder.decode(ISSUER_MISMATCH).block()).isInstanceOf(JwtValidationException.class)
 				.hasMessageContaining("The iss claim is not valid");
 	}
 
@@ -112,8 +102,7 @@ public class ReactiveJwtDecodersTests {
 
 		ReactiveJwtDecoder decoder = ReactiveJwtDecoders.fromIssuerLocation(this.issuer);
 
-		assertThatCode(() -> decoder.decode(ISSUER_MISMATCH).block())
-				.isInstanceOf(JwtValidationException.class)
+		assertThatCode(() -> decoder.decode(ISSUER_MISMATCH).block()).isInstanceOf(JwtValidationException.class)
 				.hasMessageContaining("The iss claim is not valid");
 	}
 
@@ -123,8 +112,7 @@ public class ReactiveJwtDecodersTests {
 
 		ReactiveJwtDecoder decoder = ReactiveJwtDecoders.fromIssuerLocation(this.issuer);
 
-		assertThatCode(() -> decoder.decode(ISSUER_MISMATCH).block())
-				.isInstanceOf(JwtValidationException.class)
+		assertThatCode(() -> decoder.decode(ISSUER_MISMATCH).block()).isInstanceOf(JwtValidationException.class)
 				.hasMessageContaining("The iss claim is not valid");
 	}
 
@@ -139,15 +127,13 @@ public class ReactiveJwtDecodersTests {
 	@Test
 	public void issuerWhenOidcFallbackResponseIsNonCompliantThenThrowsRuntimeException() {
 		prepareConfigurationResponseOidc("{ \"missing_required_keys\" : \"and_values\" }");
-		assertThatCode(() -> ReactiveJwtDecoders.fromIssuerLocation(this.issuer))
-				.isInstanceOf(RuntimeException.class);
+		assertThatCode(() -> ReactiveJwtDecoders.fromIssuerLocation(this.issuer)).isInstanceOf(RuntimeException.class);
 	}
 
 	@Test
 	public void issuerWhenOAuth2ResponseIsNonCompliantThenThrowsRuntimeException() {
 		prepareConfigurationResponseOAuth2("{ \"missing_required_keys\" : \"and_values\" }");
-		assertThatCode(() -> ReactiveJwtDecoders.fromIssuerLocation(this.issuer))
-				.isInstanceOf(RuntimeException.class);
+		assertThatCode(() -> ReactiveJwtDecoders.fromIssuerLocation(this.issuer)).isInstanceOf(RuntimeException.class);
 	}
 
 	// gh-7512
@@ -156,8 +142,7 @@ public class ReactiveJwtDecodersTests {
 			throws JsonMappingException, JsonProcessingException {
 		prepareConfigurationResponse(this.buildResponseWithMissingJwksUri());
 		assertThatCode(() -> ReactiveJwtDecoders.fromOidcIssuerLocation(this.issuer))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("The public JWK set URI must not be null");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("The public JWK set URI must not be null");
 	}
 
 	// gh-7512
@@ -166,8 +151,7 @@ public class ReactiveJwtDecodersTests {
 			throws JsonMappingException, JsonProcessingException {
 		prepareConfigurationResponseOidc(this.buildResponseWithMissingJwksUri());
 		assertThatCode(() -> ReactiveJwtDecoders.fromIssuerLocation(this.issuer))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("The public JWK set URI must not be null");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("The public JWK set URI must not be null");
 	}
 
 	// gh-7512
@@ -176,8 +160,7 @@ public class ReactiveJwtDecodersTests {
 			throws JsonMappingException, JsonProcessingException {
 		prepareConfigurationResponseOAuth2(this.buildResponseWithMissingJwksUri());
 		assertThatCode(() -> ReactiveJwtDecoders.fromIssuerLocation(this.issuer))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("The public JWK set URI must not be null");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("The public JWK set URI must not be null");
 	}
 
 	@Test
@@ -191,15 +174,13 @@ public class ReactiveJwtDecodersTests {
 	@Test
 	public void issuerWhenOidcFallbackResponseIsMalformedThenThrowsRuntimeException() {
 		prepareConfigurationResponseOidc("malformed");
-		assertThatCode(() -> ReactiveJwtDecoders.fromIssuerLocation(this.issuer))
-				.isInstanceOf(RuntimeException.class);
+		assertThatCode(() -> ReactiveJwtDecoders.fromIssuerLocation(this.issuer)).isInstanceOf(RuntimeException.class);
 	}
 
 	@Test
 	public void issuerWhenOAuth2ResponseIsMalformedThenThrowsRuntimeException() {
 		prepareConfigurationResponseOAuth2("malformed");
-		assertThatCode(() -> ReactiveJwtDecoders.fromIssuerLocation(this.issuer))
-				.isInstanceOf(RuntimeException.class);
+		assertThatCode(() -> ReactiveJwtDecoders.fromIssuerLocation(this.issuer)).isInstanceOf(RuntimeException.class);
 	}
 
 	@Test
@@ -219,14 +200,14 @@ public class ReactiveJwtDecodersTests {
 
 	@Test
 	public void issuerWhenOAuth2RespondingIssuerMismatchesRequestedIssuerThenThrowsIllegalStateException() {
-		prepareConfigurationResponseOAuth2(String.format(DEFAULT_RESPONSE_TEMPLATE, this.issuer + "/wrong", this.issuer));
+		prepareConfigurationResponseOAuth2(
+				String.format(DEFAULT_RESPONSE_TEMPLATE, this.issuer + "/wrong", this.issuer));
 		assertThatCode(() -> ReactiveJwtDecoders.fromIssuerLocation(this.issuer))
 				.isInstanceOf(IllegalStateException.class);
 	}
 
 	@Test
-	public void issuerWhenRequestedIssuerIsUnresponsiveThenThrowsIllegalArgumentException()
-			throws Exception {
+	public void issuerWhenRequestedIssuerIsUnresponsiveThenThrowsIllegalArgumentException() throws Exception {
 
 		this.server.shutdown();
 
@@ -282,8 +263,7 @@ public class ReactiveJwtDecodersTests {
 			@Override
 			public MockResponse dispatch(RecordedRequest request) {
 				return Optional.of(request).map(RecordedRequest::getRequestUrl).map(HttpUrl::toString)
-						.map(responses::get)
-						.orElse(new MockResponse().setResponseCode(404));
+						.map(responses::get).orElse(new MockResponse().setResponseCode(404));
 			}
 		};
 		this.server.setDispatcher(dispatcher);
@@ -295,14 +275,12 @@ public class ReactiveJwtDecodersTests {
 
 	private String oidc() {
 		URI uri = URI.create(this.issuer);
-		return UriComponentsBuilder.fromUri(uri)
-				.replacePath(uri.getPath() + OIDC_METADATA_PATH).toUriString();
+		return UriComponentsBuilder.fromUri(uri).replacePath(uri.getPath() + OIDC_METADATA_PATH).toUriString();
 	}
 
 	private String oauth() {
 		URI uri = URI.create(this.issuer);
-		return UriComponentsBuilder.fromUri(uri)
-				.replacePath(OAUTH_METADATA_PATH + uri.getPath()).toUriString();
+		return UriComponentsBuilder.fromUri(uri).replacePath(OAUTH_METADATA_PATH + uri.getPath()).toUriString();
 	}
 
 	private String jwks() {
@@ -310,16 +288,16 @@ public class ReactiveJwtDecodersTests {
 	}
 
 	private MockResponse response(String body) {
-		return new MockResponse()
-				.setBody(body)
-				.setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE);
+		return new MockResponse().setBody(body).setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE);
 	}
 
 	public String buildResponseWithMissingJwksUri() throws JsonMappingException, JsonProcessingException {
 		ObjectMapper mapper = new ObjectMapper();
 		Map<String, Object> response = mapper.readValue(DEFAULT_RESPONSE_TEMPLATE,
-				new TypeReference<Map<String, Object>>(){});
+				new TypeReference<Map<String, Object>>() {
+				});
 		response.remove("jwks_uri");
 		return mapper.writeValueAsString(response);
 	}
+
 }
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/ReactiveRemoteJWKSourceTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/ReactiveRemoteJWKSourceTests.java
index d5551e1d68..15d952ed10 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/ReactiveRemoteJWKSourceTests.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/ReactiveRemoteJWKSourceTests.java
@@ -42,6 +42,7 @@ import static org.mockito.Mockito.when;
  */
 @RunWith(MockitoJUnitRunner.class)
 public class ReactiveRemoteJWKSourceTests {
+
 	@Mock
 	private JWKMatcher matcher;
 
@@ -51,40 +52,23 @@ public class ReactiveRemoteJWKSourceTests {
 
 	private MockWebServer server;
 
-	private String keys = "{\n"
-			+ "    \"keys\": [\n"
-			+ "        {\n"
-			+ "            \"alg\": \"RS256\", \n"
+	private String keys = "{\n" + "    \"keys\": [\n" + "        {\n" + "            \"alg\": \"RS256\", \n"
 			+ "            \"e\": \"AQAB\", \n"
 			+ "            \"kid\": \"1923397381d9574bb873202a90c32b7ceeaed027\", \n"
 			+ "            \"kty\": \"RSA\", \n"
 			+ "            \"n\": \"m4I5Dk5GnbzzUtqaljDVbpMONi1JLNJ8ZuXE8VvjCAVebDg5vTYhQ33jUwGgbn1wFmytUMgMmvK8A8Gpshl0sO2GBIZoh6_pwLrk657ZEtv-hx9fYKnzwyrfHqxtSswMAyr7XtKl8Ha1I03uFMSaYaaBTwVXCHByhzr4PVXfKAYJNbbcteUZfE8ODlBQkjQLI0IB78Nu8XIRrdzTF_5LCuM6rLUNtX6_KdzPpeX9KEtB7OBAfkdZEtBzGI-aYNLtIaL4qO6cVxBeVDLMoj9kVsRPylrwhEFQcGOjtJhwJwXFzTMZVhkiLFCHxZkkjoMrK5osSRlhduuGI9ot8XTUKQ\", \n"
-			+ "            \"use\": \"sig\"\n"
-			+ "        }, \n"
-			+ "        {\n"
-			+ "            \"alg\": \"RS256\", \n"
+			+ "            \"use\": \"sig\"\n" + "        }, \n" + "        {\n" + "            \"alg\": \"RS256\", \n"
 			+ "            \"e\": \"AQAB\", \n"
 			+ "            \"kid\": \"7ddf54d3032d1f0d48c3618892ca74c1ac30ad77\", \n"
 			+ "            \"kty\": \"RSA\", \n"
 			+ "            \"n\": \"yLlYyux949b7qS-DdqTNjdZb4NtqiNH-Jt7DtRxmfW9XZLOQ6Q2NYgmPe9hyy5GHG7W3zsd6Q-rzq5eGRNEUx1767K1dS5PtkVWPiPG_M7rDqCu3HsLmKQKhRjHYaCWl5NuiMB5mXoPhSwrHd2yeGE7QHIV7_CiQFc1xQsXeiC-nTeJohJO3HI97w0GXE8pHspLYq9oG87f5IHxFr89abmwRug-D7QWQyW5b4doe4ZL-52J-8WHd52kGrGfu4QyV83oAad3I_9Q-yiWOXUr_0GIrzz4_-u5HgqYexnodFhZZSaKuRSg_b5qCnPhW8gBDLAHkmQzQMaWsN14L0pokbQ\", \n"
-			+ "            \"use\": \"sig\"\n"
-			+ "        }\n"
-			+ "    ]\n"
-			+ "}\n";
+			+ "            \"use\": \"sig\"\n" + "        }\n" + "    ]\n" + "}\n";
 
-
-	private String keys2 = "{\n"
-			+ "    \"keys\": [\n"
-			+ "        {\n"
-			+ "            \"alg\": \"RS256\", \n"
-			+ "            \"e\": \"AQAB\", \n"
-			+ "            \"kid\": \"rotated\", \n"
+	private String keys2 = "{\n" + "    \"keys\": [\n" + "        {\n" + "            \"alg\": \"RS256\", \n"
+			+ "            \"e\": \"AQAB\", \n" + "            \"kid\": \"rotated\", \n"
 			+ "            \"kty\": \"RSA\", \n"
 			+ "            \"n\": \"m4I5Dk5GnbzzUtqaljDVbpMONi1JLNJ8ZuXE8VvjCAVebDg5vTYhQ33jUwGgbn1wFmytUMgMmvK8A8Gpshl0sO2GBIZoh6_pwLrk657ZEtv-hx9fYKnzwyrfHqxtSswMAyr7XtKl8Ha1I03uFMSaYaaBTwVXCHByhzr4PVXfKAYJNbbcteUZfE8ODlBQkjQLI0IB78Nu8XIRrdzTF_5LCuM6rLUNtX6_KdzPpeX9KEtB7OBAfkdZEtBzGI-aYNLtIaL4qO6cVxBeVDLMoj9kVsRPylrwhEFQcGOjtJhwJwXFzTMZVhkiLFCHxZkkjoMrK5osSRlhduuGI9ot8XTUKQ\", \n"
-			+ "            \"use\": \"sig\"\n"
-			+ "        }\n"
-			+ "    ]\n"
-			+ "}\n";
+			+ "            \"use\": \"sig\"\n" + "        }\n" + "    ]\n" + "}\n";
 
 	@Before
 	public void setup() {
@@ -162,4 +146,5 @@ public class ReactiveRemoteJWKSourceTests {
 
 		assertThat(this.source.get(this.selector).block()).isEmpty();
 	}
+
 }
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/TestJwts.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/TestJwts.java
index b253a79616..8cb46904ca 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/TestJwts.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/TestJwts.java
@@ -20,21 +20,15 @@ import java.time.Instant;
 import java.util.Arrays;
 
 public class TestJwts {
+
 	public static Jwt.Builder jwt() {
-		return Jwt.withTokenValue("token")
-				.header("alg", "none")
-				.audience(Arrays.asList("https://audience.example.org"))
-				.expiresAt(Instant.MAX)
-				.issuedAt(Instant.MIN)
-				.issuer("https://issuer.example.org")
-				.jti("jti")
-				.notBefore(Instant.MIN)
-				.subject("mock-test-subject");
+		return Jwt.withTokenValue("token").header("alg", "none").audience(Arrays.asList("https://audience.example.org"))
+				.expiresAt(Instant.MAX).issuedAt(Instant.MIN).issuer("https://issuer.example.org").jti("jti")
+				.notBefore(Instant.MIN).subject("mock-test-subject");
 	}
 
 	public static Jwt user() {
-		return jwt()
-				.claim("sub", "mock-test-subject")
-				.build();
+		return jwt().claim("sub", "mock-test-subject").build();
 	}
+
 }
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/BearerTokenAuthenticationToken.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/BearerTokenAuthenticationToken.java
index 6f12be55db..a1b6ecc0e7 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/BearerTokenAuthenticationToken.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/BearerTokenAuthenticationToken.java
@@ -27,22 +27,23 @@ import org.springframework.util.Assert;
 
 /**
  * An {@link Authentication} that contains a
- * <a href="https://tools.ietf.org/html/rfc6750#section-1.2" target="_blank">Bearer Token</a>.
+ * <a href="https://tools.ietf.org/html/rfc6750#section-1.2" target="_blank">Bearer
+ * Token</a>.
  *
- * Used by {@link BearerTokenAuthenticationFilter} to prepare an authentication attempt and supported
- * by {@link JwtAuthenticationProvider}.
+ * Used by {@link BearerTokenAuthenticationFilter} to prepare an authentication attempt
+ * and supported by {@link JwtAuthenticationProvider}.
  *
  * @author Josh Cummings
  * @since 5.1
  */
 public class BearerTokenAuthenticationToken extends AbstractAuthenticationToken {
+
 	private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
 
 	private String token;
 
 	/**
 	 * Create a {@code BearerTokenAuthenticationToken} using the provided parameter(s)
-	 *
 	 * @param token - the bearer token
 	 */
 	public BearerTokenAuthenticationToken(String token) {
@@ -54,8 +55,11 @@ public class BearerTokenAuthenticationToken extends AbstractAuthenticationToken
 	}
 
 	/**
-	 * Get the <a href="https://tools.ietf.org/html/rfc6750#section-1.2" target="_blank">Bearer Token</a>
-	 * @return the token that proves the caller's authority to perform the {@link javax.servlet.http.HttpServletRequest}
+	 * Get the
+	 * <a href="https://tools.ietf.org/html/rfc6750#section-1.2" target="_blank">Bearer
+	 * Token</a>
+	 * @return the token that proves the caller's authority to perform the
+	 * {@link javax.servlet.http.HttpServletRequest}
 	 */
 	public String getToken() {
 		return this.token;
@@ -76,4 +80,5 @@ public class BearerTokenAuthenticationToken extends AbstractAuthenticationToken
 	public Object getPrincipal() {
 		return this.getToken();
 	}
+
 }
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/BearerTokenError.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/BearerTokenError.java
index 26f0db3e78..59fe9f399c 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/BearerTokenError.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/BearerTokenError.java
@@ -21,14 +21,16 @@ import org.springframework.security.oauth2.core.OAuth2Error;
 import org.springframework.util.Assert;
 
 /**
- * A representation of a <a href="https://tools.ietf.org/html/rfc6750#section-3.1" target="_blank">Bearer Token Error</a>.
+ * A representation of a
+ * <a href="https://tools.ietf.org/html/rfc6750#section-3.1" target="_blank">Bearer Token
+ * Error</a>.
  *
  * @author Vedran Pavic
  * @author Josh Cummings
  * @since 5.1
  * @see BearerTokenErrorCodes
- * @see <a href="https://tools.ietf.org/html/rfc6750#section-3" target="_blank">RFC 6750 Section 3: The WWW-Authenticate
- * Response Header Field</a>
+ * @see <a href="https://tools.ietf.org/html/rfc6750#section-3" target="_blank">RFC 6750
+ * Section 3: The WWW-Authenticate Response Header Field</a>
  */
 public final class BearerTokenError extends OAuth2Error {
 
@@ -38,7 +40,6 @@ public final class BearerTokenError extends OAuth2Error {
 
 	/**
 	 * Create a {@code BearerTokenError} using the provided parameters
-	 *
 	 * @param errorCode the error code
 	 * @param httpStatus the HTTP status
 	 */
@@ -48,14 +49,14 @@ public final class BearerTokenError extends OAuth2Error {
 
 	/**
 	 * Create a {@code BearerTokenError} using the provided parameters
-	 *
 	 * @param errorCode the error code
 	 * @param httpStatus the HTTP status
 	 * @param description the description
 	 * @param errorUri the URI
 	 * @param scope the scope
 	 */
-	public BearerTokenError(String errorCode, HttpStatus httpStatus, String description, String errorUri, String scope) {
+	public BearerTokenError(String errorCode, HttpStatus httpStatus, String description, String errorUri,
+			String scope) {
 		super(errorCode, description, errorUri);
 		Assert.notNull(httpStatus, "httpStatus cannot be null");
 
@@ -65,8 +66,7 @@ public final class BearerTokenError extends OAuth2Error {
 				"errorCode contains invalid ASCII characters, it must conform to RFC 6750");
 		Assert.isTrue(isErrorUriValid(errorUri),
 				"errorUri contains invalid ASCII characters, it must conform to RFC 6750");
-		Assert.isTrue(isScopeValid(scope),
-				"scope contains invalid ASCII characters, it must conform to RFC 6750");
+		Assert.isTrue(isScopeValid(scope), "scope contains invalid ASCII characters, it must conform to RFC 6750");
 
 		this.httpStatus = httpStatus;
 		this.scope = scope;
@@ -89,37 +89,27 @@ public final class BearerTokenError extends OAuth2Error {
 	}
 
 	private static boolean isDescriptionValid(String description) {
-		return description == null ||
-				description.chars().allMatch(c ->
-						withinTheRangeOf(c, 0x20, 0x21) ||
-						withinTheRangeOf(c, 0x23, 0x5B) ||
-						withinTheRangeOf(c, 0x5D, 0x7E));
+		return description == null || description.chars().allMatch(c -> withinTheRangeOf(c, 0x20, 0x21)
+				|| withinTheRangeOf(c, 0x23, 0x5B) || withinTheRangeOf(c, 0x5D, 0x7E));
 	}
 
 	private static boolean isErrorCodeValid(String errorCode) {
-		return errorCode.chars().allMatch(c ->
-						withinTheRangeOf(c, 0x20, 0x21) ||
-						withinTheRangeOf(c, 0x23, 0x5B) ||
-						withinTheRangeOf(c, 0x5D, 0x7E));
+		return errorCode.chars().allMatch(c -> withinTheRangeOf(c, 0x20, 0x21) || withinTheRangeOf(c, 0x23, 0x5B)
+				|| withinTheRangeOf(c, 0x5D, 0x7E));
 	}
 
 	private static boolean isErrorUriValid(String errorUri) {
-		return errorUri == null ||
-				errorUri.chars().allMatch(c ->
-						c == 0x21 ||
-						withinTheRangeOf(c, 0x23, 0x5B) ||
-						withinTheRangeOf(c, 0x5D, 0x7E));
+		return errorUri == null || errorUri.chars()
+				.allMatch(c -> c == 0x21 || withinTheRangeOf(c, 0x23, 0x5B) || withinTheRangeOf(c, 0x5D, 0x7E));
 	}
 
 	private static boolean isScopeValid(String scope) {
-		return scope == null ||
-				scope.chars().allMatch(c ->
-						withinTheRangeOf(c, 0x20, 0x21) ||
-						withinTheRangeOf(c, 0x23, 0x5B) ||
-						withinTheRangeOf(c, 0x5D, 0x7E));
+		return scope == null || scope.chars().allMatch(c -> withinTheRangeOf(c, 0x20, 0x21)
+				|| withinTheRangeOf(c, 0x23, 0x5B) || withinTheRangeOf(c, 0x5D, 0x7E));
 	}
 
 	private static boolean withinTheRangeOf(int c, int min, int max) {
 		return c >= min && c <= max;
 	}
+
 }
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/BearerTokenErrorCodes.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/BearerTokenErrorCodes.java
index 0e74b2d6f1..84457dc674 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/BearerTokenErrorCodes.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/BearerTokenErrorCodes.java
@@ -17,29 +17,32 @@
 package org.springframework.security.oauth2.server.resource;
 
 /**
- * Standard error codes defined by the OAuth 2.0 Authorization Framework: Bearer Token Usage.
+ * Standard error codes defined by the OAuth 2.0 Authorization Framework: Bearer Token
+ * Usage.
  *
  * @author Vedran Pavic
  * @since 5.1
- * @see <a href="https://tools.ietf.org/html/rfc6750#section-3.1" target="_blank">RFC 6750 Section 3.1: Error Codes</a>
+ * @see <a href="https://tools.ietf.org/html/rfc6750#section-3.1" target="_blank">RFC 6750
+ * Section 3.1: Error Codes</a>
  */
 public interface BearerTokenErrorCodes {
 
 	/**
-	 * {@code invalid_request} - The request is missing a required parameter, includes an unsupported parameter or
-	 * parameter value, repeats the same parameter, uses more than one method for including an access token, or is
-	 * otherwise malformed.
+	 * {@code invalid_request} - The request is missing a required parameter, includes an
+	 * unsupported parameter or parameter value, repeats the same parameter, uses more
+	 * than one method for including an access token, or is otherwise malformed.
 	 */
 	String INVALID_REQUEST = "invalid_request";
 
 	/**
-	 * {@code invalid_token} - The access token provided is expired, revoked, malformed, or invalid for other
-	 * reasons.
+	 * {@code invalid_token} - The access token provided is expired, revoked, malformed,
+	 * or invalid for other reasons.
 	 */
 	String INVALID_TOKEN = "invalid_token";
 
 	/**
-	 * {@code insufficient_scope} - The request requires higher privileges than provided by the access token.
+	 * {@code insufficient_scope} - The request requires higher privileges than provided
+	 * by the access token.
 	 */
 	String INSUFFICIENT_SCOPE = "insufficient_scope";
 
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/BearerTokenErrors.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/BearerTokenErrors.java
index 7bbd5387d4..5a2b50cfbb 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/BearerTokenErrors.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/BearerTokenErrors.java
@@ -23,73 +23,72 @@ import static org.springframework.security.oauth2.server.resource.BearerTokenErr
 import static org.springframework.security.oauth2.server.resource.BearerTokenErrorCodes.INVALID_TOKEN;
 
 /**
- * A factory for creating {@link BearerTokenError} instances that correspond to the registered
- * <a href="https://tools.ietf.org/html/rfc6750#section-3.1">Bearer Token Error Codes</a>.
+ * A factory for creating {@link BearerTokenError} instances that correspond to the
+ * registered <a href="https://tools.ietf.org/html/rfc6750#section-3.1">Bearer Token Error
+ * Codes</a>.
  *
  * @author Josh Cummings
  * @since 5.3
  */
 public final class BearerTokenErrors {
+
 	private static final BearerTokenError DEFAULT_INVALID_REQUEST = invalidRequest("Invalid request");
+
 	private static final BearerTokenError DEFAULT_INVALID_TOKEN = invalidToken("Invalid token");
+
 	private static final BearerTokenError DEFAULT_INSUFFICIENT_SCOPE = insufficientScope("Insufficient scope", null);
 
 	private static final String DEFAULT_URI = "https://tools.ietf.org/html/rfc6750#section-3.1";
 
 	/**
 	 * Create a {@link BearerTokenError} caused by an invalid request
-	 *
 	 * @param message a description of the error
 	 * @return a {@link BearerTokenError}
 	 */
 	public static BearerTokenError invalidRequest(String message) {
 		try {
-			return new BearerTokenError(INVALID_REQUEST,
-					HttpStatus.BAD_REQUEST,
-					message,
-					DEFAULT_URI);
-		} catch (IllegalArgumentException malformed) {
-			// some third-party library error messages are not suitable for RFC 6750's error message charset
+			return new BearerTokenError(INVALID_REQUEST, HttpStatus.BAD_REQUEST, message, DEFAULT_URI);
+		}
+		catch (IllegalArgumentException malformed) {
+			// some third-party library error messages are not suitable for RFC 6750's
+			// error message charset
 			return DEFAULT_INVALID_REQUEST;
 		}
 	}
 
 	/**
 	 * Create a {@link BearerTokenError} caused by an invalid token
-	 *
 	 * @param message a description of the error
 	 * @return a {@link BearerTokenError}
 	 */
 	public static BearerTokenError invalidToken(String message) {
 		try {
-			return new BearerTokenError(INVALID_TOKEN,
-					HttpStatus.UNAUTHORIZED,
-					message,
-					DEFAULT_URI);
-		} catch (IllegalArgumentException malformed) {
-			// some third-party library error messages are not suitable for RFC 6750's error message charset
+			return new BearerTokenError(INVALID_TOKEN, HttpStatus.UNAUTHORIZED, message, DEFAULT_URI);
+		}
+		catch (IllegalArgumentException malformed) {
+			// some third-party library error messages are not suitable for RFC 6750's
+			// error message charset
 			return DEFAULT_INVALID_TOKEN;
 		}
 	}
 
 	/**
 	 * Create a {@link BearerTokenError} caused by an invalid token
-	 *
 	 * @param scope the scope attribute to use in the error
 	 * @return a {@link BearerTokenError}
 	 */
 	public static BearerTokenError insufficientScope(String message, String scope) {
 		try {
-			return new BearerTokenError(INSUFFICIENT_SCOPE,
-					HttpStatus.FORBIDDEN,
-					message,
-					DEFAULT_URI,
-					scope);
-		} catch (IllegalArgumentException malformed) {
-			// some third-party library error messages are not suitable for RFC 6750's error message charset
+			return new BearerTokenError(INSUFFICIENT_SCOPE, HttpStatus.FORBIDDEN, message, DEFAULT_URI, scope);
+		}
+		catch (IllegalArgumentException malformed) {
+			// some third-party library error messages are not suitable for RFC 6750's
+			// error message charset
 			return DEFAULT_INSUFFICIENT_SCOPE;
 		}
 	}
 
-	private BearerTokenErrors() {}
+	private BearerTokenErrors() {
+	}
+
 }
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/InvalidBearerTokenException.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/InvalidBearerTokenException.java
index 47ac1c72be..e3ba596dab 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/InvalidBearerTokenException.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/InvalidBearerTokenException.java
@@ -32,9 +32,9 @@ public class InvalidBearerTokenException extends OAuth2AuthenticationException {
 	 * Construct an instance of {@link InvalidBearerTokenException} given the provided
 	 * description.
 	 *
-	 * The description will be wrapped into an {@link org.springframework.security.oauth2.core.OAuth2Error}
-	 * instance as the {@code error_description}.
-	 *
+	 * The description will be wrapped into an
+	 * {@link org.springframework.security.oauth2.core.OAuth2Error} instance as the
+	 * {@code error_description}.
 	 * @param description the description
 	 */
 	public InvalidBearerTokenException(String description) {
@@ -45,13 +45,14 @@ public class InvalidBearerTokenException extends OAuth2AuthenticationException {
 	 * Construct an instance of {@link InvalidBearerTokenException} given the provided
 	 * description and cause
 	 *
-	 * The description will be wrapped into an {@link org.springframework.security.oauth2.core.OAuth2Error}
-	 * instance as the {@code error_description}.
-	 *
+	 * The description will be wrapped into an
+	 * {@link org.springframework.security.oauth2.core.OAuth2Error} instance as the
+	 * {@code error_description}.
 	 * @param description the description
 	 * @param cause the causing exception
 	 */
 	public InvalidBearerTokenException(String description, Throwable cause) {
 		super(invalidToken(description), cause);
 	}
+
 }
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/AbstractOAuth2TokenAuthenticationToken.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/AbstractOAuth2TokenAuthenticationToken.java
index d6d63b6b92..4a9b3edf39 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/AbstractOAuth2TokenAuthenticationToken.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/AbstractOAuth2TokenAuthenticationToken.java
@@ -28,25 +28,31 @@ import org.springframework.security.oauth2.jwt.Jwt;
 import org.springframework.util.Assert;
 
 /**
- * Base class for {@link AbstractAuthenticationToken} implementations
- * that expose common attributes between different OAuth 2.0 Access Token Formats.
+ * Base class for {@link AbstractAuthenticationToken} implementations that expose common
+ * attributes between different OAuth 2.0 Access Token Formats.
  *
  * <p>
  * For example, a {@link Jwt} could expose its {@link Jwt#getClaims() claims} via
  * {@link #getTokenAttributes()} or an &quot;Introspected&quot; OAuth 2.0 Access Token
- * could expose the attributes of the Introspection Response via {@link #getTokenAttributes()}.
+ * could expose the attributes of the Introspection Response via
+ * {@link #getTokenAttributes()}.
  *
  * @author Joe Grandja
  * @since 5.1
  * @see OAuth2AccessToken
  * @see Jwt
- * @see <a target="_blank" href="https://tools.ietf.org/search/rfc7662#section-2.2">2.2 Introspection Response</a>
+ * @see <a target="_blank" href="https://tools.ietf.org/search/rfc7662#section-2.2">2.2
+ * Introspection Response</a>
  */
-public abstract class AbstractOAuth2TokenAuthenticationToken<T extends AbstractOAuth2Token> extends AbstractAuthenticationToken {
+public abstract class AbstractOAuth2TokenAuthenticationToken<T extends AbstractOAuth2Token>
+		extends AbstractAuthenticationToken {
+
 	private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
 
 	private Object principal;
+
 	private Object credentials;
+
 	private T token;
 
 	/**
@@ -59,20 +65,14 @@ public abstract class AbstractOAuth2TokenAuthenticationToken<T extends AbstractO
 
 	/**
 	 * Sub-class constructor.
-	 *
 	 * @param authorities the authorities assigned to the Access Token
 	 */
-	protected AbstractOAuth2TokenAuthenticationToken(
-			T token,
-			Collection<? extends GrantedAuthority> authorities) {
+	protected AbstractOAuth2TokenAuthenticationToken(T token, Collection<? extends GrantedAuthority> authorities) {
 
 		this(token, token, token, authorities);
 	}
 
-	protected AbstractOAuth2TokenAuthenticationToken(
-			T token,
-			Object principal,
-			Object credentials,
+	protected AbstractOAuth2TokenAuthenticationToken(T token, Object principal, Object credentials,
 			Collection<? extends GrantedAuthority> authorities) {
 
 		super(authorities);
@@ -108,8 +108,8 @@ public abstract class AbstractOAuth2TokenAuthenticationToken<T extends AbstractO
 
 	/**
 	 * Returns the attributes of the access token.
-	 *
 	 * @return a {@code Map} of the attributes in the access token.
 	 */
 	public abstract Map<String, Object> getTokenAttributes();
+
 }
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/BearerTokenAuthentication.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/BearerTokenAuthentication.java
index ca0f1ee334..18d2325e2d 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/BearerTokenAuthentication.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/BearerTokenAuthentication.java
@@ -28,8 +28,8 @@ import org.springframework.security.oauth2.core.OAuth2AuthenticatedPrincipal;
 import org.springframework.util.Assert;
 
 /**
- * An {@link org.springframework.security.core.Authentication} token that represents a successful authentication as
- * obtained through a bearer token.
+ * An {@link org.springframework.security.core.Authentication} token that represents a
+ * successful authentication as obtained through a bearer token.
  *
  * @author Josh Cummings
  * @since 5.2
@@ -43,7 +43,6 @@ public class BearerTokenAuthentication extends AbstractOAuth2TokenAuthentication
 
 	/**
 	 * Constructs a {@link BearerTokenAuthentication} with the provided arguments
-	 *
 	 * @param principal The OAuth 2.0 attributes
 	 * @param credentials The verified token
 	 * @param authorities The authorities associated with the given token
@@ -52,7 +51,8 @@ public class BearerTokenAuthentication extends AbstractOAuth2TokenAuthentication
 			Collection<? extends GrantedAuthority> authorities) {
 
 		super(credentials, principal, credentials, authorities);
-		Assert.isTrue(credentials.getTokenType() == OAuth2AccessToken.TokenType.BEARER, "credentials must be a bearer token");
+		Assert.isTrue(credentials.getTokenType() == OAuth2AccessToken.TokenType.BEARER,
+				"credentials must be a bearer token");
 		this.attributes = Collections.unmodifiableMap(new LinkedHashMap<>(principal.getAttributes()));
 		setAuthenticated(true);
 	}
@@ -64,4 +64,5 @@ public class BearerTokenAuthentication extends AbstractOAuth2TokenAuthentication
 	public Map<String, Object> getTokenAttributes() {
 		return this.attributes;
 	}
+
 }
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationConverter.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationConverter.java
index 4b8171e8cb..9cd153f925 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationConverter.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationConverter.java
@@ -32,8 +32,8 @@ import org.springframework.util.Assert;
  * @since 5.1
  */
 public class JwtAuthenticationConverter implements Converter<Jwt, AbstractAuthenticationToken> {
-	private Converter<Jwt, Collection<GrantedAuthority>> jwtGrantedAuthoritiesConverter
-			= new JwtGrantedAuthoritiesConverter();
+
+	private Converter<Jwt, Collection<GrantedAuthority>> jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
 
 	private String principalClaimName;
 
@@ -49,8 +49,8 @@ public class JwtAuthenticationConverter implements Converter<Jwt, AbstractAuthen
 	}
 
 	/**
-	 * Extracts the {@link GrantedAuthority}s from scope attributes typically found in a {@link Jwt}
-	 *
+	 * Extracts the {@link GrantedAuthority}s from scope attributes typically found in a
+	 * {@link Jwt}
 	 * @param jwt The token
 	 * @return The collection of {@link GrantedAuthority}s found on the token
 	 * @deprecated Since 5.2. Use your own custom converter instead
@@ -63,22 +63,20 @@ public class JwtAuthenticationConverter implements Converter<Jwt, AbstractAuthen
 	}
 
 	/**
-	 * Sets the {@link Converter Converter&lt;Jwt, Collection&lt;GrantedAuthority&gt;&gt;} to use.
-	 * Defaults to {@link JwtGrantedAuthoritiesConverter}.
-	 *
+	 * Sets the {@link Converter Converter&lt;Jwt, Collection&lt;GrantedAuthority&gt;&gt;}
+	 * to use. Defaults to {@link JwtGrantedAuthoritiesConverter}.
 	 * @param jwtGrantedAuthoritiesConverter The converter
 	 * @since 5.2
 	 * @see JwtGrantedAuthoritiesConverter
 	 */
-	public void setJwtGrantedAuthoritiesConverter(Converter<Jwt, Collection<GrantedAuthority>> jwtGrantedAuthoritiesConverter) {
+	public void setJwtGrantedAuthoritiesConverter(
+			Converter<Jwt, Collection<GrantedAuthority>> jwtGrantedAuthoritiesConverter) {
 		Assert.notNull(jwtGrantedAuthoritiesConverter, "jwtGrantedAuthoritiesConverter cannot be null");
 		this.jwtGrantedAuthoritiesConverter = jwtGrantedAuthoritiesConverter;
 	}
 
 	/**
-	 * Sets the principal claim name.
-	 * Defaults to {@link JwtClaimNames#SUB}.
-	 *
+	 * Sets the principal claim name. Defaults to {@link JwtClaimNames#SUB}.
 	 * @param principalClaimName The principal claim name
 	 * @since 5.4
 	 */
@@ -86,4 +84,5 @@ public class JwtAuthenticationConverter implements Converter<Jwt, AbstractAuthen
 		Assert.hasText(principalClaimName, "principalClaimName cannot be empty");
 		this.principalClaimName = principalClaimName;
 	}
+
 }
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationProvider.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationProvider.java
index 54b3cc6a67..65e44d8f47 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationProvider.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationProvider.java
@@ -34,21 +34,22 @@ import org.springframework.util.Assert;
 
 /**
  * An {@link AuthenticationProvider} implementation of the {@link Jwt}-encoded
- * <a href="https://tools.ietf.org/html/rfc6750#section-1.2" target="_blank">Bearer Token</a>s
- * for protecting OAuth 2.0 Resource Servers.
+ * <a href="https://tools.ietf.org/html/rfc6750#section-1.2" target="_blank">Bearer
+ * Token</a>s for protecting OAuth 2.0 Resource Servers.
  * <p>
  * <p>
- * This {@link AuthenticationProvider} is responsible for decoding and verifying a {@link Jwt}-encoded access token,
- * returning its claims set as part of the {@link Authentication} statement.
+ * This {@link AuthenticationProvider} is responsible for decoding and verifying a
+ * {@link Jwt}-encoded access token, returning its claims set as part of the
+ * {@link Authentication} statement.
  * <p>
  * <p>
- * Scopes are translated into {@link GrantedAuthority}s according to the following algorithm:
+ * Scopes are translated into {@link GrantedAuthority}s according to the following
+ * algorithm:
  *
- * 1. If there is a "scope" or "scp" attribute, then
- * 		if a {@link String}, then split by spaces and return, or
- * 		if a {@link Collection}, then simply return
- * 2. Take the resulting {@link Collection} of {@link String}s and prepend the "SCOPE_" keyword, adding
- * 		as {@link GrantedAuthority}s.
+ * 1. If there is a "scope" or "scp" attribute, then if a {@link String}, then split by
+ * spaces and return, or if a {@link Collection}, then simply return 2. Take the resulting
+ * {@link Collection} of {@link String}s and prepend the "SCOPE_" keyword, adding as
+ * {@link GrantedAuthority}s.
  *
  * @author Josh Cummings
  * @author Joe Grandja
@@ -57,6 +58,7 @@ import org.springframework.util.Assert;
  * @see JwtDecoder
  */
 public final class JwtAuthenticationProvider implements AuthenticationProvider {
+
 	private final JwtDecoder jwtDecoder;
 
 	private Converter<Jwt, ? extends AbstractAuthenticationToken> jwtAuthenticationConverter = new JwtAuthenticationConverter();
@@ -68,10 +70,9 @@ public final class JwtAuthenticationProvider implements AuthenticationProvider {
 
 	/**
 	 * Decode and validate the
-	 * <a href="https://tools.ietf.org/html/rfc6750#section-1.2" target="_blank">Bearer Token</a>.
-	 *
+	 * <a href="https://tools.ietf.org/html/rfc6750#section-1.2" target="_blank">Bearer
+	 * Token</a>.
 	 * @param authentication the authentication request object.
-	 *
 	 * @return A successful authentication
 	 * @throws AuthenticationException if authentication failed for some reason
 	 */
@@ -82,9 +83,11 @@ public final class JwtAuthenticationProvider implements AuthenticationProvider {
 		Jwt jwt;
 		try {
 			jwt = this.jwtDecoder.decode(bearer.getToken());
-		} catch (BadJwtException failed) {
+		}
+		catch (BadJwtException failed) {
 			throw new InvalidBearerTokenException(failed.getMessage(), failed);
-		} catch (JwtException failed) {
+		}
+		catch (JwtException failed) {
 			throw new AuthenticationServiceException(failed.getMessage(), failed);
 		}
 
@@ -108,4 +111,5 @@ public final class JwtAuthenticationProvider implements AuthenticationProvider {
 		Assert.notNull(jwtAuthenticationConverter, "jwtAuthenticationConverter cannot be null");
 		this.jwtAuthenticationConverter = jwtAuthenticationConverter;
 	}
+
 }
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationToken.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationToken.java
index 44edd9bb55..323880c335 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationToken.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationToken.java
@@ -24,8 +24,8 @@ import org.springframework.security.core.Transient;
 import org.springframework.security.oauth2.jwt.Jwt;
 
 /**
- * An implementation of an {@link AbstractOAuth2TokenAuthenticationToken}
- * representing a {@link Jwt} {@code Authentication}.
+ * An implementation of an {@link AbstractOAuth2TokenAuthenticationToken} representing a
+ * {@link Jwt} {@code Authentication}.
  *
  * @author Joe Grandja
  * @since 5.1
@@ -34,13 +34,13 @@ import org.springframework.security.oauth2.jwt.Jwt;
  */
 @Transient
 public class JwtAuthenticationToken extends AbstractOAuth2TokenAuthenticationToken<Jwt> {
+
 	private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
 
 	private final String name;
 
 	/**
 	 * Constructs a {@code JwtAuthenticationToken} using the provided parameters.
-	 *
 	 * @param jwt the JWT
 	 */
 	public JwtAuthenticationToken(Jwt jwt) {
@@ -50,7 +50,6 @@ public class JwtAuthenticationToken extends AbstractOAuth2TokenAuthenticationTok
 
 	/**
 	 * Constructs a {@code JwtAuthenticationToken} using the provided parameters.
-	 *
 	 * @param jwt the JWT
 	 * @param authorities the authorities assigned to the JWT
 	 */
@@ -62,7 +61,6 @@ public class JwtAuthenticationToken extends AbstractOAuth2TokenAuthenticationTok
 
 	/**
 	 * Constructs a {@code JwtAuthenticationToken} using the provided parameters.
-	 *
 	 * @param jwt the JWT
 	 * @param authorities the authorities assigned to the JWT
 	 * @param name the principal name
@@ -88,4 +86,5 @@ public class JwtAuthenticationToken extends AbstractOAuth2TokenAuthenticationTok
 	public String getName() {
 		return this.name;
 	}
+
 }
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtBearerTokenAuthenticationConverter.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtBearerTokenAuthenticationConverter.java
index 7cd7fd518a..726c98a61a 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtBearerTokenAuthenticationConverter.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtBearerTokenAuthenticationConverter.java
@@ -28,25 +28,29 @@ import org.springframework.security.oauth2.core.OAuth2AuthenticatedPrincipal;
 import org.springframework.security.oauth2.jwt.Jwt;
 
 /**
- * A {@link Converter} that takes a {@link Jwt} and converts it into a {@link BearerTokenAuthentication}.
+ * A {@link Converter} that takes a {@link Jwt} and converts it into a
+ * {@link BearerTokenAuthentication}.
  *
- * In the process, it will attempt to parse either the "scope" or "scp" attribute, whichever it finds first.
+ * In the process, it will attempt to parse either the "scope" or "scp" attribute,
+ * whichever it finds first.
  *
- * It's not intended that this implementation be configured since it is simply an adapter. If you are using,
- * for example, a custom {@link JwtGrantedAuthoritiesConverter}, then it's recommended that you simply
- * create your own {@link Converter} that delegates to your custom {@link JwtGrantedAuthoritiesConverter}
- * and instantiates the appropriate {@link BearerTokenAuthentication}.
+ * It's not intended that this implementation be configured since it is simply an adapter.
+ * If you are using, for example, a custom {@link JwtGrantedAuthoritiesConverter}, then
+ * it's recommended that you simply create your own {@link Converter} that delegates to
+ * your custom {@link JwtGrantedAuthoritiesConverter} and instantiates the appropriate
+ * {@link BearerTokenAuthentication}.
  *
  * @author Josh Cummings
  * @since 5.2
  */
 public final class JwtBearerTokenAuthenticationConverter implements Converter<Jwt, AbstractAuthenticationToken> {
+
 	private final JwtAuthenticationConverter jwtAuthenticationConverter = new JwtAuthenticationConverter();
 
 	@Override
 	public AbstractAuthenticationToken convert(Jwt jwt) {
-		OAuth2AccessToken accessToken = new OAuth2AccessToken(
-				OAuth2AccessToken.TokenType.BEARER, jwt.getTokenValue(), jwt.getIssuedAt(), jwt.getExpiresAt());
+		OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, jwt.getTokenValue(),
+				jwt.getIssuedAt(), jwt.getExpiresAt());
 		Map<String, Object> attributes = jwt.getClaims();
 
 		AbstractAuthenticationToken token = this.jwtAuthenticationConverter.convert(jwt);
@@ -55,4 +59,5 @@ public final class JwtBearerTokenAuthenticationConverter implements Converter<Jw
 		OAuth2AuthenticatedPrincipal principal = new DefaultOAuth2AuthenticatedPrincipal(attributes, authorities);
 		return new BearerTokenAuthentication(principal, accessToken, authorities);
 	}
+
 }
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtGrantedAuthoritiesConverter.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtGrantedAuthoritiesConverter.java
index 2e9eaec2e9..0e800a6d95 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtGrantedAuthoritiesConverter.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtGrantedAuthoritiesConverter.java
@@ -36,10 +36,10 @@ import org.springframework.util.StringUtils;
  * @since 5.2
  */
 public final class JwtGrantedAuthoritiesConverter implements Converter<Jwt, Collection<GrantedAuthority>> {
+
 	private static final String DEFAULT_AUTHORITY_PREFIX = "SCOPE_";
 
-	private static final Collection<String> WELL_KNOWN_AUTHORITIES_CLAIM_NAMES =
-			Arrays.asList("scope", "scp");
+	private static final Collection<String> WELL_KNOWN_AUTHORITIES_CLAIM_NAMES = Arrays.asList("scope", "scp");
 
 	private String authorityPrefix = DEFAULT_AUTHORITY_PREFIX;
 
@@ -47,7 +47,6 @@ public final class JwtGrantedAuthoritiesConverter implements Converter<Jwt, Coll
 
 	/**
 	 * Extract {@link GrantedAuthority}s from the given {@link Jwt}.
-	 *
 	 * @param jwt The {@link Jwt} token
 	 * @return The {@link GrantedAuthority authorities} read from the token scopes
 	 */
@@ -61,9 +60,9 @@ public final class JwtGrantedAuthoritiesConverter implements Converter<Jwt, Coll
 	}
 
 	/**
-	 * Sets the prefix to use for {@link GrantedAuthority authorities} mapped by this converter.
-	 * Defaults to {@link JwtGrantedAuthoritiesConverter#DEFAULT_AUTHORITY_PREFIX}.
-	 *
+	 * Sets the prefix to use for {@link GrantedAuthority authorities} mapped by this
+	 * converter. Defaults to
+	 * {@link JwtGrantedAuthoritiesConverter#DEFAULT_AUTHORITY_PREFIX}.
 	 * @param authorityPrefix The authority prefix
 	 * @since 5.2
 	 */
@@ -73,9 +72,9 @@ public final class JwtGrantedAuthoritiesConverter implements Converter<Jwt, Coll
 	}
 
 	/**
-	 * Sets the name of token claim to use for mapping {@link GrantedAuthority authorities} by this converter.
-	 * Defaults to {@link JwtGrantedAuthoritiesConverter#WELL_KNOWN_AUTHORITIES_CLAIM_NAMES}.
-	 *
+	 * Sets the name of token claim to use for mapping {@link GrantedAuthority
+	 * authorities} by this converter. Defaults to
+	 * {@link JwtGrantedAuthoritiesConverter#WELL_KNOWN_AUTHORITIES_CLAIM_NAMES}.
 	 * @param authoritiesClaimName The token claim name to map authorities
 	 * @since 5.2
 	 */
@@ -109,13 +108,16 @@ public final class JwtGrantedAuthoritiesConverter implements Converter<Jwt, Coll
 		if (authorities instanceof String) {
 			if (StringUtils.hasText((String) authorities)) {
 				return Arrays.asList(((String) authorities).split(" "));
-			} else {
+			}
+			else {
 				return Collections.emptyList();
 			}
-		} else if (authorities instanceof Collection) {
+		}
+		else if (authorities instanceof Collection) {
 			return (Collection<String>) authorities;
 		}
 
 		return Collections.emptyList();
 	}
+
 }
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerAuthenticationManagerResolver.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerAuthenticationManagerResolver.java
index 97cc3d3fe9..86db91c361 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerAuthenticationManagerResolver.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerAuthenticationManagerResolver.java
@@ -39,27 +39,33 @@ import org.springframework.security.oauth2.server.resource.web.DefaultBearerToke
 import org.springframework.util.Assert;
 
 /**
- * An implementation of {@link AuthenticationManagerResolver} that resolves a JWT-based {@link AuthenticationManager}
- * based on the <a href="https://openid.net/specs/openid-connect-core-1_0.html#IssuerIdentifier">Issuer</a> in a
- * signed JWT (JWS).
+ * An implementation of {@link AuthenticationManagerResolver} that resolves a JWT-based
+ * {@link AuthenticationManager} based on the <a href=
+ * "https://openid.net/specs/openid-connect-core-1_0.html#IssuerIdentifier">Issuer</a> in
+ * a signed JWT (JWS).
  *
- * To use, this class must be able to determine whether or not the `iss` claim is trusted. Recall that
- * anyone can stand up an authorization server and issue valid tokens to a resource server. The simplest way
- * to achieve this is to supply a list of trusted issuers in the constructor.
+ * To use, this class must be able to determine whether or not the `iss` claim is trusted.
+ * Recall that anyone can stand up an authorization server and issue valid tokens to a
+ * resource server. The simplest way to achieve this is to supply a list of trusted
+ * issuers in the constructor.
  *
- * This class derives the Issuer from the `iss` claim found in the {@link HttpServletRequest}'s
- * <a href="https://tools.ietf.org/html/rfc6750#section-1.2" target="_blank">Bearer Token</a>.
+ * This class derives the Issuer from the `iss` claim found in the
+ * {@link HttpServletRequest}'s
+ * <a href="https://tools.ietf.org/html/rfc6750#section-1.2" target="_blank">Bearer
+ * Token</a>.
  *
  * @author Josh Cummings
  * @since 5.3
  */
 public final class JwtIssuerAuthenticationManagerResolver implements AuthenticationManagerResolver<HttpServletRequest> {
+
 	private final AuthenticationManagerResolver<String> issuerAuthenticationManagerResolver;
+
 	private final Converter<HttpServletRequest, String> issuerConverter = new JwtClaimIssuerConverter();
 
 	/**
-	 * Construct a {@link JwtIssuerAuthenticationManagerResolver} using the provided parameters
-	 *
+	 * Construct a {@link JwtIssuerAuthenticationManagerResolver} using the provided
+	 * parameters
 	 * @param trustedIssuers a list of trusted issuers
 	 */
 	public JwtIssuerAuthenticationManagerResolver(String... trustedIssuers) {
@@ -67,22 +73,23 @@ public final class JwtIssuerAuthenticationManagerResolver implements Authenticat
 	}
 
 	/**
-	 * Construct a {@link JwtIssuerAuthenticationManagerResolver} using the provided parameters
-	 *
+	 * Construct a {@link JwtIssuerAuthenticationManagerResolver} using the provided
+	 * parameters
 	 * @param trustedIssuers a list of trusted issuers
 	 */
 	public JwtIssuerAuthenticationManagerResolver(Collection<String> trustedIssuers) {
 		Assert.notEmpty(trustedIssuers, "trustedIssuers cannot be empty");
-		this.issuerAuthenticationManagerResolver =
-				new TrustedIssuerJwtAuthenticationManagerResolver
-						(Collections.unmodifiableCollection(trustedIssuers)::contains);
+		this.issuerAuthenticationManagerResolver = new TrustedIssuerJwtAuthenticationManagerResolver(
+				Collections.unmodifiableCollection(trustedIssuers)::contains);
 	}
 
 	/**
-	 * Construct a {@link JwtIssuerAuthenticationManagerResolver} using the provided parameters
+	 * Construct a {@link JwtIssuerAuthenticationManagerResolver} using the provided
+	 * parameters
 	 *
-	 * Note that the {@link AuthenticationManagerResolver} provided in this constructor will need to
-	 * verify that the issuer is trusted. This should be done via an allowlist.
+	 * Note that the {@link AuthenticationManagerResolver} provided in this constructor
+	 * will need to verify that the issuer is trusted. This should be done via an
+	 * allowlist.
 	 *
 	 * One way to achieve this is with a {@link Map} where the keys are the known issuers:
 	 * <pre>
@@ -94,19 +101,20 @@ public final class JwtIssuerAuthenticationManagerResolver implements Authenticat
 	 * </pre>
 	 *
 	 * The keys in the {@link Map} are the allowed issuers.
-	 *
-	 * @param issuerAuthenticationManagerResolver a strategy for resolving the {@link AuthenticationManager} by the issuer
+	 * @param issuerAuthenticationManagerResolver a strategy for resolving the
+	 * {@link AuthenticationManager} by the issuer
 	 */
-	public JwtIssuerAuthenticationManagerResolver(AuthenticationManagerResolver<String> issuerAuthenticationManagerResolver) {
+	public JwtIssuerAuthenticationManagerResolver(
+			AuthenticationManagerResolver<String> issuerAuthenticationManagerResolver) {
 		Assert.notNull(issuerAuthenticationManagerResolver, "issuerAuthenticationManagerResolver cannot be null");
 		this.issuerAuthenticationManagerResolver = issuerAuthenticationManagerResolver;
 	}
 
 	/**
-	 * Return an {@link AuthenticationManager} based off of the `iss` claim found in the request's bearer token
-	 *
-	 * @throws OAuth2AuthenticationException if the bearer token is malformed or an {@link AuthenticationManager}
-	 * can't be derived from the issuer
+	 * Return an {@link AuthenticationManager} based off of the `iss` claim found in the
+	 * request's bearer token
+	 * @throws OAuth2AuthenticationException if the bearer token is malformed or an
+	 * {@link AuthenticationManager} can't be derived from the issuer
 	 */
 	@Override
 	public AuthenticationManager resolve(HttpServletRequest request) {
@@ -118,8 +126,7 @@ public final class JwtIssuerAuthenticationManagerResolver implements Authenticat
 		return authenticationManager;
 	}
 
-	private static class JwtClaimIssuerConverter
-			implements Converter<HttpServletRequest, String> {
+	private static class JwtClaimIssuerConverter implements Converter<HttpServletRequest, String> {
 
 		private final BearerTokenResolver resolver = new DefaultBearerTokenResolver();
 
@@ -131,17 +138,20 @@ public final class JwtIssuerAuthenticationManagerResolver implements Authenticat
 				if (issuer != null) {
 					return issuer;
 				}
-			} catch (Exception e) {
+			}
+			catch (Exception e) {
 				throw new InvalidBearerTokenException(e.getMessage(), e);
 			}
 			throw new InvalidBearerTokenException("Missing issuer");
 		}
+
 	}
 
 	private static class TrustedIssuerJwtAuthenticationManagerResolver
 			implements AuthenticationManagerResolver<String> {
 
 		private final Map<String, AuthenticationManager> authenticationManagers = new ConcurrentHashMap<>();
+
 		private final Predicate<String> trustedIssuer;
 
 		TrustedIssuerJwtAuthenticationManagerResolver(Predicate<String> trustedIssuer) {
@@ -158,5 +168,7 @@ public final class JwtIssuerAuthenticationManagerResolver implements Authenticat
 			}
 			return null;
 		}
+
 	}
+
 }
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerReactiveAuthenticationManagerResolver.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerReactiveAuthenticationManagerResolver.java
index 0328d5ae3b..aa72fcd8c5 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerReactiveAuthenticationManagerResolver.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerReactiveAuthenticationManagerResolver.java
@@ -41,17 +41,20 @@ import org.springframework.util.Assert;
 import org.springframework.web.server.ServerWebExchange;
 
 /**
- * An implementation of {@link ReactiveAuthenticationManagerResolver} that resolves a JWT-based
- * {@link ReactiveAuthenticationManager} based on the
- * <a href="https://openid.net/specs/openid-connect-core-1_0.html#IssuerIdentifier">Issuer</a> in a
- * signed JWT (JWS).
+ * An implementation of {@link ReactiveAuthenticationManagerResolver} that resolves a
+ * JWT-based {@link ReactiveAuthenticationManager} based on the <a href=
+ * "https://openid.net/specs/openid-connect-core-1_0.html#IssuerIdentifier">Issuer</a> in
+ * a signed JWT (JWS).
  *
- * To use, this class must be able to determine whether or not the `iss` claim is trusted. Recall that
- * anyone can stand up an authorization server and issue valid tokens to a resource server. The simplest way
- * to achieve this is to supply a list of trusted issuers in the constructor.
+ * To use, this class must be able to determine whether or not the `iss` claim is trusted.
+ * Recall that anyone can stand up an authorization server and issue valid tokens to a
+ * resource server. The simplest way to achieve this is to supply a list of trusted
+ * issuers in the constructor.
  *
- * This class derives the Issuer from the `iss` claim found in the {@link ServerWebExchange}'s
- * <a href="https://tools.ietf.org/html/rfc6750#section-1.2" target="_blank">Bearer Token</a>.
+ * This class derives the Issuer from the `iss` claim found in the
+ * {@link ServerWebExchange}'s
+ * <a href="https://tools.ietf.org/html/rfc6750#section-1.2" target="_blank">Bearer
+ * Token</a>.
  *
  * @author Josh Cummings
  * @author Roman Matiushchenko
@@ -61,11 +64,12 @@ public final class JwtIssuerReactiveAuthenticationManagerResolver
 		implements ReactiveAuthenticationManagerResolver<ServerWebExchange> {
 
 	private final ReactiveAuthenticationManagerResolver<String> issuerAuthenticationManagerResolver;
+
 	private final Converter<ServerWebExchange, Mono<String>> issuerConverter = new JwtClaimIssuerConverter();
 
 	/**
-	 * Construct a {@link JwtIssuerReactiveAuthenticationManagerResolver} using the provided parameters
-	 *
+	 * Construct a {@link JwtIssuerReactiveAuthenticationManagerResolver} using the
+	 * provided parameters
 	 * @param trustedIssuers a list of trusted issuers
 	 */
 	public JwtIssuerReactiveAuthenticationManagerResolver(String... trustedIssuers) {
@@ -73,21 +77,23 @@ public final class JwtIssuerReactiveAuthenticationManagerResolver
 	}
 
 	/**
-	 * Construct a {@link JwtIssuerReactiveAuthenticationManagerResolver} using the provided parameters
-	 *
+	 * Construct a {@link JwtIssuerReactiveAuthenticationManagerResolver} using the
+	 * provided parameters
 	 * @param trustedIssuers a collection of trusted issuers
 	 */
 	public JwtIssuerReactiveAuthenticationManagerResolver(Collection<String> trustedIssuers) {
 		Assert.notEmpty(trustedIssuers, "trustedIssuers cannot be empty");
-		this.issuerAuthenticationManagerResolver =
-				new TrustedIssuerJwtAuthenticationManagerResolver(new ArrayList<>(trustedIssuers)::contains);
+		this.issuerAuthenticationManagerResolver = new TrustedIssuerJwtAuthenticationManagerResolver(
+				new ArrayList<>(trustedIssuers)::contains);
 	}
 
 	/**
-	 * Construct a {@link JwtIssuerReactiveAuthenticationManagerResolver} using the provided parameters
+	 * Construct a {@link JwtIssuerReactiveAuthenticationManagerResolver} using the
+	 * provided parameters
 	 *
-	 * Note that the {@link ReactiveAuthenticationManagerResolver} provided in this constructor will need to
-	 * verify that the issuer is trusted. This should be done via an allowed list of issuers.
+	 * Note that the {@link ReactiveAuthenticationManagerResolver} provided in this
+	 * constructor will need to verify that the issuer is trusted. This should be done via
+	 * an allowed list of issuers.
 	 *
 	 * One way to achieve this is with a {@link Map} where the keys are the known issuers:
 	 * <pre>
@@ -99,37 +105,32 @@ public final class JwtIssuerReactiveAuthenticationManagerResolver
 	 * </pre>
 	 *
 	 * The keys in the {@link Map} are the trusted issuers.
-	 *
-	 * @param issuerAuthenticationManagerResolver a strategy for resolving the {@link ReactiveAuthenticationManager}
-	 * by the issuer
+	 * @param issuerAuthenticationManagerResolver a strategy for resolving the
+	 * {@link ReactiveAuthenticationManager} by the issuer
 	 */
-	public JwtIssuerReactiveAuthenticationManagerResolver
-			(ReactiveAuthenticationManagerResolver<String> issuerAuthenticationManagerResolver) {
+	public JwtIssuerReactiveAuthenticationManagerResolver(
+			ReactiveAuthenticationManagerResolver<String> issuerAuthenticationManagerResolver) {
 
 		Assert.notNull(issuerAuthenticationManagerResolver, "issuerAuthenticationManagerResolver cannot be null");
 		this.issuerAuthenticationManagerResolver = issuerAuthenticationManagerResolver;
 	}
 
 	/**
-	 * Return an {@link AuthenticationManager} based off of the `iss` claim found in the request's bearer token
-	 *
-	 * @throws OAuth2AuthenticationException if the bearer token is malformed or an {@link ReactiveAuthenticationManager}
-	 * can't be derived from the issuer
+	 * Return an {@link AuthenticationManager} based off of the `iss` claim found in the
+	 * request's bearer token
+	 * @throws OAuth2AuthenticationException if the bearer token is malformed or an
+	 * {@link ReactiveAuthenticationManager} can't be derived from the issuer
 	 */
 	@Override
 	public Mono<ReactiveAuthenticationManager> resolve(ServerWebExchange exchange) {
 		return this.issuerConverter.convert(exchange)
-				.flatMap(issuer ->
-					this.issuerAuthenticationManagerResolver.resolve(issuer).switchIfEmpty(
-							Mono.error(() -> new InvalidBearerTokenException("Invalid issuer " + issuer)))
-				);
+				.flatMap(issuer -> this.issuerAuthenticationManagerResolver.resolve(issuer)
+						.switchIfEmpty(Mono.error(() -> new InvalidBearerTokenException("Invalid issuer " + issuer))));
 	}
 
-	private static class JwtClaimIssuerConverter
-			implements Converter<ServerWebExchange, Mono<String>> {
+	private static class JwtClaimIssuerConverter implements Converter<ServerWebExchange, Mono<String>> {
 
-		private final ServerBearerTokenAuthenticationConverter converter =
-				new ServerBearerTokenAuthenticationConverter();
+		private final ServerBearerTokenAuthenticationConverter converter = new ServerBearerTokenAuthenticationConverter();
 
 		@Override
 		public Mono<String> convert(@NonNull ServerWebExchange exchange) {
@@ -139,21 +140,24 @@ public final class JwtIssuerReactiveAuthenticationManagerResolver
 					String issuer = JWTParser.parse(token.getToken()).getJWTClaimsSet().getIssuer();
 					if (issuer == null) {
 						throw new InvalidBearerTokenException("Missing issuer");
-					} else {
+					}
+					else {
 						return issuer;
 					}
-				} catch (Exception e) {
-					throw  new InvalidBearerTokenException(e.getMessage(), e);
+				}
+				catch (Exception e) {
+					throw new InvalidBearerTokenException(e.getMessage(), e);
 				}
 			});
 		}
+
 	}
 
 	private static class TrustedIssuerJwtAuthenticationManagerResolver
 			implements ReactiveAuthenticationManagerResolver<String> {
 
-		private final Map<String, Mono<ReactiveAuthenticationManager>> authenticationManagers =
-				new ConcurrentHashMap<>();
+		private final Map<String, Mono<ReactiveAuthenticationManager>> authenticationManagers = new ConcurrentHashMap<>();
+
 		private final Predicate<String> trustedIssuer;
 
 		TrustedIssuerJwtAuthenticationManagerResolver(Predicate<String> trustedIssuer) {
@@ -165,12 +169,12 @@ public final class JwtIssuerReactiveAuthenticationManagerResolver
 			if (!this.trustedIssuer.test(issuer)) {
 				return Mono.empty();
 			}
-			return this.authenticationManagers.computeIfAbsent(issuer, k ->
-					Mono.<ReactiveAuthenticationManager>fromCallable(() ->
-							new JwtReactiveAuthenticationManager(ReactiveJwtDecoders.fromIssuerLocation(k))
-					)
-					.subscribeOn(Schedulers.boundedElastic())
-					.cache());
+			return this.authenticationManagers.computeIfAbsent(issuer,
+					k -> Mono.<ReactiveAuthenticationManager>fromCallable(
+							() -> new JwtReactiveAuthenticationManager(ReactiveJwtDecoders.fromIssuerLocation(k)))
+							.subscribeOn(Schedulers.boundedElastic()).cache());
 		}
+
 	}
+
 }
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtReactiveAuthenticationManager.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtReactiveAuthenticationManager.java
index ab877b2181..a246841a66 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtReactiveAuthenticationManager.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtReactiveAuthenticationManager.java
@@ -39,10 +39,11 @@ import org.springframework.util.Assert;
  * @since 5.1
  */
 public final class JwtReactiveAuthenticationManager implements ReactiveAuthenticationManager {
+
 	private final ReactiveJwtDecoder jwtDecoder;
 
-	private Converter<Jwt, ? extends Mono<? extends AbstractAuthenticationToken>> jwtAuthenticationConverter
-			= new ReactiveJwtAuthenticationConverterAdapter(new JwtAuthenticationConverter());
+	private Converter<Jwt, ? extends Mono<? extends AbstractAuthenticationToken>> jwtAuthenticationConverter = new ReactiveJwtAuthenticationConverterAdapter(
+			new JwtAuthenticationConverter());
 
 	public JwtReactiveAuthenticationManager(ReactiveJwtDecoder jwtDecoder) {
 		Assert.notNull(jwtDecoder, "jwtDecoder cannot be null");
@@ -51,19 +52,15 @@ public final class JwtReactiveAuthenticationManager implements ReactiveAuthentic
 
 	@Override
 	public Mono<Authentication> authenticate(Authentication authentication) {
-		return Mono.justOrEmpty(authentication)
-				.filter(a -> a instanceof  BearerTokenAuthenticationToken)
-				.cast(BearerTokenAuthenticationToken.class)
-				.map(BearerTokenAuthenticationToken::getToken)
-				.flatMap(this.jwtDecoder::decode)
-				.flatMap(this.jwtAuthenticationConverter::convert)
-				.cast(Authentication.class)
-				.onErrorMap(JwtException.class, this::onError);
+		return Mono.justOrEmpty(authentication).filter(a -> a instanceof BearerTokenAuthenticationToken)
+				.cast(BearerTokenAuthenticationToken.class).map(BearerTokenAuthenticationToken::getToken)
+				.flatMap(this.jwtDecoder::decode).flatMap(this.jwtAuthenticationConverter::convert)
+				.cast(Authentication.class).onErrorMap(JwtException.class, this::onError);
 	}
 
 	/**
-	 * Use the given {@link Converter} for converting a {@link Jwt} into an {@link AbstractAuthenticationToken}.
-	 *
+	 * Use the given {@link Converter} for converting a {@link Jwt} into an
+	 * {@link AbstractAuthenticationToken}.
 	 * @param jwtAuthenticationConverter the {@link Converter} to use
 	 */
 	public void setJwtAuthenticationConverter(
@@ -76,8 +73,10 @@ public final class JwtReactiveAuthenticationManager implements ReactiveAuthentic
 	private AuthenticationException onError(JwtException e) {
 		if (e instanceof BadJwtException) {
 			return new InvalidBearerTokenException(e.getMessage(), e);
-		} else {
+		}
+		else {
 			return new AuthenticationServiceException(e.getMessage(), e);
 		}
 	}
+
 }
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenAuthenticationProvider.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenAuthenticationProvider.java
index f1818b73ac..698062b743 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenAuthenticationProvider.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenAuthenticationProvider.java
@@ -38,20 +38,22 @@ import static org.springframework.security.oauth2.server.resource.introspection.
 
 /**
  * An {@link AuthenticationProvider} implementation for opaque
- * <a href="https://tools.ietf.org/html/rfc6750#section-1.2" target="_blank">Bearer Token</a>s,
- * using an
- * <a href="https://tools.ietf.org/html/rfc7662" target="_blank">OAuth 2.0 Introspection Endpoint</a>
- * to check the token's validity and reveal its attributes.
+ * <a href="https://tools.ietf.org/html/rfc6750#section-1.2" target="_blank">Bearer
+ * Token</a>s, using an
+ * <a href="https://tools.ietf.org/html/rfc7662" target="_blank">OAuth 2.0 Introspection
+ * Endpoint</a> to check the token's validity and reveal its attributes.
  * <p>
- * This {@link AuthenticationProvider} is responsible for introspecting and verifying an opaque access token,
- * returning its attributes set as part of the {@link Authentication} statement.
+ * This {@link AuthenticationProvider} is responsible for introspecting and verifying an
+ * opaque access token, returning its attributes set as part of the {@link Authentication}
+ * statement.
  * <p>
- * Scopes are translated into {@link GrantedAuthority}s according to the following algorithm:
+ * Scopes are translated into {@link GrantedAuthority}s according to the following
+ * algorithm:
  * <ol>
- * <li>
- * If there is a "scope" attribute, then convert to a {@link Collection} of {@link String}s.
- * <li>
- * Take the resulting {@link Collection} and prepend the "SCOPE_" keyword to each element, adding as {@link GrantedAuthority}s.
+ * <li>If there is a "scope" attribute, then convert to a {@link Collection} of
+ * {@link String}s.
+ * <li>Take the resulting {@link Collection} and prepend the "SCOPE_" keyword to each
+ * element, adding as {@link GrantedAuthority}s.
  * </ol>
  *
  * @author Josh Cummings
@@ -59,11 +61,11 @@ import static org.springframework.security.oauth2.server.resource.introspection.
  * @see AuthenticationProvider
  */
 public final class OpaqueTokenAuthenticationProvider implements AuthenticationProvider {
+
 	private OpaqueTokenIntrospector introspector;
 
 	/**
 	 * Creates a {@code OpaqueTokenAuthenticationProvider} with the provided parameters
-	 *
 	 * @param introspector The {@link OpaqueTokenIntrospector} to use
 	 */
 	public OpaqueTokenAuthenticationProvider(OpaqueTokenIntrospector introspector) {
@@ -73,10 +75,9 @@ public final class OpaqueTokenAuthenticationProvider implements AuthenticationPr
 
 	/**
 	 * Introspect and validate the opaque
-	 * <a href="https://tools.ietf.org/html/rfc6750#section-1.2" target="_blank">Bearer Token</a>.
-	 *
+	 * <a href="https://tools.ietf.org/html/rfc6750#section-1.2" target="_blank">Bearer
+	 * Token</a>.
 	 * @param authentication the authentication request object.
-	 *
 	 * @return A successful authentication
 	 * @throws AuthenticationException if authentication failed for some reason
 	 */
@@ -90,9 +91,11 @@ public final class OpaqueTokenAuthenticationProvider implements AuthenticationPr
 		OAuth2AuthenticatedPrincipal principal;
 		try {
 			principal = this.introspector.introspect(bearer.getToken());
-		} catch (BadOpaqueTokenException failed) {
+		}
+		catch (BadOpaqueTokenException failed) {
 			throw new InvalidBearerTokenException(failed.getMessage());
-		} catch (OAuth2IntrospectionException failed) {
+		}
+		catch (OAuth2IntrospectionException failed) {
 			throw new AuthenticationServiceException(failed.getMessage());
 		}
 
@@ -112,8 +115,8 @@ public final class OpaqueTokenAuthenticationProvider implements AuthenticationPr
 	private AbstractAuthenticationToken convert(OAuth2AuthenticatedPrincipal principal, String token) {
 		Instant iat = principal.getAttribute(ISSUED_AT);
 		Instant exp = principal.getAttribute(EXPIRES_AT);
-		OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,
-				token, iat, exp);
+		OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, token, iat, exp);
 		return new BearerTokenAuthentication(principal, accessToken, principal.getAuthorities());
 	}
+
 }
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenReactiveAuthenticationManager.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenReactiveAuthenticationManager.java
index 30a918a4da..95e763bd9a 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenReactiveAuthenticationManager.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenReactiveAuthenticationManager.java
@@ -39,20 +39,22 @@ import static org.springframework.security.oauth2.server.resource.introspection.
 
 /**
  * An {@link ReactiveAuthenticationManager} implementation for opaque
- * <a href="https://tools.ietf.org/html/rfc6750#section-1.2" target="_blank">Bearer Token</a>s,
- * using an
- * <a href="https://tools.ietf.org/html/rfc7662" target="_blank">OAuth 2.0 Introspection Endpoint</a>
- * to check the token's validity and reveal its attributes.
+ * <a href="https://tools.ietf.org/html/rfc6750#section-1.2" target="_blank">Bearer
+ * Token</a>s, using an
+ * <a href="https://tools.ietf.org/html/rfc7662" target="_blank">OAuth 2.0 Introspection
+ * Endpoint</a> to check the token's validity and reveal its attributes.
  * <p>
- * This {@link ReactiveAuthenticationManager} is responsible for introspecting and verifying an opaque access token,
- * returning its attributes set as part of the {@link Authentication} statement.
+ * This {@link ReactiveAuthenticationManager} is responsible for introspecting and
+ * verifying an opaque access token, returning its attributes set as part of the
+ * {@link Authentication} statement.
  * <p>
- * Scopes are translated into {@link GrantedAuthority}s according to the following algorithm:
+ * Scopes are translated into {@link GrantedAuthority}s according to the following
+ * algorithm:
  * <ol>
- * <li>
- * If there is a "scope" attribute, then convert to a {@link Collection} of {@link String}s.
- * <li>
- * Take the resulting {@link Collection} and prepend the "SCOPE_" keyword to each element, adding as {@link GrantedAuthority}s.
+ * <li>If there is a "scope" attribute, then convert to a {@link Collection} of
+ * {@link String}s.
+ * <li>Take the resulting {@link Collection} and prepend the "SCOPE_" keyword to each
+ * element, adding as {@link GrantedAuthority}s.
  * </ol>
  *
  * @author Josh Cummings
@@ -60,11 +62,12 @@ import static org.springframework.security.oauth2.server.resource.introspection.
  * @see ReactiveAuthenticationManager
  */
 public class OpaqueTokenReactiveAuthenticationManager implements ReactiveAuthenticationManager {
+
 	private ReactiveOpaqueTokenIntrospector introspector;
 
 	/**
-	 * Creates a {@code OpaqueTokenReactiveAuthenticationManager} with the provided parameters
-	 *
+	 * Creates a {@code OpaqueTokenReactiveAuthenticationManager} with the provided
+	 * parameters
 	 * @param introspector The {@link ReactiveOpaqueTokenIntrospector} to use
 	 */
 	public OpaqueTokenReactiveAuthenticationManager(ReactiveOpaqueTokenIntrospector introspector) {
@@ -74,33 +77,29 @@ public class OpaqueTokenReactiveAuthenticationManager implements ReactiveAuthent
 
 	@Override
 	public Mono<Authentication> authenticate(Authentication authentication) {
-		return Mono.justOrEmpty(authentication)
-				.filter(BearerTokenAuthenticationToken.class::isInstance)
-				.cast(BearerTokenAuthenticationToken.class)
-				.map(BearerTokenAuthenticationToken::getToken)
-				.flatMap(this::authenticate)
-				.cast(Authentication.class);
+		return Mono.justOrEmpty(authentication).filter(BearerTokenAuthenticationToken.class::isInstance)
+				.cast(BearerTokenAuthenticationToken.class).map(BearerTokenAuthenticationToken::getToken)
+				.flatMap(this::authenticate).cast(Authentication.class);
 	}
 
 	private Mono<BearerTokenAuthentication> authenticate(String token) {
-		return this.introspector.introspect(token)
-				.map(principal -> {
-					Instant iat = principal.getAttribute(ISSUED_AT);
-					Instant exp = principal.getAttribute(EXPIRES_AT);
+		return this.introspector.introspect(token).map(principal -> {
+			Instant iat = principal.getAttribute(ISSUED_AT);
+			Instant exp = principal.getAttribute(EXPIRES_AT);
 
-					// construct token
-					OAuth2AccessToken accessToken =
-							new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, token, iat, exp);
-					return new BearerTokenAuthentication(principal, accessToken, principal.getAuthorities());
-				})
-				.onErrorMap(OAuth2IntrospectionException.class, this::onError);
+			// construct token
+			OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, token, iat, exp);
+			return new BearerTokenAuthentication(principal, accessToken, principal.getAuthorities());
+		}).onErrorMap(OAuth2IntrospectionException.class, this::onError);
 	}
 
 	private AuthenticationException onError(OAuth2IntrospectionException e) {
 		if (e instanceof BadOpaqueTokenException) {
 			return new InvalidBearerTokenException(e.getMessage(), e);
-		} else {
+		}
+		else {
 			return new AuthenticationServiceException(e.getMessage(), e);
 		}
 	}
+
 }
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtAuthenticationConverter.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtAuthenticationConverter.java
index 4bd8ba0d58..51e80f776b 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtAuthenticationConverter.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtAuthenticationConverter.java
@@ -26,32 +26,33 @@ import org.springframework.security.oauth2.jwt.Jwt;
 import org.springframework.util.Assert;
 
 /**
- * Reactive version of {@link JwtAuthenticationConverter} for converting a {@link Jwt}
- * to a {@link AbstractAuthenticationToken Mono&lt;AbstractAuthenticationToken&gt;}.
+ * Reactive version of {@link JwtAuthenticationConverter} for converting a {@link Jwt} to
+ * a {@link AbstractAuthenticationToken Mono&lt;AbstractAuthenticationToken&gt;}.
  *
  * @author Eric Deandrea
  * @since 5.2
  */
 public final class ReactiveJwtAuthenticationConverter implements Converter<Jwt, Mono<AbstractAuthenticationToken>> {
-	private Converter<Jwt, Flux<GrantedAuthority>> jwtGrantedAuthoritiesConverter
-			= new ReactiveJwtGrantedAuthoritiesConverterAdapter(new JwtGrantedAuthoritiesConverter());
+
+	private Converter<Jwt, Flux<GrantedAuthority>> jwtGrantedAuthoritiesConverter = new ReactiveJwtGrantedAuthoritiesConverterAdapter(
+			new JwtGrantedAuthoritiesConverter());
 
 	@Override
 	public Mono<AbstractAuthenticationToken> convert(Jwt jwt) {
-		return this.jwtGrantedAuthoritiesConverter.convert(jwt)
-				.collectList()
+		return this.jwtGrantedAuthoritiesConverter.convert(jwt).collectList()
 				.map(authorities -> new JwtAuthenticationToken(jwt, authorities));
 	}
 
 	/**
-	 * Sets the {@link Converter Converter&lt;Jwt, Flux&lt;GrantedAuthority&gt;&gt;} to use.
-	 * Defaults to a reactive {@link JwtGrantedAuthoritiesConverter}.
-	 *
+	 * Sets the {@link Converter Converter&lt;Jwt, Flux&lt;GrantedAuthority&gt;&gt;} to
+	 * use. Defaults to a reactive {@link JwtGrantedAuthoritiesConverter}.
 	 * @param jwtGrantedAuthoritiesConverter The converter
 	 * @see JwtGrantedAuthoritiesConverter
 	 */
-	public void setJwtGrantedAuthoritiesConverter(Converter<Jwt, Flux<GrantedAuthority>> jwtGrantedAuthoritiesConverter) {
+	public void setJwtGrantedAuthoritiesConverter(
+			Converter<Jwt, Flux<GrantedAuthority>> jwtGrantedAuthoritiesConverter) {
 		Assert.notNull(jwtGrantedAuthoritiesConverter, "jwtGrantedAuthoritiesConverter cannot be null");
 		this.jwtGrantedAuthoritiesConverter = jwtGrantedAuthoritiesConverter;
 	}
+
 }
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtAuthenticationConverterAdapter.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtAuthenticationConverterAdapter.java
index 1727b67086..c868cacfdb 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtAuthenticationConverterAdapter.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtAuthenticationConverterAdapter.java
@@ -30,6 +30,7 @@ import org.springframework.util.Assert;
  * @since 5.1.1
  */
 public class ReactiveJwtAuthenticationConverterAdapter implements Converter<Jwt, Mono<AbstractAuthenticationToken>> {
+
 	private final Converter<Jwt, AbstractAuthenticationToken> delegate;
 
 	public ReactiveJwtAuthenticationConverterAdapter(Converter<Jwt, AbstractAuthenticationToken> delegate) {
@@ -40,4 +41,5 @@ public class ReactiveJwtAuthenticationConverterAdapter implements Converter<Jwt,
 	public final Mono<AbstractAuthenticationToken> convert(Jwt jwt) {
 		return Mono.just(jwt).map(this.delegate::convert);
 	}
+
 }
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtGrantedAuthoritiesConverterAdapter.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtGrantedAuthoritiesConverterAdapter.java
index cf98c33706..5dc1b81df2 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtGrantedAuthoritiesConverterAdapter.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtGrantedAuthoritiesConverterAdapter.java
@@ -26,11 +26,11 @@ import org.springframework.security.oauth2.jwt.Jwt;
 import org.springframework.util.Assert;
 
 /**
- * Adapts a {@link Converter Converter&lt;Jwt, Collection&lt;GrantedAuthority&gt;&gt;} to a
- * {@link Converter Converter&lt;Jwt, Flux&lt;GrantedAuthority&gt;&gt;}.
+ * Adapts a {@link Converter Converter&lt;Jwt, Collection&lt;GrantedAuthority&gt;&gt;} to
+ * a {@link Converter Converter&lt;Jwt, Flux&lt;GrantedAuthority&gt;&gt;}.
  * <p>
- *   Make sure the {@link Converter Converter&lt;Jwt, Collection&lt;GrantedAuthority&gt;&gt;}
- *   being adapted is non-blocking.
+ * Make sure the {@link Converter Converter&lt;Jwt,
+ * Collection&lt;GrantedAuthority&gt;&gt;} being adapted is non-blocking.
  * </p>
  *
  * @author Eric Deandrea
@@ -38,9 +38,11 @@ import org.springframework.util.Assert;
  * @see JwtGrantedAuthoritiesConverter
  */
 public final class ReactiveJwtGrantedAuthoritiesConverterAdapter implements Converter<Jwt, Flux<GrantedAuthority>> {
+
 	private final Converter<Jwt, Collection<GrantedAuthority>> grantedAuthoritiesConverter;
 
-	public ReactiveJwtGrantedAuthoritiesConverterAdapter(Converter<Jwt, Collection<GrantedAuthority>> grantedAuthoritiesConverter) {
+	public ReactiveJwtGrantedAuthoritiesConverterAdapter(
+			Converter<Jwt, Collection<GrantedAuthority>> grantedAuthoritiesConverter) {
 		Assert.notNull(grantedAuthoritiesConverter, "grantedAuthoritiesConverter cannot be null");
 		this.grantedAuthoritiesConverter = grantedAuthoritiesConverter;
 	}
@@ -49,4 +51,5 @@ public final class ReactiveJwtGrantedAuthoritiesConverterAdapter implements Conv
 	public Flux<GrantedAuthority> convert(Jwt jwt) {
 		return Flux.fromIterable(this.grantedAuthoritiesConverter.convert(jwt));
 	}
+
 }
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/package-info.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/package-info.java
index 2ee786b68e..3b022e8675 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/package-info.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/package-info.java
@@ -15,6 +15,7 @@
  */
 
 /**
- * OAuth 2.0 Resource Server {@code Authentication}s and supporting classes and interfaces.
+ * OAuth 2.0 Resource Server {@code Authentication}s and supporting classes and
+ * interfaces.
  */
 package org.springframework.security.oauth2.server.resource.authentication;
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/BadOpaqueTokenException.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/BadOpaqueTokenException.java
index b190400cae..5e155c8bce 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/BadOpaqueTokenException.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/BadOpaqueTokenException.java
@@ -17,13 +17,15 @@
 package org.springframework.security.oauth2.server.resource.introspection;
 
 /**
- * An exception similar to {@link org.springframework.security.authentication.BadCredentialsException}
- * that indicates an opaque token that is invalid in some way.
+ * An exception similar to
+ * {@link org.springframework.security.authentication.BadCredentialsException} that
+ * indicates an opaque token that is invalid in some way.
  *
  * @author Josh Cummings
  * @since 5.3
  */
 public class BadOpaqueTokenException extends OAuth2IntrospectionException {
+
 	public BadOpaqueTokenException(String message) {
 		super(message);
 	}
@@ -31,4 +33,5 @@ public class BadOpaqueTokenException extends OAuth2IntrospectionException {
 	public BadOpaqueTokenException(String message, Throwable cause) {
 		super(message, cause);
 	}
+
 }
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/NimbusOpaqueTokenIntrospector.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/NimbusOpaqueTokenIntrospector.java
index 440ba8b9c4..a6b1ff2521 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/NimbusOpaqueTokenIntrospector.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/NimbusOpaqueTokenIntrospector.java
@@ -55,23 +55,25 @@ import static org.springframework.security.oauth2.server.resource.introspection.
 import static org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionClaimNames.SCOPE;
 
 /**
- * A Nimbus implementation of {@link OpaqueTokenIntrospector} that verifies and introspects
- * a token using the configured
- * <a href="https://tools.ietf.org/html/rfc7662" target="_blank">OAuth 2.0 Introspection Endpoint</a>.
+ * A Nimbus implementation of {@link OpaqueTokenIntrospector} that verifies and
+ * introspects a token using the configured
+ * <a href="https://tools.ietf.org/html/rfc7662" target="_blank">OAuth 2.0 Introspection
+ * Endpoint</a>.
  *
  * @author Josh Cummings
  * @author MD Sayem Ahmed
  * @since 5.2
  */
 public class NimbusOpaqueTokenIntrospector implements OpaqueTokenIntrospector {
+
 	private Converter<String, RequestEntity<?>> requestEntityConverter;
+
 	private RestOperations restOperations;
 
 	private final String authorityPrefix = "SCOPE_";
 
 	/**
 	 * Creates a {@code OpaqueTokenAuthenticationProvider} with the provided parameters
-	 *
 	 * @param introspectionUri The introspection endpoint uri
 	 * @param clientId The client id authorized to introspect
 	 * @param clientSecret The client's secret
@@ -90,9 +92,8 @@ public class NimbusOpaqueTokenIntrospector implements OpaqueTokenIntrospector {
 	/**
 	 * Creates a {@code OpaqueTokenAuthenticationProvider} with the provided parameters
 	 *
-	 * The given {@link RestOperations} should perform its own client authentication against the
-	 * introspection endpoint.
-	 *
+	 * The given {@link RestOperations} should perform its own client authentication
+	 * against the introspection endpoint.
 	 * @param introspectionUri The introspection endpoint uri
 	 * @param restOperations The client for performing the introspection request
 	 */
@@ -139,7 +140,8 @@ public class NimbusOpaqueTokenIntrospector implements OpaqueTokenIntrospector {
 		TokenIntrospectionResponse introspectionResponse = parseNimbusResponse(httpResponse);
 		TokenIntrospectionSuccessResponse introspectionSuccessResponse = castToNimbusSuccess(introspectionResponse);
 
-		// relying solely on the authorization server to validate this token (not checking 'exp', for example)
+		// relying solely on the authorization server to validate this token (not checking
+		// 'exp', for example)
 		if (!introspectionSuccessResponse.isActive()) {
 			throw new BadOpaqueTokenException("Provided token isn't active");
 		}
@@ -148,11 +150,10 @@ public class NimbusOpaqueTokenIntrospector implements OpaqueTokenIntrospector {
 	}
 
 	/**
-	 * Sets the {@link Converter} used for converting the OAuth 2.0 access token to a {@link RequestEntity}
-	 * representation of the OAuth 2.0 token introspection request.
-	 *
-	 * @param requestEntityConverter the {@link Converter} used for converting to a {@link RequestEntity} representation
-	 *                               of the token introspection request
+	 * Sets the {@link Converter} used for converting the OAuth 2.0 access token to a
+	 * {@link RequestEntity} representation of the OAuth 2.0 token introspection request.
+	 * @param requestEntityConverter the {@link Converter} used for converting to a
+	 * {@link RequestEntity} representation of the token introspection request
 	 */
 	public void setRequestEntityConverter(Converter<String, RequestEntity<?>> requestEntityConverter) {
 		Assert.notNull(requestEntityConverter, "requestEntityConverter cannot be null");
@@ -163,7 +164,8 @@ public class NimbusOpaqueTokenIntrospector implements OpaqueTokenIntrospector {
 	private ResponseEntity<String> makeRequest(RequestEntity<?> requestEntity) {
 		try {
 			return this.restOperations.exchange(requestEntity, String.class);
-		} catch (Exception ex) {
+		}
+		catch (Exception ex) {
 			throw new OAuth2IntrospectionException(ex.getMessage(), ex);
 		}
 	}
@@ -174,8 +176,7 @@ public class NimbusOpaqueTokenIntrospector implements OpaqueTokenIntrospector {
 		response.setContent(responseEntity.getBody());
 
 		if (response.getStatusCode() != HTTPResponse.SC_OK) {
-			throw new OAuth2IntrospectionException(
-					"Introspection endpoint responded with " + response.getStatusCode());
+			throw new OAuth2IntrospectionException("Introspection endpoint responded with " + response.getStatusCode());
 		}
 		return response;
 	}
@@ -183,7 +184,8 @@ public class NimbusOpaqueTokenIntrospector implements OpaqueTokenIntrospector {
 	private TokenIntrospectionResponse parseNimbusResponse(HTTPResponse response) {
 		try {
 			return TokenIntrospectionResponse.parse(response);
-		} catch (Exception ex) {
+		}
+		catch (Exception ex) {
 			throw new OAuth2IntrospectionException(ex.getMessage(), ex);
 		}
 	}
@@ -237,8 +239,10 @@ public class NimbusOpaqueTokenIntrospector implements OpaqueTokenIntrospector {
 	private URL issuer(String uri) {
 		try {
 			return new URL(uri);
-		} catch (Exception ex) {
+		}
+		catch (Exception ex) {
 			throw new OAuth2IntrospectionException("Invalid " + ISSUER + " value: " + uri);
 		}
 	}
+
 }
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/NimbusReactiveOpaqueTokenIntrospector.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/NimbusReactiveOpaqueTokenIntrospector.java
index 05c1e9c4c3..81b27931ca 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/NimbusReactiveOpaqueTokenIntrospector.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/NimbusReactiveOpaqueTokenIntrospector.java
@@ -52,22 +52,25 @@ import static org.springframework.security.oauth2.server.resource.introspection.
 import static org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionClaimNames.SCOPE;
 
 /**
- * A Nimbus implementation of {@link ReactiveOpaqueTokenIntrospector} that verifies and introspects
- * a token using the configured
- * <a href="https://tools.ietf.org/html/rfc7662" target="_blank">OAuth 2.0 Introspection Endpoint</a>.
+ * A Nimbus implementation of {@link ReactiveOpaqueTokenIntrospector} that verifies and
+ * introspects a token using the configured
+ * <a href="https://tools.ietf.org/html/rfc7662" target="_blank">OAuth 2.0 Introspection
+ * Endpoint</a>.
  *
  * @author Josh Cummings
  * @since 5.2
  */
 public class NimbusReactiveOpaqueTokenIntrospector implements ReactiveOpaqueTokenIntrospector {
+
 	private URI introspectionUri;
+
 	private WebClient webClient;
 
 	private String authorityPrefix = "SCOPE_";
 
 	/**
-	 * Creates a {@code OpaqueTokenReactiveAuthenticationManager} with the provided parameters
-	 *
+	 * Creates a {@code OpaqueTokenReactiveAuthenticationManager} with the provided
+	 * parameters
 	 * @param introspectionUri The introspection endpoint uri
 	 * @param clientId The client id authorized to introspect
 	 * @param clientSecret The client secret for the authorized client
@@ -78,14 +81,12 @@ public class NimbusReactiveOpaqueTokenIntrospector implements ReactiveOpaqueToke
 		Assert.notNull(clientSecret, "clientSecret cannot be null");
 
 		this.introspectionUri = URI.create(introspectionUri);
-		this.webClient = WebClient.builder()
-				.defaultHeaders(h -> h.setBasicAuth(clientId, clientSecret))
-				.build();
+		this.webClient = WebClient.builder().defaultHeaders(h -> h.setBasicAuth(clientId, clientSecret)).build();
 	}
 
 	/**
-	 * Creates a {@code OpaqueTokenReactiveAuthenticationManager} with the provided parameters
-	 *
+	 * Creates a {@code OpaqueTokenReactiveAuthenticationManager} with the provided
+	 * parameters
 	 * @param introspectionUri The introspection endpoint uri
 	 * @param webClient The client for performing the introspection request
 	 */
@@ -102,42 +103,34 @@ public class NimbusReactiveOpaqueTokenIntrospector implements ReactiveOpaqueToke
 	 */
 	@Override
 	public Mono<OAuth2AuthenticatedPrincipal> introspect(String token) {
-		return Mono.just(token)
-				.flatMap(this::makeRequest)
-				.flatMap(this::adaptToNimbusResponse)
-				.map(this::parseNimbusResponse)
-				.map(this::castToNimbusSuccess)
-				.doOnNext(response -> validate(token, response))
-				.map(this::convertClaimsSet)
+		return Mono.just(token).flatMap(this::makeRequest).flatMap(this::adaptToNimbusResponse)
+				.map(this::parseNimbusResponse).map(this::castToNimbusSuccess)
+				.doOnNext(response -> validate(token, response)).map(this::convertClaimsSet)
 				.onErrorMap(e -> !(e instanceof OAuth2IntrospectionException), this::onError);
 	}
 
 	private Mono<ClientResponse> makeRequest(String token) {
-		return this.webClient.post()
-				.uri(this.introspectionUri)
+		return this.webClient.post().uri(this.introspectionUri)
 				.header(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_UTF8_VALUE)
-				.body(BodyInserters.fromFormData("token", token))
-				.exchange();
+				.body(BodyInserters.fromFormData("token", token)).exchange();
 	}
 
 	private Mono<HTTPResponse> adaptToNimbusResponse(ClientResponse responseEntity) {
 		HTTPResponse response = new HTTPResponse(responseEntity.rawStatusCode());
 		response.setHeader(HttpHeaders.CONTENT_TYPE, responseEntity.headers().contentType().get().toString());
 		if (response.getStatusCode() != HTTPResponse.SC_OK) {
-			return responseEntity.bodyToFlux(DataBuffer.class)
-				.map(DataBufferUtils::release)
-				.then(Mono.error(new OAuth2IntrospectionException(
-					"Introspection endpoint responded with " + response.getStatusCode())));
+			return responseEntity.bodyToFlux(DataBuffer.class).map(DataBufferUtils::release)
+					.then(Mono.error(new OAuth2IntrospectionException(
+							"Introspection endpoint responded with " + response.getStatusCode())));
 		}
-		return responseEntity.bodyToMono(String.class)
-				.doOnNext(response::setContent)
-				.map(body -> response);
+		return responseEntity.bodyToMono(String.class).doOnNext(response::setContent).map(body -> response);
 	}
 
 	private TokenIntrospectionResponse parseNimbusResponse(HTTPResponse response) {
 		try {
 			return TokenIntrospectionResponse.parse(response);
-		} catch (Exception ex) {
+		}
+		catch (Exception ex) {
 			throw new OAuth2IntrospectionException(ex.getMessage(), ex);
 		}
 	}
@@ -150,7 +143,8 @@ public class NimbusReactiveOpaqueTokenIntrospector implements ReactiveOpaqueToke
 	}
 
 	private void validate(String token, TokenIntrospectionSuccessResponse response) {
-		// relying solely on the authorization server to validate this token (not checking 'exp', for example)
+		// relying solely on the authorization server to validate this token (not checking
+		// 'exp', for example)
 		if (!response.isActive()) {
 			throw new BadOpaqueTokenException("Provided token isn't active");
 		}
@@ -198,7 +192,8 @@ public class NimbusReactiveOpaqueTokenIntrospector implements ReactiveOpaqueToke
 	private URL issuer(String uri) {
 		try {
 			return new URL(uri);
-		} catch (Exception ex) {
+		}
+		catch (Exception ex) {
 			throw new OAuth2IntrospectionException("Invalid " + ISSUER + " value: " + uri);
 		}
 	}
@@ -206,4 +201,5 @@ public class NimbusReactiveOpaqueTokenIntrospector implements ReactiveOpaqueToke
 	private OAuth2IntrospectionException onError(Throwable e) {
 		return new OAuth2IntrospectionException(e.getMessage(), e);
 	}
+
 }
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/OAuth2IntrospectionAuthenticatedPrincipal.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/OAuth2IntrospectionAuthenticatedPrincipal.java
index 8e9427831e..338ff3ec56 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/OAuth2IntrospectionAuthenticatedPrincipal.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/OAuth2IntrospectionAuthenticatedPrincipal.java
@@ -29,16 +29,18 @@ import org.springframework.security.oauth2.core.OAuth2AuthenticatedPrincipal;
  *
  * @author David Kovac
  * @since 5.4
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc7662#section-2.2">Introspection Response</a>
+ * @see <a target="_blank" href=
+ * "https://tools.ietf.org/html/rfc7662#section-2.2">Introspection Response</a>
  */
-public final class OAuth2IntrospectionAuthenticatedPrincipal implements OAuth2IntrospectionClaimAccessor,
-		OAuth2AuthenticatedPrincipal, Serializable {
+public final class OAuth2IntrospectionAuthenticatedPrincipal
+		implements OAuth2IntrospectionClaimAccessor, OAuth2AuthenticatedPrincipal, Serializable {
+
 	private final OAuth2AuthenticatedPrincipal delegate;
 
 	/**
-	 * Constructs an {@code OAuth2IntrospectionAuthenticatedPrincipal} using the provided parameters.
-	 *
-	 * @param attributes  the attributes of the OAuth 2.0 Token Introspection
+	 * Constructs an {@code OAuth2IntrospectionAuthenticatedPrincipal} using the provided
+	 * parameters.
+	 * @param attributes the attributes of the OAuth 2.0 Token Introspection
 	 * @param authorities the authorities of the OAuth 2.0 Token Introspection
 	 */
 	public OAuth2IntrospectionAuthenticatedPrincipal(Map<String, Object> attributes,
@@ -48,10 +50,10 @@ public final class OAuth2IntrospectionAuthenticatedPrincipal implements OAuth2In
 	}
 
 	/**
-	 * Constructs an {@code OAuth2IntrospectionAuthenticatedPrincipal} using the provided parameters.
-	 *
-	 * @param name        the name attached to the OAuth 2.0 Token Introspection
-	 * @param attributes  the attributes of the OAuth 2.0 Token Introspection
+	 * Constructs an {@code OAuth2IntrospectionAuthenticatedPrincipal} using the provided
+	 * parameters.
+	 * @param name the name attached to the OAuth 2.0 Token Introspection
+	 * @param attributes the attributes of the OAuth 2.0 Token Introspection
 	 * @param authorities the authorities of the OAuth 2.0 Token Introspection
 	 */
 	public OAuth2IntrospectionAuthenticatedPrincipal(String name, Map<String, Object> attributes,
@@ -62,7 +64,6 @@ public final class OAuth2IntrospectionAuthenticatedPrincipal implements OAuth2In
 
 	/**
 	 * Gets the attributes of the OAuth 2.0 Token Introspection in map form.
-	 *
 	 * @return a {@link Map} of the attribute's objects keyed by the attribute's names
 	 */
 	@Override
@@ -71,9 +72,8 @@ public final class OAuth2IntrospectionAuthenticatedPrincipal implements OAuth2In
 	}
 
 	/**
-	 * Get the {@link Collection} of {@link GrantedAuthority}s associated
-	 * with this OAuth 2.0 Token Introspection
-	 *
+	 * Get the {@link Collection} of {@link GrantedAuthority}s associated with this OAuth
+	 * 2.0 Token Introspection
 	 * @return the OAuth 2.0 Token Introspection authorities
 	 */
 	@Override
@@ -96,4 +96,5 @@ public final class OAuth2IntrospectionAuthenticatedPrincipal implements OAuth2In
 	public Map<String, Object> getClaims() {
 		return getAttributes();
 	}
+
 }
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/OAuth2IntrospectionClaimAccessor.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/OAuth2IntrospectionClaimAccessor.java
index 18c3c30e78..b95109d670 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/OAuth2IntrospectionClaimAccessor.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/OAuth2IntrospectionClaimAccessor.java
@@ -23,20 +23,21 @@ import java.util.List;
 import org.springframework.security.oauth2.core.ClaimAccessor;
 
 /**
- * A {@link ClaimAccessor} for the &quot;claims&quot; that may be contained
- * in the Introspection Response.
+ * A {@link ClaimAccessor} for the &quot;claims&quot; that may be contained in the
+ * Introspection Response.
  *
  * @author David Kovac
  * @since 5.4
  * @see ClaimAccessor
  * @see OAuth2IntrospectionClaimNames
  * @see OAuth2IntrospectionAuthenticatedPrincipal
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc7662#section-2.2">Introspection Response</a>
+ * @see <a target="_blank" href=
+ * "https://tools.ietf.org/html/rfc7662#section-2.2">Introspection Response</a>
  */
 public interface OAuth2IntrospectionClaimAccessor extends ClaimAccessor {
+
 	/**
 	 * Returns the indicator {@code (active)} whether or not the token is currently active
-	 *
 	 * @return the indicator whether or not the token is currently active
 	 */
 	default boolean isActive() {
@@ -45,7 +46,6 @@ public interface OAuth2IntrospectionClaimAccessor extends ClaimAccessor {
 
 	/**
 	 * Returns the scopes {@code (scope)} associated with the token
-	 *
 	 * @return the scopes associated with the token
 	 */
 	default String getScope() {
@@ -54,7 +54,6 @@ public interface OAuth2IntrospectionClaimAccessor extends ClaimAccessor {
 
 	/**
 	 * Returns the client identifier {@code (client_id)} for the token
-	 *
 	 * @return the client identifier for the token
 	 */
 	default String getClientId() {
@@ -62,9 +61,10 @@ public interface OAuth2IntrospectionClaimAccessor extends ClaimAccessor {
 	}
 
 	/**
-	 * Returns a human-readable identifier {@code (username)} for the resource owner that authorized the token
-	 *
-	 * @return a human-readable identifier for the resource owner that authorized the token
+	 * Returns a human-readable identifier {@code (username)} for the resource owner that
+	 * authorized the token
+	 * @return a human-readable identifier for the resource owner that authorized the
+	 * token
 	 */
 	default String getUsername() {
 		return this.getClaimAsString(OAuth2IntrospectionClaimNames.USERNAME);
@@ -72,7 +72,6 @@ public interface OAuth2IntrospectionClaimAccessor extends ClaimAccessor {
 
 	/**
 	 * Returns the type of the token {@code (token_type)}, for example {@code bearer}.
-	 *
 	 * @return the type of the token, for example {@code bearer}.
 	 */
 	default String getTokenType() {
@@ -81,7 +80,6 @@ public interface OAuth2IntrospectionClaimAccessor extends ClaimAccessor {
 
 	/**
 	 * Returns a timestamp {@code (exp)} indicating when the token expires
-	 *
 	 * @return a timestamp indicating when the token expires
 	 */
 	default Instant getExpiresAt() {
@@ -90,7 +88,6 @@ public interface OAuth2IntrospectionClaimAccessor extends ClaimAccessor {
 
 	/**
 	 * Returns a timestamp {@code (iat)} indicating when the token was issued
-	 *
 	 * @return a timestamp indicating when the token was issued
 	 */
 	default Instant getIssuedAt() {
@@ -98,8 +95,8 @@ public interface OAuth2IntrospectionClaimAccessor extends ClaimAccessor {
 	}
 
 	/**
-	 * Returns a timestamp {@code (nbf)} indicating when the token is not to be used before
-	 *
+	 * Returns a timestamp {@code (nbf)} indicating when the token is not to be used
+	 * before
 	 * @return a timestamp indicating when the token is not to be used before
 	 */
 	default Instant getNotBefore() {
@@ -107,9 +104,10 @@ public interface OAuth2IntrospectionClaimAccessor extends ClaimAccessor {
 	}
 
 	/**
-	 * Returns usually a machine-readable identifier {@code (sub)} of the resource owner who authorized the token
-	 *
-	 * @return usually a machine-readable identifier of the resource owner who authorized the token
+	 * Returns usually a machine-readable identifier {@code (sub)} of the resource owner
+	 * who authorized the token
+	 * @return usually a machine-readable identifier of the resource owner who authorized
+	 * the token
 	 */
 	default String getSubject() {
 		return this.getClaimAsString(OAuth2IntrospectionClaimNames.SUBJECT);
@@ -117,7 +115,6 @@ public interface OAuth2IntrospectionClaimAccessor extends ClaimAccessor {
 
 	/**
 	 * Returns the intended audience {@code (aud)} for the token
-	 *
 	 * @return the intended audience for the token
 	 */
 	default List<String> getAudience() {
@@ -126,7 +123,6 @@ public interface OAuth2IntrospectionClaimAccessor extends ClaimAccessor {
 
 	/**
 	 * Returns the issuer {@code (iss)} of the token
-	 *
 	 * @return the issuer of the token
 	 */
 	default URL getIssuer() {
@@ -135,10 +131,10 @@ public interface OAuth2IntrospectionClaimAccessor extends ClaimAccessor {
 
 	/**
 	 * Returns the identifier {@code (jti)} for the token
-	 *
 	 * @return the identifier for the token
 	 */
 	default String getId() {
 		return this.getClaimAsString(OAuth2IntrospectionClaimNames.JTI);
 	}
+
 }
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/OAuth2IntrospectionClaimNames.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/OAuth2IntrospectionClaimNames.java
index d2f011d18a..2fdb15043f 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/OAuth2IntrospectionClaimNames.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/OAuth2IntrospectionClaimNames.java
@@ -17,7 +17,8 @@ package org.springframework.security.oauth2.server.resource.introspection;
 
 /**
  * The names of the &quot;Introspection Claims&quot; defined by an
- * <a target="_blank" href="https://tools.ietf.org/html/rfc7662#section-2.2">Introspection Response</a>.
+ * <a target="_blank" href="https://tools.ietf.org/html/rfc7662#section-2.2">Introspection
+ * Response</a>.
  *
  * @author Josh Cummings
  * @since 5.2
@@ -40,7 +41,8 @@ public interface OAuth2IntrospectionClaimNames {
 	String CLIENT_ID = "client_id";
 
 	/**
-	 * {@code username} - A human-readable identifier for the resource owner that authorized the token
+	 * {@code username} - A human-readable identifier for the resource owner that
+	 * authorized the token
 	 */
 	String USERNAME = "username";
 
@@ -65,7 +67,8 @@ public interface OAuth2IntrospectionClaimNames {
 	String NOT_BEFORE = "nbf";
 
 	/**
-	 * {@code sub} - Usually a machine-readable identifier of the resource owner who authorized the token
+	 * {@code sub} - Usually a machine-readable identifier of the resource owner who
+	 * authorized the token
 	 */
 	String SUBJECT = "sub";
 
@@ -83,4 +86,5 @@ public interface OAuth2IntrospectionClaimNames {
 	 * {@code jti} - The identifier for the token
 	 */
 	String JTI = "jti";
+
 }
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/OAuth2IntrospectionException.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/OAuth2IntrospectionException.java
index ffd468fc54..e2649ba975 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/OAuth2IntrospectionException.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/OAuth2IntrospectionException.java
@@ -23,6 +23,7 @@ package org.springframework.security.oauth2.server.resource.introspection;
  * @since 5.2
  */
 public class OAuth2IntrospectionException extends RuntimeException {
+
 	public OAuth2IntrospectionException(String message) {
 		super(message);
 	}
@@ -30,4 +31,5 @@ public class OAuth2IntrospectionException extends RuntimeException {
 	public OAuth2IntrospectionException(String message, Throwable cause) {
 		super(message, cause);
 	}
+
 }
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/OpaqueTokenIntrospector.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/OpaqueTokenIntrospector.java
index 672647d0fb..056a7766b2 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/OpaqueTokenIntrospector.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/OpaqueTokenIntrospector.java
@@ -24,11 +24,12 @@ import org.springframework.security.oauth2.core.OAuth2AuthenticatedPrincipal;
  * A contract for introspecting and verifying an OAuth 2.0 token.
  *
  * A typical implementation of this interface will make a request to an
- * <a href="https://tools.ietf.org/html/rfc7662" target="_blank">OAuth 2.0 Introspection Endpoint</a>
- * to verify the token and return its attributes, indicating a successful verification.
+ * <a href="https://tools.ietf.org/html/rfc7662" target="_blank">OAuth 2.0 Introspection
+ * Endpoint</a> to verify the token and return its attributes, indicating a successful
+ * verification.
  *
- * Another sensible implementation of this interface would be to query a backing store
- * of tokens, for example a distributed cache.
+ * Another sensible implementation of this interface would be to query a backing store of
+ * tokens, for example a distributed cache.
  *
  * @author Josh Cummings
  * @since 5.2
@@ -40,9 +41,9 @@ public interface OpaqueTokenIntrospector {
 	 * Introspect and verify the given token, returning its attributes.
 	 *
 	 * Returning a {@link Map} is indicative that the token is valid.
-	 *
 	 * @param token the token to introspect
 	 * @return the token's attributes
 	 */
 	OAuth2AuthenticatedPrincipal introspect(String token);
+
 }
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/ReactiveOpaqueTokenIntrospector.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/ReactiveOpaqueTokenIntrospector.java
index 60d1078571..2d91da5ff4 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/ReactiveOpaqueTokenIntrospector.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/ReactiveOpaqueTokenIntrospector.java
@@ -26,11 +26,12 @@ import org.springframework.security.oauth2.core.OAuth2AuthenticatedPrincipal;
  * A contract for introspecting and verifying an OAuth 2.0 token.
  *
  * A typical implementation of this interface will make a request to an
- * <a href="https://tools.ietf.org/html/rfc7662" target="_blank">OAuth 2.0 Introspection Endpoint</a>
- * to verify the token and return its attributes, indicating a successful verification.
+ * <a href="https://tools.ietf.org/html/rfc7662" target="_blank">OAuth 2.0 Introspection
+ * Endpoint</a> to verify the token and return its attributes, indicating a successful
+ * verification.
  *
- * Another sensible implementation of this interface would be to query a backing store
- * of tokens, for example a distributed cache.
+ * Another sensible implementation of this interface would be to query a backing store of
+ * tokens, for example a distributed cache.
  *
  * @author Josh Cummings
  * @since 5.2
@@ -42,9 +43,9 @@ public interface ReactiveOpaqueTokenIntrospector {
 	 * Introspect and verify the given token, returning its attributes.
 	 *
 	 * Returning a {@link Map} is indicative that the token is valid.
-	 *
 	 * @param token the token to introspect
 	 * @return the token's attributes
 	 */
 	Mono<OAuth2AuthenticatedPrincipal> introspect(String token);
+
 }
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationEntryPoint.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationEntryPoint.java
index b6861448be..6a9ae1f38b 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationEntryPoint.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationEntryPoint.java
@@ -31,16 +31,16 @@ import org.springframework.security.web.AuthenticationEntryPoint;
 import org.springframework.util.StringUtils;
 
 /**
- * An {@link AuthenticationEntryPoint} implementation used to commence authentication of protected resource requests
- * using {@link BearerTokenAuthenticationFilter}.
+ * An {@link AuthenticationEntryPoint} implementation used to commence authentication of
+ * protected resource requests using {@link BearerTokenAuthenticationFilter}.
  * <p>
- * Uses information provided by {@link BearerTokenError} to set HTTP response status code and populate
- * {@code WWW-Authenticate} HTTP header.
+ * Uses information provided by {@link BearerTokenError} to set HTTP response status code
+ * and populate {@code WWW-Authenticate} HTTP header.
  *
  * @author Vedran Pavic
  * @see BearerTokenError
- * @see <a href="https://tools.ietf.org/html/rfc6750#section-3" target="_blank">RFC 6750 Section 3: The WWW-Authenticate
- * Response Header Field</a>
+ * @see <a href="https://tools.ietf.org/html/rfc6750#section-3" target="_blank">RFC 6750
+ * Section 3: The WWW-Authenticate Response Header Field</a>
  * @since 5.1
  */
 public final class BearerTokenAuthenticationEntryPoint implements AuthenticationEntryPoint {
@@ -48,16 +48,15 @@ public final class BearerTokenAuthenticationEntryPoint implements Authentication
 	private String realmName;
 
 	/**
-	 * Collect error details from the provided parameters and format according to
-	 * RFC 6750, specifically {@code error}, {@code error_description}, {@code error_uri}, and {@code scope}.
-	 *
-	 * @param request       that resulted in an <code>AuthenticationException</code>
-	 * @param response      so that the user agent can begin authentication
+	 * Collect error details from the provided parameters and format according to RFC
+	 * 6750, specifically {@code error}, {@code error_description}, {@code error_uri}, and
+	 * {@code scope}.
+	 * @param request that resulted in an <code>AuthenticationException</code>
+	 * @param response so that the user agent can begin authentication
 	 * @param authException that caused the invocation
 	 */
 	@Override
-	public void commence(
-			HttpServletRequest request, HttpServletResponse response,
+	public void commence(HttpServletRequest request, HttpServletResponse response,
 			AuthenticationException authException) {
 
 		HttpStatus status = HttpStatus.UNAUTHORIZED;
@@ -100,7 +99,6 @@ public final class BearerTokenAuthenticationEntryPoint implements Authentication
 
 	/**
 	 * Set the default realm name to use in the bearer token error response
-	 *
 	 * @param realmName
 	 */
 	public void setRealmName(String realmName) {
@@ -126,4 +124,5 @@ public final class BearerTokenAuthenticationEntryPoint implements Authentication
 
 		return wwwAuthenticate.toString();
 	}
+
 }
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationFilter.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationFilter.java
index c96ab90fd5..5ffaab7f2e 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationFilter.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationFilter.java
@@ -40,37 +40,39 @@ import org.springframework.web.filter.OncePerRequestFilter;
 
 /**
  * Authenticates requests that contain an OAuth 2.0
- * <a href="https://tools.ietf.org/html/rfc6750#section-1.2" target="_blank">Bearer Token</a>.
+ * <a href="https://tools.ietf.org/html/rfc6750#section-1.2" target="_blank">Bearer
+ * Token</a>.
  *
- * This filter should be wired with an {@link AuthenticationManager} that can authenticate a
- * {@link BearerTokenAuthenticationToken}.
+ * This filter should be wired with an {@link AuthenticationManager} that can authenticate
+ * a {@link BearerTokenAuthenticationToken}.
  *
  * @author Josh Cummings
  * @author Vedran Pavic
  * @author Joe Grandja
  * @since 5.1
- * @see <a href="https://tools.ietf.org/html/rfc6750" target="_blank">The OAuth 2.0 Authorization Framework: Bearer Token Usage</a>
+ * @see <a href="https://tools.ietf.org/html/rfc6750" target="_blank">The OAuth 2.0
+ * Authorization Framework: Bearer Token Usage</a>
  * @see JwtAuthenticationProvider
  */
 public final class BearerTokenAuthenticationFilter extends OncePerRequestFilter {
+
 	private final AuthenticationManagerResolver<HttpServletRequest> authenticationManagerResolver;
 
-	private final AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource =
-			new WebAuthenticationDetailsSource();
+	private final AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource = new WebAuthenticationDetailsSource();
 
 	private BearerTokenResolver bearerTokenResolver = new DefaultBearerTokenResolver();
 
 	private AuthenticationEntryPoint authenticationEntryPoint = new BearerTokenAuthenticationEntryPoint();
 
-	private AuthenticationFailureHandler authenticationFailureHandler = (request, response, exception) ->
-		authenticationEntryPoint.commence(request, response, exception);
+	private AuthenticationFailureHandler authenticationFailureHandler = (request, response,
+			exception) -> authenticationEntryPoint.commence(request, response, exception);
 
 	/**
 	 * Construct a {@code BearerTokenAuthenticationFilter} using the provided parameter(s)
 	 * @param authenticationManagerResolver
 	 */
-	public BearerTokenAuthenticationFilter
-			(AuthenticationManagerResolver<HttpServletRequest> authenticationManagerResolver) {
+	public BearerTokenAuthenticationFilter(
+			AuthenticationManagerResolver<HttpServletRequest> authenticationManagerResolver) {
 
 		Assert.notNull(authenticationManagerResolver, "authenticationManagerResolver cannot be null");
 		this.authenticationManagerResolver = authenticationManagerResolver;
@@ -86,9 +88,9 @@ public final class BearerTokenAuthenticationFilter extends OncePerRequestFilter
 	}
 
 	/**
-	 * Extract any <a href="https://tools.ietf.org/html/rfc6750#section-1.2" target="_blank">Bearer Token</a> from
-	 * the request and attempt an authentication.
-	 *
+	 * Extract any
+	 * <a href="https://tools.ietf.org/html/rfc6750#section-1.2" target="_blank">Bearer
+	 * Token</a> from the request and attempt an authentication.
 	 * @param request
 	 * @param response
 	 * @param filterChain
@@ -105,7 +107,8 @@ public final class BearerTokenAuthenticationFilter extends OncePerRequestFilter
 
 		try {
 			token = this.bearerTokenResolver.resolve(request);
-		} catch ( OAuth2AuthenticationException invalid ) {
+		}
+		catch (OAuth2AuthenticationException invalid) {
 			this.authenticationEntryPoint.commence(request, response, invalid);
 			return;
 		}
@@ -128,7 +131,8 @@ public final class BearerTokenAuthenticationFilter extends OncePerRequestFilter
 			SecurityContextHolder.setContext(context);
 
 			filterChain.doFilter(request, response);
-		} catch (AuthenticationException failed) {
+		}
+		catch (AuthenticationException failed) {
 			SecurityContextHolder.clearContext();
 
 			if (debug) {
@@ -140,7 +144,8 @@ public final class BearerTokenAuthenticationFilter extends OncePerRequestFilter
 	}
 
 	/**
-	 * Set the {@link BearerTokenResolver} to use. Defaults to {@link DefaultBearerTokenResolver}.
+	 * Set the {@link BearerTokenResolver} to use. Defaults to
+	 * {@link DefaultBearerTokenResolver}.
 	 * @param bearerTokenResolver the {@code BearerTokenResolver} to use
 	 */
 	public void setBearerTokenResolver(BearerTokenResolver bearerTokenResolver) {
@@ -149,7 +154,8 @@ public final class BearerTokenAuthenticationFilter extends OncePerRequestFilter
 	}
 
 	/**
-	 * Set the {@link AuthenticationEntryPoint} to use. Defaults to {@link BearerTokenAuthenticationEntryPoint}.
+	 * Set the {@link AuthenticationEntryPoint} to use. Defaults to
+	 * {@link BearerTokenAuthenticationEntryPoint}.
 	 * @param authenticationEntryPoint the {@code AuthenticationEntryPoint} to use
 	 */
 	public void setAuthenticationEntryPoint(final AuthenticationEntryPoint authenticationEntryPoint) {
@@ -158,7 +164,8 @@ public final class BearerTokenAuthenticationFilter extends OncePerRequestFilter
 	}
 
 	/**
-	 * Set the {@link AuthenticationFailureHandler} to use. Default implementation invokes {@link AuthenticationEntryPoint}.
+	 * Set the {@link AuthenticationFailureHandler} to use. Default implementation invokes
+	 * {@link AuthenticationEntryPoint}.
 	 * @param authenticationFailureHandler the {@code AuthenticationFailureHandler} to use
 	 * @since 5.2
 	 */
@@ -166,4 +173,5 @@ public final class BearerTokenAuthenticationFilter extends OncePerRequestFilter
 		Assert.notNull(authenticationFailureHandler, "authenticationFailureHandler cannot be null");
 		this.authenticationFailureHandler = authenticationFailureHandler;
 	}
+
 }
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/BearerTokenResolver.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/BearerTokenResolver.java
index bebd4fc0f7..f7bd2efd3f 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/BearerTokenResolver.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/BearerTokenResolver.java
@@ -21,20 +21,22 @@ import javax.servlet.http.HttpServletRequest;
 import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
 
 /**
- * A strategy for resolving <a href="https://tools.ietf.org/html/rfc6750#section-1.2" target="_blank">Bearer Token</a>s
- * from the {@link HttpServletRequest}.
+ * A strategy for resolving
+ * <a href="https://tools.ietf.org/html/rfc6750#section-1.2" target="_blank">Bearer
+ * Token</a>s from the {@link HttpServletRequest}.
  *
  * @author Vedran Pavic
  * @since 5.1
- * @see <a href="https://tools.ietf.org/html/rfc6750#section-2" target="_blank">RFC 6750 Section 2: Authenticated Requests</a>
+ * @see <a href="https://tools.ietf.org/html/rfc6750#section-2" target="_blank">RFC 6750
+ * Section 2: Authenticated Requests</a>
  */
 @FunctionalInterface
 public interface BearerTokenResolver {
 
 	/**
-	 * Resolve any <a href="https://tools.ietf.org/html/rfc6750#section-1.2" target="_blank">Bearer Token</a>
-	 * value from the request.
-	 *
+	 * Resolve any
+	 * <a href="https://tools.ietf.org/html/rfc6750#section-1.2" target="_blank">Bearer
+	 * Token</a> value from the request.
 	 * @param request the request
 	 * @return the Bearer Token value or {@code null} if none found
 	 * @throws OAuth2AuthenticationException if the found token is invalid
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/DefaultBearerTokenResolver.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/DefaultBearerTokenResolver.java
index 248d3d9606..25419df655 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/DefaultBearerTokenResolver.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/DefaultBearerTokenResolver.java
@@ -33,13 +33,13 @@ import static org.springframework.security.oauth2.server.resource.BearerTokenErr
  *
  * @author Vedran Pavic
  * @since 5.1
- * @see <a href="https://tools.ietf.org/html/rfc6750#section-2" target="_blank">RFC 6750 Section 2: Authenticated Requests</a>
+ * @see <a href="https://tools.ietf.org/html/rfc6750#section-2" target="_blank">RFC 6750
+ * Section 2: Authenticated Requests</a>
  */
 public final class DefaultBearerTokenResolver implements BearerTokenResolver {
 
-	private static final Pattern authorizationPattern = Pattern.compile(
-		"^Bearer (?<token>[a-zA-Z0-9-._~+/]+=*)$",
-		Pattern.CASE_INSENSITIVE);
+	private static final Pattern authorizationPattern = Pattern.compile("^Bearer (?<token>[a-zA-Z0-9-._~+/]+=*)$",
+			Pattern.CASE_INSENSITIVE);
 
 	private boolean allowFormEncodedBodyParameter = false;
 
@@ -68,19 +68,21 @@ public final class DefaultBearerTokenResolver implements BearerTokenResolver {
 	}
 
 	/**
-	 * Set if transport of access token using form-encoded body parameter is supported. Defaults to {@code false}.
-	 * @param allowFormEncodedBodyParameter if the form-encoded body parameter is supported
+	 * Set if transport of access token using form-encoded body parameter is supported.
+	 * Defaults to {@code false}.
+	 * @param allowFormEncodedBodyParameter if the form-encoded body parameter is
+	 * supported
 	 */
 	public void setAllowFormEncodedBodyParameter(boolean allowFormEncodedBodyParameter) {
 		this.allowFormEncodedBodyParameter = allowFormEncodedBodyParameter;
 	}
 
 	/**
-	 * Set if transport of access token using URI query parameter is supported. Defaults to {@code false}.
-	 *
-	 * The spec recommends against using this mechanism for sending bearer tokens, and even goes as far as
-	 * stating that it was only included for completeness.
+	 * Set if transport of access token using URI query parameter is supported. Defaults
+	 * to {@code false}.
 	 *
+	 * The spec recommends against using this mechanism for sending bearer tokens, and
+	 * even goes as far as stating that it was only included for completeness.
 	 * @param allowUriQueryParameter if the URI query parameter is supported
 	 */
 	public void setAllowUriQueryParameter(boolean allowUriQueryParameter) {
@@ -91,8 +93,8 @@ public final class DefaultBearerTokenResolver implements BearerTokenResolver {
 	 * Set this value to configure what header is checked when resolving a Bearer Token.
 	 * This value is defaulted to {@link HttpHeaders#AUTHORIZATION}.
 	 *
-	 * This allows other headers to be used as the Bearer Token source such as {@link HttpHeaders#PROXY_AUTHORIZATION}
-	 *
+	 * This allows other headers to be used as the Bearer Token source such as
+	 * {@link HttpHeaders#PROXY_AUTHORIZATION}
 	 * @param bearerTokenHeaderName the header to check when retrieving the Bearer Token.
 	 * @since 5.4
 	 */
@@ -117,7 +119,7 @@ public final class DefaultBearerTokenResolver implements BearerTokenResolver {
 
 	private static String resolveFromRequestParameters(HttpServletRequest request) {
 		String[] values = request.getParameterValues("access_token");
-		if (values == null || values.length == 0)  {
+		if (values == null || values.length == 0) {
 			return null;
 		}
 
@@ -133,4 +135,5 @@ public final class DefaultBearerTokenResolver implements BearerTokenResolver {
 		return ((this.allowFormEncodedBodyParameter && "POST".equals(request.getMethod()))
 				|| (this.allowUriQueryParameter && "GET".equals(request.getMethod())));
 	}
+
 }
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/HeaderBearerTokenResolver.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/HeaderBearerTokenResolver.java
index 77593895e9..ff5c9a7ae2 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/HeaderBearerTokenResolver.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/HeaderBearerTokenResolver.java
@@ -38,4 +38,5 @@ public class HeaderBearerTokenResolver implements BearerTokenResolver {
 	public String resolve(HttpServletRequest request) {
 		return request.getHeader(this.header);
 	}
+
 }
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/access/BearerTokenAccessDeniedHandler.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/access/BearerTokenAccessDeniedHandler.java
index d535f95601..ab81fa900c 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/access/BearerTokenAccessDeniedHandler.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/access/BearerTokenAccessDeniedHandler.java
@@ -31,11 +31,14 @@ import java.util.Map;
 
 /**
  * Translates any {@link AccessDeniedException} into an HTTP response in accordance with
- * <a href="https://tools.ietf.org/html/rfc6750#section-3" target="_blank">RFC 6750 Section 3: The WWW-Authenticate</a>.
+ * <a href="https://tools.ietf.org/html/rfc6750#section-3" target="_blank">RFC 6750
+ * Section 3: The WWW-Authenticate</a>.
  * <p>
- * So long as the class can prove that the request has a valid OAuth 2.0 {@link Authentication}, then will return an
- * <a href="https://tools.ietf.org/html/rfc6750#section-3.1" target="_blank">insufficient scope error</a>; otherwise,
- * it will simply indicate the scheme (Bearer) and any configured realm.
+ * So long as the class can prove that the request has a valid OAuth 2.0
+ * {@link Authentication}, then will return an
+ * <a href="https://tools.ietf.org/html/rfc6750#section-3.1" target="_blank">insufficient
+ * scope error</a>; otherwise, it will simply indicate the scheme (Bearer) and any
+ * configured realm.
  *
  * @author Josh Cummings
  * @since 5.1
@@ -45,16 +48,15 @@ public final class BearerTokenAccessDeniedHandler implements AccessDeniedHandler
 	private String realmName;
 
 	/**
-	 * Collect error details from the provided parameters and format according to
-	 * RFC 6750, specifically {@code error}, {@code error_description}, {@code error_uri}, and {@code scope}.
-	 *
-	 * @param request               that resulted in an <code>AccessDeniedException</code>
-	 * @param response              so that the user agent can be advised of the failure
+	 * Collect error details from the provided parameters and format according to RFC
+	 * 6750, specifically {@code error}, {@code error_description}, {@code error_uri}, and
+	 * {@code scope}.
+	 * @param request that resulted in an <code>AccessDeniedException</code>
+	 * @param response so that the user agent can be advised of the failure
 	 * @param accessDeniedException that caused the invocation
 	 */
 	@Override
-	public void handle(
-			HttpServletRequest request, HttpServletResponse response,
+	public void handle(HttpServletRequest request, HttpServletResponse response,
 			AccessDeniedException accessDeniedException) {
 
 		Map<String, String> parameters = new LinkedHashMap<>();
@@ -65,7 +67,8 @@ public final class BearerTokenAccessDeniedHandler implements AccessDeniedHandler
 
 		if (request.getUserPrincipal() instanceof AbstractOAuth2TokenAuthenticationToken) {
 			parameters.put("error", BearerTokenErrorCodes.INSUFFICIENT_SCOPE);
-			parameters.put("error_description", "The request requires higher privileges than provided by the access token.");
+			parameters.put("error_description",
+					"The request requires higher privileges than provided by the access token.");
 			parameters.put("error_uri", "https://tools.ietf.org/html/rfc6750#section-3.1");
 		}
 
@@ -77,7 +80,6 @@ public final class BearerTokenAccessDeniedHandler implements AccessDeniedHandler
 
 	/**
 	 * Set the default realm name to use in the bearer token error response
-	 *
 	 * @param realmName
 	 */
 	public void setRealmName(String realmName) {
@@ -103,4 +105,5 @@ public final class BearerTokenAccessDeniedHandler implements AccessDeniedHandler
 
 		return wwwAuthenticate.toString();
 	}
+
 }
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/access/server/BearerTokenServerAccessDeniedHandler.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/access/server/BearerTokenServerAccessDeniedHandler.java
index c4e74650c4..2a397afb9e 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/access/server/BearerTokenServerAccessDeniedHandler.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/access/server/BearerTokenServerAccessDeniedHandler.java
@@ -33,19 +33,22 @@ import java.util.Map;
 
 /**
  * Translates any {@link AccessDeniedException} into an HTTP response in accordance with
- * <a href="https://tools.ietf.org/html/rfc6750#section-3" target="_blank">RFC 6750 Section 3: The WWW-Authenticate</a>.
+ * <a href="https://tools.ietf.org/html/rfc6750#section-3" target="_blank">RFC 6750
+ * Section 3: The WWW-Authenticate</a>.
  *
- * So long as the class can prove that the request has a valid OAuth 2.0 {@link Authentication}, then will return an
- * <a href="https://tools.ietf.org/html/rfc6750#section-3.1" target="_blank">insufficient scope error</a>; otherwise,
- * it will simply indicate the scheme (Bearer) and any configured realm.
+ * So long as the class can prove that the request has a valid OAuth 2.0
+ * {@link Authentication}, then will return an
+ * <a href="https://tools.ietf.org/html/rfc6750#section-3.1" target="_blank">insufficient
+ * scope error</a>; otherwise, it will simply indicate the scheme (Bearer) and any
+ * configured realm.
  *
  * @author Josh Cummings
  * @since 5.1
  *
  */
 public class BearerTokenServerAccessDeniedHandler implements ServerAccessDeniedHandler {
-	private static final Collection<String> WELL_KNOWN_SCOPE_ATTRIBUTE_NAMES =
-			Arrays.asList("scope", "scp");
+
+	private static final Collection<String> WELL_KNOWN_SCOPE_ATTRIBUTE_NAMES = Arrays.asList("scope", "scp");
 
 	private String realmName;
 
@@ -58,16 +61,13 @@ public class BearerTokenServerAccessDeniedHandler implements ServerAccessDeniedH
 			parameters.put("realm", this.realmName);
 		}
 
-		return exchange.getPrincipal()
-				.filter(AbstractOAuth2TokenAuthenticationToken.class::isInstance)
-				.map(token -> errorMessageParameters(parameters))
-				.switchIfEmpty(Mono.just(parameters))
+		return exchange.getPrincipal().filter(AbstractOAuth2TokenAuthenticationToken.class::isInstance)
+				.map(token -> errorMessageParameters(parameters)).switchIfEmpty(Mono.just(parameters))
 				.flatMap(params -> respond(exchange, params));
 	}
 
 	/**
 	 * Set the default realm name to use in the bearer token error response
-	 *
 	 * @param realmName
 	 */
 	public final void setRealmName(String realmName) {
@@ -76,7 +76,8 @@ public class BearerTokenServerAccessDeniedHandler implements ServerAccessDeniedH
 
 	private static Map<String, String> errorMessageParameters(Map<String, String> parameters) {
 		parameters.put("error", BearerTokenErrorCodes.INSUFFICIENT_SCOPE);
-		parameters.put("error_description", "The request requires higher privileges than provided by the access token.");
+		parameters.put("error_description",
+				"The request requires higher privileges than provided by the access token.");
 		parameters.put("error_uri", "https://tools.ietf.org/html/rfc6750#section-3.1");
 
 		return parameters;
@@ -106,4 +107,5 @@ public class BearerTokenServerAccessDeniedHandler implements ServerAccessDeniedH
 
 		return wwwAuthenticate.toString();
 	}
+
 }
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServerBearerExchangeFilterFunction.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServerBearerExchangeFilterFunction.java
index 700531d588..ccf4a8c1f5 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServerBearerExchangeFilterFunction.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServerBearerExchangeFilterFunction.java
@@ -29,14 +29,16 @@ import org.springframework.web.reactive.function.client.ExchangeFunction;
 
 /**
  * An {@link ExchangeFilterFunction} that adds the
- * <a href="https://tools.ietf.org/html/rfc6750#section-1.2" target="_blank">Bearer Token</a>
- * from an existing {@link AbstractOAuth2Token} tied to the current {@link Authentication}.
+ * <a href="https://tools.ietf.org/html/rfc6750#section-1.2" target="_blank">Bearer
+ * Token</a> from an existing {@link AbstractOAuth2Token} tied to the current
+ * {@link Authentication}.
  *
- * Suitable for Reactive applications, applying it to a typical {@link org.springframework.web.reactive.function.client.WebClient}
- * configuration:
+ * Suitable for Reactive applications, applying it to a typical
+ * {@link org.springframework.web.reactive.function.client.WebClient} configuration:
  *
  * <pre>
- *  @Bean
+
+ *  &#64;Bean
  *  WebClient webClient() {
  *      ServerBearerExchangeFilterFunction bearer = new ServerBearerExchangeFilterFunction();
  *      return WebClient.builder()
@@ -47,35 +49,28 @@ import org.springframework.web.reactive.function.client.ExchangeFunction;
  * @author Josh Cummings
  * @since 5.2
  */
-public final class ServerBearerExchangeFilterFunction
-		implements ExchangeFilterFunction {
+public final class ServerBearerExchangeFilterFunction implements ExchangeFilterFunction {
 
 	/**
 	 * {@inheritDoc}
 	 */
 	@Override
 	public Mono<ClientResponse> filter(ClientRequest request, ExchangeFunction next) {
-		return oauth2Token()
-				.map(token -> bearer(request, token))
-				.defaultIfEmpty(request)
-				.flatMap(next::exchange);
+		return oauth2Token().map(token -> bearer(request, token)).defaultIfEmpty(request).flatMap(next::exchange);
 	}
 
 	private Mono<AbstractOAuth2Token> oauth2Token() {
 		return currentAuthentication()
 				.filter(authentication -> authentication.getCredentials() instanceof AbstractOAuth2Token)
-				.map(Authentication::getCredentials)
-				.cast(AbstractOAuth2Token.class);
+				.map(Authentication::getCredentials).cast(AbstractOAuth2Token.class);
 	}
 
 	private Mono<Authentication> currentAuthentication() {
-		return ReactiveSecurityContextHolder.getContext()
-				.map(SecurityContext::getAuthentication);
+		return ReactiveSecurityContextHolder.getContext().map(SecurityContext::getAuthentication);
 	}
 
 	private ClientRequest bearer(ClientRequest request, AbstractOAuth2Token token) {
-		return ClientRequest.from(request)
-				.headers(headers -> headers.setBearerAuth(token.getTokenValue()))
-				.build();
+		return ClientRequest.from(request).headers(headers -> headers.setBearerAuth(token.getTokenValue())).build();
 	}
+
 }
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServletBearerExchangeFilterFunction.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServletBearerExchangeFilterFunction.java
index f59af70f02..3e9d377678 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServletBearerExchangeFilterFunction.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServletBearerExchangeFilterFunction.java
@@ -30,14 +30,16 @@ import org.springframework.web.reactive.function.client.ExchangeFunction;
 
 /**
  * An {@link ExchangeFilterFunction} that adds the
- * <a href="https://tools.ietf.org/html/rfc6750#section-1.2" target="_blank">Bearer Token</a>
- * from an existing {@link AbstractOAuth2Token} tied to the current {@link Authentication}.
+ * <a href="https://tools.ietf.org/html/rfc6750#section-1.2" target="_blank">Bearer
+ * Token</a> from an existing {@link AbstractOAuth2Token} tied to the current
+ * {@link Authentication}.
  *
- * Suitable for Servlet applications, applying it to a typical {@link org.springframework.web.reactive.function.client.WebClient}
- * configuration:
+ * Suitable for Servlet applications, applying it to a typical
+ * {@link org.springframework.web.reactive.function.client.WebClient} configuration:
  *
  * <pre>
- *  @Bean
+
+ *  &#64;Bean
  *  WebClient webClient() {
  *      ServletBearerExchangeFilterFunction bearer = new ServletBearerExchangeFilterFunction();
  *      return WebClient.builder()
@@ -45,39 +47,33 @@ import org.springframework.web.reactive.function.client.ExchangeFunction;
  *  }
  * </pre>
  *
- * To locate the bearer token, this looks in the Reactor {@link Context} for a key of type {@link Authentication}.
+ * To locate the bearer token, this looks in the Reactor {@link Context} for a key of type
+ * {@link Authentication}.
  *
  * Registering
  * {@see org.springframework.security.config.annotation.web.configuration.OAuth2ResourceServerConfiguration.OAuth2ResourceServerWebFluxSecurityConfiguration.BearerRequestContextSubscriberRegistrar},
- * as a {@code @Bean} will take care of this automatically,
- * but certainly an application can supply a {@link Context} of its own to override.
+ * as a {@code @Bean} will take care of this automatically, but certainly an application
+ * can supply a {@link Context} of its own to override.
  *
  * @author Josh Cummings
  * @since 5.2
  */
-public final class ServletBearerExchangeFilterFunction
-		implements ExchangeFilterFunction {
+public final class ServletBearerExchangeFilterFunction implements ExchangeFilterFunction {
 
-	static final String SECURITY_REACTOR_CONTEXT_ATTRIBUTES_KEY =
-			"org.springframework.security.SECURITY_CONTEXT_ATTRIBUTES";
+	static final String SECURITY_REACTOR_CONTEXT_ATTRIBUTES_KEY = "org.springframework.security.SECURITY_CONTEXT_ATTRIBUTES";
 
 	/**
 	 * {@inheritDoc}
 	 */
 	@Override
 	public Mono<ClientResponse> filter(ClientRequest request, ExchangeFunction next) {
-		return oauth2Token()
-				.map(token -> bearer(request, token))
-				.defaultIfEmpty(request)
-				.flatMap(next::exchange);
+		return oauth2Token().map(token -> bearer(request, token)).defaultIfEmpty(request).flatMap(next::exchange);
 	}
 
 	private Mono<AbstractOAuth2Token> oauth2Token() {
-		return Mono.subscriberContext()
-				.flatMap(this::currentAuthentication)
+		return Mono.subscriberContext().flatMap(this::currentAuthentication)
 				.filter(authentication -> authentication.getCredentials() instanceof AbstractOAuth2Token)
-				.map(Authentication::getCredentials)
-				.cast(AbstractOAuth2Token.class);
+				.map(Authentication::getCredentials).cast(AbstractOAuth2Token.class);
 	}
 
 	private Mono<Authentication> currentAuthentication(Context ctx) {
@@ -85,7 +81,8 @@ public final class ServletBearerExchangeFilterFunction
 	}
 
 	private <T> T getAttribute(Context ctx, Class<T> clazz) {
-		// NOTE: SecurityReactorContextConfiguration.SecurityReactorContextSubscriber adds this key
+		// NOTE: SecurityReactorContextConfiguration.SecurityReactorContextSubscriber adds
+		// this key
 		if (!ctx.hasKey(SECURITY_REACTOR_CONTEXT_ATTRIBUTES_KEY)) {
 			return null;
 		}
@@ -94,8 +91,7 @@ public final class ServletBearerExchangeFilterFunction
 	}
 
 	private ClientRequest bearer(ClientRequest request, AbstractOAuth2Token token) {
-		return ClientRequest.from(request)
-				.headers(headers -> headers.setBearerAuth(token.getTokenValue()))
-				.build();
+		return ClientRequest.from(request).headers(headers -> headers.setBearerAuth(token.getTokenValue())).build();
 	}
+
 }
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/server/BearerTokenServerAuthenticationEntryPoint.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/server/BearerTokenServerAuthenticationEntryPoint.java
index 3a050f30cb..e5f027e5e1 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/server/BearerTokenServerAuthenticationEntryPoint.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/server/BearerTokenServerAuthenticationEntryPoint.java
@@ -34,20 +34,19 @@ import java.util.LinkedHashMap;
 import java.util.Map;
 
 /**
- * An {@link AuthenticationEntryPoint} implementation used to commence authentication of protected resource requests
- * using {@link BearerTokenAuthenticationFilter}.
+ * An {@link AuthenticationEntryPoint} implementation used to commence authentication of
+ * protected resource requests using {@link BearerTokenAuthenticationFilter}.
  * <p>
- * Uses information provided by {@link BearerTokenError} to set HTTP response status code and populate
- * {@code WWW-Authenticate} HTTP header.
+ * Uses information provided by {@link BearerTokenError} to set HTTP response status code
+ * and populate {@code WWW-Authenticate} HTTP header.
  *
  * @author Rob Winch
  * @see BearerTokenError
- * @see <a href="https://tools.ietf.org/html/rfc6750#section-3" target="_blank">RFC 6750 Section 3: The WWW-Authenticate
- * Response Header Field</a>
+ * @see <a href="https://tools.ietf.org/html/rfc6750#section-3" target="_blank">RFC 6750
+ * Section 3: The WWW-Authenticate Response Header Field</a>
  * @since 5.1
  */
-public final class BearerTokenServerAuthenticationEntryPoint implements
-		ServerAuthenticationEntryPoint {
+public final class BearerTokenServerAuthenticationEntryPoint implements ServerAuthenticationEntryPoint {
 
 	private String realmName;
 
@@ -127,4 +126,5 @@ public final class BearerTokenServerAuthenticationEntryPoint implements
 
 		return wwwAuthenticate.toString();
 	}
+
 }
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/server/ServerBearerTokenAuthenticationConverter.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/server/ServerBearerTokenAuthenticationConverter.java
index d59c943e6c..d2885fcb4f 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/server/ServerBearerTokenAuthenticationConverter.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/server/ServerBearerTokenAuthenticationConverter.java
@@ -36,31 +36,32 @@ import static org.springframework.security.oauth2.server.resource.BearerTokenErr
 import static org.springframework.security.oauth2.server.resource.BearerTokenErrors.invalidToken;
 
 /**
- * A strategy for resolving <a href="https://tools.ietf.org/html/rfc6750#section-1.2" target="_blank">Bearer Token</a>s
- * from the {@link ServerWebExchange}.
+ * A strategy for resolving
+ * <a href="https://tools.ietf.org/html/rfc6750#section-1.2" target="_blank">Bearer
+ * Token</a>s from the {@link ServerWebExchange}.
  *
  * @author Rob Winch
  * @since 5.1
- * @see <a href="https://tools.ietf.org/html/rfc6750#section-2" target="_blank">RFC 6750 Section 2: Authenticated Requests</a>
+ * @see <a href="https://tools.ietf.org/html/rfc6750#section-2" target="_blank">RFC 6750
+ * Section 2: Authenticated Requests</a>
  */
-public class ServerBearerTokenAuthenticationConverter
-		implements ServerAuthenticationConverter {
-	private static final Pattern authorizationPattern = Pattern.compile(
-		"^Bearer (?<token>[a-zA-Z0-9-._~+/]+=*)$",
-		Pattern.CASE_INSENSITIVE);
+public class ServerBearerTokenAuthenticationConverter implements ServerAuthenticationConverter {
+
+	private static final Pattern authorizationPattern = Pattern.compile("^Bearer (?<token>[a-zA-Z0-9-._~+/]+=*)$",
+			Pattern.CASE_INSENSITIVE);
 
 	private boolean allowUriQueryParameter = false;
+
 	private String bearerTokenHeaderName = HttpHeaders.AUTHORIZATION;
 
 	public Mono<Authentication> convert(ServerWebExchange exchange) {
-		return Mono.fromCallable(() -> token(exchange.getRequest()))
-			.map(token -> {
-				if (token.isEmpty()) {
-					BearerTokenError error = invalidTokenError();
-					throw new OAuth2AuthenticationException(error);
-				}
-				return new BearerTokenAuthenticationToken(token);
-			});
+		return Mono.fromCallable(() -> token(exchange.getRequest())).map(token -> {
+			if (token.isEmpty()) {
+				BearerTokenError error = invalidTokenError();
+				throw new OAuth2AuthenticationException(error);
+			}
+			return new BearerTokenAuthenticationToken(token);
+		});
 	}
 
 	private String token(ServerHttpRequest request) {
@@ -80,11 +81,11 @@ public class ServerBearerTokenAuthenticationConverter
 	}
 
 	/**
-	 * Set if transport of access token using URI query parameter is supported. Defaults to {@code false}.
-	 *
-	 * The spec recommends against using this mechanism for sending bearer tokens, and even goes as far as
-	 * stating that it was only included for completeness.
+	 * Set if transport of access token using URI query parameter is supported. Defaults
+	 * to {@code false}.
 	 *
+	 * The spec recommends against using this mechanism for sending bearer tokens, and
+	 * even goes as far as stating that it was only included for completeness.
 	 * @param allowUriQueryParameter if the URI query parameter is supported
 	 */
 	public void setAllowUriQueryParameter(boolean allowUriQueryParameter) {
@@ -95,8 +96,8 @@ public class ServerBearerTokenAuthenticationConverter
 	 * Set this value to configure what header is checked when resolving a Bearer Token.
 	 * This value is defaulted to {@link HttpHeaders#AUTHORIZATION}.
 	 *
-	 * This allows other headers to be used as the Bearer Token source such as {@link HttpHeaders#PROXY_AUTHORIZATION}
-	 *
+	 * This allows other headers to be used as the Bearer Token source such as
+	 * {@link HttpHeaders#PROXY_AUTHORIZATION}
 	 * @param bearerTokenHeaderName the header to check when retrieving the Bearer Token.
 	 * @since 5.4
 	 */
@@ -109,7 +110,7 @@ public class ServerBearerTokenAuthenticationConverter
 		if (StringUtils.startsWithIgnoreCase(authorization, "bearer")) {
 			Matcher matcher = authorizationPattern.matcher(authorization);
 
-			if (!matcher.matches() ) {
+			if (!matcher.matches()) {
 				BearerTokenError error = invalidTokenError();
 				throw new OAuth2AuthenticationException(error);
 			}
@@ -126,4 +127,5 @@ public class ServerBearerTokenAuthenticationConverter
 	private boolean isParameterTokenSupportedForRequest(ServerHttpRequest request) {
 		return this.allowUriQueryParameter && HttpMethod.GET.equals(request.getMethod());
 	}
+
 }
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/core/TestOAuth2AuthenticatedPrincipals.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/core/TestOAuth2AuthenticatedPrincipals.java
index 92c9437a34..dd548a22b4 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/core/TestOAuth2AuthenticatedPrincipals.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/core/TestOAuth2AuthenticatedPrincipals.java
@@ -37,8 +37,10 @@ import org.springframework.security.oauth2.server.resource.introspection.OAuth2I
  * @author Josh Cummings
  */
 public class TestOAuth2AuthenticatedPrincipals {
+
 	public static OAuth2AuthenticatedPrincipal active() {
-		return active(attributes -> {});
+		return active(attributes -> {
+		});
 	}
 
 	public static OAuth2AuthenticatedPrincipal active(Consumer<Map<String, Object>> attributesConsumer) {
@@ -54,17 +56,18 @@ public class TestOAuth2AuthenticatedPrincipals {
 		attributes.put(OAuth2IntrospectionClaimNames.USERNAME, "jdoe");
 		attributesConsumer.accept(attributes);
 
-		Collection<GrantedAuthority> authorities =
-				Arrays.asList(new SimpleGrantedAuthority("SCOPE_read"),
-						new SimpleGrantedAuthority("SCOPE_write"), new SimpleGrantedAuthority("SCOPE_dolphin"));
+		Collection<GrantedAuthority> authorities = Arrays.asList(new SimpleGrantedAuthority("SCOPE_read"),
+				new SimpleGrantedAuthority("SCOPE_write"), new SimpleGrantedAuthority("SCOPE_dolphin"));
 		return new OAuth2IntrospectionAuthenticatedPrincipal(attributes, authorities);
 	}
 
 	private static URL url(String url) {
 		try {
 			return new URL(url);
-		} catch (IOException e) {
+		}
+		catch (IOException e) {
 			throw new UncheckedIOException(e);
 		}
 	}
+
 }
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/BearerTokenAuthenticationTokenTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/BearerTokenAuthenticationTokenTests.java
index ff9b361048..a85e43d25b 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/BearerTokenAuthenticationTokenTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/BearerTokenAuthenticationTokenTests.java
@@ -27,17 +27,16 @@ import static org.assertj.core.api.Assertions.assertThatCode;
  * @author Josh Cummings
  */
 public class BearerTokenAuthenticationTokenTests {
+
 	@Test
 	public void constructorWhenTokenIsNullThenThrowsException() {
-		assertThatCode(() -> new BearerTokenAuthenticationToken(null))
-				.isInstanceOf(IllegalArgumentException.class)
+		assertThatCode(() -> new BearerTokenAuthenticationToken(null)).isInstanceOf(IllegalArgumentException.class)
 				.hasMessageContaining("token cannot be empty");
 	}
 
 	@Test
 	public void constructorWhenTokenIsEmptyThenThrowsException() {
-		assertThatCode(() -> new BearerTokenAuthenticationToken(""))
-				.isInstanceOf(IllegalArgumentException.class)
+		assertThatCode(() -> new BearerTokenAuthenticationToken("")).isInstanceOf(IllegalArgumentException.class)
 				.hasMessageContaining("token cannot be empty");
 	}
 
@@ -49,4 +48,5 @@ public class BearerTokenAuthenticationTokenTests {
 		assertThat(token.getPrincipal()).isEqualTo("token");
 		assertThat(token.getCredentials()).isEqualTo("token");
 	}
+
 }
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/BearerTokenErrorTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/BearerTokenErrorTests.java
index b8d78569e0..ca7c70e5b3 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/BearerTokenErrorTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/BearerTokenErrorTests.java
@@ -102,37 +102,30 @@ public class BearerTokenErrorTests {
 
 	@Test
 	public void constructorWithAllParametersWhenErrorCodeIsInvalidThenThrowIllegalArgumentException() {
-		assertThatCode(() -> new BearerTokenError(TEST_ERROR_CODE + "\"", TEST_HTTP_STATUS, TEST_DESCRIPTION,
-				TEST_URI, TEST_SCOPE))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessageContaining("errorCode")
-				.hasMessageContaining("RFC 6750");
+		assertThatCode(() -> new BearerTokenError(TEST_ERROR_CODE + "\"", TEST_HTTP_STATUS, TEST_DESCRIPTION, TEST_URI,
+				TEST_SCOPE)).isInstanceOf(IllegalArgumentException.class).hasMessageContaining("errorCode")
+						.hasMessageContaining("RFC 6750");
 	}
 
 	@Test
 	public void constructorWithAllParametersWhenDescriptionIsInvalidThenThrowIllegalArgumentException() {
-		assertThatCode(() -> new BearerTokenError(TEST_ERROR_CODE, TEST_HTTP_STATUS, TEST_DESCRIPTION + "\"",
-				TEST_URI, TEST_SCOPE))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessageContaining("description")
-				.hasMessageContaining("RFC 6750");
+		assertThatCode(() -> new BearerTokenError(TEST_ERROR_CODE, TEST_HTTP_STATUS, TEST_DESCRIPTION + "\"", TEST_URI,
+				TEST_SCOPE)).isInstanceOf(IllegalArgumentException.class).hasMessageContaining("description")
+						.hasMessageContaining("RFC 6750");
 	}
 
 	@Test
 	public void constructorWithAllParametersWhenErrorUriIsInvalidThenThrowIllegalArgumentException() {
-		assertThatCode(() -> new BearerTokenError(TEST_ERROR_CODE, TEST_HTTP_STATUS, TEST_DESCRIPTION,
-				TEST_URI + "\"", TEST_SCOPE))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessageContaining("errorUri")
-				.hasMessageContaining("RFC 6750");
+		assertThatCode(() -> new BearerTokenError(TEST_ERROR_CODE, TEST_HTTP_STATUS, TEST_DESCRIPTION, TEST_URI + "\"",
+				TEST_SCOPE)).isInstanceOf(IllegalArgumentException.class).hasMessageContaining("errorUri")
+						.hasMessageContaining("RFC 6750");
 	}
 
 	@Test
 	public void constructorWithAllParametersWhenScopeIsInvalidThenThrowIllegalArgumentException() {
-		assertThatCode(() -> new BearerTokenError(TEST_ERROR_CODE, TEST_HTTP_STATUS, TEST_DESCRIPTION,
-				TEST_URI, TEST_SCOPE + "\""))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessageContaining("scope")
-				.hasMessageContaining("RFC 6750");
+		assertThatCode(() -> new BearerTokenError(TEST_ERROR_CODE, TEST_HTTP_STATUS, TEST_DESCRIPTION, TEST_URI,
+				TEST_SCOPE + "\"")).isInstanceOf(IllegalArgumentException.class).hasMessageContaining("scope")
+						.hasMessageContaining("RFC 6750");
 	}
+
 }
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/BearerTokenErrorsTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/BearerTokenErrorsTests.java
index c244e68ba4..f84778f545 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/BearerTokenErrorsTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/BearerTokenErrorsTests.java
@@ -27,6 +27,7 @@ import static org.springframework.security.oauth2.server.resource.BearerTokenErr
 import static org.springframework.security.oauth2.server.resource.BearerTokenErrorCodes.INVALID_TOKEN;
 
 public class BearerTokenErrorsTests {
+
 	@Test
 	public void invalidRequestWhenMessageGivenThenBearerTokenErrorReturned() {
 		String message = "message";
@@ -89,4 +90,5 @@ public class BearerTokenErrorsTests {
 		assertThat(error.getScope()).isNull();
 		assertThat(error.getUri()).isEqualTo("https://tools.ietf.org/html/rfc6750#section-3.1");
 	}
+
 }
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/DefaultAuthenticationEventPublisherBearerTokenTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/DefaultAuthenticationEventPublisherBearerTokenTests.java
index d87c0d8acf..84456f738b 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/DefaultAuthenticationEventPublisherBearerTokenTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/DefaultAuthenticationEventPublisherBearerTokenTests.java
@@ -36,6 +36,7 @@ import static org.springframework.security.oauth2.jwt.TestJwts.jwt;
  * {@see DefaultAuthenticationEventPublisher}
  */
 public class DefaultAuthenticationEventPublisherBearerTokenTests {
+
 	DefaultAuthenticationEventPublisher publisher;
 
 	@Test
@@ -46,7 +47,7 @@ public class DefaultAuthenticationEventPublisherBearerTokenTests {
 		this.publisher = new DefaultAuthenticationEventPublisher(appPublisher);
 		this.publisher.publishAuthenticationFailure(new InvalidBearerTokenException("invalid"), authentication);
 		this.publisher.publishAuthenticationFailure(new InvalidBearerTokenException("invalid", cause), authentication);
-		verify(appPublisher, times(2)).publishEvent(
-				isA(AuthenticationFailureBadCredentialsEvent.class));
+		verify(appPublisher, times(2)).publishEvent(isA(AuthenticationFailureBadCredentialsEvent.class));
 	}
+
 }
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/BearerTokenAuthenticationTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/BearerTokenAuthenticationTests.java
index 8aa7fefc7f..e8c7b3eb44 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/BearerTokenAuthenticationTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/BearerTokenAuthenticationTests.java
@@ -46,12 +46,16 @@ import static org.springframework.security.oauth2.server.resource.introspection.
  * @author Josh Cummings
  */
 public class BearerTokenAuthenticationTests {
-	private final OAuth2AccessToken token =
-			new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,
-				"token", Instant.now(), Instant.now().plusSeconds(3600));
+
+	private final OAuth2AccessToken token = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, "token",
+			Instant.now(), Instant.now().plusSeconds(3600));
+
 	private final String name = "sub";
+
 	private Map<String, Object> attributesMap = new HashMap<>();
+
 	private DefaultOAuth2AuthenticatedPrincipal principal;
+
 	private final Collection<GrantedAuthority> authorities = AuthorityUtils.createAuthorityList("USER");
 
 	@Before
@@ -64,15 +68,17 @@ public class BearerTokenAuthenticationTests {
 
 	@Test
 	public void getNameWhenConfiguredInConstructorThenReturnsName() {
-		OAuth2AuthenticatedPrincipal principal = new DefaultOAuth2AuthenticatedPrincipal(this.name, this.attributesMap, this.authorities);
-		BearerTokenAuthentication authenticated = new BearerTokenAuthentication(principal, this.token, this.authorities);
+		OAuth2AuthenticatedPrincipal principal = new DefaultOAuth2AuthenticatedPrincipal(this.name, this.attributesMap,
+				this.authorities);
+		BearerTokenAuthentication authenticated = new BearerTokenAuthentication(principal, this.token,
+				this.authorities);
 		assertThat(authenticated.getName()).isEqualTo(this.name);
 	}
 
 	@Test
 	public void getNameWhenHasNoSubjectThenReturnsNull() {
-		OAuth2AuthenticatedPrincipal principal =
-				new DefaultOAuth2AuthenticatedPrincipal(Collections.singletonMap("claim", "value"), null);
+		OAuth2AuthenticatedPrincipal principal = new DefaultOAuth2AuthenticatedPrincipal(
+				Collections.singletonMap("claim", "value"), null);
 		BearerTokenAuthentication authenticated = new BearerTokenAuthentication(principal, this.token, null);
 		assertThat(authenticated.getName()).isNull();
 	}
@@ -86,37 +92,35 @@ public class BearerTokenAuthenticationTests {
 	@Test
 	public void constructorWhenTokenIsNullThenThrowsException() {
 		assertThatCode(() -> new BearerTokenAuthentication(this.principal, null, null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessageContaining("token cannot be null");
+				.isInstanceOf(IllegalArgumentException.class).hasMessageContaining("token cannot be null");
 	}
 
 	@Test
 	public void constructorWhenCredentialIsNullThenThrowsException() {
 		assertThatCode(() -> new BearerTokenAuthentication(null, this.token, null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessageContaining("principal cannot be null");
+				.isInstanceOf(IllegalArgumentException.class).hasMessageContaining("principal cannot be null");
 	}
 
 	@Test
 	public void constructorWhenPassingAllAttributesThenTokenIsAuthenticated() {
-		OAuth2AuthenticatedPrincipal principal =
-				new DefaultOAuth2AuthenticatedPrincipal("harris", Collections.singletonMap("claim", "value"), null);
+		OAuth2AuthenticatedPrincipal principal = new DefaultOAuth2AuthenticatedPrincipal("harris",
+				Collections.singletonMap("claim", "value"), null);
 		BearerTokenAuthentication authenticated = new BearerTokenAuthentication(principal, this.token, null);
 		assertThat(authenticated.isAuthenticated()).isTrue();
 	}
 
 	@Test
 	public void getTokenAttributesWhenHasTokenThenReturnsThem() {
-		BearerTokenAuthentication authenticated =
-				new BearerTokenAuthentication(this.principal, this.token, Collections.emptyList());
+		BearerTokenAuthentication authenticated = new BearerTokenAuthentication(this.principal, this.token,
+				Collections.emptyList());
 		assertThat(authenticated.getTokenAttributes()).isEqualTo(this.principal.getAttributes());
 	}
 
 	@Test
 	public void getAuthoritiesWhenHasAuthoritiesThenReturnsThem() {
 		List<GrantedAuthority> authorities = AuthorityUtils.createAuthorityList("USER");
-		BearerTokenAuthentication authenticated =
-				new BearerTokenAuthentication(this.principal, this.token, authorities);
+		BearerTokenAuthentication authenticated = new BearerTokenAuthentication(this.principal, this.token,
+				authorities);
 		assertThat(authenticated.getAuthorities()).isEqualTo(authorities);
 	}
 
@@ -137,7 +141,7 @@ public class BearerTokenAuthenticationTests {
 		JSONObject attributes = new JSONObject(Collections.singletonMap("iss", new URL("https://idp.example.com")));
 		OAuth2AuthenticatedPrincipal principal = new DefaultOAuth2AuthenticatedPrincipal(attributes, null);
 		BearerTokenAuthentication token = new BearerTokenAuthentication(principal, this.token, null);
-		assertThatCode(token::toString)
-				.doesNotThrowAnyException();
+		assertThatCode(token::toString).doesNotThrowAnyException();
 	}
+
 }
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationConverterTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationConverterTests.java
index 6ade846fbc..ad14ba287a 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationConverterTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationConverterTests.java
@@ -38,6 +38,7 @@ import static org.springframework.security.oauth2.jwt.TestJwts.jwt;
  * @author Evgeniy Cheban
  */
 public class JwtAuthenticationConverterTests {
+
 	JwtAuthenticationConverter jwtAuthenticationConverter = new JwtAuthenticationConverter();
 
 	@Test
@@ -47,8 +48,7 @@ public class JwtAuthenticationConverterTests {
 		AbstractAuthenticationToken authentication = this.jwtAuthenticationConverter.convert(jwt);
 		Collection<GrantedAuthority> authorities = authentication.getAuthorities();
 
-		assertThat(authorities).containsExactly(
-				new SimpleGrantedAuthority("SCOPE_message:read"),
+		assertThat(authorities).containsExactly(new SimpleGrantedAuthority("SCOPE_message:read"),
 				new SimpleGrantedAuthority("SCOPE_message:write"));
 	}
 
@@ -63,16 +63,15 @@ public class JwtAuthenticationConverterTests {
 	public void convertWithOverriddenGrantedAuthoritiesConverter() {
 		Jwt jwt = jwt().claim("scope", "message:read message:write").build();
 
-		Converter<Jwt, Collection<GrantedAuthority>> grantedAuthoritiesConverter =
-				token -> Arrays.asList(new SimpleGrantedAuthority("blah"));
+		Converter<Jwt, Collection<GrantedAuthority>> grantedAuthoritiesConverter = token -> Arrays
+				.asList(new SimpleGrantedAuthority("blah"));
 
 		this.jwtAuthenticationConverter.setJwtGrantedAuthoritiesConverter(grantedAuthoritiesConverter);
 
 		AbstractAuthenticationToken authentication = this.jwtAuthenticationConverter.convert(jwt);
 		Collection<GrantedAuthority> authorities = authentication.getAuthorities();
 
-		assertThat(authorities).containsExactly(
-				new SimpleGrantedAuthority("blah"));
+		assertThat(authorities).containsExactly(new SimpleGrantedAuthority("blah"));
 	}
 
 	@Test
@@ -84,8 +83,7 @@ public class JwtAuthenticationConverterTests {
 
 	@Test
 	public void whenSettingEmptyPrincipalClaimName() {
-		assertThatIllegalArgumentException()
-				.isThrownBy(() -> this.jwtAuthenticationConverter.setPrincipalClaimName(""))
+		assertThatIllegalArgumentException().isThrownBy(() -> this.jwtAuthenticationConverter.setPrincipalClaimName(""))
 				.withMessage("principalClaimName cannot be empty");
 	}
 
@@ -105,4 +103,5 @@ public class JwtAuthenticationConverterTests {
 
 		assertThat(authentication.getName()).isEqualTo("100");
 	}
+
 }
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationProviderTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationProviderTests.java
index 50db5d9187..fe8c173d54 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationProviderTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationProviderTests.java
@@ -46,6 +46,7 @@ import static org.springframework.security.oauth2.jwt.TestJwts.jwt;
  */
 @RunWith(MockitoJUnitRunner.class)
 public class JwtAuthenticationProviderTests {
+
 	@Mock
 	Converter<Jwt, JwtAuthenticationToken> jwtAuthenticationConverter;
 
@@ -56,8 +57,7 @@ public class JwtAuthenticationProviderTests {
 
 	@Before
 	public void setup() {
-		this.provider =
-				new JwtAuthenticationProvider(this.jwtDecoder);
+		this.provider = new JwtAuthenticationProvider(this.jwtDecoder);
 		this.provider.setJwtAuthenticationConverter(jwtAuthenticationConverter);
 	}
 
@@ -70,8 +70,7 @@ public class JwtAuthenticationProviderTests {
 		when(this.jwtDecoder.decode("token")).thenReturn(jwt);
 		when(this.jwtAuthenticationConverter.convert(jwt)).thenReturn(new JwtAuthenticationToken(jwt));
 
-		JwtAuthenticationToken authentication =
-				(JwtAuthenticationToken) this.provider.authenticate(token);
+		JwtAuthenticationToken authentication = (JwtAuthenticationToken) this.provider.authenticate(token);
 
 		assertThat(authentication.getTokenAttributes()).containsEntry("name", "value");
 	}
@@ -93,11 +92,8 @@ public class JwtAuthenticationProviderTests {
 
 		when(this.jwtDecoder.decode(token.getToken())).thenThrow(new BadJwtException("with \"invalid\" chars"));
 
-		assertThatCode(() -> this.provider.authenticate(token))
-				.isInstanceOf(OAuth2AuthenticationException.class)
-				.hasFieldOrPropertyWithValue(
-						"error.description",
-						"Invalid token");
+		assertThatCode(() -> this.provider.authenticate(token)).isInstanceOf(OAuth2AuthenticationException.class)
+				.hasFieldOrPropertyWithValue("error.description", "Invalid token");
 	}
 
 	// gh-7785
@@ -107,8 +103,7 @@ public class JwtAuthenticationProviderTests {
 
 		when(this.jwtDecoder.decode(token.getToken())).thenThrow(new JwtException("no jwk set"));
 
-		assertThatCode(() -> this.provider.authenticate(token))
-				.isInstanceOf(AuthenticationException.class)
+		assertThatCode(() -> this.provider.authenticate(token)).isInstanceOf(AuthenticationException.class)
 				.isNotInstanceOf(OAuth2AuthenticationException.class);
 	}
 
@@ -124,9 +119,8 @@ public class JwtAuthenticationProviderTests {
 		when(this.jwtDecoder.decode(token.getToken())).thenReturn(jwt);
 		when(this.jwtAuthenticationConverter.convert(jwt)).thenReturn(authentication);
 
-		assertThat(this.provider.authenticate(token))
-				.isEqualTo(authentication)
-				.hasFieldOrPropertyWithValue("details", details);
+		assertThat(this.provider.authenticate(token)).isEqualTo(authentication).hasFieldOrPropertyWithValue("details",
+				details);
 	}
 
 	@Test
@@ -139,7 +133,7 @@ public class JwtAuthenticationProviderTests {
 	}
 
 	private Predicate<? super Throwable> errorCode(String errorCode) {
-		return failed ->
-				((OAuth2AuthenticationException) failed).getError().getErrorCode() == errorCode;
+		return failed -> ((OAuth2AuthenticationException) failed).getError().getErrorCode() == errorCode;
 	}
+
 }
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationTokenTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationTokenTests.java
index f439abf7d2..5fc65eb8bf 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationTokenTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationTokenTests.java
@@ -56,8 +56,7 @@ public class JwtAuthenticationTokenTests {
 
 	@Test
 	public void constructorWhenJwtIsNullThenThrowsException() {
-		assertThatCode(() -> new JwtAuthenticationToken(null))
-				.isInstanceOf(IllegalArgumentException.class)
+		assertThatCode(() -> new JwtAuthenticationToken(null)).isInstanceOf(IllegalArgumentException.class)
 				.hasMessageContaining("token cannot be null");
 	}
 
@@ -127,4 +126,5 @@ public class JwtAuthenticationTokenTests {
 	private Jwt.Builder builder() {
 		return Jwt.withTokenValue("token").header("alg", RS256);
 	}
+
 }
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtBearerTokenAuthenticationConverterTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtBearerTokenAuthenticationConverterTests.java
index f96073aeb7..db485936f7 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtBearerTokenAuthenticationConverterTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtBearerTokenAuthenticationConverterTests.java
@@ -32,15 +32,12 @@ import static org.assertj.core.api.Assertions.assertThat;
  * @author Josh Cummings
  */
 public class JwtBearerTokenAuthenticationConverterTests {
-	private final JwtBearerTokenAuthenticationConverter converter =
-			new JwtBearerTokenAuthenticationConverter();
+
+	private final JwtBearerTokenAuthenticationConverter converter = new JwtBearerTokenAuthenticationConverter();
 
 	@Test
 	public void convertWhenJwtThenBearerTokenAuthentication() {
-		Jwt jwt = Jwt.withTokenValue("token-value")
-				.claim("claim", "value")
-				.header("header", "value")
-				.build();
+		Jwt jwt = Jwt.withTokenValue("token-value").claim("claim", "value").header("header", "value").build();
 
 		AbstractAuthenticationToken token = this.converter.convert(jwt);
 
@@ -53,33 +50,28 @@ public class JwtBearerTokenAuthenticationConverterTests {
 
 	@Test
 	public void convertWhenJwtWithScopeAttributeThenBearerTokenAuthentication() {
-		Jwt jwt = Jwt.withTokenValue("token-value")
-				.claim("scope", "message:read message:write")
-				.header("header", "value")
-				.build();
+		Jwt jwt = Jwt.withTokenValue("token-value").claim("scope", "message:read message:write")
+				.header("header", "value").build();
 
 		AbstractAuthenticationToken token = this.converter.convert(jwt);
 
 		assertThat(token).isInstanceOf(BearerTokenAuthentication.class);
 		BearerTokenAuthentication bearerToken = (BearerTokenAuthentication) token;
-		assertThat(bearerToken.getAuthorities())
-				.containsExactly(new SimpleGrantedAuthority("SCOPE_message:read"),
-						new SimpleGrantedAuthority("SCOPE_message:write"));
+		assertThat(bearerToken.getAuthorities()).containsExactly(new SimpleGrantedAuthority("SCOPE_message:read"),
+				new SimpleGrantedAuthority("SCOPE_message:write"));
 	}
 
 	@Test
 	public void convertWhenJwtWithScpAttributeThenBearerTokenAuthentication() {
-		Jwt jwt = Jwt.withTokenValue("token-value")
-				.claim("scp", Arrays.asList("message:read", "message:write"))
-				.header("header", "value")
-				.build();
+		Jwt jwt = Jwt.withTokenValue("token-value").claim("scp", Arrays.asList("message:read", "message:write"))
+				.header("header", "value").build();
 
 		AbstractAuthenticationToken token = this.converter.convert(jwt);
 
 		assertThat(token).isInstanceOf(BearerTokenAuthentication.class);
 		BearerTokenAuthentication bearerToken = (BearerTokenAuthentication) token;
-		assertThat(bearerToken.getAuthorities())
-				.containsExactly(new SimpleGrantedAuthority("SCOPE_message:read"),
-						new SimpleGrantedAuthority("SCOPE_message:write"));
+		assertThat(bearerToken.getAuthorities()).containsExactly(new SimpleGrantedAuthority("SCOPE_message:read"),
+				new SimpleGrantedAuthority("SCOPE_message:write"));
 	}
+
 }
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtGrantedAuthoritiesConverterTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtGrantedAuthoritiesConverterTests.java
index 70ecf618e7..32d1ef773a 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtGrantedAuthoritiesConverterTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtGrantedAuthoritiesConverterTests.java
@@ -50,8 +50,7 @@ public class JwtGrantedAuthoritiesConverterTests {
 		JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
 		Collection<GrantedAuthority> authorities = jwtGrantedAuthoritiesConverter.convert(jwt);
 
-		assertThat(authorities).containsExactly(
-				new SimpleGrantedAuthority("SCOPE_message:read"),
+		assertThat(authorities).containsExactly(new SimpleGrantedAuthority("SCOPE_message:read"),
 				new SimpleGrantedAuthority("SCOPE_message:write"));
 	}
 
@@ -63,8 +62,7 @@ public class JwtGrantedAuthoritiesConverterTests {
 		jwtGrantedAuthoritiesConverter.setAuthorityPrefix("ROLE_");
 		Collection<GrantedAuthority> authorities = jwtGrantedAuthoritiesConverter.convert(jwt);
 
-		assertThat(authorities).containsExactly(
-				new SimpleGrantedAuthority("ROLE_message:read"),
+		assertThat(authorities).containsExactly(new SimpleGrantedAuthority("ROLE_message:read"),
 				new SimpleGrantedAuthority("ROLE_message:write"));
 	}
 
@@ -76,8 +74,7 @@ public class JwtGrantedAuthoritiesConverterTests {
 		jwtGrantedAuthoritiesConverter.setAuthorityPrefix("");
 		Collection<GrantedAuthority> authorities = jwtGrantedAuthoritiesConverter.convert(jwt);
 
-		assertThat(authorities).containsExactly(
-				new SimpleGrantedAuthority("message:read"),
+		assertThat(authorities).containsExactly(new SimpleGrantedAuthority("message:read"),
 				new SimpleGrantedAuthority("message:write"));
 	}
 
@@ -98,8 +95,7 @@ public class JwtGrantedAuthoritiesConverterTests {
 		JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
 		Collection<GrantedAuthority> authorities = jwtGrantedAuthoritiesConverter.convert(jwt);
 
-		assertThat(authorities).containsExactly(
-				new SimpleGrantedAuthority("SCOPE_message:read"),
+		assertThat(authorities).containsExactly(new SimpleGrantedAuthority("SCOPE_message:read"),
 				new SimpleGrantedAuthority("SCOPE_message:write"));
 	}
 
@@ -111,8 +107,7 @@ public class JwtGrantedAuthoritiesConverterTests {
 		jwtGrantedAuthoritiesConverter.setAuthorityPrefix("ROLE_");
 		Collection<GrantedAuthority> authorities = jwtGrantedAuthoritiesConverter.convert(jwt);
 
-		assertThat(authorities).containsExactly(
-				new SimpleGrantedAuthority("ROLE_message:read"),
+		assertThat(authorities).containsExactly(new SimpleGrantedAuthority("ROLE_message:read"),
 				new SimpleGrantedAuthority("ROLE_message:write"));
 	}
 
@@ -124,8 +119,7 @@ public class JwtGrantedAuthoritiesConverterTests {
 		jwtGrantedAuthoritiesConverter.setAuthorityPrefix("");
 		Collection<GrantedAuthority> authorities = jwtGrantedAuthoritiesConverter.convert(jwt);
 
-		assertThat(authorities).containsExactly(
-				new SimpleGrantedAuthority("message:read"),
+		assertThat(authorities).containsExactly(new SimpleGrantedAuthority("message:read"),
 				new SimpleGrantedAuthority("message:write"));
 	}
 
@@ -141,25 +135,19 @@ public class JwtGrantedAuthoritiesConverterTests {
 
 	@Test
 	public void convertWhenTokenHasBothScopeAndScpThenScopeAttributeIsTranslatedToAuthorities() {
-		Jwt jwt = jwt()
-			.claim("scp", Arrays.asList("message:read", "message:write"))
-			.claim("scope", "missive:read missive:write")
-			.build();
+		Jwt jwt = jwt().claim("scp", Arrays.asList("message:read", "message:write"))
+				.claim("scope", "missive:read missive:write").build();
 
 		JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
 		Collection<GrantedAuthority> authorities = jwtGrantedAuthoritiesConverter.convert(jwt);
 
-		assertThat(authorities).containsExactly(
-				new SimpleGrantedAuthority("SCOPE_missive:read"),
+		assertThat(authorities).containsExactly(new SimpleGrantedAuthority("SCOPE_missive:read"),
 				new SimpleGrantedAuthority("SCOPE_missive:write"));
 	}
 
 	@Test
 	public void convertWhenTokenHasEmptyScopeAndNonEmptyScpThenScopeAttributeIsTranslatedToNoAuthorities() {
-		Jwt jwt = jwt()
-			.claim("scp", Arrays.asList("message:read", "message:write"))
-			.claim("scope", "")
-			.build();
+		Jwt jwt = jwt().claim("scp", Arrays.asList("message:read", "message:write")).claim("scope", "").build();
 
 		JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
 		Collection<GrantedAuthority> authorities = jwtGrantedAuthoritiesConverter.convert(jwt);
@@ -169,10 +157,7 @@ public class JwtGrantedAuthoritiesConverterTests {
 
 	@Test
 	public void convertWhenTokenHasEmptyScopeAndEmptyScpAttributeThenTranslatesToNoAuthorities() {
-		Jwt jwt = jwt()
-			.claim("scp", Collections.emptyList())
-			.claim("scope", Collections.emptyList())
-			.build();
+		Jwt jwt = jwt().claim("scp", Collections.emptyList()).claim("scope", Collections.emptyList()).build();
 
 		JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
 		Collection<GrantedAuthority> authorities = jwtGrantedAuthoritiesConverter.convert(jwt);
@@ -192,7 +177,7 @@ public class JwtGrantedAuthoritiesConverterTests {
 
 	@Test
 	public void convertWhenTokenHasUnsupportedTypeForScopeThenTranslatesToNoAuthorities() {
-		Jwt jwt = jwt().claim("scope", new String[] {"message:read", "message:write"}).build();
+		Jwt jwt = jwt().claim("scope", new String[] { "message:read", "message:write" }).build();
 
 		JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
 		Collection<GrantedAuthority> authorities = jwtGrantedAuthoritiesConverter.convert(jwt);
@@ -202,26 +187,20 @@ public class JwtGrantedAuthoritiesConverterTests {
 
 	@Test
 	public void convertWhenTokenHasCustomClaimNameThenCustomClaimNameAttributeIsTranslatedToAuthorities() {
-		Jwt jwt = jwt()
-				.claim("roles", Arrays.asList("message:read", "message:write"))
-				.claim("scope", "missive:read missive:write")
-				.build();
+		Jwt jwt = jwt().claim("roles", Arrays.asList("message:read", "message:write"))
+				.claim("scope", "missive:read missive:write").build();
 
 		JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
 		jwtGrantedAuthoritiesConverter.setAuthoritiesClaimName("roles");
 		Collection<GrantedAuthority> authorities = jwtGrantedAuthoritiesConverter.convert(jwt);
 
-		assertThat(authorities).containsExactly(
-				new SimpleGrantedAuthority("SCOPE_message:read"),
+		assertThat(authorities).containsExactly(new SimpleGrantedAuthority("SCOPE_message:read"),
 				new SimpleGrantedAuthority("SCOPE_message:write"));
 	}
 
 	@Test
 	public void convertWhenTokenHasEmptyCustomClaimNameThenCustomClaimNameAttributeIsTranslatedToNoAuthorities() {
-		Jwt jwt = jwt()
-				.claim("roles", Collections.emptyList())
-				.claim("scope", "missive:read missive:write")
-				.build();
+		Jwt jwt = jwt().claim("roles", Collections.emptyList()).claim("scope", "missive:read missive:write").build();
 
 		JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
 		jwtGrantedAuthoritiesConverter.setAuthoritiesClaimName("roles");
@@ -240,4 +219,5 @@ public class JwtGrantedAuthoritiesConverterTests {
 
 		assertThat(authorities).isEmpty();
 	}
+
 }
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerAuthenticationManagerResolverTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerAuthenticationManagerResolverTests.java
index 21df5189fe..1cab4a21c5 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerAuthenticationManagerResolverTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerAuthenticationManagerResolverTests.java
@@ -48,13 +48,14 @@ import static org.springframework.security.oauth2.jwt.JwtClaimNames.ISS;
  * Tests for {@link JwtIssuerAuthenticationManagerResolver}
  */
 public class JwtIssuerAuthenticationManagerResolverTests {
-	private static final String DEFAULT_RESPONSE_TEMPLATE = "{\n"
-			+ "    \"issuer\": \"%s\", \n"
-			+ "    \"jwks_uri\": \"%s/.well-known/jwks.json\" \n"
-			+ "}";
+
+	private static final String DEFAULT_RESPONSE_TEMPLATE = "{\n" + "    \"issuer\": \"%s\", \n"
+			+ "    \"jwks_uri\": \"%s/.well-known/jwks.json\" \n" + "}";
 
 	private String jwt = jwt("iss", "trusted");
+
 	private String evil = jwt("iss", "\"");
+
 	private String noIssuer = jwt("sub", "sub");
 
 	@Test
@@ -62,51 +63,45 @@ public class JwtIssuerAuthenticationManagerResolverTests {
 		try (MockWebServer server = new MockWebServer()) {
 			server.start();
 			String issuer = server.url("").toString();
-			server.enqueue(new MockResponse()
-					.setResponseCode(200)
-					.setHeader("Content-Type", "application/json")
+			server.enqueue(new MockResponse().setResponseCode(200).setHeader("Content-Type", "application/json")
 					.setBody(String.format(DEFAULT_RESPONSE_TEMPLATE, issuer, issuer)));
 			JWSObject jws = new JWSObject(new JWSHeader(JWSAlgorithm.RS256),
 					new Payload(new JSONObject(Collections.singletonMap(ISS, issuer))));
 			jws.sign(new RSASSASigner(TestKeys.DEFAULT_PRIVATE_KEY));
 
-			JwtIssuerAuthenticationManagerResolver authenticationManagerResolver =
-					new JwtIssuerAuthenticationManagerResolver(issuer);
+			JwtIssuerAuthenticationManagerResolver authenticationManagerResolver = new JwtIssuerAuthenticationManagerResolver(
+					issuer);
 			MockHttpServletRequest request = new MockHttpServletRequest();
 			request.addHeader("Authorization", "Bearer " + jws.serialize());
 
-			AuthenticationManager authenticationManager =
-					authenticationManagerResolver.resolve(request);
+			AuthenticationManager authenticationManager = authenticationManagerResolver.resolve(request);
 			assertThat(authenticationManager).isNotNull();
 
-			AuthenticationManager cachedAuthenticationManager =
-					authenticationManagerResolver.resolve(request);
+			AuthenticationManager cachedAuthenticationManager = authenticationManagerResolver.resolve(request);
 			assertThat(authenticationManager).isSameAs(cachedAuthenticationManager);
 		}
 	}
 
 	@Test
 	public void resolveWhenUsingUntrustedIssuerThenException() {
-		JwtIssuerAuthenticationManagerResolver authenticationManagerResolver =
-				new JwtIssuerAuthenticationManagerResolver("other", "issuers");
+		JwtIssuerAuthenticationManagerResolver authenticationManagerResolver = new JwtIssuerAuthenticationManagerResolver(
+				"other", "issuers");
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.addHeader("Authorization", "Bearer " + this.jwt);
 
 		assertThatCode(() -> authenticationManagerResolver.resolve(request))
-				.isInstanceOf(OAuth2AuthenticationException.class)
-				.hasMessageContaining("Invalid issuer");
+				.isInstanceOf(OAuth2AuthenticationException.class).hasMessageContaining("Invalid issuer");
 	}
 
 	@Test
 	public void resolveWhenUsingCustomIssuerAuthenticationManagerResolverThenUses() {
 		AuthenticationManager authenticationManager = mock(AuthenticationManager.class);
-		JwtIssuerAuthenticationManagerResolver authenticationManagerResolver =
-				new JwtIssuerAuthenticationManagerResolver(issuer -> authenticationManager);
+		JwtIssuerAuthenticationManagerResolver authenticationManagerResolver = new JwtIssuerAuthenticationManagerResolver(
+				issuer -> authenticationManager);
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.addHeader("Authorization", "Bearer " + this.jwt);
 
-		assertThat(authenticationManagerResolver.resolve(request))
-				.isSameAs(authenticationManager);
+		assertThat(authenticationManagerResolver.resolve(request)).isSameAs(authenticationManager);
 	}
 
 	@Test
@@ -115,54 +110,48 @@ public class JwtIssuerAuthenticationManagerResolverTests {
 		request.addHeader("Authorization", "Bearer " + this.jwt);
 
 		Map<String, AuthenticationManager> authenticationManagers = new HashMap<>();
-		JwtIssuerAuthenticationManagerResolver authenticationManagerResolver =
-				new JwtIssuerAuthenticationManagerResolver(authenticationManagers::get);
+		JwtIssuerAuthenticationManagerResolver authenticationManagerResolver = new JwtIssuerAuthenticationManagerResolver(
+				authenticationManagers::get);
 		assertThatCode(() -> authenticationManagerResolver.resolve(request))
-				.isInstanceOf(OAuth2AuthenticationException.class)
-				.hasMessageContaining("Invalid issuer");
+				.isInstanceOf(OAuth2AuthenticationException.class).hasMessageContaining("Invalid issuer");
 
 		AuthenticationManager authenticationManager = mock(AuthenticationManager.class);
 		authenticationManagers.put("trusted", authenticationManager);
-		assertThat(authenticationManagerResolver.resolve(request))
-				.isSameAs(authenticationManager);
+		assertThat(authenticationManagerResolver.resolve(request)).isSameAs(authenticationManager);
 
 		authenticationManagers.clear();
 		assertThatCode(() -> authenticationManagerResolver.resolve(request))
-				.isInstanceOf(OAuth2AuthenticationException.class)
-				.hasMessageContaining("Invalid issuer");
+				.isInstanceOf(OAuth2AuthenticationException.class).hasMessageContaining("Invalid issuer");
 	}
 
 	@Test
 	public void resolveWhenBearerTokenMalformedThenException() {
-		JwtIssuerAuthenticationManagerResolver authenticationManagerResolver =
-				new JwtIssuerAuthenticationManagerResolver("trusted");
+		JwtIssuerAuthenticationManagerResolver authenticationManagerResolver = new JwtIssuerAuthenticationManagerResolver(
+				"trusted");
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.addHeader("Authorization", "Bearer jwt");
 		assertThatCode(() -> authenticationManagerResolver.resolve(request))
-				.isInstanceOf(OAuth2AuthenticationException.class)
-				.hasMessageNotContaining("Invalid issuer");
+				.isInstanceOf(OAuth2AuthenticationException.class).hasMessageNotContaining("Invalid issuer");
 	}
 
 	@Test
 	public void resolveWhenBearerTokenNoIssuerThenException() {
-		JwtIssuerAuthenticationManagerResolver authenticationManagerResolver =
-				new JwtIssuerAuthenticationManagerResolver("trusted");
+		JwtIssuerAuthenticationManagerResolver authenticationManagerResolver = new JwtIssuerAuthenticationManagerResolver(
+				"trusted");
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.addHeader("Authorization", "Bearer " + this.noIssuer);
 		assertThatCode(() -> authenticationManagerResolver.resolve(request))
-				.isInstanceOf(OAuth2AuthenticationException.class)
-				.hasMessageContaining("Missing issuer");
+				.isInstanceOf(OAuth2AuthenticationException.class).hasMessageContaining("Missing issuer");
 	}
 
 	@Test
 	public void resolveWhenBearerTokenEvilThenGenericException() {
-		JwtIssuerAuthenticationManagerResolver authenticationManagerResolver =
-				new JwtIssuerAuthenticationManagerResolver("trusted");
+		JwtIssuerAuthenticationManagerResolver authenticationManagerResolver = new JwtIssuerAuthenticationManagerResolver(
+				"trusted");
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.addHeader("Authorization", "Bearer " + this.evil);
 		assertThatCode(() -> authenticationManagerResolver.resolve(request))
-				.isInstanceOf(OAuth2AuthenticationException.class)
-				.hasMessage("Invalid issuer");
+				.isInstanceOf(OAuth2AuthenticationException.class).hasMessage("Invalid issuer");
 	}
 
 	@Test
@@ -183,4 +172,5 @@ public class JwtIssuerAuthenticationManagerResolverTests {
 		PlainJWT jwt = new PlainJWT(new JWTClaimsSet.Builder().claim(claim, value).build());
 		return jwt.serialize();
 	}
+
 }
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerReactiveAuthenticationManagerResolverTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerReactiveAuthenticationManagerResolverTests.java
index d694707096..58e545ff03 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerReactiveAuthenticationManagerResolverTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerReactiveAuthenticationManagerResolverTests.java
@@ -50,61 +50,58 @@ import static org.springframework.security.oauth2.jwt.JwtClaimNames.ISS;
  * Tests for {@link JwtIssuerReactiveAuthenticationManagerResolver}
  */
 public class JwtIssuerReactiveAuthenticationManagerResolverTests {
-	private static final String DEFAULT_RESPONSE_TEMPLATE = "{\n"
-			+ "    \"issuer\": \"%s\", \n"
-			+ "    \"jwks_uri\": \"%s/.well-known/jwks.json\" \n"
-			+ "}";
+
+	private static final String DEFAULT_RESPONSE_TEMPLATE = "{\n" + "    \"issuer\": \"%s\", \n"
+			+ "    \"jwks_uri\": \"%s/.well-known/jwks.json\" \n" + "}";
 
 	private String jwt = jwt("iss", "trusted");
+
 	private String evil = jwt("iss", "\"");
+
 	private String noIssuer = jwt("sub", "sub");
 
 	@Test
 	public void resolveWhenUsingTrustedIssuerThenReturnsAuthenticationManager() throws Exception {
 		try (MockWebServer server = new MockWebServer()) {
 			String issuer = server.url("").toString();
-			server.enqueue(new MockResponse()
-					.setResponseCode(200)
-					.setHeader("Content-Type", "application/json")
+			server.enqueue(new MockResponse().setResponseCode(200).setHeader("Content-Type", "application/json")
 					.setBody(String.format(DEFAULT_RESPONSE_TEMPLATE, issuer, issuer)));
 			JWSObject jws = new JWSObject(new JWSHeader(JWSAlgorithm.RS256),
 					new Payload(new JSONObject(Collections.singletonMap(ISS, issuer))));
 			jws.sign(new RSASSASigner(TestKeys.DEFAULT_PRIVATE_KEY));
 
-			JwtIssuerReactiveAuthenticationManagerResolver authenticationManagerResolver =
-					new JwtIssuerReactiveAuthenticationManagerResolver(issuer);
+			JwtIssuerReactiveAuthenticationManagerResolver authenticationManagerResolver = new JwtIssuerReactiveAuthenticationManagerResolver(
+					issuer);
 			MockServerWebExchange exchange = withBearerToken(jws.serialize());
 
-			ReactiveAuthenticationManager authenticationManager =
-					authenticationManagerResolver.resolve(exchange).block();
+			ReactiveAuthenticationManager authenticationManager = authenticationManagerResolver.resolve(exchange)
+					.block();
 			assertThat(authenticationManager).isNotNull();
 
-			ReactiveAuthenticationManager cachedAuthenticationManager =
-					authenticationManagerResolver.resolve(exchange).block();
+			ReactiveAuthenticationManager cachedAuthenticationManager = authenticationManagerResolver.resolve(exchange)
+					.block();
 			assertThat(authenticationManager).isSameAs(cachedAuthenticationManager);
 		}
 	}
 
 	@Test
 	public void resolveWhenUsingUntrustedIssuerThenException() {
-		JwtIssuerReactiveAuthenticationManagerResolver authenticationManagerResolver =
-				new JwtIssuerReactiveAuthenticationManagerResolver("other", "issuers");
+		JwtIssuerReactiveAuthenticationManagerResolver authenticationManagerResolver = new JwtIssuerReactiveAuthenticationManagerResolver(
+				"other", "issuers");
 		MockServerWebExchange exchange = withBearerToken(this.jwt);
 
 		assertThatCode(() -> authenticationManagerResolver.resolve(exchange).block())
-				.isInstanceOf(OAuth2AuthenticationException.class)
-				.hasMessageContaining("Invalid issuer");
+				.isInstanceOf(OAuth2AuthenticationException.class).hasMessageContaining("Invalid issuer");
 	}
 
 	@Test
 	public void resolveWhenUsingCustomIssuerAuthenticationManagerResolverThenUses() {
 		ReactiveAuthenticationManager authenticationManager = mock(ReactiveAuthenticationManager.class);
-		JwtIssuerReactiveAuthenticationManagerResolver authenticationManagerResolver =
-				new JwtIssuerReactiveAuthenticationManagerResolver(issuer -> Mono.just(authenticationManager));
+		JwtIssuerReactiveAuthenticationManagerResolver authenticationManagerResolver = new JwtIssuerReactiveAuthenticationManagerResolver(
+				issuer -> Mono.just(authenticationManager));
 		MockServerWebExchange exchange = withBearerToken(this.jwt);
 
-		assertThat(authenticationManagerResolver.resolve(exchange).block())
-				.isSameAs(authenticationManager);
+		assertThat(authenticationManagerResolver.resolve(exchange).block()).isSameAs(authenticationManager);
 	}
 
 	@Test
@@ -112,51 +109,45 @@ public class JwtIssuerReactiveAuthenticationManagerResolverTests {
 		MockServerWebExchange exchange = withBearerToken(this.jwt);
 
 		Map<String, ReactiveAuthenticationManager> authenticationManagers = new HashMap<>();
-		JwtIssuerReactiveAuthenticationManagerResolver authenticationManagerResolver =
-				new JwtIssuerReactiveAuthenticationManagerResolver(issuer -> Mono.justOrEmpty(authenticationManagers.get(issuer)));
+		JwtIssuerReactiveAuthenticationManagerResolver authenticationManagerResolver = new JwtIssuerReactiveAuthenticationManagerResolver(
+				issuer -> Mono.justOrEmpty(authenticationManagers.get(issuer)));
 		assertThatCode(() -> authenticationManagerResolver.resolve(exchange).block())
-				.isInstanceOf(OAuth2AuthenticationException.class)
-				.hasMessageContaining("Invalid issuer");
+				.isInstanceOf(OAuth2AuthenticationException.class).hasMessageContaining("Invalid issuer");
 
 		ReactiveAuthenticationManager authenticationManager = mock(ReactiveAuthenticationManager.class);
 		authenticationManagers.put("trusted", authenticationManager);
-		assertThat(authenticationManagerResolver.resolve(exchange).block())
-				.isSameAs(authenticationManager);
+		assertThat(authenticationManagerResolver.resolve(exchange).block()).isSameAs(authenticationManager);
 
 		authenticationManagers.clear();
 		assertThatCode(() -> authenticationManagerResolver.resolve(exchange).block())
-				.isInstanceOf(OAuth2AuthenticationException.class)
-				.hasMessageContaining("Invalid issuer");
+				.isInstanceOf(OAuth2AuthenticationException.class).hasMessageContaining("Invalid issuer");
 	}
 
 	@Test
 	public void resolveWhenBearerTokenMalformedThenException() {
-		JwtIssuerReactiveAuthenticationManagerResolver authenticationManagerResolver =
-				new JwtIssuerReactiveAuthenticationManagerResolver("trusted");
+		JwtIssuerReactiveAuthenticationManagerResolver authenticationManagerResolver = new JwtIssuerReactiveAuthenticationManagerResolver(
+				"trusted");
 		MockServerWebExchange exchange = withBearerToken("jwt");
 		assertThatCode(() -> authenticationManagerResolver.resolve(exchange).block())
-				.isInstanceOf(OAuth2AuthenticationException.class)
-				.hasMessageNotContaining("Invalid issuer");
+				.isInstanceOf(OAuth2AuthenticationException.class).hasMessageNotContaining("Invalid issuer");
 	}
 
 	@Test
 	public void resolveWhenBearerTokenNoIssuerThenException() {
-		JwtIssuerReactiveAuthenticationManagerResolver authenticationManagerResolver =
-				new JwtIssuerReactiveAuthenticationManagerResolver("trusted");
+		JwtIssuerReactiveAuthenticationManagerResolver authenticationManagerResolver = new JwtIssuerReactiveAuthenticationManagerResolver(
+				"trusted");
 		MockServerWebExchange exchange = withBearerToken(this.noIssuer);
 		assertThatCode(() -> authenticationManagerResolver.resolve(exchange).block())
-				.isInstanceOf(OAuth2AuthenticationException.class)
-				.hasMessageContaining("Missing issuer");
+				.isInstanceOf(OAuth2AuthenticationException.class).hasMessageContaining("Missing issuer");
 	}
 
 	@Test
 	public void resolveWhenBearerTokenEvilThenGenericException() {
-		JwtIssuerReactiveAuthenticationManagerResolver authenticationManagerResolver =
-				new JwtIssuerReactiveAuthenticationManagerResolver("trusted");
+		JwtIssuerReactiveAuthenticationManagerResolver authenticationManagerResolver = new JwtIssuerReactiveAuthenticationManagerResolver(
+				"trusted");
 		MockServerWebExchange exchange = withBearerToken(this.evil);
 		assertThatCode(() -> authenticationManagerResolver.resolve(exchange).block())
-				.isInstanceOf(OAuth2AuthenticationException.class)
-				.hasMessage("Invalid token");
+				.isInstanceOf(OAuth2AuthenticationException.class).hasMessage("Invalid token");
 	}
 
 	@Test
@@ -169,8 +160,9 @@ public class JwtIssuerReactiveAuthenticationManagerResolverTests {
 
 	@Test
 	public void constructorWhenNullAuthenticationManagerResolverThenException() {
-		assertThatCode(() -> new JwtIssuerReactiveAuthenticationManagerResolver((ReactiveAuthenticationManagerResolver) null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatCode(
+				() -> new JwtIssuerReactiveAuthenticationManagerResolver((ReactiveAuthenticationManagerResolver) null))
+						.isInstanceOf(IllegalArgumentException.class);
 	}
 
 	private String jwt(String claim, String value) {
@@ -179,8 +171,9 @@ public class JwtIssuerReactiveAuthenticationManagerResolverTests {
 	}
 
 	private MockServerWebExchange withBearerToken(String token) {
-		MockServerHttpRequest request = MockServerHttpRequest.get("/")
-				.header("Authorization", "Bearer " + token).build();
+		MockServerHttpRequest request = MockServerHttpRequest.get("/").header("Authorization", "Bearer " + token)
+				.build();
 		return MockServerWebExchange.from(request);
 	}
+
 }
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtReactiveAuthenticationManagerTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtReactiveAuthenticationManagerTests.java
index 8317aaba58..5764da170f 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtReactiveAuthenticationManagerTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtReactiveAuthenticationManagerTests.java
@@ -46,6 +46,7 @@ import static org.springframework.security.oauth2.jwt.TestJwts.jwt;
  */
 @RunWith(MockitoJUnitRunner.class)
 public class JwtReactiveAuthenticationManagerTests {
+
 	@Mock
 	private ReactiveJwtDecoder jwtDecoder;
 
@@ -96,11 +97,8 @@ public class JwtReactiveAuthenticationManagerTests {
 		BearerTokenAuthenticationToken token = new BearerTokenAuthenticationToken("token-1");
 		when(this.jwtDecoder.decode(token.getToken())).thenThrow(new BadJwtException("with \"invalid\" chars"));
 
-		assertThatCode(() -> this.manager.authenticate(token).block())
-				.isInstanceOf(OAuth2AuthenticationException.class)
-				.hasFieldOrPropertyWithValue(
-						"error.description",
-						"Invalid token");
+		assertThatCode(() -> this.manager.authenticate(token).block()).isInstanceOf(OAuth2AuthenticationException.class)
+				.hasFieldOrPropertyWithValue("error.description", "Invalid token");
 	}
 
 	// gh-7785
@@ -109,8 +107,7 @@ public class JwtReactiveAuthenticationManagerTests {
 		BearerTokenAuthenticationToken token = new BearerTokenAuthenticationToken("token-1");
 		when(this.jwtDecoder.decode(token.getToken())).thenThrow(new JwtException("no jwk set"));
 
-		assertThatCode(() -> this.manager.authenticate(token).block())
-				.isInstanceOf(AuthenticationException.class)
+		assertThatCode(() -> this.manager.authenticate(token).block()).isInstanceOf(AuthenticationException.class)
 				.isNotInstanceOf(OAuth2AuthenticationException.class);
 	}
 
@@ -119,8 +116,7 @@ public class JwtReactiveAuthenticationManagerTests {
 		BearerTokenAuthenticationToken token = new BearerTokenAuthenticationToken("token-1");
 		when(this.jwtDecoder.decode(any())).thenReturn(Mono.error(new RuntimeException("Oops")));
 
-		assertThatCode(() -> this.manager.authenticate(token).block())
-				.isInstanceOf(RuntimeException.class);
+		assertThatCode(() -> this.manager.authenticate(token).block()).isInstanceOf(RuntimeException.class);
 	}
 
 	@Test
@@ -132,6 +128,8 @@ public class JwtReactiveAuthenticationManagerTests {
 
 		assertThat(authentication).isNotNull();
 		assertThat(authentication.isAuthenticated()).isTrue();
-		assertThat(authentication.getAuthorities()).extracting(GrantedAuthority::getAuthority).containsOnly("SCOPE_message:read", "SCOPE_message:write");
+		assertThat(authentication.getAuthorities()).extracting(GrantedAuthority::getAuthority)
+				.containsOnly("SCOPE_message:read", "SCOPE_message:write");
 	}
+
 }
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenAuthenticationProviderTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenAuthenticationProviderTests.java
index 61496ff77d..0609e5bba3 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenAuthenticationProviderTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenAuthenticationProviderTests.java
@@ -53,51 +53,47 @@ import static org.springframework.security.oauth2.server.resource.introspection.
  * @author Josh Cummings
  */
 public class OpaqueTokenAuthenticationProviderTests {
+
 	@Test
 	public void authenticateWhenActiveTokenThenOk() throws Exception {
-		OAuth2AuthenticatedPrincipal principal = active(attributes -> attributes.put("extension_field", "twenty-seven"));
+		OAuth2AuthenticatedPrincipal principal = active(
+				attributes -> attributes.put("extension_field", "twenty-seven"));
 		OpaqueTokenIntrospector introspector = mock(OpaqueTokenIntrospector.class);
 		when(introspector.introspect(any())).thenReturn(principal);
 		OpaqueTokenAuthenticationProvider provider = new OpaqueTokenAuthenticationProvider(introspector);
 
-		Authentication result =
-				provider.authenticate(new BearerTokenAuthenticationToken("token"));
+		Authentication result = provider.authenticate(new BearerTokenAuthenticationToken("token"));
 
 		assertThat(result.getPrincipal()).isInstanceOf(OAuth2IntrospectionAuthenticatedPrincipal.class);
 
 		Map<String, Object> attributes = ((OAuth2AuthenticatedPrincipal) result.getPrincipal()).getAttributes();
-		assertThat(attributes)
-				.isNotNull()
-				.containsEntry(ACTIVE, true)
+		assertThat(attributes).isNotNull().containsEntry(ACTIVE, true)
 				.containsEntry(AUDIENCE, Arrays.asList("https://protected.example.net/resource"))
 				.containsEntry(OAuth2IntrospectionClaimNames.CLIENT_ID, "l238j323ds-23ij4")
 				.containsEntry(EXPIRES_AT, Instant.ofEpochSecond(1419356238))
 				.containsEntry(ISSUER, new URL("https://server.example.com/"))
 				.containsEntry(NOT_BEFORE, Instant.ofEpochSecond(29348723984L))
 				.containsEntry(SCOPE, Arrays.asList("read", "write", "dolphin"))
-				.containsEntry(SUBJECT, "Z5O3upPC88QrAjx00dis")
-				.containsEntry(USERNAME, "jdoe")
+				.containsEntry(SUBJECT, "Z5O3upPC88QrAjx00dis").containsEntry(USERNAME, "jdoe")
 				.containsEntry("extension_field", "twenty-seven");
 
-		assertThat(result.getAuthorities()).extracting("authority")
-				.containsExactly("SCOPE_read", "SCOPE_write", "SCOPE_dolphin");
+		assertThat(result.getAuthorities()).extracting("authority").containsExactly("SCOPE_read", "SCOPE_write",
+				"SCOPE_dolphin");
 	}
 
 	@Test
 	public void authenticateWhenMissingScopeAttributeThenNoAuthorities() {
-		OAuth2AuthenticatedPrincipal principal = new OAuth2IntrospectionAuthenticatedPrincipal(Collections.singletonMap("claim", "value"), null);
+		OAuth2AuthenticatedPrincipal principal = new OAuth2IntrospectionAuthenticatedPrincipal(
+				Collections.singletonMap("claim", "value"), null);
 		OpaqueTokenIntrospector introspector = mock(OpaqueTokenIntrospector.class);
 		when(introspector.introspect(any())).thenReturn(principal);
 		OpaqueTokenAuthenticationProvider provider = new OpaqueTokenAuthenticationProvider(introspector);
 
-		Authentication result =
-				provider.authenticate(new BearerTokenAuthenticationToken("token"));
+		Authentication result = provider.authenticate(new BearerTokenAuthenticationToken("token"));
 		assertThat(result.getPrincipal()).isInstanceOf(OAuth2AuthenticatedPrincipal.class);
 
 		Map<String, Object> attributes = ((OAuth2AuthenticatedPrincipal) result.getPrincipal()).getAttributes();
-		assertThat(attributes)
-				.isNotNull()
-				.doesNotContainKey(SCOPE);
+		assertThat(attributes).isNotNull().doesNotContainKey(SCOPE);
 
 		assertThat(result.getAuthorities()).isEmpty();
 	}
@@ -114,7 +110,7 @@ public class OpaqueTokenAuthenticationProviderTests {
 
 	@Test
 	public void constructorWhenIntrospectionClientIsNullThenIllegalArgumentException() {
-		assertThatCode(() -> new OpaqueTokenAuthenticationProvider(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatCode(() -> new OpaqueTokenAuthenticationProvider(null)).isInstanceOf(IllegalArgumentException.class);
 	}
+
 }
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenReactiveAuthenticationManagerTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenReactiveAuthenticationManagerTests.java
index e7b92f8a45..c6d6297c72 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenReactiveAuthenticationManagerTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenReactiveAuthenticationManagerTests.java
@@ -55,53 +55,47 @@ import static org.springframework.security.oauth2.server.resource.introspection.
  * @author Josh Cummings
  */
 public class OpaqueTokenReactiveAuthenticationManagerTests {
+
 	@Test
 	public void authenticateWhenActiveTokenThenOk() throws Exception {
-		OAuth2AuthenticatedPrincipal authority = active(attributes -> attributes.put("extension_field", "twenty-seven"));
+		OAuth2AuthenticatedPrincipal authority = active(
+				attributes -> attributes.put("extension_field", "twenty-seven"));
 		ReactiveOpaqueTokenIntrospector introspector = mock(ReactiveOpaqueTokenIntrospector.class);
 		when(introspector.introspect(any())).thenReturn(Mono.just(authority));
-		OpaqueTokenReactiveAuthenticationManager provider =
-				new OpaqueTokenReactiveAuthenticationManager(introspector);
+		OpaqueTokenReactiveAuthenticationManager provider = new OpaqueTokenReactiveAuthenticationManager(introspector);
 
-		Authentication result =
-				provider.authenticate(new BearerTokenAuthenticationToken("token")).block();
+		Authentication result = provider.authenticate(new BearerTokenAuthenticationToken("token")).block();
 
 		assertThat(result.getPrincipal()).isInstanceOf(OAuth2IntrospectionAuthenticatedPrincipal.class);
 
 		Map<String, Object> attributes = ((OAuth2AuthenticatedPrincipal) result.getPrincipal()).getAttributes();
-		assertThat(attributes)
-				.isNotNull()
-				.containsEntry(ACTIVE, true)
+		assertThat(attributes).isNotNull().containsEntry(ACTIVE, true)
 				.containsEntry(AUDIENCE, Arrays.asList("https://protected.example.net/resource"))
 				.containsEntry(OAuth2IntrospectionClaimNames.CLIENT_ID, "l238j323ds-23ij4")
 				.containsEntry(EXPIRES_AT, Instant.ofEpochSecond(1419356238))
 				.containsEntry(ISSUER, new URL("https://server.example.com/"))
 				.containsEntry(NOT_BEFORE, Instant.ofEpochSecond(29348723984L))
 				.containsEntry(SCOPE, Arrays.asList("read", "write", "dolphin"))
-				.containsEntry(SUBJECT, "Z5O3upPC88QrAjx00dis")
-				.containsEntry(USERNAME, "jdoe")
+				.containsEntry(SUBJECT, "Z5O3upPC88QrAjx00dis").containsEntry(USERNAME, "jdoe")
 				.containsEntry("extension_field", "twenty-seven");
 
-		assertThat(result.getAuthorities()).extracting("authority")
-				.containsExactly("SCOPE_read", "SCOPE_write", "SCOPE_dolphin");
+		assertThat(result.getAuthorities()).extracting("authority").containsExactly("SCOPE_read", "SCOPE_write",
+				"SCOPE_dolphin");
 	}
 
 	@Test
 	public void authenticateWhenMissingScopeAttributeThenNoAuthorities() {
-		OAuth2AuthenticatedPrincipal authority = new OAuth2IntrospectionAuthenticatedPrincipal(Collections.singletonMap("claim", "value"), null);
+		OAuth2AuthenticatedPrincipal authority = new OAuth2IntrospectionAuthenticatedPrincipal(
+				Collections.singletonMap("claim", "value"), null);
 		ReactiveOpaqueTokenIntrospector introspector = mock(ReactiveOpaqueTokenIntrospector.class);
 		when(introspector.introspect(any())).thenReturn(Mono.just(authority));
-		OpaqueTokenReactiveAuthenticationManager provider =
-				new OpaqueTokenReactiveAuthenticationManager(introspector);
+		OpaqueTokenReactiveAuthenticationManager provider = new OpaqueTokenReactiveAuthenticationManager(introspector);
 
-		Authentication result =
-				provider.authenticate(new BearerTokenAuthenticationToken("token")).block();
+		Authentication result = provider.authenticate(new BearerTokenAuthenticationToken("token")).block();
 		assertThat(result.getPrincipal()).isInstanceOf(OAuth2IntrospectionAuthenticatedPrincipal.class);
 
 		Map<String, Object> attributes = ((OAuth2AuthenticatedPrincipal) result.getPrincipal()).getAttributes();
-		assertThat(attributes)
-				.isNotNull()
-				.doesNotContainKey(SCOPE);
+		assertThat(attributes).isNotNull().doesNotContainKey(SCOPE);
 
 		assertThat(result.getAuthorities()).isEmpty();
 	}
@@ -111,8 +105,7 @@ public class OpaqueTokenReactiveAuthenticationManagerTests {
 		ReactiveOpaqueTokenIntrospector introspector = mock(ReactiveOpaqueTokenIntrospector.class);
 		when(introspector.introspect(any()))
 				.thenReturn(Mono.error(new OAuth2IntrospectionException("with \"invalid\" chars")));
-		OpaqueTokenReactiveAuthenticationManager provider =
-				new OpaqueTokenReactiveAuthenticationManager(introspector);
+		OpaqueTokenReactiveAuthenticationManager provider = new OpaqueTokenReactiveAuthenticationManager(introspector);
 
 		assertThatCode(() -> provider.authenticate(new BearerTokenAuthenticationToken("token")).block())
 				.isInstanceOf(AuthenticationServiceException.class);
@@ -123,4 +116,5 @@ public class OpaqueTokenReactiveAuthenticationManagerTests {
 		assertThatCode(() -> new OpaqueTokenReactiveAuthenticationManager(null))
 				.isInstanceOf(IllegalArgumentException.class);
 	}
+
 }
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtAuthenticationConverterAdapterTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtAuthenticationConverterAdapterTests.java
index 6e076f0677..f9bfc8bc7d 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtAuthenticationConverterAdapterTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtAuthenticationConverterAdapterTests.java
@@ -36,9 +36,11 @@ import static org.springframework.security.oauth2.jwt.TestJwts.jwt;
  * @author Josh Cummings
  */
 public class ReactiveJwtAuthenticationConverterAdapterTests {
+
 	Converter<Jwt, AbstractAuthenticationToken> converter = new JwtAuthenticationConverter();
-	ReactiveJwtAuthenticationConverterAdapter jwtAuthenticationConverter =
-			new ReactiveJwtAuthenticationConverterAdapter(converter);
+
+	ReactiveJwtAuthenticationConverterAdapter jwtAuthenticationConverter = new ReactiveJwtAuthenticationConverterAdapter(
+			converter);
 
 	@Test
 	public void convertWhenTokenHasScopeAttributeThenTranslatedToAuthorities() {
@@ -47,8 +49,7 @@ public class ReactiveJwtAuthenticationConverterAdapterTests {
 		AbstractAuthenticationToken authentication = this.jwtAuthenticationConverter.convert(jwt).block();
 		Collection<GrantedAuthority> authorities = authentication.getAuthorities();
 
-		assertThat(authorities).containsExactly(
-				new SimpleGrantedAuthority("SCOPE_message:read"),
+		assertThat(authorities).containsExactly(new SimpleGrantedAuthority("SCOPE_message:read"),
 				new SimpleGrantedAuthority("SCOPE_message:write"));
 	}
 
@@ -71,8 +72,7 @@ public class ReactiveJwtAuthenticationConverterAdapterTests {
 
 		Collection<GrantedAuthority> authorities = authentication.getAuthorities();
 
-		assertThat(authorities).containsExactly(
-				new SimpleGrantedAuthority("SCOPE_message:read"),
+		assertThat(authorities).containsExactly(new SimpleGrantedAuthority("SCOPE_message:read"),
 				new SimpleGrantedAuthority("SCOPE_message:write"));
 	}
 
@@ -89,26 +89,20 @@ public class ReactiveJwtAuthenticationConverterAdapterTests {
 
 	@Test
 	public void convertWhenTokenHasBothScopeAndScpThenScopeAttributeIsTranslatedToAuthorities() {
-		Jwt jwt = jwt()
-				.claim("scp", Arrays.asList("message:read", "message:write"))
-				.claim("scope", "missive:read missive:write")
-				.build();
+		Jwt jwt = jwt().claim("scp", Arrays.asList("message:read", "message:write"))
+				.claim("scope", "missive:read missive:write").build();
 
 		AbstractAuthenticationToken authentication = this.jwtAuthenticationConverter.convert(jwt).block();
 
 		Collection<GrantedAuthority> authorities = authentication.getAuthorities();
 
-		assertThat(authorities).containsExactly(
-				new SimpleGrantedAuthority("SCOPE_missive:read"),
+		assertThat(authorities).containsExactly(new SimpleGrantedAuthority("SCOPE_missive:read"),
 				new SimpleGrantedAuthority("SCOPE_missive:write"));
 	}
 
 	@Test
 	public void convertWhenTokenHasEmptyScopeAndNonEmptyScpThenScopeAttributeIsTranslatedToNoAuthorities() {
-		Jwt jwt = jwt()
-				.claim("scp", Arrays.asList("message:read", "message:write"))
-				.claim("scope", "")
-				.build();
+		Jwt jwt = jwt().claim("scp", Arrays.asList("message:read", "message:write")).claim("scope", "").build();
 
 		AbstractAuthenticationToken authentication = this.jwtAuthenticationConverter.convert(jwt).block();
 
@@ -116,4 +110,5 @@ public class ReactiveJwtAuthenticationConverterAdapterTests {
 
 		assertThat(authorities).containsExactly();
 	}
+
 }
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtAuthenticationConverterTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtAuthenticationConverterTests.java
index 809c76be1d..2eb01d4dfd 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtAuthenticationConverterTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtAuthenticationConverterTests.java
@@ -38,6 +38,7 @@ import static org.springframework.security.oauth2.jwt.TestJwts.jwt;
  * @since 5.2
  */
 public class ReactiveJwtAuthenticationConverterTests {
+
 	ReactiveJwtAuthenticationConverter jwtAuthenticationConverter = new ReactiveJwtAuthenticationConverter();
 
 	@Test
@@ -47,8 +48,7 @@ public class ReactiveJwtAuthenticationConverterTests {
 		AbstractAuthenticationToken authentication = this.jwtAuthenticationConverter.convert(jwt).block();
 		Collection<GrantedAuthority> authorities = authentication.getAuthorities();
 
-		assertThat(authorities).containsExactly(
-				new SimpleGrantedAuthority("SCOPE_message:read"),
+		assertThat(authorities).containsExactly(new SimpleGrantedAuthority("SCOPE_message:read"),
 				new SimpleGrantedAuthority("SCOPE_message:write"));
 	}
 
@@ -63,15 +63,15 @@ public class ReactiveJwtAuthenticationConverterTests {
 	public void convertWithOverriddenGrantedAuthoritiesConverter() {
 		Jwt jwt = jwt().claim("scope", "message:read message:write").build();
 
-		Converter<Jwt, Flux<GrantedAuthority>> grantedAuthoritiesConverter =
-				token -> Flux.just(new SimpleGrantedAuthority("blah"));
+		Converter<Jwt, Flux<GrantedAuthority>> grantedAuthoritiesConverter = token -> Flux
+				.just(new SimpleGrantedAuthority("blah"));
 
 		this.jwtAuthenticationConverter.setJwtGrantedAuthoritiesConverter(grantedAuthoritiesConverter);
 
 		AbstractAuthenticationToken authentication = this.jwtAuthenticationConverter.convert(jwt).block();
 		Collection<GrantedAuthority> authorities = authentication.getAuthorities();
 
-		assertThat(authorities).containsExactly(
-				new SimpleGrantedAuthority("blah"));
+		assertThat(authorities).containsExactly(new SimpleGrantedAuthority("blah"));
 	}
+
 }
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtGrantedAuthoritiesConverterAdapterTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtGrantedAuthoritiesConverterAdapterTests.java
index e7ff494522..3966b0b4f0 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtGrantedAuthoritiesConverterAdapterTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtGrantedAuthoritiesConverterAdapterTests.java
@@ -38,27 +38,24 @@ import static org.springframework.security.oauth2.jwt.TestJwts.jwt;
  * @since 5.2
  */
 public class ReactiveJwtGrantedAuthoritiesConverterAdapterTests {
+
 	@Test
 	public void convertWithGrantedAuthoritiesConverter() {
 		Jwt jwt = jwt().claim("scope", "message:read message:write").build();
 
-		Converter<Jwt, Collection<GrantedAuthority>> grantedAuthoritiesConverter =
-				token -> Arrays.asList(new SimpleGrantedAuthority("blah"));
+		Converter<Jwt, Collection<GrantedAuthority>> grantedAuthoritiesConverter = token -> Arrays
+				.asList(new SimpleGrantedAuthority("blah"));
 
-		Collection<GrantedAuthority> authorities =
-				new ReactiveJwtGrantedAuthoritiesConverterAdapter(grantedAuthoritiesConverter)
-						.convert(jwt)
-						.toStream()
-						.collect(Collectors.toList());
+		Collection<GrantedAuthority> authorities = new ReactiveJwtGrantedAuthoritiesConverterAdapter(
+				grantedAuthoritiesConverter).convert(jwt).toStream().collect(Collectors.toList());
 
-		assertThat(authorities).containsExactly(
-				new SimpleGrantedAuthority("blah"));
+		assertThat(authorities).containsExactly(new SimpleGrantedAuthority("blah"));
 	}
 
 	@Test
 	public void whenConstructingWithInvalidConverter() {
-		assertThatIllegalArgumentException()
-				.isThrownBy(() -> new ReactiveJwtGrantedAuthoritiesConverterAdapter(null))
+		assertThatIllegalArgumentException().isThrownBy(() -> new ReactiveJwtGrantedAuthoritiesConverterAdapter(null))
 				.withMessage("grantedAuthoritiesConverter cannot be null");
 	}
+
 }
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/TestBearerTokenAuthentications.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/TestBearerTokenAuthentications.java
index 72a2584005..d02af90c84 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/TestBearerTokenAuthentications.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/TestBearerTokenAuthentications.java
@@ -34,18 +34,15 @@ import org.springframework.security.oauth2.core.OAuth2AuthenticatedPrincipal;
  * @author Josh Cummings
  */
 public class TestBearerTokenAuthentications {
+
 	public static BearerTokenAuthentication bearer() {
-		Collection<GrantedAuthority> authorities =
-				AuthorityUtils.createAuthorityList("SCOPE_USER");
-		OAuth2AuthenticatedPrincipal principal =
-				new DefaultOAuth2AuthenticatedPrincipal(
-						Collections.singletonMap("sub", "user"),
-						authorities);
-		OAuth2AccessToken token =
-				new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,
-						"token", Instant.now(), Instant.now().plusSeconds(86400),
-						new HashSet<>(Arrays.asList("USER")));
+		Collection<GrantedAuthority> authorities = AuthorityUtils.createAuthorityList("SCOPE_USER");
+		OAuth2AuthenticatedPrincipal principal = new DefaultOAuth2AuthenticatedPrincipal(
+				Collections.singletonMap("sub", "user"), authorities);
+		OAuth2AccessToken token = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, "token", Instant.now(),
+				Instant.now().plusSeconds(86400), new HashSet<>(Arrays.asList("USER")));
 
 		return new BearerTokenAuthentication(principal, token, authorities);
 	}
+
 }
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusOpaqueTokenIntrospectorTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusOpaqueTokenIntrospectorTests.java
index 8b49fb98e4..b2791a83cc 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusOpaqueTokenIntrospectorTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusOpaqueTokenIntrospectorTests.java
@@ -64,94 +64,76 @@ import static org.springframework.security.oauth2.server.resource.introspection.
 public class NimbusOpaqueTokenIntrospectorTests {
 
 	private static final String INTROSPECTION_URL = "https://server.example.com";
+
 	private static final String CLIENT_ID = "client";
+
 	private static final String CLIENT_SECRET = "secret";
 
-	private static final String ACTIVE_RESPONSE = "{\n" +
-			"      \"active\": true,\n" +
-			"      \"client_id\": \"l238j323ds-23ij4\",\n" +
-			"      \"username\": \"jdoe\",\n" +
-			"      \"scope\": \"read write dolphin\",\n" +
-			"      \"sub\": \"Z5O3upPC88QrAjx00dis\",\n" +
-			"      \"aud\": \"https://protected.example.net/resource\",\n" +
-			"      \"iss\": \"https://server.example.com/\",\n" +
-			"      \"exp\": 1419356238,\n" +
-			"      \"iat\": 1419350238,\n" +
-			"      \"extension_field\": \"twenty-seven\"\n" +
-			"     }";
+	private static final String ACTIVE_RESPONSE = "{\n" + "      \"active\": true,\n"
+			+ "      \"client_id\": \"l238j323ds-23ij4\",\n" + "      \"username\": \"jdoe\",\n"
+			+ "      \"scope\": \"read write dolphin\",\n" + "      \"sub\": \"Z5O3upPC88QrAjx00dis\",\n"
+			+ "      \"aud\": \"https://protected.example.net/resource\",\n"
+			+ "      \"iss\": \"https://server.example.com/\",\n" + "      \"exp\": 1419356238,\n"
+			+ "      \"iat\": 1419350238,\n" + "      \"extension_field\": \"twenty-seven\"\n" + "     }";
 
-	private static final String INACTIVE_RESPONSE = "{\n" +
-			"      \"active\": false\n" +
-			"     }";
+	private static final String INACTIVE_RESPONSE = "{\n" + "      \"active\": false\n" + "     }";
 
-	private static final String INVALID_RESPONSE = "{\n" +
-			"      \"client_id\": \"l238j323ds-23ij4\",\n" +
-			"      \"username\": \"jdoe\",\n" +
-			"      \"scope\": \"read write dolphin\",\n" +
-			"      \"sub\": \"Z5O3upPC88QrAjx00dis\",\n" +
-			"      \"aud\": \"https://protected.example.net/resource\",\n" +
-			"      \"iss\": \"https://server.example.com/\",\n" +
-			"      \"exp\": 1419356238,\n" +
-			"      \"iat\": 1419350238,\n" +
-			"      \"extension_field\": \"twenty-seven\"\n" +
-			"     }";
+	private static final String INVALID_RESPONSE = "{\n" + "      \"client_id\": \"l238j323ds-23ij4\",\n"
+			+ "      \"username\": \"jdoe\",\n" + "      \"scope\": \"read write dolphin\",\n"
+			+ "      \"sub\": \"Z5O3upPC88QrAjx00dis\",\n"
+			+ "      \"aud\": \"https://protected.example.net/resource\",\n"
+			+ "      \"iss\": \"https://server.example.com/\",\n" + "      \"exp\": 1419356238,\n"
+			+ "      \"iat\": 1419350238,\n" + "      \"extension_field\": \"twenty-seven\"\n" + "     }";
 
-	private static final String MALFORMED_ISSUER_RESPONSE = "{\n" +
-			"     \"active\" : \"true\",\n" +
-			"     \"iss\" : \"badissuer\"\n" +
-			"    }";
+	private static final String MALFORMED_ISSUER_RESPONSE = "{\n" + "     \"active\" : \"true\",\n"
+			+ "     \"iss\" : \"badissuer\"\n" + "    }";
 
-	private static final String MALFORMED_SCOPE_RESPONSE = "{\n" +
-			"      \"active\": true,\n" +
-			"      \"client_id\": \"l238j323ds-23ij4\",\n" +
-			"      \"username\": \"jdoe\",\n" +
-			"      \"scope\": [ \"read\", \"write\", \"dolphin\" ],\n" +
-			"      \"sub\": \"Z5O3upPC88QrAjx00dis\",\n" +
-			"      \"aud\": \"https://protected.example.net/resource\",\n" +
-			"      \"iss\": \"https://server.example.com/\",\n" +
-			"      \"exp\": 1419356238,\n" +
-			"      \"iat\": 1419350238,\n" +
-			"      \"extension_field\": \"twenty-seven\"\n" +
-			"     }";
+	private static final String MALFORMED_SCOPE_RESPONSE = "{\n" + "      \"active\": true,\n"
+			+ "      \"client_id\": \"l238j323ds-23ij4\",\n" + "      \"username\": \"jdoe\",\n"
+			+ "      \"scope\": [ \"read\", \"write\", \"dolphin\" ],\n" + "      \"sub\": \"Z5O3upPC88QrAjx00dis\",\n"
+			+ "      \"aud\": \"https://protected.example.net/resource\",\n"
+			+ "      \"iss\": \"https://server.example.com/\",\n" + "      \"exp\": 1419356238,\n"
+			+ "      \"iat\": 1419350238,\n" + "      \"extension_field\": \"twenty-seven\"\n" + "     }";
 
 	private static final ResponseEntity<String> ACTIVE = response(ACTIVE_RESPONSE);
+
 	private static final ResponseEntity<String> INACTIVE = response(INACTIVE_RESPONSE);
+
 	private static final ResponseEntity<String> INVALID = response(INVALID_RESPONSE);
+
 	private static final ResponseEntity<String> MALFORMED_ISSUER = response(MALFORMED_ISSUER_RESPONSE);
+
 	private static final ResponseEntity<String> MALFORMED_SCOPE = response(MALFORMED_SCOPE_RESPONSE);
 
 	@Test
 	public void introspectWhenActiveTokenThenOk() throws Exception {
-		try ( MockWebServer server = new MockWebServer() ) {
+		try (MockWebServer server = new MockWebServer()) {
 			server.setDispatcher(requiresAuth(CLIENT_ID, CLIENT_SECRET, ACTIVE_RESPONSE));
 
 			String introspectUri = server.url("/introspect").toString();
-			OpaqueTokenIntrospector introspectionClient =
-					new NimbusOpaqueTokenIntrospector(introspectUri, CLIENT_ID, CLIENT_SECRET);
+			OpaqueTokenIntrospector introspectionClient = new NimbusOpaqueTokenIntrospector(introspectUri, CLIENT_ID,
+					CLIENT_SECRET);
 
 			OAuth2AuthenticatedPrincipal authority = introspectionClient.introspect("token");
-			assertThat(authority.getAttributes())
-					.isNotNull()
-					.containsEntry(OAuth2IntrospectionClaimNames.ACTIVE, true)
+			assertThat(authority.getAttributes()).isNotNull().containsEntry(OAuth2IntrospectionClaimNames.ACTIVE, true)
 					.containsEntry(AUDIENCE, Arrays.asList("https://protected.example.net/resource"))
 					.containsEntry(OAuth2IntrospectionClaimNames.CLIENT_ID, "l238j323ds-23ij4")
 					.containsEntry(EXPIRES_AT, Instant.ofEpochSecond(1419356238))
 					.containsEntry(ISSUER, new URL("https://server.example.com/"))
 					.containsEntry(SCOPE, Arrays.asList("read", "write", "dolphin"))
-					.containsEntry(SUBJECT, "Z5O3upPC88QrAjx00dis")
-					.containsEntry(USERNAME, "jdoe")
+					.containsEntry(SUBJECT, "Z5O3upPC88QrAjx00dis").containsEntry(USERNAME, "jdoe")
 					.containsEntry("extension_field", "twenty-seven");
 		}
 	}
 
 	@Test
 	public void introspectWhenBadClientCredentialsThenError() throws IOException {
-		try ( MockWebServer server = new MockWebServer() ) {
+		try (MockWebServer server = new MockWebServer()) {
 			server.setDispatcher(requiresAuth(CLIENT_ID, CLIENT_SECRET, ACTIVE_RESPONSE));
 
 			String introspectUri = server.url("/introspect").toString();
-			OpaqueTokenIntrospector introspectionClient =
-					new NimbusOpaqueTokenIntrospector(introspectUri, CLIENT_ID, "wrong");
+			OpaqueTokenIntrospector introspectionClient = new NimbusOpaqueTokenIntrospector(introspectUri, CLIENT_ID,
+					"wrong");
 
 			assertThatCode(() -> introspectionClient.introspect("token"))
 					.isInstanceOf(OAuth2IntrospectionException.class);
@@ -161,14 +143,12 @@ public class NimbusOpaqueTokenIntrospectorTests {
 	@Test
 	public void introspectWhenInactiveTokenThenInvalidToken() {
 		RestOperations restOperations = mock(RestOperations.class);
-		OpaqueTokenIntrospector introspectionClient = new NimbusOpaqueTokenIntrospector(INTROSPECTION_URL, restOperations);
-		when(restOperations.exchange(any(RequestEntity.class), eq(String.class)))
-				.thenReturn(INACTIVE);
+		OpaqueTokenIntrospector introspectionClient = new NimbusOpaqueTokenIntrospector(INTROSPECTION_URL,
+				restOperations);
+		when(restOperations.exchange(any(RequestEntity.class), eq(String.class))).thenReturn(INACTIVE);
 
-		assertThatCode(() -> introspectionClient.introspect("token"))
-				.isInstanceOf(OAuth2IntrospectionException.class)
-				.extracting("message")
-				.isEqualTo("Provided token isn't active");
+		assertThatCode(() -> introspectionClient.introspect("token")).isInstanceOf(OAuth2IntrospectionException.class)
+				.extracting("message").isEqualTo("Provided token isn't active");
 	}
 
 	@Test
@@ -179,86 +159,71 @@ public class NimbusOpaqueTokenIntrospectorTests {
 		introspectedValues.put(NOT_BEFORE, 29348723984L);
 
 		RestOperations restOperations = mock(RestOperations.class);
-		OpaqueTokenIntrospector introspectionClient =
-				new NimbusOpaqueTokenIntrospector(INTROSPECTION_URL, restOperations);
+		OpaqueTokenIntrospector introspectionClient = new NimbusOpaqueTokenIntrospector(INTROSPECTION_URL,
+				restOperations);
 		when(restOperations.exchange(any(RequestEntity.class), eq(String.class)))
 				.thenReturn(response(new JSONObject(introspectedValues).toJSONString()));
 
 		OAuth2AuthenticatedPrincipal authority = introspectionClient.introspect("token");
-		assertThat(authority.getAttributes())
-				.isNotNull()
-				.containsEntry(OAuth2IntrospectionClaimNames.ACTIVE, true)
+		assertThat(authority.getAttributes()).isNotNull().containsEntry(OAuth2IntrospectionClaimNames.ACTIVE, true)
 				.containsEntry(AUDIENCE, Arrays.asList("aud"))
 				.containsEntry(NOT_BEFORE, Instant.ofEpochSecond(29348723984L))
-				.doesNotContainKey(OAuth2IntrospectionClaimNames.CLIENT_ID)
-				.doesNotContainKey(SCOPE);
+				.doesNotContainKey(OAuth2IntrospectionClaimNames.CLIENT_ID).doesNotContainKey(SCOPE);
 	}
 
 	@Test
 	public void introspectWhenIntrospectionEndpointThrowsExceptionThenInvalidToken() {
 		RestOperations restOperations = mock(RestOperations.class);
-		OpaqueTokenIntrospector introspectionClient =
-				new NimbusOpaqueTokenIntrospector(INTROSPECTION_URL, restOperations);
+		OpaqueTokenIntrospector introspectionClient = new NimbusOpaqueTokenIntrospector(INTROSPECTION_URL,
+				restOperations);
 		when(restOperations.exchange(any(RequestEntity.class), eq(String.class)))
 				.thenThrow(new IllegalStateException("server was unresponsive"));
 
-		assertThatCode(() -> introspectionClient.introspect("token"))
-				.isInstanceOf(OAuth2IntrospectionException.class)
-				.extracting("message")
-				.isEqualTo("server was unresponsive");
+		assertThatCode(() -> introspectionClient.introspect("token")).isInstanceOf(OAuth2IntrospectionException.class)
+				.extracting("message").isEqualTo("server was unresponsive");
 	}
 
-
 	@Test
 	public void introspectWhenIntrospectionEndpointReturnsMalformedResponseThenInvalidToken() {
 		RestOperations restOperations = mock(RestOperations.class);
-		OpaqueTokenIntrospector introspectionClient =
-				new NimbusOpaqueTokenIntrospector(INTROSPECTION_URL, restOperations);
-		when(restOperations.exchange(any(RequestEntity.class), eq(String.class)))
-				.thenReturn(response("malformed"));
+		OpaqueTokenIntrospector introspectionClient = new NimbusOpaqueTokenIntrospector(INTROSPECTION_URL,
+				restOperations);
+		when(restOperations.exchange(any(RequestEntity.class), eq(String.class))).thenReturn(response("malformed"));
 
-		assertThatCode(() -> introspectionClient.introspect("token"))
-				.isInstanceOf(OAuth2IntrospectionException.class);
+		assertThatCode(() -> introspectionClient.introspect("token")).isInstanceOf(OAuth2IntrospectionException.class);
 	}
 
 	@Test
 	public void introspectWhenIntrospectionTokenReturnsInvalidResponseThenInvalidToken() {
 		RestOperations restOperations = mock(RestOperations.class);
-		OpaqueTokenIntrospector introspectionClient =
-				new NimbusOpaqueTokenIntrospector(INTROSPECTION_URL, restOperations);
-		when(restOperations.exchange(any(RequestEntity.class), eq(String.class)))
-				.thenReturn(INVALID);
+		OpaqueTokenIntrospector introspectionClient = new NimbusOpaqueTokenIntrospector(INTROSPECTION_URL,
+				restOperations);
+		when(restOperations.exchange(any(RequestEntity.class), eq(String.class))).thenReturn(INVALID);
 
-		assertThatCode(() -> introspectionClient.introspect("token"))
-				.isInstanceOf(OAuth2IntrospectionException.class);
+		assertThatCode(() -> introspectionClient.introspect("token")).isInstanceOf(OAuth2IntrospectionException.class);
 	}
 
 	@Test
 	public void introspectWhenIntrospectionTokenReturnsMalformedIssuerResponseThenInvalidToken() {
 		RestOperations restOperations = mock(RestOperations.class);
-		OpaqueTokenIntrospector introspectionClient =
-				new NimbusOpaqueTokenIntrospector(INTROSPECTION_URL, restOperations);
-		when(restOperations.exchange(any(RequestEntity.class), eq(String.class)))
-				.thenReturn(MALFORMED_ISSUER);
+		OpaqueTokenIntrospector introspectionClient = new NimbusOpaqueTokenIntrospector(INTROSPECTION_URL,
+				restOperations);
+		when(restOperations.exchange(any(RequestEntity.class), eq(String.class))).thenReturn(MALFORMED_ISSUER);
 
-		assertThatCode(() -> introspectionClient.introspect("token"))
-				.isInstanceOf(OAuth2IntrospectionException.class);
+		assertThatCode(() -> introspectionClient.introspect("token")).isInstanceOf(OAuth2IntrospectionException.class);
 	}
 
 	// gh-7563
 	@Test
 	public void introspectWhenIntrospectionTokenReturnsMalformedScopeThenEmptyAuthorities() {
 		RestOperations restOperations = mock(RestOperations.class);
-		OpaqueTokenIntrospector introspectionClient =
-				new NimbusOpaqueTokenIntrospector(INTROSPECTION_URL, restOperations);
-		when(restOperations.exchange(any(RequestEntity.class), eq(String.class)))
-				.thenReturn(MALFORMED_SCOPE);
+		OpaqueTokenIntrospector introspectionClient = new NimbusOpaqueTokenIntrospector(INTROSPECTION_URL,
+				restOperations);
+		when(restOperations.exchange(any(RequestEntity.class), eq(String.class))).thenReturn(MALFORMED_SCOPE);
 
 		OAuth2AuthenticatedPrincipal principal = introspectionClient.introspect("token");
 		assertThat(principal.getAuthorities()).isEmpty();
-		assertThat((Object) principal.getAttribute("scope"))
-				.isNotNull()
-				.isInstanceOf(JSONArray.class);
+		assertThat((Object) principal.getAttribute("scope")).isNotNull().isInstanceOf(JSONArray.class);
 		JSONArray scope = principal.getAttribute("scope");
 		assertThat(scope).containsExactly("read", "write", "dolphin");
 	}
@@ -291,9 +256,8 @@ public class NimbusOpaqueTokenIntrospectorTests {
 	public void setRequestEntityConverterWhenConverterIsNullThenExceptionIsThrown() {
 		RestOperations restOperations = mock(RestOperations.class);
 
-		NimbusOpaqueTokenIntrospector introspectionClient = new NimbusOpaqueTokenIntrospector(
-				INTROSPECTION_URL, restOperations
-		);
+		NimbusOpaqueTokenIntrospector introspectionClient = new NimbusOpaqueTokenIntrospector(INTROSPECTION_URL,
+				restOperations);
 
 		assertThatExceptionOfType(IllegalArgumentException.class)
 				.isThrownBy(() -> introspectionClient.setRequestEntityConverter(null));
@@ -308,9 +272,8 @@ public class NimbusOpaqueTokenIntrospectorTests {
 		String tokenToIntrospect = "some token";
 		when(requestEntityConverter.convert(tokenToIntrospect)).thenReturn(requestEntity);
 		when(restOperations.exchange(requestEntity, String.class)).thenReturn(ACTIVE);
-		NimbusOpaqueTokenIntrospector introspectionClient = new NimbusOpaqueTokenIntrospector(
-				INTROSPECTION_URL, restOperations
-		);
+		NimbusOpaqueTokenIntrospector introspectionClient = new NimbusOpaqueTokenIntrospector(INTROSPECTION_URL,
+				restOperations);
 		introspectionClient.setRequestEntityConverter(requestEntityConverter);
 
 		introspectionClient.introspect(tokenToIntrospect);
@@ -329,10 +292,8 @@ public class NimbusOpaqueTokenIntrospectorTests {
 			@Override
 			public MockResponse dispatch(RecordedRequest request) {
 				String authorization = request.getHeader(HttpHeaders.AUTHORIZATION);
-				return Optional.ofNullable(authorization)
-						.filter(a -> isAuthorized(authorization, username, password))
-						.map(a -> ok(response))
-						.orElse(unauthorized());
+				return Optional.ofNullable(authorization).filter(a -> isAuthorized(authorization, username, password))
+						.map(a -> ok(response)).orElse(unauthorized());
 			}
 		};
 	}
@@ -343,11 +304,12 @@ public class NimbusOpaqueTokenIntrospectorTests {
 	}
 
 	private static MockResponse ok(String response) {
-		return new MockResponse().setBody(response)
-				.setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE);
+		return new MockResponse().setBody(response).setHeader(HttpHeaders.CONTENT_TYPE,
+				MediaType.APPLICATION_JSON_VALUE);
 	}
 
 	private static MockResponse unauthorized() {
 		return new MockResponse().setResponseCode(401);
 	}
+
 }
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusReactiveOpaqueTokenIntrospectorTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusReactiveOpaqueTokenIntrospectorTests.java
index cc7f50d3f9..691d25454b 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusReactiveOpaqueTokenIntrospectorTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusReactiveOpaqueTokenIntrospectorTests.java
@@ -57,76 +57,61 @@ import static org.springframework.security.oauth2.server.resource.introspection.
  * Tests for {@link NimbusReactiveOpaqueTokenIntrospector}
  */
 public class NimbusReactiveOpaqueTokenIntrospectorTests {
+
 	private static final String INTROSPECTION_URL = "https://server.example.com";
+
 	private static final String CLIENT_ID = "client";
+
 	private static final String CLIENT_SECRET = "secret";
 
-	private static final String ACTIVE_RESPONSE = "{\n" +
-			"      \"active\": true,\n" +
-			"      \"client_id\": \"l238j323ds-23ij4\",\n" +
-			"      \"username\": \"jdoe\",\n" +
-			"      \"scope\": \"read write dolphin\",\n" +
-			"      \"sub\": \"Z5O3upPC88QrAjx00dis\",\n" +
-			"      \"aud\": \"https://protected.example.net/resource\",\n" +
-			"      \"iss\": \"https://server.example.com/\",\n" +
-			"      \"exp\": 1419356238,\n" +
-			"      \"iat\": 1419350238,\n" +
-			"      \"extension_field\": \"twenty-seven\"\n" +
-			"     }";
+	private static final String ACTIVE_RESPONSE = "{\n" + "      \"active\": true,\n"
+			+ "      \"client_id\": \"l238j323ds-23ij4\",\n" + "      \"username\": \"jdoe\",\n"
+			+ "      \"scope\": \"read write dolphin\",\n" + "      \"sub\": \"Z5O3upPC88QrAjx00dis\",\n"
+			+ "      \"aud\": \"https://protected.example.net/resource\",\n"
+			+ "      \"iss\": \"https://server.example.com/\",\n" + "      \"exp\": 1419356238,\n"
+			+ "      \"iat\": 1419350238,\n" + "      \"extension_field\": \"twenty-seven\"\n" + "     }";
 
-	private static final String INACTIVE_RESPONSE = "{\n" +
-			"      \"active\": false\n" +
-			"     }";
+	private static final String INACTIVE_RESPONSE = "{\n" + "      \"active\": false\n" + "     }";
 
-	private static final String INVALID_RESPONSE = "{\n" +
-			"      \"client_id\": \"l238j323ds-23ij4\",\n" +
-			"      \"username\": \"jdoe\",\n" +
-			"      \"scope\": \"read write dolphin\",\n" +
-			"      \"sub\": \"Z5O3upPC88QrAjx00dis\",\n" +
-			"      \"aud\": \"https://protected.example.net/resource\",\n" +
-			"      \"iss\": \"https://server.example.com/\",\n" +
-			"      \"exp\": 1419356238,\n" +
-			"      \"iat\": 1419350238,\n" +
-			"      \"extension_field\": \"twenty-seven\"\n" +
-			"     }";
+	private static final String INVALID_RESPONSE = "{\n" + "      \"client_id\": \"l238j323ds-23ij4\",\n"
+			+ "      \"username\": \"jdoe\",\n" + "      \"scope\": \"read write dolphin\",\n"
+			+ "      \"sub\": \"Z5O3upPC88QrAjx00dis\",\n"
+			+ "      \"aud\": \"https://protected.example.net/resource\",\n"
+			+ "      \"iss\": \"https://server.example.com/\",\n" + "      \"exp\": 1419356238,\n"
+			+ "      \"iat\": 1419350238,\n" + "      \"extension_field\": \"twenty-seven\"\n" + "     }";
 
-	private static final String MALFORMED_ISSUER_RESPONSE = "{\n" +
-			"     \"active\" : \"true\",\n" +
-			"     \"iss\" : \"badissuer\"\n" +
-			"    }";
+	private static final String MALFORMED_ISSUER_RESPONSE = "{\n" + "     \"active\" : \"true\",\n"
+			+ "     \"iss\" : \"badissuer\"\n" + "    }";
 
 	@Test
 	public void authenticateWhenActiveTokenThenOk() throws Exception {
-		try ( MockWebServer server = new MockWebServer() ) {
+		try (MockWebServer server = new MockWebServer()) {
 			server.setDispatcher(requiresAuth(CLIENT_ID, CLIENT_SECRET, ACTIVE_RESPONSE));
 
 			String introspectUri = server.url("/introspect").toString();
-			NimbusReactiveOpaqueTokenIntrospector introspectionClient =
-					new NimbusReactiveOpaqueTokenIntrospector(introspectUri, CLIENT_ID, CLIENT_SECRET);
+			NimbusReactiveOpaqueTokenIntrospector introspectionClient = new NimbusReactiveOpaqueTokenIntrospector(
+					introspectUri, CLIENT_ID, CLIENT_SECRET);
 
 			OAuth2AuthenticatedPrincipal authority = introspectionClient.introspect("token").block();
-			assertThat(authority.getAttributes())
-					.isNotNull()
-					.containsEntry(OAuth2IntrospectionClaimNames.ACTIVE, true)
+			assertThat(authority.getAttributes()).isNotNull().containsEntry(OAuth2IntrospectionClaimNames.ACTIVE, true)
 					.containsEntry(AUDIENCE, Arrays.asList("https://protected.example.net/resource"))
 					.containsEntry(OAuth2IntrospectionClaimNames.CLIENT_ID, "l238j323ds-23ij4")
 					.containsEntry(EXPIRES_AT, Instant.ofEpochSecond(1419356238))
 					.containsEntry(ISSUER, new URL("https://server.example.com/"))
 					.containsEntry(SCOPE, Arrays.asList("read", "write", "dolphin"))
-					.containsEntry(SUBJECT, "Z5O3upPC88QrAjx00dis")
-					.containsEntry(USERNAME, "jdoe")
+					.containsEntry(SUBJECT, "Z5O3upPC88QrAjx00dis").containsEntry(USERNAME, "jdoe")
 					.containsEntry("extension_field", "twenty-seven");
 		}
 	}
 
 	@Test
 	public void authenticateWhenBadClientCredentialsThenAuthenticationException() throws IOException {
-		try ( MockWebServer server = new MockWebServer() ) {
+		try (MockWebServer server = new MockWebServer()) {
 			server.setDispatcher(requiresAuth(CLIENT_ID, CLIENT_SECRET, ACTIVE_RESPONSE));
 
 			String introspectUri = server.url("/introspect").toString();
-			NimbusReactiveOpaqueTokenIntrospector introspectionClient =
-					new NimbusReactiveOpaqueTokenIntrospector(introspectUri, CLIENT_ID, "wrong");
+			NimbusReactiveOpaqueTokenIntrospector introspectionClient = new NimbusReactiveOpaqueTokenIntrospector(
+					introspectUri, CLIENT_ID, "wrong");
 
 			assertThatCode(() -> introspectionClient.introspect("token").block())
 					.isInstanceOf(OAuth2IntrospectionException.class);
@@ -136,12 +121,11 @@ public class NimbusReactiveOpaqueTokenIntrospectorTests {
 	@Test
 	public void authenticateWhenInactiveTokenThenInvalidToken() {
 		WebClient webClient = mockResponse(INACTIVE_RESPONSE);
-		NimbusReactiveOpaqueTokenIntrospector introspectionClient =
-				new NimbusReactiveOpaqueTokenIntrospector(INTROSPECTION_URL, webClient);
+		NimbusReactiveOpaqueTokenIntrospector introspectionClient = new NimbusReactiveOpaqueTokenIntrospector(
+				INTROSPECTION_URL, webClient);
 
 		assertThatCode(() -> introspectionClient.introspect("token").block())
-				.isInstanceOf(BadOpaqueTokenException.class)
-				.extracting("message")
+				.isInstanceOf(BadOpaqueTokenException.class).extracting("message")
 				.isEqualTo("Provided token isn't active");
 	}
 
@@ -153,36 +137,32 @@ public class NimbusReactiveOpaqueTokenIntrospectorTests {
 		introspectedValues.put(NOT_BEFORE, 29348723984L);
 
 		WebClient webClient = mockResponse(new JSONObject(introspectedValues).toJSONString());
-		NimbusReactiveOpaqueTokenIntrospector introspectionClient =
-				new NimbusReactiveOpaqueTokenIntrospector(INTROSPECTION_URL, webClient);
+		NimbusReactiveOpaqueTokenIntrospector introspectionClient = new NimbusReactiveOpaqueTokenIntrospector(
+				INTROSPECTION_URL, webClient);
 
 		OAuth2AuthenticatedPrincipal authority = introspectionClient.introspect("token").block();
-		assertThat(authority.getAttributes())
-				.isNotNull()
-				.containsEntry(OAuth2IntrospectionClaimNames.ACTIVE, true)
+		assertThat(authority.getAttributes()).isNotNull().containsEntry(OAuth2IntrospectionClaimNames.ACTIVE, true)
 				.containsEntry(AUDIENCE, Arrays.asList("aud"))
 				.containsEntry(NOT_BEFORE, Instant.ofEpochSecond(29348723984L))
-				.doesNotContainKey(OAuth2IntrospectionClaimNames.CLIENT_ID)
-				.doesNotContainKey(SCOPE);
+				.doesNotContainKey(OAuth2IntrospectionClaimNames.CLIENT_ID).doesNotContainKey(SCOPE);
 	}
 
 	@Test
 	public void authenticateWhenIntrospectionEndpointThrowsExceptionThenInvalidToken() {
 		WebClient webClient = mockResponse(new IllegalStateException("server was unresponsive"));
-		NimbusReactiveOpaqueTokenIntrospector introspectionClient =
-				new NimbusReactiveOpaqueTokenIntrospector(INTROSPECTION_URL, webClient);
+		NimbusReactiveOpaqueTokenIntrospector introspectionClient = new NimbusReactiveOpaqueTokenIntrospector(
+				INTROSPECTION_URL, webClient);
 
 		assertThatCode(() -> introspectionClient.introspect("token").block())
-				.isInstanceOf(OAuth2IntrospectionException.class)
-				.extracting("message")
+				.isInstanceOf(OAuth2IntrospectionException.class).extracting("message")
 				.isEqualTo("server was unresponsive");
 	}
 
 	@Test
 	public void authenticateWhenIntrospectionEndpointReturnsMalformedResponseThenInvalidToken() {
 		WebClient webClient = mockResponse("malformed");
-		NimbusReactiveOpaqueTokenIntrospector introspectionClient =
-				new NimbusReactiveOpaqueTokenIntrospector(INTROSPECTION_URL, webClient);
+		NimbusReactiveOpaqueTokenIntrospector introspectionClient = new NimbusReactiveOpaqueTokenIntrospector(
+				INTROSPECTION_URL, webClient);
 
 		assertThatCode(() -> introspectionClient.introspect("token").block())
 				.isInstanceOf(OAuth2IntrospectionException.class);
@@ -191,8 +171,8 @@ public class NimbusReactiveOpaqueTokenIntrospectorTests {
 	@Test
 	public void authenticateWhenIntrospectionTokenReturnsInvalidResponseThenInvalidToken() {
 		WebClient webClient = mockResponse(INVALID_RESPONSE);
-		NimbusReactiveOpaqueTokenIntrospector introspectionClient =
-				new NimbusReactiveOpaqueTokenIntrospector(INTROSPECTION_URL, webClient);
+		NimbusReactiveOpaqueTokenIntrospector introspectionClient = new NimbusReactiveOpaqueTokenIntrospector(
+				INTROSPECTION_URL, webClient);
 
 		assertThatCode(() -> introspectionClient.introspect("token").block())
 				.isInstanceOf(OAuth2IntrospectionException.class);
@@ -201,8 +181,8 @@ public class NimbusReactiveOpaqueTokenIntrospectorTests {
 	@Test
 	public void authenticateWhenIntrospectionTokenReturnsMalformedIssuerResponseThenInvalidToken() {
 		WebClient webClient = mockResponse(MALFORMED_ISSUER_RESPONSE);
-		NimbusReactiveOpaqueTokenIntrospector introspectionClient =
-				new NimbusReactiveOpaqueTokenIntrospector(INTROSPECTION_URL, webClient);
+		NimbusReactiveOpaqueTokenIntrospector introspectionClient = new NimbusReactiveOpaqueTokenIntrospector(
+				INTROSPECTION_URL, webClient);
 
 		assertThatCode(() -> introspectionClient.introspect("token").block())
 				.isInstanceOf(OAuth2IntrospectionException.class);
@@ -262,10 +242,8 @@ public class NimbusReactiveOpaqueTokenIntrospectorTests {
 			@Override
 			public MockResponse dispatch(RecordedRequest request) {
 				String authorization = request.getHeader(HttpHeaders.AUTHORIZATION);
-				return Optional.ofNullable(authorization)
-						.filter(a -> isAuthorized(authorization, username, password))
-						.map(a -> ok(response))
-						.orElse(unauthorized());
+				return Optional.ofNullable(authorization).filter(a -> isAuthorized(authorization, username, password))
+						.map(a -> ok(response)).orElse(unauthorized());
 			}
 		};
 	}
@@ -276,11 +254,12 @@ public class NimbusReactiveOpaqueTokenIntrospectorTests {
 	}
 
 	private static MockResponse ok(String response) {
-		return new MockResponse().setBody(response)
-				.setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE);
+		return new MockResponse().setBody(response).setHeader(HttpHeaders.CONTENT_TYPE,
+				MediaType.APPLICATION_JSON_VALUE);
 	}
 
 	private static MockResponse unauthorized() {
 		return new MockResponse().setResponseCode(401);
 	}
+
 }
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/OAuth2IntrospectionAuthenticatedPrincipalTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/OAuth2IntrospectionAuthenticatedPrincipalTests.java
index 83b6f318f4..b0cff1801f 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/OAuth2IntrospectionAuthenticatedPrincipalTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/OAuth2IntrospectionAuthenticatedPrincipalTests.java
@@ -38,33 +38,55 @@ import org.springframework.security.oauth2.core.OAuth2AuthenticatedPrincipal;
  * @author David Kovac
  */
 public class OAuth2IntrospectionAuthenticatedPrincipalTests {
+
 	private static final String AUTHORITY = "SCOPE_read";
+
 	private static final Collection<GrantedAuthority> AUTHORITIES = AuthorityUtils.createAuthorityList(AUTHORITY);
 
 	private static final String SUBJECT = "test-subject";
 
 	private static final String ACTIVE_CLAIM = "active";
+
 	private static final String CLIENT_ID_CLAIM = "client_id";
+
 	private static final String USERNAME_CLAIM = "username";
+
 	private static final String TOKEN_TYPE_CLAIM = "token_type";
+
 	private static final String EXP_CLAIM = "exp";
+
 	private static final String IAT_CLAIM = "iat";
+
 	private static final String NBF_CLAIM = "nbf";
+
 	private static final String SUB_CLAIM = "sub";
+
 	private static final String AUD_CLAIM = "aud";
+
 	private static final String ISS_CLAIM = "iss";
+
 	private static final String JTI_CLAIM = "jti";
 
 	private static final boolean ACTIVE_VALUE = true;
+
 	private static final String CLIENT_ID_VALUE = "client-id-1";
+
 	private static final String USERNAME_VALUE = "username-1";
+
 	private static final String TOKEN_TYPE_VALUE = "token-type-1";
+
 	private static final long EXP_VALUE = Instant.now().plusSeconds(60).getEpochSecond();
+
 	private static final long IAT_VALUE = Instant.now().getEpochSecond();
+
 	private static final long NBF_VALUE = Instant.now().plusSeconds(5).getEpochSecond();
+
 	private static final String SUB_VALUE = "subject1";
+
 	private static final List<String> AUD_VALUE = Arrays.asList("aud1", "aud2");
+
 	private static final String ISS_VALUE = "https://provider.com";
+
 	private static final String JTI_VALUE = "jwt-id-1";
 
 	private static final Map<String, Object> CLAIMS;
@@ -95,26 +117,25 @@ public class OAuth2IntrospectionAuthenticatedPrincipalTests {
 
 	@Test
 	public void constructorWhenAuthoritiesIsNullOrEmptyThenNoAuthorities() {
-		Collection<? extends GrantedAuthority> authorities =
-				new OAuth2IntrospectionAuthenticatedPrincipal(CLAIMS, null).getAuthorities();
+		Collection<? extends GrantedAuthority> authorities = new OAuth2IntrospectionAuthenticatedPrincipal(CLAIMS, null)
+				.getAuthorities();
 		assertThat(authorities).isEmpty();
 
-		authorities = new OAuth2IntrospectionAuthenticatedPrincipal(CLAIMS,
-				Collections.emptyList()).getAuthorities();
+		authorities = new OAuth2IntrospectionAuthenticatedPrincipal(CLAIMS, Collections.emptyList()).getAuthorities();
 		assertThat(authorities).isEmpty();
 	}
 
 	@Test
 	public void constructorWhenNameIsNullThenFallsbackToSubAttribute() {
-		OAuth2AuthenticatedPrincipal principal =
-				new OAuth2IntrospectionAuthenticatedPrincipal(null, CLAIMS, AUTHORITIES);
+		OAuth2AuthenticatedPrincipal principal = new OAuth2IntrospectionAuthenticatedPrincipal(null, CLAIMS,
+				AUTHORITIES);
 		assertThat(principal.getName()).isEqualTo(CLAIMS.get(SUB_CLAIM));
 	}
 
 	@Test
 	public void constructorWhenAttributesAuthoritiesProvidedThenCreated() {
-		OAuth2IntrospectionAuthenticatedPrincipal principal =
-				new OAuth2IntrospectionAuthenticatedPrincipal(CLAIMS, AUTHORITIES);
+		OAuth2IntrospectionAuthenticatedPrincipal principal = new OAuth2IntrospectionAuthenticatedPrincipal(CLAIMS,
+				AUTHORITIES);
 
 		assertThat(principal.getName()).isEqualTo(CLAIMS.get(SUB_CLAIM));
 		assertThat(principal.getAttributes()).isEqualTo(CLAIMS);
@@ -136,8 +157,8 @@ public class OAuth2IntrospectionAuthenticatedPrincipalTests {
 
 	@Test
 	public void constructorWhenAllParametersProvidedAndValidThenCreated() {
-		OAuth2IntrospectionAuthenticatedPrincipal principal =
-				new OAuth2IntrospectionAuthenticatedPrincipal(SUBJECT, CLAIMS, AUTHORITIES);
+		OAuth2IntrospectionAuthenticatedPrincipal principal = new OAuth2IntrospectionAuthenticatedPrincipal(SUBJECT,
+				CLAIMS, AUTHORITIES);
 
 		assertThat(principal.getName()).isEqualTo(SUBJECT);
 		assertThat(principal.getAttributes()).isEqualTo(CLAIMS);
@@ -159,15 +180,14 @@ public class OAuth2IntrospectionAuthenticatedPrincipalTests {
 
 	@Test
 	public void getNameWhenInConstructorThenReturns() {
-		OAuth2AuthenticatedPrincipal principal =
-				new OAuth2IntrospectionAuthenticatedPrincipal(SUB_VALUE, CLAIMS, AUTHORITIES);
+		OAuth2AuthenticatedPrincipal principal = new OAuth2IntrospectionAuthenticatedPrincipal(SUB_VALUE, CLAIMS,
+				AUTHORITIES);
 		assertThat(principal.getName()).isEqualTo(SUB_VALUE);
 	}
 
 	@Test
 	public void getAttributeWhenGivenKeyThenReturnsValue() {
-		OAuth2AuthenticatedPrincipal principal =
-				new OAuth2IntrospectionAuthenticatedPrincipal(CLAIMS, AUTHORITIES);
+		OAuth2AuthenticatedPrincipal principal = new OAuth2IntrospectionAuthenticatedPrincipal(CLAIMS, AUTHORITIES);
 
 		assertThat((Object) principal.getAttribute(ACTIVE_CLAIM)).isEqualTo(ACTIVE_VALUE);
 		assertThat((Object) principal.getAttribute(CLIENT_ID_CLAIM)).isEqualTo(CLIENT_ID_VALUE);
@@ -181,4 +201,5 @@ public class OAuth2IntrospectionAuthenticatedPrincipalTests {
 		assertThat((Object) principal.getAttribute(ISS_CLAIM)).isEqualTo(ISS_VALUE);
 		assertThat((Object) principal.getAttribute(JTI_CLAIM)).isEqualTo(JTI_VALUE);
 	}
+
 }
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationEntryPointTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationEntryPointTests.java
index fc5bca4482..1dbe257e5e 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationEntryPointTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationEntryPointTests.java
@@ -46,8 +46,7 @@ public class BearerTokenAuthenticationEntryPointTests {
 	}
 
 	@Test
-	public void commenceWhenNoBearerTokenErrorThenStatus401AndAuthHeader()
-			throws Exception {
+	public void commenceWhenNoBearerTokenErrorThenStatus401AndAuthHeader() throws Exception {
 
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
@@ -59,8 +58,7 @@ public class BearerTokenAuthenticationEntryPointTests {
 	}
 
 	@Test
-	public void commenceWhenNoBearerTokenErrorAndRealmSetThenStatus401AndAuthHeaderWithRealm()
-			throws Exception {
+	public void commenceWhenNoBearerTokenErrorAndRealmSetThenStatus401AndAuthHeaderWithRealm() throws Exception {
 
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
@@ -73,35 +71,28 @@ public class BearerTokenAuthenticationEntryPointTests {
 	}
 
 	@Test
-	public void commenceWhenInvalidRequestErrorThenStatus400AndHeaderWithError()
-			throws Exception {
+	public void commenceWhenInvalidRequestErrorThenStatus400AndHeaderWithError() throws Exception {
 
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
-		BearerTokenError error = new BearerTokenError(
-				BearerTokenErrorCodes.INVALID_REQUEST,
-				HttpStatus.BAD_REQUEST,
-				null,
-				null);
+		BearerTokenError error = new BearerTokenError(BearerTokenErrorCodes.INVALID_REQUEST, HttpStatus.BAD_REQUEST,
+				null, null);
 
-		this.authenticationEntryPoint.commence(request, response,
-				new OAuth2AuthenticationException(error));
+		this.authenticationEntryPoint.commence(request, response, new OAuth2AuthenticationException(error));
 
 		assertThat(response.getStatus()).isEqualTo(400);
 		assertThat(response.getHeader("WWW-Authenticate")).isEqualTo("Bearer error=\"invalid_request\"");
 	}
 
 	@Test
-	public void commenceWhenInvalidRequestErrorThenStatus400AndHeaderWithErrorDetails()
-			throws Exception {
+	public void commenceWhenInvalidRequestErrorThenStatus400AndHeaderWithErrorDetails() throws Exception {
 
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		BearerTokenError error = new BearerTokenError(BearerTokenErrorCodes.INVALID_REQUEST, HttpStatus.BAD_REQUEST,
 				"The access token expired", null, null);
 
-		this.authenticationEntryPoint.commence(request, response,
-				new OAuth2AuthenticationException(error));
+		this.authenticationEntryPoint.commence(request, response, new OAuth2AuthenticationException(error));
 
 		assertThat(response.getStatus()).isEqualTo(400);
 		assertThat(response.getHeader("WWW-Authenticate"))
@@ -109,16 +100,14 @@ public class BearerTokenAuthenticationEntryPointTests {
 	}
 
 	@Test
-	public void commenceWhenInvalidRequestErrorThenStatus400AndHeaderWithErrorUri()
-			throws Exception {
+	public void commenceWhenInvalidRequestErrorThenStatus400AndHeaderWithErrorUri() throws Exception {
 
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		BearerTokenError error = new BearerTokenError(BearerTokenErrorCodes.INVALID_REQUEST, HttpStatus.BAD_REQUEST,
 				null, "https://example.com", null);
 
-		this.authenticationEntryPoint.commence(request, response,
-				new OAuth2AuthenticationException(error));
+		this.authenticationEntryPoint.commence(request, response, new OAuth2AuthenticationException(error));
 
 		assertThat(response.getStatus()).isEqualTo(400);
 		assertThat(response.getHeader("WWW-Authenticate"))
@@ -126,48 +115,42 @@ public class BearerTokenAuthenticationEntryPointTests {
 	}
 
 	@Test
-	public void commenceWhenInvalidTokenErrorThenStatus401AndHeaderWithError()
-			throws Exception {
+	public void commenceWhenInvalidTokenErrorThenStatus401AndHeaderWithError() throws Exception {
 
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		BearerTokenError error = new BearerTokenError(BearerTokenErrorCodes.INVALID_TOKEN, HttpStatus.UNAUTHORIZED,
 				null, null);
 
-		this.authenticationEntryPoint.commence(request, response,
-				new OAuth2AuthenticationException(error));
+		this.authenticationEntryPoint.commence(request, response, new OAuth2AuthenticationException(error));
 
 		assertThat(response.getStatus()).isEqualTo(401);
 		assertThat(response.getHeader("WWW-Authenticate")).isEqualTo("Bearer error=\"invalid_token\"");
 	}
 
 	@Test
-	public void commenceWhenInsufficientScopeErrorThenStatus403AndHeaderWithError()
-			throws Exception {
+	public void commenceWhenInsufficientScopeErrorThenStatus403AndHeaderWithError() throws Exception {
 
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		BearerTokenError error = new BearerTokenError(BearerTokenErrorCodes.INSUFFICIENT_SCOPE, HttpStatus.FORBIDDEN,
 				null, null);
 
-		this.authenticationEntryPoint.commence(request, response,
-				new OAuth2AuthenticationException(error));
+		this.authenticationEntryPoint.commence(request, response, new OAuth2AuthenticationException(error));
 
 		assertThat(response.getStatus()).isEqualTo(403);
 		assertThat(response.getHeader("WWW-Authenticate")).isEqualTo("Bearer error=\"insufficient_scope\"");
 	}
 
 	@Test
-	public void commenceWhenInsufficientScopeErrorThenStatus403AndHeaderWithErrorAndScope()
-			throws Exception {
+	public void commenceWhenInsufficientScopeErrorThenStatus403AndHeaderWithErrorAndScope() throws Exception {
 
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		BearerTokenError error = new BearerTokenError(BearerTokenErrorCodes.INSUFFICIENT_SCOPE, HttpStatus.FORBIDDEN,
 				null, null, "test.read test.write");
 
-		this.authenticationEntryPoint.commence(request, response,
-				new OAuth2AuthenticationException(error));
+		this.authenticationEntryPoint.commence(request, response, new OAuth2AuthenticationException(error));
 
 		assertThat(response.getStatus()).isEqualTo(403);
 		assertThat(response.getHeader("WWW-Authenticate"))
@@ -184,8 +167,7 @@ public class BearerTokenAuthenticationEntryPointTests {
 				"Insufficient scope", "https://example.com", "test.read test.write");
 
 		this.authenticationEntryPoint.setRealmName("test");
-		this.authenticationEntryPoint.commence(request, response,
-				new OAuth2AuthenticationException(error));
+		this.authenticationEntryPoint.commence(request, response, new OAuth2AuthenticationException(error));
 
 		assertThat(response.getStatus()).isEqualTo(403);
 		assertThat(response.getHeader("WWW-Authenticate")).isEqualTo(
@@ -195,8 +177,7 @@ public class BearerTokenAuthenticationEntryPointTests {
 
 	@Test
 	public void setRealmNameWhenNullRealmNameThenNoExceptionThrown() {
-		assertThatCode(() -> this.authenticationEntryPoint.setRealmName(null))
-				.doesNotThrowAnyException();
+		assertThatCode(() -> this.authenticationEntryPoint.setRealmName(null)).doesNotThrowAnyException();
 	}
 
 }
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationFilterTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationFilterTests.java
index 25339f031b..065e41ed08 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationFilterTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationFilterTests.java
@@ -53,6 +53,7 @@ import static org.mockito.Mockito.when;
  */
 @RunWith(MockitoJUnitRunner.class)
 public class BearerTokenAuthenticationFilterTests {
+
 	@Mock
 	AuthenticationEntryPoint authenticationEntryPoint;
 
@@ -85,12 +86,12 @@ public class BearerTokenAuthenticationFilterTests {
 	public void doFilterWhenBearerTokenPresentThenAuthenticates() throws ServletException, IOException {
 		when(this.bearerTokenResolver.resolve(this.request)).thenReturn("token");
 
-		BearerTokenAuthenticationFilter filter =
-				addMocks(new BearerTokenAuthenticationFilter(this.authenticationManager));
+		BearerTokenAuthenticationFilter filter = addMocks(
+				new BearerTokenAuthenticationFilter(this.authenticationManager));
 		filter.doFilter(this.request, this.response, this.filterChain);
 
-		ArgumentCaptor<BearerTokenAuthenticationToken> captor =
-				ArgumentCaptor.forClass(BearerTokenAuthenticationToken.class);
+		ArgumentCaptor<BearerTokenAuthenticationToken> captor = ArgumentCaptor
+				.forClass(BearerTokenAuthenticationToken.class);
 
 		verify(this.authenticationManager).authenticate(captor.capture());
 
@@ -99,16 +100,16 @@ public class BearerTokenAuthenticationFilterTests {
 
 	@Test
 	public void doFilterWhenUsingAuthenticationManagerResolverThenAuthenticates() throws Exception {
-		BearerTokenAuthenticationFilter filter =
-				addMocks(new BearerTokenAuthenticationFilter(this.authenticationManagerResolver));
+		BearerTokenAuthenticationFilter filter = addMocks(
+				new BearerTokenAuthenticationFilter(this.authenticationManagerResolver));
 
 		when(this.bearerTokenResolver.resolve(this.request)).thenReturn("token");
 		when(this.authenticationManagerResolver.resolve(any())).thenReturn(this.authenticationManager);
 
 		filter.doFilter(this.request, this.response, this.filterChain);
 
-		ArgumentCaptor<BearerTokenAuthenticationToken> captor =
-				ArgumentCaptor.forClass(BearerTokenAuthenticationToken.class);
+		ArgumentCaptor<BearerTokenAuthenticationToken> captor = ArgumentCaptor
+				.forClass(BearerTokenAuthenticationToken.class);
 
 		verify(this.authenticationManager).authenticate(captor.capture());
 
@@ -116,8 +117,7 @@ public class BearerTokenAuthenticationFilterTests {
 	}
 
 	@Test
-	public void doFilterWhenNoBearerTokenPresentThenDoesNotAuthenticate()
-			throws ServletException, IOException {
+	public void doFilterWhenNoBearerTokenPresentThenDoesNotAuthenticate() throws ServletException, IOException {
 
 		when(this.bearerTokenResolver.resolve(this.request)).thenReturn(null);
 
@@ -126,11 +126,8 @@ public class BearerTokenAuthenticationFilterTests {
 
 	@Test
 	public void doFilterWhenMalformedBearerTokenThenPropagatesError() throws ServletException, IOException {
-		BearerTokenError error = new BearerTokenError(
-				BearerTokenErrorCodes.INVALID_REQUEST,
-				HttpStatus.BAD_REQUEST,
-				"description",
-				"uri");
+		BearerTokenError error = new BearerTokenError(BearerTokenErrorCodes.INVALID_REQUEST, HttpStatus.BAD_REQUEST,
+				"description", "uri");
 
 		OAuth2AuthenticationException exception = new OAuth2AuthenticationException(error);
 
@@ -142,44 +139,36 @@ public class BearerTokenAuthenticationFilterTests {
 	}
 
 	@Test
-	public void doFilterWhenAuthenticationFailsWithDefaultHandlerThenPropagatesError() throws ServletException, IOException {
-		BearerTokenError error = new BearerTokenError(
-				BearerTokenErrorCodes.INVALID_TOKEN,
-				HttpStatus.UNAUTHORIZED,
-				"description",
-				"uri"
-		);
+	public void doFilterWhenAuthenticationFailsWithDefaultHandlerThenPropagatesError()
+			throws ServletException, IOException {
+		BearerTokenError error = new BearerTokenError(BearerTokenErrorCodes.INVALID_TOKEN, HttpStatus.UNAUTHORIZED,
+				"description", "uri");
 
 		OAuth2AuthenticationException exception = new OAuth2AuthenticationException(error);
 
 		when(this.bearerTokenResolver.resolve(this.request)).thenReturn("token");
-		when(this.authenticationManager.authenticate(any(BearerTokenAuthenticationToken.class)))
-				.thenThrow(exception);
+		when(this.authenticationManager.authenticate(any(BearerTokenAuthenticationToken.class))).thenThrow(exception);
 
-		BearerTokenAuthenticationFilter filter =
-				addMocks(new BearerTokenAuthenticationFilter(this.authenticationManager));
+		BearerTokenAuthenticationFilter filter = addMocks(
+				new BearerTokenAuthenticationFilter(this.authenticationManager));
 		filter.doFilter(this.request, this.response, this.filterChain);
 
 		verify(this.authenticationEntryPoint).commence(this.request, this.response, exception);
 	}
 
 	@Test
-	public void doFilterWhenAuthenticationFailsWithCustomHandlerThenPropagatesError() throws ServletException, IOException {
-		BearerTokenError error = new BearerTokenError(
-				BearerTokenErrorCodes.INVALID_TOKEN,
-				HttpStatus.UNAUTHORIZED,
-				"description",
-				"uri"
-		);
+	public void doFilterWhenAuthenticationFailsWithCustomHandlerThenPropagatesError()
+			throws ServletException, IOException {
+		BearerTokenError error = new BearerTokenError(BearerTokenErrorCodes.INVALID_TOKEN, HttpStatus.UNAUTHORIZED,
+				"description", "uri");
 
 		OAuth2AuthenticationException exception = new OAuth2AuthenticationException(error);
 
 		when(this.bearerTokenResolver.resolve(this.request)).thenReturn("token");
-		when(this.authenticationManager.authenticate(any(BearerTokenAuthenticationToken.class)))
-				.thenThrow(exception);
+		when(this.authenticationManager.authenticate(any(BearerTokenAuthenticationToken.class))).thenThrow(exception);
 
-		BearerTokenAuthenticationFilter filter =
-				addMocks(new BearerTokenAuthenticationFilter(this.authenticationManager));
+		BearerTokenAuthenticationFilter filter = addMocks(
+				new BearerTokenAuthenticationFilter(this.authenticationManager));
 		filter.setAuthenticationFailureHandler(this.authenticationFailureHandler);
 		filter.doFilter(this.request, this.response, this.filterChain);
 
@@ -189,16 +178,14 @@ public class BearerTokenAuthenticationFilterTests {
 	@Test
 	public void setAuthenticationEntryPointWhenNullThenThrowsException() {
 		BearerTokenAuthenticationFilter filter = new BearerTokenAuthenticationFilter(this.authenticationManager);
-		assertThatCode(() -> filter.setAuthenticationEntryPoint(null))
-				.isInstanceOf(IllegalArgumentException.class)
+		assertThatCode(() -> filter.setAuthenticationEntryPoint(null)).isInstanceOf(IllegalArgumentException.class)
 				.hasMessageContaining("authenticationEntryPoint cannot be null");
 	}
 
 	@Test
 	public void setBearerTokenResolverWhenNullThenThrowsException() {
 		BearerTokenAuthenticationFilter filter = new BearerTokenAuthenticationFilter(this.authenticationManager);
-		assertThatCode(() -> filter.setBearerTokenResolver(null))
-				.isInstanceOf(IllegalArgumentException.class)
+		assertThatCode(() -> filter.setBearerTokenResolver(null)).isInstanceOf(IllegalArgumentException.class)
 				.hasMessageContaining("bearerTokenResolver cannot be null");
 	}
 
@@ -211,10 +198,10 @@ public class BearerTokenAuthenticationFilterTests {
 
 	@Test
 	public void constructorWhenNullAuthenticationManagerResolverThenThrowsException() {
-		assertThatCode(() ->
-				new BearerTokenAuthenticationFilter((AuthenticationManagerResolver<HttpServletRequest>) null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessageContaining("authenticationManagerResolver cannot be null");
+		assertThatCode(
+				() -> new BearerTokenAuthenticationFilter((AuthenticationManagerResolver<HttpServletRequest>) null))
+						.isInstanceOf(IllegalArgumentException.class)
+						.hasMessageContaining("authenticationManagerResolver cannot be null");
 	}
 
 	private BearerTokenAuthenticationFilter addMocks(BearerTokenAuthenticationFilter filter) {
@@ -223,13 +210,13 @@ public class BearerTokenAuthenticationFilterTests {
 		return filter;
 	}
 
-	private void dontAuthenticate()
-		throws ServletException, IOException {
+	private void dontAuthenticate() throws ServletException, IOException {
 
-		BearerTokenAuthenticationFilter filter =
-				addMocks(new BearerTokenAuthenticationFilter(this.authenticationManager));
+		BearerTokenAuthenticationFilter filter = addMocks(
+				new BearerTokenAuthenticationFilter(this.authenticationManager));
 		filter.doFilter(this.request, this.response, this.filterChain);
 
 		verifyNoMoreInteractions(this.authenticationManager);
 	}
+
 }
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/DefaultBearerTokenResolverTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/DefaultBearerTokenResolverTests.java
index d8584c3f88..568df3dd14 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/DefaultBearerTokenResolverTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/DefaultBearerTokenResolverTests.java
@@ -33,7 +33,9 @@ import static org.assertj.core.api.Assertions.assertThatCode;
  * @author Vedran Pavic
  */
 public class DefaultBearerTokenResolverTests {
+
 	private static final String CUSTOM_HEADER = "custom-header";
+
 	private static final String TEST_TOKEN = "test-token";
 
 	private DefaultBearerTokenResolver resolver;
@@ -184,4 +186,5 @@ public class DefaultBearerTokenResolverTests {
 
 		assertThat(this.resolver.resolve(request)).isNull();
 	}
+
 }
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/HeaderBearerTokenResolverTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/HeaderBearerTokenResolverTests.java
index ca8d047873..20121017c0 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/HeaderBearerTokenResolverTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/HeaderBearerTokenResolverTests.java
@@ -38,16 +38,16 @@ public class HeaderBearerTokenResolverTests {
 
 	@Test
 	public void constructorWhenHeaderNullThenThrowIllegalArgumentException() {
-		assertThatCode(() -> { new HeaderBearerTokenResolver(null); })
-			.isInstanceOf(IllegalArgumentException.class)
-			.hasMessage("header cannot be empty");
+		assertThatCode(() -> {
+			new HeaderBearerTokenResolver(null);
+		}).isInstanceOf(IllegalArgumentException.class).hasMessage("header cannot be empty");
 	}
 
 	@Test
 	public void constructorWhenHeaderEmptyThenThrowIllegalArgumentException() {
-		assertThatCode(() -> { new HeaderBearerTokenResolver(""); })
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("header cannot be empty");
+		assertThatCode(() -> {
+			new HeaderBearerTokenResolver("");
+		}).isInstanceOf(IllegalArgumentException.class).hasMessage("header cannot be empty");
 	}
 
 	@Test
@@ -64,4 +64,5 @@ public class HeaderBearerTokenResolverTests {
 
 		assertThat(this.resolver.resolve(request)).isNull();
 	}
+
 }
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/MockExchangeFunction.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/MockExchangeFunction.java
index a4da50ea00..0aa0aaf600 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/MockExchangeFunction.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/MockExchangeFunction.java
@@ -32,6 +32,7 @@ import static org.mockito.Mockito.mock;
  * @since 5.1
  */
 public class MockExchangeFunction implements ExchangeFunction {
+
 	private List<ClientRequest> requests = new ArrayList<>();
 
 	private ClientResponse response = mock(ClientResponse.class);
@@ -55,4 +56,5 @@ public class MockExchangeFunction implements ExchangeFunction {
 			return Mono.just(this.response);
 		});
 	}
+
 }
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/access/BearerTokenAccessDeniedHandlerTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/access/BearerTokenAccessDeniedHandlerTests.java
index 3799e77c4d..7961b5a1f3 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/access/BearerTokenAccessDeniedHandlerTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/access/BearerTokenAccessDeniedHandlerTests.java
@@ -37,6 +37,7 @@ import static org.assertj.core.api.Assertions.assertThatCode;
  * @author Josh Cummings
  */
 public class BearerTokenAccessDeniedHandlerTests {
+
 	private BearerTokenAccessDeniedHandler accessDeniedHandler;
 
 	@Before
@@ -45,8 +46,7 @@ public class BearerTokenAccessDeniedHandlerTests {
 	}
 
 	@Test
-	public void handleWhenNotOAuth2AuthenticatedThenStatus403()
-			throws Exception {
+	public void handleWhenNotOAuth2AuthenticatedThenStatus403() throws Exception {
 
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
@@ -61,8 +61,7 @@ public class BearerTokenAccessDeniedHandlerTests {
 	}
 
 	@Test
-	public void handleWhenNotOAuth2AuthenticatedAndRealmSetThenStatus403AndAuthHeaderWithRealm()
-			throws Exception {
+	public void handleWhenNotOAuth2AuthenticatedAndRealmSetThenStatus403AndAuthHeaderWithRealm() throws Exception {
 
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
@@ -90,15 +89,14 @@ public class BearerTokenAccessDeniedHandlerTests {
 		this.accessDeniedHandler.handle(request, response, null);
 
 		assertThat(response.getStatus()).isEqualTo(403);
-		assertThat(response.getHeader("WWW-Authenticate")).isEqualTo("Bearer error=\"insufficient_scope\", " +
-				"error_description=\"The request requires higher privileges than provided by the access token.\", " +
-				"error_uri=\"https://tools.ietf.org/html/rfc6750#section-3.1\"");
+		assertThat(response.getHeader("WWW-Authenticate")).isEqualTo("Bearer error=\"insufficient_scope\", "
+				+ "error_description=\"The request requires higher privileges than provided by the access token.\", "
+				+ "error_uri=\"https://tools.ietf.org/html/rfc6750#section-3.1\"");
 	}
 
 	@Test
 	public void setRealmNameWhenNullRealmNameThenNoExceptionThrown() {
-		assertThatCode(() -> this.accessDeniedHandler.setRealmName(null))
-				.doesNotThrowAnyException();
+		assertThatCode(() -> this.accessDeniedHandler.setRealmName(null)).doesNotThrowAnyException();
 	}
 
 	static class TestingOAuth2TokenAuthenticationToken
@@ -117,9 +115,13 @@ public class BearerTokenAccessDeniedHandlerTests {
 		}
 
 		static class TestingOAuth2Token extends AbstractOAuth2Token {
+
 			TestingOAuth2Token(String tokenValue) {
 				super(tokenValue);
 			}
+
 		}
+
 	}
+
 }
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/access/server/BearerTokenServerAccessDeniedHandlerTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/access/server/BearerTokenServerAccessDeniedHandlerTests.java
index c4fb17ee65..5edb11aebf 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/access/server/BearerTokenServerAccessDeniedHandlerTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/access/server/BearerTokenServerAccessDeniedHandlerTests.java
@@ -37,6 +37,7 @@ import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.when;
 
 public class BearerTokenServerAccessDeniedHandlerTests {
+
 	private BearerTokenServerAccessDeniedHandler accessDeniedHandler;
 
 	@Before
@@ -55,8 +56,7 @@ public class BearerTokenServerAccessDeniedHandlerTests {
 		this.accessDeniedHandler.handle(exchange, null).block();
 
 		assertThat(exchange.getResponse().getStatusCode()).isEqualTo(HttpStatus.FORBIDDEN);
-		assertThat(exchange.getResponse().getHeaders().get("WWW-Authenticate")).isEqualTo(
-				Arrays.asList("Bearer"));
+		assertThat(exchange.getResponse().getHeaders().get("WWW-Authenticate")).isEqualTo(Arrays.asList("Bearer"));
 	}
 
 	@Test
@@ -71,8 +71,8 @@ public class BearerTokenServerAccessDeniedHandlerTests {
 		this.accessDeniedHandler.handle(exchange, null).block();
 
 		assertThat(exchange.getResponse().getStatusCode()).isEqualTo(HttpStatus.FORBIDDEN);
-		assertThat(exchange.getResponse().getHeaders().get("WWW-Authenticate")).isEqualTo(
-				Arrays.asList("Bearer realm=\"test\""));
+		assertThat(exchange.getResponse().getHeaders().get("WWW-Authenticate"))
+				.isEqualTo(Arrays.asList("Bearer realm=\"test\""));
 	}
 
 	@Test
@@ -86,16 +86,15 @@ public class BearerTokenServerAccessDeniedHandlerTests {
 		this.accessDeniedHandler.handle(exchange, null).block();
 
 		assertThat(exchange.getResponse().getStatusCode()).isEqualTo(HttpStatus.FORBIDDEN);
-		assertThat(exchange.getResponse().getHeaders().get("WWW-Authenticate")).isEqualTo(
-				Arrays.asList("Bearer error=\"insufficient_scope\", " +
-				"error_description=\"The request requires higher privileges than provided by the access token.\", " +
-				"error_uri=\"https://tools.ietf.org/html/rfc6750#section-3.1\""));
+		assertThat(exchange.getResponse().getHeaders().get("WWW-Authenticate"))
+				.isEqualTo(Arrays.asList("Bearer error=\"insufficient_scope\", "
+						+ "error_description=\"The request requires higher privileges than provided by the access token.\", "
+						+ "error_uri=\"https://tools.ietf.org/html/rfc6750#section-3.1\""));
 	}
 
 	@Test
 	public void setRealmNameWhenNullRealmNameThenNoExceptionThrown() {
-		assertThatCode(() -> this.accessDeniedHandler.setRealmName(null))
-				.doesNotThrowAnyException();
+		assertThatCode(() -> this.accessDeniedHandler.setRealmName(null)).doesNotThrowAnyException();
 	}
 
 	static class TestingOAuth2TokenAuthenticationToken
@@ -114,9 +113,13 @@ public class BearerTokenServerAccessDeniedHandlerTests {
 		}
 
 		static class TestingOAuth2Token extends AbstractOAuth2Token {
+
 			TestingOAuth2Token(String tokenValue) {
 				super(tokenValue);
 			}
+
 		}
+
 	}
+
 }
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServerBearerExchangeFilterFunctionTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServerBearerExchangeFilterFunctionTests.java
index 22bdb72bcd..52517b788d 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServerBearerExchangeFilterFunctionTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServerBearerExchangeFilterFunctionTests.java
@@ -42,14 +42,14 @@ import static org.springframework.http.HttpMethod.GET;
  * @author Josh Cummings
  */
 public class ServerBearerExchangeFilterFunctionTests {
+
 	private ServerBearerExchangeFilterFunction function = new ServerBearerExchangeFilterFunction();
 
 	private MockExchangeFunction exchange = new MockExchangeFunction();
 
-	private OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,
-			"token-0",
-			Instant.now(),
-			Instant.now().plus(Duration.ofDays(1)));
+	private OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, "token-0",
+			Instant.now(), Instant.now().plus(Duration.ofDays(1)));
+
 	private Authentication authentication = new AbstractOAuth2TokenAuthenticationToken<OAuth2AccessToken>(accessToken) {
 		@Override
 		public Map<String, Object> getTokenAttributes() {
@@ -59,8 +59,7 @@ public class ServerBearerExchangeFilterFunctionTests {
 
 	@Test
 	public void filterWhenUnauthenticatedThenAuthorizationHeaderNull() {
-		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
-				.build();
+		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com")).build();
 
 		this.function.filter(request, this.exchange).block();
 
@@ -69,12 +68,10 @@ public class ServerBearerExchangeFilterFunctionTests {
 
 	@Test
 	public void filterWhenAuthenticatedThenAuthorizationHeaderNull() throws Exception {
-		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
-				.build();
+		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com")).build();
 
 		this.function.filter(request, this.exchange)
-				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication))
-				.block();
+				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication)).block();
 
 		assertThat(this.exchange.getRequest().headers().getFirst(HttpHeaders.AUTHORIZATION))
 				.isEqualTo("Bearer " + this.accessToken.getTokenValue());
@@ -83,29 +80,25 @@ public class ServerBearerExchangeFilterFunctionTests {
 	// gh-7353
 	@Test
 	public void filterWhenAuthenticatedWithOtherTokenThenAuthorizationHeaderNull() throws Exception {
-		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
-				.build();
+		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com")).build();
 
 		TestingAuthenticationToken token = new TestingAuthenticationToken("user", "pass");
 		this.function.filter(request, this.exchange)
-				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(token))
-				.block();
+				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(token)).block();
 
-		assertThat(this.exchange.getRequest().headers().getFirst(HttpHeaders.AUTHORIZATION))
-				.isNull();
+		assertThat(this.exchange.getRequest().headers().getFirst(HttpHeaders.AUTHORIZATION)).isNull();
 	}
 
 	@Test
 	public void filterWhenExistingAuthorizationThenSingleAuthorizationHeader() {
 		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
-				.header(HttpHeaders.AUTHORIZATION, "Existing")
-				.build();
+				.header(HttpHeaders.AUTHORIZATION, "Existing").build();
 
 		this.function.filter(request, this.exchange)
-				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication))
-				.block();
+				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication)).block();
 
 		HttpHeaders headers = this.exchange.getRequest().headers();
 		assertThat(headers.get(HttpHeaders.AUTHORIZATION)).containsOnly("Bearer " + this.accessToken.getTokenValue());
 	}
+
 }
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServletBearerExchangeFilterFunctionTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServletBearerExchangeFilterFunctionTests.java
index e5fd79b339..c4999fb545 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServletBearerExchangeFilterFunctionTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServletBearerExchangeFilterFunctionTests.java
@@ -47,14 +47,13 @@ import static org.springframework.security.oauth2.server.resource.web.reactive.f
  */
 @RunWith(MockitoJUnitRunner.class)
 public class ServletBearerExchangeFilterFunctionTests {
+
 	private ServletBearerExchangeFilterFunction function = new ServletBearerExchangeFilterFunction();
 
 	private MockExchangeFunction exchange = new MockExchangeFunction();
 
-	private OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,
-			"token-0",
-			Instant.now(),
-			Instant.now().plus(Duration.ofDays(1)));
+	private OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, "token-0",
+			Instant.now(), Instant.now().plus(Duration.ofDays(1)));
 
 	private Authentication authentication = new AbstractOAuth2TokenAuthenticationToken<OAuth2AccessToken>(accessToken) {
 		@Override
@@ -65,38 +64,29 @@ public class ServletBearerExchangeFilterFunctionTests {
 
 	@Test
 	public void filterWhenUnauthenticatedThenAuthorizationHeaderNull() {
-		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
-				.build();
+		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com")).build();
 
 		this.function.filter(request, this.exchange).block();
 
-		assertThat(this.exchange.getRequest().headers().getFirst(HttpHeaders.AUTHORIZATION))
-				.isNull();
+		assertThat(this.exchange.getRequest().headers().getFirst(HttpHeaders.AUTHORIZATION)).isNull();
 	}
 
 	// gh-7353
 	@Test
 	public void filterWhenAuthenticatedWithOtherTokenThenAuthorizationHeaderNull() {
 		TestingAuthenticationToken token = new TestingAuthenticationToken("user", "pass");
-		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
-				.build();
+		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com")).build();
 
-		this.function.filter(request, this.exchange)
-				.subscriberContext(context(token))
-				.block();
+		this.function.filter(request, this.exchange).subscriberContext(context(token)).block();
 
-		assertThat(this.exchange.getRequest().headers().getFirst(HttpHeaders.AUTHORIZATION))
-				.isNull();
+		assertThat(this.exchange.getRequest().headers().getFirst(HttpHeaders.AUTHORIZATION)).isNull();
 	}
 
 	@Test
 	public void filterWhenAuthenticatedThenAuthorizationHeader() {
-		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
-				.build();
+		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com")).build();
 
-		this.function.filter(request, this.exchange)
-				.subscriberContext(context(this.authentication))
-				.block();
+		this.function.filter(request, this.exchange).subscriberContext(context(this.authentication)).block();
 
 		assertThat(this.exchange.getRequest().headers().getFirst(HttpHeaders.AUTHORIZATION))
 				.isEqualTo("Bearer " + this.accessToken.getTokenValue());
@@ -105,12 +95,9 @@ public class ServletBearerExchangeFilterFunctionTests {
 	@Test
 	public void filterWhenExistingAuthorizationThenSingleAuthorizationHeader() {
 		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
-				.header(HttpHeaders.AUTHORIZATION, "Existing")
-				.build();
+				.header(HttpHeaders.AUTHORIZATION, "Existing").build();
 
-		this.function.filter(request, this.exchange)
-				.subscriberContext(context(this.authentication))
-				.block();
+		this.function.filter(request, this.exchange).subscriberContext(context(this.authentication)).block();
 
 		HttpHeaders headers = this.exchange.getRequest().headers();
 		assertThat(headers.get(HttpHeaders.AUTHORIZATION)).containsOnly("Bearer " + this.accessToken.getTokenValue());
@@ -121,4 +108,5 @@ public class ServletBearerExchangeFilterFunctionTests {
 		contextAttributes.put(Authentication.class, authentication);
 		return Context.of(SECURITY_REACTOR_CONTEXT_ATTRIBUTES_KEY, contextAttributes);
 	}
+
 }
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/server/BearerTokenServerAuthenticationEntryPointTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/server/BearerTokenServerAuthenticationEntryPointTests.java
index 722ff98608..a5e044252a 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/server/BearerTokenServerAuthenticationEntryPointTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/server/BearerTokenServerAuthenticationEntryPointTests.java
@@ -35,6 +35,7 @@ import static org.assertj.core.api.Assertions.*;
  * @since 5.1
  */
 public class BearerTokenServerAuthenticationEntryPointTests {
+
 	private BearerTokenServerAuthenticationEntryPoint entryPoint = new BearerTokenServerAuthenticationEntryPoint();
 
 	private MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/"));
@@ -53,7 +54,8 @@ public class BearerTokenServerAuthenticationEntryPointTests {
 
 		this.entryPoint.commence(this.exchange, new BadCredentialsException("")).block();
 
-		assertThat(getResponse().getHeaders().getFirst(HttpHeaders.WWW_AUTHENTICATE)).isEqualTo("Bearer realm=\"Realm\"");
+		assertThat(getResponse().getHeaders().getFirst(HttpHeaders.WWW_AUTHENTICATE))
+				.isEqualTo("Bearer realm=\"Realm\"");
 		assertThat(getResponse().getStatusCode()).isEqualTo(HttpStatus.UNAUTHORIZED);
 	}
 
@@ -64,7 +66,8 @@ public class BearerTokenServerAuthenticationEntryPointTests {
 
 		this.entryPoint.commence(this.exchange, exception).block();
 
-		assertThat(getResponse().getHeaders().getFirst(HttpHeaders.WWW_AUTHENTICATE)).isEqualTo("Bearer error=\"invalid_request\"");
+		assertThat(getResponse().getHeaders().getFirst(HttpHeaders.WWW_AUTHENTICATE))
+				.isEqualTo("Bearer error=\"invalid_request\"");
 		assertThat(getResponse().getStatusCode()).isEqualTo(HttpStatus.UNAUTHORIZED);
 	}
 
@@ -75,19 +78,21 @@ public class BearerTokenServerAuthenticationEntryPointTests {
 
 		this.entryPoint.commence(this.exchange, exception).block();
 
-		assertThat(getResponse().getHeaders().getFirst(HttpHeaders.WWW_AUTHENTICATE)).isEqualTo("Bearer error=\"invalid_request\", error_description=\"Oops\", error_uri=\"https://example.com\"");
+		assertThat(getResponse().getHeaders().getFirst(HttpHeaders.WWW_AUTHENTICATE)).isEqualTo(
+				"Bearer error=\"invalid_request\", error_description=\"Oops\", error_uri=\"https://example.com\"");
 		assertThat(getResponse().getStatusCode()).isEqualTo(HttpStatus.UNAUTHORIZED);
 	}
 
 	@Test
 	public void commenceWhenBearerTokenThenErrorInformation() {
-		OAuth2Error oauthError = new BearerTokenError(OAuth2ErrorCodes.INVALID_REQUEST,
-				HttpStatus.BAD_REQUEST, "Oops", "https://example.com");
+		OAuth2Error oauthError = new BearerTokenError(OAuth2ErrorCodes.INVALID_REQUEST, HttpStatus.BAD_REQUEST, "Oops",
+				"https://example.com");
 		OAuth2AuthenticationException exception = new OAuth2AuthenticationException(oauthError);
 
 		this.entryPoint.commence(this.exchange, exception).block();
 
-		assertThat(getResponse().getHeaders().getFirst(HttpHeaders.WWW_AUTHENTICATE)).isEqualTo("Bearer error=\"invalid_request\", error_description=\"Oops\", error_uri=\"https://example.com\"");
+		assertThat(getResponse().getHeaders().getFirst(HttpHeaders.WWW_AUTHENTICATE)).isEqualTo(
+				"Bearer error=\"invalid_request\", error_description=\"Oops\", error_uri=\"https://example.com\"");
 		assertThat(getResponse().getStatusCode()).isEqualTo(HttpStatus.BAD_REQUEST);
 	}
 
@@ -102,4 +107,5 @@ public class BearerTokenServerAuthenticationEntryPointTests {
 	private MockServerHttpResponse getResponse() {
 		return this.exchange.getResponse();
 	}
+
 }
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/server/ServerBearerTokenAuthenticationConverterTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/server/ServerBearerTokenAuthenticationConverterTests.java
index e7932d6f66..939c418daa 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/server/ServerBearerTokenAuthenticationConverterTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/server/ServerBearerTokenAuthenticationConverterTests.java
@@ -39,7 +39,9 @@ import static org.assertj.core.api.Assertions.catchThrowableOfType;
  * @since 5.1
  */
 public class ServerBearerTokenAuthenticationConverterTests {
+
 	private static final String CUSTOM_HEADER = "custom-header";
+
 	private static final String TEST_TOKEN = "test-token";
 
 	private ServerBearerTokenAuthenticationConverter converter;
@@ -51,9 +53,8 @@ public class ServerBearerTokenAuthenticationConverterTests {
 
 	@Test
 	public void resolveWhenValidHeaderIsPresentThenTokenIsResolved() {
-		MockServerHttpRequest.BaseBuilder<?> request = MockServerHttpRequest
-				.get("/")
-				.header(HttpHeaders.AUTHORIZATION, "Bearer " + TEST_TOKEN);
+		MockServerHttpRequest.BaseBuilder<?> request = MockServerHttpRequest.get("/").header(HttpHeaders.AUTHORIZATION,
+				"Bearer " + TEST_TOKEN);
 
 		assertThat(convertToToken(request).getToken()).isEqualTo(TEST_TOKEN);
 	}
@@ -62,9 +63,8 @@ public class ServerBearerTokenAuthenticationConverterTests {
 	@Test
 	public void resolveWhenHeaderEndsWithPaddingIndicatorThenTokenIsResolved() {
 		String token = TEST_TOKEN + "==";
-		MockServerHttpRequest.BaseBuilder<?> request = MockServerHttpRequest
-				.get("/")
-				.header(HttpHeaders.AUTHORIZATION, "Bearer " + token);
+		MockServerHttpRequest.BaseBuilder<?> request = MockServerHttpRequest.get("/").header(HttpHeaders.AUTHORIZATION,
+				"Bearer " + token);
 
 		assertThat(convertToToken(request).getToken()).isEqualTo(token);
 	}
@@ -72,9 +72,8 @@ public class ServerBearerTokenAuthenticationConverterTests {
 	@Test
 	public void resolveWhenCustomDefinedHeaderIsValidAndPresentThenTokenIsResolved() {
 		this.converter.setBearerTokenHeaderName(CUSTOM_HEADER);
-		MockServerHttpRequest.BaseBuilder<?> request = MockServerHttpRequest
-				.get("/")
-				.header(CUSTOM_HEADER, "Bearer " + TEST_TOKEN);
+		MockServerHttpRequest.BaseBuilder<?> request = MockServerHttpRequest.get("/").header(CUSTOM_HEADER,
+				"Bearer " + TEST_TOKEN);
 
 		assertThat(convertToToken(request).getToken()).isEqualTo(TEST_TOKEN);
 	}
@@ -82,9 +81,8 @@ public class ServerBearerTokenAuthenticationConverterTests {
 	// gh-7011
 	@Test
 	public void resolveWhenValidHeaderIsEmptyStringThenTokenIsResolved() {
-		MockServerHttpRequest.BaseBuilder<?> request = MockServerHttpRequest
-				.get("/")
-				.header(HttpHeaders.AUTHORIZATION, "Bearer ");
+		MockServerHttpRequest.BaseBuilder<?> request = MockServerHttpRequest.get("/").header(HttpHeaders.AUTHORIZATION,
+				"Bearer ");
 
 		OAuth2AuthenticationException expected = catchThrowableOfType(() -> convertToToken(request),
 				OAuth2AuthenticationException.class);
@@ -96,72 +94,60 @@ public class ServerBearerTokenAuthenticationConverterTests {
 
 	@Test
 	public void resolveWhenLowercaseHeaderIsPresentThenTokenIsResolved() {
-		MockServerHttpRequest.BaseBuilder<?> request = MockServerHttpRequest
-				.get("/")
-				.header(HttpHeaders.AUTHORIZATION, "bearer " + TEST_TOKEN);
+		MockServerHttpRequest.BaseBuilder<?> request = MockServerHttpRequest.get("/").header(HttpHeaders.AUTHORIZATION,
+				"bearer " + TEST_TOKEN);
 
 		assertThat(convertToToken(request).getToken()).isEqualTo(TEST_TOKEN);
 	}
 
 	@Test
 	public void resolveWhenNoHeaderIsPresentThenTokenIsNotResolved() {
-		MockServerHttpRequest.BaseBuilder<?> request = MockServerHttpRequest
-				.get("/");
+		MockServerHttpRequest.BaseBuilder<?> request = MockServerHttpRequest.get("/");
 
 		assertThat(convertToToken(request)).isNull();
 	}
 
 	@Test
 	public void resolveWhenHeaderWithWrongSchemeIsPresentThenTokenIsNotResolved() {
-		MockServerHttpRequest.BaseBuilder<?> request = MockServerHttpRequest
-				.get("/")
-				.header(HttpHeaders.AUTHORIZATION, "Basic " + Base64.getEncoder().encodeToString("test:test".getBytes()));
+		MockServerHttpRequest.BaseBuilder<?> request = MockServerHttpRequest.get("/").header(HttpHeaders.AUTHORIZATION,
+				"Basic " + Base64.getEncoder().encodeToString("test:test".getBytes()));
 
 		assertThat(convertToToken(request)).isNull();
 	}
 
 	@Test
 	public void resolveWhenHeaderWithMissingTokenIsPresentThenAuthenticationExceptionIsThrown() {
-		MockServerHttpRequest.BaseBuilder<?> request = MockServerHttpRequest
-				.get("/")
-				.header(HttpHeaders.AUTHORIZATION, "Bearer ");
+		MockServerHttpRequest.BaseBuilder<?> request = MockServerHttpRequest.get("/").header(HttpHeaders.AUTHORIZATION,
+				"Bearer ");
 
-		assertThatCode(() -> convertToToken(request))
-				.isInstanceOf(OAuth2AuthenticationException.class)
+		assertThatCode(() -> convertToToken(request)).isInstanceOf(OAuth2AuthenticationException.class)
 				.hasMessageContaining(("Bearer token is malformed"));
 	}
 
 	@Test
 	public void resolveWhenHeaderWithInvalidCharactersIsPresentThenAuthenticationExceptionIsThrown() {
-		MockServerHttpRequest.BaseBuilder<?> request = MockServerHttpRequest
-				.get("/")
-				.header(HttpHeaders.AUTHORIZATION, "Bearer an\"invalid\"token");
+		MockServerHttpRequest.BaseBuilder<?> request = MockServerHttpRequest.get("/").header(HttpHeaders.AUTHORIZATION,
+				"Bearer an\"invalid\"token");
 
-		assertThatCode(() ->  convertToToken(request))
-				.isInstanceOf(OAuth2AuthenticationException.class)
+		assertThatCode(() -> convertToToken(request)).isInstanceOf(OAuth2AuthenticationException.class)
 				.hasMessageContaining(("Bearer token is malformed"));
 	}
 
 	// gh-8865
 	@Test
 	public void resolveWhenHeaderWithInvalidCharactersIsPresentAndNotSubscribedThenNoneExceptionIsThrown() {
-		MockServerHttpRequest.BaseBuilder<?> request = MockServerHttpRequest
-				.get("/")
-				.header(HttpHeaders.AUTHORIZATION, "Bearer an\"invalid\"token");
+		MockServerHttpRequest.BaseBuilder<?> request = MockServerHttpRequest.get("/").header(HttpHeaders.AUTHORIZATION,
+				"Bearer an\"invalid\"token");
 
-		assertThatCode(() -> this.converter.convert(MockServerWebExchange.from(request)))
-				.doesNotThrowAnyException();
+		assertThatCode(() -> this.converter.convert(MockServerWebExchange.from(request))).doesNotThrowAnyException();
 	}
 
 	@Test
 	public void resolveWhenValidHeaderIsPresentTogetherWithQueryParameterThenAuthenticationExceptionIsThrown() {
-		MockServerHttpRequest.BaseBuilder<?> request = MockServerHttpRequest
-				.get("/")
-				.queryParam("access_token", TEST_TOKEN)
-				.header(HttpHeaders.AUTHORIZATION, "Bearer " + TEST_TOKEN);
+		MockServerHttpRequest.BaseBuilder<?> request = MockServerHttpRequest.get("/")
+				.queryParam("access_token", TEST_TOKEN).header(HttpHeaders.AUTHORIZATION, "Bearer " + TEST_TOKEN);
 
-		assertThatCode(() -> convertToToken(request))
-				.isInstanceOf(OAuth2AuthenticationException.class)
+		assertThatCode(() -> convertToToken(request)).isInstanceOf(OAuth2AuthenticationException.class)
 				.hasMessageContaining("Found multiple bearer tokens in the request");
 	}
 
@@ -169,9 +155,8 @@ public class ServerBearerTokenAuthenticationConverterTests {
 	public void resolveWhenQueryParameterIsPresentAndSupportedThenTokenIsResolved() {
 		this.converter.setAllowUriQueryParameter(true);
 
-		MockServerHttpRequest.BaseBuilder<?> request = MockServerHttpRequest
-				.get("/")
-				.queryParam("access_token", TEST_TOKEN);
+		MockServerHttpRequest.BaseBuilder<?> request = MockServerHttpRequest.get("/").queryParam("access_token",
+				TEST_TOKEN);
 
 		assertThat(convertToToken(request).getToken()).isEqualTo(TEST_TOKEN);
 	}
@@ -181,12 +166,10 @@ public class ServerBearerTokenAuthenticationConverterTests {
 	public void resolveWhenQueryParameterIsEmptyAndSupportedThenOAuth2AuthenticationException() {
 		this.converter.setAllowUriQueryParameter(true);
 
-		MockServerHttpRequest.BaseBuilder<?> request = MockServerHttpRequest
-				.get("/")
-				.queryParam("access_token", "");
+		MockServerHttpRequest.BaseBuilder<?> request = MockServerHttpRequest.get("/").queryParam("access_token", "");
 
 		OAuth2AuthenticationException expected = catchThrowableOfType(() -> convertToToken(request),
-			OAuth2AuthenticationException.class);
+				OAuth2AuthenticationException.class);
 		BearerTokenError error = (BearerTokenError) expected.getError();
 		assertThat(error.getErrorCode()).isEqualTo(BearerTokenErrorCodes.INVALID_TOKEN);
 		assertThat(error.getUri()).isEqualTo("https://tools.ietf.org/html/rfc6750#section-3.1");
@@ -195,9 +178,8 @@ public class ServerBearerTokenAuthenticationConverterTests {
 
 	@Test
 	public void resolveWhenQueryParameterIsPresentAndNotSupportedThenTokenIsNotResolved() {
-		MockServerHttpRequest.BaseBuilder<?> request = MockServerHttpRequest
-				.get("/")
-				.queryParam("access_token", TEST_TOKEN);
+		MockServerHttpRequest.BaseBuilder<?> request = MockServerHttpRequest.get("/").queryParam("access_token",
+				TEST_TOKEN);
 
 		assertThat(convertToToken(request)).isNull();
 	}
@@ -210,4 +192,5 @@ public class ServerBearerTokenAuthenticationConverterTests {
 		MockServerWebExchange exchange = MockServerWebExchange.from(request);
 		return this.converter.convert(exchange).cast(BearerTokenAuthenticationToken.class).block();
 	}
+
 }
diff --git a/openid/src/main/java/org/springframework/security/openid/AuthenticationCancelledException.java b/openid/src/main/java/org/springframework/security/openid/AuthenticationCancelledException.java
index e5e89d5e38..acfe840916 100644
--- a/openid/src/main/java/org/springframework/security/openid/AuthenticationCancelledException.java
+++ b/openid/src/main/java/org/springframework/security/openid/AuthenticationCancelledException.java
@@ -21,11 +21,13 @@ import org.springframework.security.core.AuthenticationException;
  * Indicates that OpenID authentication was cancelled
  *
  * @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are
- * <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to migrate</a>
- * to <a href="https://openid.net/connect/">OpenID Connect</a>, which is supported by <code>spring-security-oauth2</code>.
+ * <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to
+ * migrate</a> to <a href="https://openid.net/connect/">OpenID Connect</a>, which is
+ * supported by <code>spring-security-oauth2</code>.
  * @author Robin Bramley, Opsera Ltd
  */
 public class AuthenticationCancelledException extends AuthenticationException {
+
 	// ~ Constructors
 	// ===================================================================================================
 
@@ -36,4 +38,5 @@ public class AuthenticationCancelledException extends AuthenticationException {
 	public AuthenticationCancelledException(String msg, Throwable t) {
 		super(msg, t);
 	}
+
 }
diff --git a/openid/src/main/java/org/springframework/security/openid/AxFetchListFactory.java b/openid/src/main/java/org/springframework/security/openid/AxFetchListFactory.java
index 3c99c94626..d279f333d5 100644
--- a/openid/src/main/java/org/springframework/security/openid/AxFetchListFactory.java
+++ b/openid/src/main/java/org/springframework/security/openid/AxFetchListFactory.java
@@ -25,8 +25,9 @@ import java.util.List;
  * OpenID providers, since they do not all support the same attributes.
  *
  * @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are
- * <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to migrate</a>
- * to <a href="https://openid.net/connect/">OpenID Connect</a>, which is supported by <code>spring-security-oauth2</code>.
+ * <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to
+ * migrate</a> to <a href="https://openid.net/connect/">OpenID Connect</a>, which is
+ * supported by <code>spring-security-oauth2</code>.
  * @author Luke Taylor
  * @since 3.1
  */
@@ -35,9 +36,9 @@ public interface AxFetchListFactory {
 	/**
 	 * Builds the list of attributes which should be added to the fetch request for the
 	 * supplied OpenID identifier.
-	 *
 	 * @param identifier the claimed_identity
 	 * @return the attributes to fetch for this identifier
 	 */
 	List<OpenIDAttribute> createAttributeList(String identifier);
+
 }
diff --git a/openid/src/main/java/org/springframework/security/openid/NullAxFetchListFactory.java b/openid/src/main/java/org/springframework/security/openid/NullAxFetchListFactory.java
index 75df033bac..5cea1bba77 100644
--- a/openid/src/main/java/org/springframework/security/openid/NullAxFetchListFactory.java
+++ b/openid/src/main/java/org/springframework/security/openid/NullAxFetchListFactory.java
@@ -20,13 +20,16 @@ import java.util.List;
 
 /**
  * @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are
- * <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to migrate</a>
- * to <a href="https://openid.net/connect/">OpenID Connect</a>, which is supported by <code>spring-security-oauth2</code>.
+ * <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to
+ * migrate</a> to <a href="https://openid.net/connect/">OpenID Connect</a>, which is
+ * supported by <code>spring-security-oauth2</code>.
  * @author Luke Taylor
  * @since 3.1
  */
 public class NullAxFetchListFactory implements AxFetchListFactory {
+
 	public List<OpenIDAttribute> createAttributeList(String identifier) {
 		return Collections.emptyList();
 	}
+
 }
diff --git a/openid/src/main/java/org/springframework/security/openid/OpenID4JavaConsumer.java b/openid/src/main/java/org/springframework/security/openid/OpenID4JavaConsumer.java
index 7ab6f47615..ad110c9342 100644
--- a/openid/src/main/java/org/springframework/security/openid/OpenID4JavaConsumer.java
+++ b/openid/src/main/java/org/springframework/security/openid/OpenID4JavaConsumer.java
@@ -42,14 +42,17 @@ import org.springframework.util.StringUtils;
 
 /**
  * @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are
- * <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to migrate</a>
- * to <a href="https://openid.net/connect/">OpenID Connect</a>, which is supported by <code>spring-security-oauth2</code>.
+ * <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to
+ * migrate</a> to <a href="https://openid.net/connect/">OpenID Connect</a>, which is
+ * supported by <code>spring-security-oauth2</code>.
  * @author Ray Krueger
  * @author Luke Taylor
  */
 @SuppressWarnings("unchecked")
 public class OpenID4JavaConsumer implements OpenIDConsumer {
+
 	private static final String DISCOVERY_INFO_KEY = DiscoveryInformation.class.getName();
+
 	private static final String ATTRIBUTE_LIST_KEY = "SPRING_SECURITY_OPEN_ID_ATTRIBUTES_FETCH_LIST";
 
 	// ~ Instance fields
@@ -58,6 +61,7 @@ public class OpenID4JavaConsumer implements OpenIDConsumer {
 	protected final Log logger = LogFactory.getLog(getClass());
 
 	private final ConsumerManager consumerManager;
+
 	private final AxFetchListFactory attributesToFetchFactory;
 
 	// ~ Constructors
@@ -67,13 +71,11 @@ public class OpenID4JavaConsumer implements OpenIDConsumer {
 		this(new ConsumerManager(), new NullAxFetchListFactory());
 	}
 
-	public OpenID4JavaConsumer(AxFetchListFactory attributesToFetchFactory)
-			throws ConsumerException {
+	public OpenID4JavaConsumer(AxFetchListFactory attributesToFetchFactory) throws ConsumerException {
 		this(new ConsumerManager(), attributesToFetchFactory);
 	}
 
-	public OpenID4JavaConsumer(ConsumerManager consumerManager,
-			AxFetchListFactory attributesToFetchFactory) {
+	public OpenID4JavaConsumer(ConsumerManager consumerManager, AxFetchListFactory attributesToFetchFactory) {
 		this.consumerManager = consumerManager;
 		this.attributesToFetchFactory = attributesToFetchFactory;
 	}
@@ -81,8 +83,8 @@ public class OpenID4JavaConsumer implements OpenIDConsumer {
 	// ~ Methods
 	// ========================================================================================================
 
-	public String beginConsumption(HttpServletRequest req, String identityUrl,
-			String returnToUrl, String realm) throws OpenIDConsumerException {
+	public String beginConsumption(HttpServletRequest req, String identityUrl, String returnToUrl, String realm)
+			throws OpenIDConsumerException {
 		List<DiscoveryInformation> discoveries;
 
 		try {
@@ -102,48 +104,42 @@ public class OpenID4JavaConsumer implements OpenIDConsumer {
 
 			logger.debug("Looking up attribute fetch list for identifier: " + identityUrl);
 
-			List<OpenIDAttribute> attributesToFetch = attributesToFetchFactory
-					.createAttributeList(identityUrl);
+			List<OpenIDAttribute> attributesToFetch = attributesToFetchFactory.createAttributeList(identityUrl);
 
 			if (!attributesToFetch.isEmpty()) {
 				req.getSession().setAttribute(ATTRIBUTE_LIST_KEY, attributesToFetch);
 				FetchRequest fetchRequest = FetchRequest.createFetchRequest();
 				for (OpenIDAttribute attr : attributesToFetch) {
 					if (logger.isDebugEnabled()) {
-						logger.debug("Adding attribute " + attr.getType()
-								+ " to fetch request");
+						logger.debug("Adding attribute " + attr.getType() + " to fetch request");
 					}
-					fetchRequest.addAttribute(attr.getName(), attr.getType(),
-							attr.isRequired(), attr.getCount());
+					fetchRequest.addAttribute(attr.getName(), attr.getType(), attr.isRequired(), attr.getCount());
 				}
 				authReq.addExtension(fetchRequest);
 			}
 		}
 		catch (MessageException | ConsumerException e) {
-			throw new OpenIDConsumerException(
-					"Error processing ConsumerManager authentication", e);
+			throw new OpenIDConsumerException("Error processing ConsumerManager authentication", e);
 		}
 
 		return authReq.getDestinationUrl(true);
 	}
 
-	public OpenIDAuthenticationToken endConsumption(HttpServletRequest request)
-			throws OpenIDConsumerException {
+	public OpenIDAuthenticationToken endConsumption(HttpServletRequest request) throws OpenIDConsumerException {
 		// extract the parameters from the authentication response
 		// (which comes in as a HTTP request from the OpenID provider)
 		ParameterList openidResp = new ParameterList(request.getParameterMap());
 
 		// retrieve the previously stored discovery information
-		DiscoveryInformation discovered = (DiscoveryInformation) request.getSession()
-				.getAttribute(DISCOVERY_INFO_KEY);
+		DiscoveryInformation discovered = (DiscoveryInformation) request.getSession().getAttribute(DISCOVERY_INFO_KEY);
 
 		if (discovered == null) {
 			throw new OpenIDConsumerException(
 					"DiscoveryInformation is not available. Possible causes are lost session or replay attack");
 		}
 
-		List<OpenIDAttribute> attributesToFetch = (List<OpenIDAttribute>) request
-				.getSession().getAttribute(ATTRIBUTE_LIST_KEY);
+		List<OpenIDAttribute> attributesToFetch = (List<OpenIDAttribute>) request.getSession()
+				.getAttribute(ATTRIBUTE_LIST_KEY);
 
 		request.getSession().removeAttribute(DISCOVERY_INFO_KEY);
 		request.getSession().removeAttribute(ATTRIBUTE_LIST_KEY);
@@ -160,8 +156,7 @@ public class OpenID4JavaConsumer implements OpenIDConsumer {
 		VerificationResult verification;
 
 		try {
-			verification = consumerManager.verify(receivingURL.toString(), openidResp,
-					discovered);
+			verification = consumerManager.verify(receivingURL.toString(), openidResp, discovered);
 		}
 		catch (MessageException | AssociationException | DiscoveryException e) {
 			throw new OpenIDConsumerException("Error verifying openid response", e);
@@ -175,21 +170,19 @@ public class OpenID4JavaConsumer implements OpenIDConsumer {
 			return new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.FAILURE,
 					id == null ? "Unknown" : id.getIdentifier(),
 					"Verification status message: [" + verification.getStatusMsg() + "]",
-					Collections.<OpenIDAttribute> emptyList());
+					Collections.<OpenIDAttribute>emptyList());
 		}
 
-		List<OpenIDAttribute> attributes = fetchAxAttributes(
-				verification.getAuthResponse(), attributesToFetch);
+		List<OpenIDAttribute> attributes = fetchAxAttributes(verification.getAuthResponse(), attributesToFetch);
 
-		return new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.SUCCESS,
-				verified.getIdentifier(), "some message", attributes);
+		return new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.SUCCESS, verified.getIdentifier(),
+				"some message", attributes);
 	}
 
-	List<OpenIDAttribute> fetchAxAttributes(Message authSuccess,
-			List<OpenIDAttribute> attributesToFetch) throws OpenIDConsumerException {
+	List<OpenIDAttribute> fetchAxAttributes(Message authSuccess, List<OpenIDAttribute> attributesToFetch)
+			throws OpenIDConsumerException {
 
-		if (attributesToFetch == null
-				|| !authSuccess.hasExtension(AxMessage.OPENID_NS_AX)) {
+		if (attributesToFetch == null || !authSuccess.hasExtension(AxMessage.OPENID_NS_AX)) {
 			return Collections.emptyList();
 		}
 
@@ -206,8 +199,7 @@ public class OpenID4JavaConsumer implements OpenIDConsumer {
 				for (OpenIDAttribute attr : attributesToFetch) {
 					List<String> values = fetchResp.getAttributeValues(attr.getName());
 					if (!values.isEmpty()) {
-						OpenIDAttribute fetched = new OpenIDAttribute(attr.getName(),
-								attr.getType(), values);
+						OpenIDAttribute fetched = new OpenIDAttribute(attr.getName(), attr.getType(), values);
 						fetched.setRequired(attr.isRequired());
 						attributes.add(fetched);
 					}
@@ -224,4 +216,5 @@ public class OpenID4JavaConsumer implements OpenIDConsumer {
 
 		return attributes;
 	}
+
 }
diff --git a/openid/src/main/java/org/springframework/security/openid/OpenIDAttribute.java b/openid/src/main/java/org/springframework/security/openid/OpenIDAttribute.java
index c15d45856d..1f82bb8ea1 100644
--- a/openid/src/main/java/org/springframework/security/openid/OpenIDAttribute.java
+++ b/openid/src/main/java/org/springframework/security/openid/OpenIDAttribute.java
@@ -28,15 +28,20 @@ import org.springframework.util.Assert;
  * are returned during the authentication process.
  *
  * @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are
- * <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to migrate</a>
- * to <a href="https://openid.net/connect/">OpenID Connect</a>, which is supported by <code>spring-security-oauth2</code>.
+ * <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to
+ * migrate</a> to <a href="https://openid.net/connect/">OpenID Connect</a>, which is
+ * supported by <code>spring-security-oauth2</code>.
  * @author Luke Taylor
  * @since 3.0
  */
 public class OpenIDAttribute implements Serializable {
+
 	private final String name;
+
 	private final String typeIdentifier;
+
 	private boolean required = false;
+
 	private int count = 1;
 
 	private final List<String> values;
@@ -96,8 +101,7 @@ public class OpenIDAttribute implements Serializable {
 	 * The values obtained from an attribute exchange.
 	 */
 	public List<String> getValues() {
-		Assert.notNull(values,
-				"Cannot read values from an authentication request attribute");
+		Assert.notNull(values, "Cannot read values from an authentication request attribute");
 		return values;
 	}
 
@@ -112,4 +116,5 @@ public class OpenIDAttribute implements Serializable {
 		result.append("]");
 		return result.toString();
 	}
+
 }
diff --git a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationFilter.java b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationFilter.java
index 9c3999d704..6c76689397 100644
--- a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationFilter.java
+++ b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationFilter.java
@@ -60,8 +60,9 @@ import java.util.*;
  * order to load the authorities for the user.
  *
  * @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are
- * <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to migrate</a>
- * to <a href="https://openid.net/connect/">OpenID Connect</a>, which is supported by <code>spring-security-oauth2</code>.
+ * <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to
+ * migrate</a> to <a href="https://openid.net/connect/">OpenID Connect</a>, which is
+ * supported by <code>spring-security-oauth2</code>.
  * @author Robin Bramley
  * @author Ray Krueger
  * @author Luke Taylor
@@ -69,6 +70,7 @@ import java.util.*;
  * @see OpenIDAuthenticationProvider
  */
 public class OpenIDAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
+
 	// ~ Static fields/initializers
 	// =====================================================================================
 
@@ -78,8 +80,11 @@ public class OpenIDAuthenticationFilter extends AbstractAuthenticationProcessing
 	// ================================================================================================
 
 	private OpenIDConsumer consumer;
+
 	private String claimedIdentityFieldName = DEFAULT_CLAIMED_IDENTITY_FIELD;
+
 	private Map<String, String> realmMapping = Collections.emptyMap();
+
 	private Set<String> returnToUrlParameters = Collections.emptySet();
 
 	// ~ Constructors
@@ -105,12 +110,9 @@ public class OpenIDAuthenticationFilter extends AbstractAuthenticationProcessing
 			}
 		}
 
-		if (returnToUrlParameters.isEmpty()
-				&& getRememberMeServices() instanceof AbstractRememberMeServices) {
+		if (returnToUrlParameters.isEmpty() && getRememberMeServices() instanceof AbstractRememberMeServices) {
 			returnToUrlParameters = new HashSet<>();
-			returnToUrlParameters
-					.add(((AbstractRememberMeServices) getRememberMeServices())
-							.getParameter());
+			returnToUrlParameters.add(((AbstractRememberMeServices) getRememberMeServices()).getParameter());
 		}
 	}
 
@@ -124,8 +126,8 @@ public class OpenIDAuthenticationFilter extends AbstractAuthenticationProcessing
 	 * </ol>
 	 */
 	@Override
-	public Authentication attemptAuthentication(HttpServletRequest request,
-			HttpServletResponse response) throws AuthenticationException, IOException {
+	public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
+			throws AuthenticationException, IOException {
 		OpenIDAuthenticationToken token;
 
 		String identity = request.getParameter("openid.identity");
@@ -136,11 +138,9 @@ public class OpenIDAuthenticationFilter extends AbstractAuthenticationProcessing
 			try {
 				String returnToUrl = buildReturnToUrl(request);
 				String realm = lookupRealm(returnToUrl);
-				String openIdUrl = consumer.beginConsumption(request, claimedIdentity,
-						returnToUrl, realm);
+				String openIdUrl = consumer.beginConsumption(request, claimedIdentity, returnToUrl, realm);
 				if (logger.isDebugEnabled()) {
-					logger.debug("return_to is '" + returnToUrl + "', realm is '" + realm
-							+ "'");
+					logger.debug("return_to is '" + returnToUrl + "', realm is '" + realm + "'");
 					logger.debug("Redirecting to " + openIdUrl);
 				}
 				response.sendRedirect(openIdUrl);
@@ -169,8 +169,7 @@ public class OpenIDAuthenticationFilter extends AbstractAuthenticationProcessing
 		token.setDetails(authenticationDetailsSource.buildDetails(request));
 
 		// delegate to the authentication provider
-		Authentication authentication = this.getAuthenticationManager().authenticate(
-				token);
+		Authentication authentication = this.getAuthenticationManager().authenticate(token);
 
 		return authentication;
 	}
@@ -183,8 +182,8 @@ public class OpenIDAuthenticationFilter extends AbstractAuthenticationProcessing
 				URL url = new URL(returnToUrl);
 				int port = url.getPort();
 
-				StringBuilder realmBuffer = new StringBuilder(returnToUrl.length())
-						.append(url.getProtocol()).append("://").append(url.getHost());
+				StringBuilder realmBuffer = new StringBuilder(returnToUrl.length()).append(url.getProtocol())
+						.append("://").append(url.getHost());
 				if (port > 0) {
 					realmBuffer.append(":").append(port);
 				}
@@ -202,7 +201,6 @@ public class OpenIDAuthenticationFilter extends AbstractAuthenticationProcessing
 	/**
 	 * Builds the <tt>return_to</tt> URL that will be sent to the OpenID service provider.
 	 * By default returns the URL of the current request.
-	 *
 	 * @param request the current request which is being processed by this filter
 	 * @return The <tt>return_to</tt> URL.
 	 */
@@ -259,7 +257,6 @@ public class OpenIDAuthenticationFilter extends AbstractAuthenticationProcessing
 	 * protocol, hostname and port followed by a trailing slash. This means that
 	 * <tt>https://foo.example.com/login/openid</tt> will automatically become
 	 * <tt>http://foo.example.com:80/</tt>
-	 *
 	 * @param realmMapping containing returnToUrl -&gt; realm mappings
 	 */
 	public void setRealmMapping(Map<String, String> realmMapping) {
@@ -269,7 +266,6 @@ public class OpenIDAuthenticationFilter extends AbstractAuthenticationProcessing
 	/**
 	 * The name of the request parameter containing the OpenID identity, as submitted from
 	 * the initial login form.
-	 *
 	 * @param claimedIdentityFieldName defaults to "openid_identifier"
 	 */
 	public void setClaimedIdentityFieldName(String claimedIdentityFieldName) {
@@ -284,7 +280,6 @@ public class OpenIDAuthenticationFilter extends AbstractAuthenticationProcessing
 	 * Specifies any extra parameters submitted along with the identity field which should
 	 * be appended to the {@code return_to} URL which is assembled by
 	 * {@link #buildReturnToUrl}.
-	 *
 	 * @param returnToUrlParameters the set of parameter names. If not set, it will
 	 * default to the parameter name used by the {@code RememberMeServices} obtained from
 	 * the parent class (if one is set).
@@ -296,7 +291,6 @@ public class OpenIDAuthenticationFilter extends AbstractAuthenticationProcessing
 
 	/**
 	 * Performs URL encoding with UTF-8
-	 *
 	 * @param value the value to URL encode
 	 * @return the encoded value
 	 */
@@ -311,4 +305,5 @@ public class OpenIDAuthenticationFilter extends AbstractAuthenticationProcessing
 			throw err;
 		}
 	}
+
 }
diff --git a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationProvider.java b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationProvider.java
index e42baa6d1f..7a94db22a2 100644
--- a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationProvider.java
+++ b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationProvider.java
@@ -45,17 +45,19 @@ import org.springframework.util.Assert;
  * telephone numbers etc can easily be stored.
  *
  * @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are
- * <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to migrate</a>
- * to <a href="https://openid.net/connect/">OpenID Connect</a>, which is supported by <code>spring-security-oauth2</code>.
+ * <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to
+ * migrate</a> to <a href="https://openid.net/connect/">OpenID Connect</a>, which is
+ * supported by <code>spring-security-oauth2</code>.
  * @author Robin Bramley, Opsera Ltd.
  * @author Luke Taylor
  */
-public class OpenIDAuthenticationProvider
-		implements AuthenticationProvider, InitializingBean {
+public class OpenIDAuthenticationProvider implements AuthenticationProvider, InitializingBean {
+
 	// ~ Instance fields
 	// ================================================================================================
 
 	private AuthenticationUserDetailsService<OpenIDAuthenticationToken> userDetailsService;
+
 	private GrantedAuthoritiesMapper authoritiesMapper = new NullAuthoritiesMapper();
 
 	// ~ Methods
@@ -72,8 +74,7 @@ public class OpenIDAuthenticationProvider
 	 * org.springframework.security.authentication.AuthenticationProvider#authenticate
 	 * (org.springframework.security.Authentication)
 	 */
-	public Authentication authenticate(final Authentication authentication)
-			throws AuthenticationException {
+	public Authentication authenticate(final Authentication authentication) throws AuthenticationException {
 
 		if (!supports(authentication.getClass())) {
 			return null;
@@ -86,8 +87,7 @@ public class OpenIDAuthenticationProvider
 			// handle the various possibilities
 			if (status == OpenIDAuthenticationStatus.SUCCESS) {
 				// Lookup user details
-				UserDetails userDetails = this.userDetailsService
-						.loadUserDetails(response);
+				UserDetails userDetails = this.userDetailsService.loadUserDetails(response);
 
 				return createSuccessfulAuthentication(userDetails, response);
 
@@ -96,20 +96,17 @@ public class OpenIDAuthenticationProvider
 				throw new AuthenticationCancelledException("Log in cancelled");
 			}
 			else if (status == OpenIDAuthenticationStatus.ERROR) {
-				throw new AuthenticationServiceException(
-						"Error message from server: " + response.getMessage());
+				throw new AuthenticationServiceException("Error message from server: " + response.getMessage());
 			}
 			else if (status == OpenIDAuthenticationStatus.FAILURE) {
-				throw new BadCredentialsException(
-						"Log in failed - identity could not be verified");
+				throw new BadCredentialsException("Log in failed - identity could not be verified");
 			}
 			else if (status == OpenIDAuthenticationStatus.SETUP_NEEDED) {
 				throw new AuthenticationServiceException(
 						"The server responded setup was needed, which shouldn't happen");
 			}
 			else {
-				throw new AuthenticationServiceException(
-						"Unrecognized return value " + status.toString());
+				throw new AuthenticationServiceException("Unrecognized return value " + status.toString());
 			}
 		}
 
@@ -123,24 +120,21 @@ public class OpenIDAuthenticationProvider
 	 * The default implementation just creates a new OpenIDAuthenticationToken from the
 	 * original, but with the UserDetails as the principal and including the authorities
 	 * loaded by the UserDetailsService.
-	 *
 	 * @param userDetails the loaded UserDetails object
 	 * @param auth the token passed to the authenticate method, containing
 	 * @return the token which will represent the authenticated user.
 	 */
-	protected Authentication createSuccessfulAuthentication(UserDetails userDetails,
-			OpenIDAuthenticationToken auth) {
+	protected Authentication createSuccessfulAuthentication(UserDetails userDetails, OpenIDAuthenticationToken auth) {
 		return new OpenIDAuthenticationToken(userDetails,
-				this.authoritiesMapper.mapAuthorities(userDetails.getAuthorities()),
-				auth.getIdentityUrl(), auth.getAttributes());
+				this.authoritiesMapper.mapAuthorities(userDetails.getAuthorities()), auth.getIdentityUrl(),
+				auth.getAttributes());
 	}
 
 	/**
 	 * Used to load the {@code UserDetails} for the authenticated OpenID user.
 	 */
 	public void setUserDetailsService(UserDetailsService userDetailsService) {
-		this.userDetailsService = new UserDetailsByNameServiceWrapper<>(
-				userDetailsService);
+		this.userDetailsService = new UserDetailsByNameServiceWrapper<>(userDetailsService);
 	}
 
 	/**
@@ -165,4 +159,5 @@ public class OpenIDAuthenticationProvider
 	public void setAuthoritiesMapper(GrantedAuthoritiesMapper authoritiesMapper) {
 		this.authoritiesMapper = authoritiesMapper;
 	}
+
 }
diff --git a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationStatus.java b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationStatus.java
index db2eee832b..16586b7b10 100644
--- a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationStatus.java
+++ b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationStatus.java
@@ -17,10 +17,10 @@ package org.springframework.security.openid;
 
 /**
  * Authentication status codes, based on JanRain status codes
- *
  * @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are
- * <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to migrate</a>
- * to <a href="https://openid.net/connect/">OpenID Connect</a>, which is supported by <code>spring-security-oauth2</code>.
+ * <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to
+ * migrate</a> to <a href="https://openid.net/connect/">OpenID Connect</a>, which is
+ * supported by <code>spring-security-oauth2</code>.
  * @author JanRain Inc.
  * @author Robin Bramley, Opsera Ltd
  * @author Luke Taylor
@@ -58,4 +58,5 @@ public enum OpenIDAuthenticationStatus {
 	public String toString() {
 		return name;
 	}
+
 }
diff --git a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationToken.java b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationToken.java
index 0625e07727..659cbf53a5 100644
--- a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationToken.java
+++ b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationToken.java
@@ -27,8 +27,9 @@ import org.springframework.security.core.SpringSecurityCoreVersion;
  * OpenID Authentication Token
  *
  * @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are
- * <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to migrate</a>
- * to <a href="https://openid.net/connect/">OpenID Connect</a>, which is supported by <code>spring-security-oauth2</code>.
+ * <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to
+ * migrate</a> to <a href="https://openid.net/connect/">OpenID Connect</a>, which is
+ * supported by <code>spring-security-oauth2</code>.
  * @author Robin Bramley
  */
 public class OpenIDAuthenticationToken extends AbstractAuthenticationToken {
@@ -39,16 +40,20 @@ public class OpenIDAuthenticationToken extends AbstractAuthenticationToken {
 	// ================================================================================================
 
 	private final OpenIDAuthenticationStatus status;
+
 	private final Object principal;
+
 	private final String identityUrl;
+
 	private final String message;
+
 	private final List<OpenIDAttribute> attributes;
 
 	// ~ Constructors
 	// ===================================================================================================
 
-	public OpenIDAuthenticationToken(OpenIDAuthenticationStatus status,
-			String identityUrl, String message, List<OpenIDAttribute> attributes) {
+	public OpenIDAuthenticationToken(OpenIDAuthenticationStatus status, String identityUrl, String message,
+			List<OpenIDAttribute> attributes) {
 		super(new ArrayList<>(0));
 		this.principal = identityUrl;
 		this.status = status;
@@ -60,14 +65,12 @@ public class OpenIDAuthenticationToken extends AbstractAuthenticationToken {
 
 	/**
 	 * Created by the <tt>OpenIDAuthenticationProvider</tt> on successful authentication.
-	 *
 	 * @param principal usually the <tt>UserDetails</tt> returned by the configured
 	 * <tt>UserDetailsService</tt> used by the <tt>OpenIDAuthenticationProvider</tt>.
 	 *
 	 */
-	public OpenIDAuthenticationToken(Object principal,
-			Collection<? extends GrantedAuthority> authorities, String identityUrl,
-			List<OpenIDAttribute> attributes) {
+	public OpenIDAuthenticationToken(Object principal, Collection<? extends GrantedAuthority> authorities,
+			String identityUrl, List<OpenIDAttribute> attributes) {
 		super(authorities);
 		this.principal = principal;
 		this.status = OpenIDAuthenticationStatus.SUCCESS;
@@ -118,4 +121,5 @@ public class OpenIDAuthenticationToken extends AbstractAuthenticationToken {
 	public String toString() {
 		return "[" + super.toString() + ", attributes : " + attributes + "]";
 	}
+
 }
diff --git a/openid/src/main/java/org/springframework/security/openid/OpenIDConsumer.java b/openid/src/main/java/org/springframework/security/openid/OpenIDConsumer.java
index 303b143a9a..540e661df8 100644
--- a/openid/src/main/java/org/springframework/security/openid/OpenIDConsumer.java
+++ b/openid/src/main/java/org/springframework/security/openid/OpenIDConsumer.java
@@ -21,8 +21,9 @@ import javax.servlet.http.HttpServletRequest;
  * An interface for OpenID library implementations
  *
  * @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are
- * <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to migrate</a>
- * to <a href="https://openid.net/connect/">OpenID Connect</a>, which is supported by <code>spring-security-oauth2</code>.
+ * <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to
+ * migrate</a> to <a href="https://openid.net/connect/">OpenID Connect</a>, which is
+ * supported by <code>spring-security-oauth2</code>.
  * @author Ray Krueger
  * @author Robin Bramley, Opsera Ltd
  */
@@ -31,7 +32,6 @@ public interface OpenIDConsumer {
 	/**
 	 * Given the request, the claimedIdentity, the return to url, and a realm, lookup the
 	 * openId authentication page the user should be redirected to.
-	 *
 	 * @param req HttpServletRequest
 	 * @param claimedIdentity String URI the user presented during authentication
 	 * @param returnToUrl String URI of the URL we want the user sent back to by the OP
@@ -39,10 +39,9 @@ public interface OpenIDConsumer {
 	 * @return String URI to redirect user to for authentication
 	 * @throws OpenIDConsumerException if anything bad happens
 	 */
-	String beginConsumption(HttpServletRequest req, String claimedIdentity,
-							String returnToUrl, String realm) throws OpenIDConsumerException;
-
-	OpenIDAuthenticationToken endConsumption(HttpServletRequest req)
+	String beginConsumption(HttpServletRequest req, String claimedIdentity, String returnToUrl, String realm)
 			throws OpenIDConsumerException;
 
+	OpenIDAuthenticationToken endConsumption(HttpServletRequest req) throws OpenIDConsumerException;
+
 }
diff --git a/openid/src/main/java/org/springframework/security/openid/OpenIDConsumerException.java b/openid/src/main/java/org/springframework/security/openid/OpenIDConsumerException.java
index f184032c15..9092f6ad5e 100644
--- a/openid/src/main/java/org/springframework/security/openid/OpenIDConsumerException.java
+++ b/openid/src/main/java/org/springframework/security/openid/OpenIDConsumerException.java
@@ -19,11 +19,13 @@ package org.springframework.security.openid;
  * Thrown by an OpenIDConsumer if it cannot process a request
  *
  * @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are
- * <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to migrate</a>
- * to <a href="https://openid.net/connect/">OpenID Connect</a>, which is supported by <code>spring-security-oauth2</code>.
+ * <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to
+ * migrate</a> to <a href="https://openid.net/connect/">OpenID Connect</a>, which is
+ * supported by <code>spring-security-oauth2</code>.
  * @author Robin Bramley, Opsera Ltd
  */
 public class OpenIDConsumerException extends Exception {
+
 	// ~ Constructors
 	// ===================================================================================================
 
@@ -34,4 +36,5 @@ public class OpenIDConsumerException extends Exception {
 	public OpenIDConsumerException(String message, Throwable t) {
 		super(message, t);
 	}
+
 }
diff --git a/openid/src/main/java/org/springframework/security/openid/RegexBasedAxFetchListFactory.java b/openid/src/main/java/org/springframework/security/openid/RegexBasedAxFetchListFactory.java
index b59481bb38..3f5b413662 100644
--- a/openid/src/main/java/org/springframework/security/openid/RegexBasedAxFetchListFactory.java
+++ b/openid/src/main/java/org/springframework/security/openid/RegexBasedAxFetchListFactory.java
@@ -23,12 +23,14 @@ import java.util.regex.Pattern;
 
 /**
  * @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are
- * <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to migrate</a>
- * to <a href="https://openid.net/connect/">OpenID Connect</a>, which is supported by <code>spring-security-oauth2</code>.
+ * <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to
+ * migrate</a> to <a href="https://openid.net/connect/">OpenID Connect</a>, which is
+ * supported by <code>spring-security-oauth2</code>.
  * @author Luke Taylor
  * @since 3.1
  */
 public class RegexBasedAxFetchListFactory implements AxFetchListFactory {
+
 	private final Map<Pattern, List<OpenIDAttribute>> idToAttributes;
 
 	/**
diff --git a/openid/src/main/java/org/springframework/security/openid/package-info.java b/openid/src/main/java/org/springframework/security/openid/package-info.java
index 3abaa47aa6..78ce088c0e 100644
--- a/openid/src/main/java/org/springframework/security/openid/package-info.java
+++ b/openid/src/main/java/org/springframework/security/openid/package-info.java
@@ -14,4 +14,3 @@
  * limitations under the License.
  */
 package org.springframework.security.openid;
-
diff --git a/openid/src/test/java/org/springframework/security/openid/MockOpenIDConsumer.java b/openid/src/test/java/org/springframework/security/openid/MockOpenIDConsumer.java
index ce8f1a2382..cb4f7576d4 100644
--- a/openid/src/test/java/org/springframework/security/openid/MockOpenIDConsumer.java
+++ b/openid/src/test/java/org/springframework/security/openid/MockOpenIDConsumer.java
@@ -19,15 +19,18 @@ import javax.servlet.http.HttpServletRequest;
 
 /**
  * @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are
- * <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to migrate</a>
- * to <a href="https://openid.net/connect/">OpenID Connect</a>, which is supported by <code>spring-security-oauth2</code>.
+ * <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to
+ * migrate</a> to <a href="https://openid.net/connect/">OpenID Connect</a>, which is
+ * supported by <code>spring-security-oauth2</code>.
  * @author Robin Bramley, Opsera Ltd
  */
 public class MockOpenIDConsumer implements OpenIDConsumer {
+
 	// ~ Instance fields
 	// ================================================================================================
 
 	private OpenIDAuthenticationToken token;
+
 	private String redirectUrl;
 
 	public MockOpenIDConsumer() {
@@ -49,8 +52,7 @@ public class MockOpenIDConsumer implements OpenIDConsumer {
 	// ~ Methods
 	// ========================================================================================================
 
-	public String beginConsumption(HttpServletRequest req, String claimedIdentity,
-			String returnToUrl, String realm) {
+	public String beginConsumption(HttpServletRequest req, String claimedIdentity, String returnToUrl, String realm) {
 		return redirectUrl;
 	}
 
@@ -60,7 +62,6 @@ public class MockOpenIDConsumer implements OpenIDConsumer {
 
 	/**
 	 * Set the redirectUrl to be returned by beginConsumption
-	 *
 	 * @param redirectUrl
 	 */
 	public void setRedirectUrl(String redirectUrl) {
@@ -73,10 +74,10 @@ public class MockOpenIDConsumer implements OpenIDConsumer {
 
 	/**
 	 * Set the token to be returned by endConsumption
-	 *
 	 * @param token
 	 */
 	public void setToken(OpenIDAuthenticationToken token) {
 		this.token = token;
 	}
+
 }
diff --git a/openid/src/test/java/org/springframework/security/openid/OpenID4JavaConsumerTests.java b/openid/src/test/java/org/springframework/security/openid/OpenID4JavaConsumerTests.java
index 971c19a15f..f185a46066 100644
--- a/openid/src/test/java/org/springframework/security/openid/OpenID4JavaConsumerTests.java
+++ b/openid/src/test/java/org/springframework/security/openid/OpenID4JavaConsumerTests.java
@@ -41,11 +41,13 @@ import java.util.*;
 
 /**
  * @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are
- * <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to migrate</a>
- * to <a href="https://openid.net/connect/">OpenID Connect</a>, which is supported by <code>spring-security-oauth2</code>.
+ * <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to
+ * migrate</a> to <a href="https://openid.net/connect/">OpenID Connect</a>, which is
+ * supported by <code>spring-security-oauth2</code>.
  * @author Luke Taylor
  */
 public class OpenID4JavaConsumerTests {
+
 	List<OpenIDAttribute> attributes = Arrays.asList(new OpenIDAttribute("a", "b"),
 			new OpenIDAttribute("b", "b", Arrays.asList("c")));
 
@@ -56,20 +58,17 @@ public class OpenID4JavaConsumerTests {
 		AuthRequest authReq = mock(AuthRequest.class);
 		DiscoveryInformation di = mock(DiscoveryInformation.class);
 
-		when(mgr.authenticate(any(DiscoveryInformation.class), any(), any()))
-				.thenReturn(authReq);
+		when(mgr.authenticate(any(DiscoveryInformation.class), any(), any())).thenReturn(authReq);
 		when(mgr.associate(any())).thenReturn(di);
 
-		OpenID4JavaConsumer consumer = new OpenID4JavaConsumer(mgr,
-				new MockAttributesFactory());
+		OpenID4JavaConsumer consumer = new OpenID4JavaConsumer(mgr, new MockAttributesFactory());
 
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		consumer.beginConsumption(request, "", "", "");
 
-		assertThat(request.getSession().getAttribute(
-				"SPRING_SECURITY_OPEN_ID_ATTRIBUTES_FETCH_LIST")).isEqualTo(attributes);
-		assertThat(
-				request.getSession().getAttribute(DiscoveryInformation.class.getName())).isEqualTo(di);
+		assertThat(request.getSession().getAttribute("SPRING_SECURITY_OPEN_ID_ATTRIBUTES_FETCH_LIST"))
+				.isEqualTo(attributes);
+		assertThat(request.getSession().getAttribute(DiscoveryInformation.class.getName())).isEqualTo(di);
 
 		// Check with empty attribute fetch list
 		consumer = new OpenID4JavaConsumer(mgr, new NullAxFetchListFactory());
@@ -81,18 +80,15 @@ public class OpenID4JavaConsumerTests {
 	@Test(expected = OpenIDConsumerException.class)
 	public void discoveryExceptionRaisesOpenIDException() throws Exception {
 		ConsumerManager mgr = mock(ConsumerManager.class);
-		OpenID4JavaConsumer consumer = new OpenID4JavaConsumer(mgr,
-				new NullAxFetchListFactory());
+		OpenID4JavaConsumer consumer = new OpenID4JavaConsumer(mgr, new NullAxFetchListFactory());
 		when(mgr.discover(any())).thenThrow(new DiscoveryException("msg"));
 		consumer.beginConsumption(new MockHttpServletRequest(), "", "", "");
 	}
 
 	@Test
-	public void messageOrConsumerAuthenticationExceptionRaisesOpenIDException()
-			throws Exception {
+	public void messageOrConsumerAuthenticationExceptionRaisesOpenIDException() throws Exception {
 		ConsumerManager mgr = mock(ConsumerManager.class);
-		OpenID4JavaConsumer consumer = new OpenID4JavaConsumer(mgr,
-				new NullAxFetchListFactory());
+		OpenID4JavaConsumer consumer = new OpenID4JavaConsumer(mgr, new NullAxFetchListFactory());
 
 		when(mgr.authenticate(ArgumentMatchers.<DiscoveryInformation>any(), any(), any()))
 				.thenThrow(new MessageException("msg"), new ConsumerException("msg"));
@@ -114,14 +110,11 @@ public class OpenID4JavaConsumerTests {
 	@Test
 	public void failedVerificationReturnsFailedAuthenticationStatus() throws Exception {
 		ConsumerManager mgr = mock(ConsumerManager.class);
-		OpenID4JavaConsumer consumer = new OpenID4JavaConsumer(mgr,
-				new NullAxFetchListFactory());
+		OpenID4JavaConsumer consumer = new OpenID4JavaConsumer(mgr, new NullAxFetchListFactory());
 		VerificationResult vr = mock(VerificationResult.class);
 		DiscoveryInformation di = mock(DiscoveryInformation.class);
 
-		when(
-				mgr.verify(any(), any(ParameterList.class),
-						any(DiscoveryInformation.class))).thenReturn(vr);
+		when(mgr.verify(any(), any(ParameterList.class), any(DiscoveryInformation.class))).thenReturn(vr);
 
 		MockHttpServletRequest request = new MockHttpServletRequest();
 
@@ -135,14 +128,10 @@ public class OpenID4JavaConsumerTests {
 	@Test
 	public void verificationExceptionsRaiseOpenIDException() throws Exception {
 		ConsumerManager mgr = mock(ConsumerManager.class);
-		OpenID4JavaConsumer consumer = new OpenID4JavaConsumer(mgr,
-				new NullAxFetchListFactory());
+		OpenID4JavaConsumer consumer = new OpenID4JavaConsumer(mgr, new NullAxFetchListFactory());
 
-		when(
-				mgr.verify(any(), any(ParameterList.class),
-						any(DiscoveryInformation.class)))
-				.thenThrow(new MessageException(""))
-				.thenThrow(new AssociationException(""))
+		when(mgr.verify(any(), any(ParameterList.class), any(DiscoveryInformation.class)))
+				.thenThrow(new MessageException("")).thenThrow(new AssociationException(""))
 				.thenThrow(new DiscoveryException(""));
 
 		MockHttpServletRequest request = new MockHttpServletRequest();
@@ -175,24 +164,20 @@ public class OpenID4JavaConsumerTests {
 	@Test
 	public void successfulVerificationReturnsExpectedAuthentication() throws Exception {
 		ConsumerManager mgr = mock(ConsumerManager.class);
-		OpenID4JavaConsumer consumer = new OpenID4JavaConsumer(mgr,
-				new NullAxFetchListFactory());
+		OpenID4JavaConsumer consumer = new OpenID4JavaConsumer(mgr, new NullAxFetchListFactory());
 		VerificationResult vr = mock(VerificationResult.class);
 		DiscoveryInformation di = mock(DiscoveryInformation.class);
 		Identifier id = (Identifier) () -> "id";
 		Message msg = mock(Message.class);
 
-		when(
-				mgr.verify(any(), any(ParameterList.class),
-						any(DiscoveryInformation.class))).thenReturn(vr);
+		when(mgr.verify(any(), any(ParameterList.class), any(DiscoveryInformation.class))).thenReturn(vr);
 		when(vr.getVerifiedId()).thenReturn(id);
 		when(vr.getAuthResponse()).thenReturn(msg);
 
 		MockHttpServletRequest request = new MockHttpServletRequest();
 
 		request.getSession().setAttribute(DiscoveryInformation.class.getName(), di);
-		request.getSession().setAttribute(
-				"SPRING_SECURITY_OPEN_ID_ATTRIBUTES_FETCH_LIST", attributes);
+		request.getSession().setAttribute("SPRING_SECURITY_OPEN_ID_ATTRIBUTES_FETCH_LIST", attributes);
 
 		OpenIDAuthenticationToken auth = consumer.endConsumption(request);
 
@@ -201,8 +186,7 @@ public class OpenID4JavaConsumerTests {
 
 	@Test
 	public void fetchAttributesReturnsExpectedValues() throws Exception {
-		OpenID4JavaConsumer consumer = new OpenID4JavaConsumer(
-				new NullAxFetchListFactory());
+		OpenID4JavaConsumer consumer = new OpenID4JavaConsumer(new NullAxFetchListFactory());
 		Message msg = mock(Message.class);
 		FetchResponse fr = mock(FetchResponse.class);
 		when(msg.hasExtension(AxMessage.OPENID_NS_AX)).thenReturn(true);
@@ -216,15 +200,12 @@ public class OpenID4JavaConsumerTests {
 	}
 
 	@Test(expected = OpenIDConsumerException.class)
-	public void messageExceptionFetchingAttributesRaisesOpenIDException()
-			throws Exception {
-		OpenID4JavaConsumer consumer = new OpenID4JavaConsumer(
-				new NullAxFetchListFactory());
+	public void messageExceptionFetchingAttributesRaisesOpenIDException() throws Exception {
+		OpenID4JavaConsumer consumer = new OpenID4JavaConsumer(new NullAxFetchListFactory());
 		Message msg = mock(Message.class);
 		FetchResponse fr = mock(FetchResponse.class);
 		when(msg.hasExtension(AxMessage.OPENID_NS_AX)).thenReturn(true);
-		when(msg.getExtension(AxMessage.OPENID_NS_AX))
-				.thenThrow(new MessageException(""));
+		when(msg.getExtension(AxMessage.OPENID_NS_AX)).thenThrow(new MessageException(""));
 		when(fr.getAttributeValues("a")).thenReturn(Arrays.asList("x", "y"));
 
 		consumer.fetchAxAttributes(msg, attributes);
@@ -232,8 +213,7 @@ public class OpenID4JavaConsumerTests {
 
 	@Test(expected = OpenIDConsumerException.class)
 	public void missingDiscoveryInformationThrowsException() throws Exception {
-		OpenID4JavaConsumer consumer = new OpenID4JavaConsumer(
-				new NullAxFetchListFactory());
+		OpenID4JavaConsumer consumer = new OpenID4JavaConsumer(new NullAxFetchListFactory());
 		consumer.endConsumption(new MockHttpServletRequest());
 	}
 
@@ -248,5 +228,7 @@ public class OpenID4JavaConsumerTests {
 		public List<OpenIDAttribute> createAttributeList(String identifier) {
 			return attributes;
 		}
+
 	}
+
 }
diff --git a/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationFilterTests.java b/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationFilterTests.java
index dbaf2eeb68..f01c669bd6 100644
--- a/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationFilterTests.java
+++ b/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationFilterTests.java
@@ -33,17 +33,22 @@ import org.springframework.security.web.authentication.SavedRequestAwareAuthenti
 
 /**
  * @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are
- * <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to migrate</a>
- * to <a href="https://openid.net/connect/">OpenID Connect</a>, which is supported by <code>spring-security-oauth2</code>.
+ * <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to
+ * migrate</a> to <a href="https://openid.net/connect/">OpenID Connect</a>, which is
+ * supported by <code>spring-security-oauth2</code>.
  */
 public class OpenIDAuthenticationFilterTests {
 
 	OpenIDAuthenticationFilter filter;
+
 	private static final String REDIRECT_URL = "https://www.example.com/redirect";
+
 	private static final String CLAIMED_IDENTITY_URL = "https://www.example.com/identity";
+
 	private static final String REQUEST_PATH = "/login/openid";
-	private static final String FILTER_PROCESS_URL = "http://localhost:8080"
-			+ REQUEST_PATH;
+
+	private static final String FILTER_PROCESS_URL = "http://localhost:8080" + REQUEST_PATH;
+
 	private static final String DEFAULT_TARGET_URL = FILTER_PROCESS_URL;
 
 	@Before
@@ -69,8 +74,8 @@ public class OpenIDAuthenticationFilterTests {
 		req.setRemoteHost("www.example.com");
 
 		filter.setConsumer(new MockOpenIDConsumer() {
-			public String beginConsumption(HttpServletRequest req,
-					String claimedIdentity, String returnToUrl, String realm) {
+			public String beginConsumption(HttpServletRequest req, String claimedIdentity, String returnToUrl,
+					String realm) {
 				assertThat(claimedIdentity).isEqualTo(CLAIMED_IDENTITY_URL);
 				assertThat(returnToUrl).isEqualTo(DEFAULT_TARGET_URL);
 				assertThat(realm).isEqualTo("http://localhost:8080/");
@@ -82,8 +87,7 @@ public class OpenIDAuthenticationFilterTests {
 		filter.doFilter(req, response, fc);
 		assertThat(response.getRedirectedUrl()).isEqualTo(REDIRECT_URL);
 		// Filter chain shouldn't proceed
-		verify(fc, never()).doFilter(any(HttpServletRequest.class),
-				any(HttpServletResponse.class));
+		verify(fc, never()).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
 	}
 
 	/**
@@ -116,4 +120,5 @@ public class OpenIDAuthenticationFilterTests {
 		}
 		return count;
 	}
+
 }
diff --git a/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationProviderTests.java b/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationProviderTests.java
index 902ca9b8fe..2ba7d99a50 100644
--- a/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationProviderTests.java
+++ b/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationProviderTests.java
@@ -36,11 +36,13 @@ import org.springframework.security.core.userdetails.UserDetailsService;
  * Tests {@link OpenIDAuthenticationProvider}
  *
  * @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are
- * <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to migrate</a>
- * to <a href="https://openid.net/connect/">OpenID Connect</a>, which is supported by <code>spring-security-oauth2</code>.
+ * <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to
+ * migrate</a> to <a href="https://openid.net/connect/">OpenID Connect</a>, which is
+ * supported by <code>spring-security-oauth2</code>.
  * @author Robin Bramley, Opsera Ltd
  */
 public class OpenIDAuthenticationProviderTests {
+
 	// ~ Static fields/initializers
 	// =====================================================================================
 
@@ -60,8 +62,8 @@ public class OpenIDAuthenticationProviderTests {
 		provider.setUserDetailsService(new MockUserDetailsService());
 		provider.setAuthoritiesMapper(new NullAuthoritiesMapper());
 
-		Authentication preAuth = new OpenIDAuthenticationToken(
-				OpenIDAuthenticationStatus.CANCELLED, USERNAME, "", null);
+		Authentication preAuth = new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.CANCELLED, USERNAME, "",
+				null);
 
 		assertThat(preAuth.isAuthenticated()).isFalse();
 
@@ -84,8 +86,7 @@ public class OpenIDAuthenticationProviderTests {
 		OpenIDAuthenticationProvider provider = new OpenIDAuthenticationProvider();
 		provider.setUserDetailsService(new MockUserDetailsService());
 
-		Authentication preAuth = new OpenIDAuthenticationToken(
-				OpenIDAuthenticationStatus.ERROR, USERNAME, "", null);
+		Authentication preAuth = new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.ERROR, USERNAME, "", null);
 
 		assertThat(preAuth.isAuthenticated()).isFalse();
 
@@ -107,11 +108,9 @@ public class OpenIDAuthenticationProviderTests {
 	public void testAuthenticateFailure() {
 		OpenIDAuthenticationProvider provider = new OpenIDAuthenticationProvider();
 		provider.setAuthenticationUserDetailsService(
-				new UserDetailsByNameServiceWrapper<>(
-						new MockUserDetailsService()));
+				new UserDetailsByNameServiceWrapper<>(new MockUserDetailsService()));
 
-		Authentication preAuth = new OpenIDAuthenticationToken(
-				OpenIDAuthenticationStatus.FAILURE, USERNAME, "", null);
+		Authentication preAuth = new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.FAILURE, USERNAME, "", null);
 
 		assertThat(preAuth.isAuthenticated()).isFalse();
 
@@ -120,8 +119,7 @@ public class OpenIDAuthenticationProviderTests {
 			fail("Should throw an AuthenticationException");
 		}
 		catch (BadCredentialsException expected) {
-			assertThat("Log in failed - identity could not be verified").isEqualTo(
-					expected.getMessage());
+			assertThat("Log in failed - identity could not be verified").isEqualTo(expected.getMessage());
 		}
 	}
 
@@ -135,8 +133,8 @@ public class OpenIDAuthenticationProviderTests {
 		OpenIDAuthenticationProvider provider = new OpenIDAuthenticationProvider();
 		provider.setUserDetailsService(new MockUserDetailsService());
 
-		Authentication preAuth = new OpenIDAuthenticationToken(
-				OpenIDAuthenticationStatus.SETUP_NEEDED, USERNAME, "", null);
+		Authentication preAuth = new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.SETUP_NEEDED, USERNAME, "",
+				null);
 
 		assertThat(preAuth.isAuthenticated()).isFalse();
 
@@ -145,9 +143,8 @@ public class OpenIDAuthenticationProviderTests {
 			fail("Should throw an AuthenticationException");
 		}
 		catch (AuthenticationServiceException expected) {
-			assertThat(
-					"The server responded setup was needed, which shouldn't happen").isEqualTo(
-							expected.getMessage());
+			assertThat("The server responded setup was needed, which shouldn't happen")
+					.isEqualTo(expected.getMessage());
 		}
 	}
 
@@ -161,8 +158,7 @@ public class OpenIDAuthenticationProviderTests {
 		OpenIDAuthenticationProvider provider = new OpenIDAuthenticationProvider();
 		provider.setUserDetailsService(new MockUserDetailsService());
 
-		Authentication preAuth = new OpenIDAuthenticationToken(
-				OpenIDAuthenticationStatus.SUCCESS, USERNAME, "", null);
+		Authentication preAuth = new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.SUCCESS, USERNAME, "", null);
 
 		assertThat(preAuth.isAuthenticated()).isFalse();
 
@@ -175,8 +171,7 @@ public class OpenIDAuthenticationProviderTests {
 		assertThat(postAuth.getPrincipal() instanceof UserDetails).isTrue();
 		assertThat(postAuth.getAuthorities()).isNotNull();
 		assertThat(postAuth.getAuthorities().size() > 0).isTrue();
-		assertThat(
-				((OpenIDAuthenticationToken) postAuth).getStatus() == OpenIDAuthenticationStatus.SUCCESS).isTrue();
+		assertThat(((OpenIDAuthenticationToken) postAuth).getStatus() == OpenIDAuthenticationStatus.SUCCESS).isTrue();
 		assertThat(((OpenIDAuthenticationToken) postAuth).getMessage() == null).isTrue();
 	}
 
@@ -203,8 +198,7 @@ public class OpenIDAuthenticationProviderTests {
 		OpenIDAuthenticationProvider provider = new OpenIDAuthenticationProvider();
 		provider.setUserDetailsService(new MockUserDetailsService());
 
-		assertThat(
-				provider.supports(UsernamePasswordAuthenticationToken.class)).isFalse();
+		assertThat(provider.supports(UsernamePasswordAuthenticationToken.class)).isFalse();
 	}
 
 	/*
@@ -217,8 +211,7 @@ public class OpenIDAuthenticationProviderTests {
 		OpenIDAuthenticationProvider provider = new OpenIDAuthenticationProvider();
 		provider.setUserDetailsService(new MockUserDetailsService());
 
-		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(
-				USERNAME, "password");
+		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(USERNAME, "password");
 		assertThat(provider.authenticate(token)).isNull();
 	}
 
@@ -253,10 +246,11 @@ public class OpenIDAuthenticationProviderTests {
 
 	static class MockUserDetailsService implements UserDetailsService {
 
-		public UserDetails loadUserByUsername(String ssoUserId)
-				throws AuthenticationException {
+		public UserDetails loadUserByUsername(String ssoUserId) throws AuthenticationException {
 			return new User(ssoUserId, "password", true, true, true, true,
 					AuthorityUtils.createAuthorityList("ROLE_A", "ROLE_B"));
 		}
+
 	}
+
 }
diff --git a/remoting/src/main/java/org/springframework/security/remoting/dns/DnsResolver.java b/remoting/src/main/java/org/springframework/security/remoting/dns/DnsResolver.java
index 1bed997ea0..990fdeb6fe 100644
--- a/remoting/src/main/java/org/springframework/security/remoting/dns/DnsResolver.java
+++ b/remoting/src/main/java/org/springframework/security/remoting/dns/DnsResolver.java
@@ -27,14 +27,12 @@ public interface DnsResolver {
 	/**
 	 * Resolves the IP Address (A record) to the specified host name. Throws
 	 * DnsEntryNotFoundException if there is no record.
-	 *
 	 * @param hostname The hostname for which you need the IP Address
 	 * @return IP Address as a String
 	 * @throws DnsEntryNotFoundException No record found
 	 * @throws DnsLookupException Unknown DNS error
 	 */
-	String resolveIpAddress(String hostname) throws DnsEntryNotFoundException,
-			DnsLookupException;
+	String resolveIpAddress(String hostname) throws DnsEntryNotFoundException, DnsLookupException;
 
 	/**
 	 * <p>
@@ -56,22 +54,19 @@ public interface DnsResolver {
 	 * The method will return the record with highest priority (which means the lowest
 	 * number in the DNS record) and if there are more than one records with the same
 	 * priority, it will return the one with the highest weight. You will find more
-	 * informatione about DNS service records at <a
-	 * href="https://en.wikipedia.org/wiki/SRV_record">Wikipedia</a>.
-	 *
+	 * informatione about DNS service records at
+	 * <a href="https://en.wikipedia.org/wiki/SRV_record">Wikipedia</a>.
 	 * @param serviceType The service type you are searching for, e.g. ldap, kerberos, ...
 	 * @param domain The domain, in which you are searching for the service
 	 * @return The hostname of the service
 	 * @throws DnsEntryNotFoundException No record found
 	 * @throws DnsLookupException Unknown DNS error
 	 */
-	String resolveServiceEntry(String serviceType, String domain)
-			throws DnsEntryNotFoundException, DnsLookupException;
+	String resolveServiceEntry(String serviceType, String domain) throws DnsEntryNotFoundException, DnsLookupException;
 
 	/**
 	 * Resolves the host name for the specified service and then the IP Address for this
 	 * host in one call.
-	 *
 	 * @param serviceType The service type you are searching for, e.g. ldap, kerberos, ...
 	 * @param domain The domain, in which you are searching for the service
 	 * @return IP Address of the service
diff --git a/remoting/src/main/java/org/springframework/security/remoting/dns/JndiDnsResolver.java b/remoting/src/main/java/org/springframework/security/remoting/dns/JndiDnsResolver.java
index cc699e15df..ef2c63858c 100644
--- a/remoting/src/main/java/org/springframework/security/remoting/dns/JndiDnsResolver.java
+++ b/remoting/src/main/java/org/springframework/security/remoting/dns/JndiDnsResolver.java
@@ -46,7 +46,6 @@ public class JndiDnsResolver implements DnsResolver {
 
 	/**
 	 * Allows to inject an own JNDI context factory.
-	 *
 	 * @param ctxFactory factory to use, when a DirContext is needed
 	 * @see InitialDirContext
 	 * @see DirContext
@@ -107,12 +106,10 @@ public class JndiDnsResolver implements DnsResolver {
 
 	// This method is needed, so that we can use only one DirContext for
 	// resolveServiceIpAddress().
-	private String resolveServiceEntry(String serviceType, String domain,
-			DirContext ctx) {
+	private String resolveServiceEntry(String serviceType, String domain, DirContext ctx) {
 		String result = null;
 		try {
-			String query = new StringBuilder("_").append(serviceType).append("._tcp.")
-					.append(domain).toString();
+			String query = new StringBuilder("_").append(serviceType).append("._tcp.").append(domain).toString();
 			Attribute dnsRecord = lookup(query, ctx, "SRV");
 			// There are maybe more records defined, we will return the one
 			// with the highest priority (lowest number) and the highest weight
@@ -120,12 +117,11 @@ public class JndiDnsResolver implements DnsResolver {
 			int highestPriority = -1;
 			int highestWeight = -1;
 
-			for (NamingEnumeration<?> recordEnum = dnsRecord.getAll(); recordEnum
-					.hasMoreElements();) {
+			for (NamingEnumeration<?> recordEnum = dnsRecord.getAll(); recordEnum.hasMoreElements();) {
 				String[] record = recordEnum.next().toString().split(" ");
 				if (record.length != 4) {
-					throw new DnsLookupException("Wrong service record for query " + query
-							+ ": [" + Arrays.toString(record) + "]");
+					throw new DnsLookupException(
+							"Wrong service record for query " + query + ": [" + Arrays.toString(record) + "]");
 				}
 				int priority = Integer.parseInt(record[0]);
 				int weight = Integer.parseInt(record[1]);
@@ -143,8 +139,7 @@ public class JndiDnsResolver implements DnsResolver {
 			}
 		}
 		catch (NamingException e) {
-			throw new DnsLookupException(
-					"DNS lookup failed for service " + serviceType + " at " + domain, e);
+			throw new DnsLookupException("DNS lookup failed for service " + serviceType + " at " + domain, e);
 		}
 
 		// remove the "." at the end
@@ -162,8 +157,7 @@ public class JndiDnsResolver implements DnsResolver {
 		}
 		catch (NamingException e) {
 			if (e instanceof NameNotFoundException) {
-				throw new DnsEntryNotFoundException("DNS entry not found for:" + query,
-						e);
+				throw new DnsEntryNotFoundException("DNS entry not found for:" + query, e);
 			}
 			throw new DnsLookupException("DNS lookup failed for: " + query, e);
 		}
@@ -173,18 +167,18 @@ public class JndiDnsResolver implements DnsResolver {
 
 		public DirContext getCtx() {
 			Hashtable<String, String> env = new Hashtable<>();
-			env.put(Context.INITIAL_CONTEXT_FACTORY,
-					"com.sun.jndi.dns.DnsContextFactory");
+			env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.dns.DnsContextFactory");
 			env.put(Context.PROVIDER_URL, "dns:"); // This is needed for IBM JDK/JRE
 			InitialDirContext ictx;
 			try {
 				ictx = new InitialDirContext(env);
 			}
 			catch (NamingException e) {
-				throw new DnsLookupException(
-						"Cannot create InitialDirContext for DNS lookup", e);
+				throw new DnsLookupException("Cannot create InitialDirContext for DNS lookup", e);
 			}
 			return ictx;
 		}
+
 	}
+
 }
diff --git a/remoting/src/main/java/org/springframework/security/remoting/dns/package-info.java b/remoting/src/main/java/org/springframework/security/remoting/dns/package-info.java
index 69ba68a47b..92c58d3e1e 100644
--- a/remoting/src/main/java/org/springframework/security/remoting/dns/package-info.java
+++ b/remoting/src/main/java/org/springframework/security/remoting/dns/package-info.java
@@ -17,4 +17,3 @@
  * DNS resolution.
  */
 package org.springframework.security.remoting.dns;
-
diff --git a/remoting/src/main/java/org/springframework/security/remoting/httpinvoker/AuthenticationSimpleHttpInvokerRequestExecutor.java b/remoting/src/main/java/org/springframework/security/remoting/httpinvoker/AuthenticationSimpleHttpInvokerRequestExecutor.java
index 59e61d31b6..d706fa0dad 100644
--- a/remoting/src/main/java/org/springframework/security/remoting/httpinvoker/AuthenticationSimpleHttpInvokerRequestExecutor.java
+++ b/remoting/src/main/java/org/springframework/security/remoting/httpinvoker/AuthenticationSimpleHttpInvokerRequestExecutor.java
@@ -34,13 +34,12 @@ import org.springframework.security.core.context.SecurityContextHolder;
  * @author Ben Alex
  * @author Rob Winch
  */
-public class AuthenticationSimpleHttpInvokerRequestExecutor extends
-		SimpleHttpInvokerRequestExecutor {
+public class AuthenticationSimpleHttpInvokerRequestExecutor extends SimpleHttpInvokerRequestExecutor {
+
 	// ~ Static fields/initializers
 	// =====================================================================================
 
-	private static final Log logger = LogFactory
-			.getLog(AuthenticationSimpleHttpInvokerRequestExecutor.class);
+	private static final Log logger = LogFactory.getLog(AuthenticationSimpleHttpInvokerRequestExecutor.class);
 
 	// ~ Instance fields
 	// ================================================================================================
@@ -53,13 +52,11 @@ public class AuthenticationSimpleHttpInvokerRequestExecutor extends
 	/**
 	 * Provided so subclasses can perform additional configuration if required (eg set
 	 * additional request headers for non-security related information etc).
-	 *
 	 * @param con the HTTP connection to prepare
 	 * @param contentLength the length of the content to send
 	 *
 	 */
-	protected void doPrepareConnection(HttpURLConnection con, int contentLength)
-			throws IOException {
+	protected void doPrepareConnection(HttpURLConnection con, int contentLength) throws IOException {
 	}
 
 	/**
@@ -73,14 +70,11 @@ public class AuthenticationSimpleHttpInvokerRequestExecutor extends
 	 * The <code>SecurityContextHolder</code> is used to obtain the relevant principal and
 	 * credentials.
 	 * </p>
-	 *
 	 * @param con the HTTP connection to prepare
 	 * @param contentLength the length of the content to send
-	 *
 	 * @throws IOException if thrown by HttpURLConnection methods
 	 */
-	protected void prepareConnection(HttpURLConnection con, int contentLength)
-			throws IOException {
+	protected void prepareConnection(HttpURLConnection con, int contentLength) throws IOException {
 		super.prepareConnection(con, contentLength);
 
 		Authentication auth = SecurityContextHolder.getContext().getAuthentication();
@@ -105,4 +99,5 @@ public class AuthenticationSimpleHttpInvokerRequestExecutor extends
 
 		doPrepareConnection(con, contentLength);
 	}
+
 }
diff --git a/remoting/src/main/java/org/springframework/security/remoting/httpinvoker/package-info.java b/remoting/src/main/java/org/springframework/security/remoting/httpinvoker/package-info.java
index fcf9e723b4..5546bef57d 100644
--- a/remoting/src/main/java/org/springframework/security/remoting/httpinvoker/package-info.java
+++ b/remoting/src/main/java/org/springframework/security/remoting/httpinvoker/package-info.java
@@ -14,9 +14,9 @@
  * limitations under the License.
  */
 /**
- * Enables use of Spring's <code>HttpInvoker</code> extension points to
- * present the <code>principal</code> and <code>credentials</code> located
- * in the <code>ContextHolder</code> via BASIC authentication.
+ * Enables use of Spring's <code>HttpInvoker</code> extension points to present the
+ * <code>principal</code> and <code>credentials</code> located in the
+ * <code>ContextHolder</code> via BASIC authentication.
  * <p>
  * The beans are wired as follows:
  *
@@ -32,4 +32,3 @@
  * </pre>
  */
 package org.springframework.security.remoting.httpinvoker;
-
diff --git a/remoting/src/main/java/org/springframework/security/remoting/package-info.java b/remoting/src/main/java/org/springframework/security/remoting/package-info.java
index 8346f9098a..eb42cf2ed7 100644
--- a/remoting/src/main/java/org/springframework/security/remoting/package-info.java
+++ b/remoting/src/main/java/org/springframework/security/remoting/package-info.java
@@ -17,4 +17,3 @@
  * Remote client related functionality.
  */
 package org.springframework.security.remoting;
-
diff --git a/remoting/src/main/java/org/springframework/security/remoting/rmi/ContextPropagatingRemoteInvocation.java b/remoting/src/main/java/org/springframework/security/remoting/rmi/ContextPropagatingRemoteInvocation.java
index dae5befd63..a2d125af3a 100644
--- a/remoting/src/main/java/org/springframework/security/remoting/rmi/ContextPropagatingRemoteInvocation.java
+++ b/remoting/src/main/java/org/springframework/security/remoting/rmi/ContextPropagatingRemoteInvocation.java
@@ -46,13 +46,13 @@ public class ContextPropagatingRemoteInvocation extends RemoteInvocation {
 
 	private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
 
-	private static final Log logger = LogFactory
-			.getLog(ContextPropagatingRemoteInvocation.class);
+	private static final Log logger = LogFactory.getLog(ContextPropagatingRemoteInvocation.class);
 
 	// ~ Instance fields
 	// ================================================================================================
 
 	private final String principal;
+
 	private final String credentials;
 
 	// ~ Constructors
@@ -61,13 +61,11 @@ public class ContextPropagatingRemoteInvocation extends RemoteInvocation {
 	/**
 	 * Constructs the object, storing the principal and credentials extracted from the
 	 * client-side security context.
-	 *
 	 * @param methodInvocation the method to invoke
 	 */
 	public ContextPropagatingRemoteInvocation(MethodInvocation methodInvocation) {
 		super(methodInvocation);
-		Authentication currentUser = SecurityContextHolder.getContext()
-				.getAuthentication();
+		Authentication currentUser = SecurityContextHolder.getContext().getAuthentication();
 
 		if (currentUser != null) {
 			principal = currentUser.getName();
@@ -93,18 +91,16 @@ public class ContextPropagatingRemoteInvocation extends RemoteInvocation {
 	 * Invoked on the server-side.
 	 * <p>
 	 * The transmitted principal and credentials will be used to create an unauthenticated
-	 * {@code Authentication} instance for processing by the {@code AuthenticationManager}.
-	 *
+	 * {@code Authentication} instance for processing by the
+	 * {@code AuthenticationManager}.
 	 * @param targetObject the target object to apply the invocation to
-	 *
 	 * @return the invocation result
-	 *
 	 * @throws NoSuchMethodException if the method name could not be resolved
 	 * @throws IllegalAccessException if the method could not be accessed
 	 * @throws InvocationTargetException if the method invocation resulted in an exception
 	 */
-	public Object invoke(Object targetObject) throws NoSuchMethodException,
-			IllegalAccessException, InvocationTargetException {
+	public Object invoke(Object targetObject)
+			throws NoSuchMethodException, IllegalAccessException, InvocationTargetException {
 
 		if (principal != null) {
 			Authentication request = createAuthenticationRequest(principal, credentials);
@@ -131,8 +127,8 @@ public class ContextPropagatingRemoteInvocation extends RemoteInvocation {
 	/**
 	 * Creates the server-side authentication request object.
 	 */
-	protected Authentication createAuthenticationRequest(String principal,
-			String credentials) {
+	protected Authentication createAuthenticationRequest(String principal, String credentials) {
 		return new UsernamePasswordAuthenticationToken(principal, credentials);
 	}
+
 }
diff --git a/remoting/src/main/java/org/springframework/security/remoting/rmi/ContextPropagatingRemoteInvocationFactory.java b/remoting/src/main/java/org/springframework/security/remoting/rmi/ContextPropagatingRemoteInvocationFactory.java
index 47dc7985ac..e01895feda 100644
--- a/remoting/src/main/java/org/springframework/security/remoting/rmi/ContextPropagatingRemoteInvocationFactory.java
+++ b/remoting/src/main/java/org/springframework/security/remoting/rmi/ContextPropagatingRemoteInvocationFactory.java
@@ -34,10 +34,12 @@ import org.springframework.remoting.support.RemoteInvocationFactory;
  * @author Ben Alex
  */
 public class ContextPropagatingRemoteInvocationFactory implements RemoteInvocationFactory {
+
 	// ~ Methods
 	// ========================================================================================================
 
 	public RemoteInvocation createRemoteInvocation(MethodInvocation methodInvocation) {
 		return new ContextPropagatingRemoteInvocation(methodInvocation);
 	}
+
 }
diff --git a/remoting/src/main/java/org/springframework/security/remoting/rmi/package-info.java b/remoting/src/main/java/org/springframework/security/remoting/rmi/package-info.java
index 605b65ac59..3817405f8f 100644
--- a/remoting/src/main/java/org/springframework/security/remoting/rmi/package-info.java
+++ b/remoting/src/main/java/org/springframework/security/remoting/rmi/package-info.java
@@ -14,11 +14,11 @@
  * limitations under the License.
  */
 /**
- * Enables use of Spring's RMI remoting extension points to propagate the <code>SecurityContextHolder</code> (which
- * should contain an <code>Authentication</code> request token) from one JVM to the remote JVM.
+ * Enables use of Spring's RMI remoting extension points to propagate the
+ * <code>SecurityContextHolder</code> (which should contain an <code>Authentication</code>
+ * request token) from one JVM to the remote JVM.
  * <p>
- * The beans are wired as follows:
- * <pre>
+ * The beans are wired as follows: <pre>
  * &lt;bean id="test" class="org.springframework.remoting.rmi.RmiProxyFactoryBean"&gt;
  *   &lt;property name="serviceUrl"&gt;&lt;value&gt;rmi://localhost/Test&lt;/value&gt;&lt;/property&gt;
  *   &lt;property name="serviceInterface"&gt;&lt;value&gt;test.TargetInterface&lt;/value&gt;&lt;/property&gt;
@@ -31,4 +31,3 @@
  * </pre>
  */
 package org.springframework.security.remoting.rmi;
-
diff --git a/remoting/src/test/java/org/springframework/security/remoting/dns/JndiDnsResolverTests.java b/remoting/src/test/java/org/springframework/security/remoting/dns/JndiDnsResolverTests.java
index 4f2aee1959..497daccdb0 100644
--- a/remoting/src/test/java/org/springframework/security/remoting/dns/JndiDnsResolverTests.java
+++ b/remoting/src/test/java/org/springframework/security/remoting/dns/JndiDnsResolverTests.java
@@ -30,14 +30,15 @@ import org.junit.Before;
 import org.junit.Test;
 
 /**
- *
  * @author Mike Wiesner
  * @since 3.0
  */
 public class JndiDnsResolverTests {
 
 	private JndiDnsResolver dnsResolver;
+
 	private InitialContextFactory contextFactory;
+
 	private DirContext context;
 
 	@Before
@@ -53,8 +54,7 @@ public class JndiDnsResolverTests {
 	public void testResolveIpAddress() throws Exception {
 		Attributes records = new BasicAttributes("A", "63.246.7.80");
 
-		when(context.getAttributes("www.springsource.com", new String[] { "A" }))
-				.thenReturn(records);
+		when(context.getAttributes("www.springsource.com", new String[] { "A" })).thenReturn(records);
 
 		String ipAddress = dnsResolver.resolveIpAddress("www.springsource.com");
 		assertThat(ipAddress).isEqualTo("63.246.7.80");
@@ -62,8 +62,8 @@ public class JndiDnsResolverTests {
 
 	@Test(expected = DnsEntryNotFoundException.class)
 	public void testResolveIpAddressNotExisting() throws Exception {
-		when(context.getAttributes(any(String.class), any(String[].class))).thenThrow(
-				new NameNotFoundException("not found"));
+		when(context.getAttributes(any(String.class), any(String[].class)))
+				.thenThrow(new NameNotFoundException("not found"));
 
 		dnsResolver.resolveIpAddress("notexisting.ansdansdugiuzgguzgioansdiandwq.foo");
 	}
@@ -72,8 +72,7 @@ public class JndiDnsResolverTests {
 	public void testResolveServiceEntry() throws Exception {
 		BasicAttributes records = createSrvRecords();
 
-		when(context.getAttributes("_ldap._tcp.springsource.com", new String[] { "SRV" }))
-				.thenReturn(records);
+		when(context.getAttributes("_ldap._tcp.springsource.com", new String[] { "SRV" })).thenReturn(records);
 
 		String hostname = dnsResolver.resolveServiceEntry("ldap", "springsource.com");
 		assertThat(hostname).isEqualTo("kdc.springsource.com");
@@ -81,8 +80,8 @@ public class JndiDnsResolverTests {
 
 	@Test(expected = DnsEntryNotFoundException.class)
 	public void testResolveServiceEntryNotExisting() throws Exception {
-		when(context.getAttributes(any(String.class), any(String[].class))).thenThrow(
-				new NameNotFoundException("not found"));
+		when(context.getAttributes(any(String.class), any(String[].class)))
+				.thenThrow(new NameNotFoundException("not found"));
 
 		dnsResolver.resolveServiceEntry("wrong", "secpod.de");
 	}
@@ -91,20 +90,16 @@ public class JndiDnsResolverTests {
 	public void testResolveServiceIpAddress() throws Exception {
 		BasicAttributes srvRecords = createSrvRecords();
 		BasicAttributes aRecords = new BasicAttributes("A", "63.246.7.80");
-		when(context.getAttributes("_ldap._tcp.springsource.com", new String[] { "SRV" }))
-				.thenReturn(srvRecords);
-		when(context.getAttributes("kdc.springsource.com", new String[] { "A" }))
-				.thenReturn(aRecords);
+		when(context.getAttributes("_ldap._tcp.springsource.com", new String[] { "SRV" })).thenReturn(srvRecords);
+		when(context.getAttributes("kdc.springsource.com", new String[] { "A" })).thenReturn(aRecords);
 
-		String ipAddress = dnsResolver
-				.resolveServiceIpAddress("ldap", "springsource.com");
+		String ipAddress = dnsResolver.resolveServiceIpAddress("ldap", "springsource.com");
 		assertThat(ipAddress).isEqualTo("63.246.7.80");
 	}
 
 	@Test(expected = DnsLookupException.class)
 	public void testUnknowError() throws Exception {
-		when(context.getAttributes(any(String.class), any(String[].class))).thenThrow(
-				new NamingException("error"));
+		when(context.getAttributes(any(String.class), any(String[].class))).thenThrow(new NamingException("error"));
 		dnsResolver.resolveIpAddress("");
 	}
 
@@ -121,4 +116,5 @@ public class JndiDnsResolverTests {
 		records.put(record);
 		return records;
 	}
+
 }
diff --git a/remoting/src/test/java/org/springframework/security/remoting/httpinvoker/AuthenticationSimpleHttpInvokerRequestExecutorTests.java b/remoting/src/test/java/org/springframework/security/remoting/httpinvoker/AuthenticationSimpleHttpInvokerRequestExecutorTests.java
index 4bc83c05d5..093f43bac4 100644
--- a/remoting/src/test/java/org/springframework/security/remoting/httpinvoker/AuthenticationSimpleHttpInvokerRequestExecutorTests.java
+++ b/remoting/src/test/java/org/springframework/security/remoting/httpinvoker/AuthenticationSimpleHttpInvokerRequestExecutorTests.java
@@ -49,8 +49,7 @@ public class AuthenticationSimpleHttpInvokerRequestExecutorTests {
 	@Test
 	public void testNormalOperation() throws Exception {
 		// Setup client-side context
-		Authentication clientSideAuthentication = new UsernamePasswordAuthenticationToken(
-				"Aladdin", "open sesame");
+		Authentication clientSideAuthentication = new UsernamePasswordAuthenticationToken("Aladdin", "open sesame");
 		SecurityContextHolder.getContext().setAuthentication(clientSideAuthentication);
 
 		// Create a connection and ensure our executor sets its
@@ -62,8 +61,7 @@ public class AuthenticationSimpleHttpInvokerRequestExecutorTests {
 		// Check connection properties
 		// See https://tools.ietf.org/html/rfc1945 section 11.1 for example
 		// we are comparing against
-		assertThat(conn.getRequestProperty("Authorization")).isEqualTo(
-				"Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==");
+		assertThat(conn.getRequestProperty("Authorization")).isEqualTo("Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==");
 	}
 
 	@Test
@@ -83,8 +81,8 @@ public class AuthenticationSimpleHttpInvokerRequestExecutorTests {
 	// SEC-1975
 	@Test
 	public void testNullContextHolderWhenAnonymous() throws Exception {
-		AnonymousAuthenticationToken anonymous = new AnonymousAuthenticationToken("key",
-				"principal", AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS"));
+		AnonymousAuthenticationToken anonymous = new AnonymousAuthenticationToken("key", "principal",
+				AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS"));
 		SecurityContextHolder.getContext().setAuthentication(anonymous);
 
 		// Create a connection and ensure our executor sets its
@@ -127,5 +125,7 @@ public class AuthenticationSimpleHttpInvokerRequestExecutorTests {
 		public boolean usingProxy() {
 			throw new UnsupportedOperationException("mock not implemented");
 		}
+
 	}
+
 }
diff --git a/remoting/src/test/java/org/springframework/security/remoting/rmi/ContextPropagatingRemoteInvocationTests.java b/remoting/src/test/java/org/springframework/security/remoting/rmi/ContextPropagatingRemoteInvocationTests.java
index c5877fd021..580ef9f5fa 100644
--- a/remoting/src/test/java/org/springframework/security/remoting/rmi/ContextPropagatingRemoteInvocationTests.java
+++ b/remoting/src/test/java/org/springframework/security/remoting/rmi/ContextPropagatingRemoteInvocationTests.java
@@ -49,8 +49,7 @@ public class ContextPropagatingRemoteInvocationTests {
 	private ContextPropagatingRemoteInvocation getRemoteInvocation() throws Exception {
 		Class<TargetObject> clazz = TargetObject.class;
 		Method method = clazz.getMethod("makeLowerCase", new Class[] { String.class });
-		MethodInvocation mi = new SimpleMethodInvocation(new TargetObject(), method,
-				"SOME_STRING");
+		MethodInvocation mi = new SimpleMethodInvocation(new TargetObject(), method, "SOME_STRING");
 
 		ContextPropagatingRemoteInvocationFactory factory = new ContextPropagatingRemoteInvocationFactory();
 
@@ -60,8 +59,7 @@ public class ContextPropagatingRemoteInvocationTests {
 	@Test
 	public void testContextIsResetEvenIfExceptionOccurs() throws Exception {
 		// Setup client-side context
-		Authentication clientSideAuthentication = new UsernamePasswordAuthenticationToken(
-				"rod", "koala");
+		Authentication clientSideAuthentication = new UsernamePasswordAuthenticationToken("rod", "koala");
 		SecurityContextHolder.getContext().setAuthentication(clientSideAuthentication);
 
 		ContextPropagatingRemoteInvocation remoteInvocation = getRemoteInvocation();
@@ -76,16 +74,14 @@ public class ContextPropagatingRemoteInvocationTests {
 			// expected
 		}
 
-		assertThat(
-				SecurityContextHolder.getContext().getAuthentication()).withFailMessage(
-						"Authentication must be null").isNull();
+		assertThat(SecurityContextHolder.getContext().getAuthentication())
+				.withFailMessage("Authentication must be null").isNull();
 	}
 
 	@Test
 	public void testNormalOperation() throws Exception {
 		// Setup client-side context
-		Authentication clientSideAuthentication = new UsernamePasswordAuthenticationToken(
-				"rod", "koala");
+		Authentication clientSideAuthentication = new UsernamePasswordAuthenticationToken("rod", "koala");
 		SecurityContextHolder.getContext().setAuthentication(clientSideAuthentication);
 
 		ContextPropagatingRemoteInvocation remoteInvocation = getRemoteInvocation();
@@ -109,19 +105,17 @@ public class ContextPropagatingRemoteInvocationTests {
 		SecurityContextHolder.clearContext(); // unnecessary, but for
 												// explicitness
 
-		assertThat(remoteInvocation.invoke(new TargetObject())).isEqualTo(
-				"some_string Authentication empty");
+		assertThat(remoteInvocation.invoke(new TargetObject())).isEqualTo("some_string Authentication empty");
 	}
 
 	// SEC-1867
 	@Test
 	public void testNullCredentials() throws Exception {
-		Authentication clientSideAuthentication = new UsernamePasswordAuthenticationToken(
-				"rod", null);
+		Authentication clientSideAuthentication = new UsernamePasswordAuthenticationToken("rod", null);
 		SecurityContextHolder.getContext().setAuthentication(clientSideAuthentication);
 
 		ContextPropagatingRemoteInvocation remoteInvocation = getRemoteInvocation();
-		assertThat(
-				ReflectionTestUtils.getField(remoteInvocation, "credentials")).isNull();
+		assertThat(ReflectionTestUtils.getField(remoteInvocation, "credentials")).isNull();
 	}
+
 }
diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/api/PayloadExchange.java b/rsocket/src/main/java/org/springframework/security/rsocket/api/PayloadExchange.java
index 1979d5e263..4caa557536 100644
--- a/rsocket/src/main/java/org/springframework/security/rsocket/api/PayloadExchange.java
+++ b/rsocket/src/main/java/org/springframework/security/rsocket/api/PayloadExchange.java
@@ -26,6 +26,7 @@ import org.springframework.util.MimeType;
  * @since 5.2
  */
 public interface PayloadExchange {
+
 	PayloadExchangeType getType();
 
 	Payload getPayload();
@@ -33,4 +34,5 @@ public interface PayloadExchange {
 	MimeType getDataMimeType();
 
 	MimeType getMetadataMimeType();
+
 }
diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/api/PayloadExchangeType.java b/rsocket/src/main/java/org/springframework/security/rsocket/api/PayloadExchangeType.java
index e31d84b50e..9daa62532c 100644
--- a/rsocket/src/main/java/org/springframework/security/rsocket/api/PayloadExchangeType.java
+++ b/rsocket/src/main/java/org/springframework/security/rsocket/api/PayloadExchangeType.java
@@ -23,14 +23,16 @@ package org.springframework.security.rsocket.api;
  * @since 5.2
  */
 public enum PayloadExchangeType {
+
 	/**
-	 * The <a href="https://rsocket.io/docs/Protocol#setup-frame-0x01">Setup</a>. Can
-	 * be used to determine if a Payload is part of the connection
+	 * The <a href="https://rsocket.io/docs/Protocol#setup-frame-0x01">Setup</a>. Can be
+	 * used to determine if a Payload is part of the connection
 	 */
 	SETUP(false),
 
 	/**
-	 * A <a href="https://rsocket.io/docs/Protocol#frame-fnf">Fire and Forget</a> exchange.
+	 * A <a href="https://rsocket.io/docs/Protocol#frame-fnf">Fire and Forget</a>
+	 * exchange.
 	 */
 	FIRE_AND_FORGET(true),
 
@@ -41,9 +43,9 @@ public enum PayloadExchangeType {
 	REQUEST_RESPONSE(true),
 
 	/**
-	 * A <a href="https://rsocket.io/docs/Protocol#request-stream-frame">Request Stream</a>
-	 * exchange. This is only represents the request portion. The {@link #PAYLOAD} type
-	 * represents the data that submitted.
+	 * A <a href="https://rsocket.io/docs/Protocol#request-stream-frame">Request
+	 * Stream</a> exchange. This is only represents the request portion. The
+	 * {@link #PAYLOAD} type represents the data that submitted.
 	 */
 	REQUEST_STREAM(true),
 
@@ -77,4 +79,5 @@ public enum PayloadExchangeType {
 	public boolean isRequest() {
 		return this.isRequest;
 	}
+
 }
diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/api/PayloadInterceptor.java b/rsocket/src/main/java/org/springframework/security/rsocket/api/PayloadInterceptor.java
index 2f6f36c02b..692cfa72cf 100644
--- a/rsocket/src/main/java/org/springframework/security/rsocket/api/PayloadInterceptor.java
+++ b/rsocket/src/main/java/org/springframework/security/rsocket/api/PayloadInterceptor.java
@@ -19,14 +19,15 @@ package org.springframework.security.rsocket.api;
 import reactor.core.publisher.Mono;
 
 /**
- * Contract for interception-style, chained processing of Payloads that may
- * be used to implement cross-cutting, application-agnostic requirements such
- * as security, timeouts, and others.
+ * Contract for interception-style, chained processing of Payloads that may be used to
+ * implement cross-cutting, application-agnostic requirements such as security, timeouts,
+ * and others.
  *
  * @author Rob Winch
  * @since 5.2
  */
 public interface PayloadInterceptor {
+
 	/**
 	 * Process the Web request and (optionally) delegate to the next
 	 * {@code PayloadInterceptor} through the given {@link PayloadInterceptorChain}.
@@ -35,4 +36,5 @@ public interface PayloadInterceptor {
 	 * @return {@code Mono<Void>} to indicate when payload processing is complete
 	 */
 	Mono<Void> intercept(PayloadExchange exchange, PayloadInterceptorChain chain);
+
 }
diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/api/PayloadInterceptorChain.java b/rsocket/src/main/java/org/springframework/security/rsocket/api/PayloadInterceptorChain.java
index 30307ffc05..edfe567d75 100644
--- a/rsocket/src/main/java/org/springframework/security/rsocket/api/PayloadInterceptorChain.java
+++ b/rsocket/src/main/java/org/springframework/security/rsocket/api/PayloadInterceptorChain.java
@@ -19,16 +19,18 @@ package org.springframework.security.rsocket.api;
 import reactor.core.publisher.Mono;
 
 /**
- * Contract to allow a {@link PayloadInterceptor} to delegate to the next in the chain.
- *  *
+ * Contract to allow a {@link PayloadInterceptor} to delegate to the next in the chain. *
+ *
  * @author Rob Winch
  * @since 5.2
  */
 public interface PayloadInterceptorChain {
+
 	/**
 	 * Process the payload exchange.
 	 * @param exchange the current server exchange
 	 * @return {@code Mono<Void>} to indicate when request processing is complete
 	 */
 	Mono<Void> next(PayloadExchange exchange);
+
 }
diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/authentication/AnonymousPayloadInterceptor.java b/rsocket/src/main/java/org/springframework/security/rsocket/authentication/AnonymousPayloadInterceptor.java
index 69fc5f6015..292ac8a8ca 100644
--- a/rsocket/src/main/java/org/springframework/security/rsocket/authentication/AnonymousPayloadInterceptor.java
+++ b/rsocket/src/main/java/org/springframework/security/rsocket/authentication/AnonymousPayloadInterceptor.java
@@ -39,7 +39,9 @@ import java.util.List;
 public class AnonymousPayloadInterceptor implements PayloadInterceptor, Ordered {
 
 	private String key;
+
 	private Object principal;
+
 	private List<GrantedAuthority> authorities;
 
 	private int order;
@@ -47,7 +49,6 @@ public class AnonymousPayloadInterceptor implements PayloadInterceptor, Ordered
 	/**
 	 * Creates a filter with a principal named "anonymousUser" and the single authority
 	 * "ROLE_ANONYMOUS".
-	 *
 	 * @param key the key to identify tokens created by this filter
 	 */
 	public AnonymousPayloadInterceptor(String key) {
@@ -55,12 +56,11 @@ public class AnonymousPayloadInterceptor implements PayloadInterceptor, Ordered
 	}
 
 	/**
-	 * @param key         key the key to identify tokens created by this filter
-	 * @param principal   the principal which will be used to represent anonymous users
+	 * @param key key the key to identify tokens created by this filter
+	 * @param principal the principal which will be used to represent anonymous users
 	 * @param authorities the authority list for anonymous users
 	 */
-	public AnonymousPayloadInterceptor(String key, Object principal,
-			List<GrantedAuthority> authorities) {
+	public AnonymousPayloadInterceptor(String key, Object principal, List<GrantedAuthority> authorities) {
 		Assert.hasLength(key, "key cannot be null or empty");
 		Assert.notNull(principal, "Anonymous authentication principal must be set");
 		Assert.notNull(authorities, "Anonymous authorities must be set");
@@ -80,14 +80,13 @@ public class AnonymousPayloadInterceptor implements PayloadInterceptor, Ordered
 
 	@Override
 	public Mono<Void> intercept(PayloadExchange exchange, PayloadInterceptorChain chain) {
-		return ReactiveSecurityContextHolder.getContext()
-				.switchIfEmpty(Mono.defer(() -> {
-					AnonymousAuthenticationToken authentication = new AnonymousAuthenticationToken(
-							this.key, this.principal, this.authorities);
-					return chain.next(exchange)
-							.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication))
-							.then(Mono.empty());
-				}))
-				.flatMap(securityContext -> chain.next(exchange));
+		return ReactiveSecurityContextHolder.getContext().switchIfEmpty(Mono.defer(() -> {
+			AnonymousAuthenticationToken authentication = new AnonymousAuthenticationToken(this.key, this.principal,
+					this.authorities);
+			return chain.next(exchange)
+					.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication))
+					.then(Mono.empty());
+		})).flatMap(securityContext -> chain.next(exchange));
 	}
+
 }
diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadExchangeConverter.java b/rsocket/src/main/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadExchangeConverter.java
index 9b7e1ddae0..fcd709b65b 100644
--- a/rsocket/src/main/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadExchangeConverter.java
+++ b/rsocket/src/main/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadExchangeConverter.java
@@ -36,29 +36,32 @@ import java.nio.charset.StandardCharsets;
 import java.util.Map;
 
 /**
- * Converts from the {@link PayloadExchange} for
- * <a href="https://github.com/rsocket/rsocket/blob/5920ed374d008abb712cb1fd7c9d91778b2f4a68/Extensions/Security/Authentication.md">Authentication Extension</a>.
- * For
- * <a href="https://github.com/rsocket/rsocket/blob/5920ed374d008abb712cb1fd7c9d91778b2f4a68/Extensions/Security/Simple.md">Simple</a>
- * a {@link UsernamePasswordAuthenticationToken} is returned. For
- * <a href="https://github.com/rsocket/rsocket/blob/5920ed374d008abb712cb1fd7c9d91778b2f4a68/Extensions/Security/Bearer.md">Bearer</a>
+ * Converts from the {@link PayloadExchange} for <a href=
+ * "https://github.com/rsocket/rsocket/blob/5920ed374d008abb712cb1fd7c9d91778b2f4a68/Extensions/Security/Authentication.md">Authentication
+ * Extension</a>. For <a href=
+ * "https://github.com/rsocket/rsocket/blob/5920ed374d008abb712cb1fd7c9d91778b2f4a68/Extensions/Security/Simple.md">Simple</a>
+ * a {@link UsernamePasswordAuthenticationToken} is returned. For <a href=
+ * "https://github.com/rsocket/rsocket/blob/5920ed374d008abb712cb1fd7c9d91778b2f4a68/Extensions/Security/Bearer.md">Bearer</a>
  * a {@link BearerTokenAuthenticationToken} is returned.
  *
  * @author Rob Winch
  * @since 5.3
  */
 public class AuthenticationPayloadExchangeConverter implements PayloadExchangeAuthenticationConverter {
-	private static final MimeType COMPOSITE_METADATA_MIME_TYPE = MimeTypeUtils.parseMimeType(
-			WellKnownMimeType.MESSAGE_RSOCKET_COMPOSITE_METADATA.getString());
 
-	private static final MimeType AUTHENTICATION_MIME_TYPE = MimeTypeUtils.parseMimeType(WellKnownMimeType.MESSAGE_RSOCKET_AUTHENTICATION.getString());
+	private static final MimeType COMPOSITE_METADATA_MIME_TYPE = MimeTypeUtils
+			.parseMimeType(WellKnownMimeType.MESSAGE_RSOCKET_COMPOSITE_METADATA.getString());
+
+	private static final MimeType AUTHENTICATION_MIME_TYPE = MimeTypeUtils
+			.parseMimeType(WellKnownMimeType.MESSAGE_RSOCKET_AUTHENTICATION.getString());
 
 	private MetadataExtractor metadataExtractor = createDefaultExtractor();
 
 	@Override
 	public Mono<Authentication> convert(PayloadExchange exchange) {
-		return Mono.fromCallable(() -> this.metadataExtractor
-				.extract(exchange.getPayload(), this.COMPOSITE_METADATA_MIME_TYPE))
+		return Mono
+				.fromCallable(
+						() -> this.metadataExtractor.extract(exchange.getPayload(), this.COMPOSITE_METADATA_MIME_TYPE))
 				.flatMap(metadata -> Mono.justOrEmpty(authentication(metadata)));
 	}
 
@@ -74,7 +77,8 @@ public class AuthenticationPayloadExchangeConverter implements PayloadExchangeAu
 		WellKnownAuthType wellKnownAuthType = AuthMetadataCodec.readWellKnownAuthType(rawAuthentication);
 		if (WellKnownAuthType.SIMPLE.equals(wellKnownAuthType)) {
 			return simple(rawAuthentication);
-		} else if (WellKnownAuthType.BEARER.equals(wellKnownAuthType)) {
+		}
+		else if (WellKnownAuthType.BEARER.equals(wellKnownAuthType)) {
 			return bearer(rawAuthentication);
 		}
 		throw new IllegalArgumentException("Unknown Mime Type " + wellKnownAuthType);
@@ -99,4 +103,5 @@ public class AuthenticationPayloadExchangeConverter implements PayloadExchangeAu
 		result.metadataToExtract(AUTHENTICATION_MIME_TYPE, byte[].class, "authentication");
 		return result;
 	}
+
 }
diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadInterceptor.java b/rsocket/src/main/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadInterceptor.java
index 2765f1e7b7..0ec051a213 100644
--- a/rsocket/src/main/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadInterceptor.java
+++ b/rsocket/src/main/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadInterceptor.java
@@ -40,8 +40,7 @@ public class AuthenticationPayloadInterceptor implements PayloadInterceptor, Ord
 
 	private int order;
 
-	private PayloadExchangeAuthenticationConverter authenticationConverter =
-			new BasicAuthenticationPayloadExchangeConverter();
+	private PayloadExchangeAuthenticationConverter authenticationConverter = new BasicAuthenticationPayloadExchangeConverter();
 
 	/**
 	 * Creates a new instance
@@ -65,22 +64,19 @@ public class AuthenticationPayloadInterceptor implements PayloadInterceptor, Ord
 	 * Sets the convert to be used
 	 * @param authenticationConverter
 	 */
-	public void setAuthenticationConverter(
-			PayloadExchangeAuthenticationConverter authenticationConverter) {
+	public void setAuthenticationConverter(PayloadExchangeAuthenticationConverter authenticationConverter) {
 		Assert.notNull(authenticationConverter, "authenticationConverter cannot be null");
 		this.authenticationConverter = authenticationConverter;
 	}
 
 	public Mono<Void> intercept(PayloadExchange exchange, PayloadInterceptorChain chain) {
-		return this.authenticationConverter.convert(exchange)
-			.switchIfEmpty(chain.next(exchange).then(Mono.empty()))
-			.flatMap(a -> this.authenticationManager.authenticate(a))
-			.flatMap(a -> onAuthenticationSuccess(chain.next(exchange), a));
+		return this.authenticationConverter.convert(exchange).switchIfEmpty(chain.next(exchange).then(Mono.empty()))
+				.flatMap(a -> this.authenticationManager.authenticate(a))
+				.flatMap(a -> onAuthenticationSuccess(chain.next(exchange), a));
 	}
 
 	private Mono<Void> onAuthenticationSuccess(Mono<Void> payload, Authentication authentication) {
-		return payload
-				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication));
+		return payload.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication));
 	}
 
 }
diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/authentication/BasicAuthenticationPayloadExchangeConverter.java b/rsocket/src/main/java/org/springframework/security/rsocket/authentication/BasicAuthenticationPayloadExchangeConverter.java
index dac42d0ba4..eefb071a03 100644
--- a/rsocket/src/main/java/org/springframework/security/rsocket/authentication/BasicAuthenticationPayloadExchangeConverter.java
+++ b/rsocket/src/main/java/org/springframework/security/rsocket/authentication/BasicAuthenticationPayloadExchangeConverter.java
@@ -38,23 +38,26 @@ import reactor.core.publisher.Mono;
  */
 public class BasicAuthenticationPayloadExchangeConverter implements PayloadExchangeAuthenticationConverter {
 
-	private MimeType metadataMimetype = MimeTypeUtils.parseMimeType(
-			WellKnownMimeType.MESSAGE_RSOCKET_COMPOSITE_METADATA.getString());
+	private MimeType metadataMimetype = MimeTypeUtils
+			.parseMimeType(WellKnownMimeType.MESSAGE_RSOCKET_COMPOSITE_METADATA.getString());
 
 	private MetadataExtractor metadataExtractor = createDefaultExtractor();
 
 	@Override
 	public Mono<Authentication> convert(PayloadExchange exchange) {
-		return Mono.fromCallable(() -> this.metadataExtractor
-				.extract(exchange.getPayload(), this.metadataMimetype))
-				.flatMap(metadata -> Mono.justOrEmpty(metadata.get(UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE.toString())))
+		return Mono.fromCallable(() -> this.metadataExtractor.extract(exchange.getPayload(), this.metadataMimetype))
+				.flatMap(metadata -> Mono
+						.justOrEmpty(metadata.get(UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE.toString())))
 				.cast(UsernamePasswordMetadata.class)
-				.map(credentials -> new UsernamePasswordAuthenticationToken(credentials.getUsername(), credentials.getPassword()));
+				.map(credentials -> new UsernamePasswordAuthenticationToken(credentials.getUsername(),
+						credentials.getPassword()));
 	}
 
 	private static MetadataExtractor createDefaultExtractor() {
 		DefaultMetadataExtractor result = new DefaultMetadataExtractor(new BasicAuthenticationDecoder());
-		result.metadataToExtract(UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE, UsernamePasswordMetadata.class, (String) null);
+		result.metadataToExtract(UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE,
+				UsernamePasswordMetadata.class, (String) null);
 		return result;
 	}
+
 }
diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/authentication/BearerPayloadExchangeConverter.java b/rsocket/src/main/java/org/springframework/security/rsocket/authentication/BearerPayloadExchangeConverter.java
index 9b1d92a58d..de0ffe5bc8 100644
--- a/rsocket/src/main/java/org/springframework/security/rsocket/authentication/BearerPayloadExchangeConverter.java
+++ b/rsocket/src/main/java/org/springframework/security/rsocket/authentication/BearerPayloadExchangeConverter.java
@@ -27,16 +27,16 @@ import reactor.core.publisher.Mono;
 import java.nio.charset.StandardCharsets;
 
 /**
- * Converts from the {@link PayloadExchange} to a
- *  {@link BearerTokenAuthenticationToken} by extracting
- *  {@link BearerTokenMetadata#BEARER_AUTHENTICATION_MIME_TYPE} from the metadata.
- *  @author Rob Winch
+ * Converts from the {@link PayloadExchange} to a {@link BearerTokenAuthenticationToken}
+ * by extracting {@link BearerTokenMetadata#BEARER_AUTHENTICATION_MIME_TYPE} from the
+ * metadata.
+ *
+ * @author Rob Winch
  * @since 5.2
  */
 public class BearerPayloadExchangeConverter implements PayloadExchangeAuthenticationConverter {
 
-	private static final String BEARER_MIME_TYPE_VALUE =
-			BearerTokenMetadata.BEARER_AUTHENTICATION_MIME_TYPE.toString();
+	private static final String BEARER_MIME_TYPE_VALUE = BearerTokenMetadata.BEARER_AUTHENTICATION_MIME_TYPE.toString();
 
 	@Override
 	public Mono<Authentication> convert(PayloadExchange exchange) {
@@ -51,4 +51,5 @@ public class BearerPayloadExchangeConverter implements PayloadExchangeAuthentica
 		}
 		return Mono.empty();
 	}
+
 }
diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/authentication/PayloadExchangeAuthenticationConverter.java b/rsocket/src/main/java/org/springframework/security/rsocket/authentication/PayloadExchangeAuthenticationConverter.java
index dbb247246e..25123f7aca 100644
--- a/rsocket/src/main/java/org/springframework/security/rsocket/authentication/PayloadExchangeAuthenticationConverter.java
+++ b/rsocket/src/main/java/org/springframework/security/rsocket/authentication/PayloadExchangeAuthenticationConverter.java
@@ -22,9 +22,12 @@ import reactor.core.publisher.Mono;
 
 /**
  * Converts from a {@link PayloadExchange} to an {@link Authentication}
+ *
  * @author Rob Winch
  * @since 5.2
  */
 public interface PayloadExchangeAuthenticationConverter {
+
 	Mono<Authentication> convert(PayloadExchange exchange);
+
 }
diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/authorization/AuthorizationPayloadInterceptor.java b/rsocket/src/main/java/org/springframework/security/rsocket/authorization/AuthorizationPayloadInterceptor.java
index c439f98a88..3f323f8b69 100644
--- a/rsocket/src/main/java/org/springframework/security/rsocket/authorization/AuthorizationPayloadInterceptor.java
+++ b/rsocket/src/main/java/org/springframework/security/rsocket/authorization/AuthorizationPayloadInterceptor.java
@@ -34,12 +34,12 @@ import org.springframework.security.rsocket.api.PayloadInterceptor;
  * @since 5.2
  */
 public class AuthorizationPayloadInterceptor implements PayloadInterceptor, Ordered {
+
 	private final ReactiveAuthorizationManager<PayloadExchange> authorizationManager;
 
 	private int order;
 
-	public AuthorizationPayloadInterceptor(
-			ReactiveAuthorizationManager<PayloadExchange> authorizationManager) {
+	public AuthorizationPayloadInterceptor(ReactiveAuthorizationManager<PayloadExchange> authorizationManager) {
 		Assert.notNull(authorizationManager, "authorizationManager cannot be null");
 		this.authorizationManager = authorizationManager;
 	}
@@ -55,11 +55,12 @@ public class AuthorizationPayloadInterceptor implements PayloadInterceptor, Orde
 
 	@Override
 	public Mono<Void> intercept(PayloadExchange exchange, PayloadInterceptorChain chain) {
-		return ReactiveSecurityContextHolder.getContext()
-				.filter(c -> c.getAuthentication() != null)
+		return ReactiveSecurityContextHolder.getContext().filter(c -> c.getAuthentication() != null)
 				.map(SecurityContext::getAuthentication)
-				.switchIfEmpty(Mono.error(() -> new AuthenticationCredentialsNotFoundException("An Authentication (possibly AnonymousAuthenticationToken) is required.")))
+				.switchIfEmpty(Mono.error(() -> new AuthenticationCredentialsNotFoundException(
+						"An Authentication (possibly AnonymousAuthenticationToken) is required.")))
 				.as(authentication -> this.authorizationManager.verify(authentication, exchange))
 				.then(chain.next(exchange));
 	}
+
 }
diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/authorization/PayloadExchangeMatcherReactiveAuthorizationManager.java b/rsocket/src/main/java/org/springframework/security/rsocket/authorization/PayloadExchangeMatcherReactiveAuthorizationManager.java
index 0382491137..604efe22d5 100644
--- a/rsocket/src/main/java/org/springframework/security/rsocket/authorization/PayloadExchangeMatcherReactiveAuthorizationManager.java
+++ b/rsocket/src/main/java/org/springframework/security/rsocket/authorization/PayloadExchangeMatcherReactiveAuthorizationManager.java
@@ -32,15 +32,18 @@ import java.util.List;
 
 /**
  * Maps a @{code List} of {@link PayloadExchangeMatcher} instances to
- * @{code ReactiveAuthorizationManager} instances.
  *
+ * @{code ReactiveAuthorizationManager} instances.
  * @author Rob Winch
  * @since 5.2
  */
-public class PayloadExchangeMatcherReactiveAuthorizationManager implements ReactiveAuthorizationManager<PayloadExchange> {
+public class PayloadExchangeMatcherReactiveAuthorizationManager
+		implements ReactiveAuthorizationManager<PayloadExchange> {
+
 	private final List<PayloadExchangeMatcherEntry<ReactiveAuthorizationManager<PayloadExchangeAuthorizationContext>>> mappings;
 
-	private PayloadExchangeMatcherReactiveAuthorizationManager(List<PayloadExchangeMatcherEntry<ReactiveAuthorizationManager<PayloadExchangeAuthorizationContext>>> mappings) {
+	private PayloadExchangeMatcherReactiveAuthorizationManager(
+			List<PayloadExchangeMatcherEntry<ReactiveAuthorizationManager<PayloadExchangeAuthorizationContext>>> mappings) {
 		Assert.notEmpty(mappings, "mappings cannot be null");
 		this.mappings = mappings;
 	}
@@ -49,14 +52,10 @@ public class PayloadExchangeMatcherReactiveAuthorizationManager implements React
 	public Mono<AuthorizationDecision> check(Mono<Authentication> authentication, PayloadExchange exchange) {
 		return Flux.fromIterable(this.mappings)
 				.concatMap(mapping -> mapping.getMatcher().matches(exchange)
-						.filter(PayloadExchangeMatcher.MatchResult::isMatch)
-						.map(r -> r.getVariables())
-						.flatMap(variables -> mapping.getEntry()
-								.check(authentication, new PayloadExchangeAuthorizationContext(exchange, variables))
-						)
-				)
-				.next()
-				.switchIfEmpty(Mono.fromCallable(() -> new AuthorizationDecision(false)));
+						.filter(PayloadExchangeMatcher.MatchResult::isMatch).map(r -> r.getVariables())
+						.flatMap(variables -> mapping.getEntry().check(authentication,
+								new PayloadExchangeAuthorizationContext(exchange, variables))))
+				.next().switchIfEmpty(Mono.fromCallable(() -> new AuthorizationDecision(false)));
 	}
 
 	public static PayloadExchangeMatcherReactiveAuthorizationManager.Builder builder() {
@@ -64,6 +63,7 @@ public class PayloadExchangeMatcherReactiveAuthorizationManager implements React
 	}
 
 	public static class Builder {
+
 		private final List<PayloadExchangeMatcherEntry<ReactiveAuthorizationManager<PayloadExchangeAuthorizationContext>>> mappings = new ArrayList<>();
 
 		private Builder() {
@@ -78,5 +78,7 @@ public class PayloadExchangeMatcherReactiveAuthorizationManager implements React
 		public PayloadExchangeMatcherReactiveAuthorizationManager build() {
 			return new PayloadExchangeMatcherReactiveAuthorizationManager(this.mappings);
 		}
+
 	}
+
 }
diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/core/ContextPayloadInterceptorChain.java b/rsocket/src/main/java/org/springframework/security/rsocket/core/ContextPayloadInterceptorChain.java
index c92785b7d0..7efcc28239 100644
--- a/rsocket/src/main/java/org/springframework/security/rsocket/core/ContextPayloadInterceptorChain.java
+++ b/rsocket/src/main/java/org/springframework/security/rsocket/core/ContextPayloadInterceptorChain.java
@@ -26,8 +26,9 @@ import java.util.List;
 import java.util.ListIterator;
 
 /**
- * A {@link PayloadInterceptorChain} which exposes the Reactor {@link Context} via a member variable.
- * This class is not Thread safe, so a new instance must be created for each Thread.
+ * A {@link PayloadInterceptorChain} which exposes the Reactor {@link Context} via a
+ * member variable. This class is not Thread safe, so a new instance must be created for
+ * each Thread.
  *
  * Internally {@code ContextPayloadInterceptorChain} is used to ensure that the Reactor
  * {@code Context} is captured so it can be transferred to subscribers outside of this
@@ -72,13 +73,8 @@ class ContextPayloadInterceptorChain implements PayloadInterceptorChain {
 	}
 
 	public Mono<Void> next(PayloadExchange exchange) {
-		return Mono.defer(() ->
-				shouldIntercept() ?
-						this.currentInterceptor.intercept(exchange, this.next) :
-						Mono.subscriberContext()
-							.doOnNext(c -> this.context = c)
-							.then()
-		);
+		return Mono.defer(() -> shouldIntercept() ? this.currentInterceptor.intercept(exchange, this.next)
+				: Mono.subscriberContext().doOnNext(c -> this.context = c).then());
 	}
 
 	Context getContext() {
@@ -96,4 +92,5 @@ class ContextPayloadInterceptorChain implements PayloadInterceptorChain {
 	public String toString() {
 		return getClass().getSimpleName() + "[currentInterceptor=" + this.currentInterceptor + "]";
 	}
+
 }
diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/core/DefaultPayloadExchange.java b/rsocket/src/main/java/org/springframework/security/rsocket/core/DefaultPayloadExchange.java
index e49ccb5154..7deba38628 100644
--- a/rsocket/src/main/java/org/springframework/security/rsocket/core/DefaultPayloadExchange.java
+++ b/rsocket/src/main/java/org/springframework/security/rsocket/core/DefaultPayloadExchange.java
@@ -69,4 +69,5 @@ public class DefaultPayloadExchange implements PayloadExchange {
 	public MimeType getDataMimeType() {
 		return this.dataMimeType;
 	}
+
 }
diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/core/PayloadInterceptorRSocket.java b/rsocket/src/main/java/org/springframework/security/rsocket/core/PayloadInterceptorRSocket.java
index b1c7271ed9..ac122c3208 100644
--- a/rsocket/src/main/java/org/springframework/security/rsocket/core/PayloadInterceptorRSocket.java
+++ b/rsocket/src/main/java/org/springframework/security/rsocket/core/PayloadInterceptorRSocket.java
@@ -31,10 +31,12 @@ import java.util.List;
 
 /**
  * Combines the {@link PayloadInterceptor} with an {@link RSocketProxy}
+ *
  * @author Rob Winch
  * @since 5.2
  */
 class PayloadInterceptorRSocket extends RSocketProxy {
+
 	private final List<PayloadInterceptor> interceptors;
 
 	private final MimeType metadataMimeType;
@@ -43,14 +45,12 @@ class PayloadInterceptorRSocket extends RSocketProxy {
 
 	private final Context context;
 
-	PayloadInterceptorRSocket(RSocket delegate,
-			List<PayloadInterceptor> interceptors, MimeType metadataMimeType,
+	PayloadInterceptorRSocket(RSocket delegate, List<PayloadInterceptor> interceptors, MimeType metadataMimeType,
 			MimeType dataMimeType) {
 		this(delegate, interceptors, metadataMimeType, dataMimeType, Context.empty());
 	}
 
-	PayloadInterceptorRSocket(RSocket delegate,
-			List<PayloadInterceptor> interceptors, MimeType metadataMimeType,
+	PayloadInterceptorRSocket(RSocket delegate, List<PayloadInterceptor> interceptors, MimeType metadataMimeType,
 			MimeType dataMimeType, Context context) {
 		super(delegate);
 		this.metadataMimeType = metadataMimeType;
@@ -71,71 +71,52 @@ class PayloadInterceptorRSocket extends RSocketProxy {
 	@Override
 	public Mono<Void> fireAndForget(Payload payload) {
 		return intercept(PayloadExchangeType.FIRE_AND_FORGET, payload)
-			.flatMap(context ->
-				this.source.fireAndForget(payload)
-					.subscriberContext(context)
-			);
+				.flatMap(context -> this.source.fireAndForget(payload).subscriberContext(context));
 	}
 
 	@Override
 	public Mono<Payload> requestResponse(Payload payload) {
 		return intercept(PayloadExchangeType.REQUEST_RESPONSE, payload)
-			.flatMap(context ->
-				this.source.requestResponse(payload)
-					.subscriberContext(context)
-			);
+				.flatMap(context -> this.source.requestResponse(payload).subscriberContext(context));
 	}
 
 	@Override
 	public Flux<Payload> requestStream(Payload payload) {
 		return intercept(PayloadExchangeType.REQUEST_STREAM, payload)
-			.flatMapMany(context ->
-				this.source.requestStream(payload)
-					.subscriberContext(context)
-			);
+				.flatMapMany(context -> this.source.requestStream(payload).subscriberContext(context));
 	}
 
 	@Override
 	public Flux<Payload> requestChannel(Publisher<Payload> payloads) {
-		return Flux.from(payloads)
-			.switchOnFirst((signal, innerFlux) -> {
-				Payload firstPayload = signal.get();
-				return intercept(PayloadExchangeType.REQUEST_CHANNEL, firstPayload)
-					.flatMapMany(context ->
-						innerFlux
-							.skip(1)
-							.flatMap(p -> intercept(PayloadExchangeType.PAYLOAD, p).thenReturn(p))
+		return Flux.from(payloads).switchOnFirst((signal, innerFlux) -> {
+			Payload firstPayload = signal.get();
+			return intercept(PayloadExchangeType.REQUEST_CHANNEL, firstPayload).flatMapMany(
+					context -> innerFlux.skip(1).flatMap(p -> intercept(PayloadExchangeType.PAYLOAD, p).thenReturn(p))
 							.transform(securedPayloads -> Flux.concat(Flux.just(firstPayload), securedPayloads))
 							.transform(securedPayloads -> this.source.requestChannel(securedPayloads))
-							.subscriberContext(context)
-					);
-			});
+							.subscriberContext(context));
+		});
 	}
 
 	@Override
 	public Mono<Void> metadataPush(Payload payload) {
 		return intercept(PayloadExchangeType.METADATA_PUSH, payload)
-			.flatMap(c -> this.source
-					.metadataPush(payload)
-					.subscriberContext(c)
-			);
+				.flatMap(c -> this.source.metadataPush(payload).subscriberContext(c));
 	}
 
 	private Mono<Context> intercept(PayloadExchangeType type, Payload payload) {
 		return Mono.defer(() -> {
 			ContextPayloadInterceptorChain chain = new ContextPayloadInterceptorChain(this.interceptors);
-			DefaultPayloadExchange exchange = new DefaultPayloadExchange(type, payload,
-					this.metadataMimeType, this.dataMimeType);
-			return chain.next(exchange)
-				.then(Mono.fromCallable(() -> chain.getContext()))
-				.defaultIfEmpty(Context.empty())
-				.subscriberContext(this.context);
+			DefaultPayloadExchange exchange = new DefaultPayloadExchange(type, payload, this.metadataMimeType,
+					this.dataMimeType);
+			return chain.next(exchange).then(Mono.fromCallable(() -> chain.getContext()))
+					.defaultIfEmpty(Context.empty()).subscriberContext(this.context);
 		});
 	}
 
 	@Override
 	public String toString() {
-		return getClass().getSimpleName() + "[source=" + this.source + ",interceptors="
-				+ this.interceptors + "]";
+		return getClass().getSimpleName() + "[source=" + this.source + ",interceptors=" + this.interceptors + "]";
 	}
+
 }
diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/core/PayloadSocketAcceptor.java b/rsocket/src/main/java/org/springframework/security/rsocket/core/PayloadSocketAcceptor.java
index a5a849096b..fb07b9c1a5 100644
--- a/rsocket/src/main/java/org/springframework/security/rsocket/core/PayloadSocketAcceptor.java
+++ b/rsocket/src/main/java/org/springframework/security/rsocket/core/PayloadSocketAcceptor.java
@@ -38,6 +38,7 @@ import java.util.List;
  * @since 5.2
  */
 class PayloadSocketAcceptor implements SocketAcceptor {
+
 	private final SocketAcceptor delegate;
 
 	private final List<PayloadInterceptor> interceptors;
@@ -45,8 +46,8 @@ class PayloadSocketAcceptor implements SocketAcceptor {
 	@Nullable
 	private MimeType defaultDataMimeType;
 
-	private MimeType defaultMetadataMimeType =
-			MimeTypeUtils.parseMimeType(WellKnownMimeType.MESSAGE_RSOCKET_COMPOSITE_METADATA.getString());
+	private MimeType defaultMetadataMimeType = MimeTypeUtils
+			.parseMimeType(WellKnownMimeType.MESSAGE_RSOCKET_COMPOSITE_METADATA.getString());
 
 	PayloadSocketAcceptor(SocketAcceptor delegate, List<PayloadInterceptor> interceptors) {
 		Assert.notNull(delegate, "delegate cannot be null");
@@ -70,10 +71,11 @@ class PayloadSocketAcceptor implements SocketAcceptor {
 
 		// FIXME do we want to make the sendingSocket available in the PayloadExchange
 		return intercept(setup, dataMimeType, metadataMimeType)
-			.flatMap(ctx -> this.delegate.accept(setup, sendingSocket)
-				.map(acceptingSocket -> new PayloadInterceptorRSocket(acceptingSocket, this.interceptors, metadataMimeType, dataMimeType, ctx))
-				.subscriberContext(ctx)
-			);
+				.flatMap(
+						ctx -> this.delegate.accept(setup, sendingSocket)
+								.map(acceptingSocket -> new PayloadInterceptorRSocket(acceptingSocket,
+										this.interceptors, metadataMimeType, dataMimeType, ctx))
+								.subscriberContext(ctx));
 	}
 
 	private Mono<Context> intercept(Payload payload, MimeType dataMimeType, MimeType metadataMimeType) {
@@ -81,8 +83,7 @@ class PayloadSocketAcceptor implements SocketAcceptor {
 			ContextPayloadInterceptorChain chain = new ContextPayloadInterceptorChain(this.interceptors);
 			DefaultPayloadExchange exchange = new DefaultPayloadExchange(PayloadExchangeType.SETUP, payload,
 					metadataMimeType, dataMimeType);
-			return chain.next(exchange)
-					.then(Mono.fromCallable(() -> chain.getContext()))
+			return chain.next(exchange).then(Mono.fromCallable(() -> chain.getContext()))
 					.defaultIfEmpty(Context.empty());
 		});
 	}
@@ -99,4 +100,5 @@ class PayloadSocketAcceptor implements SocketAcceptor {
 		Assert.notNull(defaultMetadataMimeType, "defaultMetadataMimeType cannot be null");
 		this.defaultMetadataMimeType = defaultMetadataMimeType;
 	}
+
 }
diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/core/PayloadSocketAcceptorInterceptor.java b/rsocket/src/main/java/org/springframework/security/rsocket/core/PayloadSocketAcceptorInterceptor.java
index 52cba75c45..02402a6fe8 100644
--- a/rsocket/src/main/java/org/springframework/security/rsocket/core/PayloadSocketAcceptorInterceptor.java
+++ b/rsocket/src/main/java/org/springframework/security/rsocket/core/PayloadSocketAcceptorInterceptor.java
@@ -40,8 +40,8 @@ public class PayloadSocketAcceptorInterceptor implements SocketAcceptorIntercept
 	@Nullable
 	private MimeType defaultDataMimeType;
 
-	private MimeType defaultMetadataMimeType =
-		MimeTypeUtils.parseMimeType(WellKnownMimeType.MESSAGE_RSOCKET_COMPOSITE_METADATA.getString());
+	private MimeType defaultMetadataMimeType = MimeTypeUtils
+			.parseMimeType(WellKnownMimeType.MESSAGE_RSOCKET_COMPOSITE_METADATA.getString());
 
 	public PayloadSocketAcceptorInterceptor(List<PayloadInterceptor> interceptors) {
 		this.interceptors = interceptors;
@@ -49,8 +49,7 @@ public class PayloadSocketAcceptorInterceptor implements SocketAcceptorIntercept
 
 	@Override
 	public SocketAcceptor apply(SocketAcceptor socketAcceptor) {
-		PayloadSocketAcceptor acceptor = new PayloadSocketAcceptor(
-				socketAcceptor, this.interceptors);
+		PayloadSocketAcceptor acceptor = new PayloadSocketAcceptor(socketAcceptor, this.interceptors);
 		acceptor.setDefaultDataMimeType(this.defaultDataMimeType);
 		acceptor.setDefaultMetadataMimeType(this.defaultMetadataMimeType);
 		return acceptor;
@@ -64,4 +63,5 @@ public class PayloadSocketAcceptorInterceptor implements SocketAcceptorIntercept
 		Assert.notNull(defaultMetadataMimeType, "defaultMetadataMimeType cannot be null");
 		this.defaultMetadataMimeType = defaultMetadataMimeType;
 	}
+
 }
diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/core/SecuritySocketAcceptorInterceptor.java b/rsocket/src/main/java/org/springframework/security/rsocket/core/SecuritySocketAcceptorInterceptor.java
index f8f9cbaf81..73470acc74 100644
--- a/rsocket/src/main/java/org/springframework/security/rsocket/core/SecuritySocketAcceptorInterceptor.java
+++ b/rsocket/src/main/java/org/springframework/security/rsocket/core/SecuritySocketAcceptorInterceptor.java
@@ -21,13 +21,15 @@ import io.rsocket.plugins.SocketAcceptorInterceptor;
 import org.springframework.util.Assert;
 
 /**
- * A SocketAcceptorInterceptor that applies Security through a delegate {@link SocketAcceptorInterceptor}. This allows
- * security to be applied lazily to an application.
+ * A SocketAcceptorInterceptor that applies Security through a delegate
+ * {@link SocketAcceptorInterceptor}. This allows security to be applied lazily to an
+ * application.
  *
  * @author Rob Winch
  * @since 5.2
  */
 public class SecuritySocketAcceptorInterceptor implements SocketAcceptorInterceptor {
+
 	private final SocketAcceptorInterceptor acceptorInterceptor;
 
 	public SecuritySocketAcceptorInterceptor(SocketAcceptorInterceptor acceptorInterceptor) {
@@ -39,4 +41,5 @@ public class SecuritySocketAcceptorInterceptor implements SocketAcceptorIntercep
 	public SocketAcceptor apply(SocketAcceptor socketAcceptor) {
 		return this.acceptorInterceptor.apply(socketAcceptor);
 	}
+
 }
diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/metadata/BasicAuthenticationDecoder.java b/rsocket/src/main/java/org/springframework/security/rsocket/metadata/BasicAuthenticationDecoder.java
index 6b8a45fe41..ca673d6be9 100644
--- a/rsocket/src/main/java/org/springframework/security/rsocket/metadata/BasicAuthenticationDecoder.java
+++ b/rsocket/src/main/java/org/springframework/security/rsocket/metadata/BasicAuthenticationDecoder.java
@@ -31,48 +31,47 @@ import java.util.Map;
  *
  * @author Rob Winch
  * @since 5.2
- * @deprecated Basic Authentication did not evolve into a standard. Use Simple Authentication instead.
+ * @deprecated Basic Authentication did not evolve into a standard. Use Simple
+ * Authentication instead.
  */
 @Deprecated
 public class BasicAuthenticationDecoder extends AbstractDecoder<UsernamePasswordMetadata> {
+
 	public BasicAuthenticationDecoder() {
 		super(UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE);
 	}
 
 	@Override
-	public Flux<UsernamePasswordMetadata> decode(Publisher<DataBuffer> input,
-			ResolvableType elementType, MimeType mimeType, Map<String, Object> hints) {
-		return Flux.from(input)
-			.map(DataBuffer::asByteBuffer)
-			.map(byteBuffer -> {
-				byte[] sizeBytes = new byte[4];
-				byteBuffer.get(sizeBytes);
+	public Flux<UsernamePasswordMetadata> decode(Publisher<DataBuffer> input, ResolvableType elementType,
+			MimeType mimeType, Map<String, Object> hints) {
+		return Flux.from(input).map(DataBuffer::asByteBuffer).map(byteBuffer -> {
+			byte[] sizeBytes = new byte[4];
+			byteBuffer.get(sizeBytes);
 
-				int usernameSize = 4;
-				byte[] usernameBytes = new byte[usernameSize];
-				byteBuffer.get(usernameBytes);
-				byte[] passwordBytes = new byte[byteBuffer.remaining()];
-				byteBuffer.get(passwordBytes);
-				String username = new String(usernameBytes);
-				String password = new String(passwordBytes);
-				return new UsernamePasswordMetadata(username, password);
-			});
+			int usernameSize = 4;
+			byte[] usernameBytes = new byte[usernameSize];
+			byteBuffer.get(usernameBytes);
+			byte[] passwordBytes = new byte[byteBuffer.remaining()];
+			byteBuffer.get(passwordBytes);
+			String username = new String(usernameBytes);
+			String password = new String(passwordBytes);
+			return new UsernamePasswordMetadata(username, password);
+		});
 	}
 
 	@Override
-	public Mono<UsernamePasswordMetadata> decodeToMono(Publisher<DataBuffer> input,
-			ResolvableType elementType, MimeType mimeType, Map<String, Object> hints) {
-		return Mono.from(input)
-			.map(DataBuffer::asByteBuffer)
-			.map(byteBuffer -> {
-				int usernameSize = byteBuffer.getInt();
-				byte[] usernameBytes = new byte[usernameSize];
-				byteBuffer.get(usernameBytes);
-				byte[] passwordBytes = new byte[byteBuffer.remaining()];
-				byteBuffer.get(passwordBytes);
-				String username = new String(usernameBytes);
-				String password = new String(passwordBytes);
-				return new UsernamePasswordMetadata(username, password);
-			});
+	public Mono<UsernamePasswordMetadata> decodeToMono(Publisher<DataBuffer> input, ResolvableType elementType,
+			MimeType mimeType, Map<String, Object> hints) {
+		return Mono.from(input).map(DataBuffer::asByteBuffer).map(byteBuffer -> {
+			int usernameSize = byteBuffer.getInt();
+			byte[] usernameBytes = new byte[usernameSize];
+			byteBuffer.get(usernameBytes);
+			byte[] passwordBytes = new byte[byteBuffer.remaining()];
+			byteBuffer.get(passwordBytes);
+			String username = new String(usernameBytes);
+			String password = new String(passwordBytes);
+			return new UsernamePasswordMetadata(username, password);
+		});
 	}
+
 }
diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/metadata/BasicAuthenticationEncoder.java b/rsocket/src/main/java/org/springframework/security/rsocket/metadata/BasicAuthenticationEncoder.java
index 75e3f909ac..596e4d11d0 100644
--- a/rsocket/src/main/java/org/springframework/security/rsocket/metadata/BasicAuthenticationEncoder.java
+++ b/rsocket/src/main/java/org/springframework/security/rsocket/metadata/BasicAuthenticationEncoder.java
@@ -34,29 +34,26 @@ import java.util.Map;
  *
  * @author Rob Winch
  * @since 5.2
- * @deprecated Basic Authentication did not evolve into a standard. use {@link SimpleAuthenticationEncoder}
+ * @deprecated Basic Authentication did not evolve into a standard. use
+ * {@link SimpleAuthenticationEncoder}
  */
 @Deprecated
-public class BasicAuthenticationEncoder extends
-		AbstractEncoder<UsernamePasswordMetadata> {
+public class BasicAuthenticationEncoder extends AbstractEncoder<UsernamePasswordMetadata> {
 
 	public BasicAuthenticationEncoder() {
 		super(UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE);
 	}
 
 	@Override
-	public Flux<DataBuffer> encode(
-			Publisher<? extends UsernamePasswordMetadata> inputStream,
-			DataBufferFactory bufferFactory, ResolvableType elementType,
-			MimeType mimeType, Map<String, Object> hints) {
-		return Flux.from(inputStream).map(credentials ->
-				encodeValue(credentials, bufferFactory, elementType, mimeType, hints));
+	public Flux<DataBuffer> encode(Publisher<? extends UsernamePasswordMetadata> inputStream,
+			DataBufferFactory bufferFactory, ResolvableType elementType, MimeType mimeType, Map<String, Object> hints) {
+		return Flux.from(inputStream)
+				.map(credentials -> encodeValue(credentials, bufferFactory, elementType, mimeType, hints));
 	}
 
 	@Override
-	public DataBuffer encodeValue(UsernamePasswordMetadata credentials,
-			DataBufferFactory bufferFactory, ResolvableType valueType, MimeType mimeType,
-			Map<String, Object> hints) {
+	public DataBuffer encodeValue(UsernamePasswordMetadata credentials, DataBufferFactory bufferFactory,
+			ResolvableType valueType, MimeType mimeType, Map<String, Object> hints) {
 		String username = credentials.getUsername();
 		String password = credentials.getPassword();
 		byte[] usernameBytes = username.getBytes(StandardCharsets.UTF_8);
@@ -69,10 +66,12 @@ public class BasicAuthenticationEncoder extends
 			metadata.write(password.getBytes(StandardCharsets.UTF_8));
 			release = false;
 			return metadata;
-		} finally {
+		}
+		finally {
 			if (release) {
 				DataBufferUtils.release(metadata);
 			}
 		}
 	}
+
 }
diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/metadata/BearerTokenAuthenticationEncoder.java b/rsocket/src/main/java/org/springframework/security/rsocket/metadata/BearerTokenAuthenticationEncoder.java
index ead8f960fa..2f5f51c451 100644
--- a/rsocket/src/main/java/org/springframework/security/rsocket/metadata/BearerTokenAuthenticationEncoder.java
+++ b/rsocket/src/main/java/org/springframework/security/rsocket/metadata/BearerTokenAuthenticationEncoder.java
@@ -32,15 +32,17 @@ import reactor.core.publisher.Flux;
 import java.util.Map;
 
 /**
- * Encodes <a href="https://github.com/rsocket/rsocket/blob/5920ed374d008abb712cb1fd7c9d91778b2f4a68/Extensions/Security/Bearer.md">Bearer Authentication</a>.
+ * Encodes <a href=
+ * "https://github.com/rsocket/rsocket/blob/5920ed374d008abb712cb1fd7c9d91778b2f4a68/Extensions/Security/Bearer.md">Bearer
+ * Authentication</a>.
  *
  * @author Rob Winch
  * @since 5.3
  */
-public class BearerTokenAuthenticationEncoder extends
-		AbstractEncoder<BearerTokenMetadata> {
+public class BearerTokenAuthenticationEncoder extends AbstractEncoder<BearerTokenMetadata> {
 
-	private static final MimeType AUTHENTICATION_MIME_TYPE = MimeTypeUtils.parseMimeType("message/x.rsocket.authentication.v0");
+	private static final MimeType AUTHENTICATION_MIME_TYPE = MimeTypeUtils
+			.parseMimeType("message/x.rsocket.authentication.v0");
 
 	private NettyDataBufferFactory defaultBufferFactory = new NettyDataBufferFactory(ByteBufAllocator.DEFAULT);
 
@@ -49,23 +51,19 @@ public class BearerTokenAuthenticationEncoder extends
 	}
 
 	@Override
-	public Flux<DataBuffer> encode(
-			Publisher<? extends BearerTokenMetadata> inputStream,
-			DataBufferFactory bufferFactory, ResolvableType elementType,
-			MimeType mimeType, Map<String, Object> hints) {
-		return Flux.from(inputStream).map(credentials ->
-				encodeValue(credentials, bufferFactory, elementType, mimeType, hints));
+	public Flux<DataBuffer> encode(Publisher<? extends BearerTokenMetadata> inputStream,
+			DataBufferFactory bufferFactory, ResolvableType elementType, MimeType mimeType, Map<String, Object> hints) {
+		return Flux.from(inputStream)
+				.map(credentials -> encodeValue(credentials, bufferFactory, elementType, mimeType, hints));
 	}
 
 	@Override
-	public DataBuffer encodeValue(BearerTokenMetadata credentials,
-			DataBufferFactory bufferFactory, ResolvableType valueType, MimeType mimeType,
-			Map<String, Object> hints) {
+	public DataBuffer encodeValue(BearerTokenMetadata credentials, DataBufferFactory bufferFactory,
+			ResolvableType valueType, MimeType mimeType, Map<String, Object> hints) {
 		String token = credentials.getToken();
 		NettyDataBufferFactory factory = nettyFactory(bufferFactory);
 		ByteBufAllocator allocator = factory.getByteBufAllocator();
-		ByteBuf simpleAuthentication = AuthMetadataCodec
-				.encodeBearerMetadata(allocator, token.toCharArray());
+		ByteBuf simpleAuthentication = AuthMetadataCodec.encodeBearerMetadata(allocator, token.toCharArray());
 		return factory.wrap(simpleAuthentication);
 	}
 
@@ -75,4 +73,5 @@ public class BearerTokenAuthenticationEncoder extends
 		}
 		return this.defaultBufferFactory;
 	}
+
 }
diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/metadata/BearerTokenMetadata.java b/rsocket/src/main/java/org/springframework/security/rsocket/metadata/BearerTokenMetadata.java
index 5998b07cdd..364c4e4209 100644
--- a/rsocket/src/main/java/org/springframework/security/rsocket/metadata/BearerTokenMetadata.java
+++ b/rsocket/src/main/java/org/springframework/security/rsocket/metadata/BearerTokenMetadata.java
@@ -14,28 +14,30 @@
  * limitations under the License.
  */
 
-
 package org.springframework.security.rsocket.metadata;
 
 import org.springframework.http.MediaType;
 import org.springframework.util.MimeType;
 
 /**
- * Represents a bearer token that has been encoded into a
- * {@link Payload#metadata()}.
+ * Represents a bearer token that has been encoded into a {@link Payload#metadata()}.
  *
  * @author Rob Winch
  * @since 5.2
  */
 public class BearerTokenMetadata {
+
 	/**
 	 * Represents a bearer token which is encoded as a String.
 	 *
 	 * See <a href="https://github.com/rsocket/rsocket/issues/272">rsocket/rsocket#272</a>
-	 * @deprecated Basic did not evolve into the standard. Instead use Simple Authentication MimeTypeUtils.parseMimeType(WellKnownMimeType.MESSAGE_RSOCKET_AUTHENTICATION.getString())
+	 * @deprecated Basic did not evolve into the standard. Instead use Simple
+	 * Authentication
+	 * MimeTypeUtils.parseMimeType(WellKnownMimeType.MESSAGE_RSOCKET_AUTHENTICATION.getString())
 	 */
 	@Deprecated
-	public static final MimeType BEARER_AUTHENTICATION_MIME_TYPE = new MediaType("message", "x.rsocket.authentication.bearer.v0");
+	public static final MimeType BEARER_AUTHENTICATION_MIME_TYPE = new MediaType("message",
+			"x.rsocket.authentication.bearer.v0");
 
 	private final String token;
 
@@ -46,4 +48,5 @@ public class BearerTokenMetadata {
 	public String getToken() {
 		return this.token;
 	}
+
 }
diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/metadata/SimpleAuthenticationEncoder.java b/rsocket/src/main/java/org/springframework/security/rsocket/metadata/SimpleAuthenticationEncoder.java
index eb4b0c737e..01f31b172d 100644
--- a/rsocket/src/main/java/org/springframework/security/rsocket/metadata/SimpleAuthenticationEncoder.java
+++ b/rsocket/src/main/java/org/springframework/security/rsocket/metadata/SimpleAuthenticationEncoder.java
@@ -32,17 +32,17 @@ import reactor.core.publisher.Flux;
 import java.util.Map;
 
 /**
- * Encodes
- * <a href="https://github.com/rsocket/rsocket/blob/5920ed374d008abb712cb1fd7c9d91778b2f4a68/Extensions/Security/Simple.md">Simple</a>
+ * Encodes <a href=
+ * "https://github.com/rsocket/rsocket/blob/5920ed374d008abb712cb1fd7c9d91778b2f4a68/Extensions/Security/Simple.md">Simple</a>
  * Authentication.
  *
  * @author Rob Winch
  * @since 5.3
  */
-public class SimpleAuthenticationEncoder extends
-		AbstractEncoder<UsernamePasswordMetadata> {
+public class SimpleAuthenticationEncoder extends AbstractEncoder<UsernamePasswordMetadata> {
 
-	private static final MimeType AUTHENTICATION_MIME_TYPE = MimeTypeUtils.parseMimeType("message/x.rsocket.authentication.v0");
+	private static final MimeType AUTHENTICATION_MIME_TYPE = MimeTypeUtils
+			.parseMimeType("message/x.rsocket.authentication.v0");
 
 	private NettyDataBufferFactory defaultBufferFactory = new NettyDataBufferFactory(ByteBufAllocator.DEFAULT);
 
@@ -51,24 +51,21 @@ public class SimpleAuthenticationEncoder extends
 	}
 
 	@Override
-	public Flux<DataBuffer> encode(
-			Publisher<? extends UsernamePasswordMetadata> inputStream,
-			DataBufferFactory bufferFactory, ResolvableType elementType,
-			MimeType mimeType, Map<String, Object> hints) {
-		return Flux.from(inputStream).map(credentials ->
-				encodeValue(credentials, bufferFactory, elementType, mimeType, hints));
+	public Flux<DataBuffer> encode(Publisher<? extends UsernamePasswordMetadata> inputStream,
+			DataBufferFactory bufferFactory, ResolvableType elementType, MimeType mimeType, Map<String, Object> hints) {
+		return Flux.from(inputStream)
+				.map(credentials -> encodeValue(credentials, bufferFactory, elementType, mimeType, hints));
 	}
 
 	@Override
-	public DataBuffer encodeValue(UsernamePasswordMetadata credentials,
-			DataBufferFactory bufferFactory, ResolvableType valueType, MimeType mimeType,
-			Map<String, Object> hints) {
+	public DataBuffer encodeValue(UsernamePasswordMetadata credentials, DataBufferFactory bufferFactory,
+			ResolvableType valueType, MimeType mimeType, Map<String, Object> hints) {
 		String username = credentials.getUsername();
 		String password = credentials.getPassword();
 		NettyDataBufferFactory factory = nettyFactory(bufferFactory);
 		ByteBufAllocator allocator = factory.getByteBufAllocator();
-		ByteBuf simpleAuthentication = AuthMetadataCodec
-				.encodeSimpleMetadata(allocator, username.toCharArray(), password.toCharArray());
+		ByteBuf simpleAuthentication = AuthMetadataCodec.encodeSimpleMetadata(allocator, username.toCharArray(),
+				password.toCharArray());
 		return factory.wrap(simpleAuthentication);
 	}
 
@@ -78,4 +75,5 @@ public class SimpleAuthenticationEncoder extends
 		}
 		return this.defaultBufferFactory;
 	}
+
 }
diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/metadata/UsernamePasswordMetadata.java b/rsocket/src/main/java/org/springframework/security/rsocket/metadata/UsernamePasswordMetadata.java
index dab4ad6ea5..946e5227a7 100644
--- a/rsocket/src/main/java/org/springframework/security/rsocket/metadata/UsernamePasswordMetadata.java
+++ b/rsocket/src/main/java/org/springframework/security/rsocket/metadata/UsernamePasswordMetadata.java
@@ -28,15 +28,19 @@ import org.springframework.util.MimeType;
  * @since 5.2
  */
 public final class UsernamePasswordMetadata {
+
 	/**
 	 * Represents a username password which is encoded as
 	 * {@code ${username-bytes-length}${username-bytes}${password-bytes}}.
 	 *
 	 * See <a href="https://github.com/rsocket/rsocket/issues/272">rsocket/rsocket#272</a>
-	 * @deprecated Basic did not evolve into the standard. Instead use Simple Authentication MimeTypeUtils.parseMimeType(WellKnownMimeType.MESSAGE_RSOCKET_AUTHENTICATION.getString())
+	 * @deprecated Basic did not evolve into the standard. Instead use Simple
+	 * Authentication
+	 * MimeTypeUtils.parseMimeType(WellKnownMimeType.MESSAGE_RSOCKET_AUTHENTICATION.getString())
 	 */
 	@Deprecated
-	public static final MimeType BASIC_AUTHENTICATION_MIME_TYPE = new MediaType("message", "x.rsocket.authentication.basic.v0");
+	public static final MimeType BASIC_AUTHENTICATION_MIME_TYPE = new MediaType("message",
+			"x.rsocket.authentication.basic.v0");
 
 	private final String username;
 
@@ -54,4 +58,5 @@ public final class UsernamePasswordMetadata {
 	public String getPassword() {
 		return this.password;
 	}
+
 }
diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/util/matcher/PayloadExchangeAuthorizationContext.java b/rsocket/src/main/java/org/springframework/security/rsocket/util/matcher/PayloadExchangeAuthorizationContext.java
index 7312dbb4d0..4f0882905d 100644
--- a/rsocket/src/main/java/org/springframework/security/rsocket/util/matcher/PayloadExchangeAuthorizationContext.java
+++ b/rsocket/src/main/java/org/springframework/security/rsocket/util/matcher/PayloadExchangeAuthorizationContext.java
@@ -26,7 +26,9 @@ import java.util.Map;
  * @since 5.2
  */
 public class PayloadExchangeAuthorizationContext {
+
 	private final PayloadExchange exchange;
+
 	private final Map<String, Object> variables;
 
 	public PayloadExchangeAuthorizationContext(PayloadExchange exchange) {
@@ -45,4 +47,5 @@ public class PayloadExchangeAuthorizationContext {
 	public Map<String, Object> getVariables() {
 		return Collections.unmodifiableMap(this.variables);
 	}
+
 }
diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/util/matcher/PayloadExchangeMatcher.java b/rsocket/src/main/java/org/springframework/security/rsocket/util/matcher/PayloadExchangeMatcher.java
index cf8f00bc98..d1310eb15b 100644
--- a/rsocket/src/main/java/org/springframework/security/rsocket/util/matcher/PayloadExchangeMatcher.java
+++ b/rsocket/src/main/java/org/springframework/security/rsocket/util/matcher/PayloadExchangeMatcher.java
@@ -24,6 +24,7 @@ import java.util.Map;
 
 /**
  * An interface for determining if a {@link PayloadExchangeMatcher} matches.
+ *
  * @author Rob Winch
  * @since 5.2
  */
@@ -40,7 +41,9 @@ public interface PayloadExchangeMatcher {
 	 * The result of matching
 	 */
 	class MatchResult {
+
 		private final boolean match;
+
 		private final Map<String, Object> variables;
 
 		private MatchResult(boolean match, Map<String, Object> variables) {
@@ -70,7 +73,8 @@ public interface PayloadExchangeMatcher {
 
 		/**
 		 *
-		 * Creates an instance of {@link MatchResult} that is a match with the specified variables
+		 * Creates an instance of {@link MatchResult} that is a match with the specified
+		 * variables
 		 * @param variables
 		 * @return
 		 */
@@ -85,5 +89,7 @@ public interface PayloadExchangeMatcher {
 		public static Mono<MatchResult> notMatch() {
 			return Mono.just(new MatchResult(false, Collections.emptyMap()));
 		}
+
 	}
+
 }
diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/util/matcher/PayloadExchangeMatcherEntry.java b/rsocket/src/main/java/org/springframework/security/rsocket/util/matcher/PayloadExchangeMatcherEntry.java
index 6f7aa6ae28..2431fc8bf4 100644
--- a/rsocket/src/main/java/org/springframework/security/rsocket/util/matcher/PayloadExchangeMatcherEntry.java
+++ b/rsocket/src/main/java/org/springframework/security/rsocket/util/matcher/PayloadExchangeMatcherEntry.java
@@ -20,7 +20,9 @@ package org.springframework.security.rsocket.util.matcher;
  * @author Rob Winch
  */
 public class PayloadExchangeMatcherEntry<T> {
+
 	private final PayloadExchangeMatcher matcher;
+
 	private final T entry;
 
 	public PayloadExchangeMatcherEntry(PayloadExchangeMatcher matcher, T entry) {
@@ -35,4 +37,5 @@ public class PayloadExchangeMatcherEntry<T> {
 	public T getEntry() {
 		return this.entry;
 	}
+
 }
diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/util/matcher/PayloadExchangeMatchers.java b/rsocket/src/main/java/org/springframework/security/rsocket/util/matcher/PayloadExchangeMatchers.java
index a6e110ebeb..ac1558fcf4 100644
--- a/rsocket/src/main/java/org/springframework/security/rsocket/util/matcher/PayloadExchangeMatchers.java
+++ b/rsocket/src/main/java/org/springframework/security/rsocket/util/matcher/PayloadExchangeMatchers.java
@@ -28,9 +28,8 @@ public abstract class PayloadExchangeMatchers {
 	public static PayloadExchangeMatcher setup() {
 		return new PayloadExchangeMatcher() {
 			public Mono<MatchResult> matches(PayloadExchange exchange) {
-				return PayloadExchangeType.SETUP.equals(exchange.getType()) ?
-						MatchResult.match() :
-						MatchResult.notMatch();
+				return PayloadExchangeType.SETUP.equals(exchange.getType()) ? MatchResult.match()
+						: MatchResult.notMatch();
 			}
 		};
 	}
@@ -38,9 +37,7 @@ public abstract class PayloadExchangeMatchers {
 	public static PayloadExchangeMatcher anyRequest() {
 		return new PayloadExchangeMatcher() {
 			public Mono<MatchResult> matches(PayloadExchange exchange) {
-				return exchange.getType().isRequest() ?
-						MatchResult.match() :
-						MatchResult.notMatch();
+				return exchange.getType().isRequest() ? MatchResult.match() : MatchResult.notMatch();
 			}
 		};
 	}
@@ -53,5 +50,7 @@ public abstract class PayloadExchangeMatchers {
 		};
 	}
 
-	private PayloadExchangeMatchers() {}
+	private PayloadExchangeMatchers() {
+	}
+
 }
diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/util/matcher/RoutePayloadExchangeMatcher.java b/rsocket/src/main/java/org/springframework/security/rsocket/util/matcher/RoutePayloadExchangeMatcher.java
index ce5bf542d7..27d63d7091 100644
--- a/rsocket/src/main/java/org/springframework/security/rsocket/util/matcher/RoutePayloadExchangeMatcher.java
+++ b/rsocket/src/main/java/org/springframework/security/rsocket/util/matcher/RoutePayloadExchangeMatcher.java
@@ -27,7 +27,7 @@ import java.util.Optional;
 
 /**
  * FIXME: Pay attention to the package this goes into. It requires spring-messaging for
- *        the MetadataExtractor.
+ * the MetadataExtractor.
  *
  * @author Rob Winch
  * @since 5.2
@@ -40,8 +40,7 @@ public class RoutePayloadExchangeMatcher implements PayloadExchangeMatcher {
 
 	private final RouteMatcher routeMatcher;
 
-	public RoutePayloadExchangeMatcher(MetadataExtractor metadataExtractor,
-			RouteMatcher routeMatcher, String pattern) {
+	public RoutePayloadExchangeMatcher(MetadataExtractor metadataExtractor, RouteMatcher routeMatcher, String pattern) {
 		Assert.notNull(pattern, "pattern cannot be null");
 		this.metadataExtractor = metadataExtractor;
 		this.routeMatcher = routeMatcher;
@@ -50,12 +49,12 @@ public class RoutePayloadExchangeMatcher implements PayloadExchangeMatcher {
 
 	@Override
 	public Mono<MatchResult> matches(PayloadExchange exchange) {
-		Map<String, Object> metadata = this.metadataExtractor
-				.extract(exchange.getPayload(), exchange.getMetadataMimeType());
+		Map<String, Object> metadata = this.metadataExtractor.extract(exchange.getPayload(),
+				exchange.getMetadataMimeType());
 		return Optional.ofNullable((String) metadata.get(MetadataExtractor.ROUTE_KEY))
-			.map(routeValue -> this.routeMatcher.parseRoute(routeValue))
-			.map(route -> this.routeMatcher.matchAndExtract(this.pattern, route))
-			.map(v -> MatchResult.match(v))
-			.orElse(MatchResult.notMatch());
+				.map(routeValue -> this.routeMatcher.parseRoute(routeValue))
+				.map(route -> this.routeMatcher.matchAndExtract(this.pattern, route)).map(v -> MatchResult.match(v))
+				.orElse(MatchResult.notMatch());
 	}
+
 }
diff --git a/rsocket/src/test/java/org/springframework/security/rsocket/authentication/AnonymousPayloadInterceptorTests.java b/rsocket/src/test/java/org/springframework/security/rsocket/authentication/AnonymousPayloadInterceptorTests.java
index 5aa69706fe..87c354e0c9 100644
--- a/rsocket/src/test/java/org/springframework/security/rsocket/authentication/AnonymousPayloadInterceptorTests.java
+++ b/rsocket/src/test/java/org/springframework/security/rsocket/authentication/AnonymousPayloadInterceptorTests.java
@@ -38,6 +38,7 @@ import static org.assertj.core.api.Assertions.*;
  */
 @RunWith(MockitoJUnitRunner.class)
 public class AnonymousPayloadInterceptorTests {
+
 	@Mock
 	private PayloadExchange exchange;
 
@@ -51,31 +52,27 @@ public class AnonymousPayloadInterceptorTests {
 	@Test
 	public void constructorKeyWhenKeyNullThenException() {
 		String key = null;
-		assertThatCode(() -> new AnonymousPayloadInterceptor(key))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatCode(() -> new AnonymousPayloadInterceptor(key)).isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
 	public void constructorKeyPrincipalAuthoritiesWhenKeyNullThenException() {
 		String key = null;
 		assertThatCode(() -> new AnonymousPayloadInterceptor(key, "principal",
-				AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS")))
-				.isInstanceOf(IllegalArgumentException.class);
+				AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS"))).isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
 	public void constructorKeyPrincipalAuthoritiesWhenPrincipalNullThenException() {
 		Object principal = null;
 		assertThatCode(() -> new AnonymousPayloadInterceptor("key", principal,
-				AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS")))
-				.isInstanceOf(IllegalArgumentException.class);
+				AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS"))).isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
 	public void constructorKeyPrincipalAuthoritiesWhenAuthoritiesNullThenException() {
 		List<GrantedAuthority> authorities = null;
-		assertThatCode(() -> new AnonymousPayloadInterceptor("key", "principal",
-				authorities))
+		assertThatCode(() -> new AnonymousPayloadInterceptor("key", "principal", authorities))
 				.isInstanceOf(IllegalArgumentException.class);
 	}
 
@@ -93,15 +90,14 @@ public class AnonymousPayloadInterceptorTests {
 	@Test
 	public void interceptWhenAuthenticationThenOriginalAuthentication() {
 		AuthenticationPayloadInterceptorChain chain = new AuthenticationPayloadInterceptorChain();
-		TestingAuthenticationToken expected =
-				new TestingAuthenticationToken("test", "password");
+		TestingAuthenticationToken expected = new TestingAuthenticationToken("test", "password");
 
 		this.interceptor.intercept(this.exchange, chain)
-			.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(expected))
-			.block();
+				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(expected)).block();
 
 		Authentication authentication = chain.getAuthentication();
 
 		assertThat(authentication).isEqualTo(expected);
 	}
+
 }
diff --git a/rsocket/src/test/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadInterceptorChain.java b/rsocket/src/test/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadInterceptorChain.java
index 30693d6b45..68b3505aa4 100644
--- a/rsocket/src/test/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadInterceptorChain.java
+++ b/rsocket/src/test/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadInterceptorChain.java
@@ -27,6 +27,7 @@ import org.springframework.security.rsocket.api.PayloadExchange;
  * @author Rob Winch
  */
 class AuthenticationPayloadInterceptorChain implements PayloadInterceptorChain {
+
 	private Authentication authentication;
 
 	@Override
@@ -42,4 +43,5 @@ class AuthenticationPayloadInterceptorChain implements PayloadInterceptorChain {
 	public void setAuthentication(Authentication authentication) {
 		this.authentication = authentication;
 	}
+
 }
diff --git a/rsocket/src/test/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadInterceptorTests.java b/rsocket/src/test/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadInterceptorTests.java
index 7da8b63bcf..0cf10b8ecd 100644
--- a/rsocket/src/test/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadInterceptorTests.java
+++ b/rsocket/src/test/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadInterceptorTests.java
@@ -62,8 +62,10 @@ import static org.mockito.Mockito.when;
  */
 @RunWith(MockitoJUnitRunner.class)
 public class AuthenticationPayloadInterceptorTests {
-	static final MimeType COMPOSITE_METADATA = MimeTypeUtils.parseMimeType(
-			WellKnownMimeType.MESSAGE_RSOCKET_COMPOSITE_METADATA.getString());
+
+	static final MimeType COMPOSITE_METADATA = MimeTypeUtils
+			.parseMimeType(WellKnownMimeType.MESSAGE_RSOCKET_COMPOSITE_METADATA.getString());
+
 	@Mock
 	ReactiveAuthenticationManager authenticationManager;
 
@@ -72,50 +74,41 @@ public class AuthenticationPayloadInterceptorTests {
 
 	@Test
 	public void constructorWhenAuthenticationManagerNullThenException() {
-		assertThatCode(() -> new AuthenticationPayloadInterceptor(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatCode(() -> new AuthenticationPayloadInterceptor(null)).isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
 	public void interceptWhenBasicCredentialsThenAuthenticates() {
-		AuthenticationPayloadInterceptor interceptor = new AuthenticationPayloadInterceptor(
-				this.authenticationManager);
+		AuthenticationPayloadInterceptor interceptor = new AuthenticationPayloadInterceptor(this.authenticationManager);
 		PayloadExchange exchange = createExchange();
-		TestingAuthenticationToken expectedAuthentication =
-				new TestingAuthenticationToken("user", "password");
-		when(this.authenticationManager.authenticate(any())).thenReturn(Mono.just(
-				expectedAuthentication));
+		TestingAuthenticationToken expectedAuthentication = new TestingAuthenticationToken("user", "password");
+		when(this.authenticationManager.authenticate(any())).thenReturn(Mono.just(expectedAuthentication));
 
 		AuthenticationPayloadInterceptorChain authenticationPayloadChain = new AuthenticationPayloadInterceptorChain();
-		interceptor.intercept(exchange, authenticationPayloadChain)
-			.block();
+		interceptor.intercept(exchange, authenticationPayloadChain).block();
 
 		Authentication authentication = authenticationPayloadChain.getAuthentication();
 
 		verify(this.authenticationManager).authenticate(this.authenticationArg.capture());
-		assertThat(this.authenticationArg.getValue()).isEqualToComparingFieldByField(new UsernamePasswordAuthenticationToken("user", "password"));
+		assertThat(this.authenticationArg.getValue())
+				.isEqualToComparingFieldByField(new UsernamePasswordAuthenticationToken("user", "password"));
 		assertThat(authentication).isEqualTo(expectedAuthentication);
 	}
 
 	@Test
 	public void interceptWhenAuthenticationSuccessThenChainSubscribedOnce() {
-		AuthenticationPayloadInterceptor interceptor = new AuthenticationPayloadInterceptor(
-				this.authenticationManager);
+		AuthenticationPayloadInterceptor interceptor = new AuthenticationPayloadInterceptor(this.authenticationManager);
 
 		PayloadExchange exchange = createExchange();
-		TestingAuthenticationToken expectedAuthentication =
-				new TestingAuthenticationToken("user", "password");
-		when(this.authenticationManager.authenticate(any())).thenReturn(Mono.just(
-				expectedAuthentication));
+		TestingAuthenticationToken expectedAuthentication = new TestingAuthenticationToken("user", "password");
+		when(this.authenticationManager.authenticate(any())).thenReturn(Mono.just(expectedAuthentication));
 
 		PublisherProbe<Void> voidResult = PublisherProbe.empty();
 		PayloadInterceptorChain chain = mock(PayloadInterceptorChain.class);
 		when(chain.next(any())).thenReturn(voidResult.mono());
 
-
 		StepVerifier.create(interceptor.intercept(exchange, chain))
-			.then(() -> assertThat(voidResult.subscribeCount()).isEqualTo(1))
-			.verifyComplete();
+				.then(() -> assertThat(voidResult.subscribeCount()).isEqualTo(1)).verifyComplete();
 	}
 
 	private Payload createRequestPayload() {
@@ -123,25 +116,22 @@ public class AuthenticationPayloadInterceptorTests {
 		UsernamePasswordMetadata credentials = new UsernamePasswordMetadata("user", "password");
 		BasicAuthenticationEncoder encoder = new BasicAuthenticationEncoder();
 		DefaultDataBufferFactory factory = new DefaultDataBufferFactory();
-		ResolvableType elementType = ResolvableType
-				.forClass(UsernamePasswordMetadata.class);
+		ResolvableType elementType = ResolvableType.forClass(UsernamePasswordMetadata.class);
 		MimeType mimeType = UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE;
 		Map<String, Object> hints = null;
-		DataBuffer dataBuffer = encoder.encodeValue(credentials, factory,
-				elementType, mimeType, hints);
+		DataBuffer dataBuffer = encoder.encodeValue(credentials, factory, elementType, mimeType, hints);
 
 		ByteBufAllocator allocator = ByteBufAllocator.DEFAULT;
 		CompositeByteBuf metadata = allocator.compositeBuffer();
-		CompositeMetadataCodec.encodeAndAddMetadata(
-				metadata, allocator, mimeType.toString(), NettyDataBufferFactory.toByteBuf(dataBuffer));
+		CompositeMetadataCodec.encodeAndAddMetadata(metadata, allocator, mimeType.toString(),
+				NettyDataBufferFactory.toByteBuf(dataBuffer));
 
-		return DefaultPayload.create(allocator.buffer(),
-				metadata);
+		return DefaultPayload.create(allocator.buffer(), metadata);
 	}
 
 	private PayloadExchange createExchange() {
-		return new DefaultPayloadExchange(PayloadExchangeType.REQUEST_RESPONSE, createRequestPayload(), COMPOSITE_METADATA,
-				MediaType.APPLICATION_JSON);
+		return new DefaultPayloadExchange(PayloadExchangeType.REQUEST_RESPONSE, createRequestPayload(),
+				COMPOSITE_METADATA, MediaType.APPLICATION_JSON);
 	}
 
 }
diff --git a/rsocket/src/test/java/org/springframework/security/rsocket/authorization/AuthorizationPayloadInterceptorTests.java b/rsocket/src/test/java/org/springframework/security/rsocket/authorization/AuthorizationPayloadInterceptorTests.java
index 5e5178a46d..e47494e886 100644
--- a/rsocket/src/test/java/org/springframework/security/rsocket/authorization/AuthorizationPayloadInterceptorTests.java
+++ b/rsocket/src/test/java/org/springframework/security/rsocket/authorization/AuthorizationPayloadInterceptorTests.java
@@ -42,6 +42,7 @@ import static org.springframework.security.authorization.AuthorityReactiveAuthor
  */
 @RunWith(MockitoJUnitRunner.class)
 public class AuthorizationPayloadInterceptorTests {
+
 	@Mock
 	private ReactiveAuthorizationManager<PayloadExchange> authorizationManager;
 
@@ -59,42 +60,35 @@ public class AuthorizationPayloadInterceptorTests {
 	public void interceptWhenAuthenticationEmptyAndSubscribedThenException() {
 		when(this.chain.next(any())).thenReturn(this.chainResult.mono());
 
-		AuthorizationPayloadInterceptor interceptor =
-				new AuthorizationPayloadInterceptor(authenticated());
+		AuthorizationPayloadInterceptor interceptor = new AuthorizationPayloadInterceptor(authenticated());
 
 		StepVerifier.create(interceptor.intercept(this.exchange, this.chain))
-			.then(() -> this.chainResult.assertWasNotSubscribed())
-			.verifyError(AuthenticationCredentialsNotFoundException.class);
+				.then(() -> this.chainResult.assertWasNotSubscribed())
+				.verifyError(AuthenticationCredentialsNotFoundException.class);
 	}
 
 	@Test
 	public void interceptWhenAuthenticationNotSubscribedAndEmptyThenCompletes() {
 		when(this.chain.next(any())).thenReturn(this.chainResult.mono());
-		when(this.authorizationManager.verify(any(), any()))
-			.thenReturn(this.managerResult.mono());
+		when(this.authorizationManager.verify(any(), any())).thenReturn(this.managerResult.mono());
 
-		AuthorizationPayloadInterceptor interceptor =
-				new AuthorizationPayloadInterceptor(this.authorizationManager);
+		AuthorizationPayloadInterceptor interceptor = new AuthorizationPayloadInterceptor(this.authorizationManager);
 
 		StepVerifier.create(interceptor.intercept(this.exchange, this.chain))
-				.then(() -> this.chainResult.assertWasSubscribed())
-				.verifyComplete();
+				.then(() -> this.chainResult.assertWasSubscribed()).verifyComplete();
 	}
 
 	@Test
 	public void interceptWhenNotAuthorizedThenException() {
 		when(this.chain.next(any())).thenReturn(this.chainResult.mono());
 
-		AuthorizationPayloadInterceptor interceptor =
-				new AuthorizationPayloadInterceptor(hasRole("USER"));
+		AuthorizationPayloadInterceptor interceptor = new AuthorizationPayloadInterceptor(hasRole("USER"));
 		Context userContext = ReactiveSecurityContextHolder
 				.withAuthentication(new TestingAuthenticationToken("user", "password"));
 
-		Mono<Void> intercept = interceptor.intercept(this.exchange, this.chain)
-				.subscriberContext(userContext);
+		Mono<Void> intercept = interceptor.intercept(this.exchange, this.chain).subscriberContext(userContext);
 
-		StepVerifier.create(intercept)
-				.then(() -> this.chainResult.assertWasNotSubscribed())
+		StepVerifier.create(intercept).then(() -> this.chainResult.assertWasNotSubscribed())
 				.verifyError(AccessDeniedException.class);
 	}
 
@@ -102,16 +96,13 @@ public class AuthorizationPayloadInterceptorTests {
 	public void interceptWhenAuthorizedThenContinues() {
 		when(this.chain.next(any())).thenReturn(this.chainResult.mono());
 
-		AuthorizationPayloadInterceptor interceptor =
-				new AuthorizationPayloadInterceptor(authenticated());
+		AuthorizationPayloadInterceptor interceptor = new AuthorizationPayloadInterceptor(authenticated());
 		Context userContext = ReactiveSecurityContextHolder
 				.withAuthentication(new TestingAuthenticationToken("user", "password", "ROLE_USER"));
 
-		Mono<Void> intercept = interceptor.intercept(this.exchange, this.chain)
-				.subscriberContext(userContext);
+		Mono<Void> intercept = interceptor.intercept(this.exchange, this.chain).subscriberContext(userContext);
 
-		StepVerifier.create(intercept)
-				.then(() -> this.chainResult.assertWasSubscribed())
-				.verifyComplete();
+		StepVerifier.create(intercept).then(() -> this.chainResult.assertWasSubscribed()).verifyComplete();
 	}
+
 }
diff --git a/rsocket/src/test/java/org/springframework/security/rsocket/authorization/PayloadExchangeMatcherReactiveAuthorizationManagerTests.java b/rsocket/src/test/java/org/springframework/security/rsocket/authorization/PayloadExchangeMatcherReactiveAuthorizationManagerTests.java
index 2a0fceafe3..f33546ac29 100644
--- a/rsocket/src/test/java/org/springframework/security/rsocket/authorization/PayloadExchangeMatcherReactiveAuthorizationManagerTests.java
+++ b/rsocket/src/test/java/org/springframework/security/rsocket/authorization/PayloadExchangeMatcherReactiveAuthorizationManagerTests.java
@@ -51,58 +51,47 @@ public class PayloadExchangeMatcherReactiveAuthorizationManagerTests {
 	@Test
 	public void checkWhenGrantedThenGranted() {
 		AuthorizationDecision expected = new AuthorizationDecision(true);
-		when(this.authz.check(any(), any())).thenReturn(Mono.just(
-				expected));
-		PayloadExchangeMatcherReactiveAuthorizationManager manager =
-				PayloadExchangeMatcherReactiveAuthorizationManager.builder()
-						.add(new PayloadExchangeMatcherEntry<>(PayloadExchangeMatchers.anyExchange(), this.authz))
-						.build();
+		when(this.authz.check(any(), any())).thenReturn(Mono.just(expected));
+		PayloadExchangeMatcherReactiveAuthorizationManager manager = PayloadExchangeMatcherReactiveAuthorizationManager
+				.builder().add(new PayloadExchangeMatcherEntry<>(PayloadExchangeMatchers.anyExchange(), this.authz))
+				.build();
 
-		assertThat(manager.check(Mono.empty(), this.exchange).block())
-				.isEqualTo(expected);
+		assertThat(manager.check(Mono.empty(), this.exchange).block()).isEqualTo(expected);
 	}
 
 	@Test
 	public void checkWhenDeniedThenDenied() {
 		AuthorizationDecision expected = new AuthorizationDecision(false);
-		when(this.authz.check(any(), any())).thenReturn(Mono.just(
-				expected));
-		PayloadExchangeMatcherReactiveAuthorizationManager manager =
-				PayloadExchangeMatcherReactiveAuthorizationManager.builder()
-						.add(new PayloadExchangeMatcherEntry<>(PayloadExchangeMatchers.anyExchange(), this.authz))
-						.build();
+		when(this.authz.check(any(), any())).thenReturn(Mono.just(expected));
+		PayloadExchangeMatcherReactiveAuthorizationManager manager = PayloadExchangeMatcherReactiveAuthorizationManager
+				.builder().add(new PayloadExchangeMatcherEntry<>(PayloadExchangeMatchers.anyExchange(), this.authz))
+				.build();
 
-		assertThat(manager.check(Mono.empty(), this.exchange).block())
-				.isEqualTo(expected);
+		assertThat(manager.check(Mono.empty(), this.exchange).block()).isEqualTo(expected);
 	}
 
 	@Test
 	public void checkWhenFirstMatchThenSecondUsed() {
 		AuthorizationDecision expected = new AuthorizationDecision(true);
-		when(this.authz.check(any(), any())).thenReturn(Mono.just(
-				expected));
-		PayloadExchangeMatcherReactiveAuthorizationManager manager =
-				PayloadExchangeMatcherReactiveAuthorizationManager.builder()
-						.add(new PayloadExchangeMatcherEntry<>(PayloadExchangeMatchers.anyExchange(), this.authz))
-						.add(new PayloadExchangeMatcherEntry<>(e -> PayloadExchangeMatcher.MatchResult.notMatch(), this.authz2))
-						.build();
+		when(this.authz.check(any(), any())).thenReturn(Mono.just(expected));
+		PayloadExchangeMatcherReactiveAuthorizationManager manager = PayloadExchangeMatcherReactiveAuthorizationManager
+				.builder().add(new PayloadExchangeMatcherEntry<>(PayloadExchangeMatchers.anyExchange(), this.authz))
+				.add(new PayloadExchangeMatcherEntry<>(e -> PayloadExchangeMatcher.MatchResult.notMatch(), this.authz2))
+				.build();
 
-		assertThat(manager.check(Mono.empty(), this.exchange).block())
-				.isEqualTo(expected);
+		assertThat(manager.check(Mono.empty(), this.exchange).block()).isEqualTo(expected);
 	}
 
 	@Test
 	public void checkWhenSecondMatchThenSecondUsed() {
 		AuthorizationDecision expected = new AuthorizationDecision(true);
-		when(this.authz2.check(any(), any())).thenReturn(Mono.just(
-				expected));
-		PayloadExchangeMatcherReactiveAuthorizationManager manager =
-				PayloadExchangeMatcherReactiveAuthorizationManager.builder()
-						.add(new PayloadExchangeMatcherEntry<>(e -> PayloadExchangeMatcher.MatchResult.notMatch(), this.authz))
-						.add(new PayloadExchangeMatcherEntry<>(PayloadExchangeMatchers.anyExchange(), this.authz2))
-						.build();
+		when(this.authz2.check(any(), any())).thenReturn(Mono.just(expected));
+		PayloadExchangeMatcherReactiveAuthorizationManager manager = PayloadExchangeMatcherReactiveAuthorizationManager
+				.builder()
+				.add(new PayloadExchangeMatcherEntry<>(e -> PayloadExchangeMatcher.MatchResult.notMatch(), this.authz))
+				.add(new PayloadExchangeMatcherEntry<>(PayloadExchangeMatchers.anyExchange(), this.authz2)).build();
 
-		assertThat(manager.check(Mono.empty(), this.exchange).block())
-				.isEqualTo(expected);
+		assertThat(manager.check(Mono.empty(), this.exchange).block()).isEqualTo(expected);
 	}
+
 }
diff --git a/rsocket/src/test/java/org/springframework/security/rsocket/core/CaptureSecurityContextSocketAcceptor.java b/rsocket/src/test/java/org/springframework/security/rsocket/core/CaptureSecurityContextSocketAcceptor.java
index f434ed4c70..0146455715 100644
--- a/rsocket/src/test/java/org/springframework/security/rsocket/core/CaptureSecurityContextSocketAcceptor.java
+++ b/rsocket/src/test/java/org/springframework/security/rsocket/core/CaptureSecurityContextSocketAcceptor.java
@@ -25,10 +25,13 @@ import org.springframework.security.core.context.ReactiveSecurityContextHolder;
 import org.springframework.security.core.context.SecurityContext;
 
 /**
- * A {@link SocketAcceptor} that captures the {@link SecurityContext} and then continues with the {@link RSocket}
+ * A {@link SocketAcceptor} that captures the {@link SecurityContext} and then continues
+ * with the {@link RSocket}
+ *
  * @author Rob Winch
  */
 class CaptureSecurityContextSocketAcceptor implements SocketAcceptor {
+
 	private final RSocket accept;
 
 	private SecurityContext securityContext;
@@ -40,11 +43,11 @@ class CaptureSecurityContextSocketAcceptor implements SocketAcceptor {
 	@Override
 	public Mono<RSocket> accept(ConnectionSetupPayload setup, RSocket sendingSocket) {
 		return ReactiveSecurityContextHolder.getContext()
-			.doOnNext(securityContext -> this.securityContext = securityContext)
-			.thenReturn(this.accept);
+				.doOnNext(securityContext -> this.securityContext = securityContext).thenReturn(this.accept);
 	}
 
 	public SecurityContext getSecurityContext() {
 		return this.securityContext;
 	}
+
 }
diff --git a/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadInterceptorRSocketTests.java b/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadInterceptorRSocketTests.java
index a925ac676e..c5c259de8f 100644
--- a/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadInterceptorRSocketTests.java
+++ b/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadInterceptorRSocketTests.java
@@ -64,8 +64,8 @@ import static org.mockito.Mockito.when;
 @RunWith(MockitoJUnitRunner.class)
 public class PayloadInterceptorRSocketTests {
 
-	static final MimeType COMPOSITE_METADATA = MimeTypeUtils.parseMimeType(
-			WellKnownMimeType.MESSAGE_RSOCKET_COMPOSITE_METADATA.getString());
+	static final MimeType COMPOSITE_METADATA = MimeTypeUtils
+			.parseMimeType(WellKnownMimeType.MESSAGE_RSOCKET_COMPOSITE_METADATA.getString());
 
 	@Mock
 	RSocket delegate;
@@ -95,26 +95,22 @@ public class PayloadInterceptorRSocketTests {
 		this.delegate = null;
 		List<PayloadInterceptor> interceptors = Arrays.asList(this.interceptor);
 		assertThatCode(() -> {
-				new PayloadInterceptorRSocket(this.delegate, interceptors,
-						metadataMimeType, dataMimeType);
-			})
-			.isInstanceOf(IllegalArgumentException.class);
+			new PayloadInterceptorRSocket(this.delegate, interceptors, metadataMimeType, dataMimeType);
+		}).isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
 	public void constructorWhenNullInterceptorsThenException() {
 		List<PayloadInterceptor> interceptors = null;
-		assertThatCode(() -> new PayloadInterceptorRSocket(this.delegate, interceptors,
-				metadataMimeType, dataMimeType))
-			.isInstanceOf(IllegalArgumentException.class);
+		assertThatCode(() -> new PayloadInterceptorRSocket(this.delegate, interceptors, metadataMimeType, dataMimeType))
+				.isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
 	public void constructorWhenEmptyInterceptorsThenException() {
 		List<PayloadInterceptor> interceptors = Collections.emptyList();
-		assertThatCode(() -> new PayloadInterceptorRSocket(this.delegate, interceptors,
-				metadataMimeType, dataMimeType))
-			.isInstanceOf(IllegalArgumentException.class);
+		assertThatCode(() -> new PayloadInterceptorRSocket(this.delegate, interceptors, metadataMimeType, dataMimeType))
+				.isInstanceOf(IllegalArgumentException.class);
 	}
 
 	// single interceptor
@@ -127,9 +123,8 @@ public class PayloadInterceptorRSocketTests {
 		PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(this.delegate,
 				Arrays.asList(this.interceptor), metadataMimeType, dataMimeType);
 
-		StepVerifier.create(interceptor.fireAndForget(this.payload))
-			.then(() -> this.voidResult.assertWasSubscribed())
-			.verifyComplete();
+		StepVerifier.create(interceptor.fireAndForget(this.payload)).then(() -> this.voidResult.assertWasSubscribed())
+				.verifyComplete();
 
 		verify(this.interceptor).intercept(this.exchange.capture(), any());
 		assertThat(this.exchange.getValue().getPayload()).isEqualTo(this.payload);
@@ -144,8 +139,8 @@ public class PayloadInterceptorRSocketTests {
 				Arrays.asList(this.interceptor), metadataMimeType, dataMimeType);
 
 		StepVerifier.create(interceptor.fireAndForget(this.payload))
-			.then(() -> this.voidResult.assertWasNotSubscribed())
-			.verifyErrorSatisfies(e -> assertThat(e).isEqualTo(expected));
+				.then(() -> this.voidResult.assertWasNotSubscribed())
+				.verifyErrorSatisfies(e -> assertThat(e).isEqualTo(expected));
 
 		verify(this.interceptor).intercept(this.exchange.capture(), any());
 		assertThat(this.exchange.getValue().getPayload()).isEqualTo(this.payload);
@@ -160,8 +155,7 @@ public class PayloadInterceptorRSocketTests {
 		RSocket assertAuthentication = new RSocketProxy(this.delegate) {
 			@Override
 			public Mono<Void> fireAndForget(Payload payload) {
-				return assertAuthentication(authentication)
-						.flatMap(a -> super.fireAndForget(payload));
+				return assertAuthentication(authentication).flatMap(a -> super.fireAndForget(payload));
 			}
 		};
 		PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(assertAuthentication,
@@ -183,10 +177,8 @@ public class PayloadInterceptorRSocketTests {
 				Arrays.asList(this.interceptor), metadataMimeType, dataMimeType);
 
 		StepVerifier.create(interceptor.requestResponse(this.payload))
-			.then(() -> this.payloadResult.assertSubscribers())
-			.then(() -> this.payloadResult.emit(this.payload))
-			.expectNext(this.payload)
-			.verifyComplete();
+				.then(() -> this.payloadResult.assertSubscribers()).then(() -> this.payloadResult.emit(this.payload))
+				.expectNext(this.payload).verifyComplete();
 
 		verify(this.interceptor).intercept(this.exchange.capture(), any());
 		assertThat(this.exchange.getValue().getPayload()).isEqualTo(this.payload);
@@ -217,18 +209,15 @@ public class PayloadInterceptorRSocketTests {
 		RSocket assertAuthentication = new RSocketProxy(this.delegate) {
 			@Override
 			public Mono<Payload> requestResponse(Payload payload) {
-				return assertAuthentication(authentication)
-						.flatMap(a -> super.requestResponse(payload));
+				return assertAuthentication(authentication).flatMap(a -> super.requestResponse(payload));
 			}
 		};
 		PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(assertAuthentication,
 				Arrays.asList(this.interceptor), metadataMimeType, dataMimeType);
 
 		StepVerifier.create(interceptor.requestResponse(this.payload))
-				.then(() -> this.payloadResult.assertSubscribers())
-				.then(() -> this.payloadResult.emit(this.payload))
-				.expectNext(this.payload)
-				.verifyComplete();
+				.then(() -> this.payloadResult.assertSubscribers()).then(() -> this.payloadResult.emit(this.payload))
+				.expectNext(this.payload).verifyComplete();
 
 		verify(this.interceptor).intercept(this.exchange.capture(), any());
 		assertThat(this.exchange.getValue().getPayload()).isEqualTo(this.payload);
@@ -243,11 +232,8 @@ public class PayloadInterceptorRSocketTests {
 		PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(this.delegate,
 				Arrays.asList(this.interceptor), metadataMimeType, dataMimeType);
 
-		StepVerifier.create(interceptor.requestStream(this.payload))
-				.then(() -> this.payloadResult.assertSubscribers())
-				.then(() -> this.payloadResult.emit(this.payload))
-				.expectNext(this.payload)
-				.verifyComplete();
+		StepVerifier.create(interceptor.requestStream(this.payload)).then(() -> this.payloadResult.assertSubscribers())
+				.then(() -> this.payloadResult.emit(this.payload)).expectNext(this.payload).verifyComplete();
 
 		verify(this.interceptor).intercept(this.exchange.capture(), any());
 		assertThat(this.exchange.getValue().getPayload()).isEqualTo(this.payload);
@@ -262,8 +248,8 @@ public class PayloadInterceptorRSocketTests {
 				Arrays.asList(this.interceptor), metadataMimeType, dataMimeType);
 
 		StepVerifier.create(interceptor.requestStream(this.payload))
-			.then(() -> this.payloadResult.assertNoSubscribers())
-			.verifyErrorSatisfies(e -> assertThat(e).isEqualTo(expected));
+				.then(() -> this.payloadResult.assertNoSubscribers())
+				.verifyErrorSatisfies(e -> assertThat(e).isEqualTo(expected));
 
 		verify(this.interceptor).intercept(this.exchange.capture(), any());
 		assertThat(this.exchange.getValue().getPayload()).isEqualTo(this.payload);
@@ -278,18 +264,14 @@ public class PayloadInterceptorRSocketTests {
 		RSocket assertAuthentication = new RSocketProxy(this.delegate) {
 			@Override
 			public Flux<Payload> requestStream(Payload payload) {
-				return assertAuthentication(authentication)
-						.flatMapMany(a -> super.requestStream(payload));
+				return assertAuthentication(authentication).flatMapMany(a -> super.requestStream(payload));
 			}
 		};
 		PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(assertAuthentication,
 				Arrays.asList(this.interceptor), metadataMimeType, dataMimeType);
 
-		StepVerifier.create(interceptor.requestStream(this.payload))
-				.then(() -> this.payloadResult.assertSubscribers())
-				.then(() -> this.payloadResult.emit(this.payload))
-				.expectNext(this.payload)
-				.verifyComplete();
+		StepVerifier.create(interceptor.requestStream(this.payload)).then(() -> this.payloadResult.assertSubscribers())
+				.then(() -> this.payloadResult.emit(this.payload)).expectNext(this.payload).verifyComplete();
 
 		verify(this.interceptor).intercept(this.exchange.capture(), any());
 		assertThat(this.exchange.getValue().getPayload()).isEqualTo(this.payload);
@@ -305,10 +287,8 @@ public class PayloadInterceptorRSocketTests {
 				Arrays.asList(this.interceptor), metadataMimeType, dataMimeType);
 
 		StepVerifier.create(interceptor.requestChannel(Flux.just(this.payload)))
-				.then(() -> this.payloadResult.assertSubscribers())
-				.then(() -> this.payloadResult.emit(this.payload))
-				.expectNext(this.payload)
-				.verifyComplete();
+				.then(() -> this.payloadResult.assertSubscribers()).then(() -> this.payloadResult.emit(this.payload))
+				.expectNext(this.payload).verifyComplete();
 
 		verify(this.interceptor).intercept(this.exchange.capture(), any());
 		assertThat(this.exchange.getValue().getPayload()).isEqualTo(this.payload);
@@ -324,8 +304,8 @@ public class PayloadInterceptorRSocketTests {
 				Arrays.asList(this.interceptor), this.metadataMimeType, this.dataMimeType);
 
 		StepVerifier.create(interceptor.requestChannel(Flux.just(this.payload)))
-			.then(() -> this.payloadResult.assertNoSubscribers())
-			.verifyErrorSatisfies(e -> assertThat(e).isEqualTo(expected));
+				.then(() -> this.payloadResult.assertNoSubscribers())
+				.verifyErrorSatisfies(e -> assertThat(e).isEqualTo(expected));
 
 		verify(this.interceptor).intercept(this.exchange.capture(), any());
 		assertThat(this.exchange.getValue().getPayload()).isEqualTo(this.payload);
@@ -341,18 +321,14 @@ public class PayloadInterceptorRSocketTests {
 		RSocket assertAuthentication = new RSocketProxy(this.delegate) {
 			@Override
 			public Flux<Payload> requestChannel(Publisher<Payload> payload) {
-				return assertAuthentication(authentication)
-						.flatMapMany(a -> super.requestChannel(payload));
+				return assertAuthentication(authentication).flatMapMany(a -> super.requestChannel(payload));
 			}
 		};
 		PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(assertAuthentication,
 				Arrays.asList(this.interceptor), metadataMimeType, dataMimeType);
 
-		StepVerifier.create(interceptor.requestChannel(payload))
-				.then(() -> this.payloadResult.assertSubscribers())
-				.then(() -> this.payloadResult.emit(this.payload))
-				.expectNext(this.payload)
-				.verifyComplete();
+		StepVerifier.create(interceptor.requestChannel(payload)).then(() -> this.payloadResult.assertSubscribers())
+				.then(() -> this.payloadResult.emit(this.payload)).expectNext(this.payload).verifyComplete();
 
 		verify(this.interceptor).intercept(this.exchange.capture(), any());
 		assertThat(this.exchange.getValue().getPayload()).isEqualTo(this.payload);
@@ -367,9 +343,8 @@ public class PayloadInterceptorRSocketTests {
 		PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(this.delegate,
 				Arrays.asList(this.interceptor), metadataMimeType, dataMimeType);
 
-		StepVerifier.create(interceptor.metadataPush(this.payload))
-			.then(() -> this.voidResult.assertWasSubscribed())
-			.verifyComplete();
+		StepVerifier.create(interceptor.metadataPush(this.payload)).then(() -> this.voidResult.assertWasSubscribed())
+				.verifyComplete();
 
 		verify(this.interceptor).intercept(this.exchange.capture(), any());
 		assertThat(this.exchange.getValue().getPayload()).isEqualTo(this.payload);
@@ -383,9 +358,8 @@ public class PayloadInterceptorRSocketTests {
 		PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(this.delegate,
 				Arrays.asList(this.interceptor), metadataMimeType, dataMimeType);
 
-		StepVerifier.create(interceptor.metadataPush(this.payload))
-			.then(() -> this.voidResult.assertWasNotSubscribed())
-			.verifyErrorSatisfies(e -> assertThat(e).isEqualTo(expected));
+		StepVerifier.create(interceptor.metadataPush(this.payload)).then(() -> this.voidResult.assertWasNotSubscribed())
+				.verifyErrorSatisfies(e -> assertThat(e).isEqualTo(expected));
 
 		verify(this.interceptor).intercept(this.exchange.capture(), any());
 		assertThat(this.exchange.getValue().getPayload()).isEqualTo(this.payload);
@@ -400,15 +374,13 @@ public class PayloadInterceptorRSocketTests {
 		RSocket assertAuthentication = new RSocketProxy(this.delegate) {
 			@Override
 			public Mono<Void> metadataPush(Payload payload) {
-				return assertAuthentication(authentication)
-						.flatMap(a -> super.metadataPush(payload));
+				return assertAuthentication(authentication).flatMap(a -> super.metadataPush(payload));
 			}
 		};
 		PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(assertAuthentication,
 				Arrays.asList(this.interceptor), metadataMimeType, dataMimeType);
 
-		StepVerifier.create(interceptor.metadataPush(this.payload))
-				.verifyComplete();
+		StepVerifier.create(interceptor.metadataPush(this.payload)).verifyComplete();
 
 		verify(this.interceptor).intercept(this.exchange.capture(), any());
 		assertThat(this.exchange.getValue().getPayload()).isEqualTo(this.payload);
@@ -425,8 +397,7 @@ public class PayloadInterceptorRSocketTests {
 		when(this.delegate.fireAndForget(any())).thenReturn(this.voidResult.mono());
 
 		PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(this.delegate,
-				Arrays.asList(this.interceptor, this.interceptor2), metadataMimeType,
-				dataMimeType);
+				Arrays.asList(this.interceptor, this.interceptor2), metadataMimeType, dataMimeType);
 
 		interceptor.fireAndForget(this.payload).block();
 
@@ -435,7 +406,6 @@ public class PayloadInterceptorRSocketTests {
 		this.voidResult.assertWasSubscribed();
 	}
 
-
 	@Test
 	public void fireAndForgetWhenInterceptorsMutatesPayloadThenDelegateInvoked() {
 		when(this.interceptor.intercept(any(), any())).thenAnswer(withChainNext());
@@ -443,8 +413,7 @@ public class PayloadInterceptorRSocketTests {
 		when(this.delegate.fireAndForget(any())).thenReturn(this.voidResult.mono());
 
 		PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(this.delegate,
-				Arrays.asList(this.interceptor, this.interceptor2), metadataMimeType,
-				dataMimeType);
+				Arrays.asList(this.interceptor, this.interceptor2), metadataMimeType, dataMimeType);
 
 		interceptor.fireAndForget(this.payload).block();
 
@@ -461,8 +430,7 @@ public class PayloadInterceptorRSocketTests {
 		when(this.interceptor.intercept(any(), any())).thenReturn(Mono.error(expected));
 
 		PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(this.delegate,
-				Arrays.asList(this.interceptor, this.interceptor2), metadataMimeType,
-				dataMimeType);
+				Arrays.asList(this.interceptor, this.interceptor2), metadataMimeType, dataMimeType);
 
 		assertThatCode(() -> interceptor.fireAndForget(this.payload).block()).isEqualTo(expected);
 
@@ -479,8 +447,7 @@ public class PayloadInterceptorRSocketTests {
 		when(this.interceptor2.intercept(any(), any())).thenReturn(Mono.error(expected));
 
 		PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(this.delegate,
-				Arrays.asList(this.interceptor, this.interceptor2), metadataMimeType,
-				dataMimeType);
+				Arrays.asList(this.interceptor, this.interceptor2), metadataMimeType, dataMimeType);
 
 		assertThatCode(() -> interceptor.fireAndForget(this.payload).block()).isEqualTo(expected);
 
@@ -491,16 +458,15 @@ public class PayloadInterceptorRSocketTests {
 	}
 
 	private Mono<Authentication> assertAuthentication(Authentication authentication) {
-		return ReactiveSecurityContextHolder.getContext()
-				.map(SecurityContext::getAuthentication)
+		return ReactiveSecurityContextHolder.getContext().map(SecurityContext::getAuthentication)
 				.doOnNext(a -> assertThat(a).isEqualTo(authentication));
 	}
 
 	private Answer<Object> withAuthenticated(Authentication authentication) {
 		return invocation -> {
 			PayloadInterceptorChain c = (PayloadInterceptorChain) invocation.getArguments()[1];
-			return c.next(new DefaultPayloadExchange(PayloadExchangeType.REQUEST_CHANNEL, this.payload, this.metadataMimeType,
-					this.dataMimeType))
+			return c.next(new DefaultPayloadExchange(PayloadExchangeType.REQUEST_CHANNEL, this.payload,
+					this.metadataMimeType, this.dataMimeType))
 					.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication));
 		};
 	}
@@ -512,4 +478,5 @@ public class PayloadInterceptorRSocketTests {
 			return chain.next(exchange);
 		};
 	}
+
 }
diff --git a/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadSocketAcceptorInterceptorTests.java b/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadSocketAcceptorInterceptorTests.java
index d06ac483d0..225a95b776 100644
--- a/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadSocketAcceptorInterceptorTests.java
+++ b/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadSocketAcceptorInterceptorTests.java
@@ -48,6 +48,7 @@ import static org.mockito.Mockito.when;
  */
 @RunWith(MockitoJUnitRunner.class)
 public class PayloadSocketAcceptorInterceptorTests {
+
 	@Mock
 	private PayloadInterceptor interceptor;
 
@@ -79,7 +80,8 @@ public class PayloadSocketAcceptorInterceptorTests {
 
 		PayloadExchange exchange = captureExchange();
 
-		assertThat(exchange.getMetadataMimeType().toString()).isEqualTo(WellKnownMimeType.MESSAGE_RSOCKET_COMPOSITE_METADATA.getString());
+		assertThat(exchange.getMetadataMimeType().toString())
+				.isEqualTo(WellKnownMimeType.MESSAGE_RSOCKET_COMPOSITE_METADATA.getString());
 		assertThat(exchange.getDataMimeType()).isEqualTo(MediaType.APPLICATION_JSON);
 	}
 
@@ -100,7 +102,8 @@ public class PayloadSocketAcceptorInterceptorTests {
 
 		PayloadExchange exchange = captureExchange();
 
-		assertThat(exchange.getMetadataMimeType().toString()).isEqualTo(WellKnownMimeType.MESSAGE_RSOCKET_COMPOSITE_METADATA.getString());
+		assertThat(exchange.getMetadataMimeType().toString())
+				.isEqualTo(WellKnownMimeType.MESSAGE_RSOCKET_COMPOSITE_METADATA.getString());
 		assertThat(exchange.getDataMimeType()).isEqualTo(MediaType.APPLICATION_JSON);
 	}
 
@@ -117,9 +120,9 @@ public class PayloadSocketAcceptorInterceptorTests {
 
 		result.fireAndForget(this.payload).block();
 
-		ArgumentCaptor<PayloadExchange> exchangeArg =
-				ArgumentCaptor.forClass(PayloadExchange.class);
+		ArgumentCaptor<PayloadExchange> exchangeArg = ArgumentCaptor.forClass(PayloadExchange.class);
 		verify(this.interceptor, times(2)).intercept(exchangeArg.capture(), any());
 		return exchangeArg.getValue();
 	}
+
 }
diff --git a/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadSocketAcceptorTests.java b/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadSocketAcceptorTests.java
index 69b7e2356d..6d907f604c 100644
--- a/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadSocketAcceptorTests.java
+++ b/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadSocketAcceptorTests.java
@@ -100,8 +100,8 @@ public class PayloadSocketAcceptorTests {
 
 	@Test
 	public void acceptWhenDataMimeTypeNullThenException() {
-		assertThatCode(() -> this.acceptor.accept(this.setupPayload, this.rSocket)
-				.block()).isInstanceOf(IllegalArgumentException.class);
+		assertThatCode(() -> this.acceptor.accept(this.setupPayload, this.rSocket).block())
+				.isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
@@ -132,8 +132,8 @@ public class PayloadSocketAcceptorTests {
 
 		PayloadExchange exchange = captureExchange();
 
-		assertThat(exchange.getMetadataMimeType()
-				.toString()).isEqualTo(WellKnownMimeType.MESSAGE_RSOCKET_COMPOSITE_METADATA.getString());
+		assertThat(exchange.getMetadataMimeType().toString())
+				.isEqualTo(WellKnownMimeType.MESSAGE_RSOCKET_COMPOSITE_METADATA.getString());
 		assertThat(exchange.getDataMimeType()).isEqualTo(MediaType.APPLICATION_JSON);
 	}
 
@@ -148,18 +148,19 @@ public class PayloadSocketAcceptorTests {
 		assertThat(exchange.getDataMimeType()).isEqualTo(MediaType.APPLICATION_JSON);
 	}
 
-
 	@Test
 	// gh-8654
 	public void acceptWhenDelegateAcceptRequiresReactiveSecurityContext() {
 		when(this.setupPayload.metadataMimeType()).thenReturn(MediaType.TEXT_PLAIN_VALUE);
 		when(this.setupPayload.dataMimeType()).thenReturn(MediaType.APPLICATION_JSON_VALUE);
-		SecurityContext expectedSecurityContext = new SecurityContextImpl(new TestingAuthenticationToken("user", "password", "ROLE_USER"));
-		CaptureSecurityContextSocketAcceptor captureSecurityContext = new CaptureSecurityContextSocketAcceptor(this.rSocket);
+		SecurityContext expectedSecurityContext = new SecurityContextImpl(
+				new TestingAuthenticationToken("user", "password", "ROLE_USER"));
+		CaptureSecurityContextSocketAcceptor captureSecurityContext = new CaptureSecurityContextSocketAcceptor(
+				this.rSocket);
 		PayloadInterceptor authenticateInterceptor = (exchange, chain) -> {
-			Context withSecurityContext = ReactiveSecurityContextHolder.withSecurityContext(Mono.just(expectedSecurityContext));
-			return chain.next(exchange)
-				.subscriberContext(withSecurityContext);
+			Context withSecurityContext = ReactiveSecurityContextHolder
+					.withSecurityContext(Mono.just(expectedSecurityContext));
+			return chain.next(exchange).subscriberContext(withSecurityContext);
 		};
 		List<PayloadInterceptor> interceptors = Arrays.asList(authenticateInterceptor);
 		this.acceptor = new PayloadSocketAcceptor(captureSecurityContext, interceptors);
@@ -181,9 +182,9 @@ public class PayloadSocketAcceptorTests {
 
 		result.fireAndForget(this.payload).block();
 
-		ArgumentCaptor<PayloadExchange> exchangeArg =
-				ArgumentCaptor.forClass(PayloadExchange.class);
+		ArgumentCaptor<PayloadExchange> exchangeArg = ArgumentCaptor.forClass(PayloadExchange.class);
 		verify(this.interceptor, times(2)).intercept(exchangeArg.capture(), any());
 		return exchangeArg.getValue();
 	}
+
 }
diff --git a/rsocket/src/test/java/org/springframework/security/rsocket/metadata/BasicAuthenticationDecoderTests.java b/rsocket/src/test/java/org/springframework/security/rsocket/metadata/BasicAuthenticationDecoderTests.java
index 2654d2378c..258f29d8df 100644
--- a/rsocket/src/test/java/org/springframework/security/rsocket/metadata/BasicAuthenticationDecoderTests.java
+++ b/rsocket/src/test/java/org/springframework/security/rsocket/metadata/BasicAuthenticationDecoderTests.java
@@ -31,20 +31,18 @@ import static org.assertj.core.api.Assertions.assertThat;
  * @author Rob Winch
  */
 public class BasicAuthenticationDecoderTests {
+
 	@Test
 	public void basicAuthenticationWhenEncodedThenDecodes() {
 		BasicAuthenticationEncoder encoder = new BasicAuthenticationEncoder();
 		BasicAuthenticationDecoder decoder = new BasicAuthenticationDecoder();
-		UsernamePasswordMetadata expectedCredentials =
-				new UsernamePasswordMetadata("rob", "password");
+		UsernamePasswordMetadata expectedCredentials = new UsernamePasswordMetadata("rob", "password");
 		DefaultDataBufferFactory factory = new DefaultDataBufferFactory();
-		ResolvableType elementType = ResolvableType
-				.forClass(UsernamePasswordMetadata.class);
+		ResolvableType elementType = ResolvableType.forClass(UsernamePasswordMetadata.class);
 		MimeType mimeType = UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE;
 		Map<String, Object> hints = null;
 
-		DataBuffer dataBuffer = encoder.encodeValue(expectedCredentials, factory,
-				elementType, mimeType, hints);
+		DataBuffer dataBuffer = encoder.encodeValue(expectedCredentials, factory, elementType, mimeType, hints);
 		UsernamePasswordMetadata actualCredentials = decoder
 				.decodeToMono(Mono.just(dataBuffer), elementType, mimeType, hints).block();
 
diff --git a/rsocket/src/test/java/org/springframework/security/rsocket/util/matcher/RoutePayloadExchangeMatcherTests.java b/rsocket/src/test/java/org/springframework/security/rsocket/util/matcher/RoutePayloadExchangeMatcherTests.java
index 6d0b2ae73b..cf15b44ba3 100644
--- a/rsocket/src/test/java/org/springframework/security/rsocket/util/matcher/RoutePayloadExchangeMatcherTests.java
+++ b/rsocket/src/test/java/org/springframework/security/rsocket/util/matcher/RoutePayloadExchangeMatcherTests.java
@@ -44,8 +44,9 @@ import static org.mockito.Mockito.when;
  */
 @RunWith(MockitoJUnitRunner.class)
 public class RoutePayloadExchangeMatcherTests {
-	static final MimeType COMPOSITE_METADATA = MimeTypeUtils.parseMimeType(
-			WellKnownMimeType.MESSAGE_RSOCKET_COMPOSITE_METADATA.getString());
+
+	static final MimeType COMPOSITE_METADATA = MimeTypeUtils
+			.parseMimeType(WellKnownMimeType.MESSAGE_RSOCKET_COMPOSITE_METADATA.getString());
 
 	@Mock
 	private MetadataExtractor metadataExtractor;
@@ -69,14 +70,13 @@ public class RoutePayloadExchangeMatcherTests {
 	public void setup() {
 		this.pattern = "a.b";
 		this.matcher = new RoutePayloadExchangeMatcher(this.metadataExtractor, this.routeMatcher, this.pattern);
-		this.exchange = new DefaultPayloadExchange(PayloadExchangeType.REQUEST_CHANNEL, this.payload, COMPOSITE_METADATA,
-				MediaType.APPLICATION_JSON);
+		this.exchange = new DefaultPayloadExchange(PayloadExchangeType.REQUEST_CHANNEL, this.payload,
+				COMPOSITE_METADATA, MediaType.APPLICATION_JSON);
 	}
 
 	@Test
 	public void matchesWhenNoRouteThenNotMatch() {
-		when(this.metadataExtractor.extract(any(), any()))
-				.thenReturn(Collections.emptyMap());
+		when(this.metadataExtractor.extract(any(), any())).thenReturn(Collections.emptyMap());
 		PayloadExchangeMatcher.MatchResult result = this.matcher.matches(this.exchange).block();
 		assertThat(result.isMatch()).isFalse();
 	}
@@ -113,4 +113,5 @@ public class RoutePayloadExchangeMatcherTests {
 		assertThat(result.isMatch()).isTrue();
 		assertThat(result.getVariables()).containsAllEntriesOf(variables);
 	}
+
 }
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/core/OpenSamlInitializationService.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/core/OpenSamlInitializationService.java
index a533a2753e..67e36d0593 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/core/OpenSamlInitializationService.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/core/OpenSamlInitializationService.java
@@ -36,17 +36,21 @@ import static java.lang.Boolean.TRUE;
 import static org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport.setParserPool;
 
 /**
- * An initialization service for initializing OpenSAML. Each Spring Security OpenSAML-based component invokes
- * the {@link #initialize()} method at static initialization time.
+ * An initialization service for initializing OpenSAML. Each Spring Security
+ * OpenSAML-based component invokes the {@link #initialize()} method at static
+ * initialization time.
  *
- * {@link #initialize()} is idempotent and may be safely called in custom classes that need OpenSAML to be
- * initialized in order to function correctly. It's recommended that you call this {@link #initialize()} method
- * when using Spring Security and OpenSAML instead of OpenSAML's {@link InitializationService#initialize()}.
+ * {@link #initialize()} is idempotent and may be safely called in custom classes that
+ * need OpenSAML to be initialized in order to function correctly. It's recommended that
+ * you call this {@link #initialize()} method when using Spring Security and OpenSAML
+ * instead of OpenSAML's {@link InitializationService#initialize()}.
  *
- * The primary purpose of {@link #initialize()} is to prepare OpenSAML's {@link XMLObjectProviderRegistry}
- * with some reasonable defaults. Any changes that Spring Security makes to the registry happen in this method.
+ * The primary purpose of {@link #initialize()} is to prepare OpenSAML's
+ * {@link XMLObjectProviderRegistry} with some reasonable defaults. Any changes that
+ * Spring Security makes to the registry happen in this method.
  *
- * To override those defaults, call {@link #requireInitialize(Consumer)} and change the registry:
+ * To override those defaults, call {@link #requireInitialize(Consumer)} and change the
+ * registry:
  *
  * <pre>
  * 	static {
@@ -59,45 +63,50 @@ import static org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport.setP
  *
  * {@link #requireInitialize(Consumer)} may only be called once per application.
  *
- * If the application already initialized OpenSAML before {@link #requireInitialize(Consumer)} was called,
- * then the configuration changes will not be applied and an exception will be thrown. The reason for this is to
- * alert you to the fact that there are likely some initialization ordering problems in your application that
- * would otherwise lead to an unpredictable state.
+ * If the application already initialized OpenSAML before
+ * {@link #requireInitialize(Consumer)} was called, then the configuration changes will
+ * not be applied and an exception will be thrown. The reason for this is to alert you to
+ * the fact that there are likely some initialization ordering problems in your
+ * application that would otherwise lead to an unpredictable state.
  *
- * If you must change the registry's configuration in multiple places in your application, you are expected
- * to handle the initialization ordering issues yourself instead of trying to call {@link #requireInitialize(Consumer)}
- * multiple times.
+ * If you must change the registry's configuration in multiple places in your application,
+ * you are expected to handle the initialization ordering issues yourself instead of
+ * trying to call {@link #requireInitialize(Consumer)} multiple times.
  *
  * @author Josh Cummings
  * @since 5.4
  */
 public class OpenSamlInitializationService {
+
 	private static final Log log = LogFactory.getLog(OpenSamlInitializationService.class);
+
 	private static final AtomicBoolean initialized = new AtomicBoolean(false);
 
 	/**
 	 * Ready OpenSAML for use and configure it with reasonable defaults.
 	 *
-	 * Initialization is guaranteed to happen only once per application. This method will passively return
-	 * {@code false} if initialization already took place earlier in the application.
-	 *
-	 * @return whether or not initialization was performed. The first thread to initialize OpenSAML will
-	 * return {@code true} while the rest will return {@code false}.
+	 * Initialization is guaranteed to happen only once per application. This method will
+	 * passively return {@code false} if initialization already took place earlier in the
+	 * application.
+	 * @return whether or not initialization was performed. The first thread to initialize
+	 * OpenSAML will return {@code true} while the rest will return {@code false}.
 	 * @throws Saml2Exception if OpenSAML failed to initialize
 	 */
 	public static boolean initialize() {
-		return initialize(registry -> {});
+		return initialize(registry -> {
+		});
 	}
 
 	/**
-	 * Ready OpenSAML for use, configure it with reasonable defaults, and modify the {@link XMLObjectProviderRegistry}
-	 * using the provided {@link Consumer}.
+	 * Ready OpenSAML for use, configure it with reasonable defaults, and modify the
+	 * {@link XMLObjectProviderRegistry} using the provided {@link Consumer}.
 	 *
-	 * Initialization is guaranteed to happen only once per application. This method will throw an exception
-	 * if initialization already took place earlier in the application.
-	 *
-	 * @param registryConsumer the {@link Consumer} to further configure the {@link XMLObjectProviderRegistry}
-	 * @throws Saml2Exception if initialization already happened previously or if OpenSAML failed to initialize
+	 * Initialization is guaranteed to happen only once per application. This method will
+	 * throw an exception if initialization already took place earlier in the application.
+	 * @param registryConsumer the {@link Consumer} to further configure the
+	 * {@link XMLObjectProviderRegistry}
+	 * @throws Saml2Exception if initialization already happened previously or if OpenSAML
+	 * failed to initialize
 	 */
 	public static void requireInitialize(Consumer<XMLObjectProviderRegistry> registryConsumer) {
 		if (!initialize(registryConsumer)) {
@@ -111,7 +120,8 @@ public class OpenSamlInitializationService {
 
 			try {
 				InitializationService.initialize();
-			} catch (Exception e) {
+			}
+			catch (Exception e) {
 				throw new Saml2Exception(e);
 			}
 
@@ -129,7 +139,8 @@ public class OpenSamlInitializationService {
 
 			try {
 				parserPool.initialize();
-			} catch (Exception e) {
+			}
+			catch (Exception e) {
 				throw new Saml2Exception(e);
 			}
 			setParserPool(parserPool);
@@ -138,9 +149,11 @@ public class OpenSamlInitializationService {
 
 			log.debug("Initialized OpenSAML");
 			return true;
-		} else {
+		}
+		else {
 			log.debug("Refused to re-initialize OpenSAML");
 			return false;
 		}
 	}
+
 }
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/core/Saml2Error.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/core/Saml2Error.java
index 94b0450276..92338f5551 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/core/Saml2Error.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/core/Saml2Error.java
@@ -25,21 +25,23 @@ import org.springframework.util.Assert;
  * A representation of an SAML 2.0 Error.
  *
  * <p>
- * At a minimum, an error response will contain an error code.
- * The commonly used error code are defined in this class
- * or a new codes can be defined in the future as arbitrary strings.
+ * At a minimum, an error response will contain an error code. The commonly used error
+ * code are defined in this class or a new codes can be defined in the future as arbitrary
+ * strings.
  * </p>
+ *
  * @since 5.2
  */
 public class Saml2Error implements Serializable {
+
 	private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
 
 	private final String errorCode;
+
 	private final String description;
 
 	/**
 	 * Constructs a {@code Saml2Error} using the provided parameters.
-	 *
 	 * @param errorCode the error code
 	 * @param description the error description
 	 */
@@ -51,7 +53,6 @@ public class Saml2Error implements Serializable {
 
 	/**
 	 * Returns the error code.
-	 *
 	 * @return the error code
 	 */
 	public final String getErrorCode() {
@@ -60,7 +61,6 @@ public class Saml2Error implements Serializable {
 
 	/**
 	 * Returns the error description.
-	 *
 	 * @return the error description
 	 */
 	public final String getDescription() {
@@ -69,7 +69,7 @@ public class Saml2Error implements Serializable {
 
 	@Override
 	public String toString() {
-		return "[" + this.getErrorCode() + "] " +
-				(this.getDescription() != null ? this.getDescription() : "");
+		return "[" + this.getErrorCode() + "] " + (this.getDescription() != null ? this.getDescription() : "");
 	}
+
 }
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/core/Saml2ErrorCodes.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/core/Saml2ErrorCodes.java
index 810c4338c7..63753f1121 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/core/Saml2ErrorCodes.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/core/Saml2ErrorCodes.java
@@ -22,80 +22,84 @@ package org.springframework.security.saml2.core;
  * @since 5.2
  */
 public interface Saml2ErrorCodes {
+
 	/**
-	 * SAML Data does not represent a SAML 2 Response object.
-	 * A valid XML object was received, but that object was not a
-	 * SAML 2 Response object of type {@code ResponseType} per specification
+	 * SAML Data does not represent a SAML 2 Response object. A valid XML object was
+	 * received, but that object was not a SAML 2 Response object of type
+	 * {@code ResponseType} per specification
 	 * https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf#page=46
 	 */
 	String UNKNOWN_RESPONSE_CLASS = "unknown_response_class";
+
 	/**
-	 * The response data is malformed or incomplete.
-	 * An invalid XML object was received, and XML unmarshalling failed.
+	 * The response data is malformed or incomplete. An invalid XML object was received,
+	 * and XML unmarshalling failed.
 	 */
 	String MALFORMED_RESPONSE_DATA = "malformed_response_data";
+
 	/**
-	 * Response destination does not match the request URL.
-	 * A SAML 2 response object was received at a URL that
-	 * did not match the URL stored in the {code Destination} attribute
-	 * in the Response object.
+	 * Response destination does not match the request URL. A SAML 2 response object was
+	 * received at a URL that did not match the URL stored in the {code Destination}
+	 * attribute in the Response object.
 	 * https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf#page=38
 	 */
 	String INVALID_DESTINATION = "invalid_destination";
+
 	/**
-	 * The assertion was not valid.
-	 * The assertion used for authentication failed validation.
-	 * Details around the failure will be present in the error description.
+	 * The assertion was not valid. The assertion used for authentication failed
+	 * validation. Details around the failure will be present in the error description.
 	 */
 	String INVALID_ASSERTION = "invalid_assertion";
+
 	/**
-	 * The signature of response or assertion was invalid.
-	 * Either the response or the assertion was missing a signature
-	 * or the signature could not be verified using the system's
-	 * configured credentials. Most commonly the IDP's
-	 * X509 certificate.
+	 * The signature of response or assertion was invalid. Either the response or the
+	 * assertion was missing a signature or the signature could not be verified using the
+	 * system's configured credentials. Most commonly the IDP's X509 certificate.
 	 */
 	String INVALID_SIGNATURE = "invalid_signature";
+
 	/**
-	 * The assertion did not contain a subject element.
-	 * The subject element, type SubjectType, contains
-	 * a {@code NameID} or an {@code EncryptedID} that is used
-	 * to assign the authenticated principal an identifier,
-	 * typically a username.
+	 * The assertion did not contain a subject element. The subject element, type
+	 * SubjectType, contains a {@code NameID} or an {@code EncryptedID} that is used to
+	 * assign the authenticated principal an identifier, typically a username.
 	 *
 	 * https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf#page=18
 	 */
 	String SUBJECT_NOT_FOUND = "subject_not_found";
+
 	/**
-	 * The subject did not contain a user identifier
-	 * The assertion contained a subject element, but the subject
-	 * element did not have a {@code NameID} or {@code EncryptedID}
-	 * element
+	 * The subject did not contain a user identifier The assertion contained a subject
+	 * element, but the subject element did not have a {@code NameID} or
+	 * {@code EncryptedID} element
 	 *
 	 * https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf#page=18
 	 */
 	String USERNAME_NOT_FOUND = "username_not_found";
+
 	/**
-	 * The system failed to decrypt an assertion or a name identifier.
-	 * This error code will be thrown if the decryption of either a
-	 * {@code EncryptedAssertion} or {@code EncryptedID} fails.
+	 * The system failed to decrypt an assertion or a name identifier. This error code
+	 * will be thrown if the decryption of either a {@code EncryptedAssertion} or
+	 * {@code EncryptedID} fails.
 	 * https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf#page=17
 	 */
 	String DECRYPTION_ERROR = "decryption_error";
+
 	/**
 	 * An Issuer element contained a value that didn't
 	 * https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf#page=15
 	 */
 	String INVALID_ISSUER = "invalid_issuer";
+
 	/**
-	 * An error happened during validation.
-	 * Used when internal, non classified, errors are caught during the
-	 * authentication process.
+	 * An error happened during validation. Used when internal, non classified, errors are
+	 * caught during the authentication process.
 	 */
 	String INTERNAL_VALIDATION_ERROR = "internal_validation_error";
+
 	/**
-	 * The relying party registration was not found.
-	 * The registration ID did not correspond to any relying party registration.
+	 * The relying party registration was not found. The registration ID did not
+	 * correspond to any relying party registration.
 	 */
 	String RELYING_PARTY_REGISTRATION_NOT_FOUND = "relying_party_registration_not_found";
+
 }
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/core/Saml2X509Credential.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/core/Saml2X509Credential.java
index 8569b390db..1aeb1649bf 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/core/Saml2X509Credential.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/core/Saml2X509Credential.java
@@ -29,34 +29,35 @@ import static org.springframework.util.Assert.notNull;
 import static org.springframework.util.Assert.state;
 
 /**
- * An object for holding a public certificate, any associated private key, and its intended
- * <a href="https://www.oasis-open.org/committees/download.php/8958/sstc-saml-implementation-guidelines-draft-01.pdf">
- * usages
- * </a>
- * (Line 584, Section 4.3 Credentials).
+ * An object for holding a public certificate, any associated private key, and its
+ * intended <a href=
+ * "https://www.oasis-open.org/committees/download.php/8958/sstc-saml-implementation-guidelines-draft-01.pdf">
+ * usages </a> (Line 584, Section 4.3 Credentials).
  *
  * @since 5.4
  * @author Filip Hanik
  * @author Josh Cummings
  */
 public final class Saml2X509Credential {
+
 	public enum Saml2X509CredentialType {
-		VERIFICATION,
-		ENCRYPTION,
-		SIGNING,
-		DECRYPTION,
+
+		VERIFICATION, ENCRYPTION, SIGNING, DECRYPTION,
+
 	}
 
 	private final PrivateKey privateKey;
+
 	private final X509Certificate certificate;
+
 	private final Set<Saml2X509CredentialType> credentialTypes;
 
 	/**
 	 * Creates a {@link Saml2X509Credential} using the provided parameters
-	 *
 	 * @param certificate the credential's public certificiate
-	 * @param types the credential's intended usages, must be one of {@link Saml2X509CredentialType#VERIFICATION} or
-	 *               {@link Saml2X509CredentialType#ENCRYPTION} or both.
+	 * @param types the credential's intended usages, must be one of
+	 * {@link Saml2X509CredentialType#VERIFICATION} or
+	 * {@link Saml2X509CredentialType#ENCRYPTION} or both.
 	 */
 	public Saml2X509Credential(X509Certificate certificate, Saml2X509CredentialType... types) {
 		this(null, false, certificate, types);
@@ -65,11 +66,11 @@ public final class Saml2X509Credential {
 
 	/**
 	 * Creates a {@link Saml2X509Credential} using the provided parameters
-	 *
 	 * @param privateKey the credential's private key
 	 * @param certificate the credential's public certificate
-	 * @param types the credential's intended usages, must be one of {@link Saml2X509CredentialType#SIGNING} or
-	 *               {@link Saml2X509CredentialType#DECRYPTION} or both.
+	 * @param types the credential's intended usages, must be one of
+	 * {@link Saml2X509CredentialType#SIGNING} or
+	 * {@link Saml2X509CredentialType#DECRYPTION} or both.
 	 */
 	public Saml2X509Credential(PrivateKey privateKey, X509Certificate certificate, Saml2X509CredentialType... types) {
 		this(privateKey, true, certificate, types);
@@ -78,7 +79,6 @@ public final class Saml2X509Credential {
 
 	/**
 	 * Creates a {@link Saml2X509Credential} using the provided parameters
-	 *
 	 * @param privateKey the credential's private key
 	 * @param certificate the credential's public certificate
 	 * @param types the credential's intended usages
@@ -125,10 +125,7 @@ public final class Saml2X509Credential {
 		return new Saml2X509Credential(privateKey, certificate, Saml2X509Credential.Saml2X509CredentialType.SIGNING);
 	}
 
-	private Saml2X509Credential(
-			PrivateKey privateKey,
-			boolean keyRequired,
-			X509Certificate certificate,
+	private Saml2X509Credential(PrivateKey privateKey, boolean keyRequired, X509Certificate certificate,
 			Saml2X509CredentialType... types) {
 		notNull(certificate, "certificate cannot be null");
 		notEmpty(types, "credentials types cannot be empty");
@@ -142,7 +139,6 @@ public final class Saml2X509Credential {
 
 	/**
 	 * Get the private key for this credential
-	 *
 	 * @return the private key, may be null
 	 * @see {@link #Saml2X509Credential(PrivateKey, X509Certificate, Saml2X509CredentialType...)}
 	 */
@@ -152,7 +148,6 @@ public final class Saml2X509Credential {
 
 	/**
 	 * Get the public certificate for this credential
-	 *
 	 * @return the public certificate
 	 */
 	public X509Certificate getCertificate() {
@@ -161,7 +156,6 @@ public final class Saml2X509Credential {
 
 	/**
 	 * Indicate whether this credential can be used for signing
-	 *
 	 * @return true if the credential has a {@link Saml2X509CredentialType#SIGNING} type
 	 */
 	public boolean isSigningCredential() {
@@ -170,8 +164,8 @@ public final class Saml2X509Credential {
 
 	/**
 	 * Indicate whether this credential can be used for decryption
-	 *
-	 * @return true if the credential has a {@link Saml2X509CredentialType#DECRYPTION} type
+	 * @return true if the credential has a {@link Saml2X509CredentialType#DECRYPTION}
+	 * type
 	 */
 	public boolean isDecryptionCredential() {
 		return getCredentialTypes().contains(Saml2X509CredentialType.DECRYPTION);
@@ -179,8 +173,8 @@ public final class Saml2X509Credential {
 
 	/**
 	 * Indicate whether this credential can be used for verification
-	 *
-	 * @return true if the credential has a {@link Saml2X509CredentialType#VERIFICATION} type
+	 * @return true if the credential has a {@link Saml2X509CredentialType#VERIFICATION}
+	 * type
 	 */
 	public boolean isVerificationCredential() {
 		return getCredentialTypes().contains(Saml2X509CredentialType.VERIFICATION);
@@ -188,8 +182,8 @@ public final class Saml2X509Credential {
 
 	/**
 	 * Indicate whether this credential can be used for encryption
-	 *
-	 * @return true if the credential has a {@link Saml2X509CredentialType#ENCRYPTION} type
+	 * @return true if the credential has a {@link Saml2X509CredentialType#ENCRYPTION}
+	 * type
 	 */
 	public boolean isEncryptionCredential() {
 		return getCredentialTypes().contains(Saml2X509CredentialType.ENCRYPTION);
@@ -197,7 +191,6 @@ public final class Saml2X509Credential {
 
 	/**
 	 * List all this credential's intended usages
-	 *
 	 * @return the set of this credential's intended usages
 	 */
 	public Set<Saml2X509CredentialType> getCredentialTypes() {
@@ -206,12 +199,13 @@ public final class Saml2X509Credential {
 
 	@Override
 	public boolean equals(Object o) {
-		if (this == o) return true;
-		if (o == null || getClass() != o.getClass()) return false;
+		if (this == o)
+			return true;
+		if (o == null || getClass() != o.getClass())
+			return false;
 		Saml2X509Credential that = (Saml2X509Credential) o;
-		return Objects.equals(this.privateKey, that.privateKey) &&
-				this.certificate.equals(that.certificate) &&
-				this.credentialTypes.equals(that.credentialTypes);
+		return Objects.equals(this.privateKey, that.privateKey) && this.certificate.equals(that.certificate)
+				&& this.credentialTypes.equals(that.credentialTypes);
 	}
 
 	@Override
@@ -228,7 +222,8 @@ public final class Saml2X509Credential {
 					break;
 				}
 			}
-			state(valid, () -> usage +" is not a valid usage for this credential");
+			state(valid, () -> usage + " is not a valid usage for this credential");
 		}
 	}
+
 }
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/credentials/Saml2X509Credential.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/credentials/Saml2X509Credential.java
index a83fc06e75..f329ff08f8 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/credentials/Saml2X509Credential.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/credentials/Saml2X509Credential.java
@@ -32,34 +32,41 @@ import static org.springframework.util.Assert.state;
  * Saml2X509Credential is meant to hold an X509 certificate, or an X509 certificate and a
  * private key. Per:
  * https://www.oasis-open.org/committees/download.php/8958/sstc-saml-implementation-guidelines-draft-01.pdf
- * Line: 584, Section 4.3 Credentials Used for both signing, signature verification and encryption/decryption
+ * Line: 584, Section 4.3 Credentials Used for both signing, signature verification and
+ * encryption/decryption
  *
  * @since 5.2
- * @deprecated Use {@link org.springframework.security.saml2.core.Saml2X509Credential} instead
+ * @deprecated Use {@link org.springframework.security.saml2.core.Saml2X509Credential}
+ * instead
  */
 @Deprecated
 public class Saml2X509Credential {
+
 	/**
-	 * @deprecated Use {@link org.springframework.security.saml2.core.Saml2X509Credential.Saml2X509CredentialType} instead
+	 * @deprecated Use
+	 * {@link org.springframework.security.saml2.core.Saml2X509Credential.Saml2X509CredentialType}
+	 * instead
 	 */
 	@Deprecated
 	public enum Saml2X509CredentialType {
-		VERIFICATION,
-		ENCRYPTION,
-		SIGNING,
-		DECRYPTION,
+
+		VERIFICATION, ENCRYPTION, SIGNING, DECRYPTION,
+
 	}
 
 	private final PrivateKey privateKey;
+
 	private final X509Certificate certificate;
+
 	private final Set<Saml2X509CredentialType> credentialTypes;
 
 	/**
 	 * Creates a Saml2X509Credentials representing Identity Provider credentials for
 	 * verification, encryption or both.
 	 * @param certificate an IDP X509Certificate, cannot be null
-	 * @param types credential types, must be one of {@link Saml2X509CredentialType#VERIFICATION} or
-	 *               {@link Saml2X509CredentialType#ENCRYPTION} or both.
+	 * @param types credential types, must be one of
+	 * {@link Saml2X509CredentialType#VERIFICATION} or
+	 * {@link Saml2X509CredentialType#ENCRYPTION} or both.
 	 */
 	public Saml2X509Credential(X509Certificate certificate, Saml2X509CredentialType... types) {
 		this(null, false, certificate, types);
@@ -70,9 +77,11 @@ public class Saml2X509Credential {
 	 * Creates a Saml2X509Credentials representing Service Provider credentials for
 	 * signing, decryption or both.
 	 * @param privateKey a private key used for signing or decryption, cannot be null
-	 * @param certificate an SP X509Certificate shared with identity providers, cannot be null
-	 * @param types credential types, must be one of {@link Saml2X509CredentialType#SIGNING} or
-	 *               {@link Saml2X509CredentialType#DECRYPTION} or both.
+	 * @param certificate an SP X509Certificate shared with identity providers, cannot be
+	 * null
+	 * @param types credential types, must be one of
+	 * {@link Saml2X509CredentialType#SIGNING} or
+	 * {@link Saml2X509CredentialType#DECRYPTION} or both.
 	 */
 	public Saml2X509Credential(PrivateKey privateKey, X509Certificate certificate, Saml2X509CredentialType... types) {
 		this(privateKey, true, certificate, types);
@@ -87,10 +96,7 @@ public class Saml2X509Credential {
 		this.credentialTypes = types;
 	}
 
-	private Saml2X509Credential(
-			PrivateKey privateKey,
-			boolean keyRequired,
-			X509Certificate certificate,
+	private Saml2X509Credential(PrivateKey privateKey, boolean keyRequired, X509Certificate certificate,
 			Saml2X509CredentialType... types) {
 		notNull(certificate, "certificate cannot be null");
 		notEmpty(types, "credentials types cannot be empty");
@@ -102,10 +108,9 @@ public class Saml2X509Credential {
 		this.credentialTypes = new LinkedHashSet<>(asList(types));
 	}
 
-
 	/**
-	 * Returns true if the credential has a private key and can be used for signing, the types will contain
-	 * {@link Saml2X509CredentialType#SIGNING}.
+	 * Returns true if the credential has a private key and can be used for signing, the
+	 * types will contain {@link Saml2X509CredentialType#SIGNING}.
 	 * @return true if the credential is a {@link Saml2X509CredentialType#SIGNING} type
 	 */
 	public boolean isSigningCredential() {
@@ -113,8 +118,8 @@ public class Saml2X509Credential {
 	}
 
 	/**
-	 * Returns true if the credential has a private key and can be used for decryption, the types will contain
-	 * {@link Saml2X509CredentialType#DECRYPTION}.
+	 * Returns true if the credential has a private key and can be used for decryption,
+	 * the types will contain {@link Saml2X509CredentialType#DECRYPTION}.
 	 * @return true if the credential is a {@link Saml2X509CredentialType#DECRYPTION} type
 	 */
 	public boolean isDecryptionCredential() {
@@ -122,18 +127,20 @@ public class Saml2X509Credential {
 	}
 
 	/**
-	 * Returns true if the credential has a certificate and can be used for signature verification, the types will contain
-	 * {@link Saml2X509CredentialType#VERIFICATION}.
-	 * @return true if the credential is a {@link Saml2X509CredentialType#VERIFICATION} type
+	 * Returns true if the credential has a certificate and can be used for signature
+	 * verification, the types will contain {@link Saml2X509CredentialType#VERIFICATION}.
+	 * @return true if the credential is a {@link Saml2X509CredentialType#VERIFICATION}
+	 * type
 	 */
 	public boolean isSignatureVerficationCredential() {
 		return getCredentialTypes().contains(Saml2X509CredentialType.VERIFICATION);
 	}
 
 	/**
-	 * Returns true if the credential has a certificate and can be used for signature verification, the types will contain
-	 * {@link Saml2X509CredentialType#VERIFICATION}.
-	 * @return true if the credential is a {@link Saml2X509CredentialType#VERIFICATION} type
+	 * Returns true if the credential has a certificate and can be used for signature
+	 * verification, the types will contain {@link Saml2X509CredentialType#VERIFICATION}.
+	 * @return true if the credential is a {@link Saml2X509CredentialType#VERIFICATION}
+	 * type
 	 */
 	public boolean isEncryptionCredential() {
 		return getCredentialTypes().contains(Saml2X509CredentialType.ENCRYPTION);
@@ -166,12 +173,13 @@ public class Saml2X509Credential {
 
 	@Override
 	public boolean equals(Object o) {
-		if (this == o) return true;
-		if (o == null || getClass() != o.getClass()) return false;
+		if (this == o)
+			return true;
+		if (o == null || getClass() != o.getClass())
+			return false;
 		Saml2X509Credential that = (Saml2X509Credential) o;
-		return Objects.equals(this.privateKey, that.privateKey) &&
-				this.certificate.equals(that.certificate) &&
-				this.credentialTypes.equals(that.credentialTypes);
+		return Objects.equals(this.privateKey, that.privateKey) && this.certificate.equals(that.certificate)
+				&& this.credentialTypes.equals(that.credentialTypes);
 	}
 
 	@Override
@@ -188,7 +196,8 @@ public class Saml2X509Credential {
 					break;
 				}
 			}
-			state(valid, () -> usage +" is not a valid usage for this credential");
+			state(valid, () -> usage + " is not a valid usage for this credential");
 		}
 	}
+
 }
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/AbstractSaml2AuthenticationRequest.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/AbstractSaml2AuthenticationRequest.java
index 99ef2cdc22..3b3b6536fc 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/AbstractSaml2AuthenticationRequest.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/AbstractSaml2AuthenticationRequest.java
@@ -23,11 +23,12 @@ import java.nio.charset.Charset;
 
 /**
  * Data holder for {@code AuthNRequest} parameters to be sent using either the
- * {@link Saml2MessageBinding#POST} or {@link Saml2MessageBinding#REDIRECT} binding.
- * Data will be encoded and possibly deflated, but will not be escaped for transport,
- * ie URL encoded, {@link org.springframework.web.util.UriUtils#encode(String, Charset)}
- * or HTML encoded, {@link org.springframework.web.util.HtmlUtils#htmlEscape(String)}.
- * https://www.oasis-open.org/committees/download.php/35711/sstc-saml-core-errata-2.0-wd-06-diff.pdf (line 2031)
+ * {@link Saml2MessageBinding#POST} or {@link Saml2MessageBinding#REDIRECT} binding. Data
+ * will be encoded and possibly deflated, but will not be escaped for transport, ie URL
+ * encoded, {@link org.springframework.web.util.UriUtils#encode(String, Charset)} or HTML
+ * encoded, {@link org.springframework.web.util.HtmlUtils#htmlEscape(String)}.
+ * https://www.oasis-open.org/committees/download.php/35711/sstc-saml-core-errata-2.0-wd-06-diff.pdf
+ * (line 2031)
  *
  * @see Saml2AuthenticationRequestFactory#createPostAuthenticationRequest(Saml2AuthenticationRequestContext)
  * @see Saml2AuthenticationRequestFactory#createRedirectAuthenticationRequest(Saml2AuthenticationRequestContext)
@@ -36,19 +37,20 @@ import java.nio.charset.Charset;
 abstract class AbstractSaml2AuthenticationRequest {
 
 	private final String samlRequest;
+
 	private final String relayState;
+
 	private final String authenticationRequestUri;
 
 	/**
 	 * Mandatory constructor for the {@link AbstractSaml2AuthenticationRequest}
-	 * @param samlRequest - the SAMLRequest XML data, SAML encoded, cannot be empty or null
+	 * @param samlRequest - the SAMLRequest XML data, SAML encoded, cannot be empty or
+	 * null
 	 * @param relayState - RelayState value that accompanies the request, may be null
-	 * @param authenticationRequestUri - The authenticationRequestUri, a URL, where to send the XML message, cannot be empty or null
+	 * @param authenticationRequestUri - The authenticationRequestUri, a URL, where to
+	 * send the XML message, cannot be empty or null
 	 */
-	AbstractSaml2AuthenticationRequest(
-			String samlRequest,
-			String relayState,
-			String authenticationRequestUri) {
+	AbstractSaml2AuthenticationRequest(String samlRequest, String relayState, String authenticationRequestUri) {
 		Assert.hasText(samlRequest, "samlRequest cannot be null or empty");
 		Assert.hasText(authenticationRequestUri, "authenticationRequestUri cannot be null or empty");
 		this.authenticationRequestUri = authenticationRequestUri;
@@ -57,9 +59,10 @@ abstract class AbstractSaml2AuthenticationRequest {
 	}
 
 	/**
-	 * Returns the AuthNRequest XML value to be sent. This value is already encoded for transport.
-	 * If {@link #getBinding()} is {@link Saml2MessageBinding#REDIRECT} the value is deflated and SAML encoded.
-	 * If {@link #getBinding()} is {@link Saml2MessageBinding#POST} the value is SAML encoded.
+	 * Returns the AuthNRequest XML value to be sent. This value is already encoded for
+	 * transport. If {@link #getBinding()} is {@link Saml2MessageBinding#REDIRECT} the
+	 * value is deflated and SAML encoded. If {@link #getBinding()} is
+	 * {@link Saml2MessageBinding#POST} the value is SAML encoded.
 	 * @return the SAMLRequest parameter value
 	 */
 	public String getSamlRequest() {
@@ -83,8 +86,9 @@ abstract class AbstractSaml2AuthenticationRequest {
 	}
 
 	/**
-	 * Returns the binding this AuthNRequest will be sent and
-	 * encoded with. If {@link Saml2MessageBinding#REDIRECT} is used, the DEFLATE encoding will be automatically applied.
+	 * Returns the binding this AuthNRequest will be sent and encoded with. If
+	 * {@link Saml2MessageBinding#REDIRECT} is used, the DEFLATE encoding will be
+	 * automatically applied.
 	 * @return the binding this message will be sent with.
 	 */
 	public abstract Saml2MessageBinding getBinding();
@@ -93,8 +97,11 @@ abstract class AbstractSaml2AuthenticationRequest {
 	 * A builder for {@link AbstractSaml2AuthenticationRequest} and its subclasses.
 	 */
 	static class Builder<T extends Builder<T>> {
+
 		String authenticationRequestUri;
+
 		String samlRequest;
+
 		String relayState;
 
 		protected Builder() {
@@ -109,12 +116,10 @@ abstract class AbstractSaml2AuthenticationRequest {
 			return (T) this;
 		}
 
-
 		/**
 		 * Sets the {@code RelayState} parameter that will accompany this AuthNRequest
-		 *
-		 * @param relayState the relay state value, unencoded. if null or empty, the parameter will be removed from the
-		 * map.
+		 * @param relayState the relay state value, unencoded. if null or empty, the
+		 * parameter will be removed from the map.
 		 * @return this object
 		 */
 		public T relayState(String relayState) {
@@ -124,7 +129,6 @@ abstract class AbstractSaml2AuthenticationRequest {
 
 		/**
 		 * Sets the {@code SAMLRequest} parameter that will accompany this AuthNRequest
-		 *
 		 * @param samlRequest the SAMLRequest parameter.
 		 * @return this object
 		 */
@@ -134,8 +138,8 @@ abstract class AbstractSaml2AuthenticationRequest {
 		}
 
 		/**
-		 * Sets the {@code authenticationRequestUri}, a URL that will receive the AuthNRequest message
-		 *
+		 * Sets the {@code authenticationRequestUri}, a URL that will receive the
+		 * AuthNRequest message
 		 * @param authenticationRequestUri the relay state value, unencoded.
 		 * @return this object
 		 */
@@ -143,6 +147,7 @@ abstract class AbstractSaml2AuthenticationRequest {
 			this.authenticationRequestUri = authenticationRequestUri;
 			return _this();
 		}
+
 	}
 
 }
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/DefaultSaml2AuthenticatedPrincipal.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/DefaultSaml2AuthenticatedPrincipal.java
index b474c20aed..5223c084ec 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/DefaultSaml2AuthenticatedPrincipal.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/DefaultSaml2AuthenticatedPrincipal.java
@@ -31,6 +31,7 @@ import java.util.Map;
 public class DefaultSaml2AuthenticatedPrincipal implements Saml2AuthenticatedPrincipal, Serializable {
 
 	private final String name;
+
 	private final Map<String, List<Object>> attributes;
 
 	public DefaultSaml2AuthenticatedPrincipal(String name, Map<String, List<Object>> attributes) {
@@ -50,4 +51,5 @@ public class DefaultSaml2AuthenticatedPrincipal implements Saml2AuthenticatedPri
 	public Map<String, List<Object>> getAttributes() {
 		return this.attributes;
 	}
+
 }
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProvider.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProvider.java
index e2c8bdb35c..c31f1f8f27 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProvider.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProvider.java
@@ -129,39 +129,48 @@ import static org.springframework.security.saml2.core.Saml2ErrorCodes.SUBJECT_NO
 import static org.springframework.util.Assert.notNull;
 
 /**
- * Implementation of {@link AuthenticationProvider} for SAML authentications when receiving a
- * {@code Response} object containing an {@code Assertion}. This implementation uses
- * the {@code OpenSAML 3} library.
+ * Implementation of {@link AuthenticationProvider} for SAML authentications when
+ * receiving a {@code Response} object containing an {@code Assertion}. This
+ * implementation uses the {@code OpenSAML 3} library.
  *
  * <p>
- *  The {@link OpenSamlAuthenticationProvider} supports {@link Saml2AuthenticationToken} objects
- *  that contain a SAML response in its decoded XML format {@link Saml2AuthenticationToken#getSaml2Response()}
- *  along with the information about the asserting party, the identity provider (IDP), as well as
- *  the relying party, the service provider (SP, this application).
+ * The {@link OpenSamlAuthenticationProvider} supports {@link Saml2AuthenticationToken}
+ * objects that contain a SAML response in its decoded XML format
+ * {@link Saml2AuthenticationToken#getSaml2Response()} along with the information about
+ * the asserting party, the identity provider (IDP), as well as the relying party, the
+ * service provider (SP, this application).
  * </p>
  * <p>
- *   The {@link Saml2AuthenticationToken} will be processed into a SAML Response object.
- *   The SAML response object can be signed. If the Response is signed, a signature will not be required on the assertion.
+ * The {@link Saml2AuthenticationToken} will be processed into a SAML Response object. The
+ * SAML response object can be signed. If the Response is signed, a signature will not be
+ * required on the assertion.
  * </p>
  * <p>
- *   While a response object can contain a list of assertion, this provider will only leverage
- *   the first valid assertion for the purpose of authentication. Assertions that do not pass validation
- *   will be ignored. If no valid assertions are found a {@link Saml2AuthenticationException} is thrown.
+ * While a response object can contain a list of assertion, this provider will only
+ * leverage the first valid assertion for the purpose of authentication. Assertions that
+ * do not pass validation will be ignored. If no valid assertions are found a
+ * {@link Saml2AuthenticationException} is thrown.
  * </p>
  * <p>
- *   This provider supports two types of encrypted SAML elements
- *   <ul>
- *     <li><a href="https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf#page=17">EncryptedAssertion</a></li>
- *     <li><a href="https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf#page=14">EncryptedID</a></li>
- *   </ul>
- *   If the assertion is encrypted, then signature validation on the assertion is no longer required.
+ * This provider supports two types of encrypted SAML elements
+ * <ul>
+ * <li><a href=
+ * "https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf#page=17">EncryptedAssertion</a></li>
+ * <li><a href=
+ * "https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf#page=14">EncryptedID</a></li>
+ * </ul>
+ * If the assertion is encrypted, then signature validation on the assertion is no longer
+ * required.
  * </p>
  * <p>
- *   This provider does not perform an X509 certificate validation on the configured asserting party, IDP, verification
- *   certificates.
+ * This provider does not perform an X509 certificate validation on the configured
+ * asserting party, IDP, verification certificates.
  * </p>
+ *
  * @since 5.2
- * @see <a href="https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf#page=38">SAML 2 StatusResponse</a>
+ * @see <a href=
+ * "https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf#page=38">SAML 2
+ * StatusResponse</a>
  * @see <a href="https://wiki.shibboleth.net/confluence/display/OS30/Home">OpenSAML 3</a>
  */
 public final class OpenSamlAuthenticationProvider implements AuthenticationProvider {
@@ -173,32 +182,35 @@ public final class OpenSamlAuthenticationProvider implements AuthenticationProvi
 	private static Log logger = LogFactory.getLog(OpenSamlAuthenticationProvider.class);
 
 	private final XMLObjectProviderRegistry registry;
+
 	private final ResponseUnmarshaller responseUnmarshaller;
+
 	private final ParserPool parserPool;
 
-	private Converter<Assertion, Collection<? extends GrantedAuthority>> authoritiesExtractor =
-			(a -> singletonList(new SimpleGrantedAuthority("ROLE_USER")));
+	private Converter<Assertion, Collection<? extends GrantedAuthority>> authoritiesExtractor = (a -> singletonList(
+			new SimpleGrantedAuthority("ROLE_USER")));
+
 	private GrantedAuthoritiesMapper authoritiesMapper = (a -> a);
+
 	private Duration responseTimeValidationSkew = Duration.ofMinutes(5);
 
-	private Function<Saml2AuthenticationToken, Converter<Response, AbstractAuthenticationToken>> authenticationConverter =
-			token -> response -> {
-				Assertion assertion = CollectionUtils.firstElement(response.getAssertions());
-				String username = assertion.getSubject().getNameID().getValue();
-				Map<String, List<Object>> attributes = getAssertionAttributes(assertion);
-				return new Saml2Authentication(
-						new DefaultSaml2AuthenticatedPrincipal(username, attributes), token.getSaml2Response(),
-						this.authoritiesMapper.mapAuthorities(getAssertionAuthorities(assertion)));
-			};
+	private Function<Saml2AuthenticationToken, Converter<Response, AbstractAuthenticationToken>> authenticationConverter = token -> response -> {
+		Assertion assertion = CollectionUtils.firstElement(response.getAssertions());
+		String username = assertion.getSubject().getNameID().getValue();
+		Map<String, List<Object>> attributes = getAssertionAttributes(assertion);
+		return new Saml2Authentication(new DefaultSaml2AuthenticatedPrincipal(username, attributes),
+				token.getSaml2Response(), this.authoritiesMapper.mapAuthorities(getAssertionAuthorities(assertion)));
+	};
+
+	private Converter<Saml2AuthenticationToken, SignatureTrustEngine> signatureTrustEngineConverter = new SignatureTrustEngineConverter();
+
+	private Converter<Tuple, SAML20AssertionValidator> assertionValidatorConverter = new SAML20AssertionValidatorConverter();
+
+	private Collection<ConditionValidator> conditionValidators = Collections
+			.singleton(new AudienceRestrictionConditionValidator());
+
+	private Converter<Tuple, ValidationContext> validationContextConverter = new ValidationContextConverter();
 
-	private Converter<Saml2AuthenticationToken, SignatureTrustEngine> signatureTrustEngineConverter =
-			new SignatureTrustEngineConverter();
-	private Converter<Tuple, SAML20AssertionValidator> assertionValidatorConverter =
-			new SAML20AssertionValidatorConverter();
-	private Collection<ConditionValidator> conditionValidators =
-			Collections.singleton(new AudienceRestrictionConditionValidator());
-	private Converter<Tuple, ValidationContext> validationContextConverter =
-			new ValidationContextConverter();
 	private Converter<Saml2AuthenticationToken, Decrypter> decrypterConverter = new DecrypterConverter();
 
 	/**
@@ -212,48 +224,47 @@ public final class OpenSamlAuthenticationProvider implements AuthenticationProvi
 	}
 
 	/**
-	 * Set the the collection of {@link ConditionValidator}s used when validating an assertion.
-	 *
+	 * Set the the collection of {@link ConditionValidator}s used when validating an
+	 * assertion.
 	 * @param conditionValidators the collection of validators to use
 	 * @since 5.4
 	 */
-	public void setConditionValidators(
-			Collection<ConditionValidator> conditionValidators) {
+	public void setConditionValidators(Collection<ConditionValidator> conditionValidators) {
 
 		Assert.notEmpty(conditionValidators, "conditionValidators cannot be empty");
 		this.conditionValidators = conditionValidators;
 	}
 
 	/**
-	 * Set the strategy for retrieving the {@link ValidationContext} used when
-	 * validating an assertion.
-	 *
+	 * Set the strategy for retrieving the {@link ValidationContext} used when validating
+	 * an assertion.
 	 * @param validationContextConverter the strategy to use
 	 * @since 5.4
 	 */
-	public void setValidationContextConverter(
-			Converter<Tuple, ValidationContext> validationContextConverter) {
+	public void setValidationContextConverter(Converter<Tuple, ValidationContext> validationContextConverter) {
 
 		Assert.notNull(validationContextConverter, "validationContextConverter cannot be empty");
 		this.validationContextConverter = validationContextConverter;
 	}
 
 	/**
-	 * Sets the {@link Converter} used for extracting assertion attributes that
-	 * can be mapped to authorities.
-	 * @param authoritiesExtractor the {@code Converter} used for mapping the
-	 *                             assertion attributes to authorities
+	 * Sets the {@link Converter} used for extracting assertion attributes that can be
+	 * mapped to authorities.
+	 * @param authoritiesExtractor the {@code Converter} used for mapping the assertion
+	 * attributes to authorities
 	 */
-	public void setAuthoritiesExtractor(Converter<Assertion, Collection<? extends GrantedAuthority>> authoritiesExtractor) {
+	public void setAuthoritiesExtractor(
+			Converter<Assertion, Collection<? extends GrantedAuthority>> authoritiesExtractor) {
 		Assert.notNull(authoritiesExtractor, "authoritiesExtractor cannot be null");
 		this.authoritiesExtractor = authoritiesExtractor;
 	}
 
 	/**
-	 * Sets the {@link GrantedAuthoritiesMapper} used for mapping assertion attributes
-	 * to a new set of authorities which will be associated to the {@link Saml2Authentication}.
-	 * Note: This implementation is only retrieving
-	 * @param authoritiesMapper the {@link GrantedAuthoritiesMapper} used for mapping the user's authorities
+	 * Sets the {@link GrantedAuthoritiesMapper} used for mapping assertion attributes to
+	 * a new set of authorities which will be associated to the
+	 * {@link Saml2Authentication}. Note: This implementation is only retrieving
+	 * @param authoritiesMapper the {@link GrantedAuthoritiesMapper} used for mapping the
+	 * user's authorities
 	 */
 	public void setAuthoritiesMapper(GrantedAuthoritiesMapper authoritiesMapper) {
 		notNull(authoritiesMapper, "authoritiesMapper cannot be null");
@@ -271,8 +282,7 @@ public final class OpenSamlAuthenticationProvider implements AuthenticationProvi
 
 	/**
 	 * @param authentication the authentication request object, must be of type
-	 *                       {@link Saml2AuthenticationToken}
-	 *
+	 * {@link Saml2AuthenticationToken}
 	 * @return {@link Saml2Authentication} if the assertion is valid
 	 * @throws AuthenticationException if a validation exception occurs
 	 */
@@ -284,9 +294,11 @@ public final class OpenSamlAuthenticationProvider implements AuthenticationProvi
 			Response response = parse(serializedResponse);
 			process(token, response);
 			return this.authenticationConverter.apply(token).convert(response);
-		} catch (Saml2AuthenticationException e) {
+		}
+		catch (Saml2AuthenticationException e) {
 			throw e;
-		} catch (Exception e) {
+		}
+		catch (Exception e) {
 			throw authException(INTERNAL_VALIDATION_ERROR, e.getMessage(), e);
 		}
 	}
@@ -305,8 +317,8 @@ public final class OpenSamlAuthenticationProvider implements AuthenticationProvi
 
 	private Response parse(String response) throws Saml2Exception, Saml2AuthenticationException {
 		try {
-			Document document = this.parserPool.parse(new ByteArrayInputStream(
-					response.getBytes(StandardCharsets.UTF_8)));
+			Document document = this.parserPool
+					.parse(new ByteArrayInputStream(response.getBytes(StandardCharsets.UTF_8)));
 			Element element = document.getDocumentElement();
 			return (Response) this.responseUnmarshaller.unmarshall(element);
 		}
@@ -327,8 +339,8 @@ public final class OpenSamlAuthenticationProvider implements AuthenticationProvi
 		Decrypter decrypter = this.decrypterConverter.convert(token);
 		List<Assertion> assertions = decryptAssertions(decrypter, response);
 		if (!isSigned(responseSigned, assertions)) {
-			throw authException(INVALID_SIGNATURE, "Either the response or one of the assertions is unsigned. " +
-					"Please either sign the response or all of the assertions.");
+			throw authException(INVALID_SIGNATURE, "Either the response or one of the assertions is unsigned. "
+					+ "Please either sign the response or all of the assertions.");
 		}
 		validationExceptions.putAll(validateAssertions(token, response));
 
@@ -343,12 +355,15 @@ public final class OpenSamlAuthenticationProvider implements AuthenticationProvi
 			if (logger.isDebugEnabled()) {
 				logger.debug("Successfully processed SAML Response [" + response.getID() + "]");
 			}
-		} else {
+		}
+		else {
 			if (logger.isTraceEnabled()) {
-				logger.debug("Found " + validationExceptions.size() + " validation errors in SAML response [" + response.getID() + "]: " +
-						validationExceptions.values());
-			} else if (logger.isDebugEnabled()) {
-				logger.debug("Found " + validationExceptions.size() + " validation errors in SAML response [" + response.getID() + "]");
+				logger.debug("Found " + validationExceptions.size() + " validation errors in SAML response ["
+						+ response.getID() + "]: " + validationExceptions.values());
+			}
+			else if (logger.isDebugEnabled()) {
+				logger.debug("Found " + validationExceptions.size() + " validation errors in SAML response ["
+						+ response.getID() + "]");
 			}
 		}
 
@@ -357,8 +372,8 @@ public final class OpenSamlAuthenticationProvider implements AuthenticationProvi
 		}
 	}
 
-	private Map<String, Saml2AuthenticationException> validateResponse
-			(Saml2AuthenticationToken token, Response response) {
+	private Map<String, Saml2AuthenticationException> validateResponse(Saml2AuthenticationToken token,
+			Response response) {
 
 		Map<String, Saml2AuthenticationException> validationExceptions = new HashMap<>();
 		String issuer = response.getIssuer().getValue();
@@ -367,7 +382,8 @@ public final class OpenSamlAuthenticationProvider implements AuthenticationProvi
 			SAMLSignatureProfileValidator profileValidator = new SAMLSignatureProfileValidator();
 			try {
 				profileValidator.validate(response.getSignature());
-			} catch (Exception e) {
+			}
+			catch (Exception e) {
 				validationExceptions.put(INVALID_SIGNATURE, authException(INVALID_SIGNATURE,
 						"Invalid signature for SAML Response [" + response.getID() + "]: ", e));
 			}
@@ -375,13 +391,15 @@ public final class OpenSamlAuthenticationProvider implements AuthenticationProvi
 			try {
 				CriteriaSet criteriaSet = new CriteriaSet();
 				criteriaSet.add(new EvaluableEntityIDCredentialCriterion(new EntityIdCriterion(issuer)));
-				criteriaSet.add(new EvaluableProtocolRoleDescriptorCriterion(new ProtocolCriterion(SAMLConstants.SAML20P_NS)));
+				criteriaSet.add(
+						new EvaluableProtocolRoleDescriptorCriterion(new ProtocolCriterion(SAMLConstants.SAML20P_NS)));
 				criteriaSet.add(new EvaluableUsageCredentialCriterion(new UsageCriterion(UsageType.SIGNING)));
 				if (!this.signatureTrustEngineConverter.convert(token).validate(response.getSignature(), criteriaSet)) {
 					validationExceptions.put(INVALID_SIGNATURE, authException(INVALID_SIGNATURE,
 							"Invalid signature for SAML Response [" + response.getID() + "]"));
 				}
-			} catch (Exception e) {
+			}
+			catch (Exception e) {
 				validationExceptions.put(INVALID_SIGNATURE, authException(INVALID_SIGNATURE,
 						"Invalid signature for SAML Response [" + response.getID() + "]: ", e));
 			}
@@ -403,14 +421,14 @@ public final class OpenSamlAuthenticationProvider implements AuthenticationProvi
 		return validationExceptions;
 	}
 
-	private List<Assertion> decryptAssertions
-			(Decrypter decrypter, Response response) {
+	private List<Assertion> decryptAssertions(Decrypter decrypter, Response response) {
 		List<Assertion> assertions = new ArrayList<>();
 		for (EncryptedAssertion encryptedAssertion : response.getEncryptedAssertions()) {
 			try {
 				Assertion assertion = decrypter.decrypt(encryptedAssertion);
 				assertions.add(assertion);
-			} catch (DecryptionException e) {
+			}
+			catch (DecryptionException e) {
 				throw authException(DECRYPTION_ERROR, e.getMessage(), e);
 			}
 		}
@@ -418,8 +436,8 @@ public final class OpenSamlAuthenticationProvider implements AuthenticationProvi
 		return response.getAssertions();
 	}
 
-	private Map<String, Saml2AuthenticationException> validateAssertions
-			(Saml2AuthenticationToken token, Response response) {
+	private Map<String, Saml2AuthenticationException> validateAssertions(Saml2AuthenticationToken token,
+			Response response) {
 		List<Assertion> assertions = response.getAssertions();
 		if (assertions.isEmpty()) {
 			throw authException(MALFORMED_RESPONSE_DATA, "No assertions found in response.");
@@ -444,10 +462,10 @@ public final class OpenSamlAuthenticationProvider implements AuthenticationProvi
 							context.getValidationFailureMessage());
 					validationExceptions.put(INVALID_ASSERTION, authException(INVALID_ASSERTION, message));
 				}
-			} catch (Exception e) {
-				String message = String.format("Invalid assertion [%s] for SAML response [%s]: %s",
-						assertion.getID(), ((Response) assertion.getParent()).getID(),
-						e.getMessage());
+			}
+			catch (Exception e) {
+				String message = String.format("Invalid assertion [%s] for SAML response [%s]: %s", assertion.getID(),
+						((Response) assertion.getParent()).getID(), e.getMessage());
 				validationExceptions.put(INVALID_ASSERTION, authException(INVALID_ASSERTION, message, e));
 			}
 		}
@@ -480,7 +498,8 @@ public final class OpenSamlAuthenticationProvider implements AuthenticationProvi
 			NameID nameId = (NameID) decrypter.decrypt(assertion.getSubject().getEncryptedID());
 			assertion.getSubject().setNameID(nameId);
 			return nameId;
-		} catch (DecryptionException e) {
+		}
+		catch (DecryptionException e) {
 			throw authException(DECRYPTION_ERROR, e.getMessage(), e);
 		}
 	}
@@ -534,19 +553,22 @@ public final class OpenSamlAuthenticationProvider implements AuthenticationProvi
 			try {
 				Element element = marshaller.marshall(xsAny);
 				return SerializeSupport.nodeToString(element);
-			} catch (MarshallingException e) {
+			}
+			catch (MarshallingException e) {
 				throw new Saml2Exception(e);
 			}
 		}
 		return xsAny.getTextContent();
 	}
 
-	private static class SignatureTrustEngineConverter implements Converter<Saml2AuthenticationToken, SignatureTrustEngine> {
+	private static class SignatureTrustEngineConverter
+			implements Converter<Saml2AuthenticationToken, SignatureTrustEngine> {
 
 		@Override
 		public SignatureTrustEngine convert(Saml2AuthenticationToken token) {
 			Set<Credential> credentials = new HashSet<>();
-			Collection<Saml2X509Credential> keys = token.getRelyingPartyRegistration().getAssertingPartyDetails().getVerificationX509Credentials();
+			Collection<Saml2X509Credential> keys = token.getRelyingPartyRegistration().getAssertingPartyDetails()
+					.getVerificationX509Credentials();
 			for (Saml2X509Credential key : keys) {
 				BasicX509Credential cred = new BasicX509Credential(key.getCertificate());
 				cred.setUsageType(UsageType.SIGNING);
@@ -554,11 +576,10 @@ public final class OpenSamlAuthenticationProvider implements AuthenticationProvi
 				credentials.add(cred);
 			}
 			CredentialResolver credentialsResolver = new CollectionCredentialResolver(credentials);
-			return new ExplicitKeySignatureTrustEngine(
-					credentialsResolver,
-					DefaultSecurityConfigurationBootstrap.buildBasicInlineKeyInfoCredentialResolver()
-			);
+			return new ExplicitKeySignatureTrustEngine(credentialsResolver,
+					DefaultSecurityConfigurationBootstrap.buildBasicInlineKeyInfoCredentialResolver());
 		}
+
 	}
 
 	private class ValidationContextConverter implements Converter<Tuple, ValidationContext> {
@@ -571,14 +592,19 @@ public final class OpenSamlAuthenticationProvider implements AuthenticationProvi
 			params.put(CLOCK_SKEW, OpenSamlAuthenticationProvider.this.responseTimeValidationSkew.toMillis());
 			params.put(COND_VALID_AUDIENCES, singleton(audience));
 			params.put(SC_VALID_RECIPIENTS, singleton(recipient));
-			params.put(SIGNATURE_REQUIRED, false); // this verification is performed earlier
+			params.put(SIGNATURE_REQUIRED, false); // this verification is performed
+													// earlier
 			return new ValidationContext(params);
 		}
+
 	}
 
 	private class SAML20AssertionValidatorConverter implements Converter<Tuple, SAML20AssertionValidator> {
+
 		private final Collection<SubjectConfirmationValidator> subjects = new ArrayList<>();
+
 		private final Collection<StatementValidator> statements = new ArrayList<>();
+
 		private final SignaturePrevalidator validator = new SAMLSignatureProfileValidator();
 
 		SAML20AssertionValidatorConverter() {
@@ -595,22 +621,19 @@ public final class OpenSamlAuthenticationProvider implements AuthenticationProvi
 
 		@Override
 		public SAML20AssertionValidator convert(Tuple tuple) {
-			Collection<ConditionValidator> conditions =
-					OpenSamlAuthenticationProvider.this.conditionValidators;
+			Collection<ConditionValidator> conditions = OpenSamlAuthenticationProvider.this.conditionValidators;
 			return new SAML20AssertionValidator(conditions, this.subjects, this.statements,
 					OpenSamlAuthenticationProvider.this.signatureTrustEngineConverter.convert(tuple.authentication),
 					this.validator);
 		}
+
 	}
 
 	private static class DecrypterConverter implements Converter<Saml2AuthenticationToken, Decrypter> {
+
 		private final EncryptedKeyResolver encryptedKeyResolver = new ChainingEncryptedKeyResolver(
-				asList(
-						new InlineEncryptedKeyResolver(),
-						new EncryptedElementTypeEncryptedKeyResolver(),
-						new SimpleRetrievalMethodEncryptedKeyResolver()
-				)
-		);
+				asList(new InlineEncryptedKeyResolver(), new EncryptedElementTypeEncryptedKeyResolver(),
+						new SimpleRetrievalMethodEncryptedKeyResolver()));
 
 		@Override
 		public Decrypter convert(Saml2AuthenticationToken token) {
@@ -624,6 +647,7 @@ public final class OpenSamlAuthenticationProvider implements AuthenticationProvi
 			decrypter.setRootInNewDocument(true);
 			return decrypter;
 		}
+
 	}
 
 	private static Saml2Error validationError(String code, String description) {
@@ -643,12 +667,15 @@ public final class OpenSamlAuthenticationProvider implements AuthenticationProvi
 	}
 
 	/**
-	 * A tuple containing the authentication token and the associated OpenSAML {@link Response}.
+	 * A tuple containing the authentication token and the associated OpenSAML
+	 * {@link Response}.
 	 *
 	 * @since 5.4
 	 */
 	public static class Tuple {
+
 		private final Saml2AuthenticationToken authentication;
+
 		private final Response response;
 
 		private Tuple(Saml2AuthenticationToken authentication, Response response) {
@@ -663,5 +690,7 @@ public final class OpenSamlAuthenticationProvider implements AuthenticationProvi
 		public Response getResponse() {
 			return this.response;
 		}
+
 	}
+
 }
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationRequestFactory.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationRequestFactory.java
index f35686bbc2..9b23d8e37e 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationRequestFactory.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationRequestFactory.java
@@ -70,6 +70,7 @@ import static org.springframework.util.StringUtils.hasText;
  * @since 5.2
  */
 public class OpenSamlAuthenticationRequestFactory implements Saml2AuthenticationRequestFactory {
+
 	static {
 		OpenSamlInitializationService.initialize();
 	}
@@ -77,19 +78,20 @@ public class OpenSamlAuthenticationRequestFactory implements Saml2Authentication
 	private Clock clock = Clock.systemUTC();
 
 	private AuthnRequestMarshaller marshaller;
+
 	private AuthnRequestBuilder authnRequestBuilder;
+
 	private IssuerBuilder issuerBuilder;
 
-	private Converter<Saml2AuthenticationRequestContext, String> protocolBindingResolver =
-			context -> {
-				if (context == null) {
-					return SAMLConstants.SAML2_POST_BINDING_URI;
-				}
-				return context.getRelyingPartyRegistration().getAssertionConsumerServiceBinding().getUrn();
-			};
+	private Converter<Saml2AuthenticationRequestContext, String> protocolBindingResolver = context -> {
+		if (context == null) {
+			return SAMLConstants.SAML2_POST_BINDING_URI;
+		}
+		return context.getRelyingPartyRegistration().getAssertionConsumerServiceBinding().getUrn();
+	};
 
-	private Function<Saml2AuthenticationRequestContext, Consumer<AuthnRequest>> authnRequestConsumerResolver
-			= context -> authnRequest -> {};
+	private Function<Saml2AuthenticationRequestContext, Consumer<AuthnRequest>> authnRequestConsumerResolver = context -> authnRequest -> {
+	};
 
 	/**
 	 * Creates an {@link OpenSamlAuthenticationRequestFactory}
@@ -100,19 +102,18 @@ public class OpenSamlAuthenticationRequestFactory implements Saml2Authentication
 				.getMarshaller(AuthnRequest.DEFAULT_ELEMENT_NAME);
 		this.authnRequestBuilder = (AuthnRequestBuilder) registry.getBuilderFactory()
 				.getBuilder(AuthnRequest.DEFAULT_ELEMENT_NAME);
-		this.issuerBuilder = (IssuerBuilder) registry.getBuilderFactory()
-				.getBuilder(Issuer.DEFAULT_ELEMENT_NAME);
+		this.issuerBuilder = (IssuerBuilder) registry.getBuilderFactory().getBuilder(Issuer.DEFAULT_ELEMENT_NAME);
 	}
 
 	@Override
 	@Deprecated
 	public String createAuthenticationRequest(Saml2AuthenticationRequest request) {
-		AuthnRequest authnRequest = createAuthnRequest(request.getIssuer(),
-				request.getDestination(), request.getAssertionConsumerServiceUrl(),
-				this.protocolBindingResolver.convert(null));
+		AuthnRequest authnRequest = createAuthnRequest(request.getIssuer(), request.getDestination(),
+				request.getAssertionConsumerServiceUrl(), this.protocolBindingResolver.convert(null));
 		for (org.springframework.security.saml2.credentials.Saml2X509Credential credential : request.getCredentials()) {
 			if (credential.isSigningCredential()) {
-				Credential cred = getSigningCredential(credential.getCertificate(), credential.getPrivateKey(), request.getIssuer());
+				Credential cred = getSigningCredential(credential.getCertificate(), credential.getPrivateKey(),
+						request.getIssuer());
 				return serialize(sign(authnRequest, cred));
 			}
 		}
@@ -125,41 +126,34 @@ public class OpenSamlAuthenticationRequestFactory implements Saml2Authentication
 	@Override
 	public Saml2PostAuthenticationRequest createPostAuthenticationRequest(Saml2AuthenticationRequestContext context) {
 		AuthnRequest authnRequest = createAuthnRequest(context);
-		String xml = context.getRelyingPartyRegistration().getAssertingPartyDetails().getWantAuthnRequestsSigned() ?
-			serialize(sign(authnRequest, context.getRelyingPartyRegistration())) :
-			serialize(authnRequest);
+		String xml = context.getRelyingPartyRegistration().getAssertingPartyDetails().getWantAuthnRequestsSigned()
+				? serialize(sign(authnRequest, context.getRelyingPartyRegistration())) : serialize(authnRequest);
 
 		return Saml2PostAuthenticationRequest.withAuthenticationRequestContext(context)
-				.samlRequest(samlEncode(xml.getBytes(UTF_8)))
-				.build();
+				.samlRequest(samlEncode(xml.getBytes(UTF_8))).build();
 	}
 
 	/**
 	 * {@inheritDoc}
 	 */
 	@Override
-	public Saml2RedirectAuthenticationRequest createRedirectAuthenticationRequest(Saml2AuthenticationRequestContext context) {
+	public Saml2RedirectAuthenticationRequest createRedirectAuthenticationRequest(
+			Saml2AuthenticationRequestContext context) {
 		AuthnRequest authnRequest = createAuthnRequest(context);
 		String xml = serialize(authnRequest);
 		Builder result = Saml2RedirectAuthenticationRequest.withAuthenticationRequestContext(context);
 		String deflatedAndEncoded = samlEncode(samlDeflate(xml));
-		result.samlRequest(deflatedAndEncoded)
-				.relayState(context.getRelayState());
+		result.samlRequest(deflatedAndEncoded).relayState(context.getRelayState());
 
 		if (context.getRelyingPartyRegistration().getAssertingPartyDetails().getWantAuthnRequestsSigned()) {
-			Collection<Saml2X509Credential> signingCredentials = context.getRelyingPartyRegistration().getSigningX509Credentials();
+			Collection<Saml2X509Credential> signingCredentials = context.getRelyingPartyRegistration()
+					.getSigningX509Credentials();
 			for (Saml2X509Credential credential : signingCredentials) {
 				Credential cred = getSigningCredential(credential.getCertificate(), credential.getPrivateKey(), "");
-				Map<String, String> signedParams = signQueryParameters(
-						cred,
-						deflatedAndEncoded,
+				Map<String, String> signedParams = signQueryParameters(cred, deflatedAndEncoded,
 						context.getRelayState());
-				return result
-						.samlRequest(signedParams.get("SAMLRequest"))
-						.relayState(signedParams.get("RelayState"))
-						.sigAlg(signedParams.get("SigAlg"))
-						.signature(signedParams.get("Signature"))
-						.build();
+				return result.samlRequest(signedParams.get("SAMLRequest")).relayState(signedParams.get("RelayState"))
+						.sigAlg(signedParams.get("SigAlg")).signature(signedParams.get("Signature")).build();
 			}
 			throw new Saml2Exception("No signing credential provided");
 		}
@@ -168,15 +162,14 @@ public class OpenSamlAuthenticationRequestFactory implements Saml2Authentication
 	}
 
 	private AuthnRequest createAuthnRequest(Saml2AuthenticationRequestContext context) {
-		AuthnRequest authnRequest = createAuthnRequest(context.getIssuer(),
-				context.getDestination(), context.getAssertionConsumerServiceUrl(),
-				this.protocolBindingResolver.convert(context));
+		AuthnRequest authnRequest = createAuthnRequest(context.getIssuer(), context.getDestination(),
+				context.getAssertionConsumerServiceUrl(), this.protocolBindingResolver.convert(context));
 		this.authnRequestConsumerResolver.apply(context).accept(authnRequest);
 		return authnRequest;
 	}
 
-	private AuthnRequest createAuthnRequest
-			(String issuer, String destination, String assertionConsumerServiceUrl, String protocolBinding) {
+	private AuthnRequest createAuthnRequest(String issuer, String destination, String assertionConsumerServiceUrl,
+			String protocolBinding) {
 		AuthnRequest auth = this.authnRequestBuilder.buildObject();
 		auth.setID("ARQ" + UUID.randomUUID().toString().substring(1));
 		auth.setIssueInstant(new DateTime(this.clock.millis()));
@@ -193,7 +186,6 @@ public class OpenSamlAuthenticationRequestFactory implements Saml2Authentication
 
 	/**
 	 * Set the {@link AuthnRequest} post-processor resolver
-	 *
 	 * @param authnRequestConsumerResolver
 	 * @since 5.4
 	 */
@@ -204,10 +196,7 @@ public class OpenSamlAuthenticationRequestFactory implements Saml2Authentication
 	}
 
 	/**
-	 * '
-	 * Use this {@link Clock} with {@link Instant#now()} for generating
-	 * timestamps
-	 *
+	 * ' Use this {@link Clock} with {@link Instant#now()} for generating timestamps
 	 * @param clock
 	 */
 	public void setClock(Clock clock) {
@@ -218,20 +207,20 @@ public class OpenSamlAuthenticationRequestFactory implements Saml2Authentication
 	/**
 	 * Sets the {@code protocolBinding} to use when generating authentication requests.
 	 * Acceptable values are {@link SAMLConstants#SAML2_POST_BINDING_URI} and
-	 * {@link SAMLConstants#SAML2_REDIRECT_BINDING_URI}
-	 * The IDP will be reading this value in the {@code AuthNRequest} to determine how to
-	 * send the Response/Assertion to the ACS URL, assertion consumer service URL.
-	 *
+	 * {@link SAMLConstants#SAML2_REDIRECT_BINDING_URI} The IDP will be reading this value
+	 * in the {@code AuthNRequest} to determine how to send the Response/Assertion to the
+	 * ACS URL, assertion consumer service URL.
 	 * @param protocolBinding either {@link SAMLConstants#SAML2_POST_BINDING_URI} or
 	 * {@link SAMLConstants#SAML2_REDIRECT_BINDING_URI}
 	 * @throws IllegalArgumentException if the protocolBinding is not valid
-	 * @deprecated Use {@link org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.Builder#assertionConsumerServiceBinding(Saml2MessageBinding)}
+	 * @deprecated Use
+	 * {@link org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.Builder#assertionConsumerServiceBinding(Saml2MessageBinding)}
 	 * instead
 	 */
 	@Deprecated
 	public void setProtocolBinding(String protocolBinding) {
-		boolean isAllowedBinding = SAMLConstants.SAML2_POST_BINDING_URI.equals(protocolBinding) ||
-				SAMLConstants.SAML2_REDIRECT_BINDING_URI.equals(protocolBinding);
+		boolean isAllowedBinding = SAMLConstants.SAML2_POST_BINDING_URI.equals(protocolBinding)
+				|| SAMLConstants.SAML2_REDIRECT_BINDING_URI.equals(protocolBinding);
 		if (!isAllowedBinding) {
 			throw new IllegalArgumentException("Invalid protocol binding: " + protocolBinding);
 		}
@@ -240,8 +229,8 @@ public class OpenSamlAuthenticationRequestFactory implements Saml2Authentication
 
 	private AuthnRequest sign(AuthnRequest authnRequest, RelyingPartyRegistration relyingPartyRegistration) {
 		for (Saml2X509Credential credential : relyingPartyRegistration.getSigningX509Credentials()) {
-			Credential cred = getSigningCredential(
-					credential.getCertificate(), credential.getPrivateKey(), relyingPartyRegistration.getEntityId());
+			Credential cred = getSigningCredential(credential.getCertificate(), credential.getPrivateKey(),
+					relyingPartyRegistration.getEntityId());
 			return sign(authnRequest, cred);
 		}
 		throw new IllegalArgumentException("No signing credential provided");
@@ -256,7 +245,8 @@ public class OpenSamlAuthenticationRequestFactory implements Saml2Authentication
 		try {
 			SignatureSupport.signObject(authnRequest, parameters);
 			return authnRequest;
-		} catch (MarshallingException | SignatureException | SecurityException e) {
+		}
+		catch (MarshallingException | SignatureException | SecurityException e) {
 			throw new Saml2Exception(e);
 		}
 	}
@@ -268,36 +258,21 @@ public class OpenSamlAuthenticationRequestFactory implements Saml2Authentication
 		return cred;
 	}
 
-	private Map<String, String> signQueryParameters(
-			Credential credential,
-			String samlRequest,
-			String relayState) {
+	private Map<String, String> signQueryParameters(Credential credential, String samlRequest, String relayState) {
 		Assert.notNull(samlRequest, "samlRequest cannot be null");
 		String algorithmUri = SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256;
 		StringBuilder queryString = new StringBuilder();
-		queryString
-				.append("SAMLRequest")
-				.append("=")
-				.append(UriUtils.encode(samlRequest, StandardCharsets.ISO_8859_1))
+		queryString.append("SAMLRequest").append("=").append(UriUtils.encode(samlRequest, StandardCharsets.ISO_8859_1))
 				.append("&");
 		if (hasText(relayState)) {
-			queryString
-					.append("RelayState")
-					.append("=")
-					.append(UriUtils.encode(relayState, StandardCharsets.ISO_8859_1))
-					.append("&");
+			queryString.append("RelayState").append("=")
+					.append(UriUtils.encode(relayState, StandardCharsets.ISO_8859_1)).append("&");
 		}
-		queryString
-				.append("SigAlg")
-				.append("=")
-				.append(UriUtils.encode(algorithmUri, StandardCharsets.ISO_8859_1));
+		queryString.append("SigAlg").append("=").append(UriUtils.encode(algorithmUri, StandardCharsets.ISO_8859_1));
 
 		try {
-			byte[] rawSignature = XMLSigningUtil.signWithURI(
-					credential,
-					algorithmUri,
-					queryString.toString().getBytes(StandardCharsets.UTF_8)
-			);
+			byte[] rawSignature = XMLSigningUtil.signWithURI(credential, algorithmUri,
+					queryString.toString().getBytes(StandardCharsets.UTF_8));
 			String b64Signature = Saml2Utils.samlEncode(rawSignature);
 
 			Map<String, String> result = new LinkedHashMap<>();
@@ -318,8 +293,10 @@ public class OpenSamlAuthenticationRequestFactory implements Saml2Authentication
 		try {
 			Element element = this.marshaller.marshall(authnRequest);
 			return SerializeSupport.nodeToString(element);
-		} catch (MarshallingException e) {
+		}
+		catch (MarshallingException e) {
 			throw new Saml2Exception(e);
 		}
 	}
+
 }
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticatedPrincipal.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticatedPrincipal.java
index 54cb297ffb..83cd4128c4 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticatedPrincipal.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticatedPrincipal.java
@@ -31,9 +31,9 @@ import java.util.Map;
  * @since 5.2.2
  */
 public interface Saml2AuthenticatedPrincipal extends AuthenticatedPrincipal {
+
 	/**
 	 * Get the first value of Saml2 token attribute by name
-	 *
 	 * @param name the name of the attribute
 	 * @param <A> the type of the attribute
 	 * @return the first attribute value or {@code null} otherwise
@@ -47,7 +47,6 @@ public interface Saml2AuthenticatedPrincipal extends AuthenticatedPrincipal {
 
 	/**
 	 * Get the Saml2 token attribute by name
-	 *
 	 * @param name the name of the attribute
 	 * @param <A> the type of the attribute
 	 * @return the attribute or {@code null} otherwise
@@ -60,11 +59,11 @@ public interface Saml2AuthenticatedPrincipal extends AuthenticatedPrincipal {
 
 	/**
 	 * Get the Saml2 token attributes
-	 *
 	 * @return the Saml2 token attributes
 	 * @since 5.4
 	 */
 	default Map<String, List<Object>> getAttributes() {
 		return Collections.emptyMap();
 	}
+
 }
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2Authentication.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2Authentication.java
index a2a5951648..c4c2a9347e 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2Authentication.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2Authentication.java
@@ -25,23 +25,23 @@ import org.springframework.util.Assert;
 import java.util.Collection;
 
 /**
- * An implementation of an {@link AbstractAuthenticationToken}
- * that represents an authenticated SAML 2.0 {@link Authentication}.
+ * An implementation of an {@link AbstractAuthenticationToken} that represents an
+ * authenticated SAML 2.0 {@link Authentication}.
  * <p>
- * The {@link Authentication} associates valid SAML assertion
- * data with a Spring Security authentication object
- * The complete assertion is contained in the object in String format,
- * {@link Saml2Authentication#getSaml2Response()}
+ * The {@link Authentication} associates valid SAML assertion data with a Spring Security
+ * authentication object The complete assertion is contained in the object in String
+ * format, {@link Saml2Authentication#getSaml2Response()}
+ *
  * @since 5.2
  * @see AbstractAuthenticationToken
  */
 public class Saml2Authentication extends AbstractAuthenticationToken {
 
 	private final AuthenticatedPrincipal principal;
+
 	private final String saml2Response;
 
-	public Saml2Authentication(AuthenticatedPrincipal principal,
-			String saml2Response,
+	public Saml2Authentication(AuthenticatedPrincipal principal, String saml2Response,
 			Collection<? extends GrantedAuthority> authorities) {
 		super(authorities);
 		Assert.notNull(principal, "principal cannot be null");
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationException.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationException.java
index 12b16a7358..b462b18ccf 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationException.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationException.java
@@ -27,23 +27,23 @@ import org.springframework.util.Assert;
  * <p>
  * There are a number of scenarios where an error may occur, for example:
  * <ul>
- *  <li>The response or assertion request is missing or malformed</li>
- *  <li>Missing or invalid subject</li>
- *  <li>Missing or invalid signatures</li>
- *  <li>The time period validation for the assertion fails</li>
- *  <li>One of the assertion conditions was not met</li>
- *  <li>Decryption failed</li>
- *  <li>Unable to locate a subject identifier, commonly known as username</li>
+ * <li>The response or assertion request is missing or malformed</li>
+ * <li>Missing or invalid subject</li>
+ * <li>Missing or invalid signatures</li>
+ * <li>The time period validation for the assertion fails</li>
+ * <li>One of the assertion conditions was not met</li>
+ * <li>Decryption failed</li>
+ * <li>Unable to locate a subject identifier, commonly known as username</li>
  * </ul>
  *
  * @since 5.2
  */
 public class Saml2AuthenticationException extends AuthenticationException {
+
 	private Saml2Error error;
 
 	/**
 	 * Constructs a {@code Saml2AuthenticationException} using the provided parameters.
-	 *
 	 * @param error the {@link Saml2Error SAML 2.0 Error}
 	 */
 	public Saml2AuthenticationException(Saml2Error error) {
@@ -52,7 +52,6 @@ public class Saml2AuthenticationException extends AuthenticationException {
 
 	/**
 	 * Constructs a {@code Saml2AuthenticationException} using the provided parameters.
-	 *
 	 * @param error the {@link Saml2Error SAML 2.0 Error}
 	 * @param cause the root cause
 	 */
@@ -62,7 +61,6 @@ public class Saml2AuthenticationException extends AuthenticationException {
 
 	/**
 	 * Constructs a {@code Saml2AuthenticationException} using the provided parameters.
-	 *
 	 * @param error the {@link Saml2Error SAML 2.0 Error}
 	 * @param message the detail message
 	 */
@@ -73,7 +71,6 @@ public class Saml2AuthenticationException extends AuthenticationException {
 
 	/**
 	 * Constructs a {@code Saml2AuthenticationException} using the provided parameters.
-	 *
 	 * @param error the {@link Saml2Error SAML 2.0 Error}
 	 * @param message the detail message
 	 * @param cause the root cause
@@ -85,57 +82,69 @@ public class Saml2AuthenticationException extends AuthenticationException {
 
 	/**
 	 * Constructs a {@code Saml2AuthenticationException} using the provided parameters.
-	 *
-	 * @param error the {@link org.springframework.security.saml2.provider.service.authentication.Saml2Error SAML 2.0 Error}
-	 * @deprecated Use {@link org.springframework.security.saml2.provider.service.authentication.Saml2Error} constructor instead
+	 * @param error the
+	 * {@link org.springframework.security.saml2.provider.service.authentication.Saml2Error
+	 * SAML 2.0 Error}
+	 * @deprecated Use
+	 * {@link org.springframework.security.saml2.provider.service.authentication.Saml2Error}
+	 * constructor instead
 	 */
 	@Deprecated
-	public Saml2AuthenticationException(org.springframework.security.saml2.provider.service.authentication.Saml2Error error) {
+	public Saml2AuthenticationException(
+			org.springframework.security.saml2.provider.service.authentication.Saml2Error error) {
 		this(error, error.getDescription());
 	}
 
 	/**
 	 * Constructs a {@code Saml2AuthenticationException} using the provided parameters.
-	 *
-	 * @param error the {@link org.springframework.security.saml2.provider.service.authentication.Saml2Error SAML 2.0 Error}
+	 * @param error the
+	 * {@link org.springframework.security.saml2.provider.service.authentication.Saml2Error
+	 * SAML 2.0 Error}
 	 * @param cause the root cause
-	 * @deprecated Use {@link org.springframework.security.saml2.provider.service.authentication.Saml2Error} constructor instead
+	 * @deprecated Use
+	 * {@link org.springframework.security.saml2.provider.service.authentication.Saml2Error}
+	 * constructor instead
 	 */
 	@Deprecated
-	public Saml2AuthenticationException(org.springframework.security.saml2.provider.service.authentication.Saml2Error error, Throwable cause) {
+	public Saml2AuthenticationException(
+			org.springframework.security.saml2.provider.service.authentication.Saml2Error error, Throwable cause) {
 		this(error, cause.getMessage(), cause);
 	}
 
 	/**
 	 * Constructs a {@code Saml2AuthenticationException} using the provided parameters.
-	 *
 	 * @param error the {@link Saml2Error SAML 2.0 Error}
 	 * @param message the detail message
 	 * @deprecated Use {@link Saml2Error} constructor instead
 	 */
 	@Deprecated
-	public Saml2AuthenticationException(org.springframework.security.saml2.provider.service.authentication.Saml2Error error, String message) {
+	public Saml2AuthenticationException(
+			org.springframework.security.saml2.provider.service.authentication.Saml2Error error, String message) {
 		super(message);
 		this.setError(error);
 	}
 
 	/**
 	 * Constructs a {@code Saml2AuthenticationException} using the provided parameters.
-	 *
-	 * @param error the {@link org.springframework.security.saml2.provider.service.authentication.Saml2Error SAML 2.0 Error}
+	 * @param error the
+	 * {@link org.springframework.security.saml2.provider.service.authentication.Saml2Error
+	 * SAML 2.0 Error}
 	 * @param message the detail message
 	 * @param cause the root cause
-	 * @deprecated Use {@link org.springframework.security.saml2.provider.service.authentication.Saml2Error} constructor instead
+	 * @deprecated Use
+	 * {@link org.springframework.security.saml2.provider.service.authentication.Saml2Error}
+	 * constructor instead
 	 */
 	@Deprecated
-	public Saml2AuthenticationException(org.springframework.security.saml2.provider.service.authentication.Saml2Error error, String message, Throwable cause) {
+	public Saml2AuthenticationException(
+			org.springframework.security.saml2.provider.service.authentication.Saml2Error error, String message,
+			Throwable cause) {
 		super(message, cause);
 		this.setError(error);
 	}
 
 	/**
 	 * Get the associated {@link Saml2Error}
-	 *
 	 * @return the associated {@link Saml2Error}
 	 */
 	public Saml2Error getSaml2Error() {
@@ -144,7 +153,6 @@ public class Saml2AuthenticationException extends AuthenticationException {
 
 	/**
 	 * Returns the {@link Saml2Error SAML 2.0 Error}.
-	 *
 	 * @return the {@link Saml2Error}
 	 * @deprecated Use {@link #getSaml2Error()} instead
 	 */
@@ -170,4 +178,5 @@ public class Saml2AuthenticationException extends AuthenticationException {
 		sb.append('}');
 		return sb.toString();
 	}
+
 }
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationRequest.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationRequest.java
index 1fcc1a80a2..c922a8c117 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationRequest.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationRequest.java
@@ -25,24 +25,26 @@ import java.util.List;
 import java.util.function.Consumer;
 
 /**
- * Data holder for information required to send an {@code AuthNRequest}
- * from the service provider to the identity provider
- * https://www.oasis-open.org/committees/download.php/35711/sstc-saml-core-errata-2.0-wd-06-diff.pdf (line 2031)
+ * Data holder for information required to send an {@code AuthNRequest} from the service
+ * provider to the identity provider
+ * https://www.oasis-open.org/committees/download.php/35711/sstc-saml-core-errata-2.0-wd-06-diff.pdf
+ * (line 2031)
  *
  * @since 5.2
  * @deprecated use {@link Saml2AuthenticationRequestContext}
  */
 @Deprecated
 public final class Saml2AuthenticationRequest {
+
 	private final String issuer;
+
 	private final List<Saml2X509Credential> credentials;
+
 	private final String destination;
+
 	private final String assertionConsumerServiceUrl;
 
-	private Saml2AuthenticationRequest(
-			String issuer,
-			String destination,
-			String assertionConsumerServiceUrl,
+	private Saml2AuthenticationRequest(String issuer, String destination, String assertionConsumerServiceUrl,
 			List<Saml2X509Credential> credentials) {
 		Assert.hasText(issuer, "issuer cannot be null");
 		Assert.hasText(destination, "destination cannot be null");
@@ -58,10 +60,9 @@ public final class Saml2AuthenticationRequest {
 		}
 	}
 
-
 	/**
-	 * returns the issuer, the local SP entity ID, for this authentication request.
-	 * This property should be used to populate the {@code AuthNRequest.Issuer} XML element.
+	 * returns the issuer, the local SP entity ID, for this authentication request. This
+	 * property should be used to populate the {@code AuthNRequest.Issuer} XML element.
 	 * This value typically is a URI, but can be an arbitrary string.
 	 * @return issuer
 	 */
@@ -70,8 +71,9 @@ public final class Saml2AuthenticationRequest {
 	}
 
 	/**
-	 * returns the destination, the WEB Single Sign On URI, for this authentication request.
-	 * This property populates the {@code AuthNRequest#Destination} XML attribute.
+	 * returns the destination, the WEB Single Sign On URI, for this authentication
+	 * request. This property populates the {@code AuthNRequest#Destination} XML
+	 * attribute.
 	 * @return destination
 	 */
 	public String getDestination() {
@@ -79,9 +81,9 @@ public final class Saml2AuthenticationRequest {
 	}
 
 	/**
-	 * Returns the desired {@code AssertionConsumerServiceUrl} that this SP wishes to receive the
-	 * assertion on. The IDP may or may not honor this request.
-	 * This property populates the {@code AuthNRequest#AssertionConsumerServiceURL} XML attribute.
+	 * Returns the desired {@code AssertionConsumerServiceUrl} that this SP wishes to
+	 * receive the assertion on. The IDP may or may not honor this request. This property
+	 * populates the {@code AuthNRequest#AssertionConsumerServiceURL} XML attribute.
 	 * @return the AssertionConsumerServiceURL value
 	 */
 	public String getAssertionConsumerServiceUrl() {
@@ -89,7 +91,8 @@ public final class Saml2AuthenticationRequest {
 	}
 
 	/**
-	 * Returns a list of credentials that can be used to sign the {@code AuthNRequest} object
+	 * Returns a list of credentials that can be used to sign the {@code AuthNRequest}
+	 * object
 	 * @return signing credentials
 	 */
 	public List<Saml2X509Credential> getCredentials() {
@@ -97,8 +100,7 @@ public final class Saml2AuthenticationRequest {
 	}
 
 	/**
-	 * A builder for {@link Saml2AuthenticationRequest}.
-	 * returns a builder object
+	 * A builder for {@link Saml2AuthenticationRequest}. returns a builder object
 	 */
 	public static Builder builder() {
 		return new Builder();
@@ -106,25 +108,25 @@ public final class Saml2AuthenticationRequest {
 
 	/**
 	 * A builder for {@link Saml2AuthenticationRequest}.
-	 * @param context a context object to copy values from.
-	 * returns a builder object
+	 * @param context a context object to copy values from. returns a builder object
 	 */
 	public static Builder withAuthenticationRequestContext(Saml2AuthenticationRequestContext context) {
-		return new Builder()
-				.assertionConsumerServiceUrl(context.getAssertionConsumerServiceUrl())
-				.issuer(context.getIssuer())
-				.destination(context.getDestination())
-				.credentials(c -> c.addAll(context.getRelyingPartyRegistration().getCredentials()))
-				;
+		return new Builder().assertionConsumerServiceUrl(context.getAssertionConsumerServiceUrl())
+				.issuer(context.getIssuer()).destination(context.getDestination())
+				.credentials(c -> c.addAll(context.getRelyingPartyRegistration().getCredentials()));
 	}
 
 	/**
 	 * A builder for {@link Saml2AuthenticationRequest}.
 	 */
 	public static class Builder {
+
 		private String issuer;
+
 		private List<Saml2X509Credential> credentials = new LinkedList<>();
+
 		private String destination;
+
 		private String assertionConsumerServiceUrl;
 
 		private Builder() {
@@ -141,11 +143,9 @@ public final class Saml2AuthenticationRequest {
 		}
 
 		/**
-		 * Modifies the collection of {@link Saml2X509Credential} credentials
-		 * used in communication between IDP and SP, specifically signing the
-		 * authentication request.
-		 * For example:
-		 * <code>
+		 * Modifies the collection of {@link Saml2X509Credential} credentials used in
+		 * communication between IDP and SP, specifically signing the authentication
+		 * request. For example: <code>
 		 *     Saml2X509Credential credential = ...;
 		 *     return Saml2AuthenticationRequest.withLocalSpEntityId("id")
 		 *             .credentials(c -> c.add(credential))
@@ -161,7 +161,8 @@ public final class Saml2AuthenticationRequest {
 		}
 
 		/**
-		 * Sets the Destination for the authentication request. Typically the {@code Service Provider EntityID}
+		 * Sets the Destination for the authentication request. Typically the
+		 * {@code Service Provider EntityID}
 		 * @param destination - a required value
 		 * @return this {@code Builder}
 		 */
@@ -187,12 +188,10 @@ public final class Saml2AuthenticationRequest {
 		 * @throws {@link IllegalArgumentException} if a required property is not set
 		 */
 		public Saml2AuthenticationRequest build() {
-			return new Saml2AuthenticationRequest(
-					this.issuer,
-					this.destination,
-					this.assertionConsumerServiceUrl,
-					this.credentials
-			);
+			return new Saml2AuthenticationRequest(this.issuer, this.destination, this.assertionConsumerServiceUrl,
+					this.credentials);
 		}
+
 	}
+
 }
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationRequestContext.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationRequestContext.java
index 01343f2b3c..5902571aa9 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationRequestContext.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationRequestContext.java
@@ -20,9 +20,9 @@ import org.springframework.security.saml2.provider.service.registration.RelyingP
 import org.springframework.util.Assert;
 
 /**
- * Data holder for information required to create an {@code AuthNRequest}
- * to be sent from the service provider to the identity provider
- * <a href="https://www.oasis-open.org/committees/download.php/35711/sstc-saml-core-errata-2.0-wd-06-diff.pdf">
+ * Data holder for information required to create an {@code AuthNRequest} to be sent from
+ * the service provider to the identity provider <a href=
+ * "https://www.oasis-open.org/committees/download.php/35711/sstc-saml-core-errata-2.0-wd-06-diff.pdf">
  * Assertions and Protocols for SAML 2 (line 2031)</a>
  *
  * @see Saml2AuthenticationRequestFactory#createPostAuthenticationRequest(Saml2AuthenticationRequestContext)
@@ -30,16 +30,17 @@ import org.springframework.util.Assert;
  * @since 5.3
  */
 public class Saml2AuthenticationRequestContext {
+
 	private final RelyingPartyRegistration relyingPartyRegistration;
+
 	private final String issuer;
+
 	private final String assertionConsumerServiceUrl;
+
 	private final String relayState;
 
-	protected Saml2AuthenticationRequestContext(
-			RelyingPartyRegistration relyingPartyRegistration,
-			String issuer,
-			String assertionConsumerServiceUrl,
-			String relayState) {
+	protected Saml2AuthenticationRequestContext(RelyingPartyRegistration relyingPartyRegistration, String issuer,
+			String assertionConsumerServiceUrl, String relayState) {
 		Assert.hasText(issuer, "issuer cannot be null or empty");
 		Assert.notNull(relyingPartyRegistration, "relyingPartyRegistration cannot be null");
 		Assert.hasText(assertionConsumerServiceUrl, "spAssertionConsumerServiceUrl cannot be null or empty");
@@ -50,7 +51,8 @@ public class Saml2AuthenticationRequestContext {
 	}
 
 	/**
-	 * Returns the {@link RelyingPartyRegistration} configuration for which the AuthNRequest is intended for.
+	 * Returns the {@link RelyingPartyRegistration} configuration for which the
+	 * AuthNRequest is intended for.
 	 * @return the {@link RelyingPartyRegistration} configuration
 	 */
 	public RelyingPartyRegistration getRelyingPartyRegistration() {
@@ -59,8 +61,8 @@ public class Saml2AuthenticationRequestContext {
 
 	/**
 	 * Returns the {@code Issuer} value to be used in the {@code AuthNRequest} object.
-	 * This property should be used to populate the {@code AuthNRequest.Issuer} XML element.
-	 * This value typically is a URI, but can be an arbitrary string.
+	 * This property should be used to populate the {@code AuthNRequest.Issuer} XML
+	 * element. This value typically is a URI, but can be an arbitrary string.
 	 * @return the Issuer value
 	 */
 	public String getIssuer() {
@@ -68,9 +70,9 @@ public class Saml2AuthenticationRequestContext {
 	}
 
 	/**
-	 * Returns the desired {@code AssertionConsumerServiceUrl} that this SP wishes to receive the
-	 * assertion on. The IDP may or may not honor this request.
-	 * This property populates the {@code AuthNRequest.AssertionConsumerServiceURL} XML attribute.
+	 * Returns the desired {@code AssertionConsumerServiceUrl} that this SP wishes to
+	 * receive the assertion on. The IDP may or may not honor this request. This property
+	 * populates the {@code AuthNRequest.AssertionConsumerServiceURL} XML attribute.
 	 * @return the AssertionConsumerServiceURL value
 	 */
 	public String getAssertionConsumerServiceUrl() {
@@ -86,8 +88,9 @@ public class Saml2AuthenticationRequestContext {
 	}
 
 	/**
-	 * Returns the {@code Destination}, the WEB Single Sign On URI, for this authentication request.
-	 * This property can also populate the {@code AuthNRequest.Destination} XML attribute.
+	 * Returns the {@code Destination}, the WEB Single Sign On URI, for this
+	 * authentication request. This property can also populate the
+	 * {@code AuthNRequest.Destination} XML attribute.
 	 * @return the Destination value
 	 */
 	public String getDestination() {
@@ -106,9 +109,13 @@ public class Saml2AuthenticationRequestContext {
 	 * A builder for {@link Saml2AuthenticationRequestContext}.
 	 */
 	public static class Builder {
+
 		private String issuer;
+
 		private String assertionConsumerServiceUrl;
+
 		private String relayState;
+
 		private RelyingPartyRegistration relyingPartyRegistration;
 
 		private Builder() {
@@ -125,7 +132,8 @@ public class Saml2AuthenticationRequestContext {
 		}
 
 		/**
-		 * Sets the {@link RelyingPartyRegistration} used to build the authentication request.
+		 * Sets the {@link RelyingPartyRegistration} used to build the authentication
+		 * request.
 		 * @param relyingPartyRegistration - a required value
 		 * @return this {@code Builder}
 		 */
@@ -147,7 +155,8 @@ public class Saml2AuthenticationRequestContext {
 
 		/**
 		 * Sets the {@code RelayState} parameter that will accompany this AuthNRequest
-		 * @param relayState the relay state value, unencoded. if null or empty, the parameter will be removed from the map.
+		 * @param relayState the relay state value, unencoded. if null or empty, the
+		 * parameter will be removed from the map.
 		 * @return this object
 		 */
 		public Builder relayState(String relayState) {
@@ -161,12 +170,10 @@ public class Saml2AuthenticationRequestContext {
 		 * @throws {@link IllegalArgumentException} if a required property is not set
 		 */
 		public Saml2AuthenticationRequestContext build() {
-			return new Saml2AuthenticationRequestContext(
-					this.relyingPartyRegistration,
-					this.issuer,
-					this.assertionConsumerServiceUrl,
-					this.relayState
-			);
+			return new Saml2AuthenticationRequestContext(this.relyingPartyRegistration, this.issuer,
+					this.assertionConsumerServiceUrl, this.relayState);
 		}
+
 	}
+
 }
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationRequestFactory.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationRequestFactory.java
index b70a4fe69c..a57a113c0d 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationRequestFactory.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationRequestFactory.java
@@ -27,9 +27,9 @@ import static org.springframework.security.saml2.provider.service.authentication
 import static org.springframework.security.saml2.provider.service.authentication.Saml2Utils.samlEncode;
 
 /**
- * Component that generates AuthenticationRequest, <code>samlp:AuthnRequestType</code> XML, and accompanying
- * signature data.
- * as defined by https://www.oasis-open.org/committees/download.php/35711/sstc-saml-core-errata-2.0-wd-06-diff.pdf
+ * Component that generates AuthenticationRequest, <code>samlp:AuthnRequestType</code>
+ * XML, and accompanying signature data. as defined by
+ * https://www.oasis-open.org/committees/download.php/35711/sstc-saml-core-errata-2.0-wd-06-diff.pdf
  * Page 50, Line 2147
  *
  * @since 5.2
@@ -37,81 +37,81 @@ import static org.springframework.security.saml2.provider.service.authentication
 public interface Saml2AuthenticationRequestFactory {
 
 	/**
-	 * Creates an authentication request from the Service Provider, sp, to the Identity Provider, idp.
-	 * The authentication result is an XML string that may be signed, encrypted, both or neither.
-	 * This method only returns the {@code SAMLRequest} string for the request, and for a complete
-	 * set of data parameters please use {@link #createRedirectAuthenticationRequest(Saml2AuthenticationRequestContext)}
-	 * or {@link #createPostAuthenticationRequest(Saml2AuthenticationRequestContext)}
-	 *
-	 * @param request information about the identity provider,
-	 * the recipient of this authentication request and accompanying data
-	 * @return XML data in the format of a String. This data may be signed, encrypted, both signed and encrypted with the
-	 * signature embedded in the XML or neither signed and encrypted
+	 * Creates an authentication request from the Service Provider, sp, to the Identity
+	 * Provider, idp. The authentication result is an XML string that may be signed,
+	 * encrypted, both or neither. This method only returns the {@code SAMLRequest} string
+	 * for the request, and for a complete set of data parameters please use
+	 * {@link #createRedirectAuthenticationRequest(Saml2AuthenticationRequestContext)} or
+	 * {@link #createPostAuthenticationRequest(Saml2AuthenticationRequestContext)}
+	 * @param request information about the identity provider, the recipient of this
+	 * authentication request and accompanying data
+	 * @return XML data in the format of a String. This data may be signed, encrypted,
+	 * both signed and encrypted with the signature embedded in the XML or neither signed
+	 * and encrypted
 	 * @throws Saml2Exception when a SAML library exception occurs
 	 * @since 5.2
-	 * @deprecated please use {@link #createRedirectAuthenticationRequest(Saml2AuthenticationRequestContext)}
-	 * or {@link #createPostAuthenticationRequest(Saml2AuthenticationRequestContext)}
-	 * This method will be removed in future versions of Spring Security
+	 * @deprecated please use
+	 * {@link #createRedirectAuthenticationRequest(Saml2AuthenticationRequestContext)} or
+	 * {@link #createPostAuthenticationRequest(Saml2AuthenticationRequestContext)} This
+	 * method will be removed in future versions of Spring Security
 	 */
 	@Deprecated
 	String createAuthenticationRequest(Saml2AuthenticationRequest request);
 
 	/**
-	 * Creates all the necessary AuthNRequest parameters for a REDIRECT binding.
-	 * If the {@link Saml2AuthenticationRequestContext} doesn't contain any {@link Saml2X509CredentialType#SIGNING} credentials
-	 * the result will not contain any signatures.
-	 * The data set will be signed and encoded for REDIRECT binding including the DEFLATE encoding.
-	 * It will contain the following parameters to be sent as part of the query string:
-	 * {@code SAMLRequest, RelayState, SigAlg, Signature}.
-	 * <i>The default implementation, for sake of backwards compatibility, of this method returns the
-	 * SAMLRequest message with an XML signature embedded, that should only be used for the{@link Saml2MessageBinding#POST}
-	 * binding, but works over {@link Saml2MessageBinding#POST} with most providers.</i>
-	 * @param context - information about the identity provider, the recipient of this authentication request and
-	 * accompanying data
-	 * @return a {@link Saml2RedirectAuthenticationRequest} object with applicable http parameters
-	 * necessary to make the AuthNRequest over a POST or REDIRECT binding.
-	 * All parameters will be SAML encoded/deflated, but escaped, ie URI encoded or encoded for Form Data.
+	 * Creates all the necessary AuthNRequest parameters for a REDIRECT binding. If the
+	 * {@link Saml2AuthenticationRequestContext} doesn't contain any
+	 * {@link Saml2X509CredentialType#SIGNING} credentials the result will not contain any
+	 * signatures. The data set will be signed and encoded for REDIRECT binding including
+	 * the DEFLATE encoding. It will contain the following parameters to be sent as part
+	 * of the query string: {@code SAMLRequest, RelayState, SigAlg, Signature}. <i>The
+	 * default implementation, for sake of backwards compatibility, of this method returns
+	 * the SAMLRequest message with an XML signature embedded, that should only be used
+	 * for the{@link Saml2MessageBinding#POST} binding, but works over
+	 * {@link Saml2MessageBinding#POST} with most providers.</i>
+	 * @param context - information about the identity provider, the recipient of this
+	 * authentication request and accompanying data
+	 * @return a {@link Saml2RedirectAuthenticationRequest} object with applicable http
+	 * parameters necessary to make the AuthNRequest over a POST or REDIRECT binding. All
+	 * parameters will be SAML encoded/deflated, but escaped, ie URI encoded or encoded
+	 * for Form Data.
 	 * @throws Saml2Exception when a SAML library exception occurs
 	 * @since 5.3
 	 */
 	default Saml2RedirectAuthenticationRequest createRedirectAuthenticationRequest(
-			Saml2AuthenticationRequestContext context
-	) {
-		//backwards compatible with 5.2.x settings
+			Saml2AuthenticationRequestContext context) {
+		// backwards compatible with 5.2.x settings
 		Saml2AuthenticationRequest.Builder resultBuilder = withAuthenticationRequestContext(context);
 		String samlRequest = createAuthenticationRequest(resultBuilder.build());
 		samlRequest = samlEncode(samlDeflate(samlRequest));
-		return Saml2RedirectAuthenticationRequest.withAuthenticationRequestContext(context)
-				.samlRequest(samlRequest)
+		return Saml2RedirectAuthenticationRequest.withAuthenticationRequestContext(context).samlRequest(samlRequest)
 				.build();
 	}
 
-
 	/**
-	 * Creates all the necessary AuthNRequest parameters for a POST binding.
-	 * If the {@link Saml2AuthenticationRequestContext} doesn't contain any {@link Saml2X509CredentialType#SIGNING} credentials
-	 * the result will not contain any signatures.
-	 * The data set will be signed and encoded for  POST binding and if applicable signed with XML signatures.
-	 * will contain the following parameters to be sent as part of the form data: {@code SAMLRequest, RelayState}.
-	 * <i>The default implementation of this method returns the SAMLRequest message with an XML signature embedded,
-	 * that should only be used for the {@link Saml2MessageBinding#POST} binding.</i>
-	 * @param context - information about the identity provider, the recipient of this authentication request and
-	 * accompanying data
-	 * @return a {@link Saml2PostAuthenticationRequest} object with applicable http parameters
-	 * necessary to make the AuthNRequest over a POST binding.
-	 * All parameters will be SAML encoded but not escaped for Form Data.
+	 * Creates all the necessary AuthNRequest parameters for a POST binding. If the
+	 * {@link Saml2AuthenticationRequestContext} doesn't contain any
+	 * {@link Saml2X509CredentialType#SIGNING} credentials the result will not contain any
+	 * signatures. The data set will be signed and encoded for POST binding and if
+	 * applicable signed with XML signatures. will contain the following parameters to be
+	 * sent as part of the form data: {@code SAMLRequest, RelayState}. <i>The default
+	 * implementation of this method returns the SAMLRequest message with an XML signature
+	 * embedded, that should only be used for the {@link Saml2MessageBinding#POST}
+	 * binding.</i>
+	 * @param context - information about the identity provider, the recipient of this
+	 * authentication request and accompanying data
+	 * @return a {@link Saml2PostAuthenticationRequest} object with applicable http
+	 * parameters necessary to make the AuthNRequest over a POST binding. All parameters
+	 * will be SAML encoded but not escaped for Form Data.
 	 * @throws Saml2Exception when a SAML library exception occurs
 	 * @since 5.3
 	 */
-	default Saml2PostAuthenticationRequest createPostAuthenticationRequest(
-			Saml2AuthenticationRequestContext context
-	) {
-		//backwards compatible with 5.2.x settings
+	default Saml2PostAuthenticationRequest createPostAuthenticationRequest(Saml2AuthenticationRequestContext context) {
+		// backwards compatible with 5.2.x settings
 		Saml2AuthenticationRequest.Builder resultBuilder = withAuthenticationRequestContext(context);
 		String samlRequest = createAuthenticationRequest(resultBuilder.build());
 		samlRequest = samlEncode(samlRequest.getBytes(StandardCharsets.UTF_8));
-		return Saml2PostAuthenticationRequest.withAuthenticationRequestContext(context)
-				.samlRequest(samlRequest)
+		return Saml2PostAuthenticationRequest.withAuthenticationRequestContext(context).samlRequest(samlRequest)
 				.build();
 	}
 
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationToken.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationToken.java
index 22146994f0..a266dd93ec 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationToken.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationToken.java
@@ -27,8 +27,8 @@ import org.springframework.util.Assert;
 import static org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.withRegistrationId;
 
 /**
- * Represents an incoming SAML 2.0 response containing an assertion that has not been validated.
- * {@link Saml2AuthenticationToken#isAuthenticated()} will always return false.
+ * Represents an incoming SAML 2.0 response containing an assertion that has not been
+ * validated. {@link Saml2AuthenticationToken#isAuthenticated()} will always return false.
  *
  * @since 5.2
  * @author Filip Hanik
@@ -37,23 +37,23 @@ import static org.springframework.security.saml2.provider.service.registration.R
 public class Saml2AuthenticationToken extends AbstractAuthenticationToken {
 
 	private final RelyingPartyRegistration relyingPartyRegistration;
+
 	private final String saml2Response;
 
 	/**
 	 * Creates a {@link Saml2AuthenticationToken} with the provided parameters
 	 *
-	 * Note that the given {@link RelyingPartyRegistration} should have all its
-	 * templates resolved at this point. See
+	 * Note that the given {@link RelyingPartyRegistration} should have all its templates
+	 * resolved at this point. See
 	 * {@link org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationFilter}
 	 * for an example of performing that resolution.
-	 *
-	 * @param relyingPartyRegistration the resolved {@link RelyingPartyRegistration} to use
+	 * @param relyingPartyRegistration the resolved {@link RelyingPartyRegistration} to
+	 * use
 	 * @param saml2Response the SAML 2.0 response to authenticate
 	 *
 	 * @since 5.4
 	 */
-	public Saml2AuthenticationToken(RelyingPartyRegistration relyingPartyRegistration,
-			String saml2Response) {
+	public Saml2AuthenticationToken(RelyingPartyRegistration relyingPartyRegistration, String saml2Response) {
 
 		super(Collections.emptyList());
 		Assert.notNull(relyingPartyRegistration, "relyingPartyRegistration cannot be null");
@@ -65,26 +65,23 @@ public class Saml2AuthenticationToken extends AbstractAuthenticationToken {
 	/**
 	 * Creates an authentication token from an incoming SAML 2 Response object
 	 * @param saml2Response inflated and decoded XML representation of the SAML 2 Response
-	 * @param recipientUri the URL that the SAML 2 Response was received at. Used for validation
+	 * @param recipientUri the URL that the SAML 2 Response was received at. Used for
+	 * validation
 	 * @param idpEntityId the entity ID of the asserting entity
 	 * @param localSpEntityId the configured local SP, the relying party, entity ID
-	 * @param credentials the credentials configured for signature verification and decryption
-	 * @deprecated Use {@link Saml2AuthenticationToken(RelyingPartyRegistration, String)} instead
+	 * @param credentials the credentials configured for signature verification and
+	 * decryption
+	 * @deprecated Use {@link Saml2AuthenticationToken(RelyingPartyRegistration, String)}
+	 * instead
 	 */
 	@Deprecated
-	public Saml2AuthenticationToken(String saml2Response,
-									String recipientUri,
-									String idpEntityId,
-									String localSpEntityId,
-									List<Saml2X509Credential> credentials) {
+	public Saml2AuthenticationToken(String saml2Response, String recipientUri, String idpEntityId,
+			String localSpEntityId, List<Saml2X509Credential> credentials) {
 		super(null);
-		this.relyingPartyRegistration = withRegistrationId(idpEntityId)
-				.entityId(localSpEntityId)
-				.assertionConsumerServiceLocation(recipientUri)
-				.credentials(c -> c.addAll(credentials))
-				.assertingPartyDetails(assertingParty -> assertingParty
-						.entityId(idpEntityId)
-						.singleSignOnServiceLocation(idpEntityId))
+		this.relyingPartyRegistration = withRegistrationId(idpEntityId).entityId(localSpEntityId)
+				.assertionConsumerServiceLocation(recipientUri).credentials(c -> c.addAll(credentials))
+				.assertingPartyDetails(
+						assertingParty -> assertingParty.entityId(idpEntityId).singleSignOnServiceLocation(idpEntityId))
 				.build();
 		this.saml2Response = saml2Response;
 	}
@@ -109,7 +106,6 @@ public class Saml2AuthenticationToken extends AbstractAuthenticationToken {
 
 	/**
 	 * Get the resolved {@link RelyingPartyRegistration} associated with the request
-	 *
 	 * @return the resolved {@link RelyingPartyRegistration}
 	 * @since 5.4
 	 */
@@ -128,7 +124,9 @@ public class Saml2AuthenticationToken extends AbstractAuthenticationToken {
 	/**
 	 * Returns the URI that the SAML 2 Response object came in on
 	 * @return URI as a string
-	 * @deprecated Use {@link #getRelyingPartyRegistration().getAssertionConsumerServiceLocation()} instead
+	 * @deprecated Use
+	 * {@link #getRelyingPartyRegistration().getAssertionConsumerServiceLocation()}
+	 * instead
 	 */
 	@Deprecated
 	public String getRecipientUri() {
@@ -148,7 +146,8 @@ public class Saml2AuthenticationToken extends AbstractAuthenticationToken {
 	/**
 	 * Returns all the credentials associated with the relying party configuraiton
 	 * @return
-	 * @deprecated Get the credentials through {@link #getRelyingPartyRegistration()} instead
+	 * @deprecated Get the credentials through {@link #getRelyingPartyRegistration()}
+	 * instead
 	 */
 	@Deprecated
 	public List<Saml2X509Credential> getX509Credentials() {
@@ -176,10 +175,13 @@ public class Saml2AuthenticationToken extends AbstractAuthenticationToken {
 	/**
 	 * Returns the configured IDP, asserting party, entity ID
 	 * @return a string representing the entity ID
-	 * @deprecated Use {@link #getRelyingPartyRegistration().getAssertingPartyDetails().getEntityId()} instead
+	 * @deprecated Use
+	 * {@link #getRelyingPartyRegistration().getAssertingPartyDetails().getEntityId()}
+	 * instead
 	 */
 	@Deprecated
 	public String getIdpEntityId() {
 		return this.relyingPartyRegistration.getAssertingPartyDetails().getEntityId();
 	}
+
 }
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2Error.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2Error.java
index 721b0d5b5a..23f3d24d1b 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2Error.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2Error.java
@@ -24,22 +24,23 @@ import org.springframework.security.core.SpringSecurityCoreVersion;
  * A representation of an SAML 2.0 Error.
  *
  * <p>
- * At a minimum, an error response will contain an error code.
- * The commonly used error code are defined in this class
- * or a new codes can be defined in the future as arbitrary strings.
+ * At a minimum, an error response will contain an error code. The commonly used error
+ * code are defined in this class or a new codes can be defined in the future as arbitrary
+ * strings.
  * </p>
+ *
  * @since 5.2
  * @deprecated Use {@link org.springframework.security.saml2.core.Saml2Error} instead
  */
 @Deprecated
 public class Saml2Error implements Serializable {
+
 	private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
 
 	private final org.springframework.security.saml2.core.Saml2Error error;
 
 	/**
 	 * Constructs a {@code Saml2Error} using the provided parameters.
-	 *
 	 * @param errorCode the error code
 	 * @param description the error description
 	 */
@@ -49,7 +50,6 @@ public class Saml2Error implements Serializable {
 
 	/**
 	 * Returns the error code.
-	 *
 	 * @return the error code
 	 */
 	public final String getErrorCode() {
@@ -58,7 +58,6 @@ public class Saml2Error implements Serializable {
 
 	/**
 	 * Returns the error description.
-	 *
 	 * @return the error description
 	 */
 	public final String getDescription() {
@@ -67,7 +66,7 @@ public class Saml2Error implements Serializable {
 
 	@Override
 	public String toString() {
-		return "[" + this.getErrorCode() + "] " +
-				(this.getDescription() != null ? this.getDescription() : "");
+		return "[" + this.getErrorCode() + "] " + (this.getDescription() != null ? this.getDescription() : "");
 	}
+
 }
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2ErrorCodes.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2ErrorCodes.java
index b525f3a8e7..fbf31b24ec 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2ErrorCodes.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2ErrorCodes.java
@@ -24,80 +24,84 @@ package org.springframework.security.saml2.provider.service.authentication;
  */
 @Deprecated
 public interface Saml2ErrorCodes {
+
 	/**
-	 * SAML Data does not represent a SAML 2 Response object.
-	 * A valid XML object was received, but that object was not a
-	 * SAML 2 Response object of type {@code ResponseType} per specification
+	 * SAML Data does not represent a SAML 2 Response object. A valid XML object was
+	 * received, but that object was not a SAML 2 Response object of type
+	 * {@code ResponseType} per specification
 	 * https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf#page=46
 	 */
 	String UNKNOWN_RESPONSE_CLASS = org.springframework.security.saml2.core.Saml2ErrorCodes.UNKNOWN_RESPONSE_CLASS;
+
 	/**
-	 * The response data is malformed or incomplete.
-	 * An invalid XML object was received, and XML unmarshalling failed.
+	 * The response data is malformed or incomplete. An invalid XML object was received,
+	 * and XML unmarshalling failed.
 	 */
 	String MALFORMED_RESPONSE_DATA = org.springframework.security.saml2.core.Saml2ErrorCodes.MALFORMED_RESPONSE_DATA;
+
 	/**
-	 * Response destination does not match the request URL.
-	 * A SAML 2 response object was received at a URL that
-	 * did not match the URL stored in the {code Destination} attribute
-	 * in the Response object.
+	 * Response destination does not match the request URL. A SAML 2 response object was
+	 * received at a URL that did not match the URL stored in the {code Destination}
+	 * attribute in the Response object.
 	 * https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf#page=38
 	 */
 	String INVALID_DESTINATION = org.springframework.security.saml2.core.Saml2ErrorCodes.INVALID_DESTINATION;
+
 	/**
-	 * The assertion was not valid.
-	 * The assertion used for authentication failed validation.
-	 * Details around the failure will be present in the error description.
+	 * The assertion was not valid. The assertion used for authentication failed
+	 * validation. Details around the failure will be present in the error description.
 	 */
 	String INVALID_ASSERTION = org.springframework.security.saml2.core.Saml2ErrorCodes.INVALID_ASSERTION;
+
 	/**
-	 * The signature of response or assertion was invalid.
-	 * Either the response or the assertion was missing a signature
-	 * or the signature could not be verified using the system's
-	 * configured credentials. Most commonly the IDP's
-	 * X509 certificate.
+	 * The signature of response or assertion was invalid. Either the response or the
+	 * assertion was missing a signature or the signature could not be verified using the
+	 * system's configured credentials. Most commonly the IDP's X509 certificate.
 	 */
 	String INVALID_SIGNATURE = org.springframework.security.saml2.core.Saml2ErrorCodes.INVALID_SIGNATURE;
+
 	/**
-	 * The assertion did not contain a subject element.
-	 * The subject element, type SubjectType, contains
-	 * a {@code NameID} or an {@code EncryptedID} that is used
-	 * to assign the authenticated principal an identifier,
-	 * typically a username.
+	 * The assertion did not contain a subject element. The subject element, type
+	 * SubjectType, contains a {@code NameID} or an {@code EncryptedID} that is used to
+	 * assign the authenticated principal an identifier, typically a username.
 	 *
 	 * https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf#page=18
 	 */
 	String SUBJECT_NOT_FOUND = org.springframework.security.saml2.core.Saml2ErrorCodes.SUBJECT_NOT_FOUND;
+
 	/**
-	 * The subject did not contain a user identifier
-	 * The assertion contained a subject element, but the subject
-	 * element did not have a {@code NameID} or {@code EncryptedID}
-	 * element
+	 * The subject did not contain a user identifier The assertion contained a subject
+	 * element, but the subject element did not have a {@code NameID} or
+	 * {@code EncryptedID} element
 	 *
 	 * https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf#page=18
 	 */
 	String USERNAME_NOT_FOUND = org.springframework.security.saml2.core.Saml2ErrorCodes.USERNAME_NOT_FOUND;
+
 	/**
-	 * The system failed to decrypt an assertion or a name identifier.
-	 * This error code will be thrown if the decryption of either a
-	 * {@code EncryptedAssertion} or {@code EncryptedID} fails.
+	 * The system failed to decrypt an assertion or a name identifier. This error code
+	 * will be thrown if the decryption of either a {@code EncryptedAssertion} or
+	 * {@code EncryptedID} fails.
 	 * https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf#page=17
 	 */
 	String DECRYPTION_ERROR = org.springframework.security.saml2.core.Saml2ErrorCodes.DECRYPTION_ERROR;
+
 	/**
 	 * An Issuer element contained a value that didn't
 	 * https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf#page=15
 	 */
 	String INVALID_ISSUER = org.springframework.security.saml2.core.Saml2ErrorCodes.INVALID_ISSUER;
+
 	/**
-	 * An error happened during validation.
-	 * Used when internal, non classified, errors are caught during the
-	 * authentication process.
+	 * An error happened during validation. Used when internal, non classified, errors are
+	 * caught during the authentication process.
 	 */
 	String INTERNAL_VALIDATION_ERROR = org.springframework.security.saml2.core.Saml2ErrorCodes.INTERNAL_VALIDATION_ERROR;
+
 	/**
-	 * The relying party registration was not found.
-	 * The registration ID did not correspond to any relying party registration.
+	 * The relying party registration was not found. The registration ID did not
+	 * correspond to any relying party registration.
 	 */
 	String RELYING_PARTY_REGISTRATION_NOT_FOUND = org.springframework.security.saml2.core.Saml2ErrorCodes.RELYING_PARTY_REGISTRATION_NOT_FOUND;
+
 }
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2PostAuthenticationRequest.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2PostAuthenticationRequest.java
index d621a7c704..7d3f3aab41 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2PostAuthenticationRequest.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2PostAuthenticationRequest.java
@@ -21,19 +21,17 @@ import org.springframework.security.saml2.provider.service.registration.Saml2Mes
 import static org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding.POST;
 
 /**
- * Data holder for information required to send an {@code AuthNRequest} over a POST binding
- * from the service provider to the identity provider
- * https://www.oasis-open.org/committees/download.php/35711/sstc-saml-core-errata-2.0-wd-06-diff.pdf (line 2031)
+ * Data holder for information required to send an {@code AuthNRequest} over a POST
+ * binding from the service provider to the identity provider
+ * https://www.oasis-open.org/committees/download.php/35711/sstc-saml-core-errata-2.0-wd-06-diff.pdf
+ * (line 2031)
  *
  * @see Saml2AuthenticationRequestFactory
  * @since 5.3
  */
 public class Saml2PostAuthenticationRequest extends AbstractSaml2AuthenticationRequest {
 
-	private Saml2PostAuthenticationRequest(
-			String samlRequest,
-			String relayState,
-			String authenticationRequestUri) {
+	private Saml2PostAuthenticationRequest(String samlRequest, String relayState, String authenticationRequestUri) {
 		super(samlRequest, relayState, authenticationRequestUri);
 	}
 
@@ -46,17 +44,16 @@ public class Saml2PostAuthenticationRequest extends AbstractSaml2AuthenticationR
 	}
 
 	/**
-	 * Constructs a {@link Builder} from a {@link Saml2AuthenticationRequestContext} object.
-	 * By default the {@link Saml2PostAuthenticationRequest#getAuthenticationRequestUri()} will be set to the
-	 * {@link Saml2AuthenticationRequestContext#getDestination()} value.
-	 * @param context input providing {@code Destination}, {@code RelayState}, and {@code Issuer} objects.
+	 * Constructs a {@link Builder} from a {@link Saml2AuthenticationRequestContext}
+	 * object. By default the
+	 * {@link Saml2PostAuthenticationRequest#getAuthenticationRequestUri()} will be set to
+	 * the {@link Saml2AuthenticationRequestContext#getDestination()} value.
+	 * @param context input providing {@code Destination}, {@code RelayState}, and
+	 * {@code Issuer} objects.
 	 * @return a modifiable builder object
 	 */
 	public static Builder withAuthenticationRequestContext(Saml2AuthenticationRequestContext context) {
-		return new Builder()
-				.authenticationRequestUri(context.getDestination())
-				.relayState(context.getRelayState())
-				;
+		return new Builder().authenticationRequestUri(context.getDestination()).relayState(context.getRelayState());
 	}
 
 	/**
@@ -73,13 +70,9 @@ public class Saml2PostAuthenticationRequest extends AbstractSaml2AuthenticationR
 		 * @return an immutable {@link Saml2PostAuthenticationRequest} object.
 		 */
 		public Saml2PostAuthenticationRequest build() {
-			return new Saml2PostAuthenticationRequest(
-					this.samlRequest,
-					this.relayState,
-					this.authenticationRequestUri
-			);
+			return new Saml2PostAuthenticationRequest(this.samlRequest, this.relayState, this.authenticationRequestUri);
 		}
+
 	}
 
-
 }
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2RedirectAuthenticationRequest.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2RedirectAuthenticationRequest.java
index fdfc8372aa..d5ae3c32c5 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2RedirectAuthenticationRequest.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2RedirectAuthenticationRequest.java
@@ -21,9 +21,10 @@ import org.springframework.security.saml2.provider.service.registration.Saml2Mes
 import static org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding.REDIRECT;
 
 /**
- * Data holder for information required to send an {@code AuthNRequest} over a REDIRECT binding
- * from the service provider to the identity provider
- * https://www.oasis-open.org/committees/download.php/35711/sstc-saml-core-errata-2.0-wd-06-diff.pdf (line 2031)
+ * Data holder for information required to send an {@code AuthNRequest} over a REDIRECT
+ * binding from the service provider to the identity provider
+ * https://www.oasis-open.org/committees/download.php/35711/sstc-saml-core-errata-2.0-wd-06-diff.pdf
+ * (line 2031)
  *
  * @see Saml2AuthenticationRequestFactory
  * @since 5.3
@@ -31,13 +32,10 @@ import static org.springframework.security.saml2.provider.service.registration.S
 public class Saml2RedirectAuthenticationRequest extends AbstractSaml2AuthenticationRequest {
 
 	private final String sigAlg;
+
 	private final String signature;
 
-	private Saml2RedirectAuthenticationRequest(
-			String samlRequest,
-			String sigAlg,
-			String signature,
-			String relayState,
+	private Saml2RedirectAuthenticationRequest(String samlRequest, String sigAlg, String signature, String relayState,
 			String authenticationRequestUri) {
 		super(samlRequest, relayState, authenticationRequestUri);
 		this.sigAlg = sigAlg;
@@ -61,7 +59,7 @@ public class Saml2RedirectAuthenticationRequest extends AbstractSaml2Authenticat
 	}
 
 	/**
-     * @return {@link Saml2MessageBinding#REDIRECT}
+	 * @return {@link Saml2MessageBinding#REDIRECT}
 	 */
 	@Override
 	public Saml2MessageBinding getBinding() {
@@ -69,24 +67,25 @@ public class Saml2RedirectAuthenticationRequest extends AbstractSaml2Authenticat
 	}
 
 	/**
-	 * Constructs a {@link Saml2RedirectAuthenticationRequest.Builder} from a {@link Saml2AuthenticationRequestContext} object.
-	 * By default the {@link Saml2RedirectAuthenticationRequest#getAuthenticationRequestUri()} will be set to the
-	 * {@link Saml2AuthenticationRequestContext#getDestination()} value.
-	 * @param context input providing {@code Destination}, {@code RelayState}, and {@code Issuer} objects.
+	 * Constructs a {@link Saml2RedirectAuthenticationRequest.Builder} from a
+	 * {@link Saml2AuthenticationRequestContext} object. By default the
+	 * {@link Saml2RedirectAuthenticationRequest#getAuthenticationRequestUri()} will be
+	 * set to the {@link Saml2AuthenticationRequestContext#getDestination()} value.
+	 * @param context input providing {@code Destination}, {@code RelayState}, and
+	 * {@code Issuer} objects.
 	 * @return a modifiable builder object
 	 */
 	public static Builder withAuthenticationRequestContext(Saml2AuthenticationRequestContext context) {
-		return new Builder()
-				.authenticationRequestUri(context.getDestination())
-				.relayState(context.getRelayState())
-				;
+		return new Builder().authenticationRequestUri(context.getDestination()).relayState(context.getRelayState());
 	}
 
 	/**
 	 * Builder class for a {@link Saml2RedirectAuthenticationRequest} object.
 	 */
 	public static class Builder extends AbstractSaml2AuthenticationRequest.Builder<Builder> {
+
 		private String sigAlg;
+
 		private String signature;
 
 		private Builder() {
@@ -118,16 +117,10 @@ public class Saml2RedirectAuthenticationRequest extends AbstractSaml2Authenticat
 		 * @return an immutable {@link Saml2RedirectAuthenticationRequest} object.
 		 */
 		public Saml2RedirectAuthenticationRequest build() {
-			return new Saml2RedirectAuthenticationRequest(
-					this.samlRequest,
-					this.sigAlg,
-					this.signature,
-					this.relayState,
-					this.authenticationRequestUri
-			);
+			return new Saml2RedirectAuthenticationRequest(this.samlRequest, this.sigAlg, this.signature,
+					this.relayState, this.authenticationRequestUri);
 		}
 
 	}
 
-
 }
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2Utils.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2Utils.java
index ae271df111..b1efb7b1df 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2Utils.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2Utils.java
@@ -34,8 +34,7 @@ import static java.util.zip.Deflater.DEFLATED;
  */
 final class Saml2Utils {
 
-
-	private static Base64 BASE64 = new Base64(0, new byte[]{'\n'});
+	private static Base64 BASE64 = new Base64(0, new byte[] { '\n' });
 
 	static String samlEncode(byte[] b) {
 		return BASE64.encodeAsString(b);
@@ -70,4 +69,5 @@ final class Saml2Utils {
 			throw new Saml2Exception("Unable to inflate string", e);
 		}
 	}
+
 }
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/metadata/OpenSamlMetadataResolver.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/metadata/OpenSamlMetadataResolver.java
index bc27e60ec9..c7b43e2637 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/metadata/OpenSamlMetadataResolver.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/metadata/OpenSamlMetadataResolver.java
@@ -47,14 +47,15 @@ import static org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport.getB
 import static org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport.getMarshallerFactory;
 
 /**
- * Resolves the SAML 2.0 Relying Party Metadata for a given {@link RelyingPartyRegistration}
- * using the OpenSAML API.
+ * Resolves the SAML 2.0 Relying Party Metadata for a given
+ * {@link RelyingPartyRegistration} using the OpenSAML API.
  *
  * @author Jakub Kubrynski
  * @author Josh Cummings
  * @since 5.4
  */
 public final class OpenSamlMetadataResolver implements Saml2MetadataResolver {
+
 	static {
 		OpenSamlInitializationService.initialize();
 	}
@@ -62,8 +63,8 @@ public final class OpenSamlMetadataResolver implements Saml2MetadataResolver {
 	private final EntityDescriptorMarshaller entityDescriptorMarshaller;
 
 	public OpenSamlMetadataResolver() {
-		this.entityDescriptorMarshaller = (EntityDescriptorMarshaller)
-				getMarshallerFactory().getMarshaller(EntityDescriptor.DEFAULT_ELEMENT_NAME);
+		this.entityDescriptorMarshaller = (EntityDescriptorMarshaller) getMarshallerFactory()
+				.getMarshaller(EntityDescriptor.DEFAULT_ELEMENT_NAME);
 		Assert.notNull(this.entityDescriptorMarshaller, "entityDescriptorMarshaller cannot be null");
 	}
 
@@ -85,10 +86,10 @@ public final class OpenSamlMetadataResolver implements Saml2MetadataResolver {
 		SPSSODescriptor spSsoDescriptor = build(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
 		spSsoDescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS);
 		spSsoDescriptor.setWantAssertionsSigned(true);
-		spSsoDescriptor.getKeyDescriptors().addAll(buildKeys(
-				registration.getSigningX509Credentials(), UsageType.SIGNING));
-		spSsoDescriptor.getKeyDescriptors().addAll(buildKeys(
-				registration.getDecryptionX509Credentials(), UsageType.ENCRYPTION));
+		spSsoDescriptor.getKeyDescriptors()
+				.addAll(buildKeys(registration.getSigningX509Credentials(), UsageType.SIGNING));
+		spSsoDescriptor.getKeyDescriptors()
+				.addAll(buildKeys(registration.getDecryptionX509Credentials(), UsageType.ENCRYPTION));
 		spSsoDescriptor.getAssertionConsumerServices().add(buildAssertionConsumerService(registration));
 		return spSsoDescriptor;
 	}
@@ -110,7 +111,8 @@ public final class OpenSamlMetadataResolver implements Saml2MetadataResolver {
 
 		try {
 			x509Certificate.setValue(new String(Base64.getEncoder().encode(certificate.getEncoded())));
-		} catch (CertificateEncodingException e) {
+		}
+		catch (CertificateEncodingException e) {
 			throw new Saml2Exception("Cannot encode certificate " + certificate.toString());
 		}
 
@@ -139,13 +141,14 @@ public final class OpenSamlMetadataResolver implements Saml2MetadataResolver {
 		return (T) builder.buildObject(elementName);
 	}
 
-
 	private String serialize(EntityDescriptor entityDescriptor) {
 		try {
 			Element element = this.entityDescriptorMarshaller.marshall(entityDescriptor);
 			return SerializeSupport.prettyPrintXML(element);
-		} catch (Exception e) {
+		}
+		catch (Exception e) {
 			throw new Saml2Exception(e);
 		}
 	}
+
 }
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/metadata/Saml2MetadataResolver.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/metadata/Saml2MetadataResolver.java
index adfafcf56c..999a124771 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/metadata/Saml2MetadataResolver.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/metadata/Saml2MetadataResolver.java
@@ -19,18 +19,20 @@ package org.springframework.security.saml2.provider.service.metadata;
 import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
 
 /**
- * Resolves the SAML 2.0 Relying Party Metadata for a given {@link RelyingPartyRegistration}
+ * Resolves the SAML 2.0 Relying Party Metadata for a given
+ * {@link RelyingPartyRegistration}
  *
  * @author Jakub Kubrynski
  * @author Josh Cummings
  * @since 5.4
  */
 public interface Saml2MetadataResolver {
+
 	/**
 	 * Resolve the given relying party's metadata
-	 *
 	 * @param relyingPartyRegistration the relying party
 	 * @return the relying party's metadata
 	 */
 	String resolve(RelyingPartyRegistration relyingPartyRegistration);
+
 }
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/InMemoryRelyingPartyRegistrationRepository.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/InMemoryRelyingPartyRegistrationRepository.java
index 4f28cea5e8..df53cfa514 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/InMemoryRelyingPartyRegistrationRepository.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/InMemoryRelyingPartyRegistrationRepository.java
@@ -46,14 +46,13 @@ public class InMemoryRelyingPartyRegistrationRepository
 	}
 
 	private static Map<String, RelyingPartyRegistration> createMappingToIdentityProvider(
-			Collection<RelyingPartyRegistration> rps
-	) {
+			Collection<RelyingPartyRegistration> rps) {
 		LinkedHashMap<String, RelyingPartyRegistration> result = new LinkedHashMap<>();
 		for (RelyingPartyRegistration rp : rps) {
 			notNull(rp, "relying party collection cannot contain null values");
 			String key = rp.getRegistrationId();
 			notNull(rp, "relying party identifier cannot be null");
-			Assert.isNull(result.get(key), () -> "relying party duplicate identifier '" + key+"' detected.");
+			Assert.isNull(result.get(key), () -> "relying party duplicate identifier '" + key + "' detected.");
 			result.put(key, rp);
 		}
 		return Collections.unmodifiableMap(result);
@@ -61,7 +60,7 @@ public class InMemoryRelyingPartyRegistrationRepository
 
 	@Override
 	public RelyingPartyRegistration findByRegistrationId(String id) {
-			return this.byRegistrationId.get(id);
+		return this.byRegistrationId.get(id);
 	}
 
 	@Override
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverter.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverter.java
index 77c3e0c988..c62e7bbb50 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverter.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverter.java
@@ -54,12 +54,13 @@ import static org.springframework.security.saml2.core.Saml2X509Credential.verifi
 import static org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.withRegistrationId;
 
 /**
- * An {@link HttpMessageConverter} that takes an {@code IDPSSODescriptor} in an HTTP response
- * and converts it into a {@link RelyingPartyRegistration.Builder}.
+ * An {@link HttpMessageConverter} that takes an {@code IDPSSODescriptor} in an HTTP
+ * response and converts it into a {@link RelyingPartyRegistration.Builder}.
  *
- * The primary use case for this is constructing a {@link RelyingPartyRegistration} for inclusion in a
- * {@link RelyingPartyRegistrationRepository}. To do so, you can include an instance of this converter in a
- * {@link org.springframework.web.client.RestOperations} like so:
+ * The primary use case for this is constructing a {@link RelyingPartyRegistration} for
+ * inclusion in a {@link RelyingPartyRegistrationRepository}. To do so, you can include an
+ * instance of this converter in a {@link org.springframework.web.client.RestOperations}
+ * like so:
  *
  * <pre>
  * 		RestOperations rest = new RestTemplate(Collections.singletonList(
@@ -69,11 +70,12 @@ import static org.springframework.security.saml2.provider.service.registration.R
  * 		RelyingPartyRegistration registration = builder.registrationId("registration-id").build();
  * </pre>
  *
- * Note that this will only configure the asserting party (IDP) half of the {@link RelyingPartyRegistration},
- * meaning where and how to send AuthnRequests, how to verify Assertions, etc.
+ * Note that this will only configure the asserting party (IDP) half of the
+ * {@link RelyingPartyRegistration}, meaning where and how to send AuthnRequests, how to
+ * verify Assertions, etc.
  *
- * To further configure the {@link RelyingPartyRegistration} with relying party (SP) information, you may
- * invoke the appropriate methods on the builder.
+ * To further configure the {@link RelyingPartyRegistration} with relying party (SP)
+ * information, you may invoke the appropriate methods on the builder.
  *
  * @author Josh Cummings
  * @since 5.4
@@ -86,6 +88,7 @@ public class OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverter
 	}
 
 	private final EntityDescriptorUnmarshaller unmarshaller;
+
 	private final ParserPool parserPool;
 
 	/**
@@ -126,8 +129,8 @@ public class OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverter
 	 * {@inheritDoc}
 	 */
 	@Override
-	public RelyingPartyRegistration.Builder read(Class<? extends RelyingPartyRegistration.Builder> clazz, HttpInputMessage inputMessage)
-			throws IOException, HttpMessageNotReadableException {
+	public RelyingPartyRegistration.Builder read(Class<? extends RelyingPartyRegistration.Builder> clazz,
+			HttpInputMessage inputMessage) throws IOException, HttpMessageNotReadableException {
 
 		EntityDescriptor descriptor = entityDescriptor(inputMessage.getBody());
 		IDPSSODescriptor idpssoDescriptor = descriptor.getIDPSSODescriptor(SAML20P_NS);
@@ -158,11 +161,11 @@ public class OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverter
 			}
 		}
 		if (verification.isEmpty()) {
-			throw new Saml2Exception("Metadata response is missing verification certificates, necessary for verifying SAML assertions");
+			throw new Saml2Exception(
+					"Metadata response is missing verification certificates, necessary for verifying SAML assertions");
 		}
 		RelyingPartyRegistration.Builder builder = withRegistrationId(descriptor.getEntityID())
-				.assertingPartyDetails(party -> party
-						.entityId(descriptor.getEntityID())
+				.assertingPartyDetails(party -> party.entityId(descriptor.getEntityID())
 						.wantAuthnRequestsSigned(TRUE.equals(idpssoDescriptor.getWantAuthnRequestsSigned()))
 						.verificationX509Credentials(c -> c.addAll(verification))
 						.encryptionX509Credentials(c -> c.addAll(encryption)));
@@ -170,23 +173,26 @@ public class OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverter
 			Saml2MessageBinding binding;
 			if (singleSignOnService.getBinding().equals(Saml2MessageBinding.POST.getUrn())) {
 				binding = Saml2MessageBinding.POST;
-			} else if (singleSignOnService.getBinding().equals(Saml2MessageBinding.REDIRECT.getUrn())) {
+			}
+			else if (singleSignOnService.getBinding().equals(Saml2MessageBinding.REDIRECT.getUrn())) {
 				binding = Saml2MessageBinding.REDIRECT;
-			} else {
+			}
+			else {
 				continue;
 			}
-			builder.assertingPartyDetails(party -> party
-					.singleSignOnServiceLocation(singleSignOnService.getLocation())
+			builder.assertingPartyDetails(party -> party.singleSignOnServiceLocation(singleSignOnService.getLocation())
 					.singleSignOnServiceBinding(binding));
 			return builder;
 		}
-		throw new Saml2Exception("Metadata response is missing a SingleSignOnService, necessary for sending AuthnRequests");
+		throw new Saml2Exception(
+				"Metadata response is missing a SingleSignOnService, necessary for sending AuthnRequests");
 	}
 
 	private List<X509Certificate> certificates(KeyDescriptor keyDescriptor) {
 		try {
 			return KeyInfoSupport.getCertificates(keyDescriptor.getKeyInfo());
-		} catch (CertificateException e) {
+		}
+		catch (CertificateException e) {
 			throw new Saml2Exception(e);
 		}
 	}
@@ -196,13 +202,16 @@ public class OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverter
 			Document document = this.parserPool.parse(inputStream);
 			Element element = document.getDocumentElement();
 			return (EntityDescriptor) this.unmarshaller.unmarshall(element);
-		} catch (Exception e) {
+		}
+		catch (Exception e) {
 			throw new Saml2Exception(e);
 		}
 	}
 
 	@Override
-	public void write(RelyingPartyRegistration.Builder builder, MediaType contentType, HttpOutputMessage outputMessage) throws HttpMessageNotWritableException {
+	public void write(RelyingPartyRegistration.Builder builder, MediaType contentType, HttpOutputMessage outputMessage)
+			throws HttpMessageNotWritableException {
 		throw new HttpMessageNotWritableException("This converter cannot write a RelyingPartyRegistration.Builder");
 	}
+
 }
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistration.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistration.java
index 9d6d0e2662..e275c51161 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistration.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistration.java
@@ -28,14 +28,18 @@ import java.util.function.Consumer;
 import java.util.function.Function;
 
 import org.springframework.security.saml2.core.Saml2X509Credential;
+import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails;
+import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.ProviderDetails;
 import org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationFilter;
 import org.springframework.util.Assert;
 
 /**
- * Represents a configured relying party (aka Service Provider) and asserting party (aka Identity Provider) pair.
+ * Represents a configured relying party (aka Service Provider) and asserting party (aka
+ * Identity Provider) pair.
  *
  * <p>
- * Each RP/AP pair is uniquely identified using a {@code registrationId}, an arbitrary string.
+ * Each RP/AP pair is uniquely identified using a {@code registrationId}, an arbitrary
+ * string.
  *
  * <p>
  * A fully configured registration may look like:
@@ -70,20 +74,23 @@ import org.springframework.util.Assert;
 public class RelyingPartyRegistration {
 
 	private final String registrationId;
+
 	private final String entityId;
+
 	private final String assertionConsumerServiceLocation;
+
 	private final Saml2MessageBinding assertionConsumerServiceBinding;
+
 	private final ProviderDetails providerDetails;
+
 	private final List<org.springframework.security.saml2.credentials.Saml2X509Credential> credentials;
+
 	private final Collection<Saml2X509Credential> decryptionX509Credentials;
+
 	private final Collection<Saml2X509Credential> signingX509Credentials;
 
-	private RelyingPartyRegistration(
-			String registrationId,
-			String entityId,
-			String assertionConsumerServiceLocation,
-			Saml2MessageBinding assertionConsumerServiceBinding,
-			ProviderDetails providerDetails,
+	private RelyingPartyRegistration(String registrationId, String entityId, String assertionConsumerServiceLocation,
+			Saml2MessageBinding assertionConsumerServiceBinding, ProviderDetails providerDetails,
 			Collection<org.springframework.security.saml2.credentials.Saml2X509Credential> credentials,
 			Collection<Saml2X509Credential> decryptionX509Credentials,
 			Collection<Saml2X509Credential> signingX509Credentials) {
@@ -106,8 +113,7 @@ public class RelyingPartyRegistration {
 		Assert.notNull(signingX509Credentials, "signingX509Credentials cannot be null");
 		for (Saml2X509Credential c : signingX509Credentials) {
 			Assert.notNull(c, "signingX509Credentials cannot contain null elements");
-			Assert.isTrue(c.isSigningCredential(),
-					"All signingX509Credentials must have a usage of SIGNING set");
+			Assert.isTrue(c.isSigningCredential(), "All signingX509Credentials must have a usage of SIGNING set");
 		}
 		this.registrationId = registrationId;
 		this.entityId = entityId;
@@ -121,7 +127,6 @@ public class RelyingPartyRegistration {
 
 	/**
 	 * Get the unique registration id for this RP/AP pair
-	 *
 	 * @return the unique registration id for this RP/AP pair
 	 */
 	public String getRegistrationId() {
@@ -129,18 +134,17 @@ public class RelyingPartyRegistration {
 	}
 
 	/**
-	 * Get the relying party's
-	 * <a href="https://wiki.shibboleth.net/confluence/display/CONCEPT/EntityNaming">EntityID</a>.
+	 * Get the relying party's <a href=
+	 * "https://wiki.shibboleth.net/confluence/display/CONCEPT/EntityNaming">EntityID</a>.
 	 *
 	 * <p>
-	 * Equivalent to the value found in the relying party's
-	 * &lt;EntityDescriptor EntityID="..."/&gt;
+	 * Equivalent to the value found in the relying party's &lt;EntityDescriptor
+	 * EntityID="..."/&gt;
 	 *
 	 * <p>
-	 * This value may contain a number of placeholders, which need to be
-	 * resolved before use. They are {@code baseUrl}, {@code registrationId},
-	 * {@code baseScheme}, {@code baseHost}, and {@code basePort}.
-	 *
+	 * This value may contain a number of placeholders, which need to be resolved before
+	 * use. They are {@code baseUrl}, {@code registrationId}, {@code baseScheme},
+	 * {@code baseHost}, and {@code basePort}.
 	 * @return the relying party's EntityID
 	 * @since 5.4
 	 */
@@ -149,14 +153,13 @@ public class RelyingPartyRegistration {
 	}
 
 	/**
-	 * Get the AssertionConsumerService Location.
-	 * Equivalent to the value found in &lt;AssertionConsumerService Location="..."/&gt;
-	 * in the relying party's &lt;SPSSODescriptor&gt;.
-	 *
-	 * This value may contain a number of placeholders, which need to be
-	 * resolved before use. They are {@code baseUrl}, {@code registrationId},
-	 * {@code baseScheme}, {@code baseHost}, and {@code basePort}.
+	 * Get the AssertionConsumerService Location. Equivalent to the value found in
+	 * &lt;AssertionConsumerService Location="..."/&gt; in the relying party's
+	 * &lt;SPSSODescriptor&gt;.
 	 *
+	 * This value may contain a number of placeholders, which need to be resolved before
+	 * use. They are {@code baseUrl}, {@code registrationId}, {@code baseScheme},
+	 * {@code baseHost}, and {@code basePort}.
 	 * @return the AssertionConsumerService Location
 	 * @since 5.4
 	 */
@@ -165,10 +168,9 @@ public class RelyingPartyRegistration {
 	}
 
 	/**
-	 * Get the AssertionConsumerService Binding.
-	 * Equivalent to the value found in &lt;AssertionConsumerService Binding="..."/&gt;
-	 * in the relying party's &lt;SPSSODescriptor&gt;.
-	 *
+	 * Get the AssertionConsumerService Binding. Equivalent to the value found in
+	 * &lt;AssertionConsumerService Binding="..."/&gt; in the relying party's
+	 * &lt;SPSSODescriptor&gt;.
 	 * @return the AssertionConsumerService Binding
 	 * @since 5.4
 	 */
@@ -177,9 +179,10 @@ public class RelyingPartyRegistration {
 	}
 
 	/**
-	 * Get the {@link Collection} of decryption {@link Saml2X509Credential}s associated with this relying party
-	 *
-	 * @return the {@link Collection} of decryption {@link Saml2X509Credential}s associated with this relying party
+	 * Get the {@link Collection} of decryption {@link Saml2X509Credential}s associated
+	 * with this relying party
+	 * @return the {@link Collection} of decryption {@link Saml2X509Credential}s
+	 * associated with this relying party
 	 * @since 5.4
 	 */
 	public Collection<Saml2X509Credential> getDecryptionX509Credentials() {
@@ -187,9 +190,10 @@ public class RelyingPartyRegistration {
 	}
 
 	/**
-	 * Get the {@link Collection} of signing {@link Saml2X509Credential}s associated with this relying party
-	 *
-	 * @return the {@link Collection} of signing {@link Saml2X509Credential}s associated with this relying party
+	 * Get the {@link Collection} of signing {@link Saml2X509Credential}s associated with
+	 * this relying party
+	 * @return the {@link Collection} of signing {@link Saml2X509Credential}s associated
+	 * with this relying party
 	 * @since 5.4
 	 */
 	public Collection<Saml2X509Credential> getSigningX509Credentials() {
@@ -198,7 +202,6 @@ public class RelyingPartyRegistration {
 
 	/**
 	 * Get the configuration details for the Asserting Party
-	 *
 	 * @return the {@link AssertingPartyDetails}
 	 * @since 5.4
 	 */
@@ -209,7 +212,8 @@ public class RelyingPartyRegistration {
 	/**
 	 * Returns the entity ID of the IDP, the asserting party.
 	 * @return entity ID of the asserting party
-	 * @deprecated use {@link AssertingPartyDetails#getEntityId} from {@link #getAssertingPartyDetails}
+	 * @deprecated use {@link AssertingPartyDetails#getEntityId} from
+	 * {@link #getAssertingPartyDetails}
 	 */
 	@Deprecated
 	public String getRemoteIdpEntityId() {
@@ -218,8 +222,8 @@ public class RelyingPartyRegistration {
 
 	/**
 	 * returns the URL template for which ACS URL authentication requests should contain
-	 * Possible variables are {@code baseUrl}, {@code registrationId},
-	 * {@code baseScheme}, {@code baseHost}, and {@code basePort}.
+	 * Possible variables are {@code baseUrl}, {@code registrationId}, {@code baseScheme},
+	 * {@code baseHost}, and {@code basePort}.
 	 * @return string containing the ACS URL template, with or without variables present
 	 * @deprecated Use {@link #getAssertionConsumerServiceLocation} instead
 	 */
@@ -229,10 +233,11 @@ public class RelyingPartyRegistration {
 	}
 
 	/**
-	 * Contains the URL for which to send the SAML 2 Authentication Request to initiate
-	 * a single sign on flow.
+	 * Contains the URL for which to send the SAML 2 Authentication Request to initiate a
+	 * single sign on flow.
 	 * @return a IDP URL that accepts REDIRECT or POST binding for authentication requests
-	 * @deprecated use {@link AssertingPartyDetails#getSingleSignOnServiceLocation} from {@link #getAssertingPartyDetails}
+	 * @deprecated use {@link AssertingPartyDetails#getSingleSignOnServiceLocation} from
+	 * {@link #getAssertingPartyDetails}
 	 */
 	@Deprecated
 	public String getIdpWebSsoUrl() {
@@ -252,8 +257,8 @@ public class RelyingPartyRegistration {
 
 	/**
 	 * The local relying party, or Service Provider, can generate it's entity ID based on
-	 * possible variables of {@code baseUrl}, {@code registrationId},
-	 * {@code baseScheme}, {@code baseHost}, and {@code basePort}, for example
+	 * possible variables of {@code baseUrl}, {@code registrationId}, {@code baseScheme},
+	 * {@code baseHost}, and {@code basePort}, for example
 	 * {@code {baseUrl}/saml2/service-provider-metadata/{registrationId}}
 	 * @return a string containing the entity ID or entity ID template
 	 * @deprecated Use {@link #getEntityId} instead
@@ -264,10 +269,11 @@ public class RelyingPartyRegistration {
 	}
 
 	/**
-	 * Returns a list of configured credentials to be used in message exchanges between relying party, SP, and
-	 * asserting party, IDP.
+	 * Returns a list of configured credentials to be used in message exchanges between
+	 * relying party, SP, and asserting party, IDP.
 	 * @return a list of credentials
-	 * @deprecated Instead of retrieving all credentials, use the appropriate method for obtaining the correct type
+	 * @deprecated Instead of retrieving all credentials, use the appropriate method for
+	 * obtaining the correct type
 	 */
 	@Deprecated
 	public List<org.springframework.security.saml2.credentials.Saml2X509Credential> getCredentials() {
@@ -278,11 +284,13 @@ public class RelyingPartyRegistration {
 	 * @return a filtered list containing only credentials of type
 	 * {@link org.springframework.security.saml2.credentials.Saml2X509Credential.Saml2X509CredentialType#VERIFICATION}.
 	 * Returns an empty list of credentials are not found
-	 * @deprecated Use {@link #getAssertingPartyDetails().getSigningX509Credentials()} instead
+	 * @deprecated Use {@link #getAssertingPartyDetails().getSigningX509Credentials()}
+	 * instead
 	 */
 	@Deprecated
 	public List<org.springframework.security.saml2.credentials.Saml2X509Credential> getVerificationCredentials() {
-		return filterCredentials(org.springframework.security.saml2.credentials.Saml2X509Credential::isSignatureVerficationCredential);
+		return filterCredentials(
+				org.springframework.security.saml2.credentials.Saml2X509Credential::isSignatureVerficationCredential);
 	}
 
 	/**
@@ -293,18 +301,21 @@ public class RelyingPartyRegistration {
 	 */
 	@Deprecated
 	public List<org.springframework.security.saml2.credentials.Saml2X509Credential> getSigningCredentials() {
-		return filterCredentials(org.springframework.security.saml2.credentials.Saml2X509Credential::isSigningCredential);
+		return filterCredentials(
+				org.springframework.security.saml2.credentials.Saml2X509Credential::isSigningCredential);
 	}
 
 	/**
 	 * @return a filtered list containing only credentials of type
 	 * {@link org.springframework.security.saml2.credentials.Saml2X509Credential.Saml2X509CredentialType#ENCRYPTION}.
 	 * Returns an empty list of credentials are not found
-	 * @deprecated Use {@link AssertingPartyDetails#getEncryptionX509Credentials()} instead
+	 * @deprecated Use {@link AssertingPartyDetails#getEncryptionX509Credentials()}
+	 * instead
 	 */
 	@Deprecated
 	public List<org.springframework.security.saml2.credentials.Saml2X509Credential> getEncryptionCredentials() {
-		return filterCredentials(org.springframework.security.saml2.credentials.Saml2X509Credential::isEncryptionCredential);
+		return filterCredentials(
+				org.springframework.security.saml2.credentials.Saml2X509Credential::isEncryptionCredential);
 	}
 
 	/**
@@ -315,7 +326,8 @@ public class RelyingPartyRegistration {
 	 */
 	@Deprecated
 	public List<org.springframework.security.saml2.credentials.Saml2X509Credential> getDecryptionCredentials() {
-		return filterCredentials(org.springframework.security.saml2.credentials.Saml2X509Credential::isDecryptionCredential);
+		return filterCredentials(
+				org.springframework.security.saml2.credentials.Saml2X509Credential::isDecryptionCredential);
 	}
 
 	private List<org.springframework.security.saml2.credentials.Saml2X509Credential> filterCredentials(
@@ -331,7 +343,8 @@ public class RelyingPartyRegistration {
 	}
 
 	/**
-	 * Creates a {@code RelyingPartyRegistration} {@link Builder} with a known {@code registrationId}
+	 * Creates a {@code RelyingPartyRegistration} {@link Builder} with a known
+	 * {@code registrationId}
 	 * @param registrationId a string identifier for the {@code RelyingPartyRegistration}
 	 * @return {@code Builder} to create a {@code RelyingPartyRegistration} object
 	 */
@@ -341,48 +354,53 @@ public class RelyingPartyRegistration {
 	}
 
 	/**
-	 * Creates a {@code RelyingPartyRegistration} {@link Builder} based on an existing object
+	 * Creates a {@code RelyingPartyRegistration} {@link Builder} based on an existing
+	 * object
 	 * @param registration the {@code RelyingPartyRegistration}
 	 * @return {@code Builder} to create a {@code RelyingPartyRegistration} object
 	 */
 	public static Builder withRelyingPartyRegistration(RelyingPartyRegistration registration) {
 		Assert.notNull(registration, "registration cannot be null");
-		return withRegistrationId(registration.getRegistrationId())
-				.entityId(registration.getEntityId())
+		return withRegistrationId(registration.getRegistrationId()).entityId(registration.getEntityId())
 				.signingX509Credentials(c -> c.addAll(registration.getSigningX509Credentials()))
 				.decryptionX509Credentials(c -> c.addAll(registration.getDecryptionX509Credentials()))
 				.assertionConsumerServiceLocation(registration.getAssertionConsumerServiceLocation())
 				.assertionConsumerServiceBinding(registration.getAssertionConsumerServiceBinding())
 				.assertingPartyDetails(assertingParty -> assertingParty
-					.entityId(registration.getAssertingPartyDetails().getEntityId())
-					.wantAuthnRequestsSigned(registration.getAssertingPartyDetails().getWantAuthnRequestsSigned())
-					.verificationX509Credentials(c -> c.addAll(registration.getAssertingPartyDetails().getVerificationX509Credentials()))
-					.encryptionX509Credentials(c -> c.addAll(registration.getAssertingPartyDetails().getEncryptionX509Credentials()))
-					.singleSignOnServiceLocation(registration.getAssertingPartyDetails().getSingleSignOnServiceLocation())
-					.singleSignOnServiceBinding(registration.getAssertingPartyDetails().getSingleSignOnServiceBinding())
-				);
+						.entityId(registration.getAssertingPartyDetails().getEntityId())
+						.wantAuthnRequestsSigned(registration.getAssertingPartyDetails().getWantAuthnRequestsSigned())
+						.verificationX509Credentials(
+								c -> c.addAll(registration.getAssertingPartyDetails().getVerificationX509Credentials()))
+						.encryptionX509Credentials(
+								c -> c.addAll(registration.getAssertingPartyDetails().getEncryptionX509Credentials()))
+						.singleSignOnServiceLocation(
+								registration.getAssertingPartyDetails().getSingleSignOnServiceLocation())
+						.singleSignOnServiceBinding(
+								registration.getAssertingPartyDetails().getSingleSignOnServiceBinding()));
 	}
 
-
 	/**
 	 * The configuration metadata of the Asserting party
 	 *
 	 * @since 5.4
 	 */
 	public final static class AssertingPartyDetails {
+
 		private final String entityId;
+
 		private final boolean wantAuthnRequestsSigned;
+
 		private final Collection<Saml2X509Credential> verificationX509Credentials;
+
 		private final Collection<Saml2X509Credential> encryptionX509Credentials;
+
 		private final String singleSignOnServiceLocation;
+
 		private final Saml2MessageBinding singleSignOnServiceBinding;
 
-		private AssertingPartyDetails(
-				String entityId,
-				boolean wantAuthnRequestsSigned,
+		private AssertingPartyDetails(String entityId, boolean wantAuthnRequestsSigned,
 				Collection<Saml2X509Credential> verificationX509Credentials,
-				Collection<Saml2X509Credential> encryptionX509Credentials,
-				String singleSignOnServiceLocation,
+				Collection<Saml2X509Credential> encryptionX509Credentials, String singleSignOnServiceLocation,
 				Saml2MessageBinding singleSignOnServiceBinding) {
 
 			Assert.hasText(entityId, "entityId cannot be null or empty");
@@ -409,18 +427,17 @@ public class RelyingPartyRegistration {
 		}
 
 		/**
-		 * Get the asserting party's
-		 * <a href="https://wiki.shibboleth.net/confluence/display/CONCEPT/EntityNaming">EntityID</a>.
+		 * Get the asserting party's <a href=
+		 * "https://wiki.shibboleth.net/confluence/display/CONCEPT/EntityNaming">EntityID</a>.
 		 *
 		 * <p>
-		 * Equivalent to the value found in the asserting party's
-		 * &lt;EntityDescriptor EntityID="..."/&gt;
+		 * Equivalent to the value found in the asserting party's &lt;EntityDescriptor
+		 * EntityID="..."/&gt;
 		 *
 		 * <p>
-		 * This value may contain a number of placeholders, which need to be
-		 * resolved before use. They are {@code baseUrl}, {@code registrationId},
+		 * This value may contain a number of placeholders, which need to be resolved
+		 * before use. They are {@code baseUrl}, {@code registrationId},
 		 * {@code baseScheme}, {@code baseHost}, and {@code basePort}.
-		 *
 		 * @return the asserting party's EntityID
 		 */
 		public String getEntityId() {
@@ -428,9 +445,8 @@ public class RelyingPartyRegistration {
 		}
 
 		/**
-		 * Get the WantAuthnRequestsSigned setting, indicating the asserting party's preference that
-		 * relying parties should sign the AuthnRequest before sending.
-		 *
+		 * Get the WantAuthnRequestsSigned setting, indicating the asserting party's
+		 * preference that relying parties should sign the AuthnRequest before sending.
 		 * @return the WantAuthnRequestsSigned value
 		 */
 		public boolean getWantAuthnRequestsSigned() {
@@ -438,9 +454,10 @@ public class RelyingPartyRegistration {
 		}
 
 		/**
-		 * Get all verification {@link Saml2X509Credential}s associated with this asserting party
-		 *
-		 * @return all verification {@link Saml2X509Credential}s associated with this asserting party
+		 * Get all verification {@link Saml2X509Credential}s associated with this
+		 * asserting party
+		 * @return all verification {@link Saml2X509Credential}s associated with this
+		 * asserting party
 		 * @since 5.4
 		 */
 		public Collection<Saml2X509Credential> getVerificationX509Credentials() {
@@ -448,9 +465,10 @@ public class RelyingPartyRegistration {
 		}
 
 		/**
-		 * Get all encryption {@link Saml2X509Credential}s associated with this asserting party
-		 *
-		 * @return all encryption {@link Saml2X509Credential}s associated with this asserting party
+		 * Get all encryption {@link Saml2X509Credential}s associated with this asserting
+		 * party
+		 * @return all encryption {@link Saml2X509Credential}s associated with this
+		 * asserting party
 		 * @since 5.4
 		 */
 		public Collection<Saml2X509Credential> getEncryptionX509Credentials() {
@@ -458,14 +476,13 @@ public class RelyingPartyRegistration {
 		}
 
 		/**
-		 * Get the
-		 * <a href="https://wiki.shibboleth.net/confluence/display/CONCEPT/MetadataForIdP#MetadataForIdP-SingleSign-OnServices">SingleSignOnService</a>
+		 * Get the <a href=
+		 * "https://wiki.shibboleth.net/confluence/display/CONCEPT/MetadataForIdP#MetadataForIdP-SingleSign-OnServices">SingleSignOnService</a>
 		 * Location.
 		 *
 		 * <p>
-		 * Equivalent to the value found in &lt;SingleSignOnService Location="..."/&gt;
-		 * in the asserting party's &lt;IDPSSODescriptor&gt;.
-		 *
+		 * Equivalent to the value found in &lt;SingleSignOnService Location="..."/&gt; in
+		 * the asserting party's &lt;IDPSSODescriptor&gt;.
 		 * @return the SingleSignOnService Location
 		 */
 		public String getSingleSignOnServiceLocation() {
@@ -473,14 +490,13 @@ public class RelyingPartyRegistration {
 		}
 
 		/**
-		 * Get the
-		 * <a href="https://wiki.shibboleth.net/confluence/display/CONCEPT/MetadataForIdP#MetadataForIdP-SingleSign-OnServices">SingleSignOnService</a>
+		 * Get the <a href=
+		 * "https://wiki.shibboleth.net/confluence/display/CONCEPT/MetadataForIdP#MetadataForIdP-SingleSign-OnServices">SingleSignOnService</a>
 		 * Binding.
 		 *
 		 * <p>
-		 * Equivalent to the value found in &lt;SingleSignOnService Binding="..."/&gt;
-		 * in the asserting party's &lt;IDPSSODescriptor&gt;.
-		 *
+		 * Equivalent to the value found in &lt;SingleSignOnService Binding="..."/&gt; in
+		 * the asserting party's &lt;IDPSSODescriptor&gt;.
 		 * @return the SingleSignOnService Location
 		 */
 		public Saml2MessageBinding getSingleSignOnServiceBinding() {
@@ -488,19 +504,24 @@ public class RelyingPartyRegistration {
 		}
 
 		public final static class Builder {
+
 			private String entityId;
+
 			private boolean wantAuthnRequestsSigned = true;
+
 			private Collection<Saml2X509Credential> verificationX509Credentials = new HashSet<>();
+
 			private Collection<Saml2X509Credential> encryptionX509Credentials = new HashSet<>();
+
 			private String singleSignOnServiceLocation;
+
 			private Saml2MessageBinding singleSignOnServiceBinding = Saml2MessageBinding.REDIRECT;
 
 			/**
-			 * Set the asserting party's
-			 * <a href="https://wiki.shibboleth.net/confluence/display/CONCEPT/EntityNaming">EntityID</a>.
-			 * Equivalent to the value found in the asserting party's
-			 * &lt;EntityDescriptor EntityID="..."/&gt;
-			 *
+			 * Set the asserting party's <a href=
+			 * "https://wiki.shibboleth.net/confluence/display/CONCEPT/EntityNaming">EntityID</a>.
+			 * Equivalent to the value found in the asserting party's &lt;EntityDescriptor
+			 * EntityID="..."/&gt;
 			 * @param entityId the asserting party's EntityID
 			 * @return the {@link ProviderDetails.Builder} for further configuration
 			 */
@@ -510,9 +531,9 @@ public class RelyingPartyRegistration {
 			}
 
 			/**
-			 * Set the WantAuthnRequestsSigned setting, indicating the asserting party's preference that
-			 * relying parties should sign the AuthnRequest before sending.
-			 *
+			 * Set the WantAuthnRequestsSigned setting, indicating the asserting party's
+			 * preference that relying parties should sign the AuthnRequest before
+			 * sending.
 			 * @param wantAuthnRequestsSigned the WantAuthnRequestsSigned setting
 			 * @return the {@link ProviderDetails.Builder} for further configuration
 			 */
@@ -523,9 +544,10 @@ public class RelyingPartyRegistration {
 
 			/**
 			 * Apply this {@link Consumer} to the list of {@link Saml2X509Credential}s
-			 *
-			 * @param credentialsConsumer a {@link Consumer} of the {@link List} of {@link Saml2X509Credential}s
-			 * @return the {@link RelyingPartyRegistration.Builder} for further configuration
+			 * @param credentialsConsumer a {@link Consumer} of the {@link List} of
+			 * {@link Saml2X509Credential}s
+			 * @return the {@link RelyingPartyRegistration.Builder} for further
+			 * configuration
 			 * @since 5.4
 			 */
 			public Builder verificationX509Credentials(Consumer<Collection<Saml2X509Credential>> credentialsConsumer) {
@@ -535,9 +557,10 @@ public class RelyingPartyRegistration {
 
 			/**
 			 * Apply this {@link Consumer} to the list of {@link Saml2X509Credential}s
-			 *
-			 * @param credentialsConsumer a {@link Consumer} of the {@link List} of {@link Saml2X509Credential}s
-			 * @return the {@link RelyingPartyRegistration.Builder} for further configuration
+			 * @param credentialsConsumer a {@link Consumer} of the {@link List} of
+			 * {@link Saml2X509Credential}s
+			 * @return the {@link RelyingPartyRegistration.Builder} for further
+			 * configuration
 			 * @since 5.4
 			 */
 			public Builder encryptionX509Credentials(Consumer<Collection<Saml2X509Credential>> credentialsConsumer) {
@@ -546,14 +569,13 @@ public class RelyingPartyRegistration {
 			}
 
 			/**
-			 * Set the
-			 * <a href="https://wiki.shibboleth.net/confluence/display/CONCEPT/MetadataForIdP#MetadataForIdP-SingleSign-OnServices">SingleSignOnService</a>
+			 * Set the <a href=
+			 * "https://wiki.shibboleth.net/confluence/display/CONCEPT/MetadataForIdP#MetadataForIdP-SingleSign-OnServices">SingleSignOnService</a>
 			 * Location.
 			 *
 			 * <p>
-			 * Equivalent to the value found in &lt;SingleSignOnService Location="..."/&gt;
-			 * in the asserting party's &lt;IDPSSODescriptor&gt;.
-			 *
+			 * Equivalent to the value found in &lt;SingleSignOnService
+			 * Location="..."/&gt; in the asserting party's &lt;IDPSSODescriptor&gt;.
 			 * @param singleSignOnServiceLocation the SingleSignOnService Location
 			 * @return the {@link ProviderDetails.Builder} for further configuration
 			 */
@@ -563,14 +585,13 @@ public class RelyingPartyRegistration {
 			}
 
 			/**
-			 * Set the
-			 * <a href="https://wiki.shibboleth.net/confluence/display/CONCEPT/MetadataForIdP#MetadataForIdP-SingleSign-OnServices">SingleSignOnService</a>
+			 * Set the <a href=
+			 * "https://wiki.shibboleth.net/confluence/display/CONCEPT/MetadataForIdP#MetadataForIdP-SingleSign-OnServices">SingleSignOnService</a>
 			 * Binding.
 			 *
 			 * <p>
 			 * Equivalent to the value found in &lt;SingleSignOnService Binding="..."/&gt;
 			 * in the asserting party's &lt;IDPSSODescriptor&gt;.
-			 *
 			 * @param singleSignOnServiceBinding the SingleSignOnService Binding
 			 * @return the {@link ProviderDetails.Builder} for further configuration
 			 */
@@ -580,29 +601,29 @@ public class RelyingPartyRegistration {
 			}
 
 			/**
-			 * Creates an immutable ProviderDetails object representing the configuration for an Identity Provider, IDP
+			 * Creates an immutable ProviderDetails object representing the configuration
+			 * for an Identity Provider, IDP
 			 * @return immutable ProviderDetails object
 			 */
 			public AssertingPartyDetails build() {
-				return new AssertingPartyDetails(
-						this.entityId,
-						this.wantAuthnRequestsSigned,
-						this.verificationX509Credentials,
-						this.encryptionX509Credentials,
-						this.singleSignOnServiceLocation,
-						this.singleSignOnServiceBinding
-				);
+				return new AssertingPartyDetails(this.entityId, this.wantAuthnRequestsSigned,
+						this.verificationX509Credentials, this.encryptionX509Credentials,
+						this.singleSignOnServiceLocation, this.singleSignOnServiceBinding);
 			}
+
 		}
+
 	}
 
 	/**
 	 * Configuration for IDP SSO endpoint configuration
+	 *
 	 * @since 5.3
 	 * @deprecated Use {@link AssertingPartyDetails} instead
 	 */
 	@Deprecated
 	public final static class ProviderDetails {
+
 		private final AssertingPartyDetails assertingPartyDetails;
 
 		private ProviderDetails(AssertingPartyDetails assertingPartyDetails) {
@@ -619,17 +640,18 @@ public class RelyingPartyRegistration {
 		}
 
 		/**
-		 * Contains the URL for which to send the SAML 2 Authentication Request to initiate
-		 * a single sign on flow.
-		 * @return a IDP URL that accepts REDIRECT or POST binding for authentication requests
+		 * Contains the URL for which to send the SAML 2 Authentication Request to
+		 * initiate a single sign on flow.
+		 * @return a IDP URL that accepts REDIRECT or POST binding for authentication
+		 * requests
 		 */
 		public String getWebSsoUrl() {
 			return this.assertingPartyDetails.getSingleSignOnServiceLocation();
 		}
 
 		/**
-		 * @return {@code true} if AuthNRequests from this relying party to the IDP should be signed
-		 * {@code false} if no signature is required.
+		 * @return {@code true} if AuthNRequests from this relying party to the IDP should
+		 * be signed {@code false} if no signature is required.
 		 */
 		public boolean isSignAuthNRequest() {
 			return this.assertingPartyDetails.getWantAuthnRequestsSigned();
@@ -644,20 +666,20 @@ public class RelyingPartyRegistration {
 
 		/**
 		 * Builder for IDP SSO endpoint configuration
+		 *
 		 * @since 5.3
 		 * @deprecated Use {@link AssertingPartyDetails.Builder} instead
 		 */
 		@Deprecated
 		public final static class Builder {
-			private final AssertingPartyDetails.Builder assertingPartyDetailsBuilder =
-					new AssertingPartyDetails.Builder();
+
+			private final AssertingPartyDetails.Builder assertingPartyDetailsBuilder = new AssertingPartyDetails.Builder();
 
 			/**
-			 * Set the asserting party's
-			 * <a href="https://wiki.shibboleth.net/confluence/display/CONCEPT/EntityNaming">EntityID</a>.
-			 * Equivalent to the value found in the asserting party's
-			 * &lt;EntityDescriptor EntityID="..."/&gt;
-			 *
+			 * Set the asserting party's <a href=
+			 * "https://wiki.shibboleth.net/confluence/display/CONCEPT/EntityNaming">EntityID</a>.
+			 * Equivalent to the value found in the asserting party's &lt;EntityDescriptor
+			 * EntityID="..."/&gt;
 			 * @param entityId the asserting party's EntityID
 			 * @return the {@link Builder} for further configuration
 			 * @since 5.4
@@ -668,9 +690,10 @@ public class RelyingPartyRegistration {
 			}
 
 			/**
-			 * Sets the {@code SSO URL} for the remote asserting party, the Identity Provider.
-			 *
-			 * @param url - a URL that accepts authentication requests via REDIRECT or POST bindings
+			 * Sets the {@code SSO URL} for the remote asserting party, the Identity
+			 * Provider.
+			 * @param url - a URL that accepts authentication requests via REDIRECT or
+			 * POST bindings
 			 * @return this object
 			 */
 			public Builder webSsoUrl(String url) {
@@ -680,7 +703,6 @@ public class RelyingPartyRegistration {
 
 			/**
 			 * Set to true if the AuthNRequest message should be signed
-			 *
 			 * @param signAuthNRequest true if the message should be signed
 			 * @return this object
 			 */
@@ -689,11 +711,10 @@ public class RelyingPartyRegistration {
 				return this;
 			}
 
-
 			/**
 			 * Sets the message binding to be used when sending an AuthNRequest message
-			 *
-			 * @param binding either {@link Saml2MessageBinding#POST} or {@link Saml2MessageBinding#REDIRECT}
+			 * @param binding either {@link Saml2MessageBinding#POST} or
+			 * {@link Saml2MessageBinding#REDIRECT}
 			 * @return this object
 			 */
 			public Builder binding(Saml2MessageBinding binding) {
@@ -702,30 +723,41 @@ public class RelyingPartyRegistration {
 			}
 
 			/**
-			 * Creates an immutable ProviderDetails object representing the configuration for an Identity Provider, IDP
+			 * Creates an immutable ProviderDetails object representing the configuration
+			 * for an Identity Provider, IDP
 			 * @return immutable ProviderDetails object
 			 */
 			public ProviderDetails build() {
 				return new ProviderDetails(this.assertingPartyDetailsBuilder.build());
 			}
+
 		}
+
 	}
 
 	public final static class Builder {
+
 		private String registrationId;
+
 		private String entityId = "{baseUrl}/saml2/service-provider-metadata/{registrationId}";
+
 		private Collection<Saml2X509Credential> signingX509Credentials = new HashSet<>();
+
 		private Collection<Saml2X509Credential> decryptionX509Credentials = new HashSet<>();
-		private String assertionConsumerServiceLocation = "{baseUrl}" + Saml2WebSsoAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI;
+
+		private String assertionConsumerServiceLocation = "{baseUrl}"
+				+ Saml2WebSsoAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI;
+
 		private Saml2MessageBinding assertionConsumerServiceBinding = Saml2MessageBinding.POST;
+
 		private ProviderDetails.Builder providerDetails = new ProviderDetails.Builder();
+
 		private Collection<org.springframework.security.saml2.credentials.Saml2X509Credential> credentials = new HashSet<>();
 
 		private Builder(String registrationId) {
 			this.registrationId = registrationId;
 		}
 
-
 		/**
 		 * Sets the {@code registrationId} template. Often be used in URL paths
 		 * @param id registrationId for this object, should be unique
@@ -737,15 +769,14 @@ public class RelyingPartyRegistration {
 		}
 
 		/**
-		 * Set the relying party's
-		 * <a href="https://wiki.shibboleth.net/confluence/display/CONCEPT/EntityNaming">EntityID</a>.
-		 * Equivalent to the value found in the relying party's
-		 * &lt;EntityDescriptor EntityID="..."/&gt;
-		 *
-		 * This value may contain a number of placeholders.
-		 * They are {@code baseUrl}, {@code registrationId},
-		 * {@code baseScheme}, {@code baseHost}, and {@code basePort}.
+		 * Set the relying party's <a href=
+		 * "https://wiki.shibboleth.net/confluence/display/CONCEPT/EntityNaming">EntityID</a>.
+		 * Equivalent to the value found in the relying party's &lt;EntityDescriptor
+		 * EntityID="..."/&gt;
 		 *
+		 * This value may contain a number of placeholders. They are {@code baseUrl},
+		 * {@code registrationId}, {@code baseScheme}, {@code baseHost}, and
+		 * {@code basePort}.
 		 * @return the {@link Builder} for further configuration
 		 * @since 5.4
 		 */
@@ -755,10 +786,11 @@ public class RelyingPartyRegistration {
 		}
 
 		/**
-		 * Apply this {@link Consumer} to the {@link Collection} of {@link Saml2X509Credential}s
-		 * for the purposes of modifying the {@link Collection}
-		 *
-		 * @param credentialsConsumer - the {@link Consumer} for modifying the {@link Collection}
+		 * Apply this {@link Consumer} to the {@link Collection} of
+		 * {@link Saml2X509Credential}s for the purposes of modifying the
+		 * {@link Collection}
+		 * @param credentialsConsumer - the {@link Consumer} for modifying the
+		 * {@link Collection}
 		 * @return the {@link Builder} for further configuration
 		 * @since 5.4
 		 */
@@ -768,10 +800,11 @@ public class RelyingPartyRegistration {
 		}
 
 		/**
-		 * Apply this {@link Consumer} to the {@link Collection} of {@link Saml2X509Credential}s
-		 * for the purposes of modifying the {@link Collection}
-		 *
-		 * @param credentialsConsumer - the {@link Consumer} for modifying the {@link Collection}
+		 * Apply this {@link Consumer} to the {@link Collection} of
+		 * {@link Saml2X509Credential}s for the purposes of modifying the
+		 * {@link Collection}
+		 * @param credentialsConsumer - the {@link Consumer} for modifying the
+		 * {@link Collection}
 		 * @return the {@link Builder} for further configuration
 		 * @since 5.4
 		 */
@@ -781,18 +814,18 @@ public class RelyingPartyRegistration {
 		}
 
 		/**
-		 * Set the <a href="https://wiki.shibboleth.net/confluence/display/CONCEPT/AssertionConsumerService">AssertionConsumerService</a>
+		 * Set the <a href=
+		 * "https://wiki.shibboleth.net/confluence/display/CONCEPT/AssertionConsumerService">AssertionConsumerService</a>
 		 * Location.
 		 *
 		 * <p>
-		 * Equivalent to the value found in &lt;AssertionConsumerService Location="..."/&gt;
-		 * in the relying party's &lt;SPSSODescriptor&gt;
+		 * Equivalent to the value found in &lt;AssertionConsumerService
+		 * Location="..."/&gt; in the relying party's &lt;SPSSODescriptor&gt;
 		 *
 		 * <p>
-		 * This value may contain a number of placeholders.
-		 * They are {@code baseUrl}, {@code registrationId},
-		 * {@code baseScheme}, {@code baseHost}, and {@code basePort}.
-		 *
+		 * This value may contain a number of placeholders. They are {@code baseUrl},
+		 * {@code registrationId}, {@code baseScheme}, {@code baseHost}, and
+		 * {@code basePort}.
 		 * @param assertionConsumerServiceLocation
 		 * @return the {@link Builder} for further configuration
 		 * @since 5.4
@@ -803,13 +836,13 @@ public class RelyingPartyRegistration {
 		}
 
 		/**
-		 * Set the <a href="https://wiki.shibboleth.net/confluence/display/CONCEPT/AssertionConsumerService">AssertionConsumerService</a>
+		 * Set the <a href=
+		 * "https://wiki.shibboleth.net/confluence/display/CONCEPT/AssertionConsumerService">AssertionConsumerService</a>
 		 * Binding.
 		 *
 		 * <p>
-		 * Equivalent to the value found in &lt;AssertionConsumerService Binding="..."/&gt;
-		 * in the relying party's &lt;SPSSODescriptor&gt;
-		 *
+		 * Equivalent to the value found in &lt;AssertionConsumerService
+		 * Binding="..."/&gt; in the relying party's &lt;SPSSODescriptor&gt;
 		 * @param assertionConsumerServiceBinding
 		 * @return the {@link Builder} for further configuration
 		 * @since 5.4
@@ -821,7 +854,6 @@ public class RelyingPartyRegistration {
 
 		/**
 		 * Apply this {@link Consumer} to further configure the Asserting Party details
-		 *
 		 * @param assertingPartyDetails The {@link Consumer} to apply
 		 * @return the {@link Builder} for further configuration
 		 * @since 5.4
@@ -832,10 +864,8 @@ public class RelyingPartyRegistration {
 		}
 
 		/**
-		 * Modifies the collection of {@link Saml2X509Credential} objects
-		 * used in communication between IDP and SP
-		 * For example:
-		 * <code>
+		 * Modifies the collection of {@link Saml2X509Credential} objects used in
+		 * communication between IDP and SP For example: <code>
 		 *     Saml2X509Credential credential = ...;
 		 *     return RelyingPartyRegistration.withRegistrationId("id")
 		 *             .credentials(c -> c.add(credential))
@@ -844,22 +874,27 @@ public class RelyingPartyRegistration {
 		 * </code>
 		 * @param credentials - a consumer that can modify the collection of credentials
 		 * @return this object
-		 * @deprecated Use {@link #signingX509Credentials} or {@link #decryptionX509Credentials} instead
-		 * for relying party keys or {@link AssertingPartyDetails.Builder#verificationX509Credentials} or
-		 * {@link AssertingPartyDetails.Builder#encryptionX509Credentials} for asserting party keys
+		 * @deprecated Use {@link #signingX509Credentials} or
+		 * {@link #decryptionX509Credentials} instead for relying party keys or
+		 * {@link AssertingPartyDetails.Builder#verificationX509Credentials} or
+		 * {@link AssertingPartyDetails.Builder#encryptionX509Credentials} for asserting
+		 * party keys
 		 */
 		@Deprecated
-		public Builder credentials(Consumer<Collection<org.springframework.security.saml2.credentials.Saml2X509Credential>> credentials) {
+		public Builder credentials(
+				Consumer<Collection<org.springframework.security.saml2.credentials.Saml2X509Credential>> credentials) {
 			credentials.accept(this.credentials);
 			return this;
 		}
 
 		/**
-		 * <a href="https://wiki.shibboleth.net/confluence/display/CONCEPT/AssertionConsumerService">Assertion Consumer
-		 * Service</a> URL template. It can contain variables {@code baseUrl}, {@code registrationId},
-		 * {@code baseScheme}, {@code baseHost}, and {@code basePort}.
-		 * @param assertionConsumerServiceUrlTemplate the Assertion Consumer Service URL template (i.e.
-		 * "{baseUrl}/login/saml2/sso/{registrationId}".
+		 * <a href=
+		 * "https://wiki.shibboleth.net/confluence/display/CONCEPT/AssertionConsumerService">Assertion
+		 * Consumer Service</a> URL template. It can contain variables {@code baseUrl},
+		 * {@code registrationId}, {@code baseScheme}, {@code baseHost}, and
+		 * {@code basePort}.
+		 * @param assertionConsumerServiceUrlTemplate the Assertion Consumer Service URL
+		 * template (i.e. "{baseUrl}/login/saml2/sso/{registrationId}".
 		 * @return this object
 		 * @deprecated Use {@link #assertionConsumerServiceLocation} instead.
 		 */
@@ -870,10 +905,12 @@ public class RelyingPartyRegistration {
 		}
 
 		/**
-		 * Sets the {@code entityId} for the remote asserting party, the Identity Provider.
+		 * Sets the {@code entityId} for the remote asserting party, the Identity
+		 * Provider.
 		 * @param entityId the IDP entityId
 		 * @return this object
-		 * @deprecated use {@link #assertingPartyDetails(Consumer< AssertingPartyDetails.Builder >)}
+		 * @deprecated use {@link #assertingPartyDetails(Consumer<
+		 * AssertingPartyDetails.Builder >)}
 		 */
 		@Deprecated
 		public Builder remoteIdpEntityId(String entityId) {
@@ -883,9 +920,11 @@ public class RelyingPartyRegistration {
 
 		/**
 		 * Sets the {@code SSO URL} for the remote asserting party, the Identity Provider.
-		 * @param url - a URL that accepts authentication requests via REDIRECT or POST bindings
+		 * @param url - a URL that accepts authentication requests via REDIRECT or POST
+		 * bindings
 		 * @return this object
-		 * @deprecated use {@link #assertingPartyDetails(Consumer< AssertingPartyDetails.Builder >)}
+		 * @deprecated use {@link #assertingPartyDetails(Consumer<
+		 * AssertingPartyDetails.Builder >)}
 		 */
 		@Deprecated
 		public Builder idpWebSsoUrl(String url) {
@@ -894,9 +933,10 @@ public class RelyingPartyRegistration {
 		}
 
 		/**
-		 * Sets the local relying party, or Service Provider, entity Id template.
-		 * can generate it's entity ID based on possible variables of {@code baseUrl}, {@code registrationId},
-		 * {@code baseScheme}, {@code baseHost}, and {@code basePort}, for example
+		 * Sets the local relying party, or Service Provider, entity Id template. can
+		 * generate it's entity ID based on possible variables of {@code baseUrl},
+		 * {@code registrationId}, {@code baseScheme}, {@code baseHost}, and
+		 * {@code basePort}, for example
 		 * {@code {baseUrl}/saml2/service-provider-metadata/{registrationId}}
 		 * @return a string containing the entity ID or entity ID template
 		 * @deprecated Use {@link #entityId} instead
@@ -920,7 +960,8 @@ public class RelyingPartyRegistration {
 		}
 
 		/**
-		 * Constructs a RelyingPartyRegistration object based on the builder configurations
+		 * Constructs a RelyingPartyRegistration object based on the builder
+		 * configurations
 		 * @return a RelyingPartyRegistration instance
 		 */
 		public RelyingPartyRegistration build() {
@@ -933,12 +974,10 @@ public class RelyingPartyRegistration {
 					decryptionX509Credentials(c -> c.add(mapped));
 				}
 				if (credential.isSignatureVerficationCredential()) {
-					this.providerDetails.assertingPartyDetailsBuilder
-							.verificationX509Credentials(c -> c.add(mapped));
+					this.providerDetails.assertingPartyDetailsBuilder.verificationX509Credentials(c -> c.add(mapped));
 				}
 				if (credential.isEncryptionCredential()) {
-					this.providerDetails.assertingPartyDetailsBuilder
-							.encryptionX509Credentials(c -> c.add(mapped));
+					this.providerDetails.assertingPartyDetailsBuilder.encryptionX509Credentials(c -> c.add(mapped));
 				}
 			}
 
@@ -955,20 +994,16 @@ public class RelyingPartyRegistration {
 				this.credentials.add(toDeprecated(credential));
 			}
 
-			return new RelyingPartyRegistration(
-					this.registrationId,
-					this.entityId,
-					this.assertionConsumerServiceLocation,
-					this.assertionConsumerServiceBinding,
-					this.providerDetails.build(),
-					this.credentials,
-					this.decryptionX509Credentials,
-					this.signingX509Credentials
-			);
+			return new RelyingPartyRegistration(this.registrationId, this.entityId,
+					this.assertionConsumerServiceLocation, this.assertionConsumerServiceBinding,
+					this.providerDetails.build(), this.credentials, this.decryptionX509Credentials,
+					this.signingX509Credentials);
 		}
+
 	}
 
-	private static Saml2X509Credential fromDeprecated(org.springframework.security.saml2.credentials.Saml2X509Credential credential) {
+	private static Saml2X509Credential fromDeprecated(
+			org.springframework.security.saml2.credentials.Saml2X509Credential credential) {
 		PrivateKey privateKey = credential.getPrivateKey();
 		X509Certificate certificate = credential.getCertificate();
 		Set<Saml2X509Credential.Saml2X509CredentialType> credentialTypes = new HashSet<>();
@@ -987,22 +1022,29 @@ public class RelyingPartyRegistration {
 		return new Saml2X509Credential(privateKey, certificate, credentialTypes);
 	}
 
-	private static org.springframework.security.saml2.credentials.Saml2X509Credential toDeprecated(Saml2X509Credential credential) {
+	private static org.springframework.security.saml2.credentials.Saml2X509Credential toDeprecated(
+			Saml2X509Credential credential) {
 		PrivateKey privateKey = credential.getPrivateKey();
 		X509Certificate certificate = credential.getCertificate();
 		Set<org.springframework.security.saml2.credentials.Saml2X509Credential.Saml2X509CredentialType> credentialTypes = new HashSet<>();
 		if (credential.isSigningCredential()) {
-			credentialTypes.add(org.springframework.security.saml2.credentials.Saml2X509Credential.Saml2X509CredentialType.SIGNING);
+			credentialTypes.add(
+					org.springframework.security.saml2.credentials.Saml2X509Credential.Saml2X509CredentialType.SIGNING);
 		}
 		if (credential.isVerificationCredential()) {
-			credentialTypes.add(org.springframework.security.saml2.credentials.Saml2X509Credential.Saml2X509CredentialType.VERIFICATION);
+			credentialTypes.add(
+					org.springframework.security.saml2.credentials.Saml2X509Credential.Saml2X509CredentialType.VERIFICATION);
 		}
 		if (credential.isEncryptionCredential()) {
-			credentialTypes.add(org.springframework.security.saml2.credentials.Saml2X509Credential.Saml2X509CredentialType.ENCRYPTION);
+			credentialTypes.add(
+					org.springframework.security.saml2.credentials.Saml2X509Credential.Saml2X509CredentialType.ENCRYPTION);
 		}
 		if (credential.isDecryptionCredential()) {
-			credentialTypes.add(org.springframework.security.saml2.credentials.Saml2X509Credential.Saml2X509CredentialType.DECRYPTION);
+			credentialTypes.add(
+					org.springframework.security.saml2.credentials.Saml2X509Credential.Saml2X509CredentialType.DECRYPTION);
 		}
-		return new org.springframework.security.saml2.credentials.Saml2X509Credential(privateKey, certificate, credentialTypes);
+		return new org.springframework.security.saml2.credentials.Saml2X509Credential(privateKey, certificate,
+				credentialTypes);
 	}
+
 }
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistrationRepository.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistrationRepository.java
index 7f2d6943f5..48e6419ff5 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistrationRepository.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistrationRepository.java
@@ -25,9 +25,8 @@ package org.springframework.security.saml2.provider.service.registration;
 public interface RelyingPartyRegistrationRepository {
 
 	/**
-	 * Returns the relying party registration identified by the provided {@code registrationId},
-	 * or {@code null} if not found.
-	 *
+	 * Returns the relying party registration identified by the provided
+	 * {@code registrationId}, or {@code null} if not found.
 	 * @param registrationId the registration identifier
 	 * @return the {@link RelyingPartyRegistration} if found, otherwise {@code null}
 	 */
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistrations.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistrations.java
index 29b9363afb..4c0a33710d 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistrations.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistrations.java
@@ -30,12 +30,13 @@ import org.springframework.web.client.RestTemplate;
  * @since 5.4
  */
 public final class RelyingPartyRegistrations {
-	private static final RestOperations rest = new RestTemplate
-			(Arrays.asList(new OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverter()));
+
+	private static final RestOperations rest = new RestTemplate(
+			Arrays.asList(new OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverter()));
 
 	/**
-	 * Return a {@link RelyingPartyRegistration.Builder} based off of the given
-	 * SAML 2.0 Asserting Party (IDP) metadata.
+	 * Return a {@link RelyingPartyRegistration.Builder} based off of the given SAML 2.0
+	 * Asserting Party (IDP) metadata.
 	 *
 	 * Note that by default the registrationId is set to be the given metadata location,
 	 * but this will most often not be sufficient. To complete the configuration, most
@@ -48,21 +49,23 @@ public final class RelyingPartyRegistrations {
 	 * 		.build();
 	 * </pre>
 	 *
-	 * Also note that an {@code IDPSSODescriptor} typically only contains information about
-	 * the asserting party. Thus, you will need to remember to still populate anything about the
-	 * relying party, like any private keys the relying party will use for signing AuthnRequests.
-	 *
+	 * Also note that an {@code IDPSSODescriptor} typically only contains information
+	 * about the asserting party. Thus, you will need to remember to still populate
+	 * anything about the relying party, like any private keys the relying party will use
+	 * for signing AuthnRequests.
 	 * @param metadataLocation
 	 * @return the {@link RelyingPartyRegistration.Builder} for further configuration
 	 */
 	public static RelyingPartyRegistration.Builder fromMetadataLocation(String metadataLocation) {
 		try {
 			return rest.getForObject(metadataLocation, RelyingPartyRegistration.Builder.class);
-		} catch (RestClientException e) {
+		}
+		catch (RestClientException e) {
 			if (e.getCause() instanceof Saml2Exception) {
 				throw (Saml2Exception) e.getCause();
 			}
 			throw new Saml2Exception(e);
 		}
 	}
+
 }
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/Saml2MessageBinding.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/Saml2MessageBinding.java
index 154dcc88f4..f8d43315d0 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/Saml2MessageBinding.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/Saml2MessageBinding.java
@@ -17,17 +17,17 @@
 package org.springframework.security.saml2.provider.service.registration;
 
 /**
- * The type of bindings that messages are exchanged using
- * Supported bindings are {@code urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST}
- * and {@code urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect}.
- * In addition there is support for {@code urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect}
- * with an XML signature in the message rather than query parameters.
+ * The type of bindings that messages are exchanged using Supported bindings are
+ * {@code urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST} and
+ * {@code urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect}. In addition there is
+ * support for {@code urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect} with an XML
+ * signature in the message rather than query parameters.
  * @since 5.3
  */
 public enum Saml2MessageBinding {
 
-	POST("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"),
-	REDIRECT("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect");
+	POST("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"), REDIRECT(
+			"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect");
 
 	private final String urn;
 
@@ -42,4 +42,5 @@ public enum Saml2MessageBinding {
 	public String getUrn() {
 		return urn;
 	}
+
 }
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationFilter.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationFilter.java
index c073ff0092..afea906f24 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationFilter.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationFilter.java
@@ -40,12 +40,14 @@ import static org.springframework.util.StringUtils.hasText;
 public class Saml2WebSsoAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
 
 	public static final String DEFAULT_FILTER_PROCESSES_URI = "/login/saml2/sso/{registrationId}";
+
 	private final AuthenticationConverter authenticationConverter;
 
 	/**
-	 * Creates a {@code Saml2WebSsoAuthenticationFilter} authentication filter that is configured
-	 * to use the {@link #DEFAULT_FILTER_PROCESSES_URI} processing URL
-	 * @param relyingPartyRegistrationRepository - repository of configured SAML 2 entities. Required.
+	 * Creates a {@code Saml2WebSsoAuthenticationFilter} authentication filter that is
+	 * configured to use the {@link #DEFAULT_FILTER_PROCESSES_URI} processing URL
+	 * @param relyingPartyRegistrationRepository - repository of configured SAML 2
+	 * entities. Required.
 	 */
 	public Saml2WebSsoAuthenticationFilter(RelyingPartyRegistrationRepository relyingPartyRegistrationRepository) {
 		this(relyingPartyRegistrationRepository, DEFAULT_FILTER_PROCESSES_URI);
@@ -53,35 +55,32 @@ public class Saml2WebSsoAuthenticationFilter extends AbstractAuthenticationProce
 
 	/**
 	 * Creates a {@code Saml2WebSsoAuthenticationFilter} authentication filter
-	 * @param relyingPartyRegistrationRepository - repository of configured SAML 2 entities. Required.
-	 * @param filterProcessesUrl the processing URL, must contain a {registrationId} variable. Required.
+	 * @param relyingPartyRegistrationRepository - repository of configured SAML 2
+	 * entities. Required.
+	 * @param filterProcessesUrl the processing URL, must contain a {registrationId}
+	 * variable. Required.
 	 */
-	public Saml2WebSsoAuthenticationFilter(
-			RelyingPartyRegistrationRepository relyingPartyRegistrationRepository,
+	public Saml2WebSsoAuthenticationFilter(RelyingPartyRegistrationRepository relyingPartyRegistrationRepository,
 			String filterProcessesUrl) {
-		this(new Saml2AuthenticationTokenConverter
-				(new DefaultRelyingPartyRegistrationResolver(relyingPartyRegistrationRepository)),
-				filterProcessesUrl);
+		this(new Saml2AuthenticationTokenConverter(
+				new DefaultRelyingPartyRegistrationResolver(relyingPartyRegistrationRepository)), filterProcessesUrl);
 	}
 
 	/**
 	 * Creates a {@link Saml2WebSsoAuthenticationFilter} given the provided parameters
-	 *
-	 * @param authenticationConverter the strategy for converting an {@link HttpServletRequest}
-	 * into an {@link Authentication}
-	 * @param filterProcessingUrl the processing URL, must contain a {registrationId} variable
+	 * @param authenticationConverter the strategy for converting an
+	 * {@link HttpServletRequest} into an {@link Authentication}
+	 * @param filterProcessingUrl the processing URL, must contain a {registrationId}
+	 * variable
 	 * @since 5.4
 	 */
-	public Saml2WebSsoAuthenticationFilter(
-			AuthenticationConverter authenticationConverter,
+	public Saml2WebSsoAuthenticationFilter(AuthenticationConverter authenticationConverter,
 			String filterProcessingUrl) {
 		super(filterProcessingUrl);
 		Assert.notNull(authenticationConverter, "authenticationConverter cannot be null");
 		Assert.hasText(filterProcessingUrl, "filterProcessesUrl must contain a URL pattern");
-		Assert.isTrue(
-				filterProcessingUrl.contains("{registrationId}"),
-				"filterProcessesUrl must contain a {registrationId} match variable"
-		);
+		Assert.isTrue(filterProcessingUrl.contains("{registrationId}"),
+				"filterProcessesUrl must contain a {registrationId} match variable");
 		this.authenticationConverter = authenticationConverter;
 		setAllowSessionCreation(true);
 		setSessionAuthenticationStrategy(new ChangeSessionIdAuthenticationStrategy());
@@ -103,4 +102,5 @@ public class Saml2WebSsoAuthenticationFilter extends AbstractAuthenticationProce
 		}
 		return getAuthenticationManager().authenticate(authentication);
 	}
+
 }
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationRequestFilter.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationRequestFilter.java
index 3fa3e9522c..ea3520147c 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationRequestFilter.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationRequestFilter.java
@@ -47,22 +47,22 @@ import static java.nio.charset.StandardCharsets.ISO_8859_1;
 
 /**
  * This {@code Filter} formulates a
- * <a href="https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf">SAML 2.0 AuthnRequest</a> (line 1968)
- * and redirects to a configured asserting party.
+ * <a href="https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf">SAML 2.0
+ * AuthnRequest</a> (line 1968) and redirects to a configured asserting party.
  *
  * <p>
- * It supports the
- * <a href="https://docs.oasis-open.org/security/saml/v2.0/saml-bindings-2.0-os.pdf">HTTP-Redirect</a> (line 520)
- * and
- * <a href="https://docs.oasis-open.org/security/saml/v2.0/saml-bindings-2.0-os.pdf">HTTP-POST</a> (line 753)
- * bindings.
+ * It supports the <a href=
+ * "https://docs.oasis-open.org/security/saml/v2.0/saml-bindings-2.0-os.pdf">HTTP-Redirect</a>
+ * (line 520) and <a href=
+ * "https://docs.oasis-open.org/security/saml/v2.0/saml-bindings-2.0-os.pdf">HTTP-POST</a>
+ * (line 753) bindings.
  *
  * <p>
- * By default, this {@code Filter} responds to authentication requests
- * at the {@code URI} {@code /oauth2/authorization/{registrationId}}.
- * The {@code URI} template variable {@code {registrationId}} represents the
- * {@link RelyingPartyRegistration#getRegistrationId() registration identifier} of the relying party
- * that is used for initiating the authentication request.
+ * By default, this {@code Filter} responds to authentication requests at the {@code URI}
+ * {@code /oauth2/authorization/{registrationId}}. The {@code URI} template variable
+ * {@code {registrationId}} represents the
+ * {@link RelyingPartyRegistration#getRegistrationId() registration identifier} of the
+ * relying party that is used for initiating the authentication request.
  *
  * @since 5.2
  * @author Filip Hanik
@@ -71,27 +71,32 @@ import static java.nio.charset.StandardCharsets.ISO_8859_1;
 public class Saml2WebSsoAuthenticationRequestFilter extends OncePerRequestFilter {
 
 	private final Saml2AuthenticationRequestContextResolver authenticationRequestContextResolver;
+
 	private Saml2AuthenticationRequestFactory authenticationRequestFactory;
 
 	private RequestMatcher redirectMatcher = new AntPathRequestMatcher("/saml2/authenticate/{registrationId}");
 
 	/**
-	 * Construct a {@link Saml2WebSsoAuthenticationRequestFilter} with the provided parameters
-	 *
-	 * @param relyingPartyRegistrationRepository a repository for relying party configurations
-	 * @deprecated use the constructor that takes a {@link Saml2AuthenticationRequestFactory}
+	 * Construct a {@link Saml2WebSsoAuthenticationRequestFilter} with the provided
+	 * parameters
+	 * @param relyingPartyRegistrationRepository a repository for relying party
+	 * configurations
+	 * @deprecated use the constructor that takes a
+	 * {@link Saml2AuthenticationRequestFactory}
 	 */
 	@Deprecated
-	public Saml2WebSsoAuthenticationRequestFilter(RelyingPartyRegistrationRepository relyingPartyRegistrationRepository) {
+	public Saml2WebSsoAuthenticationRequestFilter(
+			RelyingPartyRegistrationRepository relyingPartyRegistrationRepository) {
 		this(new DefaultSaml2AuthenticationRequestContextResolver(
 				new DefaultRelyingPartyRegistrationResolver(relyingPartyRegistrationRepository)),
 				new org.springframework.security.saml2.provider.service.authentication.OpenSamlAuthenticationRequestFactory());
 	}
 
 	/**
-	 * Construct a {@link Saml2WebSsoAuthenticationRequestFilter} with the provided parameters
-	 *
-	 * @param authenticationRequestContextResolver a strategy for formulating a {@link Saml2AuthenticationRequestContext}
+	 * Construct a {@link Saml2WebSsoAuthenticationRequestFilter} with the provided
+	 * parameters
+	 * @param authenticationRequestContextResolver a strategy for formulating a
+	 * {@link Saml2AuthenticationRequestContext}
 	 * @since 5.4
 	 */
 	public Saml2WebSsoAuthenticationRequestFilter(
@@ -105,9 +110,10 @@ public class Saml2WebSsoAuthenticationRequestFilter extends OncePerRequestFilter
 	}
 
 	/**
-	 * Use the given {@link Saml2AuthenticationRequestFactory} for formulating the SAML 2.0 AuthnRequest
-	 *
-	 * @param authenticationRequestFactory the {@link Saml2AuthenticationRequestFactory} to use
+	 * Use the given {@link Saml2AuthenticationRequestFactory} for formulating the SAML
+	 * 2.0 AuthnRequest
+	 * @param authenticationRequestFactory the {@link Saml2AuthenticationRequestFactory}
+	 * to use
 	 * @deprecated use the constructor instead
 	 */
 	@Deprecated
@@ -118,7 +124,6 @@ public class Saml2WebSsoAuthenticationRequestFilter extends OncePerRequestFilter
 
 	/**
 	 * Use the given {@link RequestMatcher} that activates this filter for a given request
-	 *
 	 * @param redirectMatcher the {@link RequestMatcher} to use
 	 */
 	public void setRedirectMatcher(RequestMatcher redirectMatcher) {
@@ -147,41 +152,36 @@ public class Saml2WebSsoAuthenticationRequestFilter extends OncePerRequestFilter
 		RelyingPartyRegistration relyingParty = context.getRelyingPartyRegistration();
 		if (relyingParty.getAssertingPartyDetails().getSingleSignOnServiceBinding() == Saml2MessageBinding.REDIRECT) {
 			sendRedirect(response, context);
-		} else {
+		}
+		else {
 			sendPost(response, context);
 		}
 	}
 
 	private void sendRedirect(HttpServletResponse response, Saml2AuthenticationRequestContext context)
 			throws IOException {
-		Saml2RedirectAuthenticationRequest authenticationRequest =
-				this.authenticationRequestFactory.createRedirectAuthenticationRequest(context);
+		Saml2RedirectAuthenticationRequest authenticationRequest = this.authenticationRequestFactory
+				.createRedirectAuthenticationRequest(context);
 		UriComponentsBuilder uriBuilder = UriComponentsBuilder
 				.fromUriString(authenticationRequest.getAuthenticationRequestUri());
 		addParameter("SAMLRequest", authenticationRequest.getSamlRequest(), uriBuilder);
 		addParameter("RelayState", authenticationRequest.getRelayState(), uriBuilder);
 		addParameter("SigAlg", authenticationRequest.getSigAlg(), uriBuilder);
 		addParameter("Signature", authenticationRequest.getSignature(), uriBuilder);
-		String redirectUrl = uriBuilder
-				.build(true)
-				.toUriString();
+		String redirectUrl = uriBuilder.build(true).toUriString();
 		response.sendRedirect(redirectUrl);
 	}
 
 	private void addParameter(String name, String value, UriComponentsBuilder builder) {
 		Assert.hasText(name, "name cannot be empty or null");
 		if (StringUtils.hasText(value)) {
-			builder.queryParam(
-					UriUtils.encode(name, ISO_8859_1),
-					UriUtils.encode(value, ISO_8859_1)
-			);
+			builder.queryParam(UriUtils.encode(name, ISO_8859_1), UriUtils.encode(value, ISO_8859_1));
 		}
 	}
 
-	private void sendPost(HttpServletResponse response, Saml2AuthenticationRequestContext context)
-			throws IOException {
-		Saml2PostAuthenticationRequest authenticationRequest =
-				this.authenticationRequestFactory.createPostAuthenticationRequest(context);
+	private void sendPost(HttpServletResponse response, Saml2AuthenticationRequestContext context) throws IOException {
+		Saml2PostAuthenticationRequest authenticationRequest = this.authenticationRequestFactory
+				.createPostAuthenticationRequest(context);
 		String html = createSamlPostRequestFormData(authenticationRequest);
 		response.setContentType(MediaType.TEXT_HTML_VALUE);
 		response.getWriter().write(html);
@@ -191,42 +191,26 @@ public class Saml2WebSsoAuthenticationRequestFilter extends OncePerRequestFilter
 		String authenticationRequestUri = authenticationRequest.getAuthenticationRequestUri();
 		String relayState = authenticationRequest.getRelayState();
 		String samlRequest = authenticationRequest.getSamlRequest();
-		StringBuilder postHtml = new StringBuilder()
-				.append("<!DOCTYPE html>\n")
-				.append("<html>\n")
-				.append("    <head>\n")
-				.append("        <meta charset=\"utf-8\" />\n")
-				.append("    </head>\n")
-				.append("    <body onload=\"document.forms[0].submit()\">\n")
-				.append("        <noscript>\n")
+		StringBuilder postHtml = new StringBuilder().append("<!DOCTYPE html>\n").append("<html>\n")
+				.append("    <head>\n").append("        <meta charset=\"utf-8\" />\n").append("    </head>\n")
+				.append("    <body onload=\"document.forms[0].submit()\">\n").append("        <noscript>\n")
 				.append("            <p>\n")
 				.append("                <strong>Note:</strong> Since your browser does not support JavaScript,\n")
 				.append("                you must press the Continue button once to proceed.\n")
-				.append("            </p>\n")
-				.append("        </noscript>\n")
-				.append("        \n")
+				.append("            </p>\n").append("        </noscript>\n").append("        \n")
 				.append("        <form action=\"").append(authenticationRequestUri).append("\" method=\"post\">\n")
 				.append("            <div>\n")
 				.append("                <input type=\"hidden\" name=\"SAMLRequest\" value=\"")
-				.append(HtmlUtils.htmlEscape(samlRequest))
-				.append("\"/>\n");
+				.append(HtmlUtils.htmlEscape(samlRequest)).append("\"/>\n");
 		if (StringUtils.hasText(relayState)) {
-			postHtml
-					.append("                <input type=\"hidden\" name=\"RelayState\" value=\"")
-					.append(HtmlUtils.htmlEscape(relayState))
-					.append("\"/>\n");
+			postHtml.append("                <input type=\"hidden\" name=\"RelayState\" value=\"")
+					.append(HtmlUtils.htmlEscape(relayState)).append("\"/>\n");
 		}
-		postHtml
-				.append("            </div>\n")
-				.append("            <noscript>\n")
-				.append("                <div>\n")
+		postHtml.append("            </div>\n").append("            <noscript>\n").append("                <div>\n")
 				.append("                    <input type=\"submit\" value=\"Continue\"/>\n")
-				.append("                </div>\n")
-				.append("            </noscript>\n")
-				.append("        </form>\n")
-				.append("        \n")
-				.append("    </body>\n")
-				.append("</html>");
+				.append("                </div>\n").append("            </noscript>\n").append("        </form>\n")
+				.append("        \n").append("    </body>\n").append("</html>");
 		return postHtml.toString();
 	}
+
 }
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/DefaultRelyingPartyRegistrationResolver.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/DefaultRelyingPartyRegistrationResolver.java
index 3768233fdf..bdc60fcc0b 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/DefaultRelyingPartyRegistrationResolver.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/DefaultRelyingPartyRegistrationResolver.java
@@ -37,8 +37,8 @@ import static org.springframework.web.util.UriComponentsBuilder.fromHttpUrl;
 
 /**
  * A {@link Converter} that resolves a {@link RelyingPartyRegistration} by extracting the
- * registration id from the request, querying a {@link RelyingPartyRegistrationRepository},
- * and resolving any template values.
+ * registration id from the request, querying a
+ * {@link RelyingPartyRegistrationRepository}, and resolving any template values.
  *
  * @since 5.4
  * @author Josh Cummings
@@ -49,10 +49,11 @@ public final class DefaultRelyingPartyRegistrationResolver
 	private static final char PATH_DELIMITER = '/';
 
 	private final RelyingPartyRegistrationRepository relyingPartyRegistrationRepository;
+
 	private final Converter<HttpServletRequest, String> registrationIdResolver = new RegistrationIdResolver();
 
-	public DefaultRelyingPartyRegistrationResolver
-			(RelyingPartyRegistrationRepository relyingPartyRegistrationRepository) {
+	public DefaultRelyingPartyRegistrationResolver(
+			RelyingPartyRegistrationRepository relyingPartyRegistrationRepository) {
 
 		Assert.notNull(relyingPartyRegistrationRepository, "relyingPartyRegistrationRepository cannot be null");
 		this.relyingPartyRegistrationRepository = relyingPartyRegistrationRepository;
@@ -64,8 +65,8 @@ public final class DefaultRelyingPartyRegistrationResolver
 		if (registrationId == null) {
 			return null;
 		}
-		RelyingPartyRegistration relyingPartyRegistration =
-				this.relyingPartyRegistrationRepository.findByRegistrationId(registrationId);
+		RelyingPartyRegistration relyingPartyRegistration = this.relyingPartyRegistrationRepository
+				.findByRegistrationId(registrationId);
 		if (relyingPartyRegistration == null) {
 			return null;
 		}
@@ -73,12 +74,10 @@ public final class DefaultRelyingPartyRegistrationResolver
 		String applicationUri = getApplicationUri(request);
 		Function<String, String> templateResolver = templateResolver(applicationUri, relyingPartyRegistration);
 		String relyingPartyEntityId = templateResolver.apply(relyingPartyRegistration.getEntityId());
-		String assertionConsumerServiceLocation = templateResolver.apply(
-				relyingPartyRegistration.getAssertionConsumerServiceLocation());
-		return withRelyingPartyRegistration(relyingPartyRegistration)
-				.entityId(relyingPartyEntityId)
-				.assertionConsumerServiceLocation(assertionConsumerServiceLocation)
-				.build();
+		String assertionConsumerServiceLocation = templateResolver
+				.apply(relyingPartyRegistration.getAssertionConsumerServiceLocation());
+		return withRelyingPartyRegistration(relyingPartyRegistration).entityId(relyingPartyEntityId)
+				.assertionConsumerServiceLocation(assertionConsumerServiceLocation).build();
 	}
 
 	private Function<String, String> templateResolver(String applicationUri, RelyingPartyRegistration relyingParty) {
@@ -89,9 +88,7 @@ public final class DefaultRelyingPartyRegistrationResolver
 		String entityId = relyingParty.getAssertingPartyDetails().getEntityId();
 		String registrationId = relyingParty.getRegistrationId();
 		Map<String, String> uriVariables = new HashMap<>();
-		UriComponents uriComponents = UriComponentsBuilder.fromHttpUrl(baseUrl)
-				.replaceQuery(null)
-				.fragment(null)
+		UriComponents uriComponents = UriComponentsBuilder.fromHttpUrl(baseUrl).replaceQuery(null).fragment(null)
 				.build();
 		String scheme = uriComponents.getScheme();
 		uriVariables.put("baseScheme", scheme == null ? "" : scheme);
@@ -109,21 +106,17 @@ public final class DefaultRelyingPartyRegistrationResolver
 		uriVariables.put("entityId", StringUtils.hasText(entityId) ? entityId : "");
 		uriVariables.put("registrationId", StringUtils.hasText(registrationId) ? registrationId : "");
 
-		return UriComponentsBuilder.fromUriString(template)
-				.buildAndExpand(uriVariables)
-				.toUriString();
+		return UriComponentsBuilder.fromUriString(template).buildAndExpand(uriVariables).toUriString();
 	}
 
 	private static String getApplicationUri(HttpServletRequest request) {
-		UriComponents uriComponents = fromHttpUrl(buildFullRequestUrl(request))
-				.replacePath(request.getContextPath())
-				.replaceQuery(null)
-				.fragment(null)
-				.build();
+		UriComponents uriComponents = fromHttpUrl(buildFullRequestUrl(request)).replacePath(request.getContextPath())
+				.replaceQuery(null).fragment(null).build();
 		return uriComponents.toUriString();
 	}
 
 	private static class RegistrationIdResolver implements Converter<HttpServletRequest, String> {
+
 		private final RequestMatcher requestMatcher = new AntPathRequestMatcher("/**/{registrationId}");
 
 		@Override
@@ -131,5 +124,7 @@ public final class DefaultRelyingPartyRegistrationResolver
 			RequestMatcher.MatchResult result = this.requestMatcher.matcher(request);
 			return result.getVariables().get("registrationId");
 		}
+
 	}
+
 }
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/DefaultSaml2AuthenticationRequestContextResolver.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/DefaultSaml2AuthenticationRequestContextResolver.java
index b9d15b7860..c6f40dc24d 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/DefaultSaml2AuthenticationRequestContextResolver.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/DefaultSaml2AuthenticationRequestContextResolver.java
@@ -27,21 +27,23 @@ import org.springframework.security.saml2.provider.service.registration.RelyingP
 import org.springframework.util.Assert;
 
 /**
- * The default implementation for {@link Saml2AuthenticationRequestContextResolver}
- * which uses the current request and given relying party to formulate a {@link Saml2AuthenticationRequestContext}
+ * The default implementation for {@link Saml2AuthenticationRequestContextResolver} which
+ * uses the current request and given relying party to formulate a
+ * {@link Saml2AuthenticationRequestContext}
  *
  * @author Shazin Sadakath
  * @author Josh Cummings
  * @since 5.4
  */
-public final class DefaultSaml2AuthenticationRequestContextResolver implements Saml2AuthenticationRequestContextResolver {
+public final class DefaultSaml2AuthenticationRequestContextResolver
+		implements Saml2AuthenticationRequestContextResolver {
 
 	private final Log logger = LogFactory.getLog(getClass());
 
 	private final Converter<HttpServletRequest, RelyingPartyRegistration> relyingPartyRegistrationResolver;
 
-	public DefaultSaml2AuthenticationRequestContextResolver
-			(Converter<HttpServletRequest, RelyingPartyRegistration> relyingPartyRegistrationResolver) {
+	public DefaultSaml2AuthenticationRequestContextResolver(
+			Converter<HttpServletRequest, RelyingPartyRegistration> relyingPartyRegistrationResolver) {
 		this.relyingPartyRegistrationResolver = relyingPartyRegistrationResolver;
 	}
 
@@ -56,20 +58,19 @@ public final class DefaultSaml2AuthenticationRequestContextResolver implements S
 			return null;
 		}
 		if (this.logger.isDebugEnabled()) {
-			this.logger.debug("Creating SAML 2.0 Authentication Request for Asserting Party [" +
-					relyingParty.getRegistrationId() + "]");
+			this.logger.debug("Creating SAML 2.0 Authentication Request for Asserting Party ["
+					+ relyingParty.getRegistrationId() + "]");
 		}
 		return createRedirectAuthenticationRequestContext(request, relyingParty);
 	}
 
-	private Saml2AuthenticationRequestContext createRedirectAuthenticationRequestContext(
-			HttpServletRequest request, RelyingPartyRegistration relyingParty) {
+	private Saml2AuthenticationRequestContext createRedirectAuthenticationRequestContext(HttpServletRequest request,
+			RelyingPartyRegistration relyingParty) {
 
-		return Saml2AuthenticationRequestContext.builder()
-				.issuer(relyingParty.getEntityId())
+		return Saml2AuthenticationRequestContext.builder().issuer(relyingParty.getEntityId())
 				.relyingPartyRegistration(relyingParty)
 				.assertionConsumerServiceUrl(relyingParty.getAssertionConsumerServiceLocation())
-				.relayState(request.getParameter("RelayState"))
-				.build();
+				.relayState(request.getParameter("RelayState")).build();
 	}
+
 }
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationRequestContextResolver.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationRequestContextResolver.java
index db24c8ff90..233d93b23d 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationRequestContextResolver.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationRequestContextResolver.java
@@ -22,7 +22,8 @@ import org.springframework.security.saml2.provider.service.authentication.Saml2A
 
 /**
  * This {@code Saml2AuthenticationRequestContextResolver} formulates a
- * <a href="https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf">SAML 2.0 AuthnRequest</a> (line 1968)
+ * <a href="https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf">SAML 2.0
+ * AuthnRequest</a> (line 1968)
  *
  * @author Shazin Sadakath
  * @author Josh Cummings
@@ -31,11 +32,11 @@ import org.springframework.security.saml2.provider.service.authentication.Saml2A
 public interface Saml2AuthenticationRequestContextResolver {
 
 	/**
-	 * This {@code resolve} method is defined to create a {@link Saml2AuthenticationRequestContext}
-	 *
-	 *
+	 * This {@code resolve} method is defined to create a
+	 * {@link Saml2AuthenticationRequestContext}
 	 * @param request the current request
 	 * @return the created {@link Saml2AuthenticationRequestContext} for the request
 	 */
 	Saml2AuthenticationRequestContext resolve(HttpServletRequest request);
+
 }
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationTokenConverter.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationTokenConverter.java
index 632ef955b9..29be8459f2 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationTokenConverter.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationTokenConverter.java
@@ -35,26 +35,27 @@ import org.springframework.util.Assert;
 import static java.nio.charset.StandardCharsets.UTF_8;
 
 /**
- * An {@link AuthenticationConverter} that generates a {@link Saml2AuthenticationToken} appropriate
- * for authenticated a SAML 2.0 Assertion against an
+ * An {@link AuthenticationConverter} that generates a {@link Saml2AuthenticationToken}
+ * appropriate for authenticated a SAML 2.0 Assertion against an
  * {@link org.springframework.security.authentication.AuthenticationManager}.
  *
  * @author Josh Cummings
  * @since 5.4
  */
 public final class Saml2AuthenticationTokenConverter implements AuthenticationConverter {
-	private static Base64 BASE64 = new Base64(0, new byte[]{'\n'});
+
+	private static Base64 BASE64 = new Base64(0, new byte[] { '\n' });
 
 	private final Converter<HttpServletRequest, RelyingPartyRegistration> relyingPartyRegistrationResolver;
 
 	/**
-	 * Constructs a {@link Saml2AuthenticationTokenConverter} given a strategy for resolving
+	 * Constructs a {@link Saml2AuthenticationTokenConverter} given a strategy for
+	 * resolving {@link RelyingPartyRegistration}s
+	 * @param relyingPartyRegistrationResolver the strategy for resolving
 	 * {@link RelyingPartyRegistration}s
-	 *
-	 * @param relyingPartyRegistrationResolver the strategy for resolving {@link RelyingPartyRegistration}s
 	 */
-	public Saml2AuthenticationTokenConverter
-			(Converter<HttpServletRequest, RelyingPartyRegistration> relyingPartyRegistrationResolver) {
+	public Saml2AuthenticationTokenConverter(
+			Converter<HttpServletRequest, RelyingPartyRegistration> relyingPartyRegistrationResolver) {
 		Assert.notNull(relyingPartyRegistrationResolver, "relyingPartyRegistrationResolver cannot be null");
 		this.relyingPartyRegistrationResolver = relyingPartyRegistrationResolver;
 	}
@@ -102,4 +103,5 @@ public final class Saml2AuthenticationTokenConverter implements AuthenticationCo
 			throw new Saml2Exception("Unable to inflate string", e);
 		}
 	}
+
 }
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilter.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilter.java
index 50cb27803c..097d79ea11 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilter.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilter.java
@@ -42,6 +42,7 @@ import org.springframework.web.filter.OncePerRequestFilter;
 public final class Saml2MetadataFilter extends OncePerRequestFilter {
 
 	private final Converter<HttpServletRequest, RelyingPartyRegistration> relyingPartyRegistrationConverter;
+
 	private final Saml2MetadataResolver saml2MetadataResolver;
 
 	private RequestMatcher requestMatcher = new AntPathRequestMatcher(
@@ -65,8 +66,7 @@ public final class Saml2MetadataFilter extends OncePerRequestFilter {
 			return;
 		}
 
-		RelyingPartyRegistration relyingPartyRegistration =
-				this.relyingPartyRegistrationConverter.convert(request);
+		RelyingPartyRegistration relyingPartyRegistration = this.relyingPartyRegistrationConverter.convert(request);
 		if (relyingPartyRegistration == null) {
 			response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
 			return;
@@ -88,13 +88,13 @@ public final class Saml2MetadataFilter extends OncePerRequestFilter {
 	}
 
 	/**
-	 * Set the {@link RequestMatcher} that determines whether this filter should
-	 * handle the incoming {@link HttpServletRequest}
-	 *
+	 * Set the {@link RequestMatcher} that determines whether this filter should handle
+	 * the incoming {@link HttpServletRequest}
 	 * @param requestMatcher
 	 */
 	public void setRequestMatcher(RequestMatcher requestMatcher) {
 		Assert.notNull(requestMatcher, "requestMatcher cannot be null");
 		this.requestMatcher = requestMatcher;
 	}
+
 }
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/core/OpenSamlInitializationServiceTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/core/OpenSamlInitializationServiceTests.java
index 5a09bf70d9..ca2924b3fd 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/core/OpenSamlInitializationServiceTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/core/OpenSamlInitializationServiceTests.java
@@ -37,8 +37,8 @@ public class OpenSamlInitializationServiceTests {
 		OpenSamlInitializationService.initialize();
 		XMLObjectProviderRegistry registry = ConfigurationService.get(XMLObjectProviderRegistry.class);
 		assertThat(registry.getParserPool()).isNotNull();
-		assertThatCode(() -> OpenSamlInitializationService.requireInitialize(r -> {}))
-				.isInstanceOf(Saml2Exception.class)
-				.hasMessageContaining("OpenSAML was already initialized previously");
+		assertThatCode(() -> OpenSamlInitializationService.requireInitialize(r -> {
+		})).isInstanceOf(Saml2Exception.class).hasMessageContaining("OpenSAML was already initialized previously");
 	}
+
 }
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/core/Saml2Utils.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/core/Saml2Utils.java
index 3de1cecc9b..7e0c1773ad 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/core/Saml2Utils.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/core/Saml2Utils.java
@@ -32,7 +32,7 @@ import static java.util.zip.Deflater.DEFLATED;
 
 public final class Saml2Utils {
 
-	private static Base64 BASE64 = new Base64(0, new byte[]{'\n'});
+	private static Base64 BASE64 = new Base64(0, new byte[] { '\n' });
 
 	public static String samlEncode(byte[] b) {
 		return BASE64.encodeAsString(b);
@@ -67,4 +67,5 @@ public final class Saml2Utils {
 			throw new Saml2Exception("Unable to inflate string", e);
 		}
 	}
+
 }
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/core/Saml2X509CredentialTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/core/Saml2X509CredentialTests.java
index e3f7b32109..600f2a4260 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/core/Saml2X509CredentialTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/core/Saml2X509CredentialTests.java
@@ -40,44 +40,43 @@ public class Saml2X509CredentialTests {
 	public ExpectedException exception = ExpectedException.none();
 
 	private PrivateKey key;
+
 	private X509Certificate certificate;
 
 	@Before
 	public void setup() throws Exception {
-		String keyData = "-----BEGIN PRIVATE KEY-----\n" +
-				"MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBANG7v8QjQGU3MwQE\n" +
-				"VUBxvH6Uuiy/MhZT7TV0ZNjyAF2ExA1gpn3aUxx6jYK5UnrpxRRE/KbeLucYbOhK\n" +
-				"cDECt77Rggz5TStrOta0BQTvfluRyoQtmQ5Nkt6Vqg7O2ZapFt7k64Sal7AftzH6\n" +
-				"Q2BxWN1y04bLdDrH4jipqRj/2qEFAgMBAAECgYEAj4ExY1jjdN3iEDuOwXuRB+Nn\n" +
-				"x7pC4TgntE2huzdKvLJdGvIouTArce8A6JM5NlTBvm69mMepvAHgcsiMH1zGr5J5\n" +
-				"wJz23mGOyhM1veON41/DJTVG+cxq4soUZhdYy3bpOuXGMAaJ8QLMbQQoivllNihd\n" +
-				"vwH0rNSK8LTYWWPZYIECQQDxct+TFX1VsQ1eo41K0T4fu2rWUaxlvjUGhK6HxTmY\n" +
-				"8OMJptunGRJL1CUjIb45Uz7SP8TPz5FwhXWsLfS182kRAkEA3l+Qd9C9gdpUh1uX\n" +
-				"oPSNIxn5hFUrSTW1EwP9QH9vhwb5Vr8Jrd5ei678WYDLjUcx648RjkjhU9jSMzIx\n" +
-				"EGvYtQJBAMm/i9NR7IVyyNIgZUpz5q4LI21rl1r4gUQuD8vA36zM81i4ROeuCly0\n" +
-				"KkfdxR4PUfnKcQCX11YnHjk9uTFj75ECQEFY/gBnxDjzqyF35hAzrYIiMPQVfznt\n" +
-				"YX/sDTE2AdVBVGaMj1Cb51bPHnNC6Q5kXKQnj/YrLqRQND09Q7ParX0CQQC5NxZr\n" +
-				"9jKqhHj8yQD6PlXTsY4Occ7DH6/IoDenfdEVD5qlet0zmd50HatN2Jiqm5ubN7CM\n" +
-				"INrtuLp4YHbgk1mi\n" +
-				"-----END PRIVATE KEY-----";
+		String keyData = "-----BEGIN PRIVATE KEY-----\n"
+				+ "MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBANG7v8QjQGU3MwQE\n"
+				+ "VUBxvH6Uuiy/MhZT7TV0ZNjyAF2ExA1gpn3aUxx6jYK5UnrpxRRE/KbeLucYbOhK\n"
+				+ "cDECt77Rggz5TStrOta0BQTvfluRyoQtmQ5Nkt6Vqg7O2ZapFt7k64Sal7AftzH6\n"
+				+ "Q2BxWN1y04bLdDrH4jipqRj/2qEFAgMBAAECgYEAj4ExY1jjdN3iEDuOwXuRB+Nn\n"
+				+ "x7pC4TgntE2huzdKvLJdGvIouTArce8A6JM5NlTBvm69mMepvAHgcsiMH1zGr5J5\n"
+				+ "wJz23mGOyhM1veON41/DJTVG+cxq4soUZhdYy3bpOuXGMAaJ8QLMbQQoivllNihd\n"
+				+ "vwH0rNSK8LTYWWPZYIECQQDxct+TFX1VsQ1eo41K0T4fu2rWUaxlvjUGhK6HxTmY\n"
+				+ "8OMJptunGRJL1CUjIb45Uz7SP8TPz5FwhXWsLfS182kRAkEA3l+Qd9C9gdpUh1uX\n"
+				+ "oPSNIxn5hFUrSTW1EwP9QH9vhwb5Vr8Jrd5ei678WYDLjUcx648RjkjhU9jSMzIx\n"
+				+ "EGvYtQJBAMm/i9NR7IVyyNIgZUpz5q4LI21rl1r4gUQuD8vA36zM81i4ROeuCly0\n"
+				+ "KkfdxR4PUfnKcQCX11YnHjk9uTFj75ECQEFY/gBnxDjzqyF35hAzrYIiMPQVfznt\n"
+				+ "YX/sDTE2AdVBVGaMj1Cb51bPHnNC6Q5kXKQnj/YrLqRQND09Q7ParX0CQQC5NxZr\n"
+				+ "9jKqhHj8yQD6PlXTsY4Occ7DH6/IoDenfdEVD5qlet0zmd50HatN2Jiqm5ubN7CM\n" + "INrtuLp4YHbgk1mi\n"
+				+ "-----END PRIVATE KEY-----";
 		key = RsaKeyConverters.pkcs8().convert(new ByteArrayInputStream(keyData.getBytes(UTF_8)));
 		final CertificateFactory factory = CertificateFactory.getInstance("X.509");
-		String certificateData = "-----BEGIN CERTIFICATE-----\n" +
-				"MIICgTCCAeoCCQCuVzyqFgMSyDANBgkqhkiG9w0BAQsFADCBhDELMAkGA1UEBhMC\n" +
-				"VVMxEzARBgNVBAgMCldhc2hpbmd0b24xEjAQBgNVBAcMCVZhbmNvdXZlcjEdMBsG\n" +
-				"A1UECgwUU3ByaW5nIFNlY3VyaXR5IFNBTUwxCzAJBgNVBAsMAnNwMSAwHgYDVQQD\n" +
-				"DBdzcC5zcHJpbmcuc2VjdXJpdHkuc2FtbDAeFw0xODA1MTQxNDMwNDRaFw0yODA1\n" +
-				"MTExNDMwNDRaMIGEMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjES\n" +
-				"MBAGA1UEBwwJVmFuY291dmVyMR0wGwYDVQQKDBRTcHJpbmcgU2VjdXJpdHkgU0FN\n" +
-				"TDELMAkGA1UECwwCc3AxIDAeBgNVBAMMF3NwLnNwcmluZy5zZWN1cml0eS5zYW1s\n" +
-				"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDRu7/EI0BlNzMEBFVAcbx+lLos\n" +
-				"vzIWU+01dGTY8gBdhMQNYKZ92lMceo2CuVJ66cUURPym3i7nGGzoSnAxAre+0YIM\n" +
-				"+U0razrWtAUE735bkcqELZkOTZLelaoOztmWqRbe5OuEmpewH7cx+kNgcVjdctOG\n" +
-				"y3Q6x+I4qakY/9qhBQIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAAeViTvHOyQopWEi\n" +
-				"XOfI2Z9eukwrSknDwq/zscR0YxwwqDBMt/QdAODfSwAfnciiYLkmEjlozWRtOeN+\n" +
-				"qK7UFgP1bRl5qksrYX5S0z2iGJh0GvonLUt3e20Ssfl5tTEDDnAEUMLfBkyaxEHD\n" +
-				"RZ/nbTJ7VTeZOSyRoVn5XHhpuJ0B\n" +
-				"-----END CERTIFICATE-----";
+		String certificateData = "-----BEGIN CERTIFICATE-----\n"
+				+ "MIICgTCCAeoCCQCuVzyqFgMSyDANBgkqhkiG9w0BAQsFADCBhDELMAkGA1UEBhMC\n"
+				+ "VVMxEzARBgNVBAgMCldhc2hpbmd0b24xEjAQBgNVBAcMCVZhbmNvdXZlcjEdMBsG\n"
+				+ "A1UECgwUU3ByaW5nIFNlY3VyaXR5IFNBTUwxCzAJBgNVBAsMAnNwMSAwHgYDVQQD\n"
+				+ "DBdzcC5zcHJpbmcuc2VjdXJpdHkuc2FtbDAeFw0xODA1MTQxNDMwNDRaFw0yODA1\n"
+				+ "MTExNDMwNDRaMIGEMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjES\n"
+				+ "MBAGA1UEBwwJVmFuY291dmVyMR0wGwYDVQQKDBRTcHJpbmcgU2VjdXJpdHkgU0FN\n"
+				+ "TDELMAkGA1UECwwCc3AxIDAeBgNVBAMMF3NwLnNwcmluZy5zZWN1cml0eS5zYW1s\n"
+				+ "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDRu7/EI0BlNzMEBFVAcbx+lLos\n"
+				+ "vzIWU+01dGTY8gBdhMQNYKZ92lMceo2CuVJ66cUURPym3i7nGGzoSnAxAre+0YIM\n"
+				+ "+U0razrWtAUE735bkcqELZkOTZLelaoOztmWqRbe5OuEmpewH7cx+kNgcVjdctOG\n"
+				+ "y3Q6x+I4qakY/9qhBQIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAAeViTvHOyQopWEi\n"
+				+ "XOfI2Z9eukwrSknDwq/zscR0YxwwqDBMt/QdAODfSwAfnciiYLkmEjlozWRtOeN+\n"
+				+ "qK7UFgP1bRl5qksrYX5S0z2iGJh0GvonLUt3e20Ssfl5tTEDDnAEUMLfBkyaxEHD\n"
+				+ "RZ/nbTJ7VTeZOSyRoVn5XHhpuJ0B\n" + "-----END CERTIFICATE-----";
 		certificate = (X509Certificate) factory
 				.generateCertificate(new ByteArrayInputStream(certificateData.getBytes(UTF_8)));
 	}
@@ -195,4 +194,5 @@ public class Saml2X509CredentialTests {
 		exception.expect(IllegalArgumentException.class);
 		Saml2X509Credential.encryption(null);
 	}
+
 }
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/core/TestSaml2X509Credentials.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/core/TestSaml2X509Credentials.java
index f2d711882e..2df52901cd 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/core/TestSaml2X509Credentials.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/core/TestSaml2X509Credentials.java
@@ -34,6 +34,7 @@ import static org.springframework.security.saml2.core.Saml2X509Credential.Saml2X
 import static org.springframework.security.saml2.core.Saml2X509Credential.Saml2X509CredentialType.VERIFICATION;
 
 public final class TestSaml2X509Credentials {
+
 	public static Saml2X509Credential assertingPartySigningCredential() {
 		return new Saml2X509Credential(idpPrivateKey(), idpCertificate(), SIGNING);
 	}
@@ -61,9 +62,7 @@ public final class TestSaml2X509Credentials {
 	private static X509Certificate certificate(String cert) {
 		ByteArrayInputStream certBytes = new ByteArrayInputStream(cert.getBytes());
 		try {
-			return (X509Certificate) CertificateFactory
-					.getInstance("X.509")
-					.generateCertificate(certBytes);
+			return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(certBytes);
 		}
 		catch (CertificateException e) {
 			throw new Saml2Exception(e);
@@ -79,101 +78,97 @@ public final class TestSaml2X509Credentials {
 		}
 	}
 
-	private static X509Certificate idpCertificate()  {
-		return certificate("-----BEGIN CERTIFICATE-----\n"
-				+ "MIIEEzCCAvugAwIBAgIJAIc1qzLrv+5nMA0GCSqGSIb3DQEBCwUAMIGfMQswCQYD\n"
-				+ "VQQGEwJVUzELMAkGA1UECAwCQ08xFDASBgNVBAcMC0Nhc3RsZSBSb2NrMRwwGgYD\n"
-				+ "VQQKDBNTYW1sIFRlc3RpbmcgU2VydmVyMQswCQYDVQQLDAJJVDEgMB4GA1UEAwwX\n"
-				+ "c2ltcGxlc2FtbHBocC5jZmFwcHMuaW8xIDAeBgkqhkiG9w0BCQEWEWZoYW5pa0Bw\n"
-				+ "aXZvdGFsLmlvMB4XDTE1MDIyMzIyNDUwM1oXDTI1MDIyMjIyNDUwM1owgZ8xCzAJ\n"
-				+ "BgNVBAYTAlVTMQswCQYDVQQIDAJDTzEUMBIGA1UEBwwLQ2FzdGxlIFJvY2sxHDAa\n"
-				+ "BgNVBAoME1NhbWwgVGVzdGluZyBTZXJ2ZXIxCzAJBgNVBAsMAklUMSAwHgYDVQQD\n"
-				+ "DBdzaW1wbGVzYW1scGhwLmNmYXBwcy5pbzEgMB4GCSqGSIb3DQEJARYRZmhhbmlr\n"
-				+ "QHBpdm90YWwuaW8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4cn62\n"
-				+ "E1xLqpN34PmbrKBbkOXFjzWgJ9b+pXuaRft6A339uuIQeoeH5qeSKRVTl32L0gdz\n"
-				+ "2ZivLwZXW+cqvftVW1tvEHvzJFyxeTW3fCUeCQsebLnA2qRa07RkxTo6Nf244mWW\n"
-				+ "RDodcoHEfDUSbxfTZ6IExSojSIU2RnD6WllYWFdD1GFpBJOmQB8rAc8wJIBdHFdQ\n"
-				+ "nX8Ttl7hZ6rtgqEYMzYVMuJ2F2r1HSU1zSAvwpdYP6rRGFRJEfdA9mm3WKfNLSc5\n"
-				+ "cljz0X/TXy0vVlAV95l9qcfFzPmrkNIst9FZSwpvB49LyAVke04FQPPwLgVH4gph\n"
-				+ "iJH3jvZ7I+J5lS8VAgMBAAGjUDBOMB0GA1UdDgQWBBTTyP6Cc5HlBJ5+ucVCwGc5\n"
-				+ "ogKNGzAfBgNVHSMEGDAWgBTTyP6Cc5HlBJ5+ucVCwGc5ogKNGzAMBgNVHRMEBTAD\n"
-				+ "AQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAvMS4EQeP/ipV4jOG5lO6/tYCb/iJeAduO\n"
-				+ "nRhkJk0DbX329lDLZhTTL/x/w/9muCVcvLrzEp6PN+VWfw5E5FWtZN0yhGtP9R+v\n"
-				+ "ZnrV+oc2zGD+no1/ySFOe3EiJCO5dehxKjYEmBRv5sU/LZFKZpozKN/BMEa6CqLu\n"
-				+ "xbzb7ykxVr7EVFXwltPxzE9TmL9OACNNyF5eJHWMRMllarUvkcXlh4pux4ks9e6z\n"
-				+ "V9DQBy2zds9f1I3qxg0eX6JnGrXi/ZiCT+lJgVe3ZFXiejiLAiKB04sXW3ti0LW3\n"
-				+ "lx13Y1YlQ4/tlpgTgfIJxKV6nyPiLoK0nywbMd+vpAirDt2Oc+hk\n"
-				+ "-----END CERTIFICATE-----\n");
+	private static X509Certificate idpCertificate() {
+		return certificate(
+				"-----BEGIN CERTIFICATE-----\n" + "MIIEEzCCAvugAwIBAgIJAIc1qzLrv+5nMA0GCSqGSIb3DQEBCwUAMIGfMQswCQYD\n"
+						+ "VQQGEwJVUzELMAkGA1UECAwCQ08xFDASBgNVBAcMC0Nhc3RsZSBSb2NrMRwwGgYD\n"
+						+ "VQQKDBNTYW1sIFRlc3RpbmcgU2VydmVyMQswCQYDVQQLDAJJVDEgMB4GA1UEAwwX\n"
+						+ "c2ltcGxlc2FtbHBocC5jZmFwcHMuaW8xIDAeBgkqhkiG9w0BCQEWEWZoYW5pa0Bw\n"
+						+ "aXZvdGFsLmlvMB4XDTE1MDIyMzIyNDUwM1oXDTI1MDIyMjIyNDUwM1owgZ8xCzAJ\n"
+						+ "BgNVBAYTAlVTMQswCQYDVQQIDAJDTzEUMBIGA1UEBwwLQ2FzdGxlIFJvY2sxHDAa\n"
+						+ "BgNVBAoME1NhbWwgVGVzdGluZyBTZXJ2ZXIxCzAJBgNVBAsMAklUMSAwHgYDVQQD\n"
+						+ "DBdzaW1wbGVzYW1scGhwLmNmYXBwcy5pbzEgMB4GCSqGSIb3DQEJARYRZmhhbmlr\n"
+						+ "QHBpdm90YWwuaW8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4cn62\n"
+						+ "E1xLqpN34PmbrKBbkOXFjzWgJ9b+pXuaRft6A339uuIQeoeH5qeSKRVTl32L0gdz\n"
+						+ "2ZivLwZXW+cqvftVW1tvEHvzJFyxeTW3fCUeCQsebLnA2qRa07RkxTo6Nf244mWW\n"
+						+ "RDodcoHEfDUSbxfTZ6IExSojSIU2RnD6WllYWFdD1GFpBJOmQB8rAc8wJIBdHFdQ\n"
+						+ "nX8Ttl7hZ6rtgqEYMzYVMuJ2F2r1HSU1zSAvwpdYP6rRGFRJEfdA9mm3WKfNLSc5\n"
+						+ "cljz0X/TXy0vVlAV95l9qcfFzPmrkNIst9FZSwpvB49LyAVke04FQPPwLgVH4gph\n"
+						+ "iJH3jvZ7I+J5lS8VAgMBAAGjUDBOMB0GA1UdDgQWBBTTyP6Cc5HlBJ5+ucVCwGc5\n"
+						+ "ogKNGzAfBgNVHSMEGDAWgBTTyP6Cc5HlBJ5+ucVCwGc5ogKNGzAMBgNVHRMEBTAD\n"
+						+ "AQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAvMS4EQeP/ipV4jOG5lO6/tYCb/iJeAduO\n"
+						+ "nRhkJk0DbX329lDLZhTTL/x/w/9muCVcvLrzEp6PN+VWfw5E5FWtZN0yhGtP9R+v\n"
+						+ "ZnrV+oc2zGD+no1/ySFOe3EiJCO5dehxKjYEmBRv5sU/LZFKZpozKN/BMEa6CqLu\n"
+						+ "xbzb7ykxVr7EVFXwltPxzE9TmL9OACNNyF5eJHWMRMllarUvkcXlh4pux4ks9e6z\n"
+						+ "V9DQBy2zds9f1I3qxg0eX6JnGrXi/ZiCT+lJgVe3ZFXiejiLAiKB04sXW3ti0LW3\n"
+						+ "lx13Y1YlQ4/tlpgTgfIJxKV6nyPiLoK0nywbMd+vpAirDt2Oc+hk\n" + "-----END CERTIFICATE-----\n");
 	}
 
-
 	private static PrivateKey idpPrivateKey() {
-		return privateKey("-----BEGIN PRIVATE KEY-----\n"
-				+ "MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC4cn62E1xLqpN3\n"
-				+ "4PmbrKBbkOXFjzWgJ9b+pXuaRft6A339uuIQeoeH5qeSKRVTl32L0gdz2ZivLwZX\n"
-				+ "W+cqvftVW1tvEHvzJFyxeTW3fCUeCQsebLnA2qRa07RkxTo6Nf244mWWRDodcoHE\n"
-				+ "fDUSbxfTZ6IExSojSIU2RnD6WllYWFdD1GFpBJOmQB8rAc8wJIBdHFdQnX8Ttl7h\n"
-				+ "Z6rtgqEYMzYVMuJ2F2r1HSU1zSAvwpdYP6rRGFRJEfdA9mm3WKfNLSc5cljz0X/T\n"
-				+ "Xy0vVlAV95l9qcfFzPmrkNIst9FZSwpvB49LyAVke04FQPPwLgVH4gphiJH3jvZ7\n"
-				+ "I+J5lS8VAgMBAAECggEBAKyxBlIS7mcp3chvq0RF7B3PHFJMMzkwE+t3pLJcs4cZ\n"
-				+ "nezh/KbREfP70QjXzk/llnZCvxeIs5vRu24vbdBm79qLHqBuHp8XfHHtuo2AfoAQ\n"
-				+ "l4h047Xc/+TKMivnPQ0jX9qqndKDLqZDf5wnbslDmlskvF0a/MjsLU0TxtOfo+dB\n"
-				+ "t55FW11cGqxZwhS5Gnr+cbw3OkHz23b9gEOt9qfwPVepeysbmm9FjU+k4yVa7rAN\n"
-				+ "xcbzVb6Y7GCITe2tgvvEHmjB9BLmWrH3mZ3Af17YU/iN6TrpPd6Sj3QoS+2wGtAe\n"
-				+ "HbUs3CKJu7bIHcj4poal6Kh8519S+erJTtqQ8M0ZiEECgYEA43hLYAPaUueFkdfh\n"
-				+ "9K/7ClH6436CUH3VdizwUXi26fdhhV/I/ot6zLfU2mgEHU22LBECWQGtAFm8kv0P\n"
-				+ "zPn+qjaR3e62l5PIlSYbnkIidzoDZ2ztu4jF5LgStlTJQPteFEGgZVl5o9DaSZOq\n"
-				+ "Yd7G3XqXuQ1VGMW58G5FYJPtA1cCgYEAz5TPUtK+R2KXHMjUwlGY9AefQYRYmyX2\n"
-				+ "Tn/OFgKvY8lpAkMrhPKONq7SMYc8E9v9G7A0dIOXvW7QOYSapNhKU+np3lUafR5F\n"
-				+ "4ZN0bxZ9qjHbn3AMYeraKjeutHvlLtbHdIc1j3sxe/EzltRsYmiqLdEBW0p6hwWg\n"
-				+ "tyGhYWVyaXMCgYAfDOKtHpmEy5nOCLwNXKBWDk7DExfSyPqEgSnk1SeS1HP5ctPK\n"
-				+ "+1st6sIhdiVpopwFc+TwJWxqKdW18tlfT5jVv1E2DEnccw3kXilS9xAhWkfwrEvf\n"
-				+ "V5I74GydewFl32o+NZ8hdo9GL1I8zO1rIq/et8dSOWGuWf9BtKu/vTGTTQKBgFxU\n"
-				+ "VjsCnbvmsEwPUAL2hE/WrBFaKocnxXx5AFNt8lEyHtDwy4Sg1nygGcIJ4sD6koQk\n"
-				+ "RdClT3LkvR04TAiSY80bN/i6ZcPNGUwSaDGZEWAIOSWbkwZijZNFnSGOEgxZX/IG\n"
-				+ "yd39766vREEMTwEeiMNEOZQ/dmxkJm4OOVe25cLdAoGACOtPnq1Fxay80UYBf4rQ\n"
-				+ "+bJ9yX1ulB8WIree1hD7OHSB2lRHxrVYWrglrTvkh63Lgx+EcsTV788OsvAVfPPz\n"
-				+ "BZrn8SdDlQqalMxUBYEFwnsYD3cQ8yOUnijFVC4xNcdDv8OIqVgSk4KKxU5AshaA\n" + "xk6Mox+u8Cc2eAK12H13i+8=\n"
-				+ "-----END PRIVATE KEY-----\n");
+		return privateKey(
+				"-----BEGIN PRIVATE KEY-----\n" + "MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC4cn62E1xLqpN3\n"
+						+ "4PmbrKBbkOXFjzWgJ9b+pXuaRft6A339uuIQeoeH5qeSKRVTl32L0gdz2ZivLwZX\n"
+						+ "W+cqvftVW1tvEHvzJFyxeTW3fCUeCQsebLnA2qRa07RkxTo6Nf244mWWRDodcoHE\n"
+						+ "fDUSbxfTZ6IExSojSIU2RnD6WllYWFdD1GFpBJOmQB8rAc8wJIBdHFdQnX8Ttl7h\n"
+						+ "Z6rtgqEYMzYVMuJ2F2r1HSU1zSAvwpdYP6rRGFRJEfdA9mm3WKfNLSc5cljz0X/T\n"
+						+ "Xy0vVlAV95l9qcfFzPmrkNIst9FZSwpvB49LyAVke04FQPPwLgVH4gphiJH3jvZ7\n"
+						+ "I+J5lS8VAgMBAAECggEBAKyxBlIS7mcp3chvq0RF7B3PHFJMMzkwE+t3pLJcs4cZ\n"
+						+ "nezh/KbREfP70QjXzk/llnZCvxeIs5vRu24vbdBm79qLHqBuHp8XfHHtuo2AfoAQ\n"
+						+ "l4h047Xc/+TKMivnPQ0jX9qqndKDLqZDf5wnbslDmlskvF0a/MjsLU0TxtOfo+dB\n"
+						+ "t55FW11cGqxZwhS5Gnr+cbw3OkHz23b9gEOt9qfwPVepeysbmm9FjU+k4yVa7rAN\n"
+						+ "xcbzVb6Y7GCITe2tgvvEHmjB9BLmWrH3mZ3Af17YU/iN6TrpPd6Sj3QoS+2wGtAe\n"
+						+ "HbUs3CKJu7bIHcj4poal6Kh8519S+erJTtqQ8M0ZiEECgYEA43hLYAPaUueFkdfh\n"
+						+ "9K/7ClH6436CUH3VdizwUXi26fdhhV/I/ot6zLfU2mgEHU22LBECWQGtAFm8kv0P\n"
+						+ "zPn+qjaR3e62l5PIlSYbnkIidzoDZ2ztu4jF5LgStlTJQPteFEGgZVl5o9DaSZOq\n"
+						+ "Yd7G3XqXuQ1VGMW58G5FYJPtA1cCgYEAz5TPUtK+R2KXHMjUwlGY9AefQYRYmyX2\n"
+						+ "Tn/OFgKvY8lpAkMrhPKONq7SMYc8E9v9G7A0dIOXvW7QOYSapNhKU+np3lUafR5F\n"
+						+ "4ZN0bxZ9qjHbn3AMYeraKjeutHvlLtbHdIc1j3sxe/EzltRsYmiqLdEBW0p6hwWg\n"
+						+ "tyGhYWVyaXMCgYAfDOKtHpmEy5nOCLwNXKBWDk7DExfSyPqEgSnk1SeS1HP5ctPK\n"
+						+ "+1st6sIhdiVpopwFc+TwJWxqKdW18tlfT5jVv1E2DEnccw3kXilS9xAhWkfwrEvf\n"
+						+ "V5I74GydewFl32o+NZ8hdo9GL1I8zO1rIq/et8dSOWGuWf9BtKu/vTGTTQKBgFxU\n"
+						+ "VjsCnbvmsEwPUAL2hE/WrBFaKocnxXx5AFNt8lEyHtDwy4Sg1nygGcIJ4sD6koQk\n"
+						+ "RdClT3LkvR04TAiSY80bN/i6ZcPNGUwSaDGZEWAIOSWbkwZijZNFnSGOEgxZX/IG\n"
+						+ "yd39766vREEMTwEeiMNEOZQ/dmxkJm4OOVe25cLdAoGACOtPnq1Fxay80UYBf4rQ\n"
+						+ "+bJ9yX1ulB8WIree1hD7OHSB2lRHxrVYWrglrTvkh63Lgx+EcsTV788OsvAVfPPz\n"
+						+ "BZrn8SdDlQqalMxUBYEFwnsYD3cQ8yOUnijFVC4xNcdDv8OIqVgSk4KKxU5AshaA\n"
+						+ "xk6Mox+u8Cc2eAK12H13i+8=\n" + "-----END PRIVATE KEY-----\n");
 	}
 
 	private static X509Certificate spCertificate() {
 
-		return certificate("-----BEGIN CERTIFICATE-----\n" +
-				"MIICgTCCAeoCCQCuVzyqFgMSyDANBgkqhkiG9w0BAQsFADCBhDELMAkGA1UEBhMC\n" +
-				"VVMxEzARBgNVBAgMCldhc2hpbmd0b24xEjAQBgNVBAcMCVZhbmNvdXZlcjEdMBsG\n" +
-				"A1UECgwUU3ByaW5nIFNlY3VyaXR5IFNBTUwxCzAJBgNVBAsMAnNwMSAwHgYDVQQD\n" +
-				"DBdzcC5zcHJpbmcuc2VjdXJpdHkuc2FtbDAeFw0xODA1MTQxNDMwNDRaFw0yODA1\n" +
-				"MTExNDMwNDRaMIGEMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjES\n" +
-				"MBAGA1UEBwwJVmFuY291dmVyMR0wGwYDVQQKDBRTcHJpbmcgU2VjdXJpdHkgU0FN\n" +
-				"TDELMAkGA1UECwwCc3AxIDAeBgNVBAMMF3NwLnNwcmluZy5zZWN1cml0eS5zYW1s\n" +
-				"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDRu7/EI0BlNzMEBFVAcbx+lLos\n" +
-				"vzIWU+01dGTY8gBdhMQNYKZ92lMceo2CuVJ66cUURPym3i7nGGzoSnAxAre+0YIM\n" +
-				"+U0razrWtAUE735bkcqELZkOTZLelaoOztmWqRbe5OuEmpewH7cx+kNgcVjdctOG\n" +
-				"y3Q6x+I4qakY/9qhBQIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAAeViTvHOyQopWEi\n" +
-				"XOfI2Z9eukwrSknDwq/zscR0YxwwqDBMt/QdAODfSwAfnciiYLkmEjlozWRtOeN+\n" +
-				"qK7UFgP1bRl5qksrYX5S0z2iGJh0GvonLUt3e20Ssfl5tTEDDnAEUMLfBkyaxEHD\n" +
-				"RZ/nbTJ7VTeZOSyRoVn5XHhpuJ0B\n" +
-				"-----END CERTIFICATE-----");
+		return certificate(
+				"-----BEGIN CERTIFICATE-----\n" + "MIICgTCCAeoCCQCuVzyqFgMSyDANBgkqhkiG9w0BAQsFADCBhDELMAkGA1UEBhMC\n"
+						+ "VVMxEzARBgNVBAgMCldhc2hpbmd0b24xEjAQBgNVBAcMCVZhbmNvdXZlcjEdMBsG\n"
+						+ "A1UECgwUU3ByaW5nIFNlY3VyaXR5IFNBTUwxCzAJBgNVBAsMAnNwMSAwHgYDVQQD\n"
+						+ "DBdzcC5zcHJpbmcuc2VjdXJpdHkuc2FtbDAeFw0xODA1MTQxNDMwNDRaFw0yODA1\n"
+						+ "MTExNDMwNDRaMIGEMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjES\n"
+						+ "MBAGA1UEBwwJVmFuY291dmVyMR0wGwYDVQQKDBRTcHJpbmcgU2VjdXJpdHkgU0FN\n"
+						+ "TDELMAkGA1UECwwCc3AxIDAeBgNVBAMMF3NwLnNwcmluZy5zZWN1cml0eS5zYW1s\n"
+						+ "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDRu7/EI0BlNzMEBFVAcbx+lLos\n"
+						+ "vzIWU+01dGTY8gBdhMQNYKZ92lMceo2CuVJ66cUURPym3i7nGGzoSnAxAre+0YIM\n"
+						+ "+U0razrWtAUE735bkcqELZkOTZLelaoOztmWqRbe5OuEmpewH7cx+kNgcVjdctOG\n"
+						+ "y3Q6x+I4qakY/9qhBQIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAAeViTvHOyQopWEi\n"
+						+ "XOfI2Z9eukwrSknDwq/zscR0YxwwqDBMt/QdAODfSwAfnciiYLkmEjlozWRtOeN+\n"
+						+ "qK7UFgP1bRl5qksrYX5S0z2iGJh0GvonLUt3e20Ssfl5tTEDDnAEUMLfBkyaxEHD\n"
+						+ "RZ/nbTJ7VTeZOSyRoVn5XHhpuJ0B\n" + "-----END CERTIFICATE-----");
 	}
 
 	private static PrivateKey spPrivateKey() {
-		return privateKey("-----BEGIN PRIVATE KEY-----\n" +
-				"MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBANG7v8QjQGU3MwQE\n" +
-				"VUBxvH6Uuiy/MhZT7TV0ZNjyAF2ExA1gpn3aUxx6jYK5UnrpxRRE/KbeLucYbOhK\n" +
-				"cDECt77Rggz5TStrOta0BQTvfluRyoQtmQ5Nkt6Vqg7O2ZapFt7k64Sal7AftzH6\n" +
-				"Q2BxWN1y04bLdDrH4jipqRj/2qEFAgMBAAECgYEAj4ExY1jjdN3iEDuOwXuRB+Nn\n" +
-				"x7pC4TgntE2huzdKvLJdGvIouTArce8A6JM5NlTBvm69mMepvAHgcsiMH1zGr5J5\n" +
-				"wJz23mGOyhM1veON41/DJTVG+cxq4soUZhdYy3bpOuXGMAaJ8QLMbQQoivllNihd\n" +
-				"vwH0rNSK8LTYWWPZYIECQQDxct+TFX1VsQ1eo41K0T4fu2rWUaxlvjUGhK6HxTmY\n" +
-				"8OMJptunGRJL1CUjIb45Uz7SP8TPz5FwhXWsLfS182kRAkEA3l+Qd9C9gdpUh1uX\n" +
-				"oPSNIxn5hFUrSTW1EwP9QH9vhwb5Vr8Jrd5ei678WYDLjUcx648RjkjhU9jSMzIx\n" +
-				"EGvYtQJBAMm/i9NR7IVyyNIgZUpz5q4LI21rl1r4gUQuD8vA36zM81i4ROeuCly0\n" +
-				"KkfdxR4PUfnKcQCX11YnHjk9uTFj75ECQEFY/gBnxDjzqyF35hAzrYIiMPQVfznt\n" +
-				"YX/sDTE2AdVBVGaMj1Cb51bPHnNC6Q5kXKQnj/YrLqRQND09Q7ParX0CQQC5NxZr\n" +
-				"9jKqhHj8yQD6PlXTsY4Occ7DH6/IoDenfdEVD5qlet0zmd50HatN2Jiqm5ubN7CM\n" +
-				"INrtuLp4YHbgk1mi\n" +
-				"-----END PRIVATE KEY-----");
+		return privateKey(
+				"-----BEGIN PRIVATE KEY-----\n" + "MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBANG7v8QjQGU3MwQE\n"
+						+ "VUBxvH6Uuiy/MhZT7TV0ZNjyAF2ExA1gpn3aUxx6jYK5UnrpxRRE/KbeLucYbOhK\n"
+						+ "cDECt77Rggz5TStrOta0BQTvfluRyoQtmQ5Nkt6Vqg7O2ZapFt7k64Sal7AftzH6\n"
+						+ "Q2BxWN1y04bLdDrH4jipqRj/2qEFAgMBAAECgYEAj4ExY1jjdN3iEDuOwXuRB+Nn\n"
+						+ "x7pC4TgntE2huzdKvLJdGvIouTArce8A6JM5NlTBvm69mMepvAHgcsiMH1zGr5J5\n"
+						+ "wJz23mGOyhM1veON41/DJTVG+cxq4soUZhdYy3bpOuXGMAaJ8QLMbQQoivllNihd\n"
+						+ "vwH0rNSK8LTYWWPZYIECQQDxct+TFX1VsQ1eo41K0T4fu2rWUaxlvjUGhK6HxTmY\n"
+						+ "8OMJptunGRJL1CUjIb45Uz7SP8TPz5FwhXWsLfS182kRAkEA3l+Qd9C9gdpUh1uX\n"
+						+ "oPSNIxn5hFUrSTW1EwP9QH9vhwb5Vr8Jrd5ei678WYDLjUcx648RjkjhU9jSMzIx\n"
+						+ "EGvYtQJBAMm/i9NR7IVyyNIgZUpz5q4LI21rl1r4gUQuD8vA36zM81i4ROeuCly0\n"
+						+ "KkfdxR4PUfnKcQCX11YnHjk9uTFj75ECQEFY/gBnxDjzqyF35hAzrYIiMPQVfznt\n"
+						+ "YX/sDTE2AdVBVGaMj1Cb51bPHnNC6Q5kXKQnj/YrLqRQND09Q7ParX0CQQC5NxZr\n"
+						+ "9jKqhHj8yQD6PlXTsY4Occ7DH6/IoDenfdEVD5qlet0zmd50HatN2Jiqm5ubN7CM\n" + "INrtuLp4YHbgk1mi\n"
+						+ "-----END PRIVATE KEY-----");
 	}
 
 }
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/credentials/Saml2X509CredentialTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/credentials/Saml2X509CredentialTests.java
index 292619040d..db58fd8f5a 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/credentials/Saml2X509CredentialTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/credentials/Saml2X509CredentialTests.java
@@ -40,45 +40,45 @@ public class Saml2X509CredentialTests {
 	public ExpectedException exception = ExpectedException.none();
 
 	private Saml2X509Credential credential;
+
 	private PrivateKey key;
+
 	private X509Certificate certificate;
 
 	@Before
 	public void setup() throws Exception {
-		String keyData = "-----BEGIN PRIVATE KEY-----\n" +
-				"MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBANG7v8QjQGU3MwQE\n" +
-				"VUBxvH6Uuiy/MhZT7TV0ZNjyAF2ExA1gpn3aUxx6jYK5UnrpxRRE/KbeLucYbOhK\n" +
-				"cDECt77Rggz5TStrOta0BQTvfluRyoQtmQ5Nkt6Vqg7O2ZapFt7k64Sal7AftzH6\n" +
-				"Q2BxWN1y04bLdDrH4jipqRj/2qEFAgMBAAECgYEAj4ExY1jjdN3iEDuOwXuRB+Nn\n" +
-				"x7pC4TgntE2huzdKvLJdGvIouTArce8A6JM5NlTBvm69mMepvAHgcsiMH1zGr5J5\n" +
-				"wJz23mGOyhM1veON41/DJTVG+cxq4soUZhdYy3bpOuXGMAaJ8QLMbQQoivllNihd\n" +
-				"vwH0rNSK8LTYWWPZYIECQQDxct+TFX1VsQ1eo41K0T4fu2rWUaxlvjUGhK6HxTmY\n" +
-				"8OMJptunGRJL1CUjIb45Uz7SP8TPz5FwhXWsLfS182kRAkEA3l+Qd9C9gdpUh1uX\n" +
-				"oPSNIxn5hFUrSTW1EwP9QH9vhwb5Vr8Jrd5ei678WYDLjUcx648RjkjhU9jSMzIx\n" +
-				"EGvYtQJBAMm/i9NR7IVyyNIgZUpz5q4LI21rl1r4gUQuD8vA36zM81i4ROeuCly0\n" +
-				"KkfdxR4PUfnKcQCX11YnHjk9uTFj75ECQEFY/gBnxDjzqyF35hAzrYIiMPQVfznt\n" +
-				"YX/sDTE2AdVBVGaMj1Cb51bPHnNC6Q5kXKQnj/YrLqRQND09Q7ParX0CQQC5NxZr\n" +
-				"9jKqhHj8yQD6PlXTsY4Occ7DH6/IoDenfdEVD5qlet0zmd50HatN2Jiqm5ubN7CM\n" +
-				"INrtuLp4YHbgk1mi\n" +
-				"-----END PRIVATE KEY-----";
+		String keyData = "-----BEGIN PRIVATE KEY-----\n"
+				+ "MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBANG7v8QjQGU3MwQE\n"
+				+ "VUBxvH6Uuiy/MhZT7TV0ZNjyAF2ExA1gpn3aUxx6jYK5UnrpxRRE/KbeLucYbOhK\n"
+				+ "cDECt77Rggz5TStrOta0BQTvfluRyoQtmQ5Nkt6Vqg7O2ZapFt7k64Sal7AftzH6\n"
+				+ "Q2BxWN1y04bLdDrH4jipqRj/2qEFAgMBAAECgYEAj4ExY1jjdN3iEDuOwXuRB+Nn\n"
+				+ "x7pC4TgntE2huzdKvLJdGvIouTArce8A6JM5NlTBvm69mMepvAHgcsiMH1zGr5J5\n"
+				+ "wJz23mGOyhM1veON41/DJTVG+cxq4soUZhdYy3bpOuXGMAaJ8QLMbQQoivllNihd\n"
+				+ "vwH0rNSK8LTYWWPZYIECQQDxct+TFX1VsQ1eo41K0T4fu2rWUaxlvjUGhK6HxTmY\n"
+				+ "8OMJptunGRJL1CUjIb45Uz7SP8TPz5FwhXWsLfS182kRAkEA3l+Qd9C9gdpUh1uX\n"
+				+ "oPSNIxn5hFUrSTW1EwP9QH9vhwb5Vr8Jrd5ei678WYDLjUcx648RjkjhU9jSMzIx\n"
+				+ "EGvYtQJBAMm/i9NR7IVyyNIgZUpz5q4LI21rl1r4gUQuD8vA36zM81i4ROeuCly0\n"
+				+ "KkfdxR4PUfnKcQCX11YnHjk9uTFj75ECQEFY/gBnxDjzqyF35hAzrYIiMPQVfznt\n"
+				+ "YX/sDTE2AdVBVGaMj1Cb51bPHnNC6Q5kXKQnj/YrLqRQND09Q7ParX0CQQC5NxZr\n"
+				+ "9jKqhHj8yQD6PlXTsY4Occ7DH6/IoDenfdEVD5qlet0zmd50HatN2Jiqm5ubN7CM\n" + "INrtuLp4YHbgk1mi\n"
+				+ "-----END PRIVATE KEY-----";
 		key = RsaKeyConverters.pkcs8().convert(new ByteArrayInputStream(keyData.getBytes(UTF_8)));
 		final CertificateFactory factory = CertificateFactory.getInstance("X.509");
-		String certificateData = "-----BEGIN CERTIFICATE-----\n" +
-				"MIICgTCCAeoCCQCuVzyqFgMSyDANBgkqhkiG9w0BAQsFADCBhDELMAkGA1UEBhMC\n" +
-				"VVMxEzARBgNVBAgMCldhc2hpbmd0b24xEjAQBgNVBAcMCVZhbmNvdXZlcjEdMBsG\n" +
-				"A1UECgwUU3ByaW5nIFNlY3VyaXR5IFNBTUwxCzAJBgNVBAsMAnNwMSAwHgYDVQQD\n" +
-				"DBdzcC5zcHJpbmcuc2VjdXJpdHkuc2FtbDAeFw0xODA1MTQxNDMwNDRaFw0yODA1\n" +
-				"MTExNDMwNDRaMIGEMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjES\n" +
-				"MBAGA1UEBwwJVmFuY291dmVyMR0wGwYDVQQKDBRTcHJpbmcgU2VjdXJpdHkgU0FN\n" +
-				"TDELMAkGA1UECwwCc3AxIDAeBgNVBAMMF3NwLnNwcmluZy5zZWN1cml0eS5zYW1s\n" +
-				"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDRu7/EI0BlNzMEBFVAcbx+lLos\n" +
-				"vzIWU+01dGTY8gBdhMQNYKZ92lMceo2CuVJ66cUURPym3i7nGGzoSnAxAre+0YIM\n" +
-				"+U0razrWtAUE735bkcqELZkOTZLelaoOztmWqRbe5OuEmpewH7cx+kNgcVjdctOG\n" +
-				"y3Q6x+I4qakY/9qhBQIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAAeViTvHOyQopWEi\n" +
-				"XOfI2Z9eukwrSknDwq/zscR0YxwwqDBMt/QdAODfSwAfnciiYLkmEjlozWRtOeN+\n" +
-				"qK7UFgP1bRl5qksrYX5S0z2iGJh0GvonLUt3e20Ssfl5tTEDDnAEUMLfBkyaxEHD\n" +
-				"RZ/nbTJ7VTeZOSyRoVn5XHhpuJ0B\n" +
-				"-----END CERTIFICATE-----";
+		String certificateData = "-----BEGIN CERTIFICATE-----\n"
+				+ "MIICgTCCAeoCCQCuVzyqFgMSyDANBgkqhkiG9w0BAQsFADCBhDELMAkGA1UEBhMC\n"
+				+ "VVMxEzARBgNVBAgMCldhc2hpbmd0b24xEjAQBgNVBAcMCVZhbmNvdXZlcjEdMBsG\n"
+				+ "A1UECgwUU3ByaW5nIFNlY3VyaXR5IFNBTUwxCzAJBgNVBAsMAnNwMSAwHgYDVQQD\n"
+				+ "DBdzcC5zcHJpbmcuc2VjdXJpdHkuc2FtbDAeFw0xODA1MTQxNDMwNDRaFw0yODA1\n"
+				+ "MTExNDMwNDRaMIGEMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjES\n"
+				+ "MBAGA1UEBwwJVmFuY291dmVyMR0wGwYDVQQKDBRTcHJpbmcgU2VjdXJpdHkgU0FN\n"
+				+ "TDELMAkGA1UECwwCc3AxIDAeBgNVBAMMF3NwLnNwcmluZy5zZWN1cml0eS5zYW1s\n"
+				+ "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDRu7/EI0BlNzMEBFVAcbx+lLos\n"
+				+ "vzIWU+01dGTY8gBdhMQNYKZ92lMceo2CuVJ66cUURPym3i7nGGzoSnAxAre+0YIM\n"
+				+ "+U0razrWtAUE735bkcqELZkOTZLelaoOztmWqRbe5OuEmpewH7cx+kNgcVjdctOG\n"
+				+ "y3Q6x+I4qakY/9qhBQIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAAeViTvHOyQopWEi\n"
+				+ "XOfI2Z9eukwrSknDwq/zscR0YxwwqDBMt/QdAODfSwAfnciiYLkmEjlozWRtOeN+\n"
+				+ "qK7UFgP1bRl5qksrYX5S0z2iGJh0GvonLUt3e20Ssfl5tTEDDnAEUMLfBkyaxEHD\n"
+				+ "RZ/nbTJ7VTeZOSyRoVn5XHhpuJ0B\n" + "-----END CERTIFICATE-----";
 		certificate = (X509Certificate) factory
 				.generateCertificate(new ByteArrayInputStream(certificateData.getBytes(UTF_8)));
 	}
@@ -145,5 +145,4 @@ public class Saml2X509CredentialTests {
 		new Saml2X509Credential(certificate, DECRYPTION);
 	}
 
-
 }
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/credentials/TestSaml2X509Credentials.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/credentials/TestSaml2X509Credentials.java
index 001e864f89..90fdd0fae5 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/credentials/TestSaml2X509Credentials.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/credentials/TestSaml2X509Credentials.java
@@ -34,6 +34,7 @@ import static org.springframework.security.saml2.credentials.Saml2X509Credential
 import static org.springframework.security.saml2.credentials.Saml2X509Credential.Saml2X509CredentialType.VERIFICATION;
 
 public final class TestSaml2X509Credentials {
+
 	public static Saml2X509Credential assertingPartySigningCredential() {
 		return new Saml2X509Credential(idpPrivateKey(), idpCertificate(), SIGNING);
 	}
@@ -61,9 +62,7 @@ public final class TestSaml2X509Credentials {
 	private static X509Certificate certificate(String cert) {
 		ByteArrayInputStream certBytes = new ByteArrayInputStream(cert.getBytes());
 		try {
-			return (X509Certificate) CertificateFactory
-					.getInstance("X.509")
-					.generateCertificate(certBytes);
+			return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(certBytes);
 		}
 		catch (CertificateException e) {
 			throw new Saml2Exception(e);
@@ -79,101 +78,97 @@ public final class TestSaml2X509Credentials {
 		}
 	}
 
-	private static X509Certificate idpCertificate()  {
-		return certificate("-----BEGIN CERTIFICATE-----\n"
-				+ "MIIEEzCCAvugAwIBAgIJAIc1qzLrv+5nMA0GCSqGSIb3DQEBCwUAMIGfMQswCQYD\n"
-				+ "VQQGEwJVUzELMAkGA1UECAwCQ08xFDASBgNVBAcMC0Nhc3RsZSBSb2NrMRwwGgYD\n"
-				+ "VQQKDBNTYW1sIFRlc3RpbmcgU2VydmVyMQswCQYDVQQLDAJJVDEgMB4GA1UEAwwX\n"
-				+ "c2ltcGxlc2FtbHBocC5jZmFwcHMuaW8xIDAeBgkqhkiG9w0BCQEWEWZoYW5pa0Bw\n"
-				+ "aXZvdGFsLmlvMB4XDTE1MDIyMzIyNDUwM1oXDTI1MDIyMjIyNDUwM1owgZ8xCzAJ\n"
-				+ "BgNVBAYTAlVTMQswCQYDVQQIDAJDTzEUMBIGA1UEBwwLQ2FzdGxlIFJvY2sxHDAa\n"
-				+ "BgNVBAoME1NhbWwgVGVzdGluZyBTZXJ2ZXIxCzAJBgNVBAsMAklUMSAwHgYDVQQD\n"
-				+ "DBdzaW1wbGVzYW1scGhwLmNmYXBwcy5pbzEgMB4GCSqGSIb3DQEJARYRZmhhbmlr\n"
-				+ "QHBpdm90YWwuaW8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4cn62\n"
-				+ "E1xLqpN34PmbrKBbkOXFjzWgJ9b+pXuaRft6A339uuIQeoeH5qeSKRVTl32L0gdz\n"
-				+ "2ZivLwZXW+cqvftVW1tvEHvzJFyxeTW3fCUeCQsebLnA2qRa07RkxTo6Nf244mWW\n"
-				+ "RDodcoHEfDUSbxfTZ6IExSojSIU2RnD6WllYWFdD1GFpBJOmQB8rAc8wJIBdHFdQ\n"
-				+ "nX8Ttl7hZ6rtgqEYMzYVMuJ2F2r1HSU1zSAvwpdYP6rRGFRJEfdA9mm3WKfNLSc5\n"
-				+ "cljz0X/TXy0vVlAV95l9qcfFzPmrkNIst9FZSwpvB49LyAVke04FQPPwLgVH4gph\n"
-				+ "iJH3jvZ7I+J5lS8VAgMBAAGjUDBOMB0GA1UdDgQWBBTTyP6Cc5HlBJ5+ucVCwGc5\n"
-				+ "ogKNGzAfBgNVHSMEGDAWgBTTyP6Cc5HlBJ5+ucVCwGc5ogKNGzAMBgNVHRMEBTAD\n"
-				+ "AQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAvMS4EQeP/ipV4jOG5lO6/tYCb/iJeAduO\n"
-				+ "nRhkJk0DbX329lDLZhTTL/x/w/9muCVcvLrzEp6PN+VWfw5E5FWtZN0yhGtP9R+v\n"
-				+ "ZnrV+oc2zGD+no1/ySFOe3EiJCO5dehxKjYEmBRv5sU/LZFKZpozKN/BMEa6CqLu\n"
-				+ "xbzb7ykxVr7EVFXwltPxzE9TmL9OACNNyF5eJHWMRMllarUvkcXlh4pux4ks9e6z\n"
-				+ "V9DQBy2zds9f1I3qxg0eX6JnGrXi/ZiCT+lJgVe3ZFXiejiLAiKB04sXW3ti0LW3\n"
-				+ "lx13Y1YlQ4/tlpgTgfIJxKV6nyPiLoK0nywbMd+vpAirDt2Oc+hk\n"
-				+ "-----END CERTIFICATE-----\n");
+	private static X509Certificate idpCertificate() {
+		return certificate(
+				"-----BEGIN CERTIFICATE-----\n" + "MIIEEzCCAvugAwIBAgIJAIc1qzLrv+5nMA0GCSqGSIb3DQEBCwUAMIGfMQswCQYD\n"
+						+ "VQQGEwJVUzELMAkGA1UECAwCQ08xFDASBgNVBAcMC0Nhc3RsZSBSb2NrMRwwGgYD\n"
+						+ "VQQKDBNTYW1sIFRlc3RpbmcgU2VydmVyMQswCQYDVQQLDAJJVDEgMB4GA1UEAwwX\n"
+						+ "c2ltcGxlc2FtbHBocC5jZmFwcHMuaW8xIDAeBgkqhkiG9w0BCQEWEWZoYW5pa0Bw\n"
+						+ "aXZvdGFsLmlvMB4XDTE1MDIyMzIyNDUwM1oXDTI1MDIyMjIyNDUwM1owgZ8xCzAJ\n"
+						+ "BgNVBAYTAlVTMQswCQYDVQQIDAJDTzEUMBIGA1UEBwwLQ2FzdGxlIFJvY2sxHDAa\n"
+						+ "BgNVBAoME1NhbWwgVGVzdGluZyBTZXJ2ZXIxCzAJBgNVBAsMAklUMSAwHgYDVQQD\n"
+						+ "DBdzaW1wbGVzYW1scGhwLmNmYXBwcy5pbzEgMB4GCSqGSIb3DQEJARYRZmhhbmlr\n"
+						+ "QHBpdm90YWwuaW8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4cn62\n"
+						+ "E1xLqpN34PmbrKBbkOXFjzWgJ9b+pXuaRft6A339uuIQeoeH5qeSKRVTl32L0gdz\n"
+						+ "2ZivLwZXW+cqvftVW1tvEHvzJFyxeTW3fCUeCQsebLnA2qRa07RkxTo6Nf244mWW\n"
+						+ "RDodcoHEfDUSbxfTZ6IExSojSIU2RnD6WllYWFdD1GFpBJOmQB8rAc8wJIBdHFdQ\n"
+						+ "nX8Ttl7hZ6rtgqEYMzYVMuJ2F2r1HSU1zSAvwpdYP6rRGFRJEfdA9mm3WKfNLSc5\n"
+						+ "cljz0X/TXy0vVlAV95l9qcfFzPmrkNIst9FZSwpvB49LyAVke04FQPPwLgVH4gph\n"
+						+ "iJH3jvZ7I+J5lS8VAgMBAAGjUDBOMB0GA1UdDgQWBBTTyP6Cc5HlBJ5+ucVCwGc5\n"
+						+ "ogKNGzAfBgNVHSMEGDAWgBTTyP6Cc5HlBJ5+ucVCwGc5ogKNGzAMBgNVHRMEBTAD\n"
+						+ "AQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAvMS4EQeP/ipV4jOG5lO6/tYCb/iJeAduO\n"
+						+ "nRhkJk0DbX329lDLZhTTL/x/w/9muCVcvLrzEp6PN+VWfw5E5FWtZN0yhGtP9R+v\n"
+						+ "ZnrV+oc2zGD+no1/ySFOe3EiJCO5dehxKjYEmBRv5sU/LZFKZpozKN/BMEa6CqLu\n"
+						+ "xbzb7ykxVr7EVFXwltPxzE9TmL9OACNNyF5eJHWMRMllarUvkcXlh4pux4ks9e6z\n"
+						+ "V9DQBy2zds9f1I3qxg0eX6JnGrXi/ZiCT+lJgVe3ZFXiejiLAiKB04sXW3ti0LW3\n"
+						+ "lx13Y1YlQ4/tlpgTgfIJxKV6nyPiLoK0nywbMd+vpAirDt2Oc+hk\n" + "-----END CERTIFICATE-----\n");
 	}
 
-
 	private static PrivateKey idpPrivateKey() {
-		return privateKey("-----BEGIN PRIVATE KEY-----\n"
-				+ "MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC4cn62E1xLqpN3\n"
-				+ "4PmbrKBbkOXFjzWgJ9b+pXuaRft6A339uuIQeoeH5qeSKRVTl32L0gdz2ZivLwZX\n"
-				+ "W+cqvftVW1tvEHvzJFyxeTW3fCUeCQsebLnA2qRa07RkxTo6Nf244mWWRDodcoHE\n"
-				+ "fDUSbxfTZ6IExSojSIU2RnD6WllYWFdD1GFpBJOmQB8rAc8wJIBdHFdQnX8Ttl7h\n"
-				+ "Z6rtgqEYMzYVMuJ2F2r1HSU1zSAvwpdYP6rRGFRJEfdA9mm3WKfNLSc5cljz0X/T\n"
-				+ "Xy0vVlAV95l9qcfFzPmrkNIst9FZSwpvB49LyAVke04FQPPwLgVH4gphiJH3jvZ7\n"
-				+ "I+J5lS8VAgMBAAECggEBAKyxBlIS7mcp3chvq0RF7B3PHFJMMzkwE+t3pLJcs4cZ\n"
-				+ "nezh/KbREfP70QjXzk/llnZCvxeIs5vRu24vbdBm79qLHqBuHp8XfHHtuo2AfoAQ\n"
-				+ "l4h047Xc/+TKMivnPQ0jX9qqndKDLqZDf5wnbslDmlskvF0a/MjsLU0TxtOfo+dB\n"
-				+ "t55FW11cGqxZwhS5Gnr+cbw3OkHz23b9gEOt9qfwPVepeysbmm9FjU+k4yVa7rAN\n"
-				+ "xcbzVb6Y7GCITe2tgvvEHmjB9BLmWrH3mZ3Af17YU/iN6TrpPd6Sj3QoS+2wGtAe\n"
-				+ "HbUs3CKJu7bIHcj4poal6Kh8519S+erJTtqQ8M0ZiEECgYEA43hLYAPaUueFkdfh\n"
-				+ "9K/7ClH6436CUH3VdizwUXi26fdhhV/I/ot6zLfU2mgEHU22LBECWQGtAFm8kv0P\n"
-				+ "zPn+qjaR3e62l5PIlSYbnkIidzoDZ2ztu4jF5LgStlTJQPteFEGgZVl5o9DaSZOq\n"
-				+ "Yd7G3XqXuQ1VGMW58G5FYJPtA1cCgYEAz5TPUtK+R2KXHMjUwlGY9AefQYRYmyX2\n"
-				+ "Tn/OFgKvY8lpAkMrhPKONq7SMYc8E9v9G7A0dIOXvW7QOYSapNhKU+np3lUafR5F\n"
-				+ "4ZN0bxZ9qjHbn3AMYeraKjeutHvlLtbHdIc1j3sxe/EzltRsYmiqLdEBW0p6hwWg\n"
-				+ "tyGhYWVyaXMCgYAfDOKtHpmEy5nOCLwNXKBWDk7DExfSyPqEgSnk1SeS1HP5ctPK\n"
-				+ "+1st6sIhdiVpopwFc+TwJWxqKdW18tlfT5jVv1E2DEnccw3kXilS9xAhWkfwrEvf\n"
-				+ "V5I74GydewFl32o+NZ8hdo9GL1I8zO1rIq/et8dSOWGuWf9BtKu/vTGTTQKBgFxU\n"
-				+ "VjsCnbvmsEwPUAL2hE/WrBFaKocnxXx5AFNt8lEyHtDwy4Sg1nygGcIJ4sD6koQk\n"
-				+ "RdClT3LkvR04TAiSY80bN/i6ZcPNGUwSaDGZEWAIOSWbkwZijZNFnSGOEgxZX/IG\n"
-				+ "yd39766vREEMTwEeiMNEOZQ/dmxkJm4OOVe25cLdAoGACOtPnq1Fxay80UYBf4rQ\n"
-				+ "+bJ9yX1ulB8WIree1hD7OHSB2lRHxrVYWrglrTvkh63Lgx+EcsTV788OsvAVfPPz\n"
-				+ "BZrn8SdDlQqalMxUBYEFwnsYD3cQ8yOUnijFVC4xNcdDv8OIqVgSk4KKxU5AshaA\n" + "xk6Mox+u8Cc2eAK12H13i+8=\n"
-				+ "-----END PRIVATE KEY-----\n");
+		return privateKey(
+				"-----BEGIN PRIVATE KEY-----\n" + "MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC4cn62E1xLqpN3\n"
+						+ "4PmbrKBbkOXFjzWgJ9b+pXuaRft6A339uuIQeoeH5qeSKRVTl32L0gdz2ZivLwZX\n"
+						+ "W+cqvftVW1tvEHvzJFyxeTW3fCUeCQsebLnA2qRa07RkxTo6Nf244mWWRDodcoHE\n"
+						+ "fDUSbxfTZ6IExSojSIU2RnD6WllYWFdD1GFpBJOmQB8rAc8wJIBdHFdQnX8Ttl7h\n"
+						+ "Z6rtgqEYMzYVMuJ2F2r1HSU1zSAvwpdYP6rRGFRJEfdA9mm3WKfNLSc5cljz0X/T\n"
+						+ "Xy0vVlAV95l9qcfFzPmrkNIst9FZSwpvB49LyAVke04FQPPwLgVH4gphiJH3jvZ7\n"
+						+ "I+J5lS8VAgMBAAECggEBAKyxBlIS7mcp3chvq0RF7B3PHFJMMzkwE+t3pLJcs4cZ\n"
+						+ "nezh/KbREfP70QjXzk/llnZCvxeIs5vRu24vbdBm79qLHqBuHp8XfHHtuo2AfoAQ\n"
+						+ "l4h047Xc/+TKMivnPQ0jX9qqndKDLqZDf5wnbslDmlskvF0a/MjsLU0TxtOfo+dB\n"
+						+ "t55FW11cGqxZwhS5Gnr+cbw3OkHz23b9gEOt9qfwPVepeysbmm9FjU+k4yVa7rAN\n"
+						+ "xcbzVb6Y7GCITe2tgvvEHmjB9BLmWrH3mZ3Af17YU/iN6TrpPd6Sj3QoS+2wGtAe\n"
+						+ "HbUs3CKJu7bIHcj4poal6Kh8519S+erJTtqQ8M0ZiEECgYEA43hLYAPaUueFkdfh\n"
+						+ "9K/7ClH6436CUH3VdizwUXi26fdhhV/I/ot6zLfU2mgEHU22LBECWQGtAFm8kv0P\n"
+						+ "zPn+qjaR3e62l5PIlSYbnkIidzoDZ2ztu4jF5LgStlTJQPteFEGgZVl5o9DaSZOq\n"
+						+ "Yd7G3XqXuQ1VGMW58G5FYJPtA1cCgYEAz5TPUtK+R2KXHMjUwlGY9AefQYRYmyX2\n"
+						+ "Tn/OFgKvY8lpAkMrhPKONq7SMYc8E9v9G7A0dIOXvW7QOYSapNhKU+np3lUafR5F\n"
+						+ "4ZN0bxZ9qjHbn3AMYeraKjeutHvlLtbHdIc1j3sxe/EzltRsYmiqLdEBW0p6hwWg\n"
+						+ "tyGhYWVyaXMCgYAfDOKtHpmEy5nOCLwNXKBWDk7DExfSyPqEgSnk1SeS1HP5ctPK\n"
+						+ "+1st6sIhdiVpopwFc+TwJWxqKdW18tlfT5jVv1E2DEnccw3kXilS9xAhWkfwrEvf\n"
+						+ "V5I74GydewFl32o+NZ8hdo9GL1I8zO1rIq/et8dSOWGuWf9BtKu/vTGTTQKBgFxU\n"
+						+ "VjsCnbvmsEwPUAL2hE/WrBFaKocnxXx5AFNt8lEyHtDwy4Sg1nygGcIJ4sD6koQk\n"
+						+ "RdClT3LkvR04TAiSY80bN/i6ZcPNGUwSaDGZEWAIOSWbkwZijZNFnSGOEgxZX/IG\n"
+						+ "yd39766vREEMTwEeiMNEOZQ/dmxkJm4OOVe25cLdAoGACOtPnq1Fxay80UYBf4rQ\n"
+						+ "+bJ9yX1ulB8WIree1hD7OHSB2lRHxrVYWrglrTvkh63Lgx+EcsTV788OsvAVfPPz\n"
+						+ "BZrn8SdDlQqalMxUBYEFwnsYD3cQ8yOUnijFVC4xNcdDv8OIqVgSk4KKxU5AshaA\n"
+						+ "xk6Mox+u8Cc2eAK12H13i+8=\n" + "-----END PRIVATE KEY-----\n");
 	}
 
 	private static X509Certificate spCertificate() {
 
-		return certificate("-----BEGIN CERTIFICATE-----\n" +
-				"MIICgTCCAeoCCQCuVzyqFgMSyDANBgkqhkiG9w0BAQsFADCBhDELMAkGA1UEBhMC\n" +
-				"VVMxEzARBgNVBAgMCldhc2hpbmd0b24xEjAQBgNVBAcMCVZhbmNvdXZlcjEdMBsG\n" +
-				"A1UECgwUU3ByaW5nIFNlY3VyaXR5IFNBTUwxCzAJBgNVBAsMAnNwMSAwHgYDVQQD\n" +
-				"DBdzcC5zcHJpbmcuc2VjdXJpdHkuc2FtbDAeFw0xODA1MTQxNDMwNDRaFw0yODA1\n" +
-				"MTExNDMwNDRaMIGEMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjES\n" +
-				"MBAGA1UEBwwJVmFuY291dmVyMR0wGwYDVQQKDBRTcHJpbmcgU2VjdXJpdHkgU0FN\n" +
-				"TDELMAkGA1UECwwCc3AxIDAeBgNVBAMMF3NwLnNwcmluZy5zZWN1cml0eS5zYW1s\n" +
-				"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDRu7/EI0BlNzMEBFVAcbx+lLos\n" +
-				"vzIWU+01dGTY8gBdhMQNYKZ92lMceo2CuVJ66cUURPym3i7nGGzoSnAxAre+0YIM\n" +
-				"+U0razrWtAUE735bkcqELZkOTZLelaoOztmWqRbe5OuEmpewH7cx+kNgcVjdctOG\n" +
-				"y3Q6x+I4qakY/9qhBQIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAAeViTvHOyQopWEi\n" +
-				"XOfI2Z9eukwrSknDwq/zscR0YxwwqDBMt/QdAODfSwAfnciiYLkmEjlozWRtOeN+\n" +
-				"qK7UFgP1bRl5qksrYX5S0z2iGJh0GvonLUt3e20Ssfl5tTEDDnAEUMLfBkyaxEHD\n" +
-				"RZ/nbTJ7VTeZOSyRoVn5XHhpuJ0B\n" +
-				"-----END CERTIFICATE-----");
+		return certificate(
+				"-----BEGIN CERTIFICATE-----\n" + "MIICgTCCAeoCCQCuVzyqFgMSyDANBgkqhkiG9w0BAQsFADCBhDELMAkGA1UEBhMC\n"
+						+ "VVMxEzARBgNVBAgMCldhc2hpbmd0b24xEjAQBgNVBAcMCVZhbmNvdXZlcjEdMBsG\n"
+						+ "A1UECgwUU3ByaW5nIFNlY3VyaXR5IFNBTUwxCzAJBgNVBAsMAnNwMSAwHgYDVQQD\n"
+						+ "DBdzcC5zcHJpbmcuc2VjdXJpdHkuc2FtbDAeFw0xODA1MTQxNDMwNDRaFw0yODA1\n"
+						+ "MTExNDMwNDRaMIGEMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjES\n"
+						+ "MBAGA1UEBwwJVmFuY291dmVyMR0wGwYDVQQKDBRTcHJpbmcgU2VjdXJpdHkgU0FN\n"
+						+ "TDELMAkGA1UECwwCc3AxIDAeBgNVBAMMF3NwLnNwcmluZy5zZWN1cml0eS5zYW1s\n"
+						+ "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDRu7/EI0BlNzMEBFVAcbx+lLos\n"
+						+ "vzIWU+01dGTY8gBdhMQNYKZ92lMceo2CuVJ66cUURPym3i7nGGzoSnAxAre+0YIM\n"
+						+ "+U0razrWtAUE735bkcqELZkOTZLelaoOztmWqRbe5OuEmpewH7cx+kNgcVjdctOG\n"
+						+ "y3Q6x+I4qakY/9qhBQIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAAeViTvHOyQopWEi\n"
+						+ "XOfI2Z9eukwrSknDwq/zscR0YxwwqDBMt/QdAODfSwAfnciiYLkmEjlozWRtOeN+\n"
+						+ "qK7UFgP1bRl5qksrYX5S0z2iGJh0GvonLUt3e20Ssfl5tTEDDnAEUMLfBkyaxEHD\n"
+						+ "RZ/nbTJ7VTeZOSyRoVn5XHhpuJ0B\n" + "-----END CERTIFICATE-----");
 	}
 
 	private static PrivateKey spPrivateKey() {
-		return privateKey("-----BEGIN PRIVATE KEY-----\n" +
-				"MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBANG7v8QjQGU3MwQE\n" +
-				"VUBxvH6Uuiy/MhZT7TV0ZNjyAF2ExA1gpn3aUxx6jYK5UnrpxRRE/KbeLucYbOhK\n" +
-				"cDECt77Rggz5TStrOta0BQTvfluRyoQtmQ5Nkt6Vqg7O2ZapFt7k64Sal7AftzH6\n" +
-				"Q2BxWN1y04bLdDrH4jipqRj/2qEFAgMBAAECgYEAj4ExY1jjdN3iEDuOwXuRB+Nn\n" +
-				"x7pC4TgntE2huzdKvLJdGvIouTArce8A6JM5NlTBvm69mMepvAHgcsiMH1zGr5J5\n" +
-				"wJz23mGOyhM1veON41/DJTVG+cxq4soUZhdYy3bpOuXGMAaJ8QLMbQQoivllNihd\n" +
-				"vwH0rNSK8LTYWWPZYIECQQDxct+TFX1VsQ1eo41K0T4fu2rWUaxlvjUGhK6HxTmY\n" +
-				"8OMJptunGRJL1CUjIb45Uz7SP8TPz5FwhXWsLfS182kRAkEA3l+Qd9C9gdpUh1uX\n" +
-				"oPSNIxn5hFUrSTW1EwP9QH9vhwb5Vr8Jrd5ei678WYDLjUcx648RjkjhU9jSMzIx\n" +
-				"EGvYtQJBAMm/i9NR7IVyyNIgZUpz5q4LI21rl1r4gUQuD8vA36zM81i4ROeuCly0\n" +
-				"KkfdxR4PUfnKcQCX11YnHjk9uTFj75ECQEFY/gBnxDjzqyF35hAzrYIiMPQVfznt\n" +
-				"YX/sDTE2AdVBVGaMj1Cb51bPHnNC6Q5kXKQnj/YrLqRQND09Q7ParX0CQQC5NxZr\n" +
-				"9jKqhHj8yQD6PlXTsY4Occ7DH6/IoDenfdEVD5qlet0zmd50HatN2Jiqm5ubN7CM\n" +
-				"INrtuLp4YHbgk1mi\n" +
-				"-----END PRIVATE KEY-----");
+		return privateKey(
+				"-----BEGIN PRIVATE KEY-----\n" + "MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBANG7v8QjQGU3MwQE\n"
+						+ "VUBxvH6Uuiy/MhZT7TV0ZNjyAF2ExA1gpn3aUxx6jYK5UnrpxRRE/KbeLucYbOhK\n"
+						+ "cDECt77Rggz5TStrOta0BQTvfluRyoQtmQ5Nkt6Vqg7O2ZapFt7k64Sal7AftzH6\n"
+						+ "Q2BxWN1y04bLdDrH4jipqRj/2qEFAgMBAAECgYEAj4ExY1jjdN3iEDuOwXuRB+Nn\n"
+						+ "x7pC4TgntE2huzdKvLJdGvIouTArce8A6JM5NlTBvm69mMepvAHgcsiMH1zGr5J5\n"
+						+ "wJz23mGOyhM1veON41/DJTVG+cxq4soUZhdYy3bpOuXGMAaJ8QLMbQQoivllNihd\n"
+						+ "vwH0rNSK8LTYWWPZYIECQQDxct+TFX1VsQ1eo41K0T4fu2rWUaxlvjUGhK6HxTmY\n"
+						+ "8OMJptunGRJL1CUjIb45Uz7SP8TPz5FwhXWsLfS182kRAkEA3l+Qd9C9gdpUh1uX\n"
+						+ "oPSNIxn5hFUrSTW1EwP9QH9vhwb5Vr8Jrd5ei678WYDLjUcx648RjkjhU9jSMzIx\n"
+						+ "EGvYtQJBAMm/i9NR7IVyyNIgZUpz5q4LI21rl1r4gUQuD8vA36zM81i4ROeuCly0\n"
+						+ "KkfdxR4PUfnKcQCX11YnHjk9uTFj75ECQEFY/gBnxDjzqyF35hAzrYIiMPQVfznt\n"
+						+ "YX/sDTE2AdVBVGaMj1Cb51bPHnNC6Q5kXKQnj/YrLqRQND09Q7ParX0CQQC5NxZr\n"
+						+ "9jKqhHj8yQD6PlXTsY4Occ7DH6/IoDenfdEVD5qlet0zmd50HatN2Jiqm5ubN7CM\n" + "INrtuLp4YHbgk1mi\n"
+						+ "-----END PRIVATE KEY-----");
 	}
 
 }
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/DefaultSaml2AuthenticatedPrincipalTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/DefaultSaml2AuthenticatedPrincipalTests.java
index 0352be6741..fabb649f78 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/DefaultSaml2AuthenticatedPrincipalTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/DefaultSaml2AuthenticatedPrincipalTests.java
@@ -44,15 +44,13 @@ public class DefaultSaml2AuthenticatedPrincipalTests {
 		Map<String, List<Object>> attributes = new LinkedHashMap<>();
 		attributes.put("email", Arrays.asList("john.doe@example.com", "doe.john@example.com"));
 		assertThatCode(() -> new DefaultSaml2AuthenticatedPrincipal(null, attributes))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessageContaining("name cannot be null");
+				.isInstanceOf(IllegalArgumentException.class).hasMessageContaining("name cannot be null");
 	}
 
 	@Test
 	public void createDefaultSaml2AuthenticatedPrincipalWhenAttributesNullThenException() {
 		assertThatCode(() -> new DefaultSaml2AuthenticatedPrincipal("user", null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessageContaining("attributes cannot be null");
+				.isInstanceOf(IllegalArgumentException.class).hasMessageContaining("attributes cannot be null");
 	}
 
 	@Test
@@ -87,4 +85,5 @@ public class DefaultSaml2AuthenticatedPrincipalTests {
 		assertThat((Boolean) registrationInfo.get(0)).isEqualTo(registered);
 		assertThat((Instant) registrationInfo.get(1)).isEqualTo(registeredDate);
 	}
+
 }
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProviderTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProviderTests.java
index 2b7e885c1e..25fe55dca4 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProviderTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProviderTests.java
@@ -97,7 +97,9 @@ import static org.springframework.util.StringUtils.hasText;
 public class OpenSamlAuthenticationProviderTests {
 
 	private static String DESTINATION = "https://localhost/login/saml2/sso/idp-alias";
+
 	private static String RELYING_PARTY_ENTITY_ID = "https://localhost/saml2/service-provider-metadata/idp-alias";
+
 	private static String ASSERTING_PARTY_ENTITY_ID = "https://some.idp.test/saml2/idp";
 
 	private OpenSamlAuthenticationProvider provider = new OpenSamlAuthenticationProvider();
@@ -109,7 +111,8 @@ public class OpenSamlAuthenticationProviderTests {
 	public void supportsWhenSaml2AuthenticationTokenThenReturnTrue() {
 
 		assertThat(this.provider.supports(Saml2AuthenticationToken.class))
-				.withFailMessage(OpenSamlAuthenticationProvider.class + "should support " + Saml2AuthenticationToken.class)
+				.withFailMessage(
+						OpenSamlAuthenticationProvider.class + "should support " + Saml2AuthenticationToken.class)
 				.isTrue();
 	}
 
@@ -151,8 +154,7 @@ public class OpenSamlAuthenticationProviderTests {
 	@Test
 	public void authenticateWhenNoAssertionsPresentThenThrowAuthenticationException() {
 		this.exception.expect(
-				authenticationMatcher(Saml2ErrorCodes.MALFORMED_RESPONSE_DATA, "No assertions found in response.")
-		);
+				authenticationMatcher(Saml2ErrorCodes.MALFORMED_RESPONSE_DATA, "No assertions found in response."));
 
 		Saml2AuthenticationToken token = token(response(), assertingPartySigningCredential());
 		this.provider.authenticate(token);
@@ -174,11 +176,7 @@ public class OpenSamlAuthenticationProviderTests {
 
 		Response response = response();
 		Assertion assertion = assertion();
-		assertion
-				.getSubject()
-				.getSubjectConfirmations()
-				.get(0)
-				.getSubjectConfirmationData()
+		assertion.getSubject().getSubjectConfirmations().get(0).getSubjectConfirmationData()
 				.setNotOnOrAfter(DateTime.now().minus(Duration.standardDays(3)));
 		signed(assertion, assertingPartySigningCredential(), RELYING_PARTY_ENTITY_ID);
 		response.getAssertions().add(assertion);
@@ -187,7 +185,7 @@ public class OpenSamlAuthenticationProviderTests {
 	}
 
 	@Test
-	public void authenticateWhenMissingSubjectThenThrowAuthenticationException()  {
+	public void authenticateWhenMissingSubjectThenThrowAuthenticationException() {
 		this.exception.expect(authenticationMatcher(Saml2ErrorCodes.SUBJECT_NOT_FOUND));
 
 		Response response = response();
@@ -205,10 +203,7 @@ public class OpenSamlAuthenticationProviderTests {
 
 		Response response = response();
 		Assertion assertion = assertion();
-		assertion
-				.getSubject()
-				.getNameID()
-				.setValue(null);
+		assertion.getSubject().getNameID().setValue(null);
 		signed(assertion, assertingPartySigningCredential(), RELYING_PARTY_ENTITY_ID);
 		response.getAssertions().add(assertion);
 		Saml2AuthenticationToken token = token(response, relyingPartyVerifyingCredential());
@@ -219,9 +214,8 @@ public class OpenSamlAuthenticationProviderTests {
 	public void authenticateWhenAssertionContainsValidationAddressThenItSucceeds() throws Exception {
 		Response response = response();
 		Assertion assertion = assertion();
-		assertion.getSubject().getSubjectConfirmations().forEach(
-				sc -> sc.getSubjectConfirmationData().setAddress("10.10.10.10")
-		);
+		assertion.getSubject().getSubjectConfirmations()
+				.forEach(sc -> sc.getSubjectConfirmationData().setAddress("10.10.10.10"));
 		signed(assertion, assertingPartySigningCredential(), RELYING_PARTY_ENTITY_ID);
 		response.getAssertions().add(assertion);
 		Saml2AuthenticationToken token = token(response, relyingPartyVerifyingCredential());
@@ -268,11 +262,14 @@ public class OpenSamlAuthenticationProviderTests {
 		when(marshaller.marshall(any(XMLObject.class))).thenReturn(attributeElement);
 
 		try {
-			XMLObjectProviderRegistrySupport.getMarshallerFactory().registerMarshaller(AttributeValue.DEFAULT_ELEMENT_NAME, marshaller);
+			XMLObjectProviderRegistrySupport.getMarshallerFactory()
+					.registerMarshaller(AttributeValue.DEFAULT_ELEMENT_NAME, marshaller);
 			this.provider.authenticate(token);
 			verify(marshaller, atLeastOnce()).marshall(any(XMLObject.class));
-		} finally {
-			XMLObjectProviderRegistrySupport.getMarshallerFactory().deregisterMarshaller(AttributeValue.DEFAULT_ELEMENT_NAME);
+		}
+		finally {
+			XMLObjectProviderRegistrySupport.getMarshallerFactory()
+					.deregisterMarshaller(AttributeValue.DEFAULT_ELEMENT_NAME);
 		}
 	}
 
@@ -293,7 +290,8 @@ public class OpenSamlAuthenticationProviderTests {
 		Assertion assertion = signed(assertion(), assertingPartySigningCredential(), RELYING_PARTY_ENTITY_ID);
 		EncryptedAssertion encryptedAssertion = encrypted(assertion, assertingPartyEncryptingCredential());
 		response.getEncryptedAssertions().add(encryptedAssertion);
-		Saml2AuthenticationToken token = token(response, relyingPartyVerifyingCredential(), relyingPartyDecryptingCredential());
+		Saml2AuthenticationToken token = token(response, relyingPartyVerifyingCredential(),
+				relyingPartyDecryptingCredential());
 		this.provider.authenticate(token);
 	}
 
@@ -303,7 +301,8 @@ public class OpenSamlAuthenticationProviderTests {
 		EncryptedAssertion encryptedAssertion = encrypted(assertion(), assertingPartyEncryptingCredential());
 		response.getEncryptedAssertions().add(encryptedAssertion);
 		signed(response, assertingPartySigningCredential(), RELYING_PARTY_ENTITY_ID);
-		Saml2AuthenticationToken token = token(response, relyingPartyVerifyingCredential(), relyingPartyDecryptingCredential());
+		Saml2AuthenticationToken token = token(response, relyingPartyVerifyingCredential(),
+				relyingPartyDecryptingCredential());
 		this.provider.authenticate(token);
 	}
 
@@ -317,16 +316,15 @@ public class OpenSamlAuthenticationProviderTests {
 		assertion.getSubject().setEncryptedID(encryptedID);
 		response.getAssertions().add(assertion);
 		signed(assertion, assertingPartySigningCredential(), RELYING_PARTY_ENTITY_ID);
-		Saml2AuthenticationToken token = token(response, relyingPartyVerifyingCredential(), relyingPartyDecryptingCredential());
+		Saml2AuthenticationToken token = token(response, relyingPartyVerifyingCredential(),
+				relyingPartyDecryptingCredential());
 		this.provider.authenticate(token);
 	}
 
-
 	@Test
 	public void authenticateWhenDecryptionKeysAreMissingThenThrowAuthenticationException() throws Exception {
-		this.exception.expect(
-				authenticationMatcher(Saml2ErrorCodes.DECRYPTION_ERROR, "Failed to decrypt EncryptedData")
-		);
+		this.exception
+				.expect(authenticationMatcher(Saml2ErrorCodes.DECRYPTION_ERROR, "Failed to decrypt EncryptedData"));
 
 		Response response = response();
 		EncryptedAssertion encryptedAssertion = encrypted(assertion(), assertingPartyEncryptingCredential());
@@ -337,9 +335,8 @@ public class OpenSamlAuthenticationProviderTests {
 
 	@Test
 	public void authenticateWhenDecryptionKeysAreWrongThenThrowAuthenticationException() throws Exception {
-		this.exception.expect(
-				authenticationMatcher(Saml2ErrorCodes.DECRYPTION_ERROR, "Failed to decrypt EncryptedData")
-		);
+		this.exception
+				.expect(authenticationMatcher(Saml2ErrorCodes.DECRYPTION_ERROR, "Failed to decrypt EncryptedData"));
 
 		Response response = response();
 		EncryptedAssertion encryptedAssertion = encrypted(assertion(), assertingPartyEncryptingCredential());
@@ -354,7 +351,8 @@ public class OpenSamlAuthenticationProviderTests {
 		Assertion assertion = signed(assertion(), assertingPartySigningCredential(), RELYING_PARTY_ENTITY_ID);
 		EncryptedAssertion encryptedAssertion = encrypted(assertion, assertingPartyEncryptingCredential());
 		response.getEncryptedAssertions().add(encryptedAssertion);
-		Saml2AuthenticationToken token = token(response, relyingPartyVerifyingCredential(), relyingPartyDecryptingCredential());
+		Saml2AuthenticationToken token = token(response, relyingPartyVerifyingCredential(),
+				relyingPartyDecryptingCredential());
 		Saml2Authentication authentication = (Saml2Authentication) this.provider.authenticate(token);
 
 		// the following code will throw an exception if authentication isn't serializable
@@ -409,8 +407,7 @@ public class OpenSamlAuthenticationProviderTests {
 
 	@Test
 	public void setConditionValidatorsWhenNullOrEmptyThenIllegalArgument() {
-		assertThatCode(() -> this.provider.setConditionValidators(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatCode(() -> this.provider.setConditionValidators(null)).isInstanceOf(IllegalArgumentException.class);
 
 		assertThatCode(() -> this.provider.setConditionValidators(Collections.emptyList()))
 				.isInstanceOf(IllegalArgumentException.class);
@@ -425,7 +422,8 @@ public class OpenSamlAuthenticationProviderTests {
 			Marshaller marshaller = getMarshallerFactory().getMarshaller(object);
 			Element element = marshaller.marshall(object);
 			return SerializeSupport.nodeToString(element);
-		} catch (MarshallingException e) {
+		}
+		catch (MarshallingException e) {
 			throw new Saml2Exception(e);
 		}
 	}
@@ -455,7 +453,7 @@ public class OpenSamlAuthenticationProviderTests {
 
 			@Override
 			public void describeTo(Description desc) {
-				String excepting = "Saml2AuthenticationException[code="+code+"; description="+description+"]";
+				String excepting = "Saml2AuthenticationException[code=" + code + "; description=" + description + "]";
 				desc.appendText(excepting);
 
 			}
@@ -468,8 +466,8 @@ public class OpenSamlAuthenticationProviderTests {
 	}
 
 	private Saml2AuthenticationToken token(String payload, Saml2X509Credential... credentials) {
-		return new Saml2AuthenticationToken(payload,
-				DESTINATION, ASSERTING_PARTY_ENTITY_ID, RELYING_PARTY_ENTITY_ID, Arrays.asList(credentials));
+		return new Saml2AuthenticationToken(payload, DESTINATION, ASSERTING_PARTY_ENTITY_ID, RELYING_PARTY_ENTITY_ID,
+				Arrays.asList(credentials));
 	}
 
 	private static Element element(String xml) throws Exception {
@@ -478,4 +476,5 @@ public class OpenSamlAuthenticationProviderTests {
 		Document doc = builder.parse(new InputSource(new StringReader(xml)));
 		return doc.getDocumentElement();
 	}
+
 }
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationRequestFactoryTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationRequestFactoryTests.java
index 8b8da0de9e..31bd0db6f2 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationRequestFactoryTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationRequestFactoryTests.java
@@ -57,10 +57,13 @@ import static org.springframework.security.saml2.provider.service.registration.S
 public class OpenSamlAuthenticationRequestFactoryTests {
 
 	private OpenSamlAuthenticationRequestFactory factory;
+
 	private Saml2AuthenticationRequestContext.Builder contextBuilder;
+
 	private Saml2AuthenticationRequestContext context;
 
 	private RelyingPartyRegistration.Builder relyingPartyRegistrationBuilder;
+
 	private RelyingPartyRegistration relyingPartyRegistration;
 
 	private AuthnRequestUnmarshaller unmarshaller = (AuthnRequestUnmarshaller) getUnmarshallerFactory()
@@ -74,30 +77,27 @@ public class OpenSamlAuthenticationRequestFactoryTests {
 		this.relyingPartyRegistrationBuilder = RelyingPartyRegistration.withRegistrationId("id")
 				.assertionConsumerServiceLocation("template")
 				.providerDetails(c -> c.webSsoUrl("https://destination/sso"))
-				.providerDetails(c -> c.entityId("remote-entity-id"))
-				.localEntityIdTemplate("local-entity-id")
+				.providerDetails(c -> c.entityId("remote-entity-id")).localEntityIdTemplate("local-entity-id")
 				.credentials(c -> c.add(relyingPartySigningCredential()));
 		this.relyingPartyRegistration = this.relyingPartyRegistrationBuilder.build();
-		contextBuilder = Saml2AuthenticationRequestContext.builder()
-				.issuer("https://issuer")
-				.relyingPartyRegistration(relyingPartyRegistration)
-				.assertionConsumerServiceUrl("https://issuer/sso");
+		contextBuilder = Saml2AuthenticationRequestContext.builder().issuer("https://issuer")
+				.relyingPartyRegistration(relyingPartyRegistration).assertionConsumerServiceUrl("https://issuer/sso");
 		context = contextBuilder.build();
 		factory = new OpenSamlAuthenticationRequestFactory();
 	}
 
 	@Test
 	public void createAuthenticationRequestWhenInvokingDeprecatedMethodThenReturnsXML() {
-		Saml2AuthenticationRequest request = Saml2AuthenticationRequest.withAuthenticationRequestContext(context).build();
+		Saml2AuthenticationRequest request = Saml2AuthenticationRequest.withAuthenticationRequestContext(context)
+				.build();
 		String result = factory.createAuthenticationRequest(request);
-		assertThat(result.replace("\n", "")).startsWith("<?xml version=\"1.0\" encoding=\"UTF-8\"?><saml2p:AuthnRequest");
+		assertThat(result.replace("\n", ""))
+				.startsWith("<?xml version=\"1.0\" encoding=\"UTF-8\"?><saml2p:AuthnRequest");
 	}
 
 	@Test
 	public void createRedirectAuthenticationRequestWhenUsingContextThenAllValuesAreSet() {
-		context = contextBuilder
-				.relayState("Relay State Value")
-				.build();
+		context = contextBuilder.relayState("Relay State Value").build();
 		Saml2RedirectAuthenticationRequest result = factory.createRedirectAuthenticationRequest(context);
 		assertThat(result.getSamlRequest()).isNotEmpty();
 		assertThat(result.getRelayState()).isEqualTo("Relay State Value");
@@ -109,13 +109,9 @@ public class OpenSamlAuthenticationRequestFactoryTests {
 	@Test
 	public void createRedirectAuthenticationRequestWhenNotSignRequestThenNoSignatureIsPresent() {
 
-		context = contextBuilder
-				.relayState("Relay State Value")
-				.relyingPartyRegistration(
-						withRelyingPartyRegistration(relyingPartyRegistration)
-						.providerDetails(c -> c.signAuthNRequest(false))
-						.build()
-				)
+		context = contextBuilder.relayState("Relay State Value")
+				.relyingPartyRegistration(withRelyingPartyRegistration(relyingPartyRegistration)
+						.providerDetails(c -> c.signAuthNRequest(false)).build())
 				.build();
 		Saml2RedirectAuthenticationRequest result = factory.createRedirectAuthenticationRequest(context);
 		assertThat(result.getSamlRequest()).isNotEmpty();
@@ -127,37 +123,26 @@ public class OpenSamlAuthenticationRequestFactoryTests {
 
 	@Test
 	public void createPostAuthenticationRequestWhenNotSignRequestThenNoSignatureIsPresent() {
-		context = contextBuilder
-				.relayState("Relay State Value")
-				.relyingPartyRegistration(
-						withRelyingPartyRegistration(relyingPartyRegistration)
-								.providerDetails(c -> c.signAuthNRequest(false))
-								.build()
-				)
+		context = contextBuilder.relayState("Relay State Value")
+				.relyingPartyRegistration(withRelyingPartyRegistration(relyingPartyRegistration)
+						.providerDetails(c -> c.signAuthNRequest(false)).build())
 				.build();
 		Saml2PostAuthenticationRequest result = factory.createPostAuthenticationRequest(context);
 		assertThat(result.getSamlRequest()).isNotEmpty();
 		assertThat(result.getRelayState()).isEqualTo("Relay State Value");
 		assertThat(result.getBinding()).isEqualTo(POST);
-		assertThat(new String(samlDecode(result.getSamlRequest()), UTF_8))
-				.doesNotContain("ds:Signature");
+		assertThat(new String(samlDecode(result.getSamlRequest()), UTF_8)).doesNotContain("ds:Signature");
 	}
 
 	@Test
 	public void createPostAuthenticationRequestWhenSignRequestThenSignatureIsPresent() {
-		context = contextBuilder
-				.relayState("Relay State Value")
-				.relyingPartyRegistration(
-						withRelyingPartyRegistration(relyingPartyRegistration)
-								.build()
-				)
-				.build();
+		context = contextBuilder.relayState("Relay State Value")
+				.relyingPartyRegistration(withRelyingPartyRegistration(relyingPartyRegistration).build()).build();
 		Saml2PostAuthenticationRequest result = factory.createPostAuthenticationRequest(context);
 		assertThat(result.getSamlRequest()).isNotEmpty();
 		assertThat(result.getRelayState()).isEqualTo("Relay State Value");
 		assertThat(result.getBinding()).isEqualTo(POST);
-		assertThat(new String(samlDecode(result.getSamlRequest()), UTF_8))
-				.contains("ds:Signature");
+		assertThat(new String(samlDecode(result.getSamlRequest()), UTF_8)).contains("ds:Signature");
 	}
 
 	@Test
@@ -182,9 +167,10 @@ public class OpenSamlAuthenticationRequestFactoryTests {
 
 	@Test
 	public void createPostAuthenticationRequestWhenAuthnRequestConsumerThenUses() {
-		Function<Saml2AuthenticationRequestContext, Consumer<AuthnRequest>> authnRequestConsumerResolver =
-				mock(Function.class);
-		when(authnRequestConsumerResolver.apply(this.context)).thenReturn(authnRequest -> {});
+		Function<Saml2AuthenticationRequestContext, Consumer<AuthnRequest>> authnRequestConsumerResolver = mock(
+				Function.class);
+		when(authnRequestConsumerResolver.apply(this.context)).thenReturn(authnRequest -> {
+		});
 		this.factory.setAuthnRequestConsumerResolver(authnRequestConsumerResolver);
 
 		this.factory.createPostAuthenticationRequest(this.context);
@@ -193,9 +179,10 @@ public class OpenSamlAuthenticationRequestFactoryTests {
 
 	@Test
 	public void createRedirectAuthenticationRequestWhenAuthnRequestConsumerThenUses() {
-		Function<Saml2AuthenticationRequestContext, Consumer<AuthnRequest>> authnRequestConsumerResolver =
-				mock(Function.class);
-		when(authnRequestConsumerResolver.apply(this.context)).thenReturn(authnRequest -> {});
+		Function<Saml2AuthenticationRequestContext, Consumer<AuthnRequest>> authnRequestConsumerResolver = mock(
+				Function.class);
+		when(authnRequestConsumerResolver.apply(this.context)).thenReturn(authnRequest -> {
+		});
 		this.factory.setAuthnRequestConsumerResolver(authnRequestConsumerResolver);
 
 		this.factory.createRedirectAuthenticationRequest(this.context);
@@ -211,11 +198,9 @@ public class OpenSamlAuthenticationRequestFactoryTests {
 	@Test
 	public void createPostAuthenticationRequestWhenAssertionConsumerServiceBindingThenUses() {
 		RelyingPartyRegistration relyingPartyRegistration = this.relyingPartyRegistrationBuilder
-				.assertionConsumerServiceBinding(REDIRECT)
-				.build();
+				.assertionConsumerServiceBinding(REDIRECT).build();
 		Saml2AuthenticationRequestContext context = this.contextBuilder
-				.relyingPartyRegistration(relyingPartyRegistration)
-				.build();
+				.relyingPartyRegistration(relyingPartyRegistration).build();
 		Saml2PostAuthenticationRequest request = this.factory.createPostAuthenticationRequest(context);
 		String samlRequest = request.getSamlRequest();
 		String inflated = new String(samlDecode(samlRequest));
@@ -223,9 +208,9 @@ public class OpenSamlAuthenticationRequestFactoryTests {
 	}
 
 	private AuthnRequest getAuthNRequest(Saml2MessageBinding binding) {
-		AbstractSaml2AuthenticationRequest result = (binding == REDIRECT) ?
-				factory.createRedirectAuthenticationRequest(context) :
-				factory.createPostAuthenticationRequest(context);
+		AbstractSaml2AuthenticationRequest result = (binding == REDIRECT)
+				? factory.createRedirectAuthenticationRequest(context)
+				: factory.createPostAuthenticationRequest(context);
 		String samlRequest = result.getSamlRequest();
 		assertThat(samlRequest).isNotEmpty();
 		if (result.getBinding() == REDIRECT) {
@@ -235,8 +220,7 @@ public class OpenSamlAuthenticationRequestFactoryTests {
 			samlRequest = new String(samlDecode(samlRequest), UTF_8);
 		}
 		try {
-			Document document = getParserPool().parse(
-					new ByteArrayInputStream(samlRequest.getBytes(UTF_8)));
+			Document document = getParserPool().parse(new ByteArrayInputStream(samlRequest.getBytes(UTF_8)));
 			Element element = document.getDocumentElement();
 			return (AuthnRequest) this.unmarshaller.unmarshall(element);
 		}
@@ -244,4 +228,5 @@ public class OpenSamlAuthenticationRequestFactoryTests {
 			throw new Saml2Exception(e);
 		}
 	}
+
 }
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationRequestFactoryTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationRequestFactoryTests.java
index 563473a35d..9f60be3e14 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationRequestFactoryTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationRequestFactoryTests.java
@@ -35,20 +35,16 @@ public class Saml2AuthenticationRequestFactoryTests {
 	private RelyingPartyRegistration registration = RelyingPartyRegistration.withRegistrationId("id")
 			.assertionConsumerServiceUrlTemplate("template")
 			.providerDetails(c -> c.webSsoUrl("https://example.com/destination"))
-			.providerDetails(c -> c.entityId("remote-entity-id"))
-			.localEntityIdTemplate("local-entity-id")
-			.credentials(c -> c.add(relyingPartySigningCredential()))
-			.build();
+			.providerDetails(c -> c.entityId("remote-entity-id")).localEntityIdTemplate("local-entity-id")
+			.credentials(c -> c.add(relyingPartySigningCredential())).build();
 
 	@Test
 	public void createAuthenticationRequestParametersWhenRedirectDefaultIsUsedMessageIsDeflatedAndEncoded() {
-		final String value = "Test String: "+ UUID.randomUUID().toString();
+		final String value = "Test String: " + UUID.randomUUID().toString();
 		Saml2AuthenticationRequestFactory factory = request -> value;
 		Saml2AuthenticationRequestContext request = Saml2AuthenticationRequestContext.builder()
-				.relyingPartyRegistration(registration)
-				.issuer("https://example.com/issuer")
-				.assertionConsumerServiceUrl("https://example.com/acs-url")
-				.build();
+				.relyingPartyRegistration(registration).issuer("https://example.com/issuer")
+				.assertionConsumerServiceUrl("https://example.com/acs-url").build();
 		Saml2RedirectAuthenticationRequest response = factory.createRedirectAuthenticationRequest(request);
 		String resultValue = response.getSamlRequest();
 		byte[] decoded = samlDecode(resultValue);
@@ -58,16 +54,15 @@ public class Saml2AuthenticationRequestFactoryTests {
 
 	@Test
 	public void createAuthenticationRequestParametersWhenPostDefaultIsUsedMessageIsEncoded() {
-		final String value = "Test String: "+ UUID.randomUUID().toString();
+		final String value = "Test String: " + UUID.randomUUID().toString();
 		Saml2AuthenticationRequestFactory factory = request -> value;
 		Saml2AuthenticationRequestContext request = Saml2AuthenticationRequestContext.builder()
-				.relyingPartyRegistration(registration)
-				.issuer("https://example.com/issuer")
-				.assertionConsumerServiceUrl("https://example.com/acs-url")
-				.build();
+				.relyingPartyRegistration(registration).issuer("https://example.com/issuer")
+				.assertionConsumerServiceUrl("https://example.com/acs-url").build();
 		Saml2PostAuthenticationRequest response = factory.createPostAuthenticationRequest(request);
 		String resultValue = response.getSamlRequest();
 		byte[] decoded = samlDecode(resultValue);
 		assertThat(new String(decoded)).isEqualTo(value);
 	}
+
 }
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/TestOpenSamlObjects.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/TestOpenSamlObjects.java
index 9267ef93dd..c5356f4cea 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/TestOpenSamlObjects.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/TestOpenSamlObjects.java
@@ -21,6 +21,7 @@ import java.util.ArrayList;
 import java.util.Base64;
 import java.util.List;
 import java.util.UUID;
+
 import javax.crypto.SecretKey;
 import javax.crypto.spec.SecretKeySpec;
 import javax.xml.namespace.QName;
@@ -81,16 +82,21 @@ import org.springframework.security.saml2.core.Saml2X509Credential;
 import static org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport.getBuilderFactory;
 
 final class TestOpenSamlObjects {
+
 	static {
 		OpenSamlInitializationService.initialize();
 	}
 
 	private static String USERNAME = "test@saml.user";
+
 	private static String DESTINATION = "https://localhost/login/saml2/sso/idp-alias";
+
 	private static String RELYING_PARTY_ENTITY_ID = "https://localhost/saml2/service-provider-metadata/idp-alias";
+
 	private static String ASSERTING_PARTY_ENTITY_ID = "https://some.idp.test/saml2/idp";
-	private static SecretKey SECRET_KEY =
-			new SecretKeySpec(Base64.getDecoder().decode("shOnwNMoCv88HKMEa91+FlYoD5RNvzMTAL5LGxZKIFk="), "AES");
+
+	private static SecretKey SECRET_KEY = new SecretKeySpec(
+			Base64.getDecoder().decode("shOnwNMoCv88HKMEa91+FlYoD5RNvzMTAL5LGxZKIFk="), "AES");
 
 	static Response response() {
 		return response(DESTINATION, ASSERTING_PARTY_ENTITY_ID);
@@ -98,7 +104,7 @@ final class TestOpenSamlObjects {
 
 	static Response response(String destination, String issuerEntityId) {
 		Response response = build(Response.DEFAULT_ELEMENT_NAME);
-		response.setID("R"+UUID.randomUUID().toString());
+		response.setID("R" + UUID.randomUUID().toString());
 		response.setIssueInstant(DateTime.now());
 		response.setVersion(SAMLVersion.VERSION_20);
 		response.setID("_" + UUID.randomUUID().toString());
@@ -111,14 +117,9 @@ final class TestOpenSamlObjects {
 		return assertion(USERNAME, ASSERTING_PARTY_ENTITY_ID, RELYING_PARTY_ENTITY_ID, DESTINATION);
 	}
 
-	static Assertion assertion(
-			String username,
-			String issuerEntityId,
-			String recipientEntityId,
-			String recipientUri
-	) {
+	static Assertion assertion(String username, String issuerEntityId, String recipientEntityId, String recipientUri) {
 		Assertion assertion = build(Assertion.DEFAULT_ELEMENT_NAME);
-		assertion.setID("A"+ UUID.randomUUID().toString());
+		assertion.setID("A" + UUID.randomUUID().toString());
 		assertion.setIssueInstant(DateTime.now());
 		assertion.setVersion(SAMLVersion.VERSION_20);
 		assertion.setIssueInstant(DateTime.now());
@@ -135,7 +136,6 @@ final class TestOpenSamlObjects {
 		return assertion;
 	}
 
-
 	static Issuer issuer(String entityId) {
 		Issuer issuer = build(Issuer.DEFAULT_ELEMENT_NAME);
 		issuer.setValue(entityId);
@@ -184,7 +184,8 @@ final class TestOpenSamlObjects {
 		return cred;
 	}
 
-	static Credential getSigningCredential(org.springframework.security.saml2.credentials.Saml2X509Credential credential, String entityId) {
+	static Credential getSigningCredential(
+			org.springframework.security.saml2.credentials.Saml2X509Credential credential, String entityId) {
 		BasicCredential cred = getBasicCredential(credential);
 		cred.setEntityId(entityId);
 		cred.setUsageType(UsageType.SIGNING);
@@ -192,17 +193,12 @@ final class TestOpenSamlObjects {
 	}
 
 	static BasicCredential getBasicCredential(Saml2X509Credential credential) {
-		return CredentialSupport.getSimpleCredential(
-				credential.getCertificate(),
-				credential.getPrivateKey()
-		);
+		return CredentialSupport.getSimpleCredential(credential.getCertificate(), credential.getPrivateKey());
 	}
 
-	static BasicCredential getBasicCredential(org.springframework.security.saml2.credentials.Saml2X509Credential credential) {
-		return CredentialSupport.getSimpleCredential(
-				credential.getCertificate(),
-				credential.getPrivateKey()
-		);
+	static BasicCredential getBasicCredential(
+			org.springframework.security.saml2.credentials.Saml2X509Credential credential) {
+		return CredentialSupport.getSimpleCredential(credential.getCertificate(), credential.getPrivateKey());
 	}
 
 	static <T extends SignableSAMLObject> T signed(T signable, Saml2X509Credential credential, String entityId) {
@@ -214,14 +210,16 @@ final class TestOpenSamlObjects {
 		parameters.setSignatureCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
 		try {
 			SignatureSupport.signObject(signable, parameters);
-		} catch (MarshallingException | SignatureException | SecurityException e) {
+		}
+		catch (MarshallingException | SignatureException | SecurityException e) {
 			throw new Saml2Exception(e);
 		}
 
 		return signable;
 	}
 
-	static <T extends SignableSAMLObject> T signed(T signable, org.springframework.security.saml2.credentials.Saml2X509Credential credential, String entityId) {
+	static <T extends SignableSAMLObject> T signed(T signable,
+			org.springframework.security.saml2.credentials.Saml2X509Credential credential, String entityId) {
 		SignatureSigningParameters parameters = new SignatureSigningParameters();
 		Credential signingCredential = getSigningCredential(credential, entityId);
 		parameters.setSigningCredential(signingCredential);
@@ -230,7 +228,8 @@ final class TestOpenSamlObjects {
 		parameters.setSignatureCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
 		try {
 			SignatureSupport.signObject(signable, parameters);
-		} catch (MarshallingException | SignatureException | SecurityException e) {
+		}
+		catch (MarshallingException | SignatureException | SecurityException e) {
 			throw new Saml2Exception(e);
 		}
 
@@ -248,7 +247,8 @@ final class TestOpenSamlObjects {
 		}
 	}
 
-	static EncryptedAssertion encrypted(Assertion assertion, org.springframework.security.saml2.credentials.Saml2X509Credential credential) {
+	static EncryptedAssertion encrypted(Assertion assertion,
+			org.springframework.security.saml2.credentials.Saml2X509Credential credential) {
 		X509Certificate certificate = credential.getCertificate();
 		Encrypter encrypter = getEncrypter(certificate);
 		try {
@@ -270,7 +270,8 @@ final class TestOpenSamlObjects {
 		}
 	}
 
-	static EncryptedID encrypted(NameID nameId, org.springframework.security.saml2.credentials.Saml2X509Credential credential) {
+	static EncryptedID encrypted(NameID nameId,
+			org.springframework.security.saml2.credentials.Saml2X509Credential credential) {
 		X509Certificate certificate = credential.getCertificate();
 		Encrypter encrypter = getEncrypter(certificate);
 		try {
@@ -347,14 +348,16 @@ final class TestOpenSamlObjects {
 
 		Attribute registeredAttr = attributeBuilder.buildObject();
 		registeredAttr.setName("registered");
-		XSBoolean registered = new XSBooleanBuilder().buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSBoolean.TYPE_NAME);
+		XSBoolean registered = new XSBooleanBuilder().buildObject(AttributeValue.DEFAULT_ELEMENT_NAME,
+				XSBoolean.TYPE_NAME);
 		registered.setValue(new XSBooleanValue(true, false));
 		registeredAttr.getAttributeValues().add(registered);
 		attrStmt2.getAttributes().add(registeredAttr);
 
 		Attribute registeredDateAttr = attributeBuilder.buildObject();
 		registeredDateAttr.setName("registeredDate");
-		XSDateTime registeredDate = new XSDateTimeBuilder().buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSDateTime.TYPE_NAME);
+		XSDateTime registeredDate = new XSDateTimeBuilder().buildObject(AttributeValue.DEFAULT_ELEMENT_NAME,
+				XSDateTime.TYPE_NAME);
 		registeredDate.setValue(DateTime.parse("1970-01-01T00:00:00Z"));
 		registeredDateAttr.getAttributeValues().add(registeredDate);
 		attrStmt2.getAttributes().add(registeredDateAttr);
@@ -367,4 +370,5 @@ final class TestOpenSamlObjects {
 	static <T extends XMLObject> T build(QName qName) {
 		return (T) getBuilderFactory().getBuilder(qName).buildObject(qName);
 	}
+
 }
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/TestSaml2AuthenticationRequestContexts.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/TestSaml2AuthenticationRequestContexts.java
index 57a721146e..d5f784373a 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/TestSaml2AuthenticationRequestContexts.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/TestSaml2AuthenticationRequestContexts.java
@@ -22,11 +22,11 @@ import static org.springframework.security.saml2.provider.service.registration.T
  * Test {@link Saml2AuthenticationRequestContext}s
  */
 public class TestSaml2AuthenticationRequestContexts {
+
 	public static Saml2AuthenticationRequestContext.Builder authenticationRequestContext() {
-		return Saml2AuthenticationRequestContext.builder()
-				.relayState("relayState")
-				.issuer("issuer")
+		return Saml2AuthenticationRequestContext.builder().relayState("relayState").issuer("issuer")
 				.relyingPartyRegistration(relyingPartyRegistration().build())
 				.assertionConsumerServiceUrl("assertionConsumerServiceUrl");
 	}
+
 }
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/metadata/OpenSamlMetadataResolverTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/metadata/OpenSamlMetadataResolverTests.java
index 161e6124a9..f062d23502 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/metadata/OpenSamlMetadataResolverTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/metadata/OpenSamlMetadataResolverTests.java
@@ -34,20 +34,15 @@ public class OpenSamlMetadataResolverTests {
 	@Test
 	public void resolveWhenRelyingPartyThenMetadataMatches() {
 		// given
-		RelyingPartyRegistration relyingPartyRegistration = full()
-				.assertionConsumerServiceBinding(REDIRECT)
-				.build();
+		RelyingPartyRegistration relyingPartyRegistration = full().assertionConsumerServiceBinding(REDIRECT).build();
 		OpenSamlMetadataResolver openSamlMetadataResolver = new OpenSamlMetadataResolver();
 
 		// when
 		String metadata = openSamlMetadataResolver.resolve(relyingPartyRegistration);
 
 		// then
-		assertThat(metadata)
-				.contains("<EntityDescriptor")
-				.contains("entityID=\"rp-entity-id\"")
-				.contains("WantAssertionsSigned=\"true\"")
-				.contains("<md:KeyDescriptor use=\"signing\">")
+		assertThat(metadata).contains("<EntityDescriptor").contains("entityID=\"rp-entity-id\"")
+				.contains("WantAssertionsSigned=\"true\"").contains("<md:KeyDescriptor use=\"signing\">")
 				.contains("<md:KeyDescriptor use=\"encryption\">")
 				.contains("<ds:X509Certificate>MIICgTCCAeoCCQCuVzyqFgMSyDANBgkqhkiG9w0BAQsFADCBhDELMAkGA1UEBh")
 				.contains("Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\"")
@@ -58,9 +53,8 @@ public class OpenSamlMetadataResolverTests {
 	public void resolveWhenRelyingPartyNoCredentialsThenMetadataMatches() {
 		// given
 		RelyingPartyRegistration relyingPartyRegistration = noCredentials()
-				.assertingPartyDetails(party -> party
-					.verificationX509Credentials(c -> c.add(relyingPartyVerifyingCredential()))
-				)
+				.assertingPartyDetails(
+						party -> party.verificationX509Credentials(c -> c.add(relyingPartyVerifyingCredential())))
 				.build();
 		OpenSamlMetadataResolver openSamlMetadataResolver = new OpenSamlMetadataResolver();
 
@@ -68,13 +62,11 @@ public class OpenSamlMetadataResolverTests {
 		String metadata = openSamlMetadataResolver.resolve(relyingPartyRegistration);
 
 		// then
-		assertThat(metadata)
-				.contains("<EntityDescriptor")
-				.contains("entityID=\"rp-entity-id\"")
-				.contains("WantAssertionsSigned=\"true\"")
-				.doesNotContain("<md:KeyDescriptor use=\"signing\">")
+		assertThat(metadata).contains("<EntityDescriptor").contains("entityID=\"rp-entity-id\"")
+				.contains("WantAssertionsSigned=\"true\"").doesNotContain("<md:KeyDescriptor use=\"signing\">")
 				.doesNotContain("<md:KeyDescriptor use=\"encryption\">")
 				.contains("Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\"")
 				.contains("Location=\"https://rp.example.org/acs\" index=\"1\"");
 	}
+
 }
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverterTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverterTests.java
index e9a85b8a01..7241cfc1a9 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverterTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverterTests.java
@@ -33,30 +33,24 @@ import static org.assertj.core.api.Assertions.assertThatCode;
 import static org.springframework.http.HttpStatus.OK;
 
 public class OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverterTests {
-	private static final String CERTIFICATE =
-			"MIIEEzCCAvugAwIBAgIJAIc1qzLrv+5nMA0GCSqGSIb3DQEBCwUAMIGfMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ08xFDASBgNVBAcMC0Nhc3RsZSBSb2NrMRwwGgYDVQQKDBNTYW1sIFRlc3RpbmcgU2VydmVyMQswCQYDVQQLDAJJVDEgMB4GA1UEAwwXc2ltcGxlc2FtbHBocC5jZmFwcHMuaW8xIDAeBgkqhkiG9w0BCQEWEWZoYW5pa0BwaXZvdGFsLmlvMB4XDTE1MDIyMzIyNDUwM1oXDTI1MDIyMjIyNDUwM1owgZ8xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDTzEUMBIGA1UEBwwLQ2FzdGxlIFJvY2sxHDAaBgNVBAoME1NhbWwgVGVzdGluZyBTZXJ2ZXIxCzAJBgNVBAsMAklUMSAwHgYDVQQDDBdzaW1wbGVzYW1scGhwLmNmYXBwcy5pbzEgMB4GCSqGSIb3DQEJARYRZmhhbmlrQHBpdm90YWwuaW8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4cn62E1xLqpN34PmbrKBbkOXFjzWgJ9b+pXuaRft6A339uuIQeoeH5qeSKRVTl32L0gdz2ZivLwZXW+cqvftVW1tvEHvzJFyxeTW3fCUeCQsebLnA2qRa07RkxTo6Nf244mWWRDodcoHEfDUSbxfTZ6IExSojSIU2RnD6WllYWFdD1GFpBJOmQB8rAc8wJIBdHFdQnX8Ttl7hZ6rtgqEYMzYVMuJ2F2r1HSU1zSAvwpdYP6rRGFRJEfdA9mm3WKfNLSc5cljz0X/TXy0vVlAV95l9qcfFzPmrkNIst9FZSwpvB49LyAVke04FQPPwLgVH4gphiJH3jvZ7I+J5lS8VAgMBAAGjUDBOMB0GA1UdDgQWBBTTyP6Cc5HlBJ5+ucVCwGc5ogKNGzAfBgNVHSMEGDAWgBTTyP6Cc5HlBJ5+ucVCwGc5ogKNGzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAvMS4EQeP/ipV4jOG5lO6/tYCb/iJeAduOnRhkJk0DbX329lDLZhTTL/x/w/9muCVcvLrzEp6PN+VWfw5E5FWtZN0yhGtP9R+vZnrV+oc2zGD+no1/ySFOe3EiJCO5dehxKjYEmBRv5sU/LZFKZpozKN/BMEa6CqLuxbzb7ykxVr7EVFXwltPxzE9TmL9OACNNyF5eJHWMRMllarUvkcXlh4pux4ks9e6zV9DQBy2zds9f1I3qxg0eX6JnGrXi/ZiCT+lJgVe3ZFXiejiLAiKB04sXW3ti0LW3lx13Y1YlQ4/tlpgTgfIJxKV6nyPiLoK0nywbMd+vpAirDt2Oc+hk";
 
-	private static final String ENTITY_DESCRIPTOR_TEMPLATE =
-			"<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n" +
-			"<md:EntityDescriptor xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\" " +
-					"entityID=\"entity-id\" " +
-					"ID=\"_bf133aac099b99b3d81286e1a341f2d34188043a77fe15bf4bf1487dae9b2ea3\">\n%s" +
-			"</md:EntityDescriptor>";
-	private static final String IDP_SSO_DESCRIPTOR_TEMPLATE =
-			"<md:IDPSSODescriptor protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\">\n" +
-				"%s\n" +
-			"</md:IDPSSODescriptor>";
-	private static final String KEY_DESCRIPTOR_TEMPLATE =
-			"<md:KeyDescriptor %s>\n" +
-				"<ds:KeyInfo xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\">\n" +
-					"<ds:X509Data>\n" +
-						"<ds:X509Certificate>" + CERTIFICATE + "</ds:X509Certificate>\n" +
-					"</ds:X509Data>\n" +
-				"</ds:KeyInfo>\n" +
-			"</md:KeyDescriptor>";
-	private static final String SINGLE_SIGN_ON_SERVICE_TEMPLATE =
-			"<md:SingleSignOnService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\" " +
-					"Location=\"sso-location\"/>";
+	private static final String CERTIFICATE = "MIIEEzCCAvugAwIBAgIJAIc1qzLrv+5nMA0GCSqGSIb3DQEBCwUAMIGfMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ08xFDASBgNVBAcMC0Nhc3RsZSBSb2NrMRwwGgYDVQQKDBNTYW1sIFRlc3RpbmcgU2VydmVyMQswCQYDVQQLDAJJVDEgMB4GA1UEAwwXc2ltcGxlc2FtbHBocC5jZmFwcHMuaW8xIDAeBgkqhkiG9w0BCQEWEWZoYW5pa0BwaXZvdGFsLmlvMB4XDTE1MDIyMzIyNDUwM1oXDTI1MDIyMjIyNDUwM1owgZ8xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDTzEUMBIGA1UEBwwLQ2FzdGxlIFJvY2sxHDAaBgNVBAoME1NhbWwgVGVzdGluZyBTZXJ2ZXIxCzAJBgNVBAsMAklUMSAwHgYDVQQDDBdzaW1wbGVzYW1scGhwLmNmYXBwcy5pbzEgMB4GCSqGSIb3DQEJARYRZmhhbmlrQHBpdm90YWwuaW8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4cn62E1xLqpN34PmbrKBbkOXFjzWgJ9b+pXuaRft6A339uuIQeoeH5qeSKRVTl32L0gdz2ZivLwZXW+cqvftVW1tvEHvzJFyxeTW3fCUeCQsebLnA2qRa07RkxTo6Nf244mWWRDodcoHEfDUSbxfTZ6IExSojSIU2RnD6WllYWFdD1GFpBJOmQB8rAc8wJIBdHFdQnX8Ttl7hZ6rtgqEYMzYVMuJ2F2r1HSU1zSAvwpdYP6rRGFRJEfdA9mm3WKfNLSc5cljz0X/TXy0vVlAV95l9qcfFzPmrkNIst9FZSwpvB49LyAVke04FQPPwLgVH4gphiJH3jvZ7I+J5lS8VAgMBAAGjUDBOMB0GA1UdDgQWBBTTyP6Cc5HlBJ5+ucVCwGc5ogKNGzAfBgNVHSMEGDAWgBTTyP6Cc5HlBJ5+ucVCwGc5ogKNGzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAvMS4EQeP/ipV4jOG5lO6/tYCb/iJeAduOnRhkJk0DbX329lDLZhTTL/x/w/9muCVcvLrzEp6PN+VWfw5E5FWtZN0yhGtP9R+vZnrV+oc2zGD+no1/ySFOe3EiJCO5dehxKjYEmBRv5sU/LZFKZpozKN/BMEa6CqLuxbzb7ykxVr7EVFXwltPxzE9TmL9OACNNyF5eJHWMRMllarUvkcXlh4pux4ks9e6zV9DQBy2zds9f1I3qxg0eX6JnGrXi/ZiCT+lJgVe3ZFXiejiLAiKB04sXW3ti0LW3lx13Y1YlQ4/tlpgTgfIJxKV6nyPiLoK0nywbMd+vpAirDt2Oc+hk";
+
+	private static final String ENTITY_DESCRIPTOR_TEMPLATE = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n"
+			+ "<md:EntityDescriptor xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\" " + "entityID=\"entity-id\" "
+			+ "ID=\"_bf133aac099b99b3d81286e1a341f2d34188043a77fe15bf4bf1487dae9b2ea3\">\n%s"
+			+ "</md:EntityDescriptor>";
+
+	private static final String IDP_SSO_DESCRIPTOR_TEMPLATE = "<md:IDPSSODescriptor protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\">\n"
+			+ "%s\n" + "</md:IDPSSODescriptor>";
+
+	private static final String KEY_DESCRIPTOR_TEMPLATE = "<md:KeyDescriptor %s>\n"
+			+ "<ds:KeyInfo xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\">\n" + "<ds:X509Data>\n"
+			+ "<ds:X509Certificate>" + CERTIFICATE + "</ds:X509Certificate>\n" + "</ds:X509Data>\n" + "</ds:KeyInfo>\n"
+			+ "</md:KeyDescriptor>";
+
+	private static final String SINGLE_SIGN_ON_SERVICE_TEMPLATE = "<md:SingleSignOnService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\" "
+			+ "Location=\"sso-location\"/>";
 
 	private OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverter converter;
 
@@ -67,8 +61,8 @@ public class OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverterTests {
 
 	@Test
 	public void readWhenMissingIDPSSODescriptorThenException() {
-		MockClientHttpResponse response = new MockClientHttpResponse
-				((String.format(ENTITY_DESCRIPTOR_TEMPLATE, "")).getBytes(), OK);
+		MockClientHttpResponse response = new MockClientHttpResponse(
+				(String.format(ENTITY_DESCRIPTOR_TEMPLATE, "")).getBytes(), OK);
 		assertThatCode(() -> this.converter.read(RelyingPartyRegistration.Builder.class, response))
 				.isInstanceOf(Saml2Exception.class)
 				.hasMessageContaining("Metadata response is missing the necessary IDPSSODescriptor element");
@@ -76,41 +70,34 @@ public class OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverterTests {
 
 	@Test
 	public void readWhenMissingVerificationKeyThenException() {
-		String payload = String.format(ENTITY_DESCRIPTOR_TEMPLATE,
-				String.format(IDP_SSO_DESCRIPTOR_TEMPLATE, ""));
+		String payload = String.format(ENTITY_DESCRIPTOR_TEMPLATE, String.format(IDP_SSO_DESCRIPTOR_TEMPLATE, ""));
 		MockClientHttpResponse response = new MockClientHttpResponse(payload.getBytes(), OK);
 		assertThatCode(() -> this.converter.read(RelyingPartyRegistration.Builder.class, response))
-				.isInstanceOf(Saml2Exception.class)
-				.hasMessageContaining("Metadata response is missing verification certificates, necessary for verifying SAML assertions");
+				.isInstanceOf(Saml2Exception.class).hasMessageContaining(
+						"Metadata response is missing verification certificates, necessary for verifying SAML assertions");
 	}
 
 	@Test
 	public void readWhenMissingSingleSignOnServiceThenException() {
 		String payload = String.format(ENTITY_DESCRIPTOR_TEMPLATE,
-				String.format(IDP_SSO_DESCRIPTOR_TEMPLATE,
-						String.format(KEY_DESCRIPTOR_TEMPLATE, "use=\"signing\"")
-				));
+				String.format(IDP_SSO_DESCRIPTOR_TEMPLATE, String.format(KEY_DESCRIPTOR_TEMPLATE, "use=\"signing\"")));
 		MockClientHttpResponse response = new MockClientHttpResponse(payload.getBytes(), OK);
 		assertThatCode(() -> this.converter.read(RelyingPartyRegistration.Builder.class, response))
-				.isInstanceOf(Saml2Exception.class)
-				.hasMessageContaining("Metadata response is missing a SingleSignOnService, necessary for sending AuthnRequests");
+				.isInstanceOf(Saml2Exception.class).hasMessageContaining(
+						"Metadata response is missing a SingleSignOnService, necessary for sending AuthnRequests");
 	}
 
 	@Test
 	public void readWhenDescriptorFullySpecifiedThenConfigures() throws Exception {
 		String payload = String.format(ENTITY_DESCRIPTOR_TEMPLATE,
 				String.format(IDP_SSO_DESCRIPTOR_TEMPLATE,
-						String.format(KEY_DESCRIPTOR_TEMPLATE, "use=\"signing\"") +
-						String.format(KEY_DESCRIPTOR_TEMPLATE, "use=\"encryption\"") +
-						String.format(SINGLE_SIGN_ON_SERVICE_TEMPLATE)
-				));
+						String.format(KEY_DESCRIPTOR_TEMPLATE, "use=\"signing\"")
+								+ String.format(KEY_DESCRIPTOR_TEMPLATE, "use=\"encryption\"")
+								+ String.format(SINGLE_SIGN_ON_SERVICE_TEMPLATE)));
 		MockClientHttpResponse response = new MockClientHttpResponse(payload.getBytes(), OK);
-		RelyingPartyRegistration registration =
-				this.converter.read(RelyingPartyRegistration.Builder.class, response)
-						.registrationId("one")
-						.build();
-		RelyingPartyRegistration.AssertingPartyDetails details =
-				registration.getAssertingPartyDetails();
+		RelyingPartyRegistration registration = this.converter.read(RelyingPartyRegistration.Builder.class, response)
+				.registrationId("one").build();
+		RelyingPartyRegistration.AssertingPartyDetails details = registration.getAssertingPartyDetails();
 		assertThat(details.getWantAuthnRequestsSigned()).isFalse();
 		assertThat(details.getSingleSignOnServiceLocation()).isEqualTo("sso-location");
 		assertThat(details.getSingleSignOnServiceBinding()).isEqualTo(Saml2MessageBinding.REDIRECT);
@@ -125,18 +112,12 @@ public class OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverterTests {
 
 	@Test
 	public void readWhenKeyDescriptorHasNoUseThenConfiguresBothKeyTypes() throws Exception {
-		String payload = String.format(ENTITY_DESCRIPTOR_TEMPLATE,
-				String.format(IDP_SSO_DESCRIPTOR_TEMPLATE,
-						String.format(KEY_DESCRIPTOR_TEMPLATE, "") +
-						String.format(SINGLE_SIGN_ON_SERVICE_TEMPLATE)
-				));
+		String payload = String.format(ENTITY_DESCRIPTOR_TEMPLATE, String.format(IDP_SSO_DESCRIPTOR_TEMPLATE,
+				String.format(KEY_DESCRIPTOR_TEMPLATE, "") + String.format(SINGLE_SIGN_ON_SERVICE_TEMPLATE)));
 		MockClientHttpResponse response = new MockClientHttpResponse(payload.getBytes(), OK);
-		RelyingPartyRegistration registration =
-				this.converter.read(RelyingPartyRegistration.Builder.class, response)
-						.registrationId("one")
-						.build();
-		RelyingPartyRegistration.AssertingPartyDetails details =
-				registration.getAssertingPartyDetails();
+		RelyingPartyRegistration registration = this.converter.read(RelyingPartyRegistration.Builder.class, response)
+				.registrationId("one").build();
+		RelyingPartyRegistration.AssertingPartyDetails details = registration.getAssertingPartyDetails();
 		assertThat(details.getVerificationX509Credentials().iterator().next().getCertificate())
 				.isEqualTo(x509Certificate(CERTIFICATE));
 		assertThat(details.getEncryptionX509Credentials()).hasSize(1);
@@ -147,10 +128,11 @@ public class OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverterTests {
 	X509Certificate x509Certificate(String data) {
 		try {
 			InputStream certificate = new ByteArrayInputStream(Base64.getDecoder().decode(data.getBytes()));
-			return (X509Certificate) CertificateFactory.getInstance("X.509")
-					.generateCertificate(certificate);
-		} catch (Exception e) {
+			return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(certificate);
+		}
+		catch (Exception e) {
 			throw new IllegalArgumentException(e);
 		}
 	}
+
 }
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistrationTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistrationTests.java
index d8cd44acd5..cad36be5d4 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistrationTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistrationTests.java
@@ -30,21 +30,16 @@ public class RelyingPartyRegistrationTests {
 
 	@Test
 	public void withRelyingPartyRegistrationWorks() {
-		RelyingPartyRegistration registration = relyingPartyRegistration()
-				.providerDetails(p -> p.binding(POST))
+		RelyingPartyRegistration registration = relyingPartyRegistration().providerDetails(p -> p.binding(POST))
 				.providerDetails(p -> p.signAuthNRequest(false))
-				.assertionConsumerServiceBinding(Saml2MessageBinding.REDIRECT)
-				.build();
+				.assertionConsumerServiceBinding(Saml2MessageBinding.REDIRECT).build();
 		RelyingPartyRegistration copy = RelyingPartyRegistration.withRelyingPartyRegistration(registration).build();
 		compareRegistrations(registration, copy);
 	}
 
 	private void compareRegistrations(RelyingPartyRegistration registration, RelyingPartyRegistration copy) {
-		assertThat(copy.getRegistrationId())
-				.isEqualTo(registration.getRegistrationId())
-				.isEqualTo("simplesamlphp");
-		assertThat(copy.getProviderDetails().getEntityId())
-				.isEqualTo(registration.getProviderDetails().getEntityId())
+		assertThat(copy.getRegistrationId()).isEqualTo(registration.getRegistrationId()).isEqualTo("simplesamlphp");
+		assertThat(copy.getProviderDetails().getEntityId()).isEqualTo(registration.getProviderDetails().getEntityId())
 				.isEqualTo(copy.getAssertingPartyDetails().getEntityId())
 				.isEqualTo(registration.getAssertingPartyDetails().getEntityId())
 				.isEqualTo("https://simplesaml-for-spring-saml.cfapps.io/saml2/idp/metadata.php");
@@ -53,38 +48,26 @@ public class RelyingPartyRegistrationTests {
 				.isEqualTo(copy.getAssertionConsumerServiceLocation())
 				.isEqualTo(registration.getAssertionConsumerServiceLocation())
 				.isEqualTo("{baseUrl}" + Saml2WebSsoAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI);
-		assertThat(copy.getCredentials())
-				.containsAll(registration.getCredentials())
-				.containsExactly(
-						registration.getCredentials().get(0),
-						registration.getCredentials().get(1)
-				);
-		assertThat(copy.getLocalEntityIdTemplate())
-				.isEqualTo(registration.getLocalEntityIdTemplate())
-				.isEqualTo(copy.getEntityId())
-				.isEqualTo(registration.getEntityId())
+		assertThat(copy.getCredentials()).containsAll(registration.getCredentials())
+				.containsExactly(registration.getCredentials().get(0), registration.getCredentials().get(1));
+		assertThat(copy.getLocalEntityIdTemplate()).isEqualTo(registration.getLocalEntityIdTemplate())
+				.isEqualTo(copy.getEntityId()).isEqualTo(registration.getEntityId())
 				.isEqualTo("{baseUrl}/saml2/service-provider-metadata/{registrationId}");
-		assertThat(copy.getProviderDetails().getWebSsoUrl())
-				.isEqualTo(registration.getProviderDetails().getWebSsoUrl())
+		assertThat(copy.getProviderDetails().getWebSsoUrl()).isEqualTo(registration.getProviderDetails().getWebSsoUrl())
 				.isEqualTo(copy.getAssertingPartyDetails().getSingleSignOnServiceLocation())
 				.isEqualTo(registration.getAssertingPartyDetails().getSingleSignOnServiceLocation())
 				.isEqualTo("https://simplesaml-for-spring-saml.cfapps.io/saml2/idp/SSOService.php");
-		assertThat(copy.getProviderDetails().getBinding())
-				.isEqualTo(registration.getProviderDetails().getBinding())
+		assertThat(copy.getProviderDetails().getBinding()).isEqualTo(registration.getProviderDetails().getBinding())
 				.isEqualTo(copy.getAssertingPartyDetails().getSingleSignOnServiceBinding())
-				.isEqualTo(registration.getAssertingPartyDetails().getSingleSignOnServiceBinding())
-				.isEqualTo(POST);
+				.isEqualTo(registration.getAssertingPartyDetails().getSingleSignOnServiceBinding()).isEqualTo(POST);
 		assertThat(copy.getProviderDetails().isSignAuthNRequest())
 				.isEqualTo(registration.getProviderDetails().isSignAuthNRequest())
 				.isEqualTo(copy.getAssertingPartyDetails().getWantAuthnRequestsSigned())
-				.isEqualTo(registration.getAssertingPartyDetails().getWantAuthnRequestsSigned())
-				.isFalse();
+				.isEqualTo(registration.getAssertingPartyDetails().getWantAuthnRequestsSigned()).isFalse();
 		assertThat(copy.getAssertionConsumerServiceBinding())
 				.isEqualTo(registration.getAssertionConsumerServiceBinding());
-		assertThat(copy.getDecryptionX509Credentials())
-				.isEqualTo(registration.getDecryptionX509Credentials());
-		assertThat(copy.getSigningX509Credentials())
-				.isEqualTo(registration.getSigningX509Credentials());
+		assertThat(copy.getDecryptionX509Credentials()).isEqualTo(registration.getDecryptionX509Credentials());
+		assertThat(copy.getSigningX509Credentials()).isEqualTo(registration.getSigningX509Credentials());
 		assertThat(copy.getAssertingPartyDetails().getEncryptionX509Credentials())
 				.isEqualTo(registration.getAssertingPartyDetails().getEncryptionX509Credentials());
 		assertThat(copy.getAssertingPartyDetails().getVerificationX509Credentials())
@@ -93,16 +76,13 @@ public class RelyingPartyRegistrationTests {
 
 	@Test
 	public void buildWhenUsingDefaultsThenAssertionConsumerServiceBindingDefaultsToPost() {
-		RelyingPartyRegistration relyingPartyRegistration = withRegistrationId("id")
-				.entityId("entity-id")
+		RelyingPartyRegistration relyingPartyRegistration = withRegistrationId("id").entityId("entity-id")
 				.assertionConsumerServiceLocation("location")
-				.assertingPartyDetails(assertingParty -> assertingParty
-					.entityId("entity-id")
-					.singleSignOnServiceLocation("location"))
-					.credentials(c -> c.add(relyingPartyVerifyingCredential()))
-				.build();
+				.assertingPartyDetails(
+						assertingParty -> assertingParty.entityId("entity-id").singleSignOnServiceLocation("location"))
+				.credentials(c -> c.add(relyingPartyVerifyingCredential())).build();
 
-		assertThat(relyingPartyRegistration.getAssertionConsumerServiceBinding())
-				.isEqualTo(POST);
+		assertThat(relyingPartyRegistration.getAssertionConsumerServiceBinding()).isEqualTo(POST);
 	}
+
 }
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistrationsTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistrationsTests.java
index c3dfaed2b2..1af5ede3b7 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistrationsTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistrationsTests.java
@@ -29,108 +29,72 @@ import static org.assertj.core.api.AssertionsForClassTypes.assertThatCode;
  * Tests for {@link RelyingPartyRegistration}
  */
 public class RelyingPartyRegistrationsTests {
-	private static final String IDP_SSO_DESCRIPTOR_PAYLOAD =
-			"<md:EntityDescriptor entityID=\"https://idp.example.com/idp/shibboleth\"\n" +
-					"                     xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"\n" +
-					"                     xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"\n" +
-					"                     xmlns:shibmd=\"urn:mace:shibboleth:metadata:1.0\"\n" +
-					"                     xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\"\n" +
-					"                     xmlns:mdui=\"urn:oasis:names:tc:SAML:metadata:ui\">\n" +
-					"    \n" +
-					"   <md:IDPSSODescriptor protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\">\n" +
-					"      <md:Extensions>\n" +
-					"         <shibmd:Scope regexp=\"false\">example.com</shibmd:Scope>\n" +
-					"  \n" +
-					"         <mdui:UIInfo>\n" +
-					"            <mdui:DisplayName xml:lang=\"en\">\n" +
-					"               Consortium GARR IdP\n" +
-					"            </mdui:DisplayName>\n" +
-					"            <mdui:DisplayName xml:lang=\"it\">\n" +
-					"               Consortium GARR IdP\n" +
-					"            </mdui:DisplayName>\n" +
-					"    \n" +
-					"            <mdui:Description xml:lang=\"en\">\n" +
-					"               This Identity Provider gives support for the Consortium GARR's user community\n" +
-					"            </mdui:Description>\n" +
-					"            <mdui:Description xml:lang=\"it\">\n" +
-					"               Questo Identity Provider di test fornisce supporto alla comunita' utenti GARR\n" +
-					"            </mdui:Description>\n" +
-					"         </mdui:UIInfo>\n" +
-					"      </md:Extensions>\n" +
-					"    \n" +
-					"      <md:KeyDescriptor>\n" +
-					"         <ds:KeyInfo>\n" +
-					"            <ds:X509Data>\n" +
-					"               <ds:X509Certificate>\n" +
-					"                  MIIDZjCCAk6gAwIBAgIVAL9O+PA7SXtlwZZY8MVSE9On1cVWMA0GCSqGSIb3DQEB\n" +
-					"                  BQUAMCkxJzAlBgNVBAMTHmlkZW0tcHVwYWdlbnQuZG16LWludC51bmltby5pdDAe\n" +
-					"                  Fw0xMzA3MjQwMDQ0MTRaFw0zMzA3MjQwMDQ0MTRaMCkxJzAlBgNVBAMTHmlkZW0t\n" +
-					"                  cHVwYWdlbnQuZG16LWludC51bmltby5pdDCCASIwDQYJKoZIhvcNAMIIDQADggEP\n" +
-					"                  ADCCAQoCggEBAIAcp/VyzZGXUF99kwj4NvL/Rwv4YvBgLWzpCuoxqHZ/hmBwJtqS\n" +
-					"                  v0y9METBPFbgsF3hCISnxbcmNVxf/D0MoeKtw1YPbsUmow/bFe+r72hZ+IVAcejN\n" +
-					"                  iDJ7t5oTjsRN1t1SqvVVk6Ryk5AZhpFW+W9pE9N6c7kJ16Rp2/mbtax9OCzxpece\n" +
-					"                  byi1eiLfIBmkcRawL/vCc2v6VLI18i6HsNVO3l2yGosKCbuSoGDx2fCdAOk/rgdz\n" +
-					"                  cWOvFsIZSKuD+FVbSS/J9GVs7yotsS4PRl4iX9UMnfDnOMfO7bcBgbXtDl4SCU1v\n" +
-					"                  dJrRw7IL/pLz34Rv9a8nYitrzrxtLOp3nYUCAwEAAaOBhDCBgTBgBgMIIDEEWTBX\n" +
-					"                  gh5pZGVtLXB1cGFnZW50LmRtei1pbnQudW5pbW8uaXSGNWh0dHBzOi8vaWRlbS1w\n" +
-					"                  dXBhZ2VudC5kbXotaW50LnVuaW1vLml0L2lkcC9zaGliYm9sZXRoMB0GA1UdDgQW\n" +
-					"                  BBT8PANzz+adGnTRe8ldcyxAwe4VnzANBgkqhkiG9w0BAQUFAAOCAQEAOEnO8Clu\n" +
-					"                  9z/Lf/8XOOsTdxJbV29DIF3G8KoQsB3dBsLwPZVEAQIP6ceS32Xaxrl6FMTDDNkL\n" +
-					"                  qUvvInUisw0+I5zZwYHybJQCletUWTnz58SC4C9G7FpuXHFZnOGtRcgGD1NOX4UU\n" +
-					"                  duus/4nVcGSLhDjszZ70Xtj0gw2Sn46oQPHTJ81QZ3Y9ih+Aj1c9OtUSBwtWZFkU\n" +
-					"                  yooAKoR8li68Yb21zN2N65AqV+ndL98M8xUYMKLONuAXStDeoVCipH6PJ09Z5U2p\n" +
-					"                  V5p4IQRV6QBsNw9CISJFuHzkVYTH5ZxzN80Ru46vh4y2M0Nu8GQ9I085KoZkrf5e\n" +
-					"                  Cq53OZt9ISjHEw==\n" +
-					"               </ds:X509Certificate>\n" +
-					"            </ds:X509Data>\n" +
-					"         </ds:KeyInfo>\n" +
-					"      </md:KeyDescriptor>\n" +
-					"   \n" +
-					"      <md:SingleSignOnService\n" +
-					"         Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\"\n" +
-					"         Location=\"https://idp.example.com/idp/profile/SAML2/POST/SSO\"/>\n" +
-					"   </md:IDPSSODescriptor>\n" +
-					"    \n" +
-					"   <md:Organization>\n" +
-					"      <md:OrganizationName xml:lang=\"en\">\n" +
-					"         Consortium GARR\n" +
-					"      </md:OrganizationName>\n" +
-					"      <md:OrganizationName xml:lang=\"it\">\n" +
-					"         Consortium GARR\n" +
-					"      </md:OrganizationName>\n" +
-					"   \n" +
-					"      <md:OrganizationDisplayName xml:lang=\"en\">\n" +
-					"         Consortium GARR\n" +
-					"      </md:OrganizationDisplayName>\n" +
-					"      <md:OrganizationDisplayName xml:lang=\"it\">\n" +
-					"         Consortium GARR\n" +
-					"      </md:OrganizationDisplayName>\n" +
-					"   \n" +
-					"      <md:OrganizationURL xml:lang=\"it\">\n" +
-					"         https://example.org\n" +
-					"      </md:OrganizationURL>\n" +
-					"   </md:Organization>\n" +
-					"    \n" +
-					"   <md:ContactPerson contactType=\"technical\">\n" +
-					"      <md:EmailAddress>mailto:technical.contact@example.com</md:EmailAddress>\n" +
-					"   </md:ContactPerson>\n" +
-					"    \n" +
-					"</md:EntityDescriptor>";
+
+	private static final String IDP_SSO_DESCRIPTOR_PAYLOAD = "<md:EntityDescriptor entityID=\"https://idp.example.com/idp/shibboleth\"\n"
+			+ "                     xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"\n"
+			+ "                     xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"\n"
+			+ "                     xmlns:shibmd=\"urn:mace:shibboleth:metadata:1.0\"\n"
+			+ "                     xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\"\n"
+			+ "                     xmlns:mdui=\"urn:oasis:names:tc:SAML:metadata:ui\">\n" + "    \n"
+			+ "   <md:IDPSSODescriptor protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\">\n"
+			+ "      <md:Extensions>\n" + "         <shibmd:Scope regexp=\"false\">example.com</shibmd:Scope>\n"
+			+ "  \n" + "         <mdui:UIInfo>\n" + "            <mdui:DisplayName xml:lang=\"en\">\n"
+			+ "               Consortium GARR IdP\n" + "            </mdui:DisplayName>\n"
+			+ "            <mdui:DisplayName xml:lang=\"it\">\n" + "               Consortium GARR IdP\n"
+			+ "            </mdui:DisplayName>\n" + "    \n" + "            <mdui:Description xml:lang=\"en\">\n"
+			+ "               This Identity Provider gives support for the Consortium GARR's user community\n"
+			+ "            </mdui:Description>\n" + "            <mdui:Description xml:lang=\"it\">\n"
+			+ "               Questo Identity Provider di test fornisce supporto alla comunita' utenti GARR\n"
+			+ "            </mdui:Description>\n" + "         </mdui:UIInfo>\n" + "      </md:Extensions>\n" + "    \n"
+			+ "      <md:KeyDescriptor>\n" + "         <ds:KeyInfo>\n" + "            <ds:X509Data>\n"
+			+ "               <ds:X509Certificate>\n"
+			+ "                  MIIDZjCCAk6gAwIBAgIVAL9O+PA7SXtlwZZY8MVSE9On1cVWMA0GCSqGSIb3DQEB\n"
+			+ "                  BQUAMCkxJzAlBgNVBAMTHmlkZW0tcHVwYWdlbnQuZG16LWludC51bmltby5pdDAe\n"
+			+ "                  Fw0xMzA3MjQwMDQ0MTRaFw0zMzA3MjQwMDQ0MTRaMCkxJzAlBgNVBAMTHmlkZW0t\n"
+			+ "                  cHVwYWdlbnQuZG16LWludC51bmltby5pdDCCASIwDQYJKoZIhvcNAMIIDQADggEP\n"
+			+ "                  ADCCAQoCggEBAIAcp/VyzZGXUF99kwj4NvL/Rwv4YvBgLWzpCuoxqHZ/hmBwJtqS\n"
+			+ "                  v0y9METBPFbgsF3hCISnxbcmNVxf/D0MoeKtw1YPbsUmow/bFe+r72hZ+IVAcejN\n"
+			+ "                  iDJ7t5oTjsRN1t1SqvVVk6Ryk5AZhpFW+W9pE9N6c7kJ16Rp2/mbtax9OCzxpece\n"
+			+ "                  byi1eiLfIBmkcRawL/vCc2v6VLI18i6HsNVO3l2yGosKCbuSoGDx2fCdAOk/rgdz\n"
+			+ "                  cWOvFsIZSKuD+FVbSS/J9GVs7yotsS4PRl4iX9UMnfDnOMfO7bcBgbXtDl4SCU1v\n"
+			+ "                  dJrRw7IL/pLz34Rv9a8nYitrzrxtLOp3nYUCAwEAAaOBhDCBgTBgBgMIIDEEWTBX\n"
+			+ "                  gh5pZGVtLXB1cGFnZW50LmRtei1pbnQudW5pbW8uaXSGNWh0dHBzOi8vaWRlbS1w\n"
+			+ "                  dXBhZ2VudC5kbXotaW50LnVuaW1vLml0L2lkcC9zaGliYm9sZXRoMB0GA1UdDgQW\n"
+			+ "                  BBT8PANzz+adGnTRe8ldcyxAwe4VnzANBgkqhkiG9w0BAQUFAAOCAQEAOEnO8Clu\n"
+			+ "                  9z/Lf/8XOOsTdxJbV29DIF3G8KoQsB3dBsLwPZVEAQIP6ceS32Xaxrl6FMTDDNkL\n"
+			+ "                  qUvvInUisw0+I5zZwYHybJQCletUWTnz58SC4C9G7FpuXHFZnOGtRcgGD1NOX4UU\n"
+			+ "                  duus/4nVcGSLhDjszZ70Xtj0gw2Sn46oQPHTJ81QZ3Y9ih+Aj1c9OtUSBwtWZFkU\n"
+			+ "                  yooAKoR8li68Yb21zN2N65AqV+ndL98M8xUYMKLONuAXStDeoVCipH6PJ09Z5U2p\n"
+			+ "                  V5p4IQRV6QBsNw9CISJFuHzkVYTH5ZxzN80Ru46vh4y2M0Nu8GQ9I085KoZkrf5e\n"
+			+ "                  Cq53OZt9ISjHEw==\n" + "               </ds:X509Certificate>\n"
+			+ "            </ds:X509Data>\n" + "         </ds:KeyInfo>\n" + "      </md:KeyDescriptor>\n" + "   \n"
+			+ "      <md:SingleSignOnService\n"
+			+ "         Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\"\n"
+			+ "         Location=\"https://idp.example.com/idp/profile/SAML2/POST/SSO\"/>\n"
+			+ "   </md:IDPSSODescriptor>\n" + "    \n" + "   <md:Organization>\n"
+			+ "      <md:OrganizationName xml:lang=\"en\">\n" + "         Consortium GARR\n"
+			+ "      </md:OrganizationName>\n" + "      <md:OrganizationName xml:lang=\"it\">\n"
+			+ "         Consortium GARR\n" + "      </md:OrganizationName>\n" + "   \n"
+			+ "      <md:OrganizationDisplayName xml:lang=\"en\">\n" + "         Consortium GARR\n"
+			+ "      </md:OrganizationDisplayName>\n" + "      <md:OrganizationDisplayName xml:lang=\"it\">\n"
+			+ "         Consortium GARR\n" + "      </md:OrganizationDisplayName>\n" + "   \n"
+			+ "      <md:OrganizationURL xml:lang=\"it\">\n" + "         https://example.org\n"
+			+ "      </md:OrganizationURL>\n" + "   </md:Organization>\n" + "    \n"
+			+ "   <md:ContactPerson contactType=\"technical\">\n"
+			+ "      <md:EmailAddress>mailto:technical.contact@example.com</md:EmailAddress>\n"
+			+ "   </md:ContactPerson>\n" + "    \n" + "</md:EntityDescriptor>";
 
 	@Test
 	public void fromMetadataLocationWhenResolvableThenPopulatesBuilder() throws Exception {
 		try (MockWebServer server = new MockWebServer()) {
 			server.enqueue(new MockResponse().setBody(IDP_SSO_DESCRIPTOR_PAYLOAD).setResponseCode(200));
 			RelyingPartyRegistration registration = RelyingPartyRegistrations
-					.fromMetadataLocation(server.url("/").toString())
-					.entityId("rp")
-					.build();
+					.fromMetadataLocation(server.url("/").toString()).entityId("rp").build();
 			RelyingPartyRegistration.AssertingPartyDetails details = registration.getAssertingPartyDetails();
 			assertThat(details.getEntityId()).isEqualTo("https://idp.example.com/idp/shibboleth");
 			assertThat(details.getSingleSignOnServiceLocation())
 					.isEqualTo("https://idp.example.com/idp/profile/SAML2/POST/SSO");
-			assertThat(details.getSingleSignOnServiceBinding())
-					.isEqualTo(Saml2MessageBinding.POST);
+			assertThat(details.getSingleSignOnServiceBinding()).isEqualTo(Saml2MessageBinding.POST);
 			assertThat(details.getVerificationX509Credentials()).hasSize(1);
 			assertThat(details.getEncryptionX509Credentials()).hasSize(1);
 		}
@@ -156,4 +120,5 @@ public class RelyingPartyRegistrationsTests {
 					.isInstanceOf(Saml2Exception.class);
 		}
 	}
+
 }
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/TestRelyingPartyRegistrations.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/TestRelyingPartyRegistrations.java
index c378576f26..dd0f502553 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/TestRelyingPartyRegistrations.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/TestRelyingPartyRegistrations.java
@@ -33,40 +33,32 @@ public class TestRelyingPartyRegistrations {
 
 		String rpEntityId = "{baseUrl}/saml2/service-provider-metadata/{registrationId}";
 		Saml2X509Credential signingCredential = relyingPartySigningCredential();
-		String assertionConsumerServiceLocation = "{baseUrl}" + Saml2WebSsoAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI;
+		String assertionConsumerServiceLocation = "{baseUrl}"
+				+ Saml2WebSsoAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI;
 
 		String apEntityId = "https://simplesaml-for-spring-saml.cfapps.io/saml2/idp/metadata.php";
 		Saml2X509Credential verificationCertificate = relyingPartyVerifyingCredential();
 		String singleSignOnServiceLocation = "https://simplesaml-for-spring-saml.cfapps.io/saml2/idp/SSOService.php";
 
-		return RelyingPartyRegistration.withRegistrationId(registrationId)
-				.entityId(rpEntityId)
+		return RelyingPartyRegistration.withRegistrationId(registrationId).entityId(rpEntityId)
 				.assertionConsumerServiceLocation(assertionConsumerServiceLocation)
 				.credentials(c -> c.add(signingCredential))
-				.providerDetails(c -> c
-						.entityId(apEntityId)
-						.webSsoUrl(singleSignOnServiceLocation))
-						.credentials(c -> c.add(verificationCertificate));
+				.providerDetails(c -> c.entityId(apEntityId).webSsoUrl(singleSignOnServiceLocation))
+				.credentials(c -> c.add(verificationCertificate));
 	}
 
 	public static RelyingPartyRegistration.Builder noCredentials() {
-		return RelyingPartyRegistration.withRegistrationId("registration-id")
-				.entityId("rp-entity-id")
-				.assertionConsumerServiceLocation("https://rp.example.org/acs")
-				.assertingPartyDetails(party -> party
-						.entityId("ap-entity-id")
-						.singleSignOnServiceLocation("https://ap.example.org/sso")
-				);
+		return RelyingPartyRegistration.withRegistrationId("registration-id").entityId("rp-entity-id")
+				.assertionConsumerServiceLocation("https://rp.example.org/acs").assertingPartyDetails(party -> party
+						.entityId("ap-entity-id").singleSignOnServiceLocation("https://ap.example.org/sso"));
 	}
 
 	public static RelyingPartyRegistration.Builder full() {
 		return noCredentials()
 				.signingX509Credentials(c -> c.add(TestSaml2X509Credentials.relyingPartySigningCredential()))
 				.decryptionX509Credentials(c -> c.add(TestSaml2X509Credentials.relyingPartyDecryptingCredential()))
-				.assertingPartyDetails(party -> party
-					.verificationX509Credentials(c -> c.add(
-							TestSaml2X509Credentials.relyingPartyVerifyingCredential())
-					)
-				);
+				.assertingPartyDetails(party -> party.verificationX509Credentials(
+						c -> c.add(TestSaml2X509Credentials.relyingPartyVerifyingCredential())));
 	}
+
 }
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationFilterTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationFilterTests.java
index b685adab56..495cfa3498 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationFilterTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationFilterTests.java
@@ -36,8 +36,11 @@ import static org.mockito.Mockito.when;
 public class Saml2WebSsoAuthenticationFilterTests {
 
 	private Saml2WebSsoAuthenticationFilter filter;
+
 	private RelyingPartyRegistrationRepository repository = mock(RelyingPartyRegistrationRepository.class);
+
 	private MockHttpServletRequest request = new MockHttpServletRequest();
+
 	private HttpServletResponse response = new MockHttpServletResponse();
 
 	@Rule
@@ -87,9 +90,11 @@ public class Saml2WebSsoAuthenticationFilterTests {
 		try {
 			filter.attemptAuthentication(request, response);
 			failBecauseExceptionWasNotThrown(Saml2AuthenticationException.class);
-		} catch (Exception e) {
+		}
+		catch (Exception e) {
 			assertThat(e).isInstanceOf(Saml2AuthenticationException.class);
 			assertThat(e.getMessage()).isEqualTo("No relying party registration found");
 		}
 	}
+
 }
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationRequestFilterTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationRequestFilterTests.java
index 1ea4d636c9..8a12be054d 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationRequestFilterTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationRequestFilterTests.java
@@ -48,14 +48,21 @@ import static org.springframework.security.saml2.provider.service.registration.S
 public class Saml2WebSsoAuthenticationRequestFilterTests {
 
 	private static final String IDP_SSO_URL = "https://sso-url.example.com/IDP/SSO";
+
 	private Saml2WebSsoAuthenticationRequestFilter filter;
+
 	private RelyingPartyRegistrationRepository repository = mock(RelyingPartyRegistrationRepository.class);
+
 	private Saml2AuthenticationRequestFactory factory = mock(Saml2AuthenticationRequestFactory.class);
-	private Saml2AuthenticationRequestContextResolver resolver =
-			mock(Saml2AuthenticationRequestContextResolver.class);
+
+	private Saml2AuthenticationRequestContextResolver resolver = mock(Saml2AuthenticationRequestContextResolver.class);
+
 	private MockHttpServletRequest request;
+
 	private MockHttpServletResponse response;
+
 	private MockFilterChain filterChain;
+
 	private RelyingPartyRegistration.Builder rpBuilder;
 
 	@Before
@@ -67,10 +74,8 @@ public class Saml2WebSsoAuthenticationRequestFilterTests {
 
 		filterChain = new MockFilterChain();
 
-		rpBuilder = RelyingPartyRegistration
-				.withRegistrationId("registration-id")
-				.providerDetails(c -> c.entityId("idp-entity-id"))
-				.providerDetails(c -> c.webSsoUrl(IDP_SSO_URL))
+		rpBuilder = RelyingPartyRegistration.withRegistrationId("registration-id")
+				.providerDetails(c -> c.entityId("idp-entity-id")).providerDetails(c -> c.webSsoUrl(IDP_SSO_URL))
 				.assertionConsumerServiceUrlTemplate("template")
 				.credentials(c -> c.add(assertingPartyPrivateCredential()));
 	}
@@ -79,9 +84,7 @@ public class Saml2WebSsoAuthenticationRequestFilterTests {
 	public void doFilterWhenNoRelayStateThenRedirectDoesNotContainParameter() throws ServletException, IOException {
 		when(repository.findByRegistrationId("registration-id")).thenReturn(rpBuilder.build());
 		filter.doFilterInternal(request, response, filterChain);
-		assertThat(response.getHeader("Location"))
-				.doesNotContain("RelayState=")
-				.startsWith(IDP_SSO_URL);
+		assertThat(response.getHeader("Location")).doesNotContain("RelayState=").startsWith(IDP_SSO_URL);
 	}
 
 	@Test
@@ -89,9 +92,7 @@ public class Saml2WebSsoAuthenticationRequestFilterTests {
 		when(repository.findByRegistrationId("registration-id")).thenReturn(rpBuilder.build());
 		request.setParameter("RelayState", "my-relay-state");
 		filter.doFilterInternal(request, response, filterChain);
-		assertThat(response.getHeader("Location"))
-				.contains("RelayState=my-relay-state")
-				.startsWith(IDP_SSO_URL);
+		assertThat(response.getHeader("Location")).contains("RelayState=my-relay-state").startsWith(IDP_SSO_URL);
 	}
 
 	@Test
@@ -101,53 +102,36 @@ public class Saml2WebSsoAuthenticationRequestFilterTests {
 		final String relayStateEncoded = UriUtils.encode(relayStateValue, StandardCharsets.ISO_8859_1);
 		request.setParameter("RelayState", relayStateValue);
 		filter.doFilterInternal(request, response, filterChain);
-		assertThat(response.getHeader("Location"))
-				.contains("RelayState="+relayStateEncoded)
-				.startsWith(IDP_SSO_URL);
+		assertThat(response.getHeader("Location")).contains("RelayState=" + relayStateEncoded).startsWith(IDP_SSO_URL);
 	}
 
 	@Test
 	public void doFilterWhenSimpleSignatureSpecifiedThenSignatureParametersAreInTheRedirectURL() throws Exception {
-		when(repository.findByRegistrationId("registration-id")).thenReturn(
-				rpBuilder
-						.build()
-		);
+		when(repository.findByRegistrationId("registration-id")).thenReturn(rpBuilder.build());
 		final String relayStateValue = "https://my-relay-state.example.com?with=param&other=param";
 		final String relayStateEncoded = UriUtils.encode(relayStateValue, StandardCharsets.ISO_8859_1);
 		request.setParameter("RelayState", relayStateValue);
 		filter.doFilterInternal(request, response, filterChain);
-		assertThat(response.getHeader("Location"))
-				.contains("RelayState="+relayStateEncoded)
-				.contains("SigAlg=")
-				.contains("Signature=")
-				.startsWith(IDP_SSO_URL);
+		assertThat(response.getHeader("Location")).contains("RelayState=" + relayStateEncoded).contains("SigAlg=")
+				.contains("Signature=").startsWith(IDP_SSO_URL);
 	}
 
 	@Test
 	public void doFilterWhenSignatureIsDisabledThenSignatureParametersAreNotInTheRedirectURL() throws Exception {
-		when(repository.findByRegistrationId("registration-id")).thenReturn(
-				rpBuilder
-						.providerDetails(c -> c.signAuthNRequest(false))
-						.build()
-		);
+		when(repository.findByRegistrationId("registration-id"))
+				.thenReturn(rpBuilder.providerDetails(c -> c.signAuthNRequest(false)).build());
 		final String relayStateValue = "https://my-relay-state.example.com?with=param&other=param";
 		final String relayStateEncoded = UriUtils.encode(relayStateValue, StandardCharsets.ISO_8859_1);
 		request.setParameter("RelayState", relayStateValue);
 		filter.doFilterInternal(request, response, filterChain);
-		assertThat(response.getHeader("Location"))
-				.contains("RelayState="+relayStateEncoded)
-				.doesNotContain("SigAlg=")
-				.doesNotContain("Signature=")
-				.startsWith(IDP_SSO_URL);
+		assertThat(response.getHeader("Location")).contains("RelayState=" + relayStateEncoded).doesNotContain("SigAlg=")
+				.doesNotContain("Signature=").startsWith(IDP_SSO_URL);
 	}
 
 	@Test
 	public void doFilterWhenPostFormDataIsPresent() throws Exception {
-		when(repository.findByRegistrationId("registration-id")).thenReturn(
-				rpBuilder
-						.providerDetails(c -> c.binding(POST))
-						.build()
-		);
+		when(repository.findByRegistrationId("registration-id"))
+				.thenReturn(rpBuilder.providerDetails(c -> c.binding(POST)).build());
 		final String relayStateValue = "https://my-relay-state.example.com?with=param&other=param&javascript{alert('1');}";
 		final String relayStateEncoded = HtmlUtils.htmlEscape(relayStateValue);
 		request.setParameter("RelayState", relayStateValue);
@@ -156,28 +140,23 @@ public class Saml2WebSsoAuthenticationRequestFilterTests {
 		assertThat(response.getContentAsString())
 				.contains("<form action=\"https://sso-url.example.com/IDP/SSO\" method=\"post\">")
 				.contains("<input type=\"hidden\" name=\"SAMLRequest\"")
-				.contains("value=\""+relayStateEncoded+"\"");
+				.contains("value=\"" + relayStateEncoded + "\"");
 	}
 
 	@Test
 	public void doFilterWhenSetAuthenticationRequestFactoryThenUses() throws Exception {
-		RelyingPartyRegistration relyingParty = this.rpBuilder
-				.providerDetails(c -> c.binding(POST))
-				.build();
+		RelyingPartyRegistration relyingParty = this.rpBuilder.providerDetails(c -> c.binding(POST)).build();
 		Saml2PostAuthenticationRequest authenticationRequest = mock(Saml2PostAuthenticationRequest.class);
 		when(authenticationRequest.getAuthenticationRequestUri()).thenReturn("uri");
 		when(authenticationRequest.getRelayState()).thenReturn("relay");
 		when(authenticationRequest.getSamlRequest()).thenReturn("saml");
 		when(this.repository.findByRegistrationId("registration-id")).thenReturn(relyingParty);
-		when(this.factory.createPostAuthenticationRequest(any()))
-				.thenReturn(authenticationRequest);
+		when(this.factory.createPostAuthenticationRequest(any())).thenReturn(authenticationRequest);
 
-		Saml2WebSsoAuthenticationRequestFilter filter = new Saml2WebSsoAuthenticationRequestFilter
-				(this.repository);
+		Saml2WebSsoAuthenticationRequestFilter filter = new Saml2WebSsoAuthenticationRequestFilter(this.repository);
 		filter.setAuthenticationRequestFactory(this.factory);
 		filter.doFilterInternal(this.request, this.response, this.filterChain);
-		assertThat(this.response.getContentAsString())
-				.contains("<form action=\"uri\" method=\"post\">")
+		assertThat(this.response.getContentAsString()).contains("<form action=\"uri\" method=\"post\">")
 				.contains("<input type=\"hidden\" name=\"SAMLRequest\" value=\"saml\"")
 				.contains("<input type=\"hidden\" name=\"RelayState\" value=\"relay\"");
 		verify(this.factory).createPostAuthenticationRequest(any());
@@ -185,24 +164,19 @@ public class Saml2WebSsoAuthenticationRequestFilterTests {
 
 	@Test
 	public void doFilterWhenCustomAuthenticationRequestFactoryThenUses() throws Exception {
-		RelyingPartyRegistration relyingParty = this.rpBuilder
-				.providerDetails(c -> c.binding(POST))
-				.build();
+		RelyingPartyRegistration relyingParty = this.rpBuilder.providerDetails(c -> c.binding(POST)).build();
 		Saml2PostAuthenticationRequest authenticationRequest = mock(Saml2PostAuthenticationRequest.class);
 		when(authenticationRequest.getAuthenticationRequestUri()).thenReturn("uri");
 		when(authenticationRequest.getRelayState()).thenReturn("relay");
 		when(authenticationRequest.getSamlRequest()).thenReturn("saml");
-		when(this.resolver.resolve(this.request)).thenReturn(authenticationRequestContext()
-				.relyingPartyRegistration(relyingParty)
-				.build());
-		when(this.factory.createPostAuthenticationRequest(any()))
-				.thenReturn(authenticationRequest);
+		when(this.resolver.resolve(this.request))
+				.thenReturn(authenticationRequestContext().relyingPartyRegistration(relyingParty).build());
+		when(this.factory.createPostAuthenticationRequest(any())).thenReturn(authenticationRequest);
 
-		Saml2WebSsoAuthenticationRequestFilter filter = new Saml2WebSsoAuthenticationRequestFilter
-				(this.resolver, this.factory);
+		Saml2WebSsoAuthenticationRequestFilter filter = new Saml2WebSsoAuthenticationRequestFilter(this.resolver,
+				this.factory);
 		filter.doFilterInternal(this.request, this.response, this.filterChain);
-		assertThat(this.response.getContentAsString())
-				.contains("<form action=\"uri\" method=\"post\">")
+		assertThat(this.response.getContentAsString()).contains("<form action=\"uri\" method=\"post\">")
 				.contains("<input type=\"hidden\" name=\"SAMLRequest\" value=\"saml\"")
 				.contains("<input type=\"hidden\" name=\"RelayState\" value=\"relay\"");
 		verify(this.factory).createPostAuthenticationRequest(any());
@@ -210,23 +184,19 @@ public class Saml2WebSsoAuthenticationRequestFilterTests {
 
 	@Test
 	public void setRequestMatcherWhenNullThenException() {
-		Saml2WebSsoAuthenticationRequestFilter filter = new Saml2WebSsoAuthenticationRequestFilter
-				(this.repository);
-		assertThatCode(() -> filter.setRedirectMatcher(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		Saml2WebSsoAuthenticationRequestFilter filter = new Saml2WebSsoAuthenticationRequestFilter(this.repository);
+		assertThatCode(() -> filter.setRedirectMatcher(null)).isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
 	public void setAuthenticationRequestFactoryWhenNullThenException() {
 		Saml2WebSsoAuthenticationRequestFilter filter = new Saml2WebSsoAuthenticationRequestFilter(this.repository);
-		assertThatCode(() -> filter.setAuthenticationRequestFactory(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatCode(() -> filter.setAuthenticationRequestFactory(null)).isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
 	public void doFilterWhenRequestMatcherFailsThenSkipsFilter() throws Exception {
-		Saml2WebSsoAuthenticationRequestFilter filter = new Saml2WebSsoAuthenticationRequestFilter
-				(this.repository);
+		Saml2WebSsoAuthenticationRequestFilter filter = new Saml2WebSsoAuthenticationRequestFilter(this.repository);
 		filter.setRedirectMatcher(request -> false);
 		filter.doFilter(this.request, this.response, this.filterChain);
 		verifyNoInteractions(this.repository);
@@ -234,9 +204,9 @@ public class Saml2WebSsoAuthenticationRequestFilterTests {
 
 	@Test
 	public void doFilterWhenRelyingPartyRegistrationNotFoundThenUnauthorized() throws Exception {
-		Saml2WebSsoAuthenticationRequestFilter filter = new Saml2WebSsoAuthenticationRequestFilter
-				(this.repository);
+		Saml2WebSsoAuthenticationRequestFilter filter = new Saml2WebSsoAuthenticationRequestFilter(this.repository);
 		filter.doFilter(this.request, this.response, this.filterChain);
 		assertThat(this.response.getStatus()).isEqualTo(401);
 	}
+
 }
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/DefaultRelyingPartyRegistrationResolverTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/DefaultRelyingPartyRegistrationResolverTests.java
index 693075f803..99f5e261a0 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/DefaultRelyingPartyRegistrationResolverTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/DefaultRelyingPartyRegistrationResolverTests.java
@@ -31,11 +31,14 @@ import static org.springframework.security.saml2.provider.service.registration.T
  * Tests for {@link DefaultRelyingPartyRegistrationResolver}
  */
 public class DefaultRelyingPartyRegistrationResolverTests {
+
 	private final RelyingPartyRegistration registration = relyingPartyRegistration().build();
-	private final RelyingPartyRegistrationRepository repository =
-			new InMemoryRelyingPartyRegistrationRepository(this.registration);
-	private final DefaultRelyingPartyRegistrationResolver resolver =
-			new DefaultRelyingPartyRegistrationResolver(this.repository);
+
+	private final RelyingPartyRegistrationRepository repository = new InMemoryRelyingPartyRegistrationRepository(
+			this.registration);
+
+	private final DefaultRelyingPartyRegistrationResolver resolver = new DefaultRelyingPartyRegistrationResolver(
+			this.repository);
 
 	@Test
 	public void resolveWhenRequestContainsRegistrationIdThenResolves() {
@@ -43,8 +46,7 @@ public class DefaultRelyingPartyRegistrationResolverTests {
 		request.setPathInfo("/some/path/" + this.registration.getRegistrationId());
 		RelyingPartyRegistration registration = this.resolver.convert(request);
 		assertThat(registration).isNotNull();
-		assertThat(registration.getRegistrationId())
-				.isEqualTo(this.registration.getRegistrationId());
+		assertThat(registration.getRegistrationId()).isEqualTo(this.registration.getRegistrationId());
 		assertThat(registration.getEntityId())
 				.isEqualTo("http://localhost/saml2/service-provider-metadata/" + this.registration.getRegistrationId());
 		assertThat(registration.getAssertionConsumerServiceLocation())
@@ -71,4 +73,5 @@ public class DefaultRelyingPartyRegistrationResolverTests {
 		assertThatCode(() -> new DefaultRelyingPartyRegistrationResolver(null))
 				.isInstanceOf(IllegalArgumentException.class);
 	}
+
 }
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/DefaultSaml2AuthenticationRequestContextResolverTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/DefaultSaml2AuthenticationRequestContextResolverTests.java
index 80f2cd6afc..2419929132 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/DefaultSaml2AuthenticationRequestContextResolverTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/DefaultSaml2AuthenticationRequestContextResolverTests.java
@@ -36,23 +36,27 @@ import static org.springframework.security.saml2.credentials.TestSaml2X509Creden
 public class DefaultSaml2AuthenticationRequestContextResolverTests {
 
 	private static final String ASSERTING_PARTY_SSO_URL = "https://idp.example.com/sso";
+
 	private static final String RELYING_PARTY_SSO_URL = "https://sp.example.com/sso";
+
 	private static final String ASSERTING_PARTY_ENTITY_ID = "asserting-party-entity-id";
+
 	private static final String RELYING_PARTY_ENTITY_ID = "relying-party-entity-id";
+
 	private static final String REGISTRATION_ID = "registration-id";
 
 	private MockHttpServletRequest request;
+
 	private RelyingPartyRegistration.Builder relyingPartyBuilder;
-	private Saml2AuthenticationRequestContextResolver authenticationRequestContextResolver
-			= new DefaultSaml2AuthenticationRequestContextResolver(
-					new DefaultRelyingPartyRegistrationResolver(id -> relyingPartyBuilder.build()));
+
+	private Saml2AuthenticationRequestContextResolver authenticationRequestContextResolver = new DefaultSaml2AuthenticationRequestContextResolver(
+			new DefaultRelyingPartyRegistrationResolver(id -> relyingPartyBuilder.build()));
 
 	@Before
 	public void setup() {
 		this.request = new MockHttpServletRequest();
 		this.request.setPathInfo("/saml2/authenticate/registration-id");
-		this.relyingPartyBuilder = RelyingPartyRegistration
-				.withRegistrationId(REGISTRATION_ID)
+		this.relyingPartyBuilder = RelyingPartyRegistration.withRegistrationId(REGISTRATION_ID)
 				.localEntityIdTemplate(RELYING_PARTY_ENTITY_ID)
 				.providerDetails(c -> c.entityId(ASSERTING_PARTY_ENTITY_ID))
 				.providerDetails(c -> c.webSsoUrl(ASSERTING_PARTY_SSO_URL))
@@ -63,8 +67,7 @@ public class DefaultSaml2AuthenticationRequestContextResolverTests {
 	@Test
 	public void resolveWhenRequestAndRelyingPartyNotNullThenCreateSaml2AuthenticationRequestContext() {
 		this.request.addParameter("RelayState", "relay-state");
-		Saml2AuthenticationRequestContext context =
-				this.authenticationRequestContextResolver.resolve(this.request);
+		Saml2AuthenticationRequestContext context = this.authenticationRequestContextResolver.resolve(this.request);
 
 		assertThat(context).isNotNull();
 		assertThat(context.getAssertionConsumerServiceUrl()).isEqualTo(RELYING_PARTY_SSO_URL);
@@ -77,20 +80,16 @@ public class DefaultSaml2AuthenticationRequestContextResolverTests {
 
 	@Test
 	public void resolveWhenAssertionConsumerServiceUrlTemplateContainsRegistrationIdThenResolves() {
-		this.relyingPartyBuilder
-				.assertionConsumerServiceLocation("/saml2/authenticate/{registrationId}");
-		Saml2AuthenticationRequestContext context =
-				this.authenticationRequestContextResolver.resolve(this.request);
+		this.relyingPartyBuilder.assertionConsumerServiceLocation("/saml2/authenticate/{registrationId}");
+		Saml2AuthenticationRequestContext context = this.authenticationRequestContextResolver.resolve(this.request);
 
 		assertThat(context.getAssertionConsumerServiceUrl()).isEqualTo("/saml2/authenticate/registration-id");
 	}
 
 	@Test
 	public void resolveWhenAssertionConsumerServiceUrlTemplateContainsBaseUrlThenResolves() {
-		this.relyingPartyBuilder
-				.assertionConsumerServiceLocation("{baseUrl}/saml2/authenticate/{registrationId}");
-		Saml2AuthenticationRequestContext context =
-				this.authenticationRequestContextResolver.resolve(this.request);
+		this.relyingPartyBuilder.assertionConsumerServiceLocation("{baseUrl}/saml2/authenticate/{registrationId}");
+		Saml2AuthenticationRequestContext context = this.authenticationRequestContextResolver.resolve(this.request);
 
 		assertThat(context.getAssertionConsumerServiceUrl())
 				.isEqualTo("http://localhost/saml2/authenticate/registration-id");
@@ -98,8 +97,8 @@ public class DefaultSaml2AuthenticationRequestContextResolverTests {
 
 	@Test
 	public void resolveWhenRelyingPartyNullThenException() {
-		assertThatCode(() ->
-				this.authenticationRequestContextResolver.resolve(null))
+		assertThatCode(() -> this.authenticationRequestContextResolver.resolve(null))
 				.isInstanceOf(IllegalArgumentException.class);
 	}
+
 }
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationTokenConverterTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationTokenConverterTests.java
index 74b987ea63..9889c5a793 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationTokenConverterTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationTokenConverterTests.java
@@ -43,6 +43,7 @@ import static org.springframework.security.saml2.provider.service.registration.T
 
 @RunWith(MockitoJUnitRunner.class)
 public class Saml2AuthenticationTokenConverterTests {
+
 	@Mock
 	Converter<HttpServletRequest, RelyingPartyRegistration> relyingPartyRegistrationResolver;
 
@@ -50,8 +51,8 @@ public class Saml2AuthenticationTokenConverterTests {
 
 	@Test
 	public void convertWhenSamlResponseThenToken() {
-		Saml2AuthenticationTokenConverter converter = new Saml2AuthenticationTokenConverter
-				(this.relyingPartyRegistrationResolver);
+		Saml2AuthenticationTokenConverter converter = new Saml2AuthenticationTokenConverter(
+				this.relyingPartyRegistrationResolver);
 		when(this.relyingPartyRegistrationResolver.convert(any(HttpServletRequest.class)))
 				.thenReturn(this.relyingPartyRegistration);
 		MockHttpServletRequest request = new MockHttpServletRequest();
@@ -64,8 +65,8 @@ public class Saml2AuthenticationTokenConverterTests {
 
 	@Test
 	public void convertWhenNoSamlResponseThenNull() {
-		Saml2AuthenticationTokenConverter converter = new Saml2AuthenticationTokenConverter
-				(this.relyingPartyRegistrationResolver);
+		Saml2AuthenticationTokenConverter converter = new Saml2AuthenticationTokenConverter(
+				this.relyingPartyRegistrationResolver);
 		when(this.relyingPartyRegistrationResolver.convert(any(HttpServletRequest.class)))
 				.thenReturn(this.relyingPartyRegistration);
 		MockHttpServletRequest request = new MockHttpServletRequest();
@@ -74,18 +75,17 @@ public class Saml2AuthenticationTokenConverterTests {
 
 	@Test
 	public void convertWhenNoRelyingPartyRegistrationThenNull() {
-		Saml2AuthenticationTokenConverter converter = new Saml2AuthenticationTokenConverter
-				(this.relyingPartyRegistrationResolver);
-		when(this.relyingPartyRegistrationResolver.convert(any(HttpServletRequest.class)))
-				.thenReturn(null);
+		Saml2AuthenticationTokenConverter converter = new Saml2AuthenticationTokenConverter(
+				this.relyingPartyRegistrationResolver);
+		when(this.relyingPartyRegistrationResolver.convert(any(HttpServletRequest.class))).thenReturn(null);
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		assertThat(converter.convert(request)).isNull();
 	}
 
 	@Test
 	public void convertWhenGetRequestThenInflates() {
-		Saml2AuthenticationTokenConverter converter = new Saml2AuthenticationTokenConverter
-				(this.relyingPartyRegistrationResolver);
+		Saml2AuthenticationTokenConverter converter = new Saml2AuthenticationTokenConverter(
+				this.relyingPartyRegistrationResolver);
 		when(this.relyingPartyRegistrationResolver.convert(any(HttpServletRequest.class)))
 				.thenReturn(this.relyingPartyRegistration);
 		MockHttpServletRequest request = new MockHttpServletRequest();
@@ -101,14 +101,13 @@ public class Saml2AuthenticationTokenConverterTests {
 
 	@Test
 	public void constructorWhenResolverIsNullThenIllegalArgument() {
-		assertThatCode(() -> new Saml2AuthenticationTokenConverter(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatCode(() -> new Saml2AuthenticationTokenConverter(null)).isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
 	public void convertWhenUsingSamlUtilsBase64ThenXmlIsValid() throws Exception {
-		Saml2AuthenticationTokenConverter converter = new Saml2AuthenticationTokenConverter
-				(this.relyingPartyRegistrationResolver);
+		Saml2AuthenticationTokenConverter converter = new Saml2AuthenticationTokenConverter(
+				this.relyingPartyRegistrationResolver);
 		when(this.relyingPartyRegistrationResolver.convert(any(HttpServletRequest.class)))
 				.thenReturn(this.relyingPartyRegistration);
 		MockHttpServletRequest request = new MockHttpServletRequest();
@@ -118,8 +117,7 @@ public class Saml2AuthenticationTokenConverterTests {
 	}
 
 	private void validateSsoCircleXml(String xml) {
-		assertThat(xml)
-				.contains("InResponseTo=\"ARQ9a73ead-7dcf-45a8-89eb-26f3c9900c36\"")
+		assertThat(xml).contains("InResponseTo=\"ARQ9a73ead-7dcf-45a8-89eb-26f3c9900c36\"")
 				.contains(" ID=\"s246d157446618e90e43fb79bdd4d9e9e19cf2c7c4\"")
 				.contains("<saml:Issuer>https://idp.ssocircle.com</saml:Issuer>");
 	}
@@ -129,4 +127,5 @@ public class Saml2AuthenticationTokenConverterTests {
 		String response = StreamUtils.copyToString(resource.getInputStream(), StandardCharsets.UTF_8);
 		return UriUtils.decode(response, UTF_8);
 	}
+
 }
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilterTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilterTests.java
index 658afcbd96..afcee7b395 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilterTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilterTests.java
@@ -42,18 +42,23 @@ import static org.springframework.security.saml2.provider.service.registration.T
 public class Saml2MetadataFilterTests {
 
 	RelyingPartyRegistrationRepository repository;
+
 	Saml2MetadataResolver resolver;
+
 	Saml2MetadataFilter filter;
+
 	MockHttpServletRequest request;
+
 	MockHttpServletResponse response;
+
 	FilterChain chain;
 
 	@Before
 	public void setup() {
 		this.repository = mock(RelyingPartyRegistrationRepository.class);
 		this.resolver = mock(Saml2MetadataResolver.class);
-		this.filter = new Saml2MetadataFilter(
-				new DefaultRelyingPartyRegistrationResolver(this.repository), this.resolver);
+		this.filter = new Saml2MetadataFilter(new DefaultRelyingPartyRegistrationResolver(this.repository),
+				this.resolver);
 		this.request = new MockHttpServletRequest();
 		this.response = new MockHttpServletResponse();
 		this.chain = mock(FilterChain.class);
@@ -103,8 +108,8 @@ public class Saml2MetadataFilterTests {
 		// given
 		this.request.setPathInfo("/saml2/service-provider-metadata/validRegistration");
 		RelyingPartyRegistration validRegistration = noCredentials()
-				.assertingPartyDetails(party -> party
-						.verificationX509Credentials(c -> c.add(relyingPartyVerifyingCredential())))
+				.assertingPartyDetails(
+						party -> party.verificationX509Credentials(c -> c.add(relyingPartyVerifyingCredential())))
 				.build();
 
 		String generatedMetadata = "<xml>test</xml>";
@@ -138,7 +143,7 @@ public class Saml2MetadataFilterTests {
 
 	@Test
 	public void setRequestMatcherWhenNullThenIllegalArgument() {
-		assertThatCode(() -> this.filter.setRequestMatcher(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatCode(() -> this.filter.setRequestMatcher(null)).isInstanceOf(IllegalArgumentException.class);
 	}
+
 }
diff --git a/taglibs/src/main/java/org/springframework/security/taglibs/TagLibConfig.java b/taglibs/src/main/java/org/springframework/security/taglibs/TagLibConfig.java
index ec4360991a..fecf9288b9 100644
--- a/taglibs/src/main/java/org/springframework/security/taglibs/TagLibConfig.java
+++ b/taglibs/src/main/java/org/springframework/security/taglibs/TagLibConfig.java
@@ -29,6 +29,7 @@ import javax.servlet.jsp.tagext.Tag;
  * @author Luke Taylor
  */
 public final class TagLibConfig {
+
 	static Log logger = LogFactory.getLog("spring-security-taglibs");
 
 	static final boolean DISABLE_UI_SECURITY;
@@ -53,7 +54,6 @@ public final class TagLibConfig {
 	/**
 	 * Returns EVAL_BODY_INCLUDE if the authorized flag is true or UI security has been
 	 * disabled. Otherwise returns SKIP_BODY.
-	 *
 	 * @param authorized whether the user is authorized to see the content or not
 	 */
 	public static int evalOrSkip(boolean authorized) {
@@ -75,4 +75,5 @@ public final class TagLibConfig {
 	public static String getSecuredUiSuffix() {
 		return SECURED_UI_SUFFIX;
 	}
+
 }
diff --git a/taglibs/src/main/java/org/springframework/security/taglibs/authz/AbstractAuthorizeTag.java b/taglibs/src/main/java/org/springframework/security/taglibs/authz/AbstractAuthorizeTag.java
index 1da2aa966c..fff580bc65 100644
--- a/taglibs/src/main/java/org/springframework/security/taglibs/authz/AbstractAuthorizeTag.java
+++ b/taglibs/src/main/java/org/springframework/security/taglibs/authz/AbstractAuthorizeTag.java
@@ -55,8 +55,11 @@ import org.springframework.util.StringUtils;
  * @since 3.1.0
  */
 public abstract class AbstractAuthorizeTag {
+
 	private String access;
+
 	private String url;
+
 	private String method = "GET";
 
 	/**
@@ -85,7 +88,6 @@ public abstract class AbstractAuthorizeTag {
 	 * <li>url, method</li>
 	 * </ul>
 	 * The above combinations are mutually exclusive and evaluated in the given order.
-	 *
 	 * @return the result of the authorization decision
 	 * @throws IOException
 	 */
@@ -112,7 +114,6 @@ public abstract class AbstractAuthorizeTag {
 	 * Make an authorization decision based on a Spring EL expression. See the
 	 * "Expression-Based Access Control" chapter in Spring Security for details on what
 	 * expressions can be used.
-	 *
 	 * @return the result of the authorization decision
 	 * @throws IOException
 	 */
@@ -134,37 +135,30 @@ public abstract class AbstractAuthorizeTag {
 			throw ioException;
 		}
 
-		return ExpressionUtils.evaluateAsBoolean(accessExpression,
-				createExpressionEvaluationContext(handler));
+		return ExpressionUtils.evaluateAsBoolean(accessExpression, createExpressionEvaluationContext(handler));
 	}
 
 	/**
 	 * Allows the {@code EvaluationContext} to be customized for variable lookup etc.
 	 */
-	protected EvaluationContext createExpressionEvaluationContext(
-			SecurityExpressionHandler<FilterInvocation> handler) {
-		FilterInvocation f = new FilterInvocation(getRequest(), getResponse(),
-				(request, response) -> {
-					throw new UnsupportedOperationException();
-				});
+	protected EvaluationContext createExpressionEvaluationContext(SecurityExpressionHandler<FilterInvocation> handler) {
+		FilterInvocation f = new FilterInvocation(getRequest(), getResponse(), (request, response) -> {
+			throw new UnsupportedOperationException();
+		});
 
-		return handler.createEvaluationContext(SecurityContextHolder.getContext()
-				.getAuthentication(), f);
+		return handler.createEvaluationContext(SecurityContextHolder.getContext().getAuthentication(), f);
 	}
 
 	/**
 	 * Make an authorization decision based on the URL and HTTP method attributes. True is
 	 * returned if the user is allowed to access the given URL as defined.
-	 *
 	 * @return the result of the authorization decision
 	 * @throws IOException
 	 */
 	public boolean authorizeUsingUrlCheck() throws IOException {
 		String contextPath = ((HttpServletRequest) getRequest()).getContextPath();
-		Authentication currentUser = SecurityContextHolder.getContext()
-				.getAuthentication();
-		return getPrivilegeEvaluator().isAllowed(contextPath, getUrl(), getMethod(),
-				currentUser);
+		Authentication currentUser = SecurityContextHolder.getContext().getAuthentication();
+		return getPrivilegeEvaluator().isAllowed(contextPath, getUrl(), getMethod(), currentUser);
 	}
 
 	public String getAccess() {
@@ -194,22 +188,20 @@ public abstract class AbstractAuthorizeTag {
 	/*------------- Private helper methods  -----------------*/
 
 	@SuppressWarnings({ "unchecked", "rawtypes" })
-	private SecurityExpressionHandler<FilterInvocation> getExpressionHandler()
-			throws IOException {
-		ApplicationContext appContext = SecurityWebApplicationContextUtils.findRequiredWebApplicationContext(getServletContext());
-		Map<String, SecurityExpressionHandler> handlers = appContext
-				.getBeansOfType(SecurityExpressionHandler.class);
+	private SecurityExpressionHandler<FilterInvocation> getExpressionHandler() throws IOException {
+		ApplicationContext appContext = SecurityWebApplicationContextUtils
+				.findRequiredWebApplicationContext(getServletContext());
+		Map<String, SecurityExpressionHandler> handlers = appContext.getBeansOfType(SecurityExpressionHandler.class);
 
 		for (SecurityExpressionHandler h : handlers.values()) {
-			if (FilterInvocation.class.equals(GenericTypeResolver.resolveTypeArgument(
-					h.getClass(), SecurityExpressionHandler.class))) {
+			if (FilterInvocation.class
+					.equals(GenericTypeResolver.resolveTypeArgument(h.getClass(), SecurityExpressionHandler.class))) {
 				return h;
 			}
 		}
 
-		throw new IOException(
-				"No visible WebSecurityExpressionHandler instance could be found in the application "
-						+ "context. There must be at least one in order to support expressions in JSP 'authorize' tags.");
+		throw new IOException("No visible WebSecurityExpressionHandler instance could be found in the application "
+				+ "context. There must be at least one in order to support expressions in JSP 'authorize' tags.");
 	}
 
 	private WebInvocationPrivilegeEvaluator getPrivilegeEvaluator() throws IOException {
@@ -219,9 +211,9 @@ public abstract class AbstractAuthorizeTag {
 			return privEvaluatorFromRequest;
 		}
 
-		ApplicationContext ctx = SecurityWebApplicationContextUtils.findRequiredWebApplicationContext(getServletContext());
-		Map<String, WebInvocationPrivilegeEvaluator> wipes = ctx
-				.getBeansOfType(WebInvocationPrivilegeEvaluator.class);
+		ApplicationContext ctx = SecurityWebApplicationContextUtils
+				.findRequiredWebApplicationContext(getServletContext());
+		Map<String, WebInvocationPrivilegeEvaluator> wipes = ctx.getBeansOfType(WebInvocationPrivilegeEvaluator.class);
 
 		if (wipes.size() == 0) {
 			throw new IOException(
@@ -231,4 +223,5 @@ public abstract class AbstractAuthorizeTag {
 
 		return (WebInvocationPrivilegeEvaluator) wipes.values().toArray()[0];
 	}
+
 }
diff --git a/taglibs/src/main/java/org/springframework/security/taglibs/authz/AccessControlListTag.java b/taglibs/src/main/java/org/springframework/security/taglibs/authz/AccessControlListTag.java
index 0d1c6149e3..b2b1d9ef6e 100644
--- a/taglibs/src/main/java/org/springframework/security/taglibs/authz/AccessControlListTag.java
+++ b/taglibs/src/main/java/org/springframework/security/taglibs/authz/AccessControlListTag.java
@@ -34,7 +34,6 @@ import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.taglibs.TagLibConfig;
 import org.springframework.security.web.context.support.SecurityWebApplicationContextUtils;
 
-
 /**
  * An implementation of {@link Tag} that allows its body through if all authorizations are
  * granted to the request's principal.
@@ -53,6 +52,7 @@ import org.springframework.security.web.context.support.SecurityWebApplicationCo
  * @author Rob Winch
  */
 public class AccessControlListTag extends TagSupport {
+
 	// ~ Static fields/initializers
 	// =====================================================================================
 
@@ -62,9 +62,13 @@ public class AccessControlListTag extends TagSupport {
 	// ================================================================================================
 
 	private ApplicationContext applicationContext;
+
 	private Object domainObject;
+
 	private PermissionEvaluator permissionEvaluator;
+
 	private String hasPermission = "";
+
 	private String var;
 
 	// ~ Methods
@@ -86,11 +90,11 @@ public class AccessControlListTag extends TagSupport {
 			return evalBody();
 		}
 
-		Authentication authentication = SecurityContextHolder.getContext()
-				.getAuthentication();
+		Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
 		if (authentication == null) {
 			if (logger.isDebugEnabled()) {
-				logger.debug("SecurityContextHolder did not return a non-null Authentication object, so skipping tag body");
+				logger.debug(
+						"SecurityContextHolder did not return a non-null Authentication object, so skipping tag body");
 			}
 
 			return skipBody();
@@ -98,8 +102,7 @@ public class AccessControlListTag extends TagSupport {
 
 		List<Object> requiredPermissions = parseHasPermission(hasPermission);
 		for (Object requiredPermission : requiredPermissions) {
-			if (!permissionEvaluator.hasPermission(authentication, domainObject,
-					requiredPermission)) {
+			if (!permissionEvaluator.hasPermission(authentication, domainObject, requiredPermission)) {
 				return skipBody();
 			}
 		}
@@ -138,10 +141,8 @@ public class AccessControlListTag extends TagSupport {
 
 	/**
 	 * Allows test cases to override where application context obtained from.
-	 *
 	 * @param pageContext so the <code>ServletContext</code> can be accessed as required
 	 * by Spring's <code>WebApplicationContextUtils</code>
-	 *
 	 * @return the Spring application context (never <code>null</code>)
 	 */
 	protected ApplicationContext getContext(PageContext pageContext) {
@@ -183,8 +184,8 @@ public class AccessControlListTag extends TagSupport {
 			return map.values().iterator().next();
 		}
 
-		throw new JspException("Found incorrect number of " + type.getSimpleName()
-				+ " instances in " + "application context - you must have only have one!");
+		throw new JspException("Found incorrect number of " + type.getSimpleName() + " instances in "
+				+ "application context - you must have only have one!");
 	}
 
 	public void setDomainObject(Object domainObject) {
@@ -198,4 +199,5 @@ public class AccessControlListTag extends TagSupport {
 	public void setVar(String var) {
 		this.var = var;
 	}
+
 }
diff --git a/taglibs/src/main/java/org/springframework/security/taglibs/authz/AuthenticationTag.java b/taglibs/src/main/java/org/springframework/security/taglibs/authz/AuthenticationTag.java
index e740ffb6ec..90d7200f65 100644
--- a/taglibs/src/main/java/org/springframework/security/taglibs/authz/AuthenticationTag.java
+++ b/taglibs/src/main/java/org/springframework/security/taglibs/authz/AuthenticationTag.java
@@ -47,9 +47,13 @@ public class AuthenticationTag extends TagSupport {
 	// ================================================================================================
 
 	private String var;
+
 	private String property;
+
 	private int scope;
+
 	private boolean scopeSpecified;
+
 	private boolean htmlEscape = true;
 
 	// ~ Methods
@@ -160,4 +164,5 @@ public class AuthenticationTag extends TagSupport {
 	protected boolean isHtmlEscape() {
 		return htmlEscape;
 	}
+
 }
diff --git a/taglibs/src/main/java/org/springframework/security/taglibs/authz/JspAuthorizeTag.java b/taglibs/src/main/java/org/springframework/security/taglibs/authz/JspAuthorizeTag.java
index 5ee16f7a3e..de9d1bb675 100644
--- a/taglibs/src/main/java/org/springframework/security/taglibs/authz/JspAuthorizeTag.java
+++ b/taglibs/src/main/java/org/springframework/security/taglibs/authz/JspAuthorizeTag.java
@@ -61,7 +61,6 @@ public class JspAuthorizeTag extends AbstractAuthorizeTag implements Tag {
 	/**
 	 * Invokes the base class {@link AbstractAuthorizeTag#authorize()} method to decide if
 	 * the body of the tag should be skipped or not.
-	 *
 	 * @return {@link Tag#SKIP_BODY} or {@link Tag#EVAL_BODY_INCLUDE}
 	 */
 	public int doStartTag() throws JspException {
@@ -85,15 +84,12 @@ public class JspAuthorizeTag extends AbstractAuthorizeTag implements Tag {
 	}
 
 	@Override
-	protected EvaluationContext createExpressionEvaluationContext(
-			SecurityExpressionHandler<FilterInvocation> handler) {
-		return new PageContextVariableLookupEvaluationContext(
-				super.createExpressionEvaluationContext(handler));
+	protected EvaluationContext createExpressionEvaluationContext(SecurityExpressionHandler<FilterInvocation> handler) {
+		return new PageContextVariableLookupEvaluationContext(super.createExpressionEvaluationContext(handler));
 	}
 
 	/**
 	 * Default processing of the end tag returning EVAL_PAGE.
-	 *
 	 * @return EVAL_PAGE
 	 * @see Tag#doEndTag()
 	 */
@@ -158,8 +154,7 @@ public class JspAuthorizeTag extends AbstractAuthorizeTag implements Tag {
 		return pageContext.getServletContext();
 	}
 
-	private final class PageContextVariableLookupEvaluationContext implements
-			EvaluationContext {
+	private final class PageContextVariableLookupEvaluationContext implements EvaluationContext {
 
 		private EvaluationContext delegate;
 
@@ -215,6 +210,7 @@ public class JspAuthorizeTag extends AbstractAuthorizeTag implements Tag {
 			}
 			return result;
 		}
+
 	}
 
 }
diff --git a/taglibs/src/main/java/org/springframework/security/taglibs/authz/package-info.java b/taglibs/src/main/java/org/springframework/security/taglibs/authz/package-info.java
index b0d0ce4388..e85e0b40da 100644
--- a/taglibs/src/main/java/org/springframework/security/taglibs/authz/package-info.java
+++ b/taglibs/src/main/java/org/springframework/security/taglibs/authz/package-info.java
@@ -17,4 +17,3 @@
  * JSP Security tag library implementation.
  */
 package org.springframework.security.taglibs.authz;
-
diff --git a/taglibs/src/main/java/org/springframework/security/taglibs/csrf/AbstractCsrfTag.java b/taglibs/src/main/java/org/springframework/security/taglibs/csrf/AbstractCsrfTag.java
index aff3d5f936..366a8fcfe4 100644
--- a/taglibs/src/main/java/org/springframework/security/taglibs/csrf/AbstractCsrfTag.java
+++ b/taglibs/src/main/java/org/springframework/security/taglibs/csrf/AbstractCsrfTag.java
@@ -33,8 +33,7 @@ abstract class AbstractCsrfTag extends TagSupport {
 	@Override
 	public int doEndTag() throws JspException {
 
-		CsrfToken token = (CsrfToken) this.pageContext.getRequest().getAttribute(
-				CsrfToken.class.getName());
+		CsrfToken token = (CsrfToken) this.pageContext.getRequest().getAttribute(CsrfToken.class.getName());
 		if (token != null) {
 			try {
 				this.pageContext.getOut().write(this.handleToken(token));
@@ -48,4 +47,5 @@ abstract class AbstractCsrfTag extends TagSupport {
 	}
 
 	protected abstract String handleToken(CsrfToken token);
+
 }
diff --git a/taglibs/src/main/java/org/springframework/security/taglibs/csrf/CsrfInputTag.java b/taglibs/src/main/java/org/springframework/security/taglibs/csrf/CsrfInputTag.java
index 1b339a8b34..ade138fb54 100644
--- a/taglibs/src/main/java/org/springframework/security/taglibs/csrf/CsrfInputTag.java
+++ b/taglibs/src/main/java/org/springframework/security/taglibs/csrf/CsrfInputTag.java
@@ -29,7 +29,7 @@ public class CsrfInputTag extends AbstractCsrfTag {
 
 	@Override
 	public String handleToken(CsrfToken token) {
-		return "<input type=\"hidden\" name=\"" + token.getParameterName()
-				+ "\" value=\"" + token.getToken() + "\" />";
+		return "<input type=\"hidden\" name=\"" + token.getParameterName() + "\" value=\"" + token.getToken() + "\" />";
 	}
+
 }
diff --git a/taglibs/src/main/java/org/springframework/security/taglibs/csrf/CsrfMetaTagsTag.java b/taglibs/src/main/java/org/springframework/security/taglibs/csrf/CsrfMetaTagsTag.java
index 11ad6d0a3b..e196dd8a2e 100644
--- a/taglibs/src/main/java/org/springframework/security/taglibs/csrf/CsrfMetaTagsTag.java
+++ b/taglibs/src/main/java/org/springframework/security/taglibs/csrf/CsrfMetaTagsTag.java
@@ -29,9 +29,9 @@ public class CsrfMetaTagsTag extends AbstractCsrfTag {
 
 	@Override
 	public String handleToken(CsrfToken token) {
-		return "<meta name=\"_csrf_parameter\" content=\"" + token.getParameterName()
-				+ "\" />" + "<meta name=\"_csrf_header\" content=\""
-				+ token.getHeaderName() + "\" />" + "<meta name=\"_csrf\" content=\""
-				+ token.getToken() + "\" />";
+		return "<meta name=\"_csrf_parameter\" content=\"" + token.getParameterName() + "\" />"
+				+ "<meta name=\"_csrf_header\" content=\"" + token.getHeaderName() + "\" />"
+				+ "<meta name=\"_csrf\" content=\"" + token.getToken() + "\" />";
 	}
+
 }
diff --git a/taglibs/src/main/java/org/springframework/security/taglibs/package-info.java b/taglibs/src/main/java/org/springframework/security/taglibs/package-info.java
index 719ba06d3e..11e50856d9 100644
--- a/taglibs/src/main/java/org/springframework/security/taglibs/package-info.java
+++ b/taglibs/src/main/java/org/springframework/security/taglibs/package-info.java
@@ -17,4 +17,3 @@
  * Security related tag libraries that can be used in JSPs and templates.
  */
 package org.springframework.security.taglibs;
-
diff --git a/taglibs/src/test/java/org/springframework/security/taglibs/TldTests.java b/taglibs/src/test/java/org/springframework/security/taglibs/TldTests.java
index 44176488a9..24a69c89d5 100644
--- a/taglibs/src/test/java/org/springframework/security/taglibs/TldTests.java
+++ b/taglibs/src/test/java/org/springframework/security/taglibs/TldTests.java
@@ -27,9 +27,9 @@ import static org.assertj.core.api.Assertions.assertThat;
 
 public class TldTests {
 
-	//SEC-2324
+	// SEC-2324
 	@Test
-	public void testTldVersionIsCorrect() throws Exception{
+	public void testTldVersionIsCorrect() throws Exception {
 		String SPRING_SECURITY_VERSION = "springSecurityVersion";
 
 		String version = System.getProperty(SPRING_SECURITY_VERSION);
@@ -45,5 +45,4 @@ public class TldTests {
 		assertThat(version).startsWith(tlibVersion);
 	}
 
-
 }
diff --git a/taglibs/src/test/java/org/springframework/security/taglibs/authz/AbstractAuthorizeTagTests.java b/taglibs/src/test/java/org/springframework/security/taglibs/authz/AbstractAuthorizeTagTests.java
index 7a7497bd94..26b6efff14 100644
--- a/taglibs/src/test/java/org/springframework/security/taglibs/authz/AbstractAuthorizeTagTests.java
+++ b/taglibs/src/test/java/org/springframework/security/taglibs/authz/AbstractAuthorizeTagTests.java
@@ -45,14 +45,17 @@ import org.springframework.security.web.access.expression.DefaultWebSecurityExpr
 import org.springframework.web.context.WebApplicationContext;
 
 /**
- *
  * @author Rob Winch
  *
  */
 public class AbstractAuthorizeTagTests {
+
 	private AbstractAuthorizeTag tag;
+
 	private MockHttpServletRequest request;
+
 	private MockHttpServletResponse response;
+
 	private MockServletContext servletContext;
 
 	@Before
@@ -73,8 +76,7 @@ public class AbstractAuthorizeTagTests {
 		String uri = "/something";
 		WebInvocationPrivilegeEvaluator expected = mock(WebInvocationPrivilegeEvaluator.class);
 		tag.setUrl(uri);
-		request.setAttribute(WebAttributes.WEB_INVOCATION_PRIVILEGE_EVALUATOR_ATTRIBUTE,
-				expected);
+		request.setAttribute(WebAttributes.WEB_INVOCATION_PRIVILEGE_EVALUATOR_ATTRIBUTE, expected);
 
 		tag.authorizeUsingUrlCheck();
 
@@ -87,7 +89,8 @@ public class AbstractAuthorizeTagTests {
 		WebInvocationPrivilegeEvaluator expected = mock(WebInvocationPrivilegeEvaluator.class);
 		tag.setUrl(uri);
 		WebApplicationContext wac = mock(WebApplicationContext.class);
-		when(wac.getBeansOfType(WebInvocationPrivilegeEvaluator.class)).thenReturn(Collections.singletonMap("wipe", expected));
+		when(wac.getBeansOfType(WebInvocationPrivilegeEvaluator.class))
+				.thenReturn(Collections.singletonMap("wipe", expected));
 		servletContext.setAttribute("org.springframework.web.servlet.FrameworkServlet.CONTEXT.dispatcher", wac);
 
 		tag.authorizeUsingUrlCheck();
@@ -102,7 +105,8 @@ public class AbstractAuthorizeTagTests {
 		DefaultWebSecurityExpressionHandler expected = new DefaultWebSecurityExpressionHandler();
 		tag.setAccess("permitAll");
 		WebApplicationContext wac = mock(WebApplicationContext.class);
-		when(wac.getBeansOfType(SecurityExpressionHandler.class)).thenReturn(Collections.<String, SecurityExpressionHandler>singletonMap("wipe", expected));
+		when(wac.getBeansOfType(SecurityExpressionHandler.class))
+				.thenReturn(Collections.<String, SecurityExpressionHandler>singletonMap("wipe", expected));
 		servletContext.setAttribute("org.springframework.web.servlet.FrameworkServlet.CONTEXT.dispatcher", wac);
 
 		assertThat(tag.authorize()).isTrue();
@@ -124,5 +128,7 @@ public class AbstractAuthorizeTagTests {
 		protected ServletContext getServletContext() {
 			return servletContext;
 		}
+
 	}
+
 }
diff --git a/taglibs/src/test/java/org/springframework/security/taglibs/authz/AccessControlListTagTests.java b/taglibs/src/test/java/org/springframework/security/taglibs/authz/AccessControlListTagTests.java
index cba9d213ea..a37c2f974a 100644
--- a/taglibs/src/test/java/org/springframework/security/taglibs/authz/AccessControlListTagTests.java
+++ b/taglibs/src/test/java/org/springframework/security/taglibs/authz/AccessControlListTagTests.java
@@ -34,16 +34,19 @@ import javax.servlet.jsp.tagext.Tag;
 import java.util.*;
 
 /**
- *
  * @author Luke Taylor
  * @author Rob Winch
  * @since 3.0
  */
 @SuppressWarnings("unchecked")
 public class AccessControlListTagTests {
+
 	AccessControlListTag tag;
+
 	PermissionEvaluator pe;
+
 	MockPageContext pageContext;
+
 	Authentication bob = new TestingAuthenticationToken("bob", "bobspass", "A");
 
 	@Before
@@ -60,10 +63,8 @@ public class AccessControlListTagTests {
 		when(ctx.getBeansOfType(PermissionEvaluator.class)).thenReturn(beanMap);
 
 		MockServletContext servletCtx = new MockServletContext();
-		servletCtx.setAttribute(
-				WebApplicationContext.ROOT_WEB_APPLICATION_CONTEXT_ATTRIBUTE, ctx);
-		pageContext = new MockPageContext(servletCtx, new MockHttpServletRequest(),
-				new MockHttpServletResponse());
+		servletCtx.setAttribute(WebApplicationContext.ROOT_WEB_APPLICATION_CONTEXT_ATTRIBUTE, ctx);
+		pageContext = new MockPageContext(servletCtx, new MockHttpServletRequest(), new MockHttpServletResponse());
 		tag.setPageContext(pageContext);
 	}
 
@@ -179,4 +180,5 @@ public class AccessControlListTagTests {
 		assertThat(tag.doStartTag()).isEqualTo(Tag.SKIP_BODY);
 		assertThat((Boolean) pageContext.getAttribute("allowed")).isFalse();
 	}
+
 }
diff --git a/taglibs/src/test/java/org/springframework/security/taglibs/authz/AuthenticationTagTests.java b/taglibs/src/test/java/org/springframework/security/taglibs/authz/AuthenticationTagTests.java
index d768b992a6..edadacd968 100644
--- a/taglibs/src/test/java/org/springframework/security/taglibs/authz/AuthenticationTagTests.java
+++ b/taglibs/src/test/java/org/springframework/security/taglibs/authz/AuthenticationTagTests.java
@@ -35,13 +35,15 @@ import org.springframework.security.core.userdetails.User;
  * @author Ben Alex
  */
 public class AuthenticationTagTests {
+
 	// ~ Instance fields
 	// ================================================================================================
 
 	private final MyAuthenticationTag authenticationTag = new MyAuthenticationTag();
-	private final Authentication auth = new TestingAuthenticationToken(new User(
-			"rodUserDetails", "koala", true, true, true, true,
-			AuthorityUtils.NO_AUTHORITIES), "koala", AuthorityUtils.NO_AUTHORITIES);
+
+	private final Authentication auth = new TestingAuthenticationToken(
+			new User("rodUserDetails", "koala", true, true, true, true, AuthorityUtils.NO_AUTHORITIES), "koala",
+			AuthorityUtils.NO_AUTHORITIES);
 
 	// ~ Methods
 	// ========================================================================================================
@@ -64,8 +66,7 @@ public class AuthenticationTagTests {
 	@Test
 	public void testOperationWhenPrincipalIsAString() throws JspException {
 		SecurityContextHolder.getContext().setAuthentication(
-				new TestingAuthenticationToken("rodAsString", "koala",
-						AuthorityUtils.NO_AUTHORITIES));
+				new TestingAuthenticationToken("rodAsString", "koala", AuthorityUtils.NO_AUTHORITIES));
 
 		authenticationTag.setProperty("principal");
 		assertThat(authenticationTag.doStartTag()).isEqualTo(Tag.SKIP_BODY);
@@ -85,9 +86,8 @@ public class AuthenticationTagTests {
 
 	@Test
 	public void testOperationWhenPrincipalIsNull() throws JspException {
-		SecurityContextHolder.getContext().setAuthentication(
-				new TestingAuthenticationToken(null, "koala",
-						AuthorityUtils.NO_AUTHORITIES));
+		SecurityContextHolder.getContext()
+				.setAuthentication(new TestingAuthenticationToken(null, "koala", AuthorityUtils.NO_AUTHORITIES));
 
 		authenticationTag.setProperty("principal");
 		assertThat(authenticationTag.doStartTag()).isEqualTo(Tag.SKIP_BODY);
@@ -127,8 +127,7 @@ public class AuthenticationTagTests {
 
 	@Test
 	public void htmlEscapingIsUsedByDefault() throws Exception {
-		SecurityContextHolder.getContext().setAuthentication(
-				new TestingAuthenticationToken("<>& ", ""));
+		SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken("<>& ", ""));
 		authenticationTag.setProperty("name");
 		authenticationTag.doStartTag();
 		authenticationTag.doEndTag();
@@ -137,8 +136,7 @@ public class AuthenticationTagTests {
 
 	@Test
 	public void settingHtmlEscapeToFalsePreventsEscaping() throws Exception {
-		SecurityContextHolder.getContext().setAuthentication(
-				new TestingAuthenticationToken("<>& ", ""));
+		SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken("<>& ", ""));
 		authenticationTag.setProperty("name");
 		authenticationTag.setHtmlEscape("false");
 		authenticationTag.doStartTag();
@@ -150,6 +148,7 @@ public class AuthenticationTagTests {
 	// ==================================================================================================
 
 	private class MyAuthenticationTag extends AuthenticationTag {
+
 		String lastMessage = null;
 
 		public String getLastMessage() {
@@ -159,5 +158,7 @@ public class AuthenticationTagTests {
 		protected void writeMessage(String msg) {
 			lastMessage = msg;
 		}
+
 	}
+
 }
diff --git a/taglibs/src/test/java/org/springframework/security/taglibs/authz/AuthorizeTagTests.java b/taglibs/src/test/java/org/springframework/security/taglibs/authz/AuthorizeTagTests.java
index 25c8e926e3..a5c8fdb5db 100644
--- a/taglibs/src/test/java/org/springframework/security/taglibs/authz/AuthorizeTagTests.java
+++ b/taglibs/src/test/java/org/springframework/security/taglibs/authz/AuthorizeTagTests.java
@@ -48,15 +48,19 @@ import org.springframework.web.context.support.StaticWebApplicationContext;
  */
 @RunWith(MockitoJUnitRunner.class)
 public class AuthorizeTagTests {
+
 	// ~ Instance fields
 	// ================================================================================================
 
 	@Mock
 	private PermissionEvaluator permissionEvaluator;
+
 	private JspAuthorizeTag authorizeTag;
+
 	private MockHttpServletRequest request = new MockHttpServletRequest();
-	private final TestingAuthenticationToken currentUser = new TestingAuthenticationToken(
-			"abc", "123", "ROLE SUPERVISOR", "ROLE_TELLER");
+
+	private final TestingAuthenticationToken currentUser = new TestingAuthenticationToken("abc", "123",
+			"ROLE SUPERVISOR", "ROLE_TELLER");
 
 	// ~ Methods
 	// ========================================================================================================
@@ -70,15 +74,12 @@ public class AuthorizeTagTests {
 				.rootBeanDefinition(DefaultWebSecurityExpressionHandler.class);
 		webExpressionHandler.addPropertyValue("permissionEvaluator", permissionEvaluator);
 
-		ctx.registerBeanDefinition("expressionHandler",
-				webExpressionHandler.getBeanDefinition());
+		ctx.registerBeanDefinition("expressionHandler", webExpressionHandler.getBeanDefinition());
 		ctx.registerSingleton("wipe", MockWebInvocationPrivilegeEvaluator.class);
 		MockServletContext servletCtx = new MockServletContext();
-		servletCtx.setAttribute(
-				WebApplicationContext.ROOT_WEB_APPLICATION_CONTEXT_ATTRIBUTE, ctx);
+		servletCtx.setAttribute(WebApplicationContext.ROOT_WEB_APPLICATION_CONTEXT_ATTRIBUTE, ctx);
 		authorizeTag = new JspAuthorizeTag();
-		authorizeTag.setPageContext(new MockPageContext(servletCtx, request,
-				new MockHttpServletResponse()));
+		authorizeTag.setPageContext(new MockPageContext(servletCtx, request, new MockHttpServletResponse()));
 	}
 
 	@After
@@ -92,10 +93,8 @@ public class AuthorizeTagTests {
 	public void taglibsDocumentationHasPermissionOr() throws Exception {
 		Object domain = new Object();
 		request.setAttribute("domain", domain);
-		authorizeTag
-				.setAccess("hasPermission(#domain,'read') or hasPermission(#domain,'write')");
-		when(permissionEvaluator.hasPermission(eq(currentUser), eq(domain), anyString()))
-				.thenReturn(true);
+		authorizeTag.setAccess("hasPermission(#domain,'read') or hasPermission(#domain,'write')");
+		when(permissionEvaluator.hasPermission(eq(currentUser), eq(domain), anyString())).thenReturn(true);
 
 		assertThat(authorizeTag.doStartTag()).isEqualTo(Tag.EVAL_BODY_INCLUDE);
 	}
@@ -154,16 +153,16 @@ public class AuthorizeTagTests {
 		assertThat(authorizeTag.doStartTag()).isEqualTo(Tag.SKIP_BODY);
 	}
 
-	public static class MockWebInvocationPrivilegeEvaluator implements
-			WebInvocationPrivilegeEvaluator {
+	public static class MockWebInvocationPrivilegeEvaluator implements WebInvocationPrivilegeEvaluator {
 
 		public boolean isAllowed(String uri, Authentication authentication) {
 			return "/allowed".equals(uri);
 		}
 
-		public boolean isAllowed(String contextPath, String uri, String method,
-				Authentication authentication) {
+		public boolean isAllowed(String contextPath, String uri, String method, Authentication authentication) {
 			return "/allowed".equals(uri) && (method == null || "GET".equals(method));
 		}
+
 	}
+
 }
diff --git a/taglibs/src/test/java/org/springframework/security/taglibs/csrf/AbstractCsrfTagTests.java b/taglibs/src/test/java/org/springframework/security/taglibs/csrf/AbstractCsrfTagTests.java
index f34050034a..45e5db311a 100644
--- a/taglibs/src/test/java/org/springframework/security/taglibs/csrf/AbstractCsrfTagTests.java
+++ b/taglibs/src/test/java/org/springframework/security/taglibs/csrf/AbstractCsrfTagTests.java
@@ -37,7 +37,9 @@ import static org.assertj.core.api.Assertions.*;
 public class AbstractCsrfTagTests {
 
 	public MockTag tag;
+
 	private MockHttpServletRequest request;
+
 	private MockHttpServletResponse response;
 
 	@Before
@@ -45,8 +47,7 @@ public class AbstractCsrfTagTests {
 		MockServletContext servletContext = new MockServletContext();
 		this.request = new MockHttpServletRequest(servletContext);
 		this.response = new MockHttpServletResponse();
-		MockPageContext pageContext = new MockPageContext(servletContext, this.request,
-				this.response);
+		MockPageContext pageContext = new MockPageContext(servletContext, this.request, this.response);
 		this.tag = new MockTag();
 		this.tag.setPageContext(pageContext);
 	}
@@ -59,15 +60,14 @@ public class AbstractCsrfTagTests {
 		int returned = this.tag.doEndTag();
 
 		assertThat(returned).as("The returned value is not correct.").isEqualTo(TagSupport.EVAL_PAGE);
-		assertThat(this.response.getContentAsString()).withFailMessage("The output value is not correct.").isEqualTo("");
+		assertThat(this.response.getContentAsString()).withFailMessage("The output value is not correct.")
+				.isEqualTo("");
 	}
 
 	@Test
-	public void hasCsrfRendersReturnedValue() throws JspException,
-			UnsupportedEncodingException {
+	public void hasCsrfRendersReturnedValue() throws JspException, UnsupportedEncodingException {
 
-		CsrfToken token = new DefaultCsrfToken("X-Csrf-Token", "_csrf",
-				"abc123def456ghi789");
+		CsrfToken token = new DefaultCsrfToken("X-Csrf-Token", "_csrf", "abc123def456ghi789");
 		this.request.setAttribute(CsrfToken.class.getName(), token);
 
 		this.tag.handleReturn = "fooBarBazQux";
@@ -75,16 +75,15 @@ public class AbstractCsrfTagTests {
 		int returned = this.tag.doEndTag();
 
 		assertThat(returned).as("The returned value is not correct.").isEqualTo(TagSupport.EVAL_PAGE);
-		assertThat(this.response.getContentAsString()).withFailMessage("The output value is not correct.").isEqualTo("fooBarBazQux");
+		assertThat(this.response.getContentAsString()).withFailMessage("The output value is not correct.")
+				.isEqualTo("fooBarBazQux");
 		assertThat(this.tag.token).as("The token is not correct.").isSameAs(token);
 	}
 
 	@Test
-	public void hasCsrfRendersDifferentValue() throws JspException,
-			UnsupportedEncodingException {
+	public void hasCsrfRendersDifferentValue() throws JspException, UnsupportedEncodingException {
 
-		CsrfToken token = new DefaultCsrfToken("X-Csrf-Token", "_csrf",
-				"abc123def456ghi789");
+		CsrfToken token = new DefaultCsrfToken("X-Csrf-Token", "_csrf", "abc123def456ghi789");
 		this.request.setAttribute(CsrfToken.class.getName(), token);
 
 		this.tag.handleReturn = "<input type=\"hidden\" />";
@@ -92,13 +91,15 @@ public class AbstractCsrfTagTests {
 		int returned = this.tag.doEndTag();
 
 		assertThat(returned).as("The returned value is not correct.").isEqualTo(TagSupport.EVAL_PAGE);
-		assertThat(this.response.getContentAsString()).withFailMessage("The output value is not correct.").isEqualTo("<input type=\"hidden\" />");
+		assertThat(this.response.getContentAsString()).withFailMessage("The output value is not correct.")
+				.isEqualTo("<input type=\"hidden\" />");
 		assertThat(this.tag.token).as("The token is not correct.").isSameAs(token);
 	}
 
 	private static class MockTag extends AbstractCsrfTag {
 
 		private CsrfToken token;
+
 		private String handleReturn;
 
 		@Override
@@ -106,5 +107,7 @@ public class AbstractCsrfTagTests {
 			this.token = token;
 			return this.handleReturn;
 		}
+
 	}
+
 }
diff --git a/taglibs/src/test/java/org/springframework/security/taglibs/csrf/CsrfInputTagTests.java b/taglibs/src/test/java/org/springframework/security/taglibs/csrf/CsrfInputTagTests.java
index 4f68345705..17b3bdec19 100644
--- a/taglibs/src/test/java/org/springframework/security/taglibs/csrf/CsrfInputTagTests.java
+++ b/taglibs/src/test/java/org/springframework/security/taglibs/csrf/CsrfInputTagTests.java
@@ -36,24 +36,24 @@ public class CsrfInputTagTests {
 
 	@Test
 	public void handleTokenReturnsHiddenInput() {
-		CsrfToken token = new DefaultCsrfToken("X-Csrf-Token", "_csrf",
-				"abc123def456ghi789");
+		CsrfToken token = new DefaultCsrfToken("X-Csrf-Token", "_csrf", "abc123def456ghi789");
 
 		String value = this.tag.handleToken(token);
 
 		assertThat(value).as("The returned value should not be null.").isNotNull();
-		assertThat(
-				value).withFailMessage("The output is not correct.").isEqualTo("<input type=\"hidden\" name=\"_csrf\" value=\"abc123def456ghi789\" />");
+		assertThat(value).withFailMessage("The output is not correct.")
+				.isEqualTo("<input type=\"hidden\" name=\"_csrf\" value=\"abc123def456ghi789\" />");
 	}
 
 	@Test
 	public void handleTokenReturnsHiddenInputDifferentTokenValue() {
-		CsrfToken token = new DefaultCsrfToken("X-Csrf-Token", "csrfParameter",
-				"fooBarBazQux");
+		CsrfToken token = new DefaultCsrfToken("X-Csrf-Token", "csrfParameter", "fooBarBazQux");
 
 		String value = this.tag.handleToken(token);
 
 		assertThat(value).as("The returned value should not be null.").isNotNull();
-		assertThat(value).withFailMessage("The output is not correct.").isEqualTo("<input type=\"hidden\" name=\"csrfParameter\" value=\"fooBarBazQux\" />");
+		assertThat(value).withFailMessage("The output is not correct.")
+				.isEqualTo("<input type=\"hidden\" name=\"csrfParameter\" value=\"fooBarBazQux\" />");
 	}
+
 }
diff --git a/taglibs/src/test/java/org/springframework/security/taglibs/csrf/CsrfMetaTagsTagTests.java b/taglibs/src/test/java/org/springframework/security/taglibs/csrf/CsrfMetaTagsTagTests.java
index f71f19e9ca..ae3e0b20ed 100644
--- a/taglibs/src/test/java/org/springframework/security/taglibs/csrf/CsrfMetaTagsTagTests.java
+++ b/taglibs/src/test/java/org/springframework/security/taglibs/csrf/CsrfMetaTagsTagTests.java
@@ -36,27 +36,28 @@ public class CsrfMetaTagsTagTests {
 
 	@Test
 	public void handleTokenRendersTags() {
-		CsrfToken token = new DefaultCsrfToken("X-Csrf-Token", "_csrf",
-				"abc123def456ghi789");
+		CsrfToken token = new DefaultCsrfToken("X-Csrf-Token", "_csrf", "abc123def456ghi789");
 
 		String value = this.tag.handleToken(token);
 
 		assertThat(value).as("The returned value should not be null.").isNotNull();
-		assertThat(value).withFailMessage("The output is not correct.").isEqualTo("<meta name=\"_csrf_parameter\" content=\"_csrf\" />"
-				+ "<meta name=\"_csrf_header\" content=\"X-Csrf-Token\" />"
-				+ "<meta name=\"_csrf\" content=\"abc123def456ghi789\" />");
+		assertThat(value).withFailMessage("The output is not correct.")
+				.isEqualTo("<meta name=\"_csrf_parameter\" content=\"_csrf\" />"
+						+ "<meta name=\"_csrf_header\" content=\"X-Csrf-Token\" />"
+						+ "<meta name=\"_csrf\" content=\"abc123def456ghi789\" />");
 	}
 
 	@Test
 	public void handleTokenRendersTagsDifferentToken() {
-		CsrfToken token = new DefaultCsrfToken("csrfHeader", "csrfParameter",
-				"fooBarBazQux");
+		CsrfToken token = new DefaultCsrfToken("csrfHeader", "csrfParameter", "fooBarBazQux");
 
 		String value = this.tag.handleToken(token);
 
 		assertThat(value).as("The returned value should not be null.").isNotNull();
-		assertThat(value).withFailMessage("The output is not correct.").isEqualTo("<meta name=\"_csrf_parameter\" content=\"csrfParameter\" />"
-				+ "<meta name=\"_csrf_header\" content=\"csrfHeader\" />"
-				+ "<meta name=\"_csrf\" content=\"fooBarBazQux\" />");
+		assertThat(value).withFailMessage("The output is not correct.")
+				.isEqualTo("<meta name=\"_csrf_parameter\" content=\"csrfParameter\" />"
+						+ "<meta name=\"_csrf_header\" content=\"csrfHeader\" />"
+						+ "<meta name=\"_csrf\" content=\"fooBarBazQux\" />");
 	}
+
 }
diff --git a/test/src/main/java/org/springframework/security/test/context/TestSecurityContextHolder.java b/test/src/main/java/org/springframework/security/test/context/TestSecurityContextHolder.java
index fc22058465..bb90171497 100644
--- a/test/src/main/java/org/springframework/security/test/context/TestSecurityContextHolder.java
+++ b/test/src/main/java/org/springframework/security/test/context/TestSecurityContextHolder.java
@@ -46,7 +46,8 @@ import org.springframework.util.Assert;
  * </li>
  * <li>The test is ran. When used with {@link MockMvc} it is typically used with
  * {@link SecurityMockMvcRequestPostProcessors#testSecurityContext()}. Which ensures the
- * {@link SecurityContext} from {@link TestSecurityContextHolder} is properly populated.</li>
+ * {@link SecurityContext} from {@link TestSecurityContextHolder} is properly
+ * populated.</li>
  * <li>After the test is executed, the {@link TestSecurityContextHolder} and the
  * {@link SecurityContextHolder} are cleared out</li>
  * </ul>
@@ -71,7 +72,6 @@ public final class TestSecurityContextHolder {
 
 	/**
 	 * Gets the {@link SecurityContext} from {@link TestSecurityContextHolder}.
-	 *
 	 * @return the {@link SecurityContext} from {@link TestSecurityContextHolder}.
 	 */
 	public static SecurityContext getContext() {
@@ -97,10 +97,9 @@ public final class TestSecurityContextHolder {
 	}
 
 	/**
-	 * Creates a new {@link SecurityContext} with the given {@link Authentication}.
-	 * The {@link SecurityContext} is set on {@link TestSecurityContextHolder} and
+	 * Creates a new {@link SecurityContext} with the given {@link Authentication}. The
+	 * {@link SecurityContext} is set on {@link TestSecurityContextHolder} and
 	 * {@link SecurityContextHolder}.
-	 *
 	 * @param authentication the {@link Authentication} to use
 	 * @since 5.1.1
 	 */
@@ -114,7 +113,6 @@ public final class TestSecurityContextHolder {
 	/**
 	 * Gets the default {@link SecurityContext} by delegating to the
 	 * {@link SecurityContextHolder}
-	 *
 	 * @return the default {@link SecurityContext}
 	 */
 	private static SecurityContext getDefaultContext() {
@@ -123,4 +121,5 @@ public final class TestSecurityContextHolder {
 
 	private TestSecurityContextHolder() {
 	}
+
 }
diff --git a/test/src/main/java/org/springframework/security/test/context/annotation/SecurityTestExecutionListeners.java b/test/src/main/java/org/springframework/security/test/context/annotation/SecurityTestExecutionListeners.java
index 0ae6271523..0d76e26b4c 100644
--- a/test/src/main/java/org/springframework/security/test/context/annotation/SecurityTestExecutionListeners.java
+++ b/test/src/main/java/org/springframework/security/test/context/annotation/SecurityTestExecutionListeners.java
@@ -28,11 +28,10 @@ import org.springframework.security.test.context.support.WithSecurityContextTest
 import org.springframework.test.context.TestExecutionListeners;
 
 /**
- * There are many times a user may want to use Spring Security's test support
- * (i.e. WithMockUser) but have no need for any other
- * {@link TestExecutionListeners} (i.e. no need to setup an
- * {@link ApplicationContext}). This annotation is a meta annotation that only
- * enables Spring Security's {@link TestExecutionListeners}.
+ * There are many times a user may want to use Spring Security's test support (i.e.
+ * WithMockUser) but have no need for any other {@link TestExecutionListeners} (i.e. no
+ * need to setup an {@link ApplicationContext}). This annotation is a meta annotation that
+ * only enables Spring Security's {@link TestExecutionListeners}.
  *
  * @author Rob Winch
  * @since 4.0.2
@@ -43,7 +42,8 @@ import org.springframework.test.context.TestExecutionListeners;
 @Inherited
 @Retention(RetentionPolicy.RUNTIME)
 @Target(ElementType.TYPE)
-@TestExecutionListeners(inheritListeners = false, listeners = {WithSecurityContextTestExecutionListener.class,
-	ReactorContextTestExecutionListener.class})
+@TestExecutionListeners(inheritListeners = false,
+		listeners = { WithSecurityContextTestExecutionListener.class, ReactorContextTestExecutionListener.class })
 public @interface SecurityTestExecutionListeners {
+
 }
diff --git a/test/src/main/java/org/springframework/security/test/context/support/DelegatingTestExecutionListener.java b/test/src/main/java/org/springframework/security/test/context/support/DelegatingTestExecutionListener.java
index 3b34dda6bf..170d5f0e5a 100644
--- a/test/src/main/java/org/springframework/security/test/context/support/DelegatingTestExecutionListener.java
+++ b/test/src/main/java/org/springframework/security/test/context/support/DelegatingTestExecutionListener.java
@@ -25,8 +25,7 @@ import org.springframework.util.Assert;
  * @author Rob Winch
  * @since 5.0
  */
-class DelegatingTestExecutionListener
-	extends AbstractTestExecutionListener {
+class DelegatingTestExecutionListener extends AbstractTestExecutionListener {
 
 	private final TestExecutionListener delegate;
 
@@ -69,4 +68,5 @@ class DelegatingTestExecutionListener
 	public void afterTestClass(TestContext testContext) throws Exception {
 		delegate.afterTestClass(testContext);
 	}
+
 }
diff --git a/test/src/main/java/org/springframework/security/test/context/support/ReactorContextTestExecutionListener.java b/test/src/main/java/org/springframework/security/test/context/support/ReactorContextTestExecutionListener.java
index 0ad8200938..5e1d95cc59 100644
--- a/test/src/main/java/org/springframework/security/test/context/support/ReactorContextTestExecutionListener.java
+++ b/test/src/main/java/org/springframework/security/test/context/support/ReactorContextTestExecutionListener.java
@@ -40,10 +40,10 @@ import reactor.util.context.Context;
  * @see WithSecurityContextTestExecutionListener
  * @see org.springframework.security.test.context.annotation.SecurityTestExecutionListeners
  */
-public class ReactorContextTestExecutionListener
-	extends DelegatingTestExecutionListener {
+public class ReactorContextTestExecutionListener extends DelegatingTestExecutionListener {
 
 	private static final String HOOKS_CLASS_NAME = "reactor.core.publisher.Hooks";
+
 	private static final String CONTEXT_OPERATOR_KEY = SecurityContext.class.getName();
 
 	public ReactorContextTestExecutionListener() {
@@ -51,16 +51,18 @@ public class ReactorContextTestExecutionListener
 	}
 
 	private static TestExecutionListener createDelegate() {
-		return ClassUtils.isPresent(HOOKS_CLASS_NAME, ReactorContextTestExecutionListener.class.getClassLoader()) ?
-			new DelegateTestExecutionListener() :
-			new AbstractTestExecutionListener() {};
+		return ClassUtils.isPresent(HOOKS_CLASS_NAME, ReactorContextTestExecutionListener.class.getClassLoader())
+				? new DelegateTestExecutionListener() : new AbstractTestExecutionListener() {
+				};
 	}
 
 	private static class DelegateTestExecutionListener extends AbstractTestExecutionListener {
+
 		@Override
 		public void beforeTestMethod(TestContext testContext) {
 			SecurityContext securityContext = TestSecurityContextHolder.getContext();
-			Hooks.onLastOperator(CONTEXT_OPERATOR_KEY, Operators.lift((s, sub) -> new SecuritySubContext<>(sub, securityContext)));
+			Hooks.onLastOperator(CONTEXT_OPERATOR_KEY,
+					Operators.lift((s, sub) -> new SecuritySubContext<>(sub, securityContext)));
 		}
 
 		@Override
@@ -69,9 +71,12 @@ public class ReactorContextTestExecutionListener
 		}
 
 		private static class SecuritySubContext<T> implements CoreSubscriber<T> {
-			private static String CONTEXT_DEFAULTED_ATTR_NAME = SecuritySubContext.class.getName().concat(".CONTEXT_DEFAULTED_ATTR_NAME");
+
+			private static String CONTEXT_DEFAULTED_ATTR_NAME = SecuritySubContext.class.getName()
+					.concat(".CONTEXT_DEFAULTED_ATTR_NAME");
 
 			private final CoreSubscriber<T> delegate;
+
 			private final SecurityContext securityContext;
 
 			SecuritySubContext(CoreSubscriber<T> delegate, SecurityContext securityContext) {
@@ -90,8 +95,7 @@ public class ReactorContextTestExecutionListener
 				if (authentication == null) {
 					return context;
 				}
-				Context toMerge = ReactiveSecurityContextHolder.withSecurityContext(
-						Mono.just(this.securityContext));
+				Context toMerge = ReactiveSecurityContextHolder.withSecurityContext(Mono.just(this.securityContext));
 				return toMerge.putAll(context);
 			}
 
@@ -114,7 +118,9 @@ public class ReactorContextTestExecutionListener
 			public void onComplete() {
 				delegate.onComplete();
 			}
+
 		}
+
 	}
 
 	/**
@@ -124,4 +130,5 @@ public class ReactorContextTestExecutionListener
 	public int getOrder() {
 		return 11000;
 	}
+
 }
diff --git a/test/src/main/java/org/springframework/security/test/context/support/TestExecutionEvent.java b/test/src/main/java/org/springframework/security/test/context/support/TestExecutionEvent.java
index 2051494549..e778c552c4 100644
--- a/test/src/main/java/org/springframework/security/test/context/support/TestExecutionEvent.java
+++ b/test/src/main/java/org/springframework/security/test/context/support/TestExecutionEvent.java
@@ -19,20 +19,25 @@ package org.springframework.security.test.context.support;
 import org.springframework.test.context.TestContext;
 
 /**
- * Represents the events on the methods of {@link org.springframework.test.context.TestExecutionListener}
+ * Represents the events on the methods of
+ * {@link org.springframework.test.context.TestExecutionListener}
  *
  * @author Rob Winch
  * @since 5.1
  */
 public enum TestExecutionEvent {
+
 	/**
-	 * Associated to {@link org.springframework.test.context.TestExecutionListener#beforeTestMethod(TestContext)}
+	 * Associated to
+	 * {@link org.springframework.test.context.TestExecutionListener#beforeTestMethod(TestContext)}
 	 * event.
 	 */
 	TEST_METHOD,
 	/**
-	 * Associated to {@link org.springframework.test.context.TestExecutionListener#beforeTestExecution(TestContext)}
+	 * Associated to
+	 * {@link org.springframework.test.context.TestExecutionListener#beforeTestExecution(TestContext)}
 	 * event.
 	 */
 	TEST_EXECUTION
+
 }
diff --git a/test/src/main/java/org/springframework/security/test/context/support/WithAnonymousUser.java b/test/src/main/java/org/springframework/security/test/context/support/WithAnonymousUser.java
index 7ce99146e3..a08275bca9 100644
--- a/test/src/main/java/org/springframework/security/test/context/support/WithAnonymousUser.java
+++ b/test/src/main/java/org/springframework/security/test/context/support/WithAnonymousUser.java
@@ -28,12 +28,12 @@ import org.springframework.security.core.context.SecurityContext;
 import org.springframework.test.context.TestContext;
 
 /**
- * When used with {@link WithSecurityContextTestExecutionListener} this
- * annotation can be added to a test method to emulate running with an anonymous
- * user. The {@link SecurityContext} that is used will contain an
- * {@link AnonymousAuthenticationToken}. This is useful when a user wants to run
- * a majority of tests as a specific user and wishes to override a few methods
- * to be anonymous. For example:
+ * When used with {@link WithSecurityContextTestExecutionListener} this annotation can be
+ * added to a test method to emulate running with an anonymous user. The
+ * {@link SecurityContext} that is used will contain an
+ * {@link AnonymousAuthenticationToken}. This is useful when a user wants to run a
+ * majority of tests as a specific user and wishes to override a few methods to be
+ * anonymous. For example:
  *
  * <pre>
  * <code>
@@ -47,8 +47,7 @@ import org.springframework.test.context.TestContext;
  *
  *     // ... lots of tests ran with a default user ...
  * }
- * </code>
- * </pre>
+ * </code> </pre>
  *
  * @author Rob Winch
  * @since 4.1
@@ -69,4 +68,5 @@ public @interface WithAnonymousUser {
 	 */
 	@AliasFor(annotation = WithSecurityContext.class)
 	TestExecutionEvent setupBefore() default TestExecutionEvent.TEST_METHOD;
+
 }
diff --git a/test/src/main/java/org/springframework/security/test/context/support/WithAnonymousUserSecurityContextFactory.java b/test/src/main/java/org/springframework/security/test/context/support/WithAnonymousUserSecurityContextFactory.java
index 8d7cf4a043..11409e1d8b 100644
--- a/test/src/main/java/org/springframework/security/test/context/support/WithAnonymousUserSecurityContextFactory.java
+++ b/test/src/main/java/org/springframework/security/test/context/support/WithAnonymousUserSecurityContextFactory.java
@@ -25,17 +25,15 @@ import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.core.context.SecurityContextHolder;
 
 /**
- * A {@link WithAnonymousUserSecurityContextFactory} that runs with an {@link AnonymousAuthenticationToken}.
- * .
+ * A {@link WithAnonymousUserSecurityContextFactory} that runs with an
+ * {@link AnonymousAuthenticationToken}. .
  *
  * @see WithUserDetails
- *
  * @author Rob Winch
  * @since 4.1
  */
 
-final class WithAnonymousUserSecurityContextFactory implements
-		WithSecurityContextFactory<WithAnonymousUser> {
+final class WithAnonymousUserSecurityContextFactory implements WithSecurityContextFactory<WithAnonymousUser> {
 
 	public SecurityContext createSecurityContext(WithAnonymousUser withUser) {
 		List<GrantedAuthority> authorities = AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS");
@@ -44,4 +42,5 @@ final class WithAnonymousUserSecurityContextFactory implements
 		context.setAuthentication(authentication);
 		return context;
 	}
+
 }
\ No newline at end of file
diff --git a/test/src/main/java/org/springframework/security/test/context/support/WithMockUser.java b/test/src/main/java/org/springframework/security/test/context/support/WithMockUser.java
index d7500ffcb3..23a2e2204c 100644
--- a/test/src/main/java/org/springframework/security/test/context/support/WithMockUser.java
+++ b/test/src/main/java/org/springframework/security/test/context/support/WithMockUser.java
@@ -56,6 +56,7 @@ import org.springframework.test.web.servlet.MockMvc;
 @Documented
 @WithSecurityContext(factory = WithMockUserSecurityContextFactory.class)
 public @interface WithMockUser {
+
 	/**
 	 * Convenience mechanism for specifying the username. The default is "user". If
 	 * {@link #username()} is specified it will be used instead of {@link #value()}
@@ -78,9 +79,9 @@ public @interface WithMockUser {
 	 * with "ROLE_". For example, the default will result in "ROLE_USER" being used.
 	 * </p>
 	 * <p>
-	 * If {@link #authorities()} is specified this property cannot be changed from the default.
+	 * If {@link #authorities()} is specified this property cannot be changed from the
+	 * default.
 	 * </p>
-	 *
 	 * @return
 	 */
 	String[] roles() default { "USER" };
@@ -94,7 +95,6 @@ public @interface WithMockUser {
 	 * If this property is specified then {@link #roles()} is not used. This differs from
 	 * {@link #roles()} in that it does not prefix the values passed in automatically.
 	 * </p>
-	 *
 	 * @return
 	 */
 	String[] authorities() default {};
@@ -114,4 +114,5 @@ public @interface WithMockUser {
 	 */
 	@AliasFor(annotation = WithSecurityContext.class)
 	TestExecutionEvent setupBefore() default TestExecutionEvent.TEST_METHOD;
+
 }
diff --git a/test/src/main/java/org/springframework/security/test/context/support/WithMockUserSecurityContextFactory.java b/test/src/main/java/org/springframework/security/test/context/support/WithMockUserSecurityContextFactory.java
index d2cc86d966..5de64847e2 100644
--- a/test/src/main/java/org/springframework/security/test/context/support/WithMockUserSecurityContextFactory.java
+++ b/test/src/main/java/org/springframework/security/test/context/support/WithMockUserSecurityContextFactory.java
@@ -35,15 +35,13 @@ import org.springframework.util.StringUtils;
  * @since 4.0
  * @see WithMockUser
  */
-final class WithMockUserSecurityContextFactory implements
-		WithSecurityContextFactory<WithMockUser> {
+final class WithMockUserSecurityContextFactory implements WithSecurityContextFactory<WithMockUser> {
 
 	public SecurityContext createSecurityContext(WithMockUser withUser) {
-		String username = StringUtils.hasLength(withUser.username()) ? withUser
-				.username() : withUser.value();
+		String username = StringUtils.hasLength(withUser.username()) ? withUser.username() : withUser.value();
 		if (username == null) {
-			throw new IllegalArgumentException(withUser
-					+ " cannot have null username on both username and value properties");
+			throw new IllegalArgumentException(
+					withUser + " cannot have null username on both username and value properties");
 		}
 
 		List<GrantedAuthority> grantedAuthorities = new ArrayList<>();
@@ -54,21 +52,22 @@ final class WithMockUserSecurityContextFactory implements
 		if (grantedAuthorities.isEmpty()) {
 			for (String role : withUser.roles()) {
 				if (role.startsWith("ROLE_")) {
-					throw new IllegalArgumentException("roles cannot start with ROLE_ Got "
-							+ role);
+					throw new IllegalArgumentException("roles cannot start with ROLE_ Got " + role);
 				}
 				grantedAuthorities.add(new SimpleGrantedAuthority("ROLE_" + role));
 			}
-		} else if (!(withUser.roles().length == 1 && "USER".equals(withUser.roles()[0]))) {
-			throw new IllegalStateException("You cannot define roles attribute "+ Arrays.asList(withUser.roles())+" with authorities attribute "+ Arrays.asList(withUser.authorities()));
+		}
+		else if (!(withUser.roles().length == 1 && "USER".equals(withUser.roles()[0]))) {
+			throw new IllegalStateException("You cannot define roles attribute " + Arrays.asList(withUser.roles())
+					+ " with authorities attribute " + Arrays.asList(withUser.authorities()));
 		}
 
-		User principal = new User(username, withUser.password(), true, true, true, true,
-				grantedAuthorities);
-		Authentication authentication = new UsernamePasswordAuthenticationToken(
-				principal, principal.getPassword(), principal.getAuthorities());
+		User principal = new User(username, withUser.password(), true, true, true, true, grantedAuthorities);
+		Authentication authentication = new UsernamePasswordAuthenticationToken(principal, principal.getPassword(),
+				principal.getAuthorities());
 		SecurityContext context = SecurityContextHolder.createEmptyContext();
 		context.setAuthentication(authentication);
 		return context;
 	}
+
 }
diff --git a/test/src/main/java/org/springframework/security/test/context/support/WithSecurityContext.java b/test/src/main/java/org/springframework/security/test/context/support/WithSecurityContext.java
index 5f401eecf8..a97bb44794 100644
--- a/test/src/main/java/org/springframework/security/test/context/support/WithSecurityContext.java
+++ b/test/src/main/java/org/springframework/security/test/context/support/WithSecurityContext.java
@@ -54,11 +54,11 @@ import org.springframework.test.context.TestContext;
 @Inherited
 @Documented
 public @interface WithSecurityContext {
+
 	/**
 	 * The {@link WithUserDetailsSecurityContextFactory} to use to create the
 	 * {@link SecurityContext}. It can contain {@link Autowired} and other Spring
 	 * annotations.
-	 *
 	 * @return
 	 */
 	Class<? extends WithSecurityContextFactory<? extends Annotation>> factory();
diff --git a/test/src/main/java/org/springframework/security/test/context/support/WithSecurityContextFactory.java b/test/src/main/java/org/springframework/security/test/context/support/WithSecurityContextFactory.java
index e99060b5e7..c00e589fab 100644
--- a/test/src/main/java/org/springframework/security/test/context/support/WithSecurityContextFactory.java
+++ b/test/src/main/java/org/springframework/security/test/context/support/WithSecurityContextFactory.java
@@ -25,7 +25,6 @@ import org.springframework.security.test.context.TestSecurityContextHolder;
  * {@link SecurityContext} that is populated in the {@link TestSecurityContextHolder}.
  *
  * @author Rob Winch
- *
  * @param <A>
  * @see WithSecurityContext
  * @see WithMockUser
@@ -36,10 +35,10 @@ public interface WithSecurityContextFactory<A extends Annotation> {
 
 	/**
 	 * Create a {@link SecurityContext} given an Annotation.
-	 *
 	 * @param annotation the {@link Annotation} to create the {@link SecurityContext}
 	 * from. Cannot be null.
 	 * @return the {@link SecurityContext} to use. Cannot be null.
 	 */
 	SecurityContext createSecurityContext(A annotation);
+
 }
\ No newline at end of file
diff --git a/test/src/main/java/org/springframework/security/test/context/support/WithSecurityContextTestExecutionListener.java b/test/src/main/java/org/springframework/security/test/context/support/WithSecurityContextTestExecutionListener.java
index 0d7321a9f0..c62ac3412f 100644
--- a/test/src/main/java/org/springframework/security/test/context/support/WithSecurityContextTestExecutionListener.java
+++ b/test/src/main/java/org/springframework/security/test/context/support/WithSecurityContextTestExecutionListener.java
@@ -47,10 +47,10 @@ import org.springframework.test.web.servlet.MockMvc;
  * @see ReactorContextTestExecutionListener
  * @see org.springframework.security.test.context.annotation.SecurityTestExecutionListeners
  */
-public class WithSecurityContextTestExecutionListener
-		extends AbstractTestExecutionListener {
+public class WithSecurityContextTestExecutionListener extends AbstractTestExecutionListener {
 
-	static final String SECURITY_CONTEXT_ATTR_NAME = WithSecurityContextTestExecutionListener.class.getName().concat(".SECURITY_CONTEXT");
+	static final String SECURITY_CONTEXT_ATTR_NAME = WithSecurityContextTestExecutionListener.class.getName()
+			.concat(".SECURITY_CONTEXT");
 
 	/**
 	 * Sets up the {@link SecurityContext} for each test method. First the specific method
@@ -60,21 +60,19 @@ public class WithSecurityContextTestExecutionListener
 	 */
 	@Override
 	public void beforeTestMethod(TestContext testContext) {
-		TestSecurityContext testSecurityContext = createTestSecurityContext(
-				testContext.getTestMethod(), testContext);
+		TestSecurityContext testSecurityContext = createTestSecurityContext(testContext.getTestMethod(), testContext);
 		if (testSecurityContext == null) {
-			testSecurityContext = createTestSecurityContext(testContext.getTestClass(),
-					testContext);
+			testSecurityContext = createTestSecurityContext(testContext.getTestClass(), testContext);
 		}
 		if (testSecurityContext == null) {
 			return;
 		}
 
-		Supplier<SecurityContext> supplier = testSecurityContext
-				.getSecurityContextSupplier();
+		Supplier<SecurityContext> supplier = testSecurityContext.getSecurityContextSupplier();
 		if (testSecurityContext.getTestExecutionEvent() == TestExecutionEvent.TEST_METHOD) {
 			TestSecurityContextHolder.setContext(supplier.get());
-		} else {
+		}
+		else {
 			testContext.setAttribute(SECURITY_CONTEXT_ATTR_NAME, supplier);
 		}
 	}
@@ -92,19 +90,17 @@ public class WithSecurityContextTestExecutionListener
 		}
 	}
 
-	private TestSecurityContext createTestSecurityContext(AnnotatedElement annotated,
-			TestContext context) {
-		WithSecurityContext withSecurityContext = AnnotatedElementUtils
-				.findMergedAnnotation(annotated, WithSecurityContext.class);
+	private TestSecurityContext createTestSecurityContext(AnnotatedElement annotated, TestContext context) {
+		WithSecurityContext withSecurityContext = AnnotatedElementUtils.findMergedAnnotation(annotated,
+				WithSecurityContext.class);
 		return createTestSecurityContext(annotated, withSecurityContext, context);
 	}
 
-	private TestSecurityContext createTestSecurityContext(Class<?> annotated,
-			TestContext context) {
+	private TestSecurityContext createTestSecurityContext(Class<?> annotated, TestContext context) {
 		MetaAnnotationUtils.AnnotationDescriptor<WithSecurityContext> withSecurityContextDescriptor = MetaAnnotationUtils
 				.findAnnotationDescriptor(annotated, WithSecurityContext.class);
-		WithSecurityContext withSecurityContext = withSecurityContextDescriptor == null
-				? null : withSecurityContextDescriptor.getAnnotation();
+		WithSecurityContext withSecurityContext = withSecurityContextDescriptor == null ? null
+				: withSecurityContextDescriptor.getAnnotation();
 		return createTestSecurityContext(annotated, withSecurityContext, context);
 	}
 
@@ -114,35 +110,32 @@ public class WithSecurityContextTestExecutionListener
 		if (withSecurityContext == null) {
 			return null;
 		}
-		withSecurityContext = AnnotationUtils
-			.synthesizeAnnotation(withSecurityContext, annotated);
+		withSecurityContext = AnnotationUtils.synthesizeAnnotation(withSecurityContext, annotated);
 		WithSecurityContextFactory factory = createFactory(withSecurityContext, context);
 		Class<? extends Annotation> type = (Class<? extends Annotation>) GenericTypeResolver
-				.resolveTypeArgument(factory.getClass(),
-						WithSecurityContextFactory.class);
+				.resolveTypeArgument(factory.getClass(), WithSecurityContextFactory.class);
 		Annotation annotation = findAnnotation(annotated, type);
 		Supplier<SecurityContext> supplier = () -> {
 			try {
 				return factory.createSecurityContext(annotation);
-			} catch (RuntimeException e) {
-				throw new IllegalStateException(
-						"Unable to create SecurityContext using " + annotation, e);
+			}
+			catch (RuntimeException e) {
+				throw new IllegalStateException("Unable to create SecurityContext using " + annotation, e);
 			}
 		};
 		TestExecutionEvent initialize = withSecurityContext.setupBefore();
 		return new TestSecurityContext(supplier, initialize);
 	}
 
-	private Annotation findAnnotation(AnnotatedElement annotated,
-			Class<? extends Annotation> type) {
+	private Annotation findAnnotation(AnnotatedElement annotated, Class<? extends Annotation> type) {
 		Annotation findAnnotation = AnnotationUtils.findAnnotation(annotated, type);
 		if (findAnnotation != null) {
 			return findAnnotation;
 		}
 		Annotation[] allAnnotations = AnnotationUtils.getAnnotations(annotated);
 		for (Annotation annotationToTest : allAnnotations) {
-			WithSecurityContext withSecurityContext = AnnotationUtils.findAnnotation(
-					annotationToTest.annotationType(), WithSecurityContext.class);
+			WithSecurityContext withSecurityContext = AnnotationUtils.findAnnotation(annotationToTest.annotationType(),
+					WithSecurityContext.class);
 			if (withSecurityContext != null) {
 				return annotationToTest;
 			}
@@ -150,13 +143,11 @@ public class WithSecurityContextTestExecutionListener
 		return null;
 	}
 
-	private WithSecurityContextFactory<? extends Annotation> createFactory(
-			WithSecurityContext withSecurityContext, TestContext testContext) {
-		Class<? extends WithSecurityContextFactory<? extends Annotation>> clazz = withSecurityContext
-				.factory();
+	private WithSecurityContextFactory<? extends Annotation> createFactory(WithSecurityContext withSecurityContext,
+			TestContext testContext) {
+		Class<? extends WithSecurityContextFactory<? extends Annotation>> clazz = withSecurityContext.factory();
 		try {
-			return testContext.getApplicationContext().getAutowireCapableBeanFactory()
-					.createBean(clazz);
+			return testContext.getApplicationContext().getAutowireCapableBeanFactory().createBean(clazz);
 		}
 		catch (IllegalStateException e) {
 			return BeanUtils.instantiateClass(clazz);
@@ -184,11 +175,12 @@ public class WithSecurityContextTestExecutionListener
 	}
 
 	static class TestSecurityContext {
+
 		private final Supplier<SecurityContext> securityContextSupplier;
+
 		private final TestExecutionEvent testExecutionEvent;
 
-		TestSecurityContext(Supplier<SecurityContext> securityContextSupplier,
-				TestExecutionEvent testExecutionEvent) {
+		TestSecurityContext(Supplier<SecurityContext> securityContextSupplier, TestExecutionEvent testExecutionEvent) {
 			this.securityContextSupplier = securityContextSupplier;
 			this.testExecutionEvent = testExecutionEvent;
 		}
@@ -200,5 +192,7 @@ public class WithSecurityContextTestExecutionListener
 		public TestExecutionEvent getTestExecutionEvent() {
 			return this.testExecutionEvent;
 		}
+
 	}
+
 }
diff --git a/test/src/main/java/org/springframework/security/test/context/support/WithUserDetails.java b/test/src/main/java/org/springframework/security/test/context/support/WithUserDetails.java
index 453539946c..ac2fee5b00 100644
--- a/test/src/main/java/org/springframework/security/test/context/support/WithUserDetails.java
+++ b/test/src/main/java/org/springframework/security/test/context/support/WithUserDetails.java
@@ -55,18 +55,17 @@ import org.springframework.test.web.servlet.MockMvc;
 @Documented
 @WithSecurityContext(factory = WithUserDetailsSecurityContextFactory.class)
 public @interface WithUserDetails {
+
 	/**
 	 * The username to look up in the {@link UserDetailsService}
-	 *
 	 * @return
 	 */
 	String value() default "user";
 
 	/**
-	 * The bean name for the {@link UserDetailsService} to use. If this is not
-	 * provided, then the lookup is done by type and expects only a single
+	 * The bean name for the {@link UserDetailsService} to use. If this is not provided,
+	 * then the lookup is done by type and expects only a single
 	 * {@link UserDetailsService} bean to be exposed.
-	 *
 	 * @return the bean name for the {@link UserDetailsService} to use.
 	 * @since 4.1
 	 */
@@ -81,4 +80,5 @@ public @interface WithUserDetails {
 	 */
 	@AliasFor(annotation = WithSecurityContext.class)
 	TestExecutionEvent setupBefore() default TestExecutionEvent.TEST_METHOD;
+
 }
diff --git a/test/src/main/java/org/springframework/security/test/context/support/WithUserDetailsSecurityContextFactory.java b/test/src/main/java/org/springframework/security/test/context/support/WithUserDetailsSecurityContextFactory.java
index caa8dc6351..0bb706ddfb 100644
--- a/test/src/main/java/org/springframework/security/test/context/support/WithUserDetailsSecurityContextFactory.java
+++ b/test/src/main/java/org/springframework/security/test/context/support/WithUserDetailsSecurityContextFactory.java
@@ -36,15 +36,14 @@ import org.springframework.util.StringUtils;
  * .
  *
  * @see WithUserDetails
- *
  * @author Rob Winch
  * @since 4.0
  */
 
-final class WithUserDetailsSecurityContextFactory implements
-		WithSecurityContextFactory<WithUserDetails> {
+final class WithUserDetailsSecurityContextFactory implements WithSecurityContextFactory<WithUserDetails> {
 
-	private static final boolean reactorPresent = ClassUtils.isPresent("reactor.core.publisher.Mono", WithUserDetailsSecurityContextFactory.class.getClassLoader());
+	private static final boolean reactorPresent = ClassUtils.isPresent("reactor.core.publisher.Mono",
+			WithUserDetailsSecurityContextFactory.class.getClassLoader());
 
 	private BeanFactory beans;
 
@@ -59,8 +58,8 @@ final class WithUserDetailsSecurityContextFactory implements
 		String username = withUser.value();
 		Assert.hasLength(username, "value() must be non empty String");
 		UserDetails principal = userDetailsService.loadUserByUsername(username);
-		Authentication authentication = new UsernamePasswordAuthenticationToken(
-				principal, principal.getPassword(), principal.getAuthorities());
+		Authentication authentication = new UsernamePasswordAuthenticationToken(principal, principal.getPassword(),
+				principal.getAuthorities());
 		SecurityContext context = SecurityContextHolder.createEmptyContext();
 		context.setAuthentication(authentication);
 		return context;
@@ -73,35 +72,35 @@ final class WithUserDetailsSecurityContextFactory implements
 				return reactive;
 			}
 		}
-		return StringUtils.hasLength(beanName)
-			? this.beans.getBean(beanName, UserDetailsService.class)
-			: this.beans.getBean(UserDetailsService.class);
+		return StringUtils.hasLength(beanName) ? this.beans.getBean(beanName, UserDetailsService.class)
+				: this.beans.getBean(UserDetailsService.class);
 	}
 
 	public UserDetailsService findAndAdaptReactiveUserDetailsService(String beanName) {
 		try {
-			ReactiveUserDetailsService reactiveUserDetailsService = StringUtils
-				.hasLength(beanName) ?
-				this.beans.getBean(beanName, ReactiveUserDetailsService.class) :
-				this.beans.getBean(ReactiveUserDetailsService.class);
+			ReactiveUserDetailsService reactiveUserDetailsService = StringUtils.hasLength(beanName)
+					? this.beans.getBean(beanName, ReactiveUserDetailsService.class)
+					: this.beans.getBean(ReactiveUserDetailsService.class);
 			return new ReactiveUserDetailsServiceAdapter(reactiveUserDetailsService);
-		} catch(NoSuchBeanDefinitionException | BeanNotOfRequiredTypeException notReactive) {
+		}
+		catch (NoSuchBeanDefinitionException | BeanNotOfRequiredTypeException notReactive) {
 			return null;
 		}
 	}
 
 	private class ReactiveUserDetailsServiceAdapter implements UserDetailsService {
+
 		private final ReactiveUserDetailsService userDetailsService;
 
-		private ReactiveUserDetailsServiceAdapter(
-			ReactiveUserDetailsService userDetailsService) {
+		private ReactiveUserDetailsServiceAdapter(ReactiveUserDetailsService userDetailsService) {
 			this.userDetailsService = userDetailsService;
 		}
 
 		@Override
-		public UserDetails loadUserByUsername(String username)
-			throws UsernameNotFoundException {
+		public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
 			return this.userDetailsService.findByUsername(username).block();
 		}
+
 	}
+
 }
diff --git a/test/src/main/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurers.java b/test/src/main/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurers.java
index 997f41eb23..153e4692cd 100644
--- a/test/src/main/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurers.java
+++ b/test/src/main/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurers.java
@@ -108,49 +108,46 @@ public class SecurityMockServerConfigurers {
 	public static MockServerConfigurer springSecurity() {
 		return new MockServerConfigurer() {
 			public void beforeServerCreated(WebHttpHandlerBuilder builder) {
-				builder.filters( filters -> filters.add(0, new MutatorFilter()));
+				builder.filters(filters -> filters.add(0, new MutatorFilter()));
 			}
 		};
 	}
 
 	/**
 	 * Updates the ServerWebExchange to use the provided Authentication as the Principal
-	 *
 	 * @param authentication the Authentication to use.
 	 * @return the configurer to use
 	 */
-	public static <T extends WebTestClientConfigurer & MockServerConfigurer> T mockAuthentication(Authentication authentication) {
+	public static <T extends WebTestClientConfigurer & MockServerConfigurer> T mockAuthentication(
+			Authentication authentication) {
 		return (T) new MutatorWebTestClientConfigurer(() -> Mono.just(authentication).map(SecurityContextImpl::new));
 	}
 
 	/**
-	 * Updates the ServerWebExchange to use the provided UserDetails to create a UsernamePasswordAuthenticationToken as
-	 * the Principal
-	 *
+	 * Updates the ServerWebExchange to use the provided UserDetails to create a
+	 * UsernamePasswordAuthenticationToken as the Principal
 	 * @param userDetails the UserDetails to use.
 	 * @return the configurer to use
 	 */
 	public static <T extends WebTestClientConfigurer & MockServerConfigurer> T mockUser(UserDetails userDetails) {
-		return mockAuthentication(new UsernamePasswordAuthenticationToken(userDetails, userDetails.getPassword(), userDetails.getAuthorities()));
+		return mockAuthentication(new UsernamePasswordAuthenticationToken(userDetails, userDetails.getPassword(),
+				userDetails.getAuthorities()));
 	}
 
 	/**
-	 * Updates the ServerWebExchange to use a UserDetails to create a UsernamePasswordAuthenticationToken as
-	 * the Principal. This uses a default username of "user", password of "password", and granted authorities of
-	 * "ROLE_USER".
-	 *
+	 * Updates the ServerWebExchange to use a UserDetails to create a
+	 * UsernamePasswordAuthenticationToken as the Principal. This uses a default username
+	 * of "user", password of "password", and granted authorities of "ROLE_USER".
 	 * @return the {@link UserExchangeMutator} to use
 	 */
 	public static UserExchangeMutator mockUser() {
 		return mockUser("user");
 	}
 
-
 	/**
-	 * Updates the ServerWebExchange to use a UserDetails to create a UsernamePasswordAuthenticationToken as
-	 * the Principal. This uses a default password of "password" and granted authorities of
-	 * "ROLE_USER".
-	 *
+	 * Updates the ServerWebExchange to use a UserDetails to create a
+	 * UsernamePasswordAuthenticationToken as the Principal. This uses a default password
+	 * of "password" and granted authorities of "ROLE_USER".
 	 * @return the {@link WebTestClientConfigurer} to use
 	 */
 	public static UserExchangeMutator mockUser(String username) {
@@ -159,11 +156,9 @@ public class SecurityMockServerConfigurers {
 
 	/**
 	 * Updates the ServerWebExchange to establish a {@link SecurityContext} that has a
-	 * {@link JwtAuthenticationToken} for the
-	 * {@link Authentication} and a {@link Jwt} for the
-	 * {@link Authentication#getPrincipal()}. All details are
-	 * declarative and do not require the JWT to be valid.
-	 *
+	 * {@link JwtAuthenticationToken} for the {@link Authentication} and a {@link Jwt} for
+	 * the {@link Authentication#getPrincipal()}. All details are declarative and do not
+	 * require the JWT to be valid.
 	 * @return the {@link JwtMutator} to further configure or use
 	 * @since 5.2
 	 */
@@ -173,11 +168,9 @@ public class SecurityMockServerConfigurers {
 
 	/**
 	 * Updates the ServerWebExchange to establish a {@link SecurityContext} that has a
-	 * {@link BearerTokenAuthentication} for the
-	 * {@link Authentication} and an {@link OAuth2AuthenticatedPrincipal} for the
-	 * {@link Authentication#getPrincipal()}. All details are
-	 * declarative and do not require the token to be valid.
-	 *
+	 * {@link BearerTokenAuthentication} for the {@link Authentication} and an
+	 * {@link OAuth2AuthenticatedPrincipal} for the {@link Authentication#getPrincipal()}.
+	 * All details are declarative and do not require the token to be valid.
 	 * @return the {@link OpaqueTokenMutator} to further configure or use
 	 * @since 5.3
 	 */
@@ -187,43 +180,39 @@ public class SecurityMockServerConfigurers {
 
 	/**
 	 * Updates the ServerWebExchange to establish a {@link SecurityContext} that has a
-	 * {@link OAuth2AuthenticationToken} for the
-	 * {@link Authentication}. All details are
+	 * {@link OAuth2AuthenticationToken} for the {@link Authentication}. All details are
 	 * declarative and do not require the corresponding OAuth 2.0 tokens to be valid.
-	 *
 	 * @return the {@link OAuth2LoginMutator} to further configure or use
 	 * @since 5.3
 	 */
 	public static OAuth2LoginMutator mockOAuth2Login() {
-		OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, "access-token",
-				null, null, Collections.singleton("read"));
+		OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, "access-token", null,
+				null, Collections.singleton("read"));
 		return new OAuth2LoginMutator(accessToken);
 	}
 
 	/**
 	 * Updates the ServerWebExchange to establish a {@link SecurityContext} that has a
-	 * {@link OAuth2AuthenticationToken} for the
-	 * {@link Authentication}. All details are
+	 * {@link OAuth2AuthenticationToken} for the {@link Authentication}. All details are
 	 * declarative and do not require the corresponding OAuth 2.0 tokens to be valid.
-	 *
 	 * @return the {@link OidcLoginMutator} to further configure or use
 	 * @since 5.3
 	 */
 	public static OidcLoginMutator mockOidcLogin() {
-		OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, "access-token",
-				null, null, Collections.singleton("read"));
+		OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, "access-token", null,
+				null, Collections.singleton("read"));
 		return new OidcLoginMutator(accessToken);
 	}
 
 	/**
-	 * Updates the ServerWebExchange to establish a {@link OAuth2AuthorizedClient} in the session.
-	 * All details are declarative and do not require the corresponding OAuth 2.0 tokens to be valid.
+	 * Updates the ServerWebExchange to establish a {@link OAuth2AuthorizedClient} in the
+	 * session. All details are declarative and do not require the corresponding OAuth 2.0
+	 * tokens to be valid.
 	 *
 	 * <p>
-	 * 	The support works by associating the authorized client to the ServerWebExchange
-	 * 	via the {@link WebSessionServerOAuth2AuthorizedClientRepository}
+	 * The support works by associating the authorized client to the ServerWebExchange via
+	 * the {@link WebSessionServerOAuth2AuthorizedClientRepository}
 	 * </p>
-	 *
 	 * @return the {@link OAuth2ClientMutator} to further configure or use
 	 * @since 5.3
 	 */
@@ -232,15 +221,16 @@ public class SecurityMockServerConfigurers {
 	}
 
 	/**
-	 * Updates the ServerWebExchange to establish a {@link OAuth2AuthorizedClient} in the session.
-	 * All details are declarative and do not require the corresponding OAuth 2.0 tokens to be valid.
+	 * Updates the ServerWebExchange to establish a {@link OAuth2AuthorizedClient} in the
+	 * session. All details are declarative and do not require the corresponding OAuth 2.0
+	 * tokens to be valid.
 	 *
 	 * <p>
-	 * 	The support works by associating the authorized client to the ServerWebExchange
-	 * 	via the {@link WebSessionServerOAuth2AuthorizedClientRepository}
+	 * The support works by associating the authorized client to the ServerWebExchange via
+	 * the {@link WebSessionServerOAuth2AuthorizedClientRepository}
 	 * </p>
-	 *
-	 * @param registrationId The registration id associated with the {@link OAuth2AuthorizedClient}
+	 * @param registrationId The registration id associated with the
+	 * {@link OAuth2AuthorizedClient}
 	 * @return the {@link OAuth2ClientMutator} to further configure or use
 	 * @since 5.3
 	 */
@@ -256,16 +246,14 @@ public class SecurityMockServerConfigurers {
 
 		@Override
 		public void afterConfigurerAdded(WebTestClient.Builder builder,
-			@Nullable WebHttpHandlerBuilder httpHandlerBuilder,
-			@Nullable ClientHttpConnector connector) {
+				@Nullable WebHttpHandlerBuilder httpHandlerBuilder, @Nullable ClientHttpConnector connector) {
 			CsrfWebFilter filter = new CsrfWebFilter();
-			filter.setRequireCsrfProtectionMatcher( e -> ServerWebExchangeMatcher.MatchResult.notMatch());
-			httpHandlerBuilder.filters( filters -> filters.add(0, filter));
+			filter.setRequireCsrfProtectionMatcher(e -> ServerWebExchangeMatcher.MatchResult.notMatch());
+			httpHandlerBuilder.filters(filters -> filters.add(0, filter));
 		}
 
 		@Override
-		public void afterConfigureAdded(
-			WebTestClient.MockServerSpec<?> serverSpec) {
+		public void afterConfigureAdded(WebTestClient.MockServerSpec<?> serverSpec) {
 
 		}
 
@@ -274,14 +262,18 @@ public class SecurityMockServerConfigurers {
 
 		}
 
-		private CsrfMutator() {}
+		private CsrfMutator() {
+		}
+
 	}
 
 	/**
-	 * Updates the WebServerExchange using {@code {@link SecurityMockServerConfigurers#mockUser(UserDetails)}}. Defaults to use a
-	 * password of "password" and granted authorities of "ROLE_USER".
+	 * Updates the WebServerExchange using {@code {@link
+	 * SecurityMockServerConfigurers#mockUser(UserDetails)}}. Defaults to use a password
+	 * of "password" and granted authorities of "ROLE_USER".
 	 */
 	public static class UserExchangeMutator implements WebTestClientConfigurer, MockServerConfigurer {
+
 		private final User.UserBuilder userBuilder;
 
 		private UserExchangeMutator(String username) {
@@ -301,9 +293,8 @@ public class SecurityMockServerConfigurers {
 		}
 
 		/**
-		 * Specifies the roles to use. Default is "USER". This is similar to authorities except each role is
-		 * automatically prefixed with "ROLE_USER".
-		 *
+		 * Specifies the roles to use. Default is "USER". This is similar to authorities
+		 * except each role is automatically prefixed with "ROLE_USER".
 		 * @param roles the roles to use.
 		 * @return the UserExchangeMutator
 		 */
@@ -314,7 +305,6 @@ public class SecurityMockServerConfigurers {
 
 		/**
 		 * Specifies the {@code GrantedAuthority}s to use. Default is "ROLE_USER".
-		 *
 		 * @param authorities the authorities to use.
 		 * @return the UserExchangeMutator
 		 */
@@ -325,7 +315,6 @@ public class SecurityMockServerConfigurers {
 
 		/**
 		 * Specifies the {@code GrantedAuthority}s to use. Default is "ROLE_USER".
-		 *
 		 * @param authorities the authorities to use.
 		 * @return the UserExchangeMutator
 		 */
@@ -375,37 +364,46 @@ public class SecurityMockServerConfigurers {
 		}
 
 		@Override
-		public void afterConfigurerAdded(WebTestClient.Builder builder, @Nullable WebHttpHandlerBuilder webHttpHandlerBuilder, @Nullable ClientHttpConnector clientHttpConnector) {
+		public void afterConfigurerAdded(WebTestClient.Builder builder,
+				@Nullable WebHttpHandlerBuilder webHttpHandlerBuilder,
+				@Nullable ClientHttpConnector clientHttpConnector) {
 			configurer().afterConfigurerAdded(builder, webHttpHandlerBuilder, clientHttpConnector);
 		}
 
 		private <T extends WebTestClientConfigurer & MockServerConfigurer> T configurer() {
 			return mockUser(this.userBuilder.build());
 		}
+
 	}
 
 	private static class MutatorWebTestClientConfigurer implements WebTestClientConfigurer, MockServerConfigurer {
+
 		private final Supplier<Mono<SecurityContext>> context;
 
 		private MutatorWebTestClientConfigurer(Supplier<Mono<SecurityContext>> context) {
 			this.context = context;
 		}
+
 		@Override
 		public void beforeServerCreated(WebHttpHandlerBuilder builder) {
 			builder.filters(addSetupMutatorFilter());
 		}
 
 		@Override
-		public void afterConfigurerAdded(WebTestClient.Builder builder, @Nullable WebHttpHandlerBuilder webHttpHandlerBuilder, @Nullable ClientHttpConnector clientHttpConnector) {
+		public void afterConfigurerAdded(WebTestClient.Builder builder,
+				@Nullable WebHttpHandlerBuilder webHttpHandlerBuilder,
+				@Nullable ClientHttpConnector clientHttpConnector) {
 			webHttpHandlerBuilder.filters(addSetupMutatorFilter());
 		}
 
 		private Consumer<List<WebFilter>> addSetupMutatorFilter() {
 			return filters -> filters.add(0, new SetupMutatorFilter(this.context));
 		}
+
 	}
 
 	private static class SetupMutatorFilter implements WebFilter {
+
 		private final Supplier<Mono<SecurityContext>> context;
 
 		private SetupMutatorFilter(Supplier<Mono<SecurityContext>> context) {
@@ -417,9 +415,11 @@ public class SecurityMockServerConfigurers {
 			exchange.getAttributes().computeIfAbsent(MutatorFilter.ATTRIBUTE_NAME, key -> this.context);
 			return webFilterChain.filter(exchange);
 		}
+
 	}
 
 	private static class MutatorFilter implements WebFilter {
+
 		public static final String ATTRIBUTE_NAME = "context";
 
 		@Override
@@ -428,47 +428,48 @@ public class SecurityMockServerConfigurers {
 			if (context != null) {
 				exchange.getAttributes().remove(ATTRIBUTE_NAME);
 				return webFilterChain.filter(exchange)
-					.subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(context.get()));
+						.subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(context.get()));
 			}
 			return webFilterChain.filter(exchange);
 		}
+
 	}
 
 	/**
-	 * Updates the WebServerExchange using
-	 * {@code {@link SecurityMockServerConfigurers#mockAuthentication(Authentication)}}.
+	 * Updates the WebServerExchange using {@code {@link
+	 * SecurityMockServerConfigurers#mockAuthentication(Authentication)}}.
 	 *
 	 * @author Jérôme Wacongne &lt;ch4mp&#64;c4-soft.com&gt;
 	 * @author Josh Cummings
 	 * @since 5.2
 	 */
 	public static class JwtMutator implements WebTestClientConfigurer, MockServerConfigurer {
+
 		private Jwt jwt;
-		private Converter<Jwt, Collection<GrantedAuthority>> authoritiesConverter =
-				new JwtGrantedAuthoritiesConverter();
+
+		private Converter<Jwt, Collection<GrantedAuthority>> authoritiesConverter = new JwtGrantedAuthoritiesConverter();
 
 		private JwtMutator() {
-			jwt((jwt) -> {});
+			jwt((jwt) -> {
+			});
 		}
 
 		/**
-		 * Use the given {@link Jwt.Builder} {@link Consumer} to configure the underlying {@link Jwt}
+		 * Use the given {@link Jwt.Builder} {@link Consumer} to configure the underlying
+		 * {@link Jwt}
 		 *
-		 * This method first creates a default {@link Jwt.Builder} instance with default values for
-		 * the {@code alg}, {@code sub}, and {@code scope} claims. The {@link Consumer} can then modify
-		 * these or provide additional configuration.
-		 *
-		 * Calling {@link SecurityMockServerConfigurers#mockJwt()} is the equivalent of calling
-		 * {@code SecurityMockMvcRequestPostProcessors.mockJwt().jwt(() -> {})}.
+		 * This method first creates a default {@link Jwt.Builder} instance with default
+		 * values for the {@code alg}, {@code sub}, and {@code scope} claims. The
+		 * {@link Consumer} can then modify these or provide additional configuration.
 		 *
+		 * Calling {@link SecurityMockServerConfigurers#mockJwt()} is the equivalent of
+		 * calling {@code SecurityMockMvcRequestPostProcessors.mockJwt().jwt(() -> {})}.
 		 * @param jwtBuilderConsumer For configuring the underlying {@link Jwt}
 		 * @return the {@link JwtMutator} for further configuration
 		 */
 		public JwtMutator jwt(Consumer<Jwt.Builder> jwtBuilderConsumer) {
-			Jwt.Builder jwtBuilder = Jwt.withTokenValue("token")
-					.header("alg", "none")
-					.claim(SUB, "user")
-					.claim("scope", "read");
+			Jwt.Builder jwtBuilder = Jwt.withTokenValue("token").header("alg", "none").claim(SUB, "user").claim("scope",
+					"read");
 			jwtBuilderConsumer.accept(jwtBuilder);
 			this.jwt = jwtBuilder.build();
 			return this;
@@ -476,7 +477,6 @@ public class SecurityMockServerConfigurers {
 
 		/**
 		 * Use the given {@link Jwt}
-		 *
 		 * @param jwt The {@link Jwt} to use
 		 * @return the {@link JwtMutator} for further configuration
 		 */
@@ -510,9 +510,8 @@ public class SecurityMockServerConfigurers {
 		/**
 		 * Provides the configured {@link Jwt} so that custom authorities can be derived
 		 * from it
-		 *
-		 * @param authoritiesConverter the conversion strategy from {@link Jwt} to a {@link Collection}
-		 * of {@link GrantedAuthority}s
+		 * @param authoritiesConverter the conversion strategy from {@link Jwt} to a
+		 * {@link Collection} of {@link GrantedAuthority}s
 		 * @return the {@link JwtMutator} for further configuration
 		 */
 		public JwtMutator authorities(Converter<Jwt, Collection<GrantedAuthority>> authoritiesConverter) {
@@ -532,10 +531,8 @@ public class SecurityMockServerConfigurers {
 		}
 
 		@Override
-		public void afterConfigurerAdded(
-				WebTestClient.Builder builder,
-				@Nullable WebHttpHandlerBuilder httpHandlerBuilder,
-				@Nullable ClientHttpConnector connector) {
+		public void afterConfigurerAdded(WebTestClient.Builder builder,
+				@Nullable WebHttpHandlerBuilder httpHandlerBuilder, @Nullable ClientHttpConnector connector) {
 			httpHandlerBuilder.filter((exchange, chain) -> {
 				CsrfWebFilter.skipExchange(exchange);
 				return chain.filter(exchange);
@@ -544,8 +541,10 @@ public class SecurityMockServerConfigurers {
 		}
 
 		private <T extends WebTestClientConfigurer & MockServerConfigurer> T configurer() {
-			return mockAuthentication(new JwtAuthenticationToken(this.jwt, this.authoritiesConverter.convert(this.jwt)));
+			return mockAuthentication(
+					new JwtAuthenticationToken(this.jwt, this.authoritiesConverter.convert(this.jwt)));
 		}
+
 	}
 
 	/**
@@ -553,17 +552,20 @@ public class SecurityMockServerConfigurers {
 	 * @since 5.3
 	 */
 	public final static class OpaqueTokenMutator implements WebTestClientConfigurer, MockServerConfigurer {
+
 		private Supplier<Map<String, Object>> attributes = this::defaultAttributes;
+
 		private Supplier<Collection<GrantedAuthority>> authorities = this::defaultAuthorities;
 
 		private Supplier<OAuth2AuthenticatedPrincipal> principal = this::defaultPrincipal;
 
-		private OpaqueTokenMutator() { }
+		private OpaqueTokenMutator() {
+		}
 
 		/**
 		 * Mutate the attributes using the given {@link Consumer}
-		 *
-		 * @param attributesConsumer The {@link Consumer} for mutating the {@Map} of attributes
+		 * @param attributesConsumer The {@link Consumer} for mutating the {@Map} of
+		 * attributes
 		 * @return the {@link OpaqueTokenMutator} for further configuration
 		 */
 		public OpaqueTokenMutator attributes(Consumer<Map<String, Object>> attributesConsumer) {
@@ -623,10 +625,8 @@ public class SecurityMockServerConfigurers {
 		}
 
 		@Override
-		public void afterConfigurerAdded(
-				WebTestClient.Builder builder,
-				@Nullable WebHttpHandlerBuilder httpHandlerBuilder,
-				@Nullable ClientHttpConnector connector) {
+		public void afterConfigurerAdded(WebTestClient.Builder builder,
+				@Nullable WebHttpHandlerBuilder httpHandlerBuilder, @Nullable ClientHttpConnector connector) {
 			httpHandlerBuilder.filter((exchange, chain) -> {
 				CsrfWebFilter.skipExchange(exchange);
 				return chain.filter(exchange);
@@ -637,8 +637,8 @@ public class SecurityMockServerConfigurers {
 		private <T extends WebTestClientConfigurer & MockServerConfigurer> T configurer() {
 			OAuth2AuthenticatedPrincipal principal = this.principal.get();
 			OAuth2AccessToken accessToken = getOAuth2AccessToken(principal);
-			BearerTokenAuthentication token = new BearerTokenAuthentication
-					(principal, accessToken, principal.getAuthorities());
+			BearerTokenAuthentication token = new BearerTokenAuthentication(principal, accessToken,
+					principal.getAuthorities());
 			return mockAuthentication(token);
 		}
 
@@ -666,21 +666,18 @@ public class SecurityMockServerConfigurers {
 		}
 
 		private OAuth2AuthenticatedPrincipal defaultPrincipal() {
-			return new OAuth2IntrospectionAuthenticatedPrincipal
-					(this.attributes.get(), this.authorities.get());
+			return new OAuth2IntrospectionAuthenticatedPrincipal(this.attributes.get(), this.authorities.get());
 		}
 
 		private Collection<GrantedAuthority> getAuthorities(Collection<?> scopes) {
-			return scopes.stream()
-					.map(scope -> new SimpleGrantedAuthority("SCOPE_" + scope))
+			return scopes.stream().map(scope -> new SimpleGrantedAuthority("SCOPE_" + scope))
 					.collect(Collectors.toList());
 		}
 
 		private OAuth2AccessToken getOAuth2AccessToken(OAuth2AuthenticatedPrincipal principal) {
 			Instant expiresAt = getInstant(principal.getAttributes(), "exp");
 			Instant issuedAt = getInstant(principal.getAttributes(), "iat");
-			return new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,
-					"token", issuedAt, expiresAt);
+			return new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, "token", issuedAt, expiresAt);
 		}
 
 		private Instant getInstant(Map<String, Object> attributes, String name) {
@@ -693,6 +690,7 @@ public class SecurityMockServerConfigurers {
 			}
 			throw new IllegalArgumentException(name + " attribute must be of type Instant");
 		}
+
 	}
 
 	/**
@@ -700,17 +698,20 @@ public class SecurityMockServerConfigurers {
 	 * @since 5.3
 	 */
 	public final static class OAuth2LoginMutator implements WebTestClientConfigurer, MockServerConfigurer {
+
 		private final String nameAttributeKey = "sub";
 
 		private ClientRegistration clientRegistration;
+
 		private OAuth2AccessToken accessToken;
 
 		private Supplier<Collection<GrantedAuthority>> authorities = this::defaultAuthorities;
+
 		private Supplier<Map<String, Object>> attributes = this::defaultAttributes;
+
 		private Supplier<OAuth2User> oauth2User = this::defaultPrincipal;
 
-		private final ServerOAuth2AuthorizedClientRepository authorizedClientRepository =
-				new WebSessionServerOAuth2AuthorizedClientRepository();
+		private final ServerOAuth2AuthorizedClientRepository authorizedClientRepository = new WebSessionServerOAuth2AuthorizedClientRepository();
 
 		private OAuth2LoginMutator(OAuth2AccessToken accessToken) {
 			this.accessToken = accessToken;
@@ -719,7 +720,6 @@ public class SecurityMockServerConfigurers {
 
 		/**
 		 * Use the provided authorities in the {@link Authentication}
-		 *
 		 * @param authorities the authorities to use
 		 * @return the {@link OAuth2LoginMutator} for further configuration
 		 */
@@ -732,7 +732,6 @@ public class SecurityMockServerConfigurers {
 
 		/**
 		 * Use the provided authorities in the {@link Authentication}
-		 *
 		 * @param authorities the authorities to use
 		 * @return the {@link OAuth2LoginMutator} for further configuration
 		 */
@@ -745,8 +744,8 @@ public class SecurityMockServerConfigurers {
 
 		/**
 		 * Mutate the attributes using the given {@link Consumer}
-		 *
-		 * @param attributesConsumer The {@link Consumer} for mutating the {@Map} of attributes
+		 * @param attributesConsumer The {@link Consumer} for mutating the {@Map} of
+		 * attributes
 		 * @return the {@link OAuth2LoginMutator} for further configuration
 		 */
 		public OAuth2LoginMutator attributes(Consumer<Map<String, Object>> attributesConsumer) {
@@ -762,7 +761,6 @@ public class SecurityMockServerConfigurers {
 
 		/**
 		 * Use the provided {@link OAuth2User} as the authenticated user.
-		 *
 		 * @param oauth2User the {@link OAuth2User} to use
 		 * @return the {@link OAuth2LoginMutator} for further configuration
 		 */
@@ -777,9 +775,9 @@ public class SecurityMockServerConfigurers {
 		 * The supplied {@link ClientRegistration} will be registered into an
 		 * {@link WebSessionServerOAuth2AuthorizedClientRepository}. Tests relying on
 		 * {@link org.springframework.security.oauth2.client.annotation.RegisteredOAuth2AuthorizedClient}
-		 * annotations should register an {@link WebSessionServerOAuth2AuthorizedClientRepository} bean
-		 * to the application context.
-		 *
+		 * annotations should register an
+		 * {@link WebSessionServerOAuth2AuthorizedClientRepository} bean to the
+		 * application context.
 		 * @param clientRegistration the {@link ClientRegistration} to use
 		 * @return the {@link OAuth2LoginMutator} for further configuration
 		 */
@@ -791,34 +789,24 @@ public class SecurityMockServerConfigurers {
 		@Override
 		public void beforeServerCreated(WebHttpHandlerBuilder builder) {
 			OAuth2AuthenticationToken token = getToken();
-			mockOAuth2Client()
-					.accessToken(this.accessToken)
-					.clientRegistration(this.clientRegistration)
-					.principalName(token.getPrincipal().getName())
-					.beforeServerCreated(builder);
+			mockOAuth2Client().accessToken(this.accessToken).clientRegistration(this.clientRegistration)
+					.principalName(token.getPrincipal().getName()).beforeServerCreated(builder);
 			mockAuthentication(token).beforeServerCreated(builder);
 		}
 
 		@Override
 		public void afterConfigureAdded(WebTestClient.MockServerSpec<?> serverSpec) {
 			OAuth2AuthenticationToken token = getToken();
-			mockOAuth2Client()
-					.accessToken(this.accessToken)
-					.clientRegistration(this.clientRegistration)
-					.principalName(token.getPrincipal().getName())
-					.afterConfigureAdded(serverSpec);
+			mockOAuth2Client().accessToken(this.accessToken).clientRegistration(this.clientRegistration)
+					.principalName(token.getPrincipal().getName()).afterConfigureAdded(serverSpec);
 			mockAuthentication(token).afterConfigureAdded(serverSpec);
 		}
 
 		@Override
-		public void afterConfigurerAdded(
-				WebTestClient.Builder builder,
-				@Nullable WebHttpHandlerBuilder httpHandlerBuilder,
-				@Nullable ClientHttpConnector connector) {
+		public void afterConfigurerAdded(WebTestClient.Builder builder,
+				@Nullable WebHttpHandlerBuilder httpHandlerBuilder, @Nullable ClientHttpConnector connector) {
 			OAuth2AuthenticationToken token = getToken();
-			mockOAuth2Client()
-					.accessToken(this.accessToken)
-					.clientRegistration(this.clientRegistration)
+			mockOAuth2Client().accessToken(this.accessToken).clientRegistration(this.clientRegistration)
 					.principalName(token.getPrincipal().getName())
 					.afterConfigurerAdded(builder, httpHandlerBuilder, connector);
 			mockAuthentication(token).afterConfigurerAdded(builder, httpHandlerBuilder, connector);
@@ -826,14 +814,13 @@ public class SecurityMockServerConfigurers {
 
 		private OAuth2AuthenticationToken getToken() {
 			OAuth2User oauth2User = this.oauth2User.get();
-			return new OAuth2AuthenticationToken(oauth2User, oauth2User.getAuthorities(), this.clientRegistration.getRegistrationId());
+			return new OAuth2AuthenticationToken(oauth2User, oauth2User.getAuthorities(),
+					this.clientRegistration.getRegistrationId());
 		}
 
 		private ClientRegistration.Builder clientRegistrationBuilder() {
-			return ClientRegistration.withRegistrationId("test")
-					.authorizationGrantType(AuthorizationGrantType.PASSWORD)
-					.clientId("test-client")
-					.tokenUri("https://token-uri.example.org");
+			return ClientRegistration.withRegistrationId("test").authorizationGrantType(AuthorizationGrantType.PASSWORD)
+					.clientId("test-client").tokenUri("https://token-uri.example.org");
 		}
 
 		private Collection<GrantedAuthority> defaultAuthorities() {
@@ -854,6 +841,7 @@ public class SecurityMockServerConfigurers {
 		private OAuth2User defaultPrincipal() {
 			return new DefaultOAuth2User(this.authorities.get(), this.attributes.get(), this.nameAttributeKey);
 		}
+
 	}
 
 	/**
@@ -861,15 +849,20 @@ public class SecurityMockServerConfigurers {
 	 * @since 5.3
 	 */
 	public final static class OidcLoginMutator implements WebTestClientConfigurer, MockServerConfigurer {
+
 		private ClientRegistration clientRegistration;
+
 		private OAuth2AccessToken accessToken;
+
 		private OidcIdToken idToken;
+
 		private OidcUserInfo userInfo;
+
 		private Supplier<OidcUser> oidcUser = this::defaultPrincipal;
+
 		private Collection<GrantedAuthority> authorities;
 
-		ServerOAuth2AuthorizedClientRepository authorizedClientRepository =
-				new WebSessionServerOAuth2AuthorizedClientRepository();
+		ServerOAuth2AuthorizedClientRepository authorizedClientRepository = new WebSessionServerOAuth2AuthorizedClientRepository();
 
 		private OidcLoginMutator(OAuth2AccessToken accessToken) {
 			this.accessToken = accessToken;
@@ -878,7 +871,6 @@ public class SecurityMockServerConfigurers {
 
 		/**
 		 * Use the provided authorities in the {@link Authentication}
-		 *
 		 * @param authorities the authorities to use
 		 * @return the {@link OidcLoginMutator} for further configuration
 		 */
@@ -891,7 +883,6 @@ public class SecurityMockServerConfigurers {
 
 		/**
 		 * Use the provided authorities in the {@link Authentication}
-		 *
 		 * @param authorities the authorities to use
 		 * @return the {@link OidcLoginMutator} for further configuration
 		 */
@@ -904,8 +895,8 @@ public class SecurityMockServerConfigurers {
 
 		/**
 		 * Use the provided {@link OidcIdToken} when constructing the authenticated user
-		 *
-		 * @param idTokenBuilderConsumer a {@link Consumer} of a {@link OidcIdToken.Builder}
+		 * @param idTokenBuilderConsumer a {@link Consumer} of a
+		 * {@link OidcIdToken.Builder}
 		 * @return the {@link OidcLoginMutator} for further configuration
 		 */
 		public OidcLoginMutator idToken(Consumer<OidcIdToken.Builder> idTokenBuilderConsumer) {
@@ -919,8 +910,8 @@ public class SecurityMockServerConfigurers {
 
 		/**
 		 * Use the provided {@link OidcUserInfo} when constructing the authenticated user
-		 *
-		 * @param userInfoBuilderConsumer a {@link Consumer} of a {@link OidcUserInfo.Builder}
+		 * @param userInfoBuilderConsumer a {@link Consumer} of a
+		 * {@link OidcUserInfo.Builder}
 		 * @return the {@link OidcLoginMutator} for further configuration
 		 */
 		public OidcLoginMutator userInfoToken(Consumer<OidcUserInfo.Builder> userInfoBuilderConsumer) {
@@ -934,9 +925,8 @@ public class SecurityMockServerConfigurers {
 		/**
 		 * Use the provided {@link OidcUser} as the authenticated user.
 		 * <p>
-		 * Supplying an {@link OidcUser} will take precedence over {@link #idToken}, {@link #userInfo},
-		 * and list of {@link GrantedAuthority}s to use.
-		 *
+		 * Supplying an {@link OidcUser} will take precedence over {@link #idToken},
+		 * {@link #userInfo}, and list of {@link GrantedAuthority}s to use.
 		 * @param oidcUser the {@link OidcUser} to use
 		 * @return the {@link OidcLoginMutator} for further configuration
 		 */
@@ -951,9 +941,9 @@ public class SecurityMockServerConfigurers {
 		 * The supplied {@link ClientRegistration} will be registered into an
 		 * {@link WebSessionServerOAuth2AuthorizedClientRepository}. Tests relying on
 		 * {@link org.springframework.security.oauth2.client.annotation.RegisteredOAuth2AuthorizedClient}
-		 * annotations should register an {@link WebSessionServerOAuth2AuthorizedClientRepository} bean
-		 * to the application context.
-		 *
+		 * annotations should register an
+		 * {@link WebSessionServerOAuth2AuthorizedClientRepository} bean to the
+		 * application context.
 		 * @param clientRegistration the {@link ClientRegistration} to use
 		 * @return the {@link OidcLoginMutator} for further configuration
 		 */
@@ -965,49 +955,38 @@ public class SecurityMockServerConfigurers {
 		@Override
 		public void beforeServerCreated(WebHttpHandlerBuilder builder) {
 			OAuth2AuthenticationToken token = getToken();
-			mockOAuth2Client()
-					.accessToken(this.accessToken)
-					.principalName(token.getPrincipal().getName())
-					.clientRegistration(this.clientRegistration)
-					.beforeServerCreated(builder);
+			mockOAuth2Client().accessToken(this.accessToken).principalName(token.getPrincipal().getName())
+					.clientRegistration(this.clientRegistration).beforeServerCreated(builder);
 			mockAuthentication(token).beforeServerCreated(builder);
 		}
 
 		@Override
 		public void afterConfigureAdded(WebTestClient.MockServerSpec<?> serverSpec) {
 			OAuth2AuthenticationToken token = getToken();
-			mockOAuth2Client()
-					.accessToken(this.accessToken)
-					.principalName(token.getPrincipal().getName())
-					.clientRegistration(this.clientRegistration)
-					.afterConfigureAdded(serverSpec);
+			mockOAuth2Client().accessToken(this.accessToken).principalName(token.getPrincipal().getName())
+					.clientRegistration(this.clientRegistration).afterConfigureAdded(serverSpec);
 			mockAuthentication(token).afterConfigureAdded(serverSpec);
 		}
 
 		@Override
-		public void afterConfigurerAdded(
-				WebTestClient.Builder builder,
-				@Nullable WebHttpHandlerBuilder httpHandlerBuilder,
-				@Nullable ClientHttpConnector connector) {
+		public void afterConfigurerAdded(WebTestClient.Builder builder,
+				@Nullable WebHttpHandlerBuilder httpHandlerBuilder, @Nullable ClientHttpConnector connector) {
 			OAuth2AuthenticationToken token = getToken();
-			mockOAuth2Client()
-					.accessToken(this.accessToken)
-					.principalName(token.getPrincipal().getName())
+			mockOAuth2Client().accessToken(this.accessToken).principalName(token.getPrincipal().getName())
 					.clientRegistration(this.clientRegistration)
 					.afterConfigurerAdded(builder, httpHandlerBuilder, connector);
 			mockAuthentication(token).afterConfigurerAdded(builder, httpHandlerBuilder, connector);
 		}
 
 		private ClientRegistration.Builder clientRegistrationBuilder() {
-			return ClientRegistration.withRegistrationId("test")
-					.authorizationGrantType(AuthorizationGrantType.PASSWORD)
-					.clientId("test-client")
-					.tokenUri("https://token-uri.example.org");
+			return ClientRegistration.withRegistrationId("test").authorizationGrantType(AuthorizationGrantType.PASSWORD)
+					.clientId("test-client").tokenUri("https://token-uri.example.org");
 		}
 
 		private OAuth2AuthenticationToken getToken() {
 			OidcUser oidcUser = this.oidcUser.get();
-			return new OAuth2AuthenticationToken(oidcUser, oidcUser.getAuthorities(), this.clientRegistration.getRegistrationId());
+			return new OAuth2AuthenticationToken(oidcUser, oidcUser.getAuthorities(),
+					this.clientRegistration.getRegistrationId());
 		}
 
 		private Collection<GrantedAuthority> getAuthorities() {
@@ -1018,7 +997,8 @@ public class SecurityMockServerConfigurers {
 					authorities.add(new SimpleGrantedAuthority("SCOPE_" + authority));
 				}
 				return authorities;
-			} else {
+			}
+			else {
 				return this.authorities;
 			}
 		}
@@ -1026,7 +1006,8 @@ public class SecurityMockServerConfigurers {
 		private OidcIdToken getOidcIdToken() {
 			if (this.idToken == null) {
 				return new OidcIdToken("id-token", null, null, Collections.singletonMap(IdTokenClaimNames.SUB, "user"));
-			} else {
+			}
+			else {
 				return this.idToken;
 			}
 		}
@@ -1038,6 +1019,7 @@ public class SecurityMockServerConfigurers {
 		private OidcUser defaultPrincipal() {
 			return new DefaultOidcUser(getAuthorities(), getOidcIdToken(), this.userInfo);
 		}
+
 	}
 
 	/**
@@ -1045,28 +1027,33 @@ public class SecurityMockServerConfigurers {
 	 * @since 5.3
 	 */
 	public final static class OAuth2ClientMutator implements WebTestClientConfigurer, MockServerConfigurer {
+
 		private String registrationId = "test";
+
 		private ClientRegistration clientRegistration;
+
 		private String principalName = "user";
+
 		private OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,
 				"access-token", null, null, Collections.singleton("read"));
 
-		private ServerOAuth2AuthorizedClientRepository authorizedClientRepository =
-				new WebSessionServerOAuth2AuthorizedClientRepository();
+		private ServerOAuth2AuthorizedClientRepository authorizedClientRepository = new WebSessionServerOAuth2AuthorizedClientRepository();
 
 		private OAuth2ClientMutator() {
 		}
 
 		private OAuth2ClientMutator(String registrationId) {
 			this.registrationId = registrationId;
-			clientRegistration(c -> {});
+			clientRegistration(c -> {
+			});
 		}
 
 		/**
 		 * Use this {@link ClientRegistration}
-		 *
 		 * @param clientRegistration
-		 * @return the {@link SecurityMockMvcRequestPostProcessors.OAuth2ClientRequestPostProcessor} for further configuration
+		 * @return the
+		 * {@link SecurityMockMvcRequestPostProcessors.OAuth2ClientRequestPostProcessor}
+		 * for further configuration
 		 */
 		public OAuth2ClientMutator clientRegistration(ClientRegistration clientRegistration) {
 			this.clientRegistration = clientRegistration;
@@ -1075,12 +1062,13 @@ public class SecurityMockServerConfigurers {
 
 		/**
 		 * Use this {@link Consumer} to configure a {@link ClientRegistration}
-		 *
 		 * @param clientRegistrationConfigurer the {@link ClientRegistration} configurer
-		 * @return the {@link SecurityMockMvcRequestPostProcessors.OAuth2ClientRequestPostProcessor} for further configuration
+		 * @return the
+		 * {@link SecurityMockMvcRequestPostProcessors.OAuth2ClientRequestPostProcessor}
+		 * for further configuration
 		 */
-		public OAuth2ClientMutator clientRegistration
-				(Consumer<ClientRegistration.Builder> clientRegistrationConfigurer) {
+		public OAuth2ClientMutator clientRegistration(
+				Consumer<ClientRegistration.Builder> clientRegistrationConfigurer) {
 
 			ClientRegistration.Builder builder = clientRegistrationBuilder();
 			clientRegistrationConfigurer.accept(builder);
@@ -1090,7 +1078,6 @@ public class SecurityMockServerConfigurers {
 
 		/**
 		 * Use this as the resource owner's principal name
-		 *
 		 * @param principalName the resource owner's principal name
 		 * @return the {@link OAuth2ClientMutator} for further configuration
 		 */
@@ -1102,16 +1089,16 @@ public class SecurityMockServerConfigurers {
 
 		/**
 		 * Use this {@link OAuth2AccessToken}
-		 *
 		 * @param accessToken the {@link OAuth2AccessToken} to use
-		 * @return the {@link SecurityMockMvcRequestPostProcessors.OAuth2ClientRequestPostProcessor} for further configuration
+		 * @return the
+		 * {@link SecurityMockMvcRequestPostProcessors.OAuth2ClientRequestPostProcessor}
+		 * for further configuration
 		 */
 		public OAuth2ClientMutator accessToken(OAuth2AccessToken accessToken) {
 			this.accessToken = accessToken;
 			return this;
 		}
 
-
 		@Override
 		public void beforeServerCreated(WebHttpHandlerBuilder builder) {
 			builder.filters(addAuthorizedClientFilter());
@@ -1123,10 +1110,8 @@ public class SecurityMockServerConfigurers {
 		}
 
 		@Override
-		public void afterConfigurerAdded(
-				WebTestClient.Builder builder,
-				@Nullable WebHttpHandlerBuilder httpHandlerBuilder,
-				@Nullable ClientHttpConnector connector) {
+		public void afterConfigurerAdded(WebTestClient.Builder builder,
+				@Nullable WebHttpHandlerBuilder httpHandlerBuilder, @Nullable ClientHttpConnector connector) {
 			httpHandlerBuilder.filters(addAuthorizedClientFilter());
 		}
 
@@ -1136,8 +1121,8 @@ public class SecurityMockServerConfigurers {
 				ReactiveOAuth2AuthorizedClientManager authorizationClientManager = OAuth2ClientServerTestUtils
 						.getOAuth2AuthorizedClientManager(exchange);
 				if (!(authorizationClientManager instanceof TestReactiveOAuth2AuthorizedClientManager)) {
-					authorizationClientManager =
-							new TestReactiveOAuth2AuthorizedClientManager(authorizationClientManager);
+					authorizationClientManager = new TestReactiveOAuth2AuthorizedClientManager(
+							authorizationClientManager);
 					OAuth2ClientServerTestUtils.setOAuth2AuthorizedClientManager(exchange, authorizationClientManager);
 				}
 				TestReactiveOAuth2AuthorizedClientManager.enable(exchange);
@@ -1148,32 +1133,30 @@ public class SecurityMockServerConfigurers {
 
 		private OAuth2AuthorizedClient getClient() {
 			if (this.clientRegistration == null) {
-				throw new IllegalArgumentException("Please specify a ClientRegistration via one " +
-						"of the clientRegistration methods");
+				throw new IllegalArgumentException(
+						"Please specify a ClientRegistration via one " + "of the clientRegistration methods");
 			}
 			return new OAuth2AuthorizedClient(this.clientRegistration, this.principalName, this.accessToken);
 		}
 
 		private ClientRegistration.Builder clientRegistrationBuilder() {
 			return ClientRegistration.withRegistrationId(this.registrationId)
-					.authorizationGrantType(AuthorizationGrantType.PASSWORD)
-					.clientId("test-client")
-					.clientSecret("test-secret")
-					.tokenUri("https://idp.example.org/oauth/token");
+					.authorizationGrantType(AuthorizationGrantType.PASSWORD).clientId("test-client")
+					.clientSecret("test-secret").tokenUri("https://idp.example.org/oauth/token");
 		}
 
 		/**
-		 * Used to wrap the {@link OAuth2AuthorizedClientManager} to provide support for testing when the
-		 * request is wrapped
+		 * Used to wrap the {@link OAuth2AuthorizedClientManager} to provide support for
+		 * testing when the request is wrapped
 		 */
 		private static class TestReactiveOAuth2AuthorizedClientManager
 				implements ReactiveOAuth2AuthorizedClientManager {
 
-			final static String TOKEN_ATTR_NAME = TestReactiveOAuth2AuthorizedClientManager.class
-					.getName().concat(".TOKEN");
+			final static String TOKEN_ATTR_NAME = TestReactiveOAuth2AuthorizedClientManager.class.getName()
+					.concat(".TOKEN");
 
-			final static String ENABLED_ATTR_NAME = TestReactiveOAuth2AuthorizedClientManager.class
-					.getName().concat(".ENABLED");
+			final static String ENABLED_ATTR_NAME = TestReactiveOAuth2AuthorizedClientManager.class.getName()
+					.concat(".ENABLED");
 
 			private final ReactiveOAuth2AuthorizedClientManager delegate;
 
@@ -1183,12 +1166,12 @@ public class SecurityMockServerConfigurers {
 
 			@Override
 			public Mono<OAuth2AuthorizedClient> authorize(OAuth2AuthorizeRequest authorizeRequest) {
-				ServerWebExchange exchange =
-						authorizeRequest.getAttribute(ServerWebExchange.class.getName());
+				ServerWebExchange exchange = authorizeRequest.getAttribute(ServerWebExchange.class.getName());
 				if (isEnabled(exchange)) {
 					OAuth2AuthorizedClient client = exchange.getAttribute(TOKEN_ATTR_NAME);
 					return Mono.just(client);
-				} else {
+				}
+				else {
 					return this.delegate.authorize(authorizeRequest);
 				}
 			}
@@ -1200,43 +1183,45 @@ public class SecurityMockServerConfigurers {
 			public boolean isEnabled(ServerWebExchange exchange) {
 				return TRUE.equals(exchange.getAttribute(ENABLED_ATTR_NAME));
 			}
+
 		}
 
 		private static class OAuth2ClientServerTestUtils {
-			private static final ServerOAuth2AuthorizedClientRepository DEFAULT_CLIENT_REPO =
-					new WebSessionServerOAuth2AuthorizedClientRepository();
+
+			private static final ServerOAuth2AuthorizedClientRepository DEFAULT_CLIENT_REPO = new WebSessionServerOAuth2AuthorizedClientRepository();
 
 			/**
-			 * Gets the {@link ReactiveOAuth2AuthorizedClientManager} for the specified {@link ServerWebExchange}.
-			 * If one is not found, one based off of {@link WebSessionServerOAuth2AuthorizedClientRepository} is used.
-			 *
+			 * Gets the {@link ReactiveOAuth2AuthorizedClientManager} for the specified
+			 * {@link ServerWebExchange}. If one is not found, one based off of
+			 * {@link WebSessionServerOAuth2AuthorizedClientRepository} is used.
 			 * @param exchange the {@link ServerWebExchange} to obtain the
 			 * {@link ReactiveOAuth2AuthorizedClientManager}
 			 * @return the {@link ReactiveOAuth2AuthorizedClientManager} for the specified
 			 * {@link ServerWebExchange}
 			 */
-			public static ReactiveOAuth2AuthorizedClientManager getOAuth2AuthorizedClientManager(ServerWebExchange exchange) {
-				OAuth2AuthorizedClientArgumentResolver resolver =
-						findResolver(exchange, OAuth2AuthorizedClientArgumentResolver.class);
+			public static ReactiveOAuth2AuthorizedClientManager getOAuth2AuthorizedClientManager(
+					ServerWebExchange exchange) {
+				OAuth2AuthorizedClientArgumentResolver resolver = findResolver(exchange,
+						OAuth2AuthorizedClientArgumentResolver.class);
 				if (resolver == null) {
-					return authorizeRequest -> DEFAULT_CLIENT_REPO.loadAuthorizedClient
-							(authorizeRequest.getClientRegistrationId(), authorizeRequest.getPrincipal(), exchange);
+					return authorizeRequest -> DEFAULT_CLIENT_REPO.loadAuthorizedClient(
+							authorizeRequest.getClientRegistrationId(), authorizeRequest.getPrincipal(), exchange);
 				}
-				return (ReactiveOAuth2AuthorizedClientManager)
-						ReflectionTestUtils.getField(resolver, "authorizedClientManager");
+				return (ReactiveOAuth2AuthorizedClientManager) ReflectionTestUtils.getField(resolver,
+						"authorizedClientManager");
 			}
 
 			/**
-			 * Sets the {@link ReactiveOAuth2AuthorizedClientManager} for the specified {@link ServerWebExchange}.
-			 *
+			 * Sets the {@link ReactiveOAuth2AuthorizedClientManager} for the specified
+			 * {@link ServerWebExchange}.
 			 * @param exchange the {@link ServerWebExchange} to obtain the
 			 * {@link ReactiveOAuth2AuthorizedClientManager}
 			 * @param manager the {@link ReactiveOAuth2AuthorizedClientManager} to set
 			 */
 			public static void setOAuth2AuthorizedClientManager(ServerWebExchange exchange,
 					ReactiveOAuth2AuthorizedClientManager manager) {
-				OAuth2AuthorizedClientArgumentResolver resolver =
-						findResolver(exchange, OAuth2AuthorizedClientArgumentResolver.class);
+				OAuth2AuthorizedClientArgumentResolver resolver = findResolver(exchange,
+						OAuth2AuthorizedClientArgumentResolver.class);
 				if (resolver == null) {
 					return;
 				}
@@ -1246,14 +1231,16 @@ public class SecurityMockServerConfigurers {
 			@SuppressWarnings("unchecked")
 			static <T extends HandlerMethodArgumentResolver> T findResolver(ServerWebExchange exchange,
 					Class<T> resolverClass) {
-				if (!ClassUtils.isPresent
-						("org.springframework.web.reactive.result.method.annotation.RequestMappingHandlerAdapter", null)) {
+				if (!ClassUtils.isPresent(
+						"org.springframework.web.reactive.result.method.annotation.RequestMappingHandlerAdapter",
+						null)) {
 					return null;
 				}
 				return WebFluxClasspathGuard.findResolver(exchange, resolverClass);
 			}
 
 			private static class WebFluxClasspathGuard {
+
 				static <T extends HandlerMethodArgumentResolver> T findResolver(ServerWebExchange exchange,
 						Class<T> resolverClass) {
 					RequestMappingHandlerAdapter handlerAdapter = getRequestMappingHandlerAdapter(exchange);
@@ -1264,8 +1251,8 @@ public class SecurityMockServerConfigurers {
 					if (configurer == null) {
 						return null;
 					}
-					List<HandlerMethodArgumentResolver> resolvers = (List<HandlerMethodArgumentResolver>)
-							ReflectionTestUtils.invokeGetterMethod(configurer, "customResolvers");
+					List<HandlerMethodArgumentResolver> resolvers = (List<HandlerMethodArgumentResolver>) ReflectionTestUtils
+							.invokeGetterMethod(configurer, "customResolvers");
 					if (resolvers == null) {
 						return null;
 					}
@@ -1277,7 +1264,8 @@ public class SecurityMockServerConfigurers {
 					return null;
 				}
 
-				private static RequestMappingHandlerAdapter getRequestMappingHandlerAdapter(ServerWebExchange exchange) {
+				private static RequestMappingHandlerAdapter getRequestMappingHandlerAdapter(
+						ServerWebExchange exchange) {
 					ApplicationContext context = exchange.getApplicationContext();
 					if (context != null) {
 						String[] names = context.getBeanNamesForType(RequestMappingHandlerAdapter.class);
@@ -1287,10 +1275,14 @@ public class SecurityMockServerConfigurers {
 					}
 					return null;
 				}
+
 			}
 
 			private OAuth2ClientServerTestUtils() {
 			}
+
 		}
+
 	}
+
 }
diff --git a/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestBuilders.java b/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestBuilders.java
index fb5a69d24d..47a7c7e304 100644
--- a/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestBuilders.java
+++ b/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestBuilders.java
@@ -42,7 +42,6 @@ public final class SecurityMockMvcRequestBuilders {
 	/**
 	 * Creates a request (including any necessary {@link CsrfToken}) that will submit a
 	 * form based login to POST "/login".
-	 *
 	 * @return the FormLoginRequestBuilder for further customizations
 	 */
 	public static FormLoginRequestBuilder formLogin() {
@@ -52,9 +51,7 @@ public final class SecurityMockMvcRequestBuilders {
 	/**
 	 * Creates a request (including any necessary {@link CsrfToken}) that will submit a
 	 * form based login to POST {@code loginProcessingUrl}.
-	 *
 	 * @param loginProcessingUrl the URL to POST to
-	 *
 	 * @return the FormLoginRequestBuilder for further customizations
 	 */
 	public static FormLoginRequestBuilder formLogin(String loginProcessingUrl) {
@@ -63,7 +60,6 @@ public final class SecurityMockMvcRequestBuilders {
 
 	/**
 	 * Creates a logout request.
-	 *
 	 * @return the LogoutRequestBuilder for additional customizations
 	 */
 	public static LogoutRequestBuilder logout() {
@@ -73,9 +69,7 @@ public final class SecurityMockMvcRequestBuilders {
 	/**
 	 * Creates a logout request (including any necessary {@link CsrfToken}) to the
 	 * specified {@code logoutUrl}
-	 *
 	 * @param logoutUrl the logout request URL
-	 *
 	 * @return the LogoutRequestBuilder for additional customizations
 	 */
 	public static LogoutRequestBuilder logout(String logoutUrl) {
@@ -89,14 +83,17 @@ public final class SecurityMockMvcRequestBuilders {
 	 * @since 4.0
 	 */
 	public static final class LogoutRequestBuilder implements RequestBuilder, Mergeable {
+
 		private String logoutUrl = "/logout";
+
 		private RequestPostProcessor postProcessor = csrf();
+
 		private Mergeable parent;
 
 		@Override
 		public MockHttpServletRequest buildRequest(ServletContext servletContext) {
-			MockHttpServletRequestBuilder logoutRequest = post(this.logoutUrl)
-					.accept(MediaType.TEXT_HTML, MediaType.ALL);
+			MockHttpServletRequestBuilder logoutRequest = post(this.logoutUrl).accept(MediaType.TEXT_HTML,
+					MediaType.ALL);
 
 			if (this.parent != null) {
 				logoutRequest = (MockHttpServletRequestBuilder) logoutRequest.merge(this.parent);
@@ -110,7 +107,6 @@ public final class SecurityMockMvcRequestBuilders {
 
 		/**
 		 * Specifies the logout URL to POST to. Defaults to "/logout".
-		 *
 		 * @param logoutUrl the logout URL to POST to. Defaults to "/logout".
 		 * @return the {@link LogoutRequestBuilder} for additional customizations
 		 */
@@ -121,14 +117,12 @@ public final class SecurityMockMvcRequestBuilders {
 
 		/**
 		 * Specifies the logout URL to POST to.
-		 *
 		 * @param logoutUrl the logout URL to POST to.
 		 * @param uriVars the URI variables
 		 * @return the {@link LogoutRequestBuilder} for additional customizations
 		 */
 		public LogoutRequestBuilder logoutUrl(String logoutUrl, Object... uriVars) {
-			this.logoutUrl = UriComponentsBuilder.fromPath(logoutUrl)
-					.buildAndExpand(uriVars).encode().toString();
+			this.logoutUrl = UriComponentsBuilder.fromPath(logoutUrl).buildAndExpand(uriVars).encode().toString();
 			return this;
 		}
 
@@ -145,13 +139,15 @@ public final class SecurityMockMvcRequestBuilders {
 			if (parent instanceof Mergeable) {
 				this.parent = (Mergeable) parent;
 				return this;
-			} else {
+			}
+			else {
 				throw new IllegalArgumentException("Cannot merge with [" + parent.getClass().getName() + "]");
 			}
 		}
 
 		private LogoutRequestBuilder() {
 		}
+
 	}
 
 	/**
@@ -161,22 +157,27 @@ public final class SecurityMockMvcRequestBuilders {
 	 * @since 4.0
 	 */
 	public static final class FormLoginRequestBuilder implements RequestBuilder, Mergeable {
+
 		private String usernameParam = "username";
+
 		private String passwordParam = "password";
+
 		private String username = "user";
+
 		private String password = "password";
+
 		private String loginProcessingUrl = "/login";
+
 		private MediaType acceptMediaType = MediaType.APPLICATION_FORM_URLENCODED;
+
 		private Mergeable parent;
 
 		private RequestPostProcessor postProcessor = csrf();
 
 		@Override
 		public MockHttpServletRequest buildRequest(ServletContext servletContext) {
-			MockHttpServletRequestBuilder loginRequest = post(this.loginProcessingUrl)
-					.accept(this.acceptMediaType)
-					.param(this.usernameParam, this.username)
-					.param(this.passwordParam, this.password);
+			MockHttpServletRequestBuilder loginRequest = post(this.loginProcessingUrl).accept(this.acceptMediaType)
+					.param(this.usernameParam, this.username).param(this.passwordParam, this.password);
 
 			if (this.parent != null) {
 				loginRequest = (MockHttpServletRequestBuilder) loginRequest.merge(this.parent);
@@ -190,7 +191,6 @@ public final class SecurityMockMvcRequestBuilders {
 
 		/**
 		 * Specifies the URL to POST to. Default is "/login"
-		 *
 		 * @param loginProcessingUrl the URL to POST to. Default is "/login"
 		 * @return the {@link FormLoginRequestBuilder} for additional customizations
 		 */
@@ -201,14 +201,13 @@ public final class SecurityMockMvcRequestBuilders {
 
 		/**
 		 * Specifies the URL to POST to.
-		 *
 		 * @param loginProcessingUrl the URL to POST to
 		 * @param uriVars the URI variables
 		 * @return the {@link FormLoginRequestBuilder} for additional customizations
 		 */
 		public FormLoginRequestBuilder loginProcessingUrl(String loginProcessingUrl, Object... uriVars) {
-			this.loginProcessingUrl = UriComponentsBuilder.fromPath(loginProcessingUrl)
-					.buildAndExpand(uriVars).encode().toString();
+			this.loginProcessingUrl = UriComponentsBuilder.fromPath(loginProcessingUrl).buildAndExpand(uriVars).encode()
+					.toString();
 			return this;
 		}
 
@@ -256,14 +255,12 @@ public final class SecurityMockMvcRequestBuilders {
 
 		/**
 		 * Specify both the password parameter name and the password.
-		 *
 		 * @param passwordParameter the HTTP parameter to place the password. Default is
 		 * "password".
 		 * @param password the value of the password parameter. Default is "password".
 		 * @return the {@link FormLoginRequestBuilder} for additional customizations
 		 */
-		public FormLoginRequestBuilder password(String passwordParameter,
-				String password) {
+		public FormLoginRequestBuilder password(String passwordParameter, String password) {
 			passwordParam(passwordParameter);
 			this.password = password;
 			return this;
@@ -271,7 +268,6 @@ public final class SecurityMockMvcRequestBuilders {
 
 		/**
 		 * Specify both the password parameter name and the password.
-		 *
 		 * @param usernameParameter the HTTP parameter to place the username. Default is
 		 * "username".
 		 * @param username the value of the username parameter. Default is "user".
@@ -285,7 +281,6 @@ public final class SecurityMockMvcRequestBuilders {
 
 		/**
 		 * Specify a media type to set as the Accept header in the request.
-		 *
 		 * @param acceptMediaType the {@link MediaType} to set the Accept header to.
 		 * Default is: MediaType.APPLICATION_FORM_URLENCODED
 		 * @return the {@link FormLoginRequestBuilder} for additional customizations
@@ -305,18 +300,21 @@ public final class SecurityMockMvcRequestBuilders {
 			if (parent == null) {
 				return this;
 			}
-			if (parent instanceof Mergeable ) {
+			if (parent instanceof Mergeable) {
 				this.parent = (Mergeable) parent;
 				return this;
-			} else {
+			}
+			else {
 				throw new IllegalArgumentException("Cannot merge with [" + parent.getClass().getName() + "]");
 			}
 		}
 
 		private FormLoginRequestBuilder() {
 		}
+
 	}
 
 	private SecurityMockMvcRequestBuilders() {
 	}
+
 }
diff --git a/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessors.java b/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessors.java
index 866396e754..1821fa1ab6 100644
--- a/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessors.java
+++ b/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessors.java
@@ -119,7 +119,6 @@ public final class SecurityMockMvcRequestPostProcessors {
 	/**
 	 * Creates a DigestRequestPostProcessor that enables easily adding digest based
 	 * authentication to a request.
-	 *
 	 * @return the DigestRequestPostProcessor to use
 	 */
 	public static DigestRequestPostProcessor digest() {
@@ -129,7 +128,6 @@ public final class SecurityMockMvcRequestPostProcessors {
 	/**
 	 * Creates a DigestRequestPostProcessor that enables easily adding digest based
 	 * authentication to a request.
-	 *
 	 * @param username the username to use
 	 * @return the DigestRequestPostProcessor to use
 	 */
@@ -149,28 +147,24 @@ public final class SecurityMockMvcRequestPostProcessors {
 
 	/**
 	 * Finds an X509Cetificate using a resoureName and populates it on the request.
-	 *
 	 * @param resourceName the name of the X509Certificate resource
 	 * @return the
 	 * {@link org.springframework.test.web.servlet.request.RequestPostProcessor} to use.
 	 * @throws IOException
 	 * @throws CertificateException
 	 */
-	public static RequestPostProcessor x509(String resourceName)
-			throws IOException, CertificateException {
+	public static RequestPostProcessor x509(String resourceName) throws IOException, CertificateException {
 		ResourceLoader loader = new DefaultResourceLoader();
 		Resource resource = loader.getResource(resourceName);
 		InputStream inputStream = resource.getInputStream();
 		CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
-		X509Certificate certificate = (X509Certificate) certFactory
-				.generateCertificate(inputStream);
+		X509Certificate certificate = (X509Certificate) certFactory.generateCertificate(inputStream);
 		return x509(certificate);
 	}
 
 	/**
 	 * Creates a {@link RequestPostProcessor} that will automatically populate a valid
 	 * {@link CsrfToken} in the request.
-	 *
 	 * @return the {@link CsrfRequestPostProcessor} for further customizations.
 	 */
 	public static CsrfRequestPostProcessor csrf() {
@@ -180,7 +174,6 @@ public final class SecurityMockMvcRequestPostProcessors {
 	/**
 	 * Creates a {@link RequestPostProcessor} that can be used to ensure that the
 	 * resulting request is ran with the user in the {@link TestSecurityContextHolder}.
-	 *
 	 * @return the {@link RequestPostProcessor} to sue
 	 */
 	public static RequestPostProcessor testSecurityContext() {
@@ -207,7 +200,6 @@ public final class SecurityMockMvcRequestPostProcessors {
 	 * <li>Manually adding {@link SecurityContextPersistenceFilter} to the MockMvc
 	 * instance may make sense when using MockMvcBuilders standaloneSetup</li>
 	 * </ul>
-	 *
 	 * @param username the username to populate
 	 * @return the {@link UserRequestPostProcessor} for additional customization
 	 */
@@ -235,7 +227,6 @@ public final class SecurityMockMvcRequestPostProcessors {
 	 * <li>Manually adding {@link SecurityContextPersistenceFilter} to the MockMvc
 	 * instance may make sense when using MockMvcBuilders standaloneSetup</li>
 	 * </ul>
-	 *
 	 * @param user the UserDetails to populate
 	 * @return the {@link RequestPostProcessor} to use
 	 */
@@ -244,15 +235,14 @@ public final class SecurityMockMvcRequestPostProcessors {
 	}
 
 	/**
-	 * Establish a {@link SecurityContext} that has a
-	 * {@link JwtAuthenticationToken} for the
-	 * {@link Authentication} and a {@link Jwt} for the
-	 * {@link Authentication#getPrincipal()}. All details are
-	 * declarative and do not require the JWT to be valid.
+	 * Establish a {@link SecurityContext} that has a {@link JwtAuthenticationToken} for
+	 * the {@link Authentication} and a {@link Jwt} for the
+	 * {@link Authentication#getPrincipal()}. All details are declarative and do not
+	 * require the JWT to be valid.
 	 *
 	 * <p>
-	 * The support works by associating the authentication to the HttpServletRequest. To associate
-	 * the request to the SecurityContextHolder you need to ensure that the
+	 * The support works by associating the authentication to the HttpServletRequest. To
+	 * associate the request to the SecurityContextHolder you need to ensure that the
 	 * SecurityContextPersistenceFilter is associated with the MockMvc instance. A few
 	 * ways to do this are:
 	 * </p>
@@ -263,7 +253,6 @@ public final class SecurityMockMvcRequestPostProcessors {
 	 * <li>Manually adding {@link SecurityContextPersistenceFilter} to the MockMvc
 	 * instance may make sense when using MockMvcBuilders standaloneSetup</li>
 	 * </ul>
-	 *
 	 * @return the {@link JwtRequestPostProcessor} for additional customization
 	 */
 	public static JwtRequestPostProcessor jwt() {
@@ -271,15 +260,14 @@ public final class SecurityMockMvcRequestPostProcessors {
 	}
 
 	/**
-	 * Establish a {@link SecurityContext} that has a
-	 * {@link BearerTokenAuthentication} for the
-	 * {@link Authentication} and a {@link OAuth2AuthenticatedPrincipal} for the
-	 * {@link Authentication#getPrincipal()}. All details are
-	 * declarative and do not require the token to be valid
+	 * Establish a {@link SecurityContext} that has a {@link BearerTokenAuthentication}
+	 * for the {@link Authentication} and a {@link OAuth2AuthenticatedPrincipal} for the
+	 * {@link Authentication#getPrincipal()}. All details are declarative and do not
+	 * require the token to be valid
 	 *
 	 * <p>
-	 * The support works by associating the authentication to the HttpServletRequest. To associate
-	 * the request to the SecurityContextHolder you need to ensure that the
+	 * The support works by associating the authentication to the HttpServletRequest. To
+	 * associate the request to the SecurityContextHolder you need to ensure that the
 	 * SecurityContextPersistenceFilter is associated with the MockMvc instance. A few
 	 * ways to do this are:
 	 * </p>
@@ -290,7 +278,6 @@ public final class SecurityMockMvcRequestPostProcessors {
 	 * <li>Manually adding {@link SecurityContextPersistenceFilter} to the MockMvc
 	 * instance may make sense when using MockMvcBuilders standaloneSetup</li>
 	 * </ul>
-	 *
 	 * @return the {@link OpaqueTokenRequestPostProcessor} for additional customization
 	 * @since 5.3
 	 */
@@ -316,7 +303,6 @@ public final class SecurityMockMvcRequestPostProcessors {
 	 * <li>Manually adding {@link SecurityContextPersistenceFilter} to the MockMvc
 	 * instance may make sense when using MockMvcBuilders standaloneSetup</li>
 	 * </ul>
-	 *
 	 * @param authentication the Authentication to populate
 	 * @return the {@link RequestPostProcessor} to use
 	 */
@@ -348,7 +334,6 @@ public final class SecurityMockMvcRequestPostProcessors {
 	 *     // ... lots of tests ran with a default user ...
 	 * }
 	 * </code> </pre>
-	 *
 	 * @return the {@link RequestPostProcessor} to use
 	 */
 	public static RequestPostProcessor anonymous() {
@@ -373,7 +358,6 @@ public final class SecurityMockMvcRequestPostProcessors {
 	 * Convenience mechanism for setting the Authorization header to use HTTP Basic with
 	 * the given username and password. This method will automatically perform the
 	 * necessary Base64 encoding.
-	 *
 	 * @param username the username to include in the Authorization header.
 	 * @param password the password to include in the Authorization header.
 	 * @return the {@link RequestPostProcessor} to use
@@ -383,15 +367,14 @@ public final class SecurityMockMvcRequestPostProcessors {
 	}
 
 	/**
-	 * Establish a {@link SecurityContext} that has a
-	 * {@link OAuth2AuthenticationToken} for the
-	 * {@link Authentication}, a {@link OAuth2User} as the principal,
-	 * and a {@link OAuth2AuthorizedClient} in the session. All details are
-	 * declarative and do not require associated tokens to be valid.
+	 * Establish a {@link SecurityContext} that has a {@link OAuth2AuthenticationToken}
+	 * for the {@link Authentication}, a {@link OAuth2User} as the principal, and a
+	 * {@link OAuth2AuthorizedClient} in the session. All details are declarative and do
+	 * not require associated tokens to be valid.
 	 *
 	 * <p>
-	 * The support works by associating the authentication to the HttpServletRequest. To associate
-	 * the request to the SecurityContextHolder you need to ensure that the
+	 * The support works by associating the authentication to the HttpServletRequest. To
+	 * associate the request to the SecurityContextHolder you need to ensure that the
 	 * SecurityContextPersistenceFilter is associated with the MockMvc instance. A few
 	 * ways to do this are:
 	 * </p>
@@ -402,26 +385,24 @@ public final class SecurityMockMvcRequestPostProcessors {
 	 * <li>Manually adding {@link SecurityContextPersistenceFilter} to the MockMvc
 	 * instance may make sense when using MockMvcBuilders standaloneSetup</li>
 	 * </ul>
-	 *
 	 * @return the {@link OidcLoginRequestPostProcessor} for additional customization
 	 * @since 5.3
 	 */
 	public static OAuth2LoginRequestPostProcessor oauth2Login() {
-		OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, "access-token",
-				null, null, Collections.singleton("read"));
+		OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, "access-token", null,
+				null, Collections.singleton("read"));
 		return new OAuth2LoginRequestPostProcessor(accessToken);
 	}
 
 	/**
-	 * Establish a {@link SecurityContext} that has a
-	 * {@link OAuth2AuthenticationToken} for the
-	 * {@link Authentication}, a {@link OidcUser} as the principal,
-	 * and a {@link OAuth2AuthorizedClient} in the session. All details are
-	 * declarative and do not require associated tokens to be valid.
+	 * Establish a {@link SecurityContext} that has a {@link OAuth2AuthenticationToken}
+	 * for the {@link Authentication}, a {@link OidcUser} as the principal, and a
+	 * {@link OAuth2AuthorizedClient} in the session. All details are declarative and do
+	 * not require associated tokens to be valid.
 	 *
 	 * <p>
-	 * The support works by associating the authentication to the HttpServletRequest. To associate
-	 * the request to the SecurityContextHolder you need to ensure that the
+	 * The support works by associating the authentication to the HttpServletRequest. To
+	 * associate the request to the SecurityContextHolder you need to ensure that the
 	 * SecurityContextPersistenceFilter is associated with the MockMvc instance. A few
 	 * ways to do this are:
 	 * </p>
@@ -432,13 +413,12 @@ public final class SecurityMockMvcRequestPostProcessors {
 	 * <li>Manually adding {@link SecurityContextPersistenceFilter} to the MockMvc
 	 * instance may make sense when using MockMvcBuilders standaloneSetup</li>
 	 * </ul>
-	 *
 	 * @return the {@link OidcLoginRequestPostProcessor} for additional customization
 	 * @since 5.3
 	 */
 	public static OidcLoginRequestPostProcessor oidcLogin() {
-		OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, "access-token",
-				null, null, Collections.singleton("read"));
+		OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, "access-token", null,
+				null, Collections.singleton("read"));
 		return new OidcLoginRequestPostProcessor(accessToken);
 	}
 
@@ -450,7 +430,6 @@ public final class SecurityMockMvcRequestPostProcessors {
 	 * The support works by associating the authorized client to the HttpServletRequest
 	 * via the {@link HttpSessionOAuth2AuthorizedClientRepository}
 	 * </p>
-	 *
 	 * @return the {@link OAuth2ClientRequestPostProcessor} for additional customization
 	 * @since 5.3
 	 */
@@ -466,7 +445,6 @@ public final class SecurityMockMvcRequestPostProcessors {
 	 * The support works by associating the authorized client to the HttpServletRequest
 	 * via the {@link HttpSessionOAuth2AuthorizedClientRepository}
 	 * </p>
-	 *
 	 * @param registrationId The registration id for the {@link OAuth2AuthorizedClient}
 	 * @return the {@link OAuth2ClientRequestPostProcessor} for additional customization
 	 * @since 5.3
@@ -479,6 +457,7 @@ public final class SecurityMockMvcRequestPostProcessors {
 	 * Populates the X509Certificate instances onto the request
 	 */
 	private static class X509RequestPostProcessor implements RequestPostProcessor {
+
 		private final X509Certificate[] certificates;
 
 		private X509RequestPostProcessor(X509Certificate... certificates) {
@@ -488,10 +467,10 @@ public final class SecurityMockMvcRequestPostProcessors {
 
 		@Override
 		public MockHttpServletRequest postProcessRequest(MockHttpServletRequest request) {
-			request.setAttribute("javax.servlet.request.X509Certificate",
-					this.certificates);
+			request.setAttribute("javax.servlet.request.X509Certificate", this.certificates);
 			return request;
 		}
+
 	}
 
 	/**
@@ -516,15 +495,13 @@ public final class SecurityMockMvcRequestPostProcessors {
 		public MockHttpServletRequest postProcessRequest(MockHttpServletRequest request) {
 			CsrfTokenRepository repository = WebTestUtils.getCsrfTokenRepository(request);
 			if (!(repository instanceof TestCsrfTokenRepository)) {
-				repository = new TestCsrfTokenRepository(
-						new HttpSessionCsrfTokenRepository());
+				repository = new TestCsrfTokenRepository(new HttpSessionCsrfTokenRepository());
 				WebTestUtils.setCsrfTokenRepository(request, repository);
 			}
 			TestCsrfTokenRepository.enable(request);
 			CsrfToken token = repository.generateToken(request);
 			repository.saveToken(token, request, new MockHttpServletResponse());
-			String tokenValue = this.useInvalidToken ? "invalid" + token.getToken()
-					: token.getToken();
+			String tokenValue = this.useInvalidToken ? "invalid" + token.getToken() : token.getToken();
 			if (this.asHeader) {
 				request.addHeader(token.getHeaderName(), tokenValue);
 			}
@@ -537,7 +514,6 @@ public final class SecurityMockMvcRequestPostProcessors {
 		/**
 		 * Instead of using the {@link CsrfToken} as a request parameter (default) will
 		 * populate the {@link CsrfToken} as a header.
-		 *
 		 * @return the {@link CsrfRequestPostProcessor} for additional customizations
 		 */
 		public CsrfRequestPostProcessor asHeader() {
@@ -547,7 +523,6 @@ public final class SecurityMockMvcRequestPostProcessors {
 
 		/**
 		 * Populates an invalid token value on the request.
-		 *
 		 * @return the {@link CsrfRequestPostProcessor} for additional customizations
 		 */
 		public CsrfRequestPostProcessor useInvalidToken() {
@@ -563,11 +538,10 @@ public final class SecurityMockMvcRequestPostProcessors {
 		 * request is wrapped (i.e. Spring Session is in use).
 		 */
 		static class TestCsrfTokenRepository implements CsrfTokenRepository {
-			final static String TOKEN_ATTR_NAME = TestCsrfTokenRepository.class.getName()
-					.concat(".TOKEN");
 
-			final static String ENABLED_ATTR_NAME = TestCsrfTokenRepository.class
-					.getName().concat(".ENABLED");
+			final static String TOKEN_ATTR_NAME = TestCsrfTokenRepository.class.getName().concat(".TOKEN");
+
+			final static String ENABLED_ATTR_NAME = TestCsrfTokenRepository.class.getName().concat(".ENABLED");
 
 			private final CsrfTokenRepository delegate;
 
@@ -581,8 +555,7 @@ public final class SecurityMockMvcRequestPostProcessors {
 			}
 
 			@Override
-			public void saveToken(CsrfToken token, HttpServletRequest request,
-					HttpServletResponse response) {
+			public void saveToken(CsrfToken token, HttpServletRequest request, HttpServletResponse response) {
 				if (isEnabled(request)) {
 					request.setAttribute(TOKEN_ATTR_NAME, token);
 				}
@@ -608,10 +581,13 @@ public final class SecurityMockMvcRequestPostProcessors {
 			public boolean isEnabled(HttpServletRequest request) {
 				return TRUE.equals(request.getAttribute(ENABLED_ATTR_NAME));
 			}
+
 		}
+
 	}
 
 	public static class DigestRequestPostProcessor implements RequestPostProcessor {
+
 		private String username = "user";
 
 		private String password = "password";
@@ -670,13 +646,11 @@ public final class SecurityMockMvcRequestPostProcessors {
 
 		private String createAuthorizationHeader(MockHttpServletRequest request) {
 			String uri = request.getRequestURI();
-			String responseDigest = generateDigest(this.username, this.realm,
-					this.password, request.getMethod(), uri, this.qop, this.nonce,
-					this.nc, this.cnonce);
-			return "Digest username=\"" + this.username + "\", realm=\"" + this.realm
-					+ "\", nonce=\"" + this.nonce + "\", uri=\"" + uri + "\", response=\""
-					+ responseDigest + "\", qop=" + this.qop + ", nc=" + this.nc
-					+ ", cnonce=\"" + this.cnonce + "\"";
+			String responseDigest = generateDigest(this.username, this.realm, this.password, request.getMethod(), uri,
+					this.qop, this.nonce, this.nc, this.cnonce);
+			return "Digest username=\"" + this.username + "\", realm=\"" + this.realm + "\", nonce=\"" + this.nonce
+					+ "\", uri=\"" + uri + "\", response=\"" + responseDigest + "\", qop=" + this.qop + ", nc="
+					+ this.nc + ", cnonce=\"" + this.cnonce + "\"";
 		}
 
 		@Override
@@ -691,7 +665,6 @@ public final class SecurityMockMvcRequestPostProcessors {
 		 * Both the server and user agent should compute the <code>response</code>
 		 * independently. Provided as a static method to simplify the coding of user
 		 * agents.
-		 *
 		 * @param username the user's login name.
 		 * @param realm the name of the realm.
 		 * @param password the user's password in plaintext or ready-encoded.
@@ -704,9 +677,8 @@ public final class SecurityMockMvcRequestPostProcessors {
 		 * @return the MD5 of the digest authentication response, encoded in hex
 		 * @throws IllegalArgumentException if the supplied qop value is unsupported.
 		 */
-		private static String generateDigest(String username, String realm,
-				String password, String httpMethod, String uri, String qop, String nonce,
-				String nc, String cnonce) throws IllegalArgumentException {
+		private static String generateDigest(String username, String realm, String password, String httpMethod,
+				String uri, String qop, String nonce, String nc, String cnonce) throws IllegalArgumentException {
 			String a1Md5 = encodePasswordInA1Format(username, realm, password);
 			String a2 = httpMethod + ":" + uri;
 			String a2Md5 = md5Hex(a2);
@@ -719,19 +691,16 @@ public final class SecurityMockMvcRequestPostProcessors {
 			}
 			else if ("auth".equals(qop)) {
 				// As per RFC 2617 compliant clients
-				digest = a1Md5 + ":" + nonce + ":" + nc + ":" + cnonce + ":" + qop + ":"
-						+ a2Md5;
+				digest = a1Md5 + ":" + nonce + ":" + nc + ":" + cnonce + ":" + qop + ":" + a2Md5;
 			}
 			else {
-				throw new IllegalArgumentException(
-						"This method does not support a qop: '" + qop + "'");
+				throw new IllegalArgumentException("This method does not support a qop: '" + qop + "'");
 			}
 
 			return md5Hex(digest);
 		}
 
-		static String encodePasswordInA1Format(String username, String realm,
-				String password) {
+		static String encodePasswordInA1Format(String username, String realm, String password) {
 			String a1 = username + ":" + realm + ":" + password;
 
 			return md5Hex(a1);
@@ -740,6 +709,7 @@ public final class SecurityMockMvcRequestPostProcessors {
 		private static String md5Hex(String a2) {
 			return DigestUtils.md5DigestAsHex(a2.getBytes(StandardCharsets.UTF_8));
 		}
+
 	}
 
 	/**
@@ -751,7 +721,6 @@ public final class SecurityMockMvcRequestPostProcessors {
 		/**
 		 * Saves the specified {@link Authentication} into an empty
 		 * {@link SecurityContext} using the {@link SecurityContextRepository}.
-		 *
 		 * @param authentication the {@link Authentication} to save
 		 * @param request the {@link HttpServletRequest} to use
 		 */
@@ -763,25 +732,20 @@ public final class SecurityMockMvcRequestPostProcessors {
 
 		/**
 		 * Saves the {@link SecurityContext} using the {@link SecurityContextRepository}
-		 *
 		 * @param securityContext the {@link SecurityContext} to save
 		 * @param request the {@link HttpServletRequest} to use
 		 */
 		final void save(SecurityContext securityContext, HttpServletRequest request) {
-			SecurityContextRepository securityContextRepository = WebTestUtils
-					.getSecurityContextRepository(request);
+			SecurityContextRepository securityContextRepository = WebTestUtils.getSecurityContextRepository(request);
 			boolean isTestRepository = securityContextRepository instanceof TestSecurityContextRepository;
 			if (!isTestRepository) {
-				securityContextRepository = new TestSecurityContextRepository(
-						securityContextRepository);
-				WebTestUtils.setSecurityContextRepository(request,
-						securityContextRepository);
+				securityContextRepository = new TestSecurityContextRepository(securityContextRepository);
+				WebTestUtils.setSecurityContextRepository(request, securityContextRepository);
 			}
 
 			HttpServletResponse response = new MockHttpServletResponse();
 
-			HttpRequestResponseHolder requestResponseHolder = new HttpRequestResponseHolder(
-					request, response);
+			HttpRequestResponseHolder requestResponseHolder = new HttpRequestResponseHolder(request, response);
 			securityContextRepository.loadContext(requestResponseHolder);
 
 			request = requestResponseHolder.getRequest();
@@ -795,8 +759,8 @@ public final class SecurityMockMvcRequestPostProcessors {
 		 * stateless mode
 		 */
 		static class TestSecurityContextRepository implements SecurityContextRepository {
-			private final static String ATTR_NAME = TestSecurityContextRepository.class
-					.getName().concat(".REPO");
+
+			private final static String ATTR_NAME = TestSecurityContextRepository.class.getName().concat(".REPO");
 
 			private final SecurityContextRepository delegate;
 
@@ -805,35 +769,33 @@ public final class SecurityMockMvcRequestPostProcessors {
 			}
 
 			@Override
-			public SecurityContext loadContext(
-					HttpRequestResponseHolder requestResponseHolder) {
+			public SecurityContext loadContext(HttpRequestResponseHolder requestResponseHolder) {
 				SecurityContext result = getContext(requestResponseHolder.getRequest());
 				// always load from the delegate to ensure the request/response in the
 				// holder are updated
 				// remember the SecurityContextRepository is used in many different
 				// locations
-				SecurityContext delegateResult = this.delegate
-						.loadContext(requestResponseHolder);
+				SecurityContext delegateResult = this.delegate.loadContext(requestResponseHolder);
 				return result == null ? delegateResult : result;
 			}
 
 			@Override
-			public void saveContext(SecurityContext context, HttpServletRequest request,
-					HttpServletResponse response) {
+			public void saveContext(SecurityContext context, HttpServletRequest request, HttpServletResponse response) {
 				request.setAttribute(ATTR_NAME, context);
 				this.delegate.saveContext(context, request, response);
 			}
 
 			@Override
 			public boolean containsContext(HttpServletRequest request) {
-				return getContext(request) != null
-						|| this.delegate.containsContext(request);
+				return getContext(request) != null || this.delegate.containsContext(request);
 			}
 
 			private static SecurityContext getContext(HttpServletRequest request) {
 				return (SecurityContext) request.getAttribute(ATTR_NAME);
 			}
+
 		}
+
 	}
 
 	/**
@@ -844,15 +806,15 @@ public final class SecurityMockMvcRequestPostProcessors {
 	 * @author Rob Winch
 	 * @since 4.0
 	 */
-	private final static class TestSecurityContextHolderPostProcessor extends
-			SecurityContextRequestPostProcessorSupport implements RequestPostProcessor {
+	private final static class TestSecurityContextHolderPostProcessor extends SecurityContextRequestPostProcessorSupport
+			implements RequestPostProcessor {
+
 		private SecurityContext EMPTY = SecurityContextHolder.createEmptyContext();
 
 		@Override
 		public MockHttpServletRequest postProcessRequest(MockHttpServletRequest request) {
 			// TestSecurityContextHolder is only a default value
-			SecurityContext existingContext = TestSecurityContextRepository
-					.getContext(request);
+			SecurityContext existingContext = TestSecurityContextRepository.getContext(request);
 			if (existingContext != null) {
 				return request;
 			}
@@ -864,6 +826,7 @@ public final class SecurityMockMvcRequestPostProcessors {
 
 			return request;
 		}
+
 	}
 
 	/**
@@ -873,8 +836,8 @@ public final class SecurityMockMvcRequestPostProcessors {
 	 * @author Rob Winch
 	 * @since 4.0
 	 */
-	private final static class SecurityContextRequestPostProcessor extends
-			SecurityContextRequestPostProcessorSupport implements RequestPostProcessor {
+	private final static class SecurityContextRequestPostProcessor extends SecurityContextRequestPostProcessorSupport
+			implements RequestPostProcessor {
 
 		private final SecurityContext securityContext;
 
@@ -887,6 +850,7 @@ public final class SecurityMockMvcRequestPostProcessors {
 			save(this.securityContext, request);
 			return request;
 		}
+
 	}
 
 	/**
@@ -897,8 +861,9 @@ public final class SecurityMockMvcRequestPostProcessors {
 	 * @since 4.0
 	 *
 	 */
-	private final static class AuthenticationRequestPostProcessor extends
-			SecurityContextRequestPostProcessorSupport implements RequestPostProcessor {
+	private final static class AuthenticationRequestPostProcessor extends SecurityContextRequestPostProcessorSupport
+			implements RequestPostProcessor {
+
 		private final Authentication authentication;
 
 		private AuthenticationRequestPostProcessor(Authentication authentication) {
@@ -912,6 +877,7 @@ public final class SecurityMockMvcRequestPostProcessors {
 			save(this.authentication, request);
 			return request;
 		}
+
 	}
 
 	/**
@@ -922,13 +888,13 @@ public final class SecurityMockMvcRequestPostProcessors {
 	 * @author Rob Winch
 	 * @since 4.0
 	 */
-	private final static class UserDetailsRequestPostProcessor
-			implements RequestPostProcessor {
+	private final static class UserDetailsRequestPostProcessor implements RequestPostProcessor {
+
 		private final RequestPostProcessor delegate;
 
 		UserDetailsRequestPostProcessor(UserDetails user) {
-			Authentication token = new UsernamePasswordAuthenticationToken(user,
-					user.getPassword(), user.getAuthorities());
+			Authentication token = new UsernamePasswordAuthenticationToken(user, user.getPassword(),
+					user.getAuthorities());
 
 			this.delegate = new AuthenticationRequestPostProcessor(token);
 		}
@@ -937,6 +903,7 @@ public final class SecurityMockMvcRequestPostProcessors {
 		public MockHttpServletRequest postProcessRequest(MockHttpServletRequest request) {
 			return this.delegate.postProcessRequest(request);
 		}
+
 	}
 
 	/**
@@ -946,8 +913,8 @@ public final class SecurityMockMvcRequestPostProcessors {
 	 * @author Rob Winch
 	 * @since 4.0
 	 */
-	public final static class UserRequestPostProcessor extends
-			SecurityContextRequestPostProcessorSupport implements RequestPostProcessor {
+	public final static class UserRequestPostProcessor extends SecurityContextRequestPostProcessorSupport
+			implements RequestPostProcessor {
 
 		private String username;
 
@@ -955,8 +922,7 @@ public final class SecurityMockMvcRequestPostProcessors {
 
 		private static final String ROLE_PREFIX = "ROLE_";
 
-		private Collection<? extends GrantedAuthority> authorities = AuthorityUtils
-				.createAuthorityList("ROLE_USER");
+		private Collection<? extends GrantedAuthority> authorities = AuthorityUtils.createAuthorityList("ROLE_USER");
 
 		private boolean enabled = true;
 
@@ -978,7 +944,6 @@ public final class SecurityMockMvcRequestPostProcessors {
 		/**
 		 * Specify the roles of the user to authenticate as. This method is similar to
 		 * {@link #authorities(GrantedAuthority...)}, but just not as flexible.
-		 *
 		 * @param roles The roles to populate. Note that if the role does not start with
 		 * {@link #ROLE_PREFIX} it will automatically be prepended. This means by default
 		 * {@code roles("ROLE_USER")} and {@code roles("USER")} are equivalent.
@@ -987,14 +952,11 @@ public final class SecurityMockMvcRequestPostProcessors {
 		 * @return the UserRequestPostProcessor for further customizations
 		 */
 		public UserRequestPostProcessor roles(String... roles) {
-			List<GrantedAuthority> authorities = new ArrayList<>(
-					roles.length);
+			List<GrantedAuthority> authorities = new ArrayList<>(roles.length);
 			for (String role : roles) {
 				if (role.startsWith(ROLE_PREFIX)) {
-					throw new IllegalArgumentException(
-							"Role should not start with " + ROLE_PREFIX
-									+ " since this method automatically prefixes with this value. Got "
-									+ role);
+					throw new IllegalArgumentException("Role should not start with " + ROLE_PREFIX
+							+ " since this method automatically prefixes with this value. Got " + role);
 				}
 				else {
 					authorities.add(new SimpleGrantedAuthority(ROLE_PREFIX + role));
@@ -1006,7 +968,6 @@ public final class SecurityMockMvcRequestPostProcessors {
 
 		/**
 		 * Populates the user's {@link GrantedAuthority}'s. The default is ROLE_USER.
-		 *
 		 * @param authorities
 		 * @see #roles(String...)
 		 * @return the UserRequestPostProcessor for further customizations
@@ -1017,20 +978,17 @@ public final class SecurityMockMvcRequestPostProcessors {
 
 		/**
 		 * Populates the user's {@link GrantedAuthority}'s. The default is ROLE_USER.
-		 *
 		 * @param authorities
 		 * @see #roles(String...)
 		 * @return the UserRequestPostProcessor for further customizations
 		 */
-		public UserRequestPostProcessor authorities(
-				Collection<? extends GrantedAuthority> authorities) {
+		public UserRequestPostProcessor authorities(Collection<? extends GrantedAuthority> authorities) {
 			this.authorities = authorities;
 			return this;
 		}
 
 		/**
 		 * Populates the user's password. The default is "password"
-		 *
 		 * @param password the user's password
 		 * @return the UserRequestPostProcessor for further customizations
 		 */
@@ -1041,8 +999,7 @@ public final class SecurityMockMvcRequestPostProcessors {
 
 		@Override
 		public MockHttpServletRequest postProcessRequest(MockHttpServletRequest request) {
-			UserDetailsRequestPostProcessor delegate = new UserDetailsRequestPostProcessor(
-					createUser());
+			UserDetailsRequestPostProcessor delegate = new UserDetailsRequestPostProcessor(createUser());
 			return delegate.postProcessRequest(request);
 		}
 
@@ -1051,14 +1008,15 @@ public final class SecurityMockMvcRequestPostProcessors {
 		 * @return the {@link User} for the principal
 		 */
 		private User createUser() {
-			return new User(this.username, this.password, this.enabled,
-					this.accountNonExpired, this.credentialsNonExpired,
-					this.accountNonLocked, this.authorities);
+			return new User(this.username, this.password, this.enabled, this.accountNonExpired,
+					this.credentialsNonExpired, this.accountNonLocked, this.authorities);
 		}
+
 	}
 
-	private static class AnonymousRequestPostProcessor extends
-			SecurityContextRequestPostProcessorSupport implements RequestPostProcessor {
+	private static class AnonymousRequestPostProcessor extends SecurityContextRequestPostProcessorSupport
+			implements RequestPostProcessor {
+
 		private AuthenticationRequestPostProcessor delegate = new AuthenticationRequestPostProcessor(
 				new AnonymousAuthenticationToken("key", "anonymous",
 						AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS")));
@@ -1073,9 +1031,11 @@ public final class SecurityMockMvcRequestPostProcessors {
 		public MockHttpServletRequest postProcessRequest(MockHttpServletRequest request) {
 			return this.delegate.postProcessRequest(request);
 		}
+
 	}
 
 	private static class HttpBasicRequestPostProcessor implements RequestPostProcessor {
+
 		private String headerValue;
 
 		private HttpBasicRequestPostProcessor(String username, String password) {
@@ -1089,6 +1049,7 @@ public final class SecurityMockMvcRequestPostProcessors {
 			request.addHeader("Authorization", this.headerValue);
 			return request;
 		}
+
 	}
 
 	/**
@@ -1097,32 +1058,32 @@ public final class SecurityMockMvcRequestPostProcessors {
 	 * @since 5.2
 	 */
 	public final static class JwtRequestPostProcessor implements RequestPostProcessor {
+
 		private Jwt jwt;
-		private Converter<Jwt, Collection<GrantedAuthority>> authoritiesConverter =
-				new JwtGrantedAuthoritiesConverter();
+
+		private Converter<Jwt, Collection<GrantedAuthority>> authoritiesConverter = new JwtGrantedAuthoritiesConverter();
 
 		private JwtRequestPostProcessor() {
-			this.jwt((jwt) -> {});
+			this.jwt((jwt) -> {
+			});
 		}
 
 		/**
-		 * Use the given {@link Jwt.Builder} {@link Consumer} to configure the underlying {@link Jwt}
+		 * Use the given {@link Jwt.Builder} {@link Consumer} to configure the underlying
+		 * {@link Jwt}
 		 *
-		 * This method first creates a default {@link Jwt.Builder} instance with default values for
-		 * the {@code alg}, {@code sub}, and {@code scope} claims. The {@link Consumer} can then modify
-		 * these or provide additional configuration.
-		 *
-		 * Calling {@link SecurityMockMvcRequestPostProcessors#jwt()} is the equivalent of calling
-		 * {@code SecurityMockMvcRequestPostProcessors.jwt().jwt(() -> {})}.
+		 * This method first creates a default {@link Jwt.Builder} instance with default
+		 * values for the {@code alg}, {@code sub}, and {@code scope} claims. The
+		 * {@link Consumer} can then modify these or provide additional configuration.
 		 *
+		 * Calling {@link SecurityMockMvcRequestPostProcessors#jwt()} is the equivalent of
+		 * calling {@code SecurityMockMvcRequestPostProcessors.jwt().jwt(() -> {})}.
 		 * @param jwtBuilderConsumer For configuring the underlying {@link Jwt}
 		 * @return the {@link JwtRequestPostProcessor} for additional customization
 		 */
 		public JwtRequestPostProcessor jwt(Consumer<Jwt.Builder> jwtBuilderConsumer) {
-			Jwt.Builder jwtBuilder = Jwt.withTokenValue("token")
-					.header("alg", "none")
-					.claim(SUB, "user")
-					.claim("scope", "read");
+			Jwt.Builder jwtBuilder = Jwt.withTokenValue("token").header("alg", "none").claim(SUB, "user").claim("scope",
+					"read");
 			jwtBuilderConsumer.accept(jwtBuilder);
 			this.jwt = jwtBuilder.build();
 			return this;
@@ -1130,7 +1091,6 @@ public final class SecurityMockMvcRequestPostProcessors {
 
 		/**
 		 * Use the given {@link Jwt}
-		 *
 		 * @param jwt The {@link Jwt} to use
 		 * @return the {@link JwtRequestPostProcessor} for additional customization
 		 */
@@ -1164,9 +1124,8 @@ public final class SecurityMockMvcRequestPostProcessors {
 		/**
 		 * Provides the configured {@link Jwt} so that custom authorities can be derived
 		 * from it
-		 *
-		 * @param authoritiesConverter the conversion strategy from {@link Jwt} to a {@link Collection}
-		 * of {@link GrantedAuthority}s
+		 * @param authoritiesConverter the conversion strategy from {@link Jwt} to a
+		 * {@link Collection} of {@link GrantedAuthority}s
 		 * @return the {@link JwtRequestPostProcessor} for further configuration
 		 */
 		public JwtRequestPostProcessor authorities(Converter<Jwt, Collection<GrantedAuthority>> authoritiesConverter) {
@@ -1190,17 +1149,20 @@ public final class SecurityMockMvcRequestPostProcessors {
 	 * @since 5.3
 	 */
 	public final static class OpaqueTokenRequestPostProcessor implements RequestPostProcessor {
+
 		private Supplier<Map<String, Object>> attributes = this::defaultAttributes;
+
 		private Supplier<Collection<GrantedAuthority>> authorities = this::defaultAuthorities;
 
 		private Supplier<OAuth2AuthenticatedPrincipal> principal = this::defaultPrincipal;
 
-		private OpaqueTokenRequestPostProcessor() { }
+		private OpaqueTokenRequestPostProcessor() {
+		}
 
 		/**
 		 * Mutate the attributes using the given {@link Consumer}
-		 *
-		 * @param attributesConsumer The {@link Consumer} for mutating the {@Map} of attributes
+		 * @param attributesConsumer The {@link Consumer} for mutating the {@Map} of
+		 * attributes
 		 * @return the {@link OpaqueTokenRequestPostProcessor} for further configuration
 		 */
 		public OpaqueTokenRequestPostProcessor attributes(Consumer<Map<String, Object>> attributesConsumer) {
@@ -1254,8 +1216,8 @@ public final class SecurityMockMvcRequestPostProcessors {
 			CsrfFilter.skipRequest(request);
 			OAuth2AuthenticatedPrincipal principal = this.principal.get();
 			OAuth2AccessToken accessToken = getOAuth2AccessToken(principal);
-			BearerTokenAuthentication token = new BearerTokenAuthentication
-					(principal, accessToken, principal.getAuthorities());
+			BearerTokenAuthentication token = new BearerTokenAuthentication(principal, accessToken,
+					principal.getAuthorities());
 			return new AuthenticationRequestPostProcessor(token).postProcessRequest(request);
 		}
 
@@ -1283,21 +1245,18 @@ public final class SecurityMockMvcRequestPostProcessors {
 		}
 
 		private OAuth2AuthenticatedPrincipal defaultPrincipal() {
-			return new OAuth2IntrospectionAuthenticatedPrincipal
-					(this.attributes.get(), this.authorities.get());
+			return new OAuth2IntrospectionAuthenticatedPrincipal(this.attributes.get(), this.authorities.get());
 		}
 
 		private Collection<GrantedAuthority> getAuthorities(Collection<?> scopes) {
-			return scopes.stream()
-					.map(scope -> new SimpleGrantedAuthority("SCOPE_" + scope))
+			return scopes.stream().map(scope -> new SimpleGrantedAuthority("SCOPE_" + scope))
 					.collect(Collectors.toList());
 		}
 
 		private OAuth2AccessToken getOAuth2AccessToken(OAuth2AuthenticatedPrincipal principal) {
 			Instant expiresAt = getInstant(principal.getAttributes(), "exp");
 			Instant issuedAt = getInstant(principal.getAttributes(), "iat");
-			return new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,
-					"token", issuedAt, expiresAt);
+			return new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, "token", issuedAt, expiresAt);
 		}
 
 		private Instant getInstant(Map<String, Object> attributes, String name) {
@@ -1310,6 +1269,7 @@ public final class SecurityMockMvcRequestPostProcessors {
 			}
 			throw new IllegalArgumentException(name + " attribute must be of type Instant");
 		}
+
 	}
 
 	/**
@@ -1317,13 +1277,17 @@ public final class SecurityMockMvcRequestPostProcessors {
 	 * @since 5.3
 	 */
 	public final static class OAuth2LoginRequestPostProcessor implements RequestPostProcessor {
+
 		private final String nameAttributeKey = "sub";
 
 		private ClientRegistration clientRegistration;
+
 		private OAuth2AccessToken accessToken;
 
 		private Supplier<Collection<GrantedAuthority>> authorities = this::defaultAuthorities;
+
 		private Supplier<Map<String, Object>> attributes = this::defaultAttributes;
+
 		private Supplier<OAuth2User> oauth2User = this::defaultPrincipal;
 
 		private OAuth2LoginRequestPostProcessor(OAuth2AccessToken accessToken) {
@@ -1333,7 +1297,6 @@ public final class SecurityMockMvcRequestPostProcessors {
 
 		/**
 		 * Use the provided authorities in the {@link Authentication}
-		 *
 		 * @param authorities the authorities to use
 		 * @return the {@link OAuth2LoginRequestPostProcessor} for further configuration
 		 */
@@ -1346,7 +1309,6 @@ public final class SecurityMockMvcRequestPostProcessors {
 
 		/**
 		 * Use the provided authorities in the {@link Authentication}
-		 *
 		 * @param authorities the authorities to use
 		 * @return the {@link OAuth2LoginRequestPostProcessor} for further configuration
 		 */
@@ -1359,8 +1321,8 @@ public final class SecurityMockMvcRequestPostProcessors {
 
 		/**
 		 * Mutate the attributes using the given {@link Consumer}
-		 *
-		 * @param attributesConsumer The {@link Consumer} for mutating the {@Map} of attributes
+		 * @param attributesConsumer The {@link Consumer} for mutating the {@Map} of
+		 * attributes
 		 * @return the {@link OAuth2LoginRequestPostProcessor} for further configuration
 		 */
 		public OAuth2LoginRequestPostProcessor attributes(Consumer<Map<String, Object>> attributesConsumer) {
@@ -1376,7 +1338,6 @@ public final class SecurityMockMvcRequestPostProcessors {
 
 		/**
 		 * Use the provided {@link OAuth2User} as the authenticated user.
-		 *
 		 * @param oauth2User the {@link OAuth2User} to use
 		 * @return the {@link OAuth2LoginRequestPostProcessor} for further configuration
 		 */
@@ -1391,9 +1352,9 @@ public final class SecurityMockMvcRequestPostProcessors {
 		 * The supplied {@link ClientRegistration} will be registered into an
 		 * {@link HttpSessionOAuth2AuthorizedClientRepository}. Tests relying on
 		 * {@link org.springframework.security.oauth2.client.annotation.RegisteredOAuth2AuthorizedClient}
-		 * annotations should register an {@link HttpSessionOAuth2AuthorizedClientRepository} bean
-		 * to the application context.
-		 *
+		 * annotations should register an
+		 * {@link HttpSessionOAuth2AuthorizedClientRepository} bean to the application
+		 * context.
 		 * @param clientRegistration the {@link ClientRegistration} to use
 		 * @return the {@link OAuth2LoginRequestPostProcessor} for further configuration
 		 */
@@ -1405,22 +1366,17 @@ public final class SecurityMockMvcRequestPostProcessors {
 		@Override
 		public MockHttpServletRequest postProcessRequest(MockHttpServletRequest request) {
 			OAuth2User oauth2User = this.oauth2User.get();
-			OAuth2AuthenticationToken token = new OAuth2AuthenticationToken
-					(oauth2User, oauth2User.getAuthorities(), this.clientRegistration.getRegistrationId());
+			OAuth2AuthenticationToken token = new OAuth2AuthenticationToken(oauth2User, oauth2User.getAuthorities(),
+					this.clientRegistration.getRegistrationId());
 
 			request = new AuthenticationRequestPostProcessor(token).postProcessRequest(request);
-			return new OAuth2ClientRequestPostProcessor()
-					.clientRegistration(this.clientRegistration)
-					.principalName(oauth2User.getName())
-					.accessToken(this.accessToken)
-					.postProcessRequest(request);
+			return new OAuth2ClientRequestPostProcessor().clientRegistration(this.clientRegistration)
+					.principalName(oauth2User.getName()).accessToken(this.accessToken).postProcessRequest(request);
 		}
 
 		private ClientRegistration.Builder clientRegistrationBuilder() {
-			return ClientRegistration.withRegistrationId("test")
-					.authorizationGrantType(AuthorizationGrantType.PASSWORD)
-					.clientId("test-client")
-					.tokenUri("https://token-uri.example.org");
+			return ClientRegistration.withRegistrationId("test").authorizationGrantType(AuthorizationGrantType.PASSWORD)
+					.clientId("test-client").tokenUri("https://token-uri.example.org");
 		}
 
 		private Collection<GrantedAuthority> defaultAuthorities() {
@@ -1441,6 +1397,7 @@ public final class SecurityMockMvcRequestPostProcessors {
 		private OAuth2User defaultPrincipal() {
 			return new DefaultOAuth2User(this.authorities.get(), this.attributes.get(), this.nameAttributeKey);
 		}
+
 	}
 
 	/**
@@ -1448,11 +1405,17 @@ public final class SecurityMockMvcRequestPostProcessors {
 	 * @since 5.3
 	 */
 	public final static class OidcLoginRequestPostProcessor implements RequestPostProcessor {
+
 		private ClientRegistration clientRegistration;
+
 		private OAuth2AccessToken accessToken;
+
 		private OidcIdToken idToken;
+
 		private OidcUserInfo userInfo;
+
 		private Supplier<OidcUser> oidcUser = this::defaultPrincipal;
+
 		private Collection<GrantedAuthority> authorities;
 
 		private OidcLoginRequestPostProcessor(OAuth2AccessToken accessToken) {
@@ -1462,7 +1425,6 @@ public final class SecurityMockMvcRequestPostProcessors {
 
 		/**
 		 * Use the provided authorities in the {@link Authentication}
-		 *
 		 * @param authorities the authorities to use
 		 * @return the {@link OidcLoginRequestPostProcessor} for further configuration
 		 */
@@ -1475,7 +1437,6 @@ public final class SecurityMockMvcRequestPostProcessors {
 
 		/**
 		 * Use the provided authorities in the {@link Authentication}
-		 *
 		 * @param authorities the authorities to use
 		 * @return the {@link OidcLoginRequestPostProcessor} for further configuration
 		 */
@@ -1488,8 +1449,8 @@ public final class SecurityMockMvcRequestPostProcessors {
 
 		/**
 		 * Use the provided {@link OidcIdToken} when constructing the authenticated user
-		 *
-		 * @param idTokenBuilderConsumer a {@link Consumer} of a {@link OidcIdToken.Builder}
+		 * @param idTokenBuilderConsumer a {@link Consumer} of a
+		 * {@link OidcIdToken.Builder}
 		 * @return the {@link OidcLoginRequestPostProcessor} for further configuration
 		 */
 		public OidcLoginRequestPostProcessor idToken(Consumer<OidcIdToken.Builder> idTokenBuilderConsumer) {
@@ -1503,8 +1464,8 @@ public final class SecurityMockMvcRequestPostProcessors {
 
 		/**
 		 * Use the provided {@link OidcUserInfo} when constructing the authenticated user
-		 *
-		 * @param userInfoBuilderConsumer a {@link Consumer} of a {@link OidcUserInfo.Builder}
+		 * @param userInfoBuilderConsumer a {@link Consumer} of a
+		 * {@link OidcUserInfo.Builder}
 		 * @return the {@link OidcLoginRequestPostProcessor} for further configuration
 		 */
 		public OidcLoginRequestPostProcessor userInfoToken(Consumer<OidcUserInfo.Builder> userInfoBuilderConsumer) {
@@ -1517,8 +1478,6 @@ public final class SecurityMockMvcRequestPostProcessors {
 
 		/**
 		 * Use the provided {@link OidcUser} as the authenticated user.
-		 *
-		 *
 		 * @param oidcUser the {@link OidcUser} to use
 		 * @return the {@link OidcLoginRequestPostProcessor} for further configuration
 		 */
@@ -1533,9 +1492,9 @@ public final class SecurityMockMvcRequestPostProcessors {
 		 * The supplied {@link ClientRegistration} will be registered into an
 		 * {@link HttpSessionOAuth2AuthorizedClientRepository}. Tests relying on
 		 * {@link org.springframework.security.oauth2.client.annotation.RegisteredOAuth2AuthorizedClient}
-		 * annotations should register an {@link HttpSessionOAuth2AuthorizedClientRepository} bean
-		 * to the application context.
-		 *
+		 * annotations should register an
+		 * {@link HttpSessionOAuth2AuthorizedClientRepository} bean to the application
+		 * context.
 		 * @param clientRegistration the {@link ClientRegistration} to use
 		 * @return the {@link OidcLoginRequestPostProcessor} for further configuration
 		 */
@@ -1547,17 +1506,13 @@ public final class SecurityMockMvcRequestPostProcessors {
 		@Override
 		public MockHttpServletRequest postProcessRequest(MockHttpServletRequest request) {
 			OidcUser oidcUser = this.oidcUser.get();
-			return new OAuth2LoginRequestPostProcessor(this.accessToken)
-					.oauth2User(oidcUser)
-					.clientRegistration(this.clientRegistration)
-					.postProcessRequest(request);
+			return new OAuth2LoginRequestPostProcessor(this.accessToken).oauth2User(oidcUser)
+					.clientRegistration(this.clientRegistration).postProcessRequest(request);
 		}
 
 		private ClientRegistration.Builder clientRegistrationBuilder() {
-			return ClientRegistration.withRegistrationId("test")
-					.authorizationGrantType(AuthorizationGrantType.PASSWORD)
-					.clientId("test-client")
-					.tokenUri("https://token-uri.example.org");
+			return ClientRegistration.withRegistrationId("test").authorizationGrantType(AuthorizationGrantType.PASSWORD)
+					.clientId("test-client").tokenUri("https://token-uri.example.org");
 		}
 
 		private Collection<GrantedAuthority> getAuthorities() {
@@ -1568,16 +1523,17 @@ public final class SecurityMockMvcRequestPostProcessors {
 					authorities.add(new SimpleGrantedAuthority("SCOPE_" + authority));
 				}
 				return authorities;
-			} else {
+			}
+			else {
 				return this.authorities;
 			}
 		}
 
 		private OidcIdToken getOidcIdToken() {
 			if (this.idToken == null) {
-				return new OidcIdToken("id-token", null, null,
-						Collections.singletonMap(IdTokenClaimNames.SUB, "user"));
-			} else {
+				return new OidcIdToken("id-token", null, null, Collections.singletonMap(IdTokenClaimNames.SUB, "user"));
+			}
+			else {
 				return this.idToken;
 			}
 		}
@@ -1589,6 +1545,7 @@ public final class SecurityMockMvcRequestPostProcessors {
 		private OidcUser defaultPrincipal() {
 			return new DefaultOidcUser(getAuthorities(), getOidcIdToken(), this.userInfo);
 		}
+
 	}
 
 	/**
@@ -1596,9 +1553,13 @@ public final class SecurityMockMvcRequestPostProcessors {
 	 * @since 5.3
 	 */
 	public final static class OAuth2ClientRequestPostProcessor implements RequestPostProcessor {
+
 		private String registrationId = "test";
+
 		private ClientRegistration clientRegistration;
+
 		private String principalName = "user";
+
 		private OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,
 				"access-token", null, null, Collections.singleton("read"));
 
@@ -1607,12 +1568,12 @@ public final class SecurityMockMvcRequestPostProcessors {
 
 		private OAuth2ClientRequestPostProcessor(String registrationId) {
 			this.registrationId = registrationId;
-			clientRegistration(c -> {});
+			clientRegistration(c -> {
+			});
 		}
 
 		/**
 		 * Use this {@link ClientRegistration}
-		 *
 		 * @param clientRegistration
 		 * @return the {@link OAuth2ClientRequestPostProcessor} for further configuration
 		 */
@@ -1623,12 +1584,11 @@ public final class SecurityMockMvcRequestPostProcessors {
 
 		/**
 		 * Use this {@link Consumer} to configure a {@link ClientRegistration}
-		 *
 		 * @param clientRegistrationConfigurer the {@link ClientRegistration} configurer
 		 * @return the {@link OAuth2ClientRequestPostProcessor} for further configuration
 		 */
-		public OAuth2ClientRequestPostProcessor clientRegistration
-				(Consumer<ClientRegistration.Builder> clientRegistrationConfigurer) {
+		public OAuth2ClientRequestPostProcessor clientRegistration(
+				Consumer<ClientRegistration.Builder> clientRegistrationConfigurer) {
 
 			ClientRegistration.Builder builder = clientRegistrationBuilder();
 			clientRegistrationConfigurer.accept(builder);
@@ -1638,7 +1598,6 @@ public final class SecurityMockMvcRequestPostProcessors {
 
 		/**
 		 * Use this as the resource owner's principal name
-		 *
 		 * @param principalName the resource owner's principal name
 		 * @return the {@link OAuth2ClientRequestPostProcessor} for further configuration
 		 */
@@ -1650,7 +1609,6 @@ public final class SecurityMockMvcRequestPostProcessors {
 
 		/**
 		 * Use this {@link OAuth2AccessToken}
-		 *
 		 * @param accessToken the {@link OAuth2AccessToken} to use
 		 * @return the {@link OAuth2ClientRequestPostProcessor} for further configuration
 		 */
@@ -1662,17 +1620,16 @@ public final class SecurityMockMvcRequestPostProcessors {
 		@Override
 		public MockHttpServletRequest postProcessRequest(MockHttpServletRequest request) {
 			if (this.clientRegistration == null) {
-				throw new IllegalArgumentException("Please specify a ClientRegistration via one " +
-						"of the clientRegistration methods");
+				throw new IllegalArgumentException(
+						"Please specify a ClientRegistration via one " + "of the clientRegistration methods");
 			}
-			OAuth2AuthorizedClient client = new OAuth2AuthorizedClient
-					(this.clientRegistration, this.principalName, this.accessToken);
+			OAuth2AuthorizedClient client = new OAuth2AuthorizedClient(this.clientRegistration, this.principalName,
+					this.accessToken);
 
 			OAuth2AuthorizedClientManager authorizationClientManager = OAuth2ClientServletTestUtils
 					.getOAuth2AuthorizedClientManager(request);
 			if (!(authorizationClientManager instanceof TestOAuth2AuthorizedClientManager)) {
-				authorizationClientManager =
-						new TestOAuth2AuthorizedClientManager(authorizationClientManager);
+				authorizationClientManager = new TestOAuth2AuthorizedClientManager(authorizationClientManager);
 				OAuth2ClientServletTestUtils.setOAuth2AuthorizedClientManager(request, authorizationClientManager);
 			}
 			TestOAuth2AuthorizedClientManager.enable(request);
@@ -1682,24 +1639,20 @@ public final class SecurityMockMvcRequestPostProcessors {
 
 		private ClientRegistration.Builder clientRegistrationBuilder() {
 			return ClientRegistration.withRegistrationId(this.registrationId)
-					.authorizationGrantType(AuthorizationGrantType.PASSWORD)
-					.clientId("test-client")
-					.clientSecret("test-secret")
-					.tokenUri("https://idp.example.org/oauth/token");
+					.authorizationGrantType(AuthorizationGrantType.PASSWORD).clientId("test-client")
+					.clientSecret("test-secret").tokenUri("https://idp.example.org/oauth/token");
 		}
 
 		/**
-		 * Used to wrap the {@link OAuth2AuthorizedClientManager} to provide support for testing when the
-		 * request is wrapped
+		 * Used to wrap the {@link OAuth2AuthorizedClientManager} to provide support for
+		 * testing when the request is wrapped
 		 */
-		private static class TestOAuth2AuthorizedClientManager
-				implements OAuth2AuthorizedClientManager {
+		private static class TestOAuth2AuthorizedClientManager implements OAuth2AuthorizedClientManager {
 
-			final static String TOKEN_ATTR_NAME = TestOAuth2AuthorizedClientManager.class.getName()
-					.concat(".TOKEN");
+			final static String TOKEN_ATTR_NAME = TestOAuth2AuthorizedClientManager.class.getName().concat(".TOKEN");
 
-			final static String ENABLED_ATTR_NAME = TestOAuth2AuthorizedClientManager.class
-					.getName().concat(".ENABLED");
+			final static String ENABLED_ATTR_NAME = TestOAuth2AuthorizedClientManager.class.getName()
+					.concat(".ENABLED");
 
 			private final OAuth2AuthorizedClientManager delegate;
 
@@ -1709,11 +1662,11 @@ public final class SecurityMockMvcRequestPostProcessors {
 
 			@Override
 			public OAuth2AuthorizedClient authorize(OAuth2AuthorizeRequest authorizeRequest) {
-				HttpServletRequest request =
-						authorizeRequest.getAttribute(HttpServletRequest.class.getName());
+				HttpServletRequest request = authorizeRequest.getAttribute(HttpServletRequest.class.getName());
 				if (isEnabled(request)) {
 					return (OAuth2AuthorizedClient) request.getAttribute(TOKEN_ATTR_NAME);
-				} else {
+				}
+				else {
 					return this.delegate.authorize(authorizeRequest);
 				}
 			}
@@ -1725,43 +1678,44 @@ public final class SecurityMockMvcRequestPostProcessors {
 			public boolean isEnabled(HttpServletRequest request) {
 				return TRUE.equals(request.getAttribute(ENABLED_ATTR_NAME));
 			}
+
 		}
 
 		private static class OAuth2ClientServletTestUtils {
-			private static final OAuth2AuthorizedClientRepository DEFAULT_CLIENT_REPO =
-					new HttpSessionOAuth2AuthorizedClientRepository();
+
+			private static final OAuth2AuthorizedClientRepository DEFAULT_CLIENT_REPO = new HttpSessionOAuth2AuthorizedClientRepository();
 
 			/**
-			 * Gets the {@link OAuth2AuthorizedClientManager} for the specified {@link HttpServletRequest}.
-			 * If one is not found, one based off of {@link HttpSessionOAuth2AuthorizedClientRepository} is used.
-			 *
+			 * Gets the {@link OAuth2AuthorizedClientManager} for the specified
+			 * {@link HttpServletRequest}. If one is not found, one based off of
+			 * {@link HttpSessionOAuth2AuthorizedClientRepository} is used.
 			 * @param request the {@link HttpServletRequest} to obtain the
 			 * {@link OAuth2AuthorizedClientManager}
 			 * @return the {@link OAuth2AuthorizedClientManager} for the specified
 			 * {@link HttpServletRequest}
 			 */
 			public static OAuth2AuthorizedClientManager getOAuth2AuthorizedClientManager(HttpServletRequest request) {
-				OAuth2AuthorizedClientArgumentResolver resolver =
-						findResolver(request, OAuth2AuthorizedClientArgumentResolver.class);
+				OAuth2AuthorizedClientArgumentResolver resolver = findResolver(request,
+						OAuth2AuthorizedClientArgumentResolver.class);
 				if (resolver == null) {
-					return authorizeRequest -> DEFAULT_CLIENT_REPO.loadAuthorizedClient
-							(authorizeRequest.getClientRegistrationId(), authorizeRequest.getPrincipal(), request);
+					return authorizeRequest -> DEFAULT_CLIENT_REPO.loadAuthorizedClient(
+							authorizeRequest.getClientRegistrationId(), authorizeRequest.getPrincipal(), request);
 				}
-				return (OAuth2AuthorizedClientManager)
-						ReflectionTestUtils.getField(resolver, "authorizedClientManager");
+				return (OAuth2AuthorizedClientManager) ReflectionTestUtils.getField(resolver,
+						"authorizedClientManager");
 			}
 
 			/**
-			 * Sets the {@link OAuth2AuthorizedClientManager} for the specified {@link HttpServletRequest}.
-			 *
+			 * Sets the {@link OAuth2AuthorizedClientManager} for the specified
+			 * {@link HttpServletRequest}.
 			 * @param request the {@link HttpServletRequest} to obtain the
 			 * {@link OAuth2AuthorizedClientManager}
 			 * @param manager the {@link OAuth2AuthorizedClientManager} to set
 			 */
 			public static void setOAuth2AuthorizedClientManager(HttpServletRequest request,
 					OAuth2AuthorizedClientManager manager) {
-				OAuth2AuthorizedClientArgumentResolver resolver =
-						findResolver(request, OAuth2AuthorizedClientArgumentResolver.class);
+				OAuth2AuthorizedClientArgumentResolver resolver = findResolver(request,
+						OAuth2AuthorizedClientArgumentResolver.class);
 				if (resolver == null) {
 					return;
 				}
@@ -1771,14 +1725,15 @@ public final class SecurityMockMvcRequestPostProcessors {
 			@SuppressWarnings("unchecked")
 			static <T extends HandlerMethodArgumentResolver> T findResolver(HttpServletRequest request,
 					Class<T> resolverClass) {
-				if (!ClassUtils.isPresent
-						("org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter", null)) {
+				if (!ClassUtils.isPresent(
+						"org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter", null)) {
 					return null;
 				}
 				return WebMvcClasspathGuard.findResolver(request, resolverClass);
 			}
 
 			private static class WebMvcClasspathGuard {
+
 				static <T extends HandlerMethodArgumentResolver> T findResolver(HttpServletRequest request,
 						Class<T> resolverClass) {
 					ServletContext servletContext = request.getServletContext();
@@ -1798,9 +1753,9 @@ public final class SecurityMockMvcRequestPostProcessors {
 					return null;
 				}
 
-				private static RequestMappingHandlerAdapter getRequestMappingHandlerAdapter(ServletContext servletContext) {
-					WebApplicationContext context = WebApplicationContextUtils
-							.getWebApplicationContext(servletContext);
+				private static RequestMappingHandlerAdapter getRequestMappingHandlerAdapter(
+						ServletContext servletContext) {
+					WebApplicationContext context = WebApplicationContextUtils.getWebApplicationContext(servletContext);
 					if (context != null) {
 						String[] names = context.getBeanNamesForType(RequestMappingHandlerAdapter.class);
 						if (names.length > 0) {
@@ -1809,13 +1764,17 @@ public final class SecurityMockMvcRequestPostProcessors {
 					}
 					return null;
 				}
+
 			}
 
 			private OAuth2ClientServletTestUtils() {
 			}
+
 		}
+
 	}
 
 	private SecurityMockMvcRequestPostProcessors() {
 	}
+
 }
diff --git a/test/src/main/java/org/springframework/security/test/web/servlet/response/SecurityMockMvcResultMatchers.java b/test/src/main/java/org/springframework/security/test/web/servlet/response/SecurityMockMvcResultMatchers.java
index a4f93652ac..6c09322364 100644
--- a/test/src/main/java/org/springframework/security/test/web/servlet/response/SecurityMockMvcResultMatchers.java
+++ b/test/src/main/java/org/springframework/security/test/web/servlet/response/SecurityMockMvcResultMatchers.java
@@ -46,7 +46,6 @@ public final class SecurityMockMvcResultMatchers {
 
 	/**
 	 * {@link ResultMatcher} that verifies that a specified user is authenticated.
-	 *
 	 * @return the {@link AuthenticatedMatcher} to use
 	 */
 	public static AuthenticatedMatcher authenticated() {
@@ -55,23 +54,20 @@ public final class SecurityMockMvcResultMatchers {
 
 	/**
 	 * {@link ResultMatcher} that verifies that no user is authenticated.
-	 *
 	 * @return the {@link AuthenticatedMatcher} to use
 	 */
 	public static ResultMatcher unauthenticated() {
 		return new UnAuthenticatedMatcher();
 	}
 
-	private static abstract class AuthenticationMatcher<T extends AuthenticationMatcher<T>>
-			implements ResultMatcher {
+	private static abstract class AuthenticationMatcher<T extends AuthenticationMatcher<T>> implements ResultMatcher {
 
 		protected SecurityContext load(MvcResult result) {
-			HttpRequestResponseHolder holder = new HttpRequestResponseHolder(
-					result.getRequest(), result.getResponse());
-			SecurityContextRepository repository = WebTestUtils
-					.getSecurityContextRepository(result.getRequest());
+			HttpRequestResponseHolder holder = new HttpRequestResponseHolder(result.getRequest(), result.getResponse());
+			SecurityContextRepository repository = WebTestUtils.getSecurityContextRepository(result.getRequest());
 			return repository.loadContext(holder);
 		}
+
 	}
 
 	/**
@@ -81,14 +77,18 @@ public final class SecurityMockMvcResultMatchers {
 	 * @author Rob Winch
 	 * @since 4.0
 	 */
-	public static final class AuthenticatedMatcher
-			extends AuthenticationMatcher<AuthenticatedMatcher> {
+	public static final class AuthenticatedMatcher extends AuthenticationMatcher<AuthenticatedMatcher> {
 
 		private SecurityContext expectedContext;
+
 		private Authentication expectedAuthentication;
+
 		private Object expectedAuthenticationPrincipal;
+
 		private String expectedAuthenticationName;
+
 		private Collection<? extends GrantedAuthority> expectedGrantedAuthorities;
+
 		private Consumer<Authentication> assertAuthentication;
 
 		@Override
@@ -104,25 +104,20 @@ public final class SecurityMockMvcResultMatchers {
 			}
 
 			if (this.expectedContext != null) {
-				assertEquals(this.expectedContext + " does not equal " + context,
-						this.expectedContext, context);
+				assertEquals(this.expectedContext + " does not equal " + context, this.expectedContext, context);
 			}
 
 			if (this.expectedAuthentication != null) {
-				assertEquals(
-						this.expectedAuthentication + " does not equal "
-								+ context.getAuthentication(),
+				assertEquals(this.expectedAuthentication + " does not equal " + context.getAuthentication(),
 						this.expectedAuthentication, context.getAuthentication());
 			}
 
 			if (this.expectedAuthenticationPrincipal != null) {
-				assertTrue("Authentication cannot be null",
-						context.getAuthentication() != null);
+				assertTrue("Authentication cannot be null", context.getAuthentication() != null);
 				assertEquals(
 						this.expectedAuthenticationPrincipal + " does not equal "
 								+ context.getAuthentication().getPrincipal(),
-						this.expectedAuthenticationPrincipal,
-						context.getAuthentication().getPrincipal());
+						this.expectedAuthenticationPrincipal, context.getAuthentication().getPrincipal());
 			}
 
 			if (this.expectedAuthenticationName != null) {
@@ -134,14 +129,10 @@ public final class SecurityMockMvcResultMatchers {
 
 			if (this.expectedGrantedAuthorities != null) {
 				assertTrue("Authentication cannot be null", auth != null);
-				Collection<? extends GrantedAuthority> authorities = auth
-						.getAuthorities();
-				assertTrue(
-						authorities + " does not contain the same authorities as "
-								+ this.expectedGrantedAuthorities,
+				Collection<? extends GrantedAuthority> authorities = auth.getAuthorities();
+				assertTrue(authorities + " does not contain the same authorities as " + this.expectedGrantedAuthorities,
 						authorities.containsAll(this.expectedGrantedAuthorities));
-				assertTrue(this.expectedGrantedAuthorities
-						+ " does not contain the same authorities as " + authorities,
+				assertTrue(this.expectedGrantedAuthorities + " does not contain the same authorities as " + authorities,
 						this.expectedGrantedAuthorities.containsAll(authorities));
 			}
 		}
@@ -158,7 +149,6 @@ public final class SecurityMockMvcResultMatchers {
 
 		/**
 		 * Specifies the expected username
-		 *
 		 * @param expected the expected username
 		 * @return the {@link AuthenticatedMatcher} for further customization
 		 */
@@ -168,7 +158,6 @@ public final class SecurityMockMvcResultMatchers {
 
 		/**
 		 * Specifies the expected {@link SecurityContext}
-		 *
 		 * @param expected the expected {@link SecurityContext}
 		 * @return the {@link AuthenticatedMatcher} for further customization
 		 */
@@ -179,7 +168,6 @@ public final class SecurityMockMvcResultMatchers {
 
 		/**
 		 * Specifies the expected {@link Authentication}
-		 *
 		 * @param expected the expected {@link Authentication}
 		 * @return the {@link AuthenticatedMatcher} for further customization
 		 */
@@ -190,7 +178,6 @@ public final class SecurityMockMvcResultMatchers {
 
 		/**
 		 * Specifies the expected principal
-		 *
 		 * @param expected the expected principal
 		 * @return the {@link AuthenticatedMatcher} for further customization
 		 */
@@ -201,7 +188,6 @@ public final class SecurityMockMvcResultMatchers {
 
 		/**
 		 * Specifies the expected {@link Authentication#getName()}
-		 *
 		 * @param expected the expected {@link Authentication#getName()}
 		 * @return the {@link AuthenticatedMatcher} for further customization
 		 */
@@ -212,19 +198,16 @@ public final class SecurityMockMvcResultMatchers {
 
 		/**
 		 * Specifies the {@link Authentication#getAuthorities()}
-		 *
 		 * @param expected the {@link Authentication#getAuthorities()}
 		 * @return the {@link AuthenticatedMatcher} for further customization
 		 */
-		public AuthenticatedMatcher withAuthorities(
-				Collection<? extends GrantedAuthority> expected) {
+		public AuthenticatedMatcher withAuthorities(Collection<? extends GrantedAuthority> expected) {
 			this.expectedGrantedAuthorities = expected;
 			return this;
 		}
 
 		/**
 		 * Specifies the {@link Authentication#getAuthorities()}
-		 *
 		 * @param roles the roles. Each value is automatically prefixed with "ROLE_"
 		 * @return the {@link AuthenticatedMatcher} for further customization
 		 */
@@ -238,6 +221,7 @@ public final class SecurityMockMvcResultMatchers {
 
 		AuthenticatedMatcher() {
 		}
+
 	}
 
 	/**
@@ -247,8 +231,8 @@ public final class SecurityMockMvcResultMatchers {
 	 * @author Rob Winch
 	 * @since 4.0
 	 */
-	private static final class UnAuthenticatedMatcher
-			extends AuthenticationMatcher<UnAuthenticatedMatcher> {
+	private static final class UnAuthenticatedMatcher extends AuthenticationMatcher<UnAuthenticatedMatcher> {
+
 		private AuthenticationTrustResolver trustResolver = new AuthenticationTrustResolverImpl();
 
 		@Override
@@ -257,14 +241,15 @@ public final class SecurityMockMvcResultMatchers {
 
 			Authentication authentication = context.getAuthentication();
 			assertTrue("Expected anonymous Authentication got " + context,
-					authentication == null
-							|| this.trustResolver.isAnonymous(authentication));
+					authentication == null || this.trustResolver.isAnonymous(authentication));
 		}
 
 		private UnAuthenticatedMatcher() {
 		}
+
 	}
 
 	private SecurityMockMvcResultMatchers() {
 	}
+
 }
diff --git a/test/src/main/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurer.java b/test/src/main/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurer.java
index 41e0b9fcee..da9ee1dd6e 100644
--- a/test/src/main/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurer.java
+++ b/test/src/main/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurer.java
@@ -41,6 +41,7 @@ import static org.springframework.security.test.web.servlet.request.SecurityMock
  * @since 4.0
  */
 final class SecurityMockMvcConfigurer extends MockMvcConfigurerAdapter {
+
 	private final DelegateFilter delegateFilter;
 
 	/**
@@ -64,25 +65,20 @@ final class SecurityMockMvcConfigurer extends MockMvcConfigurerAdapter {
 	}
 
 	@Override
-	public RequestPostProcessor beforeMockMvcCreated(
-			ConfigurableMockMvcBuilder<?> builder, WebApplicationContext context) {
+	public RequestPostProcessor beforeMockMvcCreated(ConfigurableMockMvcBuilder<?> builder,
+			WebApplicationContext context) {
 		String securityBeanId = BeanIds.SPRING_SECURITY_FILTER_CHAIN;
-		if (getSpringSecurityFilterChain() == null
-				&& context.containsBean(securityBeanId)) {
-			setSpringSecurityFitlerChain(context.getBean(securityBeanId,
-					Filter.class));
+		if (getSpringSecurityFilterChain() == null && context.containsBean(securityBeanId)) {
+			setSpringSecurityFitlerChain(context.getBean(securityBeanId, Filter.class));
 		}
 
 		if (getSpringSecurityFilterChain() == null) {
-			throw new IllegalStateException(
-					"springSecurityFilterChain cannot be null. Ensure a Bean with the name "
-							+ securityBeanId
-							+ " implementing Filter is present or inject the Filter to be used.");
+			throw new IllegalStateException("springSecurityFilterChain cannot be null. Ensure a Bean with the name "
+					+ securityBeanId + " implementing Filter is present or inject the Filter to be used.");
 		}
 
 		// This is used by other test support to obtain the FilterChainProxy
-		context.getServletContext().setAttribute(BeanIds.SPRING_SECURITY_FILTER_CHAIN,
-				getSpringSecurityFilterChain());
+		context.getServletContext().setAttribute(BeanIds.SPRING_SECURITY_FILTER_CHAIN, getSpringSecurityFilterChain());
 
 		return testSecurityContext();
 	}
@@ -96,11 +92,13 @@ final class SecurityMockMvcConfigurer extends MockMvcConfigurerAdapter {
 	}
 
 	/**
-	 * Allows adding in {@link #afterConfigurerAdded(ConfigurableMockMvcBuilder)} to preserve Filter order and then
-	 * lazily set the delegate in {@link #beforeMockMvcCreated(ConfigurableMockMvcBuilder, WebApplicationContext)}.
+	 * Allows adding in {@link #afterConfigurerAdded(ConfigurableMockMvcBuilder)} to
+	 * preserve Filter order and then lazily set the delegate in
+	 * {@link #beforeMockMvcCreated(ConfigurableMockMvcBuilder, WebApplicationContext)}.
 	 *
-	 * {@link org.springframework.web.filter.DelegatingFilterProxy} is not used because it is not easy to lazily set
-	 * the delegate or get the delegate which is necessary for the test infrastructure.
+	 * {@link org.springframework.web.filter.DelegatingFilterProxy} is not used because it
+	 * is not easy to lazily set the delegate or get the delegate which is necessary for
+	 * the test infrastructure.
 	 */
 	static class DelegateFilter implements Filter {
 
@@ -120,9 +118,9 @@ final class SecurityMockMvcConfigurer extends MockMvcConfigurerAdapter {
 		Filter getDelegate() {
 			Filter result = this.delegate;
 			if (result == null) {
-				throw new IllegalStateException("delegate cannot be null. Ensure a Bean with the name "
-						+ BeanIds.SPRING_SECURITY_FILTER_CHAIN
-						+ " implementing Filter is present or inject the Filter to be used.");
+				throw new IllegalStateException(
+						"delegate cannot be null. Ensure a Bean with the name " + BeanIds.SPRING_SECURITY_FILTER_CHAIN
+								+ " implementing Filter is present or inject the Filter to be used.");
 			}
 			return result;
 		}
@@ -157,5 +155,7 @@ final class SecurityMockMvcConfigurer extends MockMvcConfigurerAdapter {
 		public String toString() {
 			return getDelegate().toString();
 		}
+
 	}
+
 }
diff --git a/test/src/main/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurers.java b/test/src/main/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurers.java
index 9145c57e90..0f4f748e32 100644
--- a/test/src/main/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurers.java
+++ b/test/src/main/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurers.java
@@ -28,6 +28,7 @@ import javax.servlet.Filter;
  * @author Rob Winch
  */
 public final class SecurityMockMvcConfigurers {
+
 	/**
 	 * Configures the MockMvcBuilder for use with Spring Security. Specifically the
 	 * configurer adds the Spring Bean named "springSecurityFilterChain" as a Filter. It
@@ -35,7 +36,6 @@ public final class SecurityMockMvcConfigurers {
 	 * by applying
 	 * {@link org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors#testSecurityContext()}
 	 * .
-	 *
 	 * @return the {@link org.springframework.test.web.servlet.setup.MockMvcConfigurer} to
 	 * use
 	 */
@@ -49,15 +49,13 @@ public final class SecurityMockMvcConfigurers {
 	 * TestSecurityContextHolder is leveraged for each request by applying
 	 * {@link org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors#testSecurityContext()}
 	 * .
-	 *
 	 * @param springSecurityFilterChain the Filter to be added
-	 *
 	 * @return the {@link org.springframework.test.web.servlet.setup.MockMvcConfigurer} to
 	 * use
 	 */
 	public static MockMvcConfigurer springSecurity(Filter springSecurityFilterChain) {
-		Assert.notNull(springSecurityFilterChain,
-				"springSecurityFilterChain cannot be null");
+		Assert.notNull(springSecurityFilterChain, "springSecurityFilterChain cannot be null");
 		return new SecurityMockMvcConfigurer(springSecurityFilterChain);
 	}
+
 }
diff --git a/test/src/main/java/org/springframework/security/test/web/support/WebTestUtils.java b/test/src/main/java/org/springframework/security/test/web/support/WebTestUtils.java
index 98294cd08a..6c2c7c0613 100644
--- a/test/src/main/java/org/springframework/security/test/web/support/WebTestUtils.java
+++ b/test/src/main/java/org/springframework/security/test/web/support/WebTestUtils.java
@@ -41,23 +41,22 @@ import org.springframework.web.context.support.WebApplicationContextUtils;
  * @since 4.0
  */
 public abstract class WebTestUtils {
+
 	private static final SecurityContextRepository DEFAULT_CONTEXT_REPO = new HttpSessionSecurityContextRepository();
+
 	private static final CsrfTokenRepository DEFAULT_TOKEN_REPO = new HttpSessionCsrfTokenRepository();
 
 	/**
 	 * Gets the {@link SecurityContextRepository} for the specified
 	 * {@link HttpServletRequest}. If one is not found, a default
 	 * {@link HttpSessionSecurityContextRepository} is used.
-	 *
 	 * @param request the {@link HttpServletRequest} to obtain the
 	 * {@link SecurityContextRepository}
 	 * @return the {@link SecurityContextRepository} for the specified
 	 * {@link HttpServletRequest}
 	 */
-	public static SecurityContextRepository getSecurityContextRepository(
-			HttpServletRequest request) {
-		SecurityContextPersistenceFilter filter = findFilter(request,
-				SecurityContextPersistenceFilter.class);
+	public static SecurityContextRepository getSecurityContextRepository(HttpServletRequest request) {
+		SecurityContextPersistenceFilter filter = findFilter(request, SecurityContextPersistenceFilter.class);
 		if (filter == null) {
 			return DEFAULT_CONTEXT_REPO;
 		}
@@ -67,15 +66,13 @@ public abstract class WebTestUtils {
 	/**
 	 * Sets the {@link SecurityContextRepository} for the specified
 	 * {@link HttpServletRequest}.
-	 *
 	 * @param request the {@link HttpServletRequest} to obtain the
 	 * {@link SecurityContextRepository}
 	 * @param securityContextRepository the {@link SecurityContextRepository} to set
 	 */
 	public static void setSecurityContextRepository(HttpServletRequest request,
 			SecurityContextRepository securityContextRepository) {
-		SecurityContextPersistenceFilter filter = findFilter(request,
-				SecurityContextPersistenceFilter.class);
+		SecurityContextPersistenceFilter filter = findFilter(request, SecurityContextPersistenceFilter.class);
 		if (filter != null) {
 			ReflectionTestUtils.setField(filter, "repo", securityContextRepository);
 		}
@@ -84,7 +81,6 @@ public abstract class WebTestUtils {
 	/**
 	 * Gets the {@link CsrfTokenRepository} for the specified {@link HttpServletRequest}.
 	 * If one is not found, the default {@link HttpSessionCsrfTokenRepository} is used.
-	 *
 	 * @param request the {@link HttpServletRequest} to obtain the
 	 * {@link CsrfTokenRepository}
 	 * @return the {@link CsrfTokenRepository} for the specified
@@ -95,19 +91,16 @@ public abstract class WebTestUtils {
 		if (filter == null) {
 			return DEFAULT_TOKEN_REPO;
 		}
-		return (CsrfTokenRepository) ReflectionTestUtils.getField(filter,
-				"tokenRepository");
+		return (CsrfTokenRepository) ReflectionTestUtils.getField(filter, "tokenRepository");
 	}
 
 	/**
 	 * Sets the {@link CsrfTokenRepository} for the specified {@link HttpServletRequest}.
-	 *
 	 * @param request the {@link HttpServletRequest} to obtain the
 	 * {@link CsrfTokenRepository}
 	 * @param repository the {@link CsrfTokenRepository} to set
 	 */
-	public static void setCsrfTokenRepository(HttpServletRequest request,
-			CsrfTokenRepository repository) {
+	public static void setCsrfTokenRepository(HttpServletRequest request, CsrfTokenRepository repository) {
 		CsrfFilter filter = findFilter(request, CsrfFilter.class);
 		if (filter != null) {
 			ReflectionTestUtils.setField(filter, "tokenRepository", repository);
@@ -115,15 +108,13 @@ public abstract class WebTestUtils {
 	}
 
 	@SuppressWarnings("unchecked")
-	static <T extends Filter> T findFilter(HttpServletRequest request,
-			Class<T> filterClass) {
+	static <T extends Filter> T findFilter(HttpServletRequest request, Class<T> filterClass) {
 		ServletContext servletContext = request.getServletContext();
 		Filter springSecurityFilterChain = getSpringSecurityFilterChain(servletContext);
 		if (springSecurityFilterChain == null) {
 			return null;
 		}
-		List<Filter> filters = ReflectionTestUtils
-				.invokeMethod(springSecurityFilterChain, "getFilters", request);
+		List<Filter> filters = ReflectionTestUtils.invokeMethod(springSecurityFilterChain, "getFilters", request);
 		if (filters == null) {
 			return null;
 		}
@@ -136,8 +127,7 @@ public abstract class WebTestUtils {
 	}
 
 	private static Filter getSpringSecurityFilterChain(ServletContext servletContext) {
-		Filter result = (Filter) servletContext
-				.getAttribute(BeanIds.SPRING_SECURITY_FILTER_CHAIN);
+		Filter result = (Filter) servletContext.getAttribute(BeanIds.SPRING_SECURITY_FILTER_CHAIN);
 		if (result != null) {
 			return result;
 		}
@@ -145,8 +135,7 @@ public abstract class WebTestUtils {
 				.getWebApplicationContext(servletContext);
 		if (webApplicationContext != null) {
 			try {
-				return webApplicationContext.getBean(
-						AbstractSecurityWebApplicationInitializer.DEFAULT_FILTER_NAME,
+				return webApplicationContext.getBean(AbstractSecurityWebApplicationInitializer.DEFAULT_FILTER_NAME,
 						Filter.class);
 			}
 			catch (NoSuchBeanDefinitionException notFound) {
@@ -157,4 +146,5 @@ public abstract class WebTestUtils {
 
 	private WebTestUtils() {
 	}
+
 }
diff --git a/test/src/test/java/org/springframework/security/test/context/TestSecurityContextHolderTests.java b/test/src/test/java/org/springframework/security/test/context/TestSecurityContextHolderTests.java
index a15f9ed5c2..515b02558b 100644
--- a/test/src/test/java/org/springframework/security/test/context/TestSecurityContextHolderTests.java
+++ b/test/src/test/java/org/springframework/security/test/context/TestSecurityContextHolderTests.java
@@ -72,4 +72,5 @@ public class TestSecurityContextHolderTests {
 
 		assertThat(TestSecurityContextHolder.getContext().getAuthentication()).isSameAs(authentication);
 	}
+
 }
diff --git a/test/src/test/java/org/springframework/security/test/context/annotation/SecurityTestExecutionListenerTests.java b/test/src/test/java/org/springframework/security/test/context/annotation/SecurityTestExecutionListenerTests.java
index 0e378b6346..8c46563128 100644
--- a/test/src/test/java/org/springframework/security/test/context/annotation/SecurityTestExecutionListenerTests.java
+++ b/test/src/test/java/org/springframework/security/test/context/annotation/SecurityTestExecutionListenerTests.java
@@ -39,16 +39,13 @@ public class SecurityTestExecutionListenerTests {
 		assertThat(SecurityContextHolder.getContext().getAuthentication().getName()).isEqualTo("user");
 	}
 
-
 	@WithMockUser
 	@Test
 	public void reactorContextTestSecurityContextHolderExecutionListenerTestIsRegistered() {
-		Mono<String> name = ReactiveSecurityContextHolder.getContext()
-			.map(SecurityContext::getAuthentication)
-			.map(Principal::getName);
+		Mono<String> name = ReactiveSecurityContextHolder.getContext().map(SecurityContext::getAuthentication)
+				.map(Principal::getName);
 
-		StepVerifier.create(name)
-			.expectNext("user")
-			.verifyComplete();
+		StepVerifier.create(name).expectNext("user").verifyComplete();
 	}
+
 }
diff --git a/test/src/test/java/org/springframework/security/test/context/showcase/CustomUserDetails.java b/test/src/test/java/org/springframework/security/test/context/showcase/CustomUserDetails.java
index 6300d5a883..f0857d1d20 100644
--- a/test/src/test/java/org/springframework/security/test/context/showcase/CustomUserDetails.java
+++ b/test/src/test/java/org/springframework/security/test/context/showcase/CustomUserDetails.java
@@ -25,8 +25,11 @@ import java.util.Collection;
  * @author Rob Winch
  */
 public class CustomUserDetails implements UserDetails {
+
 	private final String name;
+
 	private final String username;
+
 	private final Collection<? extends GrantedAuthority> authorities;
 
 	public CustomUserDetails(String name, String username) {
@@ -67,4 +70,5 @@ public class CustomUserDetails implements UserDetails {
 	public String toString() {
 		return "CustomUserDetails{" + "username='" + username + '\'' + '}';
 	}
+
 }
\ No newline at end of file
diff --git a/test/src/test/java/org/springframework/security/test/context/showcase/WithMockCustomUser.java b/test/src/test/java/org/springframework/security/test/context/showcase/WithMockCustomUser.java
index 73058bc2c4..935f7954f7 100644
--- a/test/src/test/java/org/springframework/security/test/context/showcase/WithMockCustomUser.java
+++ b/test/src/test/java/org/springframework/security/test/context/showcase/WithMockCustomUser.java
@@ -22,6 +22,7 @@ import org.springframework.security.test.context.support.WithSecurityContext;
  */
 @WithSecurityContext(factory = WithMockCustomUserSecurityContextFactory.class)
 public @interface WithMockCustomUser {
+
 	/**
 	 * The username to be used. The default is rob
 	 * @return
@@ -33,7 +34,6 @@ public @interface WithMockCustomUser {
 	 * {@link org.springframework.security.core.GrantedAuthority} will be created for each
 	 * value within roles. Each value in roles will automatically be prefixed with
 	 * "ROLE_". For example, the default will result in "ROLE_USER" being used.
-	 *
 	 * @return
 	 */
 	String[] roles() default { "USER" };
@@ -43,4 +43,5 @@ public @interface WithMockCustomUser {
 	 * @return
 	 */
 	String name() default "Rob Winch";
+
 }
diff --git a/test/src/test/java/org/springframework/security/test/context/showcase/WithMockCustomUserSecurityContextFactory.java b/test/src/test/java/org/springframework/security/test/context/showcase/WithMockCustomUserSecurityContextFactory.java
index 67d0b28453..0a829c8039 100644
--- a/test/src/test/java/org/springframework/security/test/context/showcase/WithMockCustomUserSecurityContextFactory.java
+++ b/test/src/test/java/org/springframework/security/test/context/showcase/WithMockCustomUserSecurityContextFactory.java
@@ -24,16 +24,16 @@ import org.springframework.security.test.context.support.WithSecurityContextFact
 /**
  * @author Rob Winch
  */
-public class WithMockCustomUserSecurityContextFactory implements
-		WithSecurityContextFactory<WithMockCustomUser> {
+public class WithMockCustomUserSecurityContextFactory implements WithSecurityContextFactory<WithMockCustomUser> {
+
 	public SecurityContext createSecurityContext(WithMockCustomUser customUser) {
 		SecurityContext context = SecurityContextHolder.createEmptyContext();
 
-		CustomUserDetails principal = new CustomUserDetails(customUser.name(),
-				customUser.username());
-		Authentication auth = new UsernamePasswordAuthenticationToken(principal,
-				"password", principal.getAuthorities());
+		CustomUserDetails principal = new CustomUserDetails(customUser.name(), customUser.username());
+		Authentication auth = new UsernamePasswordAuthenticationToken(principal, "password",
+				principal.getAuthorities());
 		context.setAuthentication(auth);
 		return context;
 	}
+
 }
diff --git a/test/src/test/java/org/springframework/security/test/context/showcase/WithMockUserParentTests.java b/test/src/test/java/org/springframework/security/test/context/showcase/WithMockUserParentTests.java
index a15edc44d6..431f2b41fd 100644
--- a/test/src/test/java/org/springframework/security/test/context/showcase/WithMockUserParentTests.java
+++ b/test/src/test/java/org/springframework/security/test/context/showcase/WithMockUserParentTests.java
@@ -48,6 +48,7 @@ public class WithMockUserParentTests extends WithMockUserParent {
 	@EnableGlobalMethodSecurity(prePostEnabled = true)
 	@ComponentScan(basePackageClasses = HelloMessageService.class)
 	static class Config {
+
 		@Autowired
 		public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
 			// @formatter:off
@@ -56,5 +57,7 @@ public class WithMockUserParentTests extends WithMockUserParent {
 					.withUser("user").password("password").roles("USER");
 			// @formatter:on
 		}
+
 	}
+
 }
\ No newline at end of file
diff --git a/test/src/test/java/org/springframework/security/test/context/showcase/WithMockUserTests.java b/test/src/test/java/org/springframework/security/test/context/showcase/WithMockUserTests.java
index a525f310b5..b0c060c9cd 100644
--- a/test/src/test/java/org/springframework/security/test/context/showcase/WithMockUserTests.java
+++ b/test/src/test/java/org/springframework/security/test/context/showcase/WithMockUserTests.java
@@ -37,6 +37,7 @@ import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 @RunWith(SpringJUnit4ClassRunner.class)
 @ContextConfiguration(classes = WithMockUserTests.Config.class)
 public class WithMockUserTests {
+
 	@Autowired
 	private MessageService messageService;
 
@@ -63,8 +64,7 @@ public class WithMockUserTests {
 	@WithMockUser(username = "admin", roles = { "USER", "ADMIN" })
 	public void getMessageWithMockUserCustomUser() {
 		String message = messageService.getMessage();
-		assertThat(message).contains("admin").contains("ROLE_USER")
-				.contains("ROLE_ADMIN");
+		assertThat(message).contains("admin").contains("ROLE_USER").contains("ROLE_ADMIN");
 	}
 
 	@Test
@@ -77,6 +77,7 @@ public class WithMockUserTests {
 	@EnableGlobalMethodSecurity(prePostEnabled = true)
 	@ComponentScan(basePackageClasses = HelloMessageService.class)
 	static class Config {
+
 		@Autowired
 		public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
 			// @formatter:off
@@ -85,5 +86,7 @@ public class WithMockUserTests {
 					.withUser("user").password("password").roles("USER");
 			// @formatter:on
 		}
+
 	}
+
 }
\ No newline at end of file
diff --git a/test/src/test/java/org/springframework/security/test/context/showcase/WithUserDetailsTests.java b/test/src/test/java/org/springframework/security/test/context/showcase/WithUserDetailsTests.java
index 8143f4f01a..4f2b36d35a 100644
--- a/test/src/test/java/org/springframework/security/test/context/showcase/WithUserDetailsTests.java
+++ b/test/src/test/java/org/springframework/security/test/context/showcase/WithUserDetailsTests.java
@@ -42,6 +42,7 @@ import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 @RunWith(SpringJUnit4ClassRunner.class)
 @ContextConfiguration(classes = WithUserDetailsTests.Config.class)
 public class WithUserDetailsTests {
+
 	@Autowired
 	private MessageService messageService;
 
@@ -67,7 +68,7 @@ public class WithUserDetailsTests {
 	}
 
 	@Test
-	@WithUserDetails(value="customUsername", userDetailsServiceBeanName="myUserDetailsService")
+	@WithUserDetails(value = "customUsername", userDetailsServiceBeanName = "myUserDetailsService")
 	public void getMessageWithUserDetailsServiceBeanName() {
 		String message = messageService.getMessage();
 		assertThat(message).contains("customUsername");
@@ -77,6 +78,7 @@ public class WithUserDetailsTests {
 	@EnableGlobalMethodSecurity(prePostEnabled = true)
 	@ComponentScan(basePackageClasses = HelloMessageService.class)
 	static class Config {
+
 		@Autowired
 		public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
 			// @formatter:off
@@ -89,6 +91,7 @@ public class WithUserDetailsTests {
 		public UserDetailsService myUserDetailsService() {
 			return new CustomUserDetailsService();
 		}
+
 	}
 
 	private Object getPrincipal() {
@@ -97,9 +100,10 @@ public class WithUserDetailsTests {
 
 	static class CustomUserDetailsService implements UserDetailsService {
 
-		public UserDetails loadUserByUsername(final String username)
-				throws UsernameNotFoundException {
+		public UserDetails loadUserByUsername(final String username) throws UsernameNotFoundException {
 			return new CustomUserDetails("name", username);
 		}
+
 	}
+
 }
diff --git a/test/src/test/java/org/springframework/security/test/context/showcase/service/HelloMessageService.java b/test/src/test/java/org/springframework/security/test/context/showcase/service/HelloMessageService.java
index 79c23e6a0a..93fc0048e1 100644
--- a/test/src/test/java/org/springframework/security/test/context/showcase/service/HelloMessageService.java
+++ b/test/src/test/java/org/springframework/security/test/context/showcase/service/HelloMessageService.java
@@ -28,8 +28,8 @@ public class HelloMessageService implements MessageService {
 
 	@PreAuthorize("authenticated")
 	public String getMessage() {
-		Authentication authentication = SecurityContextHolder.getContext()
-				.getAuthentication();
+		Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
 		return "Hello " + authentication;
 	}
+
 }
diff --git a/test/src/test/java/org/springframework/security/test/context/showcase/service/MessageService.java b/test/src/test/java/org/springframework/security/test/context/showcase/service/MessageService.java
index 4a78e2c546..ce83abda47 100644
--- a/test/src/test/java/org/springframework/security/test/context/showcase/service/MessageService.java
+++ b/test/src/test/java/org/springframework/security/test/context/showcase/service/MessageService.java
@@ -19,5 +19,7 @@ package org.springframework.security.test.context.showcase.service;
  * @author Rob Winch
  */
 public interface MessageService {
+
 	String getMessage();
+
 }
diff --git a/test/src/test/java/org/springframework/security/test/context/support/ReactorContextTestExecutionListenerTests.java b/test/src/test/java/org/springframework/security/test/context/support/ReactorContextTestExecutionListenerTests.java
index 9a47499de7..efb491b1db 100644
--- a/test/src/test/java/org/springframework/security/test/context/support/ReactorContextTestExecutionListenerTests.java
+++ b/test/src/test/java/org/springframework/security/test/context/support/ReactorContextTestExecutionListenerTests.java
@@ -49,8 +49,7 @@ public class ReactorContextTestExecutionListenerTests {
 	@Mock
 	private TestContext testContext;
 
-	private ReactorContextTestExecutionListener listener =
-		new ReactorContextTestExecutionListener();
+	private ReactorContextTestExecutionListener listener = new ReactorContextTestExecutionListener();
 
 	@After
 	public void cleanup() {
@@ -62,11 +61,9 @@ public class ReactorContextTestExecutionListenerTests {
 	public void beforeTestMethodWhenSecurityContextEmptyThenReactorContextNull() throws Exception {
 		this.listener.beforeTestMethod(this.testContext);
 
-		Mono<?> result = ReactiveSecurityContextHolder
-			.getContext();
+		Mono<?> result = ReactiveSecurityContextHolder.getContext();
 
-		StepVerifier.create(result)
-			.verifyComplete();
+		StepVerifier.create(result).verifyComplete();
 	}
 
 	@Test
@@ -75,16 +72,15 @@ public class ReactorContextTestExecutionListenerTests {
 
 		this.listener.beforeTestMethod(this.testContext);
 
-		Mono<?> result = ReactiveSecurityContextHolder
-			.getContext();
+		Mono<?> result = ReactiveSecurityContextHolder.getContext();
 
-		StepVerifier.create(result)
-			.verifyComplete();
+		StepVerifier.create(result).verifyComplete();
 	}
 
 	@Test
 	public void beforeTestMethodWhenAuthenticationThenReactorContextHasAuthentication() throws Exception {
-		TestingAuthenticationToken expectedAuthentication = new TestingAuthenticationToken("user", "password", "ROLE_USER");
+		TestingAuthenticationToken expectedAuthentication = new TestingAuthenticationToken("user", "password",
+				"ROLE_USER");
 		TestSecurityContextHolder.setAuthentication(expectedAuthentication);
 
 		this.listener.beforeTestMethod(this.testContext);
@@ -94,7 +90,8 @@ public class ReactorContextTestExecutionListenerTests {
 
 	@Test
 	public void beforeTestMethodWhenCustomContext() throws Exception {
-		TestingAuthenticationToken expectedAuthentication = new TestingAuthenticationToken("user", "password", "ROLE_USER");
+		TestingAuthenticationToken expectedAuthentication = new TestingAuthenticationToken("user", "password",
+				"ROLE_USER");
 		SecurityContext context = new CustomContext(expectedAuthentication);
 		TestSecurityContextHolder.setContext(context);
 
@@ -104,6 +101,7 @@ public class ReactorContextTestExecutionListenerTests {
 	}
 
 	static class CustomContext implements SecurityContext {
+
 		private Authentication authentication;
 
 		CustomContext(Authentication authentication) {
@@ -119,43 +117,42 @@ public class ReactorContextTestExecutionListenerTests {
 		public void setAuthentication(Authentication authentication) {
 			this.authentication = authentication;
 		}
+
 	}
 
 	@Test
-	public void beforeTestMethodWhenExistingAuthenticationThenReactorContextHasOriginalAuthentication() throws Exception {
-		TestingAuthenticationToken expectedAuthentication = new TestingAuthenticationToken("user", "password", "ROLE_USER");
-		TestingAuthenticationToken contextHolder = new TestingAuthenticationToken("contextHolder", "password", "ROLE_USER");
+	public void beforeTestMethodWhenExistingAuthenticationThenReactorContextHasOriginalAuthentication()
+			throws Exception {
+		TestingAuthenticationToken expectedAuthentication = new TestingAuthenticationToken("user", "password",
+				"ROLE_USER");
+		TestingAuthenticationToken contextHolder = new TestingAuthenticationToken("contextHolder", "password",
+				"ROLE_USER");
 		TestSecurityContextHolder.setAuthentication(contextHolder);
 
 		this.listener.beforeTestMethod(this.testContext);
 
 		Mono<Authentication> authentication = Mono.just("any")
-			.flatMap(s -> ReactiveSecurityContextHolder.getContext()
-				.map(SecurityContext::getAuthentication)
-			)
-			.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(expectedAuthentication));
+				.flatMap(s -> ReactiveSecurityContextHolder.getContext().map(SecurityContext::getAuthentication))
+				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(expectedAuthentication));
 
-		StepVerifier.create(authentication)
-			.expectNext(expectedAuthentication)
-			.verifyComplete();
+		StepVerifier.create(authentication).expectNext(expectedAuthentication).verifyComplete();
 	}
 
 	@Test
 	public void beforeTestMethodWhenClearThenReactorContextDoesNotOverride() throws Exception {
-		TestingAuthenticationToken expectedAuthentication = new TestingAuthenticationToken("user", "password", "ROLE_USER");
-		TestingAuthenticationToken contextHolder = new TestingAuthenticationToken("contextHolder", "password", "ROLE_USER");
+		TestingAuthenticationToken expectedAuthentication = new TestingAuthenticationToken("user", "password",
+				"ROLE_USER");
+		TestingAuthenticationToken contextHolder = new TestingAuthenticationToken("contextHolder", "password",
+				"ROLE_USER");
 		TestSecurityContextHolder.setAuthentication(contextHolder);
 
 		this.listener.beforeTestMethod(this.testContext);
 
 		Mono<Authentication> authentication = Mono.just("any")
-			.flatMap(s -> ReactiveSecurityContextHolder.getContext()
-				.map(SecurityContext::getAuthentication)
-			)
-			.subscriberContext(ReactiveSecurityContextHolder.clearContext());
+				.flatMap(s -> ReactiveSecurityContextHolder.getContext().map(SecurityContext::getAuthentication))
+				.subscriberContext(ReactiveSecurityContextHolder.clearContext());
 
-		StepVerifier.create(authentication)
-			.verifyComplete();
+		StepVerifier.create(authentication).verifyComplete();
 	}
 
 	@Test
@@ -194,32 +191,28 @@ public class ReactorContextTestExecutionListenerTests {
 	}
 
 	@Test
-	public void checkSecurityContextResolutionWhenSubscribedContextCalledOnTheDifferentThreadThanWithSecurityContextTestExecutionListener() throws Exception {
-		TestingAuthenticationToken contextHolder = new TestingAuthenticationToken("contextHolder", "password", "ROLE_USER");
+	public void checkSecurityContextResolutionWhenSubscribedContextCalledOnTheDifferentThreadThanWithSecurityContextTestExecutionListener()
+			throws Exception {
+		TestingAuthenticationToken contextHolder = new TestingAuthenticationToken("contextHolder", "password",
+				"ROLE_USER");
 		TestSecurityContextHolder.setAuthentication(contextHolder);
 
 		this.listener.beforeTestMethod(this.testContext);
 
-		ForkJoinPool.commonPool()
-			.submit(() -> assertAuthentication(contextHolder))
-			.join();
+		ForkJoinPool.commonPool().submit(() -> assertAuthentication(contextHolder)).join();
 	}
 
 	public void assertAuthentication(Authentication expected) {
 		Mono<Authentication> authentication = ReactiveSecurityContextHolder.getContext()
-			.map(SecurityContext::getAuthentication);
+				.map(SecurityContext::getAuthentication);
 
-		StepVerifier.create(authentication)
-			.expectNext(expected)
-			.verifyComplete();
+		StepVerifier.create(authentication).expectNext(expected).verifyComplete();
 	}
 
-
 	private void assertSecurityContext(SecurityContext expected) {
 		Mono<SecurityContext> securityContext = ReactiveSecurityContextHolder.getContext();
 
-		StepVerifier.create(securityContext)
-			.expectNext(expected)
-			.verifyComplete();
+		StepVerifier.create(securityContext).expectNext(expected).verifyComplete();
 	}
+
 }
diff --git a/test/src/test/java/org/springframework/security/test/context/support/WithAnonymousUserTests.java b/test/src/test/java/org/springframework/security/test/context/support/WithAnonymousUserTests.java
index 838becec27..1092a0973b 100644
--- a/test/src/test/java/org/springframework/security/test/context/support/WithAnonymousUserTests.java
+++ b/test/src/test/java/org/springframework/security/test/context/support/WithAnonymousUserTests.java
@@ -26,22 +26,23 @@ import static org.assertj.core.api.Assertions.assertThat;
  * @since 5.0
  */
 public class WithAnonymousUserTests {
+
 	@Test
 	public void defaults() {
 		WithSecurityContext context = AnnotatedElementUtils.findMergedAnnotation(Annotated.class,
-			WithSecurityContext.class);
+				WithSecurityContext.class);
 
 		assertThat(context.setupBefore()).isEqualTo(TestExecutionEvent.TEST_METHOD);
 	}
 
 	@WithAnonymousUser
 	private class Annotated {
+
 	}
 
 	@Test
 	public void findMergedAnnotationWhenSetupExplicitThenOverridden() {
-		WithSecurityContext context = AnnotatedElementUtils
-			.findMergedAnnotation(SetupExplicit.class,
+		WithSecurityContext context = AnnotatedElementUtils.findMergedAnnotation(SetupExplicit.class,
 				WithSecurityContext.class);
 
 		assertThat(context.setupBefore()).isEqualTo(TestExecutionEvent.TEST_METHOD);
@@ -49,17 +50,20 @@ public class WithAnonymousUserTests {
 
 	@WithAnonymousUser(setupBefore = TestExecutionEvent.TEST_METHOD)
 	private class SetupExplicit {
+
 	}
 
 	@Test
 	public void findMergedAnnotationWhenSetupOverriddenThenOverridden() {
 		WithSecurityContext context = AnnotatedElementUtils.findMergedAnnotation(SetupOverridden.class,
-			WithSecurityContext.class);
+				WithSecurityContext.class);
 
 		assertThat(context.setupBefore()).isEqualTo(TestExecutionEvent.TEST_EXECUTION);
 	}
 
 	@WithAnonymousUser(setupBefore = TestExecutionEvent.TEST_EXECUTION)
 	private class SetupOverridden {
+
 	}
+
 }
diff --git a/test/src/test/java/org/springframework/security/test/context/support/WithMockUserSecurityContextFactoryTests.java b/test/src/test/java/org/springframework/security/test/context/support/WithMockUserSecurityContextFactoryTests.java
index a129baeece..6899c89aa6 100644
--- a/test/src/test/java/org/springframework/security/test/context/support/WithMockUserSecurityContextFactoryTests.java
+++ b/test/src/test/java/org/springframework/security/test/context/support/WithMockUserSecurityContextFactoryTests.java
@@ -49,8 +49,7 @@ public class WithMockUserSecurityContextFactoryTests {
 		when(withUser.roles()).thenReturn(new String[] { "USER" });
 		when(withUser.authorities()).thenReturn(new String[] {});
 
-		assertThat(factory.createSecurityContext(withUser).getAuthentication().getName())
-				.isEqualTo(withUser.value());
+		assertThat(factory.createSecurityContext(withUser).getAuthentication().getName()).isEqualTo(withUser.value());
 	}
 
 	@Test
@@ -71,10 +70,8 @@ public class WithMockUserSecurityContextFactoryTests {
 		when(withUser.roles()).thenReturn(new String[] { "USER", "CUSTOM" });
 		when(withUser.authorities()).thenReturn(new String[] {});
 
-		assertThat(
-				factory.createSecurityContext(withUser).getAuthentication()
-						.getAuthorities()).extracting("authority").containsOnly(
-				"ROLE_USER", "ROLE_CUSTOM");
+		assertThat(factory.createSecurityContext(withUser).getAuthentication().getAuthorities()).extracting("authority")
+				.containsOnly("ROLE_USER", "ROLE_CUSTOM");
 	}
 
 	@Test
@@ -84,10 +81,8 @@ public class WithMockUserSecurityContextFactoryTests {
 		when(withUser.roles()).thenReturn(new String[] { "USER" });
 		when(withUser.authorities()).thenReturn(new String[] { "USER", "CUSTOM" });
 
-		assertThat(
-				factory.createSecurityContext(withUser).getAuthentication()
-						.getAuthorities()).extracting("authority").containsOnly(
-				"USER", "CUSTOM");
+		assertThat(factory.createSecurityContext(withUser).getAuthentication().getAuthorities()).extracting("authority")
+				.containsOnly("USER", "CUSTOM");
 	}
 
 	@Test(expected = IllegalStateException.class)
@@ -107,4 +102,5 @@ public class WithMockUserSecurityContextFactoryTests {
 
 		factory.createSecurityContext(withUser);
 	}
+
 }
diff --git a/test/src/test/java/org/springframework/security/test/context/support/WithMockUserTests.java b/test/src/test/java/org/springframework/security/test/context/support/WithMockUserTests.java
index ed040a3caf..c60eaead3b 100644
--- a/test/src/test/java/org/springframework/security/test/context/support/WithMockUserTests.java
+++ b/test/src/test/java/org/springframework/security/test/context/support/WithMockUserTests.java
@@ -25,8 +25,7 @@ public class WithMockUserTests {
 
 	@Test
 	public void defaults() {
-		WithMockUser mockUser = AnnotatedElementUtils.findMergedAnnotation(Annotated.class,
-				WithMockUser.class);
+		WithMockUser mockUser = AnnotatedElementUtils.findMergedAnnotation(Annotated.class, WithMockUser.class);
 		assertThat(mockUser.value()).isEqualTo("user");
 		assertThat(mockUser.username()).isEmpty();
 		assertThat(mockUser.password()).isEqualTo("password");
@@ -34,19 +33,19 @@ public class WithMockUserTests {
 		assertThat(mockUser.setupBefore()).isEqualByComparingTo(TestExecutionEvent.TEST_METHOD);
 
 		WithSecurityContext context = AnnotatedElementUtils.findMergedAnnotation(Annotated.class,
-			WithSecurityContext.class);
+				WithSecurityContext.class);
 
 		assertThat(context.setupBefore()).isEqualTo(TestExecutionEvent.TEST_METHOD);
 	}
 
 	@WithMockUser
 	private class Annotated {
+
 	}
 
 	@Test
 	public void findMergedAnnotationWhenSetupExplicitThenOverridden() {
-		WithSecurityContext context = AnnotatedElementUtils
-			.findMergedAnnotation(SetupExplicit.class,
+		WithSecurityContext context = AnnotatedElementUtils.findMergedAnnotation(SetupExplicit.class,
 				WithSecurityContext.class);
 
 		assertThat(context.setupBefore()).isEqualTo(TestExecutionEvent.TEST_METHOD);
@@ -54,17 +53,20 @@ public class WithMockUserTests {
 
 	@WithMockUser(setupBefore = TestExecutionEvent.TEST_METHOD)
 	private class SetupExplicit {
+
 	}
 
 	@Test
 	public void findMergedAnnotationWhenSetupOverriddenThenOverridden() {
 		WithSecurityContext context = AnnotatedElementUtils.findMergedAnnotation(SetupOverridden.class,
-			WithSecurityContext.class);
+				WithSecurityContext.class);
 
 		assertThat(context.setupBefore()).isEqualTo(TestExecutionEvent.TEST_EXECUTION);
 	}
 
 	@WithMockUser(setupBefore = TestExecutionEvent.TEST_EXECUTION)
 	private class SetupOverridden {
+
 	}
+
 }
diff --git a/test/src/test/java/org/springframework/security/test/context/support/WithSecurityContextTestExcecutionListenerTests.java b/test/src/test/java/org/springframework/security/test/context/support/WithSecurityContextTestExcecutionListenerTests.java
index c44e3e2a36..da8b1884f1 100644
--- a/test/src/test/java/org/springframework/security/test/context/support/WithSecurityContextTestExcecutionListenerTests.java
+++ b/test/src/test/java/org/springframework/security/test/context/support/WithSecurityContextTestExcecutionListenerTests.java
@@ -50,6 +50,7 @@ import static org.mockito.Mockito.when;
 
 @RunWith(MockitoJUnitRunner.class)
 public class WithSecurityContextTestExcecutionListenerTests {
+
 	private ConfigurableApplicationContext context;
 
 	@Mock
@@ -76,8 +77,7 @@ public class WithSecurityContextTestExcecutionListenerTests {
 	public void beforeTestMethodNullSecurityContextNoError() throws Exception {
 		Class testClass = FakeTest.class;
 		when(testContext.getTestClass()).thenReturn(testClass);
-		when(testContext.getTestMethod()).thenReturn(
-				ReflectionUtils.findMethod(testClass, "testNoAnnotation"));
+		when(testContext.getTestMethod()).thenReturn(ReflectionUtils.findMethod(testClass, "testNoAnnotation"));
 
 		listener.beforeTestMethod(testContext);
 	}
@@ -87,14 +87,13 @@ public class WithSecurityContextTestExcecutionListenerTests {
 	public void beforeTestMethodNoApplicationContext() throws Exception {
 		Class testClass = FakeTest.class;
 		when(testContext.getApplicationContext()).thenThrow(new IllegalStateException());
-		when(testContext.getTestMethod()).thenReturn(
-				ReflectionUtils.findMethod(testClass, "testWithMockUser"));
+		when(testContext.getTestMethod()).thenReturn(ReflectionUtils.findMethod(testClass, "testWithMockUser"));
 
 		listener.beforeTestMethod(testContext);
 
-		assertThat(TestSecurityContextHolder.getContext().getAuthentication().getName())
-				.isEqualTo("user");
+		assertThat(TestSecurityContextHolder.getContext().getAuthentication().getName()).isEqualTo("user");
 	}
+
 	// gh-3962
 	@Test
 	public void withSecurityContextAfterSqlScripts() {
@@ -126,13 +125,11 @@ public class WithSecurityContextTestExcecutionListenerTests {
 	@Test
 	// gh-3837
 	public void handlesGenericAnnotation() throws Exception {
-		Method method = ReflectionUtils.findMethod(
-				WithSecurityContextTestExcecutionListenerTests.class,
+		Method method = ReflectionUtils.findMethod(WithSecurityContextTestExcecutionListenerTests.class,
 				"handlesGenericAnnotationTestMethod");
 		TestContext testContext = mock(TestContext.class);
 		when(testContext.getTestMethod()).thenReturn(method);
-		when(testContext.getApplicationContext())
-				.thenThrow(new IllegalStateException(""));
+		when(testContext.getApplicationContext()).thenThrow(new IllegalStateException(""));
 
 		this.listener.beforeTestMethod(testContext);
 
@@ -147,11 +144,12 @@ public class WithSecurityContextTestExcecutionListenerTests {
 	@Retention(RetentionPolicy.RUNTIME)
 	@WithSecurityContext(factory = SuperClassWithSecurityContextFactory.class)
 	@interface WithSuperClassWithSecurityContext {
+
 		String username() default "WithSuperClassWithSecurityContext";
+
 	}
 
-	static class SuperClassWithSecurityContextFactory
-			implements WithSecurityContextFactory<Annotation> {
+	static class SuperClassWithSecurityContextFactory implements WithSecurityContextFactory<Annotation> {
 
 		@Override
 		public SecurityContext createSecurityContext(Annotation annotation) {
@@ -159,9 +157,11 @@ public class WithSecurityContextTestExcecutionListenerTests {
 			context.setAuthentication(new TestingAuthenticationToken(annotation, "NA"));
 			return context;
 		}
+
 	}
 
 	static class FakeTest {
+
 		public void testNoAnnotation() {
 		}
 
@@ -169,9 +169,12 @@ public class WithSecurityContextTestExcecutionListenerTests {
 		public void testWithMockUser() {
 
 		}
+
 	}
 
 	@Configuration
 	static class Config {
+
 	}
+
 }
diff --git a/test/src/test/java/org/springframework/security/test/context/support/WithSecurityContextTestExecutionListenerTests.java b/test/src/test/java/org/springframework/security/test/context/support/WithSecurityContextTestExecutionListenerTests.java
index bb3c8cfd0c..8b2c1dd8c8 100644
--- a/test/src/test/java/org/springframework/security/test/context/support/WithSecurityContextTestExecutionListenerTests.java
+++ b/test/src/test/java/org/springframework/security/test/context/support/WithSecurityContextTestExecutionListenerTests.java
@@ -54,8 +54,10 @@ import static org.mockito.Mockito.when;
 @RunWith(MockitoJUnitRunner.class)
 @ContextConfiguration(classes = WithSecurityContextTestExecutionListenerTests.NoOpConfiguration.class)
 public class WithSecurityContextTestExecutionListenerTests {
+
 	@ClassRule
 	public static final SpringClassRule spring = new SpringClassRule();
+
 	@Rule
 	public final SpringMethodRule springMethod = new SpringMethodRule();
 
@@ -81,7 +83,8 @@ public class WithSecurityContextTestExecutionListenerTests {
 		this.listener.beforeTestMethod(this.testContext);
 
 		assertThat(TestSecurityContextHolder.getContext().getAuthentication()).isNotNull();
-		verify(this.testContext, never()).setAttribute(eq(WithSecurityContextTestExecutionListener.SECURITY_CONTEXT_ATTR_NAME), any(SecurityContext.class));
+		verify(this.testContext, never()).setAttribute(
+				eq(WithSecurityContextTestExecutionListener.SECURITY_CONTEXT_ATTR_NAME), any(SecurityContext.class));
 	}
 
 	@Test
@@ -93,7 +96,8 @@ public class WithSecurityContextTestExecutionListenerTests {
 		this.listener.beforeTestMethod(this.testContext);
 
 		assertThat(TestSecurityContextHolder.getContext().getAuthentication()).isNotNull();
-		verify(this.testContext, never()).setAttribute(eq(WithSecurityContextTestExecutionListener.SECURITY_CONTEXT_ATTR_NAME), any(SecurityContext.class));
+		verify(this.testContext, never()).setAttribute(
+				eq(WithSecurityContextTestExecutionListener.SECURITY_CONTEXT_ATTR_NAME), any(SecurityContext.class));
 	}
 
 	@Test
@@ -105,8 +109,8 @@ public class WithSecurityContextTestExecutionListenerTests {
 		this.listener.beforeTestMethod(this.testContext);
 
 		assertThat(TestSecurityContextHolder.getContext().getAuthentication()).isNull();
-		verify(this.testContext).setAttribute(eq(WithSecurityContextTestExecutionListener.SECURITY_CONTEXT_ATTR_NAME)
-				, ArgumentMatchers.<Supplier<SecurityContext>>any());
+		verify(this.testContext).setAttribute(eq(WithSecurityContextTestExecutionListener.SECURITY_CONTEXT_ATTR_NAME),
+				ArgumentMatchers.<Supplier<SecurityContext>>any());
 	}
 
 	@Test
@@ -148,17 +152,22 @@ public class WithSecurityContextTestExecutionListenerTests {
 		SecurityContextImpl securityContext = new SecurityContextImpl();
 		securityContext.setAuthentication(new TestingAuthenticationToken("user", "passsword", "ROLE_USER"));
 		Supplier<SecurityContext> supplier = () -> securityContext;
-		when(this.testContext.removeAttribute(WithSecurityContextTestExecutionListener.SECURITY_CONTEXT_ATTR_NAME)).thenReturn(supplier);
+		when(this.testContext.removeAttribute(WithSecurityContextTestExecutionListener.SECURITY_CONTEXT_ATTR_NAME))
+				.thenReturn(supplier);
 
 		this.listener.beforeTestExecution(this.testContext);
 
-		assertThat(TestSecurityContextHolder.getContext().getAuthentication()).isEqualTo(securityContext.getAuthentication());
+		assertThat(TestSecurityContextHolder.getContext().getAuthentication())
+				.isEqualTo(securityContext.getAuthentication());
 	}
 
 	@Configuration
-	static class NoOpConfiguration {}
+	static class NoOpConfiguration {
+
+	}
 
 	static class TheTest {
+
 		@WithMockUser(setupBefore = TestExecutionEvent.TEST_EXECUTION)
 		public void withMockUserTestExecution() {
 		}
@@ -174,6 +183,7 @@ public class WithSecurityContextTestExecutionListenerTests {
 		@WithUserDetails(setupBefore = TestExecutionEvent.TEST_EXECUTION)
 		public void withUserDetails() {
 		}
+
 	}
 
 }
diff --git a/test/src/test/java/org/springframework/security/test/context/support/WithUserDetailsSecurityContextFactoryTests.java b/test/src/test/java/org/springframework/security/test/context/support/WithUserDetailsSecurityContextFactoryTests.java
index 50b6e8aff0..4cf7a1800b 100644
--- a/test/src/test/java/org/springframework/security/test/context/support/WithUserDetailsSecurityContextFactoryTests.java
+++ b/test/src/test/java/org/springframework/security/test/context/support/WithUserDetailsSecurityContextFactoryTests.java
@@ -40,10 +40,13 @@ public class WithUserDetailsSecurityContextFactoryTests {
 
 	@Mock
 	private ReactiveUserDetailsService reactiveUserDetailsService;
+
 	@Mock
 	private UserDetailsService userDetailsService;
+
 	@Mock
 	private UserDetails userDetails;
+
 	@Mock
 	private BeanFactory beans;
 
@@ -78,8 +81,7 @@ public class WithUserDetailsSecurityContextFactoryTests {
 		when(userDetailsService.loadUserByUsername(username)).thenReturn(userDetails);
 
 		SecurityContext context = factory.createSecurityContext(withUserDetails);
-		assertThat(context.getAuthentication()).isInstanceOf(
-				UsernamePasswordAuthenticationToken.class);
+		assertThat(context.getAuthentication()).isInstanceOf(UsernamePasswordAuthenticationToken.class);
 		assertThat(context.getAuthentication().getPrincipal()).isEqualTo(userDetails);
 		verify(beans).getBean(UserDetailsService.class);
 	}
@@ -89,15 +91,15 @@ public class WithUserDetailsSecurityContextFactoryTests {
 	public void createSecurityContextWithUserDetailsServiceName() {
 		String beanName = "secondUserDetailsServiceBean";
 		String username = "user";
-		when(this.beans.getBean(beanName, ReactiveUserDetailsService.class)).thenThrow(new BeanNotOfRequiredTypeException("", ReactiveUserDetailsService.class, UserDetailsService.class));
+		when(this.beans.getBean(beanName, ReactiveUserDetailsService.class)).thenThrow(
+				new BeanNotOfRequiredTypeException("", ReactiveUserDetailsService.class, UserDetailsService.class));
 		when(withUserDetails.value()).thenReturn(username);
 		when(withUserDetails.userDetailsServiceBeanName()).thenReturn(beanName);
 		when(userDetailsService.loadUserByUsername(username)).thenReturn(userDetails);
 		when(beans.getBean(beanName, UserDetailsService.class)).thenReturn(userDetailsService);
 
 		SecurityContext context = factory.createSecurityContext(withUserDetails);
-		assertThat(context.getAuthentication()).isInstanceOf(
-				UsernamePasswordAuthenticationToken.class);
+		assertThat(context.getAuthentication()).isInstanceOf(UsernamePasswordAuthenticationToken.class);
 		assertThat(context.getAuthentication().getPrincipal()).isEqualTo(userDetails);
 		verify(beans).getBean(beanName, UserDetailsService.class);
 	}
@@ -110,8 +112,7 @@ public class WithUserDetailsSecurityContextFactoryTests {
 		when(this.reactiveUserDetailsService.findByUsername(username)).thenReturn(Mono.just(userDetails));
 
 		SecurityContext context = factory.createSecurityContext(withUserDetails);
-		assertThat(context.getAuthentication()).isInstanceOf(
-			UsernamePasswordAuthenticationToken.class);
+		assertThat(context.getAuthentication()).isInstanceOf(UsernamePasswordAuthenticationToken.class);
 		assertThat(context.getAuthentication().getPrincipal()).isEqualTo(userDetails);
 		verify(this.beans).getBean(ReactiveUserDetailsService.class);
 	}
@@ -122,13 +123,14 @@ public class WithUserDetailsSecurityContextFactoryTests {
 		String username = "user";
 		when(withUserDetails.value()).thenReturn(username);
 		when(withUserDetails.userDetailsServiceBeanName()).thenReturn(beanName);
-		when(this.beans.getBean(beanName, ReactiveUserDetailsService.class)).thenReturn(this.reactiveUserDetailsService);
+		when(this.beans.getBean(beanName, ReactiveUserDetailsService.class))
+				.thenReturn(this.reactiveUserDetailsService);
 		when(this.reactiveUserDetailsService.findByUsername(username)).thenReturn(Mono.just(userDetails));
 
 		SecurityContext context = factory.createSecurityContext(withUserDetails);
-		assertThat(context.getAuthentication()).isInstanceOf(
-			UsernamePasswordAuthenticationToken.class);
+		assertThat(context.getAuthentication()).isInstanceOf(UsernamePasswordAuthenticationToken.class);
 		assertThat(context.getAuthentication().getPrincipal()).isEqualTo(userDetails);
 		verify(this.beans).getBean(beanName, ReactiveUserDetailsService.class);
 	}
+
 }
diff --git a/test/src/test/java/org/springframework/security/test/context/support/WithUserDetailsTests.java b/test/src/test/java/org/springframework/security/test/context/support/WithUserDetailsTests.java
index 3c4f12749d..cb3681b902 100644
--- a/test/src/test/java/org/springframework/security/test/context/support/WithUserDetailsTests.java
+++ b/test/src/test/java/org/springframework/security/test/context/support/WithUserDetailsTests.java
@@ -25,12 +25,10 @@ public class WithUserDetailsTests {
 
 	@Test
 	public void defaults() {
-		WithUserDetails userDetails = AnnotationUtils.findAnnotation(Annotated.class,
-				WithUserDetails.class);
+		WithUserDetails userDetails = AnnotationUtils.findAnnotation(Annotated.class, WithUserDetails.class);
 		assertThat(userDetails.value()).isEqualTo("user");
 
-		WithSecurityContext context = AnnotatedElementUtils
-			.findMergedAnnotation(Annotated.class,
+		WithSecurityContext context = AnnotatedElementUtils.findMergedAnnotation(Annotated.class,
 				WithSecurityContext.class);
 
 		assertThat(context.setupBefore()).isEqualTo(TestExecutionEvent.TEST_METHOD);
@@ -38,12 +36,12 @@ public class WithUserDetailsTests {
 
 	@WithUserDetails
 	private static class Annotated {
+
 	}
 
 	@Test
 	public void findMergedAnnotationWhenSetupExplicitThenOverridden() {
-		WithSecurityContext context = AnnotatedElementUtils
-			.findMergedAnnotation(SetupExplicit.class,
+		WithSecurityContext context = AnnotatedElementUtils.findMergedAnnotation(SetupExplicit.class,
 				WithSecurityContext.class);
 
 		assertThat(context.setupBefore()).isEqualTo(TestExecutionEvent.TEST_METHOD);
@@ -51,12 +49,12 @@ public class WithUserDetailsTests {
 
 	@WithUserDetails(setupBefore = TestExecutionEvent.TEST_METHOD)
 	private class SetupExplicit {
+
 	}
 
 	@Test
 	public void findMergedAnnotationWhenSetupOverriddenThenOverridden() {
-		WithSecurityContext context = AnnotatedElementUtils
-			.findMergedAnnotation(SetupOverridden.class,
+		WithSecurityContext context = AnnotatedElementUtils.findMergedAnnotation(SetupOverridden.class,
 				WithSecurityContext.class);
 
 		assertThat(context.setupBefore()).isEqualTo(TestExecutionEvent.TEST_EXECUTION);
@@ -64,5 +62,7 @@ public class WithUserDetailsTests {
 
 	@WithUserDetails(setupBefore = TestExecutionEvent.TEST_EXECUTION)
 	private class SetupOverridden {
+
 	}
+
 }
diff --git a/test/src/test/java/org/springframework/security/test/web/reactive/server/AbstractMockServerConfigurersTests.java b/test/src/test/java/org/springframework/security/test/web/reactive/server/AbstractMockServerConfigurersTests.java
index 6af2661f64..e984952640 100644
--- a/test/src/test/java/org/springframework/security/test/web/reactive/server/AbstractMockServerConfigurersTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/reactive/server/AbstractMockServerConfigurersTests.java
@@ -34,13 +34,12 @@ import static org.assertj.core.api.Assertions.assertThat;
  * @since 5.0
  */
 abstract class AbstractMockServerConfigurersTests {
+
 	protected PrincipalController controller = new PrincipalController();
+
 	protected SecurityContextController securityContextController = new SecurityContextController();
 
-	protected User.UserBuilder userBuilder = User
-		.withUsername("user")
-		.password("password")
-		.roles("USER");
+	protected User.UserBuilder userBuilder = User.withUsername("user").password("password").roles("USER");
 
 	protected void assertPrincipalCreatedFromUserDetails(Principal principal, UserDetails originalUserDetails) {
 		assertThat(principal).isInstanceOf(UsernamePasswordAuthenticationToken.class);
@@ -56,6 +55,7 @@ abstract class AbstractMockServerConfigurersTests {
 
 	@RestController
 	protected static class PrincipalController {
+
 		volatile Principal principal;
 
 		@RequestMapping("/**")
@@ -74,10 +74,12 @@ abstract class AbstractMockServerConfigurersTests {
 			assertThat(this.principal).isEqualTo(expected);
 			this.principal = null;
 		}
+
 	}
 
 	@RestController
 	protected static class SecurityContextController {
+
 		volatile SecurityContext securityContext;
 
 		@RequestMapping("/**")
@@ -91,5 +93,7 @@ abstract class AbstractMockServerConfigurersTests {
 			this.securityContext = null;
 			return result;
 		}
+
 	}
+
 }
diff --git a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurerOpaqueTokenTests.java b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurerOpaqueTokenTests.java
index c44da6255a..1a19e6d064 100644
--- a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurerOpaqueTokenTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurerOpaqueTokenTests.java
@@ -45,31 +45,24 @@ import static org.springframework.security.test.web.reactive.server.SecurityMock
  */
 @RunWith(MockitoJUnitRunner.class)
 public class SecurityMockServerConfigurerOpaqueTokenTests extends AbstractMockServerConfigurersTests {
+
 	private GrantedAuthority authority1 = new SimpleGrantedAuthority("one");
 
 	private GrantedAuthority authority2 = new SimpleGrantedAuthority("two");
 
-	private WebTestClient client = WebTestClient
-			.bindToController(securityContextController)
+	private WebTestClient client = WebTestClient.bindToController(securityContextController)
 			.webFilter(new SecurityContextServerWebExchangeWebFilter())
-			.argumentResolvers(resolvers -> resolvers.addCustomResolver(
-					new CurrentSecurityContextArgumentResolver(new ReactiveAdapterRegistry())))
-			.apply(springSecurity())
-			.configureClient()
-			.defaultHeader(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_VALUE)
-			.build();
+			.argumentResolvers(resolvers -> resolvers
+					.addCustomResolver(new CurrentSecurityContextArgumentResolver(new ReactiveAdapterRegistry())))
+			.apply(springSecurity()).configureClient()
+			.defaultHeader(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_VALUE).build();
 
 	@Test
 	public void mockOpaqueTokenWhenUsingDefaultsThenBearerTokenAuthentication() {
-		this.client
-				.mutateWith(mockOpaqueToken())
-				.get()
-				.exchange()
-				.expectStatus().isOk();
+		this.client.mutateWith(mockOpaqueToken()).get().exchange().expectStatus().isOk();
 
 		SecurityContext context = securityContextController.removeSecurityContext();
-		assertThat(context.getAuthentication()).isInstanceOf(
-				BearerTokenAuthentication.class);
+		assertThat(context.getAuthentication()).isInstanceOf(BearerTokenAuthentication.class);
 		BearerTokenAuthentication token = (BearerTokenAuthentication) context.getAuthentication();
 		assertThat(token.getAuthorities()).isNotEmpty();
 		assertThat(token.getToken()).isNotNull();
@@ -78,27 +71,19 @@ public class SecurityMockServerConfigurerOpaqueTokenTests extends AbstractMockSe
 
 	@Test
 	public void mockOpaqueTokenWhenAuthoritiesThenBearerTokenAuthentication() {
-		this.client
-				.mutateWith(mockOpaqueToken()
-						.authorities(this.authority1, this.authority2))
-				.get()
-				.exchange()
+		this.client.mutateWith(mockOpaqueToken().authorities(this.authority1, this.authority2)).get().exchange()
 				.expectStatus().isOk();
 
 		SecurityContext context = securityContextController.removeSecurityContext();
-		assertThat((List<GrantedAuthority>) context.getAuthentication().getAuthorities())
-				.containsOnly(this.authority1, this.authority2);
+		assertThat((List<GrantedAuthority>) context.getAuthentication().getAuthorities()).containsOnly(this.authority1,
+				this.authority2);
 	}
 
 	@Test
 	public void mockOpaqueTokenWhenAttributesThenBearerTokenAuthentication() {
 		String sub = new String("my-subject");
-		this.client
-				.mutateWith(mockOpaqueToken()
-						.attributes(attributes -> attributes.put(SUBJECT, sub)))
-						.get()
-						.exchange()
-						.expectStatus().isOk();
+		this.client.mutateWith(mockOpaqueToken().attributes(attributes -> attributes.put(SUBJECT, sub))).get()
+				.exchange().expectStatus().isOk();
 
 		SecurityContext context = securityContextController.removeSecurityContext();
 		assertThat(context.getAuthentication()).isInstanceOf(BearerTokenAuthentication.class);
@@ -109,12 +94,7 @@ public class SecurityMockServerConfigurerOpaqueTokenTests extends AbstractMockSe
 	@Test
 	public void mockOpaqueTokenWhenPrincipalThenBearerTokenAuthentication() {
 		OAuth2AuthenticatedPrincipal principal = active();
-		this.client
-				.mutateWith(mockOpaqueToken()
-						.principal(principal))
-				.get()
-				.exchange()
-				.expectStatus().isOk();
+		this.client.mutateWith(mockOpaqueToken().principal(principal)).get().exchange().expectStatus().isOk();
 
 		SecurityContext context = securityContextController.removeSecurityContext();
 		assertThat(context.getAuthentication()).isInstanceOf(BearerTokenAuthentication.class);
@@ -126,13 +106,8 @@ public class SecurityMockServerConfigurerOpaqueTokenTests extends AbstractMockSe
 	public void mockOpaqueTokenWhenPrincipalSpecifiedThenLastCalledTakesPrecedence() {
 		OAuth2AuthenticatedPrincipal principal = active(a -> a.put("scope", "user"));
 
-		this.client
-				.mutateWith(mockOpaqueToken()
-						.attributes(a -> a.put(SUBJECT, "foo"))
-						.principal(principal))
-				.get()
-				.exchange()
-				.expectStatus().isOk();
+		this.client.mutateWith(mockOpaqueToken().attributes(a -> a.put(SUBJECT, "foo")).principal(principal)).get()
+				.exchange().expectStatus().isOk();
 
 		SecurityContext context = securityContextController.removeSecurityContext();
 		assertThat(context.getAuthentication()).isInstanceOf(BearerTokenAuthentication.class);
@@ -140,13 +115,8 @@ public class SecurityMockServerConfigurerOpaqueTokenTests extends AbstractMockSe
 		assertThat((String) ((OAuth2AuthenticatedPrincipal) token.getPrincipal()).getAttribute(SUBJECT))
 				.isEqualTo(principal.getAttribute(SUBJECT));
 
-		this.client
-				.mutateWith(mockOpaqueToken()
-						.principal(principal)
-						.attributes(a -> a.put(SUBJECT, "bar")))
-				.get()
-				.exchange()
-				.expectStatus().isOk();
+		this.client.mutateWith(mockOpaqueToken().principal(principal).attributes(a -> a.put(SUBJECT, "bar"))).get()
+				.exchange().expectStatus().isOk();
 
 		context = securityContextController.removeSecurityContext();
 		assertThat(context.getAuthentication()).isInstanceOf(BearerTokenAuthentication.class);
@@ -154,4 +124,5 @@ public class SecurityMockServerConfigurerOpaqueTokenTests extends AbstractMockSe
 		assertThat((String) ((OAuth2AuthenticatedPrincipal) token.getPrincipal()).getAttribute(SUBJECT))
 				.isEqualTo("bar");
 	}
+
 }
diff --git a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersAnnotatedTests.java b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersAnnotatedTests.java
index cce61fba7b..540fe4c4fe 100644
--- a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersAnnotatedTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersAnnotatedTests.java
@@ -42,21 +42,14 @@ import static org.springframework.security.test.web.reactive.server.SecurityMock
 @SecurityTestExecutionListeners
 public class SecurityMockServerConfigurersAnnotatedTests extends AbstractMockServerConfigurersTests {
 
-	WebTestClient client = WebTestClient
-		.bindToController(controller)
-		.webFilter(new SecurityContextServerWebExchangeWebFilter())
-		.apply(springSecurity())
-		.configureClient()
-		.defaultHeader(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_VALUE)
-		.build();
+	WebTestClient client = WebTestClient.bindToController(controller)
+			.webFilter(new SecurityContextServerWebExchangeWebFilter()).apply(springSecurity()).configureClient()
+			.defaultHeader(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_VALUE).build();
 
 	@Test
 	@WithMockUser
 	public void withMockUserWhenOnMethodThenSuccess() {
-		client
-			.get()
-			.exchange()
-			.expectStatus().isOk();
+		client.get().exchange().expectStatus().isOk();
 
 		Authentication authentication = TestSecurityContextHolder.getContext().getAuthentication();
 		controller.assertPrincipalIsEqualTo(authentication);
@@ -65,20 +58,13 @@ public class SecurityMockServerConfigurersAnnotatedTests extends AbstractMockSer
 	@Test
 	@WithMockUser
 	public void withMockUserWhenGlobalMockPrincipalThenOverridesAnnotation() {
-		TestingAuthenticationToken authentication = new TestingAuthenticationToken("authentication", "secret", "ROLE_USER");
-		client = WebTestClient
-			.bindToController(controller)
-			.webFilter(new SecurityContextServerWebExchangeWebFilter())
-			.apply(springSecurity())
-			.apply(mockAuthentication(authentication))
-			.configureClient()
-			.defaultHeader(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_VALUE)
-			.build();
+		TestingAuthenticationToken authentication = new TestingAuthenticationToken("authentication", "secret",
+				"ROLE_USER");
+		client = WebTestClient.bindToController(controller).webFilter(new SecurityContextServerWebExchangeWebFilter())
+				.apply(springSecurity()).apply(mockAuthentication(authentication)).configureClient()
+				.defaultHeader(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_VALUE).build();
 
-		client
-			.get()
-			.exchange()
-			.expectStatus().isOk();
+		client.get().exchange().expectStatus().isOk();
 
 		controller.assertPrincipalIsEqualTo(authentication);
 	}
@@ -86,12 +72,9 @@ public class SecurityMockServerConfigurersAnnotatedTests extends AbstractMockSer
 	@Test
 	@WithMockUser
 	public void withMockUserWhenMutateWithMockPrincipalThenOverridesAnnotation() {
-		TestingAuthenticationToken authentication = new TestingAuthenticationToken("authentication", "secret", "ROLE_USER");
-		client
-			.mutateWith(mockAuthentication(authentication))
-			.get()
-			.exchange()
-			.expectStatus().isOk();
+		TestingAuthenticationToken authentication = new TestingAuthenticationToken("authentication", "secret",
+				"ROLE_USER");
+		client.mutateWith(mockAuthentication(authentication)).get().exchange().expectStatus().isOk();
 
 		controller.assertPrincipalIsEqualTo(authentication);
 	}
@@ -99,20 +82,13 @@ public class SecurityMockServerConfigurersAnnotatedTests extends AbstractMockSer
 	@Test
 	@WithMockUser
 	public void withMockUserWhenMutateWithMockPrincipalAndNoMutateThenOverridesAnnotationAndUsesAnnotation() {
-		TestingAuthenticationToken authentication = new TestingAuthenticationToken("authentication", "secret", "ROLE_USER");
-		client
-			.mutateWith(mockAuthentication(authentication))
-			.get()
-			.exchange()
-			.expectStatus().isOk();
+		TestingAuthenticationToken authentication = new TestingAuthenticationToken("authentication", "secret",
+				"ROLE_USER");
+		client.mutateWith(mockAuthentication(authentication)).get().exchange().expectStatus().isOk();
 
 		controller.assertPrincipalIsEqualTo(authentication);
 
-
-		client
-			.get()
-			.exchange()
-			.expectStatus().isOk();
+		client.get().exchange().expectStatus().isOk();
 
 		assertPrincipalCreatedFromUserDetails(controller.removePrincipal(), userBuilder.build());
 	}
@@ -121,16 +97,7 @@ public class SecurityMockServerConfigurersAnnotatedTests extends AbstractMockSer
 	@WithMockUser
 	public void withMockUserWhenOnMethodAndRequestIsExecutedOnDifferentThreadThenSuccess() {
 		Authentication authentication = TestSecurityContextHolder.getContext().getAuthentication();
-		ForkJoinPool
-			.commonPool()
-			.submit(() ->
-				client
-					.get()
-					.exchange()
-					.expectStatus()
-					.isOk()
-			)
-			.join();
+		ForkJoinPool.commonPool().submit(() -> client.get().exchange().expectStatus().isOk()).join();
 
 		controller.assertPrincipalIsEqualTo(authentication);
 	}
@@ -138,32 +105,18 @@ public class SecurityMockServerConfigurersAnnotatedTests extends AbstractMockSer
 	@Test
 	@WithMockUser
 	public void withMockUserAndWithCallOnSeparateThreadWhenMutateWithMockPrincipalAndNoMutateThenOverridesAnnotationAndUsesAnnotation() {
-		TestingAuthenticationToken authentication = new TestingAuthenticationToken("authentication", "secret", "ROLE_USER");
+		TestingAuthenticationToken authentication = new TestingAuthenticationToken("authentication", "secret",
+				"ROLE_USER");
 
-		ForkJoinPool
-			.commonPool()
-			.submit(() ->
-				client
-					.mutateWith(mockAuthentication(authentication))
-					.get()
-					.exchange()
-					.expectStatus().isOk()
-			)
-			.join();
+		ForkJoinPool.commonPool().submit(
+				() -> client.mutateWith(mockAuthentication(authentication)).get().exchange().expectStatus().isOk())
+				.join();
 
 		controller.assertPrincipalIsEqualTo(authentication);
 
-
-		ForkJoinPool
-			.commonPool()
-			.submit(() ->
-				client
-					.get()
-					.exchange()
-					.expectStatus().isOk()
-			)
-			.join();
+		ForkJoinPool.commonPool().submit(() -> client.get().exchange().expectStatus().isOk()).join();
 
 		assertPrincipalCreatedFromUserDetails(controller.removePrincipal(), userBuilder.build());
 	}
+
 }
diff --git a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersClassAnnotatedTests.java b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersClassAnnotatedTests.java
index 25c2afae1d..7c68c798f0 100644
--- a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersClassAnnotatedTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersClassAnnotatedTests.java
@@ -42,21 +42,15 @@ import static org.springframework.security.test.web.reactive.server.SecurityMock
 @RunWith(SpringRunner.class)
 @SecurityTestExecutionListeners
 public class SecurityMockServerConfigurersClassAnnotatedTests extends AbstractMockServerConfigurersTests {
-	WebTestClient client = WebTestClient
-		.bindToController(controller)
-		.webFilter(new SecurityContextServerWebExchangeWebFilter())
-		.apply(springSecurity())
-		.configureClient()
-		.defaultHeader(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_VALUE)
-		.build();
+
+	WebTestClient client = WebTestClient.bindToController(controller)
+			.webFilter(new SecurityContextServerWebExchangeWebFilter()).apply(springSecurity()).configureClient()
+			.defaultHeader(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_VALUE).build();
 
 	@Test
 	public void wheMockUserWhenClassAnnotatedThenSuccess() {
-		client
-			.get()
-			.exchange()
-			.expectStatus().isOk()
-			.expectBody(String.class).consumeWith( response -> assertThat(response.getResponseBody()).contains("\"username\":\"user\""));
+		client.get().exchange().expectStatus().isOk().expectBody(String.class)
+				.consumeWith(response -> assertThat(response.getResponseBody()).contains("\"username\":\"user\""));
 
 		Authentication authentication = TestSecurityContextHolder.getContext().getAuthentication();
 		controller.assertPrincipalIsEqualTo(authentication);
@@ -65,11 +59,8 @@ public class SecurityMockServerConfigurersClassAnnotatedTests extends AbstractMo
 	@Test
 	@WithMockUser("method-user")
 	public void withMockUserWhenClassAndMethodAnnotationThenMethodOverrides() {
-		client
-			.get()
-			.exchange()
-			.expectStatus().isOk()
-			.expectBody(String.class).consumeWith( response -> assertThat(response.getResponseBody()).contains("\"username\":\"method-user\""));
+		client.get().exchange().expectStatus().isOk().expectBody(String.class).consumeWith(
+				response -> assertThat(response.getResponseBody()).contains("\"username\":\"method-user\""));
 
 		Authentication authentication = TestSecurityContextHolder.getContext().getAuthentication();
 		controller.assertPrincipalIsEqualTo(authentication);
@@ -77,14 +68,12 @@ public class SecurityMockServerConfigurersClassAnnotatedTests extends AbstractMo
 
 	@Test
 	public void withMockUserWhenMutateWithThenMustateWithOverrides() {
-		client
-			.mutateWith(mockUser("mutateWith-mockUser"))
-			.get()
-			.exchange()
-			.expectStatus().isOk()
-			.expectBody(String.class).consumeWith( response -> assertThat(response.getResponseBody()).contains("\"username\":\"mutateWith-mockUser\""));
+		client.mutateWith(mockUser("mutateWith-mockUser")).get().exchange().expectStatus().isOk()
+				.expectBody(String.class).consumeWith(response -> assertThat(response.getResponseBody())
+						.contains("\"username\":\"mutateWith-mockUser\""));
 
 		Principal principal = controller.removePrincipal();
 		assertPrincipalCreatedFromUserDetails(principal, userBuilder.username("mutateWith-mockUser").build());
 	}
+
 }
diff --git a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersJwtTests.java b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersJwtTests.java
index e92100fa39..02a01cc8e3 100644
--- a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersJwtTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersJwtTests.java
@@ -47,33 +47,26 @@ import static org.springframework.security.test.web.reactive.server.SecurityMock
  */
 @RunWith(MockitoJUnitRunner.class)
 public class SecurityMockServerConfigurersJwtTests extends AbstractMockServerConfigurersTests {
+
 	@Mock
 	GrantedAuthority authority1;
 
 	@Mock
 	GrantedAuthority authority2;
 
-	WebTestClient client = WebTestClient
-			.bindToController(securityContextController)
+	WebTestClient client = WebTestClient.bindToController(securityContextController)
 			.webFilter(new SecurityContextServerWebExchangeWebFilter())
-			.argumentResolvers(resolvers -> resolvers.addCustomResolver(
-					new CurrentSecurityContextArgumentResolver(new ReactiveAdapterRegistry())))
-			.apply(springSecurity())
-			.configureClient()
-			.defaultHeader(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_VALUE)
-			.build();
+			.argumentResolvers(resolvers -> resolvers
+					.addCustomResolver(new CurrentSecurityContextArgumentResolver(new ReactiveAdapterRegistry())))
+			.apply(springSecurity()).configureClient()
+			.defaultHeader(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_VALUE).build();
 
 	@Test
 	public void mockJwtWhenUsingDefaultsTheCreatesJwtAuthentication() {
-		client
-				.mutateWith(mockJwt())
-				.get()
-				.exchange()
-				.expectStatus().isOk();
+		client.mutateWith(mockJwt()).get().exchange().expectStatus().isOk();
 
 		SecurityContext context = securityContextController.removeSecurityContext();
-		assertThat(context.getAuthentication()).isInstanceOf(
-				JwtAuthenticationToken.class);
+		assertThat(context.getAuthentication()).isInstanceOf(JwtAuthenticationToken.class);
 		JwtAuthenticationToken token = (JwtAuthenticationToken) context.getAuthentication();
 		assertThat(token.getAuthorities()).isNotEmpty();
 		assertThat(token.getToken()).isNotNull();
@@ -84,79 +77,54 @@ public class SecurityMockServerConfigurersJwtTests extends AbstractMockServerCon
 	@Test
 	public void mockJwtWhenProvidingBuilderConsumerThenProducesJwtAuthentication() {
 		String name = new String("user");
-		client
-				.mutateWith(mockJwt().jwt(jwt -> jwt.subject(name)))
-				.get()
-				.exchange()
-				.expectStatus().isOk();
+		client.mutateWith(mockJwt().jwt(jwt -> jwt.subject(name))).get().exchange().expectStatus().isOk();
 
 		SecurityContext context = securityContextController.removeSecurityContext();
-		assertThat(context.getAuthentication()).isInstanceOf(
-				JwtAuthenticationToken.class);
+		assertThat(context.getAuthentication()).isInstanceOf(JwtAuthenticationToken.class);
 		JwtAuthenticationToken token = (JwtAuthenticationToken) context.getAuthentication();
 		assertThat(token.getToken().getSubject()).isSameAs(name);
 	}
 
 	@Test
 	public void mockJwtWhenProvidingCustomAuthoritiesThenProducesJwtAuthentication() {
-		client
-				.mutateWith(mockJwt().jwt(jwt -> jwt.claim("scope", "ignored authorities"))
-						.authorities(this.authority1, this.authority2))
-				.get()
-				.exchange()
-				.expectStatus().isOk();
+		client.mutateWith(mockJwt().jwt(jwt -> jwt.claim("scope", "ignored authorities")).authorities(this.authority1,
+				this.authority2)).get().exchange().expectStatus().isOk();
 
 		SecurityContext context = securityContextController.removeSecurityContext();
-		assertThat((List<GrantedAuthority>) context.getAuthentication().getAuthorities())
-				.containsOnly(this.authority1, this.authority2);
+		assertThat((List<GrantedAuthority>) context.getAuthentication().getAuthorities()).containsOnly(this.authority1,
+				this.authority2);
 	}
 
 	@Test
 	public void mockJwtWhenProvidingScopedAuthoritiesThenProducesJwtAuthentication() {
-		client
-				.mutateWith(mockJwt().jwt(jwt -> jwt.claim("scope", "scoped authorities")))
-				.get()
-				.exchange()
+		client.mutateWith(mockJwt().jwt(jwt -> jwt.claim("scope", "scoped authorities"))).get().exchange()
 				.expectStatus().isOk();
 
 		SecurityContext context = securityContextController.removeSecurityContext();
-		assertThat((List<GrantedAuthority>) context.getAuthentication().getAuthorities())
-				.containsOnly(new SimpleGrantedAuthority("SCOPE_scoped"),
-						new SimpleGrantedAuthority("SCOPE_authorities"));
+		assertThat((List<GrantedAuthority>) context.getAuthentication().getAuthorities()).containsOnly(
+				new SimpleGrantedAuthority("SCOPE_scoped"), new SimpleGrantedAuthority("SCOPE_authorities"));
 	}
 
 	@Test
 	public void mockJwtWhenProvidingGrantedAuthoritiesThenProducesJwtAuthentication() {
-		client
-				.mutateWith(mockJwt().jwt(jwt -> jwt.claim("scope", "ignored authorities"))
-						.authorities(jwt -> Arrays.asList(this.authority1)))
-						.get()
-						.exchange()
-						.expectStatus().isOk();
+		client.mutateWith(mockJwt().jwt(jwt -> jwt.claim("scope", "ignored authorities"))
+				.authorities(jwt -> Arrays.asList(this.authority1))).get().exchange().expectStatus().isOk();
 
 		SecurityContext context = securityContextController.removeSecurityContext();
-		assertThat((List<GrantedAuthority>) context.getAuthentication().getAuthorities())
-				.containsOnly(this.authority1);
+		assertThat((List<GrantedAuthority>) context.getAuthentication().getAuthorities()).containsOnly(this.authority1);
 	}
 
 	@Test
 	public void mockJwtWhenProvidingPreparedJwtThenProducesJwtAuthentication() {
-		Jwt originalToken = TestJwts.jwt()
-				.header("header1", "value1")
-				.subject("some_user")
-				.build();
-		this.client
-				.mutateWith(mockJwt().jwt(originalToken))
-				.get()
-				.exchange()
-				.expectStatus().isOk();
+		Jwt originalToken = TestJwts.jwt().header("header1", "value1").subject("some_user").build();
+		this.client.mutateWith(mockJwt().jwt(originalToken)).get().exchange().expectStatus().isOk();
 
 		SecurityContext context = securityContextController.removeSecurityContext();
-		assertThat(context.getAuthentication()).isInstanceOf(
-				JwtAuthenticationToken.class);
+		assertThat(context.getAuthentication()).isInstanceOf(JwtAuthenticationToken.class);
 		JwtAuthenticationToken retrievedToken = (JwtAuthenticationToken) context.getAuthentication();
 		assertThat(retrievedToken.getToken().getSubject()).isEqualTo("some_user");
 		assertThat(retrievedToken.getToken().getTokenValue()).isEqualTo("token");
 		assertThat(retrievedToken.getToken().getHeaders().get("header1")).isEqualTo("value1");
 	}
+
 }
diff --git a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersOAuth2ClientTests.java b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersOAuth2ClientTests.java
index c860da6b46..242f0a4327 100644
--- a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersOAuth2ClientTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersOAuth2ClientTests.java
@@ -54,6 +54,7 @@ import static org.springframework.security.test.web.reactive.server.SecurityMock
 
 @RunWith(MockitoJUnitRunner.class)
 public class SecurityMockServerConfigurersOAuth2ClientTests extends AbstractMockServerConfigurersTests {
+
 	private OAuth2LoginController controller = new OAuth2LoginController();
 
 	@Mock
@@ -66,36 +67,26 @@ public class SecurityMockServerConfigurersOAuth2ClientTests extends AbstractMock
 
 	@Before
 	public void setup() {
-		this.client = WebTestClient
-				.bindToController(this.controller)
-				.argumentResolvers(c -> c.addCustomResolver(
-						new OAuth2AuthorizedClientArgumentResolver
-								(this.clientRegistrationRepository, this.authorizedClientRepository)))
-				.webFilter(new SecurityContextServerWebExchangeWebFilter())
-				.apply(springSecurity())
-				.configureClient()
-				.defaultHeader(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_VALUE)
-				.build();
+		this.client = WebTestClient.bindToController(this.controller)
+				.argumentResolvers(c -> c.addCustomResolver(new OAuth2AuthorizedClientArgumentResolver(
+						this.clientRegistrationRepository, this.authorizedClientRepository)))
+				.webFilter(new SecurityContextServerWebExchangeWebFilter()).apply(springSecurity()).configureClient()
+				.defaultHeader(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_VALUE).build();
 	}
 
 	@Test
-	public void oauth2ClientWhenUsingDefaultsThenException()
-			throws Exception {
+	public void oauth2ClientWhenUsingDefaultsThenException() throws Exception {
 
 		WebHttpHandlerBuilder builder = WebHttpHandlerBuilder.webHandler(new DispatcherHandler());
 		assertThatCode(() -> mockOAuth2Client().beforeServerCreated(builder))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessageContaining("ClientRegistration");
+				.isInstanceOf(IllegalArgumentException.class).hasMessageContaining("ClientRegistration");
 	}
 
 	@Test
-	public void oauth2ClientWhenUsingRegistrationIdThenProducesAuthorizedClient()
-			throws Exception {
+	public void oauth2ClientWhenUsingRegistrationIdThenProducesAuthorizedClient() throws Exception {
 
-		this.client.mutateWith(mockOAuth2Client("registration-id"))
-				.get().uri("/client")
-				.exchange()
-				.expectStatus().isOk();
+		this.client.mutateWith(mockOAuth2Client("registration-id")).get().uri("/client").exchange().expectStatus()
+				.isOk();
 
 		OAuth2AuthorizedClient client = this.controller.authorizedClient;
 		assertThat(client).isNotNull();
@@ -105,15 +96,12 @@ public class SecurityMockServerConfigurersOAuth2ClientTests extends AbstractMock
 	}
 
 	@Test
-	public void oauth2ClientWhenClientRegistrationThenUses()
-			throws Exception {
+	public void oauth2ClientWhenClientRegistrationThenUses() throws Exception {
 
-		ClientRegistration clientRegistration = clientRegistration()
-				.registrationId("registration-id").clientId("client-id").build();
-		this.client.mutateWith(mockOAuth2Client().clientRegistration(clientRegistration))
-				.get().uri("/client")
-				.exchange()
-				.expectStatus().isOk();
+		ClientRegistration clientRegistration = clientRegistration().registrationId("registration-id")
+				.clientId("client-id").build();
+		this.client.mutateWith(mockOAuth2Client().clientRegistration(clientRegistration)).get().uri("/client")
+				.exchange().expectStatus().isOk();
 
 		OAuth2AuthorizedClient client = this.controller.authorizedClient;
 		assertThat(client).isNotNull();
@@ -123,14 +111,10 @@ public class SecurityMockServerConfigurersOAuth2ClientTests extends AbstractMock
 	}
 
 	@Test
-	public void oauth2ClientWhenClientRegistrationConsumerThenUses()
-			throws Exception {
+	public void oauth2ClientWhenClientRegistrationConsumerThenUses() throws Exception {
 
-		this.client.mutateWith(mockOAuth2Client("registration-id")
-				.clientRegistration(c -> c.clientId("client-id")))
-				.get().uri("/client")
-				.exchange()
-				.expectStatus().isOk();
+		this.client.mutateWith(mockOAuth2Client("registration-id").clientRegistration(c -> c.clientId("client-id")))
+				.get().uri("/client").exchange().expectStatus().isOk();
 
 		OAuth2AuthorizedClient client = this.controller.authorizedClient;
 		assertThat(client).isNotNull();
@@ -142,24 +126,16 @@ public class SecurityMockServerConfigurersOAuth2ClientTests extends AbstractMock
 
 	@Test
 	public void oauth2ClientWhenPrincipalNameThenUses() throws Exception {
-		this.client.mutateWith(mockOAuth2Client("registration-id")
-				.principalName("test-subject"))
-				.get().uri("/client")
-				.exchange()
-				.expectStatus().isOk()
-				.expectBody(String.class).isEqualTo("test-subject");
+		this.client.mutateWith(mockOAuth2Client("registration-id").principalName("test-subject")).get().uri("/client")
+				.exchange().expectStatus().isOk().expectBody(String.class).isEqualTo("test-subject");
 	}
 
 	@Test
-	public void oauth2ClientWhenAccessTokenThenUses()
-			throws Exception {
+	public void oauth2ClientWhenAccessTokenThenUses() throws Exception {
 
 		OAuth2AccessToken accessToken = noScopes();
-		this.client.mutateWith(mockOAuth2Client("registration-id")
-				.accessToken(accessToken))
-				.get().uri("/client")
-				.exchange()
-				.expectStatus().isOk();
+		this.client.mutateWith(mockOAuth2Client("registration-id").accessToken(accessToken)).get().uri("/client")
+				.exchange().expectStatus().isOk();
 
 		OAuth2AuthorizedClient client = this.controller.authorizedClient;
 		assertThat(client).isNotNull();
@@ -170,39 +146,36 @@ public class SecurityMockServerConfigurersOAuth2ClientTests extends AbstractMock
 
 	@Test
 	public void oauth2ClientWhenUsedOnceThenDoesNotAffectRemainingTests() throws Exception {
-		this.client.mutateWith(mockOAuth2Client("registration-id"))
-				.get().uri("/client")
-				.exchange()
-				.expectStatus().isOk();
+		this.client.mutateWith(mockOAuth2Client("registration-id")).get().uri("/client").exchange().expectStatus()
+				.isOk();
 
 		OAuth2AuthorizedClient client = this.controller.authorizedClient;
 		assertThat(client).isNotNull();
 		assertThat(client.getClientRegistration().getClientId()).isEqualTo("test-client");
 
 		client = new OAuth2AuthorizedClient(clientRegistration().build(), "sub", noScopes());
-		when(this.authorizedClientRepository
-				.loadAuthorizedClient(eq("registration-id"), any(Authentication.class), any(ServerWebExchange.class)))
-				.thenReturn(Mono.just(client));
-		this.client
-				.get().uri("/client")
-				.exchange()
-				.expectStatus().isOk();
+		when(this.authorizedClientRepository.loadAuthorizedClient(eq("registration-id"), any(Authentication.class),
+				any(ServerWebExchange.class))).thenReturn(Mono.just(client));
+		this.client.get().uri("/client").exchange().expectStatus().isOk();
 		client = this.controller.authorizedClient;
 		assertThat(client).isNotNull();
 		assertThat(client.getClientRegistration().getClientId()).isEqualTo("client-id");
-		verify(this.authorizedClientRepository).loadAuthorizedClient(
-				eq("registration-id"), any(Authentication.class), any(ServerWebExchange.class));
+		verify(this.authorizedClientRepository).loadAuthorizedClient(eq("registration-id"), any(Authentication.class),
+				any(ServerWebExchange.class));
 	}
 
 	@RestController
 	static class OAuth2LoginController {
+
 		volatile OAuth2AuthorizedClient authorizedClient;
 
 		@GetMapping("/client")
-		String authorizedClient
-				(@RegisteredOAuth2AuthorizedClient("registration-id") OAuth2AuthorizedClient authorizedClient) {
+		String authorizedClient(
+				@RegisteredOAuth2AuthorizedClient("registration-id") OAuth2AuthorizedClient authorizedClient) {
 			this.authorizedClient = authorizedClient;
 			return authorizedClient.getPrincipalName();
 		}
+
 	}
+
 }
diff --git a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersOAuth2LoginTests.java b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersOAuth2LoginTests.java
index 2e13d5a0de..a07af62850 100644
--- a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersOAuth2LoginTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersOAuth2LoginTests.java
@@ -49,6 +49,7 @@ import static org.springframework.security.test.web.reactive.server.SecurityMock
 
 @RunWith(MockitoJUnitRunner.class)
 public class SecurityMockServerConfigurersOAuth2LoginTests extends AbstractMockServerConfigurersTests {
+
 	private OAuth2LoginController controller = new OAuth2LoginController();
 
 	@Mock
@@ -61,41 +62,29 @@ public class SecurityMockServerConfigurersOAuth2LoginTests extends AbstractMockS
 
 	@Before
 	public void setup() {
-		this.client = WebTestClient
-				.bindToController(this.controller)
-				.argumentResolvers(c -> c.addCustomResolver(
-						new OAuth2AuthorizedClientArgumentResolver
-								(this.clientRegistrationRepository, this.authorizedClientRepository)))
-				.webFilter(new SecurityContextServerWebExchangeWebFilter())
-				.apply(springSecurity())
-				.configureClient()
-				.defaultHeader(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_VALUE)
-				.build();
+		this.client = WebTestClient.bindToController(this.controller)
+				.argumentResolvers(c -> c.addCustomResolver(new OAuth2AuthorizedClientArgumentResolver(
+						this.clientRegistrationRepository, this.authorizedClientRepository)))
+				.webFilter(new SecurityContextServerWebExchangeWebFilter()).apply(springSecurity()).configureClient()
+				.defaultHeader(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_VALUE).build();
 	}
 
 	@Test
 	public void oauth2LoginWhenUsingDefaultsThenProducesDefaultAuthentication() {
-		this.client.mutateWith(mockOAuth2Login())
-				.get().uri("/token")
-				.exchange()
-				.expectStatus().isOk();
+		this.client.mutateWith(mockOAuth2Login()).get().uri("/token").exchange().expectStatus().isOk();
 
 		OAuth2AuthenticationToken token = this.controller.token;
 		assertThat(token).isNotNull();
 		assertThat(token.getAuthorizedClientRegistrationId()).isEqualTo("test");
 		assertThat(token.getPrincipal()).isInstanceOf(OAuth2User.class);
-		assertThat(token.getPrincipal().getAttributes())
-				.containsEntry("sub", "user");
+		assertThat(token.getPrincipal().getAttributes()).containsEntry("sub", "user");
 		assertThat((Collection<GrantedAuthority>) token.getPrincipal().getAuthorities())
 				.contains(new SimpleGrantedAuthority("SCOPE_read"));
 	}
 
 	@Test
 	public void oauth2LoginWhenUsingDefaultsThenProducesDefaultAuthorizedClient() {
-		this.client.mutateWith(mockOAuth2Login())
-				.get().uri("/client")
-				.exchange()
-				.expectStatus().isOk();
+		this.client.mutateWith(mockOAuth2Login()).get().uri("/client").exchange().expectStatus().isOk();
 
 		OAuth2AuthorizedClient client = this.controller.authorizedClient;
 		assertThat(client).isNotNull();
@@ -106,11 +95,8 @@ public class SecurityMockServerConfigurersOAuth2LoginTests extends AbstractMockS
 
 	@Test
 	public void oauth2LoginWhenAuthoritiesSpecifiedThenGrantsAccess() {
-		this.client.mutateWith(mockOAuth2Login()
-				.authorities(new SimpleGrantedAuthority("SCOPE_admin")))
-				.get().uri("/token")
-				.exchange()
-				.expectStatus().isOk();
+		this.client.mutateWith(mockOAuth2Login().authorities(new SimpleGrantedAuthority("SCOPE_admin"))).get()
+				.uri("/token").exchange().expectStatus().isOk();
 
 		OAuth2AuthenticationToken token = this.controller.token;
 		assertThat((Collection<GrantedAuthority>) token.getPrincipal().getAuthorities())
@@ -119,78 +105,54 @@ public class SecurityMockServerConfigurersOAuth2LoginTests extends AbstractMockS
 
 	@Test
 	public void oauth2LoginWhenAttributeSpecifiedThenUserHasAttribute() {
-		this.client.mutateWith(mockOAuth2Login()
-				.attributes(a -> a.put("iss", "https://idp.example.org")))
-				.get().uri("/token")
-				.exchange()
-				.expectStatus().isOk();
+		this.client.mutateWith(mockOAuth2Login().attributes(a -> a.put("iss", "https://idp.example.org"))).get()
+				.uri("/token").exchange().expectStatus().isOk();
 
 		OAuth2AuthenticationToken token = this.controller.token;
-		assertThat(token.getPrincipal().getAttributes())
-				.containsEntry("iss", "https://idp.example.org");
+		assertThat(token.getPrincipal().getAttributes()).containsEntry("iss", "https://idp.example.org");
 	}
 
 	@Test
 	public void oauth2LoginWhenNameSpecifiedThenUserHasName() throws Exception {
-		OAuth2User oauth2User = new DefaultOAuth2User(
-				AuthorityUtils.commaSeparatedStringToAuthorityList("SCOPE_read"),
-				Collections.singletonMap("custom-attribute", "test-subject"),
-				"custom-attribute");
+		OAuth2User oauth2User = new DefaultOAuth2User(AuthorityUtils.commaSeparatedStringToAuthorityList("SCOPE_read"),
+				Collections.singletonMap("custom-attribute", "test-subject"), "custom-attribute");
 
-		this.client.mutateWith(mockOAuth2Login()
-				.oauth2User(oauth2User))
-				.get().uri("/token")
-				.exchange()
-				.expectStatus().isOk();
+		this.client.mutateWith(mockOAuth2Login().oauth2User(oauth2User)).get().uri("/token").exchange().expectStatus()
+				.isOk();
 
 		OAuth2AuthenticationToken token = this.controller.token;
-		assertThat(token.getPrincipal().getName())
-				.isEqualTo("test-subject");
+		assertThat(token.getPrincipal().getName()).isEqualTo("test-subject");
 
-		this.client.mutateWith(mockOAuth2Login()
-				.oauth2User(oauth2User))
-				.get().uri("/client")
-				.exchange()
-				.expectStatus().isOk();
+		this.client.mutateWith(mockOAuth2Login().oauth2User(oauth2User)).get().uri("/client").exchange().expectStatus()
+				.isOk();
 
 		OAuth2AuthorizedClient client = this.controller.authorizedClient;
-		assertThat(client.getPrincipalName())
-				.isEqualTo("test-subject");
+		assertThat(client.getPrincipalName()).isEqualTo("test-subject");
 	}
 
 	@Test
 	public void oauth2LoginWhenOAuth2UserSpecifiedThenLastCalledTakesPrecedence() throws Exception {
-		OAuth2User oauth2User = new DefaultOAuth2User(
-				AuthorityUtils.createAuthorityList("SCOPE_read"),
-				Collections.singletonMap("sub", "subject"),
-				"sub");
+		OAuth2User oauth2User = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("SCOPE_read"),
+				Collections.singletonMap("sub", "subject"), "sub");
 
-		this.client.mutateWith(mockOAuth2Login()
-				.attributes(a -> a.put("subject", "foo"))
-				.oauth2User(oauth2User))
-				.get().uri("/token")
-				.exchange()
-				.expectStatus().isOk();
+		this.client.mutateWith(mockOAuth2Login().attributes(a -> a.put("subject", "foo")).oauth2User(oauth2User)).get()
+				.uri("/token").exchange().expectStatus().isOk();
 
 		OAuth2AuthenticationToken token = this.controller.token;
-		assertThat(token.getPrincipal().getAttributes())
-				.containsEntry("sub", "subject");
+		assertThat(token.getPrincipal().getAttributes()).containsEntry("sub", "subject");
 
-		this.client.mutateWith(mockOAuth2Login()
-				.oauth2User(oauth2User)
-				.attributes(a -> a.put("sub", "bar")))
-				.get().uri("/token")
-				.exchange()
-				.expectStatus().isOk();
+		this.client.mutateWith(mockOAuth2Login().oauth2User(oauth2User).attributes(a -> a.put("sub", "bar"))).get()
+				.uri("/token").exchange().expectStatus().isOk();
 
 		token = this.controller.token;
-		assertThat(token.getPrincipal().getAttributes())
-				.containsEntry("sub", "bar");
+		assertThat(token.getPrincipal().getAttributes()).containsEntry("sub", "bar");
 	}
 
 	@RestController
 	static class OAuth2LoginController {
+
 		volatile OAuth2AuthenticationToken token;
+
 		volatile OAuth2AuthorizedClient authorizedClient;
 
 		@GetMapping("/token")
@@ -200,10 +162,11 @@ public class SecurityMockServerConfigurersOAuth2LoginTests extends AbstractMockS
 		}
 
 		@GetMapping("/client")
-		String authorizedClient
-				(@RegisteredOAuth2AuthorizedClient OAuth2AuthorizedClient authorizedClient) {
+		String authorizedClient(@RegisteredOAuth2AuthorizedClient OAuth2AuthorizedClient authorizedClient) {
 			this.authorizedClient = authorizedClient;
 			return authorizedClient.getPrincipalName();
 		}
+
 	}
+
 }
diff --git a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersOidcLoginTests.java b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersOidcLoginTests.java
index 3388f5518d..3758384d10 100644
--- a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersOidcLoginTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersOidcLoginTests.java
@@ -51,6 +51,7 @@ import static org.springframework.security.test.web.reactive.server.SecurityMock
 
 @RunWith(MockitoJUnitRunner.class)
 public class SecurityMockServerConfigurersOidcLoginTests extends AbstractMockServerConfigurersTests {
+
 	private OAuth2LoginController controller = new OAuth2LoginController();
 
 	@Mock
@@ -63,43 +64,30 @@ public class SecurityMockServerConfigurersOidcLoginTests extends AbstractMockSer
 
 	@Before
 	public void setup() {
-		this.client = WebTestClient
-				.bindToController(this.controller)
-				.argumentResolvers(c -> c.addCustomResolver(
-						new OAuth2AuthorizedClientArgumentResolver
-								(this.clientRegistrationRepository, this.authorizedClientRepository)))
-				.webFilter(new SecurityContextServerWebExchangeWebFilter())
-				.apply(springSecurity())
-				.configureClient()
-				.defaultHeader(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_VALUE)
-				.build();
+		this.client = WebTestClient.bindToController(this.controller)
+				.argumentResolvers(c -> c.addCustomResolver(new OAuth2AuthorizedClientArgumentResolver(
+						this.clientRegistrationRepository, this.authorizedClientRepository)))
+				.webFilter(new SecurityContextServerWebExchangeWebFilter()).apply(springSecurity()).configureClient()
+				.defaultHeader(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_VALUE).build();
 	}
 
 	@Test
 	public void oidcLoginWhenUsingDefaultsThenProducesDefaultAuthentication() {
-		this.client.mutateWith(mockOidcLogin())
-				.get().uri("/token")
-				.exchange()
-				.expectStatus().isOk();
+		this.client.mutateWith(mockOidcLogin()).get().uri("/token").exchange().expectStatus().isOk();
 
 		OAuth2AuthenticationToken token = this.controller.token;
 		assertThat(token).isNotNull();
 		assertThat(token.getAuthorizedClientRegistrationId()).isEqualTo("test");
 		assertThat(token.getPrincipal()).isInstanceOf(OidcUser.class);
-		assertThat(token.getPrincipal().getAttributes())
-				.containsEntry("sub", "user");
+		assertThat(token.getPrincipal().getAttributes()).containsEntry("sub", "user");
 		assertThat((Collection<GrantedAuthority>) token.getPrincipal().getAuthorities())
 				.contains(new SimpleGrantedAuthority("SCOPE_read"));
-		assertThat(((OidcUser) token.getPrincipal()).getIdToken().getTokenValue())
-				.isEqualTo("id-token");
+		assertThat(((OidcUser) token.getPrincipal()).getIdToken().getTokenValue()).isEqualTo("id-token");
 	}
 
 	@Test
 	public void oidcLoginWhenUsingDefaultsThenProducesDefaultAuthorizedClient() {
-		this.client.mutateWith(mockOidcLogin())
-				.get().uri("/client")
-				.exchange()
-				.expectStatus().isOk();
+		this.client.mutateWith(mockOidcLogin()).get().uri("/client").exchange().expectStatus().isOk();
 
 		OAuth2AuthorizedClient client = this.controller.authorizedClient;
 		assertThat(client).isNotNull();
@@ -110,11 +98,8 @@ public class SecurityMockServerConfigurersOidcLoginTests extends AbstractMockSer
 
 	@Test
 	public void oidcLoginWhenAuthoritiesSpecifiedThenGrantsAccess() {
-		this.client.mutateWith(mockOidcLogin()
-				.authorities(new SimpleGrantedAuthority("SCOPE_admin")))
-				.get().uri("/token")
-				.exchange()
-				.expectStatus().isOk();
+		this.client.mutateWith(mockOidcLogin().authorities(new SimpleGrantedAuthority("SCOPE_admin"))).get()
+				.uri("/token").exchange().expectStatus().isOk();
 
 		OAuth2AuthenticationToken token = this.controller.token;
 		assertThat((Collection<GrantedAuthority>) token.getPrincipal().getAuthorities())
@@ -123,90 +108,64 @@ public class SecurityMockServerConfigurersOidcLoginTests extends AbstractMockSer
 
 	@Test
 	public void oidcLoginWhenIdTokenSpecifiedThenUserHasClaims() {
-		this.client.mutateWith(mockOidcLogin()
-				.idToken(i -> i.issuer("https://idp.example.org")))
-				.get().uri("/token")
-				.exchange()
-				.expectStatus().isOk();
+		this.client.mutateWith(mockOidcLogin().idToken(i -> i.issuer("https://idp.example.org"))).get().uri("/token")
+				.exchange().expectStatus().isOk();
 
 		OAuth2AuthenticationToken token = this.controller.token;
-		assertThat(token.getPrincipal().getAttributes())
-				.containsEntry("iss", "https://idp.example.org");
+		assertThat(token.getPrincipal().getAttributes()).containsEntry("iss", "https://idp.example.org");
 	}
 
 	@Test
 	public void oidcLoginWhenUserInfoSpecifiedThenUserHasClaims() throws Exception {
-		this.client.mutateWith(mockOidcLogin()
-				.userInfoToken(u -> u.email("email@email")))
-				.get().uri("/token")
-				.exchange()
-				.expectStatus().isOk();
+		this.client.mutateWith(mockOidcLogin().userInfoToken(u -> u.email("email@email"))).get().uri("/token")
+				.exchange().expectStatus().isOk();
 
 		OAuth2AuthenticationToken token = this.controller.token;
-		assertThat(token.getPrincipal().getAttributes())
-				.containsEntry("email", "email@email");
+		assertThat(token.getPrincipal().getAttributes()).containsEntry("email", "email@email");
 	}
 
 	@Test
 	public void oidcUserWhenNameSpecifiedThenUserHasName() throws Exception {
-		OidcUser oidcUser = new DefaultOidcUser(
-				AuthorityUtils.commaSeparatedStringToAuthorityList("SCOPE_read"),
+		OidcUser oidcUser = new DefaultOidcUser(AuthorityUtils.commaSeparatedStringToAuthorityList("SCOPE_read"),
 				OidcIdToken.withTokenValue("id-token").claim("custom-attribute", "test-subject").build(),
 				"custom-attribute");
 
-		this.client.mutateWith(mockOAuth2Login()
-				.oauth2User(oidcUser))
-				.get().uri("/token")
-				.exchange()
-				.expectStatus().isOk();
+		this.client.mutateWith(mockOAuth2Login().oauth2User(oidcUser)).get().uri("/token").exchange().expectStatus()
+				.isOk();
 
 		OAuth2AuthenticationToken token = this.controller.token;
-		assertThat(token.getPrincipal().getName())
-				.isEqualTo("test-subject");
+		assertThat(token.getPrincipal().getName()).isEqualTo("test-subject");
 
-		this.client.mutateWith(mockOAuth2Login()
-				.oauth2User(oidcUser))
-				.get().uri("/client")
-				.exchange()
-				.expectStatus().isOk();
+		this.client.mutateWith(mockOAuth2Login().oauth2User(oidcUser)).get().uri("/client").exchange().expectStatus()
+				.isOk();
 
 		OAuth2AuthorizedClient client = this.controller.authorizedClient;
-		assertThat(client.getPrincipalName())
-				.isEqualTo("test-subject");
+		assertThat(client.getPrincipalName()).isEqualTo("test-subject");
 	}
 
 	// gh-7794
 	@Test
 	public void oidcLoginWhenOidcUserSpecifiedThenLastCalledTakesPrecedence() throws Exception {
-		OidcUser oidcUser = new DefaultOidcUser(
-				AuthorityUtils.createAuthorityList("SCOPE_read"), idToken().build());
+		OidcUser oidcUser = new DefaultOidcUser(AuthorityUtils.createAuthorityList("SCOPE_read"), idToken().build());
 
-		this.client.mutateWith(mockOidcLogin()
-				.idToken(i -> i.subject("foo"))
-				.oidcUser(oidcUser))
-				.get().uri("/token")
-				.exchange()
-				.expectStatus().isOk();
+		this.client.mutateWith(mockOidcLogin().idToken(i -> i.subject("foo")).oidcUser(oidcUser)).get().uri("/token")
+				.exchange().expectStatus().isOk();
 
 		OAuth2AuthenticationToken token = this.controller.token;
-		assertThat(token.getPrincipal().getAttributes())
-				.containsEntry("sub", "subject");
+		assertThat(token.getPrincipal().getAttributes()).containsEntry("sub", "subject");
 
-		this.client.mutateWith(mockOidcLogin()
-				.oidcUser(oidcUser)
-				.idToken(i -> i.subject("bar")))
-				.get().uri("/token")
-				.exchange()
-				.expectStatus().isOk();
+		this.client.mutateWith(mockOidcLogin().oidcUser(oidcUser).idToken(i -> i.subject("bar"))).get().uri("/token")
+				.exchange().expectStatus().isOk();
 
 		token = this.controller.token;
-		assertThat(token.getPrincipal().getAttributes())
-				.containsEntry("sub", "bar");
+		assertThat(token.getPrincipal().getAttributes()).containsEntry("sub", "bar");
 	}
 
 	@RestController
 	static class OAuth2LoginController {
+
 		volatile OAuth2AuthenticationToken token;
+
 		volatile OAuth2AuthorizedClient authorizedClient;
 
 		@GetMapping("/token")
@@ -216,10 +175,11 @@ public class SecurityMockServerConfigurersOidcLoginTests extends AbstractMockSer
 		}
 
 		@GetMapping("/client")
-		String authorizedClient
-				(@RegisteredOAuth2AuthorizedClient OAuth2AuthorizedClient authorizedClient) {
+		String authorizedClient(@RegisteredOAuth2AuthorizedClient OAuth2AuthorizedClient authorizedClient) {
 			this.authorizedClient = authorizedClient;
 			return authorizedClient.getPrincipalName();
 		}
+
 	}
+
 }
diff --git a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersTests.java b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersTests.java
index 11203e8d09..4bd771830d 100644
--- a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersTests.java
@@ -37,50 +37,33 @@ import static org.springframework.security.test.web.reactive.server.SecurityMock
  * @since 5.0
  */
 public class SecurityMockServerConfigurersTests extends AbstractMockServerConfigurersTests {
-	WebTestClient client = WebTestClient
-		.bindToController(controller)
-		.webFilter( new CsrfWebFilter(), new SecurityContextServerWebExchangeWebFilter())
-		.apply(springSecurity())
-		.configureClient()
-		.defaultHeader(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_VALUE)
-		.build();
+
+	WebTestClient client = WebTestClient.bindToController(controller)
+			.webFilter(new CsrfWebFilter(), new SecurityContextServerWebExchangeWebFilter()).apply(springSecurity())
+			.configureClient().defaultHeader(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_VALUE).build();
 
 	@Test
 	public void mockAuthenticationWhenLocalThenSuccess() {
-		TestingAuthenticationToken authentication = new TestingAuthenticationToken("authentication", "secret", "ROLE_USER");
-		client
-			.mutateWith(mockAuthentication(authentication))
-			.get()
-			.exchange()
-			.expectStatus().isOk();
+		TestingAuthenticationToken authentication = new TestingAuthenticationToken("authentication", "secret",
+				"ROLE_USER");
+		client.mutateWith(mockAuthentication(authentication)).get().exchange().expectStatus().isOk();
 		controller.assertPrincipalIsEqualTo(authentication);
 	}
 
 	@Test
 	public void mockAuthenticationWhenGlobalThenSuccess() {
-		TestingAuthenticationToken authentication = new TestingAuthenticationToken("authentication", "secret", "ROLE_USER");
-		client = WebTestClient
-			.bindToController(controller)
-			.webFilter(new SecurityContextServerWebExchangeWebFilter())
-			.apply(springSecurity())
-			.apply(mockAuthentication(authentication))
-			.configureClient()
-			.defaultHeader(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_VALUE)
-			.build();
-		client
-			.get()
-			.exchange()
-			.expectStatus().isOk();
+		TestingAuthenticationToken authentication = new TestingAuthenticationToken("authentication", "secret",
+				"ROLE_USER");
+		client = WebTestClient.bindToController(controller).webFilter(new SecurityContextServerWebExchangeWebFilter())
+				.apply(springSecurity()).apply(mockAuthentication(authentication)).configureClient()
+				.defaultHeader(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_VALUE).build();
+		client.get().exchange().expectStatus().isOk();
 		controller.assertPrincipalIsEqualTo(authentication);
 	}
 
 	@Test
 	public void mockUserWhenDefaultsThenSuccess() {
-		client
-			.mutateWith(mockUser())
-			.get()
-			.exchange()
-			.expectStatus().isOk();
+		client.mutateWith(mockUser()).get().exchange().expectStatus().isOk();
 
 		Principal actual = controller.removePrincipal();
 
@@ -89,18 +72,10 @@ public class SecurityMockServerConfigurersTests extends AbstractMockServerConfig
 
 	@Test
 	public void mockUserWhenGlobalThenSuccess() {
-		client = WebTestClient
-			.bindToController(controller)
-			.webFilter(new SecurityContextServerWebExchangeWebFilter())
-			.apply(springSecurity())
-			.apply(mockUser())
-			.configureClient()
-			.defaultHeader(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_VALUE)
-			.build();
-		client
-			.get()
-			.exchange()
-			.expectStatus().isOk();
+		client = WebTestClient.bindToController(controller).webFilter(new SecurityContextServerWebExchangeWebFilter())
+				.apply(springSecurity()).apply(mockUser()).configureClient()
+				.defaultHeader(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_VALUE).build();
+		client.get().exchange().expectStatus().isOk();
 
 		Principal actual = controller.removePrincipal();
 
@@ -109,11 +84,7 @@ public class SecurityMockServerConfigurersTests extends AbstractMockServerConfig
 
 	@Test
 	public void mockUserStringWhenLocalThenSuccess() {
-		client
-			.mutateWith(mockUser(userBuilder.build().getUsername()))
-			.get()
-			.exchange()
-			.expectStatus().isOk();
+		client.mutateWith(mockUser(userBuilder.build().getUsername())).get().exchange().expectStatus().isOk();
 
 		Principal actual = controller.removePrincipal();
 
@@ -123,11 +94,8 @@ public class SecurityMockServerConfigurersTests extends AbstractMockServerConfig
 	@Test
 	public void mockUserStringWhenCustomThenSuccess() {
 		this.userBuilder = User.withUsername("admin").password("secret").roles("USER", "ADMIN");
-		client
-			.mutateWith(mockUser("admin").password("secret").roles("USER", "ADMIN"))
-			.get()
-			.exchange()
-			.expectStatus().isOk();
+		client.mutateWith(mockUser("admin").password("secret").roles("USER", "ADMIN")).get().exchange().expectStatus()
+				.isOk();
 
 		Principal actual = controller.removePrincipal();
 
@@ -137,11 +105,7 @@ public class SecurityMockServerConfigurersTests extends AbstractMockServerConfig
 	@Test
 	public void mockUserUserDetailsLocalThenSuccess() {
 		UserDetails userDetails = this.userBuilder.build();
-		client
-			.mutateWith(mockUser(userDetails))
-			.get()
-			.exchange()
-			.expectStatus().isOk();
+		client.mutateWith(mockUser(userDetails)).get().exchange().expectStatus().isOk();
 
 		Principal actual = controller.removePrincipal();
 
@@ -150,34 +114,20 @@ public class SecurityMockServerConfigurersTests extends AbstractMockServerConfig
 
 	@Test
 	public void csrfWhenMutateWithThenDisablesCsrf() {
-		this.client
-			.post()
-			.exchange()
-			.expectStatus().isEqualTo(HttpStatus.FORBIDDEN)
-			.expectBody().consumeWith( b -> assertThat(new String(b.getResponseBody())).contains("CSRF"));
+		this.client.post().exchange().expectStatus().isEqualTo(HttpStatus.FORBIDDEN).expectBody()
+				.consumeWith(b -> assertThat(new String(b.getResponseBody())).contains("CSRF"));
 
-		this.client
-			.mutateWith(csrf())
-			.post()
-			.exchange()
-			.expectStatus().isOk();
+		this.client.mutateWith(csrf()).post().exchange().expectStatus().isOk();
 
 	}
 
 	@Test
 	public void csrfWhenGlobalThenDisablesCsrf() {
-		this.client = WebTestClient
-			.bindToController(this.controller)
-			.webFilter(new CsrfWebFilter())
-			.apply(springSecurity())
-			.apply(csrf())
-			.configureClient()
-			.build();
+		this.client = WebTestClient.bindToController(this.controller).webFilter(new CsrfWebFilter())
+				.apply(springSecurity()).apply(csrf()).configureClient().build();
 
-		this.client
-			.get()
-			.exchange()
-			.expectStatus().isOk();
+		this.client.get().exchange().expectStatus().isOk();
 
 	}
+
 }
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/Sec2935Tests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/Sec2935Tests.java
index 58633511ce..00f9dff771 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/Sec2935Tests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/Sec2935Tests.java
@@ -44,7 +44,6 @@ import org.springframework.web.context.WebApplicationContext;
  * @author Rob Winch
  */
 
-
 @RunWith(SpringJUnit4ClassRunner.class)
 @ContextConfiguration
 @WebAppConfiguration
@@ -57,89 +56,62 @@ public class Sec2935Tests {
 
 	@Before
 	public void setup() {
-		mvc = MockMvcBuilders.webAppContextSetup(context)
-				.apply(springSecurity())
-				.build();
+		mvc = MockMvcBuilders.webAppContextSetup(context).apply(springSecurity()).build();
 	}
 
 	// SEC-2935
 	@Test
 	public void postProcessorUserNoUser() throws Exception {
-		mvc
-			.perform(get("/admin/abc").with(user("user").roles("ADMIN", "USER")))
-			.andExpect(status().isNotFound())
-			.andExpect(authenticated().withUsername("user"));
+		mvc.perform(get("/admin/abc").with(user("user").roles("ADMIN", "USER"))).andExpect(status().isNotFound())
+				.andExpect(authenticated().withUsername("user"));
 
-		mvc
-			.perform(get("/admin/abc"))
-			.andExpect(status().isUnauthorized())
-			.andExpect(unauthenticated());
+		mvc.perform(get("/admin/abc")).andExpect(status().isUnauthorized()).andExpect(unauthenticated());
 	}
 
 	@Test
 	public void postProcessorUserOtherUser() throws Exception {
-		mvc
-			.perform(get("/admin/abc").with(user("user1").roles("ADMIN", "USER")))
-			.andExpect(status().isNotFound())
-			.andExpect(authenticated().withUsername("user1"));
+		mvc.perform(get("/admin/abc").with(user("user1").roles("ADMIN", "USER"))).andExpect(status().isNotFound())
+				.andExpect(authenticated().withUsername("user1"));
 
-		mvc
-			.perform(get("/admin/abc").with(user("user2").roles("USER")))
-			.andExpect(status().isForbidden())
-			.andExpect(authenticated().withUsername("user2"));
+		mvc.perform(get("/admin/abc").with(user("user2").roles("USER"))).andExpect(status().isForbidden())
+				.andExpect(authenticated().withUsername("user2"));
 	}
 
 	@WithMockUser
 	@Test
 	public void postProcessorUserWithMockUser() throws Exception {
-		mvc
-			.perform(get("/admin/abc").with(user("user1").roles("ADMIN", "USER")))
-			.andExpect(status().isNotFound())
-			.andExpect(authenticated().withUsername("user1"));
+		mvc.perform(get("/admin/abc").with(user("user1").roles("ADMIN", "USER"))).andExpect(status().isNotFound())
+				.andExpect(authenticated().withUsername("user1"));
 
-		mvc
-			.perform(get("/admin/abc"))
-			.andExpect(status().isForbidden())
-			.andExpect(authenticated().withUsername("user"));
+		mvc.perform(get("/admin/abc")).andExpect(status().isForbidden())
+				.andExpect(authenticated().withUsername("user"));
 	}
 
 	// SEC-2941
 	@Test
 	public void defaultRequest() throws Exception {
-		mvc = MockMvcBuilders.webAppContextSetup(context)
-				.apply(springSecurity())
-				.defaultRequest(get("/").with(user("default")))
-				.build();
+		mvc = MockMvcBuilders.webAppContextSetup(context).apply(springSecurity())
+				.defaultRequest(get("/").with(user("default"))).build();
 
-		mvc
-			.perform(get("/admin/abc").with(user("user1").roles("ADMIN", "USER")))
-			.andExpect(status().isNotFound())
-			.andExpect(authenticated().withUsername("user1"));
+		mvc.perform(get("/admin/abc").with(user("user1").roles("ADMIN", "USER"))).andExpect(status().isNotFound())
+				.andExpect(authenticated().withUsername("user1"));
 
-		mvc
-			.perform(get("/admin/abc"))
-			.andExpect(status().isForbidden())
-			.andExpect(authenticated().withUsername("default"));
+		mvc.perform(get("/admin/abc")).andExpect(status().isForbidden())
+				.andExpect(authenticated().withUsername("default"));
 	}
 
 	@Ignore
 	@WithMockUser
 	@Test
 	public void defaultRequestOverridesWithMockUser() throws Exception {
-		mvc = MockMvcBuilders.webAppContextSetup(context)
-				.apply(springSecurity())
-				.defaultRequest(get("/").with(user("default")))
-				.build();
+		mvc = MockMvcBuilders.webAppContextSetup(context).apply(springSecurity())
+				.defaultRequest(get("/").with(user("default"))).build();
 
-		mvc
-			.perform(get("/admin/abc").with(user("user1").roles("ADMIN", "USER")))
-			.andExpect(status().isNotFound())
-			.andExpect(authenticated().withUsername("user1"));
+		mvc.perform(get("/admin/abc").with(user("user1").roles("ADMIN", "USER"))).andExpect(status().isNotFound())
+				.andExpect(authenticated().withUsername("user1"));
 
-		mvc
-			.perform(get("/admin/abc"))
-			.andExpect(status().isForbidden())
-			.andExpect(authenticated().withUsername("default"));
+		mvc.perform(get("/admin/abc")).andExpect(status().isForbidden())
+				.andExpect(authenticated().withUsername("default"));
 	}
 
 	@EnableWebSecurity
@@ -162,5 +134,7 @@ public class Sec2935Tests {
 		public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
 			auth.inMemoryAuthentication();
 		}
+
 	}
+
 }
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestBuildersFormLoginTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestBuildersFormLoginTests.java
index 3a00f6a080..5b3ba5f44e 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestBuildersFormLoginTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestBuildersFormLoginTests.java
@@ -39,6 +39,7 @@ import static org.powermock.api.mockito.PowerMockito.when;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.formLogin;
 
 public class SecurityMockMvcRequestBuildersFormLoginTests {
+
 	private MockServletContext servletContext;
 
 	@Before
@@ -55,16 +56,15 @@ public class SecurityMockMvcRequestBuildersFormLoginTests {
 		assertThat(request.getParameter("username")).isEqualTo("user");
 		assertThat(request.getParameter("password")).isEqualTo("password");
 		assertThat(request.getMethod()).isEqualTo("POST");
-		assertThat(request.getParameter(token.getParameterName()))
-				.isEqualTo(token.getToken());
+		assertThat(request.getParameter(token.getParameterName())).isEqualTo(token.getToken());
 		assertThat(request.getRequestURI()).isEqualTo("/login");
 		assertThat(request.getParameter("_csrf")).isNotNull();
 	}
 
 	@Test
 	public void custom() {
-		MockHttpServletRequest request = formLogin("/login").user("username", "admin")
-				.password("password", "secret").buildRequest(this.servletContext);
+		MockHttpServletRequest request = formLogin("/login").user("username", "admin").password("password", "secret")
+				.buildRequest(this.servletContext);
 
 		CsrfToken token = (CsrfToken) request
 				.getAttribute(CsrfRequestPostProcessor.TestCsrfTokenRepository.TOKEN_ATTR_NAME);
@@ -72,8 +72,7 @@ public class SecurityMockMvcRequestBuildersFormLoginTests {
 		assertThat(request.getParameter("username")).isEqualTo("admin");
 		assertThat(request.getParameter("password")).isEqualTo("secret");
 		assertThat(request.getMethod()).isEqualTo("POST");
-		assertThat(request.getParameter(token.getParameterName()))
-				.isEqualTo(token.getToken());
+		assertThat(request.getParameter(token.getParameterName())).isEqualTo(token.getToken());
 		assertThat(request.getRequestURI()).isEqualTo("/login");
 	}
 
@@ -88,14 +87,13 @@ public class SecurityMockMvcRequestBuildersFormLoginTests {
 		assertThat(request.getParameter("username")).isEqualTo("admin");
 		assertThat(request.getParameter("password")).isEqualTo("secret");
 		assertThat(request.getMethod()).isEqualTo("POST");
-		assertThat(request.getParameter(token.getParameterName()))
-				.isEqualTo(token.getToken());
+		assertThat(request.getParameter(token.getParameterName())).isEqualTo(token.getToken());
 		assertThat(request.getRequestURI()).isEqualTo("/uri-login/val1/val2");
 	}
 
 	/**
-	 * spring-restdocs uses postprocessors to do its trick. It will work only if these are merged together
-	 * with our request builders. (gh-7572)
+	 * spring-restdocs uses postprocessors to do its trick. It will work only if these are
+	 * merged together with our request builders. (gh-7572)
 	 * @throws Exception
 	 */
 	@Test
@@ -103,9 +101,7 @@ public class SecurityMockMvcRequestBuildersFormLoginTests {
 		RequestPostProcessor postProcessor = mock(RequestPostProcessor.class);
 		when(postProcessor.postProcessRequest(any())).thenAnswer(i -> i.getArgument(0));
 		MockMvc mockMvc = MockMvcBuilders.standaloneSetup(new Object())
-				.defaultRequest(MockMvcRequestBuilders.get("/").with(postProcessor))
-				.build();
-
+				.defaultRequest(MockMvcRequestBuilders.get("/").with(postProcessor)).build();
 
 		MvcResult mvcResult = mockMvc.perform(formLogin()).andReturn();
 		assertThat(mvcResult.getRequest().getMethod()).isEqualTo(HttpMethod.POST.name());
@@ -121,10 +117,10 @@ public class SecurityMockMvcRequestBuildersFormLoginTests {
 	// gh-3920
 	@Test
 	public void usesAcceptMediaForContentNegotiation() {
-		MockHttpServletRequest request = formLogin("/login").user("username", "admin")
-				.password("password", "secret").buildRequest(this.servletContext);
+		MockHttpServletRequest request = formLogin("/login").user("username", "admin").password("password", "secret")
+				.buildRequest(this.servletContext);
 
-		assertThat(request.getHeader("Accept"))
-				.isEqualTo(MediaType.APPLICATION_FORM_URLENCODED_VALUE);
+		assertThat(request.getHeader("Accept")).isEqualTo(MediaType.APPLICATION_FORM_URLENCODED_VALUE);
 	}
+
 }
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestBuildersFormLogoutTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestBuildersFormLogoutTests.java
index b6271e9409..a65ba5a5d0 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestBuildersFormLogoutTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestBuildersFormLogoutTests.java
@@ -39,6 +39,7 @@ import static org.powermock.api.mockito.PowerMockito.when;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.logout;
 
 public class SecurityMockMvcRequestBuildersFormLogoutTests {
+
 	private MockServletContext servletContext;
 
 	@Before
@@ -50,43 +51,42 @@ public class SecurityMockMvcRequestBuildersFormLogoutTests {
 	public void defaults() {
 		MockHttpServletRequest request = logout().buildRequest(servletContext);
 
-		CsrfToken token = (CsrfToken) request.getAttribute(CsrfRequestPostProcessor.TestCsrfTokenRepository.TOKEN_ATTR_NAME);
+		CsrfToken token = (CsrfToken) request
+				.getAttribute(CsrfRequestPostProcessor.TestCsrfTokenRepository.TOKEN_ATTR_NAME);
 
 		assertThat(request.getMethod()).isEqualTo("POST");
-		assertThat(request.getParameter(token.getParameterName())).isEqualTo(
-				token.getToken());
+		assertThat(request.getParameter(token.getParameterName())).isEqualTo(token.getToken());
 		assertThat(request.getRequestURI()).isEqualTo("/logout");
 	}
 
 	@Test
 	public void custom() {
-		MockHttpServletRequest request = logout("/admin/logout").buildRequest(
-				servletContext);
+		MockHttpServletRequest request = logout("/admin/logout").buildRequest(servletContext);
 
-		CsrfToken token = (CsrfToken) request.getAttribute(CsrfRequestPostProcessor.TestCsrfTokenRepository.TOKEN_ATTR_NAME);
+		CsrfToken token = (CsrfToken) request
+				.getAttribute(CsrfRequestPostProcessor.TestCsrfTokenRepository.TOKEN_ATTR_NAME);
 
 		assertThat(request.getMethod()).isEqualTo("POST");
-		assertThat(request.getParameter(token.getParameterName())).isEqualTo(
-				token.getToken());
+		assertThat(request.getParameter(token.getParameterName())).isEqualTo(token.getToken());
 		assertThat(request.getRequestURI()).isEqualTo("/admin/logout");
 	}
 
 	@Test
 	public void customWithUriVars() {
-		MockHttpServletRequest request = logout().logoutUrl("/uri-logout/{var1}/{var2}", "val1", "val2").buildRequest(
-				servletContext);
+		MockHttpServletRequest request = logout().logoutUrl("/uri-logout/{var1}/{var2}", "val1", "val2")
+				.buildRequest(servletContext);
 
-		CsrfToken token = (CsrfToken) request.getAttribute(CsrfRequestPostProcessor.TestCsrfTokenRepository.TOKEN_ATTR_NAME);
+		CsrfToken token = (CsrfToken) request
+				.getAttribute(CsrfRequestPostProcessor.TestCsrfTokenRepository.TOKEN_ATTR_NAME);
 
 		assertThat(request.getMethod()).isEqualTo("POST");
-		assertThat(request.getParameter(token.getParameterName())).isEqualTo(
-				token.getToken());
+		assertThat(request.getParameter(token.getParameterName())).isEqualTo(token.getToken());
 		assertThat(request.getRequestURI()).isEqualTo("/uri-logout/val1/val2");
 	}
 
 	/**
-	 * spring-restdocs uses postprocessors to do its trick. It will work only if these are merged together
-	 * with our request builders. (gh-7572)
+	 * spring-restdocs uses postprocessors to do its trick. It will work only if these are
+	 * merged together with our request builders. (gh-7572)
 	 * @throws Exception
 	 */
 	@Test
@@ -94,8 +94,7 @@ public class SecurityMockMvcRequestBuildersFormLogoutTests {
 		RequestPostProcessor postProcessor = mock(RequestPostProcessor.class);
 		when(postProcessor.postProcessRequest(any())).thenAnswer(i -> i.getArgument(0));
 		MockMvc mockMvc = MockMvcBuilders.standaloneSetup(new Object())
-				.defaultRequest(MockMvcRequestBuilders.get("/").with(postProcessor))
-				.build();
+				.defaultRequest(MockMvcRequestBuilders.get("/").with(postProcessor)).build();
 
 		MvcResult mvcResult = mockMvc.perform(logout()).andReturn();
 		assertThat(mvcResult.getRequest().getMethod()).isEqualTo(HttpMethod.POST.name());
@@ -105,4 +104,5 @@ public class SecurityMockMvcRequestBuildersFormLogoutTests {
 		assertThat(mvcResult.getRequest().getParameter("_csrf")).isNotEmpty();
 		verify(postProcessor).postProcessRequest(any());
 	}
+
 }
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsAuthenticationStatelessTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsAuthenticationStatelessTests.java
index 51c92c5032..a7dd2d0c4a 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsAuthenticationStatelessTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsAuthenticationStatelessTests.java
@@ -92,10 +92,14 @@ public class SecurityMockMvcRequestPostProcessorsAuthenticationStatelessTests {
 
 		@RestController
 		static class Controller {
+
 			@RequestMapping
 			public String hello() {
 				return "Hello";
 			}
+
 		}
+
 	}
+
 }
\ No newline at end of file
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsAuthenticationTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsAuthenticationTests.java
index 357e386719..9a8f0d392f 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsAuthenticationTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsAuthenticationTests.java
@@ -44,10 +44,13 @@ import org.springframework.security.web.context.SecurityContextRepository;
 
 @RunWith(PowerMockRunner.class)
 @PrepareOnlyThisForTest(WebTestUtils.class)
-@PowerMockIgnore({"javax.security.auth.*", "org.w3c.dom.*", "org.xml.sax.*", "org.apache.xerces.*", "javax.xml.parsers.*"})
+@PowerMockIgnore({ "javax.security.auth.*", "org.w3c.dom.*", "org.xml.sax.*", "org.apache.xerces.*",
+		"javax.xml.parsers.*" })
 public class SecurityMockMvcRequestPostProcessorsAuthenticationTests {
+
 	@Captor
 	private ArgumentCaptor<SecurityContext> contextCaptor;
+
 	@Mock
 	private SecurityContextRepository repository;
 
@@ -71,8 +74,7 @@ public class SecurityMockMvcRequestPostProcessorsAuthenticationTests {
 	public void userDetails() {
 		authentication(authentication).postProcessRequest(request);
 
-		verify(repository).saveContext(contextCaptor.capture(), eq(request),
-				any(HttpServletResponse.class));
+		verify(repository).saveContext(contextCaptor.capture(), eq(request), any(HttpServletResponse.class));
 		SecurityContext context = contextCaptor.getValue();
 		assertThat(context.getAuthentication()).isSameAs(authentication);
 	}
@@ -81,4 +83,5 @@ public class SecurityMockMvcRequestPostProcessorsAuthenticationTests {
 		spy(WebTestUtils.class);
 		when(WebTestUtils.getSecurityContextRepository(request)).thenReturn(repository);
 	}
+
 }
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCertificateTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCertificateTests.java
index 2d471ebb38..0953513cdb 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCertificateTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCertificateTests.java
@@ -29,6 +29,7 @@ import static org.springframework.security.test.web.servlet.request.SecurityMock
 
 @RunWith(MockitoJUnitRunner.class)
 public class SecurityMockMvcRequestPostProcessorsCertificateTests {
+
 	@Mock
 	private X509Certificate certificate;
 
@@ -41,8 +42,7 @@ public class SecurityMockMvcRequestPostProcessorsCertificateTests {
 
 	@Test
 	public void x509SingleCertificate() {
-		MockHttpServletRequest postProcessedRequest = x509(certificate)
-				.postProcessRequest(request);
+		MockHttpServletRequest postProcessedRequest = x509(certificate).postProcessRequest(request);
 
 		X509Certificate[] certificates = (X509Certificate[]) postProcessedRequest
 				.getAttribute("javax.servlet.request.X509Certificate");
@@ -52,14 +52,14 @@ public class SecurityMockMvcRequestPostProcessorsCertificateTests {
 
 	@Test
 	public void x509ResourceName() throws Exception {
-		MockHttpServletRequest postProcessedRequest = x509("rod.cer").postProcessRequest(
-				request);
+		MockHttpServletRequest postProcessedRequest = x509("rod.cer").postProcessRequest(request);
 
 		X509Certificate[] certificates = (X509Certificate[]) postProcessedRequest
 				.getAttribute("javax.servlet.request.X509Certificate");
 
 		assertThat(certificates).hasSize(1);
-		assertThat(certificates[0].getSubjectDN().getName()).isEqualTo(
-				"CN=rod, OU=Spring Security, O=Spring Framework");
+		assertThat(certificates[0].getSubjectDN().getName())
+				.isEqualTo("CN=rod, OU=Spring Security, O=Spring Framework");
 	}
+
 }
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCsrfDebugFilterTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCsrfDebugFilterTests.java
index b65a219236..7c7d9923d0 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCsrfDebugFilterTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCsrfDebugFilterTests.java
@@ -53,6 +53,7 @@ public class SecurityMockMvcRequestPostProcessorsCsrfDebugFilterTests {
 
 	@EnableWebSecurity
 	static class Config extends WebSecurityConfigurerAdapter {
+
 		static CsrfTokenRepository cookieCsrfTokenRepository = new CookieCsrfTokenRepository();
 
 		@Override
@@ -65,5 +66,7 @@ public class SecurityMockMvcRequestPostProcessorsCsrfDebugFilterTests {
 			// Enable the DebugFilter
 			web.debug(true);
 		}
+
 	}
+
 }
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCsrfTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCsrfTests.java
index 26caba94e7..cfdd8d009a 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCsrfTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCsrfTests.java
@@ -62,10 +62,13 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
 @ContextConfiguration
 @WebAppConfiguration
 public class SecurityMockMvcRequestPostProcessorsCsrfTests {
+
 	@Autowired
 	WebApplicationContext wac;
+
 	@Autowired
 	TheController controller;
+
 	@Autowired
 	FilterChainProxy springSecurityFilterChain;
 
@@ -177,6 +180,7 @@ public class SecurityMockMvcRequestPostProcessorsCsrfTests {
 			assertThat(request.getParameter("_csrf")).isNotNull();
 			assertThat(request.getHeader("X-CSRF-TOKEN")).isNull();
 		}
+
 	}
 
 	public static ResultMatcher csrfAsHeader() {
@@ -191,18 +195,19 @@ public class SecurityMockMvcRequestPostProcessorsCsrfTests {
 			assertThat(request.getParameter("_csrf")).isNull();
 			assertThat(request.getHeader("X-CSRF-TOKEN")).isNotNull();
 		}
+
 	}
 
 	static class SessionRepositoryFilter extends OncePerRequestFilter {
 
 		@Override
-		protected void doFilterInternal(HttpServletRequest request,
-				HttpServletResponse response, FilterChain filterChain)
-						throws ServletException, IOException {
+		protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
+				FilterChain filterChain) throws ServletException, IOException {
 			filterChain.doFilter(new SessionRequestWrapper(request), response);
 		}
 
 		static class SessionRequestWrapper extends HttpServletRequestWrapper {
+
 			HttpSession session = new MockHttpSession();
 
 			SessionRequestWrapper(HttpServletRequest request) {
@@ -218,21 +223,28 @@ public class SecurityMockMvcRequestPostProcessorsCsrfTests {
 			public HttpSession getSession() {
 				return this.session;
 			}
+
 		}
+
 	}
 
 	@EnableWebSecurity
 	static class Config extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) {
 		}
 
 		@RestController
 		static class TheController {
+
 			@RequestMapping("/")
 			String index() {
 				return "Hi";
 			}
+
 		}
+
 	}
+
 }
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsDigestTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsDigestTests.java
index 39bae21942..412a3bce13 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsDigestTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsDigestTests.java
@@ -39,6 +39,7 @@ import static org.springframework.security.test.web.servlet.request.SecurityMock
 public class SecurityMockMvcRequestPostProcessorsDigestTests {
 
 	private DigestAuthenticationFilter filter;
+
 	private MockHttpServletRequest request;
 
 	private String username;
@@ -56,8 +57,8 @@ public class SecurityMockMvcRequestPostProcessorsDigestTests {
 		entryPoint.setKey("key");
 		entryPoint.setRealmName("Spring Security");
 		filter = new DigestAuthenticationFilter();
-		filter.setUserDetailsService(username -> new User(username, password, AuthorityUtils
-				.createAuthorityList("ROLE_USER")));
+		filter.setUserDetailsService(
+				username -> new User(username, password, AuthorityUtils.createAuthorityList("ROLE_USER")));
 		filter.setAuthenticationEntryPoint(entryPoint);
 		filter.afterPropertiesSet();
 	}
@@ -69,8 +70,7 @@ public class SecurityMockMvcRequestPostProcessorsDigestTests {
 
 	@Test
 	public void digestWithFilter() throws Exception {
-		MockHttpServletRequest postProcessedRequest = digest()
-				.postProcessRequest(request);
+		MockHttpServletRequest postProcessedRequest = digest().postProcessRequest(request);
 
 		assertThat(extractUser()).isEqualTo("user");
 	}
@@ -78,8 +78,7 @@ public class SecurityMockMvcRequestPostProcessorsDigestTests {
 	@Test
 	public void digestWithFilterCustomUsername() throws Exception {
 		String username = "admin";
-		MockHttpServletRequest postProcessedRequest = digest(username)
-				.postProcessRequest(request);
+		MockHttpServletRequest postProcessedRequest = digest(username).postProcessRequest(request);
 
 		assertThat(extractUser()).isEqualTo(username);
 	}
@@ -88,8 +87,7 @@ public class SecurityMockMvcRequestPostProcessorsDigestTests {
 	public void digestWithFilterCustomPassword() throws Exception {
 		String username = "custom";
 		password = "secret";
-		MockHttpServletRequest postProcessedRequest = digest(username).password(password)
-				.postProcessRequest(request);
+		MockHttpServletRequest postProcessedRequest = digest(username).password(password).postProcessRequest(request);
 
 		assertThat(extractUser()).isEqualTo(username);
 	}
@@ -98,8 +96,8 @@ public class SecurityMockMvcRequestPostProcessorsDigestTests {
 	public void digestWithFilterCustomRealm() throws Exception {
 		String username = "admin";
 		entryPoint.setRealmName("Custom");
-		MockHttpServletRequest postProcessedRequest = digest(username).realm(
-				entryPoint.getRealmName()).postProcessRequest(request);
+		MockHttpServletRequest postProcessedRequest = digest(username).realm(entryPoint.getRealmName())
+				.postProcessRequest(request);
 
 		assertThat(extractUser()).isEqualTo(username);
 	}
@@ -107,8 +105,7 @@ public class SecurityMockMvcRequestPostProcessorsDigestTests {
 	@Test
 	public void digestWithFilterFails() throws Exception {
 		String username = "admin";
-		MockHttpServletRequest postProcessedRequest = digest(username).realm("Invalid")
-				.postProcessRequest(request);
+		MockHttpServletRequest postProcessedRequest = digest(username).realm("Invalid").postProcessRequest(request);
 
 		assertThat(extractUser()).isNull();
 	}
@@ -117,11 +114,11 @@ public class SecurityMockMvcRequestPostProcessorsDigestTests {
 		filter.doFilter(request, new MockHttpServletResponse(), new MockFilterChain() {
 			@Override
 			public void doFilter(ServletRequest request, ServletResponse response) {
-				Authentication authentication = SecurityContextHolder.getContext()
-						.getAuthentication();
+				Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
 				username = authentication == null ? null : authentication.getName();
 			}
 		});
 		return username;
 	}
+
 }
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsJwtTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsJwtTests.java
index 24441de7dc..2e1e95039a 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsJwtTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsJwtTests.java
@@ -60,6 +60,7 @@ import static org.springframework.security.test.web.servlet.request.SecurityMock
  */
 @RunWith(MockitoJUnitRunner.class)
 public class SecurityMockMvcRequestPostProcessorsJwtTests {
+
 	@Captor
 	private ArgumentCaptor<SecurityContext> contextCaptor;
 
@@ -70,6 +71,7 @@ public class SecurityMockMvcRequestPostProcessorsJwtTests {
 
 	@Mock
 	private GrantedAuthority authority1;
+
 	@Mock
 	private GrantedAuthority authority2;
 
@@ -95,8 +97,7 @@ public class SecurityMockMvcRequestPostProcessorsJwtTests {
 		verify(this.repository).saveContext(this.contextCaptor.capture(), eq(this.request),
 				any(HttpServletResponse.class));
 		SecurityContext context = this.contextCaptor.getValue();
-		assertThat(context.getAuthentication()).isInstanceOf(
-				JwtAuthenticationToken.class);
+		assertThat(context.getAuthentication()).isInstanceOf(JwtAuthenticationToken.class);
 		JwtAuthenticationToken token = (JwtAuthenticationToken) context.getAuthentication();
 		assertThat(token.getAuthorities()).isNotEmpty();
 		assertThat(token.getToken()).isNotNull();
@@ -112,57 +113,48 @@ public class SecurityMockMvcRequestPostProcessorsJwtTests {
 		verify(this.repository).saveContext(this.contextCaptor.capture(), eq(this.request),
 				any(HttpServletResponse.class));
 		SecurityContext context = this.contextCaptor.getValue();
-		assertThat(context.getAuthentication()).isInstanceOf(
-				JwtAuthenticationToken.class);
+		assertThat(context.getAuthentication()).isInstanceOf(JwtAuthenticationToken.class);
 		JwtAuthenticationToken token = (JwtAuthenticationToken) context.getAuthentication();
 		assertThat(token.getToken().getSubject()).isSameAs(name);
 	}
 
 	@Test
 	public void jwtWhenProvidingCustomAuthoritiesThenProducesJwtAuthentication() {
-		jwt().jwt(jwt -> jwt.claim("scope", "ignored authorities"))
-				.authorities(this.authority1, this.authority2)
+		jwt().jwt(jwt -> jwt.claim("scope", "ignored authorities")).authorities(this.authority1, this.authority2)
 				.postProcessRequest(this.request);
 
 		verify(this.repository).saveContext(this.contextCaptor.capture(), eq(this.request),
 				any(HttpServletResponse.class));
 		SecurityContext context = this.contextCaptor.getValue();
-		assertThat((List<GrantedAuthority>) context.getAuthentication().getAuthorities())
-				.containsOnly(this.authority1, this.authority2);
+		assertThat((List<GrantedAuthority>) context.getAuthentication().getAuthorities()).containsOnly(this.authority1,
+				this.authority2);
 	}
 
 	@Test
 	public void jwtWhenProvidingScopedAuthoritiesThenProducesJwtAuthentication() {
-		jwt().jwt(jwt -> jwt.claim("scope", "scoped authorities"))
-				.postProcessRequest(this.request);
+		jwt().jwt(jwt -> jwt.claim("scope", "scoped authorities")).postProcessRequest(this.request);
 
 		verify(this.repository).saveContext(this.contextCaptor.capture(), eq(this.request),
 				any(HttpServletResponse.class));
 		SecurityContext context = this.contextCaptor.getValue();
-		assertThat((List<GrantedAuthority>) context.getAuthentication().getAuthorities())
-				.containsOnly(new SimpleGrantedAuthority("SCOPE_scoped"),
-						new SimpleGrantedAuthority("SCOPE_authorities"));
+		assertThat((List<GrantedAuthority>) context.getAuthentication().getAuthorities()).containsOnly(
+				new SimpleGrantedAuthority("SCOPE_scoped"), new SimpleGrantedAuthority("SCOPE_authorities"));
 	}
 
 	@Test
 	public void jwtWhenProvidingGrantedAuthoritiesThenProducesJwtAuthentication() {
-		jwt().jwt(jwt -> jwt.claim("scope", "ignored authorities"))
-				.authorities(jwt -> Arrays.asList(this.authority1))
+		jwt().jwt(jwt -> jwt.claim("scope", "ignored authorities")).authorities(jwt -> Arrays.asList(this.authority1))
 				.postProcessRequest(this.request);
 
 		verify(this.repository).saveContext(this.contextCaptor.capture(), eq(this.request),
 				any(HttpServletResponse.class));
 		SecurityContext context = this.contextCaptor.getValue();
-		assertThat((List<GrantedAuthority>) context.getAuthentication().getAuthorities())
-				.containsOnly(this.authority1);
+		assertThat((List<GrantedAuthority>) context.getAuthentication().getAuthorities()).containsOnly(this.authority1);
 	}
 
 	@Test
 	public void jwtWhenProvidingPreparedJwtThenUsesItForAuthentication() {
-		Jwt originalToken = TestJwts.jwt()
-				.header("header1", "value1")
-				.subject("some_user")
-				.build();
+		Jwt originalToken = TestJwts.jwt().header("header1", "value1").subject("some_user").build();
 		jwt().jwt(originalToken).postProcessRequest(this.request);
 
 		verify(this.repository).saveContext(this.contextCaptor.capture(), eq(this.request),
@@ -173,4 +165,5 @@ public class SecurityMockMvcRequestPostProcessorsJwtTests {
 		assertThat(retrievedToken.getToken().getTokenValue()).isEqualTo("token");
 		assertThat(retrievedToken.getToken().getHeaders().get("header1")).isEqualTo("value1");
 	}
+
 }
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOAuth2ClientTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOAuth2ClientTests.java
index 0f2b0e75ff..4814f4b0f8 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOAuth2ClientTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOAuth2ClientTests.java
@@ -69,6 +69,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
 @ContextConfiguration
 @WebAppConfiguration
 public class SecurityMockMvcRequestPostProcessorsOAuth2ClientTests {
+
 	@Autowired
 	WebApplicationContext context;
 
@@ -89,19 +90,15 @@ public class SecurityMockMvcRequestPostProcessorsOAuth2ClientTests {
 		TestSecurityContextHolder.clearContext();
 	}
 
-
 	@Test
-	public void oauth2ClientWhenUsingDefaultsThenException()
-			throws Exception {
+	public void oauth2ClientWhenUsingDefaultsThenException() throws Exception {
 
 		assertThatCode(() -> oauth2Client().postProcessRequest(new MockHttpServletRequest()))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessageContaining("ClientRegistration");
+				.isInstanceOf(IllegalArgumentException.class).hasMessageContaining("ClientRegistration");
 	}
 
 	@Test
-	public void oauth2ClientWhenUsingDefaultsThenProducesDefaultAuthorizedClient()
-		throws Exception {
+	public void oauth2ClientWhenUsingDefaultsThenProducesDefaultAuthorizedClient() throws Exception {
 
 		this.mvc.perform(get("/access-token").with(oauth2Client("registration-id")))
 				.andExpect(content().string("access-token"));
@@ -110,19 +107,16 @@ public class SecurityMockMvcRequestPostProcessorsOAuth2ClientTests {
 	}
 
 	@Test
-	public void oauth2ClientWhenClientRegistrationThenUses()
-			throws Exception {
+	public void oauth2ClientWhenClientRegistrationThenUses() throws Exception {
 
-		ClientRegistration clientRegistration = clientRegistration()
-				.registrationId("registration-id").clientId("client-id").build();
-		this.mvc.perform(get("/client-id")
-				.with(oauth2Client().clientRegistration(clientRegistration)))
+		ClientRegistration clientRegistration = clientRegistration().registrationId("registration-id")
+				.clientId("client-id").build();
+		this.mvc.perform(get("/client-id").with(oauth2Client().clientRegistration(clientRegistration)))
 				.andExpect(content().string("client-id"));
 	}
 
 	@Test
-	public void oauth2ClientWhenClientRegistrationConsumerThenUses()
-			throws Exception {
+	public void oauth2ClientWhenClientRegistrationConsumerThenUses() throws Exception {
 
 		this.mvc.perform(get("/client-id")
 				.with(oauth2Client("registration-id").clientRegistration(c -> c.clientId("client-id"))))
@@ -131,38 +125,35 @@ public class SecurityMockMvcRequestPostProcessorsOAuth2ClientTests {
 
 	@Test
 	public void oauth2ClientWhenPrincipalNameThenUses() throws Exception {
-		this.mvc.perform(get("/principal-name")
-				.with(oauth2Client("registration-id").principalName("test-subject")))
+		this.mvc.perform(get("/principal-name").with(oauth2Client("registration-id").principalName("test-subject")))
 				.andExpect(content().string("test-subject"));
 	}
 
 	@Test
 	public void oauth2ClientWhenAccessTokenThenUses() throws Exception {
 		OAuth2AccessToken accessToken = noScopes();
-		this.mvc.perform(get("/access-token")
-				.with(oauth2Client("registration-id").accessToken(accessToken)))
+		this.mvc.perform(get("/access-token").with(oauth2Client("registration-id").accessToken(accessToken)))
 				.andExpect(content().string("no-scopes"));
 	}
 
 	@Test
 	public void oauth2ClientWhenUsedOnceThenDoesNotAffectRemainingTests() throws Exception {
-		this.mvc.perform(get("/client-id")
-				.with(oauth2Client("registration-id")))
+		this.mvc.perform(get("/client-id").with(oauth2Client("registration-id")))
 				.andExpect(content().string("test-client"));
 
 		OAuth2AuthorizedClient client = new OAuth2AuthorizedClient(clientRegistration().build(), "sub", noScopes());
 		OAuth2AuthorizedClientRepository repository = this.context.getBean(OAuth2AuthorizedClientRepository.class);
-		when(repository.loadAuthorizedClient(eq("registration-id"), any(Authentication.class), any(HttpServletRequest.class)))
-				.thenReturn(client);
-		this.mvc.perform(get("/client-id"))
-				.andExpect(content().string("client-id"));
-		verify(repository).loadAuthorizedClient(
-				eq("registration-id"), any(Authentication.class), any(HttpServletRequest.class));
+		when(repository.loadAuthorizedClient(eq("registration-id"), any(Authentication.class),
+				any(HttpServletRequest.class))).thenReturn(client);
+		this.mvc.perform(get("/client-id")).andExpect(content().string("client-id"));
+		verify(repository).loadAuthorizedClient(eq("registration-id"), any(Authentication.class),
+				any(HttpServletRequest.class));
 	}
 
 	@EnableWebSecurity
 	@EnableWebMvc
 	static class OAuth2ClientConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -179,7 +170,6 @@ public class SecurityMockMvcRequestPostProcessorsOAuth2ClientTests {
 			return mock(ClientRegistrationRepository.class);
 		}
 
-
 		@Bean
 		OAuth2AuthorizedClientRepository authorizedClientRepository() {
 			return mock(OAuth2AuthorizedClientRepository.class);
@@ -187,20 +177,27 @@ public class SecurityMockMvcRequestPostProcessorsOAuth2ClientTests {
 
 		@RestController
 		static class PrincipalController {
+
 			@GetMapping("/access-token")
-			String accessToken(@RegisteredOAuth2AuthorizedClient("registration-id") OAuth2AuthorizedClient authorizedClient) {
+			String accessToken(
+					@RegisteredOAuth2AuthorizedClient("registration-id") OAuth2AuthorizedClient authorizedClient) {
 				return authorizedClient.getAccessToken().getTokenValue();
 			}
 
 			@GetMapping("/principal-name")
-			String principalName(@RegisteredOAuth2AuthorizedClient("registration-id") OAuth2AuthorizedClient authorizedClient) {
+			String principalName(
+					@RegisteredOAuth2AuthorizedClient("registration-id") OAuth2AuthorizedClient authorizedClient) {
 				return authorizedClient.getPrincipalName();
 			}
 
 			@GetMapping("/client-id")
-			String clientId(@RegisteredOAuth2AuthorizedClient("registration-id") OAuth2AuthorizedClient authorizedClient) {
+			String clientId(
+					@RegisteredOAuth2AuthorizedClient("registration-id") OAuth2AuthorizedClient authorizedClient) {
 				return authorizedClient.getClientRegistration().getClientId();
 			}
+
 		}
+
 	}
+
 }
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOAuth2LoginTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOAuth2LoginTests.java
index deb4d0bb9d..d01a9809c6 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOAuth2LoginTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOAuth2LoginTests.java
@@ -69,6 +69,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
 @ContextConfiguration
 @WebAppConfiguration
 public class SecurityMockMvcRequestPostProcessorsOAuth2LoginTests {
+
 	@Autowired
 	WebApplicationContext context;
 
@@ -85,86 +86,69 @@ public class SecurityMockMvcRequestPostProcessorsOAuth2LoginTests {
 	}
 
 	@Test
-	public void oauth2LoginWhenUsingDefaultsThenProducesDefaultAuthentication()
-		throws Exception {
+	public void oauth2LoginWhenUsingDefaultsThenProducesDefaultAuthentication() throws Exception {
 
-		this.mvc.perform(get("/name").with(oauth2Login()))
-				.andExpect(content().string("user"));
-		this.mvc.perform(get("/admin/id-token/name").with(oauth2Login()))
-				.andExpect(status().isForbidden());
+		this.mvc.perform(get("/name").with(oauth2Login())).andExpect(content().string("user"));
+		this.mvc.perform(get("/admin/id-token/name").with(oauth2Login())).andExpect(status().isForbidden());
 	}
 
 	@Test
-	public void oauth2LoginWhenUsingDefaultsThenProducesDefaultAuthorizedClient()
-			throws Exception {
+	public void oauth2LoginWhenUsingDefaultsThenProducesDefaultAuthorizedClient() throws Exception {
 
-		this.mvc.perform(get("/client-id").with(oauth2Login()))
-				.andExpect(content().string("test-client"));
+		this.mvc.perform(get("/client-id").with(oauth2Login())).andExpect(content().string("test-client"));
 	}
 
 	@Test
 	public void oauth2LoginWhenAuthoritiesSpecifiedThenGrantsAccess() throws Exception {
-		this.mvc.perform(get("/admin/scopes")
-				.with(oauth2Login().authorities(new SimpleGrantedAuthority("SCOPE_admin"))))
+		this.mvc.perform(
+				get("/admin/scopes").with(oauth2Login().authorities(new SimpleGrantedAuthority("SCOPE_admin"))))
 				.andExpect(content().string("[\"SCOPE_admin\"]"));
 	}
 
 	@Test
 	public void oauth2LoginWhenAttributeSpecifiedThenUserHasAttribute() throws Exception {
-		this.mvc.perform(get("/attributes/iss")
-				.with(oauth2Login().attributes(a -> a.put("iss", "https://idp.example.org"))))
+		this.mvc.perform(
+				get("/attributes/iss").with(oauth2Login().attributes(a -> a.put("iss", "https://idp.example.org"))))
 				.andExpect(content().string("https://idp.example.org"));
 	}
 
 	@Test
 	public void oauth2LoginWhenNameSpecifiedThenUserHasName() throws Exception {
-		OAuth2User oauth2User = new DefaultOAuth2User(
-				AuthorityUtils.commaSeparatedStringToAuthorityList("SCOPE_read"),
-				Collections.singletonMap("custom-attribute", "test-subject"),
-				"custom-attribute");
-		this.mvc.perform(get("/attributes/custom-attribute")
-				.with(oauth2Login().oauth2User(oauth2User)))
+		OAuth2User oauth2User = new DefaultOAuth2User(AuthorityUtils.commaSeparatedStringToAuthorityList("SCOPE_read"),
+				Collections.singletonMap("custom-attribute", "test-subject"), "custom-attribute");
+		this.mvc.perform(get("/attributes/custom-attribute").with(oauth2Login().oauth2User(oauth2User)))
 				.andExpect(content().string("test-subject"));
 
-		this.mvc.perform(get("/name")
-				.with(oauth2Login().oauth2User(oauth2User)))
+		this.mvc.perform(get("/name").with(oauth2Login().oauth2User(oauth2User)))
 				.andExpect(content().string("test-subject"));
 
-		this.mvc.perform(get("/client-name")
-				.with(oauth2Login().oauth2User(oauth2User)))
+		this.mvc.perform(get("/client-name").with(oauth2Login().oauth2User(oauth2User)))
 				.andExpect(content().string("test-subject"));
 	}
 
 	@Test
 	public void oauth2LoginWhenClientRegistrationSpecifiedThenUses() throws Exception {
-		this.mvc.perform(get("/client-id")
-				.with(oauth2Login().clientRegistration(clientRegistration().build())))
+		this.mvc.perform(get("/client-id").with(oauth2Login().clientRegistration(clientRegistration().build())))
 				.andExpect(content().string("client-id"));
 	}
 
 	@Test
 	public void oauth2LoginWhenOAuth2UserSpecifiedThenLastCalledTakesPrecedence() throws Exception {
-		OAuth2User oauth2User = new DefaultOAuth2User(
-				AuthorityUtils.createAuthorityList("SCOPE_read"),
-				Collections.singletonMap("username", "user"),
-				"username");
+		OAuth2User oauth2User = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("SCOPE_read"),
+				Collections.singletonMap("username", "user"), "username");
 
-		this.mvc.perform(get("/attributes/sub")
-				.with(oauth2Login()
-						.attributes(a -> a.put("sub", "bar"))
-						.oauth2User(oauth2User)))
-				.andExpect(status().isOk())
-				.andExpect(content().string("no-attribute"));
-		this.mvc.perform(get("/attributes/sub")
-				.with(oauth2Login()
-						.oauth2User(oauth2User)
-						.attributes(a -> a.put("sub", "bar"))))
+		this.mvc.perform(
+				get("/attributes/sub").with(oauth2Login().attributes(a -> a.put("sub", "bar")).oauth2User(oauth2User)))
+				.andExpect(status().isOk()).andExpect(content().string("no-attribute"));
+		this.mvc.perform(
+				get("/attributes/sub").with(oauth2Login().oauth2User(oauth2User).attributes(a -> a.put("sub", "bar"))))
 				.andExpect(content().string("bar"));
 	}
 
 	@EnableWebSecurity
 	@EnableWebMvc
 	static class OAuth2LoginConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -188,6 +172,7 @@ public class SecurityMockMvcRequestPostProcessorsOAuth2LoginTests {
 
 		@RestController
 		static class PrincipalController {
+
 			@GetMapping("/name")
 			String name(@AuthenticationPrincipal OAuth2User oauth2User) {
 				return oauth2User.getName();
@@ -204,8 +189,8 @@ public class SecurityMockMvcRequestPostProcessorsOAuth2LoginTests {
 			}
 
 			@GetMapping("/attributes/{attribute}")
-			String attributes(
-					@AuthenticationPrincipal OAuth2User oauth2User, @PathVariable("attribute") String attribute) {
+			String attributes(@AuthenticationPrincipal OAuth2User oauth2User,
+					@PathVariable("attribute") String attribute) {
 
 				return Optional.ofNullable((String) oauth2User.getAttribute(attribute)).orElse("no-attribute");
 			}
@@ -214,9 +199,11 @@ public class SecurityMockMvcRequestPostProcessorsOAuth2LoginTests {
 			List<String> scopes(
 					@AuthenticationPrincipal(expression = "authorities") Collection<GrantedAuthority> authorities) {
 
-				return authorities.stream().map(GrantedAuthority::getAuthority)
-						.collect(Collectors.toList());
+				return authorities.stream().map(GrantedAuthority::getAuthority).collect(Collectors.toList());
 			}
+
 		}
+
 	}
+
 }
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOidcLoginTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOidcLoginTests.java
index 6171c335f5..efecfc0395 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOidcLoginTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOidcLoginTests.java
@@ -70,6 +70,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
 @ContextConfiguration
 @WebAppConfiguration
 public class SecurityMockMvcRequestPostProcessorsOidcLoginTests {
+
 	@Autowired
 	WebApplicationContext context;
 
@@ -91,86 +92,66 @@ public class SecurityMockMvcRequestPostProcessorsOidcLoginTests {
 	}
 
 	@Test
-	public void oidcLoginWhenUsingDefaultsThenProducesDefaultAuthentication()
-		throws Exception {
+	public void oidcLoginWhenUsingDefaultsThenProducesDefaultAuthentication() throws Exception {
 
-		this.mvc.perform(get("/name").with(oidcLogin()))
-				.andExpect(content().string("user"));
-		this.mvc.perform(get("/admin/id-token/name").with(oidcLogin()))
-				.andExpect(status().isForbidden());
+		this.mvc.perform(get("/name").with(oidcLogin())).andExpect(content().string("user"));
+		this.mvc.perform(get("/admin/id-token/name").with(oidcLogin())).andExpect(status().isForbidden());
 	}
 
 	@Test
-	public void oidcLoginWhenUsingDefaultsThenProducesDefaultAuthorizedClient()
-			throws Exception {
+	public void oidcLoginWhenUsingDefaultsThenProducesDefaultAuthorizedClient() throws Exception {
 
-		this.mvc.perform(get("/access-token").with(oidcLogin()))
-				.andExpect(content().string("access-token"));
+		this.mvc.perform(get("/access-token").with(oidcLogin())).andExpect(content().string("access-token"));
 	}
 
 	@Test
 	public void oidcLoginWhenAuthoritiesSpecifiedThenGrantsAccess() throws Exception {
-		this.mvc.perform(get("/admin/scopes")
-				.with(oidcLogin().authorities(new SimpleGrantedAuthority("SCOPE_admin"))))
+		this.mvc.perform(get("/admin/scopes").with(oidcLogin().authorities(new SimpleGrantedAuthority("SCOPE_admin"))))
 				.andExpect(content().string("[\"SCOPE_admin\"]"));
 	}
 
 	@Test
 	public void oidcLoginWhenIdTokenSpecifiedThenUserHasClaims() throws Exception {
-		this.mvc.perform(get("/id-token/iss")
-				.with(oidcLogin().idToken(i -> i.issuer("https://idp.example.org"))))
+		this.mvc.perform(get("/id-token/iss").with(oidcLogin().idToken(i -> i.issuer("https://idp.example.org"))))
 				.andExpect(content().string("https://idp.example.org"));
 	}
 
 	@Test
 	public void oidcLoginWhenUserInfoSpecifiedThenUserHasClaims() throws Exception {
-		this.mvc.perform(get("/user-info/email")
-				.with(oidcLogin().userInfoToken(u -> u.email("email@email"))))
+		this.mvc.perform(get("/user-info/email").with(oidcLogin().userInfoToken(u -> u.email("email@email"))))
 				.andExpect(content().string("email@email"));
 	}
 
 	@Test
 	public void oidcLoginWhenNameSpecifiedThenUserHasName() throws Exception {
-		OidcUser oidcUser = new DefaultOidcUser(
-				AuthorityUtils.commaSeparatedStringToAuthorityList("SCOPE_read"),
+		OidcUser oidcUser = new DefaultOidcUser(AuthorityUtils.commaSeparatedStringToAuthorityList("SCOPE_read"),
 				OidcIdToken.withTokenValue("id-token").claim("custom-attribute", "test-subject").build(),
 				"custom-attribute");
 
-		this.mvc.perform(get("/id-token/custom-attribute")
-				.with(oidcLogin().oidcUser(oidcUser)))
+		this.mvc.perform(get("/id-token/custom-attribute").with(oidcLogin().oidcUser(oidcUser)))
 				.andExpect(content().string("test-subject"));
 
-		this.mvc.perform(get("/name")
-				.with(oidcLogin().oidcUser(oidcUser)))
-				.andExpect(content().string("test-subject"));
+		this.mvc.perform(get("/name").with(oidcLogin().oidcUser(oidcUser))).andExpect(content().string("test-subject"));
 
-		this.mvc.perform(get("/client-name")
-				.with(oidcLogin().oidcUser(oidcUser)))
+		this.mvc.perform(get("/client-name").with(oidcLogin().oidcUser(oidcUser)))
 				.andExpect(content().string("test-subject"));
 	}
 
 	// gh-7794
 	@Test
 	public void oidcLoginWhenOidcUserSpecifiedThenLastCalledTakesPrecedence() throws Exception {
-		OidcUser oidcUser = new DefaultOidcUser(
-				AuthorityUtils.createAuthorityList("SCOPE_read"), idToken().build());
+		OidcUser oidcUser = new DefaultOidcUser(AuthorityUtils.createAuthorityList("SCOPE_read"), idToken().build());
 
-		this.mvc.perform(get("/id-token/sub")
-				.with(oidcLogin()
-						.idToken(i -> i.subject("foo"))
-						.oidcUser(oidcUser)))
-				.andExpect(status().isOk())
-				.andExpect(content().string("subject"));
-		this.mvc.perform(get("/id-token/sub")
-				.with(oidcLogin()
-						.oidcUser(oidcUser)
-						.idToken(i -> i.subject("bar"))))
+		this.mvc.perform(get("/id-token/sub").with(oidcLogin().idToken(i -> i.subject("foo")).oidcUser(oidcUser)))
+				.andExpect(status().isOk()).andExpect(content().string("subject"));
+		this.mvc.perform(get("/id-token/sub").with(oidcLogin().oidcUser(oidcUser).idToken(i -> i.subject("bar"))))
 				.andExpect(content().string("bar"));
 	}
 
 	@EnableWebSecurity
 	@EnableWebMvc
 	static class OAuth2LoginConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -188,7 +169,6 @@ public class SecurityMockMvcRequestPostProcessorsOidcLoginTests {
 			return mock(ClientRegistrationRepository.class);
 		}
 
-
 		@Bean
 		OAuth2AuthorizedClientRepository oAuth2AuthorizedClientRepository() {
 			return mock(OAuth2AuthorizedClientRepository.class);
@@ -196,6 +176,7 @@ public class SecurityMockMvcRequestPostProcessorsOidcLoginTests {
 
 		@RestController
 		static class PrincipalController {
+
 			@GetMapping("/name")
 			String name(@AuthenticationPrincipal OidcUser oidcUser) {
 				return oidcUser.getName();
@@ -222,11 +203,13 @@ public class SecurityMockMvcRequestPostProcessorsOidcLoginTests {
 			}
 
 			@GetMapping("/admin/scopes")
-			List<String> scopes(@AuthenticationPrincipal(expression = "authorities")
-										Collection<GrantedAuthority> authorities) {
-				return authorities.stream().map(GrantedAuthority::getAuthority)
-						.collect(Collectors.toList());
+			List<String> scopes(
+					@AuthenticationPrincipal(expression = "authorities") Collection<GrantedAuthority> authorities) {
+				return authorities.stream().map(GrantedAuthority::getAuthority).collect(Collectors.toList());
 			}
+
 		}
+
 	}
+
 }
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOpaqueTokenTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOpaqueTokenTests.java
index 572b672e81..53dd72627f 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOpaqueTokenTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOpaqueTokenTests.java
@@ -64,6 +64,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
 @ContextConfiguration
 @WebAppConfiguration
 public class SecurityMockMvcRequestPostProcessorsOpaqueTokenTests {
+
 	@Autowired
 	WebApplicationContext context;
 
@@ -80,19 +81,16 @@ public class SecurityMockMvcRequestPostProcessorsOpaqueTokenTests {
 	}
 
 	@Test
-	public void opaqueTokenWhenUsingDefaultsThenProducesDefaultAuthentication()
-			throws Exception {
+	public void opaqueTokenWhenUsingDefaultsThenProducesDefaultAuthentication() throws Exception {
 
-		this.mvc.perform(get("/name").with(opaqueToken()))
-				.andExpect(content().string("user"));
-		this.mvc.perform(get("/admin/scopes").with(opaqueToken()))
-				.andExpect(status().isForbidden());
+		this.mvc.perform(get("/name").with(opaqueToken())).andExpect(content().string("user"));
+		this.mvc.perform(get("/admin/scopes").with(opaqueToken())).andExpect(status().isForbidden());
 	}
 
 	@Test
 	public void opaqueTokenWhenAttributeSpecifiedThenUserHasAttribute() throws Exception {
-		this.mvc.perform(get("/opaque-token/iss")
-				.with(opaqueToken().attributes(a -> a.put("iss", "https://idp.example.org"))))
+		this.mvc.perform(
+				get("/opaque-token/iss").with(opaqueToken().attributes(a -> a.put("iss", "https://idp.example.org"))))
 				.andExpect(content().string("https://idp.example.org"));
 	}
 
@@ -103,8 +101,7 @@ public class SecurityMockMvcRequestPostProcessorsOpaqueTokenTests {
 		when(principal.getName()).thenReturn("ben");
 		when(principal.getAuthorities()).thenReturn(authorities);
 
-		this.mvc.perform(get("/name").with(opaqueToken().principal(principal)))
-				.andExpect(content().string("ben"));
+		this.mvc.perform(get("/name").with(opaqueToken().principal(principal))).andExpect(content().string("ben"));
 	}
 
 	// gh-7800
@@ -112,22 +109,18 @@ public class SecurityMockMvcRequestPostProcessorsOpaqueTokenTests {
 	public void opaqueTokenWhenPrincipalSpecifiedThenLastCalledTakesPrecedence() throws Exception {
 		OAuth2AuthenticatedPrincipal principal = active(a -> a.put("scope", "user"));
 
-		this.mvc.perform(get("/opaque-token/sub")
-				.with(opaqueToken()
-						.attributes(a -> a.put("sub", "foo"))
-						.principal(principal)))
-				.andExpect(status().isOk())
-				.andExpect(content().string((String) principal.getAttribute("sub")));
-		this.mvc.perform(get("/opaque-token/sub")
-				.with(opaqueToken()
-						.principal(principal)
-						.attributes(a -> a.put("sub", "bar"))))
+		this.mvc.perform(
+				get("/opaque-token/sub").with(opaqueToken().attributes(a -> a.put("sub", "foo")).principal(principal)))
+				.andExpect(status().isOk()).andExpect(content().string((String) principal.getAttribute("sub")));
+		this.mvc.perform(
+				get("/opaque-token/sub").with(opaqueToken().principal(principal).attributes(a -> a.put("sub", "bar"))))
 				.andExpect(content().string("bar"));
 	}
 
 	@EnableWebSecurity
 	@EnableWebMvc
 	static class OAuth2LoginConfig extends WebSecurityConfigurerAdapter {
+
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -144,6 +137,7 @@ public class SecurityMockMvcRequestPostProcessorsOpaqueTokenTests {
 
 		@RestController
 		static class PrincipalController {
+
 			@GetMapping("/name")
 			String name(@AuthenticationPrincipal OAuth2AuthenticatedPrincipal principal) {
 				return principal.getName();
@@ -157,12 +151,14 @@ public class SecurityMockMvcRequestPostProcessorsOpaqueTokenTests {
 			}
 
 			@GetMapping("/admin/scopes")
-			List<String> scopes(@AuthenticationPrincipal(expression = "authorities")
-					Collection<GrantedAuthority> authorities) {
+			List<String> scopes(
+					@AuthenticationPrincipal(expression = "authorities") Collection<GrantedAuthority> authorities) {
 
-				return authorities.stream().map(GrantedAuthority::getAuthority)
-						.collect(Collectors.toList());
+				return authorities.stream().map(GrantedAuthority::getAuthority).collect(Collectors.toList());
 			}
+
 		}
+
 	}
+
 }
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsSecurityContextTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsSecurityContextTests.java
index 2ba412c1a7..1c64417cfc 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsSecurityContextTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsSecurityContextTests.java
@@ -43,10 +43,13 @@ import org.springframework.security.web.context.SecurityContextRepository;
 
 @RunWith(PowerMockRunner.class)
 @PrepareOnlyThisForTest(WebTestUtils.class)
-@PowerMockIgnore({"javax.security.auth.*", "org.w3c.dom.*", "org.xml.sax.*", "org.apache.xerces.*", "javax.xml.parsers.*"})
+@PowerMockIgnore({ "javax.security.auth.*", "org.w3c.dom.*", "org.xml.sax.*", "org.apache.xerces.*",
+		"javax.xml.parsers.*" })
 public class SecurityMockMvcRequestPostProcessorsSecurityContextTests {
+
 	@Captor
 	private ArgumentCaptor<SecurityContext> contextCaptor;
+
 	@Mock
 	private SecurityContextRepository repository;
 
@@ -70,8 +73,7 @@ public class SecurityMockMvcRequestPostProcessorsSecurityContextTests {
 	public void userDetails() {
 		securityContext(expectedContext).postProcessRequest(request);
 
-		verify(repository).saveContext(contextCaptor.capture(), eq(request),
-				any(HttpServletResponse.class));
+		verify(repository).saveContext(contextCaptor.capture(), eq(request), any(HttpServletResponse.class));
 		SecurityContext context = contextCaptor.getValue();
 		assertThat(context).isSameAs(this.expectedContext);
 	}
@@ -80,4 +82,5 @@ public class SecurityMockMvcRequestPostProcessorsSecurityContextTests {
 		spy(WebTestUtils.class);
 		when(WebTestUtils.getSecurityContextRepository(request)).thenReturn(repository);
 	}
+
 }
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsTestSecurityContextStatelessTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsTestSecurityContextStatelessTests.java
index cc01f37ac1..6d30683d18 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsTestSecurityContextStatelessTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsTestSecurityContextStatelessTests.java
@@ -57,8 +57,7 @@ public class SecurityMockMvcRequestPostProcessorsTestSecurityContextStatelessTes
 
 	@Before
 	public void setup() {
-		mvc = MockMvcBuilders.webAppContextSetup(context)
-				.addFilters(springSecurityFilterChain)
+		mvc = MockMvcBuilders.webAppContextSetup(context).addFilters(springSecurityFilterChain)
 				.defaultRequest(get("/").with(testSecurityContext())).build();
 	}
 
@@ -92,10 +91,14 @@ public class SecurityMockMvcRequestPostProcessorsTestSecurityContextStatelessTes
 
 		@RestController
 		static class Controller {
+
 			@RequestMapping
 			public String hello() {
 				return "Hello";
 			}
+
 		}
+
 	}
+
 }
\ No newline at end of file
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsTestSecurityContextTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsTestSecurityContextTests.java
index 65ed0f969b..73f1b42f2d 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsTestSecurityContextTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsTestSecurityContextTests.java
@@ -40,10 +40,13 @@ import org.springframework.security.web.context.SecurityContextRepository;
 
 @RunWith(PowerMockRunner.class)
 @PrepareOnlyThisForTest(WebTestUtils.class)
-@PowerMockIgnore({"javax.security.auth.*", "org.w3c.dom.*", "org.xml.sax.*", "org.apache.xerces.*", "javax.xml.parsers.*"})
+@PowerMockIgnore({ "javax.security.auth.*", "org.w3c.dom.*", "org.xml.sax.*", "org.apache.xerces.*",
+		"javax.xml.parsers.*" })
 public class SecurityMockMvcRequestPostProcessorsTestSecurityContextTests {
+
 	@Mock
 	private SecurityContext context;
+
 	@Mock
 	private SecurityContextRepository repository;
 
@@ -66,8 +69,7 @@ public class SecurityMockMvcRequestPostProcessorsTestSecurityContextTests {
 
 		testSecurityContext().postProcessRequest(request);
 
-		verify(repository).saveContext(eq(context), eq(request),
-				any(HttpServletResponse.class));
+		verify(repository).saveContext(eq(context), eq(request), any(HttpServletResponse.class));
 	}
 
 	// Ensure it does not fail if TestSecurityContextHolder is not initialized
@@ -83,4 +85,5 @@ public class SecurityMockMvcRequestPostProcessorsTestSecurityContextTests {
 		spy(WebTestUtils.class);
 		when(WebTestUtils.getSecurityContextRepository(request)).thenReturn(repository);
 	}
+
 }
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsUserDetailsTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsUserDetailsTests.java
index c2e8136e52..2e7bee6151 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsUserDetailsTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsUserDetailsTests.java
@@ -45,10 +45,13 @@ import org.springframework.security.web.context.SecurityContextRepository;
 
 @RunWith(PowerMockRunner.class)
 @PrepareOnlyThisForTest(WebTestUtils.class)
-@PowerMockIgnore({"javax.security.auth.*", "org.w3c.dom.*", "org.xml.sax.*", "org.apache.xerces.*", "javax.xml.parsers.*"})
+@PowerMockIgnore({ "javax.security.auth.*", "org.w3c.dom.*", "org.xml.sax.*", "org.apache.xerces.*",
+		"javax.xml.parsers.*" })
 public class SecurityMockMvcRequestPostProcessorsUserDetailsTests {
+
 	@Captor
 	private ArgumentCaptor<SecurityContext> contextCaptor;
+
 	@Mock
 	private SecurityContextRepository repository;
 
@@ -72,11 +75,9 @@ public class SecurityMockMvcRequestPostProcessorsUserDetailsTests {
 	public void userDetails() {
 		user(userDetails).postProcessRequest(request);
 
-		verify(repository).saveContext(contextCaptor.capture(), eq(request),
-				any(HttpServletResponse.class));
+		verify(repository).saveContext(contextCaptor.capture(), eq(request), any(HttpServletResponse.class));
 		SecurityContext context = contextCaptor.getValue();
-		assertThat(context.getAuthentication()).isInstanceOf(
-				UsernamePasswordAuthenticationToken.class);
+		assertThat(context.getAuthentication()).isInstanceOf(UsernamePasswordAuthenticationToken.class);
 		assertThat(context.getAuthentication().getPrincipal()).isSameAs(userDetails);
 	}
 
@@ -84,4 +85,5 @@ public class SecurityMockMvcRequestPostProcessorsUserDetailsTests {
 		spy(WebTestUtils.class);
 		when(WebTestUtils.getSecurityContextRepository(request)).thenReturn(repository);
 	}
+
 }
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsUserTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsUserTests.java
index bc9e2f088a..02546f3a63 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsUserTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsUserTests.java
@@ -48,10 +48,13 @@ import org.springframework.security.web.context.SecurityContextRepository;
 
 @RunWith(PowerMockRunner.class)
 @PrepareOnlyThisForTest(WebTestUtils.class)
-@PowerMockIgnore({"javax.security.auth.*", "org.w3c.dom.*", "org.xml.sax.*", "org.apache.xerces.*", "javax.xml.parsers.*"})
+@PowerMockIgnore({ "javax.security.auth.*", "org.w3c.dom.*", "org.xml.sax.*", "org.apache.xerces.*",
+		"javax.xml.parsers.*" })
 public class SecurityMockMvcRequestPostProcessorsUserTests {
+
 	@Captor
 	private ArgumentCaptor<SecurityContext> contextCaptor;
+
 	@Mock
 	private SecurityContextRepository repository;
 
@@ -59,6 +62,7 @@ public class SecurityMockMvcRequestPostProcessorsUserTests {
 
 	@Mock
 	private GrantedAuthority authority1;
+
 	@Mock
 	private GrantedAuthority authority2;
 
@@ -79,33 +83,27 @@ public class SecurityMockMvcRequestPostProcessorsUserTests {
 
 		user(username).postProcessRequest(request);
 
-		verify(repository).saveContext(contextCaptor.capture(), eq(request),
-				any(HttpServletResponse.class));
+		verify(repository).saveContext(contextCaptor.capture(), eq(request), any(HttpServletResponse.class));
 		SecurityContext context = contextCaptor.getValue();
-		assertThat(context.getAuthentication()).isInstanceOf(
-				UsernamePasswordAuthenticationToken.class);
+		assertThat(context.getAuthentication()).isInstanceOf(UsernamePasswordAuthenticationToken.class);
 		assertThat(context.getAuthentication().getName()).isEqualTo(username);
 		assertThat(context.getAuthentication().getCredentials()).isEqualTo("password");
-		assertThat(context.getAuthentication().getAuthorities()).extracting("authority")
-				.containsOnly("ROLE_USER");
+		assertThat(context.getAuthentication().getAuthorities()).extracting("authority").containsOnly("ROLE_USER");
 	}
 
 	@Test
 	public void userWithCustom() {
 		String username = "customuser";
 
-		user(username).roles("CUSTOM", "ADMIN").password("newpass")
-				.postProcessRequest(request);
+		user(username).roles("CUSTOM", "ADMIN").password("newpass").postProcessRequest(request);
 
-		verify(repository).saveContext(contextCaptor.capture(), eq(request),
-				any(HttpServletResponse.class));
+		verify(repository).saveContext(contextCaptor.capture(), eq(request), any(HttpServletResponse.class));
 		SecurityContext context = contextCaptor.getValue();
-		assertThat(context.getAuthentication()).isInstanceOf(
-				UsernamePasswordAuthenticationToken.class);
+		assertThat(context.getAuthentication()).isInstanceOf(UsernamePasswordAuthenticationToken.class);
 		assertThat(context.getAuthentication().getName()).isEqualTo(username);
 		assertThat(context.getAuthentication().getCredentials()).isEqualTo("newpass");
-		assertThat(context.getAuthentication().getAuthorities()).extracting("authority")
-				.containsOnly("ROLE_CUSTOM", "ROLE_ADMIN");
+		assertThat(context.getAuthentication().getAuthorities()).extracting("authority").containsOnly("ROLE_CUSTOM",
+				"ROLE_ADMIN");
 	}
 
 	@Test
@@ -114,11 +112,10 @@ public class SecurityMockMvcRequestPostProcessorsUserTests {
 
 		user(username).authorities(authority1, authority2).postProcessRequest(request);
 
-		verify(repository).saveContext(contextCaptor.capture(), eq(request),
-				any(HttpServletResponse.class));
+		verify(repository).saveContext(contextCaptor.capture(), eq(request), any(HttpServletResponse.class));
 		SecurityContext context = contextCaptor.getValue();
-		assertThat((List<GrantedAuthority>) context.getAuthentication().getAuthorities())
-				.containsOnly(authority1, authority2);
+		assertThat((List<GrantedAuthority>) context.getAuthentication().getAuthorities()).containsOnly(authority1,
+				authority2);
 	}
 
 	@Test(expected = IllegalArgumentException.class)
@@ -130,18 +127,17 @@ public class SecurityMockMvcRequestPostProcessorsUserTests {
 	public void userCustomAuthoritiesList() {
 		String username = "customuser";
 
-		user(username).authorities(Arrays.asList(authority1, authority2))
-				.postProcessRequest(request);
+		user(username).authorities(Arrays.asList(authority1, authority2)).postProcessRequest(request);
 
-		verify(repository).saveContext(contextCaptor.capture(), eq(request),
-				any(HttpServletResponse.class));
+		verify(repository).saveContext(contextCaptor.capture(), eq(request), any(HttpServletResponse.class));
 		SecurityContext context = contextCaptor.getValue();
-		assertThat((List<GrantedAuthority>) context.getAuthentication().getAuthorities())
-				.containsOnly(authority1, authority2);
+		assertThat((List<GrantedAuthority>) context.getAuthentication().getAuthorities()).containsOnly(authority1,
+				authority2);
 	}
 
 	private void mockWebTestUtils() {
 		spy(WebTestUtils.class);
 		when(WebTestUtils.getSecurityContextRepository(request)).thenReturn(repository);
 	}
+
 }
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/response/Gh3409Tests.java b/test/src/test/java/org/springframework/security/test/web/servlet/response/Gh3409Tests.java
index d879c54691..6e2857091b 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/response/Gh3409Tests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/response/Gh3409Tests.java
@@ -106,5 +106,7 @@ public class Gh3409Tests {
 			// @formatter:on
 
 		}
+
 	}
+
 }
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/response/SecurityMockMvcResultMatchersTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/response/SecurityMockMvcResultMatchersTests.java
index fdb23bcf24..30a1c4b004 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/response/SecurityMockMvcResultMatchersTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/response/SecurityMockMvcResultMatchersTests.java
@@ -47,6 +47,7 @@ import static org.springframework.security.test.web.servlet.setup.SecurityMockMv
 @ContextConfiguration(classes = SecurityMockMvcResultMatchersTests.Config.class)
 @WebAppConfiguration
 public class SecurityMockMvcResultMatchersTests {
+
 	@Autowired
 	private WebApplicationContext context;
 
@@ -64,16 +65,14 @@ public class SecurityMockMvcResultMatchersTests {
 
 	@Test
 	public void withAuthenticationWhenMatchesThenSuccess() throws Exception {
-		this.mockMvc.perform(formLogin())
-			.andExpect(authenticated().withAuthentication(auth ->
-				assertThat(auth).isInstanceOf(UsernamePasswordAuthenticationToken.class)));
+		this.mockMvc.perform(formLogin()).andExpect(authenticated()
+				.withAuthentication(auth -> assertThat(auth).isInstanceOf(UsernamePasswordAuthenticationToken.class)));
 	}
 
 	@Test(expected = AssertionError.class)
 	public void withAuthenticationWhenNotMatchesThenFails() throws Exception {
-		this.mockMvc
-			.perform(formLogin())
-			.andExpect(authenticated().withAuthentication(auth -> assertThat(auth.getName()).isEqualTo("notmatch")));
+		this.mockMvc.perform(formLogin()).andExpect(
+				authenticated().withAuthentication(auth -> assertThat(auth.getName()).isEqualTo("notmatch")));
 	}
 
 	// SEC-2719
@@ -110,10 +109,14 @@ public class SecurityMockMvcResultMatchersTests {
 
 		@RestController
 		static class Controller {
+
 			@RequestMapping("/")
 			public String ok() {
 				return "ok";
 			}
+
 		}
+
 	}
+
 }
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/response/SecurityMockWithAuthoritiesMvcResultMatchersTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/response/SecurityMockWithAuthoritiesMvcResultMatchersTests.java
index 5753a20f98..33ce9a23bd 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/response/SecurityMockWithAuthoritiesMvcResultMatchersTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/response/SecurityMockWithAuthoritiesMvcResultMatchersTests.java
@@ -49,6 +49,7 @@ import org.springframework.web.servlet.config.annotation.EnableWebMvc;
 @ContextConfiguration(classes = SecurityMockWithAuthoritiesMvcResultMatchersTests.Config.class)
 @WebAppConfiguration
 public class SecurityMockWithAuthoritiesMvcResultMatchersTests {
+
 	@Autowired
 	private WebApplicationContext context;
 
@@ -56,8 +57,7 @@ public class SecurityMockWithAuthoritiesMvcResultMatchersTests {
 
 	@Before
 	public void setup() {
-		mockMvc = MockMvcBuilders.webAppContextSetup(context).apply(springSecurity())
-				.build();
+		mockMvc = MockMvcBuilders.webAppContextSetup(context).apply(springSecurity()).build();
 	}
 
 	@Test
@@ -65,8 +65,7 @@ public class SecurityMockWithAuthoritiesMvcResultMatchersTests {
 		List<SimpleGrantedAuthority> grantedAuthorities = new ArrayList<>();
 		grantedAuthorities.add(new SimpleGrantedAuthority("ROLE_ADMIN"));
 		grantedAuthorities.add(new SimpleGrantedAuthority("ROLE_SELLER"));
-		mockMvc.perform(formLogin())
-				.andExpect(authenticated().withAuthorities(grantedAuthorities));
+		mockMvc.perform(formLogin()).andExpect(authenticated().withAuthorities(grantedAuthorities));
 	}
 
 	@Test(expected = AssertionError.class)
@@ -90,10 +89,14 @@ public class SecurityMockWithAuthoritiesMvcResultMatchersTests {
 
 		@RestController
 		static class Controller {
+
 			@RequestMapping("/")
 			public String ok() {
 				return "ok";
 			}
+
 		}
+
 	}
+
 }
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurerTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurerTests.java
index 9bb74d7966..97e19fbb17 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurerTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurerTests.java
@@ -36,14 +36,19 @@ import static org.mockito.Mockito.when;
 
 @RunWith(MockitoJUnitRunner.class)
 public class SecurityMockMvcConfigurerTests {
+
 	@Mock
 	private Filter filter;
+
 	@Mock
 	private Filter beanFilter;
+
 	@Mock
 	private ConfigurableMockMvcBuilder<?> builder;
+
 	@Mock
 	private WebApplicationContext context;
+
 	@Mock
 	private ServletContext servletContext;
 
@@ -61,8 +66,7 @@ public class SecurityMockMvcConfigurerTests {
 		configurer.beforeMockMvcCreated(this.builder, this.context);
 
 		assertFilterAdded(this.filter);
-		verify(this.servletContext).setAttribute(BeanIds.SPRING_SECURITY_FILTER_CHAIN,
-				this.filter);
+		verify(this.servletContext).setAttribute(BeanIds.SPRING_SECURITY_FILTER_CHAIN, this.filter);
 	}
 
 	@Test
@@ -95,15 +99,15 @@ public class SecurityMockMvcConfigurerTests {
 	}
 
 	private void assertFilterAdded(Filter filter) {
-		ArgumentCaptor<SecurityMockMvcConfigurer.DelegateFilter> filterArg = ArgumentCaptor.forClass(
-				SecurityMockMvcConfigurer.DelegateFilter.class);
+		ArgumentCaptor<SecurityMockMvcConfigurer.DelegateFilter> filterArg = ArgumentCaptor
+				.forClass(SecurityMockMvcConfigurer.DelegateFilter.class);
 		verify(this.builder).addFilters(filterArg.capture());
 		assertThat(filterArg.getValue().getDelegate()).isEqualTo(filter);
 	}
 
 	private void returnFilterBean() {
 		when(this.context.containsBean(anyString())).thenReturn(true);
-		when(this.context.getBean(anyString(), eq(Filter.class)))
-				.thenReturn(this.beanFilter);
+		when(this.context.getBean(anyString(), eq(Filter.class))).thenReturn(this.beanFilter);
 	}
+
 }
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurersTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurersTests.java
index 162114d6ee..44e0452330 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurersTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurersTests.java
@@ -42,46 +42,45 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
 @RunWith(SpringRunner.class)
 @WebAppConfiguration
 public class SecurityMockMvcConfigurersTests {
+
 	@Autowired
 	WebApplicationContext wac;
 
 	Filter noOpFilter = mock(Filter.class);
 
 	/**
-	 * Since noOpFilter is first does not continue the chain, security will not be invoked and the status should be OK
-	 *
+	 * Since noOpFilter is first does not continue the chain, security will not be invoked
+	 * and the status should be OK
 	 * @throws Exception
 	 */
 	@Test
 	public void applySpringSecurityWhenAddFilterFirstThenFilterFirst() throws Exception {
-		MockMvc mockMvc = MockMvcBuilders.webAppContextSetup(this.wac)
-			.addFilters(this.noOpFilter)
-			.apply(springSecurity())
-			.build();
+		MockMvc mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).addFilters(this.noOpFilter)
+				.apply(springSecurity()).build();
 
-		mockMvc.perform(get("/"))
-			.andExpect(status().isOk());
+		mockMvc.perform(get("/")).andExpect(status().isOk());
 	}
 
 	/**
-	 * Since noOpFilter is second security will be invoked and the status will be not OK. We know this because if noOpFilter
-	 * were first security would not be invoked sincet noOpFilter does not continue the FilterChain
+	 * Since noOpFilter is second security will be invoked and the status will be not OK.
+	 * We know this because if noOpFilter were first security would not be invoked sincet
+	 * noOpFilter does not continue the FilterChain
 	 * @throws Exception
 	 */
 	@Test
 	public void applySpringSecurityWhenAddFilterSecondThenSecurityFirst() throws Exception {
-		MockMvc mockMvc = MockMvcBuilders.webAppContextSetup(this.wac)
-				.apply(springSecurity())
-				.addFilters(this.noOpFilter)
-				.build();
+		MockMvc mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).apply(springSecurity())
+				.addFilters(this.noOpFilter).build();
 
-		mockMvc.perform(get("/"))
-				.andExpect(status().is4xxClientError());
+		mockMvc.perform(get("/")).andExpect(status().is4xxClientError());
 	}
 
 	@Configuration
 	@EnableWebMvc
 	@EnableWebSecurity
 	@Import(AuthenticationTestConfiguration.class)
-	static class Config {}
+	static class Config {
+
+	}
+
 }
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/CsrfShowcaseTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/CsrfShowcaseTests.java
index b61a4247ef..99ee310c1c 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/CsrfShowcaseTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/CsrfShowcaseTests.java
@@ -83,5 +83,7 @@ public class CsrfShowcaseTests {
 					.withUser("user").password("password").roles("USER");
 			// @formatter:on
 		}
+
 	}
+
 }
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/CustomCsrfShowcaseTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/CustomCsrfShowcaseTests.java
index ad66e089a1..211d5929d9 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/CustomCsrfShowcaseTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/CustomCsrfShowcaseTests.java
@@ -56,8 +56,8 @@ public class CustomCsrfShowcaseTests {
 
 	@Before
 	public void setup() {
-		mvc = MockMvcBuilders.webAppContextSetup(context)
-				.defaultRequest(get("/").with(csrf())).apply(springSecurity()).build();
+		mvc = MockMvcBuilders.webAppContextSetup(context).defaultRequest(get("/").with(csrf())).apply(springSecurity())
+				.build();
 	}
 
 	@Test
@@ -98,5 +98,7 @@ public class CustomCsrfShowcaseTests {
 			repo.setParameterName("custom_csrf");
 			return repo;
 		}
+
 	}
+
 }
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/DefaultCsrfShowcaseTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/DefaultCsrfShowcaseTests.java
index 42081d209f..5c7480e343 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/DefaultCsrfShowcaseTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/DefaultCsrfShowcaseTests.java
@@ -48,8 +48,8 @@ public class DefaultCsrfShowcaseTests {
 
 	@Before
 	public void setup() {
-		mvc = MockMvcBuilders.webAppContextSetup(context)
-				.defaultRequest(get("/").with(csrf())).apply(springSecurity()).build();
+		mvc = MockMvcBuilders.webAppContextSetup(context).defaultRequest(get("/").with(csrf())).apply(springSecurity())
+				.build();
 	}
 
 	@Test
@@ -78,5 +78,7 @@ public class DefaultCsrfShowcaseTests {
 					.withUser("user").password("password").roles("USER");
 			// @formatter:on
 		}
+
 	}
+
 }
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/AuthenticationTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/AuthenticationTests.java
index bc445ea770..24665d3289 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/AuthenticationTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/AuthenticationTests.java
@@ -54,10 +54,8 @@ public class AuthenticationTests {
 
 	@Before
 	public void setup() {
-		mvc = MockMvcBuilders.webAppContextSetup(context)
-				.apply(springSecurity())
-				.defaultRequest(get("/").accept(MediaType.TEXT_HTML))
-				.build();
+		mvc = MockMvcBuilders.webAppContextSetup(context).apply(springSecurity())
+				.defaultRequest(get("/").accept(MediaType.TEXT_HTML)).build();
 	}
 
 	@Test
@@ -67,29 +65,26 @@ public class AuthenticationTests {
 
 	@Test
 	public void httpBasicAuthenticationSuccess() throws Exception {
-		mvc.perform(get("/secured/butnotfound").with(httpBasic("user", "password")))
-				.andExpect(status().isNotFound())
+		mvc.perform(get("/secured/butnotfound").with(httpBasic("user", "password"))).andExpect(status().isNotFound())
 				.andExpect(authenticated().withUsername("user"));
 	}
 
 	@Test
 	public void authenticationSuccess() throws Exception {
-		mvc.perform(formLogin()).andExpect(status().isFound())
-				.andExpect(redirectedUrl("/"))
+		mvc.perform(formLogin()).andExpect(status().isFound()).andExpect(redirectedUrl("/"))
 				.andExpect(authenticated().withUsername("user"));
 	}
 
 	@Test
 	public void authenticationFailed() throws Exception {
-		mvc.perform(formLogin().user("user").password("invalid"))
-				.andExpect(status().isFound())
-				.andExpect(redirectedUrl("/login?error"))
-				.andExpect(unauthenticated());
+		mvc.perform(formLogin().user("user").password("invalid")).andExpect(status().isFound())
+				.andExpect(redirectedUrl("/login?error")).andExpect(unauthenticated());
 	}
 
 	@EnableWebSecurity
 	@EnableWebMvc
 	static class Config extends WebSecurityConfigurerAdapter {
+
 		@Bean
 		public UserDetailsService userDetailsService() {
 			// @formatter:off
@@ -97,5 +92,7 @@ public class AuthenticationTests {
 			return new InMemoryUserDetailsManager(user);
 			// @formatter:on
 		}
+
 	}
+
 }
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomConfigAuthenticationTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomConfigAuthenticationTests.java
index eedcc107fc..2edcd0e68a 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomConfigAuthenticationTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomConfigAuthenticationTests.java
@@ -64,26 +64,21 @@ public class CustomConfigAuthenticationTests {
 
 	@Test
 	public void authenticationSuccess() throws Exception {
-		mvc.perform(
-				formLogin("/authenticate").user("user", "user").password("pass",
-						"password")).andExpect(status().isFound())
-				.andExpect(redirectedUrl("/"))
+		mvc.perform(formLogin("/authenticate").user("user", "user").password("pass", "password"))
+				.andExpect(status().isFound()).andExpect(redirectedUrl("/"))
 				.andExpect(authenticated().withUsername("user"));
 	}
 
 	@Test
 	public void withUserSuccess() throws Exception {
-		mvc.perform(get("/").with(user("user")))
-				.andExpect(status().isNotFound())
+		mvc.perform(get("/").with(user("user"))).andExpect(status().isNotFound())
 				.andExpect(authenticated().withUsername("user"));
 	}
 
 	@Test
 	public void authenticationFailed() throws Exception {
-		mvc.perform(
-				formLogin("/authenticate").user("user", "notfound").password("pass",
-						"invalid")).andExpect(status().isFound())
-				.andExpect(redirectedUrl("/authenticate?error"))
+		mvc.perform(formLogin("/authenticate").user("user", "notfound").password("pass", "invalid"))
+				.andExpect(status().isFound()).andExpect(redirectedUrl("/authenticate?error"))
 				.andExpect(unauthenticated());
 	}
 
@@ -122,5 +117,7 @@ public class CustomConfigAuthenticationTests {
 			repo.setSpringSecurityContextKey("CUSTOM");
 			return repo;
 		}
+
 	}
+
 }
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomLoginRequestBuilderAuthenticationTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomLoginRequestBuilderAuthenticationTests.java
index 821efe3b88..8fed1f3daa 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomLoginRequestBuilderAuthenticationTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomLoginRequestBuilderAuthenticationTests.java
@@ -58,23 +58,18 @@ public class CustomLoginRequestBuilderAuthenticationTests {
 
 	@Test
 	public void authenticationSuccess() throws Exception {
-		mvc.perform(login())
-				.andExpect(status().isFound())
-				.andExpect(redirectedUrl("/"))
+		mvc.perform(login()).andExpect(status().isFound()).andExpect(redirectedUrl("/"))
 				.andExpect(authenticated().withUsername("user"));
 	}
 
 	@Test
 	public void authenticationFailed() throws Exception {
-		mvc.perform(login().user("notfound").password("invalid"))
-				.andExpect(status().isFound())
-				.andExpect(redirectedUrl("/authenticate?error"))
-				.andExpect(unauthenticated());
+		mvc.perform(login().user("notfound").password("invalid")).andExpect(status().isFound())
+				.andExpect(redirectedUrl("/authenticate?error")).andExpect(unauthenticated());
 	}
 
 	static FormLoginRequestBuilder login() {
-		return SecurityMockMvcRequestBuilders.formLogin("/authenticate")
-				.userParameter("user").passwordParam("pass");
+		return SecurityMockMvcRequestBuilders.formLogin("/authenticate").userParameter("user").passwordParam("pass");
 	}
 
 	@EnableWebSecurity
@@ -102,5 +97,7 @@ public class CustomLoginRequestBuilderAuthenticationTests {
 			return new InMemoryUserDetailsManager(user);
 		}
 		// @formatter:on
+
 	}
+
 }
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/DefaultfSecurityRequestsTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/DefaultfSecurityRequestsTests.java
index 31858ba6d6..db78fdeed0 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/DefaultfSecurityRequestsTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/DefaultfSecurityRequestsTests.java
@@ -49,15 +49,14 @@ public class DefaultfSecurityRequestsTests {
 
 	@Before
 	public void setup() {
-		mvc = MockMvcBuilders.webAppContextSetup(context)
-				.defaultRequest(get("/").with(user("user").roles("ADMIN")))
+		mvc = MockMvcBuilders.webAppContextSetup(context).defaultRequest(get("/").with(user("user").roles("ADMIN")))
 				.apply(springSecurity()).build();
 	}
 
 	@Test
 	public void requestProtectedUrlWithUser() throws Exception {
 		mvc.perform(get("/"))
-		// Ensure we got past Security
+				// Ensure we got past Security
 				.andExpect(status().isNotFound())
 				// Ensure it appears we are authenticated with user
 				.andExpect(authenticated().withUsername("user"));
@@ -66,7 +65,7 @@ public class DefaultfSecurityRequestsTests {
 	@Test
 	public void requestProtectedUrlWithAdmin() throws Exception {
 		mvc.perform(get("/admin"))
-		// Ensure we got past Security
+				// Ensure we got past Security
 				.andExpect(status().isNotFound())
 				// Ensure it appears we are authenticated with user
 				.andExpect(authenticated().withUsername("user"));
@@ -105,5 +104,7 @@ public class DefaultfSecurityRequestsTests {
 					.withUser("user").password("password").roles("USER");
 			// @formatter:on
 		}
+
 	}
+
 }
\ No newline at end of file
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/SecurityRequestsTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/SecurityRequestsTests.java
index 4514754ff5..964aa64793 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/SecurityRequestsTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/SecurityRequestsTests.java
@@ -63,7 +63,7 @@ public class SecurityRequestsTests {
 	@Test
 	public void requestProtectedUrlWithUser() throws Exception {
 		mvc.perform(get("/").with(user("user")))
-		// Ensure we got past Security
+				// Ensure we got past Security
 				.andExpect(status().isNotFound())
 				// Ensure it appears we are authenticated with user
 				.andExpect(authenticated().withUsername("user"));
@@ -72,7 +72,7 @@ public class SecurityRequestsTests {
 	@Test
 	public void requestProtectedUrlWithAdmin() throws Exception {
 		mvc.perform(get("/admin").with(user("admin").roles("ADMIN")))
-		// Ensure we got past Security
+				// Ensure we got past Security
 				.andExpect(status().isNotFound())
 				// Ensure it appears we are authenticated with admin
 				.andExpect(authenticated().withUsername("admin"));
@@ -82,7 +82,7 @@ public class SecurityRequestsTests {
 	public void requestProtectedUrlWithUserDetails() throws Exception {
 		UserDetails user = userDetailsService.loadUserByUsername("user");
 		mvc.perform(get("/").with(user(user)))
-		// Ensure we got past Security
+				// Ensure we got past Security
 				.andExpect(status().isNotFound())
 				// Ensure it appears we are authenticated with user
 				.andExpect(authenticated().withAuthenticationPrincipal(user));
@@ -90,10 +90,9 @@ public class SecurityRequestsTests {
 
 	@Test
 	public void requestProtectedUrlWithAuthentication() throws Exception {
-		Authentication authentication = new TestingAuthenticationToken("test", "notused",
-				"ROLE_USER");
+		Authentication authentication = new TestingAuthenticationToken("test", "notused", "ROLE_USER");
 		mvc.perform(get("/").with(authentication(authentication)))
-		// Ensure we got past Security
+				// Ensure we got past Security
 				.andExpect(status().isNotFound())
 				// Ensure it appears we are authenticated with user
 				.andExpect(authenticated().withAuthentication(authentication));
@@ -129,5 +128,7 @@ public class SecurityRequestsTests {
 		public UserDetailsService userDetailsServiceBean() throws Exception {
 			return super.userDetailsServiceBean();
 		}
+
 	}
+
 }
\ No newline at end of file
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithAdminRob.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithAdminRob.java
index bf65b937c5..1c8d7ed3c5 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithAdminRob.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithAdminRob.java
@@ -28,6 +28,7 @@ import org.springframework.security.test.context.support.WithMockUser;
 @Retention(RetentionPolicy.RUNTIME)
 @Inherited
 @Documented
-@WithMockUser(value="rob", roles="ADMIN")
+@WithMockUser(value = "rob", roles = "ADMIN")
 public @interface WithAdminRob {
+
 }
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserAuthenticationTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserAuthenticationTests.java
index 4a58ac6bde..8d18ae7c11 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserAuthenticationTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserAuthenticationTests.java
@@ -49,15 +49,14 @@ public class WithUserAuthenticationTests {
 
 	@Before
 	public void setup() {
-		mvc = MockMvcBuilders.webAppContextSetup(context)
-				.apply(SecurityMockMvcConfigurers.springSecurity()).build();
+		mvc = MockMvcBuilders.webAppContextSetup(context).apply(SecurityMockMvcConfigurers.springSecurity()).build();
 	}
 
 	@Test
 	@WithMockUser
 	public void requestProtectedUrlWithUser() throws Exception {
 		mvc.perform(get("/"))
-		// Ensure we got past Security
+				// Ensure we got past Security
 				.andExpect(status().isNotFound())
 				// Ensure it appears we are authenticated with user
 				.andExpect(authenticated().withUsername("user"));
@@ -67,7 +66,7 @@ public class WithUserAuthenticationTests {
 	@WithAdminRob
 	public void requestProtectedUrlWithAdminRob() throws Exception {
 		mvc.perform(get("/"))
-		// Ensure we got past Security
+				// Ensure we got past Security
 				.andExpect(status().isNotFound())
 				// Ensure it appears we are authenticated with user
 				.andExpect(authenticated().withUsername("rob").withRoles("ADMIN"));
@@ -77,7 +76,7 @@ public class WithUserAuthenticationTests {
 	@WithMockUser(roles = "ADMIN")
 	public void requestProtectedUrlWithAdmin() throws Exception {
 		mvc.perform(get("/admin"))
-		// Ensure we got past Security
+				// Ensure we got past Security
 				.andExpect(status().isNotFound())
 				// Ensure it appears we are authenticated with user
 				.andExpect(authenticated().withUsername("user").withRoles("ADMIN"));
@@ -107,5 +106,7 @@ public class WithUserAuthenticationTests {
 					.withUser("user").password("password").roles("USER");
 			// @formatter:on
 		}
+
 	}
+
 }
\ No newline at end of file
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserClassLevelAuthenticationTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserClassLevelAuthenticationTests.java
index a0bd420579..fd2460f0ba 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserClassLevelAuthenticationTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserClassLevelAuthenticationTests.java
@@ -58,7 +58,7 @@ public class WithUserClassLevelAuthenticationTests {
 	@Test
 	public void requestProtectedUrlWithUser() throws Exception {
 		mvc.perform(get("/"))
-		// Ensure we got past Security
+				// Ensure we got past Security
 				.andExpect(status().isNotFound())
 				// Ensure it appears we are authenticated with user
 				.andExpect(authenticated().withUsername("user"));
@@ -67,7 +67,7 @@ public class WithUserClassLevelAuthenticationTests {
 	@Test
 	public void requestProtectedUrlWithAdmin() throws Exception {
 		mvc.perform(get("/admin"))
-		// Ensure we got past Security
+				// Ensure we got past Security
 				.andExpect(status().isNotFound())
 				// Ensure it appears we are authenticated with user
 				.andExpect(authenticated().withUsername("user").withRoles("ADMIN"));
@@ -107,5 +107,7 @@ public class WithUserClassLevelAuthenticationTests {
 					.withUser("user").password("password").roles("USER");
 			// @formatter:on
 		}
+
 	}
+
 }
\ No newline at end of file
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserDetailsAuthenticationTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserDetailsAuthenticationTests.java
index be7234f3ef..e5faa59067 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserDetailsAuthenticationTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserDetailsAuthenticationTests.java
@@ -58,7 +58,7 @@ public class WithUserDetailsAuthenticationTests {
 	@WithUserDetails
 	public void requestProtectedUrlWithUser() throws Exception {
 		mvc.perform(get("/"))
-		// Ensure we got past Security
+				// Ensure we got past Security
 				.andExpect(status().isNotFound())
 				// Ensure it appears we are authenticated with user
 				.andExpect(authenticated().withUsername("user"));
@@ -71,8 +71,7 @@ public class WithUserDetailsAuthenticationTests {
 				// Ensure we got past Security
 				.andExpect(status().isNotFound())
 				// Ensure it appears we are authenticated with user
-				.andExpect(
-						authenticated().withUsername("admin").withRoles("ADMIN", "USER"));
+				.andExpect(authenticated().withUsername("admin").withRoles("ADMIN", "USER"));
 	}
 
 	@EnableWebSecurity
@@ -106,5 +105,7 @@ public class WithUserDetailsAuthenticationTests {
 					.withUser("admin").password("password").roles("USER", "ADMIN");
 			// @formatter:on
 		}
+
 	}
+
 }
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserDetailsClassLevelAuthenticationTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserDetailsClassLevelAuthenticationTests.java
index 9c34d662df..e6a0007a01 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserDetailsClassLevelAuthenticationTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserDetailsClassLevelAuthenticationTests.java
@@ -61,8 +61,7 @@ public class WithUserDetailsClassLevelAuthenticationTests {
 				// Ensure we got past Security
 				.andExpect(status().isNotFound())
 				// Ensure it appears we are authenticated with user
-				.andExpect(
-						authenticated().withUsername("admin").withRoles("ADMIN", "USER"));
+				.andExpect(authenticated().withUsername("admin").withRoles("ADMIN", "USER"));
 	}
 
 	@Test
@@ -71,8 +70,7 @@ public class WithUserDetailsClassLevelAuthenticationTests {
 				// Ensure we got past Security
 				.andExpect(status().isNotFound())
 				// Ensure it appears we are authenticated with user
-				.andExpect(
-						authenticated().withUsername("admin").withRoles("ADMIN", "USER"));
+				.andExpect(authenticated().withUsername("admin").withRoles("ADMIN", "USER"));
 	}
 
 	@EnableWebSecurity
@@ -106,5 +104,7 @@ public class WithUserDetailsClassLevelAuthenticationTests {
 					.withUser("admin").password("password").roles("USER", "ADMIN");
 			// @formatter:on
 		}
+
 	}
+
 }
diff --git a/test/src/test/java/org/springframework/security/test/web/support/WebTestUtilsTests.java b/test/src/test/java/org/springframework/security/test/web/support/WebTestUtilsTests.java
index 914eb046b5..bed3c0dc20 100644
--- a/test/src/test/java/org/springframework/security/test/web/support/WebTestUtilsTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/support/WebTestUtilsTests.java
@@ -47,12 +47,15 @@ import static org.springframework.security.test.web.support.WebTestUtils.getSecu
 
 @RunWith(MockitoJUnitRunner.class)
 public class WebTestUtilsTests {
+
 	@Mock
 	private SecurityContextRepository contextRepo;
+
 	@Mock
 	private CsrfTokenRepository csrfRepo;
 
 	private MockHttpServletRequest request;
+
 	private ConfigurableApplicationContext context;
 
 	@Before
@@ -69,22 +72,19 @@ public class WebTestUtilsTests {
 
 	@Test
 	public void getCsrfTokenRepositorytNoWac() {
-		assertThat(getCsrfTokenRepository(this.request))
-				.isInstanceOf(HttpSessionCsrfTokenRepository.class);
+		assertThat(getCsrfTokenRepository(this.request)).isInstanceOf(HttpSessionCsrfTokenRepository.class);
 	}
 
 	@Test
 	public void getCsrfTokenRepositorytNoSecurity() {
 		loadConfig(Config.class);
-		assertThat(getCsrfTokenRepository(this.request))
-				.isInstanceOf(HttpSessionCsrfTokenRepository.class);
+		assertThat(getCsrfTokenRepository(this.request)).isInstanceOf(HttpSessionCsrfTokenRepository.class);
 	}
 
 	@Test
 	public void getCsrfTokenRepositorytSecurityNoCsrf() {
 		loadConfig(SecurityNoCsrfConfig.class);
-		assertThat(getCsrfTokenRepository(this.request))
-				.isInstanceOf(HttpSessionCsrfTokenRepository.class);
+		assertThat(getCsrfTokenRepository(this.request)).isInstanceOf(HttpSessionCsrfTokenRepository.class);
 	}
 
 	@Test
@@ -99,22 +99,19 @@ public class WebTestUtilsTests {
 
 	@Test
 	public void getSecurityContextRepositoryNoWac() {
-		assertThat(getSecurityContextRepository(this.request))
-				.isInstanceOf(HttpSessionSecurityContextRepository.class);
+		assertThat(getSecurityContextRepository(this.request)).isInstanceOf(HttpSessionSecurityContextRepository.class);
 	}
 
 	@Test
 	public void getSecurityContextRepositoryNoSecurity() {
 		loadConfig(Config.class);
-		assertThat(getSecurityContextRepository(this.request))
-				.isInstanceOf(HttpSessionSecurityContextRepository.class);
+		assertThat(getSecurityContextRepository(this.request)).isInstanceOf(HttpSessionSecurityContextRepository.class);
 	}
 
 	@Test
 	public void getSecurityContextRepositorySecurityNoCsrf() {
 		loadConfig(SecurityNoCsrfConfig.class);
-		assertThat(getSecurityContextRepository(this.request))
-				.isInstanceOf(HttpSessionSecurityContextRepository.class);
+		assertThat(getSecurityContextRepository(this.request)).isInstanceOf(HttpSessionSecurityContextRepository.class);
 	}
 
 	@Test
@@ -130,8 +127,7 @@ public class WebTestUtilsTests {
 	public void findFilterNoMatchingFilters() {
 		loadConfig(PartialSecurityConfig.class);
 
-		assertThat(WebTestUtils.findFilter(this.request,
-				SecurityContextPersistenceFilter.class)).isNull();
+		assertThat(WebTestUtils.findFilter(this.request, SecurityContextPersistenceFilter.class)).isNull();
 	}
 
 	@Test
@@ -141,11 +137,9 @@ public class WebTestUtilsTests {
 		CsrfFilter toFind = new CsrfFilter(new HttpSessionCsrfTokenRepository());
 		FilterChainProxy springSecurityFilterChain = new FilterChainProxy(
 				new DefaultSecurityFilterChain(AnyRequestMatcher.INSTANCE, toFind));
-		this.request.getServletContext().setAttribute(
-				BeanIds.SPRING_SECURITY_FILTER_CHAIN, springSecurityFilterChain);
+		this.request.getServletContext().setAttribute(BeanIds.SPRING_SECURITY_FILTER_CHAIN, springSecurityFilterChain);
 
-		assertThat(WebTestUtils.findFilter(this.request, toFind.getClass()))
-				.isEqualTo(toFind);
+		assertThat(WebTestUtils.findFilter(this.request, toFind.getClass())).isEqualTo(toFind);
 	}
 
 	@Test
@@ -155,11 +149,9 @@ public class WebTestUtilsTests {
 		CsrfFilter toFind = new CsrfFilter(new HttpSessionCsrfTokenRepository());
 		FilterChainProxy springSecurityFilterChain = new FilterChainProxy(
 				new DefaultSecurityFilterChain(AnyRequestMatcher.INSTANCE, toFind));
-		this.request.getServletContext().setAttribute(
-				BeanIds.SPRING_SECURITY_FILTER_CHAIN, springSecurityFilterChain);
+		this.request.getServletContext().setAttribute(BeanIds.SPRING_SECURITY_FILTER_CHAIN, springSecurityFilterChain);
 
-		assertThat(WebTestUtils.findFilter(this.request, toFind.getClass()))
-				.isSameAs(toFind);
+		assertThat(WebTestUtils.findFilter(this.request, toFind.getClass())).isSameAs(toFind);
 	}
 
 	private void loadConfig(Class<?> config) {
@@ -167,12 +159,13 @@ public class WebTestUtilsTests {
 		context.register(config);
 		context.refresh();
 		this.context = context;
-		this.request.getServletContext().setAttribute(
-				WebApplicationContext.ROOT_WEB_APPLICATION_CONTEXT_ATTRIBUTE, context);
+		this.request.getServletContext().setAttribute(WebApplicationContext.ROOT_WEB_APPLICATION_CONTEXT_ATTRIBUTE,
+				context);
 	}
 
 	@Configuration
 	static class Config {
+
 	}
 
 	@EnableWebSecurity
@@ -182,10 +175,12 @@ public class WebTestUtilsTests {
 		protected void configure(HttpSecurity http) throws Exception {
 			http.csrf().disable();
 		}
+
 	}
 
 	@EnableWebSecurity
 	static class CustomSecurityConfig extends WebSecurityConfigurerAdapter {
+
 		static CsrfTokenRepository CSRF_REPO;
 		static SecurityContextRepository CONTEXT_REPO;
 
@@ -200,6 +195,7 @@ public class WebTestUtilsTests {
 					.securityContextRepository(CONTEXT_REPO);
 			// @formatter:on
 		}
+
 	}
 
 	@EnableWebSecurity
@@ -212,14 +208,17 @@ public class WebTestUtilsTests {
 				.antMatcher("/willnotmatchthis");
 			// @formatter:on
 		}
+
 	}
 
 	@Configuration
 	static class NoSecurityConfig {
+
 	}
 
 	@EnableWebSecurity
 	static class SecurityConfigWithDefaults extends WebSecurityConfigurerAdapter {
 
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/AuthenticationEntryPoint.java b/web/src/main/java/org/springframework/security/web/AuthenticationEntryPoint.java
index 3e992ad67f..fe20e437ea 100644
--- a/web/src/main/java/org/springframework/security/web/AuthenticationEntryPoint.java
+++ b/web/src/main/java/org/springframework/security/web/AuthenticationEntryPoint.java
@@ -31,6 +31,7 @@ import javax.servlet.http.HttpServletResponse;
  * @author Ben Alex
  */
 public interface AuthenticationEntryPoint {
+
 	// ~ Methods
 	// ========================================================================================================
 
@@ -44,12 +45,12 @@ public interface AuthenticationEntryPoint {
 	 * <p>
 	 * Implementations should modify the headers on the <code>ServletResponse</code> as
 	 * necessary to commence the authentication process.
-	 *
 	 * @param request that resulted in an <code>AuthenticationException</code>
 	 * @param response so that the user agent can begin authentication
 	 * @param authException that caused the invocation
 	 *
 	 */
-	void commence(HttpServletRequest request, HttpServletResponse response,
-			AuthenticationException authException) throws IOException, ServletException;
+	void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException)
+			throws IOException, ServletException;
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/DefaultRedirectStrategy.java b/web/src/main/java/org/springframework/security/web/DefaultRedirectStrategy.java
index 983f5ce29c..e8db558a53 100644
--- a/web/src/main/java/org/springframework/security/web/DefaultRedirectStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/DefaultRedirectStrategy.java
@@ -45,8 +45,7 @@ public class DefaultRedirectStrategy implements RedirectStrategy {
 	 * information (HTTP or HTTPS), so will cause problems if a redirect is being
 	 * performed to change to HTTPS, for example.
 	 */
-	public void sendRedirect(HttpServletRequest request, HttpServletResponse response,
-			String url) throws IOException {
+	public void sendRedirect(HttpServletRequest request, HttpServletResponse response, String url) throws IOException {
 		String redirectUrl = calculateRedirectUrl(request.getContextPath(), url);
 		redirectUrl = response.encodeRedirectURL(redirectUrl);
 
@@ -98,10 +97,11 @@ public class DefaultRedirectStrategy implements RedirectStrategy {
 	}
 
 	/**
-	 * Returns <tt>true</tt>, if the redirection URL should be calculated
-	 * minus the protocol and context path (defaults to <tt>false</tt>).
+	 * Returns <tt>true</tt>, if the redirection URL should be calculated minus the
+	 * protocol and context path (defaults to <tt>false</tt>).
 	 */
 	protected boolean isContextRelative() {
 		return contextRelative;
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/DefaultSecurityFilterChain.java b/web/src/main/java/org/springframework/security/web/DefaultSecurityFilterChain.java
index d4e5a0e4fa..85d3efeab2 100644
--- a/web/src/main/java/org/springframework/security/web/DefaultSecurityFilterChain.java
+++ b/web/src/main/java/org/springframework/security/web/DefaultSecurityFilterChain.java
@@ -27,12 +27,14 @@ import java.util.*;
  * Standard implementation of {@code SecurityFilterChain}.
  *
  * @author Luke Taylor
- *
  * @since 3.1
  */
 public final class DefaultSecurityFilterChain implements SecurityFilterChain {
+
 	private static final Log logger = LogFactory.getLog(DefaultSecurityFilterChain.class);
+
 	private final RequestMatcher requestMatcher;
+
 	private final List<Filter> filters;
 
 	public DefaultSecurityFilterChain(RequestMatcher requestMatcher, Filter... filters) {
@@ -61,4 +63,5 @@ public final class DefaultSecurityFilterChain implements SecurityFilterChain {
 	public String toString() {
 		return "[ " + requestMatcher + ", " + filters + "]";
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/FilterChainProxy.java b/web/src/main/java/org/springframework/security/web/FilterChainProxy.java
index a27c4dd324..05de25a48f 100644
--- a/web/src/main/java/org/springframework/security/web/FilterChainProxy.java
+++ b/web/src/main/java/org/springframework/security/web/FilterChainProxy.java
@@ -59,9 +59,9 @@ import java.util.*;
  * and a list of filters which should be applied to matching requests. Most applications
  * will only contain a single filter chain, and if you are using the namespace, you don't
  * have to set the chains explicitly. If you require finer-grained control, you can make
- * use of the {@code <filter-chain>} namespace element. This defines a URI pattern
- * and the list of filters (as comma-separated bean names) which should be applied to
- * requests which match the pattern. An example configuration might look like this:
+ * use of the {@code <filter-chain>} namespace element. This defines a URI pattern and the
+ * list of filters (as comma-separated bean names) which should be applied to requests
+ * which match the pattern. An example configuration might look like this:
  *
  * <pre>
  *  &lt;bean id="myfilterChainProxy" class="org.springframework.security.web.FilterChainProxy"&gt;
@@ -136,6 +136,7 @@ import java.util.*;
  * @author Rob Winch
  */
 public class FilterChainProxy extends GenericFilterBean {
+
 	// ~ Static fields/initializers
 	// =====================================================================================
 
@@ -144,8 +145,7 @@ public class FilterChainProxy extends GenericFilterBean {
 	// ~ Instance fields
 	// ================================================================================================
 
-	private final static String FILTER_APPLIED = FilterChainProxy.class.getName().concat(
-			".APPLIED");
+	private final static String FILTER_APPLIED = FilterChainProxy.class.getName().concat(".APPLIED");
 
 	private List<SecurityFilterChain> filterChains;
 
@@ -175,14 +175,15 @@ public class FilterChainProxy extends GenericFilterBean {
 	}
 
 	@Override
-	public void doFilter(ServletRequest request, ServletResponse response,
-			FilterChain chain) throws IOException, ServletException {
+	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
+			throws IOException, ServletException {
 		boolean clearContext = request.getAttribute(FILTER_APPLIED) == null;
 		if (clearContext) {
 			try {
 				request.setAttribute(FILTER_APPLIED, Boolean.TRUE);
 				doFilterInternal(request, response, chain);
-			} catch (RequestRejectedException e) {
+			}
+			catch (RequestRejectedException e) {
 				this.requestRejectedHandler.handle((HttpServletRequest) request, (HttpServletResponse) response, e);
 			}
 			finally {
@@ -195,21 +196,18 @@ public class FilterChainProxy extends GenericFilterBean {
 		}
 	}
 
-	private void doFilterInternal(ServletRequest request, ServletResponse response,
-			FilterChain chain) throws IOException, ServletException {
+	private void doFilterInternal(ServletRequest request, ServletResponse response, FilterChain chain)
+			throws IOException, ServletException {
 
-		FirewalledRequest fwRequest = firewall
-				.getFirewalledRequest((HttpServletRequest) request);
-		HttpServletResponse fwResponse = firewall
-				.getFirewalledResponse((HttpServletResponse) response);
+		FirewalledRequest fwRequest = firewall.getFirewalledRequest((HttpServletRequest) request);
+		HttpServletResponse fwResponse = firewall.getFirewalledResponse((HttpServletResponse) response);
 
 		List<Filter> filters = getFilters(fwRequest);
 
 		if (filters == null || filters.size() == 0) {
 			if (logger.isDebugEnabled()) {
 				logger.debug(UrlUtils.buildRequestUrl(fwRequest)
-						+ (filters == null ? " has no matching filters"
-								: " has an empty filter list"));
+						+ (filters == null ? " has no matching filters" : " has an empty filter list"));
 			}
 
 			fwRequest.reset();
@@ -225,7 +223,6 @@ public class FilterChainProxy extends GenericFilterBean {
 
 	/**
 	 * Returns the first filter chain matching the supplied URL.
-	 *
 	 * @param request the request to match
 	 * @return an ordered array of Filters defining the filter chain
 	 */
@@ -241,13 +238,11 @@ public class FilterChainProxy extends GenericFilterBean {
 
 	/**
 	 * Convenience method, mainly for testing.
-	 *
 	 * @param url the URL
 	 * @return matching filter list
 	 */
 	public List<Filter> getFilters(String url) {
-		return getFilters(firewall.getFirewalledRequest((new FilterInvocation(url, "GET")
-				.getRequest())));
+		return getFilters(firewall.getFirewalledRequest((new FilterInvocation(url, "GET").getRequest())));
 	}
 
 	/**
@@ -261,7 +256,6 @@ public class FilterChainProxy extends GenericFilterBean {
 	/**
 	 * Used (internally) to specify a validation strategy for the filters in each
 	 * configured chain.
-	 *
 	 * @param filterChainValidator the validator instance which will be invoked on during
 	 * initialization to check the {@code FilterChainProxy} instance.
 	 */
@@ -273,7 +267,6 @@ public class FilterChainProxy extends GenericFilterBean {
 	 * Sets the "firewall" implementation which will be used to validate and wrap (or
 	 * potentially reject) the incoming requests. The default implementation should be
 	 * satisfactory for most requirements.
-	 *
 	 * @param firewall
 	 */
 	public void setFirewall(HttpFirewall firewall) {
@@ -281,7 +274,8 @@ public class FilterChainProxy extends GenericFilterBean {
 	}
 
 	/**
-	 * Sets the {@link RequestRejectedHandler} to be used for requests rejected by the firewall.
+	 * Sets the {@link RequestRejectedHandler} to be used for requests rejected by the
+	 * firewall.
 	 *
 	 * @since 5.2
 	 * @param requestRejectedHandler the {@link RequestRejectedHandler}
@@ -310,14 +304,19 @@ public class FilterChainProxy extends GenericFilterBean {
 	 * the additional internal list of filters which match the request.
 	 */
 	private static class VirtualFilterChain implements FilterChain {
+
 		private final FilterChain originalChain;
+
 		private final List<Filter> additionalFilters;
+
 		private final FirewalledRequest firewalledRequest;
+
 		private final int size;
+
 		private int currentPosition = 0;
 
-		private VirtualFilterChain(FirewalledRequest firewalledRequest,
-				FilterChain chain, List<Filter> additionalFilters) {
+		private VirtualFilterChain(FirewalledRequest firewalledRequest, FilterChain chain,
+				List<Filter> additionalFilters) {
 			this.originalChain = chain;
 			this.additionalFilters = additionalFilters;
 			this.size = additionalFilters.size();
@@ -325,8 +324,7 @@ public class FilterChainProxy extends GenericFilterBean {
 		}
 
 		@Override
-		public void doFilter(ServletRequest request, ServletResponse response)
-				throws IOException, ServletException {
+		public void doFilter(ServletRequest request, ServletResponse response) throws IOException, ServletException {
 			if (currentPosition == size) {
 				if (logger.isDebugEnabled()) {
 					logger.debug(UrlUtils.buildRequestUrl(firewalledRequest)
@@ -344,25 +342,29 @@ public class FilterChainProxy extends GenericFilterBean {
 				Filter nextFilter = additionalFilters.get(currentPosition - 1);
 
 				if (logger.isDebugEnabled()) {
-					logger.debug(UrlUtils.buildRequestUrl(firewalledRequest)
-							+ " at position " + currentPosition + " of " + size
-							+ " in additional filter chain; firing Filter: '"
+					logger.debug(UrlUtils.buildRequestUrl(firewalledRequest) + " at position " + currentPosition
+							+ " of " + size + " in additional filter chain; firing Filter: '"
 							+ nextFilter.getClass().getSimpleName() + "'");
 				}
 
 				nextFilter.doFilter(request, response, this);
 			}
 		}
+
 	}
 
 	public interface FilterChainValidator {
+
 		void validate(FilterChainProxy filterChainProxy);
+
 	}
 
 	private static class NullFilterChainValidator implements FilterChainValidator {
+
 		@Override
 		public void validate(FilterChainProxy filterChainProxy) {
 		}
+
 	}
 
 }
diff --git a/web/src/main/java/org/springframework/security/web/FilterInvocation.java b/web/src/main/java/org/springframework/security/web/FilterInvocation.java
index 97061e1872..1441bcf446 100644
--- a/web/src/main/java/org/springframework/security/web/FilterInvocation.java
+++ b/web/src/main/java/org/springframework/security/web/FilterInvocation.java
@@ -53,6 +53,7 @@ import org.springframework.security.web.util.UrlUtils;
  * @author Rob Winch
  */
 public class FilterInvocation {
+
 	// ~ Static fields
 	// ==================================================================================================
 	static final FilterChain DUMMY_CHAIN = (req, res) -> {
@@ -63,14 +64,15 @@ public class FilterInvocation {
 	// ================================================================================================
 
 	private FilterChain chain;
+
 	private HttpServletRequest request;
+
 	private HttpServletResponse response;
 
 	// ~ Constructors
 	// ===================================================================================================
 
-	public FilterInvocation(ServletRequest request, ServletResponse response,
-			FilterChain chain) {
+	public FilterInvocation(ServletRequest request, ServletResponse response, FilterChain chain) {
 		if ((request == null) || (response == null) || (chain == null)) {
 			throw new IllegalArgumentException("Cannot pass null values to constructor");
 		}
@@ -88,16 +90,14 @@ public class FilterInvocation {
 		this(contextPath, servletPath, null, null, method);
 	}
 
-	public FilterInvocation(String contextPath, String servletPath, String pathInfo,
-			String query, String method) {
+	public FilterInvocation(String contextPath, String servletPath, String pathInfo, String query, String method) {
 		DummyRequest request = new DummyRequest();
 		if (contextPath == null) {
 			contextPath = "/cp";
 		}
 		request.setContextPath(contextPath);
 		request.setServletPath(servletPath);
-		request.setRequestURI(
-				contextPath + servletPath + (pathInfo == null ? "" : pathInfo));
+		request.setRequestURI(contextPath + servletPath + (pathInfo == null ? "" : pathInfo));
 		request.setPathInfo(pathInfo);
 		request.setQueryString(query);
 		request.setMethod(method);
@@ -116,7 +116,6 @@ public class FilterInvocation {
 	 * <p>
 	 * The returned URL does <b>not</b> reflect the port number determined from a
 	 * {@link org.springframework.security.web.PortResolver}.
-	 *
 	 * @return the full URL of this request
 	 */
 	public String getFullRequestUrl() {
@@ -133,7 +132,6 @@ public class FilterInvocation {
 
 	/**
 	 * Obtains the web application-specific fragment of the URL.
-	 *
 	 * @return the URL, excluding any server name, context path or servlet path
 	 */
 	public String getRequestUrl() {
@@ -152,21 +150,29 @@ public class FilterInvocation {
 	public String toString() {
 		return "FilterInvocation: URL: " + getRequestUrl();
 	}
+
 }
 
 class DummyRequest extends HttpServletRequestWrapper {
-	private static final HttpServletRequest UNSUPPORTED_REQUEST = (HttpServletRequest) Proxy
-			.newProxyInstance(DummyRequest.class.getClassLoader(),
-					new Class[] { HttpServletRequest.class },
-					new UnsupportedOperationExceptionInvocationHandler());
+
+	private static final HttpServletRequest UNSUPPORTED_REQUEST = (HttpServletRequest) Proxy.newProxyInstance(
+			DummyRequest.class.getClassLoader(), new Class[] { HttpServletRequest.class },
+			new UnsupportedOperationExceptionInvocationHandler());
 
 	private String requestURI;
+
 	private String contextPath = "";
+
 	private String servletPath;
+
 	private String pathInfo;
+
 	private String queryString;
+
 	private String method;
+
 	private final HttpHeaders headers = new HttpHeaders();
+
 	private final Map<String, String[]> parameters = new LinkedHashMap<>();
 
 	DummyRequest() {
@@ -258,7 +264,7 @@ class DummyRequest extends HttpServletRequestWrapper {
 	@Override
 	public int getIntHeader(String name) {
 		String value = this.headers.getFirst(name);
-		if (value == null ) {
+		if (value == null) {
 			return -1;
 		}
 		else {
@@ -294,9 +300,11 @@ class DummyRequest extends HttpServletRequestWrapper {
 	public void setParameter(String name, String... values) {
 		this.parameters.put(name, values);
 	}
+
 }
 
 final class UnsupportedOperationExceptionInvocationHandler implements InvocationHandler {
+
 	private static final float JAVA_VERSION = Float.parseFloat(System.getProperty("java.class.version", "52"));
 
 	public Object invoke(Object proxy, Method method, Object[] args) throws Throwable {
@@ -311,14 +319,9 @@ final class UnsupportedOperationExceptionInvocationHandler implements Invocation
 			return invokeDefaultMethodForJdk8(proxy, method, args);
 		}
 		return MethodHandles.lookup()
-				.findSpecial(
-					method.getDeclaringClass(),
-					method.getName(),
-					MethodType.methodType(method.getReturnType(), new Class[0]),
-					method.getDeclaringClass()
-				)
-				.bindTo(proxy)
-				.invokeWithArguments(args);
+				.findSpecial(method.getDeclaringClass(), method.getName(),
+						MethodType.methodType(method.getReturnType(), new Class[0]), method.getDeclaringClass())
+				.bindTo(proxy).invokeWithArguments(args);
 	}
 
 	private Object invokeDefaultMethodForJdk8(Object proxy, Method method, Object[] args) throws Throwable {
@@ -326,14 +329,12 @@ final class UnsupportedOperationExceptionInvocationHandler implements Invocation
 		constructor.setAccessible(true);
 
 		Class<?> clazz = method.getDeclaringClass();
-		return constructor.newInstance(clazz)
-				.in(clazz)
-				.unreflectSpecial(method, clazz)
-				.bindTo(proxy)
+		return constructor.newInstance(clazz).in(clazz).unreflectSpecial(method, clazz).bindTo(proxy)
 				.invokeWithArguments(args);
 	}
 
 	private boolean isJdk8OrEarlier() {
 		return JAVA_VERSION <= 52;
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/PortMapper.java b/web/src/main/java/org/springframework/security/web/PortMapper.java
index ab21cc86a6..94388052de 100644
--- a/web/src/main/java/org/springframework/security/web/PortMapper.java
+++ b/web/src/main/java/org/springframework/security/web/PortMapper.java
@@ -23,6 +23,7 @@ package org.springframework.security.web;
  * @author Ben Alex
  */
 public interface PortMapper {
+
 	// ~ Methods
 	// ========================================================================================================
 
@@ -31,9 +32,7 @@ public interface PortMapper {
 	 * <P>
 	 * Returns <code>null</code> if unknown.
 	 * </p>
-	 *
 	 * @param httpsPort
-	 *
 	 * @return the HTTP port or <code>null</code> if unknown
 	 */
 	Integer lookupHttpPort(Integer httpsPort);
@@ -43,10 +42,9 @@ public interface PortMapper {
 	 * <P>
 	 * Returns <code>null</code> if unknown.
 	 * </p>
-	 *
 	 * @param httpPort
-	 *
 	 * @return the HTTPS port or <code>null</code> if unknown
 	 */
 	Integer lookupHttpsPort(Integer httpPort);
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/PortMapperImpl.java b/web/src/main/java/org/springframework/security/web/PortMapperImpl.java
index f9144ecd52..3789cad848 100644
--- a/web/src/main/java/org/springframework/security/web/PortMapperImpl.java
+++ b/web/src/main/java/org/springframework/security/web/PortMapperImpl.java
@@ -32,6 +32,7 @@ import org.springframework.util.Assert;
  * @author colin sampaleanu
  */
 public class PortMapperImpl implements PortMapper {
+
 	// ~ Instance fields
 	// ================================================================================================
 
@@ -84,19 +85,16 @@ public class PortMapperImpl implements PortMapper {
 	 *      &lt;/map&gt;
 	 * &lt;/property&gt;
 	 * </pre>
-	 *
 	 * @param newMappings A Map consisting of String keys and String values, where for
 	 * each entry the key is the string representation of an integer HTTP port number, and
 	 * the value is the string representation of the corresponding integer HTTPS port
 	 * number.
-	 *
 	 * @throws IllegalArgumentException if input map does not consist of String keys and
 	 * values, each representing an integer port number in the range 1-65535 for that
 	 * mapping.
 	 */
 	public void setPortMappings(Map<String, String> newMappings) {
-		Assert.notNull(newMappings,
-				"A valid list of HTTPS port mappings must be provided");
+		Assert.notNull(newMappings, "A valid list of HTTPS port mappings must be provided");
 
 		this.httpsPortMappings.clear();
 
@@ -104,11 +102,9 @@ public class PortMapperImpl implements PortMapper {
 			Integer httpPort = Integer.valueOf(entry.getKey());
 			Integer httpsPort = Integer.valueOf(entry.getValue());
 
-			if ((httpPort < 1) || (httpPort > 65535)
-					|| (httpsPort < 1) || (httpsPort > 65535)) {
+			if ((httpPort < 1) || (httpPort > 65535) || (httpsPort < 1) || (httpsPort > 65535)) {
 				throw new IllegalArgumentException(
-						"one or both ports out of legal range: " + httpPort + ", "
-								+ httpsPort);
+						"one or both ports out of legal range: " + httpPort + ", " + httpsPort);
 			}
 
 			this.httpsPortMappings.put(httpPort, httpsPort);
@@ -118,4 +114,5 @@ public class PortMapperImpl implements PortMapper {
 			throw new IllegalArgumentException("must map at least one port");
 		}
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/PortResolver.java b/web/src/main/java/org/springframework/security/web/PortResolver.java
index ca2417f4ad..fcb8432b97 100644
--- a/web/src/main/java/org/springframework/security/web/PortResolver.java
+++ b/web/src/main/java/org/springframework/security/web/PortResolver.java
@@ -30,15 +30,15 @@ import javax.servlet.ServletRequest;
  * @author Ben Alex
  */
 public interface PortResolver {
+
 	// ~ Methods
 	// ========================================================================================================
 
 	/**
 	 * Indicates the port the <code>ServletRequest</code> was received on.
-	 *
 	 * @param request that the method should lookup the port for
-	 *
 	 * @return the port the request was received on
 	 */
 	int getServerPort(ServletRequest request);
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/PortResolverImpl.java b/web/src/main/java/org/springframework/security/web/PortResolverImpl.java
index d77bb353a0..1c297ca15b 100644
--- a/web/src/main/java/org/springframework/security/web/PortResolverImpl.java
+++ b/web/src/main/java/org/springframework/security/web/PortResolverImpl.java
@@ -35,6 +35,7 @@ import javax.servlet.ServletRequest;
  * @author Ben Alex
  */
 public class PortResolverImpl implements PortResolver {
+
 	// ~ Instance fields
 	// ================================================================================================
 
@@ -73,4 +74,5 @@ public class PortResolverImpl implements PortResolver {
 		Assert.notNull(portMapper, "portMapper cannot be null");
 		this.portMapper = portMapper;
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/RedirectStrategy.java b/web/src/main/java/org/springframework/security/web/RedirectStrategy.java
index 7bd0124459..02e311cfc1 100644
--- a/web/src/main/java/org/springframework/security/web/RedirectStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/RedirectStrategy.java
@@ -35,6 +35,6 @@ public interface RedirectStrategy {
 	 * @param response the response to redirect
 	 * @param url the target URL to redirect to, for example "/login"
 	 */
-	void sendRedirect(HttpServletRequest request, HttpServletResponse response, String url)
-			throws IOException;
+	void sendRedirect(HttpServletRequest request, HttpServletResponse response, String url) throws IOException;
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/SecurityFilterChain.java b/web/src/main/java/org/springframework/security/web/SecurityFilterChain.java
index 446de5547c..8ef72b0b67 100644
--- a/web/src/main/java/org/springframework/security/web/SecurityFilterChain.java
+++ b/web/src/main/java/org/springframework/security/web/SecurityFilterChain.java
@@ -25,9 +25,7 @@ import java.util.*;
  * <p>
  * Used to configure a {@code FilterChainProxy}.
  *
- *
  * @author Luke Taylor
- *
  * @since 3.1
  */
 public interface SecurityFilterChain {
@@ -35,4 +33,5 @@ public interface SecurityFilterChain {
 	boolean matches(HttpServletRequest request);
 
 	List<Filter> getFilters();
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/WebAttributes.java b/web/src/main/java/org/springframework/security/web/WebAttributes.java
index e280fb19e4..38ea04be0e 100644
--- a/web/src/main/java/org/springframework/security/web/WebAttributes.java
+++ b/web/src/main/java/org/springframework/security/web/WebAttributes.java
@@ -26,6 +26,7 @@ import org.springframework.security.web.access.WebInvocationPrivilegeEvaluator;
  * @since 3.0.3
  */
 public final class WebAttributes {
+
 	/**
 	 * Used to cache an {@code AccessDeniedException} in the request for rendering.
 	 *
@@ -47,6 +48,7 @@ public final class WebAttributes {
 	 * @see WebInvocationPrivilegeEvaluator
 	 * @since 3.1.3
 	 */
-	public static final String WEB_INVOCATION_PRIVILEGE_EVALUATOR_ATTRIBUTE = WebAttributes.class
-			.getName() + ".WEB_INVOCATION_PRIVILEGE_EVALUATOR_ATTRIBUTE";
+	public static final String WEB_INVOCATION_PRIVILEGE_EVALUATOR_ATTRIBUTE = WebAttributes.class.getName()
+			+ ".WEB_INVOCATION_PRIVILEGE_EVALUATOR_ATTRIBUTE";
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/access/AccessDeniedHandler.java b/web/src/main/java/org/springframework/security/web/access/AccessDeniedHandler.java
index aa40b8deb5..323b0f2bb5 100644
--- a/web/src/main/java/org/springframework/security/web/access/AccessDeniedHandler.java
+++ b/web/src/main/java/org/springframework/security/web/access/AccessDeniedHandler.java
@@ -31,20 +31,19 @@ import javax.servlet.http.HttpServletResponse;
  * @author Ben Alex
  */
 public interface AccessDeniedHandler {
+
 	// ~ Methods
 	// ========================================================================================================
 
 	/**
 	 * Handles an access denied failure.
-	 *
 	 * @param request that resulted in an <code>AccessDeniedException</code>
 	 * @param response so that the user agent can be advised of the failure
 	 * @param accessDeniedException that caused the invocation
-	 *
 	 * @throws IOException in the event of an IOException
 	 * @throws ServletException in the event of a ServletException
 	 */
-	void handle(HttpServletRequest request, HttpServletResponse response,
-			AccessDeniedException accessDeniedException) throws IOException,
-			ServletException;
+	void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException)
+			throws IOException, ServletException;
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/access/AccessDeniedHandlerImpl.java b/web/src/main/java/org/springframework/security/web/access/AccessDeniedHandlerImpl.java
index 742dcb64dc..82f9cc7c59 100644
--- a/web/src/main/java/org/springframework/security/web/access/AccessDeniedHandlerImpl.java
+++ b/web/src/main/java/org/springframework/security/web/access/AccessDeniedHandlerImpl.java
@@ -43,6 +43,7 @@ import org.springframework.security.web.WebAttributes;
  * @author Ben Alex
  */
 public class AccessDeniedHandlerImpl implements AccessDeniedHandler {
+
 	// ~ Static fields/initializers
 	// =====================================================================================
 
@@ -57,13 +58,11 @@ public class AccessDeniedHandlerImpl implements AccessDeniedHandler {
 	// ========================================================================================================
 
 	public void handle(HttpServletRequest request, HttpServletResponse response,
-			AccessDeniedException accessDeniedException) throws IOException,
-			ServletException {
+			AccessDeniedException accessDeniedException) throws IOException, ServletException {
 		if (!response.isCommitted()) {
 			if (errorPage != null) {
 				// Put exception into request scope (perhaps of use to a view)
-				request.setAttribute(WebAttributes.ACCESS_DENIED_403,
-						accessDeniedException);
+				request.setAttribute(WebAttributes.ACCESS_DENIED_403, accessDeniedException);
 
 				// Set the 403 status code.
 				response.setStatus(HttpStatus.FORBIDDEN.value());
@@ -73,8 +72,7 @@ public class AccessDeniedHandlerImpl implements AccessDeniedHandler {
 				dispatcher.forward(request, response);
 			}
 			else {
-				response.sendError(HttpStatus.FORBIDDEN.value(),
-					HttpStatus.FORBIDDEN.getReasonPhrase());
+				response.sendError(HttpStatus.FORBIDDEN.value(), HttpStatus.FORBIDDEN.getReasonPhrase());
 			}
 		}
 	}
@@ -82,9 +80,7 @@ public class AccessDeniedHandlerImpl implements AccessDeniedHandler {
 	/**
 	 * The error page to use. Must begin with a "/" and is interpreted relative to the
 	 * current context root.
-	 *
 	 * @param errorPage the dispatcher path to display
-	 *
 	 * @throws IllegalArgumentException if the argument doesn't comply with the above
 	 * limitations
 	 */
@@ -95,4 +91,5 @@ public class AccessDeniedHandlerImpl implements AccessDeniedHandler {
 
 		this.errorPage = errorPage;
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/access/DefaultWebInvocationPrivilegeEvaluator.java b/web/src/main/java/org/springframework/security/web/access/DefaultWebInvocationPrivilegeEvaluator.java
index 229eeb749a..6bbc035266 100644
--- a/web/src/main/java/org/springframework/security/web/access/DefaultWebInvocationPrivilegeEvaluator.java
+++ b/web/src/main/java/org/springframework/security/web/access/DefaultWebInvocationPrivilegeEvaluator.java
@@ -34,13 +34,12 @@ import org.springframework.util.Assert;
  * @author Luke Taylor
  * @since 3.0
  */
-public class DefaultWebInvocationPrivilegeEvaluator implements
-		WebInvocationPrivilegeEvaluator {
+public class DefaultWebInvocationPrivilegeEvaluator implements WebInvocationPrivilegeEvaluator {
+
 	// ~ Static fields/initializers
 	// =====================================================================================
 
-	protected static final Log logger = LogFactory
-			.getLog(DefaultWebInvocationPrivilegeEvaluator.class);
+	protected static final Log logger = LogFactory.getLog(DefaultWebInvocationPrivilegeEvaluator.class);
 
 	// ~ Instance fields
 	// ================================================================================================
@@ -50,11 +49,9 @@ public class DefaultWebInvocationPrivilegeEvaluator implements
 	// ~ Constructors
 	// ===================================================================================================
 
-	public DefaultWebInvocationPrivilegeEvaluator(
-			AbstractSecurityInterceptor securityInterceptor) {
+	public DefaultWebInvocationPrivilegeEvaluator(AbstractSecurityInterceptor securityInterceptor) {
 		Assert.notNull(securityInterceptor, "SecurityInterceptor cannot be null");
-		Assert.isTrue(
-				FilterInvocation.class.equals(securityInterceptor.getSecureObjectClass()),
+		Assert.isTrue(FilterInvocation.class.equals(securityInterceptor.getSecureObjectClass()),
 				"AbstractSecurityInterceptor does not support FilterInvocations");
 		Assert.notNull(securityInterceptor.getAccessDecisionManager(),
 				"AbstractSecurityInterceptor must provide a non-null AccessDecisionManager");
@@ -68,7 +65,6 @@ public class DefaultWebInvocationPrivilegeEvaluator implements
 	/**
 	 * Determines whether the user represented by the supplied <tt>Authentication</tt>
 	 * object is allowed to invoke the supplied URI.
-	 *
 	 * @param uri the URI excluding the context path (a default context path setting will
 	 * be used)
 	 */
@@ -85,7 +81,6 @@ public class DefaultWebInvocationPrivilegeEvaluator implements
 	 * metadata applies to a given request URI, so generally the <code>contextPath</code>
 	 * is unimportant unless you are using a custom
 	 * <code>FilterInvocationSecurityMetadataSource</code>.
-	 *
 	 * @param uri the URI excluding the context path
 	 * @param contextPath the context path (may be null, in which case a default value
 	 * will be used).
@@ -94,13 +89,11 @@ public class DefaultWebInvocationPrivilegeEvaluator implements
 	 * be used in evaluation whether access should be granted.
 	 * @return true if access is allowed, false if denied
 	 */
-	public boolean isAllowed(String contextPath, String uri, String method,
-			Authentication authentication) {
+	public boolean isAllowed(String contextPath, String uri, String method, Authentication authentication) {
 		Assert.notNull(uri, "uri parameter is required");
 
 		FilterInvocation fi = new FilterInvocation(contextPath, uri, method);
-		Collection<ConfigAttribute> attrs = securityInterceptor
-				.obtainSecurityMetadataSource().getAttributes(fi);
+		Collection<ConfigAttribute> attrs = securityInterceptor.obtainSecurityMetadataSource().getAttributes(fi);
 
 		if (attrs == null) {
 			if (securityInterceptor.isRejectPublicInvocations()) {
@@ -115,13 +108,11 @@ public class DefaultWebInvocationPrivilegeEvaluator implements
 		}
 
 		try {
-			securityInterceptor.getAccessDecisionManager().decide(authentication, fi,
-					attrs);
+			securityInterceptor.getAccessDecisionManager().decide(authentication, fi, attrs);
 		}
 		catch (AccessDeniedException unauthorized) {
 			if (logger.isDebugEnabled()) {
-				logger.debug(fi.toString() + " denied for " + authentication.toString(),
-						unauthorized);
+				logger.debug(fi.toString() + " denied for " + authentication.toString(), unauthorized);
 			}
 
 			return false;
@@ -129,4 +120,5 @@ public class DefaultWebInvocationPrivilegeEvaluator implements
 
 		return true;
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/access/DelegatingAccessDeniedHandler.java b/web/src/main/java/org/springframework/security/web/access/DelegatingAccessDeniedHandler.java
index bb4a33a052..812edbcd92 100644
--- a/web/src/main/java/org/springframework/security/web/access/DelegatingAccessDeniedHandler.java
+++ b/web/src/main/java/org/springframework/security/web/access/DelegatingAccessDeniedHandler.java
@@ -36,13 +36,13 @@ import org.springframework.util.Assert;
  *
  */
 public final class DelegatingAccessDeniedHandler implements AccessDeniedHandler {
+
 	private final LinkedHashMap<Class<? extends AccessDeniedException>, AccessDeniedHandler> handlers;
 
 	private final AccessDeniedHandler defaultHandler;
 
 	/**
 	 * Creates a new instance
-	 *
 	 * @param handlers a map of the {@link AccessDeniedException} class to the
 	 * {@link AccessDeniedHandler} that should be used. Each is considered in the order
 	 * they are specified and only the first {@link AccessDeniedHandler} is ued.
@@ -59,10 +59,8 @@ public final class DelegatingAccessDeniedHandler implements AccessDeniedHandler
 	}
 
 	public void handle(HttpServletRequest request, HttpServletResponse response,
-			AccessDeniedException accessDeniedException) throws IOException,
-			ServletException {
-		for (Entry<Class<? extends AccessDeniedException>, AccessDeniedHandler> entry : handlers
-				.entrySet()) {
+			AccessDeniedException accessDeniedException) throws IOException, ServletException {
+		for (Entry<Class<? extends AccessDeniedException>, AccessDeniedHandler> entry : handlers.entrySet()) {
 			Class<? extends AccessDeniedException> handlerClass = entry.getKey();
 			if (handlerClass.isAssignableFrom(accessDeniedException.getClass())) {
 				AccessDeniedHandler handler = entry.getValue();
diff --git a/web/src/main/java/org/springframework/security/web/access/ExceptionTranslationFilter.java b/web/src/main/java/org/springframework/security/web/access/ExceptionTranslationFilter.java
index 3e3345250c..91fc60bedc 100644
--- a/web/src/main/java/org/springframework/security/web/access/ExceptionTranslationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/access/ExceptionTranslationFilter.java
@@ -58,13 +58,15 @@ import java.io.IOException;
  * <code>authenticationEntryPoint</code> will be launched. If they are not an anonymous
  * user, the filter will delegate to the
  * {@link org.springframework.security.web.access.AccessDeniedHandler}. By default the
- * filter will use {@link org.springframework.security.web.access.AccessDeniedHandlerImpl}.
+ * filter will use
+ * {@link org.springframework.security.web.access.AccessDeniedHandlerImpl}.
  * <p>
  * To use this filter, it is necessary to specify the following properties:
  * <ul>
  * <li><code>authenticationEntryPoint</code> indicates the handler that should commence
  * the authentication process if an <code>AuthenticationException</code> is detected. Note
- * that this may also switch the current protocol from http to https for an SSL login.</li>
+ * that this may also switch the current protocol from http to https for an SSL
+ * login.</li>
  * <li><tt>requestCache</tt> determines the strategy used to save a request during the
  * authentication process in order that it may be retrieved and reused once the user has
  * authenticated. The default implementation is {@link HttpSessionRequestCache}.</li>
@@ -79,8 +81,11 @@ public class ExceptionTranslationFilter extends GenericFilterBean {
 	// ================================================================================================
 
 	private AccessDeniedHandler accessDeniedHandler = new AccessDeniedHandlerImpl();
+
 	private AuthenticationEntryPoint authenticationEntryPoint;
+
 	private AuthenticationTrustResolver authenticationTrustResolver = new AuthenticationTrustResolverImpl();
+
 	private ThrowableAnalyzer throwableAnalyzer = new DefaultThrowableAnalyzer();
 
 	private RequestCache requestCache = new HttpSessionRequestCache();
@@ -91,10 +96,8 @@ public class ExceptionTranslationFilter extends GenericFilterBean {
 		this(authenticationEntryPoint, new HttpSessionRequestCache());
 	}
 
-	public ExceptionTranslationFilter(AuthenticationEntryPoint authenticationEntryPoint,
-			RequestCache requestCache) {
-		Assert.notNull(authenticationEntryPoint,
-				"authenticationEntryPoint cannot be null");
+	public ExceptionTranslationFilter(AuthenticationEntryPoint authenticationEntryPoint, RequestCache requestCache) {
+		Assert.notNull(authenticationEntryPoint, "authenticationEntryPoint cannot be null");
 		Assert.notNull(requestCache, "requestCache cannot be null");
 		this.authenticationEntryPoint = authenticationEntryPoint;
 		this.requestCache = requestCache;
@@ -105,8 +108,7 @@ public class ExceptionTranslationFilter extends GenericFilterBean {
 
 	@Override
 	public void afterPropertiesSet() {
-		Assert.notNull(authenticationEntryPoint,
-				"authenticationEntryPoint must be specified");
+		Assert.notNull(authenticationEntryPoint, "authenticationEntryPoint must be specified");
 	}
 
 	public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
@@ -129,13 +131,15 @@ public class ExceptionTranslationFilter extends GenericFilterBean {
 					.getFirstThrowableOfType(AuthenticationException.class, causeChain);
 
 			if (ase == null) {
-				ase = (AccessDeniedException) throwableAnalyzer.getFirstThrowableOfType(
-						AccessDeniedException.class, causeChain);
+				ase = (AccessDeniedException) throwableAnalyzer.getFirstThrowableOfType(AccessDeniedException.class,
+						causeChain);
 			}
 
 			if (ase != null) {
 				if (response.isCommitted()) {
-					throw new ServletException("Unable to handle the Spring Security Exception because the response is already committed.", ex);
+					throw new ServletException(
+							"Unable to handle the Spring Security Exception because the response is already committed.",
+							ex);
 				}
 				handleSpringSecurityException(request, response, chain, ase);
 			}
@@ -163,46 +167,35 @@ public class ExceptionTranslationFilter extends GenericFilterBean {
 		return authenticationTrustResolver;
 	}
 
-	private void handleSpringSecurityException(HttpServletRequest request,
-			HttpServletResponse response, FilterChain chain, RuntimeException exception)
-			throws IOException, ServletException {
+	private void handleSpringSecurityException(HttpServletRequest request, HttpServletResponse response,
+			FilterChain chain, RuntimeException exception) throws IOException, ServletException {
 		if (exception instanceof AuthenticationException) {
-			logger.debug(
-					"Authentication exception occurred; redirecting to authentication entry point",
-					exception);
+			logger.debug("Authentication exception occurred; redirecting to authentication entry point", exception);
 
-			sendStartAuthentication(request, response, chain,
-					(AuthenticationException) exception);
+			sendStartAuthentication(request, response, chain, (AuthenticationException) exception);
 		}
 		else if (exception instanceof AccessDeniedException) {
 			Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
-			if (authenticationTrustResolver.isAnonymous(authentication) || authenticationTrustResolver.isRememberMe(authentication)) {
-				logger.debug(
-						"Access is denied (user is " + (authenticationTrustResolver.isAnonymous(authentication) ? "anonymous" : "not fully authenticated") + "); redirecting to authentication entry point",
+			if (authenticationTrustResolver.isAnonymous(authentication)
+					|| authenticationTrustResolver.isRememberMe(authentication)) {
+				logger.debug("Access is denied (user is " + (authenticationTrustResolver.isAnonymous(authentication)
+						? "anonymous" : "not fully authenticated") + "); redirecting to authentication entry point",
 						exception);
 
-				sendStartAuthentication(
-						request,
-						response,
-						chain,
+				sendStartAuthentication(request, response, chain,
 						new InsufficientAuthenticationException(
-							messages.getMessage(
-								"ExceptionTranslationFilter.insufficientAuthentication",
-								"Full authentication is required to access this resource")));
+								messages.getMessage("ExceptionTranslationFilter.insufficientAuthentication",
+										"Full authentication is required to access this resource")));
 			}
 			else {
-				logger.debug(
-						"Access is denied (user is not anonymous); delegating to AccessDeniedHandler",
-						exception);
+				logger.debug("Access is denied (user is not anonymous); delegating to AccessDeniedHandler", exception);
 
-				accessDeniedHandler.handle(request, response,
-						(AccessDeniedException) exception);
+				accessDeniedHandler.handle(request, response, (AccessDeniedException) exception);
 			}
 		}
 	}
 
-	protected void sendStartAuthentication(HttpServletRequest request,
-			HttpServletResponse response, FilterChain chain,
+	protected void sendStartAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain,
 			AuthenticationException reason) throws ServletException, IOException {
 		// SEC-112: Clear the SecurityContextHolder's Authentication, as the
 		// existing Authentication is no longer considered valid
@@ -217,10 +210,8 @@ public class ExceptionTranslationFilter extends GenericFilterBean {
 		this.accessDeniedHandler = accessDeniedHandler;
 	}
 
-	public void setAuthenticationTrustResolver(
-			AuthenticationTrustResolver authenticationTrustResolver) {
-		Assert.notNull(authenticationTrustResolver,
-				"authenticationTrustResolver must not be null");
+	public void setAuthenticationTrustResolver(AuthenticationTrustResolver authenticationTrustResolver) {
+		Assert.notNull(authenticationTrustResolver, "authenticationTrustResolver must not be null");
 		this.authenticationTrustResolver = authenticationTrustResolver;
 	}
 
@@ -234,6 +225,7 @@ public class ExceptionTranslationFilter extends GenericFilterBean {
 	 * unwrapping <code>ServletException</code>s.
 	 */
 	private static final class DefaultThrowableAnalyzer extends ThrowableAnalyzer {
+
 		/**
 		 * @see org.springframework.security.web.util.ThrowableAnalyzer#initExtractorMap()
 		 */
@@ -241,8 +233,7 @@ public class ExceptionTranslationFilter extends GenericFilterBean {
 			super.initExtractorMap();
 
 			registerExtractor(ServletException.class, throwable -> {
-				ThrowableAnalyzer.verifyThrowableHierarchy(throwable,
-						ServletException.class);
+				ThrowableAnalyzer.verifyThrowableHierarchy(throwable, ServletException.class);
 				return ((ServletException) throwable).getRootCause();
 			});
 		}
diff --git a/web/src/main/java/org/springframework/security/web/access/RequestMatcherDelegatingAccessDeniedHandler.java b/web/src/main/java/org/springframework/security/web/access/RequestMatcherDelegatingAccessDeniedHandler.java
index 8805f22592..1cb2835ffc 100644
--- a/web/src/main/java/org/springframework/security/web/access/RequestMatcherDelegatingAccessDeniedHandler.java
+++ b/web/src/main/java/org/springframework/security/web/access/RequestMatcherDelegatingAccessDeniedHandler.java
@@ -36,21 +36,20 @@ import org.springframework.util.Assert;
  *
  */
 public final class RequestMatcherDelegatingAccessDeniedHandler implements AccessDeniedHandler {
+
 	private final LinkedHashMap<RequestMatcher, AccessDeniedHandler> handlers;
 
 	private final AccessDeniedHandler defaultHandler;
 
 	/**
 	 * Creates a new instance
-	 *
-	 * @param handlers a map of {@link RequestMatcher}s to
-	 * {@link AccessDeniedHandler}s that should be used. Each is considered in the order
-	 * they are specified and only the first {@link AccessDeniedHandler} is used.
+	 * @param handlers a map of {@link RequestMatcher}s to {@link AccessDeniedHandler}s
+	 * that should be used. Each is considered in the order they are specified and only
+	 * the first {@link AccessDeniedHandler} is used.
 	 * @param defaultHandler the default {@link AccessDeniedHandler} that should be used
 	 * if none of the matchers match.
 	 */
-	public RequestMatcherDelegatingAccessDeniedHandler(
-			LinkedHashMap<RequestMatcher, AccessDeniedHandler> handlers,
+	public RequestMatcherDelegatingAccessDeniedHandler(LinkedHashMap<RequestMatcher, AccessDeniedHandler> handlers,
 			AccessDeniedHandler defaultHandler) {
 		Assert.notEmpty(handlers, "handlers cannot be null or empty");
 		Assert.notNull(defaultHandler, "defaultHandler cannot be null");
@@ -59,10 +58,8 @@ public final class RequestMatcherDelegatingAccessDeniedHandler implements Access
 	}
 
 	public void handle(HttpServletRequest request, HttpServletResponse response,
-			AccessDeniedException accessDeniedException) throws IOException,
-			ServletException {
-		for (Entry<RequestMatcher, AccessDeniedHandler> entry : this.handlers
-				.entrySet()) {
+			AccessDeniedException accessDeniedException) throws IOException, ServletException {
+		for (Entry<RequestMatcher, AccessDeniedHandler> entry : this.handlers.entrySet()) {
 			RequestMatcher matcher = entry.getKey();
 			if (matcher.matches(request)) {
 				AccessDeniedHandler handler = entry.getValue();
diff --git a/web/src/main/java/org/springframework/security/web/access/WebInvocationPrivilegeEvaluator.java b/web/src/main/java/org/springframework/security/web/access/WebInvocationPrivilegeEvaluator.java
index 8cfb892b0f..521346ef2f 100644
--- a/web/src/main/java/org/springframework/security/web/access/WebInvocationPrivilegeEvaluator.java
+++ b/web/src/main/java/org/springframework/security/web/access/WebInvocationPrivilegeEvaluator.java
@@ -29,7 +29,6 @@ public interface WebInvocationPrivilegeEvaluator {
 	/**
 	 * Determines whether the user represented by the supplied <tt>Authentication</tt>
 	 * object is allowed to invoke the supplied URI.
-	 *
 	 * @param uri the URI excluding the context path (a default context path setting will
 	 * be used)
 	 */
@@ -44,7 +43,6 @@ public interface WebInvocationPrivilegeEvaluator {
 	 * metadata applies to a given request URI, so generally the <code>contextPath</code>
 	 * is unimportant unless you are using a custom
 	 * <code>FilterInvocationSecurityMetadataSource</code>.
-	 *
 	 * @param uri the URI excluding the context path
 	 * @param contextPath the context path (may be null).
 	 * @param method the HTTP method (or null, for any method)
@@ -53,4 +51,5 @@ public interface WebInvocationPrivilegeEvaluator {
 	 * @return true if access is allowed, false if denied
 	 */
 	boolean isAllowed(String contextPath, String uri, String method, Authentication authentication);
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/access/channel/AbstractRetryEntryPoint.java b/web/src/main/java/org/springframework/security/web/access/channel/AbstractRetryEntryPoint.java
index 99fdeb532e..527b523969 100644
--- a/web/src/main/java/org/springframework/security/web/access/channel/AbstractRetryEntryPoint.java
+++ b/web/src/main/java/org/springframework/security/web/access/channel/AbstractRetryEntryPoint.java
@@ -29,6 +29,7 @@ import java.io.IOException;
  * @author Luke Taylor
  */
 public abstract class AbstractRetryEntryPoint implements ChannelEntryPoint {
+
 	// ~ Static fields/initializers
 	// =====================================================================================
 	protected final Log logger = LogFactory.getLog(getClass());
@@ -37,9 +38,12 @@ public abstract class AbstractRetryEntryPoint implements ChannelEntryPoint {
 	// ================================================================================================
 
 	private PortMapper portMapper = new PortMapperImpl();
+
 	private PortResolver portResolver = new PortResolverImpl();
+
 	/** The scheme ("http://" or "https://") */
 	private final String scheme;
+
 	/** The standard port for the scheme (80 for http, 443 for https) */
 	private final int standardPort;
 
@@ -56,11 +60,9 @@ public abstract class AbstractRetryEntryPoint implements ChannelEntryPoint {
 	// ~ Methods
 	// ========================================================================================================
 
-	public void commence(HttpServletRequest request, HttpServletResponse response)
-			throws IOException {
+	public void commence(HttpServletRequest request, HttpServletResponse response) throws IOException {
 		String queryString = request.getQueryString();
-		String redirectUrl = request.getRequestURI()
-				+ ((queryString == null) ? "" : ("?" + queryString));
+		String redirectUrl = request.getRequestURI() + ((queryString == null) ? "" : ("?" + queryString));
 
 		Integer currentPort = portResolver.getServerPort(request);
 		Integer redirectPort = getMappedPort(currentPort);
@@ -68,8 +70,7 @@ public abstract class AbstractRetryEntryPoint implements ChannelEntryPoint {
 		if (redirectPort != null) {
 			boolean includePort = redirectPort != standardPort;
 
-			redirectUrl = scheme + request.getServerName()
-					+ ((includePort) ? (":" + redirectPort) : "") + redirectUrl;
+			redirectUrl = scheme + request.getServerName() + ((includePort) ? (":" + redirectPort) : "") + redirectUrl;
 		}
 
 		if (logger.isDebugEnabled()) {
@@ -102,7 +103,6 @@ public abstract class AbstractRetryEntryPoint implements ChannelEntryPoint {
 	/**
 	 * Sets the strategy to be used for redirecting to the required channel URL. A
 	 * {@code DefaultRedirectStrategy} instance will be used if not set.
-	 *
 	 * @param redirectStrategy the strategy instance to which the URL will be passed.
 	 */
 	public void setRedirectStrategy(RedirectStrategy redirectStrategy) {
@@ -113,4 +113,5 @@ public abstract class AbstractRetryEntryPoint implements ChannelEntryPoint {
 	protected final RedirectStrategy getRedirectStrategy() {
 		return redirectStrategy;
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/access/channel/ChannelDecisionManager.java b/web/src/main/java/org/springframework/security/web/access/channel/ChannelDecisionManager.java
index 77a4af4906..b9488a1245 100644
--- a/web/src/main/java/org/springframework/security/web/access/channel/ChannelDecisionManager.java
+++ b/web/src/main/java/org/springframework/security/web/access/channel/ChannelDecisionManager.java
@@ -30,6 +30,7 @@ import javax.servlet.ServletException;
  * @author Ben Alex
  */
 public interface ChannelDecisionManager {
+
 	// ~ Methods
 	// ========================================================================================================
 
@@ -38,8 +39,7 @@ public interface ChannelDecisionManager {
 	 * level of channel security based on the requested list of <tt>ConfigAttribute</tt>s.
 	 *
 	 */
-	void decide(FilterInvocation invocation, Collection<ConfigAttribute> config)
-			throws IOException, ServletException;
+	void decide(FilterInvocation invocation, Collection<ConfigAttribute> config) throws IOException, ServletException;
 
 	/**
 	 * Indicates whether this <code>ChannelDecisionManager</code> is able to process the
@@ -48,12 +48,11 @@ public interface ChannelDecisionManager {
 	 * This allows the <code>ChannelProcessingFilter</code> to check every configuration
 	 * attribute can be consumed by the configured <code>ChannelDecisionManager</code>.
 	 * </p>
-	 *
 	 * @param attribute a configuration attribute that has been configured against the
 	 * <code>ChannelProcessingFilter</code>
-	 *
 	 * @return true if this <code>ChannelDecisionManager</code> can support the passed
 	 * configuration attribute
 	 */
 	boolean supports(ConfigAttribute attribute);
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/access/channel/ChannelDecisionManagerImpl.java b/web/src/main/java/org/springframework/security/web/access/channel/ChannelDecisionManagerImpl.java
index 07c5f66b88..8df5074ad1 100644
--- a/web/src/main/java/org/springframework/security/web/access/channel/ChannelDecisionManagerImpl.java
+++ b/web/src/main/java/org/springframework/security/web/access/channel/ChannelDecisionManagerImpl.java
@@ -47,8 +47,7 @@ import javax.servlet.ServletException;
  *
  * @author Ben Alex
  */
-public class ChannelDecisionManagerImpl implements ChannelDecisionManager,
-		InitializingBean {
+public class ChannelDecisionManagerImpl implements ChannelDecisionManager, InitializingBean {
 
 	public static final String ANY_CHANNEL = "ANY_CHANNEL";
 
@@ -91,9 +90,8 @@ public class ChannelDecisionManagerImpl implements ChannelDecisionManager,
 		channelProcessors = new ArrayList<>(newList.size());
 
 		for (Object currentObject : newList) {
-			Assert.isInstanceOf(ChannelProcessor.class, currentObject,
-					() -> "ChannelProcessor " + currentObject.getClass().getName()
-							+ " must implement ChannelProcessor");
+			Assert.isInstanceOf(ChannelProcessor.class, currentObject, () -> "ChannelProcessor "
+					+ currentObject.getClass().getName() + " must implement ChannelProcessor");
 			channelProcessors.add((ChannelProcessor) currentObject);
 		}
 	}
@@ -111,4 +109,5 @@ public class ChannelDecisionManagerImpl implements ChannelDecisionManager,
 
 		return false;
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/access/channel/ChannelEntryPoint.java b/web/src/main/java/org/springframework/security/web/access/channel/ChannelEntryPoint.java
index b6fa10e0e8..334948eaed 100644
--- a/web/src/main/java/org/springframework/security/web/access/channel/ChannelEntryPoint.java
+++ b/web/src/main/java/org/springframework/security/web/access/channel/ChannelEntryPoint.java
@@ -32,6 +32,7 @@ import javax.servlet.http.HttpServletResponse;
  * @author Ben Alex
  */
 public interface ChannelEntryPoint {
+
 	// ~ Methods
 	// ========================================================================================================
 
@@ -41,11 +42,10 @@ public interface ChannelEntryPoint {
 	 * Implementations should modify the headers on the <code>ServletResponse</code> as
 	 * necessary to commence the user agent using the implementation's supported channel
 	 * type.
-	 *
 	 * @param request that a <code>ChannelProcessor</code> has rejected
 	 * @param response so that the user agent can begin using a new channel
 	 *
 	 */
-	void commence(HttpServletRequest request, HttpServletResponse response)
-			throws IOException, ServletException;
+	void commence(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException;
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/access/channel/ChannelProcessingFilter.java b/web/src/main/java/org/springframework/security/web/access/channel/ChannelProcessingFilter.java
index 5fce1973d6..c47aae6930 100644
--- a/web/src/main/java/org/springframework/security/web/access/channel/ChannelProcessingFilter.java
+++ b/web/src/main/java/org/springframework/security/web/access/channel/ChannelProcessingFilter.java
@@ -89,6 +89,7 @@ public class ChannelProcessingFilter extends GenericFilterBean {
 	// ================================================================================================
 
 	private ChannelDecisionManager channelDecisionManager;
+
 	private FilterInvocationSecurityMetadataSource securityMetadataSource;
 
 	// ~ Methods
@@ -96,18 +97,15 @@ public class ChannelProcessingFilter extends GenericFilterBean {
 
 	@Override
 	public void afterPropertiesSet() {
-		Assert.notNull(this.securityMetadataSource,
-				"securityMetadataSource must be specified");
-		Assert.notNull(this.channelDecisionManager,
-				"channelDecisionManager must be specified");
+		Assert.notNull(this.securityMetadataSource, "securityMetadataSource must be specified");
+		Assert.notNull(this.channelDecisionManager, "channelDecisionManager must be specified");
 
-		Collection<ConfigAttribute> attrDefs = this.securityMetadataSource
-				.getAllConfigAttributes();
+		Collection<ConfigAttribute> attrDefs = this.securityMetadataSource.getAllConfigAttributes();
 
 		if (attrDefs == null) {
 			if (this.logger.isWarnEnabled()) {
-				this.logger
-						.warn("Could not validate configuration attributes as the FilterInvocationSecurityMetadataSource did "
+				this.logger.warn(
+						"Could not validate configuration attributes as the FilterInvocationSecurityMetadataSource did "
 								+ "not return any attributes");
 			}
 
@@ -128,8 +126,7 @@ public class ChannelProcessingFilter extends GenericFilterBean {
 			}
 		}
 		else {
-			throw new IllegalArgumentException(
-					"Unsupported configuration attributes: " + unsupportedAttributes);
+			throw new IllegalArgumentException("Unsupported configuration attributes: " + unsupportedAttributes);
 		}
 	}
 
@@ -143,8 +140,7 @@ public class ChannelProcessingFilter extends GenericFilterBean {
 
 		if (attr != null) {
 			if (this.logger.isDebugEnabled()) {
-				this.logger.debug(
-						"Request: " + fi.toString() + "; ConfigAttributes: " + attr);
+				this.logger.debug("Request: " + fi.toString() + "; ConfigAttributes: " + attr);
 			}
 
 			this.channelDecisionManager.decide(fi, attr);
@@ -173,4 +169,5 @@ public class ChannelProcessingFilter extends GenericFilterBean {
 			FilterInvocationSecurityMetadataSource filterInvocationSecurityMetadataSource) {
 		this.securityMetadataSource = filterInvocationSecurityMetadataSource;
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/access/channel/ChannelProcessor.java b/web/src/main/java/org/springframework/security/web/access/channel/ChannelProcessor.java
index 931c756cea..915699442d 100644
--- a/web/src/main/java/org/springframework/security/web/access/channel/ChannelProcessor.java
+++ b/web/src/main/java/org/springframework/security/web/access/channel/ChannelProcessor.java
@@ -36,6 +36,7 @@ import javax.servlet.ServletException;
  * @author Ben Alex
  */
 public interface ChannelProcessor {
+
 	// ~ Methods
 	// ========================================================================================================
 
@@ -44,8 +45,7 @@ public interface ChannelProcessor {
 	 * level of channel security based on the requested list of <tt>ConfigAttribute</tt>s.
 	 *
 	 */
-	void decide(FilterInvocation invocation, Collection<ConfigAttribute> config)
-			throws IOException, ServletException;
+	void decide(FilterInvocation invocation, Collection<ConfigAttribute> config) throws IOException, ServletException;
 
 	/**
 	 * Indicates whether this <code>ChannelProcessor</code> is able to process the passed
@@ -53,12 +53,11 @@ public interface ChannelProcessor {
 	 * <p>
 	 * This allows the <code>ChannelProcessingFilter</code> to check every configuration
 	 * attribute can be consumed by the configured <code>ChannelDecisionManager</code>.
-	 *
 	 * @param attribute a configuration attribute that has been configured against the
 	 * <tt>ChannelProcessingFilter</tt>.
-	 *
 	 * @return true if this <code>ChannelProcessor</code> can support the passed
 	 * configuration attribute
 	 */
 	boolean supports(ConfigAttribute attribute);
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/access/channel/InsecureChannelProcessor.java b/web/src/main/java/org/springframework/security/web/access/channel/InsecureChannelProcessor.java
index 9130ef3748..8ccb57c29b 100644
--- a/web/src/main/java/org/springframework/security/web/access/channel/InsecureChannelProcessor.java
+++ b/web/src/main/java/org/springframework/security/web/access/channel/InsecureChannelProcessor.java
@@ -41,10 +41,12 @@ import org.springframework.util.Assert;
  * @author Ben Alex
  */
 public class InsecureChannelProcessor implements InitializingBean, ChannelProcessor {
+
 	// ~ Instance fields
 	// ================================================================================================
 
 	private ChannelEntryPoint entryPoint = new RetryWithHttpEntryPoint();
+
 	private String insecureKeyword = "REQUIRES_INSECURE_CHANNEL";
 
 	// ~ Methods
@@ -64,8 +66,7 @@ public class InsecureChannelProcessor implements InitializingBean, ChannelProces
 		for (ConfigAttribute attribute : config) {
 			if (supports(attribute)) {
 				if (invocation.getHttpRequest().isSecure()) {
-					entryPoint
-							.commence(invocation.getRequest(), invocation.getResponse());
+					entryPoint.commence(invocation.getRequest(), invocation.getResponse());
 				}
 			}
 		}
@@ -91,4 +92,5 @@ public class InsecureChannelProcessor implements InitializingBean, ChannelProces
 		return (attribute != null) && (attribute.getAttribute() != null)
 				&& attribute.getAttribute().equals(getInsecureKeyword());
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/access/channel/RetryWithHttpEntryPoint.java b/web/src/main/java/org/springframework/security/web/access/channel/RetryWithHttpEntryPoint.java
index 7d1302aa6b..40736ba17c 100644
--- a/web/src/main/java/org/springframework/security/web/access/channel/RetryWithHttpEntryPoint.java
+++ b/web/src/main/java/org/springframework/security/web/access/channel/RetryWithHttpEntryPoint.java
@@ -34,4 +34,5 @@ public class RetryWithHttpEntryPoint extends AbstractRetryEntryPoint {
 	protected Integer getMappedPort(Integer mapFromPort) {
 		return getPortMapper().lookupHttpPort(mapFromPort);
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/access/channel/RetryWithHttpsEntryPoint.java b/web/src/main/java/org/springframework/security/web/access/channel/RetryWithHttpsEntryPoint.java
index 9cb5c97836..b24d4ba6e0 100644
--- a/web/src/main/java/org/springframework/security/web/access/channel/RetryWithHttpsEntryPoint.java
+++ b/web/src/main/java/org/springframework/security/web/access/channel/RetryWithHttpsEntryPoint.java
@@ -35,4 +35,5 @@ public class RetryWithHttpsEntryPoint extends AbstractRetryEntryPoint {
 	protected Integer getMappedPort(Integer mapFromPort) {
 		return getPortMapper().lookupHttpsPort(mapFromPort);
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/access/channel/SecureChannelProcessor.java b/web/src/main/java/org/springframework/security/web/access/channel/SecureChannelProcessor.java
index ea6d1b577f..0b32d736d3 100644
--- a/web/src/main/java/org/springframework/security/web/access/channel/SecureChannelProcessor.java
+++ b/web/src/main/java/org/springframework/security/web/access/channel/SecureChannelProcessor.java
@@ -41,10 +41,12 @@ import org.springframework.util.Assert;
  * @author Ben Alex
  */
 public class SecureChannelProcessor implements InitializingBean, ChannelProcessor {
+
 	// ~ Instance fields
 	// ================================================================================================
 
 	private ChannelEntryPoint entryPoint = new RetryWithHttpsEntryPoint();
+
 	private String secureKeyword = "REQUIRES_SECURE_CHANNEL";
 
 	// ~ Methods
@@ -57,14 +59,12 @@ public class SecureChannelProcessor implements InitializingBean, ChannelProcesso
 
 	public void decide(FilterInvocation invocation, Collection<ConfigAttribute> config)
 			throws IOException, ServletException {
-		Assert.isTrue((invocation != null) && (config != null),
-				"Nulls cannot be provided");
+		Assert.isTrue((invocation != null) && (config != null), "Nulls cannot be provided");
 
 		for (ConfigAttribute attribute : config) {
 			if (supports(attribute)) {
 				if (!invocation.getHttpRequest().isSecure()) {
-					entryPoint
-							.commence(invocation.getRequest(), invocation.getResponse());
+					entryPoint.commence(invocation.getRequest(), invocation.getResponse());
 				}
 			}
 		}
@@ -90,4 +90,5 @@ public class SecureChannelProcessor implements InitializingBean, ChannelProcesso
 		return (attribute != null) && (attribute.getAttribute() != null)
 				&& attribute.getAttribute().equals(getSecureKeyword());
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/access/channel/package-info.java b/web/src/main/java/org/springframework/security/web/access/channel/package-info.java
index cbf375d6e5..342266d508 100644
--- a/web/src/main/java/org/springframework/security/web/access/channel/package-info.java
+++ b/web/src/main/java/org/springframework/security/web/access/channel/package-info.java
@@ -19,4 +19,3 @@
  * Most commonly used to enforce that requests are submitted over HTTP or HTTPS.
  */
 package org.springframework.security.web.access.channel;
-
diff --git a/web/src/main/java/org/springframework/security/web/access/expression/AbstractVariableEvaluationContextPostProcessor.java b/web/src/main/java/org/springframework/security/web/access/expression/AbstractVariableEvaluationContextPostProcessor.java
index b7b5354a47..202a8321ed 100644
--- a/web/src/main/java/org/springframework/security/web/access/expression/AbstractVariableEvaluationContextPostProcessor.java
+++ b/web/src/main/java/org/springframework/security/web/access/expression/AbstractVariableEvaluationContextPostProcessor.java
@@ -39,8 +39,7 @@ abstract class AbstractVariableEvaluationContextPostProcessor
 		implements EvaluationContextPostProcessor<FilterInvocation> {
 
 	@Override
-	public final EvaluationContext postProcess(EvaluationContext context,
-			FilterInvocation invocation) {
+	public final EvaluationContext postProcess(EvaluationContext context, FilterInvocation invocation) {
 		final HttpServletRequest request = invocation.getHttpRequest();
 		return new DelegatingEvaluationContext(context) {
 			private Map<String, String> variables;
diff --git a/web/src/main/java/org/springframework/security/web/access/expression/DefaultWebSecurityExpressionHandler.java b/web/src/main/java/org/springframework/security/web/access/expression/DefaultWebSecurityExpressionHandler.java
index 9171932697..d7bc805cd5 100644
--- a/web/src/main/java/org/springframework/security/web/access/expression/DefaultWebSecurityExpressionHandler.java
+++ b/web/src/main/java/org/springframework/security/web/access/expression/DefaultWebSecurityExpressionHandler.java
@@ -25,21 +25,20 @@ import org.springframework.security.web.FilterInvocation;
 import org.springframework.util.Assert;
 
 /**
- *
  * @author Luke Taylor
  * @author Eddú Meléndez
  * @since 3.0
  */
-public class DefaultWebSecurityExpressionHandler extends
-		AbstractSecurityExpressionHandler<FilterInvocation> implements
-		SecurityExpressionHandler<FilterInvocation> {
+public class DefaultWebSecurityExpressionHandler extends AbstractSecurityExpressionHandler<FilterInvocation>
+		implements SecurityExpressionHandler<FilterInvocation> {
 
 	private AuthenticationTrustResolver trustResolver = new AuthenticationTrustResolverImpl();
+
 	private String defaultRolePrefix = "ROLE_";
 
 	@Override
-	protected SecurityExpressionOperations createSecurityExpressionRoot(
-			Authentication authentication, FilterInvocation fi) {
+	protected SecurityExpressionOperations createSecurityExpressionRoot(Authentication authentication,
+			FilterInvocation fi) {
 		WebSecurityExpressionRoot root = new WebSecurityExpressionRoot(authentication, fi);
 		root.setPermissionEvaluator(getPermissionEvaluator());
 		root.setTrustResolver(trustResolver);
@@ -51,7 +50,6 @@ public class DefaultWebSecurityExpressionHandler extends
 	/**
 	 * Sets the {@link AuthenticationTrustResolver} to be used. The default is
 	 * {@link AuthenticationTrustResolverImpl}.
-	 *
 	 * @param trustResolver the {@link AuthenticationTrustResolver} to use. Cannot be
 	 * null.
 	 */
@@ -62,19 +60,21 @@ public class DefaultWebSecurityExpressionHandler extends
 
 	/**
 	 * <p>
-	 * Sets the default prefix to be added to {@link org.springframework.security.access.expression.SecurityExpressionRoot#hasAnyRole(String...)} or
-	 * {@link org.springframework.security.access.expression.SecurityExpressionRoot#hasRole(String)}. For example, if hasRole("ADMIN") or hasRole("ROLE_ADMIN")
-	 * is passed in, then the role ROLE_ADMIN will be used when the defaultRolePrefix is
-	 * "ROLE_" (default).
+	 * Sets the default prefix to be added to
+	 * {@link org.springframework.security.access.expression.SecurityExpressionRoot#hasAnyRole(String...)}
+	 * or
+	 * {@link org.springframework.security.access.expression.SecurityExpressionRoot#hasRole(String)}.
+	 * For example, if hasRole("ADMIN") or hasRole("ROLE_ADMIN") is passed in, then the
+	 * role ROLE_ADMIN will be used when the defaultRolePrefix is "ROLE_" (default).
 	 * </p>
 	 *
 	 * <p>
 	 * If null or empty, then no default role prefix is used.
 	 * </p>
-	 *
 	 * @param defaultRolePrefix the default prefix to add to roles. Default "ROLE_".
 	 */
 	public void setDefaultRolePrefix(String defaultRolePrefix) {
 		this.defaultRolePrefix = defaultRolePrefix;
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/access/expression/DelegatingEvaluationContext.java b/web/src/main/java/org/springframework/security/web/access/expression/DelegatingEvaluationContext.java
index f855a21a01..beb7d74713 100644
--- a/web/src/main/java/org/springframework/security/web/access/expression/DelegatingEvaluationContext.java
+++ b/web/src/main/java/org/springframework/security/web/access/expression/DelegatingEvaluationContext.java
@@ -36,6 +36,7 @@ import org.springframework.expression.TypedValue;
  * @since 4.1
  */
 class DelegatingEvaluationContext implements EvaluationContext {
+
 	private final EvaluationContext delegate;
 
 	DelegatingEvaluationContext(EvaluationContext delegate) {
@@ -96,4 +97,5 @@ class DelegatingEvaluationContext implements EvaluationContext {
 	public Object lookupVariable(String name) {
 		return this.delegate.lookupVariable(name);
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/access/expression/EvaluationContextPostProcessor.java b/web/src/main/java/org/springframework/security/web/access/expression/EvaluationContextPostProcessor.java
index fe1073444d..5b77e7fc2c 100644
--- a/web/src/main/java/org/springframework/security/web/access/expression/EvaluationContextPostProcessor.java
+++ b/web/src/main/java/org/springframework/security/web/access/expression/EvaluationContextPostProcessor.java
@@ -16,10 +16,10 @@
 package org.springframework.security.web.access.expression;
 
 import org.springframework.expression.EvaluationContext;
+
 /**
  *
-/**
- * Allows post processing the {@link EvaluationContext}
+ * /** Allows post processing the {@link EvaluationContext}
  *
  * <p>
  * This API is intentionally kept package scope as it may evolve over time.
@@ -32,15 +32,13 @@ import org.springframework.expression.EvaluationContext;
 interface EvaluationContextPostProcessor<I> {
 
 	/**
-	 * Allows post processing of the {@link EvaluationContext}. Implementations
-	 * may return a new instance of {@link EvaluationContext} or modify the
-	 * {@link EvaluationContext} that was passed in.
-	 *
-	 * @param context
-	 *            the original {@link EvaluationContext}
-	 * @param invocation
-	 *            the security invocation object (i.e. FilterInvocation)
+	 * Allows post processing of the {@link EvaluationContext}. Implementations may return
+	 * a new instance of {@link EvaluationContext} or modify the {@link EvaluationContext}
+	 * that was passed in.
+	 * @param context the original {@link EvaluationContext}
+	 * @param invocation the security invocation object (i.e. FilterInvocation)
 	 * @return the upated context.
 	 */
 	EvaluationContext postProcess(EvaluationContext context, I invocation);
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/access/expression/ExpressionBasedFilterInvocationSecurityMetadataSource.java b/web/src/main/java/org/springframework/security/web/access/expression/ExpressionBasedFilterInvocationSecurityMetadataSource.java
index a7ec8291e7..ee4f5cd176 100644
--- a/web/src/main/java/org/springframework/security/web/access/expression/ExpressionBasedFilterInvocationSecurityMetadataSource.java
+++ b/web/src/main/java/org/springframework/security/web/access/expression/ExpressionBasedFilterInvocationSecurityMetadataSource.java
@@ -44,45 +44,36 @@ import org.springframework.util.Assert;
  */
 public final class ExpressionBasedFilterInvocationSecurityMetadataSource
 		extends DefaultFilterInvocationSecurityMetadataSource {
-	private final static Log logger = LogFactory
-			.getLog(ExpressionBasedFilterInvocationSecurityMetadataSource.class);
+
+	private final static Log logger = LogFactory.getLog(ExpressionBasedFilterInvocationSecurityMetadataSource.class);
 
 	public ExpressionBasedFilterInvocationSecurityMetadataSource(
 			LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>> requestMap,
 			SecurityExpressionHandler<FilterInvocation> expressionHandler) {
 		super(processMap(requestMap, expressionHandler.getExpressionParser()));
-		Assert.notNull(expressionHandler,
-				"A non-null SecurityExpressionHandler is required");
+		Assert.notNull(expressionHandler, "A non-null SecurityExpressionHandler is required");
 	}
 
 	private static LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>> processMap(
-			LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>> requestMap,
-			ExpressionParser parser) {
+			LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>> requestMap, ExpressionParser parser) {
 		Assert.notNull(parser, "SecurityExpressionHandler returned a null parser object");
 
 		LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>> requestToExpressionAttributesMap = new LinkedHashMap<>(
 				requestMap);
 
-		for (Map.Entry<RequestMatcher, Collection<ConfigAttribute>> entry : requestMap
-				.entrySet()) {
+		for (Map.Entry<RequestMatcher, Collection<ConfigAttribute>> entry : requestMap.entrySet()) {
 			RequestMatcher request = entry.getKey();
-			Assert.isTrue(entry.getValue().size() == 1,
-					() -> "Expected a single expression attribute for " + request);
+			Assert.isTrue(entry.getValue().size() == 1, () -> "Expected a single expression attribute for " + request);
 			ArrayList<ConfigAttribute> attributes = new ArrayList<>(1);
-			String expression = entry.getValue().toArray(new ConfigAttribute[1])[0]
-					.getAttribute();
-			logger.debug("Adding web access control expression '" + expression + "', for "
-					+ request);
+			String expression = entry.getValue().toArray(new ConfigAttribute[1])[0].getAttribute();
+			logger.debug("Adding web access control expression '" + expression + "', for " + request);
 
-			AbstractVariableEvaluationContextPostProcessor postProcessor = createPostProcessor(
-					request);
+			AbstractVariableEvaluationContextPostProcessor postProcessor = createPostProcessor(request);
 			try {
-				attributes.add(new WebExpressionConfigAttribute(
-						parser.parseExpression(expression), postProcessor));
+				attributes.add(new WebExpressionConfigAttribute(parser.parseExpression(expression), postProcessor));
 			}
 			catch (ParseException e) {
-				throw new IllegalArgumentException(
-						"Failed to parse expression '" + expression + "'");
+				throw new IllegalArgumentException("Failed to parse expression '" + expression + "'");
 			}
 
 			requestToExpressionAttributesMap.put(request, attributes);
@@ -95,12 +86,11 @@ public final class ExpressionBasedFilterInvocationSecurityMetadataSource
 		return new RequestVariablesExtractorEvaluationContextPostProcessor(request);
 	}
 
-	static class AntPathMatcherEvaluationContextPostProcessor
-			extends AbstractVariableEvaluationContextPostProcessor {
+	static class AntPathMatcherEvaluationContextPostProcessor extends AbstractVariableEvaluationContextPostProcessor {
+
 		private final AntPathRequestMatcher matcher;
 
-		AntPathMatcherEvaluationContextPostProcessor(
-				AntPathRequestMatcher matcher) {
+		AntPathMatcherEvaluationContextPostProcessor(AntPathRequestMatcher matcher) {
 			this.matcher = matcher;
 		}
 
@@ -108,14 +98,15 @@ public final class ExpressionBasedFilterInvocationSecurityMetadataSource
 		Map<String, String> extractVariables(HttpServletRequest request) {
 			return this.matcher.matcher(request).getVariables();
 		}
+
 	}
 
 	static class RequestVariablesExtractorEvaluationContextPostProcessor
 			extends AbstractVariableEvaluationContextPostProcessor {
+
 		private final RequestMatcher matcher;
 
-		RequestVariablesExtractorEvaluationContextPostProcessor(
-				RequestMatcher matcher) {
+		RequestVariablesExtractorEvaluationContextPostProcessor(RequestMatcher matcher) {
 			this.matcher = matcher;
 		}
 
@@ -123,6 +114,7 @@ public final class ExpressionBasedFilterInvocationSecurityMetadataSource
 		Map<String, String> extractVariables(HttpServletRequest request) {
 			return this.matcher.matcher(request).getVariables();
 		}
+
 	}
 
 }
diff --git a/web/src/main/java/org/springframework/security/web/access/expression/WebExpressionConfigAttribute.java b/web/src/main/java/org/springframework/security/web/access/expression/WebExpressionConfigAttribute.java
index 7e3856f70f..57a2b1aa1d 100644
--- a/web/src/main/java/org/springframework/security/web/access/expression/WebExpressionConfigAttribute.java
+++ b/web/src/main/java/org/springframework/security/web/access/expression/WebExpressionConfigAttribute.java
@@ -26,9 +26,10 @@ import org.springframework.security.web.FilterInvocation;
  * @author Luke Taylor
  * @since 3.0
  */
-class WebExpressionConfigAttribute implements ConfigAttribute,
-		EvaluationContextPostProcessor<FilterInvocation> {
+class WebExpressionConfigAttribute implements ConfigAttribute, EvaluationContextPostProcessor<FilterInvocation> {
+
 	private final Expression authorizeExpression;
+
 	private final EvaluationContextPostProcessor<FilterInvocation> postProcessor;
 
 	WebExpressionConfigAttribute(Expression authorizeExpression,
@@ -43,8 +44,7 @@ class WebExpressionConfigAttribute implements ConfigAttribute,
 
 	@Override
 	public EvaluationContext postProcess(EvaluationContext context, FilterInvocation fi) {
-		return this.postProcessor == null ? context
-				: this.postProcessor.postProcess(context, fi);
+		return this.postProcessor == null ? context : this.postProcessor.postProcess(context, fi);
 	}
 
 	@Override
@@ -56,4 +56,5 @@ class WebExpressionConfigAttribute implements ConfigAttribute,
 	public String toString() {
 		return this.authorizeExpression.getExpressionString();
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/access/expression/WebExpressionVoter.java b/web/src/main/java/org/springframework/security/web/access/expression/WebExpressionVoter.java
index cb4882823b..707355ecf6 100644
--- a/web/src/main/java/org/springframework/security/web/access/expression/WebExpressionVoter.java
+++ b/web/src/main/java/org/springframework/security/web/access/expression/WebExpressionVoter.java
@@ -27,14 +27,15 @@ import org.springframework.security.web.FilterInvocation;
 
 /**
  * Voter which handles web authorisation decisions.
+ *
  * @author Luke Taylor
  * @since 3.0
  */
 public class WebExpressionVoter implements AccessDecisionVoter<FilterInvocation> {
+
 	private SecurityExpressionHandler<FilterInvocation> expressionHandler = new DefaultWebSecurityExpressionHandler();
 
-	public int vote(Authentication authentication, FilterInvocation fi,
-			Collection<ConfigAttribute> attributes) {
+	public int vote(Authentication authentication, FilterInvocation fi, Collection<ConfigAttribute> attributes) {
 		assert authentication != null;
 		assert fi != null;
 		assert attributes != null;
@@ -45,16 +46,13 @@ public class WebExpressionVoter implements AccessDecisionVoter<FilterInvocation>
 			return ACCESS_ABSTAIN;
 		}
 
-		EvaluationContext ctx = expressionHandler.createEvaluationContext(authentication,
-				fi);
+		EvaluationContext ctx = expressionHandler.createEvaluationContext(authentication, fi);
 		ctx = weca.postProcess(ctx, fi);
 
-		return ExpressionUtils.evaluateAsBoolean(weca.getAuthorizeExpression(), ctx) ? ACCESS_GRANTED
-				: ACCESS_DENIED;
+		return ExpressionUtils.evaluateAsBoolean(weca.getAuthorizeExpression(), ctx) ? ACCESS_GRANTED : ACCESS_DENIED;
 	}
 
-	private WebExpressionConfigAttribute findConfigAttribute(
-			Collection<ConfigAttribute> attributes) {
+	private WebExpressionConfigAttribute findConfigAttribute(Collection<ConfigAttribute> attributes) {
 		for (ConfigAttribute attribute : attributes) {
 			if (attribute instanceof WebExpressionConfigAttribute) {
 				return (WebExpressionConfigAttribute) attribute;
@@ -71,8 +69,8 @@ public class WebExpressionVoter implements AccessDecisionVoter<FilterInvocation>
 		return FilterInvocation.class.isAssignableFrom(clazz);
 	}
 
-	public void setExpressionHandler(
-			SecurityExpressionHandler<FilterInvocation> expressionHandler) {
+	public void setExpressionHandler(SecurityExpressionHandler<FilterInvocation> expressionHandler) {
 		this.expressionHandler = expressionHandler;
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/access/expression/WebSecurityExpressionRoot.java b/web/src/main/java/org/springframework/security/web/access/expression/WebSecurityExpressionRoot.java
index d27983e9a1..8b90b6d9cc 100644
--- a/web/src/main/java/org/springframework/security/web/access/expression/WebSecurityExpressionRoot.java
+++ b/web/src/main/java/org/springframework/security/web/access/expression/WebSecurityExpressionRoot.java
@@ -23,11 +23,11 @@ import org.springframework.security.web.FilterInvocation;
 import org.springframework.security.web.util.matcher.IpAddressMatcher;
 
 /**
- *
  * @author Luke Taylor
  * @since 3.0
  */
 public class WebSecurityExpressionRoot extends SecurityExpressionRoot {
+
 	// private FilterInvocation filterInvocation;
 	/** Allows direct access to the request object */
 	public final HttpServletRequest request;
@@ -41,7 +41,6 @@ public class WebSecurityExpressionRoot extends SecurityExpressionRoot {
 	/**
 	 * Takes a specific IP address or a range using the IP/Netmask (e.g. 192.168.1.0/24 or
 	 * 202.24.0.0/14).
-	 *
 	 * @param ipAddress the address or range of addresses from which the request must
 	 * come.
 	 * @return true if the IP address of the current request is in the required range.
diff --git a/web/src/main/java/org/springframework/security/web/access/expression/package-info.java b/web/src/main/java/org/springframework/security/web/access/expression/package-info.java
index d40b1baabb..b6c3d6ce6f 100644
--- a/web/src/main/java/org/springframework/security/web/access/expression/package-info.java
+++ b/web/src/main/java/org/springframework/security/web/access/expression/package-info.java
@@ -17,4 +17,3 @@
  * Implementation of web security expressions.
  */
 package org.springframework.security.web.access.expression;
-
diff --git a/web/src/main/java/org/springframework/security/web/access/intercept/DefaultFilterInvocationSecurityMetadataSource.java b/web/src/main/java/org/springframework/security/web/access/intercept/DefaultFilterInvocationSecurityMetadataSource.java
index caf752cf00..034712fb59 100644
--- a/web/src/main/java/org/springframework/security/web/access/intercept/DefaultFilterInvocationSecurityMetadataSource.java
+++ b/web/src/main/java/org/springframework/security/web/access/intercept/DefaultFilterInvocationSecurityMetadataSource.java
@@ -44,15 +44,13 @@ import org.springframework.security.web.util.matcher.RequestMatcher;
  * <p>
  * The most common method creating an instance is using the Spring Security namespace. For
  * example, the {@code pattern} and {@code access} attributes of the
- * {@code <intercept-url>} elements defined as children of the {@code <http>}
- * element are combined to build the instance used by the
- * {@code FilterSecurityInterceptor}.
+ * {@code <intercept-url>} elements defined as children of the {@code <http>} element are
+ * combined to build the instance used by the {@code FilterSecurityInterceptor}.
  *
  * @author Ben Alex
  * @author Luke Taylor
  */
-public class DefaultFilterInvocationSecurityMetadataSource implements
-		FilterInvocationSecurityMetadataSource {
+public class DefaultFilterInvocationSecurityMetadataSource implements FilterInvocationSecurityMetadataSource {
 
 	protected final Log logger = LogFactory.getLog(getClass());
 
@@ -65,7 +63,6 @@ public class DefaultFilterInvocationSecurityMetadataSource implements
 	 * Sets the internal request map from the supplied map. The key elements should be of
 	 * type {@link RequestMatcher}, which. The path stored in the key will depend on the
 	 * type of the supplied UrlMatcher.
-	 *
 	 * @param requestMap order-preserving map of request definitions to attribute lists
 	 */
 	public DefaultFilterInvocationSecurityMetadataSource(
@@ -80,8 +77,7 @@ public class DefaultFilterInvocationSecurityMetadataSource implements
 	public Collection<ConfigAttribute> getAllConfigAttributes() {
 		Set<ConfigAttribute> allAttributes = new HashSet<>();
 
-		for (Map.Entry<RequestMatcher, Collection<ConfigAttribute>> entry : requestMap
-				.entrySet()) {
+		for (Map.Entry<RequestMatcher, Collection<ConfigAttribute>> entry : requestMap.entrySet()) {
 			allAttributes.addAll(entry.getValue());
 		}
 
@@ -90,8 +86,7 @@ public class DefaultFilterInvocationSecurityMetadataSource implements
 
 	public Collection<ConfigAttribute> getAttributes(Object object) {
 		final HttpServletRequest request = ((FilterInvocation) object).getRequest();
-		for (Map.Entry<RequestMatcher, Collection<ConfigAttribute>> entry : requestMap
-				.entrySet()) {
+		for (Map.Entry<RequestMatcher, Collection<ConfigAttribute>> entry : requestMap.entrySet()) {
 			if (entry.getKey().matches(request)) {
 				return entry.getValue();
 			}
@@ -102,4 +97,5 @@ public class DefaultFilterInvocationSecurityMetadataSource implements
 	public boolean supports(Class<?> clazz) {
 		return FilterInvocation.class.isAssignableFrom(clazz);
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/access/intercept/FilterInvocationSecurityMetadataSource.java b/web/src/main/java/org/springframework/security/web/access/intercept/FilterInvocationSecurityMetadataSource.java
index 47a34443d6..b984e50b16 100644
--- a/web/src/main/java/org/springframework/security/web/access/intercept/FilterInvocationSecurityMetadataSource.java
+++ b/web/src/main/java/org/springframework/security/web/access/intercept/FilterInvocationSecurityMetadataSource.java
@@ -26,4 +26,5 @@ import org.springframework.security.web.FilterInvocation;
  * @author Ben Alex
  */
 public interface FilterInvocationSecurityMetadataSource extends SecurityMetadataSource {
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/access/intercept/FilterSecurityInterceptor.java b/web/src/main/java/org/springframework/security/web/access/intercept/FilterSecurityInterceptor.java
index 0dd86eeda1..158b4daef2 100644
--- a/web/src/main/java/org/springframework/security/web/access/intercept/FilterSecurityInterceptor.java
+++ b/web/src/main/java/org/springframework/security/web/access/intercept/FilterSecurityInterceptor.java
@@ -42,8 +42,8 @@ import org.springframework.security.web.FilterInvocation;
  * @author Ben Alex
  * @author Rob Winch
  */
-public class FilterSecurityInterceptor extends AbstractSecurityInterceptor implements
-		Filter {
+public class FilterSecurityInterceptor extends AbstractSecurityInterceptor implements Filter {
+
 	// ~ Static fields/initializers
 	// =====================================================================================
 
@@ -53,6 +53,7 @@ public class FilterSecurityInterceptor extends AbstractSecurityInterceptor imple
 	// ================================================================================================
 
 	private FilterInvocationSecurityMetadataSource securityMetadataSource;
+
 	private boolean observeOncePerRequest = true;
 
 	// ~ Methods
@@ -60,7 +61,6 @@ public class FilterSecurityInterceptor extends AbstractSecurityInterceptor imple
 
 	/**
 	 * Not used (we rely on IoC container lifecycle services instead)
-	 *
 	 * @param arg0 ignored
 	 *
 	 */
@@ -76,16 +76,14 @@ public class FilterSecurityInterceptor extends AbstractSecurityInterceptor imple
 	/**
 	 * Method that is actually called by the filter chain. Simply delegates to the
 	 * {@link #invoke(FilterInvocation)} method.
-	 *
 	 * @param request the servlet request
 	 * @param response the servlet response
 	 * @param chain the filter chain
-	 *
 	 * @throws IOException if the filter chain fails
 	 * @throws ServletException if the filter chain fails
 	 */
-	public void doFilter(ServletRequest request, ServletResponse response,
-			FilterChain chain) throws IOException, ServletException {
+	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
+			throws IOException, ServletException {
 		FilterInvocation fi = new FilterInvocation(request, response, chain);
 		invoke(fi);
 	}
@@ -107,8 +105,7 @@ public class FilterSecurityInterceptor extends AbstractSecurityInterceptor imple
 	}
 
 	public void invoke(FilterInvocation fi) throws IOException, ServletException {
-		if ((fi.getRequest() != null)
-				&& (fi.getRequest().getAttribute(FILTER_APPLIED) != null)
+		if ((fi.getRequest() != null) && (fi.getRequest().getAttribute(FILTER_APPLIED) != null)
 				&& observeOncePerRequest) {
 			// filter already applied to this request and user wants us to observe
 			// once-per-request handling, so don't re-do security checking
@@ -139,7 +136,6 @@ public class FilterSecurityInterceptor extends AbstractSecurityInterceptor imple
 	 * execute once-per-request. Sometimes users may wish it to execute more than once per
 	 * request, such as when JSP forwards are being used and filter security is desired on
 	 * each included fragment of the HTTP request.
-	 *
 	 * @return <code>true</code> (the default) if once-per-request is honoured, otherwise
 	 * <code>false</code> if <code>FilterSecurityInterceptor</code> will enforce
 	 * authorizations for each and every fragment of the HTTP request.
@@ -151,4 +147,5 @@ public class FilterSecurityInterceptor extends AbstractSecurityInterceptor imple
 	public void setObserveOncePerRequest(boolean observeOncePerRequest) {
 		this.observeOncePerRequest = observeOncePerRequest;
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/access/intercept/RequestKey.java b/web/src/main/java/org/springframework/security/web/access/intercept/RequestKey.java
index f309cc1909..bc757cad0f 100644
--- a/web/src/main/java/org/springframework/security/web/access/intercept/RequestKey.java
+++ b/web/src/main/java/org/springframework/security/web/access/intercept/RequestKey.java
@@ -22,7 +22,9 @@ import org.springframework.util.Assert;
  * @since 2.0
  */
 public class RequestKey {
+
 	private final String url;
+
 	private final String method;
 
 	public RequestKey(String url) {
@@ -81,4 +83,5 @@ public class RequestKey {
 
 		return sb.toString();
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/access/intercept/package-info.java b/web/src/main/java/org/springframework/security/web/access/intercept/package-info.java
index 30188af628..569a9d70be 100644
--- a/web/src/main/java/org/springframework/security/web/access/intercept/package-info.java
+++ b/web/src/main/java/org/springframework/security/web/access/intercept/package-info.java
@@ -17,4 +17,3 @@
  * Enforcement of security for HTTP requests, typically by the URL requested.
  */
 package org.springframework.security.web.access.intercept;
-
diff --git a/web/src/main/java/org/springframework/security/web/access/package-info.java b/web/src/main/java/org/springframework/security/web/access/package-info.java
index 11069b3500..4c5d8c6b1e 100644
--- a/web/src/main/java/org/springframework/security/web/access/package-info.java
+++ b/web/src/main/java/org/springframework/security/web/access/package-info.java
@@ -17,4 +17,3 @@
  * Access-control related classes and packages.
  */
 package org.springframework.security.web.access;
-
diff --git a/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilter.java b/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilter.java
index d5910b564f..53260f68c0 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilter.java
@@ -100,16 +100,16 @@ import org.springframework.web.filter.GenericFilterBean;
  *
  * The class has an optional {@link SessionAuthenticationStrategy} which will be invoked
  * immediately after a successful call to {@code attemptAuthentication()}. Different
- * implementations
- * {@link #setSessionAuthenticationStrategy(SessionAuthenticationStrategy) can be
- * injected} to enable things like session-fixation attack prevention or to control the
- * number of simultaneous sessions a principal may have.
+ * implementations {@link #setSessionAuthenticationStrategy(SessionAuthenticationStrategy)
+ * can be injected} to enable things like session-fixation attack prevention or to control
+ * the number of simultaneous sessions a principal may have.
  *
  * @author Ben Alex
  * @author Luke Taylor
  */
 public abstract class AbstractAuthenticationProcessingFilter extends GenericFilterBean
 		implements ApplicationEventPublisherAware, MessageSourceAware {
+
 	// ~ Static fields/initializers
 	// =====================================================================================
 
@@ -117,9 +117,13 @@ public abstract class AbstractAuthenticationProcessingFilter extends GenericFilt
 	// ================================================================================================
 
 	protected ApplicationEventPublisher eventPublisher;
+
 	protected AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource = new WebAuthenticationDetailsSource();
+
 	private AuthenticationManager authenticationManager;
+
 	protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
+
 	private RememberMeServices rememberMeServices = new NullRememberMeServices();
 
 	private RequestMatcher requiresAuthenticationRequestMatcher;
@@ -131,6 +135,7 @@ public abstract class AbstractAuthenticationProcessingFilter extends GenericFilt
 	private boolean allowSessionCreation = true;
 
 	private AuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
+
 	private AuthenticationFailureHandler failureHandler = new SimpleUrlAuthenticationFailureHandler();
 
 	// ~ Constructors
@@ -145,23 +150,20 @@ public abstract class AbstractAuthenticationProcessingFilter extends GenericFilt
 
 	/**
 	 * Creates a new instance
-	 *
 	 * @param requiresAuthenticationRequestMatcher the {@link RequestMatcher} used to
 	 * determine if authentication is required. Cannot be null.
 	 */
-	protected AbstractAuthenticationProcessingFilter(
-			RequestMatcher requiresAuthenticationRequestMatcher) {
-		Assert.notNull(requiresAuthenticationRequestMatcher,
-				"requiresAuthenticationRequestMatcher cannot be null");
+	protected AbstractAuthenticationProcessingFilter(RequestMatcher requiresAuthenticationRequestMatcher) {
+		Assert.notNull(requiresAuthenticationRequestMatcher, "requiresAuthenticationRequestMatcher cannot be null");
 		this.requiresAuthenticationRequestMatcher = requiresAuthenticationRequestMatcher;
 	}
 
 	/**
-	 * Creates a new instance with a default filterProcessesUrl and an {@link AuthenticationManager}
-	 *
+	 * Creates a new instance with a default filterProcessesUrl and an
+	 * {@link AuthenticationManager}
 	 * @param defaultFilterProcessesUrl the default value for <tt>filterProcessesUrl</tt>.
-	 * @param authenticationManager the {@link AuthenticationManager} used to authenticate an {@link Authentication} object.
-	 *                              Cannot be null.
+	 * @param authenticationManager the {@link AuthenticationManager} used to authenticate
+	 * an {@link Authentication} object. Cannot be null.
 	 */
 	protected AbstractAuthenticationProcessingFilter(String defaultFilterProcessesUrl,
 			AuthenticationManager authenticationManager) {
@@ -170,12 +172,12 @@ public abstract class AbstractAuthenticationProcessingFilter extends GenericFilt
 	}
 
 	/**
-	 * Creates a new instance with a {@link RequestMatcher} and an {@link AuthenticationManager}
-	 *
-	 * @param requiresAuthenticationRequestMatcher the {@link RequestMatcher} used to determine
-	 *                                             if authentication is required. Cannot be null.
-	 * @param authenticationManager the {@link AuthenticationManager} used to authenticate an {@link Authentication} object.
-	 *                              Cannot be null.
+	 * Creates a new instance with a {@link RequestMatcher} and an
+	 * {@link AuthenticationManager}
+	 * @param requiresAuthenticationRequestMatcher the {@link RequestMatcher} used to
+	 * determine if authentication is required. Cannot be null.
+	 * @param authenticationManager the {@link AuthenticationManager} used to authenticate
+	 * an {@link Authentication} object. Cannot be null.
 	 */
 	protected AbstractAuthenticationProcessingFilter(RequestMatcher requiresAuthenticationRequestMatcher,
 			AuthenticationManager authenticationManager) {
@@ -192,12 +194,10 @@ public abstract class AbstractAuthenticationProcessingFilter extends GenericFilt
 	}
 
 	/**
-	 * Invokes the
-	 * {@link #requiresAuthentication(HttpServletRequest, HttpServletResponse)
+	 * Invokes the {@link #requiresAuthentication(HttpServletRequest, HttpServletResponse)
 	 * requiresAuthentication} method to determine whether the request is for
 	 * authentication and should be handled by this filter. If it is an authentication
-	 * request, the
-	 * {@link #attemptAuthentication(HttpServletRequest, HttpServletResponse)
+	 * request, the {@link #attemptAuthentication(HttpServletRequest, HttpServletResponse)
 	 * attemptAuthentication} will be invoked to perform the authentication. There are
 	 * then three possible outcomes:
 	 * <ol>
@@ -245,9 +245,7 @@ public abstract class AbstractAuthenticationProcessingFilter extends GenericFilt
 			sessionStrategy.onAuthentication(authResult, request, response);
 		}
 		catch (InternalAuthenticationServiceException failed) {
-			logger.error(
-					"An internal error occurred while trying to authenticate the user.",
-					failed);
+			logger.error("An internal error occurred while trying to authenticate the user.", failed);
 			unsuccessfulAuthentication(request, response, failed);
 
 			return;
@@ -276,12 +274,10 @@ public abstract class AbstractAuthenticationProcessingFilter extends GenericFilt
 	 * before matching against the <code>filterProcessesUrl</code> property.
 	 * <p>
 	 * Subclasses may override for special requirements, such as Tapestry integration.
-	 *
 	 * @return <code>true</code> if the filter should attempt authentication,
 	 * <code>false</code> otherwise.
 	 */
-	protected boolean requiresAuthentication(HttpServletRequest request,
-			HttpServletResponse response) {
+	protected boolean requiresAuthentication(HttpServletRequest request, HttpServletResponse response) {
 		return requiresAuthenticationRequestMatcher.matches(request);
 	}
 
@@ -295,20 +291,17 @@ public abstract class AbstractAuthenticationProcessingFilter extends GenericFilt
 	 * <li>Return null, indicating that the authentication process is still in progress.
 	 * Before returning, the implementation should perform any additional work required to
 	 * complete the process.</li>
-	 * <li>Throw an <tt>AuthenticationException</tt> if the authentication process fails</li>
+	 * <li>Throw an <tt>AuthenticationException</tt> if the authentication process
+	 * fails</li>
 	 * </ol>
-	 *
 	 * @param request from which to extract parameters and perform the authentication
 	 * @param response the response, which may be needed if the implementation has to do a
 	 * redirect as part of a multi-stage authentication process (such as OpenID).
-	 *
 	 * @return the authenticated user token, or null if authentication is incomplete.
-	 *
 	 * @throws AuthenticationException if authentication fails.
 	 */
-	public abstract Authentication attemptAuthentication(HttpServletRequest request,
-			HttpServletResponse response) throws AuthenticationException, IOException,
-			ServletException;
+	public abstract Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
+			throws AuthenticationException, IOException, ServletException;
 
 	/**
 	 * Default behaviour for successful authentication.
@@ -318,7 +311,8 @@ public abstract class AbstractAuthenticationProcessingFilter extends GenericFilt
 	 * <li>Informs the configured <tt>RememberMeServices</tt> of the successful login</li>
 	 * <li>Fires an {@link InteractiveAuthenticationSuccessEvent} via the configured
 	 * <tt>ApplicationEventPublisher</tt></li>
-	 * <li>Delegates additional behaviour to the {@link AuthenticationSuccessHandler}.</li>
+	 * <li>Delegates additional behaviour to the
+	 * {@link AuthenticationSuccessHandler}.</li>
 	 * </ol>
 	 *
 	 * Subclasses can override this method to continue the {@link FilterChain} after
@@ -331,13 +325,11 @@ public abstract class AbstractAuthenticationProcessingFilter extends GenericFilt
 	 * @throws IOException
 	 * @throws ServletException
 	 */
-	protected void successfulAuthentication(HttpServletRequest request,
-			HttpServletResponse response, FilterChain chain, Authentication authResult)
-			throws IOException, ServletException {
+	protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain,
+			Authentication authResult) throws IOException, ServletException {
 
 		if (logger.isDebugEnabled()) {
-			logger.debug("Authentication success. Updating SecurityContextHolder to contain: "
-					+ authResult);
+			logger.debug("Authentication success. Updating SecurityContextHolder to contain: " + authResult);
 		}
 
 		SecurityContextHolder.getContext().setAuthentication(authResult);
@@ -346,8 +338,7 @@ public abstract class AbstractAuthenticationProcessingFilter extends GenericFilt
 
 		// Fire event
 		if (this.eventPublisher != null) {
-			eventPublisher.publishEvent(new InteractiveAuthenticationSuccessEvent(
-					authResult, this.getClass()));
+			eventPublisher.publishEvent(new InteractiveAuthenticationSuccessEvent(authResult, this.getClass()));
 		}
 
 		successHandler.onAuthenticationSuccess(request, response, authResult);
@@ -360,12 +351,12 @@ public abstract class AbstractAuthenticationProcessingFilter extends GenericFilt
 	 * <li>Stores the exception in the session (if it exists or
 	 * <tt>allowSesssionCreation</tt> is set to <tt>true</tt>)</li>
 	 * <li>Informs the configured <tt>RememberMeServices</tt> of the failed login</li>
-	 * <li>Delegates additional behaviour to the {@link AuthenticationFailureHandler}.</li>
+	 * <li>Delegates additional behaviour to the
+	 * {@link AuthenticationFailureHandler}.</li>
 	 * </ol>
 	 */
-	protected void unsuccessfulAuthentication(HttpServletRequest request,
-			HttpServletResponse response, AuthenticationException failed)
-			throws IOException, ServletException {
+	protected void unsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response,
+			AuthenticationException failed) throws IOException, ServletException {
 		SecurityContextHolder.clearContext();
 
 		if (logger.isDebugEnabled()) {
@@ -389,16 +380,13 @@ public abstract class AbstractAuthenticationProcessingFilter extends GenericFilt
 
 	/**
 	 * Sets the URL that determines if authentication is required
-	 *
 	 * @param filterProcessesUrl
 	 */
 	public void setFilterProcessesUrl(String filterProcessesUrl) {
-		setRequiresAuthenticationRequestMatcher(new AntPathRequestMatcher(
-				filterProcessesUrl));
+		setRequiresAuthenticationRequestMatcher(new AntPathRequestMatcher(filterProcessesUrl));
 	}
 
-	public final void setRequiresAuthenticationRequestMatcher(
-			RequestMatcher requestMatcher) {
+	public final void setRequiresAuthenticationRequestMatcher(RequestMatcher requestMatcher) {
 		Assert.notNull(requestMatcher, "requestMatcher cannot be null");
 		this.requiresAuthenticationRequestMatcher = requestMatcher;
 	}
@@ -418,8 +406,7 @@ public abstract class AbstractAuthenticationProcessingFilter extends GenericFilt
 	 * , which may be useful in certain environment (such as Tapestry applications).
 	 * Defaults to <code>false</code>.
 	 */
-	public void setContinueChainBeforeSuccessfulAuthentication(
-			boolean continueChainBeforeSuccessfulAuthentication) {
+	public void setContinueChainBeforeSuccessfulAuthentication(boolean continueChainBeforeSuccessfulAuthentication) {
 		this.continueChainBeforeSuccessfulAuthentication = continueChainBeforeSuccessfulAuthentication;
 	}
 
@@ -429,8 +416,7 @@ public abstract class AbstractAuthenticationProcessingFilter extends GenericFilt
 
 	public void setAuthenticationDetailsSource(
 			AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource) {
-		Assert.notNull(authenticationDetailsSource,
-				"AuthenticationDetailsSource required");
+		Assert.notNull(authenticationDetailsSource, "AuthenticationDetailsSource required");
 		this.authenticationDetailsSource = authenticationDetailsSource;
 	}
 
@@ -451,12 +437,10 @@ public abstract class AbstractAuthenticationProcessingFilter extends GenericFilt
 	 * authentication request is successfully processed by the
 	 * <tt>AuthenticationManager</tt>. Used, for example, to handle changing of the
 	 * session identifier to prevent session fixation attacks.
-	 *
 	 * @param sessionStrategy the implementation to use. If not set a null implementation
 	 * is used.
 	 */
-	public void setSessionAuthenticationStrategy(
-			SessionAuthenticationStrategy sessionStrategy) {
+	public void setSessionAuthenticationStrategy(SessionAuthenticationStrategy sessionStrategy) {
 		this.sessionStrategy = sessionStrategy;
 	}
 
@@ -464,14 +448,12 @@ public abstract class AbstractAuthenticationProcessingFilter extends GenericFilt
 	 * Sets the strategy used to handle a successful authentication. By default a
 	 * {@link SavedRequestAwareAuthenticationSuccessHandler} is used.
 	 */
-	public void setAuthenticationSuccessHandler(
-			AuthenticationSuccessHandler successHandler) {
+	public void setAuthenticationSuccessHandler(AuthenticationSuccessHandler successHandler) {
 		Assert.notNull(successHandler, "successHandler cannot be null");
 		this.successHandler = successHandler;
 	}
 
-	public void setAuthenticationFailureHandler(
-			AuthenticationFailureHandler failureHandler) {
+	public void setAuthenticationFailureHandler(AuthenticationFailureHandler failureHandler) {
 		Assert.notNull(failureHandler, "failureHandler cannot be null");
 		this.failureHandler = failureHandler;
 	}
@@ -483,4 +465,5 @@ public abstract class AbstractAuthenticationProcessingFilter extends GenericFilt
 	protected AuthenticationFailureHandler getFailureHandler() {
 		return failureHandler;
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationTargetUrlRequestHandler.java b/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationTargetUrlRequestHandler.java
index ab14b48241..6f42eadf1e 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationTargetUrlRequestHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationTargetUrlRequestHandler.java
@@ -40,21 +40,17 @@ import org.springframework.util.StringUtils;
  * Uses the following logic sequence to determine how it should handle the
  * forward/redirect
  * <ul>
- * <li>
- * If the {@code alwaysUseDefaultTargetUrl} property is set to true, the
+ * <li>If the {@code alwaysUseDefaultTargetUrl} property is set to true, the
  * {@code defaultTargetUrl} property will be used for the destination.</li>
- * <li>
- * If a parameter matching the value of {@code targetUrlParameter} has been set on the
+ * <li>If a parameter matching the value of {@code targetUrlParameter} has been set on the
  * request, the value will be used as the destination. If you are enabling this
  * functionality, then you should ensure that the parameter cannot be used by an attacker
  * to redirect the user to a malicious site (by clicking on a URL with the parameter
  * included, for example). Typically it would be used when the parameter is included in
  * the login form and submitted with the username and password.</li>
- * <li>
- * If the {@code useReferer} property is set, the "Referer" HTTP header value will be
+ * <li>If the {@code useReferer} property is set, the "Referer" HTTP header value will be
  * used, if present.</li>
- * <li>
- * As a fallback option, the {@code defaultTargetUrl} value will be used.</li>
+ * <li>As a fallback option, the {@code defaultTargetUrl} value will be used.</li>
  * </ul>
  *
  * @author Luke Taylor
@@ -63,10 +59,15 @@ import org.springframework.util.StringUtils;
 public abstract class AbstractAuthenticationTargetUrlRequestHandler {
 
 	protected final Log logger = LogFactory.getLog(this.getClass());
+
 	private String targetUrlParameter = null;
+
 	private String defaultTargetUrl = "/";
+
 	private boolean alwaysUseDefaultTargetUrl = false;
+
 	private boolean useReferer = false;
+
 	private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
 
 	protected AbstractAuthenticationTargetUrlRequestHandler() {
@@ -78,13 +79,12 @@ public abstract class AbstractAuthenticationTargetUrlRequestHandler {
 	 * <p>
 	 * The redirect will not be performed if the response has already been committed.
 	 */
-	protected void handle(HttpServletRequest request, HttpServletResponse response,
-			Authentication authentication) throws IOException, ServletException {
+	protected void handle(HttpServletRequest request, HttpServletResponse response, Authentication authentication)
+			throws IOException, ServletException {
 		String targetUrl = determineTargetUrl(request, response, authentication);
 
 		if (response.isCommitted()) {
-			logger.debug("Response has already been committed. Unable to redirect to "
-					+ targetUrl);
+			logger.debug("Response has already been committed. Unable to redirect to " + targetUrl);
 			return;
 		}
 
@@ -96,16 +96,15 @@ public abstract class AbstractAuthenticationTargetUrlRequestHandler {
 	 *
 	 * @since 5.2
 	 */
-	protected String determineTargetUrl(HttpServletRequest request,
-			HttpServletResponse response, Authentication authentication) {
+	protected String determineTargetUrl(HttpServletRequest request, HttpServletResponse response,
+			Authentication authentication) {
 		return determineTargetUrl(request, response);
 	}
 
 	/**
 	 * Builds the target URL according to the logic defined in the main class Javadoc.
 	 */
-	protected String determineTargetUrl(HttpServletRequest request,
-			HttpServletResponse response) {
+	protected String determineTargetUrl(HttpServletRequest request, HttpServletResponse response) {
 		if (isAlwaysUseDefaultTargetUrl()) {
 			return defaultTargetUrl;
 		}
@@ -140,7 +139,6 @@ public abstract class AbstractAuthenticationTargetUrlRequestHandler {
 	 * Supplies the default target Url that will be used if no saved request is found or
 	 * the {@code alwaysUseDefaultTargetUrl} property is set to true. If not set, defaults
 	 * to {@code /}.
-	 *
 	 * @return the defaultTargetUrl property
 	 */
 	protected final String getDefaultTargetUrl() {
@@ -154,7 +152,6 @@ public abstract class AbstractAuthenticationTargetUrlRequestHandler {
 	 * context path, and should include the leading <code>/</code>. Alternatively,
 	 * inclusion of a scheme name (such as "http://" or "https://") as the prefix will
 	 * denote a fully-qualified URL and this is also supported.
-	 *
 	 * @param defaultTargetUrl
 	 */
 	public void setDefaultTargetUrl(String defaultTargetUrl) {
@@ -178,7 +175,6 @@ public abstract class AbstractAuthenticationTargetUrlRequestHandler {
 	/**
 	 * If this property is set, the current request will be checked for this a parameter
 	 * with this name and the value used as the target URL if present.
-	 *
 	 * @param targetUrlParameter the name of the parameter containing the encoded target
 	 * URL. Defaults to null.
 	 */
diff --git a/web/src/main/java/org/springframework/security/web/authentication/AnonymousAuthenticationFilter.java b/web/src/main/java/org/springframework/security/web/authentication/AnonymousAuthenticationFilter.java
index c7f68ea499..788be0568f 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/AnonymousAuthenticationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/AnonymousAuthenticationFilter.java
@@ -42,21 +42,22 @@ import org.springframework.web.filter.GenericFilterBean;
  * @author Ben Alex
  * @author Luke Taylor
  */
-public class AnonymousAuthenticationFilter extends GenericFilterBean implements
-		InitializingBean {
+public class AnonymousAuthenticationFilter extends GenericFilterBean implements InitializingBean {
 
 	// ~ Instance fields
 	// ================================================================================================
 
 	private AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource = new WebAuthenticationDetailsSource();
+
 	private String key;
+
 	private Object principal;
+
 	private List<GrantedAuthority> authorities;
 
 	/**
 	 * Creates a filter with a principal named "anonymousUser" and the single authority
 	 * "ROLE_ANONYMOUS".
-	 *
 	 * @param key the key to identify tokens created by this filter
 	 */
 	public AnonymousAuthenticationFilter(String key) {
@@ -64,13 +65,11 @@ public class AnonymousAuthenticationFilter extends GenericFilterBean implements
 	}
 
 	/**
-	 *
 	 * @param key key the key to identify tokens created by this filter
 	 * @param principal the principal which will be used to represent anonymous users
 	 * @param authorities the authority list for anonymous users
 	 */
-	public AnonymousAuthenticationFilter(String key, Object principal,
-			List<GrantedAuthority> authorities) {
+	public AnonymousAuthenticationFilter(String key, Object principal, List<GrantedAuthority> authorities) {
 		Assert.hasLength(key, "key cannot be null or empty");
 		Assert.notNull(principal, "Anonymous authentication principal must be set");
 		Assert.notNull(authorities, "Anonymous authorities must be set");
@@ -93,8 +92,7 @@ public class AnonymousAuthenticationFilter extends GenericFilterBean implements
 			throws IOException, ServletException {
 
 		if (SecurityContextHolder.getContext().getAuthentication() == null) {
-			SecurityContextHolder.getContext().setAuthentication(
-					createAuthentication((HttpServletRequest) req));
+			SecurityContextHolder.getContext().setAuthentication(createAuthentication((HttpServletRequest) req));
 
 			if (logger.isDebugEnabled()) {
 				logger.debug("Populated SecurityContextHolder with anonymous token: '"
@@ -112,8 +110,7 @@ public class AnonymousAuthenticationFilter extends GenericFilterBean implements
 	}
 
 	protected Authentication createAuthentication(HttpServletRequest request) {
-		AnonymousAuthenticationToken auth = new AnonymousAuthenticationToken(key,
-				principal, authorities);
+		AnonymousAuthenticationToken auth = new AnonymousAuthenticationToken(key, principal, authorities);
 		auth.setDetails(authenticationDetailsSource.buildDetails(request));
 
 		return auth;
@@ -121,8 +118,7 @@ public class AnonymousAuthenticationFilter extends GenericFilterBean implements
 
 	public void setAuthenticationDetailsSource(
 			AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource) {
-		Assert.notNull(authenticationDetailsSource,
-				"AuthenticationDetailsSource required");
+		Assert.notNull(authenticationDetailsSource, "AuthenticationDetailsSource required");
 		this.authenticationDetailsSource = authenticationDetailsSource;
 	}
 
@@ -133,4 +129,5 @@ public class AnonymousAuthenticationFilter extends GenericFilterBean implements
 	public List<GrantedAuthority> getAuthorities() {
 		return authorities;
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/authentication/AuthenticationConverter.java b/web/src/main/java/org/springframework/security/web/authentication/AuthenticationConverter.java
index c425aa8878..7ada074310 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/AuthenticationConverter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/AuthenticationConverter.java
@@ -23,12 +23,11 @@ import org.springframework.security.core.AuthenticationException;
 
 /**
  * A strategy used for converting from a {@link HttpServletRequest} to an
- * {@link Authentication} of particular type. Used to authenticate with
- * appropriate {@link AuthenticationManager}. If the result is null, then it
- * signals that no authentication attempt should be made. It is also possible to
- * throw {@link AuthenticationException} within the
- * {@link #convert(HttpServletRequest)} if there was invalid Authentication
- * scheme value.
+ * {@link Authentication} of particular type. Used to authenticate with appropriate
+ * {@link AuthenticationManager}. If the result is null, then it signals that no
+ * authentication attempt should be made. It is also possible to throw
+ * {@link AuthenticationException} within the {@link #convert(HttpServletRequest)} if
+ * there was invalid Authentication scheme value.
  *
  * @author Sergey Bespalov
  * @since 5.2.0
diff --git a/web/src/main/java/org/springframework/security/web/authentication/AuthenticationEntryPointFailureHandler.java b/web/src/main/java/org/springframework/security/web/authentication/AuthenticationEntryPointFailureHandler.java
index 226f96ad8b..5b41679859 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/AuthenticationEntryPointFailureHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/AuthenticationEntryPointFailureHandler.java
@@ -45,4 +45,5 @@ public class AuthenticationEntryPointFailureHandler implements AuthenticationFai
 			AuthenticationException exception) throws IOException, ServletException {
 		this.authenticationEntryPoint.commence(request, response, exception);
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/authentication/AuthenticationFailureHandler.java b/web/src/main/java/org/springframework/security/web/authentication/AuthenticationFailureHandler.java
index b09b86471d..284c059957 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/AuthenticationFailureHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/AuthenticationFailureHandler.java
@@ -45,7 +45,7 @@ public interface AuthenticationFailureHandler {
 	 * @param exception the exception which was thrown to reject the authentication
 	 * request.
 	 */
-	void onAuthenticationFailure(HttpServletRequest request,
-			HttpServletResponse response, AuthenticationException exception)
-			throws IOException, ServletException;
+	void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
+			AuthenticationException exception) throws IOException, ServletException;
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/authentication/AuthenticationFilter.java b/web/src/main/java/org/springframework/security/web/authentication/AuthenticationFilter.java
index 0389bc22f4..60674e96f6 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/AuthenticationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/AuthenticationFilter.java
@@ -36,26 +36,24 @@ import org.springframework.util.Assert;
 import org.springframework.web.filter.OncePerRequestFilter;
 
 /**
- * A {@link Filter} that performs authentication of a particular request. An
- * outline of the logic:
+ * A {@link Filter} that performs authentication of a particular request. An outline of
+ * the logic:
  *
  * <ul>
  * <li>A request comes in and if it does not match
- * {@link #setRequestMatcher(RequestMatcher)}, then this filter does nothing and
- * the {@link FilterChain} is continued. If it does match then...</li>
- * <li>An attempt to convert the {@link HttpServletRequest} into an
- * {@link Authentication} is made. If the result is empty, then the filter does
- * nothing more and the {@link FilterChain} is continued. If it does create an
- * {@link Authentication}...</li>
+ * {@link #setRequestMatcher(RequestMatcher)}, then this filter does nothing and the
+ * {@link FilterChain} is continued. If it does match then...</li>
+ * <li>An attempt to convert the {@link HttpServletRequest} into an {@link Authentication}
+ * is made. If the result is empty, then the filter does nothing more and the
+ * {@link FilterChain} is continued. If it does create an {@link Authentication}...</li>
  * <li>The {@link AuthenticationManager} specified in
- * {@link #GenericAuthenticationFilter(AuthenticationManager)} is used to
- * perform authentication.</li>
- * <li>The {@link AuthenticationManagerResolver} specified in
- * {@link #GenericAuthenticationFilter(AuthenticationManagerResolver)} is used
- * to resolve the appropriate authentication manager from context to perform
+ * {@link #GenericAuthenticationFilter(AuthenticationManager)} is used to perform
  * authentication.</li>
- * <li>If authentication is successful, {@link AuthenticationSuccessHandler} is
- * invoked and the authentication is set on {@link SecurityContextHolder}, else
+ * <li>The {@link AuthenticationManagerResolver} specified in
+ * {@link #GenericAuthenticationFilter(AuthenticationManagerResolver)} is used to resolve
+ * the appropriate authentication manager from context to perform authentication.</li>
+ * <li>If authentication is successful, {@link AuthenticationSuccessHandler} is invoked
+ * and the authentication is set on {@link SecurityContextHolder}, else
  * {@link AuthenticationFailureHandler} is invoked</li>
  * </ul>
  *
@@ -65,10 +63,14 @@ import org.springframework.web.filter.OncePerRequestFilter;
 public class AuthenticationFilter extends OncePerRequestFilter {
 
 	private RequestMatcher requestMatcher = AnyRequestMatcher.INSTANCE;
+
 	private AuthenticationConverter authenticationConverter;
+
 	private AuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
+
 	private AuthenticationFailureHandler failureHandler = new AuthenticationEntryPointFailureHandler(
 			new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED));
+
 	private AuthenticationManagerResolver<HttpServletRequest> authenticationManagerResolver;
 
 	public AuthenticationFilter(AuthenticationManager authenticationManager,
@@ -152,7 +154,8 @@ public class AuthenticationFilter extends OncePerRequestFilter {
 			}
 
 			successfulAuthentication(request, response, filterChain, authenticationResult);
-		} catch (AuthenticationException e) {
+		}
+		catch (AuthenticationException e) {
 			unsuccessfulAuthentication(request, response, e);
 		}
 	}
diff --git a/web/src/main/java/org/springframework/security/web/authentication/AuthenticationSuccessHandler.java b/web/src/main/java/org/springframework/security/web/authentication/AuthenticationSuccessHandler.java
index 0909d8c191..f34b4937d8 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/AuthenticationSuccessHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/AuthenticationSuccessHandler.java
@@ -41,31 +41,28 @@ public interface AuthenticationSuccessHandler {
 
 	/**
 	 * Called when a user has been successfully authenticated.
-	 *
 	 * @param request the request which caused the successful authentication
 	 * @param response the response
-	 * @param chain the {@link FilterChain} which can be used to proceed other filters in the chain
+	 * @param chain the {@link FilterChain} which can be used to proceed other filters in
+	 * the chain
 	 * @param authentication the <tt>Authentication</tt> object which was created during
 	 * the authentication process.
 	 * @since 5.2.0
 	 */
-	default void onAuthenticationSuccess(HttpServletRequest request,
-			HttpServletResponse response, FilterChain chain, Authentication authentication)
-			throws IOException, ServletException{
+	default void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, FilterChain chain,
+			Authentication authentication) throws IOException, ServletException {
 		onAuthenticationSuccess(request, response, authentication);
 		chain.doFilter(request, response);
 	}
 
 	/**
 	 * Called when a user has been successfully authenticated.
-	 *
 	 * @param request the request which caused the successful authentication
 	 * @param response the response
 	 * @param authentication the <tt>Authentication</tt> object which was created during
 	 * the authentication process.
 	 */
-	void onAuthenticationSuccess(HttpServletRequest request,
-			HttpServletResponse response, Authentication authentication)
-			throws IOException, ServletException;
+	void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
+			Authentication authentication) throws IOException, ServletException;
 
 }
diff --git a/web/src/main/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPoint.java b/web/src/main/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPoint.java
index b69560e66e..79a973ad5e 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPoint.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPoint.java
@@ -58,15 +58,15 @@ import org.springframework.util.Assert;
  * @author Mike Wiesner
  * @since 3.0.2
  */
-public class DelegatingAuthenticationEntryPoint implements AuthenticationEntryPoint,
-		InitializingBean {
+public class DelegatingAuthenticationEntryPoint implements AuthenticationEntryPoint, InitializingBean {
+
 	private final Log logger = LogFactory.getLog(getClass());
 
 	private final LinkedHashMap<RequestMatcher, AuthenticationEntryPoint> entryPoints;
+
 	private AuthenticationEntryPoint defaultEntryPoint;
 
-	public DelegatingAuthenticationEntryPoint(
-			LinkedHashMap<RequestMatcher, AuthenticationEntryPoint> entryPoints) {
+	public DelegatingAuthenticationEntryPoint(LinkedHashMap<RequestMatcher, AuthenticationEntryPoint> entryPoints) {
 		this.entryPoints = entryPoints;
 	}
 
@@ -106,4 +106,5 @@ public class DelegatingAuthenticationEntryPoint implements AuthenticationEntryPo
 		Assert.notEmpty(entryPoints, "entryPoints must be specified");
 		Assert.notNull(defaultEntryPoint, "defaultEntryPoint must be specified");
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/authentication/DelegatingAuthenticationFailureHandler.java b/web/src/main/java/org/springframework/security/web/authentication/DelegatingAuthenticationFailureHandler.java
index 37eb160fbe..646afc0c37 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/DelegatingAuthenticationFailureHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/DelegatingAuthenticationFailureHandler.java
@@ -35,8 +35,7 @@ import java.util.Map;
  * @author Kazuki Shimizu
  * @since 4.0
  */
-public class DelegatingAuthenticationFailureHandler implements
-		AuthenticationFailureHandler {
+public class DelegatingAuthenticationFailureHandler implements AuthenticationFailureHandler {
 
 	private final LinkedHashMap<Class<? extends AuthenticationException>, AuthenticationFailureHandler> handlers;
 
@@ -44,7 +43,6 @@ public class DelegatingAuthenticationFailureHandler implements
 
 	/**
 	 * Creates a new instance
-	 *
 	 * @param handlers a map of the {@link AuthenticationException} class to the
 	 * {@link AuthenticationFailureHandler} that should be used. Each is considered in the
 	 * order they are specified and only the first {@link AuthenticationFailureHandler} is
@@ -66,13 +64,11 @@ public class DelegatingAuthenticationFailureHandler implements
 	 * {@inheritDoc}
 	 */
 	@Override
-	public void onAuthenticationFailure(HttpServletRequest request,
-			HttpServletResponse response, AuthenticationException exception)
-			throws IOException, ServletException {
+	public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
+			AuthenticationException exception) throws IOException, ServletException {
 		for (Map.Entry<Class<? extends AuthenticationException>, AuthenticationFailureHandler> entry : handlers
 				.entrySet()) {
-			Class<? extends AuthenticationException> handlerMappedExceptionClass = entry
-					.getKey();
+			Class<? extends AuthenticationException> handlerMappedExceptionClass = entry.getKey();
 			if (handlerMappedExceptionClass.isAssignableFrom(exception.getClass())) {
 				AuthenticationFailureHandler handler = entry.getValue();
 				handler.onAuthenticationFailure(request, response, exception);
diff --git a/web/src/main/java/org/springframework/security/web/authentication/ExceptionMappingAuthenticationFailureHandler.java b/web/src/main/java/org/springframework/security/web/authentication/ExceptionMappingAuthenticationFailureHandler.java
index bc301a6167..c97946b94d 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/ExceptionMappingAuthenticationFailureHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/ExceptionMappingAuthenticationFailureHandler.java
@@ -40,14 +40,13 @@ import org.springframework.util.Assert;
  * @author Luke Taylor
  * @since 3.0
  */
-public class ExceptionMappingAuthenticationFailureHandler extends
-		SimpleUrlAuthenticationFailureHandler {
+public class ExceptionMappingAuthenticationFailureHandler extends SimpleUrlAuthenticationFailureHandler {
+
 	private final Map<String, String> failureUrlMap = new HashMap<>();
 
 	@Override
-	public void onAuthenticationFailure(HttpServletRequest request,
-			HttpServletResponse response, AuthenticationException exception)
-			throws IOException, ServletException {
+	public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
+			AuthenticationException exception) throws IOException, ServletException {
 		String url = failureUrlMap.get(exception.getClass().getName());
 
 		if (url != null) {
@@ -60,10 +59,8 @@ public class ExceptionMappingAuthenticationFailureHandler extends
 
 	/**
 	 * Sets the map of exception types (by name) to URLs.
-	 *
 	 * @param failureUrlMap the map keyed by the fully-qualified name of the exception
 	 * class, with the corresponding failure URL as the value.
-	 *
 	 * @throws IllegalArgumentException if the entries are not Strings or the URL is not
 	 * valid.
 	 */
@@ -72,12 +69,11 @@ public class ExceptionMappingAuthenticationFailureHandler extends
 		for (Map.Entry<?, ?> entry : failureUrlMap.entrySet()) {
 			Object exception = entry.getKey();
 			Object url = entry.getValue();
-			Assert.isInstanceOf(String.class, exception,
-					"Exception key must be a String (the exception classname).");
+			Assert.isInstanceOf(String.class, exception, "Exception key must be a String (the exception classname).");
 			Assert.isInstanceOf(String.class, url, "URL must be a String");
-			Assert.isTrue(UrlUtils.isValidRedirectUrl((String) url),
-					() -> "Not a valid redirect URL: " + url);
+			Assert.isTrue(UrlUtils.isValidRedirectUrl((String) url), () -> "Not a valid redirect URL: " + url);
 			this.failureUrlMap.put((String) exception, (String) url);
 		}
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/authentication/ForwardAuthenticationFailureHandler.java b/web/src/main/java/org/springframework/security/web/authentication/ForwardAuthenticationFailureHandler.java
index 5396fba376..0566731cda 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/ForwardAuthenticationFailureHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/ForwardAuthenticationFailureHandler.java
@@ -1,53 +1,54 @@
-/*
- * Copyright 2002-2018 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.springframework.security.web.authentication;
-
-import org.springframework.security.core.AuthenticationException;
-import org.springframework.security.web.WebAttributes;
-import org.springframework.security.web.util.UrlUtils;
-import org.springframework.util.Assert;
-
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-
-/**
- * <p>
- * Forward Authentication Failure Handler
- * </p>
- *
- * @author Shazin Sadakath
- * @since 4.1
- */
-public class ForwardAuthenticationFailureHandler implements AuthenticationFailureHandler {
-
-	private final String forwardUrl;
-
-	/**
-	 * @param forwardUrl
-	 */
-	public ForwardAuthenticationFailureHandler(String forwardUrl) {
-		Assert.isTrue(UrlUtils.isValidRedirectUrl(forwardUrl),
-				() -> "'" + forwardUrl + "' is not a valid forward URL");
-		this.forwardUrl = forwardUrl;
-	}
-
-	public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException {
-		request.setAttribute(WebAttributes.AUTHENTICATION_EXCEPTION, exception);
-		request.getRequestDispatcher(forwardUrl).forward(request, response);
-	}
-}
+/*
+ * Copyright 2002-2018 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.security.web.authentication;
+
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.WebAttributes;
+import org.springframework.security.web.util.UrlUtils;
+import org.springframework.util.Assert;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+/**
+ * <p>
+ * Forward Authentication Failure Handler
+ * </p>
+ *
+ * @author Shazin Sadakath
+ * @since 4.1
+ */
+public class ForwardAuthenticationFailureHandler implements AuthenticationFailureHandler {
+
+	private final String forwardUrl;
+
+	/**
+	 * @param forwardUrl
+	 */
+	public ForwardAuthenticationFailureHandler(String forwardUrl) {
+		Assert.isTrue(UrlUtils.isValidRedirectUrl(forwardUrl), () -> "'" + forwardUrl + "' is not a valid forward URL");
+		this.forwardUrl = forwardUrl;
+	}
+
+	public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
+			AuthenticationException exception) throws IOException, ServletException {
+		request.setAttribute(WebAttributes.AUTHENTICATION_EXCEPTION, exception);
+		request.getRequestDispatcher(forwardUrl).forward(request, response);
+	}
+
+}
diff --git a/web/src/main/java/org/springframework/security/web/authentication/ForwardAuthenticationSuccessHandler.java b/web/src/main/java/org/springframework/security/web/authentication/ForwardAuthenticationSuccessHandler.java
index 812b37f494..1965d19f7f 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/ForwardAuthenticationSuccessHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/ForwardAuthenticationSuccessHandler.java
@@ -1,52 +1,53 @@
-/*
- * Copyright 2002-2018 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.springframework.security.web.authentication;
-
-import org.springframework.security.core.Authentication;
-import org.springframework.security.web.util.UrlUtils;
-import org.springframework.util.Assert;
-
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-
-/**
- * <p>
- * Forward Authentication Success Handler
- * </p>
- *
- * @author Shazin Sadakath
- * @since 4.1
- *
- */
-public class ForwardAuthenticationSuccessHandler implements AuthenticationSuccessHandler {
-
-	private final String forwardUrl;
-
-	/**
-	 * @param forwardUrl
-	 */
-	public ForwardAuthenticationSuccessHandler(String forwardUrl) {
-		Assert.isTrue(UrlUtils.isValidRedirectUrl(forwardUrl),
-				() -> "'" + forwardUrl + "' is not a valid forward URL");
-		this.forwardUrl = forwardUrl;
-	}
-
-	public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
-		request.getRequestDispatcher(forwardUrl).forward(request, response);
-	}
-}
+/*
+ * Copyright 2002-2018 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.security.web.authentication;
+
+import org.springframework.security.core.Authentication;
+import org.springframework.security.web.util.UrlUtils;
+import org.springframework.util.Assert;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+/**
+ * <p>
+ * Forward Authentication Success Handler
+ * </p>
+ *
+ * @author Shazin Sadakath
+ * @since 4.1
+ *
+ */
+public class ForwardAuthenticationSuccessHandler implements AuthenticationSuccessHandler {
+
+	private final String forwardUrl;
+
+	/**
+	 * @param forwardUrl
+	 */
+	public ForwardAuthenticationSuccessHandler(String forwardUrl) {
+		Assert.isTrue(UrlUtils.isValidRedirectUrl(forwardUrl), () -> "'" + forwardUrl + "' is not a valid forward URL");
+		this.forwardUrl = forwardUrl;
+	}
+
+	public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
+			Authentication authentication) throws IOException, ServletException {
+		request.getRequestDispatcher(forwardUrl).forward(request, response);
+	}
+
+}
diff --git a/web/src/main/java/org/springframework/security/web/authentication/Http403ForbiddenEntryPoint.java b/web/src/main/java/org/springframework/security/web/authentication/Http403ForbiddenEntryPoint.java
index 10501c6a6e..b80125ec44 100755
--- a/web/src/main/java/org/springframework/security/web/authentication/Http403ForbiddenEntryPoint.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/Http403ForbiddenEntryPoint.java
@@ -39,22 +39,23 @@ import org.springframework.security.web.AuthenticationEntryPoint;
  * <code>HttpServletResponse.SC_FORBIDDEN</code> (403 error).
  *
  * @see org.springframework.security.web.access.ExceptionTranslationFilter
- *
  * @author Luke Taylor
  * @author Ruud Senden
  * @since 2.0
  */
 public class Http403ForbiddenEntryPoint implements AuthenticationEntryPoint {
+
 	private static final Log logger = LogFactory.getLog(Http403ForbiddenEntryPoint.class);
 
 	/**
 	 * Always returns a 403 error code to the client.
 	 */
-	public void commence(HttpServletRequest request, HttpServletResponse response,
-			AuthenticationException arg2) throws IOException {
+	public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException arg2)
+			throws IOException {
 		if (logger.isDebugEnabled()) {
 			logger.debug("Pre-authenticated entry point called. Rejecting access");
 		}
 		response.sendError(HttpServletResponse.SC_FORBIDDEN, "Access Denied");
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/authentication/HttpStatusEntryPoint.java b/web/src/main/java/org/springframework/security/web/authentication/HttpStatusEntryPoint.java
index de3edc2fc5..001628d054 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/HttpStatusEntryPoint.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/HttpStatusEntryPoint.java
@@ -32,11 +32,11 @@ import org.springframework.util.Assert;
  * @since 4.0
  */
 public final class HttpStatusEntryPoint implements AuthenticationEntryPoint {
+
 	private final HttpStatus httpStatus;
 
 	/**
 	 * Creates a new instance.
-	 *
 	 * @param httpStatus the HttpStatus to set
 	 */
 	public HttpStatusEntryPoint(HttpStatus httpStatus) {
@@ -48,4 +48,5 @@ public final class HttpStatusEntryPoint implements AuthenticationEntryPoint {
 			AuthenticationException authException) {
 		response.setStatus(httpStatus.value());
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/authentication/LoginUrlAuthenticationEntryPoint.java b/web/src/main/java/org/springframework/security/web/authentication/LoginUrlAuthenticationEntryPoint.java
index fde6d9f97a..79244ab283 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/LoginUrlAuthenticationEntryPoint.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/LoginUrlAuthenticationEntryPoint.java
@@ -62,13 +62,12 @@ import org.springframework.util.StringUtils;
  * @author Luke Taylor
  * @since 3.0
  */
-public class LoginUrlAuthenticationEntryPoint implements AuthenticationEntryPoint,
-		InitializingBean {
+public class LoginUrlAuthenticationEntryPoint implements AuthenticationEntryPoint, InitializingBean {
+
 	// ~ Static fields/initializers
 	// =====================================================================================
 
-	private static final Log logger = LogFactory
-			.getLog(LoginUrlAuthenticationEntryPoint.class);
+	private static final Log logger = LogFactory.getLog(LoginUrlAuthenticationEntryPoint.class);
 
 	// ~ Instance fields
 	// ================================================================================================
@@ -86,7 +85,6 @@ public class LoginUrlAuthenticationEntryPoint implements AuthenticationEntryPoin
 	private final RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
 
 	/**
-	 *
 	 * @param loginFormUrl URL where the login page can be found. Should either be
 	 * relative to the web-app context path (include a leading {@code /}) or an absolute
 	 * URL.
@@ -100,13 +98,10 @@ public class LoginUrlAuthenticationEntryPoint implements AuthenticationEntryPoin
 	// ========================================================================================================
 
 	public void afterPropertiesSet() {
-		Assert.isTrue(
-				StringUtils.hasText(loginFormUrl)
-						&& UrlUtils.isValidRedirectUrl(loginFormUrl),
+		Assert.isTrue(StringUtils.hasText(loginFormUrl) && UrlUtils.isValidRedirectUrl(loginFormUrl),
 				"loginFormUrl must be specified and must be a valid redirect URL");
 		if (useForward && UrlUtils.isAbsoluteUrl(loginFormUrl)) {
-			throw new IllegalArgumentException(
-					"useForward must be false if using an absolute loginFormURL");
+			throw new IllegalArgumentException("useForward must be false if using an absolute loginFormURL");
 		}
 		Assert.notNull(portMapper, "portMapper must be specified");
 		Assert.notNull(portResolver, "portResolver must be specified");
@@ -115,14 +110,13 @@ public class LoginUrlAuthenticationEntryPoint implements AuthenticationEntryPoin
 	/**
 	 * Allows subclasses to modify the login form URL that should be applicable for a
 	 * given request.
-	 *
 	 * @param request the request
 	 * @param response the response
 	 * @param exception the exception
 	 * @return the URL (cannot be null or empty; defaults to {@link #getLoginFormUrl()})
 	 */
-	protected String determineUrlToUseForThisRequest(HttpServletRequest request,
-			HttpServletResponse response, AuthenticationException exception) {
+	protected String determineUrlToUseForThisRequest(HttpServletRequest request, HttpServletResponse response,
+			AuthenticationException exception) {
 
 		return getLoginFormUrl();
 	}
@@ -145,8 +139,7 @@ public class LoginUrlAuthenticationEntryPoint implements AuthenticationEntryPoin
 			}
 
 			if (redirectUrl == null) {
-				String loginForm = determineUrlToUseForThisRequest(request, response,
-						authException);
+				String loginForm = determineUrlToUseForThisRequest(request, response, authException);
 
 				if (logger.isDebugEnabled()) {
 					logger.debug("Server side forward to: " + loginForm);
@@ -169,11 +162,10 @@ public class LoginUrlAuthenticationEntryPoint implements AuthenticationEntryPoin
 		redirectStrategy.sendRedirect(request, response, redirectUrl);
 	}
 
-	protected String buildRedirectUrlToLoginPage(HttpServletRequest request,
-			HttpServletResponse response, AuthenticationException authException) {
+	protected String buildRedirectUrlToLoginPage(HttpServletRequest request, HttpServletResponse response,
+			AuthenticationException authException) {
 
-		String loginForm = determineUrlToUseForThisRequest(request, response,
-				authException);
+		String loginForm = determineUrlToUseForThisRequest(request, response, authException);
 
 		if (UrlUtils.isAbsoluteUrl(loginForm)) {
 			return loginForm;
@@ -199,8 +191,7 @@ public class LoginUrlAuthenticationEntryPoint implements AuthenticationEntryPoin
 				urlBuilder.setPort(httpsPort);
 			}
 			else {
-				logger.warn("Unable to redirect to HTTPS as no port mapping found for HTTP port "
-						+ serverPort);
+				logger.warn("Unable to redirect to HTTPS as no port mapping found for HTTP port " + serverPort);
 			}
 		}
 
@@ -211,8 +202,7 @@ public class LoginUrlAuthenticationEntryPoint implements AuthenticationEntryPoin
 	 * Builds a URL to redirect the supplied request to HTTPS. Used to redirect the
 	 * current request to HTTPS, before doing a forward to the login page.
 	 */
-	protected String buildHttpsRedirectUrlForRequest(HttpServletRequest request)
-			throws IOException, ServletException {
+	protected String buildHttpsRedirectUrlForRequest(HttpServletRequest request) throws IOException, ServletException {
 
 		int serverPort = portResolver.getServerPort(request);
 		Integer httpsPort = portMapper.lookupHttpsPort(serverPort);
@@ -231,8 +221,7 @@ public class LoginUrlAuthenticationEntryPoint implements AuthenticationEntryPoin
 		}
 
 		// Fall through to server-side forward with warning message
-		logger.warn("Unable to redirect to HTTPS as no port mapping found for HTTP port "
-				+ serverPort);
+		logger.warn("Unable to redirect to HTTPS as no port mapping found for HTTP port " + serverPort);
 
 		return null;
 	}
@@ -277,7 +266,6 @@ public class LoginUrlAuthenticationEntryPoint implements AuthenticationEntryPoin
 	/**
 	 * Tells if we are to do a forward to the {@code loginFormUrl} using the
 	 * {@code RequestDispatcher}, instead of a 302 redirect.
-	 *
 	 * @param useForward true if a forward to the login page should be used. Must be false
 	 * (the default) if {@code loginFormUrl} is set to an absolute value.
 	 */
@@ -288,4 +276,5 @@ public class LoginUrlAuthenticationEntryPoint implements AuthenticationEntryPoin
 	protected boolean isUseForward() {
 		return useForward;
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/authentication/NullRememberMeServices.java b/web/src/main/java/org/springframework/security/web/authentication/NullRememberMeServices.java
index bbb8ff91fd..8dc1fecaf2 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/NullRememberMeServices.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/NullRememberMeServices.java
@@ -30,11 +30,11 @@ import javax.servlet.http.HttpServletResponse;
  * @author Ben Alex
  */
 public class NullRememberMeServices implements RememberMeServices {
+
 	// ~ Methods
 	// ========================================================================================================
 
-	public Authentication autoLogin(HttpServletRequest request,
-			HttpServletResponse response) {
+	public Authentication autoLogin(HttpServletRequest request, HttpServletResponse response) {
 		return null;
 	}
 
@@ -44,4 +44,5 @@ public class NullRememberMeServices implements RememberMeServices {
 	public void loginSuccess(HttpServletRequest request, HttpServletResponse response,
 			Authentication successfulAuthentication) {
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/authentication/RememberMeServices.java b/web/src/main/java/org/springframework/security/web/authentication/RememberMeServices.java
index 2dd1464e7f..8bd8d56c70 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/RememberMeServices.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/RememberMeServices.java
@@ -33,20 +33,21 @@ import org.springframework.security.core.Authentication;
  * this interface.
  * <p>
  * Implementations may implement any type of remember-me capability they wish. Rolling
- * cookies (as per <a
- * href="https://fishbowl.pastiche.org/2004/01/19/persistent_login_cookie_best_practice">
+ * cookies (as per <a href=
+ * "https://fishbowl.pastiche.org/2004/01/19/persistent_login_cookie_best_practice">
  * https://fishbowl.pastiche.org/2004/01/19/persistent_login_cookie_best_practice</a>) can
  * be used, as can simple implementations that don't require a persistent store.
  * Implementations also determine the validity period of a remember-me cookie. This
  * interface has been designed to accommodate any of these remember-me models.
  * <p>
- * This interface does not define how remember-me services should offer a
- * "cancel all remember-me tokens" type capability, as this will be implementation
- * specific and requires no hooks into Spring Security.
+ * This interface does not define how remember-me services should offer a "cancel all
+ * remember-me tokens" type capability, as this will be implementation specific and
+ * requires no hooks into Spring Security.
  *
  * @author Ben Alex
  */
 public interface RememberMeServices {
+
 	// ~ Methods
 	// ========================================================================================================
 
@@ -66,10 +67,8 @@ public interface RememberMeServices {
 	 * by the web application. It is recommended
 	 * {@link org.springframework.security.authentication.RememberMeAuthenticationToken}
 	 * be used in most cases, as it has a corresponding authentication provider.
-	 *
 	 * @param request to look for a remember-me token within
 	 * @param response to change, cancel or modify the remember-me token
-	 *
 	 * @return a valid authentication object, or <code>null</code> if the request should
 	 * not be authenticated
 	 */
@@ -80,7 +79,6 @@ public interface RememberMeServices {
 	 * supplied by the user were missing or otherwise invalid. Implementations should
 	 * invalidate any and all remember-me tokens indicated in the
 	 * <code>HttpServletRequest</code>.
-	 *
 	 * @param request that contained an invalid authentication request
 	 * @param response to change, cancel or modify the remember-me token
 	 */
@@ -93,7 +91,6 @@ public interface RememberMeServices {
 	 * implementations should typically look for a request parameter that indicates the
 	 * browser has presented an explicit request for authentication to be remembered, such
 	 * as the presence of a HTTP POST parameter.
-	 *
 	 * @param request that contained the valid authentication request
 	 * @param response to change, cancel or modify the remember-me token
 	 * @param successfulAuthentication representing the successfully authenticated
@@ -101,4 +98,5 @@ public interface RememberMeServices {
 	 */
 	void loginSuccess(HttpServletRequest request, HttpServletResponse response,
 			Authentication successfulAuthentication);
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/authentication/SavedRequestAwareAuthenticationSuccessHandler.java b/web/src/main/java/org/springframework/security/web/authentication/SavedRequestAwareAuthenticationSuccessHandler.java
index 465b9d0e10..5f43b67022 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/SavedRequestAwareAuthenticationSuccessHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/SavedRequestAwareAuthenticationSuccessHandler.java
@@ -32,48 +32,45 @@ import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
 
 /**
  * An authentication success strategy which can make use of the
- * {@link org.springframework.security.web.savedrequest.DefaultSavedRequest} which may have been stored in the session by the
- * {@link ExceptionTranslationFilter}. When such a request is intercepted and requires
- * authentication, the request data is stored to record the original destination before
- * the authentication process commenced, and to allow the request to be reconstructed when
- * a redirect to the same URL occurs. This class is responsible for performing the
- * redirect to the original URL if appropriate.
+ * {@link org.springframework.security.web.savedrequest.DefaultSavedRequest} which may
+ * have been stored in the session by the {@link ExceptionTranslationFilter}. When such a
+ * request is intercepted and requires authentication, the request data is stored to
+ * record the original destination before the authentication process commenced, and to
+ * allow the request to be reconstructed when a redirect to the same URL occurs. This
+ * class is responsible for performing the redirect to the original URL if appropriate.
  * <p>
  * Following a successful authentication, it decides on the redirect destination, based on
  * the following scenarios:
  * <ul>
- * <li>
- * If the {@code alwaysUseDefaultTargetUrl} property is set to true, the
+ * <li>If the {@code alwaysUseDefaultTargetUrl} property is set to true, the
  * {@code defaultTargetUrl} will be used for the destination. Any
  * {@code DefaultSavedRequest} stored in the session will be removed.</li>
- * <li>
- * If the {@code targetUrlParameter} has been set on the request, the value will be used
- * as the destination. Any {@code DefaultSavedRequest} will again be removed.</li>
- * <li>
- * If a {@link org.springframework.security.web.savedrequest.SavedRequest} is found in the {@code RequestCache} (as set by the
- * {@link ExceptionTranslationFilter} to record the original destination before the
- * authentication process commenced), a redirect will be performed to the Url of that
- * original destination. The {@code SavedRequest} object will remain cached and be picked
- * up when the redirected request is received (See
- * <a href="{@docRoot}/org/springframework/security/web/savedrequest/SavedRequestAwareWrapper.html">SavedRequestAwareWrapper</a>).
+ * <li>If the {@code targetUrlParameter} has been set on the request, the value will be
+ * used as the destination. Any {@code DefaultSavedRequest} will again be removed.</li>
+ * <li>If a {@link org.springframework.security.web.savedrequest.SavedRequest} is found in
+ * the {@code RequestCache} (as set by the {@link ExceptionTranslationFilter} to record
+ * the original destination before the authentication process commenced), a redirect will
+ * be performed to the Url of that original destination. The {@code SavedRequest} object
+ * will remain cached and be picked up when the redirected request is received (See
+ * <a href="
+ * {@docRoot}/org/springframework/security/web/savedrequest/SavedRequestAwareWrapper.html">SavedRequestAwareWrapper</a>).
  * </li>
- * <li>
- * If no {@link org.springframework.security.web.savedrequest.SavedRequest} is found, it will delegate to the base class.</li>
+ * <li>If no {@link org.springframework.security.web.savedrequest.SavedRequest} is found,
+ * it will delegate to the base class.</li>
  * </ul>
  *
  * @author Luke Taylor
  * @since 3.0
  */
-public class SavedRequestAwareAuthenticationSuccessHandler extends
-		SimpleUrlAuthenticationSuccessHandler {
+public class SavedRequestAwareAuthenticationSuccessHandler extends SimpleUrlAuthenticationSuccessHandler {
+
 	protected final Log logger = LogFactory.getLog(this.getClass());
 
 	private RequestCache requestCache = new HttpSessionRequestCache();
 
 	@Override
-	public void onAuthenticationSuccess(HttpServletRequest request,
-			HttpServletResponse response, Authentication authentication)
-			throws ServletException, IOException {
+	public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
+			Authentication authentication) throws ServletException, IOException {
 		SavedRequest savedRequest = requestCache.getRequest(request, response);
 
 		if (savedRequest == null) {
@@ -83,8 +80,7 @@ public class SavedRequestAwareAuthenticationSuccessHandler extends
 		}
 		String targetUrlParameter = getTargetUrlParameter();
 		if (isAlwaysUseDefaultTargetUrl()
-				|| (targetUrlParameter != null && StringUtils.hasText(request
-						.getParameter(targetUrlParameter)))) {
+				|| (targetUrlParameter != null && StringUtils.hasText(request.getParameter(targetUrlParameter)))) {
 			requestCache.removeRequest(request, response);
 			super.onAuthenticationSuccess(request, response, authentication);
 
@@ -102,4 +98,5 @@ public class SavedRequestAwareAuthenticationSuccessHandler extends
 	public void setRequestCache(RequestCache requestCache) {
 		this.requestCache = requestCache;
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationFailureHandler.java b/web/src/main/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationFailureHandler.java
index 7eb7bd23d8..4f1ff78d53 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationFailureHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationFailureHandler.java
@@ -45,13 +45,16 @@ import org.springframework.util.Assert;
  * @author Luke Taylor
  * @since 3.0
  */
-public class SimpleUrlAuthenticationFailureHandler implements
-		AuthenticationFailureHandler {
+public class SimpleUrlAuthenticationFailureHandler implements AuthenticationFailureHandler {
+
 	protected final Log logger = LogFactory.getLog(getClass());
 
 	private String defaultFailureUrl;
+
 	private boolean forwardToDestination = false;
+
 	private boolean allowSessionCreation = true;
+
 	private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
 
 	public SimpleUrlAuthenticationFailureHandler() {
@@ -68,15 +71,13 @@ public class SimpleUrlAuthenticationFailureHandler implements
 	 * If redirecting or forwarding, {@code saveException} will be called to cache the
 	 * exception for use in the target view.
 	 */
-	public void onAuthenticationFailure(HttpServletRequest request,
-			HttpServletResponse response, AuthenticationException exception)
-			throws IOException, ServletException {
+	public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
+			AuthenticationException exception) throws IOException, ServletException {
 
 		if (defaultFailureUrl == null) {
 			logger.debug("No failure URL set, sending 401 Unauthorized error");
 
-			response.sendError(HttpStatus.UNAUTHORIZED.value(),
-				HttpStatus.UNAUTHORIZED.getReasonPhrase());
+			response.sendError(HttpStatus.UNAUTHORIZED.value(), HttpStatus.UNAUTHORIZED.getReasonPhrase());
 		}
 		else {
 			saveException(request, exception);
@@ -84,8 +85,7 @@ public class SimpleUrlAuthenticationFailureHandler implements
 			if (forwardToDestination) {
 				logger.debug("Forwarding to " + defaultFailureUrl);
 
-				request.getRequestDispatcher(defaultFailureUrl)
-						.forward(request, response);
+				request.getRequestDispatcher(defaultFailureUrl).forward(request, response);
 			}
 			else {
 				logger.debug("Redirecting to " + defaultFailureUrl);
@@ -102,8 +102,7 @@ public class SimpleUrlAuthenticationFailureHandler implements
 	 * session and {@code allowSessionCreation} is {@code true} a session will be created.
 	 * Otherwise the exception will not be stored.
 	 */
-	protected final void saveException(HttpServletRequest request,
-			AuthenticationException exception) {
+	protected final void saveException(HttpServletRequest request, AuthenticationException exception) {
 		if (forwardToDestination) {
 			request.setAttribute(WebAttributes.AUTHENTICATION_EXCEPTION, exception);
 		}
@@ -111,15 +110,13 @@ public class SimpleUrlAuthenticationFailureHandler implements
 			HttpSession session = request.getSession(false);
 
 			if (session != null || allowSessionCreation) {
-				request.getSession().setAttribute(WebAttributes.AUTHENTICATION_EXCEPTION,
-						exception);
+				request.getSession().setAttribute(WebAttributes.AUTHENTICATION_EXCEPTION, exception);
 			}
 		}
 	}
 
 	/**
 	 * The URL which will be used as the failure destination.
-	 *
 	 * @param defaultFailureUrl the failure URL, for example "/loginFailed.jsp".
 	 */
 	public void setDefaultFailureUrl(String defaultFailureUrl) {
@@ -158,4 +155,5 @@ public class SimpleUrlAuthenticationFailureHandler implements
 	public void setAllowSessionCreation(boolean allowSessionCreation) {
 		this.allowSessionCreation = allowSessionCreation;
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationSuccessHandler.java b/web/src/main/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationSuccessHandler.java
index 550007be20..49fe41828f 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationSuccessHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationSuccessHandler.java
@@ -35,9 +35,8 @@ import org.springframework.security.web.WebAttributes;
  * @author Luke Taylor
  * @since 3.0
  */
-public class SimpleUrlAuthenticationSuccessHandler extends
-		AbstractAuthenticationTargetUrlRequestHandler implements
-		AuthenticationSuccessHandler {
+public class SimpleUrlAuthenticationSuccessHandler extends AbstractAuthenticationTargetUrlRequestHandler
+		implements AuthenticationSuccessHandler {
 
 	public SimpleUrlAuthenticationSuccessHandler() {
 	}
@@ -56,9 +55,8 @@ public class SimpleUrlAuthenticationSuccessHandler extends
 	 * URL, and then calls {@code clearAuthenticationAttributes()} to remove any leftover
 	 * session data.
 	 */
-	public void onAuthenticationSuccess(HttpServletRequest request,
-			HttpServletResponse response, Authentication authentication)
-			throws IOException, ServletException {
+	public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
+			Authentication authentication) throws IOException, ServletException {
 
 		handle(request, response, authentication);
 		clearAuthenticationAttributes(request);
@@ -77,4 +75,5 @@ public class SimpleUrlAuthenticationSuccessHandler extends
 
 		session.removeAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/authentication/UsernamePasswordAuthenticationFilter.java b/web/src/main/java/org/springframework/security/web/authentication/UsernamePasswordAuthenticationFilter.java
index 6a6d89d41c..8669fa0044 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/UsernamePasswordAuthenticationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/UsernamePasswordAuthenticationFilter.java
@@ -45,18 +45,22 @@ import javax.servlet.http.HttpServletResponse;
  * @author Luke Taylor
  * @since 3.0
  */
-public class UsernamePasswordAuthenticationFilter extends
-		AbstractAuthenticationProcessingFilter {
+public class UsernamePasswordAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
+
 	// ~ Static fields/initializers
 	// =====================================================================================
 
 	public static final String SPRING_SECURITY_FORM_USERNAME_KEY = "username";
+
 	public static final String SPRING_SECURITY_FORM_PASSWORD_KEY = "password";
-	private static final AntPathRequestMatcher DEFAULT_ANT_PATH_REQUEST_MATCHER =
-			new AntPathRequestMatcher("/login", "POST");
+
+	private static final AntPathRequestMatcher DEFAULT_ANT_PATH_REQUEST_MATCHER = new AntPathRequestMatcher("/login",
+			"POST");
 
 	private String usernameParameter = SPRING_SECURITY_FORM_USERNAME_KEY;
+
 	private String passwordParameter = SPRING_SECURITY_FORM_PASSWORD_KEY;
+
 	private boolean postOnly = true;
 
 	// ~ Constructors
@@ -73,11 +77,10 @@ public class UsernamePasswordAuthenticationFilter extends
 	// ~ Methods
 	// ========================================================================================================
 
-	public Authentication attemptAuthentication(HttpServletRequest request,
-			HttpServletResponse response) throws AuthenticationException {
+	public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
+			throws AuthenticationException {
 		if (postOnly && !request.getMethod().equals("POST")) {
-			throw new AuthenticationServiceException(
-					"Authentication method not supported: " + request.getMethod());
+			throw new AuthenticationServiceException("Authentication method not supported: " + request.getMethod());
 		}
 
 		String username = obtainUsername(request);
@@ -93,8 +96,7 @@ public class UsernamePasswordAuthenticationFilter extends
 
 		username = username.trim();
 
-		UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(
-				username, password);
+		UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username, password);
 
 		// Allow subclasses to set the "details" property
 		setDetails(request, authRequest);
@@ -111,9 +113,7 @@ public class UsernamePasswordAuthenticationFilter extends
 	 * password and extended value(s). The <code>AuthenticationDao</code> will need to
 	 * generate the expected password in a corresponding manner.
 	 * </p>
-	 *
 	 * @param request so that request attributes can be retrieved
-	 *
 	 * @return the password that will be presented in the <code>Authentication</code>
 	 * request token to the <code>AuthenticationManager</code>
 	 */
@@ -125,9 +125,7 @@ public class UsernamePasswordAuthenticationFilter extends
 	/**
 	 * Enables subclasses to override the composition of the username, such as by
 	 * including additional values and a separator.
-	 *
 	 * @param request so that request attributes can be retrieved
-	 *
 	 * @return the username that will be presented in the <code>Authentication</code>
 	 * request token to the <code>AuthenticationManager</code>
 	 */
@@ -139,20 +137,17 @@ public class UsernamePasswordAuthenticationFilter extends
 	/**
 	 * Provided so that subclasses may configure what is put into the authentication
 	 * request's details property.
-	 *
 	 * @param request that an authentication request is being created for
 	 * @param authRequest the authentication request object that should have its details
 	 * set
 	 */
-	protected void setDetails(HttpServletRequest request,
-			UsernamePasswordAuthenticationToken authRequest) {
+	protected void setDetails(HttpServletRequest request, UsernamePasswordAuthenticationToken authRequest) {
 		authRequest.setDetails(authenticationDetailsSource.buildDetails(request));
 	}
 
 	/**
 	 * Sets the parameter name which will be used to obtain the username from the login
 	 * request.
-	 *
 	 * @param usernameParameter the parameter name. Defaults to "username".
 	 */
 	public void setUsernameParameter(String usernameParameter) {
@@ -163,7 +158,6 @@ public class UsernamePasswordAuthenticationFilter extends
 	/**
 	 * Sets the parameter name which will be used to obtain the password from the login
 	 * request..
-	 *
 	 * @param passwordParameter the parameter name. Defaults to "password".
 	 */
 	public void setPasswordParameter(String passwordParameter) {
@@ -191,4 +185,5 @@ public class UsernamePasswordAuthenticationFilter extends
 	public final String getPasswordParameter() {
 		return passwordParameter;
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/authentication/WebAuthenticationDetails.java b/web/src/main/java/org/springframework/security/web/authentication/WebAuthenticationDetails.java
index 4008540504..b099a8c745 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/WebAuthenticationDetails.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/WebAuthenticationDetails.java
@@ -36,6 +36,7 @@ public class WebAuthenticationDetails implements Serializable {
 	// ================================================================================================
 
 	private final String remoteAddress;
+
 	private final String sessionId;
 
 	// ~ Constructors
@@ -44,7 +45,6 @@ public class WebAuthenticationDetails implements Serializable {
 	/**
 	 * Records the remote address and will also set the session Id if a session already
 	 * exists (it won't create one).
-	 *
 	 * @param request that the authentication request was received from
 	 */
 	public WebAuthenticationDetails(HttpServletRequest request) {
@@ -56,7 +56,6 @@ public class WebAuthenticationDetails implements Serializable {
 
 	/**
 	 * Constructor to add Jackson2 serialize/deserialize support
-	 *
 	 * @param remoteAddress remote address of current request
 	 * @param sessionId session id
 	 */
@@ -109,7 +108,6 @@ public class WebAuthenticationDetails implements Serializable {
 
 	/**
 	 * Indicates the TCP/IP address the authentication request was received from.
-	 *
 	 * @return the address
 	 */
 	public String getRemoteAddress() {
@@ -119,7 +117,6 @@ public class WebAuthenticationDetails implements Serializable {
 	/**
 	 * Indicates the <code>HttpSession</code> id the authentication request was received
 	 * from.
-	 *
 	 * @return the session ID
 	 */
 	public String getSessionId() {
@@ -150,4 +147,5 @@ public class WebAuthenticationDetails implements Serializable {
 
 		return sb.toString();
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/authentication/WebAuthenticationDetailsSource.java b/web/src/main/java/org/springframework/security/web/authentication/WebAuthenticationDetailsSource.java
index f4a86f9816..00b501efc8 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/WebAuthenticationDetailsSource.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/WebAuthenticationDetailsSource.java
@@ -27,8 +27,8 @@ import javax.servlet.http.HttpServletRequest;
  *
  * @author Ben Alex
  */
-public class WebAuthenticationDetailsSource implements
-		AuthenticationDetailsSource<HttpServletRequest, WebAuthenticationDetails> {
+public class WebAuthenticationDetailsSource
+		implements AuthenticationDetailsSource<HttpServletRequest, WebAuthenticationDetails> {
 
 	// ~ Methods
 	// ========================================================================================================
@@ -41,4 +41,5 @@ public class WebAuthenticationDetailsSource implements
 	public WebAuthenticationDetails buildDetails(HttpServletRequest context) {
 		return new WebAuthenticationDetails(context);
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/authentication/logout/CompositeLogoutHandler.java b/web/src/main/java/org/springframework/security/web/authentication/logout/CompositeLogoutHandler.java
index 8c8694a00f..5150d63ab8 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/logout/CompositeLogoutHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/logout/CompositeLogoutHandler.java
@@ -26,10 +26,10 @@ import org.springframework.security.core.Authentication;
 import org.springframework.util.Assert;
 
 /**
- * Performs a logout through all the {@link LogoutHandler} implementations.
- * If any exception is thrown by
- * {@link #logout(HttpServletRequest, HttpServletResponse, Authentication)},
- * no additional LogoutHandler are invoked.
+ * Performs a logout through all the {@link LogoutHandler} implementations. If any
+ * exception is thrown by
+ * {@link #logout(HttpServletRequest, HttpServletResponse, Authentication)}, no additional
+ * LogoutHandler are invoked.
  *
  * @author Eddú Meléndez
  * @since 4.2.0
@@ -54,4 +54,5 @@ public final class CompositeLogoutHandler implements LogoutHandler {
 			handler.logout(request, response, authentication);
 		}
 	}
+
 }
\ No newline at end of file
diff --git a/web/src/main/java/org/springframework/security/web/authentication/logout/CookieClearingLogoutHandler.java b/web/src/main/java/org/springframework/security/web/authentication/logout/CookieClearingLogoutHandler.java
index 3f7ba8b4ff..d7cb534bbd 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/logout/CookieClearingLogoutHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/logout/CookieClearingLogoutHandler.java
@@ -26,16 +26,15 @@ import org.springframework.security.core.Authentication;
 import org.springframework.util.Assert;
 
 /**
- * A logout handler which clears either
- * - A defined list of cookie names, using the context path as the cookie path
- * OR
- * - A given list of Cookies
+ * A logout handler which clears either - A defined list of cookie names, using the
+ * context path as the cookie path OR - A given list of Cookies
  *
  * @author Luke Taylor
  * @author Onur Kagan Ozcan
  * @since 3.1
  */
 public final class CookieClearingLogoutHandler implements LogoutHandler {
+
 	private final List<Function<HttpServletRequest, Cookie>> cookiesToClear;
 
 	public CookieClearingLogoutHandler(String... cookiesToClear) {
@@ -52,7 +51,7 @@ public final class CookieClearingLogoutHandler implements LogoutHandler {
 			};
 			cookieList.add(f);
 		}
-		this.cookiesToClear =  cookieList;
+		this.cookiesToClear = cookieList;
 	}
 
 	/**
@@ -70,10 +69,8 @@ public final class CookieClearingLogoutHandler implements LogoutHandler {
 		this.cookiesToClear = cookieList;
 	}
 
-	public void logout(HttpServletRequest request, HttpServletResponse response,
-			Authentication authentication) {
-		cookiesToClear.forEach(
-			f -> response.addCookie(f.apply(request))
-		);
+	public void logout(HttpServletRequest request, HttpServletResponse response, Authentication authentication) {
+		cookiesToClear.forEach(f -> response.addCookie(f.apply(request)));
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/authentication/logout/DelegatingLogoutSuccessHandler.java b/web/src/main/java/org/springframework/security/web/authentication/logout/DelegatingLogoutSuccessHandler.java
index a53514c441..e7336d5365 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/logout/DelegatingLogoutSuccessHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/logout/DelegatingLogoutSuccessHandler.java
@@ -1,77 +1,72 @@
-/*
- * Copyright 2002-2016 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.springframework.security.web.authentication.logout;
-
-import java.io.IOException;
-import java.util.LinkedHashMap;
-import java.util.Map;
-
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.springframework.security.core.Authentication;
-import org.springframework.security.web.util.matcher.RequestMatcher;
-import org.springframework.util.Assert;
-
-/**
- * Delegates to logout handlers based on matched request matchers
- *
- * @author Shazin Sadakath
- * @author Rob Winch
- * @since 4.1
- */
-public class DelegatingLogoutSuccessHandler implements LogoutSuccessHandler {
-
-	private final LinkedHashMap<RequestMatcher, LogoutSuccessHandler> matcherToHandler;
-
-	private LogoutSuccessHandler defaultLogoutSuccessHandler;
-
-	public DelegatingLogoutSuccessHandler(
-			LinkedHashMap<RequestMatcher, LogoutSuccessHandler> matcherToHandler) {
-		Assert.notEmpty(matcherToHandler, "matcherToHandler cannot be null");
-		this.matcherToHandler = matcherToHandler;
-	}
-
-	@Override
-	public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response,
-			Authentication authentication) throws IOException, ServletException {
-		for (Map.Entry<RequestMatcher, LogoutSuccessHandler> entry : this.matcherToHandler
-				.entrySet()) {
-			RequestMatcher matcher = entry.getKey();
-			if (matcher.matches(request)) {
-				LogoutSuccessHandler handler = entry.getValue();
-				handler.onLogoutSuccess(request, response, authentication);
-				return;
-			}
-		}
-		if (this.defaultLogoutSuccessHandler != null) {
-			this.defaultLogoutSuccessHandler.onLogoutSuccess(request, response,
-					authentication);
-		}
-	}
-
-	/**
-	 * Sets the default {@link LogoutSuccessHandler} if no other handlers available
-	 *
-	 * @param defaultLogoutSuccessHandler the defaultLogoutSuccessHandler to set
-	 */
-	public void setDefaultLogoutSuccessHandler(
-			LogoutSuccessHandler defaultLogoutSuccessHandler) {
-		this.defaultLogoutSuccessHandler = defaultLogoutSuccessHandler;
-	}
-
-}
+/*
+ * Copyright 2002-2016 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.security.web.authentication.logout;
+
+import java.io.IOException;
+import java.util.LinkedHashMap;
+import java.util.Map;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.security.core.Authentication;
+import org.springframework.security.web.util.matcher.RequestMatcher;
+import org.springframework.util.Assert;
+
+/**
+ * Delegates to logout handlers based on matched request matchers
+ *
+ * @author Shazin Sadakath
+ * @author Rob Winch
+ * @since 4.1
+ */
+public class DelegatingLogoutSuccessHandler implements LogoutSuccessHandler {
+
+	private final LinkedHashMap<RequestMatcher, LogoutSuccessHandler> matcherToHandler;
+
+	private LogoutSuccessHandler defaultLogoutSuccessHandler;
+
+	public DelegatingLogoutSuccessHandler(LinkedHashMap<RequestMatcher, LogoutSuccessHandler> matcherToHandler) {
+		Assert.notEmpty(matcherToHandler, "matcherToHandler cannot be null");
+		this.matcherToHandler = matcherToHandler;
+	}
+
+	@Override
+	public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication)
+			throws IOException, ServletException {
+		for (Map.Entry<RequestMatcher, LogoutSuccessHandler> entry : this.matcherToHandler.entrySet()) {
+			RequestMatcher matcher = entry.getKey();
+			if (matcher.matches(request)) {
+				LogoutSuccessHandler handler = entry.getValue();
+				handler.onLogoutSuccess(request, response, authentication);
+				return;
+			}
+		}
+		if (this.defaultLogoutSuccessHandler != null) {
+			this.defaultLogoutSuccessHandler.onLogoutSuccess(request, response, authentication);
+		}
+	}
+
+	/**
+	 * Sets the default {@link LogoutSuccessHandler} if no other handlers available
+	 * @param defaultLogoutSuccessHandler the defaultLogoutSuccessHandler to set
+	 */
+	public void setDefaultLogoutSuccessHandler(LogoutSuccessHandler defaultLogoutSuccessHandler) {
+		this.defaultLogoutSuccessHandler = defaultLogoutSuccessHandler;
+	}
+
+}
diff --git a/web/src/main/java/org/springframework/security/web/authentication/logout/ForwardLogoutSuccessHandler.java b/web/src/main/java/org/springframework/security/web/authentication/logout/ForwardLogoutSuccessHandler.java
index 56e671ab53..90073995ca 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/logout/ForwardLogoutSuccessHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/logout/ForwardLogoutSuccessHandler.java
@@ -42,14 +42,13 @@ public class ForwardLogoutSuccessHandler implements LogoutSuccessHandler {
 	 * @param targetUrl the target URL
 	 */
 	public ForwardLogoutSuccessHandler(String targetUrl) {
-		Assert.isTrue(UrlUtils.isValidRedirectUrl(targetUrl),
-				() -> "'" + targetUrl + "' is not a valid target URL");
+		Assert.isTrue(UrlUtils.isValidRedirectUrl(targetUrl), () -> "'" + targetUrl + "' is not a valid target URL");
 		this.targetUrl = targetUrl;
 	}
 
 	@Override
-	public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response,
-			Authentication authentication) throws IOException, ServletException {
+	public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication)
+			throws IOException, ServletException {
 		request.getRequestDispatcher(this.targetUrl).forward(request, response);
 	}
 
diff --git a/web/src/main/java/org/springframework/security/web/authentication/logout/HeaderWriterLogoutHandler.java b/web/src/main/java/org/springframework/security/web/authentication/logout/HeaderWriterLogoutHandler.java
index 0a8539fb21..a95bad8ffd 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/logout/HeaderWriterLogoutHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/logout/HeaderWriterLogoutHandler.java
@@ -24,16 +24,15 @@ import org.springframework.security.web.header.HeaderWriter;
 import org.springframework.util.Assert;
 
 /**
- *
  * @author Rafiullah Hamedy
  * @since 5.2
  */
 public final class HeaderWriterLogoutHandler implements LogoutHandler {
+
 	private final HeaderWriter headerWriter;
 
 	/**
 	 * Constructs a new instance using the passed {@link HeaderWriter} implementation
-	 *
 	 * @param headerWriter
 	 * @throws {@link IllegalArgumentException} if headerWriter is null.
 	 */
@@ -43,8 +42,8 @@ public final class HeaderWriterLogoutHandler implements LogoutHandler {
 	}
 
 	@Override
-	public void logout(HttpServletRequest request, HttpServletResponse response,
-			Authentication authentication) {
+	public void logout(HttpServletRequest request, HttpServletResponse response, Authentication authentication) {
 		this.headerWriter.writeHeaders(request, response);
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/authentication/logout/HttpStatusReturningLogoutSuccessHandler.java b/web/src/main/java/org/springframework/security/web/authentication/logout/HttpStatusReturningLogoutSuccessHandler.java
index dabebabe99..c30eb056b1 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/logout/HttpStatusReturningLogoutSuccessHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/logout/HttpStatusReturningLogoutSuccessHandler.java
@@ -40,7 +40,6 @@ public class HttpStatusReturningLogoutSuccessHandler implements LogoutSuccessHan
 	/**
 	 * Initialize the {@code HttpStatusLogoutSuccessHandler} with a user-defined
 	 * {@link HttpStatus}.
-	 *
 	 * @param httpStatusToReturn Must not be {@code null}.
 	 */
 	public HttpStatusReturningLogoutSuccessHandler(HttpStatus httpStatusToReturn) {
@@ -61,8 +60,8 @@ public class HttpStatusReturningLogoutSuccessHandler implements LogoutSuccessHan
 	 * {@link LogoutSuccessHandler#onLogoutSuccess(HttpServletRequest, HttpServletResponse, Authentication)}
 	 * . Sets the status on the {@link HttpServletResponse}.
 	 */
-	public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response,
-			Authentication authentication) throws IOException {
+	public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication)
+			throws IOException {
 		response.setStatus(this.httpStatusToReturn.value());
 		response.getWriter().flush();
 	}
diff --git a/web/src/main/java/org/springframework/security/web/authentication/logout/LogoutFilter.java b/web/src/main/java/org/springframework/security/web/authentication/logout/LogoutFilter.java
index f709fba2be..c7376fc8dd 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/logout/LogoutFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/logout/LogoutFilter.java
@@ -57,6 +57,7 @@ public class LogoutFilter extends GenericFilterBean {
 	private RequestMatcher logoutRequestMatcher;
 
 	private final LogoutHandler handler;
+
 	private final LogoutSuccessHandler logoutSuccessHandler;
 
 	// ~ Constructors
@@ -68,8 +69,7 @@ public class LogoutFilter extends GenericFilterBean {
 	 * intended to perform the actual logout functionality (such as clearing the security
 	 * context, invalidating the session, etc.).
 	 */
-	public LogoutFilter(LogoutSuccessHandler logoutSuccessHandler,
-			LogoutHandler... handlers) {
+	public LogoutFilter(LogoutSuccessHandler logoutSuccessHandler, LogoutHandler... handlers) {
 		this.handler = new CompositeLogoutHandler(handlers);
 		Assert.notNull(logoutSuccessHandler, "logoutSuccessHandler cannot be null");
 		this.logoutSuccessHandler = logoutSuccessHandler;
@@ -78,9 +78,7 @@ public class LogoutFilter extends GenericFilterBean {
 
 	public LogoutFilter(String logoutSuccessUrl, LogoutHandler... handlers) {
 		this.handler = new CompositeLogoutHandler(handlers);
-		Assert.isTrue(
-				!StringUtils.hasLength(logoutSuccessUrl)
-						|| UrlUtils.isValidRedirectUrl(logoutSuccessUrl),
+		Assert.isTrue(!StringUtils.hasLength(logoutSuccessUrl) || UrlUtils.isValidRedirectUrl(logoutSuccessUrl),
 				() -> logoutSuccessUrl + " isn't a valid redirect URL");
 		SimpleUrlLogoutSuccessHandler urlLogoutSuccessHandler = new SimpleUrlLogoutSuccessHandler();
 		if (StringUtils.hasText(logoutSuccessUrl)) {
@@ -102,8 +100,7 @@ public class LogoutFilter extends GenericFilterBean {
 			Authentication auth = SecurityContextHolder.getContext().getAuthentication();
 
 			if (logger.isDebugEnabled()) {
-				logger.debug("Logging out user '" + auth
-						+ "' and transferring to logout destination");
+				logger.debug("Logging out user '" + auth + "' and transferring to logout destination");
 			}
 
 			this.handler.logout(request, response, auth);
@@ -118,14 +115,11 @@ public class LogoutFilter extends GenericFilterBean {
 
 	/**
 	 * Allow subclasses to modify when a logout should take place.
-	 *
 	 * @param request the request
 	 * @param response the response
-	 *
 	 * @return <code>true</code> if logout should occur, <code>false</code> otherwise
 	 */
-	protected boolean requiresLogout(HttpServletRequest request,
-			HttpServletResponse response) {
+	protected boolean requiresLogout(HttpServletRequest request, HttpServletResponse response) {
 		return logoutRequestMatcher.matches(request);
 	}
 
@@ -137,4 +131,5 @@ public class LogoutFilter extends GenericFilterBean {
 	public void setFilterProcessesUrl(String filterProcessesUrl) {
 		this.logoutRequestMatcher = new AntPathRequestMatcher(filterProcessesUrl);
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/authentication/logout/LogoutHandler.java b/web/src/main/java/org/springframework/security/web/authentication/logout/LogoutHandler.java
index 35e3a2a8c2..e423ce4d8b 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/logout/LogoutHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/logout/LogoutHandler.java
@@ -30,16 +30,16 @@ import javax.servlet.http.HttpServletResponse;
  * @author Ben Alex
  */
 public interface LogoutHandler {
+
 	// ~ Methods
 	// ========================================================================================================
 
 	/**
 	 * Causes a logout to be completed. The method must complete successfully.
-	 *
 	 * @param request the HTTP request
 	 * @param response the HTTP response
 	 * @param authentication the current principal details
 	 */
-	void logout(HttpServletRequest request, HttpServletResponse response,
-			Authentication authentication);
+	void logout(HttpServletRequest request, HttpServletResponse response, Authentication authentication);
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/authentication/logout/LogoutSuccessHandler.java b/web/src/main/java/org/springframework/security/web/authentication/logout/LogoutSuccessHandler.java
index a478d66b64..0b3e3147e5 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/logout/LogoutSuccessHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/logout/LogoutSuccessHandler.java
@@ -36,7 +36,7 @@ import org.springframework.security.core.Authentication;
  */
 public interface LogoutSuccessHandler {
 
-	void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response,
-			Authentication authentication) throws IOException, ServletException;
+	void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication)
+			throws IOException, ServletException;
 
 }
diff --git a/web/src/main/java/org/springframework/security/web/authentication/logout/SecurityContextLogoutHandler.java b/web/src/main/java/org/springframework/security/web/authentication/logout/SecurityContextLogoutHandler.java
index e21a7fd12a..c6918afd75 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/logout/SecurityContextLogoutHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/logout/SecurityContextLogoutHandler.java
@@ -41,9 +41,11 @@ import org.springframework.util.Assert;
  * @author Rob Winch
  */
 public class SecurityContextLogoutHandler implements LogoutHandler {
+
 	protected final Log logger = LogFactory.getLog(this.getClass());
 
 	private boolean invalidateHttpSession = true;
+
 	private boolean clearAuthentication = true;
 
 	// ~ Methods
@@ -51,13 +53,11 @@ public class SecurityContextLogoutHandler implements LogoutHandler {
 
 	/**
 	 * Requires the request to be passed in.
-	 *
 	 * @param request from which to obtain a HTTP session (cannot be null)
 	 * @param response not used (can be <code>null</code>)
 	 * @param authentication not used (can be <code>null</code>)
 	 */
-	public void logout(HttpServletRequest request, HttpServletResponse response,
-			Authentication authentication) {
+	public void logout(HttpServletRequest request, HttpServletResponse response, Authentication authentication) {
 		Assert.notNull(request, "HttpServletRequest required");
 		if (invalidateHttpSession) {
 			HttpSession session = request.getSession(false);
@@ -82,7 +82,6 @@ public class SecurityContextLogoutHandler implements LogoutHandler {
 	/**
 	 * Causes the {@link HttpSession} to be invalidated when this {@link LogoutHandler} is
 	 * invoked. Defaults to true.
-	 *
 	 * @param invalidateHttpSession true if you wish the session to be invalidated
 	 * (default) or false if it should not be.
 	 */
@@ -93,7 +92,6 @@ public class SecurityContextLogoutHandler implements LogoutHandler {
 	/**
 	 * If true, removes the {@link Authentication} from the {@link SecurityContext} to
 	 * prevent issues with concurrent requests.
-	 *
 	 * @param clearAuthentication true if you wish to clear the {@link Authentication}
 	 * from the {@link SecurityContext} (default) or false if the {@link Authentication}
 	 * should not be removed.
@@ -101,4 +99,5 @@ public class SecurityContextLogoutHandler implements LogoutHandler {
 	public void setClearAuthentication(boolean clearAuthentication) {
 		this.clearAuthentication = clearAuthentication;
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/authentication/logout/SimpleUrlLogoutSuccessHandler.java b/web/src/main/java/org/springframework/security/web/authentication/logout/SimpleUrlLogoutSuccessHandler.java
index 508fb99f65..866670dbeb 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/logout/SimpleUrlLogoutSuccessHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/logout/SimpleUrlLogoutSuccessHandler.java
@@ -31,11 +31,11 @@ import org.springframework.security.web.authentication.AbstractAuthenticationTar
  * @author Luke Taylor
  * @since 3.0
  */
-public class SimpleUrlLogoutSuccessHandler extends
-		AbstractAuthenticationTargetUrlRequestHandler implements LogoutSuccessHandler {
+public class SimpleUrlLogoutSuccessHandler extends AbstractAuthenticationTargetUrlRequestHandler
+		implements LogoutSuccessHandler {
 
-	public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response,
-			Authentication authentication) throws IOException, ServletException {
+	public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication)
+			throws IOException, ServletException {
 		super.handle(request, response, authentication);
 	}
 
diff --git a/web/src/main/java/org/springframework/security/web/authentication/logout/package-info.java b/web/src/main/java/org/springframework/security/web/authentication/logout/package-info.java
index 5e02d231e5..4f37812e68 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/logout/package-info.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/logout/package-info.java
@@ -17,4 +17,3 @@
  * Logout functionality based around a filter which handles a specific logout URL.
  */
 package org.springframework.security.web.authentication.logout;
-
diff --git a/web/src/main/java/org/springframework/security/web/authentication/package-info.java b/web/src/main/java/org/springframework/security/web/authentication/package-info.java
index 7894461fca..4bd0aec8fb 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/package-info.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/package-info.java
@@ -18,4 +18,3 @@
  * credentials using various protocols (eg BASIC, CAS, form login etc).
  */
 package org.springframework.security.web.authentication;
-
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilter.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilter.java
index a5ba43d6b0..17e1ce0e20 100755
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilter.java
@@ -81,13 +81,21 @@ public abstract class AbstractPreAuthenticatedProcessingFilter extends GenericFi
 		implements ApplicationEventPublisherAware {
 
 	private ApplicationEventPublisher eventPublisher = null;
+
 	private AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource = new WebAuthenticationDetailsSource();
+
 	private AuthenticationManager authenticationManager = null;
+
 	private boolean continueFilterChainOnUnsuccessfulAuthentication = true;
+
 	private boolean checkForPrincipalChanges;
+
 	private boolean invalidateSessionOnPrincipalChange = true;
+
 	private AuthenticationSuccessHandler authenticationSuccessHandler = null;
+
 	private AuthenticationFailureHandler authenticationFailureHandler = null;
+
 	private RequestMatcher requiresAuthenticationRequestMatcher = new PreAuthenticatedProcessingRequestMatcher();
 
 	/**
@@ -109,12 +117,11 @@ public abstract class AbstractPreAuthenticatedProcessingFilter extends GenericFi
 	 * Try to authenticate a pre-authenticated user with Spring Security if the user has
 	 * not yet been authenticated.
 	 */
-	public void doFilter(ServletRequest request, ServletResponse response,
-			FilterChain chain) throws IOException, ServletException {
+	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
+			throws IOException, ServletException {
 
 		if (logger.isDebugEnabled()) {
-			logger.debug("Checking secure context token: "
-					+ SecurityContextHolder.getContext().getAuthentication());
+			logger.debug("Checking secure context token: " + SecurityContextHolder.getContext().getAuthentication());
 		}
 
 		if (requiresAuthenticationRequestMatcher.matches((HttpServletRequest) request)) {
@@ -128,14 +135,16 @@ public abstract class AbstractPreAuthenticatedProcessingFilter extends GenericFi
 	 * Determines if the current principal has changed. The default implementation tries
 	 *
 	 * <ul>
-	 * <li>If the {@link #getPreAuthenticatedPrincipal(HttpServletRequest)} is a String, the {@link Authentication#getName()} is compared against the pre authenticated principal</li>
-	 * <li>Otherwise, the {@link #getPreAuthenticatedPrincipal(HttpServletRequest)} is compared against the {@link Authentication#getPrincipal()}
+	 * <li>If the {@link #getPreAuthenticatedPrincipal(HttpServletRequest)} is a String,
+	 * the {@link Authentication#getName()} is compared against the pre authenticated
+	 * principal</li>
+	 * <li>Otherwise, the {@link #getPreAuthenticatedPrincipal(HttpServletRequest)} is
+	 * compared against the {@link Authentication#getPrincipal()}
 	 * </ul>
 	 *
 	 * <p>
 	 * Subclasses can override this method to determine when a principal has changed.
 	 * </p>
-	 *
 	 * @param request
 	 * @param currentAuthentication
 	 * @return true if the principal has changed, else false
@@ -161,7 +170,8 @@ public abstract class AbstractPreAuthenticatedProcessingFilter extends GenericFi
 	/**
 	 * Do the actual authentication for a pre-authenticated user.
 	 */
-	private void doAuthenticate(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
+	private void doAuthenticate(HttpServletRequest request, HttpServletResponse response)
+			throws IOException, ServletException {
 		Authentication authResult;
 
 		Object principal = getPreAuthenticatedPrincipal(request);
@@ -176,13 +186,12 @@ public abstract class AbstractPreAuthenticatedProcessingFilter extends GenericFi
 		}
 
 		if (logger.isDebugEnabled()) {
-			logger.debug("preAuthenticatedPrincipal = " + principal
-					+ ", trying to authenticate");
+			logger.debug("preAuthenticatedPrincipal = " + principal + ", trying to authenticate");
 		}
 
 		try {
-			PreAuthenticatedAuthenticationToken authRequest = new PreAuthenticatedAuthenticationToken(
-					principal, credentials);
+			PreAuthenticatedAuthenticationToken authRequest = new PreAuthenticatedAuthenticationToken(principal,
+					credentials);
 			authRequest.setDetails(authenticationDetailsSource.buildDetails(request));
 			authResult = authenticationManager.authenticate(authRequest);
 			successfulAuthentication(request, response, authResult);
@@ -200,16 +209,15 @@ public abstract class AbstractPreAuthenticatedProcessingFilter extends GenericFi
 	 * Puts the <code>Authentication</code> instance returned by the authentication
 	 * manager into the secure context.
 	 */
-	protected void successfulAuthentication(HttpServletRequest request,
-			HttpServletResponse response, Authentication authResult) throws IOException, ServletException {
+	protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response,
+			Authentication authResult) throws IOException, ServletException {
 		if (logger.isDebugEnabled()) {
 			logger.debug("Authentication success: " + authResult);
 		}
 		SecurityContextHolder.getContext().setAuthentication(authResult);
 		// Fire event
 		if (this.eventPublisher != null) {
-			eventPublisher.publishEvent(new InteractiveAuthenticationSuccessEvent(
-					authResult, this.getClass()));
+			eventPublisher.publishEvent(new InteractiveAuthenticationSuccessEvent(authResult, this.getClass()));
 		}
 
 		if (authenticationSuccessHandler != null) {
@@ -223,8 +231,8 @@ public abstract class AbstractPreAuthenticatedProcessingFilter extends GenericFi
 	 * <p>
 	 * Caches the failure exception as a request attribute
 	 */
-	protected void unsuccessfulAuthentication(HttpServletRequest request,
-			HttpServletResponse response, AuthenticationException failed) throws IOException, ServletException {
+	protected void unsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response,
+			AuthenticationException failed) throws IOException, ServletException {
 		SecurityContextHolder.clearContext();
 
 		if (logger.isDebugEnabled()) {
@@ -240,8 +248,7 @@ public abstract class AbstractPreAuthenticatedProcessingFilter extends GenericFi
 	/**
 	 * @param anApplicationEventPublisher The ApplicationEventPublisher to use
 	 */
-	public void setApplicationEventPublisher(
-			ApplicationEventPublisher anApplicationEventPublisher) {
+	public void setApplicationEventPublisher(ApplicationEventPublisher anApplicationEventPublisher) {
 		this.eventPublisher = anApplicationEventPublisher;
 	}
 
@@ -250,8 +257,7 @@ public abstract class AbstractPreAuthenticatedProcessingFilter extends GenericFi
 	 */
 	public void setAuthenticationDetailsSource(
 			AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource) {
-		Assert.notNull(authenticationDetailsSource,
-				"AuthenticationDetailsSource required");
+		Assert.notNull(authenticationDetailsSource, "AuthenticationDetailsSource required");
 		this.authenticationDetailsSource = authenticationDetailsSource;
 	}
 
@@ -267,11 +273,10 @@ public abstract class AbstractPreAuthenticatedProcessingFilter extends GenericFi
 	}
 
 	/**
-	 * If set to {@code true} (the default), any {@code AuthenticationException} raised by the
-	 * {@code AuthenticationManager} will be swallowed, and the request will be allowed to
-	 * proceed, potentially using alternative authentication mechanisms. If {@code false},
-	 * authentication failure will result in an immediate exception.
-	 *
+	 * If set to {@code true} (the default), any {@code AuthenticationException} raised by
+	 * the {@code AuthenticationManager} will be swallowed, and the request will be
+	 * allowed to proceed, potentially using alternative authentication mechanisms. If
+	 * {@code false}, authentication failure will result in an immediate exception.
 	 * @param shouldContinue set to {@code true} to allow the request to proceed after a
 	 * failed authentication.
 	 */
@@ -284,7 +289,6 @@ public abstract class AbstractPreAuthenticatedProcessingFilter extends GenericFi
 	 * compared against the name of the current <tt>Authentication</tt> object. A check to
 	 * determine if {@link Authentication#getPrincipal()} is equal to the principal will
 	 * also be performed. If a change is detected, the user will be reauthenticated.
-	 *
 	 * @param checkForPrincipalChanges
 	 */
 	public void setCheckForPrincipalChanges(boolean checkForPrincipalChanges) {
@@ -295,12 +299,10 @@ public abstract class AbstractPreAuthenticatedProcessingFilter extends GenericFi
 	 * If <tt>checkForPrincipalChanges</tt> is set, and a change of principal is detected,
 	 * determines whether any existing session should be invalidated before proceeding to
 	 * authenticate the new principal.
-	 *
 	 * @param invalidateSessionOnPrincipalChange <tt>false</tt> to retain the existing
 	 * session. Defaults to <tt>true</tt>.
 	 */
-	public void setInvalidateSessionOnPrincipalChange(
-			boolean invalidateSessionOnPrincipalChange) {
+	public void setInvalidateSessionOnPrincipalChange(boolean invalidateSessionOnPrincipalChange) {
 		this.invalidateSessionOnPrincipalChange = invalidateSessionOnPrincipalChange;
 	}
 
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationProvider.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationProvider.java
index d14c925c56..50ec3209c8 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationProvider.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationProvider.java
@@ -44,13 +44,14 @@ import org.springframework.util.Assert;
  * @author Ruud Senden
  * @since 2.0
  */
-public class PreAuthenticatedAuthenticationProvider implements AuthenticationProvider,
-		InitializingBean, Ordered {
-	private static final Log logger = LogFactory
-			.getLog(PreAuthenticatedAuthenticationProvider.class);
+public class PreAuthenticatedAuthenticationProvider implements AuthenticationProvider, InitializingBean, Ordered {
+
+	private static final Log logger = LogFactory.getLog(PreAuthenticatedAuthenticationProvider.class);
 
 	private AuthenticationUserDetailsService<PreAuthenticatedAuthenticationToken> preAuthenticatedUserDetailsService = null;
+
 	private UserDetailsChecker userDetailsChecker = new AccountStatusUserDetailsChecker();
+
 	private boolean throwExceptionWhenTokenRejected = false;
 
 	private int order = -1; // default: same as non-ordered
@@ -59,8 +60,7 @@ public class PreAuthenticatedAuthenticationProvider implements AuthenticationPro
 	 * Check whether all required properties have been set.
 	 */
 	public void afterPropertiesSet() {
-		Assert.notNull(preAuthenticatedUserDetailsService,
-				"An AuthenticationUserDetailsService must be set");
+		Assert.notNull(preAuthenticatedUserDetailsService, "An AuthenticationUserDetailsService must be set");
 	}
 
 	/**
@@ -69,8 +69,7 @@ public class PreAuthenticatedAuthenticationProvider implements AuthenticationPro
 	 * If the principal contained in the authentication object is null, the request will
 	 * be ignored to allow other providers to authenticate it.
 	 */
-	public Authentication authenticate(Authentication authentication)
-			throws AuthenticationException {
+	public Authentication authenticate(Authentication authentication) throws AuthenticationException {
 		if (!supports(authentication.getClass())) {
 			return null;
 		}
@@ -83,8 +82,7 @@ public class PreAuthenticatedAuthenticationProvider implements AuthenticationPro
 			logger.debug("No pre-authenticated principal found in request.");
 
 			if (throwExceptionWhenTokenRejected) {
-				throw new BadCredentialsException(
-						"No pre-authenticated principal found in request.");
+				throw new BadCredentialsException("No pre-authenticated principal found in request.");
 			}
 			return null;
 		}
@@ -93,8 +91,7 @@ public class PreAuthenticatedAuthenticationProvider implements AuthenticationPro
 			logger.debug("No pre-authenticated credentials found in request.");
 
 			if (throwExceptionWhenTokenRejected) {
-				throw new BadCredentialsException(
-						"No pre-authenticated credentials found in request.");
+				throw new BadCredentialsException("No pre-authenticated credentials found in request.");
 			}
 			return null;
 		}
@@ -104,8 +101,8 @@ public class PreAuthenticatedAuthenticationProvider implements AuthenticationPro
 
 		userDetailsChecker.check(ud);
 
-		PreAuthenticatedAuthenticationToken result = new PreAuthenticatedAuthenticationToken(
-				ud, authentication.getCredentials(), ud.getAuthorities());
+		PreAuthenticatedAuthenticationToken result = new PreAuthenticatedAuthenticationToken(ud,
+				authentication.getCredentials(), ud.getAuthorities());
 		result.setDetails(authentication.getDetails());
 
 		return result;
@@ -122,7 +119,6 @@ public class PreAuthenticatedAuthenticationProvider implements AuthenticationPro
 	/**
 	 * Set the AuthenticatedUserDetailsService to be used to load the {@code UserDetails}
 	 * for the authenticated user.
-	 *
 	 * @param uds
 	 */
 	public void setPreAuthenticatedUserDetailsService(
@@ -156,4 +152,5 @@ public class PreAuthenticatedAuthenticationProvider implements AuthenticationPro
 	public void setOrder(int i) {
 		order = i;
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationToken.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationToken.java
index b0ddf2b83f..31cc829b9f 100755
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationToken.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationToken.java
@@ -33,13 +33,13 @@ public class PreAuthenticatedAuthenticationToken extends AbstractAuthenticationT
 	private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
 
 	private final Object principal;
+
 	private final Object credentials;
 
 	/**
 	 * Constructor used for an authentication request. The
 	 * {@link org.springframework.security.core.Authentication#isAuthenticated()} will
 	 * return <code>false</code>.
-	 *
 	 * @param aPrincipal The pre-authenticated principal
 	 * @param aCredentials The pre-authenticated credentials
 	 */
@@ -53,7 +53,6 @@ public class PreAuthenticatedAuthenticationToken extends AbstractAuthenticationT
 	 * Constructor used for an authentication response. The
 	 * {@link org.springframework.security.core.Authentication#isAuthenticated()} will
 	 * return <code>true</code>.
-	 *
 	 * @param aPrincipal The authenticated principal
 	 * @param anAuthorities The granted authorities
 	 */
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedCredentialsNotFoundException.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedCredentialsNotFoundException.java
index aeab134bb9..9793f9ebff 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedCredentialsNotFoundException.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedCredentialsNotFoundException.java
@@ -24,11 +24,11 @@ public class PreAuthenticatedCredentialsNotFoundException extends Authentication
 	}
 
 	/**
-	 *
 	 * @param message The message for the Exception
 	 * @param cause The Exception that caused this Exception.
 	 */
 	public PreAuthenticatedCredentialsNotFoundException(String message, Throwable cause) {
 		super(message, cause);
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesUserDetailsService.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesUserDetailsService.java
index c45c666ef0..ffbbb33aa2 100755
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesUserDetailsService.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesUserDetailsService.java
@@ -45,31 +45,30 @@ import org.springframework.util.Assert;
  * @author Ruud Senden
  * @since 2.0
  */
-public class PreAuthenticatedGrantedAuthoritiesUserDetailsService implements
-		AuthenticationUserDetailsService<PreAuthenticatedAuthenticationToken> {
+public class PreAuthenticatedGrantedAuthoritiesUserDetailsService
+		implements AuthenticationUserDetailsService<PreAuthenticatedAuthenticationToken> {
+
 	/**
 	 * Get a UserDetails object based on the user name contained in the given token, and
 	 * the GrantedAuthorities as returned by the GrantedAuthoritiesContainer
 	 * implementation as returned by the token.getDetails() method.
 	 */
-	public final UserDetails loadUserDetails(PreAuthenticatedAuthenticationToken token)
-			throws AuthenticationException {
+	public final UserDetails loadUserDetails(PreAuthenticatedAuthenticationToken token) throws AuthenticationException {
 		Assert.notNull(token.getDetails(), "token.getDetails() cannot be null");
 		Assert.isInstanceOf(GrantedAuthoritiesContainer.class, token.getDetails());
-		Collection<? extends GrantedAuthority> authorities = ((GrantedAuthoritiesContainer) token
-				.getDetails()).getGrantedAuthorities();
+		Collection<? extends GrantedAuthority> authorities = ((GrantedAuthoritiesContainer) token.getDetails())
+				.getGrantedAuthorities();
 		return createUserDetails(token, authorities);
 	}
 
 	/**
 	 * Creates the final <tt>UserDetails</tt> object. Can be overridden to customize the
 	 * contents.
-	 *
 	 * @param token the authentication request token
 	 * @param authorities the pre-authenticated authorities.
 	 */
-	protected UserDetails createUserDetails(Authentication token,
-			Collection<? extends GrantedAuthority> authorities) {
+	protected UserDetails createUserDetails(Authentication token, Collection<? extends GrantedAuthority> authorities) {
 		return new User(token.getName(), "N/A", true, true, true, true, authorities);
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails.java
index 71e361d487..14f9238d29 100755
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails.java
@@ -31,15 +31,15 @@ import java.util.*;
  * @author Luke Taylor
  * @since 2.0
  */
-public class PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails extends
-		WebAuthenticationDetails implements GrantedAuthoritiesContainer {
+public class PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails extends WebAuthenticationDetails
+		implements GrantedAuthoritiesContainer {
 
 	private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
 
 	private final List<GrantedAuthority> authorities;
 
-	public PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails(
-			HttpServletRequest request, Collection<? extends GrantedAuthority> authorities) {
+	public PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails(HttpServletRequest request,
+			Collection<? extends GrantedAuthority> authorities) {
 		super(request);
 
 		List<GrantedAuthority> temp = new ArrayList<>(authorities.size());
@@ -59,4 +59,5 @@ public class PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails extends
 		sb.append(authorities);
 		return sb.toString();
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/RequestAttributeAuthenticationFilter.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/RequestAttributeAuthenticationFilter.java
index 4769060bc8..16e82bdfd7 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/RequestAttributeAuthenticationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/RequestAttributeAuthenticationFilter.java
@@ -22,8 +22,9 @@ import org.springframework.util.Assert;
 /**
  * A simple pre-authenticated filter which obtains the username from request attributes,
  * for use with SSO systems such as
- * <a href="https://webauth.stanford.edu/manual/mod/mod_webauth.html#java">Stanford WebAuth</a> or
- * <a href="https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPJavaInstall">Shibboleth</a>.
+ * <a href="https://webauth.stanford.edu/manual/mod/mod_webauth.html#java">Stanford
+ * WebAuth</a> or <a href=
+ * "https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPJavaInstall">Shibboleth</a>.
  * <p>
  * As with most pre-authenticated scenarios, it is essential that the external
  * authentication system is set up correctly as this filter does no authentication
@@ -37,20 +38,20 @@ import org.springframework.util.Assert;
  * {@code getPreAuthenticatedPrincipal} will throw an exception. You can override this
  * behaviour by setting the {@code exceptionIfVariableMissing} property.
  *
- *
  * @author Milan Sevcik
  * @since 4.2
  */
-public class RequestAttributeAuthenticationFilter
-		extends AbstractPreAuthenticatedProcessingFilter {
+public class RequestAttributeAuthenticationFilter extends AbstractPreAuthenticatedProcessingFilter {
+
 	private String principalEnvironmentVariable = "REMOTE_USER";
+
 	private String credentialsEnvironmentVariable;
+
 	private boolean exceptionIfVariableMissing = true;
 
 	/**
 	 * Read and returns the variable named by {@code principalEnvironmentVariable} from
 	 * the request.
-	 *
 	 * @throws PreAuthenticatedCredentialsNotFoundException if the environment variable is
 	 * missing and {@code exceptionIfVariableMissing} is set to {@code true}.
 	 */
@@ -79,25 +80,23 @@ public class RequestAttributeAuthenticationFilter
 	}
 
 	public void setPrincipalEnvironmentVariable(String principalEnvironmentVariable) {
-		Assert.hasText(principalEnvironmentVariable,
-				"principalEnvironmentVariable must not be empty or null");
+		Assert.hasText(principalEnvironmentVariable, "principalEnvironmentVariable must not be empty or null");
 		this.principalEnvironmentVariable = principalEnvironmentVariable;
 	}
 
 	public void setCredentialsEnvironmentVariable(String credentialsEnvironmentVariable) {
-		Assert.hasText(credentialsEnvironmentVariable,
-				"credentialsEnvironmentVariable must not be empty or null");
+		Assert.hasText(credentialsEnvironmentVariable, "credentialsEnvironmentVariable must not be empty or null");
 		this.credentialsEnvironmentVariable = credentialsEnvironmentVariable;
 	}
 
 	/**
 	 * Defines whether an exception should be raised if the principal variable is missing.
 	 * Defaults to {@code true}.
-	 *
 	 * @param exceptionIfVariableMissing set to {@code false} to override the default
 	 * behaviour and allow the request to proceed if no variable is found.
 	 */
 	public void setExceptionIfVariableMissing(boolean exceptionIfVariableMissing) {
 		this.exceptionIfVariableMissing = exceptionIfVariableMissing;
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/RequestHeaderAuthenticationFilter.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/RequestHeaderAuthenticationFilter.java
index ec972c4b79..115d9aa6cc 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/RequestHeaderAuthenticationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/RequestHeaderAuthenticationFilter.java
@@ -39,20 +39,20 @@ import org.springframework.util.Assert;
  * throw an exception. You can override this behaviour by setting the
  * {@code exceptionIfHeaderMissing} property.
  *
- *
  * @author Luke Taylor
  * @since 2.0
  */
-public class RequestHeaderAuthenticationFilter extends
-		AbstractPreAuthenticatedProcessingFilter {
+public class RequestHeaderAuthenticationFilter extends AbstractPreAuthenticatedProcessingFilter {
+
 	private String principalRequestHeader = "SM_USER";
+
 	private String credentialsRequestHeader;
+
 	private boolean exceptionIfHeaderMissing = true;
 
 	/**
 	 * Read and returns the header named by {@code principalRequestHeader} from the
 	 * request.
-	 *
 	 * @throws PreAuthenticatedCredentialsNotFoundException if the header is missing and
 	 * {@code exceptionIfHeaderMissing} is set to {@code true}.
 	 */
@@ -60,8 +60,8 @@ public class RequestHeaderAuthenticationFilter extends
 		String principal = request.getHeader(principalRequestHeader);
 
 		if (principal == null && exceptionIfHeaderMissing) {
-			throw new PreAuthenticatedCredentialsNotFoundException(principalRequestHeader
-					+ " header not found in request.");
+			throw new PreAuthenticatedCredentialsNotFoundException(
+					principalRequestHeader + " header not found in request.");
 		}
 
 		return principal;
@@ -81,25 +81,23 @@ public class RequestHeaderAuthenticationFilter extends
 	}
 
 	public void setPrincipalRequestHeader(String principalRequestHeader) {
-		Assert.hasText(principalRequestHeader,
-				"principalRequestHeader must not be empty or null");
+		Assert.hasText(principalRequestHeader, "principalRequestHeader must not be empty or null");
 		this.principalRequestHeader = principalRequestHeader;
 	}
 
 	public void setCredentialsRequestHeader(String credentialsRequestHeader) {
-		Assert.hasText(credentialsRequestHeader,
-				"credentialsRequestHeader must not be empty or null");
+		Assert.hasText(credentialsRequestHeader, "credentialsRequestHeader must not be empty or null");
 		this.credentialsRequestHeader = credentialsRequestHeader;
 	}
 
 	/**
 	 * Defines whether an exception should be raised if the principal header is missing.
 	 * Defaults to {@code true}.
-	 *
 	 * @param exceptionIfHeaderMissing set to {@code false} to override the default
 	 * behaviour and allow the request to proceed if no header is found.
 	 */
 	public void setExceptionIfHeaderMissing(boolean exceptionIfHeaderMissing) {
 		this.exceptionIfHeaderMissing = exceptionIfHeaderMissing;
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource.java
index b04851e0c6..d65b3a25bb 100755
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource.java
@@ -37,14 +37,17 @@ import java.util.*;
  * @author Ruud Senden
  * @since 2.0
  */
-public class J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource
-		implements
+public class J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource implements
 		AuthenticationDetailsSource<HttpServletRequest, PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails>,
 		InitializingBean {
 
 	protected final Log logger = LogFactory.getLog(getClass());
-	/** The role attributes returned by the configured {@code MappableAttributesRetriever} */
+
+	/**
+	 * The role attributes returned by the configured {@code MappableAttributesRetriever}
+	 */
 	protected Set<String> j2eeMappableRoles;
+
 	protected Attributes2GrantedAuthoritiesMapper j2eeUserRoles2GrantedAuthoritiesMapper = new SimpleAttributes2GrantedAuthoritiesMapper();
 
 	/**
@@ -52,8 +55,7 @@ public class J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource
 	 */
 	public void afterPropertiesSet() {
 		Assert.notNull(j2eeMappableRoles, "No mappable roles available");
-		Assert.notNull(j2eeUserRoles2GrantedAuthoritiesMapper,
-				"Roles to granted authorities mapper not set");
+		Assert.notNull(j2eeUserRoles2GrantedAuthoritiesMapper, "Roles to granted authorities mapper not set");
 	}
 
 	/**
@@ -61,7 +63,6 @@ public class J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource
 	 * {@link javax.servlet.http.HttpServletRequest#isUserInRole(String)} method is called
 	 * for each of the values in the {@code j2eeMappableRoles} set to determine if that
 	 * role should be assigned to the user.
-	 *
 	 * @param request the request which should be used to extract the user's roles.
 	 * @return The subset of {@code j2eeMappableRoles} which applies to the current user
 	 * making the request.
@@ -83,16 +84,14 @@ public class J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource
 	 *
 	 * @see org.springframework.security.authentication.AuthenticationDetailsSource#buildDetails(Object)
 	 */
-	public PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails buildDetails(
-			HttpServletRequest context) {
+	public PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails buildDetails(HttpServletRequest context) {
 
 		Collection<String> j2eeUserRoles = getUserRoles(context);
 		Collection<? extends GrantedAuthority> userGas = j2eeUserRoles2GrantedAuthoritiesMapper
 				.getGrantedAuthorities(j2eeUserRoles);
 
 		if (logger.isDebugEnabled()) {
-			logger.debug("J2EE roles [" + j2eeUserRoles
-					+ "] mapped to Granted Authorities: [" + userGas + "]");
+			logger.debug("J2EE roles [" + j2eeUserRoles + "] mapped to Granted Authorities: [" + userGas + "]");
 		}
 
 		PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails result = new PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails(
@@ -104,17 +103,15 @@ public class J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource
 	/**
 	 * @param aJ2eeMappableRolesRetriever The MappableAttributesRetriever to use
 	 */
-	public void setMappableRolesRetriever(
-			MappableAttributesRetriever aJ2eeMappableRolesRetriever) {
-		this.j2eeMappableRoles = Collections.unmodifiableSet(aJ2eeMappableRolesRetriever
-				.getMappableAttributes());
+	public void setMappableRolesRetriever(MappableAttributesRetriever aJ2eeMappableRolesRetriever) {
+		this.j2eeMappableRoles = Collections.unmodifiableSet(aJ2eeMappableRolesRetriever.getMappableAttributes());
 	}
 
 	/**
 	 * @param mapper The Attributes2GrantedAuthoritiesMapper to use
 	 */
-	public void setUserRoles2GrantedAuthoritiesMapper(
-			Attributes2GrantedAuthoritiesMapper mapper) {
+	public void setUserRoles2GrantedAuthoritiesMapper(Attributes2GrantedAuthoritiesMapper mapper) {
 		j2eeUserRoles2GrantedAuthoritiesMapper = mapper;
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/J2eePreAuthenticatedProcessingFilter.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/J2eePreAuthenticatedProcessingFilter.java
index 2d628b5308..97e8e7e12e 100755
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/J2eePreAuthenticatedProcessingFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/J2eePreAuthenticatedProcessingFilter.java
@@ -27,15 +27,13 @@ import org.springframework.security.web.authentication.preauth.AbstractPreAuthen
  * @author Ruud Senden
  * @since 2.0
  */
-public class J2eePreAuthenticatedProcessingFilter extends
-		AbstractPreAuthenticatedProcessingFilter {
+public class J2eePreAuthenticatedProcessingFilter extends AbstractPreAuthenticatedProcessingFilter {
 
 	/**
 	 * Return the J2EE user name.
 	 */
 	protected Object getPreAuthenticatedPrincipal(HttpServletRequest httpRequest) {
-		Object principal = httpRequest.getUserPrincipal() == null ? null : httpRequest
-				.getUserPrincipal().getName();
+		Object principal = httpRequest.getUserPrincipal() == null ? null : httpRequest.getUserPrincipal().getName();
 		if (logger.isDebugEnabled()) {
 			logger.debug("PreAuthenticated J2EE principal: " + principal);
 		}
@@ -49,4 +47,5 @@ public class J2eePreAuthenticatedProcessingFilter extends
 	protected Object getPreAuthenticatedCredentials(HttpServletRequest httpRequest) {
 		return "N/A";
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/WebXmlMappableAttributesRetriever.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/WebXmlMappableAttributesRetriever.java
index f7764aa270..046a1ac8ac 100755
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/WebXmlMappableAttributesRetriever.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/WebXmlMappableAttributesRetriever.java
@@ -51,11 +51,13 @@ import org.xml.sax.SAXException;
  * @author Luke Taylor
  * @since 2.0
  */
-public class WebXmlMappableAttributesRetriever implements ResourceLoaderAware,
-		MappableAttributesRetriever, InitializingBean {
+public class WebXmlMappableAttributesRetriever
+		implements ResourceLoaderAware, MappableAttributesRetriever, InitializingBean {
+
 	protected final Log logger = LogFactory.getLog(getClass());
 
 	private ResourceLoader resourceLoader;
+
 	private Set<String> mappableAttributes;
 
 	public void setResourceLoader(ResourceLoader resourceLoader) {
@@ -76,11 +78,9 @@ public class WebXmlMappableAttributesRetriever implements ResourceLoaderAware,
 		Document doc = getDocument(webXml.getInputStream());
 		NodeList webApp = doc.getElementsByTagName("web-app");
 		if (webApp.getLength() != 1) {
-			throw new IllegalArgumentException(
-					"Failed to find 'web-app' element in resource" + webXml);
+			throw new IllegalArgumentException("Failed to find 'web-app' element in resource" + webXml);
 		}
-		NodeList securityRoles = ((Element) webApp.item(0))
-				.getElementsByTagName("security-role");
+		NodeList securityRoles = ((Element) webApp.item(0)).getElementsByTagName("security-role");
 
 		ArrayList<String> roleNames = new ArrayList<>();
 
@@ -116,7 +116,8 @@ public class WebXmlMappableAttributesRetriever implements ResourceLoaderAware,
 		}
 		catch (FactoryConfigurationError | IOException | SAXException | ParserConfigurationException e) {
 			throw new RuntimeException("Unable to parse document object", e);
-		} finally {
+		}
+		finally {
 			try {
 				aStream.close();
 			}
@@ -130,8 +131,11 @@ public class WebXmlMappableAttributesRetriever implements ResourceLoaderAware,
 	 * We do not need to resolve external entities, so just return an empty String.
 	 */
 	private static final class MyEntityResolver implements EntityResolver {
+
 		public InputSource resolveEntity(String publicId, String systemId) {
 			return new InputSource(new StringReader(""));
 		}
+
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/package-info.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/package-info.java
index e4d51af4a2..7cc1884e66 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/package-info.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/package-info.java
@@ -16,8 +16,8 @@
 /**
  * Pre-authentication support for container-authenticated requests.
  * <p>
- * It is assumed that standard JEE security has been configured and Spring Security hooks into the
- * security methods exposed by {@code HttpServletRequest} to build {@code Authentication} object for the user.
+ * It is assumed that standard JEE security has been configured and Spring Security hooks
+ * into the security methods exposed by {@code HttpServletRequest} to build
+ * {@code Authentication} object for the user.
  */
 package org.springframework.security.web.authentication.preauth.j2ee;
-
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/package-info.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/package-info.java
index 88b1f818b8..9dfd0547cc 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/package-info.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/package-info.java
@@ -14,8 +14,7 @@
  * limitations under the License.
  */
 /**
- * Support for "pre-authenticated" scenarios, where Spring Security assumes the incoming request has already been
- * authenticated by some externally configured system.
+ * Support for "pre-authenticated" scenarios, where Spring Security assumes the incoming
+ * request has already been authenticated by some externally configured system.
  */
 package org.springframework.security.web.authentication.preauth;
-
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/DefaultWASUsernameAndGroupsExtractor.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/DefaultWASUsernameAndGroupsExtractor.java
index 6d38ceee91..0a6345683e 100755
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/DefaultWASUsernameAndGroupsExtractor.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/DefaultWASUsernameAndGroupsExtractor.java
@@ -40,8 +40,8 @@ import org.apache.commons.logging.LogFactory;
  * @since 2.0
  */
 final class DefaultWASUsernameAndGroupsExtractor implements WASUsernameAndGroupsExtractor {
-	private static final Log logger = LogFactory
-			.getLog(DefaultWASUsernameAndGroupsExtractor.class);
+
+	private static final Log logger = LogFactory.getLog(DefaultWASUsernameAndGroupsExtractor.class);
 
 	private static final String PORTABLE_REMOTE_OBJECT_CLASSNAME = "javax.rmi.PortableRemoteObject";
 
@@ -68,7 +68,6 @@ final class DefaultWASUsernameAndGroupsExtractor implements WASUsernameAndGroups
 
 	/**
 	 * Get the security name for the given subject.
-	 *
 	 * @param subject The subject for which to retrieve the security name
 	 * @return String the security name for the given subject
 	 */
@@ -79,23 +78,19 @@ final class DefaultWASUsernameAndGroupsExtractor implements WASUsernameAndGroups
 		String userSecurityName = null;
 		if (subject != null) {
 			// SEC-803
-			Object credential = subject.getPublicCredentials(getWSCredentialClass())
-					.iterator().next();
+			Object credential = subject.getPublicCredentials(getWSCredentialClass()).iterator().next();
 			if (credential != null) {
-				userSecurityName = (String) invokeMethod(getSecurityNameMethod(),
-						credential);
+				userSecurityName = (String) invokeMethod(getSecurityNameMethod(), credential);
 			}
 		}
 		if (logger.isDebugEnabled()) {
-			logger.debug("Websphere security name is " + userSecurityName
-					+ " for subject " + subject);
+			logger.debug("Websphere security name is " + userSecurityName + " for subject " + subject);
 		}
 		return userSecurityName;
 	}
 
 	/**
 	 * Get the current RunAs subject.
-	 *
 	 * @return Subject the current RunAs subject
 	 */
 	private static Subject getRunAsSubject() {
@@ -106,7 +101,6 @@ final class DefaultWASUsernameAndGroupsExtractor implements WASUsernameAndGroups
 
 	/**
 	 * Get the WebSphere group names for the given subject.
-	 *
 	 * @param subject The subject for which to retrieve the WebSphere group names
 	 * @return the WebSphere group names for the given subject
 	 */
@@ -116,7 +110,6 @@ final class DefaultWASUsernameAndGroupsExtractor implements WASUsernameAndGroups
 
 	/**
 	 * Get the WebSphere group names for the given security name.
-	 *
 	 * @param securityName The security name for which to retrieve the WebSphere group
 	 * names
 	 * @return the WebSphere group names for the given security name
@@ -128,13 +121,14 @@ final class DefaultWASUsernameAndGroupsExtractor implements WASUsernameAndGroups
 			// TODO: Cache UserRegistry object
 			ic = new InitialContext();
 			Object objRef = ic.lookup(USER_REGISTRY);
-			Object userReg = invokeMethod(getNarrowMethod(), null , objRef, Class.forName("com.ibm.websphere.security.UserRegistry"));
+			Object userReg = invokeMethod(getNarrowMethod(), null, objRef,
+					Class.forName("com.ibm.websphere.security.UserRegistry"));
 			if (logger.isDebugEnabled()) {
-				logger.debug("Determining WebSphere groups for user " + securityName
-						+ " using WebSphere UserRegistry " + userReg);
+				logger.debug("Determining WebSphere groups for user " + securityName + " using WebSphere UserRegistry "
+						+ userReg);
 			}
-			final Collection groups = (Collection) invokeMethod(getGroupsForUserMethod(),
-					userReg, new Object[] { securityName });
+			final Collection groups = (Collection) invokeMethod(getGroupsForUserMethod(), userReg,
+					new Object[] { securityName });
 			if (logger.isDebugEnabled()) {
 				logger.debug("Groups for user " + securityName + ": " + groups.toString());
 			}
@@ -143,8 +137,7 @@ final class DefaultWASUsernameAndGroupsExtractor implements WASUsernameAndGroups
 		}
 		catch (Exception e) {
 			logger.error("Exception occured while looking up groups for user", e);
-			throw new RuntimeException(
-					"Exception occured while looking up groups for user", e);
+			throw new RuntimeException("Exception occured while looking up groups for user", e);
 		}
 		finally {
 			try {
@@ -163,30 +156,26 @@ final class DefaultWASUsernameAndGroupsExtractor implements WASUsernameAndGroups
 			return method.invoke(instance, args);
 		}
 		catch (IllegalArgumentException e) {
-			logger.error("Error while invoking method " + method.getClass().getName()
-					+ "." + method.getName() + "(" + Arrays.asList(args) + ")", e);
-			throw new RuntimeException("Error while invoking method "
-					+ method.getClass().getName() + "." + method.getName() + "("
+			logger.error("Error while invoking method " + method.getClass().getName() + "." + method.getName() + "("
 					+ Arrays.asList(args) + ")", e);
+			throw new RuntimeException("Error while invoking method " + method.getClass().getName() + "."
+					+ method.getName() + "(" + Arrays.asList(args) + ")", e);
 		}
 		catch (IllegalAccessException e) {
-			logger.error("Error while invoking method " + method.getClass().getName()
-					+ "." + method.getName() + "(" + Arrays.asList(args) + ")", e);
-			throw new RuntimeException("Error while invoking method "
-					+ method.getClass().getName() + "." + method.getName() + "("
+			logger.error("Error while invoking method " + method.getClass().getName() + "." + method.getName() + "("
 					+ Arrays.asList(args) + ")", e);
+			throw new RuntimeException("Error while invoking method " + method.getClass().getName() + "."
+					+ method.getName() + "(" + Arrays.asList(args) + ")", e);
 		}
 		catch (InvocationTargetException e) {
-			logger.error("Error while invoking method " + method.getClass().getName()
-					+ "." + method.getName() + "(" + Arrays.asList(args) + ")", e);
-			throw new RuntimeException("Error while invoking method "
-					+ method.getClass().getName() + "." + method.getName() + "("
+			logger.error("Error while invoking method " + method.getClass().getName() + "." + method.getName() + "("
 					+ Arrays.asList(args) + ")", e);
+			throw new RuntimeException("Error while invoking method " + method.getClass().getName() + "."
+					+ method.getName() + "(" + Arrays.asList(args) + ")", e);
 		}
 	}
 
-	private static Method getMethod(String className, String methodName,
-			String[] parameterTypeNames) {
+	private static Method getMethod(String className, String methodName, String[] parameterTypeNames) {
 		try {
 			Class<?> c = Class.forName(className);
 			final int len = parameterTypeNames.length;
@@ -201,40 +190,40 @@ final class DefaultWASUsernameAndGroupsExtractor implements WASUsernameAndGroups
 			throw new RuntimeException("Required class" + className + " not found", e);
 		}
 		catch (NoSuchMethodException e) {
-			logger.error("Required method " + methodName + " with parameter types ("
-					+ Arrays.asList(parameterTypeNames) + ") not found on class "
-					+ className);
+			logger.error("Required method " + methodName + " with parameter types (" + Arrays.asList(parameterTypeNames)
+					+ ") not found on class " + className);
 			throw new RuntimeException("Required class" + className + " not found", e);
 		}
 	}
 
 	private static Method getRunAsSubjectMethod() {
 		if (getRunAsSubject == null) {
-			getRunAsSubject = getMethod("com.ibm.websphere.security.auth.WSSubject",
-					"getRunAsSubject", new String[] {});
+			getRunAsSubject = getMethod("com.ibm.websphere.security.auth.WSSubject", "getRunAsSubject",
+					new String[] {});
 		}
 		return getRunAsSubject;
 	}
 
 	private static Method getGroupsForUserMethod() {
 		if (getGroupsForUser == null) {
-			getGroupsForUser = getMethod("com.ibm.websphere.security.UserRegistry",
-					"getGroupsForUser", new String[] { "java.lang.String" });
+			getGroupsForUser = getMethod("com.ibm.websphere.security.UserRegistry", "getGroupsForUser",
+					new String[] { "java.lang.String" });
 		}
 		return getGroupsForUser;
 	}
 
 	private static Method getSecurityNameMethod() {
 		if (getSecurityName == null) {
-			getSecurityName = getMethod("com.ibm.websphere.security.cred.WSCredential",
-					"getSecurityName", new String[] {});
+			getSecurityName = getMethod("com.ibm.websphere.security.cred.WSCredential", "getSecurityName",
+					new String[] {});
 		}
 		return getSecurityName;
 	}
 
 	private static Method getNarrowMethod() {
 		if (narrow == null) {
-			narrow = getMethod(PORTABLE_REMOTE_OBJECT_CLASSNAME, "narrow", new String[] { Object.class.getName() , Class.class.getName()});
+			narrow = getMethod(PORTABLE_REMOTE_OBJECT_CLASSNAME, "narrow",
+					new String[] { Object.class.getName(), Class.class.getName() });
 		}
 		return narrow;
 	}
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/WASUsernameAndGroupsExtractor.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/WASUsernameAndGroupsExtractor.java
index 378d31a511..0a5676c336 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/WASUsernameAndGroupsExtractor.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/WASUsernameAndGroupsExtractor.java
@@ -31,4 +31,5 @@ interface WASUsernameAndGroupsExtractor {
 	List<String> getGroupsForCurrentUser();
 
 	String getCurrentUserName();
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedProcessingFilter.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedProcessingFilter.java
index a071a228fc..423c1aef81 100755
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedProcessingFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedProcessingFilter.java
@@ -27,8 +27,8 @@ import org.springframework.security.web.authentication.preauth.AbstractPreAuthen
  * @author Ruud Senden
  * @since 2.0
  */
-public class WebSpherePreAuthenticatedProcessingFilter extends
-		AbstractPreAuthenticatedProcessingFilter {
+public class WebSpherePreAuthenticatedProcessingFilter extends AbstractPreAuthenticatedProcessingFilter {
+
 	private final WASUsernameAndGroupsExtractor wasHelper;
 
 	/**
@@ -62,4 +62,5 @@ public class WebSpherePreAuthenticatedProcessingFilter extends
 	protected Object getPreAuthenticatedCredentials(HttpServletRequest httpRequest) {
 		return "N/A";
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedWebAuthenticationDetailsSource.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedWebAuthenticationDetailsSource.java
index 352a5876d5..6a43aa94ad 100755
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedWebAuthenticationDetailsSource.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedWebAuthenticationDetailsSource.java
@@ -33,9 +33,9 @@ import java.util.*;
  *
  * @author Ruud Senden
  */
-public class WebSpherePreAuthenticatedWebAuthenticationDetailsSource
-		implements
+public class WebSpherePreAuthenticatedWebAuthenticationDetailsSource implements
 		AuthenticationDetailsSource<HttpServletRequest, PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails> {
+
 	private final Log logger = LogFactory.getLog(getClass());
 
 	private Attributes2GrantedAuthoritiesMapper webSphereGroups2GrantedAuthoritiesMapper = new SimpleAttributes2GrantedAuthoritiesMapper();
@@ -46,20 +46,17 @@ public class WebSpherePreAuthenticatedWebAuthenticationDetailsSource
 		this(new DefaultWASUsernameAndGroupsExtractor());
 	}
 
-	public WebSpherePreAuthenticatedWebAuthenticationDetailsSource(
-			WASUsernameAndGroupsExtractor wasHelper) {
+	public WebSpherePreAuthenticatedWebAuthenticationDetailsSource(WASUsernameAndGroupsExtractor wasHelper) {
 		this.wasHelper = wasHelper;
 	}
 
-	public PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails buildDetails(
-			HttpServletRequest context) {
+	public PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails buildDetails(HttpServletRequest context) {
 		return new PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails(context,
 				getWebSphereGroupsBasedGrantedAuthorities());
 	}
 
 	/**
 	 * Get a list of Granted Authorities based on the current user's WebSphere groups.
-	 *
 	 * @return authorities mapped from the user's WebSphere groups.
 	 */
 	private Collection<? extends GrantedAuthority> getWebSphereGroupsBasedGrantedAuthorities() {
@@ -67,8 +64,7 @@ public class WebSpherePreAuthenticatedWebAuthenticationDetailsSource
 		Collection<? extends GrantedAuthority> userGas = webSphereGroups2GrantedAuthoritiesMapper
 				.getGrantedAuthorities(webSphereGroups);
 		if (logger.isDebugEnabled()) {
-			logger.debug("WebSphere groups: " + webSphereGroups
-					+ " mapped to Granted Authorities: " + userGas);
+			logger.debug("WebSphere groups: " + webSphereGroups + " mapped to Granted Authorities: " + userGas);
 		}
 		return userGas;
 	}
@@ -77,8 +73,7 @@ public class WebSpherePreAuthenticatedWebAuthenticationDetailsSource
 	 * @param mapper The Attributes2GrantedAuthoritiesMapper to use for converting the WAS
 	 * groups to authorities
 	 */
-	public void setWebSphereGroups2GrantedAuthoritiesMapper(
-			Attributes2GrantedAuthoritiesMapper mapper) {
+	public void setWebSphereGroups2GrantedAuthoritiesMapper(Attributes2GrantedAuthoritiesMapper mapper) {
 		webSphereGroups2GrantedAuthoritiesMapper = mapper;
 	}
 
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/package-info.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/package-info.java
index 2216cca158..f2aed4c60e 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/package-info.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/package-info.java
@@ -17,4 +17,3 @@
  * Websphere-specific pre-authentication classes.
  */
 package org.springframework.security.web.authentication.preauth.websphere;
-
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/x509/SubjectDnX509PrincipalExtractor.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/x509/SubjectDnX509PrincipalExtractor.java
index 85ebbb5534..dc60db89e9 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/x509/SubjectDnX509PrincipalExtractor.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/x509/SubjectDnX509PrincipalExtractor.java
@@ -33,8 +33,8 @@ import java.util.regex.Matcher;
  * Subject (as returned by a call to {@link X509Certificate#getSubjectDN()}).
  * <p>
  * The regular expression should contain a single group; for example the default
- * expression "CN=(.*?)(?:,|$)" matches the common name field. So
- * "CN=Jimi Hendrix, OU=..." will give a user name of "Jimi Hendrix".
+ * expression "CN=(.*?)(?:,|$)" matches the common name field. So "CN=Jimi Hendrix,
+ * OU=..." will give a user name of "Jimi Hendrix".
  * <p>
  * The matches are case insensitive. So "emailAddress=(.*?)," will match
  * "EMAILADDRESS=jimi@hendrix.org, CN=..." giving a user name "jimi@hendrix.org"
@@ -42,9 +42,11 @@ import java.util.regex.Matcher;
  * @author Luke Taylor
  */
 public class SubjectDnX509PrincipalExtractor implements X509PrincipalExtractor {
+
 	// ~ Instance fields
 	// ================================================================================================
 	protected final Log logger = LogFactory.getLog(getClass());
+
 	protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
 
 	private Pattern subjectDnPattern;
@@ -62,15 +64,12 @@ public class SubjectDnX509PrincipalExtractor implements X509PrincipalExtractor {
 		Matcher matcher = subjectDnPattern.matcher(subjectDN);
 
 		if (!matcher.find()) {
-			throw new BadCredentialsException(messages.getMessage(
-					"SubjectDnX509PrincipalExtractor.noMatching",
-					new Object[] { subjectDN },
-					"No matching pattern was found in subject DN: {0}"));
+			throw new BadCredentialsException(messages.getMessage("SubjectDnX509PrincipalExtractor.noMatching",
+					new Object[] { subjectDN }, "No matching pattern was found in subject DN: {0}"));
 		}
 
 		if (matcher.groupCount() != 1) {
-			throw new IllegalArgumentException(
-					"Regular expression must contain a single group ");
+			throw new IllegalArgumentException("Regular expression must contain a single group ");
 		}
 
 		String username = matcher.group(1);
@@ -90,7 +89,6 @@ public class SubjectDnX509PrincipalExtractor implements X509PrincipalExtractor {
 	 * <p>
 	 * The matches are case insensitive. So "emailAddress=(.?)," will match
 	 * "EMAILADDRESS=jimi@hendrix.org, CN=..." giving a user name "jimi@hendrix.org"
-	 *
 	 * @param subjectDnRegex the regular expression to find in the subject
 	 */
 	public void setSubjectDnRegex(String subjectDnRegex) {
@@ -101,4 +99,5 @@ public class SubjectDnX509PrincipalExtractor implements X509PrincipalExtractor {
 	public void setMessageSource(MessageSource messageSource) {
 		this.messages = new MessageSourceAccessor(messageSource);
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/x509/X509AuthenticationFilter.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/x509/X509AuthenticationFilter.java
index 56f4e7e327..96bc484218 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/x509/X509AuthenticationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/x509/X509AuthenticationFilter.java
@@ -25,6 +25,7 @@ import org.springframework.security.web.authentication.preauth.AbstractPreAuthen
  * @author Luke Taylor
  */
 public class X509AuthenticationFilter extends AbstractPreAuthenticatedProcessingFilter {
+
 	private X509PrincipalExtractor principalExtractor = new SubjectDnX509PrincipalExtractor();
 
 	protected Object getPreAuthenticatedPrincipal(HttpServletRequest request) {
@@ -42,8 +43,7 @@ public class X509AuthenticationFilter extends AbstractPreAuthenticatedProcessing
 	}
 
 	private X509Certificate extractClientCertificate(HttpServletRequest request) {
-		X509Certificate[] certs = (X509Certificate[]) request
-				.getAttribute("javax.servlet.request.X509Certificate");
+		X509Certificate[] certs = (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate");
 
 		if (certs != null && certs.length > 0) {
 			if (logger.isDebugEnabled()) {
@@ -63,4 +63,5 @@ public class X509AuthenticationFilter extends AbstractPreAuthenticatedProcessing
 	public void setPrincipalExtractor(X509PrincipalExtractor principalExtractor) {
 		this.principalExtractor = principalExtractor;
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/x509/X509PrincipalExtractor.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/x509/X509PrincipalExtractor.java
index b9de41b5c5..fc8311a72f 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/x509/X509PrincipalExtractor.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/x509/X509PrincipalExtractor.java
@@ -28,4 +28,5 @@ public interface X509PrincipalExtractor {
 	 * Returns the principal (usually a String) for the given certificate.
 	 */
 	Object extractPrincipal(X509Certificate cert);
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/x509/package-info.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/x509/package-info.java
index c0136fdb37..231297c387 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/x509/package-info.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/x509/package-info.java
@@ -14,8 +14,8 @@
  * limitations under the License.
  */
 /**
- * X.509 client certificate authentication support. Hooks into the certificate exposed by the servlet container
- * through the {@code javax.servlet.request.X509Certificate} property.
+ * X.509 client certificate authentication support. Hooks into the certificate exposed by
+ * the servlet container through the {@code javax.servlet.request.X509Certificate}
+ * property.
  */
 package org.springframework.security.web.authentication.preauth.x509;
-
diff --git a/web/src/main/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServices.java b/web/src/main/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServices.java
index 2148408884..2a3f7af0c3 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServices.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServices.java
@@ -56,13 +56,15 @@ import org.springframework.util.StringUtils;
  * @author Onur Kagan Ozcan
  * @since 2.0
  */
-public abstract class AbstractRememberMeServices implements RememberMeServices,
-		InitializingBean, LogoutHandler {
+public abstract class AbstractRememberMeServices implements RememberMeServices, InitializingBean, LogoutHandler {
+
 	// ~ Static fields/initializers
 	// =====================================================================================
 
 	public static final String SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY = "remember-me";
+
 	public static final String DEFAULT_PARAMETER = "remember-me";
+
 	public static final int TWO_WEEKS_S = 1209600;
 
 	private static final String DELIMITER = ":";
@@ -71,20 +73,28 @@ public abstract class AbstractRememberMeServices implements RememberMeServices,
 	// ================================================================================================
 	protected final Log logger = LogFactory.getLog(getClass());
 
-	protected final MessageSourceAccessor messages = SpringSecurityMessageSource
-			.getAccessor();
+	protected final MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
 
 	private UserDetailsService userDetailsService;
+
 	private UserDetailsChecker userDetailsChecker = new AccountStatusUserDetailsChecker();
+
 	private AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource = new WebAuthenticationDetailsSource();
 
 	private String cookieName = SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY;
+
 	private String cookieDomain;
+
 	private String parameter = DEFAULT_PARAMETER;
+
 	private boolean alwaysRemember;
+
 	private String key;
+
 	private int tokenValiditySeconds = TWO_WEEKS_S;
+
 	private Boolean useSecureCookie = null;
+
 	private GrantedAuthoritiesMapper authoritiesMapper = new NullAuthoritiesMapper();
 
 	protected AbstractRememberMeServices(String key, UserDetailsService userDetailsService) {
@@ -109,8 +119,7 @@ public abstract class AbstractRememberMeServices implements RememberMeServices,
 	 * which in turn is used to create a valid authentication token.
 	 */
 	@Override
-	public final Authentication autoLogin(HttpServletRequest request,
-			HttpServletResponse response) {
+	public final Authentication autoLogin(HttpServletRequest request, HttpServletResponse response) {
 		String rememberMeCookie = extractRememberMeCookie(request);
 
 		if (rememberMeCookie == null) {
@@ -141,8 +150,7 @@ public abstract class AbstractRememberMeServices implements RememberMeServices,
 			throw cte;
 		}
 		catch (UsernameNotFoundException noUser) {
-			logger.debug("Remember-me login was valid but corresponding user not found.",
-					noUser);
+			logger.debug("Remember-me login was valid but corresponding user not found.", noUser);
 		}
 		catch (InvalidCookieException invalidCookie) {
 			logger.debug("Invalid remember-me cookie: " + invalidCookie.getMessage());
@@ -162,7 +170,6 @@ public abstract class AbstractRememberMeServices implements RememberMeServices,
 	 * Locates the Spring Security remember me cookie in the request and returns its
 	 * value. The cookie is searched for by name and also by matching the context path to
 	 * the cookie path.
-	 *
 	 * @param request the submitted request which is to be authenticated
 	 * @return the cookie value (if present), null otherwise.
 	 */
@@ -187,17 +194,14 @@ public abstract class AbstractRememberMeServices implements RememberMeServices,
 	 * <tt>autoLogin</tt> method.
 	 * <p>
 	 * By default it will create a <tt>RememberMeAuthenticationToken</tt> instance.
-	 *
 	 * @param request the original request. The configured
 	 * <tt>AuthenticationDetailsSource</tt> will use this to build the details property of
 	 * the returned object.
 	 * @param user the <tt>UserDetails</tt> loaded from the <tt>UserDetailsService</tt>.
 	 * This will be stored as the principal.
-	 *
 	 * @return the <tt>Authentication</tt> for the remember-me authenticated user
 	 */
-	protected Authentication createSuccessfulAuthentication(HttpServletRequest request,
-			UserDetails user) {
+	protected Authentication createSuccessfulAuthentication(HttpServletRequest request, UserDetails user) {
 		RememberMeAuthenticationToken auth = new RememberMeAuthenticationToken(key, user,
 				authoritiesMapper.mapAuthorities(user.getAuthorities()));
 		auth.setDetails(authenticationDetailsSource.buildDetails(request));
@@ -207,7 +211,6 @@ public abstract class AbstractRememberMeServices implements RememberMeServices,
 	/**
 	 * Decodes the cookie and splits it into a set of token strings using the ":"
 	 * delimiter.
-	 *
 	 * @param cookieValue the value obtained from the submitted cookie
 	 * @return the array of tokens.
 	 * @throws InvalidCookieException if the cookie was not base64 encoded.
@@ -221,24 +224,18 @@ public abstract class AbstractRememberMeServices implements RememberMeServices,
 			Base64.getDecoder().decode(cookieValue.getBytes());
 		}
 		catch (IllegalArgumentException e) {
-			throw new InvalidCookieException(
-					"Cookie token was not Base64 encoded; value was '" + cookieValue
-							+ "'");
+			throw new InvalidCookieException("Cookie token was not Base64 encoded; value was '" + cookieValue + "'");
 		}
 
 		String cookieAsPlainText = new String(Base64.getDecoder().decode(cookieValue.getBytes()));
 
-		String[] tokens = StringUtils.delimitedListToStringArray(cookieAsPlainText,
-				DELIMITER);
+		String[] tokens = StringUtils.delimitedListToStringArray(cookieAsPlainText, DELIMITER);
 
-		for (int i = 0; i < tokens.length; i++)
-		{
-			try
-			{
+		for (int i = 0; i < tokens.length; i++) {
+			try {
 				tokens[i] = URLDecoder.decode(tokens[i], StandardCharsets.UTF_8.toString());
 			}
-			catch (UnsupportedEncodingException e)
-			{
+			catch (UnsupportedEncodingException e) {
 				logger.error(e.getMessage(), e);
 			}
 		}
@@ -248,19 +245,16 @@ public abstract class AbstractRememberMeServices implements RememberMeServices,
 
 	/**
 	 * Inverse operation of decodeCookie.
-	 *
 	 * @param cookieTokens the tokens to be encoded.
 	 * @return base64 encoding of the tokens concatenated with the ":" delimiter.
 	 */
 	protected String encodeCookie(String[] cookieTokens) {
 		StringBuilder sb = new StringBuilder();
 		for (int i = 0; i < cookieTokens.length; i++) {
-			try
-			{
+			try {
 				sb.append(URLEncoder.encode(cookieTokens[i], StandardCharsets.UTF_8.toString()));
 			}
-			catch (UnsupportedEncodingException e)
-			{
+			catch (UnsupportedEncodingException e) {
 				logger.error(e.getMessage(), e);
 			}
 
@@ -300,8 +294,8 @@ public abstract class AbstractRememberMeServices implements RememberMeServices,
 	 * </p>
 	 */
 	@Override
-	public final void loginSuccess(HttpServletRequest request,
-			HttpServletResponse response, Authentication successfulAuthentication) {
+	public final void loginSuccess(HttpServletRequest request, HttpServletResponse response,
+			Authentication successfulAuthentication) {
 
 		if (!rememberMeRequested(request, parameter)) {
 			logger.debug("Remember-me login not requested.");
@@ -316,18 +310,16 @@ public abstract class AbstractRememberMeServices implements RememberMeServices,
 	 * implemented by subclasses to set a remember-me cookie and potentially store a
 	 * record of it if the implementation requires this.
 	 */
-	protected abstract void onLoginSuccess(HttpServletRequest request,
-			HttpServletResponse response, Authentication successfulAuthentication);
+	protected abstract void onLoginSuccess(HttpServletRequest request, HttpServletResponse response,
+			Authentication successfulAuthentication);
 
 	/**
 	 * Allows customization of whether a remember-me login has been requested. The default
 	 * is to return true if <tt>alwaysRemember</tt> is set or the configured parameter
 	 * name has been included in the request and is set to the value "true".
-	 *
 	 * @param request the request submitted from an interactive login, which may include
 	 * additional information indicating that a persistent login is desired.
 	 * @param parameter the configured remember-me parameter name.
-	 *
 	 * @return true if the request includes information indicating that a persistent login
 	 * has been requested.
 	 */
@@ -346,8 +338,7 @@ public abstract class AbstractRememberMeServices implements RememberMeServices,
 		}
 
 		if (logger.isDebugEnabled()) {
-			logger.debug("Did not send remember-me cookie (principal did not set parameter '"
-					+ parameter + "')");
+			logger.debug("Did not send remember-me cookie (principal did not set parameter '" + parameter + "')");
 		}
 
 		return false;
@@ -356,7 +347,6 @@ public abstract class AbstractRememberMeServices implements RememberMeServices,
 	/**
 	 * Called from autoLogin to process the submitted persistent login cookie. Subclasses
 	 * should validate the cookie and perform any additional management required.
-	 *
 	 * @param cookieTokens the decoded and tokenized cookie value
 	 * @param request the request
 	 * @param response the response, to allow the cookie to be modified if required.
@@ -368,9 +358,8 @@ public abstract class AbstractRememberMeServices implements RememberMeServices,
 	 * cookie couldn't be found (for example if the user has been removed from the
 	 * system).
 	 */
-	protected abstract UserDetails processAutoLoginCookie(String[] cookieTokens,
-			HttpServletRequest request, HttpServletResponse response)
-			throws RememberMeAuthenticationException, UsernameNotFoundException;
+	protected abstract UserDetails processAutoLoginCookie(String[] cookieTokens, HttpServletRequest request,
+			HttpServletResponse response) throws RememberMeAuthenticationException, UsernameNotFoundException;
 
 	/**
 	 * Sets a "cancel cookie" (with maxAge = 0) on the response to disable persistent
@@ -398,16 +387,14 @@ public abstract class AbstractRememberMeServices implements RememberMeServices,
 	 *
 	 * By default a secure cookie will be used if the connection is secure. You can set
 	 * the {@code useSecureCookie} property to {@code false} to override this. If you set
-	 * it to {@code true}, the cookie will always be flagged as secure. By default the cookie
-	 * will be marked as HttpOnly.
-	 *
+	 * it to {@code true}, the cookie will always be flagged as secure. By default the
+	 * cookie will be marked as HttpOnly.
 	 * @param tokens the tokens which will be encoded to make the cookie value.
 	 * @param maxAge the value passed to {@link Cookie#setMaxAge(int)}
 	 * @param request the request
 	 * @param response the response to add the cookie to.
 	 */
-	protected void setCookie(String[] tokens, int maxAge, HttpServletRequest request,
-			HttpServletResponse response) {
+	protected void setCookie(String[] tokens, int maxAge, HttpServletRequest request, HttpServletResponse response) {
 		String cookieValue = encodeCookie(tokens);
 		Cookie cookie = new Cookie(cookieName, cookieValue);
 		cookie.setMaxAge(maxAge);
@@ -441,11 +428,9 @@ public abstract class AbstractRememberMeServices implements RememberMeServices,
 	 * {@code cancelCookie()}.
 	 */
 	@Override
-	public void logout(HttpServletRequest request, HttpServletResponse response,
-			Authentication authentication) {
+	public void logout(HttpServletRequest request, HttpServletResponse response, Authentication authentication) {
 		if (logger.isDebugEnabled()) {
-			logger.debug("Logout of user "
-					+ (authentication == null ? "Unknown" : authentication.getName()));
+			logger.debug("Logout of user " + (authentication == null ? "Unknown" : authentication.getName()));
 		}
 		cancelCookie(request, response);
 	}
@@ -472,7 +457,6 @@ public abstract class AbstractRememberMeServices implements RememberMeServices,
 	 * Sets the name of the parameter which should be checked for to see if a remember-me
 	 * has been requested during a login request. This should be the same name you assign
 	 * to the checkbox in your login form.
-	 *
 	 * @param parameter the HTTP request parameter
 	 */
 	public void setParameter(String parameter) {
@@ -508,7 +492,6 @@ public abstract class AbstractRememberMeServices implements RememberMeServices,
 	 * By default the cookie will be secure if the request is secure. If you only want to
 	 * use remember-me over HTTPS (recommended) you should set this property to
 	 * {@code true}.
-	 *
 	 * @param useSecureCookie set to {@code true} to always user secure cookies,
 	 * {@code false} to disable their use.
 	 */
@@ -522,15 +505,13 @@ public abstract class AbstractRememberMeServices implements RememberMeServices,
 
 	public void setAuthenticationDetailsSource(
 			AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource) {
-		Assert.notNull(authenticationDetailsSource,
-				"AuthenticationDetailsSource cannot be null");
+		Assert.notNull(authenticationDetailsSource, "AuthenticationDetailsSource cannot be null");
 		this.authenticationDetailsSource = authenticationDetailsSource;
 	}
 
 	/**
 	 * Sets the strategy to be used to validate the {@code UserDetails} object obtained
 	 * for the user when processing a remember-me cookie to automatically log in a user.
-	 *
 	 * @param userDetailsChecker the strategy which will be passed the user object to
 	 * allow it to be rejected if account should not be allowed to authenticate (if it is
 	 * locked, for example). Defaults to a {@code AccountStatusUserDetailsChecker}
@@ -544,4 +525,5 @@ public abstract class AbstractRememberMeServices implements RememberMeServices,
 	public void setAuthoritiesMapper(GrantedAuthoritiesMapper authoritiesMapper) {
 		this.authoritiesMapper = authoritiesMapper;
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/authentication/rememberme/CookieTheftException.java b/web/src/main/java/org/springframework/security/web/authentication/rememberme/CookieTheftException.java
index 67fd5e6847..de0bbb867d 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/rememberme/CookieTheftException.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/rememberme/CookieTheftException.java
@@ -19,7 +19,9 @@ package org.springframework.security.web.authentication.rememberme;
  * @author Luke Taylor
  */
 public class CookieTheftException extends RememberMeAuthenticationException {
+
 	public CookieTheftException(String message) {
 		super(message);
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/authentication/rememberme/InMemoryTokenRepositoryImpl.java b/web/src/main/java/org/springframework/security/web/authentication/rememberme/InMemoryTokenRepositoryImpl.java
index 29e0346c3f..87c613967b 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/rememberme/InMemoryTokenRepositoryImpl.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/rememberme/InMemoryTokenRepositoryImpl.java
@@ -29,14 +29,14 @@ import java.util.Map;
  * @author Luke Taylor
  */
 public class InMemoryTokenRepositoryImpl implements PersistentTokenRepository {
+
 	private final Map<String, PersistentRememberMeToken> seriesTokens = new HashMap<>();
 
 	public synchronized void createNewToken(PersistentRememberMeToken token) {
 		PersistentRememberMeToken current = seriesTokens.get(token.getSeries());
 
 		if (current != null) {
-			throw new DataIntegrityViolationException("Series Id '" + token.getSeries()
-					+ "' already exists!");
+			throw new DataIntegrityViolationException("Series Id '" + token.getSeries() + "' already exists!");
 		}
 
 		seriesTokens.put(token.getSeries(), token);
@@ -45,8 +45,8 @@ public class InMemoryTokenRepositoryImpl implements PersistentTokenRepository {
 	public synchronized void updateToken(String series, String tokenValue, Date lastUsed) {
 		PersistentRememberMeToken token = getTokenForSeries(series);
 
-		PersistentRememberMeToken newToken = new PersistentRememberMeToken(
-				token.getUsername(), series, tokenValue, new Date());
+		PersistentRememberMeToken newToken = new PersistentRememberMeToken(token.getUsername(), series, tokenValue,
+				new Date());
 
 		// Store it, overwriting the existing one.
 		seriesTokens.put(series, newToken);
@@ -69,4 +69,5 @@ public class InMemoryTokenRepositoryImpl implements PersistentTokenRepository {
 			}
 		}
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/authentication/rememberme/InvalidCookieException.java b/web/src/main/java/org/springframework/security/web/authentication/rememberme/InvalidCookieException.java
index e02de23b27..13e080d526 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/rememberme/InvalidCookieException.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/rememberme/InvalidCookieException.java
@@ -22,7 +22,9 @@ package org.springframework.security.web.authentication.rememberme;
  * @author Luke Taylor
  */
 public class InvalidCookieException extends RememberMeAuthenticationException {
+
 	public InvalidCookieException(String message) {
 		super(message);
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/authentication/rememberme/JdbcTokenRepositoryImpl.java b/web/src/main/java/org/springframework/security/web/authentication/rememberme/JdbcTokenRepositoryImpl.java
index bca39cabe0..496a36068e 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/rememberme/JdbcTokenRepositoryImpl.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/rememberme/JdbcTokenRepositoryImpl.java
@@ -28,20 +28,24 @@ import java.util.*;
  * @author Luke Taylor
  * @since 2.0
  */
-public class JdbcTokenRepositoryImpl extends JdbcDaoSupport implements
-		PersistentTokenRepository {
+public class JdbcTokenRepositoryImpl extends JdbcDaoSupport implements PersistentTokenRepository {
+
 	// ~ Static fields/initializers
 	// =====================================================================================
 
 	/** Default SQL for creating the database table to store the tokens */
 	public static final String CREATE_TABLE_SQL = "create table persistent_logins (username varchar(64) not null, series varchar(64) primary key, "
 			+ "token varchar(64) not null, last_used timestamp not null)";
+
 	/** The default SQL used by the <tt>getTokenBySeries</tt> query */
 	public static final String DEF_TOKEN_BY_SERIES_SQL = "select username,series,token,last_used from persistent_logins where series = ?";
+
 	/** The default SQL used by <tt>createNewToken</tt> */
 	public static final String DEF_INSERT_TOKEN_SQL = "insert into persistent_logins (username, series, token, last_used) values(?,?,?,?)";
+
 	/** The default SQL used by <tt>updateToken</tt> */
 	public static final String DEF_UPDATE_TOKEN_SQL = "update persistent_logins set token = ?, last_used = ? where series = ?";
+
 	/** The default SQL used by <tt>removeUserTokens</tt> */
 	public static final String DEF_REMOVE_USER_TOKENS_SQL = "delete from persistent_logins where username = ?";
 
@@ -49,9 +53,13 @@ public class JdbcTokenRepositoryImpl extends JdbcDaoSupport implements
 	// ================================================================================================
 
 	private String tokensBySeriesSql = DEF_TOKEN_BY_SERIES_SQL;
+
 	private String insertTokenSql = DEF_INSERT_TOKEN_SQL;
+
 	private String updateTokenSql = DEF_UPDATE_TOKEN_SQL;
+
 	private String removeUserTokensSql = DEF_REMOVE_USER_TOKENS_SQL;
+
 	private boolean createTableOnStartup;
 
 	protected void initDao() {
@@ -61,8 +69,8 @@ public class JdbcTokenRepositoryImpl extends JdbcDaoSupport implements
 	}
 
 	public void createNewToken(PersistentRememberMeToken token) {
-		getJdbcTemplate().update(insertTokenSql, token.getUsername(), token.getSeries(),
-				token.getTokenValue(), token.getDate());
+		getJdbcTemplate().update(insertTokenSql, token.getUsername(), token.getSeries(), token.getTokenValue(),
+				token.getDate());
 	}
 
 	public void updateToken(String series, String tokenValue, Date lastUsed) {
@@ -74,7 +82,6 @@ public class JdbcTokenRepositoryImpl extends JdbcDaoSupport implements
 	 *
 	 * If an error occurs, it will be reported and null will be returned (since the result
 	 * should just be a failed persistent login).
-	 *
 	 * @param seriesId
 	 * @return the token matching the series, or null if no match found or an exception
 	 * occurred.
@@ -82,18 +89,18 @@ public class JdbcTokenRepositoryImpl extends JdbcDaoSupport implements
 	public PersistentRememberMeToken getTokenForSeries(String seriesId) {
 		try {
 			return getJdbcTemplate().queryForObject(tokensBySeriesSql,
-					(rs, rowNum) -> new PersistentRememberMeToken(rs.getString(1), rs
-							.getString(2), rs.getString(3), rs.getTimestamp(4)), seriesId);
+					(rs, rowNum) -> new PersistentRememberMeToken(rs.getString(1), rs.getString(2), rs.getString(3),
+							rs.getTimestamp(4)),
+					seriesId);
 		}
 		catch (EmptyResultDataAccessException zeroResults) {
 			if (logger.isDebugEnabled()) {
-				logger.debug("Querying token for series '" + seriesId
-						+ "' returned no results.", zeroResults);
+				logger.debug("Querying token for series '" + seriesId + "' returned no results.", zeroResults);
 			}
 		}
 		catch (IncorrectResultSizeDataAccessException moreThanOne) {
-			logger.error("Querying token for series '" + seriesId
-					+ "' returned more than one value. Series" + " should be unique");
+			logger.error("Querying token for series '" + seriesId + "' returned more than one value. Series"
+					+ " should be unique");
 		}
 		catch (DataAccessException e) {
 			logger.error("Failed to load token for series " + seriesId, e);
@@ -109,10 +116,10 @@ public class JdbcTokenRepositoryImpl extends JdbcDaoSupport implements
 	/**
 	 * Intended for convenience in debugging. Will create the persistent_tokens database
 	 * table when the class is initialized during the initDao method.
-	 *
 	 * @param createTableOnStartup set to true to execute the
 	 */
 	public void setCreateTableOnStartup(boolean createTableOnStartup) {
 		this.createTableOnStartup = createTableOnStartup;
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/authentication/rememberme/PersistentRememberMeToken.java b/web/src/main/java/org/springframework/security/web/authentication/rememberme/PersistentRememberMeToken.java
index 79fc6da431..8f1666a92a 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/rememberme/PersistentRememberMeToken.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/rememberme/PersistentRememberMeToken.java
@@ -21,13 +21,16 @@ import java.util.Date;
  * @author Luke Taylor
  */
 public class PersistentRememberMeToken {
+
 	private final String username;
+
 	private final String series;
+
 	private final String tokenValue;
+
 	private final Date date;
 
-	public PersistentRememberMeToken(String username, String series, String tokenValue,
-			Date date) {
+	public PersistentRememberMeToken(String username, String series, String tokenValue, Date date) {
 		this.username = username;
 		this.series = series;
 		this.tokenValue = tokenValue;
@@ -49,4 +52,5 @@ public class PersistentRememberMeToken {
 	public Date getDate() {
 		return date;
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServices.java b/web/src/main/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServices.java
index be76241f17..893b06e9b0 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServices.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServices.java
@@ -30,8 +30,8 @@ import org.springframework.security.web.authentication.RememberMeServices;
 import org.springframework.util.Assert;
 
 /**
- * {@link RememberMeServices} implementation based on Barry Jaspan's <a
- * href="http://jaspan.com/improved_persistent_login_cookie_best_practice">Improved
+ * {@link RememberMeServices} implementation based on Barry Jaspan's
+ * <a href="http://jaspan.com/improved_persistent_login_cookie_best_practice">Improved
  * Persistent Login Cookie Best Practice</a>.
  *
  * There is a slight modification to the described approach, in that the username is not
@@ -59,16 +59,18 @@ import org.springframework.util.Assert;
 public class PersistentTokenBasedRememberMeServices extends AbstractRememberMeServices {
 
 	private PersistentTokenRepository tokenRepository = new InMemoryTokenRepositoryImpl();
+
 	private SecureRandom random;
 
 	public static final int DEFAULT_SERIES_LENGTH = 16;
+
 	public static final int DEFAULT_TOKEN_LENGTH = 16;
 
 	private int seriesLength = DEFAULT_SERIES_LENGTH;
+
 	private int tokenLength = DEFAULT_TOKEN_LENGTH;
 
-	public PersistentTokenBasedRememberMeServices(String key,
-			UserDetailsService userDetailsService,
+	public PersistentTokenBasedRememberMeServices(String key, UserDetailsService userDetailsService,
 			PersistentTokenRepository tokenRepository) {
 		super(key, userDetailsService);
 		random = new SecureRandom();
@@ -80,33 +82,29 @@ public class PersistentTokenBasedRememberMeServices extends AbstractRememberMeSe
 	 * the data compares successfully with that in the persistent store, a new token is
 	 * generated and stored with the same series. The corresponding cookie value is set on
 	 * the response.
-	 *
 	 * @param cookieTokens the series and token values
-	 *
 	 * @throws RememberMeAuthenticationException if there is no stored token corresponding
 	 * to the submitted cookie, or if the token in the persistent store has expired.
 	 * @throws InvalidCookieException if the cookie doesn't have two tokens as expected.
 	 * @throws CookieTheftException if a presented series value is found, but the stored
 	 * token is different from the one presented.
 	 */
-	protected UserDetails processAutoLoginCookie(String[] cookieTokens,
-			HttpServletRequest request, HttpServletResponse response) {
+	protected UserDetails processAutoLoginCookie(String[] cookieTokens, HttpServletRequest request,
+			HttpServletResponse response) {
 
 		if (cookieTokens.length != 2) {
-			throw new InvalidCookieException("Cookie token did not contain " + 2
-					+ " tokens, but contained '" + Arrays.asList(cookieTokens) + "'");
+			throw new InvalidCookieException("Cookie token did not contain " + 2 + " tokens, but contained '"
+					+ Arrays.asList(cookieTokens) + "'");
 		}
 
 		final String presentedSeries = cookieTokens[0];
 		final String presentedToken = cookieTokens[1];
 
-		PersistentRememberMeToken token = tokenRepository
-				.getTokenForSeries(presentedSeries);
+		PersistentRememberMeToken token = tokenRepository.getTokenForSeries(presentedSeries);
 
 		if (token == null) {
 			// No series match, so we can't authenticate using this cookie
-			throw new RememberMeAuthenticationException(
-					"No persistent token found for series id: " + presentedSeries);
+			throw new RememberMeAuthenticationException("No persistent token found for series id: " + presentedSeries);
 		}
 
 		// We have a match for this user/series combination
@@ -115,36 +113,31 @@ public class PersistentTokenBasedRememberMeServices extends AbstractRememberMeSe
 			// an exception to warn them.
 			tokenRepository.removeUserTokens(token.getUsername());
 
-			throw new CookieTheftException(
-					messages.getMessage(
-							"PersistentTokenBasedRememberMeServices.cookieStolen",
-							"Invalid remember-me token (Series/token) mismatch. Implies previous cookie theft attack."));
+			throw new CookieTheftException(messages.getMessage("PersistentTokenBasedRememberMeServices.cookieStolen",
+					"Invalid remember-me token (Series/token) mismatch. Implies previous cookie theft attack."));
 		}
 
-		if (token.getDate().getTime() + getTokenValiditySeconds() * 1000L < System
-				.currentTimeMillis()) {
+		if (token.getDate().getTime() + getTokenValiditySeconds() * 1000L < System.currentTimeMillis()) {
 			throw new RememberMeAuthenticationException("Remember-me login has expired");
 		}
 
 		// Token also matches, so login is valid. Update the token value, keeping the
 		// *same* series number.
 		if (logger.isDebugEnabled()) {
-			logger.debug("Refreshing persistent login token for user '"
-					+ token.getUsername() + "', series '" + token.getSeries() + "'");
+			logger.debug("Refreshing persistent login token for user '" + token.getUsername() + "', series '"
+					+ token.getSeries() + "'");
 		}
 
-		PersistentRememberMeToken newToken = new PersistentRememberMeToken(
-				token.getUsername(), token.getSeries(), generateTokenData(), new Date());
+		PersistentRememberMeToken newToken = new PersistentRememberMeToken(token.getUsername(), token.getSeries(),
+				generateTokenData(), new Date());
 
 		try {
-			tokenRepository.updateToken(newToken.getSeries(), newToken.getTokenValue(),
-					newToken.getDate());
+			tokenRepository.updateToken(newToken.getSeries(), newToken.getTokenValue(), newToken.getDate());
 			addCookie(newToken, request, response);
 		}
 		catch (Exception e) {
 			logger.error("Failed to update token: ", e);
-			throw new RememberMeAuthenticationException(
-					"Autologin failed due to data access problem");
+			throw new RememberMeAuthenticationException("Autologin failed due to data access problem");
 		}
 
 		return getUserDetailsService().loadUserByUsername(token.getUsername());
@@ -155,14 +148,14 @@ public class PersistentTokenBasedRememberMeServices extends AbstractRememberMeSe
 	 * the persistent token repository and adds the corresponding cookie to the response.
 	 *
 	 */
-	protected void onLoginSuccess(HttpServletRequest request,
-			HttpServletResponse response, Authentication successfulAuthentication) {
+	protected void onLoginSuccess(HttpServletRequest request, HttpServletResponse response,
+			Authentication successfulAuthentication) {
 		String username = successfulAuthentication.getName();
 
 		logger.debug("Creating new persistent login for user " + username);
 
-		PersistentRememberMeToken persistentToken = new PersistentRememberMeToken(
-				username, generateSeriesData(), generateTokenData(), new Date());
+		PersistentRememberMeToken persistentToken = new PersistentRememberMeToken(username, generateSeriesData(),
+				generateTokenData(), new Date());
 		try {
 			tokenRepository.createNewToken(persistentToken);
 			addCookie(persistentToken, request, response);
@@ -173,8 +166,7 @@ public class PersistentTokenBasedRememberMeServices extends AbstractRememberMeSe
 	}
 
 	@Override
-	public void logout(HttpServletRequest request, HttpServletResponse response,
-			Authentication authentication) {
+	public void logout(HttpServletRequest request, HttpServletResponse response, Authentication authentication) {
 		super.logout(request, response, authentication);
 
 		if (authentication != null) {
@@ -194,10 +186,9 @@ public class PersistentTokenBasedRememberMeServices extends AbstractRememberMeSe
 		return new String(Base64.getEncoder().encode(newToken));
 	}
 
-	private void addCookie(PersistentRememberMeToken token, HttpServletRequest request,
-			HttpServletResponse response) {
-		setCookie(new String[] { token.getSeries(), token.getTokenValue() },
-				getTokenValiditySeconds(), request, response);
+	private void addCookie(PersistentRememberMeToken token, HttpServletRequest request, HttpServletResponse response) {
+		setCookie(new String[] { token.getSeries(), token.getTokenValue() }, getTokenValiditySeconds(), request,
+				response);
 	}
 
 	public void setSeriesLength(int seriesLength) {
@@ -210,8 +201,8 @@ public class PersistentTokenBasedRememberMeServices extends AbstractRememberMeSe
 
 	@Override
 	public void setTokenValiditySeconds(int tokenValiditySeconds) {
-		Assert.isTrue(tokenValiditySeconds > 0,
-				"tokenValiditySeconds must be positive for this implementation");
+		Assert.isTrue(tokenValiditySeconds > 0, "tokenValiditySeconds must be positive for this implementation");
 		super.setTokenValiditySeconds(tokenValiditySeconds);
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/authentication/rememberme/PersistentTokenRepository.java b/web/src/main/java/org/springframework/security/web/authentication/rememberme/PersistentTokenRepository.java
index 95d3e79880..f6b1a1c228 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/rememberme/PersistentTokenRepository.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/rememberme/PersistentTokenRepository.java
@@ -23,7 +23,6 @@ import java.util.Date;
  *
  * @see JdbcTokenRepositoryImpl
  * @see InMemoryTokenRepositoryImpl
- *
  * @author Luke Taylor
  * @since 2.0
  */
diff --git a/web/src/main/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationException.java b/web/src/main/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationException.java
index 28568d46f8..8dd2fcf443 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationException.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationException.java
@@ -32,7 +32,6 @@ public class RememberMeAuthenticationException extends AuthenticationException {
 	/**
 	 * Constructs a {@code RememberMeAuthenticationException} with the specified message
 	 * and root cause.
-	 *
 	 * @param msg the detail message
 	 * @param t the root cause
 	 */
@@ -43,10 +42,10 @@ public class RememberMeAuthenticationException extends AuthenticationException {
 	/**
 	 * Constructs an {@code RememberMeAuthenticationException} with the specified message
 	 * and no root cause.
-	 *
 	 * @param msg the detail message
 	 */
 	public RememberMeAuthenticationException(String msg) {
 		super(msg);
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationFilter.java b/web/src/main/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationFilter.java
index e63b4ccd33..5a8768875f 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationFilter.java
@@ -61,15 +61,17 @@ import org.springframework.web.filter.GenericFilterBean;
  * @author Ben Alex
  * @author Luke Taylor
  */
-public class RememberMeAuthenticationFilter extends GenericFilterBean implements
-		ApplicationEventPublisherAware {
+public class RememberMeAuthenticationFilter extends GenericFilterBean implements ApplicationEventPublisherAware {
 
 	// ~ Instance fields
 	// ================================================================================================
 
 	private ApplicationEventPublisher eventPublisher;
+
 	private AuthenticationSuccessHandler successHandler;
+
 	private AuthenticationManager authenticationManager;
+
 	private RememberMeServices rememberMeServices;
 
 	public RememberMeAuthenticationFilter(AuthenticationManager authenticationManager,
@@ -95,8 +97,7 @@ public class RememberMeAuthenticationFilter extends GenericFilterBean implements
 		HttpServletResponse response = (HttpServletResponse) res;
 
 		if (SecurityContextHolder.getContext().getAuthentication() == null) {
-			Authentication rememberMeAuth = rememberMeServices.autoLogin(request,
-					response);
+			Authentication rememberMeAuth = rememberMeServices.autoLogin(request, response);
 
 			if (rememberMeAuth != null) {
 				// Attempt authenticaton via AuthenticationManager
@@ -110,21 +111,17 @@ public class RememberMeAuthenticationFilter extends GenericFilterBean implements
 
 					if (logger.isDebugEnabled()) {
 						logger.debug("SecurityContextHolder populated with remember-me token: '"
-								+ SecurityContextHolder.getContext().getAuthentication()
-								+ "'");
+								+ SecurityContextHolder.getContext().getAuthentication() + "'");
 					}
 
 					// Fire event
 					if (this.eventPublisher != null) {
-						eventPublisher
-								.publishEvent(new InteractiveAuthenticationSuccessEvent(
-										SecurityContextHolder.getContext()
-												.getAuthentication(), this.getClass()));
+						eventPublisher.publishEvent(new InteractiveAuthenticationSuccessEvent(
+								SecurityContextHolder.getContext().getAuthentication(), this.getClass()));
 					}
 
 					if (successHandler != null) {
-						successHandler.onAuthenticationSuccess(request, response,
-								rememberMeAuth);
+						successHandler.onAuthenticationSuccess(request, response, rememberMeAuth);
 
 						return;
 					}
@@ -132,18 +129,14 @@ public class RememberMeAuthenticationFilter extends GenericFilterBean implements
 				}
 				catch (AuthenticationException authenticationException) {
 					if (logger.isDebugEnabled()) {
-						logger.debug(
-								"SecurityContextHolder not populated with remember-me token, as "
-										+ "AuthenticationManager rejected Authentication returned by RememberMeServices: '"
-										+ rememberMeAuth
-										+ "'; invalidating remember-me token",
-								authenticationException);
+						logger.debug("SecurityContextHolder not populated with remember-me token, as "
+								+ "AuthenticationManager rejected Authentication returned by RememberMeServices: '"
+								+ rememberMeAuth + "'; invalidating remember-me token", authenticationException);
 					}
 
 					rememberMeServices.loginFail(request, response);
 
-					onUnsuccessfulAuthentication(request, response,
-							authenticationException);
+					onUnsuccessfulAuthentication(request, response, authenticationException);
 				}
 			}
 
@@ -164,8 +157,8 @@ public class RememberMeAuthenticationFilter extends GenericFilterBean implements
 	 * {@code RememberMeServices} {@code autoLogin} method and the
 	 * {@code AuthenticationManager}.
 	 */
-	protected void onSuccessfulAuthentication(HttpServletRequest request,
-			HttpServletResponse response, Authentication authResult) {
+	protected void onSuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response,
+			Authentication authResult) {
 	}
 
 	/**
@@ -174,8 +167,8 @@ public class RememberMeAuthenticationFilter extends GenericFilterBean implements
 	 * will not be called when no remember-me token is present in the request and
 	 * {@code autoLogin} reurns null.
 	 */
-	protected void onUnsuccessfulAuthentication(HttpServletRequest request,
-			HttpServletResponse response, AuthenticationException failed) {
+	protected void onUnsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response,
+			AuthenticationException failed) {
 	}
 
 	public RememberMeServices getRememberMeServices() {
@@ -193,12 +186,10 @@ public class RememberMeAuthenticationFilter extends GenericFilterBean implements
 	 * be invoked and the {@code doFilter()} method will return immediately, thus allowing
 	 * the application to redirect the user to a specific URL, regardless of whatthe
 	 * original request was for.
-	 *
 	 * @param successHandler the strategy to invoke immediately before returning from
 	 * {@code doFilter()}.
 	 */
-	public void setAuthenticationSuccessHandler(
-			AuthenticationSuccessHandler successHandler) {
+	public void setAuthenticationSuccessHandler(AuthenticationSuccessHandler successHandler) {
 		Assert.notNull(successHandler, "successHandler cannot be null");
 		this.successHandler = successHandler;
 	}
diff --git a/web/src/main/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServices.java b/web/src/main/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServices.java
index 2d7ff3399d..de73ae99d5 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServices.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServices.java
@@ -79,7 +79,6 @@ import java.util.Date;
  * value will be used for the <tt>maxAge</tt> property of the cookie, meaning that it will
  * not be stored when the browser is closed.
  *
- *
  * @author Ben Alex
  */
 public class TokenBasedRememberMeServices extends AbstractRememberMeServices {
@@ -92,12 +91,12 @@ public class TokenBasedRememberMeServices extends AbstractRememberMeServices {
 	// ========================================================================================================
 
 	@Override
-	protected UserDetails processAutoLoginCookie(String[] cookieTokens,
-			HttpServletRequest request, HttpServletResponse response) {
+	protected UserDetails processAutoLoginCookie(String[] cookieTokens, HttpServletRequest request,
+			HttpServletResponse response) {
 
 		if (cookieTokens.length != 3) {
-			throw new InvalidCookieException("Cookie token did not contain 3"
-					+ " tokens, but contained '" + Arrays.asList(cookieTokens) + "'");
+			throw new InvalidCookieException(
+					"Cookie token did not contain 3" + " tokens, but contained '" + Arrays.asList(cookieTokens) + "'");
 		}
 
 		long tokenExpiryTime;
@@ -107,26 +106,22 @@ public class TokenBasedRememberMeServices extends AbstractRememberMeServices {
 		}
 		catch (NumberFormatException nfe) {
 			throw new InvalidCookieException(
-					"Cookie token[1] did not contain a valid number (contained '"
-							+ cookieTokens[1] + "')");
+					"Cookie token[1] did not contain a valid number (contained '" + cookieTokens[1] + "')");
 		}
 
 		if (isTokenExpired(tokenExpiryTime)) {
-			throw new InvalidCookieException("Cookie token[1] has expired (expired on '"
-					+ new Date(tokenExpiryTime) + "'; current time is '" + new Date()
-					+ "')");
+			throw new InvalidCookieException("Cookie token[1] has expired (expired on '" + new Date(tokenExpiryTime)
+					+ "'; current time is '" + new Date() + "')");
 		}
 
 		// Check the user exists.
 		// Defer lookup until after expiry time checked, to possibly avoid expensive
 		// database call.
 
-		UserDetails userDetails = getUserDetailsService().loadUserByUsername(
-				cookieTokens[0]);
+		UserDetails userDetails = getUserDetailsService().loadUserByUsername(cookieTokens[0]);
 
 		Assert.notNull(userDetails, () -> "UserDetailsService " + getUserDetailsService()
-				+ " returned null for username " + cookieTokens[0] + ". "
-				+ "This is an interface contract violation");
+				+ " returned null for username " + cookieTokens[0] + ". " + "This is an interface contract violation");
 
 		// Check signature of token matches remaining details.
 		// Must do this after user lookup, as we need the DAO-derived password.
@@ -135,12 +130,12 @@ public class TokenBasedRememberMeServices extends AbstractRememberMeServices {
 		// the token is valid,
 		// it will cause SecurityContextHolder population, whilst if invalid, will cause
 		// the cookie to be cancelled.
-		String expectedTokenSignature = makeTokenSignature(tokenExpiryTime,
-				userDetails.getUsername(), userDetails.getPassword());
+		String expectedTokenSignature = makeTokenSignature(tokenExpiryTime, userDetails.getUsername(),
+				userDetails.getPassword());
 
 		if (!equals(expectedTokenSignature, cookieTokens[2])) {
-			throw new InvalidCookieException("Cookie token[2] contained signature '"
-					+ cookieTokens[2] + "' but expected '" + expectedTokenSignature + "'");
+			throw new InvalidCookieException("Cookie token[2] contained signature '" + cookieTokens[2]
+					+ "' but expected '" + expectedTokenSignature + "'");
 		}
 
 		return userDetails;
@@ -150,8 +145,7 @@ public class TokenBasedRememberMeServices extends AbstractRememberMeServices {
 	 * Calculates the digital signature to be put in the cookie. Default value is MD5
 	 * ("username:tokenExpiryTime:password:key")
 	 */
-	protected String makeTokenSignature(long tokenExpiryTime, String username,
-			String password) {
+	protected String makeTokenSignature(long tokenExpiryTime, String username, String password) {
 		String data = username + ":" + tokenExpiryTime + ":" + password + ":" + getKey();
 		MessageDigest digest;
 		try {
@@ -200,12 +194,12 @@ public class TokenBasedRememberMeServices extends AbstractRememberMeServices {
 
 		String signatureValue = makeTokenSignature(expiryTime, username, password);
 
-		setCookie(new String[] { username, Long.toString(expiryTime), signatureValue },
-				tokenLifetime, request, response);
+		setCookie(new String[] { username, Long.toString(expiryTime), signatureValue }, tokenLifetime, request,
+				response);
 
 		if (logger.isDebugEnabled()) {
-			logger.debug("Added remember-me cookie for user '" + username
-					+ "', expiry: '" + new Date(expiryTime) + "'");
+			logger.debug(
+					"Added remember-me cookie for user '" + username + "', expiry: '" + new Date(expiryTime) + "'");
 		}
 	}
 
@@ -220,13 +214,11 @@ public class TokenBasedRememberMeServices extends AbstractRememberMeServices {
 	 * also be used to set the <tt>maxAge</tt> property of the cookie.
 	 *
 	 * See SEC-485.
-	 *
 	 * @param request the request passed to onLoginSuccess
 	 * @param authentication the successful authentication object.
 	 * @return the lifetime in seconds.
 	 */
-	protected int calculateLoginLifetime(HttpServletRequest request,
-			Authentication authentication) {
+	protected int calculateLoginLifetime(HttpServletRequest request, Authentication authentication) {
 		return getTokenValiditySeconds();
 	}
 
@@ -271,4 +263,5 @@ public class TokenBasedRememberMeServices extends AbstractRememberMeServices {
 		}
 		return Utf8.encode(s);
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/authentication/rememberme/package-info.java b/web/src/main/java/org/springframework/security/web/authentication/rememberme/package-info.java
index b45f6feb1c..752a10d694 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/rememberme/package-info.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/rememberme/package-info.java
@@ -16,9 +16,8 @@
 /**
  * Support for remembering a user between different web sessions.
  * <p>
- * Comes with two default implementations. See the
- * <a href="https://docs.spring.io/spring-security/site/docs/3.0.x/reference/remember-me.html">Remember-Me
+ * Comes with two default implementations. See the <a href=
+ * "https://docs.spring.io/spring-security/site/docs/3.0.x/reference/remember-me.html">Remember-Me
  * Authentication</a> chapter of the reference manual.
  */
 package org.springframework.security.web.authentication.rememberme;
-
diff --git a/web/src/main/java/org/springframework/security/web/authentication/session/AbstractSessionFixationProtectionStrategy.java b/web/src/main/java/org/springframework/security/web/authentication/session/AbstractSessionFixationProtectionStrategy.java
index d1a439159e..d31bdd29a0 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/session/AbstractSessionFixationProtectionStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/session/AbstractSessionFixationProtectionStrategy.java
@@ -34,15 +34,17 @@ import org.springframework.web.util.WebUtils;
  * @author Rob Winch
  * @since 3.2
  */
-abstract class AbstractSessionFixationProtectionStrategy implements
-		SessionAuthenticationStrategy, ApplicationEventPublisherAware {
+abstract class AbstractSessionFixationProtectionStrategy
+		implements SessionAuthenticationStrategy, ApplicationEventPublisherAware {
 
 	protected final Log logger = LogFactory.getLog(this.getClass());
+
 	/**
 	 * Used for publishing events related to session fixation protection, such as
 	 * {@link SessionFixationProtectionEvent}.
 	 */
 	private ApplicationEventPublisher applicationEventPublisher = new NullEventPublisher();
+
 	/**
 	 * If set to {@code true}, a session will always be created, even if one didn't exist
 	 * at the start of the request. Defaults to {@code false}.
@@ -62,8 +64,8 @@ abstract class AbstractSessionFixationProtectionStrategy implements
 	 * property is set, in which case a session will be created if one doesn't already
 	 * exist.
 	 */
-	public void onAuthentication(Authentication authentication,
-			HttpServletRequest request, HttpServletResponse response) {
+	public void onAuthentication(Authentication authentication, HttpServletRequest request,
+			HttpServletResponse response) {
 		boolean hadSessionAlready = request.getSession(false) != null;
 
 		if (!hadSessionAlready && !alwaysCreateSession) {
@@ -89,8 +91,9 @@ abstract class AbstractSessionFixationProtectionStrategy implements
 			}
 
 			if (originalSessionId.equals(newSessionId)) {
-				logger.warn("Your servlet container did not change the session ID when a new session was created. You will"
-						+ " not be adequately protected against session-fixation attacks");
+				logger.warn(
+						"Your servlet container did not change the session ID when a new session was created. You will"
+								+ " not be adequately protected against session-fixation attacks");
 			}
 
 			onSessionChange(originalSessionId, session, authentication);
@@ -99,7 +102,6 @@ abstract class AbstractSessionFixationProtectionStrategy implements
 
 	/**
 	 * Applies session fixation
-	 *
 	 * @param request the {@link HttpServletRequest} to apply session fixation protection
 	 * for
 	 * @return the new {@link HttpSession} to use. Cannot be null.
@@ -116,29 +118,24 @@ abstract class AbstractSessionFixationProtectionStrategy implements
 	 * ID has changed. If you override this method and still wish these events to be
 	 * published, you should call {@code super.onSessionChange()} within your overriding
 	 * method.
-	 *
 	 * @param originalSessionId the original session identifier
 	 * @param newSession the newly created session
 	 * @param auth the token for the newly authenticated principal
 	 */
-	protected void onSessionChange(String originalSessionId, HttpSession newSession,
-			Authentication auth) {
-		applicationEventPublisher.publishEvent(new SessionFixationProtectionEvent(auth,
-				originalSessionId, newSession.getId()));
+	protected void onSessionChange(String originalSessionId, HttpSession newSession, Authentication auth) {
+		applicationEventPublisher
+				.publishEvent(new SessionFixationProtectionEvent(auth, originalSessionId, newSession.getId()));
 	}
 
 	/**
 	 * Sets the {@link ApplicationEventPublisher} to use for submitting
 	 * {@link SessionFixationProtectionEvent}. The default is to not submit the
 	 * {@link SessionFixationProtectionEvent}.
-	 *
 	 * @param applicationEventPublisher the {@link ApplicationEventPublisher}. Cannot be
 	 * null.
 	 */
-	public void setApplicationEventPublisher(
-			ApplicationEventPublisher applicationEventPublisher) {
-		Assert.notNull(applicationEventPublisher,
-				"applicationEventPublisher cannot be null");
+	public void setApplicationEventPublisher(ApplicationEventPublisher applicationEventPublisher) {
+		Assert.notNull(applicationEventPublisher, "applicationEventPublisher cannot be null");
 		this.applicationEventPublisher = applicationEventPublisher;
 	}
 
@@ -147,11 +144,13 @@ abstract class AbstractSessionFixationProtectionStrategy implements
 	}
 
 	protected static final class NullEventPublisher implements ApplicationEventPublisher {
+
 		public void publishEvent(ApplicationEvent event) {
 		}
 
 		public void publishEvent(Object event) {
 		}
+
 	}
 
 }
\ No newline at end of file
diff --git a/web/src/main/java/org/springframework/security/web/authentication/session/ChangeSessionIdAuthenticationStrategy.java b/web/src/main/java/org/springframework/security/web/authentication/session/ChangeSessionIdAuthenticationStrategy.java
index bbff6f2b44..1a70662205 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/session/ChangeSessionIdAuthenticationStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/session/ChangeSessionIdAuthenticationStrategy.java
@@ -25,8 +25,7 @@ import javax.servlet.http.HttpSession;
  * @author Rob Winch
  * @since 3.2
  */
-public final class ChangeSessionIdAuthenticationStrategy
-		extends AbstractSessionFixationProtectionStrategy {
+public final class ChangeSessionIdAuthenticationStrategy extends AbstractSessionFixationProtectionStrategy {
 
 	/*
 	 * (non-Javadoc)
@@ -40,4 +39,5 @@ public final class ChangeSessionIdAuthenticationStrategy
 		request.changeSessionId();
 		return request.getSession();
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/authentication/session/CompositeSessionAuthenticationStrategy.java b/web/src/main/java/org/springframework/security/web/authentication/session/CompositeSessionAuthenticationStrategy.java
index c3dc992eb8..4f7bdf1c1d 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/session/CompositeSessionAuthenticationStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/session/CompositeSessionAuthenticationStrategy.java
@@ -53,19 +53,18 @@ import org.springframework.util.Assert;
  * @author Rob Winch
  * @since 3.2
  */
-public class CompositeSessionAuthenticationStrategy
-		implements SessionAuthenticationStrategy {
+public class CompositeSessionAuthenticationStrategy implements SessionAuthenticationStrategy {
+
 	private final Log logger = LogFactory.getLog(getClass());
+
 	private final List<SessionAuthenticationStrategy> delegateStrategies;
 
-	public CompositeSessionAuthenticationStrategy(
-			List<SessionAuthenticationStrategy> delegateStrategies) {
+	public CompositeSessionAuthenticationStrategy(List<SessionAuthenticationStrategy> delegateStrategies) {
 		Assert.notEmpty(delegateStrategies, "delegateStrategies cannot be null or empty");
 		for (SessionAuthenticationStrategy strategy : delegateStrategies) {
 			if (strategy == null) {
 				throw new IllegalArgumentException(
-						"delegateStrategies cannot contain null entires. Got "
-								+ delegateStrategies);
+						"delegateStrategies cannot contain null entires. Got " + delegateStrategies);
 			}
 		}
 		this.delegateStrategies = delegateStrategies;
@@ -79,9 +78,8 @@ public class CompositeSessionAuthenticationStrategy
 	 * #onAuthentication(org.springframework.security.core.Authentication,
 	 * javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
 	 */
-	public void onAuthentication(Authentication authentication,
-			HttpServletRequest request, HttpServletResponse response)
-					throws SessionAuthenticationException {
+	public void onAuthentication(Authentication authentication, HttpServletRequest request,
+			HttpServletResponse response) throws SessionAuthenticationException {
 		for (SessionAuthenticationStrategy delegate : this.delegateStrategies) {
 			if (this.logger.isDebugEnabled()) {
 				this.logger.debug("Delegating to " + delegate);
@@ -92,7 +90,7 @@ public class CompositeSessionAuthenticationStrategy
 
 	@Override
 	public String toString() {
-		return getClass().getName() + " [delegateStrategies = " + this.delegateStrategies
-				+ "]";
+		return getClass().getName() + " [delegateStrategies = " + this.delegateStrategies + "]";
 	}
+
 }
\ No newline at end of file
diff --git a/web/src/main/java/org/springframework/security/web/authentication/session/ConcurrentSessionControlAuthenticationStrategy.java b/web/src/main/java/org/springframework/security/web/authentication/session/ConcurrentSessionControlAuthenticationStrategy.java
index 9e30a2830e..976fc44920 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/session/ConcurrentSessionControlAuthenticationStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/session/ConcurrentSessionControlAuthenticationStrategy.java
@@ -46,9 +46,9 @@ import org.springframework.util.Assert;
  * </p>
  * <p>
  * If a user has reached the maximum number of permitted sessions, the behaviour depends
- * on the <tt>exceptionIfMaxExceeded</tt> property. The default behaviour is to expire
- * any sessions that exceed the maximum number of permitted sessions, starting with the
- * least recently used sessions. The expired sessions will be invalidated by the
+ * on the <tt>exceptionIfMaxExceeded</tt> property. The default behaviour is to expire any
+ * sessions that exceed the maximum number of permitted sessions, starting with the least
+ * recently used sessions. The expired sessions will be invalidated by the
  * {@link ConcurrentSessionFilter} if accessed again. If <tt>exceptionIfMaxExceeded</tt>
  * is set to <tt>true</tt>, however, the user will be prevented from starting a new
  * authenticated session.
@@ -62,16 +62,19 @@ import org.springframework.util.Assert;
  * </p>
  *
  * @see CompositeSessionAuthenticationStrategy
- *
  * @author Luke Taylor
  * @author Rob Winch
  * @since 3.2
  */
-public class ConcurrentSessionControlAuthenticationStrategy implements
-		MessageSourceAware, SessionAuthenticationStrategy {
+public class ConcurrentSessionControlAuthenticationStrategy
+		implements MessageSourceAware, SessionAuthenticationStrategy {
+
 	protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
+
 	private final SessionRegistry sessionRegistry;
+
 	private boolean exceptionIfMaximumExceeded = false;
+
 	private int maximumSessions = 1;
 
 	/**
@@ -87,11 +90,10 @@ public class ConcurrentSessionControlAuthenticationStrategy implements
 	 * In addition to the steps from the superclass, the sessionRegistry will be updated
 	 * with the new session information.
 	 */
-	public void onAuthentication(Authentication authentication,
-			HttpServletRequest request, HttpServletResponse response) {
+	public void onAuthentication(Authentication authentication, HttpServletRequest request,
+			HttpServletResponse response) {
 
-		final List<SessionInformation> sessions = sessionRegistry.getAllSessions(
-				authentication.getPrincipal(), false);
+		final List<SessionInformation> sessions = sessionRegistry.getAllSessions(authentication.getPrincipal(), false);
 
 		int sessionCount = sessions.size();
 		int allowedSessions = getMaximumSessionsForThisUser(authentication);
@@ -129,9 +131,7 @@ public class ConcurrentSessionControlAuthenticationStrategy implements
 	 * Method intended for use by subclasses to override the maximum number of sessions
 	 * that are permitted for a particular authentication. The default implementation
 	 * simply returns the <code>maximumSessions</code> value for the bean.
-	 *
 	 * @param authentication to determine the maximum sessions for
-	 *
 	 * @return either -1 meaning unlimited, or a positive integer to limit (never zero)
 	 */
 	protected int getMaximumSessionsForThisUser(Authentication authentication) {
@@ -140,7 +140,6 @@ public class ConcurrentSessionControlAuthenticationStrategy implements
 
 	/**
 	 * Allows subclasses to customise behaviour when too many sessions are detected.
-	 *
 	 * @param sessions either <code>null</code> or all unexpired sessions associated with
 	 * the principal
 	 * @param allowableSessions the number of concurrent sessions the user is allowed to
@@ -148,21 +147,19 @@ public class ConcurrentSessionControlAuthenticationStrategy implements
 	 * @param registry an instance of the <code>SessionRegistry</code> for subclass use
 	 *
 	 */
-	protected void allowableSessionsExceeded(List<SessionInformation> sessions,
-			int allowableSessions, SessionRegistry registry)
-			throws SessionAuthenticationException {
+	protected void allowableSessionsExceeded(List<SessionInformation> sessions, int allowableSessions,
+			SessionRegistry registry) throws SessionAuthenticationException {
 		if (exceptionIfMaximumExceeded || (sessions == null)) {
-			throw new SessionAuthenticationException(messages.getMessage(
-					"ConcurrentSessionControlAuthenticationStrategy.exceededAllowed",
-					new Object[] {allowableSessions},
-					"Maximum sessions of {0} for this principal exceeded"));
+			throw new SessionAuthenticationException(
+					messages.getMessage("ConcurrentSessionControlAuthenticationStrategy.exceededAllowed",
+							new Object[] { allowableSessions }, "Maximum sessions of {0} for this principal exceeded"));
 		}
 
 		// Determine least recently used sessions, and mark them for invalidation
 		sessions.sort(Comparator.comparing(SessionInformation::getLastRequest));
 		int maximumSessionsExceededBy = sessions.size() - allowableSessions + 1;
 		List<SessionInformation> sessionsToBeExpired = sessions.subList(0, maximumSessionsExceededBy);
-		for (SessionInformation session: sessionsToBeExpired) {
+		for (SessionInformation session : sessionsToBeExpired) {
 			session.expireNow();
 		}
 	}
@@ -174,7 +171,6 @@ public class ConcurrentSessionControlAuthenticationStrategy implements
 	 * the user authenticating will be prevented from authenticating. if set to
 	 * <tt>false</tt>, the user that has already authenticated will be forcibly logged
 	 * out.
-	 *
 	 * @param exceptionIfMaximumExceeded defaults to <tt>false</tt>.
 	 */
 	public void setExceptionIfMaximumExceeded(boolean exceptionIfMaximumExceeded) {
@@ -184,13 +180,11 @@ public class ConcurrentSessionControlAuthenticationStrategy implements
 	/**
 	 * Sets the <tt>maxSessions</tt> property. The default value is 1. Use -1 for
 	 * unlimited sessions.
-	 *
 	 * @param maximumSessions the maximimum number of permitted sessions a user can have
 	 * open simultaneously.
 	 */
 	public void setMaximumSessions(int maximumSessions) {
-		Assert.isTrue(
-				maximumSessions != 0,
+		Assert.isTrue(maximumSessions != 0,
 				"MaximumLogins must be either -1 to allow unlimited logins, or a positive integer to specify a maximum");
 		this.maximumSessions = maximumSessions;
 	}
@@ -203,4 +197,5 @@ public class ConcurrentSessionControlAuthenticationStrategy implements
 		Assert.notNull(messageSource, "messageSource cannot be null");
 		this.messages = new MessageSourceAccessor(messageSource);
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/authentication/session/NullAuthenticatedSessionStrategy.java b/web/src/main/java/org/springframework/security/web/authentication/session/NullAuthenticatedSessionStrategy.java
index d5a88fc965..0654ae9c60 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/session/NullAuthenticatedSessionStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/session/NullAuthenticatedSessionStrategy.java
@@ -21,14 +21,13 @@ import javax.servlet.http.HttpServletResponse;
 import org.springframework.security.core.Authentication;
 
 /**
- *
  * @author Luke Taylor
  * @since 3.0
  */
-public final class NullAuthenticatedSessionStrategy implements
-		SessionAuthenticationStrategy {
+public final class NullAuthenticatedSessionStrategy implements SessionAuthenticationStrategy {
 
-	public void onAuthentication(Authentication authentication,
-			HttpServletRequest request, HttpServletResponse response) {
+	public void onAuthentication(Authentication authentication, HttpServletRequest request,
+			HttpServletResponse response) {
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/authentication/session/RegisterSessionAuthenticationStrategy.java b/web/src/main/java/org/springframework/security/web/authentication/session/RegisterSessionAuthenticationStrategy.java
index 7db17f177a..8681163a6b 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/session/RegisterSessionAuthenticationStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/session/RegisterSessionAuthenticationStrategy.java
@@ -39,13 +39,12 @@ import org.springframework.util.Assert;
  * {@link HttpSessionEventPublisher}.
  *
  * @see CompositeSessionAuthenticationStrategy
- *
  * @author Luke Taylor
  * @author Rob Winch
  * @since 3.2
  */
-public class RegisterSessionAuthenticationStrategy implements
-		SessionAuthenticationStrategy {
+public class RegisterSessionAuthenticationStrategy implements SessionAuthenticationStrategy {
+
 	private final SessionRegistry sessionRegistry;
 
 	/**
@@ -61,9 +60,9 @@ public class RegisterSessionAuthenticationStrategy implements
 	 * In addition to the steps from the superclass, the sessionRegistry will be updated
 	 * with the new session information.
 	 */
-	public void onAuthentication(Authentication authentication,
-			HttpServletRequest request, HttpServletResponse response) {
-		sessionRegistry.registerNewSession(request.getSession().getId(),
-				authentication.getPrincipal());
+	public void onAuthentication(Authentication authentication, HttpServletRequest request,
+			HttpServletResponse response) {
+		sessionRegistry.registerNewSession(request.getSession().getId(), authentication.getPrincipal());
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/authentication/session/SessionAuthenticationStrategy.java b/web/src/main/java/org/springframework/security/web/authentication/session/SessionAuthenticationStrategy.java
index 1c55d700bf..21d576ba70 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/session/SessionAuthenticationStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/session/SessionAuthenticationStrategy.java
@@ -34,12 +34,11 @@ public interface SessionAuthenticationStrategy {
 
 	/**
 	 * Performs Http session-related functionality when a new authentication occurs.
-	 *
 	 * @throws SessionAuthenticationException if it is decided that the authentication is
 	 * not allowed for the session. This will typically be because the user has too many
 	 * sessions open at once.
 	 */
-	void onAuthentication(Authentication authentication, HttpServletRequest request,
-			HttpServletResponse response) throws SessionAuthenticationException;
+	void onAuthentication(Authentication authentication, HttpServletRequest request, HttpServletResponse response)
+			throws SessionAuthenticationException;
 
 }
diff --git a/web/src/main/java/org/springframework/security/web/authentication/session/SessionFixationProtectionEvent.java b/web/src/main/java/org/springframework/security/web/authentication/session/SessionFixationProtectionEvent.java
index 6797b143f3..36f1389ae6 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/session/SessionFixationProtectionEvent.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/session/SessionFixationProtectionEvent.java
@@ -28,6 +28,7 @@ import org.springframework.util.Assert;
  * @see SessionFixationProtectionStrategy
  */
 public class SessionFixationProtectionEvent extends AbstractAuthenticationEvent {
+
 	// ~ Instance fields
 	// ================================================================================================
 
@@ -40,13 +41,11 @@ public class SessionFixationProtectionEvent extends AbstractAuthenticationEvent
 
 	/**
 	 * Constructs a new session fixation protection event.
-	 *
 	 * @param authentication The authentication object
 	 * @param oldSessionId The old session ID before it was changed
 	 * @param newSessionId The new session ID after it was changed
 	 */
-	public SessionFixationProtectionEvent(Authentication authentication,
-			String oldSessionId, String newSessionId) {
+	public SessionFixationProtectionEvent(Authentication authentication, String oldSessionId, String newSessionId) {
 		super(authentication);
 		Assert.hasLength(oldSessionId, "oldSessionId must have length");
 		Assert.hasLength(newSessionId, "newSessionId must have length");
@@ -59,7 +58,6 @@ public class SessionFixationProtectionEvent extends AbstractAuthenticationEvent
 
 	/**
 	 * Getter for the session ID before it was changed.
-	 *
 	 * @return the old session ID.
 	 */
 	public String getOldSessionId() {
@@ -68,10 +66,10 @@ public class SessionFixationProtectionEvent extends AbstractAuthenticationEvent
 
 	/**
 	 * Getter for the session ID after it was changed.
-	 *
 	 * @return the new session ID.
 	 */
 	public String getNewSessionId() {
 		return this.newSessionId;
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/authentication/session/SessionFixationProtectionStrategy.java b/web/src/main/java/org/springframework/security/web/authentication/session/SessionFixationProtectionStrategy.java
index 30794362b2..bb211a1094 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/session/SessionFixationProtectionStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/session/SessionFixationProtectionStrategy.java
@@ -55,8 +55,8 @@ import javax.servlet.http.HttpSession;
  * @author Luke Taylor
  * @since 3.0
  */
-public class SessionFixationProtectionStrategy extends
-		AbstractSessionFixationProtectionStrategy {
+public class SessionFixationProtectionStrategy extends AbstractSessionFixationProtectionStrategy {
+
 	/**
 	 * Indicates that the session attributes of an existing session should be migrated to
 	 * the new session. Defaults to <code>true</code>.
@@ -70,7 +70,6 @@ public class SessionFixationProtectionStrategy extends
 	 * <p>
 	 * You can override this method to control exactly what is transferred to the new
 	 * session.
-	 *
 	 * @param session the session from which the attributes should be extracted
 	 * @return the map of session attributes which should be transferred to the new
 	 * session
@@ -85,8 +84,7 @@ public class SessionFixationProtectionStrategy extends
 		String originalSessionId = session.getId();
 		if (logger.isDebugEnabled()) {
 			logger.debug("Invalidating session with Id '" + originalSessionId + "' "
-					+ (migrateSessionAttributes ? "and" : "without")
-					+ " migrating attributes.");
+					+ (migrateSessionAttributes ? "and" : "without") + " migrating attributes.");
 		}
 
 		Map<String, Object> attributesToMigrate = extractAttributes(session);
@@ -143,11 +141,11 @@ public class SessionFixationProtectionStrategy extends
 	 * <p>
 	 * Attributes used by Spring Security (to store cached requests, for example) will
 	 * still be retained by default, even if you set this value to {@code false}.
-	 *
 	 * @param migrateSessionAttributes whether the attributes from the session should be
 	 * transferred to the new, authenticated session.
 	 */
 	public void setMigrateSessionAttributes(boolean migrateSessionAttributes) {
 		this.migrateSessionAttributes = migrateSessionAttributes;
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/authentication/session/package-info.java b/web/src/main/java/org/springframework/security/web/authentication/session/package-info.java
index 69f86a817e..b68ddd1bce 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/session/package-info.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/session/package-info.java
@@ -14,7 +14,8 @@
  * limitations under the License.
  */
 /**
- * Strategy interface and implementations for handling session-related behaviour for a newly authenticated user.
+ * Strategy interface and implementations for handling session-related behaviour for a
+ * newly authenticated user.
  * <p>
  * Comes with support for:
  * <ul>
@@ -23,4 +24,3 @@
  * </ul>
  */
 package org.springframework.security.web.authentication.session;
-
diff --git a/web/src/main/java/org/springframework/security/web/authentication/switchuser/AuthenticationSwitchUserEvent.java b/web/src/main/java/org/springframework/security/web/authentication/switchuser/AuthenticationSwitchUserEvent.java
index 362a858d09..88da2fae68 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/switchuser/AuthenticationSwitchUserEvent.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/switchuser/AuthenticationSwitchUserEvent.java
@@ -26,6 +26,7 @@ import org.springframework.security.core.userdetails.UserDetails;
  * @author Mark St.Godard
  */
 public class AuthenticationSwitchUserEvent extends AbstractAuthenticationEvent {
+
 	// ~ Instance fields
 	// ================================================================================================
 
@@ -36,12 +37,10 @@ public class AuthenticationSwitchUserEvent extends AbstractAuthenticationEvent {
 
 	/**
 	 * Switch user context event constructor
-	 *
 	 * @param authentication The current <code>Authentication</code> object
 	 * @param targetUser The target user
 	 */
-	public AuthenticationSwitchUserEvent(Authentication authentication,
-			UserDetails targetUser) {
+	public AuthenticationSwitchUserEvent(Authentication authentication, UserDetails targetUser) {
 		super(authentication);
 		this.targetUser = targetUser;
 	}
@@ -52,4 +51,5 @@ public class AuthenticationSwitchUserEvent extends AbstractAuthenticationEvent {
 	public UserDetails getTargetUser() {
 		return targetUser;
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserAuthorityChanger.java b/web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserAuthorityChanger.java
index 530021a168..a3a37bb140 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserAuthorityChanger.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserAuthorityChanger.java
@@ -36,7 +36,6 @@ public interface SwitchUserAuthorityChanger {
 	/**
 	 * Allow subclasses to add or remove authorities that will be granted when in switch
 	 * user mode.
-	 *
 	 * @param targetUser the UserDetails representing the identity being switched to
 	 * @param currentAuthentication the current Authentication of the principal performing
 	 * the switching
@@ -44,10 +43,9 @@ public interface SwitchUserAuthorityChanger {
 	 * {@link org.springframework.security.core.GrantedAuthority} instances to be granted
 	 * to the user, excluding the special "switch user" authority that is used internally
 	 * (guaranteed never null)
-	 *
 	 * @return the modified list of granted authorities.
 	 */
-	Collection<? extends GrantedAuthority> modifyGrantedAuthorities(
-			UserDetails targetUser, Authentication currentAuthentication,
-			Collection<? extends GrantedAuthority> authoritiesToBeGranted);
+	Collection<? extends GrantedAuthority> modifyGrantedAuthorities(UserDetails targetUser,
+			Authentication currentAuthentication, Collection<? extends GrantedAuthority> authoritiesToBeGranted);
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilter.java b/web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilter.java
index 818e2490f5..cf9488cc55 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilter.java
@@ -104,33 +104,46 @@ import org.springframework.web.util.UrlPathHelper;
  * </pre>
  *
  * @author Mark St.Godard
- *
  * @see SwitchUserGrantedAuthority
  */
-public class SwitchUserFilter extends GenericFilterBean
-		implements ApplicationEventPublisherAware, MessageSourceAware {
+public class SwitchUserFilter extends GenericFilterBean implements ApplicationEventPublisherAware, MessageSourceAware {
+
 	// ~ Static fields/initializers
 	// =====================================================================================
 
 	public static final String SPRING_SECURITY_SWITCH_USERNAME_KEY = "username";
+
 	public static final String ROLE_PREVIOUS_ADMINISTRATOR = "ROLE_PREVIOUS_ADMINISTRATOR";
 
 	// ~ Instance fields
 	// ================================================================================================
 
 	private ApplicationEventPublisher eventPublisher;
+
 	private AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource = new WebAuthenticationDetailsSource();
+
 	protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
+
 	private RequestMatcher exitUserMatcher = createMatcher("/logout/impersonate");
+
 	private RequestMatcher switchUserMatcher = createMatcher("/login/impersonate");
+
 	private String targetUrl;
+
 	private String switchFailureUrl;
+
 	private String usernameParameter = SPRING_SECURITY_SWITCH_USERNAME_KEY;
+
 	private String switchAuthorityRole = ROLE_PREVIOUS_ADMINISTRATOR;
+
 	private SwitchUserAuthorityChanger switchUserAuthorityChanger;
+
 	private UserDetailsService userDetailsService;
+
 	private UserDetailsChecker userDetailsChecker = new AccountStatusUserDetailsChecker();
+
 	private AuthenticationSuccessHandler successHandler;
+
 	private AuthenticationFailureHandler failureHandler;
 
 	// ~ Methods
@@ -142,20 +155,16 @@ public class SwitchUserFilter extends GenericFilterBean
 		Assert.isTrue(this.successHandler != null || this.targetUrl != null,
 				"You must set either a successHandler or the targetUrl");
 		if (this.targetUrl != null) {
-			Assert.isNull(this.successHandler,
-					"You cannot set both successHandler and targetUrl");
-			this.successHandler = new SimpleUrlAuthenticationSuccessHandler(
-					this.targetUrl);
+			Assert.isNull(this.successHandler, "You cannot set both successHandler and targetUrl");
+			this.successHandler = new SimpleUrlAuthenticationSuccessHandler(this.targetUrl);
 		}
 
 		if (this.failureHandler == null) {
-			this.failureHandler = this.switchFailureUrl == null
-					? new SimpleUrlAuthenticationFailureHandler()
+			this.failureHandler = this.switchFailureUrl == null ? new SimpleUrlAuthenticationFailureHandler()
 					: new SimpleUrlAuthenticationFailureHandler(this.switchFailureUrl);
 		}
 		else {
-			Assert.isNull(this.switchFailureUrl,
-					"You cannot set both a switchFailureUrl and a failureHandler");
+			Assert.isNull(this.switchFailureUrl, "You cannot set both a switchFailureUrl and a failureHandler");
 		}
 	}
 
@@ -174,8 +183,7 @@ public class SwitchUserFilter extends GenericFilterBean
 				SecurityContextHolder.getContext().setAuthentication(targetUser);
 
 				// redirect to target url
-				this.successHandler.onAuthenticationSuccess(request, response,
-						targetUser);
+				this.successHandler.onAuthenticationSuccess(request, response, targetUser);
 			}
 			catch (AuthenticationException e) {
 				this.logger.debug("Switch User failed", e);
@@ -203,18 +211,15 @@ public class SwitchUserFilter extends GenericFilterBean
 	/**
 	 * Attempt to switch to another user. If the user does not exist or is not active,
 	 * return null.
-	 *
 	 * @return The new <code>Authentication</code> request if successfully switched to
 	 * another user, <code>null</code> otherwise.
-	 *
 	 * @throws UsernameNotFoundException If the target user is not found.
 	 * @throws LockedException if the account is locked.
 	 * @throws DisabledException If the target user is disabled.
 	 * @throws AccountExpiredException If the target user account is expired.
 	 * @throws CredentialsExpiredException If the target user credentials are expired.
 	 */
-	protected Authentication attemptSwitchUser(HttpServletRequest request)
-			throws AuthenticationException {
+	protected Authentication attemptSwitchUser(HttpServletRequest request) throws AuthenticationException {
 		UsernamePasswordAuthenticationToken targetUserRequest;
 
 		String username = request.getParameter(this.usernameParameter);
@@ -248,12 +253,9 @@ public class SwitchUserFilter extends GenericFilterBean
 
 	/**
 	 * Attempt to exit from an already switched user.
-	 *
 	 * @param request The http servlet request
-	 *
 	 * @return The original <code>Authentication</code> object or <code>null</code>
 	 * otherwise.
-	 *
 	 * @throws AuthenticationCredentialsNotFoundException If no
 	 * <code>Authentication</code> associated with this request.
 	 */
@@ -263,9 +265,8 @@ public class SwitchUserFilter extends GenericFilterBean
 		Authentication current = SecurityContextHolder.getContext().getAuthentication();
 
 		if (null == current) {
-			throw new AuthenticationCredentialsNotFoundException(
-					this.messages.getMessage("SwitchUserFilter.noCurrentUser",
-							"No current user associated with this request"));
+			throw new AuthenticationCredentialsNotFoundException(this.messages
+					.getMessage("SwitchUserFilter.noCurrentUser", "No current user associated with this request"));
 		}
 
 		// check to see if the current user did actual switch to another user
@@ -274,9 +275,8 @@ public class SwitchUserFilter extends GenericFilterBean
 
 		if (original == null) {
 			this.logger.debug("Could not find original user Authentication object!");
-			throw new AuthenticationCredentialsNotFoundException(
-					this.messages.getMessage("SwitchUserFilter.noOriginalAuthentication",
-							"Could not find original Authentication object"));
+			throw new AuthenticationCredentialsNotFoundException(this.messages.getMessage(
+					"SwitchUserFilter.noOriginalAuthentication", "Could not find original Authentication object"));
 		}
 
 		// get the source user details
@@ -289,8 +289,7 @@ public class SwitchUserFilter extends GenericFilterBean
 
 		// publish event
 		if (this.eventPublisher != null) {
-			this.eventPublisher.publishEvent(
-					new AuthenticationSwitchUserEvent(current, originalUser));
+			this.eventPublisher.publishEvent(new AuthenticationSwitchUserEvent(current, originalUser));
 		}
 
 		return original;
@@ -299,16 +298,14 @@ public class SwitchUserFilter extends GenericFilterBean
 	/**
 	 * Create a switch user token that contains an additional <tt>GrantedAuthority</tt>
 	 * that contains the original <code>Authentication</code> object.
-	 *
 	 * @param request The http servlet request.
 	 * @param targetUser The target user
-	 *
 	 * @return The authentication token
 	 *
 	 * @see SwitchUserGrantedAuthority
 	 */
-	private UsernamePasswordAuthenticationToken createSwitchUserToken(
-			HttpServletRequest request, UserDetails targetUser) {
+	private UsernamePasswordAuthenticationToken createSwitchUserToken(HttpServletRequest request,
+			UserDetails targetUser) {
 
 		UsernamePasswordAuthenticationToken targetUserRequest;
 
@@ -325,16 +322,14 @@ public class SwitchUserFilter extends GenericFilterBean
 			currentAuth = SecurityContextHolder.getContext().getAuthentication();
 		}
 
-		GrantedAuthority switchAuthority = new SwitchUserGrantedAuthority(
-				this.switchAuthorityRole, currentAuth);
+		GrantedAuthority switchAuthority = new SwitchUserGrantedAuthority(this.switchAuthorityRole, currentAuth);
 
 		// get the original authorities
 		Collection<? extends GrantedAuthority> orig = targetUser.getAuthorities();
 
 		// Allow subclasses to change the authorities to be granted
 		if (this.switchUserAuthorityChanger != null) {
-			orig = this.switchUserAuthorityChanger.modifyGrantedAuthorities(targetUser,
-					currentAuth, orig);
+			orig = this.switchUserAuthorityChanger.modifyGrantedAuthorities(targetUser, currentAuth, orig);
 		}
 
 		// add the new switch user authority
@@ -342,12 +337,10 @@ public class SwitchUserFilter extends GenericFilterBean
 		newAuths.add(switchAuthority);
 
 		// create the new authentication token
-		targetUserRequest = new UsernamePasswordAuthenticationToken(targetUser,
-				targetUser.getPassword(), newAuths);
+		targetUserRequest = new UsernamePasswordAuthenticationToken(targetUser, targetUser.getPassword(), newAuths);
 
 		// set details
-		targetUserRequest
-				.setDetails(this.authenticationDetailsSource.buildDetails(request));
+		targetUserRequest.setDetails(this.authenticationDetailsSource.buildDetails(request));
 
 		return targetUserRequest;
 	}
@@ -357,9 +350,7 @@ public class SwitchUserFilter extends GenericFilterBean
 	 * granted authorities. A successfully switched user should have a
 	 * <code>SwitchUserGrantedAuthority</code> that contains the original source user
 	 * <code>Authentication</code> object.
-	 *
 	 * @param current The current <code>Authentication</code> object
-	 *
 	 * @return The source user <code>Authentication</code> object or <code>null</code>
 	 * otherwise.
 	 */
@@ -373,8 +364,7 @@ public class SwitchUserFilter extends GenericFilterBean
 			// check for switch user type of authority
 			if (auth instanceof SwitchUserGrantedAuthority) {
 				original = ((SwitchUserGrantedAuthority) auth).getSource();
-				this.logger.debug("Found original switch user granted authority ["
-						+ original + "]");
+				this.logger.debug("Found original switch user granted authority [" + original + "]");
 			}
 		}
 
@@ -383,9 +373,7 @@ public class SwitchUserFilter extends GenericFilterBean
 
 	/**
 	 * Checks the request URI for the presence of <tt>exitUserUrl</tt>.
-	 *
 	 * @param request The http servlet request
-	 *
 	 * @return <code>true</code> if the request requires a exit user, <code>false</code>
 	 * otherwise.
 	 *
@@ -397,9 +385,7 @@ public class SwitchUserFilter extends GenericFilterBean
 
 	/**
 	 * Checks the request URI for the presence of <tt>switchUserUrl</tt>.
-	 *
 	 * @param request The http servlet request
-	 *
 	 * @return <code>true</code> if the request requires a switch, <code>false</code>
 	 * otherwise.
 	 *
@@ -409,15 +395,13 @@ public class SwitchUserFilter extends GenericFilterBean
 		return this.switchUserMatcher.matches(request);
 	}
 
-	public void setApplicationEventPublisher(ApplicationEventPublisher eventPublisher)
-			throws BeansException {
+	public void setApplicationEventPublisher(ApplicationEventPublisher eventPublisher) throws BeansException {
 		this.eventPublisher = eventPublisher;
 	}
 
 	public void setAuthenticationDetailsSource(
 			AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource) {
-		Assert.notNull(authenticationDetailsSource,
-				"AuthenticationDetailsSource required");
+		Assert.notNull(authenticationDetailsSource, "AuthenticationDetailsSource required");
 		this.authenticationDetailsSource = authenticationDetailsSource;
 	}
 
@@ -428,7 +412,6 @@ public class SwitchUserFilter extends GenericFilterBean
 
 	/**
 	 * Sets the authentication data access object.
-	 *
 	 * @param userDetailsService The <tt>UserDetailService</tt> which will be used to load
 	 * information for the user that is being switched to.
 	 */
@@ -439,7 +422,6 @@ public class SwitchUserFilter extends GenericFilterBean
 	/**
 	 * Set the URL to respond to exit user processing. This is a shortcut for
 	 * {@link #setExitUserMatcher(RequestMatcher)}.
-	 *
 	 * @param exitUserUrl The exit user URL.
 	 */
 	public void setExitUserUrl(String exitUserUrl) {
@@ -450,7 +432,6 @@ public class SwitchUserFilter extends GenericFilterBean
 
 	/**
 	 * Set the matcher to respond to exit user processing.
-	 *
 	 * @param exitUserMatcher The exit matcher to use.
 	 */
 	public void setExitUserMatcher(RequestMatcher exitUserMatcher) {
@@ -461,7 +442,6 @@ public class SwitchUserFilter extends GenericFilterBean
 	/**
 	 * Set the URL to respond to switch user processing. This is a shortcut for
 	 * {@link #setSwitchUserMatcher(RequestMatcher)}
-	 *
 	 * @param switchUserUrl The switch user URL.
 	 */
 	public void setSwitchUserUrl(String switchUserUrl) {
@@ -472,7 +452,6 @@ public class SwitchUserFilter extends GenericFilterBean
 
 	/**
 	 * Set the matcher to respond to switch user processing.
-	 *
 	 * @param switchUserMatcher The switch user matcher.
 	 */
 	public void setSwitchUserMatcher(RequestMatcher switchUserMatcher) {
@@ -484,7 +463,6 @@ public class SwitchUserFilter extends GenericFilterBean
 	 * Sets the URL to go to after a successful switch / exit user request. Use
 	 * {@link #setSuccessHandler(AuthenticationSuccessHandler) setSuccessHandler} instead
 	 * if you need more customized behaviour.
-	 *
 	 * @param targetUrl The target url.
 	 */
 	public void setTargetUrl(String targetUrl) {
@@ -510,12 +488,10 @@ public class SwitchUserFilter extends GenericFilterBean
 	 * <p>
 	 * Use {@link #setFailureHandler(AuthenticationFailureHandler) failureHandler} instead
 	 * if you need more customized behaviour.
-	 *
 	 * @param switchFailureUrl the url to redirect to.
 	 */
 	public void setSwitchFailureUrl(String switchFailureUrl) {
-		Assert.isTrue(UrlUtils.isValidRedirectUrl(switchFailureUrl),
-				"switchFailureUrl must be a valid redirect URL");
+		Assert.isTrue(UrlUtils.isValidRedirectUrl(switchFailureUrl), "switchFailureUrl must be a valid redirect URL");
 		this.switchFailureUrl = switchFailureUrl;
 	}
 
@@ -533,17 +509,15 @@ public class SwitchUserFilter extends GenericFilterBean
 	 * @param switchUserAuthorityChanger to use to fine-tune the authorities granted to
 	 * subclasses (may be null if SwitchUserFilter should not fine-tune the authorities)
 	 */
-	public void setSwitchUserAuthorityChanger(
-			SwitchUserAuthorityChanger switchUserAuthorityChanger) {
+	public void setSwitchUserAuthorityChanger(SwitchUserAuthorityChanger switchUserAuthorityChanger) {
 		this.switchUserAuthorityChanger = switchUserAuthorityChanger;
 	}
 
 	/**
-	 * Sets the {@link UserDetailsChecker} that is called on the target user
-	 * whenever the user is switched.
-	 *
-	 * @param userDetailsChecker the {@link UserDetailsChecker} that checks the
-	 * status of the user that is being switched to. Defaults to
+	 * Sets the {@link UserDetailsChecker} that is called on the target user whenever the
+	 * user is switched.
+	 * @param userDetailsChecker the {@link UserDetailsChecker} that checks the status of
+	 * the user that is being switched to. Defaults to
 	 * {@link AccountStatusUserDetailsChecker}.
 	 */
 	public void setUserDetailsChecker(UserDetailsChecker userDetailsChecker) {
@@ -552,7 +526,6 @@ public class SwitchUserFilter extends GenericFilterBean
 
 	/**
 	 * Allows the parameter containing the username to be customized.
-	 *
 	 * @param usernameParameter the parameter name. Defaults to {@code username}
 	 */
 	public void setUsernameParameter(String usernameParameter) {
@@ -561,7 +534,6 @@ public class SwitchUserFilter extends GenericFilterBean
 
 	/**
 	 * Allows the role of the switchAuthority to be customized.
-	 *
 	 * @param switchAuthorityRole the role name. Defaults to
 	 * {@link #ROLE_PREVIOUS_ADMINISTRATOR}
 	 */
@@ -573,4 +545,5 @@ public class SwitchUserFilter extends GenericFilterBean
 	private static RequestMatcher createMatcher(String pattern) {
 		return new AntPathRequestMatcher(pattern, "POST", true, new UrlPathHelper());
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserGrantedAuthority.java b/web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserGrantedAuthority.java
index ff584ac534..59e8f14238 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserGrantedAuthority.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserGrantedAuthority.java
@@ -29,7 +29,6 @@ import org.springframework.util.Assert;
  * 'exiting' from a user switch.
  *
  * @author Mark St.Godard
- *
  * @see org.springframework.security.web.authentication.switchuser.SwitchUserFilter
  */
 public final class SwitchUserGrantedAuthority implements GrantedAuthority {
@@ -39,6 +38,7 @@ public final class SwitchUserGrantedAuthority implements GrantedAuthority {
 	// ~ Instance fields
 	// ================================================================================================
 	private final String role;
+
 	private final Authentication source;
 
 	// ~ Constructors
@@ -56,7 +56,6 @@ public final class SwitchUserGrantedAuthority implements GrantedAuthority {
 
 	/**
 	 * Returns the original user associated with a successful user switch.
-	 *
 	 * @return The original <code>Authentication</code> object of the switched user.
 	 */
 	public Authentication getSource() {
@@ -93,4 +92,5 @@ public final class SwitchUserGrantedAuthority implements GrantedAuthority {
 	public String toString() {
 		return "Switch User Authority [" + role + "," + source + "]";
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/authentication/switchuser/package-info.java b/web/src/main/java/org/springframework/security/web/authentication/switchuser/package-info.java
index 2762e68d69..e54d53267a 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/switchuser/package-info.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/switchuser/package-info.java
@@ -17,4 +17,3 @@
  * Provides HTTP-based "switch user" (su) capabilities.
  */
 package org.springframework.security.web.authentication.switchuser;
-
diff --git a/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLoginPageGeneratingFilter.java b/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLoginPageGeneratingFilter.java
index 0f12fb0875..ec061e849a 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLoginPageGeneratingFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLoginPageGeneratingFilter.java
@@ -48,27 +48,44 @@ import javax.servlet.http.HttpSession;
  * @since 2.0
  */
 public class DefaultLoginPageGeneratingFilter extends GenericFilterBean {
-	public static final String DEFAULT_LOGIN_PAGE_URL = "/login";
-	public static final String ERROR_PARAMETER_NAME = "error";
-	private String loginPageUrl;
-	private String logoutSuccessUrl;
-	private String failureUrl;
-	private boolean formLoginEnabled;
-	private boolean openIdEnabled;
-	private boolean oauth2LoginEnabled;
-	private boolean saml2LoginEnabled;
-	private String authenticationUrl;
-	private String usernameParameter;
-	private String passwordParameter;
-	private String rememberMeParameter;
-	private String openIDauthenticationUrl;
-	private String openIDusernameParameter;
-	private String openIDrememberMeParameter;
-	private Map<String, String> oauth2AuthenticationUrlToClientName;
-	private Map<String, String> saml2AuthenticationUrlToProviderName;
-	private Function<HttpServletRequest, Map<String, String>> resolveHiddenInputs = request -> Collections
-		.emptyMap();
 
+	public static final String DEFAULT_LOGIN_PAGE_URL = "/login";
+
+	public static final String ERROR_PARAMETER_NAME = "error";
+
+	private String loginPageUrl;
+
+	private String logoutSuccessUrl;
+
+	private String failureUrl;
+
+	private boolean formLoginEnabled;
+
+	private boolean openIdEnabled;
+
+	private boolean oauth2LoginEnabled;
+
+	private boolean saml2LoginEnabled;
+
+	private String authenticationUrl;
+
+	private String usernameParameter;
+
+	private String passwordParameter;
+
+	private String rememberMeParameter;
+
+	private String openIDauthenticationUrl;
+
+	private String openIDusernameParameter;
+
+	private String openIDrememberMeParameter;
+
+	private Map<String, String> oauth2AuthenticationUrlToClientName;
+
+	private Map<String, String> saml2AuthenticationUrlToProviderName;
+
+	private Function<HttpServletRequest, Map<String, String>> resolveHiddenInputs = request -> Collections.emptyMap();
 
 	public DefaultLoginPageGeneratingFilter() {
 	}
@@ -82,8 +99,7 @@ public class DefaultLoginPageGeneratingFilter extends GenericFilterBean {
 		}
 	}
 
-	public DefaultLoginPageGeneratingFilter(
-			UsernamePasswordAuthenticationFilter authFilter,
+	public DefaultLoginPageGeneratingFilter(UsernamePasswordAuthenticationFilter authFilter,
 			AbstractAuthenticationProcessingFilter openIDFilter) {
 		init(authFilter, openIDFilter);
 	}
@@ -99,8 +115,7 @@ public class DefaultLoginPageGeneratingFilter extends GenericFilterBean {
 			passwordParameter = authFilter.getPasswordParameter();
 
 			if (authFilter.getRememberMeServices() instanceof AbstractRememberMeServices) {
-				rememberMeParameter = ((AbstractRememberMeServices) authFilter
-						.getRememberMeServices()).getParameter();
+				rememberMeParameter = ((AbstractRememberMeServices) authFilter.getRememberMeServices()).getParameter();
 			}
 		}
 
@@ -109,8 +124,8 @@ public class DefaultLoginPageGeneratingFilter extends GenericFilterBean {
 			openIDusernameParameter = "openid_identifier";
 
 			if (openIDFilter.getRememberMeServices() instanceof AbstractRememberMeServices) {
-				openIDrememberMeParameter = ((AbstractRememberMeServices) openIDFilter
-						.getRememberMeServices()).getParameter();
+				openIDrememberMeParameter = ((AbstractRememberMeServices) openIDFilter.getRememberMeServices())
+						.getParameter();
 			}
 		}
 	}
@@ -121,8 +136,7 @@ public class DefaultLoginPageGeneratingFilter extends GenericFilterBean {
 	 * to resolve the CSRF token.
 	 * @param resolveHiddenInputs the function to resolve the inputs
 	 */
-	public void setResolveHiddenInputs(
-		Function<HttpServletRequest, Map<String, String>> resolveHiddenInputs) {
+	public void setResolveHiddenInputs(Function<HttpServletRequest, Map<String, String>> resolveHiddenInputs) {
 		Assert.notNull(resolveHiddenInputs, "resolveHiddenInputs cannot be null");
 		this.resolveHiddenInputs = resolveHiddenInputs;
 	}
@@ -204,8 +218,7 @@ public class DefaultLoginPageGeneratingFilter extends GenericFilterBean {
 		boolean loginError = isErrorPage(request);
 		boolean logoutSuccess = isLogoutSuccess(request);
 		if (isLoginUrlRequest(request) || loginError || logoutSuccess) {
-			String loginPageHtml = generateLoginPageHtml(request, loginError,
-					logoutSuccess);
+			String loginPageHtml = generateLoginPageHtml(request, loginError, logoutSuccess);
 			response.setContentType("text/html;charset=UTF-8");
 			response.setContentLength(loginPageHtml.getBytes(StandardCharsets.UTF_8).length);
 			response.getWriter().write(loginPageHtml);
@@ -216,8 +229,7 @@ public class DefaultLoginPageGeneratingFilter extends GenericFilterBean {
 		chain.doFilter(request, response);
 	}
 
-	private String generateLoginPageHtml(HttpServletRequest request, boolean loginError,
-			boolean logoutSuccess) {
+	private String generateLoginPageHtml(HttpServletRequest request, boolean loginError, boolean logoutSuccess) {
 		String errorMsg = "Invalid credentials";
 
 		if (loginError) {
@@ -232,51 +244,40 @@ public class DefaultLoginPageGeneratingFilter extends GenericFilterBean {
 
 		StringBuilder sb = new StringBuilder();
 
-		sb.append("<!DOCTYPE html>\n"
-				+ "<html lang=\"en\">\n"
-				+ "  <head>\n"
-				+ "    <meta charset=\"utf-8\">\n"
+		sb.append("<!DOCTYPE html>\n" + "<html lang=\"en\">\n" + "  <head>\n" + "    <meta charset=\"utf-8\">\n"
 				+ "    <meta name=\"viewport\" content=\"width=device-width, initial-scale=1, shrink-to-fit=no\">\n"
-				+ "    <meta name=\"description\" content=\"\">\n"
-				+ "    <meta name=\"author\" content=\"\">\n"
+				+ "    <meta name=\"description\" content=\"\">\n" + "    <meta name=\"author\" content=\"\">\n"
 				+ "    <title>Please sign in</title>\n"
 				+ "    <link href=\"https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-/Y6pD6FV/Vv2HJnA6t+vslU6fwYXjCFtcEpHbNJ0lyAFsXTsjBbfaDjzALeQsN6M\" crossorigin=\"anonymous\">\n"
 				+ "    <link href=\"https://getbootstrap.com/docs/4.0/examples/signin/signin.css\" rel=\"stylesheet\" crossorigin=\"anonymous\"/>\n"
-				+ "  </head>\n"
-				+ "  <body>\n"
-				+ "     <div class=\"container\">\n");
+				+ "  </head>\n" + "  <body>\n" + "     <div class=\"container\">\n");
 
 		String contextPath = request.getContextPath();
 		if (this.formLoginEnabled) {
-			sb.append("      <form class=\"form-signin\" method=\"post\" action=\"" + contextPath + this.authenticationUrl + "\">\n"
+			sb.append("      <form class=\"form-signin\" method=\"post\" action=\"" + contextPath
+					+ this.authenticationUrl + "\">\n"
 					+ "        <h2 class=\"form-signin-heading\">Please sign in</h2>\n"
-					+ createError(loginError, errorMsg)
-					+ createLogoutSuccess(logoutSuccess)
-					+ "        <p>\n"
+					+ createError(loginError, errorMsg) + createLogoutSuccess(logoutSuccess) + "        <p>\n"
 					+ "          <label for=\"username\" class=\"sr-only\">Username</label>\n"
-					+ "          <input type=\"text\" id=\"username\" name=\"" + this.usernameParameter + "\" class=\"form-control\" placeholder=\"Username\" required autofocus>\n"
-					+ "        </p>\n"
-					+ "        <p>\n"
-					+ "          <label for=\"password\" class=\"sr-only\">Password</label>\n"
-					+ "          <input type=\"password\" id=\"password\" name=\"" + this.passwordParameter + "\" class=\"form-control\" placeholder=\"Password\" required>\n"
-					+ "        </p>\n"
-					+ createRememberMe(this.rememberMeParameter)
-					+ renderHiddenInputs(request)
+					+ "          <input type=\"text\" id=\"username\" name=\"" + this.usernameParameter
+					+ "\" class=\"form-control\" placeholder=\"Username\" required autofocus>\n" + "        </p>\n"
+					+ "        <p>\n" + "          <label for=\"password\" class=\"sr-only\">Password</label>\n"
+					+ "          <input type=\"password\" id=\"password\" name=\"" + this.passwordParameter
+					+ "\" class=\"form-control\" placeholder=\"Password\" required>\n" + "        </p>\n"
+					+ createRememberMe(this.rememberMeParameter) + renderHiddenInputs(request)
 					+ "        <button class=\"btn btn-lg btn-primary btn-block\" type=\"submit\">Sign in</button>\n"
 					+ "      </form>\n");
 		}
 
 		if (openIdEnabled) {
-			sb.append("      <form name=\"oidf\" class=\"form-signin\" method=\"post\" action=\"" + contextPath + this.openIDauthenticationUrl + "\">\n"
+			sb.append("      <form name=\"oidf\" class=\"form-signin\" method=\"post\" action=\"" + contextPath
+					+ this.openIDauthenticationUrl + "\">\n"
 					+ "        <h2 class=\"form-signin-heading\">Login with OpenID Identity</h2>\n"
-					+ createError(loginError, errorMsg)
-					+ createLogoutSuccess(logoutSuccess)
-					+ "        <p>\n"
+					+ createError(loginError, errorMsg) + createLogoutSuccess(logoutSuccess) + "        <p>\n"
 					+ "          <label for=\"username\" class=\"sr-only\">Identity</label>\n"
-					+ "          <input type=\"text\" id=\"username\" name=\"" + this.openIDusernameParameter + "\" class=\"form-control\" placeholder=\"Username\" required autofocus>\n"
-					+ "        </p>\n"
-					+ createRememberMe(this.openIDrememberMeParameter)
-					+ renderHiddenInputs(request)
+					+ "          <input type=\"text\" id=\"username\" name=\"" + this.openIDusernameParameter
+					+ "\" class=\"form-control\" placeholder=\"Username\" required autofocus>\n" + "        </p>\n"
+					+ createRememberMe(this.openIDrememberMeParameter) + renderHiddenInputs(request)
 					+ "        <button class=\"btn btn-lg btn-primary btn-block\" type=\"submit\">Sign in</button>\n"
 					+ "      </form>\n");
 		}
@@ -286,7 +287,8 @@ public class DefaultLoginPageGeneratingFilter extends GenericFilterBean {
 			sb.append(createError(loginError, errorMsg));
 			sb.append(createLogoutSuccess(logoutSuccess));
 			sb.append("<table class=\"table table-striped\">\n");
-			for (Map.Entry<String, String> clientAuthenticationUrlToClientName : oauth2AuthenticationUrlToClientName.entrySet()) {
+			for (Map.Entry<String, String> clientAuthenticationUrlToClientName : oauth2AuthenticationUrlToClientName
+					.entrySet()) {
 				sb.append(" <tr><td>");
 				String url = clientAuthenticationUrlToClientName.getKey();
 				sb.append("<a href=\"").append(contextPath).append(url).append("\">");
@@ -323,7 +325,8 @@ public class DefaultLoginPageGeneratingFilter extends GenericFilterBean {
 	private String renderHiddenInputs(HttpServletRequest request) {
 		StringBuilder sb = new StringBuilder();
 		for (Map.Entry<String, String> input : this.resolveHiddenInputs.apply(request).entrySet()) {
-			sb.append("<input name=\"").append(input.getKey()).append("\" type=\"hidden\" value=\"").append(input.getValue()).append("\" />\n");
+			sb.append("<input name=\"").append(input.getKey()).append("\" type=\"hidden\" value=\"")
+					.append(input.getValue()).append("\" />\n");
 		}
 		return sb.toString();
 	}
@@ -332,9 +335,7 @@ public class DefaultLoginPageGeneratingFilter extends GenericFilterBean {
 		if (paramName == null) {
 			return "";
 		}
-		return "<p><input type='checkbox' name='"
-				+ paramName
-				+ "'/> Remember me on this computer.</p>\n";
+		return "<p><input type='checkbox' name='" + paramName + "'/> Remember me on this computer.</p>\n";
 	}
 
 	private boolean isLogoutSuccess(HttpServletRequest request) {
@@ -350,11 +351,13 @@ public class DefaultLoginPageGeneratingFilter extends GenericFilterBean {
 	}
 
 	private static String createError(boolean isError, String message) {
-		return isError ? "<div class=\"alert alert-danger\" role=\"alert\">" + HtmlUtils.htmlEscape(message) + "</div>" : "";
+		return isError ? "<div class=\"alert alert-danger\" role=\"alert\">" + HtmlUtils.htmlEscape(message) + "</div>"
+				: "";
 	}
 
 	private static String createLogoutSuccess(boolean isLogoutSuccess) {
-		return isLogoutSuccess ? "<div class=\"alert alert-success\" role=\"alert\">You have been signed out</div>" : "";
+		return isLogoutSuccess ? "<div class=\"alert alert-success\" role=\"alert\">You have been signed out</div>"
+				: "";
 	}
 
 	private boolean matches(HttpServletRequest request, String url) {
@@ -379,4 +382,5 @@ public class DefaultLoginPageGeneratingFilter extends GenericFilterBean {
 
 		return uri.equals(request.getContextPath() + url);
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLogoutPageGeneratingFilter.java b/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLogoutPageGeneratingFilter.java
index 031b1dfc0c..d46747b821 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLogoutPageGeneratingFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLogoutPageGeneratingFilter.java
@@ -37,45 +37,35 @@ import java.util.function.Function;
  * @since 5.1
  */
 public class DefaultLogoutPageGeneratingFilter extends OncePerRequestFilter {
+
 	private RequestMatcher matcher = new AntPathRequestMatcher("/logout", "GET");
 
-	private Function<HttpServletRequest, Map<String, String>> resolveHiddenInputs = request -> Collections
-			.emptyMap();
+	private Function<HttpServletRequest, Map<String, String>> resolveHiddenInputs = request -> Collections.emptyMap();
 
 	@Override
-	protected void doFilterInternal(HttpServletRequest request,
-			HttpServletResponse response, FilterChain filterChain)
+	protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
 			throws ServletException, IOException {
 		if (this.matcher.matches(request)) {
 			renderLogout(request, response);
-		} else {
+		}
+		else {
 			filterChain.doFilter(request, response);
 		}
 	}
 
-	private void renderLogout(HttpServletRequest request, HttpServletResponse response)
-			throws IOException {
-		String page =  "<!DOCTYPE html>\n"
-				+ "<html lang=\"en\">\n"
-				+ "  <head>\n"
-				+ "    <meta charset=\"utf-8\">\n"
+	private void renderLogout(HttpServletRequest request, HttpServletResponse response) throws IOException {
+		String page = "<!DOCTYPE html>\n" + "<html lang=\"en\">\n" + "  <head>\n" + "    <meta charset=\"utf-8\">\n"
 				+ "    <meta name=\"viewport\" content=\"width=device-width, initial-scale=1, shrink-to-fit=no\">\n"
-				+ "    <meta name=\"description\" content=\"\">\n"
-				+ "    <meta name=\"author\" content=\"\">\n"
+				+ "    <meta name=\"description\" content=\"\">\n" + "    <meta name=\"author\" content=\"\">\n"
 				+ "    <title>Confirm Log Out?</title>\n"
 				+ "    <link href=\"https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-/Y6pD6FV/Vv2HJnA6t+vslU6fwYXjCFtcEpHbNJ0lyAFsXTsjBbfaDjzALeQsN6M\" crossorigin=\"anonymous\">\n"
 				+ "    <link href=\"https://getbootstrap.com/docs/4.0/examples/signin/signin.css\" rel=\"stylesheet\" crossorigin=\"anonymous\"/>\n"
-				+ "  </head>\n"
-				+ "  <body>\n"
-				+ "     <div class=\"container\">\n"
-				+ "      <form class=\"form-signin\" method=\"post\" action=\"" + request.getContextPath() + "/logout\">\n"
-				+ "        <h2 class=\"form-signin-heading\">Are you sure you want to log out?</h2>\n"
+				+ "  </head>\n" + "  <body>\n" + "     <div class=\"container\">\n"
+				+ "      <form class=\"form-signin\" method=\"post\" action=\"" + request.getContextPath()
+				+ "/logout\">\n" + "        <h2 class=\"form-signin-heading\">Are you sure you want to log out?</h2>\n"
 				+ renderHiddenInputs(request)
 				+ "        <button class=\"btn btn-lg btn-primary btn-block\" type=\"submit\">Log Out</button>\n"
-				+ "      </form>\n"
-				+ "    </div>\n"
-				+ "  </body>\n"
-				+ "</html>";
+				+ "      </form>\n" + "    </div>\n" + "  </body>\n" + "</html>";
 
 		response.setContentType("text/html;charset=UTF-8");
 		response.getWriter().write(page);
@@ -87,8 +77,7 @@ public class DefaultLogoutPageGeneratingFilter extends OncePerRequestFilter {
 	 * to resolve the CSRF token.
 	 * @param resolveHiddenInputs the function to resolve the inputs
 	 */
-	public void setResolveHiddenInputs(
-			Function<HttpServletRequest, Map<String, String>> resolveHiddenInputs) {
+	public void setResolveHiddenInputs(Function<HttpServletRequest, Map<String, String>> resolveHiddenInputs) {
 		Assert.notNull(resolveHiddenInputs, "resolveHiddenInputs cannot be null");
 		this.resolveHiddenInputs = resolveHiddenInputs;
 	}
@@ -96,8 +85,10 @@ public class DefaultLogoutPageGeneratingFilter extends OncePerRequestFilter {
 	private String renderHiddenInputs(HttpServletRequest request) {
 		StringBuilder sb = new StringBuilder();
 		for (Map.Entry<String, String> input : this.resolveHiddenInputs.apply(request).entrySet()) {
-			sb.append("<input name=\"").append(input.getKey()).append("\" type=\"hidden\" value=\"").append(input.getValue()).append("\" />\n");
+			sb.append("<input name=\"").append(input.getKey()).append("\" type=\"hidden\" value=\"")
+					.append(input.getValue()).append("\" />\n");
 		}
 		return sb.toString();
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/authentication/ui/package-info.java b/web/src/main/java/org/springframework/security/web/authentication/ui/package-info.java
index 122c9c6f67..356932b8ae 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/ui/package-info.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/ui/package-info.java
@@ -14,8 +14,8 @@
  * limitations under the License.
  */
 /**
- * Authentication user-interface rendering code. Used to conveniently create an appropriate login page when using namespace
- * configuration without defining a login page URL.
+ * Authentication user-interface rendering code. Used to conveniently create an
+ * appropriate login page when using namespace configuration without defining a login page
+ * URL.
  */
 package org.springframework.security.web.authentication.ui;
-
diff --git a/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationConverter.java b/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationConverter.java
index 3bac82ef10..835fe37490 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationConverter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationConverter.java
@@ -32,10 +32,9 @@ import org.springframework.util.Assert;
 import org.springframework.util.StringUtils;
 
 /**
- * Converts from a HttpServletRequest to
- * {@link UsernamePasswordAuthenticationToken} that can be authenticated. Null
- * authentication possible if there was no Authorization header with Basic
- * authentication scheme.
+ * Converts from a HttpServletRequest to {@link UsernamePasswordAuthenticationToken} that
+ * can be authenticated. Null authentication possible if there was no Authorization header
+ * with Basic authentication scheme.
  *
  * @author Sergey Bespalov
  * @since 5.2.0
@@ -97,8 +96,7 @@ public class BasicAuthenticationConverter implements AuthenticationConverter {
 			decoded = Base64.getDecoder().decode(base64Token);
 		}
 		catch (IllegalArgumentException e) {
-			throw new BadCredentialsException(
-					"Failed to decode basic authentication token");
+			throw new BadCredentialsException("Failed to decode basic authentication token");
 		}
 
 		String token = new String(decoded, getCredentialsCharset(request));
@@ -108,7 +106,8 @@ public class BasicAuthenticationConverter implements AuthenticationConverter {
 		if (delim == -1) {
 			throw new BadCredentialsException("Invalid basic authentication token");
 		}
-		UsernamePasswordAuthenticationToken result  = new UsernamePasswordAuthenticationToken(token.substring(0, delim), token.substring(delim + 1));
+		UsernamePasswordAuthenticationToken result = new UsernamePasswordAuthenticationToken(token.substring(0, delim),
+				token.substring(delim + 1));
 		result.setDetails(this.authenticationDetailsSource.buildDetails(request));
 		return result;
 	}
diff --git a/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationEntryPoint.java b/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationEntryPoint.java
index 2aba40e9f6..5b66e00417 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationEntryPoint.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationEntryPoint.java
@@ -40,8 +40,8 @@ import org.springframework.util.Assert;
  *
  * @author Ben Alex
  */
-public class BasicAuthenticationEntryPoint implements AuthenticationEntryPoint,
-		InitializingBean {
+public class BasicAuthenticationEntryPoint implements AuthenticationEntryPoint, InitializingBean {
+
 	// ~ Instance fields
 	// ================================================================================================
 
diff --git a/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilter.java b/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilter.java
index 188de6ef64..da0d342975 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilter.java
@@ -93,17 +93,21 @@ public class BasicAuthenticationFilter extends OncePerRequestFilter {
 	// ================================================================================================
 
 	private AuthenticationEntryPoint authenticationEntryPoint;
+
 	private AuthenticationManager authenticationManager;
+
 	private RememberMeServices rememberMeServices = new NullRememberMeServices();
+
 	private boolean ignoreFailure = false;
+
 	private String credentialsCharset = "UTF-8";
+
 	private BasicAuthenticationConverter authenticationConverter = new BasicAuthenticationConverter();
 
 	/**
 	 * Creates an instance which will authenticate against the supplied
 	 * {@code AuthenticationManager} and which will ignore failed authentication attempts,
 	 * allowing the request to proceed down the filter chain.
-	 *
 	 * @param authenticationManager the bean to submit authentication requests to
 	 */
 	public BasicAuthenticationFilter(AuthenticationManager authenticationManager) {
@@ -116,7 +120,6 @@ public class BasicAuthenticationFilter extends OncePerRequestFilter {
 	 * Creates an instance which will authenticate against the supplied
 	 * {@code AuthenticationManager} and use the supplied {@code AuthenticationEntryPoint}
 	 * to handle authentication failures.
-	 *
 	 * @param authenticationManager the bean to submit authentication requests to
 	 * @param authenticationEntryPoint will be invoked when authentication fails.
 	 * Typically an instance of {@link BasicAuthenticationEntryPoint}.
@@ -124,8 +127,7 @@ public class BasicAuthenticationFilter extends OncePerRequestFilter {
 	public BasicAuthenticationFilter(AuthenticationManager authenticationManager,
 			AuthenticationEntryPoint authenticationEntryPoint) {
 		Assert.notNull(authenticationManager, "authenticationManager cannot be null");
-		Assert.notNull(authenticationEntryPoint,
-				"authenticationEntryPoint cannot be null");
+		Assert.notNull(authenticationEntryPoint, "authenticationEntryPoint cannot be null");
 		this.authenticationManager = authenticationManager;
 		this.authenticationEntryPoint = authenticationEntryPoint;
 	}
@@ -135,19 +137,16 @@ public class BasicAuthenticationFilter extends OncePerRequestFilter {
 
 	@Override
 	public void afterPropertiesSet() {
-		Assert.notNull(this.authenticationManager,
-				"An AuthenticationManager is required");
+		Assert.notNull(this.authenticationManager, "An AuthenticationManager is required");
 
 		if (!isIgnoreFailure()) {
-			Assert.notNull(this.authenticationEntryPoint,
-					"An AuthenticationEntryPoint is required");
+			Assert.notNull(this.authenticationEntryPoint, "An AuthenticationEntryPoint is required");
 		}
 	}
 
 	@Override
-	protected void doFilterInternal(HttpServletRequest request,
-			HttpServletResponse response, FilterChain chain)
-					throws IOException, ServletException {
+	protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
+			throws IOException, ServletException {
 		final boolean debug = this.logger.isDebugEnabled();
 		try {
 			UsernamePasswordAuthenticationToken authRequest = authenticationConverter.convert(request);
@@ -159,14 +158,11 @@ public class BasicAuthenticationFilter extends OncePerRequestFilter {
 			String username = authRequest.getName();
 
 			if (debug) {
-				this.logger
-						.debug("Basic Authentication Authorization header found for user '"
-								+ username + "'");
+				this.logger.debug("Basic Authentication Authorization header found for user '" + username + "'");
 			}
 
 			if (authenticationIsRequired(username)) {
-				Authentication authResult = this.authenticationManager
-						.authenticate(authRequest);
+				Authentication authResult = this.authenticationManager.authenticate(authRequest);
 
 				if (debug) {
 					this.logger.debug("Authentication success: " + authResult);
@@ -208,8 +204,7 @@ public class BasicAuthenticationFilter extends OncePerRequestFilter {
 		// Only reauthenticate if username doesn't match SecurityContextHolder and user
 		// isn't authenticated
 		// (see SEC-53)
-		Authentication existingAuth = SecurityContextHolder.getContext()
-				.getAuthentication();
+		Authentication existingAuth = SecurityContextHolder.getContext().getAuthentication();
 
 		if (existingAuth == null || !existingAuth.isAuthenticated()) {
 			return true;
@@ -219,8 +214,7 @@ public class BasicAuthenticationFilter extends OncePerRequestFilter {
 		// UsernamePasswordAuthenticationToken)
 		// (see SEC-348)
 
-		if (existingAuth instanceof UsernamePasswordAuthenticationToken
-				&& !existingAuth.getName().equals(username)) {
+		if (existingAuth instanceof UsernamePasswordAuthenticationToken && !existingAuth.getName().equals(username)) {
 			return true;
 		}
 
@@ -244,12 +238,12 @@ public class BasicAuthenticationFilter extends OncePerRequestFilter {
 		return false;
 	}
 
-	protected void onSuccessfulAuthentication(HttpServletRequest request,
-			HttpServletResponse response, Authentication authResult) throws IOException {
+	protected void onSuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response,
+			Authentication authResult) throws IOException {
 	}
 
-	protected void onUnsuccessfulAuthentication(HttpServletRequest request,
-			HttpServletResponse response, AuthenticationException failed) throws IOException {
+	protected void onUnsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response,
+			AuthenticationException failed) throws IOException {
 	}
 
 	protected AuthenticationEntryPoint getAuthenticationEntryPoint() {
@@ -283,4 +277,5 @@ public class BasicAuthenticationFilter extends OncePerRequestFilter {
 	protected String getCredentialsCharset(HttpServletRequest httpRequest) {
 		return this.credentialsCharset;
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthUtils.java b/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthUtils.java
index df246a3edf..5800be6819 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthUtils.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthUtils.java
@@ -87,7 +87,6 @@ final class DigestAuthUtils {
 	 * Computes the <code>response</code> portion of a Digest authentication header. Both
 	 * the server and user agent should compute the <code>response</code> independently.
 	 * Provided as a static method to simplify the coding of user agents.
-	 *
 	 * @param passwordAlreadyEncoded true if the password argument is already encoded in
 	 * the correct format. False if it is plain text.
 	 * @param username the user's login name.
@@ -102,9 +101,9 @@ final class DigestAuthUtils {
 	 * @return the MD5 of the digest authentication response, encoded in hex
 	 * @throws IllegalArgumentException if the supplied qop value is unsupported.
 	 */
-	static String generateDigest(boolean passwordAlreadyEncoded, String username,
-			String realm, String password, String httpMethod, String uri, String qop,
-			String nonce, String nc, String cnonce) throws IllegalArgumentException {
+	static String generateDigest(boolean passwordAlreadyEncoded, String username, String realm, String password,
+			String httpMethod, String uri, String qop, String nonce, String nc, String cnonce)
+			throws IllegalArgumentException {
 		String a1Md5;
 		String a2 = httpMethod + ":" + uri;
 		String a2Md5 = md5Hex(a2);
@@ -124,12 +123,10 @@ final class DigestAuthUtils {
 		}
 		else if ("auth".equals(qop)) {
 			// As per RFC 2617 compliant clients
-			digest = a1Md5 + ":" + nonce + ":" + nc + ":" + cnonce + ":" + qop + ":"
-					+ a2Md5;
+			digest = a1Md5 + ":" + nonce + ":" + nc + ":" + cnonce + ":" + qop + ":" + a2Md5;
 		}
 		else {
-			throw new IllegalArgumentException("This method does not support a qop: '"
-					+ qop + "'");
+			throw new IllegalArgumentException("This method does not support a qop: '" + qop + "'");
 		}
 
 		return md5Hex(digest);
@@ -143,7 +140,6 @@ final class DigestAuthUtils {
 	 * <p>
 	 * Will trim both the key and value before adding to the <code>Map</code>.
 	 * </p>
-	 *
 	 * @param array the array to process
 	 * @param delimiter to split each element using (typically the equals symbol)
 	 * @param removeCharacters one or more characters to remove from each element prior to
@@ -152,8 +148,8 @@ final class DigestAuthUtils {
 	 * @return a <code>Map</code> representing the array contents, or <code>null</code> if
 	 * the array to process was null or empty
 	 */
-	static Map<String, String> splitEachArrayElementAndCreateMap(String[] array,
-			String delimiter, String removeCharacters) {
+	static Map<String, String> splitEachArrayElementAndCreateMap(String[] array, String delimiter,
+			String removeCharacters) {
 		if ((array == null) || (array.length == 0)) {
 			return null;
 		}
@@ -187,7 +183,6 @@ final class DigestAuthUtils {
 	 * <p>
 	 * Does not include the delimiter in the response.
 	 * </p>
-	 *
 	 * @param toSplit the string to split
 	 * @param delimiter to split the string up with
 	 * @return a two element array with index 0 being before the delimiter, and index 1
@@ -196,12 +191,10 @@ final class DigestAuthUtils {
 	 */
 	static String[] split(String toSplit, String delimiter) {
 		Assert.hasLength(toSplit, "Cannot split a null or empty string");
-		Assert.hasLength(delimiter,
-				"Cannot use a null or empty delimiter to split a string");
+		Assert.hasLength(delimiter, "Cannot use a null or empty delimiter to split a string");
 
 		if (delimiter.length() != 1) {
-			throw new IllegalArgumentException(
-					"Delimiter can only be one character in length");
+			throw new IllegalArgumentException("Delimiter can only be one character in length");
 		}
 
 		int offset = toSplit.indexOf(delimiter);
@@ -227,4 +220,5 @@ final class DigestAuthUtils {
 
 		return new String(Hex.encode(digest.digest(data.getBytes())));
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthenticationEntryPoint.java b/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthenticationEntryPoint.java
index ed43f82208..2bc777e21a 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthenticationEntryPoint.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthenticationEntryPoint.java
@@ -44,20 +44,22 @@ import org.springframework.security.web.AuthenticationEntryPoint;
  *
  * @author Ben Alex
  */
-public class DigestAuthenticationEntryPoint implements AuthenticationEntryPoint,
-		InitializingBean, Ordered {
+public class DigestAuthenticationEntryPoint implements AuthenticationEntryPoint, InitializingBean, Ordered {
+
 	// ~ Static fields/initializers
 	// =====================================================================================
 
-	private static final Log logger = LogFactory
-			.getLog(DigestAuthenticationEntryPoint.class);
+	private static final Log logger = LogFactory.getLog(DigestAuthenticationEntryPoint.class);
 
 	// ~ Instance fields
 	// ================================================================================================
 
 	private String key;
+
 	private String realmName;
+
 	private int nonceValiditySeconds = 300;
+
 	private int order = Integer.MAX_VALUE; // ~ default
 
 	// ~ Methods
@@ -96,21 +98,19 @@ public class DigestAuthenticationEntryPoint implements AuthenticationEntryPoint,
 		// qop is quality of protection, as defined by RFC 2617.
 		// we do not use opaque due to IE violation of RFC 2617 in not
 		// representing opaque on subsequent requests in same session.
-		String authenticateHeader = "Digest realm=\"" + realmName + "\", "
-				+ "qop=\"auth\", nonce=\"" + nonceValueBase64 + "\"";
+		String authenticateHeader = "Digest realm=\"" + realmName + "\", " + "qop=\"auth\", nonce=\"" + nonceValueBase64
+				+ "\"";
 
 		if (authException instanceof NonceExpiredException) {
 			authenticateHeader = authenticateHeader + ", stale=\"true\"";
 		}
 
 		if (logger.isDebugEnabled()) {
-			logger.debug("WWW-Authenticate header sent to user agent: "
-					+ authenticateHeader);
+			logger.debug("WWW-Authenticate header sent to user agent: " + authenticateHeader);
 		}
 
 		httpResponse.addHeader("WWW-Authenticate", authenticateHeader);
-		httpResponse.sendError(HttpStatus.UNAUTHORIZED.value(),
-			HttpStatus.UNAUTHORIZED.getReasonPhrase());
+		httpResponse.sendError(HttpStatus.UNAUTHORIZED.value(), HttpStatus.UNAUTHORIZED.getReasonPhrase());
 	}
 
 	public String getKey() {
@@ -136,4 +136,5 @@ public class DigestAuthenticationEntryPoint implements AuthenticationEntryPoint,
 	public void setRealmName(String realmName) {
 		this.realmName = realmName;
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilter.java b/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilter.java
index 1696015efe..6f6abb7faf 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilter.java
@@ -87,8 +87,8 @@ import org.springframework.web.filter.GenericFilterBean;
  * @author Luke Taylor
  * @since 1.0.0
  */
-public class DigestAuthenticationFilter extends GenericFilterBean
-		implements MessageSourceAware {
+public class DigestAuthenticationFilter extends GenericFilterBean implements MessageSourceAware {
+
 	// ~ Static fields/initializers
 	// =====================================================================================
 
@@ -98,11 +98,17 @@ public class DigestAuthenticationFilter extends GenericFilterBean
 	// ================================================================================================
 
 	private AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource = new WebAuthenticationDetailsSource();
+
 	private DigestAuthenticationEntryPoint authenticationEntryPoint;
+
 	protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
+
 	private UserCache userCache = new NullUserCache();
+
 	private UserDetailsService userDetailsService;
+
 	private boolean passwordAlreadyEncoded = false;
+
 	private boolean createAuthenticatedToken = false;
 
 	// ~ Methods
@@ -111,8 +117,7 @@ public class DigestAuthenticationFilter extends GenericFilterBean
 	@Override
 	public void afterPropertiesSet() {
 		Assert.notNull(this.userDetailsService, "A UserDetailsService is required");
-		Assert.notNull(this.authenticationEntryPoint,
-				"A DigestAuthenticationEntryPoint is required");
+		Assert.notNull(this.authenticationEntryPoint, "A DigestAuthenticationEntryPoint is required");
 	}
 
 	public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
@@ -129,8 +134,7 @@ public class DigestAuthenticationFilter extends GenericFilterBean
 		}
 
 		if (logger.isDebugEnabled()) {
-			logger.debug(
-					"Digest Authorization header received from user agent: " + header);
+			logger.debug("Digest Authorization header received from user agent: " + header);
 		}
 
 		DigestData digestAuth = new DigestData(header);
@@ -155,8 +159,7 @@ public class DigestAuthenticationFilter extends GenericFilterBean
 		try {
 			if (user == null) {
 				cacheWasUsed = false;
-				user = this.userDetailsService
-						.loadUserByUsername(digestAuth.getUsername());
+				user = this.userDetailsService.loadUserByUsername(digestAuth.getUsername());
 
 				if (user == null) {
 					throw new AuthenticationServiceException(
@@ -166,8 +169,7 @@ public class DigestAuthenticationFilter extends GenericFilterBean
 				this.userCache.putUserInCache(user);
 			}
 
-			serverDigestMd5 = digestAuth.calculateServerDigest(user.getPassword(),
-					request.getMethod());
+			serverDigestMd5 = digestAuth.calculateServerDigest(user.getPassword(), request.getMethod());
 
 			// If digest is incorrect, try refreshing from backend and recomputing
 			if (!serverDigestMd5.equals(digestAuth.getResponse()) && cacheWasUsed) {
@@ -176,20 +178,16 @@ public class DigestAuthenticationFilter extends GenericFilterBean
 							"Digest comparison failure; trying to refresh user from DAO in case password had changed");
 				}
 
-				user = this.userDetailsService
-						.loadUserByUsername(digestAuth.getUsername());
+				user = this.userDetailsService.loadUserByUsername(digestAuth.getUsername());
 				this.userCache.putUserInCache(user);
-				serverDigestMd5 = digestAuth.calculateServerDigest(user.getPassword(),
-						request.getMethod());
+				serverDigestMd5 = digestAuth.calculateServerDigest(user.getPassword(), request.getMethod());
 			}
 
 		}
 		catch (UsernameNotFoundException notFound) {
 			fail(request, response,
-					new BadCredentialsException(this.messages.getMessage(
-							"DigestAuthenticationFilter.usernameNotFound",
-							new Object[] { digestAuth.getUsername() },
-							"Username {0} not found")));
+					new BadCredentialsException(this.messages.getMessage("DigestAuthenticationFilter.usernameNotFound",
+							new Object[] { digestAuth.getUsername() }, "Username {0} not found")));
 
 			return;
 		}
@@ -197,15 +195,12 @@ public class DigestAuthenticationFilter extends GenericFilterBean
 		// If digest is still incorrect, definitely reject authentication attempt
 		if (!serverDigestMd5.equals(digestAuth.getResponse())) {
 			if (logger.isDebugEnabled()) {
-				logger.debug("Expected response: '" + serverDigestMd5
-						+ "' but received: '" + digestAuth.getResponse()
+				logger.debug("Expected response: '" + serverDigestMd5 + "' but received: '" + digestAuth.getResponse()
 						+ "'; is AuthenticationDao returning clear text passwords?");
 			}
 
-			fail(request, response,
-					new BadCredentialsException(this.messages.getMessage(
-							"DigestAuthenticationFilter.incorrectResponse",
-							"Incorrect response")));
+			fail(request, response, new BadCredentialsException(
+					this.messages.getMessage("DigestAuthenticationFilter.incorrectResponse", "Incorrect response")));
 			return;
 		}
 
@@ -214,17 +209,15 @@ public class DigestAuthenticationFilter extends GenericFilterBean
 		// We do this last so we can direct the user agent its nonce is stale
 		// but the request was otherwise appearing to be valid
 		if (digestAuth.isNonceExpired()) {
-			fail(request, response,
-					new NonceExpiredException(this.messages.getMessage(
-							"DigestAuthenticationFilter.nonceExpired",
-							"Nonce has expired/timed out")));
+			fail(request, response, new NonceExpiredException(this.messages
+					.getMessage("DigestAuthenticationFilter.nonceExpired", "Nonce has expired/timed out")));
 
 			return;
 		}
 
 		if (logger.isDebugEnabled()) {
-			logger.debug("Authentication success for user: '" + digestAuth.getUsername()
-					+ "' with response: '" + digestAuth.getResponse() + "'");
+			logger.debug("Authentication success for user: '" + digestAuth.getUsername() + "' with response: '"
+					+ digestAuth.getResponse() + "'");
 		}
 
 		Authentication authentication = createSuccessfulAuthentication(request, user);
@@ -235,16 +228,13 @@ public class DigestAuthenticationFilter extends GenericFilterBean
 		chain.doFilter(request, response);
 	}
 
-	private Authentication createSuccessfulAuthentication(HttpServletRequest request,
-			UserDetails user) {
+	private Authentication createSuccessfulAuthentication(HttpServletRequest request, UserDetails user) {
 		UsernamePasswordAuthenticationToken authRequest;
 		if (this.createAuthenticatedToken) {
-			authRequest = new UsernamePasswordAuthenticationToken(user,
-					user.getPassword(), user.getAuthorities());
+			authRequest = new UsernamePasswordAuthenticationToken(user, user.getPassword(), user.getAuthorities());
 		}
 		else {
-			authRequest = new UsernamePasswordAuthenticationToken(user,
-					user.getPassword());
+			authRequest = new UsernamePasswordAuthenticationToken(user, user.getPassword());
 		}
 
 		authRequest.setDetails(this.authenticationDetailsSource.buildDetails(request));
@@ -252,8 +242,8 @@ public class DigestAuthenticationFilter extends GenericFilterBean
 		return authRequest;
 	}
 
-	private void fail(HttpServletRequest request, HttpServletResponse response,
-			AuthenticationException failed) throws IOException, ServletException {
+	private void fail(HttpServletRequest request, HttpServletResponse response, AuthenticationException failed)
+			throws IOException, ServletException {
 		SecurityContextHolder.getContext().setAuthentication(null);
 
 		if (logger.isDebugEnabled()) {
@@ -277,13 +267,11 @@ public class DigestAuthenticationFilter extends GenericFilterBean
 
 	public void setAuthenticationDetailsSource(
 			AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource) {
-		Assert.notNull(authenticationDetailsSource,
-				"AuthenticationDetailsSource required");
+		Assert.notNull(authenticationDetailsSource, "AuthenticationDetailsSource required");
 		this.authenticationDetailsSource = authenticationDetailsSource;
 	}
 
-	public void setAuthenticationEntryPoint(
-			DigestAuthenticationEntryPoint authenticationEntryPoint) {
+	public void setAuthenticationEntryPoint(DigestAuthenticationEntryPoint authenticationEntryPoint) {
 		this.authenticationEntryPoint = authenticationEntryPoint;
 	}
 
@@ -313,7 +301,6 @@ public class DigestAuthenticationFilter extends GenericFilterBean
 	 * your UserDetailsService will be called twice. A more secure option would be to
 	 * introduce a cache around your UserDetailsService, but if you don't use these flags,
 	 * you can also safely enable this option.
-	 *
 	 * @param createAuthenticatedToken default is false
 	 */
 	public void setCreateAuthenticatedToken(boolean createAuthenticatedToken) {
@@ -321,23 +308,31 @@ public class DigestAuthenticationFilter extends GenericFilterBean
 	}
 
 	private class DigestData {
+
 		private final String username;
+
 		private final String realm;
+
 		private final String nonce;
+
 		private final String uri;
+
 		private final String response;
+
 		private final String qop;
+
 		private final String nc;
+
 		private final String cnonce;
+
 		private final String section212response;
+
 		private long nonceExpiryTime;
 
 		DigestData(String header) {
 			this.section212response = header.substring(7);
-			String[] headerEntries = DigestAuthUtils
-					.splitIgnoringQuotes(this.section212response, ',');
-			Map<String, String> headerMap = DigestAuthUtils
-					.splitEachArrayElementAndCreateMap(headerEntries, "=", "\"");
+			String[] headerEntries = DigestAuthUtils.splitIgnoringQuotes(this.section212response, ',');
+			Map<String, String> headerMap = DigestAuthUtils.splitEachArrayElementAndCreateMap(headerEntries, "=", "\"");
 
 			this.username = headerMap.get("username");
 			this.realm = headerMap.get("realm");
@@ -349,44 +344,37 @@ public class DigestAuthenticationFilter extends GenericFilterBean
 			this.cnonce = headerMap.get("cnonce"); // RFC 2617 extension
 
 			if (logger.isDebugEnabled()) {
-				logger.debug("Extracted username: '" + this.username + "'; realm: '"
-						+ this.realm + "'; nonce: '" + this.nonce + "'; uri: '" + this.uri
-						+ "'; response: '" + this.response + "'");
+				logger.debug("Extracted username: '" + this.username + "'; realm: '" + this.realm + "'; nonce: '"
+						+ this.nonce + "'; uri: '" + this.uri + "'; response: '" + this.response + "'");
 			}
 		}
 
-		void validateAndDecode(String entryPointKey, String expectedRealm)
-				throws BadCredentialsException {
+		void validateAndDecode(String entryPointKey, String expectedRealm) throws BadCredentialsException {
 			// Check all required parameters were supplied (ie RFC 2069)
-			if ((this.username == null) || (this.realm == null) || (this.nonce == null)
-					|| (this.uri == null) || (this.response == null)) {
-				throw new BadCredentialsException(DigestAuthenticationFilter.this.messages
-						.getMessage("DigestAuthenticationFilter.missingMandatory",
-								new Object[] { this.section212response },
-								"Missing mandatory digest value; received header {0}"));
+			if ((this.username == null) || (this.realm == null) || (this.nonce == null) || (this.uri == null)
+					|| (this.response == null)) {
+				throw new BadCredentialsException(DigestAuthenticationFilter.this.messages.getMessage(
+						"DigestAuthenticationFilter.missingMandatory", new Object[] { this.section212response },
+						"Missing mandatory digest value; received header {0}"));
 			}
 			// Check all required parameters for an "auth" qop were supplied (ie RFC 2617)
 			if ("auth".equals(this.qop)) {
 				if ((this.nc == null) || (this.cnonce == null)) {
 					if (logger.isDebugEnabled()) {
-						logger.debug("extracted nc: '" + this.nc + "'; cnonce: '"
-								+ this.cnonce + "'");
+						logger.debug("extracted nc: '" + this.nc + "'; cnonce: '" + this.cnonce + "'");
 					}
 
-					throw new BadCredentialsException(
-							DigestAuthenticationFilter.this.messages.getMessage(
-									"DigestAuthenticationFilter.missingAuth",
-									new Object[] { this.section212response },
-									"Missing mandatory digest value; received header {0}"));
+					throw new BadCredentialsException(DigestAuthenticationFilter.this.messages.getMessage(
+							"DigestAuthenticationFilter.missingAuth", new Object[] { this.section212response },
+							"Missing mandatory digest value; received header {0}"));
 				}
 			}
 
 			// Check realm name equals what we expected
 			if (!expectedRealm.equals(this.realm)) {
-				throw new BadCredentialsException(DigestAuthenticationFilter.this.messages
-						.getMessage("DigestAuthenticationFilter.incorrectRealm",
-								new Object[] { this.realm, expectedRealm },
-								"Response realm name '{0}' does not match system realm name of '{1}'"));
+				throw new BadCredentialsException(DigestAuthenticationFilter.this.messages.getMessage(
+						"DigestAuthenticationFilter.incorrectRealm", new Object[] { this.realm, expectedRealm },
+						"Response realm name '{0}' does not match system realm name of '{1}'"));
 			}
 
 			// Check nonce was Base64 encoded (as sent by DigestAuthenticationEntryPoint)
@@ -394,24 +382,21 @@ public class DigestAuthenticationFilter extends GenericFilterBean
 				Base64.getDecoder().decode(this.nonce.getBytes());
 			}
 			catch (IllegalArgumentException e) {
-				throw new BadCredentialsException(DigestAuthenticationFilter.this.messages
-						.getMessage("DigestAuthenticationFilter.nonceEncoding",
-								new Object[] { this.nonce },
-								"Nonce is not encoded in Base64; received nonce {0}"));
+				throw new BadCredentialsException(
+						DigestAuthenticationFilter.this.messages.getMessage("DigestAuthenticationFilter.nonceEncoding",
+								new Object[] { this.nonce }, "Nonce is not encoded in Base64; received nonce {0}"));
 			}
 
 			// Decode nonce from Base64
 			// format of nonce is:
 			// base64(expirationTime + ":" + md5Hex(expirationTime + ":" + key))
 			String nonceAsPlainText = new String(Base64.getDecoder().decode(this.nonce.getBytes()));
-			String[] nonceTokens = StringUtils
-					.delimitedListToStringArray(nonceAsPlainText, ":");
+			String[] nonceTokens = StringUtils.delimitedListToStringArray(nonceAsPlainText, ":");
 
 			if (nonceTokens.length != 2) {
-				throw new BadCredentialsException(DigestAuthenticationFilter.this.messages
-						.getMessage("DigestAuthenticationFilter.nonceNotTwoTokens",
-								new Object[] { nonceAsPlainText },
-								"Nonce should have yielded two tokens but was {0}"));
+				throw new BadCredentialsException(DigestAuthenticationFilter.this.messages.getMessage(
+						"DigestAuthenticationFilter.nonceNotTwoTokens", new Object[] { nonceAsPlainText },
+						"Nonce should have yielded two tokens but was {0}"));
 			}
 
 			// Extract expiry time from nonce
@@ -420,21 +405,18 @@ public class DigestAuthenticationFilter extends GenericFilterBean
 				this.nonceExpiryTime = new Long(nonceTokens[0]);
 			}
 			catch (NumberFormatException nfe) {
-				throw new BadCredentialsException(DigestAuthenticationFilter.this.messages
-						.getMessage("DigestAuthenticationFilter.nonceNotNumeric",
-								new Object[] { nonceAsPlainText },
-								"Nonce token should have yielded a numeric first token, but was {0}"));
+				throw new BadCredentialsException(DigestAuthenticationFilter.this.messages.getMessage(
+						"DigestAuthenticationFilter.nonceNotNumeric", new Object[] { nonceAsPlainText },
+						"Nonce token should have yielded a numeric first token, but was {0}"));
 			}
 
 			// Check signature of nonce matches this expiry time
-			String expectedNonceSignature = DigestAuthUtils
-					.md5Hex(this.nonceExpiryTime + ":" + entryPointKey);
+			String expectedNonceSignature = DigestAuthUtils.md5Hex(this.nonceExpiryTime + ":" + entryPointKey);
 
 			if (!expectedNonceSignature.equals(nonceTokens[1])) {
-				throw new BadCredentialsException(DigestAuthenticationFilter.this.messages
-						.getMessage("DigestAuthenticationFilter.nonceCompromised",
-								new Object[] { nonceAsPlainText },
-								"Nonce token compromised {0}"));
+				throw new BadCredentialsException(DigestAuthenticationFilter.this.messages.getMessage(
+						"DigestAuthenticationFilter.nonceCompromised", new Object[] { nonceAsPlainText },
+						"Nonce token compromised {0}"));
 			}
 		}
 
@@ -442,10 +424,8 @@ public class DigestAuthenticationFilter extends GenericFilterBean
 			// Compute the expected response-digest (will be in hex form)
 
 			// Don't catch IllegalArgumentException (already checked validity)
-			return DigestAuthUtils.generateDigest(
-					DigestAuthenticationFilter.this.passwordAlreadyEncoded, this.username,
-					this.realm, password, httpMethod, this.uri, this.qop, this.nonce,
-					this.nc, this.cnonce);
+			return DigestAuthUtils.generateDigest(DigestAuthenticationFilter.this.passwordAlreadyEncoded, this.username,
+					this.realm, password, httpMethod, this.uri, this.qop, this.nonce, this.nc, this.cnonce);
 		}
 
 		boolean isNonceExpired() {
@@ -460,5 +440,7 @@ public class DigestAuthenticationFilter extends GenericFilterBean
 		String getResponse() {
 			return this.response;
 		}
+
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/authentication/www/NonceExpiredException.java b/web/src/main/java/org/springframework/security/web/authentication/www/NonceExpiredException.java
index 10bd15a970..038e381c82 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/www/NonceExpiredException.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/www/NonceExpiredException.java
@@ -24,12 +24,12 @@ import org.springframework.security.core.AuthenticationException;
  * @author Ben Alex
  */
 public class NonceExpiredException extends AuthenticationException {
+
 	// ~ Constructors
 	// ===================================================================================================
 
 	/**
 	 * Constructs a <code>NonceExpiredException</code> with the specified message.
-	 *
 	 * @param msg the detail message
 	 */
 	public NonceExpiredException(String msg) {
@@ -39,11 +39,11 @@ public class NonceExpiredException extends AuthenticationException {
 	/**
 	 * Constructs a <code>NonceExpiredException</code> with the specified message and root
 	 * cause.
-	 *
 	 * @param msg the detail message
 	 * @param t root cause
 	 */
 	public NonceExpiredException(String msg, Throwable t) {
 		super(msg, t);
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/authentication/www/package-info.java b/web/src/main/java/org/springframework/security/web/authentication/www/package-info.java
index 16f05b337d..052f3ae654 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/www/package-info.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/www/package-info.java
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 /**
- * WWW-Authenticate based authentication mechanism implementations: Basic and Digest authentication.
+ * WWW-Authenticate based authentication mechanism implementations: Basic and Digest
+ * authentication.
  */
 package org.springframework.security.web.authentication.www;
-
diff --git a/web/src/main/java/org/springframework/security/web/bind/annotation/AuthenticationPrincipal.java b/web/src/main/java/org/springframework/security/web/bind/annotation/AuthenticationPrincipal.java
index cc09504d2f..0b570c9b58 100644
--- a/web/src/main/java/org/springframework/security/web/bind/annotation/AuthenticationPrincipal.java
+++ b/web/src/main/java/org/springframework/security/web/bind/annotation/AuthenticationPrincipal.java
@@ -28,8 +28,8 @@ import org.springframework.security.core.Authentication;
  * {@link Authentication#getPrincipal()}. This is necessary to signal that the argument
  * should be resolved to the current user rather than a user that might be edited on a
  * form.
- *
- * @deprecated Use {@link org.springframework.security.core.annotation.AuthenticationPrincipal} instead.
+ * @deprecated Use
+ * {@link org.springframework.security.core.annotation.AuthenticationPrincipal} instead.
  *
  * @author Rob Winch
  * @since 3.2
@@ -43,8 +43,8 @@ public @interface AuthenticationPrincipal {
 	/**
 	 * True if a {@link ClassCastException} should be thrown when the current
 	 * {@link Authentication#getPrincipal()} is the incorrect type. Default is false.
-	 *
 	 * @return
 	 */
 	boolean errorOnInvalidType() default false;
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/bind/support/AuthenticationPrincipalArgumentResolver.java b/web/src/main/java/org/springframework/security/web/bind/support/AuthenticationPrincipalArgumentResolver.java
index ea6f0cc9c0..28e7db61d3 100644
--- a/web/src/main/java/org/springframework/security/web/bind/support/AuthenticationPrincipalArgumentResolver.java
+++ b/web/src/main/java/org/springframework/security/web/bind/support/AuthenticationPrincipalArgumentResolver.java
@@ -77,14 +77,14 @@ import org.springframework.web.method.support.ModelAndViewContainer;
  * }
  * </pre>
  *
- * @deprecated Use {@link org.springframework.security.web.method.annotation.AuthenticationPrincipalArgumentResolver} instead.
- *
+ * @deprecated Use
+ * {@link org.springframework.security.web.method.annotation.AuthenticationPrincipalArgumentResolver}
+ * instead.
  * @author Rob Winch
  * @since 3.2
  */
 @Deprecated
-public final class AuthenticationPrincipalArgumentResolver
-		implements HandlerMethodArgumentResolver {
+public final class AuthenticationPrincipalArgumentResolver implements HandlerMethodArgumentResolver {
 
 	/*
 	 * (non-Javadoc)
@@ -105,22 +105,17 @@ public final class AuthenticationPrincipalArgumentResolver
 	 * org.springframework.web.context.request.NativeWebRequest,
 	 * org.springframework.web.bind.support.WebDataBinderFactory)
 	 */
-	public Object resolveArgument(MethodParameter parameter,
-			ModelAndViewContainer mavContainer, NativeWebRequest webRequest,
-			WebDataBinderFactory binderFactory) {
-		Authentication authentication = SecurityContextHolder.getContext()
-				.getAuthentication();
+	public Object resolveArgument(MethodParameter parameter, ModelAndViewContainer mavContainer,
+			NativeWebRequest webRequest, WebDataBinderFactory binderFactory) {
+		Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
 		if (authentication == null) {
 			return null;
 		}
 		Object principal = authentication.getPrincipal();
-		if (principal != null
-				&& !parameter.getParameterType().isAssignableFrom(principal.getClass())) {
-			AuthenticationPrincipal authPrincipal = findMethodAnnotation(
-					AuthenticationPrincipal.class, parameter);
+		if (principal != null && !parameter.getParameterType().isAssignableFrom(principal.getClass())) {
+			AuthenticationPrincipal authPrincipal = findMethodAnnotation(AuthenticationPrincipal.class, parameter);
 			if (authPrincipal.errorOnInvalidType()) {
-				throw new ClassCastException(principal + " is not assignable to "
-						+ parameter.getParameterType());
+				throw new ClassCastException(principal + " is not assignable to " + parameter.getParameterType());
 			}
 			else {
 				return null;
@@ -131,26 +126,24 @@ public final class AuthenticationPrincipalArgumentResolver
 
 	/**
 	 * Obtains the specified {@link Annotation} on the specified {@link MethodParameter}.
-	 *
 	 * @param annotationClass the class of the {@link Annotation} to find on the
 	 * {@link MethodParameter}
 	 * @param parameter the {@link MethodParameter} to search for an {@link Annotation}
 	 * @return the {@link Annotation} that was found or null.
 	 */
-	private <T extends Annotation> T findMethodAnnotation(Class<T> annotationClass,
-			MethodParameter parameter) {
+	private <T extends Annotation> T findMethodAnnotation(Class<T> annotationClass, MethodParameter parameter) {
 		T annotation = parameter.getParameterAnnotation(annotationClass);
 		if (annotation != null) {
 			return annotation;
 		}
 		Annotation[] annotationsToSearch = parameter.getParameterAnnotations();
 		for (Annotation toSearch : annotationsToSearch) {
-			annotation = AnnotationUtils.findAnnotation(toSearch.annotationType(),
-					annotationClass);
+			annotation = AnnotationUtils.findAnnotation(toSearch.annotationType(), annotationClass);
 			if (annotation != null) {
 				return annotation;
 			}
 		}
 		return null;
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/context/AbstractSecurityWebApplicationInitializer.java b/web/src/main/java/org/springframework/security/web/context/AbstractSecurityWebApplicationInitializer.java
index 76276d6021..1b3e772d06 100644
--- a/web/src/main/java/org/springframework/security/web/context/AbstractSecurityWebApplicationInitializer.java
+++ b/web/src/main/java/org/springframework/security/web/context/AbstractSecurityWebApplicationInitializer.java
@@ -70,8 +70,7 @@ import org.springframework.web.filter.DelegatingFilterProxy;
  * @author Rob Winch
  * @author Keesun Baik
  */
-public abstract class AbstractSecurityWebApplicationInitializer
-		implements WebApplicationInitializer {
+public abstract class AbstractSecurityWebApplicationInitializer implements WebApplicationInitializer {
 
 	private static final String SERVLET_CONTEXT_PREFIX = "org.springframework.web.servlet.FrameworkServlet.CONTEXT.";
 
@@ -94,11 +93,9 @@ public abstract class AbstractSecurityWebApplicationInitializer
 	/**
 	 * Creates a new instance that will instantiate the {@link ContextLoaderListener} with
 	 * the specified classes.
-	 *
 	 * @param configurationClasses
 	 */
-	protected AbstractSecurityWebApplicationInitializer(
-			Class<?>... configurationClasses) {
+	protected AbstractSecurityWebApplicationInitializer(Class<?>... configurationClasses) {
 		this.configurationClasses = configurationClasses;
 	}
 
@@ -116,8 +113,7 @@ public abstract class AbstractSecurityWebApplicationInitializer
 			servletContext.addListener(new ContextLoaderListener(rootAppContext));
 		}
 		if (enableHttpSessionEventPublisher()) {
-			servletContext.addListener(
-					"org.springframework.security.web.session.HttpSessionEventPublisher");
+			servletContext.addListener("org.springframework.security.web.session.HttpSessionEventPublisher");
 		}
 		servletContext.setSessionTrackingModes(getSessionTrackingModes());
 		insertSpringSecurityFilterChain(servletContext);
@@ -128,7 +124,6 @@ public abstract class AbstractSecurityWebApplicationInitializer
 	 * Override this if {@link HttpSessionEventPublisher} should be added as a listener.
 	 * This should be true, if session management has specified a maximum number of
 	 * sessions.
-	 *
 	 * @return true to add {@link HttpSessionEventPublisher}, else false
 	 */
 	protected boolean enableHttpSessionEventPublisher() {
@@ -141,8 +136,7 @@ public abstract class AbstractSecurityWebApplicationInitializer
 	 */
 	private void insertSpringSecurityFilterChain(ServletContext servletContext) {
 		String filterName = DEFAULT_FILTER_NAME;
-		DelegatingFilterProxy springSecurityFilterChain = new DelegatingFilterProxy(
-				filterName);
+		DelegatingFilterProxy springSecurityFilterChain = new DelegatingFilterProxy(filterName);
 		String contextAttribute = getWebApplicationContextAttribute();
 		if (contextAttribute != null) {
 			springSecurityFilterChain.setContextAttribute(contextAttribute);
@@ -154,7 +148,6 @@ public abstract class AbstractSecurityWebApplicationInitializer
 	 * Inserts the provided {@link Filter}s before existing {@link Filter}s using default
 	 * generated names, {@link #getSecurityDispatcherTypes()}, and
 	 * {@link #isAsyncSecuritySupported()}.
-	 *
 	 * @param servletContext the {@link ServletContext} to use
 	 * @param filters the {@link Filter}s to register
 	 */
@@ -166,7 +159,6 @@ public abstract class AbstractSecurityWebApplicationInitializer
 	 * Inserts the provided {@link Filter}s after existing {@link Filter}s using default
 	 * generated names, {@link #getSecurityDispatcherTypes()}, and
 	 * {@link #isAsyncSecuritySupported()}.
-	 *
 	 * @param servletContext the {@link ServletContext} to use
 	 * @param filters the {@link Filter}s to register
 	 */
@@ -177,22 +169,18 @@ public abstract class AbstractSecurityWebApplicationInitializer
 	/**
 	 * Registers the provided {@link Filter}s using default generated names,
 	 * {@link #getSecurityDispatcherTypes()}, and {@link #isAsyncSecuritySupported()}.
-	 *
 	 * @param servletContext the {@link ServletContext} to use
 	 * @param insertBeforeOtherFilters if true, will insert the provided {@link Filter}s
 	 * before other {@link Filter}s. Otherwise, will insert the {@link Filter}s after
 	 * other {@link Filter}s.
 	 * @param filters the {@link Filter}s to register
 	 */
-	private void registerFilters(ServletContext servletContext,
-			boolean insertBeforeOtherFilters, Filter... filters) {
+	private void registerFilters(ServletContext servletContext, boolean insertBeforeOtherFilters, Filter... filters) {
 		Assert.notEmpty(filters, "filters cannot be null or empty");
 
 		for (Filter filter : filters) {
 			if (filter == null) {
-				throw new IllegalArgumentException(
-						"filters cannot contain null values. Got "
-								+ Arrays.asList(filters));
+				throw new IllegalArgumentException("filters cannot contain null values. Got " + Arrays.asList(filters));
 			}
 			String filterName = Conventions.getVariableName(filter);
 			registerFilter(servletContext, insertBeforeOtherFilters, filterName, filter);
@@ -202,25 +190,22 @@ public abstract class AbstractSecurityWebApplicationInitializer
 	/**
 	 * Registers the provided filter using the {@link #isAsyncSecuritySupported()} and
 	 * {@link #getSecurityDispatcherTypes()}.
-	 *
 	 * @param servletContext
 	 * @param insertBeforeOtherFilters should this Filter be inserted before or after
 	 * other {@link Filter}
 	 * @param filterName
 	 * @param filter
 	 */
-	private void registerFilter(ServletContext servletContext,
-								boolean insertBeforeOtherFilters, String filterName, Filter filter) {
+	private void registerFilter(ServletContext servletContext, boolean insertBeforeOtherFilters, String filterName,
+			Filter filter) {
 		Dynamic registration = servletContext.addFilter(filterName, filter);
 		if (registration == null) {
-			throw new IllegalStateException(
-					"Duplicate Filter registration for '" + filterName
-							+ "'. Check to ensure the Filter is only configured once.");
+			throw new IllegalStateException("Duplicate Filter registration for '" + filterName
+					+ "'. Check to ensure the Filter is only configured once.");
 		}
 		registration.setAsyncSupported(isAsyncSecuritySupported());
 		EnumSet<DispatcherType> dispatcherTypes = getSecurityDispatcherTypes();
-		registration.addMappingForUrlPatterns(dispatcherTypes, !insertBeforeOtherFilters,
-				"/*");
+		registration.addMappingForUrlPatterns(dispatcherTypes, !insertBeforeOtherFilters, "/*");
 	}
 
 	/**
@@ -233,7 +218,6 @@ public abstract class AbstractSecurityWebApplicationInitializer
 	 * {@link WebApplicationContext} for the Dispatcher will be used. This means the child
 	 * {@link ApplicationContext} is used to look up the springSecurityFilterChain bean.
 	 * </p>
-	 *
 	 * @return the {@link DelegatingFilterProxy#getContextAttribute()} or null if the
 	 * parent {@link ApplicationContext} should be used
 	 */
@@ -259,7 +243,6 @@ public abstract class AbstractSecurityWebApplicationInitializer
 	 * <p>
 	 * Subclasses can override this method to make customizations.
 	 * </p>
-	 *
 	 * @return
 	 */
 	protected Set<SessionTrackingMode> getSessionTrackingModes() {
@@ -277,7 +260,6 @@ public abstract class AbstractSecurityWebApplicationInitializer
 	 * name, you can return "dispatcher" from this method to use the DispatcherServlet's
 	 * {@link WebApplicationContext}.
 	 * </p>
-	 *
 	 * @return the &lt;servlet-name&gt; of the DispatcherServlet to use its
 	 * {@link WebApplicationContext} or null (default) to use the parent
 	 * {@link ApplicationContext}.
@@ -307,17 +289,16 @@ public abstract class AbstractSecurityWebApplicationInitializer
 	 * @return
 	 */
 	protected EnumSet<DispatcherType> getSecurityDispatcherTypes() {
-		return EnumSet.of(DispatcherType.REQUEST, DispatcherType.ERROR,
-				DispatcherType.ASYNC);
+		return EnumSet.of(DispatcherType.REQUEST, DispatcherType.ERROR, DispatcherType.ASYNC);
 	}
 
 	/**
 	 * Determine if the springSecurityFilterChain should be marked as supporting asynch.
 	 * Default is true.
-	 *
 	 * @return true if springSecurityFilterChain should be marked as supporting asynch
 	 */
 	protected boolean isAsyncSecuritySupported() {
 		return true;
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/context/HttpRequestResponseHolder.java b/web/src/main/java/org/springframework/security/web/context/HttpRequestResponseHolder.java
index 10e828589f..95bde72c8c 100644
--- a/web/src/main/java/org/springframework/security/web/context/HttpRequestResponseHolder.java
+++ b/web/src/main/java/org/springframework/security/web/context/HttpRequestResponseHolder.java
@@ -28,11 +28,12 @@ import javax.servlet.http.HttpServletResponse;
  * @since 3.0
  */
 public final class HttpRequestResponseHolder {
+
 	private HttpServletRequest request;
+
 	private HttpServletResponse response;
 
-	public HttpRequestResponseHolder(HttpServletRequest request,
-			HttpServletResponse response) {
+	public HttpRequestResponseHolder(HttpServletRequest request, HttpServletResponse response) {
 		this.request = request;
 		this.response = response;
 	}
@@ -52,4 +53,5 @@ public final class HttpRequestResponseHolder {
 	public void setResponse(HttpServletResponse response) {
 		this.response = response;
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/context/HttpSessionSecurityContextRepository.java b/web/src/main/java/org/springframework/security/web/context/HttpSessionSecurityContextRepository.java
index 85f90e3f59..9dce3f766c 100644
--- a/web/src/main/java/org/springframework/security/web/context/HttpSessionSecurityContextRepository.java
+++ b/web/src/main/java/org/springframework/security/web/context/HttpSessionSecurityContextRepository.java
@@ -80,6 +80,7 @@ import org.springframework.web.util.WebUtils;
  * @since 3.0
  */
 public class HttpSessionSecurityContextRepository implements SecurityContextRepository {
+
 	/**
 	 * The default key under which the security context will be stored in the session.
 	 */
@@ -92,8 +93,11 @@ public class HttpSessionSecurityContextRepository implements SecurityContextRepo
 	 * content
 	 */
 	private final Object contextObject = SecurityContextHolder.createEmptyContext();
+
 	private boolean allowSessionCreation = true;
+
 	private boolean disableUrlRewriting = false;
+
 	private String springSecurityContextKey = SPRING_SECURITY_CONTEXT_KEY;
 
 	private AuthenticationTrustResolver trustResolver = new AuthenticationTrustResolverImpl();
@@ -114,33 +118,28 @@ public class HttpSessionSecurityContextRepository implements SecurityContextRepo
 
 		if (context == null) {
 			if (logger.isDebugEnabled()) {
-				logger.debug("No SecurityContext was available from the HttpSession: "
-						+ httpSession + ". " + "A new one will be created.");
+				logger.debug("No SecurityContext was available from the HttpSession: " + httpSession + ". "
+						+ "A new one will be created.");
 			}
 			context = generateNewContext();
 
 		}
 
-		SaveToSessionResponseWrapper wrappedResponse = new SaveToSessionResponseWrapper(
-				response, request, httpSession != null, context);
+		SaveToSessionResponseWrapper wrappedResponse = new SaveToSessionResponseWrapper(response, request,
+				httpSession != null, context);
 		requestResponseHolder.setResponse(wrappedResponse);
 
-		requestResponseHolder.setRequest(new SaveToSessionRequestWrapper(
-				request, wrappedResponse));
+		requestResponseHolder.setRequest(new SaveToSessionRequestWrapper(request, wrappedResponse));
 
 		return context;
 	}
 
-	public void saveContext(SecurityContext context, HttpServletRequest request,
-			HttpServletResponse response) {
-		SaveContextOnUpdateOrErrorResponseWrapper responseWrapper = WebUtils
-				.getNativeResponse(response,
-						SaveContextOnUpdateOrErrorResponseWrapper.class);
+	public void saveContext(SecurityContext context, HttpServletRequest request, HttpServletResponse response) {
+		SaveContextOnUpdateOrErrorResponseWrapper responseWrapper = WebUtils.getNativeResponse(response,
+				SaveContextOnUpdateOrErrorResponseWrapper.class);
 		if (responseWrapper == null) {
-			throw new IllegalStateException(
-					"Cannot invoke saveContext on response "
-							+ response
-							+ ". You must use the HttpRequestResponseHolder.response after invoking loadContext");
+			throw new IllegalStateException("Cannot invoke saveContext on response " + response
+					+ ". You must use the HttpRequestResponseHolder.response after invoking loadContext");
 		}
 		// saveContext() might already be called by the response wrapper
 		// if something in the chain called sendError() or sendRedirect(). This ensures we
@@ -162,7 +161,6 @@ public class HttpSessionSecurityContextRepository implements SecurityContextRepo
 	}
 
 	/**
-	 *
 	 * @param httpSession the session obtained from the request.
 	 */
 	private SecurityContext readSecurityContextFromSession(HttpSession httpSession) {
@@ -191,10 +189,8 @@ public class HttpSessionSecurityContextRepository implements SecurityContextRepo
 		// We now have the security context object from the session.
 		if (!(contextFromSession instanceof SecurityContext)) {
 			if (logger.isWarnEnabled()) {
-				logger.warn(springSecurityContextKey
-						+ " did not contain a SecurityContext but contained: '"
-						+ contextFromSession
-						+ "'; are you improperly modifying the HttpSession directly "
+				logger.warn(springSecurityContextKey + " did not contain a SecurityContext but contained: '"
+						+ contextFromSession + "'; are you improperly modifying the HttpSession directly "
 						+ "(you should always use SecurityContextHolder) or using the HttpSession attribute "
 						+ "reserved for this class?");
 			}
@@ -203,8 +199,8 @@ public class HttpSessionSecurityContextRepository implements SecurityContextRepo
 		}
 
 		if (debug) {
-			logger.debug("Obtained a valid SecurityContext from "
-					+ springSecurityContextKey + ": '" + contextFromSession + "'");
+			logger.debug("Obtained a valid SecurityContext from " + springSecurityContextKey + ": '"
+					+ contextFromSession + "'");
 		}
 
 		// Everything OK. The only non-null return from this method.
@@ -218,7 +214,6 @@ public class HttpSessionSecurityContextRepository implements SecurityContextRepo
 	 * called). Using this approach the context creation strategy is decided by the
 	 * {@link SecurityContextHolderStrategy} in use. The default implementations will
 	 * return a new <tt>SecurityContextImpl</tt>.
-	 *
 	 * @return a new SecurityContext instance. Never null.
 	 */
 	protected SecurityContext generateNewContext() {
@@ -233,7 +228,6 @@ public class HttpSessionSecurityContextRepository implements SecurityContextRepo
 	 * Note that setting this flag to false does not prevent this class from storing the
 	 * security context. If your application (or another filter) creates a session, then
 	 * the security context will still be stored for an authenticated user.
-	 *
 	 * @param allowSessionCreation
 	 */
 	public void setAllowSessionCreation(boolean allowSessionCreation) {
@@ -242,7 +236,6 @@ public class HttpSessionSecurityContextRepository implements SecurityContextRepo
 
 	/**
 	 * Allows the use of session identifiers in URLs to be disabled. Off by default.
-	 *
 	 * @param disableUrlRewriting set to <tt>true</tt> to disable URL encoding methods in
 	 * the response wrapper and prevent the use of <tt>jsessionid</tt> parameters.
 	 */
@@ -252,25 +245,22 @@ public class HttpSessionSecurityContextRepository implements SecurityContextRepo
 
 	/**
 	 * Allows the session attribute name to be customized for this repository instance.
-	 *
 	 * @param springSecurityContextKey the key under which the security context will be
 	 * stored. Defaults to {@link #SPRING_SECURITY_CONTEXT_KEY}.
 	 */
 	public void setSpringSecurityContextKey(String springSecurityContextKey) {
-		Assert.hasText(springSecurityContextKey,
-				"springSecurityContextKey cannot be empty");
+		Assert.hasText(springSecurityContextKey, "springSecurityContextKey cannot be empty");
 		this.springSecurityContextKey = springSecurityContextKey;
 	}
 
 	// ~ Inner Classes
 	// ==================================================================================================
 
-	private static class SaveToSessionRequestWrapper extends
-			HttpServletRequestWrapper {
+	private static class SaveToSessionRequestWrapper extends HttpServletRequestWrapper {
+
 		private final SaveContextOnUpdateOrErrorResponseWrapper response;
 
-		SaveToSessionRequestWrapper(HttpServletRequest request,
-				SaveContextOnUpdateOrErrorResponseWrapper response) {
+		SaveToSessionRequestWrapper(HttpServletRequest request, SaveContextOnUpdateOrErrorResponseWrapper response) {
 			super(request);
 			this.response = response;
 		}
@@ -282,11 +272,12 @@ public class HttpSessionSecurityContextRepository implements SecurityContextRepo
 		}
 
 		@Override
-		public AsyncContext startAsync(ServletRequest servletRequest,
-				ServletResponse servletResponse) throws IllegalStateException {
+		public AsyncContext startAsync(ServletRequest servletRequest, ServletResponse servletResponse)
+				throws IllegalStateException {
 			response.disableSaveOnResponseCommitted();
 			return super.startAsync(servletRequest, servletResponse);
 		}
+
 	}
 
 	/**
@@ -298,18 +289,19 @@ public class HttpSessionSecurityContextRepository implements SecurityContextRepo
 	 * Stores the necessary state from the start of the request in order to make a
 	 * decision about whether the security context has changed before saving it.
 	 */
-	final class SaveToSessionResponseWrapper extends
-			SaveContextOnUpdateOrErrorResponseWrapper {
+	final class SaveToSessionResponseWrapper extends SaveContextOnUpdateOrErrorResponseWrapper {
 
 		private final HttpServletRequest request;
+
 		private final boolean httpSessionExistedAtStartOfRequest;
+
 		private final SecurityContext contextBeforeExecution;
+
 		private final Authentication authBeforeExecution;
 
 		/**
 		 * Takes the parameters required to call <code>saveContext()</code> successfully
 		 * in addition to the request and the response object we are wrapping.
-		 *
 		 * @param request the request object (used to obtain the session, if one exists).
 		 * @param httpSessionExistedAtStartOfRequest indicates whether there was a session
 		 * in place before the filter chain executed. If this is true, and the session is
@@ -318,9 +310,8 @@ public class HttpSessionSecurityContextRepository implements SecurityContextRepo
 		 * @param context the context before the filter chain executed. The context will
 		 * only be stored if it or its contents changed during the request.
 		 */
-		SaveToSessionResponseWrapper(HttpServletResponse response,
-				HttpServletRequest request, boolean httpSessionExistedAtStartOfRequest,
-				SecurityContext context) {
+		SaveToSessionResponseWrapper(HttpServletResponse response, HttpServletRequest request,
+				boolean httpSessionExistedAtStartOfRequest, SecurityContext context) {
 			super(response, disableUrlRewriting);
 			this.request = request;
 			this.httpSessionExistedAtStartOfRequest = httpSessionExistedAtStartOfRequest;
@@ -333,7 +324,6 @@ public class HttpSessionSecurityContextRepository implements SecurityContextRepo
 		 * has changed since it was set at the start of the request. If the
 		 * AuthenticationTrustResolver identifies the current user as anonymous, then the
 		 * context will not be stored.
-		 *
 		 * @param context the context object obtained from the SecurityContextHolder after
 		 * the request has been processed by the filter chain.
 		 * SecurityContextHolder.getContext() cannot be used to obtain the context as it
@@ -348,7 +338,8 @@ public class HttpSessionSecurityContextRepository implements SecurityContextRepo
 			// See SEC-776
 			if (authentication == null || trustResolver.isAnonymous(authentication)) {
 				if (logger.isDebugEnabled()) {
-					logger.debug("SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.");
+					logger.debug(
+							"SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.");
 				}
 
 				if (httpSession != null && authBeforeExecution != null) {
@@ -368,21 +359,18 @@ public class HttpSessionSecurityContextRepository implements SecurityContextRepo
 			if (httpSession != null) {
 				// We may have a new session, so check also whether the context attribute
 				// is set SEC-1561
-				if (contextChanged(context)
-						|| httpSession.getAttribute(springSecurityContextKey) == null) {
+				if (contextChanged(context) || httpSession.getAttribute(springSecurityContextKey) == null) {
 					httpSession.setAttribute(springSecurityContextKey, context);
 
 					if (logger.isDebugEnabled()) {
-						logger.debug("SecurityContext '" + context
-								+ "' stored to HttpSession: '" + httpSession);
+						logger.debug("SecurityContext '" + context + "' stored to HttpSession: '" + httpSession);
 					}
 				}
 			}
 		}
 
 		private boolean contextChanged(SecurityContext context) {
-			return context != contextBeforeExecution
-					|| context.getAuthentication() != authBeforeExecution;
+			return context != contextBeforeExecution || context.getAuthentication() != authBeforeExecution;
 		}
 
 		private HttpSession createNewSessionIfAllowed(SecurityContext context) {
@@ -414,9 +402,9 @@ public class HttpSessionSecurityContextRepository implements SecurityContextRepo
 
 			if (contextObject.equals(context)) {
 				if (logger.isDebugEnabled()) {
-					logger.debug("HttpSession is null, but SecurityContext has not changed from default empty context: ' "
-							+ context
-							+ "'; not creating HttpSession or storing SecurityContext");
+					logger.debug(
+							"HttpSession is null, but SecurityContext has not changed from default empty context: ' "
+									+ context + "'; not creating HttpSession or storing SecurityContext");
 				}
 
 				return null;
@@ -438,6 +426,7 @@ public class HttpSessionSecurityContextRepository implements SecurityContextRepo
 
 			return null;
 		}
+
 	}
 
 	private boolean isTransientAuthentication(Authentication authentication) {
@@ -447,7 +436,6 @@ public class HttpSessionSecurityContextRepository implements SecurityContextRepo
 	/**
 	 * Sets the {@link AuthenticationTrustResolver} to be used. The default is
 	 * {@link AuthenticationTrustResolverImpl}.
-	 *
 	 * @param trustResolver the {@link AuthenticationTrustResolver} to use. Cannot be
 	 * null.
 	 */
@@ -455,4 +443,5 @@ public class HttpSessionSecurityContextRepository implements SecurityContextRepo
 		Assert.notNull(trustResolver, "trustResolver cannot be null");
 		this.trustResolver = trustResolver;
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/context/NullSecurityContextRepository.java b/web/src/main/java/org/springframework/security/web/context/NullSecurityContextRepository.java
index 4da6832b26..acedd8369c 100644
--- a/web/src/main/java/org/springframework/security/web/context/NullSecurityContextRepository.java
+++ b/web/src/main/java/org/springframework/security/web/context/NullSecurityContextRepository.java
@@ -35,8 +35,7 @@ public final class NullSecurityContextRepository implements SecurityContextRepos
 		return SecurityContextHolder.createEmptyContext();
 	}
 
-	public void saveContext(SecurityContext context, HttpServletRequest request,
-			HttpServletResponse response) {
+	public void saveContext(SecurityContext context, HttpServletRequest request, HttpServletResponse response) {
 	}
 
 }
diff --git a/web/src/main/java/org/springframework/security/web/context/SaveContextOnUpdateOrErrorResponseWrapper.java b/web/src/main/java/org/springframework/security/web/context/SaveContextOnUpdateOrErrorResponseWrapper.java
index 53c4303954..b337d16b0f 100644
--- a/web/src/main/java/org/springframework/security/web/context/SaveContextOnUpdateOrErrorResponseWrapper.java
+++ b/web/src/main/java/org/springframework/security/web/context/SaveContextOnUpdateOrErrorResponseWrapper.java
@@ -39,10 +39,10 @@ import org.springframework.security.web.util.OnCommittedResponseWrapper;
  * @author Rob Winch
  * @since 3.0
  */
-public abstract class SaveContextOnUpdateOrErrorResponseWrapper
-		extends OnCommittedResponseWrapper {
+public abstract class SaveContextOnUpdateOrErrorResponseWrapper extends OnCommittedResponseWrapper {
 
 	private boolean contextSaved = false;
+
 	/* See SEC-1052 */
 	private final boolean disableUrlRewriting;
 
@@ -52,8 +52,7 @@ public abstract class SaveContextOnUpdateOrErrorResponseWrapper
 	 * preventing the use of URL rewriting to add the session identifier as a URL
 	 * parameter.
 	 */
-	public SaveContextOnUpdateOrErrorResponseWrapper(HttpServletResponse response,
-			boolean disableUrlRewriting) {
+	public SaveContextOnUpdateOrErrorResponseWrapper(HttpServletResponse response, boolean disableUrlRewriting) {
 		super(response);
 		this.disableUrlRewriting = disableUrlRewriting;
 	}
@@ -70,7 +69,6 @@ public abstract class SaveContextOnUpdateOrErrorResponseWrapper
 
 	/**
 	 * Implements the logic for storing the security context.
-	 *
 	 * @param context the <tt>SecurityContext</tt> instance to store
 	 */
 	protected abstract void saveContext(SecurityContext context);
@@ -125,4 +123,5 @@ public abstract class SaveContextOnUpdateOrErrorResponseWrapper
 	public final boolean isContextSaved() {
 		return this.contextSaved;
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/context/SecurityContextPersistenceFilter.java b/web/src/main/java/org/springframework/security/web/context/SecurityContextPersistenceFilter.java
index c31bac266d..cce3d0fbc5 100644
--- a/web/src/main/java/org/springframework/security/web/context/SecurityContextPersistenceFilter.java
+++ b/web/src/main/java/org/springframework/security/web/context/SecurityContextPersistenceFilter.java
@@ -95,8 +95,7 @@ public class SecurityContextPersistenceFilter extends GenericFilterBean {
 			}
 		}
 
-		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request,
-				response);
+		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, response);
 		SecurityContext contextBeforeChainExecution = repo.loadContext(holder);
 
 		try {
@@ -106,13 +105,11 @@ public class SecurityContextPersistenceFilter extends GenericFilterBean {
 
 		}
 		finally {
-			SecurityContext contextAfterChainExecution = SecurityContextHolder
-					.getContext();
+			SecurityContext contextAfterChainExecution = SecurityContextHolder.getContext();
 			// Crucial removal of SecurityContextHolder contents - do this before anything
 			// else.
 			SecurityContextHolder.clearContext();
-			repo.saveContext(contextAfterChainExecution, holder.getRequest(),
-					holder.getResponse());
+			repo.saveContext(contextAfterChainExecution, holder.getRequest(), holder.getResponse());
 			request.removeAttribute(FILTER_APPLIED);
 
 			if (debug) {
@@ -124,4 +121,5 @@ public class SecurityContextPersistenceFilter extends GenericFilterBean {
 	public void setForceEagerSessionCreation(boolean forceEagerSessionCreation) {
 		this.forceEagerSessionCreation = forceEagerSessionCreation;
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/context/SecurityContextRepository.java b/web/src/main/java/org/springframework/security/web/context/SecurityContextRepository.java
index fd0b208cc1..0ecc235e1f 100644
--- a/web/src/main/java/org/springframework/security/web/context/SecurityContextRepository.java
+++ b/web/src/main/java/org/springframework/security/web/context/SecurityContextRepository.java
@@ -32,7 +32,6 @@ import org.springframework.security.core.context.SecurityContext;
  *
  * @author Luke Taylor
  * @since 3.0
- *
  * @see SecurityContextPersistenceFilter
  * @see HttpSessionSecurityContextRepository
  * @see SaveContextOnUpdateOrErrorResponseWrapper
@@ -51,10 +50,8 @@ public interface SecurityContextRepository {
 	 * method when it is finally called. Implementations may wish to return a subclass of
 	 * {@link SaveContextOnUpdateOrErrorResponseWrapper} as the response object, which
 	 * guarantees that the context is persisted when an error or redirect occurs.
-	 *
 	 * @param requestResponseHolder holder for the current request and response for which
 	 * the context should be loaded.
-	 *
 	 * @return The security context which should be used for the current request, never
 	 * null.
 	 */
@@ -62,20 +59,18 @@ public interface SecurityContextRepository {
 
 	/**
 	 * Stores the security context on completion of a request.
-	 *
 	 * @param context the non-null context which was obtained from the holder.
 	 * @param request
 	 * @param response
 	 */
-	void saveContext(SecurityContext context, HttpServletRequest request,
-			HttpServletResponse response);
+	void saveContext(SecurityContext context, HttpServletRequest request, HttpServletResponse response);
 
 	/**
 	 * Allows the repository to be queried as to whether it contains a security context
 	 * for the current request.
-	 *
 	 * @param request the current request
 	 * @return true if a context is found for the request, false otherwise
 	 */
 	boolean containsContext(HttpServletRequest request);
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/context/package-info.java b/web/src/main/java/org/springframework/security/web/context/package-info.java
index 5397ab98b7..0fe3523d10 100644
--- a/web/src/main/java/org/springframework/security/web/context/package-info.java
+++ b/web/src/main/java/org/springframework/security/web/context/package-info.java
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 /**
- * Classes which are responsible for maintaining the security context between HTTP requests.
+ * Classes which are responsible for maintaining the security context between HTTP
+ * requests.
  */
 package org.springframework.security.web.context;
-
diff --git a/web/src/main/java/org/springframework/security/web/context/request/async/SecurityContextCallableProcessingInterceptor.java b/web/src/main/java/org/springframework/security/web/context/request/async/SecurityContextCallableProcessingInterceptor.java
index d8e082f370..0eebfdcfa0 100644
--- a/web/src/main/java/org/springframework/security/web/context/request/async/SecurityContextCallableProcessingInterceptor.java
+++ b/web/src/main/java/org/springframework/security/web/context/request/async/SecurityContextCallableProcessingInterceptor.java
@@ -39,8 +39,8 @@ import org.springframework.web.context.request.async.CallableProcessingIntercept
  * @author Rob Winch
  * @since 3.2
  */
-public final class SecurityContextCallableProcessingInterceptor extends
-		CallableProcessingInterceptorAdapter {
+public final class SecurityContextCallableProcessingInterceptor extends CallableProcessingInterceptorAdapter {
+
 	private volatile SecurityContext securityContext;
 
 	/**
@@ -77,12 +77,12 @@ public final class SecurityContextCallableProcessingInterceptor extends
 	}
 
 	@Override
-	public <T> void postProcess(NativeWebRequest request, Callable<T> task,
-			Object concurrentResult) {
+	public <T> void postProcess(NativeWebRequest request, Callable<T> task, Object concurrentResult) {
 		SecurityContextHolder.clearContext();
 	}
 
 	private void setSecurityContext(SecurityContext securityContext) {
 		this.securityContext = securityContext;
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/context/request/async/WebAsyncManagerIntegrationFilter.java b/web/src/main/java/org/springframework/security/web/context/request/async/WebAsyncManagerIntegrationFilter.java
index a44cba15dd..3c6c5fd9c1 100644
--- a/web/src/main/java/org/springframework/security/web/context/request/async/WebAsyncManagerIntegrationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/context/request/async/WebAsyncManagerIntegrationFilter.java
@@ -38,11 +38,11 @@ import org.springframework.web.filter.OncePerRequestFilter;
  * @see SecurityContextCallableProcessingInterceptor
  */
 public final class WebAsyncManagerIntegrationFilter extends OncePerRequestFilter {
+
 	private static final Object CALLABLE_INTERCEPTOR_KEY = new Object();
 
 	@Override
-	protected void doFilterInternal(HttpServletRequest request,
-			HttpServletResponse response, FilterChain filterChain)
+	protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
 			throws ServletException, IOException {
 		WebAsyncManager asyncManager = WebAsyncUtils.getAsyncManager(request);
 
@@ -55,4 +55,5 @@ public final class WebAsyncManagerIntegrationFilter extends OncePerRequestFilter
 
 		filterChain.doFilter(request, response);
 	}
+
 }
\ No newline at end of file
diff --git a/web/src/main/java/org/springframework/security/web/context/support/SecurityWebApplicationContextUtils.java b/web/src/main/java/org/springframework/security/web/context/support/SecurityWebApplicationContextUtils.java
index c5bcc91d81..afc88e9aa5 100644
--- a/web/src/main/java/org/springframework/security/web/context/support/SecurityWebApplicationContextUtils.java
+++ b/web/src/main/java/org/springframework/security/web/context/support/SecurityWebApplicationContextUtils.java
@@ -29,14 +29,15 @@ import org.springframework.web.context.support.WebApplicationContextUtils;
 public abstract class SecurityWebApplicationContextUtils extends WebApplicationContextUtils {
 
 	/**
-	 * Find a unique {@code WebApplicationContext} for this web app: either the
-	 * root web app context (preferred) or a unique {@code WebApplicationContext}
-	 * among the registered {@code ServletContext} attributes (typically coming
-	 * from a single {@code DispatcherServlet} in the current web application).
-	 * <p>Note that {@code DispatcherServlet}'s exposure of its context can be
-	 * controlled through its {@code publishContext} property, which is {@code true}
-	 * by default but can be selectively switched to only publish a single context
-	 * despite multiple {@code DispatcherServlet} registrations in the web app.
+	 * Find a unique {@code WebApplicationContext} for this web app: either the root web
+	 * app context (preferred) or a unique {@code WebApplicationContext} among the
+	 * registered {@code ServletContext} attributes (typically coming from a single
+	 * {@code DispatcherServlet} in the current web application).
+	 * <p>
+	 * Note that {@code DispatcherServlet}'s exposure of its context can be controlled
+	 * through its {@code publishContext} property, which is {@code true} by default but
+	 * can be selectively switched to only publish a single context despite multiple
+	 * {@code DispatcherServlet} registrations in the web app.
 	 * @param servletContext ServletContext to find the web application context for
 	 * @return the desired WebApplicationContext for this web app
 	 * @see #getWebApplicationContext(ServletContext)
@@ -52,7 +53,8 @@ public abstract class SecurityWebApplicationContextUtils extends WebApplicationC
 	}
 
 	/**
-	 * Copy of {@link #findWebApplicationContext(ServletContext)} for compatibility with spring framework 4.1.x.
+	 * Copy of {@link #findWebApplicationContext(ServletContext)} for compatibility with
+	 * spring framework 4.1.x.
 	 * @see #findWebApplicationContext(ServletContext)
 	 */
 	private static WebApplicationContext _findWebApplicationContext(ServletContext sc) {
@@ -64,8 +66,8 @@ public abstract class SecurityWebApplicationContextUtils extends WebApplicationC
 				Object attrValue = sc.getAttribute(attrName);
 				if (attrValue instanceof WebApplicationContext) {
 					if (wac != null) {
-						throw new IllegalStateException("No unique WebApplicationContext found: more than one " +
-								"DispatcherServlet registered with publishContext=true?");
+						throw new IllegalStateException("No unique WebApplicationContext found: more than one "
+								+ "DispatcherServlet registered with publishContext=true?");
 					}
 					wac = (WebApplicationContext) attrValue;
 				}
@@ -73,4 +75,5 @@ public abstract class SecurityWebApplicationContextUtils extends WebApplicationC
 		}
 		return wac;
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/csrf/CookieCsrfTokenRepository.java b/web/src/main/java/org/springframework/security/web/csrf/CookieCsrfTokenRepository.java
index 1ffc01a606..a5193af78a 100644
--- a/web/src/main/java/org/springframework/security/web/csrf/CookieCsrfTokenRepository.java
+++ b/web/src/main/java/org/springframework/security/web/csrf/CookieCsrfTokenRepository.java
@@ -36,6 +36,7 @@ import org.springframework.web.util.WebUtils;
  * @since 4.1
  */
 public final class CookieCsrfTokenRepository implements CsrfTokenRepository {
+
 	static final String DEFAULT_CSRF_COOKIE_NAME = "XSRF-TOKEN";
 
 	static final String DEFAULT_CSRF_PARAMETER_NAME = "_csrf";
@@ -61,25 +62,25 @@ public final class CookieCsrfTokenRepository implements CsrfTokenRepository {
 
 	@Override
 	public CsrfToken generateToken(HttpServletRequest request) {
-		return new DefaultCsrfToken(this.headerName, this.parameterName,
-				createNewToken());
+		return new DefaultCsrfToken(this.headerName, this.parameterName, createNewToken());
 	}
 
 	@Override
-	public void saveToken(CsrfToken token, HttpServletRequest request,
-			HttpServletResponse response) {
+	public void saveToken(CsrfToken token, HttpServletRequest request, HttpServletResponse response) {
 		String tokenValue = token == null ? "" : token.getToken();
 		Cookie cookie = new Cookie(this.cookieName, tokenValue);
 		if (secure == null) {
 			cookie.setSecure(request.isSecure());
-		} else {
+		}
+		else {
 			cookie.setSecure(secure);
 		}
 
 		if (this.cookiePath != null && !this.cookiePath.isEmpty()) {
-				cookie.setPath(this.cookiePath);
-		} else {
-				cookie.setPath(this.getRequestContext(request));
+			cookie.setPath(this.cookiePath);
+		}
+		else {
+			cookie.setPath(this.getRequestContext(request));
 		}
 		if (token == null) {
 			cookie.setMaxAge(0);
@@ -110,7 +111,6 @@ public final class CookieCsrfTokenRepository implements CsrfTokenRepository {
 
 	/**
 	 * Sets the name of the HTTP request parameter that should be used to provide a token.
-	 *
 	 * @param parameterName the name of the HTTP request parameter that should be used to
 	 * provide a token
 	 */
@@ -121,7 +121,6 @@ public final class CookieCsrfTokenRepository implements CsrfTokenRepository {
 
 	/**
 	 * Sets the name of the HTTP header that should be used to provide the token.
-	 *
 	 * @param headerName the name of the HTTP header that should be used to provide the
 	 * token
 	 */
@@ -132,7 +131,6 @@ public final class CookieCsrfTokenRepository implements CsrfTokenRepository {
 
 	/**
 	 * Sets the name of the cookie that the expected CSRF token is saved to and read from.
-	 *
 	 * @param cookieName the name of the cookie that the expected CSRF token is saved to
 	 * and read from
 	 */
@@ -142,10 +140,10 @@ public final class CookieCsrfTokenRepository implements CsrfTokenRepository {
 	}
 
 	/**
-	 * Sets the HttpOnly attribute on the cookie containing the CSRF token.
-	 * Defaults to <code>true</code>.
-	 *
-	 * @param cookieHttpOnly <code>true</code> sets the HttpOnly attribute, <code>false</code> does not set it
+	 * Sets the HttpOnly attribute on the cookie containing the CSRF token. Defaults to
+	 * <code>true</code>.
+	 * @param cookieHttpOnly <code>true</code> sets the HttpOnly attribute,
+	 * <code>false</code> does not set it
 	 */
 	public void setCookieHttpOnly(boolean cookieHttpOnly) {
 		this.cookieHttpOnly = cookieHttpOnly;
@@ -159,7 +157,6 @@ public final class CookieCsrfTokenRepository implements CsrfTokenRepository {
 	/**
 	 * Factory method to conveniently create an instance that has
 	 * {@link #setCookieHttpOnly(boolean)} set to false.
-	 *
 	 * @return an instance of CookieCsrfTokenRepository with
 	 * {@link #setCookieHttpOnly(boolean)} set to false
 	 */
@@ -174,9 +171,8 @@ public final class CookieCsrfTokenRepository implements CsrfTokenRepository {
 	}
 
 	/**
-	 * Set the path that the Cookie will be created with. This will override the default functionality which uses the
-	 * request context as the path.
-	 *
+	 * Set the path that the Cookie will be created with. This will override the default
+	 * functionality which uses the request context as the path.
 	 * @param path the path to use
 	 */
 	public void setCookiePath(String path) {
@@ -185,7 +181,6 @@ public final class CookieCsrfTokenRepository implements CsrfTokenRepository {
 
 	/**
 	 * Get the path that the CSRF cookie will be set to.
-	 *
 	 * @return the path to be used.
 	 */
 	public String getCookiePath() {
@@ -193,27 +188,27 @@ public final class CookieCsrfTokenRepository implements CsrfTokenRepository {
 	}
 
 	/**
-	 * Sets the domain of the cookie that the expected CSRF token is saved to and read from.
+	 * Sets the domain of the cookie that the expected CSRF token is saved to and read
+	 * from.
 	 *
 	 * @since 5.2
-	 * @param cookieDomain the domain of the cookie that the expected CSRF token is saved to
-	 * and read from
+	 * @param cookieDomain the domain of the cookie that the expected CSRF token is saved
+	 * to and read from
 	 */
 	public void setCookieDomain(String cookieDomain) {
 		this.cookieDomain = cookieDomain;
 	}
 
 	/**
-	 * Sets secure flag of the cookie that the expected CSRF token is saved to and read from.
-	 * By default secure flag depends on {@link ServletRequest#isSecure()}
+	 * Sets secure flag of the cookie that the expected CSRF token is saved to and read
+	 * from. By default secure flag depends on {@link ServletRequest#isSecure()}
 	 *
 	 * @since 5.4
-	 * @param secure the secure flag of the cookie that the expected CSRF token is saved to
-	 * and read from
+	 * @param secure the secure flag of the cookie that the expected CSRF token is saved
+	 * to and read from
 	 */
 	public void setSecure(Boolean secure) {
 		this.secure = secure;
 	}
 
-
 }
diff --git a/web/src/main/java/org/springframework/security/web/csrf/CsrfAuthenticationStrategy.java b/web/src/main/java/org/springframework/security/web/csrf/CsrfAuthenticationStrategy.java
index 4316731a82..27841feeeb 100644
--- a/web/src/main/java/org/springframework/security/web/csrf/CsrfAuthenticationStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/csrf/CsrfAuthenticationStrategy.java
@@ -53,9 +53,8 @@ public final class CsrfAuthenticationStrategy implements SessionAuthenticationSt
 	 * javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
 	 */
 	@Override
-	public void onAuthentication(Authentication authentication,
-			HttpServletRequest request, HttpServletResponse response)
-					throws SessionAuthenticationException {
+	public void onAuthentication(Authentication authentication, HttpServletRequest request,
+			HttpServletResponse response) throws SessionAuthenticationException {
 		boolean containsToken = this.csrfTokenRepository.loadToken(request) != null;
 		if (containsToken) {
 			this.csrfTokenRepository.saveToken(null, request, response);
@@ -67,4 +66,5 @@ public final class CsrfAuthenticationStrategy implements SessionAuthenticationSt
 			request.setAttribute(newToken.getParameterName(), newToken);
 		}
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/csrf/CsrfException.java b/web/src/main/java/org/springframework/security/web/csrf/CsrfException.java
index 968422f0f8..68f7c0ea1d 100644
--- a/web/src/main/java/org/springframework/security/web/csrf/CsrfException.java
+++ b/web/src/main/java/org/springframework/security/web/csrf/CsrfException.java
@@ -29,4 +29,5 @@ public class CsrfException extends AccessDeniedException {
 	public CsrfException(String message) {
 		super(message);
 	}
+
 }
\ No newline at end of file
diff --git a/web/src/main/java/org/springframework/security/web/csrf/CsrfFilter.java b/web/src/main/java/org/springframework/security/web/csrf/CsrfFilter.java
index 9a489c6f96..a4d4bd8e3d 100644
--- a/web/src/main/java/org/springframework/security/web/csrf/CsrfFilter.java
+++ b/web/src/main/java/org/springframework/security/web/csrf/CsrfFilter.java
@@ -58,6 +58,7 @@ import static java.lang.Boolean.TRUE;
  * @since 3.2
  */
 public final class CsrfFilter extends OncePerRequestFilter {
+
 	/**
 	 * The default {@link RequestMatcher} that indicates if CSRF protection is required or
 	 * not. The default is to ignore GET, HEAD, TRACE, OPTIONS and process all other
@@ -66,18 +67,21 @@ public final class CsrfFilter extends OncePerRequestFilter {
 	public static final RequestMatcher DEFAULT_CSRF_MATCHER = new DefaultRequiresCsrfMatcher();
 
 	/**
-	 * The attribute name to use when marking a given request as one that should not be filtered.
+	 * The attribute name to use when marking a given request as one that should not be
+	 * filtered.
 	 *
-	 * To use, set the attribute on your {@link HttpServletRequest}:
-	 * <pre>
+	 * To use, set the attribute on your {@link HttpServletRequest}: <pre>
 	 * 	CsrfFilter.skipRequest(request);
 	 * </pre>
 	 */
 	private static final String SHOULD_NOT_FILTER = "SHOULD_NOT_FILTER" + CsrfFilter.class.getName();
 
 	private final Log logger = LogFactory.getLog(getClass());
+
 	private final CsrfTokenRepository tokenRepository;
+
 	private RequestMatcher requireCsrfProtectionMatcher = DEFAULT_CSRF_MATCHER;
+
 	private AccessDeniedHandler accessDeniedHandler = new AccessDeniedHandlerImpl();
 
 	public CsrfFilter(CsrfTokenRepository csrfTokenRepository) {
@@ -99,9 +103,8 @@ public final class CsrfFilter extends OncePerRequestFilter {
 	 * javax.servlet.FilterChain)
 	 */
 	@Override
-	protected void doFilterInternal(HttpServletRequest request,
-			HttpServletResponse response, FilterChain filterChain)
-					throws ServletException, IOException {
+	protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
+			throws ServletException, IOException {
 		request.setAttribute(HttpServletResponse.class.getName(), response);
 
 		CsrfToken csrfToken = this.tokenRepository.loadToken(request);
@@ -124,12 +127,10 @@ public final class CsrfFilter extends OncePerRequestFilter {
 		}
 		if (!csrfToken.getToken().equals(actualToken)) {
 			if (this.logger.isDebugEnabled()) {
-				this.logger.debug("Invalid CSRF token found for "
-						+ UrlUtils.buildFullRequestUrl(request));
+				this.logger.debug("Invalid CSRF token found for " + UrlUtils.buildFullRequestUrl(request));
 			}
 			if (missingToken) {
-				this.accessDeniedHandler.handle(request, response,
-						new MissingCsrfTokenException(actualToken));
+				this.accessDeniedHandler.handle(request, response, new MissingCsrfTokenException(actualToken));
 			}
 			else {
 				this.accessDeniedHandler.handle(request, response,
@@ -154,14 +155,11 @@ public final class CsrfFilter extends OncePerRequestFilter {
 	 * The default is to apply CSRF protection for any HTTP method other than GET, HEAD,
 	 * TRACE, OPTIONS.
 	 * </p>
-	 *
 	 * @param requireCsrfProtectionMatcher the {@link RequestMatcher} used to determine if
 	 * CSRF protection should be applied.
 	 */
-	public void setRequireCsrfProtectionMatcher(
-			RequestMatcher requireCsrfProtectionMatcher) {
-		Assert.notNull(requireCsrfProtectionMatcher,
-				"requireCsrfProtectionMatcher cannot be null");
+	public void setRequireCsrfProtectionMatcher(RequestMatcher requireCsrfProtectionMatcher) {
+		Assert.notNull(requireCsrfProtectionMatcher, "requireCsrfProtectionMatcher cannot be null");
 		this.requireCsrfProtectionMatcher = requireCsrfProtectionMatcher;
 	}
 
@@ -172,7 +170,6 @@ public final class CsrfFilter extends OncePerRequestFilter {
 	 * <p>
 	 * The default is to use AccessDeniedHandlerImpl with no arguments.
 	 * </p>
-	 *
 	 * @param accessDeniedHandler the {@link AccessDeniedHandler} to use
 	 */
 	public void setAccessDeniedHandler(AccessDeniedHandler accessDeniedHandler) {
@@ -181,8 +178,8 @@ public final class CsrfFilter extends OncePerRequestFilter {
 	}
 
 	private static final class DefaultRequiresCsrfMatcher implements RequestMatcher {
-		private final HashSet<String> allowedMethods = new HashSet<>(
-				Arrays.asList("GET", "HEAD", "TRACE", "OPTIONS"));
+
+		private final HashSet<String> allowedMethods = new HashSet<>(Arrays.asList("GET", "HEAD", "TRACE", "OPTIONS"));
 
 		/*
 		 * (non-Javadoc)
@@ -195,5 +192,7 @@ public final class CsrfFilter extends OncePerRequestFilter {
 		public boolean matches(HttpServletRequest request) {
 			return !this.allowedMethods.contains(request.getMethod());
 		}
+
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/csrf/CsrfLogoutHandler.java b/web/src/main/java/org/springframework/security/web/csrf/CsrfLogoutHandler.java
index 6481f2bb43..5a5503f677 100644
--- a/web/src/main/java/org/springframework/security/web/csrf/CsrfLogoutHandler.java
+++ b/web/src/main/java/org/springframework/security/web/csrf/CsrfLogoutHandler.java
@@ -30,6 +30,7 @@ import org.springframework.util.Assert;
  * @since 3.2
  */
 public final class CsrfLogoutHandler implements LogoutHandler {
+
 	private final CsrfTokenRepository csrfTokenRepository;
 
 	/**
@@ -48,8 +49,8 @@ public final class CsrfLogoutHandler implements LogoutHandler {
 	 * javax.servlet.http.HttpServletResponse,
 	 * org.springframework.security.core.Authentication)
 	 */
-	public void logout(HttpServletRequest request, HttpServletResponse response,
-			Authentication authentication) {
+	public void logout(HttpServletRequest request, HttpServletResponse response, Authentication authentication) {
 		this.csrfTokenRepository.saveToken(null, request, response);
 	}
+
 }
\ No newline at end of file
diff --git a/web/src/main/java/org/springframework/security/web/csrf/CsrfToken.java b/web/src/main/java/org/springframework/security/web/csrf/CsrfToken.java
index 7f00197cf5..c3139a58c1 100644
--- a/web/src/main/java/org/springframework/security/web/csrf/CsrfToken.java
+++ b/web/src/main/java/org/springframework/security/web/csrf/CsrfToken.java
@@ -21,7 +21,6 @@ import java.io.Serializable;
  * Provides the information about an expected CSRF token.
  *
  * @see DefaultCsrfToken
- *
  * @author Rob Winch
  * @since 3.2
  *
@@ -31,7 +30,6 @@ public interface CsrfToken extends Serializable {
 	/**
 	 * Gets the HTTP header that the CSRF is populated on the response and can be placed
 	 * on requests instead of the parameter. Cannot be null.
-	 *
 	 * @return the HTTP header that the CSRF is populated on the response and can be
 	 * placed on requests instead of the parameter
 	 */
diff --git a/web/src/main/java/org/springframework/security/web/csrf/CsrfTokenRepository.java b/web/src/main/java/org/springframework/security/web/csrf/CsrfTokenRepository.java
index f4ce480677..7b0945e898 100644
--- a/web/src/main/java/org/springframework/security/web/csrf/CsrfTokenRepository.java
+++ b/web/src/main/java/org/springframework/security/web/csrf/CsrfTokenRepository.java
@@ -25,7 +25,6 @@ import javax.servlet.http.HttpSession;
  * {@link HttpSession}.
  *
  * @see HttpSessionCsrfTokenRepository
- *
  * @author Rob Winch
  * @since 3.2
  *
@@ -34,7 +33,6 @@ public interface CsrfTokenRepository {
 
 	/**
 	 * Generates a {@link CsrfToken}
-	 *
 	 * @param request the {@link HttpServletRequest} to use
 	 * @return the {@link CsrfToken} that was generated. Cannot be null.
 	 */
@@ -44,19 +42,17 @@ public interface CsrfTokenRepository {
 	 * Saves the {@link CsrfToken} using the {@link HttpServletRequest} and
 	 * {@link HttpServletResponse}. If the {@link CsrfToken} is null, it is the same as
 	 * deleting it.
-	 *
 	 * @param token the {@link CsrfToken} to save or null to delete
 	 * @param request the {@link HttpServletRequest} to use
 	 * @param response the {@link HttpServletResponse} to use
 	 */
-	void saveToken(CsrfToken token, HttpServletRequest request,
-			HttpServletResponse response);
+	void saveToken(CsrfToken token, HttpServletRequest request, HttpServletResponse response);
 
 	/**
 	 * Loads the expected {@link CsrfToken} from the {@link HttpServletRequest}
-	 *
 	 * @param request the {@link HttpServletRequest} to use
 	 * @return the {@link CsrfToken} or null if none exists
 	 */
 	CsrfToken loadToken(HttpServletRequest request);
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/csrf/DefaultCsrfToken.java b/web/src/main/java/org/springframework/security/web/csrf/DefaultCsrfToken.java
index f712ab45b5..91eca28563 100644
--- a/web/src/main/java/org/springframework/security/web/csrf/DefaultCsrfToken.java
+++ b/web/src/main/java/org/springframework/security/web/csrf/DefaultCsrfToken.java
@@ -74,4 +74,5 @@ public final class DefaultCsrfToken implements CsrfToken {
 	public String getToken() {
 		return this.token;
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/csrf/HttpSessionCsrfTokenRepository.java b/web/src/main/java/org/springframework/security/web/csrf/HttpSessionCsrfTokenRepository.java
index a70220d24a..ffb0c144a5 100644
--- a/web/src/main/java/org/springframework/security/web/csrf/HttpSessionCsrfTokenRepository.java
+++ b/web/src/main/java/org/springframework/security/web/csrf/HttpSessionCsrfTokenRepository.java
@@ -31,12 +31,13 @@ import org.springframework.util.Assert;
  * @since 3.2
  */
 public final class HttpSessionCsrfTokenRepository implements CsrfTokenRepository {
+
 	private static final String DEFAULT_CSRF_PARAMETER_NAME = "_csrf";
 
 	private static final String DEFAULT_CSRF_HEADER_NAME = "X-CSRF-TOKEN";
 
-	private static final String DEFAULT_CSRF_TOKEN_ATTR_NAME = HttpSessionCsrfTokenRepository.class
-			.getName().concat(".CSRF_TOKEN");
+	private static final String DEFAULT_CSRF_TOKEN_ATTR_NAME = HttpSessionCsrfTokenRepository.class.getName()
+			.concat(".CSRF_TOKEN");
 
 	private String parameterName = DEFAULT_CSRF_PARAMETER_NAME;
 
@@ -51,8 +52,7 @@ public final class HttpSessionCsrfTokenRepository implements CsrfTokenRepository
 	 * springframework .security.web.csrf.CsrfToken,
 	 * javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
 	 */
-	public void saveToken(CsrfToken token, HttpServletRequest request,
-			HttpServletResponse response) {
+	public void saveToken(CsrfToken token, HttpServletRequest request, HttpServletResponse response) {
 		if (token == null) {
 			HttpSession session = request.getSession(false);
 			if (session != null) {
@@ -87,8 +87,7 @@ public final class HttpSessionCsrfTokenRepository implements CsrfTokenRepository
 	 * servlet .http.HttpServletRequest)
 	 */
 	public CsrfToken generateToken(HttpServletRequest request) {
-		return new DefaultCsrfToken(this.headerName, this.parameterName,
-				createNewToken());
+		return new DefaultCsrfToken(this.headerName, this.parameterName, createNewToken());
 	}
 
 	/**
@@ -104,7 +103,6 @@ public final class HttpSessionCsrfTokenRepository implements CsrfTokenRepository
 	/**
 	 * Sets the header name that the {@link CsrfToken} is expected to appear on and the
 	 * header that the response will contain the {@link CsrfToken}.
-	 *
 	 * @param headerName the new header name to use
 	 */
 	public void setHeaderName(String headerName) {
@@ -117,12 +115,12 @@ public final class HttpSessionCsrfTokenRepository implements CsrfTokenRepository
 	 * @param sessionAttributeName the new attribute name to use
 	 */
 	public void setSessionAttributeName(String sessionAttributeName) {
-		Assert.hasLength(sessionAttributeName,
-				"sessionAttributename cannot be null or empty");
+		Assert.hasLength(sessionAttributeName, "sessionAttributename cannot be null or empty");
 		this.sessionAttributeName = sessionAttributeName;
 	}
 
 	private String createNewToken() {
 		return UUID.randomUUID().toString();
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/csrf/InvalidCsrfTokenException.java b/web/src/main/java/org/springframework/security/web/csrf/InvalidCsrfTokenException.java
index 960f5a7079..4a4c905140 100644
--- a/web/src/main/java/org/springframework/security/web/csrf/InvalidCsrfTokenException.java
+++ b/web/src/main/java/org/springframework/security/web/csrf/InvalidCsrfTokenException.java
@@ -31,11 +31,10 @@ public class InvalidCsrfTokenException extends CsrfException {
 	 * @param expectedAccessToken
 	 * @param actualAccessToken
 	 */
-	public InvalidCsrfTokenException(CsrfToken expectedAccessToken,
-			String actualAccessToken) {
-		super("Invalid CSRF Token '" + actualAccessToken
-				+ "' was found on the request parameter '"
-				+ expectedAccessToken.getParameterName() + "' or header '"
-				+ expectedAccessToken.getHeaderName() + "'.");
+	public InvalidCsrfTokenException(CsrfToken expectedAccessToken, String actualAccessToken) {
+		super("Invalid CSRF Token '" + actualAccessToken + "' was found on the request parameter '"
+				+ expectedAccessToken.getParameterName() + "' or header '" + expectedAccessToken.getHeaderName()
+				+ "'.");
 	}
+
 }
\ No newline at end of file
diff --git a/web/src/main/java/org/springframework/security/web/csrf/LazyCsrfTokenRepository.java b/web/src/main/java/org/springframework/security/web/csrf/LazyCsrfTokenRepository.java
index 1ce4326ad0..c64724a8bc 100644
--- a/web/src/main/java/org/springframework/security/web/csrf/LazyCsrfTokenRepository.java
+++ b/web/src/main/java/org/springframework/security/web/csrf/LazyCsrfTokenRepository.java
@@ -29,6 +29,7 @@ import org.springframework.util.Assert;
  * @since 4.1
  */
 public final class LazyCsrfTokenRepository implements CsrfTokenRepository {
+
 	/**
 	 * The {@link HttpServletRequest} attribute name that the {@link HttpServletResponse}
 	 * must be on.
@@ -65,8 +66,7 @@ public final class LazyCsrfTokenRepository implements CsrfTokenRepository {
 	 * performed immediately.
 	 */
 	@Override
-	public void saveToken(CsrfToken token, HttpServletRequest request,
-			HttpServletResponse response) {
+	public void saveToken(CsrfToken token, HttpServletRequest request, HttpServletResponse response) {
 		if (token == null) {
 			this.delegate.saveToken(token, request, response);
 		}
@@ -86,8 +86,7 @@ public final class LazyCsrfTokenRepository implements CsrfTokenRepository {
 	}
 
 	private HttpServletResponse getResponse(HttpServletRequest request) {
-		HttpServletResponse response = (HttpServletResponse) request
-				.getAttribute(HTTP_RESPONSE_ATTR);
+		HttpServletResponse response = (HttpServletResponse) request.getAttribute(HTTP_RESPONSE_ATTR);
 		if (response == null) {
 			throw new IllegalArgumentException(
 					"The HttpServletRequest attribute must contain an HttpServletResponse for the attribute "
@@ -97,15 +96,17 @@ public final class LazyCsrfTokenRepository implements CsrfTokenRepository {
 	}
 
 	private static final class SaveOnAccessCsrfToken implements CsrfToken {
+
 		private transient CsrfTokenRepository tokenRepository;
+
 		private transient HttpServletRequest request;
+
 		private transient HttpServletResponse response;
 
 		private final CsrfToken delegate;
 
-		SaveOnAccessCsrfToken(CsrfTokenRepository tokenRepository,
-				HttpServletRequest request, HttpServletResponse response,
-				CsrfToken delegate) {
+		SaveOnAccessCsrfToken(CsrfTokenRepository tokenRepository, HttpServletRequest request,
+				HttpServletResponse response, CsrfToken delegate) {
 			this.tokenRepository = tokenRepository;
 			this.request = request;
 			this.response = response;
@@ -137,8 +138,7 @@ public final class LazyCsrfTokenRepository implements CsrfTokenRepository {
 		public int hashCode() {
 			final int prime = 31;
 			int result = 1;
-			result = prime * result
-					+ ((this.delegate == null) ? 0 : this.delegate.hashCode());
+			result = prime * result + ((this.delegate == null) ? 0 : this.delegate.hashCode());
 			return result;
 		}
 
@@ -172,8 +172,7 @@ public final class LazyCsrfTokenRepository implements CsrfTokenRepository {
 
 			synchronized (this) {
 				if (this.tokenRepository != null) {
-					this.tokenRepository.saveToken(this.delegate, this.request,
-							this.response);
+					this.tokenRepository.saveToken(this.delegate, this.request, this.response);
 					this.tokenRepository = null;
 					this.request = null;
 					this.response = null;
@@ -182,4 +181,5 @@ public final class LazyCsrfTokenRepository implements CsrfTokenRepository {
 		}
 
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/csrf/MissingCsrfTokenException.java b/web/src/main/java/org/springframework/security/web/csrf/MissingCsrfTokenException.java
index c3fa640ff5..2b3503192e 100644
--- a/web/src/main/java/org/springframework/security/web/csrf/MissingCsrfTokenException.java
+++ b/web/src/main/java/org/springframework/security/web/csrf/MissingCsrfTokenException.java
@@ -27,4 +27,5 @@ public class MissingCsrfTokenException extends CsrfException {
 	public MissingCsrfTokenException(String actualToken) {
 		super("Could not verify the provided CSRF token because your session was not found.");
 	}
+
 }
\ No newline at end of file
diff --git a/web/src/main/java/org/springframework/security/web/debug/DebugFilter.java b/web/src/main/java/org/springframework/security/web/debug/DebugFilter.java
index b55320cb51..152e455de2 100644
--- a/web/src/main/java/org/springframework/security/web/debug/DebugFilter.java
+++ b/web/src/main/java/org/springframework/security/web/debug/DebugFilter.java
@@ -39,39 +39,36 @@ import java.util.*;
  * are being handled by Spring Security and provide them with other relevant information
  * (such as when sessions are being created).
  *
- *
  * @author Luke Taylor
  * @author Rob Winch
  * @since 3.1
  */
 public final class DebugFilter implements Filter {
-	static final String ALREADY_FILTERED_ATTR_NAME = DebugFilter.class.getName()
-			.concat(".FILTERED");
+
+	static final String ALREADY_FILTERED_ATTR_NAME = DebugFilter.class.getName().concat(".FILTERED");
 
 	private final FilterChainProxy fcp;
+
 	private final Logger logger = new Logger();
 
 	public DebugFilter(FilterChainProxy fcp) {
 		this.fcp = fcp;
 	}
 
-	public void doFilter(ServletRequest srvltRequest,
-			ServletResponse srvltResponse, FilterChain filterChain)
+	public void doFilter(ServletRequest srvltRequest, ServletResponse srvltResponse, FilterChain filterChain)
 			throws ServletException, IOException {
 
-		if (!(srvltRequest instanceof HttpServletRequest)
-				|| !(srvltResponse instanceof HttpServletResponse)) {
+		if (!(srvltRequest instanceof HttpServletRequest) || !(srvltResponse instanceof HttpServletResponse)) {
 			throw new ServletException("DebugFilter just supports HTTP requests");
 		}
 		HttpServletRequest request = (HttpServletRequest) srvltRequest;
 		HttpServletResponse response = (HttpServletResponse) srvltResponse;
 
 		List<Filter> filters = getFilters(request);
-		logger.info("Request received for " + request.getMethod() + " '"
-				+ UrlUtils.buildRequestUrl(request) + "':\n\n" + request + "\n\n"
-				+ "servletPath:" + request.getServletPath() + "\n" + "pathInfo:"
-				+ request.getPathInfo() + "\n" + "headers: \n" + formatHeaders(request)
-				+ "\n\n" + formatFilters(filters));
+		logger.info("Request received for " + request.getMethod() + " '" + UrlUtils.buildRequestUrl(request) + "':\n\n"
+				+ request + "\n\n" + "servletPath:" + request.getServletPath() + "\n" + "pathInfo:"
+				+ request.getPathInfo() + "\n" + "headers: \n" + formatHeaders(request) + "\n\n"
+				+ formatFilters(filters));
 
 		if (request.getAttribute(ALREADY_FILTERED_ATTR_NAME) == null) {
 			invokeWithWrappedRequest(request, response, filterChain);
@@ -81,9 +78,8 @@ public final class DebugFilter implements Filter {
 		}
 	}
 
-	private void invokeWithWrappedRequest(HttpServletRequest request,
-			HttpServletResponse response, FilterChain filterChain) throws IOException,
-			ServletException {
+	private void invokeWithWrappedRequest(HttpServletRequest request, HttpServletResponse response,
+			FilterChain filterChain) throws IOException, ServletException {
 		request.setAttribute(ALREADY_FILTERED_ATTR_NAME, Boolean.TRUE);
 		request = new DebugRequestWrapper(request);
 		try {
@@ -148,9 +144,11 @@ public final class DebugFilter implements Filter {
 
 	public void destroy() {
 	}
+
 }
 
 class DebugRequestWrapper extends HttpServletRequestWrapper {
+
 	private static final Logger logger = new Logger();
 
 	DebugRequestWrapper(HttpServletRequest request) {
@@ -176,4 +174,5 @@ class DebugRequestWrapper extends HttpServletRequestWrapper {
 		}
 		return getSession();
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/debug/Logger.java b/web/src/main/java/org/springframework/security/web/debug/Logger.java
index 4492feaf5f..4d9759ae41 100644
--- a/web/src/main/java/org/springframework/security/web/debug/Logger.java
+++ b/web/src/main/java/org/springframework/security/web/debug/Logger.java
@@ -28,6 +28,7 @@ import org.apache.commons.logging.LogFactory;
  * @since 3.1
  */
 final class Logger {
+
 	private static final Log logger = LogFactory.getLog("Spring Security Debugger");
 
 	public void info(String message) {
@@ -53,4 +54,5 @@ final class Logger {
 
 		logger.info(output.toString());
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/firewall/DefaultHttpFirewall.java b/web/src/main/java/org/springframework/security/web/firewall/DefaultHttpFirewall.java
index c7efac6b90..ae88da3777 100644
--- a/web/src/main/java/org/springframework/security/web/firewall/DefaultHttpFirewall.java
+++ b/web/src/main/java/org/springframework/security/web/firewall/DefaultHttpFirewall.java
@@ -24,28 +24,27 @@ import javax.servlet.http.HttpServletResponse;
  * sanitize a malicious URL it rejects the malicious URL providing better security
  * guarantees.
  * <p>
- * Default implementation which wraps requests in order to provide consistent
- * values of the {@code servletPath} and {@code pathInfo}, which do not contain
- * path parameters (as defined in
- * <a href="https://www.ietf.org/rfc/rfc2396.txt">RFC 2396</a>). Different
- * servlet containers interpret the servlet spec differently as to how path
- * parameters are treated and it is possible they might be added in order to
- * bypass particular security constraints. When using this implementation, they
- * will be removed for all requests as the request passes through the security
- * filter chain. Note that this means that any segments in the decoded path
- * which contain a semi-colon, will have the part following the semi-colon
- * removed for request matching. Your application should not contain any valid
- * paths which contain semi-colons.
+ * Default implementation which wraps requests in order to provide consistent values of
+ * the {@code servletPath} and {@code pathInfo}, which do not contain path parameters (as
+ * defined in <a href="https://www.ietf.org/rfc/rfc2396.txt">RFC 2396</a>). Different
+ * servlet containers interpret the servlet spec differently as to how path parameters are
+ * treated and it is possible they might be added in order to bypass particular security
+ * constraints. When using this implementation, they will be removed for all requests as
+ * the request passes through the security filter chain. Note that this means that any
+ * segments in the decoded path which contain a semi-colon, will have the part following
+ * the semi-colon removed for request matching. Your application should not contain any
+ * valid paths which contain semi-colons.
  * <p>
- * If any un-normalized paths are found (containing directory-traversal
- * character sequences), the request will be rejected immediately. Most
- * containers normalize the paths before performing the servlet-mapping, but
- * again this is not guaranteed by the servlet spec.
+ * If any un-normalized paths are found (containing directory-traversal character
+ * sequences), the request will be rejected immediately. Most containers normalize the
+ * paths before performing the servlet-mapping, but again this is not guaranteed by the
+ * servlet spec.
  *
  * @author Luke Taylor
  * @see StrictHttpFirewall
  */
 public class DefaultHttpFirewall implements HttpFirewall {
+
 	private boolean allowUrlEncodedSlash;
 
 	@Override
@@ -75,14 +74,11 @@ public class DefaultHttpFirewall implements HttpFirewall {
 	 * Sets if the application should allow a URL encoded slash character.
 	 * </p>
 	 * <p>
-	 * If true (default is false), a URL encoded slash will be allowed in the
-	 * URL. Allowing encoded slashes can cause security vulnerabilities in some
-	 * situations depending on how the container constructs the
-	 * HttpServletRequest.
+	 * If true (default is false), a URL encoded slash will be allowed in the URL.
+	 * Allowing encoded slashes can cause security vulnerabilities in some situations
+	 * depending on how the container constructs the HttpServletRequest.
 	 * </p>
-	 *
-	 * @param allowUrlEncodedSlash
-	 *            the new value (default false)
+	 * @param allowUrlEncodedSlash the new value (default false)
 	 */
 	public void setAllowUrlEncodedSlash(boolean allowUrlEncodedSlash) {
 		this.allowUrlEncodedSlash = allowUrlEncodedSlash;
@@ -101,13 +97,10 @@ public class DefaultHttpFirewall implements HttpFirewall {
 	}
 
 	/**
-	 * Checks whether a path is normalized (doesn't contain path traversal
-	 * sequences like "./", "/../" or "/.")
-	 *
-	 * @param path
-	 *            the path to test
-	 * @return true if the path doesn't contain any path-traversal character
-	 *         sequences.
+	 * Checks whether a path is normalized (doesn't contain path traversal sequences like
+	 * "./", "/../" or "/.")
+	 * @param path the path to test
+	 * @return true if the path doesn't contain any path-traversal character sequences.
 	 */
 	private boolean isNormalized(String path) {
 		if (path == null) {
@@ -121,7 +114,8 @@ public class DefaultHttpFirewall implements HttpFirewall {
 			if (gap == 2 && path.charAt(i + 1) == '.') {
 				// ".", "/./" or "/."
 				return false;
-			} else if (gap == 3 && path.charAt(i + 1) == '.' && path.charAt(i + 2) == '.') {
+			}
+			else if (gap == 3 && path.charAt(i + 1) == '.' && path.charAt(i + 2) == '.') {
 				return false;
 			}
 
diff --git a/web/src/main/java/org/springframework/security/web/firewall/DefaultRequestRejectedHandler.java b/web/src/main/java/org/springframework/security/web/firewall/DefaultRequestRejectedHandler.java
index 5816a700a6..3b90f93f14 100644
--- a/web/src/main/java/org/springframework/security/web/firewall/DefaultRequestRejectedHandler.java
+++ b/web/src/main/java/org/springframework/security/web/firewall/DefaultRequestRejectedHandler.java
@@ -22,15 +22,18 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 /**
- * Default implementation of {@link RequestRejectedHandler} that simply rethrows the exception.
+ * Default implementation of {@link RequestRejectedHandler} that simply rethrows the
+ * exception.
  *
  * @author Leonard Brünings
  * @since 5.4
  */
 public class DefaultRequestRejectedHandler implements RequestRejectedHandler {
+
 	@Override
 	public void handle(HttpServletRequest request, HttpServletResponse response,
 			RequestRejectedException requestRejectedException) throws IOException, ServletException {
 		throw requestRejectedException;
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/firewall/FirewalledRequest.java b/web/src/main/java/org/springframework/security/web/firewall/FirewalledRequest.java
index cdb91abe2c..33ee2eb0ae 100644
--- a/web/src/main/java/org/springframework/security/web/firewall/FirewalledRequest.java
+++ b/web/src/main/java/org/springframework/security/web/firewall/FirewalledRequest.java
@@ -28,9 +28,9 @@ import javax.servlet.http.HttpServletRequestWrapper;
  * @author Luke Taylor
  */
 public abstract class FirewalledRequest extends HttpServletRequestWrapper {
+
 	/**
 	 * Constructs a request object wrapping the given request.
-	 *
 	 * @throws IllegalArgumentException if the request is null
 	 */
 	public FirewalledRequest(HttpServletRequest request) {
@@ -51,4 +51,5 @@ public abstract class FirewalledRequest extends HttpServletRequestWrapper {
 	public String toString() {
 		return "FirewalledRequest[ " + getRequest() + "]";
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/firewall/FirewalledResponse.java b/web/src/main/java/org/springframework/security/web/firewall/FirewalledResponse.java
index e831e0d189..e3ce0c8ae3 100644
--- a/web/src/main/java/org/springframework/security/web/firewall/FirewalledResponse.java
+++ b/web/src/main/java/org/springframework/security/web/firewall/FirewalledResponse.java
@@ -28,7 +28,9 @@ import javax.servlet.http.HttpServletResponseWrapper;
  * @author Luke Butters
  */
 class FirewalledResponse extends HttpServletResponseWrapper {
+
 	private static final String LOCATION_HEADER = "Location";
+
 	private static final String SET_COOKIE_HEADER = "Set-Cookie";
 
 	FirewalledResponse(HttpServletResponse response) {
@@ -69,12 +71,12 @@ class FirewalledResponse extends HttpServletResponseWrapper {
 
 	void validateCrlf(String name, String value) {
 		if (hasCrlf(name) || hasCrlf(value)) {
-			throw new IllegalArgumentException(
-					"Invalid characters (CR/LF) in header " + name);
+			throw new IllegalArgumentException("Invalid characters (CR/LF) in header " + name);
 		}
 	}
 
 	private boolean hasCrlf(String value) {
 		return value != null && (value.indexOf('\n') != -1 || value.indexOf('\r') != -1);
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/firewall/HttpFirewall.java b/web/src/main/java/org/springframework/security/web/firewall/HttpFirewall.java
index 161db76091..7d697f9a9d 100644
--- a/web/src/main/java/org/springframework/security/web/firewall/HttpFirewall.java
+++ b/web/src/main/java/org/springframework/security/web/firewall/HttpFirewall.java
@@ -32,17 +32,15 @@ public interface HttpFirewall {
 
 	/**
 	 * Provides the request object which will be passed through the filter chain.
-	 *
 	 * @throws RequestRejectedException if the request should be rejected immediately
 	 */
-	FirewalledRequest getFirewalledRequest(HttpServletRequest request)
-			throws RequestRejectedException;
+	FirewalledRequest getFirewalledRequest(HttpServletRequest request) throws RequestRejectedException;
 
 	/**
 	 * Provides the response which will be passed through the filter chain.
-	 *
 	 * @param response the original response
 	 * @return either the original response or a replacement/wrapper.
 	 */
 	HttpServletResponse getFirewalledResponse(HttpServletResponse response);
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/firewall/HttpStatusRequestRejectedHandler.java b/web/src/main/java/org/springframework/security/web/firewall/HttpStatusRequestRejectedHandler.java
index 8c6aea5994..8d8ed2b353 100644
--- a/web/src/main/java/org/springframework/security/web/firewall/HttpStatusRequestRejectedHandler.java
+++ b/web/src/main/java/org/springframework/security/web/firewall/HttpStatusRequestRejectedHandler.java
@@ -24,12 +24,14 @@ import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
 /**
- * A simple implementation of {@link RequestRejectedHandler} that sends an error with configurable status code.
+ * A simple implementation of {@link RequestRejectedHandler} that sends an error with
+ * configurable status code.
  *
  * @author Leonard Brünings
  * @since 5.4
  */
 public class HttpStatusRequestRejectedHandler implements RequestRejectedHandler {
+
 	private static final Log logger = LogFactory.getLog(HttpStatusRequestRejectedHandler.class);
 
 	private final int httpError;
@@ -58,4 +60,5 @@ public class HttpStatusRequestRejectedHandler implements RequestRejectedHandler
 		}
 		response.sendError(httpError);
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/firewall/RequestRejectedException.java b/web/src/main/java/org/springframework/security/web/firewall/RequestRejectedException.java
index 5d5a630529..c6a38e9df1 100644
--- a/web/src/main/java/org/springframework/security/web/firewall/RequestRejectedException.java
+++ b/web/src/main/java/org/springframework/security/web/firewall/RequestRejectedException.java
@@ -19,7 +19,9 @@ package org.springframework.security.web.firewall;
  * @author Luke Taylor
  */
 public class RequestRejectedException extends RuntimeException {
+
 	public RequestRejectedException(String message) {
 		super(message);
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/firewall/RequestRejectedHandler.java b/web/src/main/java/org/springframework/security/web/firewall/RequestRejectedHandler.java
index 5369319b04..7646b895f1 100644
--- a/web/src/main/java/org/springframework/security/web/firewall/RequestRejectedHandler.java
+++ b/web/src/main/java/org/springframework/security/web/firewall/RequestRejectedHandler.java
@@ -29,20 +29,19 @@ import javax.servlet.http.HttpServletResponse;
  * @since 5.4
  */
 public interface RequestRejectedHandler {
+
 	// ~ Methods
 	// ========================================================================================================
 
 	/**
 	 * Handles an request rejected failure.
-	 *
 	 * @param request that resulted in an <code>RequestRejectedException</code>
 	 * @param response so that the user agent can be advised of the failure
 	 * @param requestRejectedException that caused the invocation
-	 *
 	 * @throws IOException in the event of an IOException
 	 * @throws ServletException in the event of a ServletException
 	 */
 	void handle(HttpServletRequest request, HttpServletResponse response,
-			RequestRejectedException requestRejectedException) throws IOException,
-			ServletException;
+			RequestRejectedException requestRejectedException) throws IOException, ServletException;
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/firewall/RequestWrapper.java b/web/src/main/java/org/springframework/security/web/firewall/RequestWrapper.java
index 5e3b2e08f9..c3f76dbba9 100644
--- a/web/src/main/java/org/springframework/security/web/firewall/RequestWrapper.java
+++ b/web/src/main/java/org/springframework/security/web/firewall/RequestWrapper.java
@@ -29,8 +29,8 @@ import java.util.*;
  * returned which are suitable for pattern matching against. It strips out path parameters
  * and extra consecutive '/' characters.
  *
- * <h3>Path Parameters</h3> Parameters (as defined in <a
- * href="https://www.ietf.org/rfc/rfc2396.txt">RFC 2396</a>) are stripped from the path
+ * <h3>Path Parameters</h3> Parameters (as defined in
+ * <a href="https://www.ietf.org/rfc/rfc2396.txt">RFC 2396</a>) are stripped from the path
  * segments of the {@code servletPath} and {@code pathInfo} values of the request.
  * <p>
  * The parameter sequence is demarcated by a semi-colon, so each segment is checked for
@@ -44,8 +44,11 @@ import java.util.*;
  * @author Luke Taylor
  */
 final class RequestWrapper extends FirewalledRequest {
+
 	private final String strippedServletPath;
+
 	private final String strippedPathInfo;
+
 	private boolean stripPaths = true;
 
 	RequestWrapper(HttpServletRequest request) {
@@ -61,10 +64,8 @@ final class RequestWrapper extends FirewalledRequest {
 	/**
 	 * Removes path parameters from each path segment in the supplied path and truncates
 	 * sequences of multiple '/' characters to a single '/'.
-	 *
 	 * @param path either the {@code servletPath} and {@code pathInfo} from the original
 	 * request
-	 *
 	 * @return the supplied value, with path parameters removed and sequences of multiple
 	 * '/' characters truncated, or null if the supplied path was null.
 	 */
@@ -121,8 +122,7 @@ final class RequestWrapper extends FirewalledRequest {
 
 	@Override
 	public RequestDispatcher getRequestDispatcher(String path) {
-		return this.stripPaths ? new FirewalledRequestAwareRequestDispatcher(path)
-				: super.getRequestDispatcher(path);
+		return this.stripPaths ? new FirewalledRequestAwareRequestDispatcher(path) : super.getRequestDispatcher(path);
 	}
 
 	public void reset() {
@@ -137,10 +137,10 @@ final class RequestWrapper extends FirewalledRequest {
 	 * @author Rob Winch
 	 */
 	private class FirewalledRequestAwareRequestDispatcher implements RequestDispatcher {
+
 		private final String path;
 
 		/**
-		 *
 		 * @param path the {@code path} that will be used to obtain the delegate
 		 * {@link RequestDispatcher} from the original {@link HttpServletRequest}.
 		 */
@@ -148,19 +148,19 @@ final class RequestWrapper extends FirewalledRequest {
 			this.path = path;
 		}
 
-		public void forward(ServletRequest request, ServletResponse response)
-				throws ServletException, IOException {
+		public void forward(ServletRequest request, ServletResponse response) throws ServletException, IOException {
 			reset();
 			getDelegateDispatcher().forward(request, response);
 		}
 
-		public void include(ServletRequest request, ServletResponse response)
-				throws ServletException, IOException {
+		public void include(ServletRequest request, ServletResponse response) throws ServletException, IOException {
 			getDelegateDispatcher().include(request, response);
 		}
 
 		private RequestDispatcher getDelegateDispatcher() {
 			return RequestWrapper.super.getRequestDispatcher(path);
 		}
+
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/firewall/StrictHttpFirewall.java b/web/src/main/java/org/springframework/security/web/firewall/StrictHttpFirewall.java
index 0f12748e07..f65c0b4419 100644
--- a/web/src/main/java/org/springframework/security/web/firewall/StrictHttpFirewall.java
+++ b/web/src/main/java/org/springframework/security/web/firewall/StrictHttpFirewall.java
@@ -40,59 +40,35 @@ import org.springframework.http.HttpMethod;
  * The following rules are applied to the firewall:
  * </p>
  * <ul>
- * <li>
- * Rejects HTTP methods that are not allowed. This specified to block
- * <a href="https://www.owasp.org/index.php/Test_HTTP_Methods_(OTG-CONFIG-006)">HTTP Verb tampering and XST attacks</a>.
- * See {@link #setAllowedHttpMethods(Collection)}
- * </li>
- * <li>
- * Rejects URLs that are not normalized to avoid bypassing security constraints. There is
- * no way to disable this as it is considered extremely risky to disable this constraint.
- * A few options to allow this behavior is to normalize the request prior to the firewall
- * or using {@link DefaultHttpFirewall} instead. Please keep in mind that normalizing the
- * request is fragile and why requests are rejected rather than normalized.
- * </li>
- * <li>
- * Rejects URLs that contain characters that are not printable ASCII characters. There is
- * no way to disable this as it is considered extremely risky to disable this constraint.
- * </li>
- * <li>
- * Rejects URLs that contain semicolons. See {@link #setAllowSemicolon(boolean)}
- * </li>
- * <li>
- * Rejects URLs that contain a URL encoded slash. See
- * {@link #setAllowUrlEncodedSlash(boolean)}
- * </li>
- * <li>
- * Rejects URLs that contain a backslash. See {@link #setAllowBackSlash(boolean)}
- * </li>
- * <li>
- * Rejects URLs that contain a null character. See {@link #setAllowNull(boolean)}
- * </li>
- * <li>
- * Rejects URLs that contain a URL encoded percent. See
- * {@link #setAllowUrlEncodedPercent(boolean)}
- * </li>
- * <li>
- * Rejects hosts that are not allowed. See
- * {@link #setAllowedHostnames(Predicate)}
- * </li>
- * <li>
- * Reject headers names that are not allowed. See
- * {@link #setAllowedHeaderNames(Predicate)}
- * </li>
- * <li>
- * Reject headers values that are not allowed. See
- * {@link #setAllowedHeaderValues(Predicate)}
- * </li>
- * <li>
- * Reject parameter names that are not allowed. See
- * {@link #setAllowedParameterNames(Predicate)}
- * </li>
- * <li>
- * Reject parameter values that are not allowed. See
- * {@link #setAllowedParameterValues(Predicate)}
+ * <li>Rejects HTTP methods that are not allowed. This specified to block
+ * <a href="https://www.owasp.org/index.php/Test_HTTP_Methods_(OTG-CONFIG-006)">HTTP Verb
+ * tampering and XST attacks</a>. See {@link #setAllowedHttpMethods(Collection)}</li>
+ * <li>Rejects URLs that are not normalized to avoid bypassing security constraints. There
+ * is no way to disable this as it is considered extremely risky to disable this
+ * constraint. A few options to allow this behavior is to normalize the request prior to
+ * the firewall or using {@link DefaultHttpFirewall} instead. Please keep in mind that
+ * normalizing the request is fragile and why requests are rejected rather than
+ * normalized.</li>
+ * <li>Rejects URLs that contain characters that are not printable ASCII characters. There
+ * is no way to disable this as it is considered extremely risky to disable this
+ * constraint.</li>
+ * <li>Rejects URLs that contain semicolons. See {@link #setAllowSemicolon(boolean)}</li>
+ * <li>Rejects URLs that contain a URL encoded slash. See
+ * {@link #setAllowUrlEncodedSlash(boolean)}</li>
+ * <li>Rejects URLs that contain a backslash. See {@link #setAllowBackSlash(boolean)}</li>
+ * <li>Rejects URLs that contain a null character. See {@link #setAllowNull(boolean)}</li>
+ * <li>Rejects URLs that contain a URL encoded percent. See
+ * {@link #setAllowUrlEncodedPercent(boolean)}</li>
+ * <li>Rejects hosts that are not allowed. See {@link #setAllowedHostnames(Predicate)}
  * </li>
+ * <li>Reject headers names that are not allowed. See
+ * {@link #setAllowedHeaderNames(Predicate)}</li>
+ * <li>Reject headers values that are not allowed. See
+ * {@link #setAllowedHeaderValues(Predicate)}</li>
+ * <li>Reject parameter names that are not allowed. See
+ * {@link #setAllowedParameterNames(Predicate)}</li>
+ * <li>Reject parameter values that are not allowed. See
+ * {@link #setAllowedParameterValues(Predicate)}</li>
  * </ul>
  *
  * @see DefaultHttpFirewall
@@ -101,8 +77,10 @@ import org.springframework.http.HttpMethod;
  * @since 4.2.4
  */
 public class StrictHttpFirewall implements HttpFirewall {
+
 	/**
-	 * Used to specify to {@link #setAllowedHttpMethods(Collection)} that any HTTP method should be allowed.
+	 * Used to specify to {@link #setAllowedHttpMethods(Collection)} that any HTTP method
+	 * should be allowed.
 	 */
 	private static final Set<String> ALLOW_ANY_HTTP_METHOD = Collections.unmodifiableSet(Collections.emptySet());
 
@@ -110,15 +88,20 @@ public class StrictHttpFirewall implements HttpFirewall {
 
 	private static final String PERCENT = "%";
 
-	private static final List<String> FORBIDDEN_ENCODED_PERIOD = Collections.unmodifiableList(Arrays.asList("%2e", "%2E"));
+	private static final List<String> FORBIDDEN_ENCODED_PERIOD = Collections
+			.unmodifiableList(Arrays.asList("%2e", "%2E"));
 
-	private static final List<String> FORBIDDEN_SEMICOLON = Collections.unmodifiableList(Arrays.asList(";", "%3b", "%3B"));
+	private static final List<String> FORBIDDEN_SEMICOLON = Collections
+			.unmodifiableList(Arrays.asList(";", "%3b", "%3B"));
 
-	private static final List<String> FORBIDDEN_FORWARDSLASH = Collections.unmodifiableList(Arrays.asList("%2f", "%2F"));
+	private static final List<String> FORBIDDEN_FORWARDSLASH = Collections
+			.unmodifiableList(Arrays.asList("%2f", "%2F"));
 
-	private static final List<String> FORBIDDEN_DOUBLE_FORWARDSLASH = Collections.unmodifiableList(Arrays.asList("//", "%2f%2f", "%2f%2F", "%2F%2f", "%2F%2F"));
+	private static final List<String> FORBIDDEN_DOUBLE_FORWARDSLASH = Collections
+			.unmodifiableList(Arrays.asList("//", "%2f%2f", "%2f%2F", "%2F%2f", "%2F%2F"));
 
-	private static final List<String> FORBIDDEN_BACKSLASH = Collections.unmodifiableList(Arrays.asList("\\", "%5c", "%5C"));
+	private static final List<String> FORBIDDEN_BACKSLASH = Collections
+			.unmodifiableList(Arrays.asList("\\", "%5c", "%5C"));
 
 	private static final List<String> FORBIDDEN_NULL = Collections.unmodifiableList(Arrays.asList("\0", "%00"));
 
@@ -130,9 +113,11 @@ public class StrictHttpFirewall implements HttpFirewall {
 
 	private Predicate<String> allowedHostnames = hostname -> true;
 
-	private static final Pattern ASSIGNED_AND_NOT_ISO_CONTROL_PATTERN = Pattern.compile("[\\p{IsAssigned}&&[^\\p{IsControl}]]*");
+	private static final Pattern ASSIGNED_AND_NOT_ISO_CONTROL_PATTERN = Pattern
+			.compile("[\\p{IsAssigned}&&[^\\p{IsControl}]]*");
 
-	private static final Predicate<String> ASSIGNED_AND_NOT_ISO_CONTROL_PREDICATE = s -> ASSIGNED_AND_NOT_ISO_CONTROL_PATTERN.matcher(s).matches();
+	private static final Predicate<String> ASSIGNED_AND_NOT_ISO_CONTROL_PREDICATE = s -> ASSIGNED_AND_NOT_ISO_CONTROL_PATTERN
+			.matcher(s).matches();
 
 	private Predicate<String> allowedHeaderNames = ASSIGNED_AND_NOT_ISO_CONTROL_PREDICATE;
 
@@ -155,10 +140,12 @@ public class StrictHttpFirewall implements HttpFirewall {
 	}
 
 	/**
-	 * Sets if any HTTP method is allowed. If this set to true, then no validation on the HTTP method will be performed.
-	 * This can open the application up to <a href="https://www.owasp.org/index.php/Test_HTTP_Methods_(OTG-CONFIG-006)">
-	 * HTTP Verb tampering and XST attacks</a>
-	 * @param unsafeAllowAnyHttpMethod if true, disables HTTP method validation, else resets back to the defaults. Default is false.
+	 * Sets if any HTTP method is allowed. If this set to true, then no validation on the
+	 * HTTP method will be performed. This can open the application up to
+	 * <a href="https://www.owasp.org/index.php/Test_HTTP_Methods_(OTG-CONFIG-006)"> HTTP
+	 * Verb tampering and XST attacks</a>
+	 * @param unsafeAllowAnyHttpMethod if true, disables HTTP method validation, else
+	 * resets back to the defaults. Default is false.
 	 * @see #setAllowedHttpMethods(Collection)
 	 * @since 5.1
 	 */
@@ -168,11 +155,11 @@ public class StrictHttpFirewall implements HttpFirewall {
 
 	/**
 	 * <p>
-	 * Determines which HTTP methods should be allowed. The default is to allow "DELETE", "GET", "HEAD", "OPTIONS",
-	 * "PATCH", "POST", and "PUT".
+	 * Determines which HTTP methods should be allowed. The default is to allow "DELETE",
+	 * "GET", "HEAD", "OPTIONS", "PATCH", "POST", and "PUT".
 	 * </p>
-	 *
-	 * @param allowedHttpMethods the case-sensitive collection of HTTP methods that are allowed.
+	 * @param allowedHttpMethods the case-sensitive collection of HTTP methods that are
+	 * allowed.
 	 * @see #setUnsafeAllowAnyHttpMethod(boolean)
 	 * @since 5.1
 	 */
@@ -182,7 +169,8 @@ public class StrictHttpFirewall implements HttpFirewall {
 		}
 		if (allowedHttpMethods == ALLOW_ANY_HTTP_METHOD) {
 			this.allowedHttpMethods = ALLOW_ANY_HTTP_METHOD;
-		} else {
+		}
+		else {
 			this.allowedHttpMethods = new HashSet<>(allowedHttpMethods);
 		}
 	}
@@ -191,17 +179,18 @@ public class StrictHttpFirewall implements HttpFirewall {
 	 * <p>
 	 * Determines if semicolon is allowed in the URL (i.e. matrix variables). The default
 	 * is to disable this behavior because it is a common way of attempting to perform
-	 * <a href="https://www.owasp.org/index.php/Reflected_File_Download">Reflected File Download Attacks</a>.
-	 * It is also the source of many exploits which bypass URL based security.
+	 * <a href="https://www.owasp.org/index.php/Reflected_File_Download">Reflected File
+	 * Download Attacks</a>. It is also the source of many exploits which bypass URL based
+	 * security.
 	 * </p>
-	 * <p>For example, the following CVEs are a subset of the issues related
-	 * to ambiguities in the Servlet Specification on how to treat semicolons that
-	 * led to CVEs:
+	 * <p>
+	 * For example, the following CVEs are a subset of the issues related to ambiguities
+	 * in the Servlet Specification on how to treat semicolons that led to CVEs:
 	 * </p>
 	 * <ul>
-	 *     <li><a href="https://pivotal.io/security/cve-2016-5007">cve-2016-5007</a></li>
-	 *     <li><a href="https://pivotal.io/security/cve-2016-9879">cve-2016-9879</a></li>
-	 *     <li><a href="https://pivotal.io/security/cve-2018-1199">cve-2018-1199</a></li>
+	 * <li><a href="https://pivotal.io/security/cve-2016-5007">cve-2016-5007</a></li>
+	 * <li><a href="https://pivotal.io/security/cve-2016-9879">cve-2016-9879</a></li>
+	 * <li><a href="https://pivotal.io/security/cve-2018-1199">cve-2018-1199</a></li>
 	 * </ul>
 	 *
 	 * <p>
@@ -214,16 +203,15 @@ public class StrictHttpFirewall implements HttpFirewall {
 	 * any sensitive information) in a URL as it can lead to leaking. Instead use Cookies.
 	 * </li>
 	 * <li>Matrix Variables - Users wanting to leverage Matrix Variables should consider
-	 * using HTTP parameters instead.
-	 * </li>
+	 * using HTTP parameters instead.</li>
 	 * </ul>
-	 *
 	 * @param allowSemicolon should semicolons be allowed in the URL. Default is false
 	 */
 	public void setAllowSemicolon(boolean allowSemicolon) {
 		if (allowSemicolon) {
 			urlBlocklistsRemoveAll(FORBIDDEN_SEMICOLON);
-		} else {
+		}
+		else {
 			urlBlocklistsAddAll(FORBIDDEN_SEMICOLON);
 		}
 	}
@@ -239,31 +227,31 @@ public class StrictHttpFirewall implements HttpFirewall {
 	 * parsed consistently which results in different values in {@code HttpServletRequest}
 	 * path related values which allow bypassing certain security constraints.
 	 * </p>
-	 *
 	 * @param allowUrlEncodedSlash should a slash "/" that is URL encoded "%2F" be allowed
 	 * in the path or not. Default is false.
 	 */
 	public void setAllowUrlEncodedSlash(boolean allowUrlEncodedSlash) {
 		if (allowUrlEncodedSlash) {
 			urlBlocklistsRemoveAll(FORBIDDEN_FORWARDSLASH);
-		} else {
+		}
+		else {
 			urlBlocklistsAddAll(FORBIDDEN_FORWARDSLASH);
 		}
 	}
 
 	/**
 	 * <p>
-	 * Determines if double slash "//" that is URL encoded "%2F%2F" should be allowed in the path or
-	 * not. The default is to not allow.
+	 * Determines if double slash "//" that is URL encoded "%2F%2F" should be allowed in
+	 * the path or not. The default is to not allow.
 	 * </p>
-	 *
-	 * @param allowUrlEncodedDoubleSlash should a slash "//" that is URL encoded "%2F%2F" be allowed
-	 *        in the path or not. Default is false.
+	 * @param allowUrlEncodedDoubleSlash should a slash "//" that is URL encoded "%2F%2F"
+	 * be allowed in the path or not. Default is false.
 	 */
 	public void setAllowUrlEncodedDoubleSlash(boolean allowUrlEncodedDoubleSlash) {
 		if (allowUrlEncodedDoubleSlash) {
 			urlBlocklistsRemoveAll(FORBIDDEN_DOUBLE_FORWARDSLASH);
-		} else {
+		}
+		else {
 			urlBlocklistsAddAll(FORBIDDEN_DOUBLE_FORWARDSLASH);
 		}
 	}
@@ -277,18 +265,18 @@ public class StrictHttpFirewall implements HttpFirewall {
 	 * <p>
 	 * For example, due to ambiguities in the servlet specification a URL encoded period
 	 * might lead to bypassing security constraints through a directory traversal attack.
-	 * This is because the path is not parsed consistently which results  in different
+	 * This is because the path is not parsed consistently which results in different
 	 * values in {@code HttpServletRequest} path related values which allow bypassing
 	 * certain security constraints.
 	 * </p>
-	 *
 	 * @param allowUrlEncodedPeriod should a period "." that is URL encoded "%2E" be
 	 * allowed in the path or not. Default is false.
 	 */
 	public void setAllowUrlEncodedPeriod(boolean allowUrlEncodedPeriod) {
 		if (allowUrlEncodedPeriod) {
 			this.encodedUrlBlocklist.removeAll(FORBIDDEN_ENCODED_PERIOD);
-		} else {
+		}
+		else {
 			this.encodedUrlBlocklist.addAll(FORBIDDEN_ENCODED_PERIOD);
 		}
 	}
@@ -302,37 +290,37 @@ public class StrictHttpFirewall implements HttpFirewall {
 	 * <p>
 	 * For example, due to ambiguities in the servlet specification a URL encoded period
 	 * might lead to bypassing security constraints through a directory traversal attack.
-	 * This is because the path is not parsed consistently which results  in different
+	 * This is because the path is not parsed consistently which results in different
 	 * values in {@code HttpServletRequest} path related values which allow bypassing
 	 * certain security constraints.
 	 * </p>
-	 *
 	 * @param allowBackSlash a backslash "\" or a URL encoded backslash "%5C" be allowed
 	 * in the path or not. Default is false
 	 */
 	public void setAllowBackSlash(boolean allowBackSlash) {
 		if (allowBackSlash) {
 			urlBlocklistsRemoveAll(FORBIDDEN_BACKSLASH);
-		} else {
+		}
+		else {
 			urlBlocklistsAddAll(FORBIDDEN_BACKSLASH);
 		}
 	}
 
 	/**
 	 * <p>
-	 * Determines if a null "\0" or a URL encoded nul "%00" should be allowed in
-	 * the path or not. The default is not to allow this behavior because it is a frequent
-	 * source of security exploits.
+	 * Determines if a null "\0" or a URL encoded nul "%00" should be allowed in the path
+	 * or not. The default is not to allow this behavior because it is a frequent source
+	 * of security exploits.
 	 * </p>
-	 *
-	 * @param allowNull a null "\0" or a URL encoded null "%00" be allowed
-	 * in the path or not. Default is false
+	 * @param allowNull a null "\0" or a URL encoded null "%00" be allowed in the path or
+	 * not. Default is false
 	 * @since 5.4
 	 */
 	public void setAllowNull(boolean allowNull) {
 		if (allowNull) {
 			urlBlocklistsRemoveAll(FORBIDDEN_NULL);
-		} else {
+		}
+		else {
 			urlBlocklistsAddAll(FORBIDDEN_NULL);
 		}
 	}
@@ -347,7 +335,6 @@ public class StrictHttpFirewall implements HttpFirewall {
 	 * For example, this can lead to exploits that involve double URL encoding that lead
 	 * to bypassing security constraints.
 	 * </p>
-	 *
 	 * @param allowUrlEncodedPercent if a percent "%" that is URL encoded "%25" should be
 	 * allowed in the path or not. Default is false
 	 */
@@ -355,7 +342,8 @@ public class StrictHttpFirewall implements HttpFirewall {
 		if (allowUrlEncodedPercent) {
 			this.encodedUrlBlocklist.remove(ENCODED_PERCENT);
 			this.decodedUrlBlocklist.remove(PERCENT);
-		} else {
+		}
+		else {
 			this.encodedUrlBlocklist.add(ENCODED_PERCENT);
 			this.decodedUrlBlocklist.add(PERCENT);
 		}
@@ -363,11 +351,9 @@ public class StrictHttpFirewall implements HttpFirewall {
 
 	/**
 	 * <p>
-	 * Determines which header names should be allowed.
-	 * The default is to reject header names that contain ISO control characters
-	 * and characters that are not defined.
+	 * Determines which header names should be allowed. The default is to reject header
+	 * names that contain ISO control characters and characters that are not defined.
 	 * </p>
-	 *
 	 * @param allowedHeaderNames the predicate for testing header names
 	 * @see Character#isISOControl(int)
 	 * @see Character#isDefined(int)
@@ -382,11 +368,9 @@ public class StrictHttpFirewall implements HttpFirewall {
 
 	/**
 	 * <p>
-	 * Determines which header values should be allowed.
-	 * The default is to reject header values that contain ISO control characters
-	 * and characters that are not defined.
+	 * Determines which header values should be allowed. The default is to reject header
+	 * values that contain ISO control characters and characters that are not defined.
 	 * </p>
-	 *
 	 * @param allowedHeaderValues the predicate for testing hostnames
 	 * @see Character#isISOControl(int)
 	 * @see Character#isDefined(int)
@@ -398,15 +382,17 @@ public class StrictHttpFirewall implements HttpFirewall {
 		}
 		this.allowedHeaderValues = allowedHeaderValues;
 	}
+
 	/*
-	 * Determines which parameter names should be allowed.
-	 * The default is to reject header names that contain ISO control characters
-	 * and characters that are not defined.
-	 * </p>
+	 * Determines which parameter names should be allowed. The default is to reject header
+	 * names that contain ISO control characters and characters that are not defined. </p>
 	 *
 	 * @param allowedParameterNames the predicate for testing parameter names
+	 *
 	 * @see Character#isISOControl(int)
+	 *
 	 * @see Character#isDefined(int)
+	 *
 	 * @since 5.4
 	 */
 	public void setAllowedParameterNames(Predicate<String> allowedParameterNames) {
@@ -418,10 +404,9 @@ public class StrictHttpFirewall implements HttpFirewall {
 
 	/**
 	 * <p>
-	 * Determines which parameter values should be allowed.
-	 * The default is to allow any parameter value.
+	 * Determines which parameter values should be allowed. The default is to allow any
+	 * parameter value.
 	 * </p>
-	 *
 	 * @param allowedParameterValues the predicate for testing parameter values
 	 * @since 5.4
 	 */
@@ -436,7 +421,6 @@ public class StrictHttpFirewall implements HttpFirewall {
 	 * <p>
 	 * Determines which hostnames should be allowed. The default is to allow any hostname.
 	 * </p>
-	 *
 	 * @param allowedHostnames the predicate for testing hostnames
 	 * @since 5.2
 	 */
@@ -469,13 +453,15 @@ public class StrictHttpFirewall implements HttpFirewall {
 
 		String requestUri = request.getRequestURI();
 		if (!containsOnlyPrintableAsciiCharacters(requestUri)) {
-			throw new RequestRejectedException("The requestURI was rejected because it can only contain printable ASCII characters.");
+			throw new RequestRejectedException(
+					"The requestURI was rejected because it can only contain printable ASCII characters.");
 		}
 		return new FirewalledRequest(request) {
 			@Override
 			public long getDateHeader(String name) {
 				if (!allowedHeaderNames.test(name)) {
-					throw new RequestRejectedException("The request was rejected because the header name \"" + name + "\" is not allowed.");
+					throw new RequestRejectedException(
+							"The request was rejected because the header name \"" + name + "\" is not allowed.");
 				}
 				return super.getDateHeader(name);
 			}
@@ -483,7 +469,8 @@ public class StrictHttpFirewall implements HttpFirewall {
 			@Override
 			public int getIntHeader(String name) {
 				if (!allowedHeaderNames.test(name)) {
-					throw new RequestRejectedException("The request was rejected because the header name \"" + name + "\" is not allowed.");
+					throw new RequestRejectedException(
+							"The request was rejected because the header name \"" + name + "\" is not allowed.");
 				}
 				return super.getIntHeader(name);
 			}
@@ -491,11 +478,13 @@ public class StrictHttpFirewall implements HttpFirewall {
 			@Override
 			public String getHeader(String name) {
 				if (!allowedHeaderNames.test(name)) {
-					throw new RequestRejectedException("The request was rejected because the header name \"" + name + "\" is not allowed.");
+					throw new RequestRejectedException(
+							"The request was rejected because the header name \"" + name + "\" is not allowed.");
 				}
 				String value = super.getHeader(name);
 				if (value != null && !allowedHeaderValues.test(value)) {
-					throw new RequestRejectedException("The request was rejected because the header value \"" + value + "\" is not allowed.");
+					throw new RequestRejectedException(
+							"The request was rejected because the header value \"" + value + "\" is not allowed.");
 				}
 				return value;
 			}
@@ -503,7 +492,8 @@ public class StrictHttpFirewall implements HttpFirewall {
 			@Override
 			public Enumeration<String> getHeaders(String name) {
 				if (!allowedHeaderNames.test(name)) {
-					throw new RequestRejectedException("The request was rejected because the header name \"" + name + "\" is not allowed.");
+					throw new RequestRejectedException(
+							"The request was rejected because the header name \"" + name + "\" is not allowed.");
 				}
 
 				Enumeration<String> valuesEnumeration = super.getHeaders(name);
@@ -517,7 +507,8 @@ public class StrictHttpFirewall implements HttpFirewall {
 					public String nextElement() {
 						String value = valuesEnumeration.nextElement();
 						if (!allowedHeaderValues.test(value)) {
-							throw new RequestRejectedException("The request was rejected because the header value \"" + value + "\" is not allowed.");
+							throw new RequestRejectedException("The request was rejected because the header value \""
+									+ value + "\" is not allowed.");
 						}
 						return value;
 					}
@@ -537,7 +528,8 @@ public class StrictHttpFirewall implements HttpFirewall {
 					public String nextElement() {
 						String name = namesEnumeration.nextElement();
 						if (!allowedHeaderNames.test(name)) {
-							throw new RequestRejectedException("The request was rejected because the header name \"" + name + "\" is not allowed.");
+							throw new RequestRejectedException("The request was rejected because the header name \""
+									+ name + "\" is not allowed.");
 						}
 						return name;
 					}
@@ -547,11 +539,13 @@ public class StrictHttpFirewall implements HttpFirewall {
 			@Override
 			public String getParameter(String name) {
 				if (!allowedParameterNames.test(name)) {
-					throw new RequestRejectedException("The request was rejected because the parameter name \"" + name + "\" is not allowed.");
+					throw new RequestRejectedException(
+							"The request was rejected because the parameter name \"" + name + "\" is not allowed.");
 				}
 				String value = super.getParameter(name);
 				if (value != null && !allowedParameterValues.test(value)) {
-					throw new RequestRejectedException("The request was rejected because the parameter value \"" + value + "\" is not allowed.");
+					throw new RequestRejectedException(
+							"The request was rejected because the parameter value \"" + value + "\" is not allowed.");
 				}
 				return value;
 			}
@@ -563,11 +557,13 @@ public class StrictHttpFirewall implements HttpFirewall {
 					String name = entry.getKey();
 					String[] values = entry.getValue();
 					if (!allowedParameterNames.test(name)) {
-						throw new RequestRejectedException("The request was rejected because the parameter name \"" + name + "\" is not allowed.");
+						throw new RequestRejectedException(
+								"The request was rejected because the parameter name \"" + name + "\" is not allowed.");
 					}
-					for (String value: values) {
+					for (String value : values) {
 						if (!allowedParameterValues.test(value)) {
-							throw new RequestRejectedException("The request was rejected because the parameter value \"" + value + "\" is not allowed.");
+							throw new RequestRejectedException("The request was rejected because the parameter value \""
+									+ value + "\" is not allowed.");
 						}
 					}
 				}
@@ -587,7 +583,8 @@ public class StrictHttpFirewall implements HttpFirewall {
 					public String nextElement() {
 						String name = namesEnumeration.nextElement();
 						if (!allowedParameterNames.test(name)) {
-							throw new RequestRejectedException("The request was rejected because the parameter name \"" + name + "\" is not allowed.");
+							throw new RequestRejectedException("The request was rejected because the parameter name \""
+									+ name + "\" is not allowed.");
 						}
 						return name;
 					}
@@ -597,13 +594,15 @@ public class StrictHttpFirewall implements HttpFirewall {
 			@Override
 			public String[] getParameterValues(String name) {
 				if (!allowedParameterNames.test(name)) {
-					throw new RequestRejectedException("The request was rejected because the parameter name \"" + name + "\" is not allowed.");
+					throw new RequestRejectedException(
+							"The request was rejected because the parameter name \"" + name + "\" is not allowed.");
 				}
 				String[] values = super.getParameterValues(name);
 				if (values != null) {
-					for (String value: values) {
+					for (String value : values) {
 						if (!allowedParameterValues.test(value)) {
-							throw new RequestRejectedException("The request was rejected because the parameter value \"" + value + "\" is not allowed.");
+							throw new RequestRejectedException("The request was rejected because the parameter value \""
+									+ value + "\" is not allowed.");
 						}
 					}
 				}
@@ -621,22 +620,25 @@ public class StrictHttpFirewall implements HttpFirewall {
 			return;
 		}
 		if (!this.allowedHttpMethods.contains(request.getMethod())) {
-			throw new RequestRejectedException("The request was rejected because the HTTP method \"" +
-					request.getMethod() +
-					"\" was not included within the list of allowed HTTP methods " +
-					this.allowedHttpMethods);
+			throw new RequestRejectedException(
+					"The request was rejected because the HTTP method \"" + request.getMethod()
+							+ "\" was not included within the list of allowed HTTP methods " + this.allowedHttpMethods);
 		}
 	}
 
 	private void rejectedBlocklistedUrls(HttpServletRequest request) {
 		for (String forbidden : this.encodedUrlBlocklist) {
 			if (encodedUrlContains(request, forbidden)) {
-				throw new RequestRejectedException("The request was rejected because the URL contained a potentially malicious String \"" + forbidden + "\"");
+				throw new RequestRejectedException(
+						"The request was rejected because the URL contained a potentially malicious String \""
+								+ forbidden + "\"");
 			}
 		}
 		for (String forbidden : this.decodedUrlBlocklist) {
 			if (decodedUrlContains(request, forbidden)) {
-				throw new RequestRejectedException("The request was rejected because the URL contained a potentially malicious String \"" + forbidden + "\"");
+				throw new RequestRejectedException(
+						"The request was rejected because the URL contained a potentially malicious String \""
+								+ forbidden + "\"");
 			}
 		}
 	}
@@ -644,7 +646,8 @@ public class StrictHttpFirewall implements HttpFirewall {
 	private void rejectedUntrustedHosts(HttpServletRequest request) {
 		String serverName = request.getServerName();
 		if (serverName != null && !this.allowedHostnames.test(serverName)) {
-			throw new RequestRejectedException("The request was rejected because the domain " + serverName + " is untrusted.");
+			throw new RequestRejectedException(
+					"The request was rejected because the domain " + serverName + " is untrusted.");
 		}
 	}
 
@@ -715,13 +718,10 @@ public class StrictHttpFirewall implements HttpFirewall {
 	}
 
 	/**
-	 * Checks whether a path is normalized (doesn't contain path traversal
-	 * sequences like "./", "/../" or "/.")
-	 *
-	 * @param path
-	 *            the path to test
-	 * @return true if the path doesn't contain any path-traversal character
-	 *         sequences.
+	 * Checks whether a path is normalized (doesn't contain path traversal sequences like
+	 * "./", "/../" or "/.")
+	 * @param path the path to test
+	 * @return true if the path doesn't contain any path-traversal character sequences.
 	 */
 	private static boolean isNormalized(String path) {
 		if (path == null) {
@@ -735,7 +735,8 @@ public class StrictHttpFirewall implements HttpFirewall {
 			if (gap == 2 && path.charAt(i + 1) == '.') {
 				// ".", "/./" or "/."
 				return false;
-			} else if (gap == 3 && path.charAt(i + 1) == '.' && path.charAt(i + 2) == '.') {
+			}
+			else if (gap == 3 && path.charAt(i + 1) == '.' && path.charAt(i + 2) == '.') {
 				return false;
 			}
 
@@ -747,7 +748,6 @@ public class StrictHttpFirewall implements HttpFirewall {
 
 	/**
 	 * Provides the existing encoded url blocklist which can add/remove entries from
-	 *
 	 * @return the existing encoded url blocklist, never null
 	 */
 	public Set<String> getEncodedUrlBlocklist() {
@@ -756,7 +756,6 @@ public class StrictHttpFirewall implements HttpFirewall {
 
 	/**
 	 * Provides the existing decoded url blocklist which can add/remove entries from
-	 *
 	 * @return the existing decoded url blocklist, never null
 	 */
 	public Set<String> getDecodedUrlBlocklist() {
@@ -765,7 +764,6 @@ public class StrictHttpFirewall implements HttpFirewall {
 
 	/**
 	 * Provides the existing encoded url blocklist which can add/remove entries from
-	 *
 	 * @return the existing encoded url blocklist, never null
 	 * @deprecated Use {@link #getEncodedUrlBlocklist()} instead
 	 */
@@ -776,11 +774,11 @@ public class StrictHttpFirewall implements HttpFirewall {
 
 	/**
 	 * Provides the existing decoded url blocklist which can add/remove entries from
-	 *
 	 * @return the existing decoded url blocklist, never null
 	 *
 	 */
 	public Set<String> getDecodedUrlBlacklist() {
 		return getDecodedUrlBlocklist();
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/header/Header.java b/web/src/main/java/org/springframework/security/web/header/Header.java
index f5922c2dc2..69658fdac0 100644
--- a/web/src/main/java/org/springframework/security/web/header/Header.java
+++ b/web/src/main/java/org/springframework/security/web/header/Header.java
@@ -28,6 +28,7 @@ import org.springframework.util.Assert;
 public final class Header {
 
 	private final String headerName;
+
 	private final List<String> headerValues;
 
 	/**
@@ -53,7 +54,6 @@ public final class Header {
 
 	/**
 	 * Gets the values of the header. Cannot be null, empty, or contain null values.
-	 *
 	 * @return the values of the header
 	 */
 	public List<String> getValues() {
@@ -86,4 +86,5 @@ public final class Header {
 	public String toString() {
 		return "Header [name: " + headerName + ", values: " + headerValues + "]";
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/header/HeaderWriter.java b/web/src/main/java/org/springframework/security/web/header/HeaderWriter.java
index de66719879..5ef940a6ec 100644
--- a/web/src/main/java/org/springframework/security/web/header/HeaderWriter.java
+++ b/web/src/main/java/org/springframework/security/web/header/HeaderWriter.java
@@ -22,7 +22,6 @@ import javax.servlet.http.HttpServletResponse;
  * Contract for writing headers to a {@link HttpServletResponse}
  *
  * @see HeaderWriterFilter
- *
  * @author Marten Deinum
  * @author Rob Winch
  * @since 3.2
@@ -31,9 +30,9 @@ public interface HeaderWriter {
 
 	/**
 	 * Create a {@code Header} instance.
-	 *
 	 * @param request the request
 	 * @param response the response
 	 */
 	void writeHeaders(HttpServletRequest request, HttpServletResponse response);
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/header/HeaderWriterFilter.java b/web/src/main/java/org/springframework/security/web/header/HeaderWriterFilter.java
index ddf553f116..e30979dcc7 100644
--- a/web/src/main/java/org/springframework/security/web/header/HeaderWriterFilter.java
+++ b/web/src/main/java/org/springframework/security/web/header/HeaderWriterFilter.java
@@ -43,7 +43,6 @@ import org.springframework.web.filter.OncePerRequestFilter;
  */
 public class HeaderWriterFilter extends OncePerRequestFilter {
 
-
 	/**
 	 * The {@link HeaderWriter} to write headers to the response.
 	 * {@see CompositeHeaderWriter}
@@ -57,7 +56,6 @@ public class HeaderWriterFilter extends OncePerRequestFilter {
 
 	/**
 	 * Creates a new instance.
-	 *
 	 * @param headerWriters the {@link HeaderWriter} instances to write out headers to the
 	 * {@link HttpServletResponse}.
 	 */
@@ -67,30 +65,31 @@ public class HeaderWriterFilter extends OncePerRequestFilter {
 	}
 
 	@Override
-	protected void doFilterInternal(HttpServletRequest request,
-			HttpServletResponse response, FilterChain filterChain)
+	protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
 			throws ServletException, IOException {
 
 		if (this.shouldWriteHeadersEagerly) {
 			doHeadersBefore(request, response, filterChain);
-		} else {
+		}
+		else {
 			doHeadersAfter(request, response, filterChain);
 		}
 	}
 
-	private void doHeadersBefore(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws IOException, ServletException {
+	private void doHeadersBefore(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
+			throws IOException, ServletException {
 		writeHeaders(request, response);
 		filterChain.doFilter(request, response);
 	}
 
-	private void doHeadersAfter(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws IOException, ServletException {
-		HeaderWriterResponse headerWriterResponse = new HeaderWriterResponse(request,
-				response);
-		HeaderWriterRequest headerWriterRequest = new HeaderWriterRequest(request,
-				headerWriterResponse);
+	private void doHeadersAfter(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
+			throws IOException, ServletException {
+		HeaderWriterResponse headerWriterResponse = new HeaderWriterResponse(request, response);
+		HeaderWriterRequest headerWriterRequest = new HeaderWriterRequest(request, headerWriterResponse);
 		try {
 			filterChain.doFilter(headerWriterRequest, headerWriterResponse);
-		} finally {
+		}
+		finally {
 			headerWriterResponse.writeHeaders();
 		}
 	}
@@ -103,8 +102,8 @@ public class HeaderWriterFilter extends OncePerRequestFilter {
 
 	/**
 	 * Allow writing headers at the beginning of the request.
-	 *
-	 * @param shouldWriteHeadersEagerly boolean to allow writing headers at the beginning of the request.
+	 * @param shouldWriteHeadersEagerly boolean to allow writing headers at the beginning
+	 * of the request.
 	 * @author Ankur Pathak
 	 * @since 5.2
 	 */
@@ -113,6 +112,7 @@ public class HeaderWriterFilter extends OncePerRequestFilter {
 	}
 
 	class HeaderWriterResponse extends OnCommittedResponseWrapper {
+
 		private final HttpServletRequest request;
 
 		HeaderWriterResponse(HttpServletRequest request, HttpServletResponse response) {
@@ -142,9 +142,11 @@ public class HeaderWriterFilter extends OncePerRequestFilter {
 		private HttpServletResponse getHttpResponse() {
 			return (HttpServletResponse) getResponse();
 		}
+
 	}
 
 	static class HeaderWriterRequest extends HttpServletRequestWrapper {
+
 		private final HeaderWriterResponse response;
 
 		HeaderWriterRequest(HttpServletRequest request, HeaderWriterResponse response) {
@@ -156,10 +158,13 @@ public class HeaderWriterFilter extends OncePerRequestFilter {
 		public RequestDispatcher getRequestDispatcher(String path) {
 			return new HeaderWriterRequestDispatcher(super.getRequestDispatcher(path), this.response);
 		}
+
 	}
 
 	static class HeaderWriterRequestDispatcher implements RequestDispatcher {
+
 		private final RequestDispatcher delegate;
+
 		private final HeaderWriterResponse response;
 
 		HeaderWriterRequestDispatcher(RequestDispatcher delegate, HeaderWriterResponse response) {
@@ -177,5 +182,7 @@ public class HeaderWriterFilter extends OncePerRequestFilter {
 			this.response.onResponseCommitted();
 			this.delegate.include(request, response);
 		}
+
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/CacheControlHeadersWriter.java b/web/src/main/java/org/springframework/security/web/header/writers/CacheControlHeadersWriter.java
index 9fdc7d6d05..ecd63c3f80 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/CacheControlHeadersWriter.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/CacheControlHeadersWriter.java
@@ -38,8 +38,11 @@ import org.springframework.security.web.header.HeaderWriter;
  * @since 3.2
  */
 public final class CacheControlHeadersWriter implements HeaderWriter {
+
 	private static final String EXPIRES = "Expires";
+
 	private static final String PRAGMA = "Pragma";
+
 	private static final String CACHE_CONTROL = "Cache-Control";
 
 	private final HeaderWriter delegate;
@@ -53,8 +56,8 @@ public final class CacheControlHeadersWriter implements HeaderWriter {
 
 	@Override
 	public void writeHeaders(HttpServletRequest request, HttpServletResponse response) {
-		if (hasHeader(response, CACHE_CONTROL) || hasHeader(response, EXPIRES)
-				|| hasHeader(response, PRAGMA) || response.getStatus() == HttpStatus.NOT_MODIFIED.value()) {
+		if (hasHeader(response, CACHE_CONTROL) || hasHeader(response, EXPIRES) || hasHeader(response, PRAGMA)
+				|| response.getStatus() == HttpStatus.NOT_MODIFIED.value()) {
 			return;
 		}
 		this.delegate.writeHeaders(request, response);
@@ -66,10 +69,10 @@ public final class CacheControlHeadersWriter implements HeaderWriter {
 
 	private static List<Header> createHeaders() {
 		List<Header> headers = new ArrayList<>(3);
-		headers.add(new Header(CACHE_CONTROL,
-				"no-cache, no-store, max-age=0, must-revalidate"));
+		headers.add(new Header(CACHE_CONTROL, "no-cache, no-store, max-age=0, must-revalidate"));
 		headers.add(new Header(PRAGMA, "no-cache"));
 		headers.add(new Header(EXPIRES, "0"));
 		return headers;
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/ClearSiteDataHeaderWriter.java b/web/src/main/java/org/springframework/security/web/header/writers/ClearSiteDataHeaderWriter.java
index 3b125edd1e..d230e236d6 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/ClearSiteDataHeaderWriter.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/ClearSiteDataHeaderWriter.java
@@ -31,13 +31,13 @@ import org.springframework.util.Assert;
  * Site Data</a>.
  *
  * <p>
- * Developers may instruct a user agent to clear various types of relevant data by delivering
- * a Clear-Site-Data HTTP response header in response to a request.
+ * Developers may instruct a user agent to clear various types of relevant data by
+ * delivering a Clear-Site-Data HTTP response header in response to a request.
  * <p>
  *
  * <p>
- * Due to <a href="https://w3c.github.io/webappsec-clear-site-data/#incomplete">Incomplete Clearing</a>
- * section the header is only applied if the request is secure.
+ * Due to <a href="https://w3c.github.io/webappsec-clear-site-data/#incomplete">Incomplete
+ * Clearing</a> section the header is only applied if the request is secure.
  * </p>
  *
  * @author Rafiullah Hamedy
@@ -55,12 +55,11 @@ public final class ClearSiteDataHeaderWriter implements HeaderWriter {
 
 	/**
 	 * <p>
-	 * Creates a new instance of {@link ClearSiteDataHeaderWriter} with given sources.
-	 * The constructor also initializes <b>requestMatcher</b> with a new instance of
-	 * <b>SecureRequestMatcher</b> to ensure that header is only applied if and when
-	 * the request is secure as per the <b>Incomplete Clearing</b> section.
+	 * Creates a new instance of {@link ClearSiteDataHeaderWriter} with given sources. The
+	 * constructor also initializes <b>requestMatcher</b> with a new instance of
+	 * <b>SecureRequestMatcher</b> to ensure that header is only applied if and when the
+	 * request is secure as per the <b>Incomplete Clearing</b> section.
 	 * </p>
-	 *
 	 * @param directives (i.e. "cache", "cookies", "storage", "executionContexts" or "*")
 	 * @throws {@link IllegalArgumentException} if sources is null or empty.
 	 */
@@ -76,21 +75,22 @@ public final class ClearSiteDataHeaderWriter implements HeaderWriter {
 			if (!response.containsHeader(CLEAR_SITE_DATA_HEADER)) {
 				response.setHeader(CLEAR_SITE_DATA_HEADER, this.headerValue);
 			}
-		} else if (logger.isDebugEnabled()) {
-			logger.debug("Not injecting Clear-Site-Data header since it did not match the "
-						+ "requestMatcher " + this.requestMatcher);
+		}
+		else if (logger.isDebugEnabled()) {
+			logger.debug("Not injecting Clear-Site-Data header since it did not match the " + "requestMatcher "
+					+ this.requestMatcher);
 		}
 	}
 
 	/**
-	 * <p>Represents the directive values expected by the {@link ClearSiteDataHeaderWriter}</p>.
+	 * <p>
+	 * Represents the directive values expected by the {@link ClearSiteDataHeaderWriter}
+	 * </p>
+	 * .
 	 */
 	public enum Directive {
-		CACHE("cache"),
-		COOKIES("cookies"),
-		STORAGE("storage"),
-		EXECUTION_CONTEXTS("executionContexts"),
-		ALL("*");
+
+		CACHE("cache"), COOKIES("cookies"), STORAGE("storage"), EXECUTION_CONTEXTS("executionContexts"), ALL("*");
 
 		private final String headerValue;
 
@@ -101,6 +101,7 @@ public final class ClearSiteDataHeaderWriter implements HeaderWriter {
 		public String getHeaderValue() {
 			return this.headerValue;
 		}
+
 	}
 
 	private String transformToHeaderValue(Directive... directives) {
@@ -113,13 +114,16 @@ public final class ClearSiteDataHeaderWriter implements HeaderWriter {
 	}
 
 	private static final class SecureRequestMatcher implements RequestMatcher {
+
 		public boolean matches(HttpServletRequest request) {
 			return request.isSecure();
 		}
+
 	}
 
 	@Override
 	public String toString() {
 		return getClass().getName() + " [headerValue=" + this.headerValue + "]";
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/CompositeHeaderWriter.java b/web/src/main/java/org/springframework/security/web/header/writers/CompositeHeaderWriter.java
index 8d8fb75fc2..a95c76e6cc 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/CompositeHeaderWriter.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/CompositeHeaderWriter.java
@@ -34,9 +34,8 @@ public class CompositeHeaderWriter implements HeaderWriter {
 
 	/**
 	 * Creates a new instance.
-	 *
 	 * @param headerWriters the {@link HeaderWriter} instances to write out headers to the
-	 *                      {@link HttpServletResponse}.
+	 * {@link HttpServletResponse}.
 	 */
 	public CompositeHeaderWriter(List<HeaderWriter> headerWriters) {
 		Assert.notEmpty(headerWriters, "headerWriters cannot be empty");
@@ -47,4 +46,5 @@ public class CompositeHeaderWriter implements HeaderWriter {
 	public void writeHeaders(HttpServletRequest request, HttpServletResponse response) {
 		this.headerWriters.forEach(headerWriter -> headerWriter.writeHeaders(request, response));
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/ContentSecurityPolicyHeaderWriter.java b/web/src/main/java/org/springframework/security/web/header/writers/ContentSecurityPolicyHeaderWriter.java
index 4ae86198f3..8dc6e7dafe 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/ContentSecurityPolicyHeaderWriter.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/ContentSecurityPolicyHeaderWriter.java
@@ -23,53 +23,57 @@ import javax.servlet.http.HttpServletResponse;
 
 /**
  * <p>
- * Provides support for <a href="https://www.w3.org/TR/CSP2/">Content Security Policy (CSP) Level 2</a>.
+ * Provides support for <a href="https://www.w3.org/TR/CSP2/">Content Security Policy
+ * (CSP) Level 2</a>.
  * </p>
  *
  * <p>
- * CSP provides a mechanism for web applications to mitigate content injection vulnerabilities,
- * such as cross-site scripting (XSS). CSP is a declarative policy that allows web application authors to inform
- * the client (user-agent) about the sources from which the application expects to load resources.
+ * CSP provides a mechanism for web applications to mitigate content injection
+ * vulnerabilities, such as cross-site scripting (XSS). CSP is a declarative policy that
+ * allows web application authors to inform the client (user-agent) about the sources from
+ * which the application expects to load resources.
  * </p>
  *
  * <p>
- * For example, a web application can declare that it only expects to load script from specific, trusted sources.
- * This declaration allows the client to detect and block malicious scripts injected into the application by an attacker.
+ * For example, a web application can declare that it only expects to load script from
+ * specific, trusted sources. This declaration allows the client to detect and block
+ * malicious scripts injected into the application by an attacker.
  * </p>
  *
  * <p>
- * A declaration of a security policy contains a set of security policy directives (for example, script-src and object-src),
- * each responsible for declaring the restrictions for a particular resource type.
- * The list of directives defined can be found at
+ * A declaration of a security policy contains a set of security policy directives (for
+ * example, script-src and object-src), each responsible for declaring the restrictions
+ * for a particular resource type. The list of directives defined can be found at
  * <a href="https://www.w3.org/TR/CSP2/#directives">Directives</a>.
  * </p>
  *
  * <p>
- * Each directive has a name and value. For detailed syntax on writing security policies, see
- * <a href="https://www.w3.org/TR/CSP2/#syntax-and-algorithms">Syntax and Algorithms</a>.
+ * Each directive has a name and value. For detailed syntax on writing security policies,
+ * see <a href="https://www.w3.org/TR/CSP2/#syntax-and-algorithms">Syntax and
+ * Algorithms</a>.
  * </p>
  *
  * <p>
  * This implementation of {@link HeaderWriter} writes one of the following headers:
  * </p>
  * <ul>
- * 	<li>Content-Security-Policy</li>
- * 	<li>Content-Security-Policy-Report-Only</li>
+ * <li>Content-Security-Policy</li>
+ * <li>Content-Security-Policy-Report-Only</li>
  * </ul>
  *
  * <p>
- * By default, the Content-Security-Policy header is included in the response.
- * However, calling {@link #setReportOnly(boolean)} with {@code true} will include the
- * Content-Security-Policy-Report-Only header in the response.
- * <strong>NOTE:</strong> The supplied security policy directive(s) will be used for whichever header is enabled (included).
+ * By default, the Content-Security-Policy header is included in the response. However,
+ * calling {@link #setReportOnly(boolean)} with {@code true} will include the
+ * Content-Security-Policy-Report-Only header in the response. <strong>NOTE:</strong> The
+ * supplied security policy directive(s) will be used for whichever header is enabled
+ * (included).
  * </p>
  *
  * <p>
- * <strong>
- * CSP is not intended as a first line of defense against content injection vulnerabilities.
- * Instead, CSP is used to reduce the harm caused by content injection attacks.
- * As a first line of defense against content injection, web application authors should validate their input and encode their output.
- * </strong>
+ * <strong> CSP is not intended as a first line of defense against content injection
+ * vulnerabilities. Instead, CSP is used to reduce the harm caused by content injection
+ * attacks. As a first line of defense against content injection, web application authors
+ * should validate their input and encode their output. </strong>
  * </p>
  *
  * @author Joe Grandja
@@ -77,6 +81,7 @@ import javax.servlet.http.HttpServletResponse;
  * @since 4.1
  */
 public final class ContentSecurityPolicyHeaderWriter implements HeaderWriter {
+
 	private static final String CONTENT_SECURITY_POLICY_HEADER = "Content-Security-Policy";
 
 	private static final String CONTENT_SECURITY_POLICY_REPORT_ONLY_HEADER = "Content-Security-Policy-Report-Only";
@@ -97,7 +102,6 @@ public final class ContentSecurityPolicyHeaderWriter implements HeaderWriter {
 
 	/**
 	 * Creates a new instance
-	 *
 	 * @param policyDirectives maps to {@link #setPolicyDirectives(String)}
 	 * @throws IllegalArgumentException if policyDirectives is null or empty
 	 */
@@ -107,7 +111,8 @@ public final class ContentSecurityPolicyHeaderWriter implements HeaderWriter {
 	}
 
 	/**
-	 * @see org.springframework.security.web.header.HeaderWriter#writeHeaders(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
+	 * @see org.springframework.security.web.header.HeaderWriter#writeHeaders(javax.servlet.http.HttpServletRequest,
+	 * javax.servlet.http.HttpServletResponse)
 	 */
 	@Override
 	public void writeHeaders(HttpServletRequest request, HttpServletResponse response) {
@@ -119,7 +124,6 @@ public final class ContentSecurityPolicyHeaderWriter implements HeaderWriter {
 
 	/**
 	 * Sets the security policy directive(s) to be used in the response header.
-	 *
 	 * @param policyDirectives the security policy directive(s)
 	 * @throws IllegalArgumentException if policyDirectives is null or empty
 	 */
@@ -131,7 +135,6 @@ public final class ContentSecurityPolicyHeaderWriter implements HeaderWriter {
 	/**
 	 * If true, includes the Content-Security-Policy-Report-Only header in the response,
 	 * otherwise, defaults to the Content-Security-Policy header.
-
 	 * @param reportOnly set to true for reporting policy violations only
 	 */
 	public void setReportOnly(boolean reportOnly) {
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/DelegatingRequestMatcherHeaderWriter.java b/web/src/main/java/org/springframework/security/web/header/writers/DelegatingRequestMatcherHeaderWriter.java
index 66353c8e5e..2f7b4d8933 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/DelegatingRequestMatcherHeaderWriter.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/DelegatingRequestMatcherHeaderWriter.java
@@ -30,20 +30,19 @@ import org.springframework.util.Assert;
  * @since 3.2
  */
 public final class DelegatingRequestMatcherHeaderWriter implements HeaderWriter {
+
 	private final RequestMatcher requestMatcher;
 
 	private final HeaderWriter delegateHeaderWriter;
 
 	/**
 	 * Creates a new instance
-	 *
 	 * @param requestMatcher the {@link RequestMatcher} to use. If returns true, the
 	 * delegateHeaderWriter will be invoked.
 	 * @param delegateHeaderWriter the {@link HeaderWriter} to invoke if the
 	 * {@link RequestMatcher} returns true.
 	 */
-	public DelegatingRequestMatcherHeaderWriter(RequestMatcher requestMatcher,
-			HeaderWriter delegateHeaderWriter) {
+	public DelegatingRequestMatcherHeaderWriter(RequestMatcher requestMatcher, HeaderWriter delegateHeaderWriter) {
 		Assert.notNull(requestMatcher, "requestMatcher cannot be null");
 		Assert.notNull(delegateHeaderWriter, "delegateHeaderWriter cannot be null");
 		this.requestMatcher = requestMatcher;
@@ -65,7 +64,8 @@ public final class DelegatingRequestMatcherHeaderWriter implements HeaderWriter
 
 	@Override
 	public String toString() {
-		return getClass().getName() + " [requestMatcher=" + this.requestMatcher
-				+ ", delegateHeaderWriter=" + this.delegateHeaderWriter + "]";
+		return getClass().getName() + " [requestMatcher=" + this.requestMatcher + ", delegateHeaderWriter="
+				+ this.delegateHeaderWriter + "]";
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/FeaturePolicyHeaderWriter.java b/web/src/main/java/org/springframework/security/web/header/writers/FeaturePolicyHeaderWriter.java
index 0ad0c84f80..3929c3df52 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/FeaturePolicyHeaderWriter.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/FeaturePolicyHeaderWriter.java
@@ -45,7 +45,6 @@ public final class FeaturePolicyHeaderWriter implements HeaderWriter {
 	/**
 	 * Create a new instance of {@link FeaturePolicyHeaderWriter} with supplied security
 	 * policy directive(s).
-	 *
 	 * @param policyDirectives the security policy directive(s)
 	 * @throws IllegalArgumentException if policyDirectives is {@code null} or empty
 	 */
@@ -62,7 +61,6 @@ public final class FeaturePolicyHeaderWriter implements HeaderWriter {
 
 	/**
 	 * Set the security policy directive(s) to be used in the response header.
-	 *
 	 * @param policyDirectives the security policy directive(s)
 	 * @throws IllegalArgumentException if policyDirectives is {@code null} or empty
 	 */
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/HpkpHeaderWriter.java b/web/src/main/java/org/springframework/security/web/header/writers/HpkpHeaderWriter.java
index 4abe39b7b7..c003b29ddc 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/HpkpHeaderWriter.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/HpkpHeaderWriter.java
@@ -29,29 +29,34 @@ import java.util.LinkedHashMap;
 import java.util.Map;
 
 /**
- * Provides support for <a href="https://tools.ietf.org/html/rfc7469">HTTP Public Key Pinning (HPKP)</a>.
+ * Provides support for <a href="https://tools.ietf.org/html/rfc7469">HTTP Public Key
+ * Pinning (HPKP)</a>.
  *
  * <p>
  * Since <a href="https://tools.ietf.org/html/rfc7469#section-4.1">Section 4.1</a> states
- * that a value on the order of 60 days (5,184,000 seconds) may be considered a good balance,
- * we use this value as the default. This can be customized using {@link #setMaxAgeInSeconds(long)}.
+ * that a value on the order of 60 days (5,184,000 seconds) may be considered a good
+ * balance, we use this value as the default. This can be customized using
+ * {@link #setMaxAgeInSeconds(long)}.
  * </p>
  *
  * <p>
- * Because <a href="https://tools.ietf.org/html/rfc7469#appendix-B">Appendix B</a> recommends
- * that operators should first deploy public key pinning by using the report-only mode,
- * we opted to use this mode as default. This can be customized using {@link #setReportOnly(boolean)}.
+ * Because <a href="https://tools.ietf.org/html/rfc7469#appendix-B">Appendix B</a>
+ * recommends that operators should first deploy public key pinning by using the
+ * report-only mode, we opted to use this mode as default. This can be customized using
+ * {@link #setReportOnly(boolean)}.
  * </p>
  *
  * <p>
- * Since we need to validate a certificate chain, the "Public-Key-Pins" or "Public-Key-Pins-Report-Only" header
- * will only be added when {@link HttpServletRequest#isSecure()} returns {@code true}.
+ * Since we need to validate a certificate chain, the "Public-Key-Pins" or
+ * "Public-Key-Pins-Report-Only" header will only be added when
+ * {@link HttpServletRequest#isSecure()} returns {@code true}.
  * </p>
  *
  * <p>
- * To set the pins you first need to extract the public key information from your certificate or key file
- * and encode them using Base64. The following commands will help you extract the Base64 encoded information
- * from a key file, a certificate signing request, or a certificate.
+ * To set the pins you first need to extract the public key information from your
+ * certificate or key file and encode them using Base64. The following commands will help
+ * you extract the Base64 encoded information from a key file, a certificate signing
+ * request, or a certificate.
  *
  * <pre>
  * openssl rsa -in my-key-file.key -outform der -pubout | openssl dgst -sha256 -binary | openssl enc -base64
@@ -104,6 +109,7 @@ import java.util.Map;
  * @since 4.1
  */
 public final class HpkpHeaderWriter implements HeaderWriter {
+
 	private static final long DEFAULT_MAX_AGE_SECONDS = 5184000;
 
 	private static final String HPKP_HEADER_NAME = "Public-Key-Pins";
@@ -128,7 +134,6 @@ public final class HpkpHeaderWriter implements HeaderWriter {
 
 	/**
 	 * Creates a new instance
-	 *
 	 * @param maxAgeInSeconds maps to {@link #setMaxAgeInSeconds(long)}
 	 * @param includeSubDomains maps to {@link #setIncludeSubDomains(boolean)}
 	 * @param reportOnly maps to {@link #setReportOnly(boolean)}
@@ -142,7 +147,6 @@ public final class HpkpHeaderWriter implements HeaderWriter {
 
 	/**
 	 * Creates a new instance
-	 *
 	 * @param maxAgeInSeconds maps to {@link #setMaxAgeInSeconds(long)}
 	 * @param includeSubDomains maps to {@link #setIncludeSubDomains(boolean)}
 	 */
@@ -152,7 +156,6 @@ public final class HpkpHeaderWriter implements HeaderWriter {
 
 	/**
 	 * Creates a new instance
-	 *
 	 * @param maxAgeInSeconds maps to {@link #setMaxAgeInSeconds(long)}
 	 */
 	public HpkpHeaderWriter(long maxAgeInSeconds) {
@@ -179,7 +182,8 @@ public final class HpkpHeaderWriter implements HeaderWriter {
 				if (!response.containsHeader(headerName)) {
 					response.setHeader(headerName, hpkpHeaderValue);
 				}
-			} if (logger.isDebugEnabled()) {
+			}
+			if (logger.isDebugEnabled()) {
 				logger.debug("Not injecting HPKP header since there aren't any pins");
 			}
 		}
@@ -194,17 +198,17 @@ public final class HpkpHeaderWriter implements HeaderWriter {
 	 * </p>
 	 *
 	 * <p>
-	 * The pin directive specifies a way for web host operators to indicate
-	 * a cryptographic identity that should be bound to a given web host.
-	 * See <a href="https://tools.ietf.org/html/rfc7469#section-2.1.1">Section 2.1.1</a> for additional details.
+	 * The pin directive specifies a way for web host operators to indicate a
+	 * cryptographic identity that should be bound to a given web host. See
+	 * <a href="https://tools.ietf.org/html/rfc7469#section-2.1.1">Section 2.1.1</a> for
+	 * additional details.
 	 * </p>
 	 *
 	 * <p>
 	 * To get a pin of
 	 *
-	 * Public-Key-Pins:
-	 * 		pin-sha256="d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=";
-	 * 		pin-sha256="E9CZ9INDbd+2eRQozYqqbQ2yXLVKB9+xcprMF+44U1g="
+	 * Public-Key-Pins: pin-sha256="d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=";
+	 * pin-sha256="E9CZ9INDbd+2eRQozYqqbQ2yXLVKB9+xcprMF+44U1g="
 	 *
 	 * Use
 	 *
@@ -214,8 +218,8 @@ public final class HpkpHeaderWriter implements HeaderWriter {
 	 * pins.put("E9CZ9INDbd+2eRQozYqqbQ2yXLVKB9+xcprMF+44U1g=", "sha256");
 	 * </code>
 	 * </p>
-	 *
-	 * @param pins the map of base64-encoded SPKI fingerprint &amp; cryptographic hash algorithm pairs.
+	 * @param pins the map of base64-encoded SPKI fingerprint &amp; cryptographic hash
+	 * algorithm pairs.
 	 * @throws IllegalArgumentException if pins is null
 	 */
 	public void setPins(Map<String, String> pins) {
@@ -226,32 +230,34 @@ public final class HpkpHeaderWriter implements HeaderWriter {
 
 	/**
 	 * <p>
-	 * Adds a list of SHA256 hashed pins for the pin- directive of the Public-Key-Pins header.
+	 * Adds a list of SHA256 hashed pins for the pin- directive of the Public-Key-Pins
+	 * header.
 	 * </p>
 	 *
 	 * <p>
-	 * The pin directive specifies a way for web host operators to indicate
-	 * a cryptographic identity that should be bound to a given web host.
-	 * See <a href="https://tools.ietf.org/html/rfc7469#section-2.1.1">Section 2.1.1</a> for additional details.
+	 * The pin directive specifies a way for web host operators to indicate a
+	 * cryptographic identity that should be bound to a given web host. See
+	 * <a href="https://tools.ietf.org/html/rfc7469#section-2.1.1">Section 2.1.1</a> for
+	 * additional details.
 	 * </p>
 	 *
 	 * <p>
 	 * To get a pin of
 	 *
 	 * Public-Key-Pins-Report-Only:
-	 * 		pin-sha256="d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=";
-	 * 		pin-sha256="E9CZ9INDbd+2eRQozYqqbQ2yXLVKB9+xcprMF+44U1g="
+	 * pin-sha256="d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=";
+	 * pin-sha256="E9CZ9INDbd+2eRQozYqqbQ2yXLVKB9+xcprMF+44U1g="
 	 *
 	 * Use
 	 *
 	 * HpkpHeaderWriter hpkpHeaderWriter = new HpkpHeaderWriter();
-	 * hpkpHeaderWriter.addSha256Pins("d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM", "E9CZ9INDbd+2eRQozYqqbQ2yXLVKB9+xcprMF+44U1g=");
+	 * hpkpHeaderWriter.addSha256Pins("d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM",
+	 * "E9CZ9INDbd+2eRQozYqqbQ2yXLVKB9+xcprMF+44U1g=");
 	 * </p>
-	 *
 	 * @param pins a list of base64-encoded SPKI fingerprints.
 	 * @throws IllegalArgumentException if a pin is null
 	 */
-	public void addSha256Pins(String ... pins) {
+	public void addSha256Pins(String... pins) {
 		for (String pin : pins) {
 			Assert.notNull(pin, "pin cannot be null");
 			this.pins.put(pin, "sha256");
@@ -261,36 +267,37 @@ public final class HpkpHeaderWriter implements HeaderWriter {
 
 	/**
 	 * <p>
-	 * Sets the value (in seconds) for the max-age directive of the Public-Key-Pins header. The default is 60 days.
+	 * Sets the value (in seconds) for the max-age directive of the Public-Key-Pins
+	 * header. The default is 60 days.
 	 * </p>
 	 *
 	 * <p>
-	 * This instructs browsers how long they should regard the host (from whom the message was received)
-	 * as a known pinned host. See <a href="https://tools.ietf.org/html/rfc7469#section-2.1.2">Section
-	 * 2.1.2</a> for additional details.
+	 * This instructs browsers how long they should regard the host (from whom the message
+	 * was received) as a known pinned host. See
+	 * <a href="https://tools.ietf.org/html/rfc7469#section-2.1.2">Section 2.1.2</a> for
+	 * additional details.
 	 * </p>
 	 *
 	 * <p>
 	 * To get a header like
 	 *
 	 * Public-Key-Pins-Report-Only: max-age=2592000;
-	 * 		pin-sha256="d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=";
-	 * 		pin-sha256="E9CZ9INDbd+2eRQozYqqbQ2yXLVKB9+xcprMF+44U1g="
+	 * pin-sha256="d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=";
+	 * pin-sha256="E9CZ9INDbd+2eRQozYqqbQ2yXLVKB9+xcprMF+44U1g="
 	 *
 	 * Use
 	 *
 	 * HpkpHeaderWriter hpkpHeaderWriter = new HpkpHeaderWriter();
 	 * hpkpHeaderWriter.setMaxAgeInSeconds(TimeUnit.DAYS.toSeconds(30));
 	 * </p>
-	 *
 	 * @param maxAgeInSeconds the maximum amount of time (in seconds) to regard the host
-	 * as a known pinned host. (i.e. TimeUnit.DAYS.toSeconds(30) would set this to 30 days)
+	 * as a known pinned host. (i.e. TimeUnit.DAYS.toSeconds(30) would set this to 30
+	 * days)
 	 * @throws IllegalArgumentException if maxAgeInSeconds is negative
 	 */
 	public void setMaxAgeInSeconds(long maxAgeInSeconds) {
 		if (maxAgeInSeconds < 0) {
-			throw new IllegalArgumentException(
-					"maxAgeInSeconds must be non-negative. Got " + maxAgeInSeconds);
+			throw new IllegalArgumentException("maxAgeInSeconds must be non-negative. Got " + maxAgeInSeconds);
 		}
 		this.maxAgeInSeconds = maxAgeInSeconds;
 		updateHpkpHeaderValue();
@@ -311,13 +318,11 @@ public final class HpkpHeaderWriter implements HeaderWriter {
 	 * To get a header like
 	 *
 	 * Public-Key-Pins-Report-Only: max-age=5184000;
-	 * 		pin-sha256="d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=";
-	 * 		pin-sha256="E9CZ9INDbd+2eRQozYqqbQ2yXLVKB9+xcprMF+44U1g=";
-	 * 		includeSubDomains
+	 * pin-sha256="d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=";
+	 * pin-sha256="E9CZ9INDbd+2eRQozYqqbQ2yXLVKB9+xcprMF+44U1g="; includeSubDomains
 	 *
 	 * you should set this to true.
 	 * </p>
-	 *
 	 * @param includeSubDomains true to include subdomains, else false
 	 */
 	public void setIncludeSubDomains(boolean includeSubDomains) {
@@ -327,26 +332,25 @@ public final class HpkpHeaderWriter implements HeaderWriter {
 
 	/**
 	 * <p>
-	 * To get a Public-Key-Pins header you should set this to false,
-	 * otherwise the header will be Public-Key-Pins-Report-Only. When in report-only mode,
-	 * the browser should not terminate the connection with the server. By default this is true.
+	 * To get a Public-Key-Pins header you should set this to false, otherwise the header
+	 * will be Public-Key-Pins-Report-Only. When in report-only mode, the browser should
+	 * not terminate the connection with the server. By default this is true.
 	 * </p>
 	 *
 	 * <p>
-	 * See <a href="https://tools.ietf.org/html/rfc7469#section-2.1">Section 2.1</a>
-	 * for additional details.
+	 * See <a href="https://tools.ietf.org/html/rfc7469#section-2.1">Section 2.1</a> for
+	 * additional details.
 	 * </p>
 	 *
 	 * <p>
 	 * To get a header like
 	 *
 	 * Public-Key-Pins: max-age=5184000;
-	 * 		pin-sha256="d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=";
-	 * 		pin-sha256="E9CZ9INDbd+2eRQozYqqbQ2yXLVKB9+xcprMF+44U1g="
+	 * pin-sha256="d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=";
+	 * pin-sha256="E9CZ9INDbd+2eRQozYqqbQ2yXLVKB9+xcprMF+44U1g="
 	 *
 	 * you should the this to false.
 	 * </p>
-	 *
 	 * @param reportOnly true to report only, else false
 	 */
 	public void setReportOnly(boolean reportOnly) {
@@ -367,16 +371,15 @@ public final class HpkpHeaderWriter implements HeaderWriter {
 	 * To get a header like
 	 *
 	 * Public-Key-Pins-Report-Only: max-age=5184000;
-	 * 		pin-sha256="E9CZ9INDbd+2eRQozYqqbQ2yXLVKB9+xcprMF+44U1g=";
-	 * 		pin-sha256="LPJNul+wow4m6DsqxbninhsWHlwfp0JecwQzYpOLmCQ=";
-	 * 		report-uri="https://other.example.net/pkp-report"
+	 * pin-sha256="E9CZ9INDbd+2eRQozYqqbQ2yXLVKB9+xcprMF+44U1g=";
+	 * pin-sha256="LPJNul+wow4m6DsqxbninhsWHlwfp0JecwQzYpOLmCQ=";
+	 * report-uri="https://other.example.net/pkp-report"
 	 *
 	 * Use
 	 *
 	 * HpkpHeaderWriter hpkpHeaderWriter = new HpkpHeaderWriter();
 	 * hpkpHeaderWriter.setReportUri(new URI("https://other.example.net/pkp-report"));
 	 * </p>
-	 *
 	 * @param reportUri the URI where the browser should send the report to.
 	 */
 	public void setReportUri(URI reportUri) {
@@ -398,23 +401,23 @@ public final class HpkpHeaderWriter implements HeaderWriter {
 	 * To get a header like
 	 *
 	 * Public-Key-Pins-Report-Only: max-age=5184000;
-	 * 		pin-sha256="E9CZ9INDbd+2eRQozYqqbQ2yXLVKB9+xcprMF+44U1g=";
-	 * 		pin-sha256="LPJNul+wow4m6DsqxbninhsWHlwfp0JecwQzYpOLmCQ=";
-	 * 		report-uri="https://other.example.net/pkp-report"
+	 * pin-sha256="E9CZ9INDbd+2eRQozYqqbQ2yXLVKB9+xcprMF+44U1g=";
+	 * pin-sha256="LPJNul+wow4m6DsqxbninhsWHlwfp0JecwQzYpOLmCQ=";
+	 * report-uri="https://other.example.net/pkp-report"
 	 *
 	 * Use
 	 *
 	 * HpkpHeaderWriter hpkpHeaderWriter = new HpkpHeaderWriter();
 	 * hpkpHeaderWriter.setReportUri("https://other.example.net/pkp-report");
 	 * </p>
-	 *
 	 * @param reportUri the URI where the browser should send the report to.
 	 * @throws IllegalArgumentException if the reportUri is not a valid URI
 	 */
 	public void setReportUri(String reportUri) {
 		try {
 			this.reportUri = new URI(reportUri);
-		} catch (URISyntaxException e) {
+		}
+		catch (URISyntaxException e) {
 			throw new IllegalArgumentException(e);
 		}
 		updateHpkpHeaderValue();
@@ -435,8 +438,11 @@ public final class HpkpHeaderWriter implements HeaderWriter {
 	}
 
 	private static final class SecureRequestMatcher implements RequestMatcher {
+
 		public boolean matches(HttpServletRequest request) {
 			return request.isSecure();
 		}
+
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/HstsHeaderWriter.java b/web/src/main/java/org/springframework/security/web/header/writers/HstsHeaderWriter.java
index 15c06a4543..5c92074048 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/HstsHeaderWriter.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/HstsHeaderWriter.java
@@ -26,14 +26,13 @@ import org.springframework.security.web.util.matcher.RequestMatcher;
 import org.springframework.util.Assert;
 
 /**
- * Provides support for <a href="https://tools.ietf.org/html/rfc6797">HTTP Strict Transport
- * Security (HSTS)</a>.
+ * Provides support for <a href="https://tools.ietf.org/html/rfc6797">HTTP Strict
+ * Transport Security (HSTS)</a>.
  *
  * <p>
  * By default the expiration is one year, subdomains will be included and preload will not
  * be included. This can be customized using {@link #setMaxAgeInSeconds(long)},
- * {@link #setIncludeSubDomains(boolean)} and {@link #setPreload(boolean)}
- * respectively.
+ * {@link #setIncludeSubDomains(boolean)} and {@link #setPreload(boolean)} respectively.
  * </p>
  *
  * <p>
@@ -48,8 +47,8 @@ import org.springframework.util.Assert;
  * </p>
  *
  * <p>
- * See <a href="https://hstspreload.org/">Website hstspreload.org</a>
- * for additional details on HSTS preload.
+ * See <a href="https://hstspreload.org/">Website hstspreload.org</a> for additional
+ * details on HSTS preload.
  * </p>
  *
  * @author Rob Winch
@@ -57,6 +56,7 @@ import org.springframework.util.Assert;
  * @since 3.2
  */
 public final class HstsHeaderWriter implements HeaderWriter {
+
 	private static final long DEFAULT_MAX_AGE_SECONDS = 31536000;
 
 	private static final String HSTS_HEADER_NAME = "Strict-Transport-Security";
@@ -75,7 +75,6 @@ public final class HstsHeaderWriter implements HeaderWriter {
 
 	/**
 	 * Creates a new instance
-	 *
 	 * @param requestMatcher maps to {@link #setRequestMatcher(RequestMatcher)}
 	 * @param maxAgeInSeconds maps to {@link #setMaxAgeInSeconds(long)}
 	 * @param includeSubDomains maps to {@link #setIncludeSubDomains(boolean)}
@@ -83,8 +82,8 @@ public final class HstsHeaderWriter implements HeaderWriter {
 	 * @since 5.2.0
 	 * @author Ankur Pathak
 	 */
-	public HstsHeaderWriter(RequestMatcher requestMatcher, long maxAgeInSeconds,
-			boolean includeSubDomains, boolean preload) {
+	public HstsHeaderWriter(RequestMatcher requestMatcher, long maxAgeInSeconds, boolean includeSubDomains,
+			boolean preload) {
 		this.requestMatcher = requestMatcher;
 		this.maxAgeInSeconds = maxAgeInSeconds;
 		this.includeSubDomains = includeSubDomains;
@@ -94,19 +93,16 @@ public final class HstsHeaderWriter implements HeaderWriter {
 
 	/**
 	 * Creates a new instance
-	 *
 	 * @param requestMatcher maps to {@link #setRequestMatcher(RequestMatcher)}
 	 * @param maxAgeInSeconds maps to {@link #setMaxAgeInSeconds(long)}
 	 * @param includeSubDomains maps to {@link #setIncludeSubDomains(boolean)}
 	 */
-	public HstsHeaderWriter(RequestMatcher requestMatcher, long maxAgeInSeconds,
-			boolean includeSubDomains) {
+	public HstsHeaderWriter(RequestMatcher requestMatcher, long maxAgeInSeconds, boolean includeSubDomains) {
 		this(requestMatcher, maxAgeInSeconds, includeSubDomains, false);
 	}
 
 	/**
 	 * Creates a new instance
-	 *
 	 * @param maxAgeInSeconds maps to {@link #setMaxAgeInSeconds(long)}
 	 * @param includeSubDomains maps to {@link #setIncludeSubDomains(boolean)}
 	 * @param preload maps to {@link #setPreload(boolean)}
@@ -119,7 +115,6 @@ public final class HstsHeaderWriter implements HeaderWriter {
 
 	/**
 	 * Creates a new instance
-	 *
 	 * @param maxAgeInSeconds maps to {@link #setMaxAgeInSeconds(long)}
 	 * @param includeSubDomains maps to {@link #setIncludeSubDomains(boolean)}
 	 */
@@ -129,7 +124,6 @@ public final class HstsHeaderWriter implements HeaderWriter {
 
 	/**
 	 * Creates a new instance
-	 *
 	 * @param maxAgeInSeconds maps to {@link #setMaxAgeInSeconds(long)}
 	 */
 	public HstsHeaderWriter(long maxAgeInSeconds) {
@@ -138,7 +132,6 @@ public final class HstsHeaderWriter implements HeaderWriter {
 
 	/**
 	 * Creates a new instance
-	 *
 	 * @param includeSubDomains maps to {@link #setIncludeSubDomains(boolean)}
 	 */
 	public HstsHeaderWriter(boolean includeSubDomains) {
@@ -165,9 +158,8 @@ public final class HstsHeaderWriter implements HeaderWriter {
 			}
 		}
 		else if (this.logger.isDebugEnabled()) {
-			this.logger
-					.debug("Not injecting HSTS header since it did not match the requestMatcher "
-							+ this.requestMatcher);
+			this.logger.debug(
+					"Not injecting HSTS header since it did not match the requestMatcher " + this.requestMatcher);
 		}
 	}
 
@@ -176,7 +168,6 @@ public final class HstsHeaderWriter implements HeaderWriter {
 	 * "Strict-Transport-Security" should be added. If true the header is added, else the
 	 * header is not added. By default the header is added when
 	 * {@link HttpServletRequest#isSecure()} returns true.
-	 *
 	 * @param requestMatcher the {@link RequestMatcher} to use.
 	 * @throws IllegalArgumentException if {@link RequestMatcher} is null
 	 */
@@ -196,15 +187,13 @@ public final class HstsHeaderWriter implements HeaderWriter {
 	 * Host. See <a href="https://tools.ietf.org/html/rfc6797#section-6.1.1">Section
 	 * 6.1.1</a> for additional details.
 	 * </p>
-	 *
 	 * @param maxAgeInSeconds the maximum amount of time (in seconds) to consider this
 	 * domain as a known HSTS Host.
 	 * @throws IllegalArgumentException if maxAgeInSeconds is negative
 	 */
 	public void setMaxAgeInSeconds(long maxAgeInSeconds) {
 		if (maxAgeInSeconds < 0) {
-			throw new IllegalArgumentException(
-					"maxAgeInSeconds must be non-negative. Got " + maxAgeInSeconds);
+			throw new IllegalArgumentException("maxAgeInSeconds must be non-negative. Got " + maxAgeInSeconds);
 		}
 		this.maxAgeInSeconds = maxAgeInSeconds;
 		updateHstsHeaderValue();
@@ -219,14 +208,14 @@ public final class HstsHeaderWriter implements HeaderWriter {
 	 * See <a href="https://tools.ietf.org/html/rfc6797#section-6.1.2">Section 6.1.2</a>
 	 * for additional details.
 	 * </p>
-	 *
 	 * @param includeSubDomains true to include subdomains, else false
 	 */
 	public void setIncludeSubDomains(boolean includeSubDomains) {
 		this.includeSubDomains = includeSubDomains;
 		updateHstsHeaderValue();
 	}
-     /**
+
+	/**
 	 * <p>
 	 * If true, preload will be included in HSTS Header. The default is false.
 	 * </p>
@@ -235,10 +224,9 @@ public final class HstsHeaderWriter implements HeaderWriter {
 	 * See <a href="https://tools.ietf.org/html/rfc6797#section-6.1.2">Section 6.1.2</a>
 	 * for additional details.
 	 * </p>
-	 *
 	 * @param preload true to include preload, else false
-     * @since 5.2.0
-     * @author Ankur Pathak
+	 * @since 5.2.0
+	 * @author Ankur Pathak
 	 */
 	public void setPreload(boolean preload) {
 		this.preload = preload;
@@ -257,8 +245,11 @@ public final class HstsHeaderWriter implements HeaderWriter {
 	}
 
 	private static final class SecureRequestMatcher implements RequestMatcher {
+
 		public boolean matches(HttpServletRequest request) {
 			return request.isSecure();
 		}
+
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/ReferrerPolicyHeaderWriter.java b/web/src/main/java/org/springframework/security/web/header/writers/ReferrerPolicyHeaderWriter.java
index dfd16fab78..b616d865cf 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/ReferrerPolicyHeaderWriter.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/ReferrerPolicyHeaderWriter.java
@@ -27,24 +27,26 @@ import org.springframework.util.Assert;
 
 /**
  * <p>
- * Provides support for <a href="https://www.w3.org/TR/referrer-policy/">Referrer Policy</a>.
+ * Provides support for <a href="https://www.w3.org/TR/referrer-policy/">Referrer
+ * Policy</a>.
  * </p>
  *
  * <p>
  * The list of policies defined can be found at
- * <a href="https://www.w3.org/TR/referrer-policy/#referrer-policies">Referrer Policies</a>.
+ * <a href="https://www.w3.org/TR/referrer-policy/#referrer-policies">Referrer
+ * Policies</a>.
  * </p>
  *
  * <p>
  * This implementation of {@link HeaderWriter} writes the following header:
  * </p>
  * <ul>
- *  <li>Referrer-Policy</li>
+ * <li>Referrer-Policy</li>
  * </ul>
  *
  * <p>
- * By default, the Referrer-Policy header is not included in the response.
- * Policy <b>no-referrer</b> is used by default if no {@link ReferrerPolicy} is set.
+ * By default, the Referrer-Policy header is not included in the response. Policy
+ * <b>no-referrer</b> is used by default if no {@link ReferrerPolicy} is set.
  * </p>
  *
  * @author Eddú Meléndez
@@ -67,7 +69,6 @@ public class ReferrerPolicyHeaderWriter implements HeaderWriter {
 
 	/**
 	 * Creates a new instance.
-	 *
 	 * @param policy a referrer policy
 	 * @throws IllegalArgumentException if policy is null
 	 */
@@ -86,7 +87,8 @@ public class ReferrerPolicyHeaderWriter implements HeaderWriter {
 	}
 
 	/**
-	 * @see org.springframework.security.web.header.HeaderWriter#writeHeaders(HttpServletRequest, HttpServletResponse)
+	 * @see org.springframework.security.web.header.HeaderWriter#writeHeaders(HttpServletRequest,
+	 * HttpServletResponse)
 	 */
 	@Override
 	public void writeHeaders(HttpServletRequest request, HttpServletResponse response) {
@@ -97,14 +99,10 @@ public class ReferrerPolicyHeaderWriter implements HeaderWriter {
 
 	public enum ReferrerPolicy {
 
-		NO_REFERRER("no-referrer"),
-		NO_REFERRER_WHEN_DOWNGRADE("no-referrer-when-downgrade"),
-		SAME_ORIGIN("same-origin"),
-		ORIGIN("origin"),
-		STRICT_ORIGIN("strict-origin"),
-		ORIGIN_WHEN_CROSS_ORIGIN("origin-when-cross-origin"),
-		STRICT_ORIGIN_WHEN_CROSS_ORIGIN("strict-origin-when-cross-origin"),
-		UNSAFE_URL("unsafe-url");
+		NO_REFERRER("no-referrer"), NO_REFERRER_WHEN_DOWNGRADE("no-referrer-when-downgrade"), SAME_ORIGIN(
+				"same-origin"), ORIGIN("origin"), STRICT_ORIGIN("strict-origin"), ORIGIN_WHEN_CROSS_ORIGIN(
+						"origin-when-cross-origin"), STRICT_ORIGIN_WHEN_CROSS_ORIGIN(
+								"strict-origin-when-cross-origin"), UNSAFE_URL("unsafe-url");
 
 		private static final Map<String, ReferrerPolicy> REFERRER_POLICIES;
 
@@ -129,6 +127,7 @@ public class ReferrerPolicyHeaderWriter implements HeaderWriter {
 		public static ReferrerPolicy get(String referrerPolicy) {
 			return REFERRER_POLICIES.get(referrerPolicy);
 		}
+
 	}
 
 }
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/StaticHeadersWriter.java b/web/src/main/java/org/springframework/security/web/header/writers/StaticHeadersWriter.java
index 9ea9163780..5358d6e154 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/StaticHeadersWriter.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/StaticHeadersWriter.java
@@ -69,4 +69,5 @@ public class StaticHeadersWriter implements HeaderWriter {
 	public String toString() {
 		return getClass().getName() + " [headers=" + headers + "]";
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/XContentTypeOptionsHeaderWriter.java b/web/src/main/java/org/springframework/security/web/header/writers/XContentTypeOptionsHeaderWriter.java
index b296dd27f6..a5d7270e92 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/XContentTypeOptionsHeaderWriter.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/XContentTypeOptionsHeaderWriter.java
@@ -33,4 +33,5 @@ public final class XContentTypeOptionsHeaderWriter extends StaticHeadersWriter {
 	public XContentTypeOptionsHeaderWriter() {
 		super("X-Content-Type-Options", "nosniff");
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/XXssProtectionHeaderWriter.java b/web/src/main/java/org/springframework/security/web/header/writers/XXssProtectionHeaderWriter.java
index 0e955e5ad4..fe255ae402 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/XXssProtectionHeaderWriter.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/XXssProtectionHeaderWriter.java
@@ -30,6 +30,7 @@ import org.springframework.security.web.header.HeaderWriter;
  * @since 3.2
  */
 public final class XXssProtectionHeaderWriter implements HeaderWriter {
+
 	private static final String XSS_PROTECTION_HEADER = "X-XSS-Protection";
 
 	private boolean enabled;
@@ -73,7 +74,6 @@ public final class XXssProtectionHeaderWriter implements HeaderWriter {
 	 * <pre>
 	 * X-XSS-Protection: 0
 	 * </pre>
-	 *
 	 * @param enabled the new value
 	 */
 	public void setEnabled(boolean enabled) {
@@ -87,13 +87,11 @@ public final class XXssProtectionHeaderWriter implements HeaderWriter {
 	/**
 	 * If false, will not specify the mode as blocked. In this instance, any content will
 	 * be attempted to be fixed. If true, the content will be replaced with "#".
-	 *
 	 * @param block the new value
 	 */
 	public void setBlock(boolean block) {
 		if (!enabled && block) {
-			throw new IllegalArgumentException(
-					"Cannot set block to true with enabled false");
+			throw new IllegalArgumentException("Cannot set block to true with enabled false");
 		}
 		this.block = block;
 		updateHeaderValue();
@@ -114,4 +112,5 @@ public final class XXssProtectionHeaderWriter implements HeaderWriter {
 	public String toString() {
 		return getClass().getName() + " [headerValue=" + headerValue + "]";
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/AbstractRequestParameterAllowFromStrategy.java b/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/AbstractRequestParameterAllowFromStrategy.java
index c01b25843c..3d0dbf11d8 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/AbstractRequestParameterAllowFromStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/AbstractRequestParameterAllowFromStrategy.java
@@ -29,9 +29,9 @@ import javax.servlet.http.HttpServletRequest;
  *
  * @author Marten Deinum
  * @since 3.2
- * @deprecated ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use
- * Content-Security-Policy with the
- * <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors">frame-ancestors</a>
+ * @deprecated ALLOW-FROM is an obsolete directive that no longer works in modern
+ * browsers. Instead use Content-Security-Policy with the <a href=
+ * "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors">frame-ancestors</a>
  * directive.
  */
 @Deprecated
@@ -61,7 +61,6 @@ abstract class AbstractRequestParameterAllowFromStrategy implements AllowFromStr
 	 * Sets the HTTP parameter used to retrieve the value for the origin that is allowed
 	 * from. The value of the parameter should be a valid URL. The default parameter name
 	 * is "x-frames-allow-from".
-	 *
 	 * @param allowFromParameterName the name of the HTTP parameter to
 	 */
 	public void setAllowFromParameterName(String allowFromParameterName) {
@@ -72,9 +71,9 @@ abstract class AbstractRequestParameterAllowFromStrategy implements AllowFromStr
 	/**
 	 * Method to be implemented by base classes, used to determine if the supplied origin
 	 * is allowed.
-	 *
 	 * @param allowFromOrigin the supplied origin
 	 * @return <code>true</code> if the supplied origin is allowed.
 	 */
 	protected abstract boolean allowed(String allowFromOrigin);
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/AllowFromStrategy.java b/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/AllowFromStrategy.java
index 7a61e46423..dd7d6c1afd 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/AllowFromStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/AllowFromStrategy.java
@@ -23,9 +23,9 @@ import javax.servlet.http.HttpServletRequest;
  *
  * @author Marten Deinum
  * @since 3.2
- * @deprecated ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use
- * Content-Security-Policy with the
- * <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors">frame-ancestors</a>
+ * @deprecated ALLOW-FROM is an obsolete directive that no longer works in modern
+ * browsers. Instead use Content-Security-Policy with the <a href=
+ * "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors">frame-ancestors</a>
  * directive.
  */
 @Deprecated
@@ -34,10 +34,10 @@ public interface AllowFromStrategy {
 	/**
 	 * Gets the value for ALLOW-FROM excluding the ALLOW-FROM. For example, the result
 	 * might be "https://example.com/".
-	 *
 	 * @param request the {@link HttpServletRequest}
 	 * @return the value for ALLOW-FROM or null if no header should be added for this
 	 * request.
 	 */
 	String getAllowFromValue(HttpServletRequest request);
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/RegExpAllowFromStrategy.java b/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/RegExpAllowFromStrategy.java
index b23d19375b..c013af3596 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/RegExpAllowFromStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/RegExpAllowFromStrategy.java
@@ -26,20 +26,18 @@ import java.util.regex.Pattern;
  *
  * @author Marten Deinum
  * @since 3.2
- * @deprecated ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use
- * Content-Security-Policy with the
- * <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors">frame-ancestors</a>
+ * @deprecated ALLOW-FROM is an obsolete directive that no longer works in modern
+ * browsers. Instead use Content-Security-Policy with the <a href=
+ * "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors">frame-ancestors</a>
  * directive.
  */
 @Deprecated
-public final class RegExpAllowFromStrategy extends
-		AbstractRequestParameterAllowFromStrategy {
+public final class RegExpAllowFromStrategy extends AbstractRequestParameterAllowFromStrategy {
 
 	private final Pattern pattern;
 
 	/**
 	 * Creates a new instance
-	 *
 	 * @param pattern the Pattern to compare against the HTTP parameter value. If the
 	 * pattern matches, the domain will be allowed, else denied.
 	 */
@@ -52,4 +50,5 @@ public final class RegExpAllowFromStrategy extends
 	protected boolean allowed(String allowFromOrigin) {
 		return pattern.matcher(allowFromOrigin).matches();
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/StaticAllowFromStrategy.java b/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/StaticAllowFromStrategy.java
index 13e170c777..415072434f 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/StaticAllowFromStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/StaticAllowFromStrategy.java
@@ -21,9 +21,9 @@ import java.net.URI;
 /**
  * Simple implementation of the {@code AllowFromStrategy}
  *
- * @deprecated ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use
- * Content-Security-Policy with the
- * <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors">frame-ancestors</a>
+ * @deprecated ALLOW-FROM is an obsolete directive that no longer works in modern
+ * browsers. Instead use Content-Security-Policy with the <a href=
+ * "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors">frame-ancestors</a>
  * directive.
  */
 @Deprecated
@@ -38,4 +38,5 @@ public final class StaticAllowFromStrategy implements AllowFromStrategy {
 	public String getAllowFromValue(HttpServletRequest request) {
 		return uri.toString();
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/WhiteListedAllowFromStrategy.java b/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/WhiteListedAllowFromStrategy.java
index 164583902c..bc96798f3b 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/WhiteListedAllowFromStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/WhiteListedAllowFromStrategy.java
@@ -24,14 +24,13 @@ import org.springframework.util.Assert;
  *
  * @author Marten Deinum
  * @since 3.2
- * @deprecated ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use
- * Content-Security-Policy with the
- * <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors">frame-ancestors</a>
+ * @deprecated ALLOW-FROM is an obsolete directive that no longer works in modern
+ * browsers. Instead use Content-Security-Policy with the <a href=
+ * "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors">frame-ancestors</a>
  * directive.
  */
 @Deprecated
-public final class WhiteListedAllowFromStrategy extends
-		AbstractRequestParameterAllowFromStrategy {
+public final class WhiteListedAllowFromStrategy extends AbstractRequestParameterAllowFromStrategy {
 
 	private final Collection<String> allowed;
 
@@ -48,4 +47,5 @@ public final class WhiteListedAllowFromStrategy extends
 	protected boolean allowed(String allowFromOrigin) {
 		return allowed.contains(allowFromOrigin);
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/XFrameOptionsHeaderWriter.java b/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/XFrameOptionsHeaderWriter.java
index 8562681350..f1aa040f46 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/XFrameOptionsHeaderWriter.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/XFrameOptionsHeaderWriter.java
@@ -29,7 +29,6 @@ import javax.servlet.http.HttpServletResponse;
  * @author Rob Winch
  * @author Ankur Pathak
  * @since 3.2
- *
  * @see AllowFromStrategy
  */
 public final class XFrameOptionsHeaderWriter implements HeaderWriter {
@@ -37,6 +36,7 @@ public final class XFrameOptionsHeaderWriter implements HeaderWriter {
 	public static final String XFRAME_OPTIONS_HEADER = "X-Frame-Options";
 
 	private final AllowFromStrategy allowFromStrategy;
+
 	private final XFrameOptionsMode frameOptionsMode;
 
 	/**
@@ -48,7 +48,6 @@ public final class XFrameOptionsHeaderWriter implements HeaderWriter {
 
 	/**
 	 * Creates a new instance
-	 *
 	 * @param frameOptionsMode the {@link XFrameOptionsMode} to use. If using
 	 * {@link XFrameOptionsMode#ALLOW_FROM}, use
 	 * {@link #XFrameOptionsHeaderWriter(AllowFromStrategy)} instead.
@@ -65,13 +64,11 @@ public final class XFrameOptionsHeaderWriter implements HeaderWriter {
 
 	/**
 	 * Creates a new instance with {@link XFrameOptionsMode#ALLOW_FROM}.
-	 *
 	 * @param allowFromStrategy the strategy for determining what the value for ALLOW_FROM
 	 * is.
-	 *
-	 * @deprecated ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use
-	 * Content-Security-Policy with the
-	 * <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors">frame-ancestors</a>
+	 * @deprecated ALLOW-FROM is an obsolete directive that no longer works in modern
+	 * browsers. Instead use Content-Security-Policy with the <a href=
+	 * "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors">frame-ancestors</a>
 	 * directive.
 	 */
 	@Deprecated
@@ -83,7 +80,6 @@ public final class XFrameOptionsHeaderWriter implements HeaderWriter {
 
 	/**
 	 * Writes the X-Frame-Options header value, overwritting any previous value.
-	 *
 	 * @param request the servlet request
 	 * @param response the servlet response
 	 */
@@ -94,7 +90,8 @@ public final class XFrameOptionsHeaderWriter implements HeaderWriter {
 				if (!response.containsHeader(XFRAME_OPTIONS_HEADER)) {
 					response.setHeader(XFRAME_OPTIONS_HEADER, XFrameOptionsMode.DENY.getMode());
 				}
-			} else if (allowFromValue != null) {
+			}
+			else if (allowFromValue != null) {
 				if (!response.containsHeader(XFRAME_OPTIONS_HEADER)) {
 					response.setHeader(XFRAME_OPTIONS_HEADER,
 							XFrameOptionsMode.ALLOW_FROM.getMode() + " " + allowFromValue);
@@ -113,11 +110,12 @@ public final class XFrameOptionsHeaderWriter implements HeaderWriter {
 	 * @since 3.2
 	 */
 	public enum XFrameOptionsMode {
+
 		DENY("DENY"), SAMEORIGIN("SAMEORIGIN"),
 		/**
-		 * @deprecated ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use
-		 * Content-Security-Policy with the
-		 * <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors">frame-ancestors</a>
+		 * @deprecated ALLOW-FROM is an obsolete directive that no longer works in modern
+		 * browsers. Instead use Content-Security-Policy with the <a href=
+		 * "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors">frame-ancestors</a>
 		 * directive.
 		 */
 		@Deprecated
@@ -132,11 +130,12 @@ public final class XFrameOptionsHeaderWriter implements HeaderWriter {
 		/**
 		 * Gets the mode for the X-Frame-Options header value. For example, DENY,
 		 * SAMEORIGIN, ALLOW-FROM. Cannot be null.
-		 *
 		 * @return the mode for the X-Frame-Options header value.
 		 */
 		private String getMode() {
 			return mode;
 		}
+
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/http/SecurityHeaders.java b/web/src/main/java/org/springframework/security/web/http/SecurityHeaders.java
index c8add6646f..309dafa450 100644
--- a/web/src/main/java/org/springframework/security/web/http/SecurityHeaders.java
+++ b/web/src/main/java/org/springframework/security/web/http/SecurityHeaders.java
@@ -30,7 +30,8 @@ import java.util.function.Consumer;
 public final class SecurityHeaders {
 
 	/**
-	 * Sets the provided value as a Bearer token in a header with the name of {@link HttpHeaders#AUTHORIZATION}
+	 * Sets the provided value as a Bearer token in a header with the name of
+	 * {@link HttpHeaders#AUTHORIZATION}
 	 * @param bearerTokenValue the bear token value
 	 * @return a {@link Consumer} that sets the header.
 	 */
@@ -39,5 +40,7 @@ public final class SecurityHeaders {
 		return headers -> headers.set(HttpHeaders.AUTHORIZATION, "Bearer " + bearerTokenValue);
 	}
 
-	private SecurityHeaders() {}
+	private SecurityHeaders() {
+	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/jaasapi/JaasApiIntegrationFilter.java b/web/src/main/java/org/springframework/security/web/jaasapi/JaasApiIntegrationFilter.java
index b3c799b75d..ac4552870b 100644
--- a/web/src/main/java/org/springframework/security/web/jaasapi/JaasApiIntegrationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/jaasapi/JaasApiIntegrationFilter.java
@@ -48,6 +48,7 @@ import org.springframework.web.filter.GenericFilterBean;
  * @see #obtainSubject(ServletRequest)
  */
 public class JaasApiIntegrationFilter extends GenericFilterBean {
+
 	// ~ Instance fields
 	// ================================================================================================
 
@@ -73,14 +74,14 @@ public class JaasApiIntegrationFilter extends GenericFilterBean {
 	 * <code>Subject</code> obtained.
 	 * </p>
 	 */
-	public final void doFilter(final ServletRequest request,
-			final ServletResponse response, final FilterChain chain)
+	public final void doFilter(final ServletRequest request, final ServletResponse response, final FilterChain chain)
 			throws ServletException, IOException {
 
 		Subject subject = obtainSubject(request);
 		if (subject == null && createEmptySubject) {
 			if (logger.isDebugEnabled()) {
-				logger.debug("Subject returned was null and createEmtpySubject is true; creating new empty subject to run as.");
+				logger.debug(
+						"Subject returned was null and createEmtpySubject is true; creating new empty subject to run as.");
 			}
 			subject = new Subject();
 		}
@@ -118,17 +119,14 @@ public class JaasApiIntegrationFilter extends GenericFilterBean {
 	 * <code>JaasAuthenticationToken</code> and is authenticated, the <code>Subject</code>
 	 * is returned from it. Otherwise, <code>null</code> is returned.
 	 * </p>
-	 *
 	 * @param request the current <code>ServletRequest</code>
 	 * @return the Subject to run as or <code>null</code> if no <code>Subject</code> is
 	 * available.
 	 */
 	protected Subject obtainSubject(ServletRequest request) {
-		Authentication authentication = SecurityContextHolder.getContext()
-				.getAuthentication();
+		Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
 		if (logger.isDebugEnabled()) {
-			logger.debug("Attempting to obtainSubject using authentication : "
-					+ authentication);
+			logger.debug("Attempting to obtainSubject using authentication : " + authentication);
 		}
 		if (authentication == null) {
 			return null;
@@ -152,10 +150,10 @@ public class JaasApiIntegrationFilter extends GenericFilterBean {
 	 * {@link #obtainSubject(ServletRequest)} returns <code>null</code>, an empty,
 	 * writeable <code>Subject</code> is created instead. Otherwise no
 	 * <code>Subject</code> is used. The default is <code>false</code>.
-	 *
 	 * @param createEmptySubject the new value
 	 */
 	public final void setCreateEmptySubject(boolean createEmptySubject) {
 		this.createEmptySubject = createEmptySubject;
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/jaasapi/package-info.java b/web/src/main/java/org/springframework/security/web/jaasapi/package-info.java
index c27e11d0c2..18ecee9551 100644
--- a/web/src/main/java/org/springframework/security/web/jaasapi/package-info.java
+++ b/web/src/main/java/org/springframework/security/web/jaasapi/package-info.java
@@ -16,6 +16,7 @@
 /**
  * Makes a JAAS Subject available as the current Subject.
  * <p>
- * To use, simply add the {@code JaasApiIntegrationFilter} to the Spring Security filter chain.
+ * To use, simply add the {@code JaasApiIntegrationFilter} to the Spring Security filter
+ * chain.
  */
 package org.springframework.security.web.jaasapi;
\ No newline at end of file
diff --git a/web/src/main/java/org/springframework/security/web/jackson2/CookieDeserializer.java b/web/src/main/java/org/springframework/security/web/jackson2/CookieDeserializer.java
index be3bd2c599..9e020cb5a8 100644
--- a/web/src/main/java/org/springframework/security/web/jackson2/CookieDeserializer.java
+++ b/web/src/main/java/org/springframework/security/web/jackson2/CookieDeserializer.java
@@ -30,9 +30,9 @@ import java.io.IOException;
 
 /**
  * Jackson deserializer for {@link Cookie}. This is needed because in most cases we don't
- * set {@link Cookie#getDomain()} property. So when jackson deserialize that json {@link Cookie#setDomain(String)}
- * throws {@link NullPointerException}. This is registered with {@link CookieMixin} but you can also use it with
- * your own mixin.
+ * set {@link Cookie#getDomain()} property. So when jackson deserialize that json
+ * {@link Cookie#setDomain(String)} throws {@link NullPointerException}. This is
+ * registered with {@link CookieMixin} but you can also use it with your own mixin.
  *
  * @author Jitendra Singh
  * @see CookieMixin
@@ -56,6 +56,8 @@ class CookieDeserializer extends JsonDeserializer<Cookie> {
 	}
 
 	private JsonNode readJsonNode(JsonNode jsonNode, String field) {
-		return jsonNode.has(field) && !(jsonNode.get(field) instanceof NullNode) ? jsonNode.get(field) : MissingNode.getInstance();
+		return jsonNode.has(field) && !(jsonNode.get(field) instanceof NullNode) ? jsonNode.get(field)
+				: MissingNode.getInstance();
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/jackson2/CookieMixin.java b/web/src/main/java/org/springframework/security/web/jackson2/CookieMixin.java
index d4c2027eed..4fd1fd4a82 100644
--- a/web/src/main/java/org/springframework/security/web/jackson2/CookieMixin.java
+++ b/web/src/main/java/org/springframework/security/web/jackson2/CookieMixin.java
@@ -37,4 +37,5 @@ import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
 @JsonDeserialize(using = CookieDeserializer.class)
 @JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, isGetterVisibility = JsonAutoDetect.Visibility.NONE)
 abstract class CookieMixin {
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/jackson2/DefaultCsrfTokenMixin.java b/web/src/main/java/org/springframework/security/web/jackson2/DefaultCsrfTokenMixin.java
index d8cbdc5077..fb5d23f33c 100644
--- a/web/src/main/java/org/springframework/security/web/jackson2/DefaultCsrfTokenMixin.java
+++ b/web/src/main/java/org/springframework/security/web/jackson2/DefaultCsrfTokenMixin.java
@@ -22,8 +22,8 @@ import com.fasterxml.jackson.annotation.JsonProperty;
 import com.fasterxml.jackson.annotation.JsonTypeInfo;
 
 /**
- * Jackson mixin class to serialize/deserialize {@link org.springframework.security.web.csrf.DefaultCsrfToken}
- * serialization support.
+ * Jackson mixin class to serialize/deserialize
+ * {@link org.springframework.security.web.csrf.DefaultCsrfToken} serialization support.
  *
  * <pre>
  * 		ObjectMapper mapper = new ObjectMapper();
@@ -40,15 +40,15 @@ import com.fasterxml.jackson.annotation.JsonTypeInfo;
 class DefaultCsrfTokenMixin {
 
 	/**
-	 * JsonCreator constructor needed by Jackson to create {@link org.springframework.security.web.csrf.DefaultCsrfToken}
-	 * object.
-	 *
+	 * JsonCreator constructor needed by Jackson to create
+	 * {@link org.springframework.security.web.csrf.DefaultCsrfToken} object.
 	 * @param headerName the name of the header
 	 * @param parameterName the parameter name
 	 * @param token the CSRF token value
 	 */
 	@JsonCreator
 	DefaultCsrfTokenMixin(@JsonProperty("headerName") String headerName,
-								@JsonProperty("parameterName") String parameterName, @JsonProperty("token") String token) {
+			@JsonProperty("parameterName") String parameterName, @JsonProperty("token") String token) {
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/jackson2/DefaultSavedRequestMixin.java b/web/src/main/java/org/springframework/security/web/jackson2/DefaultSavedRequestMixin.java
index 1418f9a1b0..5097385da1 100644
--- a/web/src/main/java/org/springframework/security/web/jackson2/DefaultSavedRequestMixin.java
+++ b/web/src/main/java/org/springframework/security/web/jackson2/DefaultSavedRequestMixin.java
@@ -22,9 +22,9 @@ import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
 import org.springframework.security.web.savedrequest.DefaultSavedRequest;
 
 /**
- * Jackson mixin class to serialize/deserialize {@link DefaultSavedRequest}. This mixin use
- * {@link org.springframework.security.web.savedrequest.DefaultSavedRequest.Builder} to
- * deserialized json.In order to use this mixin class you also need to register
+ * Jackson mixin class to serialize/deserialize {@link DefaultSavedRequest}. This mixin
+ * use {@link org.springframework.security.web.savedrequest.DefaultSavedRequest.Builder}
+ * to deserialized json.In order to use this mixin class you also need to register
  * {@link CookieMixin}.
  * <p>
  * <pre>
@@ -41,4 +41,5 @@ import org.springframework.security.web.savedrequest.DefaultSavedRequest;
 @JsonDeserialize(builder = DefaultSavedRequest.Builder.class)
 @JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE)
 abstract class DefaultSavedRequestMixin {
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/jackson2/PreAuthenticatedAuthenticationTokenDeserializer.java b/web/src/main/java/org/springframework/security/web/jackson2/PreAuthenticatedAuthenticationTokenDeserializer.java
index 349fd47ef6..37d796b488 100644
--- a/web/src/main/java/org/springframework/security/web/jackson2/PreAuthenticatedAuthenticationTokenDeserializer.java
+++ b/web/src/main/java/org/springframework/security/web/jackson2/PreAuthenticatedAuthenticationTokenDeserializer.java
@@ -32,12 +32,13 @@ import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.databind.node.MissingNode;
 
 /**
- * Custom deserializer for {@link PreAuthenticatedAuthenticationToken}. At the time of deserialization
- * it will invoke suitable constructor depending on the value of <b>authenticated</b> property.
- * It will ensure that the token's state must not change.
+ * Custom deserializer for {@link PreAuthenticatedAuthenticationToken}. At the time of
+ * deserialization it will invoke suitable constructor depending on the value of
+ * <b>authenticated</b> property. It will ensure that the token's state must not change.
  * <p>
- * This deserializer is already registered with {@link PreAuthenticatedAuthenticationTokenMixin} but
- * you can also registered it with your own mixin class.
+ * This deserializer is already registered with
+ * {@link PreAuthenticatedAuthenticationTokenMixin} but you can also registered it with
+ * your own mixin class.
  *
  * @author Jitendra Singh
  * @see PreAuthenticatedAuthenticationTokenMixin
@@ -46,7 +47,8 @@ import com.fasterxml.jackson.databind.node.MissingNode;
 class PreAuthenticatedAuthenticationTokenDeserializer extends JsonDeserializer<PreAuthenticatedAuthenticationToken> {
 
 	/**
-	 * This method construct {@link PreAuthenticatedAuthenticationToken} object from serialized json.
+	 * This method construct {@link PreAuthenticatedAuthenticationToken} object from
+	 * serialized json.
 	 * @param jp the JsonParser
 	 * @param ctxt the DeserializationContext
 	 * @return the user
@@ -54,7 +56,8 @@ class PreAuthenticatedAuthenticationTokenDeserializer extends JsonDeserializer<P
 	 * @throws JsonProcessingException if an error during JSON processing occurs
 	 */
 	@Override
-	public PreAuthenticatedAuthenticationToken deserialize(JsonParser jp, DeserializationContext ctxt) throws IOException, JsonProcessingException {
+	public PreAuthenticatedAuthenticationToken deserialize(JsonParser jp, DeserializationContext ctxt)
+			throws IOException, JsonProcessingException {
 		PreAuthenticatedAuthenticationToken token = null;
 		ObjectMapper mapper = (ObjectMapper) jp.getCodec();
 		JsonNode jsonNode = mapper.readTree(jp);
@@ -63,16 +66,18 @@ class PreAuthenticatedAuthenticationTokenDeserializer extends JsonDeserializer<P
 		Object principal = null;
 		if (principalNode.isObject()) {
 			principal = mapper.readValue(principalNode.traverse(mapper), Object.class);
-		} else {
+		}
+		else {
 			principal = principalNode.asText();
 		}
 		Object credentials = readJsonNode(jsonNode, "credentials").asText();
-		List<GrantedAuthority> authorities = mapper.readValue(
-				readJsonNode(jsonNode, "authorities").traverse(mapper), new TypeReference<List<GrantedAuthority>>() {
-		});
+		List<GrantedAuthority> authorities = mapper.readValue(readJsonNode(jsonNode, "authorities").traverse(mapper),
+				new TypeReference<List<GrantedAuthority>>() {
+				});
 		if (authenticated) {
 			token = new PreAuthenticatedAuthenticationToken(principal, credentials, authorities);
-		} else {
+		}
+		else {
 			token = new PreAuthenticatedAuthenticationToken(principal, credentials);
 		}
 		token.setDetails(readJsonNode(jsonNode, "details"));
@@ -82,4 +87,5 @@ class PreAuthenticatedAuthenticationTokenDeserializer extends JsonDeserializer<P
 	private JsonNode readJsonNode(JsonNode jsonNode, String field) {
 		return jsonNode.has(field) ? jsonNode.get(field) : MissingNode.getInstance();
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/jackson2/PreAuthenticatedAuthenticationTokenMixin.java b/web/src/main/java/org/springframework/security/web/jackson2/PreAuthenticatedAuthenticationTokenMixin.java
index 65fd169ae2..b75eae055b 100644
--- a/web/src/main/java/org/springframework/security/web/jackson2/PreAuthenticatedAuthenticationTokenMixin.java
+++ b/web/src/main/java/org/springframework/security/web/jackson2/PreAuthenticatedAuthenticationTokenMixin.java
@@ -25,20 +25,22 @@ import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
 
 /**
  * This mixin class is used to serialize / deserialize
- * {@link org.springframework.security.authentication.UsernamePasswordAuthenticationToken}. This class register
- * a custom deserializer {@link PreAuthenticatedAuthenticationTokenDeserializer}.
+ * {@link org.springframework.security.authentication.UsernamePasswordAuthenticationToken}.
+ * This class register a custom deserializer
+ * {@link PreAuthenticatedAuthenticationTokenDeserializer}.
  *
  * In order to use this mixin you'll need to add 3 more mixin classes.
  * <ol>
- *     <li>{@link UnmodifiableSetMixin}</li>
- *     <li>{@link SimpleGrantedAuthorityMixin}</li>
- *     <li>{@link UserMixin}</li>
+ * <li>{@link UnmodifiableSetMixin}</li>
+ * <li>{@link SimpleGrantedAuthorityMixin}</li>
+ * <li>{@link UserMixin}</li>
  * </ol>
  *
  * <pre>
  *     ObjectMapper mapper = new ObjectMapper();
  *     mapper.registerModule(new CoreJackson2Module());
  * </pre>
+ *
  * @author Jitendra Singh
  * @see Webackson2Module
  * @see SecurityJackson2Modules
@@ -49,4 +51,5 @@ import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
 		isGetterVisibility = JsonAutoDetect.Visibility.NONE)
 @JsonDeserialize(using = PreAuthenticatedAuthenticationTokenDeserializer.class)
 abstract class PreAuthenticatedAuthenticationTokenMixin {
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/jackson2/SavedCookieMixin.java b/web/src/main/java/org/springframework/security/web/jackson2/SavedCookieMixin.java
index 3083e0278f..1ad3e10e8e 100644
--- a/web/src/main/java/org/springframework/security/web/jackson2/SavedCookieMixin.java
+++ b/web/src/main/java/org/springframework/security/web/jackson2/SavedCookieMixin.java
@@ -19,8 +19,9 @@ package org.springframework.security.web.jackson2;
 import com.fasterxml.jackson.annotation.*;
 
 /**
- * Jackson mixin class to serialize/deserialize {@link org.springframework.security.web.savedrequest.SavedCookie}
- * serialization support.
+ * Jackson mixin class to serialize/deserialize
+ * {@link org.springframework.security.web.savedrequest.SavedCookie} serialization
+ * support.
  *
  * <pre>
  * 		ObjectMapper mapper = new ObjectMapper();
@@ -33,16 +34,16 @@ import com.fasterxml.jackson.annotation.*;
  * @since 4.2
  */
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY)
-@JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY,
-		getterVisibility = JsonAutoDetect.Visibility.NONE)
+@JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE)
 @JsonIgnoreProperties(ignoreUnknown = true)
 abstract class SavedCookieMixin {
 
 	@JsonCreator
 	SavedCookieMixin(@JsonProperty("name") String name, @JsonProperty("value") String value,
-							@JsonProperty("comment") String comment, @JsonProperty("domain") String domain,
-							@JsonProperty("maxAge") int maxAge, @JsonProperty("path") String path,
-							@JsonProperty("secure") boolean secure, @JsonProperty("version") int version) {
+			@JsonProperty("comment") String comment, @JsonProperty("domain") String domain,
+			@JsonProperty("maxAge") int maxAge, @JsonProperty("path") String path,
+			@JsonProperty("secure") boolean secure, @JsonProperty("version") int version) {
 
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/jackson2/WebAuthenticationDetailsMixin.java b/web/src/main/java/org/springframework/security/web/jackson2/WebAuthenticationDetailsMixin.java
index 74cde884bc..967c8ed306 100644
--- a/web/src/main/java/org/springframework/security/web/jackson2/WebAuthenticationDetailsMixin.java
+++ b/web/src/main/java/org/springframework/security/web/jackson2/WebAuthenticationDetailsMixin.java
@@ -19,7 +19,8 @@ package org.springframework.security.web.jackson2;
 import com.fasterxml.jackson.annotation.*;
 
 /**
- * Jackson mixin class to serialize/deserialize {@link org.springframework.security.web.authentication.WebAuthenticationDetails}.
+ * Jackson mixin class to serialize/deserialize
+ * {@link org.springframework.security.web.authentication.WebAuthenticationDetails}.
  *
  * <pre>
  * 	ObjectMapper mapper = new ObjectMapper();
@@ -39,6 +40,7 @@ class WebAuthenticationDetailsMixin {
 
 	@JsonCreator
 	WebAuthenticationDetailsMixin(@JsonProperty("remoteAddress") String remoteAddress,
-									@JsonProperty("sessionId") String sessionId) {
+			@JsonProperty("sessionId") String sessionId) {
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/jackson2/WebJackson2Module.java b/web/src/main/java/org/springframework/security/web/jackson2/WebJackson2Module.java
index 2be6c1ddb8..8a19a7d584 100644
--- a/web/src/main/java/org/springframework/security/web/jackson2/WebJackson2Module.java
+++ b/web/src/main/java/org/springframework/security/web/jackson2/WebJackson2Module.java
@@ -24,16 +24,17 @@ import com.fasterxml.jackson.core.Version;
 import com.fasterxml.jackson.databind.module.SimpleModule;
 
 /**
- * Jackson module for spring-security-web. This module register {@link DefaultCsrfTokenMixin} and
- * {@link PreAuthenticatedAuthenticationTokenMixin}. If no default typing enabled by default then it'll enable
- * it because typing info is needed to properly serialize/deserialize objects.
- * In order to use this module just add this module into your ObjectMapper configuration.
+ * Jackson module for spring-security-web. This module register
+ * {@link DefaultCsrfTokenMixin} and {@link PreAuthenticatedAuthenticationTokenMixin}. If
+ * no default typing enabled by default then it'll enable it because typing info is needed
+ * to properly serialize/deserialize objects. In order to use this module just add this
+ * module into your ObjectMapper configuration.
  *
  * <pre>
  *     ObjectMapper mapper = new ObjectMapper();
  *     mapper.registerModule(new WebJackson2Module());
- * </pre>
- * <b>Note: use {@link SecurityJackson2Modules#getModules(ClassLoader)} to get list of all security modules.</b>
+ * </pre> <b>Note: use {@link SecurityJackson2Modules#getModules(ClassLoader)} to get list
+ * of all security modules.</b>
  *
  * @author Jitendra Singh
  * @see SecurityJackson2Modules
@@ -49,6 +50,8 @@ public class WebJackson2Module extends SimpleModule {
 	public void setupModule(SetupContext context) {
 		SecurityJackson2Modules.enableDefaultTyping(context.getOwner());
 		context.setMixInAnnotations(DefaultCsrfToken.class, DefaultCsrfTokenMixin.class);
-		context.setMixInAnnotations(PreAuthenticatedAuthenticationToken.class, PreAuthenticatedAuthenticationTokenMixin.class);
+		context.setMixInAnnotations(PreAuthenticatedAuthenticationToken.class,
+				PreAuthenticatedAuthenticationTokenMixin.class);
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/jackson2/WebServletJackson2Module.java b/web/src/main/java/org/springframework/security/web/jackson2/WebServletJackson2Module.java
index 1d38255e3c..8e71d6c007 100644
--- a/web/src/main/java/org/springframework/security/web/jackson2/WebServletJackson2Module.java
+++ b/web/src/main/java/org/springframework/security/web/jackson2/WebServletJackson2Module.java
@@ -27,16 +27,18 @@ import com.fasterxml.jackson.core.Version;
 import com.fasterxml.jackson.databind.module.SimpleModule;
 
 /**
- * Jackson module for spring-security-web related to servlet. This module register {@link CookieMixin},
- * {@link SavedCookieMixin}, {@link DefaultSavedRequestMixin} and {@link WebAuthenticationDetailsMixin}. If no
- * default typing enabled by default then it'll enable it because typing info is needed to properly serialize/deserialize objects.
- * In order to use this module just add this module into your ObjectMapper configuration.
+ * Jackson module for spring-security-web related to servlet. This module register
+ * {@link CookieMixin}, {@link SavedCookieMixin}, {@link DefaultSavedRequestMixin} and
+ * {@link WebAuthenticationDetailsMixin}. If no default typing enabled by default then
+ * it'll enable it because typing info is needed to properly serialize/deserialize
+ * objects. In order to use this module just add this module into your ObjectMapper
+ * configuration.
  *
  * <pre>
  *     ObjectMapper mapper = new ObjectMapper();
  *     mapper.registerModule(new WebServletJackson2Module());
- * </pre>
- * <b>Note: use {@link SecurityJackson2Modules#getModules(ClassLoader)} to get list of all security modules.</b>
+ * </pre> <b>Note: use {@link SecurityJackson2Modules#getModules(ClassLoader)} to get list
+ * of all security modules.</b>
  *
  * @author Boris Finkelshteyn
  * @see SecurityJackson2Modules
@@ -56,4 +58,5 @@ public class WebServletJackson2Module extends SimpleModule {
 		context.setMixInAnnotations(DefaultSavedRequest.class, DefaultSavedRequestMixin.class);
 		context.setMixInAnnotations(WebAuthenticationDetails.class, WebAuthenticationDetailsMixin.class);
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/method/annotation/AuthenticationPrincipalArgumentResolver.java b/web/src/main/java/org/springframework/security/web/method/annotation/AuthenticationPrincipalArgumentResolver.java
index 60ec3c1168..9453af199c 100644
--- a/web/src/main/java/org/springframework/security/web/method/annotation/AuthenticationPrincipalArgumentResolver.java
+++ b/web/src/main/java/org/springframework/security/web/method/annotation/AuthenticationPrincipalArgumentResolver.java
@@ -84,8 +84,7 @@ import org.springframework.web.method.support.ModelAndViewContainer;
  * @author Rob Winch
  * @since 4.0
  */
-public final class AuthenticationPrincipalArgumentResolver
-		implements HandlerMethodArgumentResolver {
+public final class AuthenticationPrincipalArgumentResolver implements HandlerMethodArgumentResolver {
 
 	private ExpressionParser parser = new SpelExpressionParser();
 
@@ -110,18 +109,15 @@ public final class AuthenticationPrincipalArgumentResolver
 	 * org.springframework.web.context.request.NativeWebRequest,
 	 * org.springframework.web.bind.support.WebDataBinderFactory)
 	 */
-	public Object resolveArgument(MethodParameter parameter,
-			ModelAndViewContainer mavContainer, NativeWebRequest webRequest,
-			WebDataBinderFactory binderFactory) {
-		Authentication authentication = SecurityContextHolder.getContext()
-				.getAuthentication();
+	public Object resolveArgument(MethodParameter parameter, ModelAndViewContainer mavContainer,
+			NativeWebRequest webRequest, WebDataBinderFactory binderFactory) {
+		Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
 		if (authentication == null) {
 			return null;
 		}
 		Object principal = authentication.getPrincipal();
 
-		AuthenticationPrincipal authPrincipal = findMethodAnnotation(
-				AuthenticationPrincipal.class, parameter);
+		AuthenticationPrincipal authPrincipal = findMethodAnnotation(AuthenticationPrincipal.class, parameter);
 
 		String expressionToParse = authPrincipal.expression();
 		if (StringUtils.hasLength(expressionToParse)) {
@@ -134,12 +130,10 @@ public final class AuthenticationPrincipalArgumentResolver
 			principal = expression.getValue(context);
 		}
 
-		if (principal != null
-				&& !parameter.getParameterType().isAssignableFrom(principal.getClass())) {
+		if (principal != null && !parameter.getParameterType().isAssignableFrom(principal.getClass())) {
 
 			if (authPrincipal.errorOnInvalidType()) {
-				throw new ClassCastException(principal + " is not assignable to "
-						+ parameter.getParameterType());
+				throw new ClassCastException(principal + " is not assignable to " + parameter.getParameterType());
 			}
 			else {
 				return null;
@@ -158,26 +152,24 @@ public final class AuthenticationPrincipalArgumentResolver
 
 	/**
 	 * Obtains the specified {@link Annotation} on the specified {@link MethodParameter}.
-	 *
 	 * @param annotationClass the class of the {@link Annotation} to find on the
 	 * {@link MethodParameter}
 	 * @param parameter the {@link MethodParameter} to search for an {@link Annotation}
 	 * @return the {@link Annotation} that was found or null.
 	 */
-	private <T extends Annotation> T findMethodAnnotation(Class<T> annotationClass,
-			MethodParameter parameter) {
+	private <T extends Annotation> T findMethodAnnotation(Class<T> annotationClass, MethodParameter parameter) {
 		T annotation = parameter.getParameterAnnotation(annotationClass);
 		if (annotation != null) {
 			return annotation;
 		}
 		Annotation[] annotationsToSearch = parameter.getParameterAnnotations();
 		for (Annotation toSearch : annotationsToSearch) {
-			annotation = AnnotationUtils.findAnnotation(toSearch.annotationType(),
-					annotationClass);
+			annotation = AnnotationUtils.findAnnotation(toSearch.annotationType(), annotationClass);
 			if (annotation != null) {
 				return annotation;
 			}
 		}
 		return null;
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/method/annotation/CsrfTokenArgumentResolver.java b/web/src/main/java/org/springframework/security/web/method/annotation/CsrfTokenArgumentResolver.java
index 2b8681c386..e84b31fa6f 100644
--- a/web/src/main/java/org/springframework/security/web/method/annotation/CsrfTokenArgumentResolver.java
+++ b/web/src/main/java/org/springframework/security/web/method/annotation/CsrfTokenArgumentResolver.java
@@ -36,9 +36,7 @@ import org.springframework.web.method.support.ModelAndViewContainer;
  *         return token;
  *     }
  * }
- * </code>
- * </pre>
- *
+ * </code> </pre>
  *
  * @author Rob Winch
  * @since 4.0
@@ -48,9 +46,8 @@ public final class CsrfTokenArgumentResolver implements HandlerMethodArgumentRes
 	/*
 	 * (non-Javadoc)
 	 *
-	 * @see
-	 * org.springframework.web.method.support.HandlerMethodArgumentResolver#supportsParameter
-	 * (org.springframework.core.MethodParameter)
+	 * @see org.springframework.web.method.support.HandlerMethodArgumentResolver#
+	 * supportsParameter (org.springframework.core.MethodParameter)
 	 */
 	public boolean supportsParameter(MethodParameter parameter) {
 		return CsrfToken.class.equals(parameter.getParameterType());
@@ -59,18 +56,17 @@ public final class CsrfTokenArgumentResolver implements HandlerMethodArgumentRes
 	/*
 	 * (non-Javadoc)
 	 *
-	 * @see
-	 * org.springframework.web.method.support.HandlerMethodArgumentResolver#resolveArgument
-	 * (org.springframework.core.MethodParameter,
+	 * @see org.springframework.web.method.support.HandlerMethodArgumentResolver#
+	 * resolveArgument (org.springframework.core.MethodParameter,
 	 * org.springframework.web.method.support.ModelAndViewContainer,
 	 * org.springframework.web.context.request.NativeWebRequest,
 	 * org.springframework.web.bind.support.WebDataBinderFactory)
 	 */
-	public Object resolveArgument(MethodParameter parameter,
-			ModelAndViewContainer mavContainer, NativeWebRequest webRequest,
-			WebDataBinderFactory binderFactory) {
+	public Object resolveArgument(MethodParameter parameter, ModelAndViewContainer mavContainer,
+			NativeWebRequest webRequest, WebDataBinderFactory binderFactory) {
 		CsrfToken token = (CsrfToken) webRequest.getAttribute(CsrfToken.class.getName(),
 				NativeWebRequest.SCOPE_REQUEST);
 		return token;
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/method/annotation/CurrentSecurityContextArgumentResolver.java b/web/src/main/java/org/springframework/security/web/method/annotation/CurrentSecurityContextArgumentResolver.java
index e05fc77bea..d559c8befb 100644
--- a/web/src/main/java/org/springframework/security/web/method/annotation/CurrentSecurityContextArgumentResolver.java
+++ b/web/src/main/java/org/springframework/security/web/method/annotation/CurrentSecurityContextArgumentResolver.java
@@ -36,9 +36,8 @@ import org.springframework.web.method.support.HandlerMethodArgumentResolver;
 import org.springframework.web.method.support.ModelAndViewContainer;
 
 /**
- * Allows resolving the {@link SecurityContext} using the
- * {@link CurrentSecurityContext} annotation. For example, the following
- * {@link Controller}:
+ * Allows resolving the {@link SecurityContext} using the {@link CurrentSecurityContext}
+ * annotation. For example, the following {@link Controller}:
  *
  * <pre>
  * &#64;Controller
@@ -62,9 +61,10 @@ import org.springframework.web.method.support.ModelAndViewContainer;
  * </pre>
  *
  * <p>
- * Will resolve the {@link SecurityContext} argument using {@link SecurityContextHolder#getContext()} from
- * the {@link SecurityContextHolder}. If the {@link SecurityContext} is {@code null}, it will return {@code null}.
- * If the types do not match, {@code null} will be returned unless
+ * Will resolve the {@link SecurityContext} argument using
+ * {@link SecurityContextHolder#getContext()} from the {@link SecurityContextHolder}. If
+ * the {@link SecurityContext} is {@code null}, it will return {@code null}. If the types
+ * do not match, {@code null} will be returned unless
  * {@link CurrentSecurityContext#errorOnInvalidType()} is {@code true} in which case a
  * {@link ClassCastException} will be thrown.
  * </p>
@@ -72,8 +72,7 @@ import org.springframework.web.method.support.ModelAndViewContainer;
  * @author Dan Zheng
  * @since 5.2
  */
-public final class CurrentSecurityContextArgumentResolver
-		implements HandlerMethodArgumentResolver {
+public final class CurrentSecurityContextArgumentResolver implements HandlerMethodArgumentResolver {
 
 	private ExpressionParser parser = new SpelExpressionParser();
 
@@ -91,17 +90,16 @@ public final class CurrentSecurityContextArgumentResolver
 	 * {@inheritDoc}
 	 */
 	@Override
-	public Object resolveArgument(MethodParameter parameter,
-				ModelAndViewContainer mavContainer, NativeWebRequest webRequest,
-				WebDataBinderFactory binderFactory) {
+	public Object resolveArgument(MethodParameter parameter, ModelAndViewContainer mavContainer,
+			NativeWebRequest webRequest, WebDataBinderFactory binderFactory) {
 		SecurityContext securityContext = SecurityContextHolder.getContext();
 		if (securityContext == null) {
 			return null;
 		}
 		Object securityContextResult = securityContext;
 
-		CurrentSecurityContext securityContextAnnotation = findMethodAnnotation(
-				CurrentSecurityContext.class, parameter);
+		CurrentSecurityContext securityContextAnnotation = findMethodAnnotation(CurrentSecurityContext.class,
+				parameter);
 
 		String expressionToParse = securityContextAnnotation.expression();
 		if (StringUtils.hasLength(expressionToParse)) {
@@ -116,8 +114,8 @@ public final class CurrentSecurityContextArgumentResolver
 		if (securityContextResult != null
 				&& !parameter.getParameterType().isAssignableFrom(securityContextResult.getClass())) {
 			if (securityContextAnnotation.errorOnInvalidType()) {
-				throw new ClassCastException(securityContextResult + " is not assignable to "
-						+ parameter.getParameterType());
+				throw new ClassCastException(
+						securityContextResult + " is not assignable to " + parameter.getParameterType());
 			}
 			else {
 				return null;
@@ -137,26 +135,24 @@ public final class CurrentSecurityContextArgumentResolver
 
 	/**
 	 * Obtain the specified {@link Annotation} on the specified {@link MethodParameter}.
-	 *
 	 * @param annotationClass the class of the {@link Annotation} to find on the
 	 * {@link MethodParameter}
 	 * @param parameter the {@link MethodParameter} to search for an {@link Annotation}
 	 * @return the {@link Annotation} that was found or null.
 	 */
-	private <T extends Annotation> T findMethodAnnotation(Class<T> annotationClass,
-			MethodParameter parameter) {
+	private <T extends Annotation> T findMethodAnnotation(Class<T> annotationClass, MethodParameter parameter) {
 		T annotation = parameter.getParameterAnnotation(annotationClass);
 		if (annotation != null) {
 			return annotation;
 		}
 		Annotation[] annotationsToSearch = parameter.getParameterAnnotations();
 		for (Annotation toSearch : annotationsToSearch) {
-			annotation = AnnotationUtils.findAnnotation(toSearch.annotationType(),
-					annotationClass);
+			annotation = AnnotationUtils.findAnnotation(toSearch.annotationType(), annotationClass);
 			if (annotation != null) {
 				return annotation;
 			}
 		}
 		return null;
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/package-info.java b/web/src/main/java/org/springframework/security/web/package-info.java
index 67fe8d799f..3ffe4e16d8 100644
--- a/web/src/main/java/org/springframework/security/web/package-info.java
+++ b/web/src/main/java/org/springframework/security/web/package-info.java
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 /**
- * Spring Security's web security module. Classes which have a dependency on the Servlet API can be found here.
+ * Spring Security's web security module. Classes which have a dependency on the Servlet
+ * API can be found here.
  */
 package org.springframework.security.web;
-
diff --git a/web/src/main/java/org/springframework/security/web/reactive/result/method/annotation/AuthenticationPrincipalArgumentResolver.java b/web/src/main/java/org/springframework/security/web/reactive/result/method/annotation/AuthenticationPrincipalArgumentResolver.java
index a03b6bd182..0a89f290be 100644
--- a/web/src/main/java/org/springframework/security/web/reactive/result/method/annotation/AuthenticationPrincipalArgumentResolver.java
+++ b/web/src/main/java/org/springframework/security/web/reactive/result/method/annotation/AuthenticationPrincipalArgumentResolver.java
@@ -40,6 +40,7 @@ import reactor.core.publisher.Mono;
 
 /**
  * Resolves the Authentication
+ *
  * @author Rob Winch
  * @since 5.0
  */
@@ -70,18 +71,15 @@ public class AuthenticationPrincipalArgumentResolver extends HandlerMethodArgume
 	public Mono<Object> resolveArgument(MethodParameter parameter, BindingContext bindingContext,
 			ServerWebExchange exchange) {
 		ReactiveAdapter adapter = getAdapterRegistry().getAdapter(parameter.getParameterType());
-		return ReactiveSecurityContextHolder.getContext()
-			.map(SecurityContext::getAuthentication)
-			.flatMap(a -> {
-				Object p = resolvePrincipal(parameter, a.getPrincipal());
-				Mono<Object> principal = Mono.justOrEmpty(p);
-				return adapter == null ? principal : Mono.just(adapter.fromPublisher(principal));
-			});
+		return ReactiveSecurityContextHolder.getContext().map(SecurityContext::getAuthentication).flatMap(a -> {
+			Object p = resolvePrincipal(parameter, a.getPrincipal());
+			Mono<Object> principal = Mono.justOrEmpty(p);
+			return adapter == null ? principal : Mono.just(adapter.fromPublisher(principal));
+		});
 	}
 
 	private Object resolvePrincipal(MethodParameter parameter, Object principal) {
-		AuthenticationPrincipal authPrincipal = findMethodAnnotation(
-			AuthenticationPrincipal.class, parameter);
+		AuthenticationPrincipal authPrincipal = findMethodAnnotation(AuthenticationPrincipal.class, parameter);
 
 		String expressionToParse = authPrincipal.expression();
 		if (StringUtils.hasLength(expressionToParse)) {
@@ -97,8 +95,7 @@ public class AuthenticationPrincipalArgumentResolver extends HandlerMethodArgume
 		if (isInvalidType(parameter, principal)) {
 
 			if (authPrincipal.errorOnInvalidType()) {
-				throw new ClassCastException(principal + " is not assignable to "
-					+ parameter.getParameterType());
+				throw new ClassCastException(principal + " is not assignable to " + parameter.getParameterType());
 			}
 			else {
 				return null;
@@ -127,22 +124,19 @@ public class AuthenticationPrincipalArgumentResolver extends HandlerMethodArgume
 
 	/**
 	 * Obtains the specified {@link Annotation} on the specified {@link MethodParameter}.
-	 *
 	 * @param annotationClass the class of the {@link Annotation} to find on the
 	 * {@link MethodParameter}
 	 * @param parameter the {@link MethodParameter} to search for an {@link Annotation}
 	 * @return the {@link Annotation} that was found or null.
 	 */
-	private <T extends Annotation> T findMethodAnnotation(Class<T> annotationClass,
-			MethodParameter parameter) {
+	private <T extends Annotation> T findMethodAnnotation(Class<T> annotationClass, MethodParameter parameter) {
 		T annotation = parameter.getParameterAnnotation(annotationClass);
 		if (annotation != null) {
 			return annotation;
 		}
 		Annotation[] annotationsToSearch = parameter.getParameterAnnotations();
 		for (Annotation toSearch : annotationsToSearch) {
-			annotation = AnnotationUtils.findAnnotation(toSearch.annotationType(),
-				annotationClass);
+			annotation = AnnotationUtils.findAnnotation(toSearch.annotationType(), annotationClass);
 			if (annotation != null) {
 				return annotation;
 			}
diff --git a/web/src/main/java/org/springframework/security/web/reactive/result/method/annotation/CurrentSecurityContextArgumentResolver.java b/web/src/main/java/org/springframework/security/web/reactive/result/method/annotation/CurrentSecurityContextArgumentResolver.java
index 9f1eac242e..5757eb7c46 100644
--- a/web/src/main/java/org/springframework/security/web/reactive/result/method/annotation/CurrentSecurityContextArgumentResolver.java
+++ b/web/src/main/java/org/springframework/security/web/reactive/result/method/annotation/CurrentSecurityContextArgumentResolver.java
@@ -83,7 +83,7 @@ public class CurrentSecurityContextArgumentResolver extends HandlerMethodArgumen
 		if (reactiveSecurityContext == null) {
 			return null;
 		}
-		return reactiveSecurityContext.flatMap( a -> {
+		return reactiveSecurityContext.flatMap(a -> {
 			Object p = resolveSecurityContext(parameter, a);
 			Mono<Object> o = Mono.justOrEmpty(p);
 			return adapter == null ? o : Mono.just(adapter.fromPublisher(o));
@@ -92,14 +92,15 @@ public class CurrentSecurityContextArgumentResolver extends HandlerMethodArgumen
 	}
 
 	/**
-	 * resolve the expression from {@link CurrentSecurityContext} annotation to get the value.
+	 * resolve the expression from {@link CurrentSecurityContext} annotation to get the
+	 * value.
 	 * @param parameter the method parameter.
 	 * @param securityContext the security context.
 	 * @return the resolved object from expression.
 	 */
 	private Object resolveSecurityContext(MethodParameter parameter, SecurityContext securityContext) {
-		CurrentSecurityContext securityContextAnnotation = findMethodAnnotation(
-				CurrentSecurityContext.class, parameter);
+		CurrentSecurityContext securityContextAnnotation = findMethodAnnotation(CurrentSecurityContext.class,
+				parameter);
 
 		Object securityContextResult = securityContext;
 
@@ -116,8 +117,8 @@ public class CurrentSecurityContextArgumentResolver extends HandlerMethodArgumen
 
 		if (isInvalidType(parameter, securityContextResult)) {
 			if (securityContextAnnotation.errorOnInvalidType()) {
-				throw new ClassCastException(securityContextResult + " is not assignable to "
-						+ parameter.getParameterType());
+				throw new ClassCastException(
+						securityContextResult + " is not assignable to " + parameter.getParameterType());
 			}
 			else {
 				return null;
@@ -152,22 +153,19 @@ public class CurrentSecurityContextArgumentResolver extends HandlerMethodArgumen
 
 	/**
 	 * Obtains the specified {@link Annotation} on the specified {@link MethodParameter}.
-	 *
 	 * @param annotationClass the class of the {@link Annotation} to find on the
 	 * {@link MethodParameter}
 	 * @param parameter the {@link MethodParameter} to search for an {@link Annotation}
 	 * @return the {@link Annotation} that was found or null.
 	 */
-	private <T extends Annotation> T findMethodAnnotation(Class<T> annotationClass,
-			MethodParameter parameter) {
+	private <T extends Annotation> T findMethodAnnotation(Class<T> annotationClass, MethodParameter parameter) {
 		T annotation = parameter.getParameterAnnotation(annotationClass);
 		if (annotation != null) {
 			return annotation;
 		}
 		Annotation[] annotationsToSearch = parameter.getParameterAnnotations();
 		for (Annotation toSearch : annotationsToSearch) {
-			annotation = AnnotationUtils.findAnnotation(toSearch.annotationType(),
-				annotationClass);
+			annotation = AnnotationUtils.findAnnotation(toSearch.annotationType(), annotationClass);
 			if (annotation != null) {
 				return annotation;
 			}
diff --git a/web/src/main/java/org/springframework/security/web/reactive/result/view/CsrfRequestDataValueProcessor.java b/web/src/main/java/org/springframework/security/web/reactive/result/view/CsrfRequestDataValueProcessor.java
index 076ad63333..9da2ceaec2 100644
--- a/web/src/main/java/org/springframework/security/web/reactive/result/view/CsrfRequestDataValueProcessor.java
+++ b/web/src/main/java/org/springframework/security/web/reactive/result/view/CsrfRequestDataValueProcessor.java
@@ -30,19 +30,18 @@ import java.util.regex.Pattern;
  * @since 5.0
  */
 public class CsrfRequestDataValueProcessor implements RequestDataValueProcessor {
+
 	/**
 	 * The default request attribute to look for a {@link CsrfToken}.
 	 */
 	public static final String DEFAULT_CSRF_ATTR_NAME = "_csrf";
 
-	private static final Pattern DISABLE_CSRF_TOKEN_PATTERN = Pattern
-		.compile("(?i)^(GET|HEAD|TRACE|OPTIONS)$");
+	private static final Pattern DISABLE_CSRF_TOKEN_PATTERN = Pattern.compile("(?i)^(GET|HEAD|TRACE|OPTIONS)$");
 
 	private static final String DISABLE_CSRF_TOKEN_ATTR = "DISABLE_CSRF_TOKEN_ATTR";
 
 	@Override
-	public String processAction(ServerWebExchange exchange, String action,
-		String httpMethod) {
+	public String processAction(ServerWebExchange exchange, String action, String httpMethod) {
 		if (httpMethod != null && DISABLE_CSRF_TOKEN_PATTERN.matcher(httpMethod).matches()) {
 			exchange.getAttributes().put(DISABLE_CSRF_TOKEN_ATTR, Boolean.TRUE);
 		}
@@ -53,15 +52,13 @@ public class CsrfRequestDataValueProcessor implements RequestDataValueProcessor
 	}
 
 	@Override
-	public String processFormFieldValue(ServerWebExchange exchange,
-		String name, String value, String type) {
+	public String processFormFieldValue(ServerWebExchange exchange, String name, String value, String type) {
 		return value;
 	}
 
 	@NonNull
 	@Override
-	public Map<String, String> getExtraHiddenFields(
-		ServerWebExchange exchange) {
+	public Map<String, String> getExtraHiddenFields(ServerWebExchange exchange) {
 		if (Boolean.TRUE.equals(exchange.getAttribute(DISABLE_CSRF_TOKEN_ATTR))) {
 			exchange.getAttributes().remove(DISABLE_CSRF_TOKEN_ATTR);
 			return Collections.emptyMap();
@@ -77,4 +74,5 @@ public class CsrfRequestDataValueProcessor implements RequestDataValueProcessor
 	public String processUrl(ServerWebExchange exchange, String url) {
 		return url;
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/savedrequest/CookieRequestCache.java b/web/src/main/java/org/springframework/security/web/savedrequest/CookieRequestCache.java
index 960f875893..ea7d8e3162 100644
--- a/web/src/main/java/org/springframework/security/web/savedrequest/CookieRequestCache.java
+++ b/web/src/main/java/org/springframework/security/web/savedrequest/CookieRequestCache.java
@@ -33,9 +33,9 @@ import javax.servlet.http.HttpServletResponse;
 import java.util.Base64;
 import java.util.HashMap;
 
-
 /**
- * An Implementation of {@code RequestCache} which saves the original request URI in a cookie.
+ * An Implementation of {@code RequestCache} which saves the original request URI in a
+ * cookie.
  *
  * @author Zeeshan Adnan
  * @since 5.4
@@ -43,9 +43,11 @@ import java.util.HashMap;
 public class CookieRequestCache implements RequestCache {
 
 	private RequestMatcher requestMatcher = AnyRequestMatcher.INSTANCE;
+
 	protected final Log logger = LogFactory.getLog(this.getClass());
 
 	private static final String COOKIE_NAME = "REDIRECT_URI";
+
 	private static final int COOKIE_MAX_AGE = -1;
 
 	@Override
@@ -59,7 +61,8 @@ public class CookieRequestCache implements RequestCache {
 			savedCookie.setHttpOnly(true);
 
 			response.addCookie(savedCookie);
-		} else {
+		}
+		else {
 			logger.debug("Request not saved as configured RequestMatcher did not match");
 		}
 	}
@@ -76,7 +79,8 @@ public class CookieRequestCache implements RequestCache {
 			if (port == -1) {
 				if ("https".equalsIgnoreCase(uriComponents.getScheme())) {
 					port = 443;
-				} else {
+				}
+				else {
 					port = 80;
 				}
 			}
@@ -85,17 +89,13 @@ public class CookieRequestCache implements RequestCache {
 
 			if (!queryParams.isEmpty()) {
 				final HashMap<String, String[]> parameters = new HashMap<>(queryParams.size());
-				queryParams.forEach((key, value) -> parameters.put(key, value.toArray(new String[]{})));
+				queryParams.forEach((key, value) -> parameters.put(key, value.toArray(new String[] {})));
 				builder.setParameters(parameters);
 			}
 
-			return builder.setScheme(uriComponents.getScheme())
-					.setServerName(uriComponents.getHost())
-					.setRequestURI(uriComponents.getPath())
-					.setQueryString(uriComponents.getQuery())
-					.setServerPort(port)
-					.setMethod(request.getMethod())
-					.build();
+			return builder.setScheme(uriComponents.getScheme()).setServerName(uriComponents.getHost())
+					.setRequestURI(uriComponents.getPath()).setQueryString(uriComponents.getQuery()).setServerPort(port)
+					.setMethod(request.getMethod()).build();
 		}
 		return null;
 	}
@@ -106,7 +106,8 @@ public class CookieRequestCache implements RequestCache {
 		if (!this.matchesSavedRequest(request, saved)) {
 			this.logger.debug("saved request doesn't match");
 			return null;
-		} else {
+		}
+		else {
 			this.removeRequest(request, response);
 			return new SavedRequestAwareWrapper(saved, request);
 		}
@@ -141,7 +142,8 @@ public class CookieRequestCache implements RequestCache {
 	private boolean matchesSavedRequest(HttpServletRequest request, SavedRequest savedRequest) {
 		if (savedRequest == null) {
 			return false;
-		} else {
+		}
+		else {
 			String currentUrl = UrlUtils.buildFullRequestUrl(request);
 			return savedRequest.getRedirectUrl().equals(currentUrl);
 		}
@@ -152,9 +154,8 @@ public class CookieRequestCache implements RequestCache {
 	 * request will be cached by the {@code saveRequest} method.
 	 * <p>
 	 * If set, only matching requests will be cached.
-	 *
 	 * @param requestMatcher a request matching strategy which defines which requests
-	 *                       should be cached.
+	 * should be cached.
 	 */
 	public void setRequestMatcher(RequestMatcher requestMatcher) {
 		Assert.notNull(requestMatcher, "requestMatcher should not be null");
diff --git a/web/src/main/java/org/springframework/security/web/savedrequest/DefaultSavedRequest.java b/web/src/main/java/org/springframework/security/web/savedrequest/DefaultSavedRequest.java
index 4497bcdc5b..efbdc8d546 100644
--- a/web/src/main/java/org/springframework/security/web/savedrequest/DefaultSavedRequest.java
+++ b/web/src/main/java/org/springframework/security/web/savedrequest/DefaultSavedRequest.java
@@ -51,31 +51,45 @@ import java.util.*;
  * @author Luke Taylor
  */
 public class DefaultSavedRequest implements SavedRequest {
+
 	// ~ Static fields/initializers
 	// =====================================================================================
 
 	protected static final Log logger = LogFactory.getLog(DefaultSavedRequest.class);
 
 	private static final String HEADER_IF_NONE_MATCH = "If-None-Match";
+
 	private static final String HEADER_IF_MODIFIED_SINCE = "If-Modified-Since";
 
 	// ~ Instance fields
 	// ================================================================================================
 
 	private final ArrayList<SavedCookie> cookies = new ArrayList<>();
+
 	private final ArrayList<Locale> locales = new ArrayList<>();
-	private final Map<String, List<String>> headers = new TreeMap<>(
-			String.CASE_INSENSITIVE_ORDER);
+
+	private final Map<String, List<String>> headers = new TreeMap<>(String.CASE_INSENSITIVE_ORDER);
+
 	private final Map<String, String[]> parameters = new TreeMap<>();
+
 	private final String contextPath;
+
 	private final String method;
+
 	private final String pathInfo;
+
 	private final String queryString;
+
 	private final String requestURI;
+
 	private final String requestURL;
+
 	private final String scheme;
+
 	private final String serverName;
+
 	private final String servletPath;
+
 	private final int serverPort;
 
 	// ~ Constructors
@@ -95,8 +109,7 @@ public class DefaultSavedRequest implements SavedRequest {
 		while (names.hasMoreElements()) {
 			String name = names.nextElement();
 			// Skip If-Modified-Since and If-None-Match header. SEC-1412, SEC-1624.
-			if (HEADER_IF_MODIFIED_SINCE.equalsIgnoreCase(name)
-					|| HEADER_IF_NONE_MATCH.equalsIgnoreCase(name)) {
+			if (HEADER_IF_MODIFIED_SINCE.equalsIgnoreCase(name) || HEADER_IF_NONE_MATCH.equalsIgnoreCase(name)) {
 				continue;
 			}
 			Enumeration<String> values = request.getHeaders(name);
@@ -188,7 +201,8 @@ public class DefaultSavedRequest implements SavedRequest {
 				Object paramValues = parameters.get(paramName);
 				if (paramValues instanceof String[]) {
 					this.addParameter(paramName, (String[]) paramValues);
-				} else {
+				}
+				else {
 					if (logger.isWarnEnabled()) {
 						logger.warn("ServletRequest.getParameterMap() returned non-String array");
 					}
@@ -205,8 +219,7 @@ public class DefaultSavedRequest implements SavedRequest {
 	 * Determines if the current request matches the <code>DefaultSavedRequest</code>.
 	 * <p>
 	 * All URL arguments are considered but not cookies, locales, headers or parameters.
-	 *
-	 * @param request      the actual request to be matched against this one
+	 * @param request the actual request to be matched against this one
 	 * @param portResolver used to obtain the server port of the request
 	 * @return true if the request is deemed to match this one.
 	 */
@@ -229,13 +242,11 @@ public class DefaultSavedRequest implements SavedRequest {
 			return false;
 		}
 
-		if (!propertyEquals("serverPort", this.serverPort,
-				portResolver.getServerPort(request))) {
+		if (!propertyEquals("serverPort", this.serverPort, portResolver.getServerPort(request))) {
 			return false;
 		}
 
-		if (!propertyEquals("requestURL", this.requestURL, request.getRequestURL()
-				.toString())) {
+		if (!propertyEquals("requestURL", this.requestURL, request.getRequestURL().toString())) {
 			return false;
 		}
 
@@ -272,13 +283,11 @@ public class DefaultSavedRequest implements SavedRequest {
 
 	/**
 	 * Indicates the URL that the user agent used for this request.
-	 *
 	 * @return the full URL of this request
 	 */
 	@Override
 	public String getRedirectUrl() {
-		return UrlUtils.buildFullRequestUrl(scheme, serverName, serverPort, requestURI,
-				queryString);
+		return UrlUtils.buildFullRequestUrl(scheme, serverName, serverPort, requestURI, queryString);
 	}
 
 	@Override
@@ -364,8 +373,7 @@ public class DefaultSavedRequest implements SavedRequest {
 
 		if (arg1 == null || arg2 == null) {
 			if (logger.isDebugEnabled()) {
-				logger.debug(log + ": arg1=" + arg1 + "; arg2=" + arg2
-						+ " (property not equals)");
+				logger.debug(log + ": arg1=" + arg1 + "; arg2=" + arg2 + " (property not equals)");
 			}
 
 			return false;
@@ -373,15 +381,14 @@ public class DefaultSavedRequest implements SavedRequest {
 
 		if (arg1.equals(arg2)) {
 			if (logger.isDebugEnabled()) {
-				logger.debug(log + ": arg1=" + arg1 + "; arg2=" + arg2
-						+ " (property equals)");
+				logger.debug(log + ": arg1=" + arg1 + "; arg2=" + arg2 + " (property equals)");
 			}
 
 			return true;
-		} else {
+		}
+		else {
 			if (logger.isDebugEnabled()) {
-				logger.debug(log + ": arg1=" + arg1 + "; arg2=" + arg2
-						+ " (property not equals)");
+				logger.debug(log + ": arg1=" + arg1 + "; arg2=" + arg2 + " (property not equals)");
 			}
 
 			return false;
@@ -401,18 +408,31 @@ public class DefaultSavedRequest implements SavedRequest {
 	public static class Builder {
 
 		private List<SavedCookie> cookies = null;
+
 		private List<Locale> locales = null;
+
 		private Map<String, List<String>> headers = new TreeMap<>(String.CASE_INSENSITIVE_ORDER);
+
 		private Map<String, String[]> parameters = new TreeMap<>();
+
 		private String contextPath;
+
 		private String method;
+
 		private String pathInfo;
+
 		private String queryString;
+
 		private String requestURI;
+
 		private String requestURL;
+
 		private String scheme;
+
 		private String serverName;
+
 		private String servletPath;
+
 		private int serverPort = 80;
 
 		public Builder setCookies(List<SavedCookie> cookies) {
@@ -507,5 +527,7 @@ public class DefaultSavedRequest implements SavedRequest {
 			}
 			return savedRequest;
 		}
+
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/savedrequest/Enumerator.java b/web/src/main/java/org/springframework/security/web/savedrequest/Enumerator.java
index c0501e2a3a..cb3b1682bf 100644
--- a/web/src/main/java/org/springframework/security/web/savedrequest/Enumerator.java
+++ b/web/src/main/java/org/springframework/security/web/savedrequest/Enumerator.java
@@ -40,6 +40,7 @@ import java.util.NoSuchElementException;
  * @author Andrey Grebnev
  */
 public class Enumerator<T> implements Enumeration<T> {
+
 	// ~ Instance fields
 	// ================================================================================================
 
@@ -54,7 +55,6 @@ public class Enumerator<T> implements Enumeration<T> {
 
 	/**
 	 * Return an Enumeration over the values of the specified Collection.
-	 *
 	 * @param collection Collection whose values should be enumerated
 	 */
 	public Enumerator(Collection<T> collection) {
@@ -63,7 +63,6 @@ public class Enumerator<T> implements Enumeration<T> {
 
 	/**
 	 * Return an Enumeration over the values of the specified Collection.
-	 *
 	 * @param collection Collection whose values should be enumerated
 	 * @param clone true to clone iterator
 	 */
@@ -73,7 +72,6 @@ public class Enumerator<T> implements Enumeration<T> {
 
 	/**
 	 * Return an Enumeration over the values returned by the specified Iterator.
-	 *
 	 * @param iterator Iterator to be wrapped
 	 */
 	public Enumerator(Iterator<T> iterator) {
@@ -82,7 +80,6 @@ public class Enumerator<T> implements Enumeration<T> {
 
 	/**
 	 * Return an Enumeration over the values returned by the specified Iterator.
-	 *
 	 * @param iterator Iterator to be wrapped
 	 * @param clone true to clone iterator
 	 */
@@ -104,7 +101,6 @@ public class Enumerator<T> implements Enumeration<T> {
 
 	/**
 	 * Return an Enumeration over the values of the specified Map.
-	 *
 	 * @param map Map whose values should be enumerated
 	 */
 	public Enumerator(Map<?, T> map) {
@@ -113,7 +109,6 @@ public class Enumerator<T> implements Enumeration<T> {
 
 	/**
 	 * Return an Enumeration over the values of the specified Map.
-	 *
 	 * @param map Map whose values should be enumerated
 	 * @param clone true to clone iterator
 	 */
@@ -126,7 +121,6 @@ public class Enumerator<T> implements Enumeration<T> {
 
 	/**
 	 * Tests if this enumeration contains more elements.
-	 *
 	 * @return <code>true</code> if and only if this enumeration object contains at least
 	 * one more element to provide, <code>false</code> otherwise
 	 */
@@ -137,12 +131,11 @@ public class Enumerator<T> implements Enumeration<T> {
 	/**
 	 * Returns the next element of this enumeration if this enumeration has at least one
 	 * more element to provide.
-	 *
 	 * @return the next element of this enumeration
-	 *
 	 * @exception NoSuchElementException if no more elements exist
 	 */
 	public T nextElement() throws NoSuchElementException {
 		return (iterator.next());
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/savedrequest/FastHttpDateFormat.java b/web/src/main/java/org/springframework/security/web/savedrequest/FastHttpDateFormat.java
index ec1cbeae76..951f1c5b47 100644
--- a/web/src/main/java/org/springframework/security/web/savedrequest/FastHttpDateFormat.java
+++ b/web/src/main/java/org/springframework/security/web/savedrequest/FastHttpDateFormat.java
@@ -34,12 +34,12 @@ import java.util.TimeZone;
  * @author Andrey Grebnev
  */
 public class FastHttpDateFormat {
+
 	// ~ Static fields/initializers
 	// =====================================================================================
 
 	/** HTTP date format. */
-	protected static final SimpleDateFormat format = new SimpleDateFormat(
-			"EEE, dd MMM yyyy HH:mm:ss zzz", Locale.US);
+	protected static final SimpleDateFormat format = new SimpleDateFormat("EEE, dd MMM yyyy HH:mm:ss zzz", Locale.US);
 
 	/** The set of SimpleDateFormat formats to use in <code>getDateHeader()</code>. */
 	protected static final SimpleDateFormat[] formats = {
@@ -76,11 +76,9 @@ public class FastHttpDateFormat {
 	/**
 	 * Formats a specified date to HTTP format. If local format is not <code>null</code>,
 	 * it's used instead.
-	 *
 	 * @param value Date value to format
 	 * @param threadLocalformat The format to use (or <code>null</code> -- then HTTP
 	 * format will be used)
-	 *
 	 * @return Formatted date
 	 */
 	public static String formatDate(long value, DateFormat threadLocalformat) {
@@ -119,7 +117,6 @@ public class FastHttpDateFormat {
 
 	/**
 	 * Gets the current date in HTTP format.
-	 *
 	 * @return Current date in HTTP format
 	 */
 	public static String getCurrentDate() {
@@ -139,10 +136,8 @@ public class FastHttpDateFormat {
 
 	/**
 	 * Parses date with given formatters.
-	 *
 	 * @param value The string to parse
 	 * @param formats Array of formats to use
-	 *
 	 * @return Parsed date (or <code>null</code> if no formatter mached)
 	 */
 	private static Long internalParseDate(String value, DateFormat[] formats) {
@@ -166,11 +161,9 @@ public class FastHttpDateFormat {
 	/**
 	 * Tries to parse the given date as an HTTP date. If local format list is not
 	 * <code>null</code>, it's used instead.
-	 *
 	 * @param value The string to parse
 	 * @param threadLocalformats Array of formats to use for parsing. If <code>null</code>
 	 * , HTTP formats are used.
-	 *
 	 * @return Parsed date (or -1 if error occurred)
 	 */
 	public static long parseDate(String value, DateFormat[] threadLocalformats) {
@@ -212,7 +205,6 @@ public class FastHttpDateFormat {
 
 	/**
 	 * Updates cache.
-	 *
 	 * @param cache Cache to be updated
 	 * @param key Key to be updated
 	 * @param value New value
@@ -229,4 +221,5 @@ public class FastHttpDateFormat {
 
 		cache.put(key, value);
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/savedrequest/HttpSessionRequestCache.java b/web/src/main/java/org/springframework/security/web/savedrequest/HttpSessionRequestCache.java
index 2b8589bcf6..be6947b72e 100644
--- a/web/src/main/java/org/springframework/security/web/savedrequest/HttpSessionRequestCache.java
+++ b/web/src/main/java/org/springframework/security/web/savedrequest/HttpSessionRequestCache.java
@@ -37,12 +37,17 @@ import org.springframework.security.web.util.matcher.RequestMatcher;
  * @since 3.0
  */
 public class HttpSessionRequestCache implements RequestCache {
+
 	static final String SAVED_REQUEST = "SPRING_SECURITY_SAVED_REQUEST";
+
 	protected final Log logger = LogFactory.getLog(this.getClass());
 
 	private PortResolver portResolver = new PortResolverImpl();
+
 	private boolean createSessionAllowed = true;
+
 	private RequestMatcher requestMatcher = AnyRequestMatcher.INSTANCE;
+
 	private String sessionAttrName = SAVED_REQUEST;
 
 	/**
@@ -50,8 +55,7 @@ public class HttpSessionRequestCache implements RequestCache {
 	 */
 	public void saveRequest(HttpServletRequest request, HttpServletResponse response) {
 		if (requestMatcher.matches(request)) {
-			DefaultSavedRequest savedRequest = new DefaultSavedRequest(request,
-					portResolver);
+			DefaultSavedRequest savedRequest = new DefaultSavedRequest(request, portResolver);
 
 			if (createSessionAllowed || request.getSession(false) != null) {
 				// Store the HTTP request itself. Used by
@@ -66,8 +70,7 @@ public class HttpSessionRequestCache implements RequestCache {
 		}
 	}
 
-	public SavedRequest getRequest(HttpServletRequest currentRequest,
-			HttpServletResponse response) {
+	public SavedRequest getRequest(HttpServletRequest currentRequest, HttpServletResponse response) {
 		HttpSession session = currentRequest.getSession(false);
 
 		if (session != null) {
@@ -77,8 +80,7 @@ public class HttpSessionRequestCache implements RequestCache {
 		return null;
 	}
 
-	public void removeRequest(HttpServletRequest currentRequest,
-			HttpServletResponse response) {
+	public void removeRequest(HttpServletRequest currentRequest, HttpServletResponse response) {
 		HttpSession session = currentRequest.getSession(false);
 
 		if (session != null) {
@@ -87,8 +89,7 @@ public class HttpSessionRequestCache implements RequestCache {
 		}
 	}
 
-	public HttpServletRequest getMatchingRequest(HttpServletRequest request,
-			HttpServletResponse response) {
+	public HttpServletRequest getMatchingRequest(HttpServletRequest request, HttpServletResponse response) {
 		SavedRequest saved = getRequest(request, response);
 
 		if (!matchesSavedRequest(request, saved)) {
@@ -120,7 +121,6 @@ public class HttpSessionRequestCache implements RequestCache {
 	 * request will be cached by the {@code saveRequest} method.
 	 * <p>
 	 * If set, only matching requests will be cached.
-	 *
 	 * @param requestMatcher a request matching strategy which defines which requests
 	 * should be cached.
 	 */
@@ -144,14 +144,13 @@ public class HttpSessionRequestCache implements RequestCache {
 	}
 
 	/**
-	 * If the {@code sessionAttrName} property is set, the request is stored in
-	 * the session using this attribute name. Default is
-	 * "SPRING_SECURITY_SAVED_REQUEST".
-	 *
+	 * If the {@code sessionAttrName} property is set, the request is stored in the
+	 * session using this attribute name. Default is "SPRING_SECURITY_SAVED_REQUEST".
 	 * @param sessionAttrName a new session attribute name.
 	 * @since 4.2.1
 	 */
 	public void setSessionAttrName(String sessionAttrName) {
 		this.sessionAttrName = sessionAttrName;
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/savedrequest/NullRequestCache.java b/web/src/main/java/org/springframework/security/web/savedrequest/NullRequestCache.java
index b7beffacc2..e9e04d7cdf 100644
--- a/web/src/main/java/org/springframework/security/web/savedrequest/NullRequestCache.java
+++ b/web/src/main/java/org/springframework/security/web/savedrequest/NullRequestCache.java
@@ -27,8 +27,7 @@ import javax.servlet.http.HttpServletResponse;
  */
 public class NullRequestCache implements RequestCache {
 
-	public SavedRequest getRequest(HttpServletRequest request,
-			HttpServletResponse response) {
+	public SavedRequest getRequest(HttpServletRequest request, HttpServletResponse response) {
 		return null;
 	}
 
@@ -39,8 +38,7 @@ public class NullRequestCache implements RequestCache {
 	public void saveRequest(HttpServletRequest request, HttpServletResponse response) {
 	}
 
-	public HttpServletRequest getMatchingRequest(HttpServletRequest request,
-			HttpServletResponse response) {
+	public HttpServletRequest getMatchingRequest(HttpServletRequest request, HttpServletResponse response) {
 		return null;
 	}
 
diff --git a/web/src/main/java/org/springframework/security/web/savedrequest/RequestCache.java b/web/src/main/java/org/springframework/security/web/savedrequest/RequestCache.java
index eacd13dd7e..22d50f1618 100644
--- a/web/src/main/java/org/springframework/security/web/savedrequest/RequestCache.java
+++ b/web/src/main/java/org/springframework/security/web/savedrequest/RequestCache.java
@@ -30,14 +30,12 @@ public interface RequestCache {
 	/**
 	 * Caches the current request for later retrieval, once authentication has taken
 	 * place. Used by <tt>ExceptionTranslationFilter</tt>.
-	 *
 	 * @param request the request to be stored
 	 */
 	void saveRequest(HttpServletRequest request, HttpServletResponse response);
 
 	/**
 	 * Returns the saved request, leaving it cached.
-	 *
 	 * @param request the current request
 	 * @return the saved request which was previously cached, or null if there is none.
 	 */
@@ -46,18 +44,15 @@ public interface RequestCache {
 	/**
 	 * Returns a wrapper around the saved request, if it matches the current request. The
 	 * saved request should be removed from the cache.
-	 *
 	 * @param request
 	 * @param response
 	 * @return the wrapped save request, if it matches the original, or null if there is
 	 * no cached request or it doesn't match.
 	 */
-	HttpServletRequest getMatchingRequest(HttpServletRequest request,
-			HttpServletResponse response);
+	HttpServletRequest getMatchingRequest(HttpServletRequest request, HttpServletResponse response);
 
 	/**
 	 * Removes the cached request.
-	 *
 	 * @param request the current request, allowing access to the cache.
 	 */
 	void removeRequest(HttpServletRequest request, HttpServletResponse response);
diff --git a/web/src/main/java/org/springframework/security/web/savedrequest/RequestCacheAwareFilter.java b/web/src/main/java/org/springframework/security/web/savedrequest/RequestCacheAwareFilter.java
index 53ab7f03ec..72f9793fec 100644
--- a/web/src/main/java/org/springframework/security/web/savedrequest/RequestCacheAwareFilter.java
+++ b/web/src/main/java/org/springframework/security/web/savedrequest/RequestCacheAwareFilter.java
@@ -54,14 +54,13 @@ public class RequestCacheAwareFilter extends GenericFilterBean {
 		this.requestCache = requestCache;
 	}
 
-	public void doFilter(ServletRequest request, ServletResponse response,
-			FilterChain chain) throws IOException, ServletException {
+	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
+			throws IOException, ServletException {
 
-		HttpServletRequest wrappedSavedRequest = requestCache.getMatchingRequest(
-				(HttpServletRequest) request, (HttpServletResponse) response);
+		HttpServletRequest wrappedSavedRequest = requestCache.getMatchingRequest((HttpServletRequest) request,
+				(HttpServletResponse) response);
 
-		chain.doFilter(wrappedSavedRequest == null ? request : wrappedSavedRequest,
-				response);
+		chain.doFilter(wrappedSavedRequest == null ? request : wrappedSavedRequest, response);
 	}
 
 }
diff --git a/web/src/main/java/org/springframework/security/web/savedrequest/SavedCookie.java b/web/src/main/java/org/springframework/security/web/savedrequest/SavedCookie.java
index c54a39dce6..88b0522528 100644
--- a/web/src/main/java/org/springframework/security/web/savedrequest/SavedCookie.java
+++ b/web/src/main/java/org/springframework/security/web/savedrequest/SavedCookie.java
@@ -24,17 +24,25 @@ import java.io.Serializable;
  * @author Ray Krueger
  */
 public class SavedCookie implements Serializable {
+
 	private final java.lang.String name;
+
 	private final java.lang.String value;
+
 	private final java.lang.String comment;
+
 	private final java.lang.String domain;
+
 	private final int maxAge;
+
 	private final java.lang.String path;
+
 	private final boolean secure;
+
 	private final int version;
 
-	public SavedCookie(String name, String value, String comment, String domain,
-			int maxAge, String path, boolean secure, int version) {
+	public SavedCookie(String name, String value, String comment, String domain, int maxAge, String path,
+			boolean secure, int version) {
 		this.name = name;
 		this.value = value;
 		this.comment = comment;
@@ -46,9 +54,8 @@ public class SavedCookie implements Serializable {
 	}
 
 	public SavedCookie(Cookie cookie) {
-		this(cookie.getName(), cookie.getValue(), cookie.getComment(),
-				cookie.getDomain(), cookie.getMaxAge(), cookie.getPath(), cookie
-						.getSecure(), cookie.getVersion());
+		this(cookie.getName(), cookie.getValue(), cookie.getComment(), cookie.getDomain(), cookie.getMaxAge(),
+				cookie.getPath(), cookie.getSecure(), cookie.getVersion());
 	}
 
 	public String getName() {
@@ -100,4 +107,5 @@ public class SavedCookie implements Serializable {
 		c.setSecure(isSecure());
 		return c;
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/savedrequest/SavedRequest.java b/web/src/main/java/org/springframework/security/web/savedrequest/SavedRequest.java
index 09a9980b55..9a9ce344b6 100644
--- a/web/src/main/java/org/springframework/security/web/savedrequest/SavedRequest.java
+++ b/web/src/main/java/org/springframework/security/web/savedrequest/SavedRequest.java
@@ -51,4 +51,5 @@ public interface SavedRequest extends java.io.Serializable {
 	String[] getParameterValues(String name);
 
 	Map<String, String[]> getParameterMap();
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/savedrequest/SavedRequestAwareWrapper.java b/web/src/main/java/org/springframework/security/web/savedrequest/SavedRequestAwareWrapper.java
index ed3bc0327a..b99eb5d8be 100644
--- a/web/src/main/java/org/springframework/security/web/savedrequest/SavedRequestAwareWrapper.java
+++ b/web/src/main/java/org/springframework/security/web/savedrequest/SavedRequestAwareWrapper.java
@@ -53,10 +53,12 @@ import org.apache.commons.logging.LogFactory;
  * @author Luke Taylor
  */
 class SavedRequestAwareWrapper extends HttpServletRequestWrapper {
+
 	// ~ Static fields/initializers
 	// =====================================================================================
 
 	protected static final Log logger = LogFactory.getLog(SavedRequestAwareWrapper.class);
+
 	protected static final TimeZone GMT_ZONE = TimeZone.getTimeZone("GMT");
 
 	/** The default Locale if none are specified. */
@@ -250,4 +252,5 @@ class SavedRequestAwareWrapper extends HttpServletRequestWrapper {
 
 		return combinedParams.toArray(new String[0]);
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/savedrequest/SimpleSavedRequest.java b/web/src/main/java/org/springframework/security/web/savedrequest/SimpleSavedRequest.java
index 817dee8dc9..2a6f4aebd6 100644
--- a/web/src/main/java/org/springframework/security/web/savedrequest/SimpleSavedRequest.java
+++ b/web/src/main/java/org/springframework/security/web/savedrequest/SimpleSavedRequest.java
@@ -27,10 +27,12 @@ import java.util.Map;
 
 /**
  * A Bean implementation of SavedRequest
+ *
  * @author Rob Winch
  * @since 5.1
  */
 public class SimpleSavedRequest implements SavedRequest {
+
 	private String redirectUrl;
 
 	private List<Cookie> cookies = new ArrayList<>();
@@ -43,7 +45,8 @@ public class SimpleSavedRequest implements SavedRequest {
 
 	private Map<String, String[]> parameters = new HashMap<>();
 
-	public SimpleSavedRequest() {}
+	public SimpleSavedRequest() {
+	}
 
 	public SimpleSavedRequest(String redirectUrl) {
 		this.redirectUrl = redirectUrl;
@@ -129,4 +132,5 @@ public class SimpleSavedRequest implements SavedRequest {
 		Assert.notNull(parameters, "parameters cannot be null");
 		this.parameters = parameters;
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/savedrequest/package-info.java b/web/src/main/java/org/springframework/security/web/savedrequest/package-info.java
index 0801ac82a0..d4c534fa4d 100644
--- a/web/src/main/java/org/springframework/security/web/savedrequest/package-info.java
+++ b/web/src/main/java/org/springframework/security/web/savedrequest/package-info.java
@@ -14,10 +14,10 @@
  * limitations under the License.
  */
 /**
- * Classes related to the caching of an {@code HttpServletRequest} which requires authentication. While the user is
- * logging in, the request is cached (using the RequestCache implementation) by the ExceptionTranslationFilter.
- * Once the user has been authenticated, the original request is restored following a redirect to a matching URL, and
- * the {@code RequestCache} is queried to obtain the original (matching) request.
+ * Classes related to the caching of an {@code HttpServletRequest} which requires
+ * authentication. While the user is logging in, the request is cached (using the
+ * RequestCache implementation) by the ExceptionTranslationFilter. Once the user has been
+ * authenticated, the original request is restored following a redirect to a matching URL,
+ * and the {@code RequestCache} is queried to obtain the original (matching) request.
  */
 package org.springframework.security.web.savedrequest;
-
diff --git a/web/src/main/java/org/springframework/security/web/server/DefaultServerRedirectStrategy.java b/web/src/main/java/org/springframework/security/web/server/DefaultServerRedirectStrategy.java
index e63cc3fe48..3ebc906336 100644
--- a/web/src/main/java/org/springframework/security/web/server/DefaultServerRedirectStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/server/DefaultServerRedirectStrategy.java
@@ -34,7 +34,9 @@ import java.net.URI;
  * @since 5.0
  */
 public class DefaultServerRedirectStrategy implements ServerRedirectStrategy {
+
 	private static final Log logger = LogFactory.getLog(DefaultServerRedirectStrategy.class);
+
 	private HttpStatus httpStatus = HttpStatus.FOUND;
 
 	private boolean contextRelative = true;
@@ -76,10 +78,11 @@ public class DefaultServerRedirectStrategy implements ServerRedirectStrategy {
 
 	/**
 	 * Sets if the location is relative to the context.
-	 * @param contextRelative if redirects should be relative to the context.
-	 * Default is true.
+	 * @param contextRelative if redirects should be relative to the context. Default is
+	 * true.
 	 */
 	public void setContextRelative(boolean contextRelative) {
 		this.contextRelative = contextRelative;
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/DelegatingServerAuthenticationEntryPoint.java b/web/src/main/java/org/springframework/security/web/server/DelegatingServerAuthenticationEntryPoint.java
index 27f88a441a..f8aee9bcb6 100644
--- a/web/src/main/java/org/springframework/security/web/server/DelegatingServerAuthenticationEntryPoint.java
+++ b/web/src/main/java/org/springframework/security/web/server/DelegatingServerAuthenticationEntryPoint.java
@@ -31,15 +31,15 @@ import java.util.Arrays;
 import java.util.List;
 
 /**
- * A {@link ServerAuthenticationEntryPoint} which delegates to multiple {@link ServerAuthenticationEntryPoint} based
- * on a {@link ServerWebExchangeMatcher}
+ * A {@link ServerAuthenticationEntryPoint} which delegates to multiple
+ * {@link ServerAuthenticationEntryPoint} based on a {@link ServerWebExchangeMatcher}
  *
  * @author Rob Winch
  * @author Mathieu Ouellet
  * @since 5.0
  */
-public class DelegatingServerAuthenticationEntryPoint
-	implements ServerAuthenticationEntryPoint {
+public class DelegatingServerAuthenticationEntryPoint implements ServerAuthenticationEntryPoint {
+
 	private static final Log logger = LogFactory.getLog(DelegatingServerAuthenticationEntryPoint.class);
 
 	private final List<DelegateEntry> entryPoints;
@@ -49,36 +49,26 @@ public class DelegatingServerAuthenticationEntryPoint
 		return exchange.getResponse().setComplete();
 	};
 
-	public DelegatingServerAuthenticationEntryPoint(
-		DelegateEntry... entryPoints) {
+	public DelegatingServerAuthenticationEntryPoint(DelegateEntry... entryPoints) {
 		this(Arrays.asList(entryPoints));
 	}
 
-	public DelegatingServerAuthenticationEntryPoint(
-		List<DelegateEntry> entryPoints) {
+	public DelegatingServerAuthenticationEntryPoint(List<DelegateEntry> entryPoints) {
 		Assert.notEmpty(entryPoints, "entryPoints cannot be null");
 		this.entryPoints = entryPoints;
 	}
 
-	public Mono<Void> commence(ServerWebExchange exchange,
-		AuthenticationException e) {
-		return Flux.fromIterable(this.entryPoints)
-				.filterWhen( entry -> isMatch(exchange, entry))
-				.next()
-				.map( entry -> entry.getEntryPoint())
-				.doOnNext(it -> {
+	public Mono<Void> commence(ServerWebExchange exchange, AuthenticationException e) {
+		return Flux.fromIterable(this.entryPoints).filterWhen(entry -> isMatch(exchange, entry)).next()
+				.map(entry -> entry.getEntryPoint()).doOnNext(it -> {
 					if (logger.isDebugEnabled()) {
 						logger.debug("Match found! Executing " + it);
 					}
-				})
-				.switchIfEmpty(Mono.just(this.defaultEntryPoint)
-					.doOnNext(it -> {
-						if (logger.isDebugEnabled()) {
-							logger.debug("No match found. Using default entry point " + defaultEntryPoint);
-						}
-					})
-				)
-				.flatMap( entryPoint -> entryPoint.commence(exchange, e));
+				}).switchIfEmpty(Mono.just(this.defaultEntryPoint).doOnNext(it -> {
+					if (logger.isDebugEnabled()) {
+						logger.debug("No match found. Using default entry point " + defaultEntryPoint);
+					}
+				})).flatMap(entryPoint -> entryPoint.commence(exchange, e));
 	}
 
 	private Mono<Boolean> isMatch(ServerWebExchange exchange, DelegateEntry entry) {
@@ -86,24 +76,23 @@ public class DelegatingServerAuthenticationEntryPoint
 		if (logger.isDebugEnabled()) {
 			logger.debug("Trying to match using " + matcher);
 		}
-		return matcher.matches(exchange)
-			.map( result -> result.isMatch());
+		return matcher.matches(exchange).map(result -> result.isMatch());
 	}
 
 	/**
 	 * EntryPoint which is used when no RequestMatcher returned true
 	 */
-	public void setDefaultEntryPoint(
-		ServerAuthenticationEntryPoint defaultEntryPoint) {
+	public void setDefaultEntryPoint(ServerAuthenticationEntryPoint defaultEntryPoint) {
 		this.defaultEntryPoint = defaultEntryPoint;
 	}
 
 	public static class DelegateEntry {
+
 		private final ServerWebExchangeMatcher matcher;
+
 		private final ServerAuthenticationEntryPoint entryPoint;
 
-		public DelegateEntry(ServerWebExchangeMatcher matcher,
-			ServerAuthenticationEntryPoint entryPoint) {
+		public DelegateEntry(ServerWebExchangeMatcher matcher, ServerAuthenticationEntryPoint entryPoint) {
 			this.matcher = matcher;
 			this.entryPoint = entryPoint;
 		}
@@ -115,5 +104,7 @@ public class DelegatingServerAuthenticationEntryPoint
 		public ServerAuthenticationEntryPoint getEntryPoint() {
 			return this.entryPoint;
 		}
+
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/MatcherSecurityWebFilterChain.java b/web/src/main/java/org/springframework/security/web/server/MatcherSecurityWebFilterChain.java
index 35dfa49f62..628fee71b9 100644
--- a/web/src/main/java/org/springframework/security/web/server/MatcherSecurityWebFilterChain.java
+++ b/web/src/main/java/org/springframework/security/web/server/MatcherSecurityWebFilterChain.java
@@ -26,14 +26,16 @@ import reactor.core.publisher.Mono;
 import java.util.List;
 
 /**
- * A {@link SecurityWebFilterChain} that leverages a {@link ServerWebExchangeMatcher} to determine which
- * {@link WebFilter} to execute.
+ * A {@link SecurityWebFilterChain} that leverages a {@link ServerWebExchangeMatcher} to
+ * determine which {@link WebFilter} to execute.
  *
  * @author Rob Winch
  * @since 5.0
  */
 public class MatcherSecurityWebFilterChain implements SecurityWebFilterChain {
+
 	private final ServerWebExchangeMatcher matcher;
+
 	private final List<WebFilter> filters;
 
 	public MatcherSecurityWebFilterChain(ServerWebExchangeMatcher matcher, List<WebFilter> filters) {
@@ -45,12 +47,12 @@ public class MatcherSecurityWebFilterChain implements SecurityWebFilterChain {
 
 	@Override
 	public Mono<Boolean> matches(ServerWebExchange exchange) {
-		return matcher.matches(exchange)
-			.map( m -> m.isMatch() );
+		return matcher.matches(exchange).map(m -> m.isMatch());
 	}
 
 	@Override
 	public Flux<WebFilter> getWebFilters() {
 		return Flux.fromIterable(this.filters);
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/SecurityWebFilterChain.java b/web/src/main/java/org/springframework/security/web/server/SecurityWebFilterChain.java
index 6f27986033..3b601e0179 100644
--- a/web/src/main/java/org/springframework/security/web/server/SecurityWebFilterChain.java
+++ b/web/src/main/java/org/springframework/security/web/server/SecurityWebFilterChain.java
@@ -21,9 +21,9 @@ import org.springframework.web.server.WebFilter;
 import reactor.core.publisher.Flux;
 import reactor.core.publisher.Mono;
 
- /**
- * Defines a filter chain which is capable of being matched against a {@link ServerWebExchange} in order to decide
- * whether it applies to that request.
+/**
+ * Defines a filter chain which is capable of being matched against a
+ * {@link ServerWebExchange} in order to decide whether it applies to that request.
  *
  * @author Rob Winch
  * @since 5.0
@@ -31,7 +31,8 @@ import reactor.core.publisher.Mono;
 public interface SecurityWebFilterChain {
 
 	/**
-	 * Determines if this {@link SecurityWebFilterChain} matches the provided {@link ServerWebExchange}
+	 * Determines if this {@link SecurityWebFilterChain} matches the provided
+	 * {@link ServerWebExchange}
 	 * @param exchange the {@link ServerWebExchange}
 	 * @return true if it matches, else false
 	 */
@@ -42,4 +43,5 @@ public interface SecurityWebFilterChain {
 	 * @return
 	 */
 	Flux<WebFilter> getWebFilters();
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/ServerAuthenticationEntryPoint.java b/web/src/main/java/org/springframework/security/web/server/ServerAuthenticationEntryPoint.java
index 821f826f95..108be16860 100644
--- a/web/src/main/java/org/springframework/security/web/server/ServerAuthenticationEntryPoint.java
+++ b/web/src/main/java/org/springframework/security/web/server/ServerAuthenticationEntryPoint.java
@@ -31,10 +31,11 @@ public interface ServerAuthenticationEntryPoint {
 
 	/**
 	 * Initiates the authentication flow
-	 *
 	 * @param exchange
 	 * @param e
-	 * @return {@code Mono<Void>} to indicate when the request for authentication is complete
+	 * @return {@code Mono<Void>} to indicate when the request for authentication is
+	 * complete
 	 */
 	Mono<Void> commence(ServerWebExchange exchange, AuthenticationException e);
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/ServerFormLoginAuthenticationConverter.java b/web/src/main/java/org/springframework/security/web/server/ServerFormLoginAuthenticationConverter.java
index e0f9653a7e..3909d15d1a 100644
--- a/web/src/main/java/org/springframework/security/web/server/ServerFormLoginAuthenticationConverter.java
+++ b/web/src/main/java/org/springframework/security/web/server/ServerFormLoginAuthenticationConverter.java
@@ -31,12 +31,12 @@ import java.util.function.Function;
  *
  * @author Rob Winch
  * @since 5.0
- * @deprecated use {@link org.springframework.security.web.server.authentication.ServerFormLoginAuthenticationConverter}
+ * @deprecated use
+ * {@link org.springframework.security.web.server.authentication.ServerFormLoginAuthenticationConverter}
  * instead.
  */
 @Deprecated
-public class ServerFormLoginAuthenticationConverter implements
-		Function<ServerWebExchange, Mono<Authentication>> {
+public class ServerFormLoginAuthenticationConverter implements Function<ServerWebExchange, Mono<Authentication>> {
 
 	private String usernameParameter = "username";
 
@@ -45,12 +45,10 @@ public class ServerFormLoginAuthenticationConverter implements
 	@Override
 	@Deprecated
 	public Mono<Authentication> apply(ServerWebExchange exchange) {
-		return exchange.getFormData()
-				.map( data -> createAuthentication(data));
+		return exchange.getFormData().map(data -> createAuthentication(data));
 	}
 
-	private UsernamePasswordAuthenticationToken createAuthentication(
-		MultiValueMap<String, String> data) {
+	private UsernamePasswordAuthenticationToken createAuthentication(MultiValueMap<String, String> data) {
 		String username = data.getFirst(this.usernameParameter);
 		String password = data.getFirst(this.passwordParameter);
 		return new UsernamePasswordAuthenticationToken(username, password);
@@ -73,4 +71,5 @@ public class ServerFormLoginAuthenticationConverter implements
 		Assert.notNull(passwordParameter, "passwordParameter cannot be null");
 		this.passwordParameter = passwordParameter;
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/ServerHttpBasicAuthenticationConverter.java b/web/src/main/java/org/springframework/security/web/server/ServerHttpBasicAuthenticationConverter.java
index 4eef43c07c..a56ed3b61c 100644
--- a/web/src/main/java/org/springframework/security/web/server/ServerHttpBasicAuthenticationConverter.java
+++ b/web/src/main/java/org/springframework/security/web/server/ServerHttpBasicAuthenticationConverter.java
@@ -28,16 +28,17 @@ import org.springframework.web.server.ServerWebExchange;
 import reactor.core.publisher.Mono;
 
 /**
- * Converts from a {@link ServerWebExchange} to an {@link Authentication} that can be authenticated.
+ * Converts from a {@link ServerWebExchange} to an {@link Authentication} that can be
+ * authenticated.
  *
  * @author Rob Winch
  * @since 5.0
- * @deprecated Use {@link org.springframework.security.web.server.authentication.ServerHttpBasicAuthenticationConverter}
+ * @deprecated Use
+ * {@link org.springframework.security.web.server.authentication.ServerHttpBasicAuthenticationConverter}
  * instead.
  */
 @Deprecated
-public class ServerHttpBasicAuthenticationConverter implements
-		Function<ServerWebExchange, Mono<Authentication>> {
+public class ServerHttpBasicAuthenticationConverter implements Function<ServerWebExchange, Mono<Authentication>> {
 
 	public static final String BASIC = "Basic ";
 
@@ -51,8 +52,8 @@ public class ServerHttpBasicAuthenticationConverter implements
 			return Mono.empty();
 		}
 
-		String credentials = authorization.length() <= BASIC.length() ?
-				"" : authorization.substring(BASIC.length(), authorization.length());
+		String credentials = authorization.length() <= BASIC.length() ? ""
+				: authorization.substring(BASIC.length(), authorization.length());
 		byte[] decodedCredentials = base64Decode(credentials);
 		String decodedAuthz = new String(decodedCredentials);
 		String[] userParts = decodedAuthz.split(":", 2);
@@ -70,8 +71,10 @@ public class ServerHttpBasicAuthenticationConverter implements
 	private byte[] base64Decode(String value) {
 		try {
 			return Base64.getDecoder().decode(value);
-		} catch(Exception e) {
+		}
+		catch (Exception e) {
 			return new byte[0];
 		}
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/ServerRedirectStrategy.java b/web/src/main/java/org/springframework/security/web/server/ServerRedirectStrategy.java
index 2902fbd712..5f7881325a 100644
--- a/web/src/main/java/org/springframework/security/web/server/ServerRedirectStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/server/ServerRedirectStrategy.java
@@ -32,10 +32,12 @@ import org.springframework.web.server.ServerWebExchange;
 public interface ServerRedirectStrategy {
 
 	/**
-	 * Performs a redirect based upon the provided {@link ServerWebExchange} and {@link URI}
+	 * Performs a redirect based upon the provided {@link ServerWebExchange} and
+	 * {@link URI}
 	 * @param exchange the {@link ServerWebExchange} to use
 	 * @param location the location to redirect to
 	 * @return {@code Mono<Void>} to indicate when redirect is complete
 	 */
 	Mono<Void> sendRedirect(ServerWebExchange exchange, URI location);
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/WebFilterChainProxy.java b/web/src/main/java/org/springframework/security/web/server/WebFilterChainProxy.java
index a418440108..75930d2223 100644
--- a/web/src/main/java/org/springframework/security/web/server/WebFilterChainProxy.java
+++ b/web/src/main/java/org/springframework/security/web/server/WebFilterChainProxy.java
@@ -34,6 +34,7 @@ import reactor.core.publisher.Mono;
  * @since 5.0
  */
 public class WebFilterChainProxy implements WebFilter {
+
 	private final List<SecurityWebFilterChain> filters;
 
 	public WebFilterChainProxy(List<SecurityWebFilterChain> filters) {
@@ -47,14 +48,12 @@ public class WebFilterChainProxy implements WebFilter {
 	@Override
 	public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
 		return Flux.fromIterable(this.filters)
-				.filterWhen( securityWebFilterChain -> securityWebFilterChain.matches(exchange))
-				.next()
+				.filterWhen(securityWebFilterChain -> securityWebFilterChain.matches(exchange)).next()
 				.switchIfEmpty(chain.filter(exchange).then(Mono.empty()))
-				.flatMap( securityWebFilterChain -> securityWebFilterChain.getWebFilters()
-					.collectList()
-				)
-				.map( filters -> new FilteringWebHandler(webHandler -> chain.filter(webHandler), filters))
-				.map( handler -> new DefaultWebFilterChain(handler) )
-				.flatMap( securedChain -> securedChain.filter(exchange));
+				.flatMap(securityWebFilterChain -> securityWebFilterChain.getWebFilters().collectList())
+				.map(filters -> new FilteringWebHandler(webHandler -> chain.filter(webHandler), filters))
+				.map(handler -> new DefaultWebFilterChain(handler))
+				.flatMap(securedChain -> securedChain.filter(exchange));
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/WebFilterExchange.java b/web/src/main/java/org/springframework/security/web/server/WebFilterExchange.java
index 149c239ad3..d734f4bfc7 100644
--- a/web/src/main/java/org/springframework/security/web/server/WebFilterExchange.java
+++ b/web/src/main/java/org/springframework/security/web/server/WebFilterExchange.java
@@ -21,13 +21,16 @@ import org.springframework.web.server.ServerWebExchange;
 import org.springframework.web.server.WebFilterChain;
 
 /**
- * A composite of the {@link ServerWebExchange} and the {@link WebFilterChain}. This is typically used as a value object
- * for handling success and failures.
+ * A composite of the {@link ServerWebExchange} and the {@link WebFilterChain}. This is
+ * typically used as a value object for handling success and failures.
+ *
  * @author Rob Winch
  * @since 5.0
  */
 public class WebFilterExchange {
+
 	private final ServerWebExchange exchange;
+
 	private final WebFilterChain chain;
 
 	public WebFilterExchange(ServerWebExchange exchange, WebFilterChain chain) {
@@ -52,4 +55,5 @@ public class WebFilterExchange {
 	public WebFilterChain getChain() {
 		return this.chain;
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/AnonymousAuthenticationWebFilter.java b/web/src/main/java/org/springframework/security/web/server/authentication/AnonymousAuthenticationWebFilter.java
index df2a17aa84..04aa38c961 100644
--- a/web/src/main/java/org/springframework/security/web/server/authentication/AnonymousAuthenticationWebFilter.java
+++ b/web/src/main/java/org/springframework/security/web/server/authentication/AnonymousAuthenticationWebFilter.java
@@ -43,15 +43,18 @@ import org.springframework.web.server.WebFilterChain;
  * @since 5.2.0
  */
 public class AnonymousAuthenticationWebFilter implements WebFilter {
+
 	private static final Log logger = LogFactory.getLog(AnonymousAuthenticationWebFilter.class);
+
 	private String key;
+
 	private Object principal;
+
 	private List<GrantedAuthority> authorities;
 
 	/**
 	 * Creates a filter with a principal named "anonymousUser" and the single authority
 	 * "ROLE_ANONYMOUS".
-	 *
 	 * @param key the key to identify tokens created by this filter
 	 */
 	public AnonymousAuthenticationWebFilter(String key) {
@@ -59,12 +62,11 @@ public class AnonymousAuthenticationWebFilter implements WebFilter {
 	}
 
 	/**
-	 * @param key         key the key to identify tokens created by this filter
-	 * @param principal   the principal which will be used to represent anonymous users
+	 * @param key key the key to identify tokens created by this filter
+	 * @param principal the principal which will be used to represent anonymous users
 	 * @param authorities the authority list for anonymous users
 	 */
-	public AnonymousAuthenticationWebFilter(String key, Object principal,
-											List<GrantedAuthority> authorities) {
+	public AnonymousAuthenticationWebFilter(String key, Object principal, List<GrantedAuthority> authorities) {
 		Assert.hasLength(key, "key cannot be null or empty");
 		Assert.notNull(principal, "Anonymous authentication principal must be set");
 		Assert.notNull(authorities, "Anonymous authorities must be set");
@@ -75,28 +77,26 @@ public class AnonymousAuthenticationWebFilter implements WebFilter {
 
 	@Override
 	public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
-		return ReactiveSecurityContextHolder.getContext()
-				.switchIfEmpty(Mono.defer(() -> {
-						Authentication authentication = createAuthentication(exchange);
-						SecurityContext securityContext = new SecurityContextImpl(authentication);
-						if (logger.isDebugEnabled()) {
-							logger.debug("Populated SecurityContext with anonymous token: '" + authentication + "'");
-						}
-						return chain.filter(exchange)
-								.subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(securityContext)))
-								.then(Mono.empty());
-				}))
-				.flatMap(securityContext -> {
-					if (logger.isDebugEnabled()) {
-						logger.debug("SecurityContext contains anonymous token: '" + securityContext.getAuthentication() + "'");
-					}
-					return chain.filter(exchange);
-				});
+		return ReactiveSecurityContextHolder.getContext().switchIfEmpty(Mono.defer(() -> {
+			Authentication authentication = createAuthentication(exchange);
+			SecurityContext securityContext = new SecurityContextImpl(authentication);
+			if (logger.isDebugEnabled()) {
+				logger.debug("Populated SecurityContext with anonymous token: '" + authentication + "'");
+			}
+			return chain.filter(exchange)
+					.subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(securityContext)))
+					.then(Mono.empty());
+		})).flatMap(securityContext -> {
+			if (logger.isDebugEnabled()) {
+				logger.debug("SecurityContext contains anonymous token: '" + securityContext.getAuthentication() + "'");
+			}
+			return chain.filter(exchange);
+		});
 	}
 
 	protected Authentication createAuthentication(ServerWebExchange exchange) {
-		AnonymousAuthenticationToken auth = new AnonymousAuthenticationToken(key,
-				principal, authorities);
+		AnonymousAuthenticationToken auth = new AnonymousAuthenticationToken(key, principal, authorities);
 		return auth;
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/AuthenticationConverterServerWebExchangeMatcher.java b/web/src/main/java/org/springframework/security/web/server/authentication/AuthenticationConverterServerWebExchangeMatcher.java
index 05a164d523..7bef478cad 100644
--- a/web/src/main/java/org/springframework/security/web/server/authentication/AuthenticationConverterServerWebExchangeMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/server/authentication/AuthenticationConverterServerWebExchangeMatcher.java
@@ -27,25 +27,27 @@ import org.springframework.web.server.ServerWebExchange;
 import reactor.core.publisher.Mono;
 
 /**
- * Matches if the {@link ServerAuthenticationConverter} can convert a {@link ServerWebExchange} to an {@link Authentication}.
+ * Matches if the {@link ServerAuthenticationConverter} can convert a
+ * {@link ServerWebExchange} to an {@link Authentication}.
  *
  * @author David Kovac
  * @since 5.4
  * @see ServerAuthenticationConverter
  */
 public final class AuthenticationConverterServerWebExchangeMatcher implements ServerWebExchangeMatcher {
+
 	private final ServerAuthenticationConverter serverAuthenticationConverter;
 
-	public AuthenticationConverterServerWebExchangeMatcher(ServerAuthenticationConverter serverAuthenticationConverter) {
+	public AuthenticationConverterServerWebExchangeMatcher(
+			ServerAuthenticationConverter serverAuthenticationConverter) {
 		Assert.notNull(serverAuthenticationConverter, "serverAuthenticationConverter cannot be null");
 		this.serverAuthenticationConverter = serverAuthenticationConverter;
 	}
 
 	@Override
 	public Mono<MatchResult> matches(ServerWebExchange exchange) {
-		return this.serverAuthenticationConverter.convert(exchange)
-				.flatMap(a -> match())
-				.onErrorResume(e -> notMatch())
+		return this.serverAuthenticationConverter.convert(exchange).flatMap(a -> match()).onErrorResume(e -> notMatch())
 				.switchIfEmpty(notMatch());
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/AuthenticationWebFilter.java b/web/src/main/java/org/springframework/security/web/server/authentication/AuthenticationWebFilter.java
index 03b1009972..a39cd87a96 100644
--- a/web/src/main/java/org/springframework/security/web/server/authentication/AuthenticationWebFilter.java
+++ b/web/src/main/java/org/springframework/security/web/server/authentication/AuthenticationWebFilter.java
@@ -38,31 +38,27 @@ import org.springframework.web.server.WebFilter;
 import org.springframework.web.server.WebFilterChain;
 
 /**
- * A {@link WebFilter} that performs authentication of a particular request. An outline of the logic:
+ * A {@link WebFilter} that performs authentication of a particular request. An outline of
+ * the logic:
  *
  * <ul>
- * <li>
- *     A request comes in and if it does not match {@link #setRequiresAuthenticationMatcher(ServerWebExchangeMatcher)},
- *     then this filter does nothing and the {@link WebFilterChain} is continued. If it does match then...
+ * <li>A request comes in and if it does not match
+ * {@link #setRequiresAuthenticationMatcher(ServerWebExchangeMatcher)}, then this filter
+ * does nothing and the {@link WebFilterChain} is continued. If it does match then...</li>
+ * <li>An attempt to convert the {@link ServerWebExchange} into an {@link Authentication}
+ * is made. If the result is empty, then the filter does nothing more and the
+ * {@link WebFilterChain} is continued. If it does create an {@link Authentication}...
  * </li>
- * <li>
- *     An attempt to convert the {@link ServerWebExchange} into an {@link Authentication} is made. If the result is
- *     empty, then the filter does nothing more and the {@link WebFilterChain} is continued. If it does create an
- *     {@link Authentication}...
- * </li>
- * <li>
- *     The {@link ReactiveAuthenticationManager} specified in
- *     {@link #AuthenticationWebFilter(ReactiveAuthenticationManager)} is used to perform authentication.
- * </li>
- *<li>
- *     The {@link ReactiveAuthenticationManagerResolver} specified in
- *     {@link #AuthenticationWebFilter(ReactiveAuthenticationManagerResolver)} is used to resolve the appropriate
- *     authentication manager from context to perform authentication.
- * </li>
- * <li>
- *     If authentication is successful, {@link ServerAuthenticationSuccessHandler} is invoked and the authentication
- *     is set on {@link ReactiveSecurityContextHolder}, else {@link ServerAuthenticationFailureHandler} is invoked
+ * <li>The {@link ReactiveAuthenticationManager} specified in
+ * {@link #AuthenticationWebFilter(ReactiveAuthenticationManager)} is used to perform
+ * authentication.</li>
+ * <li>The {@link ReactiveAuthenticationManagerResolver} specified in
+ * {@link #AuthenticationWebFilter(ReactiveAuthenticationManagerResolver)} is used to
+ * resolve the appropriate authentication manager from context to perform authentication.
  * </li>
+ * <li>If authentication is successful, {@link ServerAuthenticationSuccessHandler} is
+ * invoked and the authentication is set on {@link ReactiveSecurityContextHolder}, else
+ * {@link ServerAuthenticationFailureHandler} is invoked</li>
  * </ul>
  *
  * @author Rob Winch
@@ -71,16 +67,20 @@ import org.springframework.web.server.WebFilterChain;
  * @since 5.0
  */
 public class AuthenticationWebFilter implements WebFilter {
+
 	private static final Log logger = LogFactory.getLog(AuthenticationWebFilter.class);
+
 	private final ReactiveAuthenticationManagerResolver<ServerWebExchange> authenticationManagerResolver;
 
 	private ServerAuthenticationSuccessHandler authenticationSuccessHandler = new WebFilterChainServerAuthenticationSuccessHandler();
 
 	private ServerAuthenticationConverter authenticationConverter = new ServerHttpBasicAuthenticationConverter();
 
-	private ServerAuthenticationFailureHandler authenticationFailureHandler = new ServerAuthenticationEntryPointFailureHandler(new HttpBasicServerAuthenticationEntryPoint());
+	private ServerAuthenticationFailureHandler authenticationFailureHandler = new ServerAuthenticationEntryPointFailureHandler(
+			new HttpBasicServerAuthenticationEntryPoint());
 
-	private ServerSecurityContextRepository securityContextRepository = NoOpServerSecurityContextRepository.getInstance();
+	private ServerSecurityContextRepository securityContextRepository = NoOpServerSecurityContextRepository
+			.getInstance();
 
 	private ServerWebExchangeMatcher requiresAuthenticationMatcher = ServerWebExchangeMatchers.anyExchange();
 
@@ -98,32 +98,34 @@ public class AuthenticationWebFilter implements WebFilter {
 	 * @param authenticationManagerResolver the authentication manager resolver to use
 	 * @since 5.3
 	 */
-	public AuthenticationWebFilter(ReactiveAuthenticationManagerResolver<ServerWebExchange> authenticationManagerResolver) {
+	public AuthenticationWebFilter(
+			ReactiveAuthenticationManagerResolver<ServerWebExchange> authenticationManagerResolver) {
 		Assert.notNull(authenticationManagerResolver, "authenticationResolverManager cannot be null");
 		this.authenticationManagerResolver = authenticationManagerResolver;
 	}
 
 	@Override
 	public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
-		return this.requiresAuthenticationMatcher.matches(exchange)
-			.filter( matchResult -> matchResult.isMatch())
-			.flatMap( matchResult -> this.authenticationConverter.convert(exchange))
-			.switchIfEmpty(chain.filter(exchange).then(Mono.empty()))
-			.flatMap( token -> authenticate(exchange, chain, token))
-			.onErrorResume(AuthenticationException.class, e -> this.authenticationFailureHandler
-					.onAuthenticationFailure(new WebFilterExchange(exchange, chain), e));
+		return this.requiresAuthenticationMatcher.matches(exchange).filter(matchResult -> matchResult.isMatch())
+				.flatMap(matchResult -> this.authenticationConverter.convert(exchange))
+				.switchIfEmpty(chain.filter(exchange).then(Mono.empty()))
+				.flatMap(token -> authenticate(exchange, chain, token))
+				.onErrorResume(AuthenticationException.class, e -> this.authenticationFailureHandler
+						.onAuthenticationFailure(new WebFilterExchange(exchange, chain), e));
 	}
 
 	private Mono<Void> authenticate(ServerWebExchange exchange, WebFilterChain chain, Authentication token) {
 		return this.authenticationManagerResolver.resolve(exchange)
-			.flatMap(authenticationManager -> authenticationManager.authenticate(token))
-			.switchIfEmpty(Mono.defer(() -> Mono.error(new IllegalStateException("No provider found for " + token.getClass()))))
-			.flatMap(authentication -> onAuthenticationSuccess(authentication, new WebFilterExchange(exchange, chain)))
-			.doOnError(AuthenticationException.class, e -> {
-				if (logger.isDebugEnabled()) {
-					logger.debug("Authentication failed: " + e.getMessage());
-				}
-			});
+				.flatMap(authenticationManager -> authenticationManager.authenticate(token))
+				.switchIfEmpty(Mono.defer(
+						() -> Mono.error(new IllegalStateException("No provider found for " + token.getClass()))))
+				.flatMap(authentication -> onAuthenticationSuccess(authentication,
+						new WebFilterExchange(exchange, chain)))
+				.doOnError(AuthenticationException.class, e -> {
+					if (logger.isDebugEnabled()) {
+						logger.debug("Authentication failed: " + e.getMessage());
+					}
+				});
 	}
 
 	protected Mono<Void> onAuthenticationSuccess(Authentication authentication, WebFilterExchange webFilterExchange) {
@@ -131,23 +133,23 @@ public class AuthenticationWebFilter implements WebFilter {
 		SecurityContextImpl securityContext = new SecurityContextImpl();
 		securityContext.setAuthentication(authentication);
 		return this.securityContextRepository.save(exchange, securityContext)
-			.then(this.authenticationSuccessHandler
-				.onAuthenticationSuccess(webFilterExchange, authentication))
-			.subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(securityContext)));
+				.then(this.authenticationSuccessHandler.onAuthenticationSuccess(webFilterExchange, authentication))
+				.subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(securityContext)));
 	}
 
 	/**
-	 * Sets the repository for persisting the SecurityContext. Default is {@link NoOpServerSecurityContextRepository}
+	 * Sets the repository for persisting the SecurityContext. Default is
+	 * {@link NoOpServerSecurityContextRepository}
 	 * @param securityContextRepository the repository to use
 	 */
-	public void setSecurityContextRepository(
-		ServerSecurityContextRepository securityContextRepository) {
+	public void setSecurityContextRepository(ServerSecurityContextRepository securityContextRepository) {
 		Assert.notNull(securityContextRepository, "securityContextRepository cannot be null");
 		this.securityContextRepository = securityContextRepository;
 	}
 
 	/**
-	 * Sets the authentication success handler. Default is {@link WebFilterChainServerAuthenticationSuccessHandler}
+	 * Sets the authentication success handler. Default is
+	 * {@link WebFilterChainServerAuthenticationSuccessHandler}
 	 * @param authenticationSuccessHandler the success handler to use
 	 */
 	public void setAuthenticationSuccessHandler(ServerAuthenticationSuccessHandler authenticationSuccessHandler) {
@@ -156,12 +158,14 @@ public class AuthenticationWebFilter implements WebFilter {
 	}
 
 	/**
-	 * Sets the strategy used for converting from a {@link ServerWebExchange} to an {@link Authentication} used for
-	 * authenticating with the provided {@link ReactiveAuthenticationManager}. If the result is empty, then it signals
-	 * that no authentication attempt should be made. The default converter is
+	 * Sets the strategy used for converting from a {@link ServerWebExchange} to an
+	 * {@link Authentication} used for authenticating with the provided
+	 * {@link ReactiveAuthenticationManager}. If the result is empty, then it signals that
+	 * no authentication attempt should be made. The default converter is
 	 * {@link ServerHttpBasicAuthenticationConverter}
 	 * @param authenticationConverter the converter to use
-	 * @deprecated As of 5.1 in favor of {@link #setServerAuthenticationConverter(ServerAuthenticationConverter)}
+	 * @deprecated As of 5.1 in favor of
+	 * {@link #setServerAuthenticationConverter(ServerAuthenticationConverter)}
 	 * @see #setServerAuthenticationConverter(ServerAuthenticationConverter)
 	 */
 	@Deprecated
@@ -171,38 +175,39 @@ public class AuthenticationWebFilter implements WebFilter {
 	}
 
 	/**
-	 * Sets the strategy used for converting from a {@link ServerWebExchange} to an {@link Authentication} used for
-	 * authenticating with the provided {@link ReactiveAuthenticationManager}. If the result is empty, then it signals
-	 * that no authentication attempt should be made. The default converter is
+	 * Sets the strategy used for converting from a {@link ServerWebExchange} to an
+	 * {@link Authentication} used for authenticating with the provided
+	 * {@link ReactiveAuthenticationManager}. If the result is empty, then it signals that
+	 * no authentication attempt should be made. The default converter is
 	 * {@link ServerHttpBasicAuthenticationConverter}
 	 * @param authenticationConverter the converter to use
 	 * @since 5.1
 	 */
-	public void setServerAuthenticationConverter(
-			ServerAuthenticationConverter authenticationConverter) {
+	public void setServerAuthenticationConverter(ServerAuthenticationConverter authenticationConverter) {
 		Assert.notNull(authenticationConverter, "authenticationConverter cannot be null");
 		this.authenticationConverter = authenticationConverter;
 	}
 
 	/**
-	 * Sets the failure handler used when authentication fails. The default is to prompt for basic authentication.
+	 * Sets the failure handler used when authentication fails. The default is to prompt
+	 * for basic authentication.
 	 * @param authenticationFailureHandler the handler to use. Cannot be null.
 	 */
-	public void setAuthenticationFailureHandler(
-		ServerAuthenticationFailureHandler authenticationFailureHandler) {
+	public void setAuthenticationFailureHandler(ServerAuthenticationFailureHandler authenticationFailureHandler) {
 		Assert.notNull(authenticationFailureHandler, "authenticationFailureHandler cannot be null");
 		this.authenticationFailureHandler = authenticationFailureHandler;
 	}
 
 	/**
 	 * Sets the matcher used to determine when creating an {@link Authentication} from
-	 * {@link #setServerAuthenticationConverter(ServerAuthenticationConverter)} to be authentication. If the converter returns an empty
-	 * result, then no authentication is attempted. The default is any request
+	 * {@link #setServerAuthenticationConverter(ServerAuthenticationConverter)} to be
+	 * authentication. If the converter returns an empty result, then no authentication is
+	 * attempted. The default is any request
 	 * @param requiresAuthenticationMatcher the matcher to use. Cannot be null.
 	 */
-	public void setRequiresAuthenticationMatcher(
-		ServerWebExchangeMatcher requiresAuthenticationMatcher) {
+	public void setRequiresAuthenticationMatcher(ServerWebExchangeMatcher requiresAuthenticationMatcher) {
 		Assert.notNull(requiresAuthenticationMatcher, "requiresAuthenticationMatcher cannot be null");
 		this.requiresAuthenticationMatcher = requiresAuthenticationMatcher;
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/DelegatingServerAuthenticationSuccessHandler.java b/web/src/main/java/org/springframework/security/web/server/authentication/DelegatingServerAuthenticationSuccessHandler.java
index 019442b5af..0440678424 100644
--- a/web/src/main/java/org/springframework/security/web/server/authentication/DelegatingServerAuthenticationSuccessHandler.java
+++ b/web/src/main/java/org/springframework/security/web/server/authentication/DelegatingServerAuthenticationSuccessHandler.java
@@ -26,12 +26,14 @@ import java.util.Arrays;
 import java.util.List;
 
 /**
- * Delegates to a collection of {@link ServerAuthenticationSuccessHandler} implementations.
+ * Delegates to a collection of {@link ServerAuthenticationSuccessHandler}
+ * implementations.
  *
  * @author Rob Winch
  * @since 5.1
  */
 public class DelegatingServerAuthenticationSuccessHandler implements ServerAuthenticationSuccessHandler {
+
 	private final List<ServerAuthenticationSuccessHandler> delegates;
 
 	public DelegatingServerAuthenticationSuccessHandler(ServerAuthenticationSuccessHandler... delegates) {
@@ -40,10 +42,9 @@ public class DelegatingServerAuthenticationSuccessHandler implements ServerAuthe
 	}
 
 	@Override
-	public Mono<Void> onAuthenticationSuccess(WebFilterExchange exchange,
-			Authentication authentication) {
+	public Mono<Void> onAuthenticationSuccess(WebFilterExchange exchange, Authentication authentication) {
 		return Flux.fromIterable(this.delegates)
-			.concatMap(delegate -> delegate.onAuthenticationSuccess(exchange, authentication))
-			.then();
+				.concatMap(delegate -> delegate.onAuthenticationSuccess(exchange, authentication)).then();
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/HttpBasicServerAuthenticationEntryPoint.java b/web/src/main/java/org/springframework/security/web/server/authentication/HttpBasicServerAuthenticationEntryPoint.java
index 606efa7aa3..1cff591536 100644
--- a/web/src/main/java/org/springframework/security/web/server/authentication/HttpBasicServerAuthenticationEntryPoint.java
+++ b/web/src/main/java/org/springframework/security/web/server/authentication/HttpBasicServerAuthenticationEntryPoint.java
@@ -30,10 +30,12 @@ import reactor.core.publisher.Mono;
  * @author Rob Winch
  * @since 5.0
  */
-public class HttpBasicServerAuthenticationEntryPoint
-	implements ServerAuthenticationEntryPoint {
+public class HttpBasicServerAuthenticationEntryPoint implements ServerAuthenticationEntryPoint {
+
 	private static final String WWW_AUTHENTICATE = "WWW-Authenticate";
+
 	private static final String DEFAULT_REALM = "Realm";
+
 	private static String WWW_AUTHENTICATE_FORMAT = "Basic realm=\"%s\"";
 
 	private String headerValue = createHeaderValue(DEFAULT_REALM);
@@ -59,4 +61,5 @@ public class HttpBasicServerAuthenticationEntryPoint
 		Assert.notNull(realm, "realm cannot be null");
 		return String.format(WWW_AUTHENTICATE_FORMAT, realm);
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/HttpStatusServerEntryPoint.java b/web/src/main/java/org/springframework/security/web/server/authentication/HttpStatusServerEntryPoint.java
index 8817addad2..a306473a7a 100644
--- a/web/src/main/java/org/springframework/security/web/server/authentication/HttpStatusServerEntryPoint.java
+++ b/web/src/main/java/org/springframework/security/web/server/authentication/HttpStatusServerEntryPoint.java
@@ -33,6 +33,7 @@ import reactor.core.publisher.Mono;
  * @since 5.1
  */
 public class HttpStatusServerEntryPoint implements ServerAuthenticationEntryPoint {
+
 	private final HttpStatus httpStatus;
 
 	public HttpStatusServerEntryPoint(HttpStatus httpStatus) {
@@ -44,4 +45,5 @@ public class HttpStatusServerEntryPoint implements ServerAuthenticationEntryPoin
 	public Mono<Void> commence(ServerWebExchange exchange, AuthenticationException authException) {
 		return Mono.fromRunnable(() -> exchange.getResponse().setStatusCode(this.httpStatus));
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/ReactivePreAuthenticatedAuthenticationManager.java b/web/src/main/java/org/springframework/security/web/server/authentication/ReactivePreAuthenticatedAuthenticationManager.java
index 5081f3f1d5..0658897a2f 100644
--- a/web/src/main/java/org/springframework/security/web/server/authentication/ReactivePreAuthenticatedAuthenticationManager.java
+++ b/web/src/main/java/org/springframework/security/web/server/authentication/ReactivePreAuthenticatedAuthenticationManager.java
@@ -25,29 +25,30 @@ import org.springframework.security.web.authentication.preauth.PreAuthenticatedA
 import reactor.core.publisher.Mono;
 
 /**
- * Reactive version of {@link org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider}
+ * Reactive version of
+ * {@link org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider}
  *
- * This manager receives a {@link PreAuthenticatedAuthenticationToken}, checks that associated account is not disabled,
- * expired, or blocked, and returns new authenticated {@link PreAuthenticatedAuthenticationToken}.
+ * This manager receives a {@link PreAuthenticatedAuthenticationToken}, checks that
+ * associated account is not disabled, expired, or blocked, and returns new authenticated
+ * {@link PreAuthenticatedAuthenticationToken}.
  *
- * If no {@link UserDetailsChecker} is provided, a default {@link AccountStatusUserDetailsChecker} will be
- * created.
+ * If no {@link UserDetailsChecker} is provided, a default
+ * {@link AccountStatusUserDetailsChecker} will be created.
  *
  * @author Alexey Nesterov
  * @since 5.2
  */
-public class ReactivePreAuthenticatedAuthenticationManager
-		implements ReactiveAuthenticationManager {
+public class ReactivePreAuthenticatedAuthenticationManager implements ReactiveAuthenticationManager {
 
 	private final ReactiveUserDetailsService userDetailsService;
+
 	private final UserDetailsChecker userDetailsChecker;
 
 	public ReactivePreAuthenticatedAuthenticationManager(ReactiveUserDetailsService userDetailsService) {
 		this(userDetailsService, new AccountStatusUserDetailsChecker());
 	}
 
-	public ReactivePreAuthenticatedAuthenticationManager(
-			ReactiveUserDetailsService userDetailsService,
+	public ReactivePreAuthenticatedAuthenticationManager(ReactiveUserDetailsService userDetailsService,
 			UserDetailsChecker userDetailsChecker) {
 		this.userDetailsService = userDetailsService;
 		this.userDetailsChecker = userDetailsChecker;
@@ -55,15 +56,12 @@ public class ReactivePreAuthenticatedAuthenticationManager
 
 	@Override
 	public Mono<Authentication> authenticate(Authentication authentication) {
-		return Mono.just(authentication)
-				.filter(this::supports)
-				.map(Authentication::getName)
+		return Mono.just(authentication).filter(this::supports).map(Authentication::getName)
 				.flatMap(userDetailsService::findByUsername)
 				.switchIfEmpty(Mono.error(() -> new UsernameNotFoundException("User not found")))
-				.doOnNext(userDetailsChecker::check)
-				.map(ud -> {
-					PreAuthenticatedAuthenticationToken result = new PreAuthenticatedAuthenticationToken(
-							ud, authentication.getCredentials(), ud.getAuthorities());
+				.doOnNext(userDetailsChecker::check).map(ud -> {
+					PreAuthenticatedAuthenticationToken result = new PreAuthenticatedAuthenticationToken(ud,
+							authentication.getCredentials(), ud.getAuthorities());
 					result.setDetails(authentication.getDetails());
 
 					return result;
@@ -73,4 +71,5 @@ public class ReactivePreAuthenticatedAuthenticationManager
 	private boolean supports(Authentication authentication) {
 		return PreAuthenticatedAuthenticationToken.class.isAssignableFrom(authentication.getClass());
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationEntryPoint.java b/web/src/main/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationEntryPoint.java
index 00222393ed..01424c122b 100644
--- a/web/src/main/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationEntryPoint.java
+++ b/web/src/main/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationEntryPoint.java
@@ -35,8 +35,8 @@ import org.springframework.web.server.ServerWebExchange;
  * @author Rob Winch
  * @since 5.0
  */
-public class RedirectServerAuthenticationEntryPoint
-	implements ServerAuthenticationEntryPoint {
+public class RedirectServerAuthenticationEntryPoint implements ServerAuthenticationEntryPoint {
+
 	private final URI location;
 
 	private ServerRedirectStrategy redirectStrategy = new DefaultServerRedirectStrategy();
@@ -64,7 +64,7 @@ public class RedirectServerAuthenticationEntryPoint
 	@Override
 	public Mono<Void> commence(ServerWebExchange exchange, AuthenticationException e) {
 		return this.requestCache.saveRequest(exchange)
-			.then(this.redirectStrategy.sendRedirect(exchange, this.location));
+				.then(this.redirectStrategy.sendRedirect(exchange, this.location));
 	}
 
 	/**
@@ -75,4 +75,5 @@ public class RedirectServerAuthenticationEntryPoint
 		Assert.notNull(redirectStrategy, "redirectStrategy cannot be null");
 		this.redirectStrategy = redirectStrategy;
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationFailureHandler.java b/web/src/main/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationFailureHandler.java
index 2337cd8491..d648291988 100644
--- a/web/src/main/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationFailureHandler.java
+++ b/web/src/main/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationFailureHandler.java
@@ -31,8 +31,8 @@ import java.net.URI;
  * @author Rob Winch
  * @since 5.0
  */
-public class RedirectServerAuthenticationFailureHandler
-	implements ServerAuthenticationFailureHandler {
+public class RedirectServerAuthenticationFailureHandler implements ServerAuthenticationFailureHandler {
+
 	private final URI location;
 
 	private ServerRedirectStrategy redirectStrategy = new DefaultServerRedirectStrategy();
@@ -56,8 +56,8 @@ public class RedirectServerAuthenticationFailureHandler
 	}
 
 	@Override
-	public Mono<Void> onAuthenticationFailure(
-		WebFilterExchange webFilterExchange, AuthenticationException exception) {
+	public Mono<Void> onAuthenticationFailure(WebFilterExchange webFilterExchange, AuthenticationException exception) {
 		return this.redirectStrategy.sendRedirect(webFilterExchange.getExchange(), this.location);
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationSuccessHandler.java b/web/src/main/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationSuccessHandler.java
index 2504a875db..66ebfd5eb4 100644
--- a/web/src/main/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationSuccessHandler.java
+++ b/web/src/main/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationSuccessHandler.java
@@ -29,13 +29,14 @@ import reactor.core.publisher.Mono;
 import java.net.URI;
 
 /**
- * Performs a redirect on authentication success. The default is to redirect to a saved request if present and
- * otherwise "/".
+ * Performs a redirect on authentication success. The default is to redirect to a saved
+ * request if present and otherwise "/".
+ *
  * @author Rob Winch
  * @since 5.0
  */
-public class RedirectServerAuthenticationSuccessHandler
-	implements ServerAuthenticationSuccessHandler {
+public class RedirectServerAuthenticationSuccessHandler implements ServerAuthenticationSuccessHandler {
+
 	private URI location = URI.create("/");
 
 	private ServerRedirectStrategy redirectStrategy = new DefaultServerRedirectStrategy();
@@ -45,7 +46,8 @@ public class RedirectServerAuthenticationSuccessHandler
 	/**
 	 * Creates a new instance with location of "/"
 	 */
-	public RedirectServerAuthenticationSuccessHandler() {}
+	public RedirectServerAuthenticationSuccessHandler() {
+	}
 
 	/**
 	 * Creates a new instance with the specified location
@@ -57,7 +59,8 @@ public class RedirectServerAuthenticationSuccessHandler
 	}
 
 	/**
-	 * Sets the {@link ServerRequestCache} used to redirect to. Default is {@link WebSessionServerRequestCache}.
+	 * Sets the {@link ServerRequestCache} used to redirect to. Default is
+	 * {@link WebSessionServerRequestCache}.
 	 * @param requestCache the cache to use
 	 */
 	public void setRequestCache(ServerRequestCache requestCache) {
@@ -66,12 +69,10 @@ public class RedirectServerAuthenticationSuccessHandler
 	}
 
 	@Override
-	public Mono<Void> onAuthenticationSuccess(WebFilterExchange webFilterExchange,
-		Authentication authentication) {
+	public Mono<Void> onAuthenticationSuccess(WebFilterExchange webFilterExchange, Authentication authentication) {
 		ServerWebExchange exchange = webFilterExchange.getExchange();
-		return this.requestCache.getRedirectUri(exchange)
-			.defaultIfEmpty(this.location)
-			.flatMap(location -> this.redirectStrategy.sendRedirect(exchange, location));
+		return this.requestCache.getRedirectUri(exchange).defaultIfEmpty(this.location)
+				.flatMap(location -> this.redirectStrategy.sendRedirect(exchange, location));
 	}
 
 	/**
@@ -91,4 +92,5 @@ public class RedirectServerAuthenticationSuccessHandler
 		Assert.notNull(redirectStrategy, "redirectStrategy cannot be null");
 		this.redirectStrategy = redirectStrategy;
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/ServerAuthenticationConverter.java b/web/src/main/java/org/springframework/security/web/server/authentication/ServerAuthenticationConverter.java
index 4a77f73422..b9f7321a26 100644
--- a/web/src/main/java/org/springframework/security/web/server/authentication/ServerAuthenticationConverter.java
+++ b/web/src/main/java/org/springframework/security/web/server/authentication/ServerAuthenticationConverter.java
@@ -22,19 +22,23 @@ import org.springframework.web.server.ServerWebExchange;
 import reactor.core.publisher.Mono;
 
 /**
- * A strategy used for converting from a {@link ServerWebExchange} to an {@link Authentication} used for
- * authenticating with a provided {@link org.springframework.security.authentication.ReactiveAuthenticationManager}.
- * If the result is {@link Mono#empty()}, then it signals that no authentication attempt should be made.
+ * A strategy used for converting from a {@link ServerWebExchange} to an
+ * {@link Authentication} used for authenticating with a provided
+ * {@link org.springframework.security.authentication.ReactiveAuthenticationManager}. If
+ * the result is {@link Mono#empty()}, then it signals that no authentication attempt
+ * should be made.
  *
  * @author Eric Deandrea
  * @since 5.1
  */
 @FunctionalInterface
 public interface ServerAuthenticationConverter {
+
 	/**
 	 * Converts a {@link ServerWebExchange} to an {@link Authentication}
 	 * @param exchange The {@link ServerWebExchange}
 	 * @return A {@link Mono} representing an {@link Authentication}
 	 */
 	Mono<Authentication> convert(ServerWebExchange exchange);
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/ServerAuthenticationEntryPointFailureHandler.java b/web/src/main/java/org/springframework/security/web/server/authentication/ServerAuthenticationEntryPointFailureHandler.java
index bf72697386..3ee108c4a6 100644
--- a/web/src/main/java/org/springframework/security/web/server/authentication/ServerAuthenticationEntryPointFailureHandler.java
+++ b/web/src/main/java/org/springframework/security/web/server/authentication/ServerAuthenticationEntryPointFailureHandler.java
@@ -23,24 +23,24 @@ import org.springframework.util.Assert;
 import reactor.core.publisher.Mono;
 
 /**
- * Adapts a {@link ServerAuthenticationEntryPoint} into a {@link ServerAuthenticationFailureHandler}
+ * Adapts a {@link ServerAuthenticationEntryPoint} into a
+ * {@link ServerAuthenticationFailureHandler}
+ *
  * @author Rob Winch
  * @since 5.0
  */
-public class ServerAuthenticationEntryPointFailureHandler
-	implements ServerAuthenticationFailureHandler {
+public class ServerAuthenticationEntryPointFailureHandler implements ServerAuthenticationFailureHandler {
+
 	private final ServerAuthenticationEntryPoint authenticationEntryPoint;
 
-	public ServerAuthenticationEntryPointFailureHandler(
-		ServerAuthenticationEntryPoint authenticationEntryPoint) {
+	public ServerAuthenticationEntryPointFailureHandler(ServerAuthenticationEntryPoint authenticationEntryPoint) {
 		Assert.notNull(authenticationEntryPoint, "authenticationEntryPoint cannot be null");
 		this.authenticationEntryPoint = authenticationEntryPoint;
 	}
 
 	@Override
-	public Mono<Void> onAuthenticationFailure(WebFilterExchange webFilterExchange,
-		AuthenticationException exception) {
-		return this.authenticationEntryPoint
-			.commence(webFilterExchange.getExchange(), exception);
+	public Mono<Void> onAuthenticationFailure(WebFilterExchange webFilterExchange, AuthenticationException exception) {
+		return this.authenticationEntryPoint.commence(webFilterExchange.getExchange(), exception);
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/ServerAuthenticationFailureHandler.java b/web/src/main/java/org/springframework/security/web/server/authentication/ServerAuthenticationFailureHandler.java
index feb0fad60f..cc858e0164 100644
--- a/web/src/main/java/org/springframework/security/web/server/authentication/ServerAuthenticationFailureHandler.java
+++ b/web/src/main/java/org/springframework/security/web/server/authentication/ServerAuthenticationFailureHandler.java
@@ -28,6 +28,7 @@ import org.springframework.security.web.server.WebFilterExchange;
  * @since 5.0
  */
 public interface ServerAuthenticationFailureHandler {
+
 	/**
 	 * Invoked when authentication attempt fails
 	 * @param webFilterExchange the exchange
@@ -35,4 +36,5 @@ public interface ServerAuthenticationFailureHandler {
 	 * @return a completion notification (success or error)
 	 */
 	Mono<Void> onAuthenticationFailure(WebFilterExchange webFilterExchange, AuthenticationException exception);
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/ServerAuthenticationSuccessHandler.java b/web/src/main/java/org/springframework/security/web/server/authentication/ServerAuthenticationSuccessHandler.java
index 5b4a56fb8d..77a1460e0a 100644
--- a/web/src/main/java/org/springframework/security/web/server/authentication/ServerAuthenticationSuccessHandler.java
+++ b/web/src/main/java/org/springframework/security/web/server/authentication/ServerAuthenticationSuccessHandler.java
@@ -22,16 +22,18 @@ import reactor.core.publisher.Mono;
 
 /**
  * Handles authentication success
+ *
  * @author Rob Winch
  * @since 5.0
  */
 public interface ServerAuthenticationSuccessHandler {
+
 	/**
 	 * Invoked when the application authenticates successfully
 	 * @param webFilterExchange the exchange
 	 * @param authentication the {@link Authentication}
 	 * @return a completion notification (success or error)
 	 */
-	Mono<Void> onAuthenticationSuccess(WebFilterExchange webFilterExchange,
-		Authentication authentication);
+	Mono<Void> onAuthenticationSuccess(WebFilterExchange webFilterExchange, Authentication authentication);
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/ServerFormLoginAuthenticationConverter.java b/web/src/main/java/org/springframework/security/web/server/authentication/ServerFormLoginAuthenticationConverter.java
index fb2e8f7607..07ecda24f1 100644
--- a/web/src/main/java/org/springframework/security/web/server/authentication/ServerFormLoginAuthenticationConverter.java
+++ b/web/src/main/java/org/springframework/security/web/server/authentication/ServerFormLoginAuthenticationConverter.java
@@ -35,4 +35,5 @@ public class ServerFormLoginAuthenticationConverter
 	public Mono<Authentication> convert(ServerWebExchange exchange) {
 		return apply(exchange);
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/ServerHttpBasicAuthenticationConverter.java b/web/src/main/java/org/springframework/security/web/server/authentication/ServerHttpBasicAuthenticationConverter.java
index 563e24e9dd..16553e78e9 100644
--- a/web/src/main/java/org/springframework/security/web/server/authentication/ServerHttpBasicAuthenticationConverter.java
+++ b/web/src/main/java/org/springframework/security/web/server/authentication/ServerHttpBasicAuthenticationConverter.java
@@ -20,7 +20,8 @@ import org.springframework.web.server.ServerWebExchange;
 import reactor.core.publisher.Mono;
 
 /**
- * Converts from a {@link ServerWebExchange} to an {@link Authentication} that can be authenticated.
+ * Converts from a {@link ServerWebExchange} to an {@link Authentication} that can be
+ * authenticated.
  *
  * @author Rob Winch
  * @since 5.1
@@ -30,9 +31,9 @@ public class ServerHttpBasicAuthenticationConverter
 		extends org.springframework.security.web.server.ServerHttpBasicAuthenticationConverter
 		implements ServerAuthenticationConverter {
 
-
 	@Override
 	public Mono<Authentication> convert(ServerWebExchange exchange) {
 		return apply(exchange);
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/ServerX509AuthenticationConverter.java b/web/src/main/java/org/springframework/security/web/server/authentication/ServerX509AuthenticationConverter.java
index 9757150c1d..00f585b88b 100644
--- a/web/src/main/java/org/springframework/security/web/server/authentication/ServerX509AuthenticationConverter.java
+++ b/web/src/main/java/org/springframework/security/web/server/authentication/ServerX509AuthenticationConverter.java
@@ -29,7 +29,8 @@ import reactor.core.publisher.Mono;
 import java.security.cert.X509Certificate;
 
 /**
- * Converts from a {@link SslInfo} provided by a request to an {@link PreAuthenticatedAuthenticationToken} that can be authenticated.
+ * Converts from a {@link SslInfo} provided by a request to an
+ * {@link PreAuthenticatedAuthenticationToken} that can be authenticated.
  *
  * @author Alexey Nesterov
  * @since 5.2
@@ -37,6 +38,7 @@ import java.security.cert.X509Certificate;
 public class ServerX509AuthenticationConverter implements ServerAuthenticationConverter {
 
 	protected final Log logger = LogFactory.getLog(getClass());
+
 	private final X509PrincipalExtractor principalExtractor;
 
 	public ServerX509AuthenticationConverter(@NonNull X509PrincipalExtractor principalExtractor) {
@@ -65,9 +67,10 @@ public class ServerX509AuthenticationConverter implements ServerAuthenticationCo
 		X509Certificate clientCertificate = sslInfo.getPeerCertificates()[0];
 		Object principal = this.principalExtractor.extractPrincipal(clientCertificate);
 
-		PreAuthenticatedAuthenticationToken authRequest = new PreAuthenticatedAuthenticationToken(
-				principal, clientCertificate);
+		PreAuthenticatedAuthenticationToken authRequest = new PreAuthenticatedAuthenticationToken(principal,
+				clientCertificate);
 
 		return Mono.just(authRequest);
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/SwitchUserWebFilter.java b/web/src/main/java/org/springframework/security/web/server/authentication/SwitchUserWebFilter.java
index f545b7bcc0..b21a7b4a09 100644
--- a/web/src/main/java/org/springframework/security/web/server/authentication/SwitchUserWebFilter.java
+++ b/web/src/main/java/org/springframework/security/web/server/authentication/SwitchUserWebFilter.java
@@ -52,13 +52,14 @@ import java.util.List;
 import java.util.Optional;
 
 /**
- * Switch User processing filter responsible for user context switching.
- * A common use-case for this feature is the ability to allow
- * higher-authority users (e.g. ROLE_ADMIN) to switch to a regular user (e.g. ROLE_USER).
+ * Switch User processing filter responsible for user context switching. A common use-case
+ * for this feature is the ability to allow higher-authority users (e.g. ROLE_ADMIN) to
+ * switch to a regular user (e.g. ROLE_USER).
  * <p>
  * This filter assumes that the user performing the switch will be required to be logged
- * in as normal user (i.e. with a ROLE_ADMIN role). The user will then access a page/controller
- * that enables the administrator to specify who they wish to become (see <code>switchUserUrl</code>).
+ * in as normal user (i.e. with a ROLE_ADMIN role). The user will then access a
+ * page/controller that enables the administrator to specify who they wish to become (see
+ * <code>switchUserUrl</code>).
  * <p>
  * <b>Note: This URL will be required to have appropriate security constraints configured
  * so that only users of that role can access it (e.g. ROLE_ADMIN).</b>
@@ -70,14 +71,16 @@ import java.util.Optional;
  * user is already currently switched, and any current switch will be exited to prevent
  * "nested" switches.
  * <p>
- * To 'exit' from a user context, the user needs to access a URL (see <code>exitUserUrl</code>)
- * that will switch back to the original user as identified by the <code>ROLE_PREVIOUS_ADMINISTRATOR</code>.
+ * To 'exit' from a user context, the user needs to access a URL (see
+ * <code>exitUserUrl</code>) that will switch back to the original user as identified by
+ * the <code>ROLE_PREVIOUS_ADMINISTRATOR</code>.
  * <p>
  * To configure the Switch User Processing Filter, create a bean definition for the Switch
  * User processing filter and add to the filterChainProxy. Note that the filter must come
- * <b>after</b> the {@link org.springframework.security.config.web.server.SecurityWebFiltersOrder#AUTHORIZATION}
- * in the chain, in order to apply the correct constraints to the <tt>switchUserUrl</tt>. Example:
- * <pre>
+ * <b>after</b> the
+ * {@link org.springframework.security.config.web.server.SecurityWebFiltersOrder#AUTHORIZATION}
+ * in the chain, in order to apply the correct constraints to the <tt>switchUserUrl</tt>.
+ * Example: <pre>
  * SwitchUserWebFilter filter = new SwitchUserWebFilter(userDetailsService, loginSuccessHandler, failureHandler);
  * http.addFilterAfter(filter, SecurityWebFiltersOrder.AUTHORIZATION);
  * </pre>
@@ -91,25 +94,30 @@ public class SwitchUserWebFilter implements WebFilter {
 	private final Log logger = LogFactory.getLog(getClass());
 
 	public static final String SPRING_SECURITY_SWITCH_USERNAME_KEY = "username";
+
 	public static final String ROLE_PREVIOUS_ADMINISTRATOR = "ROLE_PREVIOUS_ADMINISTRATOR";
 
 	private final ServerAuthenticationSuccessHandler successHandler;
+
 	private final ServerAuthenticationFailureHandler failureHandler;
+
 	private final ReactiveUserDetailsService userDetailsService;
+
 	private final UserDetailsChecker userDetailsChecker;
 
 	private ServerSecurityContextRepository securityContextRepository;
 
 	private ServerWebExchangeMatcher switchUserMatcher = createMatcher("/login/impersonate");
+
 	private ServerWebExchangeMatcher exitUserMatcher = createMatcher("/logout/impersonate");
 
 	/**
 	 * Creates a filter for the user context switching
-	 *
 	 * @param userDetailsService The <tt>UserDetailService</tt> which will be used to load
-	 *                           information for the user that is being switched to.
-	 * @param successHandler     Used to define custom behaviour on a successful switch or exit user.
-	 * @param failureHandler     Used to define custom behaviour when a switch fails.
+	 * information for the user that is being switched to.
+	 * @param successHandler Used to define custom behaviour on a successful switch or
+	 * exit user.
+	 * @param failureHandler Used to define custom behaviour when a switch fails.
 	 */
 	public SwitchUserWebFilter(ReactiveUserDetailsService userDetailsService,
 			ServerAuthenticationSuccessHandler successHandler,
@@ -127,14 +135,15 @@ public class SwitchUserWebFilter implements WebFilter {
 
 	/**
 	 * Creates a filter for the user context switching
-	 *
 	 * @param userDetailsService The <tt>UserDetailService</tt> which will be used to load
-	 *                           information for the user that is being switched to.
-	 * @param successTargetUrl   Sets the URL to go to after a successful switch / exit user request
-	 * @param failureTargetUrl   The URL to which a user should be redirected if the switch fails
+	 * information for the user that is being switched to.
+	 * @param successTargetUrl Sets the URL to go to after a successful switch / exit user
+	 * request
+	 * @param failureTargetUrl The URL to which a user should be redirected if the switch
+	 * fails
 	 */
-	public SwitchUserWebFilter(ReactiveUserDetailsService userDetailsService,
-			String successTargetUrl, @Nullable String failureTargetUrl) {
+	public SwitchUserWebFilter(ReactiveUserDetailsService userDetailsService, String successTargetUrl,
+			@Nullable String failureTargetUrl) {
 		Assert.notNull(userDetailsService, "userDetailsService must be specified");
 		Assert.notNull(successTargetUrl, "successTargetUrl must be specified");
 
@@ -143,7 +152,8 @@ public class SwitchUserWebFilter implements WebFilter {
 
 		if (failureTargetUrl != null) {
 			this.failureHandler = new RedirectServerAuthenticationFailureHandler(failureTargetUrl);
-		} else {
+		}
+		else {
 			this.failureHandler = null;
 		}
 
@@ -155,8 +165,7 @@ public class SwitchUserWebFilter implements WebFilter {
 	public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
 		final WebFilterExchange webFilterExchange = new WebFilterExchange(exchange, chain);
 
-		return switchUser(webFilterExchange)
-				.switchIfEmpty(Mono.defer(() -> exitSwitchUser(webFilterExchange)))
+		return switchUser(webFilterExchange).switchIfEmpty(Mono.defer(() -> exitSwitchUser(webFilterExchange)))
 				.switchIfEmpty(Mono.defer(() -> chain.filter(exchange).then(Mono.empty())))
 				.flatMap(authentication -> onAuthenticationSuccess(authentication, webFilterExchange))
 				.onErrorResume(SwitchUserAuthenticationException.class, exception -> Mono.empty());
@@ -164,49 +173,42 @@ public class SwitchUserWebFilter implements WebFilter {
 
 	/**
 	 * Attempt to switch to another user.
-	 *
 	 * @param webFilterExchange The web filter exchange
 	 * @return The new <code>Authentication</code> object if successfully switched to
 	 * another user, <code>Mono.empty()</code> otherwise.
-	 * @throws AuthenticationCredentialsNotFoundException If the target user can not be found by username
+	 * @throws AuthenticationCredentialsNotFoundException If the target user can not be
+	 * found by username
 	 */
 	protected Mono<Authentication> switchUser(WebFilterExchange webFilterExchange) {
 		return switchUserMatcher.matches(webFilterExchange.getExchange())
 				.filter(ServerWebExchangeMatcher.MatchResult::isMatch)
 				.flatMap(matchResult -> ReactiveSecurityContextHolder.getContext())
-				.map(SecurityContext::getAuthentication)
-				.flatMap(currentAuthentication -> {
+				.map(SecurityContext::getAuthentication).flatMap(currentAuthentication -> {
 					final String username = getUsername(webFilterExchange.getExchange());
 					return attemptSwitchUser(currentAuthentication, username);
-				})
-				.onErrorResume(AuthenticationException.class, e ->
-						onAuthenticationFailure(e, webFilterExchange)
-								.then(Mono.error(new SwitchUserAuthenticationException(e)))
-				);
+				}).onErrorResume(AuthenticationException.class, e -> onAuthenticationFailure(e, webFilterExchange)
+						.then(Mono.error(new SwitchUserAuthenticationException(e))));
 	}
 
 	/**
 	 * Attempt to exit from an already switched user.
-	 *
 	 * @param webFilterExchange The web filter exchange
 	 * @return The original <code>Authentication</code> object.
-	 * @throws AuthenticationCredentialsNotFoundException If there is no <code>Authentication</code> associated
-	 *                                                    with this request or the user is not switched.
+	 * @throws AuthenticationCredentialsNotFoundException If there is no
+	 * <code>Authentication</code> associated with this request or the user is not
+	 * switched.
 	 */
 	protected Mono<Authentication> exitSwitchUser(WebFilterExchange webFilterExchange) {
 		return exitUserMatcher.matches(webFilterExchange.getExchange())
 				.filter(ServerWebExchangeMatcher.MatchResult::isMatch)
-				.flatMap(matchResult ->
-						ReactiveSecurityContextHolder.getContext()
-								.map(SecurityContext::getAuthentication)
-								.switchIfEmpty(Mono.error(this::noCurrentUserException))
-				)
+				.flatMap(matchResult -> ReactiveSecurityContextHolder.getContext()
+						.map(SecurityContext::getAuthentication)
+						.switchIfEmpty(Mono.error(this::noCurrentUserException)))
 				.map(this::attemptExitUser);
 	}
 
 	/**
 	 * Returns the name of the target user.
-	 *
 	 * @param exchange The server web exchange
 	 * @return the name of the target user.
 	 */
@@ -223,8 +225,7 @@ public class SwitchUserWebFilter implements WebFilter {
 		}
 
 		return userDetailsService.findByUsername(userName)
-				.switchIfEmpty(Mono.error(this::noTargetAuthenticationException))
-				.doOnNext(userDetailsChecker::check)
+				.switchIfEmpty(Mono.error(this::noTargetAuthenticationException)).doOnNext(userDetailsChecker::check)
 				.map(userDetails -> createSwitchUserToken(userDetails, currentAuthentication));
 	}
 
@@ -248,14 +249,11 @@ public class SwitchUserWebFilter implements WebFilter {
 				.subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(securityContext)));
 	}
 
-	private Mono<Void> onAuthenticationFailure(AuthenticationException exception,
-			WebFilterExchange webFilterExchange) {
-		return Mono.justOrEmpty(failureHandler)
-				.switchIfEmpty(Mono.defer(() -> {
-					logger.error("Switch User failed", exception);
-					return Mono.error(exception);
-				}))
-				.flatMap(failureHandler -> failureHandler.onAuthenticationFailure(webFilterExchange, exception));
+	private Mono<Void> onAuthenticationFailure(AuthenticationException exception, WebFilterExchange webFilterExchange) {
+		return Mono.justOrEmpty(failureHandler).switchIfEmpty(Mono.defer(() -> {
+			logger.error("Switch User failed", exception);
+			return Mono.error(exception);
+		})).flatMap(failureHandler -> failureHandler.onAuthenticationFailure(webFilterExchange, exception));
 	}
 
 	private Authentication createSwitchUserToken(UserDetails targetUser, Authentication currentAuthentication) {
@@ -267,16 +265,15 @@ public class SwitchUserWebFilter implements WebFilter {
 			currentAuthentication = sourceAuthentication.get();
 		}
 
-		final GrantedAuthority switchAuthority =
-				new SwitchUserGrantedAuthority(ROLE_PREVIOUS_ADMINISTRATOR, currentAuthentication);
+		final GrantedAuthority switchAuthority = new SwitchUserGrantedAuthority(ROLE_PREVIOUS_ADMINISTRATOR,
+				currentAuthentication);
 		final Collection<? extends GrantedAuthority> targetUserAuthorities = targetUser.getAuthorities();
 
 		final List<GrantedAuthority> extendedTargetUserAuthorities = new ArrayList<>(targetUserAuthorities);
 		extendedTargetUserAuthorities.add(switchAuthority);
 
-		return new UsernamePasswordAuthenticationToken(
-				targetUser, targetUser.getPassword(), extendedTargetUserAuthorities
-		);
+		return new UsernamePasswordAuthenticationToken(targetUser, targetUser.getPassword(),
+				extendedTargetUserAuthorities);
 	}
 
 	/**
@@ -284,10 +281,9 @@ public class SwitchUserWebFilter implements WebFilter {
 	 * granted authorities. A successfully switched user should have a
 	 * <code>SwitchUserGrantedAuthority</code> that contains the original source user
 	 * <code>Authentication</code> object.
-	 *
 	 * @param currentAuthentication The current <code>Authentication</code> object
-	 * @return The source user <code>Authentication</code> object or <code>Optional.empty</code>
-	 * otherwise.
+	 * @return The source user <code>Authentication</code> object or
+	 * <code>Optional.empty</code> otherwise.
 	 */
 	private Optional<Authentication> extractSourceAuthentication(Authentication currentAuthentication) {
 		// iterate over granted authorities and find the 'switch user' authority
@@ -305,44 +301,38 @@ public class SwitchUserWebFilter implements WebFilter {
 	}
 
 	private AuthenticationCredentialsNotFoundException noCurrentUserException() {
-		return new AuthenticationCredentialsNotFoundException(
-				"No current user associated with this request"
-		);
+		return new AuthenticationCredentialsNotFoundException("No current user associated with this request");
 	}
 
 	private AuthenticationCredentialsNotFoundException noOriginalAuthenticationException() {
-		return new AuthenticationCredentialsNotFoundException(
-				"Could not find original Authentication object"
-		);
+		return new AuthenticationCredentialsNotFoundException("Could not find original Authentication object");
 	}
 
 	private AuthenticationCredentialsNotFoundException noTargetAuthenticationException() {
-		return new AuthenticationCredentialsNotFoundException(
-				"No target user for the given username"
-		);
+		return new AuthenticationCredentialsNotFoundException("No target user for the given username");
 	}
 
 	private static class SwitchUserAuthenticationException extends RuntimeException {
+
 		SwitchUserAuthenticationException(AuthenticationException exception) {
 			super(exception);
 		}
+
 	}
 
 	/**
-	 * Sets the repository for persisting the SecurityContext. Default is {@link WebSessionServerSecurityContextRepository}
-	 *
+	 * Sets the repository for persisting the SecurityContext. Default is
+	 * {@link WebSessionServerSecurityContextRepository}
 	 * @param securityContextRepository the repository to use
 	 */
-	public void setSecurityContextRepository(
-			ServerSecurityContextRepository securityContextRepository) {
+	public void setSecurityContextRepository(ServerSecurityContextRepository securityContextRepository) {
 		Assert.notNull(securityContextRepository, "securityContextRepository cannot be null");
 		this.securityContextRepository = securityContextRepository;
 	}
 
 	/**
-	 * Set the URL to respond to exit user processing. This is a shortcut for
-	 * * {@link #setExitUserMatcher(ServerWebExchangeMatcher)}
-	 *
+	 * Set the URL to respond to exit user processing. This is a shortcut for *
+	 * {@link #setExitUserMatcher(ServerWebExchangeMatcher)}
 	 * @param exitUserUrl The exit user URL.
 	 */
 	public void setExitUserUrl(String exitUserUrl) {
@@ -353,7 +343,6 @@ public class SwitchUserWebFilter implements WebFilter {
 
 	/**
 	 * Set the matcher to respond to exit user processing.
-	 *
 	 * @param exitUserMatcher The exit matcher to use
 	 */
 	public void setExitUserMatcher(ServerWebExchangeMatcher exitUserMatcher) {
@@ -364,7 +353,6 @@ public class SwitchUserWebFilter implements WebFilter {
 	/**
 	 * Set the URL to respond to switch user processing. This is a shortcut for
 	 * {@link #setSwitchUserMatcher(ServerWebExchangeMatcher)}
-	 *
 	 * @param switchUserUrl The switch user URL.
 	 */
 	public void setSwitchUserUrl(String switchUserUrl) {
@@ -375,11 +363,11 @@ public class SwitchUserWebFilter implements WebFilter {
 
 	/**
 	 * Set the matcher to respond to switch user processing.
-	 *
 	 * @param switchUserMatcher The switch user matcher.
 	 */
 	public void setSwitchUserMatcher(ServerWebExchangeMatcher switchUserMatcher) {
 		Assert.notNull(switchUserMatcher, "switchUserMatcher cannot be null");
 		this.switchUserMatcher = switchUserMatcher;
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/WebFilterChainServerAuthenticationSuccessHandler.java b/web/src/main/java/org/springframework/security/web/server/authentication/WebFilterChainServerAuthenticationSuccessHandler.java
index b3fb53994c..419bb768b3 100644
--- a/web/src/main/java/org/springframework/security/web/server/authentication/WebFilterChainServerAuthenticationSuccessHandler.java
+++ b/web/src/main/java/org/springframework/security/web/server/authentication/WebFilterChainServerAuthenticationSuccessHandler.java
@@ -27,12 +27,12 @@ import reactor.core.publisher.Mono;
  * @author Rob Winch
  * @since 5.0
  */
-public class WebFilterChainServerAuthenticationSuccessHandler
-	implements ServerAuthenticationSuccessHandler {
+public class WebFilterChainServerAuthenticationSuccessHandler implements ServerAuthenticationSuccessHandler {
+
 	@Override
-	public Mono<Void> onAuthenticationSuccess(WebFilterExchange webFilterExchange,
-		Authentication authentication) {
+	public Mono<Void> onAuthenticationSuccess(WebFilterExchange webFilterExchange, Authentication authentication) {
 		ServerWebExchange exchange = webFilterExchange.getExchange();
 		return webFilterExchange.getChain().filter(exchange);
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/logout/DelegatingServerLogoutHandler.java b/web/src/main/java/org/springframework/security/web/server/authentication/logout/DelegatingServerLogoutHandler.java
index 9b6567227d..d8e2fd6f81 100644
--- a/web/src/main/java/org/springframework/security/web/server/authentication/logout/DelegatingServerLogoutHandler.java
+++ b/web/src/main/java/org/springframework/security/web/server/authentication/logout/DelegatingServerLogoutHandler.java
@@ -35,6 +35,7 @@ import org.springframework.util.Assert;
  * @since 5.1
  */
 public class DelegatingServerLogoutHandler implements ServerLogoutHandler {
+
 	private final List<ServerLogoutHandler> delegates = new ArrayList<>();
 
 	public DelegatingServerLogoutHandler(ServerLogoutHandler... delegates) {
@@ -49,8 +50,8 @@ public class DelegatingServerLogoutHandler implements ServerLogoutHandler {
 
 	@Override
 	public Mono<Void> logout(WebFilterExchange exchange, Authentication authentication) {
-		return Flux.fromIterable(this.delegates)
-			.concatMap(delegate -> delegate.logout(exchange, authentication))
-			.then();
+		return Flux.fromIterable(this.delegates).concatMap(delegate -> delegate.logout(exchange, authentication))
+				.then();
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/logout/HeaderWriterServerLogoutHandler.java b/web/src/main/java/org/springframework/security/web/server/authentication/logout/HeaderWriterServerLogoutHandler.java
index ddecd55015..3694bbcb70 100644
--- a/web/src/main/java/org/springframework/security/web/server/authentication/logout/HeaderWriterServerLogoutHandler.java
+++ b/web/src/main/java/org/springframework/security/web/server/authentication/logout/HeaderWriterServerLogoutHandler.java
@@ -23,17 +23,21 @@ import org.springframework.util.Assert;
 import reactor.core.publisher.Mono;
 
 /**
- * <p>A {@link ServerLogoutHandler} implementation which writes HTTP headers during logout.</p>
+ * <p>
+ * A {@link ServerLogoutHandler} implementation which writes HTTP headers during logout.
+ * </p>
  *
  * @author MD Sayem Ahmed
  * @since 5.2
  */
 public final class HeaderWriterServerLogoutHandler implements ServerLogoutHandler {
+
 	private final ServerHttpHeadersWriter headersWriter;
 
 	/**
-	 * <p>Constructs a new instance using the {@link ServerHttpHeadersWriter} implementation.</p>
-
+	 * <p>
+	 * Constructs a new instance using the {@link ServerHttpHeadersWriter} implementation.
+	 * </p>
 	 * @param headersWriter a {@link ServerHttpHeadersWriter} implementation
 	 * @throws IllegalArgumentException if the argument is null
 	 */
@@ -44,7 +48,7 @@ public final class HeaderWriterServerLogoutHandler implements ServerLogoutHandle
 
 	@Override
 	public Mono<Void> logout(WebFilterExchange exchange, Authentication authentication) {
-		return this.headersWriter
-				.writeHttpHeaders(exchange.getExchange());
+		return this.headersWriter.writeHttpHeaders(exchange.getExchange());
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/logout/HttpStatusReturningServerLogoutSuccessHandler.java b/web/src/main/java/org/springframework/security/web/server/authentication/logout/HttpStatusReturningServerLogoutSuccessHandler.java
index 725fc9abee..fba83e1daa 100644
--- a/web/src/main/java/org/springframework/security/web/server/authentication/logout/HttpStatusReturningServerLogoutSuccessHandler.java
+++ b/web/src/main/java/org/springframework/security/web/server/authentication/logout/HttpStatusReturningServerLogoutSuccessHandler.java
@@ -24,18 +24,20 @@ import org.springframework.util.Assert;
 import reactor.core.publisher.Mono;
 
 /**
- * Implementation of the {@link ServerLogoutSuccessHandler}. By default returns an HTTP status code of {@code 200}.
- * This is useful in REST-type scenarios where a redirect upon a successful logout is not desired.
+ * Implementation of the {@link ServerLogoutSuccessHandler}. By default returns an HTTP
+ * status code of {@code 200}. This is useful in REST-type scenarios where a redirect upon
+ * a successful logout is not desired.
  *
  * @author Eric Deandrea
  * @since 5.1
  */
 public class HttpStatusReturningServerLogoutSuccessHandler implements ServerLogoutSuccessHandler {
+
 	private final HttpStatus httpStatusToReturn;
 
 	/**
-	 * Initialize the {@code HttpStatusReturningServerLogoutSuccessHandler} with a user-defined {@link HttpStatus}.
-	 *
+	 * Initialize the {@code HttpStatusReturningServerLogoutSuccessHandler} with a
+	 * user-defined {@link HttpStatus}.
 	 * @param httpStatusToReturn Must not be {@code null}.
 	 */
 	public HttpStatusReturningServerLogoutSuccessHandler(HttpStatus httpStatusToReturn) {
@@ -44,16 +46,17 @@ public class HttpStatusReturningServerLogoutSuccessHandler implements ServerLogo
 	}
 
 	/**
-	 * Initialize the {@code HttpStatusReturningServerLogoutSuccessHandler} with the default {@link HttpStatus#OK}.
+	 * Initialize the {@code HttpStatusReturningServerLogoutSuccessHandler} with the
+	 * default {@link HttpStatus#OK}.
 	 */
 	public HttpStatusReturningServerLogoutSuccessHandler() {
 		this.httpStatusToReturn = HttpStatus.OK;
 	}
 
 	/**
-	 * Implementation of {@link ServerLogoutSuccessHandler#onLogoutSuccess(WebFilterExchange, Authentication)}. Sets the status
-	 * on the {@link WebFilterExchange}.
-	 *
+	 * Implementation of
+	 * {@link ServerLogoutSuccessHandler#onLogoutSuccess(WebFilterExchange, Authentication)}.
+	 * Sets the status on the {@link WebFilterExchange}.
 	 * @param exchange The exchange
 	 * @param authentication The {@link Authentication}
 	 * @return A completion notification (success or error)
@@ -62,4 +65,5 @@ public class HttpStatusReturningServerLogoutSuccessHandler implements ServerLogo
 	public Mono<Void> onLogoutSuccess(WebFilterExchange exchange, Authentication authentication) {
 		return Mono.fromRunnable(() -> exchange.getExchange().getResponse().setStatusCode(this.httpStatusToReturn));
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/logout/LogoutWebFilter.java b/web/src/main/java/org/springframework/security/web/server/authentication/logout/LogoutWebFilter.java
index a2a7f6eff6..70d8976db8 100644
--- a/web/src/main/java/org/springframework/security/web/server/authentication/logout/LogoutWebFilter.java
+++ b/web/src/main/java/org/springframework/security/web/server/authentication/logout/LogoutWebFilter.java
@@ -42,60 +42,55 @@ import org.springframework.web.server.WebFilterChain;
  * @since 5.0
  */
 public class LogoutWebFilter implements WebFilter {
+
 	private static final Log logger = LogFactory.getLog(LogoutWebFilter.class);
 
-	private AnonymousAuthenticationToken anonymousAuthenticationToken = new AnonymousAuthenticationToken("key", "anonymous",
-		AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS"));
+	private AnonymousAuthenticationToken anonymousAuthenticationToken = new AnonymousAuthenticationToken("key",
+			"anonymous", AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS"));
 
 	private ServerLogoutHandler logoutHandler = new SecurityContextServerLogoutHandler();
 
 	private ServerLogoutSuccessHandler logoutSuccessHandler = new RedirectServerLogoutSuccessHandler();
 
-	private ServerWebExchangeMatcher requiresLogout = ServerWebExchangeMatchers
-		.pathMatchers(HttpMethod.POST, "/logout");
+	private ServerWebExchangeMatcher requiresLogout = ServerWebExchangeMatchers.pathMatchers(HttpMethod.POST,
+			"/logout");
 
 	@Override
 	public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
-		return this.requiresLogout.matches(exchange)
-			.filter( result -> result.isMatch())
-			.switchIfEmpty(chain.filter(exchange).then(Mono.empty()))
-			.map(result -> exchange)
-			.flatMap(this::flatMapAuthentication)
-			.flatMap( authentication -> {
-				WebFilterExchange webFilterExchange = new WebFilterExchange(exchange, chain);
-				return logout(webFilterExchange, authentication);
-			});
+		return this.requiresLogout.matches(exchange).filter(result -> result.isMatch())
+				.switchIfEmpty(chain.filter(exchange).then(Mono.empty())).map(result -> exchange)
+				.flatMap(this::flatMapAuthentication).flatMap(authentication -> {
+					WebFilterExchange webFilterExchange = new WebFilterExchange(exchange, chain);
+					return logout(webFilterExchange, authentication);
+				});
 	}
 
 	private Mono<Authentication> flatMapAuthentication(ServerWebExchange exchange) {
-		return exchange.getPrincipal()
-			.cast(Authentication.class)
-			.defaultIfEmpty(this.anonymousAuthenticationToken);
+		return exchange.getPrincipal().cast(Authentication.class).defaultIfEmpty(this.anonymousAuthenticationToken);
 	}
 
 	private Mono<Void> logout(WebFilterExchange webFilterExchange, Authentication authentication) {
 		if (logger.isDebugEnabled()) {
-			logger.debug("Logging out user '" + authentication
-					+ "' and transferring to logout destination");
+			logger.debug("Logging out user '" + authentication + "' and transferring to logout destination");
 		}
 		return this.logoutHandler.logout(webFilterExchange, authentication)
-			.then(this.logoutSuccessHandler
-				.onLogoutSuccess(webFilterExchange, authentication))
-			.subscriberContext(ReactiveSecurityContextHolder.clearContext());
+				.then(this.logoutSuccessHandler.onLogoutSuccess(webFilterExchange, authentication))
+				.subscriberContext(ReactiveSecurityContextHolder.clearContext());
 	}
 
 	/**
-	 * Sets the {@link ServerLogoutSuccessHandler}. The default is {@link RedirectServerLogoutSuccessHandler}.
+	 * Sets the {@link ServerLogoutSuccessHandler}. The default is
+	 * {@link RedirectServerLogoutSuccessHandler}.
 	 * @param logoutSuccessHandler the handler to use
 	 */
-	public void setLogoutSuccessHandler(
-		ServerLogoutSuccessHandler logoutSuccessHandler) {
+	public void setLogoutSuccessHandler(ServerLogoutSuccessHandler logoutSuccessHandler) {
 		Assert.notNull(logoutSuccessHandler, "logoutSuccessHandler cannot be null");
 		this.logoutSuccessHandler = logoutSuccessHandler;
 	}
 
 	/**
-	 * Sets the {@link ServerLogoutHandler}. The default is {@link SecurityContextServerLogoutHandler}.
+	 * Sets the {@link ServerLogoutHandler}. The default is
+	 * {@link SecurityContextServerLogoutHandler}.
 	 * @param logoutHandler The handler to use
 	 */
 	public void setLogoutHandler(ServerLogoutHandler logoutHandler) {
@@ -107,4 +102,5 @@ public class LogoutWebFilter implements WebFilter {
 		Assert.notNull(requiresLogoutMatcher, "requiresLogoutMatcher must not be null");
 		this.requiresLogout = requiresLogoutMatcher;
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/logout/RedirectServerLogoutSuccessHandler.java b/web/src/main/java/org/springframework/security/web/server/authentication/logout/RedirectServerLogoutSuccessHandler.java
index e8e9dbc9d2..979411df46 100644
--- a/web/src/main/java/org/springframework/security/web/server/authentication/logout/RedirectServerLogoutSuccessHandler.java
+++ b/web/src/main/java/org/springframework/security/web/server/authentication/logout/RedirectServerLogoutSuccessHandler.java
@@ -27,10 +27,12 @@ import java.net.URI;
 
 /**
  * Performs a redirect on log out success.
+ *
  * @author Rob Winch
  * @since 5.0
  */
 public class RedirectServerLogoutSuccessHandler implements ServerLogoutSuccessHandler {
+
 	public static final String DEFAULT_LOGOUT_SUCCESS_URL = "/login?logout";
 
 	private URI logoutSuccessUrl = URI.create(DEFAULT_LOGOUT_SUCCESS_URL);
@@ -39,8 +41,7 @@ public class RedirectServerLogoutSuccessHandler implements ServerLogoutSuccessHa
 
 	@Override
 	public Mono<Void> onLogoutSuccess(WebFilterExchange exchange, Authentication authentication) {
-		return this.redirectStrategy
-			.sendRedirect(exchange.getExchange(), this.logoutSuccessUrl);
+		return this.redirectStrategy.sendRedirect(exchange.getExchange(), this.logoutSuccessUrl);
 	}
 
 	/**
@@ -51,4 +52,5 @@ public class RedirectServerLogoutSuccessHandler implements ServerLogoutSuccessHa
 		Assert.notNull(logoutSuccessUrl, "logoutSuccessUrl cannot be null");
 		this.logoutSuccessUrl = logoutSuccessUrl;
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/logout/SecurityContextServerLogoutHandler.java b/web/src/main/java/org/springframework/security/web/server/authentication/logout/SecurityContextServerLogoutHandler.java
index d2ab0b56b1..76647e1abe 100644
--- a/web/src/main/java/org/springframework/security/web/server/authentication/logout/SecurityContextServerLogoutHandler.java
+++ b/web/src/main/java/org/springframework/security/web/server/authentication/logout/SecurityContextServerLogoutHandler.java
@@ -31,25 +31,23 @@ import reactor.core.publisher.Mono;
  * @since 5.0
  */
 public class SecurityContextServerLogoutHandler implements ServerLogoutHandler {
+
 	private ServerSecurityContextRepository securityContextRepository = new WebSessionServerSecurityContextRepository();
 
 	@Override
-	public Mono<Void> logout(WebFilterExchange exchange,
-		Authentication authentication) {
+	public Mono<Void> logout(WebFilterExchange exchange, Authentication authentication) {
 		return this.securityContextRepository.save(exchange.getExchange(), null);
 	}
 
 	/**
 	 * Sets the {@link ServerSecurityContextRepository} that should be used for logging
 	 * out. Default is {@link WebSessionServerSecurityContextRepository}
-	 *
-	 * @param securityContextRepository the {@link ServerSecurityContextRepository}
-	 * to use.
+	 * @param securityContextRepository the {@link ServerSecurityContextRepository} to
+	 * use.
 	 */
-	public void setSecurityContextRepository(
-		ServerSecurityContextRepository securityContextRepository) {
-		Assert.notNull(securityContextRepository,
-			"securityContextRepository cannot be null");
+	public void setSecurityContextRepository(ServerSecurityContextRepository securityContextRepository) {
+		Assert.notNull(securityContextRepository, "securityContextRepository cannot be null");
 		this.securityContextRepository = securityContextRepository;
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/logout/ServerLogoutHandler.java b/web/src/main/java/org/springframework/security/web/server/authentication/logout/ServerLogoutHandler.java
index 482d270d52..5f1d8cda5e 100644
--- a/web/src/main/java/org/springframework/security/web/server/authentication/logout/ServerLogoutHandler.java
+++ b/web/src/main/java/org/springframework/security/web/server/authentication/logout/ServerLogoutHandler.java
@@ -22,11 +22,13 @@ import reactor.core.publisher.Mono;
 
 /**
  * Handles log out
+ *
  * @author Rob Winch
  * @since 5.0
  * @see ServerLogoutSuccessHandler
  */
 public interface ServerLogoutHandler {
+
 	/**
 	 * Invoked when log out is requested
 	 * @param exchange the exchange
@@ -34,4 +36,5 @@ public interface ServerLogoutHandler {
 	 * @return a completion notification (success or error)
 	 */
 	Mono<Void> logout(WebFilterExchange exchange, Authentication authentication);
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/logout/ServerLogoutSuccessHandler.java b/web/src/main/java/org/springframework/security/web/server/authentication/logout/ServerLogoutSuccessHandler.java
index e61c7e0fcd..d7c92d9401 100644
--- a/web/src/main/java/org/springframework/security/web/server/authentication/logout/ServerLogoutSuccessHandler.java
+++ b/web/src/main/java/org/springframework/security/web/server/authentication/logout/ServerLogoutSuccessHandler.java
@@ -21,7 +21,9 @@ import org.springframework.security.web.server.WebFilterExchange;
 import reactor.core.publisher.Mono;
 
 /**
- * Strategy for when log out was successfully performed (typically after {@link ServerLogoutHandler} is invoked).
+ * Strategy for when log out was successfully performed (typically after
+ * {@link ServerLogoutHandler} is invoked).
+ *
  * @author Rob Winch
  * @since 5.0
  * @see ServerLogoutHandler
@@ -35,4 +37,5 @@ public interface ServerLogoutSuccessHandler {
 	 * @return a completion notification (success or error)
 	 */
 	Mono<Void> onLogoutSuccess(WebFilterExchange exchange, Authentication authentication);
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/authorization/AuthorizationContext.java b/web/src/main/java/org/springframework/security/web/server/authorization/AuthorizationContext.java
index d69d13ccba..7a3ec0ea8c 100644
--- a/web/src/main/java/org/springframework/security/web/server/authorization/AuthorizationContext.java
+++ b/web/src/main/java/org/springframework/security/web/server/authorization/AuthorizationContext.java
@@ -26,7 +26,9 @@ import java.util.Map;
  * @since 5.0
  */
 public class AuthorizationContext {
+
 	private final ServerWebExchange exchange;
+
 	private final Map<String, Object> variables;
 
 	public AuthorizationContext(ServerWebExchange exchange) {
@@ -45,4 +47,5 @@ public class AuthorizationContext {
 	public Map<String, Object> getVariables() {
 		return Collections.unmodifiableMap(variables);
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/authorization/AuthorizationWebFilter.java b/web/src/main/java/org/springframework/security/web/server/authorization/AuthorizationWebFilter.java
index 305cceaa57..c4db84b195 100644
--- a/web/src/main/java/org/springframework/security/web/server/authorization/AuthorizationWebFilter.java
+++ b/web/src/main/java/org/springframework/security/web/server/authorization/AuthorizationWebFilter.java
@@ -28,13 +28,14 @@ import org.springframework.web.server.WebFilterChain;
 import reactor.core.publisher.Mono;
 
 /**
- *
  * @author Rob Winch
  * @author Mathieu Ouellet
  * @since 5.0
  */
 public class AuthorizationWebFilter implements WebFilter {
+
 	private static final Log logger = LogFactory.getLog(AuthorizationWebFilter.class);
+
 	private ReactiveAuthorizationManager<? super ServerWebExchange> authorizationManager;
 
 	public AuthorizationWebFilter(ReactiveAuthorizationManager<? super ServerWebExchange> authorizationManager) {
@@ -43,20 +44,17 @@ public class AuthorizationWebFilter implements WebFilter {
 
 	@Override
 	public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
-		return ReactiveSecurityContextHolder.getContext()
-			.filter(c -> c.getAuthentication() != null)
-			.map(SecurityContext::getAuthentication)
-			.as(authentication -> this.authorizationManager.verify(authentication, exchange))
-			.doOnSuccess(it -> {
-				if (logger.isDebugEnabled()) {
-					logger.debug("Authorization successful");
-				}
-			})
-			.doOnError(AccessDeniedException.class, e -> {
-				if (logger.isDebugEnabled()) {
-					logger.debug("Authorization failed: " + e.getMessage());
-				}
-			})
-			.switchIfEmpty(chain.filter(exchange));
+		return ReactiveSecurityContextHolder.getContext().filter(c -> c.getAuthentication() != null)
+				.map(SecurityContext::getAuthentication)
+				.as(authentication -> this.authorizationManager.verify(authentication, exchange)).doOnSuccess(it -> {
+					if (logger.isDebugEnabled()) {
+						logger.debug("Authorization successful");
+					}
+				}).doOnError(AccessDeniedException.class, e -> {
+					if (logger.isDebugEnabled()) {
+						logger.debug("Authorization failed: " + e.getMessage());
+					}
+				}).switchIfEmpty(chain.filter(exchange));
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/authorization/DelegatingReactiveAuthorizationManager.java b/web/src/main/java/org/springframework/security/web/server/authorization/DelegatingReactiveAuthorizationManager.java
index 986e4d69f5..1256d888b5 100644
--- a/web/src/main/java/org/springframework/security/web/server/authorization/DelegatingReactiveAuthorizationManager.java
+++ b/web/src/main/java/org/springframework/security/web/server/authorization/DelegatingReactiveAuthorizationManager.java
@@ -36,31 +36,27 @@ import java.util.List;
  * @since 5.0
  */
 public class DelegatingReactiveAuthorizationManager implements ReactiveAuthorizationManager<ServerWebExchange> {
+
 	private static final Log logger = LogFactory.getLog(DelegatingReactiveAuthorizationManager.class);
+
 	private final List<ServerWebExchangeMatcherEntry<ReactiveAuthorizationManager<AuthorizationContext>>> mappings;
 
-	private DelegatingReactiveAuthorizationManager(List<ServerWebExchangeMatcherEntry<ReactiveAuthorizationManager<AuthorizationContext>>> mappings) {
+	private DelegatingReactiveAuthorizationManager(
+			List<ServerWebExchangeMatcherEntry<ReactiveAuthorizationManager<AuthorizationContext>>> mappings) {
 		this.mappings = mappings;
 	}
 
 	@Override
 	public Mono<AuthorizationDecision> check(Mono<Authentication> authentication, ServerWebExchange exchange) {
-		return Flux.fromIterable(mappings)
-			.concatMap(mapping -> mapping.getMatcher().matches(exchange)
-				.filter(MatchResult::isMatch)
-				.map(MatchResult::getVariables)
-				.flatMap(variables -> {
+		return Flux.fromIterable(mappings).concatMap(mapping -> mapping.getMatcher().matches(exchange)
+				.filter(MatchResult::isMatch).map(MatchResult::getVariables).flatMap(variables -> {
 					if (logger.isDebugEnabled()) {
-						logger.debug("Checking authorization on '"
-							+ exchange.getRequest().getPath().pathWithinApplication()
-							+ "' using " + mapping.getEntry());
+						logger.debug(
+								"Checking authorization on '" + exchange.getRequest().getPath().pathWithinApplication()
+										+ "' using " + mapping.getEntry());
 					}
-					return mapping.getEntry()
-						.check(authentication, new AuthorizationContext(exchange, variables));
-				})
-			)
-			.next()
-			.defaultIfEmpty(new AuthorizationDecision(false));
+					return mapping.getEntry().check(authentication, new AuthorizationContext(exchange, variables));
+				})).next().defaultIfEmpty(new AuthorizationDecision(false));
 	}
 
 	public static DelegatingReactiveAuthorizationManager.Builder builder() {
@@ -68,12 +64,14 @@ public class DelegatingReactiveAuthorizationManager implements ReactiveAuthoriza
 	}
 
 	public static class Builder {
+
 		private final List<ServerWebExchangeMatcherEntry<ReactiveAuthorizationManager<AuthorizationContext>>> mappings = new ArrayList<>();
 
 		private Builder() {
 		}
 
-		public DelegatingReactiveAuthorizationManager.Builder add(ServerWebExchangeMatcherEntry<ReactiveAuthorizationManager<AuthorizationContext>> entry) {
+		public DelegatingReactiveAuthorizationManager.Builder add(
+				ServerWebExchangeMatcherEntry<ReactiveAuthorizationManager<AuthorizationContext>> entry) {
 			this.mappings.add(entry);
 			return this;
 		}
@@ -81,5 +79,7 @@ public class DelegatingReactiveAuthorizationManager implements ReactiveAuthoriza
 		public DelegatingReactiveAuthorizationManager build() {
 			return new DelegatingReactiveAuthorizationManager(mappings);
 		}
+
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/authorization/ExceptionTranslationWebFilter.java b/web/src/main/java/org/springframework/security/web/server/authorization/ExceptionTranslationWebFilter.java
index 6607c5883c..116ea4ba8f 100644
--- a/web/src/main/java/org/springframework/security/web/server/authorization/ExceptionTranslationWebFilter.java
+++ b/web/src/main/java/org/springframework/security/web/server/authorization/ExceptionTranslationWebFilter.java
@@ -28,23 +28,21 @@ import org.springframework.web.server.WebFilter;
 import org.springframework.web.server.WebFilterChain;
 
 /**
- *
  * @author Rob Winch
  * @since 5.0
  */
 public class ExceptionTranslationWebFilter implements WebFilter {
+
 	private ServerAuthenticationEntryPoint authenticationEntryPoint = new HttpBasicServerAuthenticationEntryPoint();
 
-	private ServerAccessDeniedHandler accessDeniedHandler = new HttpStatusServerAccessDeniedHandler(HttpStatus.FORBIDDEN);
+	private ServerAccessDeniedHandler accessDeniedHandler = new HttpStatusServerAccessDeniedHandler(
+			HttpStatus.FORBIDDEN);
 
 	@Override
 	public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
-		return chain.filter(exchange)
-			.onErrorResume(AccessDeniedException.class, denied -> exchange.getPrincipal()
-				.switchIfEmpty( commenceAuthentication(exchange, denied))
-				.flatMap( principal -> this.accessDeniedHandler
-					.handle(exchange, denied))
-			);
+		return chain.filter(exchange).onErrorResume(AccessDeniedException.class,
+				denied -> exchange.getPrincipal().switchIfEmpty(commenceAuthentication(exchange, denied))
+						.flatMap(principal -> this.accessDeniedHandler.handle(exchange, denied)));
 	}
 
 	/**
@@ -62,15 +60,15 @@ public class ExceptionTranslationWebFilter implements WebFilter {
 	 * @param authenticationEntryPoint the authentication entry point to use. Default is
 	 * {@link HttpBasicServerAuthenticationEntryPoint}
 	 */
-	public void setAuthenticationEntryPoint(
-		ServerAuthenticationEntryPoint authenticationEntryPoint) {
+	public void setAuthenticationEntryPoint(ServerAuthenticationEntryPoint authenticationEntryPoint) {
 		Assert.notNull(authenticationEntryPoint, "authenticationEntryPoint cannot be null");
 		this.authenticationEntryPoint = authenticationEntryPoint;
 	}
 
 	private <T> Mono<T> commenceAuthentication(ServerWebExchange exchange, AccessDeniedException denied) {
-		return this.authenticationEntryPoint.commence(exchange, new AuthenticationCredentialsNotFoundException("Not Authenticated", denied))
-			.then(Mono.empty());
+		return this.authenticationEntryPoint
+				.commence(exchange, new AuthenticationCredentialsNotFoundException("Not Authenticated", denied))
+				.then(Mono.empty());
 	}
-}
 
+}
diff --git a/web/src/main/java/org/springframework/security/web/server/authorization/HttpStatusServerAccessDeniedHandler.java b/web/src/main/java/org/springframework/security/web/server/authorization/HttpStatusServerAccessDeniedHandler.java
index 6a34dbfd24..a0019b5c8b 100644
--- a/web/src/main/java/org/springframework/security/web/server/authorization/HttpStatusServerAccessDeniedHandler.java
+++ b/web/src/main/java/org/springframework/security/web/server/authorization/HttpStatusServerAccessDeniedHandler.java
@@ -36,6 +36,7 @@ import java.nio.charset.Charset;
  * @since 5.0
  */
 public class HttpStatusServerAccessDeniedHandler implements ServerAccessDeniedHandler {
+
 	private final HttpStatus httpStatus;
 
 	/**
@@ -49,15 +50,13 @@ public class HttpStatusServerAccessDeniedHandler implements ServerAccessDeniedHa
 
 	@Override
 	public Mono<Void> handle(ServerWebExchange exchange, AccessDeniedException e) {
-		return Mono.defer(() -> Mono.just(exchange.getResponse()))
-			.flatMap(response -> {
-				response.setStatusCode(this.httpStatus);
-				response.getHeaders().setContentType(MediaType.TEXT_PLAIN);
-				DataBufferFactory dataBufferFactory = response.bufferFactory();
-				DataBuffer buffer = dataBufferFactory.wrap(e.getMessage().getBytes(
-					Charset.defaultCharset()));
-				return response.writeWith(Mono.just(buffer))
-					.doOnError( error -> DataBufferUtils.release(buffer));
+		return Mono.defer(() -> Mono.just(exchange.getResponse())).flatMap(response -> {
+			response.setStatusCode(this.httpStatus);
+			response.getHeaders().setContentType(MediaType.TEXT_PLAIN);
+			DataBufferFactory dataBufferFactory = response.bufferFactory();
+			DataBuffer buffer = dataBufferFactory.wrap(e.getMessage().getBytes(Charset.defaultCharset()));
+			return response.writeWith(Mono.just(buffer)).doOnError(error -> DataBufferUtils.release(buffer));
 		});
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/authorization/ServerAccessDeniedHandler.java b/web/src/main/java/org/springframework/security/web/server/authorization/ServerAccessDeniedHandler.java
index c3dec61210..72780e301f 100644
--- a/web/src/main/java/org/springframework/security/web/server/authorization/ServerAccessDeniedHandler.java
+++ b/web/src/main/java/org/springframework/security/web/server/authorization/ServerAccessDeniedHandler.java
@@ -20,11 +20,11 @@ import org.springframework.web.server.ServerWebExchange;
 import reactor.core.publisher.Mono;
 
 /**
- *
  * @author Rob Winch
  * @since 5.0
  */
 public interface ServerAccessDeniedHandler {
 
 	Mono<Void> handle(ServerWebExchange exchange, AccessDeniedException denied);
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/authorization/ServerWebExchangeDelegatingServerAccessDeniedHandler.java b/web/src/main/java/org/springframework/security/web/server/authorization/ServerWebExchangeDelegatingServerAccessDeniedHandler.java
index 3a38675ed9..e2fd9dd5b2 100644
--- a/web/src/main/java/org/springframework/security/web/server/authorization/ServerWebExchangeDelegatingServerAccessDeniedHandler.java
+++ b/web/src/main/java/org/springframework/security/web/server/authorization/ServerWebExchangeDelegatingServerAccessDeniedHandler.java
@@ -29,14 +29,13 @@ import org.springframework.util.Assert;
 import org.springframework.web.server.ServerWebExchange;
 
 /**
- * A {@link ServerAccessDeniedHandler} which delegates to multiple {@link ServerAccessDeniedHandler}s based
- * on a {@link ServerWebExchangeMatcher}
+ * A {@link ServerAccessDeniedHandler} which delegates to multiple
+ * {@link ServerAccessDeniedHandler}s based on a {@link ServerWebExchangeMatcher}
  *
  * @author Josh Cummings
  * @since 5.1
  */
-public class ServerWebExchangeDelegatingServerAccessDeniedHandler
-	implements ServerAccessDeniedHandler {
+public class ServerWebExchangeDelegatingServerAccessDeniedHandler implements ServerAccessDeniedHandler {
 
 	private final List<DelegateEntry> handlers;
 
@@ -47,48 +46,37 @@ public class ServerWebExchangeDelegatingServerAccessDeniedHandler
 
 	/**
 	 * Creates a new instance
-	 *
 	 * @param handlers a list of {@link ServerWebExchangeMatcher}/
-	 * {@link ServerAccessDeniedHandler} pairs that should be used. Each is considered
-	 * in the order they are specified and only the first {@link ServerAccessDeniedHandler}
-	 * is used. If none match, then the default {@link ServerAccessDeniedHandler}
-	 * is used.
+	 * {@link ServerAccessDeniedHandler} pairs that should be used. Each is considered in
+	 * the order they are specified and only the first {@link ServerAccessDeniedHandler}
+	 * is used. If none match, then the default {@link ServerAccessDeniedHandler} is used.
 	 */
-	public ServerWebExchangeDelegatingServerAccessDeniedHandler(
-			DelegateEntry... handlers) {
+	public ServerWebExchangeDelegatingServerAccessDeniedHandler(DelegateEntry... handlers) {
 		this(Arrays.asList(handlers));
 	}
 
 	/**
 	 * Creates a new instance
-	 *
 	 * @param handlers a list of {@link ServerWebExchangeMatcher}/
-	 * {@link ServerAccessDeniedHandler} pairs that should be used. Each is considered
-	 * in the order they are specified and only the first {@link ServerAccessDeniedHandler}
-	 * is used. If none match, then the default {@link ServerAccessDeniedHandler}
-	 * is used.
+	 * {@link ServerAccessDeniedHandler} pairs that should be used. Each is considered in
+	 * the order they are specified and only the first {@link ServerAccessDeniedHandler}
+	 * is used. If none match, then the default {@link ServerAccessDeniedHandler} is used.
 	 */
-	public ServerWebExchangeDelegatingServerAccessDeniedHandler(
-			List<DelegateEntry> handlers) {
+	public ServerWebExchangeDelegatingServerAccessDeniedHandler(List<DelegateEntry> handlers) {
 		Assert.notEmpty(handlers, "handlers cannot be null");
 		this.handlers = handlers;
 	}
 
 	@Override
-	public Mono<Void> handle(ServerWebExchange exchange,
-		AccessDeniedException denied) {
-		return Flux.fromIterable(this.handlers)
-				.filterWhen(entry -> isMatch(exchange, entry))
-				.next()
-				.map(DelegateEntry::getAccessDeniedHandler)
-				.defaultIfEmpty(this.defaultHandler)
+	public Mono<Void> handle(ServerWebExchange exchange, AccessDeniedException denied) {
+		return Flux.fromIterable(this.handlers).filterWhen(entry -> isMatch(exchange, entry)).next()
+				.map(DelegateEntry::getAccessDeniedHandler).defaultIfEmpty(this.defaultHandler)
 				.flatMap(handler -> handler.handle(exchange, denied));
 	}
 
 	/**
 	 * Use this {@link ServerAccessDeniedHandler} when no {@link ServerWebExchangeMatcher}
 	 * matches.
-	 *
 	 * @param accessDeniedHandler - the default {@link ServerAccessDeniedHandler} to use
 	 */
 	public void setDefaultAccessDeniedHandler(ServerAccessDeniedHandler accessDeniedHandler) {
@@ -97,11 +85,12 @@ public class ServerWebExchangeDelegatingServerAccessDeniedHandler
 	}
 
 	public static class DelegateEntry {
+
 		private final ServerWebExchangeMatcher matcher;
+
 		private final ServerAccessDeniedHandler accessDeniedHandler;
 
-		public DelegateEntry(ServerWebExchangeMatcher matcher,
-				ServerAccessDeniedHandler accessDeniedHandler) {
+		public DelegateEntry(ServerWebExchangeMatcher matcher, ServerAccessDeniedHandler accessDeniedHandler) {
 			this.matcher = matcher;
 			this.accessDeniedHandler = accessDeniedHandler;
 		}
@@ -113,11 +102,12 @@ public class ServerWebExchangeDelegatingServerAccessDeniedHandler
 		public ServerAccessDeniedHandler getAccessDeniedHandler() {
 			return this.accessDeniedHandler;
 		}
+
 	}
 
 	private Mono<Boolean> isMatch(ServerWebExchange exchange, DelegateEntry entry) {
 		ServerWebExchangeMatcher matcher = entry.getMatcher();
-		return matcher.matches(exchange)
-				.map(ServerWebExchangeMatcher.MatchResult::isMatch);
+		return matcher.matches(exchange).map(ServerWebExchangeMatcher.MatchResult::isMatch);
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/context/NoOpServerSecurityContextRepository.java b/web/src/main/java/org/springframework/security/web/server/context/NoOpServerSecurityContextRepository.java
index 7280096292..7594406daa 100644
--- a/web/src/main/java/org/springframework/security/web/server/context/NoOpServerSecurityContextRepository.java
+++ b/web/src/main/java/org/springframework/security/web/server/context/NoOpServerSecurityContextRepository.java
@@ -16,18 +16,18 @@
 
 package org.springframework.security.web.server.context;
 
-
 import org.springframework.security.core.context.SecurityContext;
 import org.springframework.web.server.ServerWebExchange;
 import reactor.core.publisher.Mono;
 
 /**
- * A do nothing implementation of {@link ServerSecurityContextRepository}. Used in stateless applications.
+ * A do nothing implementation of {@link ServerSecurityContextRepository}. Used in
+ * stateless applications.
+ *
  * @author Rob Winch
  * @since 5.0
  */
-public class NoOpServerSecurityContextRepository
-	implements ServerSecurityContextRepository {
+public class NoOpServerSecurityContextRepository implements ServerSecurityContextRepository {
 
 	private static final NoOpServerSecurityContextRepository INSTANCE = new NoOpServerSecurityContextRepository();
 
@@ -44,5 +44,7 @@ public class NoOpServerSecurityContextRepository
 		return INSTANCE;
 	}
 
-	private NoOpServerSecurityContextRepository() {}
+	private NoOpServerSecurityContextRepository() {
+	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/context/ReactorContextWebFilter.java b/web/src/main/java/org/springframework/security/web/server/context/ReactorContextWebFilter.java
index 1ee012dff0..87c5010dbc 100644
--- a/web/src/main/java/org/springframework/security/web/server/context/ReactorContextWebFilter.java
+++ b/web/src/main/java/org/springframework/security/web/server/context/ReactorContextWebFilter.java
@@ -25,13 +25,14 @@ import reactor.core.publisher.Mono;
 import reactor.util.context.Context;
 
 /**
- * Uses a {@link ServerSecurityContextRepository} to provide the {@link SecurityContext} to initialize the
- * {@link ReactiveSecurityContextHolder}.
+ * Uses a {@link ServerSecurityContextRepository} to provide the {@link SecurityContext}
+ * to initialize the {@link ReactiveSecurityContextHolder}.
  *
  * @author Rob Winch
  * @since 5.0
  */
 public class ReactorContextWebFilter implements WebFilter {
+
 	private final ServerSecurityContextRepository repository;
 
 	public ReactorContextWebFilter(ServerSecurityContextRepository repository) {
@@ -42,13 +43,12 @@ public class ReactorContextWebFilter implements WebFilter {
 	@Override
 	public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
 		return chain.filter(exchange)
-			.subscriberContext(c -> c.hasKey(SecurityContext.class) ? c :
-				withSecurityContext(c, exchange)
-			);
+				.subscriberContext(c -> c.hasKey(SecurityContext.class) ? c : withSecurityContext(c, exchange));
 	}
 
 	private Context withSecurityContext(Context mainContext, ServerWebExchange exchange) {
-		return mainContext.putAll(this.repository.load(exchange)
-			.as(ReactiveSecurityContextHolder::withSecurityContext));
+		return mainContext
+				.putAll(this.repository.load(exchange).as(ReactiveSecurityContextHolder::withSecurityContext));
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/context/SecurityContextServerWebExchange.java b/web/src/main/java/org/springframework/security/web/server/context/SecurityContextServerWebExchange.java
index 89f5883f70..24bf2a08ff 100644
--- a/web/src/main/java/org/springframework/security/web/server/context/SecurityContextServerWebExchange.java
+++ b/web/src/main/java/org/springframework/security/web/server/context/SecurityContextServerWebExchange.java
@@ -24,12 +24,15 @@ import org.springframework.web.server.ServerWebExchangeDecorator;
 import reactor.core.publisher.Mono;
 
 /**
- * Overrides the {@link ServerWebExchange#getPrincipal()} with the provided SecurityContext
+ * Overrides the {@link ServerWebExchange#getPrincipal()} with the provided
+ * SecurityContext
+ *
  * @author Rob Winch
  * @since 5.0
  * @see SecurityContextServerWebExchangeWebFilter
  */
 public class SecurityContextServerWebExchange extends ServerWebExchangeDecorator {
+
 	private final Mono<SecurityContext> context;
 
 	public SecurityContextServerWebExchange(ServerWebExchange delegate, Mono<SecurityContext> context) {
@@ -42,4 +45,5 @@ public class SecurityContextServerWebExchange extends ServerWebExchangeDecorator
 	public <T extends Principal> Mono<T> getPrincipal() {
 		return this.context.map(c -> (T) c.getAuthentication());
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/context/SecurityContextServerWebExchangeWebFilter.java b/web/src/main/java/org/springframework/security/web/server/context/SecurityContextServerWebExchangeWebFilter.java
index eb3956055d..bc9b970a8a 100644
--- a/web/src/main/java/org/springframework/security/web/server/context/SecurityContextServerWebExchangeWebFilter.java
+++ b/web/src/main/java/org/springframework/security/web/server/context/SecurityContextServerWebExchangeWebFilter.java
@@ -23,7 +23,8 @@ import org.springframework.web.server.WebFilterChain;
 import reactor.core.publisher.Mono;
 
 /**
- * Override the {@link ServerWebExchange#getPrincipal()} to be looked up using {@link ReactiveSecurityContextHolder}.
+ * Override the {@link ServerWebExchange#getPrincipal()} to be looked up using
+ * {@link ReactiveSecurityContextHolder}.
  *
  * @author Rob Winch
  * @since 5.0
@@ -35,4 +36,5 @@ public class SecurityContextServerWebExchangeWebFilter implements WebFilter {
 
 		return chain.filter(new SecurityContextServerWebExchange(exchange, ReactiveSecurityContextHolder.getContext()));
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/context/ServerSecurityContextRepository.java b/web/src/main/java/org/springframework/security/web/server/context/ServerSecurityContextRepository.java
index 825b471d04..fd7f333fa6 100644
--- a/web/src/main/java/org/springframework/security/web/server/context/ServerSecurityContextRepository.java
+++ b/web/src/main/java/org/springframework/security/web/server/context/ServerSecurityContextRepository.java
@@ -22,6 +22,7 @@ import reactor.core.publisher.Mono;
 
 /**
  * Strategy used for persisting a {@link SecurityContext} between requests.
+ *
  * @author Rob Winch
  * @since 5.0
  * @see ReactorContextWebFilter
@@ -42,4 +43,5 @@ public interface ServerSecurityContextRepository {
 	 * @return the {@link SecurityContext} to lookup or empty if not found. Never null
 	 */
 	Mono<SecurityContext> load(ServerWebExchange exchange);
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/context/WebSessionServerSecurityContextRepository.java b/web/src/main/java/org/springframework/security/web/server/context/WebSessionServerSecurityContextRepository.java
index 0894003295..9757a3b38b 100644
--- a/web/src/main/java/org/springframework/security/web/server/context/WebSessionServerSecurityContextRepository.java
+++ b/web/src/main/java/org/springframework/security/web/server/context/WebSessionServerSecurityContextRepository.java
@@ -27,12 +27,12 @@ import reactor.core.publisher.Mono;
  * Stores the {@link SecurityContext} in the
  * {@link org.springframework.web.server.WebSession}. When a {@link SecurityContext} is
  * saved, the session id is changed to prevent session fixation attacks.
+ *
  * @author Rob Winch
  * @author Mathieu Ouellet
  * @since 5.0
  */
-public class WebSessionServerSecurityContextRepository
-	implements ServerSecurityContextRepository {
+public class WebSessionServerSecurityContextRepository implements ServerSecurityContextRepository {
 
 	private static final Log logger = LogFactory.getLog(WebSessionServerSecurityContextRepository.class);
 
@@ -54,36 +54,35 @@ public class WebSessionServerSecurityContextRepository
 	}
 
 	public Mono<Void> save(ServerWebExchange exchange, SecurityContext context) {
-		return exchange.getSession()
-			.doOnNext(session -> {
-				if (context == null) {
-					session.getAttributes().remove(this.springSecurityContextAttrName);
-					if (logger.isDebugEnabled()) {
-						logger.debug("Removed SecurityContext stored in WebSession: '" + session + "'");
-					}
-				} else {
-					session.getAttributes().put(this.springSecurityContextAttrName, context);
-					if (logger.isDebugEnabled()) {
-						logger.debug("Saved SecurityContext '" + context + "' in WebSession: '" + session + "'");
-					}
+		return exchange.getSession().doOnNext(session -> {
+			if (context == null) {
+				session.getAttributes().remove(this.springSecurityContextAttrName);
+				if (logger.isDebugEnabled()) {
+					logger.debug("Removed SecurityContext stored in WebSession: '" + session + "'");
 				}
-			})
-			.flatMap(session -> session.changeSessionId());
+			}
+			else {
+				session.getAttributes().put(this.springSecurityContextAttrName, context);
+				if (logger.isDebugEnabled()) {
+					logger.debug("Saved SecurityContext '" + context + "' in WebSession: '" + session + "'");
+				}
+			}
+		}).flatMap(session -> session.changeSessionId());
 	}
 
 	public Mono<SecurityContext> load(ServerWebExchange exchange) {
-		return exchange.getSession()
-			.flatMap(session -> {
-				SecurityContext context = (SecurityContext) session.getAttribute(this.springSecurityContextAttrName);
-				if (logger.isDebugEnabled()) {
-					if (context == null) {
-						logger.debug("No SecurityContext found in WebSession: '" + session + "'");
-					}
-					else {
-						logger.debug("Found SecurityContext '" + context + "' in WebSession: '" + session + "'");
-					}
+		return exchange.getSession().flatMap(session -> {
+			SecurityContext context = (SecurityContext) session.getAttribute(this.springSecurityContextAttrName);
+			if (logger.isDebugEnabled()) {
+				if (context == null) {
+					logger.debug("No SecurityContext found in WebSession: '" + session + "'");
 				}
-				return Mono.justOrEmpty(context);
-			});
+				else {
+					logger.debug("Found SecurityContext '" + context + "' in WebSession: '" + session + "'");
+				}
+			}
+			return Mono.justOrEmpty(context);
+		});
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/csrf/CookieServerCsrfTokenRepository.java b/web/src/main/java/org/springframework/security/web/server/csrf/CookieServerCsrfTokenRepository.java
index f1ed61ee17..a8235c34b1 100644
--- a/web/src/main/java/org/springframework/security/web/server/csrf/CookieServerCsrfTokenRepository.java
+++ b/web/src/main/java/org/springframework/security/web/server/csrf/CookieServerCsrfTokenRepository.java
@@ -28,29 +28,34 @@ import org.springframework.web.server.ServerWebExchange;
 import reactor.core.publisher.Mono;
 
 /**
- * A {@link ServerCsrfTokenRepository} that persists the CSRF token in a cookie named "XSRF-TOKEN" and
- * reads from the header "X-XSRF-TOKEN" following the conventions of AngularJS. When using with
- * AngularJS be sure to use {@link #withHttpOnlyFalse()} .
+ * A {@link ServerCsrfTokenRepository} that persists the CSRF token in a cookie named
+ * "XSRF-TOKEN" and reads from the header "X-XSRF-TOKEN" following the conventions of
+ * AngularJS. When using with AngularJS be sure to use {@link #withHttpOnlyFalse()} .
  *
  * @author Eric Deandrea
  * @since 5.1
  */
 public final class CookieServerCsrfTokenRepository implements ServerCsrfTokenRepository {
+
 	static final String DEFAULT_CSRF_COOKIE_NAME = "XSRF-TOKEN";
 	static final String DEFAULT_CSRF_PARAMETER_NAME = "_csrf";
 	static final String DEFAULT_CSRF_HEADER_NAME = "X-XSRF-TOKEN";
 
 	private String parameterName = DEFAULT_CSRF_PARAMETER_NAME;
+
 	private String headerName = DEFAULT_CSRF_HEADER_NAME;
+
 	private String cookiePath;
+
 	private String cookieDomain;
+
 	private String cookieName = DEFAULT_CSRF_COOKIE_NAME;
+
 	private boolean cookieHttpOnly = true;
 
 	/**
 	 * Factory method to conveniently create an instance that has
 	 * {@link #setCookieHttpOnly(boolean)} set to false.
-	 *
 	 * @return an instance of CookieCsrfTokenRepository with
 	 * {@link #setCookieHttpOnly(boolean)} set to false
 	 */
@@ -73,13 +78,8 @@ public final class CookieServerCsrfTokenRepository implements ServerCsrfTokenRep
 			String path = this.cookiePath != null ? this.cookiePath : getRequestContext(exchange.getRequest());
 			boolean secure = exchange.getRequest().getSslInfo() != null;
 
-			ResponseCookie cookie = ResponseCookie.from(this.cookieName, tokenValue)
-					.domain(this.cookieDomain)
-					.httpOnly(this.cookieHttpOnly)
-					.maxAge(maxAge)
-					.path(path)
-					.secure(secure)
-					.build();
+			ResponseCookie cookie = ResponseCookie.from(this.cookieName, tokenValue).domain(this.cookieDomain)
+					.httpOnly(this.cookieHttpOnly).maxAge(maxAge).path(path).secure(secure).build();
 
 			exchange.getResponse().addCookie(cookie);
 		});
@@ -163,4 +163,5 @@ public final class CookieServerCsrfTokenRepository implements ServerCsrfTokenRep
 		String contextPath = request.getPath().contextPath().value();
 		return StringUtils.hasLength(contextPath) ? contextPath : "/";
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/csrf/CsrfException.java b/web/src/main/java/org/springframework/security/web/server/csrf/CsrfException.java
index cad128bba3..1c7d03ac8e 100644
--- a/web/src/main/java/org/springframework/security/web/server/csrf/CsrfException.java
+++ b/web/src/main/java/org/springframework/security/web/server/csrf/CsrfException.java
@@ -30,4 +30,5 @@ public class CsrfException extends AccessDeniedException {
 	public CsrfException(String message) {
 		super(message);
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/csrf/CsrfServerLogoutHandler.java b/web/src/main/java/org/springframework/security/web/server/csrf/CsrfServerLogoutHandler.java
index 7f7215bbaa..5e6955bc3c 100644
--- a/web/src/main/java/org/springframework/security/web/server/csrf/CsrfServerLogoutHandler.java
+++ b/web/src/main/java/org/springframework/security/web/server/csrf/CsrfServerLogoutHandler.java
@@ -24,13 +24,15 @@ import org.springframework.util.Assert;
 import reactor.core.publisher.Mono;
 
 /**
- * {@link CsrfServerLogoutHandler} is in charge of removing the {@link CsrfToken} upon logout. A
- * new {@link CsrfToken} will then be generated by the framework upon the next request.
+ * {@link CsrfServerLogoutHandler} is in charge of removing the {@link CsrfToken} upon
+ * logout. A new {@link CsrfToken} will then be generated by the framework upon the next
+ * request.
  *
  * @author Eric Deandrea
  * @since 5.1
  */
 public class CsrfServerLogoutHandler implements ServerLogoutHandler {
+
 	private final ServerCsrfTokenRepository csrfTokenRepository;
 
 	/**
@@ -44,7 +46,6 @@ public class CsrfServerLogoutHandler implements ServerLogoutHandler {
 
 	/**
 	 * Clears the {@link CsrfToken}
-	 *
 	 * @param exchange the exchange
 	 * @param authentication the {@link Authentication}
 	 * @return A completion notification (success or error)
@@ -53,4 +54,5 @@ public class CsrfServerLogoutHandler implements ServerLogoutHandler {
 	public Mono<Void> logout(WebFilterExchange exchange, Authentication authentication) {
 		return this.csrfTokenRepository.saveToken(exchange.getExchange(), null);
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/csrf/CsrfToken.java b/web/src/main/java/org/springframework/security/web/server/csrf/CsrfToken.java
index b931806193..2bed482edd 100644
--- a/web/src/main/java/org/springframework/security/web/server/csrf/CsrfToken.java
+++ b/web/src/main/java/org/springframework/security/web/server/csrf/CsrfToken.java
@@ -27,7 +27,6 @@ public interface CsrfToken extends Serializable {
 	/**
 	 * Gets the HTTP header that the CSRF is populated on the response and can be placed
 	 * on requests instead of the parameter. Cannot be null.
-	 *
 	 * @return the HTTP header that the CSRF is populated on the response and can be
 	 * placed on requests instead of the parameter
 	 */
diff --git a/web/src/main/java/org/springframework/security/web/server/csrf/CsrfWebFilter.java b/web/src/main/java/org/springframework/security/web/server/csrf/CsrfWebFilter.java
index 64dcc1b6af..3803f3d8a4 100644
--- a/web/src/main/java/org/springframework/security/web/server/csrf/CsrfWebFilter.java
+++ b/web/src/main/java/org/springframework/security/web/server/csrf/CsrfWebFilter.java
@@ -64,13 +64,14 @@ import static java.lang.Boolean.TRUE;
  * @since 5.0
  */
 public class CsrfWebFilter implements WebFilter {
+
 	public static final ServerWebExchangeMatcher DEFAULT_CSRF_MATCHER = new DefaultRequireCsrfProtectionMatcher();
 
 	/**
-	 * The attribute name to use when marking a given request as one that should not be filtered.
+	 * The attribute name to use when marking a given request as one that should not be
+	 * filtered.
 	 *
-	 * To use, set the attribute on your {@link ServerWebExchange}:
-	 * <pre>
+	 * To use, set the attribute on your {@link ServerWebExchange}: <pre>
 	 * 	CsrfWebFilter.skipExchange(exchange);
 	 * </pre>
 	 */
@@ -80,32 +81,31 @@ public class CsrfWebFilter implements WebFilter {
 
 	private ServerCsrfTokenRepository csrfTokenRepository = new WebSessionServerCsrfTokenRepository();
 
-	private ServerAccessDeniedHandler accessDeniedHandler = new HttpStatusServerAccessDeniedHandler(HttpStatus.FORBIDDEN);
+	private ServerAccessDeniedHandler accessDeniedHandler = new HttpStatusServerAccessDeniedHandler(
+			HttpStatus.FORBIDDEN);
 
 	private boolean isTokenFromMultipartDataEnabled;
 
-	public void setAccessDeniedHandler(
-		ServerAccessDeniedHandler accessDeniedHandler) {
+	public void setAccessDeniedHandler(ServerAccessDeniedHandler accessDeniedHandler) {
 		Assert.notNull(accessDeniedHandler, "accessDeniedHandler");
 		this.accessDeniedHandler = accessDeniedHandler;
 	}
 
-	public void setCsrfTokenRepository(
-		ServerCsrfTokenRepository csrfTokenRepository) {
+	public void setCsrfTokenRepository(ServerCsrfTokenRepository csrfTokenRepository) {
 		Assert.notNull(csrfTokenRepository, "csrfTokenRepository cannot be null");
 		this.csrfTokenRepository = csrfTokenRepository;
 	}
 
-	public void setRequireCsrfProtectionMatcher(
-		ServerWebExchangeMatcher requireCsrfProtectionMatcher) {
+	public void setRequireCsrfProtectionMatcher(ServerWebExchangeMatcher requireCsrfProtectionMatcher) {
 		Assert.notNull(requireCsrfProtectionMatcher, "requireCsrfProtectionMatcher cannot be null");
 		this.requireCsrfProtectionMatcher = requireCsrfProtectionMatcher;
 	}
 
 	/**
-	 * Specifies if the {@code CsrfWebFilter} should try to resolve the actual CSRF token from the body of multipart
-	 * data requests.
-	 * @param tokenFromMultipartDataEnabled true if should read from multipart form body, else false. Default is false
+	 * Specifies if the {@code CsrfWebFilter} should try to resolve the actual CSRF token
+	 * from the body of multipart data requests.
+	 * @param tokenFromMultipartDataEnabled true if should read from multipart form body,
+	 * else false. Default is false
 	 */
 	public void setTokenFromMultipartDataEnabled(boolean tokenFromMultipartDataEnabled) {
 		this.isTokenFromMultipartDataEnabled = tokenFromMultipartDataEnabled;
@@ -117,14 +117,11 @@ public class CsrfWebFilter implements WebFilter {
 			return chain.filter(exchange).then(Mono.empty());
 		}
 
-		return this.requireCsrfProtectionMatcher.matches(exchange)
-			.filter( matchResult -> matchResult.isMatch())
-			.filter( matchResult -> !exchange.getAttributes().containsKey(CsrfToken.class.getName()))
-			.flatMap(m -> validateToken(exchange))
-			.flatMap(m -> continueFilterChain(exchange, chain))
-			.switchIfEmpty(continueFilterChain(exchange, chain).then(Mono.empty()))
-			.onErrorResume(CsrfException.class, e -> this.accessDeniedHandler
-				.handle(exchange, e));
+		return this.requireCsrfProtectionMatcher.matches(exchange).filter(matchResult -> matchResult.isMatch())
+				.filter(matchResult -> !exchange.getAttributes().containsKey(CsrfToken.class.getName()))
+				.flatMap(m -> validateToken(exchange)).flatMap(m -> continueFilterChain(exchange, chain))
+				.switchIfEmpty(continueFilterChain(exchange, chain).then(Mono.empty()))
+				.onErrorResume(CsrfException.class, e -> this.accessDeniedHandler.handle(exchange, e));
 	}
 
 	public static void skipExchange(ServerWebExchange exchange) {
@@ -133,18 +130,17 @@ public class CsrfWebFilter implements WebFilter {
 
 	private Mono<Void> validateToken(ServerWebExchange exchange) {
 		return this.csrfTokenRepository.loadToken(exchange)
-			.switchIfEmpty(Mono.defer(() -> Mono.error(new CsrfException("CSRF Token has been associated to this client"))))
-			.filterWhen(expected -> containsValidCsrfToken(exchange, expected))
-			.switchIfEmpty(Mono.defer(() -> Mono.error(new CsrfException("Invalid CSRF Token"))))
-			.then();
+				.switchIfEmpty(Mono
+						.defer(() -> Mono.error(new CsrfException("CSRF Token has been associated to this client"))))
+				.filterWhen(expected -> containsValidCsrfToken(exchange, expected))
+				.switchIfEmpty(Mono.defer(() -> Mono.error(new CsrfException("Invalid CSRF Token")))).then();
 	}
 
 	private Mono<Boolean> containsValidCsrfToken(ServerWebExchange exchange, CsrfToken expected) {
-		return exchange.getFormData()
-			.flatMap(data -> Mono.justOrEmpty(data.getFirst(expected.getParameterName())))
-			.switchIfEmpty(Mono.justOrEmpty(exchange.getRequest().getHeaders().getFirst(expected.getHeaderName())))
-			.switchIfEmpty(tokenFromMultipartData(exchange, expected))
-			.map(actual -> actual.equals(expected.getToken()));
+		return exchange.getFormData().flatMap(data -> Mono.justOrEmpty(data.getFirst(expected.getParameterName())))
+				.switchIfEmpty(Mono.justOrEmpty(exchange.getRequest().getHeaders().getFirst(expected.getHeaderName())))
+				.switchIfEmpty(tokenFromMultipartData(exchange, expected))
+				.map(actual -> actual.equals(expected.getToken()));
 	}
 
 	private Mono<String> tokenFromMultipartData(ServerWebExchange exchange, CsrfToken expected) {
@@ -157,14 +153,12 @@ public class CsrfWebFilter implements WebFilter {
 		if (!contentType.includes(MediaType.MULTIPART_FORM_DATA)) {
 			return Mono.empty();
 		}
-		return exchange.getMultipartData()
-			.map(d -> d.getFirst(expected.getParameterName()))
-			.cast(FormFieldPart.class)
-			.map(FormFieldPart::value);
+		return exchange.getMultipartData().map(d -> d.getFirst(expected.getParameterName())).cast(FormFieldPart.class)
+				.map(FormFieldPart::value);
 	}
 
 	private Mono<Void> continueFilterChain(ServerWebExchange exchange, WebFilterChain chain) {
-		return Mono.defer(() ->{
+		return Mono.defer(() -> {
 			Mono<CsrfToken> csrfToken = csrfToken(exchange);
 			exchange.getAttributes().put(CsrfToken.class.getName(), csrfToken);
 			return chain.filter(exchange);
@@ -172,26 +166,26 @@ public class CsrfWebFilter implements WebFilter {
 	}
 
 	private Mono<CsrfToken> csrfToken(ServerWebExchange exchange) {
-		return this.csrfTokenRepository.loadToken(exchange)
-			.switchIfEmpty(generateToken(exchange));
+		return this.csrfTokenRepository.loadToken(exchange).switchIfEmpty(generateToken(exchange));
 	}
 
 	private Mono<CsrfToken> generateToken(ServerWebExchange exchange) {
 		return this.csrfTokenRepository.generateToken(exchange)
-			.delayUntil(token -> this.csrfTokenRepository.saveToken(exchange, token));
+				.delayUntil(token -> this.csrfTokenRepository.saveToken(exchange, token));
 	}
 
 	private static class DefaultRequireCsrfProtectionMatcher implements ServerWebExchangeMatcher {
+
 		private static final Set<HttpMethod> ALLOWED_METHODS = new HashSet<>(
-			Arrays.asList(HttpMethod.GET, HttpMethod.HEAD, HttpMethod.TRACE, HttpMethod.OPTIONS));
+				Arrays.asList(HttpMethod.GET, HttpMethod.HEAD, HttpMethod.TRACE, HttpMethod.OPTIONS));
 
 		@Override
 		public Mono<MatchResult> matches(ServerWebExchange exchange) {
-			return Mono.just(exchange.getRequest())
-				.flatMap(r -> Mono.justOrEmpty(r.getMethod()))
-				.filter(m -> ALLOWED_METHODS.contains(m))
-				.flatMap(m -> MatchResult.notMatch())
-				.switchIfEmpty(MatchResult.match());
+			return Mono.just(exchange.getRequest()).flatMap(r -> Mono.justOrEmpty(r.getMethod()))
+					.filter(m -> ALLOWED_METHODS.contains(m)).flatMap(m -> MatchResult.notMatch())
+					.switchIfEmpty(MatchResult.match());
 		}
+
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/csrf/DefaultCsrfToken.java b/web/src/main/java/org/springframework/security/web/server/csrf/DefaultCsrfToken.java
index 2eab0550da..fcacdb11dd 100644
--- a/web/src/main/java/org/springframework/security/web/server/csrf/DefaultCsrfToken.java
+++ b/web/src/main/java/org/springframework/security/web/server/csrf/DefaultCsrfToken.java
@@ -98,4 +98,5 @@ public final class DefaultCsrfToken implements CsrfToken {
 		result = 31 * result + getHeaderName().hashCode();
 		return result;
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/csrf/ServerCsrfTokenRepository.java b/web/src/main/java/org/springframework/security/web/server/csrf/ServerCsrfTokenRepository.java
index 93648d8e21..aa834a8253 100644
--- a/web/src/main/java/org/springframework/security/web/server/csrf/ServerCsrfTokenRepository.java
+++ b/web/src/main/java/org/springframework/security/web/server/csrf/ServerCsrfTokenRepository.java
@@ -24,7 +24,6 @@ import reactor.core.publisher.Mono;
  * {@link org.springframework.web.server.WebSession}.
  *
  * @see WebSessionServerCsrfTokenRepository
- *
  * @author Rob Winch
  * @since 5.0
  *
@@ -33,7 +32,6 @@ public interface ServerCsrfTokenRepository {
 
 	/**
 	 * Generates a {@link CsrfToken}
-	 *
 	 * @param exchange the {@link ServerWebExchange} to use
 	 * @return the {@link CsrfToken} that was generated. Cannot be null.
 	 */
@@ -42,7 +40,6 @@ public interface ServerCsrfTokenRepository {
 	/**
 	 * Saves the {@link CsrfToken} using the {@link ServerWebExchange}. If the
 	 * {@link CsrfToken} is null, it is the same as deleting it.
-	 *
 	 * @param exchange the {@link ServerWebExchange} to use
 	 * @param token the {@link CsrfToken} to save or null to delete
 	 */
@@ -50,9 +47,9 @@ public interface ServerCsrfTokenRepository {
 
 	/**
 	 * Loads the expected {@link CsrfToken} from the {@link ServerWebExchange}
-	 *
 	 * @param exchange the {@link ServerWebExchange} to use
 	 * @return the {@link CsrfToken} or null if none exists
 	 */
 	Mono<CsrfToken> loadToken(ServerWebExchange exchange);
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/csrf/WebSessionServerCsrfTokenRepository.java b/web/src/main/java/org/springframework/security/web/server/csrf/WebSessionServerCsrfTokenRepository.java
index e09512c0e2..b723141f64 100644
--- a/web/src/main/java/org/springframework/security/web/server/csrf/WebSessionServerCsrfTokenRepository.java
+++ b/web/src/main/java/org/springframework/security/web/server/csrf/WebSessionServerCsrfTokenRepository.java
@@ -32,14 +32,14 @@ import java.util.UUID;
  * @author Rob Winch
  * @since 5.0
  */
-public class WebSessionServerCsrfTokenRepository
-	implements ServerCsrfTokenRepository {
+public class WebSessionServerCsrfTokenRepository implements ServerCsrfTokenRepository {
+
 	private static final String DEFAULT_CSRF_PARAMETER_NAME = "_csrf";
 
 	private static final String DEFAULT_CSRF_HEADER_NAME = "X-CSRF-TOKEN";
 
-	private static final String DEFAULT_CSRF_TOKEN_ATTR_NAME = WebSessionServerCsrfTokenRepository.class
-			.getName().concat(".CSRF_TOKEN");
+	private static final String DEFAULT_CSRF_TOKEN_ATTR_NAME = WebSessionServerCsrfTokenRepository.class.getName()
+			.concat(".CSRF_TOKEN");
 
 	private String parameterName = DEFAULT_CSRF_PARAMETER_NAME;
 
@@ -49,31 +49,28 @@ public class WebSessionServerCsrfTokenRepository
 
 	@Override
 	public Mono<CsrfToken> generateToken(ServerWebExchange exchange) {
-		return Mono.just(exchange)
-			.publishOn(Schedulers.boundedElastic())
-			.fromCallable(() -> createCsrfToken());
+		return Mono.just(exchange).publishOn(Schedulers.boundedElastic()).fromCallable(() -> createCsrfToken());
 	}
 
 	@Override
 	public Mono<Void> saveToken(ServerWebExchange exchange, CsrfToken token) {
-		return exchange.getSession()
-			.doOnNext(session -> putToken(session.getAttributes(), token))
-			.flatMap(session -> session.changeSessionId());
+		return exchange.getSession().doOnNext(session -> putToken(session.getAttributes(), token))
+				.flatMap(session -> session.changeSessionId());
 	}
 
 	private void putToken(Map<String, Object> attributes, CsrfToken token) {
 		if (token == null) {
 			attributes.remove(this.sessionAttributeName);
-		} else {
+		}
+		else {
 			attributes.put(this.sessionAttributeName, token);
 		}
 	}
 
 	@Override
 	public Mono<CsrfToken> loadToken(ServerWebExchange exchange) {
-		return exchange.getSession()
-			.filter( s -> s.getAttributes().containsKey(this.sessionAttributeName))
-			.map(s -> s.getAttribute(this.sessionAttributeName));
+		return exchange.getSession().filter(s -> s.getAttributes().containsKey(this.sessionAttributeName))
+				.map(s -> s.getAttribute(this.sessionAttributeName));
 	}
 
 	/**
@@ -89,7 +86,6 @@ public class WebSessionServerCsrfTokenRepository
 	/**
 	 * Sets the header name that the {@link CsrfToken} is expected to appear on and the
 	 * header that the response will contain the {@link CsrfToken}.
-	 *
 	 * @param headerName the new header name to use
 	 */
 	public void setHeaderName(String headerName) {
@@ -102,8 +98,7 @@ public class WebSessionServerCsrfTokenRepository
 	 * @param sessionAttributeName the new attribute name to use
 	 */
 	public void setSessionAttributeName(String sessionAttributeName) {
-		Assert.hasLength(sessionAttributeName,
-				"sessionAttributename cannot be null or empty");
+		Assert.hasLength(sessionAttributeName, "sessionAttributename cannot be null or empty");
 		this.sessionAttributeName = sessionAttributeName;
 	}
 
diff --git a/web/src/main/java/org/springframework/security/web/server/header/CacheControlServerHttpHeadersWriter.java b/web/src/main/java/org/springframework/security/web/server/header/CacheControlServerHttpHeadersWriter.java
index 5e8fbde7fa..3268cdb4ce 100644
--- a/web/src/main/java/org/springframework/security/web/server/header/CacheControlServerHttpHeadersWriter.java
+++ b/web/src/main/java/org/springframework/security/web/server/header/CacheControlServerHttpHeadersWriter.java
@@ -53,12 +53,10 @@ public class CacheControlServerHttpHeadersWriter implements ServerHttpHeadersWri
 	/**
 	 * The delegate to write all the cache control related headers
 	 */
-	private static final ServerHttpHeadersWriter CACHE_HEADERS = StaticServerHttpHeadersWriter
-		.builder()
+	private static final ServerHttpHeadersWriter CACHE_HEADERS = StaticServerHttpHeadersWriter.builder()
 			.header(HttpHeaders.CACHE_CONTROL, CacheControlServerHttpHeadersWriter.CACHE_CONTRTOL_VALUE)
-			.header(HttpHeaders.PRAGMA,  CacheControlServerHttpHeadersWriter.PRAGMA_VALUE)
-			.header(HttpHeaders.EXPIRES,  CacheControlServerHttpHeadersWriter.EXPIRES_VALUE)
-			.build();
+			.header(HttpHeaders.PRAGMA, CacheControlServerHttpHeadersWriter.PRAGMA_VALUE)
+			.header(HttpHeaders.EXPIRES, CacheControlServerHttpHeadersWriter.EXPIRES_VALUE).build();
 
 	@Override
 	public Mono<Void> writeHttpHeaders(ServerWebExchange exchange) {
diff --git a/web/src/main/java/org/springframework/security/web/server/header/ClearSiteDataServerHttpHeadersWriter.java b/web/src/main/java/org/springframework/security/web/server/header/ClearSiteDataServerHttpHeadersWriter.java
index 69049c1d45..bc003aadc3 100644
--- a/web/src/main/java/org/springframework/security/web/server/header/ClearSiteDataServerHttpHeadersWriter.java
+++ b/web/src/main/java/org/springframework/security/web/server/header/ClearSiteDataServerHttpHeadersWriter.java
@@ -21,50 +21,57 @@ import org.springframework.util.Assert;
 import org.springframework.web.server.ServerWebExchange;
 
 /**
- * <p>Writes the {@code Clear-Site-Data} response header when the request is secure.</p>
+ * <p>
+ * Writes the {@code Clear-Site-Data} response header when the request is secure.
+ * </p>
  *
- * <p>For further details pleaes consult <a href="https://www.w3.org/TR/clear-site-data/">W3C Documentation</a>.</p>
+ * <p>
+ * For further details pleaes consult <a href="https://www.w3.org/TR/clear-site-data/">W3C
+ * Documentation</a>.
+ * </p>
  *
  * @author MD Sayem Ahmed
  * @since 5.2
  */
 public final class ClearSiteDataServerHttpHeadersWriter implements ServerHttpHeadersWriter {
+
 	public static final String CLEAR_SITE_DATA_HEADER = "Clear-Site-Data";
 
 	private final StaticServerHttpHeadersWriter headerWriterDelegate;
 
 	/**
-	 * <p>Constructs a new instance using the given directives.</p>
-	 *
+	 * <p>
+	 * Constructs a new instance using the given directives.
+	 * </p>
 	 * @param directives directives that will be written as the header value
 	 * @throws IllegalArgumentException if the argument is null or empty
 	 */
 	public ClearSiteDataServerHttpHeadersWriter(Directive... directives) {
 		Assert.notEmpty(directives, "directives cannot be empty or null");
 		this.headerWriterDelegate = StaticServerHttpHeadersWriter.builder()
-				.header(CLEAR_SITE_DATA_HEADER, transformToHeaderValue(directives))
-				.build();
+				.header(CLEAR_SITE_DATA_HEADER, transformToHeaderValue(directives)).build();
 	}
 
 	@Override
 	public Mono<Void> writeHttpHeaders(ServerWebExchange exchange) {
 		if (isSecure(exchange)) {
-			return this.headerWriterDelegate
-					.writeHttpHeaders(exchange);
-		} else {
+			return this.headerWriterDelegate.writeHttpHeaders(exchange);
+		}
+		else {
 			return Mono.empty();
 		}
 	}
 
 	/**
-	 * <p>Represents the directive values expected by the {@link ClearSiteDataServerHttpHeadersWriter}</p>.
+	 * <p>
+	 * Represents the directive values expected by the
+	 * {@link ClearSiteDataServerHttpHeadersWriter}
+	 * </p>
+	 * .
 	 */
 	public enum Directive {
-		CACHE("cache"),
-		COOKIES("cookies"),
-		STORAGE("storage"),
-		EXECUTION_CONTEXTS("executionContexts"),
-		ALL("*");
+
+		CACHE("cache"), COOKIES("cookies"), STORAGE("storage"), EXECUTION_CONTEXTS("executionContexts"), ALL("*");
 
 		private final String headerValue;
 
@@ -75,6 +82,7 @@ public final class ClearSiteDataServerHttpHeadersWriter implements ServerHttpHea
 		public String getHeaderValue() {
 			return this.headerValue;
 		}
+
 	}
 
 	private String transformToHeaderValue(Directive... directives) {
@@ -87,9 +95,8 @@ public final class ClearSiteDataServerHttpHeadersWriter implements ServerHttpHea
 	}
 
 	private boolean isSecure(ServerWebExchange exchange) {
-		String scheme = exchange.getRequest()
-				.getURI()
-				.getScheme();
+		String scheme = exchange.getRequest().getURI().getScheme();
 		return scheme != null && scheme.equalsIgnoreCase("https");
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/header/CompositeServerHttpHeadersWriter.java b/web/src/main/java/org/springframework/security/web/server/header/CompositeServerHttpHeadersWriter.java
index 2ddb9b1e18..f44115cc60 100644
--- a/web/src/main/java/org/springframework/security/web/server/header/CompositeServerHttpHeadersWriter.java
+++ b/web/src/main/java/org/springframework/security/web/server/header/CompositeServerHttpHeadersWriter.java
@@ -13,7 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package  org.springframework.security.web.server.header;
+package org.springframework.security.web.server.header;
 
 import org.springframework.web.server.ServerWebExchange;
 import reactor.core.publisher.Flux;
@@ -29,6 +29,7 @@ import java.util.List;
  * @since 5.0
  */
 public class CompositeServerHttpHeadersWriter implements ServerHttpHeadersWriter {
+
 	private final List<ServerHttpHeadersWriter> writers;
 
 	public CompositeServerHttpHeadersWriter(ServerHttpHeadersWriter... writers) {
@@ -41,8 +42,7 @@ public class CompositeServerHttpHeadersWriter implements ServerHttpHeadersWriter
 
 	@Override
 	public Mono<Void> writeHttpHeaders(ServerWebExchange exchange) {
-		return Flux.fromIterable(this.writers)
-				.concatMap(w -> w.writeHttpHeaders(exchange))
-				.then();
+		return Flux.fromIterable(this.writers).concatMap(w -> w.writeHttpHeaders(exchange)).then();
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/header/ContentSecurityPolicyServerHttpHeadersWriter.java b/web/src/main/java/org/springframework/security/web/server/header/ContentSecurityPolicyServerHttpHeadersWriter.java
index a70c1fbef1..b053b418af 100644
--- a/web/src/main/java/org/springframework/security/web/server/header/ContentSecurityPolicyServerHttpHeadersWriter.java
+++ b/web/src/main/java/org/springframework/security/web/server/header/ContentSecurityPolicyServerHttpHeadersWriter.java
@@ -28,8 +28,7 @@ import org.springframework.web.server.ServerWebExchange;
  * @author Vedran Pavic
  * @since 5.1
  */
-public final class ContentSecurityPolicyServerHttpHeadersWriter
-		implements ServerHttpHeadersWriter {
+public final class ContentSecurityPolicyServerHttpHeadersWriter implements ServerHttpHeadersWriter {
 
 	public static final String CONTENT_SECURITY_POLICY = "Content-Security-Policy";
 
@@ -43,8 +42,7 @@ public final class ContentSecurityPolicyServerHttpHeadersWriter
 
 	@Override
 	public Mono<Void> writeHttpHeaders(ServerWebExchange exchange) {
-		return (this.delegate != null) ? this.delegate.writeHttpHeaders(exchange)
-				: Mono.empty();
+		return (this.delegate != null) ? this.delegate.writeHttpHeaders(exchange) : Mono.empty();
 	}
 
 	/**
diff --git a/web/src/main/java/org/springframework/security/web/server/header/ContentTypeOptionsServerHttpHeadersWriter.java b/web/src/main/java/org/springframework/security/web/server/header/ContentTypeOptionsServerHttpHeadersWriter.java
index e9a0891bd0..79b8d0082f 100644
--- a/web/src/main/java/org/springframework/security/web/server/header/ContentTypeOptionsServerHttpHeadersWriter.java
+++ b/web/src/main/java/org/springframework/security/web/server/header/ContentTypeOptionsServerHttpHeadersWriter.java
@@ -24,21 +24,17 @@ import reactor.core.publisher.Mono;
  * @author Rob Winch
  * @since 5.0
  */
-public class ContentTypeOptionsServerHttpHeadersWriter
-	implements ServerHttpHeadersWriter {
+public class ContentTypeOptionsServerHttpHeadersWriter implements ServerHttpHeadersWriter {
 
 	public static final String X_CONTENT_OPTIONS = "X-Content-Type-Options";
 
 	public static final String NOSNIFF = "nosniff";
 
-
 	/**
 	 * The delegate to write all the cache control related headers
 	 */
-	private static final ServerHttpHeadersWriter CONTENT_TYPE_HEADERS = StaticServerHttpHeadersWriter
-		.builder()
-			.header(X_CONTENT_OPTIONS, NOSNIFF)
-			.build();
+	private static final ServerHttpHeadersWriter CONTENT_TYPE_HEADERS = StaticServerHttpHeadersWriter.builder()
+			.header(X_CONTENT_OPTIONS, NOSNIFF).build();
 
 	@Override
 	public Mono<Void> writeHttpHeaders(ServerWebExchange exchange) {
diff --git a/web/src/main/java/org/springframework/security/web/server/header/FeaturePolicyServerHttpHeadersWriter.java b/web/src/main/java/org/springframework/security/web/server/header/FeaturePolicyServerHttpHeadersWriter.java
index e1b072fed4..6cfe98e55e 100644
--- a/web/src/main/java/org/springframework/security/web/server/header/FeaturePolicyServerHttpHeadersWriter.java
+++ b/web/src/main/java/org/springframework/security/web/server/header/FeaturePolicyServerHttpHeadersWriter.java
@@ -27,8 +27,7 @@ import org.springframework.web.server.ServerWebExchange;
  * @author Vedran Pavic
  * @since 5.1
  */
-public final class FeaturePolicyServerHttpHeadersWriter
-		implements ServerHttpHeadersWriter {
+public final class FeaturePolicyServerHttpHeadersWriter implements ServerHttpHeadersWriter {
 
 	public static final String FEATURE_POLICY = "Feature-Policy";
 
@@ -36,13 +35,11 @@ public final class FeaturePolicyServerHttpHeadersWriter
 
 	@Override
 	public Mono<Void> writeHttpHeaders(ServerWebExchange exchange) {
-		return (this.delegate != null) ? this.delegate.writeHttpHeaders(exchange)
-				: Mono.empty();
+		return (this.delegate != null) ? this.delegate.writeHttpHeaders(exchange) : Mono.empty();
 	}
 
 	/**
 	 * Set the policy directive(s) to be used in the response header.
-	 *
 	 * @param policyDirectives the policy directive(s)
 	 * @throws IllegalArgumentException if policyDirectives is {@code null} or empty
 	 */
diff --git a/web/src/main/java/org/springframework/security/web/server/header/HttpHeaderWriterWebFilter.java b/web/src/main/java/org/springframework/security/web/server/header/HttpHeaderWriterWebFilter.java
index 3af12b7e00..c3805a8187 100644
--- a/web/src/main/java/org/springframework/security/web/server/header/HttpHeaderWriterWebFilter.java
+++ b/web/src/main/java/org/springframework/security/web/server/header/HttpHeaderWriterWebFilter.java
@@ -30,6 +30,7 @@ import reactor.core.publisher.Mono;
  * @since 5.0
  */
 public class HttpHeaderWriterWebFilter implements WebFilter {
+
 	private final ServerHttpHeadersWriter writer;
 
 	public HttpHeaderWriterWebFilter(ServerHttpHeadersWriter writer) {
diff --git a/web/src/main/java/org/springframework/security/web/server/header/ReferrerPolicyServerHttpHeadersWriter.java b/web/src/main/java/org/springframework/security/web/server/header/ReferrerPolicyServerHttpHeadersWriter.java
index fe4a64132b..64457b09e1 100644
--- a/web/src/main/java/org/springframework/security/web/server/header/ReferrerPolicyServerHttpHeadersWriter.java
+++ b/web/src/main/java/org/springframework/security/web/server/header/ReferrerPolicyServerHttpHeadersWriter.java
@@ -31,8 +31,7 @@ import org.springframework.web.server.ServerWebExchange;
  * @author Vedran Pavic
  * @since 5.1
  */
-public final class ReferrerPolicyServerHttpHeadersWriter
-		implements ServerHttpHeadersWriter {
+public final class ReferrerPolicyServerHttpHeadersWriter implements ServerHttpHeadersWriter {
 
 	public static final String REFERRER_POLICY = "Referrer-Policy";
 
diff --git a/web/src/main/java/org/springframework/security/web/server/header/ServerHttpHeadersWriter.java b/web/src/main/java/org/springframework/security/web/server/header/ServerHttpHeadersWriter.java
index 744757ccd3..cbfd478f9b 100644
--- a/web/src/main/java/org/springframework/security/web/server/header/ServerHttpHeadersWriter.java
+++ b/web/src/main/java/org/springframework/security/web/server/header/ServerHttpHeadersWriter.java
@@ -32,10 +32,10 @@ public interface ServerHttpHeadersWriter {
 
 	/**
 	 * Write the headers to the response.
-	 *
 	 * @param exchange
 	 * @return A Mono which is returned to the {@link Supplier} of the
-	 *         {@link ServerHttpResponse#beforeCommit(Supplier)}.
+	 * {@link ServerHttpResponse#beforeCommit(Supplier)}.
 	 */
 	Mono<Void> writeHttpHeaders(ServerWebExchange exchange);
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/header/StaticServerHttpHeadersWriter.java b/web/src/main/java/org/springframework/security/web/server/header/StaticServerHttpHeadersWriter.java
index f0e8c7f30e..4dcc9e38fc 100644
--- a/web/src/main/java/org/springframework/security/web/server/header/StaticServerHttpHeadersWriter.java
+++ b/web/src/main/java/org/springframework/security/web/server/header/StaticServerHttpHeadersWriter.java
@@ -30,14 +30,19 @@ import reactor.core.publisher.Mono;
  * @since 5.0
  */
 public class StaticServerHttpHeadersWriter implements ServerHttpHeadersWriter {
+
 	private final HttpHeaders headersToAdd;
 
 	public StaticServerHttpHeadersWriter(HttpHeaders headersToAdd) {
 		this.headersToAdd = headersToAdd;
 	}
 
-	/* (non-Javadoc)
-	 * @see org.springframework.security.web.server.HttpHeadersWriter#writeHttpHeaders(org.springframework.web.server.ServerWebExchange)
+	/*
+	 * (non-Javadoc)
+	 *
+	 * @see
+	 * org.springframework.security.web.server.HttpHeadersWriter#writeHttpHeaders(org.
+	 * springframework.web.server.ServerWebExchange)
 	 */
 	@Override
 	public Mono<Void> writeHttpHeaders(ServerWebExchange exchange) {
@@ -56,9 +61,10 @@ public class StaticServerHttpHeadersWriter implements ServerHttpHeadersWriter {
 	}
 
 	public static class Builder {
+
 		private HttpHeaders headers = new HttpHeaders();
 
-		public Builder header(String headerName, String...values) {
+		public Builder header(String headerName, String... values) {
 			headers.put(headerName, Arrays.asList(values));
 			return this;
 		}
@@ -66,5 +72,7 @@ public class StaticServerHttpHeadersWriter implements ServerHttpHeadersWriter {
 		public StaticServerHttpHeadersWriter build() {
 			return new StaticServerHttpHeadersWriter(headers);
 		}
+
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/header/StrictTransportSecurityServerHttpHeadersWriter.java b/web/src/main/java/org/springframework/security/web/server/header/StrictTransportSecurityServerHttpHeadersWriter.java
index 72303cf4a4..d78942e610 100644
--- a/web/src/main/java/org/springframework/security/web/server/header/StrictTransportSecurityServerHttpHeadersWriter.java
+++ b/web/src/main/java/org/springframework/security/web/server/header/StrictTransportSecurityServerHttpHeadersWriter.java
@@ -23,11 +23,12 @@ import reactor.core.publisher.Mono;
 
 /**
  * Writes the Strict-Transport-Security if the request is secure.
+ *
  * @author Rob Winch
  * @since 5.0
  */
-public final class StrictTransportSecurityServerHttpHeadersWriter
-	implements ServerHttpHeadersWriter {
+public final class StrictTransportSecurityServerHttpHeadersWriter implements ServerHttpHeadersWriter {
+
 	public static final String STRICT_TRANSPORT_SECURITY = "Strict-Transport-Security";
 
 	private String maxAge;
@@ -48,8 +49,12 @@ public final class StrictTransportSecurityServerHttpHeadersWriter
 		updateDelegate();
 	}
 
-	/* (non-Javadoc)
-	 * @see org.springframework.security.web.server.HttpHeadersWriter#writeHttpHeaders(org.springframework.http.HttpHeaders)
+	/*
+	 * (non-Javadoc)
+	 *
+	 * @see
+	 * org.springframework.security.web.server.HttpHeadersWriter#writeHttpHeaders(org.
+	 * springframework.http.HttpHeaders)
 	 */
 	@Override
 	public Mono<Void> writeHttpHeaders(ServerWebExchange exchange) {
@@ -67,12 +72,12 @@ public final class StrictTransportSecurityServerHttpHeadersWriter
 
 	/**
 	 * <p>
-     * Sets if preload should be included. Default is false
-     * </p>
+	 * Sets if preload should be included. Default is false
+	 * </p>
 	 *
 	 * <p>
-	 * See <a href="https://hstspreload.org/">Website hstspreload.org</a>
-	 * for additional details.
+	 * See <a href="https://hstspreload.org/">Website hstspreload.org</a> for additional
+	 * details.
 	 * </p>
 	 * @param preload if preload should be included
 	 * @since 5.2.0
@@ -94,8 +99,7 @@ public final class StrictTransportSecurityServerHttpHeadersWriter
 
 	private void updateDelegate() {
 		delegate = StaticServerHttpHeadersWriter.builder()
-				.header(STRICT_TRANSPORT_SECURITY, maxAge + subdomain + preload)
-				.build();
+				.header(STRICT_TRANSPORT_SECURITY, maxAge + subdomain + preload).build();
 	}
 
 	private boolean isSecure(ServerWebExchange exchange) {
@@ -103,4 +107,5 @@ public final class StrictTransportSecurityServerHttpHeadersWriter
 		boolean isSecure = scheme != null && scheme.equalsIgnoreCase("https");
 		return isSecure;
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/header/XContentTypeOptionsServerHttpHeadersWriter.java b/web/src/main/java/org/springframework/security/web/server/header/XContentTypeOptionsServerHttpHeadersWriter.java
index 46b355448c..4da90b5852 100644
--- a/web/src/main/java/org/springframework/security/web/server/header/XContentTypeOptionsServerHttpHeadersWriter.java
+++ b/web/src/main/java/org/springframework/security/web/server/header/XContentTypeOptionsServerHttpHeadersWriter.java
@@ -25,21 +25,17 @@ import reactor.core.publisher.Mono;
  * @author Rob Winch
  * @since 5.0
  */
-public class XContentTypeOptionsServerHttpHeadersWriter
-	implements ServerHttpHeadersWriter {
+public class XContentTypeOptionsServerHttpHeadersWriter implements ServerHttpHeadersWriter {
 
 	public static final String X_CONTENT_OPTIONS = "X-Content-Options";
 
 	public static final String NOSNIFF = "nosniff";
 
-
 	/**
 	 * The delegate to write all the cache control related headers
 	 */
-	private static final ServerHttpHeadersWriter CONTENT_TYPE_HEADERS = StaticServerHttpHeadersWriter
-		.builder()
-			.header(X_CONTENT_OPTIONS, NOSNIFF)
-			.build();
+	private static final ServerHttpHeadersWriter CONTENT_TYPE_HEADERS = StaticServerHttpHeadersWriter.builder()
+			.header(X_CONTENT_OPTIONS, NOSNIFF).build();
 
 	@Override
 	public Mono<Void> writeHttpHeaders(ServerWebExchange exchange) {
diff --git a/web/src/main/java/org/springframework/security/web/server/header/XFrameOptionsServerHttpHeadersWriter.java b/web/src/main/java/org/springframework/security/web/server/header/XFrameOptionsServerHttpHeadersWriter.java
index 3a42fd9f3b..e8e417fe83 100644
--- a/web/src/main/java/org/springframework/security/web/server/header/XFrameOptionsServerHttpHeadersWriter.java
+++ b/web/src/main/java/org/springframework/security/web/server/header/XFrameOptionsServerHttpHeadersWriter.java
@@ -21,10 +21,12 @@ import reactor.core.publisher.Mono;
 
 /**
  * {@code ServerHttpHeadersWriter} implementation for the X-Frame-Options headers.
+ *
  * @author Rob Winch
  * @since 5.0
  */
 public class XFrameOptionsServerHttpHeadersWriter implements ServerHttpHeadersWriter {
+
 	public static final String X_FRAME_OPTIONS = "X-Frame-Options";
 
 	private ServerHttpHeadersWriter delegate = createDelegate(Mode.DENY);
@@ -41,13 +43,12 @@ public class XFrameOptionsServerHttpHeadersWriter implements ServerHttpHeadersWr
 	}
 
 	/**
-	 * Sets the X-Frame-Options mode. There is no support for ALLOW-FROM because
-	 * not <a href=
+	 * Sets the X-Frame-Options mode. There is no support for ALLOW-FROM because not
+	 * <a href=
 	 * "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options">all
 	 * browsers support it</a>. Consider using X-Frame-Options with
 	 * Content-Security-Policy <a href=
 	 * "https://w3c.github.io/webappsec/specs/content-security-policy/#directive-frame-ancestors">frame-ancestors</a>.
-	 *
 	 * @param mode
 	 */
 	public void setMode(Mode mode) {
@@ -55,8 +56,7 @@ public class XFrameOptionsServerHttpHeadersWriter implements ServerHttpHeadersWr
 	}
 
 	/**
-	 * The X-Frame-Options values. There is no support for ALLOW-FROM because
-	 * not <a href=
+	 * The X-Frame-Options values. There is no support for ALLOW-FROM because not <a href=
 	 * "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options">all
 	 * browsers support it</a>. Consider using X-Frame-Options with
 	 * Content-Security-Policy <a href=
@@ -66,21 +66,21 @@ public class XFrameOptionsServerHttpHeadersWriter implements ServerHttpHeadersWr
 	 * @since 5.0
 	 */
 	public enum Mode {
+
 		/**
-		 * A browser receiving content with this header field MUST NOT display
-		 * this content in any frame.
+		 * A browser receiving content with this header field MUST NOT display this
+		 * content in any frame.
 		 */
 		DENY,
 		/**
-		 * A browser receiving content with this header field MUST NOT display
-		 * this content in any frame from a page of different origin than the
-		 * content itself.
+		 * A browser receiving content with this header field MUST NOT display this
+		 * content in any frame from a page of different origin than the content itself.
 		 *
-		 * If a browser or plugin cannot reliably determine whether or not the
-		 * origin of the content and the frame are the same, this MUST be
-		 * treated as "DENY".
+		 * If a browser or plugin cannot reliably determine whether or not the origin of
+		 * the content and the frame are the same, this MUST be treated as "DENY".
 		 */
 		SAMEORIGIN
+
 	}
 
 	private static ServerHttpHeadersWriter createDelegate(Mode mode) {
@@ -89,4 +89,5 @@ public class XFrameOptionsServerHttpHeadersWriter implements ServerHttpHeadersWr
 		// @formatter:on
 
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/header/XXssProtectionServerHttpHeadersWriter.java b/web/src/main/java/org/springframework/security/web/server/header/XXssProtectionServerHttpHeadersWriter.java
index e93b37ca2b..a05e53e5b2 100644
--- a/web/src/main/java/org/springframework/security/web/server/header/XXssProtectionServerHttpHeadersWriter.java
+++ b/web/src/main/java/org/springframework/security/web/server/header/XXssProtectionServerHttpHeadersWriter.java
@@ -26,6 +26,7 @@ import reactor.core.publisher.Mono;
  * @since 5.0
  */
 public class XXssProtectionServerHttpHeadersWriter implements ServerHttpHeadersWriter {
+
 	public static final String X_XSS_PROTECTION = "X-XSS-Protection";
 
 	private boolean enabled;
@@ -43,8 +44,12 @@ public class XXssProtectionServerHttpHeadersWriter implements ServerHttpHeadersW
 		updateDelegate();
 	}
 
-	/* (non-Javadoc)
-	 * @see org.springframework.security.web.server.HttpHeadersWriter#writeHttpHeaders(org.springframework.web.server.ServerWebExchange)
+	/*
+	 * (non-Javadoc)
+	 *
+	 * @see
+	 * org.springframework.security.web.server.HttpHeadersWriter#writeHttpHeaders(org.
+	 * springframework.web.server.ServerWebExchange)
 	 */
 	@Override
 	public Mono<Void> writeHttpHeaders(ServerWebExchange exchange) {
@@ -71,7 +76,6 @@ public class XXssProtectionServerHttpHeadersWriter implements ServerHttpHeadersW
 	 * <pre>
 	 * X-XSS-Protection: 0
 	 * </pre>
-	 *
 	 * @param enabled the new value
 	 */
 	public void setEnabled(boolean enabled) {
@@ -85,13 +89,11 @@ public class XXssProtectionServerHttpHeadersWriter implements ServerHttpHeadersW
 	/**
 	 * If false, will not specify the mode as blocked. In this instance, any content will
 	 * be attempted to be fixed. If true, the content will be replaced with "#".
-	 *
 	 * @param block the new value
 	 */
 	public void setBlock(boolean block) {
 		if (!enabled && block) {
-			throw new IllegalArgumentException(
-					"Cannot set block to true with enabled false");
+			throw new IllegalArgumentException("Cannot set block to true with enabled false");
 		}
 		this.block = block;
 		updateDelegate();
@@ -99,18 +101,17 @@ public class XXssProtectionServerHttpHeadersWriter implements ServerHttpHeadersW
 
 	private void updateDelegate() {
 
-		this.delegate = StaticServerHttpHeadersWriter.builder()
-				.header(X_XSS_PROTECTION, createHeaderValue())
-				.build();
+		this.delegate = StaticServerHttpHeadersWriter.builder().header(X_XSS_PROTECTION, createHeaderValue()).build();
 	}
 
 	private String createHeaderValue() {
 		if (!enabled) {
-			return  "0";
+			return "0";
 		}
 		if (!block) {
 			return "1";
 		}
 		return "1 ; mode=block";
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/jackson2/DefaultCsrfServerTokenMixin.java b/web/src/main/java/org/springframework/security/web/server/jackson2/DefaultCsrfServerTokenMixin.java
index e0e82c1252..354480c60c 100644
--- a/web/src/main/java/org/springframework/security/web/server/jackson2/DefaultCsrfServerTokenMixin.java
+++ b/web/src/main/java/org/springframework/security/web/server/jackson2/DefaultCsrfServerTokenMixin.java
@@ -22,8 +22,9 @@ import com.fasterxml.jackson.annotation.JsonProperty;
 import com.fasterxml.jackson.annotation.JsonTypeInfo;
 
 /**
- * Jackson mixin class to serialize/deserialize {@link org.springframework.security.web.server.csrf.DefaultCsrfToken}
- * serialization support.
+ * Jackson mixin class to serialize/deserialize
+ * {@link org.springframework.security.web.server.csrf.DefaultCsrfToken} serialization
+ * support.
  *
  * <pre>
  * 		ObjectMapper mapper = new ObjectMapper();
@@ -39,15 +40,15 @@ import com.fasterxml.jackson.annotation.JsonTypeInfo;
 class DefaultCsrfServerTokenMixin {
 
 	/**
-	 * JsonCreator constructor needed by Jackson to create {@link org.springframework.security.web.server.csrf.DefaultCsrfToken}
-	 * object.
-	 *
-	 * @param headerName    the name of the header
+	 * JsonCreator constructor needed by Jackson to create
+	 * {@link org.springframework.security.web.server.csrf.DefaultCsrfToken} object.
+	 * @param headerName the name of the header
 	 * @param parameterName the parameter name
-	 * @param token         the CSRF token value
+	 * @param token the CSRF token value
 	 */
 	@JsonCreator
 	DefaultCsrfServerTokenMixin(@JsonProperty("headerName") String headerName,
-										@JsonProperty("parameterName") String parameterName, @JsonProperty("token") String token) {
+			@JsonProperty("parameterName") String parameterName, @JsonProperty("token") String token) {
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/jackson2/WebServerJackson2Module.java b/web/src/main/java/org/springframework/security/web/server/jackson2/WebServerJackson2Module.java
index c5859d9eee..dea20278de 100644
--- a/web/src/main/java/org/springframework/security/web/server/jackson2/WebServerJackson2Module.java
+++ b/web/src/main/java/org/springframework/security/web/server/jackson2/WebServerJackson2Module.java
@@ -22,16 +22,16 @@ import org.springframework.security.jackson2.SecurityJackson2Modules;
 import org.springframework.security.web.server.csrf.DefaultCsrfToken;
 
 /**
- * Jackson module for spring-security-web-flux. This module register {@link DefaultCsrfServerTokenMixin}
- * If no default typing enabled by default then it'll enable it because typing info is needed to
- * properly serialize/deserialize objects.
- * In order to use this module just add this module into your ObjectMapper configuration.
+ * Jackson module for spring-security-web-flux. This module register
+ * {@link DefaultCsrfServerTokenMixin} If no default typing enabled by default then it'll
+ * enable it because typing info is needed to properly serialize/deserialize objects. In
+ * order to use this module just add this module into your ObjectMapper configuration.
  *
  * <pre>
  *     ObjectMapper mapper = new ObjectMapper();
  *     mapper.registerModule(new WebServerJackson2Module());
- * </pre>
- * <b>Note: use {@link SecurityJackson2Modules#getModules(ClassLoader)} to get list of all security modules.</b>
+ * </pre> <b>Note: use {@link SecurityJackson2Modules#getModules(ClassLoader)} to get list
+ * of all security modules.</b>
  *
  * @author Boris Finkelshteyn
  * @see SecurityJackson2Modules
@@ -48,4 +48,5 @@ public class WebServerJackson2Module extends SimpleModule {
 		SecurityJackson2Modules.enableDefaultTyping(context.getOwner());
 		context.setMixInAnnotations(DefaultCsrfToken.class, DefaultCsrfServerTokenMixin.class);
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/savedrequest/CookieServerRequestCache.java b/web/src/main/java/org/springframework/security/web/server/savedrequest/CookieServerRequestCache.java
index d1311bb121..1a28061aa6 100644
--- a/web/src/main/java/org/springframework/security/web/server/savedrequest/CookieServerRequestCache.java
+++ b/web/src/main/java/org/springframework/security/web/server/savedrequest/CookieServerRequestCache.java
@@ -40,14 +40,15 @@ import java.util.Base64;
 import java.util.Collections;
 
 /**
- * An implementation of {@link ServerRequestCache} that saves the
- * requested URI in a cookie.
+ * An implementation of {@link ServerRequestCache} that saves the requested URI in a
+ * cookie.
  *
  * @author Eleftheria Stein
  * @author Mathieu Ouellet
  * @since 5.4
  */
 public class CookieServerRequestCache implements ServerRequestCache {
+
 	private static final String REDIRECT_URI_COOKIE_NAME = "REDIRECT_URI";
 
 	private static final Duration COOKIE_MAX_AGE = Duration.ofSeconds(-1);
@@ -57,11 +58,10 @@ public class CookieServerRequestCache implements ServerRequestCache {
 	private ServerWebExchangeMatcher saveRequestMatcher = createDefaultRequestMatcher();
 
 	/**
-	 * Sets the matcher to determine if the request should be saved. The default is to match
-	 * on any GET request.
-	 *
+	 * Sets the matcher to determine if the request should be saved. The default is to
+	 * match on any GET request.
 	 * @param saveRequestMatcher the {@link ServerWebExchangeMatcher} that determines if
-	 *                           the request should be saved
+	 * the request should be saved
 	 */
 	public void setSaveRequestMatcher(ServerWebExchangeMatcher saveRequestMatcher) {
 		Assert.notNull(saveRequestMatcher, "saveRequestMatcher cannot be null");
@@ -70,35 +70,28 @@ public class CookieServerRequestCache implements ServerRequestCache {
 
 	@Override
 	public Mono<Void> saveRequest(ServerWebExchange exchange) {
-		return this.saveRequestMatcher.matches(exchange)
-				.filter(m -> m.isMatch())
-				.map(m -> exchange.getResponse())
-				.map(ServerHttpResponse::getCookies)
-				.doOnNext(cookies -> {
+		return this.saveRequestMatcher.matches(exchange).filter(m -> m.isMatch()).map(m -> exchange.getResponse())
+				.map(ServerHttpResponse::getCookies).doOnNext(cookies -> {
 					ResponseCookie redirectUriCookie = createRedirectUriCookie(exchange.getRequest());
 					cookies.add(REDIRECT_URI_COOKIE_NAME, redirectUriCookie);
 					if (logger.isDebugEnabled()) {
 						logger.debug("Request added to Cookie: " + redirectUriCookie);
 					}
-				})
-				.then();
+				}).then();
 	}
 
 	@Override
 	public Mono<URI> getRedirectUri(ServerWebExchange exchange) {
 		MultiValueMap<String, HttpCookie> cookieMap = exchange.getRequest().getCookies();
-		return Mono.justOrEmpty(cookieMap.getFirst(REDIRECT_URI_COOKIE_NAME))
-				.map(HttpCookie::getValue)
+		return Mono.justOrEmpty(cookieMap.getFirst(REDIRECT_URI_COOKIE_NAME)).map(HttpCookie::getValue)
 				.map(CookieServerRequestCache::decodeCookie)
-				.onErrorResume(IllegalArgumentException.class, e -> Mono.empty())
-				.map(URI::create);
+				.onErrorResume(IllegalArgumentException.class, e -> Mono.empty()).map(URI::create);
 	}
 
 	@Override
 	public Mono<ServerHttpRequest> removeMatchingRequest(ServerWebExchange exchange) {
-		return Mono.just(exchange.getResponse())
-				.map(ServerHttpResponse::getCookies)
-				.doOnNext(cookies -> cookies.add(REDIRECT_URI_COOKIE_NAME, invalidateRedirectUriCookie(exchange.getRequest())))
+		return Mono.just(exchange.getResponse()).map(ServerHttpResponse::getCookies).doOnNext(
+				cookies -> cookies.add(REDIRECT_URI_COOKIE_NAME, invalidateRedirectUriCookie(exchange.getRequest())))
 				.thenReturn(exchange.getRequest());
 	}
 
@@ -116,12 +109,8 @@ public class CookieServerRequestCache implements ServerRequestCache {
 
 	private static ResponseCookie createResponseCookie(ServerHttpRequest request, String cookieValue, Duration age) {
 		return ResponseCookie.from(REDIRECT_URI_COOKIE_NAME, cookieValue)
-				.path(request.getPath().contextPath().value() + "/")
-				.maxAge(age)
-				.httpOnly(true)
-				.secure("https".equalsIgnoreCase(request.getURI().getScheme()))
-				.sameSite("Lax")
-				.build();
+				.path(request.getPath().contextPath().value() + "/").maxAge(age).httpOnly(true)
+				.secure("https".equalsIgnoreCase(request.getURI().getScheme())).sameSite("Lax").build();
 	}
 
 	private static String encodeCookie(String cookieValue) {
@@ -134,9 +123,11 @@ public class CookieServerRequestCache implements ServerRequestCache {
 
 	private static ServerWebExchangeMatcher createDefaultRequestMatcher() {
 		ServerWebExchangeMatcher get = ServerWebExchangeMatchers.pathMatchers(HttpMethod.GET, "/**");
-		ServerWebExchangeMatcher notFavicon = new NegatedServerWebExchangeMatcher(ServerWebExchangeMatchers.pathMatchers("/favicon.*"));
+		ServerWebExchangeMatcher notFavicon = new NegatedServerWebExchangeMatcher(
+				ServerWebExchangeMatchers.pathMatchers("/favicon.*"));
 		MediaTypeServerWebExchangeMatcher html = new MediaTypeServerWebExchangeMatcher(MediaType.TEXT_HTML);
 		html.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL));
 		return new AndServerWebExchangeMatcher(get, notFavicon, html);
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/savedrequest/NoOpServerRequestCache.java b/web/src/main/java/org/springframework/security/web/server/savedrequest/NoOpServerRequestCache.java
index 7c604cd0dd..87b1f0bcd0 100644
--- a/web/src/main/java/org/springframework/security/web/server/savedrequest/NoOpServerRequestCache.java
+++ b/web/src/main/java/org/springframework/security/web/server/savedrequest/NoOpServerRequestCache.java
@@ -23,11 +23,14 @@ import reactor.core.publisher.Mono;
 import java.net.URI;
 
 /**
- * An implementation of {@link ServerRequestCache} that does nothing. This is used in stateless applications
+ * An implementation of {@link ServerRequestCache} that does nothing. This is used in
+ * stateless applications
+ *
  * @author Rob Winch
  * @since 5.0
  */
 public class NoOpServerRequestCache implements ServerRequestCache {
+
 	@Override
 	public Mono<Void> saveRequest(ServerWebExchange exchange) {
 		return Mono.empty();
@@ -39,8 +42,7 @@ public class NoOpServerRequestCache implements ServerRequestCache {
 	}
 
 	@Override
-	public Mono<ServerHttpRequest> removeMatchingRequest(
-		ServerWebExchange exchange) {
+	public Mono<ServerHttpRequest> removeMatchingRequest(ServerWebExchange exchange) {
 		return Mono.empty();
 	}
 
@@ -48,5 +50,7 @@ public class NoOpServerRequestCache implements ServerRequestCache {
 		return new NoOpServerRequestCache();
 	}
 
-	private NoOpServerRequestCache() {}
+	private NoOpServerRequestCache() {
+	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/savedrequest/ServerRequestCache.java b/web/src/main/java/org/springframework/security/web/server/savedrequest/ServerRequestCache.java
index 5287e6238e..147042ed6b 100644
--- a/web/src/main/java/org/springframework/security/web/server/savedrequest/ServerRequestCache.java
+++ b/web/src/main/java/org/springframework/security/web/server/savedrequest/ServerRequestCache.java
@@ -47,10 +47,11 @@ public interface ServerRequestCache {
 	Mono<URI> getRedirectUri(ServerWebExchange exchange);
 
 	/**
-	 * If the provided {@link ServerWebExchange} matches the saved {@link ServerHttpRequest}
-	 * gets the saved {@link ServerHttpRequest}
+	 * If the provided {@link ServerWebExchange} matches the saved
+	 * {@link ServerHttpRequest} gets the saved {@link ServerHttpRequest}
 	 * @param exchange the exchange to obtain the request from
 	 * @return the {@link ServerHttpRequest}
 	 */
 	Mono<ServerHttpRequest> removeMatchingRequest(ServerWebExchange exchange);
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/savedrequest/ServerRequestCacheWebFilter.java b/web/src/main/java/org/springframework/security/web/server/savedrequest/ServerRequestCacheWebFilter.java
index 9214f6841b..176fcfca50 100644
--- a/web/src/main/java/org/springframework/security/web/server/savedrequest/ServerRequestCacheWebFilter.java
+++ b/web/src/main/java/org/springframework/security/web/server/savedrequest/ServerRequestCacheWebFilter.java
@@ -29,18 +29,18 @@ import reactor.core.publisher.Mono;
  * @since 5.0
  */
 public class ServerRequestCacheWebFilter implements WebFilter {
+
 	private ServerRequestCache requestCache = new WebSessionServerRequestCache();
 
 	@Override
 	public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
-		return this.requestCache.removeMatchingRequest(exchange)
-			.map(r -> exchange.mutate().request(r).build())
-			.defaultIfEmpty(exchange)
-			.flatMap(e -> chain.filter(e));
+		return this.requestCache.removeMatchingRequest(exchange).map(r -> exchange.mutate().request(r).build())
+				.defaultIfEmpty(exchange).flatMap(e -> chain.filter(e));
 	}
 
 	public void setRequestCache(ServerRequestCache requestCache) {
 		Assert.notNull(requestCache, "requestCache cannot be null");
 		this.requestCache = requestCache;
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/savedrequest/WebSessionServerRequestCache.java b/web/src/main/java/org/springframework/security/web/server/savedrequest/WebSessionServerRequestCache.java
index 7b55fc22eb..01afc67356 100644
--- a/web/src/main/java/org/springframework/security/web/server/savedrequest/WebSessionServerRequestCache.java
+++ b/web/src/main/java/org/springframework/security/web/server/savedrequest/WebSessionServerRequestCache.java
@@ -46,6 +46,7 @@ import java.util.Collections;
  * @since 5.0
  */
 public class WebSessionServerRequestCache implements ServerRequestCache {
+
 	private static final String DEFAULT_SAVED_REQUEST_ATTR = "SPRING_SECURITY_SAVED_REQUEST";
 
 	private static final Log logger = LogFactory.getLog(WebSessionServerRequestCache.class);
@@ -55,9 +56,8 @@ public class WebSessionServerRequestCache implements ServerRequestCache {
 	private ServerWebExchangeMatcher saveRequestMatcher = createDefaultRequestMacher();
 
 	/**
-	 * Sets the matcher to determine if the request should be saved. The default is to match
-	 * on any GET request.
-	 *
+	 * Sets the matcher to determine if the request should be saved. The default is to
+	 * match on any GET request.
 	 * @param saveRequestMatcher
 	 */
 	public void setSaveRequestMatcher(ServerWebExchangeMatcher saveRequestMatcher) {
@@ -67,43 +67,35 @@ public class WebSessionServerRequestCache implements ServerRequestCache {
 
 	@Override
 	public Mono<Void> saveRequest(ServerWebExchange exchange) {
-		return this.saveRequestMatcher.matches(exchange)
-			.filter(MatchResult::isMatch)
-			.flatMap(m -> exchange.getSession())
-			.map(WebSession::getAttributes)
-			.doOnNext(attrs -> {
-				String requestPath = pathInApplication(exchange.getRequest());
-				attrs.put(this.sessionAttrName, requestPath);
-				if (logger.isDebugEnabled()) {
-					logger.debug("Request added to WebSession: '" + requestPath + "'");
-				}
-			})
-			.then();
+		return this.saveRequestMatcher.matches(exchange).filter(MatchResult::isMatch)
+				.flatMap(m -> exchange.getSession()).map(WebSession::getAttributes).doOnNext(attrs -> {
+					String requestPath = pathInApplication(exchange.getRequest());
+					attrs.put(this.sessionAttrName, requestPath);
+					if (logger.isDebugEnabled()) {
+						logger.debug("Request added to WebSession: '" + requestPath + "'");
+					}
+				}).then();
 	}
 
 	@Override
 	public Mono<URI> getRedirectUri(ServerWebExchange exchange) {
 		return exchange.getSession()
-			.flatMap(session -> Mono.justOrEmpty(session.<String>getAttribute(this.sessionAttrName)))
-			.map(URI::create);
+				.flatMap(session -> Mono.justOrEmpty(session.<String>getAttribute(this.sessionAttrName)))
+				.map(URI::create);
 	}
 
 	@Override
-	public Mono<ServerHttpRequest> removeMatchingRequest(
-		ServerWebExchange exchange) {
-		return exchange.getSession()
-			.map(WebSession::getAttributes)
-			.filter(attributes -> {
-				String requestPath = pathInApplication(exchange.getRequest());
-				boolean removed = attributes.remove(this.sessionAttrName, requestPath);
-				if (removed) {
-					if (logger.isDebugEnabled()) {
-						logger.debug("Request removed from WebSession: '" + requestPath + "'");
-					}
+	public Mono<ServerHttpRequest> removeMatchingRequest(ServerWebExchange exchange) {
+		return exchange.getSession().map(WebSession::getAttributes).filter(attributes -> {
+			String requestPath = pathInApplication(exchange.getRequest());
+			boolean removed = attributes.remove(this.sessionAttrName, requestPath);
+			if (removed) {
+				if (logger.isDebugEnabled()) {
+					logger.debug("Request removed from WebSession: '" + requestPath + "'");
 				}
-				return removed;
-			})
-			.map(attributes -> exchange.getRequest());
+			}
+			return removed;
+		}).map(attributes -> exchange.getRequest());
 	}
 
 	private static String pathInApplication(ServerHttpRequest request) {
@@ -114,9 +106,11 @@ public class WebSessionServerRequestCache implements ServerRequestCache {
 
 	private static ServerWebExchangeMatcher createDefaultRequestMacher() {
 		ServerWebExchangeMatcher get = ServerWebExchangeMatchers.pathMatchers(HttpMethod.GET, "/**");
-		ServerWebExchangeMatcher notFavicon = new NegatedServerWebExchangeMatcher(ServerWebExchangeMatchers.pathMatchers("/favicon.*"));
+		ServerWebExchangeMatcher notFavicon = new NegatedServerWebExchangeMatcher(
+				ServerWebExchangeMatchers.pathMatchers("/favicon.*"));
 		MediaTypeServerWebExchangeMatcher html = new MediaTypeServerWebExchangeMatcher(MediaType.TEXT_HTML);
 		html.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL));
 		return new AndServerWebExchangeMatcher(get, notFavicon, html);
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/transport/HttpsRedirectWebFilter.java b/web/src/main/java/org/springframework/security/web/server/transport/HttpsRedirectWebFilter.java
index 41080e2cbe..57c88ae447 100644
--- a/web/src/main/java/org/springframework/security/web/server/transport/HttpsRedirectWebFilter.java
+++ b/web/src/main/java/org/springframework/security/web/server/transport/HttpsRedirectWebFilter.java
@@ -36,7 +36,8 @@ import static org.springframework.security.web.server.util.matcher.ServerWebExch
 /**
  * Redirects any non-HTTPS request to its HTTPS equivalent.
  *
- * Can be configured to use a {@link ServerWebExchangeMatcher} to narrow which requests get redirected.
+ * Can be configured to use a {@link ServerWebExchangeMatcher} to narrow which requests
+ * get redirected.
  *
  * Can also be configured for custom ports using {@link PortMapper}.
  *
@@ -44,6 +45,7 @@ import static org.springframework.security.web.server.util.matcher.ServerWebExch
  * @since 5.1
  */
 public final class HttpsRedirectWebFilter implements WebFilter {
+
 	private PortMapper portMapper = new PortMapperImpl();
 
 	private ServerWebExchangeMatcher requiresHttpsRedirectMatcher = anyExchange();
@@ -55,18 +57,14 @@ public final class HttpsRedirectWebFilter implements WebFilter {
 	 */
 	@Override
 	public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
-		return Mono.just(exchange)
-				.filter(this::isInsecure)
-				.flatMap(this.requiresHttpsRedirectMatcher::matches)
-				.filter(matchResult -> matchResult.isMatch())
-				.switchIfEmpty(chain.filter(exchange).then(Mono.empty()))
+		return Mono.just(exchange).filter(this::isInsecure).flatMap(this.requiresHttpsRedirectMatcher::matches)
+				.filter(matchResult -> matchResult.isMatch()).switchIfEmpty(chain.filter(exchange).then(Mono.empty()))
 				.map(matchResult -> createRedirectUri(exchange))
 				.flatMap(uri -> this.redirectStrategy.sendRedirect(exchange, uri));
 	}
 
 	/**
 	 * Use this {@link PortMapper} for mapping custom ports
-	 *
 	 * @param portMapper the {@link PortMapper} to use
 	 */
 	public void setPortMapper(PortMapper portMapper) {
@@ -75,18 +73,16 @@ public final class HttpsRedirectWebFilter implements WebFilter {
 	}
 
 	/**
-	 * Use this {@link ServerWebExchangeMatcher} to narrow which requests are redirected to HTTPS.
+	 * Use this {@link ServerWebExchangeMatcher} to narrow which requests are redirected
+	 * to HTTPS.
 	 *
 	 * The filter already first checks for HTTPS in the uri scheme, so it is not necessary
 	 * to include that check in this matcher.
-	 *
 	 * @param requiresHttpsRedirectMatcher the {@link ServerWebExchangeMatcher} to use
 	 */
-	public void setRequiresHttpsRedirectMatcher
-			(ServerWebExchangeMatcher requiresHttpsRedirectMatcher) {
+	public void setRequiresHttpsRedirectMatcher(ServerWebExchangeMatcher requiresHttpsRedirectMatcher) {
 
-		Assert.notNull(requiresHttpsRedirectMatcher,
-				"requiresHttpsRedirectMatcher cannot be null");
+		Assert.notNull(requiresHttpsRedirectMatcher, "requiresHttpsRedirectMatcher cannot be null");
 		this.requiresHttpsRedirectMatcher = requiresHttpsRedirectMatcher;
 	}
 
@@ -97,8 +93,7 @@ public final class HttpsRedirectWebFilter implements WebFilter {
 	private URI createRedirectUri(ServerWebExchange exchange) {
 		int port = exchange.getRequest().getURI().getPort();
 
-		UriComponentsBuilder builder =
-				UriComponentsBuilder.fromUri(exchange.getRequest().getURI());
+		UriComponentsBuilder builder = UriComponentsBuilder.fromUri(exchange.getRequest().getURI());
 
 		if (port > 0) {
 			Integer httpsPort = this.portMapper.lookupHttpsPort(port);
@@ -110,4 +105,5 @@ public final class HttpsRedirectWebFilter implements WebFilter {
 
 		return builder.scheme("https").build().toUri();
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/ui/LoginPageGeneratingWebFilter.java b/web/src/main/java/org/springframework/security/web/server/ui/LoginPageGeneratingWebFilter.java
index d13a8489bd..a20195ecab 100644
--- a/web/src/main/java/org/springframework/security/web/server/ui/LoginPageGeneratingWebFilter.java
+++ b/web/src/main/java/org/springframework/security/web/server/ui/LoginPageGeneratingWebFilter.java
@@ -45,8 +45,8 @@ import reactor.core.publisher.Mono;
  * @since 5.0
  */
 public class LoginPageGeneratingWebFilter implements WebFilter {
-	private ServerWebExchangeMatcher matcher = ServerWebExchangeMatchers
-		.pathMatchers(HttpMethod.GET, "/login");
+
+	private ServerWebExchangeMatcher matcher = ServerWebExchangeMatchers.pathMatchers(HttpMethod.GET, "/login");
 
 	private Map<String, String> oauth2AuthenticationUrlToClientName = new HashMap<>();
 
@@ -56,18 +56,15 @@ public class LoginPageGeneratingWebFilter implements WebFilter {
 		this.formLoginEnabled = enabled;
 	}
 
-	public void setOauth2AuthenticationUrlToClientName(
-			Map<String, String> oauth2AuthenticationUrlToClientName) {
+	public void setOauth2AuthenticationUrlToClientName(Map<String, String> oauth2AuthenticationUrlToClientName) {
 		Assert.notNull(oauth2AuthenticationUrlToClientName, "oauth2AuthenticationUrlToClientName cannot be null");
 		this.oauth2AuthenticationUrlToClientName = oauth2AuthenticationUrlToClientName;
 	}
 
 	@Override
 	public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
-		return this.matcher.matches(exchange)
-			.filter(ServerWebExchangeMatcher.MatchResult::isMatch)
-			.switchIfEmpty(chain.filter(exchange).then(Mono.empty()))
-			.flatMap(matchResult -> render(exchange));
+		return this.matcher.matches(exchange).filter(ServerWebExchangeMatcher.MatchResult::isMatch)
+				.switchIfEmpty(chain.filter(exchange).then(Mono.empty())).flatMap(matchResult -> render(exchange));
 	}
 
 	private Mono<Void> render(ServerWebExchange exchange) {
@@ -80,36 +77,26 @@ public class LoginPageGeneratingWebFilter implements WebFilter {
 	private Mono<DataBuffer> createBuffer(ServerWebExchange exchange) {
 
 		Mono<CsrfToken> token = exchange.getAttributeOrDefault(CsrfToken.class.getName(), Mono.empty());
-		return token
-			.map(LoginPageGeneratingWebFilter::csrfToken)
-			.defaultIfEmpty("")
-			.map(csrfTokenHtmlInput -> {
-				byte[] bytes = createPage(exchange, csrfTokenHtmlInput);
-				DataBufferFactory bufferFactory = exchange.getResponse().bufferFactory();
-				return bufferFactory.wrap(bytes);
-			});
+		return token.map(LoginPageGeneratingWebFilter::csrfToken).defaultIfEmpty("").map(csrfTokenHtmlInput -> {
+			byte[] bytes = createPage(exchange, csrfTokenHtmlInput);
+			DataBufferFactory bufferFactory = exchange.getResponse().bufferFactory();
+			return bufferFactory.wrap(bytes);
+		});
 	}
 
 	private byte[] createPage(ServerWebExchange exchange, String csrfTokenHtmlInput) {
-		MultiValueMap<String, String> queryParams = exchange.getRequest()
-				.getQueryParams();
+		MultiValueMap<String, String> queryParams = exchange.getRequest().getQueryParams();
 		String contextPath = exchange.getRequest().getPath().contextPath().value();
-		String page = "<!DOCTYPE html>\n" + "<html lang=\"en\">\n" + "  <head>\n"
-				+ "    <meta charset=\"utf-8\">\n"
+		String page = "<!DOCTYPE html>\n" + "<html lang=\"en\">\n" + "  <head>\n" + "    <meta charset=\"utf-8\">\n"
 				+ "    <meta name=\"viewport\" content=\"width=device-width, initial-scale=1, shrink-to-fit=no\">\n"
-				+ "    <meta name=\"description\" content=\"\">\n"
-				+ "    <meta name=\"author\" content=\"\">\n"
+				+ "    <meta name=\"description\" content=\"\">\n" + "    <meta name=\"author\" content=\"\">\n"
 				+ "    <title>Please sign in</title>\n"
 				+ "    <link href=\"https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-/Y6pD6FV/Vv2HJnA6t+vslU6fwYXjCFtcEpHbNJ0lyAFsXTsjBbfaDjzALeQsN6M\" crossorigin=\"anonymous\">\n"
 				+ "    <link href=\"https://getbootstrap.com/docs/4.0/examples/signin/signin.css\" rel=\"stylesheet\" crossorigin=\"anonymous\"/>\n"
-				+ "  </head>\n"
-				+ "  <body>\n"
-				+ "     <div class=\"container\">\n"
+				+ "  </head>\n" + "  <body>\n" + "     <div class=\"container\">\n"
 				+ formLogin(queryParams, contextPath, csrfTokenHtmlInput)
-				+ oauth2LoginLinks(queryParams, contextPath, this.oauth2AuthenticationUrlToClientName)
-				+ "    </div>\n"
-				+ "  </body>\n"
-				+ "</html>";
+				+ oauth2LoginLinks(queryParams, contextPath, this.oauth2AuthenticationUrlToClientName) + "    </div>\n"
+				+ "  </body>\n" + "</html>";
 
 		return page.getBytes(Charset.defaultCharset());
 	}
@@ -121,10 +108,8 @@ public class LoginPageGeneratingWebFilter implements WebFilter {
 		boolean isError = queryParams.containsKey("error");
 		boolean isLogoutSuccess = queryParams.containsKey("logout");
 		return "      <form class=\"form-signin\" method=\"post\" action=\"" + contextPath + "/login\">\n"
-				+ "        <h2 class=\"form-signin-heading\">Please sign in</h2>\n"
-				+ createError(isError)
-				+ createLogoutSuccess(isLogoutSuccess)
-				+ "        <p>\n"
+				+ "        <h2 class=\"form-signin-heading\">Please sign in</h2>\n" + createError(isError)
+				+ createLogoutSuccess(isLogoutSuccess) + "        <p>\n"
 				+ "          <label for=\"username\" class=\"sr-only\">Username</label>\n"
 				+ "          <input type=\"text\" id=\"username\" name=\"username\" class=\"form-control\" placeholder=\"Username\" required autofocus>\n"
 				+ "        </p>\n" + "        <p>\n"
@@ -135,7 +120,8 @@ public class LoginPageGeneratingWebFilter implements WebFilter {
 				+ "      </form>\n";
 	}
 
-	private static String oauth2LoginLinks(MultiValueMap<String, String> queryParams, String contextPath, Map<String, String> oauth2AuthenticationUrlToClientName) {
+	private static String oauth2LoginLinks(MultiValueMap<String, String> queryParams, String contextPath,
+			Map<String, String> oauth2AuthenticationUrlToClientName) {
 		if (oauth2AuthenticationUrlToClientName.isEmpty()) {
 			return "";
 		}
@@ -144,7 +130,8 @@ public class LoginPageGeneratingWebFilter implements WebFilter {
 		sb.append("<div class=\"container\"><h2 class=\"form-signin-heading\">Login with OAuth 2.0</h2>");
 		sb.append(createError(isError));
 		sb.append("<table class=\"table table-striped\">\n");
-		for (Map.Entry<String, String> clientAuthenticationUrlToClientName : oauth2AuthenticationUrlToClientName.entrySet()) {
+		for (Map.Entry<String, String> clientAuthenticationUrlToClientName : oauth2AuthenticationUrlToClientName
+				.entrySet()) {
 			sb.append(" <tr><td>");
 			String url = clientAuthenticationUrlToClientName.getKey();
 			sb.append("<a href=\"").append(contextPath).append(url).append("\">");
@@ -158,7 +145,8 @@ public class LoginPageGeneratingWebFilter implements WebFilter {
 	}
 
 	private static String csrfToken(CsrfToken token) {
-		return "          <input type=\"hidden\" name=\"" + token.getParameterName() + "\" value=\"" + token.getToken() + "\">\n";
+		return "          <input type=\"hidden\" name=\"" + token.getParameterName() + "\" value=\"" + token.getToken()
+				+ "\">\n";
 	}
 
 	private static String createError(boolean isError) {
@@ -166,6 +154,8 @@ public class LoginPageGeneratingWebFilter implements WebFilter {
 	}
 
 	private static String createLogoutSuccess(boolean isLogoutSuccess) {
-		return isLogoutSuccess ? "<div class=\"alert alert-success\" role=\"alert\">You have been signed out</div>" : "";
+		return isLogoutSuccess ? "<div class=\"alert alert-success\" role=\"alert\">You have been signed out</div>"
+				: "";
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/ui/LogoutPageGeneratingWebFilter.java b/web/src/main/java/org/springframework/security/web/server/ui/LogoutPageGeneratingWebFilter.java
index 53b213ab03..376ba61907 100644
--- a/web/src/main/java/org/springframework/security/web/server/ui/LogoutPageGeneratingWebFilter.java
+++ b/web/src/main/java/org/springframework/security/web/server/ui/LogoutPageGeneratingWebFilter.java
@@ -39,15 +39,13 @@ import java.nio.charset.Charset;
  * @since 5.0
  */
 public class LogoutPageGeneratingWebFilter implements WebFilter {
-	private ServerWebExchangeMatcher matcher = ServerWebExchangeMatchers
-		.pathMatchers(HttpMethod.GET, "/logout");
+
+	private ServerWebExchangeMatcher matcher = ServerWebExchangeMatchers.pathMatchers(HttpMethod.GET, "/logout");
 
 	@Override
 	public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
-		return this.matcher.matches(exchange)
-			.filter(ServerWebExchangeMatcher.MatchResult::isMatch)
-			.switchIfEmpty(chain.filter(exchange).then(Mono.empty()))
-			.flatMap(matchResult -> render(exchange));
+		return this.matcher.matches(exchange).filter(ServerWebExchangeMatcher.MatchResult::isMatch)
+				.switchIfEmpty(chain.filter(exchange).then(Mono.empty())).flatMap(matchResult -> render(exchange));
 	}
 
 	private Mono<Void> render(ServerWebExchange exchange) {
@@ -55,48 +53,38 @@ public class LogoutPageGeneratingWebFilter implements WebFilter {
 		result.setStatusCode(HttpStatus.OK);
 		result.getHeaders().setContentType(MediaType.TEXT_HTML);
 		return result.writeWith(createBuffer(exchange));
-//			.doOnError( error -> DataBufferUtils.release(buffer));
+		// .doOnError( error -> DataBufferUtils.release(buffer));
 	}
 
 	private Mono<DataBuffer> createBuffer(ServerWebExchange exchange) {
 		Mono<CsrfToken> token = exchange.getAttributeOrDefault(CsrfToken.class.getName(), Mono.empty());
-		return token
-			.map(LogoutPageGeneratingWebFilter::csrfToken)
-			.defaultIfEmpty("")
-			.map(csrfTokenHtmlInput -> {
-				byte[] bytes = createPage(csrfTokenHtmlInput);
-				DataBufferFactory bufferFactory = exchange.getResponse().bufferFactory();
-				return bufferFactory.wrap(bytes);
-			});
+		return token.map(LogoutPageGeneratingWebFilter::csrfToken).defaultIfEmpty("").map(csrfTokenHtmlInput -> {
+			byte[] bytes = createPage(csrfTokenHtmlInput);
+			DataBufferFactory bufferFactory = exchange.getResponse().bufferFactory();
+			return bufferFactory.wrap(bytes);
+		});
 	}
 
 	private static byte[] createPage(String csrfTokenHtmlInput) {
-		String page =  "<!DOCTYPE html>\n"
-			+ "<html lang=\"en\">\n"
-			+ "  <head>\n"
-			+ "    <meta charset=\"utf-8\">\n"
-			+ "    <meta name=\"viewport\" content=\"width=device-width, initial-scale=1, shrink-to-fit=no\">\n"
-			+ "    <meta name=\"description\" content=\"\">\n"
-			+ "    <meta name=\"author\" content=\"\">\n"
-			+ "    <title>Confirm Log Out?</title>\n"
-			+ "    <link href=\"https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-/Y6pD6FV/Vv2HJnA6t+vslU6fwYXjCFtcEpHbNJ0lyAFsXTsjBbfaDjzALeQsN6M\" crossorigin=\"anonymous\">\n"
-			+ "    <link href=\"https://getbootstrap.com/docs/4.0/examples/signin/signin.css\" rel=\"stylesheet\" crossorigin=\"anonymous\"/>\n"
-			+ "  </head>\n"
-			+ "  <body>\n"
-			+ "     <div class=\"container\">\n"
-			+ "      <form class=\"form-signin\" method=\"post\" action=\"/logout\">\n"
-			+ "        <h2 class=\"form-signin-heading\">Are you sure you want to log out?</h2>\n"
-			+ csrfTokenHtmlInput
-			+ "        <button class=\"btn btn-lg btn-primary btn-block\" type=\"submit\">Log Out</button>\n"
-			+ "      </form>\n"
-			+ "    </div>\n"
-			+ "  </body>\n"
-			+ "</html>";
+		String page = "<!DOCTYPE html>\n" + "<html lang=\"en\">\n" + "  <head>\n" + "    <meta charset=\"utf-8\">\n"
+				+ "    <meta name=\"viewport\" content=\"width=device-width, initial-scale=1, shrink-to-fit=no\">\n"
+				+ "    <meta name=\"description\" content=\"\">\n" + "    <meta name=\"author\" content=\"\">\n"
+				+ "    <title>Confirm Log Out?</title>\n"
+				+ "    <link href=\"https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-/Y6pD6FV/Vv2HJnA6t+vslU6fwYXjCFtcEpHbNJ0lyAFsXTsjBbfaDjzALeQsN6M\" crossorigin=\"anonymous\">\n"
+				+ "    <link href=\"https://getbootstrap.com/docs/4.0/examples/signin/signin.css\" rel=\"stylesheet\" crossorigin=\"anonymous\"/>\n"
+				+ "  </head>\n" + "  <body>\n" + "     <div class=\"container\">\n"
+				+ "      <form class=\"form-signin\" method=\"post\" action=\"/logout\">\n"
+				+ "        <h2 class=\"form-signin-heading\">Are you sure you want to log out?</h2>\n"
+				+ csrfTokenHtmlInput
+				+ "        <button class=\"btn btn-lg btn-primary btn-block\" type=\"submit\">Log Out</button>\n"
+				+ "      </form>\n" + "    </div>\n" + "  </body>\n" + "</html>";
 
 		return page.getBytes(Charset.defaultCharset());
 	}
 
 	private static String csrfToken(CsrfToken token) {
-		return "          <input type=\"hidden\" name=\"" + token.getParameterName() + "\" value=\"" + token.getToken() + "\">\n";
+		return "          <input type=\"hidden\" name=\"" + token.getParameterName() + "\" value=\"" + token.getToken()
+				+ "\">\n";
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/util/matcher/AndServerWebExchangeMatcher.java b/web/src/main/java/org/springframework/security/web/server/util/matcher/AndServerWebExchangeMatcher.java
index afe0b5c12a..68cf0fa7d9 100644
--- a/web/src/main/java/org/springframework/security/web/server/util/matcher/AndServerWebExchangeMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/server/util/matcher/AndServerWebExchangeMatcher.java
@@ -29,13 +29,16 @@ import java.util.Map;
 
 /**
  * Matches if all the provided {@link ServerWebExchangeMatcher} match
+ *
  * @author Rob Winch
  * @author Mathieu Ouellet
  * @since 5.0
  * @see OrServerWebExchangeMatcher
  */
 public class AndServerWebExchangeMatcher implements ServerWebExchangeMatcher {
+
 	private static final Log logger = LogFactory.getLog(AndServerWebExchangeMatcher.class);
+
 	private final List<ServerWebExchangeMatcher> matchers;
 
 	public AndServerWebExchangeMatcher(List<ServerWebExchangeMatcher> matchers) {
@@ -47,35 +50,34 @@ public class AndServerWebExchangeMatcher implements ServerWebExchangeMatcher {
 		this(Arrays.asList(matchers));
 	}
 
-	/* (non-Javadoc)
-	 * @see org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher#matches(org.springframework.web.server.ServerWebExchange)
+	/*
+	 * (non-Javadoc)
+	 *
+	 * @see org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher#
+	 * matches(org.springframework.web.server.ServerWebExchange)
 	 */
 	@Override
 	public Mono<MatchResult> matches(ServerWebExchange exchange) {
 		return Mono.defer(() -> {
 			Map<String, Object> variables = new HashMap<>();
-			return Flux.fromIterable(matchers)
-				.doOnNext(it -> {
-					if (logger.isDebugEnabled()) {
-						logger.debug("Trying to match using " + it);
-					}
-				})
-				.flatMap(matcher -> matcher.matches(exchange))
-				.doOnNext(matchResult -> variables.putAll(matchResult.getVariables()))
-				.all(MatchResult::isMatch)
-				.flatMap(allMatch -> allMatch ? MatchResult.match(variables) : MatchResult.notMatch())
-				.doOnNext(it -> {
-					if (logger.isDebugEnabled()) {
-						logger.debug(it.isMatch() ? "All requestMatchers returned true" : "Did not match");
-					}
-				});
+			return Flux.fromIterable(matchers).doOnNext(it -> {
+				if (logger.isDebugEnabled()) {
+					logger.debug("Trying to match using " + it);
+				}
+			}).flatMap(matcher -> matcher.matches(exchange))
+					.doOnNext(matchResult -> variables.putAll(matchResult.getVariables())).all(MatchResult::isMatch)
+					.flatMap(allMatch -> allMatch ? MatchResult.match(variables) : MatchResult.notMatch())
+					.doOnNext(it -> {
+						if (logger.isDebugEnabled()) {
+							logger.debug(it.isMatch() ? "All requestMatchers returned true" : "Did not match");
+						}
+					});
 		});
 	}
 
 	@Override
 	public String toString() {
-		return "AndServerWebExchangeMatcher{" +
-				"matchers=" + matchers +
-				'}';
+		return "AndServerWebExchangeMatcher{" + "matchers=" + matchers + '}';
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/util/matcher/MediaTypeServerWebExchangeMatcher.java b/web/src/main/java/org/springframework/security/web/server/util/matcher/MediaTypeServerWebExchangeMatcher.java
index 85db335660..8acdddf6eb 100644
--- a/web/src/main/java/org/springframework/security/web/server/util/matcher/MediaTypeServerWebExchangeMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/server/util/matcher/MediaTypeServerWebExchangeMatcher.java
@@ -40,10 +40,13 @@ import org.springframework.web.server.ServerWebExchange;
  * @since 5.0
  */
 public class MediaTypeServerWebExchangeMatcher implements ServerWebExchangeMatcher {
+
 	private final Log logger = LogFactory.getLog(getClass());
 
 	private final Collection<MediaType> matchingMediaTypes;
+
 	private boolean useEquals;
+
 	private Set<MediaType> ignoredMediaTypes = Collections.emptySet();
 
 	/**
@@ -62,7 +65,8 @@ public class MediaTypeServerWebExchangeMatcher implements ServerWebExchangeMatch
 	 */
 	public MediaTypeServerWebExchangeMatcher(Collection<MediaType> matchingMediaTypes) {
 		Assert.notEmpty(matchingMediaTypes, "matchingMediaTypes cannot be null");
-		Assert.isTrue(!matchingMediaTypes.contains(null), () -> "matchingMediaTypes cannot contain null. Got " + matchingMediaTypes);
+		Assert.isTrue(!matchingMediaTypes.contains(null),
+				() -> "matchingMediaTypes cannot contain null. Got " + matchingMediaTypes);
 		this.matchingMediaTypes = matchingMediaTypes;
 	}
 
@@ -88,17 +92,15 @@ public class MediaTypeServerWebExchangeMatcher implements ServerWebExchangeMatch
 				continue;
 			}
 			if (this.useEquals) {
-				boolean isEqualTo = this.matchingMediaTypes
-					.contains(httpRequestMediaType);
+				boolean isEqualTo = this.matchingMediaTypes.contains(httpRequestMediaType);
 				this.logger.debug("isEqualTo " + isEqualTo);
 				return isEqualTo ? MatchResult.match() : MatchResult.notMatch();
 			}
 			for (MediaType matchingMediaType : this.matchingMediaTypes) {
-				boolean isCompatibleWith = matchingMediaType
-					.isCompatibleWith(httpRequestMediaType);
+				boolean isCompatibleWith = matchingMediaType.isCompatibleWith(httpRequestMediaType);
 				if (this.logger.isDebugEnabled()) {
-					this.logger.debug(matchingMediaType + " .isCompatibleWith "
-						+ httpRequestMediaType + " = " + isCompatibleWith);
+					this.logger.debug(matchingMediaType + " .isCompatibleWith " + httpRequestMediaType + " = "
+							+ isCompatibleWith);
 				}
 				if (isCompatibleWith) {
 					return MatchResult.match();
@@ -109,7 +111,6 @@ public class MediaTypeServerWebExchangeMatcher implements ServerWebExchangeMatch
 		return MatchResult.notMatch();
 	}
 
-
 	private boolean shouldIgnore(MediaType httpRequestMediaType) {
 		for (MediaType ignoredMediaType : this.ignoredMediaTypes) {
 			if (httpRequestMediaType.includes(ignoredMediaType)) {
@@ -122,7 +123,6 @@ public class MediaTypeServerWebExchangeMatcher implements ServerWebExchangeMatch
 	/**
 	 * If set to true, matches on exact {@link MediaType}, else uses
 	 * {@link MediaType#isCompatibleWith(MediaType)}.
-	 *
 	 * @param useEquals specify if equals comparison should be used.
 	 */
 	public void setUseEquals(boolean useEquals) {
@@ -133,7 +133,6 @@ public class MediaTypeServerWebExchangeMatcher implements ServerWebExchangeMatch
 	 * Set the {@link MediaType} to ignore from the {@link ContentNegotiationStrategy}.
 	 * This is useful if for example, you want to match on
 	 * {@link MediaType#APPLICATION_JSON} but want to ignore {@link MediaType#ALL}.
-	 *
 	 * @param ignoredMediaTypes the {@link MediaType}'s to ignore from the
 	 * {@link ContentNegotiationStrategy}
 	 */
@@ -150,14 +149,14 @@ public class MediaTypeServerWebExchangeMatcher implements ServerWebExchangeMatch
 		catch (InvalidMediaTypeException ex) {
 			String value = exchange.getRequest().getHeaders().getFirst("Accept");
 			throw new NotAcceptableStatusException(
-				"Could not parse 'Accept' header [" + value + "]: " + ex.getMessage());
+					"Could not parse 'Accept' header [" + value + "]: " + ex.getMessage());
 		}
 	}
 
 	@Override
 	public String toString() {
-		return "MediaTypeRequestMatcher [matchingMediaTypes="
-			+ this.matchingMediaTypes + ", useEquals=" + this.useEquals
-			+ ", ignoredMediaTypes=" + this.ignoredMediaTypes + "]";
+		return "MediaTypeRequestMatcher [matchingMediaTypes=" + this.matchingMediaTypes + ", useEquals="
+				+ this.useEquals + ", ignoredMediaTypes=" + this.ignoredMediaTypes + "]";
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/util/matcher/NegatedServerWebExchangeMatcher.java b/web/src/main/java/org/springframework/security/web/server/util/matcher/NegatedServerWebExchangeMatcher.java
index 8e3f6d70ba..4ed17c2a40 100644
--- a/web/src/main/java/org/springframework/security/web/server/util/matcher/NegatedServerWebExchangeMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/server/util/matcher/NegatedServerWebExchangeMatcher.java
@@ -22,14 +22,17 @@ import org.springframework.web.server.ServerWebExchange;
 import reactor.core.publisher.Mono;
 
 /**
- * Negates the provided matcher. If the provided matcher returns true, then the result will be false. If the provided
- * matcher returns false, then the result will be true.
+ * Negates the provided matcher. If the provided matcher returns true, then the result
+ * will be false. If the provided matcher returns false, then the result will be true.
+ *
  * @author Tao Qian
  * @author Mathieu Ouellet
  * @since 5.1
  */
 public class NegatedServerWebExchangeMatcher implements ServerWebExchangeMatcher {
+
 	private static final Log logger = LogFactory.getLog(NegatedServerWebExchangeMatcher.class);
+
 	private final ServerWebExchangeMatcher matcher;
 
 	public NegatedServerWebExchangeMatcher(ServerWebExchangeMatcher matcher) {
@@ -37,24 +40,25 @@ public class NegatedServerWebExchangeMatcher implements ServerWebExchangeMatcher
 		this.matcher = matcher;
 	}
 
-	/* (non-Javadoc)
-	 * @see org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher#matches(org.springframework.web.server.ServerWebExchange)
+	/*
+	 * (non-Javadoc)
+	 *
+	 * @see org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher#
+	 * matches(org.springframework.web.server.ServerWebExchange)
 	 */
 	@Override
 	public Mono<MatchResult> matches(ServerWebExchange exchange) {
-		return matcher.matches(exchange)
-			.flatMap(m -> m.isMatch() ? MatchResult.notMatch() : MatchResult.match())
-			.doOnNext(it -> {
-				if (logger.isDebugEnabled()) {
-					logger.debug("matches = " + it.isMatch());
-				}
-			});
+		return matcher.matches(exchange).flatMap(m -> m.isMatch() ? MatchResult.notMatch() : MatchResult.match())
+				.doOnNext(it -> {
+					if (logger.isDebugEnabled()) {
+						logger.debug("matches = " + it.isMatch());
+					}
+				});
 	}
 
 	@Override
 	public String toString() {
-		return "NegatedServerWebExchangeMatcher{" +
-				"matcher=" + matcher +
-				'}';
+		return "NegatedServerWebExchangeMatcher{" + "matcher=" + matcher + '}';
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/util/matcher/OrServerWebExchangeMatcher.java b/web/src/main/java/org/springframework/security/web/server/util/matcher/OrServerWebExchangeMatcher.java
index 0d5976f0a7..3ecaf5106b 100644
--- a/web/src/main/java/org/springframework/security/web/server/util/matcher/OrServerWebExchangeMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/server/util/matcher/OrServerWebExchangeMatcher.java
@@ -27,13 +27,16 @@ import reactor.core.publisher.Mono;
 
 /**
  * Matches if any of the provided {@link ServerWebExchangeMatcher} match
+ *
  * @author Rob Winch
  * @author Mathieu Ouellet
  * @since 5.0
  * @see AndServerWebExchangeMatcher
  */
 public class OrServerWebExchangeMatcher implements ServerWebExchangeMatcher {
+
 	private static final Log logger = LogFactory.getLog(OrServerWebExchangeMatcher.class);
+
 	private final List<ServerWebExchangeMatcher> matchers;
 
 	public OrServerWebExchangeMatcher(List<ServerWebExchangeMatcher> matchers) {
@@ -41,37 +44,33 @@ public class OrServerWebExchangeMatcher implements ServerWebExchangeMatcher {
 		this.matchers = matchers;
 	}
 
-
 	public OrServerWebExchangeMatcher(ServerWebExchangeMatcher... matchers) {
 		this(Arrays.asList(matchers));
 	}
 
-	/* (non-Javadoc)
-	 * @see org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher#matches(org.springframework.web.server.ServerWebExchange)
+	/*
+	 * (non-Javadoc)
+	 *
+	 * @see org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher#
+	 * matches(org.springframework.web.server.ServerWebExchange)
 	 */
 	@Override
 	public Mono<MatchResult> matches(ServerWebExchange exchange) {
-		return Flux.fromIterable(matchers)
-			.doOnNext(it -> {
-				if (logger.isDebugEnabled()) {
-					logger.debug("Trying to match using " + it);
-				}
-			})
-			.flatMap(m -> m.matches(exchange))
-			.filter(MatchResult::isMatch)
-			.next()
-			.switchIfEmpty(MatchResult.notMatch())
-			.doOnNext(it -> {
-				if (logger.isDebugEnabled()) {
-					logger.debug(it.isMatch() ? "matched" : "No matches found");
-				}
-			});
+		return Flux.fromIterable(matchers).doOnNext(it -> {
+			if (logger.isDebugEnabled()) {
+				logger.debug("Trying to match using " + it);
+			}
+		}).flatMap(m -> m.matches(exchange)).filter(MatchResult::isMatch).next().switchIfEmpty(MatchResult.notMatch())
+				.doOnNext(it -> {
+					if (logger.isDebugEnabled()) {
+						logger.debug(it.isMatch() ? "matched" : "No matches found");
+					}
+				});
 	}
 
 	@Override
 	public String toString() {
-		return "OrServerWebExchangeMatcher{" +
-				"matchers=" + matchers +
-				'}';
+		return "OrServerWebExchangeMatcher{" + "matchers=" + matchers + '}';
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/util/matcher/PathPatternParserServerWebExchangeMatcher.java b/web/src/main/java/org/springframework/security/web/server/util/matcher/PathPatternParserServerWebExchangeMatcher.java
index 8c2c67687a..a4aedc8465 100644
--- a/web/src/main/java/org/springframework/security/web/server/util/matcher/PathPatternParserServerWebExchangeMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/server/util/matcher/PathPatternParserServerWebExchangeMatcher.java
@@ -31,15 +31,19 @@ import java.util.Map;
 
 /**
  * Matches if the {@link PathPattern} matches the path within the application.
+ *
  * @author Rob Winch
  * @author Mathieu Ouellet
  * @since 5.0
  */
 public final class PathPatternParserServerWebExchangeMatcher implements ServerWebExchangeMatcher {
+
 	private static final Log logger = LogFactory.getLog(PathPatternParserServerWebExchangeMatcher.class);
+
 	private static final PathPatternParser DEFAULT_PATTERN_PARSER = new PathPatternParser();
 
 	private final PathPattern pattern;
+
 	private final HttpMethod method;
 
 	public PathPatternParserServerWebExchangeMatcher(PathPattern pattern) {
@@ -67,40 +71,34 @@ public final class PathPatternParserServerWebExchangeMatcher implements ServerWe
 		ServerHttpRequest request = exchange.getRequest();
 		PathContainer path = request.getPath().pathWithinApplication();
 		if (this.method != null && !this.method.equals(request.getMethod())) {
-			return MatchResult.notMatch()
-				.doOnNext(result -> {
-					if (logger.isDebugEnabled()) {
-						logger.debug("Request '" + request.getMethod() + " " + path
-								+ "' doesn't match '" + this.method + " "
-								+ this.pattern.getPatternString() + "'");
-					}
+			return MatchResult.notMatch().doOnNext(result -> {
+				if (logger.isDebugEnabled()) {
+					logger.debug("Request '" + request.getMethod() + " " + path + "' doesn't match '" + this.method
+							+ " " + this.pattern.getPatternString() + "'");
+				}
 			});
 		}
 		boolean match = this.pattern.matches(path);
 		if (!match) {
-			return MatchResult.notMatch()
-				.doOnNext(result -> {
-					if (logger.isDebugEnabled()) {
-						logger.debug("Request '" + request.getMethod() + " " + path
-								+ "' doesn't match '" + this.method + " "
-								+ this.pattern.getPatternString() + "'");
-					}
-				});
+			return MatchResult.notMatch().doOnNext(result -> {
+				if (logger.isDebugEnabled()) {
+					logger.debug("Request '" + request.getMethod() + " " + path + "' doesn't match '" + this.method
+							+ " " + this.pattern.getPatternString() + "'");
+				}
+			});
 		}
 		Map<String, String> pathVariables = this.pattern.matchAndExtract(path).getUriVariables();
 		Map<String, Object> variables = new HashMap<>(pathVariables);
 		if (logger.isDebugEnabled()) {
-			logger.debug("Checking match of request : '" + path + "'; against '"
-					+ this.pattern.getPatternString() + "'");
+			logger.debug(
+					"Checking match of request : '" + path + "'; against '" + this.pattern.getPatternString() + "'");
 		}
 		return MatchResult.match(variables);
 	}
 
 	@Override
 	public String toString() {
-		return "PathMatcherServerWebExchangeMatcher{" +
-				"pattern='" + pattern + '\'' +
-				", method=" + method +
-				'}';
+		return "PathMatcherServerWebExchangeMatcher{" + "pattern='" + pattern + '\'' + ", method=" + method + '}';
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/util/matcher/ServerWebExchangeMatcher.java b/web/src/main/java/org/springframework/security/web/server/util/matcher/ServerWebExchangeMatcher.java
index 15033edb83..59d6c08018 100644
--- a/web/src/main/java/org/springframework/security/web/server/util/matcher/ServerWebExchangeMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/server/util/matcher/ServerWebExchangeMatcher.java
@@ -23,6 +23,7 @@ import reactor.core.publisher.Mono;
 
 /**
  * An interface for determining if a {@link ServerWebExchangeMatcher} matches.
+ *
  * @author Rob Winch
  * @since 5.0
  */
@@ -39,7 +40,9 @@ public interface ServerWebExchangeMatcher {
 	 * The result of matching
 	 */
 	class MatchResult {
+
 		private final boolean match;
+
 		private final Map<String, Object> variables;
 
 		private MatchResult(boolean match, Map<String, Object> variables) {
@@ -69,7 +72,8 @@ public interface ServerWebExchangeMatcher {
 
 		/**
 		 *
-		 * Creates an instance of {@link MatchResult} that is a match with the specified variables
+		 * Creates an instance of {@link MatchResult} that is a match with the specified
+		 * variables
 		 * @param variables
 		 * @return
 		 */
@@ -84,5 +88,7 @@ public interface ServerWebExchangeMatcher {
 		public static Mono<MatchResult> notMatch() {
 			return Mono.just(new MatchResult(false, Collections.emptyMap()));
 		}
+
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/util/matcher/ServerWebExchangeMatcherEntry.java b/web/src/main/java/org/springframework/security/web/server/util/matcher/ServerWebExchangeMatcherEntry.java
index 8d4ed47270..56accfa5fd 100644
--- a/web/src/main/java/org/springframework/security/web/server/util/matcher/ServerWebExchangeMatcherEntry.java
+++ b/web/src/main/java/org/springframework/security/web/server/util/matcher/ServerWebExchangeMatcherEntry.java
@@ -18,11 +18,14 @@ package org.springframework.security.web.server.util.matcher;
 
 /**
  * A rich object for associating a {@link ServerWebExchangeMatcher} to another object.
+ *
  * @author Rob Winch
  * @since 5.0
  */
 public class ServerWebExchangeMatcherEntry<T> {
+
 	private final ServerWebExchangeMatcher matcher;
+
 	private final T entry;
 
 	public ServerWebExchangeMatcherEntry(ServerWebExchangeMatcher matcher, T entry) {
@@ -37,4 +40,5 @@ public class ServerWebExchangeMatcherEntry<T> {
 	public T getEntry() {
 		return entry;
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/util/matcher/ServerWebExchangeMatchers.java b/web/src/main/java/org/springframework/security/web/server/util/matcher/ServerWebExchangeMatchers.java
index 7b0ec7da59..b4e105837a 100644
--- a/web/src/main/java/org/springframework/security/web/server/util/matcher/ServerWebExchangeMatchers.java
+++ b/web/src/main/java/org/springframework/security/web/server/util/matcher/ServerWebExchangeMatchers.java
@@ -24,13 +24,15 @@ import java.util.List;
 
 /**
  * Provides factory methods for creating common {@link ServerWebExchangeMatcher}
+ *
  * @author Rob Winch
  * @since 5.0
  */
 public abstract class ServerWebExchangeMatchers {
 
 	/**
-	 * Creates a matcher that matches on the specific method and any of the provided patterns.
+	 * Creates a matcher that matches on the specific method and any of the provided
+	 * patterns.
 	 * @param method the method to match on. If null, any method will be matched
 	 * @param patterns the patterns to match on
 	 * @return the matcher to use
@@ -68,7 +70,8 @@ public abstract class ServerWebExchangeMatchers {
 	@SuppressWarnings("Convert2Lambda")
 	public static ServerWebExchangeMatcher anyExchange() {
 		// we don't use a lambda to ensure a unique equals and hashcode
-		// which otherwise can cause problems with adding multiple entries to an ordered LinkedHashMap
+		// which otherwise can cause problems with adding multiple entries to an ordered
+		// LinkedHashMap
 		return new ServerWebExchangeMatcher() {
 			@Override
 			public Mono<MatchResult> matches(ServerWebExchange exchange) {
@@ -79,4 +82,5 @@ public abstract class ServerWebExchangeMatchers {
 
 	private ServerWebExchangeMatchers() {
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/servlet/support/csrf/CsrfRequestDataValueProcessor.java b/web/src/main/java/org/springframework/security/web/servlet/support/csrf/CsrfRequestDataValueProcessor.java
index 2daa54e9c7..0782757970 100644
--- a/web/src/main/java/org/springframework/security/web/servlet/support/csrf/CsrfRequestDataValueProcessor.java
+++ b/web/src/main/java/org/springframework/security/web/servlet/support/csrf/CsrfRequestDataValueProcessor.java
@@ -33,8 +33,8 @@ import org.springframework.web.servlet.support.RequestDataValueProcessor;
  * @since 3.2
  */
 public final class CsrfRequestDataValueProcessor implements RequestDataValueProcessor {
-	private Pattern DISABLE_CSRF_TOKEN_PATTERN = Pattern
-			.compile("(?i)^(GET|HEAD|TRACE|OPTIONS)$");
+
+	private Pattern DISABLE_CSRF_TOKEN_PATTERN = Pattern.compile("(?i)^(GET|HEAD|TRACE|OPTIONS)$");
 
 	private String DISABLE_CSRF_TOKEN_ATTR = "DISABLE_CSRF_TOKEN_ATTR";
 
@@ -52,8 +52,7 @@ public final class CsrfRequestDataValueProcessor implements RequestDataValueProc
 		return action;
 	}
 
-	public String processFormFieldValue(HttpServletRequest request, String name,
-			String value, String type) {
+	public String processFormFieldValue(HttpServletRequest request, String name, String value, String type) {
 		return value;
 	}
 
@@ -75,4 +74,5 @@ public final class CsrfRequestDataValueProcessor implements RequestDataValueProc
 	public String processUrl(HttpServletRequest request, String url) {
 		return url;
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/servlet/util/matcher/MvcRequestMatcher.java b/web/src/main/java/org/springframework/security/web/servlet/util/matcher/MvcRequestMatcher.java
index 7a667df589..55f0ecd699 100644
--- a/web/src/main/java/org/springframework/security/web/servlet/util/matcher/MvcRequestMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/servlet/util/matcher/MvcRequestMatcher.java
@@ -50,8 +50,11 @@ public class MvcRequestMatcher implements RequestMatcher, RequestVariablesExtrac
 	private final DefaultMatcher defaultMatcher = new DefaultMatcher();
 
 	private final HandlerMappingIntrospector introspector;
+
 	private final String pattern;
+
 	private HttpMethod method;
+
 	private String servletPath;
 
 	public MvcRequestMatcher(HandlerMappingIntrospector introspector, String pattern) {
@@ -64,8 +67,7 @@ public class MvcRequestMatcher implements RequestMatcher, RequestVariablesExtrac
 		if (this.method != null && !this.method.name().equals(request.getMethod())) {
 			return false;
 		}
-		if (this.servletPath != null
-				&& !this.servletPath.equals(request.getServletPath())) {
+		if (this.servletPath != null && !this.servletPath.equals(request.getServletPath())) {
 			return false;
 		}
 		MatchableHandlerMapping mapping = getMapping(request);
@@ -104,8 +106,7 @@ public class MvcRequestMatcher implements RequestMatcher, RequestVariablesExtrac
 			return this.defaultMatcher.matcher(request);
 		}
 		RequestMatchResult result = mapping.match(request, this.pattern);
-		return result == null ? MatchResult.notMatch()
-				: MatchResult.match(result.extractUriTemplateVariables());
+		return result == null ? MatchResult.notMatch() : MatchResult.match(result.extractUriTemplateVariables());
 	}
 
 	/**
@@ -118,7 +119,6 @@ public class MvcRequestMatcher implements RequestMatcher, RequestVariablesExtrac
 	/**
 	 * The servlet path to match on. The default is undefined which means any servlet
 	 * path.
-	 *
 	 * @param servletPath the servletPath to set
 	 */
 	public void setServletPath(String servletPath) {
@@ -167,11 +167,13 @@ public class MvcRequestMatcher implements RequestMatcher, RequestVariablesExtrac
 		public MatchResult matcher(HttpServletRequest request) {
 			String lookupPath = this.pathHelper.getLookupPathForRequest(request);
 			if (matches(lookupPath)) {
-				Map<String, String> variables = this.pathMatcher.extractUriTemplateVariables(
-						MvcRequestMatcher.this.pattern, lookupPath);
+				Map<String, String> variables = this.pathMatcher
+						.extractUriTemplateVariables(MvcRequestMatcher.this.pattern, lookupPath);
 				return MatchResult.match(variables);
 			}
 			return MatchResult.notMatch();
 		}
+
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/servletapi/HttpServlet3RequestFactory.java b/web/src/main/java/org/springframework/security/web/servletapi/HttpServlet3RequestFactory.java
index 1602016b20..1fcd137bbf 100644
--- a/web/src/main/java/org/springframework/security/web/servletapi/HttpServlet3RequestFactory.java
+++ b/web/src/main/java/org/springframework/security/web/servletapi/HttpServlet3RequestFactory.java
@@ -67,18 +67,22 @@ import org.springframework.util.CollectionUtils;
  * </ul>
  *
  * @author Rob Winch
- *
  * @see SecurityContextHolderAwareRequestFilter
  * @see Servlet3SecurityContextHolderAwareRequestWrapper
  * @see SecurityContextAsyncContext
  */
 final class HttpServlet3RequestFactory implements HttpServletRequestFactory {
+
 	private Log logger = LogFactory.getLog(getClass());
 
 	private final String rolePrefix;
+
 	private AuthenticationTrustResolver trustResolver = new AuthenticationTrustResolverImpl();
+
 	private AuthenticationEntryPoint authenticationEntryPoint;
+
 	private AuthenticationManager authenticationManager;
+
 	private List<LogoutHandler> logoutHandlers;
 
 	HttpServlet3RequestFactory(String rolePrefix) {
@@ -102,8 +106,7 @@ final class HttpServlet3RequestFactory implements HttpServletRequestFactory {
 	 * is not authenticated.
 	 */
 
-	public void setAuthenticationEntryPoint(
-			AuthenticationEntryPoint authenticationEntryPoint) {
+	public void setAuthenticationEntryPoint(AuthenticationEntryPoint authenticationEntryPoint) {
 		this.authenticationEntryPoint = authenticationEntryPoint;
 	}
 
@@ -118,7 +121,6 @@ final class HttpServlet3RequestFactory implements HttpServletRequestFactory {
 	 * If the value is null (default), then the default container behavior will be
 	 * retained when invoking {@link HttpServletRequest#login(String, String)}.
 	 * </p>
-	 *
 	 * @param authenticationManager the {@link AuthenticationManager} to use when invoking
 	 * {@link HttpServletRequest#login(String, String)}
 	 */
@@ -138,7 +140,6 @@ final class HttpServlet3RequestFactory implements HttpServletRequestFactory {
 	 * If the value is null (default), the default container behavior will be retained
 	 * when invoking {@link HttpServletRequest#logout()}.
 	 * </p>
-	 *
 	 * @param logoutHandlers the {@link List<LogoutHandler>}s when invoking
 	 * {@link HttpServletRequest#logout()}.
 	 */
@@ -149,7 +150,6 @@ final class HttpServlet3RequestFactory implements HttpServletRequestFactory {
 	/**
 	 * Sets the {@link AuthenticationTrustResolver} to be used. The default is
 	 * {@link AuthenticationTrustResolverImpl}.
-	 *
 	 * @param trustResolver the {@link AuthenticationTrustResolver} to use. Cannot be
 	 * null.
 	 */
@@ -159,18 +159,15 @@ final class HttpServlet3RequestFactory implements HttpServletRequestFactory {
 	}
 
 	@Override
-	public HttpServletRequest create(HttpServletRequest request,
-			HttpServletResponse response) {
-		return new Servlet3SecurityContextHolderAwareRequestWrapper(request,
-				this.rolePrefix, response);
+	public HttpServletRequest create(HttpServletRequest request, HttpServletResponse response) {
+		return new Servlet3SecurityContextHolderAwareRequestWrapper(request, this.rolePrefix, response);
 	}
 
-	private class Servlet3SecurityContextHolderAwareRequestWrapper
-			extends SecurityContextHolderAwareRequestWrapper {
+	private class Servlet3SecurityContextHolderAwareRequestWrapper extends SecurityContextHolderAwareRequestWrapper {
+
 		private final HttpServletResponse response;
 
-		Servlet3SecurityContextHolderAwareRequestWrapper(
-				HttpServletRequest request, String rolePrefix,
+		Servlet3SecurityContextHolderAwareRequestWrapper(HttpServletRequest request, String rolePrefix,
 				HttpServletResponse response) {
 			super(request, HttpServlet3RequestFactory.this.trustResolver, rolePrefix);
 			this.response = response;
@@ -192,15 +189,14 @@ final class HttpServlet3RequestFactory implements HttpServletRequestFactory {
 		}
 
 		@Override
-		public AsyncContext startAsync(ServletRequest servletRequest,
-				ServletResponse servletResponse) throws IllegalStateException {
+		public AsyncContext startAsync(ServletRequest servletRequest, ServletResponse servletResponse)
+				throws IllegalStateException {
 			AsyncContext startAsync = super.startAsync(servletRequest, servletResponse);
 			return new SecurityContextAsyncContext(startAsync);
 		}
 
 		@Override
-		public boolean authenticate(HttpServletResponse response)
-				throws IOException, ServletException {
+		public boolean authenticate(HttpServletResponse response) throws IOException, ServletException {
 			AuthenticationEntryPoint entryPoint = HttpServlet3RequestFactory.this.authenticationEntryPoint;
 			if (entryPoint == null) {
 				HttpServlet3RequestFactory.this.logger.debug(
@@ -211,16 +207,15 @@ final class HttpServlet3RequestFactory implements HttpServletRequestFactory {
 				return true;
 			}
 			entryPoint.commence(this, response,
-					new AuthenticationCredentialsNotFoundException(
-							"User is not Authenticated"));
+					new AuthenticationCredentialsNotFoundException("User is not Authenticated"));
 			return false;
 		}
 
 		@Override
 		public void login(String username, String password) throws ServletException {
 			if (isAuthenticated()) {
-				throw new ServletException("Cannot perform login for '" + username
-						+ "' already authenticated as '" + getRemoteUser() + "'");
+				throw new ServletException("Cannot perform login for '" + username + "' already authenticated as '"
+						+ getRemoteUser() + "'");
 			}
 			AuthenticationManager authManager = HttpServlet3RequestFactory.this.authenticationManager;
 			if (authManager == null) {
@@ -231,8 +226,7 @@ final class HttpServlet3RequestFactory implements HttpServletRequestFactory {
 			}
 			Authentication authentication;
 			try {
-				authentication = authManager.authenticate(
-						new UsernamePasswordAuthenticationToken(username, password));
+				authentication = authManager.authenticate(new UsernamePasswordAuthenticationToken(username, password));
 			}
 			catch (AuthenticationException loginFailed) {
 				SecurityContextHolder.clearContext();
@@ -245,13 +239,12 @@ final class HttpServlet3RequestFactory implements HttpServletRequestFactory {
 		public void logout() throws ServletException {
 			List<LogoutHandler> handlers = HttpServlet3RequestFactory.this.logoutHandlers;
 			if (CollectionUtils.isEmpty(handlers)) {
-				HttpServlet3RequestFactory.this.logger.debug(
-						"logoutHandlers is null, so allowing original HttpServletRequest to handle logout");
+				HttpServlet3RequestFactory.this.logger
+						.debug("logoutHandlers is null, so allowing original HttpServletRequest to handle logout");
 				super.logout();
 				return;
 			}
-			Authentication authentication = SecurityContextHolder.getContext()
-					.getAuthentication();
+			Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
 			for (LogoutHandler handler : handlers) {
 				handler.logout(this, this.response, authentication);
 			}
@@ -261,9 +254,11 @@ final class HttpServlet3RequestFactory implements HttpServletRequestFactory {
 			Principal userPrincipal = getUserPrincipal();
 			return userPrincipal != null;
 		}
+
 	}
 
 	private static class SecurityContextAsyncContext implements AsyncContext {
+
 		private final AsyncContext asyncContext;
 
 		SecurityContextAsyncContext(AsyncContext asyncContext) {
@@ -316,14 +311,12 @@ final class HttpServlet3RequestFactory implements HttpServletRequestFactory {
 		}
 
 		@Override
-		public void addListener(AsyncListener listener, ServletRequest request,
-				ServletResponse response) {
+		public void addListener(AsyncListener listener, ServletRequest request, ServletResponse response) {
 			this.asyncContext.addListener(listener, request, response);
 		}
 
 		@Override
-		public <T extends AsyncListener> T createListener(Class<T> clazz)
-				throws ServletException {
+		public <T extends AsyncListener> T createListener(Class<T> clazz) throws ServletException {
 			return this.asyncContext.createListener(clazz);
 		}
 
@@ -336,5 +329,7 @@ final class HttpServlet3RequestFactory implements HttpServletRequestFactory {
 		public void setTimeout(long timeout) {
 			this.asyncContext.setTimeout(timeout);
 		}
+
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/servletapi/HttpServletRequestFactory.java b/web/src/main/java/org/springframework/security/web/servletapi/HttpServletRequestFactory.java
index 81a5d443e7..42c9c06425 100644
--- a/web/src/main/java/org/springframework/security/web/servletapi/HttpServletRequestFactory.java
+++ b/web/src/main/java/org/springframework/security/web/servletapi/HttpServletRequestFactory.java
@@ -35,4 +35,5 @@ interface HttpServletRequestFactory {
 	 * @return a non-null HttpServletRequest
 	 */
 	HttpServletRequest create(HttpServletRequest request, HttpServletResponse response);
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestFilter.java b/web/src/main/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestFilter.java
index 8df2d15bf8..2b7727daca 100644
--- a/web/src/main/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestFilter.java
+++ b/web/src/main/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestFilter.java
@@ -60,7 +60,6 @@ import org.springframework.web.filter.GenericFilterBean;
  * {@link Runnable}.</li>
  * </ul>
  *
- *
  * @author Orlando Garcia Carmona
  * @author Ben Alex
  * @author Luke Taylor
@@ -68,6 +67,7 @@ import org.springframework.web.filter.GenericFilterBean;
  * @author Eddú Meléndez
  */
 public class SecurityContextHolderAwareRequestFilter extends GenericFilterBean {
+
 	// ~ Instance fields
 	// ================================================================================================
 
@@ -104,13 +104,11 @@ public class SecurityContextHolderAwareRequestFilter extends GenericFilterBean {
 	 * retained when invoking {@link HttpServletRequest#authenticate(HttpServletResponse)}
 	 * .
 	 * </p>
-	 *
 	 * @param authenticationEntryPoint the {@link AuthenticationEntryPoint} to use when
 	 * invoking {@link HttpServletRequest#authenticate(HttpServletResponse)} if the user
 	 * is not authenticated.
 	 */
-	public void setAuthenticationEntryPoint(
-			AuthenticationEntryPoint authenticationEntryPoint) {
+	public void setAuthenticationEntryPoint(AuthenticationEntryPoint authenticationEntryPoint) {
 		this.authenticationEntryPoint = authenticationEntryPoint;
 	}
 
@@ -125,7 +123,6 @@ public class SecurityContextHolderAwareRequestFilter extends GenericFilterBean {
 	 * If the value is null (default), then the default container behavior will be
 	 * retained when invoking {@link HttpServletRequest#login(String, String)}.
 	 * </p>
-	 *
 	 * @param authenticationManager the {@link AuthenticationManager} to use when invoking
 	 * {@link HttpServletRequest#login(String, String)}
 	 */
@@ -145,7 +142,6 @@ public class SecurityContextHolderAwareRequestFilter extends GenericFilterBean {
 	 * If the value is null (default), the default container behavior will be retained
 	 * when invoking {@link HttpServletRequest#logout()}.
 	 * </p>
-	 *
 	 * @param logoutHandlers the {@code List&lt;LogoutHandler&gt;}s when invoking
 	 * {@link HttpServletRequest#logout()}.
 	 */
@@ -155,8 +151,7 @@ public class SecurityContextHolderAwareRequestFilter extends GenericFilterBean {
 
 	public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
 			throws IOException, ServletException {
-		chain.doFilter(this.requestFactory.create((HttpServletRequest) req,
-				(HttpServletResponse) res), res);
+		chain.doFilter(this.requestFactory.create((HttpServletRequest) req, (HttpServletResponse) res), res);
 	}
 
 	@Override
@@ -173,7 +168,6 @@ public class SecurityContextHolderAwareRequestFilter extends GenericFilterBean {
 	/**
 	 * Sets the {@link AuthenticationTrustResolver} to be used. The default is
 	 * {@link AuthenticationTrustResolverImpl}.
-	 *
 	 * @param trustResolver the {@link AuthenticationTrustResolver} to use. Cannot be
 	 * null.
 	 */
diff --git a/web/src/main/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestWrapper.java b/web/src/main/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestWrapper.java
index 041ebbabc1..339e491a45 100644
--- a/web/src/main/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestWrapper.java
+++ b/web/src/main/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestWrapper.java
@@ -42,13 +42,13 @@ import org.springframework.util.Assert;
  * </ul>
  *
  * @see SecurityContextHolderAwareRequestFilter
- *
  * @author Orlando Garcia Carmona
  * @author Ben Alex
  * @author Luke Taylor
  * @author Rob Winch
  */
 public class SecurityContextHolderAwareRequestWrapper extends HttpServletRequestWrapper {
+
 	// ~ Instance fields
 	// ================================================================================================
 
@@ -65,18 +65,15 @@ public class SecurityContextHolderAwareRequestWrapper extends HttpServletRequest
 
 	/**
 	 * Creates a new instance with {@link AuthenticationTrustResolverImpl}.
-	 *
 	 * @param request
 	 * @param rolePrefix
 	 */
-	public SecurityContextHolderAwareRequestWrapper(HttpServletRequest request,
-			String rolePrefix) {
+	public SecurityContextHolderAwareRequestWrapper(HttpServletRequest request, String rolePrefix) {
 		this(request, new AuthenticationTrustResolverImpl(), rolePrefix);
 	}
 
 	/**
 	 * Creates a new instance
-	 *
 	 * @param request the original {@link HttpServletRequest}
 	 * @param trustResolver the {@link AuthenticationTrustResolver} to use. Cannot be
 	 * null.
@@ -96,7 +93,6 @@ public class SecurityContextHolderAwareRequestWrapper extends HttpServletRequest
 
 	/**
 	 * Obtain the current active <code>Authentication</code>
-	 *
 	 * @return the authentication object or <code>null</code>
 	 */
 	private Authentication getAuthentication() {
@@ -113,7 +109,6 @@ public class SecurityContextHolderAwareRequestWrapper extends HttpServletRequest
 	 * Returns the principal's name, as obtained from the
 	 * <code>SecurityContextHolder</code>. Properly handles both <code>String</code>-based
 	 * and <code>UserDetails</code>-based principals.
-	 *
 	 * @return the username or <code>null</code> if unavailable
 	 */
 	@Override
@@ -134,7 +129,6 @@ public class SecurityContextHolderAwareRequestWrapper extends HttpServletRequest
 	/**
 	 * Returns the <code>Authentication</code> (which is a subclass of
 	 * <code>Principal</code>), or <code>null</code> if unavailable.
-	 *
 	 * @return the <code>Authentication</code>, or <code>null</code>
 	 */
 	@Override
@@ -181,10 +175,8 @@ public class SecurityContextHolderAwareRequestWrapper extends HttpServletRequest
 	 * Will always return <code>false</code> if the <code>SecurityContextHolder</code>
 	 * contains an <code>Authentication</code> with <code>null</code>
 	 * <code>principal</code> and/or <code>GrantedAuthority[]</code> objects.
-	 *
 	 * @param role the <code>GrantedAuthority</code><code>String</code> representation to
 	 * check for
-	 *
 	 * @return <code>true</code> if an <b>exact</b> (case sensitive) matching granted
 	 * authority is located, <code>false</code> otherwise
 	 */
@@ -197,4 +189,5 @@ public class SecurityContextHolderAwareRequestWrapper extends HttpServletRequest
 	public String toString() {
 		return "SecurityContextHolderAwareRequestWrapper[ " + getRequest() + "]";
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/servletapi/package-info.java b/web/src/main/java/org/springframework/security/web/servletapi/package-info.java
index b3c18f3553..b3a21724d8 100644
--- a/web/src/main/java/org/springframework/security/web/servletapi/package-info.java
+++ b/web/src/main/java/org/springframework/security/web/servletapi/package-info.java
@@ -14,9 +14,10 @@
  * limitations under the License.
  */
 /**
- * Populates a Servlet request with a new Spring Security compliant {@code HttpServletRequestWrapper}.
+ * Populates a Servlet request with a new Spring Security compliant
+ * {@code HttpServletRequestWrapper}.
  * <p>
- * To use, simply add the {@code SecurityContextHolderAwareRequestFilter} to the Spring Security filter chain.
+ * To use, simply add the {@code SecurityContextHolderAwareRequestFilter} to the Spring
+ * Security filter chain.
  */
 package org.springframework.security.web.servletapi;
-
diff --git a/web/src/main/java/org/springframework/security/web/session/ConcurrentSessionFilter.java b/web/src/main/java/org/springframework/security/web/session/ConcurrentSessionFilter.java
index 46d9b9d16f..b8058b1627 100644
--- a/web/src/main/java/org/springframework/security/web/session/ConcurrentSessionFilter.java
+++ b/web/src/main/java/org/springframework/security/web/session/ConcurrentSessionFilter.java
@@ -51,9 +51,9 @@ import org.springframework.web.filter.GenericFilterBean;
  * as expired. If it has been marked as expired, the configured logout handlers will be
  * called (as happens with
  * {@link org.springframework.security.web.authentication.logout.LogoutFilter}), typically
- * to invalidate the session. To handle the expired session a call to the {@link SessionInformationExpiredStrategy} is made.
- * The session invalidation will cause an
- * {@link org.springframework.security.web.session.HttpSessionDestroyedEvent} to be
+ * to invalidate the session. To handle the expired session a call to the
+ * {@link SessionInformationExpiredStrategy} is made. The session invalidation will cause
+ * an {@link org.springframework.security.web.session.HttpSessionDestroyedEvent} to be
  * published via the
  * {@link org.springframework.security.web.session.HttpSessionEventPublisher} registered
  * in <code>web.xml</code>.
@@ -70,9 +70,13 @@ public class ConcurrentSessionFilter extends GenericFilterBean {
 	// ================================================================================================
 
 	private final SessionRegistry sessionRegistry;
+
 	private String expiredUrl;
+
 	private RedirectStrategy redirectStrategy;
+
 	private LogoutHandler handlers = new CompositeLogoutHandler(new SecurityContextLogoutHandler());
+
 	private SessionInformationExpiredStrategy sessionInformationExpiredStrategy;
 
 	// ~ Methods
@@ -86,10 +90,11 @@ public class ConcurrentSessionFilter extends GenericFilterBean {
 
 	/**
 	 * Creates a new instance
-	 *
 	 * @param sessionRegistry the SessionRegistry to use
 	 * @param expiredUrl the URL to redirect to
-	 * @deprecated use {@link #ConcurrentSessionFilter(SessionRegistry, SessionInformationExpiredStrategy)} with {@link SimpleRedirectSessionInformationExpiredStrategy} instead.
+	 * @deprecated use
+	 * {@link #ConcurrentSessionFilter(SessionRegistry, SessionInformationExpiredStrategy)}
+	 * with {@link SimpleRedirectSessionInformationExpiredStrategy} instead.
 	 */
 	@Deprecated
 	public ConcurrentSessionFilter(SessionRegistry sessionRegistry, String expiredUrl) {
@@ -107,7 +112,8 @@ public class ConcurrentSessionFilter extends GenericFilterBean {
 		};
 	}
 
-	public ConcurrentSessionFilter(SessionRegistry sessionRegistry, SessionInformationExpiredStrategy sessionInformationExpiredStrategy) {
+	public ConcurrentSessionFilter(SessionRegistry sessionRegistry,
+			SessionInformationExpiredStrategy sessionInformationExpiredStrategy) {
 		Assert.notNull(sessionRegistry, "sessionRegistry required");
 		Assert.notNull(sessionInformationExpiredStrategy, "sessionInformationExpiredStrategy cannot be null");
 		this.sessionRegistry = sessionRegistry;
@@ -127,19 +133,18 @@ public class ConcurrentSessionFilter extends GenericFilterBean {
 		HttpSession session = request.getSession(false);
 
 		if (session != null) {
-			SessionInformation info = sessionRegistry.getSessionInformation(session
-					.getId());
+			SessionInformation info = sessionRegistry.getSessionInformation(session.getId());
 
 			if (info != null) {
 				if (info.isExpired()) {
 					// Expired - abort processing
 					if (logger.isDebugEnabled()) {
-						logger.debug("Requested session ID "
-								+ request.getRequestedSessionId() + " has expired.");
+						logger.debug("Requested session ID " + request.getRequestedSessionId() + " has expired.");
 					}
 					doLogout(request, response);
 
-					this.sessionInformationExpiredStrategy.onExpiredSessionDetected(new SessionInformationExpiredEvent(info, request, response));
+					this.sessionInformationExpiredStrategy
+							.onExpiredSessionDetected(new SessionInformationExpiredEvent(info, request, response));
 					return;
 				}
 				else {
@@ -157,11 +162,12 @@ public class ConcurrentSessionFilter extends GenericFilterBean {
 	 * @param request the HttpServletRequest
 	 * @param info the {@link SessionInformation}
 	 * @return the URL for expiration
-	 * @deprecated Use {@link #ConcurrentSessionFilter(SessionRegistry, SessionInformationExpiredStrategy)} instead.
+	 * @deprecated Use
+	 * {@link #ConcurrentSessionFilter(SessionRegistry, SessionInformationExpiredStrategy)}
+	 * instead.
 	 */
 	@Deprecated
-	protected String determineExpiredUrl(HttpServletRequest request,
-			SessionInformation info) {
+	protected String determineExpiredUrl(HttpServletRequest request, SessionInformation info) {
 		return expiredUrl;
 	}
 
@@ -177,7 +183,6 @@ public class ConcurrentSessionFilter extends GenericFilterBean {
 
 	/**
 	 * Set list of {@link LogoutHandler}
-	 *
 	 * @param handlers list of {@link LogoutHandler}
 	 * @since 5.2.0
 	 */
@@ -186,9 +191,12 @@ public class ConcurrentSessionFilter extends GenericFilterBean {
 	}
 
 	/**
-	 * Sets the {@link RedirectStrategy} used with {@link #ConcurrentSessionFilter(SessionRegistry, String)}
+	 * Sets the {@link RedirectStrategy} used with
+	 * {@link #ConcurrentSessionFilter(SessionRegistry, String)}
 	 * @param redirectStrategy the {@link RedirectStrategy} to use
-	 * @deprecated use {@link #ConcurrentSessionFilter(SessionRegistry, SessionInformationExpiredStrategy)} instead.
+	 * @deprecated use
+	 * {@link #ConcurrentSessionFilter(SessionRegistry, SessionInformationExpiredStrategy)}
+	 * instead.
 	 */
 	@Deprecated
 	public void setRedirectStrategy(RedirectStrategy redirectStrategy) {
@@ -196,20 +204,23 @@ public class ConcurrentSessionFilter extends GenericFilterBean {
 	}
 
 	/**
-	 * A {@link SessionInformationExpiredStrategy} that writes an error message to the response body.
+	 * A {@link SessionInformationExpiredStrategy} that writes an error message to the
+	 * response body.
+	 *
 	 * @author Rob Winch
 	 * @since 4.2
 	 */
 	private static final class ResponseBodySessionInformationExpiredStrategy
 			implements SessionInformationExpiredStrategy {
+
 		@Override
-		public void onExpiredSessionDetected(SessionInformationExpiredEvent event)
-				throws IOException {
+		public void onExpiredSessionDetected(SessionInformationExpiredEvent event) throws IOException {
 			HttpServletResponse response = event.getResponse();
-			response.getWriter().print(
-					"This session has been expired (possibly due to multiple concurrent "
-							+ "logins being attempted as the same user).");
+			response.getWriter().print("This session has been expired (possibly due to multiple concurrent "
+					+ "logins being attempted as the same user).");
 			response.flushBuffer();
 		}
+
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/session/HttpSessionCreatedEvent.java b/web/src/main/java/org/springframework/security/web/session/HttpSessionCreatedEvent.java
index 2cdf884f7e..043ea86c5b 100644
--- a/web/src/main/java/org/springframework/security/web/session/HttpSessionCreatedEvent.java
+++ b/web/src/main/java/org/springframework/security/web/session/HttpSessionCreatedEvent.java
@@ -28,6 +28,7 @@ import org.springframework.security.core.session.SessionCreationEvent;
  * @author Luke Taylor
  */
 public class HttpSessionCreatedEvent extends SessionCreationEvent {
+
 	// ~ Constructors
 	// ===================================================================================================
 
@@ -38,4 +39,5 @@ public class HttpSessionCreatedEvent extends SessionCreationEvent {
 	public HttpSession getSession() {
 		return (HttpSession) getSource();
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/session/HttpSessionDestroyedEvent.java b/web/src/main/java/org/springframework/security/web/session/HttpSessionDestroyedEvent.java
index e12163b339..ab483d3192 100644
--- a/web/src/main/java/org/springframework/security/web/session/HttpSessionDestroyedEvent.java
+++ b/web/src/main/java/org/springframework/security/web/session/HttpSessionDestroyedEvent.java
@@ -32,6 +32,7 @@ import java.util.*;
  * @author Rob Winch
  */
 public class HttpSessionDestroyedEvent extends SessionDestroyedEvent {
+
 	// ~ Constructors
 	// ===================================================================================================
 
@@ -67,4 +68,5 @@ public class HttpSessionDestroyedEvent extends SessionDestroyedEvent {
 	public String getId() {
 		return getSession().getId();
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/session/HttpSessionEventPublisher.java b/web/src/main/java/org/springframework/security/web/session/HttpSessionEventPublisher.java
index babbf1a231..c73867825f 100644
--- a/web/src/main/java/org/springframework/security/web/session/HttpSessionEventPublisher.java
+++ b/web/src/main/java/org/springframework/security/web/session/HttpSessionEventPublisher.java
@@ -22,7 +22,6 @@ import org.apache.commons.logging.LogFactory;
 import org.springframework.context.ApplicationContext;
 import org.springframework.security.web.context.support.SecurityWebApplicationContextUtils;
 
-
 import javax.servlet.ServletContext;
 import javax.servlet.http.HttpSessionEvent;
 import javax.servlet.http.HttpSessionIdListener;
@@ -46,6 +45,7 @@ import javax.servlet.http.HttpSessionListener;
  * @author Ray Krueger
  */
 public class HttpSessionEventPublisher implements HttpSessionListener, HttpSessionIdListener {
+
 	// ~ Static fields/initializers
 	// =====================================================================================
 
@@ -61,7 +61,6 @@ public class HttpSessionEventPublisher implements HttpSessionListener, HttpSessi
 	/**
 	 * Handles the HttpSessionEvent by publishing a {@link HttpSessionCreatedEvent} to the
 	 * application appContext.
-	 *
 	 * @param event HttpSessionEvent passed in by the container
 	 */
 	public void sessionCreated(HttpSessionEvent event) {
@@ -78,7 +77,6 @@ public class HttpSessionEventPublisher implements HttpSessionListener, HttpSessi
 	/**
 	 * Handles the HttpSessionEvent by publishing a {@link HttpSessionDestroyedEvent} to
 	 * the application appContext.
-	 *
 	 * @param event The HttpSessionEvent pass in by the container
 	 */
 	public void sessionDestroyed(HttpSessionEvent event) {
@@ -103,4 +101,5 @@ public class HttpSessionEventPublisher implements HttpSessionListener, HttpSessi
 
 		getContext(event.getSession().getServletContext()).publishEvent(e);
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/session/HttpSessionIdChangedEvent.java b/web/src/main/java/org/springframework/security/web/session/HttpSessionIdChangedEvent.java
index 28a0651be0..248a67c4de 100644
--- a/web/src/main/java/org/springframework/security/web/session/HttpSessionIdChangedEvent.java
+++ b/web/src/main/java/org/springframework/security/web/session/HttpSessionIdChangedEvent.java
@@ -21,13 +21,15 @@ import org.springframework.security.core.session.SessionIdChangedEvent;
 import javax.servlet.http.HttpSession;
 
 /**
- * Published by the {@link HttpSessionEventPublisher} when an {@link HttpSession} ID
- * is changed.
+ * Published by the {@link HttpSessionEventPublisher} when an {@link HttpSession} ID is
+ * changed.
  *
  * @since 5.4
  */
 public class HttpSessionIdChangedEvent extends SessionIdChangedEvent {
+
 	private final String oldSessionId;
+
 	private final String newSessionId;
 
 	public HttpSessionIdChangedEvent(HttpSession session, String oldSessionId) {
@@ -45,4 +47,5 @@ public class HttpSessionIdChangedEvent extends SessionIdChangedEvent {
 	public String getNewSessionId() {
 		return newSessionId;
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/session/InvalidSessionAccessDeniedHandler.java b/web/src/main/java/org/springframework/security/web/session/InvalidSessionAccessDeniedHandler.java
index 2606ed5cf3..d8c157efd0 100644
--- a/web/src/main/java/org/springframework/security/web/session/InvalidSessionAccessDeniedHandler.java
+++ b/web/src/main/java/org/springframework/security/web/session/InvalidSessionAccessDeniedHandler.java
@@ -32,6 +32,7 @@ import org.springframework.util.Assert;
  * @since 3.2
  */
 public final class InvalidSessionAccessDeniedHandler implements AccessDeniedHandler {
+
 	private final InvalidSessionStrategy invalidSessionStrategy;
 
 	/**
@@ -44,8 +45,8 @@ public final class InvalidSessionAccessDeniedHandler implements AccessDeniedHand
 	}
 
 	public void handle(HttpServletRequest request, HttpServletResponse response,
-			AccessDeniedException accessDeniedException) throws IOException,
-			ServletException {
+			AccessDeniedException accessDeniedException) throws IOException, ServletException {
 		invalidSessionStrategy.onInvalidSessionDetected(request, response);
 	}
+
 }
\ No newline at end of file
diff --git a/web/src/main/java/org/springframework/security/web/session/SessionInformationExpiredEvent.java b/web/src/main/java/org/springframework/security/web/session/SessionInformationExpiredEvent.java
index d7ab30fd3f..4d469d2da6 100644
--- a/web/src/main/java/org/springframework/security/web/session/SessionInformationExpiredEvent.java
+++ b/web/src/main/java/org/springframework/security/web/session/SessionInformationExpiredEvent.java
@@ -25,22 +25,24 @@ import org.springframework.util.Assert;
 
 /**
  * An event for when a {@link SessionInformation} is expired.
+ *
  * @author Rob Winch
  * @since 4.2
  */
 public final class SessionInformationExpiredEvent extends ApplicationEvent {
 
 	private HttpServletRequest request;
+
 	private HttpServletResponse response;
 
 	/**
 	 * Creates a new instance
-	 *
 	 * @param sessionInformation the SessionInformation that is expired
 	 * @param request the HttpServletRequest
 	 * @param response the HttpServletResponse
 	 */
-	public SessionInformationExpiredEvent(SessionInformation sessionInformation, HttpServletRequest request, HttpServletResponse response) {
+	public SessionInformationExpiredEvent(SessionInformation sessionInformation, HttpServletRequest request,
+			HttpServletResponse response) {
 		super(sessionInformation);
 		Assert.notNull(request, "request cannot be null");
 		Assert.notNull(response, "response cannot be null");
@@ -65,4 +67,5 @@ public final class SessionInformationExpiredEvent extends ApplicationEvent {
 	public SessionInformation getSessionInformation() {
 		return (SessionInformation) getSource();
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/session/SessionInformationExpiredStrategy.java b/web/src/main/java/org/springframework/security/web/session/SessionInformationExpiredStrategy.java
index 718e1aee74..12325ed409 100644
--- a/web/src/main/java/org/springframework/security/web/session/SessionInformationExpiredStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/session/SessionInformationExpiredStrategy.java
@@ -28,6 +28,6 @@ import javax.servlet.ServletException;
  */
 public interface SessionInformationExpiredStrategy {
 
-	void onExpiredSessionDetected(SessionInformationExpiredEvent event)
-			throws IOException, ServletException;
+	void onExpiredSessionDetected(SessionInformationExpiredEvent event) throws IOException, ServletException;
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/session/SessionManagementFilter.java b/web/src/main/java/org/springframework/security/web/session/SessionManagementFilter.java
index ea71f5c01a..bc68ed65da 100644
--- a/web/src/main/java/org/springframework/security/web/session/SessionManagementFilter.java
+++ b/web/src/main/java/org/springframework/security/web/session/SessionManagementFilter.java
@@ -48,6 +48,7 @@ import org.springframework.web.filter.GenericFilterBean;
  * @since 2.0
  */
 public class SessionManagementFilter extends GenericFilterBean {
+
 	// ~ Static fields/initializers
 	// =====================================================================================
 
@@ -57,9 +58,13 @@ public class SessionManagementFilter extends GenericFilterBean {
 	// ================================================================================================
 
 	private final SecurityContextRepository securityContextRepository;
+
 	private SessionAuthenticationStrategy sessionAuthenticationStrategy;
+
 	private AuthenticationTrustResolver trustResolver = new AuthenticationTrustResolverImpl();
+
 	private InvalidSessionStrategy invalidSessionStrategy = null;
+
 	private AuthenticationFailureHandler failureHandler = new SimpleUrlAuthenticationFailureHandler();
 
 	public SessionManagementFilter(SecurityContextRepository securityContextRepository) {
@@ -68,8 +73,7 @@ public class SessionManagementFilter extends GenericFilterBean {
 
 	public SessionManagementFilter(SecurityContextRepository securityContextRepository,
 			SessionAuthenticationStrategy sessionStrategy) {
-		Assert.notNull(securityContextRepository,
-				"SecurityContextRepository cannot be null");
+		Assert.notNull(securityContextRepository, "SecurityContextRepository cannot be null");
 		Assert.notNull(sessionStrategy, "SessionAuthenticationStrategy cannot be null");
 		this.securityContextRepository = securityContextRepository;
 		this.sessionAuthenticationStrategy = sessionStrategy;
@@ -88,21 +92,17 @@ public class SessionManagementFilter extends GenericFilterBean {
 		request.setAttribute(FILTER_APPLIED, Boolean.TRUE);
 
 		if (!securityContextRepository.containsContext(request)) {
-			Authentication authentication = SecurityContextHolder.getContext()
-					.getAuthentication();
+			Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
 
 			if (authentication != null && !trustResolver.isAnonymous(authentication)) {
 				// The user has been authenticated during the current request, so call the
 				// session strategy
 				try {
-					sessionAuthenticationStrategy.onAuthentication(authentication,
-							request, response);
+					sessionAuthenticationStrategy.onAuthentication(authentication, request, response);
 				}
 				catch (SessionAuthenticationException e) {
 					// The session strategy can reject the authentication
-					logger.debug(
-							"SessionAuthenticationStrategy rejected the authentication object",
-							e);
+					logger.debug("SessionAuthenticationStrategy rejected the authentication object", e);
 					SecurityContextHolder.clearContext();
 					failureHandler.onAuthenticationFailure(request, response, e);
 
@@ -112,22 +112,18 @@ public class SessionManagementFilter extends GenericFilterBean {
 				// re-entrant
 				// requests which may occur before the current request completes.
 				// SEC-1396.
-				securityContextRepository.saveContext(SecurityContextHolder.getContext(),
-						request, response);
+				securityContextRepository.saveContext(SecurityContextHolder.getContext(), request, response);
 			}
 			else {
 				// No security context or authentication present. Check for a session
 				// timeout
-				if (request.getRequestedSessionId() != null
-						&& !request.isRequestedSessionIdValid()) {
+				if (request.getRequestedSessionId() != null && !request.isRequestedSessionIdValid()) {
 					if (logger.isDebugEnabled()) {
-						logger.debug("Requested session ID "
-								+ request.getRequestedSessionId() + " is invalid.");
+						logger.debug("Requested session ID " + request.getRequestedSessionId() + " is invalid.");
 					}
 
 					if (invalidSessionStrategy != null) {
-						invalidSessionStrategy
-								.onInvalidSessionDetected(request, response);
+						invalidSessionStrategy.onInvalidSessionDetected(request, response);
 						return;
 					}
 				}
@@ -141,7 +137,6 @@ public class SessionManagementFilter extends GenericFilterBean {
 	 * Sets the strategy which will be invoked instead of allowing the filter chain to
 	 * proceed, if the user agent requests an invalid session ID. If the property is not
 	 * set, no action will be taken.
-	 *
 	 * @param invalidSessionStrategy the strategy to invoke. Typically a
 	 * {@link SimpleRedirectInvalidSessionStrategy}.
 	 */
@@ -156,8 +151,7 @@ public class SessionManagementFilter extends GenericFilterBean {
 	 * too many sessions open).
 	 *
 	 */
-	public void setAuthenticationFailureHandler(
-			AuthenticationFailureHandler failureHandler) {
+	public void setAuthenticationFailureHandler(AuthenticationFailureHandler failureHandler) {
 		Assert.notNull(failureHandler, "failureHandler cannot be null");
 		this.failureHandler = failureHandler;
 	}
@@ -165,7 +159,6 @@ public class SessionManagementFilter extends GenericFilterBean {
 	/**
 	 * Sets the {@link AuthenticationTrustResolver} to be used. The default is
 	 * {@link AuthenticationTrustResolverImpl}.
-	 *
 	 * @param trustResolver the {@link AuthenticationTrustResolver} to use. Cannot be
 	 * null.
 	 */
@@ -173,4 +166,5 @@ public class SessionManagementFilter extends GenericFilterBean {
 		Assert.notNull(trustResolver, "trustResolver cannot be null");
 		this.trustResolver = trustResolver;
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/session/SimpleRedirectInvalidSessionStrategy.java b/web/src/main/java/org/springframework/security/web/session/SimpleRedirectInvalidSessionStrategy.java
index 050f282fbb..e0a40e6e29 100644
--- a/web/src/main/java/org/springframework/security/web/session/SimpleRedirectInvalidSessionStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/session/SimpleRedirectInvalidSessionStrategy.java
@@ -33,21 +33,22 @@ import java.io.IOException;
  * @author Luke Taylor
  */
 public final class SimpleRedirectInvalidSessionStrategy implements InvalidSessionStrategy {
+
 	private final Log logger = LogFactory.getLog(getClass());
+
 	private final String destinationUrl;
+
 	private final RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
+
 	private boolean createNewSession = true;
 
 	public SimpleRedirectInvalidSessionStrategy(String invalidSessionUrl) {
-		Assert.isTrue(UrlUtils.isValidRedirectUrl(invalidSessionUrl),
-				"url must start with '/' or with 'http(s)'");
+		Assert.isTrue(UrlUtils.isValidRedirectUrl(invalidSessionUrl), "url must start with '/' or with 'http(s)'");
 		this.destinationUrl = invalidSessionUrl;
 	}
 
-	public void onInvalidSessionDetected(HttpServletRequest request,
-			HttpServletResponse response) throws IOException {
-		logger.debug("Starting new session (if required) and redirecting to '"
-				+ destinationUrl + "'");
+	public void onInvalidSessionDetected(HttpServletRequest request, HttpServletResponse response) throws IOException {
+		logger.debug("Starting new session (if required) and redirecting to '" + destinationUrl + "'");
 		if (createNewSession) {
 			request.getSession();
 		}
@@ -59,10 +60,10 @@ public final class SimpleRedirectInvalidSessionStrategy implements InvalidSessio
 	 * possible looping issues where the same session ID is sent with the redirected
 	 * request). Alternatively, ensure that the configured URL does not pass through the
 	 * {@code SessionManagementFilter}.
-	 *
 	 * @param createNewSession defaults to {@code true}.
 	 */
 	public void setCreateNewSession(boolean createNewSession) {
 		this.createNewSession = createNewSession;
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/session/SimpleRedirectSessionInformationExpiredStrategy.java b/web/src/main/java/org/springframework/security/web/session/SimpleRedirectSessionInformationExpiredStrategy.java
index 9b93a2119c..f213b74c4e 100644
--- a/web/src/main/java/org/springframework/security/web/session/SimpleRedirectSessionInformationExpiredStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/session/SimpleRedirectSessionInformationExpiredStrategy.java
@@ -33,19 +33,22 @@ import org.springframework.util.Assert;
  * @since 4.2.0
  */
 public final class SimpleRedirectSessionInformationExpiredStrategy implements SessionInformationExpiredStrategy {
+
 	private final Log logger = LogFactory.getLog(getClass());
+
 	private final String destinationUrl;
+
 	private final RedirectStrategy redirectStrategy;
 
 	public SimpleRedirectSessionInformationExpiredStrategy(String invalidSessionUrl) {
 		this(invalidSessionUrl, new DefaultRedirectStrategy());
 	}
 
-	public SimpleRedirectSessionInformationExpiredStrategy(String invalidSessionUrl, RedirectStrategy redirectStrategy) {
-		Assert.isTrue(UrlUtils.isValidRedirectUrl(invalidSessionUrl),
-				"url must start with '/' or with 'http(s)'");
-		this.destinationUrl=invalidSessionUrl;
-		this.redirectStrategy=redirectStrategy;
+	public SimpleRedirectSessionInformationExpiredStrategy(String invalidSessionUrl,
+			RedirectStrategy redirectStrategy) {
+		Assert.isTrue(UrlUtils.isValidRedirectUrl(invalidSessionUrl), "url must start with '/' or with 'http(s)'");
+		this.destinationUrl = invalidSessionUrl;
+		this.redirectStrategy = redirectStrategy;
 	}
 
 	public void onExpiredSessionDetected(SessionInformationExpiredEvent event) throws IOException {
diff --git a/web/src/main/java/org/springframework/security/web/session/package-info.java b/web/src/main/java/org/springframework/security/web/session/package-info.java
index 86b7ddc1b4..d460877f83 100644
--- a/web/src/main/java/org/springframework/security/web/session/package-info.java
+++ b/web/src/main/java/org/springframework/security/web/session/package-info.java
@@ -17,4 +17,3 @@
  * Session management filters, {@code HttpSession} events and publisher classes.
  */
 package org.springframework.security.web.session;
-
diff --git a/web/src/main/java/org/springframework/security/web/util/OnCommittedResponseWrapper.java b/web/src/main/java/org/springframework/security/web/util/OnCommittedResponseWrapper.java
index 88da4f48a3..9166e175f3 100644
--- a/web/src/main/java/org/springframework/security/web/util/OnCommittedResponseWrapper.java
+++ b/web/src/main/java/org/springframework/security/web/util/OnCommittedResponseWrapper.java
@@ -229,13 +229,11 @@ public abstract class OnCommittedResponseWrapper extends HttpServletResponseWrap
 	/**
 	 * Adds the contentLengthToWrite to the total contentWritten size and checks to see if
 	 * the response should be written.
-	 *
 	 * @param contentLengthToWrite the size of the content that is about to be written.
 	 */
 	private void checkContentLength(long contentLengthToWrite) {
 		this.contentWritten += contentLengthToWrite;
-		boolean isBodyFullyWritten = this.contentLength > 0
-				&& this.contentWritten >= this.contentLength;
+		boolean isBodyFullyWritten = this.contentLength > 0 && this.contentWritten >= this.contentLength;
 		int bufferSize = getBufferSize();
 		boolean requiresFlush = bufferSize > 0 && this.contentWritten >= bufferSize;
 		if (isBodyFullyWritten || requiresFlush) {
@@ -259,9 +257,11 @@ public abstract class OnCommittedResponseWrapper extends HttpServletResponseWrap
 	 * calling the prior to methods that commit the response. We delegate all methods to
 	 * the original {@link java.io.PrintWriter} to ensure that the behavior is as close to
 	 * the original {@link java.io.PrintWriter} as possible. See SEC-2039
+	 *
 	 * @author Rob Winch
 	 */
 	private class SaveContextPrintWriter extends PrintWriter {
+
 		private final PrintWriter delegate;
 
 		SaveContextPrintWriter(PrintWriter delegate) {
@@ -491,6 +491,7 @@ public abstract class OnCommittedResponseWrapper extends HttpServletResponseWrap
 			trackContentLength(c);
 			return this.delegate.append(c);
 		}
+
 	}
 
 	/**
@@ -502,6 +503,7 @@ public abstract class OnCommittedResponseWrapper extends HttpServletResponseWrap
 	 * @author Rob Winch
 	 */
 	private class SaveContextServletOutputStream extends ServletOutputStream {
+
 		private final ServletOutputStream delegate;
 
 		SaveContextServletOutputStream(ServletOutputStream delegate) {
@@ -657,5 +659,7 @@ public abstract class OnCommittedResponseWrapper extends HttpServletResponseWrap
 		public String toString() {
 			return getClass().getName() + "[delegate=" + this.delegate.toString() + "]";
 		}
+
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/util/RedirectUrlBuilder.java b/web/src/main/java/org/springframework/security/web/util/RedirectUrlBuilder.java
index c7bb7bc2e1..b9a8f77835 100644
--- a/web/src/main/java/org/springframework/security/web/util/RedirectUrlBuilder.java
+++ b/web/src/main/java/org/springframework/security/web/util/RedirectUrlBuilder.java
@@ -26,12 +26,19 @@ import org.springframework.util.Assert;
  * @since 2.0
  */
 public class RedirectUrlBuilder {
+
 	private String scheme;
+
 	private String serverName;
+
 	private int port;
+
 	private String contextPath;
+
 	private String servletPath;
+
 	private String pathInfo;
+
 	private String query;
 
 	public void setScheme(String scheme) {
@@ -96,4 +103,5 @@ public class RedirectUrlBuilder {
 
 		return sb.toString();
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/util/TextEscapeUtils.java b/web/src/main/java/org/springframework/security/web/util/TextEscapeUtils.java
index 3574ea1909..fed40240f9 100644
--- a/web/src/main/java/org/springframework/security/web/util/TextEscapeUtils.java
+++ b/web/src/main/java/org/springframework/security/web/util/TextEscapeUtils.java
@@ -54,15 +54,13 @@ public abstract class TextEscapeUtils {
 			else if (Character.isHighSurrogate(c)) {
 				if (i + 1 >= s.length()) {
 					// Unexpected end
-					throw new IllegalArgumentException(
-							"Missing low surrogate character at end of string");
+					throw new IllegalArgumentException("Missing low surrogate character at end of string");
 				}
 				char low = s.charAt(i + 1);
 
 				if (!Character.isLowSurrogate(low)) {
 					throw new IllegalArgumentException(
-							"Expected low surrogate character but found value = "
-									+ (int) low);
+							"Expected low surrogate character but found value = " + (int) low);
 				}
 
 				int codePoint = Character.toCodePoint(c, low);
@@ -72,8 +70,7 @@ public abstract class TextEscapeUtils {
 				i++; // skip the next character as we have already dealt with it
 			}
 			else if (Character.isLowSurrogate(c)) {
-				throw new IllegalArgumentException(
-						"Unexpected low surrogate character, value = " + (int) c);
+				throw new IllegalArgumentException("Unexpected low surrogate character, value = " + (int) c);
 			}
 			else if (Character.isDefined(c)) {
 				sb.append("&#").append((int) c).append(";");
@@ -83,4 +80,5 @@ public abstract class TextEscapeUtils {
 
 		return sb.toString();
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/util/ThrowableAnalyzer.java b/web/src/main/java/org/springframework/security/web/util/ThrowableAnalyzer.java
index 2c3c24f909..50711b3307 100755
--- a/web/src/main/java/org/springframework/security/web/util/ThrowableAnalyzer.java
+++ b/web/src/main/java/org/springframework/security/web/util/ThrowableAnalyzer.java
@@ -80,8 +80,7 @@ public class ThrowableAnalyzer {
 	 * Creates a new <code>ThrowableAnalyzer</code> instance.
 	 */
 	public ThrowableAnalyzer() {
-		this.extractorMap = new TreeMap<>(
-				CLASS_HIERARCHY_COMPARATOR);
+		this.extractorMap = new TreeMap<>(CLASS_HIERARCHY_COMPARATOR);
 
 		initExtractorMap();
 	}
@@ -89,11 +88,9 @@ public class ThrowableAnalyzer {
 	/**
 	 * Registers a <code>ThrowableCauseExtractor</code> for the specified type. <i>Can be
 	 * used in subclasses overriding {@link #initExtractorMap()}.</i>
-	 *
 	 * @param throwableType the type (has to be a subclass of <code>Throwable</code>)
 	 * @param extractor the associated <code>ThrowableCauseExtractor</code> (not
 	 * <code>null</code>)
-	 *
 	 * @throws IllegalArgumentException if one of the arguments is invalid
 	 */
 	protected final void registerExtractor(Class<? extends Throwable> throwableType,
@@ -110,7 +107,8 @@ public class ThrowableAnalyzer {
 	 * <ul>
 	 * <li>{@link #DEFAULT_EXTRACTOR} for {@link Throwable}</li>
 	 * <li>{@link #INVOCATIONTARGET_EXTRACTOR} for {@link InvocationTargetException}</li>
-	 * </ul><br>
+	 * </ul>
+	 * <br>
 	 * Subclasses overriding this method are encouraged to invoke the super method to
 	 * perform the default registrations. They can register additional extractors as
 	 * required.
@@ -132,7 +130,6 @@ public class ThrowableAnalyzer {
 	 * Returns an array containing the classes for which extractors are registered. The
 	 * order of the classes is the order in which comparisons will occur for resolving a
 	 * matching extractor.
-	 *
 	 * @return the types for which extractors are registered
 	 */
 	@SuppressWarnings("unchecked")
@@ -150,10 +147,8 @@ public class ThrowableAnalyzer {
 	 * <p>
 	 * Note: If no {@link ThrowableCauseExtractor} is registered for this instance then
 	 * the returned array will always only contain the passed in throwable.
-	 *
 	 * @param throwable the <code>Throwable</code> to analyze
 	 * @return an array of all determined throwables from the stacktrace
-	 *
 	 * @throws IllegalArgumentException if the throwable is <code>null</code>
 	 *
 	 * @see #initExtractorMap()
@@ -176,13 +171,11 @@ public class ThrowableAnalyzer {
 
 	/**
 	 * Extracts the cause of the given throwable using an appropriate extractor.
-	 *
 	 * @param throwable the <code>Throwable</code> (not <code>null</code>
 	 * @return the cause, may be <code>null</code> if none could be resolved
 	 */
 	private Throwable extractCause(Throwable throwable) {
-		for (Map.Entry<Class<? extends Throwable>, ThrowableCauseExtractor> entry : extractorMap
-				.entrySet()) {
+		for (Map.Entry<Class<? extends Throwable>, ThrowableCauseExtractor> entry : extractorMap.entrySet()) {
 			Class<? extends Throwable> throwableType = entry.getKey();
 			if (throwableType.isInstance(throwable)) {
 				ThrowableCauseExtractor extractor = entry.getValue();
@@ -198,16 +191,13 @@ public class ThrowableAnalyzer {
 	 * provided type. A returned instance is safe to be cast to the specified type.
 	 * <p>
 	 * If the passed in array is null or empty this method returns <code>null</code>.
-	 *
 	 * @param throwableType the type to look for
 	 * @param chain the array (will be processed in element order)
 	 * @return the found <code>Throwable</code>, <code>null</code> if not found
-	 *
 	 * @throws IllegalArgumentException if the provided type is <code>null</code> or no
 	 * subclass of <code>Throwable</code>
 	 */
-	public final Throwable getFirstThrowableOfType(
-			Class<? extends Throwable> throwableType, Throwable[] chain) {
+	public final Throwable getFirstThrowableOfType(Class<? extends Throwable> throwableType, Throwable[] chain) {
 		if (chain != null) {
 			for (Throwable t : chain) {
 				if ((t != null) && throwableType.isInstance(t)) {
@@ -226,15 +216,12 @@ public class ThrowableAnalyzer {
 	 * <p>
 	 * Can be used for verification purposes in implementations of
 	 * {@link ThrowableCauseExtractor extractors}.
-	 *
 	 * @param throwable the <code>Throwable</code> to check
 	 * @param expectedBaseType the type to check against
-	 *
 	 * @throws IllegalArgumentException if <code>throwable</code> is either
 	 * <code>null</code> or its type is not assignable to <code>expectedBaseType</code>
 	 */
-	public static void verifyThrowableHierarchy(Throwable throwable,
-			Class<? extends Throwable> expectedBaseType) {
+	public static void verifyThrowableHierarchy(Throwable throwable, Class<? extends Throwable> expectedBaseType) {
 		if (expectedBaseType == null) {
 			return;
 		}
@@ -245,9 +232,9 @@ public class ThrowableAnalyzer {
 		Class<? extends Throwable> throwableType = throwable.getClass();
 
 		if (!expectedBaseType.isAssignableFrom(throwableType)) {
-			throw new IllegalArgumentException("Invalid type: '"
-					+ throwableType.getName() + "'. Has to be a subclass of '"
-					+ expectedBaseType.getName() + "'");
+			throw new IllegalArgumentException("Invalid type: '" + throwableType.getName()
+					+ "'. Has to be a subclass of '" + expectedBaseType.getName() + "'");
 		}
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/util/ThrowableCauseExtractor.java b/web/src/main/java/org/springframework/security/web/util/ThrowableCauseExtractor.java
index 61f784ba91..b9a2a3b9ee 100755
--- a/web/src/main/java/org/springframework/security/web/util/ThrowableCauseExtractor.java
+++ b/web/src/main/java/org/springframework/security/web/util/ThrowableCauseExtractor.java
@@ -20,19 +20,17 @@ package org.springframework.security.web.util;
  *
  * @author Andreas Senft
  * @since 2.0
- *
  * @see ThrowableAnalyzer
  */
 public interface ThrowableCauseExtractor {
 
 	/**
 	 * Extracts the cause from the provided <code>Throwable</code>.
-	 *
 	 * @param throwable the <code>Throwable</code>
 	 * @return the extracted cause (maybe <code>null</code>)
-	 *
 	 * @throws IllegalArgumentException if <code>throwable</code> is <code>null</code> or
 	 * otherwise considered invalid for the implementation
 	 */
 	Throwable extractCause(Throwable throwable);
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/util/UrlUtils.java b/web/src/main/java/org/springframework/security/web/util/UrlUtils.java
index 35e745bea3..1667591f37 100644
--- a/web/src/main/java/org/springframework/security/web/util/UrlUtils.java
+++ b/web/src/main/java/org/springframework/security/web/util/UrlUtils.java
@@ -29,12 +29,13 @@ import javax.servlet.http.HttpServletRequest;
  * @author Ben Alex
  */
 public final class UrlUtils {
+
 	// ~ Methods
 	// ========================================================================================================
 
 	public static String buildFullRequestUrl(HttpServletRequest r) {
-		return buildFullRequestUrl(r.getScheme(), r.getServerName(), r.getServerPort(),
-				r.getRequestURI(), r.getQueryString());
+		return buildFullRequestUrl(r.getScheme(), r.getServerName(), r.getServerPort(), r.getRequestURI(),
+				r.getQueryString());
 	}
 
 	/**
@@ -42,11 +43,10 @@ public final class UrlUtils {
 	 * <p>
 	 * Note that the server port will not be shown if it is the default server port for
 	 * HTTP or HTTPS (80 and 443 respectively).
-	 *
 	 * @return the full URL, suitable for redirects (not decoded).
 	 */
-	public static String buildFullRequestUrl(String scheme, String serverName,
-			int serverPort, String requestURI, String queryString) {
+	public static String buildFullRequestUrl(String scheme, String serverName, int serverPort, String requestURI,
+			String queryString) {
 
 		scheme = scheme.toLowerCase();
 
@@ -91,20 +91,19 @@ public final class UrlUtils {
 	 * building the returned value. But this method may also be called using dummy request
 	 * objects which just have the requestURI and contextPatth set, for example, so it
 	 * will fall back to using those.
-	 *
 	 * @return the decoded URL, excluding any server name, context path or servlet path
 	 *
 	 */
 	public static String buildRequestUrl(HttpServletRequest r) {
-		return buildRequestUrl(r.getServletPath(), r.getRequestURI(), r.getContextPath(),
-				r.getPathInfo(), r.getQueryString());
+		return buildRequestUrl(r.getServletPath(), r.getRequestURI(), r.getContextPath(), r.getPathInfo(),
+				r.getQueryString());
 	}
 
 	/**
 	 * Obtains the web application-specific fragment of the URL.
 	 */
-	private static String buildRequestUrl(String servletPath, String requestURI,
-			String contextPath, String pathInfo, String queryString) {
+	private static String buildRequestUrl(String servletPath, String requestURI, String contextPath, String pathInfo,
+			String queryString) {
 
 		StringBuilder url = new StringBuilder();
 
@@ -140,9 +139,9 @@ public final class UrlUtils {
 		if (url == null) {
 			return false;
 		}
-		final Pattern ABSOLUTE_URL = Pattern.compile("\\A[a-z0-9.+-]+://.*",
-				Pattern.CASE_INSENSITIVE);
+		final Pattern ABSOLUTE_URL = Pattern.compile("\\A[a-z0-9.+-]+://.*", Pattern.CASE_INSENSITIVE);
 
 		return ABSOLUTE_URL.matcher(url).matches();
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/util/matcher/AndRequestMatcher.java b/web/src/main/java/org/springframework/security/web/util/matcher/AndRequestMatcher.java
index 952370c2d2..6f7630f6e4 100644
--- a/web/src/main/java/org/springframework/security/web/util/matcher/AndRequestMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/util/matcher/AndRequestMatcher.java
@@ -33,27 +33,25 @@ import org.springframework.util.Assert;
  * @since 3.2
  */
 public final class AndRequestMatcher implements RequestMatcher {
+
 	private final Log logger = LogFactory.getLog(getClass());
 
 	private final List<RequestMatcher> requestMatchers;
 
 	/**
 	 * Creates a new instance
-	 *
 	 * @param requestMatchers the {@link RequestMatcher} instances to try
 	 */
 	public AndRequestMatcher(List<RequestMatcher> requestMatchers) {
 		Assert.notEmpty(requestMatchers, "requestMatchers must contain a value");
 		if (requestMatchers.contains(null)) {
-			throw new IllegalArgumentException(
-					"requestMatchers cannot contain null values");
+			throw new IllegalArgumentException("requestMatchers cannot contain null values");
 		}
 		this.requestMatchers = requestMatchers;
 	}
 
 	/**
 	 * Creates a new instance
-	 *
 	 * @param requestMatchers the {@link RequestMatcher} instances to try
 	 */
 	public AndRequestMatcher(RequestMatcher... requestMatchers) {
@@ -78,4 +76,5 @@ public final class AndRequestMatcher implements RequestMatcher {
 	public String toString() {
 		return "AndRequestMatcher [requestMatchers=" + requestMatchers + "]";
 	}
+
 }
\ No newline at end of file
diff --git a/web/src/main/java/org/springframework/security/web/util/matcher/AntPathRequestMatcher.java b/web/src/main/java/org/springframework/security/web/util/matcher/AntPathRequestMatcher.java
index 146398c0c2..f995c831da 100644
--- a/web/src/main/java/org/springframework/security/web/util/matcher/AntPathRequestMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/util/matcher/AntPathRequestMatcher.java
@@ -51,17 +51,20 @@ import org.springframework.web.util.UrlPathHelper;
  * @author Rob Winch
  * @author Eddú Meléndez
  * @since 3.1
- *
  * @see org.springframework.util.AntPathMatcher
  */
-public final class AntPathRequestMatcher
-		implements RequestMatcher, RequestVariablesExtractor {
+public final class AntPathRequestMatcher implements RequestMatcher, RequestVariablesExtractor {
+
 	private static final Log logger = LogFactory.getLog(AntPathRequestMatcher.class);
+
 	private static final String MATCH_ALL = "/**";
 
 	private final Matcher matcher;
+
 	private final String pattern;
+
 	private final HttpMethod httpMethod;
+
 	private final boolean caseSensitive;
 
 	private final UrlPathHelper urlPathHelper;
@@ -69,7 +72,6 @@ public final class AntPathRequestMatcher
 	/**
 	 * Creates a matcher with the specific pattern which will match all HTTP methods in a
 	 * case sensitive manner.
-	 *
 	 * @param pattern the ant pattern to use for matching
 	 */
 	public AntPathRequestMatcher(String pattern) {
@@ -79,7 +81,6 @@ public final class AntPathRequestMatcher
 	/**
 	 * Creates a matcher with the supplied pattern and HTTP method in a case sensitive
 	 * manner.
-	 *
 	 * @param pattern the ant pattern to use for matching
 	 * @param httpMethod the HTTP method. The {@code matches} method will return false if
 	 * the incoming request doesn't have the same method.
@@ -91,29 +92,27 @@ public final class AntPathRequestMatcher
 	/**
 	 * Creates a matcher with the supplied pattern which will match the specified Http
 	 * method
-	 *
 	 * @param pattern the ant pattern to use for matching
 	 * @param httpMethod the HTTP method. The {@code matches} method will return false if
 	 * the incoming request doesn't doesn't have the same method.
 	 * @param caseSensitive true if the matcher should consider case, else false
 	 */
-	public AntPathRequestMatcher(String pattern, String httpMethod,
-			boolean caseSensitive) {
+	public AntPathRequestMatcher(String pattern, String httpMethod, boolean caseSensitive) {
 		this(pattern, httpMethod, caseSensitive, null);
 	}
 
 	/**
 	 * Creates a matcher with the supplied pattern which will match the specified Http
 	 * method
-	 *
 	 * @param pattern the ant pattern to use for matching
 	 * @param httpMethod the HTTP method. The {@code matches} method will return false if
 	 * the incoming request doesn't have the same method.
 	 * @param caseSensitive true if the matcher should consider case, else false
-	 * @param urlPathHelper if non-null, will be used for extracting the path from the HttpServletRequest
+	 * @param urlPathHelper if non-null, will be used for extracting the path from the
+	 * HttpServletRequest
 	 */
-	public AntPathRequestMatcher(String pattern, String httpMethod,
-			boolean caseSensitive, UrlPathHelper urlPathHelper) {
+	public AntPathRequestMatcher(String pattern, String httpMethod, boolean caseSensitive,
+			UrlPathHelper urlPathHelper) {
 		Assert.hasText(pattern, "Pattern cannot be null or empty");
 		this.caseSensitive = caseSensitive;
 
@@ -125,11 +124,9 @@ public final class AntPathRequestMatcher
 			// If the pattern ends with {@code /**} and has no other wildcards or path
 			// variables, then optimize to a sub-path match
 			if (pattern.endsWith(MATCH_ALL)
-					&& (pattern.indexOf('?') == -1 && pattern.indexOf('{') == -1
-							&& pattern.indexOf('}') == -1)
+					&& (pattern.indexOf('?') == -1 && pattern.indexOf('{') == -1 && pattern.indexOf('}') == -1)
 					&& pattern.indexOf("*") == pattern.length() - 2) {
-				this.matcher = new SubpathMatcher(
-						pattern.substring(0, pattern.length() - 3), caseSensitive);
+				this.matcher = new SubpathMatcher(pattern.substring(0, pattern.length() - 3), caseSensitive);
 			}
 			else {
 				this.matcher = new SpringAntMatcher(pattern, caseSensitive);
@@ -137,15 +134,13 @@ public final class AntPathRequestMatcher
 		}
 
 		this.pattern = pattern;
-		this.httpMethod = StringUtils.hasText(httpMethod) ? HttpMethod.valueOf(httpMethod)
-				: null;
+		this.httpMethod = StringUtils.hasText(httpMethod) ? HttpMethod.valueOf(httpMethod) : null;
 		this.urlPathHelper = urlPathHelper;
 	}
 
 	/**
 	 * Returns true if the configured pattern (and HTTP-Method) match those of the
 	 * supplied request.
-	 *
 	 * @param request the request to match against. The ant pattern will be matched
 	 * against the {@code servletPath} + {@code pathInfo} of the request.
 	 */
@@ -154,9 +149,8 @@ public final class AntPathRequestMatcher
 		if (this.httpMethod != null && StringUtils.hasText(request.getMethod())
 				&& this.httpMethod != valueOf(request.getMethod())) {
 			if (logger.isDebugEnabled()) {
-				logger.debug("Request '" + request.getMethod() + " "
-						+ getRequestPath(request) + "'" + " doesn't match '"
-						+ this.httpMethod + " " + this.pattern + "'");
+				logger.debug("Request '" + request.getMethod() + " " + getRequestPath(request) + "'"
+						+ " doesn't match '" + this.httpMethod + " " + this.pattern + "'");
 			}
 
 			return false;
@@ -164,8 +158,7 @@ public final class AntPathRequestMatcher
 
 		if (this.pattern.equals(MATCH_ALL)) {
 			if (logger.isDebugEnabled()) {
-				logger.debug("Request '" + getRequestPath(request)
-						+ "' matched by universal pattern '/**'");
+				logger.debug("Request '" + getRequestPath(request) + "' matched by universal pattern '/**'");
 			}
 
 			return true;
@@ -174,8 +167,7 @@ public final class AntPathRequestMatcher
 		String url = getRequestPath(request);
 
 		if (logger.isDebugEnabled()) {
-			logger.debug("Checking match of request : '" + url + "'; against '"
-					+ this.pattern + "'");
+			logger.debug("Checking match of request : '" + url + "'; against '" + this.pattern + "'");
 		}
 
 		return this.matcher.matches(url);
@@ -250,9 +242,7 @@ public final class AntPathRequestMatcher
 	/**
 	 * Provides a save way of obtaining the HttpMethod from a String. If the method is
 	 * invalid, returns null.
-	 *
 	 * @param method the HTTP method to use.
-	 *
 	 * @return the HttpMethod or null if method is invalid.
 	 */
 	private static HttpMethod valueOf(String method) {
@@ -266,12 +256,15 @@ public final class AntPathRequestMatcher
 	}
 
 	private interface Matcher {
+
 		boolean matches(String path);
 
 		Map<String, String> extractUriTemplateVariables(String path);
+
 	}
 
 	private static class SpringAntMatcher implements Matcher {
+
 		private final AntPathMatcher antMatcher;
 
 		private final String pattern;
@@ -297,18 +290,22 @@ public final class AntPathRequestMatcher
 			matcher.setCaseSensitive(caseSensitive);
 			return matcher;
 		}
+
 	}
 
 	/**
 	 * Optimized matcher for trailing wildcards
 	 */
 	private static class SubpathMatcher implements Matcher {
+
 		private final String subpath;
+
 		private final int length;
+
 		private final boolean caseSensitive;
 
 		private SubpathMatcher(String subpath, boolean caseSensitive) {
-			assert!subpath.contains("*");
+			assert !subpath.contains("*");
 			this.subpath = caseSensitive ? subpath : subpath.toLowerCase();
 			this.length = subpath.length();
 			this.caseSensitive = caseSensitive;
@@ -319,13 +316,14 @@ public final class AntPathRequestMatcher
 			if (!this.caseSensitive) {
 				path = path.toLowerCase();
 			}
-			return path.startsWith(this.subpath)
-					&& (path.length() == this.length || path.charAt(this.length) == '/');
+			return path.startsWith(this.subpath) && (path.length() == this.length || path.charAt(this.length) == '/');
 		}
 
 		@Override
 		public Map<String, String> extractUriTemplateVariables(String path) {
 			return Collections.emptyMap();
 		}
+
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/util/matcher/AnyRequestMatcher.java b/web/src/main/java/org/springframework/security/web/util/matcher/AnyRequestMatcher.java
index 35a59e4b15..34d74eb435 100644
--- a/web/src/main/java/org/springframework/security/web/util/matcher/AnyRequestMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/util/matcher/AnyRequestMatcher.java
@@ -26,6 +26,7 @@ import org.springframework.security.web.util.matcher.RequestMatcher;
  * @since 3.1
  */
 public final class AnyRequestMatcher implements RequestMatcher {
+
 	public static final RequestMatcher INSTANCE = new AnyRequestMatcher();
 
 	public boolean matches(HttpServletRequest request) {
@@ -51,4 +52,5 @@ public final class AnyRequestMatcher implements RequestMatcher {
 
 	private AnyRequestMatcher() {
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/util/matcher/ELRequestMatcher.java b/web/src/main/java/org/springframework/security/web/util/matcher/ELRequestMatcher.java
index d0fc2a1336..ae90043132 100644
--- a/web/src/main/java/org/springframework/security/web/util/matcher/ELRequestMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/util/matcher/ELRequestMatcher.java
@@ -37,7 +37,6 @@ import org.springframework.security.web.util.matcher.RequestMatcher;
  * See {@link DelegatingAuthenticationEntryPoint} for an example configuration.
  * </p>
  *
- *
  * @author Mike Wiesner
  * @since 3.0.2
  */
@@ -58,7 +57,6 @@ public class ELRequestMatcher implements RequestMatcher {
 	/**
 	 * Subclasses can override this methode if they want to use a different EL root
 	 * context
-	 *
 	 * @return EL root context which is used to evaluate the expression
 	 */
 	public EvaluationContext createELContext(HttpServletRequest request) {
@@ -72,4 +70,5 @@ public class ELRequestMatcher implements RequestMatcher {
 		sb.append("]");
 		return sb.toString();
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/util/matcher/IpAddressMatcher.java b/web/src/main/java/org/springframework/security/web/util/matcher/IpAddressMatcher.java
index b9104a7e45..b0cf2fa3ee 100644
--- a/web/src/main/java/org/springframework/security/web/util/matcher/IpAddressMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/util/matcher/IpAddressMatcher.java
@@ -35,13 +35,14 @@ import org.springframework.util.Assert;
  * @since 3.0.2
  */
 public final class IpAddressMatcher implements RequestMatcher {
+
 	private final int nMaskBits;
+
 	private final InetAddress requiredAddress;
 
 	/**
 	 * Takes a specific IP address or a range specified using the IP/Netmask (e.g.
 	 * 192.168.1.0/24 or 202.24.0.0/14).
-	 *
 	 * @param ipAddress the address or range of addresses from which the request must
 	 * come.
 	 */
@@ -57,8 +58,7 @@ public final class IpAddressMatcher implements RequestMatcher {
 		}
 		requiredAddress = parseAddress(ipAddress);
 		Assert.isTrue(requiredAddress.getAddress().length * 8 >= nMaskBits,
-				String.format("IP address %s is too short for bitmask of length %d",
-						ipAddress, nMaskBits));
+				String.format("IP address %s is too short for bitmask of length %d", ipAddress, nMaskBits));
 	}
 
 	public boolean matches(HttpServletRequest request) {
@@ -105,4 +105,5 @@ public final class IpAddressMatcher implements RequestMatcher {
 			throw new IllegalArgumentException("Failed to parse address" + address, e);
 		}
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcher.java b/web/src/main/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcher.java
index 22565ab8f1..8e927dab29 100644
--- a/web/src/main/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcher.java
@@ -141,10 +141,15 @@ import org.springframework.web.context.request.ServletWebRequest;
  */
 
 public final class MediaTypeRequestMatcher implements RequestMatcher {
+
 	private final Log logger = LogFactory.getLog(getClass());
+
 	private final ContentNegotiationStrategy contentNegotiationStrategy;
+
 	private final Collection<MediaType> matchingMediaTypes;
+
 	private boolean useEquals;
+
 	private Set<MediaType> ignoredMediaTypes = Collections.emptySet();
 
 	/**
@@ -164,6 +169,7 @@ public final class MediaTypeRequestMatcher implements RequestMatcher {
 	public MediaTypeRequestMatcher(Collection<MediaType> matchingMediaTypes) {
 		this(new HeaderContentNegotiationStrategy(), matchingMediaTypes);
 	}
+
 	/**
 	 * Creates an instance
 	 * @param contentNegotiationStrategy the {@link ContentNegotiationStrategy} to use
@@ -192,8 +198,7 @@ public final class MediaTypeRequestMatcher implements RequestMatcher {
 	public boolean matches(HttpServletRequest request) {
 		List<MediaType> httpRequestMediaTypes;
 		try {
-			httpRequestMediaTypes = this.contentNegotiationStrategy
-					.resolveMediaTypes(new ServletWebRequest(request));
+			httpRequestMediaTypes = this.contentNegotiationStrategy.resolveMediaTypes(new ServletWebRequest(request));
 		}
 		catch (HttpMediaTypeNotAcceptableException e) {
 			this.logger.debug("Failed to parse MediaTypes, returning false", e);
@@ -211,17 +216,15 @@ public final class MediaTypeRequestMatcher implements RequestMatcher {
 				continue;
 			}
 			if (this.useEquals) {
-				boolean isEqualTo = this.matchingMediaTypes
-						.contains(httpRequestMediaType);
+				boolean isEqualTo = this.matchingMediaTypes.contains(httpRequestMediaType);
 				this.logger.debug("isEqualTo " + isEqualTo);
 				return isEqualTo;
 			}
 			for (MediaType matchingMediaType : this.matchingMediaTypes) {
-				boolean isCompatibleWith = matchingMediaType
-						.isCompatibleWith(httpRequestMediaType);
+				boolean isCompatibleWith = matchingMediaType.isCompatibleWith(httpRequestMediaType);
 				if (this.logger.isDebugEnabled()) {
-					this.logger.debug(matchingMediaType + " .isCompatibleWith "
-							+ httpRequestMediaType + " = " + isCompatibleWith);
+					this.logger.debug(matchingMediaType + " .isCompatibleWith " + httpRequestMediaType + " = "
+							+ isCompatibleWith);
 				}
 				if (isCompatibleWith) {
 					return true;
@@ -244,7 +247,6 @@ public final class MediaTypeRequestMatcher implements RequestMatcher {
 	/**
 	 * If set to true, matches on exact {@link MediaType}, else uses
 	 * {@link MediaType#isCompatibleWith(MediaType)}.
-	 *
 	 * @param useEquals specify if equals comparison should be used.
 	 */
 	public void setUseEquals(boolean useEquals) {
@@ -255,7 +257,6 @@ public final class MediaTypeRequestMatcher implements RequestMatcher {
 	 * Set the {@link MediaType} to ignore from the {@link ContentNegotiationStrategy}.
 	 * This is useful if for example, you want to match on
 	 * {@link MediaType#APPLICATION_JSON} but want to ignore {@link MediaType#ALL}.
-	 *
 	 * @param ignoredMediaTypes the {@link MediaType}'s to ignore from the
 	 * {@link ContentNegotiationStrategy}
 	 */
@@ -265,9 +266,9 @@ public final class MediaTypeRequestMatcher implements RequestMatcher {
 
 	@Override
 	public String toString() {
-		return "MediaTypeRequestMatcher [contentNegotiationStrategy="
-				+ this.contentNegotiationStrategy + ", matchingMediaTypes="
-				+ this.matchingMediaTypes + ", useEquals=" + this.useEquals
+		return "MediaTypeRequestMatcher [contentNegotiationStrategy=" + this.contentNegotiationStrategy
+				+ ", matchingMediaTypes=" + this.matchingMediaTypes + ", useEquals=" + this.useEquals
 				+ ", ignoredMediaTypes=" + this.ignoredMediaTypes + "]";
 	}
+
 }
\ No newline at end of file
diff --git a/web/src/main/java/org/springframework/security/web/util/matcher/NegatedRequestMatcher.java b/web/src/main/java/org/springframework/security/web/util/matcher/NegatedRequestMatcher.java
index bc7a2be8a7..474d0ed500 100644
--- a/web/src/main/java/org/springframework/security/web/util/matcher/NegatedRequestMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/util/matcher/NegatedRequestMatcher.java
@@ -32,6 +32,7 @@ import org.springframework.util.Assert;
  * @since 3.2
  */
 public class NegatedRequestMatcher implements RequestMatcher {
+
 	private final Log logger = LogFactory.getLog(getClass());
 
 	private final RequestMatcher requestMatcher;
@@ -57,4 +58,5 @@ public class NegatedRequestMatcher implements RequestMatcher {
 	public String toString() {
 		return "NegatedRequestMatcher [requestMatcher=" + requestMatcher + "]";
 	}
+
 }
\ No newline at end of file
diff --git a/web/src/main/java/org/springframework/security/web/util/matcher/OrRequestMatcher.java b/web/src/main/java/org/springframework/security/web/util/matcher/OrRequestMatcher.java
index 70e62b792f..5760df1370 100644
--- a/web/src/main/java/org/springframework/security/web/util/matcher/OrRequestMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/util/matcher/OrRequestMatcher.java
@@ -33,26 +33,25 @@ import org.springframework.util.Assert;
  * @since 3.2
  */
 public final class OrRequestMatcher implements RequestMatcher {
+
 	private final Log logger = LogFactory.getLog(getClass());
+
 	private final List<RequestMatcher> requestMatchers;
 
 	/**
 	 * Creates a new instance
-	 *
 	 * @param requestMatchers the {@link RequestMatcher} instances to try
 	 */
 	public OrRequestMatcher(List<RequestMatcher> requestMatchers) {
 		Assert.notEmpty(requestMatchers, "requestMatchers must contain a value");
 		if (requestMatchers.contains(null)) {
-			throw new IllegalArgumentException(
-					"requestMatchers cannot contain null values");
+			throw new IllegalArgumentException("requestMatchers cannot contain null values");
 		}
 		this.requestMatchers = requestMatchers;
 	}
 
 	/**
 	 * Creates a new instance
-	 *
 	 * @param requestMatchers the {@link RequestMatcher} instances to try
 	 */
 	public OrRequestMatcher(RequestMatcher... requestMatchers) {
@@ -77,4 +76,5 @@ public final class OrRequestMatcher implements RequestMatcher {
 	public String toString() {
 		return "OrRequestMatcher [requestMatchers=" + requestMatchers + "]";
 	}
+
 }
\ No newline at end of file
diff --git a/web/src/main/java/org/springframework/security/web/util/matcher/RegexRequestMatcher.java b/web/src/main/java/org/springframework/security/web/util/matcher/RegexRequestMatcher.java
index 1fe184dbaf..e0caf843ee 100644
--- a/web/src/main/java/org/springframework/security/web/util/matcher/RegexRequestMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/util/matcher/RegexRequestMatcher.java
@@ -40,14 +40,15 @@ import org.springframework.util.StringUtils;
  * @since 3.1
  */
 public final class RegexRequestMatcher implements RequestMatcher {
+
 	private final static Log logger = LogFactory.getLog(RegexRequestMatcher.class);
 
 	private final Pattern pattern;
+
 	private final HttpMethod httpMethod;
 
 	/**
 	 * Creates a case-sensitive {@code Pattern} instance to match against the request.
-	 *
 	 * @param pattern the regular expression to compile into a pattern.
 	 * @param httpMethod the HTTP method to match. May be null to match all methods.
 	 */
@@ -57,7 +58,6 @@ public final class RegexRequestMatcher implements RequestMatcher {
 
 	/**
 	 * As above, but allows setting of whether case-insensitive matching should be used.
-	 *
 	 * @param pattern the regular expression to compile into a pattern.
 	 * @param httpMethod the HTTP method to match. May be null to match all methods.
 	 * @param caseInsensitive if true, the pattern will be compiled with the
@@ -70,21 +70,18 @@ public final class RegexRequestMatcher implements RequestMatcher {
 		else {
 			this.pattern = Pattern.compile(pattern);
 		}
-		this.httpMethod = StringUtils.hasText(httpMethod) ? HttpMethod
-				.valueOf(httpMethod) : null;
+		this.httpMethod = StringUtils.hasText(httpMethod) ? HttpMethod.valueOf(httpMethod) : null;
 	}
 
 	/**
 	 * Performs the match of the request URL ({@code servletPath + pathInfo + queryString}
 	 * ) against the compiled pattern. If the query string is present, a question mark
 	 * will be prepended.
-	 *
 	 * @param request the request to match
 	 * @return true if the pattern matches the URL, false otherwise.
 	 */
 	public boolean matches(HttpServletRequest request) {
-		if (httpMethod != null && request.getMethod() != null
-				&& httpMethod != valueOf(request.getMethod())) {
+		if (httpMethod != null && request.getMethod() != null && httpMethod != valueOf(request.getMethod())) {
 			return false;
 		}
 
@@ -106,8 +103,7 @@ public final class RegexRequestMatcher implements RequestMatcher {
 		}
 
 		if (logger.isDebugEnabled()) {
-			logger.debug("Checking match of request : '" + url + "'; against '" + pattern
-					+ "'");
+			logger.debug("Checking match of request : '" + url + "'; against '" + pattern + "'");
 		}
 
 		return pattern.matcher(url).matches();
@@ -116,9 +112,7 @@ public final class RegexRequestMatcher implements RequestMatcher {
 	/**
 	 * Provides a save way of obtaining the HttpMethod from a String. If the method is
 	 * invalid, returns null.
-	 *
 	 * @param method the HTTP method to use.
-	 *
 	 * @return the HttpMethod or null if method is invalid.
 	 */
 	private static HttpMethod valueOf(String method) {
@@ -144,4 +138,5 @@ public final class RegexRequestMatcher implements RequestMatcher {
 
 		return sb.toString();
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/util/matcher/RequestHeaderRequestMatcher.java b/web/src/main/java/org/springframework/security/web/util/matcher/RequestHeaderRequestMatcher.java
index 25fd21e547..f5c9191d10 100644
--- a/web/src/main/java/org/springframework/security/web/util/matcher/RequestHeaderRequestMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/util/matcher/RequestHeaderRequestMatcher.java
@@ -51,14 +51,15 @@ import org.springframework.util.Assert;
  * @since 3.2
  */
 public final class RequestHeaderRequestMatcher implements RequestMatcher {
+
 	private final String expectedHeaderName;
+
 	private final String expectedHeaderValue;
 
 	/**
 	 * Creates a new instance that will match if a header by the name of
 	 * {@link #expectedHeaderName} is present. In this instance, the value does not
 	 * matter.
-	 *
 	 * @param expectedHeaderName the name of the expected header that if present the
 	 * request will match. Cannot be null.
 	 */
@@ -70,13 +71,11 @@ public final class RequestHeaderRequestMatcher implements RequestMatcher {
 	 * Creates a new instance that will match if a header by the name of
 	 * {@link #expectedHeaderName} is present and if the {@link #expectedHeaderValue} is
 	 * non-null the first value is the same.
-	 *
 	 * @param expectedHeaderName the name of the expected header. Cannot be null
 	 * @param expectedHeaderValue the expected header value or null if the value does not
 	 * matter
 	 */
-	public RequestHeaderRequestMatcher(String expectedHeaderName,
-			String expectedHeaderValue) {
+	public RequestHeaderRequestMatcher(String expectedHeaderName, String expectedHeaderValue) {
 		Assert.notNull(expectedHeaderName, "headerName cannot be null");
 		this.expectedHeaderName = expectedHeaderName;
 		this.expectedHeaderValue = expectedHeaderValue;
@@ -93,7 +92,8 @@ public final class RequestHeaderRequestMatcher implements RequestMatcher {
 
 	@Override
 	public String toString() {
-		return "RequestHeaderRequestMatcher [expectedHeaderName=" + expectedHeaderName
-				+ ", expectedHeaderValue=" + expectedHeaderValue + "]";
+		return "RequestHeaderRequestMatcher [expectedHeaderName=" + expectedHeaderName + ", expectedHeaderValue="
+				+ expectedHeaderValue + "]";
 	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/util/matcher/RequestMatcher.java b/web/src/main/java/org/springframework/security/web/util/matcher/RequestMatcher.java
index ef8d3076d8..4245bd4688 100644
--- a/web/src/main/java/org/springframework/security/web/util/matcher/RequestMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/util/matcher/RequestMatcher.java
@@ -31,19 +31,17 @@ public interface RequestMatcher {
 
 	/**
 	 * Decides whether the rule implemented by the strategy matches the supplied request.
-	 *
 	 * @param request the request to check for a match
 	 * @return true if the request matches, false otherwise
 	 */
 	boolean matches(HttpServletRequest request);
 
 	/**
-	 * Returns a MatchResult for this RequestMatcher
-	 * The default implementation returns  {@link Collections#emptyMap()}
-	 * when {@link MatchResult#getVariables()} is invoked.
-	 *
-	 * @return the MatchResult from comparing this RequestMatcher against the HttpServletRequest
- 	 * @since 5.2
+	 * Returns a MatchResult for this RequestMatcher The default implementation returns
+	 * {@link Collections#emptyMap()} when {@link MatchResult#getVariables()} is invoked.
+	 * @return the MatchResult from comparing this RequestMatcher against the
+	 * HttpServletRequest
+	 * @since 5.2
 	 */
 	default MatchResult matcher(HttpServletRequest request) {
 		boolean match = matches(request);
@@ -51,13 +49,15 @@ public interface RequestMatcher {
 	}
 
 	/**
-	 * The result of matching against an HttpServletRequest
-	 * Contains the status, true or false, of the match and
-	 * if present, any variables extracted from the match
+	 * The result of matching against an HttpServletRequest Contains the status, true or
+	 * false, of the match and if present, any variables extracted from the match
+	 *
 	 * @since 5.2
 	 */
 	class MatchResult {
+
 		private final boolean match;
+
 		private final Map<String, String> variables;
 
 		MatchResult(boolean match, Map<String, String> variables) {
@@ -66,16 +66,18 @@ public interface RequestMatcher {
 		}
 
 		/**
-		 * @return true if the comparison against the HttpServletRequest produced a successful match
+		 * @return true if the comparison against the HttpServletRequest produced a
+		 * successful match
 		 */
 		public boolean isMatch() {
 			return this.match;
 		}
 
 		/**
-		 * Returns the extracted variable values where the key is the variable name and the value is the variable value
-		 *
-		 * @return a map containing key-value pairs representing extracted variable names and variable values
+		 * Returns the extracted variable values where the key is the variable name and
+		 * the value is the variable value
+		 * @return a map containing key-value pairs representing extracted variable names
+		 * and variable values
 		 */
 		public Map<String, String> getVariables() {
 			return this.variables;
@@ -83,7 +85,6 @@ public interface RequestMatcher {
 
 		/**
 		 * Creates an instance of {@link MatchResult} that is a match with no variables
-		 *
 		 * @return
 		 */
 		public static MatchResult match() {
@@ -91,8 +92,8 @@ public interface RequestMatcher {
 		}
 
 		/**
-		 * Creates an instance of {@link MatchResult} that is a match with the specified variables
-		 *
+		 * Creates an instance of {@link MatchResult} that is a match with the specified
+		 * variables
 		 * @param variables
 		 * @return
 		 */
@@ -102,12 +103,12 @@ public interface RequestMatcher {
 
 		/**
 		 * Creates an instance of {@link MatchResult} that is not a match.
-		 *
 		 * @return
 		 */
 		public static MatchResult notMatch() {
 			return new MatchResult(false, Collections.emptyMap());
 		}
+
 	}
 
 }
diff --git a/web/src/main/java/org/springframework/security/web/util/matcher/RequestVariablesExtractor.java b/web/src/main/java/org/springframework/security/web/util/matcher/RequestVariablesExtractor.java
index db26547e0d..205345110d 100644
--- a/web/src/main/java/org/springframework/security/web/util/matcher/RequestVariablesExtractor.java
+++ b/web/src/main/java/org/springframework/security/web/util/matcher/RequestVariablesExtractor.java
@@ -25,15 +25,16 @@ import javax.servlet.http.HttpServletRequest;
  *
  * @author Rob Winch
  * @since 4.1.1
- * @deprecated use {@link RequestMatcher.MatchResult} from {@link RequestMatcher#matcher(HttpServletRequest)}
+ * @deprecated use {@link RequestMatcher.MatchResult} from
+ * {@link RequestMatcher#matcher(HttpServletRequest)}
  */
 public interface RequestVariablesExtractor {
 
 	/**
 	 * Extract URL template variables from the request.
-	 *
 	 * @param request the HttpServletRequest to obtain a URL to extract the variables from
 	 * @return the URL variables or empty if no variables are found
 	 */
 	Map<String, String> extractUriTemplateVariables(HttpServletRequest request);
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/util/package-info.java b/web/src/main/java/org/springframework/security/web/util/package-info.java
index 04122d51bb..5f0c4b2bfa 100644
--- a/web/src/main/java/org/springframework/security/web/util/package-info.java
+++ b/web/src/main/java/org/springframework/security/web/util/package-info.java
@@ -19,4 +19,3 @@
  * Should not depend on any other framework classes.
  */
 package org.springframework.security.web.util;
-
diff --git a/web/src/test/java/org/springframework/security/MockFilterConfig.java b/web/src/test/java/org/springframework/security/MockFilterConfig.java
index d1e220d741..6ed79fa574 100644
--- a/web/src/test/java/org/springframework/security/MockFilterConfig.java
+++ b/web/src/test/java/org/springframework/security/MockFilterConfig.java
@@ -24,11 +24,11 @@ import javax.servlet.FilterConfig;
 import javax.servlet.ServletContext;
 
 /**
- *
  * @author Ben Alex
  */
 @SuppressWarnings("unchecked")
 public class MockFilterConfig implements FilterConfig {
+
 	// ~ Instance fields
 	// ================================================================================================
 	private Map map = new HashMap();
@@ -62,4 +62,5 @@ public class MockFilterConfig implements FilterConfig {
 	public void setInitParmeter(String parameter, String value) {
 		map.put(parameter, value);
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/MockPortResolver.java b/web/src/test/java/org/springframework/security/MockPortResolver.java
index abf5db55f5..c33fe3ec83 100644
--- a/web/src/test/java/org/springframework/security/MockPortResolver.java
+++ b/web/src/test/java/org/springframework/security/MockPortResolver.java
@@ -26,10 +26,12 @@ import javax.servlet.ServletRequest;
  * @author Ben Alex
  */
 public class MockPortResolver implements PortResolver {
+
 	// ~ Instance fields
 	// ================================================================================================
 
 	private int http = 80;
+
 	private int https = 443;
 
 	// ~ Constructors
@@ -51,4 +53,5 @@ public class MockPortResolver implements PortResolver {
 			return http;
 		}
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/test/web/reactive/server/WebTestClientBuilder.java b/web/src/test/java/org/springframework/security/test/web/reactive/server/WebTestClientBuilder.java
index ead6d937f2..2a8d282348 100644
--- a/web/src/test/java/org/springframework/security/test/web/reactive/server/WebTestClientBuilder.java
+++ b/web/src/test/java/org/springframework/security/test/web/reactive/server/WebTestClientBuilder.java
@@ -47,17 +47,20 @@ public class WebTestClientBuilder {
 		return WebTestClient.bindToController(controller).webFilter(webFilters).configureClient();
 	}
 
-	public static Builder bindToControllerAndWebFilters(Class<?> controller, SecurityWebFilterChain securityWebFilterChain) {
+	public static Builder bindToControllerAndWebFilters(Class<?> controller,
+			SecurityWebFilterChain securityWebFilterChain) {
 		return bindToControllerAndWebFilters(controller, new WebFilterChainProxy(securityWebFilterChain));
 	}
 
 	@RestController
 	public static class Http200RestController {
+
 		@RequestMapping("/**")
 		@ResponseStatus(HttpStatus.OK)
 		public String ok() {
 			return "ok";
 		}
+
 	}
 
 }
diff --git a/web/src/test/java/org/springframework/security/test/web/reactive/server/WebTestHandler.java b/web/src/test/java/org/springframework/security/test/web/reactive/server/WebTestHandler.java
index 2be5568682..063ebdf591 100644
--- a/web/src/test/java/org/springframework/security/test/web/reactive/server/WebTestHandler.java
+++ b/web/src/test/java/org/springframework/security/test/web/reactive/server/WebTestHandler.java
@@ -27,12 +27,13 @@ import reactor.core.publisher.Mono;
 import java.util.Arrays;
 
 /**
- *
  * @author Rob Winch
  * @since 5.0
  */
 public class WebTestHandler {
+
 	private final MockWebHandler webHandler = new MockWebHandler();
+
 	private final WebHandler handler;
 
 	private WebTestHandler(WebFilter... filters) {
@@ -50,6 +51,7 @@ public class WebTestHandler {
 	}
 
 	public static class WebHandlerResult {
+
 		private final ServerWebExchange exchange;
 
 		private WebHandlerResult(ServerWebExchange exchange) {
@@ -59,6 +61,7 @@ public class WebTestHandler {
 		public ServerWebExchange getExchange() {
 			return exchange;
 		}
+
 	}
 
 	public static WebTestHandler bindToWebFilters(WebFilter... filters) {
@@ -66,6 +69,7 @@ public class WebTestHandler {
 	}
 
 	static class MockWebHandler implements WebHandler {
+
 		private ServerWebExchange exchange;
 
 		@Override
@@ -73,5 +77,7 @@ public class WebTestHandler {
 			this.exchange = exchange;
 			return Mono.empty();
 		}
+
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/DefaultRedirectStrategyTests.java b/web/src/test/java/org/springframework/security/web/DefaultRedirectStrategyTests.java
index 5ef1d74fe7..4aa6916719 100644
--- a/web/src/test/java/org/springframework/security/web/DefaultRedirectStrategyTests.java
+++ b/web/src/test/java/org/springframework/security/web/DefaultRedirectStrategyTests.java
@@ -22,14 +22,13 @@ import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
 
 /**
- *
  * @author Luke Taylor
  * @since 3.0
  */
 public class DefaultRedirectStrategyTests {
+
 	@Test
-	public void contextRelativeUrlWithContextNameInHostnameIsHandledCorrectly()
-			throws Exception {
+	public void contextRelativeUrlWithContextNameInHostnameIsHandledCorrectly() throws Exception {
 		DefaultRedirectStrategy rds = new DefaultRedirectStrategy();
 		rds.setContextRelative(true);
 		MockHttpServletRequest request = new MockHttpServletRequest();
@@ -43,30 +42,27 @@ public class DefaultRedirectStrategyTests {
 
 	// SEC-2177
 	@Test
-	public void contextRelativeUrlWithMultipleSchemesInHostnameIsHandledCorrectly()
-			throws Exception {
+	public void contextRelativeUrlWithMultipleSchemesInHostnameIsHandledCorrectly() throws Exception {
 		DefaultRedirectStrategy rds = new DefaultRedirectStrategy();
 		rds.setContextRelative(true);
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setContextPath("/context");
 		MockHttpServletResponse response = new MockHttpServletResponse();
 
-		rds.sendRedirect(request, response,
-				"https://https://context.blah.com/context/remainder");
+		rds.sendRedirect(request, response, "https://https://context.blah.com/context/remainder");
 
 		assertThat(response.getRedirectedUrl()).isEqualTo("remainder");
 	}
 
 	@Test(expected = IllegalArgumentException.class)
-	public void contextRelativeShouldThrowExceptionIfURLDoesNotContainContextPath()
-		throws Exception {
+	public void contextRelativeShouldThrowExceptionIfURLDoesNotContainContextPath() throws Exception {
 		DefaultRedirectStrategy rds = new DefaultRedirectStrategy();
 		rds.setContextRelative(true);
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setContextPath("/context");
 		MockHttpServletResponse response = new MockHttpServletResponse();
 
-		rds.sendRedirect(request, response,
-			"https://redirectme.somewhere.else");
+		rds.sendRedirect(request, response, "https://redirectme.somewhere.else");
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/FilterChainProxyTests.java b/web/src/test/java/org/springframework/security/web/FilterChainProxyTests.java
index 10067d6fd8..1c407abc95 100644
--- a/web/src/test/java/org/springframework/security/web/FilterChainProxyTests.java
+++ b/web/src/test/java/org/springframework/security/web/FilterChainProxyTests.java
@@ -45,11 +45,17 @@ import java.util.*;
  * @author Rob Winch
  */
 public class FilterChainProxyTests {
+
 	private FilterChainProxy fcp;
+
 	private RequestMatcher matcher;
+
 	private MockHttpServletRequest request;
+
 	private MockHttpServletResponse response;
+
 	private FilterChain chain;
+
 	private Filter filter;
 
 	@Before
@@ -59,14 +65,11 @@ public class FilterChainProxyTests {
 		doAnswer((Answer<Object>) inv -> {
 			Object[] args = inv.getArguments();
 			FilterChain fc = (FilterChain) args[2];
-			HttpServletRequestWrapper extraWrapper = new HttpServletRequestWrapper(
-					(HttpServletRequest) args[0]);
+			HttpServletRequestWrapper extraWrapper = new HttpServletRequestWrapper((HttpServletRequest) args[0]);
 			fc.doFilter(extraWrapper, (HttpServletResponse) args[1]);
 			return null;
-		}).when(filter).doFilter(any(),
-				any(), any());
-		fcp = new FilterChainProxy(new DefaultSecurityFilterChain(matcher,
-				Arrays.asList(filter)));
+		}).when(filter).doFilter(any(), any(), any());
+		fcp = new FilterChainProxy(new DefaultSecurityFilterChain(matcher, Arrays.asList(filter)));
 		fcp.setFilterChainValidator(mock(FilterChainProxy.FilterChainValidator.class));
 		request = new MockHttpServletRequest("GET", "");
 		request.setServletPath("/path");
@@ -94,56 +97,45 @@ public class FilterChainProxyTests {
 
 		verifyZeroInteractions(filter);
 		// The actual filter chain should be invoked though
-		verify(chain).doFilter(any(HttpServletRequest.class),
-				any(HttpServletResponse.class));
+		verify(chain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
 	}
 
 	@Test
-	public void originalChainIsInvokedAfterSecurityChainIfMatchSucceeds()
-			throws Exception {
+	public void originalChainIsInvokedAfterSecurityChainIfMatchSucceeds() throws Exception {
 		when(matcher.matches(any(HttpServletRequest.class))).thenReturn(true);
 		fcp.doFilter(request, response, chain);
 
-		verify(filter).doFilter(any(HttpServletRequest.class),
-				any(HttpServletResponse.class), any(FilterChain.class));
-		verify(chain).doFilter(any(HttpServletRequest.class),
-				any(HttpServletResponse.class));
+		verify(filter).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class), any(FilterChain.class));
+		verify(chain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
 	}
 
 	@Test
-	public void originalFilterChainIsInvokedIfMatchingSecurityChainIsEmpty()
-			throws Exception {
+	public void originalFilterChainIsInvokedIfMatchingSecurityChainIsEmpty() throws Exception {
 		List<Filter> noFilters = Collections.emptyList();
 		fcp = new FilterChainProxy(new DefaultSecurityFilterChain(matcher, noFilters));
 
 		when(matcher.matches(any(HttpServletRequest.class))).thenReturn(true);
 		fcp.doFilter(request, response, chain);
 
-		verify(chain).doFilter(any(HttpServletRequest.class),
-				any(HttpServletResponse.class));
+		verify(chain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
 	}
 
 	@Test
-	public void requestIsWrappedForMatchingAndFilteringWhenMatchIsFound()
-			throws Exception {
+	public void requestIsWrappedForMatchingAndFilteringWhenMatchIsFound() throws Exception {
 		when(matcher.matches(any())).thenReturn(true);
 		fcp.doFilter(request, response, chain);
 		verify(matcher).matches(any(FirewalledRequest.class));
-		verify(filter).doFilter(any(FirewalledRequest.class),
-				any(HttpServletResponse.class), any(FilterChain.class));
-		verify(chain).doFilter(any(),
-				any(HttpServletResponse.class));
+		verify(filter).doFilter(any(FirewalledRequest.class), any(HttpServletResponse.class), any(FilterChain.class));
+		verify(chain).doFilter(any(), any(HttpServletResponse.class));
 	}
 
 	@Test
-	public void requestIsWrappedForMatchingAndFilteringWhenMatchIsNotFound()
-			throws Exception {
+	public void requestIsWrappedForMatchingAndFilteringWhenMatchIsNotFound() throws Exception {
 		when(matcher.matches(any(HttpServletRequest.class))).thenReturn(false);
 		fcp.doFilter(request, response, chain);
 		verify(matcher).matches(any(FirewalledRequest.class));
 		verifyZeroInteractions(filter);
-		verify(chain).doFilter(any(FirewalledRequest.class),
-				any(HttpServletResponse.class));
+		verify(chain).doFilter(any(FirewalledRequest.class), any(HttpServletResponse.class));
 	}
 
 	@Test
@@ -163,8 +155,7 @@ public class FilterChainProxyTests {
 	@Test
 	public void bothWrappersAreResetWithNestedFcps() throws Exception {
 		HttpFirewall fw = mock(HttpFirewall.class);
-		FilterChainProxy firstFcp = new FilterChainProxy(new DefaultSecurityFilterChain(
-				matcher, fcp));
+		FilterChainProxy firstFcp = new FilterChainProxy(new DefaultSecurityFilterChain(matcher, fcp));
 		firstFcp.setFirewall(fw);
 		fcp.setFirewall(fw);
 		FirewalledRequest firstFwr = mock(FirewalledRequest.class, "firstFwr");
@@ -187,11 +178,10 @@ public class FilterChainProxyTests {
 	public void doFilterClearsSecurityContextHolder() throws Exception {
 		when(matcher.matches(any(HttpServletRequest.class))).thenReturn(true);
 		doAnswer((Answer<Object>) inv -> {
-			SecurityContextHolder.getContext().setAuthentication(
-					new TestingAuthenticationToken("username", "password"));
+			SecurityContextHolder.getContext()
+					.setAuthentication(new TestingAuthenticationToken("username", "password"));
 			return null;
-		}).when(filter).doFilter(any(HttpServletRequest.class),
-				any(HttpServletResponse.class), any(FilterChain.class));
+		}).when(filter).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class), any(FilterChain.class));
 
 		fcp.doFilter(request, response, chain);
 
@@ -202,11 +192,10 @@ public class FilterChainProxyTests {
 	public void doFilterClearsSecurityContextHolderWithException() throws Exception {
 		when(matcher.matches(any(HttpServletRequest.class))).thenReturn(true);
 		doAnswer((Answer<Object>) inv -> {
-			SecurityContextHolder.getContext().setAuthentication(
-					new TestingAuthenticationToken("username", "password"));
+			SecurityContextHolder.getContext()
+					.setAuthentication(new TestingAuthenticationToken("username", "password"));
 			throw new ServletException("oops");
-		}).when(filter).doFilter(any(HttpServletRequest.class),
-				any(HttpServletResponse.class), any(FilterChain.class));
+		}).when(filter).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class), any(FilterChain.class));
 
 		try {
 			fcp.doFilter(request, response, chain);
@@ -224,25 +213,22 @@ public class FilterChainProxyTests {
 		final FilterChain innerChain = mock(FilterChain.class);
 		when(matcher.matches(any(HttpServletRequest.class))).thenReturn(true);
 		doAnswer((Answer<Object>) inv -> {
-			TestingAuthenticationToken expected = new TestingAuthenticationToken(
-					"username", "password");
+			TestingAuthenticationToken expected = new TestingAuthenticationToken("username", "password");
 			SecurityContextHolder.getContext().setAuthentication(expected);
 			doAnswer((Answer<Object>) inv1 -> {
 				innerChain.doFilter(request, response);
 				return null;
-			}).when(filter).doFilter(any(HttpServletRequest.class),
-					any(HttpServletResponse.class), any(FilterChain.class));
+			}).when(filter).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class),
+					any(FilterChain.class));
 
 			fcp.doFilter(request, response, innerChain);
 			assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(expected);
 			return null;
-		}).when(filter).doFilter(any(HttpServletRequest.class),
-				any(HttpServletResponse.class), any(FilterChain.class));
+		}).when(filter).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class), any(FilterChain.class));
 
 		fcp.doFilter(request, response, chain);
 
-		verify(innerChain).doFilter(any(HttpServletRequest.class),
-				any(HttpServletResponse.class));
+		verify(innerChain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
 	}
 
@@ -262,4 +248,5 @@ public class FilterChainProxyTests {
 		fcp.doFilter(request, response, chain);
 		verify(rjh).handle(eq(request), eq(response), eq((requestRejectedException)));
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/FilterInvocationTests.java b/web/src/test/java/org/springframework/security/web/FilterInvocationTests.java
index e08e1c4d7d..297fa9df51 100644
--- a/web/src/test/java/org/springframework/security/web/FilterInvocationTests.java
+++ b/web/src/test/java/org/springframework/security/web/FilterInvocationTests.java
@@ -98,8 +98,7 @@ public class FilterInvocationTests {
 		request.setRequestURI("/mycontext/HelloWorld");
 
 		MockHttpServletResponse response = new MockHttpServletResponse();
-		FilterInvocation fi = new FilterInvocation(request, response,
-				mock(FilterChain.class));
+		FilterInvocation fi = new FilterInvocation(request, response, mock(FilterChain.class));
 		assertThat(fi.getRequestUrl()).isEqualTo("/HelloWorld?foo=bar");
 		assertThat(fi.toString()).isEqualTo("FilterInvocation: URL: /HelloWorld?foo=bar");
 		assertThat(fi.getFullRequestUrl()).isEqualTo("http://localhost/mycontext/HelloWorld?foo=bar");
@@ -116,8 +115,7 @@ public class FilterInvocationTests {
 		request.setRequestURI("/mycontext/HelloWorld");
 
 		MockHttpServletResponse response = new MockHttpServletResponse();
-		FilterInvocation fi = new FilterInvocation(request, response,
-				mock(FilterChain.class));
+		FilterInvocation fi = new FilterInvocation(request, response, mock(FilterChain.class));
 		assertThat(fi.getRequestUrl()).isEqualTo("/HelloWorld");
 		assertThat(fi.toString()).isEqualTo("FilterInvocation: URL: /HelloWorld");
 		assertThat(fi.getFullRequestUrl()).isEqualTo("http://localhost/mycontext/HelloWorld");
@@ -125,8 +123,7 @@ public class FilterInvocationTests {
 
 	@Test(expected = UnsupportedOperationException.class)
 	public void dummyChainRejectsInvocation() throws Exception {
-		FilterInvocation.DUMMY_CHAIN.doFilter(mock(HttpServletRequest.class),
-				mock(HttpServletResponse.class));
+		FilterInvocation.DUMMY_CHAIN.doFilter(mock(HttpServletRequest.class), mock(HttpServletResponse.class));
 	}
 
 	@Test
diff --git a/web/src/test/java/org/springframework/security/web/PortMapperImplTests.java b/web/src/test/java/org/springframework/security/web/PortMapperImplTests.java
index dbcca569a7..b5424520e6 100644
--- a/web/src/test/java/org/springframework/security/web/PortMapperImplTests.java
+++ b/web/src/test/java/org/springframework/security/web/PortMapperImplTests.java
@@ -36,14 +36,10 @@ public class PortMapperImplTests {
 	@Test
 	public void testDefaultMappingsAreKnown() {
 		PortMapperImpl portMapper = new PortMapperImpl();
-		assertThat(portMapper.lookupHttpPort(443)).isEqualTo(
-				Integer.valueOf(80));
-		assertThat(Integer.valueOf(8080)).isEqualTo(
-				portMapper.lookupHttpPort(8443));
-		assertThat(Integer.valueOf(443)).isEqualTo(
-				portMapper.lookupHttpsPort(80));
-		assertThat(Integer.valueOf(8443)).isEqualTo(
-				portMapper.lookupHttpsPort(8080));
+		assertThat(portMapper.lookupHttpPort(443)).isEqualTo(Integer.valueOf(80));
+		assertThat(Integer.valueOf(8080)).isEqualTo(portMapper.lookupHttpPort(8443));
+		assertThat(Integer.valueOf(443)).isEqualTo(portMapper.lookupHttpsPort(80));
+		assertThat(Integer.valueOf(8443)).isEqualTo(portMapper.lookupHttpsPort(8080));
 	}
 
 	@Test
@@ -107,9 +103,8 @@ public class PortMapperImplTests {
 
 		portMapper.setPortMappings(map);
 
-		assertThat(portMapper.lookupHttpPort(442)).isEqualTo(
-				Integer.valueOf(79));
-		assertThat(Integer.valueOf(442)).isEqualTo(
-				portMapper.lookupHttpsPort(79));
+		assertThat(portMapper.lookupHttpPort(442)).isEqualTo(Integer.valueOf(79));
+		assertThat(Integer.valueOf(442)).isEqualTo(portMapper.lookupHttpsPort(79));
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/PortResolverImplTests.java b/web/src/test/java/org/springframework/security/web/PortResolverImplTests.java
index d4b265588a..5778c4eee7 100644
--- a/web/src/test/java/org/springframework/security/web/PortResolverImplTests.java
+++ b/web/src/test/java/org/springframework/security/web/PortResolverImplTests.java
@@ -81,4 +81,5 @@ public class PortResolverImplTests {
 		request.setServerPort(1021);
 		assertThat(pr.getServerPort(request)).isEqualTo(1021);
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/access/DefaultWebInvocationPrivilegeEvaluatorTests.java b/web/src/test/java/org/springframework/security/web/access/DefaultWebInvocationPrivilegeEvaluatorTests.java
index 8e69ca83bf..aa8e3e5e19 100644
--- a/web/src/test/java/org/springframework/security/web/access/DefaultWebInvocationPrivilegeEvaluatorTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/DefaultWebInvocationPrivilegeEvaluatorTests.java
@@ -39,9 +39,13 @@ import org.springframework.security.web.access.intercept.FilterSecurityIntercept
  * @author Ben Alex
  */
 public class DefaultWebInvocationPrivilegeEvaluatorTests {
+
 	private AccessDecisionManager adm;
+
 	private FilterInvocationSecurityMetadataSource ods;
+
 	private RunAsManager ram;
+
 	private FilterSecurityInterceptor interceptor;
 
 	// ~ Methods
@@ -63,50 +67,41 @@ public class DefaultWebInvocationPrivilegeEvaluatorTests {
 
 	@Test
 	public void permitsAccessIfNoMatchingAttributesAndPublicInvocationsAllowed() {
-		DefaultWebInvocationPrivilegeEvaluator wipe = new DefaultWebInvocationPrivilegeEvaluator(
-				interceptor);
+		DefaultWebInvocationPrivilegeEvaluator wipe = new DefaultWebInvocationPrivilegeEvaluator(interceptor);
 		when(ods.getAttributes(anyObject())).thenReturn(null);
-		assertThat(wipe.isAllowed("/context", "/foo/index.jsp", "GET",
-				mock(Authentication.class))).isTrue();
+		assertThat(wipe.isAllowed("/context", "/foo/index.jsp", "GET", mock(Authentication.class))).isTrue();
 	}
 
 	@Test
 	public void deniesAccessIfNoMatchingAttributesAndPublicInvocationsNotAllowed() {
-		DefaultWebInvocationPrivilegeEvaluator wipe = new DefaultWebInvocationPrivilegeEvaluator(
-				interceptor);
+		DefaultWebInvocationPrivilegeEvaluator wipe = new DefaultWebInvocationPrivilegeEvaluator(interceptor);
 		when(ods.getAttributes(anyObject())).thenReturn(null);
 		interceptor.setRejectPublicInvocations(true);
-		assertThat(wipe.isAllowed("/context", "/foo/index.jsp", "GET",
-				mock(Authentication.class))).isFalse();
+		assertThat(wipe.isAllowed("/context", "/foo/index.jsp", "GET", mock(Authentication.class))).isFalse();
 	}
 
 	@Test
 	public void deniesAccessIfAuthenticationIsNull() {
-		DefaultWebInvocationPrivilegeEvaluator wipe = new DefaultWebInvocationPrivilegeEvaluator(
-				interceptor);
+		DefaultWebInvocationPrivilegeEvaluator wipe = new DefaultWebInvocationPrivilegeEvaluator(interceptor);
 		assertThat(wipe.isAllowed("/foo/index.jsp", null)).isFalse();
 	}
 
 	@Test
 	public void allowsAccessIfAccessDecisionManagerDoes() {
-		Authentication token = new TestingAuthenticationToken("test", "Password",
-				"MOCK_INDEX");
-		DefaultWebInvocationPrivilegeEvaluator wipe = new DefaultWebInvocationPrivilegeEvaluator(
-				interceptor);
+		Authentication token = new TestingAuthenticationToken("test", "Password", "MOCK_INDEX");
+		DefaultWebInvocationPrivilegeEvaluator wipe = new DefaultWebInvocationPrivilegeEvaluator(interceptor);
 		assertThat(wipe.isAllowed("/foo/index.jsp", token)).isTrue();
 	}
 
 	@SuppressWarnings("unchecked")
 	@Test
 	public void deniesAccessIfAccessDecisionManagerDoes() {
-		Authentication token = new TestingAuthenticationToken("test", "Password",
-				"MOCK_INDEX");
-		DefaultWebInvocationPrivilegeEvaluator wipe = new DefaultWebInvocationPrivilegeEvaluator(
-				interceptor);
+		Authentication token = new TestingAuthenticationToken("test", "Password", "MOCK_INDEX");
+		DefaultWebInvocationPrivilegeEvaluator wipe = new DefaultWebInvocationPrivilegeEvaluator(interceptor);
 
-		doThrow(new AccessDeniedException("")).when(adm).decide(
-				any(Authentication.class), anyObject(), anyList());
+		doThrow(new AccessDeniedException("")).when(adm).decide(any(Authentication.class), anyObject(), anyList());
 
 		assertThat(wipe.isAllowed("/foo/index.jsp", token)).isFalse();
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/access/DelegatingAccessDeniedHandlerTests.java b/web/src/test/java/org/springframework/security/web/access/DelegatingAccessDeniedHandlerTests.java
index 58b9486330..b558a3727f 100644
--- a/web/src/test/java/org/springframework/security/web/access/DelegatingAccessDeniedHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/DelegatingAccessDeniedHandlerTests.java
@@ -36,14 +36,19 @@ import org.springframework.security.web.csrf.MissingCsrfTokenException;
 
 @RunWith(MockitoJUnitRunner.class)
 public class DelegatingAccessDeniedHandlerTests {
+
 	@Mock
 	private AccessDeniedHandler handler1;
+
 	@Mock
 	private AccessDeniedHandler handler2;
+
 	@Mock
 	private AccessDeniedHandler handler3;
+
 	@Mock
 	private HttpServletRequest request;
+
 	@Mock
 	private HttpServletResponse response;
 
@@ -64,8 +69,8 @@ public class DelegatingAccessDeniedHandlerTests {
 		AccessDeniedException accessDeniedException = new AccessDeniedException("");
 		handler.handle(request, response, accessDeniedException);
 
-		verify(handler1, never()).handle(any(HttpServletRequest.class),
-				any(HttpServletResponse.class), any(AccessDeniedException.class));
+		verify(handler1, never()).handle(any(HttpServletRequest.class), any(HttpServletResponse.class),
+				any(AccessDeniedException.class));
 		verify(handler3).handle(request, response, accessDeniedException);
 	}
 
@@ -78,10 +83,11 @@ public class DelegatingAccessDeniedHandlerTests {
 		AccessDeniedException accessDeniedException = new MissingCsrfTokenException("123");
 		handler.handle(request, response, accessDeniedException);
 
-		verify(handler1, never()).handle(any(HttpServletRequest.class),
-				any(HttpServletResponse.class), any(AccessDeniedException.class));
+		verify(handler1, never()).handle(any(HttpServletRequest.class), any(HttpServletResponse.class),
+				any(AccessDeniedException.class));
 		verify(handler2).handle(request, response, accessDeniedException);
-		verify(handler3, never()).handle(any(HttpServletRequest.class),
-				any(HttpServletResponse.class), any(AccessDeniedException.class));
+		verify(handler3, never()).handle(any(HttpServletRequest.class), any(HttpServletResponse.class),
+				any(AccessDeniedException.class));
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/access/ExceptionTranslationFilterTests.java b/web/src/test/java/org/springframework/security/web/access/ExceptionTranslationFilterTests.java
index c26c3b98b4..ebff713f6b 100644
--- a/web/src/test/java/org/springframework/security/web/access/ExceptionTranslationFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/ExceptionTranslationFilterTests.java
@@ -91,14 +91,13 @@ public class ExceptionTranslationFilterTests {
 
 		// Setup the FilterChain to thrown an access denied exception
 		FilterChain fc = mock(FilterChain.class);
-		doThrow(new AccessDeniedException("")).when(fc).doFilter(
-				any(HttpServletRequest.class), any(HttpServletResponse.class));
+		doThrow(new AccessDeniedException("")).when(fc).doFilter(any(HttpServletRequest.class),
+				any(HttpServletResponse.class));
 
 		// Setup SecurityContextHolder, as filter needs to check if user is
 		// anonymous
 		SecurityContextHolder.getContext().setAuthentication(
-				new AnonymousAuthenticationToken("ignored", "ignored", AuthorityUtils
-						.createAuthorityList("IGNORED")));
+				new AnonymousAuthenticationToken("ignored", "ignored", AuthorityUtils.createAuthorityList("IGNORED")));
 
 		// Test
 		ExceptionTranslationFilter filter = new ExceptionTranslationFilter(mockEntryPoint);
@@ -124,13 +123,13 @@ public class ExceptionTranslationFilterTests {
 
 		// Setup the FilterChain to thrown an access denied exception
 		FilterChain fc = mock(FilterChain.class);
-		doThrow(new AccessDeniedException("")).when(fc).doFilter(
-				any(HttpServletRequest.class), any(HttpServletResponse.class));
+		doThrow(new AccessDeniedException("")).when(fc).doFilter(any(HttpServletRequest.class),
+				any(HttpServletResponse.class));
 
 		// Setup SecurityContextHolder, as filter needs to check if user is remembered
 		SecurityContext securityContext = SecurityContextHolder.createEmptyContext();
-		securityContext.setAuthentication(new RememberMeAuthenticationToken("ignored", "ignored", AuthorityUtils
-						.createAuthorityList("IGNORED")));
+		securityContext.setAuthentication(
+				new RememberMeAuthenticationToken("ignored", "ignored", AuthorityUtils.createAuthorityList("IGNORED")));
 		SecurityContextHolder.setContext(securityContext);
 
 		// Test
@@ -141,7 +140,6 @@ public class ExceptionTranslationFilterTests {
 		assertThat(getSavedRequestUrl(request)).isEqualTo("http://localhost/mycontext/secure/page.html");
 	}
 
-
 	@Test
 	public void testAccessDeniedWhenNonAnonymous() throws Exception {
 		// Setup our HTTP request
@@ -150,8 +148,8 @@ public class ExceptionTranslationFilterTests {
 
 		// Setup the FilterChain to thrown an access denied exception
 		FilterChain fc = mock(FilterChain.class);
-		doThrow(new AccessDeniedException("")).when(fc).doFilter(
-				any(HttpServletRequest.class), any(HttpServletResponse.class));
+		doThrow(new AccessDeniedException("")).when(fc).doFilter(any(HttpServletRequest.class),
+				any(HttpServletResponse.class));
 
 		// Setup SecurityContextHolder, as filter needs to check if user is
 		// anonymous
@@ -168,7 +166,8 @@ public class ExceptionTranslationFilterTests {
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		filter.doFilter(request, response, fc);
 		assertThat(response.getStatus()).isEqualTo(403);
-		assertThat(request.getAttribute(WebAttributes.ACCESS_DENIED_403)).isExactlyInstanceOf(AccessDeniedException.class);
+		assertThat(request.getAttribute(WebAttributes.ACCESS_DENIED_403))
+				.isExactlyInstanceOf(AccessDeniedException.class);
 	}
 
 	@Test
@@ -179,18 +178,17 @@ public class ExceptionTranslationFilterTests {
 
 		// Setup the FilterChain to thrown an access denied exception
 		FilterChain fc = mock(FilterChain.class);
-		doThrow(new AccessDeniedException("")).when(fc).doFilter(
-			any(HttpServletRequest.class), any(HttpServletResponse.class));
+		doThrow(new AccessDeniedException("")).when(fc).doFilter(any(HttpServletRequest.class),
+				any(HttpServletResponse.class));
 
 		// Setup SecurityContextHolder, as filter needs to check if user is
 		// anonymous
 		SecurityContextHolder.getContext().setAuthentication(
-			new AnonymousAuthenticationToken("ignored", "ignored", AuthorityUtils
-				.createAuthorityList("IGNORED")));
+				new AnonymousAuthenticationToken("ignored", "ignored", AuthorityUtils.createAuthorityList("IGNORED")));
 
 		// Test
 		ExceptionTranslationFilter filter = new ExceptionTranslationFilter(
-			(req, res, ae) -> res.sendError(403, ae.getMessage()));
+				(req, res, ae) -> res.sendError(403, ae.getMessage()));
 		filter.setAuthenticationTrustResolver(new AuthenticationTrustResolverImpl());
 		assertThat(filter.getAuthenticationTrustResolver()).isNotNull();
 
@@ -198,12 +196,11 @@ public class ExceptionTranslationFilterTests {
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		filter.doFilter(request, response, fc);
 		assertThat(response.getErrorMessage())
-			.isEqualTo("Vollst\u00e4ndige Authentifikation wird ben\u00f6tigt um auf diese Resource zuzugreifen");
+				.isEqualTo("Vollst\u00e4ndige Authentifikation wird ben\u00f6tigt um auf diese Resource zuzugreifen");
 	}
 
 	@Test
-	public void redirectedToLoginFormAndSessionShowsOriginalTargetWhenAuthenticationException()
-			throws Exception {
+	public void redirectedToLoginFormAndSessionShowsOriginalTargetWhenAuthenticationException() throws Exception {
 		// Setup our HTTP request
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setServletPath("/secure/page.html");
@@ -215,8 +212,8 @@ public class ExceptionTranslationFilterTests {
 
 		// Setup the FilterChain to thrown an authentication failure exception
 		FilterChain fc = mock(FilterChain.class);
-		doThrow(new BadCredentialsException("")).when(fc).doFilter(
-				any(HttpServletRequest.class), any(HttpServletResponse.class));
+		doThrow(new BadCredentialsException("")).when(fc).doFilter(any(HttpServletRequest.class),
+				any(HttpServletResponse.class));
 
 		// Test
 		ExceptionTranslationFilter filter = new ExceptionTranslationFilter(mockEntryPoint);
@@ -241,13 +238,12 @@ public class ExceptionTranslationFilterTests {
 
 		// Setup the FilterChain to thrown an authentication failure exception
 		FilterChain fc = mock(FilterChain.class);
-		doThrow(new BadCredentialsException("")).when(fc).doFilter(
-				any(HttpServletRequest.class), any(HttpServletResponse.class));
+		doThrow(new BadCredentialsException("")).when(fc).doFilter(any(HttpServletRequest.class),
+				any(HttpServletResponse.class));
 
 		// Test
 		HttpSessionRequestCache requestCache = new HttpSessionRequestCache();
-		ExceptionTranslationFilter filter = new ExceptionTranslationFilter(
-				mockEntryPoint, requestCache);
+		ExceptionTranslationFilter filter = new ExceptionTranslationFilter(mockEntryPoint, requestCache);
 		requestCache.setPortResolver(new MockPortResolver(8080, 8443));
 		filter.afterPropertiesSet();
 		MockHttpServletResponse response = new MockHttpServletResponse();
@@ -281,21 +277,17 @@ public class ExceptionTranslationFilterTests {
 	}
 
 	@Test
-	public void thrownIOExceptionServletExceptionAndRuntimeExceptionsAreRethrown()
-			throws Exception {
+	public void thrownIOExceptionServletExceptionAndRuntimeExceptionsAreRethrown() throws Exception {
 		ExceptionTranslationFilter filter = new ExceptionTranslationFilter(mockEntryPoint);
 
 		filter.afterPropertiesSet();
-		Exception[] exceptions = { new IOException(), new ServletException(),
-				new RuntimeException() };
+		Exception[] exceptions = { new IOException(), new ServletException(), new RuntimeException() };
 		for (Exception e : exceptions) {
 			FilterChain fc = mock(FilterChain.class);
 
-			doThrow(e).when(fc).doFilter(any(HttpServletRequest.class),
-					any(HttpServletResponse.class));
+			doThrow(e).when(fc).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
 			try {
-				filter.doFilter(new MockHttpServletRequest(),
-						new MockHttpServletResponse(), fc);
+				filter.doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(), fc);
 				fail("Should have thrown Exception");
 			}
 			catch (Exception expected) {
@@ -316,12 +308,13 @@ public class ExceptionTranslationFilterTests {
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		ExceptionTranslationFilter filter = new ExceptionTranslationFilter(mockEntryPoint);
 
-		assertThatThrownBy(() -> filter.doFilter(request, response, chain))
-			.isInstanceOf(ServletException.class)
-			.hasCauseInstanceOf(AccessDeniedException.class);
+		assertThatThrownBy(() -> filter.doFilter(request, response, chain)).isInstanceOf(ServletException.class)
+				.hasCauseInstanceOf(AccessDeniedException.class);
 
 		verifyZeroInteractions(mockEntryPoint);
 	}
 
-	private AuthenticationEntryPoint mockEntryPoint = (request, response, authException) -> response.sendRedirect(request.getContextPath() + "/login.jsp");
+	private AuthenticationEntryPoint mockEntryPoint = (request, response, authException) -> response
+			.sendRedirect(request.getContextPath() + "/login.jsp");
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/access/RequestMatcherDelegatingAccessDeniedHandlerTests.java b/web/src/test/java/org/springframework/security/web/access/RequestMatcherDelegatingAccessDeniedHandlerTests.java
index a770f0659d..a81a8f189a 100644
--- a/web/src/test/java/org/springframework/security/web/access/RequestMatcherDelegatingAccessDeniedHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/RequestMatcherDelegatingAccessDeniedHandlerTests.java
@@ -34,9 +34,13 @@ import static org.mockito.Mockito.when;
  * @author Josh Cummings
  */
 public class RequestMatcherDelegatingAccessDeniedHandlerTests {
+
 	private RequestMatcherDelegatingAccessDeniedHandler delegator;
+
 	private LinkedHashMap<RequestMatcher, AccessDeniedHandler> deniedHandlers;
+
 	private AccessDeniedHandler accessDeniedHandler;
+
 	private HttpServletRequest request;
 
 	@Before
@@ -97,4 +101,5 @@ public class RequestMatcherDelegatingAccessDeniedHandlerTests {
 		verify(firstHandler, never()).handle(this.request, null, null);
 		verify(this.accessDeniedHandler, never()).handle(this.request, null, null);
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/access/channel/ChannelDecisionManagerImplTests.java b/web/src/test/java/org/springframework/security/web/access/channel/ChannelDecisionManagerImplTests.java
index e681e7d946..e9f5b16e6f 100644
--- a/web/src/test/java/org/springframework/security/web/access/channel/ChannelDecisionManagerImplTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/channel/ChannelDecisionManagerImplTests.java
@@ -43,6 +43,7 @@ import static org.mockito.Mockito.mock;
  */
 @SuppressWarnings("unchecked")
 public class ChannelDecisionManagerImplTests {
+
 	// ~ Methods
 	// ========================================================================================================
 	@Test
@@ -55,8 +56,7 @@ public class ChannelDecisionManagerImplTests {
 			fail("Should have thrown IllegalArgumentException");
 		}
 		catch (IllegalArgumentException expected) {
-			assertThat(expected.getMessage())
-					.isEqualTo("A list of ChannelProcessors is required");
+			assertThat(expected.getMessage()).isEqualTo("A list of ChannelProcessors is required");
 		}
 	}
 
@@ -85,8 +85,7 @@ public class ChannelDecisionManagerImplTests {
 			fail("Should have thrown IllegalArgumentException");
 		}
 		catch (IllegalArgumentException expected) {
-			assertThat(expected.getMessage())
-					.isEqualTo("A list of ChannelProcessors is required");
+			assertThat(expected.getMessage()).isEqualTo("A list of ChannelProcessors is required");
 		}
 	}
 
@@ -103,8 +102,7 @@ public class ChannelDecisionManagerImplTests {
 
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
-		FilterInvocation fi = new FilterInvocation(request, response,
-				mock(FilterChain.class));
+		FilterInvocation fi = new FilterInvocation(request, response, mock(FilterChain.class));
 
 		List<ConfigAttribute> cad = SecurityConfig.createList("xyz");
 
@@ -123,8 +121,7 @@ public class ChannelDecisionManagerImplTests {
 
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
-		FilterInvocation fi = new FilterInvocation(request, response,
-				mock(FilterChain.class));
+		FilterInvocation fi = new FilterInvocation(request, response, mock(FilterChain.class));
 
 		cdm.decide(fi, SecurityConfig.createList(new String[] { "abc", "ANY_CHANNEL" }));
 		assertThat(fi.getResponse().isCommitted()).isFalse();
@@ -143,8 +140,7 @@ public class ChannelDecisionManagerImplTests {
 
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
-		FilterInvocation fi = new FilterInvocation(request, response,
-				mock(FilterChain.class));
+		FilterInvocation fi = new FilterInvocation(request, response, mock(FilterChain.class));
 
 		cdm.decide(fi, SecurityConfig.createList("SOME_ATTRIBUTE_NO_PROCESSORS_SUPPORT"));
 		assertThat(fi.getResponse().isCommitted()).isFalse();
@@ -190,8 +186,7 @@ public class ChannelDecisionManagerImplTests {
 			fail("Should have thrown IllegalArgumentException");
 		}
 		catch (IllegalArgumentException expected) {
-			assertThat(expected.getMessage())
-					.isEqualTo("A list of ChannelProcessors is required");
+			assertThat(expected.getMessage()).isEqualTo("A list of ChannelProcessors is required");
 		}
 	}
 
@@ -199,7 +194,9 @@ public class ChannelDecisionManagerImplTests {
 	// ==================================================================================================
 
 	private class MockChannelProcessor implements ChannelProcessor {
+
 		private String configAttribute;
+
 		private boolean failIfCalled;
 
 		MockChannelProcessor(String configAttribute, boolean failIfCalled) {
@@ -207,13 +204,11 @@ public class ChannelDecisionManagerImplTests {
 			this.failIfCalled = failIfCalled;
 		}
 
-		public void decide(FilterInvocation invocation,
-				Collection<ConfigAttribute> config) throws IOException {
+		public void decide(FilterInvocation invocation, Collection<ConfigAttribute> config) throws IOException {
 			Iterator iter = config.iterator();
 
 			if (this.failIfCalled) {
-				fail("Should not have called this channel processor: "
-						+ this.configAttribute);
+				fail("Should not have called this channel processor: " + this.configAttribute);
 			}
 
 			while (iter.hasNext()) {
@@ -235,5 +230,7 @@ public class ChannelDecisionManagerImplTests {
 				return false;
 			}
 		}
+
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/access/channel/ChannelProcessingFilterTests.java b/web/src/test/java/org/springframework/security/web/access/channel/ChannelProcessingFilterTests.java
index 0b06e9282b..98aa2cf4e1 100644
--- a/web/src/test/java/org/springframework/security/web/access/channel/ChannelProcessingFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/channel/ChannelProcessingFilterTests.java
@@ -38,6 +38,7 @@ import org.springframework.security.web.access.intercept.FilterInvocationSecurit
  * @author Ben Alex
  */
 public class ChannelProcessingFilterTests {
+
 	// ~ Methods
 	// ========================================================================================================
 
@@ -45,8 +46,7 @@ public class ChannelProcessingFilterTests {
 	public void testDetectsMissingChannelDecisionManager() {
 		ChannelProcessingFilter filter = new ChannelProcessingFilter();
 
-		MockFilterInvocationDefinitionMap fids = new MockFilterInvocationDefinitionMap(
-				"/path", true, "MOCK");
+		MockFilterInvocationDefinitionMap fids = new MockFilterInvocationDefinitionMap("/path", true, "MOCK");
 		filter.setSecurityMetadataSource(fids);
 
 		filter.afterPropertiesSet();
@@ -62,11 +62,10 @@ public class ChannelProcessingFilterTests {
 	@Test
 	public void testDetectsSupportedConfigAttribute() {
 		ChannelProcessingFilter filter = new ChannelProcessingFilter();
-		filter.setChannelDecisionManager(new MockChannelDecisionManager(false,
-				"SUPPORTS_MOCK_ONLY"));
+		filter.setChannelDecisionManager(new MockChannelDecisionManager(false, "SUPPORTS_MOCK_ONLY"));
 
-		MockFilterInvocationDefinitionMap fids = new MockFilterInvocationDefinitionMap(
-				"/path", true, "SUPPORTS_MOCK_ONLY");
+		MockFilterInvocationDefinitionMap fids = new MockFilterInvocationDefinitionMap("/path", true,
+				"SUPPORTS_MOCK_ONLY");
 
 		filter.setSecurityMetadataSource(fids);
 
@@ -76,11 +75,10 @@ public class ChannelProcessingFilterTests {
 	@Test(expected = IllegalArgumentException.class)
 	public void testDetectsUnsupportedConfigAttribute() {
 		ChannelProcessingFilter filter = new ChannelProcessingFilter();
-		filter.setChannelDecisionManager(new MockChannelDecisionManager(false,
-				"SUPPORTS_MOCK_ONLY"));
+		filter.setChannelDecisionManager(new MockChannelDecisionManager(false, "SUPPORTS_MOCK_ONLY"));
 
-		MockFilterInvocationDefinitionMap fids = new MockFilterInvocationDefinitionMap(
-				"/path", true, "SUPPORTS_MOCK_ONLY", "INVALID_ATTRIBUTE");
+		MockFilterInvocationDefinitionMap fids = new MockFilterInvocationDefinitionMap("/path", true,
+				"SUPPORTS_MOCK_ONLY", "INVALID_ATTRIBUTE");
 
 		filter.setSecurityMetadataSource(fids);
 		filter.afterPropertiesSet();
@@ -89,11 +87,9 @@ public class ChannelProcessingFilterTests {
 	@Test
 	public void testDoFilterWhenManagerDoesCommitResponse() throws Exception {
 		ChannelProcessingFilter filter = new ChannelProcessingFilter();
-		filter.setChannelDecisionManager(new MockChannelDecisionManager(true,
-				"SOME_ATTRIBUTE"));
+		filter.setChannelDecisionManager(new MockChannelDecisionManager(true, "SOME_ATTRIBUTE"));
 
-		MockFilterInvocationDefinitionMap fids = new MockFilterInvocationDefinitionMap(
-				"/path", true, "SOME_ATTRIBUTE");
+		MockFilterInvocationDefinitionMap fids = new MockFilterInvocationDefinitionMap("/path", true, "SOME_ATTRIBUTE");
 
 		filter.setSecurityMetadataSource(fids);
 
@@ -109,11 +105,9 @@ public class ChannelProcessingFilterTests {
 	@Test
 	public void testDoFilterWhenManagerDoesNotCommitResponse() throws Exception {
 		ChannelProcessingFilter filter = new ChannelProcessingFilter();
-		filter.setChannelDecisionManager(new MockChannelDecisionManager(false,
-				"SOME_ATTRIBUTE"));
+		filter.setChannelDecisionManager(new MockChannelDecisionManager(false, "SOME_ATTRIBUTE"));
 
-		MockFilterInvocationDefinitionMap fids = new MockFilterInvocationDefinitionMap(
-				"/path", true, "SOME_ATTRIBUTE");
+		MockFilterInvocationDefinitionMap fids = new MockFilterInvocationDefinitionMap("/path", true, "SOME_ATTRIBUTE");
 
 		filter.setSecurityMetadataSource(fids);
 
@@ -131,8 +125,7 @@ public class ChannelProcessingFilterTests {
 		ChannelProcessingFilter filter = new ChannelProcessingFilter();
 		filter.setChannelDecisionManager(new MockChannelDecisionManager(false, "NOT_USED"));
 
-		MockFilterInvocationDefinitionMap fids = new MockFilterInvocationDefinitionMap(
-				"/path", true, "NOT_USED");
+		MockFilterInvocationDefinitionMap fids = new MockFilterInvocationDefinitionMap("/path", true, "NOT_USED");
 
 		filter.setSecurityMetadataSource(fids);
 
@@ -151,8 +144,7 @@ public class ChannelProcessingFilterTests {
 		filter.setChannelDecisionManager(new MockChannelDecisionManager(false, "MOCK"));
 		assertThat(filter.getChannelDecisionManager() != null).isTrue();
 
-		MockFilterInvocationDefinitionMap fids = new MockFilterInvocationDefinitionMap(
-				"/path", false, "MOCK");
+		MockFilterInvocationDefinitionMap fids = new MockFilterInvocationDefinitionMap("/path", false, "MOCK");
 
 		filter.setSecurityMetadataSource(fids);
 		assertThat(filter.getSecurityMetadataSource()).isSameAs(fids);
@@ -164,7 +156,9 @@ public class ChannelProcessingFilterTests {
 	// ==================================================================================================
 
 	private class MockChannelDecisionManager implements ChannelDecisionManager {
+
 		private String supportAttribute;
+
 		private boolean commitAResponse;
 
 		MockChannelDecisionManager(boolean commitAResponse, String supportAttribute) {
@@ -172,8 +166,7 @@ public class ChannelProcessingFilterTests {
 			this.supportAttribute = supportAttribute;
 		}
 
-		public void decide(FilterInvocation invocation, Collection<ConfigAttribute> config)
-				throws IOException {
+		public void decide(FilterInvocation invocation, Collection<ConfigAttribute> config) throws IOException {
 			if (commitAResponse) {
 				invocation.getHttpResponse().sendRedirect("/redirected");
 			}
@@ -187,23 +180,24 @@ public class ChannelProcessingFilterTests {
 				return false;
 			}
 		}
+
 	}
 
-	private class MockFilterInvocationDefinitionMap implements
-			FilterInvocationSecurityMetadataSource {
+	private class MockFilterInvocationDefinitionMap implements FilterInvocationSecurityMetadataSource {
+
 		private Collection<ConfigAttribute> toReturn;
+
 		private String servletPath;
+
 		private boolean provideIterator;
 
-		MockFilterInvocationDefinitionMap(String servletPath,
-				boolean provideIterator, String... toReturn) {
+		MockFilterInvocationDefinitionMap(String servletPath, boolean provideIterator, String... toReturn) {
 			this.servletPath = servletPath;
 			this.toReturn = SecurityConfig.createList(toReturn);
 			this.provideIterator = provideIterator;
 		}
 
-		public Collection<ConfigAttribute> getAttributes(Object object)
-				throws IllegalArgumentException {
+		public Collection<ConfigAttribute> getAttributes(Object object) throws IllegalArgumentException {
 			FilterInvocation fi = (FilterInvocation) object;
 
 			if (servletPath.equals(fi.getHttpRequest().getServletPath())) {
@@ -225,5 +219,7 @@ public class ChannelProcessingFilterTests {
 		public boolean supports(Class<?> clazz) {
 			return true;
 		}
+
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/access/channel/InsecureChannelProcessorTests.java b/web/src/test/java/org/springframework/security/web/access/channel/InsecureChannelProcessorTests.java
index 721147b6e6..e9752b8f57 100644
--- a/web/src/test/java/org/springframework/security/web/access/channel/InsecureChannelProcessorTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/channel/InsecureChannelProcessorTests.java
@@ -47,12 +47,10 @@ public class InsecureChannelProcessorTests {
 		request.setServerPort(8080);
 
 		MockHttpServletResponse response = new MockHttpServletResponse();
-		FilterInvocation fi = new FilterInvocation(request, response,
-				mock(FilterChain.class));
+		FilterInvocation fi = new FilterInvocation(request, response, mock(FilterChain.class));
 
 		InsecureChannelProcessor processor = new InsecureChannelProcessor();
-		processor.decide(fi, SecurityConfig.createList("SOME_IGNORED_ATTRIBUTE",
-				"REQUIRES_INSECURE_CHANNEL"));
+		processor.decide(fi, SecurityConfig.createList("SOME_IGNORED_ATTRIBUTE", "REQUIRES_INSECURE_CHANNEL"));
 
 		assertThat(fi.getResponse().isCommitted()).isFalse();
 	}
@@ -69,12 +67,11 @@ public class InsecureChannelProcessorTests {
 		request.setServerPort(8443);
 
 		MockHttpServletResponse response = new MockHttpServletResponse();
-		FilterInvocation fi = new FilterInvocation(request, response,
-				mock(FilterChain.class));
+		FilterInvocation fi = new FilterInvocation(request, response, mock(FilterChain.class));
 
 		InsecureChannelProcessor processor = new InsecureChannelProcessor();
-		processor.decide(fi, SecurityConfig.createList(
-				new String[] { "SOME_IGNORED_ATTRIBUTE", "REQUIRES_INSECURE_CHANNEL" }));
+		processor.decide(fi,
+				SecurityConfig.createList(new String[] { "SOME_IGNORED_ATTRIBUTE", "REQUIRES_INSECURE_CHANNEL" }));
 
 		assertThat(fi.getResponse().isCommitted()).isTrue();
 	}
@@ -146,9 +143,9 @@ public class InsecureChannelProcessorTests {
 	@Test
 	public void testSupports() {
 		InsecureChannelProcessor processor = new InsecureChannelProcessor();
-		assertThat(processor.supports(new SecurityConfig("REQUIRES_INSECURE_CHANNEL")))
-				.isTrue();
+		assertThat(processor.supports(new SecurityConfig("REQUIRES_INSECURE_CHANNEL"))).isTrue();
 		assertThat(processor.supports(null)).isFalse();
 		assertThat(processor.supports(new SecurityConfig("NOT_SUPPORTED"))).isFalse();
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/access/channel/RetryWithHttpEntryPointTests.java b/web/src/test/java/org/springframework/security/web/access/channel/RetryWithHttpEntryPointTests.java
index f9d8bb0769..5e4d57987a 100644
--- a/web/src/test/java/org/springframework/security/web/access/channel/RetryWithHttpEntryPointTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/channel/RetryWithHttpEntryPointTests.java
@@ -39,6 +39,7 @@ import static org.mockito.Mockito.mock;
  * @author Ben Alex
  */
 public class RetryWithHttpEntryPointTests {
+
 	// ~ Methods
 	// ========================================================================================================
 	@Test
@@ -81,8 +82,7 @@ public class RetryWithHttpEntryPointTests {
 
 	@Test
 	public void testNormalOperation() throws Exception {
-		MockHttpServletRequest request = new MockHttpServletRequest("GET",
-				"/bigWebApp/hello/pathInfo.html");
+		MockHttpServletRequest request = new MockHttpServletRequest("GET", "/bigWebApp/hello/pathInfo.html");
 		request.setQueryString("open=true");
 		request.setScheme("https");
 		request.setServerName("localhost");
@@ -95,14 +95,12 @@ public class RetryWithHttpEntryPointTests {
 		ep.setPortResolver(new MockPortResolver(80, 443));
 
 		ep.commence(request, response);
-		assertThat(response.getRedirectedUrl()).isEqualTo(
-				"http://localhost/bigWebApp/hello/pathInfo.html?open=true");
+		assertThat(response.getRedirectedUrl()).isEqualTo("http://localhost/bigWebApp/hello/pathInfo.html?open=true");
 	}
 
 	@Test
 	public void testNormalOperationWithNullQueryString() throws Exception {
-		MockHttpServletRequest request = new MockHttpServletRequest("GET",
-				"/bigWebApp/hello");
+		MockHttpServletRequest request = new MockHttpServletRequest("GET", "/bigWebApp/hello");
 		request.setScheme("https");
 		request.setServerName("localhost");
 		request.setServerPort(443);
@@ -114,8 +112,7 @@ public class RetryWithHttpEntryPointTests {
 		ep.setPortResolver(new MockPortResolver(80, 443));
 
 		ep.commence(request, response);
-		assertThat(response.getRedirectedUrl())
-				.isEqualTo("http://localhost/bigWebApp/hello");
+		assertThat(response.getRedirectedUrl()).isEqualTo("http://localhost/bigWebApp/hello");
 	}
 
 	@Test
@@ -138,8 +135,7 @@ public class RetryWithHttpEntryPointTests {
 
 	@Test
 	public void testOperationWithNonStandardPort() throws Exception {
-		MockHttpServletRequest request = new MockHttpServletRequest("GET",
-				"/bigWebApp/hello/pathInfo.html");
+		MockHttpServletRequest request = new MockHttpServletRequest("GET", "/bigWebApp/hello/pathInfo.html");
 		request.setQueryString("open=true");
 		request.setScheme("https");
 		request.setServerName("localhost");
@@ -157,7 +153,8 @@ public class RetryWithHttpEntryPointTests {
 		ep.setPortMapper(portMapper);
 
 		ep.commence(request, response);
-		assertThat(response.getRedirectedUrl()).isEqualTo(
-				"http://localhost:8888/bigWebApp/hello/pathInfo.html?open=true");
+		assertThat(response.getRedirectedUrl())
+				.isEqualTo("http://localhost:8888/bigWebApp/hello/pathInfo.html?open=true");
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/access/channel/RetryWithHttpsEntryPointTests.java b/web/src/test/java/org/springframework/security/web/access/channel/RetryWithHttpsEntryPointTests.java
index 921cbeef70..33c4bff1b4 100644
--- a/web/src/test/java/org/springframework/security/web/access/channel/RetryWithHttpsEntryPointTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/channel/RetryWithHttpsEntryPointTests.java
@@ -35,6 +35,7 @@ import java.util.Map;
  * @author Ben Alex
  */
 public class RetryWithHttpsEntryPointTests {
+
 	// ~ Methods
 	// ========================================================================================================
 	@Test
@@ -72,8 +73,7 @@ public class RetryWithHttpsEntryPointTests {
 
 	@Test
 	public void testNormalOperation() throws Exception {
-		MockHttpServletRequest request = new MockHttpServletRequest("GET",
-				"/bigWebApp/hello/pathInfo.html");
+		MockHttpServletRequest request = new MockHttpServletRequest("GET", "/bigWebApp/hello/pathInfo.html");
 		request.setQueryString("open=true");
 		request.setScheme("http");
 		request.setServerName("www.example.com");
@@ -86,14 +86,13 @@ public class RetryWithHttpsEntryPointTests {
 		ep.setPortResolver(new MockPortResolver(80, 443));
 
 		ep.commence(request, response);
-		assertThat(response.getRedirectedUrl()).isEqualTo(
-				"https://www.example.com/bigWebApp/hello/pathInfo.html?open=true");
+		assertThat(response.getRedirectedUrl())
+				.isEqualTo("https://www.example.com/bigWebApp/hello/pathInfo.html?open=true");
 	}
 
 	@Test
 	public void testNormalOperationWithNullQueryString() throws Exception {
-		MockHttpServletRequest request = new MockHttpServletRequest("GET",
-				"/bigWebApp/hello");
+		MockHttpServletRequest request = new MockHttpServletRequest("GET", "/bigWebApp/hello");
 		request.setScheme("http");
 		request.setServerName("www.example.com");
 		request.setServerPort(80);
@@ -128,8 +127,7 @@ public class RetryWithHttpsEntryPointTests {
 
 	@Test
 	public void testOperationWithNonStandardPort() throws Exception {
-		MockHttpServletRequest request = new MockHttpServletRequest("GET",
-				"/bigWebApp/hello/pathInfo.html");
+		MockHttpServletRequest request = new MockHttpServletRequest("GET", "/bigWebApp/hello/pathInfo.html");
 		request.setQueryString("open=true");
 		request.setScheme("http");
 		request.setServerName("www.example.com");
@@ -147,7 +145,8 @@ public class RetryWithHttpsEntryPointTests {
 		ep.setPortMapper(portMapper);
 
 		ep.commence(request, response);
-		assertThat(response.getRedirectedUrl()).isEqualTo(
-				"https://www.example.com:9999/bigWebApp/hello/pathInfo.html?open=true");
+		assertThat(response.getRedirectedUrl())
+				.isEqualTo("https://www.example.com:9999/bigWebApp/hello/pathInfo.html?open=true");
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/access/channel/SecureChannelProcessorTests.java b/web/src/test/java/org/springframework/security/web/access/channel/SecureChannelProcessorTests.java
index 219b0c1de9..346a599123 100644
--- a/web/src/test/java/org/springframework/security/web/access/channel/SecureChannelProcessorTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/channel/SecureChannelProcessorTests.java
@@ -34,6 +34,7 @@ import org.springframework.security.web.access.channel.SecureChannelProcessor;
  * @author Ben Alex
  */
 public class SecureChannelProcessorTests {
+
 	// ~ Methods
 	// ========================================================================================================
 	@Test
@@ -48,12 +49,10 @@ public class SecureChannelProcessorTests {
 		request.setServerPort(8443);
 
 		MockHttpServletResponse response = new MockHttpServletResponse();
-		FilterInvocation fi = new FilterInvocation(request, response,
-				mock(FilterChain.class));
+		FilterInvocation fi = new FilterInvocation(request, response, mock(FilterChain.class));
 
 		SecureChannelProcessor processor = new SecureChannelProcessor();
-		processor.decide(fi, SecurityConfig.createList("SOME_IGNORED_ATTRIBUTE",
-				"REQUIRES_SECURE_CHANNEL"));
+		processor.decide(fi, SecurityConfig.createList("SOME_IGNORED_ATTRIBUTE", "REQUIRES_SECURE_CHANNEL"));
 
 		assertThat(fi.getResponse().isCommitted()).isFalse();
 	}
@@ -69,14 +68,11 @@ public class SecureChannelProcessorTests {
 		request.setServerPort(8080);
 
 		MockHttpServletResponse response = new MockHttpServletResponse();
-		FilterInvocation fi = new FilterInvocation(request, response,
-				mock(FilterChain.class));
+		FilterInvocation fi = new FilterInvocation(request, response, mock(FilterChain.class));
 
 		SecureChannelProcessor processor = new SecureChannelProcessor();
-		processor.decide(
-				fi,
-				SecurityConfig.createList(new String[] { "SOME_IGNORED_ATTRIBUTE",
-						"REQUIRES_SECURE_CHANNEL" }));
+		processor.decide(fi,
+				SecurityConfig.createList(new String[] { "SOME_IGNORED_ATTRIBUTE", "REQUIRES_SECURE_CHANNEL" }));
 
 		assertThat(fi.getResponse().isCommitted()).isTrue();
 	}
@@ -152,4 +148,5 @@ public class SecureChannelProcessorTests {
 		assertThat(processor.supports(null)).isFalse();
 		assertThat(processor.supports(new SecurityConfig("NOT_SUPPORTED"))).isFalse();
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/access/expression/AbstractVariableEvaluationContextPostProcessorTests.java b/web/src/test/java/org/springframework/security/web/access/expression/AbstractVariableEvaluationContextPostProcessorTests.java
index 62f4a10f1d..c4f92d32f7 100644
--- a/web/src/test/java/org/springframework/security/web/access/expression/AbstractVariableEvaluationContextPostProcessorTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/expression/AbstractVariableEvaluationContextPostProcessorTests.java
@@ -37,14 +37,18 @@ import static org.assertj.core.api.Assertions.assertThat;
  *
  */
 public class AbstractVariableEvaluationContextPostProcessorTests {
+
 	static final String KEY = "a";
 	static final String VALUE = "b";
+
 	VariableEvaluationContextPostProcessor processor;
 
 	FilterInvocation invocation;
 
 	MockHttpServletRequest request;
+
 	MockHttpServletResponse response;
+
 	EvaluationContext context;
 
 	@Before
@@ -53,8 +57,7 @@ public class AbstractVariableEvaluationContextPostProcessorTests {
 		this.request = new MockHttpServletRequest();
 		this.request.setServletPath("/");
 		this.response = new MockHttpServletResponse();
-		this.invocation = new FilterInvocation(this.request, this.response,
-				new MockFilterChain());
+		this.invocation = new FilterInvocation(this.request, this.response, new MockFilterChain());
 		this.context = new StandardEvaluationContext();
 	}
 
@@ -74,13 +77,15 @@ public class AbstractVariableEvaluationContextPostProcessorTests {
 		assertThat(this.context.lookupVariable(KEY)).isEqualTo(VALUE);
 	}
 
-	static class VariableEvaluationContextPostProcessor
-			extends AbstractVariableEvaluationContextPostProcessor {
+	static class VariableEvaluationContextPostProcessor extends AbstractVariableEvaluationContextPostProcessor {
+
 		Map<String, String> results = Collections.singletonMap(KEY, VALUE);
 
 		@Override
 		protected Map<String, String> extractVariables(HttpServletRequest request) {
 			return this.results;
 		}
+
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/access/expression/DefaultWebSecurityExpressionHandlerTests.java b/web/src/test/java/org/springframework/security/web/access/expression/DefaultWebSecurityExpressionHandlerTests.java
index 609864e7c3..711d9a3359 100644
--- a/web/src/test/java/org/springframework/security/web/access/expression/DefaultWebSecurityExpressionHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/expression/DefaultWebSecurityExpressionHandlerTests.java
@@ -70,13 +70,11 @@ public class DefaultWebSecurityExpressionHandlerTests {
 		appContext.registerBeanDefinition("role", bean);
 		handler.setApplicationContext(appContext);
 
-		EvaluationContext ctx = handler.createEvaluationContext(
-				mock(Authentication.class), mock(FilterInvocation.class));
+		EvaluationContext ctx = handler.createEvaluationContext(mock(Authentication.class),
+				mock(FilterInvocation.class));
 		ExpressionParser parser = handler.getExpressionParser();
-		assertThat(parser.parseExpression("@role.getAttribute() == 'ROLE_A'").getValue(
-				ctx, Boolean.class)).isTrue();
-		assertThat(parser.parseExpression("@role.attribute == 'ROLE_A'").getValue(ctx,
-				Boolean.class)).isTrue();
+		assertThat(parser.parseExpression("@role.getAttribute() == 'ROLE_A'").getValue(ctx, Boolean.class)).isTrue();
+		assertThat(parser.parseExpression("@role.attribute == 'ROLE_A'").getValue(ctx, Boolean.class)).isTrue();
 	}
 
 	@Test(expected = IllegalArgumentException.class)
@@ -88,10 +86,8 @@ public class DefaultWebSecurityExpressionHandlerTests {
 	public void createEvaluationContextCustomTrustResolver() {
 		handler.setTrustResolver(trustResolver);
 
-		Expression expression = handler.getExpressionParser().parseExpression(
-				"anonymous");
-		EvaluationContext context = handler.createEvaluationContext(authentication,
-				invocation);
+		Expression expression = handler.getExpressionParser().parseExpression("anonymous");
+		EvaluationContext context = handler.createEvaluationContext(authentication, invocation);
 		assertThat(expression.getValue(context, Boolean.class)).isFalse();
 
 		verify(trustResolver).isAnonymous(authentication);
diff --git a/web/src/test/java/org/springframework/security/web/access/expression/DelegatingEvaluationContextTests.java b/web/src/test/java/org/springframework/security/web/access/expression/DelegatingEvaluationContextTests.java
index 824b7ab217..abbc789a97 100644
--- a/web/src/test/java/org/springframework/security/web/access/expression/DelegatingEvaluationContextTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/expression/DelegatingEvaluationContextTests.java
@@ -45,8 +45,10 @@ import static org.mockito.Mockito.when;
  */
 @RunWith(MockitoJUnitRunner.class)
 public class DelegatingEvaluationContextTests {
+
 	@Mock
 	DelegatingEvaluationContext delegate;
+
 	@InjectMocks
 	DelegatingEvaluationContext context;
 
@@ -141,4 +143,5 @@ public class DelegatingEvaluationContextTests {
 
 		assertThat(this.context.lookupVariable(name)).isEqualTo(expected);
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/access/expression/ExpressionBasedFilterInvocationSecurityMetadataSourceTests.java b/web/src/test/java/org/springframework/security/web/access/expression/ExpressionBasedFilterInvocationSecurityMetadataSourceTests.java
index 3f63e8d721..0fa33ad0f1 100644
--- a/web/src/test/java/org/springframework/security/web/access/expression/ExpressionBasedFilterInvocationSecurityMetadataSourceTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/expression/ExpressionBasedFilterInvocationSecurityMetadataSourceTests.java
@@ -40,11 +40,9 @@ public class ExpressionBasedFilterInvocationSecurityMetadataSourceTests {
 		ExpressionBasedFilterInvocationSecurityMetadataSource mds = new ExpressionBasedFilterInvocationSecurityMetadataSource(
 				requestMap, new DefaultWebSecurityExpressionHandler());
 		assertThat(mds.getAllConfigAttributes()).hasSize(1);
-		Collection<ConfigAttribute> attrs = mds.getAttributes(new FilterInvocation(
-				"/path", "GET"));
+		Collection<ConfigAttribute> attrs = mds.getAttributes(new FilterInvocation("/path", "GET"));
 		assertThat(attrs).hasSize(1);
-		WebExpressionConfigAttribute attribute = (WebExpressionConfigAttribute) attrs
-				.toArray()[0];
+		WebExpressionConfigAttribute attribute = (WebExpressionConfigAttribute) attrs.toArray()[0];
 		assertThat(attribute.getAttribute()).isNull();
 		assertThat(attribute.getAuthorizeExpression().getExpressionString()).isEqualTo(expression);
 		assertThat(attribute.toString()).isEqualTo(expression);
@@ -53,9 +51,9 @@ public class ExpressionBasedFilterInvocationSecurityMetadataSourceTests {
 	@Test(expected = IllegalArgumentException.class)
 	public void invalidExpressionIsRejected() {
 		LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>> requestMap = new LinkedHashMap<>();
-		requestMap.put(AnyRequestMatcher.INSTANCE,
-				SecurityConfig.createList("hasRole('X'"));
+		requestMap.put(AnyRequestMatcher.INSTANCE, SecurityConfig.createList("hasRole('X'"));
 		ExpressionBasedFilterInvocationSecurityMetadataSource mds = new ExpressionBasedFilterInvocationSecurityMetadataSource(
 				requestMap, new DefaultWebSecurityExpressionHandler());
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/access/expression/WebExpressionVoterTests.java b/web/src/test/java/org/springframework/security/web/access/expression/WebExpressionVoterTests.java
index a36abcd489..ea5da3a507 100644
--- a/web/src/test/java/org/springframework/security/web/access/expression/WebExpressionVoterTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/expression/WebExpressionVoterTests.java
@@ -48,8 +48,9 @@ public class WebExpressionVoterTests {
 	@Test
 	public void supportsWebConfigAttributeAndFilterInvocation() {
 		WebExpressionVoter voter = new WebExpressionVoter();
-		assertThat(voter.supports(new WebExpressionConfigAttribute(mock(Expression.class),
-				mock(EvaluationContextPostProcessor.class)))).isTrue();
+		assertThat(voter.supports(
+				new WebExpressionConfigAttribute(mock(Expression.class), mock(EvaluationContextPostProcessor.class))))
+						.isTrue();
 		assertThat(voter.supports(FilterInvocation.class)).isTrue();
 		assertThat(voter.supports(MethodInvocation.class)).isFalse();
 
@@ -58,38 +59,32 @@ public class WebExpressionVoterTests {
 	@Test
 	public void abstainsIfNoAttributeFound() {
 		WebExpressionVoter voter = new WebExpressionVoter();
-		assertThat(voter.vote(user, new FilterInvocation("/path", "GET"),
-				SecurityConfig.createList("A", "B", "C"))).isEqualTo(
-						AccessDecisionVoter.ACCESS_ABSTAIN);
+		assertThat(voter.vote(user, new FilterInvocation("/path", "GET"), SecurityConfig.createList("A", "B", "C")))
+				.isEqualTo(AccessDecisionVoter.ACCESS_ABSTAIN);
 	}
 
 	@Test
 	public void grantsAccessIfExpressionIsTrueDeniesIfFalse() {
 		WebExpressionVoter voter = new WebExpressionVoter();
 		Expression ex = mock(Expression.class);
-		EvaluationContextPostProcessor postProcessor = mock(
-				EvaluationContextPostProcessor.class);
-		when(postProcessor.postProcess(any(EvaluationContext.class),
-				any(FilterInvocation.class))).thenAnswer( invocation -> invocation.getArgument(0));
-		WebExpressionConfigAttribute weca = new WebExpressionConfigAttribute(ex,
-				postProcessor);
+		EvaluationContextPostProcessor postProcessor = mock(EvaluationContextPostProcessor.class);
+		when(postProcessor.postProcess(any(EvaluationContext.class), any(FilterInvocation.class)))
+				.thenAnswer(invocation -> invocation.getArgument(0));
+		WebExpressionConfigAttribute weca = new WebExpressionConfigAttribute(ex, postProcessor);
 		EvaluationContext ctx = mock(EvaluationContext.class);
 		SecurityExpressionHandler eh = mock(SecurityExpressionHandler.class);
 		FilterInvocation fi = new FilterInvocation("/path", "GET");
 		voter.setExpressionHandler(eh);
 		when(eh.createEvaluationContext(user, fi)).thenReturn(ctx);
-		when(ex.getValue(ctx, Boolean.class)).thenReturn(Boolean.TRUE).thenReturn(
-				Boolean.FALSE);
+		when(ex.getValue(ctx, Boolean.class)).thenReturn(Boolean.TRUE).thenReturn(Boolean.FALSE);
 		ArrayList attributes = new ArrayList();
 		attributes.addAll(SecurityConfig.createList("A", "B", "C"));
 		attributes.add(weca);
 
-		assertThat(voter.vote(user, fi, attributes)).isEqualTo(
-				AccessDecisionVoter.ACCESS_GRANTED);
+		assertThat(voter.vote(user, fi, attributes)).isEqualTo(AccessDecisionVoter.ACCESS_GRANTED);
 
 		// Second time false
-		assertThat(voter.vote(user, fi, attributes)).isEqualTo(
-				AccessDecisionVoter.ACCESS_DENIED);
+		assertThat(voter.vote(user, fi, attributes)).isEqualTo(AccessDecisionVoter.ACCESS_DENIED);
 	}
 
 	// SEC-2507
@@ -101,10 +96,10 @@ public class WebExpressionVoterTests {
 
 	private static class FilterInvocationChild extends FilterInvocation {
 
-		FilterInvocationChild(ServletRequest request, ServletResponse response,
-				FilterChain chain) {
+		FilterInvocationChild(ServletRequest request, ServletResponse response, FilterChain chain) {
 			super(request, response, chain);
 		}
+
 	}
 
 	@Test
@@ -118,4 +113,5 @@ public class WebExpressionVoterTests {
 		WebExpressionVoter voter = new WebExpressionVoter();
 		assertThat(voter.supports(Object.class)).isFalse();
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/access/expression/WebSecurityExpressionRootTests.java b/web/src/test/java/org/springframework/security/web/access/expression/WebSecurityExpressionRootTests.java
index 0e1816cea2..2f781b81ea 100644
--- a/web/src/test/java/org/springframework/security/web/access/expression/WebSecurityExpressionRootTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/expression/WebSecurityExpressionRootTests.java
@@ -41,9 +41,8 @@ public class WebSecurityExpressionRootTests {
 		request.setRequestURI("/test");
 		// IPv4
 		request.setRemoteAddr("192.168.1.1");
-		WebSecurityExpressionRoot root = new WebSecurityExpressionRoot(
-				mock(Authentication.class), new FilterInvocation(request,
-						mock(HttpServletResponse.class), mock(FilterChain.class)));
+		WebSecurityExpressionRoot root = new WebSecurityExpressionRoot(mock(Authentication.class),
+				new FilterInvocation(request, mock(HttpServletResponse.class), mock(FilterChain.class)));
 
 		assertThat(root.hasIpAddress("192.168.1.1")).isTrue();
 
@@ -56,9 +55,8 @@ public class WebSecurityExpressionRootTests {
 	public void addressesInIpRangeMatch() {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setRequestURI("/test");
-		WebSecurityExpressionRoot root = new WebSecurityExpressionRoot(
-				mock(Authentication.class), new FilterInvocation(request,
-						mock(HttpServletResponse.class), mock(FilterChain.class)));
+		WebSecurityExpressionRoot root = new WebSecurityExpressionRoot(mock(Authentication.class),
+				new FilterInvocation(request, mock(HttpServletResponse.class), mock(FilterChain.class)));
 		for (int i = 0; i < 255; i++) {
 			request.setRemoteAddr("192.168.1." + i);
 			assertThat(root.hasIpAddress("192.168.1.0/24")).isTrue();
diff --git a/web/src/test/java/org/springframework/security/web/access/intercept/DefaultFilterInvocationSecurityMetadataSourceTests.java b/web/src/test/java/org/springframework/security/web/access/intercept/DefaultFilterInvocationSecurityMetadataSourceTests.java
index 26fc69fe5e..18b634a5fd 100644
--- a/web/src/test/java/org/springframework/security/web/access/intercept/DefaultFilterInvocationSecurityMetadataSourceTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/intercept/DefaultFilterInvocationSecurityMetadataSourceTests.java
@@ -40,7 +40,9 @@ import static org.mockito.Mockito.mock;
  * @author Ben Alex
  */
 public class DefaultFilterInvocationSecurityMetadataSourceTests {
+
 	private DefaultFilterInvocationSecurityMetadataSource fids;
+
 	private Collection<ConfigAttribute> def = SecurityConfig.createList("ROLE_ONE");
 
 	// ~ Methods
@@ -55,8 +57,7 @@ public class DefaultFilterInvocationSecurityMetadataSourceTests {
 	public void lookupNotRequiringExactMatchSucceedsIfNotMatching() {
 		createFids("/secure/super/**", null);
 
-		FilterInvocation fi = createFilterInvocation("/secure/super/somefile.html", null,
-				null, null);
+		FilterInvocation fi = createFilterInvocation("/secure/super/somefile.html", null, null, null);
 
 		assertThat(this.fids.getAttributes(fi)).isEqualTo(this.def);
 	}
@@ -69,8 +70,7 @@ public class DefaultFilterInvocationSecurityMetadataSourceTests {
 	public void lookupNotRequiringExactMatchSucceedsIfSecureUrlPathContainsUpperCase() {
 		createFids("/secure/super/**", null);
 
-		FilterInvocation fi = createFilterInvocation("/secure", "/super/somefile.html",
-				null, null);
+		FilterInvocation fi = createFilterInvocation("/secure", "/super/somefile.html", null, null);
 
 		Collection<ConfigAttribute> response = this.fids.getAttributes(fi);
 		assertThat(response).isEqualTo(this.def);
@@ -80,8 +80,7 @@ public class DefaultFilterInvocationSecurityMetadataSourceTests {
 	public void lookupRequiringExactMatchIsSuccessful() {
 		createFids("/SeCurE/super/**", null);
 
-		FilterInvocation fi = createFilterInvocation("/SeCurE/super/somefile.html", null,
-				null, null);
+		FilterInvocation fi = createFilterInvocation("/SeCurE/super/somefile.html", null, null, null);
 
 		Collection<ConfigAttribute> response = this.fids.getAttributes(fi);
 		assertThat(response).isEqualTo(this.def);
@@ -91,8 +90,7 @@ public class DefaultFilterInvocationSecurityMetadataSourceTests {
 	public void lookupRequiringExactMatchWithAdditionalSlashesIsSuccessful() {
 		createFids("/someAdminPage.html**", null);
 
-		FilterInvocation fi = createFilterInvocation("/someAdminPage.html", null,
-				"a=/test", null);
+		FilterInvocation fi = createFilterInvocation("/someAdminPage.html", null, "a=/test", null);
 
 		Collection<ConfigAttribute> response = this.fids.getAttributes(fi);
 		assertThat(response); // see SEC-161 (it should truncate after ?
@@ -138,8 +136,7 @@ public class DefaultFilterInvocationSecurityMetadataSourceTests {
 		Collection<ConfigAttribute> userAttrs = SecurityConfig.createList("A");
 
 		requestMap.put(new AntPathRequestMatcher("/user/**", null), userAttrs);
-		requestMap.put(new AntPathRequestMatcher("/teller/**", "GET"),
-				SecurityConfig.createList("B"));
+		requestMap.put(new AntPathRequestMatcher("/teller/**", "GET"), SecurityConfig.createList("B"));
 		this.fids = new DefaultFilterInvocationSecurityMetadataSource(requestMap);
 
 		FilterInvocation fi = createFilterInvocation("/user", null, null, "GET");
@@ -154,8 +151,7 @@ public class DefaultFilterInvocationSecurityMetadataSourceTests {
 	public void extraQuestionMarkStillMatches() {
 		createFids("/someAdminPage.html*", null);
 
-		FilterInvocation fi = createFilterInvocation("/someAdminPage.html", null, null,
-				null);
+		FilterInvocation fi = createFilterInvocation("/someAdminPage.html", null, null, null);
 
 		Collection<ConfigAttribute> response = this.fids.getAttributes(fi);
 		assertThat(response).isEqualTo(this.def);
@@ -166,8 +162,8 @@ public class DefaultFilterInvocationSecurityMetadataSourceTests {
 		assertThat(response).isEqualTo(this.def);
 	}
 
-	private FilterInvocation createFilterInvocation(String servletPath, String pathInfo,
-			String queryString, String method) {
+	private FilterInvocation createFilterInvocation(String servletPath, String pathInfo, String queryString,
+			String method) {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setRequestURI(null);
 		request.setMethod(method);
@@ -175,7 +171,7 @@ public class DefaultFilterInvocationSecurityMetadataSourceTests {
 		request.setPathInfo(pathInfo);
 		request.setQueryString(queryString);
 
-		return new FilterInvocation(request, new MockHttpServletResponse(),
-				mock(FilterChain.class));
+		return new FilterInvocation(request, new MockHttpServletResponse(), mock(FilterChain.class));
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/access/intercept/FilterSecurityInterceptorTests.java b/web/src/test/java/org/springframework/security/web/access/intercept/FilterSecurityInterceptorTests.java
index 9d73f56aa1..b5e464c07d 100644
--- a/web/src/test/java/org/springframework/security/web/access/intercept/FilterSecurityInterceptorTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/intercept/FilterSecurityInterceptorTests.java
@@ -49,11 +49,17 @@ import javax.servlet.http.HttpServletResponse;
  * @author Rob Winch
  */
 public class FilterSecurityInterceptorTests {
+
 	private AuthenticationManager am;
+
 	private AccessDecisionManager adm;
+
 	private FilterInvocationSecurityMetadataSource ods;
+
 	private RunAsManager ram;
+
 	private FilterSecurityInterceptor interceptor;
+
 	private ApplicationEventPublisher publisher;
 
 	// ~ Methods
@@ -81,8 +87,7 @@ public class FilterSecurityInterceptorTests {
 	}
 
 	@Test(expected = IllegalArgumentException.class)
-	public void testEnsuresAccessDecisionManagerSupportsFilterInvocationClass()
-			throws Exception {
+	public void testEnsuresAccessDecisionManagerSupportsFilterInvocationClass() throws Exception {
 		when(adm.supports(FilterInvocation.class)).thenReturn(true);
 		interceptor.afterPropertiesSet();
 	}
@@ -101,8 +106,7 @@ public class FilterSecurityInterceptorTests {
 	@Test
 	public void testSuccessfulInvocation() throws Throwable {
 		// Setup a Context
-		Authentication token = new TestingAuthenticationToken("Test", "Password",
-				"NOT_USED");
+		Authentication token = new TestingAuthenticationToken("Test", "Password", "NOT_USED");
 		SecurityContextHolder.getContext().setAuthentication(token);
 
 		FilterInvocation fi = createinvocation();
@@ -117,15 +121,14 @@ public class FilterSecurityInterceptorTests {
 
 	@Test
 	public void afterInvocationIsNotInvokedIfExceptionThrown() throws Exception {
-		Authentication token = new TestingAuthenticationToken("Test", "Password",
-				"NOT_USED");
+		Authentication token = new TestingAuthenticationToken("Test", "Password", "NOT_USED");
 		SecurityContextHolder.getContext().setAuthentication(token);
 
 		FilterInvocation fi = createinvocation();
 		FilterChain chain = fi.getChain();
 
-		doThrow(new RuntimeException()).when(chain).doFilter(
-				any(HttpServletRequest.class), any(HttpServletResponse.class));
+		doThrow(new RuntimeException()).when(chain).doFilter(any(HttpServletRequest.class),
+				any(HttpServletResponse.class));
 		when(ods.getAttributes(fi)).thenReturn(SecurityConfig.createList("MOCK_OK"));
 
 		AfterInvocationManager aim = mock(AfterInvocationManager.class);
@@ -146,22 +149,20 @@ public class FilterSecurityInterceptorTests {
 	@SuppressWarnings("unchecked")
 	public void finallyInvocationIsInvokedIfExceptionThrown() throws Exception {
 		SecurityContext ctx = SecurityContextHolder.getContext();
-		Authentication token = new TestingAuthenticationToken("Test", "Password",
-				"NOT_USED");
+		Authentication token = new TestingAuthenticationToken("Test", "Password", "NOT_USED");
 		token.setAuthenticated(true);
 		ctx.setAuthentication(token);
 
 		RunAsManager runAsManager = mock(RunAsManager.class);
-		when(runAsManager.buildRunAs(eq(token), any(), anyCollection())).thenReturn(
-				new RunAsUserToken("key", "someone", "creds", token.getAuthorities(),
-						token.getClass()));
+		when(runAsManager.buildRunAs(eq(token), any(), anyCollection()))
+				.thenReturn(new RunAsUserToken("key", "someone", "creds", token.getAuthorities(), token.getClass()));
 		interceptor.setRunAsManager(runAsManager);
 
 		FilterInvocation fi = createinvocation();
 		FilterChain chain = fi.getChain();
 
-		doThrow(new RuntimeException()).when(chain).doFilter(
-				any(HttpServletRequest.class), any(HttpServletResponse.class));
+		doThrow(new RuntimeException()).when(chain).doFilter(any(HttpServletRequest.class),
+				any(HttpServletResponse.class));
 		when(ods.getAttributes(fi)).thenReturn(SecurityConfig.createList("MOCK_OK"));
 
 		AfterInvocationManager aim = mock(AfterInvocationManager.class);
diff --git a/web/src/test/java/org/springframework/security/web/access/intercept/RequestKeyTests.java b/web/src/test/java/org/springframework/security/web/access/intercept/RequestKeyTests.java
index 29fe0c3d27..913527092c 100644
--- a/web/src/test/java/org/springframework/security/web/access/intercept/RequestKeyTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/intercept/RequestKeyTests.java
@@ -22,7 +22,6 @@ import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import org.springframework.security.web.access.intercept.RequestKey;
 
 /**
- *
  * @author Luke Taylor
  *
  */
@@ -69,8 +68,8 @@ public class RequestKeyTests {
 	 */
 	@Test
 	public void keysWithNullUrlFailsAssertion() {
-		assertThatThrownBy(() -> new RequestKey(null, null))
-				.isInstanceOf(IllegalArgumentException.class)
+		assertThatThrownBy(() -> new RequestKey(null, null)).isInstanceOf(IllegalArgumentException.class)
 				.hasMessage("url cannot be null");
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilterTests.java
index 48f821834b..47431f43eb 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilterTests.java
@@ -136,9 +136,7 @@ public class AbstractAuthenticationProcessingFilterTests {
 		filter.doFilter(request, response, chain);
 		assertThat(response.getRedirectedUrl()).isEqualTo("/mycontext/logged_in.jsp");
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull();
-		assertThat(
-				SecurityContextHolder.getContext().getAuthentication().getPrincipal().toString()).isEqualTo(
-						"test");
+		assertThat(SecurityContextHolder.getContext().getAuthentication().getPrincipal().toString()).isEqualTo("test");
 	}
 
 	@Test
@@ -149,10 +147,9 @@ public class AbstractAuthenticationProcessingFilterTests {
 		filter.afterPropertiesSet();
 
 		assertThat(filter.getRememberMeServices()).isNotNull();
-		filter.setRememberMeServices(new TokenBasedRememberMeServices("key",
-				new AbstractRememberMeServicesTests.MockUserDetailsService()));
-		assertThat(filter.getRememberMeServices().getClass()).isEqualTo(
-				TokenBasedRememberMeServices.class);
+		filter.setRememberMeServices(
+				new TokenBasedRememberMeServices("key", new AbstractRememberMeServicesTests.MockUserDetailsService()));
+		assertThat(filter.getRememberMeServices().getClass()).isEqualTo(TokenBasedRememberMeServices.class);
 		assertThat(filter.getAuthenticationManager() != null).isTrue();
 	}
 
@@ -196,8 +193,7 @@ public class AbstractAuthenticationProcessingFilterTests {
 		MockAuthenticationFilter filter = new MockAuthenticationFilter(true);
 
 		filter.setFilterProcessesUrl("/j_mock_post");
-		filter.setSessionAuthenticationStrategy(
-				mock(SessionAuthenticationStrategy.class));
+		filter.setSessionAuthenticationStrategy(mock(SessionAuthenticationStrategy.class));
 		filter.setAuthenticationSuccessHandler(successHandler);
 		filter.setAuthenticationFailureHandler(failureHandler);
 		filter.setAuthenticationManager(mock(AuthenticationManager.class));
@@ -207,9 +203,7 @@ public class AbstractAuthenticationProcessingFilterTests {
 		filter.doFilter(request, response, chain);
 		assertThat(response.getRedirectedUrl()).isEqualTo("/mycontext/logged_in.jsp");
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull();
-		assertThat(
-				SecurityContextHolder.getContext().getAuthentication().getPrincipal().toString()).isEqualTo(
-						"test");
+		assertThat(SecurityContextHolder.getContext().getAuthentication().getPrincipal().toString()).isEqualTo("test");
 		// Should still have the same session
 		assertThat(request.getSession()).isEqualTo(sessionPreAuth);
 	}
@@ -229,11 +223,10 @@ public class AbstractAuthenticationProcessingFilterTests {
 		MockHttpServletResponse response = new MockHttpServletResponse();
 
 		// Setup our test object, to grant access
-		MockAuthenticationFilter filter = new MockAuthenticationFilter(
-				"/j_mock_post", mock(AuthenticationManager.class));
+		MockAuthenticationFilter filter = new MockAuthenticationFilter("/j_mock_post",
+				mock(AuthenticationManager.class));
 
-		filter.setSessionAuthenticationStrategy(
-				mock(SessionAuthenticationStrategy.class));
+		filter.setSessionAuthenticationStrategy(mock(SessionAuthenticationStrategy.class));
 		filter.setAuthenticationSuccessHandler(successHandler);
 		filter.setAuthenticationFailureHandler(failureHandler);
 		filter.afterPropertiesSet();
@@ -242,9 +235,7 @@ public class AbstractAuthenticationProcessingFilterTests {
 		filter.doFilter(request, response, chain);
 		assertThat(response.getRedirectedUrl()).isEqualTo("/mycontext/logged_in.jsp");
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull();
-		assertThat(
-				SecurityContextHolder.getContext().getAuthentication().getPrincipal().toString()).isEqualTo(
-				"test");
+		assertThat(SecurityContextHolder.getContext().getAuthentication().getPrincipal().toString()).isEqualTo("test");
 		// Should still have the same session
 		assertThat(request.getSession()).isEqualTo(sessionPreAuth);
 	}
@@ -269,8 +260,7 @@ public class AbstractAuthenticationProcessingFilterTests {
 		MockAuthenticationFilter filter = new MockAuthenticationFilter(
 				new AntPathRequestMatcher("/j_eradicate_corona_virus"), mock(AuthenticationManager.class));
 
-		filter.setSessionAuthenticationStrategy(
-				mock(SessionAuthenticationStrategy.class));
+		filter.setSessionAuthenticationStrategy(mock(SessionAuthenticationStrategy.class));
 		filter.setAuthenticationSuccessHandler(successHandler);
 		filter.setAuthenticationFailureHandler(failureHandler);
 		filter.afterPropertiesSet();
@@ -279,9 +269,7 @@ public class AbstractAuthenticationProcessingFilterTests {
 		filter.doFilter(request, response, chain);
 		assertThat(response.getRedirectedUrl()).isEqualTo("/mycontext/logged_in.jsp");
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull();
-		assertThat(
-				SecurityContextHolder.getContext().getAuthentication().getPrincipal().toString()).isEqualTo(
-				"test");
+		assertThat(SecurityContextHolder.getContext().getAuthentication().getPrincipal().toString()).isEqualTo("test");
 		// Should still have the same session
 		assertThat(request.getSession()).isEqualTo(sessionPreAuth);
 	}
@@ -299,8 +287,7 @@ public class AbstractAuthenticationProcessingFilterTests {
 			fail("Should have thrown IllegalArgumentException");
 		}
 		catch (IllegalArgumentException expected) {
-			assertThat(expected.getMessage()).isEqualTo(
-					"authenticationManager must be specified");
+			assertThat(expected.getMessage()).isEqualTo("authenticationManager must be specified");
 		}
 	}
 
@@ -316,14 +303,12 @@ public class AbstractAuthenticationProcessingFilterTests {
 			fail("Should have thrown IllegalArgumentException");
 		}
 		catch (IllegalArgumentException expected) {
-			assertThat(expected.getMessage()).isEqualTo(
-					"Pattern cannot be null or empty");
+			assertThat(expected.getMessage()).isEqualTo("Pattern cannot be null or empty");
 		}
 	}
 
 	@Test
-	public void testSuccessLoginThenFailureLoginResultsInSessionLosingToken()
-			throws Exception {
+	public void testSuccessLoginThenFailureLoginResultsInSessionLosingToken() throws Exception {
 		// Setup our HTTP request
 		MockHttpServletRequest request = createMockAuthenticationRequest();
 
@@ -344,9 +329,7 @@ public class AbstractAuthenticationProcessingFilterTests {
 		filter.doFilter(request, response, chain);
 		assertThat(response.getRedirectedUrl()).isEqualTo("/mycontext/logged_in.jsp");
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull();
-		assertThat(
-				SecurityContextHolder.getContext().getAuthentication().getPrincipal().toString()).isEqualTo(
-						"test");
+		assertThat(SecurityContextHolder.getContext().getAuthentication().getPrincipal().toString()).isEqualTo("test");
 
 		// Now try again but this time have filter deny access
 		// Setup our HTTP request
@@ -366,8 +349,7 @@ public class AbstractAuthenticationProcessingFilterTests {
 	}
 
 	@Test
-	public void testSuccessfulAuthenticationInvokesSuccessHandlerAndSetsContext()
-			throws Exception {
+	public void testSuccessfulAuthenticationInvokesSuccessHandlerAndSetsContext() throws Exception {
 		// Setup our HTTP request
 		MockHttpServletRequest request = createMockAuthenticationRequest();
 
@@ -382,15 +364,14 @@ public class AbstractAuthenticationProcessingFilterTests {
 		// Setup our test object, to grant access
 		MockAuthenticationFilter filter = new MockAuthenticationFilter(true);
 		filter.setFilterProcessesUrl("/j_mock_post");
-		AuthenticationSuccessHandler successHandler = mock(
-				AuthenticationSuccessHandler.class);
+		AuthenticationSuccessHandler successHandler = mock(AuthenticationSuccessHandler.class);
 		filter.setAuthenticationSuccessHandler(successHandler);
 
 		// Test
 		filter.doFilter(request, response, chain);
 
-		verify(successHandler).onAuthenticationSuccess(any(HttpServletRequest.class),
-				any(HttpServletResponse.class), any(Authentication.class));
+		verify(successHandler).onAuthenticationSuccess(any(HttpServletRequest.class), any(HttpServletResponse.class),
+				any(Authentication.class));
 
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull();
 	}
@@ -410,15 +391,14 @@ public class AbstractAuthenticationProcessingFilterTests {
 
 		// Setup our test object, to deny access
 		MockAuthenticationFilter filter = new MockAuthenticationFilter(false);
-		AuthenticationFailureHandler failureHandler = mock(
-				AuthenticationFailureHandler.class);
+		AuthenticationFailureHandler failureHandler = mock(AuthenticationFailureHandler.class);
 		filter.setAuthenticationFailureHandler(failureHandler);
 
 		// Test
 		filter.doFilter(request, response, chain);
 
-		verify(failureHandler).onAuthenticationFailure(any(HttpServletRequest.class),
-				any(HttpServletResponse.class), any(AuthenticationException.class));
+		verify(failureHandler).onAuthenticationFailure(any(HttpServletRequest.class), any(HttpServletResponse.class),
+				any(AuthenticationException.class));
 
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
 	}
@@ -468,8 +448,7 @@ public class AbstractAuthenticationProcessingFilterTests {
 	 * SEC-1919
 	 */
 	@Test
-	public void loginErrorWithInternAuthenticationServiceExceptionLogsError()
-			throws Exception {
+	public void loginErrorWithInternAuthenticationServiceExceptionLogsError() throws Exception {
 		MockHttpServletRequest request = createMockAuthenticationRequest();
 
 		MockFilterChain chain = new MockFilterChain(true);
@@ -478,8 +457,7 @@ public class AbstractAuthenticationProcessingFilterTests {
 		Log logger = mock(Log.class);
 		MockAuthenticationFilter filter = new MockAuthenticationFilter(false);
 		ReflectionTestUtils.setField(filter, "logger", logger);
-		filter.exceptionToThrow = new InternalAuthenticationServiceException(
-				"Mock requested to do so");
+		filter.exceptionToThrow = new InternalAuthenticationServiceException("Mock requested to do so");
 		successHandler.setDefaultTargetUrl("https://monkeymachine.co.uk/");
 		filter.setAuthenticationSuccessHandler(successHandler);
 
@@ -501,8 +479,7 @@ public class AbstractAuthenticationProcessingFilterTests {
 	// ~ Inner Classes
 	// ==================================================================================================
 
-	private class MockAuthenticationFilter
-			extends AbstractAuthenticationProcessingFilter {
+	private class MockAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
 
 		private static final String DEFAULT_FILTER_PROCESSING_URL = "/j_mock_post";
 
@@ -520,7 +497,8 @@ public class AbstractAuthenticationProcessingFilterTests {
 			super(DEFAULT_FILTER_PROCESSING_URL);
 		}
 
-		private MockAuthenticationFilter(String defaultFilterProcessingUrl, AuthenticationManager authenticationManager) {
+		private MockAuthenticationFilter(String defaultFilterProcessingUrl,
+				AuthenticationManager authenticationManager) {
 			super(defaultFilterProcessingUrl, authenticationManager);
 			setupRememberMeServicesAndAuthenticationException();
 			this.grantAccess = true;
@@ -533,8 +511,8 @@ public class AbstractAuthenticationProcessingFilterTests {
 			this.grantAccess = true;
 		}
 
-		public Authentication attemptAuthentication(HttpServletRequest request,
-				HttpServletResponse response) throws AuthenticationException {
+		public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
+				throws AuthenticationException {
 			if (grantAccess) {
 				return new UsernamePasswordAuthenticationToken("test", "test",
 						AuthorityUtils.createAuthorityList("TEST"));
@@ -546,8 +524,7 @@ public class AbstractAuthenticationProcessingFilterTests {
 
 		private void setupRememberMeServicesAndAuthenticationException() {
 			setRememberMeServices(new NullRememberMeServices());
-			this.exceptionToThrow = new BadCredentialsException(
-					"Mock requested to do so");
+			this.exceptionToThrow = new BadCredentialsException("Mock requested to do so");
 		}
 
 	}
@@ -568,5 +545,7 @@ public class AbstractAuthenticationProcessingFilterTests {
 				fail("Did not expect filter chain to proceed");
 			}
 		}
+
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/authentication/AnonymousAuthenticationFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/AnonymousAuthenticationFilterTests.java
index 037006847a..821a51e1e8 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/AnonymousAuthenticationFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/AnonymousAuthenticationFilterTests.java
@@ -51,9 +51,8 @@ public class AnonymousAuthenticationFilterTests {
 	// ~ Methods
 	// ========================================================================================================
 
-	private void executeFilterInContainerSimulator(FilterConfig filterConfig,
-			Filter filter, ServletRequest request, ServletResponse response,
-			FilterChain filterChain) throws ServletException, IOException {
+	private void executeFilterInContainerSimulator(FilterConfig filterConfig, Filter filter, ServletRequest request,
+			ServletResponse response, FilterChain filterChain) throws ServletException, IOException {
 		filter.doFilter(request, response, filterChain);
 	}
 
@@ -76,36 +75,32 @@ public class AnonymousAuthenticationFilterTests {
 	@Test
 	public void testOperationWhenAuthenticationExistsInContextHolder() throws Exception {
 		// Put an Authentication object into the SecurityContextHolder
-		Authentication originalAuth = new TestingAuthenticationToken("user", "password",
-				"ROLE_A");
+		Authentication originalAuth = new TestingAuthenticationToken("user", "password", "ROLE_A");
 		SecurityContextHolder.getContext().setAuthentication(originalAuth);
 
-		AnonymousAuthenticationFilter filter = new AnonymousAuthenticationFilter(
-				"qwerty", "anonymousUsername",
+		AnonymousAuthenticationFilter filter = new AnonymousAuthenticationFilter("qwerty", "anonymousUsername",
 				AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS"));
 
 		// Test
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setRequestURI("x");
-		executeFilterInContainerSimulator(mock(FilterConfig.class), filter, request,
-				new MockHttpServletResponse(), new MockFilterChain(true));
+		executeFilterInContainerSimulator(mock(FilterConfig.class), filter, request, new MockHttpServletResponse(),
+				new MockFilterChain(true));
 
 		// Ensure filter didn't change our original object
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isEqualTo(originalAuth);
 	}
 
 	@Test
-	public void testOperationWhenNoAuthenticationInSecurityContextHolder()
-			throws Exception {
-		AnonymousAuthenticationFilter filter = new AnonymousAuthenticationFilter(
-				"qwerty", "anonymousUsername",
+	public void testOperationWhenNoAuthenticationInSecurityContextHolder() throws Exception {
+		AnonymousAuthenticationFilter filter = new AnonymousAuthenticationFilter("qwerty", "anonymousUsername",
 				AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS"));
 		filter.afterPropertiesSet();
 
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setRequestURI("x");
-		executeFilterInContainerSimulator(mock(FilterConfig.class), filter, request,
-				new MockHttpServletResponse(), new MockFilterChain(true));
+		executeFilterInContainerSimulator(mock(FilterConfig.class), filter, request, new MockHttpServletResponse(),
+				new MockFilterChain(true));
 
 		Authentication auth = SecurityContextHolder.getContext().getAuthentication();
 		assertThat(auth.getPrincipal()).isEqualTo("anonymousUsername");
@@ -118,6 +113,7 @@ public class AnonymousAuthenticationFilterTests {
 	// ==================================================================================================
 
 	private class MockFilterChain implements FilterChain {
+
 		private boolean expectToProceed;
 
 		MockFilterChain(boolean expectToProceed) {
@@ -129,5 +125,7 @@ public class AnonymousAuthenticationFilterTests {
 				fail("Did not expect filter chain to proceed");
 			}
 		}
+
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/authentication/AuthenticationFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/AuthenticationFilterTests.java
index bd79fa4dce..9e3d720999 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/AuthenticationFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/AuthenticationFilterTests.java
@@ -58,14 +58,19 @@ public class AuthenticationFilterTests {
 
 	@Mock
 	private AuthenticationSuccessHandler successHandler;
+
 	@Mock
 	private AuthenticationConverter authenticationConverter;
+
 	@Mock
 	private AuthenticationManager authenticationManager;
+
 	@Mock
 	private AuthenticationFailureHandler failureHandler;
+
 	@Mock
 	private AuthenticationManagerResolver<HttpServletRequest> authenticationManagerResolver;
+
 	@Mock
 	private RequestMatcher requestMatcher;
 
@@ -81,7 +86,8 @@ public class AuthenticationFilterTests {
 
 	@Test
 	public void filterWhenDefaultsAndNoAuthenticationThenContinues() throws Exception {
-		AuthenticationFilter filter = new AuthenticationFilter(this.authenticationManager, this.authenticationConverter);
+		AuthenticationFilter filter = new AuthenticationFilter(this.authenticationManager,
+				this.authenticationConverter);
 
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", "/");
 		MockHttpServletResponse response = new MockHttpServletResponse();
@@ -95,7 +101,8 @@ public class AuthenticationFilterTests {
 
 	@Test
 	public void filterWhenAuthenticationManagerResolverDefaultsAndNoAuthenticationThenContinues() throws Exception {
-		AuthenticationFilter filter = new AuthenticationFilter(this.authenticationManagerResolver, this.authenticationConverter);
+		AuthenticationFilter filter = new AuthenticationFilter(this.authenticationManagerResolver,
+				this.authenticationConverter);
 
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", "/");
 		MockHttpServletResponse response = new MockHttpServletResponse();
@@ -112,7 +119,8 @@ public class AuthenticationFilterTests {
 		Authentication authentication = new TestingAuthenticationToken("test", "this", "ROLE");
 		when(this.authenticationConverter.convert(any())).thenReturn(authentication);
 		when(this.authenticationManager.authenticate(any())).thenReturn(authentication);
-		AuthenticationFilter filter = new AuthenticationFilter(this.authenticationManager, this.authenticationConverter);
+		AuthenticationFilter filter = new AuthenticationFilter(this.authenticationManager,
+				this.authenticationConverter);
 
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", "/");
 		MockHttpServletResponse response = new MockHttpServletResponse();
@@ -131,7 +139,8 @@ public class AuthenticationFilterTests {
 		when(this.authenticationConverter.convert(any())).thenReturn(authentication);
 		when(this.authenticationManager.authenticate(any())).thenReturn(authentication);
 
-		AuthenticationFilter filter = new AuthenticationFilter(this.authenticationManagerResolver, this.authenticationConverter);
+		AuthenticationFilter filter = new AuthenticationFilter(this.authenticationManagerResolver,
+				this.authenticationConverter);
 
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", "/");
 		MockHttpServletResponse response = new MockHttpServletResponse();
@@ -149,7 +158,8 @@ public class AuthenticationFilterTests {
 		when(this.authenticationConverter.convert(any())).thenReturn(authentication);
 		when(this.authenticationManager.authenticate(any())).thenThrow(new BadCredentialsException("failed"));
 
-		AuthenticationFilter filter = new AuthenticationFilter(this.authenticationManager, this.authenticationConverter);
+		AuthenticationFilter filter = new AuthenticationFilter(this.authenticationManager,
+				this.authenticationConverter);
 
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", "/");
 		MockHttpServletResponse response = new MockHttpServletResponse();
@@ -167,7 +177,8 @@ public class AuthenticationFilterTests {
 		when(this.authenticationConverter.convert(any())).thenReturn(authentication);
 		when(this.authenticationManager.authenticate(any())).thenThrow(new BadCredentialsException("failed"));
 
-		AuthenticationFilter filter = new AuthenticationFilter(this.authenticationManagerResolver, this.authenticationConverter);
+		AuthenticationFilter filter = new AuthenticationFilter(this.authenticationManagerResolver,
+				this.authenticationConverter);
 
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", "/");
 		MockHttpServletResponse response = new MockHttpServletResponse();
@@ -181,7 +192,8 @@ public class AuthenticationFilterTests {
 	@Test
 	public void filterWhenConvertEmptyThenOk() throws Exception {
 		when(this.authenticationConverter.convert(any())).thenReturn(null);
-		AuthenticationFilter filter = new AuthenticationFilter(this.authenticationManagerResolver, this.authenticationConverter);
+		AuthenticationFilter filter = new AuthenticationFilter(this.authenticationManagerResolver,
+				this.authenticationConverter);
 
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", "/");
 		FilterChain chain = mock(FilterChain.class);
@@ -198,7 +210,8 @@ public class AuthenticationFilterTests {
 		when(this.authenticationConverter.convert(any())).thenReturn(authentication);
 		when(this.authenticationManager.authenticate(any())).thenReturn(authentication);
 
-		AuthenticationFilter filter = new AuthenticationFilter(this.authenticationManagerResolver, this.authenticationConverter);
+		AuthenticationFilter filter = new AuthenticationFilter(this.authenticationManagerResolver,
+				this.authenticationConverter);
 		filter.setSuccessHandler(successHandler);
 
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", "/");
@@ -217,7 +230,8 @@ public class AuthenticationFilterTests {
 		when(this.authenticationConverter.convert(any())).thenReturn(authentication);
 		when(this.authenticationManager.authenticate(any())).thenReturn(null);
 
-		AuthenticationFilter filter = new AuthenticationFilter(this.authenticationManagerResolver, this.authenticationConverter);
+		AuthenticationFilter filter = new AuthenticationFilter(this.authenticationManagerResolver,
+				this.authenticationConverter);
 		filter.setSuccessHandler(successHandler);
 
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", "/");
@@ -225,7 +239,8 @@ public class AuthenticationFilterTests {
 		FilterChain chain = mock(FilterChain.class);
 		try {
 			filter.doFilter(request, response, chain);
-		} catch (ServletException e) {
+		}
+		catch (ServletException e) {
 			verifyZeroInteractions(this.successHandler);
 			assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
 
@@ -237,7 +252,8 @@ public class AuthenticationFilterTests {
 	public void filterWhenNotMatchAndConvertAndAuthenticationSuccessThenContinues() throws Exception {
 		when(this.requestMatcher.matches(any())).thenReturn(false);
 
-		AuthenticationFilter filter = new AuthenticationFilter(this.authenticationManagerResolver, this.authenticationConverter);
+		AuthenticationFilter filter = new AuthenticationFilter(this.authenticationManagerResolver,
+				this.authenticationConverter);
 		filter.setRequestMatcher(this.requestMatcher);
 
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", "/");
@@ -263,7 +279,8 @@ public class AuthenticationFilterTests {
 		FilterChain chain = new MockFilterChain();
 
 		String sessionId = session.getId();
-		AuthenticationFilter filter = new AuthenticationFilter(this.authenticationManager, this.authenticationConverter);
+		AuthenticationFilter filter = new AuthenticationFilter(this.authenticationManager,
+				this.authenticationConverter);
 		filter.doFilter(request, response, chain);
 
 		assertThat(session.getId()).isNotEqualTo(sessionId);
diff --git a/web/src/test/java/org/springframework/security/web/authentication/DefaultLoginPageGeneratingFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/DefaultLoginPageGeneratingFilterTests.java
index fc4b43ba2b..c095377a47 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/DefaultLoginPageGeneratingFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/DefaultLoginPageGeneratingFilterTests.java
@@ -37,22 +37,20 @@ import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.Mockito.mock;
 
 /**
- *
  * @author Luke Taylor
  * @since 3.0
  */
 public class DefaultLoginPageGeneratingFilterTests {
+
 	private FilterChain chain = mock(FilterChain.class);
 
 	@Test
-	public void generatingPageWithAuthenticationProcessingFilterOnlyIsSuccessFul()
-			throws Exception {
+	public void generatingPageWithAuthenticationProcessingFilterOnlyIsSuccessFul() throws Exception {
 		DefaultLoginPageGeneratingFilter filter = new DefaultLoginPageGeneratingFilter(
 				new UsernamePasswordAuthenticationFilter());
-		filter.doFilter(new MockHttpServletRequest("GET", "/login"),
-				new MockHttpServletResponse(), chain);
-		filter.doFilter(new MockHttpServletRequest("GET", "/login;pathparam=unused"),
-				new MockHttpServletResponse(), chain);
+		filter.doFilter(new MockHttpServletRequest("GET", "/login"), new MockHttpServletResponse(), chain);
+		filter.doFilter(new MockHttpServletRequest("GET", "/login;pathparam=unused"), new MockHttpServletResponse(),
+				chain);
 	}
 
 	@Test
@@ -84,8 +82,7 @@ public class DefaultLoginPageGeneratingFilterTests {
 				new UsernamePasswordAuthenticationFilter());
 		MockHttpServletResponse response = new MockHttpServletResponse();
 
-		MockHttpServletRequest request = new MockHttpServletRequest("GET",
-				"/context/login");
+		MockHttpServletRequest request = new MockHttpServletRequest("GET", "/context/login");
 		request.setContextPath("/context");
 		filter.doFilter(request, response, chain);
 
@@ -122,13 +119,14 @@ public class DefaultLoginPageGeneratingFilterTests {
 		DefaultLoginPageGeneratingFilter filter = new DefaultLoginPageGeneratingFilter(
 				new UsernamePasswordAuthenticationFilter());
 		filter.setOauth2LoginEnabled(true);
-		filter.setOauth2AuthenticationUrlToClientName(Collections.singletonMap("XYUU",
-				"\u8109\u640F\u7F51\u5E10\u6237\u767B\u5F55"));
+		filter.setOauth2AuthenticationUrlToClientName(
+				Collections.singletonMap("XYUU", "\u8109\u640F\u7F51\u5E10\u6237\u767B\u5F55"));
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", "/login");
 		filter.doFilter(request, response, chain);
-		assertThat(response.getContentLength() == response.getContentAsString().getBytes(
-				response.getCharacterEncoding()).length).isTrue();
+		assertThat(response
+				.getContentLength() == response.getContentAsString().getBytes(response.getCharacterEncoding()).length)
+						.isTrue();
 	}
 
 	@Test
@@ -147,29 +145,28 @@ public class DefaultLoginPageGeneratingFilterTests {
 
 	@Test
 	public void generatingPageWithOpenIdFilterOnlyIsSuccessFul() throws Exception {
-		DefaultLoginPageGeneratingFilter filter = new DefaultLoginPageGeneratingFilter(
-				new MockProcessingFilter());
-		filter.doFilter(new MockHttpServletRequest("GET", "/login"),
-				new MockHttpServletResponse(), chain);
+		DefaultLoginPageGeneratingFilter filter = new DefaultLoginPageGeneratingFilter(new MockProcessingFilter());
+		filter.doFilter(new MockHttpServletRequest("GET", "/login"), new MockHttpServletResponse(), chain);
 	}
 
 	// Fake OpenID filter (since it's not in this module
 	@SuppressWarnings("unused")
-	private static class MockProcessingFilter extends
-			AbstractAuthenticationProcessingFilter {
+	private static class MockProcessingFilter extends AbstractAuthenticationProcessingFilter {
+
 		MockProcessingFilter() {
 			super("/someurl");
 		}
 
 		@Override
-		public Authentication attemptAuthentication(HttpServletRequest request,
-				HttpServletResponse response) throws AuthenticationException {
+		public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
+				throws AuthenticationException {
 			return null;
 		}
 
 		public String getClaimedIdentityFieldName() {
 			return "unused";
 		}
+
 	}
 
 	/* SEC-1111 */
@@ -180,11 +177,9 @@ public class DefaultLoginPageGeneratingFilterTests {
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", "/login");
 		request.addParameter("login_error", "true");
 		MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
-		String message = messages.getMessage(
-				"AbstractUserDetailsAuthenticationProvider.badCredentials",
+		String message = messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials",
 				"Bad credentials", Locale.KOREA);
-		request.getSession().setAttribute(WebAttributes.AUTHENTICATION_EXCEPTION,
-				new BadCredentialsException(message));
+		request.getSession().setAttribute(WebAttributes.AUTHENTICATION_EXCEPTION, new BadCredentialsException(message));
 
 		filter.doFilter(request, new MockHttpServletResponse(), chain);
 	}
@@ -198,12 +193,13 @@ public class DefaultLoginPageGeneratingFilterTests {
 
 		String clientName = "Google < > \" \' &";
 		filter.setOauth2AuthenticationUrlToClientName(
-			Collections.singletonMap("/oauth2/authorization/google", clientName));
+				Collections.singletonMap("/oauth2/authorization/google", clientName));
 
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		filter.doFilter(new MockHttpServletRequest("GET", "/login"), response, chain);
 
-		assertThat(response.getContentAsString()).contains("<a href=\"/oauth2/authorization/google\">Google &lt; &gt; &quot; &#39; &amp;</a>");
+		assertThat(response.getContentAsString())
+				.contains("<a href=\"/oauth2/authorization/google\">Google &lt; &gt; &quot; &#39; &amp;</a>");
 	}
 
 	@Test
@@ -213,13 +209,14 @@ public class DefaultLoginPageGeneratingFilterTests {
 		filter.setSaml2LoginEnabled(true);
 
 		String clientName = "Google < > \" \' &";
-		filter.setSaml2AuthenticationUrlToProviderName(
-				Collections.singletonMap("/saml/sso/google", clientName));
+		filter.setSaml2AuthenticationUrlToProviderName(Collections.singletonMap("/saml/sso/google", clientName));
 
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		filter.doFilter(new MockHttpServletRequest("GET", "/login"), response, chain);
 
 		assertThat(response.getContentAsString()).contains("Login with SAML 2.0");
-		assertThat(response.getContentAsString()).contains("<a href=\"/saml/sso/google\">Google &lt; &gt; &quot; &#39; &amp;</a>");
+		assertThat(response.getContentAsString())
+				.contains("<a href=\"/saml/sso/google\">Google &lt; &gt; &quot; &#39; &amp;</a>");
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPointContextTests.java b/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPointContextTests.java
index 482453532a..03599a603a 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPointContextTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPointContextTests.java
@@ -32,7 +32,8 @@ import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 
 @RunWith(SpringJUnit4ClassRunner.class)
-@ContextConfiguration(locations = "classpath:org/springframework/security/web/authentication/DelegatingAuthenticationEntryPointTest-context.xml")
+@ContextConfiguration(
+		locations = "classpath:org/springframework/security/web/authentication/DelegatingAuthenticationEntryPointTest-context.xml")
 public class DelegatingAuthenticationEntryPointContextTests {
 
 	@Autowired
@@ -54,8 +55,8 @@ public class DelegatingAuthenticationEntryPointContextTests {
 		request.addHeader("User-Agent", "Mozilla/5.0");
 		daep.commence(request, null, null);
 		verify(firstAEP).commence(request, null, null);
-		verify(defaultAEP, never()).commence(any(HttpServletRequest.class),
-				any(HttpServletResponse.class), any(AuthenticationException.class));
+		verify(defaultAEP, never()).commence(any(HttpServletRequest.class), any(HttpServletResponse.class),
+				any(AuthenticationException.class));
 
 	}
 
@@ -66,8 +67,8 @@ public class DelegatingAuthenticationEntryPointContextTests {
 		request.setRemoteAddr("192.168.1.10");
 		daep.commence(request, null, null);
 		verify(defaultAEP).commence(request, null, null);
-		verify(firstAEP, never()).commence(any(HttpServletRequest.class),
-				any(HttpServletResponse.class), any(AuthenticationException.class));
+		verify(firstAEP, never()).commence(any(HttpServletRequest.class), any(HttpServletResponse.class),
+				any(AuthenticationException.class));
 
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPointTests.java b/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPointTests.java
index 94eea5bcc7..2ce50f24c8 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPointTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPointTests.java
@@ -37,8 +37,11 @@ import org.springframework.security.web.util.matcher.RequestMatcher;
 public class DelegatingAuthenticationEntryPointTests {
 
 	private DelegatingAuthenticationEntryPoint daep;
+
 	private LinkedHashMap<RequestMatcher, AuthenticationEntryPoint> entryPoints;
+
 	private AuthenticationEntryPoint defaultEntryPoint;
+
 	private HttpServletRequest request = new MockHttpServletRequest();
 
 	@Before
diff --git a/web/src/test/java/org/springframework/security/web/authentication/ExceptionMappingAuthenticationFailureHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/ExceptionMappingAuthenticationFailureHandlerTests.java
index 1426d08280..a322a16b63 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/ExceptionMappingAuthenticationFailureHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/ExceptionMappingAuthenticationFailureHandlerTests.java
@@ -34,8 +34,7 @@ public class ExceptionMappingAuthenticationFailureHandlerTests {
 		ExceptionMappingAuthenticationFailureHandler fh = new ExceptionMappingAuthenticationFailureHandler();
 		fh.setDefaultFailureUrl("/failed");
 		MockHttpServletResponse response = new MockHttpServletResponse();
-		fh.onAuthenticationFailure(new MockHttpServletRequest(), response,
-				new BadCredentialsException(""));
+		fh.onAuthenticationFailure(new MockHttpServletRequest(), response, new BadCredentialsException(""));
 
 		assertThat(response.getRedirectedUrl()).isEqualTo("/failed");
 	}
@@ -44,14 +43,11 @@ public class ExceptionMappingAuthenticationFailureHandlerTests {
 	public void exceptionMapIsUsedIfMappingExists() throws Exception {
 		ExceptionMappingAuthenticationFailureHandler fh = new ExceptionMappingAuthenticationFailureHandler();
 		HashMap<String, String> mapping = new HashMap<>();
-		mapping.put(
-				"org.springframework.security.authentication.BadCredentialsException",
-				"/badcreds");
+		mapping.put("org.springframework.security.authentication.BadCredentialsException", "/badcreds");
 		fh.setExceptionMappings(mapping);
 		fh.setDefaultFailureUrl("/failed");
 		MockHttpServletResponse response = new MockHttpServletResponse();
-		fh.onAuthenticationFailure(new MockHttpServletRequest(), response,
-				new BadCredentialsException(""));
+		fh.onAuthenticationFailure(new MockHttpServletRequest(), response, new BadCredentialsException(""));
 
 		assertThat(response.getRedirectedUrl()).isEqualTo("/badcreds");
 	}
diff --git a/web/src/test/java/org/springframework/security/web/authentication/ForwardAuthenticaionSuccessHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/ForwardAuthenticaionSuccessHandlerTests.java
index 15e88ea033..a8985e0bec 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/ForwardAuthenticaionSuccessHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/ForwardAuthenticaionSuccessHandlerTests.java
@@ -1,58 +1,59 @@
-/*
- * Copyright 2002-2016 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.springframework.security.web.authentication;
-
-import org.junit.Test;
-import org.springframework.mock.web.MockHttpServletRequest;
-import org.springframework.mock.web.MockHttpServletResponse;
-import org.springframework.security.core.Authentication;
-
-import static org.mockito.Mockito.mock;
-import static org.assertj.core.api.Assertions.*;
-
-/**
- * <p>
- * Forward Authentication Failure Handler Tests
- * </p>
- *
- * @author Shazin Sadakath
- * @since 4.1
- */
-public class ForwardAuthenticaionSuccessHandlerTests {
-
-	@Test(expected = IllegalArgumentException.class)
-	public void invalidForwardUrl() {
-		new ForwardAuthenticationSuccessHandler("aaa");
-	}
-
-	@Test(expected = IllegalArgumentException.class)
-	public void emptyForwardUrl() {
-		new ForwardAuthenticationSuccessHandler("");
-	}
-
-	@Test
-	public void responseIsForwarded() throws Exception {
-		ForwardAuthenticationSuccessHandler fash = new ForwardAuthenticationSuccessHandler("/forwardUrl");
-
-		MockHttpServletRequest request = new MockHttpServletRequest();
-		MockHttpServletResponse response = new MockHttpServletResponse();
-		Authentication authentication = mock(Authentication.class);
-
-		fash.onAuthenticationSuccess(request, response, authentication);
-
-		assertThat(response.getForwardedUrl()).isEqualTo("/forwardUrl");
-	}
-}
+/*
+ * Copyright 2002-2016 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.security.web.authentication;
+
+import org.junit.Test;
+import org.springframework.mock.web.MockHttpServletRequest;
+import org.springframework.mock.web.MockHttpServletResponse;
+import org.springframework.security.core.Authentication;
+
+import static org.mockito.Mockito.mock;
+import static org.assertj.core.api.Assertions.*;
+
+/**
+ * <p>
+ * Forward Authentication Failure Handler Tests
+ * </p>
+ *
+ * @author Shazin Sadakath
+ * @since 4.1
+ */
+public class ForwardAuthenticaionSuccessHandlerTests {
+
+	@Test(expected = IllegalArgumentException.class)
+	public void invalidForwardUrl() {
+		new ForwardAuthenticationSuccessHandler("aaa");
+	}
+
+	@Test(expected = IllegalArgumentException.class)
+	public void emptyForwardUrl() {
+		new ForwardAuthenticationSuccessHandler("");
+	}
+
+	@Test
+	public void responseIsForwarded() throws Exception {
+		ForwardAuthenticationSuccessHandler fash = new ForwardAuthenticationSuccessHandler("/forwardUrl");
+
+		MockHttpServletRequest request = new MockHttpServletRequest();
+		MockHttpServletResponse response = new MockHttpServletResponse();
+		Authentication authentication = mock(Authentication.class);
+
+		fash.onAuthenticationSuccess(request, response, authentication);
+
+		assertThat(response.getForwardedUrl()).isEqualTo("/forwardUrl");
+	}
+
+}
diff --git a/web/src/test/java/org/springframework/security/web/authentication/ForwardAuthenticationFailureHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/ForwardAuthenticationFailureHandlerTests.java
index a6efaa47f8..4b0d3f07b8 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/ForwardAuthenticationFailureHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/ForwardAuthenticationFailureHandlerTests.java
@@ -1,60 +1,60 @@
-/*
- * Copyright 2002-2016 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.springframework.security.web.authentication;
-
-import org.junit.Test;
-import org.springframework.mock.web.MockHttpServletRequest;
-import org.springframework.mock.web.MockHttpServletResponse;
-import org.springframework.security.core.AuthenticationException;
-import org.springframework.security.web.WebAttributes;
-
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.Mockito.mock;
-
-/**
- * <p>
- * Forward Authentication Failure Handler Tests
- * </p>
- *
- * @author Shazin Sadakath
- * @since4.1
- */
-public class ForwardAuthenticationFailureHandlerTests {
-
-	@Test(expected = IllegalArgumentException.class)
-	public void invalidForwardUrl() {
-		new ForwardAuthenticationFailureHandler("aaa");
-	}
-
-	@Test(expected = IllegalArgumentException.class)
-	public void emptyForwardUrl() {
-		new ForwardAuthenticationFailureHandler("");
-	}
-
-	@Test
-	public void responseIsForwarded() throws Exception {
-		ForwardAuthenticationFailureHandler fafh = new ForwardAuthenticationFailureHandler("/forwardUrl");
-
-		MockHttpServletRequest request = new MockHttpServletRequest();
-		MockHttpServletResponse response = new MockHttpServletResponse();
-		AuthenticationException e = mock(AuthenticationException.class);
-
-		fafh.onAuthenticationFailure(request, response, e);
-
-		assertThat(response.getForwardedUrl()).isEqualTo("/forwardUrl");
-		assertThat(request.getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION)).isEqualTo(e);
-	}
-}
+/*
+ * Copyright 2002-2016 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.security.web.authentication;
+
+import org.junit.Test;
+import org.springframework.mock.web.MockHttpServletRequest;
+import org.springframework.mock.web.MockHttpServletResponse;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.WebAttributes;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.Mockito.mock;
+
+/**
+ * <p>
+ * Forward Authentication Failure Handler Tests
+ * </p>
+ *
+ * @author Shazin Sadakath @since4.1
+ */
+public class ForwardAuthenticationFailureHandlerTests {
+
+	@Test(expected = IllegalArgumentException.class)
+	public void invalidForwardUrl() {
+		new ForwardAuthenticationFailureHandler("aaa");
+	}
+
+	@Test(expected = IllegalArgumentException.class)
+	public void emptyForwardUrl() {
+		new ForwardAuthenticationFailureHandler("");
+	}
+
+	@Test
+	public void responseIsForwarded() throws Exception {
+		ForwardAuthenticationFailureHandler fafh = new ForwardAuthenticationFailureHandler("/forwardUrl");
+
+		MockHttpServletRequest request = new MockHttpServletRequest();
+		MockHttpServletResponse response = new MockHttpServletResponse();
+		AuthenticationException e = mock(AuthenticationException.class);
+
+		fafh.onAuthenticationFailure(request, response, e);
+
+		assertThat(response.getForwardedUrl()).isEqualTo("/forwardUrl");
+		assertThat(request.getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION)).isEqualTo(e);
+	}
+
+}
diff --git a/web/src/test/java/org/springframework/security/web/authentication/HttpStatusEntryPointTests.java b/web/src/test/java/org/springframework/security/web/authentication/HttpStatusEntryPointTests.java
index 6a74e5a8b6..aa2a9bfd69 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/HttpStatusEntryPointTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/HttpStatusEntryPointTests.java
@@ -25,13 +25,15 @@ import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.security.core.AuthenticationException;
 
 /**
- *
  * @author Rob Winch
  * @since 4.0
  */
 public class HttpStatusEntryPointTests {
+
 	MockHttpServletRequest request;
+
 	MockHttpServletResponse response;
+
 	AuthenticationException authException;
 
 	HttpStatusEntryPoint entryPoint;
diff --git a/web/src/test/java/org/springframework/security/web/authentication/LoginUrlAuthenticationEntryPointTests.java b/web/src/test/java/org/springframework/security/web/authentication/LoginUrlAuthenticationEntryPointTests.java
index 9981ff4572..35712c9402 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/LoginUrlAuthenticationEntryPointTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/LoginUrlAuthenticationEntryPointTests.java
@@ -33,6 +33,7 @@ import org.springframework.security.web.PortMapperImpl;
  * @author colin sampaleanu
  */
 public class LoginUrlAuthenticationEntryPointTests {
+
 	// ~ Methods
 	// ========================================================================================================
 
@@ -43,22 +44,19 @@ public class LoginUrlAuthenticationEntryPointTests {
 
 	@Test(expected = IllegalArgumentException.class)
 	public void testDetectsMissingPortMapper() {
-		LoginUrlAuthenticationEntryPoint ep = new LoginUrlAuthenticationEntryPoint(
-				"/login");
+		LoginUrlAuthenticationEntryPoint ep = new LoginUrlAuthenticationEntryPoint("/login");
 		ep.setPortMapper(null);
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void testDetectsMissingPortResolver() {
-		LoginUrlAuthenticationEntryPoint ep = new LoginUrlAuthenticationEntryPoint(
-				"/login");
+		LoginUrlAuthenticationEntryPoint ep = new LoginUrlAuthenticationEntryPoint("/login");
 		ep.setPortResolver(null);
 	}
 
 	@Test
 	public void testGettersSetters() {
-		LoginUrlAuthenticationEntryPoint ep = new LoginUrlAuthenticationEntryPoint(
-				"/hello");
+		LoginUrlAuthenticationEntryPoint ep = new LoginUrlAuthenticationEntryPoint("/hello");
 		ep.setPortMapper(new PortMapperImpl());
 		ep.setPortResolver(new MockPortResolver(8080, 8443));
 		assertThat(ep.getLoginFormUrl()).isEqualTo("/hello");
@@ -85,8 +83,7 @@ public class LoginUrlAuthenticationEntryPointTests {
 
 		MockHttpServletResponse response = new MockHttpServletResponse();
 
-		LoginUrlAuthenticationEntryPoint ep = new LoginUrlAuthenticationEntryPoint(
-				"/hello");
+		LoginUrlAuthenticationEntryPoint ep = new LoginUrlAuthenticationEntryPoint("/hello");
 		ep.setPortMapper(new PortMapperImpl());
 		ep.setForceHttps(true);
 		ep.setPortMapper(new PortMapperImpl());
@@ -136,8 +133,7 @@ public class LoginUrlAuthenticationEntryPointTests {
 
 		MockHttpServletResponse response = new MockHttpServletResponse();
 
-		LoginUrlAuthenticationEntryPoint ep = new LoginUrlAuthenticationEntryPoint(
-				"/hello");
+		LoginUrlAuthenticationEntryPoint ep = new LoginUrlAuthenticationEntryPoint("/hello");
 		ep.setPortMapper(new PortMapperImpl());
 		ep.setForceHttps(true);
 		ep.setPortMapper(new PortMapperImpl());
@@ -156,8 +152,7 @@ public class LoginUrlAuthenticationEntryPointTests {
 
 	@Test
 	public void testNormalOperation() throws Exception {
-		LoginUrlAuthenticationEntryPoint ep = new LoginUrlAuthenticationEntryPoint(
-				"/hello");
+		LoginUrlAuthenticationEntryPoint ep = new LoginUrlAuthenticationEntryPoint("/hello");
 		ep.setPortMapper(new PortMapperImpl());
 		ep.setPortResolver(new MockPortResolver(80, 443));
 		ep.afterPropertiesSet();
@@ -178,8 +173,7 @@ public class LoginUrlAuthenticationEntryPointTests {
 
 	@Test
 	public void testOperationWhenHttpsRequestsButHttpsPortUnknown() throws Exception {
-		LoginUrlAuthenticationEntryPoint ep = new LoginUrlAuthenticationEntryPoint(
-				"/hello");
+		LoginUrlAuthenticationEntryPoint ep = new LoginUrlAuthenticationEntryPoint("/hello");
 		ep.setPortResolver(new MockPortResolver(8888, 1234));
 		ep.setForceHttps(true);
 		ep.afterPropertiesSet();
@@ -202,10 +196,8 @@ public class LoginUrlAuthenticationEntryPointTests {
 	}
 
 	@Test
-	public void testServerSideRedirectWithoutForceHttpsForwardsToLoginPage()
-			throws Exception {
-		LoginUrlAuthenticationEntryPoint ep = new LoginUrlAuthenticationEntryPoint(
-				"/hello");
+	public void testServerSideRedirectWithoutForceHttpsForwardsToLoginPage() throws Exception {
+		LoginUrlAuthenticationEntryPoint ep = new LoginUrlAuthenticationEntryPoint("/hello");
 		ep.setUseForward(true);
 		ep.afterPropertiesSet();
 		MockHttpServletRequest request = new MockHttpServletRequest();
@@ -224,10 +216,8 @@ public class LoginUrlAuthenticationEntryPointTests {
 	}
 
 	@Test
-	public void testServerSideRedirectWithForceHttpsRedirectsCurrentRequest()
-			throws Exception {
-		LoginUrlAuthenticationEntryPoint ep = new LoginUrlAuthenticationEntryPoint(
-				"/hello");
+	public void testServerSideRedirectWithForceHttpsRedirectsCurrentRequest() throws Exception {
+		LoginUrlAuthenticationEntryPoint ep = new LoginUrlAuthenticationEntryPoint("/hello");
 		ep.setUseForward(true);
 		ep.setForceHttps(true);
 		ep.afterPropertiesSet();
@@ -250,8 +240,7 @@ public class LoginUrlAuthenticationEntryPointTests {
 	@Test
 	public void absoluteLoginFormUrlIsSupported() throws Exception {
 		final String loginFormUrl = "https://somesite.com/login";
-		LoginUrlAuthenticationEntryPoint ep = new LoginUrlAuthenticationEntryPoint(
-				loginFormUrl);
+		LoginUrlAuthenticationEntryPoint ep = new LoginUrlAuthenticationEntryPoint(loginFormUrl);
 		ep.afterPropertiesSet();
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		ep.commence(new MockHttpServletRequest("GET", "/someUrl"), response, null);
@@ -261,9 +250,9 @@ public class LoginUrlAuthenticationEntryPointTests {
 	@Test(expected = IllegalArgumentException.class)
 	public void absoluteLoginFormUrlCantBeUsedWithForwarding() throws Exception {
 		final String loginFormUrl = "https://somesite.com/login";
-		LoginUrlAuthenticationEntryPoint ep = new LoginUrlAuthenticationEntryPoint(
-				"https://somesite.com/login");
+		LoginUrlAuthenticationEntryPoint ep = new LoginUrlAuthenticationEntryPoint("https://somesite.com/login");
 		ep.setUseForward(true);
 		ep.afterPropertiesSet();
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/authentication/SavedRequestAwareAuthenticationSuccessHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/SavedRequestAwareAuthenticationSuccessHandlerTests.java
index 91ed96eb0b..840d142d8d 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/SavedRequestAwareAuthenticationSuccessHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/SavedRequestAwareAuthenticationSuccessHandlerTests.java
@@ -62,4 +62,5 @@ public class SavedRequestAwareAuthenticationSuccessHandlerTests {
 
 		verify(redirectStrategy).sendRedirect(request, response, redirectUrl);
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationFailureHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationFailureHandlerTests.java
index b36a935a36..b68bdc7234 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationFailureHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationFailureHandlerTests.java
@@ -26,7 +26,6 @@ import org.springframework.security.web.RedirectStrategy;
 import org.springframework.security.web.WebAttributes;
 
 /**
- *
  * @author Luke Taylor
  */
 public class SimpleUrlAuthenticationFailureHandlerTests {
@@ -40,8 +39,7 @@ public class SimpleUrlAuthenticationFailureHandlerTests {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
 
-		afh.onAuthenticationFailure(request, response,
-				mock(AuthenticationException.class));
+		afh.onAuthenticationFailure(request, response, mock(AuthenticationException.class));
 		assertThat(response.getStatus()).isEqualTo(401);
 	}
 
@@ -61,23 +59,20 @@ public class SimpleUrlAuthenticationFailureHandlerTests {
 
 	@Test
 	public void exceptionIsNotSavedIfAllowSessionCreationIsFalse() throws Exception {
-		SimpleUrlAuthenticationFailureHandler afh = new SimpleUrlAuthenticationFailureHandler(
-				"/target");
+		SimpleUrlAuthenticationFailureHandler afh = new SimpleUrlAuthenticationFailureHandler("/target");
 		afh.setAllowSessionCreation(false);
 		assertThat(afh.isAllowSessionCreation()).isFalse();
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
 
-		afh.onAuthenticationFailure(request, response,
-				mock(AuthenticationException.class));
+		afh.onAuthenticationFailure(request, response, mock(AuthenticationException.class));
 		assertThat(request.getSession(false)).isNull();
 	}
 
 	// SEC-462
 	@Test
 	public void responseIsForwardedIfUseForwardIsTrue() throws Exception {
-		SimpleUrlAuthenticationFailureHandler afh = new SimpleUrlAuthenticationFailureHandler(
-				"/target");
+		SimpleUrlAuthenticationFailureHandler afh = new SimpleUrlAuthenticationFailureHandler("/target");
 		afh.setUseForward(true);
 		assertThat(afh.isUseForward()).isTrue();
 
diff --git a/web/src/test/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationSuccessHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationSuccessHandlerTests.java
index f75660260d..332c063fc9 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationSuccessHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationSuccessHandlerTests.java
@@ -24,10 +24,10 @@ import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.security.core.Authentication;
 
 /**
- *
  * @author Luke Taylor
  */
 public class SimpleUrlAuthenticationSuccessHandlerTests {
+
 	@Test
 	public void defaultTargetUrlIsUsedIfNoOtherInformationSet() throws Exception {
 		SimpleUrlAuthenticationSuccessHandler ash = new SimpleUrlAuthenticationSuccessHandler();
@@ -43,8 +43,7 @@ public class SimpleUrlAuthenticationSuccessHandlerTests {
 	// SEC-1428
 	@Test
 	public void redirectIsNotPerformedIfResponseIsCommitted() throws Exception {
-		SimpleUrlAuthenticationSuccessHandler ash = new SimpleUrlAuthenticationSuccessHandler(
-				"/target");
+		SimpleUrlAuthenticationSuccessHandler ash = new SimpleUrlAuthenticationSuccessHandler("/target");
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		response.setCommitted(true);
@@ -58,8 +57,7 @@ public class SimpleUrlAuthenticationSuccessHandlerTests {
 	 */
 	@Test
 	public void targetUrlParameterIsUsedIfPresentAndParameterNameIsSet() throws Exception {
-		SimpleUrlAuthenticationSuccessHandler ash = new SimpleUrlAuthenticationSuccessHandler(
-				"/defaultTarget");
+		SimpleUrlAuthenticationSuccessHandler ash = new SimpleUrlAuthenticationSuccessHandler("/defaultTarget");
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		request.setParameter("targetUrl", "/target");
@@ -76,8 +74,7 @@ public class SimpleUrlAuthenticationSuccessHandlerTests {
 
 	@Test
 	public void refererIsUsedIfUseRefererIsSet() throws Exception {
-		SimpleUrlAuthenticationSuccessHandler ash = new SimpleUrlAuthenticationSuccessHandler(
-				"/defaultTarget");
+		SimpleUrlAuthenticationSuccessHandler ash = new SimpleUrlAuthenticationSuccessHandler("/defaultTarget");
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		ash.setUseReferer(true);
@@ -91,8 +88,7 @@ public class SimpleUrlAuthenticationSuccessHandlerTests {
 	 * SEC-297 fix.
 	 */
 	@Test
-	public void absoluteDefaultTargetUrlDoesNotHaveContextPathPrepended()
-			throws Exception {
+	public void absoluteDefaultTargetUrlDoesNotHaveContextPathPrepended() throws Exception {
 		SimpleUrlAuthenticationSuccessHandler ash = new SimpleUrlAuthenticationSuccessHandler();
 		ash.setDefaultTargetUrl("https://monkeymachine.co.uk/");
 		MockHttpServletRequest request = new MockHttpServletRequest();
@@ -129,4 +125,5 @@ public class SimpleUrlAuthenticationSuccessHandlerTests {
 		catch (IllegalArgumentException success) {
 		}
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/authentication/UsernamePasswordAuthenticationFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/UsernamePasswordAuthenticationFilterTests.java
index 6dc762e57d..5e5f90f816 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/UsernamePasswordAuthenticationFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/UsernamePasswordAuthenticationFilterTests.java
@@ -34,25 +34,21 @@ import org.springframework.security.core.AuthenticationException;
  * @author Ben Alex
  */
 public class UsernamePasswordAuthenticationFilterTests {
+
 	// ~ Methods
 	// ========================================================================================================
 
 	@Test
 	public void testNormalOperation() {
 		MockHttpServletRequest request = new MockHttpServletRequest("POST", "/");
-		request.addParameter(
-				UsernamePasswordAuthenticationFilter.SPRING_SECURITY_FORM_USERNAME_KEY,
-				"rod");
-		request.addParameter(
-				UsernamePasswordAuthenticationFilter.SPRING_SECURITY_FORM_PASSWORD_KEY,
-				"koala");
+		request.addParameter(UsernamePasswordAuthenticationFilter.SPRING_SECURITY_FORM_USERNAME_KEY, "rod");
+		request.addParameter(UsernamePasswordAuthenticationFilter.SPRING_SECURITY_FORM_PASSWORD_KEY, "koala");
 
 		UsernamePasswordAuthenticationFilter filter = new UsernamePasswordAuthenticationFilter();
 		filter.setAuthenticationManager(createAuthenticationManager());
 		// filter.init(null);
 
-		Authentication result = filter.attemptAuthentication(request,
-				new MockHttpServletResponse());
+		Authentication result = filter.attemptAuthentication(request, new MockHttpServletResponse());
 		assertThat(result != null).isTrue();
 		assertThat(((WebAuthenticationDetails) result.getDetails()).getRemoteAddress()).isEqualTo("127.0.0.1");
 	}
@@ -60,15 +56,11 @@ public class UsernamePasswordAuthenticationFilterTests {
 	@Test
 	public void testConstructorInjectionOfAuthenticationManager() {
 		MockHttpServletRequest request = new MockHttpServletRequest("POST", "/");
-		request.addParameter(
-				UsernamePasswordAuthenticationFilter.SPRING_SECURITY_FORM_USERNAME_KEY,
-				"rod");
-		request.addParameter(
-				UsernamePasswordAuthenticationFilter.SPRING_SECURITY_FORM_PASSWORD_KEY,
-				"dokdo");
+		request.addParameter(UsernamePasswordAuthenticationFilter.SPRING_SECURITY_FORM_USERNAME_KEY, "rod");
+		request.addParameter(UsernamePasswordAuthenticationFilter.SPRING_SECURITY_FORM_PASSWORD_KEY, "dokdo");
 
-		UsernamePasswordAuthenticationFilter filter =
-				new UsernamePasswordAuthenticationFilter(createAuthenticationManager());
+		UsernamePasswordAuthenticationFilter filter = new UsernamePasswordAuthenticationFilter(
+				createAuthenticationManager());
 
 		Authentication result = filter.attemptAuthentication(request, new MockHttpServletResponse());
 		assertThat(result).isNotNull();
@@ -77,27 +69,21 @@ public class UsernamePasswordAuthenticationFilterTests {
 	@Test
 	public void testNullPasswordHandledGracefully() {
 		MockHttpServletRequest request = new MockHttpServletRequest("POST", "/");
-		request.addParameter(
-				UsernamePasswordAuthenticationFilter.SPRING_SECURITY_FORM_USERNAME_KEY,
-				"rod");
+		request.addParameter(UsernamePasswordAuthenticationFilter.SPRING_SECURITY_FORM_USERNAME_KEY, "rod");
 
 		UsernamePasswordAuthenticationFilter filter = new UsernamePasswordAuthenticationFilter();
 		filter.setAuthenticationManager(createAuthenticationManager());
-		assertThat(filter
-				.attemptAuthentication(request, new MockHttpServletResponse())).isNotNull();
+		assertThat(filter.attemptAuthentication(request, new MockHttpServletResponse())).isNotNull();
 	}
 
 	@Test
 	public void testNullUsernameHandledGracefully() {
 		MockHttpServletRequest request = new MockHttpServletRequest("POST", "/");
-		request.addParameter(
-				UsernamePasswordAuthenticationFilter.SPRING_SECURITY_FORM_PASSWORD_KEY,
-				"koala");
+		request.addParameter(UsernamePasswordAuthenticationFilter.SPRING_SECURITY_FORM_PASSWORD_KEY, "koala");
 
 		UsernamePasswordAuthenticationFilter filter = new UsernamePasswordAuthenticationFilter();
 		filter.setAuthenticationManager(createAuthenticationManager());
-		assertThat(filter
-				.attemptAuthentication(request, new MockHttpServletResponse())).isNotNull();
+		assertThat(filter.attemptAuthentication(request, new MockHttpServletResponse())).isNotNull();
 	}
 
 	@Test
@@ -111,8 +97,7 @@ public class UsernamePasswordAuthenticationFilterTests {
 		request.addParameter("x", "rod");
 		request.addParameter("y", "koala");
 
-		Authentication result = filter.attemptAuthentication(request,
-				new MockHttpServletResponse());
+		Authentication result = filter.attemptAuthentication(request, new MockHttpServletResponse());
 		assertThat(result).isNotNull();
 		assertThat(((WebAuthenticationDetails) result.getDetails()).getRemoteAddress()).isEqualTo("127.0.0.1");
 	}
@@ -120,31 +105,23 @@ public class UsernamePasswordAuthenticationFilterTests {
 	@Test
 	public void testSpacesAreTrimmedCorrectlyFromUsername() {
 		MockHttpServletRequest request = new MockHttpServletRequest("POST", "/");
-		request.addParameter(
-				UsernamePasswordAuthenticationFilter.SPRING_SECURITY_FORM_USERNAME_KEY,
-				" rod ");
-		request.addParameter(
-				UsernamePasswordAuthenticationFilter.SPRING_SECURITY_FORM_PASSWORD_KEY,
-				"koala");
+		request.addParameter(UsernamePasswordAuthenticationFilter.SPRING_SECURITY_FORM_USERNAME_KEY, " rod ");
+		request.addParameter(UsernamePasswordAuthenticationFilter.SPRING_SECURITY_FORM_PASSWORD_KEY, "koala");
 
 		UsernamePasswordAuthenticationFilter filter = new UsernamePasswordAuthenticationFilter();
 		filter.setAuthenticationManager(createAuthenticationManager());
 
-		Authentication result = filter.attemptAuthentication(request,
-				new MockHttpServletResponse());
+		Authentication result = filter.attemptAuthentication(request, new MockHttpServletResponse());
 		assertThat(result.getName()).isEqualTo("rod");
 	}
 
 	@Test
 	public void testFailedAuthenticationThrowsException() {
 		MockHttpServletRequest request = new MockHttpServletRequest("POST", "/");
-		request.addParameter(
-				UsernamePasswordAuthenticationFilter.SPRING_SECURITY_FORM_USERNAME_KEY,
-				"rod");
+		request.addParameter(UsernamePasswordAuthenticationFilter.SPRING_SECURITY_FORM_USERNAME_KEY, "rod");
 		UsernamePasswordAuthenticationFilter filter = new UsernamePasswordAuthenticationFilter();
 		AuthenticationManager am = mock(AuthenticationManager.class);
-		when(am.authenticate(any(Authentication.class))).thenThrow(
-				new BadCredentialsException(""));
+		when(am.authenticate(any(Authentication.class))).thenThrow(new BadCredentialsException(""));
 		filter.setAuthenticationManager(am);
 
 		try {
@@ -174,8 +151,8 @@ public class UsernamePasswordAuthenticationFilterTests {
 
 	private AuthenticationManager createAuthenticationManager() {
 		AuthenticationManager am = mock(AuthenticationManager.class);
-		when(am.authenticate(any(Authentication.class))).thenAnswer(
-				(Answer<Authentication>) invocation -> (Authentication) invocation.getArguments()[0]);
+		when(am.authenticate(any(Authentication.class)))
+				.thenAnswer((Answer<Authentication>) invocation -> (Authentication) invocation.getArguments()[0]);
 
 		return am;
 	}
diff --git a/web/src/test/java/org/springframework/security/web/authentication/logout/CompositeLogoutHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/logout/CompositeLogoutHandlerTests.java
index f575c779d0..bfacd8d55f 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/logout/CompositeLogoutHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/logout/CompositeLogoutHandlerTests.java
@@ -64,8 +64,10 @@ public class CompositeLogoutHandlerTests {
 
 		handler.logout(mock(HttpServletRequest.class), mock(HttpServletResponse.class), mock(Authentication.class));
 
-		verify(securityContextLogoutHandler, times(1)).logout(any(HttpServletRequest.class), any(HttpServletResponse.class), any(Authentication.class));
-		verify(csrfLogoutHandler, times(1)).logout(any(HttpServletRequest.class), any(HttpServletResponse.class), any(Authentication.class));
+		verify(securityContextLogoutHandler, times(1)).logout(any(HttpServletRequest.class),
+				any(HttpServletResponse.class), any(Authentication.class));
+		verify(csrfLogoutHandler, times(1)).logout(any(HttpServletRequest.class), any(HttpServletResponse.class),
+				any(Authentication.class));
 	}
 
 	@Test
@@ -78,8 +80,10 @@ public class CompositeLogoutHandlerTests {
 
 		handler.logout(mock(HttpServletRequest.class), mock(HttpServletResponse.class), mock(Authentication.class));
 
-		verify(securityContextLogoutHandler, times(1)).logout(any(HttpServletRequest.class), any(HttpServletResponse.class), any(Authentication.class));
-		verify(csrfLogoutHandler, times(1)).logout(any(HttpServletRequest.class), any(HttpServletResponse.class), any(Authentication.class));
+		verify(securityContextLogoutHandler, times(1)).logout(any(HttpServletRequest.class),
+				any(HttpServletResponse.class), any(Authentication.class));
+		verify(csrfLogoutHandler, times(1)).logout(any(HttpServletRequest.class), any(HttpServletResponse.class),
+				any(Authentication.class));
 	}
 
 	@Test
@@ -87,7 +91,8 @@ public class CompositeLogoutHandlerTests {
 		LogoutHandler firstLogoutHandler = mock(LogoutHandler.class);
 		LogoutHandler secondLogoutHandler = mock(LogoutHandler.class);
 
-		doThrow(new IllegalArgumentException()).when(firstLogoutHandler).logout(any(HttpServletRequest.class), any(HttpServletResponse.class), any(Authentication.class));
+		doThrow(new IllegalArgumentException()).when(firstLogoutHandler).logout(any(HttpServletRequest.class),
+				any(HttpServletResponse.class), any(Authentication.class));
 
 		List<LogoutHandler> logoutHandlers = Arrays.asList(firstLogoutHandler, secondLogoutHandler);
 		LogoutHandler handler = new CompositeLogoutHandler(logoutHandlers);
@@ -95,13 +100,16 @@ public class CompositeLogoutHandlerTests {
 		try {
 			handler.logout(mock(HttpServletRequest.class), mock(HttpServletResponse.class), mock(Authentication.class));
 			fail("Expected Exception");
-		} catch (IllegalArgumentException success) {
+		}
+		catch (IllegalArgumentException success) {
 		}
 
 		InOrder logoutHandlersInOrder = inOrder(firstLogoutHandler, secondLogoutHandler);
 
-		logoutHandlersInOrder.verify(firstLogoutHandler, times(1)).logout(any(HttpServletRequest.class), any(HttpServletResponse.class), any(Authentication.class));
-		logoutHandlersInOrder.verify(secondLogoutHandler, never()).logout(any(HttpServletRequest.class), any(HttpServletResponse.class), any(Authentication.class));
+		logoutHandlersInOrder.verify(firstLogoutHandler, times(1)).logout(any(HttpServletRequest.class),
+				any(HttpServletResponse.class), any(Authentication.class));
+		logoutHandlersInOrder.verify(secondLogoutHandler, never()).logout(any(HttpServletRequest.class),
+				any(HttpServletResponse.class), any(Authentication.class));
 	}
 
 }
diff --git a/web/src/test/java/org/springframework/security/web/authentication/logout/CookieClearingLogoutHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/logout/CookieClearingLogoutHandlerTests.java
index e67169ad0d..b5192159d6 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/logout/CookieClearingLogoutHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/logout/CookieClearingLogoutHandlerTests.java
@@ -51,8 +51,7 @@ public class CookieClearingLogoutHandlerTests {
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setContextPath("/app");
-		CookieClearingLogoutHandler handler = new CookieClearingLogoutHandler(
-				"my_cookie", "my_cookie_too");
+		CookieClearingLogoutHandler handler = new CookieClearingLogoutHandler("my_cookie", "my_cookie_too");
 		handler.logout(request, response, mock(Authentication.class));
 		assertThat(response.getCookies()).hasSize(2);
 		for (Cookie c : response.getCookies()) {
@@ -106,7 +105,7 @@ public class CookieClearingLogoutHandlerTests {
 		}
 	}
 
-	@Test(expected=IllegalArgumentException.class)
+	@Test(expected = IllegalArgumentException.class)
 	public void invalidAge() {
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		MockHttpServletRequest request = new MockHttpServletRequest();
@@ -117,4 +116,5 @@ public class CookieClearingLogoutHandlerTests {
 		CookieClearingLogoutHandler handler = new CookieClearingLogoutHandler(cookie1);
 		handler.logout(request, response, mock(Authentication.class));
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/authentication/logout/DelegatingLogoutSuccessHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/logout/DelegatingLogoutSuccessHandlerTests.java
index 471bf17b82..66ef5e52ef 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/logout/DelegatingLogoutSuccessHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/logout/DelegatingLogoutSuccessHandlerTests.java
@@ -44,18 +44,25 @@ public class DelegatingLogoutSuccessHandlerTests {
 
 	@Mock
 	RequestMatcher matcher;
+
 	@Mock
 	RequestMatcher matcher2;
+
 	@Mock
 	LogoutSuccessHandler handler;
+
 	@Mock
 	LogoutSuccessHandler handler2;
+
 	@Mock
 	LogoutSuccessHandler defaultHandler;
+
 	@Mock
 	HttpServletRequest request;
+
 	@Mock
 	MockHttpServletResponse response;
+
 	@Mock
 	Authentication authentication;
 
@@ -74,11 +81,9 @@ public class DelegatingLogoutSuccessHandlerTests {
 		this.delegatingHandler.setDefaultLogoutSuccessHandler(this.defaultHandler);
 		when(this.matcher.matches(this.request)).thenReturn(true);
 
-		this.delegatingHandler.onLogoutSuccess(this.request, this.response,
-				this.authentication);
+		this.delegatingHandler.onLogoutSuccess(this.request, this.response, this.authentication);
 
-		verify(this.handler).onLogoutSuccess(this.request, this.response,
-				this.authentication);
+		verify(this.handler).onLogoutSuccess(this.request, this.response, this.authentication);
 		verifyZeroInteractions(this.matcher2, this.handler2, this.defaultHandler);
 	}
 
@@ -87,11 +92,9 @@ public class DelegatingLogoutSuccessHandlerTests {
 		this.delegatingHandler.setDefaultLogoutSuccessHandler(this.defaultHandler);
 		when(this.matcher2.matches(this.request)).thenReturn(true);
 
-		this.delegatingHandler.onLogoutSuccess(this.request, this.response,
-				this.authentication);
+		this.delegatingHandler.onLogoutSuccess(this.request, this.response, this.authentication);
 
-		verify(this.handler2).onLogoutSuccess(this.request, this.response,
-				this.authentication);
+		verify(this.handler2).onLogoutSuccess(this.request, this.response, this.authentication);
 		verifyZeroInteractions(this.handler, this.defaultHandler);
 	}
 
@@ -99,20 +102,18 @@ public class DelegatingLogoutSuccessHandlerTests {
 	public void onLogoutSuccessDefault() throws Exception {
 		this.delegatingHandler.setDefaultLogoutSuccessHandler(this.defaultHandler);
 
-		this.delegatingHandler.onLogoutSuccess(this.request, this.response,
-				this.authentication);
+		this.delegatingHandler.onLogoutSuccess(this.request, this.response, this.authentication);
 
-		verify(this.defaultHandler).onLogoutSuccess(this.request, this.response,
-				this.authentication);
+		verify(this.defaultHandler).onLogoutSuccess(this.request, this.response, this.authentication);
 		verifyZeroInteractions(this.handler, this.handler2);
 	}
 
 	@Test
 	public void onLogoutSuccessNoMatchDefaultNull() throws Exception {
 
-		this.delegatingHandler.onLogoutSuccess(this.request, this.response,
-				this.authentication);
+		this.delegatingHandler.onLogoutSuccess(this.request, this.response, this.authentication);
 
 		verifyZeroInteractions(this.handler, this.handler2, this.defaultHandler);
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/authentication/logout/HeaderWriterLogoutHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/logout/HeaderWriterLogoutHandlerTests.java
index e7dc9affd5..393278683d 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/logout/HeaderWriterLogoutHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/logout/HeaderWriterLogoutHandlerTests.java
@@ -30,14 +30,14 @@ import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
 
 /**
- *
  * @author Rafiullah Hamedy
  * @author Josh Cummings
- *
  * @see {@link HeaderWriterLogoutHandler}
  */
 public class HeaderWriterLogoutHandlerTests {
+
 	private MockHttpServletResponse response;
+
 	private MockHttpServletRequest request;
 
 	@Rule
@@ -65,4 +65,5 @@ public class HeaderWriterLogoutHandlerTests {
 
 		verify(headerWriter).writeHeaders(this.request, this.response);
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/authentication/logout/LogoutHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/logout/LogoutHandlerTests.java
index bc3edb1e30..675d301d5d 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/logout/LogoutHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/logout/LogoutHandlerTests.java
@@ -29,7 +29,9 @@ import org.springframework.security.web.firewall.DefaultHttpFirewall;
  * @author Luke Taylor
  */
 public class LogoutHandlerTests {
+
 	LogoutFilter filter;
+
 	@Before
 	public void setUp() {
 		filter = new LogoutFilter("/success", new SecurityContextLogoutHandler());
diff --git a/web/src/test/java/org/springframework/security/web/authentication/logout/LogoutSuccessEventPublishingLogoutHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/logout/LogoutSuccessEventPublishingLogoutHandlerTests.java
index c6dcc45f84..2ef3c9d1ab 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/logout/LogoutSuccessEventPublishingLogoutHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/logout/LogoutSuccessEventPublishingLogoutHandlerTests.java
@@ -63,5 +63,7 @@ public class LogoutSuccessEventPublishingLogoutHandlerTests {
 				flag = true;
 			}
 		}
+
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/authentication/logout/SecurityContextLogoutHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/logout/SecurityContextLogoutHandlerTests.java
index f7602ce81a..f6159c14d1 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/logout/SecurityContextLogoutHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/logout/SecurityContextLogoutHandlerTests.java
@@ -29,13 +29,15 @@ import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.core.context.SecurityContextHolder;
 
 /**
- *
  * @author Rob Winch
  *
  */
 public class SecurityContextLogoutHandlerTests {
+
 	private MockHttpServletRequest request;
+
 	private MockHttpServletResponse response;
+
 	private SecurityContextLogoutHandler handler;
 
 	@Before
@@ -46,8 +48,8 @@ public class SecurityContextLogoutHandlerTests {
 		handler = new SecurityContextLogoutHandler();
 
 		SecurityContext context = SecurityContextHolder.createEmptyContext();
-		context.setAuthentication(new TestingAuthenticationToken("user", "password",
-				AuthorityUtils.createAuthorityList("ROLE_USER")));
+		context.setAuthentication(
+				new TestingAuthenticationToken("user", "password", AuthorityUtils.createAuthorityList("ROLE_USER")));
 		SecurityContextHolder.setContext(context);
 	}
 
@@ -60,8 +62,7 @@ public class SecurityContextLogoutHandlerTests {
 	@Test
 	public void clearsAuthentication() {
 		SecurityContext beforeContext = SecurityContextHolder.getContext();
-		handler.logout(request, response, SecurityContextHolder.getContext()
-				.getAuthentication());
+		handler.logout(request, response, SecurityContextHolder.getContext().getAuthentication());
 		assertThat(beforeContext.getAuthentication()).isNull();
 	}
 
@@ -70,10 +71,10 @@ public class SecurityContextLogoutHandlerTests {
 		handler.setClearAuthentication(false);
 		SecurityContext beforeContext = SecurityContextHolder.getContext();
 		Authentication beforeAuthentication = beforeContext.getAuthentication();
-		handler.logout(request, response, SecurityContextHolder.getContext()
-				.getAuthentication());
+		handler.logout(request, response, SecurityContextHolder.getContext().getAuthentication());
 
 		assertThat(beforeContext.getAuthentication()).isNotNull();
 		assertThat(beforeContext.getAuthentication()).isSameAs(beforeAuthentication);
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/authentication/logout/SimpleUrlLogoutSuccessHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/logout/SimpleUrlLogoutSuccessHandlerTests.java
index 4c0d417d6f..dddf75f4e4 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/logout/SimpleUrlLogoutSuccessHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/logout/SimpleUrlLogoutSuccessHandlerTests.java
@@ -24,7 +24,6 @@ import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.security.core.Authentication;
 
 /**
- *
  * @author Luke Taylor
  */
 public class SimpleUrlLogoutSuccessHandlerTests {
diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilterTests.java
index 299f52df68..0b7809392e 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilterTests.java
@@ -48,12 +48,12 @@ import org.springframework.security.web.authentication.ForwardAuthenticationSucc
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 
 /**
- *
  * @author Rob Winch
  * @author Tadaya Tsuyukubo
  *
  */
 public class AbstractPreAuthenticatedProcessingFilterTests {
+
 	private AbstractPreAuthenticatedProcessingFilter filter;
 
 	@Before
@@ -78,12 +78,10 @@ public class AbstractPreAuthenticatedProcessingFilterTests {
 	@Test
 	public void filterChainProceedsOnFailedAuthenticationByDefault() throws Exception {
 		AuthenticationManager am = mock(AuthenticationManager.class);
-		when(am.authenticate(any(Authentication.class))).thenThrow(
-				new BadCredentialsException(""));
+		when(am.authenticate(any(Authentication.class))).thenThrow(new BadCredentialsException(""));
 		filter.setAuthenticationManager(am);
 		filter.afterPropertiesSet();
-		filter.doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(),
-				mock(FilterChain.class));
+		filter.doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(), mock(FilterChain.class));
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
 	}
 
@@ -92,13 +90,11 @@ public class AbstractPreAuthenticatedProcessingFilterTests {
 	public void exceptionIsThrownOnFailedAuthenticationIfContinueFilterChainOnUnsuccessfulAuthenticationSetToFalse()
 			throws Exception {
 		AuthenticationManager am = mock(AuthenticationManager.class);
-		when(am.authenticate(any(Authentication.class))).thenThrow(
-				new BadCredentialsException(""));
+		when(am.authenticate(any(Authentication.class))).thenThrow(new BadCredentialsException(""));
 		filter.setContinueFilterChainOnUnsuccessfulAuthentication(false);
 		filter.setAuthenticationManager(am);
 		filter.afterPropertiesSet();
-		filter.doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(),
-				mock(FilterChain.class));
+		filter.doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(), mock(FilterChain.class));
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
 	}
 
@@ -139,39 +135,34 @@ public class AbstractPreAuthenticatedProcessingFilterTests {
 	// SEC-1968
 	@Test
 	public void nullPreAuthenticationClearsPreviousUser() throws Exception {
-		SecurityContextHolder.getContext().setAuthentication(
-				new TestingAuthenticationToken("oldUser", "pass", "ROLE_USER"));
+		SecurityContextHolder.getContext()
+				.setAuthentication(new TestingAuthenticationToken("oldUser", "pass", "ROLE_USER"));
 		ConcretePreAuthenticatedProcessingFilter filter = new ConcretePreAuthenticatedProcessingFilter();
 		filter.principal = null;
 		filter.setCheckForPrincipalChanges(true);
 
-		filter.doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(),
-				new MockFilterChain());
+		filter.doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(), new MockFilterChain());
 
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
 	}
 
 	@Test
-	public void nullPreAuthenticationPerservesPreviousUserCheckPrincipalChangesFalse()
-			throws Exception {
-		TestingAuthenticationToken authentication = new TestingAuthenticationToken(
-				"oldUser", "pass", "ROLE_USER");
+	public void nullPreAuthenticationPerservesPreviousUserCheckPrincipalChangesFalse() throws Exception {
+		TestingAuthenticationToken authentication = new TestingAuthenticationToken("oldUser", "pass", "ROLE_USER");
 		SecurityContextHolder.getContext().setAuthentication(authentication);
 		ConcretePreAuthenticatedProcessingFilter filter = new ConcretePreAuthenticatedProcessingFilter();
 		filter.principal = null;
 
-		filter.doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(),
-				new MockFilterChain());
+		filter.doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(), new MockFilterChain());
 
-		assertThat(SecurityContextHolder.getContext().getAuthentication()).isEqualTo(
-				authentication);
+		assertThat(SecurityContextHolder.getContext().getAuthentication()).isEqualTo(authentication);
 	}
 
 	@Test
 	public void requiresAuthenticationFalsePrincipalString() throws Exception {
 		Object principal = "sameprincipal";
-		SecurityContextHolder.getContext().setAuthentication(
-				new TestingAuthenticationToken(principal, "something", "ROLE_USER"));
+		SecurityContextHolder.getContext()
+				.setAuthentication(new TestingAuthenticationToken(principal, "something", "ROLE_USER"));
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		MockFilterChain chain = new MockFilterChain();
@@ -191,8 +182,8 @@ public class AbstractPreAuthenticatedProcessingFilterTests {
 	@Test
 	public void requiresAuthenticationTruePrincipalString() throws Exception {
 		Object currentPrincipal = "currentUser";
-		TestingAuthenticationToken authRequest = new TestingAuthenticationToken(
-				currentPrincipal, "something", "ROLE_USER");
+		TestingAuthenticationToken authRequest = new TestingAuthenticationToken(currentPrincipal, "something",
+				"ROLE_USER");
 		SecurityContextHolder.getContext().setAuthentication(authRequest);
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
@@ -213,8 +204,8 @@ public class AbstractPreAuthenticatedProcessingFilterTests {
 	@Test
 	public void callsAuthenticationSuccessHandlerOnSuccessfulAuthentication() throws Exception {
 		Object currentPrincipal = "currentUser";
-		TestingAuthenticationToken authRequest = new TestingAuthenticationToken(
-				currentPrincipal, "something", "ROLE_USER");
+		TestingAuthenticationToken authRequest = new TestingAuthenticationToken(currentPrincipal, "something",
+				"ROLE_USER");
 		SecurityContextHolder.getContext().setAuthentication(authRequest);
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
@@ -244,7 +235,8 @@ public class AbstractPreAuthenticatedProcessingFilterTests {
 		filter.setAuthenticationFailureHandler(new ForwardAuthenticationFailureHandler("/forwardUrl"));
 		filter.setCheckForPrincipalChanges(true);
 		AuthenticationManager am = mock(AuthenticationManager.class);
-		when(am.authenticate(any(PreAuthenticatedAuthenticationToken.class))).thenThrow(new PreAuthenticatedCredentialsNotFoundException("invalid"));
+		when(am.authenticate(any(PreAuthenticatedAuthenticationToken.class)))
+				.thenThrow(new PreAuthenticatedCredentialsNotFoundException("invalid"));
 		filter.setAuthenticationManager(am);
 		filter.afterPropertiesSet();
 
@@ -259,8 +251,8 @@ public class AbstractPreAuthenticatedProcessingFilterTests {
 	@Test
 	public void requiresAuthenticationFalsePrincipalNotString() throws Exception {
 		Object principal = new Object();
-		SecurityContextHolder.getContext().setAuthentication(
-				new TestingAuthenticationToken(principal, "something", "ROLE_USER"));
+		SecurityContextHolder.getContext()
+				.setAuthentication(new TestingAuthenticationToken(principal, "something", "ROLE_USER"));
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		MockFilterChain chain = new MockFilterChain();
@@ -279,11 +271,9 @@ public class AbstractPreAuthenticatedProcessingFilterTests {
 
 	@Test
 	public void requiresAuthenticationFalsePrincipalUser() throws Exception {
-		User currentPrincipal = new User("user", "password",
-				AuthorityUtils.createAuthorityList("ROLE_USER"));
+		User currentPrincipal = new User("user", "password", AuthorityUtils.createAuthorityList("ROLE_USER"));
 		UsernamePasswordAuthenticationToken currentAuthentication = new UsernamePasswordAuthenticationToken(
-				currentPrincipal, currentPrincipal.getPassword(),
-				currentPrincipal.getAuthorities());
+				currentPrincipal, currentPrincipal.getPassword(), currentPrincipal.getAuthorities());
 		SecurityContextHolder.getContext().setAuthentication(currentAuthentication);
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
@@ -291,8 +281,8 @@ public class AbstractPreAuthenticatedProcessingFilterTests {
 
 		ConcretePreAuthenticatedProcessingFilter filter = new ConcretePreAuthenticatedProcessingFilter();
 		filter.setCheckForPrincipalChanges(true);
-		filter.principal = new User(currentPrincipal.getUsername(),
-				currentPrincipal.getPassword(), AuthorityUtils.NO_AUTHORITIES);
+		filter.principal = new User(currentPrincipal.getUsername(), currentPrincipal.getPassword(),
+				AuthorityUtils.NO_AUTHORITIES);
 		AuthenticationManager am = mock(AuthenticationManager.class);
 		filter.setAuthenticationManager(am);
 		filter.afterPropertiesSet();
@@ -305,8 +295,8 @@ public class AbstractPreAuthenticatedProcessingFilterTests {
 	@Test
 	public void requiresAuthenticationTruePrincipalNotString() throws Exception {
 		Object currentPrincipal = new Object();
-		TestingAuthenticationToken authRequest = new TestingAuthenticationToken(
-				currentPrincipal, "something", "ROLE_USER");
+		TestingAuthenticationToken authRequest = new TestingAuthenticationToken(currentPrincipal, "something",
+				"ROLE_USER");
 		SecurityContextHolder.getContext().setAuthentication(authRequest);
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
@@ -327,16 +317,15 @@ public class AbstractPreAuthenticatedProcessingFilterTests {
 	@Test
 	public void requiresAuthenticationOverridePrincipalChangedTrue() throws Exception {
 		Object principal = new Object();
-		SecurityContextHolder.getContext().setAuthentication(
-				new TestingAuthenticationToken(principal, "something", "ROLE_USER"));
+		SecurityContextHolder.getContext()
+				.setAuthentication(new TestingAuthenticationToken(principal, "something", "ROLE_USER"));
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		MockFilterChain chain = new MockFilterChain();
 
 		ConcretePreAuthenticatedProcessingFilter filter = new ConcretePreAuthenticatedProcessingFilter() {
 			@Override
-			protected boolean principalChanged(HttpServletRequest request,
-					Authentication currentAuthentication) {
+			protected boolean principalChanged(HttpServletRequest request, Authentication currentAuthentication) {
 				return true;
 			}
 		};
@@ -354,16 +343,15 @@ public class AbstractPreAuthenticatedProcessingFilterTests {
 	@Test
 	public void requiresAuthenticationOverridePrincipalChangedFalse() throws Exception {
 		Object principal = new Object();
-		SecurityContextHolder.getContext().setAuthentication(
-				new TestingAuthenticationToken(principal, "something", "ROLE_USER"));
+		SecurityContextHolder.getContext()
+				.setAuthentication(new TestingAuthenticationToken(principal, "something", "ROLE_USER"));
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		MockFilterChain chain = new MockFilterChain();
 
 		ConcretePreAuthenticatedProcessingFilter filter = new ConcretePreAuthenticatedProcessingFilter() {
 			@Override
-			protected boolean principalChanged(HttpServletRequest request,
-					Authentication currentAuthentication) {
+			protected boolean principalChanged(HttpServletRequest request, Authentication currentAuthentication) {
 				return false;
 			}
 		};
@@ -419,8 +407,7 @@ public class AbstractPreAuthenticatedProcessingFilterTests {
 		MockHttpServletRequest req = new MockHttpServletRequest();
 		MockHttpServletResponse res = new MockHttpServletResponse();
 		getFilter(grantAccess).doFilter(req, res, new MockFilterChain());
-		assertThat(null != SecurityContextHolder.getContext().getAuthentication()).isEqualTo(
-				grantAccess);
+		assertThat(null != SecurityContextHolder.getContext().getAuthentication()).isEqualTo(grantAccess);
 	}
 
 	private static ConcretePreAuthenticatedProcessingFilter getFilter(boolean grantAccess) {
@@ -428,12 +415,11 @@ public class AbstractPreAuthenticatedProcessingFilterTests {
 		AuthenticationManager am = mock(AuthenticationManager.class);
 
 		if (!grantAccess) {
-			when(am.authenticate(any(Authentication.class))).thenThrow(
-					new BadCredentialsException(""));
+			when(am.authenticate(any(Authentication.class))).thenThrow(new BadCredentialsException(""));
 		}
 		else {
-			when(am.authenticate(any(Authentication.class))).thenAnswer(
-					(Answer<Authentication>) invocation -> (Authentication) invocation.getArguments()[0]);
+			when(am.authenticate(any(Authentication.class)))
+					.thenAnswer((Answer<Authentication>) invocation -> (Authentication) invocation.getArguments()[0]);
 		}
 
 		filter.setAuthenticationManager(am);
@@ -441,9 +427,10 @@ public class AbstractPreAuthenticatedProcessingFilterTests {
 		return filter;
 	}
 
-	private static class ConcretePreAuthenticatedProcessingFilter extends
-			AbstractPreAuthenticatedProcessingFilter {
+	private static class ConcretePreAuthenticatedProcessingFilter extends AbstractPreAuthenticatedProcessingFilter {
+
 		private Object principal = "testPrincipal";
+
 		private boolean initFilterBeanInvoked;
 
 		protected Object getPreAuthenticatedPrincipal(HttpServletRequest httpRequest) {
@@ -459,6 +446,7 @@ public class AbstractPreAuthenticatedProcessingFilterTests {
 			super.initFilterBean();
 			initFilterBeanInvoked = true;
 		}
+
 	}
 
 }
diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/Http403ForbiddenEntryPointTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/Http403ForbiddenEntryPointTests.java
index 8581418229..e06cb6548f 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/preauth/Http403ForbiddenEntryPointTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/Http403ForbiddenEntryPointTests.java
@@ -34,13 +34,13 @@ public class Http403ForbiddenEntryPointTests {
 		MockHttpServletResponse resp = new MockHttpServletResponse();
 		Http403ForbiddenEntryPoint fep = new Http403ForbiddenEntryPoint();
 		try {
-			fep.commence(req, resp,
-					new AuthenticationCredentialsNotFoundException("test"));
-			assertThat(resp.getStatus()).withFailMessage("Incorrect status").isEqualTo(
-					HttpServletResponse.SC_FORBIDDEN);
+			fep.commence(req, resp, new AuthenticationCredentialsNotFoundException("test"));
+			assertThat(resp.getStatus()).withFailMessage("Incorrect status")
+					.isEqualTo(HttpServletResponse.SC_FORBIDDEN);
 		}
 		catch (IOException e) {
 			fail("Unexpected exception thrown: " + e);
 		}
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationProviderTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationProviderTests.java
index 1ed6001680..4063c0b485 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationProviderTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationProviderTests.java
@@ -27,7 +27,6 @@ import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
 
 /**
- *
  * @author TSARDD
  * @since 18-okt-2007
  */
@@ -42,11 +41,9 @@ public class PreAuthenticatedAuthenticationProviderTests {
 
 	@Test
 	public final void authenticateInvalidToken() throws Exception {
-		UserDetails ud = new User("dummyUser", "dummyPwd", true, true, true, true,
-				AuthorityUtils.NO_AUTHORITIES);
+		UserDetails ud = new User("dummyUser", "dummyPwd", true, true, true, true, AuthorityUtils.NO_AUTHORITIES);
 		PreAuthenticatedAuthenticationProvider provider = getProvider(ud);
-		Authentication request = new UsernamePasswordAuthenticationToken("dummyUser",
-				"dummyPwd");
+		Authentication request = new UsernamePasswordAuthenticationToken("dummyUser", "dummyPwd");
 		Authentication result = provider.authenticate(request);
 		assertThat(result).isNull();
 	}
@@ -54,19 +51,16 @@ public class PreAuthenticatedAuthenticationProviderTests {
 	@Test
 	public final void nullPrincipalReturnsNullAuthentication() {
 		PreAuthenticatedAuthenticationProvider provider = new PreAuthenticatedAuthenticationProvider();
-		Authentication request = new PreAuthenticatedAuthenticationToken(null,
-				"dummyPwd");
+		Authentication request = new PreAuthenticatedAuthenticationToken(null, "dummyPwd");
 		Authentication result = provider.authenticate(request);
 		assertThat(result).isNull();
 	}
 
 	@Test
 	public final void authenticateKnownUser() throws Exception {
-		UserDetails ud = new User("dummyUser", "dummyPwd", true, true, true, true,
-				AuthorityUtils.NO_AUTHORITIES);
+		UserDetails ud = new User("dummyUser", "dummyPwd", true, true, true, true, AuthorityUtils.NO_AUTHORITIES);
 		PreAuthenticatedAuthenticationProvider provider = getProvider(ud);
-		Authentication request = new PreAuthenticatedAuthenticationToken("dummyUser",
-				"dummyPwd");
+		Authentication request = new PreAuthenticatedAuthenticationToken("dummyUser", "dummyPwd");
 		Authentication result = provider.authenticate(request);
 		assertThat(result).isNotNull();
 		assertThat(ud).isEqualTo(result.getPrincipal());
@@ -75,11 +69,9 @@ public class PreAuthenticatedAuthenticationProviderTests {
 
 	@Test
 	public final void authenticateIgnoreCredentials() throws Exception {
-		UserDetails ud = new User("dummyUser1", "dummyPwd1", true, true, true, true,
-				AuthorityUtils.NO_AUTHORITIES);
+		UserDetails ud = new User("dummyUser1", "dummyPwd1", true, true, true, true, AuthorityUtils.NO_AUTHORITIES);
 		PreAuthenticatedAuthenticationProvider provider = getProvider(ud);
-		Authentication request = new PreAuthenticatedAuthenticationToken("dummyUser1",
-				"dummyPwd2");
+		Authentication request = new PreAuthenticatedAuthenticationToken("dummyUser1", "dummyPwd2");
 		Authentication result = provider.authenticate(request);
 		assertThat(result).isNotNull();
 		assertThat(ud).isEqualTo(result.getPrincipal());
@@ -88,11 +80,9 @@ public class PreAuthenticatedAuthenticationProviderTests {
 
 	@Test(expected = UsernameNotFoundException.class)
 	public final void authenticateUnknownUserThrowsException() throws Exception {
-		UserDetails ud = new User("dummyUser1", "dummyPwd", true, true, true, true,
-				AuthorityUtils.NO_AUTHORITIES);
+		UserDetails ud = new User("dummyUser1", "dummyPwd", true, true, true, true, AuthorityUtils.NO_AUTHORITIES);
 		PreAuthenticatedAuthenticationProvider provider = getProvider(ud);
-		Authentication request = new PreAuthenticatedAuthenticationToken("dummyUser2",
-				"dummyPwd");
+		Authentication request = new PreAuthenticatedAuthenticationToken("dummyUser2", "dummyPwd");
 		provider.authenticate(request);
 	}
 
@@ -117,8 +107,7 @@ public class PreAuthenticatedAuthenticationProviderTests {
 
 	private PreAuthenticatedAuthenticationProvider getProvider(UserDetails aUserDetails) {
 		PreAuthenticatedAuthenticationProvider result = new PreAuthenticatedAuthenticationProvider();
-		result.setPreAuthenticatedUserDetailsService(
-				getPreAuthenticatedUserDetailsService(aUserDetails));
+		result.setPreAuthenticatedUserDetailsService(getPreAuthenticatedUserDetailsService(aUserDetails));
 		result.afterPropertiesSet();
 		return result;
 	}
@@ -126,8 +115,7 @@ public class PreAuthenticatedAuthenticationProviderTests {
 	private AuthenticationUserDetailsService<PreAuthenticatedAuthenticationToken> getPreAuthenticatedUserDetailsService(
 			final UserDetails aUserDetails) {
 		return token -> {
-			if (aUserDetails != null
-					&& aUserDetails.getUsername().equals(token.getName())) {
+			if (aUserDetails != null && aUserDetails.getUsername().equals(token.getName())) {
 				return aUserDetails;
 			}
 
diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationTokenTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationTokenTests.java
index c1fc70b604..7663b8ee9a 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationTokenTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationTokenTests.java
@@ -25,7 +25,6 @@ import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.AuthorityUtils;
 
 /**
- *
  * @author TSARDD
  * @since 18-okt-2007
  */
@@ -36,8 +35,7 @@ public class PreAuthenticatedAuthenticationTokenTests {
 		Object principal = "dummyUser";
 		Object credentials = "dummyCredentials";
 		Object details = "dummyDetails";
-		PreAuthenticatedAuthenticationToken token = new PreAuthenticatedAuthenticationToken(
-				principal, credentials);
+		PreAuthenticatedAuthenticationToken token = new PreAuthenticatedAuthenticationToken(principal, credentials);
 		token.setDetails(details);
 		assertThat(token.getPrincipal()).isEqualTo(principal);
 		assertThat(token.getCredentials()).isEqualTo(credentials);
@@ -49,8 +47,7 @@ public class PreAuthenticatedAuthenticationTokenTests {
 	public void testPreAuthenticatedAuthenticationTokenRequestWithoutDetails() {
 		Object principal = "dummyUser";
 		Object credentials = "dummyCredentials";
-		PreAuthenticatedAuthenticationToken token = new PreAuthenticatedAuthenticationToken(
-				principal, credentials);
+		PreAuthenticatedAuthenticationToken token = new PreAuthenticatedAuthenticationToken(principal, credentials);
 		assertThat(token.getPrincipal()).isEqualTo(principal);
 		assertThat(token.getCredentials()).isEqualTo(credentials);
 		assertThat(token.getDetails()).isNull();
@@ -62,8 +59,8 @@ public class PreAuthenticatedAuthenticationTokenTests {
 		Object principal = "dummyUser";
 		Object credentials = "dummyCredentials";
 		List<GrantedAuthority> gas = AuthorityUtils.createAuthorityList("Role1");
-		PreAuthenticatedAuthenticationToken token = new PreAuthenticatedAuthenticationToken(
-				principal, credentials, gas);
+		PreAuthenticatedAuthenticationToken token = new PreAuthenticatedAuthenticationToken(principal, credentials,
+				gas);
 		assertThat(token.getPrincipal()).isEqualTo(principal);
 		assertThat(token.getCredentials()).isEqualTo(credentials);
 		assertThat(token.getDetails()).isNull();
@@ -71,9 +68,9 @@ public class PreAuthenticatedAuthenticationTokenTests {
 		Collection<GrantedAuthority> resultColl = token.getAuthorities();
 		assertThat(
 
-		gas.containsAll(resultColl) && resultColl.containsAll(gas)).withFailMessage(
-				"GrantedAuthority collections do not match; result: " + resultColl
-						+ ", expected: " + gas).isTrue();
+				gas.containsAll(resultColl) && resultColl.containsAll(gas)).withFailMessage(
+						"GrantedAuthority collections do not match; result: " + resultColl + ", expected: " + gas)
+						.isTrue();
 
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesUserDetailsServiceTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesUserDetailsServiceTests.java
index dc8b248884..1d5362ee25 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesUserDetailsServiceTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesUserDetailsServiceTests.java
@@ -26,7 +26,6 @@ import org.springframework.security.core.authority.GrantedAuthoritiesContainer;
 import org.springframework.security.core.userdetails.UserDetails;
 
 /**
- *
  * @author TSARDD
  * @since 18-okt-2007
  */
@@ -35,8 +34,7 @@ public class PreAuthenticatedGrantedAuthoritiesUserDetailsServiceTests {
 	@Test(expected = IllegalArgumentException.class)
 	public void testGetUserDetailsInvalidType() {
 		PreAuthenticatedGrantedAuthoritiesUserDetailsService svc = new PreAuthenticatedGrantedAuthoritiesUserDetailsService();
-		PreAuthenticatedAuthenticationToken token = new PreAuthenticatedAuthenticationToken(
-				"dummy", "dummy");
+		PreAuthenticatedAuthenticationToken token = new PreAuthenticatedAuthenticationToken("dummy", "dummy");
 		token.setDetails(new Object());
 		svc.loadUserDetails(token);
 	}
@@ -44,8 +42,7 @@ public class PreAuthenticatedGrantedAuthoritiesUserDetailsServiceTests {
 	@Test(expected = IllegalArgumentException.class)
 	public void testGetUserDetailsNoDetails() {
 		PreAuthenticatedGrantedAuthoritiesUserDetailsService svc = new PreAuthenticatedGrantedAuthoritiesUserDetailsService();
-		PreAuthenticatedAuthenticationToken token = new PreAuthenticatedAuthenticationToken(
-				"dummy", "dummy");
+		PreAuthenticatedAuthenticationToken token = new PreAuthenticatedAuthenticationToken("dummy", "dummy");
 		token.setDetails(null);
 		svc.loadUserDetails(token);
 	}
@@ -62,11 +59,9 @@ public class PreAuthenticatedGrantedAuthoritiesUserDetailsServiceTests {
 		testGetUserDetails(userName, AuthorityUtils.createAuthorityList("Role1", "Role2"));
 	}
 
-	private void testGetUserDetails(final String userName,
-			final List<GrantedAuthority> gas) {
+	private void testGetUserDetails(final String userName, final List<GrantedAuthority> gas) {
 		PreAuthenticatedGrantedAuthoritiesUserDetailsService svc = new PreAuthenticatedGrantedAuthoritiesUserDetailsService();
-		PreAuthenticatedAuthenticationToken token = new PreAuthenticatedAuthenticationToken(
-				userName, "dummy");
+		PreAuthenticatedAuthenticationToken token = new PreAuthenticatedAuthenticationToken(userName, "dummy");
 		token.setDetails((GrantedAuthoritiesContainer) () -> gas);
 		UserDetails ud = svc.loadUserDetails(token);
 		assertThat(ud.isAccountNonExpired()).isTrue();
@@ -79,8 +74,9 @@ public class PreAuthenticatedGrantedAuthoritiesUserDetailsServiceTests {
 		// PreAuthenticatedGrantedAuthoritiesUserDetailsService
 		// assertThat(password).isEqualTo(ud.getPassword());
 
-		assertThat(gas.containsAll(ud.getAuthorities())
-						&& ud.getAuthorities().containsAll(gas)).withFailMessage("GrantedAuthority collections do not match; result: "+ ud.getAuthorities() + ", expected: " + gas).isTrue();
+		assertThat(gas.containsAll(ud.getAuthorities()) && ud.getAuthorities().containsAll(gas)).withFailMessage(
+				"GrantedAuthority collections do not match; result: " + ud.getAuthorities() + ", expected: " + gas)
+				.isTrue();
 	}
 
 }
diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetailsTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetailsTests.java
index c676425fc0..ddbce204bb 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetailsTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetailsTests.java
@@ -32,6 +32,7 @@ import java.util.Set;
  * @author TSARDD
  */
 public class PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetailsTests {
+
 	List<GrantedAuthority> gas = AuthorityUtils.createAuthorityList("Role1", "Role2");
 
 	@Test
@@ -49,8 +50,9 @@ public class PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetailsTests {
 				getRequest("testUser", new String[] {}), gas);
 		List<GrantedAuthority> returnedGas = details.getGrantedAuthorities();
 		assertThat(gas.containsAll(returnedGas) && returnedGas.containsAll(gas))
-			.withFailMessage("Collections do not contain same elements; expected: " + gas
-				+ ", returned: " + returnedGas).isTrue();
+				.withFailMessage(
+						"Collections do not contain same elements; expected: " + gas + ", returned: " + returnedGas)
+				.isTrue();
 	}
 
 	private HttpServletRequest getRequest(final String userName, final String[] aRoles) {
diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/RequestAttributeAuthenticationFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/RequestAttributeAuthenticationFilterTests.java
index b6d04b5540..7d807cb769 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/preauth/RequestAttributeAuthenticationFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/RequestAttributeAuthenticationFilterTests.java
@@ -30,7 +30,6 @@ import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
 
 /**
- *
  * @author Milan Sevcik
  */
 public class RequestAttributeAuthenticationFilterTests {
@@ -62,11 +61,8 @@ public class RequestAttributeAuthenticationFilterTests {
 
 		filter.doFilter(request, response, chain);
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull();
-		assertThat(SecurityContextHolder.getContext().getAuthentication().getName())
-				.isEqualTo("cat");
-		assertThat(
-				SecurityContextHolder.getContext().getAuthentication().getCredentials())
-						.isEqualTo("N/A");
+		assertThat(SecurityContextHolder.getContext().getAuthentication().getName()).isEqualTo("cat");
+		assertThat(SecurityContextHolder.getContext().getAuthentication().getCredentials()).isEqualTo("N/A");
 	}
 
 	@Test
@@ -81,8 +77,7 @@ public class RequestAttributeAuthenticationFilterTests {
 
 		filter.doFilter(request, response, chain);
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull();
-		assertThat(SecurityContextHolder.getContext().getAuthentication().getName())
-				.isEqualTo("wolfman");
+		assertThat(SecurityContextHolder.getContext().getAuthentication().getName()).isEqualTo("wolfman");
 	}
 
 	@Test
@@ -98,14 +93,11 @@ public class RequestAttributeAuthenticationFilterTests {
 
 		filter.doFilter(request, response, chain);
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull();
-		assertThat(
-				SecurityContextHolder.getContext().getAuthentication().getCredentials())
-						.isEqualTo("catspassword");
+		assertThat(SecurityContextHolder.getContext().getAuthentication().getCredentials()).isEqualTo("catspassword");
 	}
 
 	@Test
-	public void userIsReauthenticatedIfPrincipalChangesAndCheckForPrincipalChangesIsSet()
-			throws Exception {
+	public void userIsReauthenticatedIfPrincipalChangesAndCheckForPrincipalChangesIsSet() throws Exception {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		RequestAttributeAuthenticationFilter filter = new RequestAttributeAuthenticationFilter();
@@ -139,8 +131,7 @@ public class RequestAttributeAuthenticationFilterTests {
 	}
 
 	@Test
-	public void missingHeaderIsIgnoredIfExceptionIfHeaderMissingIsFalse()
-			throws Exception {
+	public void missingHeaderIsIgnoredIfExceptionIfHeaderMissingIsFalse() throws Exception {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		MockFilterChain chain = new MockFilterChain();
@@ -160,4 +151,5 @@ public class RequestAttributeAuthenticationFilterTests {
 
 		return am;
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/header/RequestHeaderAuthenticationFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/header/RequestHeaderAuthenticationFilterTests.java
index e4de657aa8..c5237ba162 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/preauth/header/RequestHeaderAuthenticationFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/header/RequestHeaderAuthenticationFilterTests.java
@@ -32,7 +32,6 @@ import org.springframework.security.web.authentication.preauth.PreAuthenticatedC
 import org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter;
 
 /**
- *
  * @author Luke Taylor
  */
 public class RequestHeaderAuthenticationFilterTests {
@@ -100,8 +99,7 @@ public class RequestHeaderAuthenticationFilterTests {
 	}
 
 	@Test
-	public void userIsReauthenticatedIfPrincipalChangesAndCheckForPrincipalChangesIsSet()
-			throws Exception {
+	public void userIsReauthenticatedIfPrincipalChangesAndCheckForPrincipalChangesIsSet() throws Exception {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		RequestHeaderAuthenticationFilter filter = new RequestHeaderAuthenticationFilter();
@@ -134,8 +132,7 @@ public class RequestHeaderAuthenticationFilterTests {
 	}
 
 	@Test
-	public void missingHeaderIsIgnoredIfExceptionIfHeaderMissingIsFalse()
-			throws Exception {
+	public void missingHeaderIsIgnoredIfExceptionIfHeaderMissingIsFalse() throws Exception {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		MockFilterChain chain = new MockFilterChain();
@@ -150,9 +147,10 @@ public class RequestHeaderAuthenticationFilterTests {
 	 */
 	private AuthenticationManager createAuthenticationManager() {
 		AuthenticationManager am = mock(AuthenticationManager.class);
-		when(am.authenticate(any(Authentication.class))).thenAnswer(
-				(Answer<Authentication>) invocation -> (Authentication) invocation.getArguments()[0]);
+		when(am.authenticate(any(Authentication.class)))
+				.thenAnswer((Answer<Authentication>) invocation -> (Authentication) invocation.getArguments()[0]);
 
 		return am;
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/J2eeBasedPreAuthenticatedWebAuthenticationDetailsSourceTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/J2eeBasedPreAuthenticatedWebAuthenticationDetailsSourceTests.java
index 6decb116fb..0b78e6f2d2 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/J2eeBasedPreAuthenticatedWebAuthenticationDetailsSourceTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/J2eeBasedPreAuthenticatedWebAuthenticationDetailsSourceTests.java
@@ -36,7 +36,6 @@ import org.springframework.security.core.authority.mapping.SimpleMappableAttribu
 import org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails;
 
 /**
- *
  * @author TSARDD
  */
 public class J2eeBasedPreAuthenticatedWebAuthenticationDetailsSourceTests {
@@ -111,16 +110,15 @@ public class J2eeBasedPreAuthenticatedWebAuthenticationDetailsSourceTests {
 		testDetails(mappedRoles, roles, expectedRoles);
 	}
 
-	private void testDetails(String[] mappedRoles, String[] userRoles,
-			String[] expectedRoles) {
+	private void testDetails(String[] mappedRoles, String[] userRoles, String[] expectedRoles) {
 		J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource src = getJ2eeBasedPreAuthenticatedWebAuthenticationDetailsSource(
 				mappedRoles);
 		Object o = src.buildDetails(getRequest("testUser", userRoles));
 		assertThat(o).isNotNull();
-		assertThat(
-				o instanceof PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails).withFailMessage(
-						"Returned object not of type PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails, actual type: "
-								+ o.getClass()).isTrue();
+		assertThat(o instanceof PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails).withFailMessage(
+				"Returned object not of type PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails, actual type: "
+						+ o.getClass())
+				.isTrue();
 		PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails details = (PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails) o;
 		List<GrantedAuthority> gas = details.getGrantedAuthorities();
 		assertThat(gas).as("Granted authorities should not be null").isNotNull();
@@ -131,17 +129,15 @@ public class J2eeBasedPreAuthenticatedWebAuthenticationDetailsSourceTests {
 		for (GrantedAuthority grantedAuthority : gas) {
 			gasRolesSet.add(grantedAuthority.getAuthority());
 		}
-		assertThat(expectedRolesColl.containsAll(gasRolesSet)
-				&& gasRolesSet.containsAll(expectedRolesColl)).withFailMessage(
-						"Granted Authorities do not match expected roles").isTrue();
+		assertThat(expectedRolesColl.containsAll(gasRolesSet) && gasRolesSet.containsAll(expectedRolesColl))
+				.withFailMessage("Granted Authorities do not match expected roles").isTrue();
 	}
 
 	private J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource getJ2eeBasedPreAuthenticatedWebAuthenticationDetailsSource(
 			String[] mappedRoles) {
 		J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource result = new J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource();
 		result.setMappableRolesRetriever(getMappableRolesRetriever(mappedRoles));
-		result.setUserRoles2GrantedAuthoritiesMapper(
-				getJ2eeUserRoles2GrantedAuthoritiesMapper());
+		result.setUserRoles2GrantedAuthoritiesMapper(getJ2eeUserRoles2GrantedAuthoritiesMapper());
 
 		try {
 			result.afterPropertiesSet();
@@ -179,4 +175,5 @@ public class J2eeBasedPreAuthenticatedWebAuthenticationDetailsSourceTests {
 		req.setRemoteUser(userName);
 		return req;
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/J2eePreAuthenticatedProcessingFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/J2eePreAuthenticatedProcessingFilterTests.java
index 8e0c70923f..fb13d866a7 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/J2eePreAuthenticatedProcessingFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/J2eePreAuthenticatedProcessingFilterTests.java
@@ -27,7 +27,6 @@ import org.junit.Test;
 import org.springframework.mock.web.MockHttpServletRequest;
 
 /**
- *
  * @author TSARDD
  * @since 18-okt-2007
  */
@@ -36,20 +35,17 @@ public class J2eePreAuthenticatedProcessingFilterTests {
 	@Test
 	public final void testGetPreAuthenticatedPrincipal() {
 		String user = "testUser";
-		assertThat(user).isEqualTo(
-				new J2eePreAuthenticatedProcessingFilter().getPreAuthenticatedPrincipal(
-						getRequest(user, new String[] {})));
+		assertThat(user).isEqualTo(new J2eePreAuthenticatedProcessingFilter()
+				.getPreAuthenticatedPrincipal(getRequest(user, new String[] {})));
 	}
 
 	@Test
 	public final void testGetPreAuthenticatedCredentials() {
-		assertThat("N/A").isEqualTo(
-				new J2eePreAuthenticatedProcessingFilter().getPreAuthenticatedCredentials(
-						getRequest("testUser", new String[] {})));
+		assertThat("N/A").isEqualTo(new J2eePreAuthenticatedProcessingFilter()
+				.getPreAuthenticatedCredentials(getRequest("testUser", new String[] {})));
 	}
 
-	private HttpServletRequest getRequest(final String aUserName,
-			final String[] aRoles) {
+	private HttpServletRequest getRequest(final String aUserName, final String[] aRoles) {
 		MockHttpServletRequest req = new MockHttpServletRequest() {
 
 			private Set<String> roles = new HashSet<>(Arrays.asList(aRoles));
diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/WebXmlJ2eeDefinedRolesRetrieverTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/WebXmlJ2eeDefinedRolesRetrieverTests.java
index 4381376629..bf97620e76 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/WebXmlJ2eeDefinedRolesRetrieverTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/WebXmlJ2eeDefinedRolesRetrieverTests.java
@@ -30,8 +30,7 @@ public class WebXmlJ2eeDefinedRolesRetrieverTests {
 
 	@Test
 	public void testRole1To4Roles() throws Exception {
-		List<String> ROLE1TO4_EXPECTED_ROLES = Arrays.asList("Role1",
-				"Role2", "Role3", "Role4");
+		List<String> ROLE1TO4_EXPECTED_ROLES = Arrays.asList("Role1", "Role2", "Role3", "Role4");
 		final Resource webXml = new ClassPathResource("webxml/Role1-4.web.xml");
 		WebXmlMappableAttributesRetriever rolesRetriever = new WebXmlMappableAttributesRetriever();
 
@@ -67,4 +66,5 @@ public class WebXmlJ2eeDefinedRolesRetrieverTests {
 		Set<String> j2eeRoles = rolesRetriever.getMappableAttributes();
 		assertThat(j2eeRoles).isEmpty();
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedProcessingFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedProcessingFilterTests.java
index 395d45c0b4..381682ed48 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedProcessingFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedProcessingFilterTests.java
@@ -46,16 +46,13 @@ public class WebSpherePreAuthenticatedProcessingFilterTests {
 		new WebSpherePreAuthenticatedProcessingFilter();
 		WASUsernameAndGroupsExtractor helper = mock(WASUsernameAndGroupsExtractor.class);
 		when(helper.getCurrentUserName()).thenReturn("jerry");
-		WebSpherePreAuthenticatedProcessingFilter filter = new WebSpherePreAuthenticatedProcessingFilter(
-				helper);
-		assertThat(filter.getPreAuthenticatedPrincipal(new MockHttpServletRequest())).isEqualTo(
-				"jerry");
-		assertThat(filter.getPreAuthenticatedCredentials(new MockHttpServletRequest())).isEqualTo(
-				"N/A");
+		WebSpherePreAuthenticatedProcessingFilter filter = new WebSpherePreAuthenticatedProcessingFilter(helper);
+		assertThat(filter.getPreAuthenticatedPrincipal(new MockHttpServletRequest())).isEqualTo("jerry");
+		assertThat(filter.getPreAuthenticatedCredentials(new MockHttpServletRequest())).isEqualTo("N/A");
 
 		AuthenticationManager am = mock(AuthenticationManager.class);
-		when(am.authenticate(any(Authentication.class))).thenAnswer(
-				(Answer<Authentication>) invocation -> (Authentication) invocation.getArguments()[0]);
+		when(am.authenticate(any(Authentication.class)))
+				.thenAnswer((Answer<Authentication>) invocation -> (Authentication) invocation.getArguments()[0]);
 
 		filter.setAuthenticationManager(am);
 		WebSpherePreAuthenticatedWebAuthenticationDetailsSource ads = new WebSpherePreAuthenticatedWebAuthenticationDetailsSource(
@@ -63,8 +60,7 @@ public class WebSpherePreAuthenticatedProcessingFilterTests {
 		ads.setWebSphereGroups2GrantedAuthoritiesMapper(new SimpleAttributes2GrantedAuthoritiesMapper());
 		filter.setAuthenticationDetailsSource(ads);
 
-		filter.doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(),
-				mock(FilterChain.class));
+		filter.doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(), mock(FilterChain.class));
 	}
 
 }
diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/x509/SubjectDnX509PrincipalExtractorTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/x509/SubjectDnX509PrincipalExtractorTests.java
index 9e4b50bb00..cabf01e390 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/preauth/x509/SubjectDnX509PrincipalExtractorTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/x509/SubjectDnX509PrincipalExtractorTests.java
@@ -28,6 +28,7 @@ import org.junit.Before;
  * @author Luke Taylor
  */
 public class SubjectDnX509PrincipalExtractorTests {
+
 	SubjectDnX509PrincipalExtractor extractor;
 
 	@Before
@@ -43,16 +44,14 @@ public class SubjectDnX509PrincipalExtractorTests {
 
 	@Test
 	public void defaultCNPatternReturnsExcpectedPrincipal() throws Exception {
-		Object principal = extractor.extractPrincipal(X509TestUtils
-				.buildTestCertificate());
+		Object principal = extractor.extractPrincipal(X509TestUtils.buildTestCertificate());
 		assertThat(principal).isEqualTo("Luke Taylor");
 	}
 
 	@Test
 	public void matchOnEmailReturnsExpectedPrincipal() throws Exception {
 		extractor.setSubjectDnRegex("emailAddress=(.*?),");
-		Object principal = extractor.extractPrincipal(X509TestUtils
-				.buildTestCertificate());
+		Object principal = extractor.extractPrincipal(X509TestUtils.buildTestCertificate());
 		assertThat(principal).isEqualTo("luke@monkeymachine");
 	}
 
@@ -64,8 +63,8 @@ public class SubjectDnX509PrincipalExtractorTests {
 
 	@Test
 	public void defaultCNPatternReturnsPrincipalAtEndOfDNString() throws Exception {
-		Object principal = extractor.extractPrincipal(X509TestUtils
-				.buildTestCertificateWithCnAtEnd());
+		Object principal = extractor.extractPrincipal(X509TestUtils.buildTestCertificateWithCnAtEnd());
 		assertThat(principal).isEqualTo("Duke");
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/x509/X509TestUtils.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/x509/X509TestUtils.java
index 01b734ede0..5c09f1b327 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/preauth/x509/X509TestUtils.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/x509/X509TestUtils.java
@@ -26,6 +26,7 @@ import java.security.cert.X509Certificate;
  * @author Luke Taylor
  */
 public class X509TestUtils {
+
 	// ~ Methods
 	// ========================================================================================================
 
@@ -92,8 +93,7 @@ public class X509TestUtils {
 				+ "nRB3QPZfRvop0I4oPvwViKt3puLsi9XSSJ1w9yswnIf89iONT7ZyssPg48Bojo8q\n"
 				+ "lcKwXuDRBWciODK/xWhvQbaegGJ1BtXcEHtvNjrUJLwSMDSr+U5oUYdMohG0h1iJ\n"
 				+ "R+JQc49I33o2cTc77wfEWLtVdXAyYY4GSJR6VfgvV40x85ItaNS3HHfT/aXU1x4m\n"
-				+ "W9YQkWlA6t0blGlC+ghTOY1JbgWnEfXMmVgg9a9cWaYQ+NQwqA==\n"
-				+ "-----END CERTIFICATE-----";
+				+ "W9YQkWlA6t0blGlC+ghTOY1JbgWnEfXMmVgg9a9cWaYQ+NQwqA==\n" + "-----END CERTIFICATE-----";
 
 		ByteArrayInputStream in = new ByteArrayInputStream(cert.getBytes());
 		CertificateFactory cf = CertificateFactory.getInstance("X.509");
@@ -130,11 +130,12 @@ public class X509TestUtils {
 				+ "MOvaw6wSSkmEoEvdek3s/bH6Gp0spnykqtb+kunGr/XFxyBhHmfdSroEgzspslFh\n"
 				+ "Glqe/XfrQmFgPWd13GH8mqzSU1zc+0Ka7s68jcuNfz9ble5rT0IrdjRm5E64mVGk\n"
 				+ "aJTAO5N87ks5JjkDHDJzcyYRcIpqBGotJtyZTjGpIeAG8xLGlkSsUg88iUOchI7s\n"
-				+ "dOmse9mpgEjCb4kdZ0PnoxMFjsPR8AoGOz4A5vA19nKqWM8bxK9hqLGKsaiQpQg7\n"
-				+ "bA==\n" + "-----END CERTIFICATE-----\n";
+				+ "dOmse9mpgEjCb4kdZ0PnoxMFjsPR8AoGOz4A5vA19nKqWM8bxK9hqLGKsaiQpQg7\n" + "bA==\n"
+				+ "-----END CERTIFICATE-----\n";
 		ByteArrayInputStream in = new ByteArrayInputStream(cert.getBytes());
 		CertificateFactory cf = CertificateFactory.getInstance("X.509");
 
 		return (X509Certificate) cf.generateCertificate(in);
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServicesTests.java b/web/src/test/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServicesTests.java
index 1a515a3196..122089f5a0 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServicesTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServicesTests.java
@@ -51,8 +51,7 @@ import org.springframework.util.StringUtils;
 @PowerMockIgnore("javax.security.auth.*")
 public class AbstractRememberMeServicesTests {
 
-	static User joe = new User("joe", "password", true, true, true, true,
-			AuthorityUtils.createAuthorityList("ROLE_A"));
+	static User joe = new User("joe", "password", true, true, true, true, AuthorityUtils.createAuthorityList("ROLE_A"));
 
 	MockUserDetailsService uds;
 
@@ -100,8 +99,7 @@ public class AbstractRememberMeServicesTests {
 
 	@Test
 	public void cookieWithOpenIDidentifierAsNameIsEncodedAndDecoded() {
-		String[] cookie = new String[] { "https://id.openid.zz", "cookie", "tokens",
-			"blah" };
+		String[] cookie = new String[] { "https://id.openid.zz", "cookie", "tokens", "blah" };
 		MockRememberMeServices services = new MockRememberMeServices(uds);
 
 		String[] decoded = services.decodeCookie(services.encodeCookie(cookie));
@@ -124,16 +122,14 @@ public class AbstractRememberMeServicesTests {
 		assertThat(services.autoLogin(request, response)).isNull();
 
 		// shouldn't try to invalidate our cookie
-		assertThat(response.getCookie(
-				AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY)).isNull();
+		assertThat(response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY)).isNull();
 
 		request = new MockHttpServletRequest();
 		response = new MockHttpServletResponse();
 		// set non-login cookie
 		request.setCookies(new Cookie("mycookie", "cookie"));
 		assertThat(services.autoLogin(request, response)).isNull();
-		assertThat(response.getCookie(
-				AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY)).isNull();
+		assertThat(response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY)).isNull();
 	}
 
 	@Test
@@ -158,9 +154,7 @@ public class AbstractRememberMeServicesTests {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
 
-		request.setCookies(new Cookie(
-				AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY,
-				"ZZZ"));
+		request.setCookies(new Cookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, "ZZZ"));
 		Authentication result = services.autoLogin(request, response);
 		assertThat(result).isNull();
 		assertCookieCancelled(response);
@@ -172,8 +166,7 @@ public class AbstractRememberMeServicesTests {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
 
-		request.setCookies(new Cookie(
-				AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, ""));
+		request.setCookies(new Cookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, ""));
 		Authentication result = services.autoLogin(request, response);
 		assertThat(result).isNull();
 		assertCookieCancelled(response);
@@ -181,8 +174,7 @@ public class AbstractRememberMeServicesTests {
 
 	@Test
 	public void autoLoginShouldFailIfInvalidCookieExceptionIsRaised() {
-		MockRememberMeServices services = new MockRememberMeServices(
-				new MockUserDetailsService(joe, true));
+		MockRememberMeServices services = new MockRememberMeServices(new MockUserDetailsService(joe, true));
 
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		// Wrong number of tokens
@@ -216,8 +208,7 @@ public class AbstractRememberMeServicesTests {
 	public void autoLoginShouldFailIfUserAccountIsLocked() {
 		MockRememberMeServices services = new MockRememberMeServices(uds);
 		services.setUserDetailsChecker(new AccountStatusUserDetailsChecker());
-		uds.toReturn = new User("joe", "password", false, true, true, true,
-				joe.getAuthorities());
+		uds.toReturn = new User("joe", "password", false, true, true, true, joe.getAuthorities());
 
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setCookies(createLoginCookie("cookie:1:2"));
@@ -263,8 +254,7 @@ public class AbstractRememberMeServicesTests {
 
 		assertCookieCancelled(response);
 
-		Cookie returnedCookie = response.getCookie(
-				AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
+		Cookie returnedCookie = response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
 		assertThat(returnedCookie.getDomain()).isEqualTo("spring.io");
 	}
 
@@ -287,8 +277,7 @@ public class AbstractRememberMeServicesTests {
 
 		assertCookieCancelled(response);
 
-		Cookie returnedCookie = response.getCookie(
-				AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
+		Cookie returnedCookie = response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
 		assertThat(returnedCookie.getDomain()).isEqualTo("spring.io");
 		assertThat(returnedCookie.getSecure()).isEqualTo(true);
 	}
@@ -312,8 +301,7 @@ public class AbstractRememberMeServicesTests {
 
 		assertCookieCancelled(response);
 
-		Cookie returnedCookie = response.getCookie(
-				AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
+		Cookie returnedCookie = response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
 		assertThat(returnedCookie.getDomain()).isEqualTo("spring.io");
 		assertThat(returnedCookie.getSecure()).isEqualTo(true);
 	}
@@ -322,8 +310,8 @@ public class AbstractRememberMeServicesTests {
 	public void cookieTheftExceptionShouldBeRethrown() {
 		MockRememberMeServices services = new MockRememberMeServices(uds) {
 
-			protected UserDetails processAutoLoginCookie(String[] cookieTokens,
-					HttpServletRequest request, HttpServletResponse response) {
+			protected UserDetails processAutoLoginCookie(String[] cookieTokens, HttpServletRequest request,
+					HttpServletResponse response) {
 				throw new CookieTheftException("Pretending cookie was stolen");
 			}
 		};
@@ -410,8 +398,7 @@ public class AbstractRememberMeServicesTests {
 		};
 		services.setUseSecureCookie(true);
 		services.setCookie(new String[] { "mycookie" }, 1000, request, response);
-		Cookie cookie = response.getCookie(
-				AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
+		Cookie cookie = response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
 		assertThat(cookie.getSecure()).isTrue();
 	}
 
@@ -423,8 +410,7 @@ public class AbstractRememberMeServicesTests {
 
 		MockRememberMeServices services = new MockRememberMeServices(uds);
 		services.setCookie(new String[] { "mycookie" }, 1000, request, response);
-		Cookie cookie = response.getCookie(
-				AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
+		Cookie cookie = response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
 		assertThat(cookie.isHttpOnly()).isTrue();
 	}
 
@@ -437,8 +423,7 @@ public class AbstractRememberMeServicesTests {
 
 		services.setCookie(new String[] { "value" }, 0, request, response);
 
-		Cookie cookie = response.getCookie(
-				AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
+		Cookie cookie = response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
 		assertThat(cookie.getVersion()).isEqualTo(1);
 	}
 
@@ -451,8 +436,7 @@ public class AbstractRememberMeServicesTests {
 
 		services.setCookie(new String[] { "value" }, -1, request, response);
 
-		Cookie cookie = response.getCookie(
-				AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
+		Cookie cookie = response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
 		assertThat(cookie.getVersion()).isEqualTo(1);
 	}
 
@@ -465,8 +449,7 @@ public class AbstractRememberMeServicesTests {
 
 		services.setCookie(new String[] { "value" }, 1, request, response);
 
-		Cookie cookie = response.getCookie(
-				AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
+		Cookie cookie = response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
 		assertThat(cookie.getVersion()).isZero();
 	}
 
@@ -487,17 +470,14 @@ public class AbstractRememberMeServicesTests {
 
 	private Cookie[] createLoginCookie(String cookieToken) {
 		MockRememberMeServices services = new MockRememberMeServices(uds);
-		Cookie cookie = new Cookie(
-				AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY,
-				services.encodeCookie(
-						StringUtils.delimitedListToStringArray(cookieToken, ":")));
+		Cookie cookie = new Cookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY,
+				services.encodeCookie(StringUtils.delimitedListToStringArray(cookieToken, ":")));
 
 		return new Cookie[] { cookie };
 	}
 
 	private void assertCookieCancelled(MockHttpServletResponse response) {
-		Cookie returnedCookie = response.getCookie(
-				AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
+		Cookie returnedCookie = response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
 		assertThat(returnedCookie).isNotNull();
 		assertThat(returnedCookie.getMaxAge()).isZero();
 	}
@@ -521,14 +501,13 @@ public class AbstractRememberMeServicesTests {
 			this(new MockUserDetailsService(null, false));
 		}
 
-		protected void onLoginSuccess(HttpServletRequest request,
-				HttpServletResponse response, Authentication successfulAuthentication) {
+		protected void onLoginSuccess(HttpServletRequest request, HttpServletResponse response,
+				Authentication successfulAuthentication) {
 			loginSuccessCalled = true;
 		}
 
-		protected UserDetails processAutoLoginCookie(String[] cookieTokens,
-				HttpServletRequest request, HttpServletResponse response)
-						throws RememberMeAuthenticationException {
+		protected UserDetails processAutoLoginCookie(String[] cookieTokens, HttpServletRequest request,
+				HttpServletResponse response) throws RememberMeAuthenticationException {
 			if (cookieTokens.length != 3) {
 				throw new InvalidCookieException("deliberate exception");
 			}
@@ -537,6 +516,7 @@ public class AbstractRememberMeServicesTests {
 
 			return user;
 		}
+
 	}
 
 	public static class MockUserDetailsService implements UserDetailsService {
@@ -565,5 +545,7 @@ public class AbstractRememberMeServicesTests {
 		public void setThrowException(boolean value) {
 			this.throwException = value;
 		}
+
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/authentication/rememberme/JdbcTokenRepositoryImplTests.java b/web/src/test/java/org/springframework/security/web/authentication/rememberme/JdbcTokenRepositoryImplTests.java
index 4e2ce1a683..14380a6025 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/rememberme/JdbcTokenRepositoryImplTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/rememberme/JdbcTokenRepositoryImplTests.java
@@ -62,8 +62,7 @@ public class JdbcTokenRepositoryImplTests {
 
 	@BeforeClass
 	public static void createDataSource() {
-		dataSource = new SingleConnectionDataSource("jdbc:hsqldb:mem:tokenrepotest", "sa",
-				"", true);
+		dataSource = new SingleConnectionDataSource("jdbc:hsqldb:mem:tokenrepotest", "sa", "", true);
 		dataSource.setDriverClassName("org.hsqldb.jdbc.JDBCDriver");
 	}
 
@@ -80,9 +79,8 @@ public class JdbcTokenRepositoryImplTests {
 		repo.setDataSource(dataSource);
 		repo.initDao();
 		template = repo.getJdbcTemplate();
-		template.execute(
-				"create table persistent_logins (username varchar(100) not null, "
-						+ "series varchar(100) not null, token varchar(500) not null, last_used timestamp not null)");
+		template.execute("create table persistent_logins (username varchar(100) not null, "
+				+ "series varchar(100) not null, token varchar(500) not null, last_used timestamp not null)");
 	}
 
 	@After
@@ -93,12 +91,10 @@ public class JdbcTokenRepositoryImplTests {
 	@Test
 	public void createNewTokenInsertsCorrectData() {
 		Timestamp currentDate = new Timestamp(Calendar.getInstance().getTimeInMillis());
-		PersistentRememberMeToken token = new PersistentRememberMeToken("joeuser",
-				"joesseries", "atoken", currentDate);
+		PersistentRememberMeToken token = new PersistentRememberMeToken("joeuser", "joesseries", "atoken", currentDate);
 		repo.createNewToken(token);
 
-		Map<String, Object> results = template.queryForMap(
-				"select * from persistent_logins");
+		Map<String, Object> results = template.queryForMap("select * from persistent_logins");
 
 		assertThat(results.get("last_used")).isEqualTo(currentDate);
 		assertThat(results.get("username")).isEqualTo("joeuser");
@@ -109,26 +105,22 @@ public class JdbcTokenRepositoryImplTests {
 	@Test
 	public void retrievingTokenReturnsCorrectData() {
 
-		template.execute(
-				"insert into persistent_logins (series, username, token, last_used) values "
-						+ "('joesseries', 'joeuser', 'atoken', '2007-10-09 18:19:25.000000000')");
+		template.execute("insert into persistent_logins (series, username, token, last_used) values "
+				+ "('joesseries', 'joeuser', 'atoken', '2007-10-09 18:19:25.000000000')");
 		PersistentRememberMeToken token = repo.getTokenForSeries("joesseries");
 
 		assertThat(token.getUsername()).isEqualTo("joeuser");
 		assertThat(token.getSeries()).isEqualTo("joesseries");
 		assertThat(token.getTokenValue()).isEqualTo("atoken");
-		assertThat(token.getDate()).isEqualTo(
-				Timestamp.valueOf("2007-10-09 18:19:25.000000000"));
+		assertThat(token.getDate()).isEqualTo(Timestamp.valueOf("2007-10-09 18:19:25.000000000"));
 	}
 
 	@Test
 	public void retrievingTokenWithDuplicateSeriesReturnsNull() {
-		template.execute(
-				"insert into persistent_logins (series, username, token, last_used) values "
-						+ "('joesseries', 'joeuser', 'atoken2', '2007-10-19 18:19:25.000000000')");
-		template.execute(
-				"insert into persistent_logins (series, username, token, last_used) values "
-						+ "('joesseries', 'joeuser', 'atoken', '2007-10-09 18:19:25.000000000')");
+		template.execute("insert into persistent_logins (series, username, token, last_used) values "
+				+ "('joesseries', 'joeuser', 'atoken2', '2007-10-19 18:19:25.000000000')");
+		template.execute("insert into persistent_logins (series, username, token, last_used) values "
+				+ "('joesseries', 'joeuser', 'atoken', '2007-10-09 18:19:25.000000000')");
 
 		// List results =
 		// template.queryForList("select * from persistent_logins where series =
@@ -145,20 +137,17 @@ public class JdbcTokenRepositoryImplTests {
 		assertThat(repo.getTokenForSeries("missingSeries")).isNull();
 
 		verify(logger).isDebugEnabled();
-		verify(logger).debug(
-				eq("Querying token for series 'missingSeries' returned no results."),
+		verify(logger).debug(eq("Querying token for series 'missingSeries' returned no results."),
 				any(EmptyResultDataAccessException.class));
 		verifyNoMoreInteractions(logger);
 	}
 
 	@Test
 	public void removingUserTokensDeletesData() {
-		template.execute(
-				"insert into persistent_logins (series, username, token, last_used) values "
-						+ "('joesseries2', 'joeuser', 'atoken2', '2007-10-19 18:19:25.000000000')");
-		template.execute(
-				"insert into persistent_logins (series, username, token, last_used) values "
-						+ "('joesseries', 'joeuser', 'atoken', '2007-10-09 18:19:25.000000000')");
+		template.execute("insert into persistent_logins (series, username, token, last_used) values "
+				+ "('joesseries2', 'joeuser', 'atoken2', '2007-10-19 18:19:25.000000000')");
+		template.execute("insert into persistent_logins (series, username, token, last_used) values "
+				+ "('joesseries', 'joeuser', 'atoken', '2007-10-09 18:19:25.000000000')");
 
 		// List results =
 		// template.queryForList("select * from persistent_logins where series =
@@ -166,8 +155,8 @@ public class JdbcTokenRepositoryImplTests {
 
 		repo.removeUserTokens("joeuser");
 
-		List<Map<String, Object>> results = template.queryForList(
-				"select * from persistent_logins where username = 'joeuser'");
+		List<Map<String, Object>> results = template
+				.queryForList("select * from persistent_logins where username = 'joeuser'");
 
 		assertThat(results).isEmpty();
 	}
@@ -175,13 +164,12 @@ public class JdbcTokenRepositoryImplTests {
 	@Test
 	public void updatingTokenModifiesTokenValueAndLastUsed() {
 		Timestamp ts = new Timestamp(System.currentTimeMillis() - 1);
-		template.execute(
-				"insert into persistent_logins (series, username, token, last_used) values "
-						+ "('joesseries', 'joeuser', 'atoken', '" + ts.toString() + "')");
+		template.execute("insert into persistent_logins (series, username, token, last_used) values "
+				+ "('joesseries', 'joeuser', 'atoken', '" + ts.toString() + "')");
 		repo.updateToken("joesseries", "newtoken", new Date());
 
-		Map<String, Object> results = template.queryForMap(
-				"select * from persistent_logins where series = 'joesseries'");
+		Map<String, Object> results = template
+				.queryForMap("select * from persistent_logins where series = 'joesseries'");
 
 		assertThat(results.get("username")).isEqualTo("joeuser");
 		assertThat(results.get("series")).isEqualTo("joesseries");
@@ -198,8 +186,7 @@ public class JdbcTokenRepositoryImplTests {
 		repo.setCreateTableOnStartup(true);
 		repo.initDao();
 
-		template.queryForList(
-				"select username,series,token,last_used from persistent_logins");
+		template.queryForList("select username,series,token,last_used from persistent_logins");
 	}
 
 	// SEC-2879
diff --git a/web/src/test/java/org/springframework/security/web/authentication/rememberme/NullRememberMeServicesTests.java b/web/src/test/java/org/springframework/security/web/authentication/rememberme/NullRememberMeServicesTests.java
index f4cd4b620b..5155b88e6a 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/rememberme/NullRememberMeServicesTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/rememberme/NullRememberMeServicesTests.java
@@ -27,6 +27,7 @@ import org.springframework.security.web.authentication.NullRememberMeServices;
  * @author Ben Alex
  */
 public class NullRememberMeServicesTests {
+
 	// ~ Methods
 	// ========================================================================================================
 	@Test
@@ -37,4 +38,5 @@ public class NullRememberMeServicesTests {
 		services.loginSuccess(null, null, null);
 
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServicesTests.java b/web/src/test/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServicesTests.java
index b44f878fc8..931651d22e 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServicesTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServicesTests.java
@@ -35,11 +35,11 @@ import org.springframework.security.web.authentication.rememberme.PersistentToke
 import org.springframework.security.web.authentication.rememberme.PersistentTokenRepository;
 import org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationException;
 
-
 /**
  * @author Luke Taylor
  */
 public class PersistentTokenBasedRememberMeServicesTests {
+
 	private PersistentTokenBasedRememberMeServices services;
 
 	private MockTokenRepository repo;
@@ -47,8 +47,7 @@ public class PersistentTokenBasedRememberMeServicesTests {
 	@Before
 	public void setUpData() throws Exception {
 		services = new PersistentTokenBasedRememberMeServices("key",
-				new AbstractRememberMeServicesTests.MockUserDetailsService(
-						AbstractRememberMeServicesTests.joe, false),
+				new AbstractRememberMeServicesTests.MockUserDetailsService(AbstractRememberMeServicesTests.joe, false),
 				new InMemoryTokenRepositoryImpl());
 		services.setCookieName("mycookiename");
 		// Default to 100 days (see SEC-1081).
@@ -58,15 +57,15 @@ public class PersistentTokenBasedRememberMeServicesTests {
 
 	@Test(expected = InvalidCookieException.class)
 	public void loginIsRejectedWithWrongNumberOfCookieTokens() {
-		services.processAutoLoginCookie(new String[] { "series", "token", "extra" },
-				new MockHttpServletRequest(), new MockHttpServletResponse());
+		services.processAutoLoginCookie(new String[] { "series", "token", "extra" }, new MockHttpServletRequest(),
+				new MockHttpServletResponse());
 	}
 
 	@Test(expected = RememberMeAuthenticationException.class)
 	public void loginIsRejectedWhenNoTokenMatchingSeriesIsFound() {
 		services = create(null);
-		services.processAutoLoginCookie(new String[] { "series", "token" },
-				new MockHttpServletRequest(), new MockHttpServletResponse());
+		services.processAutoLoginCookie(new String[] { "series", "token" }, new MockHttpServletRequest(),
+				new MockHttpServletResponse());
 	}
 
 	@Test(expected = RememberMeAuthenticationException.class)
@@ -75,31 +74,27 @@ public class PersistentTokenBasedRememberMeServicesTests {
 				new Date(System.currentTimeMillis() - TimeUnit.SECONDS.toMillis(1) - 100)));
 		services.setTokenValiditySeconds(1);
 
-		services.processAutoLoginCookie(new String[] { "series", "token" },
-				new MockHttpServletRequest(), new MockHttpServletResponse());
+		services.processAutoLoginCookie(new String[] { "series", "token" }, new MockHttpServletRequest(),
+				new MockHttpServletResponse());
 	}
 
 	@Test(expected = CookieTheftException.class)
 	public void cookieTheftIsDetectedWhenSeriesAndTokenDontMatch() {
-		services = create(new PersistentRememberMeToken("joe", "series", "wrongtoken",
-				new Date()));
-		services.processAutoLoginCookie(new String[] { "series", "token" },
-				new MockHttpServletRequest(), new MockHttpServletResponse());
+		services = create(new PersistentRememberMeToken("joe", "series", "wrongtoken", new Date()));
+		services.processAutoLoginCookie(new String[] { "series", "token" }, new MockHttpServletRequest(),
+				new MockHttpServletResponse());
 	}
 
 	@Test
 	public void successfulAutoLoginCreatesNewTokenAndCookieWithSameSeries() {
-		services = create(new PersistentRememberMeToken("joe", "series", "token",
-				new Date()));
+		services = create(new PersistentRememberMeToken("joe", "series", "token", new Date()));
 		// 12 => b64 length will be 16
 		services.setTokenLength(12);
 		MockHttpServletResponse response = new MockHttpServletResponse();
-		services.processAutoLoginCookie(new String[] { "series", "token" },
-				new MockHttpServletRequest(), response);
+		services.processAutoLoginCookie(new String[] { "series", "token" }, new MockHttpServletRequest(), response);
 		assertThat(repo.getStoredToken().getSeries()).isEqualTo("series");
 		assertThat(repo.getStoredToken().getTokenValue().length()).isEqualTo(16);
-		String[] cookie = services.decodeCookie(response.getCookie("mycookiename")
-				.getValue());
+		String[] cookie = services.decodeCookie(response.getCookie("mycookiename").getValue());
 		assertThat(cookie[0]).isEqualTo("series");
 		assertThat(cookie[1]).isEqualTo(repo.getStoredToken().getTokenValue());
 	}
@@ -116,8 +111,7 @@ public class PersistentTokenBasedRememberMeServicesTests {
 		assertThat(repo.getStoredToken().getSeries().length()).isEqualTo(16);
 		assertThat(repo.getStoredToken().getTokenValue().length()).isEqualTo(16);
 
-		String[] cookie = services.decodeCookie(response.getCookie("mycookiename")
-				.getValue());
+		String[] cookie = services.decodeCookie(response.getCookie("mycookiename").getValue());
 
 		assertThat(cookie[0]).isEqualTo(repo.getStoredToken().getSeries());
 		assertThat(cookie[1]).isEqualTo(repo.getStoredToken().getTokenValue());
@@ -129,10 +123,8 @@ public class PersistentTokenBasedRememberMeServicesTests {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setCookies(cookie);
 		MockHttpServletResponse response = new MockHttpServletResponse();
-		services = create(new PersistentRememberMeToken("joe", "series", "token",
-				new Date()));
-		services.logout(request, response, new TestingAuthenticationToken("joe",
-				"somepass", "SOME_AUTH"));
+		services = create(new PersistentRememberMeToken("joe", "series", "token", new Date()));
+		services.logout(request, response, new TestingAuthenticationToken("joe", "somepass", "SOME_AUTH"));
 		Cookie returnedCookie = response.getCookie("mycookiename");
 		assertThat(returnedCookie).isNotNull();
 		assertThat(returnedCookie.getMaxAge()).isZero();
@@ -143,15 +135,16 @@ public class PersistentTokenBasedRememberMeServicesTests {
 
 	private PersistentTokenBasedRememberMeServices create(PersistentRememberMeToken token) {
 		repo = new MockTokenRepository(token);
-		PersistentTokenBasedRememberMeServices services = new PersistentTokenBasedRememberMeServices(
-				"key", new AbstractRememberMeServicesTests.MockUserDetailsService(
-						AbstractRememberMeServicesTests.joe, false), repo);
+		PersistentTokenBasedRememberMeServices services = new PersistentTokenBasedRememberMeServices("key",
+				new AbstractRememberMeServicesTests.MockUserDetailsService(AbstractRememberMeServicesTests.joe, false),
+				repo);
 
 		services.setCookieName("mycookiename");
 		return services;
 	}
 
 	private class MockTokenRepository implements PersistentTokenRepository {
+
 		private PersistentRememberMeToken storedToken;
 
 		private MockTokenRepository(PersistentRememberMeToken token) {
@@ -163,8 +156,8 @@ public class PersistentTokenBasedRememberMeServicesTests {
 		}
 
 		public void updateToken(String series, String tokenValue, Date lastUsed) {
-			storedToken = new PersistentRememberMeToken(storedToken.getUsername(),
-					storedToken.getSeries(), tokenValue, lastUsed);
+			storedToken = new PersistentRememberMeToken(storedToken.getUsername(), storedToken.getSeries(), tokenValue,
+					lastUsed);
 		}
 
 		public PersistentRememberMeToken getTokenForSeries(String seriesId) {
@@ -177,5 +170,7 @@ public class PersistentTokenBasedRememberMeServicesTests {
 		PersistentRememberMeToken getStoredToken() {
 			return storedToken;
 		}
+
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationFilterTests.java
index 72282685ab..852b08844f 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationFilterTests.java
@@ -43,8 +43,8 @@ import javax.servlet.http.HttpServletResponse;
  * @author Ben Alex
  */
 public class RememberMeAuthenticationFilterTests {
-	Authentication remembered = new TestingAuthenticationToken("remembered", "password",
-			"ROLE_REMEMBERED");
+
+	Authentication remembered = new TestingAuthenticationToken("remembered", "password", "ROLE_REMEMBERED");
 
 	// ~ Methods
 	// ========================================================================================================
@@ -72,13 +72,12 @@ public class RememberMeAuthenticationFilterTests {
 	@Test
 	public void testOperationWhenAuthenticationExistsInContextHolder() throws Exception {
 		// Put an Authentication object into the SecurityContextHolder
-		Authentication originalAuth = new TestingAuthenticationToken("user", "password",
-				"ROLE_A");
+		Authentication originalAuth = new TestingAuthenticationToken("user", "password", "ROLE_A");
 		SecurityContextHolder.getContext().setAuthentication(originalAuth);
 
 		// Setup our filter correctly
-		RememberMeAuthenticationFilter filter = new RememberMeAuthenticationFilter(
-				mock(AuthenticationManager.class), new MockRememberMeServices(remembered));
+		RememberMeAuthenticationFilter filter = new RememberMeAuthenticationFilter(mock(AuthenticationManager.class),
+				new MockRememberMeServices(remembered));
 		filter.afterPropertiesSet();
 
 		// Test
@@ -89,8 +88,7 @@ public class RememberMeAuthenticationFilterTests {
 
 		// Ensure filter didn't change our original object
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(originalAuth);
-		verify(fc)
-				.doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
+		verify(fc).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
 	}
 
 	@Test
@@ -109,21 +107,19 @@ public class RememberMeAuthenticationFilterTests {
 
 		// Ensure filter setup with our remembered authentication object
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(remembered);
-		verify(fc)
-				.doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
+		verify(fc).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
 	}
 
 	@Test
 	public void onUnsuccessfulLoginIsCalledWhenProviderRejectsAuth() throws Exception {
 		final Authentication failedAuth = new TestingAuthenticationToken("failed", "");
 		AuthenticationManager am = mock(AuthenticationManager.class);
-		when(am.authenticate(any(Authentication.class))).thenThrow(
-				new BadCredentialsException(""));
+		when(am.authenticate(any(Authentication.class))).thenThrow(new BadCredentialsException(""));
 
 		RememberMeAuthenticationFilter filter = new RememberMeAuthenticationFilter(am,
 				new MockRememberMeServices(remembered)) {
-			protected void onUnsuccessfulAuthentication(HttpServletRequest request,
-					HttpServletResponse response, AuthenticationException failed) {
+			protected void onUnsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response,
+					AuthenticationException failed) {
 				super.onUnsuccessfulAuthentication(request, response, failed);
 				SecurityContextHolder.getContext().setAuthentication(failedAuth);
 			}
@@ -137,19 +133,16 @@ public class RememberMeAuthenticationFilterTests {
 		filter.doFilter(request, new MockHttpServletResponse(), fc);
 
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(failedAuth);
-		verify(fc)
-				.doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
+		verify(fc).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
 	}
 
 	@Test
-	public void authenticationSuccessHandlerIsInvokedOnSuccessfulAuthenticationIfSet()
-			throws Exception {
+	public void authenticationSuccessHandlerIsInvokedOnSuccessfulAuthenticationIfSet() throws Exception {
 		AuthenticationManager am = mock(AuthenticationManager.class);
 		when(am.authenticate(remembered)).thenReturn(remembered);
 		RememberMeAuthenticationFilter filter = new RememberMeAuthenticationFilter(am,
 				new MockRememberMeServices(remembered));
-		filter.setAuthenticationSuccessHandler(new SimpleUrlAuthenticationSuccessHandler(
-				"/target"));
+		filter.setAuthenticationSuccessHandler(new SimpleUrlAuthenticationSuccessHandler("/target"));
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		FilterChain fc = mock(FilterChain.class);
@@ -166,22 +159,24 @@ public class RememberMeAuthenticationFilterTests {
 	// ==================================================================================================
 
 	private class MockRememberMeServices implements RememberMeServices {
+
 		private Authentication authToReturn;
 
 		MockRememberMeServices(Authentication authToReturn) {
 			this.authToReturn = authToReturn;
 		}
 
-		public Authentication autoLogin(HttpServletRequest request,
-				HttpServletResponse response) {
+		public Authentication autoLogin(HttpServletRequest request, HttpServletResponse response) {
 			return authToReturn;
 		}
 
 		public void loginFail(HttpServletRequest request, HttpServletResponse response) {
 		}
 
-		public void loginSuccess(HttpServletRequest request,
-				HttpServletResponse response, Authentication successfulAuthentication) {
+		public void loginSuccess(HttpServletRequest request, HttpServletResponse response,
+				Authentication successfulAuthentication) {
 		}
+
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServicesTests.java b/web/src/test/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServicesTests.java
index c993019048..01fc2eb9b9 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServicesTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServicesTests.java
@@ -46,9 +46,12 @@ import org.springframework.util.StringUtils;
  * @author Ben Alex
  */
 public class TokenBasedRememberMeServicesTests {
+
 	private UserDetailsService uds;
+
 	private UserDetails user = new User("someone", "password", true, true, true, true,
 			AuthorityUtils.createAuthorityList("ROLE_ABC"));
+
 	private TokenBasedRememberMeServices services;
 
 	// ~ Methods
@@ -65,8 +68,7 @@ public class TokenBasedRememberMeServicesTests {
 	}
 
 	void udsWillThrowNotFound() {
-		when(uds.loadUserByUsername(any(String.class))).thenThrow(
-				new UsernameNotFoundException(""));
+		when(uds.loadUserByUsername(any(String.class))).thenThrow(new UsernameNotFoundException(""));
 	}
 
 	void udsWillReturnNull() {
@@ -75,8 +77,7 @@ public class TokenBasedRememberMeServicesTests {
 
 	private long determineExpiryTimeFromBased64EncodedToken(String validToken) {
 		String cookieAsPlainText = new String(Base64.decodeBase64(validToken.getBytes()));
-		String[] cookieTokens = StringUtils.delimitedListToStringArray(cookieAsPlainText,
-				":");
+		String[] cookieTokens = StringUtils.delimitedListToStringArray(cookieAsPlainText, ":");
 
 		if (cookieTokens.length == 3) {
 			try {
@@ -89,13 +90,11 @@ public class TokenBasedRememberMeServicesTests {
 		return -1;
 	}
 
-	private String generateCorrectCookieContentForToken(long expiryTime, String username,
-			String password, String key) {
+	private String generateCorrectCookieContentForToken(long expiryTime, String username, String password, String key) {
 		// format is:
 		// username + ":" + expiryTime + ":" + Md5Hex(username + ":" + expiryTime + ":" +
 		// password + ":" + key)
-		String signatureValue = DigestUtils.md5Hex(username + ":" + expiryTime + ":"
-				+ password + ":" + key);
+		String signatureValue = DigestUtils.md5Hex(username + ":" + expiryTime + ":" + password + ":" + key);
 		String tokenValue = username + ":" + expiryTime + ":" + signatureValue;
 
 		return new String(Base64.encodeBase64(tokenValue.getBytes()));
@@ -105,8 +104,7 @@ public class TokenBasedRememberMeServicesTests {
 	public void autoLoginReturnsNullIfNoCookiePresented() {
 		MockHttpServletResponse response = new MockHttpServletResponse();
 
-		Authentication result = services
-				.autoLogin(new MockHttpServletRequest(), response);
+		Authentication result = services.autoLogin(new MockHttpServletRequest(), response);
 		assertThat(result).isNull();
 		// No cookie set
 		assertThat(response.getCookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY)).isNull();
@@ -127,50 +125,44 @@ public class TokenBasedRememberMeServicesTests {
 
 	@Test
 	public void autoLoginReturnsNullForExpiredCookieAndClearsCookie() {
-		Cookie cookie = new Cookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY,
-				generateCorrectCookieContentForToken(
-						System.currentTimeMillis() - 1000000, "someone", "password",
-						"key"));
+		Cookie cookie = new Cookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, generateCorrectCookieContentForToken(
+				System.currentTimeMillis() - 1000000, "someone", "password", "key"));
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setCookies(cookie);
 
 		MockHttpServletResponse response = new MockHttpServletResponse();
 
 		assertThat(services.autoLogin(request, response)).isNull();
-		Cookie returnedCookie = response
-				.getCookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
+		Cookie returnedCookie = response.getCookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
 		assertThat(returnedCookie).isNotNull();
 		assertThat(returnedCookie.getMaxAge()).isZero();
 	}
 
 	@Test
 	public void autoLoginReturnsNullAndClearsCookieIfMissingThreeTokensInCookieValue() {
-		Cookie cookie = new Cookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, new String(
-				Base64.encodeBase64("x".getBytes())));
+		Cookie cookie = new Cookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY,
+				new String(Base64.encodeBase64("x".getBytes())));
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setCookies(cookie);
 
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		assertThat(services.autoLogin(request, response)).isNull();
 
-		Cookie returnedCookie = response
-				.getCookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
+		Cookie returnedCookie = response.getCookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
 		assertThat(returnedCookie).isNotNull();
 		assertThat(returnedCookie.getMaxAge()).isZero();
 	}
 
 	@Test
 	public void autoLoginClearsNonBase64EncodedCookie() {
-		Cookie cookie = new Cookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY,
-				"NOT_BASE_64_ENCODED");
+		Cookie cookie = new Cookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, "NOT_BASE_64_ENCODED");
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setCookies(cookie);
 
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		assertThat(services.autoLogin(request, response)).isNull();
 
-		Cookie returnedCookie = response
-				.getCookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
+		Cookie returnedCookie = response.getCookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
 		assertThat(returnedCookie).isNotNull();
 		assertThat(returnedCookie.getMaxAge()).isZero();
 	}
@@ -178,10 +170,8 @@ public class TokenBasedRememberMeServicesTests {
 	@Test
 	public void autoLoginClearsCookieIfSignatureBlocksDoesNotMatchExpectedValue() {
 		udsWillReturnUser();
-		Cookie cookie = new Cookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY,
-				generateCorrectCookieContentForToken(
-						System.currentTimeMillis() + 1000000, "someone", "password",
-						"WRONG_KEY"));
+		Cookie cookie = new Cookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, generateCorrectCookieContentForToken(
+				System.currentTimeMillis() + 1000000, "someone", "password", "WRONG_KEY"));
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setCookies(cookie);
 
@@ -189,24 +179,22 @@ public class TokenBasedRememberMeServicesTests {
 
 		assertThat(services.autoLogin(request, response)).isNull();
 
-		Cookie returnedCookie = response
-				.getCookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
+		Cookie returnedCookie = response.getCookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
 		assertThat(returnedCookie).isNotNull();
 		assertThat(returnedCookie.getMaxAge()).isZero();
 	}
 
 	@Test
 	public void autoLoginClearsCookieIfTokenDoesNotContainANumberInCookieValue() {
-		Cookie cookie = new Cookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, new String(
-				Base64.encodeBase64("username:NOT_A_NUMBER:signature".getBytes())));
+		Cookie cookie = new Cookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY,
+				new String(Base64.encodeBase64("username:NOT_A_NUMBER:signature".getBytes())));
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setCookies(cookie);
 
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		assertThat(services.autoLogin(request, response)).isNull();
 
-		Cookie returnedCookie = response
-				.getCookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
+		Cookie returnedCookie = response.getCookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
 		assertThat(returnedCookie).isNotNull();
 		assertThat(returnedCookie.getMaxAge()).isZero();
 	}
@@ -214,10 +202,8 @@ public class TokenBasedRememberMeServicesTests {
 	@Test
 	public void autoLoginClearsCookieIfUserNotFound() {
 		udsWillThrowNotFound();
-		Cookie cookie = new Cookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY,
-				generateCorrectCookieContentForToken(
-						System.currentTimeMillis() + 1000000, "someone", "password",
-						"key"));
+		Cookie cookie = new Cookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, generateCorrectCookieContentForToken(
+				System.currentTimeMillis() + 1000000, "someone", "password", "key"));
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setCookies(cookie);
 
@@ -225,8 +211,7 @@ public class TokenBasedRememberMeServicesTests {
 
 		assertThat(services.autoLogin(request, response)).isNull();
 
-		Cookie returnedCookie = response
-				.getCookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
+		Cookie returnedCookie = response.getCookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
 		assertThat(returnedCookie).isNotNull();
 		assertThat(returnedCookie.getMaxAge()).isZero();
 	}
@@ -234,10 +219,8 @@ public class TokenBasedRememberMeServicesTests {
 	@Test(expected = IllegalArgumentException.class)
 	public void autoLoginClearsCookieIfUserServiceMisconfigured() {
 		udsWillReturnNull();
-		Cookie cookie = new Cookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY,
-				generateCorrectCookieContentForToken(
-						System.currentTimeMillis() + 1000000, "someone", "password",
-						"key"));
+		Cookie cookie = new Cookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, generateCorrectCookieContentForToken(
+				System.currentTimeMillis() + 1000000, "someone", "password", "key"));
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setCookies(cookie);
 
@@ -249,10 +232,8 @@ public class TokenBasedRememberMeServicesTests {
 	@Test
 	public void autoLoginWithValidTokenAndUserSucceeds() {
 		udsWillReturnUser();
-		Cookie cookie = new Cookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY,
-				generateCorrectCookieContentForToken(
-						System.currentTimeMillis() + 1000000, "someone", "password",
-						"key"));
+		Cookie cookie = new Cookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, generateCorrectCookieContentForToken(
+				System.currentTimeMillis() + 1000000, "someone", "password", "key"));
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setCookies(cookie);
 
@@ -297,8 +278,7 @@ public class TokenBasedRememberMeServicesTests {
 		request.addParameter(DEFAULT_PARAMETER, "false");
 
 		MockHttpServletResponse response = new MockHttpServletResponse();
-		services.loginSuccess(request, response, new TestingAuthenticationToken(
-				"someone", "password", "ROLE_ABC"));
+		services.loginSuccess(request, response, new TestingAuthenticationToken("someone", "password", "ROLE_ABC"));
 
 		Cookie cookie = response.getCookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
 		assertThat(cookie).isNull();
@@ -312,8 +292,7 @@ public class TokenBasedRememberMeServicesTests {
 		request.addParameter(TokenBasedRememberMeServices.DEFAULT_PARAMETER, "true");
 
 		MockHttpServletResponse response = new MockHttpServletResponse();
-		services.loginSuccess(request, response, new TestingAuthenticationToken(
-				"someone", "password", "ROLE_ABC"));
+		services.loginSuccess(request, response, new TestingAuthenticationToken("someone", "password", "ROLE_ABC"));
 
 		Cookie cookie = response.getCookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
 		String expiryTime = services.decodeCookie(cookie.getValue())[1];
@@ -323,8 +302,7 @@ public class TokenBasedRememberMeServicesTests {
 		assertThat(cookie).isNotNull();
 		assertThat(cookie.getMaxAge()).isEqualTo(services.getTokenValiditySeconds());
 		assertThat(Base64.isArrayByteBase64(cookie.getValue().getBytes())).isTrue();
-		assertThat(new Date().before(new Date(
-				determineExpiryTimeFromBased64EncodedToken(cookie.getValue())))).isTrue();
+		assertThat(new Date().before(new Date(determineExpiryTimeFromBased64EncodedToken(cookie.getValue())))).isTrue();
 	}
 
 	@Test
@@ -333,22 +311,19 @@ public class TokenBasedRememberMeServicesTests {
 		request.addParameter(TokenBasedRememberMeServices.DEFAULT_PARAMETER, "true");
 
 		MockHttpServletResponse response = new MockHttpServletResponse();
-		services.loginSuccess(request, response, new TestingAuthenticationToken(
-				"someone", "password", "ROLE_ABC"));
+		services.loginSuccess(request, response, new TestingAuthenticationToken("someone", "password", "ROLE_ABC"));
 
 		Cookie cookie = response.getCookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
 		assertThat(cookie).isNotNull();
 		assertThat(cookie.getMaxAge()).isEqualTo(services.getTokenValiditySeconds());
 		assertThat(Base64.isArrayByteBase64(cookie.getValue().getBytes())).isTrue();
-		assertThat(new Date().before(new Date(
-				determineExpiryTimeFromBased64EncodedToken(cookie.getValue())))).isTrue();
+		assertThat(new Date().before(new Date(determineExpiryTimeFromBased64EncodedToken(cookie.getValue())))).isTrue();
 	}
 
 	// SEC-933
 	@Test
 	public void obtainPasswordReturnsNullForTokenWithNullCredentials() {
-		TestingAuthenticationToken token = new TestingAuthenticationToken("username",
-				null);
+		TestingAuthenticationToken token = new TestingAuthenticationToken("username", null);
 		assertThat(services.retrievePassword(token)).isNull();
 	}
 
@@ -360,8 +335,7 @@ public class TokenBasedRememberMeServicesTests {
 
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		services.setTokenValiditySeconds(-1);
-		services.loginSuccess(request, response, new TestingAuthenticationToken(
-				"someone", "password", "ROLE_ABC"));
+		services.loginSuccess(request, response, new TestingAuthenticationToken("someone", "password", "ROLE_ABC"));
 
 		Cookie cookie = response.getCookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
 		assertThat(cookie).isNotNull();
@@ -371,4 +345,5 @@ public class TokenBasedRememberMeServicesTests {
 		assertThat(cookie.getMaxAge()).isEqualTo(-1);
 		assertThat(Base64.isArrayByteBase64(cookie.getValue().getBytes())).isTrue();
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/authentication/session/ChangeSessionIdAuthenticationStrategyTests.java b/web/src/test/java/org/springframework/security/web/authentication/session/ChangeSessionIdAuthenticationStrategyTests.java
index d52523972f..3eaec75425 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/session/ChangeSessionIdAuthenticationStrategyTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/session/ChangeSessionIdAuthenticationStrategyTests.java
@@ -37,4 +37,5 @@ public class ChangeSessionIdAuthenticationStrategyTests {
 		new ChangeSessionIdAuthenticationStrategy().applySessionFixation(request);
 		assertThat(request.getSession().getId()).isNotEqualTo(id);
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/authentication/session/CompositeSessionAuthenticationStrategyTests.java b/web/src/test/java/org/springframework/security/web/authentication/session/CompositeSessionAuthenticationStrategyTests.java
index 2c52f9485e..a45f8aa16b 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/session/CompositeSessionAuthenticationStrategyTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/session/CompositeSessionAuthenticationStrategyTests.java
@@ -62,14 +62,12 @@ public class CompositeSessionAuthenticationStrategyTests {
 
 	@Test(expected = IllegalArgumentException.class)
 	public void constructorEmptyDelegates() {
-		new CompositeSessionAuthenticationStrategy(
-				Collections.<SessionAuthenticationStrategy> emptyList());
+		new CompositeSessionAuthenticationStrategy(Collections.<SessionAuthenticationStrategy>emptyList());
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void constructorDelegatesContainNull() {
-		new CompositeSessionAuthenticationStrategy(
-				Collections.<SessionAuthenticationStrategy> singletonList(null));
+		new CompositeSessionAuthenticationStrategy(Collections.<SessionAuthenticationStrategy>singletonList(null));
 	}
 
 	@Test
@@ -84,8 +82,8 @@ public class CompositeSessionAuthenticationStrategyTests {
 
 	@Test
 	public void delegateShortCircuits() {
-		doThrow(new SessionAuthenticationException("oops")).when(
-				strategy1).onAuthentication(authentication, request, response);
+		doThrow(new SessionAuthenticationException("oops")).when(strategy1).onAuthentication(authentication, request,
+				response);
 
 		CompositeSessionAuthenticationStrategy strategy = new CompositeSessionAuthenticationStrategy(
 				Arrays.asList(strategy1, strategy2));
@@ -100,4 +98,5 @@ public class CompositeSessionAuthenticationStrategyTests {
 		verify(strategy1).onAuthentication(authentication, request, response);
 		verify(strategy2, times(0)).onAuthentication(authentication, request, response);
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/authentication/session/ConcurrentSessionControlAuthenticationStrategyTests.java b/web/src/test/java/org/springframework/security/web/authentication/session/ConcurrentSessionControlAuthenticationStrategyTests.java
index b993fcbe40..e2e50d8b3a 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/session/ConcurrentSessionControlAuthenticationStrategyTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/session/ConcurrentSessionControlAuthenticationStrategyTests.java
@@ -40,18 +40,21 @@ import org.springframework.security.core.session.SessionInformation;
 import org.springframework.security.core.session.SessionRegistry;
 
 /**
- *
  * @author Rob Winch
  *
  */
 @RunWith(MockitoJUnitRunner.class)
 public class ConcurrentSessionControlAuthenticationStrategyTests {
+
 	@Mock
 	private SessionRegistry sessionRegistry;
 
 	private Authentication authentication;
+
 	private MockHttpServletRequest request;
+
 	private MockHttpServletResponse response;
+
 	private SessionInformation sessionInformation;
 
 	private ConcurrentSessionControlAuthenticationStrategy strategy;
@@ -61,8 +64,7 @@ public class ConcurrentSessionControlAuthenticationStrategyTests {
 		authentication = new TestingAuthenticationToken("user", "password", "ROLE_USER");
 		request = new MockHttpServletRequest();
 		response = new MockHttpServletResponse();
-		sessionInformation = new SessionInformation(authentication.getPrincipal(),
-				"unique", new Date(1374766134216L));
+		sessionInformation = new SessionInformation(authentication.getPrincipal(), "unique", new Date(1374766134216L));
 
 		strategy = new ConcurrentSessionControlAuthenticationStrategy(sessionRegistry);
 	}
@@ -74,8 +76,8 @@ public class ConcurrentSessionControlAuthenticationStrategyTests {
 
 	@Test
 	public void noRegisteredSession() {
-		when(sessionRegistry.getAllSessions(any(), anyBoolean())).thenReturn(
-				Collections.<SessionInformation> emptyList());
+		when(sessionRegistry.getAllSessions(any(), anyBoolean()))
+				.thenReturn(Collections.<SessionInformation>emptyList());
 		strategy.setMaximumSessions(1);
 		strategy.setExceptionIfMaximumExceeded(true);
 
@@ -86,11 +88,10 @@ public class ConcurrentSessionControlAuthenticationStrategyTests {
 
 	@Test
 	public void maxSessionsSameSessionId() {
-		MockHttpSession session = new MockHttpSession(new MockServletContext(),
-				sessionInformation.getSessionId());
+		MockHttpSession session = new MockHttpSession(new MockServletContext(), sessionInformation.getSessionId());
 		request.setSession(session);
-		when(sessionRegistry.getAllSessions(any(), anyBoolean())).thenReturn(
-				Collections.<SessionInformation> singletonList(sessionInformation));
+		when(sessionRegistry.getAllSessions(any(), anyBoolean()))
+				.thenReturn(Collections.<SessionInformation>singletonList(sessionInformation));
 		strategy.setMaximumSessions(1);
 		strategy.setExceptionIfMaximumExceeded(true);
 
@@ -101,8 +102,8 @@ public class ConcurrentSessionControlAuthenticationStrategyTests {
 
 	@Test(expected = SessionAuthenticationException.class)
 	public void maxSessionsWithException() {
-		when(sessionRegistry.getAllSessions(any(), anyBoolean())).thenReturn(
-				Collections.<SessionInformation> singletonList(sessionInformation));
+		when(sessionRegistry.getAllSessions(any(), anyBoolean()))
+				.thenReturn(Collections.<SessionInformation>singletonList(sessionInformation));
 		strategy.setMaximumSessions(1);
 		strategy.setExceptionIfMaximumExceeded(true);
 
@@ -111,8 +112,8 @@ public class ConcurrentSessionControlAuthenticationStrategyTests {
 
 	@Test
 	public void maxSessionsExpireExistingUser() {
-		when(sessionRegistry.getAllSessions(any(), anyBoolean())).thenReturn(
-				Collections.<SessionInformation> singletonList(sessionInformation));
+		when(sessionRegistry.getAllSessions(any(), anyBoolean()))
+				.thenReturn(Collections.<SessionInformation>singletonList(sessionInformation));
 		strategy.setMaximumSessions(1);
 
 		strategy.onAuthentication(authentication, request, response);
@@ -122,11 +123,10 @@ public class ConcurrentSessionControlAuthenticationStrategyTests {
 
 	@Test
 	public void maxSessionsExpireLeastRecentExistingUser() {
-		SessionInformation moreRecentSessionInfo = new SessionInformation(
-				authentication.getPrincipal(), "unique", new Date(1374766999999L));
-		when(sessionRegistry.getAllSessions(any(), anyBoolean())).thenReturn(
-				Arrays.<SessionInformation> asList(moreRecentSessionInfo,
-						sessionInformation));
+		SessionInformation moreRecentSessionInfo = new SessionInformation(authentication.getPrincipal(), "unique",
+				new Date(1374766999999L));
+		when(sessionRegistry.getAllSessions(any(), anyBoolean()))
+				.thenReturn(Arrays.<SessionInformation>asList(moreRecentSessionInfo, sessionInformation));
 		strategy.setMaximumSessions(2);
 
 		strategy.onAuthentication(authentication, request, response);
@@ -136,14 +136,12 @@ public class ConcurrentSessionControlAuthenticationStrategyTests {
 
 	@Test
 	public void onAuthenticationWhenMaxSessionsExceededByTwoThenTwoSessionsExpired() {
-		SessionInformation oldestSessionInfo = new SessionInformation(
-				authentication.getPrincipal(), "unique1", new Date(1374766134214L));
-		SessionInformation secondOldestSessionInfo = new SessionInformation(
-				authentication.getPrincipal(), "unique2", new Date(1374766134215L));
+		SessionInformation oldestSessionInfo = new SessionInformation(authentication.getPrincipal(), "unique1",
+				new Date(1374766134214L));
+		SessionInformation secondOldestSessionInfo = new SessionInformation(authentication.getPrincipal(), "unique2",
+				new Date(1374766134215L));
 		when(sessionRegistry.getAllSessions(any(), anyBoolean())).thenReturn(
-				Arrays.<SessionInformation> asList(oldestSessionInfo,
-						secondOldestSessionInfo,
-						sessionInformation));
+				Arrays.<SessionInformation>asList(oldestSessionInfo, secondOldestSessionInfo, sessionInformation));
 		strategy.setMaximumSessions(2);
 
 		strategy.onAuthentication(authentication, request, response);
@@ -157,4 +155,5 @@ public class ConcurrentSessionControlAuthenticationStrategyTests {
 	public void setMessageSourceNull() {
 		strategy.setMessageSource(null);
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/authentication/session/RegisterSessionAuthenticationStrategyTests.java b/web/src/test/java/org/springframework/security/web/authentication/session/RegisterSessionAuthenticationStrategyTests.java
index f093b5daf2..fa2d175880 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/session/RegisterSessionAuthenticationStrategyTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/session/RegisterSessionAuthenticationStrategyTests.java
@@ -41,7 +41,9 @@ public class RegisterSessionAuthenticationStrategyTests {
 	private RegisterSessionAuthenticationStrategy authenticationStrategy;
 
 	private Authentication authentication;
+
 	private MockHttpServletRequest request;
+
 	private MockHttpServletResponse response;
 
 	@Before
@@ -61,8 +63,7 @@ public class RegisterSessionAuthenticationStrategyTests {
 	public void onAuthenticationRegistersSession() {
 		authenticationStrategy.onAuthentication(authentication, request, response);
 
-		verify(registry).registerNewSession(request.getSession().getId(),
-				authentication.getPrincipal());
+		verify(registry).registerNewSession(request.getSession().getId(), authentication.getPrincipal());
 	}
 
 }
diff --git a/web/src/test/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilterTests.java
index aa1affbc16..f9713974d2 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilterTests.java
@@ -60,15 +60,15 @@ import static org.mockito.Mockito.verify;
  * @author Luke Taylor
  */
 public class SwitchUserFilterTests {
-	private final static List<GrantedAuthority> ROLES_12 = AuthorityUtils
-			.createAuthorityList("ROLE_ONE", "ROLE_TWO");
+
+	private final static List<GrantedAuthority> ROLES_12 = AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO");
+
 	@Rule
 	public ExpectedException thrown = ExpectedException.none();
 
 	@Before
 	public void authenticateCurrentUser() {
-		UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(
-				"dano", "hawaii50");
+		UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("dano", "hawaii50");
 		SecurityContextHolder.getContext().setAuthentication(auth);
 	}
 
@@ -210,8 +210,7 @@ public class SwitchUserFilterTests {
 	public void attemptSwitchToUnknownUserFails() {
 
 		MockHttpServletRequest request = new MockHttpServletRequest();
-		request.addParameter(SwitchUserFilter.SPRING_SECURITY_SWITCH_USERNAME_KEY,
-				"user-that-doesnt-exist");
+		request.addParameter(SwitchUserFilter.SPRING_SECURITY_SWITCH_USERNAME_KEY, "user-that-doesnt-exist");
 
 		SwitchUserFilter filter = new SwitchUserFilter();
 		filter.setUserDetailsService(new MockUserDetailsService());
@@ -247,8 +246,7 @@ public class SwitchUserFilterTests {
 	public void switchToLockedAccountCausesRedirectToSwitchFailureUrl() throws Exception {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setRequestURI("/login/impersonate");
-		request.addParameter(SwitchUserFilter.SPRING_SECURITY_SWITCH_USERNAME_KEY,
-				"mcgarrett");
+		request.addParameter(SwitchUserFilter.SPRING_SECURITY_SWITCH_USERNAME_KEY, "mcgarrett");
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		SwitchUserFilter filter = new SwitchUserFilter();
 		filter.setTargetUrl("/target");
@@ -312,15 +310,15 @@ public class SwitchUserFilterTests {
 	@Test
 	public void exitUserJackLordToDanoSucceeds() throws Exception {
 		// original user
-		UsernamePasswordAuthenticationToken source = new UsernamePasswordAuthenticationToken(
-				"dano", "hawaii50", ROLES_12);
+		UsernamePasswordAuthenticationToken source = new UsernamePasswordAuthenticationToken("dano", "hawaii50",
+				ROLES_12);
 
 		// set current user (Admin)
 		List<GrantedAuthority> adminAuths = new ArrayList<>();
 		adminAuths.addAll(ROLES_12);
 		adminAuths.add(new SwitchUserGrantedAuthority("PREVIOUS_ADMINISTRATOR", source));
-		UsernamePasswordAuthenticationToken admin = new UsernamePasswordAuthenticationToken(
-				"jacklord", "hawaii50", adminAuths);
+		UsernamePasswordAuthenticationToken admin = new UsernamePasswordAuthenticationToken("jacklord", "hawaii50",
+				adminAuths);
 
 		SecurityContextHolder.getContext().setAuthentication(admin);
 
@@ -331,8 +329,7 @@ public class SwitchUserFilterTests {
 		SwitchUserFilter filter = new SwitchUserFilter();
 		filter.setUserDetailsService(new MockUserDetailsService());
 		filter.setExitUserUrl("/logout/impersonate");
-		filter.setSuccessHandler(new SimpleUrlAuthenticationSuccessHandler(
-				"/webapp/someOtherUrl"));
+		filter.setSuccessHandler(new SimpleUrlAuthenticationSuccessHandler("/webapp/someOtherUrl"));
 
 		// run 'exit'
 		FilterChain chain = mock(FilterChain.class);
@@ -342,8 +339,7 @@ public class SwitchUserFilterTests {
 		verify(chain, never()).doFilter(request, response);
 
 		// check current user, should be back to original user (dano)
-		Authentication targetAuth = SecurityContextHolder.getContext()
-				.getAuthentication();
+		Authentication targetAuth = SecurityContextHolder.getContext().getAuthentication();
 		assertThat(targetAuth).isNotNull();
 		assertThat(targetAuth.getPrincipal()).isEqualTo("dano");
 	}
@@ -373,14 +369,12 @@ public class SwitchUserFilterTests {
 	public void redirectToTargetUrlIsCorrect() throws Exception {
 		MockHttpServletRequest request = createMockSwitchRequest();
 		request.setContextPath("/webapp");
-		request.addParameter(SwitchUserFilter.SPRING_SECURITY_SWITCH_USERNAME_KEY,
-				"jacklord");
+		request.addParameter(SwitchUserFilter.SPRING_SECURITY_SWITCH_USERNAME_KEY, "jacklord");
 		request.setRequestURI("/webapp/login/impersonate");
 
 		SwitchUserFilter filter = new SwitchUserFilter();
 		filter.setSwitchUserUrl("/login/impersonate");
-		filter.setSuccessHandler(new SimpleUrlAuthenticationSuccessHandler(
-				"/someOtherUrl"));
+		filter.setSuccessHandler(new SimpleUrlAuthenticationSuccessHandler("/someOtherUrl"));
 		filter.setUserDetailsService(new MockUserDetailsService());
 
 		FilterChain chain = mock(FilterChain.class);
@@ -395,14 +389,12 @@ public class SwitchUserFilterTests {
 	@Test
 	public void redirectOmitsContextPathIfUseRelativeContextSet() throws Exception {
 		// set current user
-		UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(
-				"dano", "hawaii50");
+		UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("dano", "hawaii50");
 		SecurityContextHolder.getContext().setAuthentication(auth);
 
 		MockHttpServletRequest request = createMockSwitchRequest();
 		request.setContextPath("/webapp");
-		request.addParameter(SwitchUserFilter.SPRING_SECURITY_SWITCH_USERNAME_KEY,
-				"jacklord");
+		request.addParameter(SwitchUserFilter.SPRING_SECURITY_SWITCH_USERNAME_KEY, "jacklord");
 		request.setRequestURI("/webapp/login/impersonate");
 
 		SwitchUserFilter filter = new SwitchUserFilter();
@@ -428,16 +420,14 @@ public class SwitchUserFilterTests {
 	@Test
 	public void testSwitchRequestFromDanoToJackLord() throws Exception {
 		// set current user
-		UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(
-				"dano", "hawaii50");
+		UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("dano", "hawaii50");
 		SecurityContextHolder.getContext().setAuthentication(auth);
 
 		// http request
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setRequestURI("/webapp/login/impersonate");
 		request.setContextPath("/webapp");
-		request.addParameter(SwitchUserFilter.SPRING_SECURITY_SWITCH_USERNAME_KEY,
-				"jacklord");
+		request.addParameter(SwitchUserFilter.SPRING_SECURITY_SWITCH_USERNAME_KEY, "jacklord");
 
 		// http response
 		MockHttpServletResponse response = new MockHttpServletResponse();
@@ -446,8 +436,7 @@ public class SwitchUserFilterTests {
 		SwitchUserFilter filter = new SwitchUserFilter();
 		filter.setUserDetailsService(new MockUserDetailsService());
 		filter.setSwitchUserUrl("/login/impersonate");
-		filter.setSuccessHandler(new SimpleUrlAuthenticationSuccessHandler(
-				"/webapp/someOtherUrl"));
+		filter.setSuccessHandler(new SimpleUrlAuthenticationSuccessHandler("/webapp/someOtherUrl"));
 
 		FilterChain chain = mock(FilterChain.class);
 
@@ -456,8 +445,7 @@ public class SwitchUserFilterTests {
 		verify(chain, never()).doFilter(request, response);
 
 		// check current user
-		Authentication targetAuth = SecurityContextHolder.getContext()
-				.getAuthentication();
+		Authentication targetAuth = SecurityContextHolder.getContext().getAuthentication();
 		assertThat(targetAuth).isNotNull();
 		assertThat(targetAuth.getPrincipal() instanceof UserDetails).isTrue();
 		assertThat(((User) targetAuth.getPrincipal()).getUsername()).isEqualTo("jacklord");
@@ -465,13 +453,11 @@ public class SwitchUserFilterTests {
 
 	@Test
 	public void modificationOfAuthoritiesWorks() {
-		UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(
-				"dano", "hawaii50");
+		UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("dano", "hawaii50");
 		SecurityContextHolder.getContext().setAuthentication(auth);
 
 		MockHttpServletRequest request = new MockHttpServletRequest();
-		request.addParameter(SwitchUserFilter.SPRING_SECURITY_SWITCH_USERNAME_KEY,
-				"jacklord");
+		request.addParameter(SwitchUserFilter.SPRING_SECURITY_SWITCH_USERNAME_KEY, "jacklord");
 
 		SwitchUserFilter filter = new SwitchUserFilter();
 		filter.setUserDetailsService(new MockUserDetailsService());
@@ -484,16 +470,15 @@ public class SwitchUserFilterTests {
 		Authentication result = filter.attemptSwitchUser(request);
 		assertThat(result != null).isTrue();
 		assertThat(result.getAuthorities()).hasSize(2);
-		assertThat(AuthorityUtils.authorityListToSet(result.getAuthorities())).contains(
-				"ROLE_NEW");
+		assertThat(AuthorityUtils.authorityListToSet(result.getAuthorities())).contains("ROLE_NEW");
 	}
 
 	// SEC-1763
 	@Test
 	public void nestedSwitchesAreNotAllowed() {
 		// original user
-		UsernamePasswordAuthenticationToken source = new UsernamePasswordAuthenticationToken(
-				"orig", "hawaii50", ROLES_12);
+		UsernamePasswordAuthenticationToken source = new UsernamePasswordAuthenticationToken("orig", "hawaii50",
+				ROLES_12);
 		SecurityContextHolder.getContext().setAuthentication(source);
 		SecurityContextHolder.getContext().setAuthentication(switchToUser("jacklord"));
 		Authentication switched = switchToUser("dano");
@@ -525,8 +510,8 @@ public class SwitchUserFilterTests {
 		String switchAuthorityRole = "PREVIOUS_ADMINISTRATOR";
 
 		// original user
-		UsernamePasswordAuthenticationToken source = new UsernamePasswordAuthenticationToken(
-				"orig", "hawaii50", ROLES_12);
+		UsernamePasswordAuthenticationToken source = new UsernamePasswordAuthenticationToken("orig", "hawaii50",
+				ROLES_12);
 		SecurityContextHolder.getContext().setAuthentication(source);
 		SecurityContextHolder.getContext().setAuthentication(switchToUser("jacklord"));
 		Authentication switched = switchToUserWithAuthorityRole("dano", switchAuthorityRole);
@@ -566,10 +551,10 @@ public class SwitchUserFilterTests {
 	// ==================================================================================================
 
 	private class MockUserDetailsService implements UserDetailsService {
+
 		private String password = "hawaii50";
 
-		public UserDetails loadUserByUsername(String username)
-				throws UsernameNotFoundException {
+		public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
 			// jacklord, dano (active)
 			// mcgarrett (disabled)
 			// wofat (account expired)
@@ -590,5 +575,7 @@ public class SwitchUserFilterTests {
 				throw new UsernameNotFoundException("Could not find: " + username);
 			}
 		}
+
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/authentication/switchuser/SwitchUserGrantedAuthorityTests.java b/web/src/test/java/org/springframework/security/web/authentication/switchuser/SwitchUserGrantedAuthorityTests.java
index 90ed059cff..b9c6a361ce 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/switchuser/SwitchUserGrantedAuthorityTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/switchuser/SwitchUserGrantedAuthorityTests.java
@@ -21,7 +21,6 @@ import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import org.springframework.security.web.authentication.switchuser.SwitchUserGrantedAuthority;
 
 /**
- *
  * @author Clement Ng
  *
  */
@@ -32,8 +31,7 @@ public class SwitchUserGrantedAuthorityTests {
 	@Test
 	public void authorityWithNullRoleFailsAssertion() {
 		assertThatThrownBy(() -> new SwitchUserGrantedAuthority(null, null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("role cannot be null");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("role cannot be null");
 	}
 
 	/**
@@ -41,7 +39,7 @@ public class SwitchUserGrantedAuthorityTests {
 	@Test
 	public void authorityWithNullSourceFailsAssertion() {
 		assertThatThrownBy(() -> new SwitchUserGrantedAuthority("role", null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("source cannot be null");
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("source cannot be null");
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/authentication/ui/DefaultLogoutPageGeneratingFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/ui/DefaultLogoutPageGeneratingFilterTests.java
index 77166d5ef5..0168a0b655 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/ui/DefaultLogoutPageGeneratingFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/ui/DefaultLogoutPageGeneratingFilterTests.java
@@ -31,56 +31,43 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
  * @since 5.1
  */
 public class DefaultLogoutPageGeneratingFilterTests {
+
 	private DefaultLogoutPageGeneratingFilter filter = new DefaultLogoutPageGeneratingFilter();
 
 	@Test
 	public void doFilterWhenNoHiddenInputsThenPageRendered() throws Exception {
-		MockMvc mockMvc = MockMvcBuilders.standaloneSetup(new Object())
-				.addFilter(this.filter)
-				.build();
+		MockMvc mockMvc = MockMvcBuilders.standaloneSetup(new Object()).addFilter(this.filter).build();
 
-		mockMvc.perform(get("/logout"))
-				.andExpect(content().string("<!DOCTYPE html>\n"
-						+ "<html lang=\"en\">\n"
-						+ "  <head>\n"
-						+ "    <meta charset=\"utf-8\">\n"
-						+ "    <meta name=\"viewport\" content=\"width=device-width, initial-scale=1, shrink-to-fit=no\">\n"
-						+ "    <meta name=\"description\" content=\"\">\n"
-						+ "    <meta name=\"author\" content=\"\">\n"
-						+ "    <title>Confirm Log Out?</title>\n"
-						+ "    <link href=\"https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-/Y6pD6FV/Vv2HJnA6t+vslU6fwYXjCFtcEpHbNJ0lyAFsXTsjBbfaDjzALeQsN6M\" crossorigin=\"anonymous\">\n"
-						+ "    <link href=\"https://getbootstrap.com/docs/4.0/examples/signin/signin.css\" rel=\"stylesheet\" crossorigin=\"anonymous\"/>\n"
-						+ "  </head>\n"
-						+ "  <body>\n"
-						+ "     <div class=\"container\">\n"
-						+ "      <form class=\"form-signin\" method=\"post\" action=\"/logout\">\n"
-						+ "        <h2 class=\"form-signin-heading\">Are you sure you want to log out?</h2>\n"
-						+ "        <button class=\"btn btn-lg btn-primary btn-block\" type=\"submit\">Log Out</button>\n"
-						+ "      </form>\n"
-						+ "    </div>\n"
-						+ "  </body>\n"
-						+ "</html>"))
+		mockMvc.perform(get("/logout")).andExpect(content().string("<!DOCTYPE html>\n" + "<html lang=\"en\">\n"
+				+ "  <head>\n" + "    <meta charset=\"utf-8\">\n"
+				+ "    <meta name=\"viewport\" content=\"width=device-width, initial-scale=1, shrink-to-fit=no\">\n"
+				+ "    <meta name=\"description\" content=\"\">\n" + "    <meta name=\"author\" content=\"\">\n"
+				+ "    <title>Confirm Log Out?</title>\n"
+				+ "    <link href=\"https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-/Y6pD6FV/Vv2HJnA6t+vslU6fwYXjCFtcEpHbNJ0lyAFsXTsjBbfaDjzALeQsN6M\" crossorigin=\"anonymous\">\n"
+				+ "    <link href=\"https://getbootstrap.com/docs/4.0/examples/signin/signin.css\" rel=\"stylesheet\" crossorigin=\"anonymous\"/>\n"
+				+ "  </head>\n" + "  <body>\n" + "     <div class=\"container\">\n"
+				+ "      <form class=\"form-signin\" method=\"post\" action=\"/logout\">\n"
+				+ "        <h2 class=\"form-signin-heading\">Are you sure you want to log out?</h2>\n"
+				+ "        <button class=\"btn btn-lg btn-primary btn-block\" type=\"submit\">Log Out</button>\n"
+				+ "      </form>\n" + "    </div>\n" + "  </body>\n" + "</html>"))
 				.andExpect(content().contentType("text/html;charset=UTF-8"));
 	}
 
 	@Test
 	public void doFilterWhenHiddenInputsSetThenHiddenInputsRendered() throws Exception {
 		this.filter.setResolveHiddenInputs(r -> Collections.singletonMap("_csrf", "csrf-token-1"));
-		MockMvc mockMvc = MockMvcBuilders.standaloneSetup(new Object())
-				.addFilters(this.filter)
-				.build();
+		MockMvc mockMvc = MockMvcBuilders.standaloneSetup(new Object()).addFilters(this.filter).build();
 
-		mockMvc.perform(get("/logout"))
-				.andExpect(content().string(containsString("<input name=\"_csrf\" type=\"hidden\" value=\"csrf-token-1\" />")));
+		mockMvc.perform(get("/logout")).andExpect(
+				content().string(containsString("<input name=\"_csrf\" type=\"hidden\" value=\"csrf-token-1\" />")));
 	}
 
 	@Test
 	public void doFilterWhenRequestContextThenActionContainsRequestContext() throws Exception {
-		MockMvc mockMvc = MockMvcBuilders.standaloneSetup(new Object())
-				.addFilters(this.filter)
-				.build();
+		MockMvc mockMvc = MockMvcBuilders.standaloneSetup(new Object()).addFilters(this.filter).build();
 
 		mockMvc.perform(get("/context/logout").contextPath("/context"))
 				.andExpect(content().string(containsString("action=\"/context/logout\"")));
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationConverterTests.java b/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationConverterTests.java
index 1541363429..c23ecbaf58 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationConverterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationConverterTests.java
@@ -42,6 +42,7 @@ public class BasicAuthenticationConverterTests {
 
 	@Mock
 	private AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource;
+
 	private BasicAuthenticationConverter converter;
 
 	@Before
diff --git a/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationEntryPointTests.java b/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationEntryPointTests.java
index d958a42873..91cf5cf819 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationEntryPointTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationEntryPointTests.java
@@ -71,7 +71,7 @@ public class BasicAuthenticationEntryPointTests {
 		assertThat(response.getStatus()).isEqualTo(401);
 		assertThat(response.getErrorMessage()).isEqualTo(HttpStatus.UNAUTHORIZED.getReasonPhrase());
 
-		assertThat(response.getHeader("WWW-Authenticate"))
-				.isEqualTo("Basic realm=\"hello\"");
+		assertThat(response.getHeader("WWW-Authenticate")).isEqualTo("Basic realm=\"hello\"");
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilterTests.java
index 533b25444d..f3deabd231 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilterTests.java
@@ -49,10 +49,12 @@ import java.nio.charset.StandardCharsets;
  * @author Ben Alex
  */
 public class BasicAuthenticationFilterTests {
+
 	// ~ Instance fields
 	// ================================================================================================
 
 	private BasicAuthenticationFilter filter;
+
 	private AuthenticationManager manager;
 
 	// ~ Methods
@@ -61,19 +63,16 @@ public class BasicAuthenticationFilterTests {
 	@Before
 	public void setUp() {
 		SecurityContextHolder.clearContext();
-		UsernamePasswordAuthenticationToken rodRequest = new UsernamePasswordAuthenticationToken(
-				"rod", "koala");
+		UsernamePasswordAuthenticationToken rodRequest = new UsernamePasswordAuthenticationToken("rod", "koala");
 		rodRequest.setDetails(new WebAuthenticationDetails(new MockHttpServletRequest()));
 		Authentication rod = new UsernamePasswordAuthenticationToken("rod", "koala",
 				AuthorityUtils.createAuthorityList("ROLE_1"));
 
 		manager = mock(AuthenticationManager.class);
 		when(manager.authenticate(rodRequest)).thenReturn(rod);
-		when(manager.authenticate(not(eq(rodRequest)))).thenThrow(
-				new BadCredentialsException(""));
+		when(manager.authenticate(not(eq(rodRequest)))).thenThrow(new BadCredentialsException(""));
 
-		filter = new BasicAuthenticationFilter(manager,
-				new BasicAuthenticationEntryPoint());
+		filter = new BasicAuthenticationFilter(manager, new BasicAuthenticationEntryPoint());
 	}
 
 	@After
@@ -82,8 +81,7 @@ public class BasicAuthenticationFilterTests {
 	}
 
 	@Test
-	public void testFilterIgnoresRequestsContainingNoAuthorizationHeader()
-			throws Exception {
+	public void testFilterIgnoresRequestsContainingNoAuthorizationHeader() throws Exception {
 
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setServletPath("/some_file.html");
@@ -108,8 +106,7 @@ public class BasicAuthenticationFilterTests {
 	public void testInvalidBasicAuthorizationTokenIsIgnored() throws Exception {
 		String token = "NOT_A_VALID_TOKEN_AS_MISSING_COLON";
 		MockHttpServletRequest request = new MockHttpServletRequest();
-		request.addHeader("Authorization",
-				"Basic " + new String(Base64.encodeBase64(token.getBytes())));
+		request.addHeader("Authorization", "Basic " + new String(Base64.encodeBase64(token.getBytes())));
 		request.setServletPath("/some_file.html");
 		request.setSession(new MockHttpSession());
 		final MockHttpServletResponse response = new MockHttpServletResponse();
@@ -117,8 +114,7 @@ public class BasicAuthenticationFilterTests {
 		FilterChain chain = mock(FilterChain.class);
 		filter.doFilter(request, response, chain);
 
-		verify(chain, never()).doFilter(any(ServletRequest.class),
-				any(ServletResponse.class));
+		verify(chain, never()).doFilter(any(ServletRequest.class), any(ServletResponse.class));
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
 		assertThat(response.getStatus()).isEqualTo(401);
 	}
@@ -134,8 +130,7 @@ public class BasicAuthenticationFilterTests {
 		FilterChain chain = mock(FilterChain.class);
 		filter.doFilter(request, response, chain);
 		// The filter chain shouldn't proceed
-		verify(chain, never()).doFilter(any(ServletRequest.class),
-				any(ServletResponse.class));
+		verify(chain, never()).doFilter(any(ServletRequest.class), any(ServletResponse.class));
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
 		assertThat(response.getStatus()).isEqualTo(401);
 	}
@@ -144,8 +139,7 @@ public class BasicAuthenticationFilterTests {
 	public void testNormalOperation() throws Exception {
 		String token = "rod:koala";
 		MockHttpServletRequest request = new MockHttpServletRequest();
-		request.addHeader("Authorization",
-				"Basic " + new String(Base64.encodeBase64(token.getBytes())));
+		request.addHeader("Authorization", "Basic " + new String(Base64.encodeBase64(token.getBytes())));
 		request.setServletPath("/some_file.html");
 
 		// Test
@@ -155,8 +149,7 @@ public class BasicAuthenticationFilterTests {
 
 		verify(chain).doFilter(any(ServletRequest.class), any(ServletResponse.class));
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull();
-		assertThat(SecurityContextHolder.getContext().getAuthentication().getName())
-				.isEqualTo("rod");
+		assertThat(SecurityContextHolder.getContext().getAuthentication().getName()).isEqualTo("rod");
 	}
 
 	// gh-5586
@@ -164,8 +157,7 @@ public class BasicAuthenticationFilterTests {
 	public void doFilterWhenSchemeLowercaseThenCaseInsensitveMatchWorks() throws Exception {
 		String token = "rod:koala";
 		MockHttpServletRequest request = new MockHttpServletRequest();
-		request.addHeader("Authorization",
-				"basic " + new String(Base64.encodeBase64(token.getBytes())));
+		request.addHeader("Authorization", "basic " + new String(Base64.encodeBase64(token.getBytes())));
 		request.setServletPath("/some_file.html");
 
 		// Test
@@ -175,16 +167,14 @@ public class BasicAuthenticationFilterTests {
 
 		verify(chain).doFilter(any(ServletRequest.class), any(ServletResponse.class));
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull();
-		assertThat(SecurityContextHolder.getContext().getAuthentication().getName())
-				.isEqualTo("rod");
+		assertThat(SecurityContextHolder.getContext().getAuthentication().getName()).isEqualTo("rod");
 	}
 
 	@Test
 	public void doFilterWhenSchemeMixedCaseThenCaseInsensitiveMatchWorks() throws Exception {
 		String token = "rod:koala";
 		MockHttpServletRequest request = new MockHttpServletRequest();
-		request.addHeader("Authorization",
-				"BaSiC " + new String(Base64.encodeBase64(token.getBytes())));
+		request.addHeader("Authorization", "BaSiC " + new String(Base64.encodeBase64(token.getBytes())));
 		request.setServletPath("/some_file.html");
 
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
@@ -193,8 +183,7 @@ public class BasicAuthenticationFilterTests {
 
 		verify(chain).doFilter(any(ServletRequest.class), any(ServletResponse.class));
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull();
-		assertThat(SecurityContextHolder.getContext().getAuthentication().getName())
-				.isEqualTo("rod");
+		assertThat(SecurityContextHolder.getContext().getAuthentication().getName()).isEqualTo("rod");
 	}
 
 	@Test
@@ -221,12 +210,10 @@ public class BasicAuthenticationFilterTests {
 	}
 
 	@Test
-	public void testSuccessLoginThenFailureLoginResultsInSessionLosingToken()
-			throws Exception {
+	public void testSuccessLoginThenFailureLoginResultsInSessionLosingToken() throws Exception {
 		String token = "rod:koala";
 		MockHttpServletRequest request = new MockHttpServletRequest();
-		request.addHeader("Authorization",
-				"Basic " + new String(Base64.encodeBase64(token.getBytes())));
+		request.addHeader("Authorization", "Basic " + new String(Base64.encodeBase64(token.getBytes())));
 		request.setServletPath("/some_file.html");
 		final MockHttpServletResponse response1 = new MockHttpServletResponse();
 
@@ -237,22 +224,19 @@ public class BasicAuthenticationFilterTests {
 
 		// Test
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull();
-		assertThat(SecurityContextHolder.getContext().getAuthentication().getName())
-				.isEqualTo("rod");
+		assertThat(SecurityContextHolder.getContext().getAuthentication().getName()).isEqualTo("rod");
 
 		// NOW PERFORM FAILED AUTHENTICATION
 
 		token = "otherUser:WRONG_PASSWORD";
 		request = new MockHttpServletRequest();
-		request.addHeader("Authorization",
-				"Basic " + new String(Base64.encodeBase64(token.getBytes())));
+		request.addHeader("Authorization", "Basic " + new String(Base64.encodeBase64(token.getBytes())));
 		final MockHttpServletResponse response2 = new MockHttpServletResponse();
 
 		chain = mock(FilterChain.class);
 		filter.doFilter(request, response2, chain);
 
-		verify(chain, never()).doFilter(any(ServletRequest.class),
-				any(ServletResponse.class));
+		verify(chain, never()).doFilter(any(ServletRequest.class), any(ServletResponse.class));
 		request.setServletPath("/some_file.html");
 
 		// Test - the filter chain will not be invoked, as we get a 401 forbidden response
@@ -263,12 +247,10 @@ public class BasicAuthenticationFilterTests {
 	}
 
 	@Test
-	public void testWrongPasswordContinuesFilterChainIfIgnoreFailureIsTrue()
-			throws Exception {
+	public void testWrongPasswordContinuesFilterChainIfIgnoreFailureIsTrue() throws Exception {
 		String token = "rod:WRONG_PASSWORD";
 		MockHttpServletRequest request = new MockHttpServletRequest();
-		request.addHeader("Authorization",
-				"Basic " + new String(Base64.encodeBase64(token.getBytes())));
+		request.addHeader("Authorization", "Basic " + new String(Base64.encodeBase64(token.getBytes())));
 		request.setServletPath("/some_file.html");
 		request.setSession(new MockHttpSession());
 
@@ -284,12 +266,10 @@ public class BasicAuthenticationFilterTests {
 	}
 
 	@Test
-	public void testWrongPasswordReturnsForbiddenIfIgnoreFailureIsFalse()
-			throws Exception {
+	public void testWrongPasswordReturnsForbiddenIfIgnoreFailureIsFalse() throws Exception {
 		String token = "rod:WRONG_PASSWORD";
 		MockHttpServletRequest request = new MockHttpServletRequest();
-		request.addHeader("Authorization",
-				"Basic " + new String(Base64.encodeBase64(token.getBytes())));
+		request.addHeader("Authorization", "Basic " + new String(Base64.encodeBase64(token.getBytes())));
 		request.setServletPath("/some_file.html");
 		request.setSession(new MockHttpSession());
 		assertThat(filter.isIgnoreFailure()).isFalse();
@@ -299,8 +279,7 @@ public class BasicAuthenticationFilterTests {
 		filter.doFilter(request, response, chain);
 
 		// Test - the filter chain will not be invoked, as we get a 401 forbidden response
-		verify(chain, never()).doFilter(any(ServletRequest.class),
-				any(ServletResponse.class));
+		verify(chain, never()).doFilter(any(ServletRequest.class), any(ServletResponse.class));
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
 		assertThat(response.getStatus()).isEqualTo(401);
 	}
@@ -311,8 +290,7 @@ public class BasicAuthenticationFilterTests {
 
 		String token = "bad:credentials";
 		MockHttpServletRequest request = new MockHttpServletRequest();
-		request.addHeader("Authorization",
-				"Basic " + new String(Base64.encodeBase64(token.getBytes())));
+		request.addHeader("Authorization", "Basic " + new String(Base64.encodeBase64(token.getBytes())));
 		request.setServletPath("/some_file.html");
 		request.setAttribute(WebUtils.ERROR_REQUEST_URI_ATTRIBUTE, "/error");
 		MockHttpServletResponse response = new MockHttpServletResponse();
@@ -330,7 +308,8 @@ public class BasicAuthenticationFilterTests {
 
 		UsernamePasswordAuthenticationToken rodRequest = new UsernamePasswordAuthenticationToken("rod", "äöü");
 		rodRequest.setDetails(new WebAuthenticationDetails(new MockHttpServletRequest()));
-		Authentication rod = new UsernamePasswordAuthenticationToken("rod", "äöü", AuthorityUtils.createAuthorityList("ROLE_1"));
+		Authentication rod = new UsernamePasswordAuthenticationToken("rod", "äöü",
+				AuthorityUtils.createAuthorityList("ROLE_1"));
 
 		manager = mock(AuthenticationManager.class);
 		when(manager.authenticate(rodRequest)).thenReturn(rod);
@@ -340,7 +319,8 @@ public class BasicAuthenticationFilterTests {
 
 		String token = "rod:äöü";
 		MockHttpServletRequest request = new MockHttpServletRequest();
-		request.addHeader("Authorization", "Basic " + new String(Base64.encodeBase64(token.getBytes(StandardCharsets.UTF_8))));
+		request.addHeader("Authorization",
+				"Basic " + new String(Base64.encodeBase64(token.getBytes(StandardCharsets.UTF_8))));
 		request.setServletPath("/some_file.html");
 
 		MockHttpServletResponse response = new MockHttpServletResponse();
@@ -363,7 +343,8 @@ public class BasicAuthenticationFilterTests {
 
 		UsernamePasswordAuthenticationToken rodRequest = new UsernamePasswordAuthenticationToken("rod", "äöü");
 		rodRequest.setDetails(new WebAuthenticationDetails(new MockHttpServletRequest()));
-		Authentication rod = new UsernamePasswordAuthenticationToken("rod", "äöü", AuthorityUtils.createAuthorityList("ROLE_1"));
+		Authentication rod = new UsernamePasswordAuthenticationToken("rod", "äöü",
+				AuthorityUtils.createAuthorityList("ROLE_1"));
 
 		manager = mock(AuthenticationManager.class);
 		when(manager.authenticate(rodRequest)).thenReturn(rod);
@@ -374,7 +355,8 @@ public class BasicAuthenticationFilterTests {
 
 		String token = "rod:äöü";
 		MockHttpServletRequest request = new MockHttpServletRequest();
-		request.addHeader("Authorization", "Basic " + new String(Base64.encodeBase64(token.getBytes(StandardCharsets.ISO_8859_1))));
+		request.addHeader("Authorization",
+				"Basic " + new String(Base64.encodeBase64(token.getBytes(StandardCharsets.ISO_8859_1))));
 		request.setServletPath("/some_file.html");
 
 		MockHttpServletResponse response = new MockHttpServletResponse();
@@ -397,7 +379,8 @@ public class BasicAuthenticationFilterTests {
 
 		UsernamePasswordAuthenticationToken rodRequest = new UsernamePasswordAuthenticationToken("rod", "äöü");
 		rodRequest.setDetails(new WebAuthenticationDetails(new MockHttpServletRequest()));
-		Authentication rod = new UsernamePasswordAuthenticationToken("rod", "äöü", AuthorityUtils.createAuthorityList("ROLE_1"));
+		Authentication rod = new UsernamePasswordAuthenticationToken("rod", "äöü",
+				AuthorityUtils.createAuthorityList("ROLE_1"));
 
 		manager = mock(AuthenticationManager.class);
 		when(manager.authenticate(rodRequest)).thenReturn(rod);
@@ -408,7 +391,8 @@ public class BasicAuthenticationFilterTests {
 
 		String token = "rod:äöü";
 		MockHttpServletRequest request = new MockHttpServletRequest();
-		request.addHeader("Authorization", "Basic " + new String(Base64.encodeBase64(token.getBytes(StandardCharsets.UTF_8))));
+		request.addHeader("Authorization",
+				"Basic " + new String(Base64.encodeBase64(token.getBytes(StandardCharsets.UTF_8))));
 		request.setServletPath("/some_file.html");
 
 		MockHttpServletResponse response = new MockHttpServletResponse();
@@ -434,8 +418,7 @@ public class BasicAuthenticationFilterTests {
 
 		FilterChain chain = mock(FilterChain.class);
 		filter.doFilter(request, response, chain);
-		verify(chain, never()).doFilter(any(ServletRequest.class),
-				any(ServletResponse.class));
+		verify(chain, never()).doFilter(any(ServletRequest.class), any(ServletResponse.class));
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
 		assertThat(response.getStatus()).isEqualTo(401);
 	}
diff --git a/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthUtilsTests.java b/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthUtilsTests.java
index 87d297ef3d..9f2623c2e4 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthUtilsTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthUtilsTests.java
@@ -30,6 +30,7 @@ import org.springframework.util.StringUtils;
  * @author Ben Alex
  */
 public class DigestAuthUtilsTests {
+
 	// ~ Constructors
 	// ===================================================================================================
 
@@ -40,17 +41,15 @@ public class DigestAuthUtilsTests {
 		// note it ignores malformed entries (ie those without an equals sign)
 		String unsplit = "username=\"rod\", invalidEntryThatHasNoEqualsSign, realm=\"Contacts Realm\", nonce=\"MTEwOTAyMzU1MTQ4NDo1YzY3OWViYWM5NDNmZWUwM2UwY2NmMDBiNDQzMTQ0OQ==\", uri=\"/spring-security-sample-contacts-filter/secure/adminPermission.htm?contactId=4\", response=\"38644211cf9ac3da63ab639807e2baff\", qop=auth, nc=00000004, cnonce=\"2b8d329a8571b99a\"";
 		String[] headerEntries = StringUtils.commaDelimitedListToStringArray(unsplit);
-		Map<String, String> headerMap = DigestAuthUtils.splitEachArrayElementAndCreateMap(
-				headerEntries, "=", "\"");
+		Map<String, String> headerMap = DigestAuthUtils.splitEachArrayElementAndCreateMap(headerEntries, "=", "\"");
 
 		assertThat(headerMap.get("username")).isEqualTo("rod");
 		assertThat(headerMap.get("realm")).isEqualTo("Contacts Realm");
-		assertThat(headerMap.get("nonce")).isEqualTo(
-				"MTEwOTAyMzU1MTQ4NDo1YzY3OWViYWM5NDNmZWUwM2UwY2NmMDBiNDQzMTQ0OQ==");
-		assertThat(headerMap.get("uri")).isEqualTo(
-				"/spring-security-sample-contacts-filter/secure/adminPermission.htm?contactId=4");
-		assertThat(headerMap.get("response")).isEqualTo(
-				"38644211cf9ac3da63ab639807e2baff");
+		assertThat(headerMap.get("nonce"))
+				.isEqualTo("MTEwOTAyMzU1MTQ4NDo1YzY3OWViYWM5NDNmZWUwM2UwY2NmMDBiNDQzMTQ0OQ==");
+		assertThat(headerMap.get("uri"))
+				.isEqualTo("/spring-security-sample-contacts-filter/secure/adminPermission.htm?contactId=4");
+		assertThat(headerMap.get("response")).isEqualTo("38644211cf9ac3da63ab639807e2baff");
 		assertThat(headerMap.get("qop")).isEqualTo("auth");
 		assertThat(headerMap.get("nc")).isEqualTo("00000004");
 		assertThat(headerMap.get("cnonce")).isEqualTo("2b8d329a8571b99a");
@@ -61,17 +60,15 @@ public class DigestAuthUtilsTests {
 	public void testSplitEachArrayElementAndCreateMapRespectsInstructionNotToRemoveCharacters() {
 		String unsplit = "username=\"rod\", realm=\"Contacts Realm\", nonce=\"MTEwOTAyMzU1MTQ4NDo1YzY3OWViYWM5NDNmZWUwM2UwY2NmMDBiNDQzMTQ0OQ==\", uri=\"/spring-security-sample-contacts-filter/secure/adminPermission.htm?contactId=4\", response=\"38644211cf9ac3da63ab639807e2baff\", qop=auth, nc=00000004, cnonce=\"2b8d329a8571b99a\"";
 		String[] headerEntries = StringUtils.commaDelimitedListToStringArray(unsplit);
-		Map<String, String> headerMap = DigestAuthUtils.splitEachArrayElementAndCreateMap(
-				headerEntries, "=", null);
+		Map<String, String> headerMap = DigestAuthUtils.splitEachArrayElementAndCreateMap(headerEntries, "=", null);
 
 		assertThat(headerMap.get("username")).isEqualTo("\"rod\"");
 		assertThat(headerMap.get("realm")).isEqualTo("\"Contacts Realm\"");
-		assertThat(headerMap.get("nonce")).isEqualTo(
-				"\"MTEwOTAyMzU1MTQ4NDo1YzY3OWViYWM5NDNmZWUwM2UwY2NmMDBiNDQzMTQ0OQ==\"");
-		assertThat(headerMap.get("uri")).isEqualTo(
-				"\"/spring-security-sample-contacts-filter/secure/adminPermission.htm?contactId=4\"");
-		assertThat(headerMap.get("response")).isEqualTo(
-				"\"38644211cf9ac3da63ab639807e2baff\"");
+		assertThat(headerMap.get("nonce"))
+				.isEqualTo("\"MTEwOTAyMzU1MTQ4NDo1YzY3OWViYWM5NDNmZWUwM2UwY2NmMDBiNDQzMTQ0OQ==\"");
+		assertThat(headerMap.get("uri"))
+				.isEqualTo("\"/spring-security-sample-contacts-filter/secure/adminPermission.htm?contactId=4\"");
+		assertThat(headerMap.get("response")).isEqualTo("\"38644211cf9ac3da63ab639807e2baff\"");
 		assertThat(headerMap.get("qop")).isEqualTo("auth");
 		assertThat(headerMap.get("nc")).isEqualTo("00000004");
 		assertThat(headerMap.get("cnonce")).isEqualTo("\"2b8d329a8571b99a\"");
@@ -80,10 +77,8 @@ public class DigestAuthUtilsTests {
 
 	@Test
 	public void testSplitEachArrayElementAndCreateMapReturnsNullIfArrayEmptyOrNull() {
-		assertThat(DigestAuthUtils.splitEachArrayElementAndCreateMap(null, "=",
-				"\"")).isNull();
-		assertThat(DigestAuthUtils.splitEachArrayElementAndCreateMap(new String[] {}, "=",
-				"\"")).isNull();
+		assertThat(DigestAuthUtils.splitEachArrayElementAndCreateMap(null, "=", "\"")).isNull();
+		assertThat(DigestAuthUtils.splitEachArrayElementAndCreateMap(new String[] {}, "=", "\"")).isNull();
 	}
 
 	@Test
@@ -159,4 +154,5 @@ public class DigestAuthUtilsTests {
 
 		assertThat(parts).hasSize(8);
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthenticationEntryPointTests.java b/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthenticationEntryPointTests.java
index 0345468792..4c2360ec46 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthenticationEntryPointTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthenticationEntryPointTests.java
@@ -36,6 +36,7 @@ import static org.assertj.core.api.Assertions.fail;
  * @author Ben Alex
  */
 public class DigestAuthenticationEntryPointTests {
+
 	// ~ Methods
 	// ========================================================================================================
 
@@ -111,14 +112,12 @@ public class DigestAuthenticationEntryPointTests {
 
 		// Check response is properly formed
 		assertThat(response.getStatus()).isEqualTo(401);
-		assertThat(response.getHeader("WWW-Authenticate").toString())
-				.startsWith("Digest ");
+		assertThat(response.getHeader("WWW-Authenticate").toString()).startsWith("Digest ");
 
 		// Break up response header
 		String header = response.getHeader("WWW-Authenticate").toString().substring(7);
 		String[] headerEntries = StringUtils.commaDelimitedListToStringArray(header);
-		Map<String, String> headerMap = DigestAuthUtils
-				.splitEachArrayElementAndCreateMap(headerEntries, "=", "\"");
+		Map<String, String> headerMap = DigestAuthUtils.splitEachArrayElementAndCreateMap(headerEntries, "=", "\"");
 
 		assertThat(headerMap.get("realm")).isEqualTo("hello");
 		assertThat(headerMap.get("qop")).isEqualTo("auth");
@@ -144,14 +143,12 @@ public class DigestAuthenticationEntryPointTests {
 
 		// Check response is properly formed
 		assertThat(response.getStatus()).isEqualTo(401);
-		assertThat(response.getHeader("WWW-Authenticate").toString())
-				.startsWith("Digest ");
+		assertThat(response.getHeader("WWW-Authenticate").toString()).startsWith("Digest ");
 
 		// Break up response header
 		String header = response.getHeader("WWW-Authenticate").toString().substring(7);
 		String[] headerEntries = StringUtils.commaDelimitedListToStringArray(header);
-		Map<String, String> headerMap = DigestAuthUtils
-				.splitEachArrayElementAndCreateMap(headerEntries, "=", "\"");
+		Map<String, String> headerMap = DigestAuthUtils.splitEachArrayElementAndCreateMap(headerEntries, "=", "\"");
 
 		assertThat(headerMap.get("realm")).isEqualTo("hello");
 		assertThat(headerMap.get("qop")).isEqualTo("auth");
@@ -159,4 +156,5 @@ public class DigestAuthenticationEntryPointTests {
 
 		checkNonceValid(headerMap.get("nonce"));
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilterTests.java
index d41c335644..cb85338d7e 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilterTests.java
@@ -53,6 +53,7 @@ import static org.mockito.Mockito.verify;
  * @author Luke Taylor
  */
 public class DigestAuthenticationFilterTests {
+
 	// ~ Static fields/initializers
 	// =====================================================================================
 
@@ -88,16 +89,14 @@ public class DigestAuthenticationFilterTests {
 	// ~ Methods
 	// ========================================================================================================
 
-	private String createAuthorizationHeader(String username, String realm, String nonce,
-			String uri, String responseDigest, String qop, String nc, String cnonce) {
-		return "Digest username=\"" + username + "\", realm=\"" + realm + "\", nonce=\""
-				+ nonce + "\", uri=\"" + uri + "\", response=\"" + responseDigest
-				+ "\", qop=" + qop + ", nc=" + nc + ", cnonce=\"" + cnonce + "\"";
+	private String createAuthorizationHeader(String username, String realm, String nonce, String uri,
+			String responseDigest, String qop, String nc, String cnonce) {
+		return "Digest username=\"" + username + "\", realm=\"" + realm + "\", nonce=\"" + nonce + "\", uri=\"" + uri
+				+ "\", response=\"" + responseDigest + "\", qop=" + qop + ", nc=" + nc + ", cnonce=\"" + cnonce + "\"";
 	}
 
-	private MockHttpServletResponse executeFilterInContainerSimulator(Filter filter,
-			final ServletRequest request, final boolean expectChainToProceed)
-					throws ServletException, IOException {
+	private MockHttpServletResponse executeFilterInContainerSimulator(Filter filter, final ServletRequest request,
+			final boolean expectChainToProceed) throws ServletException, IOException {
 		final MockHttpServletResponse response = new MockHttpServletResponse();
 
 		final FilterChain chain = mock(FilterChain.class);
@@ -148,46 +147,42 @@ public class DigestAuthenticationFilterTests {
 	@Test
 	public void testExpiredNonceReturnsForbiddenWithStaleHeader() throws Exception {
 		String nonce = generateNonce(0);
-		String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM,
-				PASSWORD, "GET", REQUEST_URI, QOP, nonce, NC, CNONCE);
+		String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM, PASSWORD, "GET", REQUEST_URI,
+				QOP, nonce, NC, CNONCE);
 
-		request.addHeader("Authorization", createAuthorizationHeader(USERNAME, REALM,
-				nonce, REQUEST_URI, responseDigest, QOP, NC, CNONCE));
+		request.addHeader("Authorization",
+				createAuthorizationHeader(USERNAME, REALM, nonce, REQUEST_URI, responseDigest, QOP, NC, CNONCE));
 
 		Thread.sleep(1000); // ensures token expired
 
-		MockHttpServletResponse response = executeFilterInContainerSimulator(filter,
-				request, false);
+		MockHttpServletResponse response = executeFilterInContainerSimulator(filter, request, false);
 
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
 		assertThat(response.getStatus()).isEqualTo(401);
 
 		String header = response.getHeader("WWW-Authenticate").toString().substring(7);
 		String[] headerEntries = StringUtils.commaDelimitedListToStringArray(header);
-		Map<String, String> headerMap = DigestAuthUtils.splitEachArrayElementAndCreateMap(
-				headerEntries, "=", "\"");
+		Map<String, String> headerMap = DigestAuthUtils.splitEachArrayElementAndCreateMap(headerEntries, "=", "\"");
 		assertThat(headerMap.get("stale")).isEqualTo("true");
 	}
 
 	@Test
 	public void doFilterWhenNonceHasBadKeyThenGeneratesError() throws Exception {
 		String badNonce = generateNonce(60, "badkey");
-		String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM,
-				PASSWORD, "GET", REQUEST_URI, QOP, badNonce, NC, CNONCE);
+		String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM, PASSWORD, "GET", REQUEST_URI,
+				QOP, badNonce, NC, CNONCE);
 
-		request.addHeader("Authorization", createAuthorizationHeader(USERNAME, REALM,
-				badNonce, REQUEST_URI, responseDigest, QOP, NC, CNONCE));
+		request.addHeader("Authorization",
+				createAuthorizationHeader(USERNAME, REALM, badNonce, REQUEST_URI, responseDigest, QOP, NC, CNONCE));
 
-		MockHttpServletResponse response =
-				executeFilterInContainerSimulator(filter, request, false);
+		MockHttpServletResponse response = executeFilterInContainerSimulator(filter, request, false);
 
 		assertThat(response.getStatus()).isEqualTo(401);
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
 	}
 
 	@Test
-	public void testFilterIgnoresRequestsContainingNoAuthorizationHeader()
-			throws Exception {
+	public void testFilterIgnoresRequestsContainingNoAuthorizationHeader() throws Exception {
 		executeFilterInContainerSimulator(filter, request, true);
 
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
@@ -212,11 +207,9 @@ public class DigestAuthenticationFilterTests {
 	public void testInvalidDigestAuthorizationTokenGeneratesError() throws Exception {
 		String token = "NOT_A_VALID_TOKEN_AS_MISSING_COLON";
 
-		request.addHeader("Authorization",
-				"Digest " + new String(Base64.encodeBase64(token.getBytes())));
+		request.addHeader("Authorization", "Digest " + new String(Base64.encodeBase64(token.getBytes())));
 
-		MockHttpServletResponse response = executeFilterInContainerSimulator(filter,
-				request, false);
+		MockHttpServletResponse response = executeFilterInContainerSimulator(filter, request, false);
 
 		assertThat(response.getStatus()).isEqualTo(401);
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
@@ -226,8 +219,7 @@ public class DigestAuthenticationFilterTests {
 	public void testMalformedHeaderReturnsForbidden() throws Exception {
 		request.addHeader("Authorization", "Digest scsdcsdc");
 
-		MockHttpServletResponse response = executeFilterInContainerSimulator(filter,
-				request, false);
+		MockHttpServletResponse response = executeFilterInContainerSimulator(filter, request, false);
 
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
 		assertThat(response.getStatus()).isEqualTo(401);
@@ -237,32 +229,28 @@ public class DigestAuthenticationFilterTests {
 	public void testNonBase64EncodedNonceReturnsForbidden() throws Exception {
 		String nonce = "NOT_BASE_64_ENCODED";
 
-		String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM,
-				PASSWORD, "GET", REQUEST_URI, QOP, nonce, NC, CNONCE);
+		String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM, PASSWORD, "GET", REQUEST_URI,
+				QOP, nonce, NC, CNONCE);
 
-		request.addHeader("Authorization", createAuthorizationHeader(USERNAME, REALM,
-				nonce, REQUEST_URI, responseDigest, QOP, NC, CNONCE));
+		request.addHeader("Authorization",
+				createAuthorizationHeader(USERNAME, REALM, nonce, REQUEST_URI, responseDigest, QOP, NC, CNONCE));
 
-		MockHttpServletResponse response = executeFilterInContainerSimulator(filter,
-				request, false);
+		MockHttpServletResponse response = executeFilterInContainerSimulator(filter, request, false);
 
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
 		assertThat(response.getStatus()).isEqualTo(401);
 	}
 
 	@Test
-	public void testNonceWithIncorrectSignatureForNumericFieldReturnsForbidden()
-			throws Exception {
-		String nonce = new String(
-				Base64.encodeBase64("123456:incorrectStringPassword".getBytes()));
-		String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM,
-				PASSWORD, "GET", REQUEST_URI, QOP, nonce, NC, CNONCE);
+	public void testNonceWithIncorrectSignatureForNumericFieldReturnsForbidden() throws Exception {
+		String nonce = new String(Base64.encodeBase64("123456:incorrectStringPassword".getBytes()));
+		String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM, PASSWORD, "GET", REQUEST_URI,
+				QOP, nonce, NC, CNONCE);
 
-		request.addHeader("Authorization", createAuthorizationHeader(USERNAME, REALM,
-				nonce, REQUEST_URI, responseDigest, QOP, NC, CNONCE));
+		request.addHeader("Authorization",
+				createAuthorizationHeader(USERNAME, REALM, nonce, REQUEST_URI, responseDigest, QOP, NC, CNONCE));
 
-		MockHttpServletResponse response = executeFilterInContainerSimulator(filter,
-				request, false);
+		MockHttpServletResponse response = executeFilterInContainerSimulator(filter, request, false);
 
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
 		assertThat(response.getStatus()).isEqualTo(401);
@@ -270,34 +258,29 @@ public class DigestAuthenticationFilterTests {
 
 	@Test
 	public void testNonceWithNonNumericFirstElementReturnsForbidden() throws Exception {
-		String nonce = new String(
-				Base64.encodeBase64("hello:ignoredSecondElement".getBytes()));
-		String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM,
-				PASSWORD, "GET", REQUEST_URI, QOP, nonce, NC, CNONCE);
+		String nonce = new String(Base64.encodeBase64("hello:ignoredSecondElement".getBytes()));
+		String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM, PASSWORD, "GET", REQUEST_URI,
+				QOP, nonce, NC, CNONCE);
 
-		request.addHeader("Authorization", createAuthorizationHeader(USERNAME, REALM,
-				nonce, REQUEST_URI, responseDigest, QOP, NC, CNONCE));
+		request.addHeader("Authorization",
+				createAuthorizationHeader(USERNAME, REALM, nonce, REQUEST_URI, responseDigest, QOP, NC, CNONCE));
 
-		MockHttpServletResponse response = executeFilterInContainerSimulator(filter,
-				request, false);
+		MockHttpServletResponse response = executeFilterInContainerSimulator(filter, request, false);
 
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
 		assertThat(response.getStatus()).isEqualTo(401);
 	}
 
 	@Test
-	public void testNonceWithoutTwoColonSeparatedElementsReturnsForbidden()
-			throws Exception {
-		String nonce = new String(
-				Base64.encodeBase64("a base 64 string without a colon".getBytes()));
-		String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM,
-				PASSWORD, "GET", REQUEST_URI, QOP, nonce, NC, CNONCE);
+	public void testNonceWithoutTwoColonSeparatedElementsReturnsForbidden() throws Exception {
+		String nonce = new String(Base64.encodeBase64("a base 64 string without a colon".getBytes()));
+		String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM, PASSWORD, "GET", REQUEST_URI,
+				QOP, nonce, NC, CNONCE);
 
-		request.addHeader("Authorization", createAuthorizationHeader(USERNAME, REALM,
-				nonce, REQUEST_URI, responseDigest, QOP, NC, CNONCE));
+		request.addHeader("Authorization",
+				createAuthorizationHeader(USERNAME, REALM, nonce, REQUEST_URI, responseDigest, QOP, NC, CNONCE));
 
-		MockHttpServletResponse response = executeFilterInContainerSimulator(filter,
-				request, false);
+		MockHttpServletResponse response = executeFilterInContainerSimulator(filter, request, false);
 
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
 		assertThat(response.getStatus()).isEqualTo(401);
@@ -305,61 +288,53 @@ public class DigestAuthenticationFilterTests {
 
 	@Test
 	public void testNormalOperationWhenPasswordIsAlreadyEncoded() throws Exception {
-		String encodedPassword = DigestAuthUtils.encodePasswordInA1Format(USERNAME, REALM,
-				PASSWORD);
-		String responseDigest = DigestAuthUtils.generateDigest(true, USERNAME, REALM,
-				encodedPassword, "GET", REQUEST_URI, QOP, NONCE, NC, CNONCE);
+		String encodedPassword = DigestAuthUtils.encodePasswordInA1Format(USERNAME, REALM, PASSWORD);
+		String responseDigest = DigestAuthUtils.generateDigest(true, USERNAME, REALM, encodedPassword, "GET",
+				REQUEST_URI, QOP, NONCE, NC, CNONCE);
 
-		request.addHeader("Authorization", createAuthorizationHeader(USERNAME, REALM,
-				NONCE, REQUEST_URI, responseDigest, QOP, NC, CNONCE));
+		request.addHeader("Authorization",
+				createAuthorizationHeader(USERNAME, REALM, NONCE, REQUEST_URI, responseDigest, QOP, NC, CNONCE));
 
 		executeFilterInContainerSimulator(filter, request, true);
 
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull();
-		assertThat(
-				((UserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getUsername()).isEqualTo(
-						USERNAME);
+		assertThat(((UserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getUsername())
+				.isEqualTo(USERNAME);
 	}
 
 	@Test
 	public void testNormalOperationWhenPasswordNotAlreadyEncoded() throws Exception {
-		String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM,
-				PASSWORD, "GET", REQUEST_URI, QOP, NONCE, NC, CNONCE);
+		String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM, PASSWORD, "GET", REQUEST_URI,
+				QOP, NONCE, NC, CNONCE);
 
-		request.addHeader("Authorization", createAuthorizationHeader(USERNAME, REALM,
-				NONCE, REQUEST_URI, responseDigest, QOP, NC, CNONCE));
+		request.addHeader("Authorization",
+				createAuthorizationHeader(USERNAME, REALM, NONCE, REQUEST_URI, responseDigest, QOP, NC, CNONCE));
 
 		executeFilterInContainerSimulator(filter, request, true);
 
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull();
-		assertThat(
-				((UserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getUsername()).isEqualTo(
-						USERNAME);
-		assertThat(
-				SecurityContextHolder.getContext().getAuthentication().isAuthenticated()).isFalse();
+		assertThat(((UserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getUsername())
+				.isEqualTo(USERNAME);
+		assertThat(SecurityContextHolder.getContext().getAuthentication().isAuthenticated()).isFalse();
 	}
 
 	@Test
-	public void testNormalOperationWhenPasswordNotAlreadyEncodedAndWithoutReAuthentication()
-			throws Exception {
-		String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM,
-				PASSWORD, "GET", REQUEST_URI, QOP, NONCE, NC, CNONCE);
+	public void testNormalOperationWhenPasswordNotAlreadyEncodedAndWithoutReAuthentication() throws Exception {
+		String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM, PASSWORD, "GET", REQUEST_URI,
+				QOP, NONCE, NC, CNONCE);
 
-		request.addHeader("Authorization", createAuthorizationHeader(USERNAME, REALM,
-				NONCE, REQUEST_URI, responseDigest, QOP, NC, CNONCE));
+		request.addHeader("Authorization",
+				createAuthorizationHeader(USERNAME, REALM, NONCE, REQUEST_URI, responseDigest, QOP, NC, CNONCE));
 
 		filter.setCreateAuthenticatedToken(true);
 		executeFilterInContainerSimulator(filter, request, true);
 
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull();
-		assertThat(
-				((UserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getUsername()).isEqualTo(
-						USERNAME);
-		assertThat(
-				SecurityContextHolder.getContext().getAuthentication().isAuthenticated()).isTrue();
-		assertThat(
-				SecurityContextHolder.getContext().getAuthentication().getAuthorities()).isEqualTo(
-						AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO"));
+		assertThat(((UserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getUsername())
+				.isEqualTo(USERNAME);
+		assertThat(SecurityContextHolder.getContext().getAuthentication().isAuthenticated()).isTrue();
+		assertThat(SecurityContextHolder.getContext().getAuthentication().getAuthorities())
+				.isEqualTo(AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO"));
 	}
 
 	@Test
@@ -386,28 +361,26 @@ public class DigestAuthenticationFilterTests {
 	}
 
 	@Test
-	public void successfulLoginThenFailedLoginResultsInSessionLosingToken()
-			throws Exception {
-		String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM,
-				PASSWORD, "GET", REQUEST_URI, QOP, NONCE, NC, CNONCE);
+	public void successfulLoginThenFailedLoginResultsInSessionLosingToken() throws Exception {
+		String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM, PASSWORD, "GET", REQUEST_URI,
+				QOP, NONCE, NC, CNONCE);
 
-		request.addHeader("Authorization", createAuthorizationHeader(USERNAME, REALM,
-				NONCE, REQUEST_URI, responseDigest, QOP, NC, CNONCE));
+		request.addHeader("Authorization",
+				createAuthorizationHeader(USERNAME, REALM, NONCE, REQUEST_URI, responseDigest, QOP, NC, CNONCE));
 
 		executeFilterInContainerSimulator(filter, request, true);
 
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull();
 
 		// Now retry, giving an invalid nonce
-		responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM,
-				"WRONG_PASSWORD", "GET", REQUEST_URI, QOP, NONCE, NC, CNONCE);
+		responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM, "WRONG_PASSWORD", "GET", REQUEST_URI,
+				QOP, NONCE, NC, CNONCE);
 
 		request = new MockHttpServletRequest();
-		request.addHeader("Authorization", createAuthorizationHeader(USERNAME, REALM,
-				NONCE, REQUEST_URI, responseDigest, QOP, NC, CNONCE));
+		request.addHeader("Authorization",
+				createAuthorizationHeader(USERNAME, REALM, NONCE, REQUEST_URI, responseDigest, QOP, NC, CNONCE));
 
-		MockHttpServletResponse response = executeFilterInContainerSimulator(filter,
-				request, false);
+		MockHttpServletResponse response = executeFilterInContainerSimulator(filter, request, false);
 
 		// Check we lost our previous authentication
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
@@ -418,14 +391,13 @@ public class DigestAuthenticationFilterTests {
 	public void wrongCnonceBasedOnDigestReturnsForbidden() throws Exception {
 		String cnonce = "NOT_SAME_AS_USED_FOR_DIGEST_COMPUTATION";
 
-		String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM,
-				PASSWORD, "GET", REQUEST_URI, QOP, NONCE, NC, "DIFFERENT_CNONCE");
+		String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM, PASSWORD, "GET", REQUEST_URI,
+				QOP, NONCE, NC, "DIFFERENT_CNONCE");
 
-		request.addHeader("Authorization", createAuthorizationHeader(USERNAME, REALM,
-				NONCE, REQUEST_URI, responseDigest, QOP, NC, cnonce));
+		request.addHeader("Authorization",
+				createAuthorizationHeader(USERNAME, REALM, NONCE, REQUEST_URI, responseDigest, QOP, NC, cnonce));
 
-		MockHttpServletResponse response = executeFilterInContainerSimulator(filter,
-				request, false);
+		MockHttpServletResponse response = executeFilterInContainerSimulator(filter, request, false);
 
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
 		assertThat(response.getStatus()).isEqualTo(401);
@@ -434,14 +406,13 @@ public class DigestAuthenticationFilterTests {
 	@Test
 	public void wrongDigestReturnsForbidden() throws Exception {
 		String password = "WRONG_PASSWORD";
-		String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM,
-				password, "GET", REQUEST_URI, QOP, NONCE, NC, CNONCE);
+		String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM, password, "GET", REQUEST_URI,
+				QOP, NONCE, NC, CNONCE);
 
-		request.addHeader("Authorization", createAuthorizationHeader(USERNAME, REALM,
-				NONCE, REQUEST_URI, responseDigest, QOP, NC, CNONCE));
+		request.addHeader("Authorization",
+				createAuthorizationHeader(USERNAME, REALM, NONCE, REQUEST_URI, responseDigest, QOP, NC, CNONCE));
 
-		MockHttpServletResponse response = executeFilterInContainerSimulator(filter,
-				request, false);
+		MockHttpServletResponse response = executeFilterInContainerSimulator(filter, request, false);
 
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
 		assertThat(response.getStatus()).isEqualTo(401);
@@ -450,14 +421,13 @@ public class DigestAuthenticationFilterTests {
 	@Test
 	public void wrongRealmReturnsForbidden() throws Exception {
 		String realm = "WRONG_REALM";
-		String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, realm,
-				PASSWORD, "GET", REQUEST_URI, QOP, NONCE, NC, CNONCE);
+		String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, realm, PASSWORD, "GET", REQUEST_URI,
+				QOP, NONCE, NC, CNONCE);
 
-		request.addHeader("Authorization", createAuthorizationHeader(USERNAME, realm,
-				NONCE, REQUEST_URI, responseDigest, QOP, NC, CNONCE));
+		request.addHeader("Authorization",
+				createAuthorizationHeader(USERNAME, realm, NONCE, REQUEST_URI, responseDigest, QOP, NC, CNONCE));
 
-		MockHttpServletResponse response = executeFilterInContainerSimulator(filter,
-				request, false);
+		MockHttpServletResponse response = executeFilterInContainerSimulator(filter, request, false);
 
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
 		assertThat(response.getStatus()).isEqualTo(401);
@@ -465,14 +435,13 @@ public class DigestAuthenticationFilterTests {
 
 	@Test
 	public void wrongUsernameReturnsForbidden() throws Exception {
-		String responseDigest = DigestAuthUtils.generateDigest(false, "NOT_A_KNOWN_USER",
-				REALM, PASSWORD, "GET", REQUEST_URI, QOP, NONCE, NC, CNONCE);
+		String responseDigest = DigestAuthUtils.generateDigest(false, "NOT_A_KNOWN_USER", REALM, PASSWORD, "GET",
+				REQUEST_URI, QOP, NONCE, NC, CNONCE);
 
-		request.addHeader("Authorization", createAuthorizationHeader(USERNAME, REALM,
-				NONCE, REQUEST_URI, responseDigest, QOP, NC, CNONCE));
+		request.addHeader("Authorization",
+				createAuthorizationHeader(USERNAME, REALM, NONCE, REQUEST_URI, responseDigest, QOP, NC, CNONCE));
 
-		MockHttpServletResponse response = executeFilterInContainerSimulator(filter,
-				request, false);
+		MockHttpServletResponse response = executeFilterInContainerSimulator(filter, request, false);
 
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
 		assertThat(response.getStatus()).isEqualTo(401);
@@ -482,21 +451,22 @@ public class DigestAuthenticationFilterTests {
 	@Test
 	public void authenticationCreatesEmptyContext() throws Exception {
 		SecurityContext existingContext = SecurityContextHolder.createEmptyContext();
-		TestingAuthenticationToken existingAuthentication = new TestingAuthenticationToken(
-				"existingauthenitcated", "pass", "ROLE_USER");
+		TestingAuthenticationToken existingAuthentication = new TestingAuthenticationToken("existingauthenitcated",
+				"pass", "ROLE_USER");
 		existingContext.setAuthentication(existingAuthentication);
 
 		SecurityContextHolder.setContext(existingContext);
 
-		String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM,
-				PASSWORD, "GET", REQUEST_URI, QOP, NONCE, NC, CNONCE);
+		String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM, PASSWORD, "GET", REQUEST_URI,
+				QOP, NONCE, NC, CNONCE);
 
-		request.addHeader("Authorization", createAuthorizationHeader(USERNAME, REALM,
-				NONCE, REQUEST_URI, responseDigest, QOP, NC, CNONCE));
+		request.addHeader("Authorization",
+				createAuthorizationHeader(USERNAME, REALM, NONCE, REQUEST_URI, responseDigest, QOP, NC, CNONCE));
 
 		filter.setCreateAuthenticatedToken(true);
 		executeFilterInContainerSimulator(filter, request, true);
 
 		assertThat(existingAuthentication).isSameAs(existingContext.getAuthentication());
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/bind/support/AuthenticationPrincipalArgumentResolverTests.java b/web/src/test/java/org/springframework/security/web/bind/support/AuthenticationPrincipalArgumentResolverTests.java
index 1ec610ad40..e41604a4dc 100644
--- a/web/src/test/java/org/springframework/security/web/bind/support/AuthenticationPrincipalArgumentResolverTests.java
+++ b/web/src/test/java/org/springframework/security/web/bind/support/AuthenticationPrincipalArgumentResolverTests.java
@@ -41,7 +41,9 @@ import org.springframework.util.ReflectionUtils;
  */
 @SuppressWarnings("deprecation")
 public class AuthenticationPrincipalArgumentResolverTests {
+
 	private Object expectedPrincipal;
+
 	private AuthenticationPrincipalArgumentResolver resolver;
 
 	@Before
@@ -71,60 +73,51 @@ public class AuthenticationPrincipalArgumentResolverTests {
 
 	@Test
 	public void resolveArgumentNullAuthentication() throws Exception {
-		assertThat(resolver.resolveArgument(showUserAnnotationString(), null, null, null))
-				.isNull();
+		assertThat(resolver.resolveArgument(showUserAnnotationString(), null, null, null)).isNull();
 	}
 
 	@Test
 	public void resolveArgumentNullPrincipal() throws Exception {
 		setAuthenticationPrincipal(null);
-		assertThat(resolver.resolveArgument(showUserAnnotationString(), null, null, null))
-				.isNull();
+		assertThat(resolver.resolveArgument(showUserAnnotationString(), null, null, null)).isNull();
 	}
 
 	@Test
 	public void resolveArgumentString() throws Exception {
 		setAuthenticationPrincipal("john");
-		assertThat(resolver.resolveArgument(showUserAnnotationString(), null, null, null))
-				.isEqualTo(expectedPrincipal);
+		assertThat(resolver.resolveArgument(showUserAnnotationString(), null, null, null)).isEqualTo(expectedPrincipal);
 	}
 
 	@Test
 	public void resolveArgumentPrincipalStringOnObject() throws Exception {
 		setAuthenticationPrincipal("john");
-		assertThat(resolver.resolveArgument(showUserAnnotationObject(), null, null, null))
-				.isEqualTo(expectedPrincipal);
+		assertThat(resolver.resolveArgument(showUserAnnotationObject(), null, null, null)).isEqualTo(expectedPrincipal);
 	}
 
 	@Test
 	public void resolveArgumentUserDetails() throws Exception {
-		setAuthenticationPrincipal(new User("user", "password",
-				AuthorityUtils.createAuthorityList("ROLE_USER")));
-		assertThat(
-				resolver.resolveArgument(showUserAnnotationUserDetails(), null, null,
-						null)).isEqualTo(expectedPrincipal);
+		setAuthenticationPrincipal(new User("user", "password", AuthorityUtils.createAuthorityList("ROLE_USER")));
+		assertThat(resolver.resolveArgument(showUserAnnotationUserDetails(), null, null, null))
+				.isEqualTo(expectedPrincipal);
 	}
 
 	@Test
 	public void resolveArgumentCustomUserPrincipal() throws Exception {
 		setAuthenticationPrincipal(new CustomUserPrincipal());
-		assertThat(
-				resolver.resolveArgument(showUserAnnotationCustomUserPrincipal(), null,
-						null, null)).isEqualTo(expectedPrincipal);
+		assertThat(resolver.resolveArgument(showUserAnnotationCustomUserPrincipal(), null, null, null))
+				.isEqualTo(expectedPrincipal);
 	}
 
 	@Test
 	public void resolveArgumentCustomAnnotation() throws Exception {
 		setAuthenticationPrincipal(new CustomUserPrincipal());
-		assertThat(resolver.resolveArgument(showUserCustomAnnotation(), null, null, null))
-				.isEqualTo(expectedPrincipal);
+		assertThat(resolver.resolveArgument(showUserCustomAnnotation(), null, null, null)).isEqualTo(expectedPrincipal);
 	}
 
 	@Test
 	public void resolveArgumentNullOnInvalidType() throws Exception {
 		setAuthenticationPrincipal(new CustomUserPrincipal());
-		assertThat(resolver.resolveArgument(showUserAnnotationString(), null, null, null))
-				.isNull();
+		assertThat(resolver.resolveArgument(showUserAnnotationString(), null, null, null)).isNull();
 	}
 
 	@Test(expected = ClassCastException.class)
@@ -136,15 +129,13 @@ public class AuthenticationPrincipalArgumentResolverTests {
 	@Test(expected = ClassCastException.class)
 	public void resolveArgumentCustomserErrorOnInvalidType() throws Exception {
 		setAuthenticationPrincipal(new CustomUserPrincipal());
-		resolver.resolveArgument(showUserAnnotationCurrentUserErrorOnInvalidType(), null,
-				null, null);
+		resolver.resolveArgument(showUserAnnotationCurrentUserErrorOnInvalidType(), null, null, null);
 	}
 
 	@Test
 	public void resolveArgumentObject() throws Exception {
 		setAuthenticationPrincipal(new Object());
-		assertThat(resolver.resolveArgument(showUserAnnotationObject(), null, null, null))
-				.isEqualTo(expectedPrincipal);
+		assertThat(resolver.resolveArgument(showUserAnnotationObject(), null, null, null)).isEqualTo(expectedPrincipal);
 	}
 
 	private MethodParameter showUserNoAnnotation() {
@@ -160,8 +151,7 @@ public class AuthenticationPrincipalArgumentResolverTests {
 	}
 
 	private MethodParameter showUserAnnotationCurrentUserErrorOnInvalidType() {
-		return getMethodParameter("showUserAnnotationCurrentUserErrorOnInvalidType",
-				String.class);
+		return getMethodParameter("showUserAnnotationCurrentUserErrorOnInvalidType", String.class);
 	}
 
 	private MethodParameter showUserAnnotationUserDetails() {
@@ -181,8 +171,7 @@ public class AuthenticationPrincipalArgumentResolverTests {
 	}
 
 	private MethodParameter getMethodParameter(String methodName, Class<?>... paramTypes) {
-		Method method = ReflectionUtils.findMethod(TestController.class, methodName,
-				paramTypes);
+		Method method = ReflectionUtils.findMethod(TestController.class, methodName, paramTypes);
 		return new MethodParameter(method, 0);
 	}
 
@@ -190,15 +179,18 @@ public class AuthenticationPrincipalArgumentResolverTests {
 	@Retention(RetentionPolicy.RUNTIME)
 	@AuthenticationPrincipal
 	static @interface CurrentUser {
+
 	}
 
 	@Target({ ElementType.PARAMETER })
 	@Retention(RetentionPolicy.RUNTIME)
 	@AuthenticationPrincipal(errorOnInvalidType = true)
 	static @interface CurrentUserErrorOnInvalidType {
+
 	}
 
 	public static class TestController {
+
 		public void showUserNoAnnotation(String user) {
 		}
 
@@ -209,8 +201,7 @@ public class AuthenticationPrincipalArgumentResolverTests {
 				@AuthenticationPrincipal(errorOnInvalidType = true) String user) {
 		}
 
-		public void showUserAnnotationCurrentUserErrorOnInvalidType(
-				@CurrentUserErrorOnInvalidType String user) {
+		public void showUserAnnotationCurrentUserErrorOnInvalidType(@CurrentUserErrorOnInvalidType String user) {
 		}
 
 		public void showUserAnnotation(@AuthenticationPrincipal UserDetails user) {
@@ -224,16 +215,17 @@ public class AuthenticationPrincipalArgumentResolverTests {
 
 		public void showUserAnnotation(@AuthenticationPrincipal Object user) {
 		}
+
 	}
 
 	private static class CustomUserPrincipal {
+
 	}
 
 	private void setAuthenticationPrincipal(Object principal) {
 		this.expectedPrincipal = principal;
 		SecurityContextHolder.getContext()
-				.setAuthentication(
-						new TestingAuthenticationToken(expectedPrincipal, "password",
-								"ROLE_USER"));
+				.setAuthentication(new TestingAuthenticationToken(expectedPrincipal, "password", "ROLE_USER"));
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/concurrent/ConcurrentSessionFilterTests.java b/web/src/test/java/org/springframework/security/web/concurrent/ConcurrentSessionFilterTests.java
index 67ed3ed9bd..6f9549f975 100644
--- a/web/src/test/java/org/springframework/security/web/concurrent/ConcurrentSessionFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/concurrent/ConcurrentSessionFilterTests.java
@@ -100,7 +100,8 @@ public class ConcurrentSessionFilterTests {
 
 		// Setup our test fixture and registry to want this session to be expired
 
-		SimpleRedirectSessionInformationExpiredStrategy expiredSessionStrategy = new SimpleRedirectSessionInformationExpiredStrategy("/expired.jsp");
+		SimpleRedirectSessionInformationExpiredStrategy expiredSessionStrategy = new SimpleRedirectSessionInformationExpiredStrategy(
+				"/expired.jsp");
 		ConcurrentSessionFilter filter = new ConcurrentSessionFilter(registry, expiredSessionStrategy);
 		filter.setLogoutHandlers(new LogoutHandler[] { new SecurityContextLogoutHandler() });
 		filter.afterPropertiesSet();
@@ -131,7 +132,8 @@ public class ConcurrentSessionFilterTests {
 		filter.doFilter(request, response, fc);
 		verifyZeroInteractions(fc);
 
-		assertThat(response.getContentAsString()).isEqualTo("This session has been expired (possibly due to multiple concurrent logins being "
+		assertThat(response.getContentAsString())
+				.isEqualTo("This session has been expired (possibly due to multiple concurrent logins being "
 						+ "attempted as the same user).");
 	}
 
@@ -153,7 +155,8 @@ public class ConcurrentSessionFilterTests {
 		// Setup our test fixture
 		SessionRegistry registry = new SessionRegistryImpl();
 		registry.registerNewSession(session.getId(), "principal");
-		SimpleRedirectSessionInformationExpiredStrategy expiredSessionStrategy = new SimpleRedirectSessionInformationExpiredStrategy("/expired.jsp");
+		SimpleRedirectSessionInformationExpiredStrategy expiredSessionStrategy = new SimpleRedirectSessionInformationExpiredStrategy(
+				"/expired.jsp");
 		ConcurrentSessionFilter filter = new ConcurrentSessionFilter(registry, expiredSessionStrategy);
 
 		Date lastRequest = registry.getSessionInformation(session.getId()).getLastRequest();
@@ -173,14 +176,13 @@ public class ConcurrentSessionFilterTests {
 
 		RedirectStrategy redirect = mock(RedirectStrategy.class);
 		SessionRegistry registry = mock(SessionRegistry.class);
-		SessionInformation information = new SessionInformation("user", "sessionId", new Date(System.currentTimeMillis() - 1000));
+		SessionInformation information = new SessionInformation("user", "sessionId",
+				new Date(System.currentTimeMillis() - 1000));
 		information.expireNow();
 		when(registry.getSessionInformation(anyString())).thenReturn(information);
 
-
 		String expiredUrl = "/expired";
-		ConcurrentSessionFilter filter = new ConcurrentSessionFilter(registry,
-				expiredUrl);
+		ConcurrentSessionFilter filter = new ConcurrentSessionFilter(registry, expiredUrl);
 		filter.setRedirectStrategy(redirect);
 
 		MockFilterChain chain = new MockFilterChain();
@@ -199,10 +201,8 @@ public class ConcurrentSessionFilterTests {
 		RedirectStrategy redirect = mock(RedirectStrategy.class);
 		SessionRegistry registry = mock(SessionRegistry.class);
 
-
 		String expiredUrl = "/expired";
-		ConcurrentSessionFilter filter = new ConcurrentSessionFilter(registry,
-				expiredUrl);
+		ConcurrentSessionFilter filter = new ConcurrentSessionFilter(registry, expiredUrl);
 		filter.setRedirectStrategy(redirect);
 
 		MockFilterChain chain = new MockFilterChain();
@@ -221,14 +221,13 @@ public class ConcurrentSessionFilterTests {
 
 		RedirectStrategy redirect = mock(RedirectStrategy.class);
 		SessionRegistry registry = mock(SessionRegistry.class);
-		SessionInformation information = new SessionInformation("user", "sessionId", new Date(System.currentTimeMillis() - 1000));
+		SessionInformation information = new SessionInformation("user", "sessionId",
+				new Date(System.currentTimeMillis() - 1000));
 		information.expireNow();
 		when(registry.getSessionInformation(anyString())).thenReturn(information);
 
-
 		String expiredUrl = "/expired";
-		ConcurrentSessionFilter filter = new ConcurrentSessionFilter(registry,
-				expiredUrl);
+		ConcurrentSessionFilter filter = new ConcurrentSessionFilter(registry, expiredUrl);
 		filter.setRedirectStrategy(redirect);
 
 		filter.doFilter(request, response, new MockFilterChain());
@@ -245,22 +244,24 @@ public class ConcurrentSessionFilterTests {
 
 		RedirectStrategy redirect = mock(RedirectStrategy.class);
 		SessionRegistry registry = mock(SessionRegistry.class);
-		SessionInformation information = new SessionInformation("user", "sessionId", new Date(System.currentTimeMillis() - 1000));
+		SessionInformation information = new SessionInformation("user", "sessionId",
+				new Date(System.currentTimeMillis() - 1000));
 		information.expireNow();
 		when(registry.getSessionInformation(anyString())).thenReturn(information);
 
-
 		final String expiredUrl = "/expired";
-		ConcurrentSessionFilter filter = new ConcurrentSessionFilter(registry,
-				expiredUrl + "will-be-overrridden") {
-					/* (non-Javadoc)
-					 * @see org.springframework.security.web.session.ConcurrentSessionFilter#determineExpiredUrl(javax.servlet.http.HttpServletRequest, org.springframework.security.core.session.SessionInformation)
-					 */
-					@Override
-					protected String determineExpiredUrl(HttpServletRequest request,
-							SessionInformation info) {
-						return expiredUrl;
-					}
+		ConcurrentSessionFilter filter = new ConcurrentSessionFilter(registry, expiredUrl + "will-be-overrridden") {
+			/*
+			 * (non-Javadoc)
+			 *
+			 * @see org.springframework.security.web.session.ConcurrentSessionFilter#
+			 * determineExpiredUrl(javax.servlet.http.HttpServletRequest,
+			 * org.springframework.security.core.session.SessionInformation)
+			 */
+			@Override
+			protected String determineExpiredUrl(HttpServletRequest request, SessionInformation info) {
+				return expiredUrl;
+			}
 
 		};
 		filter.setRedirectStrategy(redirect);
@@ -278,11 +279,11 @@ public class ConcurrentSessionFilterTests {
 		MockHttpServletResponse response = new MockHttpServletResponse();
 
 		SessionRegistry registry = mock(SessionRegistry.class);
-		SessionInformation information = new SessionInformation("user", "sessionId", new Date(System.currentTimeMillis() - 1000));
+		SessionInformation information = new SessionInformation("user", "sessionId",
+				new Date(System.currentTimeMillis() - 1000));
 		information.expireNow();
 		when(registry.getSessionInformation(anyString())).thenReturn(information);
 
-
 		ConcurrentSessionFilter filter = new ConcurrentSessionFilter(registry);
 
 		filter.doFilter(request, response, new MockFilterChain());
@@ -300,13 +301,13 @@ public class ConcurrentSessionFilterTests {
 		MockHttpServletResponse response = new MockHttpServletResponse();
 
 		SessionRegistry registry = mock(SessionRegistry.class);
-		SessionInformation information = new SessionInformation("user", "sessionId", new Date(System.currentTimeMillis() - 1000));
+		SessionInformation information = new SessionInformation("user", "sessionId",
+				new Date(System.currentTimeMillis() - 1000));
 		information.expireNow();
 		when(registry.getSessionInformation(anyString())).thenReturn(information);
 
-
 		ConcurrentSessionFilter filter = new ConcurrentSessionFilter(registry);
-		filter.setLogoutHandlers(new LogoutHandler[] { handler } );
+		filter.setLogoutHandlers(new LogoutHandler[] { handler });
 
 		filter.doFilter(request, response, new MockFilterChain());
 
@@ -326,4 +327,5 @@ public class ConcurrentSessionFilterTests {
 
 		filter.setLogoutHandlers(new LogoutHandler[0]);
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/context/AbstractSecurityWebApplicationInitializerTests.java b/web/src/test/java/org/springframework/security/web/context/AbstractSecurityWebApplicationInitializerTests.java
index a96bf119c1..11abe05139 100644
--- a/web/src/test/java/org/springframework/security/web/context/AbstractSecurityWebApplicationInitializerTests.java
+++ b/web/src/test/java/org/springframework/security/web/context/AbstractSecurityWebApplicationInitializerTests.java
@@ -50,8 +50,9 @@ import static org.powermock.api.mockito.PowerMockito.when;
  * @author Josh Cummings
  */
 public class AbstractSecurityWebApplicationInitializerTests {
-	private static final EnumSet<DispatcherType> DEFAULT_DISPATCH =
-			EnumSet.of(DispatcherType.REQUEST, DispatcherType.ERROR, DispatcherType.ASYNC);
+
+	private static final EnumSet<DispatcherType> DEFAULT_DISPATCH = EnumSet.of(DispatcherType.REQUEST,
+			DispatcherType.ERROR, DispatcherType.ASYNC);
 
 	@Test
 	public void onStartupWhenDefaultContextThenRegistersSpringSecurityFilterChain() {
@@ -59,10 +60,10 @@ public class AbstractSecurityWebApplicationInitializerTests {
 		FilterRegistration.Dynamic registration = mock(FilterRegistration.Dynamic.class);
 
 		ArgumentCaptor<DelegatingFilterProxy> proxyCaptor = ArgumentCaptor.forClass(DelegatingFilterProxy.class);
-		when(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture()))
-				.thenReturn(registration);
+		when(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).thenReturn(registration);
 
-		new AbstractSecurityWebApplicationInitializer() {}.onStartup(context);
+		new AbstractSecurityWebApplicationInitializer() {
+		}.onStartup(context);
 
 		assertProxyDefaults(proxyCaptor.getValue());
 
@@ -78,10 +79,10 @@ public class AbstractSecurityWebApplicationInitializerTests {
 
 		ArgumentCaptor<DelegatingFilterProxy> proxyCaptor = ArgumentCaptor.forClass(DelegatingFilterProxy.class);
 
-		when(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture()))
-				.thenReturn(registration);
+		when(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).thenReturn(registration);
 
-		new AbstractSecurityWebApplicationInitializer(MyRootConfiguration.class) {}.onStartup(context);
+		new AbstractSecurityWebApplicationInitializer(MyRootConfiguration.class) {
+		}.onStartup(context);
 
 		assertProxyDefaults(proxyCaptor.getValue());
 
@@ -91,7 +92,9 @@ public class AbstractSecurityWebApplicationInitializerTests {
 	}
 
 	@Configuration
-	static class MyRootConfiguration {}
+	static class MyRootConfiguration {
+
+	}
 
 	@Test
 	public void onStartupWhenEnableHttpSessionEventPublisherIsTrueThenAddsHttpSessionEventPublisher() {
@@ -100,8 +103,7 @@ public class AbstractSecurityWebApplicationInitializerTests {
 
 		ArgumentCaptor<DelegatingFilterProxy> proxyCaptor = ArgumentCaptor.forClass(DelegatingFilterProxy.class);
 
-		when(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture()))
-				.thenReturn(registration);
+		when(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).thenReturn(registration);
 
 		new AbstractSecurityWebApplicationInitializer() {
 			protected boolean enableHttpSessionEventPublisher() {
@@ -123,8 +125,7 @@ public class AbstractSecurityWebApplicationInitializerTests {
 
 		ArgumentCaptor<DelegatingFilterProxy> proxyCaptor = ArgumentCaptor.forClass(DelegatingFilterProxy.class);
 
-		when(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture()))
-				.thenReturn(registration);
+		when(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).thenReturn(registration);
 
 		new AbstractSecurityWebApplicationInitializer() {
 			protected EnumSet<DispatcherType> getSecurityDispatcherTypes() {
@@ -134,7 +135,8 @@ public class AbstractSecurityWebApplicationInitializerTests {
 
 		assertProxyDefaults(proxyCaptor.getValue());
 
-		verify(registration).addMappingForUrlPatterns(EnumSet.of(DispatcherType.REQUEST, DispatcherType.ERROR, DispatcherType.FORWARD), false, "/*");
+		verify(registration).addMappingForUrlPatterns(
+				EnumSet.of(DispatcherType.REQUEST, DispatcherType.ERROR, DispatcherType.FORWARD), false, "/*");
 		verify(registration).setAsyncSupported(true);
 		verifyNoAddListener(context);
 	}
@@ -146,8 +148,7 @@ public class AbstractSecurityWebApplicationInitializerTests {
 
 		ArgumentCaptor<DelegatingFilterProxy> proxyCaptor = ArgumentCaptor.forClass(DelegatingFilterProxy.class);
 
-		when(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture()))
-				.thenReturn(registration);
+		when(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).thenReturn(registration);
 
 		new AbstractSecurityWebApplicationInitializer() {
 			protected String getDispatcherWebApplicationContextSuffix() {
@@ -169,11 +170,10 @@ public class AbstractSecurityWebApplicationInitializerTests {
 	public void onStartupWhenSpringSecurityFilterChainAlreadyRegisteredThenException() {
 		ServletContext context = mock(ServletContext.class);
 
-		assertThatCode(() ->
-			new AbstractSecurityWebApplicationInitializer() {}.onStartup(context))
-			.isInstanceOf(IllegalStateException.class)
-			.hasMessage("Duplicate Filter registration for 'springSecurityFilterChain'. " +
-					"Check to ensure the Filter is only configured once.");
+		assertThatCode(() -> new AbstractSecurityWebApplicationInitializer() {
+		}.onStartup(context)).isInstanceOf(IllegalStateException.class)
+				.hasMessage("Duplicate Filter registration for 'springSecurityFilterChain'. "
+						+ "Check to ensure the Filter is only configured once.");
 	}
 
 	@Test
@@ -185,8 +185,7 @@ public class AbstractSecurityWebApplicationInitializerTests {
 
 		ArgumentCaptor<DelegatingFilterProxy> proxyCaptor = ArgumentCaptor.forClass(DelegatingFilterProxy.class);
 
-		when(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture()))
-				.thenReturn(registration);
+		when(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).thenReturn(registration);
 		when(context.addFilter(anyString(), eq(filter1))).thenReturn(registration);
 		when(context.addFilter(anyString(), eq(filter2))).thenReturn(registration);
 
@@ -213,18 +212,14 @@ public class AbstractSecurityWebApplicationInitializerTests {
 
 		ArgumentCaptor<DelegatingFilterProxy> proxyCaptor = ArgumentCaptor.forClass(DelegatingFilterProxy.class);
 
-		when(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture()))
-				.thenReturn(registration);
+		when(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).thenReturn(registration);
 
-		assertThatCode(() ->
-			new AbstractSecurityWebApplicationInitializer() {
-				protected void afterSpringSecurityFilterChain(ServletContext servletContext) {
-					insertFilters(context, filter1);
-				}
-			}.onStartup(context))
-				.isInstanceOf(IllegalStateException.class)
-				.hasMessage("Duplicate Filter registration for 'object'. " +
-								"Check to ensure the Filter is only configured once.");
+		assertThatCode(() -> new AbstractSecurityWebApplicationInitializer() {
+			protected void afterSpringSecurityFilterChain(ServletContext servletContext) {
+				insertFilters(context, filter1);
+			}
+		}.onStartup(context)).isInstanceOf(IllegalStateException.class).hasMessage(
+				"Duplicate Filter registration for 'object'. " + "Check to ensure the Filter is only configured once.");
 
 		assertProxyDefaults(proxyCaptor.getValue());
 
@@ -239,16 +234,13 @@ public class AbstractSecurityWebApplicationInitializerTests {
 
 		ArgumentCaptor<DelegatingFilterProxy> proxyCaptor = ArgumentCaptor.forClass(DelegatingFilterProxy.class);
 
-		when(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture()))
-				.thenReturn(registration);
+		when(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).thenReturn(registration);
 
-		assertThatCode(() ->
-			new AbstractSecurityWebApplicationInitializer() {
-				protected void afterSpringSecurityFilterChain(ServletContext servletContext) {
-					insertFilters(context);
-				}
-			}.onStartup(context))
-				.isInstanceOf(IllegalArgumentException.class)
+		assertThatCode(() -> new AbstractSecurityWebApplicationInitializer() {
+			protected void afterSpringSecurityFilterChain(ServletContext servletContext) {
+				insertFilters(context);
+			}
+		}.onStartup(context)).isInstanceOf(IllegalArgumentException.class)
 				.hasMessage("filters cannot be null or empty");
 
 		assertProxyDefaults(proxyCaptor.getValue());
@@ -262,17 +254,14 @@ public class AbstractSecurityWebApplicationInitializerTests {
 
 		ArgumentCaptor<DelegatingFilterProxy> proxyCaptor = ArgumentCaptor.forClass(DelegatingFilterProxy.class);
 
-		when(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture()))
-				.thenReturn(registration);
+		when(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).thenReturn(registration);
 		when(context.addFilter(anyString(), eq(filter))).thenReturn(registration);
 
-		assertThatCode(() ->
-				new AbstractSecurityWebApplicationInitializer() {
-					protected void afterSpringSecurityFilterChain(ServletContext servletContext) {
-						insertFilters(context, filter, null);
-					}
-				}.onStartup(context))
-				.isInstanceOf(IllegalArgumentException.class)
+		assertThatCode(() -> new AbstractSecurityWebApplicationInitializer() {
+			protected void afterSpringSecurityFilterChain(ServletContext servletContext) {
+				insertFilters(context, filter, null);
+			}
+		}.onStartup(context)).isInstanceOf(IllegalArgumentException.class)
 				.hasMessageContaining("filters cannot contain null values");
 
 		verify(context, times(2)).addFilter(anyString(), any(Filter.class));
@@ -287,8 +276,7 @@ public class AbstractSecurityWebApplicationInitializerTests {
 
 		ArgumentCaptor<DelegatingFilterProxy> proxyCaptor = ArgumentCaptor.forClass(DelegatingFilterProxy.class);
 
-		when(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture()))
-				.thenReturn(registration);
+		when(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).thenReturn(registration);
 		when(context.addFilter(anyString(), eq(filter1))).thenReturn(registration);
 		when(context.addFilter(anyString(), eq(filter2))).thenReturn(registration);
 
@@ -313,18 +301,14 @@ public class AbstractSecurityWebApplicationInitializerTests {
 
 		ArgumentCaptor<DelegatingFilterProxy> proxyCaptor = ArgumentCaptor.forClass(DelegatingFilterProxy.class);
 
-		when(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture()))
-				.thenReturn(registration);
+		when(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).thenReturn(registration);
 
-		assertThatCode(() ->
-				new AbstractSecurityWebApplicationInitializer() {
-					protected void afterSpringSecurityFilterChain(ServletContext servletContext) {
-						appendFilters(context, filter1);
-					}
-				}.onStartup(context))
-				.isInstanceOf(IllegalStateException.class)
-				.hasMessage("Duplicate Filter registration for 'object'. " +
-						"Check to ensure the Filter is only configured once.");
+		assertThatCode(() -> new AbstractSecurityWebApplicationInitializer() {
+			protected void afterSpringSecurityFilterChain(ServletContext servletContext) {
+				appendFilters(context, filter1);
+			}
+		}.onStartup(context)).isInstanceOf(IllegalStateException.class).hasMessage(
+				"Duplicate Filter registration for 'object'. " + "Check to ensure the Filter is only configured once.");
 
 		assertProxyDefaults(proxyCaptor.getValue());
 
@@ -332,7 +316,6 @@ public class AbstractSecurityWebApplicationInitializerTests {
 		verify(context).addFilter(anyString(), eq(filter1));
 	}
 
-
 	@Test
 	public void onStartupWhenAppendFiltersEmptyThenException() {
 		ServletContext context = mock(ServletContext.class);
@@ -340,16 +323,13 @@ public class AbstractSecurityWebApplicationInitializerTests {
 
 		ArgumentCaptor<DelegatingFilterProxy> proxyCaptor = ArgumentCaptor.forClass(DelegatingFilterProxy.class);
 
-		when(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture()))
-				.thenReturn(registration);
+		when(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).thenReturn(registration);
 
-		assertThatCode(() ->
-				new AbstractSecurityWebApplicationInitializer() {
-					protected void afterSpringSecurityFilterChain(ServletContext servletContext) {
-						appendFilters(context);
-					}
-				}.onStartup(context))
-				.isInstanceOf(IllegalArgumentException.class)
+		assertThatCode(() -> new AbstractSecurityWebApplicationInitializer() {
+			protected void afterSpringSecurityFilterChain(ServletContext servletContext) {
+				appendFilters(context);
+			}
+		}.onStartup(context)).isInstanceOf(IllegalArgumentException.class)
 				.hasMessage("filters cannot be null or empty");
 
 		assertProxyDefaults(proxyCaptor.getValue());
@@ -363,17 +343,14 @@ public class AbstractSecurityWebApplicationInitializerTests {
 
 		ArgumentCaptor<DelegatingFilterProxy> proxyCaptor = ArgumentCaptor.forClass(DelegatingFilterProxy.class);
 
-		when(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture()))
-				.thenReturn(registration);
+		when(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).thenReturn(registration);
 		when(context.addFilter(anyString(), eq(filter))).thenReturn(registration);
 
-		assertThatCode(() ->
-				new AbstractSecurityWebApplicationInitializer() {
-					protected void afterSpringSecurityFilterChain(ServletContext servletContext) {
-						appendFilters(context, filter, null);
-					}
-				}.onStartup(context))
-				.isInstanceOf(IllegalArgumentException.class)
+		assertThatCode(() -> new AbstractSecurityWebApplicationInitializer() {
+			protected void afterSpringSecurityFilterChain(ServletContext servletContext) {
+				appendFilters(context, filter, null);
+			}
+		}.onStartup(context)).isInstanceOf(IllegalArgumentException.class)
 				.hasMessageContaining("filters cannot contain null values");
 
 		verify(context, times(2)).addFilter(anyString(), any(Filter.class));
@@ -385,14 +362,15 @@ public class AbstractSecurityWebApplicationInitializerTests {
 		FilterRegistration.Dynamic registration = mock(FilterRegistration.Dynamic.class);
 
 		ArgumentCaptor<DelegatingFilterProxy> proxyCaptor = ArgumentCaptor.forClass(DelegatingFilterProxy.class);
-		when(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture()))
-				.thenReturn(registration);
+		when(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).thenReturn(registration);
 
 		ArgumentCaptor<Set<SessionTrackingMode>> modesCaptor = ArgumentCaptor
-				.forClass(new HashSet<SessionTrackingMode>(){}.getClass());
+				.forClass(new HashSet<SessionTrackingMode>() {
+				}.getClass());
 		doNothing().when(context).setSessionTrackingModes(modesCaptor.capture());
 
-		new AbstractSecurityWebApplicationInitializer() { }.onStartup(context);
+		new AbstractSecurityWebApplicationInitializer() {
+		}.onStartup(context);
 
 		assertProxyDefaults(proxyCaptor.getValue());
 
@@ -407,11 +385,11 @@ public class AbstractSecurityWebApplicationInitializerTests {
 		FilterRegistration.Dynamic registration = mock(FilterRegistration.Dynamic.class);
 
 		ArgumentCaptor<DelegatingFilterProxy> proxyCaptor = ArgumentCaptor.forClass(DelegatingFilterProxy.class);
-		when(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture()))
-				.thenReturn(registration);
+		when(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).thenReturn(registration);
 
 		ArgumentCaptor<Set<SessionTrackingMode>> modesCaptor = ArgumentCaptor
-				.forClass(new HashSet<SessionTrackingMode>(){}.getClass());
+				.forClass(new HashSet<SessionTrackingMode>() {
+				}.getClass());
 		doNothing().when(context).setSessionTrackingModes(modesCaptor.capture());
 
 		new AbstractSecurityWebApplicationInitializer() {
@@ -444,4 +422,5 @@ public class AbstractSecurityWebApplicationInitializerTests {
 		assertThat(proxy.getContextAttribute()).isNull();
 		assertThat(proxy).hasFieldOrPropertyWithValue("targetBeanName", "springSecurityFilterChain");
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/context/HttpSessionSecurityContextRepositoryTests.java b/web/src/test/java/org/springframework/security/web/context/HttpSessionSecurityContextRepositoryTests.java
index 2975f61bb1..1095ba1313 100644
--- a/web/src/test/java/org/springframework/security/web/context/HttpSessionSecurityContextRepositoryTests.java
+++ b/web/src/test/java/org/springframework/security/web/context/HttpSessionSecurityContextRepositoryTests.java
@@ -57,8 +57,7 @@ import static org.springframework.security.web.context.HttpSessionSecurityContex
  */
 public class HttpSessionSecurityContextRepositoryTests {
 
-	private final TestingAuthenticationToken testToken = new TestingAuthenticationToken(
-			"someone", "passwd", "ROLE_A");
+	private final TestingAuthenticationToken testToken = new TestingAuthenticationToken("someone", "passwd", "ROLE_A");
 
 	@After
 	public void tearDown() {
@@ -70,8 +69,7 @@ public class HttpSessionSecurityContextRepositoryTests {
 		HttpSessionSecurityContextRepository repo = new HttpSessionSecurityContextRepository();
 		HttpServletRequest request = mock(HttpServletRequest.class);
 		MockHttpServletResponse response = new MockHttpServletResponse();
-		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request,
-				response);
+		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, response);
 		repo.loadContext(holder);
 
 		reset(request);
@@ -88,8 +86,7 @@ public class HttpSessionSecurityContextRepositoryTests {
 		HttpSessionSecurityContextRepository repo = new HttpSessionSecurityContextRepository();
 		HttpServletRequest request = mock(HttpServletRequest.class);
 		MockHttpServletResponse response = new MockHttpServletResponse();
-		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request,
-				response);
+		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, response);
 		repo.loadContext(holder);
 
 		reset(request);
@@ -106,8 +103,7 @@ public class HttpSessionSecurityContextRepositoryTests {
 		HttpSessionSecurityContextRepository repo = new HttpSessionSecurityContextRepository();
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
-		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request,
-				response);
+		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, response);
 		SecurityContext context = repo.loadContext(holder);
 		assertThat(request.getSession(false)).isNull();
 		repo.saveContext(context, holder.getRequest(), holder.getResponse());
@@ -120,8 +116,7 @@ public class HttpSessionSecurityContextRepositoryTests {
 		repo.setAllowSessionCreation(false);
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
-		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request,
-				response);
+		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, response);
 		SecurityContext context = repo.loadContext(holder);
 		// Change context
 		context.setAuthentication(testToken);
@@ -135,11 +130,9 @@ public class HttpSessionSecurityContextRepositoryTests {
 		repo.setSpringSecurityContextKey("imTheContext");
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		SecurityContextHolder.getContext().setAuthentication(testToken);
-		request.getSession().setAttribute("imTheContext",
-				SecurityContextHolder.getContext());
+		request.getSession().setAttribute("imTheContext", SecurityContextHolder.getContext());
 		MockHttpServletResponse response = new MockHttpServletResponse();
-		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request,
-				response);
+		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, response);
 		SecurityContext context = repo.loadContext(holder);
 		assertThat(context).isNotNull();
 		assertThat(context.getAuthentication()).isEqualTo(testToken);
@@ -161,13 +154,12 @@ public class HttpSessionSecurityContextRepositoryTests {
 		HttpSession session = mock(HttpSession.class);
 		when(session.getAttribute(SPRING_SECURITY_CONTEXT_KEY)).thenReturn(ctx);
 		request.setSession(session);
-		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request,
-				new MockHttpServletResponse());
+		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, new MockHttpServletResponse());
 		assertThat(repo.loadContext(holder)).isSameAs(ctx);
 
 		// Modify context contents. Same user, different role
-		SecurityContextHolder.getContext().setAuthentication(
-				new TestingAuthenticationToken("someone", "passwd", "ROLE_B"));
+		SecurityContextHolder.getContext()
+				.setAuthentication(new TestingAuthenticationToken("someone", "passwd", "ROLE_B"));
 		repo.saveContext(ctx, holder.getRequest(), holder.getResponse());
 
 		// Must be called even though the value in the local VM is already the same
@@ -179,11 +171,9 @@ public class HttpSessionSecurityContextRepositoryTests {
 		HttpSessionSecurityContextRepository repo = new HttpSessionSecurityContextRepository();
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		SecurityContextHolder.getContext().setAuthentication(testToken);
-		request.getSession().setAttribute(SPRING_SECURITY_CONTEXT_KEY,
-				"NotASecurityContextInstance");
+		request.getSession().setAttribute(SPRING_SECURITY_CONTEXT_KEY, "NotASecurityContextInstance");
 		MockHttpServletResponse response = new MockHttpServletResponse();
-		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request,
-				response);
+		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, response);
 		SecurityContext context = repo.loadContext(holder);
 		assertThat(context).isNotNull();
 		assertThat(context.getAuthentication()).isNull();
@@ -194,17 +184,14 @@ public class HttpSessionSecurityContextRepositoryTests {
 		HttpSessionSecurityContextRepository repo = new HttpSessionSecurityContextRepository();
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
-		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request,
-				response);
+		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, response);
 		SecurityContext context = repo.loadContext(holder);
 		assertThat(request.getSession(false)).isNull();
 		// Simulate authentication during the request
 		context.setAuthentication(testToken);
 		repo.saveContext(context, holder.getRequest(), holder.getResponse());
 		assertThat(request.getSession(false)).isNotNull();
-		assertThat(
-				request.getSession().getAttribute(SPRING_SECURITY_CONTEXT_KEY)).isEqualTo(
-						context);
+		assertThat(request.getSession().getAttribute(SPRING_SECURITY_CONTEXT_KEY)).isEqualTo(context);
 	}
 
 	@Test
@@ -213,20 +200,15 @@ public class HttpSessionSecurityContextRepositoryTests {
 		repo.setSpringSecurityContextKey("imTheContext");
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
-		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request,
-				response);
+		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, response);
 		SecurityContextHolder.setContext(repo.loadContext(holder));
 		SecurityContextHolder.getContext().setAuthentication(testToken);
 		holder.getResponse().sendRedirect("/doesntmatter");
-		assertThat(request.getSession().getAttribute("imTheContext")).isEqualTo(
-				SecurityContextHolder.getContext());
-		assertThat(
-				((SaveContextOnUpdateOrErrorResponseWrapper) holder.getResponse()).isContextSaved()).isTrue();
-		repo.saveContext(SecurityContextHolder.getContext(), holder.getRequest(),
-				holder.getResponse());
+		assertThat(request.getSession().getAttribute("imTheContext")).isEqualTo(SecurityContextHolder.getContext());
+		assertThat(((SaveContextOnUpdateOrErrorResponseWrapper) holder.getResponse()).isContextSaved()).isTrue();
+		repo.saveContext(SecurityContextHolder.getContext(), holder.getRequest(), holder.getResponse());
 		// Check it's still the same
-		assertThat(request.getSession().getAttribute("imTheContext")).isEqualTo(
-				SecurityContextHolder.getContext());
+		assertThat(request.getSession().getAttribute("imTheContext")).isEqualTo(SecurityContextHolder.getContext());
 	}
 
 	@Test
@@ -235,21 +217,16 @@ public class HttpSessionSecurityContextRepositoryTests {
 		repo.setSpringSecurityContextKey("imTheContext");
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
-		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request,
-				response);
+		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, response);
 		SecurityContextHolder.setContext(repo.loadContext(holder));
 		SecurityContextHolder.getContext().setAuthentication(testToken);
 		holder.getResponse().sendError(404);
-		assertThat(request.getSession().getAttribute("imTheContext")).isEqualTo(
-				SecurityContextHolder.getContext());
+		assertThat(request.getSession().getAttribute("imTheContext")).isEqualTo(SecurityContextHolder.getContext());
 
-		assertThat(
-				((SaveContextOnUpdateOrErrorResponseWrapper) holder.getResponse()).isContextSaved()).isTrue();
-		repo.saveContext(SecurityContextHolder.getContext(), holder.getRequest(),
-				holder.getResponse());
+		assertThat(((SaveContextOnUpdateOrErrorResponseWrapper) holder.getResponse()).isContextSaved()).isTrue();
+		repo.saveContext(SecurityContextHolder.getContext(), holder.getRequest(), holder.getResponse());
 		// Check it's still the same
-		assertThat(request.getSession().getAttribute("imTheContext")).isEqualTo(
-				SecurityContextHolder.getContext());
+		assertThat(request.getSession().getAttribute("imTheContext")).isEqualTo(SecurityContextHolder.getContext());
 	}
 
 	// SEC-2005
@@ -259,20 +236,15 @@ public class HttpSessionSecurityContextRepositoryTests {
 		repo.setSpringSecurityContextKey("imTheContext");
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
-		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request,
-				response);
+		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, response);
 		SecurityContextHolder.setContext(repo.loadContext(holder));
 		SecurityContextHolder.getContext().setAuthentication(testToken);
 		holder.getResponse().flushBuffer();
-		assertThat(request.getSession().getAttribute("imTheContext")).isEqualTo(
-				SecurityContextHolder.getContext());
-		assertThat(
-				((SaveContextOnUpdateOrErrorResponseWrapper) holder.getResponse()).isContextSaved()).isTrue();
-		repo.saveContext(SecurityContextHolder.getContext(), holder.getRequest(),
-				holder.getResponse());
+		assertThat(request.getSession().getAttribute("imTheContext")).isEqualTo(SecurityContextHolder.getContext());
+		assertThat(((SaveContextOnUpdateOrErrorResponseWrapper) holder.getResponse()).isContextSaved()).isTrue();
+		repo.saveContext(SecurityContextHolder.getContext(), holder.getRequest(), holder.getResponse());
 		// Check it's still the same
-		assertThat(request.getSession().getAttribute("imTheContext")).isEqualTo(
-				SecurityContextHolder.getContext());
+		assertThat(request.getSession().getAttribute("imTheContext")).isEqualTo(SecurityContextHolder.getContext());
 	}
 
 	// SEC-2005
@@ -282,20 +254,15 @@ public class HttpSessionSecurityContextRepositoryTests {
 		repo.setSpringSecurityContextKey("imTheContext");
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
-		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request,
-				response);
+		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, response);
 		SecurityContextHolder.setContext(repo.loadContext(holder));
 		SecurityContextHolder.getContext().setAuthentication(testToken);
 		holder.getResponse().getWriter().flush();
-		assertThat(request.getSession().getAttribute("imTheContext")).isEqualTo(
-				SecurityContextHolder.getContext());
-		assertThat(
-				((SaveContextOnUpdateOrErrorResponseWrapper) holder.getResponse()).isContextSaved()).isTrue();
-		repo.saveContext(SecurityContextHolder.getContext(), holder.getRequest(),
-				holder.getResponse());
+		assertThat(request.getSession().getAttribute("imTheContext")).isEqualTo(SecurityContextHolder.getContext());
+		assertThat(((SaveContextOnUpdateOrErrorResponseWrapper) holder.getResponse()).isContextSaved()).isTrue();
+		repo.saveContext(SecurityContextHolder.getContext(), holder.getRequest(), holder.getResponse());
 		// Check it's still the same
-		assertThat(request.getSession().getAttribute("imTheContext")).isEqualTo(
-				SecurityContextHolder.getContext());
+		assertThat(request.getSession().getAttribute("imTheContext")).isEqualTo(SecurityContextHolder.getContext());
 	}
 
 	// SEC-2005
@@ -305,20 +272,15 @@ public class HttpSessionSecurityContextRepositoryTests {
 		repo.setSpringSecurityContextKey("imTheContext");
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
-		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request,
-				response);
+		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, response);
 		SecurityContextHolder.setContext(repo.loadContext(holder));
 		SecurityContextHolder.getContext().setAuthentication(testToken);
 		holder.getResponse().getWriter().close();
-		assertThat(request.getSession().getAttribute("imTheContext")).isEqualTo(
-				SecurityContextHolder.getContext());
-		assertThat(
-				((SaveContextOnUpdateOrErrorResponseWrapper) holder.getResponse()).isContextSaved()).isTrue();
-		repo.saveContext(SecurityContextHolder.getContext(), holder.getRequest(),
-				holder.getResponse());
+		assertThat(request.getSession().getAttribute("imTheContext")).isEqualTo(SecurityContextHolder.getContext());
+		assertThat(((SaveContextOnUpdateOrErrorResponseWrapper) holder.getResponse()).isContextSaved()).isTrue();
+		repo.saveContext(SecurityContextHolder.getContext(), holder.getRequest(), holder.getResponse());
 		// Check it's still the same
-		assertThat(request.getSession().getAttribute("imTheContext")).isEqualTo(
-				SecurityContextHolder.getContext());
+		assertThat(request.getSession().getAttribute("imTheContext")).isEqualTo(SecurityContextHolder.getContext());
 	}
 
 	// SEC-2005
@@ -328,20 +290,15 @@ public class HttpSessionSecurityContextRepositoryTests {
 		repo.setSpringSecurityContextKey("imTheContext");
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
-		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request,
-				response);
+		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, response);
 		SecurityContextHolder.setContext(repo.loadContext(holder));
 		SecurityContextHolder.getContext().setAuthentication(testToken);
 		holder.getResponse().getOutputStream().flush();
-		assertThat(request.getSession().getAttribute("imTheContext")).isEqualTo(
-				SecurityContextHolder.getContext());
-		assertThat(
-				((SaveContextOnUpdateOrErrorResponseWrapper) holder.getResponse()).isContextSaved()).isTrue();
-		repo.saveContext(SecurityContextHolder.getContext(), holder.getRequest(),
-				holder.getResponse());
+		assertThat(request.getSession().getAttribute("imTheContext")).isEqualTo(SecurityContextHolder.getContext());
+		assertThat(((SaveContextOnUpdateOrErrorResponseWrapper) holder.getResponse()).isContextSaved()).isTrue();
+		repo.saveContext(SecurityContextHolder.getContext(), holder.getRequest(), holder.getResponse());
 		// Check it's still the same
-		assertThat(request.getSession().getAttribute("imTheContext")).isEqualTo(
-				SecurityContextHolder.getContext());
+		assertThat(request.getSession().getAttribute("imTheContext")).isEqualTo(SecurityContextHolder.getContext());
 	}
 
 	// SEC-2005
@@ -351,20 +308,15 @@ public class HttpSessionSecurityContextRepositoryTests {
 		repo.setSpringSecurityContextKey("imTheContext");
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
-		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request,
-				response);
+		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, response);
 		SecurityContextHolder.setContext(repo.loadContext(holder));
 		SecurityContextHolder.getContext().setAuthentication(testToken);
 		holder.getResponse().getOutputStream().close();
-		assertThat(request.getSession().getAttribute("imTheContext")).isEqualTo(
-				SecurityContextHolder.getContext());
-		assertThat(
-				((SaveContextOnUpdateOrErrorResponseWrapper) holder.getResponse()).isContextSaved()).isTrue();
-		repo.saveContext(SecurityContextHolder.getContext(), holder.getRequest(),
-				holder.getResponse());
+		assertThat(request.getSession().getAttribute("imTheContext")).isEqualTo(SecurityContextHolder.getContext());
+		assertThat(((SaveContextOnUpdateOrErrorResponseWrapper) holder.getResponse()).isContextSaved()).isTrue();
+		repo.saveContext(SecurityContextHolder.getContext(), holder.getRequest(), holder.getResponse());
 		// Check it's still the same
-		assertThat(request.getSession().getAttribute("imTheContext")).isEqualTo(
-				SecurityContextHolder.getContext());
+		assertThat(request.getSession().getAttribute("imTheContext")).isEqualTo(SecurityContextHolder.getContext());
 	}
 
 	// SEC-SEC-2055
@@ -376,8 +328,7 @@ public class HttpSessionSecurityContextRepositoryTests {
 		HttpServletResponse response = mock(HttpServletResponse.class);
 		ServletOutputStream outputstream = mock(ServletOutputStream.class);
 		when(response.getOutputStream()).thenReturn(outputstream);
-		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request,
-				response);
+		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, response);
 		SecurityContextHolder.setContext(repo.loadContext(holder));
 		SecurityContextHolder.getContext().setAuthentication(testToken);
 		holder.getResponse().getOutputStream().close();
@@ -393,8 +344,7 @@ public class HttpSessionSecurityContextRepositoryTests {
 		HttpServletResponse response = mock(HttpServletResponse.class);
 		ServletOutputStream outputstream = mock(ServletOutputStream.class);
 		when(response.getOutputStream()).thenReturn(outputstream);
-		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request,
-				response);
+		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, response);
 		SecurityContextHolder.setContext(repo.loadContext(holder));
 		SecurityContextHolder.getContext().setAuthentication(testToken);
 		holder.getResponse().getOutputStream().flush();
@@ -407,13 +357,11 @@ public class HttpSessionSecurityContextRepositoryTests {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.getSession();
 		MockHttpServletResponse response = new MockHttpServletResponse();
-		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request,
-				response);
+		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, response);
 		SecurityContextHolder.setContext(repo.loadContext(holder));
 		SecurityContextHolder.getContext().setAuthentication(testToken);
 		request.getSession().invalidate();
-		repo.saveContext(SecurityContextHolder.getContext(), holder.getRequest(),
-				holder.getResponse());
+		repo.saveContext(SecurityContextHolder.getContext(), holder.getRequest(), holder.getResponse());
 		assertThat(request.getSession(false)).isNull();
 	}
 
@@ -423,14 +371,11 @@ public class HttpSessionSecurityContextRepositoryTests {
 		HttpSessionSecurityContextRepository repo = new HttpSessionSecurityContextRepository();
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
-		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request,
-				response);
+		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, response);
 		SecurityContextHolder.setContext(repo.loadContext(holder));
 		SecurityContextHolder.getContext().setAuthentication(
-				new AnonymousAuthenticationToken("key", "anon",
-						AuthorityUtils.createAuthorityList("ANON")));
-		repo.saveContext(SecurityContextHolder.getContext(), holder.getRequest(),
-				holder.getResponse());
+				new AnonymousAuthenticationToken("key", "anon", AuthorityUtils.createAuthorityList("ANON")));
+		repo.saveContext(SecurityContextHolder.getContext(), holder.getRequest(), holder.getResponse());
 		assertThat(request.getSession(false)).isNull();
 	}
 
@@ -442,15 +387,12 @@ public class HttpSessionSecurityContextRepositoryTests {
 		SecurityContext ctxInSession = SecurityContextHolder.createEmptyContext();
 		ctxInSession.setAuthentication(testToken);
 		request.getSession().setAttribute(SPRING_SECURITY_CONTEXT_KEY, ctxInSession);
-		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request,
-				new MockHttpServletResponse());
+		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, new MockHttpServletResponse());
 		repo.loadContext(holder);
-		SecurityContextHolder.getContext().setAuthentication(
-				new AnonymousAuthenticationToken("x", "x", testToken.getAuthorities()));
-		repo.saveContext(SecurityContextHolder.getContext(), holder.getRequest(),
-				holder.getResponse());
-		assertThat(
-				request.getSession().getAttribute(SPRING_SECURITY_CONTEXT_KEY)).isNull();
+		SecurityContextHolder.getContext()
+				.setAuthentication(new AnonymousAuthenticationToken("x", "x", testToken.getAuthorities()));
+		repo.saveContext(SecurityContextHolder.getContext(), holder.getRequest(), holder.getResponse());
+		assertThat(request.getSession().getAttribute(SPRING_SECURITY_CONTEXT_KEY)).isNull();
 	}
 
 	@Test
@@ -461,12 +403,10 @@ public class HttpSessionSecurityContextRepositoryTests {
 		SecurityContext ctxInSession = SecurityContextHolder.createEmptyContext();
 		ctxInSession.setAuthentication(testToken);
 		request.getSession().setAttribute("imTheContext", ctxInSession);
-		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request,
-				new MockHttpServletResponse());
+		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, new MockHttpServletResponse());
 		repo.loadContext(holder);
 		// Save an empty context
-		repo.saveContext(SecurityContextHolder.getContext(), holder.getRequest(),
-				holder.getResponse());
+		repo.saveContext(SecurityContextHolder.getContext(), holder.getRequest(), holder.getResponse());
 		assertThat(request.getSession().getAttribute("imTheContext")).isNull();
 	}
 
@@ -475,19 +415,15 @@ public class HttpSessionSecurityContextRepositoryTests {
 	public void contextIsNotRemovedFromSessionIfContextBeforeExecutionDefault() {
 		HttpSessionSecurityContextRepository repo = new HttpSessionSecurityContextRepository();
 		MockHttpServletRequest request = new MockHttpServletRequest();
-		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request,
-				new MockHttpServletResponse());
+		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, new MockHttpServletResponse());
 		repo.loadContext(holder);
 		SecurityContext ctxInSession = SecurityContextHolder.createEmptyContext();
 		ctxInSession.setAuthentication(testToken);
 		request.getSession().setAttribute(SPRING_SECURITY_CONTEXT_KEY, ctxInSession);
 		SecurityContextHolder.getContext().setAuthentication(
-				new AnonymousAuthenticationToken("x", "x",
-						AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS")));
-		repo.saveContext(SecurityContextHolder.getContext(), holder.getRequest(),
-				holder.getResponse());
-		assertThat(ctxInSession).isSameAs(
-				request.getSession().getAttribute(SPRING_SECURITY_CONTEXT_KEY));
+				new AnonymousAuthenticationToken("x", "x", AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS")));
+		repo.saveContext(SecurityContextHolder.getContext(), holder.getRequest(), holder.getResponse());
+		assertThat(ctxInSession).isSameAs(request.getSession().getAttribute(SPRING_SECURITY_CONTEXT_KEY));
 	}
 
 	// SEC-3070
@@ -499,15 +435,13 @@ public class HttpSessionSecurityContextRepositoryTests {
 		ctxInSession.setAuthentication(testToken);
 		request.getSession().setAttribute(SPRING_SECURITY_CONTEXT_KEY, ctxInSession);
 
-		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request,
-				new MockHttpServletResponse());
+		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, new MockHttpServletResponse());
 		repo.loadContext(holder);
 
 		ctxInSession.setAuthentication(null);
 		repo.saveContext(ctxInSession, holder.getRequest(), holder.getResponse());
 
-		assertThat(
-				request.getSession().getAttribute(SPRING_SECURITY_CONTEXT_KEY)).isNull();
+		assertThat(request.getSession().getAttribute(SPRING_SECURITY_CONTEXT_KEY)).isNull();
 	}
 
 	@Test
@@ -538,14 +472,11 @@ public class HttpSessionSecurityContextRepositoryTests {
 				return url + sessionId;
 			}
 		};
-		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request,
-				response);
+		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, response);
 		repo.loadContext(holder);
 		String url = "/aUrl";
-		assertThat(holder.getResponse().encodeRedirectUrl(url)).isEqualTo(
-				url + sessionId);
-		assertThat(holder.getResponse().encodeRedirectURL(url)).isEqualTo(
-				url + sessionId);
+		assertThat(holder.getResponse().encodeRedirectUrl(url)).isEqualTo(url + sessionId);
+		assertThat(holder.getResponse().encodeRedirectURL(url)).isEqualTo(url + sessionId);
 		assertThat(holder.getResponse().encodeUrl(url)).isEqualTo(url + sessionId);
 		assertThat(holder.getResponse().encodeURL(url)).isEqualTo(url + sessionId);
 		repo.setDisableUrlRewriting(true);
@@ -563,11 +494,9 @@ public class HttpSessionSecurityContextRepositoryTests {
 		contextToSave.setAuthentication(testToken);
 		HttpSessionSecurityContextRepository repo = new HttpSessionSecurityContextRepository();
 		MockHttpServletRequest request = new MockHttpServletRequest();
-		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request,
-				new MockHttpServletResponse());
+		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, new MockHttpServletResponse());
 		repo.loadContext(holder);
-		AuthenticationTrustResolver trustResolver = mock(
-				AuthenticationTrustResolver.class);
+		AuthenticationTrustResolver trustResolver = mock(AuthenticationTrustResolver.class);
 		repo.setTrustResolver(trustResolver);
 
 		repo.saveContext(contextToSave, holder.getRequest(), holder.getResponse());
@@ -587,8 +516,7 @@ public class HttpSessionSecurityContextRepositoryTests {
 		HttpSessionSecurityContextRepository repo = new HttpSessionSecurityContextRepository();
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
-		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request,
-				response);
+		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, response);
 		SecurityContext context = repo.loadContext(holder);
 		assertThat(request.getSession(false)).isNull();
 		// Simulate authentication during the request
@@ -598,9 +526,7 @@ public class HttpSessionSecurityContextRepositoryTests {
 				new HttpServletResponseWrapper(holder.getResponse()));
 
 		assertThat(request.getSession(false)).isNotNull();
-		assertThat(
-				request.getSession().getAttribute(SPRING_SECURITY_CONTEXT_KEY)).isEqualTo(
-						context);
+		assertThat(request.getSession().getAttribute(SPRING_SECURITY_CONTEXT_KEY)).isEqualTo(context);
 	}
 
 	@Test(expected = IllegalStateException.class)
@@ -619,8 +545,7 @@ public class HttpSessionSecurityContextRepositoryTests {
 		HttpSessionSecurityContextRepository repo = new HttpSessionSecurityContextRepository();
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
-		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request,
-				response);
+		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, response);
 		SecurityContext context = repo.loadContext(holder);
 
 		SomeTransientAuthentication authentication = new SomeTransientAuthentication();
@@ -637,8 +562,7 @@ public class HttpSessionSecurityContextRepositoryTests {
 		HttpSessionSecurityContextRepository repo = new HttpSessionSecurityContextRepository();
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
-		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request,
-				response);
+		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, response);
 		SecurityContext context = repo.loadContext(holder);
 
 		SomeTransientAuthenticationSubclass authentication = new SomeTransientAuthenticationSubclass();
@@ -655,8 +579,7 @@ public class HttpSessionSecurityContextRepositoryTests {
 		HttpSessionSecurityContextRepository repo = new HttpSessionSecurityContextRepository();
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
-		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request,
-				response);
+		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, response);
 		SecurityContext context = repo.loadContext(holder);
 
 		SomeOtherTransientAuthentication authentication = new SomeOtherTransientAuthentication();
@@ -670,6 +593,7 @@ public class HttpSessionSecurityContextRepositoryTests {
 
 	@Transient
 	private static class SomeTransientAuthentication extends AbstractAuthenticationToken {
+
 		SomeTransientAuthentication() {
 			super(null);
 		}
@@ -683,6 +607,7 @@ public class HttpSessionSecurityContextRepositoryTests {
 		public Object getPrincipal() {
 			return null;
 		}
+
 	}
 
 	private static class SomeTransientAuthenticationSubclass extends SomeTransientAuthentication {
@@ -693,10 +618,12 @@ public class HttpSessionSecurityContextRepositoryTests {
 	@Retention(RetentionPolicy.RUNTIME)
 	@Transient
 	public @interface TestTransientAuthentication {
+
 	}
 
 	@TestTransientAuthentication
 	private static class SomeOtherTransientAuthentication extends AbstractAuthenticationToken {
+
 		SomeOtherTransientAuthentication() {
 			super(null);
 		}
@@ -710,5 +637,7 @@ public class HttpSessionSecurityContextRepositoryTests {
 		public Object getPrincipal() {
 			return null;
 		}
+
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/context/SaveContextOnUpdateOrErrorResponseWrapperTests.java b/web/src/test/java/org/springframework/security/web/context/SaveContextOnUpdateOrErrorResponseWrapperTests.java
index 7a48500abf..04fc9d05b7 100644
--- a/web/src/test/java/org/springframework/security/web/context/SaveContextOnUpdateOrErrorResponseWrapperTests.java
+++ b/web/src/test/java/org/springframework/security/web/context/SaveContextOnUpdateOrErrorResponseWrapperTests.java
@@ -30,24 +30,24 @@ import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.core.context.SecurityContextHolder;
 
 /**
- *
  * @author Rob Winch
  *
  */
 
 @RunWith(MockitoJUnitRunner.class)
 public class SaveContextOnUpdateOrErrorResponseWrapperTests {
+
 	@Mock
 	private SecurityContext securityContext;
 
 	private MockHttpServletResponse response;
+
 	private SaveContextOnUpdateOrErrorResponseWrapperStub wrappedResponse;
 
 	@Before
 	public void setUp() {
 		response = new MockHttpServletResponse();
-		wrappedResponse = new SaveContextOnUpdateOrErrorResponseWrapperStub(response,
-				true);
+		wrappedResponse = new SaveContextOnUpdateOrErrorResponseWrapperStub(response, true);
 		SecurityContextHolder.setContext(securityContext);
 	}
 
@@ -176,12 +176,12 @@ public class SaveContextOnUpdateOrErrorResponseWrapperTests {
 		assertThat(wrappedResponse.securityContext).isNull();
 	}
 
-	private static class SaveContextOnUpdateOrErrorResponseWrapperStub extends
-			SaveContextOnUpdateOrErrorResponseWrapper {
+	private static class SaveContextOnUpdateOrErrorResponseWrapperStub
+			extends SaveContextOnUpdateOrErrorResponseWrapper {
+
 		private SecurityContext securityContext;
 
-		SaveContextOnUpdateOrErrorResponseWrapperStub(
-				HttpServletResponse response, boolean disableUrlRewriting) {
+		SaveContextOnUpdateOrErrorResponseWrapperStub(HttpServletResponse response, boolean disableUrlRewriting) {
 			super(response, disableUrlRewriting);
 		}
 
@@ -189,5 +189,7 @@ public class SaveContextOnUpdateOrErrorResponseWrapperTests {
 		protected void saveContext(SecurityContext context) {
 			securityContext = context;
 		}
+
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/context/SecurityContextPersistenceFilterTests.java b/web/src/test/java/org/springframework/security/web/context/SecurityContextPersistenceFilterTests.java
index 917dc1c3ae..775a647977 100644
--- a/web/src/test/java/org/springframework/security/web/context/SecurityContextPersistenceFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/context/SecurityContextPersistenceFilterTests.java
@@ -33,8 +33,8 @@ import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.core.context.SecurityContextImpl;
 
 public class SecurityContextPersistenceFilterTests {
-	TestingAuthenticationToken testToken = new TestingAuthenticationToken("someone",
-			"passwd", "ROLE_A");
+
+	TestingAuthenticationToken testToken = new TestingAuthenticationToken("someone", "passwd", "ROLE_A");
 
 	@After
 	public void clearContext() {
@@ -61,8 +61,7 @@ public class SecurityContextPersistenceFilterTests {
 		final MockHttpServletResponse response = new MockHttpServletResponse();
 		SecurityContextPersistenceFilter filter = new SecurityContextPersistenceFilter();
 		SecurityContextHolder.getContext().setAuthentication(testToken);
-		doThrow(new IOException()).when(chain).doFilter(any(ServletRequest.class),
-				any(ServletResponse.class));
+		doThrow(new IOException()).when(chain).doFilter(any(ServletRequest.class), any(ServletResponse.class));
 		try {
 			filter.doFilter(request, response, chain);
 			fail("IOException should have been thrown");
@@ -74,19 +73,16 @@ public class SecurityContextPersistenceFilterTests {
 	}
 
 	@Test
-	public void loadedContextContextIsCopiedToSecurityContextHolderAndUpdatedContextIsStored()
-			throws Exception {
+	public void loadedContextContextIsCopiedToSecurityContextHolderAndUpdatedContextIsStored() throws Exception {
 		final MockHttpServletRequest request = new MockHttpServletRequest();
 		final MockHttpServletResponse response = new MockHttpServletResponse();
-		final TestingAuthenticationToken beforeAuth = new TestingAuthenticationToken(
-				"someoneelse", "passwd", "ROLE_B");
+		final TestingAuthenticationToken beforeAuth = new TestingAuthenticationToken("someoneelse", "passwd", "ROLE_B");
 		final SecurityContext scBefore = new SecurityContextImpl();
 		final SecurityContext scExpectedAfter = new SecurityContextImpl();
 		scExpectedAfter.setAuthentication(testToken);
 		scBefore.setAuthentication(beforeAuth);
 		final SecurityContextRepository repo = mock(SecurityContextRepository.class);
-		SecurityContextPersistenceFilter filter = new SecurityContextPersistenceFilter(
-				repo);
+		SecurityContextPersistenceFilter filter = new SecurityContextPersistenceFilter(repo);
 
 		when(repo.loadContext(any(HttpRequestResponseHolder.class))).thenReturn(scBefore);
 
@@ -109,8 +105,7 @@ public class SecurityContextPersistenceFilterTests {
 		SecurityContextPersistenceFilter filter = new SecurityContextPersistenceFilter(
 				mock(SecurityContextRepository.class));
 
-		request.setAttribute(SecurityContextPersistenceFilter.FILTER_APPLIED,
-				Boolean.TRUE);
+		request.setAttribute(SecurityContextPersistenceFilter.FILTER_APPLIED, Boolean.TRUE);
 		filter.doFilter(request, response, chain);
 		verify(chain).doFilter(request, response);
 	}
@@ -127,16 +122,15 @@ public class SecurityContextPersistenceFilterTests {
 	}
 
 	@Test
-	public void nullSecurityContextRepoDoesntSaveContextOrCreateSession()
-			throws Exception {
+	public void nullSecurityContextRepoDoesntSaveContextOrCreateSession() throws Exception {
 		final FilterChain chain = mock(FilterChain.class);
 		final MockHttpServletRequest request = new MockHttpServletRequest();
 		final MockHttpServletResponse response = new MockHttpServletResponse();
 		SecurityContextRepository repo = new NullSecurityContextRepository();
-		SecurityContextPersistenceFilter filter = new SecurityContextPersistenceFilter(
-				repo);
+		SecurityContextPersistenceFilter filter = new SecurityContextPersistenceFilter(repo);
 		filter.doFilter(request, response, chain);
 		assertThat(repo.containsContext(request)).isFalse();
 		assertThat(request.getSession(false)).isNull();
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/context/request/async/SecurityContextCallableProcessingInterceptorTests.java b/web/src/test/java/org/springframework/security/web/context/request/async/SecurityContextCallableProcessingInterceptorTests.java
index 46aa783de3..8ecbf5ce95 100644
--- a/web/src/test/java/org/springframework/security/web/context/request/async/SecurityContextCallableProcessingInterceptorTests.java
+++ b/web/src/test/java/org/springframework/security/web/context/request/async/SecurityContextCallableProcessingInterceptorTests.java
@@ -29,16 +29,18 @@ import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.web.context.request.NativeWebRequest;
 
 /**
- *
  * @author Rob Winch
  *
  */
 @RunWith(MockitoJUnitRunner.class)
 public class SecurityContextCallableProcessingInterceptorTests {
+
 	@Mock
 	private SecurityContext securityContext;
+
 	@Mock
 	private Callable<?> callable;
+
 	@Mock
 	private NativeWebRequest webRequest;
 
@@ -77,4 +79,5 @@ public class SecurityContextCallableProcessingInterceptorTests {
 		interceptor.postProcess(webRequest, callable, null);
 		assertThat(SecurityContextHolder.getContext()).isNotSameAs(securityContext);
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/context/request/async/WebAsyncManagerIntegrationFilterTests.java b/web/src/test/java/org/springframework/security/web/context/request/async/WebAsyncManagerIntegrationFilterTests.java
index 42d7cc701c..681d5031e6 100644
--- a/web/src/test/java/org/springframework/security/web/context/request/async/WebAsyncManagerIntegrationFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/context/request/async/WebAsyncManagerIntegrationFilterTests.java
@@ -41,21 +41,26 @@ import org.springframework.web.context.request.async.WebAsyncManager;
 import org.springframework.web.context.request.async.WebAsyncUtils;
 
 /**
- *
  * @author Rob Winch
  *
  */
 @RunWith(MockitoJUnitRunner.class)
 public class WebAsyncManagerIntegrationFilterTests {
+
 	@Mock
 	private SecurityContext securityContext;
+
 	@Mock
 	private HttpServletRequest request;
+
 	@Mock
 	private HttpServletResponse response;
+
 	@Mock
 	private AsyncWebRequest asyncWebRequest;
+
 	private WebAsyncManager asyncManager;
+
 	private JoinableThreadFactory threadFactory;
 
 	private MockFilterChain filterChain;
@@ -73,8 +78,7 @@ public class WebAsyncManagerIntegrationFilterTests {
 		asyncManager = WebAsyncUtils.getAsyncManager(request);
 		asyncManager.setAsyncWebRequest(asyncWebRequest);
 		asyncManager.setTaskExecutor(executor);
-		when(request.getAttribute(WebAsyncUtils.WEB_ASYNC_MANAGER_ATTRIBUTE)).thenReturn(
-				asyncManager);
+		when(request.getAttribute(WebAsyncUtils.WEB_ASYNC_MANAGER_ATTRIBUTE)).thenReturn(asyncManager);
 
 		filter = new WebAsyncManagerIntegrationFilter();
 	}
@@ -85,18 +89,14 @@ public class WebAsyncManagerIntegrationFilterTests {
 	}
 
 	@Test
-	public void doFilterInternalRegistersSecurityContextCallableProcessor()
-			throws Exception {
+	public void doFilterInternalRegistersSecurityContextCallableProcessor() throws Exception {
 		SecurityContextHolder.setContext(securityContext);
-		asyncManager
-				.registerCallableInterceptors(new CallableProcessingInterceptorAdapter() {
-					@Override
-					public <T> void postProcess(NativeWebRequest request,
-							Callable<T> task, Object concurrentResult) {
-						assertThat(SecurityContextHolder.getContext()).isNotSameAs(
-								securityContext);
-					}
-				});
+		asyncManager.registerCallableInterceptors(new CallableProcessingInterceptorAdapter() {
+			@Override
+			public <T> void postProcess(NativeWebRequest request, Callable<T> task, Object concurrentResult) {
+				assertThat(SecurityContextHolder.getContext()).isNotSameAs(securityContext);
+			}
+		});
 		filter.doFilterInternal(request, response, filterChain);
 
 		VerifyingCallable verifyingCallable = new VerifyingCallable();
@@ -106,18 +106,14 @@ public class WebAsyncManagerIntegrationFilterTests {
 	}
 
 	@Test
-	public void doFilterInternalRegistersSecurityContextCallableProcessorContextUpdated()
-			throws Exception {
+	public void doFilterInternalRegistersSecurityContextCallableProcessorContextUpdated() throws Exception {
 		SecurityContextHolder.setContext(SecurityContextHolder.createEmptyContext());
-		asyncManager
-				.registerCallableInterceptors(new CallableProcessingInterceptorAdapter() {
-					@Override
-					public <T> void postProcess(NativeWebRequest request,
-							Callable<T> task, Object concurrentResult) {
-						assertThat(SecurityContextHolder.getContext()).isNotSameAs(
-								securityContext);
-					}
-				});
+		asyncManager.registerCallableInterceptors(new CallableProcessingInterceptorAdapter() {
+			@Override
+			public <T> void postProcess(NativeWebRequest request, Callable<T> task, Object concurrentResult) {
+				assertThat(SecurityContextHolder.getContext()).isNotSameAs(securityContext);
+			}
+		});
 		filter.doFilterInternal(request, response, filterChain);
 		SecurityContextHolder.setContext(securityContext);
 
@@ -128,6 +124,7 @@ public class WebAsyncManagerIntegrationFilterTests {
 	}
 
 	private static final class JoinableThreadFactory implements ThreadFactory {
+
 		private Thread t;
 
 		public Thread newThread(Runnable r) {
@@ -138,6 +135,7 @@ public class WebAsyncManagerIntegrationFilterTests {
 		public void join() throws InterruptedException {
 			t.join();
 		}
+
 	}
 
 	private class VerifyingCallable implements Callable<SecurityContext> {
@@ -147,4 +145,5 @@ public class WebAsyncManagerIntegrationFilterTests {
 		}
 
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/csrf/CookieCsrfTokenRepositoryTests.java b/web/src/test/java/org/springframework/security/web/csrf/CookieCsrfTokenRepositoryTests.java
index 7f40afde2e..b9399fe85e 100644
--- a/web/src/test/java/org/springframework/security/web/csrf/CookieCsrfTokenRepositoryTests.java
+++ b/web/src/test/java/org/springframework/security/web/csrf/CookieCsrfTokenRepositoryTests.java
@@ -30,8 +30,11 @@ import static org.assertj.core.api.Assertions.assertThat;
  * @since 4.1
  */
 public class CookieCsrfTokenRepositoryTests {
+
 	CookieCsrfTokenRepository repository;
+
 	MockHttpServletResponse response;
+
 	MockHttpServletRequest request;
 
 	@Before
@@ -47,10 +50,8 @@ public class CookieCsrfTokenRepositoryTests {
 		CsrfToken generateToken = this.repository.generateToken(this.request);
 
 		assertThat(generateToken).isNotNull();
-		assertThat(generateToken.getHeaderName())
-				.isEqualTo(CookieCsrfTokenRepository.DEFAULT_CSRF_HEADER_NAME);
-		assertThat(generateToken.getParameterName())
-				.isEqualTo(CookieCsrfTokenRepository.DEFAULT_CSRF_PARAMETER_NAME);
+		assertThat(generateToken.getHeaderName()).isEqualTo(CookieCsrfTokenRepository.DEFAULT_CSRF_HEADER_NAME);
+		assertThat(generateToken.getParameterName()).isEqualTo(CookieCsrfTokenRepository.DEFAULT_CSRF_PARAMETER_NAME);
 		assertThat(generateToken.getToken()).isNotEmpty();
 	}
 
@@ -74,12 +75,10 @@ public class CookieCsrfTokenRepositoryTests {
 		CsrfToken token = this.repository.generateToken(this.request);
 		this.repository.saveToken(token, this.request, this.response);
 
-		Cookie tokenCookie = this.response
-				.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME);
+		Cookie tokenCookie = this.response.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME);
 
 		assertThat(tokenCookie.getMaxAge()).isEqualTo(-1);
-		assertThat(tokenCookie.getName())
-				.isEqualTo(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME);
+		assertThat(tokenCookie.getName()).isEqualTo(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME);
 		assertThat(tokenCookie.getPath()).isEqualTo(this.request.getContextPath());
 		assertThat(tokenCookie.getSecure()).isEqualTo(this.request.isSecure());
 		assertThat(tokenCookie.getValue()).isEqualTo(token.getToken());
@@ -92,8 +91,7 @@ public class CookieCsrfTokenRepositoryTests {
 		CsrfToken token = this.repository.generateToken(this.request);
 		this.repository.saveToken(token, this.request, this.response);
 
-		Cookie tokenCookie = this.response
-				.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME);
+		Cookie tokenCookie = this.response.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME);
 
 		assertThat(tokenCookie.getSecure()).isTrue();
 	}
@@ -105,8 +103,7 @@ public class CookieCsrfTokenRepositoryTests {
 		CsrfToken token = this.repository.generateToken(this.request);
 		this.repository.saveToken(token, this.request, this.response);
 
-		Cookie tokenCookie = this.response
-				.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME);
+		Cookie tokenCookie = this.response.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME);
 
 		assertThat(tokenCookie.getSecure()).isTrue();
 	}
@@ -118,24 +115,20 @@ public class CookieCsrfTokenRepositoryTests {
 		CsrfToken token = this.repository.generateToken(this.request);
 		this.repository.saveToken(token, this.request, this.response);
 
-		Cookie tokenCookie = this.response
-				.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME);
+		Cookie tokenCookie = this.response.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME);
 
 		assertThat(tokenCookie.getSecure()).isFalse();
 	}
 
-
 	@Test
 	public void saveTokenNull() {
 		this.request.setSecure(true);
 		this.repository.saveToken(null, this.request, this.response);
 
-		Cookie tokenCookie = this.response
-				.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME);
+		Cookie tokenCookie = this.response.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME);
 
 		assertThat(tokenCookie.getMaxAge()).isZero();
-		assertThat(tokenCookie.getName())
-				.isEqualTo(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME);
+		assertThat(tokenCookie.getName()).isEqualTo(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME);
 		assertThat(tokenCookie.getPath()).isEqualTo(this.request.getContextPath());
 		assertThat(tokenCookie.getSecure()).isEqualTo(this.request.isSecure());
 		assertThat(tokenCookie.getValue()).isEmpty();
@@ -147,8 +140,7 @@ public class CookieCsrfTokenRepositoryTests {
 		CsrfToken token = this.repository.generateToken(this.request);
 		this.repository.saveToken(token, this.request, this.response);
 
-		Cookie tokenCookie = this.response
-				.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME);
+		Cookie tokenCookie = this.response.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME);
 
 		assertThat(tokenCookie.isHttpOnly()).isTrue();
 	}
@@ -159,8 +151,7 @@ public class CookieCsrfTokenRepositoryTests {
 		CsrfToken token = this.repository.generateToken(this.request);
 		this.repository.saveToken(token, this.request, this.response);
 
-		Cookie tokenCookie = this.response
-				.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME);
+		Cookie tokenCookie = this.response.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME);
 
 		assertThat(tokenCookie.isHttpOnly()).isFalse();
 	}
@@ -171,8 +162,7 @@ public class CookieCsrfTokenRepositoryTests {
 		CsrfToken token = this.repository.generateToken(this.request);
 		this.repository.saveToken(token, this.request, this.response);
 
-		Cookie tokenCookie = this.response
-				.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME);
+		Cookie tokenCookie = this.response.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME);
 
 		assertThat(tokenCookie.isHttpOnly()).isFalse();
 	}
@@ -184,8 +174,7 @@ public class CookieCsrfTokenRepositoryTests {
 		CsrfToken token = this.repository.generateToken(this.request);
 		this.repository.saveToken(token, this.request, this.response);
 
-		Cookie tokenCookie = this.response
-				.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME);
+		Cookie tokenCookie = this.response.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME);
 
 		assertThat(tokenCookie.getPath()).isEqualTo(this.repository.getCookiePath());
 	}
@@ -197,8 +186,7 @@ public class CookieCsrfTokenRepositoryTests {
 		CsrfToken token = this.repository.generateToken(this.request);
 		this.repository.saveToken(token, this.request, this.response);
 
-		Cookie tokenCookie = this.response
-				.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME);
+		Cookie tokenCookie = this.response.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME);
 
 		assertThat(tokenCookie.getPath()).isEqualTo(this.request.getContextPath());
 	}
@@ -210,8 +198,7 @@ public class CookieCsrfTokenRepositoryTests {
 		CsrfToken token = this.repository.generateToken(this.request);
 		this.repository.saveToken(token, this.request, this.response);
 
-		Cookie tokenCookie = this.response
-				.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME);
+		Cookie tokenCookie = this.response.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME);
 
 		assertThat(tokenCookie.getPath()).isEqualTo(this.request.getContextPath());
 	}
@@ -224,8 +211,7 @@ public class CookieCsrfTokenRepositoryTests {
 		CsrfToken token = this.repository.generateToken(this.request);
 		this.repository.saveToken(token, this.request, this.response);
 
-		Cookie tokenCookie = this.response
-				.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME);
+		Cookie tokenCookie = this.response.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME);
 
 		assertThat(tokenCookie.getDomain()).isEqualTo(domainName);
 	}
@@ -244,8 +230,7 @@ public class CookieCsrfTokenRepositoryTests {
 
 	@Test
 	public void loadTokenCookieValueEmptyString() {
-		this.request.setCookies(
-				new Cookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME, ""));
+		this.request.setCookies(new Cookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME, ""));
 
 		assertThat(this.repository.loadToken(this.request)).isNull();
 	}
@@ -255,15 +240,13 @@ public class CookieCsrfTokenRepositoryTests {
 		CsrfToken generateToken = this.repository.generateToken(this.request);
 
 		this.request
-				.setCookies(new Cookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME,
-						generateToken.getToken()));
+				.setCookies(new Cookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME, generateToken.getToken()));
 
 		CsrfToken loadToken = this.repository.loadToken(this.request);
 
 		assertThat(loadToken).isNotNull();
 		assertThat(loadToken.getHeaderName()).isEqualTo(generateToken.getHeaderName());
-		assertThat(loadToken.getParameterName())
-				.isEqualTo(generateToken.getParameterName());
+		assertThat(loadToken.getParameterName()).isEqualTo(generateToken.getParameterName());
 		assertThat(loadToken.getToken()).isNotEmpty();
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/csrf/CsrfAuthenticationStrategyTests.java b/web/src/test/java/org/springframework/security/web/csrf/CsrfAuthenticationStrategyTests.java
index 0d888a4133..56d3606318 100644
--- a/web/src/test/java/org/springframework/security/web/csrf/CsrfAuthenticationStrategyTests.java
+++ b/web/src/test/java/org/springframework/security/web/csrf/CsrfAuthenticationStrategyTests.java
@@ -41,6 +41,7 @@ import static org.mockito.Mockito.when;
  */
 @RunWith(MockitoJUnitRunner.class)
 public class CsrfAuthenticationStrategyTests {
+
 	@Mock
 	private CsrfTokenRepository csrfTokenRepository;
 
@@ -71,61 +72,49 @@ public class CsrfAuthenticationStrategyTests {
 
 	@Test
 	public void logoutRemovesCsrfTokenAndSavesNew() {
-		when(this.csrfTokenRepository.loadToken(this.request))
-				.thenReturn(this.existingToken);
-		when(this.csrfTokenRepository.generateToken(this.request))
-				.thenReturn(this.generatedToken);
-		this.strategy.onAuthentication(
-				new TestingAuthenticationToken("user", "password", "ROLE_USER"),
-				this.request, this.response);
+		when(this.csrfTokenRepository.loadToken(this.request)).thenReturn(this.existingToken);
+		when(this.csrfTokenRepository.generateToken(this.request)).thenReturn(this.generatedToken);
+		this.strategy.onAuthentication(new TestingAuthenticationToken("user", "password", "ROLE_USER"), this.request,
+				this.response);
 
 		verify(this.csrfTokenRepository).saveToken(null, this.request, this.response);
-		verify(this.csrfTokenRepository).saveToken(eq(this.generatedToken),
-				any(HttpServletRequest.class), any(HttpServletResponse.class));
+		verify(this.csrfTokenRepository).saveToken(eq(this.generatedToken), any(HttpServletRequest.class),
+				any(HttpServletResponse.class));
 		// SEC-2404, SEC-2832
-		CsrfToken tokenInRequest = (CsrfToken) this.request
-				.getAttribute(CsrfToken.class.getName());
+		CsrfToken tokenInRequest = (CsrfToken) this.request.getAttribute(CsrfToken.class.getName());
 		assertThat(tokenInRequest.getToken()).isSameAs(this.generatedToken.getToken());
-		assertThat(tokenInRequest.getHeaderName())
-				.isSameAs(this.generatedToken.getHeaderName());
-		assertThat(tokenInRequest.getParameterName())
-				.isSameAs(this.generatedToken.getParameterName());
-		assertThat(this.request.getAttribute(this.generatedToken.getParameterName()))
-				.isSameAs(tokenInRequest);
+		assertThat(tokenInRequest.getHeaderName()).isSameAs(this.generatedToken.getHeaderName());
+		assertThat(tokenInRequest.getParameterName()).isSameAs(this.generatedToken.getParameterName());
+		assertThat(this.request.getAttribute(this.generatedToken.getParameterName())).isSameAs(tokenInRequest);
 	}
 
 	// SEC-2872
 	@Test
 	public void delaySavingCsrf() {
-		this.strategy = new CsrfAuthenticationStrategy(
-				new LazyCsrfTokenRepository(this.csrfTokenRepository));
+		this.strategy = new CsrfAuthenticationStrategy(new LazyCsrfTokenRepository(this.csrfTokenRepository));
 
-		when(this.csrfTokenRepository.loadToken(this.request))
-				.thenReturn(this.existingToken);
-		when(this.csrfTokenRepository.generateToken(this.request))
-				.thenReturn(this.generatedToken);
-		this.strategy.onAuthentication(
-				new TestingAuthenticationToken("user", "password", "ROLE_USER"),
-				this.request, this.response);
+		when(this.csrfTokenRepository.loadToken(this.request)).thenReturn(this.existingToken);
+		when(this.csrfTokenRepository.generateToken(this.request)).thenReturn(this.generatedToken);
+		this.strategy.onAuthentication(new TestingAuthenticationToken("user", "password", "ROLE_USER"), this.request,
+				this.response);
 
 		verify(this.csrfTokenRepository).saveToken(null, this.request, this.response);
-		verify(this.csrfTokenRepository, never()).saveToken(eq(this.generatedToken),
-				any(HttpServletRequest.class), any(HttpServletResponse.class));
+		verify(this.csrfTokenRepository, never()).saveToken(eq(this.generatedToken), any(HttpServletRequest.class),
+				any(HttpServletResponse.class));
 
-		CsrfToken tokenInRequest = (CsrfToken) this.request
-				.getAttribute(CsrfToken.class.getName());
+		CsrfToken tokenInRequest = (CsrfToken) this.request.getAttribute(CsrfToken.class.getName());
 		tokenInRequest.getToken();
-		verify(this.csrfTokenRepository).saveToken(eq(this.generatedToken),
-				any(HttpServletRequest.class), any(HttpServletResponse.class));
+		verify(this.csrfTokenRepository).saveToken(eq(this.generatedToken), any(HttpServletRequest.class),
+				any(HttpServletResponse.class));
 	}
 
 	@Test
 	public void logoutRemovesNoActionIfNullToken() {
-		this.strategy.onAuthentication(
-				new TestingAuthenticationToken("user", "password", "ROLE_USER"),
-				this.request, this.response);
+		this.strategy.onAuthentication(new TestingAuthenticationToken("user", "password", "ROLE_USER"), this.request,
+				this.response);
 
-		verify(this.csrfTokenRepository, never()).saveToken(any(CsrfToken.class),
-				any(HttpServletRequest.class), any(HttpServletResponse.class));
+		verify(this.csrfTokenRepository, never()).saveToken(any(CsrfToken.class), any(HttpServletRequest.class),
+				any(HttpServletResponse.class));
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/csrf/CsrfFilterTests.java b/web/src/test/java/org/springframework/security/web/csrf/CsrfFilterTests.java
index 4129201cb4..775ba32252 100644
--- a/web/src/test/java/org/springframework/security/web/csrf/CsrfFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/csrf/CsrfFilterTests.java
@@ -57,15 +57,20 @@ public class CsrfFilterTests {
 
 	@Mock
 	private RequestMatcher requestMatcher;
+
 	@Mock
 	private CsrfTokenRepository tokenRepository;
+
 	@Mock
 	private FilterChain filterChain;
+
 	@Mock
 	private AccessDeniedHandler deniedHandler;
 
 	private MockHttpServletRequest request;
+
 	private MockHttpServletResponse response;
+
 	private CsrfToken token;
 
 	private CsrfFilter filter;
@@ -96,84 +101,68 @@ public class CsrfFilterTests {
 
 	// SEC-2276
 	@Test
-	public void doFilterDoesNotSaveCsrfTokenUntilAccessed()
-			throws ServletException, IOException {
+	public void doFilterDoesNotSaveCsrfTokenUntilAccessed() throws ServletException, IOException {
 		this.filter = createCsrfFilter(new LazyCsrfTokenRepository(this.tokenRepository));
 		when(this.requestMatcher.matches(this.request)).thenReturn(false);
 		when(this.tokenRepository.generateToken(this.request)).thenReturn(this.token);
 
 		this.filter.doFilter(this.request, this.response, this.filterChain);
-		CsrfToken attrToken = (CsrfToken) this.request
-				.getAttribute(this.token.getParameterName());
+		CsrfToken attrToken = (CsrfToken) this.request.getAttribute(this.token.getParameterName());
 
 		// no CsrfToken should have been saved yet
-		verify(this.tokenRepository, times(0)).saveToken(any(CsrfToken.class),
-				any(HttpServletRequest.class), any(HttpServletResponse.class));
+		verify(this.tokenRepository, times(0)).saveToken(any(CsrfToken.class), any(HttpServletRequest.class),
+				any(HttpServletResponse.class));
 		verify(this.filterChain).doFilter(this.request, this.response);
 
 		// access the token
 		attrToken.getToken();
 
 		// now the CsrfToken should have been saved
-		verify(this.tokenRepository).saveToken(eq(this.token),
-				any(HttpServletRequest.class), any(HttpServletResponse.class));
+		verify(this.tokenRepository).saveToken(eq(this.token), any(HttpServletRequest.class),
+				any(HttpServletResponse.class));
 	}
 
 	@Test
-	public void doFilterAccessDeniedNoTokenPresent()
-			throws ServletException, IOException {
+	public void doFilterAccessDeniedNoTokenPresent() throws ServletException, IOException {
 		when(this.requestMatcher.matches(this.request)).thenReturn(true);
 		when(this.tokenRepository.loadToken(this.request)).thenReturn(this.token);
 
 		this.filter.doFilter(this.request, this.response, this.filterChain);
 
-		assertThat(this.request.getAttribute(this.token.getParameterName()))
-				.isEqualTo(this.token);
-		assertThat(this.request.getAttribute(CsrfToken.class.getName()))
-				.isEqualTo(this.token);
+		assertThat(this.request.getAttribute(this.token.getParameterName())).isEqualTo(this.token);
+		assertThat(this.request.getAttribute(CsrfToken.class.getName())).isEqualTo(this.token);
 
-		verify(this.deniedHandler).handle(eq(this.request), eq(this.response),
-				any(InvalidCsrfTokenException.class));
+		verify(this.deniedHandler).handle(eq(this.request), eq(this.response), any(InvalidCsrfTokenException.class));
 		verifyZeroInteractions(this.filterChain);
 	}
 
 	@Test
-	public void doFilterAccessDeniedIncorrectTokenPresent()
-			throws ServletException, IOException {
+	public void doFilterAccessDeniedIncorrectTokenPresent() throws ServletException, IOException {
 		when(this.requestMatcher.matches(this.request)).thenReturn(true);
 		when(this.tokenRepository.loadToken(this.request)).thenReturn(this.token);
-		this.request.setParameter(this.token.getParameterName(),
-				this.token.getToken() + " INVALID");
+		this.request.setParameter(this.token.getParameterName(), this.token.getToken() + " INVALID");
 
 		this.filter.doFilter(this.request, this.response, this.filterChain);
 
-		assertThat(this.request.getAttribute(this.token.getParameterName()))
-				.isEqualTo(this.token);
-		assertThat(this.request.getAttribute(CsrfToken.class.getName()))
-				.isEqualTo(this.token);
+		assertThat(this.request.getAttribute(this.token.getParameterName())).isEqualTo(this.token);
+		assertThat(this.request.getAttribute(CsrfToken.class.getName())).isEqualTo(this.token);
 
-		verify(this.deniedHandler).handle(eq(this.request), eq(this.response),
-				any(InvalidCsrfTokenException.class));
+		verify(this.deniedHandler).handle(eq(this.request), eq(this.response), any(InvalidCsrfTokenException.class));
 		verifyZeroInteractions(this.filterChain);
 	}
 
 	@Test
-	public void doFilterAccessDeniedIncorrectTokenPresentHeader()
-			throws ServletException, IOException {
+	public void doFilterAccessDeniedIncorrectTokenPresentHeader() throws ServletException, IOException {
 		when(this.requestMatcher.matches(this.request)).thenReturn(true);
 		when(this.tokenRepository.loadToken(this.request)).thenReturn(this.token);
-		this.request.addHeader(this.token.getHeaderName(),
-				this.token.getToken() + " INVALID");
+		this.request.addHeader(this.token.getHeaderName(), this.token.getToken() + " INVALID");
 
 		this.filter.doFilter(this.request, this.response, this.filterChain);
 
-		assertThat(this.request.getAttribute(this.token.getParameterName()))
-				.isEqualTo(this.token);
-		assertThat(this.request.getAttribute(CsrfToken.class.getName()))
-				.isEqualTo(this.token);
+		assertThat(this.request.getAttribute(this.token.getParameterName())).isEqualTo(this.token);
+		assertThat(this.request.getAttribute(CsrfToken.class.getName())).isEqualTo(this.token);
 
-		verify(this.deniedHandler).handle(eq(this.request), eq(this.response),
-				any(InvalidCsrfTokenException.class));
+		verify(this.deniedHandler).handle(eq(this.request), eq(this.response), any(InvalidCsrfTokenException.class));
 		verifyZeroInteractions(this.filterChain);
 	}
 
@@ -183,68 +172,55 @@ public class CsrfFilterTests {
 		when(this.requestMatcher.matches(this.request)).thenReturn(true);
 		when(this.tokenRepository.loadToken(this.request)).thenReturn(this.token);
 		this.request.setParameter(this.token.getParameterName(), this.token.getToken());
-		this.request.addHeader(this.token.getHeaderName(),
-				this.token.getToken() + " INVALID");
+		this.request.addHeader(this.token.getHeaderName(), this.token.getToken() + " INVALID");
 
 		this.filter.doFilter(this.request, this.response, this.filterChain);
 
-		assertThat(this.request.getAttribute(this.token.getParameterName()))
-				.isEqualTo(this.token);
-		assertThat(this.request.getAttribute(CsrfToken.class.getName()))
-				.isEqualTo(this.token);
+		assertThat(this.request.getAttribute(this.token.getParameterName())).isEqualTo(this.token);
+		assertThat(this.request.getAttribute(CsrfToken.class.getName())).isEqualTo(this.token);
 
-		verify(this.deniedHandler).handle(eq(this.request), eq(this.response),
-				any(InvalidCsrfTokenException.class));
+		verify(this.deniedHandler).handle(eq(this.request), eq(this.response), any(InvalidCsrfTokenException.class));
 		verifyZeroInteractions(this.filterChain);
 	}
 
 	@Test
-	public void doFilterNotCsrfRequestExistingToken()
-			throws ServletException, IOException {
+	public void doFilterNotCsrfRequestExistingToken() throws ServletException, IOException {
 		when(this.requestMatcher.matches(this.request)).thenReturn(false);
 		when(this.tokenRepository.loadToken(this.request)).thenReturn(this.token);
 
 		this.filter.doFilter(this.request, this.response, this.filterChain);
 
-		assertThat(this.request.getAttribute(this.token.getParameterName()))
-				.isEqualTo(this.token);
-		assertThat(this.request.getAttribute(CsrfToken.class.getName()))
-				.isEqualTo(this.token);
+		assertThat(this.request.getAttribute(this.token.getParameterName())).isEqualTo(this.token);
+		assertThat(this.request.getAttribute(CsrfToken.class.getName())).isEqualTo(this.token);
 
 		verify(this.filterChain).doFilter(this.request, this.response);
 		verifyZeroInteractions(this.deniedHandler);
 	}
 
 	@Test
-	public void doFilterNotCsrfRequestGenerateToken()
-			throws ServletException, IOException {
+	public void doFilterNotCsrfRequestGenerateToken() throws ServletException, IOException {
 		when(this.requestMatcher.matches(this.request)).thenReturn(false);
 		when(this.tokenRepository.generateToken(this.request)).thenReturn(this.token);
 
 		this.filter.doFilter(this.request, this.response, this.filterChain);
 
-		assertToken(this.request.getAttribute(this.token.getParameterName()))
-				.isEqualTo(this.token);
-		assertToken(this.request.getAttribute(CsrfToken.class.getName()))
-				.isEqualTo(this.token);
+		assertToken(this.request.getAttribute(this.token.getParameterName())).isEqualTo(this.token);
+		assertToken(this.request.getAttribute(CsrfToken.class.getName())).isEqualTo(this.token);
 
 		verify(this.filterChain).doFilter(this.request, this.response);
 		verifyZeroInteractions(this.deniedHandler);
 	}
 
 	@Test
-	public void doFilterIsCsrfRequestExistingTokenHeader()
-			throws ServletException, IOException {
+	public void doFilterIsCsrfRequestExistingTokenHeader() throws ServletException, IOException {
 		when(this.requestMatcher.matches(this.request)).thenReturn(true);
 		when(this.tokenRepository.loadToken(this.request)).thenReturn(this.token);
 		this.request.addHeader(this.token.getHeaderName(), this.token.getToken());
 
 		this.filter.doFilter(this.request, this.response, this.filterChain);
 
-		assertThat(this.request.getAttribute(this.token.getParameterName()))
-				.isEqualTo(this.token);
-		assertThat(this.request.getAttribute(CsrfToken.class.getName()))
-				.isEqualTo(this.token);
+		assertThat(this.request.getAttribute(this.token.getParameterName())).isEqualTo(this.token);
+		assertThat(this.request.getAttribute(CsrfToken.class.getName())).isEqualTo(this.token);
 
 		verify(this.filterChain).doFilter(this.request, this.response);
 		verifyZeroInteractions(this.deniedHandler);
@@ -255,58 +231,48 @@ public class CsrfFilterTests {
 			throws ServletException, IOException {
 		when(this.requestMatcher.matches(this.request)).thenReturn(true);
 		when(this.tokenRepository.loadToken(this.request)).thenReturn(this.token);
-		this.request.setParameter(this.token.getParameterName(),
-				this.token.getToken() + " INVALID");
+		this.request.setParameter(this.token.getParameterName(), this.token.getToken() + " INVALID");
 		this.request.addHeader(this.token.getHeaderName(), this.token.getToken());
 
 		this.filter.doFilter(this.request, this.response, this.filterChain);
 
-		assertThat(this.request.getAttribute(this.token.getParameterName()))
-				.isEqualTo(this.token);
-		assertThat(this.request.getAttribute(CsrfToken.class.getName()))
-				.isEqualTo(this.token);
+		assertThat(this.request.getAttribute(this.token.getParameterName())).isEqualTo(this.token);
+		assertThat(this.request.getAttribute(CsrfToken.class.getName())).isEqualTo(this.token);
 
 		verify(this.filterChain).doFilter(this.request, this.response);
 		verifyZeroInteractions(this.deniedHandler);
 	}
 
 	@Test
-	public void doFilterIsCsrfRequestExistingToken()
-			throws ServletException, IOException {
+	public void doFilterIsCsrfRequestExistingToken() throws ServletException, IOException {
 		when(this.requestMatcher.matches(this.request)).thenReturn(true);
 		when(this.tokenRepository.loadToken(this.request)).thenReturn(this.token);
 		this.request.setParameter(this.token.getParameterName(), this.token.getToken());
 
 		this.filter.doFilter(this.request, this.response, this.filterChain);
 
-		assertThat(this.request.getAttribute(this.token.getParameterName()))
-				.isEqualTo(this.token);
-		assertThat(this.request.getAttribute(CsrfToken.class.getName()))
-				.isEqualTo(this.token);
+		assertThat(this.request.getAttribute(this.token.getParameterName())).isEqualTo(this.token);
+		assertThat(this.request.getAttribute(CsrfToken.class.getName())).isEqualTo(this.token);
 
 		verify(this.filterChain).doFilter(this.request, this.response);
 		verifyZeroInteractions(this.deniedHandler);
-		verify(this.tokenRepository, never()).saveToken(any(CsrfToken.class),
-				any(HttpServletRequest.class), any(HttpServletResponse.class));
+		verify(this.tokenRepository, never()).saveToken(any(CsrfToken.class), any(HttpServletRequest.class),
+				any(HttpServletResponse.class));
 	}
 
 	@Test
-	public void doFilterIsCsrfRequestGenerateToken()
-			throws ServletException, IOException {
+	public void doFilterIsCsrfRequestGenerateToken() throws ServletException, IOException {
 		when(this.requestMatcher.matches(this.request)).thenReturn(true);
 		when(this.tokenRepository.generateToken(this.request)).thenReturn(this.token);
 		this.request.setParameter(this.token.getParameterName(), this.token.getToken());
 
 		this.filter.doFilter(this.request, this.response, this.filterChain);
 
-		assertToken(this.request.getAttribute(this.token.getParameterName()))
-				.isEqualTo(this.token);
-		assertToken(this.request.getAttribute(CsrfToken.class.getName()))
-				.isEqualTo(this.token);
+		assertToken(this.request.getAttribute(this.token.getParameterName())).isEqualTo(this.token);
+		assertToken(this.request.getAttribute(CsrfToken.class.getName())).isEqualTo(this.token);
 
 		// LazyCsrfTokenRepository requires the response as an attribute
-		assertThat(this.request.getAttribute(HttpServletResponse.class.getName()))
-				.isEqualTo(this.response);
+		assertThat(this.request.getAttribute(HttpServletResponse.class.getName())).isEqualTo(this.response);
 
 		verify(this.filterChain).doFilter(this.request, this.response);
 		verify(this.tokenRepository).saveToken(this.token, this.request, this.response);
@@ -314,8 +280,7 @@ public class CsrfFilterTests {
 	}
 
 	@Test
-	public void doFilterDefaultRequireCsrfProtectionMatcherAllowedMethods()
-			throws ServletException, IOException {
+	public void doFilterDefaultRequireCsrfProtectionMatcherAllowedMethods() throws ServletException, IOException {
 		this.filter = new CsrfFilter(this.tokenRepository);
 		this.filter.setAccessDeniedHandler(this.deniedHandler);
 
@@ -338,8 +303,7 @@ public class CsrfFilterTests {
 	 *
 	 */
 	@Test
-	public void doFilterDefaultRequireCsrfProtectionMatcherAllowedMethodsCaseSensitive()
-			throws Exception {
+	public void doFilterDefaultRequireCsrfProtectionMatcherAllowedMethodsCaseSensitive() throws Exception {
 		this.filter = new CsrfFilter(this.tokenRepository);
 		this.filter.setAccessDeniedHandler(this.deniedHandler);
 
@@ -357,8 +321,7 @@ public class CsrfFilterTests {
 	}
 
 	@Test
-	public void doFilterDefaultRequireCsrfProtectionMatcherDeniedMethods()
-			throws ServletException, IOException {
+	public void doFilterDefaultRequireCsrfProtectionMatcherDeniedMethods() throws ServletException, IOException {
 		this.filter = new CsrfFilter(this.tokenRepository);
 		this.filter.setAccessDeniedHandler(this.deniedHandler);
 
@@ -384,18 +347,15 @@ public class CsrfFilterTests {
 
 		this.filter.doFilter(this.request, this.response, this.filterChain);
 
-		assertThat(this.request.getAttribute(this.token.getParameterName()))
-				.isEqualTo(this.token);
-		assertThat(this.request.getAttribute(CsrfToken.class.getName()))
-				.isEqualTo(this.token);
+		assertThat(this.request.getAttribute(this.token.getParameterName())).isEqualTo(this.token);
+		assertThat(this.request.getAttribute(CsrfToken.class.getName())).isEqualTo(this.token);
 
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_FORBIDDEN);
 		verifyZeroInteractions(this.filterChain);
 	}
 
 	@Test
-	public void doFilterWhenSkipRequestInvokedThenSkips()
-			throws Exception {
+	public void doFilterWhenSkipRequestInvokedThenSkips() throws Exception {
 
 		CsrfTokenRepository repository = mock(CsrfTokenRepository.class);
 		CsrfFilter filter = new CsrfFilter(repository);
@@ -423,12 +383,10 @@ public class CsrfFilterTests {
 		return new CsrfTokenAssert((CsrfToken) token);
 	}
 
-	private static class CsrfTokenAssert
-			extends AbstractObjectAssert<CsrfTokenAssert, CsrfToken> {
+	private static class CsrfTokenAssert extends AbstractObjectAssert<CsrfTokenAssert, CsrfToken> {
 
 		/**
 		 * Creates a new </code>{@link ObjectAssert}</code>.
-		 *
 		 * @param actual the target to verify.
 		 */
 		protected CsrfTokenAssert(CsrfToken actual) {
@@ -437,10 +395,11 @@ public class CsrfFilterTests {
 
 		public CsrfTokenAssert isEqualTo(CsrfToken expected) {
 			assertThat(this.actual.getHeaderName()).isEqualTo(expected.getHeaderName());
-			assertThat(this.actual.getParameterName())
-					.isEqualTo(expected.getParameterName());
+			assertThat(this.actual.getParameterName()).isEqualTo(expected.getParameterName());
 			assertThat(this.actual.getToken()).isEqualTo(expected.getToken());
 			return this;
 		}
+
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/csrf/CsrfLogoutHandlerTests.java b/web/src/test/java/org/springframework/security/web/csrf/CsrfLogoutHandlerTests.java
index c95da7c510..a26cdd80af 100644
--- a/web/src/test/java/org/springframework/security/web/csrf/CsrfLogoutHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/csrf/CsrfLogoutHandlerTests.java
@@ -32,6 +32,7 @@ import org.springframework.security.authentication.TestingAuthenticationToken;
  */
 @RunWith(MockitoJUnitRunner.class)
 public class CsrfLogoutHandlerTests {
+
 	@Mock
 	private CsrfTokenRepository csrfTokenRepository;
 
@@ -55,8 +56,7 @@ public class CsrfLogoutHandlerTests {
 
 	@Test
 	public void logoutRemovesCsrfToken() {
-		handler.logout(request, response, new TestingAuthenticationToken("user",
-				"password", "ROLE_USER"));
+		handler.logout(request, response, new TestingAuthenticationToken("user", "password", "ROLE_USER"));
 
 		verify(csrfTokenRepository).saveToken(null, request, response);
 	}
diff --git a/web/src/test/java/org/springframework/security/web/csrf/DefaultCsrfTokenTests.java b/web/src/test/java/org/springframework/security/web/csrf/DefaultCsrfTokenTests.java
index 2e9ff025f4..48b5710bcf 100644
--- a/web/src/test/java/org/springframework/security/web/csrf/DefaultCsrfTokenTests.java
+++ b/web/src/test/java/org/springframework/security/web/csrf/DefaultCsrfTokenTests.java
@@ -22,8 +22,11 @@ import org.junit.Test;
  *
  */
 public class DefaultCsrfTokenTests {
+
 	private final String headerName = "headerName";
+
 	private final String parameterName = "parameterName";
+
 	private final String tokenValue = "tokenValue";
 
 	@Test(expected = IllegalArgumentException.class)
@@ -55,4 +58,5 @@ public class DefaultCsrfTokenTests {
 	public void constructorEmptyTokenValue() {
 		new DefaultCsrfToken(headerName, parameterName, "");
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/csrf/HttpSessionCsrfTokenRepositoryTests.java b/web/src/test/java/org/springframework/security/web/csrf/HttpSessionCsrfTokenRepositoryTests.java
index 87934b474a..5ee346d43c 100644
--- a/web/src/test/java/org/springframework/security/web/csrf/HttpSessionCsrfTokenRepositoryTests.java
+++ b/web/src/test/java/org/springframework/security/web/csrf/HttpSessionCsrfTokenRepositoryTests.java
@@ -27,11 +27,13 @@ import org.springframework.mock.web.MockHttpServletResponse;
  *
  */
 public class HttpSessionCsrfTokenRepositoryTests {
+
 	private MockHttpServletRequest request;
 
 	private MockHttpServletResponse response;
 
 	private CsrfToken token;
+
 	private HttpSessionCsrfTokenRepository repo;
 
 	@Before
@@ -105,8 +107,7 @@ public class HttpSessionCsrfTokenRepositoryTests {
 		repo.setSessionAttributeName(sessionAttributeName);
 		repo.saveToken(tokenToSave, request, response);
 
-		CsrfToken loadedToken = (CsrfToken) request.getSession().getAttribute(
-				sessionAttributeName);
+		CsrfToken loadedToken = (CsrfToken) request.getSession().getAttribute(sessionAttributeName);
 
 		assertThat(loadedToken).isEqualTo(tokenToSave);
 	}
@@ -147,4 +148,5 @@ public class HttpSessionCsrfTokenRepositoryTests {
 	public void setParameterNameNull() {
 		repo.setParameterName(null);
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/csrf/LazyCsrfTokenRepositoryTests.java b/web/src/test/java/org/springframework/security/web/csrf/LazyCsrfTokenRepositoryTests.java
index 1c73690cdd..ffbb94f2a5 100644
--- a/web/src/test/java/org/springframework/security/web/csrf/LazyCsrfTokenRepositoryTests.java
+++ b/web/src/test/java/org/springframework/security/web/csrf/LazyCsrfTokenRepositoryTests.java
@@ -37,10 +37,13 @@ import static org.mockito.Mockito.when;
  */
 @RunWith(MockitoJUnitRunner.class)
 public class LazyCsrfTokenRepositoryTests {
+
 	@Mock
 	CsrfTokenRepository delegate;
+
 	@Mock
 	HttpServletRequest request;
+
 	@Mock
 	HttpServletResponse response;
 
@@ -53,8 +56,7 @@ public class LazyCsrfTokenRepositoryTests {
 	public void setup() {
 		this.token = new DefaultCsrfToken("header", "param", "token");
 		when(this.delegate.generateToken(this.request)).thenReturn(this.token);
-		when(this.request.getAttribute(HttpServletResponse.class.getName()))
-				.thenReturn(this.response);
+		when(this.request.getAttribute(HttpServletResponse.class.getName())).thenReturn(this.response);
 	}
 
 	@Test(expected = IllegalArgumentException.class)
@@ -99,4 +101,5 @@ public class LazyCsrfTokenRepositoryTests {
 
 		verify(this.delegate).loadToken(this.request);
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/csrf/MissingCsrfTokenExceptionTests.java b/web/src/test/java/org/springframework/security/web/csrf/MissingCsrfTokenExceptionTests.java
index 2cea7cb7c6..6a173d88c0 100644
--- a/web/src/test/java/org/springframework/security/web/csrf/MissingCsrfTokenExceptionTests.java
+++ b/web/src/test/java/org/springframework/security/web/csrf/MissingCsrfTokenExceptionTests.java
@@ -18,7 +18,6 @@ package org.springframework.security.web.csrf;
 import org.junit.Test;
 
 /**
- *
  * @author Rob Winch
  *
  */
diff --git a/web/src/test/java/org/springframework/security/web/debug/DebugFilterTests.java b/web/src/test/java/org/springframework/security/web/debug/DebugFilterTests.java
index 728630334f..65590f7d4e 100644
--- a/web/src/test/java/org/springframework/security/web/debug/DebugFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/debug/DebugFilterTests.java
@@ -42,26 +42,31 @@ import org.springframework.security.web.FilterChainProxy;
 import org.springframework.test.util.ReflectionTestUtils;
 
 /**
- *
  * @author Rob Winch
  *
  */
 @RunWith(PowerMockRunner.class)
 @PrepareOnlyThisForTest(Logger.class)
 public class DebugFilterTests {
+
 	@Captor
 	private ArgumentCaptor<HttpServletRequest> requestCaptor;
+
 	@Captor
 	private ArgumentCaptor<String> logCaptor;
 
 	@Mock
 	private HttpServletRequest request;
+
 	@Mock
 	private HttpServletResponse response;
+
 	@Mock
 	private FilterChain filterChain;
+
 	@Mock
 	private FilterChainProxy fcp;
+
 	@Mock
 	private Logger logger;
 
@@ -71,8 +76,7 @@ public class DebugFilterTests {
 
 	@Before
 	public void setUp() {
-		when(request.getHeaderNames()).thenReturn(
-				Collections.enumeration(Collections.<String> emptyList()));
+		when(request.getHeaderNames()).thenReturn(Collections.enumeration(Collections.<String>emptyList()));
 		when(request.getServletPath()).thenReturn("/login");
 		filter = new DebugFilter(fcp);
 		ReflectionTestUtils.setField(filter, "logger", logger);
@@ -106,8 +110,7 @@ public class DebugFilterTests {
 	@Test
 	public void doFilterDoesNotWrapWithDebugRequestWrapperAgain() throws Exception {
 		when(request.getAttribute(requestAttr)).thenReturn(Boolean.TRUE);
-		HttpServletRequest fireWalledRequest = new HttpServletRequestWrapper(
-				new DebugRequestWrapper(this.request));
+		HttpServletRequest fireWalledRequest = new HttpServletRequestWrapper(new DebugRequestWrapper(this.request));
 
 		filter.doFilter(fireWalledRequest, response, filterChain);
 
@@ -128,10 +131,9 @@ public class DebugFilterTests {
 
 		verify(logger).info(logCaptor.capture());
 
-		assertThat(logCaptor.getValue()).isEqualTo(
-				"Request received for GET '/path/':\n" + "\n" + request + "\n" + "\n"
-						+ "servletPath:/path\n" + "pathInfo:/\n" + "headers: \n"
-						+ "A: A Value, Another Value\n" + "B: B Value\n" + "\n" + "\n"
-						+ "Security filter chain: no match");
+		assertThat(logCaptor.getValue()).isEqualTo("Request received for GET '/path/':\n" + "\n" + request + "\n" + "\n"
+				+ "servletPath:/path\n" + "pathInfo:/\n" + "headers: \n" + "A: A Value, Another Value\n"
+				+ "B: B Value\n" + "\n" + "\n" + "Security filter chain: no match");
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/firewall/DefaultHttpFirewallTests.java b/web/src/test/java/org/springframework/security/web/firewall/DefaultHttpFirewallTests.java
index 400b7478f0..2ff3404968 100644
--- a/web/src/test/java/org/springframework/security/web/firewall/DefaultHttpFirewallTests.java
+++ b/web/src/test/java/org/springframework/security/web/firewall/DefaultHttpFirewallTests.java
@@ -25,6 +25,7 @@ import static org.assertj.core.api.Assertions.fail;
  * @author Luke Taylor
  */
 public class DefaultHttpFirewallTests {
+
 	public String[] unnormalizedPaths = { "/..", "/./path/", "/path/path/.", "/path/path//.", "./path/../path//.",
 			"./path", ".//path", "." };
 
@@ -39,22 +40,23 @@ public class DefaultHttpFirewallTests {
 			try {
 				fw.getFirewalledRequest(request);
 				fail(path + " is un-normalized");
-			} catch (RequestRejectedException expected) {
+			}
+			catch (RequestRejectedException expected) {
 			}
 			request.setPathInfo(path);
 			try {
 				fw.getFirewalledRequest(request);
 				fail(path + " is un-normalized");
-			} catch (RequestRejectedException expected) {
+			}
+			catch (RequestRejectedException expected) {
 			}
 		}
 	}
 
 	/**
-	 * On WebSphere 8.5 a URL like /context-root/a/b;%2f1/c can bypass a rule on
-	 * /a/b/c because the pathInfo is /a/b;/1/c which ends up being /a/b/1/c
-	 * while Spring MVC will strip the ; content from requestURI before the path
-	 * is URL decoded.
+	 * On WebSphere 8.5 a URL like /context-root/a/b;%2f1/c can bypass a rule on /a/b/c
+	 * because the pathInfo is /a/b;/1/c which ends up being /a/b/1/c while Spring MVC
+	 * will strip the ; content from requestURI before the path is URL decoded.
 	 */
 	@Test(expected = RequestRejectedException.class)
 	public void getFirewalledRequestWhenLowercaseEncodedPathThenException() {
@@ -104,4 +106,5 @@ public class DefaultHttpFirewallTests {
 
 		fw.getFirewalledRequest(request);
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/firewall/DefaultRequestRejectedHandlerTests.java b/web/src/test/java/org/springframework/security/web/firewall/DefaultRequestRejectedHandlerTests.java
index ccdb519e09..5af445f362 100644
--- a/web/src/test/java/org/springframework/security/web/firewall/DefaultRequestRejectedHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/firewall/DefaultRequestRejectedHandlerTests.java
@@ -15,7 +15,6 @@
  */
 package org.springframework.security.web.firewall;
 
-
 import static org.mockito.Mockito.mock;
 
 import javax.servlet.http.HttpServletRequest;
@@ -33,14 +32,16 @@ public class DefaultRequestRejectedHandlerTests {
 		RequestRejectedException requestRejectedException = new RequestRejectedException("rejected");
 		DefaultRequestRejectedHandler sut = new DefaultRequestRejectedHandler();
 
-		//when:
+		// when:
 		try {
 			sut.handle(mock(HttpServletRequest.class), mock(HttpServletResponse.class), requestRejectedException);
-		} catch (RequestRejectedException exception) {
-			//then:
+		}
+		catch (RequestRejectedException exception) {
+			// then:
 			Assert.assertThat(exception.getMessage(), CoreMatchers.is("rejected"));
 			return;
 		}
 		Assert.fail("Exception was not rethrown");
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/firewall/FirewalledResponseTests.java b/web/src/test/java/org/springframework/security/web/firewall/FirewalledResponseTests.java
index ee6ff8edf2..1ffb9e79aa 100644
--- a/web/src/test/java/org/springframework/security/web/firewall/FirewalledResponseTests.java
+++ b/web/src/test/java/org/springframework/security/web/firewall/FirewalledResponseTests.java
@@ -33,10 +33,12 @@ import static org.mockito.Mockito.verify;
  * @author Gabriel Lavoie
  */
 public class FirewalledResponseTests {
+
 	@Rule
 	public ExpectedException expectedException = ExpectedException.none();
 
 	private HttpServletResponse response;
+
 	private FirewalledResponse fwResponse;
 
 	@Before
@@ -105,6 +107,7 @@ public class FirewalledResponseTests {
 
 		verify(response).addCookie(cookie);
 	}
+
 	@Test
 	public void addCookieWhenNullThenDelegateInvoked() {
 		fwResponse.addCookie(null);
@@ -186,4 +189,5 @@ public class FirewalledResponseTests {
 		catch (IllegalArgumentException expected) {
 		}
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/firewall/HttpStatusRequestRejectedHandlerTests.java b/web/src/test/java/org/springframework/security/web/firewall/HttpStatusRequestRejectedHandlerTests.java
index b44f8c034e..4ccb834053 100644
--- a/web/src/test/java/org/springframework/security/web/firewall/HttpStatusRequestRejectedHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/firewall/HttpStatusRequestRejectedHandlerTests.java
@@ -15,7 +15,6 @@
  */
 package org.springframework.security.web.firewall;
 
-
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
 
@@ -28,11 +27,11 @@ public class HttpStatusRequestRejectedHandlerTests {
 
 	@Test
 	public void httpStatusRequestRejectedHandlerUsesStatus400byDefault() throws Exception {
-		//given:
+		// given:
 		HttpStatusRequestRejectedHandler sut = new HttpStatusRequestRejectedHandler();
 		HttpServletResponse response = mock(HttpServletResponse.class);
 
-		//when:
+		// when:
 		sut.handle(mock(HttpServletRequest.class), response, mock(RequestRejectedException.class));
 
 		// then:
@@ -48,14 +47,15 @@ public class HttpStatusRequestRejectedHandlerTests {
 
 	private void httpStatusRequestRejectedHandlerCanBeConfiguredToUseStatusHelper(int status) throws Exception {
 
-		//given:
+		// given:
 		HttpStatusRequestRejectedHandler sut = new HttpStatusRequestRejectedHandler(status);
 		HttpServletResponse response = mock(HttpServletResponse.class);
 
-		//when:
+		// when:
 		sut.handle(mock(HttpServletRequest.class), response, mock(RequestRejectedException.class));
 
 		// then:
 		verify(response).sendError(status);
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/firewall/RequestWrapperTests.java b/web/src/test/java/org/springframework/security/web/firewall/RequestWrapperTests.java
index e64e5821d3..93b411f2d7 100644
--- a/web/src/test/java/org/springframework/security/web/firewall/RequestWrapperTests.java
+++ b/web/src/test/java/org/springframework/security/web/firewall/RequestWrapperTests.java
@@ -33,6 +33,7 @@ import org.springframework.mock.web.MockHttpServletRequest;
  * @author Luke Taylor
  */
 public class RequestWrapperTests {
+
 	private static Map<String, String> testPaths = new LinkedHashMap<>();
 
 	@BeforeClass
@@ -115,4 +116,5 @@ public class RequestWrapperTests {
 		wrapper.reset();
 		assertThat(wrapper.getRequestDispatcher(path)).isSameAs(dispatcher);
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/firewall/StrictHttpFirewallTests.java b/web/src/test/java/org/springframework/security/web/firewall/StrictHttpFirewallTests.java
index 68dbddf589..f18e9bdd00 100644
--- a/web/src/test/java/org/springframework/security/web/firewall/StrictHttpFirewallTests.java
+++ b/web/src/test/java/org/springframework/security/web/firewall/StrictHttpFirewallTests.java
@@ -34,9 +34,9 @@ import org.springframework.mock.web.MockHttpServletRequest;
  * @author Eddú Meléndez
  */
 public class StrictHttpFirewallTests {
-	public String[] unnormalizedPaths = { "/..", "/./path/", "/path/path/.", "/path/path//.", "./path/../path//.",
-		"./path", ".//path", ".", "//path", "//path/path", "//path//path", "/path//path" };
 
+	public String[] unnormalizedPaths = { "/..", "/./path/", "/path/path/.", "/path/path//.", "./path/../path//.",
+			"./path", ".//path", ".", "//path", "//path/path", "//path//path", "/path//path" };
 
 	private StrictHttpFirewall firewall = new StrictHttpFirewall();
 
@@ -78,8 +78,7 @@ public class StrictHttpFirewallTests {
 		List<String> allowedMethods = Arrays.asList("DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT");
 		for (String allowedMethod : allowedMethods) {
 			this.request = new MockHttpServletRequest(allowedMethod, "");
-			assertThatCode(() -> this.firewall.getFirewalledRequest(this.request))
-					.doesNotThrowAnyException();
+			assertThatCode(() -> this.firewall.getFirewalledRequest(this.request)).doesNotThrowAnyException();
 		}
 	}
 
@@ -87,8 +86,7 @@ public class StrictHttpFirewallTests {
 	public void getFirewalledRequestWhenInvalidMethodAndAnyMethodThenNoException() {
 		this.firewall.setUnsafeAllowAnyHttpMethod(true);
 		this.request.setMethod("INVALID");
-		assertThatCode(() -> this.firewall.getFirewalledRequest(this.request))
-				.doesNotThrowAnyException();
+		assertThatCode(() -> this.firewall.getFirewalledRequest(this.request)).doesNotThrowAnyException();
 	}
 
 	@Test
@@ -99,7 +97,8 @@ public class StrictHttpFirewallTests {
 			try {
 				this.firewall.getFirewalledRequest(this.request);
 				fail(path + " is un-normalized");
-			} catch (RequestRejectedException expected) {
+			}
+			catch (RequestRejectedException expected) {
 			}
 		}
 	}
@@ -112,7 +111,8 @@ public class StrictHttpFirewallTests {
 			try {
 				this.firewall.getFirewalledRequest(this.request);
 				fail(path + " is un-normalized");
-			} catch (RequestRejectedException expected) {
+			}
+			catch (RequestRejectedException expected) {
 			}
 		}
 	}
@@ -125,7 +125,8 @@ public class StrictHttpFirewallTests {
 			try {
 				this.firewall.getFirewalledRequest(this.request);
 				fail(path + " is un-normalized");
-			} catch (RequestRejectedException expected) {
+			}
+			catch (RequestRejectedException expected) {
 			}
 		}
 	}
@@ -138,7 +139,8 @@ public class StrictHttpFirewallTests {
 			try {
 				this.firewall.getFirewalledRequest(this.request);
 				fail(path + " is un-normalized");
-			} catch (RequestRejectedException expected) {
+			}
+			catch (RequestRejectedException expected) {
 			}
 		}
 	}
@@ -394,10 +396,9 @@ public class StrictHttpFirewallTests {
 	// --- from DefaultHttpFirewallTests ---
 
 	/**
-	 * On WebSphere 8.5 a URL like /context-root/a/b;%2f1/c can bypass a rule on
-	 * /a/b/c because the pathInfo is /a/b;/1/c which ends up being /a/b/1/c
-	 * while Spring MVC will strip the ; content from requestURI before the path
-	 * is URL decoded.
+	 * On WebSphere 8.5 a URL like /context-root/a/b;%2f1/c can bypass a rule on /a/b/c
+	 * because the pathInfo is /a/b;/1/c which ends up being /a/b/1/c while Spring MVC
+	 * will strip the ; content from requestURI before the path is URL decoded.
 	 */
 	@Test(expected = RequestRejectedException.class)
 	public void getFirewalledRequestWhenLowercaseEncodedPathThenException() {
@@ -738,4 +739,5 @@ public class StrictHttpFirewallTests {
 		HttpServletRequest request = this.firewall.getFirewalledRequest(this.request);
 		request.getParameterValues("bad name");
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/header/HeaderWriterFilterTests.java b/web/src/test/java/org/springframework/security/web/header/HeaderWriterFilterTests.java
index b7f478f518..3344e04175 100644
--- a/web/src/test/java/org/springframework/security/web/header/HeaderWriterFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/HeaderWriterFilterTests.java
@@ -47,6 +47,7 @@ import static org.mockito.Mockito.verifyZeroInteractions;
  */
 @RunWith(MockitoJUnitRunner.class)
 public class HeaderWriterFilterTests {
+
 	@Mock
 	private HeaderWriter writer1;
 
@@ -80,17 +81,17 @@ public class HeaderWriterFilterTests {
 
 		verify(this.writer1).writeHeaders(request, response);
 		verify(this.writer2).writeHeaders(request, response);
-		HeaderWriterFilter.HeaderWriterRequest wrappedRequest = (HeaderWriterFilter.HeaderWriterRequest)
-			filterChain.getRequest();
-		assertThat(wrappedRequest.getRequest()).isEqualTo(request);	// verify the filterChain
+		HeaderWriterFilter.HeaderWriterRequest wrappedRequest = (HeaderWriterFilter.HeaderWriterRequest) filterChain
+				.getRequest();
+		assertThat(wrappedRequest.getRequest()).isEqualTo(request); // verify the
+																	// filterChain
 																	// continued
 	}
 
 	// gh-2953
 	@Test
 	public void headersDelayed() throws Exception {
-		HeaderWriterFilter filter = new HeaderWriterFilter(
-				Arrays.<HeaderWriter>asList(this.writer1));
+		HeaderWriterFilter filter = new HeaderWriterFilter(Arrays.<HeaderWriter>asList(this.writer1));
 
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
@@ -100,8 +101,8 @@ public class HeaderWriterFilterTests {
 
 			response1.flushBuffer();
 
-			verify(HeaderWriterFilterTests.this.writer1).writeHeaders(
-					any(HttpServletRequest.class), any(HttpServletResponse.class));
+			verify(HeaderWriterFilterTests.this.writer1).writeHeaders(any(HttpServletRequest.class),
+					any(HttpServletResponse.class));
 		});
 
 		verifyNoMoreInteractions(this.writer1);
@@ -110,8 +111,7 @@ public class HeaderWriterFilterTests {
 	// gh-5499
 	@Test
 	public void doFilterWhenRequestContainsIncludeThenHeadersStillWritten() throws Exception {
-		HeaderWriterFilter filter = new HeaderWriterFilter(
-				Collections.singletonList(this.writer1));
+		HeaderWriterFilter filter = new HeaderWriterFilter(Collections.singletonList(this.writer1));
 
 		MockHttpServletRequest mockRequest = new MockHttpServletRequest();
 		MockHttpServletResponse mockResponse = new MockHttpServletResponse();
@@ -121,8 +121,8 @@ public class HeaderWriterFilterTests {
 
 			request.getRequestDispatcher("/").include(request, response);
 
-			verify(HeaderWriterFilterTests.this.writer1).writeHeaders(
-					any(HttpServletRequest.class), any(HttpServletResponse.class));
+			verify(HeaderWriterFilterTests.this.writer1).writeHeaders(any(HttpServletRequest.class),
+					any(HttpServletResponse.class));
 		});
 
 		verifyNoMoreInteractions(this.writer1);
@@ -130,16 +130,16 @@ public class HeaderWriterFilterTests {
 
 	@Test
 	public void headersWrittenAtBeginningOfRequest() throws Exception {
-		HeaderWriterFilter filter = new HeaderWriterFilter(
-				Collections.singletonList(this.writer1));
+		HeaderWriterFilter filter = new HeaderWriterFilter(Collections.singletonList(this.writer1));
 		filter.setShouldWriteHeadersEagerly(true);
 
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
 
-		filter.doFilter(request, response, (request1, response1) -> verify(HeaderWriterFilterTests.this.writer1).writeHeaders(
-				any(HttpServletRequest.class), any(HttpServletResponse.class)));
+		filter.doFilter(request, response, (request1, response1) -> verify(HeaderWriterFilterTests.this.writer1)
+				.writeHeaders(any(HttpServletRequest.class), any(HttpServletResponse.class)));
 
 		verifyNoMoreInteractions(this.writer1);
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/CacheControlHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/CacheControlHeadersWriterTests.java
index 2368424417..2da78cbcca 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/CacheControlHeadersWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/CacheControlHeadersWriterTests.java
@@ -15,7 +15,6 @@
  */
 package org.springframework.security.web.header.writers;
 
-
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
@@ -55,12 +54,10 @@ public class CacheControlHeadersWriterTests {
 		this.writer.writeHeaders(this.request, this.response);
 
 		assertThat(this.response.getHeaderNames().size()).isEqualTo(3);
-		assertThat(this.response.getHeaderValues("Cache-Control")).containsOnly(
-				"no-cache, no-store, max-age=0, must-revalidate");
-		assertThat(this.response.getHeaderValues("Pragma"))
-				.containsOnly("no-cache");
-		assertThat(this.response.getHeaderValues("Expires"))
-				.containsOnly("0");
+		assertThat(this.response.getHeaderValues("Cache-Control"))
+				.containsOnly("no-cache, no-store, max-age=0, must-revalidate");
+		assertThat(this.response.getHeaderValues("Pragma")).containsOnly("no-cache");
+		assertThat(this.response.getHeaderValues("Expires")).containsOnly("0");
 	}
 
 	// gh-2953
@@ -71,8 +68,7 @@ public class CacheControlHeadersWriterTests {
 		this.writer.writeHeaders(this.request, this.response);
 
 		assertThat(this.response.getHeaderNames()).hasSize(1);
-		assertThat(this.response.getHeaderValues("Cache-Control"))
-				.containsOnly("max-age: 123");
+		assertThat(this.response.getHeaderValues("Cache-Control")).containsOnly("max-age: 123");
 		assertThat(this.response.getHeaderValue("Pragma")).isNull();
 		assertThat(this.response.getHeaderValue("Expires")).isNull();
 	}
@@ -110,4 +106,5 @@ public class CacheControlHeadersWriterTests {
 
 		assertThat(this.response.getHeaderNames()).isEmpty();
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/ClearSiteDataHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/ClearSiteDataHeaderWriterTests.java
index e1d6f2b003..91baa9a62b 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/ClearSiteDataHeaderWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/ClearSiteDataHeaderWriterTests.java
@@ -31,16 +31,16 @@ import static org.springframework.security.web.header.writers.ClearSiteDataHeade
 import static org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter.Directive.STORAGE;
 
 /**
- *
  * @author Rafiullah Hamedy
  * @author Josh Cummings
- *
  * @see {@link ClearSiteDataHeaderWriter}
  */
 public class ClearSiteDataHeaderWriterTests {
+
 	private static final String HEADER_NAME = "Clear-Site-Data";
 
 	private MockHttpServletRequest request;
+
 	private MockHttpServletResponse response;
 
 	@Rule
@@ -80,11 +80,12 @@ public class ClearSiteDataHeaderWriterTests {
 
 	@Test
 	public void writeHeaderWhenRequestIsSecureThenHeaderValueMatchesPassedSources() {
-		ClearSiteDataHeaderWriter headerWriter =
-				new ClearSiteDataHeaderWriter(CACHE, COOKIES, STORAGE, EXECUTION_CONTEXTS);
+		ClearSiteDataHeaderWriter headerWriter = new ClearSiteDataHeaderWriter(CACHE, COOKIES, STORAGE,
+				EXECUTION_CONTEXTS);
 		headerWriter.writeHeaders(this.request, this.response);
 
 		assertThat(this.response.getHeader(HEADER_NAME))
 				.isEqualTo("\"cache\", \"cookies\", \"storage\", \"executionContexts\"");
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/CompositeHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/CompositeHeaderWriterTests.java
index 2b9e370788..755fcaa642 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/CompositeHeaderWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/CompositeHeaderWriterTests.java
@@ -42,8 +42,7 @@ public class CompositeHeaderWriterTests {
 		HeaderWriter one = mock(HeaderWriter.class);
 		HeaderWriter two = mock(HeaderWriter.class);
 
-		CompositeHeaderWriter headerWriter = new CompositeHeaderWriter(
-				Arrays.asList(one, two));
+		CompositeHeaderWriter headerWriter = new CompositeHeaderWriter(Arrays.asList(one, two));
 
 		headerWriter.writeHeaders(request, response);
 		verify(one).writeHeaders(request, response);
@@ -55,4 +54,5 @@ public class CompositeHeaderWriterTests {
 		assertThatCode(() -> new CompositeHeaderWriter(Collections.emptyList()))
 				.isInstanceOf(IllegalArgumentException.class);
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/ContentSecurityPolicyHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/ContentSecurityPolicyHeaderWriterTests.java
index 2f3c7914e8..d1e05ecd9e 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/ContentSecurityPolicyHeaderWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/ContentSecurityPolicyHeaderWriterTests.java
@@ -27,13 +27,18 @@ import static org.assertj.core.api.Assertions.assertThat;
  * @author Ankur Pathak
  */
 public class ContentSecurityPolicyHeaderWriterTests {
-	private static final String DEFAULT_POLICY_DIRECTIVES = "default-src 'self'";
-	private MockHttpServletRequest request;
-	private MockHttpServletResponse response;
-	private ContentSecurityPolicyHeaderWriter writer;
-	private static final String CONTENT_SECURITY_POLICY_HEADER = "Content-Security-Policy";
-	private static final String CONTENT_SECURITY_POLICY_REPORT_ONLY_HEADER = "Content-Security-Policy-Report-Only";
 
+	private static final String DEFAULT_POLICY_DIRECTIVES = "default-src 'self'";
+
+	private MockHttpServletRequest request;
+
+	private MockHttpServletResponse response;
+
+	private ContentSecurityPolicyHeaderWriter writer;
+
+	private static final String CONTENT_SECURITY_POLICY_HEADER = "Content-Security-Policy";
+
+	private static final String CONTENT_SECURITY_POLICY_REPORT_ONLY_HEADER = "Content-Security-Policy-Report-Only";
 
 	@Before
 	public void setup() {
@@ -62,9 +67,8 @@ public class ContentSecurityPolicyHeaderWriterTests {
 
 	@Test
 	public void writeHeadersContentSecurityPolicyCustom() {
-		String policyDirectives = "default-src 'self'; " +
-				"object-src plugins1.example.com plugins2.example.com; " +
-				"script-src trustedscripts.example.com";
+		String policyDirectives = "default-src 'self'; " + "object-src plugins1.example.com plugins2.example.com; "
+				+ "script-src trustedscripts.example.com";
 
 		writer = new ContentSecurityPolicyHeaderWriter(policyDirectives);
 		writer.writeHeaders(request, response);
@@ -110,7 +114,6 @@ public class ContentSecurityPolicyHeaderWriterTests {
 		writer = new ContentSecurityPolicyHeaderWriter(null);
 	}
 
-
 	@Test
 	public void writeContentSecurityPolicyHeaderWhenNotPresent() {
 		String value = new String("value");
@@ -127,4 +130,5 @@ public class ContentSecurityPolicyHeaderWriterTests {
 		this.writer.writeHeaders(this.request, this.response);
 		assertThat(this.response.getHeader(CONTENT_SECURITY_POLICY_REPORT_ONLY_HEADER)).isSameAs(value);
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/DelegatingRequestMatcherHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/DelegatingRequestMatcherHeaderWriterTests.java
index 8947a549ac..c19caab1bb 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/DelegatingRequestMatcherHeaderWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/DelegatingRequestMatcherHeaderWriterTests.java
@@ -35,6 +35,7 @@ import org.springframework.security.web.util.matcher.RequestMatcher;
  */
 @RunWith(MockitoJUnitRunner.class)
 public class DelegatingRequestMatcherHeaderWriterTests {
+
 	@Mock
 	private RequestMatcher matcher;
 
@@ -81,4 +82,5 @@ public class DelegatingRequestMatcherHeaderWriterTests {
 
 		verify(delegate, times(0)).writeHeaders(request, response);
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/FeaturePolicyHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/FeaturePolicyHeaderWriterTests.java
index d0f776f569..9639c5f0a9 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/FeaturePolicyHeaderWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/FeaturePolicyHeaderWriterTests.java
@@ -55,26 +55,23 @@ public class FeaturePolicyHeaderWriterTests {
 		writer.writeHeaders(this.request, this.response);
 
 		assertThat(this.response.getHeaderNames()).hasSize(1);
-		assertThat(this.response.getHeader("Feature-Policy"))
-				.isEqualTo(DEFAULT_POLICY_DIRECTIVES);
+		assertThat(this.response.getHeader("Feature-Policy")).isEqualTo(DEFAULT_POLICY_DIRECTIVES);
 	}
 
 	@Test
 	public void createWriterWithNullDirectivesShouldThrowException() {
-		assertThatThrownBy(() -> new FeaturePolicyHeaderWriter(null))
-				.isInstanceOf(IllegalArgumentException.class)
+		assertThatThrownBy(() -> new FeaturePolicyHeaderWriter(null)).isInstanceOf(IllegalArgumentException.class)
 				.hasMessage("policyDirectives must not be null or empty");
 	}
 
 	@Test
 	public void createWriterWithEmptyDirectivesShouldThrowException() {
-		assertThatThrownBy(() -> new FeaturePolicyHeaderWriter(""))
-				.isInstanceOf(IllegalArgumentException.class)
+		assertThatThrownBy(() -> new FeaturePolicyHeaderWriter("")).isInstanceOf(IllegalArgumentException.class)
 				.hasMessage("policyDirectives must not be null or empty");
 	}
 
 	@Test
-	public void writeHeaderOnlyIfNotPresent(){
+	public void writeHeaderOnlyIfNotPresent() {
 		String value = new String("value");
 		this.response.setHeader(FEATURE_POLICY_HEADER, value);
 		this.writer.writeHeaders(this.request, this.response);
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/HpkpHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/HpkpHeaderWriterTests.java
index a3b55b6f32..9e0e1a75b5 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/HpkpHeaderWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/HpkpHeaderWriterTests.java
@@ -37,14 +37,14 @@ import static org.assertj.core.api.Assertions.assertThat;
 public class HpkpHeaderWriterTests {
 
 	private static final Map<String, String> DEFAULT_PINS;
-	static
-	{
+	static {
 		Map<String, String> defaultPins = new LinkedHashMap<>();
 		defaultPins.put("d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=", "sha256");
 		DEFAULT_PINS = Collections.unmodifiableMap(defaultPins);
 	}
 
 	private MockHttpServletRequest request;
+
 	private MockHttpServletResponse response;
 
 	private HpkpHeaderWriter writer;
@@ -73,8 +73,8 @@ public class HpkpHeaderWriterTests {
 		writer.writeHeaders(request, response);
 
 		assertThat(response.getHeaderNames()).hasSize(1);
-		assertThat(response.getHeader("Public-Key-Pins-Report-Only")).isEqualTo(
-				"max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\"");
+		assertThat(response.getHeader("Public-Key-Pins-Report-Only"))
+				.isEqualTo("max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\"");
 	}
 
 	@Test
@@ -85,8 +85,8 @@ public class HpkpHeaderWriterTests {
 		writer.writeHeaders(request, response);
 
 		assertThat(response.getHeaderNames()).hasSize(1);
-		assertThat(response.getHeader("Public-Key-Pins-Report-Only")).isEqualTo(
-				"max-age=2592000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\"");
+		assertThat(response.getHeader("Public-Key-Pins-Report-Only"))
+				.isEqualTo("max-age=2592000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\"");
 	}
 
 	@Test
@@ -100,6 +100,7 @@ public class HpkpHeaderWriterTests {
 		assertThat(response.getHeader("Public-Key-Pins-Report-Only")).isEqualTo(
 				"max-age=2592000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\" ; includeSubDomains");
 	}
+
 	@Test
 	public void allArgsCustomConstructorWriteHeaders() {
 		writer = new HpkpHeaderWriter(2592000, true, false);
@@ -119,8 +120,8 @@ public class HpkpHeaderWriterTests {
 		writer.writeHeaders(request, response);
 
 		assertThat(response.getHeaderNames()).hasSize(1);
-		assertThat(response.getHeader("Public-Key-Pins-Report-Only")).isEqualTo(
-				"max-age=2592000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\"");
+		assertThat(response.getHeader("Public-Key-Pins-Report-Only"))
+				.isEqualTo("max-age=2592000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\"");
 	}
 
 	@Test
@@ -141,8 +142,8 @@ public class HpkpHeaderWriterTests {
 		writer.writeHeaders(request, response);
 
 		assertThat(response.getHeaderNames()).hasSize(1);
-		assertThat(response.getHeader("Public-Key-Pins")).isEqualTo(
-				"max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\"");
+		assertThat(response.getHeader("Public-Key-Pins"))
+				.isEqualTo("max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\"");
 	}
 
 	@Test
@@ -171,7 +172,8 @@ public class HpkpHeaderWriterTests {
 
 	@Test
 	public void writeHeadersAddSha256Pins() {
-		writer.addSha256Pins("d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=", "E9CZ9INDbd+2eRQozYqqbQ2yXLVKB9+xcprMF+44U1g=");
+		writer.addSha256Pins("d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=",
+				"E9CZ9INDbd+2eRQozYqqbQ2yXLVKB9+xcprMF+44U1g=");
 		writer.writeHeaders(request, response);
 
 		assertThat(response.getHeaderNames()).hasSize(1);
@@ -220,4 +222,5 @@ public class HpkpHeaderWriterTests {
 		this.writer.writeHeaders(this.request, this.response);
 		assertThat(this.response.getHeader(HPKP_RO_HEADER_NAME)).isSameAs(value);
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/HstsHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/HstsHeaderWriterTests.java
index ed4c60cf34..d762e8d46e 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/HstsHeaderWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/HstsHeaderWriterTests.java
@@ -30,7 +30,9 @@ import static org.assertj.core.api.Assertions.assertThat;
  *
  */
 public class HstsHeaderWriterTests {
+
 	private MockHttpServletRequest request;
+
 	private MockHttpServletResponse response;
 
 	private HstsHeaderWriter writer;
@@ -54,8 +56,7 @@ public class HstsHeaderWriterTests {
 		writer.writeHeaders(request, response);
 
 		assertThat(response.getHeaderNames()).hasSize(1);
-		assertThat(response.getHeader("Strict-Transport-Security")).isEqualTo(
-				"max-age=15768000");
+		assertThat(response.getHeader("Strict-Transport-Security")).isEqualTo("max-age=15768000");
 	}
 
 	@Test
@@ -66,8 +67,7 @@ public class HstsHeaderWriterTests {
 		writer.writeHeaders(request, response);
 
 		assertThat(response.getHeaderNames()).hasSize(1);
-		assertThat(response.getHeader("Strict-Transport-Security")).isEqualTo(
-				"max-age=15768000");
+		assertThat(response.getHeader("Strict-Transport-Security")).isEqualTo("max-age=15768000");
 	}
 
 	@Test
@@ -77,8 +77,7 @@ public class HstsHeaderWriterTests {
 		writer.writeHeaders(request, response);
 
 		assertThat(response.getHeaderNames()).hasSize(1);
-		assertThat(response.getHeader("Strict-Transport-Security")).isEqualTo(
-				"max-age=15768000 ; includeSubDomains");
+		assertThat(response.getHeader("Strict-Transport-Security")).isEqualTo("max-age=15768000 ; includeSubDomains");
 	}
 
 	@Test
@@ -88,8 +87,7 @@ public class HstsHeaderWriterTests {
 		writer.writeHeaders(request, response);
 
 		assertThat(response.getHeaderNames()).hasSize(1);
-		assertThat(response.getHeader("Strict-Transport-Security")).isEqualTo(
-				"max-age=31536000");
+		assertThat(response.getHeader("Strict-Transport-Security")).isEqualTo("max-age=31536000");
 	}
 
 	@Test
@@ -97,8 +95,7 @@ public class HstsHeaderWriterTests {
 		writer.writeHeaders(request, response);
 
 		assertThat(response.getHeaderNames()).hasSize(1);
-		assertThat(response.getHeader("Strict-Transport-Security")).isEqualTo(
-				"max-age=31536000 ; includeSubDomains");
+		assertThat(response.getHeader("Strict-Transport-Security")).isEqualTo("max-age=31536000 ; includeSubDomains");
 	}
 
 	@Test
@@ -108,8 +105,7 @@ public class HstsHeaderWriterTests {
 		writer.writeHeaders(request, response);
 
 		assertThat(response.getHeaderNames()).hasSize(1);
-		assertThat(response.getHeader("Strict-Transport-Security")).isEqualTo(
-				"max-age=31536000");
+		assertThat(response.getHeader("Strict-Transport-Security")).isEqualTo("max-age=31536000");
 	}
 
 	@Test
@@ -119,8 +115,7 @@ public class HstsHeaderWriterTests {
 		writer.writeHeaders(request, response);
 
 		assertThat(response.getHeaderNames()).hasSize(1);
-		assertThat(response.getHeader("Strict-Transport-Security")).isEqualTo(
-				"max-age=1 ; includeSubDomains");
+		assertThat(response.getHeader("Strict-Transport-Security")).isEqualTo("max-age=1 ; includeSubDomains");
 	}
 
 	@Test
@@ -140,8 +135,7 @@ public class HstsHeaderWriterTests {
 		writer.writeHeaders(request, response);
 
 		assertThat(response.getHeaderNames()).hasSize(1);
-		assertThat(response.getHeader("Strict-Transport-Security")).isEqualTo(
-				"max-age=31536000 ; includeSubDomains");
+		assertThat(response.getHeader("Strict-Transport-Security")).isEqualTo("max-age=31536000 ; includeSubDomains");
 	}
 
 	@Test(expected = IllegalArgumentException.class)
@@ -161,4 +155,5 @@ public class HstsHeaderWriterTests {
 		this.writer.writeHeaders(this.request, this.response);
 		assertThat(this.response.getHeader(HSTS_HEADER_NAME)).isSameAs(value);
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/ReferrerPolicyHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/ReferrerPolicyHeaderWriterTests.java
index c3e7fe169c..ebd51183fe 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/ReferrerPolicyHeaderWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/ReferrerPolicyHeaderWriterTests.java
@@ -31,8 +31,11 @@ import static org.springframework.security.web.header.writers.ReferrerPolicyHead
 public class ReferrerPolicyHeaderWriterTests {
 
 	private final String DEFAULT_REFERRER_POLICY = "no-referrer";
+
 	private MockHttpServletRequest request;
+
 	private MockHttpServletResponse response;
+
 	private ReferrerPolicyHeaderWriter writer;
 
 	private static final String REFERRER_POLICY_HEADER = "Referrer-Policy";
@@ -75,4 +78,5 @@ public class ReferrerPolicyHeaderWriterTests {
 		this.writer.writeHeaders(this.request, this.response);
 		assertThat(this.response.getHeader(REFERRER_POLICY_HEADER)).isSameAs(value);
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/StaticHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/StaticHeaderWriterTests.java
index bcd6e78a1b..eeb8c1ba9a 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/StaticHeaderWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/StaticHeaderWriterTests.java
@@ -36,7 +36,9 @@ import static org.assertj.core.api.Assertions.assertThat;
  * @since 3.2
  */
 public class StaticHeaderWriterTests {
+
 	private MockHttpServletRequest request;
+
 	private MockHttpServletResponse response;
 
 	@Before
@@ -52,7 +54,7 @@ public class StaticHeaderWriterTests {
 
 	@Test(expected = IllegalArgumentException.class)
 	public void constructorEmptyHeaders() {
-		new StaticHeadersWriter(Collections.<Header> emptyList());
+		new StaticHeadersWriter(Collections.<Header>emptyList());
 	}
 
 	@Test(expected = IllegalArgumentException.class)
@@ -77,25 +79,20 @@ public class StaticHeaderWriterTests {
 		StaticHeadersWriter factory = new StaticHeadersWriter(headerName, headerValue);
 
 		factory.writeHeaders(request, response);
-		assertThat(response.getHeaderValues(headerName)).isEqualTo(
-				Arrays.asList(headerValue));
+		assertThat(response.getHeaderValues(headerName)).isEqualTo(Arrays.asList(headerValue));
 	}
 
 	@Test
 	public void writeHeadersMulti() {
 		Header pragma = new Header("Pragma", "no-cache");
-		Header cacheControl = new Header("Cache-Control", "no-cache", "no-store",
-				"must-revalidate");
-		StaticHeadersWriter factory = new StaticHeadersWriter(Arrays.asList(pragma,
-				cacheControl));
+		Header cacheControl = new Header("Cache-Control", "no-cache", "no-store", "must-revalidate");
+		StaticHeadersWriter factory = new StaticHeadersWriter(Arrays.asList(pragma, cacheControl));
 
 		factory.writeHeaders(request, response);
 
 		assertThat(response.getHeaderNames()).hasSize(2);
-		assertThat(response.getHeaderValues(pragma.getName())).isEqualTo(
-				pragma.getValues());
-		assertThat(response.getHeaderValues(cacheControl.getName())).isEqualTo(
-				cacheControl.getValues());
+		assertThat(response.getHeaderValues(pragma.getName())).isEqualTo(pragma.getValues());
+		assertThat(response.getHeaderValues(cacheControl.getName())).isEqualTo(cacheControl.getValues());
 	}
 
 	@Test
@@ -105,10 +102,8 @@ public class StaticHeaderWriterTests {
 		this.response.setHeader("Pragma", pragmaValue);
 		this.response.setHeader("Cache-Control", cacheControlValue);
 		Header pragma = new Header("Pragma", "no-cache");
-		Header cacheControl = new Header("Cache-Control", "no-cache", "no-store",
-				"must-revalidate");
-		StaticHeadersWriter factory = new StaticHeadersWriter(Arrays.asList(pragma,
-				cacheControl));
+		Header cacheControl = new Header("Cache-Control", "no-cache", "no-store", "must-revalidate");
+		StaticHeadersWriter factory = new StaticHeadersWriter(Arrays.asList(pragma, cacheControl));
 		factory.writeHeaders(this.request, this.response);
 
 		assertThat(this.response.getHeaderNames()).hasSize(2);
@@ -116,4 +111,5 @@ public class StaticHeaderWriterTests {
 		assertThat(this.response.getHeader("Cache-Control")).isSameAs(cacheControlValue);
 
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/XContentTypeOptionsHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/XContentTypeOptionsHeaderWriterTests.java
index e4b9556f78..8f58af1cd7 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/XContentTypeOptionsHeaderWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/XContentTypeOptionsHeaderWriterTests.java
@@ -46,7 +46,7 @@ public class XContentTypeOptionsHeaderWriterTests {
 		writer.writeHeaders(request, response);
 
 		assertThat(response.getHeaderNames()).hasSize(1);
-		assertThat(response.getHeaderValues("X-Content-Type-Options")).containsExactly(
-				"nosniff");
+		assertThat(response.getHeaderValues("X-Content-Type-Options")).containsExactly("nosniff");
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/XXssProtectionHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/XXssProtectionHeaderWriterTests.java
index 72774a6d4b..98ba297a54 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/XXssProtectionHeaderWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/XXssProtectionHeaderWriterTests.java
@@ -99,4 +99,5 @@ public class XXssProtectionHeaderWriterTests {
 		this.writer.writeHeaders(this.request, this.response);
 		assertThat(this.response.getHeader(XSS_PROTECTION_HEADER)).isSameAs(value);
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/AbstractRequestParameterAllowFromStrategyTests.java b/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/AbstractRequestParameterAllowFromStrategyTests.java
index 39f1be4795..38c73ba6b1 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/AbstractRequestParameterAllowFromStrategyTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/AbstractRequestParameterAllowFromStrategyTests.java
@@ -27,6 +27,7 @@ import org.springframework.security.web.header.writers.frameoptions.AbstractRequ
  *
  */
 public class AbstractRequestParameterAllowFromStrategyTests {
+
 	private MockHttpServletRequest request;
 
 	@Before
@@ -36,8 +37,7 @@ public class AbstractRequestParameterAllowFromStrategyTests {
 
 	@Test
 	public void nullAllowFromParameterValue() {
-		RequestParameterAllowFromStrategyStub strategy = new RequestParameterAllowFromStrategyStub(
-				true);
+		RequestParameterAllowFromStrategyStub strategy = new RequestParameterAllowFromStrategyStub(true);
 
 		assertThat(strategy.getAllowFromValue(request)).isEqualTo("DENY");
 	}
@@ -45,8 +45,7 @@ public class AbstractRequestParameterAllowFromStrategyTests {
 	@Test
 	public void emptyAllowFromParameterValue() {
 		request.setParameter("x-frames-allow-from", "");
-		RequestParameterAllowFromStrategyStub strategy = new RequestParameterAllowFromStrategyStub(
-				true);
+		RequestParameterAllowFromStrategyStub strategy = new RequestParameterAllowFromStrategyStub(true);
 
 		assertThat(strategy.getAllowFromValue(request)).isEqualTo("DENY");
 	}
@@ -55,8 +54,7 @@ public class AbstractRequestParameterAllowFromStrategyTests {
 	public void emptyAllowFromCustomParameterValue() {
 		String customParam = "custom";
 		request.setParameter(customParam, "");
-		RequestParameterAllowFromStrategyStub strategy = new RequestParameterAllowFromStrategyStub(
-				true);
+		RequestParameterAllowFromStrategyStub strategy = new RequestParameterAllowFromStrategyStub(true);
 		strategy.setAllowFromParameterName(customParam);
 
 		assertThat(strategy.getAllowFromValue(request)).isEqualTo("DENY");
@@ -66,8 +64,7 @@ public class AbstractRequestParameterAllowFromStrategyTests {
 	public void allowFromParameterValueAllowed() {
 		String value = "https://example.com";
 		request.setParameter("x-frames-allow-from", value);
-		RequestParameterAllowFromStrategyStub strategy = new RequestParameterAllowFromStrategyStub(
-				true);
+		RequestParameterAllowFromStrategyStub strategy = new RequestParameterAllowFromStrategyStub(true);
 
 		assertThat(strategy.getAllowFromValue(request)).isEqualTo(value);
 	}
@@ -76,14 +73,13 @@ public class AbstractRequestParameterAllowFromStrategyTests {
 	public void allowFromParameterValueDenied() {
 		String value = "https://example.com";
 		request.setParameter("x-frames-allow-from", value);
-		RequestParameterAllowFromStrategyStub strategy = new RequestParameterAllowFromStrategyStub(
-				false);
+		RequestParameterAllowFromStrategyStub strategy = new RequestParameterAllowFromStrategyStub(false);
 
 		assertThat(strategy.getAllowFromValue(request)).isEqualTo("DENY");
 	}
 
-	private static class RequestParameterAllowFromStrategyStub extends
-			AbstractRequestParameterAllowFromStrategy {
+	private static class RequestParameterAllowFromStrategyStub extends AbstractRequestParameterAllowFromStrategy {
+
 		private boolean match;
 
 		RequestParameterAllowFromStrategyStub(boolean match) {
@@ -94,5 +90,7 @@ public class AbstractRequestParameterAllowFromStrategyTests {
 		protected boolean allowed(String allowFromOrigin) {
 			return match;
 		}
+
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/FrameOptionsHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/FrameOptionsHeaderWriterTests.java
index cb895f8085..879a18c8e6 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/FrameOptionsHeaderWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/FrameOptionsHeaderWriterTests.java
@@ -35,6 +35,7 @@ import org.springframework.security.web.header.writers.frameoptions.XFrameOption
  */
 @RunWith(MockitoJUnitRunner.class)
 public class FrameOptionsHeaderWriterTests {
+
 	@Mock
 	private AllowFromStrategy strategy;
 
@@ -94,8 +95,7 @@ public class FrameOptionsHeaderWriterTests {
 		writer.writeHeaders(request, response);
 
 		assertThat(response.getHeaderNames()).hasSize(1);
-		assertThat(response.getHeader(XFrameOptionsHeaderWriter.XFRAME_OPTIONS_HEADER))
-				.isEqualTo("DENY");
+		assertThat(response.getHeader(XFrameOptionsHeaderWriter.XFRAME_OPTIONS_HEADER)).isEqualTo("DENY");
 	}
 
 	@Test
@@ -105,8 +105,7 @@ public class FrameOptionsHeaderWriterTests {
 		writer.writeHeaders(request, response);
 
 		assertThat(response.getHeaderNames()).hasSize(1);
-		assertThat(response.getHeader(XFrameOptionsHeaderWriter.XFRAME_OPTIONS_HEADER))
-				.isEqualTo("SAMEORIGIN");
+		assertThat(response.getHeader(XFrameOptionsHeaderWriter.XFRAME_OPTIONS_HEADER)).isEqualTo("SAMEORIGIN");
 	}
 
 	@Test
@@ -118,7 +117,7 @@ public class FrameOptionsHeaderWriterTests {
 		writer.writeHeaders(request, response);
 
 		assertThat(response.getHeaderNames()).hasSize(1);
-		assertThat(response.getHeader(XFrameOptionsHeaderWriter.XFRAME_OPTIONS_HEADER))
-				.isEqualTo("DENY");
+		assertThat(response.getHeader(XFrameOptionsHeaderWriter.XFRAME_OPTIONS_HEADER)).isEqualTo("DENY");
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/RegExpAllowFromStrategyTests.java b/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/RegExpAllowFromStrategyTests.java
index 4967e4afa0..39a7d76241 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/RegExpAllowFromStrategyTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/RegExpAllowFromStrategyTests.java
@@ -23,7 +23,6 @@ import org.junit.Test;
 import org.springframework.mock.web.MockHttpServletRequest;
 
 /**
- *
  * @author Marten Deinum
  */
 public class RegExpAllowFromStrategyTests {
@@ -40,8 +39,7 @@ public class RegExpAllowFromStrategyTests {
 
 	@Test
 	public void subdomainMatchingRegularExpression() {
-		RegExpAllowFromStrategy strategy = new RegExpAllowFromStrategy(
-				"^https://([a-z0-9]*?\\.)test\\.com");
+		RegExpAllowFromStrategy strategy = new RegExpAllowFromStrategy("^https://([a-z0-9]*?\\.)test\\.com");
 		strategy.setAllowFromParameterName("from");
 		MockHttpServletRequest request = new MockHttpServletRequest();
 
@@ -60,10 +58,10 @@ public class RegExpAllowFromStrategyTests {
 
 	@Test
 	public void noParameterShouldDeny() {
-		RegExpAllowFromStrategy strategy = new RegExpAllowFromStrategy(
-				"^https://([a-z0-9]*?\\.)test\\.com");
+		RegExpAllowFromStrategy strategy = new RegExpAllowFromStrategy("^https://([a-z0-9]*?\\.)test\\.com");
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		String result1 = strategy.getAllowFromValue(request);
 		assertThat(result1).isEqualTo("DENY");
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/StaticAllowFromStrategyTests.java b/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/StaticAllowFromStrategyTests.java
index 7d38c3b36f..1602246a77 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/StaticAllowFromStrategyTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/StaticAllowFromStrategyTests.java
@@ -37,4 +37,5 @@ public class StaticAllowFromStrategyTests {
 		StaticAllowFromStrategy strategy = new StaticAllowFromStrategy(URI.create(uri));
 		assertThat(strategy.getAllowFromValue(new MockHttpServletRequest())).isEqualTo(uri);
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/XFrameOptionsHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/XFrameOptionsHeaderWriterTests.java
index 748ae861a3..9c8eb1e38d 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/XFrameOptionsHeaderWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/XFrameOptionsHeaderWriterTests.java
@@ -32,7 +32,9 @@ import static org.assertj.core.api.Assertions.assertThat;
  * @since 5.0
  */
 public class XFrameOptionsHeaderWriterTests {
+
 	private MockHttpServletRequest request = new MockHttpServletRequest();
+
 	private MockHttpServletResponse response = new MockHttpServletResponse();
 
 	private static final String XFRAME_OPTIONS_HEADER = "X-Frame-Options";
@@ -42,7 +44,6 @@ public class XFrameOptionsHeaderWriterTests {
 		WhiteListedAllowFromStrategy whitelist = new WhiteListedAllowFromStrategy(Arrays.asList("example.com"));
 		XFrameOptionsHeaderWriter writer = new XFrameOptionsHeaderWriter(whitelist);
 
-
 		writer.writeHeaders(this.request, this.response);
 
 		assertThat(this.response.getHeaderValue(XFrameOptionsHeaderWriter.XFRAME_OPTIONS_HEADER)).isEqualTo("DENY");
@@ -50,11 +51,13 @@ public class XFrameOptionsHeaderWriterTests {
 
 	@Test
 	public void writeHeaderWhenNotPresent() {
-		WhiteListedAllowFromStrategy whitelist = new WhiteListedAllowFromStrategy(Collections.singletonList("example.com"));
+		WhiteListedAllowFromStrategy whitelist = new WhiteListedAllowFromStrategy(
+				Collections.singletonList("example.com"));
 		XFrameOptionsHeaderWriter writer = new XFrameOptionsHeaderWriter(whitelist);
 		String value = new String("value");
 		this.response.setHeader(XFRAME_OPTIONS_HEADER, value);
 		writer.writeHeaders(this.request, this.response);
 		assertThat(this.response.getHeader(XFRAME_OPTIONS_HEADER)).isSameAs(value);
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/jaasapi/JaasApiIntegrationFilterTests.java b/web/src/test/java/org/springframework/security/web/jaasapi/JaasApiIntegrationFilterTests.java
index e56a4a1fc4..6f1572445a 100644
--- a/web/src/test/java/org/springframework/security/web/jaasapi/JaasApiIntegrationFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/jaasapi/JaasApiIntegrationFilterTests.java
@@ -92,15 +92,13 @@ public class JaasApiIntegrationFilterTests {
 					((NameCallback) callback).setName("user");
 				}
 				else if (callback instanceof PasswordCallback) {
-					((PasswordCallback) callback).setPassword(
-							"password".toCharArray());
+					((PasswordCallback) callback).setPassword("password".toCharArray());
 				}
 				else if (callback instanceof TextInputCallback) {
 					// ignore
 				}
 				else {
-					throw new UnsupportedCallbackException(callback,
-							"Unrecognized Callback " + callback);
+					throw new UnsupportedCallbackException(callback, "Unrecognized Callback " + callback);
 				}
 			}
 		};
@@ -110,16 +108,15 @@ public class JaasApiIntegrationFilterTests {
 			}
 
 			public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
-				return new AppConfigurationEntry[] { new AppConfigurationEntry(
-						TestLoginModule.class.getName(), LoginModuleControlFlag.REQUIRED,
-						new HashMap<>()) };
+				return new AppConfigurationEntry[] { new AppConfigurationEntry(TestLoginModule.class.getName(),
+						LoginModuleControlFlag.REQUIRED, new HashMap<>()) };
 			}
 		};
-		LoginContext ctx = new LoginContext("SubjectDoAsFilterTest", authenticatedSubject,
-				callbackHandler, testConfiguration);
+		LoginContext ctx = new LoginContext("SubjectDoAsFilterTest", authenticatedSubject, callbackHandler,
+				testConfiguration);
 		ctx.login();
-		token = new JaasAuthenticationToken("username", "password",
-				AuthorityUtils.createAuthorityList("ROLE_ADMIN"), ctx);
+		token = new JaasAuthenticationToken("username", "password", AuthorityUtils.createAuthorityList("ROLE_ADMIN"),
+				ctx);
 
 		// just in case someone forgot to clear the context
 		SecurityContextHolder.clearContext();
@@ -153,19 +150,16 @@ public class JaasApiIntegrationFilterTests {
 
 	@Test
 	public void obtainSubjectNullLoginContext() {
-		token = new JaasAuthenticationToken("un", "pwd",
-				AuthorityUtils.createAuthorityList("ROLE_ADMIN"), null);
+		token = new JaasAuthenticationToken("un", "pwd", AuthorityUtils.createAuthorityList("ROLE_ADMIN"), null);
 		SecurityContextHolder.getContext().setAuthentication(token);
 		assertNullSubject(filter.obtainSubject(request));
 	}
 
 	@Test
 	public void obtainSubjectNullSubject() throws Exception {
-		LoginContext ctx = new LoginContext("obtainSubjectNullSubject", null,
-				callbackHandler, testConfiguration);
+		LoginContext ctx = new LoginContext("obtainSubjectNullSubject", null, callbackHandler, testConfiguration);
 		assertThat(ctx.getSubject()).isNull();
-		token = new JaasAuthenticationToken("un", "pwd",
-				AuthorityUtils.createAuthorityList("ROLE_ADMIN"), ctx);
+		token = new JaasAuthenticationToken("un", "pwd", AuthorityUtils.createAuthorityList("ROLE_ADMIN"), ctx);
 		SecurityContextHolder.getContext().setAuthentication(token);
 		assertNullSubject(filter.obtainSubject(request));
 	}
@@ -208,8 +202,7 @@ public class JaasApiIntegrationFilterTests {
 			public void doFilter(ServletRequest request, ServletResponse response)
 					throws IOException, ServletException {
 				// See if the subject was updated
-				Subject currentSubject = Subject.getSubject(
-						AccessController.getContext());
+				Subject currentSubject = Subject.getSubject(AccessController.getContext());
 				assertThat(currentSubject).isEqualTo(expectedValue);
 
 				// run so we know the chain was executed
@@ -222,7 +215,7 @@ public class JaasApiIntegrationFilterTests {
 	}
 
 	private void assertNullSubject(Subject subject) {
-		assertThat(subject).withFailMessage(
-				"Subject is expected to be null, but is not. Got " + subject).isNull();
+		assertThat(subject).withFailMessage("Subject is expected to be null, but is not. Got " + subject).isNull();
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/jackson2/AbstractMixinTests.java b/web/src/test/java/org/springframework/security/web/jackson2/AbstractMixinTests.java
index 2781b31ee0..97f6a63711 100644
--- a/web/src/test/java/org/springframework/security/web/jackson2/AbstractMixinTests.java
+++ b/web/src/test/java/org/springframework/security/web/jackson2/AbstractMixinTests.java
@@ -35,4 +35,5 @@ public abstract class AbstractMixinTests {
 		ClassLoader loader = getClass().getClassLoader();
 		mapper.registerModules(SecurityJackson2Modules.getModules(loader));
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/jackson2/CookieMixinTests.java b/web/src/test/java/org/springframework/security/web/jackson2/CookieMixinTests.java
index 0deb4518cf..61556153c2 100644
--- a/web/src/test/java/org/springframework/security/web/jackson2/CookieMixinTests.java
+++ b/web/src/test/java/org/springframework/security/web/jackson2/CookieMixinTests.java
@@ -63,4 +63,5 @@ public class CookieMixinTests extends AbstractMixinTests {
 		assertThat(cookie.getDomain()).isEqualTo("");
 		assertThat(cookie.isHttpOnly()).isEqualTo(false);
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/jackson2/DefaultCsrfTokenMixinTests.java b/web/src/test/java/org/springframework/security/web/jackson2/DefaultCsrfTokenMixinTests.java
index 58f15889ed..fdb0e76e6b 100644
--- a/web/src/test/java/org/springframework/security/web/jackson2/DefaultCsrfTokenMixinTests.java
+++ b/web/src/test/java/org/springframework/security/web/jackson2/DefaultCsrfTokenMixinTests.java
@@ -70,4 +70,5 @@ public class DefaultCsrfTokenMixinTests extends AbstractMixinTests {
 		String tokenJson = "{\"@class\": \"org.springframework.security.web.csrf.DefaultCsrfToken\", \"headerName\": \"\", \"parameterName\": null, \"token\": \"1\"}";
 		mapper.readValue(tokenJson, DefaultCsrfToken.class);
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/jackson2/DefaultSavedRequestMixinTests.java b/web/src/test/java/org/springframework/security/web/jackson2/DefaultSavedRequestMixinTests.java
index e4d1d26824..cbf4605e49 100644
--- a/web/src/test/java/org/springframework/security/web/jackson2/DefaultSavedRequestMixinTests.java
+++ b/web/src/test/java/org/springframework/security/web/jackson2/DefaultSavedRequestMixinTests.java
@@ -41,7 +41,6 @@ import static org.assertj.core.api.Assertions.assertThat;
  */
 public class DefaultSavedRequestMixinTests extends AbstractMixinTests {
 
-
 	// @formatter:off
 	private static final String COOKIES_JSON = "[\"java.util.ArrayList\", [{"
 		+ "\"@class\": \"org.springframework.security.web.savedrequest.SavedCookie\", "
@@ -80,8 +79,8 @@ public class DefaultSavedRequestMixinTests extends AbstractMixinTests {
 	public void matchRequestBuildWithConstructorAndBuilder() {
 		DefaultSavedRequest request = new DefaultSavedRequest.Builder()
 				.setCookies(Collections.singletonList(new SavedCookie(new Cookie("SESSION", "123456789"))))
-				.setHeaders(Collections.singletonMap("x-auth-token", Collections.singletonList("12")))
-				.setScheme("http").setRequestURL("http://localhost").setServerName("localhost").setRequestURI("")
+				.setHeaders(Collections.singletonMap("x-auth-token", Collections.singletonList("12"))).setScheme("http")
+				.setRequestURL("http://localhost").setServerName("localhost").setRequestURI("")
 				.setLocales(Collections.singletonList(new Locale("en"))).setContextPath("").setMethod("")
 				.setServletPath("").build();
 		MockHttpServletRequest mockRequest = new MockHttpServletRequest();
@@ -95,14 +94,16 @@ public class DefaultSavedRequestMixinTests extends AbstractMixinTests {
 	public void serializeDefaultRequestBuildWithConstructorTest() throws IOException, JSONException {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.addHeader("x-auth-token", "12");
-		// Spring 5 MockHttpServletRequest automatically adds a header when the cookies are set. To get consistency we override the request.
+		// Spring 5 MockHttpServletRequest automatically adds a header when the cookies
+		// are set. To get consistency we override the request.
 		HttpServletRequest requestToWrite = new HttpServletRequestWrapper(request) {
 			@Override
 			public Cookie[] getCookies() {
 				return new Cookie[] { new Cookie("SESSION", "123456789") };
 			}
 		};
-		String actualString = mapper.writerWithDefaultPrettyPrinter().writeValueAsString(new DefaultSavedRequest(requestToWrite, new PortResolverImpl()));
+		String actualString = mapper.writerWithDefaultPrettyPrinter()
+				.writeValueAsString(new DefaultSavedRequest(requestToWrite, new PortResolverImpl()));
 		JSONAssert.assertEquals(REQUEST_JSON, actualString, true);
 	}
 
@@ -110,8 +111,8 @@ public class DefaultSavedRequestMixinTests extends AbstractMixinTests {
 	public void serializeDefaultRequestBuildWithBuilderTest() throws IOException, JSONException {
 		DefaultSavedRequest request = new DefaultSavedRequest.Builder()
 				.setCookies(Collections.singletonList(new SavedCookie(new Cookie("SESSION", "123456789"))))
-				.setHeaders(Collections.singletonMap("x-auth-token", Collections.singletonList("12")))
-				.setScheme("http").setRequestURL("http://localhost").setServerName("localhost").setRequestURI("")
+				.setHeaders(Collections.singletonMap("x-auth-token", Collections.singletonList("12"))).setScheme("http")
+				.setRequestURL("http://localhost").setServerName("localhost").setRequestURI("")
 				.setLocales(Collections.singletonList(new Locale("en"))).setContextPath("").setMethod("")
 				.setServletPath("").build();
 		String actualString = mapper.writerWithDefaultPrettyPrinter().writeValueAsString(request);
@@ -127,4 +128,5 @@ public class DefaultSavedRequestMixinTests extends AbstractMixinTests {
 		assertThat(request.getHeaderNames()).hasSize(1).contains("x-auth-token");
 		assertThat(request.getHeaderValues("x-auth-token")).hasSize(1).contains("12");
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/jackson2/PreAuthenticatedAuthenticationTokenMixinTests.java b/web/src/test/java/org/springframework/security/web/jackson2/PreAuthenticatedAuthenticationTokenMixinTests.java
index 8fc0702d53..26f3bb9e4b 100644
--- a/web/src/test/java/org/springframework/security/web/jackson2/PreAuthenticatedAuthenticationTokenMixinTests.java
+++ b/web/src/test/java/org/springframework/security/web/jackson2/PreAuthenticatedAuthenticationTokenMixinTests.java
@@ -33,6 +33,7 @@ import com.fasterxml.jackson.core.JsonProcessingException;
  * @since 4.2
  */
 public class PreAuthenticatedAuthenticationTokenMixinTests extends AbstractMixinTests {
+
 	// @formatter:off
 	private static final String PREAUTH_JSON = "{"
 		+ "\"@class\": \"org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken\","
@@ -48,21 +49,24 @@ public class PreAuthenticatedAuthenticationTokenMixinTests extends AbstractMixin
 
 	@Before
 	public void setupExpected() {
-		expected = new PreAuthenticatedAuthenticationToken("principal", "credentials", AuthorityUtils.createAuthorityList("ROLE_USER"));
+		expected = new PreAuthenticatedAuthenticationToken("principal", "credentials",
+				AuthorityUtils.createAuthorityList("ROLE_USER"));
 	}
 
 	@Test
-	public void serializeWhenPrincipalCredentialsAuthoritiesThenSuccess() throws JsonProcessingException, JSONException {
+	public void serializeWhenPrincipalCredentialsAuthoritiesThenSuccess()
+			throws JsonProcessingException, JSONException {
 		String serializedJson = mapper.writeValueAsString(expected);
 		JSONAssert.assertEquals(PREAUTH_JSON, serializedJson, true);
 	}
 
 	@Test
-	public void deserializeAuthenticatedUsernamePasswordAuthenticationTokenMixinTest() throws Exception{
-		PreAuthenticatedAuthenticationToken deserialized = mapper
-				.readValue(PREAUTH_JSON, PreAuthenticatedAuthenticationToken.class);
+	public void deserializeAuthenticatedUsernamePasswordAuthenticationTokenMixinTest() throws Exception {
+		PreAuthenticatedAuthenticationToken deserialized = mapper.readValue(PREAUTH_JSON,
+				PreAuthenticatedAuthenticationToken.class);
 		assertThat(deserialized).isNotNull();
 		assertThat(deserialized.isAuthenticated()).isTrue();
 		assertThat(deserialized.getAuthorities()).isEqualTo(expected.getAuthorities());
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/jackson2/SavedCookieMixinTests.java b/web/src/test/java/org/springframework/security/web/jackson2/SavedCookieMixinTests.java
index d9abcb6484..c6d2b8bcd8 100644
--- a/web/src/test/java/org/springframework/security/web/jackson2/SavedCookieMixinTests.java
+++ b/web/src/test/java/org/springframework/security/web/jackson2/SavedCookieMixinTests.java
@@ -37,6 +37,7 @@ import static org.assertj.core.api.Assertions.assertThat;
  * @author Jitendra Singh.
  */
 public class SavedCookieMixinTests extends AbstractMixinTests {
+
 	// @formatter:off
 	private static final String COOKIE_JSON = "{"
 		+ "\"@class\": \"org.springframework.security.web.savedrequest.SavedCookie\", "
@@ -100,4 +101,5 @@ public class SavedCookieMixinTests extends AbstractMixinTests {
 		assertThat(savedCookie.getVersion()).isZero();
 		assertThat(savedCookie.getComment()).isNull();
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/jackson2/WebAuthenticationDetailsMixinTests.java b/web/src/test/java/org/springframework/security/web/jackson2/WebAuthenticationDetailsMixinTests.java
index 405efd642c..35848f3c2c 100644
--- a/web/src/test/java/org/springframework/security/web/jackson2/WebAuthenticationDetailsMixinTests.java
+++ b/web/src/test/java/org/springframework/security/web/jackson2/WebAuthenticationDetailsMixinTests.java
@@ -45,8 +45,7 @@ public class WebAuthenticationDetailsMixinTests extends AbstractMixinTests {
 	// @formatter:on
 
 	@Test
-	public void buildWebAuthenticationDetailsUsingDifferentConstructors()
-			throws IOException {
+	public void buildWebAuthenticationDetailsUsingDifferentConstructors() throws IOException {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setRemoteAddr("localhost");
 		request.setSession(new MockHttpSession(null, "1"));
@@ -59,8 +58,7 @@ public class WebAuthenticationDetailsMixinTests extends AbstractMixinTests {
 	}
 
 	@Test
-	public void webAuthenticationDetailsSerializeTest()
-			throws JsonProcessingException, JSONException {
+	public void webAuthenticationDetailsSerializeTest() throws JsonProcessingException, JSONException {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setRemoteAddr("/localhost");
 		request.setSession(new MockHttpSession(null, "1"));
@@ -70,12 +68,12 @@ public class WebAuthenticationDetailsMixinTests extends AbstractMixinTests {
 	}
 
 	@Test
-	public void webAuthenticationDetailsDeserializeTest()
-			throws IOException {
+	public void webAuthenticationDetailsDeserializeTest() throws IOException {
 		WebAuthenticationDetails details = mapper.readValue(AUTHENTICATION_DETAILS_JSON,
 				WebAuthenticationDetails.class);
 		assertThat(details).isNotNull();
 		assertThat(details.getRemoteAddress()).isEqualTo("/localhost");
 		assertThat(details.getSessionId()).isEqualTo("1");
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/method/ResolvableMethod.java b/web/src/test/java/org/springframework/security/web/method/ResolvableMethod.java
index f4cd55ef45..b0950c542e 100644
--- a/web/src/test/java/org/springframework/security/web/method/ResolvableMethod.java
+++ b/web/src/test/java/org/springframework/security/web/method/ResolvableMethod.java
@@ -61,20 +61,21 @@ import static java.util.stream.Collectors.joining;
  *
  * <h1>Background</h1>
  *
- * <p>When testing annotated methods we create test classes such as
- * "TestController" with a diverse range of method signatures representing
- * supported annotations and argument types. It becomes challenging to use
- * naming strategies to keep track of methods and arguments especially in
- * combination with variables for reflection metadata.
+ * <p>
+ * When testing annotated methods we create test classes such as "TestController" with a
+ * diverse range of method signatures representing supported annotations and argument
+ * types. It becomes challenging to use naming strategies to keep track of methods and
+ * arguments especially in combination with variables for reflection metadata.
  *
- * <p>The idea with {@link ResolvableMethod} is NOT to rely on naming techniques
- * but to use hints to zero in on method parameters. Such hints can be strongly
- * typed and explicit about what is being tested.
+ * <p>
+ * The idea with {@link ResolvableMethod} is NOT to rely on naming techniques but to use
+ * hints to zero in on method parameters. Such hints can be strongly typed and explicit
+ * about what is being tested.
  *
  * <h2>1. Declared Return Type</h2>
  *
- * When testing return types it's likely to have many methods with a unique
- * return type, possibly with or without an annotation.
+ * When testing return types it's likely to have many methods with a unique return type,
+ * possibly with or without an annotation.
  *
  * <pre>
  *
@@ -98,8 +99,8 @@ import static java.util.stream.Collectors.joining;
  *
  * <h2>2. Method Arguments</h2>
  *
- * When testing method arguments it's more likely to have one or a small number
- * of methods with a wide array of argument types and parameter annotations.
+ * When testing method arguments it's more likely to have one or a small number of methods
+ * with a wide array of argument types and parameter annotations.
  *
  * <pre>
  *
@@ -131,19 +132,15 @@ public class ResolvableMethod {
 
 	private static final SpringObjenesis objenesis = new SpringObjenesis();
 
-	private static final ParameterNameDiscoverer nameDiscoverer =
-		new LocalVariableTableParameterNameDiscoverer();
-
+	private static final ParameterNameDiscoverer nameDiscoverer = new LocalVariableTableParameterNameDiscoverer();
 
 	private final Method method;
 
-
 	private ResolvableMethod(Method method) {
 		Assert.notNull(method, "method is required");
 		this.method = method;
 	}
 
-
 	/**
 	 * Return the resolved method.
 	 */
@@ -186,8 +183,7 @@ public class ResolvableMethod {
 	}
 
 	/**
-	 * Filter on method arguments with annotation.
-	 * See {@link MvcAnnotationPredicates}.
+	 * Filter on method arguments with annotation. See {@link MvcAnnotationPredicates}.
 	 */
 	@SafeVarargs
 	public final ArgResolver annot(Predicate<MethodParameter>... filter) {
@@ -208,24 +204,21 @@ public class ResolvableMethod {
 		return new ArgResolver().annotNotPresent(annotationTypes);
 	}
 
-
 	@Override
 	public String toString() {
 		return "ResolvableMethod=" + formatMethod();
 	}
 
 	private String formatMethod() {
-		return this.method().getName() +
-			Arrays.stream(this.method.getParameters())
-				.map(this::formatParameter)
+		return this.method().getName() + Arrays.stream(this.method.getParameters()).map(this::formatParameter)
 				.collect(joining(",\n\t", "(\n\t", "\n)"));
 	}
 
 	private String formatParameter(Parameter param) {
 		Annotation[] annot = param.getAnnotations();
-		return annot.length > 0 ?
-			Arrays.stream(annot).map(this::formatAnnotation).collect(joining(",", "[", "]")) + " " + param :
-			param.toString();
+		return annot.length > 0
+				? Arrays.stream(annot).map(this::formatAnnotation).collect(joining(",", "[", "]")) + " " + param
+				: param.toString();
 	}
 
 	private String formatAnnotation(Annotation annotation) {
@@ -239,9 +232,8 @@ public class ResolvableMethod {
 	}
 
 	private static ResolvableType toResolvableType(Class<?> type, Class<?>... generics) {
-		return ObjectUtils.isEmpty(generics) ?
-			ResolvableType.forClass(type) :
-			ResolvableType.forClassWithGenerics(type, generics);
+		return ObjectUtils.isEmpty(generics) ? ResolvableType.forClass(type)
+				: ResolvableType.forClassWithGenerics(type, generics);
 	}
 
 	private static ResolvableType toResolvableType(Class<?> type, ResolvableType generic, ResolvableType... generics) {
@@ -251,7 +243,6 @@ public class ResolvableMethod {
 		return ResolvableType.forClassWithGenerics(type, genericTypes);
 	}
 
-
 	/**
 	 * Main entry point providing access to a {@code ResolvableMethod} builder.
 	 */
@@ -259,7 +250,6 @@ public class ResolvableMethod {
 		return new Builder<>(objectClass);
 	}
 
-
 	/**
 	 * Builder for {@code ResolvableMethod}.
 	 */
@@ -269,13 +259,11 @@ public class ResolvableMethod {
 
 		private final List<Predicate<Method>> filters = new ArrayList<>(4);
 
-
 		private Builder(Class<?> objectClass) {
 			Assert.notNull(objectClass, "Class must not be null");
 			this.objectClass = objectClass;
 		}
 
-
 		private void addFilter(String message, Predicate<Method> filter) {
 			this.filters.add(new LabeledPredicate<>(message, filter));
 		}
@@ -289,8 +277,7 @@ public class ResolvableMethod {
 		}
 
 		/**
-		 * Filter on annotated methods.
-		 * See {@link MvcAnnotationPredicates}.
+		 * Filter on annotated methods. See {@link MvcAnnotationPredicates}.
 		 */
 		@SafeVarargs
 		public final Builder<T> annot(Predicate<Method>... filters) {
@@ -306,9 +293,8 @@ public class ResolvableMethod {
 		@SafeVarargs
 		public final Builder<T> annotPresent(Class<? extends Annotation>... annotationTypes) {
 			String message = "annotationPresent=" + Arrays.toString(annotationTypes);
-			addFilter(message, method ->
-				Arrays.stream(annotationTypes).allMatch(annotType ->
-					AnnotatedElementUtils.findMergedAnnotation(method, annotType) != null));
+			addFilter(message, method -> Arrays.stream(annotationTypes)
+					.allMatch(annotType -> AnnotatedElementUtils.findMergedAnnotation(method, annotType) != null));
 			return this;
 		}
 
@@ -320,8 +306,8 @@ public class ResolvableMethod {
 			String message = "annotationNotPresent=" + Arrays.toString(annotationTypes);
 			addFilter(message, method -> {
 				if (annotationTypes.length != 0) {
-					return Arrays.stream(annotationTypes).noneMatch(annotType ->
-						AnnotatedElementUtils.findMergedAnnotation(method, annotType) != null);
+					return Arrays.stream(annotationTypes).noneMatch(
+							annotType -> AnnotatedElementUtils.findMergedAnnotation(method, annotType) != null);
 				}
 				else {
 					return method.getAnnotations().length == 0;
@@ -361,12 +347,12 @@ public class ResolvableMethod {
 		}
 
 		/**
-		 * Build a {@code ResolvableMethod} from the provided filters which must
-		 * resolve to a unique, single method.
-		 *
-		 * <p>See additional resolveXxx shortcut methods going directly to
-		 * {@link Method} or return type parameter.
+		 * Build a {@code ResolvableMethod} from the provided filters which must resolve
+		 * to a unique, single method.
 		 *
+		 * <p>
+		 * See additional resolveXxx shortcut methods going directly to {@link Method} or
+		 * return type parameter.
 		 * @throws IllegalStateException for no match or multiple matches
 		 */
 		public ResolvableMethod build() {
@@ -381,8 +367,8 @@ public class ResolvableMethod {
 		}
 
 		private String formatMethods(Set<Method> methods) {
-			return "\nMatched:\n" + methods.stream()
-				.map(Method::toGenericString).collect(joining(",\n\t", "[\n\t", "\n]"));
+			return "\nMatched:\n"
+					+ methods.stream().map(Method::toGenericString).collect(joining(",\n\t", "[\n\t", "\n]"));
 		}
 
 		public ResolvableMethod mockCall(Consumer<T> invoker) {
@@ -393,12 +379,12 @@ public class ResolvableMethod {
 			return new ResolvableMethod(method);
 		}
 
-
 		// Build & resolve shortcuts...
 
 		/**
 		 * Resolve and return the {@code Method} equivalent to:
-		 * <p>{@code build().method()}
+		 * <p>
+		 * {@code build().method()}
 		 */
 		public final Method resolveMethod() {
 			return build().method();
@@ -406,7 +392,8 @@ public class ResolvableMethod {
 
 		/**
 		 * Resolve and return the {@code Method} equivalent to:
-		 * <p>{@code named(methodName).build().method()}
+		 * <p>
+		 * {@code named(methodName).build().method()}
 		 */
 		public Method resolveMethod(String methodName) {
 			return named(methodName).build().method();
@@ -414,7 +401,8 @@ public class ResolvableMethod {
 
 		/**
 		 * Resolve and return the declared return type equivalent to:
-		 * <p>{@code build().returnType()}
+		 * <p>
+		 * {@code build().returnType()}
 		 */
 		public final MethodParameter resolveReturnType() {
 			return build().returnType();
@@ -422,7 +410,8 @@ public class ResolvableMethod {
 
 		/**
 		 * Shortcut to the unique return type equivalent to:
-		 * <p>{@code returning(returnType).build().returnType()}
+		 * <p>
+		 * {@code returning(returnType).build().returnType()}
 		 * @param returnType the return type
 		 * @param generics optional array of generic types
 		 */
@@ -432,13 +421,14 @@ public class ResolvableMethod {
 
 		/**
 		 * Shortcut to the unique return type equivalent to:
-		 * <p>{@code returning(returnType).build().returnType()}
+		 * <p>
+		 * {@code returning(returnType).build().returnType()}
 		 * @param returnType the return type
 		 * @param generic at least one generic type
 		 * @param generics optional extra generic types
 		 */
 		public MethodParameter resolveReturnType(Class<?> returnType, ResolvableType generic,
-												ResolvableType... generics) {
+				ResolvableType... generics) {
 
 			return returning(returnType, generic, generics).build().returnType();
 		}
@@ -447,18 +437,16 @@ public class ResolvableMethod {
 			return returning(returnType).build().returnType();
 		}
 
-
 		@Override
 		public String toString() {
-			return "ResolvableMethod.Builder[\n" +
-				"\tobjectClass = " + this.objectClass.getName() + ",\n" +
-				"\tfilters = " + formatFilters() + "\n]";
+			return "ResolvableMethod.Builder[\n" + "\tobjectClass = " + this.objectClass.getName() + ",\n"
+					+ "\tfilters = " + formatFilters() + "\n]";
 		}
 
 		private String formatFilters() {
-			return this.filters.stream().map(Object::toString)
-				.collect(joining(",\n\t\t", "[\n\t\t", "\n\t]"));
+			return this.filters.stream().map(Object::toString).collect(joining(",\n\t\t", "[\n\t\t", "\n\t]"));
 		}
+
 	}
 
 	/**
@@ -470,13 +458,11 @@ public class ResolvableMethod {
 
 		private final Predicate<T> delegate;
 
-
 		private LabeledPredicate(String label, Predicate<T> delegate) {
 			this.label = label;
 			this.delegate = delegate;
 		}
 
-
 		@Override
 		public boolean test(T method) {
 			return this.delegate.test(method);
@@ -501,6 +487,7 @@ public class ResolvableMethod {
 		public String toString() {
 			return this.label;
 		}
+
 	}
 
 	/**
@@ -510,15 +497,14 @@ public class ResolvableMethod {
 
 		private final List<Predicate<MethodParameter>> filters = new ArrayList<>(4);
 
-
 		@SafeVarargs
 		private ArgResolver(Predicate<MethodParameter>... filter) {
 			this.filters.addAll(Arrays.asList(filter));
 		}
 
 		/**
-		 * Filter on method arguments with annotations.
-		 * See {@link MvcAnnotationPredicates}.
+		 * Filter on method arguments with annotations. See
+		 * {@link MvcAnnotationPredicates}.
 		 */
 		@SafeVarargs
 		public final ArgResolver annot(Predicate<MethodParameter>... filters) {
@@ -544,10 +530,9 @@ public class ResolvableMethod {
 		 */
 		@SafeVarargs
 		public final ArgResolver annotNotPresent(Class<? extends Annotation>... annotationTypes) {
-			this.filters.add(param ->
-				(annotationTypes.length != 0) ?
-					Arrays.stream(annotationTypes).noneMatch(param::hasParameterAnnotation) :
-					param.getParameterAnnotations().length == 0);
+			this.filters.add(param -> (annotationTypes.length != 0)
+					? Arrays.stream(annotationTypes).noneMatch(param::hasParameterAnnotation)
+					: param.getParameterAnnotations().length == 0);
 			return this;
 		}
 
@@ -581,14 +566,12 @@ public class ResolvableMethod {
 		 */
 		public final MethodParameter arg() {
 			List<MethodParameter> matches = applyFilters();
-			Assert.state(!matches.isEmpty(), () ->
-				"No matching arg in method\n" + formatMethod());
-			Assert.state(matches.size() == 1, () ->
-				"Multiple matching args in method\n" + formatMethod() + "\nMatches:\n\t" + matches);
+			Assert.state(!matches.isEmpty(), () -> "No matching arg in method\n" + formatMethod());
+			Assert.state(matches.size() == 1,
+					() -> "Multiple matching args in method\n" + formatMethod() + "\nMatches:\n\t" + matches);
 			return matches.get(0);
 		}
 
-
 		private List<MethodParameter> applyFilters() {
 			List<MethodParameter> matches = new ArrayList<>();
 			for (int i = 0; i < method.getParameterCount(); i++) {
@@ -600,14 +583,14 @@ public class ResolvableMethod {
 			}
 			return matches;
 		}
+
 	}
 
 	private static class MethodInvocationInterceptor
-		implements org.springframework.cglib.proxy.MethodInterceptor, MethodInterceptor {
+			implements org.springframework.cglib.proxy.MethodInterceptor, MethodInterceptor {
 
 		private Method invokedMethod;
 
-
 		Method getInvokedMethod() {
 			return this.invokedMethod;
 		}
@@ -627,6 +610,7 @@ public class ResolvableMethod {
 		public Object invoke(org.aopalliance.intercept.MethodInvocation inv) {
 			return intercept(inv.getThis(), inv.getMethod(), inv.getArguments(), null);
 		}
+
 	}
 
 	@SuppressWarnings("unchecked")
@@ -643,7 +627,7 @@ public class ResolvableMethod {
 		else {
 			Enhancer enhancer = new Enhancer();
 			enhancer.setSuperclass(type);
-			enhancer.setInterfaces(new Class<?>[] {Supplier.class});
+			enhancer.setInterfaces(new Class<?>[] { Supplier.class });
 			enhancer.setNamingPolicy(SpringNamingPolicy.INSTANCE);
 			enhancer.setCallbackType(org.springframework.cglib.proxy.MethodInterceptor.class);
 
@@ -664,12 +648,13 @@ public class ResolvableMethod {
 					proxy = ReflectionUtils.accessibleConstructor(proxyClass).newInstance();
 				}
 				catch (Throwable ex) {
-					throw new IllegalStateException("Unable to instantiate proxy " +
-						"via both Objenesis and default constructor fails as well", ex);
+					throw new IllegalStateException(
+							"Unable to instantiate proxy " + "via both Objenesis and default constructor fails as well",
+							ex);
 				}
 			}
 
-			((Factory) proxy).setCallbacks(new Callback[] {interceptor});
+			((Factory) proxy).setCallbacks(new Callback[] { interceptor });
 			return (T) proxy;
 		}
 	}
diff --git a/web/src/test/java/org/springframework/security/web/method/annotation/AuthenticationPrincipalArgumentResolverTests.java b/web/src/test/java/org/springframework/security/web/method/annotation/AuthenticationPrincipalArgumentResolverTests.java
index d7be109aec..7dd4081807 100644
--- a/web/src/test/java/org/springframework/security/web/method/annotation/AuthenticationPrincipalArgumentResolverTests.java
+++ b/web/src/test/java/org/springframework/security/web/method/annotation/AuthenticationPrincipalArgumentResolverTests.java
@@ -40,7 +40,9 @@ import org.springframework.util.ReflectionUtils;
  *
  */
 public class AuthenticationPrincipalArgumentResolverTests {
+
 	private Object expectedPrincipal;
+
 	private AuthenticationPrincipalArgumentResolver resolver;
 
 	@Before
@@ -70,53 +72,45 @@ public class AuthenticationPrincipalArgumentResolverTests {
 
 	@Test
 	public void resolveArgumentNullAuthentication() throws Exception {
-		assertThat(resolver.resolveArgument(showUserAnnotationString(), null, null, null))
-				.isNull();
+		assertThat(resolver.resolveArgument(showUserAnnotationString(), null, null, null)).isNull();
 	}
 
 	@Test
 	public void resolveArgumentNullPrincipal() throws Exception {
 		setAuthenticationPrincipal(null);
-		assertThat(resolver.resolveArgument(showUserAnnotationString(), null, null, null))
-				.isNull();
+		assertThat(resolver.resolveArgument(showUserAnnotationString(), null, null, null)).isNull();
 	}
 
 	@Test
 	public void resolveArgumentString() throws Exception {
 		setAuthenticationPrincipal("john");
-		assertThat(resolver.resolveArgument(showUserAnnotationString(), null, null, null))
-				.isEqualTo(expectedPrincipal);
+		assertThat(resolver.resolveArgument(showUserAnnotationString(), null, null, null)).isEqualTo(expectedPrincipal);
 	}
 
 	@Test
 	public void resolveArgumentPrincipalStringOnObject() throws Exception {
 		setAuthenticationPrincipal("john");
-		assertThat(resolver.resolveArgument(showUserAnnotationObject(), null, null, null))
-				.isEqualTo(expectedPrincipal);
+		assertThat(resolver.resolveArgument(showUserAnnotationObject(), null, null, null)).isEqualTo(expectedPrincipal);
 	}
 
 	@Test
 	public void resolveArgumentUserDetails() throws Exception {
-		setAuthenticationPrincipal(new User("user", "password",
-				AuthorityUtils.createAuthorityList("ROLE_USER")));
-		assertThat(
-				resolver.resolveArgument(showUserAnnotationUserDetails(), null, null,
-						null)).isEqualTo(expectedPrincipal);
+		setAuthenticationPrincipal(new User("user", "password", AuthorityUtils.createAuthorityList("ROLE_USER")));
+		assertThat(resolver.resolveArgument(showUserAnnotationUserDetails(), null, null, null))
+				.isEqualTo(expectedPrincipal);
 	}
 
 	@Test
 	public void resolveArgumentCustomUserPrincipal() throws Exception {
 		setAuthenticationPrincipal(new CustomUserPrincipal());
-		assertThat(
-				resolver.resolveArgument(showUserAnnotationCustomUserPrincipal(), null,
-						null, null)).isEqualTo(expectedPrincipal);
+		assertThat(resolver.resolveArgument(showUserAnnotationCustomUserPrincipal(), null, null, null))
+				.isEqualTo(expectedPrincipal);
 	}
 
 	@Test
 	public void resolveArgumentCustomAnnotation() throws Exception {
 		setAuthenticationPrincipal(new CustomUserPrincipal());
-		assertThat(resolver.resolveArgument(showUserCustomAnnotation(), null, null, null))
-				.isEqualTo(expectedPrincipal);
+		assertThat(resolver.resolveArgument(showUserCustomAnnotation(), null, null, null)).isEqualTo(expectedPrincipal);
 	}
 
 	@Test
@@ -124,16 +118,14 @@ public class AuthenticationPrincipalArgumentResolverTests {
 		CustomUserPrincipal principal = new CustomUserPrincipal();
 		setAuthenticationPrincipal(principal);
 		this.expectedPrincipal = principal.property;
-		assertThat(this.resolver.resolveArgument(showUserSpel(), null, null, null))
-				.isEqualTo(this.expectedPrincipal);
+		assertThat(this.resolver.resolveArgument(showUserSpel(), null, null, null)).isEqualTo(this.expectedPrincipal);
 	}
 
 	@Test
 	public void resolveArgumentSpelCopy() throws Exception {
 		CopyUserPrincipal principal = new CopyUserPrincipal("property");
 		setAuthenticationPrincipal(principal);
-		Object resolveArgument = this.resolver.resolveArgument(showUserSpelCopy(), null,
-				null, null);
+		Object resolveArgument = this.resolver.resolveArgument(showUserSpelCopy(), null, null, null);
 		assertThat(resolveArgument).isEqualTo(principal);
 		assertThat(resolveArgument).isNotSameAs(principal);
 	}
@@ -141,8 +133,7 @@ public class AuthenticationPrincipalArgumentResolverTests {
 	@Test
 	public void resolveArgumentNullOnInvalidType() throws Exception {
 		setAuthenticationPrincipal(new CustomUserPrincipal());
-		assertThat(resolver.resolveArgument(showUserAnnotationString(), null, null, null))
-				.isNull();
+		assertThat(resolver.resolveArgument(showUserAnnotationString(), null, null, null)).isNull();
 	}
 
 	@Test(expected = ClassCastException.class)
@@ -154,15 +145,13 @@ public class AuthenticationPrincipalArgumentResolverTests {
 	@Test(expected = ClassCastException.class)
 	public void resolveArgumentCustomserErrorOnInvalidType() throws Exception {
 		setAuthenticationPrincipal(new CustomUserPrincipal());
-		resolver.resolveArgument(showUserAnnotationCurrentUserErrorOnInvalidType(), null,
-				null, null);
+		resolver.resolveArgument(showUserAnnotationCurrentUserErrorOnInvalidType(), null, null, null);
 	}
 
 	@Test
 	public void resolveArgumentObject() throws Exception {
 		setAuthenticationPrincipal(new Object());
-		assertThat(resolver.resolveArgument(showUserAnnotationObject(), null, null, null))
-				.isEqualTo(expectedPrincipal);
+		assertThat(resolver.resolveArgument(showUserAnnotationObject(), null, null, null)).isEqualTo(expectedPrincipal);
 	}
 
 	private MethodParameter showUserNoAnnotation() {
@@ -178,8 +167,7 @@ public class AuthenticationPrincipalArgumentResolverTests {
 	}
 
 	private MethodParameter showUserAnnotationCurrentUserErrorOnInvalidType() {
-		return getMethodParameter("showUserAnnotationCurrentUserErrorOnInvalidType",
-				String.class);
+		return getMethodParameter("showUserAnnotationCurrentUserErrorOnInvalidType", String.class);
 	}
 
 	private MethodParameter showUserAnnotationUserDetails() {
@@ -207,8 +195,7 @@ public class AuthenticationPrincipalArgumentResolverTests {
 	}
 
 	private MethodParameter getMethodParameter(String methodName, Class<?>... paramTypes) {
-		Method method = ReflectionUtils.findMethod(TestController.class, methodName,
-				paramTypes);
+		Method method = ReflectionUtils.findMethod(TestController.class, methodName, paramTypes);
 		return new MethodParameter(method, 0);
 	}
 
@@ -216,15 +203,18 @@ public class AuthenticationPrincipalArgumentResolverTests {
 	@Retention(RetentionPolicy.RUNTIME)
 	@AuthenticationPrincipal
 	static @interface CurrentUser {
+
 	}
 
 	@Target({ ElementType.PARAMETER })
 	@Retention(RetentionPolicy.RUNTIME)
 	@AuthenticationPrincipal(errorOnInvalidType = true)
 	static @interface CurrentUserErrorOnInvalidType {
+
 	}
 
 	public static class TestController {
+
 		public void showUserNoAnnotation(String user) {
 		}
 
@@ -235,8 +225,7 @@ public class AuthenticationPrincipalArgumentResolverTests {
 				@AuthenticationPrincipal(errorOnInvalidType = true) String user) {
 		}
 
-		public void showUserAnnotationCurrentUserErrorOnInvalidType(
-				@CurrentUserErrorOnInvalidType String user) {
+		public void showUserAnnotationCurrentUserErrorOnInvalidType(@CurrentUserErrorOnInvalidType String user) {
 		}
 
 		public void showUserAnnotation(@AuthenticationPrincipal UserDetails user) {
@@ -251,20 +240,23 @@ public class AuthenticationPrincipalArgumentResolverTests {
 		public void showUserAnnotation(@AuthenticationPrincipal Object user) {
 		}
 
-		public void showUserSpel(
-				@AuthenticationPrincipal(expression = "property") String user) {
+		public void showUserSpel(@AuthenticationPrincipal(expression = "property") String user) {
 		}
 
-		public void showUserSpelCopy(
-				@AuthenticationPrincipal(expression = "new org.springframework.security.web.method.annotation.AuthenticationPrincipalArgumentResolverTests$CopyUserPrincipal(#this)") CopyUserPrincipal user) {
+		public void showUserSpelCopy(@AuthenticationPrincipal(
+				expression = "new org.springframework.security.web.method.annotation.AuthenticationPrincipalArgumentResolverTests$CopyUserPrincipal(#this)") CopyUserPrincipal user) {
 		}
+
 	}
 
 	static class CustomUserPrincipal {
+
 		public final String property = "property";
+
 	}
 
 	public static class CopyUserPrincipal {
+
 		public final String property;
 
 		public CopyUserPrincipal(String property) {
@@ -279,8 +271,7 @@ public class AuthenticationPrincipalArgumentResolverTests {
 		public int hashCode() {
 			final int prime = 31;
 			int result = 1;
-			result = prime * result
-					+ ((this.property == null) ? 0 : this.property.hashCode());
+			result = prime * result + ((this.property == null) ? 0 : this.property.hashCode());
 			return result;
 		}
 
@@ -306,13 +297,13 @@ public class AuthenticationPrincipalArgumentResolverTests {
 			}
 			return true;
 		}
+
 	}
 
 	private void setAuthenticationPrincipal(Object principal) {
 		this.expectedPrincipal = principal;
 		SecurityContextHolder.getContext()
-				.setAuthentication(
-						new TestingAuthenticationToken(expectedPrincipal, "password",
-								"ROLE_USER"));
+				.setAuthentication(new TestingAuthenticationToken(expectedPrincipal, "password", "ROLE_USER"));
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/method/annotation/CsrfTokenArgumentResolverTests.java b/web/src/test/java/org/springframework/security/web/method/annotation/CsrfTokenArgumentResolverTests.java
index 96a3441718..fdcf9794c0 100644
--- a/web/src/test/java/org/springframework/security/web/method/annotation/CsrfTokenArgumentResolverTests.java
+++ b/web/src/test/java/org/springframework/security/web/method/annotation/CsrfTokenArgumentResolverTests.java
@@ -35,18 +35,20 @@ import org.springframework.web.context.request.ServletWebRequest;
 import org.springframework.web.method.support.ModelAndViewContainer;
 
 /**
- *
  * @author Rob Winch
  *
  */
 @RunWith(MockitoJUnitRunner.class)
 public class CsrfTokenArgumentResolverTests {
+
 	@Mock
 	private ModelAndViewContainer mavContainer;
+
 	@Mock
 	private WebDataBinderFactory binderFactory;
 
 	private MockHttpServletRequest request;
+
 	private NativeWebRequest webRequest;
 
 	private CsrfToken token;
@@ -73,18 +75,14 @@ public class CsrfTokenArgumentResolverTests {
 
 	@Test
 	public void resolveArgumentNotFound() throws Exception {
-		assertThat(
-				resolver.resolveArgument(token(), mavContainer, webRequest, binderFactory))
-				.isNull();
+		assertThat(resolver.resolveArgument(token(), mavContainer, webRequest, binderFactory)).isNull();
 	}
 
 	@Test
 	public void resolveArgumentFound() throws Exception {
 		request.setAttribute(CsrfToken.class.getName(), token);
 
-		assertThat(
-				resolver.resolveArgument(token(), mavContainer, webRequest, binderFactory))
-				.isSameAs(token);
+		assertThat(resolver.resolveArgument(token(), mavContainer, webRequest, binderFactory)).isSameAs(token);
 	}
 
 	private MethodParameter noToken() {
@@ -96,17 +94,18 @@ public class CsrfTokenArgumentResolverTests {
 	}
 
 	private MethodParameter getMethodParameter(String methodName, Class<?>... paramTypes) {
-		Method method = ReflectionUtils.findMethod(TestController.class, methodName,
-				paramTypes);
+		Method method = ReflectionUtils.findMethod(TestController.class, methodName, paramTypes);
 		return new MethodParameter(method, 0);
 	}
 
 	public static class TestController {
+
 		public void noToken(String user) {
 		}
 
 		public void token(CsrfToken token) {
 		}
+
 	}
 
 }
diff --git a/web/src/test/java/org/springframework/security/web/method/annotation/CurrentSecurityContextArgumentResolverTests.java b/web/src/test/java/org/springframework/security/web/method/annotation/CurrentSecurityContextArgumentResolverTests.java
index 84dc2b2ce1..b4877f11d5 100644
--- a/web/src/test/java/org/springframework/security/web/method/annotation/CurrentSecurityContextArgumentResolverTests.java
+++ b/web/src/test/java/org/springframework/security/web/method/annotation/CurrentSecurityContextArgumentResolverTests.java
@@ -45,6 +45,7 @@ import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
  *
  */
 public class CurrentSecurityContextArgumentResolverTests {
+
 	private CurrentSecurityContextArgumentResolver resolver;
 
 	@Before
@@ -71,8 +72,8 @@ public class CurrentSecurityContextArgumentResolverTests {
 	public void resolveArgumentWithCustomSecurityContext() {
 		String principal = "custom_security_context";
 		setAuthenticationPrincipalWithCustomSecurityContext(principal);
-		CustomSecurityContext customSecurityContext = (CustomSecurityContext)
-				this.resolver.resolveArgument(showAnnotationWithCustomSecurityContext(), null, null, null);
+		CustomSecurityContext customSecurityContext = (CustomSecurityContext) this.resolver
+				.resolveArgument(showAnnotationWithCustomSecurityContext(), null, null, null);
 		assertThat(customSecurityContext.getAuthentication().getPrincipal()).isEqualTo(principal);
 	}
 
@@ -80,8 +81,8 @@ public class CurrentSecurityContextArgumentResolverTests {
 	public void resolveArgumentWithCustomSecurityContextTypeMatch() {
 		String principal = "custom_security_context_type_match";
 		setAuthenticationPrincipalWithCustomSecurityContext(principal);
-		CustomSecurityContext customSecurityContext = (CustomSecurityContext)
-				this.resolver.resolveArgument(showAnnotationWithCustomSecurityContext(), null, null, null);
+		CustomSecurityContext customSecurityContext = (CustomSecurityContext) this.resolver
+				.resolveArgument(showAnnotationWithCustomSecurityContext(), null, null, null);
 		assertThat(customSecurityContext.getAuthentication().getPrincipal()).isEqualTo(principal);
 	}
 
@@ -99,8 +100,8 @@ public class CurrentSecurityContextArgumentResolverTests {
 	public void resolveArgumentWithAuthentication() {
 		String principal = "john";
 		setAuthenticationPrincipal(principal);
-		Authentication auth1 = (Authentication)
-				this.resolver.resolveArgument(showSecurityContextAuthenticationAnnotation(), null, null, null);
+		Authentication auth1 = (Authentication) this.resolver
+				.resolveArgument(showSecurityContextAuthenticationAnnotation(), null, null, null);
 		assertThat(auth1.getPrincipal()).isEqualTo(principal);
 	}
 
@@ -109,8 +110,7 @@ public class CurrentSecurityContextArgumentResolverTests {
 		SecurityContext context = SecurityContextHolder.getContext();
 		Authentication authentication = context.getAuthentication();
 		context.setAuthentication(null);
-		assertThatExceptionOfType(SpelEvaluationException.class)
-		.isThrownBy(() -> {
+		assertThatExceptionOfType(SpelEvaluationException.class).isThrownBy(() -> {
 			this.resolver.resolveArgument(showSecurityContextAuthenticationWithPrincipal(), null, null, null);
 		});
 		context.setAuthentication(authentication);
@@ -121,8 +121,8 @@ public class CurrentSecurityContextArgumentResolverTests {
 		SecurityContext context = SecurityContextHolder.getContext();
 		Authentication authentication = context.getAuthentication();
 		context.setAuthentication(null);
-		Object principalResult =
-				this.resolver.resolveArgument(showSecurityContextAuthenticationWithOptionalPrincipal(), null, null, null);
+		Object principalResult = this.resolver.resolveArgument(showSecurityContextAuthenticationWithOptionalPrincipal(),
+				null, null, null);
 		assertThat(principalResult).isNull();
 		context.setAuthentication(authentication);
 	}
@@ -131,18 +131,16 @@ public class CurrentSecurityContextArgumentResolverTests {
 	public void resolveArgumentWithPrincipal() {
 		String principal = "smith";
 		setAuthenticationPrincipal(principal);
-		String principalResult = (String)
-				this.resolver.resolveArgument(showSecurityContextAuthenticationWithPrincipal(), null, null, null);
+		String principalResult = (String) this.resolver
+				.resolveArgument(showSecurityContextAuthenticationWithPrincipal(), null, null, null);
 		assertThat(principalResult).isEqualTo(principal);
 	}
 
 	@Test
 	public void resolveArgumentUserDetails() {
-		setAuthenticationDetail(new User("my_user", "my_password",
-				AuthorityUtils.createAuthorityList("ROLE_USER")));
+		setAuthenticationDetail(new User("my_user", "my_password", AuthorityUtils.createAuthorityList("ROLE_USER")));
 
-		User u = (User) this.resolver.resolveArgument(showSecurityContextWithUserDetail(), null, null,
-				null);
+		User u = (User) this.resolver.resolveArgument(showSecurityContextWithUserDetail(), null, null, null);
 		assertThat(u.getUsername()).isEqualTo("my_user");
 	}
 
@@ -166,22 +164,21 @@ public class CurrentSecurityContextArgumentResolverTests {
 	public void resolveArgumentSecurityContextErrorOnInvalidTypeTrue() {
 		String principal = "invalid_type_true";
 		setAuthenticationPrincipal(principal);
-		assertThatExceptionOfType(ClassCastException.class).isThrownBy(() ->
-				this.resolver.resolveArgument(showSecurityContextErrorOnInvalidTypeTrue(), null, null, null));
+		assertThatExceptionOfType(ClassCastException.class).isThrownBy(
+				() -> this.resolver.resolveArgument(showSecurityContextErrorOnInvalidTypeTrue(), null, null, null));
 	}
 
 	@Test
 	public void metaAnnotationWhenCurrentCustomSecurityContextThenInjectSecurityContext() {
-		assertThat(this.resolver.resolveArgument(showCurrentCustomSecurityContext(), null, null, null))
-				.isNotNull();
+		assertThat(this.resolver.resolveArgument(showCurrentCustomSecurityContext(), null, null, null)).isNotNull();
 	}
 
 	@Test
 	public void metaAnnotationWhenCurrentAuthenticationThenInjectAuthentication() {
 		String principal = "current_authentcation";
 		setAuthenticationPrincipal(principal);
-		Authentication auth1 = (Authentication)
-				this.resolver.resolveArgument(showCurrentAuthentication(), null, null, null);
+		Authentication auth1 = (Authentication) this.resolver.resolveArgument(showCurrentAuthentication(), null, null,
+				null);
 		assertThat(auth1.getPrincipal()).isEqualTo(principal);
 	}
 
@@ -193,8 +190,8 @@ public class CurrentSecurityContextArgumentResolverTests {
 
 	@Test
 	public void metaAnnotationWhenCurrentSecurityWithErrorOnInvalidTypeThenMisMatch() {
-		assertThatExceptionOfType(ClassCastException.class).isThrownBy(() ->
-				this.resolver.resolveArgument(showCurrentSecurityWithErrorOnInvalidTypeMisMatch(), null, null, null));
+		assertThatExceptionOfType(ClassCastException.class).isThrownBy(() -> this.resolver
+				.resolveArgument(showCurrentSecurityWithErrorOnInvalidTypeMisMatch(), null, null, null));
 	}
 
 	private MethodParameter showSecurityContextNoAnnotation() {
@@ -258,12 +255,12 @@ public class CurrentSecurityContextArgumentResolverTests {
 	}
 
 	private MethodParameter getMethodParameter(String methodName, Class<?>... paramTypes) {
-		Method method = ReflectionUtils.findMethod(TestController.class, methodName,
-				paramTypes);
+		Method method = ReflectionUtils.findMethod(TestController.class, methodName, paramTypes);
 		return new MethodParameter(method, 0);
 	}
 
 	public static class TestController {
+
 		public void showSecurityContextNoAnnotation(String user) {
 		}
 
@@ -273,23 +270,27 @@ public class CurrentSecurityContextArgumentResolverTests {
 		public void showAnnotationWithCustomSecurityContext(@CurrentSecurityContext CustomSecurityContext context) {
 		}
 
-		public void showAnnotationWithCustomSecurityContextTypeMatch(@CurrentSecurityContext(errorOnInvalidType = true) SecurityContext context) {
+		public void showAnnotationWithCustomSecurityContextTypeMatch(
+				@CurrentSecurityContext(errorOnInvalidType = true) SecurityContext context) {
 		}
 
-		public void showSecurityContextAuthenticationAnnotation(@CurrentSecurityContext(expression = "authentication") Authentication authentication) {
+		public void showSecurityContextAuthenticationAnnotation(
+				@CurrentSecurityContext(expression = "authentication") Authentication authentication) {
 		}
 
-		public void showSecurityContextAuthenticationWithOptionalPrincipal(@CurrentSecurityContext(expression = "authentication?.principal") Object principal) {
+		public void showSecurityContextAuthenticationWithOptionalPrincipal(
+				@CurrentSecurityContext(expression = "authentication?.principal") Object principal) {
 		}
 
-		public void showSecurityContextAuthenticationWithPrincipal(@CurrentSecurityContext(expression = "authentication.principal") Object principal) {
+		public void showSecurityContextAuthenticationWithPrincipal(
+				@CurrentSecurityContext(expression = "authentication.principal") Object principal) {
 		}
 
-		public void showSecurityContextWithUserDetail(@CurrentSecurityContext(expression = "authentication.details") Object detail) {
+		public void showSecurityContextWithUserDetail(
+				@CurrentSecurityContext(expression = "authentication.details") Object detail) {
 		}
 
-		public void showSecurityContextErrorOnInvalidTypeImplicit(
-				@CurrentSecurityContext String implicit) {
+		public void showSecurityContextErrorOnInvalidTypeImplicit(@CurrentSecurityContext String implicit) {
 		}
 
 		public void showSecurityContextErrorOnInvalidTypeFalse(
@@ -300,12 +301,10 @@ public class CurrentSecurityContextArgumentResolverTests {
 				@CurrentSecurityContext(errorOnInvalidType = true) String implicit) {
 		}
 
-		public void showCurrentCustomSecurityContext(
-				@CurrentCustomSecurityContext SecurityContext context) {
+		public void showCurrentCustomSecurityContext(@CurrentCustomSecurityContext SecurityContext context) {
 		}
 
-		public void showCurrentAuthentication(
-				@CurrentAuthentication Authentication authentication) {
+		public void showCurrentAuthentication(@CurrentAuthentication Authentication authentication) {
 		}
 
 		public void showCurrentSecurityWithErrorOnInvalidType(
@@ -315,24 +314,24 @@ public class CurrentSecurityContextArgumentResolverTests {
 		public void showCurrentSecurityWithErrorOnInvalidTypeMisMatch(
 				@CurrentSecurityWithErrorOnInvalidType String typeMisMatch) {
 		}
+
 	}
 
 	private void setAuthenticationPrincipal(Object principal) {
 		SecurityContextHolder.getContext()
-				.setAuthentication(
-						new TestingAuthenticationToken(principal, "password",
-								"ROLE_USER"));
+				.setAuthentication(new TestingAuthenticationToken(principal, "password", "ROLE_USER"));
 	}
 
 	private void setAuthenticationPrincipalWithCustomSecurityContext(Object principal) {
 		CustomSecurityContext csc = new CustomSecurityContext();
-		csc.setAuthentication(new TestingAuthenticationToken(principal, "password",
-				"ROLE_USER"));
+		csc.setAuthentication(new TestingAuthenticationToken(principal, "password", "ROLE_USER"));
 		SecurityContextHolder.setContext(csc);
 	}
 
 	static class CustomSecurityContext implements SecurityContext {
+
 		private Authentication authentication;
+
 		@Override
 		public Authentication getAuthentication() {
 			return authentication;
@@ -342,31 +341,34 @@ public class CurrentSecurityContextArgumentResolverTests {
 		public void setAuthentication(Authentication authentication) {
 			this.authentication = authentication;
 		}
+
 	}
 
 	@Target({ ElementType.PARAMETER })
 	@Retention(RetentionPolicy.RUNTIME)
 	@CurrentSecurityContext
 	@interface CurrentCustomSecurityContext {
+
 	}
 
 	@Target({ ElementType.PARAMETER })
 	@Retention(RetentionPolicy.RUNTIME)
 	@CurrentSecurityContext(expression = "authentication")
 	@interface CurrentAuthentication {
+
 	}
 
 	@Target({ ElementType.PARAMETER })
 	@Retention(RetentionPolicy.RUNTIME)
 	@CurrentSecurityContext(errorOnInvalidType = true)
 	static @interface CurrentSecurityWithErrorOnInvalidType {
+
 	}
 
 	private void setAuthenticationDetail(Object detail) {
-		TestingAuthenticationToken tat = new TestingAuthenticationToken("user", "password",
-				"ROLE_USER");
+		TestingAuthenticationToken tat = new TestingAuthenticationToken("user", "password", "ROLE_USER");
 		tat.setDetails(detail);
-		SecurityContextHolder.getContext()
-				.setAuthentication(tat);
+		SecurityContextHolder.getContext().setAuthentication(tat);
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/reactive/result/method/annotation/AuthenticationPrincipalArgumentResolverTests.java b/web/src/test/java/org/springframework/security/web/reactive/result/method/annotation/AuthenticationPrincipalArgumentResolverTests.java
index 0696cc81dd..73def76790 100644
--- a/web/src/test/java/org/springframework/security/web/reactive/result/method/annotation/AuthenticationPrincipalArgumentResolverTests.java
+++ b/web/src/test/java/org/springframework/security/web/reactive/result/method/annotation/AuthenticationPrincipalArgumentResolverTests.java
@@ -40,32 +40,38 @@ import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.Mockito.when;
 
-
 /**
  * @author Rob Winch
  * @since 5.0
  */
 @RunWith(MockitoJUnitRunner.class)
 public class AuthenticationPrincipalArgumentResolverTests {
+
 	@Mock
 	ServerWebExchange exchange;
+
 	@Mock
 	BindingContext bindingContext;
+
 	@Mock
 	Authentication authentication;
+
 	@Mock
 	BeanResolver beanResolver;
 
 	ResolvableMethod authenticationPrincipal = ResolvableMethod.on(getClass()).named("authenticationPrincipal").build();
+
 	ResolvableMethod spel = ResolvableMethod.on(getClass()).named("spel").build();
+
 	ResolvableMethod meta = ResolvableMethod.on(getClass()).named("meta").build();
+
 	ResolvableMethod bean = ResolvableMethod.on(getClass()).named("bean").build();
 
 	AuthenticationPrincipalArgumentResolver resolver;
 
 	@Before
 	public void setup() {
-		resolver =  new AuthenticationPrincipalArgumentResolver(new ReactiveAdapterRegistry());
+		resolver = new AuthenticationPrincipalArgumentResolver(new ReactiveAdapterRegistry());
 		this.resolver.setBeanResolver(this.beanResolver);
 	}
 
@@ -113,7 +119,8 @@ public class AuthenticationPrincipalArgumentResolverTests {
 
 	@Test
 	public void resolveArgumentWhenMonoIsAuthenticationAndNoGenericThenObtainsPrincipal() {
-		MethodParameter parameter = ResolvableMethod.on(getClass()).named("authenticationPrincipalNoGeneric").build().arg(Mono.class);
+		MethodParameter parameter = ResolvableMethod.on(getClass()).named("authenticationPrincipalNoGeneric").build()
+				.arg(Mono.class);
 		when(authentication.getPrincipal()).thenReturn("user");
 
 		Mono<Object> argument = resolver.resolveArgument(parameter, bindingContext, exchange)
@@ -160,7 +167,8 @@ public class AuthenticationPrincipalArgumentResolverTests {
 
 	@Test
 	public void resolveArgumentWhenErrorOnInvalidTypeImplicit() {
-		MethodParameter parameter = ResolvableMethod.on(getClass()).named("errorOnInvalidTypeWhenImplicit").build().arg(Integer.class);
+		MethodParameter parameter = ResolvableMethod.on(getClass()).named("errorOnInvalidTypeWhenImplicit").build()
+				.arg(Integer.class);
 		when(authentication.getPrincipal()).thenReturn("user");
 
 		Mono<Object> argument = resolver.resolveArgument(parameter, bindingContext, exchange)
@@ -171,7 +179,8 @@ public class AuthenticationPrincipalArgumentResolverTests {
 
 	@Test
 	public void resolveArgumentWhenErrorOnInvalidTypeExplicitFalse() {
-		MethodParameter parameter = ResolvableMethod.on(getClass()).named("errorOnInvalidTypeWhenExplicitFalse").build().arg(Integer.class);
+		MethodParameter parameter = ResolvableMethod.on(getClass()).named("errorOnInvalidTypeWhenExplicitFalse").build()
+				.arg(Integer.class);
 		when(authentication.getPrincipal()).thenReturn("user");
 
 		Mono<Object> argument = resolver.resolveArgument(parameter, bindingContext, exchange)
@@ -182,7 +191,8 @@ public class AuthenticationPrincipalArgumentResolverTests {
 
 	@Test
 	public void resolveArgumentWhenErrorOnInvalidTypeExplicitTrue() {
-		MethodParameter parameter = ResolvableMethod.on(getClass()).named("errorOnInvalidTypeWhenExplicitTrue").build().arg(Integer.class);
+		MethodParameter parameter = ResolvableMethod.on(getClass()).named("errorOnInvalidTypeWhenExplicitTrue").build()
+				.arg(Integer.class);
 		when(authentication.getPrincipal()).thenReturn("user");
 
 		Mono<Object> argument = resolver.resolveArgument(parameter, bindingContext, exchange)
@@ -191,29 +201,41 @@ public class AuthenticationPrincipalArgumentResolverTests {
 		assertThatThrownBy(() -> argument.block()).isInstanceOf(ClassCastException.class);
 	}
 
-	void authenticationPrincipal(@AuthenticationPrincipal String principal, @AuthenticationPrincipal Mono<String> monoPrincipal) {}
+	void authenticationPrincipal(@AuthenticationPrincipal String principal,
+			@AuthenticationPrincipal Mono<String> monoPrincipal) {
+	}
 
-	void authenticationPrincipalNoGeneric(@AuthenticationPrincipal Mono monoPrincipal) {}
+	void authenticationPrincipalNoGeneric(@AuthenticationPrincipal Mono monoPrincipal) {
+	}
 
-	void spel(@AuthenticationPrincipal(expression = "id") Long id) {}
+	void spel(@AuthenticationPrincipal(expression = "id") Long id) {
+	}
 
-	void bean(@AuthenticationPrincipal(expression = "@beanName.methodName(#this)") Long id) {}
+	void bean(@AuthenticationPrincipal(expression = "@beanName.methodName(#this)") Long id) {
+	}
 
-	void meta(@CurrentUser String principal) {}
+	void meta(@CurrentUser String principal) {
+	}
 
-	void errorOnInvalidTypeWhenImplicit(@AuthenticationPrincipal Integer implicit) {}
+	void errorOnInvalidTypeWhenImplicit(@AuthenticationPrincipal Integer implicit) {
+	}
 
-	void errorOnInvalidTypeWhenExplicitFalse(@AuthenticationPrincipal(errorOnInvalidType = false) Integer implicit) {}
+	void errorOnInvalidTypeWhenExplicitFalse(@AuthenticationPrincipal(errorOnInvalidType = false) Integer implicit) {
+	}
 
-	void errorOnInvalidTypeWhenExplicitTrue(@AuthenticationPrincipal(errorOnInvalidType = true) Integer implicit) {}
+	void errorOnInvalidTypeWhenExplicitTrue(@AuthenticationPrincipal(errorOnInvalidType = true) Integer implicit) {
+	}
 
 	static class Bean {
+
 		public Long methodName(MyUser user) {
 			return user.getId();
 		}
+
 	}
 
 	static class MyUser {
+
 		private final Long id;
 
 		MyUser(Long id) {
@@ -223,11 +245,15 @@ public class AuthenticationPrincipalArgumentResolverTests {
 		public Long getId() {
 			return id;
 		}
+
 	}
 
 	@Target({ ElementType.PARAMETER, ElementType.ANNOTATION_TYPE })
 	@Retention(RetentionPolicy.RUNTIME)
 	@Documented
 	@AuthenticationPrincipal
-	public @interface CurrentUser {}
+	public @interface CurrentUser {
+
+	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/reactive/result/method/annotation/CurrentSecurityContextArgumentResolverTests.java b/web/src/test/java/org/springframework/security/web/reactive/result/method/annotation/CurrentSecurityContextArgumentResolverTests.java
index c97f6b1276..69108ad0a9 100644
--- a/web/src/test/java/org/springframework/security/web/reactive/result/method/annotation/CurrentSecurityContextArgumentResolverTests.java
+++ b/web/src/test/java/org/springframework/security/web/reactive/result/method/annotation/CurrentSecurityContextArgumentResolverTests.java
@@ -45,48 +45,58 @@ import org.springframework.web.server.ServerWebExchange;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 
-
 /**
  * @author Dan Zheng
  * @since 5.2
  */
 @RunWith(MockitoJUnitRunner.class)
 public class CurrentSecurityContextArgumentResolverTests {
+
 	@Mock
 	ServerWebExchange exchange;
+
 	@Mock
 	BindingContext bindingContext;
+
 	@Mock
 	Authentication authentication;
+
 	@Mock
 	BeanResolver beanResolver;
+
 	@Mock
 	SecurityContext securityContext;
 
 	ResolvableMethod securityContextMethod = ResolvableMethod.on(getClass()).named("securityContext").build();
-	ResolvableMethod securityContextWithAuthentication = ResolvableMethod.on(getClass()).named("securityContextWithAuthentication").build();
+
+	ResolvableMethod securityContextWithAuthentication = ResolvableMethod.on(getClass())
+			.named("securityContextWithAuthentication").build();
 
 	CurrentSecurityContextArgumentResolver resolver;
 
 	@Before
 	public void setup() {
-		this.resolver =  new CurrentSecurityContextArgumentResolver(new ReactiveAdapterRegistry());
+		this.resolver = new CurrentSecurityContextArgumentResolver(new ReactiveAdapterRegistry());
 		this.resolver.setBeanResolver(this.beanResolver);
 	}
 
 	@Test
 	public void supportsParameterCurrentSecurityContext() {
-		assertThat(this.resolver.supportsParameter(this.securityContextMethod.arg(Mono.class, SecurityContext.class))).isTrue();
+		assertThat(this.resolver.supportsParameter(this.securityContextMethod.arg(Mono.class, SecurityContext.class)))
+				.isTrue();
 	}
 
 	@Test
 	public void supportsParameterWithAuthentication() {
-		assertThat(this.resolver.supportsParameter(this.securityContextWithAuthentication.arg(Mono.class, Authentication.class))).isTrue();
+		assertThat(this.resolver
+				.supportsParameter(this.securityContextWithAuthentication.arg(Mono.class, Authentication.class)))
+						.isTrue();
 	}
 
 	@Test
 	public void resolveArgumentWithNullSecurityContext() {
-		MethodParameter parameter = ResolvableMethod.on(getClass()).named("securityContext").build().arg(Mono.class, SecurityContext.class);
+		MethodParameter parameter = ResolvableMethod.on(getClass()).named("securityContext").build().arg(Mono.class,
+				SecurityContext.class);
 		Context context = ReactiveSecurityContextHolder.withSecurityContext(Mono.empty());
 		Mono<Object> argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange);
 		Object obj = argument.subscriberContext(context).block();
@@ -96,40 +106,47 @@ public class CurrentSecurityContextArgumentResolverTests {
 
 	@Test
 	public void resolveArgumentWithSecurityContext() {
-		MethodParameter parameter = ResolvableMethod.on(getClass()).named("securityContext").build().arg(Mono.class, SecurityContext.class);
+		MethodParameter parameter = ResolvableMethod.on(getClass()).named("securityContext").build().arg(Mono.class,
+				SecurityContext.class);
 		Authentication auth = buildAuthenticationWithPrincipal("hello");
 		Context context = ReactiveSecurityContextHolder.withAuthentication(auth);
 		Mono<Object> argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange);
-		SecurityContext securityContext = (SecurityContext) argument.subscriberContext(context).cast(Mono.class).block().block();
+		SecurityContext securityContext = (SecurityContext) argument.subscriberContext(context).cast(Mono.class).block()
+				.block();
 		assertThat(securityContext.getAuthentication()).isSameAs(auth);
 		ReactiveSecurityContextHolder.clearContext();
 	}
 
 	@Test
 	public void resolveArgumentWithCustomSecurityContext() {
-		MethodParameter parameter = ResolvableMethod.on(getClass()).named("customSecurityContext").build().arg(Mono.class, SecurityContext.class);
+		MethodParameter parameter = ResolvableMethod.on(getClass()).named("customSecurityContext").build()
+				.arg(Mono.class, SecurityContext.class);
 		Authentication auth = buildAuthenticationWithPrincipal("hello");
 		Context context = ReactiveSecurityContextHolder.withSecurityContext(Mono.just(new CustomSecurityContext(auth)));
 		Mono<Object> argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange);
-		CustomSecurityContext securityContext = (CustomSecurityContext) argument.subscriberContext(context).cast(Mono.class).block().block();
+		CustomSecurityContext securityContext = (CustomSecurityContext) argument.subscriberContext(context)
+				.cast(Mono.class).block().block();
 		assertThat(securityContext.getAuthentication()).isSameAs(auth);
 		ReactiveSecurityContextHolder.clearContext();
 	}
 
 	@Test
 	public void resolveArgumentWithNullAuthentication1() {
-		MethodParameter parameter = ResolvableMethod.on(getClass()).named("securityContext").build().arg(Mono.class, SecurityContext.class);
+		MethodParameter parameter = ResolvableMethod.on(getClass()).named("securityContext").build().arg(Mono.class,
+				SecurityContext.class);
 		Authentication auth = null;
 		Context context = ReactiveSecurityContextHolder.withAuthentication(auth);
 		Mono<Object> argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange);
-		SecurityContext securityContext = (SecurityContext) argument.subscriberContext(context).cast(Mono.class).block().block();
+		SecurityContext securityContext = (SecurityContext) argument.subscriberContext(context).cast(Mono.class).block()
+				.block();
 		assertThat(securityContext.getAuthentication()).isNull();
 		ReactiveSecurityContextHolder.clearContext();
 	}
 
 	@Test
 	public void resolveArgumentWithNullAuthentication2() {
-		MethodParameter parameter = ResolvableMethod.on(getClass()).named("securityContextWithAuthentication").build().arg(Mono.class, Authentication.class);
+		MethodParameter parameter = ResolvableMethod.on(getClass()).named("securityContextWithAuthentication").build()
+				.arg(Mono.class, Authentication.class);
 		Authentication auth = null;
 		Context context = ReactiveSecurityContextHolder.withAuthentication(auth);
 		Mono<Object> argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange);
@@ -140,7 +157,8 @@ public class CurrentSecurityContextArgumentResolverTests {
 
 	@Test
 	public void resolveArgumentWithAuthentication1() {
-		MethodParameter parameter = ResolvableMethod.on(getClass()).named("securityContextWithAuthentication").build().arg(Mono.class, Authentication.class);
+		MethodParameter parameter = ResolvableMethod.on(getClass()).named("securityContextWithAuthentication").build()
+				.arg(Mono.class, Authentication.class);
 		Authentication auth = buildAuthenticationWithPrincipal("authentication1");
 		Context context = ReactiveSecurityContextHolder.withAuthentication(auth);
 		Mono<Object> argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange);
@@ -151,7 +169,8 @@ public class CurrentSecurityContextArgumentResolverTests {
 
 	@Test
 	public void resolveArgumentWithNullAuthenticationOptional1() {
-		MethodParameter parameter = ResolvableMethod.on(getClass()).named("securityContextWithDepthPropOptional").build().arg(Mono.class, Object.class);
+		MethodParameter parameter = ResolvableMethod.on(getClass()).named("securityContextWithDepthPropOptional")
+				.build().arg(Mono.class, Object.class);
 		Authentication auth = null;
 		Context context = ReactiveSecurityContextHolder.withAuthentication(auth);
 		Mono<Object> argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange);
@@ -162,7 +181,8 @@ public class CurrentSecurityContextArgumentResolverTests {
 
 	@Test
 	public void resolveArgumentWithAuthenticationOptional1() {
-		MethodParameter parameter = ResolvableMethod.on(getClass()).named("securityContextWithDepthPropOptional").build().arg(Mono.class, Object.class);
+		MethodParameter parameter = ResolvableMethod.on(getClass()).named("securityContextWithDepthPropOptional")
+				.build().arg(Mono.class, Object.class);
 		Authentication auth = buildAuthenticationWithPrincipal("auth_optional");
 		Context context = ReactiveSecurityContextHolder.withAuthentication(auth);
 		Mono<Object> argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange);
@@ -173,17 +193,20 @@ public class CurrentSecurityContextArgumentResolverTests {
 
 	@Test
 	public void resolveArgumentWithNullDepthProp1() {
-		MethodParameter parameter = ResolvableMethod.on(getClass()).named("securityContextWithDepthProp").build().arg(Mono.class, Object.class);
+		MethodParameter parameter = ResolvableMethod.on(getClass()).named("securityContextWithDepthProp").build()
+				.arg(Mono.class, Object.class);
 		Authentication auth = null;
 		Context context = ReactiveSecurityContextHolder.withAuthentication(auth);
 		Mono<Object> argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange);
-		assertThatExceptionOfType(SpelEvaluationException.class).isThrownBy(() -> argument.subscriberContext(context).block());
+		assertThatExceptionOfType(SpelEvaluationException.class)
+				.isThrownBy(() -> argument.subscriberContext(context).block());
 		ReactiveSecurityContextHolder.clearContext();
 	}
 
 	@Test
 	public void resolveArgumentWithStringDepthProp() {
-		MethodParameter parameter = ResolvableMethod.on(getClass()).named("securityContextWithDepthStringProp").build().arg(Mono.class, String.class);
+		MethodParameter parameter = ResolvableMethod.on(getClass()).named("securityContextWithDepthStringProp").build()
+				.arg(Mono.class, String.class);
 		Authentication auth = buildAuthenticationWithPrincipal("auth_string");
 		Context context = ReactiveSecurityContextHolder.withAuthentication(auth);
 		Mono<Object> argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange);
@@ -194,7 +217,8 @@ public class CurrentSecurityContextArgumentResolverTests {
 
 	@Test
 	public void resolveArgumentWhenErrorOnInvalidTypeImplicit() {
-		MethodParameter parameter = ResolvableMethod.on(getClass()).named("errorOnInvalidTypeWhenImplicit").build().arg(Mono.class, String.class);
+		MethodParameter parameter = ResolvableMethod.on(getClass()).named("errorOnInvalidTypeWhenImplicit").build()
+				.arg(Mono.class, String.class);
 		Authentication auth = buildAuthenticationWithPrincipal("invalid_type_implicit");
 		Context context = ReactiveSecurityContextHolder.withAuthentication(auth);
 		Mono<Object> argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange);
@@ -205,7 +229,8 @@ public class CurrentSecurityContextArgumentResolverTests {
 
 	@Test
 	public void resolveArgumentErrorOnInvalidTypeWhenExplicitFalse() {
-		MethodParameter parameter = ResolvableMethod.on(getClass()).named("errorOnInvalidTypeWhenExplicitFalse").build().arg(Mono.class, String.class);
+		MethodParameter parameter = ResolvableMethod.on(getClass()).named("errorOnInvalidTypeWhenExplicitFalse").build()
+				.arg(Mono.class, String.class);
 		Authentication auth = buildAuthenticationWithPrincipal("error_on_invalid_type_explicit_false");
 		Context context = ReactiveSecurityContextHolder.withAuthentication(auth);
 		Mono<Object> argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange);
@@ -216,102 +241,136 @@ public class CurrentSecurityContextArgumentResolverTests {
 
 	@Test
 	public void resolveArgumentErrorOnInvalidTypeWhenExplicitTrue() {
-		MethodParameter parameter = ResolvableMethod.on(getClass()).named("errorOnInvalidTypeWhenExplicitTrue").build().arg(Mono.class, String.class);
+		MethodParameter parameter = ResolvableMethod.on(getClass()).named("errorOnInvalidTypeWhenExplicitTrue").build()
+				.arg(Mono.class, String.class);
 		Authentication auth = buildAuthenticationWithPrincipal("error_on_invalid_type_explicit_true");
 		Context context = ReactiveSecurityContextHolder.withAuthentication(auth);
 		Mono<Object> argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange);
-		assertThatExceptionOfType(ClassCastException.class).isThrownBy(() -> argument.subscriberContext(context).block());
+		assertThatExceptionOfType(ClassCastException.class)
+				.isThrownBy(() -> argument.subscriberContext(context).block());
 		ReactiveSecurityContextHolder.clearContext();
 	}
 
 	@Test
 	public void metaAnnotationWhenDefaultSecurityContextThenInjectSecurityContext() {
-		MethodParameter parameter = ResolvableMethod.on(getClass()).named("currentCustomSecurityContext").build().arg(Mono.class, SecurityContext.class);
+		MethodParameter parameter = ResolvableMethod.on(getClass()).named("currentCustomSecurityContext").build()
+				.arg(Mono.class, SecurityContext.class);
 		Authentication auth = buildAuthenticationWithPrincipal("current_custom_security_context");
 		Context context = ReactiveSecurityContextHolder.withAuthentication(auth);
 		Mono<Object> argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange);
-		SecurityContext securityContext = (SecurityContext) argument.subscriberContext(context).cast(Mono.class).block().block();
+		SecurityContext securityContext = (SecurityContext) argument.subscriberContext(context).cast(Mono.class).block()
+				.block();
 		assertThat(securityContext.getAuthentication()).isSameAs(auth);
 		ReactiveSecurityContextHolder.clearContext();
 	}
 
 	@Test
 	public void metaAnnotationWhenCurrentAuthenticationThenInjectAuthentication() {
-		MethodParameter parameter = ResolvableMethod.on(getClass()).named("currentAuthentication").build().arg(Mono.class, Authentication.class);
+		MethodParameter parameter = ResolvableMethod.on(getClass()).named("currentAuthentication").build()
+				.arg(Mono.class, Authentication.class);
 		Authentication auth = buildAuthenticationWithPrincipal("current_authentication");
 		Context context = ReactiveSecurityContextHolder.withAuthentication(auth);
 		Mono<Object> argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange);
-		Authentication authentication = (Authentication) argument.subscriberContext(context).cast(Mono.class).block().block();
+		Authentication authentication = (Authentication) argument.subscriberContext(context).cast(Mono.class).block()
+				.block();
 		assertThat(authentication).isSameAs(auth);
 		ReactiveSecurityContextHolder.clearContext();
 	}
 
 	@Test
 	public void metaAnnotationWhenCurrentSecurityWithErrorOnInvalidTypeThenInjectSecurityContext() {
-		MethodParameter parameter = ResolvableMethod.on(getClass()).named("currentSecurityWithErrorOnInvalidType").build().arg(Mono.class, SecurityContext.class);
+		MethodParameter parameter = ResolvableMethod.on(getClass()).named("currentSecurityWithErrorOnInvalidType")
+				.build().arg(Mono.class, SecurityContext.class);
 		Authentication auth = buildAuthenticationWithPrincipal("current_security_with_error_on_invalid_type");
 		Context context = ReactiveSecurityContextHolder.withAuthentication(auth);
 		Mono<Object> argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange);
-		SecurityContext securityContext = (SecurityContext) argument.subscriberContext(context).cast(Mono.class).block().block();
+		SecurityContext securityContext = (SecurityContext) argument.subscriberContext(context).cast(Mono.class).block()
+				.block();
 		assertThat(securityContext.getAuthentication()).isSameAs(auth);
 		ReactiveSecurityContextHolder.clearContext();
 	}
 
 	@Test
 	public void metaAnnotationWhenCurrentSecurityWithErrorOnInvalidTypeThenMisMatch() {
-		MethodParameter parameter = ResolvableMethod.on(getClass()).named("currentSecurityWithErrorOnInvalidTypeMisMatch").build().arg(Mono.class, String.class);
+		MethodParameter parameter = ResolvableMethod.on(getClass())
+				.named("currentSecurityWithErrorOnInvalidTypeMisMatch").build().arg(Mono.class, String.class);
 		Authentication auth = buildAuthenticationWithPrincipal("current_security_with_error_on_invalid_type_mismatch");
 		Context context = ReactiveSecurityContextHolder.withAuthentication(auth);
 		Mono<Object> argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange);
-		assertThatExceptionOfType(ClassCastException.class).isThrownBy(() -> argument.subscriberContext(context).cast(Mono.class).block().block());
+		assertThatExceptionOfType(ClassCastException.class)
+				.isThrownBy(() -> argument.subscriberContext(context).cast(Mono.class).block().block());
 		ReactiveSecurityContextHolder.clearContext();
 	}
 
-	void securityContext(@CurrentSecurityContext Mono<SecurityContext> monoSecurityContext) {}
+	void securityContext(@CurrentSecurityContext Mono<SecurityContext> monoSecurityContext) {
+	}
 
-	void customSecurityContext(@CurrentSecurityContext Mono<SecurityContext> monoSecurityContext) {}
+	void customSecurityContext(@CurrentSecurityContext Mono<SecurityContext> monoSecurityContext) {
+	}
 
-	void securityContextWithAuthentication(@CurrentSecurityContext(expression = "authentication") Mono<Authentication> authentication) {}
+	void securityContextWithAuthentication(
+			@CurrentSecurityContext(expression = "authentication") Mono<Authentication> authentication) {
+	}
 
-	void securityContextWithDepthPropOptional(@CurrentSecurityContext(expression = "authentication?.principal") Mono<Object> principal) {}
+	void securityContextWithDepthPropOptional(
+			@CurrentSecurityContext(expression = "authentication?.principal") Mono<Object> principal) {
+	}
 
-	void securityContextWithDepthProp(@CurrentSecurityContext(expression = "authentication.principal") Mono<Object> principal) {}
+	void securityContextWithDepthProp(
+			@CurrentSecurityContext(expression = "authentication.principal") Mono<Object> principal) {
+	}
 
-	void securityContextWithDepthStringProp(@CurrentSecurityContext(expression = "authentication.principal") Mono<String> principal) {}
+	void securityContextWithDepthStringProp(
+			@CurrentSecurityContext(expression = "authentication.principal") Mono<String> principal) {
+	}
 
-	void errorOnInvalidTypeWhenImplicit(@CurrentSecurityContext Mono<String> implicit) {}
+	void errorOnInvalidTypeWhenImplicit(@CurrentSecurityContext Mono<String> implicit) {
+	}
 
-	void errorOnInvalidTypeWhenExplicitFalse(@CurrentSecurityContext(errorOnInvalidType = false) Mono<String> implicit) {}
+	void errorOnInvalidTypeWhenExplicitFalse(
+			@CurrentSecurityContext(errorOnInvalidType = false) Mono<String> implicit) {
+	}
 
-	void errorOnInvalidTypeWhenExplicitTrue(@CurrentSecurityContext(errorOnInvalidType = true) Mono<String> implicit) {}
+	void errorOnInvalidTypeWhenExplicitTrue(@CurrentSecurityContext(errorOnInvalidType = true) Mono<String> implicit) {
+	}
 
-	void currentCustomSecurityContext(@CurrentCustomSecurityContext Mono<SecurityContext> monoSecurityContext) {}
+	void currentCustomSecurityContext(@CurrentCustomSecurityContext Mono<SecurityContext> monoSecurityContext) {
+	}
 
-	void currentAuthentication(@CurrentAuthentication Mono<Authentication> authentication) {}
+	void currentAuthentication(@CurrentAuthentication Mono<Authentication> authentication) {
+	}
 
-	void currentSecurityWithErrorOnInvalidType(@CurrentSecurityWithErrorOnInvalidType Mono<SecurityContext> monoSecurityContext) {}
+	void currentSecurityWithErrorOnInvalidType(
+			@CurrentSecurityWithErrorOnInvalidType Mono<SecurityContext> monoSecurityContext) {
+	}
 
-	void currentSecurityWithErrorOnInvalidTypeMisMatch(@CurrentSecurityWithErrorOnInvalidType Mono<String> typeMisMatch) {}
+	void currentSecurityWithErrorOnInvalidTypeMisMatch(
+			@CurrentSecurityWithErrorOnInvalidType Mono<String> typeMisMatch) {
+	}
 
 	@Target({ ElementType.PARAMETER })
 	@Retention(RetentionPolicy.RUNTIME)
 	@CurrentSecurityContext
 	@interface CurrentCustomSecurityContext {
+
 	}
 
 	@Target({ ElementType.PARAMETER })
 	@Retention(RetentionPolicy.RUNTIME)
 	@CurrentSecurityContext(expression = "authentication")
 	@interface CurrentAuthentication {
+
 	}
 
 	@Target({ ElementType.PARAMETER })
 	@Retention(RetentionPolicy.RUNTIME)
 	@CurrentSecurityContext(errorOnInvalidType = true)
 	@interface CurrentSecurityWithErrorOnInvalidType {
+
 	}
 
 	static class CustomSecurityContext implements SecurityContext {
+
 		private Authentication authentication;
 
 		CustomSecurityContext(Authentication authentication) {
@@ -327,10 +386,11 @@ public class CurrentSecurityContextArgumentResolverTests {
 		public void setAuthentication(Authentication authentication) {
 			this.authentication = authentication;
 		}
+
 	}
 
 	private Authentication buildAuthenticationWithPrincipal(Object principal) {
-		return new TestingAuthenticationToken(principal, "password",
-				"ROLE_USER");
+		return new TestingAuthenticationToken(principal, "password", "ROLE_USER");
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/reactive/result/view/CsrfRequestDataValueProcessorTests.java b/web/src/test/java/org/springframework/security/web/reactive/result/view/CsrfRequestDataValueProcessorTests.java
index 341e9937a2..b88fec1ae5 100644
--- a/web/src/test/java/org/springframework/security/web/reactive/result/view/CsrfRequestDataValueProcessorTests.java
+++ b/web/src/test/java/org/springframework/security/web/reactive/result/view/CsrfRequestDataValueProcessorTests.java
@@ -37,11 +37,13 @@ import static org.springframework.security.web.reactive.result.view.CsrfRequestD
  * @since 5.0
  */
 public class CsrfRequestDataValueProcessorTests {
+
 	private MockServerWebExchange exchange = exchange(HttpMethod.GET);
 
 	private CsrfRequestDataValueProcessor processor = new CsrfRequestDataValueProcessor();
 
 	private CsrfToken token = new DefaultCsrfToken("1", "a", "b");
+
 	private Map<String, String> expected = new HashMap<>();
 
 	@Before
@@ -52,15 +54,12 @@ public class CsrfRequestDataValueProcessorTests {
 
 	@Test
 	public void assertAllMethodsDeclared() {
-		Method[] expectedMethods = ReflectionUtils
-			.getAllDeclaredMethods(CsrfRequestDataValueProcessor.class);
+		Method[] expectedMethods = ReflectionUtils.getAllDeclaredMethods(CsrfRequestDataValueProcessor.class);
 		for (Method expected : expectedMethods) {
-			assertThat(
-				ReflectionUtils.findMethod(
-					CsrfRequestDataValueProcessor.class,
-					expected.getName(), expected.getParameterTypes())).as(
-				"Expected to find " + expected + " defined on "
-					+ CsrfRequestDataValueProcessor.class).isNotNull();
+			assertThat(ReflectionUtils.findMethod(CsrfRequestDataValueProcessor.class, expected.getName(),
+					expected.getParameterTypes()))
+							.as("Expected to find " + expected + " defined on " + CsrfRequestDataValueProcessor.class)
+							.isNotNull();
 		}
 	}
 
@@ -90,15 +89,13 @@ public class CsrfRequestDataValueProcessorTests {
 	@Test
 	public void getExtraHiddenFieldsHasCsrfToken_POST() {
 		this.processor.processAction(this.exchange, "action", "POST");
-		assertThat(this.processor.getExtraHiddenFields(this.exchange)).isEqualTo(
-			this.expected);
+		assertThat(this.processor.getExtraHiddenFields(this.exchange)).isEqualTo(this.expected);
 	}
 
 	@Test
 	public void getExtraHiddenFieldsHasCsrfToken_post() {
 		this.processor.processAction(this.exchange, "action", "post");
-		assertThat(this.processor.getExtraHiddenFields(this.exchange)).isEqualTo(
-			this.expected);
+		assertThat(this.processor.getExtraHiddenFields(this.exchange)).isEqualTo(this.expected);
 	}
 
 	@Test
@@ -110,8 +107,7 @@ public class CsrfRequestDataValueProcessorTests {
 	@Test
 	public void processFormFieldValue() {
 		String value = "action";
-		assertThat(this.processor.processFormFieldValue(this.exchange, "name", value, "hidden"))
-			.isEqualTo(value);
+		assertThat(this.processor.processFormFieldValue(this.exchange, "name", value, "hidden")).isEqualTo(value);
 	}
 
 	@Test
@@ -134,4 +130,5 @@ public class CsrfRequestDataValueProcessorTests {
 	private MockServerWebExchange exchange(HttpMethod method) {
 		return MockServerWebExchange.from(MockServerHttpRequest.method(HttpMethod.GET, "/"));
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/savedrequest/CookieRequestCacheTests.java b/web/src/test/java/org/springframework/security/web/savedrequest/CookieRequestCacheTests.java
index 3ae2357be0..760a359798 100644
--- a/web/src/test/java/org/springframework/security/web/savedrequest/CookieRequestCacheTests.java
+++ b/web/src/test/java/org/springframework/security/web/savedrequest/CookieRequestCacheTests.java
@@ -87,7 +87,8 @@ public class CookieRequestCacheTests {
 	@Test
 	public void getRequestWhenRequestIsWithoutCookiesThenReturnsNullSavedRequest() {
 		CookieRequestCache cookieRequestCache = new CookieRequestCache();
-		SavedRequest savedRequest = cookieRequestCache.getRequest(new MockHttpServletRequest(), new MockHttpServletResponse());
+		SavedRequest savedRequest = cookieRequestCache.getRequest(new MockHttpServletRequest(),
+				new MockHttpServletResponse());
 		assertThat(savedRequest).isNull();
 	}
 
@@ -119,7 +120,8 @@ public class CookieRequestCacheTests {
 		CookieRequestCache cookieRequestCache = new CookieRequestCache();
 		MockHttpServletResponse response = new MockHttpServletResponse();
 
-		HttpServletRequest matchingRequest = cookieRequestCache.getMatchingRequest(new MockHttpServletRequest(), response);
+		HttpServletRequest matchingRequest = cookieRequestCache.getMatchingRequest(new MockHttpServletRequest(),
+				response);
 		assertThat(matchingRequest).isNull();
 		assertThat(response.getCookie(DEFAULT_COOKIE_NAME)).isNull();
 	}
diff --git a/web/src/test/java/org/springframework/security/web/savedrequest/DefaultSavedRequestTests.java b/web/src/test/java/org/springframework/security/web/savedrequest/DefaultSavedRequestTests.java
index dd381f196a..28ff375aa4 100644
--- a/web/src/test/java/org/springframework/security/web/savedrequest/DefaultSavedRequestTests.java
+++ b/web/src/test/java/org/springframework/security/web/savedrequest/DefaultSavedRequestTests.java
@@ -32,8 +32,7 @@ public class DefaultSavedRequestTests {
 	public void headersAreCaseInsensitive() {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.addHeader("USER-aGenT", "Mozilla");
-		DefaultSavedRequest saved = new DefaultSavedRequest(request,
-				new MockPortResolver(8080, 8443));
+		DefaultSavedRequest saved = new DefaultSavedRequest(request, new MockPortResolver(8080, 8443));
 		assertThat(saved.getHeaderValues("user-agent").get(0)).isEqualTo("Mozilla");
 	}
 
@@ -42,8 +41,7 @@ public class DefaultSavedRequestTests {
 	public void discardsIfNoneMatchHeader() {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.addHeader("If-None-Match", "somehashvalue");
-		DefaultSavedRequest saved = new DefaultSavedRequest(request,
-				new MockPortResolver(8080, 8443));
+		DefaultSavedRequest saved = new DefaultSavedRequest(request, new MockPortResolver(8080, 8443));
 		assertThat(saved.getHeaderValues("if-none-match").isEmpty()).isTrue();
 	}
 
@@ -53,9 +51,9 @@ public class DefaultSavedRequestTests {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.addParameter("AnotHerTest", "Hi dad");
 		request.addParameter("thisisatest", "Hi mom");
-		DefaultSavedRequest saved = new DefaultSavedRequest(request,
-				new MockPortResolver(8080, 8443));
+		DefaultSavedRequest saved = new DefaultSavedRequest(request, new MockPortResolver(8080, 8443));
 		assertThat(saved.getParameterValues("thisisatest")[0]).isEqualTo("Hi mom");
 		assertThat(saved.getParameterValues("anothertest")).isNull();
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/savedrequest/HttpSessionRequestCacheTests.java b/web/src/test/java/org/springframework/security/web/savedrequest/HttpSessionRequestCacheTests.java
index 048b3d8adb..0089fd3b03 100644
--- a/web/src/test/java/org/springframework/security/web/savedrequest/HttpSessionRequestCacheTests.java
+++ b/web/src/test/java/org/springframework/security/web/savedrequest/HttpSessionRequestCacheTests.java
@@ -32,7 +32,6 @@ import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.security.web.PortResolverImpl;
 
 /**
- *
  * @author Luke Taylor
  * @author Eddú Meléndez
  * @since 3.0
@@ -43,16 +42,13 @@ public class HttpSessionRequestCacheTests {
 	public void originalGetRequestDoesntMatchIncomingPost() {
 		HttpSessionRequestCache cache = new HttpSessionRequestCache();
 
-		MockHttpServletRequest request = new MockHttpServletRequest("GET",
-				"/destination");
+		MockHttpServletRequest request = new MockHttpServletRequest("GET", "/destination");
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		cache.saveRequest(request, response);
-		assertThat(request.getSession().getAttribute(
-				HttpSessionRequestCache.SAVED_REQUEST)).isNotNull();
+		assertThat(request.getSession().getAttribute(HttpSessionRequestCache.SAVED_REQUEST)).isNotNull();
 		assertThat(cache.getRequest(request, response)).isNotNull();
 
-		MockHttpServletRequest newRequest = new MockHttpServletRequest("POST",
-				"/destination");
+		MockHttpServletRequest newRequest = new MockHttpServletRequest("POST", "/destination");
 		newRequest.setSession(request.getSession());
 		assertThat(cache.getMatchingRequest(newRequest, response)).isNull();
 
@@ -63,37 +59,32 @@ public class HttpSessionRequestCacheTests {
 		HttpSessionRequestCache cache = new HttpSessionRequestCache();
 		cache.setRequestMatcher(request -> request.getMethod().equals("GET"));
 
-		MockHttpServletRequest request = new MockHttpServletRequest("POST",
-				"/destination");
+		MockHttpServletRequest request = new MockHttpServletRequest("POST", "/destination");
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		cache.saveRequest(request, response);
 		assertThat(cache.getRequest(request, response)).isNull();
-		assertThat(cache.getRequest(new MockHttpServletRequest(),
-				new MockHttpServletResponse())).isNull();
+		assertThat(cache.getRequest(new MockHttpServletRequest(), new MockHttpServletResponse())).isNull();
 		assertThat(cache.getMatchingRequest(request, response)).isNull();
 	}
 
 	// SEC-2246
 	@Test
 	public void getRequestCustomNoClassCastException() {
-		MockHttpServletRequest request = new MockHttpServletRequest("POST",
-				"/destination");
+		MockHttpServletRequest request = new MockHttpServletRequest("POST", "/destination");
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		HttpSessionRequestCache cache = new HttpSessionRequestCache() {
 
 			@Override
-			public void saveRequest(HttpServletRequest request,
-					HttpServletResponse response) {
-				request.getSession().setAttribute(SAVED_REQUEST, new CustomSavedRequest(
-						new DefaultSavedRequest(request, new PortResolverImpl())));
+			public void saveRequest(HttpServletRequest request, HttpServletResponse response) {
+				request.getSession().setAttribute(SAVED_REQUEST,
+						new CustomSavedRequest(new DefaultSavedRequest(request, new PortResolverImpl())));
 			}
 
 		};
 		cache.saveRequest(request, response);
 
 		cache.saveRequest(request, response);
-		assertThat(cache.getRequest(request, response)).isInstanceOf(
-				CustomSavedRequest.class);
+		assertThat(cache.getRequest(request, response)).isInstanceOf(CustomSavedRequest.class);
 	}
 
 	@Test
@@ -101,8 +92,7 @@ public class HttpSessionRequestCacheTests {
 		HttpSessionRequestCache cache = new HttpSessionRequestCache();
 		cache.setSessionAttrName("CUSTOM_SAVED_REQUEST");
 
-		MockHttpServletRequest request = new MockHttpServletRequest("GET",
-				"/destination");
+		MockHttpServletRequest request = new MockHttpServletRequest("GET", "/destination");
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		cache.saveRequest(request, response);
 
@@ -152,5 +142,7 @@ public class HttpSessionRequestCacheTests {
 		}
 
 		private static final long serialVersionUID = 2426831999233621470L;
+
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/savedrequest/RequestCacheAwareFilterTests.java b/web/src/test/java/org/springframework/security/web/savedrequest/RequestCacheAwareFilterTests.java
index f97f7d2369..39aa95dda7 100644
--- a/web/src/test/java/org/springframework/security/web/savedrequest/RequestCacheAwareFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/savedrequest/RequestCacheAwareFilterTests.java
@@ -32,16 +32,13 @@ public class RequestCacheAwareFilterTests {
 		RequestCacheAwareFilter filter = new RequestCacheAwareFilter();
 		HttpSessionRequestCache cache = new HttpSessionRequestCache();
 
-		MockHttpServletRequest request = new MockHttpServletRequest("POST",
-				"/destination");
+		MockHttpServletRequest request = new MockHttpServletRequest("POST", "/destination");
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		cache.saveRequest(request, response);
-		assertThat(request.getSession().getAttribute(
-				HttpSessionRequestCache.SAVED_REQUEST)).isNotNull();
+		assertThat(request.getSession().getAttribute(HttpSessionRequestCache.SAVED_REQUEST)).isNotNull();
 
 		filter.doFilter(request, response, new MockFilterChain());
-		assertThat(request.getSession().getAttribute(
-				HttpSessionRequestCache.SAVED_REQUEST)).isNull();
+		assertThat(request.getSession().getAttribute(HttpSessionRequestCache.SAVED_REQUEST)).isNull();
 	}
 
 	@Test
@@ -73,4 +70,5 @@ public class RequestCacheAwareFilterTests {
 		assertThat(expiredCookie.getValue()).isEmpty();
 		assertThat(expiredCookie.getMaxAge()).isZero();
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/savedrequest/SavedCookieTests.java b/web/src/test/java/org/springframework/security/web/savedrequest/SavedCookieTests.java
index 88d3f7a702..3b7134b499 100644
--- a/web/src/test/java/org/springframework/security/web/savedrequest/SavedCookieTests.java
+++ b/web/src/test/java/org/springframework/security/web/savedrequest/SavedCookieTests.java
@@ -28,6 +28,7 @@ import java.io.Serializable;
 public class SavedCookieTests {
 
 	Cookie cookie;
+
 	SavedCookie savedCookie;
 
 	@Before
@@ -94,4 +95,5 @@ public class SavedCookieTests {
 	public void testSerializable() {
 		assertThat(savedCookie instanceof Serializable).isTrue();
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/savedrequest/SavedRequestAwareWrapperTests.java b/web/src/test/java/org/springframework/security/web/savedrequest/SavedRequestAwareWrapperTests.java
index 81c45f1dd8..95c27b05d4 100644
--- a/web/src/test/java/org/springframework/security/web/savedrequest/SavedRequestAwareWrapperTests.java
+++ b/web/src/test/java/org/springframework/security/web/savedrequest/SavedRequestAwareWrapperTests.java
@@ -35,8 +35,7 @@ public class SavedRequestAwareWrapperTests {
 
 	private SavedRequestAwareWrapper createWrapper(MockHttpServletRequest requestToSave,
 			MockHttpServletRequest requestToWrap) {
-		DefaultSavedRequest saved = new DefaultSavedRequest(requestToSave,
-				new PortResolverImpl());
+		DefaultSavedRequest saved = new DefaultSavedRequest(requestToSave, new PortResolverImpl());
 		return new SavedRequestAwareWrapper(saved, requestToWrap);
 	}
 
@@ -57,8 +56,7 @@ public class SavedRequestAwareWrapperTests {
 	public void savedRequesthHeaderIsReturnedIfSavedRequestIsSet() {
 		MockHttpServletRequest savedRequest = new MockHttpServletRequest();
 		savedRequest.addHeader("header", "savedheader");
-		SavedRequestAwareWrapper wrapper = createWrapper(savedRequest,
-				new MockHttpServletRequest());
+		SavedRequestAwareWrapper wrapper = createWrapper(savedRequest, new MockHttpServletRequest());
 
 		assertThat(wrapper.getHeader("nonexistent")).isNull();
 		Enumeration headers = wrapper.getHeaders("nonexistent");
@@ -117,8 +115,7 @@ public class SavedRequestAwareWrapperTests {
 
 	@Test
 	public void getParameterValuesReturnsNullIfParameterIsntSet() {
-		SavedRequestAwareWrapper wrapper = createWrapper(new MockHttpServletRequest(),
-				new MockHttpServletRequest());
+		SavedRequestAwareWrapper wrapper = createWrapper(new MockHttpServletRequest(), new MockHttpServletRequest());
 		assertThat(wrapper.getParameterValues("action")).isNull();
 		assertThat(wrapper.getParameterMap().get("action")).isNull();
 	}
@@ -141,14 +138,12 @@ public class SavedRequestAwareWrapperTests {
 
 	@Test
 	public void expecteDateHeaderIsReturnedFromSavedRequest() throws Exception {
-		SimpleDateFormat formatter = new SimpleDateFormat(
-				"EEE, dd MMM yyyy HH:mm:ss zzz", Locale.US);
+		SimpleDateFormat formatter = new SimpleDateFormat("EEE, dd MMM yyyy HH:mm:ss zzz", Locale.US);
 		String nowString = FastHttpDateFormat.getCurrentDate();
 		Date now = formatter.parse(nowString);
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.addHeader("header", nowString);
-		SavedRequestAwareWrapper wrapper = createWrapper(request,
-				new MockHttpServletRequest());
+		SavedRequestAwareWrapper wrapper = createWrapper(request, new MockHttpServletRequest());
 		assertThat(wrapper.getDateHeader("header")).isEqualTo(now.getTime());
 
 		assertThat(wrapper.getDateHeader("nonexistent")).isEqualTo(-1L);
@@ -158,16 +153,14 @@ public class SavedRequestAwareWrapperTests {
 	public void invalidDateHeaderIsRejected() {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.addHeader("header", "notadate");
-		SavedRequestAwareWrapper wrapper = createWrapper(request,
-				new MockHttpServletRequest());
+		SavedRequestAwareWrapper wrapper = createWrapper(request, new MockHttpServletRequest());
 		wrapper.getDateHeader("header");
 	}
 
 	@Test
 	public void correctHttpMethodIsReturned() {
 		MockHttpServletRequest request = new MockHttpServletRequest("PUT", "/notused");
-		SavedRequestAwareWrapper wrapper = createWrapper(request,
-				new MockHttpServletRequest("GET", "/notused"));
+		SavedRequestAwareWrapper wrapper = createWrapper(request, new MockHttpServletRequest("GET", "/notused"));
 		assertThat(wrapper.getMethod()).isEqualTo("PUT");
 	}
 
@@ -176,8 +169,7 @@ public class SavedRequestAwareWrapperTests {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.addHeader("header", "999");
 		request.addHeader("header", "1000");
-		SavedRequestAwareWrapper wrapper = createWrapper(request,
-				new MockHttpServletRequest());
+		SavedRequestAwareWrapper wrapper = createWrapper(request, new MockHttpServletRequest());
 
 		assertThat(wrapper.getIntHeader("header")).isEqualTo(999);
 		assertThat(wrapper.getIntHeader("nonexistent")).isEqualTo(-1);
diff --git a/web/src/test/java/org/springframework/security/web/savedrequest/SimpleSavedRequestTests.java b/web/src/test/java/org/springframework/security/web/savedrequest/SimpleSavedRequestTests.java
index f1f6d4c0ee..95f5ee3985 100644
--- a/web/src/test/java/org/springframework/security/web/savedrequest/SimpleSavedRequestTests.java
+++ b/web/src/test/java/org/springframework/security/web/savedrequest/SimpleSavedRequestTests.java
@@ -74,12 +74,12 @@ public class SimpleSavedRequestTests {
 	}
 
 	private SimpleSavedRequest prepareSavedRequest() {
-		SimpleSavedRequest	simpleSavedRequest = new SimpleSavedRequest("redirectUrl");
+		SimpleSavedRequest simpleSavedRequest = new SimpleSavedRequest("redirectUrl");
 		simpleSavedRequest.setCookies(Collections.singletonList(new Cookie("cookiename", "cookievalue")));
 		simpleSavedRequest.setMethod("POST");
 		simpleSavedRequest.setHeaders(Collections.singletonMap("headername", Collections.singletonList("headervalue")));
 		simpleSavedRequest.setLocales(Collections.singletonList(Locale.ENGLISH));
-		simpleSavedRequest.setParameters(Collections.singletonMap("key", new String[] {"value"}));
+		simpleSavedRequest.setParameters(Collections.singletonMap("key", new String[] { "value" }));
 		return simpleSavedRequest;
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/server/DefaultServerRedirectStrategyTests.java b/web/src/test/java/org/springframework/security/web/server/DefaultServerRedirectStrategyTests.java
index 53833842d5..a74d731362 100644
--- a/web/src/test/java/org/springframework/security/web/server/DefaultServerRedirectStrategyTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/DefaultServerRedirectStrategyTests.java
@@ -42,8 +42,7 @@ public class DefaultServerRedirectStrategyTests {
 
 	private URI location = URI.create("/login");
 
-	private DefaultServerRedirectStrategy strategy =
-		new DefaultServerRedirectStrategy();
+	private DefaultServerRedirectStrategy strategy = new DefaultServerRedirectStrategy();
 
 	@Test(expected = IllegalArgumentException.class)
 	public void sendRedirectWhenLocationNullThenException() {
@@ -68,8 +67,7 @@ public class DefaultServerRedirectStrategyTests {
 
 		this.strategy.sendRedirect(this.exchange, this.location).block();
 
-		assertThat(this.exchange.getResponse().getStatusCode()).isEqualTo(
-			HttpStatus.FOUND);
+		assertThat(this.exchange.getResponse().getStatusCode()).isEqualTo(HttpStatus.FOUND);
 		assertThat(this.exchange.getResponse().getHeaders().getLocation()).hasPath(this.location.getPath());
 	}
 
@@ -80,7 +78,8 @@ public class DefaultServerRedirectStrategyTests {
 		this.strategy.sendRedirect(this.exchange, this.location).block();
 
 		assertThat(this.exchange.getResponse().getStatusCode()).isEqualTo(HttpStatus.FOUND);
-		assertThat(this.exchange.getResponse().getHeaders().getLocation()).hasPath("/context" + this.location.getPath());
+		assertThat(this.exchange.getResponse().getHeaders().getLocation())
+				.hasPath("/context" + this.location.getPath());
 	}
 
 	@Test
@@ -125,4 +124,5 @@ public class DefaultServerRedirectStrategyTests {
 	private static MockServerWebExchange exchange(MockServerHttpRequest.BaseBuilder<?> request) {
 		return MockServerWebExchange.from(request.build());
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/server/DelegatingServerAuthenticationEntryPointTests.java b/web/src/test/java/org/springframework/security/web/server/DelegatingServerAuthenticationEntryPointTests.java
index dfb260bdc7..dc28edf932 100644
--- a/web/src/test/java/org/springframework/security/web/server/DelegatingServerAuthenticationEntryPointTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/DelegatingServerAuthenticationEntryPointTests.java
@@ -41,31 +41,33 @@ import static org.springframework.security.web.server.DelegatingServerAuthentica
  */
 @RunWith(MockitoJUnitRunner.class)
 public class DelegatingServerAuthenticationEntryPointTests {
+
 	private ServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/").build());
 
 	@Mock
 	private ServerWebExchangeMatcher matcher1;
+
 	@Mock
 	private ServerWebExchangeMatcher matcher2;
+
 	@Mock
 	private ServerAuthenticationEntryPoint delegate1;
+
 	@Mock
 	private ServerAuthenticationEntryPoint delegate2;
 
 	private AuthenticationException e = new AuthenticationCredentialsNotFoundException("Log In");
+
 	private DelegatingServerAuthenticationEntryPoint entryPoint;
 
 	@Test
 	public void commenceWhenNotMatchThenMatchThenOnlySecondDelegateInvoked() {
 		Mono<Void> expectedResult = Mono.empty();
-		when(this.matcher1.matches(this.exchange)).thenReturn(
-			ServerWebExchangeMatcher.MatchResult.notMatch());
-		when(this.matcher2.matches(this.exchange)).thenReturn(
-			ServerWebExchangeMatcher.MatchResult.match());
+		when(this.matcher1.matches(this.exchange)).thenReturn(ServerWebExchangeMatcher.MatchResult.notMatch());
+		when(this.matcher2.matches(this.exchange)).thenReturn(ServerWebExchangeMatcher.MatchResult.match());
 		when(this.delegate2.commence(this.exchange, this.e)).thenReturn(expectedResult);
-		this.entryPoint = new DelegatingServerAuthenticationEntryPoint(
-			new DelegateEntry(this.matcher1, this.delegate1),
-			new DelegateEntry(this.matcher2, this.delegate2));
+		this.entryPoint = new DelegatingServerAuthenticationEntryPoint(new DelegateEntry(this.matcher1, this.delegate1),
+				new DelegateEntry(this.matcher2, this.delegate2));
 
 		Mono<Void> actualResult = this.entryPoint.commence(this.exchange, this.e);
 		actualResult.block();
@@ -76,15 +78,14 @@ public class DelegatingServerAuthenticationEntryPointTests {
 
 	@Test
 	public void commenceWhenNotMatchThenDefault() {
-		when(this.matcher1.matches(this.exchange)).thenReturn(
-			ServerWebExchangeMatcher.MatchResult.notMatch());
+		when(this.matcher1.matches(this.exchange)).thenReturn(ServerWebExchangeMatcher.MatchResult.notMatch());
 		this.entryPoint = new DelegatingServerAuthenticationEntryPoint(
-			new DelegateEntry(this.matcher1, this.delegate1));
+				new DelegateEntry(this.matcher1, this.delegate1));
 
 		this.entryPoint.commence(this.exchange, this.e).block();
 
-		assertThat(this.exchange.getResponse().getStatusCode()).isEqualTo(
-			HttpStatus.UNAUTHORIZED);
+		assertThat(this.exchange.getResponse().getStatusCode()).isEqualTo(HttpStatus.UNAUTHORIZED);
 		verifyZeroInteractions(this.delegate1);
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/server/WebFilterChainProxyTests.java b/web/src/test/java/org/springframework/security/web/server/WebFilterChainProxyTests.java
index f411738df3..1afad15692 100644
--- a/web/src/test/java/org/springframework/security/web/server/WebFilterChainProxyTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/WebFilterChainProxyTests.java
@@ -44,17 +44,17 @@ public class WebFilterChainProxyTests {
 		MatcherSecurityWebFilterChain chain = new MatcherSecurityWebFilterChain(notMatch, filters);
 		WebFilterChainProxy filter = new WebFilterChainProxy(chain);
 
-		WebTestClient.bindToController(new Object()).webFilter(filter).build()
-			.get()
-			.exchange()
-			.expectStatus().isNotFound();
+		WebTestClient.bindToController(new Object()).webFilter(filter).build().get().exchange().expectStatus()
+				.isNotFound();
 	}
 
 	static class Http200WebFilter implements WebFilter {
+
 		@Override
-		public Mono<Void> filter(ServerWebExchange exchange,
-			WebFilterChain chain) {
+		public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
 			return Mono.fromRunnable(() -> exchange.getResponse().setStatusCode(HttpStatus.FORBIDDEN));
 		}
+
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/server/WebFilterExchangeTests.java b/web/src/test/java/org/springframework/security/web/server/WebFilterExchangeTests.java
index bf764d393a..82a3bac64a 100644
--- a/web/src/test/java/org/springframework/security/web/server/WebFilterExchangeTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/WebFilterExchangeTests.java
@@ -31,20 +31,22 @@ import static org.assertj.core.api.Assertions.assertThat;
  */
 @RunWith(MockitoJUnitRunner.class)
 public class WebFilterExchangeTests {
+
 	@Mock
 	private ServerWebExchange exchange;
+
 	@Mock
 	private WebFilterChain chain;
 
 	@Test(expected = IllegalArgumentException.class)
 	public void constructorServerWebExchangeWebFilterChainWhenExchangeNullThenException() {
-		this. exchange = null;
+		this.exchange = null;
 		new WebFilterExchange(this.exchange, this.chain);
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void constructorServerWebExchangeWebFilterChainWhenChainNullThenException() {
-		this. chain = null;
+		this.chain = null;
 		new WebFilterExchange(this.exchange, this.chain);
 	}
 
@@ -61,4 +63,5 @@ public class WebFilterExchangeTests {
 
 		assertThat(filterExchange.getChain()).isEqualTo(this.chain);
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/AnonymousAuthenticationWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/AnonymousAuthenticationWebFilterTests.java
index a6c3a14e22..e641312516 100644
--- a/web/src/test/java/org/springframework/security/web/server/authentication/AnonymousAuthenticationWebFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authentication/AnonymousAuthenticationWebFilterTests.java
@@ -45,26 +45,21 @@ public class AnonymousAuthenticationWebFilterTests {
 	public void anonymousAuthenticationFilterWorking() {
 
 		WebTestClient client = WebTestClientBuilder.bindToControllerAndWebFilters(HttpMeController.class,
-				new AnonymousAuthenticationWebFilter(UUID.randomUUID().toString()))
-				.build();
+				new AnonymousAuthenticationWebFilter(UUID.randomUUID().toString())).build();
 
-		client.get()
-				.uri("/me")
-				.exchange()
-				.expectStatus().isOk()
-				.expectBody(String.class).isEqualTo("anonymousUser");
+		client.get().uri("/me").exchange().expectStatus().isOk().expectBody(String.class).isEqualTo("anonymousUser");
 	}
 
 	@RestController
 	@RequestMapping("/me")
 	public static class HttpMeController {
+
 		@GetMapping
 		public Mono<String> me(ServerWebExchange exchange) {
-			return ReactiveSecurityContextHolder
-					.getContext()
-					.map(SecurityContext::getAuthentication)
-					.map(Authentication::getPrincipal)
-					.ofType(String.class);
+			return ReactiveSecurityContextHolder.getContext().map(SecurityContext::getAuthentication)
+					.map(Authentication::getPrincipal).ofType(String.class);
 		}
+
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/AuthenticationConverterServerWebExchangeMatcherTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/AuthenticationConverterServerWebExchangeMatcherTests.java
index c129429e47..92c76b25e3 100644
--- a/web/src/test/java/org/springframework/security/web/server/authentication/AuthenticationConverterServerWebExchangeMatcherTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authentication/AuthenticationConverterServerWebExchangeMatcherTests.java
@@ -39,8 +39,11 @@ import static org.mockito.Mockito.when;
  */
 @RunWith(MockitoJUnitRunner.class)
 public class AuthenticationConverterServerWebExchangeMatcherTests {
+
 	private MockServerWebExchange exchange;
+
 	private AuthenticationConverterServerWebExchangeMatcher matcher;
+
 	private Authentication authentication = new TestingAuthenticationToken("user", "password");
 
 	@Mock
@@ -83,15 +86,14 @@ public class AuthenticationConverterServerWebExchangeMatcherTests {
 	public void matchesWhenNullThenThrowsException() {
 		when(this.converter.convert(any())).thenReturn(null);
 
-		assertThatCode(() -> this.matcher.matches(this.exchange).block())
-				.isInstanceOf(NullPointerException.class);
+		assertThatCode(() -> this.matcher.matches(this.exchange).block()).isInstanceOf(NullPointerException.class);
 	}
 
 	@Test
 	public void matchesWhenExceptionThenPropagates() {
 		when(this.converter.convert(any())).thenThrow(RuntimeException.class);
 
-		assertThatCode(() -> this.matcher.matches(this.exchange).block())
-				.isInstanceOf(RuntimeException.class);
+		assertThatCode(() -> this.matcher.matches(this.exchange).block()).isInstanceOf(RuntimeException.class);
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/AuthenticationWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/AuthenticationWebFilterTests.java
index 257e566c39..ac761ef238 100644
--- a/web/src/test/java/org/springframework/security/web/server/authentication/AuthenticationWebFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authentication/AuthenticationWebFilterTests.java
@@ -50,16 +50,22 @@ import static org.mockito.Mockito.when;
  */
 @RunWith(MockitoJUnitRunner.class)
 public class AuthenticationWebFilterTests {
+
 	@Mock
 	private ServerAuthenticationSuccessHandler successHandler;
+
 	@Mock
 	private ServerAuthenticationConverter authenticationConverter;
+
 	@Mock
 	private ReactiveAuthenticationManager authenticationManager;
+
 	@Mock
 	private ServerAuthenticationFailureHandler failureHandler;
+
 	@Mock
 	private ServerSecurityContextRepository securityContextRepository;
+
 	@Mock
 	private ReactiveAuthenticationManagerResolver<ServerWebExchange> authenticationManagerResolver;
 
@@ -78,16 +84,11 @@ public class AuthenticationWebFilterTests {
 	public void filterWhenDefaultsAndNoAuthenticationThenContinues() {
 		this.filter = new AuthenticationWebFilter(this.authenticationManager);
 
-		WebTestClient client = WebTestClientBuilder
-			.bindToWebFilters(this.filter)
-			.build();
+		WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.filter).build();
 
-		EntityExchangeResult<String> result = client.get()
-			.uri("/")
-			.exchange()
-			.expectStatus().isOk()
-			.expectBody(String.class).consumeWith(b -> assertThat(b.getResponseBody()).isEqualTo("ok"))
-			.returnResult();
+		EntityExchangeResult<String> result = client.get().uri("/").exchange().expectStatus().isOk()
+				.expectBody(String.class).consumeWith(b -> assertThat(b.getResponseBody()).isEqualTo("ok"))
+				.returnResult();
 
 		verifyZeroInteractions(this.authenticationManager);
 		assertThat(result.getResponseCookies()).isEmpty();
@@ -97,16 +98,11 @@ public class AuthenticationWebFilterTests {
 	public void filterWhenAuthenticationManagerResolverDefaultsAndNoAuthenticationThenContinues() {
 		this.filter = new AuthenticationWebFilter(this.authenticationManagerResolver);
 
-		WebTestClient client = WebTestClientBuilder
-			.bindToWebFilters(this.filter)
-			.build();
+		WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.filter).build();
 
-		EntityExchangeResult<String> result = client.get()
-			.uri("/")
-			.exchange()
-			.expectStatus().isOk()
-			.expectBody(String.class).consumeWith(b -> assertThat(b.getResponseBody()).isEqualTo("ok"))
-			.returnResult();
+		EntityExchangeResult<String> result = client.get().uri("/").exchange().expectStatus().isOk()
+				.expectBody(String.class).consumeWith(b -> assertThat(b.getResponseBody()).isEqualTo("ok"))
+				.returnResult();
 
 		verifyZeroInteractions(this.authenticationManagerResolver);
 		assertThat(result.getResponseCookies()).isEmpty();
@@ -114,88 +110,66 @@ public class AuthenticationWebFilterTests {
 
 	@Test
 	public void filterWhenDefaultsAndAuthenticationSuccessThenContinues() {
-		when(this.authenticationManager.authenticate(any())).thenReturn(Mono.just(new TestingAuthenticationToken("test", "this", "ROLE")));
+		when(this.authenticationManager.authenticate(any()))
+				.thenReturn(Mono.just(new TestingAuthenticationToken("test", "this", "ROLE")));
 		this.filter = new AuthenticationWebFilter(this.authenticationManager);
 
-		WebTestClient client = WebTestClientBuilder
-			.bindToWebFilters(this.filter)
-			.build();
+		WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.filter).build();
 
-		EntityExchangeResult<String> result = client
-			.get()
-			.uri("/")
-			.headers(headers -> headers.setBasicAuth("test", "this"))
-			.exchange()
-			.expectStatus().isOk()
-			.expectBody(String.class).consumeWith(b -> assertThat(b.getResponseBody()).isEqualTo("ok"))
-			.returnResult();
+		EntityExchangeResult<String> result = client.get().uri("/")
+				.headers(headers -> headers.setBasicAuth("test", "this")).exchange().expectStatus().isOk()
+				.expectBody(String.class).consumeWith(b -> assertThat(b.getResponseBody()).isEqualTo("ok"))
+				.returnResult();
 
 		assertThat(result.getResponseCookies()).isEmpty();
 	}
 
 	@Test
 	public void filterWhenAuthenticationManagerResolverDefaultsAndAuthenticationSuccessThenContinues() {
-		when(this.authenticationManager.authenticate(any())).thenReturn(Mono.just(new TestingAuthenticationToken("test", "this", "ROLE")));
+		when(this.authenticationManager.authenticate(any()))
+				.thenReturn(Mono.just(new TestingAuthenticationToken("test", "this", "ROLE")));
 		when(this.authenticationManagerResolver.resolve(any())).thenReturn(Mono.just(this.authenticationManager));
 
 		this.filter = new AuthenticationWebFilter(this.authenticationManagerResolver);
 
-		WebTestClient client = WebTestClientBuilder
-			.bindToWebFilters(this.filter)
-			.build();
+		WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.filter).build();
 
-		EntityExchangeResult<String> result = client
-			.get()
-			.uri("/")
-			.headers(headers -> headers.setBasicAuth("test", "this"))
-			.exchange()
-			.expectStatus().isOk()
-			.expectBody(String.class).consumeWith(b -> assertThat(b.getResponseBody()).isEqualTo("ok"))
-			.returnResult();
+		EntityExchangeResult<String> result = client.get().uri("/")
+				.headers(headers -> headers.setBasicAuth("test", "this")).exchange().expectStatus().isOk()
+				.expectBody(String.class).consumeWith(b -> assertThat(b.getResponseBody()).isEqualTo("ok"))
+				.returnResult();
 
 		assertThat(result.getResponseCookies()).isEmpty();
 	}
 
 	@Test
 	public void filterWhenDefaultsAndAuthenticationFailThenUnauthorized() {
-		when(this.authenticationManager.authenticate(any())).thenReturn(Mono.error(new BadCredentialsException("failed")));
+		when(this.authenticationManager.authenticate(any()))
+				.thenReturn(Mono.error(new BadCredentialsException("failed")));
 		this.filter = new AuthenticationWebFilter(this.authenticationManager);
 
-		WebTestClient client = WebTestClientBuilder
-			.bindToWebFilters(this.filter)
-			.build();
+		WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.filter).build();
 
-		EntityExchangeResult<Void> result = client
-			.get()
-			.uri("/")
-			.headers(headers -> headers.setBasicAuth("test", "this"))
-			.exchange()
-			.expectStatus().isUnauthorized()
-			.expectHeader().valueMatches("WWW-Authenticate", "Basic realm=\"Realm\"")
-			.expectBody().isEmpty();
+		EntityExchangeResult<Void> result = client.get().uri("/")
+				.headers(headers -> headers.setBasicAuth("test", "this")).exchange().expectStatus().isUnauthorized()
+				.expectHeader().valueMatches("WWW-Authenticate", "Basic realm=\"Realm\"").expectBody().isEmpty();
 
 		assertThat(result.getResponseCookies()).isEmpty();
 	}
 
 	@Test
 	public void filterWhenAuthenticationManagerResolverDefaultsAndAuthenticationFailThenUnauthorized() {
-		when(this.authenticationManager.authenticate(any())).thenReturn(Mono.error(new BadCredentialsException("failed")));
+		when(this.authenticationManager.authenticate(any()))
+				.thenReturn(Mono.error(new BadCredentialsException("failed")));
 		when(this.authenticationManagerResolver.resolve(any())).thenReturn(Mono.just(this.authenticationManager));
 
 		this.filter = new AuthenticationWebFilter(this.authenticationManagerResolver);
 
-		WebTestClient client = WebTestClientBuilder
-			.bindToWebFilters(this.filter)
-			.build();
+		WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.filter).build();
 
-		EntityExchangeResult<Void> result = client
-			.get()
-			.uri("/")
-			.headers(headers -> headers.setBasicAuth("test", "this"))
-			.exchange()
-			.expectStatus().isUnauthorized()
-			.expectHeader().valueMatches("WWW-Authenticate", "Basic realm=\"Realm\"")
-			.expectBody().isEmpty();
+		EntityExchangeResult<Void> result = client.get().uri("/")
+				.headers(headers -> headers.setBasicAuth("test", "this")).exchange().expectStatus().isUnauthorized()
+				.expectHeader().valueMatches("WWW-Authenticate", "Basic realm=\"Realm\"").expectBody().isEmpty();
 
 		assertThat(result.getResponseCookies()).isEmpty();
 	}
@@ -204,41 +178,25 @@ public class AuthenticationWebFilterTests {
 	public void filterWhenConvertEmptyThenOk() {
 		when(this.authenticationConverter.convert(any())).thenReturn(Mono.empty());
 
-		WebTestClient client = WebTestClientBuilder
-			.bindToWebFilters(this.filter)
-			.build();
+		WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.filter).build();
 
-		client
-			.get()
-			.uri("/")
-			.exchange()
-			.expectStatus().isOk()
-			.expectBody(String.class).consumeWith(b -> assertThat(b.getResponseBody()).isEqualTo("ok"))
-			.returnResult();
+		client.get().uri("/").exchange().expectStatus().isOk().expectBody(String.class)
+				.consumeWith(b -> assertThat(b.getResponseBody()).isEqualTo("ok")).returnResult();
 
 		verify(this.securityContextRepository, never()).save(any(), any());
-		verifyZeroInteractions(this.authenticationManager, this.successHandler,
-			this.failureHandler);
+		verifyZeroInteractions(this.authenticationManager, this.successHandler, this.failureHandler);
 	}
 
 	@Test
 	public void filterWhenConvertErrorThenServerError() {
 		when(this.authenticationConverter.convert(any())).thenReturn(Mono.error(new RuntimeException("Unexpected")));
 
-		WebTestClient client = WebTestClientBuilder
-			.bindToWebFilters(this.filter)
-			.build();
+		WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.filter).build();
 
-		client
-			.get()
-			.uri("/")
-			.exchange()
-			.expectStatus().is5xxServerError()
-			.expectBody().isEmpty();
+		client.get().uri("/").exchange().expectStatus().is5xxServerError().expectBody().isEmpty();
 
 		verify(this.securityContextRepository, never()).save(any(), any());
-		verifyZeroInteractions(this.authenticationManager, this.successHandler,
-			this.failureHandler);
+		verifyZeroInteractions(this.authenticationManager, this.successHandler, this.failureHandler);
 	}
 
 	@Test
@@ -247,21 +205,13 @@ public class AuthenticationWebFilterTests {
 		when(this.authenticationConverter.convert(any())).thenReturn(authentication);
 		when(this.authenticationManager.authenticate(any())).thenReturn(authentication);
 		when(this.successHandler.onAuthenticationSuccess(any(), any())).thenReturn(Mono.empty());
-		when(this.securityContextRepository.save(any(), any())).thenAnswer( a -> Mono.just(a.getArguments()[0]));
+		when(this.securityContextRepository.save(any(), any())).thenAnswer(a -> Mono.just(a.getArguments()[0]));
 
-		WebTestClient client = WebTestClientBuilder
-			.bindToWebFilters(this.filter)
-			.build();
+		WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.filter).build();
 
-		client
-			.get()
-			.uri("/")
-			.exchange()
-			.expectStatus().isOk()
-			.expectBody().isEmpty();
+		client.get().uri("/").exchange().expectStatus().isOk().expectBody().isEmpty();
 
-		verify(this.successHandler).onAuthenticationSuccess(any(),
-			eq(authentication.block()));
+		verify(this.successHandler).onAuthenticationSuccess(any(), eq(authentication.block()));
 		verify(this.securityContextRepository).save(any(), any());
 		verifyZeroInteractions(this.failureHandler);
 	}
@@ -272,16 +222,9 @@ public class AuthenticationWebFilterTests {
 		when(this.authenticationConverter.convert(any())).thenReturn(authentication);
 		when(this.authenticationManager.authenticate(any())).thenReturn(Mono.empty());
 
-		WebTestClient client = WebTestClientBuilder
-				.bindToWebFilters(this.filter)
-				.build();
+		WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.filter).build();
 
-		client
-				.get()
-				.uri("/")
-				.exchange()
-				.expectStatus().is5xxServerError()
-				.expectBody().isEmpty();
+		client.get().uri("/").exchange().expectStatus().is5xxServerError().expectBody().isEmpty();
 
 		verify(this.securityContextRepository, never()).save(any(), any());
 		verifyZeroInteractions(this.successHandler, this.failureHandler);
@@ -291,18 +234,12 @@ public class AuthenticationWebFilterTests {
 	public void filterWhenNotMatchAndConvertAndAuthenticationSuccessThenContinues() {
 		this.filter.setRequiresAuthenticationMatcher(e -> ServerWebExchangeMatcher.MatchResult.notMatch());
 
-		WebTestClient client = WebTestClientBuilder
-			.bindToWebFilters(this.filter)
-			.build();
+		WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.filter).build();
 
-		EntityExchangeResult<String> result = client
-			.get()
-			.uri("/")
-			.headers(headers -> headers.setBasicAuth("test", "this"))
-			.exchange()
-			.expectStatus().isOk()
-			.expectBody(String.class).consumeWith(b -> assertThat(b.getResponseBody()).isEqualTo("ok"))
-			.returnResult();
+		EntityExchangeResult<String> result = client.get().uri("/")
+				.headers(headers -> headers.setBasicAuth("test", "this")).exchange().expectStatus().isOk()
+				.expectBody(String.class).consumeWith(b -> assertThat(b.getResponseBody()).isEqualTo("ok"))
+				.returnResult();
 
 		assertThat(result.getResponseCookies()).isEmpty();
 		verifyZeroInteractions(this.authenticationConverter, this.authenticationManager, this.successHandler);
@@ -312,19 +249,13 @@ public class AuthenticationWebFilterTests {
 	public void filterWhenConvertAndAuthenticationFailThenEntryPoint() {
 		Mono<Authentication> authentication = Mono.just(new TestingAuthenticationToken("test", "this", "ROLE_USER"));
 		when(this.authenticationConverter.convert(any())).thenReturn(authentication);
-		when(this.authenticationManager.authenticate(any())).thenReturn(Mono.error(new BadCredentialsException("Failed")));
+		when(this.authenticationManager.authenticate(any()))
+				.thenReturn(Mono.error(new BadCredentialsException("Failed")));
 		when(this.failureHandler.onAuthenticationFailure(any(), any())).thenReturn(Mono.empty());
 
-		WebTestClient client = WebTestClientBuilder
-			.bindToWebFilters(this.filter)
-			.build();
+		WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.filter).build();
 
-		client
-			.get()
-			.uri("/")
-			.exchange()
-			.expectStatus().isOk()
-			.expectBody().isEmpty();
+		client.get().uri("/").exchange().expectStatus().isOk().expectBody().isEmpty();
 
 		verify(this.failureHandler).onAuthenticationFailure(any(), any());
 		verify(this.securityContextRepository, never()).save(any(), any());
@@ -337,16 +268,9 @@ public class AuthenticationWebFilterTests {
 		when(this.authenticationConverter.convert(any())).thenReturn(authentication);
 		when(this.authenticationManager.authenticate(any())).thenReturn(Mono.error(new RuntimeException("Failed")));
 
-		WebTestClient client = WebTestClientBuilder
-			.bindToWebFilters(this.filter)
-			.build();
+		WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.filter).build();
 
-		client
-			.get()
-			.uri("/")
-			.exchange()
-			.expectStatus().is5xxServerError()
-			.expectBody().isEmpty();
+		client.get().uri("/").exchange().expectStatus().is5xxServerError().expectBody().isEmpty();
 
 		verify(this.securityContextRepository, never()).save(any(), any());
 		verifyZeroInteractions(this.successHandler, this.failureHandler);
@@ -356,4 +280,5 @@ public class AuthenticationWebFilterTests {
 	public void setRequiresAuthenticationMatcherWhenNullThenException() {
 		this.filter.setRequiresAuthenticationMatcher(null);
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/DelegatingServerAuthenticationSuccessHandlerTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/DelegatingServerAuthenticationSuccessHandlerTests.java
index cd4432416e..c92a508d9c 100644
--- a/web/src/test/java/org/springframework/security/web/server/authentication/DelegatingServerAuthenticationSuccessHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authentication/DelegatingServerAuthenticationSuccessHandlerTests.java
@@ -42,12 +42,15 @@ import static org.mockito.Mockito.when;
  */
 @RunWith(MockitoJUnitRunner.class)
 public class DelegatingServerAuthenticationSuccessHandlerTests {
+
 	@Mock
 	private ServerAuthenticationSuccessHandler delegate1;
 
 	@Mock
 	private ServerAuthenticationSuccessHandler delegate2;
+
 	private PublisherProbe<Void> delegate1Result = PublisherProbe.empty();
+
 	private PublisherProbe<Void> delegate2Result = PublisherProbe.empty();
 
 	@Mock
@@ -64,14 +67,16 @@ public class DelegatingServerAuthenticationSuccessHandlerTests {
 
 	@Test
 	public void constructorWhenNullThenIllegalArgumentException() {
-		assertThatThrownBy(() -> new DelegatingServerAuthenticationSuccessHandler((ServerAuthenticationSuccessHandler[]) null))
-			.isInstanceOf(IllegalArgumentException.class);
+		assertThatThrownBy(
+				() -> new DelegatingServerAuthenticationSuccessHandler((ServerAuthenticationSuccessHandler[]) null))
+						.isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
 	public void constructorWhenEmptyThenIllegalArgumentException() {
-		assertThatThrownBy(() -> new DelegatingServerAuthenticationSuccessHandler(new ServerAuthenticationSuccessHandler[0]))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatThrownBy(
+				() -> new DelegatingServerAuthenticationSuccessHandler(new ServerAuthenticationSuccessHandler[0]))
+						.isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
@@ -99,21 +104,19 @@ public class DelegatingServerAuthenticationSuccessHandlerTests {
 	public void onAuthenticationSuccessSequential() throws Exception {
 		AtomicBoolean slowDone = new AtomicBoolean();
 		CountDownLatch latch = new CountDownLatch(1);
-		ServerAuthenticationSuccessHandler slow = (exchange, authentication) ->
-				Mono.delay(Duration.ofMillis(100))
-						.doOnSuccess(__ -> slowDone.set(true))
-						.then();
-		ServerAuthenticationSuccessHandler second = (exchange, authentication) ->
-				Mono.fromRunnable(() -> {
-					latch.countDown();
-					assertThat(slowDone.get())
-							.describedAs("ServerAuthenticationSuccessHandler should be executed sequentially")
-							.isTrue();
-				});
-		DelegatingServerAuthenticationSuccessHandler handler = new DelegatingServerAuthenticationSuccessHandler(slow, second);
+		ServerAuthenticationSuccessHandler slow = (exchange, authentication) -> Mono.delay(Duration.ofMillis(100))
+				.doOnSuccess(__ -> slowDone.set(true)).then();
+		ServerAuthenticationSuccessHandler second = (exchange, authentication) -> Mono.fromRunnable(() -> {
+			latch.countDown();
+			assertThat(slowDone.get()).describedAs("ServerAuthenticationSuccessHandler should be executed sequentially")
+					.isTrue();
+		});
+		DelegatingServerAuthenticationSuccessHandler handler = new DelegatingServerAuthenticationSuccessHandler(slow,
+				second);
 
 		handler.onAuthenticationSuccess(this.exchange, this.authentication).block();
 
 		assertThat(latch.await(3, TimeUnit.SECONDS)).isTrue();
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/HttpBasicServerAuthenticationEntryPointTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/HttpBasicServerAuthenticationEntryPointTests.java
index f7d58a90c2..456c39a1e9 100644
--- a/web/src/test/java/org/springframework/security/web/server/authentication/HttpBasicServerAuthenticationEntryPointTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authentication/HttpBasicServerAuthenticationEntryPointTests.java
@@ -38,16 +38,17 @@ import static org.mockito.Mockito.verifyZeroInteractions;
  */
 @RunWith(MockitoJUnitRunner.class)
 public class HttpBasicServerAuthenticationEntryPointTests {
+
 	@Mock
 	private ServerWebExchange exchange;
+
 	private HttpBasicServerAuthenticationEntryPoint entryPoint = new HttpBasicServerAuthenticationEntryPoint();
 
 	private AuthenticationException exception = new AuthenticationCredentialsNotFoundException("Authenticate");
 
 	@Test
 	public void commenceWhenNoSubscribersThenNoActions() {
-		this.entryPoint.commence(this.exchange,
-				this.exception);
+		this.entryPoint.commence(this.exchange, this.exception);
 
 		verifyZeroInteractions(this.exchange);
 	}
@@ -58,10 +59,9 @@ public class HttpBasicServerAuthenticationEntryPointTests {
 
 		this.entryPoint.commence(this.exchange, this.exception).block();
 
-		assertThat(this.exchange.getResponse().getStatusCode()).isEqualTo(
-			HttpStatus.UNAUTHORIZED);
-		assertThat(this.exchange.getResponse().getHeaders().get("WWW-Authenticate")).containsOnly(
-			"Basic realm=\"Realm\"");
+		assertThat(this.exchange.getResponse().getStatusCode()).isEqualTo(HttpStatus.UNAUTHORIZED);
+		assertThat(this.exchange.getResponse().getHeaders().get("WWW-Authenticate"))
+				.containsOnly("Basic realm=\"Realm\"");
 	}
 
 	@Test
@@ -71,10 +71,9 @@ public class HttpBasicServerAuthenticationEntryPointTests {
 
 		this.entryPoint.commence(this.exchange, this.exception).block();
 
-		assertThat(this.exchange.getResponse().getStatusCode()).isEqualTo(
-			HttpStatus.UNAUTHORIZED);
-		assertThat(this.exchange.getResponse().getHeaders().get("WWW-Authenticate")).containsOnly(
-			"Basic realm=\"Custom\"");
+		assertThat(this.exchange.getResponse().getStatusCode()).isEqualTo(HttpStatus.UNAUTHORIZED);
+		assertThat(this.exchange.getResponse().getHeaders().get("WWW-Authenticate"))
+				.containsOnly("Basic realm=\"Custom\"");
 	}
 
 	@Test(expected = IllegalArgumentException.class)
@@ -82,8 +81,8 @@ public class HttpBasicServerAuthenticationEntryPointTests {
 		this.entryPoint.setRealm(null);
 	}
 
-
 	private static MockServerWebExchange exchange(MockServerHttpRequest.BaseBuilder<?> request) {
 		return MockServerWebExchange.from(request.build());
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/HttpStatusServerEntryPointTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/HttpStatusServerEntryPointTests.java
index baff46e4f6..14fdf1b987 100644
--- a/web/src/test/java/org/springframework/security/web/server/authentication/HttpStatusServerEntryPointTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authentication/HttpStatusServerEntryPointTests.java
@@ -31,23 +31,27 @@ import org.springframework.security.core.AuthenticationException;
  * @since 5.1
  */
 public class HttpStatusServerEntryPointTests {
+
 	private MockServerHttpRequest request;
+
 	private MockServerWebExchange exchange;
+
 	private AuthenticationException authException;
+
 	private HttpStatusServerEntryPoint entryPoint;
 
 	@Before
 	public void setup() {
 		this.request = MockServerHttpRequest.get("/").build();
 		this.exchange = MockServerWebExchange.from(this.request);
-		this.authException = new AuthenticationException("") { };
+		this.authException = new AuthenticationException("") {
+		};
 		this.entryPoint = new HttpStatusServerEntryPoint(HttpStatus.UNAUTHORIZED);
 	}
 
 	@Test
 	public void constructorNullStatus() {
-		assertThatExceptionOfType(IllegalArgumentException.class)
-				.isThrownBy(() -> new HttpStatusServerEntryPoint(null))
+		assertThatExceptionOfType(IllegalArgumentException.class).isThrownBy(() -> new HttpStatusServerEntryPoint(null))
 				.withMessage("httpStatus cannot be null");
 	}
 
@@ -56,4 +60,5 @@ public class HttpStatusServerEntryPointTests {
 		this.entryPoint.commence(this.exchange, this.authException).block();
 		assertThat(this.exchange.getResponse().getStatusCode()).isEqualTo(HttpStatus.UNAUTHORIZED);
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/ReactivePreAuthenticatedAuthenticationManagerTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/ReactivePreAuthenticatedAuthenticationManagerTests.java
index 9dacbd93a6..5970a16ba7 100644
--- a/web/src/test/java/org/springframework/security/web/server/authentication/ReactivePreAuthenticatedAuthenticationManagerTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authentication/ReactivePreAuthenticatedAuthenticationManagerTests.java
@@ -41,17 +41,22 @@ import static org.mockito.Mockito.when;
  */
 public class ReactivePreAuthenticatedAuthenticationManagerTests {
 
-	private ReactiveUserDetailsService mockUserDetailsService
-			= mock(ReactiveUserDetailsService.class);
+	private ReactiveUserDetailsService mockUserDetailsService = mock(ReactiveUserDetailsService.class);
 
-	private ReactivePreAuthenticatedAuthenticationManager manager
-			= new ReactivePreAuthenticatedAuthenticationManager(mockUserDetailsService);
+	private ReactivePreAuthenticatedAuthenticationManager manager = new ReactivePreAuthenticatedAuthenticationManager(
+			mockUserDetailsService);
 
 	private final User validAccount = new User("valid", "", Collections.emptySet());
+
 	private final User nonExistingAccount = new User("non existing", "", Collections.emptySet());
+
 	private final User disabledAccount = new User("disabled", "", false, true, true, true, Collections.emptySet());
+
 	private final User expiredAccount = new User("expired", "", true, false, true, true, Collections.emptySet());
-	private final User accountWithExpiredCredentials = new User("credentials expired", "", true, true, false, true, Collections.emptySet());
+
+	private final User accountWithExpiredCredentials = new User("credentials expired", "", true, true, false, true,
+			Collections.emptySet());
+
 	private final User lockedAccount = new User("locked", "", true, true, true, false, Collections.emptySet());
 
 	@Test
@@ -90,7 +95,6 @@ public class ReactivePreAuthenticatedAuthenticationManagerTests {
 		manager.authenticate(tokenForUser(expiredAccount.getUsername())).block();
 	}
 
-
 	@Test(expected = CredentialsExpiredException.class)
 	public void throwsExceptionForAccountWithExpiredCredentials() {
 		when(mockUserDetailsService.findByUsername(anyString())).thenReturn(Mono.just(accountWithExpiredCredentials));
@@ -101,4 +105,5 @@ public class ReactivePreAuthenticatedAuthenticationManagerTests {
 	private Authentication tokenForUser(String username) {
 		return new PreAuthenticatedAuthenticationToken(username, null);
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationEntryPointTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationEntryPointTests.java
index 3082792796..ef13a1a0ee 100644
--- a/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationEntryPointTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationEntryPointTests.java
@@ -43,16 +43,17 @@ public class RedirectServerAuthenticationEntryPointTests {
 
 	@Mock
 	private ServerWebExchange exchange;
+
 	@Mock
 	private ServerRedirectStrategy redirectStrategy;
 
 	private String location = "/login";
 
-	private RedirectServerAuthenticationEntryPoint entryPoint =
-		new RedirectServerAuthenticationEntryPoint(this.location);
-
-	private AuthenticationException exception = new AuthenticationCredentialsNotFoundException("Authentication Required");
+	private RedirectServerAuthenticationEntryPoint entryPoint = new RedirectServerAuthenticationEntryPoint(
+			this.location);
 
+	private AuthenticationException exception = new AuthenticationCredentialsNotFoundException(
+			"Authentication Required");
 
 	@Test(expected = IllegalArgumentException.class)
 	public void constructorStringWhenNullLocationThenException() {
@@ -62,8 +63,7 @@ public class RedirectServerAuthenticationEntryPointTests {
 	@Test
 	public void commenceWhenNoSubscribersThenNoActions() {
 		this.exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/").build());
-		this.entryPoint.commence(this.exchange,
-			this.exception);
+		this.entryPoint.commence(this.exchange, this.exception);
 
 		assertThat(this.exchange.getResponse().getHeaders().getLocation()).isNull();
 		assertThat(this.exchange.getSession().block().isStarted()).isFalse();
@@ -75,8 +75,7 @@ public class RedirectServerAuthenticationEntryPointTests {
 
 		this.entryPoint.commence(this.exchange, this.exception).block();
 
-		assertThat(this.exchange.getResponse().getStatusCode()).isEqualTo(
-			HttpStatus.FOUND);
+		assertThat(this.exchange.getResponse().getStatusCode()).isEqualTo(HttpStatus.FOUND);
 		assertThat(this.exchange.getResponse().getHeaders().getLocation()).hasPath(this.location);
 	}
 
@@ -96,4 +95,5 @@ public class RedirectServerAuthenticationEntryPointTests {
 	public void setRedirectStrategyWhenNullThenException() {
 		this.entryPoint.setRedirectStrategy(null);
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationFailureHandlerTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationFailureHandlerTests.java
index f5e6390cdb..2d022b5b16 100644
--- a/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationFailureHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationFailureHandlerTests.java
@@ -43,16 +43,17 @@ import static org.mockito.Mockito.when;
 public class RedirectServerAuthenticationFailureHandlerTests {
 
 	private WebFilterExchange exchange;
+
 	@Mock
 	private ServerRedirectStrategy redirectStrategy;
 
 	private String location = "/login";
 
-	private RedirectServerAuthenticationFailureHandler handler =
-		new RedirectServerAuthenticationFailureHandler(this.location);
-
-	private AuthenticationException exception = new AuthenticationCredentialsNotFoundException("Authentication Required");
+	private RedirectServerAuthenticationFailureHandler handler = new RedirectServerAuthenticationFailureHandler(
+			this.location);
 
+	private AuthenticationException exception = new AuthenticationCredentialsNotFoundException(
+			"Authentication Required");
 
 	@Test(expected = IllegalArgumentException.class)
 	public void constructorStringWhenNullLocationThenException() {
@@ -62,8 +63,7 @@ public class RedirectServerAuthenticationFailureHandlerTests {
 	@Test
 	public void commenceWhenNoSubscribersThenNoActions() {
 		this.exchange = createExchange();
-		this.handler.onAuthenticationFailure(this.exchange,
-			this.exception);
+		this.handler.onAuthenticationFailure(this.exchange, this.exception);
 
 		assertThat(this.exchange.getExchange().getResponse().getHeaders().getLocation()).isNull();
 		assertThat(this.exchange.getExchange().getSession().block().isStarted()).isFalse();
@@ -75,8 +75,7 @@ public class RedirectServerAuthenticationFailureHandlerTests {
 
 		this.handler.onAuthenticationFailure(this.exchange, this.exception).block();
 
-		assertThat(this.exchange.getExchange().getResponse().getStatusCode()).isEqualTo(
-			HttpStatus.FOUND);
+		assertThat(this.exchange.getExchange().getResponse().getStatusCode()).isEqualTo(HttpStatus.FOUND);
 		assertThat(this.exchange.getExchange().getResponse().getHeaders().getLocation()).hasPath(this.location);
 	}
 
@@ -98,6 +97,8 @@ public class RedirectServerAuthenticationFailureHandlerTests {
 	}
 
 	private WebFilterExchange createExchange() {
-		return new WebFilterExchange(MockServerWebExchange.from(MockServerHttpRequest.get("/").build()), new DefaultWebFilterChain(e -> Mono.empty()));
+		return new WebFilterExchange(MockServerWebExchange.from(MockServerHttpRequest.get("/").build()),
+				new DefaultWebFilterChain(e -> Mono.empty()));
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationSuccessHandlerTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationSuccessHandlerTests.java
index 2e3356b1c4..a75bb557be 100644
--- a/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationSuccessHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationSuccessHandlerTests.java
@@ -47,17 +47,19 @@ public class RedirectServerAuthenticationSuccessHandlerTests {
 
 	@Mock
 	private ServerWebExchange exchange;
+
 	@Mock
 	private WebFilterChain chain;
+
 	@Mock
 	private ServerRedirectStrategy redirectStrategy;
+
 	@Mock
 	private Authentication authentication;
 
 	private URI location = URI.create("/");
 
-	private RedirectServerAuthenticationSuccessHandler handler =
-		new RedirectServerAuthenticationSuccessHandler();
+	private RedirectServerAuthenticationSuccessHandler handler = new RedirectServerAuthenticationSuccessHandler();
 
 	@Test(expected = IllegalArgumentException.class)
 	public void constructorStringWhenNullLocationThenException() {
@@ -68,8 +70,7 @@ public class RedirectServerAuthenticationSuccessHandlerTests {
 	public void successWhenNoSubscribersThenNoActions() {
 		this.exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/").build());
 
-		this.handler.onAuthenticationSuccess(new WebFilterExchange(this.exchange,
-			this.chain), this.authentication);
+		this.handler.onAuthenticationSuccess(new WebFilterExchange(this.exchange, this.chain), this.authentication);
 
 		assertThat(this.exchange.getResponse().getHeaders().getLocation()).isNull();
 		assertThat(this.exchange.getSession().block().isStarted()).isFalse();
@@ -79,11 +80,10 @@ public class RedirectServerAuthenticationSuccessHandlerTests {
 	public void successWhenSubscribeThenStatusAndLocationSet() {
 		this.exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/").build());
 
-		this.handler.onAuthenticationSuccess(new WebFilterExchange(this.exchange,
-			this.chain), this.authentication).block();
+		this.handler.onAuthenticationSuccess(new WebFilterExchange(this.exchange, this.chain), this.authentication)
+				.block();
 
-		assertThat(this.exchange.getResponse().getStatusCode()).isEqualTo(
-			HttpStatus.FOUND);
+		assertThat(this.exchange.getResponse().getStatusCode()).isEqualTo(HttpStatus.FOUND);
 		assertThat(this.exchange.getResponse().getHeaders().getLocation()).isEqualTo(this.location);
 	}
 
@@ -94,8 +94,8 @@ public class RedirectServerAuthenticationSuccessHandlerTests {
 		this.handler.setRedirectStrategy(this.redirectStrategy);
 		this.exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/").build());
 
-		this.handler.onAuthenticationSuccess(new WebFilterExchange(this.exchange,
-			this.chain), this.authentication).block();
+		this.handler.onAuthenticationSuccess(new WebFilterExchange(this.exchange, this.chain), this.authentication)
+				.block();
 		redirectResult.assertWasSubscribed();
 		verify(this.redirectStrategy).sendRedirect(any(), eq(this.location));
 	}
@@ -109,4 +109,5 @@ public class RedirectServerAuthenticationSuccessHandlerTests {
 	public void setLocationWhenNullThenException() {
 		this.handler.setLocation(null);
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/ServerAuthenticationEntryPointFailureHandlerTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/ServerAuthenticationEntryPointFailureHandlerTests.java
index 0fe7fb1655..e7490bc5d7 100644
--- a/web/src/test/java/org/springframework/security/web/server/authentication/ServerAuthenticationEntryPointFailureHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authentication/ServerAuthenticationEntryPointFailureHandlerTests.java
@@ -38,10 +38,13 @@ import static org.mockito.Mockito.when;
  */
 @RunWith(MockitoJUnitRunner.class)
 public class ServerAuthenticationEntryPointFailureHandlerTests {
+
 	@Mock
 	private ServerAuthenticationEntryPoint authenticationEntryPoint;
+
 	@Mock
 	private ServerWebExchange exchange;
+
 	@Mock
 	private WebFilterChain chain;
 
@@ -65,4 +68,5 @@ public class ServerAuthenticationEntryPointFailureHandlerTests {
 
 		assertThat(this.handler.onAuthenticationFailure(this.filterExchange, e)).isEqualTo(result);
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/ServerFormLoginAuthenticationConverterTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/ServerFormLoginAuthenticationConverterTests.java
index 44fdc49576..4d948e5fc9 100644
--- a/web/src/test/java/org/springframework/security/web/server/authentication/ServerFormLoginAuthenticationConverterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authentication/ServerFormLoginAuthenticationConverterTests.java
@@ -36,6 +36,7 @@ import static org.mockito.Mockito.when;
  */
 @RunWith(MockitoJUnitRunner.class)
 public class ServerFormLoginAuthenticationConverterTests {
+
 	@Mock
 	private ServerWebExchange exchange;
 
@@ -98,4 +99,5 @@ public class ServerFormLoginAuthenticationConverterTests {
 	public void setPasswordParameterWhenNullThenIllegalArgumentException() {
 		this.converter.setPasswordParameter(null);
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/ServerHttpBasicAuthenticationConverterTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/ServerHttpBasicAuthenticationConverterTests.java
index 7d0cf2c12e..da1500df3b 100644
--- a/web/src/test/java/org/springframework/security/web/server/authentication/ServerHttpBasicAuthenticationConverterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authentication/ServerHttpBasicAuthenticationConverterTests.java
@@ -34,6 +34,7 @@ import static org.assertj.core.api.Assertions.assertThat;
 public class ServerHttpBasicAuthenticationConverterTests {
 
 	ServerHttpBasicAuthenticationConverter converter = new ServerHttpBasicAuthenticationConverter();
+
 	MockServerHttpRequest.BaseBuilder<?> request = MockServerHttpRequest.get("/");
 
 	@Test
@@ -73,34 +74,41 @@ public class ServerHttpBasicAuthenticationConverterTests {
 
 	@Test
 	public void applyWhenUserPasswordThenAuthentication() {
-		Mono<Authentication> result = apply(this.request.header(HttpHeaders.AUTHORIZATION, "Basic dXNlcjpwYXNzd29yZA=="));
+		Mono<Authentication> result = apply(
+				this.request.header(HttpHeaders.AUTHORIZATION, "Basic dXNlcjpwYXNzd29yZA=="));
 
-		UsernamePasswordAuthenticationToken authentication = result.cast(UsernamePasswordAuthenticationToken.class).block();
+		UsernamePasswordAuthenticationToken authentication = result.cast(UsernamePasswordAuthenticationToken.class)
+				.block();
 		assertThat(authentication.getPrincipal()).isEqualTo("user");
 		assertThat(authentication.getCredentials()).isEqualTo("password");
 	}
 
 	@Test
 	public void applyWhenUserPasswordHasColonThenAuthentication() {
-		Mono<Authentication> result = apply(this.request.header(HttpHeaders.AUTHORIZATION, "Basic dXNlcjpwYXNzOndvcmQ="));
+		Mono<Authentication> result = apply(
+				this.request.header(HttpHeaders.AUTHORIZATION, "Basic dXNlcjpwYXNzOndvcmQ="));
 
-		UsernamePasswordAuthenticationToken authentication = result.cast(UsernamePasswordAuthenticationToken.class).block();
+		UsernamePasswordAuthenticationToken authentication = result.cast(UsernamePasswordAuthenticationToken.class)
+				.block();
 		assertThat(authentication.getPrincipal()).isEqualTo("user");
 		assertThat(authentication.getCredentials()).isEqualTo("pass:word");
 	}
 
 	@Test
 	public void applyWhenLowercaseSchemeThenAuthentication() {
-		Mono<Authentication> result = apply(this.request.header(HttpHeaders.AUTHORIZATION, "basic dXNlcjpwYXNzd29yZA=="));
+		Mono<Authentication> result = apply(
+				this.request.header(HttpHeaders.AUTHORIZATION, "basic dXNlcjpwYXNzd29yZA=="));
 
-		UsernamePasswordAuthenticationToken authentication = result.cast(UsernamePasswordAuthenticationToken.class).block();
+		UsernamePasswordAuthenticationToken authentication = result.cast(UsernamePasswordAuthenticationToken.class)
+				.block();
 		assertThat(authentication.getPrincipal()).isEqualTo("user");
 		assertThat(authentication.getCredentials()).isEqualTo("password");
 	}
 
 	@Test
 	public void applyWhenWrongSchemeThenEmpty() {
-		Mono<Authentication> result = apply(this.request.header(HttpHeaders.AUTHORIZATION, "token dXNlcjpwYXNzd29yZA=="));
+		Mono<Authentication> result = apply(
+				this.request.header(HttpHeaders.AUTHORIZATION, "token dXNlcjpwYXNzd29yZA=="));
 
 		assertThat(result.block()).isNull();
 	}
@@ -108,4 +116,5 @@ public class ServerHttpBasicAuthenticationConverterTests {
 	private Mono<Authentication> apply(MockServerHttpRequest.BaseBuilder<?> request) {
 		return this.converter.convert(MockServerWebExchange.from(this.request.build()));
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/ServerX509AuthenticationConverterTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/ServerX509AuthenticationConverterTests.java
index 33b24df8d8..fc91edf0f5 100644
--- a/web/src/test/java/org/springframework/security/web/server/authentication/ServerX509AuthenticationConverterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authentication/ServerX509AuthenticationConverterTests.java
@@ -90,5 +90,7 @@ public class ServerX509AuthenticationConverterTests {
 		public X509Certificate[] getPeerCertificates() {
 			return this.peerCertificates;
 		}
+
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/SwitchUserWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/SwitchUserWebFilterTests.java
index 3c4f36bb42..369c1dc916 100644
--- a/web/src/test/java/org/springframework/security/web/server/authentication/SwitchUserWebFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authentication/SwitchUserWebFilterTests.java
@@ -70,10 +70,13 @@ public class SwitchUserWebFilterTests {
 
 	@Mock
 	private ReactiveUserDetailsService userDetailsService;
+
 	@Mock
 	ServerAuthenticationSuccessHandler successHandler;
+
 	@Mock
 	private ServerAuthenticationFailureHandler failureHandler;
+
 	@Mock
 	private ServerSecurityContextRepository serverSecurityContextRepository;
 
@@ -89,8 +92,7 @@ public class SwitchUserWebFilterTests {
 	@Test
 	public void switchUserWhenRequestNotMatchThenDoesNothing() {
 		// given
-		MockServerWebExchange exchange = MockServerWebExchange
-				.from(MockServerHttpRequest.post("/not/existing"));
+		MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.post("/not/existing"));
 
 		WebFilterChain chain = mock(WebFilterChain.class);
 		when(chain.filter(exchange)).thenReturn(Mono.empty());
@@ -117,20 +119,17 @@ public class SwitchUserWebFilterTests {
 
 		final WebFilterChain chain = mock(WebFilterChain.class);
 
-		final Authentication originalAuthentication =
-				new UsernamePasswordAuthenticationToken("principal", "credentials");
+		final Authentication originalAuthentication = new UsernamePasswordAuthenticationToken("principal",
+				"credentials");
 		final SecurityContextImpl securityContext = new SecurityContextImpl(originalAuthentication);
 
-		when(userDetailsService.findByUsername(targetUsername))
-				.thenReturn(Mono.just(switchUserDetails));
-		when(serverSecurityContextRepository.save(eq(exchange), any(SecurityContext.class)))
-				.thenReturn(Mono.empty());
+		when(userDetailsService.findByUsername(targetUsername)).thenReturn(Mono.just(switchUserDetails));
+		when(serverSecurityContextRepository.save(eq(exchange), any(SecurityContext.class))).thenReturn(Mono.empty());
 		when(successHandler.onAuthenticationSuccess(any(WebFilterExchange.class), any(Authentication.class)))
 				.thenReturn(Mono.empty());
 
 		// when
-		switchUserWebFilter.filter(exchange, chain)
-				.subscriberContext(withSecurityContext(Mono.just(securityContext)))
+		switchUserWebFilter.filter(exchange, chain).subscriberContext(withSecurityContext(Mono.just(securityContext)))
 				.block();
 
 		// then
@@ -148,40 +147,28 @@ public class SwitchUserWebFilterTests {
 
 		assertSame(savedSecurityContext.getAuthentication(), switchUserAuthentication);
 
-		assertEquals("username should point to the switched user",
-				targetUsername, switchUserAuthentication.getName());
-		assertTrue("switchAuthentication should contain SwitchUserGrantedAuthority",
-				switchUserAuthentication.getAuthorities().stream()
-						.anyMatch(a -> a instanceof SwitchUserGrantedAuthority)
-		);
-		assertTrue("new authentication should get new role ",
-				switchUserAuthentication.getAuthorities().stream()
-						.map(GrantedAuthority::getAuthority)
-						.anyMatch(a -> a.equals(ROLE_PREVIOUS_ADMINISTRATOR))
-		);
-		assertEquals(
-				"SwitchUserGrantedAuthority should contain the original authentication",
+		assertEquals("username should point to the switched user", targetUsername, switchUserAuthentication.getName());
+		assertTrue("switchAuthentication should contain SwitchUserGrantedAuthority", switchUserAuthentication
+				.getAuthorities().stream().anyMatch(a -> a instanceof SwitchUserGrantedAuthority));
+		assertTrue("new authentication should get new role ", switchUserAuthentication.getAuthorities().stream()
+				.map(GrantedAuthority::getAuthority).anyMatch(a -> a.equals(ROLE_PREVIOUS_ADMINISTRATOR)));
+		assertEquals("SwitchUserGrantedAuthority should contain the original authentication",
 				originalAuthentication.getName(),
-				switchUserAuthentication.getAuthorities().stream()
-						.filter(a -> a instanceof SwitchUserGrantedAuthority)
-						.map(a -> ((SwitchUserGrantedAuthority) a).getSource())
-						.map(Principal::getName)
-						.findFirst()
-						.orElse(null)
-		);
+				switchUserAuthentication.getAuthorities().stream().filter(a -> a instanceof SwitchUserGrantedAuthority)
+						.map(a -> ((SwitchUserGrantedAuthority) a).getSource()).map(Principal::getName).findFirst()
+						.orElse(null));
 	}
 
 	@Test
 	public void switchUserWhenUserAlreadySwitchedThenExitSwitchAndSwitchAgain() {
 		// given
-		final Authentication originalAuthentication =
-				new UsernamePasswordAuthenticationToken("origPrincipal", "origCredentials");
+		final Authentication originalAuthentication = new UsernamePasswordAuthenticationToken("origPrincipal",
+				"origCredentials");
 
-		final GrantedAuthority switchAuthority =
-				new SwitchUserGrantedAuthority(ROLE_PREVIOUS_ADMINISTRATOR, originalAuthentication);
-		final Authentication switchUserAuthentication =
-				new UsernamePasswordAuthenticationToken("switchPrincipal", "switchCredentials",
-						Collections.singleton(switchAuthority));
+		final GrantedAuthority switchAuthority = new SwitchUserGrantedAuthority(ROLE_PREVIOUS_ADMINISTRATOR,
+				originalAuthentication);
+		final Authentication switchUserAuthentication = new UsernamePasswordAuthenticationToken("switchPrincipal",
+				"switchCredentials", Collections.singleton(switchAuthority));
 
 		final SecurityContextImpl securityContext = new SecurityContextImpl(switchUserAuthentication);
 
@@ -191,16 +178,14 @@ public class SwitchUserWebFilterTests {
 
 		final WebFilterChain chain = mock(WebFilterChain.class);
 
-		when(serverSecurityContextRepository.save(eq(exchange), any(SecurityContext.class)))
-				.thenReturn(Mono.empty());
+		when(serverSecurityContextRepository.save(eq(exchange), any(SecurityContext.class))).thenReturn(Mono.empty());
 		when(successHandler.onAuthenticationSuccess(any(WebFilterExchange.class), any(Authentication.class)))
 				.thenReturn(Mono.empty());
 		when(userDetailsService.findByUsername(targetUsername))
 				.thenReturn(Mono.just(switchUserDetails(targetUsername, true)));
 
 		// when
-		switchUserWebFilter.filter(exchange, chain)
-				.subscriberContext(withSecurityContext(Mono.just(securityContext)))
+		switchUserWebFilter.filter(exchange, chain).subscriberContext(withSecurityContext(Mono.just(securityContext)))
 				.block();
 
 		// then
@@ -209,18 +194,14 @@ public class SwitchUserWebFilterTests {
 
 		final Authentication secondSwitchUserAuthentication = authenticationCaptor.getValue();
 
-		assertEquals("username should point to the switched user",
-				targetUsername, secondSwitchUserAuthentication.getName());
-		assertEquals(
-				"SwitchUserGrantedAuthority should contain the original authentication",
+		assertEquals("username should point to the switched user", targetUsername,
+				secondSwitchUserAuthentication.getName());
+		assertEquals("SwitchUserGrantedAuthority should contain the original authentication",
 				originalAuthentication.getName(),
 				secondSwitchUserAuthentication.getAuthorities().stream()
 						.filter(a -> a instanceof SwitchUserGrantedAuthority)
-						.map(a -> ((SwitchUserGrantedAuthority) a).getSource())
-						.map(Principal::getName)
-						.findFirst()
-						.orElse(null)
-		);
+						.map(a -> ((SwitchUserGrantedAuthority) a).getSource()).map(Principal::getName).findFirst()
+						.orElse(null));
 	}
 
 	@Test
@@ -236,8 +217,7 @@ public class SwitchUserWebFilterTests {
 		exceptionRule.expectMessage("The userName can not be null.");
 
 		// when
-		switchUserWebFilter.filter(exchange, chain)
-				.subscriberContext(withSecurityContext(Mono.just(securityContext)))
+		switchUserWebFilter.filter(exchange, chain).subscriberContext(withSecurityContext(Mono.just(securityContext)))
 				.block();
 		verifyNoInteractions(chain);
 	}
@@ -257,8 +237,7 @@ public class SwitchUserWebFilterTests {
 				.thenReturn(Mono.empty());
 
 		// when
-		switchUserWebFilter.filter(exchange, chain)
-				.subscriberContext(withSecurityContext(Mono.just(securityContext)))
+		switchUserWebFilter.filter(exchange, chain).subscriberContext(withSecurityContext(Mono.just(securityContext)))
 				.block();
 
 		verify(failureHandler).onAuthenticationFailure(any(WebFilterExchange.class), any(DisabledException.class));
@@ -283,8 +262,7 @@ public class SwitchUserWebFilterTests {
 		exceptionRule.expect(DisabledException.class);
 
 		// when then
-		switchUserWebFilter.filter(exchange, chain)
-				.subscriberContext(withSecurityContext(Mono.just(securityContext)))
+		switchUserWebFilter.filter(exchange, chain).subscriberContext(withSecurityContext(Mono.just(securityContext)))
 				.block();
 		verifyNoInteractions(chain);
 	}
@@ -295,26 +273,23 @@ public class SwitchUserWebFilterTests {
 		final MockServerWebExchange exchange = MockServerWebExchange
 				.from(MockServerHttpRequest.post("/logout/impersonate"));
 
-		final Authentication originalAuthentication =
-				new UsernamePasswordAuthenticationToken("origPrincipal", "origCredentials");
+		final Authentication originalAuthentication = new UsernamePasswordAuthenticationToken("origPrincipal",
+				"origCredentials");
 
-		final GrantedAuthority switchAuthority =
-				new SwitchUserGrantedAuthority(ROLE_PREVIOUS_ADMINISTRATOR, originalAuthentication);
-		final Authentication switchUserAuthentication =
-				new UsernamePasswordAuthenticationToken("switchPrincipal", "switchCredentials",
-						Collections.singleton(switchAuthority));
+		final GrantedAuthority switchAuthority = new SwitchUserGrantedAuthority(ROLE_PREVIOUS_ADMINISTRATOR,
+				originalAuthentication);
+		final Authentication switchUserAuthentication = new UsernamePasswordAuthenticationToken("switchPrincipal",
+				"switchCredentials", Collections.singleton(switchAuthority));
 
 		final WebFilterChain chain = mock(WebFilterChain.class);
 		final SecurityContextImpl securityContext = new SecurityContextImpl(switchUserAuthentication);
 
-		when(serverSecurityContextRepository.save(eq(exchange), any(SecurityContext.class)))
-				.thenReturn(Mono.empty());
+		when(serverSecurityContextRepository.save(eq(exchange), any(SecurityContext.class))).thenReturn(Mono.empty());
 		when(successHandler.onAuthenticationSuccess(any(WebFilterExchange.class), any(Authentication.class)))
 				.thenReturn(Mono.empty());
 
 		// when
-		switchUserWebFilter.filter(exchange, chain)
-				.subscriberContext(withSecurityContext(Mono.just(securityContext)))
+		switchUserWebFilter.filter(exchange, chain).subscriberContext(withSecurityContext(Mono.just(securityContext)))
 				.block();
 
 		// then
@@ -338,8 +313,8 @@ public class SwitchUserWebFilterTests {
 		final MockServerWebExchange exchange = MockServerWebExchange
 				.from(MockServerHttpRequest.post("/logout/impersonate"));
 
-		final Authentication originalAuthentication =
-				new UsernamePasswordAuthenticationToken("origPrincipal", "origCredentials");
+		final Authentication originalAuthentication = new UsernamePasswordAuthenticationToken("origPrincipal",
+				"origCredentials");
 
 		final WebFilterChain chain = mock(WebFilterChain.class);
 		final SecurityContextImpl securityContext = new SecurityContextImpl(originalAuthentication);
@@ -348,8 +323,7 @@ public class SwitchUserWebFilterTests {
 		exceptionRule.expectMessage("Could not find original Authentication object");
 
 		// when then
-		switchUserWebFilter.filter(exchange, chain)
-				.subscriberContext(withSecurityContext(Mono.just(securityContext)))
+		switchUserWebFilter.filter(exchange, chain).subscriberContext(withSecurityContext(Mono.just(securityContext)))
 				.block();
 		verifyNoInteractions(chain);
 	}
@@ -367,7 +341,7 @@ public class SwitchUserWebFilterTests {
 
 		// when
 		switchUserWebFilter.filter(exchange, chain).block();
-		//then
+		// then
 		verifyNoInteractions(chain);
 	}
 
@@ -378,11 +352,8 @@ public class SwitchUserWebFilterTests {
 		exceptionRule.expectMessage("userDetailsService must be specified");
 
 		// when
-		switchUserWebFilter = new SwitchUserWebFilter(
-				null,
-				mock(ServerAuthenticationSuccessHandler.class),
-				mock(ServerAuthenticationFailureHandler.class)
-		);
+		switchUserWebFilter = new SwitchUserWebFilter(null, mock(ServerAuthenticationSuccessHandler.class),
+				mock(ServerAuthenticationFailureHandler.class));
 	}
 
 	@Test
@@ -391,11 +362,8 @@ public class SwitchUserWebFilterTests {
 		exceptionRule.expect(IllegalArgumentException.class);
 		exceptionRule.expectMessage("successHandler must be specified");
 		// when
-		switchUserWebFilter = new SwitchUserWebFilter(
-				mock(ReactiveUserDetailsService.class),
-				null,
-				mock(ServerAuthenticationFailureHandler.class)
-		);
+		switchUserWebFilter = new SwitchUserWebFilter(mock(ReactiveUserDetailsService.class), null,
+				mock(ServerAuthenticationFailureHandler.class));
 	}
 
 	@Test
@@ -404,56 +372,43 @@ public class SwitchUserWebFilterTests {
 		exceptionRule.expect(IllegalArgumentException.class);
 		exceptionRule.expectMessage("successTargetUrl must be specified");
 		// when
-		switchUserWebFilter = new SwitchUserWebFilter(
-				mock(ReactiveUserDetailsService.class),
-				null,
-				"failure/target/url"
-		);
+		switchUserWebFilter = new SwitchUserWebFilter(mock(ReactiveUserDetailsService.class), null,
+				"failure/target/url");
 	}
 
 	@Test
 	public void constructorFirstDefaultValues() {
 		// when
-		switchUserWebFilter = new SwitchUserWebFilter(
-				mock(ReactiveUserDetailsService.class),
-				mock(ServerAuthenticationSuccessHandler.class),
-				mock(ServerAuthenticationFailureHandler.class)
-		);
+		switchUserWebFilter = new SwitchUserWebFilter(mock(ReactiveUserDetailsService.class),
+				mock(ServerAuthenticationSuccessHandler.class), mock(ServerAuthenticationFailureHandler.class));
 
 		// then
-		final Object securityContextRepository =
-				ReflectionTestUtils.getField(switchUserWebFilter, "securityContextRepository");
+		final Object securityContextRepository = ReflectionTestUtils.getField(switchUserWebFilter,
+				"securityContextRepository");
 		assertTrue(securityContextRepository instanceof WebSessionServerSecurityContextRepository);
 
-		final Object userDetailsChecker =
-				ReflectionTestUtils.getField(switchUserWebFilter, "userDetailsChecker");
+		final Object userDetailsChecker = ReflectionTestUtils.getField(switchUserWebFilter, "userDetailsChecker");
 		assertTrue(userDetailsChecker instanceof AccountStatusUserDetailsChecker);
 	}
 
 	@Test
 	public void constructorSecondDefaultValues() {
 		// when
-		switchUserWebFilter = new SwitchUserWebFilter(
-				mock(ReactiveUserDetailsService.class),
-				"success/target/url",
-				"failure/target/url"
-		);
+		switchUserWebFilter = new SwitchUserWebFilter(mock(ReactiveUserDetailsService.class), "success/target/url",
+				"failure/target/url");
 
 		// then
-		final Object successHandler =
-				ReflectionTestUtils.getField(switchUserWebFilter, "successHandler");
+		final Object successHandler = ReflectionTestUtils.getField(switchUserWebFilter, "successHandler");
 		assertTrue(successHandler instanceof RedirectServerAuthenticationSuccessHandler);
 
-		final Object failureHandler =
-				ReflectionTestUtils.getField(switchUserWebFilter, "failureHandler");
+		final Object failureHandler = ReflectionTestUtils.getField(switchUserWebFilter, "failureHandler");
 		assertTrue(failureHandler instanceof RedirectServerAuthenticationFailureHandler);
 
-		final Object securityContextRepository =
-				ReflectionTestUtils.getField(switchUserWebFilter, "securityContextRepository");
+		final Object securityContextRepository = ReflectionTestUtils.getField(switchUserWebFilter,
+				"securityContextRepository");
 		assertTrue(securityContextRepository instanceof WebSessionServerSecurityContextRepository);
 
-		final Object userDetailsChecker =
-				ReflectionTestUtils.getField(switchUserWebFilter, "userDetailsChecker");
+		final Object userDetailsChecker = ReflectionTestUtils.getField(switchUserWebFilter, "userDetailsChecker");
 		assertTrue(userDetailsChecker instanceof AccountStatusUserDetailsChecker);
 	}
 
@@ -471,16 +426,17 @@ public class SwitchUserWebFilterTests {
 	@Test
 	public void setSecurityContextRepositoryWhenDefinedThenChangeDefaultValue() {
 		// given
-		final Object oldSecurityContextRepository =
-				ReflectionTestUtils.getField(switchUserWebFilter, "securityContextRepository");
+		final Object oldSecurityContextRepository = ReflectionTestUtils.getField(switchUserWebFilter,
+				"securityContextRepository");
 		assertSame(serverSecurityContextRepository, oldSecurityContextRepository);
 
-		final ServerSecurityContextRepository newSecurityContextRepository = mock(ServerSecurityContextRepository.class);
+		final ServerSecurityContextRepository newSecurityContextRepository = mock(
+				ServerSecurityContextRepository.class);
 		// when
 		switchUserWebFilter.setSecurityContextRepository(newSecurityContextRepository);
 		// then
-		final Object currentSecurityContextRepository =
-				ReflectionTestUtils.getField(switchUserWebFilter, "securityContextRepository");
+		final Object currentSecurityContextRepository = ReflectionTestUtils.getField(switchUserWebFilter,
+				"securityContextRepository");
 		assertSame(newSecurityContextRepository, currentSecurityContextRepository);
 	}
 
@@ -512,8 +468,8 @@ public class SwitchUserWebFilterTests {
 		final MockServerWebExchange exchange = MockServerWebExchange
 				.from(MockServerHttpRequest.post("/logout/impersonate"));
 
-		final ServerWebExchangeMatcher oldExitUserMatcher =
-				(ServerWebExchangeMatcher) ReflectionTestUtils.getField(switchUserWebFilter, "exitUserMatcher");
+		final ServerWebExchangeMatcher oldExitUserMatcher = (ServerWebExchangeMatcher) ReflectionTestUtils
+				.getField(switchUserWebFilter, "exitUserMatcher");
 
 		assertThat(oldExitUserMatcher.matches(exchange).block().isMatch()).isTrue();
 
@@ -521,11 +477,10 @@ public class SwitchUserWebFilterTests {
 		switchUserWebFilter.setExitUserUrl("/exit-url");
 
 		// then
-		final MockServerWebExchange newExchange = MockServerWebExchange
-				.from(MockServerHttpRequest.post("/exit-url"));
+		final MockServerWebExchange newExchange = MockServerWebExchange.from(MockServerHttpRequest.post("/exit-url"));
 
-		final ServerWebExchangeMatcher newExitUserMatcher =
-				(ServerWebExchangeMatcher) ReflectionTestUtils.getField(switchUserWebFilter, "exitUserMatcher");
+		final ServerWebExchangeMatcher newExitUserMatcher = (ServerWebExchangeMatcher) ReflectionTestUtils
+				.getField(switchUserWebFilter, "exitUserMatcher");
 
 		assertThat(newExitUserMatcher.matches(newExchange).block().isMatch()).isTrue();
 	}
@@ -547,21 +502,21 @@ public class SwitchUserWebFilterTests {
 		final MockServerWebExchange exchange = MockServerWebExchange
 				.from(MockServerHttpRequest.post("/logout/impersonate"));
 
-		final ServerWebExchangeMatcher oldExitUserMatcher =
-				(ServerWebExchangeMatcher) ReflectionTestUtils.getField(switchUserWebFilter, "exitUserMatcher");
+		final ServerWebExchangeMatcher oldExitUserMatcher = (ServerWebExchangeMatcher) ReflectionTestUtils
+				.getField(switchUserWebFilter, "exitUserMatcher");
 
 		assertThat(oldExitUserMatcher.matches(exchange).block().isMatch()).isTrue();
 
-		final ServerWebExchangeMatcher newExitUserMatcher =
-				ServerWebExchangeMatchers.pathMatchers(HttpMethod.POST, "/exit-url");
+		final ServerWebExchangeMatcher newExitUserMatcher = ServerWebExchangeMatchers.pathMatchers(HttpMethod.POST,
+				"/exit-url");
 
 		// when
 		switchUserWebFilter.setExitUserMatcher(newExitUserMatcher);
 
 		// then
 
-		final ServerWebExchangeMatcher currentExitUserMatcher =
-				(ServerWebExchangeMatcher) ReflectionTestUtils.getField(switchUserWebFilter, "exitUserMatcher");
+		final ServerWebExchangeMatcher currentExitUserMatcher = (ServerWebExchangeMatcher) ReflectionTestUtils
+				.getField(switchUserWebFilter, "exitUserMatcher");
 
 		assertSame(newExitUserMatcher, currentExitUserMatcher);
 	}
@@ -594,8 +549,8 @@ public class SwitchUserWebFilterTests {
 		final MockServerWebExchange exchange = MockServerWebExchange
 				.from(MockServerHttpRequest.post("/login/impersonate"));
 
-		final ServerWebExchangeMatcher oldSwitchUserMatcher =
-				(ServerWebExchangeMatcher) ReflectionTestUtils.getField(switchUserWebFilter, "switchUserMatcher");
+		final ServerWebExchangeMatcher oldSwitchUserMatcher = (ServerWebExchangeMatcher) ReflectionTestUtils
+				.getField(switchUserWebFilter, "switchUserMatcher");
 
 		assertThat(oldSwitchUserMatcher.matches(exchange).block().isMatch()).isTrue();
 
@@ -603,11 +558,10 @@ public class SwitchUserWebFilterTests {
 		switchUserWebFilter.setSwitchUserUrl("/switch-url");
 
 		// then
-		final MockServerWebExchange newExchange = MockServerWebExchange
-				.from(MockServerHttpRequest.post("/switch-url"));
+		final MockServerWebExchange newExchange = MockServerWebExchange.from(MockServerHttpRequest.post("/switch-url"));
 
-		final ServerWebExchangeMatcher newSwitchUserMatcher =
-				(ServerWebExchangeMatcher) ReflectionTestUtils.getField(switchUserWebFilter, "switchUserMatcher");
+		final ServerWebExchangeMatcher newSwitchUserMatcher = (ServerWebExchangeMatcher) ReflectionTestUtils
+				.getField(switchUserWebFilter, "switchUserMatcher");
 
 		assertThat(newSwitchUserMatcher.matches(newExchange).block().isMatch()).isTrue();
 	}
@@ -629,28 +583,28 @@ public class SwitchUserWebFilterTests {
 		final MockServerWebExchange exchange = MockServerWebExchange
 				.from(MockServerHttpRequest.post("/login/impersonate"));
 
-		final ServerWebExchangeMatcher oldSwitchUserMatcher =
-				(ServerWebExchangeMatcher) ReflectionTestUtils.getField(switchUserWebFilter, "switchUserMatcher");
+		final ServerWebExchangeMatcher oldSwitchUserMatcher = (ServerWebExchangeMatcher) ReflectionTestUtils
+				.getField(switchUserWebFilter, "switchUserMatcher");
 
 		assertThat(oldSwitchUserMatcher.matches(exchange).block().isMatch()).isTrue();
 
-		final ServerWebExchangeMatcher newSwitchUserMatcher =
-				ServerWebExchangeMatchers.pathMatchers(HttpMethod.POST, "/switch-url");
+		final ServerWebExchangeMatcher newSwitchUserMatcher = ServerWebExchangeMatchers.pathMatchers(HttpMethod.POST,
+				"/switch-url");
 
 		// when
 		switchUserWebFilter.setSwitchUserMatcher(newSwitchUserMatcher);
 
 		// then
 
-		final ServerWebExchangeMatcher currentExitUserMatcher =
-				(ServerWebExchangeMatcher) ReflectionTestUtils.getField(switchUserWebFilter, "switchUserMatcher");
+		final ServerWebExchangeMatcher currentExitUserMatcher = (ServerWebExchangeMatcher) ReflectionTestUtils
+				.getField(switchUserWebFilter, "switchUserMatcher");
 
 		assertSame(newSwitchUserMatcher, currentExitUserMatcher);
 	}
 
 	private UserDetails switchUserDetails(String username, boolean enabled) {
 		final SimpleGrantedAuthority authority = new SimpleGrantedAuthority("ROLE_SWITCH_TEST");
-		return new User(username, "NA", enabled,
-				true, true, true, Collections.singleton(authority));
+		return new User(username, "NA", enabled, true, true, true, Collections.singleton(authority));
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/logout/DelegatingServerLogoutHandlerTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/logout/DelegatingServerLogoutHandlerTests.java
index 01a304c0fe..0bb9cae3e0 100644
--- a/web/src/test/java/org/springframework/security/web/server/authentication/logout/DelegatingServerLogoutHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authentication/logout/DelegatingServerLogoutHandlerTests.java
@@ -44,12 +44,15 @@ import java.util.concurrent.atomic.AtomicBoolean;
  */
 @RunWith(MockitoJUnitRunner.class)
 public class DelegatingServerLogoutHandlerTests {
+
 	@Mock
 	private ServerLogoutHandler delegate1;
 
 	@Mock
 	private ServerLogoutHandler delegate2;
+
 	private PublisherProbe<Void> delegate1Result = PublisherProbe.empty();
+
 	private PublisherProbe<Void> delegate2Result = PublisherProbe.empty();
 
 	@Mock
@@ -60,31 +63,30 @@ public class DelegatingServerLogoutHandlerTests {
 
 	@Before
 	public void setup() {
-		when(this.delegate1.logout(any(WebFilterExchange.class), any(Authentication.class))).thenReturn(this.delegate1Result.mono());
-		when(this.delegate2.logout(any(WebFilterExchange.class), any(Authentication.class))).thenReturn(this.delegate2Result.mono());
+		when(this.delegate1.logout(any(WebFilterExchange.class), any(Authentication.class)))
+				.thenReturn(this.delegate1Result.mono());
+		when(this.delegate2.logout(any(WebFilterExchange.class), any(Authentication.class)))
+				.thenReturn(this.delegate2Result.mono());
 	}
 
 	@Test
 	public void constructorWhenNullVargsThenIllegalArgumentException() {
 		assertThatThrownBy(() -> new DelegatingServerLogoutHandler((ServerLogoutHandler[]) null))
-				.isExactlyInstanceOf(IllegalArgumentException.class)
-				.hasMessage("delegates cannot be null or empty")
+				.isExactlyInstanceOf(IllegalArgumentException.class).hasMessage("delegates cannot be null or empty")
 				.hasNoCause();
 	}
 
 	@Test
 	public void constructorWhenNullListThenIllegalArgumentException() {
 		assertThatThrownBy(() -> new DelegatingServerLogoutHandler((List<ServerLogoutHandler>) null))
-				.isExactlyInstanceOf(IllegalArgumentException.class)
-				.hasMessage("delegates cannot be null or empty")
+				.isExactlyInstanceOf(IllegalArgumentException.class).hasMessage("delegates cannot be null or empty")
 				.hasNoCause();
 	}
 
 	@Test
 	public void constructorWhenEmptyThenIllegalArgumentException() {
 		assertThatThrownBy(() -> new DelegatingServerLogoutHandler(new ServerLogoutHandler[0]))
-				.isExactlyInstanceOf(IllegalArgumentException.class)
-				.hasMessage("delegates cannot be null or empty")
+				.isExactlyInstanceOf(IllegalArgumentException.class).hasMessage("delegates cannot be null or empty")
 				.hasNoCause();
 	}
 
@@ -109,21 +111,17 @@ public class DelegatingServerLogoutHandlerTests {
 	public void logoutSequential() throws Exception {
 		AtomicBoolean slowDone = new AtomicBoolean();
 		CountDownLatch latch = new CountDownLatch(1);
-		ServerLogoutHandler slow = (exchange, authentication) ->
-			Mono.delay(Duration.ofMillis(100))
-				.doOnSuccess(__ -> slowDone.set(true))
-				.then();
-		ServerLogoutHandler second = (exchange, authentication) ->
-			Mono.fromRunnable(() -> {
-				latch.countDown();
-				assertThat(slowDone.get())
-					.describedAs("ServerLogoutHandler should be executed sequentially")
-					.isTrue();
-			});
+		ServerLogoutHandler slow = (exchange, authentication) -> Mono.delay(Duration.ofMillis(100))
+				.doOnSuccess(__ -> slowDone.set(true)).then();
+		ServerLogoutHandler second = (exchange, authentication) -> Mono.fromRunnable(() -> {
+			latch.countDown();
+			assertThat(slowDone.get()).describedAs("ServerLogoutHandler should be executed sequentially").isTrue();
+		});
 		DelegatingServerLogoutHandler handler = new DelegatingServerLogoutHandler(slow, second);
 
 		handler.logout(this.exchange, this.authentication).block();
 
 		assertThat(latch.await(3, TimeUnit.SECONDS)).isTrue();
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/logout/HeaderWriterServerLogoutHandlerTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/logout/HeaderWriterServerLogoutHandlerTests.java
index b610be095a..0e952c9ca6 100644
--- a/web/src/test/java/org/springframework/security/web/server/authentication/logout/HeaderWriterServerLogoutHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authentication/logout/HeaderWriterServerLogoutHandlerTests.java
@@ -52,4 +52,5 @@ public class HeaderWriterServerLogoutHandlerTests {
 
 		verify(headersWriter).writeHttpHeaders(serverWebExchange);
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/logout/HttpStatusReturningServerLogoutSuccessHandlerTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/logout/HttpStatusReturningServerLogoutSuccessHandlerTests.java
index 16dfa3b327..ca7582f312 100644
--- a/web/src/test/java/org/springframework/security/web/server/authentication/logout/HttpStatusReturningServerLogoutSuccessHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authentication/logout/HttpStatusReturningServerLogoutSuccessHandlerTests.java
@@ -33,11 +33,12 @@ import org.springframework.web.server.WebFilterChain;
  * @since 5.1
  */
 public class HttpStatusReturningServerLogoutSuccessHandlerTests {
+
 	@Test
 	public void defaultHttpStatusBeingReturned() {
 		WebFilterExchange filterExchange = buildFilterExchange();
-		new HttpStatusReturningServerLogoutSuccessHandler()
-				.onLogoutSuccess(filterExchange, mock(Authentication.class)).block();
+		new HttpStatusReturningServerLogoutSuccessHandler().onLogoutSuccess(filterExchange, mock(Authentication.class))
+				.block();
 
 		assertThat(filterExchange.getExchange().getResponse().getStatusCode()).isEqualTo(HttpStatus.OK);
 	}
@@ -64,4 +65,5 @@ public class HttpStatusReturningServerLogoutSuccessHandlerTests {
 
 		return new WebFilterExchange(exchange, mock(WebFilterChain.class));
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/logout/LogoutWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/logout/LogoutWebFilterTests.java
index a7a6b41c3a..904a623a0f 100644
--- a/web/src/test/java/org/springframework/security/web/server/authentication/logout/LogoutWebFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authentication/logout/LogoutWebFilterTests.java
@@ -31,10 +31,11 @@ import org.springframework.test.util.ReflectionTestUtils;
 
 /**
  * @author Eric Deandrea
- * @since  5.1
+ * @since 5.1
  */
 @RunWith(MockitoJUnitRunner.class)
 public class LogoutWebFilterTests {
+
 	@Mock
 	private ServerLogoutHandler handler1;
 
@@ -48,9 +49,7 @@ public class LogoutWebFilterTests {
 
 	@Test
 	public void defaultLogoutHandler() {
-		assertThat(getLogoutHandler())
-				.isNotNull()
-				.isExactlyInstanceOf(SecurityContextServerLogoutHandler.class);
+		assertThat(getLogoutHandler()).isNotNull().isExactlyInstanceOf(SecurityContextServerLogoutHandler.class);
 	}
 
 	@Test
@@ -58,29 +57,26 @@ public class LogoutWebFilterTests {
 		this.logoutWebFilter.setLogoutHandler(this.handler1);
 		this.logoutWebFilter.setLogoutHandler(this.handler2);
 
-		assertThat(getLogoutHandler())
-				.isNotNull()
-				.isInstanceOf(ServerLogoutHandler.class)
-				.isNotInstanceOf(SecurityContextServerLogoutHandler.class)
-				.extracting(ServerLogoutHandler::getClass)
+		assertThat(getLogoutHandler()).isNotNull().isInstanceOf(ServerLogoutHandler.class)
+				.isNotInstanceOf(SecurityContextServerLogoutHandler.class).extracting(ServerLogoutHandler::getClass)
 				.isEqualTo(this.handler2.getClass());
 	}
 
 	@Test
 	public void multipleLogoutHandlers() {
-		this.logoutWebFilter.setLogoutHandler(new DelegatingServerLogoutHandler(this.handler1, this.handler2, this.handler3));
+		this.logoutWebFilter
+				.setLogoutHandler(new DelegatingServerLogoutHandler(this.handler1, this.handler2, this.handler3));
 
-		assertThat(getLogoutHandler())
-				.isNotNull()
-				.isExactlyInstanceOf(DelegatingServerLogoutHandler.class)
-				.extracting(delegatingLogoutHandler -> ((Collection<ServerLogoutHandler>) ReflectionTestUtils.getField(delegatingLogoutHandler, DelegatingServerLogoutHandler.class, "delegates"))
-						.stream()
-						.map(ServerLogoutHandler::getClass)
-						.collect(Collectors.toList()))
+		assertThat(getLogoutHandler()).isNotNull().isExactlyInstanceOf(DelegatingServerLogoutHandler.class)
+				.extracting(delegatingLogoutHandler -> ((Collection<ServerLogoutHandler>) ReflectionTestUtils
+						.getField(delegatingLogoutHandler, DelegatingServerLogoutHandler.class, "delegates")).stream()
+								.map(ServerLogoutHandler::getClass).collect(Collectors.toList()))
 				.isEqualTo(Arrays.asList(this.handler1.getClass(), this.handler2.getClass(), this.handler3.getClass()));
 	}
 
 	private ServerLogoutHandler getLogoutHandler() {
-		return (ServerLogoutHandler) ReflectionTestUtils.getField(this.logoutWebFilter, LogoutWebFilter.class, "logoutHandler");
+		return (ServerLogoutHandler) ReflectionTestUtils.getField(this.logoutWebFilter, LogoutWebFilter.class,
+				"logoutHandler");
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/server/authorization/AuthorizationWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/authorization/AuthorizationWebFilterTests.java
index fbb4051522..efe84ef5ad 100644
--- a/web/src/test/java/org/springframework/security/web/server/authorization/AuthorizationWebFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authorization/AuthorizationWebFilterTests.java
@@ -40,8 +40,10 @@ import static org.mockito.Mockito.when;
  */
 @RunWith(MockitoJUnitRunner.class)
 public class AuthorizationWebFilterTests {
+
 	@Mock
 	private ServerWebExchange exchange;
+
 	@Mock
 	private WebFilterChain chain;
 
@@ -50,43 +52,38 @@ public class AuthorizationWebFilterTests {
 	@Test
 	public void filterWhenNoSecurityContextThenThrowsAccessDenied() {
 		when(this.chain.filter(this.exchange)).thenReturn(this.chainResult.mono());
-		AuthorizationWebFilter filter = new AuthorizationWebFilter((a, e) -> Mono.error(new AccessDeniedException("Denied")));
+		AuthorizationWebFilter filter = new AuthorizationWebFilter(
+				(a, e) -> Mono.error(new AccessDeniedException("Denied")));
 
 		Mono<Void> result = filter.filter(this.exchange, this.chain);
 
-		StepVerifier.create(result)
-			.expectError(AccessDeniedException.class)
-			.verify();
+		StepVerifier.create(result).expectError(AccessDeniedException.class).verify();
 		this.chainResult.assertWasNotSubscribed();
 	}
 
 	@Test
 	public void filterWhenNoAuthenticationThenThrowsAccessDenied() {
 		when(this.chain.filter(this.exchange)).thenReturn(this.chainResult.mono());
-		AuthorizationWebFilter filter = new AuthorizationWebFilter((a, e) -> a.flatMap(auth -> Mono.error(new AccessDeniedException("Denied"))));
+		AuthorizationWebFilter filter = new AuthorizationWebFilter(
+				(a, e) -> a.flatMap(auth -> Mono.error(new AccessDeniedException("Denied"))));
 
-		Mono<Void> result = filter
-			.filter(this.exchange, this.chain)
-			.subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(new SecurityContextImpl())));
+		Mono<Void> result = filter.filter(this.exchange, this.chain).subscriberContext(
+				ReactiveSecurityContextHolder.withSecurityContext(Mono.just(new SecurityContextImpl())));
 
-		StepVerifier.create(result)
-			.expectError(AccessDeniedException.class)
-			.verify();
+		StepVerifier.create(result).expectError(AccessDeniedException.class).verify();
 		this.chainResult.assertWasNotSubscribed();
 	}
 
 	@Test
 	public void filterWhenAuthenticationThenThrowsAccessDenied() {
 		when(this.chain.filter(this.exchange)).thenReturn(this.chainResult.mono());
-		AuthorizationWebFilter filter = new AuthorizationWebFilter((a, e) -> Mono.error(new AccessDeniedException("Denied")));
+		AuthorizationWebFilter filter = new AuthorizationWebFilter(
+				(a, e) -> Mono.error(new AccessDeniedException("Denied")));
 
-		Mono<Void> result = filter
-			.filter(this.exchange, this.chain)
-			.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(new TestingAuthenticationToken("a", "b", "R")));
+		Mono<Void> result = filter.filter(this.exchange, this.chain).subscriberContext(
+				ReactiveSecurityContextHolder.withAuthentication(new TestingAuthenticationToken("a", "b", "R")));
 
-		StepVerifier.create(result)
-			.expectError(AccessDeniedException.class)
-			.verify();
+		StepVerifier.create(result).expectError(AccessDeniedException.class).verify();
 		this.chainResult.assertWasNotSubscribed();
 	}
 
@@ -94,15 +91,13 @@ public class AuthorizationWebFilterTests {
 	public void filterWhenDoesNotAccessAuthenticationThenSecurityContextNotSubscribed() {
 		PublisherProbe<SecurityContext> context = PublisherProbe.empty();
 		when(this.chain.filter(this.exchange)).thenReturn(this.chainResult.mono());
-		AuthorizationWebFilter filter = new AuthorizationWebFilter((a, e) -> Mono.error(new AccessDeniedException("Denied")));
+		AuthorizationWebFilter filter = new AuthorizationWebFilter(
+				(a, e) -> Mono.error(new AccessDeniedException("Denied")));
 
-		Mono<Void> result = filter
-			.filter(this.exchange, this.chain)
-			.subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(context.mono()));
+		Mono<Void> result = filter.filter(this.exchange, this.chain)
+				.subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(context.mono()));
 
-		StepVerifier.create(result)
-			.expectError(AccessDeniedException.class)
-			.verify();
+		StepVerifier.create(result).expectError(AccessDeniedException.class).verify();
 		this.chainResult.assertWasNotSubscribed();
 		context.assertWasNotSubscribed();
 	}
@@ -111,14 +106,13 @@ public class AuthorizationWebFilterTests {
 	public void filterWhenGrantedAndDoesNotAccessAuthenticationThenChainSubscribedAndSecurityContextNotSubscribed() {
 		PublisherProbe<SecurityContext> context = PublisherProbe.empty();
 		when(this.chain.filter(this.exchange)).thenReturn(this.chainResult.mono());
-		AuthorizationWebFilter filter = new AuthorizationWebFilter((a, e) -> Mono.just(new AuthorizationDecision(true)));
+		AuthorizationWebFilter filter = new AuthorizationWebFilter(
+				(a, e) -> Mono.just(new AuthorizationDecision(true)));
 
-		Mono<Void> result = filter
-			.filter(this.exchange, this.chain)
-			.subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(context.mono()));
+		Mono<Void> result = filter.filter(this.exchange, this.chain)
+				.subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(context.mono()));
 
-		StepVerifier.create(result)
-			.verifyComplete();
+		StepVerifier.create(result).verifyComplete();
 		this.chainResult.assertWasSubscribed();
 		context.assertWasNotSubscribed();
 	}
@@ -128,17 +122,14 @@ public class AuthorizationWebFilterTests {
 		PublisherProbe<SecurityContext> context = PublisherProbe.empty();
 		when(this.chain.filter(this.exchange)).thenReturn(this.chainResult.mono());
 		AuthorizationWebFilter filter = new AuthorizationWebFilter((a, e) -> a
-			.map( auth -> new AuthorizationDecision(true))
-			.defaultIfEmpty(new AuthorizationDecision(true))
-		);
+				.map(auth -> new AuthorizationDecision(true)).defaultIfEmpty(new AuthorizationDecision(true)));
 
-		Mono<Void> result = filter
-			.filter(this.exchange, this.chain)
-			.subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(context.mono()));
+		Mono<Void> result = filter.filter(this.exchange, this.chain)
+				.subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(context.mono()));
 
-		StepVerifier.create(result)
-			.verifyComplete();
+		StepVerifier.create(result).verifyComplete();
 		this.chainResult.assertWasSubscribed();
 		context.assertWasSubscribed();
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/server/authorization/DelegatingReactiveAuthorizationManagerTests.java b/web/src/test/java/org/springframework/security/web/server/authorization/DelegatingReactiveAuthorizationManagerTests.java
index e141d4c01e..48e3e8bb39 100644
--- a/web/src/test/java/org/springframework/security/web/server/authorization/DelegatingReactiveAuthorizationManagerTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authorization/DelegatingReactiveAuthorizationManagerTests.java
@@ -41,16 +41,25 @@ import static org.mockito.Mockito.when;
  */
 @RunWith(MockitoJUnitRunner.class)
 public class DelegatingReactiveAuthorizationManagerTests {
+
 	@Mock
 	ServerWebExchangeMatcher match1;
+
 	@Mock
 	ServerWebExchangeMatcher match2;
-	@Mock AuthorityReactiveAuthorizationManager<AuthorizationContext> delegate1;
-	@Mock AuthorityReactiveAuthorizationManager<AuthorizationContext> delegate2;
+
+	@Mock
+	AuthorityReactiveAuthorizationManager<AuthorizationContext> delegate1;
+
+	@Mock
+	AuthorityReactiveAuthorizationManager<AuthorizationContext> delegate2;
+
 	@Mock
 	ServerWebExchange exchange;
+
 	@Mock
 	Mono<Authentication> authentication;
+
 	@Mock
 	AuthorizationDecision decision;
 
@@ -59,9 +68,8 @@ public class DelegatingReactiveAuthorizationManagerTests {
 	@Before
 	public void setup() {
 		manager = DelegatingReactiveAuthorizationManager.builder()
-			.add(new ServerWebExchangeMatcherEntry<>(match1, delegate1))
-			.add(new ServerWebExchangeMatcherEntry<>(match2, delegate2))
-			.build();
+				.add(new ServerWebExchangeMatcherEntry<>(match1, delegate1))
+				.add(new ServerWebExchangeMatcherEntry<>(match2, delegate2)).build();
 	}
 
 	@Test
@@ -84,4 +92,5 @@ public class DelegatingReactiveAuthorizationManagerTests {
 
 		verifyZeroInteractions(delegate1);
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/server/authorization/ExceptionTranslationWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/authorization/ExceptionTranslationWebFilterTests.java
index c4ffb1c1b5..8995ae1a4e 100644
--- a/web/src/test/java/org/springframework/security/web/server/authorization/ExceptionTranslationWebFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authorization/ExceptionTranslationWebFilterTests.java
@@ -44,18 +44,24 @@ import static org.mockito.Mockito.when;
  */
 @RunWith(MockitoJUnitRunner.class)
 public class ExceptionTranslationWebFilterTests {
+
 	@Mock
 	private Principal principal;
+
 	@Mock
 	private ServerWebExchange exchange;
+
 	@Mock
 	private WebFilterChain chain;
+
 	@Mock
 	private ServerAccessDeniedHandler deniedHandler;
+
 	@Mock
 	private ServerAuthenticationEntryPoint entryPoint;
 
 	private PublisherProbe<Void> deniedPublisher = PublisherProbe.empty();
+
 	private PublisherProbe<Void> entryPointPublisher = PublisherProbe.empty();
 
 	private ExceptionTranslationWebFilter filter = new ExceptionTranslationWebFilter();
@@ -74,9 +80,7 @@ public class ExceptionTranslationWebFilterTests {
 	public void filterWhenNoExceptionThenNotHandled() {
 		when(this.chain.filter(this.exchange)).thenReturn(Mono.empty());
 
-		StepVerifier.create(this.filter.filter(this.exchange, this.chain))
-			.expectComplete()
-			.verify();
+		StepVerifier.create(this.filter.filter(this.exchange, this.chain)).expectComplete().verify();
 
 		this.deniedPublisher.assertWasNotSubscribed();
 		this.entryPointPublisher.assertWasNotSubscribed();
@@ -86,9 +90,8 @@ public class ExceptionTranslationWebFilterTests {
 	public void filterWhenNotAccessDeniedExceptionThenNotHandled() {
 		when(this.chain.filter(this.exchange)).thenReturn(Mono.error(new IllegalArgumentException("oops")));
 
-		StepVerifier.create(this.filter.filter(this.exchange, this.chain))
-			.expectError(IllegalArgumentException.class)
-			.verify();
+		StepVerifier.create(this.filter.filter(this.exchange, this.chain)).expectError(IllegalArgumentException.class)
+				.verify();
 
 		this.deniedPublisher.assertWasNotSubscribed();
 		this.entryPointPublisher.assertWasNotSubscribed();
@@ -99,26 +102,21 @@ public class ExceptionTranslationWebFilterTests {
 		when(this.exchange.getPrincipal()).thenReturn(Mono.empty());
 		when(this.chain.filter(this.exchange)).thenReturn(Mono.error(new AccessDeniedException("Not Authorized")));
 
-		StepVerifier.create(this.filter.filter(this.exchange, this.chain))
-			.verifyComplete();
+		StepVerifier.create(this.filter.filter(this.exchange, this.chain)).verifyComplete();
 
 		this.deniedPublisher.assertWasNotSubscribed();
 		this.entryPointPublisher.assertWasSubscribed();
 	}
 
-
 	@Test
 	public void filterWhenDefaultsAndAccessDeniedExceptionAndAuthenticatedThenForbidden() {
 		this.filter = new ExceptionTranslationWebFilter();
 		when(this.exchange.getPrincipal()).thenReturn(Mono.just(this.principal));
 		when(this.chain.filter(this.exchange)).thenReturn(Mono.error(new AccessDeniedException("Not Authorized")));
 
-		StepVerifier.create(this.filter.filter(this.exchange, this.chain))
-			.expectComplete()
-			.verify();
+		StepVerifier.create(this.filter.filter(this.exchange, this.chain)).expectComplete().verify();
 
-		assertThat(this.exchange.getResponse().getStatusCode()).isEqualTo(
-			HttpStatus.FORBIDDEN);
+		assertThat(this.exchange.getResponse().getStatusCode()).isEqualTo(HttpStatus.FORBIDDEN);
 	}
 
 	@Test
@@ -127,12 +125,9 @@ public class ExceptionTranslationWebFilterTests {
 		when(this.exchange.getPrincipal()).thenReturn(Mono.empty());
 		when(this.chain.filter(this.exchange)).thenReturn(Mono.error(new AccessDeniedException("Not Authorized")));
 
-		StepVerifier.create(this.filter.filter(this.exchange, this.chain))
-			.expectComplete()
-			.verify();
+		StepVerifier.create(this.filter.filter(this.exchange, this.chain)).expectComplete().verify();
 
-		assertThat(this.exchange.getResponse().getStatusCode()).isEqualTo(
-			HttpStatus.UNAUTHORIZED);
+		assertThat(this.exchange.getResponse().getStatusCode()).isEqualTo(HttpStatus.UNAUTHORIZED);
 	}
 
 	@Test
@@ -140,9 +135,7 @@ public class ExceptionTranslationWebFilterTests {
 		when(this.exchange.getPrincipal()).thenReturn(Mono.just(this.principal));
 		when(this.chain.filter(this.exchange)).thenReturn(Mono.error(new AccessDeniedException("Not Authorized")));
 
-		StepVerifier.create(this.filter.filter(this.exchange, this.chain))
-			.expectComplete()
-			.verify();
+		StepVerifier.create(this.filter.filter(this.exchange, this.chain)).expectComplete().verify();
 
 		this.deniedPublisher.assertWasSubscribed();
 		this.entryPointPublisher.assertWasNotSubscribed();
@@ -157,4 +150,5 @@ public class ExceptionTranslationWebFilterTests {
 	public void setAuthenticationEntryPointWhenNullThenException() {
 		this.filter.setAuthenticationEntryPoint(null);
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/server/authorization/HttpStatusServerAccessDeniedHandlerTests.java b/web/src/test/java/org/springframework/security/web/server/authorization/HttpStatusServerAccessDeniedHandlerTests.java
index b61e5ee6d0..599bbd842b 100644
--- a/web/src/test/java/org/springframework/security/web/server/authorization/HttpStatusServerAccessDeniedHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authorization/HttpStatusServerAccessDeniedHandlerTests.java
@@ -36,9 +36,12 @@ import static org.mockito.Mockito.verifyZeroInteractions;
  */
 @RunWith(MockitoJUnitRunner.class)
 public class HttpStatusServerAccessDeniedHandlerTests {
+
 	@Mock
 	private ServerWebExchange exchange;
+
 	private HttpStatus httpStatus = HttpStatus.FORBIDDEN;
+
 	private HttpStatusServerAccessDeniedHandler handler = new HttpStatusServerAccessDeniedHandler(this.httpStatus);
 
 	private AccessDeniedException exception = new AccessDeniedException("Forbidden");
@@ -74,4 +77,5 @@ public class HttpStatusServerAccessDeniedHandlerTests {
 
 		assertThat(this.exchange.getResponse().getStatusCode()).isEqualTo(this.httpStatus);
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/server/authorization/ServerWebExchangeDelegatingServerAccessDeniedHandlerTests.java b/web/src/test/java/org/springframework/security/web/server/authorization/ServerWebExchangeDelegatingServerAccessDeniedHandlerTests.java
index 762ef57693..7089b4d6bb 100644
--- a/web/src/test/java/org/springframework/security/web/server/authorization/ServerWebExchangeDelegatingServerAccessDeniedHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authorization/ServerWebExchangeDelegatingServerAccessDeniedHandlerTests.java
@@ -35,9 +35,13 @@ import static org.springframework.security.web.server.util.matcher.ServerWebExch
 import static org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher.MatchResult.notMatch;
 
 public class ServerWebExchangeDelegatingServerAccessDeniedHandlerTests {
+
 	private ServerWebExchangeDelegatingServerAccessDeniedHandler delegator;
+
 	private List<ServerWebExchangeDelegatingServerAccessDeniedHandler.DelegateEntry> entries;
+
 	private ServerAccessDeniedHandler accessDeniedHandler;
+
 	private ServerWebExchange exchange;
 
 	@Before
@@ -109,4 +113,5 @@ public class ServerWebExchangeDelegatingServerAccessDeniedHandlerTests {
 		verify(firstHandler, never()).handle(this.exchange, null);
 		verify(this.accessDeniedHandler, never()).handle(this.exchange, null);
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/server/context/NoOpServerSecurityContextRepositoryTests.java b/web/src/test/java/org/springframework/security/web/server/context/NoOpServerSecurityContextRepositoryTests.java
index 6ed30a08b3..3f64204489 100644
--- a/web/src/test/java/org/springframework/security/web/server/context/NoOpServerSecurityContextRepositoryTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/context/NoOpServerSecurityContextRepositoryTests.java
@@ -30,6 +30,7 @@ import reactor.test.StepVerifier;
  * @since 5.0
  */
 public class NoOpServerSecurityContextRepositoryTests {
+
 	NoOpServerSecurityContextRepository repository = NoOpServerSecurityContextRepository.getInstance();
 
 	ServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/").build());
@@ -38,12 +39,10 @@ public class NoOpServerSecurityContextRepositoryTests {
 	public void saveAndLoad() {
 		SecurityContext context = new SecurityContextImpl();
 
-		Mono<SecurityContext> result =
-			this.repository.save(this.exchange, context)
-			.then(this.repository.load(this.exchange));
+		Mono<SecurityContext> result = this.repository.save(this.exchange, context)
+				.then(this.repository.load(this.exchange));
 
-		StepVerifier.create(result)
-			.verifyComplete();
+		StepVerifier.create(result).verifyComplete();
 	}
 
 }
diff --git a/web/src/test/java/org/springframework/security/web/server/context/ReactorContextWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/context/ReactorContextWebFilterTests.java
index 5e7405bb68..09d7c8a6d7 100644
--- a/web/src/test/java/org/springframework/security/web/server/context/ReactorContextWebFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/context/ReactorContextWebFilterTests.java
@@ -39,13 +39,13 @@ import reactor.util.context.Context;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.Mockito.*;
 
-
 /**
  * @author Rob Winch
  * @since 5.0
  */
 @RunWith(MockitoJUnitRunner.class)
 public class ReactorContextWebFilterTests {
+
 	@Mock
 	private Authentication principal;
 
@@ -60,7 +60,6 @@ public class ReactorContextWebFilterTests {
 
 	private WebTestHandler handler;
 
-
 	@Before
 	public void setup() {
 		this.filter = new ReactorContextWebFilter(this.repository);
@@ -97,12 +96,9 @@ public class ReactorContextWebFilterTests {
 	public void filterWhenPrincipalAndGetPrincipalThenInteractAndUseOriginalPrincipal() {
 		SecurityContextImpl context = new SecurityContextImpl(this.principal);
 		when(this.repository.load(any())).thenReturn(Mono.just(context));
-		this.handler = WebTestHandler.bindToWebFilters(this.filter, (e, c) ->
-			ReactiveSecurityContextHolder.getContext()
-				.map(SecurityContext::getAuthentication)
-				.doOnSuccess( p -> assertThat(p).isSameAs(this.principal))
-				.flatMap(p -> c.filter(e))
-		);
+		this.handler = WebTestHandler.bindToWebFilters(this.filter,
+				(e, c) -> ReactiveSecurityContextHolder.getContext().map(SecurityContext::getAuthentication)
+						.doOnSuccess(p -> assertThat(p).isSameAs(this.principal)).flatMap(p -> c.filter(e)));
 
 		WebTestHandler.WebHandlerResult result = this.handler.exchange(this.exchange);
 
@@ -113,16 +109,11 @@ public class ReactorContextWebFilterTests {
 	// gh-4962
 	public void filterWhenMainContextThenDoesNotOverride() {
 		String contextKey = "main";
-		WebFilter mainContextWebFilter = (e, c) -> c
-			.filter(e)
-			.subscriberContext(Context.of(contextKey, true));
+		WebFilter mainContextWebFilter = (e, c) -> c.filter(e).subscriberContext(Context.of(contextKey, true));
 
 		WebFilterChain chain = new DefaultWebFilterChain(e -> Mono.empty(), mainContextWebFilter, this.filter);
 		Mono<Void> filter = chain.filter(MockServerWebExchange.from(this.exchange.build()));
-		StepVerifier.create(filter)
-			.expectAccessibleContext()
-			.hasKey(contextKey)
-			.then()
-			.verifyComplete();
+		StepVerifier.create(filter).expectAccessibleContext().hasKey(contextKey).then().verifyComplete();
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/server/context/SecurityContextServerWebExchangeWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/context/SecurityContextServerWebExchangeWebFilterTests.java
index 58e3b6a0d6..7b1b7a74ea 100644
--- a/web/src/test/java/org/springframework/security/web/server/context/SecurityContextServerWebExchangeWebFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/context/SecurityContextServerWebExchangeWebFilterTests.java
@@ -34,6 +34,7 @@ import static org.assertj.core.api.Assertions.assertThat;
  * @since 5.0
  */
 public class SecurityContextServerWebExchangeWebFilterTests {
+
 	SecurityContextServerWebExchangeWebFilter filter = new SecurityContextServerWebExchangeWebFilter();
 
 	Authentication principal = new TestingAuthenticationToken("user", "password", "ROLE_USER");
@@ -42,47 +43,37 @@ public class SecurityContextServerWebExchangeWebFilterTests {
 
 	@Test
 	public void filterWhenExistingContextAndPrincipalNotNullThenContextPopulated() {
-		Mono<Void> result = this.filter.filter(this.exchange, new DefaultWebFilterChain( e ->
-				e.getPrincipal()
-					.doOnSuccess(contextPrincipal -> assertThat(contextPrincipal).isEqualTo(principal))
-					.flatMap( contextPrincipal -> Mono.subscriberContext())
-					.doOnSuccess( context -> assertThat(context.<String>get("foo")).isEqualTo("bar"))
-					.then()
-			)
-		)
-		.subscriberContext( context -> context.put("foo", "bar"))
-		.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.principal));
+		Mono<Void> result = this.filter
+				.filter(this.exchange, new DefaultWebFilterChain(e -> e.getPrincipal()
+						.doOnSuccess(contextPrincipal -> assertThat(contextPrincipal).isEqualTo(principal))
+						.flatMap(contextPrincipal -> Mono.subscriberContext())
+						.doOnSuccess(context -> assertThat(context.<String>get("foo")).isEqualTo("bar")).then()))
+				.subscriberContext(context -> context.put("foo", "bar"))
+				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.principal));
 
-		StepVerifier.create(result)
-			.verifyComplete();
+		StepVerifier.create(result).verifyComplete();
 	}
 
 	@Test
 	public void filterWhenPrincipalNotNullThenContextPopulated() {
-		Mono<Void> result = this.filter.filter(this.exchange, new DefaultWebFilterChain( e ->
-				e.getPrincipal()
-					.doOnSuccess(contextPrincipal -> assertThat(contextPrincipal).isEqualTo(this.principal))
-					.then()
-			)
-		)
-		.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.principal));
+		Mono<Void> result = this.filter
+				.filter(this.exchange,
+						new DefaultWebFilterChain(e -> e.getPrincipal()
+								.doOnSuccess(contextPrincipal -> assertThat(contextPrincipal).isEqualTo(this.principal))
+								.then()))
+				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.principal));
 
-		StepVerifier.create(result)
-			.verifyComplete();
+		StepVerifier.create(result).verifyComplete();
 	}
 
 	@Test
 	public void filterWhenPrincipalNullThenContextEmpty() {
 		Authentication defaultAuthentication = new TestingAuthenticationToken("anonymouse", "anonymous", "TEST");
-		Mono<Void> result = this.filter.filter(this.exchange, new DefaultWebFilterChain( e ->
-				e.getPrincipal()
-					.defaultIfEmpty(defaultAuthentication)
-					.doOnSuccess( contextPrincipal -> assertThat(contextPrincipal).isEqualTo(defaultAuthentication)
-					)
-					.then()
-			)
-		);
-		StepVerifier.create(result)
-			.verifyComplete();
+		Mono<Void> result = this.filter.filter(this.exchange,
+				new DefaultWebFilterChain(e -> e.getPrincipal().defaultIfEmpty(defaultAuthentication)
+						.doOnSuccess(contextPrincipal -> assertThat(contextPrincipal).isEqualTo(defaultAuthentication))
+						.then()));
+		StepVerifier.create(result).verifyComplete();
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/server/context/WebSessionServerSecurityContextRepositoryTests.java b/web/src/test/java/org/springframework/security/web/server/context/WebSessionServerSecurityContextRepositoryTests.java
index b665a62f15..8336e89b46 100644
--- a/web/src/test/java/org/springframework/security/web/server/context/WebSessionServerSecurityContextRepositoryTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/context/WebSessionServerSecurityContextRepositoryTests.java
@@ -31,8 +31,7 @@ import static org.assertj.core.api.Assertions.*;
  */
 public class WebSessionServerSecurityContextRepositoryTests {
 
-	private MockServerWebExchange exchange = MockServerWebExchange.from(
-		MockServerHttpRequest.get("/"));
+	private MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/"));
 
 	private WebSessionServerSecurityContextRepository repository = new WebSessionServerSecurityContextRepository();
 
@@ -86,4 +85,5 @@ public class WebSessionServerSecurityContextRepositoryTests {
 		SecurityContext context = this.repository.load(this.exchange).block();
 		assertThat(context).isNull();
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/server/csrf/CookieServerCsrfTokenRepositoryTests.java b/web/src/test/java/org/springframework/security/web/server/csrf/CookieServerCsrfTokenRepositoryTests.java
index f413678f91..e03083109b 100644
--- a/web/src/test/java/org/springframework/security/web/server/csrf/CookieServerCsrfTokenRepositoryTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/csrf/CookieServerCsrfTokenRepositoryTests.java
@@ -33,6 +33,7 @@ import static org.assertj.core.api.Assertions.assertThat;
  * @since 5.1
  */
 public class CookieServerCsrfTokenRepositoryTests {
+
 	private MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/someUri"));
 
 	private CookieServerCsrfTokenRepository csrfTokenRepository = new CookieServerCsrfTokenRepository();
@@ -86,10 +87,7 @@ public class CookieServerCsrfTokenRepositoryTests {
 	public void saveTokenWhenNoSubscriptionThenNotWritten() {
 		this.csrfTokenRepository.saveToken(this.exchange, createToken());
 
-		assertThat(this.exchange
-				.getResponse()
-				.getCookies()
-				.getFirst(this.expectedCookieName)).isNull();
+		assertThat(this.exchange.getResponse().getCookies().getFirst(this.expectedCookieName)).isNull();
 	}
 
 	@Test
@@ -190,8 +188,7 @@ public class CookieServerCsrfTokenRepositoryTests {
 
 	private void loadAndAssertExpectedValues() {
 		MockServerHttpRequest.BodyBuilder request = MockServerHttpRequest.post("/someUri")
-				.cookie(new HttpCookie(this.expectedCookieName,
-						this.expectedCookieValue));
+				.cookie(new HttpCookie(this.expectedCookieName, this.expectedCookieValue));
 		this.exchange = MockServerWebExchange.from(request);
 
 		CsrfToken csrfToken = this.csrfTokenRepository.loadToken(this.exchange).block();
@@ -215,10 +212,7 @@ public class CookieServerCsrfTokenRepositoryTests {
 
 		this.csrfTokenRepository.saveToken(this.exchange, token).block();
 
-		ResponseCookie cookie =  this.exchange
-				.getResponse()
-				.getCookies()
-				.getFirst(this.expectedCookieName);
+		ResponseCookie cookie = this.exchange.getResponse().getCookies().getFirst(this.expectedCookieName);
 
 		assertThat(cookie).isNotNull();
 		assertThat(cookie.getMaxAge()).isEqualTo(this.expectedMaxAge);
@@ -239,13 +233,12 @@ public class CookieServerCsrfTokenRepositoryTests {
 		assertThat(csrfToken.getToken()).isNotBlank();
 	}
 
-
 	private CsrfToken createToken() {
-		return createToken(this.expectedHeaderName,
-			this.expectedParameterName, this.expectedCookieValue);
+		return createToken(this.expectedHeaderName, this.expectedParameterName, this.expectedCookieValue);
 	}
 
 	private static CsrfToken createToken(String headerName, String parameterName, String tokenValue) {
 		return new DefaultCsrfToken(headerName, parameterName, tokenValue);
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/server/csrf/CsrfServerLogoutHandlerTests.java b/web/src/test/java/org/springframework/security/web/server/csrf/CsrfServerLogoutHandlerTests.java
index 07dea382d3..03a975b4ff 100644
--- a/web/src/test/java/org/springframework/security/web/server/csrf/CsrfServerLogoutHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/csrf/CsrfServerLogoutHandlerTests.java
@@ -38,6 +38,7 @@ import reactor.core.publisher.Mono;
  */
 @RunWith(MockitoJUnitRunner.class)
 public class CsrfServerLogoutHandlerTests {
+
 	@Mock
 	private ServerCsrfTokenRepository csrfTokenRepository;
 
@@ -60,18 +61,16 @@ public class CsrfServerLogoutHandlerTests {
 
 	@Test
 	public void constructorNullCsrfTokenRepository() {
-		assertThatExceptionOfType(IllegalArgumentException.class)
-				.isThrownBy(() -> new CsrfServerLogoutHandler(null))
-				.withMessage("csrfTokenRepository cannot be null")
-				.withNoCause();
+		assertThatExceptionOfType(IllegalArgumentException.class).isThrownBy(() -> new CsrfServerLogoutHandler(null))
+				.withMessage("csrfTokenRepository cannot be null").withNoCause();
 	}
 
 	@Test
 	public void logoutRemovesCsrfToken() {
-		this.handler.logout(
-				this.filterExchange,
-				new TestingAuthenticationToken("user", "password", "ROLE_USER")).block();
+		this.handler.logout(this.filterExchange, new TestingAuthenticationToken("user", "password", "ROLE_USER"))
+				.block();
 
 		verify(this.csrfTokenRepository).saveToken(this.exchange, null);
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/server/csrf/CsrfWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/csrf/CsrfWebFilterTests.java
index 24882edbf6..5f846e2b99 100644
--- a/web/src/test/java/org/springframework/security/web/server/csrf/CsrfWebFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/csrf/CsrfWebFilterTests.java
@@ -52,8 +52,10 @@ import static org.springframework.web.reactive.function.BodyInserters.fromMultip
  */
 @RunWith(MockitoJUnitRunner.class)
 public class CsrfWebFilterTests {
+
 	@Mock
 	private WebFilterChain chain;
+
 	@Mock
 	private ServerCsrfTokenRepository repository;
 
@@ -61,11 +63,9 @@ public class CsrfWebFilterTests {
 
 	private CsrfWebFilter csrfFilter = new CsrfWebFilter();
 
-	private MockServerWebExchange get = from(
-		MockServerHttpRequest.get("/"));
+	private MockServerWebExchange get = from(MockServerHttpRequest.get("/"));
 
-	private ServerWebExchange post = from(
-		MockServerHttpRequest.post("/"));
+	private ServerWebExchange post = from(MockServerHttpRequest.post("/"));
 
 	@Test
 	public void filterWhenGetThenSessionNotCreatedAndChainContinues() {
@@ -74,14 +74,10 @@ public class CsrfWebFilterTests {
 
 		Mono<Void> result = this.csrfFilter.filter(this.get, this.chain);
 
-		StepVerifier.create(result)
-			.verifyComplete();
+		StepVerifier.create(result).verifyComplete();
 
-		Mono<Boolean> isSessionStarted = this.get.getSession()
-			.map(WebSession::isStarted);
-		StepVerifier.create(isSessionStarted)
-			.expectNext(false)
-			.verifyComplete();
+		Mono<Boolean> isSessionStarted = this.get.getSession().map(WebSession::isStarted);
+		StepVerifier.create(isSessionStarted).expectNext(false).verifyComplete();
 
 		chainResult.assertWasSubscribed();
 	}
@@ -90,8 +86,7 @@ public class CsrfWebFilterTests {
 	public void filterWhenPostAndNoTokenThenCsrfException() {
 		Mono<Void> result = this.csrfFilter.filter(this.post, this.chain);
 
-		StepVerifier.create(result)
-			.verifyComplete();
+		StepVerifier.create(result).verifyComplete();
 
 		assertThat(this.post.getResponse().getStatusCode()).isEqualTo(HttpStatus.FORBIDDEN);
 	}
@@ -99,14 +94,11 @@ public class CsrfWebFilterTests {
 	@Test
 	public void filterWhenPostAndEstablishedCsrfTokenAndRequestMissingTokenThenCsrfException() {
 		this.csrfFilter.setCsrfTokenRepository(this.repository);
-		when(this.repository.loadToken(any()))
-			.thenReturn(Mono.just(this.token));
+		when(this.repository.loadToken(any())).thenReturn(Mono.just(this.token));
 
 		Mono<Void> result = this.csrfFilter.filter(this.post, this.chain);
 
-
-		StepVerifier.create(result)
-			.verifyComplete();
+		StepVerifier.create(result).verifyComplete();
 
 		assertThat(this.post.getResponse().getStatusCode()).isEqualTo(HttpStatus.FORBIDDEN);
 	}
@@ -114,15 +106,13 @@ public class CsrfWebFilterTests {
 	@Test
 	public void filterWhenPostAndEstablishedCsrfTokenAndRequestParamInvalidTokenThenCsrfException() {
 		this.csrfFilter.setCsrfTokenRepository(this.repository);
-		when(this.repository.loadToken(any()))
-			.thenReturn(Mono.just(this.token));
+		when(this.repository.loadToken(any())).thenReturn(Mono.just(this.token));
 		this.post = from(MockServerHttpRequest.post("/")
-			.body(this.token.getParameterName() + "="+this.token.getToken()+"INVALID"));
+				.body(this.token.getParameterName() + "=" + this.token.getToken() + "INVALID"));
 
 		Mono<Void> result = this.csrfFilter.filter(this.post, this.chain);
 
-		StepVerifier.create(result)
-			.verifyComplete();
+		StepVerifier.create(result).verifyComplete();
 
 		assertThat(this.post.getResponse().getStatusCode()).isEqualTo(HttpStatus.FORBIDDEN);
 	}
@@ -133,18 +123,14 @@ public class CsrfWebFilterTests {
 		when(this.chain.filter(any())).thenReturn(chainResult.mono());
 
 		this.csrfFilter.setCsrfTokenRepository(this.repository);
-		when(this.repository.loadToken(any()))
-			.thenReturn(Mono.just(this.token));
-		when(this.repository.generateToken(any()))
-			.thenReturn(Mono.just(this.token));
-		this.post = from(MockServerHttpRequest.post("/")
-			.contentType(MediaType.APPLICATION_FORM_URLENCODED)
-			.body(this.token.getParameterName() + "="+this.token.getToken()));
+		when(this.repository.loadToken(any())).thenReturn(Mono.just(this.token));
+		when(this.repository.generateToken(any())).thenReturn(Mono.just(this.token));
+		this.post = from(MockServerHttpRequest.post("/").contentType(MediaType.APPLICATION_FORM_URLENCODED)
+				.body(this.token.getParameterName() + "=" + this.token.getToken()));
 
 		Mono<Void> result = this.csrfFilter.filter(this.post, this.chain);
 
-		StepVerifier.create(result)
-			.verifyComplete();
+		StepVerifier.create(result).verifyComplete();
 
 		chainResult.assertWasSubscribed();
 	}
@@ -152,15 +138,13 @@ public class CsrfWebFilterTests {
 	@Test
 	public void filterWhenPostAndEstablishedCsrfTokenAndHeaderInvalidTokenThenCsrfException() {
 		this.csrfFilter.setCsrfTokenRepository(this.repository);
-		when(this.repository.loadToken(any()))
-			.thenReturn(Mono.just(this.token));
-		this.post = from(MockServerHttpRequest.post("/")
-			.header(this.token.getHeaderName(), this.token.getToken()+"INVALID"));
+		when(this.repository.loadToken(any())).thenReturn(Mono.just(this.token));
+		this.post = from(
+				MockServerHttpRequest.post("/").header(this.token.getHeaderName(), this.token.getToken() + "INVALID"));
 
 		Mono<Void> result = this.csrfFilter.filter(this.post, this.chain);
 
-		StepVerifier.create(result)
-			.verifyComplete();
+		StepVerifier.create(result).verifyComplete();
 
 		assertThat(this.post.getResponse().getStatusCode()).isEqualTo(HttpStatus.FORBIDDEN);
 	}
@@ -171,17 +155,13 @@ public class CsrfWebFilterTests {
 		when(this.chain.filter(any())).thenReturn(chainResult.mono());
 
 		this.csrfFilter.setCsrfTokenRepository(this.repository);
-		when(this.repository.loadToken(any()))
-			.thenReturn(Mono.just(this.token));
-		when(this.repository.generateToken(any()))
-			.thenReturn(Mono.just(this.token));
-		this.post = from(MockServerHttpRequest.post("/")
-			.header(this.token.getHeaderName(), this.token.getToken()));
+		when(this.repository.loadToken(any())).thenReturn(Mono.just(this.token));
+		when(this.repository.generateToken(any())).thenReturn(Mono.just(this.token));
+		this.post = from(MockServerHttpRequest.post("/").header(this.token.getHeaderName(), this.token.getToken()));
 
 		Mono<Void> result = this.csrfFilter.filter(this.post, this.chain);
 
-		StepVerifier.create(result)
-			.verifyComplete();
+		StepVerifier.create(result).verifyComplete();
 
 		chainResult.assertWasSubscribed();
 	}
@@ -189,10 +169,12 @@ public class CsrfWebFilterTests {
 	@Test
 	// gh-8452
 	public void matchesRequireCsrfProtectionWhenNonStandardHTTPMethodIsUsed() {
-		MockServerWebExchange nonStandardHttpExchange = from(MockServerHttpRequest.method("non-standard-http-method", "/"));
+		MockServerWebExchange nonStandardHttpExchange = from(
+				MockServerHttpRequest.method("non-standard-http-method", "/"));
 
 		ServerWebExchangeMatcher serverWebExchangeMatcher = CsrfWebFilter.DEFAULT_CSRF_MATCHER;
-		assertThat(serverWebExchangeMatcher.matches(nonStandardHttpExchange).map(MatchResult::isMatch).block()).isTrue();
+		assertThat(serverWebExchangeMatcher.matches(nonStandardHttpExchange).map(MatchResult::isMatch).block())
+				.isTrue();
 	}
 
 	@Test
@@ -213,87 +195,64 @@ public class CsrfWebFilterTests {
 	@Test
 	public void filterWhenMultipartFormDataAndNotEnabledThenDenied() {
 		this.csrfFilter.setCsrfTokenRepository(this.repository);
-		when(this.repository.loadToken(any()))
-				.thenReturn(Mono.just(this.token));
+		when(this.repository.loadToken(any())).thenReturn(Mono.just(this.token));
 
-		WebTestClient client = WebTestClient.bindToController(new OkController())
-				.webFilter(this.csrfFilter)
-				.build();
+		WebTestClient client = WebTestClient.bindToController(new OkController()).webFilter(this.csrfFilter).build();
 
-		client.post()
-				.uri("/")
-				.contentType(MediaType.MULTIPART_FORM_DATA)
-				.body(fromMultipartData(this.token.getParameterName(), this.token.getToken()))
-				.exchange()
-				.expectStatus().isForbidden();
+		client.post().uri("/").contentType(MediaType.MULTIPART_FORM_DATA)
+				.body(fromMultipartData(this.token.getParameterName(), this.token.getToken())).exchange().expectStatus()
+				.isForbidden();
 	}
 
 	@Test
 	public void filterWhenMultipartFormDataAndEnabledThenGranted() {
 		this.csrfFilter.setCsrfTokenRepository(this.repository);
 		this.csrfFilter.setTokenFromMultipartDataEnabled(true);
-		when(this.repository.loadToken(any()))
-				.thenReturn(Mono.just(this.token));
-		when(this.repository.generateToken(any()))
-				.thenReturn(Mono.just(this.token));
+		when(this.repository.loadToken(any())).thenReturn(Mono.just(this.token));
+		when(this.repository.generateToken(any())).thenReturn(Mono.just(this.token));
 
-		WebTestClient client = WebTestClient.bindToController(new OkController())
-			.webFilter(this.csrfFilter)
-			.build();
+		WebTestClient client = WebTestClient.bindToController(new OkController()).webFilter(this.csrfFilter).build();
 
-		client.post()
-			.uri("/")
-			.contentType(MediaType.MULTIPART_FORM_DATA)
-			.body(fromMultipartData(this.token.getParameterName(), this.token.getToken()))
-			.exchange()
-				.expectStatus().is2xxSuccessful();
+		client.post().uri("/").contentType(MediaType.MULTIPART_FORM_DATA)
+				.body(fromMultipartData(this.token.getParameterName(), this.token.getToken())).exchange().expectStatus()
+				.is2xxSuccessful();
 	}
 
 	@Test
 	public void filterWhenFormDataAndEnabledThenGranted() {
 		this.csrfFilter.setCsrfTokenRepository(this.repository);
 		this.csrfFilter.setTokenFromMultipartDataEnabled(true);
-		when(this.repository.loadToken(any()))
-				.thenReturn(Mono.just(this.token));
-		when(this.repository.generateToken(any()))
-				.thenReturn(Mono.just(this.token));
+		when(this.repository.loadToken(any())).thenReturn(Mono.just(this.token));
+		when(this.repository.generateToken(any())).thenReturn(Mono.just(this.token));
 
-		WebTestClient client = WebTestClient.bindToController(new OkController())
-				.webFilter(this.csrfFilter)
-				.build();
+		WebTestClient client = WebTestClient.bindToController(new OkController()).webFilter(this.csrfFilter).build();
 
-		client.post()
-				.uri("/")
-				.contentType(MediaType.APPLICATION_FORM_URLENCODED)
-				.bodyValue(this.token.getParameterName() + "="+this.token.getToken())
-				.exchange()
-				.expectStatus().is2xxSuccessful();
+		client.post().uri("/").contentType(MediaType.APPLICATION_FORM_URLENCODED)
+				.bodyValue(this.token.getParameterName() + "=" + this.token.getToken()).exchange().expectStatus()
+				.is2xxSuccessful();
 	}
 
 	@Test
 	public void filterWhenMultipartMixedAndEnabledThenNotRead() {
 		this.csrfFilter.setCsrfTokenRepository(this.repository);
 		this.csrfFilter.setTokenFromMultipartDataEnabled(true);
-		when(this.repository.loadToken(any()))
-				.thenReturn(Mono.just(this.token));
+		when(this.repository.loadToken(any())).thenReturn(Mono.just(this.token));
 
-		WebTestClient client = WebTestClient.bindToController(new OkController())
-				.webFilter(this.csrfFilter)
-				.build();
+		WebTestClient client = WebTestClient.bindToController(new OkController()).webFilter(this.csrfFilter).build();
 
-		client.post()
-				.uri("/")
-				.contentType(MediaType.MULTIPART_MIXED)
-				.bodyValue(this.token.getParameterName() + "="+this.token.getToken())
-				.exchange()
-				.expectStatus().isForbidden();
+		client.post().uri("/").contentType(MediaType.MULTIPART_MIXED)
+				.bodyValue(this.token.getParameterName() + "=" + this.token.getToken()).exchange().expectStatus()
+				.isForbidden();
 	}
 
 	@RestController
 	static class OkController {
+
 		@RequestMapping("/**")
 		String ok() {
 			return "ok";
 		}
+
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/server/csrf/WebSessionServerCsrfTokenRepositoryTests.java b/web/src/test/java/org/springframework/security/web/server/csrf/WebSessionServerCsrfTokenRepositoryTests.java
index 7df7a3ded4..85e3e296df 100644
--- a/web/src/test/java/org/springframework/security/web/server/csrf/WebSessionServerCsrfTokenRepositoryTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/csrf/WebSessionServerCsrfTokenRepositoryTests.java
@@ -32,6 +32,7 @@ import static org.assertj.core.api.Assertions.*;
  * @since 5.0
  */
 public class WebSessionServerCsrfTokenRepositoryTests {
+
 	private WebSessionServerCsrfTokenRepository repository = new WebSessionServerCsrfTokenRepository();
 
 	private MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/"));
@@ -40,30 +41,24 @@ public class WebSessionServerCsrfTokenRepositoryTests {
 	public void generateTokenThenNoSession() {
 		Mono<CsrfToken> result = this.repository.generateToken(this.exchange);
 
-		Mono<Boolean> isSessionStarted = this.exchange.getSession()
-			.map(WebSession::isStarted);
+		Mono<Boolean> isSessionStarted = this.exchange.getSession().map(WebSession::isStarted);
 
-		StepVerifier.create(isSessionStarted)
-			.expectNext(false)
-			.verifyComplete();
+		StepVerifier.create(isSessionStarted).expectNext(false).verifyComplete();
 	}
 
 	@Test
 	public void generateTokenWhenSubscriptionThenNoSession() {
 		Mono<CsrfToken> result = this.repository.generateToken(this.exchange);
 
-		Mono<Boolean> isSessionStarted = this.exchange.getSession()
-			.map(WebSession::isStarted);
+		Mono<Boolean> isSessionStarted = this.exchange.getSession().map(WebSession::isStarted);
 
-		StepVerifier.create(isSessionStarted)
-			.expectNext(false)
-			.verifyComplete();
+		StepVerifier.create(isSessionStarted).expectNext(false).verifyComplete();
 	}
 
 	@Test
 	public void saveTokenWhenDefaultThenAddsToSession() {
 		Mono<CsrfToken> result = this.repository.generateToken(this.exchange)
-			.delayUntil(t-> this.repository.saveToken(this.exchange, t));
+				.delayUntil(t -> this.repository.saveToken(this.exchange, t));
 		result.block();
 
 		WebSession session = this.exchange.getSession().block();
@@ -79,8 +74,7 @@ public class WebSessionServerCsrfTokenRepositoryTests {
 		CsrfToken token = this.repository.generateToken(this.exchange).block();
 
 		Mono<Void> result = this.repository.saveToken(this.exchange, null);
-		StepVerifier.create(result)
-			.verifyComplete();
+		StepVerifier.create(result).verifyComplete();
 
 		WebSession session = this.exchange.getSession().block();
 
@@ -94,4 +88,5 @@ public class WebSessionServerCsrfTokenRepositoryTests {
 		WebSession session = this.exchange.getSession().block();
 		assertThat(session.getId()).isNotEqualTo(originalSessionId);
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/server/header/CacheControlServerHttpHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/server/header/CacheControlServerHttpHeadersWriterTests.java
index bb940d97f7..954897dd6f 100644
--- a/web/src/test/java/org/springframework/security/web/server/header/CacheControlServerHttpHeadersWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/header/CacheControlServerHttpHeadersWriterTests.java
@@ -25,16 +25,15 @@ import org.springframework.mock.web.server.MockServerWebExchange;
 import org.springframework.web.server.ServerWebExchange;
 
 /**
- *
  * @author Rob Winch
  * @since 5.0
  *
  */
 public class CacheControlServerHttpHeadersWriterTests {
+
 	CacheControlServerHttpHeadersWriter writer = new CacheControlServerHttpHeadersWriter();
 
-	ServerWebExchange exchange = MockServerWebExchange
-		.from(MockServerHttpRequest.get("/").build());
+	ServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/").build());
 
 	HttpHeaders headers = exchange.getResponse().getHeaders();
 
@@ -43,12 +42,10 @@ public class CacheControlServerHttpHeadersWriterTests {
 		writer.writeHttpHeaders(exchange);
 
 		assertThat(headers).hasSize(3);
-		assertThat(headers.get(HttpHeaders.CACHE_CONTROL)).containsOnly(
-			CacheControlServerHttpHeadersWriter.CACHE_CONTRTOL_VALUE);
-		assertThat(headers.get(HttpHeaders.EXPIRES)).containsOnly(
-			CacheControlServerHttpHeadersWriter.EXPIRES_VALUE);
-		assertThat(headers.get(HttpHeaders.PRAGMA)).containsOnly(
-			CacheControlServerHttpHeadersWriter.PRAGMA_VALUE);
+		assertThat(headers.get(HttpHeaders.CACHE_CONTROL))
+				.containsOnly(CacheControlServerHttpHeadersWriter.CACHE_CONTRTOL_VALUE);
+		assertThat(headers.get(HttpHeaders.EXPIRES)).containsOnly(CacheControlServerHttpHeadersWriter.EXPIRES_VALUE);
+		assertThat(headers.get(HttpHeaders.PRAGMA)).containsOnly(CacheControlServerHttpHeadersWriter.PRAGMA_VALUE);
 	}
 
 	@Test
diff --git a/web/src/test/java/org/springframework/security/web/server/header/ClearSiteDataServerHttpHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/server/header/ClearSiteDataServerHttpHeadersWriterTests.java
index 4bbb260643..58f3e6901c 100644
--- a/web/src/test/java/org/springframework/security/web/server/header/ClearSiteDataServerHttpHeadersWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/header/ClearSiteDataServerHttpHeadersWriterTests.java
@@ -39,16 +39,14 @@ public class ClearSiteDataServerHttpHeadersWriterTests {
 
 	@Test
 	public void constructorWhenMissingDirectivesThenThrowsException() {
-		assertThatExceptionOfType(IllegalArgumentException.class)
-				.isThrownBy(ClearSiteDataServerHttpHeadersWriter::new);
+		assertThatExceptionOfType(IllegalArgumentException.class).isThrownBy(ClearSiteDataServerHttpHeadersWriter::new);
 	}
 
 	@Test
 	public void writeHttpHeadersWhenSecureConnectionThenHeaderWritten() {
 		ClearSiteDataServerHttpHeadersWriter writer = new ClearSiteDataServerHttpHeadersWriter(Directive.ALL);
-		ServerWebExchange secureExchange = MockServerWebExchange.from(
-				MockServerHttpRequest.get("https://localhost")
-						.build());
+		ServerWebExchange secureExchange = MockServerWebExchange
+				.from(MockServerHttpRequest.get("https://localhost").build());
 
 		writer.writeHttpHeaders(secureExchange);
 
@@ -58,9 +56,7 @@ public class ClearSiteDataServerHttpHeadersWriterTests {
 	@Test
 	public void writeHttpHeadersWhenInsecureConnectionThenHeaderNotWritten() {
 		ClearSiteDataServerHttpHeadersWriter writer = new ClearSiteDataServerHttpHeadersWriter(Directive.ALL);
-		ServerWebExchange insecureExchange = MockServerWebExchange.from(
-				MockServerHttpRequest.get("/")
-						.build());
+		ServerWebExchange insecureExchange = MockServerWebExchange.from(MockServerHttpRequest.get("/").build());
 
 		writer.writeHttpHeaders(insecureExchange);
 
@@ -69,11 +65,10 @@ public class ClearSiteDataServerHttpHeadersWriterTests {
 
 	@Test
 	public void writeHttpHeadersWhenMultipleDirectivesSpecifiedThenHeaderContainsAll() {
-		ClearSiteDataServerHttpHeadersWriter writer = new ClearSiteDataServerHttpHeadersWriter(
-				Directive.CACHE, Directive.COOKIES);
-		ServerWebExchange secureExchange = MockServerWebExchange.from(
-				MockServerHttpRequest.get("https://localhost")
-						.build());
+		ClearSiteDataServerHttpHeadersWriter writer = new ClearSiteDataServerHttpHeadersWriter(Directive.CACHE,
+				Directive.COOKIES);
+		ServerWebExchange secureExchange = MockServerWebExchange
+				.from(MockServerHttpRequest.get("https://localhost").build());
 
 		writer.writeHttpHeaders(secureExchange);
 
@@ -94,12 +89,11 @@ public class ClearSiteDataServerHttpHeadersWriterTests {
 			isNotNull();
 			List<String> header = getHeader();
 			String actualHeaderValue = String.join("", header);
-			String expectedHeaderVale = Stream.of(directives)
-					.map(Directive::getHeaderValue)
+			String expectedHeaderVale = Stream.of(directives).map(Directive::getHeaderValue)
 					.collect(Collectors.joining(", "));
 			if (!actualHeaderValue.equals(expectedHeaderVale)) {
-				failWithMessage("Expected to have %s as Clear-Site-Data header value but found %s",
-						expectedHeaderVale, actualHeaderValue);
+				failWithMessage("Expected to have %s as Clear-Site-Data header value but found %s", expectedHeaderVale,
+						actualHeaderValue);
 			}
 		}
 
@@ -113,8 +107,9 @@ public class ClearSiteDataServerHttpHeadersWriterTests {
 		}
 
 		List<String> getHeader() {
-			return actual.getHeaders()
-					.get(ClearSiteDataServerHttpHeadersWriter.CLEAR_SITE_DATA_HEADER);
+			return actual.getHeaders().get(ClearSiteDataServerHttpHeadersWriter.CLEAR_SITE_DATA_HEADER);
 		}
+
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/server/header/CompositeServerHttpHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/server/header/CompositeServerHttpHeadersWriterTests.java
index 9ab68a5375..84f906d8c6 100644
--- a/web/src/test/java/org/springframework/security/web/server/header/CompositeServerHttpHeadersWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/header/CompositeServerHttpHeadersWriterTests.java
@@ -37,15 +37,17 @@ import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.when;
 
 /**
- *
  * @author Rob Winch
  * @since 5.0
  */
 @RunWith(MockitoJUnitRunner.class)
 public class CompositeServerHttpHeadersWriterTests {
-	@Mock ServerHttpHeadersWriter writer1;
 
-	@Mock ServerHttpHeadersWriter writer2;
+	@Mock
+	ServerHttpHeadersWriter writer1;
+
+	@Mock
+	ServerHttpHeadersWriter writer2;
 
 	CompositeServerHttpHeadersWriter writer;
 
@@ -62,9 +64,7 @@ public class CompositeServerHttpHeadersWriterTests {
 
 		Mono<Void> result = writer.writeHttpHeaders(exchange);
 
-		StepVerifier.create(result)
-			.expectError()
-			.verify();
+		StepVerifier.create(result).expectError().verify();
 
 		verify(writer1).writeHttpHeaders(exchange);
 	}
@@ -75,9 +75,7 @@ public class CompositeServerHttpHeadersWriterTests {
 
 		Mono<Void> result = writer.writeHttpHeaders(exchange);
 
-		StepVerifier.create(result)
-			.expectError()
-			.verify();
+		StepVerifier.create(result).expectError().verify();
 
 		verify(writer1).writeHttpHeaders(exchange);
 	}
@@ -89,9 +87,7 @@ public class CompositeServerHttpHeadersWriterTests {
 
 		Mono<Void> result = writer.writeHttpHeaders(exchange);
 
-		StepVerifier.create(result)
-			.expectComplete()
-			.verify();
+		StepVerifier.create(result).expectComplete().verify();
 
 		verify(writer1).writeHttpHeaders(exchange);
 		verify(writer2).writeHttpHeaders(exchange);
@@ -101,21 +97,17 @@ public class CompositeServerHttpHeadersWriterTests {
 	public void writeHttpHeadersSequential() throws Exception {
 		AtomicBoolean slowDone = new AtomicBoolean();
 		CountDownLatch latch = new CountDownLatch(1);
-		ServerHttpHeadersWriter slow = exchange ->
-				Mono.delay(Duration.ofMillis(100))
-						.doOnSuccess(__ -> slowDone.set(true))
-						.then();
-		ServerHttpHeadersWriter second = exchange ->
-				Mono.fromRunnable(() -> {
-					latch.countDown();
-					assertThat(slowDone.get())
-							.describedAs("ServerLogoutHandler should be executed sequentially")
-							.isTrue();
-				});
+		ServerHttpHeadersWriter slow = exchange -> Mono.delay(Duration.ofMillis(100))
+				.doOnSuccess(__ -> slowDone.set(true)).then();
+		ServerHttpHeadersWriter second = exchange -> Mono.fromRunnable(() -> {
+			latch.countDown();
+			assertThat(slowDone.get()).describedAs("ServerLogoutHandler should be executed sequentially").isTrue();
+		});
 		CompositeServerHttpHeadersWriter writer = new CompositeServerHttpHeadersWriter(slow, second);
 
 		writer.writeHttpHeaders(this.exchange).block();
 
 		assertThat(latch.await(3, TimeUnit.SECONDS)).isTrue();
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/server/header/ContentSecurityPolicyServerHttpHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/server/header/ContentSecurityPolicyServerHttpHeadersWriterTests.java
index 51f98c48bf..4c844d54cd 100644
--- a/web/src/test/java/org/springframework/security/web/server/header/ContentSecurityPolicyServerHttpHeadersWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/header/ContentSecurityPolicyServerHttpHeadersWriterTests.java
@@ -60,9 +60,8 @@ public class ContentSecurityPolicyServerHttpHeadersWriterTests {
 
 		HttpHeaders headers = this.exchange.getResponse().getHeaders();
 		assertThat(headers).hasSize(1);
-		assertThat(headers.get(
-				ContentSecurityPolicyServerHttpHeadersWriter.CONTENT_SECURITY_POLICY))
-						.containsOnly(DEFAULT_POLICY_DIRECTIVES);
+		assertThat(headers.get(ContentSecurityPolicyServerHttpHeadersWriter.CONTENT_SECURITY_POLICY))
+				.containsOnly(DEFAULT_POLICY_DIRECTIVES);
 	}
 
 	@Test
@@ -73,9 +72,8 @@ public class ContentSecurityPolicyServerHttpHeadersWriterTests {
 
 		HttpHeaders headers = this.exchange.getResponse().getHeaders();
 		assertThat(headers).hasSize(1);
-		assertThat(headers.get(
-				ContentSecurityPolicyServerHttpHeadersWriter.CONTENT_SECURITY_POLICY_REPORT_ONLY))
-						.containsOnly(DEFAULT_POLICY_DIRECTIVES);
+		assertThat(headers.get(ContentSecurityPolicyServerHttpHeadersWriter.CONTENT_SECURITY_POLICY_REPORT_ONLY))
+				.containsOnly(DEFAULT_POLICY_DIRECTIVES);
 	}
 
 	@Test
@@ -90,16 +88,14 @@ public class ContentSecurityPolicyServerHttpHeadersWriterTests {
 	@Test
 	public void writeHeadersWhenAlreadyWrittenThenWritesHeader() {
 		String headerValue = "default-src https: 'self'";
-		this.exchange.getResponse().getHeaders().set(
-				ContentSecurityPolicyServerHttpHeadersWriter.CONTENT_SECURITY_POLICY,
-				headerValue);
+		this.exchange.getResponse().getHeaders()
+				.set(ContentSecurityPolicyServerHttpHeadersWriter.CONTENT_SECURITY_POLICY, headerValue);
 		this.writer.writeHttpHeaders(this.exchange);
 
 		HttpHeaders headers = this.exchange.getResponse().getHeaders();
 		assertThat(headers).hasSize(1);
-		assertThat(headers.get(
-				ContentSecurityPolicyServerHttpHeadersWriter.CONTENT_SECURITY_POLICY))
-						.containsOnly(headerValue);
+		assertThat(headers.get(ContentSecurityPolicyServerHttpHeadersWriter.CONTENT_SECURITY_POLICY))
+				.containsOnly(headerValue);
 	}
 
 }
diff --git a/web/src/test/java/org/springframework/security/web/server/header/FeaturePolicyServerHttpHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/server/header/FeaturePolicyServerHttpHeadersWriterTests.java
index c1e51c9fab..9195a1ad68 100644
--- a/web/src/test/java/org/springframework/security/web/server/header/FeaturePolicyServerHttpHeadersWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/header/FeaturePolicyServerHttpHeadersWriterTests.java
@@ -68,14 +68,12 @@ public class FeaturePolicyServerHttpHeadersWriterTests {
 	public void writeHeadersWhenAlreadyWrittenThenWritesHeader() {
 		this.writer.setPolicyDirectives(DEFAULT_POLICY_DIRECTIVES);
 		String headerValue = "camera: 'self'";
-		this.exchange.getResponse().getHeaders()
-				.set(FeaturePolicyServerHttpHeadersWriter.FEATURE_POLICY, headerValue);
+		this.exchange.getResponse().getHeaders().set(FeaturePolicyServerHttpHeadersWriter.FEATURE_POLICY, headerValue);
 		this.writer.writeHttpHeaders(this.exchange);
 
 		HttpHeaders headers = this.exchange.getResponse().getHeaders();
 		assertThat(headers).hasSize(1);
-		assertThat(headers.get(FeaturePolicyServerHttpHeadersWriter.FEATURE_POLICY))
-				.containsOnly(headerValue);
+		assertThat(headers.get(FeaturePolicyServerHttpHeadersWriter.FEATURE_POLICY)).containsOnly(headerValue);
 	}
 
 }
diff --git a/web/src/test/java/org/springframework/security/web/server/header/HttpHeaderWriterWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/header/HttpHeaderWriterWebFilterTests.java
index 3d021b2300..5dda17defd 100644
--- a/web/src/test/java/org/springframework/security/web/server/header/HttpHeaderWriterWebFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/header/HttpHeaderWriterWebFilterTests.java
@@ -34,13 +34,14 @@ import org.springframework.test.web.reactive.server.WebTestClient;
 import reactor.core.publisher.Mono;
 
 /**
- *
  * @author Rob Winch
  * @since 5.0
  */
 @RunWith(MockitoJUnitRunner.class)
 public class HttpHeaderWriterWebFilterTests {
-	@Mock ServerHttpHeadersWriter writer;
+
+	@Mock
+	ServerHttpHeadersWriter writer;
 
 	HttpHeaderWriterWebFilter filter;
 
@@ -71,4 +72,5 @@ public class HttpHeaderWriterWebFilterTests {
 
 		verify(writer).writeHttpHeaders(any());
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/server/header/ReferrerPolicyServerHttpHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/server/header/ReferrerPolicyServerHttpHeadersWriterTests.java
index 58e06947fa..1f6a0a88a7 100644
--- a/web/src/test/java/org/springframework/security/web/server/header/ReferrerPolicyServerHttpHeadersWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/header/ReferrerPolicyServerHttpHeadersWriterTests.java
@@ -68,14 +68,13 @@ public class ReferrerPolicyServerHttpHeadersWriterTests {
 	@Test
 	public void writeHeadersWhenAlreadyWrittenThenWritesHeader() {
 		String headerValue = ReferrerPolicy.SAME_ORIGIN.getPolicy();
-		this.exchange.getResponse().getHeaders()
-				.set(ReferrerPolicyServerHttpHeadersWriter.REFERRER_POLICY, headerValue);
+		this.exchange.getResponse().getHeaders().set(ReferrerPolicyServerHttpHeadersWriter.REFERRER_POLICY,
+				headerValue);
 		this.writer.writeHttpHeaders(this.exchange);
 
 		HttpHeaders headers = this.exchange.getResponse().getHeaders();
 		assertThat(headers).hasSize(1);
-		assertThat(headers.get(ReferrerPolicyServerHttpHeadersWriter.REFERRER_POLICY))
-				.containsOnly(headerValue);
+		assertThat(headers.get(ReferrerPolicyServerHttpHeadersWriter.REFERRER_POLICY)).containsOnly(headerValue);
 	}
 
 }
diff --git a/web/src/test/java/org/springframework/security/web/server/header/StaticServerHttpHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/server/header/StaticServerHttpHeadersWriterTests.java
index 7f10e88a9c..07da0c6968 100644
--- a/web/src/test/java/org/springframework/security/web/server/header/StaticServerHttpHeadersWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/header/StaticServerHttpHeadersWriterTests.java
@@ -30,11 +30,11 @@ import org.springframework.web.server.ServerWebExchange;
 public class StaticServerHttpHeadersWriterTests {
 
 	StaticServerHttpHeadersWriter writer = StaticServerHttpHeadersWriter.builder()
-			.header(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS, ContentTypeOptionsServerHttpHeadersWriter.NOSNIFF)
+			.header(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS,
+					ContentTypeOptionsServerHttpHeadersWriter.NOSNIFF)
 			.build();
 
-	ServerWebExchange exchange = MockServerWebExchange
-		.from(MockServerHttpRequest.get("/").build());
+	ServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/").build());
 
 	HttpHeaders headers = exchange.getResponse().getHeaders();
 
@@ -42,8 +42,8 @@ public class StaticServerHttpHeadersWriterTests {
 	public void writeHeadersWhenSingleHeaderThenWritesHeader() {
 		writer.writeHttpHeaders(exchange);
 
-		assertThat(headers.get(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS)).containsOnly(
-			ContentTypeOptionsServerHttpHeadersWriter.NOSNIFF);
+		assertThat(headers.get(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS))
+				.containsOnly(ContentTypeOptionsServerHttpHeadersWriter.NOSNIFF);
 	}
 
 	@Test
@@ -59,19 +59,16 @@ public class StaticServerHttpHeadersWriterTests {
 	@Test
 	public void writeHeadersWhenMultiHeaderThenWritesAllHeaders() {
 		writer = StaticServerHttpHeadersWriter.builder()
-					.header(HttpHeaders.CACHE_CONTROL, CacheControlServerHttpHeadersWriter.CACHE_CONTRTOL_VALUE)
-					.header(HttpHeaders.PRAGMA,  CacheControlServerHttpHeadersWriter.PRAGMA_VALUE)
-					.header(HttpHeaders.EXPIRES,  CacheControlServerHttpHeadersWriter.EXPIRES_VALUE)
-					.build();
+				.header(HttpHeaders.CACHE_CONTROL, CacheControlServerHttpHeadersWriter.CACHE_CONTRTOL_VALUE)
+				.header(HttpHeaders.PRAGMA, CacheControlServerHttpHeadersWriter.PRAGMA_VALUE)
+				.header(HttpHeaders.EXPIRES, CacheControlServerHttpHeadersWriter.EXPIRES_VALUE).build();
 
 		writer.writeHttpHeaders(exchange);
 
-		assertThat(headers.get(HttpHeaders.CACHE_CONTROL)).containsOnly(
-			CacheControlServerHttpHeadersWriter.CACHE_CONTRTOL_VALUE);
-		assertThat(headers.get(HttpHeaders.PRAGMA)).containsOnly(
-			CacheControlServerHttpHeadersWriter.PRAGMA_VALUE);
-		assertThat(headers.get(HttpHeaders.EXPIRES)).containsOnly(
-			CacheControlServerHttpHeadersWriter.EXPIRES_VALUE);
+		assertThat(headers.get(HttpHeaders.CACHE_CONTROL))
+				.containsOnly(CacheControlServerHttpHeadersWriter.CACHE_CONTRTOL_VALUE);
+		assertThat(headers.get(HttpHeaders.PRAGMA)).containsOnly(CacheControlServerHttpHeadersWriter.PRAGMA_VALUE);
+		assertThat(headers.get(HttpHeaders.EXPIRES)).containsOnly(CacheControlServerHttpHeadersWriter.EXPIRES_VALUE);
 	}
 
 	@Test
@@ -80,14 +77,14 @@ public class StaticServerHttpHeadersWriterTests {
 		headers.set(HttpHeaders.CACHE_CONTROL, headerValue);
 
 		writer = StaticServerHttpHeadersWriter.builder()
-					.header(HttpHeaders.CACHE_CONTROL, CacheControlServerHttpHeadersWriter.CACHE_CONTRTOL_VALUE)
-					.header(HttpHeaders.PRAGMA,  CacheControlServerHttpHeadersWriter.PRAGMA_VALUE)
-					.header(HttpHeaders.EXPIRES,  CacheControlServerHttpHeadersWriter.EXPIRES_VALUE)
-					.build();
+				.header(HttpHeaders.CACHE_CONTROL, CacheControlServerHttpHeadersWriter.CACHE_CONTRTOL_VALUE)
+				.header(HttpHeaders.PRAGMA, CacheControlServerHttpHeadersWriter.PRAGMA_VALUE)
+				.header(HttpHeaders.EXPIRES, CacheControlServerHttpHeadersWriter.EXPIRES_VALUE).build();
 
 		writer.writeHttpHeaders(exchange);
 
 		assertThat(headers).hasSize(1);
 		assertThat(headers.get(HttpHeaders.CACHE_CONTROL)).containsOnly(headerValue);
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/server/header/StrictTransportSecurityServerHttpHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/server/header/StrictTransportSecurityServerHttpHeadersWriterTests.java
index c65e5d61f5..3dd3837d2c 100644
--- a/web/src/test/java/org/springframework/security/web/server/header/StrictTransportSecurityServerHttpHeadersWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/header/StrictTransportSecurityServerHttpHeadersWriterTests.java
@@ -31,6 +31,7 @@ import org.springframework.web.server.ServerWebExchange;
  * @since 5.0
  */
 public class StrictTransportSecurityServerHttpHeadersWriterTests {
+
 	StrictTransportSecurityServerHttpHeadersWriter hsts = new StrictTransportSecurityServerHttpHeadersWriter();
 
 	ServerWebExchange exchange;
@@ -97,4 +98,5 @@ public class StrictTransportSecurityServerHttpHeadersWriterTests {
 	private static MockServerWebExchange exchange(MockServerHttpRequest.BaseBuilder<?> request) {
 		return MockServerWebExchange.from(request.build());
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/server/header/XContentTypeOptionsServerHttpHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/server/header/XContentTypeOptionsServerHttpHeadersWriterTests.java
index b4c7933628..6d55368ded 100644
--- a/web/src/test/java/org/springframework/security/web/server/header/XContentTypeOptionsServerHttpHeadersWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/header/XContentTypeOptionsServerHttpHeadersWriterTests.java
@@ -31,8 +31,7 @@ public class XContentTypeOptionsServerHttpHeadersWriterTests {
 
 	ContentTypeOptionsServerHttpHeadersWriter writer = new ContentTypeOptionsServerHttpHeadersWriter();
 
-	ServerWebExchange exchange = MockServerWebExchange
-		.from(MockServerHttpRequest.get("/").build());
+	ServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/").build());
 
 	HttpHeaders headers = exchange.getResponse().getHeaders();
 
@@ -41,8 +40,8 @@ public class XContentTypeOptionsServerHttpHeadersWriterTests {
 		writer.writeHttpHeaders(exchange);
 
 		assertThat(headers).hasSize(1);
-		assertThat(headers.get(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS)).containsOnly(
-			ContentTypeOptionsServerHttpHeadersWriter.NOSNIFF);
+		assertThat(headers.get(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS))
+				.containsOnly(ContentTypeOptionsServerHttpHeadersWriter.NOSNIFF);
 	}
 
 	@Test
@@ -55,4 +54,5 @@ public class XContentTypeOptionsServerHttpHeadersWriterTests {
 		assertThat(headers).hasSize(1);
 		assertThat(headers.get(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS)).containsOnly(headerValue);
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/server/header/XFrameOptionsServerHttpHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/server/header/XFrameOptionsServerHttpHeadersWriterTests.java
index b7faf6db83..5a14f035e9 100644
--- a/web/src/test/java/org/springframework/security/web/server/header/XFrameOptionsServerHttpHeadersWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/header/XFrameOptionsServerHttpHeadersWriterTests.java
@@ -85,4 +85,5 @@ public class XFrameOptionsServerHttpHeadersWriterTests {
 	private static MockServerWebExchange exchange(MockServerHttpRequest.BaseBuilder<?> request) {
 		return MockServerWebExchange.from(request.build());
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/server/header/XXssProtectionServerHttpHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/server/header/XXssProtectionServerHttpHeadersWriterTests.java
index 9f0fe38d85..bdab85dd4c 100644
--- a/web/src/test/java/org/springframework/security/web/server/header/XXssProtectionServerHttpHeadersWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/header/XXssProtectionServerHttpHeadersWriterTests.java
@@ -28,6 +28,7 @@ import org.springframework.web.server.ServerWebExchange;
  * @since 5.0
  */
 public class XXssProtectionServerHttpHeadersWriterTests {
+
 	ServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/").build());
 
 	HttpHeaders headers = exchange.getResponse().getHeaders();
diff --git a/web/src/test/java/org/springframework/security/web/server/jackson2/DefaultCsrfServerTokenMixinTests.java b/web/src/test/java/org/springframework/security/web/server/jackson2/DefaultCsrfServerTokenMixinTests.java
index 25351cc4a3..e45155428e 100644
--- a/web/src/test/java/org/springframework/security/web/server/jackson2/DefaultCsrfServerTokenMixinTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/jackson2/DefaultCsrfServerTokenMixinTests.java
@@ -70,4 +70,5 @@ public class DefaultCsrfServerTokenMixinTests extends AbstractMixinTests {
 		String tokenJson = "{\"@class\": \"org.springframework.security.web.server.csrf.DefaultCsrfToken\", \"headerName\": \"\", \"parameterName\": null, \"token\": \"1\"}";
 		mapper.readValue(tokenJson, DefaultCsrfToken.class);
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/server/savedrequest/CookieServerRequestCacheTests.java b/web/src/test/java/org/springframework/security/web/server/savedrequest/CookieServerRequestCacheTests.java
index c8b6be0e6f..e78bde705a 100644
--- a/web/src/test/java/org/springframework/security/web/server/savedrequest/CookieServerRequestCacheTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/savedrequest/CookieServerRequestCacheTests.java
@@ -36,6 +36,7 @@ import static org.assertj.core.api.Assertions.assertThat;
  * @author Eleftheria Stein
  */
 public class CookieServerRequestCacheTests {
+
 	private CookieServerRequestCache cache = new CookieServerRequestCache();
 
 	@Test
@@ -49,7 +50,8 @@ public class CookieServerRequestCacheTests {
 		ResponseCookie cookie = cookies.getFirst("REDIRECT_URI");
 		assertThat(cookie).isNotNull();
 		String encodedRedirectUrl = Base64.getEncoder().encodeToString("/secured/".getBytes());
-		assertThat(cookie.toString()).isEqualTo("REDIRECT_URI=" + encodedRedirectUrl + "; Path=/; HttpOnly; SameSite=Lax");
+		assertThat(cookie.toString())
+				.isEqualTo("REDIRECT_URI=" + encodedRedirectUrl + "; Path=/; HttpOnly; SameSite=Lax");
 	}
 
 	@Test
@@ -63,7 +65,8 @@ public class CookieServerRequestCacheTests {
 		ResponseCookie cookie = cookies.getFirst("REDIRECT_URI");
 		assertThat(cookie).isNotNull();
 		String encodedRedirectUrl = Base64.getEncoder().encodeToString("/secured/?key=value".getBytes());
-		assertThat(cookie.toString()).isEqualTo("REDIRECT_URI=" + encodedRedirectUrl + "; Path=/; HttpOnly; SameSite=Lax");
+		assertThat(cookie.toString())
+				.isEqualTo("REDIRECT_URI=" + encodedRedirectUrl + "; Path=/; HttpOnly; SameSite=Lax");
 	}
 
 	@Test
@@ -96,14 +99,15 @@ public class CookieServerRequestCacheTests {
 		assertThat(cookie).isNotNull();
 
 		String encodedRedirectUrl = Base64.getEncoder().encodeToString("/secured/".getBytes());
-		assertThat(cookie.toString()).isEqualTo("REDIRECT_URI=" + encodedRedirectUrl + "; Path=/; HttpOnly; SameSite=Lax");
+		assertThat(cookie.toString())
+				.isEqualTo("REDIRECT_URI=" + encodedRedirectUrl + "; Path=/; HttpOnly; SameSite=Lax");
 	}
 
 	@Test
 	public void getRedirectUriWhenCookieThenReturnsRedirectUriFromCookie() {
 		String encodedRedirectUrl = Base64.getEncoder().encodeToString("/secured/".getBytes());
-		MockServerWebExchange exchange = MockServerWebExchange
-				.from(MockServerHttpRequest.get("/secured/").accept(MediaType.TEXT_HTML).cookie(new HttpCookie("REDIRECT_URI", encodedRedirectUrl)));
+		MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/secured/")
+				.accept(MediaType.TEXT_HTML).cookie(new HttpCookie("REDIRECT_URI", encodedRedirectUrl)));
 
 		URI redirectUri = this.cache.getRedirectUri(exchange).block();
 
@@ -112,8 +116,8 @@ public class CookieServerRequestCacheTests {
 
 	@Test
 	public void getRedirectUriWhenCookieValueNotEncodedThenRedirectUriIsNull() {
-		MockServerWebExchange exchange = MockServerWebExchange
-				.from(MockServerHttpRequest.get("/secured/").accept(MediaType.TEXT_HTML).cookie(new HttpCookie("REDIRECT_URI", "/secured/")));
+		MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/secured/")
+				.accept(MediaType.TEXT_HTML).cookie(new HttpCookie("REDIRECT_URI", "/secured/")));
 
 		URI redirectUri = this.cache.getRedirectUri(exchange).block();
 
@@ -132,14 +136,16 @@ public class CookieServerRequestCacheTests {
 
 	@Test
 	public void removeMatchingRequestThenRedirectUriCookieExpired() {
-		MockServerWebExchange exchange = MockServerWebExchange
-				.from(MockServerHttpRequest.get("/secured/").accept(MediaType.TEXT_HTML).cookie(new HttpCookie("REDIRECT_URI", "/secured/")));
+		MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/secured/")
+				.accept(MediaType.TEXT_HTML).cookie(new HttpCookie("REDIRECT_URI", "/secured/")));
 
 		this.cache.removeMatchingRequest(exchange).block();
 
 		MultiValueMap<String, ResponseCookie> cookies = exchange.getResponse().getCookies();
 		ResponseCookie cookie = cookies.getFirst("REDIRECT_URI");
 		assertThat(cookie).isNotNull();
-		assertThat(cookie.toString()).isEqualTo("REDIRECT_URI=; Path=/; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:00 GMT; HttpOnly; SameSite=Lax");
+		assertThat(cookie.toString()).isEqualTo(
+				"REDIRECT_URI=; Path=/; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:00 GMT; HttpOnly; SameSite=Lax");
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/server/savedrequest/ServerRequestCacheWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/savedrequest/ServerRequestCacheWebFilterTests.java
index 0c6245a407..c67896f152 100644
--- a/web/src/test/java/org/springframework/security/web/server/savedrequest/ServerRequestCacheWebFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/savedrequest/ServerRequestCacheWebFilterTests.java
@@ -44,6 +44,7 @@ import static org.mockito.Mockito.when;
  */
 @RunWith(MockitoJUnitRunner.class)
 public class ServerRequestCacheWebFilterTests {
+
 	private ServerRequestCacheWebFilter requestCacheFilter;
 
 	@Mock
@@ -88,4 +89,5 @@ public class ServerRequestCacheWebFilterTests {
 		ServerWebExchange updatedExchange = exchangeCaptor.getValue();
 		assertThat(updatedExchange.getRequest()).isEqualTo(initialRequest);
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/server/savedrequest/WebSessionServerRequestCacheTests.java b/web/src/test/java/org/springframework/security/web/server/savedrequest/WebSessionServerRequestCacheTests.java
index 7a1f0bb6c8..b300390cef 100644
--- a/web/src/test/java/org/springframework/security/web/server/savedrequest/WebSessionServerRequestCacheTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/savedrequest/WebSessionServerRequestCacheTests.java
@@ -32,11 +32,13 @@ import static org.assertj.core.api.Assertions.*;
  * @since 5.0
  */
 public class WebSessionServerRequestCacheTests {
+
 	private WebSessionServerRequestCache cache = new WebSessionServerRequestCache();
 
 	@Test
 	public void saveRequestGetRequestWhenGetThenFound() {
-		MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/secured/").accept(MediaType.TEXT_HTML));
+		MockServerWebExchange exchange = MockServerWebExchange
+				.from(MockServerHttpRequest.get("/secured/").accept(MediaType.TEXT_HTML));
 		this.cache.saveRequest(exchange).block();
 
 		URI saved = this.cache.getRedirectUri(exchange).block();
@@ -46,7 +48,8 @@ public class WebSessionServerRequestCacheTests {
 
 	@Test
 	public void saveRequestGetRequestWithQueryParamsWhenGetThenFound() {
-		MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/secured/").queryParam("key", "value").accept(MediaType.TEXT_HTML));
+		MockServerWebExchange exchange = MockServerWebExchange
+				.from(MockServerHttpRequest.get("/secured/").queryParam("key", "value").accept(MediaType.TEXT_HTML));
 		this.cache.saveRequest(exchange).block();
 
 		URI saved = this.cache.getRedirectUri(exchange).block();
@@ -56,7 +59,8 @@ public class WebSessionServerRequestCacheTests {
 
 	@Test
 	public void saveRequestGetRequestWhenFaviconThenNotFound() {
-		MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/favicon.png").accept(MediaType.TEXT_HTML));
+		MockServerWebExchange exchange = MockServerWebExchange
+				.from(MockServerHttpRequest.get("/favicon.png").accept(MediaType.TEXT_HTML));
 		this.cache.saveRequest(exchange).block();
 
 		URI saved = this.cache.getRedirectUri(exchange).block();
@@ -85,7 +89,8 @@ public class WebSessionServerRequestCacheTests {
 
 	@Test
 	public void saveRequestRemoveRequestWhenThenFound() {
-		MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/secured/").accept(MediaType.TEXT_HTML));
+		MockServerWebExchange exchange = MockServerWebExchange
+				.from(MockServerHttpRequest.get("/secured/").accept(MediaType.TEXT_HTML));
 		this.cache.saveRequest(exchange).block();
 
 		ServerHttpRequest saved = this.cache.removeMatchingRequest(exchange).block();
@@ -102,4 +107,5 @@ public class WebSessionServerRequestCacheTests {
 
 		assertThat(this.cache.getRedirectUri(exchange).block()).isNull();
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/server/transport/HttpsRedirectWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/transport/HttpsRedirectWebFilterTests.java
index 094558d2dd..0601e3c8d7 100644
--- a/web/src/test/java/org/springframework/security/web/server/transport/HttpsRedirectWebFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/transport/HttpsRedirectWebFilterTests.java
@@ -45,6 +45,7 @@ import static org.mockito.Mockito.when;
  */
 @RunWith(MockitoJUnitRunner.class)
 public class HttpsRedirectWebFilterTests {
+
 	HttpsRedirectWebFilter filter;
 
 	@Mock
@@ -74,8 +75,7 @@ public class HttpsRedirectWebFilterTests {
 	@Test
 	public void filterWhenExchangeMismatchesThenNoRedirect() {
 		ServerWebExchangeMatcher matcher = mock(ServerWebExchangeMatcher.class);
-		when(matcher.matches(any(ServerWebExchange.class)))
-				.thenReturn(ServerWebExchangeMatcher.MatchResult.notMatch());
+		when(matcher.matches(any(ServerWebExchange.class))).thenReturn(ServerWebExchangeMatcher.MatchResult.notMatch());
 		this.filter.setRequiresHttpsRedirectMatcher(matcher);
 
 		ServerWebExchange exchange = get("http://localhost:8080");
@@ -86,8 +86,7 @@ public class HttpsRedirectWebFilterTests {
 	@Test
 	public void filterWhenExchangeMatchesAndRequestIsInsecureThenRedirects() {
 		ServerWebExchangeMatcher matcher = mock(ServerWebExchangeMatcher.class);
-		when(matcher.matches(any(ServerWebExchange.class)))
-				.thenReturn(ServerWebExchangeMatcher.MatchResult.match());
+		when(matcher.matches(any(ServerWebExchange.class))).thenReturn(ServerWebExchangeMatcher.MatchResult.match());
 		this.filter.setRequiresHttpsRedirectMatcher(matcher);
 
 		ServerWebExchange exchange = get("http://localhost:8080");
@@ -135,13 +134,11 @@ public class HttpsRedirectWebFilterTests {
 
 	@Test
 	public void setPortMapperWhenSetWithNullValueThenThrowsIllegalArgument() {
-		assertThatCode(() -> this.filter.setPortMapper(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatCode(() -> this.filter.setPortMapper(null)).isInstanceOf(IllegalArgumentException.class);
 	}
 
 	private String redirectedUrl(ServerWebExchange exchange) {
-		return exchange.getResponse().getHeaders().get(HttpHeaders.LOCATION)
-				.iterator().next();
+		return exchange.getResponse().getHeaders().get(HttpHeaders.LOCATION).iterator().next();
 	}
 
 	private int statusCode(ServerWebExchange exchange) {
@@ -149,7 +146,7 @@ public class HttpsRedirectWebFilterTests {
 	}
 
 	private ServerWebExchange get(String uri) {
-		return MockServerWebExchange.from(
-				MockServerHttpRequest.get(uri).build());
+		return MockServerWebExchange.from(MockServerHttpRequest.get(uri).build());
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/server/ui/LoginPageGeneratingWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/ui/LoginPageGeneratingWebFilterTests.java
index eeea8229df..cd837d12eb 100644
--- a/web/src/test/java/org/springframework/security/web/server/ui/LoginPageGeneratingWebFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/ui/LoginPageGeneratingWebFilterTests.java
@@ -23,7 +23,6 @@ import reactor.core.publisher.Mono;
 
 import static org.assertj.core.api.Assertions.assertThat;
 
-
 public class LoginPageGeneratingWebFilterTests {
 
 	@Test
@@ -31,7 +30,8 @@ public class LoginPageGeneratingWebFilterTests {
 		LoginPageGeneratingWebFilter filter = new LoginPageGeneratingWebFilter();
 		filter.setFormLoginEnabled(true);
 
-		MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/test/login").contextPath("/test"));
+		MockServerWebExchange exchange = MockServerWebExchange
+				.from(MockServerHttpRequest.get("/test/login").contextPath("/test"));
 
 		filter.filter(exchange, e -> Mono.empty()).block();
 
@@ -49,4 +49,5 @@ public class LoginPageGeneratingWebFilterTests {
 
 		assertThat(exchange.getResponse().getBodyAsString().block()).contains("action=\"/login\"");
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/server/util/matcher/AndServerWebExchangeMatcherTests.java b/web/src/test/java/org/springframework/security/web/server/util/matcher/AndServerWebExchangeMatcherTests.java
index b289fc49b8..08962aed37 100644
--- a/web/src/test/java/org/springframework/security/web/server/util/matcher/AndServerWebExchangeMatcherTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/util/matcher/AndServerWebExchangeMatcherTests.java
@@ -37,10 +37,13 @@ import static org.mockito.Mockito.when;
  */
 @RunWith(MockitoJUnitRunner.class)
 public class AndServerWebExchangeMatcherTests {
+
 	@Mock
 	ServerWebExchange exchange;
+
 	@Mock
 	ServerWebExchangeMatcher matcher1;
+
 	@Mock
 	ServerWebExchangeMatcher matcher2;
 
diff --git a/web/src/test/java/org/springframework/security/web/server/util/matcher/MediaTypeServerWebExchangeMatcherTests.java b/web/src/test/java/org/springframework/security/web/server/util/matcher/MediaTypeServerWebExchangeMatcherTests.java
index 2bb70c5b39..b01d0bd778 100644
--- a/web/src/test/java/org/springframework/security/web/server/util/matcher/MediaTypeServerWebExchangeMatcherTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/util/matcher/MediaTypeServerWebExchangeMatcherTests.java
@@ -33,6 +33,7 @@ import static org.assertj.core.api.Assertions.assertThat;
  * @since 5.0
  */
 public class MediaTypeServerWebExchangeMatcherTests {
+
 	private MediaTypeServerWebExchangeMatcher matcher;
 
 	@Test(expected = IllegalArgumentException.class)
@@ -87,7 +88,8 @@ public class MediaTypeServerWebExchangeMatcherTests {
 
 	@Test
 	public void matchWhenDefaultResolverAndAcceptImpliedThenMatch() {
-		MediaTypeServerWebExchangeMatcher matcher = new MediaTypeServerWebExchangeMatcher(MediaType.parseMediaTypes("text/*"));
+		MediaTypeServerWebExchangeMatcher matcher = new MediaTypeServerWebExchangeMatcher(
+				MediaType.parseMediaTypes("text/*"));
 
 		assertThat(matcher.matches(exchange(MediaType.TEXT_HTML)).block().isMatch()).isTrue();
 	}
@@ -103,4 +105,5 @@ public class MediaTypeServerWebExchangeMatcherTests {
 	private static ServerWebExchange exchange(MediaType... accept) {
 		return MockServerWebExchange.from(MockServerHttpRequest.get("/").accept(accept).build());
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/server/util/matcher/NegatedServerWebExchangeMatcherTests.java b/web/src/test/java/org/springframework/security/web/server/util/matcher/NegatedServerWebExchangeMatcherTests.java
index 83d1fae0c2..8472deec8c 100644
--- a/web/src/test/java/org/springframework/security/web/server/util/matcher/NegatedServerWebExchangeMatcherTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/util/matcher/NegatedServerWebExchangeMatcherTests.java
@@ -33,8 +33,10 @@ import static org.mockito.Mockito.when;
  */
 @RunWith(MockitoJUnitRunner.class)
 public class NegatedServerWebExchangeMatcherTests {
+
 	@Mock
 	ServerWebExchange exchange;
+
 	@Mock
 	ServerWebExchangeMatcher matcher1;
 
@@ -68,4 +70,5 @@ public class NegatedServerWebExchangeMatcherTests {
 
 		verify(matcher1).matches(exchange);
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/server/util/matcher/OrServerWebExchangeMatcherTests.java b/web/src/test/java/org/springframework/security/web/server/util/matcher/OrServerWebExchangeMatcherTests.java
index 8de5898c1e..474befda73 100644
--- a/web/src/test/java/org/springframework/security/web/server/util/matcher/OrServerWebExchangeMatcherTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/util/matcher/OrServerWebExchangeMatcherTests.java
@@ -31,17 +31,19 @@ import static org.mockito.Mockito.never;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.when;
 
-
 /**
  * @author Rob Winch
  * @since 5.0
  */
 @RunWith(MockitoJUnitRunner.class)
 public class OrServerWebExchangeMatcherTests {
+
 	@Mock
 	ServerWebExchange exchange;
+
 	@Mock
 	ServerWebExchangeMatcher matcher1;
+
 	@Mock
 	ServerWebExchangeMatcher matcher2;
 
@@ -94,4 +96,5 @@ public class OrServerWebExchangeMatcherTests {
 		verify(matcher1).matches(exchange);
 		verify(matcher2).matches(exchange);
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/server/util/matcher/PathMatcherServerWebExchangeMatcherTests.java b/web/src/test/java/org/springframework/security/web/server/util/matcher/PathMatcherServerWebExchangeMatcherTests.java
index 5652d2b946..643642ce5e 100644
--- a/web/src/test/java/org/springframework/security/web/server/util/matcher/PathMatcherServerWebExchangeMatcherTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/util/matcher/PathMatcherServerWebExchangeMatcherTests.java
@@ -40,12 +40,17 @@ import static org.mockito.Mockito.when;
  */
 @RunWith(MockitoJUnitRunner.class)
 public class PathMatcherServerWebExchangeMatcherTests {
+
 	@Mock
 	PathPattern pattern;
+
 	@Mock
 	PathPattern.PathMatchInfo pathMatchInfo;
+
 	MockServerWebExchange exchange;
+
 	PathPatternParserServerWebExchangeMatcher matcher;
+
 	String path;
 
 	@Before
@@ -105,4 +110,5 @@ public class PathMatcherServerWebExchangeMatcherTests {
 
 		verifyZeroInteractions(pattern);
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/server/util/matcher/ServerWebExchangeMatchersTests.java b/web/src/test/java/org/springframework/security/web/server/util/matcher/ServerWebExchangeMatchersTests.java
index a216521ac6..2259b222cc 100644
--- a/web/src/test/java/org/springframework/security/web/server/util/matcher/ServerWebExchangeMatchersTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/util/matcher/ServerWebExchangeMatchersTests.java
@@ -33,8 +33,8 @@ import static org.springframework.security.web.server.util.matcher.ServerWebExch
  * @since 5.0
  */
 public class ServerWebExchangeMatchersTests {
-	ServerWebExchange exchange = MockServerWebExchange
-		.from(MockServerHttpRequest.get("/").build());
+
+	ServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/").build());
 
 	@Test
 	public void pathMatchersWhenSingleAndSamePatternThenMatches() {
@@ -43,12 +43,14 @@ public class ServerWebExchangeMatchersTests {
 
 	@Test
 	public void pathMatchersWhenSingleAndSamePatternAndMethodThenMatches() {
-		assertThat(ServerWebExchangeMatchers.pathMatchers(HttpMethod.GET, "/").matches(exchange).block().isMatch()).isTrue();
+		assertThat(ServerWebExchangeMatchers.pathMatchers(HttpMethod.GET, "/").matches(exchange).block().isMatch())
+				.isTrue();
 	}
 
 	@Test
 	public void pathMatchersWhenSingleAndSamePatternAndDiffMethodThenDoesNotMatch() {
-		assertThat(ServerWebExchangeMatchers.pathMatchers(HttpMethod.POST, "/").matches(exchange).block().isMatch()).isFalse();
+		assertThat(ServerWebExchangeMatchers.pathMatchers(HttpMethod.POST, "/").matches(exchange).block().isMatch())
+				.isFalse();
 	}
 
 	@Test
@@ -71,10 +73,9 @@ public class ServerWebExchangeMatchersTests {
 	}
 
 	/**
-	 * If a LinkedMap is used and anyRequest equals anyRequest then the following is added:
-	 * anyRequest() -> authenticated()
-	 * pathMatchers("/admin/**") -> hasRole("ADMIN")
-	 * anyRequest() -> permitAll
+	 * If a LinkedMap is used and anyRequest equals anyRequest then the following is
+	 * added: anyRequest() -> authenticated() pathMatchers("/admin/**") ->
+	 * hasRole("ADMIN") anyRequest() -> permitAll
 	 *
 	 * will result in the first entry being overridden
 	 */
@@ -82,4 +83,5 @@ public class ServerWebExchangeMatchersTests {
 	public void anyExchangeWhenTwoCreatedThenDifferentToPreventIssuesInMap() {
 		assertThat(anyExchange()).isNotEqualTo(anyExchange());
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/servlet/support/csrf/CsrfRequestDataValueProcessorTests.java b/web/src/test/java/org/springframework/security/web/servlet/support/csrf/CsrfRequestDataValueProcessorTests.java
index eac675d557..aee1a59306 100644
--- a/web/src/test/java/org/springframework/security/web/servlet/support/csrf/CsrfRequestDataValueProcessorTests.java
+++ b/web/src/test/java/org/springframework/security/web/servlet/support/csrf/CsrfRequestDataValueProcessorTests.java
@@ -34,11 +34,13 @@ import org.springframework.web.servlet.support.RequestDataValueProcessor;
  *
  */
 public class CsrfRequestDataValueProcessorTests {
+
 	private MockHttpServletRequest request;
 
 	private CsrfRequestDataValueProcessor processor;
 
 	private CsrfToken token;
+
 	private Map<String, String> expected = new HashMap<>();
 
 	@Before
@@ -54,14 +56,12 @@ public class CsrfRequestDataValueProcessorTests {
 
 	@Test
 	public void assertAllMethodsDeclared() {
-		Method[] expectedMethods = ReflectionUtils
-				.getAllDeclaredMethods(RequestDataValueProcessor.class);
+		Method[] expectedMethods = ReflectionUtils.getAllDeclaredMethods(RequestDataValueProcessor.class);
 		for (Method expected : expectedMethods) {
-			assertThat(
-					ReflectionUtils.findMethod(CsrfRequestDataValueProcessor.class,
-							expected.getName(), expected.getParameterTypes())).as(
-					"Expected to find " + expected + " defined on "
-							+ CsrfRequestDataValueProcessor.class).isNotNull();
+			assertThat(ReflectionUtils.findMethod(CsrfRequestDataValueProcessor.class, expected.getName(),
+					expected.getParameterTypes()))
+							.as("Expected to find " + expected + " defined on " + CsrfRequestDataValueProcessor.class)
+							.isNotNull();
 		}
 	}
 
@@ -115,8 +115,7 @@ public class CsrfRequestDataValueProcessorTests {
 	@Test
 	public void processFormFieldValue() {
 		String value = "action";
-		assertThat(processor.processFormFieldValue(request, "name", value, "hidden"))
-				.isEqualTo(value);
+		assertThat(processor.processFormFieldValue(request, "name", value, "hidden")).isEqualTo(value);
 	}
 
 	@Test
@@ -135,4 +134,5 @@ public class CsrfRequestDataValueProcessorTests {
 		RequestDataValueProcessor processor = new CsrfRequestDataValueProcessor();
 		assertThat(processor.getExtraHiddenFields(request)).isEqualTo(expected);
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/servlet/util/matcher/MvcRequestMatcherTests.java b/web/src/test/java/org/springframework/security/web/servlet/util/matcher/MvcRequestMatcherTests.java
index 630a922c5b..09d9eec0ca 100644
--- a/web/src/test/java/org/springframework/security/web/servlet/util/matcher/MvcRequestMatcherTests.java
+++ b/web/src/test/java/org/springframework/security/web/servlet/util/matcher/MvcRequestMatcherTests.java
@@ -44,14 +44,19 @@ import static org.mockito.Mockito.when;
  */
 @RunWith(MockitoJUnitRunner.class)
 public class MvcRequestMatcherTests {
+
 	@Mock
 	HandlerMappingIntrospector introspector;
+
 	@Mock
 	MatchableHandlerMapping mapping;
+
 	@Mock
 	RequestMatchResult result;
+
 	@Captor
 	ArgumentCaptor<String> pattern;
+
 	MockHttpServletRequest request;
 
 	MvcRequestMatcher matcher;
@@ -69,20 +74,15 @@ public class MvcRequestMatcherTests {
 		this.matcher = new MvcRequestMatcher(this.introspector, "/{p}");
 		when(this.introspector.getMatchableHandlerMapping(this.request)).thenReturn(null);
 
-		assertThat(this.matcher.extractUriTemplateVariables(this.request))
-				.containsEntry("p", "path");
-		assertThat(this.matcher.matcher(this.request).getVariables())
-				.containsEntry("p", "path");
+		assertThat(this.matcher.extractUriTemplateVariables(this.request)).containsEntry("p", "path");
+		assertThat(this.matcher.matcher(this.request).getVariables()).containsEntry("p", "path");
 	}
 
 	@Test
 	public void extractUriTemplateVariablesFail() throws Exception {
-		when(this.result.extractUriTemplateVariables())
-				.thenReturn(Collections.<String, String>emptyMap());
-		when(this.introspector.getMatchableHandlerMapping(this.request))
-				.thenReturn(this.mapping);
-		when(this.mapping.match(eq(this.request), this.pattern.capture()))
-				.thenReturn(this.result);
+		when(this.result.extractUriTemplateVariables()).thenReturn(Collections.<String, String>emptyMap());
+		when(this.introspector.getMatchableHandlerMapping(this.request)).thenReturn(this.mapping);
+		when(this.mapping.match(eq(this.request), this.pattern.capture())).thenReturn(this.result);
 
 		assertThat(this.matcher.extractUriTemplateVariables(this.request)).isEmpty();
 		assertThat(this.matcher.matcher(this.request).getVariables()).isEmpty();
@@ -93,10 +93,8 @@ public class MvcRequestMatcherTests {
 		this.matcher = new MvcRequestMatcher(this.introspector, "/{p}");
 		when(this.introspector.getMatchableHandlerMapping(this.request)).thenReturn(null);
 
-		assertThat(this.matcher.extractUriTemplateVariables(this.request))
-				.containsEntry("p", "path");
-		assertThat(this.matcher.matcher(this.request).getVariables())
-				.containsEntry("p", "path");
+		assertThat(this.matcher.extractUriTemplateVariables(this.request)).containsEntry("p", "path");
+		assertThat(this.matcher.matcher(this.request).getVariables()).containsEntry("p", "path");
 	}
 
 	@Test
@@ -110,10 +108,8 @@ public class MvcRequestMatcherTests {
 
 	@Test
 	public void matchesServletPathTrue() throws Exception {
-		when(this.introspector.getMatchableHandlerMapping(this.request))
-				.thenReturn(this.mapping);
-		when(this.mapping.match(eq(this.request), this.pattern.capture()))
-				.thenReturn(this.result);
+		when(this.introspector.getMatchableHandlerMapping(this.request)).thenReturn(this.mapping);
+		when(this.mapping.match(eq(this.request), this.pattern.capture())).thenReturn(this.result);
 		this.matcher.setServletPath("/spring");
 		this.request.setServletPath("/spring");
 
@@ -131,10 +127,8 @@ public class MvcRequestMatcherTests {
 
 	@Test
 	public void matchesPathOnlyTrue() throws Exception {
-		when(this.introspector.getMatchableHandlerMapping(this.request))
-				.thenReturn(this.mapping);
-		when(this.mapping.match(eq(this.request), this.pattern.capture()))
-				.thenReturn(this.result);
+		when(this.introspector.getMatchableHandlerMapping(this.request)).thenReturn(this.mapping);
+		when(this.mapping.match(eq(this.request), this.pattern.capture())).thenReturn(this.result);
 
 		assertThat(this.matcher.matches(this.request)).isTrue();
 		assertThat(this.pattern.getValue()).isEqualTo("/path");
@@ -157,8 +151,7 @@ public class MvcRequestMatcherTests {
 
 	@Test
 	public void matchesPathOnlyFalse() throws Exception {
-		when(this.introspector.getMatchableHandlerMapping(this.request))
-				.thenReturn(this.mapping);
+		when(this.introspector.getMatchableHandlerMapping(this.request)).thenReturn(this.mapping);
 
 		assertThat(this.matcher.matches(this.request)).isFalse();
 	}
@@ -166,10 +159,8 @@ public class MvcRequestMatcherTests {
 	@Test
 	public void matchesMethodAndPathTrue() throws Exception {
 		this.matcher.setMethod(HttpMethod.GET);
-		when(this.introspector.getMatchableHandlerMapping(this.request))
-				.thenReturn(this.mapping);
-		when(this.mapping.match(eq(this.request), this.pattern.capture()))
-				.thenReturn(this.result);
+		when(this.introspector.getMatchableHandlerMapping(this.request)).thenReturn(this.mapping);
+		when(this.mapping.match(eq(this.request), this.pattern.capture())).thenReturn(this.result);
 
 		assertThat(this.matcher.matches(this.request)).isTrue();
 		assertThat(this.pattern.getValue()).isEqualTo("/path");
@@ -202,8 +193,7 @@ public class MvcRequestMatcherTests {
 	@Test
 	public void matchesMethodAndPathFalsePath() throws Exception {
 		this.matcher.setMethod(HttpMethod.GET);
-		when(this.introspector.getMatchableHandlerMapping(this.request))
-				.thenReturn(this.mapping);
+		when(this.introspector.getMatchableHandlerMapping(this.request)).thenReturn(this.mapping);
 
 		assertThat(this.matcher.matches(this.request)).isFalse();
 	}
@@ -215,8 +205,8 @@ public class MvcRequestMatcherTests {
 
 	@Test
 	public void matchesGetMatchableHandlerMappingThrows() throws Exception {
-		when(this.introspector.getMatchableHandlerMapping(this.request)).thenThrow(
-				new HttpRequestMethodNotSupportedException(this.request.getMethod()));
+		when(this.introspector.getMatchableHandlerMapping(this.request))
+				.thenThrow(new HttpRequestMethodNotSupportedException(this.request.getMethod()));
 		assertThat(this.matcher.matches(this.request)).isTrue();
 	}
 
@@ -246,4 +236,5 @@ public class MvcRequestMatcherTests {
 	public void toStringWhenOnlyPattern() {
 		assertThat(this.matcher.toString()).isEqualTo("Mvc [pattern='/path']");
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestFilterTests.java b/web/src/test/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestFilterTests.java
index c731ae8c96..8c0ec8c93f 100644
--- a/web/src/test/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestFilterTests.java
@@ -120,15 +120,12 @@ public class SecurityContextHolderAwareRequestFilterTests {
 	public void expectedRequestWrapperClassIsUsed() throws Exception {
 		this.filter.setRolePrefix("ROLE_");
 
-		this.filter.doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(),
-				this.filterChain);
+		this.filter.doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(), this.filterChain);
 
 		// Now re-execute the filter, ensuring our replacement wrapper is still used
-		this.filter.doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(),
-				this.filterChain);
+		this.filter.doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(), this.filterChain);
 
-		verify(this.filterChain, times(2)).doFilter(
-				any(SecurityContextHolderAwareRequestWrapper.class),
+		verify(this.filterChain, times(2)).doFilter(any(SecurityContextHolderAwareRequestWrapper.class),
 				any(HttpServletResponse.class));
 
 		this.filter.destroy();
@@ -137,20 +134,19 @@ public class SecurityContextHolderAwareRequestFilterTests {
 	@Test
 	public void authenticateFalse() throws Exception {
 		assertThat(wrappedRequest().authenticate(this.response)).isFalse();
-		verify(this.authenticationEntryPoint).commence(eq(this.requestCaptor.getValue()),
-				eq(this.response), any(AuthenticationException.class));
+		verify(this.authenticationEntryPoint).commence(eq(this.requestCaptor.getValue()), eq(this.response),
+				any(AuthenticationException.class));
 		verifyZeroInteractions(this.authenticationManager, this.logoutHandler);
 		verify(this.request, times(0)).authenticate(any(HttpServletResponse.class));
 	}
 
 	@Test
 	public void authenticateTrue() throws Exception {
-		SecurityContextHolder.getContext().setAuthentication(
-				new TestingAuthenticationToken("test", "password", "ROLE_USER"));
+		SecurityContextHolder.getContext()
+				.setAuthentication(new TestingAuthenticationToken("test", "password", "ROLE_USER"));
 
 		assertThat(wrappedRequest().authenticate(this.response)).isTrue();
-		verifyZeroInteractions(this.authenticationEntryPoint, this.authenticationManager,
-				this.logoutHandler);
+		verifyZeroInteractions(this.authenticationEntryPoint, this.authenticationManager, this.logoutHandler);
 		verify(this.request, times(0)).authenticate(any(HttpServletResponse.class));
 	}
 
@@ -161,8 +157,7 @@ public class SecurityContextHolderAwareRequestFilterTests {
 
 		assertThat(wrappedRequest().authenticate(this.response)).isFalse();
 		verify(this.request).authenticate(this.response);
-		verifyZeroInteractions(this.authenticationEntryPoint, this.authenticationManager,
-				this.logoutHandler);
+		verifyZeroInteractions(this.authenticationEntryPoint, this.authenticationManager, this.logoutHandler);
 	}
 
 	@Test
@@ -173,23 +168,18 @@ public class SecurityContextHolderAwareRequestFilterTests {
 
 		assertThat(wrappedRequest().authenticate(this.response)).isTrue();
 		verify(this.request).authenticate(this.response);
-		verifyZeroInteractions(this.authenticationEntryPoint, this.authenticationManager,
-				this.logoutHandler);
+		verifyZeroInteractions(this.authenticationEntryPoint, this.authenticationManager, this.logoutHandler);
 	}
 
 	@Test
 	public void login() throws Exception {
-		TestingAuthenticationToken expectedAuth = new TestingAuthenticationToken("user",
-				"password", "ROLE_USER");
-		when(this.authenticationManager
-				.authenticate(any(UsernamePasswordAuthenticationToken.class)))
-						.thenReturn(expectedAuth);
+		TestingAuthenticationToken expectedAuth = new TestingAuthenticationToken("user", "password", "ROLE_USER");
+		when(this.authenticationManager.authenticate(any(UsernamePasswordAuthenticationToken.class)))
+				.thenReturn(expectedAuth);
 
-		wrappedRequest().login(expectedAuth.getName(),
-				String.valueOf(expectedAuth.getCredentials()));
+		wrappedRequest().login(expectedAuth.getName(), String.valueOf(expectedAuth.getCredentials()));
 
-		assertThat(SecurityContextHolder.getContext().getAuthentication())
-				.isSameAs(expectedAuth);
+		assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(expectedAuth);
 		verifyZeroInteractions(this.authenticationEntryPoint, this.logoutHandler);
 		verify(this.request, times(0)).login(anyString(), anyString());
 	}
@@ -197,22 +187,17 @@ public class SecurityContextHolderAwareRequestFilterTests {
 	// SEC-2296
 	@Test
 	public void loginWithExistingUser() throws Exception {
-		TestingAuthenticationToken expectedAuth = new TestingAuthenticationToken("user",
-				"password", "ROLE_USER");
-		when(this.authenticationManager
-				.authenticate(any(UsernamePasswordAuthenticationToken.class)))
-						.thenReturn(new TestingAuthenticationToken("newuser",
-								"not be found", "ROLE_USER"));
+		TestingAuthenticationToken expectedAuth = new TestingAuthenticationToken("user", "password", "ROLE_USER");
+		when(this.authenticationManager.authenticate(any(UsernamePasswordAuthenticationToken.class)))
+				.thenReturn(new TestingAuthenticationToken("newuser", "not be found", "ROLE_USER"));
 		SecurityContextHolder.getContext().setAuthentication(expectedAuth);
 
 		try {
-			wrappedRequest().login(expectedAuth.getName(),
-					String.valueOf(expectedAuth.getCredentials()));
+			wrappedRequest().login(expectedAuth.getName(), String.valueOf(expectedAuth.getCredentials()));
 			fail("Expected Exception");
 		}
 		catch (ServletException success) {
-			assertThat(SecurityContextHolder.getContext().getAuthentication())
-					.isSameAs(expectedAuth);
+			assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(expectedAuth);
 			verifyZeroInteractions(this.authenticationEntryPoint, this.logoutHandler);
 			verify(this.request, times(0)).login(anyString(), anyString());
 		}
@@ -221,9 +206,8 @@ public class SecurityContextHolderAwareRequestFilterTests {
 	@Test
 	public void loginFail() throws Exception {
 		AuthenticationException authException = new BadCredentialsException("Invalid");
-		when(this.authenticationManager
-				.authenticate(any(UsernamePasswordAuthenticationToken.class)))
-						.thenThrow(authException);
+		when(this.authenticationManager.authenticate(any(UsernamePasswordAuthenticationToken.class)))
+				.thenThrow(authException);
 
 		try {
 			wrappedRequest().login("invalid", "credentials");
@@ -249,8 +233,7 @@ public class SecurityContextHolderAwareRequestFilterTests {
 		wrappedRequest().login(username, password);
 
 		verify(this.request).login(username, password);
-		verifyZeroInteractions(this.authenticationEntryPoint, this.authenticationManager,
-				this.logoutHandler);
+		verifyZeroInteractions(this.authenticationEntryPoint, this.authenticationManager, this.logoutHandler);
 	}
 
 	@Test
@@ -271,14 +254,12 @@ public class SecurityContextHolderAwareRequestFilterTests {
 			assertThat(success).isEqualTo(authException);
 		}
 
-		verifyZeroInteractions(this.authenticationEntryPoint, this.authenticationManager,
-				this.logoutHandler);
+		verifyZeroInteractions(this.authenticationEntryPoint, this.authenticationManager, this.logoutHandler);
 	}
 
 	@Test
 	public void logout() throws Exception {
-		TestingAuthenticationToken expectedAuth = new TestingAuthenticationToken("user",
-				"password", "ROLE_USER");
+		TestingAuthenticationToken expectedAuth = new TestingAuthenticationToken("user", "password", "ROLE_USER");
 		SecurityContextHolder.getContext().setAuthentication(expectedAuth);
 
 		HttpServletRequest wrappedRequest = wrappedRequest();
@@ -297,8 +278,7 @@ public class SecurityContextHolderAwareRequestFilterTests {
 		wrappedRequest().logout();
 
 		verify(this.request).logout();
-		verifyZeroInteractions(this.authenticationEntryPoint, this.authenticationManager,
-				this.logoutHandler);
+		verifyZeroInteractions(this.authenticationEntryPoint, this.authenticationManager, this.logoutHandler);
 	}
 
 	// gh-3780
@@ -311,8 +291,7 @@ public class SecurityContextHolderAwareRequestFilterTests {
 	public void getAsyncContextStart() throws Exception {
 		ArgumentCaptor<Runnable> runnableCaptor = ArgumentCaptor.forClass(Runnable.class);
 		SecurityContext context = SecurityContextHolder.createEmptyContext();
-		TestingAuthenticationToken expectedAuth = new TestingAuthenticationToken("user",
-				"password", "ROLE_USER");
+		TestingAuthenticationToken expectedAuth = new TestingAuthenticationToken("user", "password", "ROLE_USER");
 		context.setAuthentication(expectedAuth);
 		SecurityContextHolder.setContext(context);
 		AsyncContext asyncContext = mock(AsyncContext.class);
@@ -326,9 +305,7 @@ public class SecurityContextHolderAwareRequestFilterTests {
 		verify(asyncContext).start(runnableCaptor.capture());
 		DelegatingSecurityContextRunnable wrappedRunnable = (DelegatingSecurityContextRunnable) runnableCaptor
 				.getValue();
-		assertThat(
-				ReflectionTestUtils.getField(wrappedRunnable, "delegateSecurityContext"))
-						.isEqualTo(context);
+		assertThat(ReflectionTestUtils.getField(wrappedRunnable, "delegateSecurityContext")).isEqualTo(context);
 		assertThat(ReflectionTestUtils.getField(wrappedRunnable, "delegate"));
 	}
 
@@ -336,8 +313,7 @@ public class SecurityContextHolderAwareRequestFilterTests {
 	public void startAsyncStart() throws Exception {
 		ArgumentCaptor<Runnable> runnableCaptor = ArgumentCaptor.forClass(Runnable.class);
 		SecurityContext context = SecurityContextHolder.createEmptyContext();
-		TestingAuthenticationToken expectedAuth = new TestingAuthenticationToken("user",
-				"password", "ROLE_USER");
+		TestingAuthenticationToken expectedAuth = new TestingAuthenticationToken("user", "password", "ROLE_USER");
 		context.setAuthentication(expectedAuth);
 		SecurityContextHolder.setContext(context);
 		AsyncContext asyncContext = mock(AsyncContext.class);
@@ -351,9 +327,7 @@ public class SecurityContextHolderAwareRequestFilterTests {
 		verify(asyncContext).start(runnableCaptor.capture());
 		DelegatingSecurityContextRunnable wrappedRunnable = (DelegatingSecurityContextRunnable) runnableCaptor
 				.getValue();
-		assertThat(
-			ReflectionTestUtils.getField(wrappedRunnable, "delegateSecurityContext"))
-						.isEqualTo(context);
+		assertThat(ReflectionTestUtils.getField(wrappedRunnable, "delegateSecurityContext")).isEqualTo(context);
 		assertThat(ReflectionTestUtils.getField(wrappedRunnable, "delegate"));
 	}
 
@@ -361,13 +335,11 @@ public class SecurityContextHolderAwareRequestFilterTests {
 	public void startAsyncWithRequestResponseStart() throws Exception {
 		ArgumentCaptor<Runnable> runnableCaptor = ArgumentCaptor.forClass(Runnable.class);
 		SecurityContext context = SecurityContextHolder.createEmptyContext();
-		TestingAuthenticationToken expectedAuth = new TestingAuthenticationToken("user",
-				"password", "ROLE_USER");
+		TestingAuthenticationToken expectedAuth = new TestingAuthenticationToken("user", "password", "ROLE_USER");
 		context.setAuthentication(expectedAuth);
 		SecurityContextHolder.setContext(context);
 		AsyncContext asyncContext = mock(AsyncContext.class);
-		when(this.request.startAsync(this.request, this.response))
-				.thenReturn(asyncContext);
+		when(this.request.startAsync(this.request, this.response)).thenReturn(asyncContext);
 		Runnable runnable = () -> {
 		};
 
@@ -377,17 +349,15 @@ public class SecurityContextHolderAwareRequestFilterTests {
 		verify(asyncContext).start(runnableCaptor.capture());
 		DelegatingSecurityContextRunnable wrappedRunnable = (DelegatingSecurityContextRunnable) runnableCaptor
 				.getValue();
-		assertThat(
-			ReflectionTestUtils.getField(wrappedRunnable, "delegateSecurityContext"))
-						.isEqualTo(context);
+		assertThat(ReflectionTestUtils.getField(wrappedRunnable, "delegateSecurityContext")).isEqualTo(context);
 		assertThat(ReflectionTestUtils.getField(wrappedRunnable, "delegate"));
 	}
 
 	// SEC-3047
 	@Test
 	public void updateRequestFactory() throws Exception {
-		SecurityContextHolder.getContext().setAuthentication(
-				new TestingAuthenticationToken("user", "password", "PREFIX_USER"));
+		SecurityContextHolder.getContext()
+				.setAuthentication(new TestingAuthenticationToken("user", "password", "PREFIX_USER"));
 		this.filter.setRolePrefix("PREFIX_");
 
 		assertThat(wrappedRequest().isUserInRole("PREFIX_USER")).isTrue();
@@ -395,8 +365,7 @@ public class SecurityContextHolderAwareRequestFilterTests {
 
 	private HttpServletRequest wrappedRequest() throws Exception {
 		this.filter.doFilter(this.request, this.response, this.filterChain);
-		verify(this.filterChain).doFilter(this.requestCaptor.capture(),
-				any(HttpServletResponse.class));
+		verify(this.filterChain).doFilter(this.requestCaptor.capture(), any(HttpServletResponse.class));
 
 		return this.requestCaptor.getValue();
 	}
diff --git a/web/src/test/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestWrapperTests.java b/web/src/test/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestWrapperTests.java
index 58a1c656ff..d15db55802 100644
--- a/web/src/test/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestWrapperTests.java
+++ b/web/src/test/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestWrapperTests.java
@@ -48,8 +48,7 @@ public class SecurityContextHolderAwareRequestWrapperTests {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setRequestURI("/");
 
-		SecurityContextHolderAwareRequestWrapper wrapper = new SecurityContextHolderAwareRequestWrapper(
-				request, "");
+		SecurityContextHolderAwareRequestWrapper wrapper = new SecurityContextHolderAwareRequestWrapper(request, "");
 
 		assertThat(wrapper.getRemoteUser()).isEqualTo("rod");
 		assertThat(wrapper.isUserInRole("ROLE_FOO")).isTrue();
@@ -65,8 +64,8 @@ public class SecurityContextHolderAwareRequestWrapperTests {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setRequestURI("/");
 
-		SecurityContextHolderAwareRequestWrapper wrapper = new SecurityContextHolderAwareRequestWrapper(
-				request, "ROLE_");
+		SecurityContextHolderAwareRequestWrapper wrapper = new SecurityContextHolderAwareRequestWrapper(request,
+				"ROLE_");
 
 		assertThat(wrapper.isUserInRole("FOO")).isTrue();
 	}
@@ -74,16 +73,14 @@ public class SecurityContextHolderAwareRequestWrapperTests {
 	@Test
 	public void testCorrectOperationWithUserDetailsBasedPrincipal() {
 		Authentication auth = new TestingAuthenticationToken(
-				new User("rodAsUserDetails", "koala", true, true, true, true,
-						AuthorityUtils.NO_AUTHORITIES),
-				"koala", "ROLE_HELLO", "ROLE_FOOBAR");
+				new User("rodAsUserDetails", "koala", true, true, true, true, AuthorityUtils.NO_AUTHORITIES), "koala",
+				"ROLE_HELLO", "ROLE_FOOBAR");
 		SecurityContextHolder.getContext().setAuthentication(auth);
 
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setRequestURI("/");
 
-		SecurityContextHolderAwareRequestWrapper wrapper = new SecurityContextHolderAwareRequestWrapper(
-				request, "");
+		SecurityContextHolderAwareRequestWrapper wrapper = new SecurityContextHolderAwareRequestWrapper(request, "");
 
 		assertThat(wrapper.getRemoteUser()).isEqualTo("rodAsUserDetails");
 		assertThat(wrapper.isUserInRole("ROLE_FOO")).isFalse();
@@ -100,8 +97,7 @@ public class SecurityContextHolderAwareRequestWrapperTests {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setRequestURI("/");
 
-		SecurityContextHolderAwareRequestWrapper wrapper = new SecurityContextHolderAwareRequestWrapper(
-				request, "");
+		SecurityContextHolderAwareRequestWrapper wrapper = new SecurityContextHolderAwareRequestWrapper(request, "");
 		assertThat(wrapper.getRemoteUser()).isNull();
 		assertThat(wrapper.isUserInRole("ROLE_ANY")).isFalse();
 		assertThat(wrapper.getUserPrincipal()).isNull();
@@ -109,15 +105,13 @@ public class SecurityContextHolderAwareRequestWrapperTests {
 
 	@Test
 	public void testRolesArentHeldIfAuthenticationPrincipalIsNull() {
-		Authentication auth = new TestingAuthenticationToken(null, "koala", "ROLE_HELLO",
-				"ROLE_FOOBAR");
+		Authentication auth = new TestingAuthenticationToken(null, "koala", "ROLE_HELLO", "ROLE_FOOBAR");
 		SecurityContextHolder.getContext().setAuthentication(auth);
 
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setRequestURI("/");
 
-		SecurityContextHolderAwareRequestWrapper wrapper = new SecurityContextHolderAwareRequestWrapper(
-				request, "");
+		SecurityContextHolderAwareRequestWrapper wrapper = new SecurityContextHolderAwareRequestWrapper(request, "");
 
 		assertThat(wrapper.getRemoteUser()).isNull();
 		assertThat(wrapper.isUserInRole("ROLE_HELLO")).isFalse(); // principal is null, so
@@ -129,14 +123,13 @@ public class SecurityContextHolderAwareRequestWrapperTests {
 
 	@Test
 	public void testRolePrefix() {
-		Authentication auth = new TestingAuthenticationToken("user", "koala",
-				"ROLE_HELLO", "ROLE_FOOBAR");
+		Authentication auth = new TestingAuthenticationToken("user", "koala", "ROLE_HELLO", "ROLE_FOOBAR");
 		SecurityContextHolder.getContext().setAuthentication(auth);
 
 		MockHttpServletRequest request = new MockHttpServletRequest();
 
-		SecurityContextHolderAwareRequestWrapper wrapper = new SecurityContextHolderAwareRequestWrapper(
-				request, "ROLE_");
+		SecurityContextHolderAwareRequestWrapper wrapper = new SecurityContextHolderAwareRequestWrapper(request,
+				"ROLE_");
 
 		assertThat(wrapper.isUserInRole("HELLO")).isTrue();
 		assertThat(wrapper.isUserInRole("FOOBAR")).isTrue();
@@ -145,16 +138,16 @@ public class SecurityContextHolderAwareRequestWrapperTests {
 	// SEC-3020
 	@Test
 	public void testRolePrefixNotAppliedIfRoleStartsWith() {
-		Authentication auth = new TestingAuthenticationToken("user", "koala",
-				"ROLE_HELLO", "ROLE_FOOBAR");
+		Authentication auth = new TestingAuthenticationToken("user", "koala", "ROLE_HELLO", "ROLE_FOOBAR");
 		SecurityContextHolder.getContext().setAuthentication(auth);
 
 		MockHttpServletRequest request = new MockHttpServletRequest();
 
-		SecurityContextHolderAwareRequestWrapper wrapper = new SecurityContextHolderAwareRequestWrapper(
-				request, "ROLE_");
+		SecurityContextHolderAwareRequestWrapper wrapper = new SecurityContextHolderAwareRequestWrapper(request,
+				"ROLE_");
 
 		assertThat(wrapper.isUserInRole("ROLE_HELLO")).isTrue();
 		assertThat(wrapper.isUserInRole("ROLE_FOOBAR")).isTrue();
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/session/DefaultSessionAuthenticationStrategyTests.java b/web/src/test/java/org/springframework/security/web/session/DefaultSessionAuthenticationStrategyTests.java
index 3fd780609a..9a9f81c63b 100644
--- a/web/src/test/java/org/springframework/security/web/session/DefaultSessionAuthenticationStrategyTests.java
+++ b/web/src/test/java/org/springframework/security/web/session/DefaultSessionAuthenticationStrategyTests.java
@@ -33,7 +33,6 @@ import org.springframework.security.web.authentication.session.SessionFixationPr
 import org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy;
 
 /**
- *
  * @author Luke Taylor
  */
 public class DefaultSessionAuthenticationStrategyTests {
@@ -43,8 +42,7 @@ public class DefaultSessionAuthenticationStrategyTests {
 		SessionFixationProtectionStrategy strategy = new SessionFixationProtectionStrategy();
 		HttpServletRequest request = new MockHttpServletRequest();
 
-		strategy.onAuthentication(mock(Authentication.class), request,
-				new MockHttpServletResponse());
+		strategy.onAuthentication(mock(Authentication.class), request, new MockHttpServletResponse());
 
 		assertThat(request.getSession(false)).isNull();
 	}
@@ -55,8 +53,7 @@ public class DefaultSessionAuthenticationStrategyTests {
 		HttpServletRequest request = new MockHttpServletRequest();
 		String sessionId = request.getSession().getId();
 
-		strategy.onAuthentication(mock(Authentication.class), request,
-				new MockHttpServletResponse());
+		strategy.onAuthentication(mock(Authentication.class), request, new MockHttpServletResponse());
 
 		assertThat(sessionId.equals(request.getSession().getId())).isFalse();
 	}
@@ -76,22 +73,18 @@ public class DefaultSessionAuthenticationStrategyTests {
 
 		Authentication mockAuthentication = mock(Authentication.class);
 
-		strategy.onAuthentication(mockAuthentication, request,
-				new MockHttpServletResponse());
+		strategy.onAuthentication(mockAuthentication, request, new MockHttpServletResponse());
 
-		ArgumentCaptor<ApplicationEvent> eventArgumentCaptor = ArgumentCaptor
-				.forClass(ApplicationEvent.class);
+		ArgumentCaptor<ApplicationEvent> eventArgumentCaptor = ArgumentCaptor.forClass(ApplicationEvent.class);
 		verify(eventPublisher).publishEvent(eventArgumentCaptor.capture());
 
 		assertThat(oldSessionId.equals(request.getSession().getId())).isFalse();
 		assertThat(request.getSession().getAttribute("blah")).isNotNull();
-		assertThat(request.getSession().getAttribute(
-				"SPRING_SECURITY_SAVED_REQUEST_KEY")).isNotNull();
+		assertThat(request.getSession().getAttribute("SPRING_SECURITY_SAVED_REQUEST_KEY")).isNotNull();
 
 		assertThat(eventArgumentCaptor.getValue()).isNotNull();
 		assertThat(eventArgumentCaptor.getValue() instanceof SessionFixationProtectionEvent).isTrue();
-		SessionFixationProtectionEvent event = (SessionFixationProtectionEvent) eventArgumentCaptor
-				.getValue();
+		SessionFixationProtectionEvent event = (SessionFixationProtectionEvent) eventArgumentCaptor.getValue();
 		assertThat(event.getOldSessionId()).isEqualTo(oldSessionId);
 		assertThat(event.getNewSessionId()).isEqualTo(request.getSession().getId());
 		assertThat(event.getAuthentication()).isSameAs(mockAuthentication);
@@ -107,12 +100,10 @@ public class DefaultSessionAuthenticationStrategyTests {
 		session.setAttribute("blah", "blah");
 		session.setAttribute("SPRING_SECURITY_SAVED_REQUEST_KEY", "DefaultSavedRequest");
 
-		strategy.onAuthentication(mock(Authentication.class), request,
-				new MockHttpServletResponse());
+		strategy.onAuthentication(mock(Authentication.class), request, new MockHttpServletResponse());
 
 		assertThat(request.getSession().getAttribute("blah")).isNull();
-		assertThat(request.getSession().getAttribute(
-				"SPRING_SECURITY_SAVED_REQUEST_KEY")).isNotNull();
+		assertThat(request.getSession().getAttribute("SPRING_SECURITY_SAVED_REQUEST_KEY")).isNotNull();
 	}
 
 	// SEC-2002
@@ -131,21 +122,17 @@ public class DefaultSessionAuthenticationStrategyTests {
 
 		Authentication mockAuthentication = mock(Authentication.class);
 
-		strategy.onAuthentication(mockAuthentication, request,
-				new MockHttpServletResponse());
+		strategy.onAuthentication(mockAuthentication, request, new MockHttpServletResponse());
 
-		ArgumentCaptor<ApplicationEvent> eventArgumentCaptor = ArgumentCaptor
-				.forClass(ApplicationEvent.class);
+		ArgumentCaptor<ApplicationEvent> eventArgumentCaptor = ArgumentCaptor.forClass(ApplicationEvent.class);
 		verify(eventPublisher).publishEvent(eventArgumentCaptor.capture());
 
 		assertThat(request.getSession().getAttribute("blah")).isNull();
-		assertThat(request.getSession().getAttribute(
-				"SPRING_SECURITY_SAVED_REQUEST_KEY")).isNotNull();
+		assertThat(request.getSession().getAttribute("SPRING_SECURITY_SAVED_REQUEST_KEY")).isNotNull();
 
 		assertThat(eventArgumentCaptor.getValue()).isNotNull();
 		assertThat(eventArgumentCaptor.getValue() instanceof SessionFixationProtectionEvent).isTrue();
-		SessionFixationProtectionEvent event = (SessionFixationProtectionEvent) eventArgumentCaptor
-				.getValue();
+		SessionFixationProtectionEvent event = (SessionFixationProtectionEvent) eventArgumentCaptor.getValue();
 		assertThat(event.getOldSessionId()).isEqualTo(oldSessionId);
 		assertThat(event.getNewSessionId()).isEqualTo(request.getSession().getId());
 		assertThat(event.getAuthentication()).isSameAs(mockAuthentication);
@@ -156,8 +143,7 @@ public class DefaultSessionAuthenticationStrategyTests {
 		SessionFixationProtectionStrategy strategy = new SessionFixationProtectionStrategy();
 		strategy.setAlwaysCreateSession(true);
 		HttpServletRequest request = new MockHttpServletRequest();
-		strategy.onAuthentication(mock(Authentication.class), request,
-				new MockHttpServletResponse());
+		strategy.onAuthentication(mock(Authentication.class), request, new MockHttpServletResponse());
 		assertThat(request.getSession(false)).isNotNull();
 	}
 
@@ -170,8 +156,7 @@ public class DefaultSessionAuthenticationStrategyTests {
 
 		Authentication mockAuthentication = mock(Authentication.class);
 
-		strategy.onAuthentication(mockAuthentication, request,
-				new MockHttpServletResponse());
+		strategy.onAuthentication(mockAuthentication, request, new MockHttpServletResponse());
 
 		assertThat(request.getSession().getMaxInactiveInterval()).isEqualTo(1);
 	}
@@ -186,9 +171,9 @@ public class DefaultSessionAuthenticationStrategyTests {
 
 		Authentication mockAuthentication = mock(Authentication.class);
 
-		strategy.onAuthentication(mockAuthentication, request,
-				new MockHttpServletResponse());
+		strategy.onAuthentication(mockAuthentication, request, new MockHttpServletResponse());
 
 		assertThat(request.getSession().getMaxInactiveInterval()).isNotEqualTo(1);
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/session/HttpSessionDestroyedEventTests.java b/web/src/test/java/org/springframework/security/web/session/HttpSessionDestroyedEventTests.java
index 5c487e3e44..5804fe9213 100644
--- a/web/src/test/java/org/springframework/security/web/session/HttpSessionDestroyedEventTests.java
+++ b/web/src/test/java/org/springframework/security/web/session/HttpSessionDestroyedEventTests.java
@@ -27,7 +27,6 @@ import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.core.context.SecurityContextImpl;
 
 /**
- *
  * @author Rob Winch
  *
  */
@@ -68,4 +67,5 @@ public class HttpSessionDestroyedEventTests {
 		assertThat(securityContexts).hasSize(1);
 		assertThat(securityContexts.get(0)).isSameAs(session.getAttribute("context"));
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/session/HttpSessionEventPublisherTests.java b/web/src/test/java/org/springframework/security/web/session/HttpSessionEventPublisherTests.java
index 6c7f6abe5d..03336ec164 100644
--- a/web/src/test/java/org/springframework/security/web/session/HttpSessionEventPublisherTests.java
+++ b/web/src/test/java/org/springframework/security/web/session/HttpSessionEventPublisherTests.java
@@ -32,6 +32,7 @@ import org.springframework.web.context.support.StaticWebApplicationContext;
  * @author Ray Krueger
  */
 public class HttpSessionEventPublisherTests {
+
 	// ~ Methods
 	// ========================================================================================================
 
@@ -45,17 +46,14 @@ public class HttpSessionEventPublisherTests {
 		StaticWebApplicationContext context = new StaticWebApplicationContext();
 
 		MockServletContext servletContext = new MockServletContext();
-		servletContext.setAttribute(
-				StaticWebApplicationContext.ROOT_WEB_APPLICATION_CONTEXT_ATTRIBUTE,
-				context);
+		servletContext.setAttribute(StaticWebApplicationContext.ROOT_WEB_APPLICATION_CONTEXT_ATTRIBUTE, context);
 
 		context.setServletContext(servletContext);
 		context.registerSingleton("listener", MockApplicationListener.class, null);
 		context.refresh();
 
 		MockHttpSession session = new MockHttpSession(servletContext);
-		MockApplicationListener listener = (MockApplicationListener) context
-				.getBean("listener");
+		MockApplicationListener listener = (MockApplicationListener) context.getBean("listener");
 
 		HttpSessionEvent event = new HttpSessionEvent(session);
 
@@ -86,17 +84,14 @@ public class HttpSessionEventPublisherTests {
 		StaticWebApplicationContext context = new StaticWebApplicationContext();
 
 		MockServletContext servletContext = new MockServletContext();
-		servletContext.setAttribute(
-				"org.springframework.web.servlet.FrameworkServlet.CONTEXT.dispatcher",
-				context);
+		servletContext.setAttribute("org.springframework.web.servlet.FrameworkServlet.CONTEXT.dispatcher", context);
 
 		context.setServletContext(servletContext);
 		context.registerSingleton("listener", MockApplicationListener.class, null);
 		context.refresh();
 
 		MockHttpSession session = new MockHttpSession(servletContext);
-		MockApplicationListener listener = (MockApplicationListener) context
-				.getBean("listener");
+		MockApplicationListener listener = (MockApplicationListener) context.getBean("listener");
 
 		HttpSessionEvent event = new HttpSessionEvent(session);
 
@@ -151,4 +146,5 @@ public class HttpSessionEventPublisherTests {
 
 		publisher.sessionIdChanged(event, "oldSessionId");
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/session/MockApplicationListener.java b/web/src/test/java/org/springframework/security/web/session/MockApplicationListener.java
index 8035a67dde..b9e97ede57 100644
--- a/web/src/test/java/org/springframework/security/web/session/MockApplicationListener.java
+++ b/web/src/test/java/org/springframework/security/web/session/MockApplicationListener.java
@@ -27,11 +27,14 @@ import org.springframework.security.web.session.HttpSessionDestroyedEvent;
  * @author Ray Krueger
  */
 public class MockApplicationListener implements ApplicationListener<ApplicationEvent> {
+
 	// ~ Instance fields
 	// ================================================================================================
 
 	private HttpSessionCreatedEvent createdEvent;
+
 	private HttpSessionDestroyedEvent destroyedEvent;
+
 	private HttpSessionIdChangedEvent sessionIdChangedEvent;
 
 	// ~ Methods
@@ -72,4 +75,5 @@ public class MockApplicationListener implements ApplicationListener<ApplicationE
 	public HttpSessionIdChangedEvent getSessionIdChangedEvent() {
 		return sessionIdChangedEvent;
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/session/SessionInformationExpiredEventTests.java b/web/src/test/java/org/springframework/security/web/session/SessionInformationExpiredEventTests.java
index 561cb033e5..51fcf650e3 100644
--- a/web/src/test/java/org/springframework/security/web/session/SessionInformationExpiredEventTests.java
+++ b/web/src/test/java/org/springframework/security/web/session/SessionInformationExpiredEventTests.java
@@ -37,12 +37,14 @@ public class SessionInformationExpiredEventTests {
 
 	@Test(expected = IllegalArgumentException.class)
 	public void constructorWhenRequestNullThenThrowsException() {
-		new SessionInformationExpiredEvent(new SessionInformation("fake", "sessionId", new Date()), null, new MockHttpServletResponse());
+		new SessionInformationExpiredEvent(new SessionInformation("fake", "sessionId", new Date()), null,
+				new MockHttpServletResponse());
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void constructorWhenResponseNullThenThrowsException() {
-		new SessionInformationExpiredEvent(new SessionInformation("fake", "sessionId", new Date()), new MockHttpServletRequest(), null);
+		new SessionInformationExpiredEvent(new SessionInformation("fake", "sessionId", new Date()),
+				new MockHttpServletRequest(), null);
 	}
 
 }
diff --git a/web/src/test/java/org/springframework/security/web/session/SessionManagementFilterTests.java b/web/src/test/java/org/springframework/security/web/session/SessionManagementFilterTests.java
index 47ecb0f939..0ea3a7b883 100644
--- a/web/src/test/java/org/springframework/security/web/session/SessionManagementFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/session/SessionManagementFilterTests.java
@@ -48,8 +48,7 @@ public class SessionManagementFilterTests {
 	}
 
 	@Test
-	public void newSessionShouldNotBeCreatedIfSessionExistsAndUserIsNotAuthenticated()
-			throws Exception {
+	public void newSessionShouldNotBeCreatedIfSessionExistsAndUserIsNotAuthenticated() throws Exception {
 		SecurityContextRepository repo = mock(SecurityContextRepository.class);
 		SessionManagementFilter filter = new SessionManagementFilter(repo);
 		HttpServletRequest request = new MockHttpServletRequest();
@@ -61,8 +60,7 @@ public class SessionManagementFilterTests {
 	}
 
 	@Test
-	public void strategyIsNotInvokedIfSecurityContextAlreadyExistsForRequest()
-			throws Exception {
+	public void strategyIsNotInvokedIfSecurityContextAlreadyExistsForRequest() throws Exception {
 		SecurityContextRepository repo = mock(SecurityContextRepository.class);
 		SessionAuthenticationStrategy strategy = mock(SessionAuthenticationStrategy.class);
 		// mock that repo contains a security context
@@ -99,8 +97,8 @@ public class SessionManagementFilterTests {
 
 		filter.doFilter(request, new MockHttpServletResponse(), new MockFilterChain());
 
-		verify(strategy).onAuthentication(any(Authentication.class),
-				any(HttpServletRequest.class), any(HttpServletResponse.class));
+		verify(strategy).onAuthentication(any(Authentication.class), any(HttpServletRequest.class),
+				any(HttpServletResponse.class));
 		// Check that it is only applied once to the request
 		filter.doFilter(request, new MockHttpServletResponse(), new MockFilterChain());
 		verifyNoMoreInteractions(strategy);
@@ -119,11 +117,9 @@ public class SessionManagementFilterTests {
 		HttpServletResponse response = new MockHttpServletResponse();
 		FilterChain fc = mock(FilterChain.class);
 		authenticateUser();
-		SessionAuthenticationException exception = new SessionAuthenticationException(
-				"Failure");
-		doThrow(exception).when(strategy)
-				.onAuthentication(SecurityContextHolder.getContext().getAuthentication(),
-						request, response);
+		SessionAuthenticationException exception = new SessionAuthenticationException("Failure");
+		doThrow(exception).when(strategy).onAuthentication(SecurityContextHolder.getContext().getAuthentication(),
+				request, response);
 
 		filter.doFilter(request, response, fc);
 		verifyZeroInteractions(fc);
@@ -131,8 +127,7 @@ public class SessionManagementFilterTests {
 	}
 
 	@Test
-	public void responseIsRedirectedToTimeoutUrlIfSetAndSessionIsInvalid()
-			throws Exception {
+	public void responseIsRedirectedToTimeoutUrlIfSetAndSessionIsInvalid() throws Exception {
 		SecurityContextRepository repo = mock(SecurityContextRepository.class);
 		// repo will return false to containsContext()
 		SessionAuthenticationStrategy strategy = mock(SessionAuthenticationStrategy.class);
@@ -149,8 +144,7 @@ public class SessionManagementFilterTests {
 		request = new MockHttpServletRequest();
 		request.setRequestedSessionId("xxx");
 		request.setRequestedSessionIdValid(false);
-		SimpleRedirectInvalidSessionStrategy iss = new SimpleRedirectInvalidSessionStrategy(
-				"/timedOut");
+		SimpleRedirectInvalidSessionStrategy iss = new SimpleRedirectInvalidSessionStrategy("/timedOut");
 		iss.setCreateNewSession(true);
 		filter.setInvalidSessionStrategy(iss);
 		FilterChain fc = mock(FilterChain.class);
@@ -182,7 +176,7 @@ public class SessionManagementFilterTests {
 	}
 
 	private void authenticateUser() {
-		SecurityContextHolder.getContext().setAuthentication(
-				new TestingAuthenticationToken("user", "pass"));
+		SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken("user", "pass"));
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/util/OnCommittedResponseWrapperTests.java b/web/src/test/java/org/springframework/security/web/util/OnCommittedResponseWrapperTests.java
index b9b55af3b5..2b075bc06c 100644
--- a/web/src/test/java/org/springframework/security/web/util/OnCommittedResponseWrapperTests.java
+++ b/web/src/test/java/org/springframework/security/web/util/OnCommittedResponseWrapperTests.java
@@ -36,12 +36,15 @@ import static org.mockito.Mockito.when;
 
 @RunWith(MockitoJUnitRunner.class)
 public class OnCommittedResponseWrapperTests {
+
 	private static final String NL = "\r\n";
 
 	@Mock
 	HttpServletResponse delegate;
+
 	@Mock
 	PrintWriter writer;
+
 	@Mock
 	ServletOutputStream out;
 
@@ -61,7 +64,6 @@ public class OnCommittedResponseWrapperTests {
 		when(delegate.getOutputStream()).thenReturn(out);
 	}
 
-
 	// --- printwriter
 
 	@Test
@@ -339,7 +341,6 @@ public class OnCommittedResponseWrapperTests {
 		verify(writer).format(l, format, args);
 	}
 
-
 	@Test
 	public void printWriterAppendCharSequence() throws Exception {
 		String x = "a";
@@ -360,7 +361,6 @@ public class OnCommittedResponseWrapperTests {
 		verify(writer).append(x, start, end);
 	}
 
-
 	@Test
 	public void printWriterAppendChar() throws Exception {
 		char x = 1;
@@ -372,7 +372,6 @@ public class OnCommittedResponseWrapperTests {
 
 	// servletoutputstream
 
-
 	@Test
 	public void outputStreamHashCode() throws Exception {
 		int expected = out.hashCode();
@@ -594,7 +593,6 @@ public class OnCommittedResponseWrapperTests {
 		assertThat(committed).isTrue();
 	}
 
-
 	@Test
 	public void contentLengthPrintWriterWriteCharIntIntCommits() throws Exception {
 		char[] buff = new char[0];
@@ -629,7 +627,6 @@ public class OnCommittedResponseWrapperTests {
 		assertThat(committed).isTrue();
 	}
 
-
 	@Test
 	public void contentLengthPrintWriterWriteStringCommits() throws IOException {
 		String body = "something";
@@ -917,11 +914,9 @@ public class OnCommittedResponseWrapperTests {
 	// gh-171
 	@Test
 	public void contentLengthPlus1OutputStreamWriteByteArrayMultiDigitCommits() throws Exception {
-		String expected = "{\n" +
-				"  \"parameterName\" : \"_csrf\",\n" +
-				"  \"token\" : \"06300b65-c4aa-4c8f-8cda-39ee17f545a0\",\n" +
-				"  \"headerName\" : \"X-CSRF-TOKEN\"\n" +
-				"}";
+		String expected = "{\n" + "  \"parameterName\" : \"_csrf\",\n"
+				+ "  \"token\" : \"06300b65-c4aa-4c8f-8cda-39ee17f545a0\",\n" + "  \"headerName\" : \"X-CSRF-TOKEN\"\n"
+				+ "}";
 		response.setContentLength(expected.length() + 1);
 
 		response.getOutputStream().write(expected.getBytes());
@@ -1147,4 +1142,5 @@ public class OnCommittedResponseWrapperTests {
 
 		assertThat(committed).isFalse();
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/util/TextEscapeUtilsTests.java b/web/src/test/java/org/springframework/security/web/util/TextEscapeUtilsTests.java
index 337780567c..43be56ebd5 100644
--- a/web/src/test/java/org/springframework/security/web/util/TextEscapeUtilsTests.java
+++ b/web/src/test/java/org/springframework/security/web/util/TextEscapeUtilsTests.java
@@ -27,8 +27,7 @@ public class TextEscapeUtilsTests {
 	 */
 	@Test
 	public void charactersAreEscapedCorrectly() {
-		assertThat(TextEscapeUtils.escapeEntities("& a<script>\"'")).isEqualTo(
-				"&amp;&#32;a&lt;script&gt;&#34;&#39;");
+		assertThat(TextEscapeUtils.escapeEntities("& a<script>\"'")).isEqualTo("&amp;&#32;a&lt;script&gt;&#34;&#39;");
 	}
 
 	@Test
@@ -64,4 +63,5 @@ public class TextEscapeUtilsTests {
 	public void undefinedSurrogatePairIsIgnored() {
 		assertThat(TextEscapeUtils.escapeEntities("abc\uD888\uDC00a")).isEqualTo("abca");
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/util/ThrowableAnalyzerTests.java b/web/src/test/java/org/springframework/security/web/util/ThrowableAnalyzerTests.java
index 672a511548..6003031b44 100644
--- a/web/src/test/java/org/springframework/security/web/util/ThrowableAnalyzerTests.java
+++ b/web/src/test/java/org/springframework/security/web/util/ThrowableAnalyzerTests.java
@@ -47,18 +47,17 @@ public class ThrowableAnalyzerTests {
 		public Throwable resolveCause() {
 			return this.cause;
 		}
+
 	}
 
 	/**
 	 * <code>ThrowableCauseExtractor</code> for handling <code>NonStandardException</code>
 	 * instances.
 	 */
-	public static final class NonStandardExceptionCauseExtractor
-			implements ThrowableCauseExtractor {
+	public static final class NonStandardExceptionCauseExtractor implements ThrowableCauseExtractor {
 
 		public Throwable extractCause(Throwable throwable) {
-			ThrowableAnalyzer.verifyThrowableHierarchy(throwable,
-					NonStandardException.class);
+			ThrowableAnalyzer.verifyThrowableHierarchy(throwable, NonStandardException.class);
 			return ((NonStandardException) throwable).resolveCause();
 		}
 
@@ -107,8 +106,7 @@ public class ThrowableAnalyzerTests {
 			protected void initExtractorMap() {
 				super.initExtractorMap();
 				// register extractor for NonStandardException
-				registerExtractor(NonStandardException.class,
-						new NonStandardExceptionCauseExtractor());
+				registerExtractor(NonStandardException.class, new NonStandardExceptionCauseExtractor());
 			}
 		};
 	}
@@ -147,9 +145,10 @@ public class ThrowableAnalyzerTests {
 			for (int j = 0; j < i; ++j) {
 				Class prevClazz = registeredTypes[j];
 
-				assertThat(prevClazz.isAssignableFrom(clazz)).withFailMessage(
-						"Unexpected order of registered classes: " + prevClazz
-								+ " is assignable from " + clazz).isFalse();
+				assertThat(prevClazz.isAssignableFrom(clazz))
+						.withFailMessage(
+								"Unexpected order of registered classes: " + prevClazz + " is assignable from " + clazz)
+						.isFalse();
 			}
 		}
 	}
@@ -167,8 +166,8 @@ public class ThrowableAnalyzerTests {
 			}
 		};
 
-		assertThat(analyzer.getRegisteredTypes().length).withFailMessage(
-				"Unexpected number of registered types").isZero();
+		assertThat(analyzer.getRegisteredTypes().length).withFailMessage("Unexpected number of registered types")
+				.isZero();
 
 		Throwable t = this.testTrace[0];
 		Throwable[] chain = analyzer.determineCauseChain(t);
@@ -181,8 +180,8 @@ public class ThrowableAnalyzerTests {
 	public void testDetermineCauseChainWithDefaultExtractors() {
 		ThrowableAnalyzer analyzer = this.standardAnalyzer;
 
-		assertThat(analyzer.getRegisteredTypes().length).withFailMessage(
-				"Unexpected number of registered types").isEqualTo(2);
+		assertThat(analyzer.getRegisteredTypes().length).withFailMessage("Unexpected number of registered types")
+				.isEqualTo(2);
 
 		Throwable[] chain = analyzer.determineCauseChain(this.testTrace[0]);
 
@@ -190,8 +189,7 @@ public class ThrowableAnalyzerTests {
 		// by default
 		assertThat(chain.length).as("Unexpected chain size").isEqualTo(3);
 		for (int i = 0; i < 3; ++i) {
-			assertThat(chain[i]).withFailMessage(
-					"Unexpected chain entry: " + i).isEqualTo(this.testTrace[i]);
+			assertThat(chain[i]).withFailMessage("Unexpected chain entry: " + i).isEqualTo(this.testTrace[i]);
 		}
 	}
 
@@ -201,11 +199,9 @@ public class ThrowableAnalyzerTests {
 
 		Throwable[] chain = analyzer.determineCauseChain(this.testTrace[0]);
 
-		assertThat(chain.length).as("Unexpected chain size").isEqualTo(
-				this.testTrace.length);
+		assertThat(chain.length).as("Unexpected chain size").isEqualTo(this.testTrace.length);
 		for (int i = 0; i < chain.length; ++i) {
-			assertThat(chain[i]).withFailMessage(
-					"Unexpected chain entry: " + i).isEqualTo(this.testTrace[i]);
+			assertThat(chain[i]).withFailMessage("Unexpected chain entry: " + i).isEqualTo(this.testTrace[i]);
 		}
 	}
 
@@ -227,8 +223,7 @@ public class ThrowableAnalyzerTests {
 
 		Throwable[] chain = analyzer.determineCauseChain(this.testTrace[0]);
 
-		Throwable result = analyzer.getFirstThrowableOfType(NonStandardException.class,
-				chain);
+		Throwable result = analyzer.getFirstThrowableOfType(NonStandardException.class, chain);
 
 		assertThat(result).as("null not expected").isNotNull();
 		assertThat(result).as("Unexpected throwable found").isEqualTo(this.testTrace[2]);
@@ -241,8 +236,7 @@ public class ThrowableAnalyzerTests {
 		Throwable[] chain = analyzer.determineCauseChain(this.testTrace[0]);
 
 		// IllegalStateException not in trace
-		Throwable result = analyzer.getFirstThrowableOfType(IllegalStateException.class,
-				chain);
+		Throwable result = analyzer.getFirstThrowableOfType(IllegalStateException.class, chain);
 
 		assertThat(result).as("null expected").isNull();
 	}
@@ -251,8 +245,7 @@ public class ThrowableAnalyzerTests {
 	public void testVerifyThrowableHierarchyWithExactType() {
 
 		Throwable throwable = new IllegalStateException("Test");
-		ThrowableAnalyzer.verifyThrowableHierarchy(throwable,
-				IllegalStateException.class);
+		ThrowableAnalyzer.verifyThrowableHierarchy(throwable, IllegalStateException.class);
 		// No exception expected
 	}
 
@@ -280,12 +273,12 @@ public class ThrowableAnalyzerTests {
 
 		Throwable throwable = new IllegalStateException("Test");
 		try {
-			ThrowableAnalyzer.verifyThrowableHierarchy(throwable,
-					InvocationTargetException.class);
+			ThrowableAnalyzer.verifyThrowableHierarchy(throwable, InvocationTargetException.class);
 			fail("IllegalArgumentException expected");
 		}
 		catch (IllegalArgumentException e) {
 			// ok
 		}
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/util/UrlUtilsTests.java b/web/src/test/java/org/springframework/security/web/util/UrlUtilsTests.java
index 0c70ab811b..fb7980f138 100644
--- a/web/src/test/java/org/springframework/security/web/util/UrlUtilsTests.java
+++ b/web/src/test/java/org/springframework/security/web/util/UrlUtilsTests.java
@@ -20,7 +20,6 @@ import static org.assertj.core.api.Assertions.*;
 import org.junit.Test;
 
 /**
- *
  * @author Luke Taylor
  */
 public class UrlUtilsTests {
diff --git a/web/src/test/java/org/springframework/security/web/util/matcher/AndRequestMatcherTests.java b/web/src/test/java/org/springframework/security/web/util/matcher/AndRequestMatcherTests.java
index cd7c38d1d2..fd6492b4b0 100644
--- a/web/src/test/java/org/springframework/security/web/util/matcher/AndRequestMatcherTests.java
+++ b/web/src/test/java/org/springframework/security/web/util/matcher/AndRequestMatcherTests.java
@@ -33,12 +33,12 @@ import org.springframework.security.web.util.matcher.RequestMatcher;
 import org.springframework.security.web.util.matcher.AndRequestMatcher;
 
 /**
- *
  * @author Rob Winch
  *
  */
 @RunWith(MockitoJUnitRunner.class)
 public class AndRequestMatcherTests {
+
 	@Mock
 	private RequestMatcher delegate;
 
@@ -77,7 +77,7 @@ public class AndRequestMatcherTests {
 
 	@Test(expected = IllegalArgumentException.class)
 	public void constructorEmptyList() {
-		new AndRequestMatcher(Collections.<RequestMatcher> emptyList());
+		new AndRequestMatcher(Collections.<RequestMatcher>emptyList());
 	}
 
 	@Test
@@ -121,4 +121,5 @@ public class AndRequestMatcherTests {
 
 		assertThat(matcher.matches(request)).isFalse();
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/util/matcher/AntPathRequestMatcherTests.java b/web/src/test/java/org/springframework/security/web/util/matcher/AntPathRequestMatcherTests.java
index a07a31cbe3..600792426e 100644
--- a/web/src/test/java/org/springframework/security/web/util/matcher/AntPathRequestMatcherTests.java
+++ b/web/src/test/java/org/springframework/security/web/util/matcher/AntPathRequestMatcherTests.java
@@ -61,8 +61,7 @@ public class AntPathRequestMatcherTests {
 
 	@Test
 	public void trailingWildcardMatchesCorrectly() {
-		AntPathRequestMatcher matcher = new AntPathRequestMatcher("/blah/blAh/**", null,
-				false);
+		AntPathRequestMatcher matcher = new AntPathRequestMatcher("/blah/blAh/**", null, false);
 		assertThat(matcher.matches(createRequest("/BLAH/blah"))).isTrue();
 		assertThat(matcher.matches(createRequest("/blah/bleh"))).isFalse();
 		assertThat(matcher.matches(createRequest("/blah/blah/"))).isTrue();
@@ -86,8 +85,7 @@ public class AntPathRequestMatcherTests {
 
 	@Test
 	public void trailingWildcardWithVariableMatchesCorrectly() {
-		AntPathRequestMatcher matcher = new AntPathRequestMatcher("/{id}/blAh/**", null,
-				false);
+		AntPathRequestMatcher matcher = new AntPathRequestMatcher("/{id}/blAh/**", null, false);
 		assertThat(matcher.matches(createRequest("/1234/blah"))).isTrue();
 		assertThat(matcher.matches(createRequest("/4567/bleh"))).isFalse();
 		assertThat(matcher.matches(createRequest("/paskos/blah/"))).isTrue();
@@ -159,17 +157,12 @@ public class AntPathRequestMatcherTests {
 	@Test
 	public void caseSensitive() {
 		MockHttpServletRequest request = createRequest("/UPPER");
-		assertThat(new AntPathRequestMatcher("/upper", null, true).matches(request))
-				.isFalse();
-		assertThat(new AntPathRequestMatcher("/upper", "POST", true).matches(request))
-				.isFalse();
-		assertThat(new AntPathRequestMatcher("/upper", "GET", true).matches(request))
-				.isFalse();
+		assertThat(new AntPathRequestMatcher("/upper", null, true).matches(request)).isFalse();
+		assertThat(new AntPathRequestMatcher("/upper", "POST", true).matches(request)).isFalse();
+		assertThat(new AntPathRequestMatcher("/upper", "GET", true).matches(request)).isFalse();
 
-		assertThat(new AntPathRequestMatcher("/upper", null, false).matches(request))
-				.isTrue();
-		assertThat(new AntPathRequestMatcher("/upper", "POST", false).matches(request))
-				.isTrue();
+		assertThat(new AntPathRequestMatcher("/upper", null, false).matches(request)).isTrue();
+		assertThat(new AntPathRequestMatcher("/upper", "POST", false).matches(request)).isTrue();
 	}
 
 	@Test
@@ -186,18 +179,12 @@ public class AntPathRequestMatcherTests {
 	@Test
 	public void equalsBehavesCorrectly() {
 		// Both universal wildcard options should be equal
-		assertThat(new AntPathRequestMatcher("**"))
-				.isEqualTo(new AntPathRequestMatcher("/**"));
-		assertThat(new AntPathRequestMatcher("/xyz"))
-				.isEqualTo(new AntPathRequestMatcher("/xyz"));
-		assertThat(new AntPathRequestMatcher("/xyz", "POST"))
-				.isEqualTo(new AntPathRequestMatcher("/xyz", "POST"));
-		assertThat(new AntPathRequestMatcher("/xyz", "POST"))
-				.isNotEqualTo(new AntPathRequestMatcher("/xyz", "GET"));
-		assertThat(new AntPathRequestMatcher("/xyz"))
-				.isNotEqualTo(new AntPathRequestMatcher("/xxx"));
-		assertThat(new AntPathRequestMatcher("/xyz").equals(AnyRequestMatcher.INSTANCE))
-				.isFalse();
+		assertThat(new AntPathRequestMatcher("**")).isEqualTo(new AntPathRequestMatcher("/**"));
+		assertThat(new AntPathRequestMatcher("/xyz")).isEqualTo(new AntPathRequestMatcher("/xyz"));
+		assertThat(new AntPathRequestMatcher("/xyz", "POST")).isEqualTo(new AntPathRequestMatcher("/xyz", "POST"));
+		assertThat(new AntPathRequestMatcher("/xyz", "POST")).isNotEqualTo(new AntPathRequestMatcher("/xyz", "GET"));
+		assertThat(new AntPathRequestMatcher("/xyz")).isNotEqualTo(new AntPathRequestMatcher("/xxx"));
+		assertThat(new AntPathRequestMatcher("/xyz").equals(AnyRequestMatcher.INSTANCE)).isFalse();
 		assertThat(new AntPathRequestMatcher("/xyz", "GET", false))
 				.isNotEqualTo(new AntPathRequestMatcher("/xyz", "GET", true));
 	}
@@ -231,4 +218,5 @@ public class AntPathRequestMatcherTests {
 
 		return request;
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/util/matcher/ELRequestMatcherTests.java b/web/src/test/java/org/springframework/security/web/util/matcher/ELRequestMatcherTests.java
index d483ae9cd7..e169fcf8c5 100644
--- a/web/src/test/java/org/springframework/security/web/util/matcher/ELRequestMatcherTests.java
+++ b/web/src/test/java/org/springframework/security/web/util/matcher/ELRequestMatcherTests.java
@@ -47,8 +47,7 @@ public class ELRequestMatcherTests {
 
 	@Test
 	public void testHasHeaderTrue() {
-		ELRequestMatcher requestMatcher = new ELRequestMatcher(
-				"hasHeader('User-Agent','MSIE')");
+		ELRequestMatcher requestMatcher = new ELRequestMatcher("hasHeader('User-Agent','MSIE')");
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.addHeader("User-Agent", "MSIE");
 
@@ -73,8 +72,7 @@ public class ELRequestMatcherTests {
 
 	@Test
 	public void testHasHeaderFalse() {
-		ELRequestMatcher requestMatcher = new ELRequestMatcher(
-				"hasHeader('User-Agent','MSIE')");
+		ELRequestMatcher requestMatcher = new ELRequestMatcher("hasHeader('User-Agent','MSIE')");
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.addHeader("User-Agent", "wrong");
 
@@ -83,8 +81,7 @@ public class ELRequestMatcherTests {
 
 	@Test
 	public void testHasHeaderNull() {
-		ELRequestMatcher requestMatcher = new ELRequestMatcher(
-				"hasHeader('User-Agent','MSIE')");
+		ELRequestMatcher requestMatcher = new ELRequestMatcher("hasHeader('User-Agent','MSIE')");
 		MockHttpServletRequest request = new MockHttpServletRequest();
 
 		assertThat(requestMatcher.matches(request)).isFalse();
@@ -92,8 +89,8 @@ public class ELRequestMatcherTests {
 
 	@Test
 	public void toStringThenFormatted() {
-		ELRequestMatcher requestMatcher = new ELRequestMatcher(
-				"hasHeader('User-Agent','MSIE')");
+		ELRequestMatcher requestMatcher = new ELRequestMatcher("hasHeader('User-Agent','MSIE')");
 		assertThat(requestMatcher.toString()).isEqualTo("EL [el=\"hasHeader('User-Agent','MSIE')\"]");
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/util/matcher/IpAddressMatcherTests.java b/web/src/test/java/org/springframework/security/web/util/matcher/IpAddressMatcherTests.java
index 5216c7b5b7..48a93e771c 100644
--- a/web/src/test/java/org/springframework/security/web/util/matcher/IpAddressMatcherTests.java
+++ b/web/src/test/java/org/springframework/security/web/util/matcher/IpAddressMatcherTests.java
@@ -26,9 +26,13 @@ import org.springframework.security.web.util.matcher.IpAddressMatcher;
  * @author Luke Taylor
  */
 public class IpAddressMatcherTests {
+
 	final IpAddressMatcher v6matcher = new IpAddressMatcher("fe80::21f:5bff:fe33:bd68");
+
 	final IpAddressMatcher v4matcher = new IpAddressMatcher("192.168.1.104");
+
 	MockHttpServletRequest ipv4Request = new MockHttpServletRequest();
+
 	MockHttpServletRequest ipv6Request = new MockHttpServletRequest();
 
 	@Before
@@ -90,9 +94,8 @@ public class IpAddressMatcherTests {
 	public void ipv4RequiredAddressMaskTooLongThenIllegalArgumentException() {
 		String ipv4AddressWithTooLongMask = "192.168.1.104/33";
 		assertThatCode(() -> new IpAddressMatcher(ipv4AddressWithTooLongMask))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage(String.format("IP address %s is too short for bitmask of " +
-						"length %d", "192.168.1.104", 33));
+				.isInstanceOf(IllegalArgumentException.class).hasMessage(
+						String.format("IP address %s is too short for bitmask of " + "length %d", "192.168.1.104", 33));
 	}
 
 	// SEC-2576
@@ -100,8 +103,8 @@ public class IpAddressMatcherTests {
 	public void ipv6RequiredAddressMaskTooLongThenIllegalArgumentException() {
 		String ipv6AddressWithTooLongMask = "fe80::21f:5bff:fe33:bd68/129";
 		assertThatCode(() -> new IpAddressMatcher(ipv6AddressWithTooLongMask))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage(String.format("IP address %s is too short for bitmask of " +
-						"length %d", "fe80::21f:5bff:fe33:bd68", 129));
+				.isInstanceOf(IllegalArgumentException.class).hasMessage(String.format(
+						"IP address %s is too short for bitmask of " + "length %d", "fe80::21f:5bff:fe33:bd68", 129));
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcherRequestHCNSTests.java b/web/src/test/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcherRequestHCNSTests.java
index 6009f41b29..e022303faf 100644
--- a/web/src/test/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcherRequestHCNSTests.java
+++ b/web/src/test/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcherRequestHCNSTests.java
@@ -34,7 +34,9 @@ import org.springframework.web.accept.HeaderContentNegotiationStrategy;
  *
  */
 public class MediaTypeRequestMatcherRequestHCNSTests {
+
 	private MediaTypeRequestMatcher matcher;
+
 	private MockHttpServletRequest request;
 
 	private ContentNegotiationStrategy negotiationStrategy;
@@ -52,8 +54,7 @@ public class MediaTypeRequestMatcherRequestHCNSTests {
 
 		assertThat(matcher.matches(request)).isTrue();
 
-		matcher = new MediaTypeRequestMatcher(negotiationStrategy,
-				MediaType.APPLICATION_XHTML_XML);
+		matcher = new MediaTypeRequestMatcher(negotiationStrategy, MediaType.APPLICATION_XHTML_XML);
 		assertThat(matcher.matches(request)).isTrue();
 	}
 
@@ -82,8 +83,7 @@ public class MediaTypeRequestMatcherRequestHCNSTests {
 	@Test
 	public void javadocJsonJson() {
 		request.addHeader("Accept", MediaType.APPLICATION_JSON_VALUE);
-		MediaTypeRequestMatcher matcher = new MediaTypeRequestMatcher(
-				negotiationStrategy, MediaType.APPLICATION_JSON);
+		MediaTypeRequestMatcher matcher = new MediaTypeRequestMatcher(negotiationStrategy, MediaType.APPLICATION_JSON);
 
 		assertThat(matcher.matches(request)).isTrue();
 	}
@@ -91,8 +91,7 @@ public class MediaTypeRequestMatcherRequestHCNSTests {
 	@Test
 	public void javadocAllJson() {
 		request.addHeader("Accept", MediaType.ALL_VALUE);
-		MediaTypeRequestMatcher matcher = new MediaTypeRequestMatcher(
-				negotiationStrategy, MediaType.APPLICATION_JSON);
+		MediaTypeRequestMatcher matcher = new MediaTypeRequestMatcher(negotiationStrategy, MediaType.APPLICATION_JSON);
 
 		assertThat(matcher.matches(request)).isTrue();
 	}
@@ -100,8 +99,7 @@ public class MediaTypeRequestMatcherRequestHCNSTests {
 	@Test
 	public void javadocAllJsonIgnoreAll() {
 		request.addHeader("Accept", MediaType.ALL_VALUE);
-		MediaTypeRequestMatcher matcher = new MediaTypeRequestMatcher(
-				negotiationStrategy, MediaType.APPLICATION_JSON);
+		MediaTypeRequestMatcher matcher = new MediaTypeRequestMatcher(negotiationStrategy, MediaType.APPLICATION_JSON);
 		matcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL));
 		assertThat(matcher.matches(request)).isFalse();
 	}
@@ -109,8 +107,7 @@ public class MediaTypeRequestMatcherRequestHCNSTests {
 	@Test
 	public void javadocJsonJsonIgnoreAll() {
 		request.addHeader("Accept", MediaType.APPLICATION_JSON_VALUE);
-		MediaTypeRequestMatcher matcher = new MediaTypeRequestMatcher(
-				negotiationStrategy, MediaType.APPLICATION_JSON);
+		MediaTypeRequestMatcher matcher = new MediaTypeRequestMatcher(negotiationStrategy, MediaType.APPLICATION_JSON);
 		matcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL));
 		assertThat(matcher.matches(request)).isTrue();
 	}
@@ -118,8 +115,7 @@ public class MediaTypeRequestMatcherRequestHCNSTests {
 	@Test
 	public void javadocJsonJsonUseEquals() {
 		request.addHeader("Accept", MediaType.APPLICATION_JSON_VALUE);
-		MediaTypeRequestMatcher matcher = new MediaTypeRequestMatcher(
-				negotiationStrategy, MediaType.APPLICATION_JSON);
+		MediaTypeRequestMatcher matcher = new MediaTypeRequestMatcher(negotiationStrategy, MediaType.APPLICATION_JSON);
 		matcher.setUseEquals(true);
 		assertThat(matcher.matches(request)).isTrue();
 	}
@@ -127,8 +123,7 @@ public class MediaTypeRequestMatcherRequestHCNSTests {
 	@Test
 	public void javadocAllJsonUseEquals() {
 		request.addHeader("Accept", MediaType.ALL_VALUE);
-		MediaTypeRequestMatcher matcher = new MediaTypeRequestMatcher(
-				negotiationStrategy, MediaType.APPLICATION_JSON);
+		MediaTypeRequestMatcher matcher = new MediaTypeRequestMatcher(negotiationStrategy, MediaType.APPLICATION_JSON);
 		matcher.setUseEquals(true);
 		assertThat(matcher.matches(request)).isFalse();
 	}
@@ -136,8 +131,7 @@ public class MediaTypeRequestMatcherRequestHCNSTests {
 	@Test
 	public void javadocApplicationAllJsonUseEquals() {
 		request.addHeader("Accept", new MediaType("application", "*"));
-		MediaTypeRequestMatcher matcher = new MediaTypeRequestMatcher(
-				negotiationStrategy, MediaType.APPLICATION_JSON);
+		MediaTypeRequestMatcher matcher = new MediaTypeRequestMatcher(negotiationStrategy, MediaType.APPLICATION_JSON);
 		matcher.setUseEquals(true);
 		assertThat(matcher.matches(request)).isFalse();
 	}
@@ -145,9 +139,9 @@ public class MediaTypeRequestMatcherRequestHCNSTests {
 	@Test
 	public void javadocAllJsonUseFalse() {
 		request.addHeader("Accept", MediaType.ALL_VALUE);
-		MediaTypeRequestMatcher matcher = new MediaTypeRequestMatcher(
-				negotiationStrategy, MediaType.APPLICATION_JSON);
+		MediaTypeRequestMatcher matcher = new MediaTypeRequestMatcher(negotiationStrategy, MediaType.APPLICATION_JSON);
 		matcher.setUseEquals(true);
 		assertThat(matcher.matches(request)).isFalse();
 	}
+
 }
\ No newline at end of file
diff --git a/web/src/test/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcherTests.java b/web/src/test/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcherTests.java
index 099159f966..b25efd2fbc 100644
--- a/web/src/test/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcherTests.java
+++ b/web/src/test/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcherTests.java
@@ -41,7 +41,9 @@ import org.springframework.web.context.request.NativeWebRequest;
  */
 @RunWith(MockitoJUnitRunner.class)
 public class MediaTypeRequestMatcherTests {
+
 	private MediaTypeRequestMatcher matcher;
+
 	private MockHttpServletRequest request;
 
 	@Mock
@@ -76,8 +78,7 @@ public class MediaTypeRequestMatcherTests {
 
 	@Test(expected = IllegalArgumentException.class)
 	public void constructorEmtpyMediaTypes() {
-		new MediaTypeRequestMatcher(negotiationStrategy,
-				Collections.<MediaType> emptyList());
+		new MediaTypeRequestMatcher(negotiationStrategy, Collections.<MediaType>emptyList());
 	}
 
 	@Test(expected = IllegalArgumentException.class)
@@ -87,12 +88,11 @@ public class MediaTypeRequestMatcherTests {
 
 	@Test(expected = IllegalArgumentException.class)
 	public void constructorWhenEmptyMediaTypeCollectionThenIAE() {
-		new MediaTypeRequestMatcher(Collections.<MediaType> emptyList());
+		new MediaTypeRequestMatcher(Collections.<MediaType>emptyList());
 	}
 
 	@Test
-	public void negotiationStrategyThrowsHMTNAE()
-			throws HttpMediaTypeNotAcceptableException {
+	public void negotiationStrategyThrowsHMTNAE() throws HttpMediaTypeNotAcceptableException {
 		when(negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class)))
 				.thenThrow(new HttpMediaTypeNotAcceptableException("oops"));
 
@@ -109,8 +109,7 @@ public class MediaTypeRequestMatcherTests {
 		matcher = new MediaTypeRequestMatcher(negotiationStrategy, MediaType.TEXT_HTML);
 		assertThat(matcher.matches(request)).isTrue();
 
-		matcher = new MediaTypeRequestMatcher(negotiationStrategy,
-				MediaType.APPLICATION_XHTML_XML);
+		matcher = new MediaTypeRequestMatcher(negotiationStrategy, MediaType.APPLICATION_XHTML_XML);
 		assertThat(matcher.matches(request)).isTrue();
 	}
 
@@ -174,7 +173,8 @@ public class MediaTypeRequestMatcherTests {
 	@Test
 	public void matchWhenMultipleAcceptHeaderThenMatchMultiple() {
 		request.addHeader("Accept", "text/html, application/xhtml+xml, application/xml;q=0.9");
-		matcher = new MediaTypeRequestMatcher(MediaType.TEXT_HTML, MediaType.APPLICATION_XHTML_XML, MediaType.APPLICATION_XML);
+		matcher = new MediaTypeRequestMatcher(MediaType.TEXT_HTML, MediaType.APPLICATION_XHTML_XML,
+				MediaType.APPLICATION_XML);
 		assertThat(matcher.matches(request)).isTrue();
 	}
 
@@ -188,31 +188,26 @@ public class MediaTypeRequestMatcherTests {
 	@Test
 	public void multipleMediaType() throws HttpMediaTypeNotAcceptableException {
 		when(negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class)))
-				.thenReturn(
-						Arrays.asList(MediaType.TEXT_PLAIN,
-								MediaType.APPLICATION_XHTML_XML, MediaType.TEXT_HTML));
+				.thenReturn(Arrays.asList(MediaType.TEXT_PLAIN, MediaType.APPLICATION_XHTML_XML, MediaType.TEXT_HTML));
 
-		matcher = new MediaTypeRequestMatcher(negotiationStrategy,
-				MediaType.APPLICATION_ATOM_XML, MediaType.TEXT_HTML);
+		matcher = new MediaTypeRequestMatcher(negotiationStrategy, MediaType.APPLICATION_ATOM_XML, MediaType.TEXT_HTML);
 		assertThat(matcher.matches(request)).isTrue();
 
-		matcher = new MediaTypeRequestMatcher(negotiationStrategy,
-				MediaType.APPLICATION_XHTML_XML, MediaType.APPLICATION_JSON);
+		matcher = new MediaTypeRequestMatcher(negotiationStrategy, MediaType.APPLICATION_XHTML_XML,
+				MediaType.APPLICATION_JSON);
 		assertThat(matcher.matches(request)).isTrue();
 
-		matcher = new MediaTypeRequestMatcher(negotiationStrategy,
-				MediaType.APPLICATION_FORM_URLENCODED, MediaType.APPLICATION_JSON);
+		matcher = new MediaTypeRequestMatcher(negotiationStrategy, MediaType.APPLICATION_FORM_URLENCODED,
+				MediaType.APPLICATION_JSON);
 		assertThat(matcher.matches(request)).isFalse();
 	}
 
 	@Test
-	public void resolveTextPlainMatchesTextAll()
-			throws HttpMediaTypeNotAcceptableException {
+	public void resolveTextPlainMatchesTextAll() throws HttpMediaTypeNotAcceptableException {
 		when(negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class)))
 				.thenReturn(Arrays.asList(MediaType.TEXT_PLAIN));
 
-		matcher = new MediaTypeRequestMatcher(negotiationStrategy, new MediaType("text",
-				"*"));
+		matcher = new MediaTypeRequestMatcher(negotiationStrategy, new MediaType("text", "*"));
 		assertThat(matcher.matches(request)).isTrue();
 	}
 
@@ -225,8 +220,7 @@ public class MediaTypeRequestMatcherTests {
 	}
 
 	@Test
-	public void resolveTextAllMatchesTextPlain()
-			throws HttpMediaTypeNotAcceptableException {
+	public void resolveTextAllMatchesTextPlain() throws HttpMediaTypeNotAcceptableException {
 		when(negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class)))
 				.thenReturn(Arrays.asList(new MediaType("text", "*")));
 
@@ -242,12 +236,10 @@ public class MediaTypeRequestMatcherTests {
 		assertThat(matcher.matches(request)).isTrue();
 	}
 
-
 	// useEquals
 
 	@Test
-	public void useEqualsResolveTextAllMatchesTextPlain()
-			throws HttpMediaTypeNotAcceptableException {
+	public void useEqualsResolveTextAllMatchesTextPlain() throws HttpMediaTypeNotAcceptableException {
 		when(negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class)))
 				.thenReturn(Arrays.asList(new MediaType("text", "*")));
 
@@ -266,13 +258,11 @@ public class MediaTypeRequestMatcherTests {
 	}
 
 	@Test
-	public void useEqualsResolveTextPlainMatchesTextAll()
-			throws HttpMediaTypeNotAcceptableException {
+	public void useEqualsResolveTextPlainMatchesTextAll() throws HttpMediaTypeNotAcceptableException {
 		when(negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class)))
 				.thenReturn(Arrays.asList(MediaType.TEXT_PLAIN));
 
-		matcher = new MediaTypeRequestMatcher(negotiationStrategy, new MediaType("text",
-				"*"));
+		matcher = new MediaTypeRequestMatcher(negotiationStrategy, new MediaType("text", "*"));
 		matcher.setUseEquals(true);
 		assertThat(matcher.matches(request)).isFalse();
 	}
@@ -310,8 +300,7 @@ public class MediaTypeRequestMatcherTests {
 		when(negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class)))
 				.thenReturn(Arrays.asList(new MediaType("text", "unique")));
 
-		matcher = new MediaTypeRequestMatcher(negotiationStrategy, new MediaType("text",
-				"unique"));
+		matcher = new MediaTypeRequestMatcher(negotiationStrategy, new MediaType("text", "unique"));
 		matcher.setUseEquals(true);
 		assertThat(matcher.matches(request)).isTrue();
 	}
@@ -347,8 +336,7 @@ public class MediaTypeRequestMatcherTests {
 	}
 
 	@Test
-	public void mediaAllAndTextHtmlIgnoreMediaTypeAll()
-			throws HttpMediaTypeNotAcceptableException {
+	public void mediaAllAndTextHtmlIgnoreMediaTypeAll() throws HttpMediaTypeNotAcceptableException {
 		when(negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class)))
 				.thenReturn(Arrays.asList(MediaType.ALL, MediaType.TEXT_HTML));
 		matcher = new MediaTypeRequestMatcher(negotiationStrategy, MediaType.TEXT_HTML);
@@ -367,12 +355,9 @@ public class MediaTypeRequestMatcherTests {
 	}
 
 	@Test
-	public void mediaAllQ08AndTextPlainIgnoreMediaTypeAll()
-			throws HttpMediaTypeNotAcceptableException {
+	public void mediaAllQ08AndTextPlainIgnoreMediaTypeAll() throws HttpMediaTypeNotAcceptableException {
 		when(negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class)))
-				.thenReturn(
-						Arrays.asList(MediaType.TEXT_PLAIN,
-								MediaType.parseMediaType("*/*;q=0.8")));
+				.thenReturn(Arrays.asList(MediaType.TEXT_PLAIN, MediaType.parseMediaType("*/*;q=0.8")));
 		matcher = new MediaTypeRequestMatcher(negotiationStrategy, MediaType.TEXT_HTML);
 		matcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL));
 
@@ -387,4 +372,5 @@ public class MediaTypeRequestMatcherTests {
 
 		assertThat(matcher.matches(request)).isFalse();
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/util/matcher/NegatedRequestMatcherTests.java b/web/src/test/java/org/springframework/security/web/util/matcher/NegatedRequestMatcherTests.java
index f78af651e2..64b93b645c 100644
--- a/web/src/test/java/org/springframework/security/web/util/matcher/NegatedRequestMatcherTests.java
+++ b/web/src/test/java/org/springframework/security/web/util/matcher/NegatedRequestMatcherTests.java
@@ -28,12 +28,12 @@ import org.springframework.security.web.util.matcher.RequestMatcher;
 import org.springframework.security.web.util.matcher.NegatedRequestMatcher;
 
 /**
- *
  * @author Rob Winch
  *
  */
 @RunWith(MockitoJUnitRunner.class)
 public class NegatedRequestMatcherTests {
+
 	@Mock
 	private RequestMatcher delegate;
 
@@ -62,4 +62,5 @@ public class NegatedRequestMatcherTests {
 
 		assertThat(matcher.matches(request)).isFalse();
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/util/matcher/OrRequestMatcherTests.java b/web/src/test/java/org/springframework/security/web/util/matcher/OrRequestMatcherTests.java
index fffb835fc5..1bca4fd7e3 100644
--- a/web/src/test/java/org/springframework/security/web/util/matcher/OrRequestMatcherTests.java
+++ b/web/src/test/java/org/springframework/security/web/util/matcher/OrRequestMatcherTests.java
@@ -32,12 +32,12 @@ import org.springframework.security.web.util.matcher.RequestMatcher;
 import org.springframework.security.web.util.matcher.OrRequestMatcher;
 
 /**
- *
  * @author Rob Winch
  *
  */
 @RunWith(MockitoJUnitRunner.class)
 public class OrRequestMatcherTests {
+
 	@Mock
 	private RequestMatcher delegate;
 
@@ -76,7 +76,7 @@ public class OrRequestMatcherTests {
 
 	@Test(expected = IllegalArgumentException.class)
 	public void constructorEmptyList() {
-		new OrRequestMatcher(Collections.<RequestMatcher> emptyList());
+		new OrRequestMatcher(Collections.<RequestMatcher>emptyList());
 	}
 
 	@Test
@@ -119,4 +119,5 @@ public class OrRequestMatcherTests {
 
 		assertThat(matcher.matches(request)).isTrue();
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/util/matcher/RegexRequestMatcherTests.java b/web/src/test/java/org/springframework/security/web/util/matcher/RegexRequestMatcherTests.java
index b6c457d63c..76f0ee78d9 100644
--- a/web/src/test/java/org/springframework/security/web/util/matcher/RegexRequestMatcherTests.java
+++ b/web/src/test/java/org/springframework/security/web/util/matcher/RegexRequestMatcherTests.java
@@ -60,8 +60,7 @@ public class RegexRequestMatcherTests {
 	public void queryStringIsMatcherCorrectly() {
 		RegexRequestMatcher matcher = new RegexRequestMatcher(".*\\?x=y", "GET");
 
-		MockHttpServletRequest request = new MockHttpServletRequest("GET",
-				"/any/path?x=y");
+		MockHttpServletRequest request = new MockHttpServletRequest("GET", "/any/path?x=y");
 		request.setServletPath("/any");
 		request.setPathInfo("/path");
 		request.setQueryString("x=y");
@@ -119,4 +118,5 @@ public class RegexRequestMatcherTests {
 		when(request.getServletPath()).thenReturn(path);
 		return request;
 	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/util/matcher/RequestHeaderRequestMatcherTests.java b/web/src/test/java/org/springframework/security/web/util/matcher/RequestHeaderRequestMatcherTests.java
index 187b718bc3..a2e462dbcf 100644
--- a/web/src/test/java/org/springframework/security/web/util/matcher/RequestHeaderRequestMatcherTests.java
+++ b/web/src/test/java/org/springframework/security/web/util/matcher/RequestHeaderRequestMatcherTests.java
@@ -23,7 +23,6 @@ import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher;
 
 /**
- *
  * @author Rob Winch
  *
  */
@@ -59,40 +58,32 @@ public class RequestHeaderRequestMatcherTests {
 	@Test
 	public void matchesHeaderNameDoesNotMatch() {
 		request.addHeader(headerName + "notMatch", headerValue);
-		assertThat(new RequestHeaderRequestMatcher(headerName).matches(request))
-				.isFalse();
+		assertThat(new RequestHeaderRequestMatcher(headerName).matches(request)).isFalse();
 	}
 
 	@Test
 	public void matchesHeaderNameValueMatches() {
 		request.addHeader(headerName, headerValue);
-		assertThat(
-				new RequestHeaderRequestMatcher(headerName, headerValue).matches(request))
-				.isTrue();
+		assertThat(new RequestHeaderRequestMatcher(headerName, headerValue).matches(request)).isTrue();
 	}
 
 	@Test
 	public void matchesHeaderNameValueHeaderNameNotMatch() {
 		request.addHeader(headerName + "notMatch", headerValue);
-		assertThat(
-				new RequestHeaderRequestMatcher(headerName, headerValue).matches(request))
-				.isFalse();
+		assertThat(new RequestHeaderRequestMatcher(headerName, headerValue).matches(request)).isFalse();
 	}
 
 	@Test
 	public void matchesHeaderNameValueHeaderValueNotMatch() {
 		request.addHeader(headerName, headerValue + "notMatch");
-		assertThat(
-				new RequestHeaderRequestMatcher(headerName, headerValue).matches(request))
-				.isFalse();
+		assertThat(new RequestHeaderRequestMatcher(headerName, headerValue).matches(request)).isFalse();
 	}
 
 	@Test
 	public void matchesHeaderNameValueHeaderValueMultiNotMatch() {
 		request.addHeader(headerName, headerValue + "notMatch");
 		request.addHeader(headerName, headerValue);
-		assertThat(
-				new RequestHeaderRequestMatcher(headerName, headerValue).matches(request))
-				.isFalse();
+		assertThat(new RequestHeaderRequestMatcher(headerName, headerValue).matches(request)).isFalse();
 	}
+
 }

From 71bc145ae4f695bf31f47ffa36e3483eeedcefaf Mon Sep 17 00:00:00 2001
From: Phillip Webb <pwebb@vmware.com>
Date: Thu, 23 Jul 2020 15:09:07 -0700
Subject: [PATCH 09/84] Remove superfluous comments

Use '^\s+//\ \~\ .*$' and '^\s+//\ ============+$' regular expression
searches to remove superfluous comments.

Prior to this commit, many classes would have comments to indicate
blocks of code (such as constructors/methods/instance fields). These
added a lot of noise and weren't all that helpful, especially given
the outline views available in most modern IDEs.

Issue gh-8945
---
 .../security/acls/AclEntryVoter.java           | 12 ------------
 .../afterinvocation/AbstractAclProvider.java   |  9 ---------
 ...rInvocationCollectionFilteringProvider.java |  9 ---------
 .../AclEntryAfterInvocationProvider.java       | 12 ------------
 .../acls/afterinvocation/ArrayFilterer.java    | 12 ------------
 .../afterinvocation/CollectionFilterer.java    | 12 ------------
 .../acls/afterinvocation/Filterer.java         |  3 ---
 .../acls/domain/AbstractPermission.java        |  8 --------
 .../acls/domain/AccessControlEntryImpl.java    |  9 ---------
 .../acls/domain/AclAuthorizationStrategy.java  |  6 ------
 .../domain/AclAuthorizationStrategyImpl.java   |  9 ---------
 .../security/acls/domain/AclImpl.java          |  9 ---------
 .../security/acls/domain/AuditLogger.java      |  3 ---
 .../acls/domain/ConsoleAuditLogger.java        |  3 ---
 .../acls/domain/EhCacheBasedAclCache.java      |  9 ---------
 .../acls/domain/GrantedAuthoritySid.java       |  9 ---------
 .../domain/IdentityUnavailableException.java   |  3 ---
 .../acls/domain/ObjectIdentityImpl.java        |  9 ---------
 .../ObjectIdentityRetrievalStrategyImpl.java   |  3 ---
 .../security/acls/domain/PrincipalSid.java     |  9 ---------
 .../acls/domain/SidRetrievalStrategyImpl.java  |  3 ---
 .../acls/domain/SpringCacheBasedAclCache.java  |  9 ---------
 .../acls/jdbc/BasicLookupStrategy.java         | 12 ------------
 .../security/acls/jdbc/JdbcAclService.java     | 12 ------------
 .../acls/jdbc/JdbcMutableAclService.java       |  9 ---------
 .../security/acls/jdbc/LookupStrategy.java     |  3 ---
 .../acls/model/AccessControlEntry.java         |  3 ---
 .../security/acls/model/AclCache.java          |  3 ---
 .../security/acls/model/AclService.java        |  3 ---
 .../acls/model/AlreadyExistsException.java     |  3 ---
 .../model/AuditableAccessControlEntry.java     |  3 ---
 .../security/acls/model/AuditableAcl.java      |  3 ---
 .../acls/model/ChildrenExistException.java     |  3 ---
 .../security/acls/model/MutableAcl.java        |  3 ---
 .../security/acls/model/MutableAclService.java |  3 ---
 .../security/acls/model/NotFoundException.java |  3 ---
 .../security/acls/model/ObjectIdentity.java    |  3 ---
 .../model/ObjectIdentityRetrievalStrategy.java |  3 ---
 .../security/acls/model/OwnershipAcl.java      |  3 ---
 .../security/acls/model/Permission.java        |  6 ------
 .../security/acls/model/Sid.java               |  3 ---
 .../acls/model/SidRetrievalStrategy.java       |  3 ---
 .../acls/model/UnloadedSidException.java       |  3 ---
 .../security/acls/AclFormattingUtilsTests.java |  2 --
 .../domain/AccessControlImplEntryTests.java    |  3 ---
 .../security/acls/domain/AclImplTests.java     |  6 ------
 .../AclImplementationSecurityCheckTests.java   |  3 ---
 .../security/acls/domain/AuditLoggerTests.java |  5 -----
 .../acls/domain/ObjectIdentityImplTests.java   |  6 ------
 ...jectIdentityRetrievalStrategyImplTests.java |  4 ----
 .../jdbc/AbstractBasicLookupStrategyTests.java |  6 ------
 .../security/acls/jdbc/DatabaseSeeder.java     |  3 ---
 .../acls/jdbc/JdbcAclServiceTests.java         |  3 ---
 .../acls/jdbc/JdbcMutableAclServiceTests.java  |  9 ---------
 .../acls/sid/SidRetrievalStrategyTests.java    |  3 ---
 .../security/acls/sid/SidTests.java            |  2 --
 .../security/cas/ServiceProperties.java        |  6 ------
 .../CasAuthenticationProvider.java             |  9 ---------
 .../authentication/CasAuthenticationToken.java |  8 --------
 .../EhCacheBasedTicketCache.java               |  9 ---------
 .../SpringCacheBasedTicketCache.java           | 12 ------------
 .../authentication/StatelessTicketCache.java   |  2 --
 .../cas/web/CasAuthenticationEntryPoint.java   |  5 -----
 .../cas/web/CasAuthenticationFilter.java       |  9 ---------
 .../DefaultServiceAuthenticationDetails.java   |  9 ---------
 .../ServiceAuthenticationDetailsSource.java    |  9 ---------
 .../CasAuthenticationProviderTests.java        |  6 ------
 .../EhCacheBasedTicketCacheTests.java          |  2 --
 .../SpringCacheBasedTicketCacheTests.java      |  3 ---
 .../web/CasAuthenticationEntryPointTests.java  |  2 --
 .../cas/web/CasAuthenticationFilterTests.java  |  3 ---
 .../cas/web/ServicePropertiesTests.java        |  3 ---
 .../security/config/DataSourcePopulator.java   |  3 ---
 .../config/FilterChainProxyConfigTests.java    |  3 ---
 .../security/access/AccessDecisionManager.java |  3 ---
 .../security/access/AccessDecisionVoter.java   |  6 ------
 .../security/access/AccessDeniedException.java |  3 ---
 .../access/AfterInvocationProvider.java        |  3 ---
 .../access/AuthorizationServiceException.java  |  3 ---
 .../security/access/ConfigAttribute.java       |  3 ---
 .../security/access/SecurityConfig.java        |  9 ---------
 .../access/SecurityMetadataSource.java         |  3 ---
 .../event/AbstractAuthorizationEvent.java      |  3 ---
 ...AuthenticationCredentialsNotFoundEvent.java |  9 ---------
 .../event/AuthorizationFailureEvent.java       |  9 ---------
 .../security/access/event/AuthorizedEvent.java |  9 ---------
 .../security/access/event/LoggerListener.java  |  6 ------
 .../access/event/PublicInvocationEvent.java    |  3 ---
 .../intercept/AbstractSecurityInterceptor.java |  9 ---------
 .../intercept/AfterInvocationManager.java      |  3 ---
 .../AfterInvocationProviderManager.java        |  9 ---------
 .../intercept/InterceptorStatusToken.java      |  9 ---------
 .../MethodInvocationPrivilegeEvaluator.java    |  9 ---------
 .../access/intercept/NullRunAsManager.java     |  3 ---
 .../RunAsImplAuthenticationProvider.java       |  6 ------
 .../access/intercept/RunAsManager.java         |  3 ---
 .../access/intercept/RunAsManagerImpl.java     |  6 ------
 .../access/intercept/RunAsUserToken.java       |  9 ---------
 .../aopalliance/MethodSecurityInterceptor.java |  6 ------
 .../MethodSecurityMetadataSourceAdvisor.java   | 12 ------------
 .../intercept/aspectj/AspectJCallback.java     |  3 ---
 .../AbstractMethodSecurityMetadataSource.java  |  3 ---
 ...DelegatingMethodSecurityMetadataSource.java |  9 ---------
 .../MapBasedMethodSecurityMetadataSource.java  |  5 -----
 .../vote/AbstractAccessDecisionManager.java    |  5 -----
 .../security/access/vote/AbstractAclVoter.java |  6 ------
 .../security/access/vote/AffirmativeBased.java |  3 ---
 .../access/vote/AuthenticatedVoter.java        |  9 ---------
 .../security/access/vote/ConsensusBased.java   |  6 ------
 .../security/access/vote/RoleVoter.java        |  6 ------
 .../security/access/vote/UnanimousBased.java   |  3 ---
 .../AbstractAuthenticationToken.java           |  9 ---------
 .../AccountExpiredException.java               |  3 ---
 .../AnonymousAuthenticationProvider.java       |  6 ------
 .../AnonymousAuthenticationToken.java          |  9 ---------
 ...enticationCredentialsNotFoundException.java |  3 ---
 .../AuthenticationDetailsSource.java           |  3 ---
 .../authentication/AuthenticationManager.java  |  3 ---
 .../authentication/AuthenticationProvider.java |  3 ---
 .../AuthenticationServiceException.java        |  3 ---
 .../AuthenticationTrustResolver.java           |  3 ---
 .../AuthenticationTrustResolverImpl.java       |  6 ------
 .../BadCredentialsException.java               |  3 ---
 .../CredentialsExpiredException.java           |  3 ---
 .../authentication/DisabledException.java      |  3 ---
 .../InsufficientAuthenticationException.java   |  3 ---
 .../authentication/LockedException.java        |  3 ---
 .../authentication/ProviderManager.java        |  9 ---------
 .../ProviderNotFoundException.java             |  3 ---
 .../RememberMeAuthenticationProvider.java      |  6 ------
 .../RememberMeAuthenticationToken.java         |  9 ---------
 .../TestingAuthenticationProvider.java         |  3 ---
 .../TestingAuthenticationToken.java            |  9 ---------
 .../UsernamePasswordAuthenticationToken.java   |  9 ---------
 ...tractUserDetailsAuthenticationProvider.java |  6 ------
 .../dao/DaoAuthenticationProvider.java         |  9 ---------
 .../event/AbstractAuthenticationEvent.java     |  6 ------
 .../AbstractAuthenticationFailureEvent.java    |  9 ---------
 ...thenticationFailureBadCredentialsEvent.java |  3 ---
 ...ticationFailureCredentialsExpiredEvent.java |  3 ---
 .../AuthenticationFailureDisabledEvent.java    |  3 ---
 .../AuthenticationFailureExpiredEvent.java     |  3 ---
 .../AuthenticationFailureLockedEvent.java      |  3 ---
 ...enticationFailureProviderNotFoundEvent.java |  3 ---
 ...thenticationFailureProxyUntrustedEvent.java |  3 ---
 ...enticationFailureServiceExceptionEvent.java |  3 ---
 .../event/AuthenticationSuccessEvent.java      |  3 ---
 .../InteractiveAuthenticationSuccessEvent.java |  9 ---------
 .../authentication/event/LoggerListener.java   |  6 ------
 .../AbstractJaasAuthenticationProvider.java    |  9 ---------
 .../authentication/jaas/AuthorityGranter.java  |  3 ---
 .../DefaultJaasAuthenticationProvider.java     |  6 ------
 .../jaas/DefaultLoginExceptionResolver.java    |  3 ---
 .../JaasAuthenticationCallbackHandler.java     |  3 ---
 .../jaas/JaasAuthenticationProvider.java       |  9 ---------
 .../jaas/JaasAuthenticationToken.java          |  9 ---------
 .../jaas/JaasGrantedAuthority.java             |  3 ---
 .../jaas/JaasNameCallbackHandler.java          |  3 ---
 .../jaas/JaasPasswordCallbackHandler.java      |  3 ---
 .../jaas/LoginExceptionResolver.java           |  3 ---
 .../jaas/SecurityContextLoginModule.java       |  9 ---------
 .../jaas/event/JaasAuthenticationEvent.java    |  6 ------
 .../event/JaasAuthenticationFailedEvent.java   |  9 ---------
 .../event/JaasAuthenticationSuccessEvent.java  |  3 ---
 .../jaas/memory/InMemoryConfiguration.java     |  9 ---------
 .../rcp/RemoteAuthenticationException.java     |  3 ---
 .../rcp/RemoteAuthenticationManager.java       |  3 ---
 .../rcp/RemoteAuthenticationManagerImpl.java   |  6 ------
 .../rcp/RemoteAuthenticationProvider.java      |  6 ------
 .../security/core/Authentication.java          |  3 ---
 .../security/core/AuthenticationException.java |  3 ---
 .../security/core/GrantedAuthority.java        |  3 ---
 .../core/SpringSecurityMessageSource.java      |  6 ------
 .../GlobalSecurityContextHolderStrategy.java   |  6 ------
 ...readLocalSecurityContextHolderStrategy.java |  6 ------
 .../security/core/context/SecurityContext.java |  3 ---
 .../core/context/SecurityContextHolder.java    |  6 ------
 .../context/SecurityContextHolderStrategy.java |  3 ---
 .../core/context/SecurityContextImpl.java      |  6 ------
 ...readLocalSecurityContextHolderStrategy.java |  6 ------
 .../core/session/SessionInformation.java       |  9 ---------
 .../security/core/session/SessionRegistry.java |  3 ---
 .../core/session/SessionRegistryImpl.java      |  6 ------
 .../security/core/userdetails/User.java        |  8 --------
 .../security/core/userdetails/UserCache.java   |  3 ---
 .../security/core/userdetails/UserDetails.java |  3 ---
 .../core/userdetails/UserDetailsService.java   |  3 ---
 .../userdetails/UsernameNotFoundException.java |  3 ---
 .../cache/EhCacheBasedUserCache.java           |  9 ---------
 .../core/userdetails/cache/NullUserCache.java  |  3 ---
 .../cache/SpringCacheBasedUserCache.java       | 12 ------------
 .../core/userdetails/jdbc/JdbcDaoImpl.java     | 12 ------------
 .../core/userdetails/memory/UserAttribute.java |  6 ------
 .../memory/UserAttributeEditor.java            |  3 ---
 .../provisioning/JdbcUserDetailsManager.java   | 15 ---------------
 .../security/util/FieldUtils.java              |  2 --
 .../security/util/InMemoryResource.java        |  9 ---------
 .../security/util/MethodInvocationUtils.java   |  3 ---
 .../security/util/SimpleMethodInvocation.java  |  9 ---------
 .../security/ITargetObject.java                |  3 ---
 .../security/OtherTargetObject.java            |  3 ---
 .../security/PopulatedDatabase.java            |  9 ---------
 .../springframework/security/TargetObject.java |  3 ---
 .../security/access/SecurityConfigTests.java   |  6 ------
 .../access/annotation/BusinessService.java     |  3 ---
 ...sr250MethodSecurityMetadataSourceTests.java |  3 ---
 ...dAnnotationSecurityMetadataSourceTests.java |  6 ------
 .../method/MethodExpressionVoterTests.java     |  3 ---
 ...tAnnotationSecurityMetadataSourceTests.java |  3 ---
 .../AbstractSecurityInterceptorTests.java      |  6 ------
 .../AfterInvocationProviderManagerTests.java   |  5 -----
 .../intercept/NullRunAsManagerTests.java       |  3 ---
 .../MethodSecurityInterceptorTests.java        |  3 ---
 ...thodSecurityMetadataSourceAdvisorTests.java |  2 --
 .../AspectJMethodSecurityInterceptorTests.java |  3 ---
 ...ethodInvocationPrivilegeEvaluatorTests.java |  3 ---
 .../AbstractAccessDecisionManagerTests.java    |  5 -----
 .../security/access/vote/DenyAgainVoter.java   |  3 ---
 .../security/access/vote/DenyVoter.java        |  3 ---
 .../security/access/vote/SomeDomainObject.java |  9 ---------
 .../access/vote/SomeDomainObjectManager.java   |  3 ---
 .../access/vote/UnanimousBasedTests.java       |  3 ---
 .../AbstractAuthenticationTokenTests.java      |  9 ---------
 .../AuthenticationTrustResolverImplTests.java  |  2 --
 .../authentication/ProviderManagerTests.java   |  3 ---
 ...ernamePasswordAuthenticationTokenTests.java |  3 ---
 .../AnonymousAuthenticationProviderTests.java  |  3 ---
 .../AnonymousAuthenticationTokenTests.java     |  2 --
 .../dao/DaoAuthenticationProviderTests.java    |  5 -----
 .../event/AuthenticationEventTests.java        |  3 ---
 .../event/LoggerListenerTests.java             |  3 ---
 .../jaas/JaasAuthenticationProviderTests.java  |  9 ---------
 .../authentication/jaas/JaasEventCheck.java    |  6 ------
 .../jaas/SecurityContextLoginModuleTests.java  |  6 ------
 .../jaas/TestAuthorityGranter.java             |  3 ---
 .../jaas/TestCallbackHandler.java              |  3 ---
 .../authentication/jaas/TestLoginModule.java   |  6 ------
 .../RemoteAuthenticationManagerImplTests.java  |  3 ---
 .../rcp/RemoteAuthenticationProviderTests.java |  6 ------
 .../RememberMeAuthenticationProviderTests.java |  2 --
 .../RememberMeAuthenticationTokenTests.java    |  2 --
 .../core/SpringSecurityMessageSourceTests.java |  2 --
 .../context/SecurityContextHolderTests.java    |  2 --
 .../core/context/SecurityContextImplTests.java |  2 --
 .../core/session/SessionInformationTests.java  |  2 --
 .../core/session/SessionRegistryImplTests.java |  3 ---
 .../security/core/userdetails/UserTests.java   |  3 ---
 .../cache/EhCacheBasedUserCacheTests.java      |  2 --
 .../userdetails/cache/NullUserCacheTests.java  |  3 ---
 .../cache/SpringCacheBasedUserCacheTests.java  |  2 --
 .../userdetails/jdbc/JdbcDaoImplTests.java     |  3 ---
 .../password/LdapShaPasswordEncoder.java       | 11 -----------
 .../password/LdapShaPasswordEncoderTests.java  |  6 ------
 .../MessageDigestPasswordEncoderTests.java     |  3 ---
 .../ldap/SpringSecurityLdapTemplateITests.java |  6 ------
 .../authentication/BindAuthenticatorTests.java |  6 ------
 .../PasswordComparisonAuthenticatorTests.java  |  6 ------
 .../DefaultLdapAuthoritiesPopulatorTests.java  |  3 ---
 .../NestedLdapAuthoritiesPopulatorTests.java   |  3 ---
 .../security/ldap/LdapUtils.java               |  9 ---------
 .../ldap/SpringSecurityLdapTemplate.java       | 11 -----------
 .../AbstractLdapAuthenticator.java             |  9 ---------
 .../ldap/authentication/BindAuthenticator.java |  9 ---------
 .../LdapAuthenticationProvider.java            |  9 ---------
 .../ldap/authentication/LdapAuthenticator.java |  3 ---
 .../PasswordComparisonAuthenticator.java       | 12 ------------
 .../ldap/ppolicy/PasswordPolicyControl.java    | 12 ------------
 .../ppolicy/PasswordPolicyControlFactory.java  |  3 ---
 .../ppolicy/PasswordPolicyResponseControl.java | 18 ------------------
 .../ldap/search/FilterBasedLdapUserSearch.java | 12 ------------
 .../security/ldap/search/LdapUserSearch.java   |  3 ---
 .../DefaultLdapAuthoritiesPopulator.java       | 12 ------------
 .../userdetails/LdapAuthoritiesPopulator.java  |  3 ---
 .../ldap/userdetails/LdapUserDetails.java      |  3 ---
 .../ldap/userdetails/LdapUserDetailsImpl.java  | 12 ------------
 .../userdetails/LdapUserDetailsMapper.java     |  6 ------
 .../security/ldap/LdapUtilsTests.java          |  3 ---
 .../LdapAuthenticationProviderTests.java       |  6 ------
 .../ldap/authentication/MockUserSearch.java    |  9 ---------
 ...sswordComparisonAuthenticatorMockTests.java |  3 ---
 .../PasswordPolicyResponseControlTests.java    |  3 ---
 .../AuthenticationCancelledException.java      |  3 ---
 .../security/openid/OpenID4JavaConsumer.java   |  9 ---------
 .../openid/OpenIDAuthenticationFilter.java     | 12 ------------
 .../openid/OpenIDAuthenticationProvider.java   |  6 ------
 .../openid/OpenIDAuthenticationStatus.java     |  3 ---
 .../openid/OpenIDAuthenticationToken.java      |  9 ---------
 .../openid/OpenIDConsumerException.java        |  3 ---
 .../security/openid/MockOpenIDConsumer.java    |  6 ------
 .../OpenIDAuthenticationProviderTests.java     |  6 ------
 ...cationSimpleHttpInvokerRequestExecutor.java |  9 ---------
 .../ContextPropagatingRemoteInvocation.java    |  9 ---------
 ...textPropagatingRemoteInvocationFactory.java |  3 ---
 ...nSimpleHttpInvokerRequestExecutorTests.java |  5 -----
 ...ontextPropagatingRemoteInvocationTests.java |  2 --
 .../java/sample/contact/AddPermission.java     |  5 +----
 .../sample/contact/AddPermissionValidator.java |  3 +--
 .../java/sample/contact/ClientApplication.java |  7 +------
 .../src/main/java/sample/contact/Contact.java  |  7 +------
 .../main/java/sample/contact/ContactDao.java   |  3 +--
 .../java/sample/contact/ContactDaoSpring.java  |  2 --
 .../java/sample/contact/ContactManager.java    |  3 +--
 .../sample/contact/ContactManagerBackend.java  |  5 +----
 .../sample/contact/DataSourcePopulator.java    |  5 +----
 .../java/sample/contact/IndexController.java   |  4 ----
 .../main/java/sample/contact/WebContact.java   |  5 +----
 .../sample/contact/WebContactValidator.java    |  3 +--
 .../sample/contact/ContactManagerTests.java    |  5 +----
 .../UsernameEqualsPasswordLoginModule.java     |  5 +----
 .../taglibs/authz/AccessControlListTag.java    |  9 ---------
 .../taglibs/authz/AuthenticationTag.java       |  6 ------
 .../taglibs/authz/AuthenticationTagTests.java  |  9 ---------
 .../taglibs/authz/AuthorizeTagTests.java       |  6 ------
 .../security/web/AuthenticationEntryPoint.java |  3 ---
 .../security/web/FilterChainProxy.java         | 12 ------------
 .../security/web/FilterInvocation.java         | 11 -----------
 .../security/web/PortMapper.java               |  3 ---
 .../security/web/PortMapperImpl.java           |  9 ---------
 .../security/web/PortResolver.java             |  3 ---
 .../security/web/PortResolverImpl.java         |  6 ------
 .../web/access/AccessDeniedHandler.java        |  3 ---
 .../web/access/AccessDeniedHandlerImpl.java    |  9 ---------
 ...DefaultWebInvocationPrivilegeEvaluator.java | 12 ------------
 .../web/access/ExceptionTranslationFilter.java |  6 ------
 .../channel/AbstractRetryEntryPoint.java       | 11 -----------
 .../access/channel/ChannelDecisionManager.java |  3 ---
 .../channel/ChannelDecisionManagerImpl.java    |  6 ------
 .../web/access/channel/ChannelEntryPoint.java  |  3 ---
 .../channel/ChannelProcessingFilter.java       |  6 ------
 .../web/access/channel/ChannelProcessor.java   |  3 ---
 .../channel/InsecureChannelProcessor.java      |  6 ------
 .../access/channel/SecureChannelProcessor.java |  6 ------
 ...FilterInvocationSecurityMetadataSource.java |  6 ------
 .../intercept/FilterSecurityInterceptor.java   |  9 ---------
 ...AbstractAuthenticationProcessingFilter.java | 12 ------------
 .../AnonymousAuthenticationFilter.java         |  6 ------
 .../LoginUrlAuthenticationEntryPoint.java      |  9 ---------
 .../authentication/NullRememberMeServices.java |  3 ---
 .../web/authentication/RememberMeServices.java |  3 ---
 .../UsernamePasswordAuthenticationFilter.java  |  9 ---------
 .../WebAuthenticationDetails.java              |  9 ---------
 .../WebAuthenticationDetailsSource.java        |  3 ---
 .../authentication/logout/LogoutFilter.java    |  9 ---------
 .../authentication/logout/LogoutHandler.java   |  3 ---
 .../logout/SecurityContextLogoutHandler.java   |  3 ---
 .../x509/SubjectDnX509PrincipalExtractor.java  |  2 --
 .../rememberme/AbstractRememberMeServices.java |  5 -----
 .../rememberme/JdbcTokenRepositoryImpl.java    |  6 ------
 .../RememberMeAuthenticationException.java     |  3 ---
 .../RememberMeAuthenticationFilter.java        |  6 ------
 .../TokenBasedRememberMeServices.java          |  3 ---
 .../SessionFixationProtectionEvent.java        |  9 ---------
 .../AuthenticationSwitchUserEvent.java         |  9 ---------
 .../switchuser/SwitchUserFilter.java           |  9 ---------
 .../switchuser/SwitchUserGrantedAuthority.java |  8 --------
 .../www/BasicAuthenticationEntryPoint.java     |  6 ------
 .../www/BasicAuthenticationFilter.java         |  6 ------
 .../www/DigestAuthenticationEntryPoint.java    |  9 ---------
 .../www/DigestAuthenticationFilter.java        |  9 ---------
 .../www/NonceExpiredException.java             |  3 ---
 .../HttpSessionSecurityContextRepository.java  |  3 ---
 .../web/firewall/RequestRejectedHandler.java   |  3 ---
 .../web/jaasapi/JaasApiIntegrationFilter.java  |  6 ------
 .../web/savedrequest/DefaultSavedRequest.java  | 12 ------------
 .../security/web/savedrequest/Enumerator.java  |  9 ---------
 .../web/savedrequest/FastHttpDateFormat.java   |  6 ------
 .../savedrequest/SavedRequestAwareWrapper.java | 12 ------------
 ...ecurityContextHolderAwareRequestFilter.java |  6 ------
 ...curityContextHolderAwareRequestWrapper.java |  9 ---------
 .../web/session/ConcurrentSessionFilter.java   |  6 ------
 .../web/session/HttpSessionCreatedEvent.java   |  3 ---
 .../web/session/HttpSessionDestroyedEvent.java |  3 ---
 .../web/session/HttpSessionEventPublisher.java |  6 ------
 .../web/session/SessionManagementFilter.java   |  6 ------
 .../security/web/util/UrlUtils.java            |  3 ---
 .../security/MockFilterConfig.java             |  5 -----
 .../security/MockPortResolver.java             |  9 ---------
 .../security/web/FilterInvocationTests.java    |  3 ---
 .../security/web/PortMapperImplTests.java      |  2 --
 .../security/web/PortResolverImplTests.java    |  2 --
 ...ltWebInvocationPrivilegeEvaluatorTests.java |  3 ---
 .../ChannelDecisionManagerImplTests.java       |  5 -----
 .../channel/ChannelProcessingFilterTests.java  |  6 ------
 .../channel/RetryWithHttpEntryPointTests.java  |  2 --
 .../channel/RetryWithHttpsEntryPointTests.java |  2 --
 .../channel/SecureChannelProcessorTests.java   |  2 --
 ...rInvocationSecurityMetadataSourceTests.java |  2 --
 .../FilterSecurityInterceptorTests.java        |  3 ---
 ...actAuthenticationProcessingFilterTests.java |  6 ------
 .../AnonymousAuthenticationFilterTests.java    |  6 ------
 .../LoginUrlAuthenticationEntryPointTests.java |  3 ---
 ...rnamePasswordAuthenticationFilterTests.java |  3 ---
 .../preauth/x509/X509TestUtils.java            |  3 ---
 .../AbstractRememberMeServicesTests.java       |  3 ---
 .../NullRememberMeServicesTests.java           |  2 --
 .../RememberMeAuthenticationFilterTests.java   |  6 ------
 .../TokenBasedRememberMeServicesTests.java     |  3 ---
 .../switchuser/SwitchUserFilterTests.java      |  2 --
 .../www/BasicAuthenticationFilterTests.java    |  6 ------
 .../www/DigestAuthUtilsTests.java              |  5 -----
 .../DigestAuthenticationEntryPointTests.java   |  3 ---
 .../www/DigestAuthenticationFilterTests.java   |  9 ---------
 .../jaasapi/JaasApiIntegrationFilterTests.java |  8 --------
 ...tyContextHolderAwareRequestFilterTests.java |  3 ---
 .../HttpSessionEventPublisherTests.java        |  3 ---
 .../web/session/MockApplicationListener.java   |  6 ------
 406 files changed, 12 insertions(+), 2190 deletions(-)

diff --git a/acl/src/main/java/org/springframework/security/acls/AclEntryVoter.java b/acl/src/main/java/org/springframework/security/acls/AclEntryVoter.java
index 80f38fd296..97c722080e 100644
--- a/acl/src/main/java/org/springframework/security/acls/AclEntryVoter.java
+++ b/acl/src/main/java/org/springframework/security/acls/AclEntryVoter.java
@@ -96,14 +96,8 @@ import org.springframework.util.StringUtils;
  */
 public class AclEntryVoter extends AbstractAclVoter {
 
-	// ~ Static fields/initializers
-	// =====================================================================================
-
 	private static final Log logger = LogFactory.getLog(AclEntryVoter.class);
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private AclService aclService;
 
 	private ObjectIdentityRetrievalStrategy objectIdentityRetrievalStrategy = new ObjectIdentityRetrievalStrategyImpl();
@@ -116,9 +110,6 @@ public class AclEntryVoter extends AbstractAclVoter {
 
 	private List<Permission> requirePermission;
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	public AclEntryVoter(AclService aclService, String processConfigAttribute, Permission[] requirePermission) {
 		Assert.notNull(processConfigAttribute, "A processConfigAttribute is mandatory");
 		Assert.notNull(aclService, "An AclService is mandatory");
@@ -132,9 +123,6 @@ public class AclEntryVoter extends AbstractAclVoter {
 		this.requirePermission = Arrays.asList(requirePermission);
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	/**
 	 * Optionally specifies a method of the domain object that will be used to obtain a
 	 * contained domain object. That contained domain object will be used for the ACL
diff --git a/acl/src/main/java/org/springframework/security/acls/afterinvocation/AbstractAclProvider.java b/acl/src/main/java/org/springframework/security/acls/afterinvocation/AbstractAclProvider.java
index 96956db09b..da4a3464f1 100644
--- a/acl/src/main/java/org/springframework/security/acls/afterinvocation/AbstractAclProvider.java
+++ b/acl/src/main/java/org/springframework/security/acls/afterinvocation/AbstractAclProvider.java
@@ -41,9 +41,6 @@ import org.springframework.util.Assert;
  */
 public abstract class AbstractAclProvider implements AfterInvocationProvider {
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	protected final AclService aclService;
 
 	protected Class<?> processDomainObjectClass = Object.class;
@@ -56,9 +53,6 @@ public abstract class AbstractAclProvider implements AfterInvocationProvider {
 
 	protected final List<Permission> requirePermission;
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	public AbstractAclProvider(AclService aclService, String processConfigAttribute,
 			List<Permission> requirePermission) {
 		Assert.hasText(processConfigAttribute, "A processConfigAttribute is mandatory");
@@ -73,9 +67,6 @@ public abstract class AbstractAclProvider implements AfterInvocationProvider {
 		this.requirePermission = requirePermission;
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	protected Class<?> getProcessDomainObjectClass() {
 		return processDomainObjectClass;
 	}
diff --git a/acl/src/main/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationCollectionFilteringProvider.java b/acl/src/main/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationCollectionFilteringProvider.java
index bf73dc8c70..15c55da2bd 100644
--- a/acl/src/main/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationCollectionFilteringProvider.java
+++ b/acl/src/main/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationCollectionFilteringProvider.java
@@ -62,22 +62,13 @@ import org.springframework.security.core.Authentication;
  */
 public class AclEntryAfterInvocationCollectionFilteringProvider extends AbstractAclProvider {
 
-	// ~ Static fields/initializers
-	// =====================================================================================
-
 	protected static final Log logger = LogFactory.getLog(AclEntryAfterInvocationCollectionFilteringProvider.class);
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	public AclEntryAfterInvocationCollectionFilteringProvider(AclService aclService,
 			List<Permission> requirePermission) {
 		super(aclService, "AFTER_ACL_COLLECTION_READ", requirePermission);
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	@SuppressWarnings("unchecked")
 	public Object decide(Authentication authentication, Object object, Collection<ConfigAttribute> config,
 			Object returnedObject) throws AccessDeniedException {
diff --git a/acl/src/main/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationProvider.java b/acl/src/main/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationProvider.java
index f816868e6d..9d71753665 100644
--- a/acl/src/main/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationProvider.java
+++ b/acl/src/main/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationProvider.java
@@ -60,19 +60,10 @@ import org.springframework.security.core.SpringSecurityMessageSource;
  */
 public class AclEntryAfterInvocationProvider extends AbstractAclProvider implements MessageSourceAware {
 
-	// ~ Static fields/initializers
-	// =====================================================================================
-
 	protected static final Log logger = LogFactory.getLog(AclEntryAfterInvocationProvider.class);
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	public AclEntryAfterInvocationProvider(AclService aclService, List<Permission> requirePermission) {
 		this(aclService, "AFTER_ACL_READ", requirePermission);
 	}
@@ -82,9 +73,6 @@ public class AclEntryAfterInvocationProvider extends AbstractAclProvider impleme
 		super(aclService, processConfigAttribute, requirePermission);
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public Object decide(Authentication authentication, Object object, Collection<ConfigAttribute> config,
 			Object returnedObject) throws AccessDeniedException {
 
diff --git a/acl/src/main/java/org/springframework/security/acls/afterinvocation/ArrayFilterer.java b/acl/src/main/java/org/springframework/security/acls/afterinvocation/ArrayFilterer.java
index ed7e8031a7..c908ef52aa 100644
--- a/acl/src/main/java/org/springframework/security/acls/afterinvocation/ArrayFilterer.java
+++ b/acl/src/main/java/org/springframework/security/acls/afterinvocation/ArrayFilterer.java
@@ -33,21 +33,12 @@ import org.apache.commons.logging.LogFactory;
  */
 class ArrayFilterer<T> implements Filterer<T> {
 
-	// ~ Static fields/initializers
-	// =====================================================================================
-
 	protected static final Log logger = LogFactory.getLog(ArrayFilterer.class);
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private final Set<T> removeList;
 
 	private final T[] list;
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	ArrayFilterer(T[] list) {
 		this.list = list;
 
@@ -57,9 +48,6 @@ class ArrayFilterer<T> implements Filterer<T> {
 		removeList = new HashSet<>();
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	/**
 	 *
 	 * @see org.springframework.security.acls.afterinvocation.Filterer#getFilteredObject()
diff --git a/acl/src/main/java/org/springframework/security/acls/afterinvocation/CollectionFilterer.java b/acl/src/main/java/org/springframework/security/acls/afterinvocation/CollectionFilterer.java
index 9d5fb816d7..0652c9ba73 100644
--- a/acl/src/main/java/org/springframework/security/acls/afterinvocation/CollectionFilterer.java
+++ b/acl/src/main/java/org/springframework/security/acls/afterinvocation/CollectionFilterer.java
@@ -32,21 +32,12 @@ import java.util.Set;
  */
 class CollectionFilterer<T> implements Filterer<T> {
 
-	// ~ Static fields/initializers
-	// =====================================================================================
-
 	protected static final Log logger = LogFactory.getLog(CollectionFilterer.class);
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private final Collection<T> collection;
 
 	private final Set<T> removeList;
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	CollectionFilterer(Collection<T> collection) {
 		this.collection = collection;
 
@@ -60,9 +51,6 @@ class CollectionFilterer<T> implements Filterer<T> {
 		removeList = new HashSet<>();
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	/**
 	 *
 	 * @see org.springframework.security.acls.afterinvocation.Filterer#getFilteredObject()
diff --git a/acl/src/main/java/org/springframework/security/acls/afterinvocation/Filterer.java b/acl/src/main/java/org/springframework/security/acls/afterinvocation/Filterer.java
index 019e206731..8632d426a1 100644
--- a/acl/src/main/java/org/springframework/security/acls/afterinvocation/Filterer.java
+++ b/acl/src/main/java/org/springframework/security/acls/afterinvocation/Filterer.java
@@ -26,9 +26,6 @@ import java.util.Iterator;
  */
 interface Filterer<T> extends Iterable<T> {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	/**
 	 * Gets the filtered collection or array.
 	 * @return the filtered collection or array
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/AbstractPermission.java b/acl/src/main/java/org/springframework/security/acls/domain/AbstractPermission.java
index 9afd5a22c3..ff5d8fd9a9 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/AbstractPermission.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/AbstractPermission.java
@@ -25,15 +25,10 @@ import org.springframework.security.acls.model.Permission;
  */
 public abstract class AbstractPermission implements Permission {
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	protected final char code;
 
 	protected int mask;
 
-	// ~ Constructors
-	// ===================================================================================================
 	/**
 	 * Sets the permission mask and uses the '*' character to represent active bits when
 	 * represented as a bit pattern string.
@@ -55,9 +50,6 @@ public abstract class AbstractPermission implements Permission {
 		this.code = code;
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public final boolean equals(Object arg0) {
 		if (arg0 == null) {
 			return false;
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/AccessControlEntryImpl.java b/acl/src/main/java/org/springframework/security/acls/domain/AccessControlEntryImpl.java
index c6702efa94..995a04b375 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/AccessControlEntryImpl.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/AccessControlEntryImpl.java
@@ -32,9 +32,6 @@ import java.io.Serializable;
  */
 public class AccessControlEntryImpl implements AccessControlEntry, AuditableAccessControlEntry {
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private final Acl acl;
 
 	private Permission permission;
@@ -49,9 +46,6 @@ public class AccessControlEntryImpl implements AccessControlEntry, AuditableAcce
 
 	private final boolean granting;
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	public AccessControlEntryImpl(Serializable id, Acl acl, Sid sid, Permission permission, boolean granting,
 			boolean auditSuccess, boolean auditFailure) {
 		Assert.notNull(acl, "Acl required");
@@ -66,9 +60,6 @@ public class AccessControlEntryImpl implements AccessControlEntry, AuditableAcce
 		this.auditFailure = auditFailure;
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	@Override
 	public boolean equals(Object arg0) {
 		if (!(arg0 instanceof AccessControlEntryImpl)) {
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/AclAuthorizationStrategy.java b/acl/src/main/java/org/springframework/security/acls/domain/AclAuthorizationStrategy.java
index 5c94ab46cc..fa243b0fcf 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/AclAuthorizationStrategy.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/AclAuthorizationStrategy.java
@@ -26,18 +26,12 @@ import org.springframework.security.acls.model.Acl;
  */
 public interface AclAuthorizationStrategy {
 
-	// ~ Static fields/initializers
-	// =====================================================================================
-
 	int CHANGE_OWNERSHIP = 0;
 
 	int CHANGE_AUDITING = 1;
 
 	int CHANGE_GENERAL = 2;
 
-	// ~ Methods
-	// ========================================================================================================
-
 	void securityCheck(Acl acl, int changeType);
 
 }
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/AclAuthorizationStrategyImpl.java b/acl/src/main/java/org/springframework/security/acls/domain/AclAuthorizationStrategyImpl.java
index 2ad9004121..e899245736 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/AclAuthorizationStrategyImpl.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/AclAuthorizationStrategyImpl.java
@@ -46,9 +46,6 @@ import java.util.Set;
  */
 public class AclAuthorizationStrategyImpl implements AclAuthorizationStrategy {
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private final GrantedAuthority gaGeneralChanges;
 
 	private final GrantedAuthority gaModifyAuditing;
@@ -57,9 +54,6 @@ public class AclAuthorizationStrategyImpl implements AclAuthorizationStrategy {
 
 	private SidRetrievalStrategy sidRetrievalStrategy = new SidRetrievalStrategyImpl();
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	/**
 	 * Constructor. The only mandatory parameter relates to the system-wide
 	 * {@link GrantedAuthority} instances that can be held to always permit ACL changes.
@@ -83,9 +77,6 @@ public class AclAuthorizationStrategyImpl implements AclAuthorizationStrategy {
 		}
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public void securityCheck(Acl acl, int changeType) {
 		if ((SecurityContextHolder.getContext() == null)
 				|| (SecurityContextHolder.getContext().getAuthentication() == null)
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/AclImpl.java b/acl/src/main/java/org/springframework/security/acls/domain/AclImpl.java
index c5860b233a..a5493ca43d 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/AclImpl.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/AclImpl.java
@@ -39,9 +39,6 @@ import org.springframework.util.Assert;
  */
 public class AclImpl implements Acl, MutableAcl, AuditableAcl, OwnershipAcl {
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private Acl parentAcl;
 
 	private transient AclAuthorizationStrategy aclAuthorizationStrategy;
@@ -61,9 +58,6 @@ public class AclImpl implements Acl, MutableAcl, AuditableAcl, OwnershipAcl {
 
 	private boolean entriesInheriting = true;
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	/**
 	 * Minimal constructor, which should be used
 	 * {@link org.springframework.security.acls.model.MutableAclService#createAcl(ObjectIdentity)}
@@ -125,9 +119,6 @@ public class AclImpl implements Acl, MutableAcl, AuditableAcl, OwnershipAcl {
 	private AclImpl() {
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	@Override
 	public void deleteAce(int aceIndex) throws NotFoundException {
 		aclAuthorizationStrategy.securityCheck(this, AclAuthorizationStrategy.CHANGE_GENERAL);
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/AuditLogger.java b/acl/src/main/java/org/springframework/security/acls/domain/AuditLogger.java
index 4c08537e07..2caf8fceb1 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/AuditLogger.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/AuditLogger.java
@@ -25,9 +25,6 @@ import org.springframework.security.acls.model.AccessControlEntry;
  */
 public interface AuditLogger {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	void logIfNeeded(boolean granted, AccessControlEntry ace);
 
 }
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/ConsoleAuditLogger.java b/acl/src/main/java/org/springframework/security/acls/domain/ConsoleAuditLogger.java
index f4eaaeb8da..b205b3b10f 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/ConsoleAuditLogger.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/ConsoleAuditLogger.java
@@ -27,9 +27,6 @@ import org.springframework.util.Assert;
  */
 public class ConsoleAuditLogger implements AuditLogger {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public void logIfNeeded(boolean granted, AccessControlEntry ace) {
 		Assert.notNull(ace, "AccessControlEntry required");
 
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/EhCacheBasedAclCache.java b/acl/src/main/java/org/springframework/security/acls/domain/EhCacheBasedAclCache.java
index 2d5a3cb779..2091760b3a 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/EhCacheBasedAclCache.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/EhCacheBasedAclCache.java
@@ -39,18 +39,12 @@ import org.springframework.util.Assert;
  */
 public class EhCacheBasedAclCache implements AclCache {
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private final Ehcache cache;
 
 	private PermissionGrantingStrategy permissionGrantingStrategy;
 
 	private AclAuthorizationStrategy aclAuthorizationStrategy;
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	public EhCacheBasedAclCache(Ehcache cache, PermissionGrantingStrategy permissionGrantingStrategy,
 			AclAuthorizationStrategy aclAuthorizationStrategy) {
 		Assert.notNull(cache, "Cache required");
@@ -61,9 +55,6 @@ public class EhCacheBasedAclCache implements AclCache {
 		this.aclAuthorizationStrategy = aclAuthorizationStrategy;
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public void evictFromCache(Serializable pk) {
 		Assert.notNull(pk, "Primary key (identifier) required");
 
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/GrantedAuthoritySid.java b/acl/src/main/java/org/springframework/security/acls/domain/GrantedAuthoritySid.java
index 16155f03ee..692351904f 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/GrantedAuthoritySid.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/GrantedAuthoritySid.java
@@ -32,14 +32,8 @@ import org.springframework.util.Assert;
  */
 public class GrantedAuthoritySid implements Sid {
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private final String grantedAuthority;
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	public GrantedAuthoritySid(String grantedAuthority) {
 		Assert.hasText(grantedAuthority, "GrantedAuthority required");
 		this.grantedAuthority = grantedAuthority;
@@ -52,9 +46,6 @@ public class GrantedAuthoritySid implements Sid {
 		this.grantedAuthority = grantedAuthority.getAuthority();
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	@Override
 	public boolean equals(Object object) {
 		if ((object == null) || !(object instanceof GrantedAuthoritySid)) {
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/IdentityUnavailableException.java b/acl/src/main/java/org/springframework/security/acls/domain/IdentityUnavailableException.java
index 9b1f2dc933..872b36bbf1 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/IdentityUnavailableException.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/IdentityUnavailableException.java
@@ -22,9 +22,6 @@ package org.springframework.security.acls.domain;
  */
 public class IdentityUnavailableException extends RuntimeException {
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	/**
 	 * Constructs an <code>IdentityUnavailableException</code> with the specified message.
 	 * @param msg the detail message
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/ObjectIdentityImpl.java b/acl/src/main/java/org/springframework/security/acls/domain/ObjectIdentityImpl.java
index 249a8b37ce..bfc975f355 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/ObjectIdentityImpl.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/ObjectIdentityImpl.java
@@ -32,16 +32,10 @@ import org.springframework.util.ClassUtils;
  */
 public class ObjectIdentityImpl implements ObjectIdentity {
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private final String type;
 
 	private Serializable identifier;
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	public ObjectIdentityImpl(String type, Serializable identifier) {
 		Assert.hasText(type, "Type required");
 		Assert.notNull(identifier, "identifier required");
@@ -92,9 +86,6 @@ public class ObjectIdentityImpl implements ObjectIdentity {
 		this.identifier = (Serializable) result;
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	/**
 	 * Important so caching operates properly.
 	 * <p>
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/ObjectIdentityRetrievalStrategyImpl.java b/acl/src/main/java/org/springframework/security/acls/domain/ObjectIdentityRetrievalStrategyImpl.java
index a789719b94..252a9334a9 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/ObjectIdentityRetrievalStrategyImpl.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/ObjectIdentityRetrievalStrategyImpl.java
@@ -31,9 +31,6 @@ import org.springframework.security.acls.model.ObjectIdentityRetrievalStrategy;
  */
 public class ObjectIdentityRetrievalStrategyImpl implements ObjectIdentityRetrievalStrategy, ObjectIdentityGenerator {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public ObjectIdentity getObjectIdentity(Object domainObject) {
 		return new ObjectIdentityImpl(domainObject);
 	}
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/PrincipalSid.java b/acl/src/main/java/org/springframework/security/acls/domain/PrincipalSid.java
index 5f89653a1d..59e1b64840 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/PrincipalSid.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/PrincipalSid.java
@@ -32,14 +32,8 @@ import org.springframework.util.Assert;
  */
 public class PrincipalSid implements Sid {
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private final String principal;
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	public PrincipalSid(String principal) {
 		Assert.hasText(principal, "Principal required");
 		this.principal = principal;
@@ -52,9 +46,6 @@ public class PrincipalSid implements Sid {
 		this.principal = authentication.getName();
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	@Override
 	public boolean equals(Object object) {
 		if ((object == null) || !(object instanceof PrincipalSid)) {
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/SidRetrievalStrategyImpl.java b/acl/src/main/java/org/springframework/security/acls/domain/SidRetrievalStrategyImpl.java
index d5611c505b..10df1af2d0 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/SidRetrievalStrategyImpl.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/SidRetrievalStrategyImpl.java
@@ -51,9 +51,6 @@ public class SidRetrievalStrategyImpl implements SidRetrievalStrategy {
 		this.roleHierarchy = roleHierarchy;
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public List<Sid> getSids(Authentication authentication) {
 		Collection<? extends GrantedAuthority> authorities = roleHierarchy
 				.getReachableGrantedAuthorities(authentication.getAuthorities());
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/SpringCacheBasedAclCache.java b/acl/src/main/java/org/springframework/security/acls/domain/SpringCacheBasedAclCache.java
index d14c3c85f5..6619077c8c 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/SpringCacheBasedAclCache.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/SpringCacheBasedAclCache.java
@@ -40,18 +40,12 @@ import java.io.Serializable;
  */
 public class SpringCacheBasedAclCache implements AclCache {
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private final Cache cache;
 
 	private PermissionGrantingStrategy permissionGrantingStrategy;
 
 	private AclAuthorizationStrategy aclAuthorizationStrategy;
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	public SpringCacheBasedAclCache(Cache cache, PermissionGrantingStrategy permissionGrantingStrategy,
 			AclAuthorizationStrategy aclAuthorizationStrategy) {
 		Assert.notNull(cache, "Cache required");
@@ -62,9 +56,6 @@ public class SpringCacheBasedAclCache implements AclCache {
 		this.aclAuthorizationStrategy = aclAuthorizationStrategy;
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public void evictFromCache(Serializable pk) {
 		Assert.notNull(pk, "Primary key (identifier) required");
 
diff --git a/acl/src/main/java/org/springframework/security/acls/jdbc/BasicLookupStrategy.java b/acl/src/main/java/org/springframework/security/acls/jdbc/BasicLookupStrategy.java
index 6cad36f01a..326b2f2c76 100644
--- a/acl/src/main/java/org/springframework/security/acls/jdbc/BasicLookupStrategy.java
+++ b/acl/src/main/java/org/springframework/security/acls/jdbc/BasicLookupStrategy.java
@@ -105,9 +105,6 @@ public class BasicLookupStrategy implements LookupStrategy {
 	public final static String DEFAULT_ORDER_BY_CLAUSE = ") order by acl_object_identity.object_id_identity"
 			+ " asc, acl_entry.ace_order asc";
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private final AclAuthorizationStrategy aclAuthorizationStrategy;
 
 	private PermissionFactory permissionFactory = new DefaultPermissionFactory();
@@ -135,9 +132,6 @@ public class BasicLookupStrategy implements LookupStrategy {
 
 	private AclClassIdUtils aclClassIdUtils;
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	/**
 	 * Constructor accepting mandatory arguments
 	 * @param dataSource to access the database
@@ -171,9 +165,6 @@ public class BasicLookupStrategy implements LookupStrategy {
 		fieldAcl.setAccessible(true);
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	private String computeRepeatingSql(String repeatingSql, int requiredRepetitions) {
 		assert requiredRepetitions > 0 : "requiredRepetitions must be > 0";
 
@@ -530,9 +521,6 @@ public class BasicLookupStrategy implements LookupStrategy {
 		this.aclClassIdUtils = new AclClassIdUtils(conversionService);
 	}
 
-	// ~ Inner Classes
-	// ==================================================================================================
-
 	private class ProcessResultSet implements ResultSetExtractor<Set<Long>> {
 
 		private final Map<Serializable, Acl> acls;
diff --git a/acl/src/main/java/org/springframework/security/acls/jdbc/JdbcAclService.java b/acl/src/main/java/org/springframework/security/acls/jdbc/JdbcAclService.java
index 2286bac911..8c531e353b 100644
--- a/acl/src/main/java/org/springframework/security/acls/jdbc/JdbcAclService.java
+++ b/acl/src/main/java/org/springframework/security/acls/jdbc/JdbcAclService.java
@@ -46,9 +46,6 @@ import org.springframework.util.Assert;
  */
 public class JdbcAclService implements AclService {
 
-	// ~ Static fields/initializers
-	// =====================================================================================
-
 	protected static final Log log = LogFactory.getLog(JdbcAclService.class);
 
 	private static final String DEFAULT_SELECT_ACL_CLASS_COLUMNS = "class.class as class";
@@ -70,9 +67,6 @@ public class JdbcAclService implements AclService {
 			+ "and parent.object_id_identity = ? and parent.object_id_class = ("
 			+ "select id FROM acl_class where acl_class.class = ?)";
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	protected final JdbcOperations jdbcOperations;
 
 	private final LookupStrategy lookupStrategy;
@@ -83,9 +77,6 @@ public class JdbcAclService implements AclService {
 
 	private AclClassIdUtils aclClassIdUtils;
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	public JdbcAclService(DataSource dataSource, LookupStrategy lookupStrategy) {
 		this(new JdbcTemplate(dataSource), lookupStrategy);
 	}
@@ -98,9 +89,6 @@ public class JdbcAclService implements AclService {
 		this.aclClassIdUtils = new AclClassIdUtils();
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public List<ObjectIdentity> findChildren(ObjectIdentity parentIdentity) {
 		Object[] args = { parentIdentity.getIdentifier().toString(), parentIdentity.getType() };
 		List<ObjectIdentity> objects = jdbcOperations.query(findChildrenSql, args, (rs, rowNum) -> {
diff --git a/acl/src/main/java/org/springframework/security/acls/jdbc/JdbcMutableAclService.java b/acl/src/main/java/org/springframework/security/acls/jdbc/JdbcMutableAclService.java
index 3654dc7f3f..88271c7ec1 100644
--- a/acl/src/main/java/org/springframework/security/acls/jdbc/JdbcMutableAclService.java
+++ b/acl/src/main/java/org/springframework/security/acls/jdbc/JdbcMutableAclService.java
@@ -63,9 +63,6 @@ public class JdbcMutableAclService extends JdbcAclService implements MutableAclS
 
 	private static final String DEFAULT_INSERT_INTO_ACL_CLASS_WITH_ID = "insert into acl_class (class, class_id_type) values (?, ?)";
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private boolean foreignKeysInDatabase = true;
 
 	private final AclCache aclCache;
@@ -100,18 +97,12 @@ public class JdbcMutableAclService extends JdbcAclService implements MutableAclS
 	private String updateObjectIdentity = "update acl_object_identity set "
 			+ "parent_object = ?, owner_sid = ?, entries_inheriting = ?" + " where id = ?";
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	public JdbcMutableAclService(DataSource dataSource, LookupStrategy lookupStrategy, AclCache aclCache) {
 		super(dataSource, lookupStrategy);
 		Assert.notNull(aclCache, "AclCache required");
 		this.aclCache = aclCache;
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public MutableAcl createAcl(ObjectIdentity objectIdentity) throws AlreadyExistsException {
 		Assert.notNull(objectIdentity, "Object Identity required");
 
diff --git a/acl/src/main/java/org/springframework/security/acls/jdbc/LookupStrategy.java b/acl/src/main/java/org/springframework/security/acls/jdbc/LookupStrategy.java
index 98243dda75..592bf4f38b 100644
--- a/acl/src/main/java/org/springframework/security/acls/jdbc/LookupStrategy.java
+++ b/acl/src/main/java/org/springframework/security/acls/jdbc/LookupStrategy.java
@@ -30,9 +30,6 @@ import java.util.Map;
  */
 public interface LookupStrategy {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	/**
 	 * Perform database-specific optimized lookup.
 	 * @param objects the identities to lookup (required)
diff --git a/acl/src/main/java/org/springframework/security/acls/model/AccessControlEntry.java b/acl/src/main/java/org/springframework/security/acls/model/AccessControlEntry.java
index b0241f0b78..bc65718372 100644
--- a/acl/src/main/java/org/springframework/security/acls/model/AccessControlEntry.java
+++ b/acl/src/main/java/org/springframework/security/acls/model/AccessControlEntry.java
@@ -30,9 +30,6 @@ import java.io.Serializable;
  */
 public interface AccessControlEntry extends Serializable {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	Acl getAcl();
 
 	/**
diff --git a/acl/src/main/java/org/springframework/security/acls/model/AclCache.java b/acl/src/main/java/org/springframework/security/acls/model/AclCache.java
index 85df6e14ea..d2dd0a33d4 100644
--- a/acl/src/main/java/org/springframework/security/acls/model/AclCache.java
+++ b/acl/src/main/java/org/springframework/security/acls/model/AclCache.java
@@ -27,9 +27,6 @@ import java.io.Serializable;
  */
 public interface AclCache {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	void evictFromCache(Serializable pk);
 
 	void evictFromCache(ObjectIdentity objectIdentity);
diff --git a/acl/src/main/java/org/springframework/security/acls/model/AclService.java b/acl/src/main/java/org/springframework/security/acls/model/AclService.java
index b0df3f0cd8..2220f04fbb 100644
--- a/acl/src/main/java/org/springframework/security/acls/model/AclService.java
+++ b/acl/src/main/java/org/springframework/security/acls/model/AclService.java
@@ -25,9 +25,6 @@ import java.util.Map;
  */
 public interface AclService {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	/**
 	 * Locates all object identities that use the specified parent. This is useful for
 	 * administration tools.
diff --git a/acl/src/main/java/org/springframework/security/acls/model/AlreadyExistsException.java b/acl/src/main/java/org/springframework/security/acls/model/AlreadyExistsException.java
index d0d7818e60..1646f53e0b 100644
--- a/acl/src/main/java/org/springframework/security/acls/model/AlreadyExistsException.java
+++ b/acl/src/main/java/org/springframework/security/acls/model/AlreadyExistsException.java
@@ -22,9 +22,6 @@ package org.springframework.security.acls.model;
  */
 public class AlreadyExistsException extends AclDataAccessException {
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	/**
 	 * Constructs an <code>AlreadyExistsException</code> with the specified message.
 	 * @param msg the detail message
diff --git a/acl/src/main/java/org/springframework/security/acls/model/AuditableAccessControlEntry.java b/acl/src/main/java/org/springframework/security/acls/model/AuditableAccessControlEntry.java
index 1790e38276..2f541427e0 100644
--- a/acl/src/main/java/org/springframework/security/acls/model/AuditableAccessControlEntry.java
+++ b/acl/src/main/java/org/springframework/security/acls/model/AuditableAccessControlEntry.java
@@ -23,9 +23,6 @@ package org.springframework.security.acls.model;
  */
 public interface AuditableAccessControlEntry extends AccessControlEntry {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	boolean isAuditFailure();
 
 	boolean isAuditSuccess();
diff --git a/acl/src/main/java/org/springframework/security/acls/model/AuditableAcl.java b/acl/src/main/java/org/springframework/security/acls/model/AuditableAcl.java
index 9311aac46e..19e224afc0 100644
--- a/acl/src/main/java/org/springframework/security/acls/model/AuditableAcl.java
+++ b/acl/src/main/java/org/springframework/security/acls/model/AuditableAcl.java
@@ -23,9 +23,6 @@ package org.springframework.security.acls.model;
  */
 public interface AuditableAcl extends MutableAcl {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	void updateAuditing(int aceIndex, boolean auditSuccess, boolean auditFailure);
 
 }
diff --git a/acl/src/main/java/org/springframework/security/acls/model/ChildrenExistException.java b/acl/src/main/java/org/springframework/security/acls/model/ChildrenExistException.java
index d127e8523f..679112393c 100644
--- a/acl/src/main/java/org/springframework/security/acls/model/ChildrenExistException.java
+++ b/acl/src/main/java/org/springframework/security/acls/model/ChildrenExistException.java
@@ -22,9 +22,6 @@ package org.springframework.security.acls.model;
  */
 public class ChildrenExistException extends AclDataAccessException {
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	/**
 	 * Constructs an <code>ChildrenExistException</code> with the specified message.
 	 * @param msg the detail message
diff --git a/acl/src/main/java/org/springframework/security/acls/model/MutableAcl.java b/acl/src/main/java/org/springframework/security/acls/model/MutableAcl.java
index 717824b513..0b813a67ba 100644
--- a/acl/src/main/java/org/springframework/security/acls/model/MutableAcl.java
+++ b/acl/src/main/java/org/springframework/security/acls/model/MutableAcl.java
@@ -27,9 +27,6 @@ import java.io.Serializable;
  */
 public interface MutableAcl extends Acl {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	void deleteAce(int aceIndex) throws NotFoundException;
 
 	/**
diff --git a/acl/src/main/java/org/springframework/security/acls/model/MutableAclService.java b/acl/src/main/java/org/springframework/security/acls/model/MutableAclService.java
index 0c1536529a..6892f91f53 100644
--- a/acl/src/main/java/org/springframework/security/acls/model/MutableAclService.java
+++ b/acl/src/main/java/org/springframework/security/acls/model/MutableAclService.java
@@ -22,9 +22,6 @@ package org.springframework.security.acls.model;
  */
 public interface MutableAclService extends AclService {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	/**
 	 * Creates an empty <code>Acl</code> object in the database. It will have no entries.
 	 * The returned object will then be used to add entries.
diff --git a/acl/src/main/java/org/springframework/security/acls/model/NotFoundException.java b/acl/src/main/java/org/springframework/security/acls/model/NotFoundException.java
index 7e1450dedf..a77e252126 100644
--- a/acl/src/main/java/org/springframework/security/acls/model/NotFoundException.java
+++ b/acl/src/main/java/org/springframework/security/acls/model/NotFoundException.java
@@ -22,9 +22,6 @@ package org.springframework.security.acls.model;
  */
 public class NotFoundException extends AclDataAccessException {
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	/**
 	 * Constructs an <code>NotFoundException</code> with the specified message.
 	 * @param msg the detail message
diff --git a/acl/src/main/java/org/springframework/security/acls/model/ObjectIdentity.java b/acl/src/main/java/org/springframework/security/acls/model/ObjectIdentity.java
index 5e5d9d8e37..dc940a337a 100644
--- a/acl/src/main/java/org/springframework/security/acls/model/ObjectIdentity.java
+++ b/acl/src/main/java/org/springframework/security/acls/model/ObjectIdentity.java
@@ -33,9 +33,6 @@ import java.io.Serializable;
  */
 public interface ObjectIdentity extends Serializable {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	/**
 	 * @param obj to be compared
 	 * @return <tt>true</tt> if the objects are equal, <tt>false</tt> otherwise
diff --git a/acl/src/main/java/org/springframework/security/acls/model/ObjectIdentityRetrievalStrategy.java b/acl/src/main/java/org/springframework/security/acls/model/ObjectIdentityRetrievalStrategy.java
index da817471b1..f39c58fe2e 100644
--- a/acl/src/main/java/org/springframework/security/acls/model/ObjectIdentityRetrievalStrategy.java
+++ b/acl/src/main/java/org/springframework/security/acls/model/ObjectIdentityRetrievalStrategy.java
@@ -25,9 +25,6 @@ package org.springframework.security.acls.model;
  */
 public interface ObjectIdentityRetrievalStrategy {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	ObjectIdentity getObjectIdentity(Object domainObject);
 
 }
diff --git a/acl/src/main/java/org/springframework/security/acls/model/OwnershipAcl.java b/acl/src/main/java/org/springframework/security/acls/model/OwnershipAcl.java
index 856bd2f3b4..1d6932a110 100644
--- a/acl/src/main/java/org/springframework/security/acls/model/OwnershipAcl.java
+++ b/acl/src/main/java/org/springframework/security/acls/model/OwnershipAcl.java
@@ -26,9 +26,6 @@ package org.springframework.security.acls.model;
  */
 public interface OwnershipAcl extends MutableAcl {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	void setOwner(Sid newOwner);
 
 }
diff --git a/acl/src/main/java/org/springframework/security/acls/model/Permission.java b/acl/src/main/java/org/springframework/security/acls/model/Permission.java
index ea44686f29..5e75764942 100644
--- a/acl/src/main/java/org/springframework/security/acls/model/Permission.java
+++ b/acl/src/main/java/org/springframework/security/acls/model/Permission.java
@@ -24,18 +24,12 @@ import java.io.Serializable;
  */
 public interface Permission extends Serializable {
 
-	// ~ Static fields/initializers
-	// =====================================================================================
-
 	char RESERVED_ON = '~';
 
 	char RESERVED_OFF = '.';
 
 	String THIRTY_TWO_RESERVED_OFF = "................................";
 
-	// ~ Methods
-	// ========================================================================================================
-
 	/**
 	 * Returns the bits that represents the permission.
 	 * @return the bits that represent the permission
diff --git a/acl/src/main/java/org/springframework/security/acls/model/Sid.java b/acl/src/main/java/org/springframework/security/acls/model/Sid.java
index 4ced8b26f7..6f3e0e3aab 100644
--- a/acl/src/main/java/org/springframework/security/acls/model/Sid.java
+++ b/acl/src/main/java/org/springframework/security/acls/model/Sid.java
@@ -32,9 +32,6 @@ import java.io.Serializable;
  */
 public interface Sid extends Serializable {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	/**
 	 * Refer to the <code>java.lang.Object</code> documentation for the interface
 	 * contract.
diff --git a/acl/src/main/java/org/springframework/security/acls/model/SidRetrievalStrategy.java b/acl/src/main/java/org/springframework/security/acls/model/SidRetrievalStrategy.java
index 24397ea1cc..42694840d3 100644
--- a/acl/src/main/java/org/springframework/security/acls/model/SidRetrievalStrategy.java
+++ b/acl/src/main/java/org/springframework/security/acls/model/SidRetrievalStrategy.java
@@ -28,9 +28,6 @@ import org.springframework.security.core.Authentication;
  */
 public interface SidRetrievalStrategy {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	List<Sid> getSids(Authentication authentication);
 
 }
diff --git a/acl/src/main/java/org/springframework/security/acls/model/UnloadedSidException.java b/acl/src/main/java/org/springframework/security/acls/model/UnloadedSidException.java
index f48b60e11b..68f68b6c42 100644
--- a/acl/src/main/java/org/springframework/security/acls/model/UnloadedSidException.java
+++ b/acl/src/main/java/org/springframework/security/acls/model/UnloadedSidException.java
@@ -24,9 +24,6 @@ package org.springframework.security.acls.model;
  */
 public class UnloadedSidException extends AclDataAccessException {
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	/**
 	 * Constructs an <code>NotFoundException</code> with the specified message.
 	 * @param msg the detail message
diff --git a/acl/src/test/java/org/springframework/security/acls/AclFormattingUtilsTests.java b/acl/src/test/java/org/springframework/security/acls/AclFormattingUtilsTests.java
index 87fcd2e0e9..474e6db55c 100644
--- a/acl/src/test/java/org/springframework/security/acls/AclFormattingUtilsTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/AclFormattingUtilsTests.java
@@ -29,8 +29,6 @@ import org.springframework.security.acls.model.Permission;
  */
 public class AclFormattingUtilsTests {
 
-	// ~ Methods
-	// ========================================================================================================
 	@Test
 	public final void testDemergePatternsParametersConstraints() {
 		try {
diff --git a/acl/src/test/java/org/springframework/security/acls/domain/AccessControlImplEntryTests.java b/acl/src/test/java/org/springframework/security/acls/domain/AccessControlImplEntryTests.java
index 0def085888..50d861a6c0 100644
--- a/acl/src/test/java/org/springframework/security/acls/domain/AccessControlImplEntryTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/domain/AccessControlImplEntryTests.java
@@ -32,9 +32,6 @@ import org.springframework.security.acls.model.Sid;
  */
 public class AccessControlImplEntryTests {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	@Test
 	public void testConstructorRequiredFields() {
 		// Check Acl field is present
diff --git a/acl/src/test/java/org/springframework/security/acls/domain/AclImplTests.java b/acl/src/test/java/org/springframework/security/acls/domain/AclImplTests.java
index fddbe66610..56e177e5ed 100644
--- a/acl/src/test/java/org/springframework/security/acls/domain/AclImplTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/domain/AclImplTests.java
@@ -62,9 +62,6 @@ public class AclImplTests {
 
 	private DefaultPermissionFactory permissionFactory;
 
-	// ~ Methods
-	// ========================================================================================================
-
 	@Before
 	public void setUp() {
 		SecurityContextHolder.getContext().setAuthentication(auth);
@@ -540,9 +537,6 @@ public class AclImplTests {
 		ace.hashCode();
 	}
 
-	// ~ Inner Classes
-	// ==================================================================================================
-
 	private static class MaskPermissionGrantingStrategy extends DefaultPermissionGrantingStrategy {
 
 		MaskPermissionGrantingStrategy(AuditLogger auditLogger) {
diff --git a/acl/src/test/java/org/springframework/security/acls/domain/AclImplementationSecurityCheckTests.java b/acl/src/test/java/org/springframework/security/acls/domain/AclImplementationSecurityCheckTests.java
index a20536c691..ad4c88035c 100644
--- a/acl/src/test/java/org/springframework/security/acls/domain/AclImplementationSecurityCheckTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/domain/AclImplementationSecurityCheckTests.java
@@ -38,9 +38,6 @@ public class AclImplementationSecurityCheckTests {
 
 	private static final String TARGET_CLASS = "org.springframework.security.acls.TargetObject";
 
-	// ~ Methods
-	// ========================================================================================================
-
 	@Before
 	public void setUp() {
 		SecurityContextHolder.clearContext();
diff --git a/acl/src/test/java/org/springframework/security/acls/domain/AuditLoggerTests.java b/acl/src/test/java/org/springframework/security/acls/domain/AuditLoggerTests.java
index 3cd3daba23..3d7a40d220 100644
--- a/acl/src/test/java/org/springframework/security/acls/domain/AuditLoggerTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/domain/AuditLoggerTests.java
@@ -34,8 +34,6 @@ import org.springframework.security.acls.model.AuditableAccessControlEntry;
  */
 public class AuditLoggerTests {
 
-	// ~ Instance fields
-	// ================================================================================================
 	private PrintStream console;
 
 	private ByteArrayOutputStream bytes = new ByteArrayOutputStream();
@@ -44,9 +42,6 @@ public class AuditLoggerTests {
 
 	private AuditableAccessControlEntry ace;
 
-	// ~ Methods
-	// ========================================================================================================
-
 	@Before
 	public void setUp() {
 		logger = new ConsoleAuditLogger();
diff --git a/acl/src/test/java/org/springframework/security/acls/domain/ObjectIdentityImplTests.java b/acl/src/test/java/org/springframework/security/acls/domain/ObjectIdentityImplTests.java
index a66c933441..3d894eb24d 100644
--- a/acl/src/test/java/org/springframework/security/acls/domain/ObjectIdentityImplTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/domain/ObjectIdentityImplTests.java
@@ -32,9 +32,6 @@ public class ObjectIdentityImplTests {
 
 	private static final String DOMAIN_CLASS = "org.springframework.security.acls.domain.ObjectIdentityImplTests$MockIdDomainObject";
 
-	// ~ Methods
-	// ========================================================================================================
-
 	@Test
 	public void constructorsRespectRequiredFields() {
 		// Check one-argument constructor required field
@@ -177,9 +174,6 @@ public class ObjectIdentityImplTests {
 		assertThat(obj).isNotEqualTo(obj2);
 	}
 
-	// ~ Inner Classes
-	// ==================================================================================================
-
 	private class MockIdDomainObject {
 
 		private Object id;
diff --git a/acl/src/test/java/org/springframework/security/acls/domain/ObjectIdentityRetrievalStrategyImplTests.java b/acl/src/test/java/org/springframework/security/acls/domain/ObjectIdentityRetrievalStrategyImplTests.java
index 7164690017..4f3af00026 100644
--- a/acl/src/test/java/org/springframework/security/acls/domain/ObjectIdentityRetrievalStrategyImplTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/domain/ObjectIdentityRetrievalStrategyImplTests.java
@@ -28,8 +28,6 @@ import org.springframework.security.acls.model.ObjectIdentityRetrievalStrategy;
  */
 public class ObjectIdentityRetrievalStrategyImplTests {
 
-	// ~ Methods
-	// ========================================================================================================
 	@Test
 	public void testObjectIdentityCreation() {
 		MockIdDomainObject domain = new MockIdDomainObject();
@@ -42,8 +40,6 @@ public class ObjectIdentityRetrievalStrategyImplTests {
 		assertThat(new ObjectIdentityImpl(domain)).isEqualTo(identity);
 	}
 
-	// ~ Inner Classes
-	// ==================================================================================================
 	@SuppressWarnings("unused")
 	private class MockIdDomainObject {
 
diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/AbstractBasicLookupStrategyTests.java b/acl/src/test/java/org/springframework/security/acls/jdbc/AbstractBasicLookupStrategyTests.java
index 7c95c5dfbf..5ed871af84 100644
--- a/acl/src/test/java/org/springframework/security/acls/jdbc/AbstractBasicLookupStrategyTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/jdbc/AbstractBasicLookupStrategyTests.java
@@ -56,16 +56,10 @@ public abstract class AbstractBasicLookupStrategyTests {
 
 	protected static final Long OBJECT_IDENTITY_LONG_AS_UUID = 110L;
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private BasicLookupStrategy strategy;
 
 	private static CacheManager cacheManager;
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public abstract JdbcTemplate getJdbcTemplate();
 
 	public abstract DataSource getDataSource();
diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/DatabaseSeeder.java b/acl/src/test/java/org/springframework/security/acls/jdbc/DatabaseSeeder.java
index 4533e58966..37ae9eb3d9 100644
--- a/acl/src/test/java/org/springframework/security/acls/jdbc/DatabaseSeeder.java
+++ b/acl/src/test/java/org/springframework/security/acls/jdbc/DatabaseSeeder.java
@@ -33,9 +33,6 @@ import javax.sql.DataSource;
  */
 public class DatabaseSeeder {
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	public DatabaseSeeder(DataSource dataSource, Resource resource) throws IOException {
 		Assert.notNull(dataSource, "dataSource required");
 		Assert.notNull(resource, "resource required");
diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcAclServiceTests.java b/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcAclServiceTests.java
index 2ce64f73c2..1445c35aa4 100644
--- a/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcAclServiceTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcAclServiceTests.java
@@ -112,9 +112,6 @@ public class JdbcAclServiceTests {
 		assertThat(objectIdentities).isNull();
 	}
 
-	// ~ Some integration tests
-	// ========================================================================================================
-
 	@Test
 	public void findChildrenWithoutIdType() {
 		ObjectIdentity objectIdentity = new ObjectIdentityImpl(MockLongIdDomainObject.class, 4711L);
diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTests.java b/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTests.java
index 0d80c92051..af6adccc34 100644
--- a/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTests.java
@@ -64,18 +64,12 @@ import org.springframework.transaction.annotation.Transactional;
 @ContextConfiguration(locations = { "/jdbcMutableAclServiceTests-context.xml" })
 public class JdbcMutableAclServiceTests extends AbstractTransactionalJUnit4SpringContextTests {
 
-	// ~ Constant fields
-	// ================================================================================================
-
 	private static final String TARGET_CLASS = TargetObject.class.getName();
 
 	private final Authentication auth = new TestingAuthenticationToken("ben", "ignored", "ROLE_ADMINISTRATOR");
 
 	public static final String SELECT_ALL_CLASSES = "SELECT * FROM acl_class WHERE class = ?";
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private final ObjectIdentity topParentOid = new ObjectIdentityImpl(TARGET_CLASS, 100L);
 
 	private final ObjectIdentity middleParentOid = new ObjectIdentityImpl(TARGET_CLASS, 101L);
@@ -97,9 +91,6 @@ public class JdbcMutableAclServiceTests extends AbstractTransactionalJUnit4Sprin
 	@Autowired
 	private JdbcTemplate jdbcTemplate;
 
-	// ~ Methods
-	// ========================================================================================================
-
 	protected String getSqlClassPathResource() {
 		return "createAclSchema.sql";
 	}
diff --git a/acl/src/test/java/org/springframework/security/acls/sid/SidRetrievalStrategyTests.java b/acl/src/test/java/org/springframework/security/acls/sid/SidRetrievalStrategyTests.java
index 8972dfa378..9f96fa4ebd 100644
--- a/acl/src/test/java/org/springframework/security/acls/sid/SidRetrievalStrategyTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/sid/SidRetrievalStrategyTests.java
@@ -42,9 +42,6 @@ public class SidRetrievalStrategyTests {
 
 	Authentication authentication = new TestingAuthenticationToken("scott", "password", "A", "B", "C");
 
-	// ~ Methods
-	// ========================================================================================================
-
 	@Test
 	public void correctSidsAreRetrieved() {
 		SidRetrievalStrategy retrStrategy = new SidRetrievalStrategyImpl();
diff --git a/acl/src/test/java/org/springframework/security/acls/sid/SidTests.java b/acl/src/test/java/org/springframework/security/acls/sid/SidTests.java
index fe11171182..35e820af04 100644
--- a/acl/src/test/java/org/springframework/security/acls/sid/SidTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/sid/SidTests.java
@@ -34,8 +34,6 @@ import java.util.Collections;
 
 public class SidTests {
 
-	// ~ Methods
-	// ========================================================================================================
 	@Test
 	public void testPrincipalSidConstructorsRequiredFields() {
 		// Check one String-argument constructor
diff --git a/cas/src/main/java/org/springframework/security/cas/ServiceProperties.java b/cas/src/main/java/org/springframework/security/cas/ServiceProperties.java
index 85bab3cc0e..7a3d40bcfb 100644
--- a/cas/src/main/java/org/springframework/security/cas/ServiceProperties.java
+++ b/cas/src/main/java/org/springframework/security/cas/ServiceProperties.java
@@ -34,9 +34,6 @@ public class ServiceProperties implements InitializingBean {
 
 	public static final String DEFAULT_CAS_SERVICE_PARAMETER = "service";
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private String service;
 
 	private boolean authenticateAllArtifacts;
@@ -47,9 +44,6 @@ public class ServiceProperties implements InitializingBean {
 
 	private String serviceParameter = DEFAULT_CAS_SERVICE_PARAMETER;
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public void afterPropertiesSet() {
 		Assert.hasLength(this.service, "service cannot be empty.");
 		Assert.hasLength(this.artifactParameter, "artifactParameter cannot be empty.");
diff --git a/cas/src/main/java/org/springframework/security/cas/authentication/CasAuthenticationProvider.java b/cas/src/main/java/org/springframework/security/cas/authentication/CasAuthenticationProvider.java
index e40696fb94..6699b04237 100644
--- a/cas/src/main/java/org/springframework/security/cas/authentication/CasAuthenticationProvider.java
+++ b/cas/src/main/java/org/springframework/security/cas/authentication/CasAuthenticationProvider.java
@@ -56,14 +56,8 @@ import org.springframework.util.Assert;
  */
 public class CasAuthenticationProvider implements AuthenticationProvider, InitializingBean, MessageSourceAware {
 
-	// ~ Static fields/initializers
-	// =====================================================================================
-
 	private static final Log logger = LogFactory.getLog(CasAuthenticationProvider.class);
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private AuthenticationUserDetailsService<CasAssertionAuthenticationToken> authenticationUserDetailsService;
 
 	private final UserDetailsChecker userDetailsChecker = new AccountStatusUserDetailsChecker();
@@ -80,9 +74,6 @@ public class CasAuthenticationProvider implements AuthenticationProvider, Initia
 
 	private GrantedAuthoritiesMapper authoritiesMapper = new NullAuthoritiesMapper();
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public void afterPropertiesSet() {
 		Assert.notNull(this.authenticationUserDetailsService, "An authenticationUserDetailsService must be set");
 		Assert.notNull(this.ticketValidator, "A ticketValidator must be set");
diff --git a/cas/src/main/java/org/springframework/security/cas/authentication/CasAuthenticationToken.java b/cas/src/main/java/org/springframework/security/cas/authentication/CasAuthenticationToken.java
index 3483b640cc..d938cd37cd 100644
--- a/cas/src/main/java/org/springframework/security/cas/authentication/CasAuthenticationToken.java
+++ b/cas/src/main/java/org/springframework/security/cas/authentication/CasAuthenticationToken.java
@@ -36,8 +36,6 @@ public class CasAuthenticationToken extends AbstractAuthenticationToken implemen
 
 	private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
 
-	// ~ Instance fields
-	// ================================================================================================
 	private final Object credentials;
 
 	private final Object principal;
@@ -48,9 +46,6 @@ public class CasAuthenticationToken extends AbstractAuthenticationToken implemen
 
 	private final Assertion assertion;
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	/**
 	 * Constructor.
 	 * @param key to identify if this object made by a given
@@ -110,9 +105,6 @@ public class CasAuthenticationToken extends AbstractAuthenticationToken implemen
 		setAuthenticated(true);
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	private static Integer extractKeyHash(String key) {
 		Assert.hasLength(key, "key cannot be null or empty");
 		return key.hashCode();
diff --git a/cas/src/main/java/org/springframework/security/cas/authentication/EhCacheBasedTicketCache.java b/cas/src/main/java/org/springframework/security/cas/authentication/EhCacheBasedTicketCache.java
index 7840387422..fd332f47b0 100644
--- a/cas/src/main/java/org/springframework/security/cas/authentication/EhCacheBasedTicketCache.java
+++ b/cas/src/main/java/org/springframework/security/cas/authentication/EhCacheBasedTicketCache.java
@@ -32,19 +32,10 @@ import org.springframework.util.Assert;
  */
 public class EhCacheBasedTicketCache implements StatelessTicketCache, InitializingBean {
 
-	// ~ Static fields/initializers
-	// =====================================================================================
-
 	private static final Log logger = LogFactory.getLog(EhCacheBasedTicketCache.class);
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private Ehcache cache;
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public void afterPropertiesSet() {
 		Assert.notNull(cache, "cache mandatory");
 	}
diff --git a/cas/src/main/java/org/springframework/security/cas/authentication/SpringCacheBasedTicketCache.java b/cas/src/main/java/org/springframework/security/cas/authentication/SpringCacheBasedTicketCache.java
index 01549d55bd..5a054531d9 100644
--- a/cas/src/main/java/org/springframework/security/cas/authentication/SpringCacheBasedTicketCache.java
+++ b/cas/src/main/java/org/springframework/security/cas/authentication/SpringCacheBasedTicketCache.java
@@ -29,27 +29,15 @@ import org.springframework.util.Assert;
  */
 public class SpringCacheBasedTicketCache implements StatelessTicketCache {
 
-	// ~ Static fields/initializers
-	// =====================================================================================
-
 	private static final Log logger = LogFactory.getLog(SpringCacheBasedTicketCache.class);
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private final Cache cache;
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	public SpringCacheBasedTicketCache(Cache cache) {
 		Assert.notNull(cache, "cache mandatory");
 		this.cache = cache;
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public CasAuthenticationToken getByTicketId(final String serviceTicket) {
 		final Cache.ValueWrapper element = serviceTicket != null ? cache.get(serviceTicket) : null;
 
diff --git a/cas/src/main/java/org/springframework/security/cas/authentication/StatelessTicketCache.java b/cas/src/main/java/org/springframework/security/cas/authentication/StatelessTicketCache.java
index b17fd05ae0..74df6bb9df 100644
--- a/cas/src/main/java/org/springframework/security/cas/authentication/StatelessTicketCache.java
+++ b/cas/src/main/java/org/springframework/security/cas/authentication/StatelessTicketCache.java
@@ -60,8 +60,6 @@ package org.springframework.security.cas.authentication;
  */
 public interface StatelessTicketCache {
 
-	// ~ Methods ================================================================
-
 	/**
 	 * Retrieves the <code>CasAuthenticationToken</code> associated with the specified
 	 * ticket.
diff --git a/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationEntryPoint.java b/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationEntryPoint.java
index 4e8d8a63f3..cfaec77bc3 100644
--- a/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationEntryPoint.java
+++ b/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationEntryPoint.java
@@ -44,8 +44,6 @@ import org.springframework.util.Assert;
  */
 public class CasAuthenticationEntryPoint implements AuthenticationEntryPoint, InitializingBean {
 
-	// ~ Instance fields
-	// ================================================================================================
 	private ServiceProperties serviceProperties;
 
 	private String loginUrl;
@@ -61,9 +59,6 @@ public class CasAuthenticationEntryPoint implements AuthenticationEntryPoint, In
 	 */
 	private boolean encodeServiceUrlWithSessionId = true;
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public void afterPropertiesSet() {
 		Assert.hasLength(this.loginUrl, "loginUrl must be specified");
 		Assert.notNull(this.serviceProperties, "serviceProperties must be specified");
diff --git a/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationFilter.java b/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationFilter.java
index e88e85b0cb..674cd47f49 100644
--- a/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationFilter.java
+++ b/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationFilter.java
@@ -173,9 +173,6 @@ import org.springframework.util.Assert;
  */
 public class CasAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
 
-	// ~ Static fields/initializers
-	// =====================================================================================
-
 	/**
 	 * Used to identify a CAS request for a stateful user agent, such as a web browser.
 	 */
@@ -205,17 +202,11 @@ public class CasAuthenticationFilter extends AbstractAuthenticationProcessingFil
 
 	private AuthenticationFailureHandler proxyFailureHandler = new SimpleUrlAuthenticationFailureHandler();
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	public CasAuthenticationFilter() {
 		super("/login/cas");
 		setAuthenticationFailureHandler(new SimpleUrlAuthenticationFailureHandler());
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	@Override
 	protected final void successfulAuthentication(HttpServletRequest request, HttpServletResponse response,
 			FilterChain chain, Authentication authResult) throws IOException, ServletException {
diff --git a/cas/src/main/java/org/springframework/security/cas/web/authentication/DefaultServiceAuthenticationDetails.java b/cas/src/main/java/org/springframework/security/cas/web/authentication/DefaultServiceAuthenticationDetails.java
index 271359abc1..6fc344e4f1 100644
--- a/cas/src/main/java/org/springframework/security/cas/web/authentication/DefaultServiceAuthenticationDetails.java
+++ b/cas/src/main/java/org/springframework/security/cas/web/authentication/DefaultServiceAuthenticationDetails.java
@@ -37,14 +37,8 @@ final class DefaultServiceAuthenticationDetails extends WebAuthenticationDetails
 
 	private static final long serialVersionUID = 6192409090610517700L;
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private final String serviceUrl;
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	/**
 	 * Creates a new instance
 	 * @param request the current {@link HttpServletRequest} to obtain the
@@ -63,9 +57,6 @@ final class DefaultServiceAuthenticationDetails extends WebAuthenticationDetails
 				request.getRequestURI(), query);
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	/**
 	 * Returns the current URL minus the artifact parameter and its value, if present.
 	 * @see org.springframework.security.cas.web.authentication.ServiceAuthenticationDetails#getServiceUrl()
diff --git a/cas/src/main/java/org/springframework/security/cas/web/authentication/ServiceAuthenticationDetailsSource.java b/cas/src/main/java/org/springframework/security/cas/web/authentication/ServiceAuthenticationDetailsSource.java
index 1e3c0ecbcc..1ab7fd4cc3 100644
--- a/cas/src/main/java/org/springframework/security/cas/web/authentication/ServiceAuthenticationDetailsSource.java
+++ b/cas/src/main/java/org/springframework/security/cas/web/authentication/ServiceAuthenticationDetailsSource.java
@@ -37,16 +37,10 @@ import org.springframework.util.Assert;
 public class ServiceAuthenticationDetailsSource
 		implements AuthenticationDetailsSource<HttpServletRequest, ServiceAuthenticationDetails> {
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private final Pattern artifactPattern;
 
 	private ServiceProperties serviceProperties;
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	/**
 	 * Creates an implementation that uses the specified ServiceProperties and the default
 	 * CAS artifactParameterName.
@@ -69,9 +63,6 @@ public class ServiceAuthenticationDetailsSource
 		this.artifactPattern = DefaultServiceAuthenticationDetails.createArtifactPattern(artifactParameterName);
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	/**
 	 * @param context the {@code HttpServletRequest} object.
 	 * @return the {@code ServiceAuthenticationDetails} containing information about the
diff --git a/cas/src/test/java/org/springframework/security/cas/authentication/CasAuthenticationProviderTests.java b/cas/src/test/java/org/springframework/security/cas/authentication/CasAuthenticationProviderTests.java
index dca51ceddf..c993ba8518 100644
--- a/cas/src/test/java/org/springframework/security/cas/authentication/CasAuthenticationProviderTests.java
+++ b/cas/src/test/java/org/springframework/security/cas/authentication/CasAuthenticationProviderTests.java
@@ -50,9 +50,6 @@ import java.util.*;
 @SuppressWarnings("unchecked")
 public class CasAuthenticationProviderTests {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	private UserDetails makeUserDetails() {
 		return new User("user", "password", true, true, true, true,
 				AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO"));
@@ -372,9 +369,6 @@ public class CasAuthenticationProviderTests {
 		assertThat(cap.supports(CasAuthenticationToken.class)).isTrue();
 	}
 
-	// ~ Inner Classes
-	// ==================================================================================================
-
 	private class MockAuthoritiesPopulator implements AuthenticationUserDetailsService {
 
 		public UserDetails loadUserDetails(final Authentication token) throws UsernameNotFoundException {
diff --git a/cas/src/test/java/org/springframework/security/cas/authentication/EhCacheBasedTicketCacheTests.java b/cas/src/test/java/org/springframework/security/cas/authentication/EhCacheBasedTicketCacheTests.java
index 05885f146c..e112ae68dc 100644
--- a/cas/src/test/java/org/springframework/security/cas/authentication/EhCacheBasedTicketCacheTests.java
+++ b/cas/src/test/java/org/springframework/security/cas/authentication/EhCacheBasedTicketCacheTests.java
@@ -37,8 +37,6 @@ public class EhCacheBasedTicketCacheTests extends AbstractStatelessTicketCacheTe
 
 	private static CacheManager cacheManager;
 
-	// ~ Methods
-	// ========================================================================================================
 	@BeforeClass
 	public static void initCacheManaer() {
 		cacheManager = CacheManager.create();
diff --git a/cas/src/test/java/org/springframework/security/cas/authentication/SpringCacheBasedTicketCacheTests.java b/cas/src/test/java/org/springframework/security/cas/authentication/SpringCacheBasedTicketCacheTests.java
index 51b703617d..ea15e5ac18 100644
--- a/cas/src/test/java/org/springframework/security/cas/authentication/SpringCacheBasedTicketCacheTests.java
+++ b/cas/src/test/java/org/springframework/security/cas/authentication/SpringCacheBasedTicketCacheTests.java
@@ -34,9 +34,6 @@ public class SpringCacheBasedTicketCacheTests extends AbstractStatelessTicketCac
 
 	private static CacheManager cacheManager;
 
-	// ~ Methods
-	// ========================================================================================================
-
 	@BeforeClass
 	public static void initCacheManaer() {
 		cacheManager = new ConcurrentMapCacheManager();
diff --git a/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationEntryPointTests.java b/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationEntryPointTests.java
index 05da9f1fef..f37f78676d 100644
--- a/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationEntryPointTests.java
+++ b/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationEntryPointTests.java
@@ -33,8 +33,6 @@ import org.springframework.security.cas.ServiceProperties;
  */
 public class CasAuthenticationEntryPointTests {
 
-	// ~ Methods
-	// ========================================================================================================
 	@Test
 	public void testDetectsMissingLoginFormUrl() throws Exception {
 		CasAuthenticationEntryPoint ep = new CasAuthenticationEntryPoint();
diff --git a/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationFilterTests.java b/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationFilterTests.java
index 848ba5d36b..4fe07a07c6 100644
--- a/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationFilterTests.java
+++ b/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationFilterTests.java
@@ -45,9 +45,6 @@ import static org.mockito.Mockito.*;
  */
 public class CasAuthenticationFilterTests {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	@After
 	public void tearDown() {
 		SecurityContextHolder.clearContext();
diff --git a/cas/src/test/java/org/springframework/security/cas/web/ServicePropertiesTests.java b/cas/src/test/java/org/springframework/security/cas/web/ServicePropertiesTests.java
index e19ea137b6..c3981604c6 100644
--- a/cas/src/test/java/org/springframework/security/cas/web/ServicePropertiesTests.java
+++ b/cas/src/test/java/org/springframework/security/cas/web/ServicePropertiesTests.java
@@ -29,9 +29,6 @@ import org.springframework.security.cas.ServiceProperties;
  */
 public class ServicePropertiesTests {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	@Test(expected = IllegalArgumentException.class)
 	public void detectsMissingService() throws Exception {
 		ServiceProperties sp = new ServiceProperties();
diff --git a/config/src/test/java/org/springframework/security/config/DataSourcePopulator.java b/config/src/test/java/org/springframework/security/config/DataSourcePopulator.java
index 09142c1fd6..911f8f0738 100644
--- a/config/src/test/java/org/springframework/security/config/DataSourcePopulator.java
+++ b/config/src/test/java/org/springframework/security/config/DataSourcePopulator.java
@@ -28,9 +28,6 @@ import org.springframework.util.Assert;
  */
 public class DataSourcePopulator implements InitializingBean {
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	JdbcTemplate template;
 
 	public void afterPropertiesSet() {
diff --git a/config/src/test/java/org/springframework/security/config/FilterChainProxyConfigTests.java b/config/src/test/java/org/springframework/security/config/FilterChainProxyConfigTests.java
index 88da0c4605..a1ce51cd78 100644
--- a/config/src/test/java/org/springframework/security/config/FilterChainProxyConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/FilterChainProxyConfigTests.java
@@ -53,9 +53,6 @@ public class FilterChainProxyConfigTests {
 
 	private ClassPathXmlApplicationContext appCtx;
 
-	// ~ Methods
-	// ========================================================================================================
-
 	@Before
 	public void loadContext() {
 		System.setProperty("sec1235.pattern1", "/login");
diff --git a/core/src/main/java/org/springframework/security/access/AccessDecisionManager.java b/core/src/main/java/org/springframework/security/access/AccessDecisionManager.java
index 6fff3153cc..eabb82e25d 100644
--- a/core/src/main/java/org/springframework/security/access/AccessDecisionManager.java
+++ b/core/src/main/java/org/springframework/security/access/AccessDecisionManager.java
@@ -28,9 +28,6 @@ import org.springframework.security.core.Authentication;
  */
 public interface AccessDecisionManager {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	/**
 	 * Resolves an access control decision for the passed parameters.
 	 * @param authentication the caller invoking the method (not null)
diff --git a/core/src/main/java/org/springframework/security/access/AccessDecisionVoter.java b/core/src/main/java/org/springframework/security/access/AccessDecisionVoter.java
index 1abb45b2ce..e1d98fc8f3 100644
--- a/core/src/main/java/org/springframework/security/access/AccessDecisionVoter.java
+++ b/core/src/main/java/org/springframework/security/access/AccessDecisionVoter.java
@@ -31,18 +31,12 @@ import org.springframework.security.core.Authentication;
  */
 public interface AccessDecisionVoter<S> {
 
-	// ~ Static fields/initializers
-	// =====================================================================================
-
 	int ACCESS_GRANTED = 1;
 
 	int ACCESS_ABSTAIN = 0;
 
 	int ACCESS_DENIED = -1;
 
-	// ~ Methods
-	// ========================================================================================================
-
 	/**
 	 * Indicates whether this {@code AccessDecisionVoter} is able to vote on the passed
 	 * {@code ConfigAttribute}.
diff --git a/core/src/main/java/org/springframework/security/access/AccessDeniedException.java b/core/src/main/java/org/springframework/security/access/AccessDeniedException.java
index 1fe26e846f..4d703b30c7 100644
--- a/core/src/main/java/org/springframework/security/access/AccessDeniedException.java
+++ b/core/src/main/java/org/springframework/security/access/AccessDeniedException.java
@@ -24,9 +24,6 @@ package org.springframework.security.access;
  */
 public class AccessDeniedException extends RuntimeException {
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	/**
 	 * Constructs an <code>AccessDeniedException</code> with the specified message.
 	 * @param msg the detail message
diff --git a/core/src/main/java/org/springframework/security/access/AfterInvocationProvider.java b/core/src/main/java/org/springframework/security/access/AfterInvocationProvider.java
index febbc6b8ba..92691877f0 100644
--- a/core/src/main/java/org/springframework/security/access/AfterInvocationProvider.java
+++ b/core/src/main/java/org/springframework/security/access/AfterInvocationProvider.java
@@ -29,9 +29,6 @@ import org.springframework.security.core.Authentication;
  */
 public interface AfterInvocationProvider {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	Object decide(Authentication authentication, Object object, Collection<ConfigAttribute> attributes,
 			Object returnedObject) throws AccessDeniedException;
 
diff --git a/core/src/main/java/org/springframework/security/access/AuthorizationServiceException.java b/core/src/main/java/org/springframework/security/access/AuthorizationServiceException.java
index 87fc2dc7a5..7fe3affa79 100644
--- a/core/src/main/java/org/springframework/security/access/AuthorizationServiceException.java
+++ b/core/src/main/java/org/springframework/security/access/AuthorizationServiceException.java
@@ -26,9 +26,6 @@ package org.springframework.security.access;
  */
 public class AuthorizationServiceException extends AccessDeniedException {
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	/**
 	 * Constructs an <code>AuthorizationServiceException</code> with the specified
 	 * message.
diff --git a/core/src/main/java/org/springframework/security/access/ConfigAttribute.java b/core/src/main/java/org/springframework/security/access/ConfigAttribute.java
index d85cd30abb..b1708a6e3c 100644
--- a/core/src/main/java/org/springframework/security/access/ConfigAttribute.java
+++ b/core/src/main/java/org/springframework/security/access/ConfigAttribute.java
@@ -38,9 +38,6 @@ import org.springframework.security.access.intercept.RunAsManager;
  */
 public interface ConfigAttribute extends Serializable {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	/**
 	 * If the <code>ConfigAttribute</code> can be represented as a <code>String</code> and
 	 * that <code>String</code> is sufficient in precision to be relied upon as a
diff --git a/core/src/main/java/org/springframework/security/access/SecurityConfig.java b/core/src/main/java/org/springframework/security/access/SecurityConfig.java
index 6b5545e77d..c6888dff8a 100644
--- a/core/src/main/java/org/springframework/security/access/SecurityConfig.java
+++ b/core/src/main/java/org/springframework/security/access/SecurityConfig.java
@@ -29,22 +29,13 @@ import org.springframework.util.StringUtils;
  */
 public class SecurityConfig implements ConfigAttribute {
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private final String attrib;
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	public SecurityConfig(String config) {
 		Assert.hasText(config, "You must provide a configuration attribute");
 		this.attrib = config;
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	@Override
 	public boolean equals(Object obj) {
 		if (obj instanceof ConfigAttribute) {
diff --git a/core/src/main/java/org/springframework/security/access/SecurityMetadataSource.java b/core/src/main/java/org/springframework/security/access/SecurityMetadataSource.java
index 27a9b1d3ed..6e504db9b6 100644
--- a/core/src/main/java/org/springframework/security/access/SecurityMetadataSource.java
+++ b/core/src/main/java/org/springframework/security/access/SecurityMetadataSource.java
@@ -29,9 +29,6 @@ import org.springframework.security.access.intercept.AbstractSecurityInterceptor
  */
 public interface SecurityMetadataSource extends AopInfrastructureBean {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	/**
 	 * Accesses the {@code ConfigAttribute}s that apply to a given secure object.
 	 * @param object the object being secured
diff --git a/core/src/main/java/org/springframework/security/access/event/AbstractAuthorizationEvent.java b/core/src/main/java/org/springframework/security/access/event/AbstractAuthorizationEvent.java
index 6bde97aa2a..a285007615 100644
--- a/core/src/main/java/org/springframework/security/access/event/AbstractAuthorizationEvent.java
+++ b/core/src/main/java/org/springframework/security/access/event/AbstractAuthorizationEvent.java
@@ -25,9 +25,6 @@ import org.springframework.context.ApplicationEvent;
  */
 public abstract class AbstractAuthorizationEvent extends ApplicationEvent {
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	/**
 	 * Construct the event, passing in the secure object being intercepted.
 	 * @param secureObject the secure object
diff --git a/core/src/main/java/org/springframework/security/access/event/AuthenticationCredentialsNotFoundEvent.java b/core/src/main/java/org/springframework/security/access/event/AuthenticationCredentialsNotFoundEvent.java
index c60b2095cb..fedad57952 100644
--- a/core/src/main/java/org/springframework/security/access/event/AuthenticationCredentialsNotFoundEvent.java
+++ b/core/src/main/java/org/springframework/security/access/event/AuthenticationCredentialsNotFoundEvent.java
@@ -29,16 +29,10 @@ import org.springframework.security.authentication.AuthenticationCredentialsNotF
  */
 public class AuthenticationCredentialsNotFoundEvent extends AbstractAuthorizationEvent {
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private AuthenticationCredentialsNotFoundException credentialsNotFoundException;
 
 	private Collection<ConfigAttribute> configAttribs;
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	/**
 	 * Construct the event.
 	 * @param secureObject the secure object
@@ -59,9 +53,6 @@ public class AuthenticationCredentialsNotFoundEvent extends AbstractAuthorizatio
 		this.credentialsNotFoundException = credentialsNotFoundException;
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public Collection<ConfigAttribute> getConfigAttributes() {
 		return configAttribs;
 	}
diff --git a/core/src/main/java/org/springframework/security/access/event/AuthorizationFailureEvent.java b/core/src/main/java/org/springframework/security/access/event/AuthorizationFailureEvent.java
index 26374e65f6..f9672400c5 100644
--- a/core/src/main/java/org/springframework/security/access/event/AuthorizationFailureEvent.java
+++ b/core/src/main/java/org/springframework/security/access/event/AuthorizationFailureEvent.java
@@ -36,18 +36,12 @@ import org.springframework.security.core.Authentication;
  */
 public class AuthorizationFailureEvent extends AbstractAuthorizationEvent {
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private AccessDeniedException accessDeniedException;
 
 	private Authentication authentication;
 
 	private Collection<ConfigAttribute> configAttributes;
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	/**
 	 * Construct the event.
 	 * @param secureObject the secure object
@@ -70,9 +64,6 @@ public class AuthorizationFailureEvent extends AbstractAuthorizationEvent {
 		this.accessDeniedException = accessDeniedException;
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public AccessDeniedException getAccessDeniedException() {
 		return accessDeniedException;
 	}
diff --git a/core/src/main/java/org/springframework/security/access/event/AuthorizedEvent.java b/core/src/main/java/org/springframework/security/access/event/AuthorizedEvent.java
index da8846c7d7..ea5873bd86 100644
--- a/core/src/main/java/org/springframework/security/access/event/AuthorizedEvent.java
+++ b/core/src/main/java/org/springframework/security/access/event/AuthorizedEvent.java
@@ -31,16 +31,10 @@ import org.springframework.security.core.Authentication;
  */
 public class AuthorizedEvent extends AbstractAuthorizationEvent {
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private Authentication authentication;
 
 	private Collection<ConfigAttribute> configAttributes;
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	/**
 	 * Construct the event.
 	 * @param secureObject the secure object
@@ -59,9 +53,6 @@ public class AuthorizedEvent extends AbstractAuthorizationEvent {
 		this.authentication = authentication;
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public Authentication getAuthentication() {
 		return authentication;
 	}
diff --git a/core/src/main/java/org/springframework/security/access/event/LoggerListener.java b/core/src/main/java/org/springframework/security/access/event/LoggerListener.java
index ce0d7c3f04..9016c49029 100644
--- a/core/src/main/java/org/springframework/security/access/event/LoggerListener.java
+++ b/core/src/main/java/org/springframework/security/access/event/LoggerListener.java
@@ -31,14 +31,8 @@ import org.springframework.context.ApplicationListener;
  */
 public class LoggerListener implements ApplicationListener<AbstractAuthorizationEvent> {
 
-	// ~ Static fields/initializers
-	// =====================================================================================
-
 	private static final Log logger = LogFactory.getLog(LoggerListener.class);
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public void onApplicationEvent(AbstractAuthorizationEvent event) {
 		if (event instanceof AuthenticationCredentialsNotFoundEvent) {
 			AuthenticationCredentialsNotFoundEvent authEvent = (AuthenticationCredentialsNotFoundEvent) event;
diff --git a/core/src/main/java/org/springframework/security/access/event/PublicInvocationEvent.java b/core/src/main/java/org/springframework/security/access/event/PublicInvocationEvent.java
index f82d3713ea..2ce5db3a85 100644
--- a/core/src/main/java/org/springframework/security/access/event/PublicInvocationEvent.java
+++ b/core/src/main/java/org/springframework/security/access/event/PublicInvocationEvent.java
@@ -31,9 +31,6 @@ package org.springframework.security.access.event;
  */
 public class PublicInvocationEvent extends AbstractAuthorizationEvent {
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	/**
 	 * Construct the event, passing in the public secure object.
 	 * @param secureObject the public secure object
diff --git a/core/src/main/java/org/springframework/security/access/intercept/AbstractSecurityInterceptor.java b/core/src/main/java/org/springframework/security/access/intercept/AbstractSecurityInterceptor.java
index 40a34d6260..302ee8276c 100644
--- a/core/src/main/java/org/springframework/security/access/intercept/AbstractSecurityInterceptor.java
+++ b/core/src/main/java/org/springframework/security/access/intercept/AbstractSecurityInterceptor.java
@@ -104,14 +104,8 @@ import org.springframework.util.Assert;
 public abstract class AbstractSecurityInterceptor
 		implements InitializingBean, ApplicationEventPublisherAware, MessageSourceAware {
 
-	// ~ Static fields/initializers
-	// =====================================================================================
-
 	protected final Log logger = LogFactory.getLog(getClass());
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
 
 	private ApplicationEventPublisher eventPublisher;
@@ -132,9 +126,6 @@ public abstract class AbstractSecurityInterceptor
 
 	private boolean publishAuthorizationSuccess = false;
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public void afterPropertiesSet() {
 		Assert.notNull(getSecureObjectClass(), "Subclass must provide a non-null response to getSecureObjectClass()");
 		Assert.notNull(this.messages, "A message source must be set");
diff --git a/core/src/main/java/org/springframework/security/access/intercept/AfterInvocationManager.java b/core/src/main/java/org/springframework/security/access/intercept/AfterInvocationManager.java
index 7c11320a00..679b495d54 100644
--- a/core/src/main/java/org/springframework/security/access/intercept/AfterInvocationManager.java
+++ b/core/src/main/java/org/springframework/security/access/intercept/AfterInvocationManager.java
@@ -44,9 +44,6 @@ import org.springframework.security.core.Authentication;
  */
 public interface AfterInvocationManager {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	/**
 	 * Given the details of a secure object invocation including its returned
 	 * <code>Object</code>, make an access control decision or optionally modify the
diff --git a/core/src/main/java/org/springframework/security/access/intercept/AfterInvocationProviderManager.java b/core/src/main/java/org/springframework/security/access/intercept/AfterInvocationProviderManager.java
index c223186b9d..e8ddfdb39b 100644
--- a/core/src/main/java/org/springframework/security/access/intercept/AfterInvocationProviderManager.java
+++ b/core/src/main/java/org/springframework/security/access/intercept/AfterInvocationProviderManager.java
@@ -47,19 +47,10 @@ import org.springframework.util.Assert;
  */
 public class AfterInvocationProviderManager implements AfterInvocationManager, InitializingBean {
 
-	// ~ Static fields/initializers
-	// =====================================================================================
-
 	protected static final Log logger = LogFactory.getLog(AfterInvocationProviderManager.class);
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private List<AfterInvocationProvider> providers;
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public void afterPropertiesSet() {
 		checkIfValidList(this.providers);
 	}
diff --git a/core/src/main/java/org/springframework/security/access/intercept/InterceptorStatusToken.java b/core/src/main/java/org/springframework/security/access/intercept/InterceptorStatusToken.java
index 74ea128212..0199ed258e 100644
--- a/core/src/main/java/org/springframework/security/access/intercept/InterceptorStatusToken.java
+++ b/core/src/main/java/org/springframework/security/access/intercept/InterceptorStatusToken.java
@@ -32,9 +32,6 @@ import org.springframework.security.core.context.SecurityContext;
  */
 public class InterceptorStatusToken {
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private SecurityContext securityContext;
 
 	private Collection<ConfigAttribute> attr;
@@ -43,9 +40,6 @@ public class InterceptorStatusToken {
 
 	private boolean contextHolderRefreshRequired;
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	public InterceptorStatusToken(SecurityContext securityContext, boolean contextHolderRefreshRequired,
 			Collection<ConfigAttribute> attributes, Object secureObject) {
 		this.securityContext = securityContext;
@@ -54,9 +48,6 @@ public class InterceptorStatusToken {
 		this.secureObject = secureObject;
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public Collection<ConfigAttribute> getAttributes() {
 		return attr;
 	}
diff --git a/core/src/main/java/org/springframework/security/access/intercept/MethodInvocationPrivilegeEvaluator.java b/core/src/main/java/org/springframework/security/access/intercept/MethodInvocationPrivilegeEvaluator.java
index 2438fe293c..d3988e0b5b 100644
--- a/core/src/main/java/org/springframework/security/access/intercept/MethodInvocationPrivilegeEvaluator.java
+++ b/core/src/main/java/org/springframework/security/access/intercept/MethodInvocationPrivilegeEvaluator.java
@@ -44,19 +44,10 @@ import org.springframework.util.Assert;
  */
 public class MethodInvocationPrivilegeEvaluator implements InitializingBean {
 
-	// ~ Static fields/initializers
-	// =====================================================================================
-
 	protected static final Log logger = LogFactory.getLog(MethodInvocationPrivilegeEvaluator.class);
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private AbstractSecurityInterceptor securityInterceptor;
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public void afterPropertiesSet() {
 		Assert.notNull(securityInterceptor, "SecurityInterceptor required");
 	}
diff --git a/core/src/main/java/org/springframework/security/access/intercept/NullRunAsManager.java b/core/src/main/java/org/springframework/security/access/intercept/NullRunAsManager.java
index 77fb80cd3a..71c752f018 100644
--- a/core/src/main/java/org/springframework/security/access/intercept/NullRunAsManager.java
+++ b/core/src/main/java/org/springframework/security/access/intercept/NullRunAsManager.java
@@ -31,9 +31,6 @@ import org.springframework.security.core.Authentication;
  */
 final class NullRunAsManager implements RunAsManager {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public Authentication buildRunAs(Authentication authentication, Object object, Collection<ConfigAttribute> config) {
 		return null;
 	}
diff --git a/core/src/main/java/org/springframework/security/access/intercept/RunAsImplAuthenticationProvider.java b/core/src/main/java/org/springframework/security/access/intercept/RunAsImplAuthenticationProvider.java
index 805ae2d814..26056a82d2 100644
--- a/core/src/main/java/org/springframework/security/access/intercept/RunAsImplAuthenticationProvider.java
+++ b/core/src/main/java/org/springframework/security/access/intercept/RunAsImplAuthenticationProvider.java
@@ -45,16 +45,10 @@ import org.springframework.util.Assert;
  */
 public class RunAsImplAuthenticationProvider implements InitializingBean, AuthenticationProvider, MessageSourceAware {
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
 
 	private String key;
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public void afterPropertiesSet() {
 		Assert.notNull(key, "A Key is required and should match that configured for the RunAsManagerImpl");
 	}
diff --git a/core/src/main/java/org/springframework/security/access/intercept/RunAsManager.java b/core/src/main/java/org/springframework/security/access/intercept/RunAsManager.java
index a244177a21..e121b9bb5b 100644
--- a/core/src/main/java/org/springframework/security/access/intercept/RunAsManager.java
+++ b/core/src/main/java/org/springframework/security/access/intercept/RunAsManager.java
@@ -60,9 +60,6 @@ import org.springframework.security.core.Authentication;
  */
 public interface RunAsManager {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	/**
 	 * Returns a replacement <code>Authentication</code> object for the current secure
 	 * object invocation, or <code>null</code> if replacement not required.
diff --git a/core/src/main/java/org/springframework/security/access/intercept/RunAsManagerImpl.java b/core/src/main/java/org/springframework/security/access/intercept/RunAsManagerImpl.java
index 8f2794dea5..ddb28f4b1f 100644
--- a/core/src/main/java/org/springframework/security/access/intercept/RunAsManagerImpl.java
+++ b/core/src/main/java/org/springframework/security/access/intercept/RunAsManagerImpl.java
@@ -55,16 +55,10 @@ import org.springframework.util.Assert;
  */
 public class RunAsManagerImpl implements RunAsManager, InitializingBean {
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private String key;
 
 	private String rolePrefix = "ROLE_";
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public void afterPropertiesSet() {
 		Assert.notNull(key,
 				"A Key is required and should match that configured for the RunAsImplAuthenticationProvider");
diff --git a/core/src/main/java/org/springframework/security/access/intercept/RunAsUserToken.java b/core/src/main/java/org/springframework/security/access/intercept/RunAsUserToken.java
index fe608b511c..ecd683b892 100644
--- a/core/src/main/java/org/springframework/security/access/intercept/RunAsUserToken.java
+++ b/core/src/main/java/org/springframework/security/access/intercept/RunAsUserToken.java
@@ -33,9 +33,6 @@ public class RunAsUserToken extends AbstractAuthenticationToken {
 
 	private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private final Class<? extends Authentication> originalAuthentication;
 
 	private final Object credentials;
@@ -44,9 +41,6 @@ public class RunAsUserToken extends AbstractAuthenticationToken {
 
 	private final int keyHash;
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	public RunAsUserToken(String key, Object principal, Object credentials,
 			Collection<? extends GrantedAuthority> authorities,
 			Class<? extends Authentication> originalAuthentication) {
@@ -58,9 +52,6 @@ public class RunAsUserToken extends AbstractAuthenticationToken {
 		setAuthenticated(true);
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	@Override
 	public Object getCredentials() {
 		return this.credentials;
diff --git a/core/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptor.java b/core/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptor.java
index f69054698c..c42435896d 100644
--- a/core/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptor.java
+++ b/core/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptor.java
@@ -39,14 +39,8 @@ import org.aopalliance.intercept.MethodInvocation;
  */
 public class MethodSecurityInterceptor extends AbstractSecurityInterceptor implements MethodInterceptor {
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private MethodSecurityMetadataSource securityMetadataSource;
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public Class<?> getSecureObjectClass() {
 		return MethodInvocation.class;
 	}
diff --git a/core/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisor.java b/core/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisor.java
index bec9cb0bf8..739c6e2c2c 100644
--- a/core/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisor.java
+++ b/core/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisor.java
@@ -53,9 +53,6 @@ import org.springframework.util.Assert;
  */
 public class MethodSecurityMetadataSourceAdvisor extends AbstractPointcutAdvisor implements BeanFactoryAware {
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private transient MethodSecurityMetadataSource attributeSource;
 
 	private transient MethodInterceptor interceptor;
@@ -70,9 +67,6 @@ public class MethodSecurityMetadataSourceAdvisor extends AbstractPointcutAdvisor
 
 	private transient volatile Object adviceMonitor = new Object();
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	/**
 	 * Alternative constructor for situations where we want the advisor decoupled from the
 	 * advice. Instead the advice bean name should be set. This prevents eager
@@ -96,9 +90,6 @@ public class MethodSecurityMetadataSourceAdvisor extends AbstractPointcutAdvisor
 		this.metadataSourceBeanName = attributeSourceBeanName;
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public Pointcut getPointcut() {
 		return pointcut;
 	}
@@ -124,9 +115,6 @@ public class MethodSecurityMetadataSourceAdvisor extends AbstractPointcutAdvisor
 		attributeSource = beanFactory.getBean(metadataSourceBeanName, MethodSecurityMetadataSource.class);
 	}
 
-	// ~ Inner Classes
-	// ==================================================================================================
-
 	class MethodSecurityMetadataSourcePointcut extends StaticMethodMatcherPointcut implements Serializable {
 
 		@SuppressWarnings("unchecked")
diff --git a/core/src/main/java/org/springframework/security/access/intercept/aspectj/AspectJCallback.java b/core/src/main/java/org/springframework/security/access/intercept/aspectj/AspectJCallback.java
index d960d62372..f82855ac33 100644
--- a/core/src/main/java/org/springframework/security/access/intercept/aspectj/AspectJCallback.java
+++ b/core/src/main/java/org/springframework/security/access/intercept/aspectj/AspectJCallback.java
@@ -25,9 +25,6 @@ package org.springframework.security.access.intercept.aspectj;
  */
 public interface AspectJCallback {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	Object proceedWithObject();
 
 }
diff --git a/core/src/main/java/org/springframework/security/access/method/AbstractMethodSecurityMetadataSource.java b/core/src/main/java/org/springframework/security/access/method/AbstractMethodSecurityMetadataSource.java
index 88dc80fb05..f31d87dea5 100644
--- a/core/src/main/java/org/springframework/security/access/method/AbstractMethodSecurityMetadataSource.java
+++ b/core/src/main/java/org/springframework/security/access/method/AbstractMethodSecurityMetadataSource.java
@@ -35,9 +35,6 @@ public abstract class AbstractMethodSecurityMetadataSource implements MethodSecu
 
 	protected final Log logger = LogFactory.getLog(getClass());
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public final Collection<ConfigAttribute> getAttributes(Object object) {
 		if (object instanceof MethodInvocation) {
 			MethodInvocation mi = (MethodInvocation) object;
diff --git a/core/src/main/java/org/springframework/security/access/method/DelegatingMethodSecurityMetadataSource.java b/core/src/main/java/org/springframework/security/access/method/DelegatingMethodSecurityMetadataSource.java
index e51853c6cb..a0173dd043 100644
--- a/core/src/main/java/org/springframework/security/access/method/DelegatingMethodSecurityMetadataSource.java
+++ b/core/src/main/java/org/springframework/security/access/method/DelegatingMethodSecurityMetadataSource.java
@@ -44,17 +44,11 @@ public final class DelegatingMethodSecurityMetadataSource extends AbstractMethod
 
 	private final Map<DefaultCacheKey, Collection<ConfigAttribute>> attributeCache = new HashMap<>();
 
-	// ~ Constructor
-	// ====================================================================================================
-
 	public DelegatingMethodSecurityMetadataSource(List<MethodSecurityMetadataSource> methodSecurityMetadataSources) {
 		Assert.notNull(methodSecurityMetadataSources, "MethodSecurityMetadataSources cannot be null");
 		this.methodSecurityMetadataSources = methodSecurityMetadataSources;
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public Collection<ConfigAttribute> getAttributes(Method method, Class<?> targetClass) {
 		DefaultCacheKey cacheKey = new DefaultCacheKey(method, targetClass);
 		synchronized (attributeCache) {
@@ -106,9 +100,6 @@ public final class DelegatingMethodSecurityMetadataSource extends AbstractMethod
 		return methodSecurityMetadataSources;
 	}
 
-	// ~ Inner Classes
-	// ==================================================================================================
-
 	private static class DefaultCacheKey {
 
 		private final Method method;
diff --git a/core/src/main/java/org/springframework/security/access/method/MapBasedMethodSecurityMetadataSource.java b/core/src/main/java/org/springframework/security/access/method/MapBasedMethodSecurityMetadataSource.java
index 2591c1655c..a501544ed6 100644
--- a/core/src/main/java/org/springframework/security/access/method/MapBasedMethodSecurityMetadataSource.java
+++ b/core/src/main/java/org/springframework/security/access/method/MapBasedMethodSecurityMetadataSource.java
@@ -45,8 +45,6 @@ import org.springframework.util.ClassUtils;
 public class MapBasedMethodSecurityMetadataSource extends AbstractFallbackMethodSecurityMetadataSource
 		implements BeanClassLoaderAware {
 
-	// ~ Instance fields
-	// ================================================================================================
 	private ClassLoader beanClassLoader = ClassUtils.getDefaultClassLoader();
 
 	/** Map from RegisteredMethod to ConfigAttribute list */
@@ -55,9 +53,6 @@ public class MapBasedMethodSecurityMetadataSource extends AbstractFallbackMethod
 	/** Map from RegisteredMethod to name pattern used for registration */
 	private final Map<RegisteredMethod, String> nameMap = new HashMap<>();
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public MapBasedMethodSecurityMetadataSource() {
 	}
 
diff --git a/core/src/main/java/org/springframework/security/access/vote/AbstractAccessDecisionManager.java b/core/src/main/java/org/springframework/security/access/vote/AbstractAccessDecisionManager.java
index cffdef99da..aeb22831a0 100644
--- a/core/src/main/java/org/springframework/security/access/vote/AbstractAccessDecisionManager.java
+++ b/core/src/main/java/org/springframework/security/access/vote/AbstractAccessDecisionManager.java
@@ -42,8 +42,6 @@ import org.springframework.util.Assert;
 public abstract class AbstractAccessDecisionManager
 		implements AccessDecisionManager, InitializingBean, MessageSourceAware {
 
-	// ~ Instance fields
-	// ================================================================================================
 	protected final Log logger = LogFactory.getLog(getClass());
 
 	private List<AccessDecisionVoter<?>> decisionVoters;
@@ -57,9 +55,6 @@ public abstract class AbstractAccessDecisionManager
 		this.decisionVoters = decisionVoters;
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public void afterPropertiesSet() {
 		Assert.notEmpty(this.decisionVoters, "A list of AccessDecisionVoters is required");
 		Assert.notNull(this.messages, "A message source must be set");
diff --git a/core/src/main/java/org/springframework/security/access/vote/AbstractAclVoter.java b/core/src/main/java/org/springframework/security/access/vote/AbstractAclVoter.java
index 7b2eb5e24a..ae26fd02b1 100644
--- a/core/src/main/java/org/springframework/security/access/vote/AbstractAclVoter.java
+++ b/core/src/main/java/org/springframework/security/access/vote/AbstractAclVoter.java
@@ -28,14 +28,8 @@ import org.springframework.util.Assert;
  */
 public abstract class AbstractAclVoter implements AccessDecisionVoter<MethodInvocation> {
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private Class<?> processDomainObjectClass;
 
-	// ~ Methods
-	// ========================================================================================================
-
 	protected Object getDomainObjectInstance(MethodInvocation invocation) {
 		Object[] args;
 		Class<?>[] params;
diff --git a/core/src/main/java/org/springframework/security/access/vote/AffirmativeBased.java b/core/src/main/java/org/springframework/security/access/vote/AffirmativeBased.java
index c43aad9c14..3f0d3e4502 100644
--- a/core/src/main/java/org/springframework/security/access/vote/AffirmativeBased.java
+++ b/core/src/main/java/org/springframework/security/access/vote/AffirmativeBased.java
@@ -34,9 +34,6 @@ public class AffirmativeBased extends AbstractAccessDecisionManager {
 		super(decisionVoters);
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	/**
 	 * This concrete implementation simply polls all configured
 	 * {@link AccessDecisionVoter}s and grants access if any
diff --git a/core/src/main/java/org/springframework/security/access/vote/AuthenticatedVoter.java b/core/src/main/java/org/springframework/security/access/vote/AuthenticatedVoter.java
index 36addaffdc..7307254fb7 100644
--- a/core/src/main/java/org/springframework/security/access/vote/AuthenticatedVoter.java
+++ b/core/src/main/java/org/springframework/security/access/vote/AuthenticatedVoter.java
@@ -48,23 +48,14 @@ import org.springframework.util.Assert;
  */
 public class AuthenticatedVoter implements AccessDecisionVoter<Object> {
 
-	// ~ Static fields/initializers
-	// =====================================================================================
-
 	public static final String IS_AUTHENTICATED_FULLY = "IS_AUTHENTICATED_FULLY";
 
 	public static final String IS_AUTHENTICATED_REMEMBERED = "IS_AUTHENTICATED_REMEMBERED";
 
 	public static final String IS_AUTHENTICATED_ANONYMOUSLY = "IS_AUTHENTICATED_ANONYMOUSLY";
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private AuthenticationTrustResolver authenticationTrustResolver = new AuthenticationTrustResolverImpl();
 
-	// ~ Methods
-	// ========================================================================================================
-
 	private boolean isFullyAuthenticated(Authentication authentication) {
 		return (!authenticationTrustResolver.isAnonymous(authentication)
 				&& !authenticationTrustResolver.isRememberMe(authentication));
diff --git a/core/src/main/java/org/springframework/security/access/vote/ConsensusBased.java b/core/src/main/java/org/springframework/security/access/vote/ConsensusBased.java
index d113655c7e..c66d639e30 100644
--- a/core/src/main/java/org/springframework/security/access/vote/ConsensusBased.java
+++ b/core/src/main/java/org/springframework/security/access/vote/ConsensusBased.java
@@ -34,18 +34,12 @@ import org.springframework.security.core.Authentication;
  */
 public class ConsensusBased extends AbstractAccessDecisionManager {
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private boolean allowIfEqualGrantedDeniedDecisions = true;
 
 	public ConsensusBased(List<AccessDecisionVoter<?>> decisionVoters) {
 		super(decisionVoters);
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	/**
 	 * This concrete implementation simply polls all configured
 	 * {@link AccessDecisionVoter}s and upon completion determines the consensus of
diff --git a/core/src/main/java/org/springframework/security/access/vote/RoleVoter.java b/core/src/main/java/org/springframework/security/access/vote/RoleVoter.java
index e61ba03b3c..4f2d4a6ae0 100644
--- a/core/src/main/java/org/springframework/security/access/vote/RoleVoter.java
+++ b/core/src/main/java/org/springframework/security/access/vote/RoleVoter.java
@@ -51,14 +51,8 @@ import org.springframework.security.core.GrantedAuthority;
  */
 public class RoleVoter implements AccessDecisionVoter<Object> {
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private String rolePrefix = "ROLE_";
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public String getRolePrefix() {
 		return rolePrefix;
 	}
diff --git a/core/src/main/java/org/springframework/security/access/vote/UnanimousBased.java b/core/src/main/java/org/springframework/security/access/vote/UnanimousBased.java
index 7408cf5eab..ad6c9a6e6a 100644
--- a/core/src/main/java/org/springframework/security/access/vote/UnanimousBased.java
+++ b/core/src/main/java/org/springframework/security/access/vote/UnanimousBased.java
@@ -36,9 +36,6 @@ public class UnanimousBased extends AbstractAccessDecisionManager {
 		super(decisionVoters);
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	/**
 	 * This concrete implementation polls all configured {@link AccessDecisionVoter}s for
 	 * each {@link ConfigAttribute} and grants access if <b>only</b> grant (or abstain)
diff --git a/core/src/main/java/org/springframework/security/authentication/AbstractAuthenticationToken.java b/core/src/main/java/org/springframework/security/authentication/AbstractAuthenticationToken.java
index 9032826953..9f87117cce 100644
--- a/core/src/main/java/org/springframework/security/authentication/AbstractAuthenticationToken.java
+++ b/core/src/main/java/org/springframework/security/authentication/AbstractAuthenticationToken.java
@@ -38,18 +38,12 @@ import org.springframework.security.core.userdetails.UserDetails;
  */
 public abstract class AbstractAuthenticationToken implements Authentication, CredentialsContainer {
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private final Collection<GrantedAuthority> authorities;
 
 	private Object details;
 
 	private boolean authenticated = false;
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	/**
 	 * Creates a token with the supplied array of authorities.
 	 * @param authorities the collection of <tt>GrantedAuthority</tt>s for the principal
@@ -71,9 +65,6 @@ public abstract class AbstractAuthenticationToken implements Authentication, Cre
 		this.authorities = Collections.unmodifiableList(temp);
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public Collection<GrantedAuthority> getAuthorities() {
 		return authorities;
 	}
diff --git a/core/src/main/java/org/springframework/security/authentication/AccountExpiredException.java b/core/src/main/java/org/springframework/security/authentication/AccountExpiredException.java
index a147bed9a4..b5a3c17062 100644
--- a/core/src/main/java/org/springframework/security/authentication/AccountExpiredException.java
+++ b/core/src/main/java/org/springframework/security/authentication/AccountExpiredException.java
@@ -24,9 +24,6 @@ package org.springframework.security.authentication;
  */
 public class AccountExpiredException extends AccountStatusException {
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	/**
 	 * Constructs a <code>AccountExpiredException</code> with the specified message.
 	 * @param msg the detail message
diff --git a/core/src/main/java/org/springframework/security/authentication/AnonymousAuthenticationProvider.java b/core/src/main/java/org/springframework/security/authentication/AnonymousAuthenticationProvider.java
index a74b615f53..6643dc6695 100644
--- a/core/src/main/java/org/springframework/security/authentication/AnonymousAuthenticationProvider.java
+++ b/core/src/main/java/org/springframework/security/authentication/AnonymousAuthenticationProvider.java
@@ -35,9 +35,6 @@ import org.springframework.util.Assert;
  */
 public class AnonymousAuthenticationProvider implements AuthenticationProvider, MessageSourceAware {
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
 
 	private String key;
@@ -47,9 +44,6 @@ public class AnonymousAuthenticationProvider implements AuthenticationProvider,
 		this.key = key;
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public Authentication authenticate(Authentication authentication) throws AuthenticationException {
 		if (!supports(authentication.getClass())) {
 			return null;
diff --git a/core/src/main/java/org/springframework/security/authentication/AnonymousAuthenticationToken.java b/core/src/main/java/org/springframework/security/authentication/AnonymousAuthenticationToken.java
index 6de6ed2cae..ede6e269b2 100644
--- a/core/src/main/java/org/springframework/security/authentication/AnonymousAuthenticationToken.java
+++ b/core/src/main/java/org/springframework/security/authentication/AnonymousAuthenticationToken.java
@@ -29,18 +29,12 @@ import org.springframework.util.Assert;
  */
 public class AnonymousAuthenticationToken extends AbstractAuthenticationToken implements Serializable {
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private static final long serialVersionUID = 1L;
 
 	private final Object principal;
 
 	private final int keyHash;
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	/**
 	 * Constructor.
 	 * @param key to identify if this object made by an authorised client
@@ -74,9 +68,6 @@ public class AnonymousAuthenticationToken extends AbstractAuthenticationToken im
 		setAuthenticated(true);
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	private static Integer extractKeyHash(String key) {
 		Assert.hasLength(key, "key cannot be empty or null");
 		return key.hashCode();
diff --git a/core/src/main/java/org/springframework/security/authentication/AuthenticationCredentialsNotFoundException.java b/core/src/main/java/org/springframework/security/authentication/AuthenticationCredentialsNotFoundException.java
index 4341f13393..7224110fb0 100644
--- a/core/src/main/java/org/springframework/security/authentication/AuthenticationCredentialsNotFoundException.java
+++ b/core/src/main/java/org/springframework/security/authentication/AuthenticationCredentialsNotFoundException.java
@@ -28,9 +28,6 @@ import org.springframework.security.core.AuthenticationException;
  */
 public class AuthenticationCredentialsNotFoundException extends AuthenticationException {
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	/**
 	 * Constructs an <code>AuthenticationCredentialsNotFoundException</code> with the
 	 * specified message.
diff --git a/core/src/main/java/org/springframework/security/authentication/AuthenticationDetailsSource.java b/core/src/main/java/org/springframework/security/authentication/AuthenticationDetailsSource.java
index 8c6af9199b..780aed8eca 100644
--- a/core/src/main/java/org/springframework/security/authentication/AuthenticationDetailsSource.java
+++ b/core/src/main/java/org/springframework/security/authentication/AuthenticationDetailsSource.java
@@ -24,9 +24,6 @@ package org.springframework.security.authentication;
  */
 public interface AuthenticationDetailsSource<C, T> {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	/**
 	 * Called by a class when it wishes a new authentication details instance to be
 	 * created.
diff --git a/core/src/main/java/org/springframework/security/authentication/AuthenticationManager.java b/core/src/main/java/org/springframework/security/authentication/AuthenticationManager.java
index 6a8d48ecff..b98c835149 100644
--- a/core/src/main/java/org/springframework/security/authentication/AuthenticationManager.java
+++ b/core/src/main/java/org/springframework/security/authentication/AuthenticationManager.java
@@ -26,9 +26,6 @@ import org.springframework.security.core.AuthenticationException;
  */
 public interface AuthenticationManager {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	/**
 	 * Attempts to authenticate the passed {@link Authentication} object, returning a
 	 * fully populated <code>Authentication</code> object (including granted authorities)
diff --git a/core/src/main/java/org/springframework/security/authentication/AuthenticationProvider.java b/core/src/main/java/org/springframework/security/authentication/AuthenticationProvider.java
index 9167027a06..86e4c6e27e 100644
--- a/core/src/main/java/org/springframework/security/authentication/AuthenticationProvider.java
+++ b/core/src/main/java/org/springframework/security/authentication/AuthenticationProvider.java
@@ -27,9 +27,6 @@ import org.springframework.security.core.AuthenticationException;
  */
 public interface AuthenticationProvider {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	/**
 	 * Performs authentication with the same contract as
 	 * {@link org.springframework.security.authentication.AuthenticationManager#authenticate(Authentication)}
diff --git a/core/src/main/java/org/springframework/security/authentication/AuthenticationServiceException.java b/core/src/main/java/org/springframework/security/authentication/AuthenticationServiceException.java
index bc1736b489..b87f01d647 100644
--- a/core/src/main/java/org/springframework/security/authentication/AuthenticationServiceException.java
+++ b/core/src/main/java/org/springframework/security/authentication/AuthenticationServiceException.java
@@ -29,9 +29,6 @@ import org.springframework.security.core.AuthenticationException;
  */
 public class AuthenticationServiceException extends AuthenticationException {
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	/**
 	 * Constructs an <code>AuthenticationServiceException</code> with the specified
 	 * message.
diff --git a/core/src/main/java/org/springframework/security/authentication/AuthenticationTrustResolver.java b/core/src/main/java/org/springframework/security/authentication/AuthenticationTrustResolver.java
index c218dcfca6..b0de70d2ce 100644
--- a/core/src/main/java/org/springframework/security/authentication/AuthenticationTrustResolver.java
+++ b/core/src/main/java/org/springframework/security/authentication/AuthenticationTrustResolver.java
@@ -25,9 +25,6 @@ import org.springframework.security.core.Authentication;
  */
 public interface AuthenticationTrustResolver {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	/**
 	 * Indicates whether the passed <code>Authentication</code> token represents an
 	 * anonymous user. Typically the framework will call this method if it is trying to
diff --git a/core/src/main/java/org/springframework/security/authentication/AuthenticationTrustResolverImpl.java b/core/src/main/java/org/springframework/security/authentication/AuthenticationTrustResolverImpl.java
index b9292965fc..ae20478bb3 100644
--- a/core/src/main/java/org/springframework/security/authentication/AuthenticationTrustResolverImpl.java
+++ b/core/src/main/java/org/springframework/security/authentication/AuthenticationTrustResolverImpl.java
@@ -31,16 +31,10 @@ import org.springframework.security.core.Authentication;
  */
 public class AuthenticationTrustResolverImpl implements AuthenticationTrustResolver {
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private Class<? extends Authentication> anonymousClass = AnonymousAuthenticationToken.class;
 
 	private Class<? extends Authentication> rememberMeClass = RememberMeAuthenticationToken.class;
 
-	// ~ Methods
-	// ========================================================================================================
-
 	Class<? extends Authentication> getAnonymousClass() {
 		return anonymousClass;
 	}
diff --git a/core/src/main/java/org/springframework/security/authentication/BadCredentialsException.java b/core/src/main/java/org/springframework/security/authentication/BadCredentialsException.java
index 15f9bce92e..6f8dc3d485 100644
--- a/core/src/main/java/org/springframework/security/authentication/BadCredentialsException.java
+++ b/core/src/main/java/org/springframework/security/authentication/BadCredentialsException.java
@@ -26,9 +26,6 @@ import org.springframework.security.core.AuthenticationException;
  */
 public class BadCredentialsException extends AuthenticationException {
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	/**
 	 * Constructs a <code>BadCredentialsException</code> with the specified message.
 	 * @param msg the detail message
diff --git a/core/src/main/java/org/springframework/security/authentication/CredentialsExpiredException.java b/core/src/main/java/org/springframework/security/authentication/CredentialsExpiredException.java
index eaa1fa1226..0387996518 100644
--- a/core/src/main/java/org/springframework/security/authentication/CredentialsExpiredException.java
+++ b/core/src/main/java/org/springframework/security/authentication/CredentialsExpiredException.java
@@ -24,9 +24,6 @@ package org.springframework.security.authentication;
  */
 public class CredentialsExpiredException extends AccountStatusException {
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	/**
 	 * Constructs a <code>CredentialsExpiredException</code> with the specified message.
 	 * @param msg the detail message
diff --git a/core/src/main/java/org/springframework/security/authentication/DisabledException.java b/core/src/main/java/org/springframework/security/authentication/DisabledException.java
index 92d63cb4c9..bb87e72f6f 100644
--- a/core/src/main/java/org/springframework/security/authentication/DisabledException.java
+++ b/core/src/main/java/org/springframework/security/authentication/DisabledException.java
@@ -24,9 +24,6 @@ package org.springframework.security.authentication;
  */
 public class DisabledException extends AccountStatusException {
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	/**
 	 * Constructs a <code>DisabledException</code> with the specified message.
 	 * @param msg the detail message
diff --git a/core/src/main/java/org/springframework/security/authentication/InsufficientAuthenticationException.java b/core/src/main/java/org/springframework/security/authentication/InsufficientAuthenticationException.java
index 6cc4c09f05..34f84ca351 100644
--- a/core/src/main/java/org/springframework/security/authentication/InsufficientAuthenticationException.java
+++ b/core/src/main/java/org/springframework/security/authentication/InsufficientAuthenticationException.java
@@ -33,9 +33,6 @@ import org.springframework.security.core.AuthenticationException;
  */
 public class InsufficientAuthenticationException extends AuthenticationException {
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	/**
 	 * Constructs an <code>InsufficientAuthenticationException</code> with the specified
 	 * message.
diff --git a/core/src/main/java/org/springframework/security/authentication/LockedException.java b/core/src/main/java/org/springframework/security/authentication/LockedException.java
index 7dd2464959..f0aa3b5231 100644
--- a/core/src/main/java/org/springframework/security/authentication/LockedException.java
+++ b/core/src/main/java/org/springframework/security/authentication/LockedException.java
@@ -24,9 +24,6 @@ package org.springframework.security.authentication;
  */
 public class LockedException extends AccountStatusException {
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	/**
 	 * Constructs a <code>LockedException</code> with the specified message.
 	 * @param msg the detail message.
diff --git a/core/src/main/java/org/springframework/security/authentication/ProviderManager.java b/core/src/main/java/org/springframework/security/authentication/ProviderManager.java
index 93af53655f..3e052d4bc3 100644
--- a/core/src/main/java/org/springframework/security/authentication/ProviderManager.java
+++ b/core/src/main/java/org/springframework/security/authentication/ProviderManager.java
@@ -86,14 +86,8 @@ import org.springframework.util.CollectionUtils;
  */
 public class ProviderManager implements AuthenticationManager, MessageSourceAware, InitializingBean {
 
-	// ~ Static fields/initializers
-	// =====================================================================================
-
 	private static final Log logger = LogFactory.getLog(ProviderManager.class);
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private AuthenticationEventPublisher eventPublisher = new NullEventPublisher();
 
 	private List<AuthenticationProvider> providers = Collections.emptyList();
@@ -132,9 +126,6 @@ public class ProviderManager implements AuthenticationManager, MessageSourceAwar
 		checkState();
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public void afterPropertiesSet() {
 		checkState();
 	}
diff --git a/core/src/main/java/org/springframework/security/authentication/ProviderNotFoundException.java b/core/src/main/java/org/springframework/security/authentication/ProviderNotFoundException.java
index 4cde08daa9..629a28e8c8 100644
--- a/core/src/main/java/org/springframework/security/authentication/ProviderNotFoundException.java
+++ b/core/src/main/java/org/springframework/security/authentication/ProviderNotFoundException.java
@@ -27,9 +27,6 @@ import org.springframework.security.core.AuthenticationException;
  */
 public class ProviderNotFoundException extends AuthenticationException {
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	/**
 	 * Constructs a <code>ProviderNotFoundException</code> with the specified message.
 	 * @param msg the detail message
diff --git a/core/src/main/java/org/springframework/security/authentication/RememberMeAuthenticationProvider.java b/core/src/main/java/org/springframework/security/authentication/RememberMeAuthenticationProvider.java
index 0eb69c59fa..552232bddb 100644
--- a/core/src/main/java/org/springframework/security/authentication/RememberMeAuthenticationProvider.java
+++ b/core/src/main/java/org/springframework/security/authentication/RememberMeAuthenticationProvider.java
@@ -34,9 +34,6 @@ import org.springframework.util.Assert;
  */
 public class RememberMeAuthenticationProvider implements AuthenticationProvider, InitializingBean, MessageSourceAware {
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
 
 	private String key;
@@ -46,9 +43,6 @@ public class RememberMeAuthenticationProvider implements AuthenticationProvider,
 		this.key = key;
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public void afterPropertiesSet() {
 		Assert.notNull(this.messages, "A message source must be set");
 	}
diff --git a/core/src/main/java/org/springframework/security/authentication/RememberMeAuthenticationToken.java b/core/src/main/java/org/springframework/security/authentication/RememberMeAuthenticationToken.java
index 25a53c6783..cf26e8851b 100644
--- a/core/src/main/java/org/springframework/security/authentication/RememberMeAuthenticationToken.java
+++ b/core/src/main/java/org/springframework/security/authentication/RememberMeAuthenticationToken.java
@@ -34,16 +34,10 @@ public class RememberMeAuthenticationToken extends AbstractAuthenticationToken {
 
 	private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private final Object principal;
 
 	private final int keyHash;
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	/**
 	 * Constructor.
 	 * @param key to identify if this object made by an authorised client
@@ -80,9 +74,6 @@ public class RememberMeAuthenticationToken extends AbstractAuthenticationToken {
 		setAuthenticated(true);
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	/**
 	 * Always returns an empty <code>String</code>
 	 * @return an empty String
diff --git a/core/src/main/java/org/springframework/security/authentication/TestingAuthenticationProvider.java b/core/src/main/java/org/springframework/security/authentication/TestingAuthenticationProvider.java
index d71cb0be5e..d94be00f44 100644
--- a/core/src/main/java/org/springframework/security/authentication/TestingAuthenticationProvider.java
+++ b/core/src/main/java/org/springframework/security/authentication/TestingAuthenticationProvider.java
@@ -34,9 +34,6 @@ import org.springframework.security.core.AuthenticationException;
  */
 public class TestingAuthenticationProvider implements AuthenticationProvider {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public Authentication authenticate(Authentication authentication) throws AuthenticationException {
 		return authentication;
 	}
diff --git a/core/src/main/java/org/springframework/security/authentication/TestingAuthenticationToken.java b/core/src/main/java/org/springframework/security/authentication/TestingAuthenticationToken.java
index 18ee4ec882..1fbdd5f464 100644
--- a/core/src/main/java/org/springframework/security/authentication/TestingAuthenticationToken.java
+++ b/core/src/main/java/org/springframework/security/authentication/TestingAuthenticationToken.java
@@ -31,18 +31,12 @@ import java.util.List;
  */
 public class TestingAuthenticationToken extends AbstractAuthenticationToken {
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private static final long serialVersionUID = 1L;
 
 	private final Object credentials;
 
 	private final Object principal;
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	public TestingAuthenticationToken(Object principal, Object credentials) {
 		super(null);
 		this.principal = principal;
@@ -60,9 +54,6 @@ public class TestingAuthenticationToken extends AbstractAuthenticationToken {
 		setAuthenticated(true);
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public Object getCredentials() {
 		return this.credentials;
 	}
diff --git a/core/src/main/java/org/springframework/security/authentication/UsernamePasswordAuthenticationToken.java b/core/src/main/java/org/springframework/security/authentication/UsernamePasswordAuthenticationToken.java
index 634cc35f50..4dbb5778fe 100644
--- a/core/src/main/java/org/springframework/security/authentication/UsernamePasswordAuthenticationToken.java
+++ b/core/src/main/java/org/springframework/security/authentication/UsernamePasswordAuthenticationToken.java
@@ -36,16 +36,10 @@ public class UsernamePasswordAuthenticationToken extends AbstractAuthenticationT
 
 	private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private final Object principal;
 
 	private Object credentials;
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	/**
 	 * This constructor can be safely used by any code that wishes to create a
 	 * <code>UsernamePasswordAuthenticationToken</code>, as the {@link #isAuthenticated()}
@@ -76,9 +70,6 @@ public class UsernamePasswordAuthenticationToken extends AbstractAuthenticationT
 		super.setAuthenticated(true); // must use super, as we override
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public Object getCredentials() {
 		return this.credentials;
 	}
diff --git a/core/src/main/java/org/springframework/security/authentication/dao/AbstractUserDetailsAuthenticationProvider.java b/core/src/main/java/org/springframework/security/authentication/dao/AbstractUserDetailsAuthenticationProvider.java
index cc054bc87e..72b2d78d8c 100644
--- a/core/src/main/java/org/springframework/security/authentication/dao/AbstractUserDetailsAuthenticationProvider.java
+++ b/core/src/main/java/org/springframework/security/authentication/dao/AbstractUserDetailsAuthenticationProvider.java
@@ -81,9 +81,6 @@ public abstract class AbstractUserDetailsAuthenticationProvider
 
 	protected final Log logger = LogFactory.getLog(getClass());
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
 
 	private UserCache userCache = new NullUserCache();
@@ -98,9 +95,6 @@ public abstract class AbstractUserDetailsAuthenticationProvider
 
 	private GrantedAuthoritiesMapper authoritiesMapper = new NullAuthoritiesMapper();
 
-	// ~ Methods
-	// ========================================================================================================
-
 	/**
 	 * Allows subclasses to perform any additional checks of a returned (or cached)
 	 * <code>UserDetails</code> for a given authentication request. Generally a subclass
diff --git a/core/src/main/java/org/springframework/security/authentication/dao/DaoAuthenticationProvider.java b/core/src/main/java/org/springframework/security/authentication/dao/DaoAuthenticationProvider.java
index f2a2b57769..e9e22da87d 100644
--- a/core/src/main/java/org/springframework/security/authentication/dao/DaoAuthenticationProvider.java
+++ b/core/src/main/java/org/springframework/security/authentication/dao/DaoAuthenticationProvider.java
@@ -39,18 +39,12 @@ import org.springframework.util.Assert;
  */
 public class DaoAuthenticationProvider extends AbstractUserDetailsAuthenticationProvider {
 
-	// ~ Static fields/initializers
-	// =====================================================================================
-
 	/**
 	 * The plaintext password used to perform PasswordEncoder#matches(CharSequence,
 	 * String)} on when the user is not found to avoid SEC-2056.
 	 */
 	private static final String USER_NOT_FOUND_PASSWORD = "userNotFoundPassword";
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private PasswordEncoder passwordEncoder;
 
 	/**
@@ -69,9 +63,6 @@ public class DaoAuthenticationProvider extends AbstractUserDetailsAuthentication
 		setPasswordEncoder(PasswordEncoderFactories.createDelegatingPasswordEncoder());
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	@SuppressWarnings("deprecation")
 	protected void additionalAuthenticationChecks(UserDetails userDetails,
 			UsernamePasswordAuthenticationToken authentication) throws AuthenticationException {
diff --git a/core/src/main/java/org/springframework/security/authentication/event/AbstractAuthenticationEvent.java b/core/src/main/java/org/springframework/security/authentication/event/AbstractAuthenticationEvent.java
index 4c6975d322..e257eab277 100644
--- a/core/src/main/java/org/springframework/security/authentication/event/AbstractAuthenticationEvent.java
+++ b/core/src/main/java/org/springframework/security/authentication/event/AbstractAuthenticationEvent.java
@@ -31,16 +31,10 @@ import org.springframework.context.ApplicationEvent;
  */
 public abstract class AbstractAuthenticationEvent extends ApplicationEvent {
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	public AbstractAuthenticationEvent(Authentication authentication) {
 		super(authentication);
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	/**
 	 * Getters for the <code>Authentication</code> request that caused the event. Also
 	 * available from <code>super.getSource()</code>.
diff --git a/core/src/main/java/org/springframework/security/authentication/event/AbstractAuthenticationFailureEvent.java b/core/src/main/java/org/springframework/security/authentication/event/AbstractAuthenticationFailureEvent.java
index 906ee2a3d9..d9928db38d 100644
--- a/core/src/main/java/org/springframework/security/authentication/event/AbstractAuthenticationFailureEvent.java
+++ b/core/src/main/java/org/springframework/security/authentication/event/AbstractAuthenticationFailureEvent.java
@@ -28,23 +28,14 @@ import org.springframework.util.Assert;
  */
 public abstract class AbstractAuthenticationFailureEvent extends AbstractAuthenticationEvent {
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private final AuthenticationException exception;
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	public AbstractAuthenticationFailureEvent(Authentication authentication, AuthenticationException exception) {
 		super(authentication);
 		Assert.notNull(exception, "AuthenticationException is required");
 		this.exception = exception;
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public AuthenticationException getException() {
 		return exception;
 	}
diff --git a/core/src/main/java/org/springframework/security/authentication/event/AuthenticationFailureBadCredentialsEvent.java b/core/src/main/java/org/springframework/security/authentication/event/AuthenticationFailureBadCredentialsEvent.java
index 2d895f88c9..796690b0e6 100644
--- a/core/src/main/java/org/springframework/security/authentication/event/AuthenticationFailureBadCredentialsEvent.java
+++ b/core/src/main/java/org/springframework/security/authentication/event/AuthenticationFailureBadCredentialsEvent.java
@@ -27,9 +27,6 @@ import org.springframework.security.core.AuthenticationException;
  */
 public class AuthenticationFailureBadCredentialsEvent extends AbstractAuthenticationFailureEvent {
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	public AuthenticationFailureBadCredentialsEvent(Authentication authentication, AuthenticationException exception) {
 		super(authentication, exception);
 	}
diff --git a/core/src/main/java/org/springframework/security/authentication/event/AuthenticationFailureCredentialsExpiredEvent.java b/core/src/main/java/org/springframework/security/authentication/event/AuthenticationFailureCredentialsExpiredEvent.java
index f9e3c20c52..57f218a239 100644
--- a/core/src/main/java/org/springframework/security/authentication/event/AuthenticationFailureCredentialsExpiredEvent.java
+++ b/core/src/main/java/org/springframework/security/authentication/event/AuthenticationFailureCredentialsExpiredEvent.java
@@ -27,9 +27,6 @@ import org.springframework.security.core.AuthenticationException;
  */
 public class AuthenticationFailureCredentialsExpiredEvent extends AbstractAuthenticationFailureEvent {
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	public AuthenticationFailureCredentialsExpiredEvent(Authentication authentication,
 			AuthenticationException exception) {
 		super(authentication, exception);
diff --git a/core/src/main/java/org/springframework/security/authentication/event/AuthenticationFailureDisabledEvent.java b/core/src/main/java/org/springframework/security/authentication/event/AuthenticationFailureDisabledEvent.java
index 12bd98bf2a..3a4604354f 100644
--- a/core/src/main/java/org/springframework/security/authentication/event/AuthenticationFailureDisabledEvent.java
+++ b/core/src/main/java/org/springframework/security/authentication/event/AuthenticationFailureDisabledEvent.java
@@ -27,9 +27,6 @@ import org.springframework.security.core.AuthenticationException;
  */
 public class AuthenticationFailureDisabledEvent extends AbstractAuthenticationFailureEvent {
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	public AuthenticationFailureDisabledEvent(Authentication authentication, AuthenticationException exception) {
 		super(authentication, exception);
 	}
diff --git a/core/src/main/java/org/springframework/security/authentication/event/AuthenticationFailureExpiredEvent.java b/core/src/main/java/org/springframework/security/authentication/event/AuthenticationFailureExpiredEvent.java
index c0c00a8321..086e16cb37 100644
--- a/core/src/main/java/org/springframework/security/authentication/event/AuthenticationFailureExpiredEvent.java
+++ b/core/src/main/java/org/springframework/security/authentication/event/AuthenticationFailureExpiredEvent.java
@@ -27,9 +27,6 @@ import org.springframework.security.core.AuthenticationException;
  */
 public class AuthenticationFailureExpiredEvent extends AbstractAuthenticationFailureEvent {
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	public AuthenticationFailureExpiredEvent(Authentication authentication, AuthenticationException exception) {
 		super(authentication, exception);
 	}
diff --git a/core/src/main/java/org/springframework/security/authentication/event/AuthenticationFailureLockedEvent.java b/core/src/main/java/org/springframework/security/authentication/event/AuthenticationFailureLockedEvent.java
index b4a63f5257..544964cdec 100644
--- a/core/src/main/java/org/springframework/security/authentication/event/AuthenticationFailureLockedEvent.java
+++ b/core/src/main/java/org/springframework/security/authentication/event/AuthenticationFailureLockedEvent.java
@@ -27,9 +27,6 @@ import org.springframework.security.core.AuthenticationException;
  */
 public class AuthenticationFailureLockedEvent extends AbstractAuthenticationFailureEvent {
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	public AuthenticationFailureLockedEvent(Authentication authentication, AuthenticationException exception) {
 		super(authentication, exception);
 	}
diff --git a/core/src/main/java/org/springframework/security/authentication/event/AuthenticationFailureProviderNotFoundEvent.java b/core/src/main/java/org/springframework/security/authentication/event/AuthenticationFailureProviderNotFoundEvent.java
index 86e84c819c..1a1cf7c87e 100644
--- a/core/src/main/java/org/springframework/security/authentication/event/AuthenticationFailureProviderNotFoundEvent.java
+++ b/core/src/main/java/org/springframework/security/authentication/event/AuthenticationFailureProviderNotFoundEvent.java
@@ -27,9 +27,6 @@ import org.springframework.security.core.AuthenticationException;
  */
 public class AuthenticationFailureProviderNotFoundEvent extends AbstractAuthenticationFailureEvent {
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	public AuthenticationFailureProviderNotFoundEvent(Authentication authentication,
 			AuthenticationException exception) {
 		super(authentication, exception);
diff --git a/core/src/main/java/org/springframework/security/authentication/event/AuthenticationFailureProxyUntrustedEvent.java b/core/src/main/java/org/springframework/security/authentication/event/AuthenticationFailureProxyUntrustedEvent.java
index c64fdc3d85..772774d3f1 100644
--- a/core/src/main/java/org/springframework/security/authentication/event/AuthenticationFailureProxyUntrustedEvent.java
+++ b/core/src/main/java/org/springframework/security/authentication/event/AuthenticationFailureProxyUntrustedEvent.java
@@ -27,9 +27,6 @@ import org.springframework.security.core.AuthenticationException;
  */
 public class AuthenticationFailureProxyUntrustedEvent extends AbstractAuthenticationFailureEvent {
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	public AuthenticationFailureProxyUntrustedEvent(Authentication authentication, AuthenticationException exception) {
 		super(authentication, exception);
 	}
diff --git a/core/src/main/java/org/springframework/security/authentication/event/AuthenticationFailureServiceExceptionEvent.java b/core/src/main/java/org/springframework/security/authentication/event/AuthenticationFailureServiceExceptionEvent.java
index 565d022d87..167d5fae3b 100644
--- a/core/src/main/java/org/springframework/security/authentication/event/AuthenticationFailureServiceExceptionEvent.java
+++ b/core/src/main/java/org/springframework/security/authentication/event/AuthenticationFailureServiceExceptionEvent.java
@@ -27,9 +27,6 @@ import org.springframework.security.core.AuthenticationException;
  */
 public class AuthenticationFailureServiceExceptionEvent extends AbstractAuthenticationFailureEvent {
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	public AuthenticationFailureServiceExceptionEvent(Authentication authentication,
 			AuthenticationException exception) {
 		super(authentication, exception);
diff --git a/core/src/main/java/org/springframework/security/authentication/event/AuthenticationSuccessEvent.java b/core/src/main/java/org/springframework/security/authentication/event/AuthenticationSuccessEvent.java
index 6eafa52c9e..5b3b9bcd24 100644
--- a/core/src/main/java/org/springframework/security/authentication/event/AuthenticationSuccessEvent.java
+++ b/core/src/main/java/org/springframework/security/authentication/event/AuthenticationSuccessEvent.java
@@ -25,9 +25,6 @@ import org.springframework.security.core.Authentication;
  */
 public class AuthenticationSuccessEvent extends AbstractAuthenticationEvent {
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	public AuthenticationSuccessEvent(Authentication authentication) {
 		super(authentication);
 	}
diff --git a/core/src/main/java/org/springframework/security/authentication/event/InteractiveAuthenticationSuccessEvent.java b/core/src/main/java/org/springframework/security/authentication/event/InteractiveAuthenticationSuccessEvent.java
index d73b49a4b7..a7c36a5b53 100644
--- a/core/src/main/java/org/springframework/security/authentication/event/InteractiveAuthenticationSuccessEvent.java
+++ b/core/src/main/java/org/springframework/security/authentication/event/InteractiveAuthenticationSuccessEvent.java
@@ -35,23 +35,14 @@ import org.springframework.util.Assert;
  */
 public class InteractiveAuthenticationSuccessEvent extends AbstractAuthenticationEvent {
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private final Class<?> generatedBy;
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	public InteractiveAuthenticationSuccessEvent(Authentication authentication, Class<?> generatedBy) {
 		super(authentication);
 		Assert.notNull(generatedBy, "generatedBy cannot be null");
 		this.generatedBy = generatedBy;
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	/**
 	 * Getter for the <code>Class</code> that generated this event. This can be useful for
 	 * generating additional logging information.
diff --git a/core/src/main/java/org/springframework/security/authentication/event/LoggerListener.java b/core/src/main/java/org/springframework/security/authentication/event/LoggerListener.java
index 8332e48999..d322e2891e 100644
--- a/core/src/main/java/org/springframework/security/authentication/event/LoggerListener.java
+++ b/core/src/main/java/org/springframework/security/authentication/event/LoggerListener.java
@@ -30,9 +30,6 @@ import org.springframework.util.ClassUtils;
  */
 public class LoggerListener implements ApplicationListener<AbstractAuthenticationEvent> {
 
-	// ~ Static fields/initializers
-	// =====================================================================================
-
 	private static final Log logger = LogFactory.getLog(LoggerListener.class);
 
 	/**
@@ -41,9 +38,6 @@ public class LoggerListener implements ApplicationListener<AbstractAuthenticatio
 	 */
 	private boolean logInteractiveAuthenticationSuccessEvents = true;
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public void onApplicationEvent(AbstractAuthenticationEvent event) {
 		if (!logInteractiveAuthenticationSuccessEvents && event instanceof InteractiveAuthenticationSuccessEvent) {
 			return;
diff --git a/core/src/main/java/org/springframework/security/authentication/jaas/AbstractJaasAuthenticationProvider.java b/core/src/main/java/org/springframework/security/authentication/jaas/AbstractJaasAuthenticationProvider.java
index 532ceb2030..52d17ba08e 100644
--- a/core/src/main/java/org/springframework/security/authentication/jaas/AbstractJaasAuthenticationProvider.java
+++ b/core/src/main/java/org/springframework/security/authentication/jaas/AbstractJaasAuthenticationProvider.java
@@ -116,9 +116,6 @@ import org.springframework.util.ObjectUtils;
 public abstract class AbstractJaasAuthenticationProvider implements AuthenticationProvider,
 		ApplicationEventPublisherAware, InitializingBean, ApplicationListener<SessionDestroyedEvent> {
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private ApplicationEventPublisher applicationEventPublisher;
 
 	private AuthorityGranter[] authorityGranters;
@@ -131,9 +128,6 @@ public abstract class AbstractJaasAuthenticationProvider implements Authenticati
 
 	private String loginContextName = "SPRINGSECURITY";
 
-	// ~ Methods
-	// ========================================================================================================
-
 	/**
 	 * Validates the required properties are set. In addition, if
 	 * {@link #setCallbackHandlers(JaasAuthenticationCallbackHandler[])} has not been
@@ -370,9 +364,6 @@ public abstract class AbstractJaasAuthenticationProvider implements Authenticati
 		return this.applicationEventPublisher;
 	}
 
-	// ~ Inner Classes
-	// ==================================================================================================
-
 	/**
 	 * Wrapper class for JAASAuthenticationCallbackHandlers
 	 */
diff --git a/core/src/main/java/org/springframework/security/authentication/jaas/AuthorityGranter.java b/core/src/main/java/org/springframework/security/authentication/jaas/AuthorityGranter.java
index 14f0961d8e..db15f76e80 100644
--- a/core/src/main/java/org/springframework/security/authentication/jaas/AuthorityGranter.java
+++ b/core/src/main/java/org/springframework/security/authentication/jaas/AuthorityGranter.java
@@ -31,9 +31,6 @@ import java.util.Set;
  */
 public interface AuthorityGranter {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	/**
 	 * The grant method is called for each principal returned from the LoginContext
 	 * subject. If the AuthorityGranter wishes to grant any authorities, it should return
diff --git a/core/src/main/java/org/springframework/security/authentication/jaas/DefaultJaasAuthenticationProvider.java b/core/src/main/java/org/springframework/security/authentication/jaas/DefaultJaasAuthenticationProvider.java
index 8e865213ad..7e7b6cd111 100644
--- a/core/src/main/java/org/springframework/security/authentication/jaas/DefaultJaasAuthenticationProvider.java
+++ b/core/src/main/java/org/springframework/security/authentication/jaas/DefaultJaasAuthenticationProvider.java
@@ -86,14 +86,8 @@ import org.springframework.util.Assert;
  */
 public class DefaultJaasAuthenticationProvider extends AbstractJaasAuthenticationProvider {
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private Configuration configuration;
 
-	// ~ Methods
-	// ========================================================================================================
-
 	@Override
 	public void afterPropertiesSet() throws Exception {
 		super.afterPropertiesSet();
diff --git a/core/src/main/java/org/springframework/security/authentication/jaas/DefaultLoginExceptionResolver.java b/core/src/main/java/org/springframework/security/authentication/jaas/DefaultLoginExceptionResolver.java
index 82d978dc3a..76c9922d34 100644
--- a/core/src/main/java/org/springframework/security/authentication/jaas/DefaultLoginExceptionResolver.java
+++ b/core/src/main/java/org/springframework/security/authentication/jaas/DefaultLoginExceptionResolver.java
@@ -29,9 +29,6 @@ import javax.security.auth.login.LoginException;
  */
 public class DefaultLoginExceptionResolver implements LoginExceptionResolver {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public AuthenticationException resolveException(LoginException e) {
 		return new AuthenticationServiceException(e.getMessage(), e);
 	}
diff --git a/core/src/main/java/org/springframework/security/authentication/jaas/JaasAuthenticationCallbackHandler.java b/core/src/main/java/org/springframework/security/authentication/jaas/JaasAuthenticationCallbackHandler.java
index 703ecb732c..3ee240025e 100644
--- a/core/src/main/java/org/springframework/security/authentication/jaas/JaasAuthenticationCallbackHandler.java
+++ b/core/src/main/java/org/springframework/security/authentication/jaas/JaasAuthenticationCallbackHandler.java
@@ -46,9 +46,6 @@ import org.springframework.security.core.Authentication;
  */
 public interface JaasAuthenticationCallbackHandler {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	/**
 	 * Handle the <a href=
 	 * "https://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/Callback.html"
diff --git a/core/src/main/java/org/springframework/security/authentication/jaas/JaasAuthenticationProvider.java b/core/src/main/java/org/springframework/security/authentication/jaas/JaasAuthenticationProvider.java
index 4061a9216b..f573856387 100644
--- a/core/src/main/java/org/springframework/security/authentication/jaas/JaasAuthenticationProvider.java
+++ b/core/src/main/java/org/springframework/security/authentication/jaas/JaasAuthenticationProvider.java
@@ -139,22 +139,13 @@ import org.springframework.util.Assert;
  */
 public class JaasAuthenticationProvider extends AbstractJaasAuthenticationProvider {
 
-	// ~ Static fields/initializers
-	// =====================================================================================
-
 	// exists for passivity
 	protected static final Log log = LogFactory.getLog(JaasAuthenticationProvider.class);
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private Resource loginConfig;
 
 	private boolean refreshConfigurationOnStartup = true;
 
-	// ~ Methods
-	// ========================================================================================================
-
 	@Override
 	public void afterPropertiesSet() throws Exception {
 		// the superclass is not called because it does additional checks that are
diff --git a/core/src/main/java/org/springframework/security/authentication/jaas/JaasAuthenticationToken.java b/core/src/main/java/org/springframework/security/authentication/jaas/JaasAuthenticationToken.java
index 9bb3bcc5a9..99c5c48fd9 100644
--- a/core/src/main/java/org/springframework/security/authentication/jaas/JaasAuthenticationToken.java
+++ b/core/src/main/java/org/springframework/security/authentication/jaas/JaasAuthenticationToken.java
@@ -34,14 +34,8 @@ public class JaasAuthenticationToken extends UsernamePasswordAuthenticationToken
 
 	private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private final transient LoginContext loginContext;
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	public JaasAuthenticationToken(Object principal, Object credentials, LoginContext loginContext) {
 		super(principal, credentials);
 		this.loginContext = loginContext;
@@ -53,9 +47,6 @@ public class JaasAuthenticationToken extends UsernamePasswordAuthenticationToken
 		this.loginContext = loginContext;
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public LoginContext getLoginContext() {
 		return loginContext;
 	}
diff --git a/core/src/main/java/org/springframework/security/authentication/jaas/JaasGrantedAuthority.java b/core/src/main/java/org/springframework/security/authentication/jaas/JaasGrantedAuthority.java
index 11998cf379..b16a49bec6 100644
--- a/core/src/main/java/org/springframework/security/authentication/jaas/JaasGrantedAuthority.java
+++ b/core/src/main/java/org/springframework/security/authentication/jaas/JaasGrantedAuthority.java
@@ -44,9 +44,6 @@ public final class JaasGrantedAuthority implements GrantedAuthority {
 		this.principal = principal;
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public Principal getPrincipal() {
 		return principal;
 	}
diff --git a/core/src/main/java/org/springframework/security/authentication/jaas/JaasNameCallbackHandler.java b/core/src/main/java/org/springframework/security/authentication/jaas/JaasNameCallbackHandler.java
index 40413bdfb1..1d62d13e85 100644
--- a/core/src/main/java/org/springframework/security/authentication/jaas/JaasNameCallbackHandler.java
+++ b/core/src/main/java/org/springframework/security/authentication/jaas/JaasNameCallbackHandler.java
@@ -35,9 +35,6 @@ import javax.security.auth.callback.NameCallback;
  */
 public class JaasNameCallbackHandler implements JaasAuthenticationCallbackHandler {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	/**
 	 * If the callback passed to the 'handle' method is an instance of NameCallback, the
 	 * JaasNameCallbackHandler will call,
diff --git a/core/src/main/java/org/springframework/security/authentication/jaas/JaasPasswordCallbackHandler.java b/core/src/main/java/org/springframework/security/authentication/jaas/JaasPasswordCallbackHandler.java
index 4db830daaa..cb2a5994b3 100644
--- a/core/src/main/java/org/springframework/security/authentication/jaas/JaasPasswordCallbackHandler.java
+++ b/core/src/main/java/org/springframework/security/authentication/jaas/JaasPasswordCallbackHandler.java
@@ -36,9 +36,6 @@ import javax.security.auth.callback.PasswordCallback;
  */
 public class JaasPasswordCallbackHandler implements JaasAuthenticationCallbackHandler {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	/**
 	 * If the callback passed to the 'handle' method is an instance of PasswordCallback,
 	 * the JaasPasswordCallbackHandler will call,
diff --git a/core/src/main/java/org/springframework/security/authentication/jaas/LoginExceptionResolver.java b/core/src/main/java/org/springframework/security/authentication/jaas/LoginExceptionResolver.java
index 63d36985a9..4837684dfa 100644
--- a/core/src/main/java/org/springframework/security/authentication/jaas/LoginExceptionResolver.java
+++ b/core/src/main/java/org/springframework/security/authentication/jaas/LoginExceptionResolver.java
@@ -32,9 +32,6 @@ import javax.security.auth.login.LoginException;
  */
 public interface LoginExceptionResolver {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	/**
 	 * Translates a Jaas LoginException to an SpringSecurityException.
 	 * @param e The LoginException thrown by the configured LoginModule.
diff --git a/core/src/main/java/org/springframework/security/authentication/jaas/SecurityContextLoginModule.java b/core/src/main/java/org/springframework/security/authentication/jaas/SecurityContextLoginModule.java
index 14bc89cb7c..c0c326c266 100644
--- a/core/src/main/java/org/springframework/security/authentication/jaas/SecurityContextLoginModule.java
+++ b/core/src/main/java/org/springframework/security/authentication/jaas/SecurityContextLoginModule.java
@@ -53,23 +53,14 @@ import javax.security.auth.spi.LoginModule;
  */
 public class SecurityContextLoginModule implements LoginModule {
 
-	// ~ Static fields/initializers
-	// =====================================================================================
-
 	private static final Log log = LogFactory.getLog(SecurityContextLoginModule.class);
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private Authentication authen;
 
 	private Subject subject;
 
 	private boolean ignoreMissingAuthentication = false;
 
-	// ~ Methods
-	// ========================================================================================================
-
 	/**
 	 * Abort the authentication process by forgetting the Spring Security
 	 * <code>Authentication</code>.
diff --git a/core/src/main/java/org/springframework/security/authentication/jaas/event/JaasAuthenticationEvent.java b/core/src/main/java/org/springframework/security/authentication/jaas/event/JaasAuthenticationEvent.java
index 8cedd283bd..b2548a2893 100644
--- a/core/src/main/java/org/springframework/security/authentication/jaas/event/JaasAuthenticationEvent.java
+++ b/core/src/main/java/org/springframework/security/authentication/jaas/event/JaasAuthenticationEvent.java
@@ -29,9 +29,6 @@ import org.springframework.context.ApplicationEvent;
  */
 public abstract class JaasAuthenticationEvent extends ApplicationEvent {
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	/**
 	 * The Authentication object is stored as the ApplicationEvent 'source'.
 	 * @param auth
@@ -40,9 +37,6 @@ public abstract class JaasAuthenticationEvent extends ApplicationEvent {
 		super(auth);
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	/**
 	 * Pre-casted method that returns the 'source' of the event.
 	 * @return the Authentication
diff --git a/core/src/main/java/org/springframework/security/authentication/jaas/event/JaasAuthenticationFailedEvent.java b/core/src/main/java/org/springframework/security/authentication/jaas/event/JaasAuthenticationFailedEvent.java
index ca92f0e548..73851f4652 100644
--- a/core/src/main/java/org/springframework/security/authentication/jaas/event/JaasAuthenticationFailedEvent.java
+++ b/core/src/main/java/org/springframework/security/authentication/jaas/event/JaasAuthenticationFailedEvent.java
@@ -26,22 +26,13 @@ import org.springframework.security.core.Authentication;
  */
 public class JaasAuthenticationFailedEvent extends JaasAuthenticationEvent {
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private final Exception exception;
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	public JaasAuthenticationFailedEvent(Authentication auth, Exception exception) {
 		super(auth);
 		this.exception = exception;
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public Exception getException() {
 		return exception;
 	}
diff --git a/core/src/main/java/org/springframework/security/authentication/jaas/event/JaasAuthenticationSuccessEvent.java b/core/src/main/java/org/springframework/security/authentication/jaas/event/JaasAuthenticationSuccessEvent.java
index 9d1690db92..0afa2b882b 100644
--- a/core/src/main/java/org/springframework/security/authentication/jaas/event/JaasAuthenticationSuccessEvent.java
+++ b/core/src/main/java/org/springframework/security/authentication/jaas/event/JaasAuthenticationSuccessEvent.java
@@ -28,9 +28,6 @@ import org.springframework.security.core.Authentication;
  */
 public class JaasAuthenticationSuccessEvent extends JaasAuthenticationEvent {
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	public JaasAuthenticationSuccessEvent(Authentication auth) {
 		super(auth);
 	}
diff --git a/core/src/main/java/org/springframework/security/authentication/jaas/memory/InMemoryConfiguration.java b/core/src/main/java/org/springframework/security/authentication/jaas/memory/InMemoryConfiguration.java
index 3bd86695a5..eba70cbaf2 100644
--- a/core/src/main/java/org/springframework/security/authentication/jaas/memory/InMemoryConfiguration.java
+++ b/core/src/main/java/org/springframework/security/authentication/jaas/memory/InMemoryConfiguration.java
@@ -36,16 +36,10 @@ import org.springframework.util.Assert;
  */
 public class InMemoryConfiguration extends Configuration {
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private final AppConfigurationEntry[] defaultConfiguration;
 
 	private final Map<String, AppConfigurationEntry[]> mappedConfigurations;
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	/**
 	 * Creates a new instance with only a defaultConfiguration. Any configuration name
 	 * will result in defaultConfiguration being returned.
@@ -82,9 +76,6 @@ public class InMemoryConfiguration extends Configuration {
 		this.defaultConfiguration = defaultConfiguration;
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	@Override
 	public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
 		AppConfigurationEntry[] mappedResult = this.mappedConfigurations.get(name);
diff --git a/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationException.java b/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationException.java
index 7f44aaf305..fdfece6ba7 100644
--- a/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationException.java
+++ b/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationException.java
@@ -33,9 +33,6 @@ public class RemoteAuthenticationException extends NestedRuntimeException {
 
 	private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	/**
 	 * Constructs a <code>RemoteAuthenticationException</code> with the specified message
 	 * and no root cause.
diff --git a/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationManager.java b/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationManager.java
index c0e1ac7a05..f2bec46c89 100644
--- a/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationManager.java
+++ b/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationManager.java
@@ -27,9 +27,6 @@ import org.springframework.security.core.GrantedAuthority;
  */
 public interface RemoteAuthenticationManager {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	/**
 	 * Attempts to authenticate the remote client using the presented username and
 	 * password. If authentication is successful, a collection of {@code GrantedAuthority}
diff --git a/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationManagerImpl.java b/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationManagerImpl.java
index 2209d42436..49f2361035 100644
--- a/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationManagerImpl.java
+++ b/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationManagerImpl.java
@@ -35,14 +35,8 @@ import org.springframework.util.Assert;
  */
 public class RemoteAuthenticationManagerImpl implements RemoteAuthenticationManager, InitializingBean {
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private AuthenticationManager authenticationManager;
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public void afterPropertiesSet() {
 		Assert.notNull(this.authenticationManager, "authenticationManager is required");
 	}
diff --git a/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationProvider.java b/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationProvider.java
index b105b1d21c..c08b632004 100644
--- a/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationProvider.java
+++ b/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationProvider.java
@@ -52,14 +52,8 @@ import org.springframework.util.Assert;
  */
 public class RemoteAuthenticationProvider implements AuthenticationProvider, InitializingBean {
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private RemoteAuthenticationManager remoteAuthenticationManager;
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public void afterPropertiesSet() {
 		Assert.notNull(this.remoteAuthenticationManager, "remoteAuthenticationManager is mandatory");
 	}
diff --git a/core/src/main/java/org/springframework/security/core/Authentication.java b/core/src/main/java/org/springframework/security/core/Authentication.java
index 5b762ef72e..12e04fdeb2 100644
--- a/core/src/main/java/org/springframework/security/core/Authentication.java
+++ b/core/src/main/java/org/springframework/security/core/Authentication.java
@@ -50,9 +50,6 @@ import org.springframework.security.core.context.SecurityContextHolder;
  */
 public interface Authentication extends Principal, Serializable {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	/**
 	 * Set by an <code>AuthenticationManager</code> to indicate the authorities that the
 	 * principal has been granted. Note that classes should not rely on this value as
diff --git a/core/src/main/java/org/springframework/security/core/AuthenticationException.java b/core/src/main/java/org/springframework/security/core/AuthenticationException.java
index 1680049188..4826756b39 100644
--- a/core/src/main/java/org/springframework/security/core/AuthenticationException.java
+++ b/core/src/main/java/org/springframework/security/core/AuthenticationException.java
@@ -24,9 +24,6 @@ package org.springframework.security.core;
  */
 public abstract class AuthenticationException extends RuntimeException {
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	/**
 	 * Constructs an {@code AuthenticationException} with the specified message and root
 	 * cause.
diff --git a/core/src/main/java/org/springframework/security/core/GrantedAuthority.java b/core/src/main/java/org/springframework/security/core/GrantedAuthority.java
index 52e0d23326..463bf5432f 100644
--- a/core/src/main/java/org/springframework/security/core/GrantedAuthority.java
+++ b/core/src/main/java/org/springframework/security/core/GrantedAuthority.java
@@ -31,9 +31,6 @@ import org.springframework.security.access.AccessDecisionManager;
  */
 public interface GrantedAuthority extends Serializable {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	/**
 	 * If the <code>GrantedAuthority</code> can be represented as a <code>String</code>
 	 * and that <code>String</code> is sufficient in precision to be relied upon for an
diff --git a/core/src/main/java/org/springframework/security/core/SpringSecurityMessageSource.java b/core/src/main/java/org/springframework/security/core/SpringSecurityMessageSource.java
index 73d65df288..3166e36224 100644
--- a/core/src/main/java/org/springframework/security/core/SpringSecurityMessageSource.java
+++ b/core/src/main/java/org/springframework/security/core/SpringSecurityMessageSource.java
@@ -33,16 +33,10 @@ import org.springframework.context.support.ResourceBundleMessageSource;
  */
 public class SpringSecurityMessageSource extends ResourceBundleMessageSource {
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	public SpringSecurityMessageSource() {
 		setBasename("org.springframework.security.messages");
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public static MessageSourceAccessor getAccessor() {
 		return new MessageSourceAccessor(new SpringSecurityMessageSource());
 	}
diff --git a/core/src/main/java/org/springframework/security/core/context/GlobalSecurityContextHolderStrategy.java b/core/src/main/java/org/springframework/security/core/context/GlobalSecurityContextHolderStrategy.java
index 218fa5cd5e..284fbdceb9 100644
--- a/core/src/main/java/org/springframework/security/core/context/GlobalSecurityContextHolderStrategy.java
+++ b/core/src/main/java/org/springframework/security/core/context/GlobalSecurityContextHolderStrategy.java
@@ -29,14 +29,8 @@ import org.springframework.util.Assert;
  */
 final class GlobalSecurityContextHolderStrategy implements SecurityContextHolderStrategy {
 
-	// ~ Static fields/initializers
-	// =====================================================================================
-
 	private static SecurityContext contextHolder;
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public void clearContext() {
 		contextHolder = null;
 	}
diff --git a/core/src/main/java/org/springframework/security/core/context/InheritableThreadLocalSecurityContextHolderStrategy.java b/core/src/main/java/org/springframework/security/core/context/InheritableThreadLocalSecurityContextHolderStrategy.java
index 73e8237593..620a5affcc 100644
--- a/core/src/main/java/org/springframework/security/core/context/InheritableThreadLocalSecurityContextHolderStrategy.java
+++ b/core/src/main/java/org/springframework/security/core/context/InheritableThreadLocalSecurityContextHolderStrategy.java
@@ -27,14 +27,8 @@ import org.springframework.util.Assert;
  */
 final class InheritableThreadLocalSecurityContextHolderStrategy implements SecurityContextHolderStrategy {
 
-	// ~ Static fields/initializers
-	// =====================================================================================
-
 	private static final ThreadLocal<SecurityContext> contextHolder = new InheritableThreadLocal<>();
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public void clearContext() {
 		contextHolder.remove();
 	}
diff --git a/core/src/main/java/org/springframework/security/core/context/SecurityContext.java b/core/src/main/java/org/springframework/security/core/context/SecurityContext.java
index 6c00eb373a..d3da30496e 100644
--- a/core/src/main/java/org/springframework/security/core/context/SecurityContext.java
+++ b/core/src/main/java/org/springframework/security/core/context/SecurityContext.java
@@ -32,9 +32,6 @@ import java.io.Serializable;
  */
 public interface SecurityContext extends Serializable {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	/**
 	 * Obtains the currently authenticated principal, or an authentication request token.
 	 * @return the <code>Authentication</code> or <code>null</code> if no authentication
diff --git a/core/src/main/java/org/springframework/security/core/context/SecurityContextHolder.java b/core/src/main/java/org/springframework/security/core/context/SecurityContextHolder.java
index edf187589f..5885922fbc 100644
--- a/core/src/main/java/org/springframework/security/core/context/SecurityContextHolder.java
+++ b/core/src/main/java/org/springframework/security/core/context/SecurityContextHolder.java
@@ -49,9 +49,6 @@ import java.lang.reflect.Constructor;
  */
 public class SecurityContextHolder {
 
-	// ~ Static fields/initializers
-	// =====================================================================================
-
 	public static final String MODE_THREADLOCAL = "MODE_THREADLOCAL";
 
 	public static final String MODE_INHERITABLETHREADLOCAL = "MODE_INHERITABLETHREADLOCAL";
@@ -70,9 +67,6 @@ public class SecurityContextHolder {
 		initialize();
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	/**
 	 * Explicitly clears the context value from the current thread.
 	 */
diff --git a/core/src/main/java/org/springframework/security/core/context/SecurityContextHolderStrategy.java b/core/src/main/java/org/springframework/security/core/context/SecurityContextHolderStrategy.java
index b988fd0294..4954db70aa 100644
--- a/core/src/main/java/org/springframework/security/core/context/SecurityContextHolderStrategy.java
+++ b/core/src/main/java/org/springframework/security/core/context/SecurityContextHolderStrategy.java
@@ -26,9 +26,6 @@ package org.springframework.security.core.context;
  */
 public interface SecurityContextHolderStrategy {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	/**
 	 * Clears the current context.
 	 */
diff --git a/core/src/main/java/org/springframework/security/core/context/SecurityContextImpl.java b/core/src/main/java/org/springframework/security/core/context/SecurityContextImpl.java
index 7eaa747bc8..4cef1edce8 100644
--- a/core/src/main/java/org/springframework/security/core/context/SecurityContextImpl.java
+++ b/core/src/main/java/org/springframework/security/core/context/SecurityContextImpl.java
@@ -30,9 +30,6 @@ public class SecurityContextImpl implements SecurityContext {
 
 	private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private Authentication authentication;
 
 	public SecurityContextImpl() {
@@ -42,9 +39,6 @@ public class SecurityContextImpl implements SecurityContext {
 		this.authentication = authentication;
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	@Override
 	public boolean equals(Object obj) {
 		if (obj instanceof SecurityContextImpl) {
diff --git a/core/src/main/java/org/springframework/security/core/context/ThreadLocalSecurityContextHolderStrategy.java b/core/src/main/java/org/springframework/security/core/context/ThreadLocalSecurityContextHolderStrategy.java
index a6c405bbda..fa930c7aa6 100644
--- a/core/src/main/java/org/springframework/security/core/context/ThreadLocalSecurityContextHolderStrategy.java
+++ b/core/src/main/java/org/springframework/security/core/context/ThreadLocalSecurityContextHolderStrategy.java
@@ -28,14 +28,8 @@ import org.springframework.util.Assert;
  */
 final class ThreadLocalSecurityContextHolderStrategy implements SecurityContextHolderStrategy {
 
-	// ~ Static fields/initializers
-	// =====================================================================================
-
 	private static final ThreadLocal<SecurityContext> contextHolder = new ThreadLocal<>();
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public void clearContext() {
 		contextHolder.remove();
 	}
diff --git a/core/src/main/java/org/springframework/security/core/session/SessionInformation.java b/core/src/main/java/org/springframework/security/core/session/SessionInformation.java
index 09e4be8feb..c31790b57c 100644
--- a/core/src/main/java/org/springframework/security/core/session/SessionInformation.java
+++ b/core/src/main/java/org/springframework/security/core/session/SessionInformation.java
@@ -41,9 +41,6 @@ public class SessionInformation implements Serializable {
 
 	private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private Date lastRequest;
 
 	private final Object principal;
@@ -52,9 +49,6 @@ public class SessionInformation implements Serializable {
 
 	private boolean expired = false;
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	public SessionInformation(Object principal, String sessionId, Date lastRequest) {
 		Assert.notNull(principal, "Principal required");
 		Assert.hasText(sessionId, "SessionId required");
@@ -64,9 +58,6 @@ public class SessionInformation implements Serializable {
 		this.lastRequest = lastRequest;
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public void expireNow() {
 		this.expired = true;
 	}
diff --git a/core/src/main/java/org/springframework/security/core/session/SessionRegistry.java b/core/src/main/java/org/springframework/security/core/session/SessionRegistry.java
index 017ee8750e..107dfaf54c 100644
--- a/core/src/main/java/org/springframework/security/core/session/SessionRegistry.java
+++ b/core/src/main/java/org/springframework/security/core/session/SessionRegistry.java
@@ -25,9 +25,6 @@ import java.util.List;
  */
 public interface SessionRegistry {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	/**
 	 * Obtains all the known principals in the <code>SessionRegistry</code>.
 	 * @return each of the unique principals, which can then be presented to
diff --git a/core/src/main/java/org/springframework/security/core/session/SessionRegistryImpl.java b/core/src/main/java/org/springframework/security/core/session/SessionRegistryImpl.java
index e6f5910557..224f28499b 100644
--- a/core/src/main/java/org/springframework/security/core/session/SessionRegistryImpl.java
+++ b/core/src/main/java/org/springframework/security/core/session/SessionRegistryImpl.java
@@ -42,9 +42,6 @@ import java.util.concurrent.CopyOnWriteArraySet;
  */
 public class SessionRegistryImpl implements SessionRegistry, ApplicationListener<AbstractSessionEvent> {
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	protected final Log logger = LogFactory.getLog(SessionRegistryImpl.class);
 
 	/** <principal:Object,SessionIdSet> */
@@ -53,9 +50,6 @@ public class SessionRegistryImpl implements SessionRegistry, ApplicationListener
 	/** <sessionId:Object,SessionInformation> */
 	private final Map<String, SessionInformation> sessionIds;
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public SessionRegistryImpl() {
 		this.principals = new ConcurrentHashMap<>();
 		this.sessionIds = new ConcurrentHashMap<>();
diff --git a/core/src/main/java/org/springframework/security/core/userdetails/User.java b/core/src/main/java/org/springframework/security/core/userdetails/User.java
index 3f256021b1..8ae1964abe 100644
--- a/core/src/main/java/org/springframework/security/core/userdetails/User.java
+++ b/core/src/main/java/org/springframework/security/core/userdetails/User.java
@@ -65,8 +65,6 @@ public class User implements UserDetails, CredentialsContainer {
 
 	private static final Log logger = LogFactory.getLog(User.class);
 
-	// ~ Instance fields
-	// ================================================================================================
 	private String password;
 
 	private final String username;
@@ -81,9 +79,6 @@ public class User implements UserDetails, CredentialsContainer {
 
 	private final boolean enabled;
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	/**
 	 * Calls the more complex constructor with all boolean arguments set to {@code true}.
 	 */
@@ -125,9 +120,6 @@ public class User implements UserDetails, CredentialsContainer {
 		this.authorities = Collections.unmodifiableSet(sortAuthorities(authorities));
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public Collection<GrantedAuthority> getAuthorities() {
 		return authorities;
 	}
diff --git a/core/src/main/java/org/springframework/security/core/userdetails/UserCache.java b/core/src/main/java/org/springframework/security/core/userdetails/UserCache.java
index da71d3f6ef..922413ce2e 100644
--- a/core/src/main/java/org/springframework/security/core/userdetails/UserCache.java
+++ b/core/src/main/java/org/springframework/security/core/userdetails/UserCache.java
@@ -37,9 +37,6 @@ package org.springframework.security.core.userdetails;
  */
 public interface UserCache {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	/**
 	 * Obtains a {@link UserDetails} from the cache.
 	 * @param username the {@link User#getUsername()} used to place the user in the cache
diff --git a/core/src/main/java/org/springframework/security/core/userdetails/UserDetails.java b/core/src/main/java/org/springframework/security/core/userdetails/UserDetails.java
index e4a652489b..ff9b3b50f0 100644
--- a/core/src/main/java/org/springframework/security/core/userdetails/UserDetails.java
+++ b/core/src/main/java/org/springframework/security/core/userdetails/UserDetails.java
@@ -42,9 +42,6 @@ import java.util.Collection;
  */
 public interface UserDetails extends Serializable {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	/**
 	 * Returns the authorities granted to the user. Cannot return <code>null</code>.
 	 * @return the authorities, sorted by natural key (never <code>null</code>)
diff --git a/core/src/main/java/org/springframework/security/core/userdetails/UserDetailsService.java b/core/src/main/java/org/springframework/security/core/userdetails/UserDetailsService.java
index 4350d06fff..e48fb2c9da 100644
--- a/core/src/main/java/org/springframework/security/core/userdetails/UserDetailsService.java
+++ b/core/src/main/java/org/springframework/security/core/userdetails/UserDetailsService.java
@@ -33,9 +33,6 @@ package org.springframework.security.core.userdetails;
  */
 public interface UserDetailsService {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	/**
 	 * Locates the user based on the username. In the actual implementation, the search
 	 * may possibly be case sensitive, or case insensitive depending on how the
diff --git a/core/src/main/java/org/springframework/security/core/userdetails/UsernameNotFoundException.java b/core/src/main/java/org/springframework/security/core/userdetails/UsernameNotFoundException.java
index 6851e3a1b5..2894852d33 100644
--- a/core/src/main/java/org/springframework/security/core/userdetails/UsernameNotFoundException.java
+++ b/core/src/main/java/org/springframework/security/core/userdetails/UsernameNotFoundException.java
@@ -26,9 +26,6 @@ import org.springframework.security.core.AuthenticationException;
  */
 public class UsernameNotFoundException extends AuthenticationException {
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	/**
 	 * Constructs a <code>UsernameNotFoundException</code> with the specified message.
 	 * @param msg the detail message.
diff --git a/core/src/main/java/org/springframework/security/core/userdetails/cache/EhCacheBasedUserCache.java b/core/src/main/java/org/springframework/security/core/userdetails/cache/EhCacheBasedUserCache.java
index 3fdf210395..1224ef2204 100644
--- a/core/src/main/java/org/springframework/security/core/userdetails/cache/EhCacheBasedUserCache.java
+++ b/core/src/main/java/org/springframework/security/core/userdetails/cache/EhCacheBasedUserCache.java
@@ -34,19 +34,10 @@ import org.springframework.util.Assert;
  */
 public class EhCacheBasedUserCache implements UserCache, InitializingBean {
 
-	// ~ Static fields/initializers
-	// =====================================================================================
-
 	private static final Log logger = LogFactory.getLog(EhCacheBasedUserCache.class);
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private Ehcache cache;
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public void afterPropertiesSet() {
 		Assert.notNull(cache, "cache mandatory");
 	}
diff --git a/core/src/main/java/org/springframework/security/core/userdetails/cache/NullUserCache.java b/core/src/main/java/org/springframework/security/core/userdetails/cache/NullUserCache.java
index a56f5d1672..5a8a0008d6 100644
--- a/core/src/main/java/org/springframework/security/core/userdetails/cache/NullUserCache.java
+++ b/core/src/main/java/org/springframework/security/core/userdetails/cache/NullUserCache.java
@@ -26,9 +26,6 @@ import org.springframework.security.core.userdetails.UserDetails;
  */
 public class NullUserCache implements UserCache {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public UserDetails getUserFromCache(String username) {
 		return null;
 	}
diff --git a/core/src/main/java/org/springframework/security/core/userdetails/cache/SpringCacheBasedUserCache.java b/core/src/main/java/org/springframework/security/core/userdetails/cache/SpringCacheBasedUserCache.java
index b54a5dbf3b..18007ff77d 100644
--- a/core/src/main/java/org/springframework/security/core/userdetails/cache/SpringCacheBasedUserCache.java
+++ b/core/src/main/java/org/springframework/security/core/userdetails/cache/SpringCacheBasedUserCache.java
@@ -30,27 +30,15 @@ import org.springframework.util.Assert;
  */
 public class SpringCacheBasedUserCache implements UserCache {
 
-	// ~ Static fields/initializers
-	// =====================================================================================
-
 	private static final Log logger = LogFactory.getLog(SpringCacheBasedUserCache.class);
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private final Cache cache;
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	public SpringCacheBasedUserCache(Cache cache) {
 		Assert.notNull(cache, "cache mandatory");
 		this.cache = cache;
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public UserDetails getUserFromCache(String username) {
 		Cache.ValueWrapper element = username != null ? cache.get(username) : null;
 
diff --git a/core/src/main/java/org/springframework/security/core/userdetails/jdbc/JdbcDaoImpl.java b/core/src/main/java/org/springframework/security/core/userdetails/jdbc/JdbcDaoImpl.java
index 104c89814b..565c28b7a9 100644
--- a/core/src/main/java/org/springframework/security/core/userdetails/jdbc/JdbcDaoImpl.java
+++ b/core/src/main/java/org/springframework/security/core/userdetails/jdbc/JdbcDaoImpl.java
@@ -109,9 +109,6 @@ import org.springframework.util.Assert;
  */
 public class JdbcDaoImpl extends JdbcDaoSupport implements UserDetailsService, MessageSourceAware {
 
-	// ~ Static fields/initializers
-	// =====================================================================================
-
 	public static final String DEF_USERS_BY_USERNAME_QUERY = "select username,password,enabled " + "from users "
 			+ "where username = ?";
 
@@ -122,9 +119,6 @@ public class JdbcDaoImpl extends JdbcDaoSupport implements UserDetailsService, M
 			+ "from groups g, group_members gm, group_authorities ga " + "where gm.username = ? "
 			+ "and g.id = ga.group_id " + "and g.id = gm.group_id";
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
 
 	private String authoritiesByUsernameQuery;
@@ -141,18 +135,12 @@ public class JdbcDaoImpl extends JdbcDaoSupport implements UserDetailsService, M
 
 	private boolean enableGroups;
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	public JdbcDaoImpl() {
 		this.usersByUsernameQuery = DEF_USERS_BY_USERNAME_QUERY;
 		this.authoritiesByUsernameQuery = DEF_AUTHORITIES_BY_USERNAME_QUERY;
 		this.groupAuthoritiesByUsernameQuery = DEF_GROUP_AUTHORITIES_BY_USERNAME_QUERY;
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	/**
 	 * @return the messages
 	 */
diff --git a/core/src/main/java/org/springframework/security/core/userdetails/memory/UserAttribute.java b/core/src/main/java/org/springframework/security/core/userdetails/memory/UserAttribute.java
index 5e380c780b..64f8ab9179 100644
--- a/core/src/main/java/org/springframework/security/core/userdetails/memory/UserAttribute.java
+++ b/core/src/main/java/org/springframework/security/core/userdetails/memory/UserAttribute.java
@@ -31,18 +31,12 @@ import org.springframework.security.core.authority.SimpleGrantedAuthority;
  */
 public class UserAttribute {
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private List<GrantedAuthority> authorities = new Vector<>();
 
 	private String password;
 
 	private boolean enabled = true;
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public void addAuthority(GrantedAuthority newAuthority) {
 		this.authorities.add(newAuthority);
 	}
diff --git a/core/src/main/java/org/springframework/security/core/userdetails/memory/UserAttributeEditor.java b/core/src/main/java/org/springframework/security/core/userdetails/memory/UserAttributeEditor.java
index ffe713b5ae..64914495d5 100644
--- a/core/src/main/java/org/springframework/security/core/userdetails/memory/UserAttributeEditor.java
+++ b/core/src/main/java/org/springframework/security/core/userdetails/memory/UserAttributeEditor.java
@@ -30,9 +30,6 @@ import org.springframework.util.StringUtils;
  */
 public class UserAttributeEditor extends PropertyEditorSupport {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public void setAsText(String s) throws IllegalArgumentException {
 		if (StringUtils.hasText(s)) {
 			String[] tokens = StringUtils.commaDelimitedListToStringArray(s);
diff --git a/core/src/main/java/org/springframework/security/provisioning/JdbcUserDetailsManager.java b/core/src/main/java/org/springframework/security/provisioning/JdbcUserDetailsManager.java
index 2808a9da21..59c4ea67cb 100644
--- a/core/src/main/java/org/springframework/security/provisioning/JdbcUserDetailsManager.java
+++ b/core/src/main/java/org/springframework/security/provisioning/JdbcUserDetailsManager.java
@@ -58,9 +58,6 @@ import java.util.List;
  */
 public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsManager, GroupManager {
 
-	// ~ Static fields/initializers
-	// =====================================================================================
-
 	// UserDetailsManager SQL
 	public static final String DEF_CREATE_USER_SQL = "insert into users (username, password, enabled) values (?,?,?)";
 
@@ -105,9 +102,6 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
 
 	public static final String DEF_DELETE_GROUP_AUTHORITY_SQL = "delete from group_authorities where group_id = ? and authority = ?";
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	protected final Log logger = LogFactory.getLog(getClass());
 
 	private String createUserSql = DEF_CREATE_USER_SQL;
@@ -161,9 +155,6 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
 		setDataSource(dataSource);
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	protected void initDao() throws ApplicationContextException {
 		if (authenticationManager == null) {
 			logger.info("No authentication manager set. Reauthentication of users when changing passwords will "
@@ -173,9 +164,6 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
 		super.initDao();
 	}
 
-	// ~ UserDetailsManager implementation
-	// ==============================================================================
-
 	/**
 	 * Executes the SQL <tt>usersByUsernameQuery</tt> and returns a list of UserDetails
 	 * objects. There should normally only be one matching user.
@@ -324,9 +312,6 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
 		return users.size() == 1;
 	}
 
-	// ~ GroupManager implementation
-	// ====================================================================================
-
 	public List<String> findAllGroups() {
 		return getJdbcTemplate().queryForList(findAllGroupsSql, String.class);
 	}
diff --git a/core/src/main/java/org/springframework/security/util/FieldUtils.java b/core/src/main/java/org/springframework/security/util/FieldUtils.java
index 663ff43b4e..23b5f873be 100644
--- a/core/src/main/java/org/springframework/security/util/FieldUtils.java
+++ b/core/src/main/java/org/springframework/security/util/FieldUtils.java
@@ -29,8 +29,6 @@ import java.lang.reflect.Field;
  */
 public final class FieldUtils {
 
-	// ~ Methods
-	// ========================================================================================================
 	/**
 	 * Attempts to locate the specified field on the class.
 	 * @param clazz the class definition containing the field
diff --git a/core/src/main/java/org/springframework/security/util/InMemoryResource.java b/core/src/main/java/org/springframework/security/util/InMemoryResource.java
index 61ea2cea71..af84259c82 100644
--- a/core/src/main/java/org/springframework/security/util/InMemoryResource.java
+++ b/core/src/main/java/org/springframework/security/util/InMemoryResource.java
@@ -34,16 +34,10 @@ import java.util.Arrays;
  */
 public class InMemoryResource extends AbstractResource {
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private final byte[] source;
 
 	private final String description;
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	public InMemoryResource(String source) {
 		this(source.getBytes());
 	}
@@ -58,9 +52,6 @@ public class InMemoryResource extends AbstractResource {
 		this.description = description;
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	@Override
 	public String getDescription() {
 		return description;
diff --git a/core/src/main/java/org/springframework/security/util/MethodInvocationUtils.java b/core/src/main/java/org/springframework/security/util/MethodInvocationUtils.java
index 1b49cd2ec0..723a6b1d32 100644
--- a/core/src/main/java/org/springframework/security/util/MethodInvocationUtils.java
+++ b/core/src/main/java/org/springframework/security/util/MethodInvocationUtils.java
@@ -34,9 +34,6 @@ import org.springframework.util.Assert;
  */
 public final class MethodInvocationUtils {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	/**
 	 * Generates a <code>MethodInvocation</code> for specified <code>methodName</code> on
 	 * the passed object, using the <code>args</code> to locate the method.
diff --git a/core/src/main/java/org/springframework/security/util/SimpleMethodInvocation.java b/core/src/main/java/org/springframework/security/util/SimpleMethodInvocation.java
index ec16f61f44..7439b7c31a 100644
--- a/core/src/main/java/org/springframework/security/util/SimpleMethodInvocation.java
+++ b/core/src/main/java/org/springframework/security/util/SimpleMethodInvocation.java
@@ -28,18 +28,12 @@ import java.lang.reflect.Method;
  */
 public class SimpleMethodInvocation implements MethodInvocation {
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private Method method;
 
 	private Object[] arguments;
 
 	private Object targetObject;
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	public SimpleMethodInvocation(Object targetObject, Method method, Object... arguments) {
 		this.targetObject = targetObject;
 		this.method = method;
@@ -49,9 +43,6 @@ public class SimpleMethodInvocation implements MethodInvocation {
 	public SimpleMethodInvocation() {
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public Object[] getArguments() {
 		return arguments;
 	}
diff --git a/core/src/test/java/org/springframework/security/ITargetObject.java b/core/src/test/java/org/springframework/security/ITargetObject.java
index 46efcfd133..b091350bb9 100644
--- a/core/src/test/java/org/springframework/security/ITargetObject.java
+++ b/core/src/test/java/org/springframework/security/ITargetObject.java
@@ -23,9 +23,6 @@ package org.springframework.security;
  */
 public interface ITargetObject {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	Integer computeHashCode(String input);
 
 	int countLength(String input);
diff --git a/core/src/test/java/org/springframework/security/OtherTargetObject.java b/core/src/test/java/org/springframework/security/OtherTargetObject.java
index 32722f405a..f0bf745f41 100644
--- a/core/src/test/java/org/springframework/security/OtherTargetObject.java
+++ b/core/src/test/java/org/springframework/security/OtherTargetObject.java
@@ -35,9 +35,6 @@ package org.springframework.security;
  */
 public class OtherTargetObject extends TargetObject implements ITargetObject {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public String makeLowerCase(String input) {
 		return super.makeLowerCase(input);
 	}
diff --git a/core/src/test/java/org/springframework/security/PopulatedDatabase.java b/core/src/test/java/org/springframework/security/PopulatedDatabase.java
index 8c3774bacb..f341fd7b75 100644
--- a/core/src/test/java/org/springframework/security/PopulatedDatabase.java
+++ b/core/src/test/java/org/springframework/security/PopulatedDatabase.java
@@ -28,20 +28,11 @@ import javax.sql.DataSource;
  */
 public class PopulatedDatabase {
 
-	// ~ Static fields/initializers
-	// =====================================================================================
-
 	private static TestDataSource dataSource = null;
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	private PopulatedDatabase() {
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public static DataSource getDataSource() {
 		if (dataSource == null) {
 			setupDataSource();
diff --git a/core/src/test/java/org/springframework/security/TargetObject.java b/core/src/test/java/org/springframework/security/TargetObject.java
index 1ab1de4b5c..abc72f8849 100644
--- a/core/src/test/java/org/springframework/security/TargetObject.java
+++ b/core/src/test/java/org/springframework/security/TargetObject.java
@@ -26,9 +26,6 @@ import org.springframework.security.core.context.SecurityContextHolder;
  */
 public class TargetObject implements ITargetObject {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public Integer computeHashCode(String input) {
 		return input.hashCode();
 	}
diff --git a/core/src/test/java/org/springframework/security/access/SecurityConfigTests.java b/core/src/test/java/org/springframework/security/access/SecurityConfigTests.java
index 6d99bd488b..1b2a1b7d5e 100644
--- a/core/src/test/java/org/springframework/security/access/SecurityConfigTests.java
+++ b/core/src/test/java/org/springframework/security/access/SecurityConfigTests.java
@@ -29,9 +29,6 @@ import org.springframework.security.access.SecurityConfig;
  */
 public class SecurityConfigTests {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	@Test
 	public void testHashCode() {
 		SecurityConfig config = new SecurityConfig("TEST");
@@ -85,9 +82,6 @@ public class SecurityConfigTests {
 		assertThat(config.toString()).isEqualTo("TEST");
 	}
 
-	// ~ Inner Classes
-	// ==================================================================================================
-
 	private class MockConfigAttribute implements ConfigAttribute {
 
 		private String attribute;
diff --git a/core/src/test/java/org/springframework/security/access/annotation/BusinessService.java b/core/src/test/java/org/springframework/security/access/annotation/BusinessService.java
index eff3ff65a6..16c63b7e28 100644
--- a/core/src/test/java/org/springframework/security/access/annotation/BusinessService.java
+++ b/core/src/test/java/org/springframework/security/access/annotation/BusinessService.java
@@ -30,9 +30,6 @@ import org.springframework.security.access.prepost.PreAuthorize;
 @PermitAll
 public interface BusinessService extends Serializable {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	@Secured({ "ROLE_ADMIN" })
 	@RolesAllowed({ "ROLE_ADMIN" })
 	@PreAuthorize("hasRole('ROLE_ADMIN')")
diff --git a/core/src/test/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSourceTests.java b/core/src/test/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSourceTests.java
index 7e78a22718..4feb54a5ed 100644
--- a/core/src/test/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSourceTests.java
+++ b/core/src/test/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSourceTests.java
@@ -202,9 +202,6 @@ public class Jsr250MethodSecurityMetadataSourceTests {
 		assertThat(accessAttributes.toArray()[0].toString()).isEqualTo("ROLE_DERIVED");
 	}
 
-	// ~ Inner Classes
-	// ======================================================================================================
-
 	public static class A {
 
 		public void noRoleMethod() {
diff --git a/core/src/test/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSourceTests.java b/core/src/test/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSourceTests.java
index d9364734c8..147c2a55f7 100644
--- a/core/src/test/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSourceTests.java
+++ b/core/src/test/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSourceTests.java
@@ -48,14 +48,8 @@ import org.springframework.security.core.GrantedAuthority;
  */
 public class SecuredAnnotationSecurityMetadataSourceTests {
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private SecuredAnnotationSecurityMetadataSource mds = new SecuredAnnotationSecurityMetadataSource();
 
-	// ~ Methods
-	// ========================================================================================================
-
 	@Test
 	public void genericsSuperclassDeclarationsAreIncludedWhenSubclassesOverride() {
 		Method method = null;
diff --git a/core/src/test/java/org/springframework/security/access/expression/method/MethodExpressionVoterTests.java b/core/src/test/java/org/springframework/security/access/expression/method/MethodExpressionVoterTests.java
index ec66b1ae3b..ae7bab6565 100644
--- a/core/src/test/java/org/springframework/security/access/expression/method/MethodExpressionVoterTests.java
+++ b/core/src/test/java/org/springframework/security/access/expression/method/MethodExpressionVoterTests.java
@@ -147,9 +147,6 @@ public class MethodExpressionVoterTests {
 		return Target.class.getMethod("methodTakingACollection", Collection.class);
 	}
 
-	// ~ Inner Classes
-	// ==================================================================================================
-
 	private interface Target {
 
 		void methodTakingAnArray(Object[] args);
diff --git a/core/src/test/java/org/springframework/security/access/expression/method/PrePostAnnotationSecurityMetadataSourceTests.java b/core/src/test/java/org/springframework/security/access/expression/method/PrePostAnnotationSecurityMetadataSourceTests.java
index ef0c9abbc2..f648b9c6b8 100644
--- a/core/src/test/java/org/springframework/security/access/expression/method/PrePostAnnotationSecurityMetadataSourceTests.java
+++ b/core/src/test/java/org/springframework/security/access/expression/method/PrePostAnnotationSecurityMetadataSourceTests.java
@@ -190,9 +190,6 @@ public class PrePostAnnotationSecurityMetadataSourceTests {
 		assertThat(expression.getExpressionString()).isEqualTo("hasRole('ROLE_PERSON')");
 	}
 
-	// ~ Inner Classes
-	// ==================================================================================================
-
 	public interface ReturnVoid {
 
 		void doSomething(List<?> param);
diff --git a/core/src/test/java/org/springframework/security/access/intercept/AbstractSecurityInterceptorTests.java b/core/src/test/java/org/springframework/security/access/intercept/AbstractSecurityInterceptorTests.java
index 7ea4f8eb2e..7546358198 100644
--- a/core/src/test/java/org/springframework/security/access/intercept/AbstractSecurityInterceptorTests.java
+++ b/core/src/test/java/org/springframework/security/access/intercept/AbstractSecurityInterceptorTests.java
@@ -32,9 +32,6 @@ import org.springframework.security.util.SimpleMethodInvocation;
  */
 public class AbstractSecurityInterceptorTests {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	@Test(expected = IllegalArgumentException.class)
 	public void detectsIfInvocationPassedIncompatibleSecureObject() {
 		MockSecurityInterceptorWhichOnlySupportsStrings si = new MockSecurityInterceptorWhichOnlySupportsStrings();
@@ -58,9 +55,6 @@ public class AbstractSecurityInterceptorTests {
 		si.afterPropertiesSet();
 	}
 
-	// ~ Inner Classes
-	// ==================================================================================================
-
 	private class MockSecurityInterceptorReturnsNull extends AbstractSecurityInterceptor {
 
 		private SecurityMetadataSource securityMetadataSource;
diff --git a/core/src/test/java/org/springframework/security/access/intercept/AfterInvocationProviderManagerTests.java b/core/src/test/java/org/springframework/security/access/intercept/AfterInvocationProviderManagerTests.java
index d2439954ab..686b323593 100644
--- a/core/src/test/java/org/springframework/security/access/intercept/AfterInvocationProviderManagerTests.java
+++ b/core/src/test/java/org/springframework/security/access/intercept/AfterInvocationProviderManagerTests.java
@@ -40,8 +40,6 @@ import org.springframework.security.util.SimpleMethodInvocation;
 @SuppressWarnings("unchecked")
 public class AfterInvocationProviderManagerTests {
 
-	// ~ Methods
-	// ========================================================================================================
 	@Test
 	public void testCorrectOperation() throws Exception {
 		AfterInvocationProviderManager manager = new AfterInvocationProviderManager();
@@ -147,9 +145,6 @@ public class AfterInvocationProviderManagerTests {
 		assertThat(manager.supports(MethodInvocation.class)).isTrue();
 	}
 
-	// ~ Inner Classes
-	// ==================================================================================================
-
 	/**
 	 * Always returns the constructor-defined <code>forceReturnObject</code>, provided the
 	 * same configuration attribute was provided. Also stores the secure object it
diff --git a/core/src/test/java/org/springframework/security/access/intercept/NullRunAsManagerTests.java b/core/src/test/java/org/springframework/security/access/intercept/NullRunAsManagerTests.java
index 8f8ca85e0a..cd83bb1510 100644
--- a/core/src/test/java/org/springframework/security/access/intercept/NullRunAsManagerTests.java
+++ b/core/src/test/java/org/springframework/security/access/intercept/NullRunAsManagerTests.java
@@ -28,9 +28,6 @@ import org.springframework.security.access.SecurityConfig;
  */
 public class NullRunAsManagerTests {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	@Test
 	public void testAlwaysReturnsNull() {
 		NullRunAsManager runAs = new NullRunAsManager();
diff --git a/core/src/test/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptorTests.java b/core/src/test/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptorTests.java
index eff1830caf..af5f365919 100644
--- a/core/src/test/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptorTests.java
+++ b/core/src/test/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptorTests.java
@@ -71,9 +71,6 @@ public class MethodSecurityInterceptorTests {
 
 	private ApplicationEventPublisher eventPublisher;
 
-	// ~ Methods
-	// ========================================================================================================
-
 	@Before
 	public final void setUp() {
 		SecurityContextHolder.clearContext();
diff --git a/core/src/test/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisorTests.java b/core/src/test/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisorTests.java
index 88e83036b2..7330bd524c 100644
--- a/core/src/test/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisorTests.java
+++ b/core/src/test/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisorTests.java
@@ -34,8 +34,6 @@ import org.springframework.security.access.method.MethodSecurityMetadataSource;
  */
 public class MethodSecurityMetadataSourceAdvisorTests {
 
-	// ~ Methods
-	// ========================================================================================================
 	@Test
 	public void testAdvisorReturnsFalseWhenMethodInvocationNotDefined() throws Exception {
 		Class<TargetObject> clazz = TargetObject.class;
diff --git a/core/src/test/java/org/springframework/security/access/intercept/aspectj/AspectJMethodSecurityInterceptorTests.java b/core/src/test/java/org/springframework/security/access/intercept/aspectj/AspectJMethodSecurityInterceptorTests.java
index 593db48047..ebc5d5eddf 100644
--- a/core/src/test/java/org/springframework/security/access/intercept/aspectj/AspectJMethodSecurityInterceptorTests.java
+++ b/core/src/test/java/org/springframework/security/access/intercept/aspectj/AspectJMethodSecurityInterceptorTests.java
@@ -69,9 +69,6 @@ public class AspectJMethodSecurityInterceptorTests {
 
 	private ProceedingJoinPoint joinPoint;
 
-	// ~ Methods
-	// ========================================================================================================
-
 	@Before
 	public final void setUp() {
 		MockitoAnnotations.initMocks(this);
diff --git a/core/src/test/java/org/springframework/security/access/intercept/method/MethodInvocationPrivilegeEvaluatorTests.java b/core/src/test/java/org/springframework/security/access/intercept/method/MethodInvocationPrivilegeEvaluatorTests.java
index bc7db2355b..377e301b5f 100644
--- a/core/src/test/java/org/springframework/security/access/intercept/method/MethodInvocationPrivilegeEvaluatorTests.java
+++ b/core/src/test/java/org/springframework/security/access/intercept/method/MethodInvocationPrivilegeEvaluatorTests.java
@@ -58,9 +58,6 @@ public class MethodInvocationPrivilegeEvaluatorTests {
 
 	private final List<ConfigAttribute> role = SecurityConfig.createList("ROLE_IGNORED");
 
-	// ~ Methods
-	// ========================================================================================================
-
 	@Before
 	public final void setUp() {
 		SecurityContextHolder.clearContext();
diff --git a/core/src/test/java/org/springframework/security/access/vote/AbstractAccessDecisionManagerTests.java b/core/src/test/java/org/springframework/security/access/vote/AbstractAccessDecisionManagerTests.java
index fbf69e25c3..e3ad93ee39 100644
--- a/core/src/test/java/org/springframework/security/access/vote/AbstractAccessDecisionManagerTests.java
+++ b/core/src/test/java/org/springframework/security/access/vote/AbstractAccessDecisionManagerTests.java
@@ -37,8 +37,6 @@ import org.springframework.security.core.Authentication;
 @SuppressWarnings("unchecked")
 public class AbstractAccessDecisionManagerTests {
 
-	// ~ Methods
-	// ========================================================================================================
 	@Test
 	public void testAllowIfAccessDecisionManagerDefaults() {
 		List list = new Vector();
@@ -131,9 +129,6 @@ public class AbstractAccessDecisionManagerTests {
 		}
 	}
 
-	// ~ Inner Classes
-	// ==================================================================================================
-
 	private class MockDecisionManagerImpl extends AbstractAccessDecisionManager {
 
 		protected MockDecisionManagerImpl(List<AccessDecisionVoter<? extends Object>> decisionVoters) {
diff --git a/core/src/test/java/org/springframework/security/access/vote/DenyAgainVoter.java b/core/src/test/java/org/springframework/security/access/vote/DenyAgainVoter.java
index c51074d0f0..7f2dc3e970 100644
--- a/core/src/test/java/org/springframework/security/access/vote/DenyAgainVoter.java
+++ b/core/src/test/java/org/springframework/security/access/vote/DenyAgainVoter.java
@@ -35,9 +35,6 @@ import java.util.Iterator;
  */
 public class DenyAgainVoter implements AccessDecisionVoter<Object> {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public boolean supports(ConfigAttribute attribute) {
 		if ("DENY_AGAIN_FOR_SURE".equals(attribute.getAttribute())) {
 			return true;
diff --git a/core/src/test/java/org/springframework/security/access/vote/DenyVoter.java b/core/src/test/java/org/springframework/security/access/vote/DenyVoter.java
index d30ba67749..05248fc1c8 100644
--- a/core/src/test/java/org/springframework/security/access/vote/DenyVoter.java
+++ b/core/src/test/java/org/springframework/security/access/vote/DenyVoter.java
@@ -37,9 +37,6 @@ import java.util.Iterator;
  */
 public class DenyVoter implements AccessDecisionVoter<Object> {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public boolean supports(ConfigAttribute attribute) {
 		if ("DENY_FOR_SURE".equals(attribute.getAttribute())) {
 			return true;
diff --git a/core/src/test/java/org/springframework/security/access/vote/SomeDomainObject.java b/core/src/test/java/org/springframework/security/access/vote/SomeDomainObject.java
index ab147f7399..d8507a9fc0 100644
--- a/core/src/test/java/org/springframework/security/access/vote/SomeDomainObject.java
+++ b/core/src/test/java/org/springframework/security/access/vote/SomeDomainObject.java
@@ -23,21 +23,12 @@ package org.springframework.security.access.vote;
  */
 public class SomeDomainObject {
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private String identity;
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	public SomeDomainObject(String identity) {
 		this.identity = identity;
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public String getParent() {
 		return "parentOf" + identity;
 	}
diff --git a/core/src/test/java/org/springframework/security/access/vote/SomeDomainObjectManager.java b/core/src/test/java/org/springframework/security/access/vote/SomeDomainObjectManager.java
index e8b4547c4e..abde87e604 100644
--- a/core/src/test/java/org/springframework/security/access/vote/SomeDomainObjectManager.java
+++ b/core/src/test/java/org/springframework/security/access/vote/SomeDomainObjectManager.java
@@ -24,9 +24,6 @@ package org.springframework.security.access.vote;
  */
 public class SomeDomainObjectManager {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public void someServiceMethod(SomeDomainObject someDomainObject) {
 	}
 
diff --git a/core/src/test/java/org/springframework/security/access/vote/UnanimousBasedTests.java b/core/src/test/java/org/springframework/security/access/vote/UnanimousBasedTests.java
index 93e3112e37..fe35268abb 100644
--- a/core/src/test/java/org/springframework/security/access/vote/UnanimousBasedTests.java
+++ b/core/src/test/java/org/springframework/security/access/vote/UnanimousBasedTests.java
@@ -36,9 +36,6 @@ import org.springframework.security.authentication.TestingAuthenticationToken;
  */
 public class UnanimousBasedTests {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	private UnanimousBased makeDecisionManager() {
 		RoleVoter roleVoter = new RoleVoter();
 		DenyVoter denyForSureVoter = new DenyVoter();
diff --git a/core/src/test/java/org/springframework/security/authentication/AbstractAuthenticationTokenTests.java b/core/src/test/java/org/springframework/security/authentication/AbstractAuthenticationTokenTests.java
index 72c63c6aa9..34907dfba1 100644
--- a/core/src/test/java/org/springframework/security/authentication/AbstractAuthenticationTokenTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/AbstractAuthenticationTokenTests.java
@@ -34,14 +34,8 @@ import java.util.*;
  */
 public class AbstractAuthenticationTokenTests {
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private List<GrantedAuthority> authorities = null;
 
-	// ~ Methods
-	// ========================================================================================================
-
 	@Before
 	public final void setUp() {
 		authorities = AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO");
@@ -136,9 +130,6 @@ public class AbstractAuthenticationTokenTests {
 		verify(principal, times(1)).getName();
 	}
 
-	// ~ Inner Classes
-	// ==================================================================================================
-
 	private class MockAuthenticationImpl extends AbstractAuthenticationToken {
 
 		private Object credentials;
diff --git a/core/src/test/java/org/springframework/security/authentication/AuthenticationTrustResolverImplTests.java b/core/src/test/java/org/springframework/security/authentication/AuthenticationTrustResolverImplTests.java
index 963332b501..e43662de7f 100644
--- a/core/src/test/java/org/springframework/security/authentication/AuthenticationTrustResolverImplTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/AuthenticationTrustResolverImplTests.java
@@ -29,8 +29,6 @@ import org.springframework.security.core.authority.AuthorityUtils;
  */
 public class AuthenticationTrustResolverImplTests {
 
-	// ~ Methods
-	// ========================================================================================================
 	@Test
 	public void testCorrectOperationIsAnonymous() {
 		AuthenticationTrustResolverImpl trustResolver = new AuthenticationTrustResolverImpl();
diff --git a/core/src/test/java/org/springframework/security/authentication/ProviderManagerTests.java b/core/src/test/java/org/springframework/security/authentication/ProviderManagerTests.java
index 8de0dfdcb0..428adb17e6 100644
--- a/core/src/test/java/org/springframework/security/authentication/ProviderManagerTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/ProviderManagerTests.java
@@ -358,9 +358,6 @@ public class ProviderManagerTests {
 		return new ProviderManager(provider);
 	}
 
-	// ~ Inner Classes
-	// ==================================================================================================
-
 	private static class MockProvider implements AuthenticationProvider {
 
 		public Authentication authenticate(Authentication authentication) throws AuthenticationException {
diff --git a/core/src/test/java/org/springframework/security/authentication/UsernamePasswordAuthenticationTokenTests.java b/core/src/test/java/org/springframework/security/authentication/UsernamePasswordAuthenticationTokenTests.java
index 4f93382b33..49bce2def9 100644
--- a/core/src/test/java/org/springframework/security/authentication/UsernamePasswordAuthenticationTokenTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/UsernamePasswordAuthenticationTokenTests.java
@@ -29,9 +29,6 @@ import org.springframework.security.core.authority.AuthorityUtils;
  */
 public class UsernamePasswordAuthenticationTokenTests {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	@Test
 	public void authenticatedPropertyContractIsSatisfied() {
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password",
diff --git a/core/src/test/java/org/springframework/security/authentication/anonymous/AnonymousAuthenticationProviderTests.java b/core/src/test/java/org/springframework/security/authentication/anonymous/AnonymousAuthenticationProviderTests.java
index d1aed04429..a807bcb8dc 100644
--- a/core/src/test/java/org/springframework/security/authentication/anonymous/AnonymousAuthenticationProviderTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/anonymous/AnonymousAuthenticationProviderTests.java
@@ -33,9 +33,6 @@ import org.springframework.security.core.authority.AuthorityUtils;
  */
 public class AnonymousAuthenticationProviderTests {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	@Test
 	public void testDetectsAnInvalidKey() {
 		AnonymousAuthenticationProvider aap = new AnonymousAuthenticationProvider("qwerty");
diff --git a/core/src/test/java/org/springframework/security/authentication/anonymous/AnonymousAuthenticationTokenTests.java b/core/src/test/java/org/springframework/security/authentication/anonymous/AnonymousAuthenticationTokenTests.java
index 544aaef640..943d6a5f7c 100644
--- a/core/src/test/java/org/springframework/security/authentication/anonymous/AnonymousAuthenticationTokenTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/anonymous/AnonymousAuthenticationTokenTests.java
@@ -37,8 +37,6 @@ public class AnonymousAuthenticationTokenTests {
 
 	private final static List<GrantedAuthority> ROLES_12 = AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO");
 
-	// ~ Methods
-	// ========================================================================================================
 	@Test
 	public void testConstructorRejectsNulls() {
 		try {
diff --git a/core/src/test/java/org/springframework/security/authentication/dao/DaoAuthenticationProviderTests.java b/core/src/test/java/org/springframework/security/authentication/dao/DaoAuthenticationProviderTests.java
index 8ac4bc9f26..76447924f1 100644
--- a/core/src/test/java/org/springframework/security/authentication/dao/DaoAuthenticationProviderTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/dao/DaoAuthenticationProviderTests.java
@@ -70,8 +70,6 @@ public class DaoAuthenticationProviderTests {
 
 	private static final List<GrantedAuthority> ROLES_12 = AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO");
 
-	// ~ Methods
-	// ========================================================================================================
 	@Test
 	public void testAuthenticateFailsForIncorrectPasswordCase() {
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("rod", "KOala");
@@ -684,9 +682,6 @@ public class DaoAuthenticationProviderTests {
 		verify(encoder, times(0)).matches(anyString(), anyString());
 	}
 
-	// ~ Inner Classes
-	// ==================================================================================================
-
 	private class MockUserDetailsServiceReturnsNull implements UserDetailsService {
 
 		public UserDetails loadUserByUsername(String username) {
diff --git a/core/src/test/java/org/springframework/security/authentication/event/AuthenticationEventTests.java b/core/src/test/java/org/springframework/security/authentication/event/AuthenticationEventTests.java
index 786ebd3e12..d8df1bb25f 100644
--- a/core/src/test/java/org/springframework/security/authentication/event/AuthenticationEventTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/event/AuthenticationEventTests.java
@@ -32,9 +32,6 @@ import org.springframework.security.core.AuthenticationException;
  */
 public class AuthenticationEventTests {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	private Authentication getAuthentication() {
 		UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken("Principal",
 				"Credentials");
diff --git a/core/src/test/java/org/springframework/security/authentication/event/LoggerListenerTests.java b/core/src/test/java/org/springframework/security/authentication/event/LoggerListenerTests.java
index 1d31a2990a..c8eaabb4dd 100644
--- a/core/src/test/java/org/springframework/security/authentication/event/LoggerListenerTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/event/LoggerListenerTests.java
@@ -28,9 +28,6 @@ import org.springframework.security.core.Authentication;
  */
 public class LoggerListenerTests {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	private Authentication getAuthentication() {
 		UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken("Principal",
 				"Credentials");
diff --git a/core/src/test/java/org/springframework/security/authentication/jaas/JaasAuthenticationProviderTests.java b/core/src/test/java/org/springframework/security/authentication/jaas/JaasAuthenticationProviderTests.java
index fb4c832ec7..a506b24bfd 100644
--- a/core/src/test/java/org/springframework/security/authentication/jaas/JaasAuthenticationProviderTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/jaas/JaasAuthenticationProviderTests.java
@@ -52,18 +52,12 @@ import org.springframework.security.core.session.SessionDestroyedEvent;
  */
 public class JaasAuthenticationProviderTests {
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private ApplicationContext context;
 
 	private JaasAuthenticationProvider jaasProvider;
 
 	private JaasEventCheck eventCheck;
 
-	// ~ Methods
-	// ========================================================================================================
-
 	@Before
 	public void setUp() {
 		String resName = "/" + getClass().getName().replace('.', '/') + ".xml";
@@ -284,9 +278,6 @@ public class JaasAuthenticationProviderTests {
 						.isNull();
 	}
 
-	// ~ Inner Classes
-	// ==================================================================================================
-
 	private static class MockLoginContext extends LoginContext {
 
 		boolean loggedOut = false;
diff --git a/core/src/test/java/org/springframework/security/authentication/jaas/JaasEventCheck.java b/core/src/test/java/org/springframework/security/authentication/jaas/JaasEventCheck.java
index 68c5b61613..fb42097d7c 100644
--- a/core/src/test/java/org/springframework/security/authentication/jaas/JaasEventCheck.java
+++ b/core/src/test/java/org/springframework/security/authentication/jaas/JaasEventCheck.java
@@ -26,16 +26,10 @@ import org.springframework.security.authentication.jaas.event.JaasAuthentication
  */
 public class JaasEventCheck implements ApplicationListener<JaasAuthenticationEvent> {
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	JaasAuthenticationFailedEvent failedEvent;
 
 	JaasAuthenticationSuccessEvent successEvent;
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public void onApplicationEvent(JaasAuthenticationEvent event) {
 		if (event instanceof JaasAuthenticationFailedEvent) {
 			failedEvent = (JaasAuthenticationFailedEvent) event;
diff --git a/core/src/test/java/org/springframework/security/authentication/jaas/SecurityContextLoginModuleTests.java b/core/src/test/java/org/springframework/security/authentication/jaas/SecurityContextLoginModuleTests.java
index 9d47287550..dd992af4b0 100644
--- a/core/src/test/java/org/springframework/security/authentication/jaas/SecurityContextLoginModuleTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/jaas/SecurityContextLoginModuleTests.java
@@ -40,9 +40,6 @@ import static org.assertj.core.api.Assertions.fail;
  */
 public class SecurityContextLoginModuleTests {
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private SecurityContextLoginModule module = null;
 
 	private Subject subject = new Subject(false, new HashSet<>(), new HashSet<>(), new HashSet<>());
@@ -50,9 +47,6 @@ public class SecurityContextLoginModuleTests {
 	private UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("principal",
 			"credentials");
 
-	// ~ Methods
-	// ========================================================================================================
-
 	@Before
 	public void setUp() {
 		this.module = new SecurityContextLoginModule();
diff --git a/core/src/test/java/org/springframework/security/authentication/jaas/TestAuthorityGranter.java b/core/src/test/java/org/springframework/security/authentication/jaas/TestAuthorityGranter.java
index e8ab46cf2a..379e88fd75 100644
--- a/core/src/test/java/org/springframework/security/authentication/jaas/TestAuthorityGranter.java
+++ b/core/src/test/java/org/springframework/security/authentication/jaas/TestAuthorityGranter.java
@@ -28,9 +28,6 @@ import org.springframework.security.authentication.jaas.AuthorityGranter;
  */
 public class TestAuthorityGranter implements AuthorityGranter {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public Set<String> grant(Principal principal) {
 		Set<String> rtnSet = new HashSet<>();
 
diff --git a/core/src/test/java/org/springframework/security/authentication/jaas/TestCallbackHandler.java b/core/src/test/java/org/springframework/security/authentication/jaas/TestCallbackHandler.java
index 1d222f0689..74af5cc789 100644
--- a/core/src/test/java/org/springframework/security/authentication/jaas/TestCallbackHandler.java
+++ b/core/src/test/java/org/springframework/security/authentication/jaas/TestCallbackHandler.java
@@ -29,9 +29,6 @@ import javax.security.auth.callback.TextInputCallback;
  */
 public class TestCallbackHandler implements JaasAuthenticationCallbackHandler {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public void handle(Callback callback, Authentication auth) {
 		if (callback instanceof TextInputCallback) {
 			TextInputCallback tic = (TextInputCallback) callback;
diff --git a/core/src/test/java/org/springframework/security/authentication/jaas/TestLoginModule.java b/core/src/test/java/org/springframework/security/authentication/jaas/TestLoginModule.java
index d7a6c4f3e3..6a283f02c6 100644
--- a/core/src/test/java/org/springframework/security/authentication/jaas/TestLoginModule.java
+++ b/core/src/test/java/org/springframework/security/authentication/jaas/TestLoginModule.java
@@ -28,18 +28,12 @@ import javax.security.auth.spi.LoginModule;
  */
 public class TestLoginModule implements LoginModule {
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private String password;
 
 	private String user;
 
 	private Subject subject;
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public boolean abort() {
 		return true;
 	}
diff --git a/core/src/test/java/org/springframework/security/authentication/rcp/RemoteAuthenticationManagerImplTests.java b/core/src/test/java/org/springframework/security/authentication/rcp/RemoteAuthenticationManagerImplTests.java
index cd50afa5b6..b255f4a3e9 100644
--- a/core/src/test/java/org/springframework/security/authentication/rcp/RemoteAuthenticationManagerImplTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/rcp/RemoteAuthenticationManagerImplTests.java
@@ -32,9 +32,6 @@ import org.springframework.security.core.Authentication;
  */
 public class RemoteAuthenticationManagerImplTests {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	@Test(expected = RemoteAuthenticationException.class)
 	public void testFailedAuthenticationReturnsRemoteAuthenticationException() {
 		RemoteAuthenticationManagerImpl manager = new RemoteAuthenticationManagerImpl();
diff --git a/core/src/test/java/org/springframework/security/authentication/rcp/RemoteAuthenticationProviderTests.java b/core/src/test/java/org/springframework/security/authentication/rcp/RemoteAuthenticationProviderTests.java
index 8e35e05037..d3c78640da 100644
--- a/core/src/test/java/org/springframework/security/authentication/rcp/RemoteAuthenticationProviderTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/rcp/RemoteAuthenticationProviderTests.java
@@ -35,9 +35,6 @@ import static org.assertj.core.api.Assertions.fail;
  */
 public class RemoteAuthenticationProviderTests {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	@Test
 	public void testExceptionsGetPassedBackToCaller() {
 		RemoteAuthenticationProvider provider = new RemoteAuthenticationProvider();
@@ -107,9 +104,6 @@ public class RemoteAuthenticationProviderTests {
 		assertThat(provider.supports(UsernamePasswordAuthenticationToken.class)).isTrue();
 	}
 
-	// ~ Inner Classes
-	// ==================================================================================================
-
 	private class MockRemoteAuthenticationManager implements RemoteAuthenticationManager {
 
 		private boolean grantAccess;
diff --git a/core/src/test/java/org/springframework/security/authentication/rememberme/RememberMeAuthenticationProviderTests.java b/core/src/test/java/org/springframework/security/authentication/rememberme/RememberMeAuthenticationProviderTests.java
index e481cb8a91..3673f6b05e 100644
--- a/core/src/test/java/org/springframework/security/authentication/rememberme/RememberMeAuthenticationProviderTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/rememberme/RememberMeAuthenticationProviderTests.java
@@ -35,8 +35,6 @@ import static org.assertj.core.api.Assertions.fail;
  */
 public class RememberMeAuthenticationProviderTests {
 
-	// ~ Methods
-	// ========================================================================================================
 	@Test
 	public void testDetectsAnInvalidKey() {
 		RememberMeAuthenticationProvider aap = new RememberMeAuthenticationProvider("qwerty");
diff --git a/core/src/test/java/org/springframework/security/authentication/rememberme/RememberMeAuthenticationTokenTests.java b/core/src/test/java/org/springframework/security/authentication/rememberme/RememberMeAuthenticationTokenTests.java
index b5ef5417d4..c8173dfc90 100644
--- a/core/src/test/java/org/springframework/security/authentication/rememberme/RememberMeAuthenticationTokenTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/rememberme/RememberMeAuthenticationTokenTests.java
@@ -36,8 +36,6 @@ public class RememberMeAuthenticationTokenTests {
 
 	private static final List<GrantedAuthority> ROLES_12 = AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO");
 
-	// ~ Methods
-	// ========================================================================================================
 	@Test
 	public void testConstructorRejectsNulls() {
 		try {
diff --git a/core/src/test/java/org/springframework/security/core/SpringSecurityMessageSourceTests.java b/core/src/test/java/org/springframework/security/core/SpringSecurityMessageSourceTests.java
index 909ab4e9cf..03b705ed65 100644
--- a/core/src/test/java/org/springframework/security/core/SpringSecurityMessageSourceTests.java
+++ b/core/src/test/java/org/springframework/security/core/SpringSecurityMessageSourceTests.java
@@ -29,8 +29,6 @@ import org.springframework.context.support.MessageSourceAccessor;
  */
 public class SpringSecurityMessageSourceTests {
 
-	// ~ Methods
-	// ========================================================================================================
 	@Test
 	public void testOperation() {
 		SpringSecurityMessageSource msgs = new SpringSecurityMessageSource();
diff --git a/core/src/test/java/org/springframework/security/core/context/SecurityContextHolderTests.java b/core/src/test/java/org/springframework/security/core/context/SecurityContextHolderTests.java
index b1141b60c9..c0f95dbe27 100644
--- a/core/src/test/java/org/springframework/security/core/context/SecurityContextHolderTests.java
+++ b/core/src/test/java/org/springframework/security/core/context/SecurityContextHolderTests.java
@@ -30,8 +30,6 @@ import org.springframework.security.core.context.SecurityContextImpl;
  */
 public class SecurityContextHolderTests {
 
-	// ~ Methods
-	// ========================================================================================================
 	@Before
 	public final void setUp() {
 		SecurityContextHolder.setStrategyName(SecurityContextHolder.MODE_INHERITABLETHREADLOCAL);
diff --git a/core/src/test/java/org/springframework/security/core/context/SecurityContextImplTests.java b/core/src/test/java/org/springframework/security/core/context/SecurityContextImplTests.java
index e012fb4a12..a796a38b35 100644
--- a/core/src/test/java/org/springframework/security/core/context/SecurityContextImplTests.java
+++ b/core/src/test/java/org/springframework/security/core/context/SecurityContextImplTests.java
@@ -29,8 +29,6 @@ import org.springframework.security.core.Authentication;
  */
 public class SecurityContextImplTests {
 
-	// ~ Methods
-	// ========================================================================================================
 	@Test
 	public void testEmptyObjectsAreEquals() {
 		SecurityContextImpl obj1 = new SecurityContextImpl();
diff --git a/core/src/test/java/org/springframework/security/core/session/SessionInformationTests.java b/core/src/test/java/org/springframework/security/core/session/SessionInformationTests.java
index c7123048aa..8da1c9008a 100644
--- a/core/src/test/java/org/springframework/security/core/session/SessionInformationTests.java
+++ b/core/src/test/java/org/springframework/security/core/session/SessionInformationTests.java
@@ -29,8 +29,6 @@ import org.junit.Test;
  */
 public class SessionInformationTests {
 
-	// ~ Methods
-	// ========================================================================================================
 	@Test
 	public void testObject() throws Exception {
 		Object principal = "Some principal object";
diff --git a/core/src/test/java/org/springframework/security/core/session/SessionRegistryImplTests.java b/core/src/test/java/org/springframework/security/core/session/SessionRegistryImplTests.java
index 411b982293..55e2b6d6be 100644
--- a/core/src/test/java/org/springframework/security/core/session/SessionRegistryImplTests.java
+++ b/core/src/test/java/org/springframework/security/core/session/SessionRegistryImplTests.java
@@ -37,9 +37,6 @@ public class SessionRegistryImplTests {
 
 	private SessionRegistryImpl sessionRegistry;
 
-	// ~ Methods
-	// ========================================================================================================
-
 	@Before
 	public void setUp() {
 		sessionRegistry = new SessionRegistryImpl();
diff --git a/core/src/test/java/org/springframework/security/core/userdetails/UserTests.java b/core/src/test/java/org/springframework/security/core/userdetails/UserTests.java
index 52d3503d63..198684ab3e 100644
--- a/core/src/test/java/org/springframework/security/core/userdetails/UserTests.java
+++ b/core/src/test/java/org/springframework/security/core/userdetails/UserTests.java
@@ -39,9 +39,6 @@ public class UserTests {
 
 	private static final List<GrantedAuthority> ROLE_12 = AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO");
 
-	// ~ Methods
-	// ========================================================================================================
-
 	@Test
 	public void equalsReturnsTrueIfUsernamesAreTheSame() {
 		User user1 = new User("rod", "koala", true, true, true, true, ROLE_12);
diff --git a/core/src/test/java/org/springframework/security/core/userdetails/cache/EhCacheBasedUserCacheTests.java b/core/src/test/java/org/springframework/security/core/userdetails/cache/EhCacheBasedUserCacheTests.java
index 5f77e6137b..c429ac2939 100644
--- a/core/src/test/java/org/springframework/security/core/userdetails/cache/EhCacheBasedUserCacheTests.java
+++ b/core/src/test/java/org/springframework/security/core/userdetails/cache/EhCacheBasedUserCacheTests.java
@@ -37,8 +37,6 @@ public class EhCacheBasedUserCacheTests {
 
 	private static CacheManager cacheManager;
 
-	// ~ Methods
-	// ========================================================================================================
 	@BeforeClass
 	public static void initCacheManaer() {
 		cacheManager = CacheManager.create();
diff --git a/core/src/test/java/org/springframework/security/core/userdetails/cache/NullUserCacheTests.java b/core/src/test/java/org/springframework/security/core/userdetails/cache/NullUserCacheTests.java
index a61a797ab9..614387a7fd 100644
--- a/core/src/test/java/org/springframework/security/core/userdetails/cache/NullUserCacheTests.java
+++ b/core/src/test/java/org/springframework/security/core/userdetails/cache/NullUserCacheTests.java
@@ -29,9 +29,6 @@ import org.springframework.security.core.userdetails.User;
  */
 public class NullUserCacheTests {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	private User getUser() {
 		return new User("john", "password", true, true, true, true,
 				AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO"));
diff --git a/core/src/test/java/org/springframework/security/core/userdetails/cache/SpringCacheBasedUserCacheTests.java b/core/src/test/java/org/springframework/security/core/userdetails/cache/SpringCacheBasedUserCacheTests.java
index c4135724f4..8d37b8e11c 100644
--- a/core/src/test/java/org/springframework/security/core/userdetails/cache/SpringCacheBasedUserCacheTests.java
+++ b/core/src/test/java/org/springframework/security/core/userdetails/cache/SpringCacheBasedUserCacheTests.java
@@ -39,8 +39,6 @@ public class SpringCacheBasedUserCacheTests {
 
 	private static CacheManager cacheManager;
 
-	// ~ Methods
-	// ========================================================================================================
 	@BeforeClass
 	public static void initCacheManaer() {
 		cacheManager = new ConcurrentMapCacheManager();
diff --git a/core/src/test/java/org/springframework/security/core/userdetails/jdbc/JdbcDaoImplTests.java b/core/src/test/java/org/springframework/security/core/userdetails/jdbc/JdbcDaoImplTests.java
index 0980ba1ee0..bfad0a615e 100644
--- a/core/src/test/java/org/springframework/security/core/userdetails/jdbc/JdbcDaoImplTests.java
+++ b/core/src/test/java/org/springframework/security/core/userdetails/jdbc/JdbcDaoImplTests.java
@@ -39,9 +39,6 @@ import static org.mockito.Mockito.verify;
  */
 public class JdbcDaoImplTests {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	private JdbcDaoImpl makePopulatedJdbcDao() {
 		JdbcDaoImpl dao = new JdbcDaoImpl();
 		dao.setDataSource(PopulatedDatabase.getDataSource());
diff --git a/crypto/src/main/java/org/springframework/security/crypto/password/LdapShaPasswordEncoder.java b/crypto/src/main/java/org/springframework/security/crypto/password/LdapShaPasswordEncoder.java
index 0ee12c20eb..a698244f23 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/password/LdapShaPasswordEncoder.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/password/LdapShaPasswordEncoder.java
@@ -45,9 +45,6 @@ import java.util.Base64;
 @Deprecated
 public class LdapShaPasswordEncoder implements PasswordEncoder {
 
-	// ~ Static fields/initializers
-	// =====================================================================================
-
 	/** The number of bytes in a SHA hash */
 	private static final int SHA_LENGTH = 20;
 
@@ -59,15 +56,10 @@ public class LdapShaPasswordEncoder implements PasswordEncoder {
 
 	private static final String SHA_PREFIX_LC = SHA_PREFIX.toLowerCase();
 
-	// ~ Instance fields
-	// ================================================================================================
 	private BytesKeyGenerator saltGenerator;
 
 	private boolean forceLowerCasePrefix;
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	public LdapShaPasswordEncoder() {
 		this(KeyGenerators.secureRandom());
 	}
@@ -79,9 +71,6 @@ public class LdapShaPasswordEncoder implements PasswordEncoder {
 		this.saltGenerator = saltGenerator;
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	private byte[] combineHashAndSalt(byte[] hash, byte[] salt) {
 		if (salt == null) {
 			return hash;
diff --git a/crypto/src/test/java/org/springframework/security/crypto/password/LdapShaPasswordEncoderTests.java b/crypto/src/test/java/org/springframework/security/crypto/password/LdapShaPasswordEncoderTests.java
index 37c20b8956..99b6021f0b 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/password/LdapShaPasswordEncoderTests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/password/LdapShaPasswordEncoderTests.java
@@ -29,14 +29,8 @@ import static org.assertj.core.api.Assertions.assertThat;
 @SuppressWarnings("deprecation")
 public class LdapShaPasswordEncoderTests {
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	LdapShaPasswordEncoder sha = new LdapShaPasswordEncoder();
 
-	// ~ Methods
-	// ========================================================================================================
-
 	@Test
 	public void invalidPasswordFails() {
 		assertThat(this.sha.matches("wrongpassword", "{SHA}ddSFGmjXYPbZC+NXR2kCzBRjqiE=")).isFalse();
diff --git a/crypto/src/test/java/org/springframework/security/crypto/password/MessageDigestPasswordEncoderTests.java b/crypto/src/test/java/org/springframework/security/crypto/password/MessageDigestPasswordEncoderTests.java
index 7e62c413fc..a430e8108e 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/password/MessageDigestPasswordEncoderTests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/password/MessageDigestPasswordEncoderTests.java
@@ -33,9 +33,6 @@ import static org.assertj.core.api.Assertions.assertThat;
 @SuppressWarnings("deprecation")
 public class MessageDigestPasswordEncoderTests {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	@Test
 	public void md5BasicFunctionality() {
 		MessageDigestPasswordEncoder pe = new MessageDigestPasswordEncoder("MD5");
diff --git a/ldap/src/integration-test/java/org/springframework/security/ldap/SpringSecurityLdapTemplateITests.java b/ldap/src/integration-test/java/org/springframework/security/ldap/SpringSecurityLdapTemplateITests.java
index c4bfe8b50b..c68fc51bc5 100644
--- a/ldap/src/integration-test/java/org/springframework/security/ldap/SpringSecurityLdapTemplateITests.java
+++ b/ldap/src/integration-test/java/org/springframework/security/ldap/SpringSecurityLdapTemplateITests.java
@@ -46,17 +46,11 @@ import org.springframework.test.context.junit4.SpringRunner;
 @ContextConfiguration(classes = ApacheDsContainerConfig.class)
 public class SpringSecurityLdapTemplateITests {
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	@Autowired
 	private DefaultSpringSecurityContextSource contextSource;
 
 	private SpringSecurityLdapTemplate template;
 
-	// ~ Methods
-	// ========================================================================================================
-
 	@Before
 	public void setUp() {
 		template = new SpringSecurityLdapTemplate(this.contextSource);
diff --git a/ldap/src/integration-test/java/org/springframework/security/ldap/authentication/BindAuthenticatorTests.java b/ldap/src/integration-test/java/org/springframework/security/ldap/authentication/BindAuthenticatorTests.java
index 6530c7794c..e574a396f5 100644
--- a/ldap/src/integration-test/java/org/springframework/security/ldap/authentication/BindAuthenticatorTests.java
+++ b/ldap/src/integration-test/java/org/springframework/security/ldap/authentication/BindAuthenticatorTests.java
@@ -45,9 +45,6 @@ import static org.assertj.core.api.Assertions.fail;
 @ContextConfiguration(classes = ApacheDsContainerConfig.class)
 public class BindAuthenticatorTests {
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	@Autowired
 	private DefaultSpringSecurityContextSource contextSource;
 
@@ -55,9 +52,6 @@ public class BindAuthenticatorTests {
 
 	private Authentication bob;
 
-	// ~ Methods
-	// ========================================================================================================
-
 	@Before
 	public void setUp() {
 		this.authenticator = new BindAuthenticator(this.contextSource);
diff --git a/ldap/src/integration-test/java/org/springframework/security/ldap/authentication/PasswordComparisonAuthenticatorTests.java b/ldap/src/integration-test/java/org/springframework/security/ldap/authentication/PasswordComparisonAuthenticatorTests.java
index 11ecffcf65..0e11271e20 100644
--- a/ldap/src/integration-test/java/org/springframework/security/ldap/authentication/PasswordComparisonAuthenticatorTests.java
+++ b/ldap/src/integration-test/java/org/springframework/security/ldap/authentication/PasswordComparisonAuthenticatorTests.java
@@ -47,9 +47,6 @@ import static org.assertj.core.api.Assertions.*;
 @ContextConfiguration(classes = ApacheDsContainerConfig.class)
 public class PasswordComparisonAuthenticatorTests {
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	@Autowired
 	private DefaultSpringSecurityContextSource contextSource;
 
@@ -59,9 +56,6 @@ public class PasswordComparisonAuthenticatorTests {
 
 	private Authentication ben;
 
-	// ~ Methods
-	// ========================================================================================================
-
 	@Before
 	public void setUp() {
 		authenticator = new PasswordComparisonAuthenticator(this.contextSource);
diff --git a/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/DefaultLdapAuthoritiesPopulatorTests.java b/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/DefaultLdapAuthoritiesPopulatorTests.java
index 052c604af8..fe8f635ad8 100644
--- a/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/DefaultLdapAuthoritiesPopulatorTests.java
+++ b/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/DefaultLdapAuthoritiesPopulatorTests.java
@@ -50,9 +50,6 @@ public class DefaultLdapAuthoritiesPopulatorTests {
 
 	private DefaultLdapAuthoritiesPopulator populator;
 
-	// ~ Methods
-	// ========================================================================================================
-
 	@Before
 	public void setUp() {
 		populator = new DefaultLdapAuthoritiesPopulator(this.contextSource, "ou=groups");
diff --git a/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/NestedLdapAuthoritiesPopulatorTests.java b/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/NestedLdapAuthoritiesPopulatorTests.java
index 892b542ede..04aeb47b39 100644
--- a/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/NestedLdapAuthoritiesPopulatorTests.java
+++ b/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/NestedLdapAuthoritiesPopulatorTests.java
@@ -58,9 +58,6 @@ public class NestedLdapAuthoritiesPopulatorTests {
 
 	private LdapAuthority circularJavaDevelopers;
 
-	// ~ Methods
-	// ========================================================================================================
-
 	@Before
 	public void setUp() {
 		populator = new NestedLdapAuthoritiesPopulator(this.contextSource, "ou=jdeveloper");
diff --git a/ldap/src/main/java/org/springframework/security/ldap/LdapUtils.java b/ldap/src/main/java/org/springframework/security/ldap/LdapUtils.java
index bab3457013..3568bf4fe9 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/LdapUtils.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/LdapUtils.java
@@ -37,20 +37,11 @@ import java.net.URISyntaxException;
  */
 public final class LdapUtils {
 
-	// ~ Static fields/initializers
-	// =====================================================================================
-
 	private static final Log logger = LogFactory.getLog(LdapUtils.class);
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	private LdapUtils() {
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public static void closeContext(Context ctx) {
 		if (ctx instanceof DirContextAdapter) {
 			return;
diff --git a/ldap/src/main/java/org/springframework/security/ldap/SpringSecurityLdapTemplate.java b/ldap/src/main/java/org/springframework/security/ldap/SpringSecurityLdapTemplate.java
index 1d447287f3..d0ca97112b 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/SpringSecurityLdapTemplate.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/SpringSecurityLdapTemplate.java
@@ -55,8 +55,6 @@ import java.util.Set;
  */
 public class SpringSecurityLdapTemplate extends LdapTemplate {
 
-	// ~ Static fields/initializers
-	// =====================================================================================
 	private static final Log logger = LogFactory.getLog(SpringSecurityLdapTemplate.class);
 
 	public static final String[] NO_ATTRS = new String[0];
@@ -69,15 +67,9 @@ public class SpringSecurityLdapTemplate extends LdapTemplate {
 
 	private static final boolean RETURN_OBJECT = true;
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	/** Default search controls */
 	private SearchControls searchControls = new SearchControls();
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	public SpringSecurityLdapTemplate(ContextSource contextSource) {
 		Assert.notNull(contextSource, "ContextSource cannot be null");
 		setContextSource(contextSource);
@@ -85,9 +77,6 @@ public class SpringSecurityLdapTemplate extends LdapTemplate {
 		searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE);
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	/**
 	 * Performs an LDAP compare operation of the value of an attribute for a particular
 	 * directory entry.
diff --git a/ldap/src/main/java/org/springframework/security/ldap/authentication/AbstractLdapAuthenticator.java b/ldap/src/main/java/org/springframework/security/ldap/authentication/AbstractLdapAuthenticator.java
index 43d13eb4dc..599f5d04b1 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/authentication/AbstractLdapAuthenticator.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/authentication/AbstractLdapAuthenticator.java
@@ -37,9 +37,6 @@ import java.util.List;
  */
 public abstract class AbstractLdapAuthenticator implements LdapAuthenticator, InitializingBean, MessageSourceAware {
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private final ContextSource contextSource;
 
 	/**
@@ -60,9 +57,6 @@ public abstract class AbstractLdapAuthenticator implements LdapAuthenticator, In
 	/** Stores the patterns which are used as potential DN matches */
 	private MessageFormat[] userDnFormat = null;
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	/**
 	 * Create an initialized instance with the {@link ContextSource} provided.
 	 * @param contextSource
@@ -72,9 +66,6 @@ public abstract class AbstractLdapAuthenticator implements LdapAuthenticator, In
 		this.contextSource = contextSource;
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public void afterPropertiesSet() {
 		Assert.isTrue((userDnFormat != null) || (userSearch != null),
 				"Either an LdapUserSearch or DN pattern (or both) must be supplied.");
diff --git a/ldap/src/main/java/org/springframework/security/ldap/authentication/BindAuthenticator.java b/ldap/src/main/java/org/springframework/security/ldap/authentication/BindAuthenticator.java
index a3433f094a..145456bc47 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/authentication/BindAuthenticator.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/authentication/BindAuthenticator.java
@@ -43,14 +43,8 @@ import javax.naming.directory.DirContext;
  */
 public class BindAuthenticator extends AbstractLdapAuthenticator {
 
-	// ~ Static fields/initializers
-	// =====================================================================================
-
 	private static final Log logger = LogFactory.getLog(BindAuthenticator.class);
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	/**
 	 * Create an initialized instance using the {@link BaseLdapPathContextSource}
 	 * provided.
@@ -62,9 +56,6 @@ public class BindAuthenticator extends AbstractLdapAuthenticator {
 		super(contextSource);
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public DirContextOperations authenticate(Authentication authentication) {
 		DirContextOperations user = null;
 		Assert.isInstanceOf(UsernamePasswordAuthenticationToken.class, authentication,
diff --git a/ldap/src/main/java/org/springframework/security/ldap/authentication/LdapAuthenticationProvider.java b/ldap/src/main/java/org/springframework/security/ldap/authentication/LdapAuthenticationProvider.java
index f2ab6ae526..6cf5d300b2 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/authentication/LdapAuthenticationProvider.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/authentication/LdapAuthenticationProvider.java
@@ -117,18 +117,12 @@ import org.springframework.util.Assert;
  */
 public class LdapAuthenticationProvider extends AbstractLdapAuthenticationProvider {
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private LdapAuthenticator authenticator;
 
 	private LdapAuthoritiesPopulator authoritiesPopulator;
 
 	private boolean hideUserNotFoundExceptions = true;
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	/**
 	 * Create an instance with the supplied authenticator and authorities populator
 	 * implementations.
@@ -152,9 +146,6 @@ public class LdapAuthenticationProvider extends AbstractLdapAuthenticationProvid
 		this.setAuthoritiesPopulator(new NullLdapAuthoritiesPopulator());
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	private void setAuthenticator(LdapAuthenticator authenticator) {
 		Assert.notNull(authenticator, "An LdapAuthenticator must be supplied");
 		this.authenticator = authenticator;
diff --git a/ldap/src/main/java/org/springframework/security/ldap/authentication/LdapAuthenticator.java b/ldap/src/main/java/org/springframework/security/ldap/authentication/LdapAuthenticator.java
index 2bbfd295e8..e1d2d9b391 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/authentication/LdapAuthenticator.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/authentication/LdapAuthenticator.java
@@ -31,9 +31,6 @@ import org.springframework.ldap.core.DirContextOperations;
  */
 public interface LdapAuthenticator {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	/**
 	 * Authenticates as a user and obtains additional user information from the directory.
 	 * @param authentication
diff --git a/ldap/src/main/java/org/springframework/security/ldap/authentication/PasswordComparisonAuthenticator.java b/ldap/src/main/java/org/springframework/security/ldap/authentication/PasswordComparisonAuthenticator.java
index 1b9e765a86..147d1b9ab3 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/authentication/PasswordComparisonAuthenticator.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/authentication/PasswordComparisonAuthenticator.java
@@ -48,30 +48,18 @@ import org.springframework.util.Assert;
  */
 public final class PasswordComparisonAuthenticator extends AbstractLdapAuthenticator {
 
-	// ~ Static fields/initializers
-	// =====================================================================================
-
 	private static final Log logger = LogFactory.getLog(PasswordComparisonAuthenticator.class);
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private PasswordEncoder passwordEncoder = new LdapShaPasswordEncoder(KeyGenerators.shared(0));
 
 	private String passwordAttributeName = "userPassword";
 
 	private boolean usePasswordAttrCompare = false;
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	public PasswordComparisonAuthenticator(BaseLdapPathContextSource contextSource) {
 		super(contextSource);
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public DirContextOperations authenticate(final Authentication authentication) {
 		Assert.isInstanceOf(UsernamePasswordAuthenticationToken.class, authentication,
 				"Can only process UsernamePasswordAuthenticationToken objects");
diff --git a/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControl.java b/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControl.java
index 4e070a0337..a905c68c7b 100755
--- a/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControl.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControl.java
@@ -32,20 +32,11 @@ import javax.naming.ldap.Control;
  */
 public class PasswordPolicyControl implements Control {
 
-	// ~ Static fields/initializers
-	// =====================================================================================
-
 	/** OID of the Password Policy Control */
 	public static final String OID = "1.3.6.1.4.1.42.2.27.8.5.1";
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private final boolean critical;
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	/**
 	 * Creates a non-critical (request) control.
 	 */
@@ -61,9 +52,6 @@ public class PasswordPolicyControl implements Control {
 		this.critical = critical;
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	/**
 	 * Retrieves the ASN.1 BER encoded value of the LDAP control. The request value for
 	 * this control is always empty.
diff --git a/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControlFactory.java b/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControlFactory.java
index ea8d3927e9..dba0b67d83 100755
--- a/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControlFactory.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControlFactory.java
@@ -27,9 +27,6 @@ import javax.naming.ldap.ControlFactory;
  */
 public class PasswordPolicyControlFactory extends ControlFactory {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	/**
 	 * Creates an instance of PasswordPolicyResponseControl if the passed control is a
 	 * response control of this type. Attributes of the result are filled with the correct
diff --git a/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyResponseControl.java b/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyResponseControl.java
index 103df7161d..6c43c1921b 100755
--- a/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyResponseControl.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyResponseControl.java
@@ -50,14 +50,8 @@ import org.springframework.dao.DataRetrievalFailureException;
  */
 public class PasswordPolicyResponseControl extends PasswordPolicyControl {
 
-	// ~ Static fields/initializers
-	// =====================================================================================
-
 	private static final Log logger = LogFactory.getLog(PasswordPolicyResponseControl.class);
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private final byte[] encodedValue;
 
 	private PasswordPolicyErrorStatus errorStatus;
@@ -66,9 +60,6 @@ public class PasswordPolicyResponseControl extends PasswordPolicyControl {
 
 	private int timeBeforeExpiration = Integer.MAX_VALUE;
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	/**
 	 * Decodes the Ber encoded control data. The ASN.1 value of the control data is:
 	 *
@@ -98,9 +89,6 @@ public class PasswordPolicyResponseControl extends PasswordPolicyControl {
 		}
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	/**
 	 * Returns the unchanged value of the response control. Returns the unchanged value of
 	 * the response control as byte array.
@@ -194,18 +182,12 @@ public class PasswordPolicyResponseControl extends PasswordPolicyControl {
 		return sb.toString();
 	}
 
-	// ~ Inner Interfaces
-	// ===============================================================================================
-
 	private interface PPolicyDecoder {
 
 		void decode() throws IOException;
 
 	}
 
-	// ~ Inner Classes
-	// ==================================================================================================
-
 	/**
 	 * Decoder based on Netscape ldapsdk library
 	 */
diff --git a/ldap/src/main/java/org/springframework/security/ldap/search/FilterBasedLdapUserSearch.java b/ldap/src/main/java/org/springframework/security/ldap/search/FilterBasedLdapUserSearch.java
index dcb8de53ce..f10bd4d8f0 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/search/FilterBasedLdapUserSearch.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/search/FilterBasedLdapUserSearch.java
@@ -41,14 +41,8 @@ import javax.naming.directory.SearchControls;
  */
 public class FilterBasedLdapUserSearch implements LdapUserSearch {
 
-	// ~ Static fields/initializers
-	// =====================================================================================
-
 	private static final Log logger = LogFactory.getLog(FilterBasedLdapUserSearch.class);
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private final ContextSource contextSource;
 
 	/**
@@ -78,9 +72,6 @@ public class FilterBasedLdapUserSearch implements LdapUserSearch {
 	 */
 	private final String searchFilter;
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	public FilterBasedLdapUserSearch(String searchBase, String searchFilter, BaseLdapPathContextSource contextSource) {
 		Assert.notNull(contextSource, "contextSource must not be null");
 		Assert.notNull(searchFilter, "searchFilter must not be null.");
@@ -98,9 +89,6 @@ public class FilterBasedLdapUserSearch implements LdapUserSearch {
 		}
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	/**
 	 * Return the LdapUserDetails containing the user's information
 	 * @param username the username to search for.
diff --git a/ldap/src/main/java/org/springframework/security/ldap/search/LdapUserSearch.java b/ldap/src/main/java/org/springframework/security/ldap/search/LdapUserSearch.java
index 73524f679f..3852cc62b2 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/search/LdapUserSearch.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/search/LdapUserSearch.java
@@ -29,9 +29,6 @@ import org.springframework.security.core.userdetails.UsernameNotFoundException;
  */
 public interface LdapUserSearch {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	/**
 	 * Locates a single user in the directory and returns the LDAP information for that
 	 * user.
diff --git a/ldap/src/main/java/org/springframework/security/ldap/userdetails/DefaultLdapAuthoritiesPopulator.java b/ldap/src/main/java/org/springframework/security/ldap/userdetails/DefaultLdapAuthoritiesPopulator.java
index b0856d8d19..0820351a28 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/userdetails/DefaultLdapAuthoritiesPopulator.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/userdetails/DefaultLdapAuthoritiesPopulator.java
@@ -100,14 +100,8 @@ import org.springframework.util.Assert;
  */
 public class DefaultLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator {
 
-	// ~ Static fields/initializers
-	// =====================================================================================
-
 	private static final Log logger = LogFactory.getLog(DefaultLdapAuthoritiesPopulator.class);
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	/**
 	 * A default role which will be assigned to all authenticated users if set
 	 */
@@ -154,9 +148,6 @@ public class DefaultLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator
 	 */
 	private Function<Map<String, List<String>>, GrantedAuthority> authorityMapper;
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	/**
 	 * Constructor for group search scenarios. <tt>userRoleAttributes</tt> may still be
 	 * set as a property.
@@ -188,9 +179,6 @@ public class DefaultLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator
 		};
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	/**
 	 * This method should be overridden if required to obtain any additional roles for the
 	 * given user (on top of those obtained from the standard search implemented by this
diff --git a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapAuthoritiesPopulator.java b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapAuthoritiesPopulator.java
index fc2562c4b5..aad3425419 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapAuthoritiesPopulator.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapAuthoritiesPopulator.java
@@ -33,9 +33,6 @@ import org.springframework.ldap.core.DirContextOperations;
  */
 public interface LdapAuthoritiesPopulator {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	/**
 	 * Get the list of authorities for the user.
 	 * @param userData the context object which was returned by the LDAP authenticator.
diff --git a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetails.java b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetails.java
index f3963adc6a..71c7954baa 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetails.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetails.java
@@ -26,9 +26,6 @@ import org.springframework.security.core.userdetails.UserDetails;
  */
 public interface LdapUserDetails extends UserDetails, CredentialsContainer {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	/**
 	 * The DN of the entry for this user's account.
 	 * @return the user's DN
diff --git a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsImpl.java b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsImpl.java
index 543e769013..812f637d87 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsImpl.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsImpl.java
@@ -51,9 +51,6 @@ public class LdapUserDetailsImpl implements LdapUserDetails, PasswordPolicyData
 
 	private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private String dn;
 
 	private String password;
@@ -75,15 +72,9 @@ public class LdapUserDetailsImpl implements LdapUserDetails, PasswordPolicyData
 
 	private int graceLoginsRemaining = Integer.MAX_VALUE;
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	protected LdapUserDetailsImpl() {
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	@Override
 	public Collection<GrantedAuthority> getAuthorities() {
 		return authorities;
@@ -186,9 +177,6 @@ public class LdapUserDetailsImpl implements LdapUserDetails, PasswordPolicyData
 		return sb.toString();
 	}
 
-	// ~ Inner Classes
-	// ==================================================================================================
-
 	/**
 	 * Variation of essence pattern. Used to create mutable intermediate object
 	 */
diff --git a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsMapper.java b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsMapper.java
index 970717bd58..ba974652da 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsMapper.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsMapper.java
@@ -39,9 +39,6 @@ import org.springframework.util.Assert;
  */
 public class LdapUserDetailsMapper implements UserDetailsContextMapper {
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private final Log logger = LogFactory.getLog(LdapUserDetailsMapper.class);
 
 	private String passwordAttributeName = "userPassword";
@@ -52,9 +49,6 @@ public class LdapUserDetailsMapper implements UserDetailsContextMapper {
 
 	private boolean convertToUpperCase = true;
 
-	// ~ Methods
-	// ========================================================================================================
-
 	@Override
 	public UserDetails mapUserFromContext(DirContextOperations ctx, String username,
 			Collection<? extends GrantedAuthority> authorities) {
diff --git a/ldap/src/test/java/org/springframework/security/ldap/LdapUtilsTests.java b/ldap/src/test/java/org/springframework/security/ldap/LdapUtilsTests.java
index 3f260f4b7f..e6ae41692e 100644
--- a/ldap/src/test/java/org/springframework/security/ldap/LdapUtilsTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/LdapUtilsTests.java
@@ -31,9 +31,6 @@ import org.junit.Test;
  */
 public class LdapUtilsTests {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	@Test
 	public void testCloseContextSwallowsNamingException() throws Exception {
 		final DirContext dirCtx = mock(DirContext.class);
diff --git a/ldap/src/test/java/org/springframework/security/ldap/authentication/LdapAuthenticationProviderTests.java b/ldap/src/test/java/org/springframework/security/ldap/authentication/LdapAuthenticationProviderTests.java
index 0e367024c4..dac158ac86 100644
--- a/ldap/src/test/java/org/springframework/security/ldap/authentication/LdapAuthenticationProviderTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/authentication/LdapAuthenticationProviderTests.java
@@ -46,9 +46,6 @@ import org.springframework.security.ldap.userdetails.LdapUserDetailsMapper;
  */
 public class LdapAuthenticationProviderTests {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	@Test
 	public void testSupportsUsernamePasswordAuthenticationToken() {
 		LdapAuthenticationProvider ldapProvider = new LdapAuthenticationProvider(new MockAuthenticator(),
@@ -177,9 +174,6 @@ public class LdapAuthenticationProviderTests {
 		}
 	}
 
-	// ~ Inner Classes
-	// ==================================================================================================
-
 	class MockAuthenticator implements LdapAuthenticator {
 
 		public DirContextOperations authenticate(Authentication authentication) {
diff --git a/ldap/src/test/java/org/springframework/security/ldap/authentication/MockUserSearch.java b/ldap/src/test/java/org/springframework/security/ldap/authentication/MockUserSearch.java
index d22d6f2244..ee772012f5 100644
--- a/ldap/src/test/java/org/springframework/security/ldap/authentication/MockUserSearch.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/authentication/MockUserSearch.java
@@ -25,14 +25,8 @@ import org.springframework.ldap.core.DirContextOperations;
  */
 public class MockUserSearch implements LdapUserSearch {
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	DirContextOperations user;
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	public MockUserSearch() {
 	}
 
@@ -40,9 +34,6 @@ public class MockUserSearch implements LdapUserSearch {
 		this.user = user;
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public DirContextOperations searchForUser(String username) {
 		return user;
 	}
diff --git a/ldap/src/test/java/org/springframework/security/ldap/authentication/PasswordComparisonAuthenticatorMockTests.java b/ldap/src/test/java/org/springframework/security/ldap/authentication/PasswordComparisonAuthenticatorMockTests.java
index c7e92fa5b3..f292edaf7a 100644
--- a/ldap/src/test/java/org/springframework/security/ldap/authentication/PasswordComparisonAuthenticatorMockTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/authentication/PasswordComparisonAuthenticatorMockTests.java
@@ -33,9 +33,6 @@ import org.springframework.security.authentication.UsernamePasswordAuthenticatio
  */
 public class PasswordComparisonAuthenticatorMockTests {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	@Test
 	public void ldapCompareOperationIsUsedWhenPasswordIsNotRetrieved() throws Exception {
 		final DirContext dirCtx = mock(DirContext.class);
diff --git a/ldap/src/test/java/org/springframework/security/ldap/ppolicy/PasswordPolicyResponseControlTests.java b/ldap/src/test/java/org/springframework/security/ldap/ppolicy/PasswordPolicyResponseControlTests.java
index d76ea93e19..9844581a5c 100644
--- a/ldap/src/test/java/org/springframework/security/ldap/ppolicy/PasswordPolicyResponseControlTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/ppolicy/PasswordPolicyResponseControlTests.java
@@ -27,9 +27,6 @@ import org.junit.Test;
  */
 public class PasswordPolicyResponseControlTests {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	/**
 	 * Useful method for obtaining data from a server for use in tests
 	 */
diff --git a/openid/src/main/java/org/springframework/security/openid/AuthenticationCancelledException.java b/openid/src/main/java/org/springframework/security/openid/AuthenticationCancelledException.java
index acfe840916..fa623b7d7e 100644
--- a/openid/src/main/java/org/springframework/security/openid/AuthenticationCancelledException.java
+++ b/openid/src/main/java/org/springframework/security/openid/AuthenticationCancelledException.java
@@ -28,9 +28,6 @@ import org.springframework.security.core.AuthenticationException;
  */
 public class AuthenticationCancelledException extends AuthenticationException {
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	public AuthenticationCancelledException(String msg) {
 		super(msg);
 	}
diff --git a/openid/src/main/java/org/springframework/security/openid/OpenID4JavaConsumer.java b/openid/src/main/java/org/springframework/security/openid/OpenID4JavaConsumer.java
index ad110c9342..65d6926568 100644
--- a/openid/src/main/java/org/springframework/security/openid/OpenID4JavaConsumer.java
+++ b/openid/src/main/java/org/springframework/security/openid/OpenID4JavaConsumer.java
@@ -55,18 +55,12 @@ public class OpenID4JavaConsumer implements OpenIDConsumer {
 
 	private static final String ATTRIBUTE_LIST_KEY = "SPRING_SECURITY_OPEN_ID_ATTRIBUTES_FETCH_LIST";
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	protected final Log logger = LogFactory.getLog(getClass());
 
 	private final ConsumerManager consumerManager;
 
 	private final AxFetchListFactory attributesToFetchFactory;
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	public OpenID4JavaConsumer() throws ConsumerException {
 		this(new ConsumerManager(), new NullAxFetchListFactory());
 	}
@@ -80,9 +74,6 @@ public class OpenID4JavaConsumer implements OpenIDConsumer {
 		this.attributesToFetchFactory = attributesToFetchFactory;
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public String beginConsumption(HttpServletRequest req, String identityUrl, String returnToUrl, String realm)
 			throws OpenIDConsumerException {
 		List<DiscoveryInformation> discoveries;
diff --git a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationFilter.java b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationFilter.java
index 6c76689397..cd75656ffb 100644
--- a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationFilter.java
+++ b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationFilter.java
@@ -71,14 +71,8 @@ import java.util.*;
  */
 public class OpenIDAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
 
-	// ~ Static fields/initializers
-	// =====================================================================================
-
 	public static final String DEFAULT_CLAIMED_IDENTITY_FIELD = "openid_identifier";
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private OpenIDConsumer consumer;
 
 	private String claimedIdentityFieldName = DEFAULT_CLAIMED_IDENTITY_FIELD;
@@ -87,16 +81,10 @@ public class OpenIDAuthenticationFilter extends AbstractAuthenticationProcessing
 
 	private Set<String> returnToUrlParameters = Collections.emptySet();
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	public OpenIDAuthenticationFilter() {
 		super("/login/openid");
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	@Override
 	public void afterPropertiesSet() {
 		super.afterPropertiesSet();
diff --git a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationProvider.java b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationProvider.java
index 7a94db22a2..cbc20858de 100644
--- a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationProvider.java
+++ b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationProvider.java
@@ -53,16 +53,10 @@ import org.springframework.util.Assert;
  */
 public class OpenIDAuthenticationProvider implements AuthenticationProvider, InitializingBean {
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private AuthenticationUserDetailsService<OpenIDAuthenticationToken> userDetailsService;
 
 	private GrantedAuthoritiesMapper authoritiesMapper = new NullAuthoritiesMapper();
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public void afterPropertiesSet() {
 		Assert.notNull(this.userDetailsService, "The userDetailsService must be set");
 	}
diff --git a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationStatus.java b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationStatus.java
index 16586b7b10..1f038cb090 100644
--- a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationStatus.java
+++ b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationStatus.java
@@ -47,9 +47,6 @@ public enum OpenIDAuthenticationStatus {
 
 	private final String name;
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	OpenIDAuthenticationStatus(String name) {
 		this.name = name;
 	}
diff --git a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationToken.java b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationToken.java
index 659cbf53a5..60e0f52637 100644
--- a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationToken.java
+++ b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationToken.java
@@ -36,9 +36,6 @@ public class OpenIDAuthenticationToken extends AbstractAuthenticationToken {
 
 	private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private final OpenIDAuthenticationStatus status;
 
 	private final Object principal;
@@ -49,9 +46,6 @@ public class OpenIDAuthenticationToken extends AbstractAuthenticationToken {
 
 	private final List<OpenIDAttribute> attributes;
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	public OpenIDAuthenticationToken(OpenIDAuthenticationStatus status, String identityUrl, String message,
 			List<OpenIDAttribute> attributes) {
 		super(new ArrayList<>(0));
@@ -81,9 +75,6 @@ public class OpenIDAuthenticationToken extends AbstractAuthenticationToken {
 		setAuthenticated(true);
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	/**
 	 * Returns 'null' always, as no credentials are processed by the OpenID provider.
 	 * @see org.springframework.security.core.Authentication#getCredentials()
diff --git a/openid/src/main/java/org/springframework/security/openid/OpenIDConsumerException.java b/openid/src/main/java/org/springframework/security/openid/OpenIDConsumerException.java
index 9092f6ad5e..937a35091d 100644
--- a/openid/src/main/java/org/springframework/security/openid/OpenIDConsumerException.java
+++ b/openid/src/main/java/org/springframework/security/openid/OpenIDConsumerException.java
@@ -26,9 +26,6 @@ package org.springframework.security.openid;
  */
 public class OpenIDConsumerException extends Exception {
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	public OpenIDConsumerException(String message) {
 		super(message);
 	}
diff --git a/openid/src/test/java/org/springframework/security/openid/MockOpenIDConsumer.java b/openid/src/test/java/org/springframework/security/openid/MockOpenIDConsumer.java
index cb4f7576d4..67dbcc9b5a 100644
--- a/openid/src/test/java/org/springframework/security/openid/MockOpenIDConsumer.java
+++ b/openid/src/test/java/org/springframework/security/openid/MockOpenIDConsumer.java
@@ -26,9 +26,6 @@ import javax.servlet.http.HttpServletRequest;
  */
 public class MockOpenIDConsumer implements OpenIDConsumer {
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private OpenIDAuthenticationToken token;
 
 	private String redirectUrl;
@@ -49,9 +46,6 @@ public class MockOpenIDConsumer implements OpenIDConsumer {
 		this.token = token;
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public String beginConsumption(HttpServletRequest req, String claimedIdentity, String returnToUrl, String realm) {
 		return redirectUrl;
 	}
diff --git a/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationProviderTests.java b/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationProviderTests.java
index 2ba7d99a50..aef409a22c 100644
--- a/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationProviderTests.java
+++ b/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationProviderTests.java
@@ -43,14 +43,8 @@ import org.springframework.security.core.userdetails.UserDetailsService;
  */
 public class OpenIDAuthenticationProviderTests {
 
-	// ~ Static fields/initializers
-	// =====================================================================================
-
 	private static final String USERNAME = "user.acegiopenid.com";
 
-	// ~ Methods
-	// ========================================================================================================
-
 	/*
 	 * Test method for
 	 * 'org.springframework.security.authentication.openid.OpenIDAuthenticationProvider.
diff --git a/remoting/src/main/java/org/springframework/security/remoting/httpinvoker/AuthenticationSimpleHttpInvokerRequestExecutor.java b/remoting/src/main/java/org/springframework/security/remoting/httpinvoker/AuthenticationSimpleHttpInvokerRequestExecutor.java
index d706fa0dad..13cd7bc8ee 100644
--- a/remoting/src/main/java/org/springframework/security/remoting/httpinvoker/AuthenticationSimpleHttpInvokerRequestExecutor.java
+++ b/remoting/src/main/java/org/springframework/security/remoting/httpinvoker/AuthenticationSimpleHttpInvokerRequestExecutor.java
@@ -36,19 +36,10 @@ import org.springframework.security.core.context.SecurityContextHolder;
  */
 public class AuthenticationSimpleHttpInvokerRequestExecutor extends SimpleHttpInvokerRequestExecutor {
 
-	// ~ Static fields/initializers
-	// =====================================================================================
-
 	private static final Log logger = LogFactory.getLog(AuthenticationSimpleHttpInvokerRequestExecutor.class);
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private AuthenticationTrustResolver trustResolver = new AuthenticationTrustResolverImpl();
 
-	// ~ Methods
-	// ========================================================================================================
-
 	/**
 	 * Provided so subclasses can perform additional configuration if required (eg set
 	 * additional request headers for non-security related information etc).
diff --git a/remoting/src/main/java/org/springframework/security/remoting/rmi/ContextPropagatingRemoteInvocation.java b/remoting/src/main/java/org/springframework/security/remoting/rmi/ContextPropagatingRemoteInvocation.java
index a2d125af3a..475da26fcc 100644
--- a/remoting/src/main/java/org/springframework/security/remoting/rmi/ContextPropagatingRemoteInvocation.java
+++ b/remoting/src/main/java/org/springframework/security/remoting/rmi/ContextPropagatingRemoteInvocation.java
@@ -48,16 +48,10 @@ public class ContextPropagatingRemoteInvocation extends RemoteInvocation {
 
 	private static final Log logger = LogFactory.getLog(ContextPropagatingRemoteInvocation.class);
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private final String principal;
 
 	private final String credentials;
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	/**
 	 * Constructs the object, storing the principal and credentials extracted from the
 	 * client-side security context.
@@ -84,9 +78,6 @@ public class ContextPropagatingRemoteInvocation extends RemoteInvocation {
 		}
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	/**
 	 * Invoked on the server-side.
 	 * <p>
diff --git a/remoting/src/main/java/org/springframework/security/remoting/rmi/ContextPropagatingRemoteInvocationFactory.java b/remoting/src/main/java/org/springframework/security/remoting/rmi/ContextPropagatingRemoteInvocationFactory.java
index e01895feda..8436e8efa5 100644
--- a/remoting/src/main/java/org/springframework/security/remoting/rmi/ContextPropagatingRemoteInvocationFactory.java
+++ b/remoting/src/main/java/org/springframework/security/remoting/rmi/ContextPropagatingRemoteInvocationFactory.java
@@ -35,9 +35,6 @@ import org.springframework.remoting.support.RemoteInvocationFactory;
  */
 public class ContextPropagatingRemoteInvocationFactory implements RemoteInvocationFactory {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public RemoteInvocation createRemoteInvocation(MethodInvocation methodInvocation) {
 		return new ContextPropagatingRemoteInvocation(methodInvocation);
 	}
diff --git a/remoting/src/test/java/org/springframework/security/remoting/httpinvoker/AuthenticationSimpleHttpInvokerRequestExecutorTests.java b/remoting/src/test/java/org/springframework/security/remoting/httpinvoker/AuthenticationSimpleHttpInvokerRequestExecutorTests.java
index 093f43bac4..c266330ded 100644
--- a/remoting/src/test/java/org/springframework/security/remoting/httpinvoker/AuthenticationSimpleHttpInvokerRequestExecutorTests.java
+++ b/remoting/src/test/java/org/springframework/security/remoting/httpinvoker/AuthenticationSimpleHttpInvokerRequestExecutorTests.java
@@ -39,8 +39,6 @@ import org.springframework.security.core.context.SecurityContextHolder;
  */
 public class AuthenticationSimpleHttpInvokerRequestExecutorTests {
 
-	// ~ Methods
-	// ========================================================================================================
 	@After
 	public void tearDown() {
 		SecurityContextHolder.clearContext();
@@ -95,9 +93,6 @@ public class AuthenticationSimpleHttpInvokerRequestExecutorTests {
 		assertThat(conn.getRequestProperty("Authorization")).isNull();
 	}
 
-	// ~ Inner Classes
-	// ==================================================================================================
-
 	private class MockHttpURLConnection extends HttpURLConnection {
 
 		private Map<String, String> requestProperties = new HashMap<>();
diff --git a/remoting/src/test/java/org/springframework/security/remoting/rmi/ContextPropagatingRemoteInvocationTests.java b/remoting/src/test/java/org/springframework/security/remoting/rmi/ContextPropagatingRemoteInvocationTests.java
index 580ef9f5fa..2f9779ca55 100644
--- a/remoting/src/test/java/org/springframework/security/remoting/rmi/ContextPropagatingRemoteInvocationTests.java
+++ b/remoting/src/test/java/org/springframework/security/remoting/rmi/ContextPropagatingRemoteInvocationTests.java
@@ -39,8 +39,6 @@ import org.springframework.test.util.ReflectionTestUtils;
  */
 public class ContextPropagatingRemoteInvocationTests {
 
-	// ~ Methods
-	// ========================================================================================================
 	@After
 	public void tearDown() {
 		SecurityContextHolder.clearContext();
diff --git a/samples/xml/contacts/src/main/java/sample/contact/AddPermission.java b/samples/xml/contacts/src/main/java/sample/contact/AddPermission.java
index 31439eac66..cfed19b9fe 100644
--- a/samples/xml/contacts/src/main/java/sample/contact/AddPermission.java
+++ b/samples/xml/contacts/src/main/java/sample/contact/AddPermission.java
@@ -23,15 +23,12 @@ import org.springframework.security.acls.domain.BasePermission;
  * @author Ben Alex
  */
 public class AddPermission {
-	// ~ Instance fields
-	// ================================================================================================
+
 
 	public Contact contact;
 	public Integer permission = BasePermission.READ.getMask();
 	public String recipient;
 
-	// ~ Methods
-	// ========================================================================================================
 
 	public Contact getContact() {
 		return contact;
diff --git a/samples/xml/contacts/src/main/java/sample/contact/AddPermissionValidator.java b/samples/xml/contacts/src/main/java/sample/contact/AddPermissionValidator.java
index 5c4b51f2b2..25c01eac83 100644
--- a/samples/xml/contacts/src/main/java/sample/contact/AddPermissionValidator.java
+++ b/samples/xml/contacts/src/main/java/sample/contact/AddPermissionValidator.java
@@ -27,8 +27,7 @@ import org.springframework.validation.Validator;
  * @author Ben Alex
  */
 public class AddPermissionValidator implements Validator {
-	// ~ Methods
-	// ========================================================================================================
+
 
 	@SuppressWarnings("unchecked")
 	public boolean supports(Class clazz) {
diff --git a/samples/xml/contacts/src/main/java/sample/contact/ClientApplication.java b/samples/xml/contacts/src/main/java/sample/contact/ClientApplication.java
index c93a5d6c68..1203b77e1a 100644
--- a/samples/xml/contacts/src/main/java/sample/contact/ClientApplication.java
+++ b/samples/xml/contacts/src/main/java/sample/contact/ClientApplication.java
@@ -36,20 +36,15 @@ import org.springframework.util.StopWatch;
  * @author Ben Alex
  */
 public class ClientApplication {
-	// ~ Instance fields
-	// ================================================================================================
+
 
 	private final ListableBeanFactory beanFactory;
 
-	// ~ Constructors
-	// ===================================================================================================
 
 	public ClientApplication(ListableBeanFactory beanFactory) {
 		this.beanFactory = beanFactory;
 	}
 
-	// ~ Methods
-	// ========================================================================================================
 
 	public void invokeContactManager(Authentication authentication, int nrOfCalls) {
 		StopWatch stopWatch = new StopWatch(nrOfCalls + " ContactManager call(s)");
diff --git a/samples/xml/contacts/src/main/java/sample/contact/Contact.java b/samples/xml/contacts/src/main/java/sample/contact/Contact.java
index b7819ce405..ec719e856b 100644
--- a/samples/xml/contacts/src/main/java/sample/contact/Contact.java
+++ b/samples/xml/contacts/src/main/java/sample/contact/Contact.java
@@ -24,15 +24,12 @@ import java.io.Serializable;
  * @author Ben Alex
  */
 public class Contact implements Serializable {
-	// ~ Instance fields
-	// ================================================================================================
+
 
 	private Long id;
 	private String email;
 	private String name;
 
-	// ~ Constructors
-	// ===================================================================================================
 
 	public Contact(String name, String email) {
 		this.name = name;
@@ -42,8 +39,6 @@ public class Contact implements Serializable {
 	public Contact() {
 	}
 
-	// ~ Methods
-	// ========================================================================================================
 
 	/**
 	 * @return Returns the email.
diff --git a/samples/xml/contacts/src/main/java/sample/contact/ContactDao.java b/samples/xml/contacts/src/main/java/sample/contact/ContactDao.java
index c882e2856b..9f245582d2 100644
--- a/samples/xml/contacts/src/main/java/sample/contact/ContactDao.java
+++ b/samples/xml/contacts/src/main/java/sample/contact/ContactDao.java
@@ -24,8 +24,7 @@ import java.util.List;
  * @author Ben Alex
  */
 public interface ContactDao {
-	// ~ Methods
-	// ========================================================================================================
+
 
 	void create(Contact contact);
 
diff --git a/samples/xml/contacts/src/main/java/sample/contact/ContactDaoSpring.java b/samples/xml/contacts/src/main/java/sample/contact/ContactDaoSpring.java
index 36619dd260..175c4c2f4e 100644
--- a/samples/xml/contacts/src/main/java/sample/contact/ContactDaoSpring.java
+++ b/samples/xml/contacts/src/main/java/sample/contact/ContactDaoSpring.java
@@ -30,8 +30,6 @@ import org.springframework.jdbc.core.support.JdbcDaoSupport;
  */
 public class ContactDaoSpring extends JdbcDaoSupport implements ContactDao {
 
-	// ~ Methods
-	// ========================================================================================================
 
 	public void create(final Contact contact) {
 		getJdbcTemplate().update("insert into contacts values (?, ?, ?)",
diff --git a/samples/xml/contacts/src/main/java/sample/contact/ContactManager.java b/samples/xml/contacts/src/main/java/sample/contact/ContactManager.java
index 924df446d2..13f3f8b4e2 100644
--- a/samples/xml/contacts/src/main/java/sample/contact/ContactManager.java
+++ b/samples/xml/contacts/src/main/java/sample/contact/ContactManager.java
@@ -28,8 +28,7 @@ import java.util.List;
  * @author Ben Alex
  */
 public interface ContactManager {
-	// ~ Methods
-	// ========================================================================================================
+
 	@PreAuthorize("hasPermission(#contact, admin)")
 	void addPermission(Contact contact, Sid recipient, Permission permission);
 
diff --git a/samples/xml/contacts/src/main/java/sample/contact/ContactManagerBackend.java b/samples/xml/contacts/src/main/java/sample/contact/ContactManagerBackend.java
index ea7eabba7b..b33d5fbcf5 100644
--- a/samples/xml/contacts/src/main/java/sample/contact/ContactManagerBackend.java
+++ b/samples/xml/contacts/src/main/java/sample/contact/ContactManagerBackend.java
@@ -49,15 +49,12 @@ import java.util.Random;
 @Transactional
 public class ContactManagerBackend extends ApplicationObjectSupport implements
 		ContactManager, InitializingBean {
-	// ~ Instance fields
-	// ================================================================================================
+
 
 	private ContactDao contactDao;
 	private MutableAclService mutableAclService;
 	private int counter = 1000;
 
-	// ~ Methods
-	// ========================================================================================================
 
 	public void afterPropertiesSet() {
 		Assert.notNull(contactDao, "contactDao required");
diff --git a/samples/xml/contacts/src/main/java/sample/contact/DataSourcePopulator.java b/samples/xml/contacts/src/main/java/sample/contact/DataSourcePopulator.java
index c58b1fd76c..aa2358cda1 100644
--- a/samples/xml/contacts/src/main/java/sample/contact/DataSourcePopulator.java
+++ b/samples/xml/contacts/src/main/java/sample/contact/DataSourcePopulator.java
@@ -43,8 +43,7 @@ import org.springframework.util.Assert;
  * @author Ben Alex
  */
 public class DataSourcePopulator implements InitializingBean {
-	// ~ Instance fields
-	// ================================================================================================
+
 
 	JdbcTemplate template;
 	private MutableAclService mutableAclService;
@@ -60,8 +59,6 @@ public class DataSourcePopulator implements InitializingBean {
 			"Parklin", "Findlay", "Robinson", "Giugni", "Lang", "Chi", "Carmichael" };
 	private int createEntities = 50;
 
-	// ~ Methods
-	// ========================================================================================================
 
 	public void afterPropertiesSet() {
 		Assert.notNull(mutableAclService, "mutableAclService required");
diff --git a/samples/xml/contacts/src/main/java/sample/contact/IndexController.java b/samples/xml/contacts/src/main/java/sample/contact/IndexController.java
index 09c576862f..d5a578754a 100644
--- a/samples/xml/contacts/src/main/java/sample/contact/IndexController.java
+++ b/samples/xml/contacts/src/main/java/sample/contact/IndexController.java
@@ -44,16 +44,12 @@ public class IndexController {
 			BasePermission.DELETE, BasePermission.ADMINISTRATION };
 	private final static Permission[] HAS_ADMIN = new Permission[] { BasePermission.ADMINISTRATION };
 
-	// ~ Instance fields
-	// ================================================================================================
 
 	@Autowired
 	private ContactManager contactManager;
 	@Autowired
 	private PermissionEvaluator permissionEvaluator;
 
-	// ~ Methods
-	// ========================================================================================================
 
 	/**
 	 * The public index page, used for unauthenticated users.
diff --git a/samples/xml/contacts/src/main/java/sample/contact/WebContact.java b/samples/xml/contacts/src/main/java/sample/contact/WebContact.java
index df38b0c5f0..c4ae49df67 100644
--- a/samples/xml/contacts/src/main/java/sample/contact/WebContact.java
+++ b/samples/xml/contacts/src/main/java/sample/contact/WebContact.java
@@ -22,14 +22,11 @@ package sample.contact;
  * @author Ben Alex
  */
 public class WebContact {
-	// ~ Instance fields
-	// ================================================================================================
+
 
 	private String email;
 	private String name;
 
-	// ~ Methods
-	// ========================================================================================================
 
 	public String getEmail() {
 		return email;
diff --git a/samples/xml/contacts/src/main/java/sample/contact/WebContactValidator.java b/samples/xml/contacts/src/main/java/sample/contact/WebContactValidator.java
index f4f27d4306..8d0b754489 100644
--- a/samples/xml/contacts/src/main/java/sample/contact/WebContactValidator.java
+++ b/samples/xml/contacts/src/main/java/sample/contact/WebContactValidator.java
@@ -25,8 +25,7 @@ import org.springframework.validation.Validator;
  * @author Ben Alex
  */
 public class WebContactValidator implements Validator {
-	// ~ Methods
-	// ========================================================================================================
+
 
 	@SuppressWarnings("unchecked")
 	public boolean supports(Class clazz) {
diff --git a/samples/xml/contacts/src/test/java/sample/contact/ContactManagerTests.java b/samples/xml/contacts/src/test/java/sample/contact/ContactManagerTests.java
index 9a9b8ec023..498cb8a63c 100644
--- a/samples/xml/contacts/src/test/java/sample/contact/ContactManagerTests.java
+++ b/samples/xml/contacts/src/test/java/sample/contact/ContactManagerTests.java
@@ -44,14 +44,11 @@ import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 		"/applicationContext-common-business.xml" })
 @RunWith(SpringJUnit4ClassRunner.class)
 public class ContactManagerTests {
-	// ~ Instance fields
-	// ================================================================================================
+
 
 	@Autowired
 	protected ContactManager contactManager;
 
-	// ~ Methods
-	// ========================================================================================================
 
 	void assertContainsContact(long id, List<Contact> contacts) {
 		for (Contact contact : contacts) {
diff --git a/samples/xml/jaas/src/main/java/samples/jaas/UsernameEqualsPasswordLoginModule.java b/samples/xml/jaas/src/main/java/samples/jaas/UsernameEqualsPasswordLoginModule.java
index fe6fc7ba83..0186b32b17 100644
--- a/samples/xml/jaas/src/main/java/samples/jaas/UsernameEqualsPasswordLoginModule.java
+++ b/samples/xml/jaas/src/main/java/samples/jaas/UsernameEqualsPasswordLoginModule.java
@@ -34,15 +34,12 @@ import javax.security.auth.spi.LoginModule;
  * @author Rob Winch
  */
 public class UsernameEqualsPasswordLoginModule implements LoginModule {
-	// ~ Instance fields
-	// ================================================================================================
+
 
 	private String password;
 	private String username;
 	private Subject subject;
 
-	// ~ Methods
-	// ========================================================================================================
 
 	@Override
 	public boolean abort() {
diff --git a/taglibs/src/main/java/org/springframework/security/taglibs/authz/AccessControlListTag.java b/taglibs/src/main/java/org/springframework/security/taglibs/authz/AccessControlListTag.java
index b2b1d9ef6e..f9ffb91dae 100644
--- a/taglibs/src/main/java/org/springframework/security/taglibs/authz/AccessControlListTag.java
+++ b/taglibs/src/main/java/org/springframework/security/taglibs/authz/AccessControlListTag.java
@@ -53,14 +53,8 @@ import org.springframework.security.web.context.support.SecurityWebApplicationCo
  */
 public class AccessControlListTag extends TagSupport {
 
-	// ~ Static fields/initializers
-	// =====================================================================================
-
 	protected static final Log logger = LogFactory.getLog(AccessControlListTag.class);
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private ApplicationContext applicationContext;
 
 	private Object domainObject;
@@ -71,9 +65,6 @@ public class AccessControlListTag extends TagSupport {
 
 	private String var;
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public int doStartTag() throws JspException {
 		if ((null == hasPermission) || "".equals(hasPermission)) {
 			return skipBody();
diff --git a/taglibs/src/main/java/org/springframework/security/taglibs/authz/AuthenticationTag.java b/taglibs/src/main/java/org/springframework/security/taglibs/authz/AuthenticationTag.java
index 90d7200f65..cb55b89aa2 100644
--- a/taglibs/src/main/java/org/springframework/security/taglibs/authz/AuthenticationTag.java
+++ b/taglibs/src/main/java/org/springframework/security/taglibs/authz/AuthenticationTag.java
@@ -43,9 +43,6 @@ import javax.servlet.jsp.tagext.TagSupport;
  */
 public class AuthenticationTag extends TagSupport {
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private String var;
 
 	private String property;
@@ -56,9 +53,6 @@ public class AuthenticationTag extends TagSupport {
 
 	private boolean htmlEscape = true;
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public AuthenticationTag() {
 		init();
 	}
diff --git a/taglibs/src/test/java/org/springframework/security/taglibs/authz/AuthenticationTagTests.java b/taglibs/src/test/java/org/springframework/security/taglibs/authz/AuthenticationTagTests.java
index edadacd968..f4582fdcde 100644
--- a/taglibs/src/test/java/org/springframework/security/taglibs/authz/AuthenticationTagTests.java
+++ b/taglibs/src/test/java/org/springframework/security/taglibs/authz/AuthenticationTagTests.java
@@ -36,18 +36,12 @@ import org.springframework.security.core.userdetails.User;
  */
 public class AuthenticationTagTests {
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private final MyAuthenticationTag authenticationTag = new MyAuthenticationTag();
 
 	private final Authentication auth = new TestingAuthenticationToken(
 			new User("rodUserDetails", "koala", true, true, true, true, AuthorityUtils.NO_AUTHORITIES), "koala",
 			AuthorityUtils.NO_AUTHORITIES);
 
-	// ~ Methods
-	// ========================================================================================================
-
 	@After
 	public void tearDown() {
 		SecurityContextHolder.clearContext();
@@ -144,9 +138,6 @@ public class AuthenticationTagTests {
 		assertThat(authenticationTag.getLastMessage()).isEqualTo("<>& ");
 	}
 
-	// ~ Inner Classes
-	// ==================================================================================================
-
 	private class MyAuthenticationTag extends AuthenticationTag {
 
 		String lastMessage = null;
diff --git a/taglibs/src/test/java/org/springframework/security/taglibs/authz/AuthorizeTagTests.java b/taglibs/src/test/java/org/springframework/security/taglibs/authz/AuthorizeTagTests.java
index a5c8fdb5db..f9cd559ffc 100644
--- a/taglibs/src/test/java/org/springframework/security/taglibs/authz/AuthorizeTagTests.java
+++ b/taglibs/src/test/java/org/springframework/security/taglibs/authz/AuthorizeTagTests.java
@@ -49,9 +49,6 @@ import org.springframework.web.context.support.StaticWebApplicationContext;
 @RunWith(MockitoJUnitRunner.class)
 public class AuthorizeTagTests {
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	@Mock
 	private PermissionEvaluator permissionEvaluator;
 
@@ -62,9 +59,6 @@ public class AuthorizeTagTests {
 	private final TestingAuthenticationToken currentUser = new TestingAuthenticationToken("abc", "123",
 			"ROLE SUPERVISOR", "ROLE_TELLER");
 
-	// ~ Methods
-	// ========================================================================================================
-
 	@Before
 	public void setUp() {
 		SecurityContextHolder.getContext().setAuthentication(currentUser);
diff --git a/web/src/main/java/org/springframework/security/web/AuthenticationEntryPoint.java b/web/src/main/java/org/springframework/security/web/AuthenticationEntryPoint.java
index fe20e437ea..b21dd85078 100644
--- a/web/src/main/java/org/springframework/security/web/AuthenticationEntryPoint.java
+++ b/web/src/main/java/org/springframework/security/web/AuthenticationEntryPoint.java
@@ -32,9 +32,6 @@ import javax.servlet.http.HttpServletResponse;
  */
 public interface AuthenticationEntryPoint {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	/**
 	 * Commences an authentication scheme.
 	 * <p>
diff --git a/web/src/main/java/org/springframework/security/web/FilterChainProxy.java b/web/src/main/java/org/springframework/security/web/FilterChainProxy.java
index 05de25a48f..e67db58754 100644
--- a/web/src/main/java/org/springframework/security/web/FilterChainProxy.java
+++ b/web/src/main/java/org/springframework/security/web/FilterChainProxy.java
@@ -137,14 +137,8 @@ import java.util.*;
  */
 public class FilterChainProxy extends GenericFilterBean {
 
-	// ~ Static fields/initializers
-	// =====================================================================================
-
 	private static final Log logger = LogFactory.getLog(FilterChainProxy.class);
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private final static String FILTER_APPLIED = FilterChainProxy.class.getName().concat(".APPLIED");
 
 	private List<SecurityFilterChain> filterChains;
@@ -155,9 +149,6 @@ public class FilterChainProxy extends GenericFilterBean {
 
 	private RequestRejectedHandler requestRejectedHandler = new DefaultRequestRejectedHandler();
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public FilterChainProxy() {
 	}
 
@@ -296,9 +287,6 @@ public class FilterChainProxy extends GenericFilterBean {
 		return sb.toString();
 	}
 
-	// ~ Inner Classes
-	// ==================================================================================================
-
 	/**
 	 * Internal {@code FilterChain} implementation that is used to pass a request through
 	 * the additional internal list of filters which match the request.
diff --git a/web/src/main/java/org/springframework/security/web/FilterInvocation.java b/web/src/main/java/org/springframework/security/web/FilterInvocation.java
index 1441bcf446..3245cf0b69 100644
--- a/web/src/main/java/org/springframework/security/web/FilterInvocation.java
+++ b/web/src/main/java/org/springframework/security/web/FilterInvocation.java
@@ -54,24 +54,16 @@ import org.springframework.security.web.util.UrlUtils;
  */
 public class FilterInvocation {
 
-	// ~ Static fields
-	// ==================================================================================================
 	static final FilterChain DUMMY_CHAIN = (req, res) -> {
 		throw new UnsupportedOperationException("Dummy filter chain");
 	};
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private FilterChain chain;
 
 	private HttpServletRequest request;
 
 	private HttpServletResponse response;
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	public FilterInvocation(ServletRequest request, ServletResponse response, FilterChain chain) {
 		if ((request == null) || (response == null) || (chain == null)) {
 			throw new IllegalArgumentException("Cannot pass null values to constructor");
@@ -104,9 +96,6 @@ public class FilterInvocation {
 		this.request = request;
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public FilterChain getChain() {
 		return this.chain;
 	}
diff --git a/web/src/main/java/org/springframework/security/web/PortMapper.java b/web/src/main/java/org/springframework/security/web/PortMapper.java
index 94388052de..eafe8597c6 100644
--- a/web/src/main/java/org/springframework/security/web/PortMapper.java
+++ b/web/src/main/java/org/springframework/security/web/PortMapper.java
@@ -24,9 +24,6 @@ package org.springframework.security.web;
  */
 public interface PortMapper {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	/**
 	 * Locates the HTTP port associated with the specified HTTPS port.
 	 * <P>
diff --git a/web/src/main/java/org/springframework/security/web/PortMapperImpl.java b/web/src/main/java/org/springframework/security/web/PortMapperImpl.java
index 3789cad848..bf734731b3 100644
--- a/web/src/main/java/org/springframework/security/web/PortMapperImpl.java
+++ b/web/src/main/java/org/springframework/security/web/PortMapperImpl.java
@@ -33,23 +33,14 @@ import org.springframework.util.Assert;
  */
 public class PortMapperImpl implements PortMapper {
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private final Map<Integer, Integer> httpsPortMappings;
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	public PortMapperImpl() {
 		this.httpsPortMappings = new HashMap<>();
 		this.httpsPortMappings.put(80, 443);
 		this.httpsPortMappings.put(8080, 8443);
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	/**
 	 * Returns the translated (Integer -&gt; Integer) version of the original port mapping
 	 * specified via setHttpsPortMapping()
diff --git a/web/src/main/java/org/springframework/security/web/PortResolver.java b/web/src/main/java/org/springframework/security/web/PortResolver.java
index fcb8432b97..b83cfc976c 100644
--- a/web/src/main/java/org/springframework/security/web/PortResolver.java
+++ b/web/src/main/java/org/springframework/security/web/PortResolver.java
@@ -31,9 +31,6 @@ import javax.servlet.ServletRequest;
  */
 public interface PortResolver {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	/**
 	 * Indicates the port the <code>ServletRequest</code> was received on.
 	 * @param request that the method should lookup the port for
diff --git a/web/src/main/java/org/springframework/security/web/PortResolverImpl.java b/web/src/main/java/org/springframework/security/web/PortResolverImpl.java
index 1c297ca15b..ba89b6fba0 100644
--- a/web/src/main/java/org/springframework/security/web/PortResolverImpl.java
+++ b/web/src/main/java/org/springframework/security/web/PortResolverImpl.java
@@ -36,14 +36,8 @@ import javax.servlet.ServletRequest;
  */
 public class PortResolverImpl implements PortResolver {
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private PortMapper portMapper = new PortMapperImpl();
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public PortMapper getPortMapper() {
 		return portMapper;
 	}
diff --git a/web/src/main/java/org/springframework/security/web/access/AccessDeniedHandler.java b/web/src/main/java/org/springframework/security/web/access/AccessDeniedHandler.java
index 323b0f2bb5..28b73013c2 100644
--- a/web/src/main/java/org/springframework/security/web/access/AccessDeniedHandler.java
+++ b/web/src/main/java/org/springframework/security/web/access/AccessDeniedHandler.java
@@ -32,9 +32,6 @@ import javax.servlet.http.HttpServletResponse;
  */
 public interface AccessDeniedHandler {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	/**
 	 * Handles an access denied failure.
 	 * @param request that resulted in an <code>AccessDeniedException</code>
diff --git a/web/src/main/java/org/springframework/security/web/access/AccessDeniedHandlerImpl.java b/web/src/main/java/org/springframework/security/web/access/AccessDeniedHandlerImpl.java
index 82f9cc7c59..5e9971bee1 100644
--- a/web/src/main/java/org/springframework/security/web/access/AccessDeniedHandlerImpl.java
+++ b/web/src/main/java/org/springframework/security/web/access/AccessDeniedHandlerImpl.java
@@ -44,19 +44,10 @@ import org.springframework.security.web.WebAttributes;
  */
 public class AccessDeniedHandlerImpl implements AccessDeniedHandler {
 
-	// ~ Static fields/initializers
-	// =====================================================================================
-
 	protected static final Log logger = LogFactory.getLog(AccessDeniedHandlerImpl.class);
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private String errorPage;
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public void handle(HttpServletRequest request, HttpServletResponse response,
 			AccessDeniedException accessDeniedException) throws IOException, ServletException {
 		if (!response.isCommitted()) {
diff --git a/web/src/main/java/org/springframework/security/web/access/DefaultWebInvocationPrivilegeEvaluator.java b/web/src/main/java/org/springframework/security/web/access/DefaultWebInvocationPrivilegeEvaluator.java
index 6bbc035266..cc4372bfed 100644
--- a/web/src/main/java/org/springframework/security/web/access/DefaultWebInvocationPrivilegeEvaluator.java
+++ b/web/src/main/java/org/springframework/security/web/access/DefaultWebInvocationPrivilegeEvaluator.java
@@ -36,19 +36,10 @@ import org.springframework.util.Assert;
  */
 public class DefaultWebInvocationPrivilegeEvaluator implements WebInvocationPrivilegeEvaluator {
 
-	// ~ Static fields/initializers
-	// =====================================================================================
-
 	protected static final Log logger = LogFactory.getLog(DefaultWebInvocationPrivilegeEvaluator.class);
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private final AbstractSecurityInterceptor securityInterceptor;
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	public DefaultWebInvocationPrivilegeEvaluator(AbstractSecurityInterceptor securityInterceptor) {
 		Assert.notNull(securityInterceptor, "SecurityInterceptor cannot be null");
 		Assert.isTrue(FilterInvocation.class.equals(securityInterceptor.getSecureObjectClass()),
@@ -59,9 +50,6 @@ public class DefaultWebInvocationPrivilegeEvaluator implements WebInvocationPriv
 		this.securityInterceptor = securityInterceptor;
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	/**
 	 * Determines whether the user represented by the supplied <tt>Authentication</tt>
 	 * object is allowed to invoke the supplied URI.
diff --git a/web/src/main/java/org/springframework/security/web/access/ExceptionTranslationFilter.java b/web/src/main/java/org/springframework/security/web/access/ExceptionTranslationFilter.java
index 91fc60bedc..01720b26ff 100644
--- a/web/src/main/java/org/springframework/security/web/access/ExceptionTranslationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/access/ExceptionTranslationFilter.java
@@ -77,9 +77,6 @@ import java.io.IOException;
  */
 public class ExceptionTranslationFilter extends GenericFilterBean {
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private AccessDeniedHandler accessDeniedHandler = new AccessDeniedHandlerImpl();
 
 	private AuthenticationEntryPoint authenticationEntryPoint;
@@ -103,9 +100,6 @@ public class ExceptionTranslationFilter extends GenericFilterBean {
 		this.requestCache = requestCache;
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	@Override
 	public void afterPropertiesSet() {
 		Assert.notNull(authenticationEntryPoint, "authenticationEntryPoint must be specified");
diff --git a/web/src/main/java/org/springframework/security/web/access/channel/AbstractRetryEntryPoint.java b/web/src/main/java/org/springframework/security/web/access/channel/AbstractRetryEntryPoint.java
index 527b523969..59b91251ba 100644
--- a/web/src/main/java/org/springframework/security/web/access/channel/AbstractRetryEntryPoint.java
+++ b/web/src/main/java/org/springframework/security/web/access/channel/AbstractRetryEntryPoint.java
@@ -30,13 +30,8 @@ import java.io.IOException;
  */
 public abstract class AbstractRetryEntryPoint implements ChannelEntryPoint {
 
-	// ~ Static fields/initializers
-	// =====================================================================================
 	protected final Log logger = LogFactory.getLog(getClass());
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private PortMapper portMapper = new PortMapperImpl();
 
 	private PortResolver portResolver = new PortResolverImpl();
@@ -49,17 +44,11 @@ public abstract class AbstractRetryEntryPoint implements ChannelEntryPoint {
 
 	private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	public AbstractRetryEntryPoint(String scheme, int standardPort) {
 		this.scheme = scheme;
 		this.standardPort = standardPort;
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public void commence(HttpServletRequest request, HttpServletResponse response) throws IOException {
 		String queryString = request.getQueryString();
 		String redirectUrl = request.getRequestURI() + ((queryString == null) ? "" : ("?" + queryString));
diff --git a/web/src/main/java/org/springframework/security/web/access/channel/ChannelDecisionManager.java b/web/src/main/java/org/springframework/security/web/access/channel/ChannelDecisionManager.java
index b9488a1245..24780a9817 100644
--- a/web/src/main/java/org/springframework/security/web/access/channel/ChannelDecisionManager.java
+++ b/web/src/main/java/org/springframework/security/web/access/channel/ChannelDecisionManager.java
@@ -31,9 +31,6 @@ import javax.servlet.ServletException;
  */
 public interface ChannelDecisionManager {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	/**
 	 * Decided whether the presented {@link FilterInvocation} provides the appropriate
 	 * level of channel security based on the requested list of <tt>ConfigAttribute</tt>s.
diff --git a/web/src/main/java/org/springframework/security/web/access/channel/ChannelDecisionManagerImpl.java b/web/src/main/java/org/springframework/security/web/access/channel/ChannelDecisionManagerImpl.java
index 8df5074ad1..64d1144cfb 100644
--- a/web/src/main/java/org/springframework/security/web/access/channel/ChannelDecisionManagerImpl.java
+++ b/web/src/main/java/org/springframework/security/web/access/channel/ChannelDecisionManagerImpl.java
@@ -51,14 +51,8 @@ public class ChannelDecisionManagerImpl implements ChannelDecisionManager, Initi
 
 	public static final String ANY_CHANNEL = "ANY_CHANNEL";
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private List<ChannelProcessor> channelProcessors;
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public void afterPropertiesSet() {
 		Assert.notEmpty(channelProcessors, "A list of ChannelProcessors is required");
 	}
diff --git a/web/src/main/java/org/springframework/security/web/access/channel/ChannelEntryPoint.java b/web/src/main/java/org/springframework/security/web/access/channel/ChannelEntryPoint.java
index 334948eaed..485411327a 100644
--- a/web/src/main/java/org/springframework/security/web/access/channel/ChannelEntryPoint.java
+++ b/web/src/main/java/org/springframework/security/web/access/channel/ChannelEntryPoint.java
@@ -33,9 +33,6 @@ import javax.servlet.http.HttpServletResponse;
  */
 public interface ChannelEntryPoint {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	/**
 	 * Commences a secure channel.
 	 * <p>
diff --git a/web/src/main/java/org/springframework/security/web/access/channel/ChannelProcessingFilter.java b/web/src/main/java/org/springframework/security/web/access/channel/ChannelProcessingFilter.java
index c47aae6930..ad902951f3 100644
--- a/web/src/main/java/org/springframework/security/web/access/channel/ChannelProcessingFilter.java
+++ b/web/src/main/java/org/springframework/security/web/access/channel/ChannelProcessingFilter.java
@@ -85,16 +85,10 @@ import org.springframework.web.filter.GenericFilterBean;
  */
 public class ChannelProcessingFilter extends GenericFilterBean {
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private ChannelDecisionManager channelDecisionManager;
 
 	private FilterInvocationSecurityMetadataSource securityMetadataSource;
 
-	// ~ Methods
-	// ========================================================================================================
-
 	@Override
 	public void afterPropertiesSet() {
 		Assert.notNull(this.securityMetadataSource, "securityMetadataSource must be specified");
diff --git a/web/src/main/java/org/springframework/security/web/access/channel/ChannelProcessor.java b/web/src/main/java/org/springframework/security/web/access/channel/ChannelProcessor.java
index 915699442d..838b6a4591 100644
--- a/web/src/main/java/org/springframework/security/web/access/channel/ChannelProcessor.java
+++ b/web/src/main/java/org/springframework/security/web/access/channel/ChannelProcessor.java
@@ -37,9 +37,6 @@ import javax.servlet.ServletException;
  */
 public interface ChannelProcessor {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	/**
 	 * Decided whether the presented {@link FilterInvocation} provides the appropriate
 	 * level of channel security based on the requested list of <tt>ConfigAttribute</tt>s.
diff --git a/web/src/main/java/org/springframework/security/web/access/channel/InsecureChannelProcessor.java b/web/src/main/java/org/springframework/security/web/access/channel/InsecureChannelProcessor.java
index 8ccb57c29b..7703a96e09 100644
--- a/web/src/main/java/org/springframework/security/web/access/channel/InsecureChannelProcessor.java
+++ b/web/src/main/java/org/springframework/security/web/access/channel/InsecureChannelProcessor.java
@@ -42,16 +42,10 @@ import org.springframework.util.Assert;
  */
 public class InsecureChannelProcessor implements InitializingBean, ChannelProcessor {
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private ChannelEntryPoint entryPoint = new RetryWithHttpEntryPoint();
 
 	private String insecureKeyword = "REQUIRES_INSECURE_CHANNEL";
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public void afterPropertiesSet() {
 		Assert.hasLength(insecureKeyword, "insecureKeyword required");
 		Assert.notNull(entryPoint, "entryPoint required");
diff --git a/web/src/main/java/org/springframework/security/web/access/channel/SecureChannelProcessor.java b/web/src/main/java/org/springframework/security/web/access/channel/SecureChannelProcessor.java
index 0b32d736d3..8c95c8fee2 100644
--- a/web/src/main/java/org/springframework/security/web/access/channel/SecureChannelProcessor.java
+++ b/web/src/main/java/org/springframework/security/web/access/channel/SecureChannelProcessor.java
@@ -42,16 +42,10 @@ import org.springframework.util.Assert;
  */
 public class SecureChannelProcessor implements InitializingBean, ChannelProcessor {
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private ChannelEntryPoint entryPoint = new RetryWithHttpsEntryPoint();
 
 	private String secureKeyword = "REQUIRES_SECURE_CHANNEL";
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public void afterPropertiesSet() {
 		Assert.hasLength(secureKeyword, "secureKeyword required");
 		Assert.notNull(entryPoint, "entryPoint required");
diff --git a/web/src/main/java/org/springframework/security/web/access/intercept/DefaultFilterInvocationSecurityMetadataSource.java b/web/src/main/java/org/springframework/security/web/access/intercept/DefaultFilterInvocationSecurityMetadataSource.java
index 034712fb59..f7312bf654 100644
--- a/web/src/main/java/org/springframework/security/web/access/intercept/DefaultFilterInvocationSecurityMetadataSource.java
+++ b/web/src/main/java/org/springframework/security/web/access/intercept/DefaultFilterInvocationSecurityMetadataSource.java
@@ -56,9 +56,6 @@ public class DefaultFilterInvocationSecurityMetadataSource implements FilterInvo
 
 	private final Map<RequestMatcher, Collection<ConfigAttribute>> requestMap;
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	/**
 	 * Sets the internal request map from the supplied map. The key elements should be of
 	 * type {@link RequestMatcher}, which. The path stored in the key will depend on the
@@ -71,9 +68,6 @@ public class DefaultFilterInvocationSecurityMetadataSource implements FilterInvo
 		this.requestMap = requestMap;
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public Collection<ConfigAttribute> getAllConfigAttributes() {
 		Set<ConfigAttribute> allAttributes = new HashSet<>();
 
diff --git a/web/src/main/java/org/springframework/security/web/access/intercept/FilterSecurityInterceptor.java b/web/src/main/java/org/springframework/security/web/access/intercept/FilterSecurityInterceptor.java
index 158b4daef2..1ca4f387b1 100644
--- a/web/src/main/java/org/springframework/security/web/access/intercept/FilterSecurityInterceptor.java
+++ b/web/src/main/java/org/springframework/security/web/access/intercept/FilterSecurityInterceptor.java
@@ -44,21 +44,12 @@ import org.springframework.security.web.FilterInvocation;
  */
 public class FilterSecurityInterceptor extends AbstractSecurityInterceptor implements Filter {
 
-	// ~ Static fields/initializers
-	// =====================================================================================
-
 	private static final String FILTER_APPLIED = "__spring_security_filterSecurityInterceptor_filterApplied";
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private FilterInvocationSecurityMetadataSource securityMetadataSource;
 
 	private boolean observeOncePerRequest = true;
 
-	// ~ Methods
-	// ========================================================================================================
-
 	/**
 	 * Not used (we rely on IoC container lifecycle services instead)
 	 * @param arg0 ignored
diff --git a/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilter.java b/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilter.java
index 53260f68c0..0d98bffd54 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilter.java
@@ -110,12 +110,6 @@ import org.springframework.web.filter.GenericFilterBean;
 public abstract class AbstractAuthenticationProcessingFilter extends GenericFilterBean
 		implements ApplicationEventPublisherAware, MessageSourceAware {
 
-	// ~ Static fields/initializers
-	// =====================================================================================
-
-	// ~ Instance fields
-	// ================================================================================================
-
 	protected ApplicationEventPublisher eventPublisher;
 
 	protected AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource = new WebAuthenticationDetailsSource();
@@ -138,9 +132,6 @@ public abstract class AbstractAuthenticationProcessingFilter extends GenericFilt
 
 	private AuthenticationFailureHandler failureHandler = new SimpleUrlAuthenticationFailureHandler();
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	/**
 	 * @param defaultFilterProcessesUrl the default value for <tt>filterProcessesUrl</tt>.
 	 */
@@ -185,9 +176,6 @@ public abstract class AbstractAuthenticationProcessingFilter extends GenericFilt
 		setAuthenticationManager(authenticationManager);
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	@Override
 	public void afterPropertiesSet() {
 		Assert.notNull(authenticationManager, "authenticationManager must be specified");
diff --git a/web/src/main/java/org/springframework/security/web/authentication/AnonymousAuthenticationFilter.java b/web/src/main/java/org/springframework/security/web/authentication/AnonymousAuthenticationFilter.java
index 788be0568f..86179f12a3 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/AnonymousAuthenticationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/AnonymousAuthenticationFilter.java
@@ -44,9 +44,6 @@ import org.springframework.web.filter.GenericFilterBean;
  */
 public class AnonymousAuthenticationFilter extends GenericFilterBean implements InitializingBean {
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource = new WebAuthenticationDetailsSource();
 
 	private String key;
@@ -78,9 +75,6 @@ public class AnonymousAuthenticationFilter extends GenericFilterBean implements
 		this.authorities = authorities;
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	@Override
 	public void afterPropertiesSet() {
 		Assert.hasLength(key, "key must have length");
diff --git a/web/src/main/java/org/springframework/security/web/authentication/LoginUrlAuthenticationEntryPoint.java b/web/src/main/java/org/springframework/security/web/authentication/LoginUrlAuthenticationEntryPoint.java
index 79244ab283..d1f18f9403 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/LoginUrlAuthenticationEntryPoint.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/LoginUrlAuthenticationEntryPoint.java
@@ -64,14 +64,8 @@ import org.springframework.util.StringUtils;
  */
 public class LoginUrlAuthenticationEntryPoint implements AuthenticationEntryPoint, InitializingBean {
 
-	// ~ Static fields/initializers
-	// =====================================================================================
-
 	private static final Log logger = LogFactory.getLog(LoginUrlAuthenticationEntryPoint.class);
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private PortMapper portMapper = new PortMapperImpl();
 
 	private PortResolver portResolver = new PortResolverImpl();
@@ -94,9 +88,6 @@ public class LoginUrlAuthenticationEntryPoint implements AuthenticationEntryPoin
 		this.loginFormUrl = loginFormUrl;
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public void afterPropertiesSet() {
 		Assert.isTrue(StringUtils.hasText(loginFormUrl) && UrlUtils.isValidRedirectUrl(loginFormUrl),
 				"loginFormUrl must be specified and must be a valid redirect URL");
diff --git a/web/src/main/java/org/springframework/security/web/authentication/NullRememberMeServices.java b/web/src/main/java/org/springframework/security/web/authentication/NullRememberMeServices.java
index 8dc1fecaf2..fdf2b9a0ca 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/NullRememberMeServices.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/NullRememberMeServices.java
@@ -31,9 +31,6 @@ import javax.servlet.http.HttpServletResponse;
  */
 public class NullRememberMeServices implements RememberMeServices {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public Authentication autoLogin(HttpServletRequest request, HttpServletResponse response) {
 		return null;
 	}
diff --git a/web/src/main/java/org/springframework/security/web/authentication/RememberMeServices.java b/web/src/main/java/org/springframework/security/web/authentication/RememberMeServices.java
index 8bd8d56c70..a90c829db5 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/RememberMeServices.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/RememberMeServices.java
@@ -48,9 +48,6 @@ import org.springframework.security.core.Authentication;
  */
 public interface RememberMeServices {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	/**
 	 * This method will be called whenever the <code>SecurityContextHolder</code> does not
 	 * contain an <code>Authentication</code> object and Spring Security wishes to provide
diff --git a/web/src/main/java/org/springframework/security/web/authentication/UsernamePasswordAuthenticationFilter.java b/web/src/main/java/org/springframework/security/web/authentication/UsernamePasswordAuthenticationFilter.java
index 8669fa0044..7958999813 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/UsernamePasswordAuthenticationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/UsernamePasswordAuthenticationFilter.java
@@ -47,9 +47,6 @@ import javax.servlet.http.HttpServletResponse;
  */
 public class UsernamePasswordAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
 
-	// ~ Static fields/initializers
-	// =====================================================================================
-
 	public static final String SPRING_SECURITY_FORM_USERNAME_KEY = "username";
 
 	public static final String SPRING_SECURITY_FORM_PASSWORD_KEY = "password";
@@ -63,9 +60,6 @@ public class UsernamePasswordAuthenticationFilter extends AbstractAuthentication
 
 	private boolean postOnly = true;
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	public UsernamePasswordAuthenticationFilter() {
 		super(DEFAULT_ANT_PATH_REQUEST_MATCHER);
 	}
@@ -74,9 +68,6 @@ public class UsernamePasswordAuthenticationFilter extends AbstractAuthentication
 		super(DEFAULT_ANT_PATH_REQUEST_MATCHER, authenticationManager);
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
 			throws AuthenticationException {
 		if (postOnly && !request.getMethod().equals("POST")) {
diff --git a/web/src/main/java/org/springframework/security/web/authentication/WebAuthenticationDetails.java b/web/src/main/java/org/springframework/security/web/authentication/WebAuthenticationDetails.java
index b099a8c745..53e0f204a6 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/WebAuthenticationDetails.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/WebAuthenticationDetails.java
@@ -32,16 +32,10 @@ public class WebAuthenticationDetails implements Serializable {
 
 	private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private final String remoteAddress;
 
 	private final String sessionId;
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	/**
 	 * Records the remote address and will also set the session Id if a session already
 	 * exists (it won't create one).
@@ -64,9 +58,6 @@ public class WebAuthenticationDetails implements Serializable {
 		this.sessionId = sessionId;
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	@Override
 	public boolean equals(Object obj) {
 		if (obj instanceof WebAuthenticationDetails) {
diff --git a/web/src/main/java/org/springframework/security/web/authentication/WebAuthenticationDetailsSource.java b/web/src/main/java/org/springframework/security/web/authentication/WebAuthenticationDetailsSource.java
index 00b501efc8..8214d3d168 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/WebAuthenticationDetailsSource.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/WebAuthenticationDetailsSource.java
@@ -30,9 +30,6 @@ import javax.servlet.http.HttpServletRequest;
 public class WebAuthenticationDetailsSource
 		implements AuthenticationDetailsSource<HttpServletRequest, WebAuthenticationDetails> {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	/**
 	 * @param context the {@code HttpServletRequest} object.
 	 * @return the {@code WebAuthenticationDetails} containing information about the
diff --git a/web/src/main/java/org/springframework/security/web/authentication/logout/LogoutFilter.java b/web/src/main/java/org/springframework/security/web/authentication/logout/LogoutFilter.java
index c7376fc8dd..e26fadae9e 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/logout/LogoutFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/logout/LogoutFilter.java
@@ -51,18 +51,12 @@ import org.springframework.web.filter.GenericFilterBean;
  */
 public class LogoutFilter extends GenericFilterBean {
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private RequestMatcher logoutRequestMatcher;
 
 	private final LogoutHandler handler;
 
 	private final LogoutSuccessHandler logoutSuccessHandler;
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	/**
 	 * Constructor which takes a <tt>LogoutSuccessHandler</tt> instance to determine the
 	 * target destination after logging out. The list of <tt>LogoutHandler</tt>s are
@@ -88,9 +82,6 @@ public class LogoutFilter extends GenericFilterBean {
 		setFilterProcessesUrl("/logout");
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
 			throws IOException, ServletException {
 		HttpServletRequest request = (HttpServletRequest) req;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/logout/LogoutHandler.java b/web/src/main/java/org/springframework/security/web/authentication/logout/LogoutHandler.java
index e423ce4d8b..c8895803c6 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/logout/LogoutHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/logout/LogoutHandler.java
@@ -31,9 +31,6 @@ import javax.servlet.http.HttpServletResponse;
  */
 public interface LogoutHandler {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	/**
 	 * Causes a logout to be completed. The method must complete successfully.
 	 * @param request the HTTP request
diff --git a/web/src/main/java/org/springframework/security/web/authentication/logout/SecurityContextLogoutHandler.java b/web/src/main/java/org/springframework/security/web/authentication/logout/SecurityContextLogoutHandler.java
index c6918afd75..1dd512eca9 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/logout/SecurityContextLogoutHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/logout/SecurityContextLogoutHandler.java
@@ -48,9 +48,6 @@ public class SecurityContextLogoutHandler implements LogoutHandler {
 
 	private boolean clearAuthentication = true;
 
-	// ~ Methods
-	// ========================================================================================================
-
 	/**
 	 * Requires the request to be passed in.
 	 * @param request from which to obtain a HTTP session (cannot be null)
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/x509/SubjectDnX509PrincipalExtractor.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/x509/SubjectDnX509PrincipalExtractor.java
index dc60db89e9..11d1b3fe6c 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/x509/SubjectDnX509PrincipalExtractor.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/x509/SubjectDnX509PrincipalExtractor.java
@@ -43,8 +43,6 @@ import java.util.regex.Matcher;
  */
 public class SubjectDnX509PrincipalExtractor implements X509PrincipalExtractor {
 
-	// ~ Instance fields
-	// ================================================================================================
 	protected final Log logger = LogFactory.getLog(getClass());
 
 	protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
diff --git a/web/src/main/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServices.java b/web/src/main/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServices.java
index 2a3f7af0c3..6edc207e27 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServices.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServices.java
@@ -58,9 +58,6 @@ import org.springframework.util.StringUtils;
  */
 public abstract class AbstractRememberMeServices implements RememberMeServices, InitializingBean, LogoutHandler {
 
-	// ~ Static fields/initializers
-	// =====================================================================================
-
 	public static final String SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY = "remember-me";
 
 	public static final String DEFAULT_PARAMETER = "remember-me";
@@ -69,8 +66,6 @@ public abstract class AbstractRememberMeServices implements RememberMeServices,
 
 	private static final String DELIMITER = ":";
 
-	// ~ Instance fields
-	// ================================================================================================
 	protected final Log logger = LogFactory.getLog(getClass());
 
 	protected final MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
diff --git a/web/src/main/java/org/springframework/security/web/authentication/rememberme/JdbcTokenRepositoryImpl.java b/web/src/main/java/org/springframework/security/web/authentication/rememberme/JdbcTokenRepositoryImpl.java
index 496a36068e..6dd195c2cd 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/rememberme/JdbcTokenRepositoryImpl.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/rememberme/JdbcTokenRepositoryImpl.java
@@ -30,9 +30,6 @@ import java.util.*;
  */
 public class JdbcTokenRepositoryImpl extends JdbcDaoSupport implements PersistentTokenRepository {
 
-	// ~ Static fields/initializers
-	// =====================================================================================
-
 	/** Default SQL for creating the database table to store the tokens */
 	public static final String CREATE_TABLE_SQL = "create table persistent_logins (username varchar(64) not null, series varchar(64) primary key, "
 			+ "token varchar(64) not null, last_used timestamp not null)";
@@ -49,9 +46,6 @@ public class JdbcTokenRepositoryImpl extends JdbcDaoSupport implements Persisten
 	/** The default SQL used by <tt>removeUserTokens</tt> */
 	public static final String DEF_REMOVE_USER_TOKENS_SQL = "delete from persistent_logins where username = ?";
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private String tokensBySeriesSql = DEF_TOKEN_BY_SERIES_SQL;
 
 	private String insertTokenSql = DEF_INSERT_TOKEN_SQL;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationException.java b/web/src/main/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationException.java
index 8dd2fcf443..0aeb3298db 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationException.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationException.java
@@ -26,9 +26,6 @@ import org.springframework.security.core.AuthenticationException;
  */
 public class RememberMeAuthenticationException extends AuthenticationException {
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	/**
 	 * Constructs a {@code RememberMeAuthenticationException} with the specified message
 	 * and root cause.
diff --git a/web/src/main/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationFilter.java b/web/src/main/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationFilter.java
index 5a8768875f..cd6ff9f875 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationFilter.java
@@ -63,9 +63,6 @@ import org.springframework.web.filter.GenericFilterBean;
  */
 public class RememberMeAuthenticationFilter extends GenericFilterBean implements ApplicationEventPublisherAware {
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private ApplicationEventPublisher eventPublisher;
 
 	private AuthenticationSuccessHandler successHandler;
@@ -82,9 +79,6 @@ public class RememberMeAuthenticationFilter extends GenericFilterBean implements
 		this.rememberMeServices = rememberMeServices;
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	@Override
 	public void afterPropertiesSet() {
 		Assert.notNull(authenticationManager, "authenticationManager must be specified");
diff --git a/web/src/main/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServices.java b/web/src/main/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServices.java
index de73ae99d5..71add1e380 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServices.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServices.java
@@ -87,9 +87,6 @@ public class TokenBasedRememberMeServices extends AbstractRememberMeServices {
 		super(key, userDetailsService);
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	@Override
 	protected UserDetails processAutoLoginCookie(String[] cookieTokens, HttpServletRequest request,
 			HttpServletResponse response) {
diff --git a/web/src/main/java/org/springframework/security/web/authentication/session/SessionFixationProtectionEvent.java b/web/src/main/java/org/springframework/security/web/authentication/session/SessionFixationProtectionEvent.java
index 36f1389ae6..1b6c36deb3 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/session/SessionFixationProtectionEvent.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/session/SessionFixationProtectionEvent.java
@@ -29,16 +29,10 @@ import org.springframework.util.Assert;
  */
 public class SessionFixationProtectionEvent extends AbstractAuthenticationEvent {
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private final String oldSessionId;
 
 	private final String newSessionId;
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	/**
 	 * Constructs a new session fixation protection event.
 	 * @param authentication The authentication object
@@ -53,9 +47,6 @@ public class SessionFixationProtectionEvent extends AbstractAuthenticationEvent
 		this.newSessionId = newSessionId;
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	/**
 	 * Getter for the session ID before it was changed.
 	 * @return the old session ID.
diff --git a/web/src/main/java/org/springframework/security/web/authentication/switchuser/AuthenticationSwitchUserEvent.java b/web/src/main/java/org/springframework/security/web/authentication/switchuser/AuthenticationSwitchUserEvent.java
index 88da2fae68..4f6d760a7b 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/switchuser/AuthenticationSwitchUserEvent.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/switchuser/AuthenticationSwitchUserEvent.java
@@ -27,14 +27,8 @@ import org.springframework.security.core.userdetails.UserDetails;
  */
 public class AuthenticationSwitchUserEvent extends AbstractAuthenticationEvent {
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private final UserDetails targetUser;
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	/**
 	 * Switch user context event constructor
 	 * @param authentication The current <code>Authentication</code> object
@@ -45,9 +39,6 @@ public class AuthenticationSwitchUserEvent extends AbstractAuthenticationEvent {
 		this.targetUser = targetUser;
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public UserDetails getTargetUser() {
 		return targetUser;
 	}
diff --git a/web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilter.java b/web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilter.java
index cf9488cc55..b51ca06d61 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilter.java
@@ -108,16 +108,10 @@ import org.springframework.web.util.UrlPathHelper;
  */
 public class SwitchUserFilter extends GenericFilterBean implements ApplicationEventPublisherAware, MessageSourceAware {
 
-	// ~ Static fields/initializers
-	// =====================================================================================
-
 	public static final String SPRING_SECURITY_SWITCH_USERNAME_KEY = "username";
 
 	public static final String ROLE_PREVIOUS_ADMINISTRATOR = "ROLE_PREVIOUS_ADMINISTRATOR";
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private ApplicationEventPublisher eventPublisher;
 
 	private AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource = new WebAuthenticationDetailsSource();
@@ -146,9 +140,6 @@ public class SwitchUserFilter extends GenericFilterBean implements ApplicationEv
 
 	private AuthenticationFailureHandler failureHandler;
 
-	// ~ Methods
-	// ========================================================================================================
-
 	@Override
 	public void afterPropertiesSet() {
 		Assert.notNull(this.userDetailsService, "userDetailsService must be specified");
diff --git a/web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserGrantedAuthority.java b/web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserGrantedAuthority.java
index 59e8f14238..90f262a262 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserGrantedAuthority.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserGrantedAuthority.java
@@ -35,15 +35,10 @@ public final class SwitchUserGrantedAuthority implements GrantedAuthority {
 
 	private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
 
-	// ~ Instance fields
-	// ================================================================================================
 	private final String role;
 
 	private final Authentication source;
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	public SwitchUserGrantedAuthority(String role, Authentication source) {
 		Assert.notNull(role, "role cannot be null");
 		Assert.notNull(source, "source cannot be null");
@@ -51,9 +46,6 @@ public final class SwitchUserGrantedAuthority implements GrantedAuthority {
 		this.source = source;
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	/**
 	 * Returns the original user associated with a successful user switch.
 	 * @return The original <code>Authentication</code> object of the switched user.
diff --git a/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationEntryPoint.java b/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationEntryPoint.java
index 5b66e00417..252d1cc3b5 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationEntryPoint.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationEntryPoint.java
@@ -42,14 +42,8 @@ import org.springframework.util.Assert;
  */
 public class BasicAuthenticationEntryPoint implements AuthenticationEntryPoint, InitializingBean {
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private String realmName;
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public void afterPropertiesSet() {
 		Assert.hasText(realmName, "realmName must be specified");
 	}
diff --git a/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilter.java b/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilter.java
index da0d342975..4d39673623 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilter.java
@@ -89,9 +89,6 @@ import org.springframework.web.filter.OncePerRequestFilter;
  */
 public class BasicAuthenticationFilter extends OncePerRequestFilter {
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private AuthenticationEntryPoint authenticationEntryPoint;
 
 	private AuthenticationManager authenticationManager;
@@ -132,9 +129,6 @@ public class BasicAuthenticationFilter extends OncePerRequestFilter {
 		this.authenticationEntryPoint = authenticationEntryPoint;
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	@Override
 	public void afterPropertiesSet() {
 		Assert.notNull(this.authenticationManager, "An AuthenticationManager is required");
diff --git a/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthenticationEntryPoint.java b/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthenticationEntryPoint.java
index 2bc777e21a..896c4c417a 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthenticationEntryPoint.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthenticationEntryPoint.java
@@ -46,14 +46,8 @@ import org.springframework.security.web.AuthenticationEntryPoint;
  */
 public class DigestAuthenticationEntryPoint implements AuthenticationEntryPoint, InitializingBean, Ordered {
 
-	// ~ Static fields/initializers
-	// =====================================================================================
-
 	private static final Log logger = LogFactory.getLog(DigestAuthenticationEntryPoint.class);
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private String key;
 
 	private String realmName;
@@ -62,9 +56,6 @@ public class DigestAuthenticationEntryPoint implements AuthenticationEntryPoint,
 
 	private int order = Integer.MAX_VALUE; // ~ default
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public int getOrder() {
 		return order;
 	}
diff --git a/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilter.java b/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilter.java
index 6f6abb7faf..caeb12f489 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilter.java
@@ -89,14 +89,8 @@ import org.springframework.web.filter.GenericFilterBean;
  */
 public class DigestAuthenticationFilter extends GenericFilterBean implements MessageSourceAware {
 
-	// ~ Static fields/initializers
-	// =====================================================================================
-
 	private static final Log logger = LogFactory.getLog(DigestAuthenticationFilter.class);
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource = new WebAuthenticationDetailsSource();
 
 	private DigestAuthenticationEntryPoint authenticationEntryPoint;
@@ -111,9 +105,6 @@ public class DigestAuthenticationFilter extends GenericFilterBean implements Mes
 
 	private boolean createAuthenticatedToken = false;
 
-	// ~ Methods
-	// ========================================================================================================
-
 	@Override
 	public void afterPropertiesSet() {
 		Assert.notNull(this.userDetailsService, "A UserDetailsService is required");
diff --git a/web/src/main/java/org/springframework/security/web/authentication/www/NonceExpiredException.java b/web/src/main/java/org/springframework/security/web/authentication/www/NonceExpiredException.java
index 038e381c82..a2716bbef2 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/www/NonceExpiredException.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/www/NonceExpiredException.java
@@ -25,9 +25,6 @@ import org.springframework.security.core.AuthenticationException;
  */
 public class NonceExpiredException extends AuthenticationException {
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	/**
 	 * Constructs a <code>NonceExpiredException</code> with the specified message.
 	 * @param msg the detail message
diff --git a/web/src/main/java/org/springframework/security/web/context/HttpSessionSecurityContextRepository.java b/web/src/main/java/org/springframework/security/web/context/HttpSessionSecurityContextRepository.java
index 9dce3f766c..4858607a06 100644
--- a/web/src/main/java/org/springframework/security/web/context/HttpSessionSecurityContextRepository.java
+++ b/web/src/main/java/org/springframework/security/web/context/HttpSessionSecurityContextRepository.java
@@ -253,9 +253,6 @@ public class HttpSessionSecurityContextRepository implements SecurityContextRepo
 		this.springSecurityContextKey = springSecurityContextKey;
 	}
 
-	// ~ Inner Classes
-	// ==================================================================================================
-
 	private static class SaveToSessionRequestWrapper extends HttpServletRequestWrapper {
 
 		private final SaveContextOnUpdateOrErrorResponseWrapper response;
diff --git a/web/src/main/java/org/springframework/security/web/firewall/RequestRejectedHandler.java b/web/src/main/java/org/springframework/security/web/firewall/RequestRejectedHandler.java
index 7646b895f1..c3a05e6fcc 100644
--- a/web/src/main/java/org/springframework/security/web/firewall/RequestRejectedHandler.java
+++ b/web/src/main/java/org/springframework/security/web/firewall/RequestRejectedHandler.java
@@ -30,9 +30,6 @@ import javax.servlet.http.HttpServletResponse;
  */
 public interface RequestRejectedHandler {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	/**
 	 * Handles an request rejected failure.
 	 * @param request that resulted in an <code>RequestRejectedException</code>
diff --git a/web/src/main/java/org/springframework/security/web/jaasapi/JaasApiIntegrationFilter.java b/web/src/main/java/org/springframework/security/web/jaasapi/JaasApiIntegrationFilter.java
index ac4552870b..99ca04eba8 100644
--- a/web/src/main/java/org/springframework/security/web/jaasapi/JaasApiIntegrationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/jaasapi/JaasApiIntegrationFilter.java
@@ -49,14 +49,8 @@ import org.springframework.web.filter.GenericFilterBean;
  */
 public class JaasApiIntegrationFilter extends GenericFilterBean {
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private boolean createEmptySubject;
 
-	// ~ Methods
-	// ========================================================================================================
-
 	/**
 	 * <p>
 	 * Attempts to obtain and run as a JAAS <code>Subject</code> using
diff --git a/web/src/main/java/org/springframework/security/web/savedrequest/DefaultSavedRequest.java b/web/src/main/java/org/springframework/security/web/savedrequest/DefaultSavedRequest.java
index efbdc8d546..1384bb8ae5 100644
--- a/web/src/main/java/org/springframework/security/web/savedrequest/DefaultSavedRequest.java
+++ b/web/src/main/java/org/springframework/security/web/savedrequest/DefaultSavedRequest.java
@@ -52,18 +52,12 @@ import java.util.*;
  */
 public class DefaultSavedRequest implements SavedRequest {
 
-	// ~ Static fields/initializers
-	// =====================================================================================
-
 	protected static final Log logger = LogFactory.getLog(DefaultSavedRequest.class);
 
 	private static final String HEADER_IF_NONE_MATCH = "If-None-Match";
 
 	private static final String HEADER_IF_MODIFIED_SINCE = "If-Modified-Since";
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private final ArrayList<SavedCookie> cookies = new ArrayList<>();
 
 	private final ArrayList<Locale> locales = new ArrayList<>();
@@ -92,9 +86,6 @@ public class DefaultSavedRequest implements SavedRequest {
 
 	private final int serverPort;
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	@SuppressWarnings("unchecked")
 	public DefaultSavedRequest(HttpServletRequest request, PortResolver portResolver) {
 		Assert.notNull(request, "Request required");
@@ -154,9 +145,6 @@ public class DefaultSavedRequest implements SavedRequest {
 		this.serverPort = builder.serverPort;
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	/**
 	 * @since 4.2
 	 */
diff --git a/web/src/main/java/org/springframework/security/web/savedrequest/Enumerator.java b/web/src/main/java/org/springframework/security/web/savedrequest/Enumerator.java
index cb3b1682bf..75cd7566fd 100644
--- a/web/src/main/java/org/springframework/security/web/savedrequest/Enumerator.java
+++ b/web/src/main/java/org/springframework/security/web/savedrequest/Enumerator.java
@@ -41,18 +41,12 @@ import java.util.NoSuchElementException;
  */
 public class Enumerator<T> implements Enumeration<T> {
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	/**
 	 * The <code>Iterator</code> over which the <code>Enumeration</code> represented by
 	 * this class actually operates.
 	 */
 	private Iterator<T> iterator = null;
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	/**
 	 * Return an Enumeration over the values of the specified Collection.
 	 * @param collection Collection whose values should be enumerated
@@ -116,9 +110,6 @@ public class Enumerator<T> implements Enumeration<T> {
 		this(map.values().iterator(), clone);
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	/**
 	 * Tests if this enumeration contains more elements.
 	 * @return <code>true</code> if and only if this enumeration object contains at least
diff --git a/web/src/main/java/org/springframework/security/web/savedrequest/FastHttpDateFormat.java b/web/src/main/java/org/springframework/security/web/savedrequest/FastHttpDateFormat.java
index 951f1c5b47..087a4c5b7a 100644
--- a/web/src/main/java/org/springframework/security/web/savedrequest/FastHttpDateFormat.java
+++ b/web/src/main/java/org/springframework/security/web/savedrequest/FastHttpDateFormat.java
@@ -35,9 +35,6 @@ import java.util.TimeZone;
  */
 public class FastHttpDateFormat {
 
-	// ~ Static fields/initializers
-	// =====================================================================================
-
 	/** HTTP date format. */
 	protected static final SimpleDateFormat format = new SimpleDateFormat("EEE, dd MMM yyyy HH:mm:ss zzz", Locale.US);
 
@@ -70,9 +67,6 @@ public class FastHttpDateFormat {
 	/** Parser cache. */
 	protected static final HashMap<String, Long> parseCache = new HashMap<>();
 
-	// ~ Methods
-	// ========================================================================================================
-
 	/**
 	 * Formats a specified date to HTTP format. If local format is not <code>null</code>,
 	 * it's used instead.
diff --git a/web/src/main/java/org/springframework/security/web/savedrequest/SavedRequestAwareWrapper.java b/web/src/main/java/org/springframework/security/web/savedrequest/SavedRequestAwareWrapper.java
index b99eb5d8be..a8852f59cf 100644
--- a/web/src/main/java/org/springframework/security/web/savedrequest/SavedRequestAwareWrapper.java
+++ b/web/src/main/java/org/springframework/security/web/savedrequest/SavedRequestAwareWrapper.java
@@ -54,9 +54,6 @@ import org.apache.commons.logging.LogFactory;
  */
 class SavedRequestAwareWrapper extends HttpServletRequestWrapper {
 
-	// ~ Static fields/initializers
-	// =====================================================================================
-
 	protected static final Log logger = LogFactory.getLog(SavedRequestAwareWrapper.class);
 
 	protected static final TimeZone GMT_ZONE = TimeZone.getTimeZone("GMT");
@@ -64,9 +61,6 @@ class SavedRequestAwareWrapper extends HttpServletRequestWrapper {
 	/** The default Locale if none are specified. */
 	protected static Locale defaultLocale = Locale.getDefault();
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	protected SavedRequest savedRequest = null;
 
 	/**
@@ -76,9 +70,6 @@ class SavedRequestAwareWrapper extends HttpServletRequestWrapper {
 	 */
 	protected final SimpleDateFormat[] formats = new SimpleDateFormat[3];
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	SavedRequestAwareWrapper(SavedRequest saved, HttpServletRequest request) {
 		super(request);
 		savedRequest = saved;
@@ -92,9 +83,6 @@ class SavedRequestAwareWrapper extends HttpServletRequestWrapper {
 		formats[2].setTimeZone(GMT_ZONE);
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	@Override
 	public long getDateHeader(String name) {
 		String value = getHeader(name);
diff --git a/web/src/main/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestFilter.java b/web/src/main/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestFilter.java
index 2b7727daca..d4742dc9b1 100644
--- a/web/src/main/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestFilter.java
+++ b/web/src/main/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestFilter.java
@@ -68,9 +68,6 @@ import org.springframework.web.filter.GenericFilterBean;
  */
 public class SecurityContextHolderAwareRequestFilter extends GenericFilterBean {
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private String rolePrefix = "ROLE_";
 
 	private HttpServletRequestFactory requestFactory;
@@ -83,9 +80,6 @@ public class SecurityContextHolderAwareRequestFilter extends GenericFilterBean {
 
 	private AuthenticationTrustResolver trustResolver = new AuthenticationTrustResolverImpl();
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public void setRolePrefix(String rolePrefix) {
 		Assert.notNull(rolePrefix, "Role prefix must not be null");
 		this.rolePrefix = rolePrefix;
diff --git a/web/src/main/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestWrapper.java b/web/src/main/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestWrapper.java
index 339e491a45..518352bf1f 100644
--- a/web/src/main/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestWrapper.java
+++ b/web/src/main/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestWrapper.java
@@ -49,9 +49,6 @@ import org.springframework.util.Assert;
  */
 public class SecurityContextHolderAwareRequestWrapper extends HttpServletRequestWrapper {
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private final AuthenticationTrustResolver trustResolver;
 
 	/**
@@ -60,9 +57,6 @@ public class SecurityContextHolderAwareRequestWrapper extends HttpServletRequest
 	 */
 	private final String rolePrefix;
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	/**
 	 * Creates a new instance with {@link AuthenticationTrustResolverImpl}.
 	 * @param request
@@ -88,9 +82,6 @@ public class SecurityContextHolderAwareRequestWrapper extends HttpServletRequest
 		this.trustResolver = trustResolver;
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	/**
 	 * Obtain the current active <code>Authentication</code>
 	 * @return the authentication object or <code>null</code>
diff --git a/web/src/main/java/org/springframework/security/web/session/ConcurrentSessionFilter.java b/web/src/main/java/org/springframework/security/web/session/ConcurrentSessionFilter.java
index b8058b1627..cbd5404ec4 100644
--- a/web/src/main/java/org/springframework/security/web/session/ConcurrentSessionFilter.java
+++ b/web/src/main/java/org/springframework/security/web/session/ConcurrentSessionFilter.java
@@ -66,9 +66,6 @@ import org.springframework.web.filter.GenericFilterBean;
  */
 public class ConcurrentSessionFilter extends GenericFilterBean {
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private final SessionRegistry sessionRegistry;
 
 	private String expiredUrl;
@@ -79,9 +76,6 @@ public class ConcurrentSessionFilter extends GenericFilterBean {
 
 	private SessionInformationExpiredStrategy sessionInformationExpiredStrategy;
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public ConcurrentSessionFilter(SessionRegistry sessionRegistry) {
 		Assert.notNull(sessionRegistry, "SessionRegistry required");
 		this.sessionRegistry = sessionRegistry;
diff --git a/web/src/main/java/org/springframework/security/web/session/HttpSessionCreatedEvent.java b/web/src/main/java/org/springframework/security/web/session/HttpSessionCreatedEvent.java
index 043ea86c5b..f9fe0d9721 100644
--- a/web/src/main/java/org/springframework/security/web/session/HttpSessionCreatedEvent.java
+++ b/web/src/main/java/org/springframework/security/web/session/HttpSessionCreatedEvent.java
@@ -29,9 +29,6 @@ import org.springframework.security.core.session.SessionCreationEvent;
  */
 public class HttpSessionCreatedEvent extends SessionCreationEvent {
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	public HttpSessionCreatedEvent(HttpSession session) {
 		super(session);
 	}
diff --git a/web/src/main/java/org/springframework/security/web/session/HttpSessionDestroyedEvent.java b/web/src/main/java/org/springframework/security/web/session/HttpSessionDestroyedEvent.java
index ab483d3192..6d14edc90a 100644
--- a/web/src/main/java/org/springframework/security/web/session/HttpSessionDestroyedEvent.java
+++ b/web/src/main/java/org/springframework/security/web/session/HttpSessionDestroyedEvent.java
@@ -33,9 +33,6 @@ import java.util.*;
  */
 public class HttpSessionDestroyedEvent extends SessionDestroyedEvent {
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	public HttpSessionDestroyedEvent(HttpSession session) {
 		super(session);
 	}
diff --git a/web/src/main/java/org/springframework/security/web/session/HttpSessionEventPublisher.java b/web/src/main/java/org/springframework/security/web/session/HttpSessionEventPublisher.java
index c73867825f..90e4ec18d3 100644
--- a/web/src/main/java/org/springframework/security/web/session/HttpSessionEventPublisher.java
+++ b/web/src/main/java/org/springframework/security/web/session/HttpSessionEventPublisher.java
@@ -46,14 +46,8 @@ import javax.servlet.http.HttpSessionListener;
  */
 public class HttpSessionEventPublisher implements HttpSessionListener, HttpSessionIdListener {
 
-	// ~ Static fields/initializers
-	// =====================================================================================
-
 	private static final String LOGGER_NAME = HttpSessionEventPublisher.class.getName();
 
-	// ~ Methods
-	// ========================================================================================================
-
 	ApplicationContext getContext(ServletContext servletContext) {
 		return SecurityWebApplicationContextUtils.findRequiredWebApplicationContext(servletContext);
 	}
diff --git a/web/src/main/java/org/springframework/security/web/session/SessionManagementFilter.java b/web/src/main/java/org/springframework/security/web/session/SessionManagementFilter.java
index bc68ed65da..1c9f342b2d 100644
--- a/web/src/main/java/org/springframework/security/web/session/SessionManagementFilter.java
+++ b/web/src/main/java/org/springframework/security/web/session/SessionManagementFilter.java
@@ -49,14 +49,8 @@ import org.springframework.web.filter.GenericFilterBean;
  */
 public class SessionManagementFilter extends GenericFilterBean {
 
-	// ~ Static fields/initializers
-	// =====================================================================================
-
 	static final String FILTER_APPLIED = "__spring_security_session_mgmt_filter_applied";
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private final SecurityContextRepository securityContextRepository;
 
 	private SessionAuthenticationStrategy sessionAuthenticationStrategy;
diff --git a/web/src/main/java/org/springframework/security/web/util/UrlUtils.java b/web/src/main/java/org/springframework/security/web/util/UrlUtils.java
index 1667591f37..1d8ba499b0 100644
--- a/web/src/main/java/org/springframework/security/web/util/UrlUtils.java
+++ b/web/src/main/java/org/springframework/security/web/util/UrlUtils.java
@@ -30,9 +30,6 @@ import javax.servlet.http.HttpServletRequest;
  */
 public final class UrlUtils {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public static String buildFullRequestUrl(HttpServletRequest r) {
 		return buildFullRequestUrl(r.getScheme(), r.getServerName(), r.getServerPort(), r.getRequestURI(),
 				r.getQueryString());
diff --git a/web/src/test/java/org/springframework/security/MockFilterConfig.java b/web/src/test/java/org/springframework/security/MockFilterConfig.java
index 6ed79fa574..a105de9600 100644
--- a/web/src/test/java/org/springframework/security/MockFilterConfig.java
+++ b/web/src/test/java/org/springframework/security/MockFilterConfig.java
@@ -29,13 +29,8 @@ import javax.servlet.ServletContext;
 @SuppressWarnings("unchecked")
 public class MockFilterConfig implements FilterConfig {
 
-	// ~ Instance fields
-	// ================================================================================================
 	private Map map = new HashMap();
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public String getFilterName() {
 		throw new UnsupportedOperationException("mock method not implemented");
 	}
diff --git a/web/src/test/java/org/springframework/security/MockPortResolver.java b/web/src/test/java/org/springframework/security/MockPortResolver.java
index c33fe3ec83..b06d4af07c 100644
--- a/web/src/test/java/org/springframework/security/MockPortResolver.java
+++ b/web/src/test/java/org/springframework/security/MockPortResolver.java
@@ -27,24 +27,15 @@ import javax.servlet.ServletRequest;
  */
 public class MockPortResolver implements PortResolver {
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private int http = 80;
 
 	private int https = 443;
 
-	// ~ Constructors
-	// ===================================================================================================
-
 	public MockPortResolver(int http, int https) {
 		this.http = http;
 		this.https = https;
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public int getServerPort(ServletRequest request) {
 		if ((request.getScheme() != null) && request.getScheme().equals("https")) {
 			return https;
diff --git a/web/src/test/java/org/springframework/security/web/FilterInvocationTests.java b/web/src/test/java/org/springframework/security/web/FilterInvocationTests.java
index 297fa9df51..a17c05cbfc 100644
--- a/web/src/test/java/org/springframework/security/web/FilterInvocationTests.java
+++ b/web/src/test/java/org/springframework/security/web/FilterInvocationTests.java
@@ -37,9 +37,6 @@ import org.springframework.security.web.util.UrlUtils;
  */
 public class FilterInvocationTests {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	@Test
 	public void testGettersAndStringMethods() {
 		MockHttpServletRequest request = new MockHttpServletRequest(null, null);
diff --git a/web/src/test/java/org/springframework/security/web/PortMapperImplTests.java b/web/src/test/java/org/springframework/security/web/PortMapperImplTests.java
index b5424520e6..1c4a6db3c7 100644
--- a/web/src/test/java/org/springframework/security/web/PortMapperImplTests.java
+++ b/web/src/test/java/org/springframework/security/web/PortMapperImplTests.java
@@ -31,8 +31,6 @@ import org.junit.Test;
  */
 public class PortMapperImplTests {
 
-	// ~ Methods
-	// ========================================================================================================
 	@Test
 	public void testDefaultMappingsAreKnown() {
 		PortMapperImpl portMapper = new PortMapperImpl();
diff --git a/web/src/test/java/org/springframework/security/web/PortResolverImplTests.java b/web/src/test/java/org/springframework/security/web/PortResolverImplTests.java
index 5778c4eee7..7a8f1f16ec 100644
--- a/web/src/test/java/org/springframework/security/web/PortResolverImplTests.java
+++ b/web/src/test/java/org/springframework/security/web/PortResolverImplTests.java
@@ -29,8 +29,6 @@ import org.springframework.mock.web.MockHttpServletRequest;
  */
 public class PortResolverImplTests {
 
-	// ~ Methods
-	// ========================================================================================================
 	@Test
 	public void testDetectsBuggyIeHttpRequest() {
 		PortResolverImpl pr = new PortResolverImpl();
diff --git a/web/src/test/java/org/springframework/security/web/access/DefaultWebInvocationPrivilegeEvaluatorTests.java b/web/src/test/java/org/springframework/security/web/access/DefaultWebInvocationPrivilegeEvaluatorTests.java
index aa8e3e5e19..8337dc2cf1 100644
--- a/web/src/test/java/org/springframework/security/web/access/DefaultWebInvocationPrivilegeEvaluatorTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/DefaultWebInvocationPrivilegeEvaluatorTests.java
@@ -48,9 +48,6 @@ public class DefaultWebInvocationPrivilegeEvaluatorTests {
 
 	private FilterSecurityInterceptor interceptor;
 
-	// ~ Methods
-	// ========================================================================================================
-
 	@Before
 	public final void setUp() {
 		interceptor = new FilterSecurityInterceptor();
diff --git a/web/src/test/java/org/springframework/security/web/access/channel/ChannelDecisionManagerImplTests.java b/web/src/test/java/org/springframework/security/web/access/channel/ChannelDecisionManagerImplTests.java
index e9f5b16e6f..3febacc27e 100644
--- a/web/src/test/java/org/springframework/security/web/access/channel/ChannelDecisionManagerImplTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/channel/ChannelDecisionManagerImplTests.java
@@ -44,8 +44,6 @@ import static org.mockito.Mockito.mock;
 @SuppressWarnings("unchecked")
 public class ChannelDecisionManagerImplTests {
 
-	// ~ Methods
-	// ========================================================================================================
 	@Test
 	public void testCannotSetEmptyChannelProcessorsList() throws Exception {
 		ChannelDecisionManagerImpl cdm = new ChannelDecisionManagerImpl();
@@ -190,9 +188,6 @@ public class ChannelDecisionManagerImplTests {
 		}
 	}
 
-	// ~ Inner Classes
-	// ==================================================================================================
-
 	private class MockChannelProcessor implements ChannelProcessor {
 
 		private String configAttribute;
diff --git a/web/src/test/java/org/springframework/security/web/access/channel/ChannelProcessingFilterTests.java b/web/src/test/java/org/springframework/security/web/access/channel/ChannelProcessingFilterTests.java
index 98aa2cf4e1..db85f0540a 100644
--- a/web/src/test/java/org/springframework/security/web/access/channel/ChannelProcessingFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/channel/ChannelProcessingFilterTests.java
@@ -39,9 +39,6 @@ import org.springframework.security.web.access.intercept.FilterInvocationSecurit
  */
 public class ChannelProcessingFilterTests {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	@Test(expected = IllegalArgumentException.class)
 	public void testDetectsMissingChannelDecisionManager() {
 		ChannelProcessingFilter filter = new ChannelProcessingFilter();
@@ -152,9 +149,6 @@ public class ChannelProcessingFilterTests {
 		filter.afterPropertiesSet();
 	}
 
-	// ~ Inner Classes
-	// ==================================================================================================
-
 	private class MockChannelDecisionManager implements ChannelDecisionManager {
 
 		private String supportAttribute;
diff --git a/web/src/test/java/org/springframework/security/web/access/channel/RetryWithHttpEntryPointTests.java b/web/src/test/java/org/springframework/security/web/access/channel/RetryWithHttpEntryPointTests.java
index 5e4d57987a..bf67247ff3 100644
--- a/web/src/test/java/org/springframework/security/web/access/channel/RetryWithHttpEntryPointTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/channel/RetryWithHttpEntryPointTests.java
@@ -40,8 +40,6 @@ import static org.mockito.Mockito.mock;
  */
 public class RetryWithHttpEntryPointTests {
 
-	// ~ Methods
-	// ========================================================================================================
 	@Test
 	public void testDetectsMissingPortMapper() {
 		RetryWithHttpEntryPoint ep = new RetryWithHttpEntryPoint();
diff --git a/web/src/test/java/org/springframework/security/web/access/channel/RetryWithHttpsEntryPointTests.java b/web/src/test/java/org/springframework/security/web/access/channel/RetryWithHttpsEntryPointTests.java
index 33c4bff1b4..f41efbcabc 100644
--- a/web/src/test/java/org/springframework/security/web/access/channel/RetryWithHttpsEntryPointTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/channel/RetryWithHttpsEntryPointTests.java
@@ -36,8 +36,6 @@ import java.util.Map;
  */
 public class RetryWithHttpsEntryPointTests {
 
-	// ~ Methods
-	// ========================================================================================================
 	@Test
 	public void testDetectsMissingPortMapper() {
 		RetryWithHttpsEntryPoint ep = new RetryWithHttpsEntryPoint();
diff --git a/web/src/test/java/org/springframework/security/web/access/channel/SecureChannelProcessorTests.java b/web/src/test/java/org/springframework/security/web/access/channel/SecureChannelProcessorTests.java
index 346a599123..ed32daf7a2 100644
--- a/web/src/test/java/org/springframework/security/web/access/channel/SecureChannelProcessorTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/channel/SecureChannelProcessorTests.java
@@ -35,8 +35,6 @@ import org.springframework.security.web.access.channel.SecureChannelProcessor;
  */
 public class SecureChannelProcessorTests {
 
-	// ~ Methods
-	// ========================================================================================================
 	@Test
 	public void testDecideDetectsAcceptableChannel() throws Exception {
 		MockHttpServletRequest request = new MockHttpServletRequest();
diff --git a/web/src/test/java/org/springframework/security/web/access/intercept/DefaultFilterInvocationSecurityMetadataSourceTests.java b/web/src/test/java/org/springframework/security/web/access/intercept/DefaultFilterInvocationSecurityMetadataSourceTests.java
index 18b634a5fd..5f207669bc 100644
--- a/web/src/test/java/org/springframework/security/web/access/intercept/DefaultFilterInvocationSecurityMetadataSourceTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/intercept/DefaultFilterInvocationSecurityMetadataSourceTests.java
@@ -45,8 +45,6 @@ public class DefaultFilterInvocationSecurityMetadataSourceTests {
 
 	private Collection<ConfigAttribute> def = SecurityConfig.createList("ROLE_ONE");
 
-	// ~ Methods
-	// ========================================================================================================
 	private void createFids(String pattern, String method) {
 		LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>> requestMap = new LinkedHashMap<>();
 		requestMap.put(new AntPathRequestMatcher(pattern, method), this.def);
diff --git a/web/src/test/java/org/springframework/security/web/access/intercept/FilterSecurityInterceptorTests.java b/web/src/test/java/org/springframework/security/web/access/intercept/FilterSecurityInterceptorTests.java
index b5e464c07d..34d8b79cf4 100644
--- a/web/src/test/java/org/springframework/security/web/access/intercept/FilterSecurityInterceptorTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/intercept/FilterSecurityInterceptorTests.java
@@ -62,9 +62,6 @@ public class FilterSecurityInterceptorTests {
 
 	private ApplicationEventPublisher publisher;
 
-	// ~ Methods
-	// ========================================================================================================
-
 	@Before
 	public final void setUp() {
 		interceptor = new FilterSecurityInterceptor();
diff --git a/web/src/test/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilterTests.java
index 47431f43eb..f6690cd940 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilterTests.java
@@ -68,9 +68,6 @@ public class AbstractAuthenticationProcessingFilterTests {
 
 	SimpleUrlAuthenticationFailureHandler failureHandler;
 
-	// ~ Methods
-	// ========================================================================================================
-
 	private MockHttpServletRequest createMockAuthenticationRequest() {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 
@@ -476,9 +473,6 @@ public class AbstractAuthenticationProcessingFilterTests {
 		filter.setRememberMeServices(null);
 	}
 
-	// ~ Inner Classes
-	// ==================================================================================================
-
 	private class MockAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
 
 		private static final String DEFAULT_FILTER_PROCESSING_URL = "/j_mock_post";
diff --git a/web/src/test/java/org/springframework/security/web/authentication/AnonymousAuthenticationFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/AnonymousAuthenticationFilterTests.java
index 821a51e1e8..0816a26477 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/AnonymousAuthenticationFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/AnonymousAuthenticationFilterTests.java
@@ -48,9 +48,6 @@ import static org.mockito.Mockito.mock;
  */
 public class AnonymousAuthenticationFilterTests {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	private void executeFilterInContainerSimulator(FilterConfig filterConfig, Filter filter, ServletRequest request,
 			ServletResponse response, FilterChain filterChain) throws ServletException, IOException {
 		filter.doFilter(request, response, filterChain);
@@ -109,9 +106,6 @@ public class AnonymousAuthenticationFilterTests {
 																	// again
 	}
 
-	// ~ Inner Classes
-	// ==================================================================================================
-
 	private class MockFilterChain implements FilterChain {
 
 		private boolean expectToProceed;
diff --git a/web/src/test/java/org/springframework/security/web/authentication/LoginUrlAuthenticationEntryPointTests.java b/web/src/test/java/org/springframework/security/web/authentication/LoginUrlAuthenticationEntryPointTests.java
index 35712c9402..8919062fe8 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/LoginUrlAuthenticationEntryPointTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/LoginUrlAuthenticationEntryPointTests.java
@@ -34,9 +34,6 @@ import org.springframework.security.web.PortMapperImpl;
  */
 public class LoginUrlAuthenticationEntryPointTests {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	@Test(expected = IllegalArgumentException.class)
 	public void testDetectsMissingLoginFormUrl() {
 		new LoginUrlAuthenticationEntryPoint(null);
diff --git a/web/src/test/java/org/springframework/security/web/authentication/UsernamePasswordAuthenticationFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/UsernamePasswordAuthenticationFilterTests.java
index 5e5f90f816..84b3986697 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/UsernamePasswordAuthenticationFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/UsernamePasswordAuthenticationFilterTests.java
@@ -35,9 +35,6 @@ import org.springframework.security.core.AuthenticationException;
  */
 public class UsernamePasswordAuthenticationFilterTests {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	@Test
 	public void testNormalOperation() {
 		MockHttpServletRequest request = new MockHttpServletRequest("POST", "/");
diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/x509/X509TestUtils.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/x509/X509TestUtils.java
index 5c09f1b327..1649e9468b 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/preauth/x509/X509TestUtils.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/x509/X509TestUtils.java
@@ -27,9 +27,6 @@ import java.security.cert.X509Certificate;
  */
 public class X509TestUtils {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	/**
 	 * Builds an X.509 certificate. In human-readable form it is:
 	 *
diff --git a/web/src/test/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServicesTests.java b/web/src/test/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServicesTests.java
index 122089f5a0..396d067d24 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServicesTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServicesTests.java
@@ -482,9 +482,6 @@ public class AbstractRememberMeServicesTests {
 		assertThat(returnedCookie.getMaxAge()).isZero();
 	}
 
-	// ~ Inner Classes
-	// ==================================================================================================
-
 	static class MockRememberMeServices extends AbstractRememberMeServices {
 
 		boolean loginSuccessCalled;
diff --git a/web/src/test/java/org/springframework/security/web/authentication/rememberme/NullRememberMeServicesTests.java b/web/src/test/java/org/springframework/security/web/authentication/rememberme/NullRememberMeServicesTests.java
index 5155b88e6a..2c68d151ed 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/rememberme/NullRememberMeServicesTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/rememberme/NullRememberMeServicesTests.java
@@ -28,8 +28,6 @@ import org.springframework.security.web.authentication.NullRememberMeServices;
  */
 public class NullRememberMeServicesTests {
 
-	// ~ Methods
-	// ========================================================================================================
 	@Test
 	public void testAlwaysReturnsNull() {
 		NullRememberMeServices services = new NullRememberMeServices();
diff --git a/web/src/test/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationFilterTests.java
index 852b08844f..8680042509 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationFilterTests.java
@@ -46,9 +46,6 @@ public class RememberMeAuthenticationFilterTests {
 
 	Authentication remembered = new TestingAuthenticationToken("remembered", "password", "ROLE_REMEMBERED");
 
-	// ~ Methods
-	// ========================================================================================================
-
 	@Before
 	public void setUp() {
 		SecurityContextHolder.clearContext();
@@ -155,9 +152,6 @@ public class RememberMeAuthenticationFilterTests {
 		verifyZeroInteractions(fc);
 	}
 
-	// ~ Inner Classes
-	// ==================================================================================================
-
 	private class MockRememberMeServices implements RememberMeServices {
 
 		private Authentication authToReturn;
diff --git a/web/src/test/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServicesTests.java b/web/src/test/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServicesTests.java
index 01fc2eb9b9..940bc7b468 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServicesTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServicesTests.java
@@ -54,9 +54,6 @@ public class TokenBasedRememberMeServicesTests {
 
 	private TokenBasedRememberMeServices services;
 
-	// ~ Methods
-	// ========================================================================================================
-
 	@Before
 	public void createTokenBasedRememberMeServices() {
 		uds = mock(UserDetailsService.class);
diff --git a/web/src/test/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilterTests.java
index f9713974d2..47ad26bdc0 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilterTests.java
@@ -547,8 +547,6 @@ public class SwitchUserFilterTests {
 		SwitchUserFilter filter = new SwitchUserFilter();
 		filter.setSwitchFailureUrl("/foo");
 	}
-	// ~ Inner Classes
-	// ==================================================================================================
 
 	private class MockUserDetailsService implements UserDetailsService {
 
diff --git a/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilterTests.java
index f3deabd231..b592cf3150 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilterTests.java
@@ -50,16 +50,10 @@ import java.nio.charset.StandardCharsets;
  */
 public class BasicAuthenticationFilterTests {
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private BasicAuthenticationFilter filter;
 
 	private AuthenticationManager manager;
 
-	// ~ Methods
-	// ========================================================================================================
-
 	@Before
 	public void setUp() {
 		SecurityContextHolder.clearContext();
diff --git a/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthUtilsTests.java b/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthUtilsTests.java
index 9f2623c2e4..4fe571904c 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthUtilsTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthUtilsTests.java
@@ -31,11 +31,6 @@ import org.springframework.util.StringUtils;
  */
 public class DigestAuthUtilsTests {
 
-	// ~ Constructors
-	// ===================================================================================================
-
-	// ~ Methods
-	// ========================================================================================================
 	@Test
 	public void testSplitEachArrayElementAndCreateMapNormalOperation() {
 		// note it ignores malformed entries (ie those without an equals sign)
diff --git a/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthenticationEntryPointTests.java b/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthenticationEntryPointTests.java
index 4c2360ec46..adfe482442 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthenticationEntryPointTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthenticationEntryPointTests.java
@@ -37,9 +37,6 @@ import static org.assertj.core.api.Assertions.fail;
  */
 public class DigestAuthenticationEntryPointTests {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	private void checkNonceValid(String nonce) {
 		// Check the nonce seems to be generated correctly
 		// format of nonce is:
diff --git a/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilterTests.java
index cb85338d7e..55d77f89d5 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilterTests.java
@@ -54,9 +54,6 @@ import static org.mockito.Mockito.verify;
  */
 public class DigestAuthenticationFilterTests {
 
-	// ~ Static fields/initializers
-	// =====================================================================================
-
 	private static final String NC = "00000002";
 
 	private static final String CNONCE = "c822c727a648aba7";
@@ -78,17 +75,11 @@ public class DigestAuthenticationFilterTests {
 	 */
 	private static final String NONCE = generateNonce(60);
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	// private ApplicationContext ctx;
 	private DigestAuthenticationFilter filter;
 
 	private MockHttpServletRequest request;
 
-	// ~ Methods
-	// ========================================================================================================
-
 	private String createAuthorizationHeader(String username, String realm, String nonce, String uri,
 			String responseDigest, String qop, String nc, String cnonce) {
 		return "Digest username=\"" + username + "\", realm=\"" + realm + "\", nonce=\"" + nonce + "\", uri=\"" + uri
diff --git a/web/src/test/java/org/springframework/security/web/jaasapi/JaasApiIntegrationFilterTests.java b/web/src/test/java/org/springframework/security/web/jaasapi/JaasApiIntegrationFilterTests.java
index 6f1572445a..6dd353faf5 100644
--- a/web/src/test/java/org/springframework/security/web/jaasapi/JaasApiIntegrationFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/jaasapi/JaasApiIntegrationFilterTests.java
@@ -57,8 +57,6 @@ import org.springframework.security.core.context.SecurityContextHolder;
  */
 public class JaasApiIntegrationFilterTests {
 
-	// ~ Instance fields
-	// ================================================================================================
 	private JaasApiIntegrationFilter filter;
 
 	private MockHttpServletRequest request;
@@ -73,9 +71,6 @@ public class JaasApiIntegrationFilterTests {
 
 	private CallbackHandler callbackHandler;
 
-	// ~ Methods
-	// ========================================================================================================
-
 	@Before
 	public void onBeforeTests() throws Exception {
 		this.filter = new JaasApiIntegrationFilter();
@@ -193,9 +188,6 @@ public class JaasApiIntegrationFilterTests {
 		assertJaasSubjectEquals(new Subject());
 	}
 
-	// ~ Helper Methods
-	// ====================================================================================================
-
 	private void assertJaasSubjectEquals(final Subject expectedValue) throws Exception {
 		MockFilterChain chain = new MockFilterChain() {
 
diff --git a/web/src/test/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestFilterTests.java b/web/src/test/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestFilterTests.java
index 8c0ec8c93f..c491112085 100644
--- a/web/src/test/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestFilterTests.java
@@ -113,9 +113,6 @@ public class SecurityContextHolderAwareRequestFilterTests {
 		SecurityContextHolder.clearContext();
 	}
 
-	// ~ Methods
-	// ========================================================================================================
-
 	@Test
 	public void expectedRequestWrapperClassIsUsed() throws Exception {
 		this.filter.setRolePrefix("ROLE_");
diff --git a/web/src/test/java/org/springframework/security/web/session/HttpSessionEventPublisherTests.java b/web/src/test/java/org/springframework/security/web/session/HttpSessionEventPublisherTests.java
index 03336ec164..4f577f9d36 100644
--- a/web/src/test/java/org/springframework/security/web/session/HttpSessionEventPublisherTests.java
+++ b/web/src/test/java/org/springframework/security/web/session/HttpSessionEventPublisherTests.java
@@ -33,9 +33,6 @@ import org.springframework.web.context.support.StaticWebApplicationContext;
  */
 public class HttpSessionEventPublisherTests {
 
-	// ~ Methods
-	// ========================================================================================================
-
 	/**
 	 * It's not that complicated so we'll just run it straight through here.
 	 */
diff --git a/web/src/test/java/org/springframework/security/web/session/MockApplicationListener.java b/web/src/test/java/org/springframework/security/web/session/MockApplicationListener.java
index b9e97ede57..2996f80ee0 100644
--- a/web/src/test/java/org/springframework/security/web/session/MockApplicationListener.java
+++ b/web/src/test/java/org/springframework/security/web/session/MockApplicationListener.java
@@ -28,18 +28,12 @@ import org.springframework.security.web.session.HttpSessionDestroyedEvent;
  */
 public class MockApplicationListener implements ApplicationListener<ApplicationEvent> {
 
-	// ~ Instance fields
-	// ================================================================================================
-
 	private HttpSessionCreatedEvent createdEvent;
 
 	private HttpSessionDestroyedEvent destroyedEvent;
 
 	private HttpSessionIdChangedEvent sessionIdChangedEvent;
 
-	// ~ Methods
-	// ========================================================================================================
-
 	public HttpSessionCreatedEvent getCreatedEvent() {
 		return createdEvent;
 	}

From aea0fea5d93bc4922dec4eef1c08f4ca01a9125d Mon Sep 17 00:00:00 2001
From: Phillip Webb <pwebb@vmware.com>
Date: Fri, 24 Jul 2020 11:37:53 -0700
Subject: [PATCH 10/84] Add Spring Checkstyle with all checks disabled

Introduce checkstyle rules from spring-javaformat, but keep them
disabled so that fixes can be introduced one commit at a time.

Issue gh-8945
---
 build.gradle                               | 15 +++++-
 etc/checkstyle/checkstyle-suppressions.xml | 47 ++++++++++++++++++
 etc/checkstyle/checkstyle.xml              | 56 ++++------------------
 etc/checkstyle/header.txt                  | 16 -------
 etc/checkstyle/suppressions.xml            | 19 --------
 5 files changed, 69 insertions(+), 84 deletions(-)
 create mode 100644 etc/checkstyle/checkstyle-suppressions.xml
 delete mode 100644 etc/checkstyle/header.txt
 delete mode 100644 etc/checkstyle/suppressions.xml

diff --git a/build.gradle b/build.gradle
index 66c2497d07..fb65d2623f 100644
--- a/build.gradle
+++ b/build.gradle
@@ -42,9 +42,22 @@ subprojects {
 
 allprojects {
 	apply plugin: 'io.spring.javaformat'
+	apply plugin: 'checkstyle'
+
+	pluginManager.withPlugin("io.spring.convention.checkstyle", { plugin ->
+		configure(plugin) {
+			dependencies {
+				checkstyle "io.spring.javaformat:spring-javaformat-checkstyle:$springJavaformatVersion"
+			}
+			checkstyle {
+				toolVersion = '8.34'
+			}
+		}
+	})
+
 	if (project.name.contains('sample')) {
 		tasks.whenTaskAdded { task ->
-			if (task.name.contains('format') || task.name.contains('checkFormat')) {
+			if (task.name.contains('format') || task.name.contains('checkFormat') || task.name.contains("checkstyle")) {
 				task.enabled = false
 			}
 		}
diff --git a/etc/checkstyle/checkstyle-suppressions.xml b/etc/checkstyle/checkstyle-suppressions.xml
new file mode 100644
index 0000000000..ab8baf9d38
--- /dev/null
+++ b/etc/checkstyle/checkstyle-suppressions.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0"?>
+<!DOCTYPE suppressions PUBLIC
+		"-//Checkstyle//DTD SuppressionFilter Configuration 1.2//EN"
+		"https://checkstyle.org/dtds/suppressions_1_2.dtd">
+<suppressions>
+	<suppress files=".*" checks="AnnotationUseStyle" />
+	<suppress files=".*" checks="ArrayTypeStyle" />
+	<suppress files=".*" checks="AtclauseOrder" />
+	<suppress files=".*" checks="AvoidStarImport" />
+	<suppress files=".*" checks="EmptyBlock" />
+	<suppress files=".*" checks="FinalClass" />
+	<suppress files=".*" checks="InnerAssignment" />
+	<suppress files=".*" checks="InnerTypeLast" />
+	<suppress files=".*" checks="InterfaceIsType" />
+	<suppress files=".*" checks="JavadocMethod" />
+	<suppress files=".*" checks="JavadocStyle" />
+	<suppress files=".*" checks="JavadocTagContinuationIndentation" />
+	<suppress files=".*" checks="JavadocType" />
+	<suppress files=".*" checks="JavadocVariable" />
+	<suppress files=".*" checks="ModifierOrder" />
+	<suppress files=".*" checks="MultipleVariableDeclarations" />
+	<suppress files=".*" checks="MutableException" />
+	<suppress files=".*" checks="NeedBraces" />
+	<suppress files=".*" checks="NestedIfDepth" />
+	<suppress files=".*" checks="NewlineAtEndOfFile" />
+	<suppress files=".*" checks="NonEmptyAtclauseDescription" />
+	<suppress files=".*" checks="NoWhitespaceBefore" />
+	<suppress files=".*" checks="OneTopLevelClass" />
+	<suppress files=".*" checks="ParenPad" />
+	<suppress files=".*" checks="RedundantImport" />
+	<suppress files=".*" checks="RegexpSinglelineJava" />
+	<suppress files=".*" checks="RequireThis" />
+	<suppress files=".*" checks="SimplifyBooleanExpression" />
+	<suppress files=".*" checks="SimplifyBooleanReturn" />
+	<suppress files=".*" checks="SpringAvoidStaticImport" />
+	<suppress files=".*" checks="SpringCatch" />
+	<suppress files=".*" checks="SpringHeader" />
+	<suppress files=".*" checks="SpringHideUtilityClassConstructor" />
+	<suppress files=".*" checks="SpringImportOrder" />
+	<suppress files=".*" checks="SpringJavadoc" />
+	<suppress files=".*" checks="SpringLambda" />
+	<suppress files=".*" checks="SpringMethodOrder" />
+	<suppress files=".*" checks="SpringMethodVisibility" />
+	<suppress files=".*" checks="SpringTernary" />
+	<suppress files=".*" checks="WhitespaceAfter" />
+	<suppress files=".*" checks="WhitespaceAround" />
+</suppressions>
diff --git a/etc/checkstyle/checkstyle.xml b/etc/checkstyle/checkstyle.xml
index d7b392014d..deb31f3d5b 100644
--- a/etc/checkstyle/checkstyle.xml
+++ b/etc/checkstyle/checkstyle.xml
@@ -1,51 +1,11 @@
 <?xml version="1.0"?>
-<!DOCTYPE module PUBLIC "-//Puppy Crawl//DTD Check Configuration 1.3//EN"
-		"https://www.puppycrawl.com/dtds/configuration_1_3.dtd">
-<module name="Checker">
-	<!-- Suppressions -->
+<!DOCTYPE module PUBLIC
+		"-//Checkstyle//DTD Checkstyle Configuration 1.3//EN"
+		"https://checkstyle.org/dtds/configuration_1_3.dtd">
+<module name="com.puppycrawl.tools.checkstyle.Checker">
 	<module name="SuppressionFilter">
-		<property name="file" value="${config_loc}/suppressions.xml"/>
+		<property name="file"
+			value="${config_loc}/checkstyle-suppressions.xml" />
 	</module>
-
-	<!-- Root Checks -->
-	<module name="RegexpHeader">
-		<property name="headerFile" value="${config_loc}/header.txt"/>
-		<property name="fileExtensions" value="java"/>
-	</module>
-
-	<!-- Root Checks -->
-	<module name="TreeWalker">
-		<!-- Annotations -->
-		<module name="MissingOverrideCheck" />
-
-		<!-- Coding -->
-		<module name="EmptyStatementCheck" />
-		<module name="RedundantModifier" />
-
-		<!-- Imports -->
-		<module name="UnusedImportsCheck">
-			<property name="processJavadoc" value="true" />
-		</module>
-
-		<!-- Regexp -->
-		<module name="RegexpSinglelineJava">
-			<property name="format" value="^\t* +\t*\S"/>
-			<property name="message" value="Line has leading space characters; indentation should be performed with tabs only."/>
-			<property name="ignoreComments" value="true"/>
-		</module>
-		<module name="RegexpSinglelineJava">
-			<property name="maximum" value="0"/>
-			<property name="format" value="org\.junit\.Assert\.assert"/>
-			<property name="message" value="Please use AssertJ imports."/>
-			<property name="ignoreComments" value="true"/>
-		</module>
-		<module name="Regexp">
-			<property name="format" value="[ \t]+$"/>
-			<property name="illegalPattern" value="true"/>
-			<property name="message" value="Trailing whitespace"/>
-		</module>
-
-		<!-- Whitespace -->
-		<module name="WhitespaceAfterCheck" />
-	</module>
-</module>
+	<module name="io.spring.javaformat.checkstyle.SpringChecks" />
+</module>
\ No newline at end of file
diff --git a/etc/checkstyle/header.txt b/etc/checkstyle/header.txt
deleted file mode 100644
index 5e5d28b99f..0000000000
--- a/etc/checkstyle/header.txt
+++ /dev/null
@@ -1,16 +0,0 @@
-^\Q/*\E$
-^\Q * Copyright\E (\d{4}(\-\d{4})? the original author or authors\.|(\d{4}, )*(\d{4}) Acegi Technology Pty Limited)$
-^\Q *\E$
-^\Q * Licensed under the Apache License, Version 2.0 (the "License");\E$
-^\Q * you may not use this file except in compliance with the License.\E$
-^\Q * You may obtain a copy of the License at\E$
-^\Q *\E$
-^\Q *      https://www.apache.org/licenses/LICENSE-2.0\E$
-^\Q *\E$
-^\Q * Unless required by applicable law or agreed to in writing, software\E$
-^\Q * distributed under the License is distributed on an "AS IS" BASIS,\E$
-^\Q * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\E$
-^\Q * See the License for the specific language governing permissions and\E$
-^\Q * limitations under the License.\E$
-^\Q */\E$
-^.*$
diff --git a/etc/checkstyle/suppressions.xml b/etc/checkstyle/suppressions.xml
deleted file mode 100644
index 297f0624c9..0000000000
--- a/etc/checkstyle/suppressions.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<?xml version="1.0"?>
-<!DOCTYPE suppressions PUBLIC "-//Puppy Crawl//DTD Suppressions 1.1//EN"
-		"https://www.puppycrawl.com/dtds/suppressions_1_1.dtd">
-<suppressions>
-	<suppress files=".+Application\.java" checks="HideUtilityClassConstructor"/>
-	<suppress files=".+Configuration\.java" checks="HideUtilityClassConstructor"/>
-	<suppress files="[\\/]BCrypt(Tests)?\.java" checks="RegexpHeader"/>
-
-	<suppress files="[\\/]src[\\/]test[\\/]java[\\/]" checks="Javadoc"/>
-	<suppress files="[\\/]src[\\/]integration-test[\\/]java[\\/]" checks="Javadoc"/>
-
-	<suppress files="[\\/]docs[\\/]" checks="Javadoc"/>
-	<suppress files="[\\/]docs[\\/]" checks="CommentsIndentation"/>
-	<suppress files="[\\/]docs[\\/]" checks="InnerTypeLast"/>
-
-	<suppress files="[\\/]samples[\\/]" checks="Javadoc"/>
-	<suppress files="[\\/]samples[\\/]" checks="CommentsIndentation"/>
-	<suppress files="[\\/]samples[\\/]" checks="InnerTypeLast"/>
-</suppressions>

From 8142e4046f119c898de93a1c475de9c21db14fa6 Mon Sep 17 00:00:00 2001
From: Phillip Webb <pwebb@vmware.com>
Date: Fri, 24 Jul 2020 11:48:08 -0700
Subject: [PATCH 11/84] Use compact annotation style

Always use compact annotations when possible. For example, replace
`@Target(value = ElementType.TYPE)` with `@Target(ElementType.TYPE)`.

Issue gh-8945
---
 .../EnableGlobalAuthentication.java              |  6 ++++--
 .../EnableGlobalMethodSecurity.java              |  6 ++++--
 .../EnableReactiveMethodSecurity.java            | 16 +++++++++-------
 .../web/configuration/EnableWebSecurity.java     |  6 ++++--
 .../reactive/WebFluxSecurityConfiguration.java   |  2 +-
 .../configuration/EnableWebMvcSecurity.java      |  6 ++++--
 etc/checkstyle/checkstyle-suppressions.xml       |  1 -
 7 files changed, 26 insertions(+), 17 deletions(-)

diff --git a/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/EnableGlobalAuthentication.java b/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/EnableGlobalAuthentication.java
index 78f8b11757..4980e6459d 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/EnableGlobalAuthentication.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/EnableGlobalAuthentication.java
@@ -16,7 +16,9 @@
 package org.springframework.security.config.annotation.authentication.configuration;
 
 import java.lang.annotation.Documented;
+import java.lang.annotation.ElementType;
 import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
 import java.lang.annotation.Target;
 
 import org.springframework.context.annotation.Configuration;
@@ -81,8 +83,8 @@ import org.springframework.security.config.annotation.web.servlet.configuration.
  * @author Rob Winch
  *
  */
-@Retention(value = java.lang.annotation.RetentionPolicy.RUNTIME)
-@Target(value = { java.lang.annotation.ElementType.TYPE })
+@Retention(RetentionPolicy.RUNTIME)
+@Target(ElementType.TYPE)
 @Documented
 @Import(AuthenticationConfiguration.class)
 @Configuration
diff --git a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/EnableGlobalMethodSecurity.java b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/EnableGlobalMethodSecurity.java
index 61d4f33609..cbc6734f28 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/EnableGlobalMethodSecurity.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/EnableGlobalMethodSecurity.java
@@ -16,7 +16,9 @@
 package org.springframework.security.config.annotation.method.configuration;
 
 import java.lang.annotation.Documented;
+import java.lang.annotation.ElementType;
 import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
 import java.lang.annotation.Target;
 
 import org.springframework.context.annotation.AdviceMode;
@@ -41,8 +43,8 @@ import org.springframework.security.config.annotation.authentication.configurati
  * @author Rob Winch
  * @since 3.2
  */
-@Retention(value = java.lang.annotation.RetentionPolicy.RUNTIME)
-@Target(value = { java.lang.annotation.ElementType.TYPE })
+@Retention(RetentionPolicy.RUNTIME)
+@Target(ElementType.TYPE)
 @Documented
 @Import({ GlobalMethodSecuritySelector.class })
 @EnableGlobalAuthentication
diff --git a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/EnableReactiveMethodSecurity.java b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/EnableReactiveMethodSecurity.java
index 11fcf66e80..8e129695c4 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/EnableReactiveMethodSecurity.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/EnableReactiveMethodSecurity.java
@@ -16,24 +16,26 @@
 
 package org.springframework.security.config.annotation.method.configuration;
 
+import java.lang.annotation.Documented;
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
 import org.springframework.context.annotation.AdviceMode;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Import;
 import org.springframework.core.Ordered;
 
-import java.lang.annotation.Documented;
-import java.lang.annotation.Retention;
-import java.lang.annotation.Target;
-
 /**
  *
  * @author Rob Winch
  * @since 5.0
  */
-@Retention(value = java.lang.annotation.RetentionPolicy.RUNTIME)
-@Target(value = { java.lang.annotation.ElementType.TYPE })
+@Retention(RetentionPolicy.RUNTIME)
+@Target(ElementType.TYPE)
 @Documented
-@Import({ ReactiveMethodSecuritySelector.class })
+@Import(ReactiveMethodSecuritySelector.class)
 @Configuration
 public @interface EnableReactiveMethodSecurity {
 
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/EnableWebSecurity.java b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/EnableWebSecurity.java
index 217ae581a3..679273093a 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/EnableWebSecurity.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/EnableWebSecurity.java
@@ -16,7 +16,9 @@
 package org.springframework.security.config.annotation.web.configuration;
 
 import java.lang.annotation.Documented;
+import java.lang.annotation.ElementType;
 import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
 import java.lang.annotation.Target;
 
 import org.springframework.context.annotation.Configuration;
@@ -69,8 +71,8 @@ import org.springframework.security.config.annotation.web.WebSecurityConfigurer;
  * @author Rob Winch
  * @since 3.2
  */
-@Retention(value = java.lang.annotation.RetentionPolicy.RUNTIME)
-@Target(value = { java.lang.annotation.ElementType.TYPE })
+@Retention(RetentionPolicy.RUNTIME)
+@Target(ElementType.TYPE)
 @Documented
 @Import({ WebSecurityConfiguration.class, SpringWebMvcImportSelector.class, OAuth2ImportSelector.class,
 		HttpSecurityConfiguration.class })
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/reactive/WebFluxSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/web/reactive/WebFluxSecurityConfiguration.java
index 559c38d578..39e160f19b 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/reactive/WebFluxSecurityConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/reactive/WebFluxSecurityConfiguration.java
@@ -64,7 +64,7 @@ class WebFluxSecurityConfiguration {
 	}
 
 	@Bean(SPRING_SECURITY_WEBFILTERCHAINFILTER_BEAN_NAME)
-	@Order(value = WEB_FILTER_CHAIN_FILTER_ORDER)
+	@Order(WEB_FILTER_CHAIN_FILTER_ORDER)
 	public WebFilterChainProxy springSecurityWebFilterChainFilter() {
 		return new WebFilterChainProxy(getSecurityWebFilterChains());
 	}
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/servlet/configuration/EnableWebMvcSecurity.java b/config/src/main/java/org/springframework/security/config/annotation/web/servlet/configuration/EnableWebMvcSecurity.java
index 3c0d11f58c..a6db2a84d8 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/servlet/configuration/EnableWebMvcSecurity.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/servlet/configuration/EnableWebMvcSecurity.java
@@ -16,7 +16,9 @@
 package org.springframework.security.config.annotation.web.servlet.configuration;
 
 import java.lang.annotation.Documented;
+import java.lang.annotation.ElementType;
 import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
 import java.lang.annotation.Target;
 
 import org.springframework.context.annotation.Configuration;
@@ -31,8 +33,8 @@ import org.springframework.security.config.annotation.authentication.configurati
  * @author Rob Winch
  * @since 3.2
  */
-@Retention(value = java.lang.annotation.RetentionPolicy.RUNTIME)
-@Target(value = { java.lang.annotation.ElementType.TYPE })
+@Retention(RetentionPolicy.RUNTIME)
+@Target(ElementType.TYPE)
 @Documented
 @Import(WebMvcSecurityConfiguration.class)
 @EnableGlobalAuthentication
diff --git a/etc/checkstyle/checkstyle-suppressions.xml b/etc/checkstyle/checkstyle-suppressions.xml
index ab8baf9d38..372ce7c509 100644
--- a/etc/checkstyle/checkstyle-suppressions.xml
+++ b/etc/checkstyle/checkstyle-suppressions.xml
@@ -3,7 +3,6 @@
 		"-//Checkstyle//DTD SuppressionFilter Configuration 1.2//EN"
 		"https://checkstyle.org/dtds/suppressions_1_2.dtd">
 <suppressions>
-	<suppress files=".*" checks="AnnotationUseStyle" />
 	<suppress files=".*" checks="ArrayTypeStyle" />
 	<suppress files=".*" checks="AtclauseOrder" />
 	<suppress files=".*" checks="AvoidStarImport" />

From 863c0873dd1f805763b25ce0d3e40b623c0ee4c7 Mon Sep 17 00:00:00 2001
From: Phillip Webb <pwebb@vmware.com>
Date: Fri, 24 Jul 2020 13:35:18 -0700
Subject: [PATCH 12/84] Suppress third-party code from checkstyle

Suppress `BCrypt` and `ComparableVersion` from checkstyle since these
source files were developed by a third-party.

Issue gh-8945
---
 etc/checkstyle/checkstyle-suppressions.xml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/etc/checkstyle/checkstyle-suppressions.xml b/etc/checkstyle/checkstyle-suppressions.xml
index 372ce7c509..588c427331 100644
--- a/etc/checkstyle/checkstyle-suppressions.xml
+++ b/etc/checkstyle/checkstyle-suppressions.xml
@@ -43,4 +43,8 @@
 	<suppress files=".*" checks="SpringTernary" />
 	<suppress files=".*" checks="WhitespaceAfter" />
 	<suppress files=".*" checks="WhitespaceAround" />
+
+	<!-- Ignore third-party code -->
+	<suppress files="BCrypt\.java|BCryptTests\.java" checks=".*"/>
+	<suppress files="org[\\/]springframework[\\/]security[\\/]core[\\/]ComparableVersion\.java" checks=".*"/>
 </suppressions>

From 7f0653fa34c20c801ca4d79729a1535d5e21f05e Mon Sep 17 00:00:00 2001
From: Phillip Webb <pwebb@vmware.com>
Date: Fri, 24 Jul 2020 13:36:04 -0700
Subject: [PATCH 13/84] Remove array style checkstyle suppression

Remove the array style rules suppression since it doesn't cause any
checkstyle violations.

Issue gh-8945
---
 etc/checkstyle/checkstyle-suppressions.xml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/etc/checkstyle/checkstyle-suppressions.xml b/etc/checkstyle/checkstyle-suppressions.xml
index 588c427331..d530979445 100644
--- a/etc/checkstyle/checkstyle-suppressions.xml
+++ b/etc/checkstyle/checkstyle-suppressions.xml
@@ -3,7 +3,6 @@
 		"-//Checkstyle//DTD SuppressionFilter Configuration 1.2//EN"
 		"https://checkstyle.org/dtds/suppressions_1_2.dtd">
 <suppressions>
-	<suppress files=".*" checks="ArrayTypeStyle" />
 	<suppress files=".*" checks="AtclauseOrder" />
 	<suppress files=".*" checks="AvoidStarImport" />
 	<suppress files=".*" checks="EmptyBlock" />

From 5f64f53c3f931ae98e93c58648fa4afb057d369e Mon Sep 17 00:00:00 2001
From: Phillip Webb <pwebb@vmware.com>
Date: Fri, 24 Jul 2020 15:03:32 -0700
Subject: [PATCH 14/84] Use consistent "@" tag order in Javadoc

Ensure that Javadoc "@" tags appear in a consistent and well defined
order.

Issue gh-8945
---
 .../cas/jackson2/CasJackson2Module.java       |   3 +-
 .../cas/web/CasAuthenticationFilter.java      |   2 +-
 .../AbstractConfiguredSecurityBuilder.java    |   4 +-
 .../config/annotation/SecurityBuilder.java    |   2 +-
 .../config/annotation/SecurityConfigurer.java |   4 +-
 .../annotation/SecurityConfigurerAdapter.java |   4 +-
 .../ProviderManagerBuilder.java               |   2 +-
 .../AbstractDaoAuthenticationConfigurer.java  |   5 +-
 .../DaoAuthenticationConfigurer.java          |   5 +-
 .../UserDetailsAwareConfigurer.java           |   2 +-
 .../UserDetailsServiceConfigurer.java         |   4 +-
 .../annotation/rsocket/RSocketSecurity.java   |   2 +-
 .../annotation/web/HttpSecurityBuilder.java   |   2 +-
 .../annotation/web/WebSecurityConfigurer.java |   4 +-
 .../annotation/web/builders/HttpSecurity.java |  68 ++++-----
 .../annotation/web/builders/WebSecurity.java  |   4 +-
 ...bstractAuthenticationFilterConfigurer.java |   4 +-
 ...ConfigAttributeRequestMatcherRegistry.java |   2 +-
 .../web/configurers/CsrfConfigurer.java       |   9 +-
 .../DefaultLoginPageConfigurer.java           |   2 +-
 .../web/configurers/HeadersConfigurer.java    |  26 ++--
 .../web/configurers/LogoutConfigurer.java     |   8 +-
 .../SessionManagementConfigurer.java          |   2 +-
 .../oauth2/client/OAuth2LoginConfigurer.java  |   6 +-
 .../openid/OpenIDLoginConfigurer.java         |   2 +-
 ...MessageSecurityMetadataSourceRegistry.java |   4 +-
 .../web/reactive/EnableWebFluxSecurity.java   |   6 +-
 .../http/AuthenticationConfigBuilder.java     |   6 +-
 ...th2ResourceServerBeanDefinitionParser.java |   2 +-
 .../ContextSourceSettingPostProcessor.java    |   8 +-
 .../config/web/server/ServerHttpSecurity.java |  82 ++++++-----
 ...mpleWebSecurityConfigurerAdapterTests.java | 134 +++++++++---------
 .../web/builders/NamespaceHttpTests.java      |   4 +-
 .../NamespaceHttpAnonymousTests.java          |   2 +-
 .../configurers/NamespaceHttpBasicTests.java  |   2 +-
 .../NamespaceHttpCustomFilterTests.java       |   3 +-
 .../NamespaceHttpExpressionHandlerTests.java  |   2 +-
 .../NamespaceHttpFirewallTests.java           |   3 +-
 .../NamespaceHttpFormLoginTests.java          |   2 +-
 .../NamespaceHttpHeadersTests.java            |   2 +-
 .../NamespaceHttpInterceptUrlTests.java       |   3 +-
 .../configurers/NamespaceHttpJeeTests.java    |   2 +-
 .../configurers/NamespaceHttpLogoutTests.java |   2 +-
 .../NamespaceHttpOpenIDLoginTests.java        |   3 +-
 .../NamespaceHttpPortMappingsTests.java       |   3 +-
 .../NamespaceHttpRequestCacheTests.java       |   3 +-
 ...aceHttpServerAccessDeniedHandlerTests.java |   4 +-
 .../configurers/NamespaceHttpX509Tests.java   |   4 +-
 .../configurers/NamespaceRememberMeTests.java |   2 +-
 ...ePostAnnotationSecurityMetadataSource.java |  24 ++--
 .../jaas/JaasAuthenticationProvider.java      |   3 +-
 ...enticatedReactiveAuthorizationManager.java |  10 +-
 ...AuthorityReactiveAuthorizationManager.java |  11 +-
 .../ReactiveAuthorizationManager.java         |   6 +-
 .../security/core/ComparableVersion.java      |  34 ++---
 .../AnnotationParameterNameDiscoverer.java    |   8 +-
 ...efaultSecurityParameterNameDiscoverer.java |   3 +-
 .../core/session/SessionRegistryImpl.java     |  69 +++++----
 .../security/core/userdetails/UserCache.java  |   2 +-
 .../core/userdetails/UserDetails.java         |   8 +-
 .../core/userdetails/UserDetailsService.java  |   2 +-
 .../UnmodifiableListDeserializer.java         |  12 +-
 .../jackson2/UnmodifiableSetDeserializer.java |  12 +-
 .../security/jackson2/UserDeserializer.java   |   9 +-
 ...sswordAuthenticationTokenDeserializer.java |   2 +-
 .../sec2150/MethodInvocationFactory.java      |   2 +-
 .../security/crypto/codec/Base64.java         |   6 +-
 .../security/crypto/encrypt/Encryptors.java   |   3 +-
 .../password/DelegatingPasswordEncoder.java   |   4 +-
 .../bcrypt/BCryptPasswordEncoderTests.java    |   4 +-
 .../SecurityEvaluationContextExtension.java   |   3 +-
 etc/checkstyle/checkstyle-suppressions.xml    |   1 -
 ...faultMessageSecurityExpressionHandler.java |   2 +-
 ...dMessageSecurityMetadataSourceFactory.java |   2 +-
 .../expression/MessageExpressionVoter.java    |   2 +-
 .../MessageSecurityExpressionRoot.java        |   2 +-
 .../intercept/ChannelSecurityInterceptor.java |   2 +-
 .../DefaultMessageSecurityMetadataSource.java |   4 +-
 .../MessageSecurityMetadataSource.java        |   4 +-
 .../SecurityContextChannelInterceptor.java    |   2 +-
 .../util/matcher/MessageMatcher.java          |   2 +-
 .../SimpDestinationMessageMatcher.java        |   2 +-
 .../util/matcher/SimpMessageTypeMatcher.java  |   2 +-
 ...tServiceOAuth2AuthorizedClientManager.java |   2 +-
 ...ReactiveOAuth2AuthorizedClientManager.java |   4 +-
 ...InMemoryOAuth2AuthorizedClientService.java |   3 +-
 .../oauth2/client/OAuth2AuthorizeRequest.java |   3 +-
 .../oauth2/client/OAuth2AuthorizedClient.java |   3 +-
 .../OAuth2LoginAuthenticationToken.java       |   3 +-
 ...th2LoginReactiveAuthenticationManager.java |   3 +-
 ...activeOAuth2AccessTokenResponseClient.java |   2 +-
 .../http/OAuth2ErrorResponseErrorHandler.java |   4 +-
 ...thorizationCodeAuthenticationProvider.java |   3 +-
 ...tionCodeReactiveAuthenticationManager.java |   6 +-
 .../authentication/OidcIdTokenValidator.java  |   6 +-
 .../OidcReactiveOAuth2UserService.java        |   6 +-
 .../client/oidc/userinfo/OidcUserRequest.java |   3 +-
 .../client/oidc/userinfo/OidcUserService.java |  12 +-
 .../registration/ClientRegistration.java      |  24 ++--
 .../InMemoryClientRegistrationRepository.java |   3 +-
 .../CustomUserTypesOAuth2UserService.java     |   6 +-
 .../userinfo/DefaultOAuth2UserService.java    |   6 +-
 .../userinfo/DelegatingOAuth2UserService.java |   4 +-
 .../client/userinfo/OAuth2UserRequest.java    |   6 +-
 .../web/AuthorizationRequestRepository.java   |   5 +-
 ...ultOAuth2AuthorizationRequestResolver.java |   3 +-
 .../DefaultOAuth2AuthorizedClientManager.java |   2 +-
 ...ReactiveOAuth2AuthorizedClientManager.java |   2 +-
 .../OAuth2AuthorizationCodeGrantFilter.java   |   3 +-
 ...th2AuthorizationRequestRedirectFilter.java |   3 +-
 .../web/OAuth2LoginAuthenticationFilter.java  |   3 +-
 ...Auth2AuthorizedClientArgumentResolver.java |   3 +-
 ...uthorizedClientExchangeFilterFunction.java |   7 +-
 ...uthorizedClientExchangeFilterFunction.java |   5 +-
 ...Auth2AuthorizedClientArgumentResolver.java |   3 +-
 ...verOAuth2AuthorizationRequestResolver.java |   3 +-
 ...OAuth2AuthorizationCodeGrantWebFilter.java |   6 +-
 .../ServerAuthorizationRequestRepository.java |   2 +-
 .../endpoint/OAuth2AccessTokenResponse.java   |   3 +-
 .../endpoint/OAuth2AuthorizationRequest.java  |  34 ++---
 ...cessTokenResponseHttpMessageConverter.java |   4 +-
 .../OAuth2ErrorHttpMessageConverter.java      |   4 +-
 .../core/oidc/IdTokenClaimAccessor.java       |   4 +-
 .../core/oidc/StandardClaimAccessor.java      |   4 +-
 .../oauth2/core/user/DefaultOAuth2User.java   |   2 +-
 .../oauth2/jwt/JwtValidationException.java    |   2 +-
 .../jwt/NimbusJwtDecoderJwkSupport.java       |   3 +-
 .../BearerTokenAuthenticationEntryPoint.java  |   2 +-
 ...erTokenServerAuthenticationEntryPoint.java |   2 +-
 .../AuthenticationCancelledException.java     |   2 +-
 .../security/openid/AxFetchListFactory.java   |   4 +-
 .../openid/NullAxFetchListFactory.java        |   4 +-
 .../security/openid/OpenIDAttribute.java      |   4 +-
 .../openid/OpenIDAuthenticationFilter.java    |   8 +-
 .../openid/OpenIDAuthenticationProvider.java  |   4 +-
 .../openid/OpenIDAuthenticationStatus.java    |   6 +-
 .../openid/OpenIDAuthenticationToken.java     |   2 +-
 .../security/openid/OpenIDConsumer.java       |   4 +-
 .../openid/OpenIDConsumerException.java       |   2 +-
 .../openid/RegexBasedAxFetchListFactory.java  |   4 +-
 .../security/openid/MockOpenIDConsumer.java   |   2 +-
 .../openid/OpenID4JavaConsumerTests.java      |   2 +-
 .../OpenIDAuthenticationProviderTests.java    |   2 +-
 .../saml2/core/Saml2X509Credential.java       |   4 +-
 .../credentials/Saml2X509Credential.java      |   2 +-
 .../AbstractSaml2AuthenticationRequest.java   |   2 +-
 .../Saml2AuthenticationRequest.java           |   2 +-
 .../Saml2AuthenticationRequestContext.java    |   4 +-
 .../Saml2AuthenticationToken.java             |  14 +-
 .../Saml2PostAuthenticationRequest.java       |   2 +-
 .../Saml2RedirectAuthenticationRequest.java   |   2 +-
 .../RelyingPartyRegistration.java             |  12 +-
 .../RelyingPartyRegistrationRepository.java   |   2 +-
 ...aml2WebSsoAuthenticationRequestFilter.java |   2 +-
 ...faultRelyingPartyRegistrationResolver.java |   2 +-
 .../taglibs/authz/JspAuthorizeTag.java        |   2 +-
 .../taglibs/csrf/AbstractCsrfTag.java         |   2 +-
 .../security/taglibs/csrf/CsrfInputTag.java   |   2 +-
 .../taglibs/csrf/CsrfMetaTagsTag.java         |   2 +-
 ...thAnonymousUserSecurityContextFactory.java |   3 +-
 .../support/WithSecurityContextFactory.java   |   4 +-
 ...WithUserDetailsSecurityContextFactory.java |   3 +-
 .../SecurityMockMvcRequestPostProcessors.java |   6 +-
 .../setup/SecurityMockMvcConfigurers.java     |   2 +-
 .../security/web/FilterChainProxy.java        |   3 +-
 .../security/web/WebAttributes.java           |   2 +-
 .../EvaluationContextPostProcessor.java       |   2 +-
 .../Http403ForbiddenEntryPoint.java           |   2 +-
 .../logout/CookieClearingLogoutHandler.java   |   2 +-
 .../logout/HeaderWriterLogoutHandler.java     |   2 +-
 .../rememberme/PersistentTokenRepository.java |   4 +-
 ...tSessionControlAuthenticationStrategy.java |   2 +-
 ...RegisterSessionAuthenticationStrategy.java |   2 +-
 .../HttpSessionSecurityContextRepository.java |   5 +-
 .../SecurityWebApplicationContextUtils.java   |   2 +-
 .../web/csrf/CookieCsrfTokenRepository.java   |   6 +-
 .../security/web/csrf/CsrfToken.java          |   2 +-
 .../web/csrf/CsrfTokenRepository.java         |   3 +-
 .../web/firewall/StrictHttpFirewall.java      |  10 +-
 .../security/web/header/HeaderWriter.java     |   2 +-
 .../writers/ClearSiteDataHeaderWriter.java    |   2 +-
 .../web/jackson2/CookieDeserializer.java      |   2 +-
 ...icatedAuthenticationTokenDeserializer.java |   2 +-
 .../web/jackson2/WebJackson2Module.java       |   2 +-
 .../jackson2/WebServletJackson2Module.java    |   2 +-
 .../authentication/SwitchUserWebFilter.java   |   2 +-
 .../csrf/ServerCsrfTokenRepository.java       |   2 +-
 .../jackson2/WebServerJackson2Module.java     |   2 +-
 .../HttpServlet3RequestFactory.java           |   2 +-
 ...urityContextHolderAwareRequestWrapper.java |   2 +-
 .../web/util/OnCommittedResponseWrapper.java  |   2 +-
 .../security/web/util/ThrowableAnalyzer.java  |   2 +-
 .../HeaderWriterLogoutHandlerTests.java       |   2 +-
 .../security/web/csrf/CsrfFilterTests.java    |   2 +-
 .../ClearSiteDataHeaderWriterTests.java       |   2 +-
 195 files changed, 556 insertions(+), 607 deletions(-)

diff --git a/cas/src/main/java/org/springframework/security/cas/jackson2/CasJackson2Module.java b/cas/src/main/java/org/springframework/security/cas/jackson2/CasJackson2Module.java
index 2042e967fa..34f19ca10a 100644
--- a/cas/src/main/java/org/springframework/security/cas/jackson2/CasJackson2Module.java
+++ b/cas/src/main/java/org/springframework/security/cas/jackson2/CasJackson2Module.java
@@ -20,6 +20,7 @@ import com.fasterxml.jackson.core.Version;
 import com.fasterxml.jackson.databind.module.SimpleModule;
 import org.jasig.cas.client.authentication.AttributePrincipalImpl;
 import org.jasig.cas.client.validation.AssertionImpl;
+
 import org.springframework.security.cas.authentication.CasAuthenticationToken;
 import org.springframework.security.jackson2.SecurityJackson2Modules;
 
@@ -37,8 +38,8 @@ import org.springframework.security.jackson2.SecurityJackson2Modules;
  * of all security modules on the classpath.</b>
  *
  * @author Jitendra Singh.
- * @see org.springframework.security.jackson2.SecurityJackson2Modules
  * @since 4.2
+ * @see org.springframework.security.jackson2.SecurityJackson2Modules
  */
 public class CasJackson2Module extends SimpleModule {
 
diff --git a/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationFilter.java b/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationFilter.java
index 674cd47f49..36532203ec 100644
--- a/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationFilter.java
+++ b/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationFilter.java
@@ -381,7 +381,7 @@ public class CasAuthenticationFilter extends AbstractAuthenticationProcessingFil
 	/**
 	 * A wrapper for the AuthenticationFailureHandler that will flex the
 	 * {@link AuthenticationFailureHandler} that is used. The value
-	 * {@link CasAuthenticationFilter#setProxyAuthenticationFailureHandler(AuthenticationFailureHandler)
+	 * {@link CasAuthenticationFilter#setProxyAuthenticationFailureHandler(AuthenticationFailureHandler)}
 	 * will be used for proxy requests that fail. The value
 	 * {@link CasAuthenticationFilter#setAuthenticationFailureHandler(AuthenticationFailureHandler)}
 	 * will be used for service tickets that fail.
diff --git a/config/src/main/java/org/springframework/security/config/annotation/AbstractConfiguredSecurityBuilder.java b/config/src/main/java/org/springframework/security/config/annotation/AbstractConfiguredSecurityBuilder.java
index 5e9b198ffc..a1e2e854fe 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/AbstractConfiguredSecurityBuilder.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/AbstractConfiguredSecurityBuilder.java
@@ -44,10 +44,10 @@ import org.springframework.web.filter.DelegatingFilterProxy;
  * filters necessary for session management, form based login, authorization, etc.
  * </p>
  *
- * @see WebSecurity
- * @author Rob Winch
  * @param <O> The object that this builder returns
  * @param <B> The type of this builder (that is returned by the base class)
+ * @author Rob Winch
+ * @see WebSecurity
  */
 public abstract class AbstractConfiguredSecurityBuilder<O, B extends SecurityBuilder<O>>
 		extends AbstractSecurityBuilder<O> {
diff --git a/config/src/main/java/org/springframework/security/config/annotation/SecurityBuilder.java b/config/src/main/java/org/springframework/security/config/annotation/SecurityBuilder.java
index 3340250675..4106ece615 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/SecurityBuilder.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/SecurityBuilder.java
@@ -18,9 +18,9 @@ package org.springframework.security.config.annotation;
 /**
  * Interface for building an Object
  *
+ * @param <O> The type of the Object being built
  * @author Rob Winch
  * @since 3.2
- * @param <O> The type of the Object being built
  */
 public interface SecurityBuilder<O> {
 
diff --git a/config/src/main/java/org/springframework/security/config/annotation/SecurityConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/SecurityConfigurer.java
index 13564216ea..cf6571362e 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/SecurityConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/SecurityConfigurer.java
@@ -21,11 +21,11 @@ package org.springframework.security.config.annotation;
  * {@link #init(SecurityBuilder)} methods have been invoked, each
  * {@link #configure(SecurityBuilder)} method is invoked.
  *
- * @see AbstractConfiguredSecurityBuilder
- * @author Rob Winch
  * @param <O> The object being built by the {@link SecurityBuilder} B
  * @param <B> The {@link SecurityBuilder} that builds objects of type O. This is also the
  * {@link SecurityBuilder} that is being configured.
+ * @author Rob Winch
+ * @see AbstractConfiguredSecurityBuilder
  */
 public interface SecurityConfigurer<O, B extends SecurityBuilder<O>> {
 
diff --git a/config/src/main/java/org/springframework/security/config/annotation/SecurityConfigurerAdapter.java b/config/src/main/java/org/springframework/security/config/annotation/SecurityConfigurerAdapter.java
index 87e0876002..ec8f0e290c 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/SecurityConfigurerAdapter.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/SecurityConfigurerAdapter.java
@@ -27,11 +27,11 @@ import org.springframework.core.annotation.AnnotationAwareOrderComparator;
  * {@link SecurityConfigurer} and when done gaining access to the {@link SecurityBuilder}
  * that is being configured.
  *
- * @author Rob Winch
- * @author Wallace Wadge
  * @param <O> The Object being built by B
  * @param <B> The Builder that is building O and is configured by
  * {@link SecurityConfigurerAdapter}
+ * @author Rob Winch
+ * @author Wallace Wadge
  */
 public abstract class SecurityConfigurerAdapter<O, B extends SecurityBuilder<O>> implements SecurityConfigurer<O, B> {
 
diff --git a/config/src/main/java/org/springframework/security/config/annotation/authentication/ProviderManagerBuilder.java b/config/src/main/java/org/springframework/security/config/annotation/authentication/ProviderManagerBuilder.java
index 6240d764c0..70bcb26c60 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/authentication/ProviderManagerBuilder.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/authentication/ProviderManagerBuilder.java
@@ -23,8 +23,8 @@ import org.springframework.security.config.annotation.SecurityBuilder;
 /**
  * Interface for operating on a SecurityBuilder that creates a {@link ProviderManager}
  *
- * @author Rob Winch
  * @param <B> the type of the {@link SecurityBuilder}
+ * @author Rob Winch
  */
 public interface ProviderManagerBuilder<B extends ProviderManagerBuilder<B>>
 		extends SecurityBuilder<AuthenticationManager> {
diff --git a/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/userdetails/AbstractDaoAuthenticationConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/userdetails/AbstractDaoAuthenticationConfigurer.java
index ebc2fa8e36..7e6f8e705b 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/userdetails/AbstractDaoAuthenticationConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/userdetails/AbstractDaoAuthenticationConfigurer.java
@@ -26,12 +26,11 @@ import org.springframework.security.core.userdetails.UserDetailsPasswordService;
 /**
  * Allows configuring a {@link DaoAuthenticationProvider}
  *
- * @author Rob Winch
- * @since 3.2
  * @param <B> the type of the {@link SecurityBuilder}
  * @param <C> the type of {@link AbstractDaoAuthenticationConfigurer} this is
  * @param <U> The type of {@link UserDetailsService} that is being used
- *
+ * @author Rob Winch
+ * @since 3.2
  */
 abstract class AbstractDaoAuthenticationConfigurer<B extends ProviderManagerBuilder<B>, C extends AbstractDaoAuthenticationConfigurer<B, C, U>, U extends UserDetailsService>
 		extends UserDetailsAwareConfigurer<B, U> {
diff --git a/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/userdetails/DaoAuthenticationConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/userdetails/DaoAuthenticationConfigurer.java
index 0a29a8b057..c83358c685 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/userdetails/DaoAuthenticationConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/userdetails/DaoAuthenticationConfigurer.java
@@ -22,11 +22,10 @@ import org.springframework.security.core.userdetails.UserDetailsService;
 /**
  * Allows configuring a {@link DaoAuthenticationProvider}
  *
- * @author Rob Winch
- * @since 3.2
  * @param <B> The type of {@link ProviderManagerBuilder} this is
  * @param <U> The type of {@link UserDetailsService} that is being used
- *
+ * @author Rob Winch
+ * @since 3.2
  */
 public class DaoAuthenticationConfigurer<B extends ProviderManagerBuilder<B>, U extends UserDetailsService>
 		extends AbstractDaoAuthenticationConfigurer<B, DaoAuthenticationConfigurer<B, U>, U> {
diff --git a/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/userdetails/UserDetailsAwareConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/userdetails/UserDetailsAwareConfigurer.java
index ee2dc6eac4..b5ff1099d5 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/userdetails/UserDetailsAwareConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/userdetails/UserDetailsAwareConfigurer.java
@@ -25,9 +25,9 @@ import org.springframework.security.core.userdetails.UserDetailsService;
  * Base class that allows access to the {@link UserDetailsService} for using as a default
  * value with {@link AuthenticationManagerBuilder}.
  *
- * @author Rob Winch
  * @param <B> the type of the {@link ProviderManagerBuilder}
  * @param <U> the type of {@link UserDetailsService}
+ * @author Rob Winch
  */
 public abstract class UserDetailsAwareConfigurer<B extends ProviderManagerBuilder<B>, U extends UserDetailsService>
 		extends SecurityConfigurerAdapter<AuthenticationManager, B> {
diff --git a/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/userdetails/UserDetailsServiceConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/userdetails/UserDetailsServiceConfigurer.java
index a5dbdd7a56..553a64fdd1 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/userdetails/UserDetailsServiceConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/userdetails/UserDetailsServiceConfigurer.java
@@ -23,12 +23,12 @@ import org.springframework.security.core.userdetails.UserDetailsService;
  * Allows configuring a {@link UserDetailsService} within a
  * {@link AuthenticationManagerBuilder}.
  *
- * @author Rob Winch
- * @since 3.2
  * @param <B> the type of the {@link ProviderManagerBuilder}
  * @param <C> the {@link UserDetailsServiceConfigurer} (or this)
  * @param <U> the type of UserDetailsService being used to allow for returning the
  * concrete UserDetailsService.
+ * @author Rob Winch
+ * @since 3.2
  */
 public class UserDetailsServiceConfigurer<B extends ProviderManagerBuilder<B>, C extends UserDetailsServiceConfigurer<B, C, U>, U extends UserDetailsService>
 		extends AbstractDaoAuthenticationConfigurer<B, C, U> {
diff --git a/config/src/main/java/org/springframework/security/config/annotation/rsocket/RSocketSecurity.java b/config/src/main/java/org/springframework/security/config/annotation/rsocket/RSocketSecurity.java
index 1428f0015a..8513649230 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/rsocket/RSocketSecurity.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/rsocket/RSocketSecurity.java
@@ -195,7 +195,7 @@ public class RSocketSecurity {
 	/**
 	 * Adds authentication with BasicAuthenticationPayloadExchangeConverter.
 	 * @param basic
-	 * @return
+	 * @return this instance
 	 * @deprecated Use {@link #simpleAuthentication(Customizer)}
 	 */
 	@Deprecated
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/HttpSecurityBuilder.java b/config/src/main/java/org/springframework/security/config/annotation/web/HttpSecurityBuilder.java
index 61d69ad820..239a73b898 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/HttpSecurityBuilder.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/HttpSecurityBuilder.java
@@ -44,8 +44,8 @@ import org.springframework.security.web.session.ConcurrentSessionFilter;
 import org.springframework.security.web.session.SessionManagementFilter;
 
 /**
- * @author Rob Winch
  * @param <H>
+ * @author Rob Winch
  */
 public interface HttpSecurityBuilder<H extends HttpSecurityBuilder<H>>
 		extends SecurityBuilder<DefaultSecurityFilterChain> {
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/WebSecurityConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/WebSecurityConfigurer.java
index 68da8c63e9..0ca9ed31f4 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/WebSecurityConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/WebSecurityConfigurer.java
@@ -32,10 +32,10 @@ import org.springframework.security.web.SecurityFilterChain;
  * will automatically be applied to the {@link WebSecurity} by the
  * {@link EnableWebSecurity} annotation.
  *
- * @see WebSecurityConfigurerAdapter
- * @see SecurityFilterChain
  * @author Rob Winch
  * @since 3.2
+ * @see WebSecurityConfigurerAdapter
+ * @see SecurityFilterChain
  */
 public interface WebSecurityConfigurer<T extends SecurityBuilder<Filter>> extends SecurityConfigurer<Filter, T> {
 
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java b/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java
index e082f1fb57..97e34b6fed 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java
@@ -231,11 +231,11 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * }
 	 * </pre>
 	 * @return the {@link OpenIDLoginConfigurer} for further customizations.
+	 * @throws Exception
 	 * @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are
 	 * <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to
 	 * migrate</a> to <a href="https://openid.net/connect/">OpenID Connect</a>, which is
 	 * supported by <code>spring-security-oauth2</code>.
-	 * @throws Exception
 	 * @see OpenIDLoginConfigurer
 	 */
 	public OpenIDLoginConfigurer<HttpSecurity> openidLogin() throws Exception {
@@ -351,16 +351,15 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * 	}
 	 * }
 	 * </pre>
-	 *
-	 * @see OpenIDLoginConfigurer
 	 * @param openidLoginCustomizer the {@link Customizer} to provide more options for the
 	 * {@link OpenIDLoginConfigurer}
+	 * @return the {@link HttpSecurity} for further customizations
+	 * @throws Exception
 	 * @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are
 	 * <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to
 	 * migrate</a> to <a href="https://openid.net/connect/">OpenID Connect</a>, which is
 	 * supported by <code>spring-security-oauth2</code>.
-	 * @return the {@link HttpSecurity} for further customizations
-	 * @throws Exception
+	 * @see OpenIDLoginConfigurer
 	 */
 	public HttpSecurity openidLogin(Customizer<OpenIDLoginConfigurer<HttpSecurity>> openidLoginCustomizer)
 			throws Exception {
@@ -797,12 +796,11 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * 	}
 	 * }
 	 * </pre>
-	 *
-	 * @see #requiresChannel()
 	 * @param portMapperCustomizer the {@link Customizer} to provide more options for the
 	 * {@link PortMapperConfigurer}
 	 * @return the {@link HttpSecurity} for further customizations
 	 * @throws Exception
+	 * @see #requiresChannel()
 	 */
 	public HttpSecurity portMapper(Customizer<PortMapperConfigurer<HttpSecurity>> portMapperCustomizer)
 			throws Exception {
@@ -1158,10 +1156,9 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * http.authorizeRequests().antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;).antMatchers(&quot;/admin/**&quot;)
 	 * 		.hasRole(&quot;ADMIN&quot;)
 	 * </pre>
-	 *
-	 * @see #requestMatcher(RequestMatcher)
 	 * @return the {@link ExpressionUrlAuthorizationConfigurer} for further customizations
 	 * @throws Exception
+	 * @see #requestMatcher(RequestMatcher)
 	 */
 	public ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry authorizeRequests()
 			throws Exception {
@@ -1238,12 +1235,11 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * 	}
 	 * }
 	 * </pre>
-	 *
-	 * @see #requestMatcher(RequestMatcher)
 	 * @param authorizeRequestsCustomizer the {@link Customizer} to provide more options
 	 * for the {@link ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry}
 	 * @return the {@link HttpSecurity} for further customizations
 	 * @throws Exception
+	 * @see #requestMatcher(RequestMatcher)
 	 */
 	public HttpSecurity authorizeRequests(
 			Customizer<ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry> authorizeRequestsCustomizer)
@@ -1779,10 +1775,9 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * 	}
 	 * }
 	 * </pre>
-	 *
-	 * @see FormLoginConfigurer#loginPage(String)
 	 * @return the {@link FormLoginConfigurer} for further customizations
 	 * @throws Exception
+	 * @see FormLoginConfigurer#loginPage(String)
 	 */
 	public FormLoginConfigurer<HttpSecurity> formLogin() throws Exception {
 		return getOrApply(new FormLoginConfigurer<>());
@@ -1842,12 +1837,11 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * 	}
 	 * }
 	 * </pre>
-	 *
-	 * @see FormLoginConfigurer#loginPage(String)
 	 * @param formLoginCustomizer the {@link Customizer} to provide more options for the
 	 * {@link FormLoginConfigurer}
 	 * @return the {@link HttpSecurity} for further customizations
 	 * @throws Exception
+	 * @see FormLoginConfigurer#loginPage(String)
 	 */
 	public HttpSecurity formLogin(Customizer<FormLoginConfigurer<HttpSecurity>> formLoginCustomizer) throws Exception {
 		formLoginCustomizer.customize(getOrApply(new FormLoginConfigurer<>()));
@@ -1935,10 +1929,9 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * </pre>
 	 *
 	 * <p>
-	 *
-	 * @since 5.2
 	 * @return the {@link Saml2LoginConfigurer} for further customizations
 	 * @throws Exception
+	 * @since 5.2
 	 */
 	public Saml2LoginConfigurer<HttpSecurity> saml2Login() throws Exception {
 		return getOrApply(new Saml2LoginConfigurer<>());
@@ -2025,12 +2018,11 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * </pre>
 	 *
 	 * <p>
-	 *
-	 * @since 5.2
 	 * @param saml2LoginCustomizer the {@link Customizer} to provide more options for the
 	 * {@link Saml2LoginConfigurer}
 	 * @return the {@link HttpSecurity} for further customizations
 	 * @throws Exception
+	 * @since 5.2
 	 */
 	public HttpSecurity saml2Login(Customizer<Saml2LoginConfigurer<HttpSecurity>> saml2LoginCustomizer)
 			throws Exception {
@@ -2122,7 +2114,8 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * <p>
 	 * For more advanced configuration, see {@link OAuth2LoginConfigurer} for available
 	 * options to customize the defaults.
-	 *
+	 * @return the {@link OAuth2LoginConfigurer} for further customizations
+	 * @throws Exception
 	 * @since 5.0
 	 * @see <a target="_blank" href=
 	 * "https://tools.ietf.org/html/rfc6749#section-4.1">Section 4.1 Authorization Code
@@ -2132,8 +2125,6 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * Authorization Code Flow</a>
 	 * @see org.springframework.security.oauth2.client.registration.ClientRegistration
 	 * @see org.springframework.security.oauth2.client.registration.ClientRegistrationRepository
-	 * @return the {@link OAuth2LoginConfigurer} for further customizations
-	 * @throws Exception
 	 */
 	public OAuth2LoginConfigurer<HttpSecurity> oauth2Login() throws Exception {
 		return getOrApply(new OAuth2LoginConfigurer<>());
@@ -2224,7 +2215,10 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * <p>
 	 * For more advanced configuration, see {@link OAuth2LoginConfigurer} for available
 	 * options to customize the defaults.
-	 *
+	 * @param oauth2LoginCustomizer the {@link Customizer} to provide more options for the
+	 * {@link OAuth2LoginConfigurer}
+	 * @return the {@link HttpSecurity} for further customizations
+	 * @throws Exception
 	 * @see <a target="_blank" href=
 	 * "https://tools.ietf.org/html/rfc6749#section-4.1">Section 4.1 Authorization Code
 	 * Grant</a>
@@ -2233,10 +2227,6 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * Authorization Code Flow</a>
 	 * @see org.springframework.security.oauth2.client.registration.ClientRegistration
 	 * @see org.springframework.security.oauth2.client.registration.ClientRegistrationRepository
-	 * @param oauth2LoginCustomizer the {@link Customizer} to provide more options for the
-	 * {@link OAuth2LoginConfigurer}
-	 * @return the {@link HttpSecurity} for further customizations
-	 * @throws Exception
 	 */
 	public HttpSecurity oauth2Login(Customizer<OAuth2LoginConfigurer<HttpSecurity>> oauth2LoginCustomizer)
 			throws Exception {
@@ -2246,13 +2236,12 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 
 	/**
 	 * Configures OAuth 2.0 Client support.
-	 *
+	 * @return the {@link OAuth2ClientConfigurer} for further customizations
+	 * @throws Exception
 	 * @since 5.1
 	 * @see <a target="_blank" href=
 	 * "https://tools.ietf.org/html/rfc6749#section-1.1">OAuth 2.0 Authorization
 	 * Framework</a>
-	 * @return the {@link OAuth2ClientConfigurer} for further customizations
-	 * @throws Exception
 	 */
 	public OAuth2ClientConfigurer<HttpSecurity> oauth2Client() throws Exception {
 		OAuth2ClientConfigurer<HttpSecurity> configurer = getOrApply(new OAuth2ClientConfigurer<>());
@@ -2283,14 +2272,13 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 *	}
 	 * }
 	 * </pre>
-	 *
-	 * @see <a target="_blank" href=
-	 * "https://tools.ietf.org/html/rfc6749#section-1.1">OAuth 2.0 Authorization
-	 * Framework</a>
 	 * @param oauth2ClientCustomizer the {@link Customizer} to provide more options for
 	 * the {@link OAuth2ClientConfigurer}
 	 * @return the {@link HttpSecurity} for further customizations
 	 * @throws Exception
+	 * @see <a target="_blank" href=
+	 * "https://tools.ietf.org/html/rfc6749#section-1.1">OAuth 2.0 Authorization
+	 * Framework</a>
 	 */
 	public HttpSecurity oauth2Client(Customizer<OAuth2ClientConfigurer<HttpSecurity>> oauth2ClientCustomizer)
 			throws Exception {
@@ -2300,13 +2288,12 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 
 	/**
 	 * Configures OAuth 2.0 Resource Server support.
-	 *
+	 * @return the {@link OAuth2ResourceServerConfigurer} for further customizations
+	 * @throws Exception
 	 * @since 5.1
 	 * @see <a target="_blank" href=
 	 * "https://tools.ietf.org/html/rfc6749#section-1.1">OAuth 2.0 Authorization
 	 * Framework</a>
-	 * @return the {@link OAuth2ResourceServerConfigurer} for further customizations
-	 * @throws Exception
 	 */
 	public OAuth2ResourceServerConfigurer<HttpSecurity> oauth2ResourceServer() throws Exception {
 		OAuth2ResourceServerConfigurer<HttpSecurity> configurer = getOrApply(
@@ -2353,14 +2340,13 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * 	}
 	 * }
 	 * </pre>
-	 *
-	 * @see <a target="_blank" href=
-	 * "https://tools.ietf.org/html/rfc6749#section-1.1">OAuth 2.0 Authorization
-	 * Framework</a>
 	 * @param oauth2ResourceServerCustomizer the {@link Customizer} to provide more
 	 * options for the {@link OAuth2ResourceServerConfigurer}
 	 * @return the {@link HttpSecurity} for further customizations
 	 * @throws Exception
+	 * @see <a target="_blank" href=
+	 * "https://tools.ietf.org/html/rfc6749#section-1.1">OAuth 2.0 Authorization
+	 * Framework</a>
 	 */
 	public HttpSecurity oauth2ResourceServer(
 			Customizer<OAuth2ResourceServerConfigurer<HttpSecurity>> oauth2ResourceServerCustomizer) throws Exception {
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/builders/WebSecurity.java b/config/src/main/java/org/springframework/security/config/annotation/web/builders/WebSecurity.java
index 1adc9465ec..7d8ef3304c 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/builders/WebSecurity.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/builders/WebSecurity.java
@@ -72,11 +72,11 @@ import org.springframework.web.filter.DelegatingFilterProxy;
  * {@link WebSecurityConfigurerAdapter}.
  * </p>
  *
- * @see EnableWebSecurity
- * @see WebSecurityConfiguration
  * @author Rob Winch
  * @author Evgeniy Cheban
  * @since 3.2
+ * @see EnableWebSecurity
+ * @see WebSecurityConfiguration
  */
 public final class WebSecurity extends AbstractConfiguredSecurityBuilder<Filter, WebSecurity>
 		implements SecurityBuilder<Filter>, ApplicationContextAware {
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractAuthenticationFilterConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractAuthenticationFilterConfigurer.java
index d9180e5c86..48c49598cb 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractAuthenticationFilterConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractAuthenticationFilterConfigurer.java
@@ -49,13 +49,13 @@ import java.util.Collections;
  * Base class for configuring {@link AbstractAuthenticationFilterConfigurer}. This is
  * intended for internal use only.
  *
- * @see FormLoginConfigurer
- * @see OpenIDLoginConfigurer
  * @param T refers to "this" for returning the current configurer
  * @param F refers to the {@link AbstractAuthenticationProcessingFilter} that is being
  * built
  * @author Rob Winch
  * @since 3.2
+ * @see FormLoginConfigurer
+ * @see OpenIDLoginConfigurer
  */
 public abstract class AbstractAuthenticationFilterConfigurer<B extends HttpSecurityBuilder<B>, T extends AbstractAuthenticationFilterConfigurer<B, T, F>, F extends AbstractAuthenticationProcessingFilter>
 		extends AbstractHttpConfigurer<T, B> {
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractConfigAttributeRequestMatcherRegistry.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractConfigAttributeRequestMatcherRegistry.java
index 758558e8a4..092681c195 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractConfigAttributeRequestMatcherRegistry.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractConfigAttributeRequestMatcherRegistry.java
@@ -28,9 +28,9 @@ import org.springframework.security.web.util.matcher.RequestMatcher;
  * A base class for registering {@link RequestMatcher}'s. For example, it might allow for
  * specifying which {@link RequestMatcher} require a certain level of authorization.
  *
+ * @param <C> The object that is returned or Chained after creating the RequestMatcher
  * @author Rob Winch
  * @since 3.2
- * @param <C> The object that is returned or Chained after creating the RequestMatcher
  * @see ChannelSecurityConfigurer
  * @see UrlAuthorizationConfigurer
  * @see ExpressionUrlAuthorizationConfigurer
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurer.java
index 5c2e4be582..672c17f4fa 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurer.java
@@ -74,6 +74,7 @@ import org.springframework.util.Assert;
  * </ul>
  *
  * @author Rob Winch
+ * @author Michael Vitz
  * @since 3.2
  */
 public final class CsrfConfigurer<H extends HttpSecurityBuilder<H>>
@@ -184,12 +185,10 @@ public final class CsrfConfigurer<H extends HttpSecurityBuilder<H>>
 	 * Specify the {@link SessionAuthenticationStrategy} to use. The default is a
 	 * {@link CsrfAuthenticationStrategy}.
 	 * </p>
-	 *
-	 * @author Michael Vitz
-	 * @since 5.2
 	 * @param sessionAuthenticationStrategy the {@link SessionAuthenticationStrategy} to
 	 * use
 	 * @return the {@link CsrfConfigurer} for further customizations
+	 * @since 5.2
 	 */
 	public CsrfConfigurer<H> sessionAuthenticationStrategy(
 			SessionAuthenticationStrategy sessionAuthenticationStrategy) {
@@ -300,10 +299,8 @@ public final class CsrfConfigurer<H extends HttpSecurityBuilder<H>>
 	/**
 	 * Gets the {@link SessionAuthenticationStrategy} to use. If none was set by the user
 	 * a {@link CsrfAuthenticationStrategy} is created.
-	 *
-	 * @author Michael Vitz
-	 * @since 5.2
 	 * @return the {@link SessionAuthenticationStrategy}
+	 * @since 5.2
 	 */
 	private SessionAuthenticationStrategy getSessionAuthenticationStrategy() {
 		if (sessionAuthenticationStrategy != null) {
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/DefaultLoginPageConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/DefaultLoginPageConfigurer.java
index 92c09d6192..c7bd680c15 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/DefaultLoginPageConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/DefaultLoginPageConfigurer.java
@@ -61,9 +61,9 @@ import java.util.function.Function;
  * {@link DefaultLoginPageConfigurer} should be added and how to configure it.</li>
  * </ul>
  *
- * @see WebSecurityConfigurerAdapter
  * @author Rob Winch
  * @since 3.2
+ * @see WebSecurityConfigurerAdapter
  */
 public final class DefaultLoginPageConfigurer<H extends HttpSecurityBuilder<H>>
 		extends AbstractHttpConfigurer<DefaultLoginPageConfigurer<H>, H> {
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurer.java
index 0f6758a5c8..e0c0d84394 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurer.java
@@ -774,11 +774,10 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 	 * <li>Content-Security-Policy</li>
 	 * <li>Content-Security-Policy-Report-Only</li>
 	 * </ul>
-	 *
-	 * @see ContentSecurityPolicyHeaderWriter
-	 * @since 4.1
 	 * @return the {@link ContentSecurityPolicyConfig} for additional configuration
 	 * @throws IllegalArgumentException if policyDirectives is null or empty
+	 * @since 4.1
+	 * @see ContentSecurityPolicyHeaderWriter
 	 */
 	public ContentSecurityPolicyConfig contentSecurityPolicy(String policyDirectives) {
 		this.contentSecurityPolicy.writer = new ContentSecurityPolicyHeaderWriter(policyDirectives);
@@ -805,11 +804,10 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 	 * <li>Content-Security-Policy</li>
 	 * <li>Content-Security-Policy-Report-Only</li>
 	 * </ul>
-	 *
-	 * @see ContentSecurityPolicyHeaderWriter
 	 * @param contentSecurityCustomizer the {@link Customizer} to provide more options for
 	 * the {@link ContentSecurityPolicyConfig}
 	 * @return the {@link HeadersConfigurer} for additional customizations
+	 * @see ContentSecurityPolicyHeaderWriter
 	 */
 	public HeadersConfigurer<H> contentSecurityPolicy(
 			Customizer<ContentSecurityPolicyConfig> contentSecurityCustomizer) {
@@ -944,10 +942,9 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 	 * <pre>
 	 * Referrer-Policy: no-referrer
 	 * </pre>
-	 *
-	 * @see ReferrerPolicyHeaderWriter
-	 * @since 4.2
 	 * @return the {@link ReferrerPolicyConfig} for additional configuration
+	 * @since 4.2
+	 * @see ReferrerPolicyHeaderWriter
 	 */
 	public ReferrerPolicyConfig referrerPolicy() {
 		this.referrerPolicy.writer = new ReferrerPolicyHeaderWriter();
@@ -967,11 +964,10 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 	 * <ul>
 	 * <li>Referrer-Policy</li>
 	 * </ul>
-	 *
-	 * @see ReferrerPolicyHeaderWriter
-	 * @since 4.2
 	 * @return the {@link ReferrerPolicyConfig} for additional configuration
 	 * @throws IllegalArgumentException if policy is null or empty
+	 * @since 4.2
+	 * @see ReferrerPolicyHeaderWriter
 	 */
 	public ReferrerPolicyConfig referrerPolicy(ReferrerPolicy policy) {
 		this.referrerPolicy.writer = new ReferrerPolicyHeaderWriter(policy);
@@ -991,11 +987,10 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 	 * <ul>
 	 * <li>Referrer-Policy</li>
 	 * </ul>
-	 *
-	 * @see ReferrerPolicyHeaderWriter
 	 * @param referrerPolicyCustomizer the {@link Customizer} to provide more options for
 	 * the {@link ReferrerPolicyConfig}
 	 * @return the {@link HeadersConfigurer} for additional customizations
+	 * @see ReferrerPolicyHeaderWriter
 	 */
 	public HeadersConfigurer<H> referrerPolicy(Customizer<ReferrerPolicyConfig> referrerPolicyCustomizer) {
 		this.referrerPolicy.writer = new ReferrerPolicyHeaderWriter();
@@ -1036,11 +1031,10 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 	 * <p>
 	 * Configuration is provided to the {@link FeaturePolicyHeaderWriter} which is
 	 * responsible for writing the header.
-	 *
-	 * @see FeaturePolicyHeaderWriter
-	 * @since 5.1
 	 * @return the {@link FeaturePolicyConfig} for additional configuration
 	 * @throws IllegalArgumentException if policyDirectives is {@code null} or empty
+	 * @since 5.1
+	 * @see FeaturePolicyHeaderWriter
 	 */
 	public FeaturePolicyConfig featurePolicy(String policyDirectives) {
 		this.featurePolicy.writer = new FeaturePolicyHeaderWriter(policyDirectives);
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurer.java
index da0028a54f..7b9aa5132a 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurer.java
@@ -143,11 +143,10 @@ public final class LogoutConfigurer<H extends HttpSecurityBuilder<H>>
 	 * attacks</a>. If you really want to use an HTTP GET, you can use
 	 * <code>logoutRequestMatcher(new AntPathRequestMatcher(logoutUrl, "GET"));</code>
 	 * </p>
-	 *
-	 * @see #logoutRequestMatcher(RequestMatcher)
-	 * @see HttpSecurity#csrf()
 	 * @param logoutUrl the URL that will invoke logout.
 	 * @return the {@link LogoutConfigurer} for further customization
+	 * @see #logoutRequestMatcher(RequestMatcher)
+	 * @see HttpSecurity#csrf()
 	 */
 	public LogoutConfigurer<H> logoutUrl(String logoutUrl) {
 		this.logoutRequestMatcher = null;
@@ -158,11 +157,10 @@ public final class LogoutConfigurer<H extends HttpSecurityBuilder<H>>
 	/**
 	 * The RequestMatcher that triggers log out to occur. In most circumstances users will
 	 * use {@link #logoutUrl(String)} which helps enforce good practices.
-	 *
-	 * @see #logoutUrl(String)
 	 * @param logoutRequestMatcher the RequestMatcher used to determine if logout should
 	 * occur.
 	 * @return the {@link LogoutConfigurer} for further customization
+	 * @see #logoutUrl(String)
 	 */
 	public LogoutConfigurer<H> logoutRequestMatcher(RequestMatcher logoutRequestMatcher) {
 		this.logoutRequestMatcher = logoutRequestMatcher;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurer.java
index acc55108bd..4507c58b1e 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurer.java
@@ -214,8 +214,8 @@ public final class SessionManagementConfigurer<H extends HttpSecurityBuilder<H>>
 	 * @param sessionCreationPolicy the {@link SessionCreationPolicy} to use. Cannot be
 	 * null.
 	 * @return the {@link SessionManagementConfigurer} for further customizations
-	 * @see SessionCreationPolicy
 	 * @throws IllegalArgumentException if {@link SessionCreationPolicy} is null.
+	 * @see SessionCreationPolicy
 	 */
 	public SessionManagementConfigurer<H> sessionCreationPolicy(SessionCreationPolicy sessionCreationPolicy) {
 		Assert.notNull(sessionCreationPolicy, "sessionCreationPolicy cannot be null");
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java
index f30b3f0428..09addf7ea9 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java
@@ -163,10 +163,9 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>
 
 	/**
 	 * Sets the repository for authorized client(s).
-	 *
-	 * @since 5.1
 	 * @param authorizedClientRepository the authorized client repository
 	 * @return the {@link OAuth2LoginConfigurer} for further configuration
+	 * @since 5.1
 	 */
 	public OAuth2LoginConfigurer<B> authorizedClientRepository(
 			OAuth2AuthorizedClientRepository authorizedClientRepository) {
@@ -250,11 +249,10 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>
 
 		/**
 		 * Sets the resolver used for resolving {@link OAuth2AuthorizationRequest}'s.
-		 *
-		 * @since 5.1
 		 * @param authorizationRequestResolver the resolver used for resolving
 		 * {@link OAuth2AuthorizationRequest}'s
 		 * @return the {@link AuthorizationEndpointConfig} for further configuration
+		 * @since 5.1
 		 */
 		public AuthorizationEndpointConfig authorizationRequestResolver(
 				OAuth2AuthorizationRequestResolver authorizationRequestResolver) {
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurer.java
index fd0ee07065..19f0fd4cdd 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurer.java
@@ -118,11 +118,11 @@ import org.springframework.security.web.util.matcher.RequestMatcher;
  * </ul>
  *
  * @author Rob Winch
+ * @since 3.2
  * @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are
  * <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to
  * migrate</a> to <a href="https://openid.net/connect/">OpenID Connect</a>, which is
  * supported by <code>spring-security-oauth2</code>.
- * @since 3.2
  */
 public final class OpenIDLoginConfigurer<H extends HttpSecurityBuilder<H>>
 		extends AbstractAuthenticationFilterConfigurer<H, OpenIDLoginConfigurer<H>, OpenIDAuthenticationFilter> {
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistry.java b/config/src/main/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistry.java
index 404bc89236..78ef22909a 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistry.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistry.java
@@ -40,8 +40,8 @@ import org.springframework.util.StringUtils;
  * Allows mapping security constraints using {@link MessageMatcher} to the security
  * expressions.
  *
- * @since 4.0
  * @author Rob Winch
+ * @since 4.0
  */
 public class MessageSecurityMetadataSourceRegistry {
 
@@ -152,7 +152,7 @@ public class MessageSecurityMetadataSourceRegistry {
 	 * from. Uses
 	 * {@link MessageSecurityMetadataSourceRegistry#simpDestPathMatcher(PathMatcher)}.
 	 * @return the {@link Constraint} that is associated to the {@link MessageMatcher}
-	 * @see {@link MessageSecurityMetadataSourceRegistry#simpDestPathMatcher(PathMatcher)}
+	 * @see MessageSecurityMetadataSourceRegistry#simpDestPathMatcher(PathMatcher)
 	 */
 	private Constraint simpDestMatchers(SimpMessageType type, String... patterns) {
 		List<MatcherBuilder> matchers = new ArrayList<>(patterns.length);
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurity.java b/config/src/main/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurity.java
index c0f7ec0c9b..33014b7e89 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurity.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurity.java
@@ -47,6 +47,7 @@ import java.lang.annotation.Target;
  *          return new MapReactiveUserDetailsService(user);
  *     }
  * }
+ * </pre>
  *
  * Below is the same as our minimal configuration, but explicitly declaring the
  * {@code ServerHttpSecurity}.
@@ -54,7 +55,6 @@ import java.lang.annotation.Target;
  * <pre class="code">
  * &#064;EnableWebFluxSecurity
  * public class MyExplicitSecurityConfiguration {
- *     // @formatter:off
  *     &#064;Bean
  *     public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
  *          http
@@ -65,9 +65,7 @@ import java.lang.annotation.Target;
  *                    .formLogin();
  *          return http.build();
  *     }
- *     // @formatter:on
  *
- *     // @formatter:off
  *     &#064;Bean
  *     public MapReactiveUserDetailsService userDetailsService() {
  *          UserDetails user = User.withDefaultPasswordEncoder()
@@ -77,8 +75,8 @@ import java.lang.annotation.Target;
  *               .build();
  *          return new MapReactiveUserDetailsService(user);
  *     }
- *     // @formatter:on
  * }
+ * </pre>
  *
  * @author Rob Winch
  * @since 5.0
diff --git a/config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java b/config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java
index 5dd453fca2..dc02c12412 100644
--- a/config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java
+++ b/config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java
@@ -447,13 +447,13 @@ final class AuthenticationConfigBuilder {
 
 	/**
 	 * Parses OpenID 1.0 and 2.0 - related parts of configuration xmls
+	 * @param sessionStrategy sessionStrategy
+	 * @param openIDLoginElt the element from the xml file
+	 * @return the parsed filter as rootBeanDefinition
 	 * @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are
 	 * <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to
 	 * migrate</a> to <a href="https://openid.net/connect/">OpenID Connect</a>, which is
 	 * supported by <code>spring-security-oauth2</code>.
-	 * @param sessionStrategy sessionStrategy
-	 * @param openIDLoginElt the element from the xml file
-	 * @return the parsed filter as rootBeanDefinition
 	 */
 	private RootBeanDefinition parseOpenIDFilter(BeanReference sessionStrategy, Element openIDLoginElt) {
 		RootBeanDefinition openIDFilter;
diff --git a/config/src/main/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParser.java
index 326fc70713..e460c3365b 100644
--- a/config/src/main/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParser.java
@@ -55,8 +55,8 @@ import org.springframework.util.xml.DomUtils;
  * A {@link BeanDefinitionParser} for &lt;http&gt;'s &lt;oauth2-resource-server&gt;
  * element.
  *
- * @since 5.3
  * @author Josh Cummings
+ * @since 5.3
  */
 final class OAuth2ResourceServerBeanDefinitionParser implements BeanDefinitionParser {
 
diff --git a/config/src/main/java/org/springframework/security/config/ldap/ContextSourceSettingPostProcessor.java b/config/src/main/java/org/springframework/security/config/ldap/ContextSourceSettingPostProcessor.java
index a031988e83..9216cbd9d8 100644
--- a/config/src/main/java/org/springframework/security/config/ldap/ContextSourceSettingPostProcessor.java
+++ b/config/src/main/java/org/springframework/security/config/ldap/ContextSourceSettingPostProcessor.java
@@ -26,10 +26,10 @@ import org.springframework.util.ClassUtils;
 
 /**
  * Checks for the presence of a ContextSource instance. Also supplies the standard
- * reference to any unconfigured <ldap-authentication-provider> or <ldap-user-service>
- * beans. This is necessary in cases where the user has given the server a specific Id,
- * but hasn't used the server-ref attribute to link this to the other ldap definitions.
- * See SEC-799.
+ * reference to any unconfigured &lt;ldap-authentication-provider&gt; or
+ * &lt;ldap-user-service&gt; beans. This is necessary in cases where the user has given
+ * the server a specific Id, but hasn't used the server-ref attribute to link this to the
+ * other ldap definitions. See SEC-799.
  *
  * @author Luke Taylor
  * @since 3.0
diff --git a/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java b/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java
index c2d7d13a28..aba685f3a3 100644
--- a/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java
+++ b/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java
@@ -189,25 +189,51 @@ import static org.springframework.security.web.server.DelegatingServerAuthentica
  *
  * A minimal configuration can be found below:
  *
- * <pre class="code"> &#064;EnableWebFluxSecurity public class
- * MyMinimalSecurityConfiguration {
+ * <pre class="code">
+ * &#064;EnableWebFluxSecurity
+ * public class MyMinimalSecurityConfiguration {
  *
- * &#064;Bean public MapReactiveUserDetailsService userDetailsService() { UserDetails user
- * = User.withDefaultPasswordEncoder() .username("user") .password("password")
- * .roles("USER") .build(); return new MapReactiveUserDetailsService(user); } }
+ *     &#064;Bean
+ *     public MapReactiveUserDetailsService userDetailsService() {
+ *         UserDetails user = User.withDefaultPasswordEncoder()
+ *             .username("user")
+ *             .password("password")
+ *             .roles("USER")
+ *             .build();
+ *         return new MapReactiveUserDetailsService(user);
+ *     }
+ * }
+ * </pre>
  *
  * Below is the same as our minimal configuration, but explicitly declaring the
  * {@code ServerHttpSecurity}.
  *
- * <pre class="code"> &#064;EnableWebFluxSecurity public class
- * MyExplicitSecurityConfiguration { &#064;Bean public SecurityWebFilterChain
- * springSecurityFilterChain(ServerHttpSecurity http) { http .authorizeExchange()
- * .anyExchange().authenticated() .and() .httpBasic().and() .formLogin(); return
- * http.build(); }
+ * <pre class="code">
+ * &#064;EnableWebFluxSecurity
+ * public class MyExplicitSecurityConfiguration {
  *
- * &#064;Bean public MapReactiveUserDetailsService userDetailsService() { UserDetails user
- * = User.withDefaultPasswordEncoder() .username("user") .password("password")
- * .roles("USER") .build(); return new MapReactiveUserDetailsService(user); } }
+ *     &#064;Bean
+ *     public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
+ *         http
+ *             .authorizeExchange()
+ *               .anyExchange().authenticated()
+ *             .and()
+ *               .httpBasic().and()
+ *               .formLogin();
+ *             return http.build();
+ *     }
+ *
+ *     &#064;Bean
+ *     public MapReactiveUserDetailsService userDetailsService() {
+ *         UserDetails user = User.withDefaultPasswordEncoder()
+ *             .username("user")
+ *             .password("password")
+ *             .roles("USER")
+ *             .build();
+ *         return new MapReactiveUserDetailsService(user);
+ *     }
+ * }
+ * </pre>
  *
  * @author Rob Winch
  * @author Vedran Pavic
@@ -829,11 +855,10 @@ public class ServerHttpSecurity {
 	 * Note that if extractor is not specified, {@link SubjectDnX509PrincipalExtractor}
 	 * will be used. If authenticationManager is not specified,
 	 * {@link ReactivePreAuthenticatedAuthenticationManager} will be used.
-	 *
-	 * @since 5.2
 	 * @param x509Customizer the {@link Customizer} to provide more options for the
 	 * {@link X509Spec}
 	 * @return the {@link ServerHttpSecurity} to customize
+	 * @since 5.2
 	 */
 	public ServerHttpSecurity x509(Customizer<X509Spec> x509Customizer) {
 		if (this.x509 == null) {
@@ -994,10 +1019,9 @@ public class ServerHttpSecurity {
 		 * The {@link ServerSecurityContextRepository} used to save the
 		 * {@code Authentication}. Defaults to
 		 * {@link WebSessionServerSecurityContextRepository}.
-		 *
-		 * @since 5.2
 		 * @param securityContextRepository the repository to use
 		 * @return the {@link OAuth2LoginSpec} to continue configuring
+		 * @since 5.2
 		 */
 		public OAuth2LoginSpec securityContextRepository(ServerSecurityContextRepository securityContextRepository) {
 			this.securityContextRepository = securityContextRepository;
@@ -1008,10 +1032,9 @@ public class ServerHttpSecurity {
 		 * The {@link ServerAuthenticationSuccessHandler} used after authentication
 		 * success. Defaults to {@link RedirectServerAuthenticationSuccessHandler}
 		 * redirecting to "/".
-		 *
-		 * @since 5.2
 		 * @param authenticationSuccessHandler the success handler to use
 		 * @return the {@link OAuth2LoginSpec} to customize
+		 * @since 5.2
 		 */
 		public OAuth2LoginSpec authenticationSuccessHandler(
 				ServerAuthenticationSuccessHandler authenticationSuccessHandler) {
@@ -1024,10 +1047,9 @@ public class ServerHttpSecurity {
 		 * The {@link ServerAuthenticationFailureHandler} used after authentication
 		 * failure. Defaults to {@link RedirectServerAuthenticationFailureHandler}
 		 * redirecting to "/login?error".
-		 *
-		 * @since 5.2
 		 * @param authenticationFailureHandler the failure handler to use
 		 * @return the {@link OAuth2LoginSpec} to customize
+		 * @since 5.2
 		 */
 		public OAuth2LoginSpec authenticationFailureHandler(
 				ServerAuthenticationFailureHandler authenticationFailureHandler) {
@@ -1121,11 +1143,10 @@ public class ServerHttpSecurity {
 
 		/**
 		 * Sets the repository to use for storing {@link OAuth2AuthorizationRequest}'s.
-		 *
-		 * @since 5.2
 		 * @param authorizationRequestRepository the repository to use for storing
 		 * {@link OAuth2AuthorizationRequest}'s
 		 * @return the {@link OAuth2LoginSpec} for further configuration
+		 * @since 5.2
 		 */
 		public OAuth2LoginSpec authorizationRequestRepository(
 				ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository) {
@@ -1135,11 +1156,10 @@ public class ServerHttpSecurity {
 
 		/**
 		 * Sets the resolver used for resolving {@link OAuth2AuthorizationRequest}'s.
-		 *
-		 * @since 5.2
 		 * @param authorizationRequestResolver the resolver used for resolving
 		 * {@link OAuth2AuthorizationRequest}'s
 		 * @return the {@link OAuth2LoginSpec} for further configuration
+		 * @since 5.2
 		 */
 		public OAuth2LoginSpec authorizationRequestResolver(
 				ServerOAuth2AuthorizationRequestResolver authorizationRequestResolver) {
@@ -1150,11 +1170,10 @@ public class ServerHttpSecurity {
 		/**
 		 * Sets the {@link ServerWebExchangeMatcher matcher} used for determining if the
 		 * request is an authentication request.
-		 *
-		 * @since 5.2
 		 * @param authenticationMatcher the {@link ServerWebExchangeMatcher matcher} used
 		 * for determining if the request is an authentication request
 		 * @return the {@link OAuth2LoginSpec} for further configuration
+		 * @since 5.2
 		 */
 		public OAuth2LoginSpec authenticationMatcher(ServerWebExchangeMatcher authenticationMatcher) {
 			this.authenticationMatcher = authenticationMatcher;
@@ -1499,11 +1518,10 @@ public class ServerHttpSecurity {
 
 		/**
 		 * Sets the repository to use for storing {@link OAuth2AuthorizationRequest}'s.
-		 *
-		 * @since 5.2
 		 * @param authorizationRequestRepository the repository to use for storing
 		 * {@link OAuth2AuthorizationRequest}'s
 		 * @return the {@link OAuth2ClientSpec} to customize
+		 * @since 5.2
 		 */
 		public OAuth2ClientSpec authorizationRequestRepository(
 				ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository) {
@@ -3689,8 +3707,8 @@ public class ServerHttpSecurity {
 		/**
 		 * Configures {@code Content-Security-Policy} response header.
 		 *
-		 * @see #contentSecurityPolicy(String)
 		 * @since 5.1
+		 * @see #contentSecurityPolicy(String)
 		 */
 		public class ContentSecurityPolicySpec {
 
@@ -3740,8 +3758,8 @@ public class ServerHttpSecurity {
 		/**
 		 * Configures {@code Feature-Policy} response header.
 		 *
-		 * @see #featurePolicy(String)
 		 * @since 5.1
+		 * @see #featurePolicy(String)
 		 */
 		public class FeaturePolicySpec {
 
@@ -3763,9 +3781,9 @@ public class ServerHttpSecurity {
 		/**
 		 * Configures {@code Referrer-Policy} response header.
 		 *
+		 * @since 5.1
 		 * @see #referrerPolicy()
 		 * @see #referrerPolicy(ReferrerPolicy)
-		 * @since 5.1
 		 */
 		public class ReferrerPolicySpec {
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/SampleWebSecurityConfigurerAdapterTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/SampleWebSecurityConfigurerAdapterTests.java
index 0e779e9c4a..555ff3fd48 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/SampleWebSecurityConfigurerAdapterTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/SampleWebSecurityConfigurerAdapterTests.java
@@ -109,29 +109,29 @@ public class SampleWebSecurityConfigurerAdapterTests {
 	}
 
 	/**
-	 * <code>
-	 *   <http>
-	 *     <intercept-url pattern="/resources/**" access="permitAll"/>
-	 *     <intercept-url pattern="/**" access="authenticated"/>
-	 *     <logout
+	 * <pre>
+	 *   &lt;http&gt;
+	 *     &lt;intercept-url pattern="/resources/**" access="permitAll"/&gt;
+	 *     &lt;intercept-url pattern="/**" access="authenticated"/&gt;
+	 *     &lt;logout
 	 *         logout-success-url="/login?logout"
 	 *         logout-url="/logout"
-	 *     <form-login
+	 *     &lt;form-login
 	 *         authentication-failure-url="/login?error"
-	 *         login-page="/login" <!-- Except Spring Security renders the login page -->
-	 *         login-processing-url="/login" <!-- but only POST -->
+	 *         login-page="/login" &lt;!-- Except Spring Security renders the login page --&gt;
+	 *         login-processing-url="/login" &lt;!-- but only POST --&gt;
 	 *         password-parameter="password"
 	 *         username-parameter="username"
-	 *     />
-	 *   </http>
-	 *   <authentication-manager>
-	 *     <authentication-provider>
-	 *       <user-service>
-	 *         <user username="user" password="password" authorities="ROLE_USER"/>
-	 *       </user-service>
-	 *     </authentication-provider>
-	 *   </authentication-manager>
-	 * </code>
+	 *     /&gt;
+	 *   &lt;/http&gt;
+	 *   &lt;authentication-manager&gt;
+	 *     &lt;authentication-provider&gt;
+	 *       &lt;user-service&gt;
+	 *         &lt;user username="user" password="password" authorities="ROLE_USER"/&gt;
+	 *       &lt;/user-service&gt;
+	 *     &lt;/authentication-provider&gt;
+	 *   &lt;/authentication-manager&gt;
+	 * </pre>
 	 *
 	 * @author Rob Winch
 	 */
@@ -183,35 +183,35 @@ public class SampleWebSecurityConfigurerAdapterTests {
 	}
 
 	/**
-	 * <code>
-	 *   <http security="none" pattern="/resources/**"/>
-	 *   <http>
-	 *     <intercept-url pattern="/logout" access="permitAll"/>
-	 *     <intercept-url pattern="/login" access="permitAll"/>
-	 *     <intercept-url pattern="/signup" access="permitAll"/>
-	 *     <intercept-url pattern="/about" access="permitAll"/>
-	 *     <intercept-url pattern="/**" access="hasRole('ROLE_USER')"/>
-	 *     <logout
+	 * <pre>
+	 *   &lt;http security="none" pattern="/resources/**"/&gt;
+	 *   &lt;http&gt;
+	 *     &lt;intercept-url pattern="/logout" access="permitAll"/&gt;
+	 *     &lt;intercept-url pattern="/login" access="permitAll"/&gt;
+	 *     &lt;intercept-url pattern="/signup" access="permitAll"/&gt;
+	 *     &lt;intercept-url pattern="/about" access="permitAll"/&gt;
+	 *     &lt;intercept-url pattern="/**" access="hasRole('ROLE_USER')"/&gt;
+	 *     &lt;logout
 	 *         logout-success-url="/login?logout"
 	 *         logout-url="/logout"
-	 *     <form-login
+	 *     &lt;form-login
 	 *         authentication-failure-url="/login?error"
 	 *         login-page="/login"
-	 *         login-processing-url="/login" <!-- but only POST -->
+	 *         login-processing-url="/login" &lt;!-- but only POST --&gt;
 	 *         password-parameter="password"
 	 *         username-parameter="username"
-	 *     />
-	 *   </http>
-	 *   <authentication-manager>
-	 *     <authentication-provider>
-	 *       <user-service>
-	 *         <user username="user" password="password" authorities="ROLE_USER"/>
-	 *         <user username="admin" password="password" authorities=
-	"ROLE_USER,ROLE_ADMIN"/>
-	 *       </user-service>
-	 *     </authentication-provider>
-	 *   </authentication-manager>
-	 * </code>
+	 *     /&gt;
+	 *   &lt;/http&gt;
+	 *   &lt;authentication-manager&gt;
+	 *     &lt;authentication-provider&gt;
+	 *       &lt;user-service&gt;
+	 *         &lt;user username="user" password="password" authorities="ROLE_USER"/&gt;
+	 *         &lt;user username="admin" password="password" authorities=
+	"ROLE_USER,ROLE_ADMIN"/&gt;
+	 *       &lt;/user-service&gt;
+	 *     &lt;/authentication-provider&gt;
+	 *   &lt;/authentication-manager&gt;
+	 * </pre>
 	 *
 	 * @author Rob Winch
 	 */
@@ -319,38 +319,38 @@ public class SampleWebSecurityConfigurerAdapterTests {
 
 	/**
 	 * <code>
-	 *   <http security="none" pattern="/resources/**"/>
-	 *   <http pattern="/api/**">
-	 *     <intercept-url pattern="/api/admin/**" access="hasRole('ROLE_ADMIN')"/>
-	 *     <intercept-url pattern="/api/**" access="hasRole('ROLE_USER')"/>
-	 *     <http-basic />
-	 *   </http>
-	 *   <http>
-	 *     <intercept-url pattern="/logout" access="permitAll"/>
-	 *     <intercept-url pattern="/login" access="permitAll"/>
-	 *     <intercept-url pattern="/signup" access="permitAll"/>
-	 *     <intercept-url pattern="/about" access="permitAll"/>
-	 *     <intercept-url pattern="/**" access="hasRole('ROLE_USER')"/>
-	 *     <logout
+	 *   &lt;http security="none" pattern="/resources/**"/&gt;
+	 *   &lt;http pattern="/api/**"&gt;
+	 *     &lt;intercept-url pattern="/api/admin/**" access="hasRole('ROLE_ADMIN')"/&gt;
+	 *     &lt;intercept-url pattern="/api/**" access="hasRole('ROLE_USER')"/&gt;
+	 *     &lt;http-basic /&gt;
+	 *   &lt;/http&gt;
+	 *   &lt;http&gt;
+	 *     &lt;intercept-url pattern="/logout" access="permitAll"/&gt;
+	 *     &lt;intercept-url pattern="/login" access="permitAll"/&gt;
+	 *     &lt;intercept-url pattern="/signup" access="permitAll"/&gt;
+	 *     &lt;intercept-url pattern="/about" access="permitAll"/&gt;
+	 *     &lt;intercept-url pattern="/**" access="hasRole('ROLE_USER')"/&gt;
+	 *     &lt;logout
 	 *         logout-success-url="/login?logout"
 	 *         logout-url="/logout"
-	 *     <form-login
+	 *     &lt;form-login
 	 *         authentication-failure-url="/login?error"
 	 *         login-page="/login"
-	 *         login-processing-url="/login" <!-- but only POST -->
+	 *         login-processing-url="/login" &lt;!-- but only POST --&gt;
 	 *         password-parameter="password"
 	 *         username-parameter="username"
-	 *     />
-	 *   </http>
-	 *   <authentication-manager>
-	 *     <authentication-provider>
-	 *       <user-service>
-	 *         <user username="user" password="password" authorities="ROLE_USER"/>
-	 *         <user username="admin" password="password" authorities=
-	"ROLE_USER,ROLE_ADMIN"/>
-	 *       </user-service>
-	 *     </authentication-provider>
-	 *   </authentication-manager>
+	 *     /&gt;
+	 *   &lt;/http&gt;
+	 *   &lt;authentication-manager&gt;
+	 *     &lt;authentication-provider&gt;
+	 *       &lt;user-service&gt;
+	 *         &lt;user username="user" password="password" authorities="ROLE_USER"/&gt;
+	 *         &lt;user username="admin" password="password" authorities=
+	"ROLE_USER,ROLE_ADMIN"/&gt;
+	 *       &lt;/user-service&gt;
+	 *     &lt;/authentication-provider&gt;
+	 *   &lt;/authentication-manager&gt;
 	 * </code>
 	 *
 	 * @author Rob Winch
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/builders/NamespaceHttpTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/builders/NamespaceHttpTests.java
index ac5075b71c..556c3d1a49 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/builders/NamespaceHttpTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/builders/NamespaceHttpTests.java
@@ -63,8 +63,8 @@ import static org.springframework.test.web.servlet.request.MockMvcRequestBuilder
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.*;
 
 /**
- * Tests to verify that all the functionality of <http> attributes are present in Java
- * Config.
+ * Tests to verify that all the functionality of &lt;http&gt; attributes are present in
+ * Java Config.
  *
  * @author Rob Winch
  * @author Joe Grandja
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpAnonymousTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpAnonymousTests.java
index c7716f1d4b..ab96950277 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpAnonymousTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpAnonymousTests.java
@@ -39,7 +39,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
 
 /**
- * Tests to verify that all the functionality of <anonymous> attributes is present
+ * Tests to verify that all the functionality of &lt;anonymous&gt; attributes is present
  *
  * @author Rob Winch
  * @author Josh Cummings
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpBasicTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpBasicTests.java
index e020066b5e..e587019f6c 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpBasicTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpBasicTests.java
@@ -45,7 +45,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
 
 /**
- * Tests to verify that all the functionality of <http-basic> attributes is present
+ * Tests to verify that all the functionality of &lt;http-basic&gt; attributes is present
  *
  * @author Rob Winch
  * @author Josh Cummings
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpCustomFilterTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpCustomFilterTests.java
index 4bc72dc12c..da9f49f256 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpCustomFilterTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpCustomFilterTests.java
@@ -46,7 +46,8 @@ import org.springframework.web.filter.OncePerRequestFilter;
 import static org.assertj.core.api.Assertions.assertThat;
 
 /**
- * Tests to verify that all the functionality of <custom-filter> attributes is present
+ * Tests to verify that all the functionality of &lt;custom-filter&gt; attributes is
+ * present
  *
  * @author Rob Winch
  * @author Josh Cummings
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpExpressionHandlerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpExpressionHandlerTests.java
index 9b3e68ad68..eeab7c3e11 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpExpressionHandlerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpExpressionHandlerTests.java
@@ -45,7 +45,7 @@ import static org.springframework.test.web.servlet.request.MockMvcRequestBuilder
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content;
 
 /**
- * Tests to verify that all the functionality of <expression-handler> attributes is
+ * Tests to verify that all the functionality of &lt;expression-handler&gt; attributes is
  * present
  *
  * @author Rob Winch
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFirewallTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFirewallTests.java
index 75b24bdd09..146db2013d 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFirewallTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFirewallTests.java
@@ -36,7 +36,8 @@ import static org.assertj.core.api.Assertions.assertThatCode;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 
 /**
- * Tests to verify that all the functionality of <http-firewall> attributes is present
+ * Tests to verify that all the functionality of &lt;http-firewall&gt; attributes is
+ * present
  *
  * @author Rob Winch
  * @author Josh Cummings
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFormLoginTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFormLoginTests.java
index 66f4a2c207..0466f4f09a 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFormLoginTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFormLoginTests.java
@@ -45,7 +45,7 @@ import static org.springframework.test.web.servlet.request.MockMvcRequestBuilder
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.redirectedUrl;
 
 /**
- * Tests to verify that all the functionality of <form-login> attributes is present
+ * Tests to verify that all the functionality of &lt;form-login&gt; attributes is present
  *
  * @author Rob Winch
  * @author Josh Cummings
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpHeadersTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpHeadersTests.java
index 6c92e4a2f3..7ffd4c2dc7 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpHeadersTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpHeadersTests.java
@@ -40,7 +40,7 @@ import static org.springframework.test.web.servlet.request.MockMvcRequestBuilder
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.header;
 
 /**
- * Tests to verify that all the functionality of <headers> attributes is present
+ * Tests to verify that all the functionality of &lt;headers&gt; attributes is present
  *
  * @author Rob Winch
  * @author Josh Cummings
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpInterceptUrlTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpInterceptUrlTests.java
index 5e2f6e1fd7..a6e9d805d0 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpInterceptUrlTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpInterceptUrlTests.java
@@ -41,7 +41,8 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
 
 /**
- * Tests to verify that all the functionality of <intercept-url> attributes is present
+ * Tests to verify that all the functionality of &lt;intercept-url&gt; attributes is
+ * present
  *
  * @author Rob Winch
  * @author Josh Cummings
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpJeeTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpJeeTests.java
index be01d6b2cf..d62421f8fc 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpJeeTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpJeeTests.java
@@ -44,7 +44,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
 
 /**
- * Tests to verify that all the functionality of <jee> attributes is present
+ * Tests to verify that all the functionality of &lt;jee&gt; attributes is present
  *
  * @author Rob Winch
  * @author Josh Cummings
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpLogoutTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpLogoutTests.java
index 23cc3dbdf4..7471627b31 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpLogoutTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpLogoutTests.java
@@ -48,7 +48,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
 
 /**
- * Tests to verify that all the functionality of <logout> attributes is present
+ * Tests to verify that all the functionality of &lt;logout&gt; attributes is present
  *
  * @author Rob Winch
  * @author Josh Cummings
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpOpenIDLoginTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpOpenIDLoginTests.java
index ca2ab7c267..1a0e881dc9 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpOpenIDLoginTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpOpenIDLoginTests.java
@@ -70,7 +70,8 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
 
 /**
- * Tests to verify that all the functionality of <openid-login> attributes is present
+ * Tests to verify that all the functionality of &lt;openid-login&gt; attributes is
+ * present
  *
  * @author Rob Winch
  * @author Josh Cummings
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpPortMappingsTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpPortMappingsTests.java
index b57f8ea6e5..c7e2b79682 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpPortMappingsTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpPortMappingsTests.java
@@ -30,7 +30,8 @@ import static org.springframework.test.web.servlet.request.MockMvcRequestBuilder
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.redirectedUrl;
 
 /**
- * Tests to verify that all the functionality of <port-mappings> attributes is present
+ * Tests to verify that all the functionality of &lt;port-mappings&gt; attributes is
+ * present
  *
  * @author Rob Winch
  * @author Josh Cummings
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpRequestCacheTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpRequestCacheTests.java
index 6669eff98a..f83c874ce2 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpRequestCacheTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpRequestCacheTests.java
@@ -42,7 +42,8 @@ import static org.springframework.test.web.servlet.request.MockMvcRequestBuilder
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
 
 /**
- * Tests to verify that all the functionality of <request-cache> attributes is present
+ * Tests to verify that all the functionality of &lt;request-cache&gt; attributes is
+ * present
  *
  * @author Rob Winch
  * @author Josh Cummings
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpServerAccessDeniedHandlerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpServerAccessDeniedHandlerTests.java
index 75eca225e8..cb2523d9e4 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpServerAccessDeniedHandlerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpServerAccessDeniedHandlerTests.java
@@ -43,8 +43,8 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
 
 /**
- * Tests to verify that all the functionality of <access-denied-handler> attributes is
- * present
+ * Tests to verify that all the functionality of &lt;access-denied-handler&gt; attributes
+ * is present
  *
  * @author Rob Winch
  * @author Josh Cummings
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpX509Tests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpX509Tests.java
index 26f3c39a83..38276373ad 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpX509Tests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpX509Tests.java
@@ -51,8 +51,8 @@ import static org.springframework.test.web.servlet.request.MockMvcRequestBuilder
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content;
 
 /**
- * Tests to verify that all the functionality of <x509> attributes is present in Java
- * config
+ * Tests to verify that all the functionality of &lt;x509&gt; attributes is present in
+ * Java config
  *
  * @author Rob Winch
  * @author Josh Cummings
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceRememberMeTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceRememberMeTests.java
index 1fd45ff8e7..aeac564a92 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceRememberMeTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceRememberMeTests.java
@@ -63,7 +63,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
 
 /**
- * Tests to verify that all the functionality of <anonymous> attributes is present
+ * Tests to verify that all the functionality of &lt;anonymous&gt; attributes is present
  *
  * @author Rob Winch
  * @author Josh Cummings
diff --git a/core/src/main/java/org/springframework/security/access/prepost/PrePostAnnotationSecurityMetadataSource.java b/core/src/main/java/org/springframework/security/access/prepost/PrePostAnnotationSecurityMetadataSource.java
index 16f8cc04e0..f68952eac6 100644
--- a/core/src/main/java/org/springframework/security/access/prepost/PrePostAnnotationSecurityMetadataSource.java
+++ b/core/src/main/java/org/springframework/security/access/prepost/PrePostAnnotationSecurityMetadataSource.java
@@ -17,7 +17,9 @@ package org.springframework.security.access.prepost;
 
 import java.lang.annotation.Annotation;
 import java.lang.reflect.Method;
-import java.util.*;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Collections;
 
 import org.springframework.core.annotation.AnnotationUtils;
 import org.springframework.security.access.ConfigAttribute;
@@ -41,9 +43,9 @@ import org.springframework.util.ClassUtils;
  * combine annotations defined in multiple locations for a single method - they may be
  * defined on the method itself, or at interface or class level.
  *
- * @see PreInvocationAuthorizationAdviceVoter
  * @author Luke Taylor
  * @since 3.0
+ * @see PreInvocationAuthorizationAdviceVoter
  */
 public class PrePostAnnotationSecurityMetadataSource extends AbstractMethodSecurityMetadataSource {
 
@@ -53,12 +55,13 @@ public class PrePostAnnotationSecurityMetadataSource extends AbstractMethodSecur
 		this.attributeFactory = attributeFactory;
 	}
 
+	@Override
 	public Collection<ConfigAttribute> getAttributes(Method method, Class<?> targetClass) {
 		if (method.getDeclaringClass() == Object.class) {
 			return Collections.emptyList();
 		}
 
-		logger.trace("Looking for Pre/Post annotations for method '" + method.getName() + "' on target class '"
+		this.logger.trace("Looking for Pre/Post annotations for method '" + method.getName() + "' on target class '"
 				+ targetClass + "'");
 		PreFilter preFilter = findAnnotation(method, targetClass, PreFilter.class);
 		PreAuthorize preAuthorize = findAnnotation(method, targetClass, PreAuthorize.class);
@@ -68,7 +71,7 @@ public class PrePostAnnotationSecurityMetadataSource extends AbstractMethodSecur
 
 		if (preFilter == null && preAuthorize == null && postFilter == null && postAuthorize == null) {
 			// There is no meta-data so return
-			logger.trace("No expression annotations found");
+			this.logger.trace("No expression annotations found");
 			return Collections.emptyList();
 		}
 
@@ -80,14 +83,14 @@ public class PrePostAnnotationSecurityMetadataSource extends AbstractMethodSecur
 
 		ArrayList<ConfigAttribute> attrs = new ArrayList<>(2);
 
-		PreInvocationAttribute pre = attributeFactory.createPreInvocationAttribute(preFilterAttribute, filterObject,
-				preAuthorizeAttribute);
+		PreInvocationAttribute pre = this.attributeFactory.createPreInvocationAttribute(preFilterAttribute,
+				filterObject, preAuthorizeAttribute);
 
 		if (pre != null) {
 			attrs.add(pre);
 		}
 
-		PostInvocationAttribute post = attributeFactory.createPostInvocationAttribute(postFilterAttribute,
+		PostInvocationAttribute post = this.attributeFactory.createPostInvocationAttribute(postFilterAttribute,
 				postAuthorizeAttribute);
 
 		if (post != null) {
@@ -99,6 +102,7 @@ public class PrePostAnnotationSecurityMetadataSource extends AbstractMethodSecur
 		return attrs;
 	}
 
+	@Override
 	public Collection<ConfigAttribute> getAllConfigAttributes() {
 		return null;
 	}
@@ -117,7 +121,7 @@ public class PrePostAnnotationSecurityMetadataSource extends AbstractMethodSecur
 		A annotation = AnnotationUtils.findAnnotation(specificMethod, annotationClass);
 
 		if (annotation != null) {
-			logger.debug(annotation + " found on specific method: " + specificMethod);
+			this.logger.debug(annotation + " found on specific method: " + specificMethod);
 			return annotation;
 		}
 
@@ -126,7 +130,7 @@ public class PrePostAnnotationSecurityMetadataSource extends AbstractMethodSecur
 			annotation = AnnotationUtils.findAnnotation(method, annotationClass);
 
 			if (annotation != null) {
-				logger.debug(annotation + " found on: " + method);
+				this.logger.debug(annotation + " found on: " + method);
 				return annotation;
 			}
 		}
@@ -136,7 +140,7 @@ public class PrePostAnnotationSecurityMetadataSource extends AbstractMethodSecur
 		annotation = AnnotationUtils.findAnnotation(specificMethod.getDeclaringClass(), annotationClass);
 
 		if (annotation != null) {
-			logger.debug(annotation + " found on: " + specificMethod.getDeclaringClass().getName());
+			this.logger.debug(annotation + " found on: " + specificMethod.getDeclaringClass().getName());
 			return annotation;
 		}
 
diff --git a/core/src/main/java/org/springframework/security/authentication/jaas/JaasAuthenticationProvider.java b/core/src/main/java/org/springframework/security/authentication/jaas/JaasAuthenticationProvider.java
index f573856387..b458ddefd4 100644
--- a/core/src/main/java/org/springframework/security/authentication/jaas/JaasAuthenticationProvider.java
+++ b/core/src/main/java/org/springframework/security/authentication/jaas/JaasAuthenticationProvider.java
@@ -260,10 +260,9 @@ public class JaasAuthenticationProvider extends AbstractJaasAuthenticationProvid
 	/**
 	 * If set, a call to {@code Configuration#refresh()} will be made by
 	 * {@code #configureJaas(Resource) } method. Defaults to {@code true}.
-	 *
-	 * @see <a href="https://jira.springsource.org/browse/SEC-1320">SEC-1320</a>
 	 * @param refresh set to {@code false} to disable reloading of the configuration. May
 	 * be useful in some environments.
+	 * @see <a href="https://jira.springsource.org/browse/SEC-1320">SEC-1320</a>
 	 */
 	public void setRefreshConfigurationOnStartup(boolean refresh) {
 		this.refreshConfigurationOnStartup = refresh;
diff --git a/core/src/main/java/org/springframework/security/authorization/AuthenticatedReactiveAuthorizationManager.java b/core/src/main/java/org/springframework/security/authorization/AuthenticatedReactiveAuthorizationManager.java
index 8a78190efa..1d995be615 100644
--- a/core/src/main/java/org/springframework/security/authorization/AuthenticatedReactiveAuthorizationManager.java
+++ b/core/src/main/java/org/springframework/security/authorization/AuthenticatedReactiveAuthorizationManager.java
@@ -16,19 +16,19 @@
 
 package org.springframework.security.authorization;
 
+import reactor.core.publisher.Mono;
+
 import org.springframework.security.authentication.AuthenticationTrustResolver;
 import org.springframework.security.authentication.AuthenticationTrustResolverImpl;
 import org.springframework.security.core.Authentication;
-import reactor.core.publisher.Mono;
 
 /**
  * A {@link ReactiveAuthorizationManager} that determines if the current user is
  * authenticated.
  *
- * @author Rob Winch
- * @since 5.0
  * @param <T> The type of object authorization is being performed against. This does not
- * matter since the authorization decision does not use the object.
+ * @author Rob Winch
+ * @since 5.0 matter since the authorization decision does not use the object.
  */
 public class AuthenticatedReactiveAuthorizationManager<T> implements ReactiveAuthorizationManager<T> {
 
@@ -47,7 +47,7 @@ public class AuthenticatedReactiveAuthorizationManager<T> implements ReactiveAut
 	 * @return <code>true</code> if not anonymous, otherwise <code>false</code>.
 	 */
 	private boolean isNotAnonymous(Authentication authentication) {
-		return !authTrustResolver.isAnonymous(authentication);
+		return !this.authTrustResolver.isAnonymous(authentication);
 	}
 
 	/**
diff --git a/core/src/main/java/org/springframework/security/authorization/AuthorityReactiveAuthorizationManager.java b/core/src/main/java/org/springframework/security/authorization/AuthorityReactiveAuthorizationManager.java
index 31d85ebfb1..a1a2a4784a 100644
--- a/core/src/main/java/org/springframework/security/authorization/AuthorityReactiveAuthorizationManager.java
+++ b/core/src/main/java/org/springframework/security/authorization/AuthorityReactiveAuthorizationManager.java
@@ -16,20 +16,21 @@
 
 package org.springframework.security.authorization;
 
-import org.springframework.security.core.Authentication;
-import org.springframework.util.Assert;
-import reactor.core.publisher.Mono;
-
 import java.util.Arrays;
 import java.util.List;
 
+import reactor.core.publisher.Mono;
+
+import org.springframework.security.core.Authentication;
+import org.springframework.util.Assert;
+
 /**
  * A {@link ReactiveAuthorizationManager} that determines if the current user is
  * authorized by evaluating if the {@link Authentication} contains a specified authority.
  *
+ * @param <T> the type of object being authorized
  * @author Rob Winch
  * @since 5.0
- * @param <T> the type of object being authorized
  */
 public class AuthorityReactiveAuthorizationManager<T> implements ReactiveAuthorizationManager<T> {
 
diff --git a/core/src/main/java/org/springframework/security/authorization/ReactiveAuthorizationManager.java b/core/src/main/java/org/springframework/security/authorization/ReactiveAuthorizationManager.java
index 92522b9e7a..87d1954e95 100644
--- a/core/src/main/java/org/springframework/security/authorization/ReactiveAuthorizationManager.java
+++ b/core/src/main/java/org/springframework/security/authorization/ReactiveAuthorizationManager.java
@@ -15,18 +15,18 @@
  */
 package org.springframework.security.authorization;
 
+import reactor.core.publisher.Mono;
+
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.core.Authentication;
 
-import reactor.core.publisher.Mono;
-
 /**
  * A reactive authorization manager which can determine if an {@link Authentication} has
  * access to a specific object.
  *
+ * @param <T> the type of object that the authorization check is being done one.
  * @author Rob Winch
  * @since 5.0
- * @param <T> the type of object that the authorization check is being done one.
  */
 public interface ReactiveAuthorizationManager<T> {
 
diff --git a/core/src/main/java/org/springframework/security/core/ComparableVersion.java b/core/src/main/java/org/springframework/security/core/ComparableVersion.java
index e34f04b3e4..1d1178492c 100644
--- a/core/src/main/java/org/springframework/security/core/ComparableVersion.java
+++ b/core/src/main/java/org/springframework/security/core/ComparableVersion.java
@@ -78,11 +78,11 @@ import java.util.Stack;
  * </ul>
  * </p>
  *
+ * @author Kenney Westerhof
+ * @author Hervé Boutemy
  * @see <a href=
  * "https://cwiki.apache.org/confluence/display/MAVENOLD/Versioning">"Versioning" on Maven
  * Wiki</a>
- * @author <a href="mailto:kenney@apache.org">Kenney Westerhof</a>
- * @author <a href="mailto:hboutemy@apache.org">Hervé Boutemy</a>
  */
 class ComparableVersion implements Comparable<ComparableVersion> {
 
@@ -134,18 +134,18 @@ class ComparableVersion implements Comparable<ComparableVersion> {
 
 		@Override
 		public boolean isNull() {
-			return BigInteger_ZERO.equals(value);
+			return BigInteger_ZERO.equals(this.value);
 		}
 
 		@Override
 		public int compareTo(Item item) {
 			if (item == null) {
-				return BigInteger_ZERO.equals(value) ? 0 : 1; // 1.0 == 1, 1.1 > 1
+				return BigInteger_ZERO.equals(this.value) ? 0 : 1; // 1.0 == 1, 1.1 > 1
 			}
 
 			switch (item.getType()) {
 			case INTEGER_ITEM:
-				return value.compareTo(((IntegerItem) item).value);
+				return this.value.compareTo(((IntegerItem) item).value);
 
 			case STRING_ITEM:
 				return 1; // 1.1 > 1-sp
@@ -160,7 +160,7 @@ class ComparableVersion implements Comparable<ComparableVersion> {
 
 		@Override
 		public String toString() {
-			return value.toString();
+			return this.value.toString();
 		}
 
 	}
@@ -215,7 +215,7 @@ class ComparableVersion implements Comparable<ComparableVersion> {
 
 		@Override
 		public boolean isNull() {
-			return (comparableQualifier(value).compareTo(RELEASE_VERSION_INDEX) == 0);
+			return (comparableQualifier(this.value).compareTo(RELEASE_VERSION_INDEX) == 0);
 		}
 
 		/**
@@ -241,14 +241,14 @@ class ComparableVersion implements Comparable<ComparableVersion> {
 		public int compareTo(Item item) {
 			if (item == null) {
 				// 1-rc < 1, 1-ga > 1
-				return comparableQualifier(value).compareTo(RELEASE_VERSION_INDEX);
+				return comparableQualifier(this.value).compareTo(RELEASE_VERSION_INDEX);
 			}
 			switch (item.getType()) {
 			case INTEGER_ITEM:
 				return -1; // 1.any < 1.1 ?
 
 			case STRING_ITEM:
-				return comparableQualifier(value).compareTo(comparableQualifier(((StringItem) item).value));
+				return comparableQualifier(this.value).compareTo(comparableQualifier(((StringItem) item).value));
 
 			case LIST_ITEM:
 				return -1; // 1.any < 1-1
@@ -260,7 +260,7 @@ class ComparableVersion implements Comparable<ComparableVersion> {
 
 		@Override
 		public String toString() {
-			return value;
+			return this.value;
 		}
 
 	}
@@ -354,11 +354,11 @@ class ComparableVersion implements Comparable<ComparableVersion> {
 	public final void parseVersion(String version) {
 		this.value = version;
 
-		items = new ListItem();
+		this.items = new ListItem();
 
 		version = version.toLowerCase(Locale.ENGLISH);
 
-		ListItem list = items;
+		ListItem list = this.items;
 
 		Stack<Item> stack = new Stack<>();
 		stack.push(list);
@@ -428,7 +428,7 @@ class ComparableVersion implements Comparable<ComparableVersion> {
 			list.normalize();
 		}
 
-		canonical = items.toString();
+		this.canonical = this.items.toString();
 	}
 
 	private static Item parseItem(boolean isDigit, String buf) {
@@ -437,22 +437,22 @@ class ComparableVersion implements Comparable<ComparableVersion> {
 
 	@Override
 	public int compareTo(ComparableVersion o) {
-		return items.compareTo(o.items);
+		return this.items.compareTo(o.items);
 	}
 
 	@Override
 	public String toString() {
-		return value;
+		return this.value;
 	}
 
 	@Override
 	public boolean equals(Object o) {
-		return (o instanceof ComparableVersion) && canonical.equals(((ComparableVersion) o).canonical);
+		return (o instanceof ComparableVersion) && this.canonical.equals(((ComparableVersion) o).canonical);
 	}
 
 	@Override
 	public int hashCode() {
-		return canonical.hashCode();
+		return this.canonical.hashCode();
 	}
 
 }
diff --git a/core/src/main/java/org/springframework/security/core/parameters/AnnotationParameterNameDiscoverer.java b/core/src/main/java/org/springframework/security/core/parameters/AnnotationParameterNameDiscoverer.java
index 93777caf6d..897d8b46c3 100644
--- a/core/src/main/java/org/springframework/security/core/parameters/AnnotationParameterNameDiscoverer.java
+++ b/core/src/main/java/org/springframework/security/core/parameters/AnnotationParameterNameDiscoverer.java
@@ -81,9 +81,9 @@ import org.springframework.util.ReflectionUtils;
  * {@link PrioritizedParameterNameDiscoverer} are an all or nothing operation.
  * </p>
  *
- * @see DefaultSecurityParameterNameDiscoverer
  * @author Rob Winch
  * @since 3.2
+ * @see DefaultSecurityParameterNameDiscoverer
  */
 public class AnnotationParameterNameDiscoverer implements ParameterNameDiscoverer {
 
@@ -104,6 +104,7 @@ public class AnnotationParameterNameDiscoverer implements ParameterNameDiscovere
 	 * @see org.springframework.core.ParameterNameDiscoverer#getParameterNames(java
 	 * .lang.reflect.Method)
 	 */
+	@Override
 	public String[] getParameterNames(Method method) {
 		Method originalMethod = BridgeMethodResolver.findBridgedMethod(method);
 		String[] paramNames = lookupParameterNames(METHOD_METHODPARAM_FACTORY, originalMethod);
@@ -127,6 +128,7 @@ public class AnnotationParameterNameDiscoverer implements ParameterNameDiscovere
 	 * @see org.springframework.core.ParameterNameDiscoverer#getParameterNames(java
 	 * .lang.reflect.Constructor)
 	 */
+	@Override
 	public String[] getParameterNames(Constructor<?> constructor) {
 		return lookupParameterNames(CONSTRUCTOR_METHODPARAM_FACTORY, constructor);
 	}
@@ -164,7 +166,7 @@ public class AnnotationParameterNameDiscoverer implements ParameterNameDiscovere
 	 */
 	private String findParameterName(Annotation[] parameterAnnotations) {
 		for (Annotation paramAnnotation : parameterAnnotations) {
-			if (annotationClassesToUse.contains(paramAnnotation.annotationType().getName())) {
+			if (this.annotationClassesToUse.contains(paramAnnotation.annotationType().getName())) {
 				return (String) AnnotationUtils.getValue(paramAnnotation, "value");
 			}
 		}
@@ -180,9 +182,9 @@ public class AnnotationParameterNameDiscoverer implements ParameterNameDiscovere
 	/**
 	 * Strategy interface for looking up the parameter names.
 	 *
+	 * @param <T> the type to inspect (i.e. {@link Method} or {@link Constructor})
 	 * @author Rob Winch
 	 * @since 3.2
-	 * @param <T> the type to inspect (i.e. {@link Method} or {@link Constructor})
 	 */
 	private interface ParameterNameFactory<T extends AccessibleObject> {
 
diff --git a/core/src/main/java/org/springframework/security/core/parameters/DefaultSecurityParameterNameDiscoverer.java b/core/src/main/java/org/springframework/security/core/parameters/DefaultSecurityParameterNameDiscoverer.java
index 45161c67f6..055b311300 100644
--- a/core/src/main/java/org/springframework/security/core/parameters/DefaultSecurityParameterNameDiscoverer.java
+++ b/core/src/main/java/org/springframework/security/core/parameters/DefaultSecurityParameterNameDiscoverer.java
@@ -22,6 +22,7 @@ import java.util.Set;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+
 import org.springframework.core.DefaultParameterNameDiscoverer;
 import org.springframework.core.LocalVariableTableParameterNameDiscoverer;
 import org.springframework.core.ParameterNameDiscoverer;
@@ -44,9 +45,9 @@ import org.springframework.util.ClassUtils;
  * {@link LocalVariableTableParameterNameDiscoverer} is added directly.</li>
  * </ul>
  *
- * @see AnnotationParameterNameDiscoverer
  * @author Rob Winch
  * @since 3.2
+ * @see AnnotationParameterNameDiscoverer
  */
 public class DefaultSecurityParameterNameDiscoverer extends PrioritizedParameterNameDiscoverer {
 
diff --git a/core/src/main/java/org/springframework/security/core/session/SessionRegistryImpl.java b/core/src/main/java/org/springframework/security/core/session/SessionRegistryImpl.java
index 224f28499b..0d648d8c38 100644
--- a/core/src/main/java/org/springframework/security/core/session/SessionRegistryImpl.java
+++ b/core/src/main/java/org/springframework/security/core/session/SessionRegistryImpl.java
@@ -16,16 +16,22 @@
 
 package org.springframework.security.core.session;
 
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.springframework.context.ApplicationListener;
-import org.springframework.util.Assert;
-
-import java.util.*;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Date;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.concurrent.ConcurrentMap;
 import java.util.concurrent.CopyOnWriteArraySet;
 
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import org.springframework.context.ApplicationListener;
+import org.springframework.util.Assert;
+
 /**
  * Default implementation of
  * {@link org.springframework.security.core.session.SessionRegistry SessionRegistry} which
@@ -44,10 +50,10 @@ public class SessionRegistryImpl implements SessionRegistry, ApplicationListener
 
 	protected final Log logger = LogFactory.getLog(SessionRegistryImpl.class);
 
-	/** <principal:Object,SessionIdSet> */
+	// <principal:Object,SessionIdSet>
 	private final ConcurrentMap<Object, Set<String>> principals;
 
-	/** <sessionId:Object,SessionInformation> */
+	// <sessionId:Object,SessionInformation>
 	private final Map<String, SessionInformation> sessionIds;
 
 	public SessionRegistryImpl() {
@@ -61,12 +67,14 @@ public class SessionRegistryImpl implements SessionRegistry, ApplicationListener
 		this.sessionIds = sessionIds;
 	}
 
+	@Override
 	public List<Object> getAllPrincipals() {
-		return new ArrayList<>(principals.keySet());
+		return new ArrayList<>(this.principals.keySet());
 	}
 
+	@Override
 	public List<SessionInformation> getAllSessions(Object principal, boolean includeExpiredSessions) {
-		final Set<String> sessionsUsedByPrincipal = principals.get(principal);
+		final Set<String> sessionsUsedByPrincipal = this.principals.get(principal);
 
 		if (sessionsUsedByPrincipal == null) {
 			return Collections.emptyList();
@@ -89,12 +97,14 @@ public class SessionRegistryImpl implements SessionRegistry, ApplicationListener
 		return list;
 	}
 
+	@Override
 	public SessionInformation getSessionInformation(String sessionId) {
 		Assert.hasText(sessionId, "SessionId required as per interface contract");
 
-		return sessionIds.get(sessionId);
+		return this.sessionIds.get(sessionId);
 	}
 
+	@Override
 	public void onApplicationEvent(AbstractSessionEvent event) {
 		if (event instanceof SessionDestroyedEvent) {
 			SessionDestroyedEvent sessionDestroyedEvent = (SessionDestroyedEvent) event;
@@ -104,12 +114,13 @@ public class SessionRegistryImpl implements SessionRegistry, ApplicationListener
 		else if (event instanceof SessionIdChangedEvent) {
 			SessionIdChangedEvent sessionIdChangedEvent = (SessionIdChangedEvent) event;
 			String oldSessionId = sessionIdChangedEvent.getOldSessionId();
-			Object principal = sessionIds.get(oldSessionId).getPrincipal();
+			Object principal = this.sessionIds.get(oldSessionId).getPrincipal();
 			removeSessionInformation(oldSessionId);
 			registerNewSession(sessionIdChangedEvent.getNewSessionId(), principal);
 		}
 	}
 
+	@Override
 	public void refreshLastRequest(String sessionId) {
 		Assert.hasText(sessionId, "SessionId required as per interface contract");
 
@@ -120,6 +131,7 @@ public class SessionRegistryImpl implements SessionRegistry, ApplicationListener
 		}
 	}
 
+	@Override
 	public void registerNewSession(String sessionId, Object principal) {
 		Assert.hasText(sessionId, "SessionId required as per interface contract");
 		Assert.notNull(principal, "Principal required as per interface contract");
@@ -128,25 +140,26 @@ public class SessionRegistryImpl implements SessionRegistry, ApplicationListener
 			removeSessionInformation(sessionId);
 		}
 
-		if (logger.isDebugEnabled()) {
-			logger.debug("Registering session " + sessionId + ", for principal " + principal);
+		if (this.logger.isDebugEnabled()) {
+			this.logger.debug("Registering session " + sessionId + ", for principal " + principal);
 		}
 
-		sessionIds.put(sessionId, new SessionInformation(principal, sessionId, new Date()));
+		this.sessionIds.put(sessionId, new SessionInformation(principal, sessionId, new Date()));
 
-		principals.compute(principal, (key, sessionsUsedByPrincipal) -> {
+		this.principals.compute(principal, (key, sessionsUsedByPrincipal) -> {
 			if (sessionsUsedByPrincipal == null) {
 				sessionsUsedByPrincipal = new CopyOnWriteArraySet<>();
 			}
 			sessionsUsedByPrincipal.add(sessionId);
 
-			if (logger.isTraceEnabled()) {
-				logger.trace("Sessions used by '" + principal + "' : " + sessionsUsedByPrincipal);
+			if (this.logger.isTraceEnabled()) {
+				this.logger.trace("Sessions used by '" + principal + "' : " + sessionsUsedByPrincipal);
 			}
 			return sessionsUsedByPrincipal;
 		});
 	}
 
+	@Override
 	public void removeSessionInformation(String sessionId) {
 		Assert.hasText(sessionId, "SessionId required as per interface contract");
 
@@ -156,29 +169,29 @@ public class SessionRegistryImpl implements SessionRegistry, ApplicationListener
 			return;
 		}
 
-		if (logger.isTraceEnabled()) {
-			logger.debug("Removing session " + sessionId + " from set of registered sessions");
+		if (this.logger.isTraceEnabled()) {
+			this.logger.debug("Removing session " + sessionId + " from set of registered sessions");
 		}
 
-		sessionIds.remove(sessionId);
+		this.sessionIds.remove(sessionId);
 
-		principals.computeIfPresent(info.getPrincipal(), (key, sessionsUsedByPrincipal) -> {
-			if (logger.isDebugEnabled()) {
-				logger.debug("Removing session " + sessionId + " from principal's set of registered sessions");
+		this.principals.computeIfPresent(info.getPrincipal(), (key, sessionsUsedByPrincipal) -> {
+			if (this.logger.isDebugEnabled()) {
+				this.logger.debug("Removing session " + sessionId + " from principal's set of registered sessions");
 			}
 
 			sessionsUsedByPrincipal.remove(sessionId);
 
 			if (sessionsUsedByPrincipal.isEmpty()) {
 				// No need to keep object in principals Map anymore
-				if (logger.isDebugEnabled()) {
-					logger.debug("Removing principal " + info.getPrincipal() + " from registry");
+				if (this.logger.isDebugEnabled()) {
+					this.logger.debug("Removing principal " + info.getPrincipal() + " from registry");
 				}
 				sessionsUsedByPrincipal = null;
 			}
 
-			if (logger.isTraceEnabled()) {
-				logger.trace("Sessions used by '" + info.getPrincipal() + "' : " + sessionsUsedByPrincipal);
+			if (this.logger.isTraceEnabled()) {
+				this.logger.trace("Sessions used by '" + info.getPrincipal() + "' : " + sessionsUsedByPrincipal);
 			}
 			return sessionsUsedByPrincipal;
 		});
diff --git a/core/src/main/java/org/springframework/security/core/userdetails/UserCache.java b/core/src/main/java/org/springframework/security/core/userdetails/UserCache.java
index 922413ce2e..d352a396b1 100644
--- a/core/src/main/java/org/springframework/security/core/userdetails/UserCache.java
+++ b/core/src/main/java/org/springframework/security/core/userdetails/UserCache.java
@@ -32,8 +32,8 @@ package org.springframework.security.core.userdetails;
  * configure a cache to store the <tt>UserDetails</tt> information rather than loading it
  * each time.
  *
- * @see org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
  * @author Ben Alex
+ * @see org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
  */
 public interface UserCache {
 
diff --git a/core/src/main/java/org/springframework/security/core/userdetails/UserDetails.java b/core/src/main/java/org/springframework/security/core/userdetails/UserDetails.java
index ff9b3b50f0..664725631e 100644
--- a/core/src/main/java/org/springframework/security/core/userdetails/UserDetails.java
+++ b/core/src/main/java/org/springframework/security/core/userdetails/UserDetails.java
@@ -16,12 +16,12 @@
 
 package org.springframework.security.core.userdetails;
 
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.GrantedAuthority;
-
 import java.io.Serializable;
 import java.util.Collection;
 
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
+
 /**
  * Provides core user information.
  *
@@ -36,9 +36,9 @@ import java.util.Collection;
  * {@link org.springframework.security.core.userdetails.User} for a reference
  * implementation (which you might like to extend or use in your code).
  *
+ * @author Ben Alex
  * @see UserDetailsService
  * @see UserCache
- * @author Ben Alex
  */
 public interface UserDetails extends Serializable {
 
diff --git a/core/src/main/java/org/springframework/security/core/userdetails/UserDetailsService.java b/core/src/main/java/org/springframework/security/core/userdetails/UserDetailsService.java
index e48fb2c9da..22ac216297 100644
--- a/core/src/main/java/org/springframework/security/core/userdetails/UserDetailsService.java
+++ b/core/src/main/java/org/springframework/security/core/userdetails/UserDetailsService.java
@@ -27,9 +27,9 @@ package org.springframework.security.core.userdetails;
  * The interface requires only one read-only method, which simplifies support for new
  * data-access strategies.
  *
+ * @author Ben Alex
  * @see org.springframework.security.authentication.dao.DaoAuthenticationProvider
  * @see UserDetails
- * @author Ben Alex
  */
 public interface UserDetailsService {
 
diff --git a/core/src/main/java/org/springframework/security/jackson2/UnmodifiableListDeserializer.java b/core/src/main/java/org/springframework/security/jackson2/UnmodifiableListDeserializer.java
index a8b3273ceb..fd86dadccc 100644
--- a/core/src/main/java/org/springframework/security/jackson2/UnmodifiableListDeserializer.java
+++ b/core/src/main/java/org/springframework/security/jackson2/UnmodifiableListDeserializer.java
@@ -16,6 +16,11 @@
 
 package org.springframework.security.jackson2;
 
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
 import com.fasterxml.jackson.core.JsonParser;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.DeserializationContext;
@@ -24,17 +29,12 @@ import com.fasterxml.jackson.databind.JsonNode;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.databind.node.ArrayNode;
 
-import java.io.IOException;
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.List;
-
 /**
  * Custom deserializer for {@link UnmodifiableListDeserializer}.
  *
  * @author Rob Winch
- * @see UnmodifiableListMixin
  * @since 5.0.2
+ * @see UnmodifiableListMixin
  */
 class UnmodifiableListDeserializer extends JsonDeserializer<List> {
 
diff --git a/core/src/main/java/org/springframework/security/jackson2/UnmodifiableSetDeserializer.java b/core/src/main/java/org/springframework/security/jackson2/UnmodifiableSetDeserializer.java
index 4c5f5fd6b5..c26d6921b5 100644
--- a/core/src/main/java/org/springframework/security/jackson2/UnmodifiableSetDeserializer.java
+++ b/core/src/main/java/org/springframework/security/jackson2/UnmodifiableSetDeserializer.java
@@ -16,6 +16,11 @@
 
 package org.springframework.security.jackson2;
 
+import java.io.IOException;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Set;
+
 import com.fasterxml.jackson.core.JsonParser;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.DeserializationContext;
@@ -24,17 +29,12 @@ import com.fasterxml.jackson.databind.JsonNode;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.databind.node.ArrayNode;
 
-import java.io.IOException;
-import java.util.Collections;
-import java.util.HashSet;
-import java.util.Set;
-
 /**
  * Custom deserializer for {@link UnmodifiableSetMixin}.
  *
  * @author Jitendra Singh
- * @see UnmodifiableSetMixin
  * @since 4.2
+ * @see UnmodifiableSetMixin
  */
 class UnmodifiableSetDeserializer extends JsonDeserializer<Set> {
 
diff --git a/core/src/main/java/org/springframework/security/jackson2/UserDeserializer.java b/core/src/main/java/org/springframework/security/jackson2/UserDeserializer.java
index 23b11f2a3a..fd91f1ad9f 100644
--- a/core/src/main/java/org/springframework/security/jackson2/UserDeserializer.java
+++ b/core/src/main/java/org/springframework/security/jackson2/UserDeserializer.java
@@ -16,6 +16,9 @@
 
 package org.springframework.security.jackson2;
 
+import java.io.IOException;
+import java.util.Set;
+
 import com.fasterxml.jackson.core.JsonParser;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.core.type.TypeReference;
@@ -24,20 +27,18 @@ import com.fasterxml.jackson.databind.JsonDeserializer;
 import com.fasterxml.jackson.databind.JsonNode;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.databind.node.MissingNode;
+
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.userdetails.User;
 
-import java.io.IOException;
-import java.util.Set;
-
 /**
  * Custom Deserializer for {@link User} class. This is already registered with
  * {@link UserMixin}. You can also use it directly with your mixin class.
  *
  * @author Jitendra Singh
- * @see UserMixin
  * @since 4.2
+ * @see UserMixin
  */
 class UserDeserializer extends JsonDeserializer<User> {
 
diff --git a/core/src/main/java/org/springframework/security/jackson2/UsernamePasswordAuthenticationTokenDeserializer.java b/core/src/main/java/org/springframework/security/jackson2/UsernamePasswordAuthenticationTokenDeserializer.java
index 87fb7fa8a3..25e47eac9b 100644
--- a/core/src/main/java/org/springframework/security/jackson2/UsernamePasswordAuthenticationTokenDeserializer.java
+++ b/core/src/main/java/org/springframework/security/jackson2/UsernamePasswordAuthenticationTokenDeserializer.java
@@ -43,8 +43,8 @@ import org.springframework.security.core.GrantedAuthority;
  * @author Jitendra Singh
  * @author Greg Turnquist
  * @author Onur Kagan Ozcan
- * @see UsernamePasswordAuthenticationTokenMixin
  * @since 4.2
+ * @see UsernamePasswordAuthenticationTokenMixin
  */
 class UsernamePasswordAuthenticationTokenDeserializer extends JsonDeserializer<UsernamePasswordAuthenticationToken> {
 
diff --git a/core/src/test/java/org/springframework/security/access/annotation/sec2150/MethodInvocationFactory.java b/core/src/test/java/org/springframework/security/access/annotation/sec2150/MethodInvocationFactory.java
index bfde1eb1f5..9b9f15be8d 100644
--- a/core/src/test/java/org/springframework/security/access/annotation/sec2150/MethodInvocationFactory.java
+++ b/core/src/test/java/org/springframework/security/access/annotation/sec2150/MethodInvocationFactory.java
@@ -23,7 +23,7 @@ public class MethodInvocationFactory {
 	/**
 	 * In order to reproduce the bug for SEC-2150, we must have a proxy object that
 	 * implements TargetSourceAware and implements our annotated interface.
-	 * @return
+	 * @return the mock method invocation
 	 * @throws NoSuchMethodException
 	 */
 	public static MockMethodInvocation createSec2150MethodInvocation() throws NoSuchMethodException {
diff --git a/crypto/src/main/java/org/springframework/security/crypto/codec/Base64.java b/crypto/src/main/java/org/springframework/security/crypto/codec/Base64.java
index 8256c510e8..3a1e0c9366 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/codec/Base64.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/codec/Base64.java
@@ -368,11 +368,11 @@ public final class Base64 {
 	 * @param len Length of data to convert
 	 * @param options Specified options
 	 * @return The Base64-encoded data as a String
-	 * @see Base64#DO_BREAK_LINES
 	 * @throws java.io.IOException if there is an error
 	 * @throws NullPointerException if source array is null
 	 * @throws IllegalArgumentException if source array, offset, or length are invalid
 	 * @since 2.3.1
+	 * @see Base64#DO_BREAK_LINES
 	 */
 	private static byte[] encodeBytesToBytes(byte[] source, int off, int len, int options) {
 
@@ -603,8 +603,8 @@ public final class Base64 {
 			}
 			else {
 				// There's a bad input character in the Base64 stream.
-				throw new InvalidBase64CharacterException(String.format(
-						"Bad Base64 input character decimal %d in array position %d", ((int) source[i]) & 0xFF, i));
+				throw new InvalidBase64CharacterException(String
+						.format("Bad Base64 input character decimal %d in array position %d", (source[i]) & 0xFF, i));
 			}
 		}
 
diff --git a/crypto/src/main/java/org/springframework/security/crypto/encrypt/Encryptors.java b/crypto/src/main/java/org/springframework/security/crypto/encrypt/Encryptors.java
index 7ceef06107..6b972d9e59 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/encrypt/Encryptors.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/encrypt/Encryptors.java
@@ -59,8 +59,7 @@ public class Encryptors {
 	 * @param salt a hex-encoded, random, site-global salt value to use to generate the
 	 * key
 	 *
-	 * @see #stronger(CharSequence, CharSequence), which uses the significatly more secure
-	 * GCM (instead of CBC)
+	 * @see #stronger(CharSequence, CharSequence)
 	 */
 	public static BytesEncryptor standard(CharSequence password, CharSequence salt) {
 		return new AesBytesEncryptor(password.toString(), salt, KeyGenerators.secureRandom(16));
diff --git a/crypto/src/main/java/org/springframework/security/crypto/password/DelegatingPasswordEncoder.java b/crypto/src/main/java/org/springframework/security/crypto/password/DelegatingPasswordEncoder.java
index fc04a346ca..e14b5111af 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/password/DelegatingPasswordEncoder.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/password/DelegatingPasswordEncoder.java
@@ -31,7 +31,7 @@ import java.util.Map;
  *
  * <pre>
  * String idForEncode = "bcrypt";
- * Map<String,PasswordEncoder> encoders = new HashMap<>();
+ * Map&lt;String,PasswordEncoder&gt; encoders = new HashMap<>();
  * encoders.put(idForEncode, new BCryptPasswordEncoder());
  * encoders.put("noop", NoOpPasswordEncoder.getInstance());
  * encoders.put("pbkdf2", new Pbkdf2PasswordEncoder());
@@ -114,10 +114,10 @@ import java.util.Map;
  * {@link IllegalArgumentException}. This behavior can be customized using
  * {@link #setDefaultPasswordEncoderForMatches(PasswordEncoder)}.
  *
- * @see org.springframework.security.crypto.factory.PasswordEncoderFactories
  * @author Rob Winch
  * @author Michael Simons
  * @since 5.0
+ * @see org.springframework.security.crypto.factory.PasswordEncoderFactories
  */
 public class DelegatingPasswordEncoder implements PasswordEncoder {
 
diff --git a/crypto/src/test/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoderTests.java b/crypto/src/test/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoderTests.java
index 01eeebcb0a..8c8889977b 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoderTests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoderTests.java
@@ -178,7 +178,7 @@ public class BCryptPasswordEncoderTests {
 
 	/**
 	 * @see <a href=
-	 * "https://github.com/spring-projects/spring-security/pull/7042#issuecomment-506755496">https://github.com/spring-projects/spring-security/pull/7042#issuecomment-506755496</>
+	 * "https://github.com/spring-projects/spring-security/pull/7042#issuecomment-506755496">https://github.com/spring-projects/spring-security/pull/7042#issuecomment-506755496</a>
 	 */
 	@Test
 	public void upgradeFromNullOrEmpty() {
@@ -189,7 +189,7 @@ public class BCryptPasswordEncoderTests {
 
 	/**
 	 * @see <a href=
-	 * "https://github.com/spring-projects/spring-security/pull/7042#issuecomment-506755496">https://github.com/spring-projects/spring-security/pull/7042#issuecomment-506755496</>
+	 * "https://github.com/spring-projects/spring-security/pull/7042#issuecomment-506755496">https://github.com/spring-projects/spring-security/pull/7042#issuecomment-506755496</a>
 	 */
 	@Test(expected = IllegalArgumentException.class)
 	public void upgradeFromNonBCrypt() {
diff --git a/data/src/main/java/org/springframework/security/data/repository/query/SecurityEvaluationContextExtension.java b/data/src/main/java/org/springframework/security/data/repository/query/SecurityEvaluationContextExtension.java
index 6840537f3e..84d9f836c2 100644
--- a/data/src/main/java/org/springframework/security/data/repository/query/SecurityEvaluationContextExtension.java
+++ b/data/src/main/java/org/springframework/security/data/repository/query/SecurityEvaluationContextExtension.java
@@ -75,8 +75,8 @@ import org.springframework.security.core.context.SecurityContextHolder;
  * This works because the principal in this instance is a User which has an id field on
  * it.
  *
- * @since 4.0
  * @author Rob Winch
+ * @since 4.0
  */
 public class SecurityEvaluationContextExtension implements EvaluationContextExtension {
 
@@ -97,6 +97,7 @@ public class SecurityEvaluationContextExtension implements EvaluationContextExte
 		this.authentication = authentication;
 	}
 
+	@Override
 	public String getExtensionId() {
 		return "security";
 	}
diff --git a/etc/checkstyle/checkstyle-suppressions.xml b/etc/checkstyle/checkstyle-suppressions.xml
index d530979445..b662b79441 100644
--- a/etc/checkstyle/checkstyle-suppressions.xml
+++ b/etc/checkstyle/checkstyle-suppressions.xml
@@ -3,7 +3,6 @@
 		"-//Checkstyle//DTD SuppressionFilter Configuration 1.2//EN"
 		"https://checkstyle.org/dtds/suppressions_1_2.dtd">
 <suppressions>
-	<suppress files=".*" checks="AtclauseOrder" />
 	<suppress files=".*" checks="AvoidStarImport" />
 	<suppress files=".*" checks="EmptyBlock" />
 	<suppress files=".*" checks="FinalClass" />
diff --git a/messaging/src/main/java/org/springframework/security/messaging/access/expression/DefaultMessageSecurityExpressionHandler.java b/messaging/src/main/java/org/springframework/security/messaging/access/expression/DefaultMessageSecurityExpressionHandler.java
index c287fc8bf9..fd01c9d3f1 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/access/expression/DefaultMessageSecurityExpressionHandler.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/access/expression/DefaultMessageSecurityExpressionHandler.java
@@ -29,8 +29,8 @@ import org.springframework.util.Assert;
  * {@link MessageSecurityExpressionRoot}.
  *
  * @param <T> the type for the body of the Message
- * @since 4.0
  * @author Rob Winch
+ * @since 4.0
  */
 public class DefaultMessageSecurityExpressionHandler<T> extends AbstractSecurityExpressionHandler<Message<T>> {
 
diff --git a/messaging/src/main/java/org/springframework/security/messaging/access/expression/ExpressionBasedMessageSecurityMetadataSourceFactory.java b/messaging/src/main/java/org/springframework/security/messaging/access/expression/ExpressionBasedMessageSecurityMetadataSourceFactory.java
index b56c9de3ea..ba70ba0583 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/access/expression/ExpressionBasedMessageSecurityMetadataSourceFactory.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/access/expression/ExpressionBasedMessageSecurityMetadataSourceFactory.java
@@ -32,8 +32,8 @@ import org.springframework.security.messaging.util.matcher.MessageMatcher;
  * A class used to create a {@link MessageSecurityMetadataSource} that uses
  * {@link MessageMatcher} mapped to Spring Expressions.
  *
- * @since 4.0
  * @author Rob Winch
+ * @since 4.0
  */
 public final class ExpressionBasedMessageSecurityMetadataSourceFactory {
 
diff --git a/messaging/src/main/java/org/springframework/security/messaging/access/expression/MessageExpressionVoter.java b/messaging/src/main/java/org/springframework/security/messaging/access/expression/MessageExpressionVoter.java
index 401ee8ae7a..1d33bd50d0 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/access/expression/MessageExpressionVoter.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/access/expression/MessageExpressionVoter.java
@@ -33,9 +33,9 @@ import java.util.Collection;
  * If no {@code MessageExpressionConfigAttribute} is found, then {@code ACCESS_ABSTAIN} is
  * returned.
  *
- * @since 4.0
  * @author Rob Winch
  * @author Daniel Bustamante Ospina
+ * @since 4.0
  */
 public class MessageExpressionVoter<T> implements AccessDecisionVoter<Message<T>> {
 
diff --git a/messaging/src/main/java/org/springframework/security/messaging/access/expression/MessageSecurityExpressionRoot.java b/messaging/src/main/java/org/springframework/security/messaging/access/expression/MessageSecurityExpressionRoot.java
index 82ba70c3b8..74238e5c59 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/access/expression/MessageSecurityExpressionRoot.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/access/expression/MessageSecurityExpressionRoot.java
@@ -22,8 +22,8 @@ import org.springframework.security.core.Authentication;
 /**
  * The {@link SecurityExpressionRoot} used for {@link Message} expressions.
  *
- * @since 4.0
  * @author Rob Winch
+ * @since 4.0
  */
 public class MessageSecurityExpressionRoot extends SecurityExpressionRoot {
 
diff --git a/messaging/src/main/java/org/springframework/security/messaging/access/intercept/ChannelSecurityInterceptor.java b/messaging/src/main/java/org/springframework/security/messaging/access/intercept/ChannelSecurityInterceptor.java
index 77d6c31c13..5f52ff39c1 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/access/intercept/ChannelSecurityInterceptor.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/access/intercept/ChannelSecurityInterceptor.java
@@ -33,8 +33,8 @@ import org.springframework.util.Assert;
  * <p>
  * Refer to {@link AbstractSecurityInterceptor} for details on the workflow.
  *
- * @since 4.0
  * @author Rob Winch
+ * @since 4.0
  */
 public final class ChannelSecurityInterceptor extends AbstractSecurityInterceptor implements ChannelInterceptor {
 
diff --git a/messaging/src/main/java/org/springframework/security/messaging/access/intercept/DefaultMessageSecurityMetadataSource.java b/messaging/src/main/java/org/springframework/security/messaging/access/intercept/DefaultMessageSecurityMetadataSource.java
index f3ccfc7474..ce32332255 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/access/intercept/DefaultMessageSecurityMetadataSource.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/access/intercept/DefaultMessageSecurityMetadataSource.java
@@ -31,10 +31,10 @@ import java.util.*;
  * {@code Collection<ConfigAttribute>} is returned.
  * </p>
  *
+ * @author Rob Winch
+ * @since 4.0
  * @see ChannelSecurityInterceptor
  * @see ExpressionBasedMessageSecurityMetadataSourceFactory
- * @since 4.0
- * @author Rob Winch
  */
 public final class DefaultMessageSecurityMetadataSource implements MessageSecurityMetadataSource {
 
diff --git a/messaging/src/main/java/org/springframework/security/messaging/access/intercept/MessageSecurityMetadataSource.java b/messaging/src/main/java/org/springframework/security/messaging/access/intercept/MessageSecurityMetadataSource.java
index 0b48b857f9..d50f47ad62 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/access/intercept/MessageSecurityMetadataSource.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/access/intercept/MessageSecurityMetadataSource.java
@@ -21,10 +21,10 @@ import org.springframework.security.access.SecurityMetadataSource;
 /**
  * A {@link SecurityMetadataSource} that is used for securing {@link Message}
  *
+ * @author Rob Winch
+ * @since 4.0
  * @see ChannelSecurityInterceptor
  * @see DefaultMessageSecurityMetadataSource
- * @since 4.0
- * @author Rob Winch
  */
 public interface MessageSecurityMetadataSource extends SecurityMetadataSource {
 
diff --git a/messaging/src/main/java/org/springframework/security/messaging/context/SecurityContextChannelInterceptor.java b/messaging/src/main/java/org/springframework/security/messaging/context/SecurityContextChannelInterceptor.java
index c391e39727..5549189cfd 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/context/SecurityContextChannelInterceptor.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/context/SecurityContextChannelInterceptor.java
@@ -36,8 +36,8 @@ import org.springframework.util.Assert;
  * {@link Authentication} from the specified {@link Message#getHeaders()}.
  * </p>
  *
- * @since 4.0
  * @author Rob Winch
+ * @since 4.0
  */
 public final class SecurityContextChannelInterceptor extends ChannelInterceptorAdapter
 		implements ExecutorChannelInterceptor {
diff --git a/messaging/src/main/java/org/springframework/security/messaging/util/matcher/MessageMatcher.java b/messaging/src/main/java/org/springframework/security/messaging/util/matcher/MessageMatcher.java
index cab226bb9f..414d431b37 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/util/matcher/MessageMatcher.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/util/matcher/MessageMatcher.java
@@ -20,8 +20,8 @@ import org.springframework.messaging.Message;
 /**
  * API for determining if a {@link Message} should be matched on.
  *
- * @since 4.0
  * @author Rob Winch
+ * @since 4.0
  */
 public interface MessageMatcher<T> {
 
diff --git a/messaging/src/main/java/org/springframework/security/messaging/util/matcher/SimpDestinationMessageMatcher.java b/messaging/src/main/java/org/springframework/security/messaging/util/matcher/SimpDestinationMessageMatcher.java
index 54bb2deb73..b1295d3215 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/util/matcher/SimpDestinationMessageMatcher.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/util/matcher/SimpDestinationMessageMatcher.java
@@ -32,8 +32,8 @@ import java.util.Map;
  * {@link SimpMessageType}.
  * </p>
  *
- * @since 4.0
  * @author Rob Winch
+ * @since 4.0
  */
 public final class SimpDestinationMessageMatcher implements MessageMatcher<Object> {
 
diff --git a/messaging/src/main/java/org/springframework/security/messaging/util/matcher/SimpMessageTypeMatcher.java b/messaging/src/main/java/org/springframework/security/messaging/util/matcher/SimpMessageTypeMatcher.java
index 41af99f63b..b441723ddc 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/util/matcher/SimpMessageTypeMatcher.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/util/matcher/SimpMessageTypeMatcher.java
@@ -26,8 +26,8 @@ import org.springframework.util.ObjectUtils;
  * A {@link MessageMatcher} that matches if the provided {@link Message} has a type that
  * is the same as the {@link SimpMessageType} that was specified in the constructor.
  *
- * @since 4.0
  * @author Rob Winch
+ * @since 4.0
  *
  */
 public class SimpMessageTypeMatcher implements MessageMatcher<Object> {
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizedClientServiceOAuth2AuthorizedClientManager.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizedClientServiceOAuth2AuthorizedClientManager.java
index cc3eebd80c..2ca6eea561 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizedClientServiceOAuth2AuthorizedClientManager.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizedClientServiceOAuth2AuthorizedClientManager.java
@@ -219,8 +219,8 @@ public final class AuthorizedClientServiceOAuth2AuthorizedClientManager implemen
 	 * default.
 	 * @param authorizationFailureHandler the {@link OAuth2AuthorizationFailureHandler}
 	 * that handles authorization failures
-	 * @see RemoveAuthorizedClientOAuth2AuthorizationFailureHandler
 	 * @since 5.3
+	 * @see RemoveAuthorizedClientOAuth2AuthorizationFailureHandler
 	 */
 	public void setAuthorizationFailureHandler(OAuth2AuthorizationFailureHandler authorizationFailureHandler) {
 		Assert.notNull(authorizationFailureHandler, "authorizationFailureHandler cannot be null");
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager.java
index 0439c6bc1a..26776668ed 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager.java
@@ -70,12 +70,12 @@ import java.util.function.Function;
  *
  * @author Ankur Pathak
  * @author Phil Clay
+ * @since 5.2.2
  * @see ReactiveOAuth2AuthorizedClientManager
  * @see ReactiveOAuth2AuthorizedClientProvider
  * @see ReactiveOAuth2AuthorizedClientService
  * @see ReactiveOAuth2AuthorizationSuccessHandler
  * @see ReactiveOAuth2AuthorizationFailureHandler
- * @since 5.2.2
  */
 public final class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager
 		implements ReactiveOAuth2AuthorizedClientManager {
@@ -221,8 +221,8 @@ public final class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager
 	 * by default.
 	 * </p>
 	 * @param authorizationFailureHandler the handler that handles authorization failures.
-	 * @see RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler
 	 * @since 5.3
+	 * @see RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler
 	 */
 	public void setAuthorizationFailureHandler(ReactiveOAuth2AuthorizationFailureHandler authorizationFailureHandler) {
 		Assert.notNull(authorizationFailureHandler, "authorizationFailureHandler cannot be null");
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/InMemoryOAuth2AuthorizedClientService.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/InMemoryOAuth2AuthorizedClientService.java
index 480a659dfe..a78bab512f 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/InMemoryOAuth2AuthorizedClientService.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/InMemoryOAuth2AuthorizedClientService.java
@@ -56,11 +56,10 @@ public final class InMemoryOAuth2AuthorizedClientService implements OAuth2Author
 	/**
 	 * Constructs an {@code InMemoryOAuth2AuthorizedClientService} using the provided
 	 * parameters.
-	 *
-	 * @since 5.2
 	 * @param clientRegistrationRepository the repository of client registrations
 	 * @param authorizedClients the initial {@code Map} of authorized client(s) keyed by
 	 * {@link OAuth2AuthorizedClientId}
+	 * @since 5.2
 	 */
 	public InMemoryOAuth2AuthorizedClientService(ClientRegistrationRepository clientRegistrationRepository,
 			Map<OAuth2AuthorizedClientId, OAuth2AuthorizedClient> authorizedClients) {
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizeRequest.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizeRequest.java
index 4520b2628e..8009e84b65 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizeRequest.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizeRequest.java
@@ -145,11 +145,10 @@ public final class OAuth2AuthorizeRequest {
 		/**
 		 * Sets the name of the {@code Principal} (to be) associated to the authorized
 		 * client.
-		 *
-		 * @since 5.3
 		 * @param principalName the name of the {@code Principal} (to be) associated to
 		 * the authorized client
 		 * @return the {@link Builder}
+		 * @since 5.3
 		 */
 		public Builder principal(String principalName) {
 			return principal(createAuthentication(principalName));
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClient.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClient.java
index 04fa5b8cd1..4538ae0d4b 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClient.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClient.java
@@ -107,9 +107,8 @@ public class OAuth2AuthorizedClient implements Serializable {
 
 	/**
 	 * Returns the {@link OAuth2RefreshToken refresh token} credential granted.
-	 *
-	 * @since 5.1
 	 * @return the {@link OAuth2RefreshToken}
+	 * @since 5.1
 	 */
 	public @Nullable OAuth2RefreshToken getRefreshToken() {
 		return this.refreshToken;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationToken.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationToken.java
index e0976bbe98..d2d8f62b24 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationToken.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationToken.java
@@ -154,9 +154,8 @@ public class OAuth2LoginAuthenticationToken extends AbstractAuthenticationToken
 
 	/**
 	 * Returns the {@link OAuth2RefreshToken refresh token}.
-	 *
-	 * @since 5.1
 	 * @return the {@link OAuth2RefreshToken}
+	 * @since 5.1
 	 */
 	public @Nullable OAuth2RefreshToken getRefreshToken() {
 		return this.refreshToken;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginReactiveAuthenticationManager.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginReactiveAuthenticationManager.java
index e157b3ae40..dc00fed7d0 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginReactiveAuthenticationManager.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginReactiveAuthenticationManager.java
@@ -109,10 +109,9 @@ public class OAuth2LoginReactiveAuthenticationManager implements ReactiveAuthent
 	 * Sets the {@link GrantedAuthoritiesMapper} used for mapping
 	 * {@link OAuth2User#getAuthorities()} to a new set of authorities which will be
 	 * associated to the {@link OAuth2LoginAuthenticationToken}.
-	 *
-	 * @since 5.4
 	 * @param authoritiesMapper the {@link GrantedAuthoritiesMapper} used for mapping the
 	 * user's authorities
+	 * @since 5.4
 	 */
 	public final void setAuthoritiesMapper(GrantedAuthoritiesMapper authoritiesMapper) {
 		Assert.notNull(authoritiesMapper, "authoritiesMapper cannot be null");
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/AbstractWebClientReactiveOAuth2AccessTokenResponseClient.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/AbstractWebClientReactiveOAuth2AccessTokenResponseClient.java
index a9397e8c2a..0e6cc41167 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/AbstractWebClientReactiveOAuth2AccessTokenResponseClient.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/AbstractWebClientReactiveOAuth2AccessTokenResponseClient.java
@@ -46,9 +46,9 @@ import static org.springframework.security.oauth2.core.web.reactive.function.OAu
  * Accepts a JSON response body containing an OAuth 2.0 Access token or error.
  * </p>
  *
+ * @param <T> type of grant request
  * @author Phil Clay
  * @since 5.3
- * @param <T> type of grant request
  * @see <a href="https://tools.ietf.org/html/rfc6749#section-3.2">RFC-6749 Token
  * Endpoint</a>
  * @see WebClientReactiveAuthorizationCodeTokenResponseClient
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/http/OAuth2ErrorResponseErrorHandler.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/http/OAuth2ErrorResponseErrorHandler.java
index 2aad49caa6..f0fc1990b0 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/http/OAuth2ErrorResponseErrorHandler.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/http/OAuth2ErrorResponseErrorHandler.java
@@ -32,10 +32,10 @@ import java.io.IOException;
 /**
  * A {@link ResponseErrorHandler} that handles an {@link OAuth2Error OAuth 2.0 Error}.
  *
- * @see ResponseErrorHandler
- * @see OAuth2Error
  * @author Joe Grandja
  * @since 5.1
+ * @see ResponseErrorHandler
+ * @see OAuth2Error
  */
 public class OAuth2ErrorResponseErrorHandler implements ResponseErrorHandler {
 
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProvider.java
index afe63b2b23..ff935bd0bf 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProvider.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProvider.java
@@ -205,10 +205,9 @@ public class OidcAuthorizationCodeAuthenticationProvider implements Authenticati
 	 * Sets the {@link JwtDecoderFactory} used for {@link OidcIdToken} signature
 	 * verification. The factory returns a {@link JwtDecoder} associated to the provided
 	 * {@link ClientRegistration}.
-	 *
-	 * @since 5.2
 	 * @param jwtDecoderFactory the {@link JwtDecoderFactory} used for {@link OidcIdToken}
 	 * signature verification
+	 * @since 5.2
 	 */
 	public final void setJwtDecoderFactory(JwtDecoderFactory<ClientRegistration> jwtDecoderFactory) {
 		Assert.notNull(jwtDecoderFactory, "jwtDecoderFactory cannot be null");
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManager.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManager.java
index f1b8ef5b19..09522ad275 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManager.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManager.java
@@ -160,10 +160,9 @@ public class OidcAuthorizationCodeReactiveAuthenticationManager implements React
 	 * Sets the {@link ReactiveJwtDecoderFactory} used for {@link OidcIdToken} signature
 	 * verification. The factory returns a {@link ReactiveJwtDecoder} associated to the
 	 * provided {@link ClientRegistration}.
-	 *
-	 * @since 5.2
 	 * @param jwtDecoderFactory the {@link ReactiveJwtDecoderFactory} used for
 	 * {@link OidcIdToken} signature verification
+	 * @since 5.2
 	 */
 	public final void setJwtDecoderFactory(ReactiveJwtDecoderFactory<ClientRegistration> jwtDecoderFactory) {
 		Assert.notNull(jwtDecoderFactory, "jwtDecoderFactory cannot be null");
@@ -174,10 +173,9 @@ public class OidcAuthorizationCodeReactiveAuthenticationManager implements React
 	 * Sets the {@link GrantedAuthoritiesMapper} used for mapping
 	 * {@link OidcUser#getAuthorities()} to a new set of authorities which will be
 	 * associated to the {@link OAuth2LoginAuthenticationToken}.
-	 *
-	 * @since 5.4
 	 * @param authoritiesMapper the {@link GrantedAuthoritiesMapper} used for mapping the
 	 * user's authorities
+	 * @since 5.4
 	 */
 	public final void setAuthoritiesMapper(GrantedAuthoritiesMapper authoritiesMapper) {
 		Assert.notNull(authoritiesMapper, "authoritiesMapper cannot be null");
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenValidator.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenValidator.java
index 21a80d8b14..cc1921210f 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenValidator.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenValidator.java
@@ -136,9 +136,8 @@ public final class OidcIdTokenValidator implements OAuth2TokenValidator<Jwt> {
 	 * Sets the maximum acceptable clock skew. The default is 60 seconds. The clock skew
 	 * is used when validating the {@link JwtClaimNames#EXP exp} and
 	 * {@link JwtClaimNames#IAT iat} claims.
-	 *
-	 * @since 5.2
 	 * @param clockSkew the maximum acceptable clock skew
+	 * @since 5.2
 	 */
 	public void setClockSkew(Duration clockSkew) {
 		Assert.notNull(clockSkew, "clockSkew cannot be null");
@@ -149,9 +148,8 @@ public final class OidcIdTokenValidator implements OAuth2TokenValidator<Jwt> {
 	/**
 	 * Sets the {@link Clock} used in {@link Instant#now(Clock)} when validating the
 	 * {@link JwtClaimNames#EXP exp} and {@link JwtClaimNames#IAT iat} claims.
-	 *
-	 * @since 5.3
 	 * @param clock the clock
+	 * @since 5.3
 	 */
 	public void setClock(Clock clock) {
 		Assert.notNull(clock, "clock cannot be null");
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcReactiveOAuth2UserService.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcReactiveOAuth2UserService.java
index 713c696f3d..21f575b522 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcReactiveOAuth2UserService.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcReactiveOAuth2UserService.java
@@ -71,10 +71,9 @@ public class OidcReactiveOAuth2UserService implements ReactiveOAuth2UserService<
 	/**
 	 * Returns the default {@link Converter}'s used for type conversion of claim values
 	 * for an {@link OidcUserInfo}.
-	 *
-	 * @since 5.2
 	 * @return a {@link Map} of {@link Converter}'s keyed by {@link StandardClaimNames
 	 * claim name}
+	 * @since 5.2
 	 */
 	public static Map<String, Converter<Object, ?>> createDefaultClaimTypeConverters() {
 		Converter<Object, ?> booleanConverter = getConverter(TypeDescriptor.valueOf(Boolean.class));
@@ -148,11 +147,10 @@ public class OidcReactiveOAuth2UserService implements ReactiveOAuth2UserService<
 	 * Sets the factory that provides a {@link Converter} used for type conversion of
 	 * claim values for an {@link OidcUserInfo}. The default is {@link ClaimTypeConverter}
 	 * for all {@link ClientRegistration clients}.
-	 *
-	 * @since 5.2
 	 * @param claimTypeConverterFactory the factory that provides a {@link Converter} used
 	 * for type conversion of claim values for a specific {@link ClientRegistration
 	 * client}
+	 * @since 5.2
 	 */
 	public final void setClaimTypeConverterFactory(
 			Function<ClientRegistration, Converter<Map<String, Object>, Map<String, Object>>> claimTypeConverterFactory) {
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequest.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequest.java
index 33f4c4a004..39c1b3e8b3 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequest.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequest.java
@@ -52,12 +52,11 @@ public class OidcUserRequest extends OAuth2UserRequest {
 
 	/**
 	 * Constructs an {@code OidcUserRequest} using the provided parameters.
-	 *
-	 * @since 5.1
 	 * @param clientRegistration the client registration
 	 * @param accessToken the access token credential
 	 * @param idToken the ID Token
 	 * @param additionalParameters the additional parameters, may be empty
+	 * @since 5.1
 	 */
 	public OidcUserRequest(ClientRegistration clientRegistration, OAuth2AccessToken accessToken, OidcIdToken idToken,
 			Map<String, Object> additionalParameters) {
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserService.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserService.java
index 7d30cee451..76bb9a6401 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserService.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserService.java
@@ -78,10 +78,9 @@ public class OidcUserService implements OAuth2UserService<OidcUserRequest, OidcU
 	/**
 	 * Returns the default {@link Converter}'s used for type conversion of claim values
 	 * for an {@link OidcUserInfo}.
-	 *
-	 * @since 5.2
 	 * @return a {@link Map} of {@link Converter}'s keyed by {@link StandardClaimNames
 	 * claim name}
+	 * @since 5.2
 	 */
 	public static Map<String, Converter<Object, ?>> createDefaultClaimTypeConverters() {
 		Converter<Object, ?> booleanConverter = getConverter(TypeDescriptor.valueOf(Boolean.class));
@@ -190,10 +189,9 @@ public class OidcUserService implements OAuth2UserService<OidcUserRequest, OidcU
 
 	/**
 	 * Sets the {@link OAuth2UserService} used when requesting the user info resource.
-	 *
-	 * @since 5.1
 	 * @param oauth2UserService the {@link OAuth2UserService} used when requesting the
 	 * user info resource.
+	 * @since 5.1
 	 */
 	public final void setOauth2UserService(OAuth2UserService<OAuth2UserRequest, OAuth2User> oauth2UserService) {
 		Assert.notNull(oauth2UserService, "oauth2UserService cannot be null");
@@ -204,11 +202,10 @@ public class OidcUserService implements OAuth2UserService<OidcUserRequest, OidcU
 	 * Sets the factory that provides a {@link Converter} used for type conversion of
 	 * claim values for an {@link OidcUserInfo}. The default is {@link ClaimTypeConverter}
 	 * for all {@link ClientRegistration clients}.
-	 *
-	 * @since 5.2
 	 * @param claimTypeConverterFactory the factory that provides a {@link Converter} used
 	 * for type conversion of claim values for a specific {@link ClientRegistration
 	 * client}
+	 * @since 5.2
 	 */
 	public final void setClaimTypeConverterFactory(
 			Function<ClientRegistration, Converter<Map<String, Object>, Map<String, Object>>> claimTypeConverterFactory) {
@@ -224,9 +221,8 @@ public class OidcUserService implements OAuth2UserService<OidcUserRequest, OidcU
 	 * {@link OidcUserRequest#getAccessToken() access token} to determine if the user info
 	 * resource is accessible or not. If there is at least one match, the user info
 	 * resource will be requested, otherwise it will not.
-	 *
-	 * @since 5.2
 	 * @param accessibleScopes the scope(s) that allow access to the user info resource
+	 * @since 5.2
 	 */
 	public final void setAccessibleScopes(Set<String> accessibleScopes) {
 		Assert.notNull(accessibleScopes, "accessibleScopes cannot be null");
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistration.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistration.java
index 241fb22755..807f915db6 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistration.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistration.java
@@ -136,9 +136,8 @@ public final class ClientRegistration implements Serializable {
 	 * Configuring uri template variables is especially useful when the client is running
 	 * behind a Proxy Server. This ensures that the X-Forwarded-* headers are used when
 	 * expanding the redirect-uri.
-	 *
-	 * @since 5.4
 	 * @return the uri (or uri template) for the redirection endpoint
+	 * @since 5.4
 	 */
 	public String getRedirectUri() {
 		return this.redirectUri;
@@ -234,10 +233,9 @@ public final class ClientRegistration implements Serializable {
 		/**
 		 * Returns the issuer identifier uri for the OpenID Connect 1.0 provider or the
 		 * OAuth 2.0 Authorization Server.
-		 *
-		 * @since 5.4
 		 * @return the issuer identifier uri for the OpenID Connect 1.0 provider or the
 		 * OAuth 2.0 Authorization Server
+		 * @since 5.4
 		 */
 		public String getIssuerUri() {
 			return this.issuerUri;
@@ -245,9 +243,8 @@ public final class ClientRegistration implements Serializable {
 
 		/**
 		 * Returns a {@code Map} of the metadata describing the provider's configuration.
-		 *
-		 * @since 5.1
 		 * @return a {@code Map} of the metadata describing the provider's configuration
+		 * @since 5.1
 		 */
 		public Map<String, Object> getConfigurationMetadata() {
 			return this.configurationMetadata;
@@ -279,9 +276,8 @@ public final class ClientRegistration implements Serializable {
 
 			/**
 			 * Returns the authentication method for the user info endpoint.
-			 *
-			 * @since 5.1
 			 * @return the {@link AuthenticationMethod} for the user info endpoint.
+			 * @since 5.1
 			 */
 			public AuthenticationMethod getAuthenticationMethod() {
 				return this.authenticationMethod;
@@ -467,10 +463,9 @@ public final class ClientRegistration implements Serializable {
 		 * Configuring uri template variables is especially useful when the client is
 		 * running behind a Proxy Server. This ensures that the X-Forwarded-* headers are
 		 * used when expanding the redirect-uri.
-		 *
-		 * @since 5.4
 		 * @param redirectUri the uri (or uri template) for the redirection endpoint
 		 * @return the {@link Builder}
+		 * @since 5.4
 		 */
 		public Builder redirectUri(String redirectUri) {
 			this.redirectUri = redirectUri;
@@ -533,11 +528,10 @@ public final class ClientRegistration implements Serializable {
 
 		/**
 		 * Sets the authentication method for the user info endpoint.
-		 *
-		 * @since 5.1
 		 * @param userInfoAuthenticationMethod the authentication method for the user info
 		 * endpoint
 		 * @return the {@link Builder}
+		 * @since 5.1
 		 */
 		public Builder userInfoAuthenticationMethod(AuthenticationMethod userInfoAuthenticationMethod) {
 			this.userInfoAuthenticationMethod = userInfoAuthenticationMethod;
@@ -569,11 +563,10 @@ public final class ClientRegistration implements Serializable {
 		/**
 		 * Sets the issuer identifier uri for the OpenID Connect 1.0 provider or the OAuth
 		 * 2.0 Authorization Server.
-		 *
-		 * @since 5.4
 		 * @param issuerUri the issuer identifier uri for the OpenID Connect 1.0 provider
 		 * or the OAuth 2.0 Authorization Server
 		 * @return the {@link Builder}
+		 * @since 5.4
 		 */
 		public Builder issuerUri(String issuerUri) {
 			this.issuerUri = issuerUri;
@@ -582,11 +575,10 @@ public final class ClientRegistration implements Serializable {
 
 		/**
 		 * Sets the metadata describing the provider's configuration.
-		 *
-		 * @since 5.1
 		 * @param configurationMetadata the metadata describing the provider's
 		 * configuration
 		 * @return the {@link Builder}
+		 * @since 5.1
 		 */
 		public Builder providerConfigurationMetadata(Map<String, Object> configurationMetadata) {
 			if (configurationMetadata != null) {
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/InMemoryClientRegistrationRepository.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/InMemoryClientRegistrationRepository.java
index ca81eeee9b..b50e5fee8e 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/InMemoryClientRegistrationRepository.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/InMemoryClientRegistrationRepository.java
@@ -78,9 +78,8 @@ public final class InMemoryClientRegistrationRepository
 	 * Constructs an {@code InMemoryClientRegistrationRepository} using the provided
 	 * {@code Map} of {@link ClientRegistration#getRegistrationId() registration id} to
 	 * {@link ClientRegistration}.
-	 *
-	 * @since 5.2
 	 * @param registrations the {@code Map} of client registration(s)
+	 * @since 5.2
 	 */
 	public InMemoryClientRegistrationRepository(Map<String, ClientRegistration> registrations) {
 		Assert.notNull(registrations, "registrations cannot be null");
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/CustomUserTypesOAuth2UserService.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/CustomUserTypesOAuth2UserService.java
index d50ea1e56c..e8cc175587 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/CustomUserTypesOAuth2UserService.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/CustomUserTypesOAuth2UserService.java
@@ -108,10 +108,9 @@ public class CustomUserTypesOAuth2UserService implements OAuth2UserService<OAuth
 	/**
 	 * Sets the {@link Converter} used for converting the {@link OAuth2UserRequest} to a
 	 * {@link RequestEntity} representation of the UserInfo Request.
-	 *
-	 * @since 5.1
 	 * @param requestEntityConverter the {@link Converter} used for converting to a
 	 * {@link RequestEntity} representation of the UserInfo Request
+	 * @since 5.1
 	 */
 	public final void setRequestEntityConverter(Converter<OAuth2UserRequest, RequestEntity<?>> requestEntityConverter) {
 		Assert.notNull(requestEntityConverter, "requestEntityConverter cannot be null");
@@ -127,10 +126,9 @@ public class CustomUserTypesOAuth2UserService implements OAuth2UserService<OAuth
 	 * <ol>
 	 * <li>{@link ResponseErrorHandler} - {@link OAuth2ErrorResponseErrorHandler}</li>
 	 * </ol>
-	 *
-	 * @since 5.1
 	 * @param restOperations the {@link RestOperations} used when requesting the UserInfo
 	 * resource
+	 * @since 5.1
 	 */
 	public final void setRestOperations(RestOperations restOperations) {
 		Assert.notNull(restOperations, "restOperations cannot be null");
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DefaultOAuth2UserService.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DefaultOAuth2UserService.java
index 98bd846240..83641346ef 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DefaultOAuth2UserService.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DefaultOAuth2UserService.java
@@ -159,10 +159,9 @@ public class DefaultOAuth2UserService implements OAuth2UserService<OAuth2UserReq
 	/**
 	 * Sets the {@link Converter} used for converting the {@link OAuth2UserRequest} to a
 	 * {@link RequestEntity} representation of the UserInfo Request.
-	 *
-	 * @since 5.1
 	 * @param requestEntityConverter the {@link Converter} used for converting to a
 	 * {@link RequestEntity} representation of the UserInfo Request
+	 * @since 5.1
 	 */
 	public final void setRequestEntityConverter(Converter<OAuth2UserRequest, RequestEntity<?>> requestEntityConverter) {
 		Assert.notNull(requestEntityConverter, "requestEntityConverter cannot be null");
@@ -178,10 +177,9 @@ public class DefaultOAuth2UserService implements OAuth2UserService<OAuth2UserReq
 	 * <ol>
 	 * <li>{@link ResponseErrorHandler} - {@link OAuth2ErrorResponseErrorHandler}</li>
 	 * </ol>
-	 *
-	 * @since 5.1
 	 * @param restOperations the {@link RestOperations} used when requesting the UserInfo
 	 * resource
+	 * @since 5.1
 	 */
 	public final void setRestOperations(RestOperations restOperations) {
 		Assert.notNull(restOperations, "restOperations cannot be null");
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DelegatingOAuth2UserService.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DelegatingOAuth2UserService.java
index 3105049c01..1012c4c978 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DelegatingOAuth2UserService.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DelegatingOAuth2UserService.java
@@ -32,13 +32,13 @@ import java.util.Objects;
  * {@link OAuth2UserService#loadUser(OAuth2UserRequest) load} an {@link OAuth2User} with
  * the first {@code non-null} {@link OAuth2User} being returned.
  *
+ * @param <R> The type of OAuth 2.0 User Request
+ * @param <U> The type of OAuth 2.0 User
  * @author Joe Grandja
  * @since 5.0
  * @see OAuth2UserService
  * @see OAuth2UserRequest
  * @see OAuth2User
- * @param <R> The type of OAuth 2.0 User Request
- * @param <U> The type of OAuth 2.0 User
  */
 public class DelegatingOAuth2UserService<R extends OAuth2UserRequest, U extends OAuth2User>
 		implements OAuth2UserService<R, U> {
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequest.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequest.java
index 0b0490c9f5..a295d6dc7a 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequest.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequest.java
@@ -53,11 +53,10 @@ public class OAuth2UserRequest {
 
 	/**
 	 * Constructs an {@code OAuth2UserRequest} using the provided parameters.
-	 *
-	 * @since 5.1
 	 * @param clientRegistration the client registration
 	 * @param accessToken the access token
 	 * @param additionalParameters the additional parameters, may be empty
+	 * @since 5.1
 	 */
 	public OAuth2UserRequest(ClientRegistration clientRegistration, OAuth2AccessToken accessToken,
 			Map<String, Object> additionalParameters) {
@@ -87,9 +86,8 @@ public class OAuth2UserRequest {
 
 	/**
 	 * Returns the additional parameters that may be used in the request.
-	 *
-	 * @since 5.1
 	 * @return a {@code Map} of the additional parameters, may be empty.
+	 * @since 5.1
 	 */
 	public Map<String, Object> getAdditionalParameters() {
 		return this.additionalParameters;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthorizationRequestRepository.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthorizationRequestRepository.java
index 46a0d041e1..e4d5c4e9d7 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthorizationRequestRepository.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthorizationRequestRepository.java
@@ -30,11 +30,11 @@ import javax.servlet.http.HttpServletResponse;
  * used by the {@link OAuth2LoginAuthenticationFilter} for resolving the associated
  * Authorization Request when handling the callback of the Authorization Response.
  *
+ * @param <T> The type of OAuth 2.0 Authorization Request
  * @author Joe Grandja
  * @since 5.0
  * @see OAuth2AuthorizationRequest
  * @see HttpSessionOAuth2AuthorizationRequestRepository
- * @param <T> The type of OAuth 2.0 Authorization Request
  */
 public interface AuthorizationRequestRepository<T extends OAuth2AuthorizationRequest> {
 
@@ -72,11 +72,10 @@ public interface AuthorizationRequestRepository<T extends OAuth2AuthorizationReq
 	 * Removes and returns the {@link OAuth2AuthorizationRequest} associated to the
 	 * provided {@code HttpServletRequest} and {@code HttpServletResponse} or if not
 	 * available returns {@code null}.
-	 *
-	 * @since 5.1
 	 * @param request the {@code HttpServletRequest}
 	 * @param response the {@code HttpServletResponse}
 	 * @return the {@link OAuth2AuthorizationRequest} or {@code null} if not available
+	 * @since 5.1
 	 */
 	default T removeAuthorizationRequest(HttpServletRequest request, HttpServletResponse response) {
 		return removeAuthorizationRequest(request);
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolver.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolver.java
index ae4665a735..e86e2bfc89 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolver.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolver.java
@@ -118,10 +118,9 @@ public final class DefaultOAuth2AuthorizationRequestResolver implements OAuth2Au
 	/**
 	 * Sets the {@code Consumer} to be provided the
 	 * {@link OAuth2AuthorizationRequest.Builder} allowing for further customizations.
-	 *
-	 * @since 5.3
 	 * @param authorizationRequestCustomizer the {@code Consumer} to be provided the
 	 * {@link OAuth2AuthorizationRequest.Builder}
+	 * @since 5.3
 	 */
 	public void setAuthorizationRequestCustomizer(
 			Consumer<OAuth2AuthorizationRequest.Builder> authorizationRequestCustomizer) {
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManager.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManager.java
index 78bc7af340..9c64cb9bcb 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManager.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManager.java
@@ -270,8 +270,8 @@ public final class DefaultOAuth2AuthorizedClientManager implements OAuth2Authori
 	 * default.
 	 * @param authorizationFailureHandler the {@link OAuth2AuthorizationFailureHandler}
 	 * that handles authorization failures
-	 * @see RemoveAuthorizedClientOAuth2AuthorizationFailureHandler
 	 * @since 5.3
+	 * @see RemoveAuthorizedClientOAuth2AuthorizationFailureHandler
 	 */
 	public void setAuthorizationFailureHandler(OAuth2AuthorizationFailureHandler authorizationFailureHandler) {
 		Assert.notNull(authorizationFailureHandler, "authorizationFailureHandler cannot be null");
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultReactiveOAuth2AuthorizedClientManager.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultReactiveOAuth2AuthorizedClientManager.java
index c7fac35606..59589f8bfe 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultReactiveOAuth2AuthorizedClientManager.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultReactiveOAuth2AuthorizedClientManager.java
@@ -271,8 +271,8 @@ public final class DefaultReactiveOAuth2AuthorizedClientManager implements React
 	 * by default.
 	 * </p>
 	 * @param authorizationFailureHandler the handler that handles authorization failures.
-	 * @see RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler
 	 * @since 5.3
+	 * @see RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler
 	 */
 	public void setAuthorizationFailureHandler(ReactiveOAuth2AuthorizationFailureHandler authorizationFailureHandler) {
 		Assert.notNull(authorizationFailureHandler, "authorizationFailureHandler cannot be null");
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilter.java
index 96be281fba..8f963b1669 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilter.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilter.java
@@ -147,10 +147,9 @@ public class OAuth2AuthorizationCodeGrantFilter extends OncePerRequestFilter {
 	 * Sets the {@link RequestCache} used for loading a previously saved request (if
 	 * available) and replaying it after completing the processing of the OAuth 2.0
 	 * Authorization Response.
-	 *
-	 * @since 5.4
 	 * @param requestCache the cache used for loading a previously saved request (if
 	 * available)
+	 * @since 5.4
 	 */
 	public final void setRequestCache(RequestCache requestCache) {
 		Assert.notNull(requestCache, "requestCache cannot be null");
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilter.java
index 2544f57fa5..32420b09ce 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilter.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilter.java
@@ -127,10 +127,9 @@ public class OAuth2AuthorizationRequestRedirectFilter extends OncePerRequestFilt
 	/**
 	 * Constructs an {@code OAuth2AuthorizationRequestRedirectFilter} using the provided
 	 * parameters.
-	 *
-	 * @since 5.1
 	 * @param authorizationRequestResolver the resolver used for resolving authorization
 	 * requests
+	 * @since 5.1
 	 */
 	public OAuth2AuthorizationRequestRedirectFilter(OAuth2AuthorizationRequestResolver authorizationRequestResolver) {
 		Assert.notNull(authorizationRequestResolver, "authorizationRequestResolver cannot be null");
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilter.java
index b622d9019e..3ed0e8096f 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilter.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilter.java
@@ -139,12 +139,11 @@ public class OAuth2LoginAuthenticationFilter extends AbstractAuthenticationProce
 	/**
 	 * Constructs an {@code OAuth2LoginAuthenticationFilter} using the provided
 	 * parameters.
-	 *
-	 * @since 5.1
 	 * @param clientRegistrationRepository the repository of client registrations
 	 * @param authorizedClientRepository the authorized client repository
 	 * @param filterProcessesUrl the {@code URI} where this {@code Filter} will process
 	 * the authentication requests
+	 * @since 5.1
 	 */
 	public OAuth2LoginAuthenticationFilter(ClientRegistrationRepository clientRegistrationRepository,
 			OAuth2AuthorizedClientRepository authorizedClientRepository, String filterProcessesUrl) {
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolver.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolver.java
index c01e94da0c..1d0760b5ad 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolver.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolver.java
@@ -78,10 +78,9 @@ public final class OAuth2AuthorizedClientArgumentResolver implements HandlerMeth
 	/**
 	 * Constructs an {@code OAuth2AuthorizedClientArgumentResolver} using the provided
 	 * parameters.
-	 *
-	 * @since 5.2
 	 * @param authorizedClientManager the {@link OAuth2AuthorizedClientManager} which
 	 * manages the authorized client(s)
+	 * @since 5.2
 	 */
 	public OAuth2AuthorizedClientArgumentResolver(OAuth2AuthorizedClientManager authorizedClientManager) {
 		Assert.notNull(authorizedClientManager, "authorizedClientManager cannot be null");
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunction.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunction.java
index 945f6e68e7..5ffbe25106 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunction.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunction.java
@@ -177,10 +177,9 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements
 	 * will result in removing the authorized client, so that a new token is retrieved for
 	 * future requests.
 	 * </p>
-	 *
-	 * @since 5.2
 	 * @param authorizedClientManager the {@link ReactiveOAuth2AuthorizedClientManager}
 	 * which manages the authorized client(s)
+	 * @since 5.2
 	 */
 	public ServerOAuth2AuthorizedClientExchangeFilterFunction(
 			ReactiveOAuth2AuthorizedClientManager authorizedClientManager) {
@@ -258,7 +257,7 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements
 	 * WebClient webClient = WebClient.builder()
 	 *    .filter(new ServerOAuth2AuthorizedClientExchangeFilterFunction(authorizedClientManager))
 	 *    .build();
-	 * Mono<String> response = webClient
+	 * Mono&lt;String&gt; response = webClient
 	 *    .get()
 	 *    .uri(uri)
 	 *    .attributes(oauth2AuthorizedClient(authorizedClient))
@@ -297,7 +296,7 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements
 	 * WebClient webClient = WebClient.builder()
 	 *    .filter(new ServerOAuth2AuthorizedClientExchangeFilterFunction(authorizedClientManager))
 	 *    .build();
-	 * Mono<String> response = webClient
+	 * Mono&lt;String&gt; response = webClient
 	 *    .get()
 	 *    .uri(uri)
 	 *    .attributes(serverWebExchange(serverWebExchange))
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunction.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunction.java
index 3acaede9b3..8b1b21850b 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunction.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunction.java
@@ -84,7 +84,7 @@ import java.util.stream.Stream;
  * WebClient webClient = WebClient.builder()
  *    .apply(oauth2.oauth2Configuration())
  *    .build();
- * Mono<String> response = webClient
+ * Mono&lt;String&gt; response = webClient
  *    .get()
  *    .uri(uri)
  *    .attributes(oauth2AuthorizedClient(authorizedClient))
@@ -190,10 +190,9 @@ public final class ServletOAuth2AuthorizedClientExchangeFilterFunction implement
 	 * authentication and authorization failures returned from a Resource Server will
 	 * result in removing the authorized client, so that a new token is retrieved for
 	 * future requests.
-	 *
-	 * @since 5.2
 	 * @param authorizedClientManager the {@link OAuth2AuthorizedClientManager} which
 	 * manages the authorized client(s)
+	 * @since 5.2
 	 */
 	public ServletOAuth2AuthorizedClientExchangeFilterFunction(OAuth2AuthorizedClientManager authorizedClientManager) {
 		Assert.notNull(authorizedClientManager, "authorizedClientManager cannot be null");
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/result/method/annotation/OAuth2AuthorizedClientArgumentResolver.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/result/method/annotation/OAuth2AuthorizedClientArgumentResolver.java
index b79bce181f..0179740229 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/result/method/annotation/OAuth2AuthorizedClientArgumentResolver.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/result/method/annotation/OAuth2AuthorizedClientArgumentResolver.java
@@ -69,10 +69,9 @@ public final class OAuth2AuthorizedClientArgumentResolver implements HandlerMeth
 	/**
 	 * Constructs an {@code OAuth2AuthorizedClientArgumentResolver} using the provided
 	 * parameters.
-	 *
-	 * @since 5.2
 	 * @param authorizedClientManager the {@link ReactiveOAuth2AuthorizedClientManager}
 	 * which manages the authorized client(s)
+	 * @since 5.2
 	 */
 	public OAuth2AuthorizedClientArgumentResolver(ReactiveOAuth2AuthorizedClientManager authorizedClientManager) {
 		Assert.notNull(authorizedClientManager, "authorizedClientManager cannot be null");
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolver.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolver.java
index ca751132f3..c18dc66864 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolver.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolver.java
@@ -134,10 +134,9 @@ public class DefaultServerOAuth2AuthorizationRequestResolver implements ServerOA
 	/**
 	 * Sets the {@code Consumer} to be provided the
 	 * {@link OAuth2AuthorizationRequest.Builder} allowing for further customizations.
-	 *
-	 * @since 5.3
 	 * @param authorizationRequestCustomizer the {@code Consumer} to be provided the
 	 * {@link OAuth2AuthorizationRequest.Builder}
+	 * @since 5.3
 	 */
 	public final void setAuthorizationRequestCustomizer(
 			Consumer<OAuth2AuthorizationRequest.Builder> authorizationRequestCustomizer) {
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationCodeGrantWebFilter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationCodeGrantWebFilter.java
index 30d860bff7..f39e4a2ad2 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationCodeGrantWebFilter.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationCodeGrantWebFilter.java
@@ -162,10 +162,9 @@ public class OAuth2AuthorizationCodeGrantWebFilter implements WebFilter {
 	/**
 	 * Sets the repository used for storing {@link OAuth2AuthorizationRequest}'s. The
 	 * default is {@link WebSessionOAuth2ServerAuthorizationRequestRepository}.
-	 *
-	 * @since 5.2
 	 * @param authorizationRequestRepository the repository used for storing
 	 * {@link OAuth2AuthorizationRequest}'s
+	 * @since 5.2
 	 */
 	public final void setAuthorizationRequestRepository(
 			ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository) {
@@ -185,10 +184,9 @@ public class OAuth2AuthorizationCodeGrantWebFilter implements WebFilter {
 	 * Sets the {@link ServerRequestCache} used for loading a previously saved request (if
 	 * available) and replaying it after completing the processing of the OAuth 2.0
 	 * Authorization Response.
-	 *
-	 * @since 5.4
 	 * @param requestCache the cache used for loading a previously saved request (if
 	 * available)
+	 * @since 5.4
 	 */
 	public final void setRequestCache(ServerRequestCache requestCache) {
 		Assert.notNull(requestCache, "requestCache cannot be null");
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/ServerAuthorizationRequestRepository.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/ServerAuthorizationRequestRepository.java
index b102117a97..0dde709779 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/ServerAuthorizationRequestRepository.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/ServerAuthorizationRequestRepository.java
@@ -34,11 +34,11 @@ import reactor.core.publisher.Mono;
  * used by the {@link OAuth2LoginAuthenticationFilter} for resolving the associated
  * Authorization Request when handling the callback of the Authorization Response.
  *
+ * @param <T> The type of OAuth 2.0 Authorization Request
  * @author Rob Winch
  * @since 5.1
  * @see OAuth2AuthorizationRequest
  * @see HttpSessionOAuth2AuthorizationRequestRepository
- * @param <T> The type of OAuth 2.0 Authorization Request
  */
 public interface ServerAuthorizationRequestRepository<T extends OAuth2AuthorizationRequest> {
 
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponse.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponse.java
index 56399c53bc..9c050cc6a7 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponse.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponse.java
@@ -57,9 +57,8 @@ public final class OAuth2AccessTokenResponse {
 
 	/**
 	 * Returns the {@link OAuth2RefreshToken Refresh Token}.
-	 *
-	 * @since 5.1
 	 * @return the {@link OAuth2RefreshToken}
+	 * @since 5.1
 	 */
 	public @Nullable OAuth2RefreshToken getRefreshToken() {
 		return this.refreshToken;
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequest.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequest.java
index 48274effe8..e7696604d0 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequest.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequest.java
@@ -147,9 +147,8 @@ public final class OAuth2AuthorizationRequest implements Serializable {
 
 	/**
 	 * Returns the attribute(s) associated to the request.
-	 *
-	 * @since 5.2
 	 * @return a {@code Map} of the attribute(s), or an empty {@code Map} if not available
+	 * @since 5.2
 	 */
 	public Map<String, Object> getAttributes() {
 		return this.attributes;
@@ -157,12 +156,11 @@ public final class OAuth2AuthorizationRequest implements Serializable {
 
 	/**
 	 * Returns the value of an attribute associated to the request.
-	 *
-	 * @since 5.2
-	 * @param name the name of the attribute
 	 * @param <T> the type of the attribute
+	 * @param name the name of the attribute
 	 * @return the value of the attribute associated to the request, or {@code null} if
 	 * not available
+	 * @since 5.2
 	 */
 	@SuppressWarnings("unchecked")
 	public <T> T getAttribute(String name) {
@@ -176,10 +174,9 @@ public final class OAuth2AuthorizationRequest implements Serializable {
 	 * <p>
 	 * <b>NOTE:</b> The {@code URI} string is encoded in the
 	 * {@code application/x-www-form-urlencoded} MIME format.
-	 *
-	 * @since 5.1
 	 * @return the {@code URI} string representation of the OAuth 2.0 Authorization
 	 * Request
+	 * @since 5.1
 	 */
 	public String getAuthorizationRequestUri() {
 		return this.authorizationRequestUri;
@@ -195,12 +192,12 @@ public final class OAuth2AuthorizationRequest implements Serializable {
 
 	/**
 	 * Returns a new {@link Builder}, initialized with the implicit grant type.
+	 * @return the {@link Builder}
 	 * @deprecated It is not recommended to use the implicit flow due to the inherent
 	 * risks of returning access tokens in an HTTP redirect without any confirmation that
 	 * it has been received by the client.
 	 * @see <a target="_blank" href="https://oauth.net/2/grant-types/implicit/">OAuth 2.0
 	 * Implicit Grant</a>
-	 * @return the {@link Builder}
 	 */
 	@Deprecated
 	public static Builder implicit() {
@@ -210,11 +207,10 @@ public final class OAuth2AuthorizationRequest implements Serializable {
 	/**
 	 * Returns a new {@link Builder}, initialized with the values from the provided
 	 * {@code authorizationRequest}.
-	 *
-	 * @since 5.1
 	 * @param authorizationRequest the authorization request used for initializing the
 	 * {@link Builder}
 	 * @return the {@link Builder}
+	 * @since 5.1
 	 */
 	public static Builder from(OAuth2AuthorizationRequest authorizationRequest) {
 		Assert.notNull(authorizationRequest, "authorizationRequest cannot be null");
@@ -352,10 +348,9 @@ public final class OAuth2AuthorizationRequest implements Serializable {
 		/**
 		 * A {@code Consumer} to be provided access to the additional parameter(s)
 		 * allowing the ability to add, replace, or remove.
-		 *
-		 * @since 5.3
 		 * @param additionalParametersConsumer a {@code Consumer} of the additional
 		 * parameters
+		 * @since 5.3
 		 */
 		public Builder additionalParameters(Consumer<Map<String, Object>> additionalParametersConsumer) {
 			if (additionalParametersConsumer != null) {
@@ -367,9 +362,8 @@ public final class OAuth2AuthorizationRequest implements Serializable {
 		/**
 		 * A {@code Consumer} to be provided access to all the parameters allowing the
 		 * ability to add, replace, or remove.
-		 *
-		 * @since 5.3
 		 * @param parametersConsumer a {@code Consumer} of all the parameters
+		 * @since 5.3
 		 */
 		public Builder parameters(Consumer<Map<String, Object>> parametersConsumer) {
 			if (parametersConsumer != null) {
@@ -380,10 +374,9 @@ public final class OAuth2AuthorizationRequest implements Serializable {
 
 		/**
 		 * Sets the attributes associated to the request.
-		 *
-		 * @since 5.2
 		 * @param attributes the attributes associated to the request
 		 * @return the {@link Builder}
+		 * @since 5.2
 		 */
 		public Builder attributes(Map<String, Object> attributes) {
 			if (!CollectionUtils.isEmpty(attributes)) {
@@ -395,9 +388,8 @@ public final class OAuth2AuthorizationRequest implements Serializable {
 		/**
 		 * A {@code Consumer} to be provided access to the attribute(s) allowing the
 		 * ability to add, replace, or remove.
-		 *
-		 * @since 5.3
 		 * @param attributesConsumer a {@code Consumer} of the attribute(s)
+		 * @since 5.3
 		 */
 		public Builder attributes(Consumer<Map<String, Object>> attributesConsumer) {
 			if (attributesConsumer != null) {
@@ -413,11 +405,10 @@ public final class OAuth2AuthorizationRequest implements Serializable {
 		 * <p>
 		 * <b>NOTE:</b> The {@code URI} string is <b>required</b> to be encoded in the
 		 * {@code application/x-www-form-urlencoded} MIME format.
-		 *
-		 * @since 5.1
 		 * @param authorizationRequestUri the {@code URI} string representation of the
 		 * OAuth 2.0 Authorization Request
 		 * @return the {@link Builder}
+		 * @since 5.1
 		 */
 		public Builder authorizationRequestUri(String authorizationRequestUri) {
 			this.authorizationRequestUri = authorizationRequestUri;
@@ -427,10 +418,9 @@ public final class OAuth2AuthorizationRequest implements Serializable {
 		/**
 		 * A {@code Function} to be provided a {@code UriBuilder} representation of the
 		 * OAuth 2.0 Authorization Request allowing for further customizations.
-		 *
-		 * @since 5.3
 		 * @param authorizationRequestUriFunction a {@code Function} to be provided a
 		 * {@code UriBuilder} representation of the OAuth 2.0 Authorization Request
+		 * @since 5.3
 		 */
 		public Builder authorizationRequestUri(Function<UriBuilder, URI> authorizationRequestUriFunction) {
 			if (authorizationRequestUriFunction != null) {
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/http/converter/OAuth2AccessTokenResponseHttpMessageConverter.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/http/converter/OAuth2AccessTokenResponseHttpMessageConverter.java
index 020cc32874..f50e82f668 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/http/converter/OAuth2AccessTokenResponseHttpMessageConverter.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/http/converter/OAuth2AccessTokenResponseHttpMessageConverter.java
@@ -39,10 +39,10 @@ import org.springframework.util.Assert;
  * A {@link HttpMessageConverter} for an {@link OAuth2AccessTokenResponse OAuth 2.0 Access
  * Token Response}.
  *
- * @see AbstractHttpMessageConverter
- * @see OAuth2AccessTokenResponse
  * @author Joe Grandja
  * @since 5.1
+ * @see AbstractHttpMessageConverter
+ * @see OAuth2AccessTokenResponse
  */
 public class OAuth2AccessTokenResponseHttpMessageConverter
 		extends AbstractHttpMessageConverter<OAuth2AccessTokenResponse> {
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/http/converter/OAuth2ErrorHttpMessageConverter.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/http/converter/OAuth2ErrorHttpMessageConverter.java
index 52082de420..a5e854aff2 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/http/converter/OAuth2ErrorHttpMessageConverter.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/http/converter/OAuth2ErrorHttpMessageConverter.java
@@ -39,10 +39,10 @@ import java.util.stream.Collectors;
 /**
  * A {@link HttpMessageConverter} for an {@link OAuth2Error OAuth 2.0 Error}.
  *
- * @see AbstractHttpMessageConverter
- * @see OAuth2Error
  * @author Joe Grandja
  * @since 5.1
+ * @see AbstractHttpMessageConverter
+ * @see OAuth2Error
  */
 public class OAuth2ErrorHttpMessageConverter extends AbstractHttpMessageConverter<OAuth2Error> {
 
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/IdTokenClaimAccessor.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/IdTokenClaimAccessor.java
index beb6107052..1cb14aff5a 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/IdTokenClaimAccessor.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/IdTokenClaimAccessor.java
@@ -26,6 +26,8 @@ import java.util.List;
  * Token, which provides information about the authentication of an End-User by an
  * Authorization Server.
  *
+ * @author Joe Grandja
+ * @since 5.0
  * @see ClaimAccessor
  * @see StandardClaimAccessor
  * @see StandardClaimNames
@@ -36,8 +38,6 @@ import java.util.List;
  * @see <a target="_blank" href=
  * "https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims">Standard
  * Claims</a>
- * @author Joe Grandja
- * @since 5.0
  */
 public interface IdTokenClaimAccessor extends StandardClaimAccessor {
 
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/StandardClaimAccessor.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/StandardClaimAccessor.java
index e99c53959c..497a823ed0 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/StandardClaimAccessor.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/StandardClaimAccessor.java
@@ -25,6 +25,8 @@ import java.util.Map;
  * A {@link ClaimAccessor} for the &quot;Standard Claims&quot; that can be returned either
  * in the UserInfo Response or the ID Token.
  *
+ * @author Joe Grandja
+ * @since 5.0
  * @see ClaimAccessor
  * @see StandardClaimNames
  * @see OidcUserInfo
@@ -34,8 +36,6 @@ import java.util.Map;
  * @see <a target="_blank" href=
  * "https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims">Standard
  * Claims</a>
- * @author Joe Grandja
- * @since 5.0
  */
 public interface StandardClaimAccessor extends ClaimAccessor {
 
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/user/DefaultOAuth2User.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/user/DefaultOAuth2User.java
index c31312a8ad..97805ca257 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/user/DefaultOAuth2User.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/user/DefaultOAuth2User.java
@@ -42,8 +42,8 @@ import java.util.LinkedHashSet;
  *
  * @author Joe Grandja
  * @author Eddú Meléndez
- * @see OAuth2User
  * @since 5.0
+ * @see OAuth2User
  */
 public class DefaultOAuth2User implements OAuth2User, Serializable {
 
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtValidationException.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtValidationException.java
index cc028423e0..34c8ab3ce1 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtValidationException.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtValidationException.java
@@ -43,7 +43,7 @@ public class JwtValidationException extends BadJwtException {
 	 *
 	 * <pre>
 	 * 	if ( result.hasErrors() ) {
-	 *  	Collection<OAuth2Error> errors = result.getErrors();
+	 *  	Collection&lt;OAuth2Error&gt; errors = result.getErrors();
 	 *  	throw new JwtValidationException(errors.iterator().next().getDescription(), errors);
 	 * 	}
 	 * </pre>
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderJwkSupport.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderJwkSupport.java
index c8b4f435a6..8accd3ed23 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderJwkSupport.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderJwkSupport.java
@@ -119,10 +119,9 @@ public final class NimbusJwtDecoderJwkSupport implements JwtDecoder {
 
 	/**
 	 * Sets the {@link RestOperations} used when requesting the JSON Web Key (JWK) Set.
-	 *
-	 * @since 5.1
 	 * @param restOperations the {@link RestOperations} used when requesting the JSON Web
 	 * Key (JWK) Set
+	 * @since 5.1
 	 */
 	public void setRestOperations(RestOperations restOperations) {
 		Assert.notNull(restOperations, "restOperations cannot be null");
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationEntryPoint.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationEntryPoint.java
index 6a9ae1f38b..06abfecd4e 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationEntryPoint.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationEntryPoint.java
@@ -38,10 +38,10 @@ import org.springframework.util.StringUtils;
  * and populate {@code WWW-Authenticate} HTTP header.
  *
  * @author Vedran Pavic
+ * @since 5.1
  * @see BearerTokenError
  * @see <a href="https://tools.ietf.org/html/rfc6750#section-3" target="_blank">RFC 6750
  * Section 3: The WWW-Authenticate Response Header Field</a>
- * @since 5.1
  */
 public final class BearerTokenAuthenticationEntryPoint implements AuthenticationEntryPoint {
 
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/server/BearerTokenServerAuthenticationEntryPoint.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/server/BearerTokenServerAuthenticationEntryPoint.java
index e5f027e5e1..ee3beb886e 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/server/BearerTokenServerAuthenticationEntryPoint.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/server/BearerTokenServerAuthenticationEntryPoint.java
@@ -41,10 +41,10 @@ import java.util.Map;
  * and populate {@code WWW-Authenticate} HTTP header.
  *
  * @author Rob Winch
+ * @since 5.1
  * @see BearerTokenError
  * @see <a href="https://tools.ietf.org/html/rfc6750#section-3" target="_blank">RFC 6750
  * Section 3: The WWW-Authenticate Response Header Field</a>
- * @since 5.1
  */
 public final class BearerTokenServerAuthenticationEntryPoint implements ServerAuthenticationEntryPoint {
 
diff --git a/openid/src/main/java/org/springframework/security/openid/AuthenticationCancelledException.java b/openid/src/main/java/org/springframework/security/openid/AuthenticationCancelledException.java
index fa623b7d7e..01d9f9840f 100644
--- a/openid/src/main/java/org/springframework/security/openid/AuthenticationCancelledException.java
+++ b/openid/src/main/java/org/springframework/security/openid/AuthenticationCancelledException.java
@@ -20,11 +20,11 @@ import org.springframework.security.core.AuthenticationException;
 /**
  * Indicates that OpenID authentication was cancelled
  *
+ * @author Robin Bramley, Opsera Ltd
  * @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are
  * <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to
  * migrate</a> to <a href="https://openid.net/connect/">OpenID Connect</a>, which is
  * supported by <code>spring-security-oauth2</code>.
- * @author Robin Bramley, Opsera Ltd
  */
 public class AuthenticationCancelledException extends AuthenticationException {
 
diff --git a/openid/src/main/java/org/springframework/security/openid/AxFetchListFactory.java b/openid/src/main/java/org/springframework/security/openid/AxFetchListFactory.java
index d279f333d5..57d5287702 100644
--- a/openid/src/main/java/org/springframework/security/openid/AxFetchListFactory.java
+++ b/openid/src/main/java/org/springframework/security/openid/AxFetchListFactory.java
@@ -24,12 +24,12 @@ import java.util.List;
  * This allows the list of attributes for a fetch request to be tailored for different
  * OpenID providers, since they do not all support the same attributes.
  *
+ * @author Luke Taylor
+ * @since 3.1
  * @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are
  * <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to
  * migrate</a> to <a href="https://openid.net/connect/">OpenID Connect</a>, which is
  * supported by <code>spring-security-oauth2</code>.
- * @author Luke Taylor
- * @since 3.1
  */
 public interface AxFetchListFactory {
 
diff --git a/openid/src/main/java/org/springframework/security/openid/NullAxFetchListFactory.java b/openid/src/main/java/org/springframework/security/openid/NullAxFetchListFactory.java
index 5cea1bba77..152eb442db 100644
--- a/openid/src/main/java/org/springframework/security/openid/NullAxFetchListFactory.java
+++ b/openid/src/main/java/org/springframework/security/openid/NullAxFetchListFactory.java
@@ -19,12 +19,12 @@ import java.util.Collections;
 import java.util.List;
 
 /**
+ * @author Luke Taylor
+ * @since 3.1
  * @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are
  * <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to
  * migrate</a> to <a href="https://openid.net/connect/">OpenID Connect</a>, which is
  * supported by <code>spring-security-oauth2</code>.
- * @author Luke Taylor
- * @since 3.1
  */
 public class NullAxFetchListFactory implements AxFetchListFactory {
 
diff --git a/openid/src/main/java/org/springframework/security/openid/OpenIDAttribute.java b/openid/src/main/java/org/springframework/security/openid/OpenIDAttribute.java
index 1f82bb8ea1..ff7a63ecc4 100644
--- a/openid/src/main/java/org/springframework/security/openid/OpenIDAttribute.java
+++ b/openid/src/main/java/org/springframework/security/openid/OpenIDAttribute.java
@@ -27,12 +27,12 @@ import org.springframework.util.Assert;
  * should be requested during a fetch request, or to hold values for an attribute which
  * are returned during the authentication process.
  *
+ * @author Luke Taylor
+ * @since 3.0
  * @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are
  * <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to
  * migrate</a> to <a href="https://openid.net/connect/">OpenID Connect</a>, which is
  * supported by <code>spring-security-oauth2</code>.
- * @author Luke Taylor
- * @since 3.0
  */
 public class OpenIDAttribute implements Serializable {
 
diff --git a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationFilter.java b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationFilter.java
index cd75656ffb..89ff57f6d3 100644
--- a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationFilter.java
+++ b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationFilter.java
@@ -59,15 +59,15 @@ import java.util.*;
  * where it should (normally) be processed by an <tt>OpenIDAuthenticationProvider</tt> in
  * order to load the authorities for the user.
  *
- * @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are
- * <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to
- * migrate</a> to <a href="https://openid.net/connect/">OpenID Connect</a>, which is
- * supported by <code>spring-security-oauth2</code>.
  * @author Robin Bramley
  * @author Ray Krueger
  * @author Luke Taylor
  * @since 2.0
  * @see OpenIDAuthenticationProvider
+ * @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are
+ * <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to
+ * migrate</a> to <a href="https://openid.net/connect/">OpenID Connect</a>, which is
+ * supported by <code>spring-security-oauth2</code>.
  */
 public class OpenIDAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
 
diff --git a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationProvider.java b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationProvider.java
index cbc20858de..bdc9ee62fc 100644
--- a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationProvider.java
+++ b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationProvider.java
@@ -44,12 +44,12 @@ import org.springframework.util.Assert;
  * {@code Authentication} token, so additional properties such as email addresses,
  * telephone numbers etc can easily be stored.
  *
+ * @author Robin Bramley, Opsera Ltd.
+ * @author Luke Taylor
  * @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are
  * <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to
  * migrate</a> to <a href="https://openid.net/connect/">OpenID Connect</a>, which is
  * supported by <code>spring-security-oauth2</code>.
- * @author Robin Bramley, Opsera Ltd.
- * @author Luke Taylor
  */
 public class OpenIDAuthenticationProvider implements AuthenticationProvider, InitializingBean {
 
diff --git a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationStatus.java b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationStatus.java
index 1f038cb090..a95c579104 100644
--- a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationStatus.java
+++ b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationStatus.java
@@ -17,13 +17,13 @@ package org.springframework.security.openid;
 
 /**
  * Authentication status codes, based on JanRain status codes
+ * @author JanRain Inc.
+ * @author Robin Bramley, Opsera Ltd
+ * @author Luke Taylor
  * @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are
  * <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to
  * migrate</a> to <a href="https://openid.net/connect/">OpenID Connect</a>, which is
  * supported by <code>spring-security-oauth2</code>.
- * @author JanRain Inc.
- * @author Robin Bramley, Opsera Ltd
- * @author Luke Taylor
  */
 public enum OpenIDAuthenticationStatus {
 
diff --git a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationToken.java b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationToken.java
index 60e0f52637..f854080877 100644
--- a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationToken.java
+++ b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationToken.java
@@ -26,11 +26,11 @@ import org.springframework.security.core.SpringSecurityCoreVersion;
 /**
  * OpenID Authentication Token
  *
+ * @author Robin Bramley
  * @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are
  * <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to
  * migrate</a> to <a href="https://openid.net/connect/">OpenID Connect</a>, which is
  * supported by <code>spring-security-oauth2</code>.
- * @author Robin Bramley
  */
 public class OpenIDAuthenticationToken extends AbstractAuthenticationToken {
 
diff --git a/openid/src/main/java/org/springframework/security/openid/OpenIDConsumer.java b/openid/src/main/java/org/springframework/security/openid/OpenIDConsumer.java
index 540e661df8..d49143b9f4 100644
--- a/openid/src/main/java/org/springframework/security/openid/OpenIDConsumer.java
+++ b/openid/src/main/java/org/springframework/security/openid/OpenIDConsumer.java
@@ -20,12 +20,12 @@ import javax.servlet.http.HttpServletRequest;
 /**
  * An interface for OpenID library implementations
  *
+ * @author Ray Krueger
+ * @author Robin Bramley, Opsera Ltd
  * @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are
  * <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to
  * migrate</a> to <a href="https://openid.net/connect/">OpenID Connect</a>, which is
  * supported by <code>spring-security-oauth2</code>.
- * @author Ray Krueger
- * @author Robin Bramley, Opsera Ltd
  */
 public interface OpenIDConsumer {
 
diff --git a/openid/src/main/java/org/springframework/security/openid/OpenIDConsumerException.java b/openid/src/main/java/org/springframework/security/openid/OpenIDConsumerException.java
index 937a35091d..1410eb32c0 100644
--- a/openid/src/main/java/org/springframework/security/openid/OpenIDConsumerException.java
+++ b/openid/src/main/java/org/springframework/security/openid/OpenIDConsumerException.java
@@ -18,11 +18,11 @@ package org.springframework.security.openid;
 /**
  * Thrown by an OpenIDConsumer if it cannot process a request
  *
+ * @author Robin Bramley, Opsera Ltd
  * @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are
  * <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to
  * migrate</a> to <a href="https://openid.net/connect/">OpenID Connect</a>, which is
  * supported by <code>spring-security-oauth2</code>.
- * @author Robin Bramley, Opsera Ltd
  */
 public class OpenIDConsumerException extends Exception {
 
diff --git a/openid/src/main/java/org/springframework/security/openid/RegexBasedAxFetchListFactory.java b/openid/src/main/java/org/springframework/security/openid/RegexBasedAxFetchListFactory.java
index 3f5b413662..39a0018530 100644
--- a/openid/src/main/java/org/springframework/security/openid/RegexBasedAxFetchListFactory.java
+++ b/openid/src/main/java/org/springframework/security/openid/RegexBasedAxFetchListFactory.java
@@ -22,12 +22,12 @@ import java.util.Map;
 import java.util.regex.Pattern;
 
 /**
+ * @author Luke Taylor
+ * @since 3.1
  * @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are
  * <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to
  * migrate</a> to <a href="https://openid.net/connect/">OpenID Connect</a>, which is
  * supported by <code>spring-security-oauth2</code>.
- * @author Luke Taylor
- * @since 3.1
  */
 public class RegexBasedAxFetchListFactory implements AxFetchListFactory {
 
diff --git a/openid/src/test/java/org/springframework/security/openid/MockOpenIDConsumer.java b/openid/src/test/java/org/springframework/security/openid/MockOpenIDConsumer.java
index 67dbcc9b5a..9228c022c6 100644
--- a/openid/src/test/java/org/springframework/security/openid/MockOpenIDConsumer.java
+++ b/openid/src/test/java/org/springframework/security/openid/MockOpenIDConsumer.java
@@ -18,11 +18,11 @@ package org.springframework.security.openid;
 import javax.servlet.http.HttpServletRequest;
 
 /**
+ * @author Robin Bramley, Opsera Ltd
  * @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are
  * <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to
  * migrate</a> to <a href="https://openid.net/connect/">OpenID Connect</a>, which is
  * supported by <code>spring-security-oauth2</code>.
- * @author Robin Bramley, Opsera Ltd
  */
 public class MockOpenIDConsumer implements OpenIDConsumer {
 
diff --git a/openid/src/test/java/org/springframework/security/openid/OpenID4JavaConsumerTests.java b/openid/src/test/java/org/springframework/security/openid/OpenID4JavaConsumerTests.java
index f185a46066..f71600c629 100644
--- a/openid/src/test/java/org/springframework/security/openid/OpenID4JavaConsumerTests.java
+++ b/openid/src/test/java/org/springframework/security/openid/OpenID4JavaConsumerTests.java
@@ -40,11 +40,11 @@ import org.springframework.mock.web.MockHttpServletRequest;
 import java.util.*;
 
 /**
+ * @author Luke Taylor
  * @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are
  * <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to
  * migrate</a> to <a href="https://openid.net/connect/">OpenID Connect</a>, which is
  * supported by <code>spring-security-oauth2</code>.
- * @author Luke Taylor
  */
 public class OpenID4JavaConsumerTests {
 
diff --git a/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationProviderTests.java b/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationProviderTests.java
index aef409a22c..bb1d2c10fc 100644
--- a/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationProviderTests.java
+++ b/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationProviderTests.java
@@ -35,11 +35,11 @@ import org.springframework.security.core.userdetails.UserDetailsService;
 /**
  * Tests {@link OpenIDAuthenticationProvider}
  *
+ * @author Robin Bramley, Opsera Ltd
  * @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are
  * <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to
  * migrate</a> to <a href="https://openid.net/connect/">OpenID Connect</a>, which is
  * supported by <code>spring-security-oauth2</code>.
- * @author Robin Bramley, Opsera Ltd
  */
 public class OpenIDAuthenticationProviderTests {
 
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/core/Saml2X509Credential.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/core/Saml2X509Credential.java
index 1aeb1649bf..4ce1cd7530 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/core/Saml2X509Credential.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/core/Saml2X509Credential.java
@@ -34,9 +34,9 @@ import static org.springframework.util.Assert.state;
  * "https://www.oasis-open.org/committees/download.php/8958/sstc-saml-implementation-guidelines-draft-01.pdf">
  * usages </a> (Line 584, Section 4.3 Credentials).
  *
- * @since 5.4
  * @author Filip Hanik
  * @author Josh Cummings
+ * @since 5.4
  */
 public final class Saml2X509Credential {
 
@@ -140,7 +140,7 @@ public final class Saml2X509Credential {
 	/**
 	 * Get the private key for this credential
 	 * @return the private key, may be null
-	 * @see {@link #Saml2X509Credential(PrivateKey, X509Certificate, Saml2X509CredentialType...)}
+	 * @see #Saml2X509Credential(PrivateKey, X509Certificate, Saml2X509CredentialType...)
 	 */
 	public PrivateKey getPrivateKey() {
 		return this.privateKey;
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/credentials/Saml2X509Credential.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/credentials/Saml2X509Credential.java
index f329ff08f8..648cb0d715 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/credentials/Saml2X509Credential.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/credentials/Saml2X509Credential.java
@@ -157,7 +157,7 @@ public class Saml2X509Credential {
 	/**
 	 * Returns the private key, or null if this credential type doesn't require one.
 	 * @return the private key, or null
-	 * @see {@link #Saml2X509Credential(PrivateKey, X509Certificate, Saml2X509CredentialType...)}
+	 * @see #Saml2X509Credential(PrivateKey, X509Certificate, Saml2X509CredentialType...)
 	 */
 	public PrivateKey getPrivateKey() {
 		return this.privateKey;
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/AbstractSaml2AuthenticationRequest.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/AbstractSaml2AuthenticationRequest.java
index 3b3b6536fc..486d8b26a4 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/AbstractSaml2AuthenticationRequest.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/AbstractSaml2AuthenticationRequest.java
@@ -30,9 +30,9 @@ import java.nio.charset.Charset;
  * https://www.oasis-open.org/committees/download.php/35711/sstc-saml-core-errata-2.0-wd-06-diff.pdf
  * (line 2031)
  *
+ * @since 5.3
  * @see Saml2AuthenticationRequestFactory#createPostAuthenticationRequest(Saml2AuthenticationRequestContext)
  * @see Saml2AuthenticationRequestFactory#createRedirectAuthenticationRequest(Saml2AuthenticationRequestContext)
- * @since 5.3
  */
 abstract class AbstractSaml2AuthenticationRequest {
 
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationRequest.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationRequest.java
index c922a8c117..fbcdbf4f1d 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationRequest.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationRequest.java
@@ -185,7 +185,7 @@ public final class Saml2AuthenticationRequest {
 		/**
 		 * Creates a {@link Saml2AuthenticationRequest} object.
 		 * @return the Saml2AuthenticationRequest object
-		 * @throws {@link IllegalArgumentException} if a required property is not set
+		 * @throws IllegalArgumentException if a required property is not set
 		 */
 		public Saml2AuthenticationRequest build() {
 			return new Saml2AuthenticationRequest(this.issuer, this.destination, this.assertionConsumerServiceUrl,
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationRequestContext.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationRequestContext.java
index 5902571aa9..690ebbd98a 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationRequestContext.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationRequestContext.java
@@ -25,9 +25,9 @@ import org.springframework.util.Assert;
  * "https://www.oasis-open.org/committees/download.php/35711/sstc-saml-core-errata-2.0-wd-06-diff.pdf">
  * Assertions and Protocols for SAML 2 (line 2031)</a>
  *
+ * @since 5.3
  * @see Saml2AuthenticationRequestFactory#createPostAuthenticationRequest(Saml2AuthenticationRequestContext)
  * @see Saml2AuthenticationRequestFactory#createRedirectAuthenticationRequest(Saml2AuthenticationRequestContext)
- * @since 5.3
  */
 public class Saml2AuthenticationRequestContext {
 
@@ -167,7 +167,7 @@ public class Saml2AuthenticationRequestContext {
 		/**
 		 * Creates a {@link Saml2AuthenticationRequestContext} object.
 		 * @return the Saml2AuthenticationRequest object
-		 * @throws {@link IllegalArgumentException} if a required property is not set
+		 * @throws IllegalArgumentException if a required property is not set
 		 */
 		public Saml2AuthenticationRequestContext build() {
 			return new Saml2AuthenticationRequestContext(this.relyingPartyRegistration, this.issuer,
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationToken.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationToken.java
index a266dd93ec..22f042c328 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationToken.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationToken.java
@@ -30,9 +30,9 @@ import static org.springframework.security.saml2.provider.service.registration.R
  * Represents an incoming SAML 2.0 response containing an assertion that has not been
  * validated. {@link Saml2AuthenticationToken#isAuthenticated()} will always return false.
  *
- * @since 5.2
  * @author Filip Hanik
  * @author Josh Cummings
+ * @since 5.2
  */
 public class Saml2AuthenticationToken extends AbstractAuthenticationToken {
 
@@ -71,7 +71,7 @@ public class Saml2AuthenticationToken extends AbstractAuthenticationToken {
 	 * @param localSpEntityId the configured local SP, the relying party, entity ID
 	 * @param credentials the credentials configured for signature verification and
 	 * decryption
-	 * @deprecated Use {@link Saml2AuthenticationToken(RelyingPartyRegistration, String)}
+	 * @deprecated Use {@link #Saml2AuthenticationToken(RelyingPartyRegistration, String)}
 	 * instead
 	 */
 	@Deprecated
@@ -125,8 +125,7 @@ public class Saml2AuthenticationToken extends AbstractAuthenticationToken {
 	 * Returns the URI that the SAML 2 Response object came in on
 	 * @return URI as a string
 	 * @deprecated Use
-	 * {@link #getRelyingPartyRegistration().getAssertionConsumerServiceLocation()}
-	 * instead
+	 * {@code getRelyingPartyRegistration().getAssertionConsumerServiceLocation()} instead
 	 */
 	@Deprecated
 	public String getRecipientUri() {
@@ -136,7 +135,7 @@ public class Saml2AuthenticationToken extends AbstractAuthenticationToken {
 	/**
 	 * Returns the configured entity ID of the receiving relying party, SP
 	 * @return an entityID for the configured local relying party
-	 * @deprecated Use {@link #getRelyingPartyRegistration().getEntityId()} instead
+	 * @deprecated Use {@code getRelyingPartyRegistration().getEntityId()} instead
 	 */
 	@Deprecated
 	public String getLocalSpEntityId() {
@@ -145,7 +144,7 @@ public class Saml2AuthenticationToken extends AbstractAuthenticationToken {
 
 	/**
 	 * Returns all the credentials associated with the relying party configuraiton
-	 * @return
+	 * @return all associated credentials
 	 * @deprecated Get the credentials through {@link #getRelyingPartyRegistration()}
 	 * instead
 	 */
@@ -165,7 +164,6 @@ public class Saml2AuthenticationToken extends AbstractAuthenticationToken {
 	/**
 	 * The state of this object cannot be changed. Will always throw an exception
 	 * @param authenticated ignored
-	 * @throws {@link IllegalArgumentException}
 	 */
 	@Override
 	public void setAuthenticated(boolean authenticated) {
@@ -176,7 +174,7 @@ public class Saml2AuthenticationToken extends AbstractAuthenticationToken {
 	 * Returns the configured IDP, asserting party, entity ID
 	 * @return a string representing the entity ID
 	 * @deprecated Use
-	 * {@link #getRelyingPartyRegistration().getAssertingPartyDetails().getEntityId()}
+	 * {@code getRelyingPartyRegistration().getAssertingPartyDetails().getEntityId()}
 	 * instead
 	 */
 	@Deprecated
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2PostAuthenticationRequest.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2PostAuthenticationRequest.java
index 7d3f3aab41..b767af35e6 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2PostAuthenticationRequest.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2PostAuthenticationRequest.java
@@ -26,8 +26,8 @@ import static org.springframework.security.saml2.provider.service.registration.S
  * https://www.oasis-open.org/committees/download.php/35711/sstc-saml-core-errata-2.0-wd-06-diff.pdf
  * (line 2031)
  *
- * @see Saml2AuthenticationRequestFactory
  * @since 5.3
+ * @see Saml2AuthenticationRequestFactory
  */
 public class Saml2PostAuthenticationRequest extends AbstractSaml2AuthenticationRequest {
 
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2RedirectAuthenticationRequest.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2RedirectAuthenticationRequest.java
index d5ae3c32c5..a4b0d25c95 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2RedirectAuthenticationRequest.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2RedirectAuthenticationRequest.java
@@ -26,8 +26,8 @@ import static org.springframework.security.saml2.provider.service.registration.S
  * https://www.oasis-open.org/committees/download.php/35711/sstc-saml-core-errata-2.0-wd-06-diff.pdf
  * (line 2031)
  *
- * @see Saml2AuthenticationRequestFactory
  * @since 5.3
+ * @see Saml2AuthenticationRequestFactory
  */
 public class Saml2RedirectAuthenticationRequest extends AbstractSaml2AuthenticationRequest {
 
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistration.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistration.java
index e275c51161..17dede124a 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistration.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistration.java
@@ -67,9 +67,9 @@ import org.springframework.util.Assert;
  * 			.build();
  * </pre>
  *
- * @since 5.2
  * @author Filip Hanik
  * @author Josh Cummings
+ * @since 5.2
  */
 public class RelyingPartyRegistration {
 
@@ -284,7 +284,7 @@ public class RelyingPartyRegistration {
 	 * @return a filtered list containing only credentials of type
 	 * {@link org.springframework.security.saml2.credentials.Saml2X509Credential.Saml2X509CredentialType#VERIFICATION}.
 	 * Returns an empty list of credentials are not found
-	 * @deprecated Use {@link #getAssertingPartyDetails().getSigningX509Credentials()}
+	 * @deprecated Use {code #getAssertingPartyDetails().getSigningX509Credentials()}
 	 * instead
 	 */
 	@Deprecated
@@ -909,8 +909,8 @@ public class RelyingPartyRegistration {
 		 * Provider.
 		 * @param entityId the IDP entityId
 		 * @return this object
-		 * @deprecated use {@link #assertingPartyDetails(Consumer<
-		 * AssertingPartyDetails.Builder >)}
+		 * @deprecated use
+		 * {@code #assertingPartyDetails(Consumer<AssertingPartyDetails.Builder >)}
 		 */
 		@Deprecated
 		public Builder remoteIdpEntityId(String entityId) {
@@ -923,8 +923,8 @@ public class RelyingPartyRegistration {
 		 * @param url - a URL that accepts authentication requests via REDIRECT or POST
 		 * bindings
 		 * @return this object
-		 * @deprecated use {@link #assertingPartyDetails(Consumer<
-		 * AssertingPartyDetails.Builder >)}
+		 * @deprecated use
+		 * {@code #assertingPartyDetails(Consumer<AssertingPartyDetails.Builder >)}
 		 */
 		@Deprecated
 		public Builder idpWebSsoUrl(String url) {
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistrationRepository.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistrationRepository.java
index 48e6419ff5..1c681d92a3 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistrationRepository.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistrationRepository.java
@@ -19,8 +19,8 @@ package org.springframework.security.saml2.provider.service.registration;
 /**
  * A repository for {@link RelyingPartyRegistration}s
  *
- * @since 5.2
  * @author Filip Hanik
+ * @since 5.2
  */
 public interface RelyingPartyRegistrationRepository {
 
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationRequestFilter.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationRequestFilter.java
index ea3520147c..70b595cb45 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationRequestFilter.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationRequestFilter.java
@@ -64,9 +64,9 @@ import static java.nio.charset.StandardCharsets.ISO_8859_1;
  * {@link RelyingPartyRegistration#getRegistrationId() registration identifier} of the
  * relying party that is used for initiating the authentication request.
  *
- * @since 5.2
  * @author Filip Hanik
  * @author Josh Cummings
+ * @since 5.2
  */
 public class Saml2WebSsoAuthenticationRequestFilter extends OncePerRequestFilter {
 
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/DefaultRelyingPartyRegistrationResolver.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/DefaultRelyingPartyRegistrationResolver.java
index bdc60fcc0b..c7acd46e51 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/DefaultRelyingPartyRegistrationResolver.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/DefaultRelyingPartyRegistrationResolver.java
@@ -40,8 +40,8 @@ import static org.springframework.web.util.UriComponentsBuilder.fromHttpUrl;
  * registration id from the request, querying a
  * {@link RelyingPartyRegistrationRepository}, and resolving any template values.
  *
- * @since 5.4
  * @author Josh Cummings
+ * @since 5.4
  */
 public final class DefaultRelyingPartyRegistrationResolver
 		implements Converter<HttpServletRequest, RelyingPartyRegistration> {
diff --git a/taglibs/src/main/java/org/springframework/security/taglibs/authz/JspAuthorizeTag.java b/taglibs/src/main/java/org/springframework/security/taglibs/authz/JspAuthorizeTag.java
index de9d1bb675..6584e3ee5e 100644
--- a/taglibs/src/main/java/org/springframework/security/taglibs/authz/JspAuthorizeTag.java
+++ b/taglibs/src/main/java/org/springframework/security/taglibs/authz/JspAuthorizeTag.java
@@ -43,8 +43,8 @@ import org.springframework.security.web.FilterInvocation;
  * A JSP {@link Tag} implementation of {@link AbstractAuthorizeTag}.
  *
  * @author Rossen Stoyanchev
- * @see AbstractAuthorizeTag
  * @since 3.1.0
+ * @see AbstractAuthorizeTag
  */
 public class JspAuthorizeTag extends AbstractAuthorizeTag implements Tag {
 
diff --git a/taglibs/src/main/java/org/springframework/security/taglibs/csrf/AbstractCsrfTag.java b/taglibs/src/main/java/org/springframework/security/taglibs/csrf/AbstractCsrfTag.java
index 366a8fcfe4..3dbe9cee9a 100644
--- a/taglibs/src/main/java/org/springframework/security/taglibs/csrf/AbstractCsrfTag.java
+++ b/taglibs/src/main/java/org/springframework/security/taglibs/csrf/AbstractCsrfTag.java
@@ -25,8 +25,8 @@ import java.io.IOException;
 /**
  * An abstract tag for handling CSRF operations.
  *
- * @since 3.2.2
  * @author Nick Williams
+ * @since 3.2.2
  */
 abstract class AbstractCsrfTag extends TagSupport {
 
diff --git a/taglibs/src/main/java/org/springframework/security/taglibs/csrf/CsrfInputTag.java b/taglibs/src/main/java/org/springframework/security/taglibs/csrf/CsrfInputTag.java
index ade138fb54..799c0eab6b 100644
--- a/taglibs/src/main/java/org/springframework/security/taglibs/csrf/CsrfInputTag.java
+++ b/taglibs/src/main/java/org/springframework/security/taglibs/csrf/CsrfInputTag.java
@@ -22,8 +22,8 @@ import org.springframework.security.web.csrf.CsrfToken;
  * A JSP tag that prints out a hidden form field for the CSRF token. See the JSP Tab
  * Library documentation for more information.
  *
- * @since 3.2.2
  * @author Nick Williams
+ * @since 3.2.2
  */
 public class CsrfInputTag extends AbstractCsrfTag {
 
diff --git a/taglibs/src/main/java/org/springframework/security/taglibs/csrf/CsrfMetaTagsTag.java b/taglibs/src/main/java/org/springframework/security/taglibs/csrf/CsrfMetaTagsTag.java
index e196dd8a2e..389dd3d51c 100644
--- a/taglibs/src/main/java/org/springframework/security/taglibs/csrf/CsrfMetaTagsTag.java
+++ b/taglibs/src/main/java/org/springframework/security/taglibs/csrf/CsrfMetaTagsTag.java
@@ -22,8 +22,8 @@ import org.springframework.security.web.csrf.CsrfToken;
  * A JSP tag that prints out a meta tags holding the CSRF form field name and token value
  * for use in JavaScrip code. See the JSP Tab Library documentation for more information.
  *
- * @since 3.2.2
  * @author Nick Williams
+ * @since 3.2.2
  */
 public class CsrfMetaTagsTag extends AbstractCsrfTag {
 
diff --git a/test/src/main/java/org/springframework/security/test/context/support/WithAnonymousUserSecurityContextFactory.java b/test/src/main/java/org/springframework/security/test/context/support/WithAnonymousUserSecurityContextFactory.java
index 11409e1d8b..b5e35ee06c 100644
--- a/test/src/main/java/org/springframework/security/test/context/support/WithAnonymousUserSecurityContextFactory.java
+++ b/test/src/main/java/org/springframework/security/test/context/support/WithAnonymousUserSecurityContextFactory.java
@@ -28,11 +28,10 @@ import org.springframework.security.core.context.SecurityContextHolder;
  * A {@link WithAnonymousUserSecurityContextFactory} that runs with an
  * {@link AnonymousAuthenticationToken}. .
  *
- * @see WithUserDetails
  * @author Rob Winch
  * @since 4.1
+ * @see WithUserDetails
  */
-
 final class WithAnonymousUserSecurityContextFactory implements WithSecurityContextFactory<WithAnonymousUser> {
 
 	public SecurityContext createSecurityContext(WithAnonymousUser withUser) {
diff --git a/test/src/main/java/org/springframework/security/test/context/support/WithSecurityContextFactory.java b/test/src/main/java/org/springframework/security/test/context/support/WithSecurityContextFactory.java
index c00e589fab..72c58cc84d 100644
--- a/test/src/main/java/org/springframework/security/test/context/support/WithSecurityContextFactory.java
+++ b/test/src/main/java/org/springframework/security/test/context/support/WithSecurityContextFactory.java
@@ -24,12 +24,12 @@ import org.springframework.security.test.context.TestSecurityContextHolder;
  * An API that works with WithUserTestExcecutionListener for creating a
  * {@link SecurityContext} that is populated in the {@link TestSecurityContextHolder}.
  *
- * @author Rob Winch
  * @param <A>
+ * @author Rob Winch
+ * @since 4.0
  * @see WithSecurityContext
  * @see WithMockUser
  * @see WithUserDetails
- * @since 4.0
  */
 public interface WithSecurityContextFactory<A extends Annotation> {
 
diff --git a/test/src/main/java/org/springframework/security/test/context/support/WithUserDetailsSecurityContextFactory.java b/test/src/main/java/org/springframework/security/test/context/support/WithUserDetailsSecurityContextFactory.java
index 0bb706ddfb..55b3d48060 100644
--- a/test/src/main/java/org/springframework/security/test/context/support/WithUserDetailsSecurityContextFactory.java
+++ b/test/src/main/java/org/springframework/security/test/context/support/WithUserDetailsSecurityContextFactory.java
@@ -35,11 +35,10 @@ import org.springframework.util.StringUtils;
  * A {@link WithUserDetailsSecurityContextFactory} that works with {@link WithUserDetails}
  * .
  *
- * @see WithUserDetails
  * @author Rob Winch
  * @since 4.0
+ * @see WithUserDetails
  */
-
 final class WithUserDetailsSecurityContextFactory implements WithSecurityContextFactory<WithUserDetails> {
 
 	private static final boolean reactorPresent = ClassUtils.isPresent("reactor.core.publisher.Mono",
diff --git a/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessors.java b/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessors.java
index 1821fa1ab6..a0fe23aa6b 100644
--- a/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessors.java
+++ b/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessors.java
@@ -947,9 +947,9 @@ public final class SecurityMockMvcRequestPostProcessors {
 		 * @param roles The roles to populate. Note that if the role does not start with
 		 * {@link #ROLE_PREFIX} it will automatically be prepended. This means by default
 		 * {@code roles("ROLE_USER")} and {@code roles("USER")} are equivalent.
+		 * @return the UserRequestPostProcessor for further customizations
 		 * @see #authorities(GrantedAuthority...)
 		 * @see #ROLE_PREFIX
-		 * @return the UserRequestPostProcessor for further customizations
 		 */
 		public UserRequestPostProcessor roles(String... roles) {
 			List<GrantedAuthority> authorities = new ArrayList<>(roles.length);
@@ -969,8 +969,8 @@ public final class SecurityMockMvcRequestPostProcessors {
 		/**
 		 * Populates the user's {@link GrantedAuthority}'s. The default is ROLE_USER.
 		 * @param authorities
-		 * @see #roles(String...)
 		 * @return the UserRequestPostProcessor for further customizations
+		 * @see #roles(String...)
 		 */
 		public UserRequestPostProcessor authorities(GrantedAuthority... authorities) {
 			return authorities(Arrays.asList(authorities));
@@ -979,8 +979,8 @@ public final class SecurityMockMvcRequestPostProcessors {
 		/**
 		 * Populates the user's {@link GrantedAuthority}'s. The default is ROLE_USER.
 		 * @param authorities
-		 * @see #roles(String...)
 		 * @return the UserRequestPostProcessor for further customizations
+		 * @see #roles(String...)
 		 */
 		public UserRequestPostProcessor authorities(Collection<? extends GrantedAuthority> authorities) {
 			this.authorities = authorities;
diff --git a/test/src/main/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurers.java b/test/src/main/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurers.java
index 0f4f748e32..1fa2af9be4 100644
--- a/test/src/main/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurers.java
+++ b/test/src/main/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurers.java
@@ -24,8 +24,8 @@ import javax.servlet.Filter;
  * Provides Security related
  * {@link org.springframework.test.web.servlet.setup.MockMvcConfigurer} implementations.
  *
- * @since 4.0
  * @author Rob Winch
+ * @since 4.0
  */
 public final class SecurityMockMvcConfigurers {
 
diff --git a/web/src/main/java/org/springframework/security/web/FilterChainProxy.java b/web/src/main/java/org/springframework/security/web/FilterChainProxy.java
index e67db58754..6796b3a6a2 100644
--- a/web/src/main/java/org/springframework/security/web/FilterChainProxy.java
+++ b/web/src/main/java/org/springframework/security/web/FilterChainProxy.java
@@ -267,9 +267,8 @@ public class FilterChainProxy extends GenericFilterBean {
 	/**
 	 * Sets the {@link RequestRejectedHandler} to be used for requests rejected by the
 	 * firewall.
-	 *
-	 * @since 5.2
 	 * @param requestRejectedHandler the {@link RequestRejectedHandler}
+	 * @since 5.2
 	 */
 	public void setRequestRejectedHandler(RequestRejectedHandler requestRejectedHandler) {
 		Assert.notNull(requestRejectedHandler, "requestRejectedHandler may not be null");
diff --git a/web/src/main/java/org/springframework/security/web/WebAttributes.java b/web/src/main/java/org/springframework/security/web/WebAttributes.java
index 38ea04be0e..bb1c279ccb 100644
--- a/web/src/main/java/org/springframework/security/web/WebAttributes.java
+++ b/web/src/main/java/org/springframework/security/web/WebAttributes.java
@@ -45,8 +45,8 @@ public final class WebAttributes {
 	 * Set as a request attribute to override the default
 	 * {@link WebInvocationPrivilegeEvaluator}
 	 *
-	 * @see WebInvocationPrivilegeEvaluator
 	 * @since 3.1.3
+	 * @see WebInvocationPrivilegeEvaluator
 	 */
 	public static final String WEB_INVOCATION_PRIVILEGE_EVALUATOR_ATTRIBUTE = WebAttributes.class.getName()
 			+ ".WEB_INVOCATION_PRIVILEGE_EVALUATOR_ATTRIBUTE";
diff --git a/web/src/main/java/org/springframework/security/web/access/expression/EvaluationContextPostProcessor.java b/web/src/main/java/org/springframework/security/web/access/expression/EvaluationContextPostProcessor.java
index 5b77e7fc2c..5f700fa6c3 100644
--- a/web/src/main/java/org/springframework/security/web/access/expression/EvaluationContextPostProcessor.java
+++ b/web/src/main/java/org/springframework/security/web/access/expression/EvaluationContextPostProcessor.java
@@ -25,9 +25,9 @@ import org.springframework.expression.EvaluationContext;
  * This API is intentionally kept package scope as it may evolve over time.
  * </p>
  *
+ * @param <I> the invocation to use for post processing
  * @author Rob Winch
  * @since 4.1
- * @param <I> the invocation to use for post processing
  */
 interface EvaluationContextPostProcessor<I> {
 
diff --git a/web/src/main/java/org/springframework/security/web/authentication/Http403ForbiddenEntryPoint.java b/web/src/main/java/org/springframework/security/web/authentication/Http403ForbiddenEntryPoint.java
index b80125ec44..a9f54f952f 100755
--- a/web/src/main/java/org/springframework/security/web/authentication/Http403ForbiddenEntryPoint.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/Http403ForbiddenEntryPoint.java
@@ -38,10 +38,10 @@ import org.springframework.security.web.AuthenticationEntryPoint;
  * The <code>commence</code> method will always return an
  * <code>HttpServletResponse.SC_FORBIDDEN</code> (403 error).
  *
- * @see org.springframework.security.web.access.ExceptionTranslationFilter
  * @author Luke Taylor
  * @author Ruud Senden
  * @since 2.0
+ * @see org.springframework.security.web.access.ExceptionTranslationFilter
  */
 public class Http403ForbiddenEntryPoint implements AuthenticationEntryPoint {
 
diff --git a/web/src/main/java/org/springframework/security/web/authentication/logout/CookieClearingLogoutHandler.java b/web/src/main/java/org/springframework/security/web/authentication/logout/CookieClearingLogoutHandler.java
index d7cb534bbd..7b88d97dab 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/logout/CookieClearingLogoutHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/logout/CookieClearingLogoutHandler.java
@@ -55,8 +55,8 @@ public final class CookieClearingLogoutHandler implements LogoutHandler {
 	}
 
 	/**
-	 * @since 5.2
 	 * @param cookiesToClear - One or more Cookie objects that must have maxAge of 0
+	 * @since 5.2
 	 */
 	public CookieClearingLogoutHandler(Cookie... cookiesToClear) {
 		Assert.notNull(cookiesToClear, "List of cookies cannot be null");
diff --git a/web/src/main/java/org/springframework/security/web/authentication/logout/HeaderWriterLogoutHandler.java b/web/src/main/java/org/springframework/security/web/authentication/logout/HeaderWriterLogoutHandler.java
index a95bad8ffd..cc5ce0309c 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/logout/HeaderWriterLogoutHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/logout/HeaderWriterLogoutHandler.java
@@ -34,7 +34,7 @@ public final class HeaderWriterLogoutHandler implements LogoutHandler {
 	/**
 	 * Constructs a new instance using the passed {@link HeaderWriter} implementation
 	 * @param headerWriter
-	 * @throws {@link IllegalArgumentException} if headerWriter is null.
+	 * @throws IllegalArgumentException if headerWriter is null.
 	 */
 	public HeaderWriterLogoutHandler(HeaderWriter headerWriter) {
 		Assert.notNull(headerWriter, "headerWriter cannot be null");
diff --git a/web/src/main/java/org/springframework/security/web/authentication/rememberme/PersistentTokenRepository.java b/web/src/main/java/org/springframework/security/web/authentication/rememberme/PersistentTokenRepository.java
index f6b1a1c228..8e61af9934 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/rememberme/PersistentTokenRepository.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/rememberme/PersistentTokenRepository.java
@@ -21,10 +21,10 @@ import java.util.Date;
  * The abstraction used by {@link PersistentTokenBasedRememberMeServices} to store the
  * persistent login tokens for a user.
  *
- * @see JdbcTokenRepositoryImpl
- * @see InMemoryTokenRepositoryImpl
  * @author Luke Taylor
  * @since 2.0
+ * @see JdbcTokenRepositoryImpl
+ * @see InMemoryTokenRepositoryImpl
  */
 public interface PersistentTokenRepository {
 
diff --git a/web/src/main/java/org/springframework/security/web/authentication/session/ConcurrentSessionControlAuthenticationStrategy.java b/web/src/main/java/org/springframework/security/web/authentication/session/ConcurrentSessionControlAuthenticationStrategy.java
index 976fc44920..936ff6efcc 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/session/ConcurrentSessionControlAuthenticationStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/session/ConcurrentSessionControlAuthenticationStrategy.java
@@ -61,10 +61,10 @@ import org.springframework.util.Assert;
  * {@link CompositeSessionAuthenticationStrategy}.
  * </p>
  *
- * @see CompositeSessionAuthenticationStrategy
  * @author Luke Taylor
  * @author Rob Winch
  * @since 3.2
+ * @see CompositeSessionAuthenticationStrategy
  */
 public class ConcurrentSessionControlAuthenticationStrategy
 		implements MessageSourceAware, SessionAuthenticationStrategy {
diff --git a/web/src/main/java/org/springframework/security/web/authentication/session/RegisterSessionAuthenticationStrategy.java b/web/src/main/java/org/springframework/security/web/authentication/session/RegisterSessionAuthenticationStrategy.java
index 8681163a6b..1f72780e57 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/session/RegisterSessionAuthenticationStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/session/RegisterSessionAuthenticationStrategy.java
@@ -38,10 +38,10 @@ import org.springframework.util.Assert;
  * timed out sessions) are removed. This is typically done by adding
  * {@link HttpSessionEventPublisher}.
  *
- * @see CompositeSessionAuthenticationStrategy
  * @author Luke Taylor
  * @author Rob Winch
  * @since 3.2
+ * @see CompositeSessionAuthenticationStrategy
  */
 public class RegisterSessionAuthenticationStrategy implements SessionAuthenticationStrategy {
 
diff --git a/web/src/main/java/org/springframework/security/web/context/HttpSessionSecurityContextRepository.java b/web/src/main/java/org/springframework/security/web/context/HttpSessionSecurityContextRepository.java
index 4858607a06..090cd33774 100644
--- a/web/src/main/java/org/springframework/security/web/context/HttpSessionSecurityContextRepository.java
+++ b/web/src/main/java/org/springframework/security/web/context/HttpSessionSecurityContextRepository.java
@@ -279,9 +279,8 @@ public class HttpSessionSecurityContextRepository implements SecurityContextRepo
 
 	/**
 	 * Wrapper that is applied to every request/response to update the
-	 * <code>HttpSession<code> with
-	 * the <code>SecurityContext</code> when a <code>sendError()</code> or
-	 * <code>sendRedirect</code> happens. See SEC-398.
+	 * <code>HttpSession</code> with the <code>SecurityContext</code> when a
+	 * <code>sendError()</code> or <code>sendRedirect</code> happens. See SEC-398.
 	 * <p>
 	 * Stores the necessary state from the start of the request in order to make a
 	 * decision about whether the security context has changed before saving it.
diff --git a/web/src/main/java/org/springframework/security/web/context/support/SecurityWebApplicationContextUtils.java b/web/src/main/java/org/springframework/security/web/context/support/SecurityWebApplicationContextUtils.java
index afc88e9aa5..b97b5fd6d7 100644
--- a/web/src/main/java/org/springframework/security/web/context/support/SecurityWebApplicationContextUtils.java
+++ b/web/src/main/java/org/springframework/security/web/context/support/SecurityWebApplicationContextUtils.java
@@ -40,9 +40,9 @@ public abstract class SecurityWebApplicationContextUtils extends WebApplicationC
 	 * {@code DispatcherServlet} registrations in the web app.
 	 * @param servletContext ServletContext to find the web application context for
 	 * @return the desired WebApplicationContext for this web app
+	 * @throws IllegalStateException if no WebApplicationContext can be found
 	 * @see #getWebApplicationContext(ServletContext)
 	 * @see ServletContext#getAttributeNames()
-	 * @throws IllegalStateException if no WebApplicationContext can be found
 	 */
 	public static WebApplicationContext findRequiredWebApplicationContext(ServletContext servletContext) {
 		WebApplicationContext wac = _findWebApplicationContext(servletContext);
diff --git a/web/src/main/java/org/springframework/security/web/csrf/CookieCsrfTokenRepository.java b/web/src/main/java/org/springframework/security/web/csrf/CookieCsrfTokenRepository.java
index a5193af78a..a5a6f69c61 100644
--- a/web/src/main/java/org/springframework/security/web/csrf/CookieCsrfTokenRepository.java
+++ b/web/src/main/java/org/springframework/security/web/csrf/CookieCsrfTokenRepository.java
@@ -190,10 +190,9 @@ public final class CookieCsrfTokenRepository implements CsrfTokenRepository {
 	/**
 	 * Sets the domain of the cookie that the expected CSRF token is saved to and read
 	 * from.
-	 *
-	 * @since 5.2
 	 * @param cookieDomain the domain of the cookie that the expected CSRF token is saved
 	 * to and read from
+	 * @since 5.2
 	 */
 	public void setCookieDomain(String cookieDomain) {
 		this.cookieDomain = cookieDomain;
@@ -202,10 +201,9 @@ public final class CookieCsrfTokenRepository implements CsrfTokenRepository {
 	/**
 	 * Sets secure flag of the cookie that the expected CSRF token is saved to and read
 	 * from. By default secure flag depends on {@link ServletRequest#isSecure()}
-	 *
-	 * @since 5.4
 	 * @param secure the secure flag of the cookie that the expected CSRF token is saved
 	 * to and read from
+	 * @since 5.4
 	 */
 	public void setSecure(Boolean secure) {
 		this.secure = secure;
diff --git a/web/src/main/java/org/springframework/security/web/csrf/CsrfToken.java b/web/src/main/java/org/springframework/security/web/csrf/CsrfToken.java
index c3139a58c1..4056cda997 100644
--- a/web/src/main/java/org/springframework/security/web/csrf/CsrfToken.java
+++ b/web/src/main/java/org/springframework/security/web/csrf/CsrfToken.java
@@ -20,9 +20,9 @@ import java.io.Serializable;
 /**
  * Provides the information about an expected CSRF token.
  *
- * @see DefaultCsrfToken
  * @author Rob Winch
  * @since 3.2
+ * @see DefaultCsrfToken
  *
  */
 public interface CsrfToken extends Serializable {
diff --git a/web/src/main/java/org/springframework/security/web/csrf/CsrfTokenRepository.java b/web/src/main/java/org/springframework/security/web/csrf/CsrfTokenRepository.java
index 7b0945e898..fa3877ab3b 100644
--- a/web/src/main/java/org/springframework/security/web/csrf/CsrfTokenRepository.java
+++ b/web/src/main/java/org/springframework/security/web/csrf/CsrfTokenRepository.java
@@ -24,10 +24,9 @@ import javax.servlet.http.HttpSession;
  * associated to the {@link HttpServletRequest}. For example, it may be stored in
  * {@link HttpSession}.
  *
- * @see HttpSessionCsrfTokenRepository
  * @author Rob Winch
  * @since 3.2
- *
+ * @see HttpSessionCsrfTokenRepository
  */
 public interface CsrfTokenRepository {
 
diff --git a/web/src/main/java/org/springframework/security/web/firewall/StrictHttpFirewall.java b/web/src/main/java/org/springframework/security/web/firewall/StrictHttpFirewall.java
index f65c0b4419..8fcd7b9107 100644
--- a/web/src/main/java/org/springframework/security/web/firewall/StrictHttpFirewall.java
+++ b/web/src/main/java/org/springframework/security/web/firewall/StrictHttpFirewall.java
@@ -71,10 +71,10 @@ import org.springframework.http.HttpMethod;
  * {@link #setAllowedParameterValues(Predicate)}</li>
  * </ul>
  *
- * @see DefaultHttpFirewall
  * @author Rob Winch
  * @author Eddú Meléndez
  * @since 4.2.4
+ * @see DefaultHttpFirewall
  */
 public class StrictHttpFirewall implements HttpFirewall {
 
@@ -146,8 +146,8 @@ public class StrictHttpFirewall implements HttpFirewall {
 	 * Verb tampering and XST attacks</a>
 	 * @param unsafeAllowAnyHttpMethod if true, disables HTTP method validation, else
 	 * resets back to the defaults. Default is false.
-	 * @see #setAllowedHttpMethods(Collection)
 	 * @since 5.1
+	 * @see #setAllowedHttpMethods(Collection)
 	 */
 	public void setUnsafeAllowAnyHttpMethod(boolean unsafeAllowAnyHttpMethod) {
 		this.allowedHttpMethods = unsafeAllowAnyHttpMethod ? ALLOW_ANY_HTTP_METHOD : createDefaultAllowedHttpMethods();
@@ -160,8 +160,8 @@ public class StrictHttpFirewall implements HttpFirewall {
 	 * </p>
 	 * @param allowedHttpMethods the case-sensitive collection of HTTP methods that are
 	 * allowed.
-	 * @see #setUnsafeAllowAnyHttpMethod(boolean)
 	 * @since 5.1
+	 * @see #setUnsafeAllowAnyHttpMethod(boolean)
 	 */
 	public void setAllowedHttpMethods(Collection<String> allowedHttpMethods) {
 		if (allowedHttpMethods == null) {
@@ -355,9 +355,9 @@ public class StrictHttpFirewall implements HttpFirewall {
 	 * names that contain ISO control characters and characters that are not defined.
 	 * </p>
 	 * @param allowedHeaderNames the predicate for testing header names
+	 * @since 5.4
 	 * @see Character#isISOControl(int)
 	 * @see Character#isDefined(int)
-	 * @since 5.4
 	 */
 	public void setAllowedHeaderNames(Predicate<String> allowedHeaderNames) {
 		if (allowedHeaderNames == null) {
@@ -372,9 +372,9 @@ public class StrictHttpFirewall implements HttpFirewall {
 	 * values that contain ISO control characters and characters that are not defined.
 	 * </p>
 	 * @param allowedHeaderValues the predicate for testing hostnames
+	 * @since 5.4
 	 * @see Character#isISOControl(int)
 	 * @see Character#isDefined(int)
-	 * @since 5.4
 	 */
 	public void setAllowedHeaderValues(Predicate<String> allowedHeaderValues) {
 		if (allowedHeaderValues == null) {
diff --git a/web/src/main/java/org/springframework/security/web/header/HeaderWriter.java b/web/src/main/java/org/springframework/security/web/header/HeaderWriter.java
index 5ef940a6ec..cf4b1945eb 100644
--- a/web/src/main/java/org/springframework/security/web/header/HeaderWriter.java
+++ b/web/src/main/java/org/springframework/security/web/header/HeaderWriter.java
@@ -21,10 +21,10 @@ import javax.servlet.http.HttpServletResponse;
 /**
  * Contract for writing headers to a {@link HttpServletResponse}
  *
- * @see HeaderWriterFilter
  * @author Marten Deinum
  * @author Rob Winch
  * @since 3.2
+ * @see HeaderWriterFilter
  */
 public interface HeaderWriter {
 
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/ClearSiteDataHeaderWriter.java b/web/src/main/java/org/springframework/security/web/header/writers/ClearSiteDataHeaderWriter.java
index d230e236d6..e761f41299 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/ClearSiteDataHeaderWriter.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/ClearSiteDataHeaderWriter.java
@@ -61,7 +61,7 @@ public final class ClearSiteDataHeaderWriter implements HeaderWriter {
 	 * request is secure as per the <b>Incomplete Clearing</b> section.
 	 * </p>
 	 * @param directives (i.e. "cache", "cookies", "storage", "executionContexts" or "*")
-	 * @throws {@link IllegalArgumentException} if sources is null or empty.
+	 * @throws IllegalArgumentException if sources is null or empty.
 	 */
 	public ClearSiteDataHeaderWriter(Directive... directives) {
 		Assert.notEmpty(directives, "directives cannot be empty or null");
diff --git a/web/src/main/java/org/springframework/security/web/jackson2/CookieDeserializer.java b/web/src/main/java/org/springframework/security/web/jackson2/CookieDeserializer.java
index 9e020cb5a8..6dc09a05cb 100644
--- a/web/src/main/java/org/springframework/security/web/jackson2/CookieDeserializer.java
+++ b/web/src/main/java/org/springframework/security/web/jackson2/CookieDeserializer.java
@@ -35,8 +35,8 @@ import java.io.IOException;
  * registered with {@link CookieMixin} but you can also use it with your own mixin.
  *
  * @author Jitendra Singh
- * @see CookieMixin
  * @since 4.2
+ * @see CookieMixin
  */
 class CookieDeserializer extends JsonDeserializer<Cookie> {
 
diff --git a/web/src/main/java/org/springframework/security/web/jackson2/PreAuthenticatedAuthenticationTokenDeserializer.java b/web/src/main/java/org/springframework/security/web/jackson2/PreAuthenticatedAuthenticationTokenDeserializer.java
index 37d796b488..0b1ded683a 100644
--- a/web/src/main/java/org/springframework/security/web/jackson2/PreAuthenticatedAuthenticationTokenDeserializer.java
+++ b/web/src/main/java/org/springframework/security/web/jackson2/PreAuthenticatedAuthenticationTokenDeserializer.java
@@ -41,8 +41,8 @@ import com.fasterxml.jackson.databind.node.MissingNode;
  * your own mixin class.
  *
  * @author Jitendra Singh
- * @see PreAuthenticatedAuthenticationTokenMixin
  * @since 4.2
+ * @see PreAuthenticatedAuthenticationTokenMixin
  */
 class PreAuthenticatedAuthenticationTokenDeserializer extends JsonDeserializer<PreAuthenticatedAuthenticationToken> {
 
diff --git a/web/src/main/java/org/springframework/security/web/jackson2/WebJackson2Module.java b/web/src/main/java/org/springframework/security/web/jackson2/WebJackson2Module.java
index 8a19a7d584..49d1d21039 100644
--- a/web/src/main/java/org/springframework/security/web/jackson2/WebJackson2Module.java
+++ b/web/src/main/java/org/springframework/security/web/jackson2/WebJackson2Module.java
@@ -37,8 +37,8 @@ import com.fasterxml.jackson.databind.module.SimpleModule;
  * of all security modules.</b>
  *
  * @author Jitendra Singh
- * @see SecurityJackson2Modules
  * @since 4.2
+ * @see SecurityJackson2Modules
  */
 public class WebJackson2Module extends SimpleModule {
 
diff --git a/web/src/main/java/org/springframework/security/web/jackson2/WebServletJackson2Module.java b/web/src/main/java/org/springframework/security/web/jackson2/WebServletJackson2Module.java
index 8e71d6c007..1727edf74c 100644
--- a/web/src/main/java/org/springframework/security/web/jackson2/WebServletJackson2Module.java
+++ b/web/src/main/java/org/springframework/security/web/jackson2/WebServletJackson2Module.java
@@ -41,8 +41,8 @@ import com.fasterxml.jackson.databind.module.SimpleModule;
  * of all security modules.</b>
  *
  * @author Boris Finkelshteyn
- * @see SecurityJackson2Modules
  * @since 5.1
+ * @see SecurityJackson2Modules
  */
 public class WebServletJackson2Module extends SimpleModule {
 
diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/SwitchUserWebFilter.java b/web/src/main/java/org/springframework/security/web/server/authentication/SwitchUserWebFilter.java
index b21a7b4a09..33ab29fab5 100644
--- a/web/src/main/java/org/springframework/security/web/server/authentication/SwitchUserWebFilter.java
+++ b/web/src/main/java/org/springframework/security/web/server/authentication/SwitchUserWebFilter.java
@@ -86,8 +86,8 @@ import java.util.Optional;
  * </pre>
  *
  * @author Artur Otrzonsek
- * @see SwitchUserGrantedAuthority
  * @since 5.4
+ * @see SwitchUserGrantedAuthority
  */
 public class SwitchUserWebFilter implements WebFilter {
 
diff --git a/web/src/main/java/org/springframework/security/web/server/csrf/ServerCsrfTokenRepository.java b/web/src/main/java/org/springframework/security/web/server/csrf/ServerCsrfTokenRepository.java
index aa834a8253..85871853dd 100644
--- a/web/src/main/java/org/springframework/security/web/server/csrf/ServerCsrfTokenRepository.java
+++ b/web/src/main/java/org/springframework/security/web/server/csrf/ServerCsrfTokenRepository.java
@@ -23,9 +23,9 @@ import reactor.core.publisher.Mono;
  * associated to the {@link ServerWebExchange}. For example, it may be stored in
  * {@link org.springframework.web.server.WebSession}.
  *
- * @see WebSessionServerCsrfTokenRepository
  * @author Rob Winch
  * @since 5.0
+ * @see WebSessionServerCsrfTokenRepository
  *
  */
 public interface ServerCsrfTokenRepository {
diff --git a/web/src/main/java/org/springframework/security/web/server/jackson2/WebServerJackson2Module.java b/web/src/main/java/org/springframework/security/web/server/jackson2/WebServerJackson2Module.java
index dea20278de..20f7616275 100644
--- a/web/src/main/java/org/springframework/security/web/server/jackson2/WebServerJackson2Module.java
+++ b/web/src/main/java/org/springframework/security/web/server/jackson2/WebServerJackson2Module.java
@@ -34,8 +34,8 @@ import org.springframework.security.web.server.csrf.DefaultCsrfToken;
  * of all security modules.</b>
  *
  * @author Boris Finkelshteyn
- * @see SecurityJackson2Modules
  * @since 5.1
+ * @see SecurityJackson2Modules
  */
 public class WebServerJackson2Module extends SimpleModule {
 
diff --git a/web/src/main/java/org/springframework/security/web/servletapi/HttpServlet3RequestFactory.java b/web/src/main/java/org/springframework/security/web/servletapi/HttpServlet3RequestFactory.java
index 1fcd137bbf..09b80e2716 100644
--- a/web/src/main/java/org/springframework/security/web/servletapi/HttpServlet3RequestFactory.java
+++ b/web/src/main/java/org/springframework/security/web/servletapi/HttpServlet3RequestFactory.java
@@ -140,7 +140,7 @@ final class HttpServlet3RequestFactory implements HttpServletRequestFactory {
 	 * If the value is null (default), the default container behavior will be retained
 	 * when invoking {@link HttpServletRequest#logout()}.
 	 * </p>
-	 * @param logoutHandlers the {@link List<LogoutHandler>}s when invoking
+	 * @param logoutHandlers the {@code List<LogoutHandler>}s when invoking
 	 * {@link HttpServletRequest#logout()}.
 	 */
 	public void setLogoutHandlers(List<LogoutHandler> logoutHandlers) {
diff --git a/web/src/main/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestWrapper.java b/web/src/main/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestWrapper.java
index 518352bf1f..6fa6aec689 100644
--- a/web/src/main/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestWrapper.java
+++ b/web/src/main/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestWrapper.java
@@ -41,11 +41,11 @@ import org.springframework.util.Assert;
  * <li>{@link HttpServletRequestWrapper#getRemoteUser()}.</li>
  * </ul>
  *
- * @see SecurityContextHolderAwareRequestFilter
  * @author Orlando Garcia Carmona
  * @author Ben Alex
  * @author Luke Taylor
  * @author Rob Winch
+ * @see SecurityContextHolderAwareRequestFilter
  */
 public class SecurityContextHolderAwareRequestWrapper extends HttpServletRequestWrapper {
 
diff --git a/web/src/main/java/org/springframework/security/web/util/OnCommittedResponseWrapper.java b/web/src/main/java/org/springframework/security/web/util/OnCommittedResponseWrapper.java
index 9166e175f3..307c1c9190 100644
--- a/web/src/main/java/org/springframework/security/web/util/OnCommittedResponseWrapper.java
+++ b/web/src/main/java/org/springframework/security/web/util/OnCommittedResponseWrapper.java
@@ -28,8 +28,8 @@ import javax.servlet.http.HttpServletResponseWrapper;
  * Base class for response wrappers which encapsulate the logic for handling an event when
  * the {@link javax.servlet.http.HttpServletResponse} is committed.
  *
- * @since 4.0.2
  * @author Rob Winch
+ * @since 4.0.2
  */
 public abstract class OnCommittedResponseWrapper extends HttpServletResponseWrapper {
 
diff --git a/web/src/main/java/org/springframework/security/web/util/ThrowableAnalyzer.java b/web/src/main/java/org/springframework/security/web/util/ThrowableAnalyzer.java
index 50711b3307..c272f7c576 100755
--- a/web/src/main/java/org/springframework/security/web/util/ThrowableAnalyzer.java
+++ b/web/src/main/java/org/springframework/security/web/util/ThrowableAnalyzer.java
@@ -71,7 +71,7 @@ public class ThrowableAnalyzer {
 	};
 
 	/**
-	 * Map of registered cause extractors. key: Class<Throwable>; value:
+	 * Map of registered cause extractors. key: Class&lt;Throwable&gt;; value:
 	 * ThrowableCauseExctractor
 	 */
 	private final Map<Class<? extends Throwable>, ThrowableCauseExtractor> extractorMap;
diff --git a/web/src/test/java/org/springframework/security/web/authentication/logout/HeaderWriterLogoutHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/logout/HeaderWriterLogoutHandlerTests.java
index 393278683d..716c164db1 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/logout/HeaderWriterLogoutHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/logout/HeaderWriterLogoutHandlerTests.java
@@ -32,7 +32,7 @@ import static org.mockito.Mockito.verify;
 /**
  * @author Rafiullah Hamedy
  * @author Josh Cummings
- * @see {@link HeaderWriterLogoutHandler}
+ * @see HeaderWriterLogoutHandler
  */
 public class HeaderWriterLogoutHandlerTests {
 
diff --git a/web/src/test/java/org/springframework/security/web/csrf/CsrfFilterTests.java b/web/src/test/java/org/springframework/security/web/csrf/CsrfFilterTests.java
index 775ba32252..412a63f81e 100644
--- a/web/src/test/java/org/springframework/security/web/csrf/CsrfFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/csrf/CsrfFilterTests.java
@@ -386,7 +386,7 @@ public class CsrfFilterTests {
 	private static class CsrfTokenAssert extends AbstractObjectAssert<CsrfTokenAssert, CsrfToken> {
 
 		/**
-		 * Creates a new </code>{@link ObjectAssert}</code>.
+		 * Creates a new {@link ObjectAssert}.
 		 * @param actual the target to verify.
 		 */
 		protected CsrfTokenAssert(CsrfToken actual) {
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/ClearSiteDataHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/ClearSiteDataHeaderWriterTests.java
index 91baa9a62b..46be30a595 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/ClearSiteDataHeaderWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/ClearSiteDataHeaderWriterTests.java
@@ -33,7 +33,7 @@ import static org.springframework.security.web.header.writers.ClearSiteDataHeade
 /**
  * @author Rafiullah Hamedy
  * @author Josh Cummings
- * @see {@link ClearSiteDataHeaderWriter}
+ * @see ClearSiteDataHeaderWriter
  */
 public class ClearSiteDataHeaderWriterTests {
 

From 37fa94fafcefa2782e0f696d955934a2a29a297b Mon Sep 17 00:00:00 2001
From: Phillip Webb <pwebb@vmware.com>
Date: Wed, 5 Aug 2020 11:35:47 -0700
Subject: [PATCH 15/84] Organize imports

Use "organize imports" from Eclipse to cleanup import statements so
that they appear in a consistent and well defined order.

Issue gh-8945
---
 .../security/acls/AclEntryVoter.java          |  1 +
 .../acls/AclPermissionCacheOptimizer.java     |  1 +
 .../security/acls/AclPermissionEvaluator.java |  1 +
 ...InvocationCollectionFilteringProvider.java |  1 +
 .../AclEntryAfterInvocationProvider.java      |  1 +
 .../afterinvocation/CollectionFilterer.java   |  6 +--
 .../acls/domain/AccessControlEntryImpl.java   |  5 +-
 .../domain/AclAuthorizationStrategyImpl.java  |  8 +--
 .../acls/domain/ConsoleAuditLogger.java       |  1 -
 .../acls/domain/GrantedAuthoritySid.java      |  1 -
 .../security/acls/domain/PrincipalSid.java    |  1 -
 .../acls/domain/SpringCacheBasedAclCache.java |  4 +-
 .../security/acls/jdbc/AclClassIdUtils.java   |  1 +
 .../security/acls/jdbc/JdbcAclService.java    |  1 +
 .../security/acls/jdbc/LookupStrategy.java    |  6 +--
 .../security/acls/model/AclCache.java         |  4 +-
 .../acls/AclFormattingUtilsTests.java         |  7 +--
 .../AclPermissionCacheOptimizerTests.java     | 14 ++++--
 .../acls/AclPermissionEvaluatorTests.java     | 12 +++--
 ...ationCollectionFilteringProviderTests.java | 30 ++++++++----
 .../AclEntryAfterInvocationProviderTests.java | 35 ++++++++-----
 .../domain/AccessControlImplEntryTests.java   |  9 ++--
 .../AclAuthorizationStrategyImplTests.java    |  1 +
 .../security/acls/domain/AclImplTests.java    | 31 +++++++++---
 .../AclImplementationSecurityCheckTests.java  |  7 ++-
 .../acls/domain/AuditLoggerTests.java         |  8 +--
 .../acls/domain/ObjectIdentityImplTests.java  |  8 +--
 ...ectIdentityRetrievalStrategyImplTests.java |  5 +-
 .../security/acls/domain/PermissionTests.java |  5 +-
 .../AbstractBasicLookupStrategyTests.java     | 29 ++++++++---
 .../acls/jdbc/AclClassIdUtilsTests.java       | 15 +++---
 .../acls/jdbc/BasicLookupStrategyTests.java   |  1 +
 ...icLookupStrategyWithAclClassTypeTests.java |  4 +-
 .../security/acls/jdbc/DatabaseSeeder.java    | 12 ++---
 .../acls/jdbc/EhCacheBasedAclCacheTests.java  | 19 +++++--
 .../acls/jdbc/JdbcAclServiceTests.java        | 17 +++++--
 .../acls/jdbc/JdbcMutableAclServiceTests.java |  9 ++--
 ...cMutableAclServiceTestsWithAclClassId.java |  5 +-
 .../jdbc/SpringCacheBasedAclCacheTests.java   | 16 ++++--
 .../acls/sid/SidRetrievalStrategyTests.java   |  9 ++--
 .../security/acls/sid/SidTests.java           |  9 ++--
 .../aspect/AnnotationSecurityAspectTests.java |  5 +-
 .../CasAssertionAuthenticationToken.java      |  1 +
 .../CasAuthenticationProvider.java            | 35 ++++++++-----
 .../CasAuthenticationToken.java               |  1 +
 .../EhCacheBasedTicketCache.java              |  2 +-
 .../SpringCacheBasedTicketCache.java          |  1 +
 .../cas/jackson2/AssertionImplMixin.java      | 10 ++--
 .../jackson2/AttributePrincipalImplMixin.java | 10 ++--
 .../jackson2/CasAuthenticationTokenMixin.java | 11 +++--
 ...bstractCasAssertionUserDetailsService.java |  1 +
 ...AssertionAttributesUserDetailsService.java | 15 +++---
 .../cas/web/CasAuthenticationEntryPoint.java  |  3 +-
 .../cas/web/CasAuthenticationFilter.java      |  1 +
 .../AbstractStatelessTicketCacheTests.java    |  2 +-
 .../CasAuthenticationProviderTests.java       | 15 ++++--
 .../CasAuthenticationTokenTests.java          |  7 +--
 .../EhCacheBasedTicketCacheTests.java         | 14 +++---
 .../NullStatelessTicketCacheTests.java        |  5 +-
 .../SpringCacheBasedTicketCacheTests.java     |  3 +-
 ...tionAttributesUserDetailsServiceTests.java | 24 ++++-----
 .../web/CasAuthenticationEntryPointTests.java |  7 +--
 .../cas/web/CasAuthenticationFilterTests.java | 12 +++--
 .../cas/web/ServicePropertiesTests.java       |  6 ++-
 ...onProviderBuilderSecurityBuilderTests.java | 11 +++--
 ...espaceLdapAuthenticationProviderTests.java |  9 ++--
 .../rsocket/HelloRSocketITests.java           |  7 +--
 .../config/annotation/rsocket/JwtITests.java  | 13 ++---
 ...RSocketMessageHandlerConnectionITests.java |  7 +--
 .../rsocket/RSocketMessageHandlerITests.java  | 13 ++---
 .../rsocket/SimpleAuthenticationITests.java   |  7 +--
 .../config/DebugBeanDefinitionParser.java     |  3 +-
 .../AuthenticationManagerBuilder.java         |  1 +
 .../AuthenticationConfiguration.java          | 13 ++---
 ...GlobalAuthenticationConfigurerAdapter.java |  1 -
 ...alizeUserDetailsBeanManagerConfigurer.java |  2 +-
 .../AbstractDaoAuthenticationConfigurer.java  |  2 +-
 .../GlobalMethodSecurityConfiguration.java    |  6 ++-
 .../ReactiveMethodSecurityConfiguration.java  | 10 ++--
 .../ReactiveMethodSecuritySelector.java       |  6 +--
 .../rsocket/EnableRSocketSecurity.java        |  4 +-
 .../annotation/rsocket/RSocketSecurity.java   | 15 +++---
 .../web/AbstractRequestMatcherRegistry.java   |  8 +--
 .../web/builders/FilterComparator.java        |  1 +
 .../annotation/web/builders/HttpSecurity.java | 13 ++---
 .../HttpSecurityConfiguration.java            |  6 +--
 .../OAuth2ClientConfiguration.java            |  4 +-
 .../SecurityReactorContextConfiguration.java  | 24 ++++-----
 .../WebMvcSecurityConfiguration.java          |  6 +--
 .../WebSecurityConfiguration.java             |  1 +
 ...bstractAuthenticationFilterConfigurer.java |  9 ++--
 .../DefaultLoginPageConfigurer.java           | 11 +++--
 .../web/configurers/HeadersConfigurer.java    |  9 +++-
 .../SessionManagementConfigurer.java          |  1 +
 .../web/configurers/X509Configurer.java       |  4 +-
 .../client/OAuth2ClientConfigurerUtils.java   |  4 +-
 .../OAuth2ResourceServerConfigurer.java       |  1 +
 .../saml2/Saml2LoginConfigurer.java           |  1 +
 .../web/reactive/EnableWebFluxSecurity.java   |  8 +--
 .../ReactiveOAuth2ClientImportSelector.java   |  6 +--
 ...serDetailsServiceBeanDefinitionParser.java |  3 +-
 ...enticationManagerBeanDefinitionParser.java |  7 +--
 .../AuthenticationManagerFactoryBean.java     |  4 +-
 ...nticationProviderBeanDefinitionParser.java |  3 +-
 .../JdbcUserServiceBeanDefinitionParser.java  |  8 +--
 .../authentication/PasswordEncoderParser.java |  3 +-
 .../UserServiceBeanDefinitionParser.java      |  3 +-
 ...UserDetailsServiceResourceFactoryBean.java |  4 +-
 .../UserDetailsMapFactoryBean.java            |  8 +--
 .../UserDetailsResourceFactoryBean.java       | 10 ++--
 .../RsaKeyConversionServicePostProcessor.java |  1 +
 ...SecurityDebugBeanFactoryPostProcessor.java |  1 +
 .../http/AuthenticationConfigBuilder.java     | 20 ++++----
 .../config/http/CorsBeanDefinitionParser.java |  3 +-
 .../config/http/CsrfBeanDefinitionParser.java |  1 +
 .../http/DefaultFilterChainValidator.java     |  8 ++-
 .../http/FilterChainBeanDefinitionParser.java |  7 +--
 ...FilterChainMapBeanDefinitionDecorator.java |  5 +-
 ...nvocationSecurityMetadataSourceParser.java |  5 +-
 .../http/FormLoginBeanDefinitionParser.java   |  9 +++-
 .../http/HeadersBeanDefinitionParser.java     | 15 ++++--
 .../HttpFirewallBeanDefinitionParser.java     |  3 +-
 .../http/LogoutBeanDefinitionParser.java      |  3 +-
 .../security/config/http/MatcherType.java     |  3 +-
 .../OAuth2ClientBeanDefinitionParser.java     |  3 +-
 ...OAuth2ClientBeanDefinitionParserUtils.java |  3 +-
 .../http/OAuth2LoginBeanDefinitionParser.java | 17 ++++---
 ...th2ResourceServerBeanDefinitionParser.java |  1 +
 .../PortMappingsBeanDefinitionParser.java     |  3 +-
 .../http/RememberMeBeanDefinitionParser.java  |  3 +-
 .../http/UserDetailsServiceFactoryBean.java   |  2 +-
 .../LdapProviderBeanDefinitionParser.java     |  3 +-
 .../LdapUserServiceBeanDefinitionParser.java  | 10 ++--
 ...balMethodSecurityBeanDefinitionParser.java | 12 +++--
 ...terceptMethodsBeanDefinitionDecorator.java | 10 ++--
 ...ityMetadataSourceBeanDefinitionParser.java |  3 +-
 .../method/ProtectPointcutPostProcessor.java  |  8 ++-
 ...ientRegistrationsBeanDefinitionParser.java | 17 ++++---
 ...UserDetailsManagerResourceFactoryBean.java |  4 +-
 ...tractServerWebExchangeMatcherRegistry.java |  4 +-
 .../config/web/server/ServerHttpSecurity.java |  9 ++--
 ...ageBrokerSecurityBeanDefinitionParser.java |  7 +--
 .../security/CollectingAppListener.java       |  3 +-
 .../config/FilterChainProxyConfigTests.java   |  8 +--
 .../config/InvalidConfigurationTests.java     |  7 +--
 .../security/config/MockEventListener.java    |  6 +--
 .../config/MockTransactionManager.java        |  4 +-
 .../SecurityConfigurerAdapterTests.java       |  5 +-
 .../AuthenticationManagerBuilderTests.java    |  7 +--
 .../NamespaceAuthenticationManagerTests.java  |  1 +
 .../NamespaceAuthenticationProviderTests.java |  1 +
 .../NamespaceJdbcUserServiceTests.java        |  5 +-
 .../NamespacePasswordEncoderTests.java        |  5 +-
 .../PasswordEncoderConfigurerTests.java       |  1 +
 ...thenticationConfigurationPublishTests.java |  3 +-
 .../AuthenticationConfigurationTests.java     | 18 ++++---
 .../EnableGlobalAuthenticationTests.java      |  5 +-
 .../UserDetailsManagerConfigurerTests.java    |  5 +-
 ...reBeanFactoryObjectPostProcessorTests.java |  1 +
 .../annotation/issue50/Issue50Tests.java      |  5 +-
 .../DelegatingReactiveMessageService.java     |  5 +-
 .../EnableReactiveMethodSecurityTests.java    | 15 +++---
 ...lobalMethodSecurityConfigurationTests.java |  1 +
 .../configuration/MethodSecurityService.java  |  6 +--
 ...lMethodSecurityExpressionHandlerTests.java |  5 +-
 ...ctiveMethodSecurityConfigurationTests.java |  5 +-
 ...SampleEnableGlobalMethodSecurityTests.java |  5 +-
 .../annotation/sec2758/Sec2758Tests.java      |  5 +-
 ...bstractConfiguredSecurityBuilderTests.java |  5 +-
 .../AbstractRequestMatcherRegistryTests.java  |  5 +-
 .../web/HttpSecurityHeadersTests.java         |  9 ++--
 ...mpleWebSecurityConfigurerAdapterTests.java |  8 +--
 .../WebSecurityConfigurerAdapterTests.java    |  1 +
 .../web/builders/HttpConfigurationTests.java  | 22 +++++----
 .../web/builders/NamespaceHttpTests.java      | 23 ++++++---
 ...icationPrincipalArgumentResolverTests.java |  9 ++--
 .../configuration/EnableWebSecurityTests.java |  1 +
 .../HttpSecurityConfigurationTests.java       |  8 +--
 .../OAuth2ClientConfigurationTests.java       |  9 ++--
 .../web/configuration/Sec2515Tests.java       |  7 +--
 ...urityReactorContextConfigurationTests.java | 26 +++++-----
 .../WebMvcSecurityConfigurationTests.java     |  8 +--
 .../WebSecurityConfigurationTests.java        | 11 +++--
 .../configuration/sec2377/Sec2377Tests.java   |  1 +
 ...gAttributeRequestMatcherRegistryTests.java |  5 +-
 .../configurers/AnonymousConfigurerTests.java |  1 +
 .../ChannelSecurityConfigurerTests.java       |  1 +
 .../web/configurers/CorsConfigurerTests.java  |  7 +--
 .../CsrfConfigurerNoWebMvcTests.java          |  8 +--
 .../web/configurers/CsrfConfigurerTests.java  | 19 +++++--
 .../web/configurers/DefaultFiltersTests.java  |  1 +
 .../DefaultLoginPageConfigurerTests.java      |  1 +
 ...essionUrlAuthorizationConfigurerTests.java |  7 +--
 .../configurers/FormLoginConfigurerTests.java |  1 +
 .../HeadersConfigurerEagerHeadersTests.java   |  5 +-
 .../configurers/HeadersConfigurerTests.java   |  9 ++--
 .../configurers/HttpBasicConfigurerTests.java | 16 ++++--
 .../HttpSecurityAntMatchersTests.java         |  5 +-
 .../configurers/HttpSecurityLogoutTests.java  |  5 +-
 .../web/configurers/Issue55Tests.java         |  1 +
 .../web/configurers/JeeConfigurerTests.java   |  5 +-
 .../configurers/LogoutConfigurerTests.java    |  1 +
 .../NamespaceHttpCustomFilterTests.java       |  1 +
 .../configurers/NamespaceHttpLogoutTests.java |  1 +
 .../NamespaceHttpOpenIDLoginTests.java        |  1 +
 .../configurers/NamespaceHttpX509Tests.java   |  1 +
 .../NamespaceSessionManagementTests.java      |  1 +
 .../PortMapperConfigurerTests.java            |  5 +-
 .../RememberMeConfigurerTests.java            | 10 ++--
 .../RequestCacheConfigurerTests.java          |  2 +-
 .../RequestMatcherConfigurerTests.java        |  1 +
 .../SecurityContextConfigurerTests.java       | 11 +++--
 .../ServletApiConfigurerTests.java            | 11 +++--
 ...ionManagementConfigurerServlet31Tests.java |  3 +-
 ...rerSessionAuthenticationStrategyTests.java |  7 +--
 .../SessionManagementConfigurerTests.java     |  9 ++--
 .../configurers/UrlAuthorizationsTests.java   |  1 +
 .../web/configurers/X509ConfigurerTests.java  | 11 +++--
 .../client/OAuth2ClientConfigurerTests.java   | 17 ++++---
 .../OAuth2ResourceServerConfigurerTests.java  |  1 +
 .../openid/OpenIDLoginConfigurerTests.java    |  5 +-
 .../saml2/Saml2LoginConfigurerTests.java      |  1 +
 .../saml2/TestSaml2Credentials.java           |  6 +--
 ...geSecurityMetadataSourceRegistryTests.java |  5 +-
 .../reactive/EnableWebFluxSecurityTests.java  |  9 ++--
 .../ServerHttpSecurityConfigurationTests.java |  1 +
 .../WebFluxSecurityConfigurationTests.java    |  1 +
 ...SocketMessageBrokerConfigurerDocTests.java |  9 ++--
 ...WebSocketMessageBrokerConfigurerTests.java |  7 +--
 ...ationManagerBeanDefinitionParserTests.java |  7 +--
 ...tionProviderBeanDefinitionParserTests.java | 14 +++---
 ...cUserServiceBeanDefinitionParserTests.java |  2 +-
 .../PasswordEncoderParserTests.java           |  1 +
 .../UserServiceBeanDefinitionParserTests.java | 10 ++--
 .../core/GrantedAuthorityDefaultsJcTests.java |  1 +
 .../GrantedAuthorityDefaultsXmlTests.java     |  1 +
 ...ceFactoryBeanPropertiesResourceITests.java |  3 +-
 ...yBeanPropertiesResourceLocationITests.java |  3 +-
 ...erviceResourceFactoryBeanStringITests.java |  3 +-
 .../UserDetailsResourceFactoryBeanTests.java  |  5 +-
 ...ityDebugBeanFactoryPostProcessorTests.java |  1 +
 .../config/doc/SpringSecurityXsdParser.java   | 11 +++--
 .../security/config/doc/XmlNode.java          |  6 +--
 .../security/config/doc/XmlParser.java        |  7 +--
 .../security/config/doc/XmlSupport.java       |  4 +-
 .../config/http/AccessDeniedConfigTests.java  |  7 +--
 .../security/config/http/CsrfConfigTests.java | 14 +++---
 .../DefaultFilterChainValidatorTests.java     | 15 +++---
 ...tadataSourceBeanDefinitionParserTests.java |  5 +-
 .../FormLoginBeanDefinitionParserTests.java   |  1 +
 .../config/http/FormLoginConfigTests.java     | 12 +++--
 .../security/config/http/HttpConfigTests.java |  7 +--
 .../config/http/HttpCorsConfigTests.java      |  5 +-
 .../config/http/HttpHeadersConfigTests.java   | 15 +++---
 .../config/http/HttpInterceptUrlTests.java    |  7 +--
 .../config/http/InterceptUrlConfigTests.java  | 10 ++--
 .../config/http/MiscHttpConfigTests.java      |  1 +
 ...OAuth2ClientBeanDefinitionParserTests.java |  7 +--
 .../OAuth2LoginBeanDefinitionParserTests.java |  9 ++--
 ...sourceServerBeanDefinitionParserTests.java |  1 +
 .../config/http/OpenIDConfigTests.java        |  1 +
 .../http/PlaceHolderAndELConfigTests.java     |  1 +
 .../config/http/RememberMeConfigTests.java    |  1 +
 ...yContextHolderAwareRequestConfigTests.java | 12 +++--
 ...SessionManagementConfigServlet31Tests.java |  1 +
 .../http/SessionManagementConfigTests.java    |  1 +
 .../config/http/WebConfigUtilsTests.java      |  5 +-
 .../CustomHttpSecurityConfigurerTests.java    |  7 +--
 ...thodSecurityBeanDefinitionParserTests.java |  8 +--
 ...ptMethodsBeanDefinitionDecoratorTests.java |  9 ++--
 ...tationDrivenBeanDefinitionParserTests.java |  1 +
 .../config/method/PreAuthorizeTests.java      |  1 +
 .../security/config/method/Sec2196Tests.java  |  1 +
 ...tationDrivenBeanDefinitionParserTests.java |  1 +
 .../security/config/method/SecuredTests.java  |  1 +
 .../config/method/sec2136/Sec2136Tests.java   |  1 +
 .../config/method/sec2499/Sec2499Tests.java   |  1 +
 ...egistrationsBeanDefinitionParserTests.java |  1 +
 .../client/CommonOAuth2ProviderTests.java     |  1 +
 ...ceFactoryBeanPropertiesResourceITests.java |  3 +-
 ...yBeanPropertiesResourceLocationITests.java |  3 +-
 ...anagerResourceFactoryBeanStringITests.java |  3 +-
 .../config/test/SpringTestContext.java        | 17 ++++---
 .../security/config/test/SpringTestRule.java  |  1 +
 .../server/AuthorizeExchangeSpecTests.java    |  1 +
 .../config/web/server/CorsSpecTests.java      | 13 ++---
 .../server/ExceptionHandlingSpecTests.java    |  1 +
 .../config/web/server/FormLoginTests.java     |  3 +-
 .../config/web/server/LogoutSpecTests.java    |  3 +-
 .../web/server/OAuth2ClientSpecTests.java     |  5 +-
 .../config/web/server/OAuth2LoginTests.java   | 11 +++--
 .../server/OAuth2ResourceServerSpecTests.java |  1 +
 .../config/web/server/RequestCacheTests.java  |  1 +
 .../web/server/ServerHttpSecurityTests.java   | 49 +++++++++----------
 .../MessageSecurityPostProcessorTests.java    |  1 +
 .../WebSocketMessageBrokerConfigTests.java    | 11 +++--
 .../server/HtmlUnitWebTestClient.java         |  4 +-
 .../WebTestClientHtmlUnitDriverBuilder.java   |  1 +
 ...bTestClientHtmlUnitDriverBuilderTests.java |  9 ++--
 ...SecurityInterceptorWithAopConfigTests.java |  5 +-
 .../AnnotationMetadataExtractor.java          |  6 +--
 .../annotation/Jsr250SecurityConfig.java      |  6 +--
 ...curedAnnotationSecurityMetadataSource.java |  4 +-
 .../security/access/event/LoggerListener.java |  1 +
 .../DenyAllPermissionEvaluator.java           |  1 +
 ...efaultMethodSecurityExpressionHandler.java |  3 +-
 .../ExpressionBasedPostInvocationAdvice.java  |  1 +
 .../ExpressionBasedPreInvocationAdvice.java   |  1 +
 .../MethodSecurityEvaluationContext.java      |  1 +
 .../MethodSecurityExpressionHandler.java      |  1 +
 .../RoleHierarchyAuthoritiesMapper.java       |  4 +-
 .../hierarchicalroles/RoleHierarchyImpl.java  |  1 +
 .../hierarchicalroles/RoleHierarchyUtils.java |  4 +-
 .../AbstractSecurityInterceptor.java          |  1 +
 .../AfterInvocationProviderManager.java       |  1 +
 .../MethodInvocationPrivilegeEvaluator.java   |  1 +
 .../RunAsImplAuthenticationProvider.java      | 11 ++---
 .../MethodSecurityInterceptor.java            |  6 +--
 .../MethodSecurityMetadataSourceAdvisor.java  |  3 +-
 .../AspectJMethodSecurityInterceptor.java     |  1 +
 ...tFallbackMethodSecurityMetadataSource.java |  3 +-
 .../AbstractMethodSecurityMetadataSource.java |  1 +
 .../prepost/PostInvocationAdviceProvider.java |  1 +
 .../PostInvocationAuthorizationAdvice.java    |  1 +
 .../PreInvocationAuthorizationAdvice.java     |  1 +
 ...PreInvocationAuthorizationAdviceVoter.java |  1 +
 ...rePostAdviceReactiveMethodInterceptor.java | 13 ++---
 .../vote/AbstractAccessDecisionManager.java   |  9 ++--
 .../access/vote/AbstractAclVoter.java         |  1 +
 .../access/vote/AffirmativeBased.java         |  3 +-
 .../security/access/vote/ConsensusBased.java  |  3 +-
 .../AbstractAuthenticationToken.java          |  6 +--
 .../AccountStatusUserDetailsChecker.java      |  2 +-
 .../DefaultAuthenticationEventPublisher.java  |  5 +-
 ...legatingReactiveAuthenticationManager.java |  6 +--
 .../authentication/ProviderManager.java       |  1 +
 .../ReactiveAuthenticationManager.java        |  4 +-
 .../ReactiveAuthenticationManagerAdapter.java |  5 +-
 ...ReactiveAuthenticationManagerResolver.java |  2 -
 .../TestingAuthenticationToken.java           |  4 +-
 ...ractUserDetailsAuthenticationProvider.java | 12 ++---
 .../dao/DaoAuthenticationProvider.java        |  2 +-
 .../event/AbstractAuthenticationEvent.java    |  3 +-
 .../AbstractAuthenticationFailureEvent.java   |  1 -
 ...InteractiveAuthenticationSuccessEvent.java |  1 -
 .../authentication/event/LoggerListener.java  |  1 +
 .../authentication/jaas/AuthorityGranter.java |  1 -
 .../jaas/DefaultLoginExceptionResolver.java   |  4 +-
 .../JaasAuthenticationCallbackHandler.java    |  1 +
 .../jaas/JaasAuthenticationToken.java         |  4 +-
 .../jaas/JaasGrantedAuthority.java            |  4 +-
 .../jaas/JaasNameCallbackHandler.java         |  6 +--
 .../jaas/JaasPasswordCallbackHandler.java     |  4 +-
 .../jaas/LoginExceptionResolver.java          |  4 +-
 .../jaas/SecurityContextLoginModule.java      | 12 ++---
 .../jaas/event/JaasAuthenticationEvent.java   |  3 +-
 .../DelegatingApplicationListener.java        |  6 +--
 .../security/converter/RsaKeyConverters.java  |  4 +-
 .../core/SpringSecurityCoreVersion.java       |  6 +--
 .../core/authority/AuthorityUtils.java        |  2 +-
 .../GrantedAuthoritiesContainer.java          |  2 +-
 .../mapping/GrantedAuthoritiesMapper.java     |  4 +-
 ...edAttributes2GrantedAuthoritiesMapper.java |  9 +++-
 .../mapping/NullAuthoritiesMapper.java        |  4 +-
 ...leAttributes2GrantedAuthoritiesMapper.java |  5 +-
 .../mapping/SimpleAuthorityMapper.java        |  6 ++-
 .../ReactiveSecurityContextHolder.java        |  5 +-
 .../core/context/SecurityContext.java         |  4 +-
 .../core/context/SecurityContextHolder.java   |  4 +-
 .../core/session/SessionDestroyedEvent.java   |  4 +-
 .../core/session/SessionInformation.java      |  6 +--
 .../MapReactiveUserDetailsService.java        |  3 +-
 .../security/core/userdetails/User.java       |  3 +-
 .../cache/EhCacheBasedUserCache.java          |  2 +-
 .../cache/SpringCacheBasedUserCache.java      |  1 +
 .../AnonymousAuthenticationTokenMixin.java    | 11 +++--
 .../security/jackson2/CoreJackson2Module.java |  5 +-
 .../RememberMeAuthenticationTokenMixin.java   | 11 +++--
 .../jackson2/SecurityJackson2Modules.java     | 19 +++----
 .../jackson2/SimpleGrantedAuthorityMixin.java |  6 ++-
 .../jackson2/UnmodifiableListMixin.java       |  4 +-
 .../jackson2/UnmodifiableSetMixin.java        |  4 +-
 ...rnamePasswordAuthenticationTokenMixin.java |  3 +-
 .../InMemoryUserDetailsManager.java           |  1 +
 .../provisioning/JdbcUserDetailsManager.java  | 21 ++++----
 ...elegatingSecurityContextTaskScheduler.java |  6 +--
 .../security/util/FieldUtils.java             |  4 +-
 .../security/util/InMemoryResource.java       |  6 +--
 .../security/util/MethodInvocationUtils.java  |  1 +
 .../security/util/SimpleMethodInvocation.java |  4 +-
 .../security/PopulatedDatabase.java           |  4 +-
 .../security/TestDataSource.java              |  4 +-
 ...ticationCredentialsNotFoundEventTests.java |  2 +-
 .../AuthorizationFailureEventTests.java       |  5 +-
 .../security/access/AuthorizedEventTests.java |  2 +-
 .../security/access/SecurityConfigTests.java  |  6 +--
 .../annotation/Jsr250BusinessServiceImpl.java |  2 +-
 .../access/annotation/Jsr250VoterTests.java   |  5 +-
 ...AnnotationSecurityMetadataSourceTests.java |  7 +--
 ...bstractSecurityExpressionHandlerTests.java |  8 +--
 .../SecurityExpressionRootTests.java          |  9 ++--
 ...tMethodSecurityExpressionHandlerTests.java |  5 +-
 ...pressionBasedPreInvocationAdviceTests.java |  7 +--
 .../method/MethodExpressionVoterTests.java    |  6 +--
 .../MethodSecurityExpressionRootTests.java    | 10 ++--
 ...AnnotationSecurityMetadataSourceTests.java |  5 +-
 .../HierarchicalRolesTestHelper.java          |  3 +-
 .../RoleHierarchyAuthoritiesMapperTests.java  |  7 +--
 .../RoleHierarchyImplTests.java               |  7 +--
 .../RoleHierarchyUtilsTests.java              |  8 ++-
 .../hierarchicalroles/TestHelperTests.java    |  5 +-
 .../AbstractSecurityInterceptorTests.java     |  5 +-
 .../AfterInvocationProviderManagerTests.java  |  7 +--
 .../InterceptorStatusTokenTests.java          |  5 +-
 .../intercept/NullRunAsManagerTests.java      |  5 +-
 .../RunAsImplAuthenticationProviderTests.java |  6 ++-
 .../intercept/RunAsManagerImplTests.java      |  7 +--
 .../access/intercept/RunAsUserTokenTests.java |  7 +--
 .../MethodSecurityInterceptorTests.java       | 20 ++++++--
 ...hodSecurityMetadataSourceAdvisorTests.java |  9 ++--
 ...AspectJMethodSecurityInterceptorTests.java | 17 +++++--
 ...asedMethodSecurityMetadataSourceTests.java |  5 +-
 ...thodInvocationPrivilegeEvaluatorTests.java | 11 +++--
 .../method/MockMethodInvocation.java          |  4 +-
 ...tingMethodSecurityMetadataSourceTests.java | 13 +++--
 ...vocationAuthorizationAdviceVoterTests.java |  5 +-
 .../AbstractAccessDecisionManagerTests.java   |  7 +--
 .../access/vote/AbstractAclVoterTests.java    |  8 +--
 .../access/vote/AffirmativeBasedTests.java    | 10 ++--
 .../access/vote/AuthenticatedVoterTests.java  |  7 +--
 .../access/vote/ConsensusBasedTests.java      |  9 ++--
 .../security/access/vote/DenyAgainVoter.java  |  6 +--
 .../security/access/vote/DenyVoter.java       |  6 +--
 .../access/vote/RoleHierarchyVoterTests.java  |  6 +--
 .../security/access/vote/RoleVoterTests.java  |  5 +-
 .../access/vote/UnanimousBasedTests.java      |  7 +--
 .../AbstractAuthenticationTokenTests.java     | 13 +++--
 .../AuthenticationTrustResolverImplTests.java |  5 +-
 ...aultAuthenticationEventPublisherTests.java | 16 ++++--
 ...ingReactiveAuthenticationManagerTests.java |  5 +-
 .../authentication/ProviderManagerTests.java  |  2 +-
 ...tiveAuthenticationManagerAdapterTests.java |  3 +-
 ...ailsServiceAuthenticationManagerTests.java | 16 +++---
 .../TestingAuthenticationProviderTests.java   |  5 +-
 .../TestingAuthenticationTokenTests.java      |  7 +--
 ...oryReactiveAuthenticationManagerTests.java | 14 ++++--
 ...rnamePasswordAuthenticationTokenTests.java |  7 +--
 .../AnonymousAuthenticationProviderTests.java |  6 ++-
 .../AnonymousAuthenticationTokenTests.java    |  7 +--
 .../dao/DaoAuthenticationProviderTests.java   | 29 +++++------
 .../event/AuthenticationEventTests.java       |  7 +--
 .../event/LoggerListenerTests.java            |  1 +
 ...efaultJaasAuthenticationProviderTests.java | 27 +++++-----
 .../jaas/JaasAuthenticationProviderTests.java | 13 +++--
 .../jaas/JaasGrantedAuthorityTests.java       |  1 -
 .../authentication/jaas/Sec760Tests.java      | 10 ++--
 .../jaas/TestAuthorityGranter.java            |  3 --
 .../jaas/TestCallbackHandler.java             |  5 +-
 .../authentication/jaas/TestLoginModule.java  |  6 ++-
 .../RemoteAuthenticationManagerImplTests.java |  9 ++--
 .../RememberMeAuthenticationTokenTests.java   |  6 ++-
 ...atedReactiveAuthorizationManagerTests.java |  5 +-
 ...rityReactiveAuthorizationManagerTests.java |  7 +--
 ...ngSecurityContextExecutorServiceTests.java |  8 +--
 ...elegatingSecurityContextExecutorTests.java |  4 +-
 ...yContextScheduledExecutorServiceTests.java |  8 +--
 ...tDelegatingSecurityContextTestSupport.java |  9 ++--
 ...ngSecurityContextExecutorServiceTests.java |  2 +
 ...elegatingSecurityContextExecutorTests.java |  2 +
 ...yContextScheduledExecutorServiceTests.java |  2 +
 ...elegatingSecurityContextCallableTests.java |  9 ++--
 ...elegatingSecurityContextRunnableTests.java |  9 ++--
 ...DelegatingSecurityContextSupportTests.java |  5 +-
 ...ngSecurityContextExecutorServiceTests.java |  2 +
 ...elegatingSecurityContextExecutorTests.java |  1 +
 ...yContextScheduledExecutorServiceTests.java |  1 +
 .../DelegatingApplicationListenerTests.java   |  1 +
 .../security/core/JavaVersionTests.java       |  4 +-
 .../core/SpringSecurityCoreVersionTests.java  | 19 +++----
 .../SpringSecurityMessageSourceTests.java     |  5 +-
 .../core/authority/AuthorityUtilsTests.java   |  6 +--
 .../SimpleGrantedAuthorityTests.java          |  7 +--
 ...ributes2GrantedAuthoritiesMapperTests.java |  9 +++-
 .../mapping/SimpleAuthoritiesMapperTests.java |  8 +--
 .../SimpleMappableRolesRetrieverTests.java    |  5 +-
 ...leRoles2GrantedAuthoritiesMapperTests.java |  9 +++-
 .../ReactiveSecurityContextHolderTests.java   |  5 +-
 .../context/SecurityContextHolderTests.java   |  7 +--
 .../context/SecurityContextImplTests.java     |  5 +-
 ...nnotationParameterNameDiscovererTests.java |  5 +-
 ...tSecurityParameterNameDiscovererTests.java |  5 +-
 .../core/session/SessionInformationTests.java |  4 +-
 .../session/SessionRegistryImplTests.java     |  8 ++-
 .../core/token/DefaultTokenTests.java         |  5 +-
 .../KeyBasedPersistenceTokenServiceTests.java |  8 +--
 .../MapReactiveUserDetailsServiceTests.java   |  5 +-
 .../UserDetailsByNameServiceWrapperTests.java |  6 ++-
 .../security/core/userdetails/UserTests.java  |  6 ++-
 .../cache/EhCacheBasedUserCacheTests.java     |  7 +--
 .../userdetails/cache/NullUserCacheTests.java |  5 +-
 .../cache/SpringCacheBasedUserCacheTests.java |  3 +-
 .../memory/UserAttributeEditorTests.java      |  4 +-
 .../BadCredentialsExceptionMixinTests.java    |  5 +-
 ...memberMeAuthenticationTokenMixinTests.java |  7 +--
 .../jackson2/SecurityContextMixinTests.java   |  6 +--
 .../SecurityJackson2ModulesTests.java         | 13 +++--
 .../SimpleGrantedAuthorityMixinTests.java     |  7 +--
 .../InMemoryUserDetailsManagerTests.java      |  3 +-
 .../JdbcUserDetailsManagerTests.java          | 10 ++--
 ...ityContextSchedulingTaskExecutorTests.java |  5 +-
 ...ityContextSchedulingTaskExecutorTests.java |  1 +
 ...tingSecurityContextTaskSchedulerTests.java | 14 ++++--
 ...ityContextSchedulingTaskExecutorTests.java |  1 +
 ...SecurityContextAsyncTaskExecutorTests.java |  5 +-
 ...SecurityContextAsyncTaskExecutorTests.java |  2 +
 ...atingSecurityContextTaskExecutorTests.java |  4 +-
 ...SecurityContextAsyncTaskExecutorTests.java |  2 +
 ...atingSecurityContextTaskExecutorTests.java |  4 +-
 .../security/util/FieldUtilsTests.java        |  4 +-
 .../security/util/InMemoryResourceTests.java  |  4 +-
 .../util/MethodInvocationUtilsTests.java      |  7 +--
 .../crypto/argon2/Argon2EncodingUtils.java    |  1 +
 .../crypto/argon2/Argon2PasswordEncoder.java  |  1 +
 .../security/crypto/bcrypt/BCrypt.java        |  2 +-
 .../crypto/bcrypt/BCryptPasswordEncoder.java  |  9 ++--
 .../crypto/encrypt/AesBytesEncryptor.java     | 14 +++---
 .../BouncyCastleAesBytesEncryptor.java        |  1 +
 .../BouncyCastleAesCbcBytesEncryptor.java     |  7 +--
 .../BouncyCastleAesGcmBytesEncryptor.java     |  7 +--
 .../factory/PasswordEncoderFactories.java     |  6 +--
 .../password/AbstractPasswordEncoder.java     |  4 +-
 .../password/LdapShaPasswordEncoder.java      |  6 +--
 .../crypto/password/Md4PasswordEncoder.java   |  4 +-
 .../MessageDigestPasswordEncoder.java         |  6 +--
 .../crypto/password/PasswordEncoderUtils.java |  4 +-
 .../password/StandardPasswordEncoder.java     |  6 +--
 .../crypto/scrypt/SCryptPasswordEncoder.java  |  1 +
 .../argon2/Argon2EncodingUtilsTests.java      |  5 +-
 .../argon2/Argon2PasswordEncoderTests.java    |  6 ++-
 .../bcrypt/BCryptPasswordEncoderTests.java    |  4 +-
 .../security/crypto/bcrypt/BCryptTests.java   |  6 +--
 .../security/crypto/codec/Base64Tests.java    |  4 +-
 .../security/crypto/codec/Utf8Tests.java      |  6 +--
 .../encrypt/AesBytesEncryptorTests.java       |  6 +--
 ...stleAesBytesEncryptorEquivalencyTests.java |  1 +
 .../BouncyCastleAesBytesEncryptorTests.java   |  1 +
 .../crypto/encrypt/CryptoAssumptions.java     |  1 +
 .../crypto/encrypt/EncryptorsTests.java       |  4 +-
 .../PasswordEncoderFactoriesTests.java        |  1 +
 .../keygen/Base64StringKeyGeneratorTests.java |  6 +--
 .../crypto/keygen/KeyGeneratorsTests.java     |  5 +-
 .../DelegatingPasswordEncoderTests.java       |  8 +--
 .../crypto/password/DigesterTests.java        |  6 +--
 .../password/LdapShaPasswordEncoderTests.java |  1 +
 .../password/Md4PasswordEncoderTests.java     |  4 +-
 .../StandardPasswordEncoderTests.java         |  4 +-
 .../scrypt/SCryptPasswordEncoderTests.java    |  4 +-
 .../crypto/util/EncodingUtilsTests.java       |  5 +-
 ...curityEvaluationContextExtensionTests.java |  1 +
 etc/checkstyle/checkstyle-suppressions.xml    |  1 -
 ...amespaceWithMultipleInterceptorsTests.java |  5 +-
 .../HttpPathParameterStrippingTests.java      |  5 +-
 .../integration/MultiAnnotationTests.java     |  1 +
 .../SEC933ApplicationContextTests.java        |  5 +-
 .../SEC936ApplicationContextTests.java        |  1 +
 .../PythonInterpreterBasedSecurityTests.java  |  1 +
 .../FilterChainPerformanceTests.java          | 14 ++++--
 .../ProtectPointcutPerformanceTests.java      |  5 +-
 ...PythonInterpreterPostInvocationAdvice.java |  1 +
 .../PythonInterpreterPreInvocationAdvice.java |  1 +
 ...eterPrePostInvocationAttributeFactory.java |  1 +
 .../AbstractWebServerIntegrationTests.java    |  5 +-
 ...faultSpringSecurityContextSourceTests.java |  4 +-
 .../SpringSecurityLdapTemplateITests.java     |  8 +--
 .../PasswordComparisonAuthenticatorTests.java | 11 +++--
 .../FilterBasedLdapUserSearchTests.java       |  4 +-
 .../ldap/server/ApacheDSContainerTests.java   |  7 +--
 .../server/UnboundIdContainerLdifTests.java   |  5 +-
 .../DefaultLdapAuthoritiesPopulatorTests.java |  8 +--
 .../LdapUserDetailsManagerTests.java          |  6 +--
 .../NestedLdapAuthoritiesPopulatorTests.java  | 10 ++--
 .../security/ldap/LdapUtils.java              | 19 +++----
 .../ldap/SpringSecurityLdapTemplate.java      | 40 ++++++++-------
 .../AbstractLdapAuthenticator.java            | 14 +++---
 .../authentication/BindAuthenticator.java     |  7 +--
 .../authentication/LdapAuthenticator.java     |  2 +-
 .../PasswordComparisonAuthenticator.java      |  1 +
 .../SpringSecurityAuthenticationSource.java   |  8 +--
 ...etailsServiceLdapAuthoritiesPopulator.java |  2 +-
 ...veDirectoryLdapAuthenticationProvider.java | 30 +++++++-----
 .../search/FilterBasedLdapUserSearch.java     | 11 ++---
 .../ldap/server/ApacheDSContainer.java        |  6 +--
 .../DefaultLdapAuthoritiesPopulator.java      |  1 +
 .../InetOrgPersonContextMapper.java           |  4 +-
 .../userdetails/LdapAuthoritiesPopulator.java |  3 +-
 .../ldap/userdetails/LdapAuthority.java       |  6 +--
 .../userdetails/LdapUserDetailsManager.java   |  1 +
 .../security/ldap/userdetails/Person.java     | 12 ++---
 .../ldap/userdetails/PersonContextMapper.java |  4 +-
 .../userdetails/UserDetailsContextMapper.java |  4 +-
 .../security/ldap/LdapUtilsTests.java         |  8 +--
 ...ringSecurityAuthenticationSourceTests.java | 11 +++--
 .../ldap/SpringSecurityLdapTemplateTests.java | 10 ++--
 .../LdapAuthenticationProviderTests.java      | 11 +++--
 .../ldap/authentication/MockUserSearch.java   |  3 +-
 ...swordComparisonAuthenticatorMockTests.java |  8 ++-
 ...ectoryLdapAuthenticationProviderTests.java |  7 +--
 ...PasswordPolicyAwareContextSourceTests.java | 19 ++++---
 .../PasswordPolicyControlFactoryTests.java    | 11 +++--
 .../PasswordPolicyResponseControlTests.java   |  4 +-
 .../ldap/userdetails/InetOrgPersonTests.java  |  5 +-
 .../ldap/userdetails/LdapAuthorityTests.java  |  9 ++--
 .../userdetails/LdapUserDetailsImplTests.java |  1 +
 .../LdapUserDetailsServiceTests.java          |  5 +-
 ...sServiceLdapAuthoritiesPopulatorTests.java |  8 +--
 .../MessageExpressionConfigAttribute.java     |  4 +-
 .../expression/MessageExpressionVoter.java    |  4 +-
 .../DefaultMessageSecurityMetadataSource.java |  8 ++-
 ...thenticationPrincipalArgumentResolver.java |  7 +--
 ...urrentSecurityContextArgumentResolver.java |  7 +--
 .../AbstractMessageMatcherComposite.java      |  8 +--
 .../SimpDestinationMessageMatcher.java        |  6 +--
 ...MessageSecurityExpressionHandlerTests.java |  7 +--
 ...ageSecurityMetadataSourceFactoryTests.java | 11 +++--
 ...MessageExpressionConfigAttributeTests.java |  5 +-
 .../MessageExpressionVoterTests.java          | 17 +++++--
 .../ChannelSecurityInterceptorTests.java      |  9 ++--
 ...ultMessageSecurityMetadataSourceTests.java |  9 ++--
 ...icationPrincipalArgumentResolverTests.java |  5 +-
 ...ecurityContextChannelInterceptorTests.java |  8 +--
 ...icationPrincipalArgumentResolverTests.java | 11 +++--
 ...tSecurityContextArgumentResolverTests.java |  9 ++--
 .../util/matcher/AndMessageMatcherTests.java  |  7 +--
 .../util/matcher/OrMessageMatcherTests.java   |  7 +--
 .../SimpDestinationMessageMatcherTests.java   |  5 +-
 .../matcher/SimpMessageTypeMatcherTests.java  |  5 +-
 .../web/csrf/CsrfChannelInterceptorTests.java |  1 +
 .../CsrfTokenHandshakeInterceptorTests.java   |  9 ++--
 ...eactiveOAuth2AuthorizedClientProvider.java |  3 +-
 ...tServiceOAuth2AuthorizedClientManager.java | 10 ++--
 ...ReactiveOAuth2AuthorizedClientManager.java | 11 +++--
 ...entialsOAuth2AuthorizedClientProvider.java |  8 +--
 ...eactiveOAuth2AuthorizedClientProvider.java | 11 +++--
 ...egatingOAuth2AuthorizedClientProvider.java |  6 +--
 ...eactiveOAuth2AuthorizedClientProvider.java |  9 ++--
 ...InMemoryOAuth2AuthorizedClientService.java |  6 +--
 ...ReactiveOAuth2AuthorizedClientService.java |  9 ++--
 .../JdbcOAuth2AuthorizedClientService.java    | 24 ++++-----
 .../client/OAuth2AuthorizationContext.java    | 12 ++---
 .../OAuth2AuthorizationFailureHandler.java    |  4 +-
 .../OAuth2AuthorizationSuccessHandler.java    |  4 +-
 .../oauth2/client/OAuth2AuthorizeRequest.java | 12 ++---
 .../oauth2/client/OAuth2AuthorizedClient.java |  4 +-
 .../client/OAuth2AuthorizedClientId.java      |  6 +--
 ...OAuth2AuthorizedClientProviderBuilder.java | 12 ++---
 ...asswordOAuth2AuthorizedClientProvider.java |  8 +--
 ...eactiveOAuth2AuthorizedClientProvider.java | 11 +++--
 ...tiveOAuth2AuthorizationFailureHandler.java |  7 +--
 ...tiveOAuth2AuthorizationSuccessHandler.java |  5 +-
 ...ReactiveOAuth2AuthorizedClientManager.java |  3 +-
 ...eactiveOAuth2AuthorizedClientProvider.java |  3 +-
 ...OAuth2AuthorizedClientProviderBuilder.java | 12 ++---
 ...ReactiveOAuth2AuthorizedClientService.java |  4 +-
 ...shTokenOAuth2AuthorizedClientProvider.java | 16 +++---
 ...eactiveOAuth2AuthorizedClientProvider.java | 19 +++----
 ...ientOAuth2AuthorizationFailureHandler.java | 12 ++---
 ...tiveOAuth2AuthorizationFailureHandler.java | 15 +++---
 .../RegisteredOAuth2AuthorizedClient.java     |  8 +--
 .../OAuth2AuthenticationToken.java            |  4 +-
 ...2AuthorizationCodeAuthenticationToken.java |  8 +--
 ...tionCodeReactiveAuthenticationManager.java |  7 +--
 .../OAuth2LoginAuthenticationProvider.java    |  6 +--
 .../OAuth2LoginAuthenticationToken.java       |  6 +--
 ...th2LoginReactiveAuthenticationManager.java |  9 ++--
 ...activeOAuth2AccessTokenResponseClient.java |  9 ++--
 ...tAuthorizationCodeTokenResponseClient.java |  4 +-
 ...tClientCredentialsTokenResponseClient.java |  4 +-
 .../DefaultPasswordTokenResponseClient.java   |  4 +-
 ...efaultRefreshTokenTokenResponseClient.java |  4 +-
 ...sAuthorizationCodeTokenResponseClient.java | 15 +++---
 ...zationCodeGrantRequestEntityConverter.java |  4 +-
 ...2AuthorizationGrantRequestEntityUtils.java |  4 +-
 ...redentialsGrantRequestEntityConverter.java |  4 +-
 ...h2PasswordGrantRequestEntityConverter.java |  4 +-
 .../OAuth2RefreshTokenGrantRequest.java       |  8 +--
 ...freshTokenGrantRequestEntityConverter.java |  4 +-
 ...activeOAuth2AccessTokenResponseClient.java |  3 +-
 ...eAuthorizationCodeTokenResponseClient.java |  6 +--
 ...eClientCredentialsTokenResponseClient.java |  4 +-
 ...ntReactivePasswordTokenResponseClient.java |  4 +-
 ...activeRefreshTokenTokenResponseClient.java |  4 +-
 .../http/OAuth2ErrorResponseErrorHandler.java |  5 +-
 .../ClientRegistrationDeserializer.java       |  5 +-
 .../jackson2/ClientRegistrationMixin.java     |  1 +
 .../jackson2/DefaultOAuth2UserMixin.java      |  7 +--
 .../client/jackson2/DefaultOidcUserMixin.java |  5 +-
 .../oauth2/client/jackson2/JsonNodeUtils.java |  6 +--
 .../jackson2/OAuth2AccessTokenMixin.java      |  7 +--
 .../OAuth2AuthenticationExceptionMixin.java   |  1 +
 .../OAuth2AuthenticationTokenMixin.java       |  5 +-
 ...Auth2AuthorizationRequestDeserializer.java |  5 +-
 .../OAuth2AuthorizationRequestMixin.java      |  1 +
 .../jackson2/OAuth2AuthorizedClientMixin.java |  1 +
 .../jackson2/OAuth2ClientJackson2Module.java  |  5 +-
 .../client/jackson2/OAuth2ErrorMixin.java     |  1 +
 .../jackson2/OAuth2RefreshTokenMixin.java     |  5 +-
 .../jackson2/OAuth2UserAuthorityMixin.java    |  5 +-
 .../client/jackson2/OidcIdTokenMixin.java     |  7 +--
 .../jackson2/OidcUserAuthorityMixin.java      |  1 +
 .../client/jackson2/OidcUserInfoMixin.java    |  5 +-
 .../oauth2/client/jackson2/StdConverters.java |  1 +
 .../jackson2/UnmodifiableMapDeserializer.java | 10 ++--
 .../client/jackson2/UnmodifiableMapMixin.java |  6 +--
 .../DefaultOidcIdTokenValidatorFactory.java   |  4 +-
 ...thorizationCodeAuthenticationProvider.java | 14 +++---
 ...tionCodeReactiveAuthenticationManager.java | 17 ++++---
 .../OidcIdTokenDecoderFactory.java            |  1 +
 .../authentication/OidcIdTokenValidator.java  | 18 +++----
 .../ReactiveOidcIdTokenDecoderFactory.java    |  1 +
 .../OidcReactiveOAuth2UserService.java        | 17 ++++---
 .../client/oidc/userinfo/OidcUserRequest.java |  6 +--
 ...dcClientInitiatedLogoutSuccessHandler.java |  1 +
 .../InMemoryClientRegistrationRepository.java |  4 +-
 .../CustomUserTypesOAuth2UserService.java     |  8 +--
 .../DefaultReactiveOAuth2UserService.java     | 11 ++---
 .../userinfo/DelegatingOAuth2UserService.java |  8 +--
 .../client/userinfo/OAuth2UserRequest.java    |  8 +--
 .../OAuth2UserRequestEntityConverter.java     |  6 +--
 .../userinfo/ReactiveOAuth2UserService.java   |  3 +-
 ...cipalOAuth2AuthorizedClientRepository.java |  6 +--
 .../web/AuthorizationRequestRepository.java   |  4 +-
 ...ultOAuth2AuthorizationRequestResolver.java | 19 +++----
 .../DefaultOAuth2AuthorizedClientManager.java | 15 +++---
 ...ReactiveOAuth2AuthorizedClientManager.java | 13 ++---
 ...nOAuth2AuthorizationRequestRepository.java | 11 +++--
 ...ssionOAuth2AuthorizedClientRepository.java | 11 +++--
 .../OAuth2AuthorizationCodeGrantFilter.java   | 23 ++++-----
 ...th2AuthorizationRequestRedirectFilter.java | 13 ++---
 .../OAuth2AuthorizationRequestResolver.java   |  4 +-
 .../web/OAuth2AuthorizedClientRepository.java |  6 +--
 .../web/OAuth2LoginAuthenticationFilter.java  |  6 +--
 ...Auth2AuthorizedClientArgumentResolver.java | 10 ++--
 ...uthorizedClientExchangeFilterFunction.java | 21 ++++----
 ...uthorizedClientExchangeFilterFunction.java | 28 ++++++-----
 ...Auth2AuthorizedClientArgumentResolver.java |  3 +-
 ...erverOAuth2AuthorizedClientRepository.java |  3 +-
 ...verOAuth2AuthorizationRequestResolver.java | 19 +++----
 ...OAuth2AuthorizationCodeGrantWebFilter.java | 17 ++++---
 ...AuthorizationRequestRedirectWebFilter.java |  7 +--
 .../OAuth2AuthorizationResponseUtils.java     |  4 +-
 .../ServerAuthorizationRequestRepository.java |  4 +-
 ...ationCodeAuthenticationTokenConverter.java |  3 +-
 ...verOAuth2AuthorizationRequestResolver.java |  3 +-
 ...erverOAuth2AuthorizedClientRepository.java |  3 +-
 ...erverOAuth2AuthorizedClientRepository.java |  9 ++--
 ...2ServerAuthorizationRequestRepository.java |  4 +-
 ...erverOAuth2AuthorizedClientRepository.java |  9 ++--
 .../OAuth2LoginAuthenticationWebFilter.java   |  3 +-
 ...deOAuth2AuthorizedClientProviderTests.java |  1 +
 ...veOAuth2AuthorizedClientProviderTests.java |  1 +
 ...iceOAuth2AuthorizedClientManagerTests.java |  7 +--
 ...iveOAuth2AuthorizedClientManagerTests.java | 13 ++---
 ...lsOAuth2AuthorizedClientProviderTests.java |  7 +--
 ...veOAuth2AuthorizedClientProviderTests.java |  9 ++--
 ...ngOAuth2AuthorizedClientProviderTests.java |  5 +-
 ...veOAuth2AuthorizedClientProviderTests.java |  7 +--
 ...oryOAuth2AuthorizedClientServiceTests.java |  7 +--
 ...iveOAuth2AuthorizedClientServiceTests.java | 13 ++---
 ...dbcOAuth2AuthorizedClientServiceTests.java | 23 ++++-----
 .../OAuth2AuthorizationContextTests.java      |  5 +-
 .../client/OAuth2AuthorizeRequestTests.java   |  1 +
 ...2AuthorizedClientProviderBuilderTests.java | 14 ++++--
 ...rdOAuth2AuthorizedClientProviderTests.java |  7 +--
 ...veOAuth2AuthorizedClientProviderTests.java |  9 ++--
 ...2AuthorizedClientProviderBuilderTests.java | 14 ++++--
 ...enOAuth2AuthorizedClientProviderTests.java | 16 +++---
 ...veOAuth2AuthorizedClientProviderTests.java | 18 ++++---
 .../OAuth2AuthenticationTokenTests.java       | 11 +++--
 ...ginReactiveAuthenticationManagerTests.java | 18 +++----
 ...nCodeGrantRequestEntityConverterTests.java | 11 +++--
 ...tialsGrantRequestEntityConverterTests.java |  1 +
 ...th2ClientCredentialsGrantRequestTests.java |  1 +
 ...swordGrantRequestEntityConverterTests.java |  1 +
 .../OAuth2PasswordGrantRequestTests.java      |  1 +
 ...TokenGrantRequestEntityConverterTests.java |  5 +-
 .../OAuth2RefreshTokenGrantRequestTests.java  |  9 ++--
 ...orizationCodeTokenResponseClientTests.java |  9 ++--
 ...ntCredentialsTokenResponseClientTests.java |  1 +
 ...ctivePasswordTokenResponseClientTests.java |  5 +-
 ...eRefreshTokenTokenResponseClientTests.java |  7 +--
 .../OAuth2ErrorResponseErrorHandlerTests.java |  1 +
 ...uth2AuthenticationExceptionMixinTests.java |  1 +
 .../OAuth2AuthenticationTokenMixinTests.java  | 15 +++---
 .../OAuth2AuthorizationRequestMixinTests.java |  9 ++--
 .../OAuth2AuthorizedClientMixinTests.java     | 11 +++--
 ...zationCodeAuthenticationProviderTests.java | 27 +++++-----
 ...odeReactiveAuthenticationManagerTests.java |  6 +--
 .../OidcIdTokenDecoderFactoryTests.java       | 12 +++--
 .../OidcIdTokenValidatorTests.java            | 19 +++----
 ...eactiveOidcIdTokenDecoderFactoryTests.java | 12 +++--
 .../OidcReactiveOAuth2UserServiceTests.java   |  4 +-
 .../oidc/userinfo/OidcUserServiceTests.java   |  2 +-
 ...entInitiatedLogoutSuccessHandlerTests.java |  1 +
 ...tiatedServerLogoutSuccessHandlerTests.java |  1 +
 ...moryClientRegistrationRepositoryTests.java |  4 +-
 .../DelegatingOAuth2UserServiceTests.java     |  7 +--
 ...OAuth2UserRequestEntityConverterTests.java |  9 ++--
 .../userinfo/OAuth2UserRequestTests.java      | 15 +++---
 ...OAuth2AuthorizedClientRepositoryTests.java |  1 +
 ...uth2AuthorizationRequestResolverTests.java |  3 ++
 ...ultOAuth2AuthorizedClientManagerTests.java | 18 ++++---
 ...iveOAuth2AuthorizedClientManagerTests.java | 25 ++++++----
 ...h2AuthorizationRequestRepositoryTests.java |  7 +--
 ...OAuth2AuthorizedClientRepositoryTests.java |  8 +--
 ...uth2AuthorizationCodeGrantFilterTests.java | 22 +++++----
 ...thorizationRequestRedirectFilterTests.java | 30 +++++++-----
 .../OAuth2LoginAuthenticationFilterTests.java |  3 +-
 ...AuthorizedClientArgumentResolverTests.java | 23 ++++++---
 .../function/client/MockExchangeFunction.java | 10 ++--
 ...zedClientExchangeFilterFunctionITests.java | 15 +++---
 ...izedClientExchangeFilterFunctionTests.java | 33 +++++++------
 ...zedClientExchangeFilterFunctionITests.java | 32 +++++++-----
 ...izedClientExchangeFilterFunctionTests.java | 38 +++++++-------
 ...AuthorizedClientArgumentResolverTests.java |  9 ++--
 ...OAuth2AuthorizedClientRepositoryTests.java |  5 +-
 ...uth2AuthorizationRequestResolverTests.java |  3 +-
 ...2AuthorizationCodeGrantWebFilterTests.java | 15 +++---
 ...rizationRequestRedirectWebFilterTests.java |  9 ++--
 ...CodeAuthenticationTokenConverterTests.java |  9 ++--
 ...OAuth2AuthorizedClientRepositoryTests.java |  4 +-
 ...erAuthorizationRequestRepositoryTests.java | 20 ++++----
 ...OAuth2AuthorizedClientRepositoryTests.java |  5 +-
 ...uth2LoginAuthenticationWebFilterTests.java | 11 +++--
 .../oauth2/core/AbstractOAuth2Token.java      |  6 +--
 .../oauth2/core/AuthorizationGrantType.java   |  4 +-
 .../security/oauth2/core/ClaimAccessor.java   |  8 +--
 .../core/ClientAuthenticationMethod.java      |  4 +-
 .../oauth2/core/OAuth2AccessToken.java        |  6 +--
 .../security/oauth2/core/OAuth2Error.java     |  4 +-
 .../core/converter/ClaimTypeConverter.java    |  8 +--
 .../converter/ObjectToBooleanConverter.java   |  6 +--
 .../converter/ObjectToInstantConverter.java   |  6 +--
 .../ObjectToListStringConverter.java          | 10 ++--
 .../ObjectToMapStringObjectConverter.java     |  6 +--
 .../converter/ObjectToStringConverter.java    |  6 +--
 .../core/converter/ObjectToURLConverter.java  |  6 +--
 .../endpoint/OAuth2AccessTokenResponse.java   | 10 ++--
 .../endpoint/OAuth2AuthorizationRequest.java  | 22 ++++-----
 .../OAuth2AuthorizationResponseType.java      |  4 +-
 .../OAuth2ErrorHttpMessageConverter.java      | 12 ++---
 .../core/oidc/IdTokenClaimAccessor.java       |  4 +-
 .../core/oidc/StandardClaimAccessor.java      |  6 +--
 .../core/oidc/user/DefaultOidcUser.java       |  6 +--
 .../oauth2/core/oidc/user/OidcUser.java       |  4 +-
 .../core/oidc/user/OidcUserAuthority.java     |  6 +--
 .../oauth2/core/user/DefaultOAuth2User.java   | 22 ++++-----
 .../oauth2/core/user/OAuth2UserAuthority.java |  8 +--
 ...Auth2AccessTokenResponseBodyExtractor.java | 15 +++---
 .../function/OAuth2BodyExtractors.java        |  3 +-
 .../core/AuthenticationMethodTests.java       |  5 +-
 .../oauth2/core/ClaimAccessorTests.java       |  6 +--
 .../oauth2/core/OAuth2AccessTokenTests.java   |  7 +--
 .../core/OAuth2TokenValidatorResultTests.java |  3 --
 .../ClaimConversionServiceTests.java          |  9 ++--
 .../converter/ClaimTypeConverterTests.java    | 13 ++---
 .../OAuth2AccessTokenResponseTests.java       |  7 +--
 .../OAuth2AuthorizationRequestTests.java      |  7 +--
 .../TestOAuth2AccessTokenResponses.java       |  6 +--
 ...okenResponseHttpMessageConverterTests.java | 19 ++++---
 .../OAuth2ErrorHttpMessageConverterTests.java |  1 +
 .../DefaultAddressStandardClaimTests.java     |  4 +-
 .../oauth2/core/oidc/OidcIdTokenTests.java    |  4 +-
 .../oauth2/core/oidc/OidcUserInfoTests.java   | 17 +++++--
 .../core/oidc/user/DefaultOidcUserTests.java  | 13 ++---
 .../oidc/user/OidcUserAuthorityTests.java     |  9 ++--
 .../oauth2/core/oidc/user/TestOidcUsers.java  | 10 ++--
 .../core/user/DefaultOAuth2UserTests.java     | 11 +++--
 .../core/user/OAuth2UserAuthorityTests.java   |  4 +-
 .../oauth2/core/user/TestOAuth2Users.java     |  6 +--
 .../function/OAuth2BodyExtractorsTests.java   | 17 ++++---
 .../security/oauth2/jwt/JwtClaimAccessor.java |  4 +-
 .../JwtDecoderProviderConfigurationUtils.java |  8 +--
 .../jwt/MappedJwtClaimSetConverter.java       | 14 +++---
 .../security/oauth2/jwt/NimbusJwtDecoder.java |  1 +
 .../jwt/NimbusJwtDecoderJwkSupport.java       |  6 +--
 .../oauth2/jwt/NimbusReactiveJwtDecoder.java  | 28 ++++++-----
 .../oauth2/jwt/ReactiveJWKSource.java         |  4 +-
 .../oauth2/jwt/ReactiveJWKSourceAdapter.java  |  4 +-
 .../security/oauth2/jose/TestKeys.java        |  1 +
 .../oauth2/jwt/JwtClaimValidatorTests.java    |  7 +--
 .../security/oauth2/jwt/JwtTests.java         |  7 +--
 .../oauth2/jwt/NimbusJwtDecoderTests.java     |  3 +-
 .../jwt/NimbusReactiveJwtDecoderTests.java    |  1 +
 .../jwt/ReactiveRemoteJWKSourceTests.java     |  6 +--
 ...wtIssuerAuthenticationManagerResolver.java |  1 +
 .../BearerTokenAuthenticationEntryPoint.java  |  1 +
 .../web/BearerTokenAuthenticationFilter.java  |  1 +
 .../web/DefaultBearerTokenResolver.java       |  1 +
 .../web/HeaderBearerTokenResolver.java        |  1 +
 .../BearerTokenAccessDeniedHandler.java       | 11 +++--
 .../BearerTokenServerAccessDeniedHandler.java | 13 ++---
 ...erTokenServerAuthenticationEntryPoint.java |  9 ++--
 ...rospectionAuthenticatedPrincipalTests.java |  7 +--
 .../BearerTokenAuthenticationFilterTests.java |  1 +
 .../BearerTokenAccessDeniedHandlerTests.java  |  7 +--
 ...erTokenServerAccessDeniedHandlerTests.java | 11 +++--
 ...enServerAuthenticationEntryPointTests.java |  3 +-
 .../security/openid/OpenID4JavaConsumer.java  |  1 +
 .../openid/OpenIDAuthenticationFilter.java    | 24 +++++----
 .../openid/OpenID4JavaConsumerTests.java      | 15 +++---
 .../OpenIDAuthenticationFilterTests.java      | 10 ++--
 .../OpenIDAuthenticationProviderTests.java    |  7 +--
 ...ationSimpleHttpInvokerRequestExecutor.java |  1 +
 .../ContextPropagatingRemoteInvocation.java   |  5 +-
 .../remoting/dns/JndiDnsResolverTests.java    |  8 +--
 ...SimpleHttpInvokerRequestExecutorTests.java |  5 +-
 ...ntextPropagatingRemoteInvocationTests.java |  7 +--
 .../security/rsocket/api/PayloadExchange.java |  1 +
 .../AnonymousPayloadInterceptor.java          | 11 +++--
 ...uthenticationPayloadExchangeConverter.java | 11 +++--
 .../AuthenticationPayloadInterceptor.java     |  3 +-
 ...uthenticationPayloadExchangeConverter.java |  3 +-
 .../BearerPayloadExchangeConverter.java       |  7 +--
 ...ayloadExchangeAuthenticationConverter.java |  3 +-
 .../AuthorizationPayloadInterceptor.java      |  7 +--
 ...geMatcherReactiveAuthorizationManager.java | 13 ++---
 .../core/ContextPayloadInterceptorChain.java  | 11 +++--
 .../rsocket/core/DefaultPayloadExchange.java  |  1 +
 .../core/PayloadInterceptorRSocket.java       |  9 ++--
 .../rsocket/core/PayloadSocketAcceptor.java   |  9 ++--
 .../PayloadSocketAcceptorInterceptor.java     |  5 +-
 .../SecuritySocketAcceptorInterceptor.java    |  1 +
 .../metadata/BasicAuthenticationDecoder.java  |  9 ++--
 .../metadata/BasicAuthenticationEncoder.java  | 11 +++--
 .../BearerTokenAuthenticationEncoder.java     |  7 +--
 .../metadata/SimpleAuthenticationEncoder.java |  7 +--
 .../metadata/UsernamePasswordMetadata.java    |  1 +
 .../PayloadExchangeAuthorizationContext.java  |  4 +-
 .../util/matcher/PayloadExchangeMatcher.java  |  7 +--
 .../util/matcher/PayloadExchangeMatchers.java |  3 +-
 .../matcher/RoutePayloadExchangeMatcher.java  |  9 ++--
 .../AnonymousPayloadInterceptorTests.java     |  8 +--
 ...AuthenticationPayloadInterceptorChain.java |  5 +-
 ...AuthenticationPayloadInterceptorTests.java | 20 ++++----
 .../AuthorizationPayloadInterceptorTests.java | 13 ++---
 ...cherReactiveAuthorizationManagerTests.java |  3 +-
 .../core/PayloadInterceptorRSocketTests.java  | 24 ++++-----
 ...PayloadSocketAcceptorInterceptorTests.java | 13 +++--
 .../core/PayloadSocketAcceptorTests.java      |  2 +-
 .../BasicAuthenticationDecoderTests.java      |  7 +--
 .../RoutePayloadExchangeMatcherTests.java     | 11 +++--
 .../core/OpenSamlInitializationService.java   |  1 +
 .../AbstractSaml2AuthenticationRequest.java   |  4 +-
 .../DefaultSaml2AuthenticatedPrincipal.java   |  4 +-
 .../OpenSamlAuthenticationProvider.java       |  1 +
 .../Saml2AuthenticatedPrincipal.java          |  8 +--
 .../authentication/Saml2Authentication.java   |  4 +-
 .../Saml2AuthenticationRequest.java           |  6 +--
 .../service/authentication/Saml2Utils.java    |  7 +--
 .../metadata/OpenSamlMetadataResolver.java    |  1 +
 ...oryRelyingPartyRegistrationRepository.java |  4 +-
 .../RelyingPartyRegistration.java             |  2 -
 ...aml2WebSsoAuthenticationRequestFilter.java |  1 +
 ...faultRelyingPartyRegistrationResolver.java |  1 +
 .../Saml2AuthenticationTokenConverter.java    |  1 +
 .../service/web/Saml2MetadataFilter.java      |  1 +
 .../credentials/Saml2X509CredentialTests.java | 10 ++--
 ...faultSaml2AuthenticatedPrincipalTests.java |  6 +--
 .../OpenSamlAuthenticationProviderTests.java  |  1 +
 ...aml2AuthenticationRequestFactoryTests.java |  2 +-
 .../Saml2WebSsoAuthenticationFilterTests.java |  5 +-
 ...ebSsoAuthenticationRequestFilterTests.java |  1 +
 ...aml2AuthenticationTokenConverterTests.java |  1 +
 .../service/web/Saml2MetadataFilterTests.java |  5 +-
 .../security/taglibs/TagLibConfig.java        |  4 +-
 .../taglibs/authz/AccessControlListTag.java   |  1 +
 .../taglibs/authz/AuthenticationTag.java      | 17 +++----
 .../taglibs/authz/JspAuthorizeTag.java        |  2 +-
 .../taglibs/csrf/AbstractCsrfTag.java         |  5 +-
 .../security/taglibs/TldTests.java            |  7 +--
 .../authz/AbstractAuthorizeTagTests.java      | 16 +++---
 .../authz/AccessControlListTagTests.java      | 20 +++++---
 .../taglibs/authz/AuthenticationTagTests.java |  6 ++-
 .../taglibs/authz/AuthorizeTagTests.java      |  9 ++--
 .../taglibs/csrf/AbstractCsrfTagTests.java    | 13 ++---
 .../taglibs/csrf/CsrfInputTagTests.java       |  3 +-
 .../taglibs/csrf/CsrfMetaTagsTagTests.java    |  3 +-
 .../ReactorContextTestExecutionListener.java  | 11 +++--
 .../SecurityMockMvcRequestBuilders.java       |  4 +-
 .../SecurityMockMvcRequestPostProcessors.java |  1 +
 .../setup/SecurityMockMvcConfigurer.java      |  4 +-
 .../setup/SecurityMockMvcConfigurers.java     |  4 +-
 .../TestSecurityContextHolderTests.java       |  7 +--
 .../SecurityTestExecutionListenerTests.java   |  9 ++--
 .../context/showcase/CustomUserDetails.java   |  4 +-
 .../showcase/WithMockUserParentTests.java     |  6 +--
 .../context/showcase/WithMockUserTests.java   |  5 +-
 .../showcase/WithUserDetailsTests.java        |  5 +-
 ...ctorContextTestExecutionListenerTests.java |  4 +-
 .../support/WithAnonymousUserTests.java       |  1 +
 ...thMockUserSecurityContextFactoryTests.java |  6 +--
 .../context/support/WithMockUserTests.java    |  5 +-
 ...rityContextTestExecutionListenerTests.java |  9 ++--
 ...serDetailsSecurityContextFactoryTests.java | 10 ++--
 .../context/support/WithUserDetailsTests.java |  5 +-
 ...tyMockServerConfigurersAnnotatedTests.java |  1 +
 ...kServerConfigurersClassAnnotatedTests.java |  5 +-
 .../SecurityMockServerConfigurersTests.java   | 10 ++--
 .../web/servlet/request/Sec2935Tests.java     | 15 +++---
 ...yMockMvcRequestBuildersFormLoginTests.java |  5 +-
 ...MockMvcRequestBuildersFormLogoutTests.java |  5 +-
 ...rocessorsAuthenticationStatelessTests.java |  5 +-
 ...uestPostProcessorsAuthenticationTests.java | 17 ++++---
 ...RequestPostProcessorsCertificateTests.java |  5 +-
 ...estPostProcessorsCsrfDebugFilterTests.java |  1 +
 ...ckMvcRequestPostProcessorsDigestTests.java | 12 +++--
 ...yMockMvcRequestPostProcessorsJwtTests.java |  1 +
 ...estPostProcessorsSecurityContextTests.java | 17 ++++---
 ...sorsTestSecurityContextStatelessTests.java |  8 +--
 ...ostProcessorsTestSecurityContextTests.java | 16 +++---
 ...RequestPostProcessorsUserDetailsTests.java | 17 ++++---
 ...MockMvcRequestPostProcessorsUserTests.java | 17 ++++---
 ...WithAuthoritiesMvcResultMatchersTests.java |  8 +--
 .../setup/SecurityMockMvcConfigurerTests.java |  7 +--
 .../SecurityMockMvcConfigurersTests.java      |  5 +-
 .../showcase/csrf/CsrfShowcaseTests.java      | 13 ++---
 .../csrf/CustomCsrfShowcaseTests.java         | 15 +++---
 .../csrf/DefaultCsrfShowcaseTests.java        | 15 +++---
 .../showcase/login/AuthenticationTests.java   | 19 ++++---
 .../CustomConfigAuthenticationTests.java      | 19 ++++---
 ...oginRequestBuilderAuthenticationTests.java | 13 +++--
 .../DefaultfSecurityRequestsTests.java        | 15 +++---
 .../secured/SecurityRequestsTests.java        | 16 +++---
 .../secured/WithUserAuthenticationTests.java  |  3 +-
 ...WithUserClassLevelAuthenticationTests.java | 13 ++---
 .../WithUserDetailsAuthenticationTests.java   | 11 +++--
 ...rDetailsClassLevelAuthenticationTests.java |  3 +-
 .../web/AuthenticationEntryPoint.java         |  6 +--
 .../security/web/DefaultRedirectStrategy.java |  1 +
 .../web/DefaultSecurityFilterChain.java       | 12 +++--
 .../security/web/FilterChainProxy.java        | 36 ++++++++------
 .../security/web/PortResolverImpl.java        |  4 +-
 .../security/web/SecurityFilterChain.java     |  3 +-
 .../web/access/AccessDeniedHandler.java       |  4 +-
 .../web/access/AccessDeniedHandlerImpl.java   |  1 +
 ...efaultWebInvocationPrivilegeEvaluator.java |  1 +
 .../access/ExceptionTranslationFilter.java    | 20 ++++----
 ...tMatcherDelegatingAccessDeniedHandler.java |  1 +
 .../channel/AbstractRetryEntryPoint.java      | 16 ++++--
 .../channel/ChannelDecisionManager.java       |  6 +--
 .../channel/ChannelDecisionManagerImpl.java   | 12 ++---
 .../web/access/channel/ChannelEntryPoint.java |  1 +
 .../web/access/channel/ChannelProcessor.java  |  6 +--
 ...ilterInvocationSecurityMetadataSource.java |  1 +
 ...AuthenticationTargetUrlRequestHandler.java |  1 +
 .../AnonymousAuthenticationFilter.java        |  2 +-
 .../authentication/AuthenticationFilter.java  |  1 +
 .../DelegatingAuthenticationEntryPoint.java   |  1 +
 ...elegatingAuthenticationFailureHandler.java | 11 +++--
 .../ForwardAuthenticationFailureHandler.java  | 11 +++--
 .../ForwardAuthenticationSuccessHandler.java  |  9 ++--
 .../Http403ForbiddenEntryPoint.java           |  1 +
 .../LoginUrlAuthenticationEntryPoint.java     |  1 +
 .../NullRememberMeServices.java               |  4 +-
 ...uestAwareAuthenticationSuccessHandler.java |  7 +--
 ...SimpleUrlAuthenticationFailureHandler.java |  3 +-
 .../UsernamePasswordAuthenticationFilter.java |  6 +--
 .../WebAuthenticationDetails.java             |  5 +-
 .../WebAuthenticationDetailsSource.java       |  4 +-
 .../logout/CookieClearingLogoutHandler.java   |  3 +-
 .../authentication/logout/LogoutFilter.java   |  2 +-
 .../authentication/logout/LogoutHandler.java  |  4 +-
 ...utSuccessEventPublishingLogoutHandler.java |  1 +
 .../logout/SecurityContextLogoutHandler.java  |  1 +
 ...tractPreAuthenticatedProcessingFilter.java |  5 +-
 ...reAuthenticatedAuthenticationProvider.java |  1 +
 ...dGrantedAuthoritiesUserDetailsService.java |  3 +-
 ...edAuthoritiesWebAuthenticationDetails.java | 10 ++--
 ...ticatedWebAuthenticationDetailsSource.java | 11 +++--
 .../WebXmlMappableAttributesRetriever.java    | 11 +++--
 ...ticatedWebAuthenticationDetailsSource.java |  9 ++--
 .../x509/SubjectDnX509PrincipalExtractor.java | 16 +++---
 .../AbstractRememberMeServices.java           |  3 +-
 .../InMemoryTokenRepositoryImpl.java          |  4 +-
 .../rememberme/JdbcTokenRepositoryImpl.java   |  4 +-
 ...ersistentTokenBasedRememberMeServices.java |  2 +-
 .../TokenBasedRememberMeServices.java         | 22 ++++-----
 ...ractSessionFixationProtectionStrategy.java |  1 +
 .../ui/DefaultLoginPageGeneratingFilter.java  | 27 +++++-----
 .../ui/DefaultLogoutPageGeneratingFilter.java | 17 ++++---
 .../www/BasicAuthenticationConverter.java     |  4 +-
 .../www/BasicAuthenticationEntryPoint.java    |  2 +-
 .../www/DigestAuthenticationEntryPoint.java   |  1 +
 .../SecurityWebApplicationContextUtils.java   |  1 +
 .../security/web/debug/DebugFilter.java       | 12 +++--
 .../security/web/firewall/RequestWrapper.java |  6 +--
 .../web/firewall/StrictHttpFirewall.java      |  1 +
 .../header/writers/CompositeHeaderWriter.java |  7 +--
 .../ContentSecurityPolicyHeaderWriter.java    |  6 +--
 .../web/header/writers/HpkpHeaderWriter.java  | 18 ++++---
 ...ractRequestParameterAllowFromStrategy.java |  5 +-
 .../frameoptions/RegExpAllowFromStrategy.java |  4 +-
 .../frameoptions/StaticAllowFromStrategy.java |  3 +-
 .../XFrameOptionsHeaderWriter.java            |  6 +--
 .../security/web/http/SecurityHeaders.java    |  4 +-
 .../web/jackson2/CookieDeserializer.java      |  7 +--
 .../jackson2/DefaultSavedRequestMixin.java    |  1 +
 ...icatedAuthenticationTokenDeserializer.java |  6 +--
 ...AuthenticatedAuthenticationTokenMixin.java |  6 +--
 .../web/jackson2/SavedCookieMixin.java        |  6 ++-
 .../WebAuthenticationDetailsMixin.java        |  6 ++-
 .../web/jackson2/WebJackson2Module.java       |  6 +--
 .../jackson2/WebServletJackson2Module.java    |  6 +--
 ...thenticationPrincipalArgumentResolver.java |  4 +-
 .../view/CsrfRequestDataValueProcessor.java   |  8 +--
 .../web/savedrequest/CookieRequestCache.java  | 14 +++---
 .../web/savedrequest/DefaultSavedRequest.java | 17 +++++--
 .../web/savedrequest/FastHttpDateFormat.java  |  1 -
 .../savedrequest/HttpSessionRequestCache.java |  1 +
 .../web/savedrequest/SavedCookie.java         |  3 +-
 .../web/savedrequest/SimpleSavedRequest.java  |  7 +--
 .../server/DefaultServerRedirectStrategy.java |  7 +--
 ...egatingServerAuthenticationEntryPoint.java | 10 ++--
 .../server/MatcherSecurityWebFilterChain.java |  9 ++--
 .../web/server/SecurityWebFilterChain.java    |  5 +-
 ...erverFormLoginAuthenticationConverter.java |  6 +--
 ...erverHttpBasicAuthenticationConverter.java |  4 +-
 .../web/server/WebFilterChainProxy.java       |  6 +--
 ...tionConverterServerWebExchangeMatcher.java |  6 +--
 ...ingServerAuthenticationSuccessHandler.java | 11 +++--
 ...tpBasicServerAuthenticationEntryPoint.java |  4 +-
 .../HttpStatusServerEntryPoint.java           |  4 +-
 ...PreAuthenticatedAuthenticationManager.java |  3 +-
 ...edirectServerAuthenticationEntryPoint.java |  8 +--
 ...ectServerAuthenticationFailureHandler.java |  7 +--
 ...ectServerAuthenticationSuccessHandler.java |  7 +--
 .../ServerAuthenticationConverter.java        |  4 +-
 ...uthenticationEntryPointFailureHandler.java |  3 +-
 .../ServerAuthenticationFailureHandler.java   |  2 +-
 .../ServerAuthenticationSuccessHandler.java   |  3 +-
 ...erverFormLoginAuthenticationConverter.java |  3 +-
 ...erverHttpBasicAuthenticationConverter.java |  3 +-
 .../ServerX509AuthenticationConverter.java    |  7 +--
 .../authentication/SwitchUserWebFilter.java   | 13 ++---
 ...ainServerAuthenticationSuccessHandler.java |  3 +-
 .../HeaderWriterServerLogoutHandler.java      |  4 +-
 ...usReturningServerLogoutSuccessHandler.java |  4 +-
 .../RedirectServerLogoutSuccessHandler.java   |  7 +--
 .../SecurityContextServerLogoutHandler.java   |  5 +-
 .../logout/ServerLogoutHandler.java           |  3 +-
 .../logout/ServerLogoutSuccessHandler.java    |  3 +-
 .../authorization/AuthorizationContext.java   |  4 +-
 .../authorization/AuthorizationWebFilter.java |  4 +-
 ...elegatingReactiveAuthorizationManager.java | 12 ++---
 .../HttpStatusServerAccessDeniedHandler.java  | 10 ++--
 .../ServerAccessDeniedHandler.java            |  3 +-
 .../NoOpServerSecurityContextRepository.java  |  3 +-
 .../context/ReactorContextWebFilter.java      |  5 +-
 .../SecurityContextServerWebExchange.java     |  4 +-
 ...rityContextServerWebExchangeWebFilter.java |  3 +-
 .../ServerSecurityContextRepository.java      |  4 +-
 ...essionServerSecurityContextRepository.java |  4 +-
 .../csrf/CookieServerCsrfTokenRepository.java |  4 +-
 .../server/csrf/CsrfServerLogoutHandler.java  |  4 +-
 .../web/server/csrf/CsrfWebFilter.java        | 11 +++--
 .../csrf/ServerCsrfTokenRepository.java       |  3 +-
 .../WebSessionServerCsrfTokenRepository.java  | 14 +++---
 .../CacheControlServerHttpHeadersWriter.java  |  4 +-
 .../CompositeServerHttpHeadersWriter.java     |  7 +--
 ...entTypeOptionsServerHttpHeadersWriter.java |  3 +-
 .../header/HttpHeaderWriterWebFilter.java     |  4 +-
 .../header/ServerHttpHeadersWriter.java       |  4 +-
 .../header/StaticServerHttpHeadersWriter.java |  4 +-
 ...nsportSecurityServerHttpHeadersWriter.java |  4 +-
 ...entTypeOptionsServerHttpHeadersWriter.java |  4 +-
 .../XFrameOptionsServerHttpHeadersWriter.java |  4 +-
 ...XXssProtectionServerHttpHeadersWriter.java |  4 +-
 .../jackson2/WebServerJackson2Module.java     |  1 +
 .../CookieServerRequestCache.java             | 13 ++---
 .../savedrequest/NoOpServerRequestCache.java  |  7 +--
 .../savedrequest/ServerRequestCache.java      |  7 +--
 .../ServerRequestCacheWebFilter.java          |  3 +-
 .../WebSessionServerRequestCache.java         |  9 ++--
 .../ui/LoginPageGeneratingWebFilter.java      |  4 +-
 .../ui/LogoutPageGeneratingWebFilter.java     |  7 +--
 .../matcher/AndServerWebExchangeMatcher.java  | 15 +++---
 .../MediaTypeServerWebExchangeMatcher.java    |  2 +-
 .../NegatedServerWebExchangeMatcher.java      |  3 +-
 .../matcher/OrServerWebExchangeMatcher.java   |  5 +-
 ...PatternParserServerWebExchangeMatcher.java |  9 ++--
 .../matcher/ServerWebExchangeMatcher.java     |  3 +-
 .../matcher/ServerWebExchangeMatchers.java    |  9 ++--
 .../web/session/ConcurrentSessionFilter.java  |  2 +-
 .../session/HttpSessionDestroyedEvent.java    |  6 ++-
 .../session/HttpSessionEventPublisher.java    | 10 ++--
 .../session/HttpSessionIdChangedEvent.java    |  4 +-
 .../web/session/InvalidSessionStrategy.java   |  1 +
 .../SessionInformationExpiredStrategy.java    |  1 +
 .../SimpleRedirectInvalidSessionStrategy.java | 10 ++--
 .../web/util/matcher/AndRequestMatcher.java   |  2 +-
 .../web/util/matcher/AnyRequestMatcher.java   |  2 -
 .../web/util/matcher/ELRequestMatcher.java    |  1 -
 .../web/util/matcher/IpAddressMatcher.java    |  3 +-
 .../util/matcher/NegatedRequestMatcher.java   |  2 +-
 .../web/util/matcher/OrRequestMatcher.java    |  2 +-
 .../web/util/matcher/RegexRequestMatcher.java |  2 +-
 .../matcher/RequestHeaderRequestMatcher.java  |  1 -
 .../security/MockPortResolver.java            |  4 +-
 .../web/reactive/server/WebTestHandler.java   |  8 +--
 .../web/DefaultRedirectStrategyTests.java     |  5 +-
 .../security/web/FilterChainProxyTests.java   | 29 +++++++----
 .../security/web/FilterInvocationTests.java   |  8 +--
 .../security/web/PortMapperImplTests.java     |  6 +--
 .../security/web/PortResolverImplTests.java   |  7 +--
 ...tWebInvocationPrivilegeEvaluatorTests.java | 12 +++--
 .../DelegatingAccessDeniedHandlerTests.java   |  9 ++--
 .../ExceptionTranslationFilterTests.java      | 17 ++++---
 ...herDelegatingAccessDeniedHandlerTests.java |  1 +
 .../channel/ChannelProcessingFilterTests.java |  7 +--
 .../RetryWithHttpsEntryPointTests.java        | 20 ++++----
 .../channel/SecureChannelProcessorTests.java  |  9 ++--
 ...InvocationSecurityMetadataSourceTests.java |  7 +--
 .../expression/WebExpressionVoterTests.java   | 11 +++--
 .../WebSecurityExpressionRootTests.java       |  8 +--
 .../FilterSecurityInterceptorTests.java       | 24 ++++++---
 .../web/access/intercept/RequestKeyTests.java |  1 -
 ...ctAuthenticationProcessingFilterTests.java | 17 ++++---
 ...DefaultLoginPageGeneratingFilterTests.java | 17 ++++---
 ...gAuthenticationEntryPointContextTests.java |  7 ++-
 ...legatingAuthenticationEntryPointTests.java |  8 ++-
 ...tingAuthenticationFailureHandlerTests.java | 10 ++--
 ...pingAuthenticationFailureHandlerTests.java |  5 +-
 ...rwardAuthenticaionSuccessHandlerTests.java |  3 +-
 ...wardAuthenticationFailureHandlerTests.java |  1 +
 .../HttpStatusEntryPointTests.java            |  5 +-
 ...LoginUrlAuthenticationEntryPointTests.java |  8 +--
 ...wareAuthenticationSuccessHandlerTests.java |  9 ++--
 ...eUrlAuthenticationFailureHandlerTests.java |  7 +--
 ...eUrlAuthenticationSuccessHandlerTests.java |  8 +--
 ...namePasswordAuthenticationFilterTests.java | 10 ++--
 .../CookieClearingLogoutHandlerTests.java     |  7 +--
 .../ForwardLogoutSuccessHandlerTests.java     |  1 +
 .../logout/LogoutHandlerTests.java            |  7 ++-
 ...cessEventPublishingLogoutHandlerTests.java |  1 +
 .../SecurityContextLogoutHandlerTests.java    |  5 +-
 .../SimpleUrlLogoutSuccessHandlerTests.java   |  7 +--
 ...PreAuthenticatedProcessingFilterTests.java | 17 ++++---
 .../Http403ForbiddenEntryPointTests.java      |  6 +--
 ...henticatedAuthenticationProviderTests.java |  5 +-
 ...AuthenticatedAuthenticationTokenTests.java |  5 +-
 ...tedAuthoritiesUserDetailsServiceTests.java |  7 +--
 ...horitiesWebAuthenticationDetailsTests.java | 18 ++++---
 ...estAttributeAuthenticationFilterTests.java |  9 ++--
 ...equestHeaderAuthenticationFilterTests.java |  9 ++--
 ...edWebAuthenticationDetailsSourceTests.java |  7 +--
 ...PreAuthenticatedProcessingFilterTests.java |  5 +-
 .../WebXmlJ2eeDefinedRolesRetrieverTests.java |  5 +-
 ...PreAuthenticatedProcessingFilterTests.java | 14 +++---
 .../SubjectDnX509PrincipalExtractorTests.java |  7 ++-
 .../AbstractRememberMeServicesTests.java      |  5 +-
 .../JdbcTokenRepositoryImplTests.java         | 19 +++----
 .../NullRememberMeServicesTests.java          |  5 +-
 ...tentTokenBasedRememberMeServicesTests.java | 11 ++---
 .../RememberMeAuthenticationFilterTests.java  | 19 ++++---
 .../TokenBasedRememberMeServicesTests.java    | 14 ++++--
 ...iteSessionAuthenticationStrategyTests.java | 11 +++--
 ...ionControlAuthenticationStrategyTests.java | 11 +++--
 ...terSessionAuthenticationStrategyTests.java |  5 +-
 .../switchuser/SwitchUserFilterTests.java     |  1 +
 .../SwitchUserGrantedAuthorityTests.java      |  1 -
 ...efaultLogoutPageGeneratingFilterTests.java |  5 +-
 .../BasicAuthenticationConverterTests.java    | 11 +++--
 .../www/BasicAuthenticationFilterTests.java   | 14 ++++--
 .../www/DigestAuthUtilsTests.java             |  7 +--
 .../www/DigestAuthenticationFilterTests.java  |  1 +
 ...icationPrincipalArgumentResolverTests.java |  5 +-
 ...ecurityWebApplicationInitializerTests.java |  1 +
 ...SessionSecurityContextRepositoryTests.java |  1 +
 ...xtOnUpdateOrErrorResponseWrapperTests.java |  5 +-
 ...SecurityContextPersistenceFilterTests.java | 13 +++--
 ...extCallableProcessingInterceptorTests.java |  5 +-
 ...WebAsyncManagerIntegrationFilterTests.java |  7 +--
 .../csrf/CookieCsrfTokenRepositoryTests.java  |  5 +-
 .../web/csrf/CsrfLogoutHandlerTests.java      |  5 +-
 .../HttpSessionCsrfTokenRepositoryTests.java  |  5 +-
 .../security/web/debug/DebugFilterTests.java  | 15 +++---
 .../DefaultRequestRejectedHandlerTests.java   |  4 +-
 ...HttpStatusRequestRejectedHandlerTests.java |  6 +--
 .../web/firewall/RequestWrapperTests.java     | 11 +++--
 .../web/firewall/StrictHttpFirewallTests.java |  9 ++--
 .../writers/CompositeHeaderWriterTests.java   | 10 ++--
 ...ontentSecurityPolicyHeaderWriterTests.java |  1 +
 ...gatingRequestMatcherHeaderWriterTests.java |  9 ++--
 .../ReferrerPolicyHeaderWriterTests.java      |  2 +-
 .../XContentTypeOptionsHeaderWriterTests.java |  5 +-
 ...equestParameterAllowFromStrategyTests.java |  6 +--
 .../FrameOptionsHeaderWriterTests.java        |  9 ++--
 .../RegExpAllowFromStrategyTests.java         |  5 +-
 .../StaticAllowFromStrategyTests.java         |  8 +--
 .../WhiteListedAllowFromStrategyTests.java    |  7 +--
 .../JaasApiIntegrationFilterTests.java        |  5 +-
 ...nticatedAuthenticationTokenMixinTests.java |  6 +--
 ...icationPrincipalArgumentResolverTests.java |  5 +-
 .../CsrfTokenArgumentResolverTests.java       |  5 +-
 ...icationPrincipalArgumentResolverTests.java | 11 +++--
 .../CsrfRequestDataValueProcessorTests.java   | 11 +++--
 .../savedrequest/CookieRequestCacheTests.java |  9 ++--
 .../DefaultSavedRequestTests.java             |  8 +--
 .../HttpSessionRequestCacheTests.java         |  5 +-
 .../RequestCacheAwareFilterTests.java         |  8 +--
 .../web/savedrequest/SavedCookieTests.java    |  5 +-
 .../SavedRequestAwareWrapperTests.java        |  8 ++-
 .../savedrequest/SimpleSavedRequestTests.java |  2 +
 .../DefaultServerRedirectStrategyTests.java   |  5 +-
 ...ngServerAuthenticationEntryPointTests.java |  7 +--
 .../web/server/WebFilterChainProxyTests.java  |  9 ++--
 .../web/server/WebFilterExchangeTests.java    |  1 +
 ...AnonymousAuthenticationWebFilterTests.java |  3 +-
 .../AuthenticationWebFilterTests.java         |  4 +-
 ...rverAuthenticationSuccessHandlerTests.java | 13 ++---
 ...icServerAuthenticationEntryPointTests.java |  1 -
 .../HttpStatusServerEntryPointTests.java      |  5 +-
 ...thenticatedAuthenticationManagerTests.java |  7 +--
 ...ctServerAuthenticationEntryPointTests.java |  2 +-
 ...rverAuthenticationFailureHandlerTests.java |  5 +-
 ...rverAuthenticationSuccessHandlerTests.java |  7 +--
 ...FormLoginAuthenticationConverterTests.java |  3 +-
 ...erverX509AuthenticationConverterTests.java |  5 +-
 .../SwitchUserWebFilterTests.java             | 19 ++++---
 .../DelegatingServerLogoutHandlerTests.java   | 22 ++++-----
 .../HeaderWriterServerLogoutHandlerTests.java |  4 +-
 ...urningServerLogoutSuccessHandlerTests.java |  7 +--
 .../logout/LogoutWebFilterTests.java          |  4 +-
 .../AuthorizationWebFilterTests.java          |  7 +--
 ...tingReactiveAuthorizationManagerTests.java |  3 +-
 ...egatingServerAccessDeniedHandlerTests.java |  2 +-
 ...pServerSecurityContextRepositoryTests.java |  5 +-
 .../context/ReactorContextWebFilterTests.java | 12 +++--
 ...ontextServerWebExchangeWebFilterTests.java |  5 +-
 ...nServerSecurityContextRepositoryTests.java |  3 +-
 .../csrf/CsrfServerLogoutHandlerTests.java    |  8 +--
 .../web/server/csrf/CsrfWebFilterTests.java   |  7 +--
 ...SessionServerCsrfTokenRepositoryTests.java | 11 +++--
 ...heControlServerHttpHeadersWriterTests.java |  5 +-
 ...rSiteDataServerHttpHeadersWriterTests.java | 14 +++---
 ...CompositeServerHttpHeadersWriterTests.java | 23 ++++-----
 .../HttpHeaderWriterWebFilterTests.java       | 14 +++---
 .../StaticServerHttpHeadersWriterTests.java   |  5 +-
 ...tSecurityServerHttpHeadersWriterTests.java |  5 +-
 ...peOptionsServerHttpHeadersWriterTests.java |  5 +-
 ...meOptionsServerHttpHeadersWriterTests.java |  5 +-
 ...rotectionServerHttpHeadersWriterTests.java |  5 +-
 .../DefaultCsrfServerTokenMixinTests.java     |  5 +-
 .../CookieServerRequestCacheTests.java        |  7 +--
 .../ServerRequestCacheWebFilterTests.java     |  3 +-
 .../WebSessionServerRequestCacheTests.java    |  7 +--
 .../ui/LoginPageGeneratingWebFilterTests.java |  3 +-
 .../AndServerWebExchangeMatcherTests.java     |  7 +--
 .../NegatedServerWebExchangeMatcherTests.java |  1 +
 .../OrServerWebExchangeMatcherTests.java      |  7 +--
 ...hMatcherServerWebExchangeMatcherTests.java |  5 +-
 .../ServerWebExchangeMatchersTests.java       |  5 +-
 .../CsrfRequestDataValueProcessorTests.java   |  5 +-
 ...ultSessionAuthenticationStrategyTests.java |  8 +--
 .../HttpSessionDestroyedEventTests.java       |  7 +--
 .../HttpSessionEventPublisherTests.java       |  6 +--
 .../web/session/MockApplicationListener.java  |  2 -
 .../session/SessionManagementFilterTests.java | 13 +++--
 .../util/OnCommittedResponseWrapperTests.java |  8 ++-
 .../web/util/TextEscapeUtilsTests.java        |  5 +-
 .../web/util/ThrowableAnalyzerTests.java      |  6 +--
 .../security/web/util/UrlUtilsTests.java      |  4 +-
 .../util/matcher/AndRequestMatcherTests.java  |  9 ++--
 .../util/matcher/ELRequestMatcherTests.java   |  6 +--
 .../util/matcher/IpAddressMatcherTests.java   |  7 +--
 ...diaTypeRequestMatcherRequestHCNSTests.java |  6 +--
 .../matcher/MediaTypeRequestMatcherTests.java |  8 +--
 .../matcher/NegatedRequestMatcherTests.java   |  8 ++-
 .../util/matcher/OrRequestMatcherTests.java   |  8 ++-
 .../matcher/RegexRequestMatcherTests.java     |  7 +--
 .../RequestHeaderRequestMatcherTests.java     |  6 +--
 1381 files changed, 5449 insertions(+), 3969 deletions(-)

diff --git a/acl/src/main/java/org/springframework/security/acls/AclEntryVoter.java b/acl/src/main/java/org/springframework/security/acls/AclEntryVoter.java
index 97c722080e..d44ce0075a 100644
--- a/acl/src/main/java/org/springframework/security/acls/AclEntryVoter.java
+++ b/acl/src/main/java/org/springframework/security/acls/AclEntryVoter.java
@@ -24,6 +24,7 @@ import java.util.List;
 import org.aopalliance.intercept.MethodInvocation;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+
 import org.springframework.security.access.AuthorizationServiceException;
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.access.vote.AbstractAclVoter;
diff --git a/acl/src/main/java/org/springframework/security/acls/AclPermissionCacheOptimizer.java b/acl/src/main/java/org/springframework/security/acls/AclPermissionCacheOptimizer.java
index 1b87dea11a..240aed171e 100644
--- a/acl/src/main/java/org/springframework/security/acls/AclPermissionCacheOptimizer.java
+++ b/acl/src/main/java/org/springframework/security/acls/AclPermissionCacheOptimizer.java
@@ -21,6 +21,7 @@ import java.util.List;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+
 import org.springframework.security.access.PermissionCacheOptimizer;
 import org.springframework.security.acls.domain.ObjectIdentityRetrievalStrategyImpl;
 import org.springframework.security.acls.domain.SidRetrievalStrategyImpl;
diff --git a/acl/src/main/java/org/springframework/security/acls/AclPermissionEvaluator.java b/acl/src/main/java/org/springframework/security/acls/AclPermissionEvaluator.java
index 7cdfab8286..08a86995ef 100644
--- a/acl/src/main/java/org/springframework/security/acls/AclPermissionEvaluator.java
+++ b/acl/src/main/java/org/springframework/security/acls/AclPermissionEvaluator.java
@@ -22,6 +22,7 @@ import java.util.Locale;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+
 import org.springframework.security.access.PermissionEvaluator;
 import org.springframework.security.acls.domain.DefaultPermissionFactory;
 import org.springframework.security.acls.domain.ObjectIdentityRetrievalStrategyImpl;
diff --git a/acl/src/main/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationCollectionFilteringProvider.java b/acl/src/main/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationCollectionFilteringProvider.java
index 15c55da2bd..545e1f0e89 100644
--- a/acl/src/main/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationCollectionFilteringProvider.java
+++ b/acl/src/main/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationCollectionFilteringProvider.java
@@ -20,6 +20,7 @@ import java.util.List;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.access.AuthorizationServiceException;
 import org.springframework.security.access.ConfigAttribute;
diff --git a/acl/src/main/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationProvider.java b/acl/src/main/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationProvider.java
index 9d71753665..be28dc0811 100644
--- a/acl/src/main/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationProvider.java
+++ b/acl/src/main/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationProvider.java
@@ -20,6 +20,7 @@ import java.util.List;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+
 import org.springframework.context.MessageSource;
 import org.springframework.context.MessageSourceAware;
 import org.springframework.context.support.MessageSourceAccessor;
diff --git a/acl/src/main/java/org/springframework/security/acls/afterinvocation/CollectionFilterer.java b/acl/src/main/java/org/springframework/security/acls/afterinvocation/CollectionFilterer.java
index 0652c9ba73..9ca71e2b4d 100644
--- a/acl/src/main/java/org/springframework/security/acls/afterinvocation/CollectionFilterer.java
+++ b/acl/src/main/java/org/springframework/security/acls/afterinvocation/CollectionFilterer.java
@@ -16,14 +16,14 @@
 
 package org.springframework.security.acls.afterinvocation;
 
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
 import java.util.Collection;
 import java.util.HashSet;
 import java.util.Iterator;
 import java.util.Set;
 
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
 /**
  * A filter used to filter Collections.
  *
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/AccessControlEntryImpl.java b/acl/src/main/java/org/springframework/security/acls/domain/AccessControlEntryImpl.java
index 995a04b375..5c189c52d9 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/AccessControlEntryImpl.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/AccessControlEntryImpl.java
@@ -15,16 +15,15 @@
  */
 package org.springframework.security.acls.domain;
 
+import java.io.Serializable;
+
 import org.springframework.security.acls.model.AccessControlEntry;
 import org.springframework.security.acls.model.Acl;
 import org.springframework.security.acls.model.AuditableAccessControlEntry;
 import org.springframework.security.acls.model.Permission;
 import org.springframework.security.acls.model.Sid;
-
 import org.springframework.util.Assert;
 
-import java.io.Serializable;
-
 /**
  * An immutable default implementation of <code>AccessControlEntry</code>.
  *
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/AclAuthorizationStrategyImpl.java b/acl/src/main/java/org/springframework/security/acls/domain/AclAuthorizationStrategyImpl.java
index e899245736..60b887dd69 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/AclAuthorizationStrategyImpl.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/AclAuthorizationStrategyImpl.java
@@ -16,6 +16,10 @@
 
 package org.springframework.security.acls.domain;
 
+import java.util.Arrays;
+import java.util.List;
+import java.util.Set;
+
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.acls.model.Acl;
 import org.springframework.security.acls.model.Sid;
@@ -26,10 +30,6 @@ import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.util.Assert;
 
-import java.util.Arrays;
-import java.util.List;
-import java.util.Set;
-
 /**
  * Default implementation of {@link AclAuthorizationStrategy}.
  * <p>
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/ConsoleAuditLogger.java b/acl/src/main/java/org/springframework/security/acls/domain/ConsoleAuditLogger.java
index b205b3b10f..84f2b99e8e 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/ConsoleAuditLogger.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/ConsoleAuditLogger.java
@@ -17,7 +17,6 @@ package org.springframework.security.acls.domain;
 
 import org.springframework.security.acls.model.AccessControlEntry;
 import org.springframework.security.acls.model.AuditableAccessControlEntry;
-
 import org.springframework.util.Assert;
 
 /**
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/GrantedAuthoritySid.java b/acl/src/main/java/org/springframework/security/acls/domain/GrantedAuthoritySid.java
index 692351904f..abc1b19aaf 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/GrantedAuthoritySid.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/GrantedAuthoritySid.java
@@ -17,7 +17,6 @@ package org.springframework.security.acls.domain;
 
 import org.springframework.security.acls.model.Sid;
 import org.springframework.security.core.GrantedAuthority;
-
 import org.springframework.util.Assert;
 
 /**
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/PrincipalSid.java b/acl/src/main/java/org/springframework/security/acls/domain/PrincipalSid.java
index 59e1b64840..22326bd469 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/PrincipalSid.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/PrincipalSid.java
@@ -17,7 +17,6 @@ package org.springframework.security.acls.domain;
 
 import org.springframework.security.acls.model.Sid;
 import org.springframework.security.core.Authentication;
-
 import org.springframework.util.Assert;
 
 /**
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/SpringCacheBasedAclCache.java b/acl/src/main/java/org/springframework/security/acls/domain/SpringCacheBasedAclCache.java
index 6619077c8c..a2e9eda533 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/SpringCacheBasedAclCache.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/SpringCacheBasedAclCache.java
@@ -15,6 +15,8 @@
  */
 package org.springframework.security.acls.domain;
 
+import java.io.Serializable;
+
 import org.springframework.cache.Cache;
 import org.springframework.security.acls.model.AclCache;
 import org.springframework.security.acls.model.MutableAcl;
@@ -23,8 +25,6 @@ import org.springframework.security.acls.model.PermissionGrantingStrategy;
 import org.springframework.security.util.FieldUtils;
 import org.springframework.util.Assert;
 
-import java.io.Serializable;
-
 /**
  * Simple implementation of {@link org.springframework.security.acls.model.AclCache} that
  * delegates to {@link Cache} implementation.
diff --git a/acl/src/main/java/org/springframework/security/acls/jdbc/AclClassIdUtils.java b/acl/src/main/java/org/springframework/security/acls/jdbc/AclClassIdUtils.java
index 27b132d1ad..a244cbf1f4 100644
--- a/acl/src/main/java/org/springframework/security/acls/jdbc/AclClassIdUtils.java
+++ b/acl/src/main/java/org/springframework/security/acls/jdbc/AclClassIdUtils.java
@@ -22,6 +22,7 @@ import java.util.UUID;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+
 import org.springframework.core.convert.ConversionFailedException;
 import org.springframework.core.convert.ConversionService;
 import org.springframework.core.convert.TypeDescriptor;
diff --git a/acl/src/main/java/org/springframework/security/acls/jdbc/JdbcAclService.java b/acl/src/main/java/org/springframework/security/acls/jdbc/JdbcAclService.java
index 8c531e353b..c6d2479b34 100644
--- a/acl/src/main/java/org/springframework/security/acls/jdbc/JdbcAclService.java
+++ b/acl/src/main/java/org/springframework/security/acls/jdbc/JdbcAclService.java
@@ -24,6 +24,7 @@ import javax.sql.DataSource;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+
 import org.springframework.core.convert.ConversionService;
 import org.springframework.jdbc.core.JdbcOperations;
 import org.springframework.jdbc.core.JdbcTemplate;
diff --git a/acl/src/main/java/org/springframework/security/acls/jdbc/LookupStrategy.java b/acl/src/main/java/org/springframework/security/acls/jdbc/LookupStrategy.java
index 592bf4f38b..a7cfa4a8a6 100644
--- a/acl/src/main/java/org/springframework/security/acls/jdbc/LookupStrategy.java
+++ b/acl/src/main/java/org/springframework/security/acls/jdbc/LookupStrategy.java
@@ -15,14 +15,14 @@
  */
 package org.springframework.security.acls.jdbc;
 
+import java.util.List;
+import java.util.Map;
+
 import org.springframework.security.acls.model.Acl;
 import org.springframework.security.acls.model.NotFoundException;
 import org.springframework.security.acls.model.ObjectIdentity;
 import org.springframework.security.acls.model.Sid;
 
-import java.util.List;
-import java.util.Map;
-
 /**
  * Performs lookups for {@link org.springframework.security.acls.model.AclService}.
  *
diff --git a/acl/src/main/java/org/springframework/security/acls/model/AclCache.java b/acl/src/main/java/org/springframework/security/acls/model/AclCache.java
index d2dd0a33d4..40857863f6 100644
--- a/acl/src/main/java/org/springframework/security/acls/model/AclCache.java
+++ b/acl/src/main/java/org/springframework/security/acls/model/AclCache.java
@@ -15,10 +15,10 @@
  */
 package org.springframework.security.acls.model;
 
-import org.springframework.security.acls.jdbc.JdbcAclService;
-
 import java.io.Serializable;
 
+import org.springframework.security.acls.jdbc.JdbcAclService;
+
 /**
  * A caching layer for {@link JdbcAclService}.
  *
diff --git a/acl/src/test/java/org/springframework/security/acls/AclFormattingUtilsTests.java b/acl/src/test/java/org/springframework/security/acls/AclFormattingUtilsTests.java
index 474e6db55c..2d22d6a8eb 100644
--- a/acl/src/test/java/org/springframework/security/acls/AclFormattingUtilsTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/AclFormattingUtilsTests.java
@@ -15,13 +15,14 @@
  */
 package org.springframework.security.acls;
 
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.fail;
-
 import org.junit.Test;
+
 import org.springframework.security.acls.domain.AclFormattingUtils;
 import org.springframework.security.acls.model.Permission;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.fail;
+
 /**
  * Tests for {@link AclFormattingUtils}.
  *
diff --git a/acl/src/test/java/org/springframework/security/acls/AclPermissionCacheOptimizerTests.java b/acl/src/test/java/org/springframework/security/acls/AclPermissionCacheOptimizerTests.java
index f922d20c9c..482508791c 100644
--- a/acl/src/test/java/org/springframework/security/acls/AclPermissionCacheOptimizerTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/AclPermissionCacheOptimizerTests.java
@@ -15,9 +15,12 @@
  */
 package org.springframework.security.acls;
 
-import static org.mockito.Mockito.*;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
 
 import org.junit.Test;
+
 import org.springframework.security.acls.domain.ObjectIdentityImpl;
 import org.springframework.security.acls.model.AclService;
 import org.springframework.security.acls.model.ObjectIdentity;
@@ -25,9 +28,12 @@ import org.springframework.security.acls.model.ObjectIdentityRetrievalStrategy;
 import org.springframework.security.acls.model.SidRetrievalStrategy;
 import org.springframework.security.core.Authentication;
 
-import java.util.Arrays;
-import java.util.Collections;
-import java.util.List;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.verifyZeroInteractions;
+import static org.mockito.Mockito.when;
 
 /**
  * @author Luke Taylor
diff --git a/acl/src/test/java/org/springframework/security/acls/AclPermissionEvaluatorTests.java b/acl/src/test/java/org/springframework/security/acls/AclPermissionEvaluatorTests.java
index 148083b750..be86bd47a3 100644
--- a/acl/src/test/java/org/springframework/security/acls/AclPermissionEvaluatorTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/AclPermissionEvaluatorTests.java
@@ -15,13 +15,10 @@
  */
 package org.springframework.security.acls;
 
-import static org.assertj.core.api.Assertions.*;
-
-import static org.mockito.Mockito.*;
-
 import java.util.Locale;
 
 import org.junit.Test;
+
 import org.springframework.security.acls.model.Acl;
 import org.springframework.security.acls.model.AclService;
 import org.springframework.security.acls.model.ObjectIdentity;
@@ -29,6 +26,13 @@ import org.springframework.security.acls.model.ObjectIdentityRetrievalStrategy;
 import org.springframework.security.acls.model.SidRetrievalStrategy;
 import org.springframework.security.core.Authentication;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.anyList;
+import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
 /**
  * @author Luke Taylor
  * @since 3.0
diff --git a/acl/src/test/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationCollectionFilteringProviderTests.java b/acl/src/test/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationCollectionFilteringProviderTests.java
index f9a1c8f4b6..b3be3ab76f 100644
--- a/acl/src/test/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationCollectionFilteringProviderTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationCollectionFilteringProviderTests.java
@@ -15,21 +15,31 @@
  */
 package org.springframework.security.acls.afterinvocation;
 
-import static org.assertj.core.api.Assertions.*;
-
-import static org.mockito.Mockito.*;
-
-import org.junit.Test;
-import org.springframework.security.access.ConfigAttribute;
-import org.springframework.security.access.SecurityConfig;
-import org.springframework.security.acls.model.*;
-import org.springframework.security.core.Authentication;
-
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collections;
 import java.util.List;
 
+import org.junit.Test;
+
+import org.springframework.security.access.ConfigAttribute;
+import org.springframework.security.access.SecurityConfig;
+import org.springframework.security.acls.model.Acl;
+import org.springframework.security.acls.model.AclService;
+import org.springframework.security.acls.model.ObjectIdentity;
+import org.springframework.security.acls.model.ObjectIdentityRetrievalStrategy;
+import org.springframework.security.acls.model.Permission;
+import org.springframework.security.acls.model.SidRetrievalStrategy;
+import org.springframework.security.core.Authentication;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.anyBoolean;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.never;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+
 /**
  * @author Luke Taylor
  */
diff --git a/acl/src/test/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationProviderTests.java b/acl/src/test/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationProviderTests.java
index a541f72215..25bd9eb591 100644
--- a/acl/src/test/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationProviderTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationProviderTests.java
@@ -15,21 +15,34 @@
  */
 package org.springframework.security.acls.afterinvocation;
 
-import static org.assertj.core.api.Assertions.*;
-import static org.mockito.Mockito.*;
-
-import org.junit.Test;
-import org.springframework.security.access.AccessDeniedException;
-import org.springframework.security.access.ConfigAttribute;
-import org.springframework.security.access.SecurityConfig;
-import org.springframework.security.acls.model.*;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.SpringSecurityMessageSource;
-
 import java.util.Arrays;
 import java.util.Collections;
 import java.util.List;
 
+import org.junit.Test;
+
+import org.springframework.security.access.AccessDeniedException;
+import org.springframework.security.access.ConfigAttribute;
+import org.springframework.security.access.SecurityConfig;
+import org.springframework.security.acls.model.Acl;
+import org.springframework.security.acls.model.AclService;
+import org.springframework.security.acls.model.NotFoundException;
+import org.springframework.security.acls.model.ObjectIdentity;
+import org.springframework.security.acls.model.ObjectIdentityRetrievalStrategy;
+import org.springframework.security.acls.model.Permission;
+import org.springframework.security.acls.model.SidRetrievalStrategy;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.SpringSecurityMessageSource;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.fail;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.anyBoolean;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.never;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+
 /**
  * @author Luke Taylor
  */
diff --git a/acl/src/test/java/org/springframework/security/acls/domain/AccessControlImplEntryTests.java b/acl/src/test/java/org/springframework/security/acls/domain/AccessControlImplEntryTests.java
index 50d861a6c0..fcff571629 100644
--- a/acl/src/test/java/org/springframework/security/acls/domain/AccessControlImplEntryTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/domain/AccessControlImplEntryTests.java
@@ -15,16 +15,19 @@
  */
 package org.springframework.security.acls.domain;
 
-import static org.assertj.core.api.Assertions.*;
-import static org.mockito.Mockito.*;
-
 import org.junit.Test;
+
 import org.springframework.security.acls.model.AccessControlEntry;
 import org.springframework.security.acls.model.Acl;
 import org.springframework.security.acls.model.AuditableAccessControlEntry;
 import org.springframework.security.acls.model.ObjectIdentity;
 import org.springframework.security.acls.model.Sid;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.fail;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
 /**
  * Tests for {@link AccessControlEntryImpl}.
  *
diff --git a/acl/src/test/java/org/springframework/security/acls/domain/AclAuthorizationStrategyImplTests.java b/acl/src/test/java/org/springframework/security/acls/domain/AclAuthorizationStrategyImplTests.java
index 348122d0c4..219c434806 100644
--- a/acl/src/test/java/org/springframework/security/acls/domain/AclAuthorizationStrategyImplTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/domain/AclAuthorizationStrategyImplTests.java
@@ -23,6 +23,7 @@ import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
+
 import org.springframework.security.acls.model.Acl;
 import org.springframework.security.authentication.TestingAuthenticationToken;
 import org.springframework.security.core.GrantedAuthority;
diff --git a/acl/src/test/java/org/springframework/security/acls/domain/AclImplTests.java b/acl/src/test/java/org/springframework/security/acls/domain/AclImplTests.java
index 56e177e5ed..187b1a6631 100644
--- a/acl/src/test/java/org/springframework/security/acls/domain/AclImplTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/domain/AclImplTests.java
@@ -15,19 +15,38 @@
  */
 package org.springframework.security.acls.domain;
 
-import static org.assertj.core.api.Assertions.*;
-import static org.mockito.Mockito.*;
+import java.lang.reflect.Field;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+import java.util.Map;
 
-import org.junit.*;
-import org.springframework.security.acls.model.*;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+
+import org.springframework.security.acls.model.AccessControlEntry;
+import org.springframework.security.acls.model.Acl;
+import org.springframework.security.acls.model.AlreadyExistsException;
+import org.springframework.security.acls.model.AuditableAccessControlEntry;
+import org.springframework.security.acls.model.AuditableAcl;
+import org.springframework.security.acls.model.ChildrenExistException;
+import org.springframework.security.acls.model.MutableAcl;
+import org.springframework.security.acls.model.MutableAclService;
+import org.springframework.security.acls.model.NotFoundException;
+import org.springframework.security.acls.model.ObjectIdentity;
+import org.springframework.security.acls.model.Permission;
+import org.springframework.security.acls.model.PermissionGrantingStrategy;
+import org.springframework.security.acls.model.Sid;
 import org.springframework.security.authentication.TestingAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.util.FieldUtils;
 
-import java.lang.reflect.Field;
-import java.util.*;
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.fail;
+import static org.mockito.Mockito.mock;
 
 /**
  * Tests for {@link AclImpl}.
diff --git a/acl/src/test/java/org/springframework/security/acls/domain/AclImplementationSecurityCheckTests.java b/acl/src/test/java/org/springframework/security/acls/domain/AclImplementationSecurityCheckTests.java
index ad4c88035c..3d92896b3b 100644
--- a/acl/src/test/java/org/springframework/security/acls/domain/AclImplementationSecurityCheckTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/domain/AclImplementationSecurityCheckTests.java
@@ -15,9 +15,10 @@
  */
 package org.springframework.security.acls.domain;
 
-import static org.assertj.core.api.Assertions.*;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
 
-import org.junit.*;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.acls.model.Acl;
 import org.springframework.security.acls.model.MutableAcl;
@@ -28,6 +29,8 @@ import org.springframework.security.core.Authentication;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.context.SecurityContextHolder;
 
+import static org.assertj.core.api.Assertions.fail;
+
 /**
  * Test class for {@link AclAuthorizationStrategyImpl} and {@link AclImpl} security
  * checks.
diff --git a/acl/src/test/java/org/springframework/security/acls/domain/AuditLoggerTests.java b/acl/src/test/java/org/springframework/security/acls/domain/AuditLoggerTests.java
index 3d7a40d220..491bffcc4f 100644
--- a/acl/src/test/java/org/springframework/security/acls/domain/AuditLoggerTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/domain/AuditLoggerTests.java
@@ -15,18 +15,20 @@
  */
 package org.springframework.security.acls.domain;
 
-import static org.assertj.core.api.Assertions.*;
-import static org.mockito.Mockito.*;
-
 import java.io.ByteArrayOutputStream;
 import java.io.PrintStream;
 
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.security.acls.model.AccessControlEntry;
 import org.springframework.security.acls.model.AuditableAccessControlEntry;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
 /**
  * Test class for {@link ConsoleAuditLogger}.
  *
diff --git a/acl/src/test/java/org/springframework/security/acls/domain/ObjectIdentityImplTests.java b/acl/src/test/java/org/springframework/security/acls/domain/ObjectIdentityImplTests.java
index 3d894eb24d..160f233fab 100644
--- a/acl/src/test/java/org/springframework/security/acls/domain/ObjectIdentityImplTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/domain/ObjectIdentityImplTests.java
@@ -15,13 +15,13 @@
  */
 package org.springframework.security.acls.domain;
 
-import static org.assertj.core.api.Assertions.*;
-
 import org.junit.Test;
-import org.springframework.security.acls.domain.IdentityUnavailableException;
-import org.springframework.security.acls.domain.ObjectIdentityImpl;
+
 import org.springframework.security.acls.model.ObjectIdentity;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.fail;
+
 /**
  * Tests for {@link ObjectIdentityImpl}.
  *
diff --git a/acl/src/test/java/org/springframework/security/acls/domain/ObjectIdentityRetrievalStrategyImplTests.java b/acl/src/test/java/org/springframework/security/acls/domain/ObjectIdentityRetrievalStrategyImplTests.java
index 4f3af00026..30d894d2ed 100644
--- a/acl/src/test/java/org/springframework/security/acls/domain/ObjectIdentityRetrievalStrategyImplTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/domain/ObjectIdentityRetrievalStrategyImplTests.java
@@ -15,12 +15,13 @@
  */
 package org.springframework.security.acls.domain;
 
-import static org.assertj.core.api.Assertions.assertThat;
-
 import org.junit.Test;
+
 import org.springframework.security.acls.model.ObjectIdentity;
 import org.springframework.security.acls.model.ObjectIdentityRetrievalStrategy;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 /**
  * Tests for {@link ObjectIdentityRetrievalStrategyImpl}
  *
diff --git a/acl/src/test/java/org/springframework/security/acls/domain/PermissionTests.java b/acl/src/test/java/org/springframework/security/acls/domain/PermissionTests.java
index af6f1ed928..518b908be3 100644
--- a/acl/src/test/java/org/springframework/security/acls/domain/PermissionTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/domain/PermissionTests.java
@@ -15,12 +15,13 @@
  */
 package org.springframework.security.acls.domain;
 
-import static org.assertj.core.api.Assertions.*;
-
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.security.acls.model.Permission;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 /**
  * Tests classes associated with Permission.
  *
diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/AbstractBasicLookupStrategyTests.java b/acl/src/test/java/org/springframework/security/acls/jdbc/AbstractBasicLookupStrategyTests.java
index 5ed871af84..4aa9a8e0e4 100644
--- a/acl/src/test/java/org/springframework/security/acls/jdbc/AbstractBasicLookupStrategyTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/jdbc/AbstractBasicLookupStrategyTests.java
@@ -15,17 +15,35 @@
  */
 package org.springframework.security.acls.jdbc;
 
-import static org.assertj.core.api.Assertions.*;
+import java.util.Arrays;
+import java.util.List;
+import java.util.Map;
+import java.util.UUID;
+
+import javax.sql.DataSource;
 
 import net.sf.ehcache.Cache;
 import net.sf.ehcache.CacheManager;
 import net.sf.ehcache.Ehcache;
+import org.junit.After;
+import org.junit.AfterClass;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
 
-import org.junit.*;
 import org.springframework.jdbc.core.JdbcTemplate;
 import org.springframework.security.acls.TargetObject;
 import org.springframework.security.acls.TargetObjectWithUUID;
-import org.springframework.security.acls.domain.*;
+import org.springframework.security.acls.domain.AclAuthorizationStrategy;
+import org.springframework.security.acls.domain.AclAuthorizationStrategyImpl;
+import org.springframework.security.acls.domain.BasePermission;
+import org.springframework.security.acls.domain.ConsoleAuditLogger;
+import org.springframework.security.acls.domain.DefaultPermissionFactory;
+import org.springframework.security.acls.domain.DefaultPermissionGrantingStrategy;
+import org.springframework.security.acls.domain.EhCacheBasedAclCache;
+import org.springframework.security.acls.domain.GrantedAuthoritySid;
+import org.springframework.security.acls.domain.ObjectIdentityImpl;
+import org.springframework.security.acls.domain.PrincipalSid;
 import org.springframework.security.acls.model.Acl;
 import org.springframework.security.acls.model.AuditableAccessControlEntry;
 import org.springframework.security.acls.model.MutableAcl;
@@ -35,9 +53,8 @@ import org.springframework.security.acls.model.Permission;
 import org.springframework.security.acls.model.Sid;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 
-import java.util.*;
-
-import javax.sql.DataSource;
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.fail;
 
 /**
  * Tests {@link BasicLookupStrategy}
diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/AclClassIdUtilsTests.java b/acl/src/test/java/org/springframework/security/acls/jdbc/AclClassIdUtilsTests.java
index ecc16ffa3d..8cea9d0570 100644
--- a/acl/src/test/java/org/springframework/security/acls/jdbc/AclClassIdUtilsTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/jdbc/AclClassIdUtilsTests.java
@@ -15,19 +15,20 @@
  */
 package org.springframework.security.acls.jdbc;
 
-import org.junit.Before;
-import org.junit.Test;
-import org.junit.runner.RunWith;
-import org.mockito.Mock;
-import org.mockito.junit.MockitoJUnitRunner;
-import org.springframework.core.convert.ConversionService;
-
 import java.io.Serializable;
 import java.math.BigInteger;
 import java.sql.ResultSet;
 import java.sql.SQLException;
 import java.util.UUID;
 
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.Mock;
+import org.mockito.junit.MockitoJUnitRunner;
+
+import org.springframework.core.convert.ConversionService;
+
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.BDDMockito.given;
 
diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/BasicLookupStrategyTests.java b/acl/src/test/java/org/springframework/security/acls/jdbc/BasicLookupStrategyTests.java
index 2116fdb0bf..82b5f1286d 100644
--- a/acl/src/test/java/org/springframework/security/acls/jdbc/BasicLookupStrategyTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/jdbc/BasicLookupStrategyTests.java
@@ -19,6 +19,7 @@ import javax.sql.DataSource;
 
 import org.junit.AfterClass;
 import org.junit.BeforeClass;
+
 import org.springframework.jdbc.core.JdbcTemplate;
 
 /**
diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/BasicLookupStrategyWithAclClassTypeTests.java b/acl/src/test/java/org/springframework/security/acls/jdbc/BasicLookupStrategyWithAclClassTypeTests.java
index 9ac5360675..f540a9e9ab 100644
--- a/acl/src/test/java/org/springframework/security/acls/jdbc/BasicLookupStrategyWithAclClassTypeTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/jdbc/BasicLookupStrategyWithAclClassTypeTests.java
@@ -20,10 +20,12 @@ import java.util.Map;
 
 import javax.sql.DataSource;
 
+import junit.framework.Assert;
 import org.junit.AfterClass;
 import org.junit.Before;
 import org.junit.BeforeClass;
 import org.junit.Test;
+
 import org.springframework.core.convert.ConversionFailedException;
 import org.springframework.core.convert.support.DefaultConversionService;
 import org.springframework.jdbc.core.JdbcTemplate;
@@ -34,8 +36,6 @@ import org.springframework.security.acls.domain.ObjectIdentityImpl;
 import org.springframework.security.acls.model.Acl;
 import org.springframework.security.acls.model.ObjectIdentity;
 
-import junit.framework.Assert;
-
 /**
  * Tests {@link BasicLookupStrategy} with Acl Class type id set to UUID.
  *
diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/DatabaseSeeder.java b/acl/src/test/java/org/springframework/security/acls/jdbc/DatabaseSeeder.java
index 37ae9eb3d9..f9368db79c 100644
--- a/acl/src/test/java/org/springframework/security/acls/jdbc/DatabaseSeeder.java
+++ b/acl/src/test/java/org/springframework/security/acls/jdbc/DatabaseSeeder.java
@@ -15,17 +15,15 @@
  */
 package org.springframework.security.acls.jdbc;
 
-import org.springframework.core.io.Resource;
-
-import org.springframework.jdbc.core.JdbcTemplate;
-
-import org.springframework.util.Assert;
-import org.springframework.util.FileCopyUtils;
-
 import java.io.IOException;
 
 import javax.sql.DataSource;
 
+import org.springframework.core.io.Resource;
+import org.springframework.jdbc.core.JdbcTemplate;
+import org.springframework.util.Assert;
+import org.springframework.util.FileCopyUtils;
+
 /**
  * Seeds the database for {@link JdbcMutableAclServiceTests}.
  *
diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/EhCacheBasedAclCacheTests.java b/acl/src/test/java/org/springframework/security/acls/jdbc/EhCacheBasedAclCacheTests.java
index 7cec850f45..008345bf25 100644
--- a/acl/src/test/java/org/springframework/security/acls/jdbc/EhCacheBasedAclCacheTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/jdbc/EhCacheBasedAclCacheTests.java
@@ -15,9 +15,6 @@
  */
 package org.springframework.security.acls.jdbc;
 
-import static org.mockito.Mockito.*;
-import static org.assertj.core.api.Assertions.*;
-
 import java.io.File;
 import java.io.FileInputStream;
 import java.io.FileOutputStream;
@@ -28,7 +25,6 @@ import java.util.List;
 
 import net.sf.ehcache.Ehcache;
 import net.sf.ehcache.Element;
-
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
@@ -37,7 +33,14 @@ import org.mockito.ArgumentCaptor;
 import org.mockito.Captor;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
-import org.springframework.security.acls.domain.*;
+
+import org.springframework.security.acls.domain.AclAuthorizationStrategy;
+import org.springframework.security.acls.domain.AclAuthorizationStrategyImpl;
+import org.springframework.security.acls.domain.AclImpl;
+import org.springframework.security.acls.domain.ConsoleAuditLogger;
+import org.springframework.security.acls.domain.DefaultPermissionGrantingStrategy;
+import org.springframework.security.acls.domain.EhCacheBasedAclCache;
+import org.springframework.security.acls.domain.ObjectIdentityImpl;
 import org.springframework.security.acls.model.MutableAcl;
 import org.springframework.security.acls.model.ObjectIdentity;
 import org.springframework.security.authentication.TestingAuthenticationToken;
@@ -47,6 +50,12 @@ import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.util.FieldUtils;
 import org.springframework.test.util.ReflectionTestUtils;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.fail;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+
 /**
  * Tests {@link EhCacheBasedAclCache}
  *
diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcAclServiceTests.java b/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcAclServiceTests.java
index 1445c35aa4..3176a54592 100644
--- a/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcAclServiceTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcAclServiceTests.java
@@ -15,12 +15,22 @@
  */
 package org.springframework.security.acls.jdbc;
 
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.UUID;
+
+import javax.sql.DataSource;
+
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
+
 import org.springframework.jdbc.core.JdbcOperations;
 import org.springframework.jdbc.core.RowMapper;
 import org.springframework.jdbc.datasource.embedded.EmbeddedDatabase;
@@ -32,12 +42,11 @@ import org.springframework.security.acls.model.NotFoundException;
 import org.springframework.security.acls.model.ObjectIdentity;
 import org.springframework.security.acls.model.Sid;
 
-import javax.sql.DataSource;
-import java.util.*;
-
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.AdditionalMatchers.aryEq;
-import static org.mockito.ArgumentMatchers.*;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.anyList;
+import static org.mockito.ArgumentMatchers.anyString;
 import static org.mockito.Mockito.when;
 
 /**
diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTests.java b/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTests.java
index af6adccc34..df0d18603d 100644
--- a/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTests.java
@@ -15,9 +15,6 @@
  */
 package org.springframework.security.acls.jdbc;
 
-import static org.assertj.core.api.Assertions.*;
-import static org.mockito.Mockito.*;
-
 import java.util.Arrays;
 import java.util.List;
 import java.util.Map;
@@ -25,6 +22,7 @@ import java.util.Map;
 import javax.sql.DataSource;
 
 import org.junit.Test;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.core.io.ClassPathResource;
 import org.springframework.jdbc.core.JdbcTemplate;
@@ -55,6 +53,11 @@ import org.springframework.test.context.transaction.AfterTransaction;
 import org.springframework.test.context.transaction.BeforeTransaction;
 import org.springframework.transaction.annotation.Transactional;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.fail;
+import static org.mockito.Mockito.spy;
+import static org.mockito.Mockito.when;
+
 /**
  * Integration tests the ACL system using an in-memory database.
  *
diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTestsWithAclClassId.java b/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTestsWithAclClassId.java
index 397dfc4820..2a822ce95f 100644
--- a/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTestsWithAclClassId.java
+++ b/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTestsWithAclClassId.java
@@ -15,11 +15,10 @@
  */
 package org.springframework.security.acls.jdbc;
 
-import static org.assertj.core.api.Assertions.assertThat;
-
 import java.util.UUID;
 
 import org.junit.Test;
+
 import org.springframework.security.acls.TargetObjectWithUUID;
 import org.springframework.security.acls.domain.ObjectIdentityImpl;
 import org.springframework.security.acls.model.ObjectIdentity;
@@ -27,6 +26,8 @@ import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.test.context.ContextConfiguration;
 import org.springframework.transaction.annotation.Transactional;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 /**
  * Integration tests the ACL system using ACL class id type of UUID and using an in-memory
  * database.
diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/SpringCacheBasedAclCacheTests.java b/acl/src/test/java/org/springframework/security/acls/jdbc/SpringCacheBasedAclCacheTests.java
index 6b9368af6c..94d1fd7e8b 100644
--- a/acl/src/test/java/org/springframework/security/acls/jdbc/SpringCacheBasedAclCacheTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/jdbc/SpringCacheBasedAclCacheTests.java
@@ -15,13 +15,23 @@
  */
 package org.springframework.security.acls.jdbc;
 
+import java.util.Map;
+
 import org.junit.After;
 import org.junit.BeforeClass;
 import org.junit.Test;
+
 import org.springframework.cache.Cache;
 import org.springframework.cache.CacheManager;
 import org.springframework.cache.concurrent.ConcurrentMapCacheManager;
-import org.springframework.security.acls.domain.*;
+import org.springframework.security.acls.domain.AclAuthorizationStrategy;
+import org.springframework.security.acls.domain.AclAuthorizationStrategyImpl;
+import org.springframework.security.acls.domain.AclImpl;
+import org.springframework.security.acls.domain.AuditLogger;
+import org.springframework.security.acls.domain.ConsoleAuditLogger;
+import org.springframework.security.acls.domain.DefaultPermissionGrantingStrategy;
+import org.springframework.security.acls.domain.ObjectIdentityImpl;
+import org.springframework.security.acls.domain.SpringCacheBasedAclCache;
 import org.springframework.security.acls.model.MutableAcl;
 import org.springframework.security.acls.model.ObjectIdentity;
 import org.springframework.security.acls.model.PermissionGrantingStrategy;
@@ -31,9 +41,7 @@ import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.util.FieldUtils;
 
-import java.util.Map;
-
-import static org.assertj.core.api.Assertions.*;
+import static org.assertj.core.api.Assertions.assertThat;
 
 /**
  * Tests {@link org.springframework.security.acls.domain.SpringCacheBasedAclCache}
diff --git a/acl/src/test/java/org/springframework/security/acls/sid/SidRetrievalStrategyTests.java b/acl/src/test/java/org/springframework/security/acls/sid/SidRetrievalStrategyTests.java
index 9f96fa4ebd..a992aea93f 100644
--- a/acl/src/test/java/org/springframework/security/acls/sid/SidRetrievalStrategyTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/sid/SidRetrievalStrategyTests.java
@@ -15,12 +15,10 @@
  */
 package org.springframework.security.acls.sid;
 
-import static org.assertj.core.api.Assertions.*;
-import static org.mockito.Mockito.*;
-
 import java.util.List;
 
 import org.junit.Test;
+
 import org.springframework.security.access.hierarchicalroles.RoleHierarchy;
 import org.springframework.security.acls.domain.GrantedAuthoritySid;
 import org.springframework.security.acls.domain.PrincipalSid;
@@ -31,6 +29,11 @@ import org.springframework.security.authentication.TestingAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.authority.AuthorityUtils;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.ArgumentMatchers.anyCollection;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
 /**
  * Tests for {@link SidRetrievalStrategyImpl}
  *
diff --git a/acl/src/test/java/org/springframework/security/acls/sid/SidTests.java b/acl/src/test/java/org/springframework/security/acls/sid/SidTests.java
index 35e820af04..3087cf5372 100644
--- a/acl/src/test/java/org/springframework/security/acls/sid/SidTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/sid/SidTests.java
@@ -15,10 +15,11 @@
  */
 package org.springframework.security.acls.sid;
 
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.fail;
+import java.util.Collection;
+import java.util.Collections;
 
 import org.junit.Test;
+
 import org.springframework.security.acls.domain.GrantedAuthoritySid;
 import org.springframework.security.acls.domain.PrincipalSid;
 import org.springframework.security.acls.model.Sid;
@@ -29,8 +30,8 @@ import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.userdetails.User;
 
-import java.util.Collection;
-import java.util.Collections;
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.fail;
 
 public class SidTests {
 
diff --git a/aspects/src/test/java/org/springframework/security/access/intercept/aspectj/aspect/AnnotationSecurityAspectTests.java b/aspects/src/test/java/org/springframework/security/access/intercept/aspectj/aspect/AnnotationSecurityAspectTests.java
index 90ff2b7db6..4a9b5456f0 100644
--- a/aspects/src/test/java/org/springframework/security/access/intercept/aspectj/aspect/AnnotationSecurityAspectTests.java
+++ b/aspects/src/test/java/org/springframework/security/access/intercept/aspectj/aspect/AnnotationSecurityAspectTests.java
@@ -15,8 +15,6 @@
  */
 package org.springframework.security.access.intercept.aspectj.aspect;
 
-import static org.assertj.core.api.Assertions.*;
-
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.List;
@@ -49,6 +47,9 @@ import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.TestingAuthenticationToken;
 import org.springframework.security.core.context.SecurityContextHolder;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.fail;
+
 /**
  * @author Luke Taylor
  * @since 3.0.3
diff --git a/cas/src/main/java/org/springframework/security/cas/authentication/CasAssertionAuthenticationToken.java b/cas/src/main/java/org/springframework/security/cas/authentication/CasAssertionAuthenticationToken.java
index ffc2ad4703..0aae08d1c1 100644
--- a/cas/src/main/java/org/springframework/security/cas/authentication/CasAssertionAuthenticationToken.java
+++ b/cas/src/main/java/org/springframework/security/cas/authentication/CasAssertionAuthenticationToken.java
@@ -18,6 +18,7 @@ package org.springframework.security.cas.authentication;
 import java.util.ArrayList;
 
 import org.jasig.cas.client.validation.Assertion;
+
 import org.springframework.security.authentication.AbstractAuthenticationToken;
 import org.springframework.security.core.SpringSecurityCoreVersion;
 
diff --git a/cas/src/main/java/org/springframework/security/cas/authentication/CasAuthenticationProvider.java b/cas/src/main/java/org/springframework/security/cas/authentication/CasAuthenticationProvider.java
index 6699b04237..48eaaeeca6 100644
--- a/cas/src/main/java/org/springframework/security/cas/authentication/CasAuthenticationProvider.java
+++ b/cas/src/main/java/org/springframework/security/cas/authentication/CasAuthenticationProvider.java
@@ -21,6 +21,7 @@ import org.apache.commons.logging.LogFactory;
 import org.jasig.cas.client.validation.Assertion;
 import org.jasig.cas.client.validation.TicketValidationException;
 import org.jasig.cas.client.validation.TicketValidator;
+
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.context.MessageSource;
 import org.springframework.context.MessageSourceAware;
@@ -37,7 +38,11 @@ import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.core.SpringSecurityMessageSource;
 import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
 import org.springframework.security.core.authority.mapping.NullAuthoritiesMapper;
-import org.springframework.security.core.userdetails.*;
+import org.springframework.security.core.userdetails.AuthenticationUserDetailsService;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper;
+import org.springframework.security.core.userdetails.UserDetailsChecker;
+import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.util.Assert;
 
 /**
@@ -74,6 +79,7 @@ public class CasAuthenticationProvider implements AuthenticationProvider, Initia
 
 	private GrantedAuthoritiesMapper authoritiesMapper = new NullAuthoritiesMapper();
 
+	@Override
 	public void afterPropertiesSet() {
 		Assert.notNull(this.authenticationUserDetailsService, "An authenticationUserDetailsService must be set");
 		Assert.notNull(this.ticketValidator, "A ticketValidator must be set");
@@ -83,6 +89,7 @@ public class CasAuthenticationProvider implements AuthenticationProvider, Initia
 		Assert.notNull(this.messages, "A message source must be set");
 	}
 
+	@Override
 	public Authentication authenticate(Authentication authentication) throws AuthenticationException {
 		if (!supports(authentication.getClass())) {
 			return null;
@@ -102,14 +109,14 @@ public class CasAuthenticationProvider implements AuthenticationProvider, Initia
 				return authentication;
 			}
 			else {
-				throw new BadCredentialsException(messages.getMessage("CasAuthenticationProvider.incorrectKey",
+				throw new BadCredentialsException(this.messages.getMessage("CasAuthenticationProvider.incorrectKey",
 						"The presented CasAuthenticationToken does not contain the expected key"));
 			}
 		}
 
 		// Ensure credentials are presented
 		if ((authentication.getCredentials() == null) || "".equals(authentication.getCredentials())) {
-			throw new BadCredentialsException(messages.getMessage("CasAuthenticationProvider.noServiceTicket",
+			throw new BadCredentialsException(this.messages.getMessage("CasAuthenticationProvider.noServiceTicket",
 					"Failed to provide a CAS service ticket to validate"));
 		}
 
@@ -124,7 +131,7 @@ public class CasAuthenticationProvider implements AuthenticationProvider, Initia
 
 		if (stateless) {
 			// Try to obtain from cache
-			result = statelessTicketCache.getByTicketId(authentication.getCredentials().toString());
+			result = this.statelessTicketCache.getByTicketId(authentication.getCredentials().toString());
 		}
 
 		if (result == null) {
@@ -134,7 +141,7 @@ public class CasAuthenticationProvider implements AuthenticationProvider, Initia
 
 		if (stateless) {
 			// Add to cache
-			statelessTicketCache.putTicketInCache(result);
+			this.statelessTicketCache.putTicketInCache(result);
 		}
 
 		return result;
@@ -145,9 +152,9 @@ public class CasAuthenticationProvider implements AuthenticationProvider, Initia
 			final Assertion assertion = this.ticketValidator.validate(authentication.getCredentials().toString(),
 					getServiceUrl(authentication));
 			final UserDetails userDetails = loadUserByAssertion(assertion);
-			userDetailsChecker.check(userDetails);
+			this.userDetailsChecker.check(userDetails);
 			return new CasAuthenticationToken(this.key, userDetails, authentication.getCredentials(),
-					authoritiesMapper.mapAuthorities(userDetails.getAuthorities()), userDetails, assertion);
+					this.authoritiesMapper.mapAuthorities(userDetails.getAuthorities()), userDetails, assertion);
 		}
 		catch (final TicketValidationException e) {
 			throw new BadCredentialsException(e.getMessage(), e);
@@ -167,16 +174,16 @@ public class CasAuthenticationProvider implements AuthenticationProvider, Initia
 		if (authentication.getDetails() instanceof ServiceAuthenticationDetails) {
 			serviceUrl = ((ServiceAuthenticationDetails) authentication.getDetails()).getServiceUrl();
 		}
-		else if (serviceProperties == null) {
+		else if (this.serviceProperties == null) {
 			throw new IllegalStateException(
 					"serviceProperties cannot be null unless Authentication.getDetails() implements ServiceAuthenticationDetails.");
 		}
-		else if (serviceProperties.getService() == null) {
+		else if (this.serviceProperties.getService() == null) {
 			throw new IllegalStateException(
 					"serviceProperties.getService() cannot be null unless Authentication.getDetails() implements ServiceAuthenticationDetails.");
 		}
 		else {
-			serviceUrl = serviceProperties.getService();
+			serviceUrl = this.serviceProperties.getService();
 		}
 		if (logger.isDebugEnabled()) {
 			logger.debug("serviceUrl = " + serviceUrl);
@@ -214,7 +221,7 @@ public class CasAuthenticationProvider implements AuthenticationProvider, Initia
 	}
 
 	protected String getKey() {
-		return key;
+		return this.key;
 	}
 
 	public void setKey(String key) {
@@ -222,13 +229,14 @@ public class CasAuthenticationProvider implements AuthenticationProvider, Initia
 	}
 
 	public StatelessTicketCache getStatelessTicketCache() {
-		return statelessTicketCache;
+		return this.statelessTicketCache;
 	}
 
 	protected TicketValidator getTicketValidator() {
-		return ticketValidator;
+		return this.ticketValidator;
 	}
 
+	@Override
 	public void setMessageSource(final MessageSource messageSource) {
 		this.messages = new MessageSourceAccessor(messageSource);
 	}
@@ -245,6 +253,7 @@ public class CasAuthenticationProvider implements AuthenticationProvider, Initia
 		this.authoritiesMapper = authoritiesMapper;
 	}
 
+	@Override
 	public boolean supports(final Class<?> authentication) {
 		return (UsernamePasswordAuthenticationToken.class.isAssignableFrom(authentication))
 				|| (CasAuthenticationToken.class.isAssignableFrom(authentication))
diff --git a/cas/src/main/java/org/springframework/security/cas/authentication/CasAuthenticationToken.java b/cas/src/main/java/org/springframework/security/cas/authentication/CasAuthenticationToken.java
index d938cd37cd..d08fdf3066 100644
--- a/cas/src/main/java/org/springframework/security/cas/authentication/CasAuthenticationToken.java
+++ b/cas/src/main/java/org/springframework/security/cas/authentication/CasAuthenticationToken.java
@@ -20,6 +20,7 @@ import java.io.Serializable;
 import java.util.Collection;
 
 import org.jasig.cas.client.validation.Assertion;
+
 import org.springframework.security.authentication.AbstractAuthenticationToken;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.SpringSecurityCoreVersion;
diff --git a/cas/src/main/java/org/springframework/security/cas/authentication/EhCacheBasedTicketCache.java b/cas/src/main/java/org/springframework/security/cas/authentication/EhCacheBasedTicketCache.java
index fd332f47b0..19b0f6012c 100644
--- a/cas/src/main/java/org/springframework/security/cas/authentication/EhCacheBasedTicketCache.java
+++ b/cas/src/main/java/org/springframework/security/cas/authentication/EhCacheBasedTicketCache.java
@@ -18,9 +18,9 @@ package org.springframework.security.cas.authentication;
 
 import net.sf.ehcache.Ehcache;
 import net.sf.ehcache.Element;
-
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.util.Assert;
 
diff --git a/cas/src/main/java/org/springframework/security/cas/authentication/SpringCacheBasedTicketCache.java b/cas/src/main/java/org/springframework/security/cas/authentication/SpringCacheBasedTicketCache.java
index 5a054531d9..0c0ea3245e 100644
--- a/cas/src/main/java/org/springframework/security/cas/authentication/SpringCacheBasedTicketCache.java
+++ b/cas/src/main/java/org/springframework/security/cas/authentication/SpringCacheBasedTicketCache.java
@@ -17,6 +17,7 @@ package org.springframework.security.cas.authentication;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+
 import org.springframework.cache.Cache;
 import org.springframework.util.Assert;
 
diff --git a/cas/src/main/java/org/springframework/security/cas/jackson2/AssertionImplMixin.java b/cas/src/main/java/org/springframework/security/cas/jackson2/AssertionImplMixin.java
index ae16b228c0..5d922b44e6 100644
--- a/cas/src/main/java/org/springframework/security/cas/jackson2/AssertionImplMixin.java
+++ b/cas/src/main/java/org/springframework/security/cas/jackson2/AssertionImplMixin.java
@@ -16,12 +16,16 @@
 
 package org.springframework.security.cas.jackson2;
 
-import com.fasterxml.jackson.annotation.*;
-import org.jasig.cas.client.authentication.AttributePrincipal;
-
 import java.util.Date;
 import java.util.Map;
 
+import com.fasterxml.jackson.annotation.JsonAutoDetect;
+import com.fasterxml.jackson.annotation.JsonCreator;
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.annotation.JsonTypeInfo;
+import org.jasig.cas.client.authentication.AttributePrincipal;
+
 /**
  * Helps in jackson deserialization of class
  * {@link org.jasig.cas.client.validation.AssertionImpl}, which is used with
diff --git a/cas/src/main/java/org/springframework/security/cas/jackson2/AttributePrincipalImplMixin.java b/cas/src/main/java/org/springframework/security/cas/jackson2/AttributePrincipalImplMixin.java
index ca4e28d805..775850c3b4 100644
--- a/cas/src/main/java/org/springframework/security/cas/jackson2/AttributePrincipalImplMixin.java
+++ b/cas/src/main/java/org/springframework/security/cas/jackson2/AttributePrincipalImplMixin.java
@@ -16,11 +16,15 @@
 
 package org.springframework.security.cas.jackson2;
 
-import com.fasterxml.jackson.annotation.*;
-import org.jasig.cas.client.proxy.ProxyRetriever;
-
 import java.util.Map;
 
+import com.fasterxml.jackson.annotation.JsonAutoDetect;
+import com.fasterxml.jackson.annotation.JsonCreator;
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.annotation.JsonTypeInfo;
+import org.jasig.cas.client.proxy.ProxyRetriever;
+
 /**
  * Helps in deserialize {@link org.jasig.cas.client.authentication.AttributePrincipalImpl}
  * which is used with
diff --git a/cas/src/main/java/org/springframework/security/cas/jackson2/CasAuthenticationTokenMixin.java b/cas/src/main/java/org/springframework/security/cas/jackson2/CasAuthenticationTokenMixin.java
index bf7dacde49..98c9151e72 100644
--- a/cas/src/main/java/org/springframework/security/cas/jackson2/CasAuthenticationTokenMixin.java
+++ b/cas/src/main/java/org/springframework/security/cas/jackson2/CasAuthenticationTokenMixin.java
@@ -16,15 +16,20 @@
 
 package org.springframework.security.cas.jackson2;
 
-import com.fasterxml.jackson.annotation.*;
+import java.util.Collection;
+
+import com.fasterxml.jackson.annotation.JsonAutoDetect;
+import com.fasterxml.jackson.annotation.JsonCreator;
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.annotation.JsonTypeInfo;
 import org.jasig.cas.client.validation.Assertion;
+
 import org.springframework.security.cas.authentication.CasAuthenticationProvider;
 import org.springframework.security.cas.authentication.CasAuthenticationToken;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.userdetails.UserDetails;
 
-import java.util.Collection;
-
 /**
  * Mixin class which helps in deserialize
  * {@link org.springframework.security.cas.authentication.CasAuthenticationToken} using
diff --git a/cas/src/main/java/org/springframework/security/cas/userdetails/AbstractCasAssertionUserDetailsService.java b/cas/src/main/java/org/springframework/security/cas/userdetails/AbstractCasAssertionUserDetailsService.java
index 235c5fadfd..25c0973f11 100644
--- a/cas/src/main/java/org/springframework/security/cas/userdetails/AbstractCasAssertionUserDetailsService.java
+++ b/cas/src/main/java/org/springframework/security/cas/userdetails/AbstractCasAssertionUserDetailsService.java
@@ -16,6 +16,7 @@
 package org.springframework.security.cas.userdetails;
 
 import org.jasig.cas.client.validation.Assertion;
+
 import org.springframework.security.cas.authentication.CasAssertionAuthenticationToken;
 import org.springframework.security.core.userdetails.AuthenticationUserDetailsService;
 import org.springframework.security.core.userdetails.UserDetails;
diff --git a/cas/src/main/java/org/springframework/security/cas/userdetails/GrantedAuthorityFromAssertionAttributesUserDetailsService.java b/cas/src/main/java/org/springframework/security/cas/userdetails/GrantedAuthorityFromAssertionAttributesUserDetailsService.java
index d160a6c091..b29a6dd04f 100644
--- a/cas/src/main/java/org/springframework/security/cas/userdetails/GrantedAuthorityFromAssertionAttributesUserDetailsService.java
+++ b/cas/src/main/java/org/springframework/security/cas/userdetails/GrantedAuthorityFromAssertionAttributesUserDetailsService.java
@@ -15,15 +15,16 @@
  */
 package org.springframework.security.cas.userdetails;
 
-import org.springframework.security.core.userdetails.UserDetails;
-import org.springframework.security.core.userdetails.User;
-import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.core.authority.SimpleGrantedAuthority;
-import org.springframework.util.Assert;
+import java.util.ArrayList;
+import java.util.List;
+
 import org.jasig.cas.client.validation.Assertion;
 
-import java.util.List;
-import java.util.ArrayList;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.util.Assert;
 
 /**
  * Populates the {@link org.springframework.security.core.GrantedAuthority}s for a user by
diff --git a/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationEntryPoint.java b/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationEntryPoint.java
index cfaec77bc3..e80c101ac5 100644
--- a/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationEntryPoint.java
+++ b/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationEntryPoint.java
@@ -22,10 +22,11 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import org.jasig.cas.client.util.CommonUtils;
+
+import org.springframework.beans.factory.InitializingBean;
 import org.springframework.security.cas.ServiceProperties;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.web.AuthenticationEntryPoint;
-import org.springframework.beans.factory.InitializingBean;
 import org.springframework.util.Assert;
 
 /**
diff --git a/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationFilter.java b/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationFilter.java
index 36532203ec..e6fb1657dc 100644
--- a/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationFilter.java
+++ b/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationFilter.java
@@ -26,6 +26,7 @@ import javax.servlet.http.HttpServletResponse;
 import org.jasig.cas.client.proxy.ProxyGrantingTicketStorage;
 import org.jasig.cas.client.util.CommonUtils;
 import org.jasig.cas.client.validation.TicketValidator;
+
 import org.springframework.security.authentication.AnonymousAuthenticationToken;
 import org.springframework.security.authentication.AuthenticationDetailsSource;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
diff --git a/cas/src/test/java/org/springframework/security/cas/authentication/AbstractStatelessTicketCacheTests.java b/cas/src/test/java/org/springframework/security/cas/authentication/AbstractStatelessTicketCacheTests.java
index c31b9f9aa3..43b0ea5262 100644
--- a/cas/src/test/java/org/springframework/security/cas/authentication/AbstractStatelessTicketCacheTests.java
+++ b/cas/src/test/java/org/springframework/security/cas/authentication/AbstractStatelessTicketCacheTests.java
@@ -20,7 +20,7 @@ import java.util.List;
 
 import org.jasig.cas.client.validation.Assertion;
 import org.jasig.cas.client.validation.AssertionImpl;
-import org.springframework.security.cas.authentication.CasAuthenticationToken;
+
 import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.core.userdetails.User;
 
diff --git a/cas/src/test/java/org/springframework/security/cas/authentication/CasAuthenticationProviderTests.java b/cas/src/test/java/org/springframework/security/cas/authentication/CasAuthenticationProviderTests.java
index c993ba8518..269c463aee 100644
--- a/cas/src/test/java/org/springframework/security/cas/authentication/CasAuthenticationProviderTests.java
+++ b/cas/src/test/java/org/springframework/security/cas/authentication/CasAuthenticationProviderTests.java
@@ -16,13 +16,14 @@
 
 package org.springframework.security.cas.authentication;
 
-import static org.mockito.Mockito.*;
-import static org.assertj.core.api.Assertions.*;
+import java.util.HashMap;
+import java.util.Map;
 
 import org.jasig.cas.client.validation.Assertion;
 import org.jasig.cas.client.validation.AssertionImpl;
 import org.jasig.cas.client.validation.TicketValidator;
-import org.junit.*;
+import org.junit.Test;
+
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.authentication.TestingAuthenticationToken;
@@ -39,7 +40,13 @@ import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.security.web.authentication.WebAuthenticationDetails;
 
-import java.util.*;
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.fail;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
 
 /**
  * Tests {@link CasAuthenticationProvider}.
diff --git a/cas/src/test/java/org/springframework/security/cas/authentication/CasAuthenticationTokenTests.java b/cas/src/test/java/org/springframework/security/cas/authentication/CasAuthenticationTokenTests.java
index c9a9e0c526..e782e8ecb4 100644
--- a/cas/src/test/java/org/springframework/security/cas/authentication/CasAuthenticationTokenTests.java
+++ b/cas/src/test/java/org/springframework/security/cas/authentication/CasAuthenticationTokenTests.java
@@ -16,15 +16,13 @@
 
 package org.springframework.security.cas.authentication;
 
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.fail;
-
 import java.util.Collections;
 import java.util.List;
 
 import org.jasig.cas.client.validation.Assertion;
 import org.jasig.cas.client.validation.AssertionImpl;
 import org.junit.Test;
+
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.AuthorityUtils;
@@ -32,6 +30,9 @@ import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.userdetails.User;
 import org.springframework.security.core.userdetails.UserDetails;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.fail;
+
 /**
  * Tests {@link CasAuthenticationToken}.
  *
diff --git a/cas/src/test/java/org/springframework/security/cas/authentication/EhCacheBasedTicketCacheTests.java b/cas/src/test/java/org/springframework/security/cas/authentication/EhCacheBasedTicketCacheTests.java
index e112ae68dc..e571254522 100644
--- a/cas/src/test/java/org/springframework/security/cas/authentication/EhCacheBasedTicketCacheTests.java
+++ b/cas/src/test/java/org/springframework/security/cas/authentication/EhCacheBasedTicketCacheTests.java
@@ -16,17 +16,15 @@
 
 package org.springframework.security.cas.authentication;
 
-import net.sf.ehcache.Ehcache;
-import net.sf.ehcache.CacheManager;
 import net.sf.ehcache.Cache;
-
-import org.junit.Test;
-import org.junit.BeforeClass;
+import net.sf.ehcache.CacheManager;
+import net.sf.ehcache.Ehcache;
 import org.junit.AfterClass;
-import org.springframework.security.cas.authentication.CasAuthenticationToken;
-import org.springframework.security.cas.authentication.EhCacheBasedTicketCache;
+import org.junit.BeforeClass;
+import org.junit.Test;
 
-import static org.assertj.core.api.Assertions.*;
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.fail;
 
 /**
  * Tests {@link EhCacheBasedTicketCache}.
diff --git a/cas/src/test/java/org/springframework/security/cas/authentication/NullStatelessTicketCacheTests.java b/cas/src/test/java/org/springframework/security/cas/authentication/NullStatelessTicketCacheTests.java
index a1d84cd1dd..2ee90854ad 100644
--- a/cas/src/test/java/org/springframework/security/cas/authentication/NullStatelessTicketCacheTests.java
+++ b/cas/src/test/java/org/springframework/security/cas/authentication/NullStatelessTicketCacheTests.java
@@ -16,11 +16,8 @@
 package org.springframework.security.cas.authentication;
 
 import org.junit.Test;
-import org.springframework.security.cas.authentication.CasAuthenticationToken;
-import org.springframework.security.cas.authentication.NullStatelessTicketCache;
-import org.springframework.security.cas.authentication.StatelessTicketCache;
 
-import static org.assertj.core.api.Assertions.*;
+import static org.assertj.core.api.Assertions.assertThat;
 
 /**
  * Test cases for the @link {@link NullStatelessTicketCache}
diff --git a/cas/src/test/java/org/springframework/security/cas/authentication/SpringCacheBasedTicketCacheTests.java b/cas/src/test/java/org/springframework/security/cas/authentication/SpringCacheBasedTicketCacheTests.java
index ea15e5ac18..b9bfffcd51 100644
--- a/cas/src/test/java/org/springframework/security/cas/authentication/SpringCacheBasedTicketCacheTests.java
+++ b/cas/src/test/java/org/springframework/security/cas/authentication/SpringCacheBasedTicketCacheTests.java
@@ -18,10 +18,11 @@ package org.springframework.security.cas.authentication;
 
 import org.junit.BeforeClass;
 import org.junit.Test;
+
 import org.springframework.cache.CacheManager;
 import org.springframework.cache.concurrent.ConcurrentMapCacheManager;
 
-import static org.assertj.core.api.Assertions.*;
+import static org.assertj.core.api.Assertions.assertThat;
 
 /**
  * Tests
diff --git a/cas/src/test/java/org/springframework/security/cas/userdetails/GrantedAuthorityFromAssertionAttributesUserDetailsServiceTests.java b/cas/src/test/java/org/springframework/security/cas/userdetails/GrantedAuthorityFromAssertionAttributesUserDetailsServiceTests.java
index 071863d884..32cf90adec 100644
--- a/cas/src/test/java/org/springframework/security/cas/userdetails/GrantedAuthorityFromAssertionAttributesUserDetailsServiceTests.java
+++ b/cas/src/test/java/org/springframework/security/cas/userdetails/GrantedAuthorityFromAssertionAttributesUserDetailsServiceTests.java
@@ -15,23 +15,23 @@
  */
 package org.springframework.security.cas.userdetails;
 
-import static org.assertj.core.api.Assertions.*;
-
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
-
-import org.jasig.cas.client.authentication.AttributePrincipal;
-import org.jasig.cas.client.validation.Assertion;
-import org.junit.Test;
-import org.springframework.security.cas.authentication.CasAssertionAuthenticationToken;
-import org.springframework.security.core.authority.AuthorityUtils;
-import org.springframework.security.core.userdetails.UserDetails;
-
 import java.util.Arrays;
 import java.util.HashMap;
 import java.util.Map;
 import java.util.Set;
 
+import org.jasig.cas.client.authentication.AttributePrincipal;
+import org.jasig.cas.client.validation.Assertion;
+import org.junit.Test;
+
+import org.springframework.security.cas.authentication.CasAssertionAuthenticationToken;
+import org.springframework.security.core.authority.AuthorityUtils;
+import org.springframework.security.core.userdetails.UserDetails;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
 /**
  * @author Luke Taylor
  */
diff --git a/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationEntryPointTests.java b/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationEntryPointTests.java
index f37f78676d..15cb9df2c4 100644
--- a/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationEntryPointTests.java
+++ b/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationEntryPointTests.java
@@ -16,16 +16,17 @@
 
 package org.springframework.security.cas.web;
 
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.fail;
-
 import java.net.URLEncoder;
 
 import org.junit.Test;
+
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.security.cas.ServiceProperties;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.fail;
+
 /**
  * Tests {@link CasAuthenticationEntryPoint}.
  *
diff --git a/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationFilterTests.java b/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationFilterTests.java
index 4fe07a07c6..c48d102ee8 100644
--- a/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationFilterTests.java
+++ b/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationFilterTests.java
@@ -16,9 +16,12 @@
 
 package org.springframework.security.cas.web;
 
+import javax.servlet.FilterChain;
+
 import org.jasig.cas.client.proxy.ProxyGrantingTicketStorage;
 import org.junit.After;
 import org.junit.Test;
+
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.security.authentication.AnonymousAuthenticationToken;
@@ -32,10 +35,13 @@ import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
 
-import javax.servlet.FilterChain;
-
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.Mockito.*;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.verifyNoMoreInteractions;
+import static org.mockito.Mockito.verifyZeroInteractions;
+import static org.mockito.Mockito.when;
 
 /**
  * Tests {@link CasAuthenticationFilter}.
diff --git a/cas/src/test/java/org/springframework/security/cas/web/ServicePropertiesTests.java b/cas/src/test/java/org/springframework/security/cas/web/ServicePropertiesTests.java
index c3981604c6..47bd7db94b 100644
--- a/cas/src/test/java/org/springframework/security/cas/web/ServicePropertiesTests.java
+++ b/cas/src/test/java/org/springframework/security/cas/web/ServicePropertiesTests.java
@@ -16,12 +16,14 @@
 
 package org.springframework.security.cas.web;
 
-import static org.assertj.core.api.Assertions.*;
-
 import org.junit.Test;
+
 import org.springframework.security.cas.SamlServiceProperties;
 import org.springframework.security.cas.ServiceProperties;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.fail;
+
 /**
  * Tests {@link ServiceProperties}.
  *
diff --git a/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/LdapAuthenticationProviderBuilderSecurityBuilderTests.java b/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/LdapAuthenticationProviderBuilderSecurityBuilderTests.java
index 330d52a351..b712aa3ce4 100644
--- a/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/LdapAuthenticationProviderBuilderSecurityBuilderTests.java
+++ b/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/LdapAuthenticationProviderBuilderSecurityBuilderTests.java
@@ -16,8 +16,15 @@
 
 package org.springframework.security.config.annotation.authentication.ldap;
 
+import java.io.IOException;
+import java.net.ServerSocket;
+import java.util.List;
+
+import javax.naming.directory.SearchControls;
+
 import org.junit.Rule;
 import org.junit.Test;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Import;
@@ -39,10 +46,6 @@ import org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator;
 import org.springframework.test.util.ReflectionTestUtils;
 import org.springframework.test.web.servlet.MockMvc;
 
-import java.io.IOException;
-import java.net.ServerSocket;
-import java.util.List;
-import javax.naming.directory.SearchControls;
 import static java.util.Collections.singleton;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.formLogin;
diff --git a/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/NamespaceLdapAuthenticationProviderTests.java b/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/NamespaceLdapAuthenticationProviderTests.java
index da053c6e12..7d4c9a610d 100644
--- a/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/NamespaceLdapAuthenticationProviderTests.java
+++ b/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/NamespaceLdapAuthenticationProviderTests.java
@@ -16,8 +16,13 @@
 
 package org.springframework.security.config.annotation.authentication.ldap;
 
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Set;
+
 import org.junit.Rule;
 import org.junit.Test;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.ldap.core.DirContextOperations;
 import org.springframework.ldap.core.support.LdapContextSource;
@@ -34,10 +39,6 @@ import org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopul
 import org.springframework.security.web.FilterChainProxy;
 import org.springframework.test.web.servlet.MockMvc;
 
-import java.util.Collections;
-import java.util.HashSet;
-import java.util.Set;
-
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.formLogin;
 import static org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.authenticated;
 
diff --git a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/HelloRSocketITests.java b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/HelloRSocketITests.java
index 44e7c9199f..ebe5e52d23 100644
--- a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/HelloRSocketITests.java
+++ b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/HelloRSocketITests.java
@@ -16,6 +16,9 @@
 
 package org.springframework.security.config.annotation.rsocket;
 
+import java.util.ArrayList;
+import java.util.List;
+
 import io.rsocket.RSocketFactory;
 import io.rsocket.frame.decoder.PayloadDecoder;
 import io.rsocket.transport.netty.server.CloseableChannel;
@@ -24,6 +27,7 @@ import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -41,9 +45,6 @@ import org.springframework.stereotype.Controller;
 import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.junit4.SpringRunner;
 
-import java.util.ArrayList;
-import java.util.List;
-
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatCode;
 
diff --git a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/JwtITests.java b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/JwtITests.java
index 4a836e737b..7e0bfc0ba5 100644
--- a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/JwtITests.java
+++ b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/JwtITests.java
@@ -15,6 +15,10 @@
  */
 package org.springframework.security.config.annotation.rsocket;
 
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+
 import io.rsocket.RSocketFactory;
 import io.rsocket.frame.decoder.PayloadDecoder;
 import io.rsocket.transport.netty.server.CloseableChannel;
@@ -23,6 +27,8 @@ import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
+import reactor.core.publisher.Mono;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -44,15 +50,10 @@ import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.junit4.SpringRunner;
 import org.springframework.util.MimeType;
 import org.springframework.util.MimeTypeUtils;
-import reactor.core.publisher.Mono;
-
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.List;
 
 import static io.rsocket.metadata.WellKnownMimeType.MESSAGE_RSOCKET_AUTHENTICATION;
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.Matchers.any;
+import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.when;
 
diff --git a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerConnectionITests.java b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerConnectionITests.java
index 6c852eb6f5..effb1a470e 100644
--- a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerConnectionITests.java
+++ b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerConnectionITests.java
@@ -15,6 +15,9 @@
  */
 package org.springframework.security.config.annotation.rsocket;
 
+import java.util.ArrayList;
+import java.util.List;
+
 import io.rsocket.RSocketFactory;
 import io.rsocket.exceptions.ApplicationErrorException;
 import io.rsocket.frame.decoder.PayloadDecoder;
@@ -24,6 +27,7 @@ import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -43,9 +47,6 @@ import org.springframework.stereotype.Controller;
 import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.junit4.SpringRunner;
 
-import java.util.ArrayList;
-import java.util.List;
-
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatCode;
 
diff --git a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerITests.java b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerITests.java
index fcb8202a58..4997af8aed 100644
--- a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerITests.java
+++ b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerITests.java
@@ -16,6 +16,10 @@
 
 package org.springframework.security.config.annotation.rsocket;
 
+import java.util.ArrayList;
+import java.util.List;
+import java.util.concurrent.TimeUnit;
+
 import io.rsocket.RSocketFactory;
 import io.rsocket.exceptions.ApplicationErrorException;
 import io.rsocket.frame.decoder.PayloadDecoder;
@@ -25,6 +29,9 @@ import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
+import reactor.core.publisher.Flux;
+import reactor.core.publisher.Mono;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -43,12 +50,6 @@ import org.springframework.security.rsocket.metadata.UsernamePasswordMetadata;
 import org.springframework.stereotype.Controller;
 import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.junit4.SpringRunner;
-import reactor.core.publisher.Flux;
-import reactor.core.publisher.Mono;
-
-import java.util.ArrayList;
-import java.util.List;
-import java.util.concurrent.TimeUnit;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatCode;
diff --git a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/SimpleAuthenticationITests.java b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/SimpleAuthenticationITests.java
index 0600efbc1b..edbc18ca77 100644
--- a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/SimpleAuthenticationITests.java
+++ b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/SimpleAuthenticationITests.java
@@ -16,6 +16,9 @@
 
 package org.springframework.security.config.annotation.rsocket;
 
+import java.util.ArrayList;
+import java.util.List;
+
 import io.rsocket.RSocketFactory;
 import io.rsocket.exceptions.ApplicationErrorException;
 import io.rsocket.frame.decoder.PayloadDecoder;
@@ -25,6 +28,7 @@ import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -46,9 +50,6 @@ import org.springframework.test.context.junit4.SpringRunner;
 import org.springframework.util.MimeType;
 import org.springframework.util.MimeTypeUtils;
 
-import java.util.ArrayList;
-import java.util.List;
-
 import static io.rsocket.metadata.WellKnownMimeType.MESSAGE_RSOCKET_AUTHENTICATION;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatCode;
diff --git a/config/src/main/java/org/springframework/security/config/DebugBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/DebugBeanDefinitionParser.java
index bbbf44a87d..3cf8571f40 100644
--- a/config/src/main/java/org/springframework/security/config/DebugBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/DebugBeanDefinitionParser.java
@@ -15,12 +15,13 @@
  */
 package org.springframework.security.config;
 
+import org.w3c.dom.Element;
+
 import org.springframework.beans.factory.config.BeanDefinition;
 import org.springframework.beans.factory.support.RootBeanDefinition;
 import org.springframework.beans.factory.xml.BeanDefinitionParser;
 import org.springframework.beans.factory.xml.ParserContext;
 import org.springframework.security.config.debug.SecurityDebugBeanFactoryPostProcessor;
-import org.w3c.dom.Element;
 
 /**
  * @author Luke Taylor
diff --git a/config/src/main/java/org/springframework/security/config/annotation/authentication/builders/AuthenticationManagerBuilder.java b/config/src/main/java/org/springframework/security/config/annotation/authentication/builders/AuthenticationManagerBuilder.java
index 3052cfa2c7..f9d5e7d88d 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/authentication/builders/AuthenticationManagerBuilder.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/authentication/builders/AuthenticationManagerBuilder.java
@@ -20,6 +20,7 @@ import java.util.List;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+
 import org.springframework.security.authentication.AuthenticationEventPublisher;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.AuthenticationProvider;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfiguration.java
index 26232408cc..32afab9466 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfiguration.java
@@ -15,8 +15,15 @@
  */
 package org.springframework.security.config.annotation.authentication.configuration;
 
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+import java.util.Map;
+import java.util.concurrent.atomic.AtomicBoolean;
+
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+
 import org.springframework.aop.framework.ProxyFactoryBean;
 import org.springframework.aop.target.LazyInitTargetSource;
 import org.springframework.beans.factory.BeanFactoryUtils;
@@ -43,12 +50,6 @@ import org.springframework.security.crypto.factory.PasswordEncoderFactories;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.util.Assert;
 
-import java.util.Collections;
-import java.util.List;
-import java.util.Map;
-import java.util.ArrayList;
-import java.util.concurrent.atomic.AtomicBoolean;
-
 /**
  * Exports the authentication {@link Configuration}
  *
diff --git a/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/GlobalAuthenticationConfigurerAdapter.java b/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/GlobalAuthenticationConfigurerAdapter.java
index cf349a0bf0..4d2ed79e9b 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/GlobalAuthenticationConfigurerAdapter.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/GlobalAuthenticationConfigurerAdapter.java
@@ -19,7 +19,6 @@ import org.springframework.core.annotation.Order;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.config.annotation.SecurityConfigurer;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
-import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
 
 /**
  * A {@link SecurityConfigurer} that can be exposed as a bean to configure the global
diff --git a/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/InitializeUserDetailsBeanManagerConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/InitializeUserDetailsBeanManagerConfigurer.java
index b1aa40b345..c0bcdaa607 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/InitializeUserDetailsBeanManagerConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/InitializeUserDetailsBeanManagerConfigurer.java
@@ -20,9 +20,9 @@ import org.springframework.core.Ordered;
 import org.springframework.core.annotation.Order;
 import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.core.userdetails.UserDetailsPasswordService;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.crypto.password.PasswordEncoder;
-import org.springframework.security.core.userdetails.UserDetailsPasswordService;
 
 /**
  * Lazily initializes the global authentication with a {@link UserDetailsService} if it is
diff --git a/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/userdetails/AbstractDaoAuthenticationConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/userdetails/AbstractDaoAuthenticationConfigurer.java
index 7e6f8e705b..e85040f8ed 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/userdetails/AbstractDaoAuthenticationConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/userdetails/AbstractDaoAuthenticationConfigurer.java
@@ -19,9 +19,9 @@ import org.springframework.security.authentication.dao.DaoAuthenticationProvider
 import org.springframework.security.config.annotation.ObjectPostProcessor;
 import org.springframework.security.config.annotation.SecurityBuilder;
 import org.springframework.security.config.annotation.authentication.ProviderManagerBuilder;
+import org.springframework.security.core.userdetails.UserDetailsPasswordService;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.crypto.password.PasswordEncoder;
-import org.springframework.security.core.userdetails.UserDetailsPasswordService;
 
 /**
  * Allows configuring a {@link DaoAuthenticationProvider}
diff --git a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfiguration.java
index 244cac59b2..a63b33d511 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfiguration.java
@@ -30,7 +30,11 @@ import org.springframework.beans.factory.NoSuchBeanDefinitionException;
 import org.springframework.beans.factory.SmartInitializingSingleton;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.config.BeanDefinition;
-import org.springframework.context.annotation.*;
+import org.springframework.context.annotation.AdviceMode;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.ImportAware;
+import org.springframework.context.annotation.Role;
 import org.springframework.core.annotation.AnnotationAttributes;
 import org.springframework.core.annotation.AnnotationUtils;
 import org.springframework.core.type.AnnotationMetadata;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecurityConfiguration.java
index ab77dab8af..be94a313d1 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecurityConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecurityConfiguration.java
@@ -16,6 +16,8 @@
 
 package org.springframework.security.config.annotation.method.configuration;
 
+import java.util.Arrays;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.config.BeanDefinition;
 import org.springframework.context.annotation.Bean;
@@ -23,7 +25,11 @@ import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.ImportAware;
 import org.springframework.context.annotation.Role;
 import org.springframework.core.type.AnnotationMetadata;
-import org.springframework.security.access.expression.method.*;
+import org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler;
+import org.springframework.security.access.expression.method.ExpressionBasedAnnotationAttributeFactory;
+import org.springframework.security.access.expression.method.ExpressionBasedPostInvocationAdvice;
+import org.springframework.security.access.expression.method.ExpressionBasedPreInvocationAdvice;
+import org.springframework.security.access.expression.method.MethodSecurityExpressionHandler;
 import org.springframework.security.access.intercept.aopalliance.MethodSecurityMetadataSourceAdvisor;
 import org.springframework.security.access.method.AbstractMethodSecurityMetadataSource;
 import org.springframework.security.access.method.DelegatingMethodSecurityMetadataSource;
@@ -31,8 +37,6 @@ import org.springframework.security.access.prepost.PrePostAdviceReactiveMethodIn
 import org.springframework.security.access.prepost.PrePostAnnotationSecurityMetadataSource;
 import org.springframework.security.config.core.GrantedAuthorityDefaults;
 
-import java.util.Arrays;
-
 /**
  * @author Rob Winch
  * @author Tadaya Tsuyukubo
diff --git a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecuritySelector.java b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecuritySelector.java
index 43b7fd85a8..eee357e655 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecuritySelector.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecuritySelector.java
@@ -16,13 +16,13 @@
 
 package org.springframework.security.config.annotation.method.configuration;
 
+import java.util.ArrayList;
+import java.util.List;
+
 import org.springframework.context.annotation.AdviceMode;
 import org.springframework.context.annotation.AdviceModeImportSelector;
 import org.springframework.context.annotation.AutoProxyRegistrar;
 
-import java.util.ArrayList;
-import java.util.List;
-
 /**
  * @author Rob Winch
  * @since 5.0
diff --git a/config/src/main/java/org/springframework/security/config/annotation/rsocket/EnableRSocketSecurity.java b/config/src/main/java/org/springframework/security/config/annotation/rsocket/EnableRSocketSecurity.java
index a44636e121..29058c10e6 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/rsocket/EnableRSocketSecurity.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/rsocket/EnableRSocketSecurity.java
@@ -16,14 +16,14 @@
 
 package org.springframework.security.config.annotation.rsocket;
 
-import org.springframework.context.annotation.Import;
-
 import java.lang.annotation.Documented;
 import java.lang.annotation.ElementType;
 import java.lang.annotation.Retention;
 import java.lang.annotation.RetentionPolicy;
 import java.lang.annotation.Target;
 
+import org.springframework.context.annotation.Import;
+
 /**
  * Add this annotation to a {@code Configuration} class to have Spring Security
  * {@link RSocketSecurity} support added.
diff --git a/config/src/main/java/org/springframework/security/config/annotation/rsocket/RSocketSecurity.java b/config/src/main/java/org/springframework/security/config/annotation/rsocket/RSocketSecurity.java
index 8513649230..7bf6051025 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/rsocket/RSocketSecurity.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/rsocket/RSocketSecurity.java
@@ -16,6 +16,12 @@
 
 package org.springframework.security.config.annotation.rsocket;
 
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+
+import reactor.core.publisher.Mono;
+
 import org.springframework.beans.BeansException;
 import org.springframework.context.ApplicationContext;
 import org.springframework.core.ResolvableType;
@@ -30,23 +36,18 @@ import org.springframework.security.config.Customizer;
 import org.springframework.security.oauth2.jwt.ReactiveJwtDecoder;
 import org.springframework.security.oauth2.server.resource.authentication.JwtReactiveAuthenticationManager;
 import org.springframework.security.rsocket.api.PayloadInterceptor;
-import org.springframework.security.rsocket.authentication.AuthenticationPayloadExchangeConverter;
-import org.springframework.security.rsocket.core.PayloadSocketAcceptorInterceptor;
 import org.springframework.security.rsocket.authentication.AnonymousPayloadInterceptor;
+import org.springframework.security.rsocket.authentication.AuthenticationPayloadExchangeConverter;
 import org.springframework.security.rsocket.authentication.AuthenticationPayloadInterceptor;
 import org.springframework.security.rsocket.authentication.BearerPayloadExchangeConverter;
 import org.springframework.security.rsocket.authorization.AuthorizationPayloadInterceptor;
 import org.springframework.security.rsocket.authorization.PayloadExchangeMatcherReactiveAuthorizationManager;
+import org.springframework.security.rsocket.core.PayloadSocketAcceptorInterceptor;
 import org.springframework.security.rsocket.util.matcher.PayloadExchangeAuthorizationContext;
 import org.springframework.security.rsocket.util.matcher.PayloadExchangeMatcher;
 import org.springframework.security.rsocket.util.matcher.PayloadExchangeMatcherEntry;
 import org.springframework.security.rsocket.util.matcher.PayloadExchangeMatchers;
 import org.springframework.security.rsocket.util.matcher.RoutePayloadExchangeMatcher;
-import reactor.core.publisher.Mono;
-
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.List;
 
 /**
  * Allows configuring RSocket based security.
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistry.java b/config/src/main/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistry.java
index 01956cfe07..343ca304cb 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistry.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistry.java
@@ -15,6 +15,10 @@
  */
 package org.springframework.security.config.annotation.web;
 
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+
 import org.springframework.beans.factory.NoSuchBeanDefinitionException;
 import org.springframework.context.ApplicationContext;
 import org.springframework.http.HttpMethod;
@@ -28,10 +32,6 @@ import org.springframework.security.web.util.matcher.RequestMatcher;
 import org.springframework.util.Assert;
 import org.springframework.web.servlet.handler.HandlerMappingIntrospector;
 
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.List;
-
 /**
  * A base class for registering {@link RequestMatcher}'s. For example, it might allow for
  * specifying which {@link RequestMatcher} require a certain level of authorization.
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/builders/FilterComparator.java b/config/src/main/java/org/springframework/security/config/annotation/web/builders/FilterComparator.java
index f62ce4bafc..a0a6ab37fb 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/builders/FilterComparator.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/builders/FilterComparator.java
@@ -19,6 +19,7 @@ import java.io.Serializable;
 import java.util.Comparator;
 import java.util.HashMap;
 import java.util.Map;
+
 import javax.servlet.Filter;
 
 import org.springframework.security.web.access.ExceptionTranslationFilter;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java b/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java
index 97e34b6fed..1c71ad0ba2 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java
@@ -15,6 +15,13 @@
  */
 package org.springframework.security.config.annotation.web.builders;
 
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+
+import javax.servlet.Filter;
+import javax.servlet.http.HttpServletRequest;
+
 import org.springframework.context.ApplicationContext;
 import org.springframework.http.HttpMethod;
 import org.springframework.security.authentication.AuthenticationManager;
@@ -78,12 +85,6 @@ import org.springframework.web.cors.CorsConfiguration;
 import org.springframework.web.filter.CorsFilter;
 import org.springframework.web.servlet.handler.HandlerMappingIntrospector;
 
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Map;
-import javax.servlet.Filter;
-import javax.servlet.http.HttpServletRequest;
-
 /**
  * A {@link HttpSecurity} is similar to Spring Security's XML &lt;http&gt; element in the
  * namespace configuration. It allows configuring web based security for specific http
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfiguration.java
index 456f436ce1..b7ef0c280c 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfiguration.java
@@ -16,6 +16,9 @@
 
 package org.springframework.security.config.annotation.web.configuration;
 
+import java.util.HashMap;
+import java.util.Map;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.ApplicationContext;
 import org.springframework.context.annotation.Bean;
@@ -29,9 +32,6 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configurers.DefaultLoginPageConfigurer;
 import org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter;
 
-import java.util.HashMap;
-import java.util.Map;
-
 import static org.springframework.security.config.Customizer.withDefaults;
 
 /**
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfiguration.java
index 09d5681d9d..eacfa24cbe 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfiguration.java
@@ -15,6 +15,8 @@
  */
 package org.springframework.security.config.annotation.web.configuration;
 
+import java.util.List;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Import;
@@ -33,8 +35,6 @@ import org.springframework.util.ClassUtils;
 import org.springframework.web.method.support.HandlerMethodArgumentResolver;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 
-import java.util.List;
-
 /**
  * {@link Configuration} for OAuth 2.0 Client support.
  *
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfiguration.java
index 667ca07881..efdb706234 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfiguration.java
@@ -15,8 +15,21 @@
  */
 package org.springframework.security.config.annotation.web.configuration;
 
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.function.Function;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
 import org.reactivestreams.Publisher;
 import org.reactivestreams.Subscription;
+import reactor.core.CoreSubscriber;
+import reactor.core.publisher.Hooks;
+import reactor.core.publisher.Operators;
+import reactor.util.context.Context;
+
 import org.springframework.beans.factory.DisposableBean;
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.context.annotation.Bean;
@@ -26,17 +39,6 @@ import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.web.context.request.RequestAttributes;
 import org.springframework.web.context.request.RequestContextHolder;
 import org.springframework.web.context.request.ServletRequestAttributes;
-import reactor.core.CoreSubscriber;
-import reactor.core.publisher.Hooks;
-import reactor.core.publisher.Operators;
-import reactor.util.context.Context;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.function.Function;
 
 import static org.springframework.security.config.annotation.web.configuration.SecurityReactorContextConfiguration.SecurityReactorContextSubscriber.SECURITY_CONTEXT_ATTRIBUTES;
 
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebMvcSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebMvcSecurityConfiguration.java
index 10751a034a..3e6487a08e 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebMvcSecurityConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebMvcSecurityConfiguration.java
@@ -15,23 +15,23 @@
  */
 package org.springframework.security.config.annotation.web.configuration;
 
+import java.util.List;
+
 import org.springframework.beans.BeansException;
 import org.springframework.context.ApplicationContext;
 import org.springframework.context.ApplicationContextAware;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.expression.BeanFactoryResolver;
 import org.springframework.expression.BeanResolver;
-import org.springframework.security.web.method.annotation.CurrentSecurityContextArgumentResolver;
 import org.springframework.security.web.method.annotation.AuthenticationPrincipalArgumentResolver;
 import org.springframework.security.web.method.annotation.CsrfTokenArgumentResolver;
+import org.springframework.security.web.method.annotation.CurrentSecurityContextArgumentResolver;
 import org.springframework.security.web.servlet.support.csrf.CsrfRequestDataValueProcessor;
 import org.springframework.web.method.support.HandlerMethodArgumentResolver;
 import org.springframework.web.servlet.config.annotation.EnableWebMvc;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 import org.springframework.web.servlet.support.RequestDataValueProcessor;
 
-import java.util.List;
-
 /**
  * Used to add a {@link RequestDataValueProcessor} for Spring MVC and Spring Security CSRF
  * integration. This configuration is added whenever {@link EnableWebMvc} is added by
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.java
index dc854bc4d7..4fe4959cdd 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.java
@@ -18,6 +18,7 @@ package org.springframework.security.config.annotation.web.configuration;
 import java.util.Collections;
 import java.util.List;
 import java.util.Map;
+
 import javax.servlet.Filter;
 
 import org.springframework.beans.factory.BeanClassLoaderAware;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractAuthenticationFilterConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractAuthenticationFilterConfigurer.java
index 48c49598cb..5bec102392 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractAuthenticationFilterConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractAuthenticationFilterConfigurer.java
@@ -15,6 +15,11 @@
  */
 package org.springframework.security.config.annotation.web.configurers;
 
+import java.util.Arrays;
+import java.util.Collections;
+
+import javax.servlet.http.HttpServletRequest;
+
 import org.springframework.http.MediaType;
 import org.springframework.security.authentication.AuthenticationDetailsSource;
 import org.springframework.security.authentication.AuthenticationManager;
@@ -41,10 +46,6 @@ import org.springframework.security.web.util.matcher.RequestMatcher;
 import org.springframework.web.accept.ContentNegotiationStrategy;
 import org.springframework.web.accept.HeaderContentNegotiationStrategy;
 
-import javax.servlet.http.HttpServletRequest;
-import java.util.Arrays;
-import java.util.Collections;
-
 /**
  * Base class for configuring {@link AbstractAuthenticationFilterConfigurer}. This is
  * intended for internal use only.
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/DefaultLoginPageConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/DefaultLoginPageConfigurer.java
index c7bd680c15..0f373d4f8d 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/DefaultLoginPageConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/DefaultLoginPageConfigurer.java
@@ -15,6 +15,12 @@
  */
 package org.springframework.security.config.annotation.web.configurers;
 
+import java.util.Collections;
+import java.util.Map;
+import java.util.function.Function;
+
+import javax.servlet.http.HttpServletRequest;
+
 import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.web.AuthenticationEntryPoint;
@@ -22,11 +28,6 @@ import org.springframework.security.web.authentication.ui.DefaultLoginPageGenera
 import org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter;
 import org.springframework.security.web.csrf.CsrfToken;
 
-import javax.servlet.http.HttpServletRequest;
-import java.util.Collections;
-import java.util.Map;
-import java.util.function.Function;
-
 /**
  * Adds a Filter that will generate a login page if one is not specified otherwise when
  * using {@link WebSecurityConfigurerAdapter}.
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurer.java
index e0c0d84394..28e1c87b63 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurer.java
@@ -29,8 +29,15 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.web.header.HeaderWriter;
 import org.springframework.security.web.header.HeaderWriterFilter;
-import org.springframework.security.web.header.writers.*;
+import org.springframework.security.web.header.writers.CacheControlHeadersWriter;
+import org.springframework.security.web.header.writers.ContentSecurityPolicyHeaderWriter;
+import org.springframework.security.web.header.writers.FeaturePolicyHeaderWriter;
+import org.springframework.security.web.header.writers.HpkpHeaderWriter;
+import org.springframework.security.web.header.writers.HstsHeaderWriter;
+import org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter;
 import org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter.ReferrerPolicy;
+import org.springframework.security.web.header.writers.XContentTypeOptionsHeaderWriter;
+import org.springframework.security.web.header.writers.XXssProtectionHeaderWriter;
 import org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter;
 import org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter.XFrameOptionsMode;
 import org.springframework.security.web.util.matcher.RequestMatcher;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurer.java
index 4507c58b1e..4cd029d56a 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurer.java
@@ -18,6 +18,7 @@ package org.springframework.security.config.annotation.web.configurers;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.List;
+
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/X509Configurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/X509Configurer.java
index 6faa1649f3..072084b45b 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/X509Configurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/X509Configurer.java
@@ -15,6 +15,8 @@
  */
 package org.springframework.security.config.annotation.web.configurers;
 
+import javax.servlet.http.HttpServletRequest;
+
 import org.springframework.security.authentication.AuthenticationDetailsSource;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
@@ -32,8 +34,6 @@ import org.springframework.security.web.authentication.preauth.x509.SubjectDnX50
 import org.springframework.security.web.authentication.preauth.x509.X509AuthenticationFilter;
 import org.springframework.security.web.authentication.preauth.x509.X509PrincipalExtractor;
 
-import javax.servlet.http.HttpServletRequest;
-
 /**
  * Adds X509 based pre authentication to an application. Since validating the certificate
  * happens when the client connects, the requesting and validation of the client
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerUtils.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerUtils.java
index 2c34dca9bf..aca11b6f6b 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerUtils.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerUtils.java
@@ -15,6 +15,8 @@
  */
 package org.springframework.security.config.annotation.web.configurers.oauth2.client;
 
+import java.util.Map;
+
 import org.springframework.beans.factory.BeanFactoryUtils;
 import org.springframework.beans.factory.NoUniqueBeanDefinitionException;
 import org.springframework.context.ApplicationContext;
@@ -27,8 +29,6 @@ import org.springframework.security.oauth2.client.web.AuthenticatedPrincipalOAut
 import org.springframework.security.oauth2.client.web.OAuth2AuthorizedClientRepository;
 import org.springframework.util.StringUtils;
 
-import java.util.Map;
-
 /**
  * Utility methods for the OAuth 2.0 Client {@link AbstractHttpConfigurer}'s.
  *
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurer.java
index b37b21ee57..f22c68ab83 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurer.java
@@ -17,6 +17,7 @@
 package org.springframework.security.config.annotation.web.configurers.oauth2.server.resource;
 
 import java.util.function.Supplier;
+
 import javax.servlet.http.HttpServletRequest;
 
 import org.springframework.context.ApplicationContext;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurer.java
index acd115f157..8c485b9850 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurer.java
@@ -18,6 +18,7 @@ package org.springframework.security.config.annotation.web.configurers.saml2;
 
 import java.util.LinkedHashMap;
 import java.util.Map;
+
 import javax.servlet.Filter;
 
 import org.springframework.beans.factory.NoSuchBeanDefinitionException;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurity.java b/config/src/main/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurity.java
index 33014b7e89..be95d27f82 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurity.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurity.java
@@ -16,16 +16,16 @@
 
 package org.springframework.security.config.annotation.web.reactive;
 
-import org.springframework.context.annotation.Configuration;
-import org.springframework.context.annotation.Import;
-import org.springframework.security.config.web.server.ServerHttpSecurity;
-
 import java.lang.annotation.Documented;
 import java.lang.annotation.ElementType;
 import java.lang.annotation.Retention;
 import java.lang.annotation.RetentionPolicy;
 import java.lang.annotation.Target;
 
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Import;
+import org.springframework.security.config.web.server.ServerHttpSecurity;
+
 /**
  * Add this annotation to a {@code Configuration} class to have Spring Security WebFlux
  * support added. User's can then create one or more {@link ServerHttpSecurity}
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/reactive/ReactiveOAuth2ClientImportSelector.java b/config/src/main/java/org/springframework/security/config/annotation/web/reactive/ReactiveOAuth2ClientImportSelector.java
index af77f92b0f..d55c7440e1 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/reactive/ReactiveOAuth2ClientImportSelector.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/reactive/ReactiveOAuth2ClientImportSelector.java
@@ -16,6 +16,8 @@
 
 package org.springframework.security.config.annotation.web.reactive;
 
+import java.util.List;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.ImportSelector;
@@ -24,16 +26,14 @@ import org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClient
 import org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder;
 import org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientService;
 import org.springframework.security.oauth2.client.registration.ReactiveClientRegistrationRepository;
+import org.springframework.security.oauth2.client.web.DefaultReactiveOAuth2AuthorizedClientManager;
 import org.springframework.security.oauth2.client.web.reactive.result.method.annotation.OAuth2AuthorizedClientArgumentResolver;
 import org.springframework.security.oauth2.client.web.server.AuthenticatedPrincipalServerOAuth2AuthorizedClientRepository;
-import org.springframework.security.oauth2.client.web.DefaultReactiveOAuth2AuthorizedClientManager;
 import org.springframework.security.oauth2.client.web.server.ServerOAuth2AuthorizedClientRepository;
 import org.springframework.util.ClassUtils;
 import org.springframework.web.reactive.config.WebFluxConfigurer;
 import org.springframework.web.reactive.result.method.annotation.ArgumentResolverConfigurer;
 
-import java.util.List;
-
 /**
  * {@link Configuration} for OAuth 2.0 Client support.
  *
diff --git a/config/src/main/java/org/springframework/security/config/authentication/AbstractUserDetailsServiceBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/authentication/AbstractUserDetailsServiceBeanDefinitionParser.java
index 915c41c698..dd52d00a72 100644
--- a/config/src/main/java/org/springframework/security/config/authentication/AbstractUserDetailsServiceBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/authentication/AbstractUserDetailsServiceBeanDefinitionParser.java
@@ -15,6 +15,8 @@
  */
 package org.springframework.security.config.authentication;
 
+import org.w3c.dom.Element;
+
 import org.springframework.beans.factory.BeanDefinitionStoreException;
 import org.springframework.beans.factory.config.BeanDefinition;
 import org.springframework.beans.factory.config.RuntimeBeanReference;
@@ -27,7 +29,6 @@ import org.springframework.beans.factory.xml.ParserContext;
 import org.springframework.security.authentication.CachingUserDetailsService;
 import org.springframework.security.config.BeanIds;
 import org.springframework.util.StringUtils;
-import org.w3c.dom.Element;
 
 /**
  * @author Luke Taylor
diff --git a/config/src/main/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParser.java
index 94a57b106f..ac3ed0c31e 100644
--- a/config/src/main/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParser.java
@@ -17,6 +17,10 @@ package org.springframework.security.config.authentication;
 
 import java.util.List;
 
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+
 import org.springframework.beans.BeanMetadataElement;
 import org.springframework.beans.factory.config.BeanDefinition;
 import org.springframework.beans.factory.config.RuntimeBeanReference;
@@ -36,9 +40,6 @@ import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.util.Assert;
 import org.springframework.util.StringUtils;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
 
 /**
  * Registers the central ProviderManager used by the namespace configuration, and allows
diff --git a/config/src/main/java/org/springframework/security/config/authentication/AuthenticationManagerFactoryBean.java b/config/src/main/java/org/springframework/security/config/authentication/AuthenticationManagerFactoryBean.java
index cb92f78bd6..5e99b50867 100644
--- a/config/src/main/java/org/springframework/security/config/authentication/AuthenticationManagerFactoryBean.java
+++ b/config/src/main/java/org/springframework/security/config/authentication/AuthenticationManagerFactoryBean.java
@@ -15,6 +15,8 @@
  */
 package org.springframework.security.config.authentication;
 
+import java.util.Arrays;
+
 import org.springframework.beans.BeansException;
 import org.springframework.beans.factory.BeanFactory;
 import org.springframework.beans.factory.BeanFactoryAware;
@@ -28,8 +30,6 @@ import org.springframework.security.config.BeanIds;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.crypto.password.PasswordEncoder;
 
-import java.util.Arrays;
-
 /**
  * Factory bean for the namespace AuthenticationManager, which allows a more meaningful
  * error message to be reported in the <tt>NoSuchBeanDefinitionException</tt>, if the user
diff --git a/config/src/main/java/org/springframework/security/config/authentication/AuthenticationProviderBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/authentication/AuthenticationProviderBeanDefinitionParser.java
index 7792499a3c..710d29fb8e 100644
--- a/config/src/main/java/org/springframework/security/config/authentication/AuthenticationProviderBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/authentication/AuthenticationProviderBeanDefinitionParser.java
@@ -15,6 +15,8 @@
  */
 package org.springframework.security.config.authentication;
 
+import org.w3c.dom.Element;
+
 import org.springframework.beans.BeanMetadataElement;
 import org.springframework.beans.factory.config.BeanDefinition;
 import org.springframework.beans.factory.config.RuntimeBeanReference;
@@ -25,7 +27,6 @@ import org.springframework.security.authentication.dao.DaoAuthenticationProvider
 import org.springframework.security.config.Elements;
 import org.springframework.util.StringUtils;
 import org.springframework.util.xml.DomUtils;
-import org.w3c.dom.Element;
 
 /**
  * Wraps a UserDetailsService bean with a DaoAuthenticationProvider and registers the
diff --git a/config/src/main/java/org/springframework/security/config/authentication/JdbcUserServiceBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/authentication/JdbcUserServiceBeanDefinitionParser.java
index 6387304a21..6d44e2219a 100644
--- a/config/src/main/java/org/springframework/security/config/authentication/JdbcUserServiceBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/authentication/JdbcUserServiceBeanDefinitionParser.java
@@ -15,12 +15,12 @@
  */
 package org.springframework.security.config.authentication;
 
-import org.springframework.security.config.Elements;
-import org.springframework.util.StringUtils;
+import org.w3c.dom.Element;
+
 import org.springframework.beans.factory.support.BeanDefinitionBuilder;
 import org.springframework.beans.factory.xml.ParserContext;
-
-import org.w3c.dom.Element;
+import org.springframework.security.config.Elements;
+import org.springframework.util.StringUtils;
 
 /**
  * @author Luke Taylor
diff --git a/config/src/main/java/org/springframework/security/config/authentication/PasswordEncoderParser.java b/config/src/main/java/org/springframework/security/config/authentication/PasswordEncoderParser.java
index 0326fff96e..a0e9b5e424 100644
--- a/config/src/main/java/org/springframework/security/config/authentication/PasswordEncoderParser.java
+++ b/config/src/main/java/org/springframework/security/config/authentication/PasswordEncoderParser.java
@@ -20,6 +20,8 @@ import java.util.Map;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.w3c.dom.Element;
+
 import org.springframework.beans.BeanMetadataElement;
 import org.springframework.beans.factory.config.BeanDefinition;
 import org.springframework.beans.factory.config.RuntimeBeanReference;
@@ -28,7 +30,6 @@ import org.springframework.beans.factory.support.RootBeanDefinition;
 import org.springframework.beans.factory.xml.ParserContext;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.util.StringUtils;
-import org.w3c.dom.Element;
 
 /**
  * Stateful parser for the &lt;password-encoder&gt; element.
diff --git a/config/src/main/java/org/springframework/security/config/authentication/UserServiceBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/authentication/UserServiceBeanDefinitionParser.java
index fc76ad0c9b..f63c2d2b67 100644
--- a/config/src/main/java/org/springframework/security/config/authentication/UserServiceBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/authentication/UserServiceBeanDefinitionParser.java
@@ -19,6 +19,8 @@ import java.security.NoSuchAlgorithmException;
 import java.security.SecureRandom;
 import java.util.List;
 
+import org.w3c.dom.Element;
+
 import org.springframework.beans.factory.BeanDefinitionStoreException;
 import org.springframework.beans.factory.config.BeanDefinition;
 import org.springframework.beans.factory.config.PropertiesFactoryBean;
@@ -32,7 +34,6 @@ import org.springframework.security.provisioning.InMemoryUserDetailsManager;
 import org.springframework.util.CollectionUtils;
 import org.springframework.util.StringUtils;
 import org.springframework.util.xml.DomUtils;
-import org.w3c.dom.Element;
 
 /**
  * @author Luke Taylor
diff --git a/config/src/main/java/org/springframework/security/config/core/userdetails/ReactiveUserDetailsServiceResourceFactoryBean.java b/config/src/main/java/org/springframework/security/config/core/userdetails/ReactiveUserDetailsServiceResourceFactoryBean.java
index 7f9b9bd385..dc30f05887 100644
--- a/config/src/main/java/org/springframework/security/config/core/userdetails/ReactiveUserDetailsServiceResourceFactoryBean.java
+++ b/config/src/main/java/org/springframework/security/config/core/userdetails/ReactiveUserDetailsServiceResourceFactoryBean.java
@@ -16,6 +16,8 @@
 
 package org.springframework.security.config.core.userdetails;
 
+import java.util.Collection;
+
 import org.springframework.beans.factory.FactoryBean;
 import org.springframework.context.ResourceLoaderAware;
 import org.springframework.core.io.Resource;
@@ -24,8 +26,6 @@ import org.springframework.security.core.userdetails.MapReactiveUserDetailsServi
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.util.InMemoryResource;
 
-import java.util.Collection;
-
 /**
  * Constructs an {@link MapReactiveUserDetailsService} from a resource using
  * {@link UserDetailsResourceFactoryBean}.
diff --git a/config/src/main/java/org/springframework/security/config/core/userdetails/UserDetailsMapFactoryBean.java b/config/src/main/java/org/springframework/security/config/core/userdetails/UserDetailsMapFactoryBean.java
index 633943f8c8..e01f3daff9 100644
--- a/config/src/main/java/org/springframework/security/config/core/userdetails/UserDetailsMapFactoryBean.java
+++ b/config/src/main/java/org/springframework/security/config/core/userdetails/UserDetailsMapFactoryBean.java
@@ -16,6 +16,10 @@
 
 package org.springframework.security.config.core.userdetails;
 
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Map;
+
 import org.springframework.beans.factory.FactoryBean;
 import org.springframework.security.core.userdetails.User;
 import org.springframework.security.core.userdetails.UserDetails;
@@ -23,10 +27,6 @@ import org.springframework.security.core.userdetails.memory.UserAttribute;
 import org.springframework.security.core.userdetails.memory.UserAttributeEditor;
 import org.springframework.util.Assert;
 
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.Map;
-
 /**
  * Creates a {@code Collection<UserDetails>} from a @{code Map} in the format of
  * <p>
diff --git a/config/src/main/java/org/springframework/security/config/core/userdetails/UserDetailsResourceFactoryBean.java b/config/src/main/java/org/springframework/security/config/core/userdetails/UserDetailsResourceFactoryBean.java
index 08b84253dd..ce4b7ad975 100644
--- a/config/src/main/java/org/springframework/security/config/core/userdetails/UserDetailsResourceFactoryBean.java
+++ b/config/src/main/java/org/springframework/security/config/core/userdetails/UserDetailsResourceFactoryBean.java
@@ -16,6 +16,11 @@
 
 package org.springframework.security.config.core.userdetails;
 
+import java.io.InputStream;
+import java.util.Collection;
+import java.util.Map;
+import java.util.Properties;
+
 import org.springframework.beans.factory.FactoryBean;
 import org.springframework.context.ResourceLoaderAware;
 import org.springframework.core.io.DefaultResourceLoader;
@@ -25,11 +30,6 @@ import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.util.InMemoryResource;
 import org.springframework.util.Assert;
 
-import java.io.InputStream;
-import java.util.Collection;
-import java.util.Map;
-import java.util.Properties;
-
 /**
  * Parses a Resource that is a Properties file in the format of:
  *
diff --git a/config/src/main/java/org/springframework/security/config/crypto/RsaKeyConversionServicePostProcessor.java b/config/src/main/java/org/springframework/security/config/crypto/RsaKeyConversionServicePostProcessor.java
index 59edfcdd3d..6b41064c46 100644
--- a/config/src/main/java/org/springframework/security/config/crypto/RsaKeyConversionServicePostProcessor.java
+++ b/config/src/main/java/org/springframework/security/config/crypto/RsaKeyConversionServicePostProcessor.java
@@ -16,6 +16,7 @@
 
 package org.springframework.security.config.crypto;
 
+import java.beans.PropertyEditor;
 import java.beans.PropertyEditorSupport;
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
diff --git a/config/src/main/java/org/springframework/security/config/debug/SecurityDebugBeanFactoryPostProcessor.java b/config/src/main/java/org/springframework/security/config/debug/SecurityDebugBeanFactoryPostProcessor.java
index e6c62bae48..975e0dfc43 100644
--- a/config/src/main/java/org/springframework/security/config/debug/SecurityDebugBeanFactoryPostProcessor.java
+++ b/config/src/main/java/org/springframework/security/config/debug/SecurityDebugBeanFactoryPostProcessor.java
@@ -17,6 +17,7 @@ package org.springframework.security.config.debug;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+
 import org.springframework.beans.BeansException;
 import org.springframework.beans.factory.config.BeanDefinition;
 import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
diff --git a/config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java b/config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java
index dc02c12412..0d2d830bdc 100644
--- a/config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java
+++ b/config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java
@@ -15,8 +15,19 @@
  */
 package org.springframework.security.config.http;
 
+import java.security.SecureRandom;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+import java.util.Map;
+import java.util.function.Function;
+
+import javax.servlet.http.HttpServletRequest;
+
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.w3c.dom.Element;
+
 import org.springframework.beans.BeanMetadataElement;
 import org.springframework.beans.factory.config.BeanDefinition;
 import org.springframework.beans.factory.config.BeanReference;
@@ -56,15 +67,6 @@ import org.springframework.util.Assert;
 import org.springframework.util.ClassUtils;
 import org.springframework.util.StringUtils;
 import org.springframework.util.xml.DomUtils;
-import org.w3c.dom.Element;
-
-import javax.servlet.http.HttpServletRequest;
-import java.security.SecureRandom;
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.List;
-import java.util.Map;
-import java.util.function.Function;
 
 import static org.springframework.security.config.http.SecurityFilters.ANONYMOUS_FILTER;
 import static org.springframework.security.config.http.SecurityFilters.BASIC_AUTH_FILTER;
diff --git a/config/src/main/java/org/springframework/security/config/http/CorsBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/CorsBeanDefinitionParser.java
index 7dbbea8bf0..a518df519b 100644
--- a/config/src/main/java/org/springframework/security/config/http/CorsBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/CorsBeanDefinitionParser.java
@@ -15,6 +15,8 @@
  */
 package org.springframework.security.config.http;
 
+import org.w3c.dom.Element;
+
 import org.springframework.beans.BeanMetadataElement;
 import org.springframework.beans.factory.BeanCreationException;
 import org.springframework.beans.factory.config.RuntimeBeanReference;
@@ -24,7 +26,6 @@ import org.springframework.beans.factory.xml.ParserContext;
 import org.springframework.util.ClassUtils;
 import org.springframework.util.StringUtils;
 import org.springframework.web.filter.CorsFilter;
-import org.w3c.dom.Element;
 
 /**
  * Parser for the {@code CorsFilter}.
diff --git a/config/src/main/java/org/springframework/security/config/http/CsrfBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/CsrfBeanDefinitionParser.java
index 46a2c99b03..1c2ca21a68 100644
--- a/config/src/main/java/org/springframework/security/config/http/CsrfBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/CsrfBeanDefinitionParser.java
@@ -18,6 +18,7 @@ package org.springframework.security.config.http;
 import java.util.Arrays;
 import java.util.HashSet;
 import java.util.List;
+
 import javax.servlet.http.HttpServletRequest;
 
 import org.w3c.dom.Element;
diff --git a/config/src/main/java/org/springframework/security/config/http/DefaultFilterChainValidator.java b/config/src/main/java/org/springframework/security/config/http/DefaultFilterChainValidator.java
index c6a70e0886..027b6e166f 100644
--- a/config/src/main/java/org/springframework/security/config/http/DefaultFilterChainValidator.java
+++ b/config/src/main/java/org/springframework/security/config/http/DefaultFilterChainValidator.java
@@ -15,12 +15,16 @@
  */
 package org.springframework.security.config.http;
 
-import java.util.*;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Iterator;
+import java.util.List;
 
 import javax.servlet.Filter;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.authentication.AnonymousAuthenticationToken;
@@ -40,8 +44,8 @@ import org.springframework.security.web.context.SecurityContextPersistenceFilter
 import org.springframework.security.web.jaasapi.JaasApiIntegrationFilter;
 import org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter;
 import org.springframework.security.web.session.SessionManagementFilter;
-import org.springframework.security.web.util.matcher.RequestMatcher;
 import org.springframework.security.web.util.matcher.AnyRequestMatcher;
+import org.springframework.security.web.util.matcher.RequestMatcher;
 
 public class DefaultFilterChainValidator implements FilterChainProxy.FilterChainValidator {
 
diff --git a/config/src/main/java/org/springframework/security/config/http/FilterChainBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/FilterChainBeanDefinitionParser.java
index cff4ded3ca..e547ce9b2f 100644
--- a/config/src/main/java/org/springframework/security/config/http/FilterChainBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/FilterChainBeanDefinitionParser.java
@@ -15,6 +15,10 @@
  */
 package org.springframework.security.config.http;
 
+import java.util.Collections;
+
+import org.w3c.dom.Element;
+
 import org.springframework.beans.factory.config.BeanDefinition;
 import org.springframework.beans.factory.config.RuntimeBeanReference;
 import org.springframework.beans.factory.support.BeanDefinitionBuilder;
@@ -24,9 +28,6 @@ import org.springframework.beans.factory.xml.ParserContext;
 import org.springframework.security.web.DefaultSecurityFilterChain;
 import org.springframework.util.Assert;
 import org.springframework.util.StringUtils;
-import org.w3c.dom.Element;
-
-import java.util.*;
 
 /**
  * @author Luke Taylor
diff --git a/config/src/main/java/org/springframework/security/config/http/FilterChainMapBeanDefinitionDecorator.java b/config/src/main/java/org/springframework/security/config/http/FilterChainMapBeanDefinitionDecorator.java
index a3cf26283d..076117ca8c 100644
--- a/config/src/main/java/org/springframework/security/config/http/FilterChainMapBeanDefinitionDecorator.java
+++ b/config/src/main/java/org/springframework/security/config/http/FilterChainMapBeanDefinitionDecorator.java
@@ -17,6 +17,9 @@ package org.springframework.security.config.http;
 
 import java.util.List;
 
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+
 import org.springframework.beans.BeanMetadataElement;
 import org.springframework.beans.factory.config.BeanDefinition;
 import org.springframework.beans.factory.config.BeanDefinitionHolder;
@@ -29,8 +32,6 @@ import org.springframework.security.config.Elements;
 import org.springframework.security.web.DefaultSecurityFilterChain;
 import org.springframework.util.StringUtils;
 import org.springframework.util.xml.DomUtils;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
 
 /**
  * Sets the filter chain Map for a FilterChainProxy bean declaration.
diff --git a/config/src/main/java/org/springframework/security/config/http/FilterInvocationSecurityMetadataSourceParser.java b/config/src/main/java/org/springframework/security/config/http/FilterInvocationSecurityMetadataSourceParser.java
index b8373a83ee..067308a6bc 100644
--- a/config/src/main/java/org/springframework/security/config/http/FilterInvocationSecurityMetadataSourceParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/FilterInvocationSecurityMetadataSourceParser.java
@@ -15,13 +15,12 @@
  */
 package org.springframework.security.config.http;
 
-import static org.springframework.security.config.http.HttpSecurityBeanDefinitionParser.ATT_REQUEST_MATCHER_REF;
-
 import java.util.List;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.w3c.dom.Element;
+
 import org.springframework.beans.BeanMetadataElement;
 import org.springframework.beans.factory.config.BeanDefinition;
 import org.springframework.beans.factory.config.RuntimeBeanReference;
@@ -41,6 +40,8 @@ import org.springframework.security.web.access.intercept.FilterInvocationSecurit
 import org.springframework.util.StringUtils;
 import org.springframework.util.xml.DomUtils;
 
+import static org.springframework.security.config.http.HttpSecurityBeanDefinitionParser.ATT_REQUEST_MATCHER_REF;
+
 /**
  * Allows for convenient creation of a {@link FilterInvocationSecurityMetadataSource} bean
  * for use with a FilterSecurityInterceptor.
diff --git a/config/src/main/java/org/springframework/security/config/http/FormLoginBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/FormLoginBeanDefinitionParser.java
index ffa9175348..626dace287 100644
--- a/config/src/main/java/org/springframework/security/config/http/FormLoginBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/FormLoginBeanDefinitionParser.java
@@ -17,15 +17,20 @@ package org.springframework.security.config.http;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.w3c.dom.Element;
+
 import org.springframework.beans.factory.config.BeanDefinition;
 import org.springframework.beans.factory.config.BeanReference;
 import org.springframework.beans.factory.support.BeanDefinitionBuilder;
 import org.springframework.beans.factory.support.RootBeanDefinition;
 import org.springframework.beans.factory.xml.ParserContext;
-import org.springframework.security.web.authentication.*;
+import org.springframework.security.web.authentication.ForwardAuthenticationFailureHandler;
+import org.springframework.security.web.authentication.ForwardAuthenticationSuccessHandler;
+import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
+import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
+import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
 import org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter;
 import org.springframework.util.StringUtils;
-import org.w3c.dom.Element;
 
 /**
  * @author Luke Taylor
diff --git a/config/src/main/java/org/springframework/security/config/http/HeadersBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/HeadersBeanDefinitionParser.java
index b7b55e9f33..924a17ffe2 100644
--- a/config/src/main/java/org/springframework/security/config/http/HeadersBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/HeadersBeanDefinitionParser.java
@@ -23,6 +23,9 @@ import java.util.LinkedHashMap;
 import java.util.List;
 import java.util.Map;
 
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+
 import org.springframework.beans.BeanMetadataElement;
 import org.springframework.beans.factory.config.BeanDefinition;
 import org.springframework.beans.factory.config.RuntimeBeanReference;
@@ -31,16 +34,22 @@ import org.springframework.beans.factory.support.ManagedList;
 import org.springframework.beans.factory.xml.BeanDefinitionParser;
 import org.springframework.beans.factory.xml.ParserContext;
 import org.springframework.security.web.header.HeaderWriterFilter;
-import org.springframework.security.web.header.writers.*;
+import org.springframework.security.web.header.writers.CacheControlHeadersWriter;
+import org.springframework.security.web.header.writers.ContentSecurityPolicyHeaderWriter;
+import org.springframework.security.web.header.writers.FeaturePolicyHeaderWriter;
+import org.springframework.security.web.header.writers.HpkpHeaderWriter;
+import org.springframework.security.web.header.writers.HstsHeaderWriter;
+import org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter;
 import org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter.ReferrerPolicy;
+import org.springframework.security.web.header.writers.StaticHeadersWriter;
+import org.springframework.security.web.header.writers.XContentTypeOptionsHeaderWriter;
+import org.springframework.security.web.header.writers.XXssProtectionHeaderWriter;
 import org.springframework.security.web.header.writers.frameoptions.RegExpAllowFromStrategy;
 import org.springframework.security.web.header.writers.frameoptions.StaticAllowFromStrategy;
 import org.springframework.security.web.header.writers.frameoptions.WhiteListedAllowFromStrategy;
 import org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter;
 import org.springframework.util.StringUtils;
 import org.springframework.util.xml.DomUtils;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
 
 /**
  * Parser for the {@code HeadersFilter}.
diff --git a/config/src/main/java/org/springframework/security/config/http/HttpFirewallBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/HttpFirewallBeanDefinitionParser.java
index c5d3fde8e4..eced6f2405 100644
--- a/config/src/main/java/org/springframework/security/config/http/HttpFirewallBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/HttpFirewallBeanDefinitionParser.java
@@ -15,13 +15,14 @@
  */
 package org.springframework.security.config.http;
 
+import org.w3c.dom.Element;
+
 import org.springframework.beans.factory.config.BeanDefinition;
 import org.springframework.beans.factory.config.RuntimeBeanReference;
 import org.springframework.beans.factory.xml.BeanDefinitionParser;
 import org.springframework.beans.factory.xml.ParserContext;
 import org.springframework.security.config.BeanIds;
 import org.springframework.util.StringUtils;
-import org.w3c.dom.Element;
 
 /**
  * Injects the supplied {@code HttpFirewall} bean reference into the
diff --git a/config/src/main/java/org/springframework/security/config/http/LogoutBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/LogoutBeanDefinitionParser.java
index 9e9aab78c4..36b7662e5a 100644
--- a/config/src/main/java/org/springframework/security/config/http/LogoutBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/LogoutBeanDefinitionParser.java
@@ -15,6 +15,8 @@
  */
 package org.springframework.security.config.http;
 
+import org.w3c.dom.Element;
+
 import org.springframework.beans.BeanMetadataElement;
 import org.springframework.beans.factory.config.BeanDefinition;
 import org.springframework.beans.factory.config.RuntimeBeanReference;
@@ -28,7 +30,6 @@ import org.springframework.security.web.authentication.logout.LogoutFilter;
 import org.springframework.security.web.authentication.logout.LogoutSuccessEventPublishingLogoutHandler;
 import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
 import org.springframework.util.StringUtils;
-import org.w3c.dom.Element;
 
 /**
  * @author Luke Taylor
diff --git a/config/src/main/java/org/springframework/security/config/http/MatcherType.java b/config/src/main/java/org/springframework/security/config/http/MatcherType.java
index 63cbcfaf22..2858ef0414 100644
--- a/config/src/main/java/org/springframework/security/config/http/MatcherType.java
+++ b/config/src/main/java/org/springframework/security/config/http/MatcherType.java
@@ -15,6 +15,8 @@
  */
 package org.springframework.security.config.http;
 
+import org.w3c.dom.Element;
+
 import org.springframework.beans.factory.config.BeanDefinition;
 import org.springframework.beans.factory.support.BeanDefinitionBuilder;
 import org.springframework.beans.factory.support.RootBeanDefinition;
@@ -25,7 +27,6 @@ import org.springframework.security.web.util.matcher.AnyRequestMatcher;
 import org.springframework.security.web.util.matcher.RegexRequestMatcher;
 import org.springframework.security.web.util.matcher.RequestMatcher;
 import org.springframework.util.StringUtils;
-import org.w3c.dom.Element;
 
 /**
  * Defines the {@link RequestMatcher} types supported by the namespace.
diff --git a/config/src/main/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParser.java
index 894bc7a4ac..129a09233c 100644
--- a/config/src/main/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParser.java
@@ -15,6 +15,8 @@
  */
 package org.springframework.security.config.http;
 
+import org.w3c.dom.Element;
+
 import org.springframework.beans.BeanMetadataElement;
 import org.springframework.beans.factory.config.BeanDefinition;
 import org.springframework.beans.factory.config.BeanReference;
@@ -28,7 +30,6 @@ import org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequest
 import org.springframework.security.oauth2.client.web.OAuth2AuthorizedClientRepository;
 import org.springframework.util.StringUtils;
 import org.springframework.util.xml.DomUtils;
-import org.w3c.dom.Element;
 
 import static org.springframework.security.config.http.OAuth2ClientBeanDefinitionParserUtils.createDefaultAuthorizedClientRepository;
 import static org.springframework.security.config.http.OAuth2ClientBeanDefinitionParserUtils.getAuthorizedClientRepository;
diff --git a/config/src/main/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserUtils.java b/config/src/main/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserUtils.java
index db681dfce1..ab0d3cd89b 100644
--- a/config/src/main/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserUtils.java
+++ b/config/src/main/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserUtils.java
@@ -15,13 +15,14 @@
  */
 package org.springframework.security.config.http;
 
+import org.w3c.dom.Element;
+
 import org.springframework.beans.BeanMetadataElement;
 import org.springframework.beans.factory.config.BeanDefinition;
 import org.springframework.beans.factory.config.RuntimeBeanReference;
 import org.springframework.beans.factory.support.BeanDefinitionBuilder;
 import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
 import org.springframework.util.StringUtils;
-import org.w3c.dom.Element;
 
 /**
  * @author Joe Grandja
diff --git a/config/src/main/java/org/springframework/security/config/http/OAuth2LoginBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/OAuth2LoginBeanDefinitionParser.java
index 20240dcf3e..7ae4e76a72 100644
--- a/config/src/main/java/org/springframework/security/config/http/OAuth2LoginBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/OAuth2LoginBeanDefinitionParser.java
@@ -15,6 +15,15 @@
  */
 package org.springframework.security.config.http;
 
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.LinkedHashMap;
+import java.util.List;
+import java.util.Map;
+
+import org.w3c.dom.Element;
+
 import org.springframework.beans.BeanMetadataElement;
 import org.springframework.beans.BeansException;
 import org.springframework.beans.factory.config.BeanDefinition;
@@ -58,14 +67,6 @@ import org.springframework.util.StringUtils;
 import org.springframework.util.xml.DomUtils;
 import org.springframework.web.accept.ContentNegotiationStrategy;
 import org.springframework.web.accept.HeaderContentNegotiationStrategy;
-import org.w3c.dom.Element;
-
-import java.util.Arrays;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.LinkedHashMap;
-import java.util.List;
-import java.util.Map;
 
 import static org.springframework.security.config.http.OAuth2ClientBeanDefinitionParserUtils.createDefaultAuthorizedClientRepository;
 import static org.springframework.security.config.http.OAuth2ClientBeanDefinitionParserUtils.getAuthorizedClientRepository;
diff --git a/config/src/main/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParser.java
index e460c3365b..ef79bc4c64 100644
--- a/config/src/main/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParser.java
@@ -18,6 +18,7 @@ package org.springframework.security.config.http;
 
 import java.util.List;
 import java.util.Map;
+
 import javax.servlet.http.HttpServletRequest;
 
 import org.w3c.dom.Element;
diff --git a/config/src/main/java/org/springframework/security/config/http/PortMappingsBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/PortMappingsBeanDefinitionParser.java
index b5ff1c4e1d..8026a9526a 100644
--- a/config/src/main/java/org/springframework/security/config/http/PortMappingsBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/PortMappingsBeanDefinitionParser.java
@@ -18,6 +18,8 @@ package org.springframework.security.config.http;
 import java.util.List;
 import java.util.Map;
 
+import org.w3c.dom.Element;
+
 import org.springframework.beans.factory.config.BeanDefinition;
 import org.springframework.beans.factory.support.ManagedMap;
 import org.springframework.beans.factory.support.RootBeanDefinition;
@@ -27,7 +29,6 @@ import org.springframework.security.config.Elements;
 import org.springframework.security.web.PortMapperImpl;
 import org.springframework.util.StringUtils;
 import org.springframework.util.xml.DomUtils;
-import org.w3c.dom.Element;
 
 /**
  * Parses a port-mappings element, producing a single
diff --git a/config/src/main/java/org/springframework/security/config/http/RememberMeBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/RememberMeBeanDefinitionParser.java
index d9866bfdb3..d753f36bfd 100644
--- a/config/src/main/java/org/springframework/security/config/http/RememberMeBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/RememberMeBeanDefinitionParser.java
@@ -17,6 +17,8 @@ package org.springframework.security.config.http;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.w3c.dom.Element;
+
 import org.springframework.beans.factory.config.BeanDefinition;
 import org.springframework.beans.factory.config.BeanReference;
 import org.springframework.beans.factory.config.RuntimeBeanReference;
@@ -32,7 +34,6 @@ import org.springframework.security.web.authentication.rememberme.PersistentToke
 import org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter;
 import org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices;
 import org.springframework.util.StringUtils;
-import org.w3c.dom.Element;
 
 /**
  * @author Luke Taylor
diff --git a/config/src/main/java/org/springframework/security/config/http/UserDetailsServiceFactoryBean.java b/config/src/main/java/org/springframework/security/config/http/UserDetailsServiceFactoryBean.java
index 2f1c56a27c..50c7fbfd6b 100644
--- a/config/src/main/java/org/springframework/security/config/http/UserDetailsServiceFactoryBean.java
+++ b/config/src/main/java/org/springframework/security/config/http/UserDetailsServiceFactoryBean.java
@@ -24,8 +24,8 @@ import org.springframework.beans.factory.ListableBeanFactory;
 import org.springframework.context.ApplicationContext;
 import org.springframework.context.ApplicationContextAware;
 import org.springframework.context.ApplicationContextException;
-import org.springframework.security.config.authentication.AbstractUserDetailsServiceBeanDefinitionParser;
 import org.springframework.security.authentication.CachingUserDetailsService;
+import org.springframework.security.config.authentication.AbstractUserDetailsServiceBeanDefinitionParser;
 import org.springframework.security.core.userdetails.AuthenticationUserDetailsService;
 import org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper;
 import org.springframework.security.core.userdetails.UserDetailsService;
diff --git a/config/src/main/java/org/springframework/security/config/ldap/LdapProviderBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/ldap/LdapProviderBeanDefinitionParser.java
index 84f4f14d03..0246f1333f 100644
--- a/config/src/main/java/org/springframework/security/config/ldap/LdapProviderBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/ldap/LdapProviderBeanDefinitionParser.java
@@ -17,6 +17,8 @@ package org.springframework.security.config.ldap;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.w3c.dom.Element;
+
 import org.springframework.beans.factory.config.BeanDefinition;
 import org.springframework.beans.factory.config.RuntimeBeanReference;
 import org.springframework.beans.factory.support.BeanDefinitionBuilder;
@@ -26,7 +28,6 @@ import org.springframework.security.config.Elements;
 import org.springframework.security.config.authentication.PasswordEncoderParser;
 import org.springframework.util.StringUtils;
 import org.springframework.util.xml.DomUtils;
-import org.w3c.dom.Element;
 
 /**
  * Ldap authentication provider namespace configuration.
diff --git a/config/src/main/java/org/springframework/security/config/ldap/LdapUserServiceBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/ldap/LdapUserServiceBeanDefinitionParser.java
index 9ea520c98e..821875164b 100644
--- a/config/src/main/java/org/springframework/security/config/ldap/LdapUserServiceBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/ldap/LdapUserServiceBeanDefinitionParser.java
@@ -15,19 +15,19 @@
  */
 package org.springframework.security.config.ldap;
 
+import org.w3c.dom.Element;
+
 import org.springframework.beans.BeanMetadataElement;
-import org.springframework.beans.factory.xml.ParserContext;
+import org.springframework.beans.factory.config.BeanDefinition;
+import org.springframework.beans.factory.config.RuntimeBeanReference;
 import org.springframework.beans.factory.support.BeanDefinitionBuilder;
 import org.springframework.beans.factory.support.BeanDefinitionRegistry;
 import org.springframework.beans.factory.support.RootBeanDefinition;
-import org.springframework.beans.factory.config.BeanDefinition;
-import org.springframework.beans.factory.config.RuntimeBeanReference;
+import org.springframework.beans.factory.xml.ParserContext;
 import org.springframework.security.config.BeanIds;
 import org.springframework.security.config.authentication.AbstractUserDetailsServiceBeanDefinitionParser;
 import org.springframework.util.StringUtils;
 
-import org.w3c.dom.Element;
-
 /**
  * @author Luke Taylor
  * @since 2.0
diff --git a/config/src/main/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParser.java
index 0063ad72ff..050550c0e2 100644
--- a/config/src/main/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParser.java
@@ -15,8 +15,6 @@
  */
 package org.springframework.security.config.method;
 
-import static org.springframework.security.config.Elements.*;
-
 import java.util.ArrayList;
 import java.util.LinkedHashMap;
 import java.util.List;
@@ -24,6 +22,8 @@ import java.util.Map;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.w3c.dom.Element;
+
 import org.springframework.aop.config.AopNamespaceUtils;
 import org.springframework.aop.framework.ProxyFactoryBean;
 import org.springframework.aop.target.LazyInitTargetSource;
@@ -79,7 +79,13 @@ import org.springframework.security.core.AuthenticationException;
 import org.springframework.util.Assert;
 import org.springframework.util.StringUtils;
 import org.springframework.util.xml.DomUtils;
-import org.w3c.dom.Element;
+
+import static org.springframework.security.config.Elements.EXPRESSION_HANDLER;
+import static org.springframework.security.config.Elements.INVOCATION_ATTRIBUTE_FACTORY;
+import static org.springframework.security.config.Elements.INVOCATION_HANDLING;
+import static org.springframework.security.config.Elements.POST_INVOCATION_ADVICE;
+import static org.springframework.security.config.Elements.PRE_INVOCATION_ADVICE;
+import static org.springframework.security.config.Elements.PROTECT_POINTCUT;
 
 /**
  * Processes the top-level "global-method-security" element.
diff --git a/config/src/main/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecorator.java b/config/src/main/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecorator.java
index f447972569..171e01fed2 100644
--- a/config/src/main/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecorator.java
+++ b/config/src/main/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecorator.java
@@ -15,6 +15,12 @@
  */
 package org.springframework.security.config.method;
 
+import java.util.List;
+import java.util.Map;
+
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+
 import org.springframework.aop.config.AbstractInterceptorDrivenBeanDefinitionDecorator;
 import org.springframework.beans.factory.config.BeanDefinition;
 import org.springframework.beans.factory.config.BeanDefinitionHolder;
@@ -31,10 +37,6 @@ import org.springframework.security.config.BeanIds;
 import org.springframework.security.config.Elements;
 import org.springframework.util.StringUtils;
 import org.springframework.util.xml.DomUtils;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-
-import java.util.*;
 
 /**
  * @author Luke Taylor
diff --git a/config/src/main/java/org/springframework/security/config/method/MethodSecurityMetadataSourceBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/method/MethodSecurityMetadataSourceBeanDefinitionParser.java
index fbc0449fb0..8ae626105d 100644
--- a/config/src/main/java/org/springframework/security/config/method/MethodSecurityMetadataSourceBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/method/MethodSecurityMetadataSourceBeanDefinitionParser.java
@@ -19,6 +19,8 @@ import java.util.LinkedHashMap;
 import java.util.List;
 import java.util.Map;
 
+import org.w3c.dom.Element;
+
 import org.springframework.beans.factory.support.AbstractBeanDefinition;
 import org.springframework.beans.factory.support.RootBeanDefinition;
 import org.springframework.beans.factory.xml.AbstractBeanDefinitionParser;
@@ -29,7 +31,6 @@ import org.springframework.security.access.method.MapBasedMethodSecurityMetadata
 import org.springframework.security.config.Elements;
 import org.springframework.util.StringUtils;
 import org.springframework.util.xml.DomUtils;
-import org.w3c.dom.Element;
 
 /**
  * @author Luke Taylor
diff --git a/config/src/main/java/org/springframework/security/config/method/ProtectPointcutPostProcessor.java b/config/src/main/java/org/springframework/security/config/method/ProtectPointcutPostProcessor.java
index 8e561412df..23b75e2817 100644
--- a/config/src/main/java/org/springframework/security/config/method/ProtectPointcutPostProcessor.java
+++ b/config/src/main/java/org/springframework/security/config/method/ProtectPointcutPostProcessor.java
@@ -16,13 +16,19 @@
 package org.springframework.security.config.method;
 
 import java.lang.reflect.Method;
-import java.util.*;
+import java.util.HashSet;
+import java.util.LinkedHashMap;
+import java.util.LinkedHashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.aspectj.weaver.tools.PointcutExpression;
 import org.aspectj.weaver.tools.PointcutParser;
 import org.aspectj.weaver.tools.PointcutPrimitive;
+
 import org.springframework.beans.BeansException;
 import org.springframework.beans.factory.config.BeanPostProcessor;
 import org.springframework.security.access.ConfigAttribute;
diff --git a/config/src/main/java/org/springframework/security/config/oauth2/client/ClientRegistrationsBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/oauth2/client/ClientRegistrationsBeanDefinitionParser.java
index fb067c901a..dac349ed2b 100644
--- a/config/src/main/java/org/springframework/security/config/oauth2/client/ClientRegistrationsBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/oauth2/client/ClientRegistrationsBeanDefinitionParser.java
@@ -15,6 +15,15 @@
  */
 package org.springframework.security.config.oauth2.client;
 
+import java.util.ArrayList;
+import java.util.EnumSet;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Optional;
+
+import org.w3c.dom.Element;
+
 import org.springframework.beans.factory.config.BeanDefinition;
 import org.springframework.beans.factory.parsing.BeanComponentDefinition;
 import org.springframework.beans.factory.parsing.CompositeComponentDefinition;
@@ -29,14 +38,6 @@ import org.springframework.security.oauth2.core.AuthorizationGrantType;
 import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
 import org.springframework.util.StringUtils;
 import org.springframework.util.xml.DomUtils;
-import org.w3c.dom.Element;
-
-import java.util.ArrayList;
-import java.util.EnumSet;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-import java.util.Optional;
 
 /**
  * @author Ruby Hartono
diff --git a/config/src/main/java/org/springframework/security/config/provisioning/UserDetailsManagerResourceFactoryBean.java b/config/src/main/java/org/springframework/security/config/provisioning/UserDetailsManagerResourceFactoryBean.java
index 219ea6480f..705ebe122f 100644
--- a/config/src/main/java/org/springframework/security/config/provisioning/UserDetailsManagerResourceFactoryBean.java
+++ b/config/src/main/java/org/springframework/security/config/provisioning/UserDetailsManagerResourceFactoryBean.java
@@ -16,6 +16,8 @@
 
 package org.springframework.security.config.provisioning;
 
+import java.util.Collection;
+
 import org.springframework.beans.factory.FactoryBean;
 import org.springframework.context.ResourceLoaderAware;
 import org.springframework.core.io.Resource;
@@ -25,8 +27,6 @@ import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.provisioning.InMemoryUserDetailsManager;
 import org.springframework.security.util.InMemoryResource;
 
-import java.util.Collection;
-
 /**
  * Constructs an {@link InMemoryUserDetailsManager} from a resource using
  * {@link UserDetailsResourceFactoryBean}.
diff --git a/config/src/main/java/org/springframework/security/config/web/server/AbstractServerWebExchangeMatcherRegistry.java b/config/src/main/java/org/springframework/security/config/web/server/AbstractServerWebExchangeMatcherRegistry.java
index 404e89ccdc..d70d9b4e9d 100644
--- a/config/src/main/java/org/springframework/security/config/web/server/AbstractServerWebExchangeMatcherRegistry.java
+++ b/config/src/main/java/org/springframework/security/config/web/server/AbstractServerWebExchangeMatcherRegistry.java
@@ -15,14 +15,14 @@
  */
 package org.springframework.security.config.web.server;
 
+import java.util.List;
+
 import org.springframework.http.HttpMethod;
 import org.springframework.security.web.server.util.matcher.OrServerWebExchangeMatcher;
 import org.springframework.security.web.server.util.matcher.PathPatternParserServerWebExchangeMatcher;
 import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher;
 import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers;
 
-import java.util.List;
-
 /**
  * @author Rob Winch
  * @since 5.0
diff --git a/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java b/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java
index aba685f3a3..eaade885f4 100644
--- a/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java
+++ b/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java
@@ -31,9 +31,6 @@ import java.util.UUID;
 import java.util.function.Function;
 import java.util.function.Supplier;
 
-import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
-import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
-import org.springframework.security.oauth2.core.OAuth2AuthorizationException;
 import reactor.core.publisher.Mono;
 import reactor.util.context.Context;
 
@@ -58,6 +55,7 @@ import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.AuthorityUtils;
+import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
 import org.springframework.security.core.userdetails.ReactiveUserDetailsService;
 import org.springframework.security.oauth2.client.InMemoryReactiveOAuth2AuthorizedClientService;
 import org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientService;
@@ -83,6 +81,8 @@ import org.springframework.security.oauth2.client.web.server.ServerOAuth2Authori
 import org.springframework.security.oauth2.client.web.server.ServerOAuth2AuthorizedClientRepository;
 import org.springframework.security.oauth2.client.web.server.WebSessionOAuth2ServerAuthorizationRequestRepository;
 import org.springframework.security.oauth2.client.web.server.authentication.OAuth2LoginAuthenticationWebFilter;
+import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
+import org.springframework.security.oauth2.core.OAuth2AuthorizationException;
 import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
 import org.springframework.security.oauth2.core.oidc.user.OidcUser;
 import org.springframework.security.oauth2.core.user.OAuth2User;
@@ -103,6 +103,7 @@ import org.springframework.security.web.PortMapper;
 import org.springframework.security.web.authentication.preauth.x509.SubjectDnX509PrincipalExtractor;
 import org.springframework.security.web.authentication.preauth.x509.X509PrincipalExtractor;
 import org.springframework.security.web.server.DelegatingServerAuthenticationEntryPoint;
+import org.springframework.security.web.server.DelegatingServerAuthenticationEntryPoint.DelegateEntry;
 import org.springframework.security.web.server.MatcherSecurityWebFilterChain;
 import org.springframework.security.web.server.SecurityWebFilterChain;
 import org.springframework.security.web.server.ServerAuthenticationEntryPoint;
@@ -179,8 +180,6 @@ import org.springframework.web.server.ServerWebExchange;
 import org.springframework.web.server.WebFilter;
 import org.springframework.web.server.WebFilterChain;
 
-import static org.springframework.security.web.server.DelegatingServerAuthenticationEntryPoint.DelegateEntry;
-
 /**
  * A {@link ServerHttpSecurity} is similar to Spring Security's {@code HttpSecurity} but
  * for WebFlux. It allows configuring web based security for specific http requests. By
diff --git a/config/src/main/java/org/springframework/security/config/websocket/WebSocketMessageBrokerSecurityBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/websocket/WebSocketMessageBrokerSecurityBeanDefinitionParser.java
index ae05bf0061..0ce21afb08 100644
--- a/config/src/main/java/org/springframework/security/config/websocket/WebSocketMessageBrokerSecurityBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/websocket/WebSocketMessageBrokerSecurityBeanDefinitionParser.java
@@ -15,12 +15,12 @@
  */
 package org.springframework.security.config.websocket;
 
-import static org.springframework.security.config.Elements.*;
-
 import java.util.Comparator;
 import java.util.List;
 import java.util.Map;
 
+import org.w3c.dom.Element;
+
 import org.springframework.beans.BeansException;
 import org.springframework.beans.PropertyValue;
 import org.springframework.beans.factory.config.BeanDefinition;
@@ -53,7 +53,8 @@ import org.springframework.util.AntPathMatcher;
 import org.springframework.util.PathMatcher;
 import org.springframework.util.StringUtils;
 import org.springframework.util.xml.DomUtils;
-import org.w3c.dom.Element;
+
+import static org.springframework.security.config.Elements.EXPRESSION_HANDLER;
 
 /**
  * Parses Spring Security's websocket namespace support. A simple example is:
diff --git a/config/src/test/java/org/springframework/security/CollectingAppListener.java b/config/src/test/java/org/springframework/security/CollectingAppListener.java
index 0589657430..09d61fc169 100644
--- a/config/src/test/java/org/springframework/security/CollectingAppListener.java
+++ b/config/src/test/java/org/springframework/security/CollectingAppListener.java
@@ -15,7 +15,8 @@
  */
 package org.springframework.security;
 
-import java.util.*;
+import java.util.HashSet;
+import java.util.Set;
 
 import org.springframework.context.ApplicationEvent;
 import org.springframework.context.ApplicationListener;
diff --git a/config/src/test/java/org/springframework/security/config/FilterChainProxyConfigTests.java b/config/src/test/java/org/springframework/security/config/FilterChainProxyConfigTests.java
index a1ce51cd78..aafe570bad 100644
--- a/config/src/test/java/org/springframework/security/config/FilterChainProxyConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/FilterChainProxyConfigTests.java
@@ -16,9 +16,6 @@
 
 package org.springframework.security.config;
 
-import static org.assertj.core.api.Assertions.*;
-import static org.mockito.Mockito.*;
-
 import java.util.List;
 
 import javax.servlet.Filter;
@@ -43,6 +40,11 @@ import org.springframework.security.web.servletapi.SecurityContextHolderAwareReq
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 import org.springframework.security.web.util.matcher.AnyRequestMatcher;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+
 /**
  * Tests {@link FilterChainProxy}.
  *
diff --git a/config/src/test/java/org/springframework/security/config/InvalidConfigurationTests.java b/config/src/test/java/org/springframework/security/config/InvalidConfigurationTests.java
index 02011b0cc7..f4ee273515 100644
--- a/config/src/test/java/org/springframework/security/config/InvalidConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/InvalidConfigurationTests.java
@@ -15,17 +15,18 @@
  */
 package org.springframework.security.config;
 
-import static org.assertj.core.api.Assertions.*;
-import static org.junit.Assert.fail;
-
 import org.junit.After;
 import org.junit.Test;
+
 import org.springframework.beans.factory.BeanCreationException;
 import org.springframework.beans.factory.NoSuchBeanDefinitionException;
 import org.springframework.beans.factory.xml.XmlBeanDefinitionStoreException;
 import org.springframework.security.config.authentication.AuthenticationManagerFactoryBean;
 import org.springframework.security.config.util.InMemoryXmlApplicationContext;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.junit.Assert.fail;
+
 /**
  * Tests which make sure invalid configurations are rejected by the namespace. In
  * particular invalid top-level elements. These are likely to fail after the namespace has
diff --git a/config/src/test/java/org/springframework/security/config/MockEventListener.java b/config/src/test/java/org/springframework/security/config/MockEventListener.java
index c566e15a99..5cc7709ebb 100644
--- a/config/src/test/java/org/springframework/security/config/MockEventListener.java
+++ b/config/src/test/java/org/springframework/security/config/MockEventListener.java
@@ -16,12 +16,12 @@
 
 package org.springframework.security.config;
 
-import org.springframework.context.ApplicationEvent;
-import org.springframework.context.ApplicationListener;
-
 import java.util.ArrayList;
 import java.util.List;
 
+import org.springframework.context.ApplicationEvent;
+import org.springframework.context.ApplicationListener;
+
 /**
  * @author Rob Winch
  * @since 5.0.2
diff --git a/config/src/test/java/org/springframework/security/config/MockTransactionManager.java b/config/src/test/java/org/springframework/security/config/MockTransactionManager.java
index bba810c227..811e2bbfb1 100644
--- a/config/src/test/java/org/springframework/security/config/MockTransactionManager.java
+++ b/config/src/test/java/org/springframework/security/config/MockTransactionManager.java
@@ -15,13 +15,13 @@
  */
 package org.springframework.security.config;
 
-import static org.mockito.Mockito.mock;
-
 import org.springframework.transaction.PlatformTransactionManager;
 import org.springframework.transaction.TransactionDefinition;
 import org.springframework.transaction.TransactionException;
 import org.springframework.transaction.TransactionStatus;
 
+import static org.mockito.Mockito.mock;
+
 /**
  * @author Luke Taylor
  */
diff --git a/config/src/test/java/org/springframework/security/config/annotation/SecurityConfigurerAdapterTests.java b/config/src/test/java/org/springframework/security/config/annotation/SecurityConfigurerAdapterTests.java
index 753c5c39d5..9e60cd0d74 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/SecurityConfigurerAdapterTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/SecurityConfigurerAdapterTests.java
@@ -15,12 +15,13 @@
  */
 package org.springframework.security.config.annotation;
 
-import static org.assertj.core.api.Assertions.*;
-
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.core.Ordered;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 public class SecurityConfigurerAdapterTests {
 
 	ConcereteSecurityConfigurerAdapter adapter;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/AuthenticationManagerBuilderTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/AuthenticationManagerBuilderTests.java
index 0bf1a8e566..25288f639a 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/authentication/AuthenticationManagerBuilderTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/AuthenticationManagerBuilderTests.java
@@ -15,8 +15,12 @@
  */
 package org.springframework.security.config.annotation.authentication;
 
+import java.util.Arrays;
+import java.util.Properties;
+
 import org.junit.Rule;
 import org.junit.Test;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
@@ -47,9 +51,6 @@ import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.provisioning.InMemoryUserDetailsManager;
 import org.springframework.test.web.servlet.MockMvc;
 
-import java.util.Arrays;
-import java.util.Properties;
-
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.mock;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationManagerTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationManagerTests.java
index fd39a39dbf..6aa34abb27 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationManagerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationManagerTests.java
@@ -17,6 +17,7 @@ package org.springframework.security.config.annotation.authentication;
 
 import org.junit.Rule;
 import org.junit.Test;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationProviderTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationProviderTests.java
index 6379257b25..66eac99ad6 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationProviderTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationProviderTests.java
@@ -18,6 +18,7 @@ package org.springframework.security.config.annotation.authentication;
 
 import org.junit.Rule;
 import org.junit.Test;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceJdbcUserServiceTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceJdbcUserServiceTests.java
index bc809bc3db..bf623b89ea 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceJdbcUserServiceTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceJdbcUserServiceTests.java
@@ -16,8 +16,11 @@
 
 package org.springframework.security.config.annotation.authentication;
 
+import javax.sql.DataSource;
+
 import org.junit.Rule;
 import org.junit.Test;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -33,8 +36,6 @@ import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.provisioning.JdbcUserDetailsManager;
 import org.springframework.test.web.servlet.MockMvc;
 
-import javax.sql.DataSource;
-
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.formLogin;
 import static org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.authenticated;
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespacePasswordEncoderTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespacePasswordEncoderTests.java
index 7d40fc7d13..1288673c9e 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespacePasswordEncoderTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespacePasswordEncoderTests.java
@@ -16,8 +16,11 @@
 
 package org.springframework.security.config.annotation.authentication;
 
+import javax.sql.DataSource;
+
 import org.junit.Rule;
 import org.junit.Test;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.jdbc.datasource.embedded.EmbeddedDatabaseBuilder;
@@ -32,8 +35,6 @@ import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.provisioning.InMemoryUserDetailsManager;
 import org.springframework.test.web.servlet.MockMvc;
 
-import javax.sql.DataSource;
-
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.formLogin;
 import static org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.authenticated;
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/PasswordEncoderConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/PasswordEncoderConfigurerTests.java
index 42b359193a..39d2d2f335 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/authentication/PasswordEncoderConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/PasswordEncoderConfigurerTests.java
@@ -18,6 +18,7 @@ package org.springframework.security.config.annotation.authentication;
 
 import org.junit.Rule;
 import org.junit.Test;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationPublishTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationPublishTests.java
index cea8e87e92..3194b6cff7 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationPublishTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationPublishTests.java
@@ -18,6 +18,7 @@ package org.springframework.security.config.annotation.authentication.configurat
 
 import org.junit.Test;
 import org.junit.runner.RunWith;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Import;
@@ -30,7 +31,7 @@ import org.springframework.security.config.MockEventListener;
 import org.springframework.security.config.users.AuthenticationTestConfiguration;
 import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 
-import static org.assertj.core.api.Assertions.*;
+import static org.assertj.core.api.Assertions.assertThat;
 
 /**
  * @author Rob Winch
diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationTests.java
index 7a7d98d083..88bd7763af 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationTests.java
@@ -15,9 +15,14 @@
  */
 package org.springframework.security.config.annotation.authentication.configuration;
 
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+
 import org.junit.After;
 import org.junit.Rule;
 import org.junit.Test;
+
 import org.springframework.aop.framework.ProxyFactoryBean;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
@@ -50,19 +55,20 @@ import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.core.userdetails.PasswordEncodedUser;
 import org.springframework.security.core.userdetails.User;
 import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsPasswordService;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.provisioning.InMemoryUserDetailsManager;
-import org.springframework.security.core.userdetails.UserDetailsPasswordService;
-
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.List;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
-import static org.mockito.Mockito.*;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.ArgumentMatchers.startsWith;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
 
 public class AuthenticationConfigurationTests {
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/EnableGlobalAuthenticationTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/EnableGlobalAuthenticationTests.java
index 604ea5a1c2..dd6faa94ae 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/EnableGlobalAuthenticationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/EnableGlobalAuthenticationTests.java
@@ -15,16 +15,17 @@
  */
 package org.springframework.security.config.annotation.authentication.configuration;
 
-import static org.assertj.core.api.Assertions.assertThat;
-
 import org.junit.Rule;
 import org.junit.Test;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.test.SpringTestRule;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 /**
  * @author Rob Winch
  *
diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/configurers/provisioning/UserDetailsManagerConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/configurers/provisioning/UserDetailsManagerConfigurerTests.java
index 522887cf80..03ec10796e 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/authentication/configurers/provisioning/UserDetailsManagerConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/configurers/provisioning/UserDetailsManagerConfigurerTests.java
@@ -16,17 +16,18 @@
 
 package org.springframework.security.config.annotation.authentication.configurers.provisioning;
 
-import static org.assertj.core.api.Assertions.assertThat;
-
 import java.util.Arrays;
 
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.provisioning.InMemoryUserDetailsManager;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 /**
  * @author Rob Winch
  * @author Adolfo Eloy
diff --git a/config/src/test/java/org/springframework/security/config/annotation/configuration/AutowireBeanFactoryObjectPostProcessorTests.java b/config/src/test/java/org/springframework/security/config/annotation/configuration/AutowireBeanFactoryObjectPostProcessorTests.java
index eac66ebd19..5c93b35afb 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/configuration/AutowireBeanFactoryObjectPostProcessorTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/configuration/AutowireBeanFactoryObjectPostProcessorTests.java
@@ -17,6 +17,7 @@ package org.springframework.security.config.annotation.configuration;
 
 import org.junit.Rule;
 import org.junit.Test;
+
 import org.springframework.beans.factory.BeanClassLoaderAware;
 import org.springframework.beans.factory.BeanFactoryAware;
 import org.springframework.beans.factory.DisposableBean;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/issue50/Issue50Tests.java b/config/src/test/java/org/springframework/security/config/annotation/issue50/Issue50Tests.java
index df654ed93b..46850925fc 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/issue50/Issue50Tests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/issue50/Issue50Tests.java
@@ -15,10 +15,13 @@
  */
 package org.springframework.security.config.annotation.issue50;
 
+import javax.transaction.Transactional;
+
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.authentication.AuthenticationManager;
@@ -33,8 +36,6 @@ import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.junit4.SpringRunner;
 
-import javax.transaction.Transactional;
-
 import static org.assertj.core.api.Assertions.assertThat;
 
 /**
diff --git a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/DelegatingReactiveMessageService.java b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/DelegatingReactiveMessageService.java
index 4365f3ae9b..c6a8980a0f 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/DelegatingReactiveMessageService.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/DelegatingReactiveMessageService.java
@@ -16,11 +16,12 @@
 package org.springframework.security.config.annotation.method.configuration;
 
 import org.reactivestreams.Publisher;
-import org.springframework.security.access.prepost.PostAuthorize;
-import org.springframework.security.access.prepost.PreAuthorize;
 import reactor.core.publisher.Flux;
 import reactor.core.publisher.Mono;
 
+import org.springframework.security.access.prepost.PostAuthorize;
+import org.springframework.security.access.prepost.PreAuthorize;
+
 public class DelegatingReactiveMessageService implements ReactiveMessageService {
 
 	private final ReactiveMessageService delegate;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/EnableReactiveMethodSecurityTests.java b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/EnableReactiveMethodSecurityTests.java
index a84df2224a..c68be1a0cc 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/EnableReactiveMethodSecurityTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/EnableReactiveMethodSecurityTests.java
@@ -21,6 +21,12 @@ import org.junit.After;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.reactivestreams.Publisher;
+import reactor.core.publisher.Flux;
+import reactor.core.publisher.Mono;
+import reactor.test.StepVerifier;
+import reactor.test.publisher.TestPublisher;
+import reactor.util.context.Context;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.security.access.AccessDeniedException;
@@ -28,14 +34,11 @@ import org.springframework.security.authentication.TestingAuthenticationToken;
 import org.springframework.security.core.context.ReactiveSecurityContextHolder;
 import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.junit4.SpringRunner;
-import reactor.core.publisher.Flux;
-import reactor.core.publisher.Mono;
-import reactor.test.StepVerifier;
-import reactor.test.publisher.TestPublisher;
-import reactor.util.context.Context;
 
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
-import static org.mockito.Mockito.*;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.reset;
+import static org.mockito.Mockito.when;
 
 /**
  * @author Rob Winch
diff --git a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfigurationTests.java
index e63e57dbfb..93f787f010 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfigurationTests.java
@@ -18,6 +18,7 @@ package org.springframework.security.config.annotation.method.configuration;
 import java.lang.reflect.Proxy;
 import java.util.HashMap;
 import java.util.Map;
+
 import javax.sql.DataSource;
 
 import org.aopalliance.intercept.MethodInterceptor;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/MethodSecurityService.java b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/MethodSecurityService.java
index e3d4baf3cb..525ce2a477 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/MethodSecurityService.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/MethodSecurityService.java
@@ -16,15 +16,15 @@
 
 package org.springframework.security.config.annotation.method.configuration;
 
+import javax.annotation.security.DenyAll;
+import javax.annotation.security.PermitAll;
+
 import org.springframework.security.access.annotation.Secured;
 import org.springframework.security.access.prepost.PostAuthorize;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.parameters.P;
 
-import javax.annotation.security.DenyAll;
-import javax.annotation.security.PermitAll;
-
 /**
  * @author Rob Winch
  */
diff --git a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/NamespaceGlobalMethodSecurityExpressionHandlerTests.java b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/NamespaceGlobalMethodSecurityExpressionHandlerTests.java
index f904f0df58..8f44603aa7 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/NamespaceGlobalMethodSecurityExpressionHandlerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/NamespaceGlobalMethodSecurityExpressionHandlerTests.java
@@ -15,9 +15,12 @@
  */
 package org.springframework.security.config.annotation.method.configuration;
 
+import java.io.Serializable;
+
 import org.junit.Rule;
 import org.junit.Test;
 import org.junit.runner.RunWith;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.access.PermissionEvaluator;
@@ -29,8 +32,6 @@ import org.springframework.security.test.context.annotation.SecurityTestExecutio
 import org.springframework.security.test.context.support.WithMockUser;
 import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 
-import java.io.Serializable;
-
 import static org.assertj.core.api.Assertions.assertThatCode;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecurityConfigurationTests.java
index 8fe7565b04..575df914fa 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecurityConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecurityConfigurationTests.java
@@ -16,10 +16,9 @@
 
 package org.springframework.security.config.annotation.method.configuration;
 
-import static org.assertj.core.api.Assertions.assertThat;
-
 import org.junit.Rule;
 import org.junit.Test;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -31,6 +30,8 @@ import org.springframework.security.authentication.TestingAuthenticationToken;
 import org.springframework.security.config.core.GrantedAuthorityDefaults;
 import org.springframework.security.config.test.SpringTestRule;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 /**
  * @author Tadaya Tsuyukubo
  */
diff --git a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/SampleEnableGlobalMethodSecurityTests.java b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/SampleEnableGlobalMethodSecurityTests.java
index 1f7031541d..0525e851a3 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/SampleEnableGlobalMethodSecurityTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/SampleEnableGlobalMethodSecurityTests.java
@@ -15,9 +15,12 @@
  */
 package org.springframework.security.config.annotation.method.configuration;
 
+import java.io.Serializable;
+
 import org.junit.Before;
 import org.junit.Rule;
 import org.junit.Test;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.security.access.AccessDeniedException;
@@ -30,8 +33,6 @@ import org.springframework.security.config.test.SpringTestRule;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
 
-import java.io.Serializable;
-
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/sec2758/Sec2758Tests.java b/config/src/test/java/org/springframework/security/config/annotation/sec2758/Sec2758Tests.java
index c8d3563122..208d514d06 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/sec2758/Sec2758Tests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/sec2758/Sec2758Tests.java
@@ -15,9 +15,12 @@
  */
 package org.springframework.security.config.annotation.sec2758;
 
+import javax.annotation.security.RolesAllowed;
+
 import org.junit.Rule;
 import org.junit.Test;
 import org.junit.runner.RunWith;
+
 import org.springframework.beans.BeansException;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.config.BeanPostProcessor;
@@ -39,8 +42,6 @@ import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RestController;
 
-import javax.annotation.security.RolesAllowed;
-
 import static org.assertj.core.api.Assertions.assertThatCode;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/AbstractConfiguredSecurityBuilderTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/AbstractConfiguredSecurityBuilderTests.java
index b35dbf989c..d1ea811fa6 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/AbstractConfiguredSecurityBuilderTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/AbstractConfiguredSecurityBuilderTests.java
@@ -15,15 +15,16 @@
  */
 package org.springframework.security.config.annotation.web;
 
+import java.util.List;
+
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder;
 import org.springframework.security.config.annotation.ObjectPostProcessor;
 import org.springframework.security.config.annotation.SecurityConfigurer;
 import org.springframework.security.config.annotation.SecurityConfigurerAdapter;
 
-import java.util.List;
-
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistryTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistryTests.java
index 04fd95279b..0616e815a7 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistryTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistryTests.java
@@ -15,15 +15,16 @@
  */
 package org.springframework.security.config.annotation.web;
 
+import java.util.List;
+
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.http.HttpMethod;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 import org.springframework.security.web.util.matcher.RegexRequestMatcher;
 import org.springframework.security.web.util.matcher.RequestMatcher;
 
-import java.util.List;
-
 import static org.assertj.core.api.Assertions.assertThat;
 
 /**
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/HttpSecurityHeadersTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/HttpSecurityHeadersTests.java
index 7d24eb0c30..70d0f53ed3 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/HttpSecurityHeadersTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/HttpSecurityHeadersTests.java
@@ -15,15 +15,12 @@
  */
 package org.springframework.security.config.annotation.web;
 
-import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
-import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.header;
-import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
-
 import javax.servlet.Filter;
 
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.http.HttpHeaders;
@@ -40,6 +37,10 @@ import org.springframework.web.servlet.config.annotation.EnableWebMvc;
 import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.header;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
+
 /**
  * @author Rob Winch
  *
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/SampleWebSecurityConfigurerAdapterTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/SampleWebSecurityConfigurerAdapterTests.java
index 555ff3fd48..9e4bd8763e 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/SampleWebSecurityConfigurerAdapterTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/SampleWebSecurityConfigurerAdapterTests.java
@@ -15,9 +15,14 @@
  */
 package org.springframework.security.config.annotation.web;
 
+import java.util.Base64;
+
+import javax.servlet.http.HttpServletResponse;
+
 import org.junit.Before;
 import org.junit.Rule;
 import org.junit.Test;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.core.annotation.Order;
@@ -36,9 +41,6 @@ import org.springframework.security.web.csrf.CsrfToken;
 import org.springframework.security.web.csrf.DefaultCsrfToken;
 import org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository;
 
-import javax.servlet.http.HttpServletResponse;
-import java.util.Base64;
-
 import static org.assertj.core.api.Assertions.assertThat;
 
 /**
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterTests.java
index a5a3ff02c4..a31287e6b6 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterTests.java
@@ -18,6 +18,7 @@ package org.springframework.security.config.annotation.web;
 import java.io.IOException;
 import java.util.ArrayList;
 import java.util.List;
+
 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/builders/HttpConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/builders/HttpConfigurationTests.java
index 4e76f6a82e..217ebdf6ce 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/builders/HttpConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/builders/HttpConfigurationTests.java
@@ -15,8 +15,18 @@
  */
 package org.springframework.security.config.annotation.web.builders;
 
+import java.io.IOException;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
 import org.junit.Rule;
 import org.junit.Test;
+
 import org.springframework.beans.factory.BeanCreationException;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.cas.web.CasAuthenticationFilter;
@@ -28,17 +38,11 @@ import org.springframework.security.core.userdetails.PasswordEncodedUser;
 import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.web.filter.OncePerRequestFilter;
 
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.ThrowableAssert.catchThrowable;
-import static org.mockito.Mockito.*;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.spy;
+import static org.mockito.Mockito.verify;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/builders/NamespaceHttpTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/builders/NamespaceHttpTests.java
index 556c3d1a49..6916b82396 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/builders/NamespaceHttpTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/builders/NamespaceHttpTests.java
@@ -15,8 +15,14 @@
  */
 package org.springframework.security.config.annotation.web.builders;
 
+import javax.security.auth.Subject;
+import javax.security.auth.login.LoginContext;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
+
 import org.junit.Rule;
 import org.junit.Test;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.access.AccessDecisionManager;
 import org.springframework.security.access.ConfigAttribute;
@@ -49,18 +55,21 @@ import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.test.web.servlet.MvcResult;
 import org.springframework.web.bind.annotation.GetMapping;
 
-import javax.security.auth.Subject;
-import javax.security.auth.login.LoginContext;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpSession;
-
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.Mockito.*;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.anyCollection;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.formLogin;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.authentication;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.user;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
-import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.*;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.forwardedUrl;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.header;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.redirectedUrlPattern;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
 
 /**
  * Tests to verify that all the functionality of &lt;http&gt; attributes are present in
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/AuthenticationPrincipalArgumentResolverTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/AuthenticationPrincipalArgumentResolverTests.java
index df01d613d2..c9857bee0c 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/AuthenticationPrincipalArgumentResolverTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/AuthenticationPrincipalArgumentResolverTests.java
@@ -15,13 +15,10 @@
  */
 package org.springframework.security.config.annotation.web.configuration;
 
-import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
-import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content;
-import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
-
 import org.junit.After;
 import org.junit.Test;
 import org.junit.runner.RunWith;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
@@ -41,6 +38,10 @@ import org.springframework.web.bind.annotation.RestController;
 import org.springframework.web.context.WebApplicationContext;
 import org.springframework.web.servlet.config.annotation.EnableWebMvc;
 
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
+
 /**
  * @author Rob Winch
  *
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/EnableWebSecurityTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/EnableWebSecurityTests.java
index c8b2c3e75d..e7b4611028 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/EnableWebSecurityTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/EnableWebSecurityTests.java
@@ -17,6 +17,7 @@ package org.springframework.security.config.annotation.web.configuration;
 
 import org.junit.Rule;
 import org.junit.Test;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfigurationTests.java
index e27fd51616..bbe01aaf1d 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfigurationTests.java
@@ -16,9 +16,14 @@
 
 package org.springframework.security.config.annotation.web.configuration;
 
+import java.util.concurrent.Callable;
+
+import javax.servlet.http.HttpServletRequest;
+
 import com.google.common.net.HttpHeaders;
 import org.junit.Rule;
 import org.junit.Test;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -39,9 +44,6 @@ import org.springframework.test.web.servlet.MvcResult;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RestController;
 
-import javax.servlet.http.HttpServletRequest;
-import java.util.concurrent.Callable;
-
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.springframework.security.config.Customizer.withDefaults;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.authentication;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfigurationTests.java
index f9fe77d875..6a1edaec4f 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfigurationTests.java
@@ -15,8 +15,11 @@
  */
 package org.springframework.security.config.annotation.web.configuration;
 
+import javax.servlet.http.HttpServletRequest;
+
 import org.junit.Rule;
 import org.junit.Test;
+
 import org.springframework.beans.factory.NoSuchBeanDefinitionException;
 import org.springframework.beans.factory.NoUniqueBeanDefinitionException;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -40,11 +43,9 @@ import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RestController;
 import org.springframework.web.servlet.config.annotation.EnableWebMvc;
 
-import javax.servlet.http.HttpServletRequest;
-
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
-import static org.mockito.Mockito.any;
-import static org.mockito.Mockito.eq;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/Sec2515Tests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/Sec2515Tests.java
index 1b536a4fe6..17d92432a7 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/Sec2515Tests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/Sec2515Tests.java
@@ -15,8 +15,12 @@
  */
 package org.springframework.security.config.annotation.web.configuration;
 
+import java.net.URL;
+import java.net.URLClassLoader;
+
 import org.junit.Rule;
 import org.junit.Test;
+
 import org.springframework.beans.FatalBeanException;
 import org.springframework.context.annotation.Bean;
 import org.springframework.security.authentication.AuthenticationManager;
@@ -24,9 +28,6 @@ import org.springframework.security.config.annotation.authentication.builders.Au
 import org.springframework.security.config.test.SpringTestRule;
 import org.springframework.web.context.support.AnnotationConfigWebApplicationContext;
 
-import java.net.URL;
-import java.net.URLClassLoader;
-
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.Mockito.mock;
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfigurationTests.java
index daadc8d6b5..0f632bdb27 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfigurationTests.java
@@ -15,10 +15,24 @@
  */
 package org.springframework.security.config.annotation.web.configuration;
 
+import java.net.URI;
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Rule;
 import org.junit.Test;
+import reactor.core.CoreSubscriber;
+import reactor.core.publisher.BaseSubscriber;
+import reactor.core.publisher.Mono;
+import reactor.core.publisher.Operators;
+import reactor.test.StepVerifier;
+import reactor.util.context.Context;
+
 import org.springframework.http.HttpStatus;
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
@@ -34,18 +48,6 @@ import org.springframework.web.context.request.ServletRequestAttributes;
 import org.springframework.web.reactive.function.client.ClientRequest;
 import org.springframework.web.reactive.function.client.ClientResponse;
 import org.springframework.web.reactive.function.client.ExchangeFilterFunction;
-import reactor.core.CoreSubscriber;
-import reactor.core.publisher.BaseSubscriber;
-import reactor.core.publisher.Mono;
-import reactor.core.publisher.Operators;
-import reactor.test.StepVerifier;
-import reactor.util.context.Context;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.net.URI;
-import java.util.HashMap;
-import java.util.Map;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.entry;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebMvcSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebMvcSecurityConfigurationTests.java
index 37cac4700b..034933a5b5 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebMvcSecurityConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebMvcSecurityConfigurationTests.java
@@ -15,13 +15,11 @@
  */
 package org.springframework.security.config.annotation.web.configuration;
 
-import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.*;
-import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.*;
-
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -45,6 +43,10 @@ import org.springframework.web.context.WebApplicationContext;
 import org.springframework.web.servlet.ModelAndView;
 import org.springframework.web.servlet.config.annotation.EnableWebMvc;
 
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.model;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.view;
+
 /**
  * @author Rob Winch
  */
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurationTests.java
index d661a39575..1a86b00a1a 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurationTests.java
@@ -15,8 +15,14 @@
  */
 package org.springframework.security.config.annotation.web.configuration;
 
+import java.io.Serializable;
+import java.lang.reflect.Method;
+import java.lang.reflect.Modifier;
+import java.util.List;
+
 import org.junit.Rule;
 import org.junit.Test;
+
 import org.springframework.beans.factory.BeanCreationException;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
@@ -53,11 +59,6 @@ import org.springframework.util.ClassUtils;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RestController;
 
-import java.io.Serializable;
-import java.lang.reflect.Method;
-import java.lang.reflect.Modifier;
-import java.util.List;
-
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.catchThrowable;
 import static org.mockito.Mockito.mock;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/sec2377/Sec2377Tests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/sec2377/Sec2377Tests.java
index 246fffe71b..6475e99d16 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/sec2377/Sec2377Tests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/sec2377/Sec2377Tests.java
@@ -17,6 +17,7 @@ package org.springframework.security.config.annotation.web.configuration.sec2377
 
 import org.junit.Rule;
 import org.junit.Test;
+
 import org.springframework.context.ConfigurableApplicationContext;
 import org.springframework.security.config.annotation.web.configuration.sec2377.a.Sec2377AConfig;
 import org.springframework.security.config.annotation.web.configuration.sec2377.b.Sec2377BConfig;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AbstractConfigAttributeRequestMatcherRegistryTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AbstractConfigAttributeRequestMatcherRegistryTests.java
index 9f175cf52b..2795e62c79 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AbstractConfigAttributeRequestMatcherRegistryTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AbstractConfigAttributeRequestMatcherRegistryTests.java
@@ -16,8 +16,11 @@
 
 package org.springframework.security.config.annotation.web.configurers;
 
+import java.util.List;
+
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.http.HttpMethod;
 import org.springframework.security.access.AccessDecisionVoter;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
@@ -26,8 +29,6 @@ import org.springframework.security.web.util.matcher.RequestMatcher;
 
 import static org.assertj.core.api.Assertions.assertThat;
 
-import java.util.List;
-
 public class AbstractConfigAttributeRequestMatcherRegistryTests {
 
 	private ConcreteAbstractRequestMatcherMappingConfigurer registry;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AnonymousConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AnonymousConfigurerTests.java
index 93b035ce64..dc1d573eeb 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AnonymousConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AnonymousConfigurerTests.java
@@ -17,6 +17,7 @@ package org.springframework.security.config.annotation.web.configurers;
 
 import org.junit.Rule;
 import org.junit.Test;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ChannelSecurityConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ChannelSecurityConfigurerTests.java
index 64f867793c..4c0396030c 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ChannelSecurityConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ChannelSecurityConfigurerTests.java
@@ -18,6 +18,7 @@ package org.springframework.security.config.annotation.web.configurers;
 
 import org.junit.Rule;
 import org.junit.Test;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.security.config.annotation.ObjectPostProcessor;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CorsConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CorsConfigurerTests.java
index cdd731287e..0311831080 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CorsConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CorsConfigurerTests.java
@@ -16,9 +16,13 @@
 
 package org.springframework.security.config.annotation.web.configurers;
 
+import java.util.Arrays;
+import java.util.Collections;
+
 import com.google.common.net.HttpHeaders;
 import org.junit.Rule;
 import org.junit.Test;
+
 import org.springframework.beans.factory.BeanCreationException;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
@@ -38,9 +42,6 @@ import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
 import org.springframework.web.filter.CorsFilter;
 import org.springframework.web.servlet.config.annotation.EnableWebMvc;
 
-import java.util.Arrays;
-import java.util.Collections;
-
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.springframework.security.config.Customizer.withDefaults;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerNoWebMvcTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerNoWebMvcTests.java
index a7da0f3829..2c0107d82e 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerNoWebMvcTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerNoWebMvcTests.java
@@ -15,11 +15,9 @@
  */
 package org.springframework.security.config.annotation.web.configurers;
 
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.Mockito.mock;
-
 import org.junit.After;
 import org.junit.Test;
+
 import org.springframework.context.ConfigurableApplicationContext;
 import org.springframework.context.annotation.AnnotationConfigApplicationContext;
 import org.springframework.context.annotation.Bean;
@@ -27,10 +25,12 @@ import org.springframework.context.annotation.Primary;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
-
 import org.springframework.security.web.servlet.support.csrf.CsrfRequestDataValueProcessor;
 import org.springframework.web.servlet.support.RequestDataValueProcessor;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.Mockito.mock;
+
 /**
  * @author Rob Winch
  *
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerTests.java
index f7fb67a934..95f4585d44 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerTests.java
@@ -16,8 +16,14 @@
 
 package org.springframework.security.config.annotation.web.configurers;
 
+import java.net.URI;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
 import org.junit.Rule;
 import org.junit.Test;
+
 import org.springframework.beans.factory.BeanCreationException;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
@@ -45,10 +51,6 @@ import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RestController;
 import org.springframework.web.servlet.support.RequestDataValueProcessor;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.net.URI;
-
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.mockito.ArgumentMatchers.any;
@@ -62,7 +64,14 @@ import static org.springframework.security.test.web.servlet.request.SecurityMock
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.user;
 import static org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.authenticated;
 import static org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.unauthenticated;
-import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.*;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.delete;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.head;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.options;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.patch;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.put;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.request;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.redirectedUrl;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/DefaultFiltersTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/DefaultFiltersTests.java
index 8a2ca92a2a..11dbcd26a1 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/DefaultFiltersTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/DefaultFiltersTests.java
@@ -18,6 +18,7 @@ package org.springframework.security.config.annotation.web.configurers;
 import java.io.IOException;
 import java.util.List;
 import java.util.stream.Collectors;
+
 import javax.servlet.Filter;
 import javax.servlet.ServletException;
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/DefaultLoginPageConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/DefaultLoginPageConfigurerTests.java
index 16df77bbd5..43e409ec30 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/DefaultLoginPageConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/DefaultLoginPageConfigurerTests.java
@@ -18,6 +18,7 @@ package org.springframework.security.config.annotation.web.configurers;
 
 import org.junit.Rule;
 import org.junit.Test;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.mock.web.MockHttpSession;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurerTests.java
index a052ff016b..c7a7a352b9 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurerTests.java
@@ -16,8 +16,12 @@
 
 package org.springframework.security.config.annotation.web.configurers;
 
+import java.io.Serializable;
+import java.util.Collections;
+
 import org.junit.Rule;
 import org.junit.Test;
+
 import org.springframework.beans.factory.BeanCreationException;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.ApplicationListener;
@@ -52,9 +56,6 @@ import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RestController;
 
-import java.io.Serializable;
-import java.util.Collections;
-
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.mock;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/FormLoginConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/FormLoginConfigurerTests.java
index 4eb2835e9a..7d3592b5a5 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/FormLoginConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/FormLoginConfigurerTests.java
@@ -18,6 +18,7 @@ package org.springframework.security.config.annotation.web.configurers;
 
 import org.junit.Rule;
 import org.junit.Test;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.security.config.annotation.ObjectPostProcessor;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerEagerHeadersTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerEagerHeadersTests.java
index 874d2f889d..908c61fecd 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerEagerHeadersTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerEagerHeadersTests.java
@@ -18,6 +18,7 @@ package org.springframework.security.config.annotation.web.configurers;
 
 import org.junit.Rule;
 import org.junit.Test;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.config.annotation.ObjectPostProcessor;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
@@ -27,7 +28,9 @@ import org.springframework.security.config.test.SpringTestRule;
 import org.springframework.security.web.header.HeaderWriterFilter;
 import org.springframework.test.web.servlet.MockMvc;
 
-import static org.springframework.http.HttpHeaders.*;
+import static org.springframework.http.HttpHeaders.CACHE_CONTROL;
+import static org.springframework.http.HttpHeaders.EXPIRES;
+import static org.springframework.http.HttpHeaders.PRAGMA;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.header;
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerTests.java
index 6f2fd87029..b5e0df70fe 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerTests.java
@@ -16,9 +16,14 @@
 
 package org.springframework.security.config.annotation.web.configurers;
 
+import java.net.URI;
+import java.util.LinkedHashMap;
+import java.util.Map;
+
 import com.google.common.net.HttpHeaders;
 import org.junit.Rule;
 import org.junit.Test;
+
 import org.springframework.beans.factory.BeanCreationException;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
@@ -30,10 +35,6 @@ import org.springframework.security.web.header.writers.frameoptions.XFrameOption
 import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.test.web.servlet.MvcResult;
 
-import java.net.URI;
-import java.util.LinkedHashMap;
-import java.util.Map;
-
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.springframework.security.config.Customizer.withDefaults;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpBasicConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpBasicConfigurerTests.java
index 4a6fc362e7..bdd59a323d 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpBasicConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpBasicConfigurerTests.java
@@ -16,8 +16,12 @@
 
 package org.springframework.security.config.annotation.web.configurers;
 
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
 import org.junit.Rule;
 import org.junit.Test;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -35,14 +39,16 @@ import org.springframework.security.web.AuthenticationEntryPoint;
 import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
 import org.springframework.test.web.servlet.MockMvc;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import static org.mockito.Mockito.*;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.spy;
+import static org.mockito.Mockito.verify;
 import static org.springframework.security.config.Customizer.withDefaults;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.httpBasic;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
-import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.*;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.cookie;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.header;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
 
 /**
  * Tests for {@link HttpBasicConfigurer}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityAntMatchersTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityAntMatchersTests.java
index 4937f4edb3..0f19e4ebda 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityAntMatchersTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityAntMatchersTests.java
@@ -15,13 +15,12 @@
  */
 package org.springframework.security.config.annotation.web.configurers;
 
-import static org.assertj.core.api.Assertions.assertThat;
-
 import javax.servlet.http.HttpServletResponse;
 
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.http.HttpMethod;
@@ -35,6 +34,8 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
 import org.springframework.security.web.FilterChainProxy;
 import org.springframework.web.context.support.AnnotationConfigWebApplicationContext;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 /**
  * @author Rob Winch
  *
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityLogoutTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityLogoutTests.java
index c4b585ed8b..3914fccdf2 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityLogoutTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityLogoutTests.java
@@ -15,11 +15,10 @@
  */
 package org.springframework.security.config.annotation.web.configurers;
 
-import static org.assertj.core.api.Assertions.assertThat;
-
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.mock.web.MockFilterChain;
@@ -36,6 +35,8 @@ import org.springframework.security.web.FilterChainProxy;
 import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
 import org.springframework.web.context.support.AnnotationConfigWebApplicationContext;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 /**
  * @author Rob Winch
  *
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/Issue55Tests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/Issue55Tests.java
index c8fd168420..f86448bf5d 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/Issue55Tests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/Issue55Tests.java
@@ -17,6 +17,7 @@ package org.springframework.security.config.annotation.web.configurers;
 
 import java.lang.reflect.InvocationTargetException;
 import java.util.List;
+
 import javax.servlet.Filter;
 
 import org.junit.Rule;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/JeeConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/JeeConfigurerTests.java
index cb2165b31c..e70283bb82 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/JeeConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/JeeConfigurerTests.java
@@ -16,8 +16,11 @@
 
 package org.springframework.security.config.annotation.web.configurers;
 
+import java.security.Principal;
+
 import org.junit.Rule;
 import org.junit.Test;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.security.config.annotation.ObjectPostProcessor;
@@ -32,8 +35,6 @@ import org.springframework.security.web.authentication.preauth.j2ee.J2eeBasedPre
 import org.springframework.security.web.authentication.preauth.j2ee.J2eePreAuthenticatedProcessingFilter;
 import org.springframework.test.web.servlet.MockMvc;
 
-import java.security.Principal;
-
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.spy;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurerTests.java
index 65659ac6ac..6e1669710b 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurerTests.java
@@ -19,6 +19,7 @@ package org.springframework.security.config.annotation.web.configurers;
 import org.apache.http.HttpHeaders;
 import org.junit.Rule;
 import org.junit.Test;
+
 import org.springframework.beans.factory.BeanCreationException;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpCustomFilterTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpCustomFilterTests.java
index da9f49f256..96ef9f0c24 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpCustomFilterTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpCustomFilterTests.java
@@ -18,6 +18,7 @@ package org.springframework.security.config.annotation.web.configurers;
 import java.io.IOException;
 import java.util.List;
 import java.util.stream.Collectors;
+
 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpLogoutTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpLogoutTests.java
index 7471627b31..b49dcbf949 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpLogoutTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpLogoutTests.java
@@ -18,6 +18,7 @@ package org.springframework.security.config.annotation.web.configurers;
 import java.util.Objects;
 import java.util.Optional;
 import java.util.function.Predicate;
+
 import javax.servlet.http.HttpSession;
 
 import org.assertj.core.api.Condition;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpOpenIDLoginTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpOpenIDLoginTests.java
index 1a0e881dc9..1142c5d8f5 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpOpenIDLoginTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpOpenIDLoginTests.java
@@ -17,6 +17,7 @@ package org.springframework.security.config.annotation.web.configurers;
 
 import java.util.Arrays;
 import java.util.List;
+
 import javax.servlet.http.HttpServletRequest;
 
 import okhttp3.mockwebserver.MockResponse;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpX509Tests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpX509Tests.java
index 38276373ad..118e205906 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpX509Tests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpX509Tests.java
@@ -19,6 +19,7 @@ import java.io.InputStream;
 import java.security.cert.Certificate;
 import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
+
 import javax.servlet.http.HttpServletRequest;
 
 import org.junit.Rule;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceSessionManagementTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceSessionManagementTests.java
index 105d370ec9..d3451fee3f 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceSessionManagementTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceSessionManagementTests.java
@@ -19,6 +19,7 @@ import java.security.Principal;
 import java.util.ArrayList;
 import java.util.Date;
 import java.util.List;
+
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/PortMapperConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/PortMapperConfigurerTests.java
index 0d1519882d..fadb69cbbe 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/PortMapperConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/PortMapperConfigurerTests.java
@@ -15,8 +15,11 @@
  */
 package org.springframework.security.config.annotation.web.configurers;
 
+import java.util.Collections;
+
 import org.junit.Rule;
 import org.junit.Test;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
@@ -25,8 +28,6 @@ import org.springframework.security.config.test.SpringTestRule;
 import org.springframework.security.web.PortMapperImpl;
 import org.springframework.test.web.servlet.MockMvc;
 
-import java.util.Collections;
-
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.redirectedUrl;
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurerTests.java
index e3ea0b15ea..086fb317e3 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurerTests.java
@@ -16,8 +16,14 @@
 
 package org.springframework.security.config.annotation.web.configurers;
 
+import java.util.Collections;
+
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpSession;
+
 import org.junit.Rule;
 import org.junit.Test;
+
 import org.springframework.beans.factory.BeanCreationException;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
@@ -40,10 +46,6 @@ import org.springframework.security.web.authentication.rememberme.TokenBasedReme
 import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.test.web.servlet.MvcResult;
 
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpSession;
-import java.util.Collections;
-
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.mockito.ArgumentMatchers.any;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestCacheConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestCacheConfigurerTests.java
index 6e8c4b0ac4..9bb76f55b1 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestCacheConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestCacheConfigurerTests.java
@@ -47,8 +47,8 @@ import static org.mockito.Mockito.verify;
 import static org.springframework.security.config.Customizer.withDefaults;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
-import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.multipart;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.redirectedUrl;
 
 /**
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestMatcherConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestMatcherConfigurerTests.java
index 9ebf93e7bc..ae744a06f5 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestMatcherConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestMatcherConfigurerTests.java
@@ -18,6 +18,7 @@ package org.springframework.security.config.annotation.web.configurers;
 
 import org.junit.Rule;
 import org.junit.Test;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SecurityContextConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SecurityContextConfigurerTests.java
index 1c40d63e70..2bfd5fda47 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SecurityContextConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SecurityContextConfigurerTests.java
@@ -16,8 +16,11 @@
 
 package org.springframework.security.config.annotation.web.configurers;
 
+import javax.servlet.http.HttpSession;
+
 import org.junit.Rule;
 import org.junit.Test;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -37,10 +40,12 @@ import org.springframework.security.web.context.request.async.WebAsyncManagerInt
 import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.test.web.servlet.MvcResult;
 
-import javax.servlet.http.HttpSession;
-
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.Mockito.*;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.spy;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
 import static org.springframework.security.config.Customizer.withDefaults;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.formLogin;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ServletApiConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ServletApiConfigurerTests.java
index 17ac88b691..b94cbdf0eb 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ServletApiConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ServletApiConfigurerTests.java
@@ -18,8 +18,14 @@ package org.springframework.security.config.annotation.web.configurers;
 
 import java.util.List;
 
+import javax.servlet.Filter;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
 import org.junit.Rule;
 import org.junit.Test;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -51,11 +57,6 @@ import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RestController;
 import org.springframework.web.context.ConfigurableWebApplicationContext;
 
-import javax.servlet.Filter;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.atLeastOnce;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerServlet31Tests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerServlet31Tests.java
index 78ff856f7a..78f60d461e 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerServlet31Tests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerServlet31Tests.java
@@ -16,6 +16,7 @@
 package org.springframework.security.config.annotation.web.configurers;
 
 import java.lang.reflect.Method;
+
 import javax.servlet.Filter;
 
 import org.junit.After;
@@ -43,7 +44,7 @@ import org.springframework.security.web.context.HttpSessionSecurityContextReposi
 import org.springframework.security.web.csrf.CsrfToken;
 import org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository;
 
-import static org.assertj.core.api.AssertionsForInterfaceTypes.assertThat;
+import static org.assertj.core.api.AssertionsForClassTypes.assertThat;
 
 /**
  * @author Rob Winch
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerSessionAuthenticationStrategyTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerSessionAuthenticationStrategyTests.java
index 061505129b..20e770ce7f 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerSessionAuthenticationStrategyTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerSessionAuthenticationStrategyTests.java
@@ -15,8 +15,12 @@
  */
 package org.springframework.security.config.annotation.web.configurers;
 
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
 import org.junit.Rule;
 import org.junit.Test;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
@@ -28,9 +32,6 @@ import org.springframework.security.core.userdetails.PasswordEncodedUser;
 import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
 import org.springframework.test.web.servlet.MockMvc;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTests.java
index f7521d3d5f..8ce913f6b3 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTests.java
@@ -16,8 +16,13 @@
 
 package org.springframework.security.config.annotation.web.configurers;
 
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
 import org.junit.Rule;
 import org.junit.Test;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.mock.web.MockHttpSession;
@@ -45,10 +50,6 @@ import org.springframework.security.web.session.SessionManagementFilter;
 import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.test.web.servlet.MvcResult;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
-
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.mock;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationsTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationsTests.java
index df1c22b3a5..f0b8d56e78 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationsTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationsTests.java
@@ -16,6 +16,7 @@
 package org.springframework.security.config.annotation.web.configurers;
 
 import java.util.List;
+
 import javax.servlet.Filter;
 
 import org.junit.Rule;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/X509ConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/X509ConfigurerTests.java
index ab975fc38b..20d4245cd8 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/X509ConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/X509ConfigurerTests.java
@@ -16,8 +16,14 @@
 
 package org.springframework.security.config.annotation.web.configurers;
 
+import java.io.InputStream;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+
 import org.junit.Rule;
 import org.junit.Test;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.core.io.ClassPathResource;
@@ -30,11 +36,6 @@ import org.springframework.security.config.test.SpringTestRule;
 import org.springframework.security.web.authentication.preauth.x509.X509AuthenticationFilter;
 import org.springframework.test.web.servlet.MockMvc;
 
-import java.io.InputStream;
-import java.security.cert.Certificate;
-import java.security.cert.CertificateFactory;
-import java.security.cert.X509Certificate;
-
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.spy;
 import static org.mockito.Mockito.verify;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerTests.java
index 02e001c1ae..f7e3689a68 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerTests.java
@@ -15,9 +15,16 @@
  */
 package org.springframework.security.config.annotation.web.configurers.oauth2.client;
 
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
 import org.junit.Before;
 import org.junit.Rule;
 import org.junit.Test;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.mock.web.MockHttpServletRequest;
@@ -57,13 +64,11 @@ import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RestController;
 import org.springframework.web.servlet.config.annotation.EnableWebMvc;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.util.HashMap;
-import java.util.Map;
-
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.Mockito.*;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
 import static org.springframework.security.config.Customizer.withDefaults;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.authentication;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.user;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java
index 8c345e5c35..e275c1c350 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java
@@ -31,6 +31,7 @@ import java.util.Collections;
 import java.util.HashMap;
 import java.util.Map;
 import java.util.stream.Collectors;
+
 import javax.annotation.PreDestroy;
 
 import com.nimbusds.jose.JWSAlgorithm;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurerTests.java
index 3774aacf8d..ab6ff70dd8 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurerTests.java
@@ -16,6 +16,8 @@
 
 package org.springframework.security.config.annotation.web.configurers.openid;
 
+import java.util.List;
+
 import okhttp3.mockwebserver.MockResponse;
 import okhttp3.mockwebserver.MockWebServer;
 import org.junit.Rule;
@@ -23,6 +25,7 @@ import org.junit.Test;
 import org.openid4java.consumer.ConsumerManager;
 import org.openid4java.discovery.DiscoveryInformation;
 import org.openid4java.message.AuthRequest;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.security.config.annotation.ObjectPostProcessor;
@@ -37,8 +40,6 @@ import org.springframework.security.openid.OpenIDAuthenticationProvider;
 import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.test.web.servlet.MvcResult;
 
-import java.util.List;
-
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyBoolean;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurerTests.java
index 18b9e86c4e..de8bd7924c 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurerTests.java
@@ -26,6 +26,7 @@ import java.util.Collection;
 import java.util.Collections;
 import java.util.zip.Inflater;
 import java.util.zip.InflaterOutputStream;
+
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/TestSaml2Credentials.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/TestSaml2Credentials.java
index 4c47cf13fb..22ff7efd72 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/TestSaml2Credentials.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/TestSaml2Credentials.java
@@ -16,15 +16,15 @@
 
 package org.springframework.security.config.annotation.web.configurers.saml2;
 
-import org.springframework.security.converter.RsaKeyConverters;
-import org.springframework.security.saml2.credentials.Saml2X509Credential;
-
 import java.io.ByteArrayInputStream;
 import java.nio.charset.StandardCharsets;
 import java.security.PrivateKey;
 import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
 
+import org.springframework.security.converter.RsaKeyConverters;
+import org.springframework.security.saml2.credentials.Saml2X509Credential;
+
 import static org.springframework.security.saml2.credentials.Saml2X509Credential.Saml2X509CredentialType.DECRYPTION;
 import static org.springframework.security.saml2.credentials.Saml2X509Credential.Saml2X509CredentialType.SIGNING;
 import static org.springframework.security.saml2.credentials.Saml2X509Credential.Saml2X509CredentialType.VERIFICATION;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistryTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistryTests.java
index 698da20bba..ebb58a950a 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistryTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistryTests.java
@@ -15,11 +15,14 @@
  */
 package org.springframework.security.config.annotation.web.messaging;
 
+import java.util.Collection;
+
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
+
 import org.springframework.messaging.Message;
 import org.springframework.messaging.simp.SimpMessageHeaderAccessor;
 import org.springframework.messaging.simp.SimpMessageType;
@@ -29,8 +32,6 @@ import org.springframework.security.messaging.access.intercept.MessageSecurityMe
 import org.springframework.security.messaging.util.matcher.MessageMatcher;
 import org.springframework.util.AntPathMatcher;
 
-import java.util.Collection;
-
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.Mockito.when;
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurityTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurityTests.java
index 7284955211..46b00019d2 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurityTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurityTests.java
@@ -16,9 +16,14 @@
 
 package org.springframework.security.config.annotation.web.reactive;
 
+import java.nio.charset.StandardCharsets;
+import java.security.Principal;
+
 import org.junit.Rule;
 import org.junit.Test;
 import org.junit.runner.RunWith;
+import reactor.core.publisher.Mono;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.ConfigurableApplicationContext;
 import org.springframework.context.annotation.Bean;
@@ -64,10 +69,6 @@ import org.springframework.web.reactive.config.DelegatingWebFluxConfiguration;
 import org.springframework.web.reactive.config.EnableWebFlux;
 import org.springframework.web.reactive.function.BodyInserters;
 import org.springframework.web.reactive.result.view.AbstractView;
-import reactor.core.publisher.Mono;
-
-import java.nio.charset.StandardCharsets;
-import java.security.Principal;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.csrf;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfigurationTests.java
index ae65f87f05..4a7c033ea2 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfigurationTests.java
@@ -18,6 +18,7 @@ package org.springframework.security.config.annotation.web.reactive;
 
 import org.junit.Rule;
 import org.junit.Test;
+
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.test.SpringTestRule;
 import org.springframework.security.config.users.ReactiveAuthenticationTestConfiguration;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/reactive/WebFluxSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/reactive/WebFluxSecurityConfigurationTests.java
index 1b05578dbe..fed6517951 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/reactive/WebFluxSecurityConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/reactive/WebFluxSecurityConfigurationTests.java
@@ -18,6 +18,7 @@ package org.springframework.security.config.annotation.web.reactive;
 
 import org.junit.Rule;
 import org.junit.Test;
+
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.test.SpringTestRule;
 import org.springframework.security.config.users.ReactiveAuthenticationTestConfiguration;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerDocTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerDocTests.java
index fa82ac7ebe..9069f21133 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerDocTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerDocTests.java
@@ -15,9 +15,12 @@
  */
 package org.springframework.security.config.annotation.web.socket;
 
+import java.util.HashMap;
+
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.messaging.Message;
@@ -25,8 +28,6 @@ import org.springframework.messaging.MessageChannel;
 import org.springframework.messaging.MessageDeliveryException;
 import org.springframework.messaging.handler.annotation.MessageMapping;
 import org.springframework.messaging.simp.SimpMessageHeaderAccessor;
-import static org.springframework.messaging.simp.SimpMessageType.*;
-
 import org.springframework.messaging.simp.SimpMessageType;
 import org.springframework.messaging.simp.config.MessageBrokerRegistry;
 import org.springframework.messaging.support.GenericMessage;
@@ -43,10 +44,10 @@ import org.springframework.web.socket.config.annotation.AbstractWebSocketMessage
 import org.springframework.web.socket.config.annotation.EnableWebSocketMessageBroker;
 import org.springframework.web.socket.config.annotation.StompEndpointRegistry;
 
-import java.util.HashMap;
-
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.fail;
+import static org.springframework.messaging.simp.SimpMessageType.MESSAGE;
+import static org.springframework.messaging.simp.SimpMessageType.SUBSCRIBE;
 
 public class AbstractSecurityWebSocketMessageBrokerConfigurerDocTests {
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerTests.java
index 00b04811c5..73217c0a3b 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerTests.java
@@ -15,9 +15,6 @@
  */
 package org.springframework.security.config.annotation.web.socket;
 
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.fail;
-
 import java.util.HashMap;
 import java.util.Map;
 
@@ -26,6 +23,7 @@ import javax.servlet.http.HttpServletRequest;
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.ApplicationContext;
 import org.springframework.context.annotation.Bean;
@@ -78,6 +76,9 @@ import org.springframework.web.socket.server.support.HttpSessionHandshakeInterce
 import org.springframework.web.socket.sockjs.transport.handler.SockJsWebSocketHandler;
 import org.springframework.web.socket.sockjs.transport.session.WebSocketServerSockJsSession;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.fail;
+
 public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
 
 	AnnotationConfigWebApplicationContext context;
diff --git a/config/src/test/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParserTests.java
index e82840ad2c..70269a4ffb 100644
--- a/config/src/test/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParserTests.java
@@ -15,8 +15,12 @@
  */
 package org.springframework.security.config.authentication;
 
+import java.util.ArrayList;
+import java.util.List;
+
 import org.junit.Rule;
 import org.junit.Test;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.ApplicationListener;
 import org.springframework.context.ConfigurableApplicationContext;
@@ -29,9 +33,6 @@ import org.springframework.security.config.test.SpringTestRule;
 import org.springframework.security.util.FieldUtils;
 import org.springframework.test.web.servlet.MockMvc;
 
-import java.util.ArrayList;
-import java.util.List;
-
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.httpBasic;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
diff --git a/config/src/test/java/org/springframework/security/config/authentication/AuthenticationProviderBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/authentication/AuthenticationProviderBeanDefinitionParserTests.java
index cfd024341a..b90ce679d7 100644
--- a/config/src/test/java/org/springframework/security/config/authentication/AuthenticationProviderBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/authentication/AuthenticationProviderBeanDefinitionParserTests.java
@@ -15,6 +15,13 @@
  */
 package org.springframework.security.config.authentication;
 
+import java.util.List;
+
+import org.junit.After;
+import org.junit.Test;
+
+import org.springframework.beans.factory.parsing.BeanDefinitionParsingException;
+import org.springframework.context.support.AbstractXmlApplicationContext;
 import org.springframework.security.authentication.AuthenticationProvider;
 import org.springframework.security.authentication.ProviderManager;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
@@ -22,13 +29,6 @@ import org.springframework.security.config.BeanIds;
 import org.springframework.security.config.util.InMemoryXmlApplicationContext;
 import org.springframework.security.crypto.password.LdapShaPasswordEncoder;
 import org.springframework.security.crypto.password.MessageDigestPasswordEncoder;
-import org.springframework.beans.factory.parsing.BeanDefinitionParsingException;
-import org.springframework.context.support.AbstractXmlApplicationContext;
-
-import org.junit.Test;
-import org.junit.After;
-
-import java.util.List;
 
 /**
  * Tests for {@link AuthenticationProviderBeanDefinitionParser}.
diff --git a/config/src/test/java/org/springframework/security/config/authentication/JdbcUserServiceBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/authentication/JdbcUserServiceBeanDefinitionParserTests.java
index 30e9cbd29b..5248bd9f32 100644
--- a/config/src/test/java/org/springframework/security/config/authentication/JdbcUserServiceBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/authentication/JdbcUserServiceBeanDefinitionParserTests.java
@@ -17,10 +17,10 @@ package org.springframework.security.config.authentication;
 
 import org.junit.After;
 import org.junit.Test;
-import org.springframework.security.authentication.CachingUserDetailsService;
 import org.w3c.dom.Element;
 
 import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.authentication.CachingUserDetailsService;
 import org.springframework.security.authentication.ProviderManager;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
diff --git a/config/src/test/java/org/springframework/security/config/authentication/PasswordEncoderParserTests.java b/config/src/test/java/org/springframework/security/config/authentication/PasswordEncoderParserTests.java
index fb4c1412d7..226f633822 100644
--- a/config/src/test/java/org/springframework/security/config/authentication/PasswordEncoderParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/authentication/PasswordEncoderParserTests.java
@@ -18,6 +18,7 @@ package org.springframework.security.config.authentication;
 
 import org.junit.Rule;
 import org.junit.Test;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.config.test.SpringTestRule;
 import org.springframework.test.web.servlet.MockMvc;
diff --git a/config/src/test/java/org/springframework/security/config/authentication/UserServiceBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/authentication/UserServiceBeanDefinitionParserTests.java
index 1ad00ea422..f4fa4a70a9 100644
--- a/config/src/test/java/org/springframework/security/config/authentication/UserServiceBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/authentication/UserServiceBeanDefinitionParserTests.java
@@ -15,16 +15,16 @@
  */
 package org.springframework.security.config.authentication;
 
-import static org.assertj.core.api.Assertions.*;
+import org.junit.After;
+import org.junit.Test;
 
+import org.springframework.beans.FatalBeanException;
+import org.springframework.context.support.AbstractXmlApplicationContext;
 import org.springframework.security.config.util.InMemoryXmlApplicationContext;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
-import org.springframework.context.support.AbstractXmlApplicationContext;
-import org.springframework.beans.FatalBeanException;
 
-import org.junit.Test;
-import org.junit.After;
+import static org.assertj.core.api.Assertions.assertThat;
 
 /**
  * @author Luke Taylor
diff --git a/config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsJcTests.java b/config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsJcTests.java
index 43b26c9b88..e7cbe00575 100644
--- a/config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsJcTests.java
+++ b/config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsJcTests.java
@@ -27,6 +27,7 @@ import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
diff --git a/config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsXmlTests.java b/config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsXmlTests.java
index 743c19620f..ace553d52d 100644
--- a/config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsXmlTests.java
+++ b/config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsXmlTests.java
@@ -27,6 +27,7 @@ import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.mock.web.MockFilterChain;
 import org.springframework.mock.web.MockHttpServletRequest;
diff --git a/config/src/test/java/org/springframework/security/config/core/userdetails/ReactiveUserDetailsServiceResourceFactoryBeanPropertiesResourceITests.java b/config/src/test/java/org/springframework/security/config/core/userdetails/ReactiveUserDetailsServiceResourceFactoryBeanPropertiesResourceITests.java
index df43e2fdb1..a400358fd6 100644
--- a/config/src/test/java/org/springframework/security/config/core/userdetails/ReactiveUserDetailsServiceResourceFactoryBeanPropertiesResourceITests.java
+++ b/config/src/test/java/org/springframework/security/config/core/userdetails/ReactiveUserDetailsServiceResourceFactoryBeanPropertiesResourceITests.java
@@ -18,6 +18,7 @@ package org.springframework.security.config.core.userdetails;
 
 import org.junit.Test;
 import org.junit.runner.RunWith;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -25,7 +26,7 @@ import org.springframework.security.core.userdetails.ReactiveUserDetailsService;
 import org.springframework.security.util.InMemoryResource;
 import org.springframework.test.context.junit4.SpringRunner;
 
-import static org.assertj.core.api.AssertionsForInterfaceTypes.assertThat;
+import static org.assertj.core.api.AssertionsForClassTypes.assertThat;
 
 /**
  * @author Rob Winch
diff --git a/config/src/test/java/org/springframework/security/config/core/userdetails/ReactiveUserDetailsServiceResourceFactoryBeanPropertiesResourceLocationITests.java b/config/src/test/java/org/springframework/security/config/core/userdetails/ReactiveUserDetailsServiceResourceFactoryBeanPropertiesResourceLocationITests.java
index 92e530929f..01e2975e09 100644
--- a/config/src/test/java/org/springframework/security/config/core/userdetails/ReactiveUserDetailsServiceResourceFactoryBeanPropertiesResourceLocationITests.java
+++ b/config/src/test/java/org/springframework/security/config/core/userdetails/ReactiveUserDetailsServiceResourceFactoryBeanPropertiesResourceLocationITests.java
@@ -18,13 +18,14 @@ package org.springframework.security.config.core.userdetails;
 
 import org.junit.Test;
 import org.junit.runner.RunWith;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.core.userdetails.ReactiveUserDetailsService;
 import org.springframework.test.context.junit4.SpringRunner;
 
-import static org.assertj.core.api.AssertionsForInterfaceTypes.assertThat;
+import static org.assertj.core.api.AssertionsForClassTypes.assertThat;
 
 /**
  * @author Rob Winch
diff --git a/config/src/test/java/org/springframework/security/config/core/userdetails/ReactiveUserDetailsServiceResourceFactoryBeanStringITests.java b/config/src/test/java/org/springframework/security/config/core/userdetails/ReactiveUserDetailsServiceResourceFactoryBeanStringITests.java
index 27c95b980c..d81b5bdea3 100644
--- a/config/src/test/java/org/springframework/security/config/core/userdetails/ReactiveUserDetailsServiceResourceFactoryBeanStringITests.java
+++ b/config/src/test/java/org/springframework/security/config/core/userdetails/ReactiveUserDetailsServiceResourceFactoryBeanStringITests.java
@@ -18,13 +18,14 @@ package org.springframework.security.config.core.userdetails;
 
 import org.junit.Test;
 import org.junit.runner.RunWith;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.core.userdetails.ReactiveUserDetailsService;
 import org.springframework.test.context.junit4.SpringRunner;
 
-import static org.assertj.core.api.AssertionsForInterfaceTypes.assertThat;
+import static org.assertj.core.api.AssertionsForClassTypes.assertThat;
 
 /**
  * @author Rob Winch
diff --git a/config/src/test/java/org/springframework/security/config/core/userdetails/UserDetailsResourceFactoryBeanTests.java b/config/src/test/java/org/springframework/security/config/core/userdetails/UserDetailsResourceFactoryBeanTests.java
index 574ed3af76..5e76b25291 100644
--- a/config/src/test/java/org/springframework/security/config/core/userdetails/UserDetailsResourceFactoryBeanTests.java
+++ b/config/src/test/java/org/springframework/security/config/core/userdetails/UserDetailsResourceFactoryBeanTests.java
@@ -16,17 +16,18 @@
 
 package org.springframework.security.config.core.userdetails;
 
+import java.util.Collection;
+
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
+
 import org.springframework.core.io.ResourceLoader;
 import org.springframework.security.core.userdetails.User;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.util.InMemoryResource;
 
-import java.util.Collection;
-
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.AssertionsForClassTypes.assertThatThrownBy;
 
diff --git a/config/src/test/java/org/springframework/security/config/debug/SecurityDebugBeanFactoryPostProcessorTests.java b/config/src/test/java/org/springframework/security/config/debug/SecurityDebugBeanFactoryPostProcessorTests.java
index 83626cea07..d3bd58daaa 100644
--- a/config/src/test/java/org/springframework/security/config/debug/SecurityDebugBeanFactoryPostProcessorTests.java
+++ b/config/src/test/java/org/springframework/security/config/debug/SecurityDebugBeanFactoryPostProcessorTests.java
@@ -17,6 +17,7 @@ package org.springframework.security.config.debug;
 
 import org.junit.Rule;
 import org.junit.Test;
+
 import org.springframework.security.config.test.SpringTestRule;
 import org.springframework.security.web.FilterChainProxy;
 import org.springframework.security.web.debug.DebugFilter;
diff --git a/config/src/test/java/org/springframework/security/config/doc/SpringSecurityXsdParser.java b/config/src/test/java/org/springframework/security/config/doc/SpringSecurityXsdParser.java
index c2b8d88445..cc690fb088 100644
--- a/config/src/test/java/org/springframework/security/config/doc/SpringSecurityXsdParser.java
+++ b/config/src/test/java/org/springframework/security/config/doc/SpringSecurityXsdParser.java
@@ -15,11 +15,16 @@
  */
 package org.springframework.security.config.doc;
 
-import org.springframework.util.StringUtils;
-
-import java.util.*;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.HashMap;
+import java.util.LinkedHashSet;
+import java.util.Map;
+import java.util.Set;
 import java.util.stream.Stream;
 
+import org.springframework.util.StringUtils;
+
 /**
  * Parses the Spring Security Xsd Document
  *
diff --git a/config/src/test/java/org/springframework/security/config/doc/XmlNode.java b/config/src/test/java/org/springframework/security/config/doc/XmlNode.java
index fceb0e4a8b..4144327920 100644
--- a/config/src/test/java/org/springframework/security/config/doc/XmlNode.java
+++ b/config/src/test/java/org/springframework/security/config/doc/XmlNode.java
@@ -15,13 +15,13 @@
  */
 package org.springframework.security.config.doc;
 
-import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
-
 import java.util.Optional;
 import java.util.stream.IntStream;
 import java.util.stream.Stream;
 
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+
 /**
  * @author Josh Cummings
  */
diff --git a/config/src/test/java/org/springframework/security/config/doc/XmlParser.java b/config/src/test/java/org/springframework/security/config/doc/XmlParser.java
index 39a93014cb..bcc90a63b9 100644
--- a/config/src/test/java/org/springframework/security/config/doc/XmlParser.java
+++ b/config/src/test/java/org/springframework/security/config/doc/XmlParser.java
@@ -15,13 +15,14 @@
  */
 package org.springframework.security.config.doc;
 
-import org.xml.sax.SAXException;
+import java.io.IOException;
+import java.io.InputStream;
 
 import javax.xml.parsers.DocumentBuilder;
 import javax.xml.parsers.DocumentBuilderFactory;
 import javax.xml.parsers.ParserConfigurationException;
-import java.io.IOException;
-import java.io.InputStream;
+
+import org.xml.sax.SAXException;
 
 /**
  * @author Josh Cummings
diff --git a/config/src/test/java/org/springframework/security/config/doc/XmlSupport.java b/config/src/test/java/org/springframework/security/config/doc/XmlSupport.java
index fdff20279c..d9753b9bb3 100644
--- a/config/src/test/java/org/springframework/security/config/doc/XmlSupport.java
+++ b/config/src/test/java/org/springframework/security/config/doc/XmlSupport.java
@@ -15,11 +15,11 @@
  */
 package org.springframework.security.config.doc;
 
-import org.springframework.core.io.ClassPathResource;
-
 import java.io.IOException;
 import java.util.Map;
 
+import org.springframework.core.io.ClassPathResource;
+
 /**
  * Support for ensuring preparing the givens in {@link XsdDocumentedTests}
  *
diff --git a/config/src/test/java/org/springframework/security/config/http/AccessDeniedConfigTests.java b/config/src/test/java/org/springframework/security/config/http/AccessDeniedConfigTests.java
index 0ee76380c5..5c6a615081 100644
--- a/config/src/test/java/org/springframework/security/config/http/AccessDeniedConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/AccessDeniedConfigTests.java
@@ -15,10 +15,14 @@
  */
 package org.springframework.security.config.http;
 
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
 import org.eclipse.jetty.http.HttpStatus;
 import org.junit.Rule;
 import org.junit.Test;
 import org.junit.runner.RunWith;
+
 import org.springframework.beans.factory.BeanCreationException;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.parsing.BeanDefinitionParsingException;
@@ -31,9 +35,6 @@ import org.springframework.security.web.access.AccessDeniedHandler;
 import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 import org.springframework.test.web.servlet.MockMvc;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
diff --git a/config/src/test/java/org/springframework/security/config/http/CsrfConfigTests.java b/config/src/test/java/org/springframework/security/config/http/CsrfConfigTests.java
index 2621e832ee..80788f7923 100644
--- a/config/src/test/java/org/springframework/security/config/http/CsrfConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/CsrfConfigTests.java
@@ -15,10 +15,18 @@
  */
 package org.springframework.security.config.http;
 
+import java.net.URI;
+import java.util.List;
+
+import javax.servlet.Filter;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
 import org.eclipse.jetty.http.HttpStatus;
 import org.junit.Rule;
 import org.junit.Test;
 import org.junit.runner.RunWith;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpMethod;
 import org.springframework.mock.web.MockHttpServletRequest;
@@ -46,12 +54,6 @@ import org.springframework.web.bind.annotation.ResponseBody;
 import org.springframework.web.context.WebApplicationContext;
 import org.springframework.web.servlet.support.RequestDataValueProcessor;
 
-import javax.servlet.Filter;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.net.URI;
-import java.util.List;
-
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.when;
diff --git a/config/src/test/java/org/springframework/security/config/http/DefaultFilterChainValidatorTests.java b/config/src/test/java/org/springframework/security/config/http/DefaultFilterChainValidatorTests.java
index 51b870b019..a2887488bf 100644
--- a/config/src/test/java/org/springframework/security/config/http/DefaultFilterChainValidatorTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/DefaultFilterChainValidatorTests.java
@@ -15,12 +15,6 @@
  */
 package org.springframework.security.config.http;
 
-import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.ArgumentMatchers.anyObject;
-import static org.mockito.Mockito.doThrow;
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.verify;
-
 import java.util.Collection;
 
 import org.apache.commons.logging.Log;
@@ -29,7 +23,7 @@ import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
-import org.springframework.test.util.ReflectionTestUtils;
+
 import org.springframework.security.access.AccessDecisionManager;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.web.AuthenticationEntryPoint;
@@ -42,6 +36,13 @@ import org.springframework.security.web.access.intercept.FilterSecurityIntercept
 import org.springframework.security.web.authentication.AnonymousAuthenticationFilter;
 import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
 import org.springframework.security.web.util.matcher.AnyRequestMatcher;
+import org.springframework.test.util.ReflectionTestUtils;
+
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.anyObject;
+import static org.mockito.Mockito.doThrow;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
 
 /**
  * @author Rob Winch
diff --git a/config/src/test/java/org/springframework/security/config/http/FilterSecurityMetadataSourceBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/http/FilterSecurityMetadataSourceBeanDefinitionParserTests.java
index 91124dd40a..0e64f64b7e 100644
--- a/config/src/test/java/org/springframework/security/config/http/FilterSecurityMetadataSourceBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/FilterSecurityMetadataSourceBeanDefinitionParserTests.java
@@ -15,8 +15,11 @@
  */
 package org.springframework.security.config.http;
 
+import java.util.Collection;
+
 import org.junit.After;
 import org.junit.Test;
+
 import org.springframework.beans.factory.parsing.BeanDefinitionParsingException;
 import org.springframework.context.support.AbstractXmlApplicationContext;
 import org.springframework.mock.web.MockFilterChain;
@@ -31,8 +34,6 @@ import org.springframework.security.web.FilterInvocation;
 import org.springframework.security.web.access.expression.ExpressionBasedFilterInvocationSecurityMetadataSource;
 import org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource;
 
-import java.util.Collection;
-
 import static org.assertj.core.api.Assertions.assertThat;
 
 /**
diff --git a/config/src/test/java/org/springframework/security/config/http/FormLoginBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/http/FormLoginBeanDefinitionParserTests.java
index f8e3f1ecdc..d36570f88e 100644
--- a/config/src/test/java/org/springframework/security/config/http/FormLoginBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/FormLoginBeanDefinitionParserTests.java
@@ -17,6 +17,7 @@ package org.springframework.security.config.http;
 
 import org.junit.Rule;
 import org.junit.Test;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.config.test.SpringTestRule;
 import org.springframework.security.web.WebAttributes;
diff --git a/config/src/test/java/org/springframework/security/config/http/FormLoginConfigTests.java b/config/src/test/java/org/springframework/security/config/http/FormLoginConfigTests.java
index 392632c023..190c0d66d7 100644
--- a/config/src/test/java/org/springframework/security/config/http/FormLoginConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/FormLoginConfigTests.java
@@ -15,8 +15,15 @@
  */
 package org.springframework.security.config.http;
 
+import java.util.List;
+
+import javax.servlet.Filter;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
 import org.junit.Rule;
 import org.junit.Test;
+
 import org.springframework.beans.factory.BeanCreationException;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.ApplicationContext;
@@ -33,11 +40,6 @@ import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RestController;
 
-import javax.servlet.Filter;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.util.List;
-
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf;
diff --git a/config/src/test/java/org/springframework/security/config/http/HttpConfigTests.java b/config/src/test/java/org/springframework/security/config/http/HttpConfigTests.java
index ff369f8a9b..2f9fcd22de 100644
--- a/config/src/test/java/org/springframework/security/config/http/HttpConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/HttpConfigTests.java
@@ -15,9 +15,13 @@
  */
 package org.springframework.security.config.http;
 
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpServletResponseWrapper;
+
 import org.apache.http.HttpStatus;
 import org.junit.Rule;
 import org.junit.Test;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
@@ -25,9 +29,6 @@ import org.springframework.security.config.test.SpringTestRule;
 import org.springframework.security.web.FilterChainProxy;
 import org.springframework.test.web.servlet.MockMvc;
 
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpServletResponseWrapper;
-
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.redirectedUrl;
diff --git a/config/src/test/java/org/springframework/security/config/http/HttpCorsConfigTests.java b/config/src/test/java/org/springframework/security/config/http/HttpCorsConfigTests.java
index c50130375b..6f0beba0a0 100644
--- a/config/src/test/java/org/springframework/security/config/http/HttpCorsConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/HttpCorsConfigTests.java
@@ -15,8 +15,11 @@
  */
 package org.springframework.security.config.http;
 
+import java.util.Arrays;
+
 import org.junit.Rule;
 import org.junit.Test;
+
 import org.springframework.beans.factory.BeanCreationException;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpHeaders;
@@ -32,8 +35,6 @@ import org.springframework.web.bind.annotation.RestController;
 import org.springframework.web.cors.CorsConfiguration;
 import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
 
-import java.util.Arrays;
-
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.options;
diff --git a/config/src/test/java/org/springframework/security/config/http/HttpHeadersConfigTests.java b/config/src/test/java/org/springframework/security/config/http/HttpHeadersConfigTests.java
index 9e582be23d..ad543ee1e3 100644
--- a/config/src/test/java/org/springframework/security/config/http/HttpHeadersConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/HttpHeadersConfigTests.java
@@ -15,9 +15,17 @@
  */
 package org.springframework.security.config.http;
 
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
+
 import com.google.common.collect.ImmutableMap;
 import org.junit.Rule;
 import org.junit.Test;
+
 import org.springframework.beans.factory.BeanCreationException;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.parsing.BeanDefinitionParsingException;
@@ -28,13 +36,6 @@ import org.springframework.test.web.servlet.ResultMatcher;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RestController;
 
-import java.util.Arrays;
-import java.util.Collection;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Map;
-import java.util.Set;
-
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.header;
diff --git a/config/src/test/java/org/springframework/security/config/http/HttpInterceptUrlTests.java b/config/src/test/java/org/springframework/security/config/http/HttpInterceptUrlTests.java
index 7befacbb8b..0c0dac1e0b 100644
--- a/config/src/test/java/org/springframework/security/config/http/HttpInterceptUrlTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/HttpInterceptUrlTests.java
@@ -15,13 +15,11 @@
  */
 package org.springframework.security.config.http;
 
-import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
-import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
-
 import javax.servlet.Filter;
 
 import org.junit.After;
 import org.junit.Test;
+
 import org.springframework.mock.web.MockServletContext;
 import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.test.web.servlet.setup.MockMvcBuilders;
@@ -30,6 +28,9 @@ import org.springframework.web.bind.annotation.RestController;
 import org.springframework.web.context.ConfigurableWebApplicationContext;
 import org.springframework.web.context.support.XmlWebApplicationContext;
 
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
+
 public class HttpInterceptUrlTests {
 
 	ConfigurableWebApplicationContext context;
diff --git a/config/src/test/java/org/springframework/security/config/http/InterceptUrlConfigTests.java b/config/src/test/java/org/springframework/security/config/http/InterceptUrlConfigTests.java
index 5a87300d60..9ebb140022 100644
--- a/config/src/test/java/org/springframework/security/config/http/InterceptUrlConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/InterceptUrlConfigTests.java
@@ -15,9 +15,15 @@
  */
 package org.springframework.security.config.http;
 
+import java.util.Collections;
+import java.util.Map;
+
+import javax.servlet.ServletRegistration;
+
 import org.junit.Rule;
 import org.junit.Test;
 import org.mockito.stubbing.Answer;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.parsing.BeanDefinitionParsingException;
 import org.springframework.mock.web.MockServletContext;
@@ -28,10 +34,6 @@ import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 import org.springframework.web.context.ConfigurableWebApplicationContext;
 
-import javax.servlet.ServletRegistration;
-import java.util.Collections;
-import java.util.Map;
-
 import static org.assertj.core.api.Assertions.assertThatCode;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.spy;
diff --git a/config/src/test/java/org/springframework/security/config/http/MiscHttpConfigTests.java b/config/src/test/java/org/springframework/security/config/http/MiscHttpConfigTests.java
index 0ae303e831..c8296bec2a 100644
--- a/config/src/test/java/org/springframework/security/config/http/MiscHttpConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/MiscHttpConfigTests.java
@@ -28,6 +28,7 @@ import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
 import java.util.stream.Collectors;
+
 import javax.security.auth.Subject;
 import javax.security.auth.callback.CallbackHandler;
 import javax.security.auth.spi.LoginModule;
diff --git a/config/src/test/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserTests.java
index 8054abe785..46f04f410f 100644
--- a/config/src/test/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserTests.java
@@ -15,10 +15,14 @@
  */
 package org.springframework.security.config.http;
 
+import java.util.HashMap;
+import java.util.Map;
+
 import org.junit.Rule;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.ArgumentCaptor;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.config.oauth2.client.CommonOAuth2Provider;
 import org.springframework.security.config.test.SpringTestRule;
@@ -47,9 +51,6 @@ import org.springframework.util.MultiValueMap;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RestController;
 
-import java.util.HashMap;
-import java.util.Map;
-
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.verify;
diff --git a/config/src/test/java/org/springframework/security/config/http/OAuth2LoginBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/http/OAuth2LoginBeanDefinitionParserTests.java
index 489c5d1761..7d23a7d0ea 100644
--- a/config/src/test/java/org/springframework/security/config/http/OAuth2LoginBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/OAuth2LoginBeanDefinitionParserTests.java
@@ -15,10 +15,15 @@
  */
 package org.springframework.security.config.http;
 
+import java.util.Collection;
+import java.util.HashMap;
+import java.util.Map;
+
 import org.junit.Rule;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.ArgumentCaptor;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.ApplicationListener;
 import org.springframework.http.MediaType;
@@ -68,10 +73,6 @@ import org.springframework.util.MultiValueMap;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RestController;
 
-import java.util.Collection;
-import java.util.HashMap;
-import java.util.Map;
-
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.times;
diff --git a/config/src/test/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParserTests.java
index 55affd3d0c..2617e5405e 100644
--- a/config/src/test/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParserTests.java
@@ -28,6 +28,7 @@ import java.util.List;
 import java.util.Map;
 import java.util.Properties;
 import java.util.stream.Collectors;
+
 import javax.servlet.http.HttpServletRequest;
 
 import com.nimbusds.jose.JWSAlgorithm;
diff --git a/config/src/test/java/org/springframework/security/config/http/OpenIDConfigTests.java b/config/src/test/java/org/springframework/security/config/http/OpenIDConfigTests.java
index 930a991a2a..f3021d088a 100644
--- a/config/src/test/java/org/springframework/security/config/http/OpenIDConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/OpenIDConfigTests.java
@@ -17,6 +17,7 @@ package org.springframework.security.config.http;
 
 import java.util.HashSet;
 import java.util.Set;
+
 import javax.servlet.Filter;
 import javax.servlet.http.HttpServletRequest;
 
diff --git a/config/src/test/java/org/springframework/security/config/http/PlaceHolderAndELConfigTests.java b/config/src/test/java/org/springframework/security/config/http/PlaceHolderAndELConfigTests.java
index b41595c926..075b93570c 100644
--- a/config/src/test/java/org/springframework/security/config/http/PlaceHolderAndELConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/PlaceHolderAndELConfigTests.java
@@ -18,6 +18,7 @@ package org.springframework.security.config.http;
 import org.junit.Rule;
 import org.junit.Test;
 import org.junit.runner.RunWith;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.config.test.SpringTestRule;
 import org.springframework.security.test.context.annotation.SecurityTestExecutionListeners;
diff --git a/config/src/test/java/org/springframework/security/config/http/RememberMeConfigTests.java b/config/src/test/java/org/springframework/security/config/http/RememberMeConfigTests.java
index 9cd61b0640..e8ce6a5904 100644
--- a/config/src/test/java/org/springframework/security/config/http/RememberMeConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/RememberMeConfigTests.java
@@ -16,6 +16,7 @@
 package org.springframework.security.config.http;
 
 import java.util.Collections;
+
 import javax.servlet.http.Cookie;
 
 import org.junit.Rule;
diff --git a/config/src/test/java/org/springframework/security/config/http/SecurityContextHolderAwareRequestConfigTests.java b/config/src/test/java/org/springframework/security/config/http/SecurityContextHolderAwareRequestConfigTests.java
index d64f331191..98d431415a 100644
--- a/config/src/test/java/org/springframework/security/config/http/SecurityContextHolderAwareRequestConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/SecurityContextHolderAwareRequestConfigTests.java
@@ -15,10 +15,17 @@
  */
 package org.springframework.security.config.http;
 
+import java.io.IOException;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
 import org.apache.http.HttpHeaders;
 import org.junit.Rule;
 import org.junit.Test;
 import org.junit.runner.RunWith;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.mock.web.MockHttpSession;
 import org.springframework.security.config.test.SpringTestRule;
@@ -31,11 +38,6 @@ import org.springframework.test.web.servlet.MvcResult;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RestController;
 
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.hamcrest.core.StringContains.containsString;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
diff --git a/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigServlet31Tests.java b/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigServlet31Tests.java
index 1f7c2107e0..c7fbebe5b6 100644
--- a/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigServlet31Tests.java
+++ b/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigServlet31Tests.java
@@ -16,6 +16,7 @@
 package org.springframework.security.config.http;
 
 import java.lang.reflect.Method;
+
 import javax.servlet.Filter;
 
 import org.junit.After;
diff --git a/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigTests.java b/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigTests.java
index b91007a29a..9ee76f8302 100644
--- a/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigTests.java
@@ -18,6 +18,7 @@ package org.springframework.security.config.http;
 import java.io.IOException;
 import java.security.Principal;
 import java.util.List;
+
 import javax.servlet.Filter;
 import javax.servlet.ServletContext;
 import javax.servlet.ServletException;
diff --git a/config/src/test/java/org/springframework/security/config/http/WebConfigUtilsTests.java b/config/src/test/java/org/springframework/security/config/http/WebConfigUtilsTests.java
index 50d8501a01..cb74d3d1b2 100644
--- a/config/src/test/java/org/springframework/security/config/http/WebConfigUtilsTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/WebConfigUtilsTests.java
@@ -15,15 +15,16 @@
  */
 package org.springframework.security.config.http;
 
-import static org.mockito.Mockito.verifyZeroInteractions;
-
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.powermock.core.classloader.annotations.PrepareOnlyThisForTest;
 import org.powermock.modules.junit4.PowerMockRunner;
+
 import org.springframework.beans.factory.xml.ParserContext;
 
+import static org.mockito.Mockito.verifyZeroInteractions;
+
 @RunWith(PowerMockRunner.class)
 @PrepareOnlyThisForTest(ParserContext.class)
 public class WebConfigUtilsTests {
diff --git a/config/src/test/java/org/springframework/security/config/http/customconfigurer/CustomHttpSecurityConfigurerTests.java b/config/src/test/java/org/springframework/security/config/http/customconfigurer/CustomHttpSecurityConfigurerTests.java
index 2dbbc28cf9..e46e604ff0 100644
--- a/config/src/test/java/org/springframework/security/config/http/customconfigurer/CustomHttpSecurityConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/customconfigurer/CustomHttpSecurityConfigurerTests.java
@@ -15,9 +15,6 @@
  */
 package org.springframework.security.config.http.customconfigurer;
 
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.springframework.security.config.http.customconfigurer.CustomConfigurer.customConfigurer;
-
 import java.util.Properties;
 
 import javax.servlet.http.HttpServletResponse;
@@ -25,6 +22,7 @@ import javax.servlet.http.HttpServletResponse;
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.config.PropertyPlaceholderConfigurer;
 import org.springframework.context.ConfigurableApplicationContext;
@@ -38,6 +36,9 @@ import org.springframework.security.config.annotation.web.configuration.EnableWe
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.web.FilterChainProxy;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.springframework.security.config.http.customconfigurer.CustomConfigurer.customConfigurer;
+
 /**
  * @author Rob Winch
  *
diff --git a/config/src/test/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParserTests.java
index a5af95312b..2bcd096cde 100644
--- a/config/src/test/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParserTests.java
@@ -15,14 +15,12 @@
  */
 package org.springframework.security.config.method;
 
-import static org.assertj.core.api.Assertions.*;
-import static org.springframework.security.config.ConfigTestUtils.AUTH_PROVIDER_XML;
-
 import java.util.ArrayList;
 import java.util.List;
 
 import org.junit.After;
 import org.junit.Test;
+
 import org.springframework.aop.Advisor;
 import org.springframework.aop.framework.Advised;
 import org.springframework.beans.BeansException;
@@ -59,6 +57,10 @@ import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.util.FieldUtils;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.fail;
+import static org.springframework.security.config.ConfigTestUtils.AUTH_PROVIDER_XML;
+
 /**
  * @author Ben Alex
  * @author Luke Taylor
diff --git a/config/src/test/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecoratorTests.java b/config/src/test/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecoratorTests.java
index b7a2907633..c49964bfc5 100644
--- a/config/src/test/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecoratorTests.java
+++ b/config/src/test/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecoratorTests.java
@@ -15,10 +15,11 @@
  */
 package org.springframework.security.config.method;
 
-import static org.assertj.core.api.Assertions.*;
-
-import org.junit.*;
+import org.junit.After;
+import org.junit.BeforeClass;
+import org.junit.Test;
 import org.junit.runner.RunWith;
+
 import org.springframework.beans.BeansException;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
@@ -37,6 +38,8 @@ import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 /**
  * @author Luke Taylor
  */
diff --git a/config/src/test/java/org/springframework/security/config/method/Jsr250AnnotationDrivenBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/method/Jsr250AnnotationDrivenBeanDefinitionParserTests.java
index 5c61525e03..194ac1fe62 100644
--- a/config/src/test/java/org/springframework/security/config/method/Jsr250AnnotationDrivenBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/method/Jsr250AnnotationDrivenBeanDefinitionParserTests.java
@@ -18,6 +18,7 @@ package org.springframework.security.config.method;
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.access.annotation.BusinessService;
 import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
diff --git a/config/src/test/java/org/springframework/security/config/method/PreAuthorizeTests.java b/config/src/test/java/org/springframework/security/config/method/PreAuthorizeTests.java
index 67ebb43bac..db9fddee30 100644
--- a/config/src/test/java/org/springframework/security/config/method/PreAuthorizeTests.java
+++ b/config/src/test/java/org/springframework/security/config/method/PreAuthorizeTests.java
@@ -18,6 +18,7 @@ package org.springframework.security.config.method;
 import org.junit.After;
 import org.junit.Test;
 import org.junit.runner.RunWith;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.authentication.TestingAuthenticationToken;
diff --git a/config/src/test/java/org/springframework/security/config/method/Sec2196Tests.java b/config/src/test/java/org/springframework/security/config/method/Sec2196Tests.java
index 9a3bf2be91..e521cd18ed 100644
--- a/config/src/test/java/org/springframework/security/config/method/Sec2196Tests.java
+++ b/config/src/test/java/org/springframework/security/config/method/Sec2196Tests.java
@@ -17,6 +17,7 @@ package org.springframework.security.config.method;
 
 import org.junit.After;
 import org.junit.Test;
+
 import org.springframework.context.ConfigurableApplicationContext;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.access.prepost.PreAuthorize;
diff --git a/config/src/test/java/org/springframework/security/config/method/SecuredAnnotationDrivenBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/method/SecuredAnnotationDrivenBeanDefinitionParserTests.java
index 998ff9fe65..10b57e0ec1 100644
--- a/config/src/test/java/org/springframework/security/config/method/SecuredAnnotationDrivenBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/method/SecuredAnnotationDrivenBeanDefinitionParserTests.java
@@ -24,6 +24,7 @@ import java.io.ObjectOutputStream;
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.access.annotation.BusinessService;
 import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
diff --git a/config/src/test/java/org/springframework/security/config/method/SecuredTests.java b/config/src/test/java/org/springframework/security/config/method/SecuredTests.java
index 21fd98e0ee..488104d024 100644
--- a/config/src/test/java/org/springframework/security/config/method/SecuredTests.java
+++ b/config/src/test/java/org/springframework/security/config/method/SecuredTests.java
@@ -18,6 +18,7 @@ package org.springframework.security.config.method;
 import org.junit.After;
 import org.junit.Test;
 import org.junit.runner.RunWith;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.authentication.TestingAuthenticationToken;
diff --git a/config/src/test/java/org/springframework/security/config/method/sec2136/Sec2136Tests.java b/config/src/test/java/org/springframework/security/config/method/sec2136/Sec2136Tests.java
index dee9f84914..123b7effcd 100644
--- a/config/src/test/java/org/springframework/security/config/method/sec2136/Sec2136Tests.java
+++ b/config/src/test/java/org/springframework/security/config/method/sec2136/Sec2136Tests.java
@@ -17,6 +17,7 @@ package org.springframework.security.config.method.sec2136;
 
 import org.junit.Test;
 import org.junit.runner.RunWith;
+
 import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 
diff --git a/config/src/test/java/org/springframework/security/config/method/sec2499/Sec2499Tests.java b/config/src/test/java/org/springframework/security/config/method/sec2499/Sec2499Tests.java
index 429579f946..8c4e755cca 100644
--- a/config/src/test/java/org/springframework/security/config/method/sec2499/Sec2499Tests.java
+++ b/config/src/test/java/org/springframework/security/config/method/sec2499/Sec2499Tests.java
@@ -17,6 +17,7 @@ package org.springframework.security.config.method.sec2499;
 
 import org.junit.After;
 import org.junit.Test;
+
 import org.springframework.context.support.GenericXmlApplicationContext;
 
 /**
diff --git a/config/src/test/java/org/springframework/security/config/oauth2/client/ClientRegistrationsBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/oauth2/client/ClientRegistrationsBeanDefinitionParserTests.java
index fccad498bc..cbabcc193d 100644
--- a/config/src/test/java/org/springframework/security/config/oauth2/client/ClientRegistrationsBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/oauth2/client/ClientRegistrationsBeanDefinitionParserTests.java
@@ -20,6 +20,7 @@ import okhttp3.mockwebserver.MockWebServer;
 import org.junit.After;
 import org.junit.Rule;
 import org.junit.Test;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.MediaType;
diff --git a/config/src/test/java/org/springframework/security/config/oauth2/client/CommonOAuth2ProviderTests.java b/config/src/test/java/org/springframework/security/config/oauth2/client/CommonOAuth2ProviderTests.java
index d896bbe8b2..451adf58d1 100644
--- a/config/src/test/java/org/springframework/security/config/oauth2/client/CommonOAuth2ProviderTests.java
+++ b/config/src/test/java/org/springframework/security/config/oauth2/client/CommonOAuth2ProviderTests.java
@@ -16,6 +16,7 @@
 package org.springframework.security.config.oauth2.client;
 
 import org.junit.Test;
+
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
 import org.springframework.security.oauth2.client.registration.ClientRegistration.ProviderDetails;
 import org.springframework.security.oauth2.core.AuthorizationGrantType;
diff --git a/config/src/test/java/org/springframework/security/config/provisioning/UserDetailsManagerResourceFactoryBeanPropertiesResourceITests.java b/config/src/test/java/org/springframework/security/config/provisioning/UserDetailsManagerResourceFactoryBeanPropertiesResourceITests.java
index 818e469c66..191ffa1132 100644
--- a/config/src/test/java/org/springframework/security/config/provisioning/UserDetailsManagerResourceFactoryBeanPropertiesResourceITests.java
+++ b/config/src/test/java/org/springframework/security/config/provisioning/UserDetailsManagerResourceFactoryBeanPropertiesResourceITests.java
@@ -18,6 +18,7 @@ package org.springframework.security.config.provisioning;
 
 import org.junit.Test;
 import org.junit.runner.RunWith;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -25,7 +26,7 @@ import org.springframework.security.provisioning.UserDetailsManager;
 import org.springframework.security.util.InMemoryResource;
 import org.springframework.test.context.junit4.SpringRunner;
 
-import static org.assertj.core.api.AssertionsForInterfaceTypes.assertThat;
+import static org.assertj.core.api.AssertionsForClassTypes.assertThat;
 
 /**
  * @author Rob Winch
diff --git a/config/src/test/java/org/springframework/security/config/provisioning/UserDetailsManagerResourceFactoryBeanPropertiesResourceLocationITests.java b/config/src/test/java/org/springframework/security/config/provisioning/UserDetailsManagerResourceFactoryBeanPropertiesResourceLocationITests.java
index a42b5638d1..180ea0b40a 100644
--- a/config/src/test/java/org/springframework/security/config/provisioning/UserDetailsManagerResourceFactoryBeanPropertiesResourceLocationITests.java
+++ b/config/src/test/java/org/springframework/security/config/provisioning/UserDetailsManagerResourceFactoryBeanPropertiesResourceLocationITests.java
@@ -18,13 +18,14 @@ package org.springframework.security.config.provisioning;
 
 import org.junit.Test;
 import org.junit.runner.RunWith;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.provisioning.UserDetailsManager;
 import org.springframework.test.context.junit4.SpringRunner;
 
-import static org.assertj.core.api.AssertionsForInterfaceTypes.assertThat;
+import static org.assertj.core.api.AssertionsForClassTypes.assertThat;
 
 /**
  * @author Rob Winch
diff --git a/config/src/test/java/org/springframework/security/config/provisioning/UserDetailsManagerResourceFactoryBeanStringITests.java b/config/src/test/java/org/springframework/security/config/provisioning/UserDetailsManagerResourceFactoryBeanStringITests.java
index b7840124c0..f42c35ff9e 100644
--- a/config/src/test/java/org/springframework/security/config/provisioning/UserDetailsManagerResourceFactoryBeanStringITests.java
+++ b/config/src/test/java/org/springframework/security/config/provisioning/UserDetailsManagerResourceFactoryBeanStringITests.java
@@ -18,13 +18,14 @@ package org.springframework.security.config.provisioning;
 
 import org.junit.Test;
 import org.junit.runner.RunWith;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.provisioning.UserDetailsManager;
 import org.springframework.test.context.junit4.SpringRunner;
 
-import static org.assertj.core.api.AssertionsForInterfaceTypes.assertThat;
+import static org.assertj.core.api.AssertionsForClassTypes.assertThat;
 
 /**
  * @author Rob Winch
diff --git a/config/src/test/java/org/springframework/security/config/test/SpringTestContext.java b/config/src/test/java/org/springframework/security/config/test/SpringTestContext.java
index 9fab61c74e..d256e3353d 100644
--- a/config/src/test/java/org/springframework/security/config/test/SpringTestContext.java
+++ b/config/src/test/java/org/springframework/security/config/test/SpringTestContext.java
@@ -16,6 +16,15 @@
 
 package org.springframework.security.config.test;
 
+import java.io.Closeable;
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
 import org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor;
 import org.springframework.mock.web.MockServletConfig;
 import org.springframework.mock.web.MockServletContext;
@@ -32,14 +41,6 @@ import org.springframework.web.context.support.AnnotationConfigWebApplicationCon
 import org.springframework.web.context.support.XmlWebApplicationContext;
 import org.springframework.web.filter.OncePerRequestFilter;
 
-import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.io.Closeable;
-import java.util.ArrayList;
-import java.util.List;
-
 import static org.springframework.security.config.BeanIds.SPRING_SECURITY_FILTER_CHAIN;
 import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.springSecurity;
 
diff --git a/config/src/test/java/org/springframework/security/config/test/SpringTestRule.java b/config/src/test/java/org/springframework/security/config/test/SpringTestRule.java
index ae746dc5a3..c2bca55650 100644
--- a/config/src/test/java/org/springframework/security/config/test/SpringTestRule.java
+++ b/config/src/test/java/org/springframework/security/config/test/SpringTestRule.java
@@ -19,6 +19,7 @@ package org.springframework.security.config.test;
 import org.junit.rules.MethodRule;
 import org.junit.runners.model.FrameworkMethod;
 import org.junit.runners.model.Statement;
+
 import org.springframework.security.test.context.TestSecurityContextHolder;
 
 /**
diff --git a/config/src/test/java/org/springframework/security/config/web/server/AuthorizeExchangeSpecTests.java b/config/src/test/java/org/springframework/security/config/web/server/AuthorizeExchangeSpecTests.java
index 99541aab43..c1bb20ae3d 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/AuthorizeExchangeSpecTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/AuthorizeExchangeSpecTests.java
@@ -17,6 +17,7 @@
 package org.springframework.security.config.web.server;
 
 import org.junit.Test;
+
 import org.springframework.http.HttpMethod;
 import org.springframework.security.config.annotation.web.reactive.ServerHttpSecurityConfigurationBuilder;
 import org.springframework.security.test.web.reactive.server.WebTestClientBuilder;
diff --git a/config/src/test/java/org/springframework/security/config/web/server/CorsSpecTests.java b/config/src/test/java/org/springframework/security/config/web/server/CorsSpecTests.java
index d41c7679ff..df1cd46980 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/CorsSpecTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/CorsSpecTests.java
@@ -16,11 +16,18 @@
 
 package org.springframework.security.config.web.server;
 
+import java.util.Arrays;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
+
 import org.springframework.context.ApplicationContext;
 import org.springframework.core.ResolvableType;
 import org.springframework.http.HttpHeaders;
@@ -30,12 +37,6 @@ import org.springframework.test.web.reactive.server.WebTestClient;
 import org.springframework.web.cors.CorsConfiguration;
 import org.springframework.web.cors.reactive.CorsConfigurationSource;
 
-import java.util.Arrays;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-
 import static org.assertj.core.api.AssertionsForInterfaceTypes.assertThat;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.when;
diff --git a/config/src/test/java/org/springframework/security/config/web/server/ExceptionHandlingSpecTests.java b/config/src/test/java/org/springframework/security/config/web/server/ExceptionHandlingSpecTests.java
index c4bf90d8c2..9fa6c5156e 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/ExceptionHandlingSpecTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/ExceptionHandlingSpecTests.java
@@ -16,6 +16,7 @@
 package org.springframework.security.config.web.server;
 
 import org.junit.Test;
+
 import org.springframework.http.HttpStatus;
 import org.springframework.security.config.annotation.web.reactive.ServerHttpSecurityConfigurationBuilder;
 import org.springframework.security.test.web.reactive.server.WebTestClientBuilder;
diff --git a/config/src/test/java/org/springframework/security/config/web/server/FormLoginTests.java b/config/src/test/java/org/springframework/security/config/web/server/FormLoginTests.java
index 29684c9bff..df1e409ac7 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/FormLoginTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/FormLoginTests.java
@@ -23,6 +23,8 @@ import org.openqa.selenium.WebDriver;
 import org.openqa.selenium.WebElement;
 import org.openqa.selenium.support.FindBy;
 import org.openqa.selenium.support.PageFactory;
+import reactor.core.publisher.Mono;
+
 import org.springframework.security.authentication.ReactiveAuthenticationManager;
 import org.springframework.security.authentication.TestingAuthenticationToken;
 import org.springframework.security.config.annotation.web.reactive.ServerHttpSecurityConfigurationBuilder;
@@ -43,7 +45,6 @@ import org.springframework.test.web.reactive.server.WebTestClient;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.ResponseBody;
 import org.springframework.web.server.ServerWebExchange;
-import reactor.core.publisher.Mono;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatCode;
diff --git a/config/src/test/java/org/springframework/security/config/web/server/LogoutSpecTests.java b/config/src/test/java/org/springframework/security/config/web/server/LogoutSpecTests.java
index b403afdefc..3beabcc3af 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/LogoutSpecTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/LogoutSpecTests.java
@@ -18,13 +18,14 @@ package org.springframework.security.config.web.server;
 
 import org.junit.Test;
 import org.openqa.selenium.WebDriver;
+
 import org.springframework.security.config.annotation.web.reactive.ServerHttpSecurityConfigurationBuilder;
 import org.springframework.security.htmlunit.server.WebTestClientHtmlUnitDriverBuilder;
+import org.springframework.security.test.web.reactive.server.WebTestClientBuilder;
 import org.springframework.security.web.server.SecurityWebFilterChain;
 import org.springframework.security.web.server.context.WebSessionServerSecurityContextRepository;
 import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers;
 import org.springframework.test.web.reactive.server.WebTestClient;
-import org.springframework.security.test.web.reactive.server.WebTestClientBuilder;
 
 import static org.springframework.security.config.Customizer.withDefaults;
 
diff --git a/config/src/test/java/org/springframework/security/config/web/server/OAuth2ClientSpecTests.java b/config/src/test/java/org/springframework/security/config/web/server/OAuth2ClientSpecTests.java
index 30a69bd0c3..8942fc5b21 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/OAuth2ClientSpecTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/OAuth2ClientSpecTests.java
@@ -21,6 +21,8 @@ import java.net.URI;
 import org.junit.Rule;
 import org.junit.Test;
 import org.junit.runner.RunWith;
+import reactor.core.publisher.Mono;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.ApplicationContext;
 import org.springframework.context.annotation.Bean;
@@ -56,9 +58,8 @@ import org.springframework.test.web.reactive.server.WebTestClient;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RestController;
 import org.springframework.web.reactive.config.EnableWebFlux;
-import reactor.core.publisher.Mono;
 
-import static org.mockito.Mockito.any;
+import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.when;
diff --git a/config/src/test/java/org/springframework/security/config/web/server/OAuth2LoginTests.java b/config/src/test/java/org/springframework/security/config/web/server/OAuth2LoginTests.java
index 902290964e..d4a34905af 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/OAuth2LoginTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/OAuth2LoginTests.java
@@ -16,10 +16,16 @@
 
 package org.springframework.security.config.web.server;
 
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+
 import org.junit.Rule;
 import org.junit.Test;
 import org.mockito.stubbing.Answer;
 import org.openqa.selenium.WebDriver;
+import reactor.core.publisher.Mono;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.ApplicationContext;
 import org.springframework.context.annotation.Bean;
@@ -95,11 +101,6 @@ import org.springframework.web.server.ServerWebExchange;
 import org.springframework.web.server.WebFilter;
 import org.springframework.web.server.WebFilterChain;
 import org.springframework.web.server.WebHandler;
-import reactor.core.publisher.Mono;
-
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.Map;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
diff --git a/config/src/test/java/org/springframework/security/config/web/server/OAuth2ResourceServerSpecTests.java b/config/src/test/java/org/springframework/security/config/web/server/OAuth2ResourceServerSpecTests.java
index aa1d2cdc47..55330713e1 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/OAuth2ResourceServerSpecTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/OAuth2ResourceServerSpecTests.java
@@ -27,6 +27,7 @@ import java.util.Base64;
 import java.util.Optional;
 import java.util.stream.Collectors;
 import java.util.stream.Stream;
+
 import javax.annotation.PreDestroy;
 
 import okhttp3.mockwebserver.Dispatcher;
diff --git a/config/src/test/java/org/springframework/security/config/web/server/RequestCacheTests.java b/config/src/test/java/org/springframework/security/config/web/server/RequestCacheTests.java
index 2cc9464701..e3a438d19e 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/RequestCacheTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/RequestCacheTests.java
@@ -19,6 +19,7 @@ package org.springframework.security.config.web.server;
 import org.junit.Test;
 import org.openqa.selenium.WebDriver;
 import org.openqa.selenium.support.PageFactory;
+
 import org.springframework.security.config.annotation.web.reactive.ServerHttpSecurityConfigurationBuilder;
 import org.springframework.security.config.web.server.FormLoginTests.DefaultLoginPage;
 import org.springframework.security.config.web.server.FormLoginTests.HomePage;
diff --git a/config/src/test/java/org/springframework/security/config/web/server/ServerHttpSecurityTests.java b/config/src/test/java/org/springframework/security/config/web/server/ServerHttpSecurityTests.java
index e63bbf13e5..014e2d689f 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/ServerHttpSecurityTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/ServerHttpSecurityTests.java
@@ -16,17 +16,6 @@
 
 package org.springframework.security.config.web.server;
 
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.BDDMockito.given;
-import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.spy;
-import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.verifyZeroInteractions;
-import static org.mockito.Mockito.when;
-import static org.springframework.security.config.Customizer.withDefaults;
-import static org.springframework.test.util.ReflectionTestUtils.getField;
-
 import java.util.Arrays;
 import java.util.List;
 import java.util.Objects;
@@ -40,36 +29,38 @@ import org.junit.runner.RunWith;
 import org.mockito.ArgumentCaptor;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
-
-import org.springframework.security.core.Authentication;
-import org.springframework.security.oauth2.client.registration.ReactiveClientRegistrationRepository;
-import org.springframework.security.oauth2.client.web.server.ServerAuthorizationRequestRepository;
-import org.springframework.security.oauth2.client.web.server.authentication.OAuth2LoginAuthenticationWebFilter;
-import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
-import org.springframework.security.oauth2.core.endpoint.TestOAuth2AuthorizationRequests;
-import org.springframework.security.web.authentication.preauth.x509.X509PrincipalExtractor;
-import org.springframework.security.web.server.authentication.ServerX509AuthenticationConverter;
-import org.springframework.security.web.server.savedrequest.ServerRequestCache;
-import org.springframework.security.web.server.savedrequest.WebSessionServerRequestCache;
 import reactor.core.publisher.Mono;
 import reactor.test.publisher.TestPublisher;
 
 import org.springframework.security.authentication.ReactiveAuthenticationManager;
 import org.springframework.security.authentication.TestingAuthenticationToken;
 import org.springframework.security.config.annotation.web.reactive.ServerHttpSecurityConfigurationBuilder;
+import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContext;
+import org.springframework.security.oauth2.client.registration.ReactiveClientRegistrationRepository;
+import org.springframework.security.oauth2.client.web.server.ServerAuthorizationRequestRepository;
+import org.springframework.security.oauth2.client.web.server.authentication.OAuth2LoginAuthenticationWebFilter;
+import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
+import org.springframework.security.oauth2.core.endpoint.TestOAuth2AuthorizationRequests;
 import org.springframework.security.test.web.reactive.server.WebTestClientBuilder;
+import org.springframework.security.web.authentication.preauth.x509.X509PrincipalExtractor;
 import org.springframework.security.web.server.SecurityWebFilterChain;
 import org.springframework.security.web.server.WebFilterChainProxy;
+import org.springframework.security.web.server.authentication.AnonymousAuthenticationWebFilterTests;
+import org.springframework.security.web.server.authentication.HttpBasicServerAuthenticationEntryPoint;
+import org.springframework.security.web.server.authentication.ServerX509AuthenticationConverter;
 import org.springframework.security.web.server.authentication.logout.DelegatingServerLogoutHandler;
 import org.springframework.security.web.server.authentication.logout.LogoutWebFilter;
 import org.springframework.security.web.server.authentication.logout.SecurityContextServerLogoutHandler;
 import org.springframework.security.web.server.authentication.logout.ServerLogoutHandler;
+import org.springframework.security.web.server.context.SecurityContextServerWebExchangeWebFilter;
 import org.springframework.security.web.server.context.ServerSecurityContextRepository;
 import org.springframework.security.web.server.context.WebSessionServerSecurityContextRepository;
 import org.springframework.security.web.server.csrf.CsrfServerLogoutHandler;
 import org.springframework.security.web.server.csrf.CsrfWebFilter;
 import org.springframework.security.web.server.csrf.ServerCsrfTokenRepository;
+import org.springframework.security.web.server.savedrequest.ServerRequestCache;
+import org.springframework.security.web.server.savedrequest.WebSessionServerRequestCache;
 import org.springframework.test.web.reactive.server.EntityExchangeResult;
 import org.springframework.test.web.reactive.server.FluxExchangeResult;
 import org.springframework.test.web.reactive.server.WebTestClient;
@@ -77,10 +68,18 @@ import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RestController;
 import org.springframework.web.server.ServerWebExchange;
 import org.springframework.web.server.WebFilter;
-import org.springframework.security.web.server.context.SecurityContextServerWebExchangeWebFilter;
 import org.springframework.web.server.WebFilterChain;
-import org.springframework.security.web.server.authentication.AnonymousAuthenticationWebFilterTests;
-import org.springframework.security.web.server.authentication.HttpBasicServerAuthenticationEntryPoint;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.BDDMockito.given;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.spy;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.verifyZeroInteractions;
+import static org.mockito.Mockito.when;
+import static org.springframework.security.config.Customizer.withDefaults;
+import static org.springframework.test.util.ReflectionTestUtils.getField;
 
 /**
  * @author Rob Winch
diff --git a/config/src/test/java/org/springframework/security/config/websocket/MessageSecurityPostProcessorTests.java b/config/src/test/java/org/springframework/security/config/websocket/MessageSecurityPostProcessorTests.java
index 76e58d366e..ca6b1dc65a 100644
--- a/config/src/test/java/org/springframework/security/config/websocket/MessageSecurityPostProcessorTests.java
+++ b/config/src/test/java/org/springframework/security/config/websocket/MessageSecurityPostProcessorTests.java
@@ -16,6 +16,7 @@
 package org.springframework.security.config.websocket;
 
 import org.junit.Test;
+
 import org.springframework.beans.factory.support.BeanDefinitionRegistry;
 import org.springframework.beans.factory.support.GenericBeanDefinition;
 import org.springframework.beans.factory.support.SimpleBeanDefinitionRegistry;
diff --git a/config/src/test/java/org/springframework/security/config/websocket/WebSocketMessageBrokerConfigTests.java b/config/src/test/java/org/springframework/security/config/websocket/WebSocketMessageBrokerConfigTests.java
index f4e3df8af9..6a9ca15fa3 100644
--- a/config/src/test/java/org/springframework/security/config/websocket/WebSocketMessageBrokerConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/websocket/WebSocketMessageBrokerConfigTests.java
@@ -15,11 +15,15 @@
  */
 package org.springframework.security.config.websocket;
 
+import java.util.HashMap;
+import java.util.Map;
+
 import org.assertj.core.api.ThrowableAssert;
 import org.assertj.core.api.ThrowableAssert.ThrowingCallable;
 import org.junit.Rule;
 import org.junit.Test;
 import org.junit.runner.RunWith;
+
 import org.springframework.beans.BeansException;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.config.BeanDefinition;
@@ -62,10 +66,9 @@ import org.springframework.web.socket.WebSocketHandler;
 import org.springframework.web.socket.server.HandshakeFailureException;
 import org.springframework.web.socket.server.HandshakeHandler;
 
-import java.util.HashMap;
-import java.util.Map;
-
-import static org.assertj.core.api.Assertions.*;
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatCode;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 
 /**
diff --git a/config/src/test/java/org/springframework/security/htmlunit/server/HtmlUnitWebTestClient.java b/config/src/test/java/org/springframework/security/htmlunit/server/HtmlUnitWebTestClient.java
index 408f3240a3..f6b1ee9aa0 100644
--- a/config/src/test/java/org/springframework/security/htmlunit/server/HtmlUnitWebTestClient.java
+++ b/config/src/test/java/org/springframework/security/htmlunit/server/HtmlUnitWebTestClient.java
@@ -27,8 +27,9 @@ import java.util.StringTokenizer;
 import com.gargoylesoftware.htmlunit.FormEncodingType;
 import com.gargoylesoftware.htmlunit.WebClient;
 import com.gargoylesoftware.htmlunit.WebRequest;
-
 import com.gargoylesoftware.htmlunit.util.NameValuePair;
+import reactor.core.publisher.Mono;
+
 import org.springframework.http.HttpMethod;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseCookie;
@@ -43,7 +44,6 @@ import org.springframework.web.reactive.function.client.ClientRequest;
 import org.springframework.web.reactive.function.client.ClientResponse;
 import org.springframework.web.reactive.function.client.ExchangeFilterFunction;
 import org.springframework.web.reactive.function.client.ExchangeFunction;
-import reactor.core.publisher.Mono;
 
 final class HtmlUnitWebTestClient {
 
diff --git a/config/src/test/java/org/springframework/security/htmlunit/server/WebTestClientHtmlUnitDriverBuilder.java b/config/src/test/java/org/springframework/security/htmlunit/server/WebTestClientHtmlUnitDriverBuilder.java
index 5a671b6b4e..47d4a77783 100644
--- a/config/src/test/java/org/springframework/security/htmlunit/server/WebTestClientHtmlUnitDriverBuilder.java
+++ b/config/src/test/java/org/springframework/security/htmlunit/server/WebTestClientHtmlUnitDriverBuilder.java
@@ -19,6 +19,7 @@ package org.springframework.security.htmlunit.server;
 import com.gargoylesoftware.htmlunit.WebClient;
 import com.gargoylesoftware.htmlunit.WebConnection;
 import org.openqa.selenium.WebDriver;
+
 import org.springframework.test.web.reactive.server.WebTestClient;
 import org.springframework.test.web.servlet.htmlunit.DelegatingWebConnection;
 import org.springframework.test.web.servlet.htmlunit.DelegatingWebConnection.DelegateWebConnection;
diff --git a/config/src/test/java/org/springframework/security/htmlunit/server/WebTestClientHtmlUnitDriverBuilderTests.java b/config/src/test/java/org/springframework/security/htmlunit/server/WebTestClientHtmlUnitDriverBuilderTests.java
index d0d074a978..c1e4aa01d9 100644
--- a/config/src/test/java/org/springframework/security/htmlunit/server/WebTestClientHtmlUnitDriverBuilderTests.java
+++ b/config/src/test/java/org/springframework/security/htmlunit/server/WebTestClientHtmlUnitDriverBuilderTests.java
@@ -16,8 +16,13 @@
 
 package org.springframework.security.htmlunit.server;
 
+import java.net.URI;
+import java.time.Duration;
+
 import org.junit.Test;
 import org.openqa.selenium.WebDriver;
+import reactor.core.publisher.Mono;
+
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseCookie;
@@ -28,10 +33,6 @@ import org.springframework.test.web.reactive.server.WebTestClient;
 import org.springframework.web.bind.annotation.CookieValue;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.ResponseBody;
-import reactor.core.publisher.Mono;
-
-import java.net.URI;
-import java.time.Duration;
 
 import static org.assertj.core.api.Assertions.assertThat;
 
diff --git a/config/src/test/java/org/springframework/security/intercept/method/aopalliance/MethodSecurityInterceptorWithAopConfigTests.java b/config/src/test/java/org/springframework/security/intercept/method/aopalliance/MethodSecurityInterceptorWithAopConfigTests.java
index 334d0ebc18..1469d5c06a 100644
--- a/config/src/test/java/org/springframework/security/intercept/method/aopalliance/MethodSecurityInterceptorWithAopConfigTests.java
+++ b/config/src/test/java/org/springframework/security/intercept/method/aopalliance/MethodSecurityInterceptorWithAopConfigTests.java
@@ -15,17 +15,18 @@
  */
 package org.springframework.security.intercept.method.aopalliance;
 
-import static org.assertj.core.api.Assertions.*;
-
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.context.support.AbstractXmlApplicationContext;
 import org.springframework.security.ITargetObject;
 import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
 import org.springframework.security.config.util.InMemoryXmlApplicationContext;
 import org.springframework.security.core.context.SecurityContextHolder;
 
+import static org.assertj.core.api.Assertions.fail;
+
 /**
  * Tests for SEC-428 (and SEC-1204).
  *
diff --git a/core/src/main/java/org/springframework/security/access/annotation/AnnotationMetadataExtractor.java b/core/src/main/java/org/springframework/security/access/annotation/AnnotationMetadataExtractor.java
index e226562314..6a2001a2ed 100644
--- a/core/src/main/java/org/springframework/security/access/annotation/AnnotationMetadataExtractor.java
+++ b/core/src/main/java/org/springframework/security/access/annotation/AnnotationMetadataExtractor.java
@@ -15,10 +15,10 @@
  */
 package org.springframework.security.access.annotation;
 
-import org.springframework.security.access.ConfigAttribute;
-
 import java.lang.annotation.Annotation;
-import java.util.*;
+import java.util.Collection;
+
+import org.springframework.security.access.ConfigAttribute;
 
 /**
  * Strategy to process a custom security annotation to extract the relevant
diff --git a/core/src/main/java/org/springframework/security/access/annotation/Jsr250SecurityConfig.java b/core/src/main/java/org/springframework/security/access/annotation/Jsr250SecurityConfig.java
index 4456eaf14b..ae99cd27b8 100644
--- a/core/src/main/java/org/springframework/security/access/annotation/Jsr250SecurityConfig.java
+++ b/core/src/main/java/org/springframework/security/access/annotation/Jsr250SecurityConfig.java
@@ -15,10 +15,10 @@
  */
 package org.springframework.security.access.annotation;
 
-import org.springframework.security.access.SecurityConfig;
-
-import javax.annotation.security.PermitAll;
 import javax.annotation.security.DenyAll;
+import javax.annotation.security.PermitAll;
+
+import org.springframework.security.access.SecurityConfig;
 
 /**
  * Security config applicable as a JSR 250 annotation attribute.
diff --git a/core/src/main/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSource.java b/core/src/main/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSource.java
index eb8c1d3cb8..3de23b2117 100644
--- a/core/src/main/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSource.java
+++ b/core/src/main/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSource.java
@@ -18,7 +18,9 @@ package org.springframework.security.access.annotation;
 
 import java.lang.annotation.Annotation;
 import java.lang.reflect.Method;
-import java.util.*;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.List;
 
 import org.springframework.core.GenericTypeResolver;
 import org.springframework.core.annotation.AnnotationUtils;
diff --git a/core/src/main/java/org/springframework/security/access/event/LoggerListener.java b/core/src/main/java/org/springframework/security/access/event/LoggerListener.java
index 9016c49029..c52acfbf68 100644
--- a/core/src/main/java/org/springframework/security/access/event/LoggerListener.java
+++ b/core/src/main/java/org/springframework/security/access/event/LoggerListener.java
@@ -18,6 +18,7 @@ package org.springframework.security.access.event;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+
 import org.springframework.context.ApplicationListener;
 
 /**
diff --git a/core/src/main/java/org/springframework/security/access/expression/DenyAllPermissionEvaluator.java b/core/src/main/java/org/springframework/security/access/expression/DenyAllPermissionEvaluator.java
index 97858f229b..89ba56b486 100644
--- a/core/src/main/java/org/springframework/security/access/expression/DenyAllPermissionEvaluator.java
+++ b/core/src/main/java/org/springframework/security/access/expression/DenyAllPermissionEvaluator.java
@@ -19,6 +19,7 @@ import java.io.Serializable;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+
 import org.springframework.security.access.PermissionEvaluator;
 import org.springframework.security.core.Authentication;
 
diff --git a/core/src/main/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandler.java b/core/src/main/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandler.java
index 233d364a76..d734e5c48d 100644
--- a/core/src/main/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandler.java
+++ b/core/src/main/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandler.java
@@ -22,11 +22,12 @@ import java.util.Collection;
 import java.util.LinkedHashMap;
 import java.util.List;
 import java.util.Map;
-import java.util.stream.*;
+import java.util.stream.Stream;
 
 import org.aopalliance.intercept.MethodInvocation;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+
 import org.springframework.core.ParameterNameDiscoverer;
 import org.springframework.expression.EvaluationContext;
 import org.springframework.expression.Expression;
diff --git a/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPostInvocationAdvice.java b/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPostInvocationAdvice.java
index 54c0c88911..c05f5622c7 100644
--- a/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPostInvocationAdvice.java
+++ b/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPostInvocationAdvice.java
@@ -18,6 +18,7 @@ package org.springframework.security.access.expression.method;
 import org.aopalliance.intercept.MethodInvocation;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+
 import org.springframework.expression.EvaluationContext;
 import org.springframework.expression.Expression;
 import org.springframework.security.access.AccessDeniedException;
diff --git a/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPreInvocationAdvice.java b/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPreInvocationAdvice.java
index 477c6ab361..056b042593 100644
--- a/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPreInvocationAdvice.java
+++ b/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPreInvocationAdvice.java
@@ -21,6 +21,7 @@ package org.springframework.security.access.expression.method;
 import java.util.Collection;
 
 import org.aopalliance.intercept.MethodInvocation;
+
 import org.springframework.expression.EvaluationContext;
 import org.springframework.expression.Expression;
 import org.springframework.security.access.expression.ExpressionUtils;
diff --git a/core/src/main/java/org/springframework/security/access/expression/method/MethodSecurityEvaluationContext.java b/core/src/main/java/org/springframework/security/access/expression/method/MethodSecurityEvaluationContext.java
index fe26a6fded..fc9b79f949 100644
--- a/core/src/main/java/org/springframework/security/access/expression/method/MethodSecurityEvaluationContext.java
+++ b/core/src/main/java/org/springframework/security/access/expression/method/MethodSecurityEvaluationContext.java
@@ -20,6 +20,7 @@ import java.lang.reflect.Method;
 import org.aopalliance.intercept.MethodInvocation;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+
 import org.springframework.aop.framework.AopProxyUtils;
 import org.springframework.aop.support.AopUtils;
 import org.springframework.context.expression.MethodBasedEvaluationContext;
diff --git a/core/src/main/java/org/springframework/security/access/expression/method/MethodSecurityExpressionHandler.java b/core/src/main/java/org/springframework/security/access/expression/method/MethodSecurityExpressionHandler.java
index bd0a09c1e7..61bd018875 100644
--- a/core/src/main/java/org/springframework/security/access/expression/method/MethodSecurityExpressionHandler.java
+++ b/core/src/main/java/org/springframework/security/access/expression/method/MethodSecurityExpressionHandler.java
@@ -16,6 +16,7 @@
 package org.springframework.security.access.expression.method;
 
 import org.aopalliance.intercept.MethodInvocation;
+
 import org.springframework.expression.EvaluationContext;
 import org.springframework.expression.Expression;
 import org.springframework.security.access.expression.SecurityExpressionHandler;
diff --git a/core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyAuthoritiesMapper.java b/core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyAuthoritiesMapper.java
index 7a35f967ba..54edf424e8 100644
--- a/core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyAuthoritiesMapper.java
+++ b/core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyAuthoritiesMapper.java
@@ -15,11 +15,11 @@
  */
 package org.springframework.security.access.hierarchicalroles;
 
+import java.util.Collection;
+
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
 
-import java.util.*;
-
 /**
  * @author Luke Taylor
  */
diff --git a/core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyImpl.java b/core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyImpl.java
index 042752da98..e26ce4bc0f 100755
--- a/core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyImpl.java
+++ b/core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyImpl.java
@@ -25,6 +25,7 @@ import java.util.Set;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
diff --git a/core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyUtils.java b/core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyUtils.java
index e8d08f3966..fa609cb40b 100644
--- a/core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyUtils.java
+++ b/core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyUtils.java
@@ -15,13 +15,13 @@
  */
 package org.springframework.security.access.hierarchicalroles;
 
-import org.springframework.util.Assert;
-
 import java.io.PrintWriter;
 import java.io.StringWriter;
 import java.util.List;
 import java.util.Map;
 
+import org.springframework.util.Assert;
+
 /**
  * Utility methods for {@link RoleHierarchy}.
  *
diff --git a/core/src/main/java/org/springframework/security/access/intercept/AbstractSecurityInterceptor.java b/core/src/main/java/org/springframework/security/access/intercept/AbstractSecurityInterceptor.java
index 302ee8276c..693542c831 100644
--- a/core/src/main/java/org/springframework/security/access/intercept/AbstractSecurityInterceptor.java
+++ b/core/src/main/java/org/springframework/security/access/intercept/AbstractSecurityInterceptor.java
@@ -22,6 +22,7 @@ import java.util.Set;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.context.ApplicationEvent;
 import org.springframework.context.ApplicationEventPublisher;
diff --git a/core/src/main/java/org/springframework/security/access/intercept/AfterInvocationProviderManager.java b/core/src/main/java/org/springframework/security/access/intercept/AfterInvocationProviderManager.java
index e8ddfdb39b..05ac387142 100644
--- a/core/src/main/java/org/springframework/security/access/intercept/AfterInvocationProviderManager.java
+++ b/core/src/main/java/org/springframework/security/access/intercept/AfterInvocationProviderManager.java
@@ -22,6 +22,7 @@ import java.util.List;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.access.AfterInvocationProvider;
diff --git a/core/src/main/java/org/springframework/security/access/intercept/MethodInvocationPrivilegeEvaluator.java b/core/src/main/java/org/springframework/security/access/intercept/MethodInvocationPrivilegeEvaluator.java
index d3988e0b5b..5a39f695c8 100644
--- a/core/src/main/java/org/springframework/security/access/intercept/MethodInvocationPrivilegeEvaluator.java
+++ b/core/src/main/java/org/springframework/security/access/intercept/MethodInvocationPrivilegeEvaluator.java
@@ -21,6 +21,7 @@ import java.util.Collection;
 import org.aopalliance.intercept.MethodInvocation;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.access.ConfigAttribute;
diff --git a/core/src/main/java/org/springframework/security/access/intercept/RunAsImplAuthenticationProvider.java b/core/src/main/java/org/springframework/security/access/intercept/RunAsImplAuthenticationProvider.java
index 26056a82d2..7712242d56 100644
--- a/core/src/main/java/org/springframework/security/access/intercept/RunAsImplAuthenticationProvider.java
+++ b/core/src/main/java/org/springframework/security/access/intercept/RunAsImplAuthenticationProvider.java
@@ -16,18 +16,15 @@
 
 package org.springframework.security.access.intercept;
 
+import org.springframework.beans.factory.InitializingBean;
+import org.springframework.context.MessageSource;
+import org.springframework.context.MessageSourceAware;
+import org.springframework.context.support.MessageSourceAccessor;
 import org.springframework.security.authentication.AuthenticationProvider;
 import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.core.SpringSecurityMessageSource;
-
-import org.springframework.beans.factory.InitializingBean;
-
-import org.springframework.context.MessageSource;
-import org.springframework.context.MessageSourceAware;
-import org.springframework.context.support.MessageSourceAccessor;
-
 import org.springframework.util.Assert;
 
 /**
diff --git a/core/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptor.java b/core/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptor.java
index c42435896d..4ecc133fa6 100644
--- a/core/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptor.java
+++ b/core/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptor.java
@@ -16,14 +16,14 @@
 
 package org.springframework.security.access.intercept.aopalliance;
 
+import org.aopalliance.intercept.MethodInterceptor;
+import org.aopalliance.intercept.MethodInvocation;
+
 import org.springframework.security.access.SecurityMetadataSource;
 import org.springframework.security.access.intercept.AbstractSecurityInterceptor;
 import org.springframework.security.access.intercept.InterceptorStatusToken;
 import org.springframework.security.access.method.MethodSecurityMetadataSource;
 
-import org.aopalliance.intercept.MethodInterceptor;
-import org.aopalliance.intercept.MethodInvocation;
-
 /**
  * Provides security interception of AOP Alliance based method invocations.
  * <p>
diff --git a/core/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisor.java b/core/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisor.java
index 739c6e2c2c..c38da9055a 100644
--- a/core/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisor.java
+++ b/core/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisor.java
@@ -20,10 +20,11 @@ import java.io.IOException;
 import java.io.ObjectInputStream;
 import java.io.Serializable;
 import java.lang.reflect.Method;
-import java.util.*;
+import java.util.Collection;
 
 import org.aopalliance.aop.Advice;
 import org.aopalliance.intercept.MethodInterceptor;
+
 import org.springframework.aop.Pointcut;
 import org.springframework.aop.support.AbstractPointcutAdvisor;
 import org.springframework.aop.support.StaticMethodMatcherPointcut;
diff --git a/core/src/main/java/org/springframework/security/access/intercept/aspectj/AspectJMethodSecurityInterceptor.java b/core/src/main/java/org/springframework/security/access/intercept/aspectj/AspectJMethodSecurityInterceptor.java
index 2b9fcbe2e6..70e86503cc 100644
--- a/core/src/main/java/org/springframework/security/access/intercept/aspectj/AspectJMethodSecurityInterceptor.java
+++ b/core/src/main/java/org/springframework/security/access/intercept/aspectj/AspectJMethodSecurityInterceptor.java
@@ -16,6 +16,7 @@
 package org.springframework.security.access.intercept.aspectj;
 
 import org.aspectj.lang.JoinPoint;
+
 import org.springframework.security.access.intercept.InterceptorStatusToken;
 import org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor;
 
diff --git a/core/src/main/java/org/springframework/security/access/method/AbstractFallbackMethodSecurityMetadataSource.java b/core/src/main/java/org/springframework/security/access/method/AbstractFallbackMethodSecurityMetadataSource.java
index 61627c34fe..d82f417a72 100644
--- a/core/src/main/java/org/springframework/security/access/method/AbstractFallbackMethodSecurityMetadataSource.java
+++ b/core/src/main/java/org/springframework/security/access/method/AbstractFallbackMethodSecurityMetadataSource.java
@@ -16,7 +16,8 @@
 package org.springframework.security.access.method;
 
 import java.lang.reflect.Method;
-import java.util.*;
+import java.util.Collection;
+import java.util.Collections;
 
 import org.springframework.aop.support.AopUtils;
 import org.springframework.security.access.ConfigAttribute;
diff --git a/core/src/main/java/org/springframework/security/access/method/AbstractMethodSecurityMetadataSource.java b/core/src/main/java/org/springframework/security/access/method/AbstractMethodSecurityMetadataSource.java
index f31d87dea5..11a0d0dd50 100644
--- a/core/src/main/java/org/springframework/security/access/method/AbstractMethodSecurityMetadataSource.java
+++ b/core/src/main/java/org/springframework/security/access/method/AbstractMethodSecurityMetadataSource.java
@@ -21,6 +21,7 @@ import java.util.Collection;
 import org.aopalliance.intercept.MethodInvocation;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+
 import org.springframework.aop.framework.AopProxyUtils;
 import org.springframework.security.access.ConfigAttribute;
 
diff --git a/core/src/main/java/org/springframework/security/access/prepost/PostInvocationAdviceProvider.java b/core/src/main/java/org/springframework/security/access/prepost/PostInvocationAdviceProvider.java
index 28218b7885..3b2f04d843 100644
--- a/core/src/main/java/org/springframework/security/access/prepost/PostInvocationAdviceProvider.java
+++ b/core/src/main/java/org/springframework/security/access/prepost/PostInvocationAdviceProvider.java
@@ -20,6 +20,7 @@ import java.util.Collection;
 import org.aopalliance.intercept.MethodInvocation;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.access.AfterInvocationProvider;
 import org.springframework.security.access.ConfigAttribute;
diff --git a/core/src/main/java/org/springframework/security/access/prepost/PostInvocationAuthorizationAdvice.java b/core/src/main/java/org/springframework/security/access/prepost/PostInvocationAuthorizationAdvice.java
index 78f2e4b4ab..5055b1bdae 100644
--- a/core/src/main/java/org/springframework/security/access/prepost/PostInvocationAuthorizationAdvice.java
+++ b/core/src/main/java/org/springframework/security/access/prepost/PostInvocationAuthorizationAdvice.java
@@ -16,6 +16,7 @@
 package org.springframework.security.access.prepost;
 
 import org.aopalliance.intercept.MethodInvocation;
+
 import org.springframework.aop.framework.AopInfrastructureBean;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.core.Authentication;
diff --git a/core/src/main/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdvice.java b/core/src/main/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdvice.java
index 1f6f75ffe7..066bdfe89c 100644
--- a/core/src/main/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdvice.java
+++ b/core/src/main/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdvice.java
@@ -16,6 +16,7 @@
 package org.springframework.security.access.prepost;
 
 import org.aopalliance.intercept.MethodInvocation;
+
 import org.springframework.aop.framework.AopInfrastructureBean;
 import org.springframework.security.core.Authentication;
 
diff --git a/core/src/main/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdviceVoter.java b/core/src/main/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdviceVoter.java
index 7c89e1c23b..b77cfb6e6f 100644
--- a/core/src/main/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdviceVoter.java
+++ b/core/src/main/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdviceVoter.java
@@ -20,6 +20,7 @@ import java.util.Collection;
 import org.aopalliance.intercept.MethodInvocation;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+
 import org.springframework.security.access.AccessDecisionVoter;
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.core.Authentication;
diff --git a/core/src/main/java/org/springframework/security/access/prepost/PrePostAdviceReactiveMethodInterceptor.java b/core/src/main/java/org/springframework/security/access/prepost/PrePostAdviceReactiveMethodInterceptor.java
index debb0dce37..e8c48d155c 100644
--- a/core/src/main/java/org/springframework/security/access/prepost/PrePostAdviceReactiveMethodInterceptor.java
+++ b/core/src/main/java/org/springframework/security/access/prepost/PrePostAdviceReactiveMethodInterceptor.java
@@ -16,9 +16,16 @@
 
 package org.springframework.security.access.prepost;
 
+import java.lang.reflect.Method;
+import java.util.Collection;
+
 import org.aopalliance.intercept.MethodInterceptor;
 import org.aopalliance.intercept.MethodInvocation;
 import org.reactivestreams.Publisher;
+import reactor.core.Exceptions;
+import reactor.core.publisher.Flux;
+import reactor.core.publisher.Mono;
+
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.access.method.MethodSecurityMetadataSource;
@@ -28,12 +35,6 @@ import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.core.context.ReactiveSecurityContextHolder;
 import org.springframework.security.core.context.SecurityContext;
 import org.springframework.util.Assert;
-import reactor.core.Exceptions;
-import reactor.core.publisher.Flux;
-import reactor.core.publisher.Mono;
-
-import java.lang.reflect.Method;
-import java.util.Collection;
 
 /**
  * A {@link MethodInterceptor} that supports {@link PreAuthorize} and
diff --git a/core/src/main/java/org/springframework/security/access/vote/AbstractAccessDecisionManager.java b/core/src/main/java/org/springframework/security/access/vote/AbstractAccessDecisionManager.java
index aeb22831a0..d591a7aa73 100644
--- a/core/src/main/java/org/springframework/security/access/vote/AbstractAccessDecisionManager.java
+++ b/core/src/main/java/org/springframework/security/access/vote/AbstractAccessDecisionManager.java
@@ -20,15 +20,16 @@ import java.util.List;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+
+import org.springframework.beans.factory.InitializingBean;
+import org.springframework.context.MessageSource;
+import org.springframework.context.MessageSourceAware;
+import org.springframework.context.support.MessageSourceAccessor;
 import org.springframework.security.access.AccessDecisionManager;
 import org.springframework.security.access.AccessDecisionVoter;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.core.SpringSecurityMessageSource;
-import org.springframework.beans.factory.InitializingBean;
-import org.springframework.context.MessageSource;
-import org.springframework.context.MessageSourceAware;
-import org.springframework.context.support.MessageSourceAccessor;
 import org.springframework.util.Assert;
 
 /**
diff --git a/core/src/main/java/org/springframework/security/access/vote/AbstractAclVoter.java b/core/src/main/java/org/springframework/security/access/vote/AbstractAclVoter.java
index ae26fd02b1..480b8dc205 100644
--- a/core/src/main/java/org/springframework/security/access/vote/AbstractAclVoter.java
+++ b/core/src/main/java/org/springframework/security/access/vote/AbstractAclVoter.java
@@ -16,6 +16,7 @@
 package org.springframework.security.access.vote;
 
 import org.aopalliance.intercept.MethodInvocation;
+
 import org.springframework.security.access.AccessDecisionVoter;
 import org.springframework.security.access.AuthorizationServiceException;
 import org.springframework.util.Assert;
diff --git a/core/src/main/java/org/springframework/security/access/vote/AffirmativeBased.java b/core/src/main/java/org/springframework/security/access/vote/AffirmativeBased.java
index 3f0d3e4502..5e58261bae 100644
--- a/core/src/main/java/org/springframework/security/access/vote/AffirmativeBased.java
+++ b/core/src/main/java/org/springframework/security/access/vote/AffirmativeBased.java
@@ -16,7 +16,8 @@
 
 package org.springframework.security.access.vote;
 
-import java.util.*;
+import java.util.Collection;
+import java.util.List;
 
 import org.springframework.security.access.AccessDecisionVoter;
 import org.springframework.security.access.AccessDeniedException;
diff --git a/core/src/main/java/org/springframework/security/access/vote/ConsensusBased.java b/core/src/main/java/org/springframework/security/access/vote/ConsensusBased.java
index c66d639e30..a060200f70 100644
--- a/core/src/main/java/org/springframework/security/access/vote/ConsensusBased.java
+++ b/core/src/main/java/org/springframework/security/access/vote/ConsensusBased.java
@@ -16,7 +16,8 @@
 
 package org.springframework.security.access.vote;
 
-import java.util.*;
+import java.util.Collection;
+import java.util.List;
 
 import org.springframework.security.access.AccessDecisionVoter;
 import org.springframework.security.access.AccessDeniedException;
diff --git a/core/src/main/java/org/springframework/security/authentication/AbstractAuthenticationToken.java b/core/src/main/java/org/springframework/security/authentication/AbstractAuthenticationToken.java
index 9f87117cce..8df8fc9fd2 100644
--- a/core/src/main/java/org/springframework/security/authentication/AbstractAuthenticationToken.java
+++ b/core/src/main/java/org/springframework/security/authentication/AbstractAuthenticationToken.java
@@ -21,10 +21,10 @@ import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Collections;
 
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.core.CredentialsContainer;
 import org.springframework.security.core.AuthenticatedPrincipal;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.CredentialsContainer;
+import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.core.userdetails.UserDetails;
 
diff --git a/core/src/main/java/org/springframework/security/authentication/AccountStatusUserDetailsChecker.java b/core/src/main/java/org/springframework/security/authentication/AccountStatusUserDetailsChecker.java
index 0157393a87..f8b0015531 100644
--- a/core/src/main/java/org/springframework/security/authentication/AccountStatusUserDetailsChecker.java
+++ b/core/src/main/java/org/springframework/security/authentication/AccountStatusUserDetailsChecker.java
@@ -17,10 +17,10 @@ package org.springframework.security.authentication;
 
 import org.springframework.context.MessageSource;
 import org.springframework.context.MessageSourceAware;
+import org.springframework.context.support.MessageSourceAccessor;
 import org.springframework.security.core.SpringSecurityMessageSource;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsChecker;
-import org.springframework.context.support.MessageSourceAccessor;
 import org.springframework.util.Assert;
 
 /**
diff --git a/core/src/main/java/org/springframework/security/authentication/DefaultAuthenticationEventPublisher.java b/core/src/main/java/org/springframework/security/authentication/DefaultAuthenticationEventPublisher.java
index 5749fde2eb..10619ceebb 100644
--- a/core/src/main/java/org/springframework/security/authentication/DefaultAuthenticationEventPublisher.java
+++ b/core/src/main/java/org/springframework/security/authentication/DefaultAuthenticationEventPublisher.java
@@ -17,10 +17,13 @@ package org.springframework.security.authentication;
 
 import java.lang.reflect.Constructor;
 import java.lang.reflect.InvocationTargetException;
-import java.util.*;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Properties;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+
 import org.springframework.context.ApplicationEventPublisher;
 import org.springframework.context.ApplicationEventPublisherAware;
 import org.springframework.security.authentication.event.AbstractAuthenticationEvent;
diff --git a/core/src/main/java/org/springframework/security/authentication/DelegatingReactiveAuthenticationManager.java b/core/src/main/java/org/springframework/security/authentication/DelegatingReactiveAuthenticationManager.java
index cd6c7d1ef2..6cbdae5df3 100644
--- a/core/src/main/java/org/springframework/security/authentication/DelegatingReactiveAuthenticationManager.java
+++ b/core/src/main/java/org/springframework/security/authentication/DelegatingReactiveAuthenticationManager.java
@@ -19,12 +19,12 @@ package org.springframework.security.authentication;
 import java.util.Arrays;
 import java.util.List;
 
-import org.springframework.security.core.Authentication;
-import org.springframework.util.Assert;
-
 import reactor.core.publisher.Flux;
 import reactor.core.publisher.Mono;
 
+import org.springframework.security.core.Authentication;
+import org.springframework.util.Assert;
+
 /**
  * A {@link ReactiveAuthenticationManager} that delegates to other
  * {@link ReactiveAuthenticationManager} instances using the result from the first non
diff --git a/core/src/main/java/org/springframework/security/authentication/ProviderManager.java b/core/src/main/java/org/springframework/security/authentication/ProviderManager.java
index 3e052d4bc3..5a84c15b0a 100644
--- a/core/src/main/java/org/springframework/security/authentication/ProviderManager.java
+++ b/core/src/main/java/org/springframework/security/authentication/ProviderManager.java
@@ -21,6 +21,7 @@ import java.util.List;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.context.MessageSource;
 import org.springframework.context.MessageSourceAware;
diff --git a/core/src/main/java/org/springframework/security/authentication/ReactiveAuthenticationManager.java b/core/src/main/java/org/springframework/security/authentication/ReactiveAuthenticationManager.java
index 806e0cd2f5..6f4d7cc8db 100644
--- a/core/src/main/java/org/springframework/security/authentication/ReactiveAuthenticationManager.java
+++ b/core/src/main/java/org/springframework/security/authentication/ReactiveAuthenticationManager.java
@@ -15,10 +15,10 @@
  */
 package org.springframework.security.authentication;
 
-import org.springframework.security.core.Authentication;
-
 import reactor.core.publisher.Mono;
 
+import org.springframework.security.core.Authentication;
+
 /**
  * Determines if the provided {@link Authentication} can be authenticated.
  *
diff --git a/core/src/main/java/org/springframework/security/authentication/ReactiveAuthenticationManagerAdapter.java b/core/src/main/java/org/springframework/security/authentication/ReactiveAuthenticationManagerAdapter.java
index a26649dbc2..88bec60958 100644
--- a/core/src/main/java/org/springframework/security/authentication/ReactiveAuthenticationManagerAdapter.java
+++ b/core/src/main/java/org/springframework/security/authentication/ReactiveAuthenticationManagerAdapter.java
@@ -15,12 +15,13 @@
  */
 package org.springframework.security.authentication;
 
-import org.springframework.security.core.Authentication;
-import org.springframework.util.Assert;
 import reactor.core.publisher.Mono;
 import reactor.core.scheduler.Scheduler;
 import reactor.core.scheduler.Schedulers;
 
+import org.springframework.security.core.Authentication;
+import org.springframework.util.Assert;
+
 /**
  * Adapts an AuthenticationManager to the reactive APIs. This is somewhat necessary
  * because many of the ways that credentials are stored (i.e. JDBC, LDAP, etc) do not have
diff --git a/core/src/main/java/org/springframework/security/authentication/ReactiveAuthenticationManagerResolver.java b/core/src/main/java/org/springframework/security/authentication/ReactiveAuthenticationManagerResolver.java
index 705eb3969e..6594f896c6 100644
--- a/core/src/main/java/org/springframework/security/authentication/ReactiveAuthenticationManagerResolver.java
+++ b/core/src/main/java/org/springframework/security/authentication/ReactiveAuthenticationManagerResolver.java
@@ -16,8 +16,6 @@
 
 package org.springframework.security.authentication;
 
-import org.springframework.security.authentication.ReactiveAuthenticationManager;
-
 import reactor.core.publisher.Mono;
 
 /**
diff --git a/core/src/main/java/org/springframework/security/authentication/TestingAuthenticationToken.java b/core/src/main/java/org/springframework/security/authentication/TestingAuthenticationToken.java
index 1fbdd5f464..634f9f446e 100644
--- a/core/src/main/java/org/springframework/security/authentication/TestingAuthenticationToken.java
+++ b/core/src/main/java/org/springframework/security/authentication/TestingAuthenticationToken.java
@@ -16,11 +16,11 @@
 
 package org.springframework.security.authentication;
 
+import java.util.List;
+
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.AuthorityUtils;
 
-import java.util.List;
-
 /**
  * An {@link org.springframework.security.core.Authentication} implementation that is
  * designed for use whilst unit testing.
diff --git a/core/src/main/java/org/springframework/security/authentication/dao/AbstractUserDetailsAuthenticationProvider.java b/core/src/main/java/org/springframework/security/authentication/dao/AbstractUserDetailsAuthenticationProvider.java
index 72b2d78d8c..36ed0cd429 100644
--- a/core/src/main/java/org/springframework/security/authentication/dao/AbstractUserDetailsAuthenticationProvider.java
+++ b/core/src/main/java/org/springframework/security/authentication/dao/AbstractUserDetailsAuthenticationProvider.java
@@ -18,6 +18,11 @@ package org.springframework.security.authentication.dao;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+
+import org.springframework.beans.factory.InitializingBean;
+import org.springframework.context.MessageSource;
+import org.springframework.context.MessageSourceAware;
+import org.springframework.context.support.MessageSourceAccessor;
 import org.springframework.security.authentication.AccountExpiredException;
 import org.springframework.security.authentication.AuthenticationProvider;
 import org.springframework.security.authentication.BadCredentialsException;
@@ -36,13 +41,6 @@ import org.springframework.security.core.userdetails.UserDetailsChecker;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.security.core.userdetails.cache.NullUserCache;
-
-import org.springframework.beans.factory.InitializingBean;
-
-import org.springframework.context.MessageSource;
-import org.springframework.context.MessageSourceAware;
-import org.springframework.context.support.MessageSourceAccessor;
-
 import org.springframework.util.Assert;
 
 /**
diff --git a/core/src/main/java/org/springframework/security/authentication/dao/DaoAuthenticationProvider.java b/core/src/main/java/org/springframework/security/authentication/dao/DaoAuthenticationProvider.java
index e9e22da87d..4fc4a67168 100644
--- a/core/src/main/java/org/springframework/security/authentication/dao/DaoAuthenticationProvider.java
+++ b/core/src/main/java/org/springframework/security/authentication/dao/DaoAuthenticationProvider.java
@@ -23,11 +23,11 @@ import org.springframework.security.authentication.UsernamePasswordAuthenticatio
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsPasswordService;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.security.crypto.factory.PasswordEncoderFactories;
 import org.springframework.security.crypto.password.PasswordEncoder;
-import org.springframework.security.core.userdetails.UserDetailsPasswordService;
 import org.springframework.util.Assert;
 
 /**
diff --git a/core/src/main/java/org/springframework/security/authentication/event/AbstractAuthenticationEvent.java b/core/src/main/java/org/springframework/security/authentication/event/AbstractAuthenticationEvent.java
index e257eab277..20c4ed54ba 100644
--- a/core/src/main/java/org/springframework/security/authentication/event/AbstractAuthenticationEvent.java
+++ b/core/src/main/java/org/springframework/security/authentication/event/AbstractAuthenticationEvent.java
@@ -16,9 +16,8 @@
 
 package org.springframework.security.authentication.event;
 
-import org.springframework.security.core.Authentication;
-
 import org.springframework.context.ApplicationEvent;
+import org.springframework.security.core.Authentication;
 
 /**
  * Represents an application authentication event.
diff --git a/core/src/main/java/org/springframework/security/authentication/event/AbstractAuthenticationFailureEvent.java b/core/src/main/java/org/springframework/security/authentication/event/AbstractAuthenticationFailureEvent.java
index d9928db38d..b1cb398631 100644
--- a/core/src/main/java/org/springframework/security/authentication/event/AbstractAuthenticationFailureEvent.java
+++ b/core/src/main/java/org/springframework/security/authentication/event/AbstractAuthenticationFailureEvent.java
@@ -18,7 +18,6 @@ package org.springframework.security.authentication.event;
 
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
-
 import org.springframework.util.Assert;
 
 /**
diff --git a/core/src/main/java/org/springframework/security/authentication/event/InteractiveAuthenticationSuccessEvent.java b/core/src/main/java/org/springframework/security/authentication/event/InteractiveAuthenticationSuccessEvent.java
index a7c36a5b53..6388b4b752 100644
--- a/core/src/main/java/org/springframework/security/authentication/event/InteractiveAuthenticationSuccessEvent.java
+++ b/core/src/main/java/org/springframework/security/authentication/event/InteractiveAuthenticationSuccessEvent.java
@@ -17,7 +17,6 @@
 package org.springframework.security.authentication.event;
 
 import org.springframework.security.core.Authentication;
-
 import org.springframework.util.Assert;
 
 /**
diff --git a/core/src/main/java/org/springframework/security/authentication/event/LoggerListener.java b/core/src/main/java/org/springframework/security/authentication/event/LoggerListener.java
index d322e2891e..16ef4430f4 100644
--- a/core/src/main/java/org/springframework/security/authentication/event/LoggerListener.java
+++ b/core/src/main/java/org/springframework/security/authentication/event/LoggerListener.java
@@ -18,6 +18,7 @@ package org.springframework.security.authentication.event;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+
 import org.springframework.context.ApplicationListener;
 import org.springframework.util.ClassUtils;
 
diff --git a/core/src/main/java/org/springframework/security/authentication/jaas/AuthorityGranter.java b/core/src/main/java/org/springframework/security/authentication/jaas/AuthorityGranter.java
index db15f76e80..cc04dc8de5 100644
--- a/core/src/main/java/org/springframework/security/authentication/jaas/AuthorityGranter.java
+++ b/core/src/main/java/org/springframework/security/authentication/jaas/AuthorityGranter.java
@@ -17,7 +17,6 @@
 package org.springframework.security.authentication.jaas;
 
 import java.security.Principal;
-
 import java.util.Set;
 
 /**
diff --git a/core/src/main/java/org/springframework/security/authentication/jaas/DefaultLoginExceptionResolver.java b/core/src/main/java/org/springframework/security/authentication/jaas/DefaultLoginExceptionResolver.java
index 76c9922d34..f57dccff61 100644
--- a/core/src/main/java/org/springframework/security/authentication/jaas/DefaultLoginExceptionResolver.java
+++ b/core/src/main/java/org/springframework/security/authentication/jaas/DefaultLoginExceptionResolver.java
@@ -16,11 +16,11 @@
 
 package org.springframework.security.authentication.jaas;
 
+import javax.security.auth.login.LoginException;
+
 import org.springframework.security.authentication.AuthenticationServiceException;
 import org.springframework.security.core.AuthenticationException;
 
-import javax.security.auth.login.LoginException;
-
 /**
  * This LoginExceptionResolver simply wraps the LoginException with an
  * AuthenticationServiceException.
diff --git a/core/src/main/java/org/springframework/security/authentication/jaas/JaasAuthenticationCallbackHandler.java b/core/src/main/java/org/springframework/security/authentication/jaas/JaasAuthenticationCallbackHandler.java
index 3ee240025e..3dd70455e6 100644
--- a/core/src/main/java/org/springframework/security/authentication/jaas/JaasAuthenticationCallbackHandler.java
+++ b/core/src/main/java/org/springframework/security/authentication/jaas/JaasAuthenticationCallbackHandler.java
@@ -17,6 +17,7 @@
 package org.springframework.security.authentication.jaas;
 
 import java.io.IOException;
+
 import javax.security.auth.callback.Callback;
 import javax.security.auth.callback.UnsupportedCallbackException;
 
diff --git a/core/src/main/java/org/springframework/security/authentication/jaas/JaasAuthenticationToken.java b/core/src/main/java/org/springframework/security/authentication/jaas/JaasAuthenticationToken.java
index 99c5c48fd9..05690f7afd 100644
--- a/core/src/main/java/org/springframework/security/authentication/jaas/JaasAuthenticationToken.java
+++ b/core/src/main/java/org/springframework/security/authentication/jaas/JaasAuthenticationToken.java
@@ -18,12 +18,12 @@ package org.springframework.security.authentication.jaas;
 
 import java.util.List;
 
+import javax.security.auth.login.LoginContext;
+
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.SpringSecurityCoreVersion;
 
-import javax.security.auth.login.LoginContext;
-
 /**
  * UsernamePasswordAuthenticationToken extension to carry the Jaas LoginContext that the
  * user was logged into
diff --git a/core/src/main/java/org/springframework/security/authentication/jaas/JaasGrantedAuthority.java b/core/src/main/java/org/springframework/security/authentication/jaas/JaasGrantedAuthority.java
index b16a49bec6..c322f730a4 100644
--- a/core/src/main/java/org/springframework/security/authentication/jaas/JaasGrantedAuthority.java
+++ b/core/src/main/java/org/springframework/security/authentication/jaas/JaasGrantedAuthority.java
@@ -16,12 +16,12 @@
 
 package org.springframework.security.authentication.jaas;
 
+import java.security.Principal;
+
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.SpringSecurityCoreVersion;
 import org.springframework.util.Assert;
 
-import java.security.Principal;
-
 /**
  * {@code GrantedAuthority} which, in addition to the assigned role, holds the principal
  * that an {@link AuthorityGranter} used as a reason to grant this authority.
diff --git a/core/src/main/java/org/springframework/security/authentication/jaas/JaasNameCallbackHandler.java b/core/src/main/java/org/springframework/security/authentication/jaas/JaasNameCallbackHandler.java
index 1d62d13e85..40795ee6f4 100644
--- a/core/src/main/java/org/springframework/security/authentication/jaas/JaasNameCallbackHandler.java
+++ b/core/src/main/java/org/springframework/security/authentication/jaas/JaasNameCallbackHandler.java
@@ -16,12 +16,12 @@
 
 package org.springframework.security.authentication.jaas;
 
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.userdetails.UserDetails;
-
 import javax.security.auth.callback.Callback;
 import javax.security.auth.callback.NameCallback;
 
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.userdetails.UserDetails;
+
 /**
  * The most basic Callbacks to be handled when using a LoginContext from JAAS, are the
  * NameCallback and PasswordCallback. Spring Security provides the JaasNameCallbackHandler
diff --git a/core/src/main/java/org/springframework/security/authentication/jaas/JaasPasswordCallbackHandler.java b/core/src/main/java/org/springframework/security/authentication/jaas/JaasPasswordCallbackHandler.java
index cb2a5994b3..5d3bb4e8aa 100644
--- a/core/src/main/java/org/springframework/security/authentication/jaas/JaasPasswordCallbackHandler.java
+++ b/core/src/main/java/org/springframework/security/authentication/jaas/JaasPasswordCallbackHandler.java
@@ -16,11 +16,11 @@
 
 package org.springframework.security.authentication.jaas;
 
-import org.springframework.security.core.Authentication;
-
 import javax.security.auth.callback.Callback;
 import javax.security.auth.callback.PasswordCallback;
 
+import org.springframework.security.core.Authentication;
+
 /**
  * The most basic Callbacks to be handled when using a LoginContext from JAAS, are the
  * NameCallback and PasswordCallback. Spring Security provides the
diff --git a/core/src/main/java/org/springframework/security/authentication/jaas/LoginExceptionResolver.java b/core/src/main/java/org/springframework/security/authentication/jaas/LoginExceptionResolver.java
index 4837684dfa..e086ef35a0 100644
--- a/core/src/main/java/org/springframework/security/authentication/jaas/LoginExceptionResolver.java
+++ b/core/src/main/java/org/springframework/security/authentication/jaas/LoginExceptionResolver.java
@@ -16,10 +16,10 @@
 
 package org.springframework.security.authentication.jaas;
 
-import org.springframework.security.core.AuthenticationException;
-
 import javax.security.auth.login.LoginException;
 
+import org.springframework.security.core.AuthenticationException;
+
 /**
  * The JaasAuthenticationProvider takes an instance of LoginExceptionResolver to resolve
  * LoginModule specific exceptions to Spring Security <tt>AuthenticationException</tt>s.
diff --git a/core/src/main/java/org/springframework/security/authentication/jaas/SecurityContextLoginModule.java b/core/src/main/java/org/springframework/security/authentication/jaas/SecurityContextLoginModule.java
index c0c326c266..4599d0387a 100644
--- a/core/src/main/java/org/springframework/security/authentication/jaas/SecurityContextLoginModule.java
+++ b/core/src/main/java/org/springframework/security/authentication/jaas/SecurityContextLoginModule.java
@@ -16,12 +16,6 @@
 
 package org.springframework.security.authentication.jaas;
 
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.context.SecurityContextHolder;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
 import java.util.Map;
 
 import javax.security.auth.Subject;
@@ -29,6 +23,12 @@ import javax.security.auth.callback.CallbackHandler;
 import javax.security.auth.login.LoginException;
 import javax.security.auth.spi.LoginModule;
 
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+
 /**
  * An implementation of {@link LoginModule} that uses a Spring Security
  * {@link org.springframework.security.core.context.SecurityContext SecurityContext} to
diff --git a/core/src/main/java/org/springframework/security/authentication/jaas/event/JaasAuthenticationEvent.java b/core/src/main/java/org/springframework/security/authentication/jaas/event/JaasAuthenticationEvent.java
index b2548a2893..4ed01dcb87 100644
--- a/core/src/main/java/org/springframework/security/authentication/jaas/event/JaasAuthenticationEvent.java
+++ b/core/src/main/java/org/springframework/security/authentication/jaas/event/JaasAuthenticationEvent.java
@@ -16,9 +16,8 @@
 
 package org.springframework.security.authentication.jaas.event;
 
-import org.springframework.security.core.Authentication;
-
 import org.springframework.context.ApplicationEvent;
+import org.springframework.security.core.Authentication;
 
 /**
  * Parent class for events fired by the
diff --git a/core/src/main/java/org/springframework/security/context/DelegatingApplicationListener.java b/core/src/main/java/org/springframework/security/context/DelegatingApplicationListener.java
index 331741fc8f..ddf216a9bb 100644
--- a/core/src/main/java/org/springframework/security/context/DelegatingApplicationListener.java
+++ b/core/src/main/java/org/springframework/security/context/DelegatingApplicationListener.java
@@ -15,14 +15,14 @@
  */
 package org.springframework.security.context;
 
+import java.util.List;
+import java.util.concurrent.CopyOnWriteArrayList;
+
 import org.springframework.context.ApplicationEvent;
 import org.springframework.context.ApplicationListener;
 import org.springframework.context.event.SmartApplicationListener;
 import org.springframework.util.Assert;
 
-import java.util.List;
-import java.util.concurrent.CopyOnWriteArrayList;
-
 /**
  * Used for delegating to a number of SmartApplicationListener instances. This is useful
  * when needing to register an SmartApplicationListener with the ApplicationContext
diff --git a/core/src/main/java/org/springframework/security/converter/RsaKeyConverters.java b/core/src/main/java/org/springframework/security/converter/RsaKeyConverters.java
index 79df65af8a..94526af4f3 100644
--- a/core/src/main/java/org/springframework/security/converter/RsaKeyConverters.java
+++ b/core/src/main/java/org/springframework/security/converter/RsaKeyConverters.java
@@ -16,8 +16,8 @@
 
 package org.springframework.security.converter;
 
-import java.io.InputStream;
 import java.io.BufferedReader;
+import java.io.InputStream;
 import java.io.InputStreamReader;
 import java.security.KeyFactory;
 import java.security.NoSuchAlgorithmException;
@@ -25,8 +25,8 @@ import java.security.interfaces.RSAPrivateKey;
 import java.security.interfaces.RSAPublicKey;
 import java.security.spec.PKCS8EncodedKeySpec;
 import java.security.spec.X509EncodedKeySpec;
-import java.util.List;
 import java.util.Base64;
+import java.util.List;
 import java.util.stream.Collectors;
 
 import org.springframework.core.convert.converter.Converter;
diff --git a/core/src/main/java/org/springframework/security/core/SpringSecurityCoreVersion.java b/core/src/main/java/org/springframework/security/core/SpringSecurityCoreVersion.java
index b2252bb08d..775298ce1f 100644
--- a/core/src/main/java/org/springframework/security/core/SpringSecurityCoreVersion.java
+++ b/core/src/main/java/org/springframework/security/core/SpringSecurityCoreVersion.java
@@ -15,14 +15,14 @@
  */
 package org.springframework.security.core;
 
+import java.io.IOException;
+import java.util.Properties;
+
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
 import org.springframework.core.SpringVersion;
 
-import java.io.IOException;
-import java.util.Properties;
-
 /**
  * Internal class used for checking version compatibility in a deployed application.
  *
diff --git a/core/src/main/java/org/springframework/security/core/authority/AuthorityUtils.java b/core/src/main/java/org/springframework/security/core/authority/AuthorityUtils.java
index 9dac63b949..3eafeb6e61 100644
--- a/core/src/main/java/org/springframework/security/core/authority/AuthorityUtils.java
+++ b/core/src/main/java/org/springframework/security/core/authority/AuthorityUtils.java
@@ -23,8 +23,8 @@ import java.util.List;
 import java.util.Set;
 
 import org.springframework.security.core.GrantedAuthority;
-import org.springframework.util.StringUtils;
 import org.springframework.util.Assert;
+import org.springframework.util.StringUtils;
 
 /**
  * Utility method for manipulating <tt>GrantedAuthority</tt> collections etc.
diff --git a/core/src/main/java/org/springframework/security/core/authority/GrantedAuthoritiesContainer.java b/core/src/main/java/org/springframework/security/core/authority/GrantedAuthoritiesContainer.java
index 1c7c00eb70..e994a19a49 100644
--- a/core/src/main/java/org/springframework/security/core/authority/GrantedAuthoritiesContainer.java
+++ b/core/src/main/java/org/springframework/security/core/authority/GrantedAuthoritiesContainer.java
@@ -16,7 +16,7 @@
 package org.springframework.security.core.authority;
 
 import java.io.Serializable;
-import java.util.*;
+import java.util.Collection;
 
 import org.springframework.security.core.GrantedAuthority;
 
diff --git a/core/src/main/java/org/springframework/security/core/authority/mapping/GrantedAuthoritiesMapper.java b/core/src/main/java/org/springframework/security/core/authority/mapping/GrantedAuthoritiesMapper.java
index 61ba162fbd..6d5621bdea 100644
--- a/core/src/main/java/org/springframework/security/core/authority/mapping/GrantedAuthoritiesMapper.java
+++ b/core/src/main/java/org/springframework/security/core/authority/mapping/GrantedAuthoritiesMapper.java
@@ -15,9 +15,9 @@
  */
 package org.springframework.security.core.authority.mapping;
 
-import org.springframework.security.core.GrantedAuthority;
+import java.util.Collection;
 
-import java.util.*;
+import org.springframework.security.core.GrantedAuthority;
 
 /**
  * Mapping interface which can be injected into the authentication layer to convert the
diff --git a/core/src/main/java/org/springframework/security/core/authority/mapping/MapBasedAttributes2GrantedAuthoritiesMapper.java b/core/src/main/java/org/springframework/security/core/authority/mapping/MapBasedAttributes2GrantedAuthoritiesMapper.java
index c24231f347..22641c5618 100755
--- a/core/src/main/java/org/springframework/security/core/authority/mapping/MapBasedAttributes2GrantedAuthoritiesMapper.java
+++ b/core/src/main/java/org/springframework/security/core/authority/mapping/MapBasedAttributes2GrantedAuthoritiesMapper.java
@@ -15,7 +15,14 @@
  */
 package org.springframework.security.core.authority.mapping;
 
-import java.util.*;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import java.util.StringTokenizer;
 
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.security.core.GrantedAuthority;
diff --git a/core/src/main/java/org/springframework/security/core/authority/mapping/NullAuthoritiesMapper.java b/core/src/main/java/org/springframework/security/core/authority/mapping/NullAuthoritiesMapper.java
index 05c971b775..fad572a925 100644
--- a/core/src/main/java/org/springframework/security/core/authority/mapping/NullAuthoritiesMapper.java
+++ b/core/src/main/java/org/springframework/security/core/authority/mapping/NullAuthoritiesMapper.java
@@ -15,9 +15,9 @@
  */
 package org.springframework.security.core.authority.mapping;
 
-import org.springframework.security.core.GrantedAuthority;
+import java.util.Collection;
 
-import java.util.*;
+import org.springframework.security.core.GrantedAuthority;
 
 /**
  * @author Luke Taylor
diff --git a/core/src/main/java/org/springframework/security/core/authority/mapping/SimpleAttributes2GrantedAuthoritiesMapper.java b/core/src/main/java/org/springframework/security/core/authority/mapping/SimpleAttributes2GrantedAuthoritiesMapper.java
index 9d1eec38af..76f94a433d 100755
--- a/core/src/main/java/org/springframework/security/core/authority/mapping/SimpleAttributes2GrantedAuthoritiesMapper.java
+++ b/core/src/main/java/org/springframework/security/core/authority/mapping/SimpleAttributes2GrantedAuthoritiesMapper.java
@@ -15,15 +15,14 @@
  */
 package org.springframework.security.core.authority.mapping;
 
-import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.core.authority.SimpleGrantedAuthority;
-
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.List;
 import java.util.Locale;
 
 import org.springframework.beans.factory.InitializingBean;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.util.Assert;
 
 /**
diff --git a/core/src/main/java/org/springframework/security/core/authority/mapping/SimpleAuthorityMapper.java b/core/src/main/java/org/springframework/security/core/authority/mapping/SimpleAuthorityMapper.java
index 3615b7e606..5daa983b21 100644
--- a/core/src/main/java/org/springframework/security/core/authority/mapping/SimpleAuthorityMapper.java
+++ b/core/src/main/java/org/springframework/security/core/authority/mapping/SimpleAuthorityMapper.java
@@ -15,13 +15,15 @@
  */
 package org.springframework.security.core.authority.mapping;
 
+import java.util.Collection;
+import java.util.HashSet;
+import java.util.Set;
+
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.util.Assert;
 
-import java.util.*;
-
 /**
  * Simple one-to-one {@code GrantedAuthoritiesMapper} which allows for case conversion of
  * the authority name and the addition of a string prefix (which defaults to {@code ROLE_}
diff --git a/core/src/main/java/org/springframework/security/core/context/ReactiveSecurityContextHolder.java b/core/src/main/java/org/springframework/security/core/context/ReactiveSecurityContextHolder.java
index fc5e0dca2e..07e988f54d 100644
--- a/core/src/main/java/org/springframework/security/core/context/ReactiveSecurityContextHolder.java
+++ b/core/src/main/java/org/springframework/security/core/context/ReactiveSecurityContextHolder.java
@@ -16,11 +16,12 @@
 
 package org.springframework.security.core.context;
 
-import org.springframework.security.core.Authentication;
+import java.util.function.Function;
+
 import reactor.core.publisher.Mono;
 import reactor.util.context.Context;
 
-import java.util.function.Function;
+import org.springframework.security.core.Authentication;
 
 /**
  * Allows getting and setting the Spring {@link SecurityContext} into a {@link Context}.
diff --git a/core/src/main/java/org/springframework/security/core/context/SecurityContext.java b/core/src/main/java/org/springframework/security/core/context/SecurityContext.java
index d3da30496e..bfc40672fd 100644
--- a/core/src/main/java/org/springframework/security/core/context/SecurityContext.java
+++ b/core/src/main/java/org/springframework/security/core/context/SecurityContext.java
@@ -16,10 +16,10 @@
 
 package org.springframework.security.core.context;
 
-import org.springframework.security.core.Authentication;
-
 import java.io.Serializable;
 
+import org.springframework.security.core.Authentication;
+
 /**
  * Interface defining the minimum security information associated with the current thread
  * of execution.
diff --git a/core/src/main/java/org/springframework/security/core/context/SecurityContextHolder.java b/core/src/main/java/org/springframework/security/core/context/SecurityContextHolder.java
index 5885922fbc..d84fbf9419 100644
--- a/core/src/main/java/org/springframework/security/core/context/SecurityContextHolder.java
+++ b/core/src/main/java/org/springframework/security/core/context/SecurityContextHolder.java
@@ -16,11 +16,11 @@
 
 package org.springframework.security.core.context;
 
+import java.lang.reflect.Constructor;
+
 import org.springframework.util.ReflectionUtils;
 import org.springframework.util.StringUtils;
 
-import java.lang.reflect.Constructor;
-
 /**
  * Associates a given {@link SecurityContext} with the current execution thread.
  * <p>
diff --git a/core/src/main/java/org/springframework/security/core/session/SessionDestroyedEvent.java b/core/src/main/java/org/springframework/security/core/session/SessionDestroyedEvent.java
index 52e5233d2a..5947732405 100644
--- a/core/src/main/java/org/springframework/security/core/session/SessionDestroyedEvent.java
+++ b/core/src/main/java/org/springframework/security/core/session/SessionDestroyedEvent.java
@@ -15,9 +15,9 @@
  */
 package org.springframework.security.core.session;
 
-import org.springframework.security.core.context.SecurityContext;
+import java.util.List;
 
-import java.util.*;
+import org.springframework.security.core.context.SecurityContext;
 
 /**
  * Generic "session termination" event which indicates that a session (potentially
diff --git a/core/src/main/java/org/springframework/security/core/session/SessionInformation.java b/core/src/main/java/org/springframework/security/core/session/SessionInformation.java
index c31790b57c..3f774d8c66 100644
--- a/core/src/main/java/org/springframework/security/core/session/SessionInformation.java
+++ b/core/src/main/java/org/springframework/security/core/session/SessionInformation.java
@@ -16,12 +16,12 @@
 
 package org.springframework.security.core.session;
 
+import java.io.Serializable;
+import java.util.Date;
+
 import org.springframework.security.core.SpringSecurityCoreVersion;
 import org.springframework.util.Assert;
 
-import java.util.Date;
-import java.io.Serializable;
-
 /**
  * Represents a record of a session within the Spring Security framework.
  * <p>
diff --git a/core/src/main/java/org/springframework/security/core/userdetails/MapReactiveUserDetailsService.java b/core/src/main/java/org/springframework/security/core/userdetails/MapReactiveUserDetailsService.java
index 6c5e7c0b0b..7574b1d128 100644
--- a/core/src/main/java/org/springframework/security/core/userdetails/MapReactiveUserDetailsService.java
+++ b/core/src/main/java/org/springframework/security/core/userdetails/MapReactiveUserDetailsService.java
@@ -21,9 +21,10 @@ import java.util.Collection;
 import java.util.Map;
 import java.util.concurrent.ConcurrentHashMap;
 
-import org.springframework.util.Assert;
 import reactor.core.publisher.Mono;
 
+import org.springframework.util.Assert;
+
 /**
  * A {@link Map} based implementation of {@link ReactiveUserDetailsService}
  *
diff --git a/core/src/main/java/org/springframework/security/core/userdetails/User.java b/core/src/main/java/org/springframework/security/core/userdetails/User.java
index 8ae1964abe..fa4bb98bfb 100644
--- a/core/src/main/java/org/springframework/security/core/userdetails/User.java
+++ b/core/src/main/java/org/springframework/security/core/userdetails/User.java
@@ -30,8 +30,9 @@ import java.util.function.Function;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
-import org.springframework.security.core.GrantedAuthority;
+
 import org.springframework.security.core.CredentialsContainer;
+import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.SpringSecurityCoreVersion;
 import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
diff --git a/core/src/main/java/org/springframework/security/core/userdetails/cache/EhCacheBasedUserCache.java b/core/src/main/java/org/springframework/security/core/userdetails/cache/EhCacheBasedUserCache.java
index 1224ef2204..cc968cbe4e 100644
--- a/core/src/main/java/org/springframework/security/core/userdetails/cache/EhCacheBasedUserCache.java
+++ b/core/src/main/java/org/springframework/security/core/userdetails/cache/EhCacheBasedUserCache.java
@@ -18,9 +18,9 @@ package org.springframework.security.core.userdetails.cache;
 
 import net.sf.ehcache.Ehcache;
 import net.sf.ehcache.Element;
-
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.security.core.userdetails.UserCache;
 import org.springframework.security.core.userdetails.UserDetails;
diff --git a/core/src/main/java/org/springframework/security/core/userdetails/cache/SpringCacheBasedUserCache.java b/core/src/main/java/org/springframework/security/core/userdetails/cache/SpringCacheBasedUserCache.java
index 18007ff77d..f728f4bd7f 100644
--- a/core/src/main/java/org/springframework/security/core/userdetails/cache/SpringCacheBasedUserCache.java
+++ b/core/src/main/java/org/springframework/security/core/userdetails/cache/SpringCacheBasedUserCache.java
@@ -17,6 +17,7 @@ package org.springframework.security.core.userdetails.cache;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+
 import org.springframework.cache.Cache;
 import org.springframework.security.core.userdetails.UserCache;
 import org.springframework.security.core.userdetails.UserDetails;
diff --git a/core/src/main/java/org/springframework/security/jackson2/AnonymousAuthenticationTokenMixin.java b/core/src/main/java/org/springframework/security/jackson2/AnonymousAuthenticationTokenMixin.java
index 062f760f64..3d8aa80232 100644
--- a/core/src/main/java/org/springframework/security/jackson2/AnonymousAuthenticationTokenMixin.java
+++ b/core/src/main/java/org/springframework/security/jackson2/AnonymousAuthenticationTokenMixin.java
@@ -16,11 +16,16 @@
 
 package org.springframework.security.jackson2;
 
-import com.fasterxml.jackson.annotation.*;
-import org.springframework.security.core.GrantedAuthority;
-
 import java.util.Collection;
 
+import com.fasterxml.jackson.annotation.JsonAutoDetect;
+import com.fasterxml.jackson.annotation.JsonCreator;
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.annotation.JsonTypeInfo;
+
+import org.springframework.security.core.GrantedAuthority;
+
 /**
  * This is a Jackson mixin class helps in serialize/deserialize
  * {@link org.springframework.security.authentication.AnonymousAuthenticationToken} class.
diff --git a/core/src/main/java/org/springframework/security/jackson2/CoreJackson2Module.java b/core/src/main/java/org/springframework/security/jackson2/CoreJackson2Module.java
index ab54087070..4621479ac4 100644
--- a/core/src/main/java/org/springframework/security/jackson2/CoreJackson2Module.java
+++ b/core/src/main/java/org/springframework/security/jackson2/CoreJackson2Module.java
@@ -16,8 +16,11 @@
 
 package org.springframework.security.jackson2;
 
+import java.util.Collections;
+
 import com.fasterxml.jackson.core.Version;
 import com.fasterxml.jackson.databind.module.SimpleModule;
+
 import org.springframework.security.authentication.AnonymousAuthenticationToken;
 import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.authentication.RememberMeAuthenticationToken;
@@ -25,8 +28,6 @@ import org.springframework.security.authentication.UsernamePasswordAuthenticatio
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.userdetails.User;
 
-import java.util.Collections;
-
 /**
  * Jackson module for spring-security-core. This module register
  * {@link AnonymousAuthenticationTokenMixin}, {@link RememberMeAuthenticationTokenMixin},
diff --git a/core/src/main/java/org/springframework/security/jackson2/RememberMeAuthenticationTokenMixin.java b/core/src/main/java/org/springframework/security/jackson2/RememberMeAuthenticationTokenMixin.java
index cf92e4e1b4..24d82cc0a2 100644
--- a/core/src/main/java/org/springframework/security/jackson2/RememberMeAuthenticationTokenMixin.java
+++ b/core/src/main/java/org/springframework/security/jackson2/RememberMeAuthenticationTokenMixin.java
@@ -16,11 +16,16 @@
 
 package org.springframework.security.jackson2;
 
-import com.fasterxml.jackson.annotation.*;
-import org.springframework.security.core.GrantedAuthority;
-
 import java.util.Collection;
 
+import com.fasterxml.jackson.annotation.JsonAutoDetect;
+import com.fasterxml.jackson.annotation.JsonCreator;
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.annotation.JsonTypeInfo;
+
+import org.springframework.security.core.GrantedAuthority;
+
 /**
  * This mixin class helps in serialize/deserialize
  * {@link org.springframework.security.authentication.RememberMeAuthenticationToken}
diff --git a/core/src/main/java/org/springframework/security/jackson2/SecurityJackson2Modules.java b/core/src/main/java/org/springframework/security/jackson2/SecurityJackson2Modules.java
index be52de8c65..efa24feee1 100644
--- a/core/src/main/java/org/springframework/security/jackson2/SecurityJackson2Modules.java
+++ b/core/src/main/java/org/springframework/security/jackson2/SecurityJackson2Modules.java
@@ -16,6 +16,15 @@
 
 package org.springframework.security.jackson2;
 
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+
 import com.fasterxml.jackson.annotation.JacksonAnnotation;
 import com.fasterxml.jackson.annotation.JsonTypeInfo;
 import com.fasterxml.jackson.databind.DatabindContext;
@@ -31,18 +40,10 @@ import com.fasterxml.jackson.databind.jsontype.TypeIdResolver;
 import com.fasterxml.jackson.databind.jsontype.TypeResolverBuilder;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+
 import org.springframework.core.annotation.AnnotationUtils;
 import org.springframework.util.ClassUtils;
 
-import java.io.IOException;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.Collection;
-import java.util.Collections;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Set;
-
 /**
  * This utility class will find all the SecurityModules in classpath.
  *
diff --git a/core/src/main/java/org/springframework/security/jackson2/SimpleGrantedAuthorityMixin.java b/core/src/main/java/org/springframework/security/jackson2/SimpleGrantedAuthorityMixin.java
index 55fee7fe68..4c3beadcc5 100644
--- a/core/src/main/java/org/springframework/security/jackson2/SimpleGrantedAuthorityMixin.java
+++ b/core/src/main/java/org/springframework/security/jackson2/SimpleGrantedAuthorityMixin.java
@@ -16,7 +16,11 @@
 
 package org.springframework.security.jackson2;
 
-import com.fasterxml.jackson.annotation.*;
+import com.fasterxml.jackson.annotation.JsonAutoDetect;
+import com.fasterxml.jackson.annotation.JsonCreator;
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.annotation.JsonTypeInfo;
 
 /**
  * Jackson Mixin class helps in serialize/deserialize
diff --git a/core/src/main/java/org/springframework/security/jackson2/UnmodifiableListMixin.java b/core/src/main/java/org/springframework/security/jackson2/UnmodifiableListMixin.java
index b42d63a6cb..9483b79719 100644
--- a/core/src/main/java/org/springframework/security/jackson2/UnmodifiableListMixin.java
+++ b/core/src/main/java/org/springframework/security/jackson2/UnmodifiableListMixin.java
@@ -16,12 +16,12 @@
 
 package org.springframework.security.jackson2;
 
+import java.util.Set;
+
 import com.fasterxml.jackson.annotation.JsonCreator;
 import com.fasterxml.jackson.annotation.JsonTypeInfo;
 import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
 
-import java.util.Set;
-
 /**
  * This mixin class used to deserialize java.util.Collections$UnmodifiableRandomAccessList
  * and used with various AuthenticationToken implementation's mixin classes.
diff --git a/core/src/main/java/org/springframework/security/jackson2/UnmodifiableSetMixin.java b/core/src/main/java/org/springframework/security/jackson2/UnmodifiableSetMixin.java
index b212331a2b..2dba600d68 100644
--- a/core/src/main/java/org/springframework/security/jackson2/UnmodifiableSetMixin.java
+++ b/core/src/main/java/org/springframework/security/jackson2/UnmodifiableSetMixin.java
@@ -16,12 +16,12 @@
 
 package org.springframework.security.jackson2;
 
+import java.util.Set;
+
 import com.fasterxml.jackson.annotation.JsonCreator;
 import com.fasterxml.jackson.annotation.JsonTypeInfo;
 import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
 
-import java.util.Set;
-
 /**
  * This mixin class used to deserialize java.util.Collections$UnmodifiableSet and used
  * with various AuthenticationToken implementation's mixin classes.
diff --git a/core/src/main/java/org/springframework/security/jackson2/UsernamePasswordAuthenticationTokenMixin.java b/core/src/main/java/org/springframework/security/jackson2/UsernamePasswordAuthenticationTokenMixin.java
index fb57905148..e2bc37e3f1 100644
--- a/core/src/main/java/org/springframework/security/jackson2/UsernamePasswordAuthenticationTokenMixin.java
+++ b/core/src/main/java/org/springframework/security/jackson2/UsernamePasswordAuthenticationTokenMixin.java
@@ -16,7 +16,8 @@
 
 package org.springframework.security.jackson2;
 
-import com.fasterxml.jackson.annotation.*;
+import com.fasterxml.jackson.annotation.JsonAutoDetect;
+import com.fasterxml.jackson.annotation.JsonTypeInfo;
 import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
 
 /**
diff --git a/core/src/main/java/org/springframework/security/provisioning/InMemoryUserDetailsManager.java b/core/src/main/java/org/springframework/security/provisioning/InMemoryUserDetailsManager.java
index 984be6d25e..c5370692ec 100644
--- a/core/src/main/java/org/springframework/security/provisioning/InMemoryUserDetailsManager.java
+++ b/core/src/main/java/org/springframework/security/provisioning/InMemoryUserDetailsManager.java
@@ -23,6 +23,7 @@ import java.util.Properties;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
diff --git a/core/src/main/java/org/springframework/security/provisioning/JdbcUserDetailsManager.java b/core/src/main/java/org/springframework/security/provisioning/JdbcUserDetailsManager.java
index 59c4ea67cb..4264068d9d 100644
--- a/core/src/main/java/org/springframework/security/provisioning/JdbcUserDetailsManager.java
+++ b/core/src/main/java/org/springframework/security/provisioning/JdbcUserDetailsManager.java
@@ -15,6 +15,17 @@
  */
 package org.springframework.security.provisioning;
 
+import java.util.Collection;
+import java.util.List;
+
+import javax.sql.DataSource;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import org.springframework.context.ApplicationContextException;
+import org.springframework.dao.IncorrectResultSizeDataAccessException;
+import org.springframework.jdbc.core.PreparedStatementSetter;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
@@ -29,18 +40,8 @@ import org.springframework.security.core.userdetails.UserCache;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.cache.NullUserCache;
 import org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl;
-import org.springframework.context.ApplicationContextException;
-import org.springframework.dao.IncorrectResultSizeDataAccessException;
-import org.springframework.jdbc.core.PreparedStatementSetter;
 import org.springframework.util.Assert;
 
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
-import javax.sql.DataSource;
-import java.util.Collection;
-import java.util.List;
-
 /**
  * Jdbc user management service, based on the same table structure as its parent class,
  * <tt>JdbcDaoImpl</tt>.
diff --git a/core/src/main/java/org/springframework/security/scheduling/DelegatingSecurityContextTaskScheduler.java b/core/src/main/java/org/springframework/security/scheduling/DelegatingSecurityContextTaskScheduler.java
index df197385f0..1180c486f8 100644
--- a/core/src/main/java/org/springframework/security/scheduling/DelegatingSecurityContextTaskScheduler.java
+++ b/core/src/main/java/org/springframework/security/scheduling/DelegatingSecurityContextTaskScheduler.java
@@ -15,13 +15,13 @@
  */
 package org.springframework.security.scheduling;
 
+import java.util.Date;
+import java.util.concurrent.ScheduledFuture;
+
 import org.springframework.scheduling.TaskScheduler;
 import org.springframework.scheduling.Trigger;
 import org.springframework.util.Assert;
 
-import java.util.Date;
-import java.util.concurrent.ScheduledFuture;
-
 /**
  * An implementation of {@link TaskScheduler} invoking it whenever the trigger indicates a
  * next execution time.
diff --git a/core/src/main/java/org/springframework/security/util/FieldUtils.java b/core/src/main/java/org/springframework/security/util/FieldUtils.java
index 23b5f873be..0f19684ad5 100644
--- a/core/src/main/java/org/springframework/security/util/FieldUtils.java
+++ b/core/src/main/java/org/springframework/security/util/FieldUtils.java
@@ -16,12 +16,12 @@
 
 package org.springframework.security.util;
 
+import java.lang.reflect.Field;
+
 import org.springframework.util.Assert;
 import org.springframework.util.ReflectionUtils;
 import org.springframework.util.StringUtils;
 
-import java.lang.reflect.Field;
-
 /**
  * Offers static methods for directly manipulating fields.
  *
diff --git a/core/src/main/java/org/springframework/security/util/InMemoryResource.java b/core/src/main/java/org/springframework/security/util/InMemoryResource.java
index af84259c82..b0bdf23fca 100644
--- a/core/src/main/java/org/springframework/security/util/InMemoryResource.java
+++ b/core/src/main/java/org/springframework/security/util/InMemoryResource.java
@@ -16,13 +16,13 @@
 
 package org.springframework.security.util;
 
-import org.springframework.core.io.AbstractResource;
-import org.springframework.util.Assert;
-
 import java.io.ByteArrayInputStream;
 import java.io.InputStream;
 import java.util.Arrays;
 
+import org.springframework.core.io.AbstractResource;
+import org.springframework.util.Assert;
+
 /**
  * An in memory implementation of Spring's {@link org.springframework.core.io.Resource}
  * interface.
diff --git a/core/src/main/java/org/springframework/security/util/MethodInvocationUtils.java b/core/src/main/java/org/springframework/security/util/MethodInvocationUtils.java
index 723a6b1d32..01fd674677 100644
--- a/core/src/main/java/org/springframework/security/util/MethodInvocationUtils.java
+++ b/core/src/main/java/org/springframework/security/util/MethodInvocationUtils.java
@@ -19,6 +19,7 @@ package org.springframework.security.util;
 import java.lang.reflect.Method;
 
 import org.aopalliance.intercept.MethodInvocation;
+
 import org.springframework.aop.framework.Advised;
 import org.springframework.aop.support.AopUtils;
 import org.springframework.util.Assert;
diff --git a/core/src/main/java/org/springframework/security/util/SimpleMethodInvocation.java b/core/src/main/java/org/springframework/security/util/SimpleMethodInvocation.java
index 7439b7c31a..199bbe52a7 100644
--- a/core/src/main/java/org/springframework/security/util/SimpleMethodInvocation.java
+++ b/core/src/main/java/org/springframework/security/util/SimpleMethodInvocation.java
@@ -16,11 +16,11 @@
 
 package org.springframework.security.util;
 
-import org.aopalliance.intercept.MethodInvocation;
-
 import java.lang.reflect.AccessibleObject;
 import java.lang.reflect.Method;
 
+import org.aopalliance.intercept.MethodInvocation;
+
 /**
  * Represents the AOP Alliance <code>MethodInvocation</code>.
  *
diff --git a/core/src/test/java/org/springframework/security/PopulatedDatabase.java b/core/src/test/java/org/springframework/security/PopulatedDatabase.java
index f341fd7b75..bb3f0c7793 100644
--- a/core/src/test/java/org/springframework/security/PopulatedDatabase.java
+++ b/core/src/test/java/org/springframework/security/PopulatedDatabase.java
@@ -16,10 +16,10 @@
 
 package org.springframework.security;
 
-import org.springframework.jdbc.core.JdbcTemplate;
-
 import javax.sql.DataSource;
 
+import org.springframework.jdbc.core.JdbcTemplate;
+
 /**
  * Singleton which provides a populated database connection for all JDBC-related unit
  * tests.
diff --git a/core/src/test/java/org/springframework/security/TestDataSource.java b/core/src/test/java/org/springframework/security/TestDataSource.java
index 8db83922ad..2f65116039 100644
--- a/core/src/test/java/org/springframework/security/TestDataSource.java
+++ b/core/src/test/java/org/springframework/security/TestDataSource.java
@@ -15,9 +15,9 @@
  */
 package org.springframework.security;
 
-import org.springframework.jdbc.datasource.DriverManagerDataSource;
-import org.springframework.jdbc.core.JdbcTemplate;
 import org.springframework.beans.factory.DisposableBean;
+import org.springframework.jdbc.core.JdbcTemplate;
+import org.springframework.jdbc.datasource.DriverManagerDataSource;
 
 /**
  * A Datasource bean which starts an in-memory HSQL database with the supplied name and
diff --git a/core/src/test/java/org/springframework/security/access/AuthenticationCredentialsNotFoundEventTests.java b/core/src/test/java/org/springframework/security/access/AuthenticationCredentialsNotFoundEventTests.java
index 553c0068b9..e694b06466 100644
--- a/core/src/test/java/org/springframework/security/access/AuthenticationCredentialsNotFoundEventTests.java
+++ b/core/src/test/java/org/springframework/security/access/AuthenticationCredentialsNotFoundEventTests.java
@@ -17,7 +17,7 @@
 package org.springframework.security.access;
 
 import org.junit.Test;
-import org.springframework.security.access.SecurityConfig;
+
 import org.springframework.security.access.event.AuthenticationCredentialsNotFoundEvent;
 import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
 import org.springframework.security.util.SimpleMethodInvocation;
diff --git a/core/src/test/java/org/springframework/security/access/AuthorizationFailureEventTests.java b/core/src/test/java/org/springframework/security/access/AuthorizationFailureEventTests.java
index 7f9c457056..a363ae4c38 100644
--- a/core/src/test/java/org/springframework/security/access/AuthorizationFailureEventTests.java
+++ b/core/src/test/java/org/springframework/security/access/AuthorizationFailureEventTests.java
@@ -16,14 +16,15 @@
 
 package org.springframework.security.access;
 
-import static org.assertj.core.api.Assertions.assertThat;
+import java.util.List;
 
 import org.junit.Test;
+
 import org.springframework.security.access.event.AuthorizationFailureEvent;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.util.SimpleMethodInvocation;
 
-import java.util.*;
+import static org.assertj.core.api.Assertions.assertThat;
 
 /**
  * Tests {@link AuthorizationFailureEvent}.
diff --git a/core/src/test/java/org/springframework/security/access/AuthorizedEventTests.java b/core/src/test/java/org/springframework/security/access/AuthorizedEventTests.java
index ba501ab1c6..94de0f1f15 100644
--- a/core/src/test/java/org/springframework/security/access/AuthorizedEventTests.java
+++ b/core/src/test/java/org/springframework/security/access/AuthorizedEventTests.java
@@ -17,7 +17,7 @@
 package org.springframework.security.access;
 
 import org.junit.Test;
-import org.springframework.security.access.SecurityConfig;
+
 import org.springframework.security.access.event.AuthorizedEvent;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.util.SimpleMethodInvocation;
diff --git a/core/src/test/java/org/springframework/security/access/SecurityConfigTests.java b/core/src/test/java/org/springframework/security/access/SecurityConfigTests.java
index 1b2a1b7d5e..d269af80f1 100644
--- a/core/src/test/java/org/springframework/security/access/SecurityConfigTests.java
+++ b/core/src/test/java/org/springframework/security/access/SecurityConfigTests.java
@@ -16,11 +16,9 @@
 
 package org.springframework.security.access;
 
-import static org.assertj.core.api.Assertions.assertThat;
-
 import org.junit.Test;
-import org.springframework.security.access.ConfigAttribute;
-import org.springframework.security.access.SecurityConfig;
+
+import static org.assertj.core.api.Assertions.assertThat;
 
 /**
  * Tests {@link SecurityConfig}.
diff --git a/core/src/test/java/org/springframework/security/access/annotation/Jsr250BusinessServiceImpl.java b/core/src/test/java/org/springframework/security/access/annotation/Jsr250BusinessServiceImpl.java
index 7f8fe3f017..9033802b0d 100644
--- a/core/src/test/java/org/springframework/security/access/annotation/Jsr250BusinessServiceImpl.java
+++ b/core/src/test/java/org/springframework/security/access/annotation/Jsr250BusinessServiceImpl.java
@@ -18,8 +18,8 @@ package org.springframework.security.access.annotation;
 import java.util.ArrayList;
 import java.util.List;
 
-import javax.annotation.security.RolesAllowed;
 import javax.annotation.security.PermitAll;
+import javax.annotation.security.RolesAllowed;
 
 /**
  * @author Luke Taylor
diff --git a/core/src/test/java/org/springframework/security/access/annotation/Jsr250VoterTests.java b/core/src/test/java/org/springframework/security/access/annotation/Jsr250VoterTests.java
index 2966163871..17daab161f 100644
--- a/core/src/test/java/org/springframework/security/access/annotation/Jsr250VoterTests.java
+++ b/core/src/test/java/org/springframework/security/access/annotation/Jsr250VoterTests.java
@@ -15,17 +15,18 @@
  */
 package org.springframework.security.access.annotation;
 
-import static org.assertj.core.api.Assertions.*;
-
 import java.util.ArrayList;
 import java.util.List;
 
 import org.junit.Test;
+
 import org.springframework.security.access.AccessDecisionVoter;
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.access.SecurityConfig;
 import org.springframework.security.authentication.TestingAuthenticationToken;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 /**
  * @author Luke Taylor
  */
diff --git a/core/src/test/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSourceTests.java b/core/src/test/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSourceTests.java
index 147c2a55f7..47fa1e0c6b 100644
--- a/core/src/test/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSourceTests.java
+++ b/core/src/test/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSourceTests.java
@@ -16,9 +16,6 @@
 
 package org.springframework.security.access.annotation;
 
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.fail;
-
 import java.lang.annotation.ElementType;
 import java.lang.annotation.Inherited;
 import java.lang.annotation.Retention;
@@ -31,12 +28,16 @@ import java.util.EnumSet;
 import java.util.List;
 
 import org.junit.Test;
+
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.access.SecurityConfig;
 import org.springframework.security.access.annotation.sec2150.MethodInvocationFactory;
 import org.springframework.security.access.intercept.method.MockMethodInvocation;
 import org.springframework.security.core.GrantedAuthority;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.fail;
+
 /**
  * Tests for
  * {@link org.springframework.security.access.annotation.SecuredAnnotationSecurityMetadataSource}
diff --git a/core/src/test/java/org/springframework/security/access/expression/AbstractSecurityExpressionHandlerTests.java b/core/src/test/java/org/springframework/security/access/expression/AbstractSecurityExpressionHandlerTests.java
index 1ed4adbd51..1ca4760866 100644
--- a/core/src/test/java/org/springframework/security/access/expression/AbstractSecurityExpressionHandlerTests.java
+++ b/core/src/test/java/org/springframework/security/access/expression/AbstractSecurityExpressionHandlerTests.java
@@ -15,12 +15,9 @@
  */
 package org.springframework.security.access.expression;
 
-import static org.assertj.core.api.Assertions.assertThat;
-
-import static org.mockito.Mockito.mock;
-
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.context.annotation.AnnotationConfigApplicationContext;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -28,6 +25,9 @@ import org.springframework.expression.Expression;
 import org.springframework.expression.spel.standard.SpelExpressionParser;
 import org.springframework.security.core.Authentication;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.Mockito.mock;
+
 /**
  * @author Luke Taylor
  */
diff --git a/core/src/test/java/org/springframework/security/access/expression/SecurityExpressionRootTests.java b/core/src/test/java/org/springframework/security/access/expression/SecurityExpressionRootTests.java
index 43ff2d07a2..29c1e8d144 100644
--- a/core/src/test/java/org/springframework/security/access/expression/SecurityExpressionRootTests.java
+++ b/core/src/test/java/org/springframework/security/access/expression/SecurityExpressionRootTests.java
@@ -15,17 +15,18 @@
  */
 package org.springframework.security.access.expression;
 
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
-import static org.assertj.core.api.Assertions.*;
-
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.security.authentication.AuthenticationTrustResolver;
 import org.springframework.security.authentication.TestingAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.authority.AuthorityUtils;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
 /**
  * @author Luke Taylor
  * @since 3.0
diff --git a/core/src/test/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandlerTests.java b/core/src/test/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandlerTests.java
index b229ed632a..8a814ef0ef 100644
--- a/core/src/test/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandlerTests.java
+++ b/core/src/test/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandlerTests.java
@@ -37,7 +37,10 @@ import org.springframework.security.core.context.SecurityContextHolder;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.Mockito.*;
+import static org.mockito.Mockito.doReturn;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
 
 @RunWith(MockitoJUnitRunner.class)
 public class DefaultMethodSecurityExpressionHandlerTests {
diff --git a/core/src/test/java/org/springframework/security/access/expression/method/ExpressionBasedPreInvocationAdviceTests.java b/core/src/test/java/org/springframework/security/access/expression/method/ExpressionBasedPreInvocationAdviceTests.java
index aaa78cad96..f6cb59ef10 100644
--- a/core/src/test/java/org/springframework/security/access/expression/method/ExpressionBasedPreInvocationAdviceTests.java
+++ b/core/src/test/java/org/springframework/security/access/expression/method/ExpressionBasedPreInvocationAdviceTests.java
@@ -15,18 +15,19 @@
  */
 package org.springframework.security.access.expression.method;
 
+import java.util.ArrayList;
+import java.util.List;
+
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
+
 import org.springframework.security.access.intercept.method.MockMethodInvocation;
 import org.springframework.security.access.prepost.PreInvocationAttribute;
 import org.springframework.security.core.Authentication;
 
-import java.util.ArrayList;
-import java.util.List;
-
 import static org.assertj.core.api.Assertions.assertThat;
 
 /**
diff --git a/core/src/test/java/org/springframework/security/access/expression/method/MethodExpressionVoterTests.java b/core/src/test/java/org/springframework/security/access/expression/method/MethodExpressionVoterTests.java
index ae7bab6565..6c7576b899 100644
--- a/core/src/test/java/org/springframework/security/access/expression/method/MethodExpressionVoterTests.java
+++ b/core/src/test/java/org/springframework/security/access/expression/method/MethodExpressionVoterTests.java
@@ -15,8 +15,6 @@
  */
 package org.springframework.security.access.expression.method;
 
-import static org.assertj.core.api.Assertions.assertThat;
-
 import java.lang.reflect.Method;
 import java.util.ArrayList;
 import java.util.Arrays;
@@ -25,13 +23,15 @@ import java.util.List;
 
 import org.aopalliance.intercept.MethodInvocation;
 import org.junit.Test;
+
 import org.springframework.security.access.AccessDecisionVoter;
 import org.springframework.security.access.ConfigAttribute;
-import org.springframework.security.access.expression.method.PreInvocationExpressionAttribute;
 import org.springframework.security.access.prepost.PreInvocationAuthorizationAdviceVoter;
 import org.springframework.security.authentication.TestingAuthenticationToken;
 import org.springframework.security.util.SimpleMethodInvocation;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 @SuppressWarnings("unchecked")
 public class MethodExpressionVoterTests {
 
diff --git a/core/src/test/java/org/springframework/security/access/expression/method/MethodSecurityExpressionRootTests.java b/core/src/test/java/org/springframework/security/access/expression/method/MethodSecurityExpressionRootTests.java
index 4ce1fdd0d6..a29e12e241 100644
--- a/core/src/test/java/org/springframework/security/access/expression/method/MethodSecurityExpressionRootTests.java
+++ b/core/src/test/java/org/springframework/security/access/expression/method/MethodSecurityExpressionRootTests.java
@@ -15,11 +15,9 @@
  */
 package org.springframework.security.access.expression.method;
 
-import static org.assertj.core.api.Assertions.*;
-import static org.mockito.Mockito.*;
-
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.expression.Expression;
 import org.springframework.expression.spel.standard.SpelExpressionParser;
 import org.springframework.expression.spel.support.StandardEvaluationContext;
@@ -28,6 +26,12 @@ import org.springframework.security.access.expression.ExpressionUtils;
 import org.springframework.security.authentication.AuthenticationTrustResolver;
 import org.springframework.security.core.Authentication;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
 /**
  * Tests for {@link MethodSecurityExpressionRoot}
  *
diff --git a/core/src/test/java/org/springframework/security/access/expression/method/PrePostAnnotationSecurityMetadataSourceTests.java b/core/src/test/java/org/springframework/security/access/expression/method/PrePostAnnotationSecurityMetadataSourceTests.java
index f648b9c6b8..a1ea26bf53 100644
--- a/core/src/test/java/org/springframework/security/access/expression/method/PrePostAnnotationSecurityMetadataSourceTests.java
+++ b/core/src/test/java/org/springframework/security/access/expression/method/PrePostAnnotationSecurityMetadataSourceTests.java
@@ -15,8 +15,6 @@
  */
 package org.springframework.security.access.expression.method;
 
-import static org.assertj.core.api.Assertions.assertThat;
-
 import java.lang.annotation.ElementType;
 import java.lang.annotation.Inherited;
 import java.lang.annotation.Retention;
@@ -27,6 +25,7 @@ import java.util.List;
 
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.expression.Expression;
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.access.annotation.sec2150.MethodInvocationFactory;
@@ -38,6 +37,8 @@ import org.springframework.security.access.prepost.PreFilter;
 import org.springframework.security.access.prepost.PrePostAnnotationSecurityMetadataSource;
 import org.springframework.test.util.ReflectionTestUtils;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 /**
  * @author Luke Taylor
  * @since 3.0
diff --git a/core/src/test/java/org/springframework/security/access/hierarchicalroles/HierarchicalRolesTestHelper.java b/core/src/test/java/org/springframework/security/access/hierarchicalroles/HierarchicalRolesTestHelper.java
index 4a8ba79b6c..6553ef7d6c 100755
--- a/core/src/test/java/org/springframework/security/access/hierarchicalroles/HierarchicalRolesTestHelper.java
+++ b/core/src/test/java/org/springframework/security/access/hierarchicalroles/HierarchicalRolesTestHelper.java
@@ -19,9 +19,10 @@ import java.util.ArrayList;
 import java.util.Collection;
 import java.util.List;
 
-import org.springframework.security.core.GrantedAuthority;
 import org.apache.commons.collections.CollectionUtils;
 
+import org.springframework.security.core.GrantedAuthority;
+
 /**
  * Test helper class for the hierarchical roles tests.
  *
diff --git a/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyAuthoritiesMapperTests.java b/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyAuthoritiesMapperTests.java
index f4a7e39dbf..f982b96e3a 100644
--- a/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyAuthoritiesMapperTests.java
+++ b/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyAuthoritiesMapperTests.java
@@ -15,13 +15,14 @@
  */
 package org.springframework.security.access.hierarchicalroles;
 
-import static org.assertj.core.api.Assertions.assertThat;
+import java.util.Collection;
+
+import org.junit.Test;
 
-import org.junit.*;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.AuthorityUtils;
 
-import java.util.*;
+import static org.assertj.core.api.Assertions.assertThat;
 
 /**
  * @author Luke Taylor
diff --git a/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyImplTests.java b/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyImplTests.java
index 39a701d636..9182ec5214 100644
--- a/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyImplTests.java
+++ b/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyImplTests.java
@@ -15,16 +15,17 @@
  */
 package org.springframework.security.access.hierarchicalroles;
 
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.fail;
-
 import java.util.ArrayList;
 import java.util.List;
 
 import org.junit.Test;
+
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.AuthorityUtils;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.fail;
+
 /**
  * Tests for {@link RoleHierarchyImpl}.
  *
diff --git a/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyUtilsTests.java b/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyUtilsTests.java
index 0563713921..64543a3242 100644
--- a/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyUtilsTests.java
+++ b/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyUtilsTests.java
@@ -15,9 +15,13 @@
  */
 package org.springframework.security.access.hierarchicalroles;
 
-import org.junit.Test;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.TreeMap;
 
-import java.util.*;
+import org.junit.Test;
 
 import static java.util.Arrays.asList;
 import static org.assertj.core.api.Assertions.assertThat;
diff --git a/core/src/test/java/org/springframework/security/access/hierarchicalroles/TestHelperTests.java b/core/src/test/java/org/springframework/security/access/hierarchicalroles/TestHelperTests.java
index 93800fd011..4cfa39cc0c 100644
--- a/core/src/test/java/org/springframework/security/access/hierarchicalroles/TestHelperTests.java
+++ b/core/src/test/java/org/springframework/security/access/hierarchicalroles/TestHelperTests.java
@@ -15,17 +15,18 @@
  */
 package org.springframework.security.access.hierarchicalroles;
 
-import static org.assertj.core.api.Assertions.*;
-
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.List;
 
 import org.apache.commons.collections.CollectionUtils;
 import org.junit.Test;
+
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.AuthorityUtils;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 /**
  * Tests for {@link HierarchicalRolesTestHelper}.
  *
diff --git a/core/src/test/java/org/springframework/security/access/intercept/AbstractSecurityInterceptorTests.java b/core/src/test/java/org/springframework/security/access/intercept/AbstractSecurityInterceptorTests.java
index 7546358198..15ba3a6911 100644
--- a/core/src/test/java/org/springframework/security/access/intercept/AbstractSecurityInterceptorTests.java
+++ b/core/src/test/java/org/springframework/security/access/intercept/AbstractSecurityInterceptorTests.java
@@ -16,14 +16,15 @@
 
 package org.springframework.security.access.intercept;
 
-import static org.mockito.Mockito.mock;
-
 import org.junit.Test;
+
 import org.springframework.security.access.AccessDecisionManager;
 import org.springframework.security.access.SecurityMetadataSource;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.util.SimpleMethodInvocation;
 
+import static org.mockito.Mockito.mock;
+
 /**
  * Tests some {@link AbstractSecurityInterceptor} methods. Most of the testing for this
  * class is found in the {@code MethodSecurityInterceptorTests} class.
diff --git a/core/src/test/java/org/springframework/security/access/intercept/AfterInvocationProviderManagerTests.java b/core/src/test/java/org/springframework/security/access/intercept/AfterInvocationProviderManagerTests.java
index 686b323593..eb219a0907 100644
--- a/core/src/test/java/org/springframework/security/access/intercept/AfterInvocationProviderManagerTests.java
+++ b/core/src/test/java/org/springframework/security/access/intercept/AfterInvocationProviderManagerTests.java
@@ -16,15 +16,13 @@
 
 package org.springframework.security.access.intercept;
 
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.fail;
-
 import java.util.Collection;
 import java.util.List;
 import java.util.Vector;
 
 import org.aopalliance.intercept.MethodInvocation;
 import org.junit.Test;
+
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.access.AfterInvocationProvider;
 import org.springframework.security.access.ConfigAttribute;
@@ -32,6 +30,9 @@ import org.springframework.security.access.SecurityConfig;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.util.SimpleMethodInvocation;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.fail;
+
 /**
  * Tests {@link AfterInvocationProviderManager}.
  *
diff --git a/core/src/test/java/org/springframework/security/access/intercept/InterceptorStatusTokenTests.java b/core/src/test/java/org/springframework/security/access/intercept/InterceptorStatusTokenTests.java
index c95c1a800d..f745614c0f 100644
--- a/core/src/test/java/org/springframework/security/access/intercept/InterceptorStatusTokenTests.java
+++ b/core/src/test/java/org/springframework/security/access/intercept/InterceptorStatusTokenTests.java
@@ -16,18 +16,19 @@
 
 package org.springframework.security.access.intercept;
 
-import static org.assertj.core.api.Assertions.*;
-
 import java.util.List;
 
 import org.aopalliance.intercept.MethodInvocation;
 import org.junit.Test;
+
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.access.SecurityConfig;
 import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.util.SimpleMethodInvocation;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 /**
  * Tests {@link InterceptorStatusToken}.
  *
diff --git a/core/src/test/java/org/springframework/security/access/intercept/NullRunAsManagerTests.java b/core/src/test/java/org/springframework/security/access/intercept/NullRunAsManagerTests.java
index cd83bb1510..da84efa8ba 100644
--- a/core/src/test/java/org/springframework/security/access/intercept/NullRunAsManagerTests.java
+++ b/core/src/test/java/org/springframework/security/access/intercept/NullRunAsManagerTests.java
@@ -16,11 +16,12 @@
 
 package org.springframework.security.access.intercept;
 
-import static org.assertj.core.api.Assertions.assertThat;
-
 import org.junit.Test;
+
 import org.springframework.security.access.SecurityConfig;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 /**
  * Tests {@link NullRunAsManager}.
  *
diff --git a/core/src/test/java/org/springframework/security/access/intercept/RunAsImplAuthenticationProviderTests.java b/core/src/test/java/org/springframework/security/access/intercept/RunAsImplAuthenticationProviderTests.java
index ec92ca2b1d..b19767152a 100644
--- a/core/src/test/java/org/springframework/security/access/intercept/RunAsImplAuthenticationProviderTests.java
+++ b/core/src/test/java/org/springframework/security/access/intercept/RunAsImplAuthenticationProviderTests.java
@@ -16,15 +16,17 @@
 
 package org.springframework.security.access.intercept;
 
-import static org.assertj.core.api.Assertions.*;
+import org.junit.Assert;
+import org.junit.Test;
 
-import org.junit.*;
 import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.authentication.TestingAuthenticationToken;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.authority.AuthorityUtils;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 /**
  * Tests {@link RunAsImplAuthenticationProvider}.
  */
diff --git a/core/src/test/java/org/springframework/security/access/intercept/RunAsManagerImplTests.java b/core/src/test/java/org/springframework/security/access/intercept/RunAsManagerImplTests.java
index e5cb1a8dc3..c58c4a193f 100644
--- a/core/src/test/java/org/springframework/security/access/intercept/RunAsManagerImplTests.java
+++ b/core/src/test/java/org/springframework/security/access/intercept/RunAsManagerImplTests.java
@@ -16,17 +16,18 @@
 
 package org.springframework.security.access.intercept;
 
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.fail;
-
 import java.util.Set;
 
 import org.junit.Test;
+
 import org.springframework.security.access.SecurityConfig;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.authority.AuthorityUtils;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.fail;
+
 /**
  * Tests {@link RunAsManagerImpl}.
  *
diff --git a/core/src/test/java/org/springframework/security/access/intercept/RunAsUserTokenTests.java b/core/src/test/java/org/springframework/security/access/intercept/RunAsUserTokenTests.java
index 4182eece6e..50d5fd3d70 100644
--- a/core/src/test/java/org/springframework/security/access/intercept/RunAsUserTokenTests.java
+++ b/core/src/test/java/org/springframework/security/access/intercept/RunAsUserTokenTests.java
@@ -16,13 +16,14 @@
 
 package org.springframework.security.access.intercept;
 
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.fail;
-
 import org.junit.Test;
+
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.authority.AuthorityUtils;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.fail;
+
 /**
  * Tests {@link RunAsUserToken}.
  *
diff --git a/core/src/test/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptorTests.java b/core/src/test/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptorTests.java
index af5f365919..556e6212cb 100644
--- a/core/src/test/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptorTests.java
+++ b/core/src/test/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptorTests.java
@@ -16,11 +16,13 @@
 
 package org.springframework.security.access.intercept.aopalliance;
 
-import static org.assertj.core.api.Assertions.*;
-import static org.mockito.Mockito.*;
+import java.util.List;
 
 import org.aopalliance.intercept.MethodInvocation;
-import org.junit.*;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+
 import org.springframework.aop.framework.ProxyFactory;
 import org.springframework.context.ApplicationEventPublisher;
 import org.springframework.security.ITargetObject;
@@ -44,7 +46,17 @@ import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.core.context.SecurityContextHolder;
 
-import java.util.*;
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.fail;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.anyString;
+import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.Mockito.doThrow;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.never;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.verifyZeroInteractions;
+import static org.mockito.Mockito.when;
 
 /**
  * Tests {@link MethodSecurityInterceptor}.
diff --git a/core/src/test/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisorTests.java b/core/src/test/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisorTests.java
index 7330bd524c..7e5b953fdf 100644
--- a/core/src/test/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisorTests.java
+++ b/core/src/test/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisorTests.java
@@ -16,17 +16,18 @@
 
 package org.springframework.security.access.intercept.aopalliance;
 
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
-
 import java.lang.reflect.Method;
 
 import org.junit.Test;
+
 import org.springframework.security.TargetObject;
 import org.springframework.security.access.SecurityConfig;
 import org.springframework.security.access.method.MethodSecurityMetadataSource;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
 /**
  * Tests {@link MethodSecurityMetadataSourceAdvisor}.
  *
diff --git a/core/src/test/java/org/springframework/security/access/intercept/aspectj/AspectJMethodSecurityInterceptorTests.java b/core/src/test/java/org/springframework/security/access/intercept/aspectj/AspectJMethodSecurityInterceptorTests.java
index ebc5d5eddf..ec0135c570 100644
--- a/core/src/test/java/org/springframework/security/access/intercept/aspectj/AspectJMethodSecurityInterceptorTests.java
+++ b/core/src/test/java/org/springframework/security/access/intercept/aspectj/AspectJMethodSecurityInterceptorTests.java
@@ -16,8 +16,8 @@
 
 package org.springframework.security.access.intercept.aspectj;
 
-import static org.assertj.core.api.Assertions.*;
-import static org.mockito.Mockito.*;
+import java.lang.reflect.Method;
+import java.util.List;
 
 import org.aopalliance.intercept.MethodInvocation;
 import org.aspectj.lang.JoinPoint;
@@ -29,6 +29,7 @@ import org.junit.Before;
 import org.junit.Test;
 import org.mockito.Mock;
 import org.mockito.MockitoAnnotations;
+
 import org.springframework.security.TargetObject;
 import org.springframework.security.access.AccessDecisionManager;
 import org.springframework.security.access.AccessDeniedException;
@@ -43,8 +44,16 @@ import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.util.ClassUtils;
 
-import java.lang.reflect.Method;
-import java.util.List;
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.fail;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.Mockito.doThrow;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.never;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.verifyZeroInteractions;
+import static org.mockito.Mockito.when;
 
 /**
  * Tests {@link AspectJMethodSecurityInterceptor}.
diff --git a/core/src/test/java/org/springframework/security/access/intercept/method/MapBasedMethodSecurityMetadataSourceTests.java b/core/src/test/java/org/springframework/security/access/intercept/method/MapBasedMethodSecurityMetadataSourceTests.java
index 90fd117663..2ba54a6dd7 100644
--- a/core/src/test/java/org/springframework/security/access/intercept/method/MapBasedMethodSecurityMetadataSourceTests.java
+++ b/core/src/test/java/org/springframework/security/access/intercept/method/MapBasedMethodSecurityMetadataSourceTests.java
@@ -15,17 +15,18 @@
  */
 package org.springframework.security.access.intercept.method;
 
-import static org.assertj.core.api.Assertions.assertThat;
-
 import java.lang.reflect.Method;
 import java.util.List;
 
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.access.SecurityConfig;
 import org.springframework.security.access.method.MapBasedMethodSecurityMetadataSource;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 /**
  * Tests for {@link MapBasedMethodSecurityMetadataSource}.
  *
diff --git a/core/src/test/java/org/springframework/security/access/intercept/method/MethodInvocationPrivilegeEvaluatorTests.java b/core/src/test/java/org/springframework/security/access/intercept/method/MethodInvocationPrivilegeEvaluatorTests.java
index 377e301b5f..999d8dd7f2 100644
--- a/core/src/test/java/org/springframework/security/access/intercept/method/MethodInvocationPrivilegeEvaluatorTests.java
+++ b/core/src/test/java/org/springframework/security/access/intercept/method/MethodInvocationPrivilegeEvaluatorTests.java
@@ -16,14 +16,12 @@
 
 package org.springframework.security.access.intercept.method;
 
-import static org.assertj.core.api.Assertions.*;
-import static org.mockito.Mockito.*;
-
-import java.util.*;
+import java.util.List;
 
 import org.aopalliance.intercept.MethodInvocation;
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.security.ITargetObject;
 import org.springframework.security.OtherTargetObject;
 import org.springframework.security.TargetObject;
@@ -39,6 +37,11 @@ import org.springframework.security.authentication.TestingAuthenticationToken;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.util.MethodInvocationUtils;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.Mockito.doThrow;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
 /**
  * Tests
  * {@link org.springframework.security.access.intercept.MethodInvocationPrivilegeEvaluator}
diff --git a/core/src/test/java/org/springframework/security/access/intercept/method/MockMethodInvocation.java b/core/src/test/java/org/springframework/security/access/intercept/method/MockMethodInvocation.java
index 888ff6a2af..b070aec736 100644
--- a/core/src/test/java/org/springframework/security/access/intercept/method/MockMethodInvocation.java
+++ b/core/src/test/java/org/springframework/security/access/intercept/method/MockMethodInvocation.java
@@ -15,11 +15,11 @@
  */
 package org.springframework.security.access.intercept.method;
 
-import org.aopalliance.intercept.MethodInvocation;
-
 import java.lang.reflect.AccessibleObject;
 import java.lang.reflect.Method;
 
+import org.aopalliance.intercept.MethodInvocation;
+
 @SuppressWarnings("unchecked")
 public class MockMethodInvocation implements MethodInvocation {
 
diff --git a/core/src/test/java/org/springframework/security/access/method/DelegatingMethodSecurityMetadataSourceTests.java b/core/src/test/java/org/springframework/security/access/method/DelegatingMethodSecurityMetadataSourceTests.java
index 8922194607..c9ea88654d 100644
--- a/core/src/test/java/org/springframework/security/access/method/DelegatingMethodSecurityMetadataSourceTests.java
+++ b/core/src/test/java/org/springframework/security/access/method/DelegatingMethodSecurityMetadataSourceTests.java
@@ -15,17 +15,22 @@
  */
 package org.springframework.security.access.method;
 
-import static org.assertj.core.api.Assertions.*;
-import static org.mockito.Mockito.*;
+import java.lang.reflect.Method;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
 
 import org.aopalliance.intercept.MethodInvocation;
 import org.junit.Test;
 import org.mockito.ArgumentMatchers;
+
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.util.SimpleMethodInvocation;
 
-import java.lang.reflect.Method;
-import java.util.*;
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
 
 /**
  * @author Luke Taylor
diff --git a/core/src/test/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdviceVoterTests.java b/core/src/test/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdviceVoterTests.java
index 25f7956a27..00807efebb 100644
--- a/core/src/test/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdviceVoterTests.java
+++ b/core/src/test/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdviceVoterTests.java
@@ -15,17 +15,18 @@
  */
 package org.springframework.security.access.prepost;
 
-import static org.assertj.core.api.Assertions.assertThat;
-
 import org.aopalliance.intercept.MethodInvocation;
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
+
 import org.springframework.aop.ProxyMethodInvocation;
 import org.springframework.security.access.intercept.aspectj.MethodInvocationAdapter;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 @RunWith(MockitoJUnitRunner.class)
 public class PreInvocationAuthorizationAdviceVoterTests {
 
diff --git a/core/src/test/java/org/springframework/security/access/vote/AbstractAccessDecisionManagerTests.java b/core/src/test/java/org/springframework/security/access/vote/AbstractAccessDecisionManagerTests.java
index e3ad93ee39..8445d85607 100644
--- a/core/src/test/java/org/springframework/security/access/vote/AbstractAccessDecisionManagerTests.java
+++ b/core/src/test/java/org/springframework/security/access/vote/AbstractAccessDecisionManagerTests.java
@@ -16,19 +16,20 @@
 
 package org.springframework.security.access.vote;
 
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.fail;
-
 import java.util.Collection;
 import java.util.List;
 import java.util.Vector;
 
 import org.junit.Test;
+
 import org.springframework.security.access.AccessDecisionVoter;
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.access.SecurityConfig;
 import org.springframework.security.core.Authentication;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.fail;
+
 /**
  * Tests {@link AbstractAccessDecisionManager}.
  *
diff --git a/core/src/test/java/org/springframework/security/access/vote/AbstractAclVoterTests.java b/core/src/test/java/org/springframework/security/access/vote/AbstractAclVoterTests.java
index c9474d7c6d..3b96281ca8 100644
--- a/core/src/test/java/org/springframework/security/access/vote/AbstractAclVoterTests.java
+++ b/core/src/test/java/org/springframework/security/access/vote/AbstractAclVoterTests.java
@@ -15,16 +15,18 @@
  */
 package org.springframework.security.access.vote;
 
-import static org.assertj.core.api.Assertions.*;
-
-import java.util.*;
+import java.util.ArrayList;
+import java.util.Collection;
 
 import org.aopalliance.intercept.MethodInvocation;
 import org.junit.Test;
+
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.util.MethodInvocationUtils;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 /**
  * @author Luke Taylor
  */
diff --git a/core/src/test/java/org/springframework/security/access/vote/AffirmativeBasedTests.java b/core/src/test/java/org/springframework/security/access/vote/AffirmativeBasedTests.java
index 4e75b038e0..a172eddeea 100644
--- a/core/src/test/java/org/springframework/security/access/vote/AffirmativeBasedTests.java
+++ b/core/src/test/java/org/springframework/security/access/vote/AffirmativeBasedTests.java
@@ -16,22 +16,24 @@
 
 package org.springframework.security.access.vote;
 
-import static org.assertj.core.api.Assertions.assertThat;
-
-import static org.mockito.Mockito.*;
-
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.List;
 
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.security.access.AccessDecisionVoter;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.authentication.TestingAuthenticationToken;
 import org.springframework.security.core.Authentication;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
 /**
  * Tests {@link AffirmativeBased}.
  *
diff --git a/core/src/test/java/org/springframework/security/access/vote/AuthenticatedVoterTests.java b/core/src/test/java/org/springframework/security/access/vote/AuthenticatedVoterTests.java
index 6d87a4a028..4cc37d0c70 100644
--- a/core/src/test/java/org/springframework/security/access/vote/AuthenticatedVoterTests.java
+++ b/core/src/test/java/org/springframework/security/access/vote/AuthenticatedVoterTests.java
@@ -16,12 +16,10 @@
 
 package org.springframework.security.access.vote;
 
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.fail;
-
 import java.util.List;
 
 import org.junit.Test;
+
 import org.springframework.security.access.AccessDecisionVoter;
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.access.SecurityConfig;
@@ -31,6 +29,9 @@ import org.springframework.security.authentication.UsernamePasswordAuthenticatio
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.authority.AuthorityUtils;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.fail;
+
 /**
  * Tests {@link AuthenticatedVoter}.
  *
diff --git a/core/src/test/java/org/springframework/security/access/vote/ConsensusBasedTests.java b/core/src/test/java/org/springframework/security/access/vote/ConsensusBasedTests.java
index b2826d028b..0392e921c1 100644
--- a/core/src/test/java/org/springframework/security/access/vote/ConsensusBasedTests.java
+++ b/core/src/test/java/org/springframework/security/access/vote/ConsensusBasedTests.java
@@ -16,16 +16,19 @@
 
 package org.springframework.security.access.vote;
 
-import static org.assertj.core.api.Assertions.*;
+import java.util.List;
+import java.util.Vector;
+
+import org.junit.Test;
 
-import org.junit.*;
 import org.springframework.security.access.AccessDecisionVoter;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.access.SecurityConfig;
 import org.springframework.security.authentication.TestingAuthenticationToken;
 
-import java.util.*;
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.fail;
 
 /**
  * Tests {@link ConsensusBased}.
diff --git a/core/src/test/java/org/springframework/security/access/vote/DenyAgainVoter.java b/core/src/test/java/org/springframework/security/access/vote/DenyAgainVoter.java
index 7f2dc3e970..9fb9183aa4 100644
--- a/core/src/test/java/org/springframework/security/access/vote/DenyAgainVoter.java
+++ b/core/src/test/java/org/springframework/security/access/vote/DenyAgainVoter.java
@@ -16,13 +16,13 @@
 
 package org.springframework.security.access.vote;
 
+import java.util.Collection;
+import java.util.Iterator;
+
 import org.springframework.security.access.AccessDecisionVoter;
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.core.Authentication;
 
-import java.util.Collection;
-import java.util.Iterator;
-
 /**
  * Implementation of an {@link AccessDecisionVoter} for unit testing.
  * <p>
diff --git a/core/src/test/java/org/springframework/security/access/vote/DenyVoter.java b/core/src/test/java/org/springframework/security/access/vote/DenyVoter.java
index 05248fc1c8..d080e4fd70 100644
--- a/core/src/test/java/org/springframework/security/access/vote/DenyVoter.java
+++ b/core/src/test/java/org/springframework/security/access/vote/DenyVoter.java
@@ -16,13 +16,13 @@
 
 package org.springframework.security.access.vote;
 
+import java.util.Collection;
+import java.util.Iterator;
+
 import org.springframework.security.access.AccessDecisionVoter;
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.core.Authentication;
 
-import java.util.Collection;
-import java.util.Iterator;
-
 /**
  * Implementation of an {@link AccessDecisionVoter} for unit testing.
  * <p>
diff --git a/core/src/test/java/org/springframework/security/access/vote/RoleHierarchyVoterTests.java b/core/src/test/java/org/springframework/security/access/vote/RoleHierarchyVoterTests.java
index 00264e5613..633b92bdbd 100644
--- a/core/src/test/java/org/springframework/security/access/vote/RoleHierarchyVoterTests.java
+++ b/core/src/test/java/org/springframework/security/access/vote/RoleHierarchyVoterTests.java
@@ -15,14 +15,14 @@
  */
 package org.springframework.security.access.vote;
 
-import static org.assertj.core.api.Assertions.assertThat;
-
 import org.junit.Test;
+
 import org.springframework.security.access.SecurityConfig;
 import org.springframework.security.access.hierarchicalroles.RoleHierarchyImpl;
-import org.springframework.security.access.vote.RoleHierarchyVoter;
 import org.springframework.security.authentication.TestingAuthenticationToken;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 public class RoleHierarchyVoterTests {
 
 	@Test
diff --git a/core/src/test/java/org/springframework/security/access/vote/RoleVoterTests.java b/core/src/test/java/org/springframework/security/access/vote/RoleVoterTests.java
index 433766bd69..ea5d13ade5 100644
--- a/core/src/test/java/org/springframework/security/access/vote/RoleVoterTests.java
+++ b/core/src/test/java/org/springframework/security/access/vote/RoleVoterTests.java
@@ -15,14 +15,15 @@
  */
 package org.springframework.security.access.vote;
 
-import static org.assertj.core.api.Assertions.*;
-
 import org.junit.Test;
+
 import org.springframework.security.access.AccessDecisionVoter;
 import org.springframework.security.access.SecurityConfig;
 import org.springframework.security.authentication.TestingAuthenticationToken;
 import org.springframework.security.core.Authentication;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 /**
  * @author Luke Taylor
  */
diff --git a/core/src/test/java/org/springframework/security/access/vote/UnanimousBasedTests.java b/core/src/test/java/org/springframework/security/access/vote/UnanimousBasedTests.java
index fe35268abb..2c204ea270 100644
--- a/core/src/test/java/org/springframework/security/access/vote/UnanimousBasedTests.java
+++ b/core/src/test/java/org/springframework/security/access/vote/UnanimousBasedTests.java
@@ -16,19 +16,20 @@
 
 package org.springframework.security.access.vote;
 
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.fail;
-
 import java.util.List;
 import java.util.Vector;
 
 import org.junit.Test;
+
 import org.springframework.security.access.AccessDecisionVoter;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.access.SecurityConfig;
 import org.springframework.security.authentication.TestingAuthenticationToken;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.fail;
+
 /**
  * Tests {@link UnanimousBased}.
  *
diff --git a/core/src/test/java/org/springframework/security/authentication/AbstractAuthenticationTokenTests.java b/core/src/test/java/org/springframework/security/authentication/AbstractAuthenticationTokenTests.java
index 34907dfba1..686c209458 100644
--- a/core/src/test/java/org/springframework/security/authentication/AbstractAuthenticationTokenTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/AbstractAuthenticationTokenTests.java
@@ -16,16 +16,21 @@
 
 package org.springframework.security.authentication;
 
-import static org.assertj.core.api.Assertions.*;
-import static org.mockito.Mockito.*;
+import java.util.List;
+
+import org.junit.Before;
+import org.junit.Test;
 
-import org.junit.*;
 import org.springframework.security.core.AuthenticatedPrincipal;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 
-import java.util.*;
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
 
 /**
  * Tests {@link AbstractAuthenticationToken}.
diff --git a/core/src/test/java/org/springframework/security/authentication/AuthenticationTrustResolverImplTests.java b/core/src/test/java/org/springframework/security/authentication/AuthenticationTrustResolverImplTests.java
index e43662de7f..63010817d8 100644
--- a/core/src/test/java/org/springframework/security/authentication/AuthenticationTrustResolverImplTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/AuthenticationTrustResolverImplTests.java
@@ -16,11 +16,12 @@
 
 package org.springframework.security.authentication;
 
-import static org.assertj.core.api.Assertions.assertThat;
-
 import org.junit.Test;
+
 import org.springframework.security.core.authority.AuthorityUtils;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 /**
  * Tests
  * {@link org.springframework.security.authentication.AuthenticationTrustResolverImpl}.
diff --git a/core/src/test/java/org/springframework/security/authentication/DefaultAuthenticationEventPublisherTests.java b/core/src/test/java/org/springframework/security/authentication/DefaultAuthenticationEventPublisherTests.java
index a11c9980a9..c4e4e78993 100644
--- a/core/src/test/java/org/springframework/security/authentication/DefaultAuthenticationEventPublisherTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/DefaultAuthenticationEventPublisherTests.java
@@ -15,9 +15,12 @@
  */
 package org.springframework.security.authentication;
 
-import static org.mockito.Mockito.*;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Properties;
+
+import org.junit.Test;
 
-import org.junit.*;
 import org.springframework.context.ApplicationEventPublisher;
 import org.springframework.security.authentication.event.AbstractAuthenticationFailureEvent;
 import org.springframework.security.authentication.event.AuthenticationFailureBadCredentialsEvent;
@@ -28,12 +31,17 @@ import org.springframework.security.authentication.event.AuthenticationFailureLo
 import org.springframework.security.authentication.event.AuthenticationFailureProviderNotFoundEvent;
 import org.springframework.security.authentication.event.AuthenticationFailureServiceExceptionEvent;
 import org.springframework.security.authentication.event.AuthenticationSuccessEvent;
-import org.springframework.security.authentication.event.AbstractAuthenticationFailureEvent;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
 
-import java.util.*;
+import static org.mockito.ArgumentMatchers.isA;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.reset;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.verifyNoMoreInteractions;
+import static org.mockito.Mockito.verifyZeroInteractions;
 
 /**
  * @author Luke Taylor
diff --git a/core/src/test/java/org/springframework/security/authentication/DelegatingReactiveAuthenticationManagerTests.java b/core/src/test/java/org/springframework/security/authentication/DelegatingReactiveAuthenticationManagerTests.java
index f5a7187403..0a7dd80588 100644
--- a/core/src/test/java/org/springframework/security/authentication/DelegatingReactiveAuthenticationManagerTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/DelegatingReactiveAuthenticationManagerTests.java
@@ -16,15 +16,16 @@
 
 package org.springframework.security.authentication;
 
+import java.time.Duration;
+
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
-import org.springframework.security.core.Authentication;
 import reactor.core.publisher.Mono;
 import reactor.test.StepVerifier;
 
-import java.time.Duration;
+import org.springframework.security.core.Authentication;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
diff --git a/core/src/test/java/org/springframework/security/authentication/ProviderManagerTests.java b/core/src/test/java/org/springframework/security/authentication/ProviderManagerTests.java
index 428adb17e6..b5e3371a65 100644
--- a/core/src/test/java/org/springframework/security/authentication/ProviderManagerTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/ProviderManagerTests.java
@@ -29,8 +29,8 @@ import org.springframework.security.core.AuthenticationException;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.fail;
+import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
-import static org.mockito.Mockito.any;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.spy;
 import static org.mockito.Mockito.verify;
diff --git a/core/src/test/java/org/springframework/security/authentication/ReactiveAuthenticationManagerAdapterTests.java b/core/src/test/java/org/springframework/security/authentication/ReactiveAuthenticationManagerAdapterTests.java
index 42e02fa7a1..d523d7df24 100644
--- a/core/src/test/java/org/springframework/security/authentication/ReactiveAuthenticationManagerAdapterTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/ReactiveAuthenticationManagerAdapterTests.java
@@ -21,10 +21,11 @@ import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
-import org.springframework.security.core.Authentication;
 import reactor.core.publisher.Mono;
 import reactor.test.StepVerifier;
 
+import org.springframework.security.core.Authentication;
+
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.when;
diff --git a/core/src/test/java/org/springframework/security/authentication/ReactiveUserDetailsServiceAuthenticationManagerTests.java b/core/src/test/java/org/springframework/security/authentication/ReactiveUserDetailsServiceAuthenticationManagerTests.java
index 32e9db3f44..39fff03071 100644
--- a/core/src/test/java/org/springframework/security/authentication/ReactiveUserDetailsServiceAuthenticationManagerTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/ReactiveUserDetailsServiceAuthenticationManagerTests.java
@@ -15,25 +15,25 @@
  */
 package org.springframework.security.authentication;
 
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.Mockito.when;
-
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
+import reactor.core.publisher.Mono;
+import reactor.test.StepVerifier;
+
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.core.userdetails.PasswordEncodedUser;
-import org.springframework.security.core.userdetails.User;
-
 import org.springframework.security.core.userdetails.ReactiveUserDetailsService;
+import org.springframework.security.core.userdetails.User;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.crypto.password.PasswordEncoder;
-import reactor.core.publisher.Mono;
-import reactor.test.StepVerifier;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.when;
 
 /**
  * @author Rob Winch
diff --git a/core/src/test/java/org/springframework/security/authentication/TestingAuthenticationProviderTests.java b/core/src/test/java/org/springframework/security/authentication/TestingAuthenticationProviderTests.java
index e9bb8af1a5..ec2a84e921 100644
--- a/core/src/test/java/org/springframework/security/authentication/TestingAuthenticationProviderTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/TestingAuthenticationProviderTests.java
@@ -16,12 +16,13 @@
 
 package org.springframework.security.authentication;
 
-import static org.assertj.core.api.Assertions.assertThat;
-
 import org.junit.Test;
+
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.authority.AuthorityUtils;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 /**
  * Tests {@link TestingAuthenticationProvider}.
  *
diff --git a/core/src/test/java/org/springframework/security/authentication/TestingAuthenticationTokenTests.java b/core/src/test/java/org/springframework/security/authentication/TestingAuthenticationTokenTests.java
index 822632aa69..ce040967bd 100644
--- a/core/src/test/java/org/springframework/security/authentication/TestingAuthenticationTokenTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/TestingAuthenticationTokenTests.java
@@ -15,11 +15,12 @@
  */
 package org.springframework.security.authentication;
 
-import org.junit.Test;
-import org.springframework.security.core.authority.SimpleGrantedAuthority;
-
 import java.util.Arrays;
 
+import org.junit.Test;
+
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+
 import static org.assertj.core.api.Assertions.assertThat;
 
 /**
diff --git a/core/src/test/java/org/springframework/security/authentication/UserDetailsRepositoryReactiveAuthenticationManagerTests.java b/core/src/test/java/org/springframework/security/authentication/UserDetailsRepositoryReactiveAuthenticationManagerTests.java
index b221ff3609..6cd9900f1f 100644
--- a/core/src/test/java/org/springframework/security/authentication/UserDetailsRepositoryReactiveAuthenticationManagerTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/UserDetailsRepositoryReactiveAuthenticationManagerTests.java
@@ -16,15 +16,11 @@
 
 package org.springframework.security.authentication;
 
-import static org.assertj.core.api.Assertions.*;
-import static org.mockito.Mockito.*;
-
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
-
 import reactor.core.publisher.Mono;
 import reactor.core.scheduler.Scheduler;
 import reactor.core.scheduler.Schedulers;
@@ -37,6 +33,16 @@ import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsChecker;
 import org.springframework.security.crypto.password.PasswordEncoder;
 
+import static org.assertj.core.api.Assertions.assertThatCode;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.Mockito.doThrow;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.verifyZeroInteractions;
+import static org.mockito.Mockito.when;
+
 /**
  * @author Rob Winch
  * @author Eddú Meléndez
diff --git a/core/src/test/java/org/springframework/security/authentication/UsernamePasswordAuthenticationTokenTests.java b/core/src/test/java/org/springframework/security/authentication/UsernamePasswordAuthenticationTokenTests.java
index 49bce2def9..7ea4eaab20 100644
--- a/core/src/test/java/org/springframework/security/authentication/UsernamePasswordAuthenticationTokenTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/UsernamePasswordAuthenticationTokenTests.java
@@ -16,12 +16,13 @@
 
 package org.springframework.security.authentication;
 
+import org.junit.Test;
+
+import org.springframework.security.core.authority.AuthorityUtils;
+
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.fail;
 
-import org.junit.Test;
-import org.springframework.security.core.authority.AuthorityUtils;
-
 /**
  * Tests {@link UsernamePasswordAuthenticationToken}.
  *
diff --git a/core/src/test/java/org/springframework/security/authentication/anonymous/AnonymousAuthenticationProviderTests.java b/core/src/test/java/org/springframework/security/authentication/anonymous/AnonymousAuthenticationProviderTests.java
index a807bcb8dc..81745b88c2 100644
--- a/core/src/test/java/org/springframework/security/authentication/anonymous/AnonymousAuthenticationProviderTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/anonymous/AnonymousAuthenticationProviderTests.java
@@ -16,9 +16,8 @@
 
 package org.springframework.security.authentication.anonymous;
 
-import static org.assertj.core.api.Assertions.*;
+import org.junit.Test;
 
-import org.junit.*;
 import org.springframework.security.authentication.AnonymousAuthenticationProvider;
 import org.springframework.security.authentication.AnonymousAuthenticationToken;
 import org.springframework.security.authentication.BadCredentialsException;
@@ -26,6 +25,9 @@ import org.springframework.security.authentication.TestingAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.authority.AuthorityUtils;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.fail;
+
 /**
  * Tests {@link AnonymousAuthenticationProvider}.
  *
diff --git a/core/src/test/java/org/springframework/security/authentication/anonymous/AnonymousAuthenticationTokenTests.java b/core/src/test/java/org/springframework/security/authentication/anonymous/AnonymousAuthenticationTokenTests.java
index 943d6a5f7c..ad7b3f14a3 100644
--- a/core/src/test/java/org/springframework/security/authentication/anonymous/AnonymousAuthenticationTokenTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/anonymous/AnonymousAuthenticationTokenTests.java
@@ -16,18 +16,19 @@
 
 package org.springframework.security.authentication.anonymous;
 
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.fail;
-
 import java.util.Collections;
 import java.util.List;
 
 import org.junit.Test;
+
 import org.springframework.security.authentication.AnonymousAuthenticationToken;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.AuthorityUtils;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.fail;
+
 /**
  * Tests {@link AnonymousAuthenticationToken}.
  *
diff --git a/core/src/test/java/org/springframework/security/authentication/dao/DaoAuthenticationProviderTests.java b/core/src/test/java/org/springframework/security/authentication/dao/DaoAuthenticationProviderTests.java
index 76447924f1..89a00fe35c 100644
--- a/core/src/test/java/org/springframework/security/authentication/dao/DaoAuthenticationProviderTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/dao/DaoAuthenticationProviderTests.java
@@ -16,24 +16,12 @@
 
 package org.springframework.security.authentication.dao;
 
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
-import static org.assertj.core.api.Assertions.fail;
-import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.ArgumentMatchers.eq;
-import static org.mockito.ArgumentMatchers.anyString;
-import static org.mockito.ArgumentMatchers.isA;
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.times;
-import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.verifyZeroInteractions;
-import static org.mockito.Mockito.when;
-
 import java.security.SecureRandom;
 import java.util.ArrayList;
 import java.util.List;
 
 import org.junit.Test;
+
 import org.springframework.dao.DataRetrievalFailureException;
 import org.springframework.security.authentication.AccountExpiredException;
 import org.springframework.security.authentication.AuthenticationServiceException;
@@ -50,6 +38,7 @@ import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.core.userdetails.PasswordEncodedUser;
 import org.springframework.security.core.userdetails.User;
 import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsPasswordService;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.security.core.userdetails.cache.EhCacheBasedUserCache;
@@ -58,7 +47,19 @@ import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.factory.PasswordEncoderFactories;
 import org.springframework.security.crypto.password.NoOpPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
-import org.springframework.security.core.userdetails.UserDetailsPasswordService;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.fail;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.anyString;
+import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.ArgumentMatchers.isA;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.verifyZeroInteractions;
+import static org.mockito.Mockito.when;
 
 /**
  * Tests {@link DaoAuthenticationProvider}.
diff --git a/core/src/test/java/org/springframework/security/authentication/event/AuthenticationEventTests.java b/core/src/test/java/org/springframework/security/authentication/event/AuthenticationEventTests.java
index d8df1bb25f..1f5bf770ff 100644
--- a/core/src/test/java/org/springframework/security/authentication/event/AuthenticationEventTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/event/AuthenticationEventTests.java
@@ -16,15 +16,16 @@
 
 package org.springframework.security.authentication.event;
 
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.fail;
-
 import org.junit.Test;
+
 import org.springframework.security.authentication.DisabledException;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.fail;
+
 /**
  * Tests {@link AbstractAuthenticationEvent} and its subclasses.
  *
diff --git a/core/src/test/java/org/springframework/security/authentication/event/LoggerListenerTests.java b/core/src/test/java/org/springframework/security/authentication/event/LoggerListenerTests.java
index c8eaabb4dd..e75590f5c4 100644
--- a/core/src/test/java/org/springframework/security/authentication/event/LoggerListenerTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/event/LoggerListenerTests.java
@@ -17,6 +17,7 @@
 package org.springframework.security.authentication.event;
 
 import org.junit.Test;
+
 import org.springframework.security.authentication.LockedException;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
diff --git a/core/src/test/java/org/springframework/security/authentication/jaas/DefaultJaasAuthenticationProviderTests.java b/core/src/test/java/org/springframework/security/authentication/jaas/DefaultJaasAuthenticationProviderTests.java
index ebe69f1e77..6562d1decc 100644
--- a/core/src/test/java/org/springframework/security/authentication/jaas/DefaultJaasAuthenticationProviderTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/jaas/DefaultJaasAuthenticationProviderTests.java
@@ -15,18 +15,8 @@
  */
 package org.springframework.security.authentication.jaas;
 
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.fail;
-import static org.mockito.ArgumentMatchers.anyString;
-import static org.mockito.ArgumentMatchers.eq;
-import static org.mockito.ArgumentMatchers.isA;
-import static org.mockito.Mockito.doThrow;
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.verifyNoMoreInteractions;
-import static org.mockito.Mockito.when;
-
-import java.util.*;
+import java.util.Arrays;
+import java.util.Collections;
 
 import javax.security.auth.login.AppConfigurationEntry;
 import javax.security.auth.login.AppConfigurationEntry.LoginModuleControlFlag;
@@ -38,12 +28,12 @@ import org.apache.commons.logging.Log;
 import org.junit.Before;
 import org.junit.Test;
 import org.mockito.ArgumentCaptor;
+
 import org.springframework.context.ApplicationEventPublisher;
 import org.springframework.context.support.ClassPathXmlApplicationContext;
 import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.authentication.TestingAuthenticationToken;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
-import org.springframework.security.authentication.jaas.DefaultJaasAuthenticationProvider;
 import org.springframework.security.authentication.jaas.event.JaasAuthenticationFailedEvent;
 import org.springframework.security.authentication.jaas.event.JaasAuthenticationSuccessEvent;
 import org.springframework.security.core.Authentication;
@@ -52,6 +42,17 @@ import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.core.session.SessionDestroyedEvent;
 import org.springframework.test.util.ReflectionTestUtils;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.fail;
+import static org.mockito.ArgumentMatchers.anyString;
+import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.ArgumentMatchers.isA;
+import static org.mockito.Mockito.doThrow;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.verifyNoMoreInteractions;
+import static org.mockito.Mockito.when;
+
 public class DefaultJaasAuthenticationProviderTests {
 
 	private DefaultJaasAuthenticationProvider provider;
diff --git a/core/src/test/java/org/springframework/security/authentication/jaas/JaasAuthenticationProviderTests.java b/core/src/test/java/org/springframework/security/authentication/jaas/JaasAuthenticationProviderTests.java
index a506b24bfd..197c22cd05 100644
--- a/core/src/test/java/org/springframework/security/authentication/jaas/JaasAuthenticationProviderTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/jaas/JaasAuthenticationProviderTests.java
@@ -16,21 +16,21 @@
 
 package org.springframework.security.authentication.jaas;
 
-import static org.assertj.core.api.Assertions.*;
-import static org.mockito.Mockito.*;
-
 import java.io.File;
 import java.io.FileOutputStream;
 import java.io.PrintWriter;
 import java.net.URL;
 import java.security.Security;
-import java.util.*;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.Set;
 
 import javax.security.auth.login.LoginContext;
 import javax.security.auth.login.LoginException;
 
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.context.ApplicationContext;
 import org.springframework.context.support.ClassPathXmlApplicationContext;
 import org.springframework.core.io.FileSystemResource;
@@ -45,6 +45,11 @@ import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.core.session.SessionDestroyedEvent;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.fail;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
 /**
  * Tests for the JaasAuthenticationProvider
  *
diff --git a/core/src/test/java/org/springframework/security/authentication/jaas/JaasGrantedAuthorityTests.java b/core/src/test/java/org/springframework/security/authentication/jaas/JaasGrantedAuthorityTests.java
index 1076660f35..09f2441ba1 100644
--- a/core/src/test/java/org/springframework/security/authentication/jaas/JaasGrantedAuthorityTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/jaas/JaasGrantedAuthorityTests.java
@@ -19,7 +19,6 @@ package org.springframework.security.authentication.jaas;
 import org.junit.Test;
 
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
-import org.springframework.security.authentication.jaas.JaasGrantedAuthority;
 
 /**
  * @author Clement Ng
diff --git a/core/src/test/java/org/springframework/security/authentication/jaas/Sec760Tests.java b/core/src/test/java/org/springframework/security/authentication/jaas/Sec760Tests.java
index d33018425c..e32ad655fc 100644
--- a/core/src/test/java/org/springframework/security/authentication/jaas/Sec760Tests.java
+++ b/core/src/test/java/org/springframework/security/authentication/jaas/Sec760Tests.java
@@ -15,19 +15,15 @@
  */
 package org.springframework.security.authentication.jaas;
 
-import static org.assertj.core.api.Assertions.*;
-
 import org.junit.Test;
+
 import org.springframework.core.io.ClassPathResource;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
-import org.springframework.security.authentication.jaas.AuthorityGranter;
-import org.springframework.security.authentication.jaas.JaasAuthenticationCallbackHandler;
-import org.springframework.security.authentication.jaas.JaasAuthenticationProvider;
-import org.springframework.security.authentication.jaas.JaasNameCallbackHandler;
-import org.springframework.security.authentication.jaas.JaasPasswordCallbackHandler;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.authority.AuthorityUtils;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 /**
  * Tests bug reported in SEC-760.
  *
diff --git a/core/src/test/java/org/springframework/security/authentication/jaas/TestAuthorityGranter.java b/core/src/test/java/org/springframework/security/authentication/jaas/TestAuthorityGranter.java
index 379e88fd75..ec98752d45 100644
--- a/core/src/test/java/org/springframework/security/authentication/jaas/TestAuthorityGranter.java
+++ b/core/src/test/java/org/springframework/security/authentication/jaas/TestAuthorityGranter.java
@@ -17,12 +17,9 @@
 package org.springframework.security.authentication.jaas;
 
 import java.security.Principal;
-
 import java.util.HashSet;
 import java.util.Set;
 
-import org.springframework.security.authentication.jaas.AuthorityGranter;
-
 /**
  * @author Ray Krueger
  */
diff --git a/core/src/test/java/org/springframework/security/authentication/jaas/TestCallbackHandler.java b/core/src/test/java/org/springframework/security/authentication/jaas/TestCallbackHandler.java
index 74af5cc789..d92f8cb5eb 100644
--- a/core/src/test/java/org/springframework/security/authentication/jaas/TestCallbackHandler.java
+++ b/core/src/test/java/org/springframework/security/authentication/jaas/TestCallbackHandler.java
@@ -16,12 +16,11 @@
 
 package org.springframework.security.authentication.jaas;
 
-import org.springframework.security.authentication.jaas.JaasAuthenticationCallbackHandler;
-import org.springframework.security.core.Authentication;
-
 import javax.security.auth.callback.Callback;
 import javax.security.auth.callback.TextInputCallback;
 
+import org.springframework.security.core.Authentication;
+
 /**
  * TestCallbackHandler
  *
diff --git a/core/src/test/java/org/springframework/security/authentication/jaas/TestLoginModule.java b/core/src/test/java/org/springframework/security/authentication/jaas/TestLoginModule.java
index 6a283f02c6..af341e9f94 100644
--- a/core/src/test/java/org/springframework/security/authentication/jaas/TestLoginModule.java
+++ b/core/src/test/java/org/springframework/security/authentication/jaas/TestLoginModule.java
@@ -19,7 +19,11 @@ package org.springframework.security.authentication.jaas;
 import java.util.Map;
 
 import javax.security.auth.Subject;
-import javax.security.auth.callback.*;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.NameCallback;
+import javax.security.auth.callback.PasswordCallback;
+import javax.security.auth.callback.TextInputCallback;
 import javax.security.auth.login.LoginException;
 import javax.security.auth.spi.LoginModule;
 
diff --git a/core/src/test/java/org/springframework/security/authentication/rcp/RemoteAuthenticationManagerImplTests.java b/core/src/test/java/org/springframework/security/authentication/rcp/RemoteAuthenticationManagerImplTests.java
index b255f4a3e9..06327a9b68 100644
--- a/core/src/test/java/org/springframework/security/authentication/rcp/RemoteAuthenticationManagerImplTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/rcp/RemoteAuthenticationManagerImplTests.java
@@ -16,15 +16,18 @@
 
 package org.springframework.security.authentication.rcp;
 
-import static org.assertj.core.api.Assertions.*;
-import static org.mockito.Mockito.*;
-
 import org.junit.Test;
+
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.authentication.TestingAuthenticationToken;
 import org.springframework.security.core.Authentication;
 
+import static org.assertj.core.api.Assertions.fail;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
 /**
  * Tests {@link RemoteAuthenticationManagerImpl}.
  *
diff --git a/core/src/test/java/org/springframework/security/authentication/rememberme/RememberMeAuthenticationTokenTests.java b/core/src/test/java/org/springframework/security/authentication/rememberme/RememberMeAuthenticationTokenTests.java
index c8173dfc90..492566f564 100644
--- a/core/src/test/java/org/springframework/security/authentication/rememberme/RememberMeAuthenticationTokenTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/rememberme/RememberMeAuthenticationTokenTests.java
@@ -16,17 +16,19 @@
 
 package org.springframework.security.authentication.rememberme;
 
-import static org.assertj.core.api.Assertions.*;
-
 import java.util.ArrayList;
 import java.util.List;
 
 import org.junit.Test;
+
 import org.springframework.security.authentication.RememberMeAuthenticationToken;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.AuthorityUtils;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.fail;
+
 /**
  * Tests {@link RememberMeAuthenticationToken}.
  *
diff --git a/core/src/test/java/org/springframework/security/authorization/AuthenticatedReactiveAuthorizationManagerTests.java b/core/src/test/java/org/springframework/security/authorization/AuthenticatedReactiveAuthorizationManagerTests.java
index 4b2d9867d9..9d85af9d45 100644
--- a/core/src/test/java/org/springframework/security/authorization/AuthenticatedReactiveAuthorizationManagerTests.java
+++ b/core/src/test/java/org/springframework/security/authorization/AuthenticatedReactiveAuthorizationManagerTests.java
@@ -20,11 +20,12 @@ import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
-import org.springframework.security.authentication.AnonymousAuthenticationToken;
-import org.springframework.security.core.Authentication;
 import reactor.core.publisher.Mono;
 import reactor.test.StepVerifier;
 
+import org.springframework.security.authentication.AnonymousAuthenticationToken;
+import org.springframework.security.core.Authentication;
+
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.when;
diff --git a/core/src/test/java/org/springframework/security/authorization/AuthorityReactiveAuthorizationManagerTests.java b/core/src/test/java/org/springframework/security/authorization/AuthorityReactiveAuthorizationManagerTests.java
index 8fddc9d217..40c70c1403 100644
--- a/core/src/test/java/org/springframework/security/authorization/AuthorityReactiveAuthorizationManagerTests.java
+++ b/core/src/test/java/org/springframework/security/authorization/AuthorityReactiveAuthorizationManagerTests.java
@@ -16,16 +16,17 @@
 
 package org.springframework.security.authorization;
 
+import java.util.Collections;
+
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
-import org.springframework.security.authentication.TestingAuthenticationToken;
-import org.springframework.security.core.Authentication;
 import reactor.core.publisher.Mono;
 import reactor.test.StepVerifier;
 
-import java.util.Collections;
+import org.springframework.security.authentication.TestingAuthenticationToken;
+import org.springframework.security.core.Authentication;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.Mockito.when;
diff --git a/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextExecutorServiceTests.java b/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextExecutorServiceTests.java
index e2df987e42..a08af9ee13 100644
--- a/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextExecutorServiceTests.java
+++ b/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextExecutorServiceTests.java
@@ -15,10 +15,6 @@
  */
 package org.springframework.security.concurrent;
 
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
-
 import java.util.Arrays;
 import java.util.List;
 import java.util.concurrent.Callable;
@@ -29,6 +25,10 @@ import org.junit.Before;
 import org.junit.Test;
 import org.mockito.Mock;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+
 /**
  * Abstract class for testing {@link DelegatingSecurityContextExecutorService} which
  * allows customization of how {@link DelegatingSecurityContextExecutorService} and its
diff --git a/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextExecutorTests.java b/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextExecutorTests.java
index 6932a78920..ab21514a15 100644
--- a/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextExecutorTests.java
+++ b/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextExecutorTests.java
@@ -15,14 +15,14 @@
  */
 package org.springframework.security.concurrent;
 
-import static org.mockito.Mockito.verify;
-
 import java.util.concurrent.Executor;
 import java.util.concurrent.ScheduledExecutorService;
 
 import org.junit.Test;
 import org.mockito.Mock;
 
+import static org.mockito.Mockito.verify;
+
 /**
  * Abstract class for testing {@link DelegatingSecurityContextExecutor} which allows
  * customization of how {@link DelegatingSecurityContextExecutor} and its mocks are
diff --git a/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextScheduledExecutorServiceTests.java b/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextScheduledExecutorServiceTests.java
index a02b3f2500..057eeec6a5 100644
--- a/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextScheduledExecutorServiceTests.java
+++ b/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextScheduledExecutorServiceTests.java
@@ -15,10 +15,6 @@
  */
 package org.springframework.security.concurrent;
 
-import static org.assertj.core.api.AssertionsForClassTypes.assertThat;
-import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
-
 import java.util.concurrent.ScheduledFuture;
 import java.util.concurrent.TimeUnit;
 
@@ -26,6 +22,10 @@ import org.junit.Before;
 import org.junit.Test;
 import org.mockito.Mock;
 
+import static org.assertj.core.api.AssertionsForClassTypes.assertThat;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+
 /**
  * Abstract class for testing {@link DelegatingSecurityContextScheduledExecutorService}
  * which allows customization of how
diff --git a/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextTestSupport.java b/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextTestSupport.java
index 2f048529ae..e4b7c4b564 100644
--- a/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextTestSupport.java
+++ b/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextTestSupport.java
@@ -15,10 +15,6 @@
  */
 package org.springframework.security.concurrent;
 
-import static org.mockito.ArgumentMatchers.eq;
-import static org.powermock.api.mockito.PowerMockito.doReturn;
-import static org.powermock.api.mockito.PowerMockito.spy;
-
 import java.util.concurrent.Callable;
 
 import org.junit.After;
@@ -29,9 +25,14 @@ import org.mockito.Captor;
 import org.mockito.Mock;
 import org.powermock.core.classloader.annotations.PrepareForTest;
 import org.powermock.modules.junit4.PowerMockRunner;
+
 import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.core.context.SecurityContextHolder;
 
+import static org.mockito.ArgumentMatchers.eq;
+import static org.powermock.api.mockito.PowerMockito.doReturn;
+import static org.powermock.api.mockito.PowerMockito.spy;
+
 /**
  * Abstract base class for testing classes that extend
  * {@link AbstractDelegatingSecurityContextSupport}
diff --git a/core/src/test/java/org/springframework/security/concurrent/CurrentDelegatingSecurityContextExecutorServiceTests.java b/core/src/test/java/org/springframework/security/concurrent/CurrentDelegatingSecurityContextExecutorServiceTests.java
index dc99dd7e23..10a5cd39fa 100644
--- a/core/src/test/java/org/springframework/security/concurrent/CurrentDelegatingSecurityContextExecutorServiceTests.java
+++ b/core/src/test/java/org/springframework/security/concurrent/CurrentDelegatingSecurityContextExecutorServiceTests.java
@@ -17,6 +17,8 @@ package org.springframework.security.concurrent;
 
 import org.junit.Before;
 
+import org.springframework.security.core.context.SecurityContext;
+
 /**
  * Tests using the current {@link SecurityContext} on
  * {@link DelegatingSecurityContextExecutorService}
diff --git a/core/src/test/java/org/springframework/security/concurrent/CurrentDelegatingSecurityContextExecutorTests.java b/core/src/test/java/org/springframework/security/concurrent/CurrentDelegatingSecurityContextExecutorTests.java
index 69e3a42cb9..dc6b40e07e 100644
--- a/core/src/test/java/org/springframework/security/concurrent/CurrentDelegatingSecurityContextExecutorTests.java
+++ b/core/src/test/java/org/springframework/security/concurrent/CurrentDelegatingSecurityContextExecutorTests.java
@@ -17,6 +17,8 @@ package org.springframework.security.concurrent;
 
 import org.junit.Before;
 
+import org.springframework.security.core.context.SecurityContext;
+
 /**
  * Tests using the current {@link SecurityContext} on
  * {@link DelegatingSecurityContextExecutor}
diff --git a/core/src/test/java/org/springframework/security/concurrent/CurrentDelegatingSecurityContextScheduledExecutorServiceTests.java b/core/src/test/java/org/springframework/security/concurrent/CurrentDelegatingSecurityContextScheduledExecutorServiceTests.java
index c0b7dd2d77..6912843fcf 100644
--- a/core/src/test/java/org/springframework/security/concurrent/CurrentDelegatingSecurityContextScheduledExecutorServiceTests.java
+++ b/core/src/test/java/org/springframework/security/concurrent/CurrentDelegatingSecurityContextScheduledExecutorServiceTests.java
@@ -17,6 +17,8 @@ package org.springframework.security.concurrent;
 
 import org.junit.Before;
 
+import org.springframework.security.core.context.SecurityContext;
+
 /**
  * Tests using the current {@link SecurityContext} on
  * {@link DelegatingSecurityContextScheduledExecutorService}
diff --git a/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextCallableTests.java b/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextCallableTests.java
index 5ee2b80b75..9c8f281586 100644
--- a/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextCallableTests.java
+++ b/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextCallableTests.java
@@ -15,10 +15,6 @@
  */
 package org.springframework.security.concurrent;
 
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
-
 import java.util.concurrent.Callable;
 import java.util.concurrent.ExecutorService;
 import java.util.concurrent.Executors;
@@ -32,9 +28,14 @@ import org.mockito.Mock;
 import org.mockito.internal.stubbing.answers.Returns;
 import org.mockito.invocation.InvocationOnMock;
 import org.mockito.junit.MockitoJUnitRunner;
+
 import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.core.context.SecurityContextHolder;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+
 /**
  * @author Rob Winch
  * @since 3.2
diff --git a/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextRunnableTests.java b/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextRunnableTests.java
index 2e92014df1..4e0ee3ae65 100644
--- a/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextRunnableTests.java
+++ b/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextRunnableTests.java
@@ -15,10 +15,6 @@
  */
 package org.springframework.security.concurrent;
 
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.Mockito.doAnswer;
-import static org.mockito.Mockito.verify;
-
 import java.util.concurrent.ExecutorService;
 import java.util.concurrent.Executors;
 import java.util.concurrent.Future;
@@ -30,11 +26,16 @@ import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
 import org.mockito.stubbing.Answer;
+
 import org.springframework.core.task.SyncTaskExecutor;
 import org.springframework.core.task.support.ExecutorServiceAdapter;
 import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.core.context.SecurityContextHolder;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.Mockito.doAnswer;
+import static org.mockito.Mockito.verify;
+
 /**
  * @author Rob Winch
  * @since 3.2
diff --git a/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextSupportTests.java b/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextSupportTests.java
index 5bb2c7330d..fb91ba5ade 100644
--- a/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextSupportTests.java
+++ b/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextSupportTests.java
@@ -15,11 +15,12 @@
  */
 package org.springframework.security.concurrent;
 
-import static org.assertj.core.api.Assertions.assertThat;
-
 import org.junit.Test;
+
 import org.springframework.security.core.context.SecurityContext;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 /**
  * @author Rob Winch
  * @since 3.2
diff --git a/core/src/test/java/org/springframework/security/concurrent/ExplicitDelegatingSecurityContextExecutorServiceTests.java b/core/src/test/java/org/springframework/security/concurrent/ExplicitDelegatingSecurityContextExecutorServiceTests.java
index 925308fa8a..459951e3b9 100644
--- a/core/src/test/java/org/springframework/security/concurrent/ExplicitDelegatingSecurityContextExecutorServiceTests.java
+++ b/core/src/test/java/org/springframework/security/concurrent/ExplicitDelegatingSecurityContextExecutorServiceTests.java
@@ -17,6 +17,8 @@ package org.springframework.security.concurrent;
 
 import org.junit.Before;
 
+import org.springframework.security.core.context.SecurityContext;
+
 /**
  * Tests Explicitly specifying the {@link SecurityContext} on
  * {@link DelegatingSecurityContextExecutorService}
diff --git a/core/src/test/java/org/springframework/security/concurrent/ExplicitDelegatingSecurityContextExecutorTests.java b/core/src/test/java/org/springframework/security/concurrent/ExplicitDelegatingSecurityContextExecutorTests.java
index adbda1e0c8..326a4726cc 100644
--- a/core/src/test/java/org/springframework/security/concurrent/ExplicitDelegatingSecurityContextExecutorTests.java
+++ b/core/src/test/java/org/springframework/security/concurrent/ExplicitDelegatingSecurityContextExecutorTests.java
@@ -16,6 +16,7 @@
 package org.springframework.security.concurrent;
 
 import org.junit.Before;
+
 import org.springframework.security.core.context.SecurityContext;
 
 /**
diff --git a/core/src/test/java/org/springframework/security/concurrent/ExplicitDelegatingSecurityContextScheduledExecutorServiceTests.java b/core/src/test/java/org/springframework/security/concurrent/ExplicitDelegatingSecurityContextScheduledExecutorServiceTests.java
index 10076665e1..a6897a83ef 100644
--- a/core/src/test/java/org/springframework/security/concurrent/ExplicitDelegatingSecurityContextScheduledExecutorServiceTests.java
+++ b/core/src/test/java/org/springframework/security/concurrent/ExplicitDelegatingSecurityContextScheduledExecutorServiceTests.java
@@ -16,6 +16,7 @@
 package org.springframework.security.concurrent;
 
 import org.junit.Before;
+
 import org.springframework.security.core.context.SecurityContext;
 
 /**
diff --git a/core/src/test/java/org/springframework/security/context/DelegatingApplicationListenerTests.java b/core/src/test/java/org/springframework/security/context/DelegatingApplicationListenerTests.java
index a15367dc53..66009a9942 100644
--- a/core/src/test/java/org/springframework/security/context/DelegatingApplicationListenerTests.java
+++ b/core/src/test/java/org/springframework/security/context/DelegatingApplicationListenerTests.java
@@ -20,6 +20,7 @@ import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
+
 import org.springframework.context.ApplicationEvent;
 import org.springframework.context.event.SmartApplicationListener;
 
diff --git a/core/src/test/java/org/springframework/security/core/JavaVersionTests.java b/core/src/test/java/org/springframework/security/core/JavaVersionTests.java
index c9d2dbd645..7620505962 100644
--- a/core/src/test/java/org/springframework/security/core/JavaVersionTests.java
+++ b/core/src/test/java/org/springframework/security/core/JavaVersionTests.java
@@ -15,11 +15,11 @@
  */
 package org.springframework.security.core;
 
-import org.junit.Test;
-
 import java.io.DataInputStream;
 import java.io.InputStream;
 
+import org.junit.Test;
+
 import static org.assertj.core.api.Assertions.assertThat;
 
 /**
diff --git a/core/src/test/java/org/springframework/security/core/SpringSecurityCoreVersionTests.java b/core/src/test/java/org/springframework/security/core/SpringSecurityCoreVersionTests.java
index 3d8eb20c6d..450eb7bc43 100644
--- a/core/src/test/java/org/springframework/security/core/SpringSecurityCoreVersionTests.java
+++ b/core/src/test/java/org/springframework/security/core/SpringSecurityCoreVersionTests.java
@@ -15,15 +15,6 @@
  */
 package org.springframework.security.core;
 
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.Mockito.never;
-import static org.mockito.Mockito.times;
-import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.verifyZeroInteractions;
-import static org.powermock.api.mockito.PowerMockito.doReturn;
-import static org.powermock.api.mockito.PowerMockito.spy;
-
 import org.apache.commons.logging.Log;
 import org.junit.After;
 import org.junit.Before;
@@ -33,8 +24,18 @@ import org.mockito.Mock;
 import org.powermock.core.classloader.annotations.PrepareForTest;
 import org.powermock.modules.junit4.PowerMockRunner;
 import org.powermock.reflect.Whitebox;
+
 import org.springframework.core.SpringVersion;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.never;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.verifyZeroInteractions;
+import static org.powermock.api.mockito.PowerMockito.doReturn;
+import static org.powermock.api.mockito.PowerMockito.spy;
+
 /**
  * Checks that the embedded version information is up to date.
  *
diff --git a/core/src/test/java/org/springframework/security/core/SpringSecurityMessageSourceTests.java b/core/src/test/java/org/springframework/security/core/SpringSecurityMessageSourceTests.java
index 03b705ed65..e9de5e9787 100644
--- a/core/src/test/java/org/springframework/security/core/SpringSecurityMessageSourceTests.java
+++ b/core/src/test/java/org/springframework/security/core/SpringSecurityMessageSourceTests.java
@@ -16,14 +16,15 @@
 
 package org.springframework.security.core;
 
-import static org.assertj.core.api.Assertions.assertThat;
-
 import java.util.Locale;
 
 import org.junit.Test;
+
 import org.springframework.context.i18n.LocaleContextHolder;
 import org.springframework.context.support.MessageSourceAccessor;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 /**
  * Tests {@link org.springframework.security.core.SpringSecurityMessageSource}.
  */
diff --git a/core/src/test/java/org/springframework/security/core/authority/AuthorityUtilsTests.java b/core/src/test/java/org/springframework/security/core/authority/AuthorityUtilsTests.java
index 52248befcd..5143867f4f 100644
--- a/core/src/test/java/org/springframework/security/core/authority/AuthorityUtilsTests.java
+++ b/core/src/test/java/org/springframework/security/core/authority/AuthorityUtilsTests.java
@@ -15,14 +15,14 @@
  */
 package org.springframework.security.core.authority;
 
-import static org.assertj.core.api.Assertions.*;
-
 import java.util.List;
 import java.util.Set;
 
 import org.junit.Test;
+
 import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.core.authority.AuthorityUtils;
+
+import static org.assertj.core.api.Assertions.assertThat;
 
 /**
  * @author Luke Taylor
diff --git a/core/src/test/java/org/springframework/security/core/authority/SimpleGrantedAuthorityTests.java b/core/src/test/java/org/springframework/security/core/authority/SimpleGrantedAuthorityTests.java
index ab065d1a9d..5380b81d71 100644
--- a/core/src/test/java/org/springframework/security/core/authority/SimpleGrantedAuthorityTests.java
+++ b/core/src/test/java/org/springframework/security/core/authority/SimpleGrantedAuthorityTests.java
@@ -16,12 +16,13 @@
 
 package org.springframework.security.core.authority;
 
-import static org.assertj.core.api.Assertions.*;
-import static org.mockito.Mockito.*;
+import org.junit.Test;
 
-import org.junit.*;
 import org.springframework.security.core.GrantedAuthority;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.Mockito.mock;
+
 /**
  * Tests {@link SimpleGrantedAuthority}.
  *
diff --git a/core/src/test/java/org/springframework/security/core/authority/mapping/MapBasedAttributes2GrantedAuthoritiesMapperTests.java b/core/src/test/java/org/springframework/security/core/authority/mapping/MapBasedAttributes2GrantedAuthoritiesMapperTests.java
index 7c35d547fa..5848263f29 100644
--- a/core/src/test/java/org/springframework/security/core/authority/mapping/MapBasedAttributes2GrantedAuthoritiesMapperTests.java
+++ b/core/src/test/java/org/springframework/security/core/authority/mapping/MapBasedAttributes2GrantedAuthoritiesMapperTests.java
@@ -15,13 +15,18 @@
  */
 package org.springframework.security.core.authority.mapping;
 
-import static org.assertj.core.api.Assertions.*;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.HashMap;
+import java.util.List;
 
 import org.junit.Test;
+
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 
-import java.util.*;
+import static org.assertj.core.api.Assertions.assertThat;
 
 /**
  * @author Ruud Senden
diff --git a/core/src/test/java/org/springframework/security/core/authority/mapping/SimpleAuthoritiesMapperTests.java b/core/src/test/java/org/springframework/security/core/authority/mapping/SimpleAuthoritiesMapperTests.java
index 6a5ed58e8b..595f1d0d67 100644
--- a/core/src/test/java/org/springframework/security/core/authority/mapping/SimpleAuthoritiesMapperTests.java
+++ b/core/src/test/java/org/springframework/security/core/authority/mapping/SimpleAuthoritiesMapperTests.java
@@ -15,13 +15,15 @@
  */
 package org.springframework.security.core.authority.mapping;
 
-import static org.assertj.core.api.Assertions.*;
+import java.util.List;
+import java.util.Set;
+
+import org.junit.Test;
 
-import org.junit.*;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.AuthorityUtils;
 
-import java.util.*;
+import static org.assertj.core.api.Assertions.assertThat;
 
 /**
  * @author Luke Taylor
diff --git a/core/src/test/java/org/springframework/security/core/authority/mapping/SimpleMappableRolesRetrieverTests.java b/core/src/test/java/org/springframework/security/core/authority/mapping/SimpleMappableRolesRetrieverTests.java
index ee569b3bfe..8fe0b2d8df 100644
--- a/core/src/test/java/org/springframework/security/core/authority/mapping/SimpleMappableRolesRetrieverTests.java
+++ b/core/src/test/java/org/springframework/security/core/authority/mapping/SimpleMappableRolesRetrieverTests.java
@@ -15,13 +15,14 @@
  */
 package org.springframework.security.core.authority.mapping;
 
-import static org.assertj.core.api.Assertions.assertThat;
-
 import java.util.Set;
 
 import org.junit.Test;
+
 import org.springframework.util.StringUtils;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 /**
  * @author TSARDD
  * @since 18-okt-2007
diff --git a/core/src/test/java/org/springframework/security/core/authority/mapping/SimpleRoles2GrantedAuthoritiesMapperTests.java b/core/src/test/java/org/springframework/security/core/authority/mapping/SimpleRoles2GrantedAuthoritiesMapperTests.java
index 07b61b5e22..9f792e24f3 100644
--- a/core/src/test/java/org/springframework/security/core/authority/mapping/SimpleRoles2GrantedAuthoritiesMapperTests.java
+++ b/core/src/test/java/org/springframework/security/core/authority/mapping/SimpleRoles2GrantedAuthoritiesMapperTests.java
@@ -15,12 +15,17 @@
  */
 package org.springframework.security.core.authority.mapping;
 
-import static org.assertj.core.api.Assertions.*;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.List;
 
 import org.junit.Test;
+
 import org.springframework.security.core.GrantedAuthority;
 
-import java.util.*;
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.fail;
 
 /**
  * @author TSARDD
diff --git a/core/src/test/java/org/springframework/security/core/context/ReactiveSecurityContextHolderTests.java b/core/src/test/java/org/springframework/security/core/context/ReactiveSecurityContextHolderTests.java
index 86770b215f..573ebaccb8 100644
--- a/core/src/test/java/org/springframework/security/core/context/ReactiveSecurityContextHolderTests.java
+++ b/core/src/test/java/org/springframework/security/core/context/ReactiveSecurityContextHolderTests.java
@@ -17,11 +17,12 @@
 package org.springframework.security.core.context;
 
 import org.junit.Test;
-import org.springframework.security.authentication.TestingAuthenticationToken;
-import org.springframework.security.core.Authentication;
 import reactor.core.publisher.Mono;
 import reactor.test.StepVerifier;
 
+import org.springframework.security.authentication.TestingAuthenticationToken;
+import org.springframework.security.core.Authentication;
+
 /**
  * @author Rob Winch
  * @since 5.0
diff --git a/core/src/test/java/org/springframework/security/core/context/SecurityContextHolderTests.java b/core/src/test/java/org/springframework/security/core/context/SecurityContextHolderTests.java
index c0f95dbe27..c8a22279cb 100644
--- a/core/src/test/java/org/springframework/security/core/context/SecurityContextHolderTests.java
+++ b/core/src/test/java/org/springframework/security/core/context/SecurityContextHolderTests.java
@@ -16,12 +16,13 @@
 
 package org.springframework.security.core.context;
 
-import static org.assertj.core.api.Assertions.*;
-
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
-import org.springframework.security.core.context.SecurityContextImpl;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.fail;
 
 /**
  * Tests {@link SecurityContextHolder}.
diff --git a/core/src/test/java/org/springframework/security/core/context/SecurityContextImplTests.java b/core/src/test/java/org/springframework/security/core/context/SecurityContextImplTests.java
index a796a38b35..d6e2f5bbbf 100644
--- a/core/src/test/java/org/springframework/security/core/context/SecurityContextImplTests.java
+++ b/core/src/test/java/org/springframework/security/core/context/SecurityContextImplTests.java
@@ -16,12 +16,13 @@
 
 package org.springframework.security.core.context;
 
-import static org.assertj.core.api.Assertions.assertThat;
-
 import org.junit.Test;
+
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 /**
  * Tests {@link SecurityContextImpl}.
  *
diff --git a/core/src/test/java/org/springframework/security/core/parameters/AnnotationParameterNameDiscovererTests.java b/core/src/test/java/org/springframework/security/core/parameters/AnnotationParameterNameDiscovererTests.java
index f8cf44d9bf..f15f56cdee 100644
--- a/core/src/test/java/org/springframework/security/core/parameters/AnnotationParameterNameDiscovererTests.java
+++ b/core/src/test/java/org/springframework/security/core/parameters/AnnotationParameterNameDiscovererTests.java
@@ -15,13 +15,14 @@
  */
 package org.springframework.security.core.parameters;
 
-import static org.assertj.core.api.Assertions.assertThat;
-
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.security.access.method.P;
 import org.springframework.util.ReflectionUtils;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 public class AnnotationParameterNameDiscovererTests {
 
 	private AnnotationParameterNameDiscoverer discoverer;
diff --git a/core/src/test/java/org/springframework/security/core/parameters/DefaultSecurityParameterNameDiscovererTests.java b/core/src/test/java/org/springframework/security/core/parameters/DefaultSecurityParameterNameDiscovererTests.java
index fdfc95b4e2..f2ab668673 100644
--- a/core/src/test/java/org/springframework/security/core/parameters/DefaultSecurityParameterNameDiscovererTests.java
+++ b/core/src/test/java/org/springframework/security/core/parameters/DefaultSecurityParameterNameDiscovererTests.java
@@ -15,19 +15,20 @@
  */
 package org.springframework.security.core.parameters;
 
-import static org.assertj.core.api.Assertions.assertThat;
-
 import java.util.Arrays;
 import java.util.List;
 import java.util.Set;
 
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.core.DefaultParameterNameDiscoverer;
 import org.springframework.core.LocalVariableTableParameterNameDiscoverer;
 import org.springframework.core.ParameterNameDiscoverer;
 import org.springframework.test.util.ReflectionTestUtils;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 /**
  * @author Rob Winch
  * @since 3.2
diff --git a/core/src/test/java/org/springframework/security/core/session/SessionInformationTests.java b/core/src/test/java/org/springframework/security/core/session/SessionInformationTests.java
index 8da1c9008a..f2d1cbbcaf 100644
--- a/core/src/test/java/org/springframework/security/core/session/SessionInformationTests.java
+++ b/core/src/test/java/org/springframework/security/core/session/SessionInformationTests.java
@@ -16,12 +16,12 @@
 
 package org.springframework.security.core.session;
 
-import static org.assertj.core.api.Assertions.assertThat;
-
 import java.util.Date;
 
 import org.junit.Test;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 /**
  * Tests {@link SessionInformation}.
  *
diff --git a/core/src/test/java/org/springframework/security/core/session/SessionRegistryImplTests.java b/core/src/test/java/org/springframework/security/core/session/SessionRegistryImplTests.java
index 55e2b6d6be..21de69ed01 100644
--- a/core/src/test/java/org/springframework/security/core/session/SessionRegistryImplTests.java
+++ b/core/src/test/java/org/springframework/security/core/session/SessionRegistryImplTests.java
@@ -16,17 +16,15 @@
 
 package org.springframework.security.core.session;
 
-import static org.assertj.core.api.Assertions.*;
-
 import java.util.Date;
 import java.util.List;
 
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.security.core.context.SecurityContext;
-import org.springframework.security.core.session.SessionDestroyedEvent;
-import org.springframework.security.core.session.SessionInformation;
-import org.springframework.security.core.session.SessionRegistryImpl;
+
+import static org.assertj.core.api.Assertions.assertThat;
 
 /**
  * Tests {@link SessionRegistryImpl}.
diff --git a/core/src/test/java/org/springframework/security/core/token/DefaultTokenTests.java b/core/src/test/java/org/springframework/security/core/token/DefaultTokenTests.java
index 3c9521bd0f..ac2c19c8ff 100644
--- a/core/src/test/java/org/springframework/security/core/token/DefaultTokenTests.java
+++ b/core/src/test/java/org/springframework/security/core/token/DefaultTokenTests.java
@@ -17,10 +17,9 @@ package org.springframework.security.core.token;
 
 import java.util.Date;
 
-import static org.assertj.core.api.Assertions.*;
-
 import org.junit.Test;
-import org.springframework.security.core.token.DefaultToken;
+
+import static org.assertj.core.api.Assertions.assertThat;
 
 /**
  * Tests {@link DefaultToken}.
diff --git a/core/src/test/java/org/springframework/security/core/token/KeyBasedPersistenceTokenServiceTests.java b/core/src/test/java/org/springframework/security/core/token/KeyBasedPersistenceTokenServiceTests.java
index 62db61afd5..90fb209572 100644
--- a/core/src/test/java/org/springframework/security/core/token/KeyBasedPersistenceTokenServiceTests.java
+++ b/core/src/test/java/org/springframework/security/core/token/KeyBasedPersistenceTokenServiceTests.java
@@ -15,16 +15,12 @@
  */
 package org.springframework.security.core.token;
 
-import static org.assertj.core.api.Assertions.*;
-
 import java.security.SecureRandom;
 import java.util.Date;
 
 import org.junit.Test;
-import org.springframework.security.core.token.DefaultToken;
-import org.springframework.security.core.token.KeyBasedPersistenceTokenService;
-import org.springframework.security.core.token.SecureRandomFactoryBean;
-import org.springframework.security.core.token.Token;
+
+import static org.assertj.core.api.Assertions.assertThat;
 
 /**
  * Tests {@link KeyBasedPersistenceTokenService}.
diff --git a/core/src/test/java/org/springframework/security/core/userdetails/MapReactiveUserDetailsServiceTests.java b/core/src/test/java/org/springframework/security/core/userdetails/MapReactiveUserDetailsServiceTests.java
index 2bce22d627..c58d52a5ab 100644
--- a/core/src/test/java/org/springframework/security/core/userdetails/MapReactiveUserDetailsServiceTests.java
+++ b/core/src/test/java/org/springframework/security/core/userdetails/MapReactiveUserDetailsServiceTests.java
@@ -15,16 +15,15 @@
  */
 package org.springframework.security.core.userdetails;
 
-import static org.assertj.core.api.Assertions.assertThat;
-
 import java.util.Arrays;
 import java.util.Collection;
 import java.util.Collections;
 
 import org.junit.Test;
-
 import reactor.core.publisher.Mono;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 public class MapReactiveUserDetailsServiceTests {
 
 	// @formatter:off
diff --git a/core/src/test/java/org/springframework/security/core/userdetails/UserDetailsByNameServiceWrapperTests.java b/core/src/test/java/org/springframework/security/core/userdetails/UserDetailsByNameServiceWrapperTests.java
index 2b0a9eb0a7..17bc83221f 100644
--- a/core/src/test/java/org/springframework/security/core/userdetails/UserDetailsByNameServiceWrapperTests.java
+++ b/core/src/test/java/org/springframework/security/core/userdetails/UserDetailsByNameServiceWrapperTests.java
@@ -15,12 +15,14 @@
  */
 package org.springframework.security.core.userdetails;
 
-import static org.assertj.core.api.Assertions.*;
-
 import org.junit.Test;
+
 import org.springframework.security.authentication.TestingAuthenticationToken;
 import org.springframework.security.core.authority.AuthorityUtils;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.fail;
+
 /**
  * @author TSARDD
  * @since 18-okt-2007
diff --git a/core/src/test/java/org/springframework/security/core/userdetails/UserTests.java b/core/src/test/java/org/springframework/security/core/userdetails/UserTests.java
index 198684ab3e..7138ef8ca0 100644
--- a/core/src/test/java/org/springframework/security/core/userdetails/UserTests.java
+++ b/core/src/test/java/org/springframework/security/core/userdetails/UserTests.java
@@ -16,8 +16,6 @@
 
 package org.springframework.security.core.userdetails;
 
-import static org.assertj.core.api.Assertions.*;
-
 import java.io.ByteArrayOutputStream;
 import java.io.ObjectOutputStream;
 import java.util.HashSet;
@@ -26,10 +24,14 @@ import java.util.Set;
 import java.util.function.Function;
 
 import org.junit.Test;
+
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.fail;
+
 /**
  * Tests {@link User}.
  *
diff --git a/core/src/test/java/org/springframework/security/core/userdetails/cache/EhCacheBasedUserCacheTests.java b/core/src/test/java/org/springframework/security/core/userdetails/cache/EhCacheBasedUserCacheTests.java
index c429ac2939..1d989dbe98 100644
--- a/core/src/test/java/org/springframework/security/core/userdetails/cache/EhCacheBasedUserCacheTests.java
+++ b/core/src/test/java/org/springframework/security/core/userdetails/cache/EhCacheBasedUserCacheTests.java
@@ -16,17 +16,18 @@
 
 package org.springframework.security.core.userdetails.cache;
 
-import static org.assertj.core.api.Assertions.*;
 import net.sf.ehcache.Cache;
 import net.sf.ehcache.CacheManager;
 import net.sf.ehcache.Ehcache;
-
 import org.junit.AfterClass;
 import org.junit.BeforeClass;
 import org.junit.Test;
+
 import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.core.userdetails.User;
-import org.springframework.security.core.userdetails.cache.EhCacheBasedUserCache;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.fail;
 
 /**
  * Tests {@link EhCacheBasedUserCache}.
diff --git a/core/src/test/java/org/springframework/security/core/userdetails/cache/NullUserCacheTests.java b/core/src/test/java/org/springframework/security/core/userdetails/cache/NullUserCacheTests.java
index 614387a7fd..4b626f5bc7 100644
--- a/core/src/test/java/org/springframework/security/core/userdetails/cache/NullUserCacheTests.java
+++ b/core/src/test/java/org/springframework/security/core/userdetails/cache/NullUserCacheTests.java
@@ -16,12 +16,13 @@
 
 package org.springframework.security.core.userdetails.cache;
 
-import static org.assertj.core.api.Assertions.assertThat;
-
 import org.junit.Test;
+
 import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.core.userdetails.User;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 /**
  * Tests {@link NullUserCache}.
  *
diff --git a/core/src/test/java/org/springframework/security/core/userdetails/cache/SpringCacheBasedUserCacheTests.java b/core/src/test/java/org/springframework/security/core/userdetails/cache/SpringCacheBasedUserCacheTests.java
index 8d37b8e11c..7fa442e322 100644
--- a/core/src/test/java/org/springframework/security/core/userdetails/cache/SpringCacheBasedUserCacheTests.java
+++ b/core/src/test/java/org/springframework/security/core/userdetails/cache/SpringCacheBasedUserCacheTests.java
@@ -19,13 +19,14 @@ package org.springframework.security.core.userdetails.cache;
 import org.junit.AfterClass;
 import org.junit.BeforeClass;
 import org.junit.Test;
+
 import org.springframework.cache.Cache;
 import org.springframework.cache.CacheManager;
 import org.springframework.cache.concurrent.ConcurrentMapCacheManager;
 import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.core.userdetails.User;
 
-import static org.assertj.core.api.Assertions.*;
+import static org.assertj.core.api.Assertions.assertThat;
 
 /**
  * Tests
diff --git a/core/src/test/java/org/springframework/security/core/userdetails/memory/UserAttributeEditorTests.java b/core/src/test/java/org/springframework/security/core/userdetails/memory/UserAttributeEditorTests.java
index 07a9a1c444..757d05bbeb 100644
--- a/core/src/test/java/org/springframework/security/core/userdetails/memory/UserAttributeEditorTests.java
+++ b/core/src/test/java/org/springframework/security/core/userdetails/memory/UserAttributeEditorTests.java
@@ -16,10 +16,10 @@
 
 package org.springframework.security.core.userdetails.memory;
 
-import static org.assertj.core.api.Assertions.assertThat;
-
 import org.junit.Test;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 /**
  * Tests {@link UserAttributeEditor} and associated {@link UserAttribute}.
  *
diff --git a/core/src/test/java/org/springframework/security/jackson2/BadCredentialsExceptionMixinTests.java b/core/src/test/java/org/springframework/security/jackson2/BadCredentialsExceptionMixinTests.java
index b4b8b87e43..8fce534128 100644
--- a/core/src/test/java/org/springframework/security/jackson2/BadCredentialsExceptionMixinTests.java
+++ b/core/src/test/java/org/springframework/security/jackson2/BadCredentialsExceptionMixinTests.java
@@ -15,13 +15,14 @@
  */
 package org.springframework.security.jackson2;
 
+import java.io.IOException;
+
 import com.fasterxml.jackson.core.JsonProcessingException;
 import org.json.JSONException;
 import org.junit.Test;
 import org.skyscreamer.jsonassert.JSONAssert;
-import org.springframework.security.authentication.BadCredentialsException;
 
-import java.io.IOException;
+import org.springframework.security.authentication.BadCredentialsException;
 
 import static org.assertj.core.api.Assertions.assertThat;
 
diff --git a/core/src/test/java/org/springframework/security/jackson2/RememberMeAuthenticationTokenMixinTests.java b/core/src/test/java/org/springframework/security/jackson2/RememberMeAuthenticationTokenMixinTests.java
index 0fed8d8ac5..1fae8cbded 100644
--- a/core/src/test/java/org/springframework/security/jackson2/RememberMeAuthenticationTokenMixinTests.java
+++ b/core/src/test/java/org/springframework/security/jackson2/RememberMeAuthenticationTokenMixinTests.java
@@ -16,18 +16,19 @@
 
 package org.springframework.security.jackson2;
 
+import java.io.IOException;
+import java.util.Collections;
+
 import com.fasterxml.jackson.core.JsonProcessingException;
 import org.json.JSONException;
 import org.junit.Test;
 import org.skyscreamer.jsonassert.JSONAssert;
+
 import org.springframework.security.authentication.RememberMeAuthenticationToken;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.userdetails.User;
 
-import java.io.IOException;
-import java.util.Collections;
-
 import static org.assertj.core.api.Assertions.assertThat;
 
 /**
diff --git a/core/src/test/java/org/springframework/security/jackson2/SecurityContextMixinTests.java b/core/src/test/java/org/springframework/security/jackson2/SecurityContextMixinTests.java
index 47c3dfa75f..64427cb9f4 100644
--- a/core/src/test/java/org/springframework/security/jackson2/SecurityContextMixinTests.java
+++ b/core/src/test/java/org/springframework/security/jackson2/SecurityContextMixinTests.java
@@ -16,21 +16,21 @@
 
 package org.springframework.security.jackson2;
 
-import static org.assertj.core.api.Assertions.assertThat;
-
 import java.io.IOException;
 import java.util.Collection;
 import java.util.Collections;
 
+import com.fasterxml.jackson.core.JsonProcessingException;
 import org.json.JSONException;
 import org.junit.Test;
 import org.skyscreamer.jsonassert.JSONAssert;
+
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.core.context.SecurityContextImpl;
 
-import com.fasterxml.jackson.core.JsonProcessingException;
+import static org.assertj.core.api.Assertions.assertThat;
 
 /**
  * @author Jitendra Singh
diff --git a/core/src/test/java/org/springframework/security/jackson2/SecurityJackson2ModulesTests.java b/core/src/test/java/org/springframework/security/jackson2/SecurityJackson2ModulesTests.java
index 41b713aba2..0e28240fee 100644
--- a/core/src/test/java/org/springframework/security/jackson2/SecurityJackson2ModulesTests.java
+++ b/core/src/test/java/org/springframework/security/jackson2/SecurityJackson2ModulesTests.java
@@ -16,6 +16,13 @@
 
 package org.springframework.security.jackson2;
 
+import java.lang.annotation.Documented;
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+import java.util.HashMap;
+
 import com.fasterxml.jackson.annotation.JsonAutoDetect;
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.annotation.JsonIgnoreType;
@@ -24,10 +31,8 @@ import com.fasterxml.jackson.databind.ObjectMapper;
 import org.junit.Before;
 import org.junit.Test;
 
-import java.lang.annotation.*;
-import java.util.HashMap;
-
-import static org.assertj.core.api.Assertions.*;
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
 
 /**
  * @author Rob Winch
diff --git a/core/src/test/java/org/springframework/security/jackson2/SimpleGrantedAuthorityMixinTests.java b/core/src/test/java/org/springframework/security/jackson2/SimpleGrantedAuthorityMixinTests.java
index e56e4be0b1..73bb8f3d31 100644
--- a/core/src/test/java/org/springframework/security/jackson2/SimpleGrantedAuthorityMixinTests.java
+++ b/core/src/test/java/org/springframework/security/jackson2/SimpleGrantedAuthorityMixinTests.java
@@ -16,16 +16,17 @@
 
 package org.springframework.security.jackson2;
 
+import java.io.IOException;
+
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.JsonMappingException;
 import org.json.JSONException;
 import org.junit.Test;
 import org.skyscreamer.jsonassert.JSONAssert;
+
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 
-import java.io.IOException;
-
-import static org.assertj.core.api.Assertions.*;
+import static org.assertj.core.api.Assertions.assertThat;
 
 /**
  * @author Jitendra Singh
diff --git a/core/src/test/java/org/springframework/security/provisioning/InMemoryUserDetailsManagerTests.java b/core/src/test/java/org/springframework/security/provisioning/InMemoryUserDetailsManagerTests.java
index b0204a489b..c3c4816c06 100644
--- a/core/src/test/java/org/springframework/security/provisioning/InMemoryUserDetailsManagerTests.java
+++ b/core/src/test/java/org/springframework/security/provisioning/InMemoryUserDetailsManagerTests.java
@@ -17,11 +17,12 @@
 package org.springframework.security.provisioning;
 
 import org.junit.Test;
+
 import org.springframework.security.core.userdetails.PasswordEncodedUser;
 import org.springframework.security.core.userdetails.User;
 import org.springframework.security.core.userdetails.UserDetails;
 
-import static org.assertj.core.api.Assertions.*;
+import static org.assertj.core.api.Assertions.assertThat;
 
 /**
  * @author Rob Winch
diff --git a/core/src/test/java/org/springframework/security/provisioning/JdbcUserDetailsManagerTests.java b/core/src/test/java/org/springframework/security/provisioning/JdbcUserDetailsManagerTests.java
index 78b400ef53..14b5941d7c 100644
--- a/core/src/test/java/org/springframework/security/provisioning/JdbcUserDetailsManagerTests.java
+++ b/core/src/test/java/org/springframework/security/provisioning/JdbcUserDetailsManagerTests.java
@@ -15,9 +15,6 @@
  */
 package org.springframework.security.provisioning;
 
-import static org.assertj.core.api.Assertions.*;
-import static org.mockito.Mockito.*;
-
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.List;
@@ -28,6 +25,7 @@ import org.junit.AfterClass;
 import org.junit.Before;
 import org.junit.BeforeClass;
 import org.junit.Test;
+
 import org.springframework.jdbc.core.JdbcTemplate;
 import org.springframework.security.PopulatedDatabase;
 import org.springframework.security.TestDataSource;
@@ -44,6 +42,12 @@ import org.springframework.security.core.userdetails.User;
 import org.springframework.security.core.userdetails.UserCache;
 import org.springframework.security.core.userdetails.UserDetails;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.fail;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
 /**
  * Tests for {@link JdbcUserDetailsManager}
  *
diff --git a/core/src/test/java/org/springframework/security/scheduling/AbstractSecurityContextSchedulingTaskExecutorTests.java b/core/src/test/java/org/springframework/security/scheduling/AbstractSecurityContextSchedulingTaskExecutorTests.java
index 12b4d0e3cb..09079fc17e 100644
--- a/core/src/test/java/org/springframework/security/scheduling/AbstractSecurityContextSchedulingTaskExecutorTests.java
+++ b/core/src/test/java/org/springframework/security/scheduling/AbstractSecurityContextSchedulingTaskExecutorTests.java
@@ -15,13 +15,14 @@
  */
 package org.springframework.security.scheduling;
 
-import static org.mockito.Mockito.verify;
-
 import org.junit.Test;
 import org.mockito.Mock;
+
 import org.springframework.scheduling.SchedulingTaskExecutor;
 import org.springframework.security.task.AbstractDelegatingSecurityContextAsyncTaskExecutorTests;
 
+import static org.mockito.Mockito.verify;
+
 /**
  * Abstract class for testing {@link DelegatingSecurityContextSchedulingTaskExecutor}
  * which allows customization of how
diff --git a/core/src/test/java/org/springframework/security/scheduling/CurrentSecurityContextSchedulingTaskExecutorTests.java b/core/src/test/java/org/springframework/security/scheduling/CurrentSecurityContextSchedulingTaskExecutorTests.java
index 2134235050..700e55bd7b 100644
--- a/core/src/test/java/org/springframework/security/scheduling/CurrentSecurityContextSchedulingTaskExecutorTests.java
+++ b/core/src/test/java/org/springframework/security/scheduling/CurrentSecurityContextSchedulingTaskExecutorTests.java
@@ -16,6 +16,7 @@
 package org.springframework.security.scheduling;
 
 import org.junit.Before;
+
 import org.springframework.security.core.context.SecurityContext;
 
 /**
diff --git a/core/src/test/java/org/springframework/security/scheduling/DelegatingSecurityContextTaskSchedulerTests.java b/core/src/test/java/org/springframework/security/scheduling/DelegatingSecurityContextTaskSchedulerTests.java
index 4928c14ca3..fbbb4e5f51 100644
--- a/core/src/test/java/org/springframework/security/scheduling/DelegatingSecurityContextTaskSchedulerTests.java
+++ b/core/src/test/java/org/springframework/security/scheduling/DelegatingSecurityContextTaskSchedulerTests.java
@@ -15,19 +15,23 @@
  */
 package org.springframework.security.scheduling;
 
+import java.time.Duration;
+import java.time.Instant;
+import java.util.Date;
+
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
 import org.mockito.Mock;
 import org.mockito.MockitoAnnotations;
+
 import org.springframework.scheduling.TaskScheduler;
 import org.springframework.scheduling.Trigger;
 
-import java.time.Duration;
-import java.time.Instant;
-import java.util.Date;
-
-import static org.mockito.Mockito.*;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.ArgumentMatchers.isA;
+import static org.mockito.Mockito.verify;
 
 /**
  * Test An implementation of {@link TaskScheduler} invoking it whenever the trigger
diff --git a/core/src/test/java/org/springframework/security/scheduling/ExplicitSecurityContextSchedulingTaskExecutorTests.java b/core/src/test/java/org/springframework/security/scheduling/ExplicitSecurityContextSchedulingTaskExecutorTests.java
index 02badbf9e5..e51baf34c2 100644
--- a/core/src/test/java/org/springframework/security/scheduling/ExplicitSecurityContextSchedulingTaskExecutorTests.java
+++ b/core/src/test/java/org/springframework/security/scheduling/ExplicitSecurityContextSchedulingTaskExecutorTests.java
@@ -16,6 +16,7 @@
 package org.springframework.security.scheduling;
 
 import org.junit.Before;
+
 import org.springframework.security.core.context.SecurityContext;
 
 /**
diff --git a/core/src/test/java/org/springframework/security/task/AbstractDelegatingSecurityContextAsyncTaskExecutorTests.java b/core/src/test/java/org/springframework/security/task/AbstractDelegatingSecurityContextAsyncTaskExecutorTests.java
index 0636da970f..206a541991 100644
--- a/core/src/test/java/org/springframework/security/task/AbstractDelegatingSecurityContextAsyncTaskExecutorTests.java
+++ b/core/src/test/java/org/springframework/security/task/AbstractDelegatingSecurityContextAsyncTaskExecutorTests.java
@@ -15,14 +15,15 @@
  */
 package org.springframework.security.task;
 
-import static org.mockito.Mockito.verify;
-
 import org.junit.Before;
 import org.junit.Test;
 import org.mockito.Mock;
+
 import org.springframework.core.task.AsyncTaskExecutor;
 import org.springframework.security.concurrent.AbstractDelegatingSecurityContextExecutorTests;
 
+import static org.mockito.Mockito.verify;
+
 /**
  * Abstract class for testing {@link DelegatingSecurityContextAsyncTaskExecutor} which
  * allows customization of how {@link DelegatingSecurityContextAsyncTaskExecutor} and its
diff --git a/core/src/test/java/org/springframework/security/task/CurrentDelegatingSecurityContextAsyncTaskExecutorTests.java b/core/src/test/java/org/springframework/security/task/CurrentDelegatingSecurityContextAsyncTaskExecutorTests.java
index e11ffad0f3..814530f82a 100644
--- a/core/src/test/java/org/springframework/security/task/CurrentDelegatingSecurityContextAsyncTaskExecutorTests.java
+++ b/core/src/test/java/org/springframework/security/task/CurrentDelegatingSecurityContextAsyncTaskExecutorTests.java
@@ -17,6 +17,8 @@ package org.springframework.security.task;
 
 import org.junit.Before;
 
+import org.springframework.security.core.context.SecurityContext;
+
 /**
  * Tests using the current {@link SecurityContext} on
  * {@link DelegatingSecurityContextAsyncTaskExecutor}
diff --git a/core/src/test/java/org/springframework/security/task/CurrentDelegatingSecurityContextTaskExecutorTests.java b/core/src/test/java/org/springframework/security/task/CurrentDelegatingSecurityContextTaskExecutorTests.java
index d4f9185a6d..b95fbccdb3 100644
--- a/core/src/test/java/org/springframework/security/task/CurrentDelegatingSecurityContextTaskExecutorTests.java
+++ b/core/src/test/java/org/springframework/security/task/CurrentDelegatingSecurityContextTaskExecutorTests.java
@@ -19,9 +19,11 @@ import java.util.concurrent.Executor;
 
 import org.junit.Before;
 import org.mockito.Mock;
+
 import org.springframework.core.task.TaskExecutor;
-import org.springframework.security.concurrent.DelegatingSecurityContextExecutor;
 import org.springframework.security.concurrent.AbstractDelegatingSecurityContextExecutorTests;
+import org.springframework.security.concurrent.DelegatingSecurityContextExecutor;
+import org.springframework.security.core.context.SecurityContext;
 
 /**
  * Tests using the current {@link SecurityContext} on
diff --git a/core/src/test/java/org/springframework/security/task/ExplicitDelegatingSecurityContextAsyncTaskExecutorTests.java b/core/src/test/java/org/springframework/security/task/ExplicitDelegatingSecurityContextAsyncTaskExecutorTests.java
index 55b4efe50c..515dfad44f 100644
--- a/core/src/test/java/org/springframework/security/task/ExplicitDelegatingSecurityContextAsyncTaskExecutorTests.java
+++ b/core/src/test/java/org/springframework/security/task/ExplicitDelegatingSecurityContextAsyncTaskExecutorTests.java
@@ -17,6 +17,8 @@ package org.springframework.security.task;
 
 import org.junit.Before;
 
+import org.springframework.security.core.context.SecurityContext;
+
 /**
  * Tests using an explicit {@link SecurityContext} on
  * {@link DelegatingSecurityContextAsyncTaskExecutor}
diff --git a/core/src/test/java/org/springframework/security/task/ExplicitDelegatingSecurityContextTaskExecutorTests.java b/core/src/test/java/org/springframework/security/task/ExplicitDelegatingSecurityContextTaskExecutorTests.java
index 15b3de0557..788e994259 100644
--- a/core/src/test/java/org/springframework/security/task/ExplicitDelegatingSecurityContextTaskExecutorTests.java
+++ b/core/src/test/java/org/springframework/security/task/ExplicitDelegatingSecurityContextTaskExecutorTests.java
@@ -19,9 +19,11 @@ import java.util.concurrent.Executor;
 
 import org.junit.Before;
 import org.mockito.Mock;
+
 import org.springframework.core.task.TaskExecutor;
-import org.springframework.security.concurrent.DelegatingSecurityContextExecutor;
 import org.springframework.security.concurrent.AbstractDelegatingSecurityContextExecutorTests;
+import org.springframework.security.concurrent.DelegatingSecurityContextExecutor;
+import org.springframework.security.core.context.SecurityContext;
 
 /**
  * Tests using an explicit {@link SecurityContext} on
diff --git a/core/src/test/java/org/springframework/security/util/FieldUtilsTests.java b/core/src/test/java/org/springframework/security/util/FieldUtilsTests.java
index a6c6746de9..bf5fe9e788 100644
--- a/core/src/test/java/org/springframework/security/util/FieldUtilsTests.java
+++ b/core/src/test/java/org/springframework/security/util/FieldUtilsTests.java
@@ -15,9 +15,9 @@
  */
 package org.springframework.security.util;
 
-import static org.assertj.core.api.Assertions.assertThat;
+import org.junit.Test;
 
-import org.junit.*;
+import static org.assertj.core.api.Assertions.assertThat;
 
 /**
  * @author Luke Taylor
diff --git a/core/src/test/java/org/springframework/security/util/InMemoryResourceTests.java b/core/src/test/java/org/springframework/security/util/InMemoryResourceTests.java
index 3b8f0062b3..c98116c592 100644
--- a/core/src/test/java/org/springframework/security/util/InMemoryResourceTests.java
+++ b/core/src/test/java/org/springframework/security/util/InMemoryResourceTests.java
@@ -15,9 +15,9 @@
  */
 package org.springframework.security.util;
 
-import static org.assertj.core.api.Assertions.*;
+import org.junit.Test;
 
-import org.junit.*;
+import static org.assertj.core.api.Assertions.assertThat;
 
 /**
  * @author Luke Taylor
diff --git a/core/src/test/java/org/springframework/security/util/MethodInvocationUtilsTests.java b/core/src/test/java/org/springframework/security/util/MethodInvocationUtilsTests.java
index 3aadc6bd64..94b2063b06 100644
--- a/core/src/test/java/org/springframework/security/util/MethodInvocationUtilsTests.java
+++ b/core/src/test/java/org/springframework/security/util/MethodInvocationUtilsTests.java
@@ -15,14 +15,15 @@
  */
 package org.springframework.security.util;
 
-import static org.assertj.core.api.Assertions.*;
+import java.io.Serializable;
 
 import org.aopalliance.intercept.MethodInvocation;
-import org.junit.*;
+import org.junit.Test;
+
 import org.springframework.aop.framework.AdvisedSupport;
 import org.springframework.security.access.annotation.BusinessServiceImpl;
 
-import java.io.Serializable;
+import static org.assertj.core.api.Assertions.assertThat;
 
 /**
  * @author Luke Taylor
diff --git a/crypto/src/main/java/org/springframework/security/crypto/argon2/Argon2EncodingUtils.java b/crypto/src/main/java/org/springframework/security/crypto/argon2/Argon2EncodingUtils.java
index 18efe2479f..51c19da427 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/argon2/Argon2EncodingUtils.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/argon2/Argon2EncodingUtils.java
@@ -16,6 +16,7 @@
 package org.springframework.security.crypto.argon2;
 
 import java.util.Base64;
+
 import org.bouncycastle.crypto.params.Argon2Parameters;
 import org.bouncycastle.util.Arrays;
 
diff --git a/crypto/src/main/java/org/springframework/security/crypto/argon2/Argon2PasswordEncoder.java b/crypto/src/main/java/org/springframework/security/crypto/argon2/Argon2PasswordEncoder.java
index f66e31e1ba..550da56193 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/argon2/Argon2PasswordEncoder.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/argon2/Argon2PasswordEncoder.java
@@ -20,6 +20,7 @@ import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.bouncycastle.crypto.generators.Argon2BytesGenerator;
 import org.bouncycastle.crypto.params.Argon2Parameters;
+
 import org.springframework.security.crypto.keygen.BytesKeyGenerator;
 import org.springframework.security.crypto.keygen.KeyGenerators;
 import org.springframework.security.crypto.password.PasswordEncoder;
diff --git a/crypto/src/main/java/org/springframework/security/crypto/bcrypt/BCrypt.java b/crypto/src/main/java/org/springframework/security/crypto/bcrypt/BCrypt.java
index 0d57216641..f3a9f0007b 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/bcrypt/BCrypt.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/bcrypt/BCrypt.java
@@ -15,8 +15,8 @@ package org.springframework.security.crypto.bcrypt;
 
 import java.nio.charset.StandardCharsets;
 import java.security.MessageDigest;
-import java.util.Arrays;
 import java.security.SecureRandom;
+import java.util.Arrays;
 
 /**
  * BCrypt implements OpenBSD-style Blowfish password hashing using the scheme described in
diff --git a/crypto/src/main/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoder.java b/crypto/src/main/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoder.java
index 3304a7d48b..36d07ae755 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoder.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoder.java
@@ -15,14 +15,15 @@
  */
 package org.springframework.security.crypto.bcrypt;
 
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.springframework.security.crypto.password.PasswordEncoder;
-
 import java.security.SecureRandom;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import org.springframework.security.crypto.password.PasswordEncoder;
+
 /**
  * Implementation of PasswordEncoder that uses the BCrypt strong hashing function. Clients
  * can optionally supply a "version" ($2a, $2b, $2y) and a "strength" (a.k.a. log rounds
diff --git a/crypto/src/main/java/org/springframework/security/crypto/encrypt/AesBytesEncryptor.java b/crypto/src/main/java/org/springframework/security/crypto/encrypt/AesBytesEncryptor.java
index b2491e4fe3..41be9918e8 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/encrypt/AesBytesEncryptor.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/encrypt/AesBytesEncryptor.java
@@ -15,13 +15,6 @@
  */
 package org.springframework.security.crypto.encrypt;
 
-import static org.springframework.security.crypto.encrypt.CipherUtils.doFinal;
-import static org.springframework.security.crypto.encrypt.CipherUtils.initCipher;
-import static org.springframework.security.crypto.encrypt.CipherUtils.newCipher;
-import static org.springframework.security.crypto.encrypt.CipherUtils.newSecretKey;
-import static org.springframework.security.crypto.util.EncodingUtils.concatenate;
-import static org.springframework.security.crypto.util.EncodingUtils.subArray;
-
 import java.security.spec.AlgorithmParameterSpec;
 
 import javax.crypto.Cipher;
@@ -35,6 +28,13 @@ import org.springframework.security.crypto.codec.Hex;
 import org.springframework.security.crypto.keygen.BytesKeyGenerator;
 import org.springframework.security.crypto.keygen.KeyGenerators;
 
+import static org.springframework.security.crypto.encrypt.CipherUtils.doFinal;
+import static org.springframework.security.crypto.encrypt.CipherUtils.initCipher;
+import static org.springframework.security.crypto.encrypt.CipherUtils.newCipher;
+import static org.springframework.security.crypto.encrypt.CipherUtils.newSecretKey;
+import static org.springframework.security.crypto.util.EncodingUtils.concatenate;
+import static org.springframework.security.crypto.util.EncodingUtils.subArray;
+
 /**
  * Encryptor that uses AES encryption.
  *
diff --git a/crypto/src/main/java/org/springframework/security/crypto/encrypt/BouncyCastleAesBytesEncryptor.java b/crypto/src/main/java/org/springframework/security/crypto/encrypt/BouncyCastleAesBytesEncryptor.java
index 53e301eb94..a6faef53cb 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/encrypt/BouncyCastleAesBytesEncryptor.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/encrypt/BouncyCastleAesBytesEncryptor.java
@@ -18,6 +18,7 @@ package org.springframework.security.crypto.encrypt;
 import org.bouncycastle.crypto.PBEParametersGenerator;
 import org.bouncycastle.crypto.generators.PKCS5S2ParametersGenerator;
 import org.bouncycastle.crypto.params.KeyParameter;
+
 import org.springframework.security.crypto.codec.Hex;
 import org.springframework.security.crypto.keygen.BytesKeyGenerator;
 import org.springframework.security.crypto.keygen.KeyGenerators;
diff --git a/crypto/src/main/java/org/springframework/security/crypto/encrypt/BouncyCastleAesCbcBytesEncryptor.java b/crypto/src/main/java/org/springframework/security/crypto/encrypt/BouncyCastleAesCbcBytesEncryptor.java
index 1394856c36..bd60fe5236 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/encrypt/BouncyCastleAesCbcBytesEncryptor.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/encrypt/BouncyCastleAesCbcBytesEncryptor.java
@@ -15,18 +15,19 @@
  */
 package org.springframework.security.crypto.encrypt;
 
-import static org.springframework.security.crypto.util.EncodingUtils.concatenate;
-import static org.springframework.security.crypto.util.EncodingUtils.subArray;
-
 import org.bouncycastle.crypto.BufferedBlockCipher;
 import org.bouncycastle.crypto.InvalidCipherTextException;
 import org.bouncycastle.crypto.modes.CBCBlockCipher;
 import org.bouncycastle.crypto.paddings.PKCS7Padding;
 import org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher;
 import org.bouncycastle.crypto.params.ParametersWithIV;
+
 import org.springframework.security.crypto.encrypt.AesBytesEncryptor.CipherAlgorithm;
 import org.springframework.security.crypto.keygen.BytesKeyGenerator;
 
+import static org.springframework.security.crypto.util.EncodingUtils.concatenate;
+import static org.springframework.security.crypto.util.EncodingUtils.subArray;
+
 /**
  * An Encryptor equivalent to {@link AesBytesEncryptor} using {@link CipherAlgorithm#CBC}
  * that uses Bouncy Castle instead of JCE. The algorithm is equivalent to
diff --git a/crypto/src/main/java/org/springframework/security/crypto/encrypt/BouncyCastleAesGcmBytesEncryptor.java b/crypto/src/main/java/org/springframework/security/crypto/encrypt/BouncyCastleAesGcmBytesEncryptor.java
index 71abc75e1d..bc43375fbc 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/encrypt/BouncyCastleAesGcmBytesEncryptor.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/encrypt/BouncyCastleAesGcmBytesEncryptor.java
@@ -15,16 +15,17 @@
  */
 package org.springframework.security.crypto.encrypt;
 
-import static org.springframework.security.crypto.util.EncodingUtils.concatenate;
-import static org.springframework.security.crypto.util.EncodingUtils.subArray;
-
 import org.bouncycastle.crypto.InvalidCipherTextException;
 import org.bouncycastle.crypto.modes.AEADBlockCipher;
 import org.bouncycastle.crypto.modes.GCMBlockCipher;
 import org.bouncycastle.crypto.params.AEADParameters;
+
 import org.springframework.security.crypto.encrypt.AesBytesEncryptor.CipherAlgorithm;
 import org.springframework.security.crypto.keygen.BytesKeyGenerator;
 
+import static org.springframework.security.crypto.util.EncodingUtils.concatenate;
+import static org.springframework.security.crypto.util.EncodingUtils.subArray;
+
 /**
  * An Encryptor equivalent to {@link AesBytesEncryptor} using {@link CipherAlgorithm#GCM}
  * that uses Bouncy Castle instead of JCE. The algorithm is equivalent to
diff --git a/crypto/src/main/java/org/springframework/security/crypto/factory/PasswordEncoderFactories.java b/crypto/src/main/java/org/springframework/security/crypto/factory/PasswordEncoderFactories.java
index 46678d65cb..c954da5d07 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/factory/PasswordEncoderFactories.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/factory/PasswordEncoderFactories.java
@@ -16,6 +16,9 @@
 
 package org.springframework.security.crypto.factory;
 
+import java.util.HashMap;
+import java.util.Map;
+
 import org.springframework.security.crypto.argon2.Argon2PasswordEncoder;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.DelegatingPasswordEncoder;
@@ -23,9 +26,6 @@ import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.crypto.password.Pbkdf2PasswordEncoder;
 import org.springframework.security.crypto.scrypt.SCryptPasswordEncoder;
 
-import java.util.HashMap;
-import java.util.Map;
-
 /**
  * Used for creating {@link PasswordEncoder} instances
  *
diff --git a/crypto/src/main/java/org/springframework/security/crypto/password/AbstractPasswordEncoder.java b/crypto/src/main/java/org/springframework/security/crypto/password/AbstractPasswordEncoder.java
index 7593e1942d..db43f51292 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/password/AbstractPasswordEncoder.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/password/AbstractPasswordEncoder.java
@@ -15,12 +15,12 @@
  */
 package org.springframework.security.crypto.password;
 
+import java.security.MessageDigest;
+
 import org.springframework.security.crypto.codec.Hex;
 import org.springframework.security.crypto.keygen.BytesKeyGenerator;
 import org.springframework.security.crypto.keygen.KeyGenerators;
 
-import java.security.MessageDigest;
-
 import static org.springframework.security.crypto.util.EncodingUtils.concatenate;
 import static org.springframework.security.crypto.util.EncodingUtils.subArray;
 
diff --git a/crypto/src/main/java/org/springframework/security/crypto/password/LdapShaPasswordEncoder.java b/crypto/src/main/java/org/springframework/security/crypto/password/LdapShaPasswordEncoder.java
index a698244f23..91e5fa6d23 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/password/LdapShaPasswordEncoder.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/password/LdapShaPasswordEncoder.java
@@ -16,13 +16,13 @@
 
 package org.springframework.security.crypto.password;
 
+import java.security.MessageDigest;
+import java.util.Base64;
+
 import org.springframework.security.crypto.codec.Utf8;
 import org.springframework.security.crypto.keygen.BytesKeyGenerator;
 import org.springframework.security.crypto.keygen.KeyGenerators;
 
-import java.security.MessageDigest;
-import java.util.Base64;
-
 /**
  * This {@link PasswordEncoder} is provided for legacy purposes only and is not considered
  * secure.
diff --git a/crypto/src/main/java/org/springframework/security/crypto/password/Md4PasswordEncoder.java b/crypto/src/main/java/org/springframework/security/crypto/password/Md4PasswordEncoder.java
index 64e3e2e529..77618d4db3 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/password/Md4PasswordEncoder.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/password/Md4PasswordEncoder.java
@@ -15,13 +15,13 @@
  */
 package org.springframework.security.crypto.password;
 
+import java.util.Base64;
+
 import org.springframework.security.crypto.codec.Hex;
 import org.springframework.security.crypto.codec.Utf8;
 import org.springframework.security.crypto.keygen.Base64StringKeyGenerator;
 import org.springframework.security.crypto.keygen.StringKeyGenerator;
 
-import java.util.Base64;
-
 /**
  * This {@link PasswordEncoder} is provided for legacy purposes only and is not considered
  * secure.
diff --git a/crypto/src/main/java/org/springframework/security/crypto/password/MessageDigestPasswordEncoder.java b/crypto/src/main/java/org/springframework/security/crypto/password/MessageDigestPasswordEncoder.java
index 4f6a7f2af9..99a8d11544 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/password/MessageDigestPasswordEncoder.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/password/MessageDigestPasswordEncoder.java
@@ -15,14 +15,14 @@
  */
 package org.springframework.security.crypto.password;
 
+import java.security.MessageDigest;
+import java.util.Base64;
+
 import org.springframework.security.crypto.codec.Hex;
 import org.springframework.security.crypto.codec.Utf8;
 import org.springframework.security.crypto.keygen.Base64StringKeyGenerator;
 import org.springframework.security.crypto.keygen.StringKeyGenerator;
 
-import java.security.MessageDigest;
-import java.util.Base64;
-
 /**
  * This {@link PasswordEncoder} is provided for legacy purposes only and is not considered
  * secure.
diff --git a/crypto/src/main/java/org/springframework/security/crypto/password/PasswordEncoderUtils.java b/crypto/src/main/java/org/springframework/security/crypto/password/PasswordEncoderUtils.java
index f808a0911e..167a51b1d3 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/password/PasswordEncoderUtils.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/password/PasswordEncoderUtils.java
@@ -15,10 +15,10 @@
  */
 package org.springframework.security.crypto.password;
 
-import org.springframework.security.crypto.codec.Utf8;
-
 import java.security.MessageDigest;
 
+import org.springframework.security.crypto.codec.Utf8;
+
 /**
  * Utility for constant time comparison to prevent against timing attacks.
  *
diff --git a/crypto/src/main/java/org/springframework/security/crypto/password/StandardPasswordEncoder.java b/crypto/src/main/java/org/springframework/security/crypto/password/StandardPasswordEncoder.java
index 7f64d2e225..2164e1fd88 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/password/StandardPasswordEncoder.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/password/StandardPasswordEncoder.java
@@ -15,15 +15,15 @@
  */
 package org.springframework.security.crypto.password;
 
-import static org.springframework.security.crypto.util.EncodingUtils.concatenate;
-import static org.springframework.security.crypto.util.EncodingUtils.subArray;
+import java.security.MessageDigest;
 
 import org.springframework.security.crypto.codec.Hex;
 import org.springframework.security.crypto.codec.Utf8;
 import org.springframework.security.crypto.keygen.BytesKeyGenerator;
 import org.springframework.security.crypto.keygen.KeyGenerators;
 
-import java.security.MessageDigest;
+import static org.springframework.security.crypto.util.EncodingUtils.concatenate;
+import static org.springframework.security.crypto.util.EncodingUtils.subArray;
 
 /**
  * This {@link PasswordEncoder} is provided for legacy purposes only and is not considered
diff --git a/crypto/src/main/java/org/springframework/security/crypto/scrypt/SCryptPasswordEncoder.java b/crypto/src/main/java/org/springframework/security/crypto/scrypt/SCryptPasswordEncoder.java
index a7fcec4057..ebd5f6d059 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/scrypt/SCryptPasswordEncoder.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/scrypt/SCryptPasswordEncoder.java
@@ -21,6 +21,7 @@ import java.util.Base64;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.bouncycastle.crypto.generators.SCrypt;
+
 import org.springframework.security.crypto.codec.Utf8;
 import org.springframework.security.crypto.keygen.BytesKeyGenerator;
 import org.springframework.security.crypto.keygen.KeyGenerators;
diff --git a/crypto/src/test/java/org/springframework/security/crypto/argon2/Argon2EncodingUtilsTests.java b/crypto/src/test/java/org/springframework/security/crypto/argon2/Argon2EncodingUtilsTests.java
index 86e5bd9d53..8a3ca5e371 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/argon2/Argon2EncodingUtilsTests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/argon2/Argon2EncodingUtilsTests.java
@@ -15,12 +15,13 @@
  */
 package org.springframework.security.crypto.argon2;
 
-import static org.assertj.core.api.Assertions.assertThat;
-
 import java.util.Base64;
+
 import org.bouncycastle.crypto.params.Argon2Parameters;
 import org.junit.Test;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 /**
  * @author Simeon Macke
  */
diff --git a/crypto/src/test/java/org/springframework/security/crypto/argon2/Argon2PasswordEncoderTests.java b/crypto/src/test/java/org/springframework/security/crypto/argon2/Argon2PasswordEncoderTests.java
index 5de065357d..ab7a560399 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/argon2/Argon2PasswordEncoderTests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/argon2/Argon2PasswordEncoderTests.java
@@ -15,17 +15,19 @@
  */
 package org.springframework.security.crypto.argon2;
 
-import static org.assertj.core.api.Assertions.assertThat;
-
 import java.lang.reflect.Field;
 import java.util.Arrays;
+
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.Mockito;
 import org.mockito.junit.MockitoJUnitRunner;
+
 import org.springframework.security.crypto.keygen.BytesKeyGenerator;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 /**
  * @author Simeon Macke
  */
diff --git a/crypto/src/test/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoderTests.java b/crypto/src/test/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoderTests.java
index 8c8889977b..7be0e81a3c 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoderTests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoderTests.java
@@ -15,10 +15,10 @@
  */
 package org.springframework.security.crypto.bcrypt;
 
-import org.junit.Test;
-
 import java.security.SecureRandom;
 
+import org.junit.Test;
+
 import static org.assertj.core.api.Assertions.assertThat;
 
 /**
diff --git a/crypto/src/test/java/org/springframework/security/crypto/bcrypt/BCryptTests.java b/crypto/src/test/java/org/springframework/security/crypto/bcrypt/BCryptTests.java
index 437f03330d..7fcd8739c9 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/bcrypt/BCryptTests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/bcrypt/BCryptTests.java
@@ -14,13 +14,13 @@
 
 package org.springframework.security.crypto.bcrypt;
 
-import org.junit.BeforeClass;
-import org.junit.Test;
-
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.List;
 
+import org.junit.BeforeClass;
+import org.junit.Test;
+
 import static org.assertj.core.api.Assertions.assertThat;
 
 /**
diff --git a/crypto/src/test/java/org/springframework/security/crypto/codec/Base64Tests.java b/crypto/src/test/java/org/springframework/security/crypto/codec/Base64Tests.java
index 3a96a9b0b0..e220001c1f 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/codec/Base64Tests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/codec/Base64Tests.java
@@ -15,9 +15,9 @@
  */
 package org.springframework.security.crypto.codec;
 
-import static org.assertj.core.api.Assertions.*;
+import org.junit.Test;
 
-import org.junit.*;
+import static org.assertj.core.api.Assertions.assertThat;
 
 /**
  * @author Luke Taylor
diff --git a/crypto/src/test/java/org/springframework/security/crypto/codec/Utf8Tests.java b/crypto/src/test/java/org/springframework/security/crypto/codec/Utf8Tests.java
index 9e7ef12b52..350cbccb6a 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/codec/Utf8Tests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/codec/Utf8Tests.java
@@ -15,11 +15,11 @@
  */
 package org.springframework.security.crypto.codec;
 
-import static org.assertj.core.api.Assertions.*;
+import java.util.Arrays;
 
-import org.junit.*;
+import org.junit.Test;
 
-import java.util.*;
+import static org.assertj.core.api.Assertions.assertThat;
 
 /**
  * @author Luke Taylor
diff --git a/crypto/src/test/java/org/springframework/security/crypto/encrypt/AesBytesEncryptorTests.java b/crypto/src/test/java/org/springframework/security/crypto/encrypt/AesBytesEncryptorTests.java
index 44ed2570c9..f977ae835b 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/encrypt/AesBytesEncryptorTests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/encrypt/AesBytesEncryptorTests.java
@@ -16,15 +16,15 @@
 
 package org.springframework.security.crypto.encrypt;
 
+import javax.crypto.SecretKey;
+import javax.crypto.spec.PBEKeySpec;
+
 import org.junit.Before;
 import org.junit.Test;
 
 import org.springframework.security.crypto.codec.Hex;
 import org.springframework.security.crypto.keygen.BytesKeyGenerator;
 
-import javax.crypto.SecretKey;
-import javax.crypto.spec.PBEKeySpec;
-
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.when;
diff --git a/crypto/src/test/java/org/springframework/security/crypto/encrypt/BouncyCastleAesBytesEncryptorEquivalencyTests.java b/crypto/src/test/java/org/springframework/security/crypto/encrypt/BouncyCastleAesBytesEncryptorEquivalencyTests.java
index 7df6f80c27..71cf37a9f7 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/encrypt/BouncyCastleAesBytesEncryptorEquivalencyTests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/encrypt/BouncyCastleAesBytesEncryptorEquivalencyTests.java
@@ -22,6 +22,7 @@ import java.util.UUID;
 import org.junit.Assert;
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.security.crypto.codec.Hex;
 import org.springframework.security.crypto.encrypt.AesBytesEncryptor.CipherAlgorithm;
 import org.springframework.security.crypto.keygen.BytesKeyGenerator;
diff --git a/crypto/src/test/java/org/springframework/security/crypto/encrypt/BouncyCastleAesBytesEncryptorTests.java b/crypto/src/test/java/org/springframework/security/crypto/encrypt/BouncyCastleAesBytesEncryptorTests.java
index ff188a3561..df881313a6 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/encrypt/BouncyCastleAesBytesEncryptorTests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/encrypt/BouncyCastleAesBytesEncryptorTests.java
@@ -22,6 +22,7 @@ import org.bouncycastle.util.Arrays;
 import org.junit.Assert;
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.security.crypto.codec.Hex;
 import org.springframework.security.crypto.keygen.KeyGenerators;
 
diff --git a/crypto/src/test/java/org/springframework/security/crypto/encrypt/CryptoAssumptions.java b/crypto/src/test/java/org/springframework/security/crypto/encrypt/CryptoAssumptions.java
index efa4c0eff1..4c238552fd 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/encrypt/CryptoAssumptions.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/encrypt/CryptoAssumptions.java
@@ -22,6 +22,7 @@ import javax.crypto.NoSuchPaddingException;
 
 import org.junit.Assume;
 import org.junit.AssumptionViolatedException;
+
 import org.springframework.security.crypto.encrypt.AesBytesEncryptor.CipherAlgorithm;
 
 public class CryptoAssumptions {
diff --git a/crypto/src/test/java/org/springframework/security/crypto/encrypt/EncryptorsTests.java b/crypto/src/test/java/org/springframework/security/crypto/encrypt/EncryptorsTests.java
index 9b6a4ed3ed..75fbd97cc7 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/encrypt/EncryptorsTests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/encrypt/EncryptorsTests.java
@@ -15,10 +15,10 @@
  */
 package org.springframework.security.crypto.encrypt;
 
-import static org.assertj.core.api.Assertions.assertThat;
-
 import org.junit.Test;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 public class EncryptorsTests {
 
 	@Test
diff --git a/crypto/src/test/java/org/springframework/security/crypto/factory/PasswordEncoderFactoriesTests.java b/crypto/src/test/java/org/springframework/security/crypto/factory/PasswordEncoderFactoriesTests.java
index 3df9d34563..7aff4acdd3 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/factory/PasswordEncoderFactoriesTests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/factory/PasswordEncoderFactoriesTests.java
@@ -17,6 +17,7 @@
 package org.springframework.security.crypto.factory;
 
 import org.junit.Test;
+
 import org.springframework.security.crypto.password.PasswordEncoder;
 
 import static org.assertj.core.api.Assertions.assertThat;
diff --git a/crypto/src/test/java/org/springframework/security/crypto/keygen/Base64StringKeyGeneratorTests.java b/crypto/src/test/java/org/springframework/security/crypto/keygen/Base64StringKeyGeneratorTests.java
index 026c4398b0..ca108238b1 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/keygen/Base64StringKeyGeneratorTests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/keygen/Base64StringKeyGeneratorTests.java
@@ -16,11 +16,11 @@
 
 package org.springframework.security.crypto.keygen;
 
-import org.junit.Test;
-
 import java.util.Base64;
 
-import static org.assertj.core.api.Assertions.*;
+import org.junit.Test;
+
+import static org.assertj.core.api.Assertions.assertThat;
 
 /**
  * @author Rob Winch
diff --git a/crypto/src/test/java/org/springframework/security/crypto/keygen/KeyGeneratorsTests.java b/crypto/src/test/java/org/springframework/security/crypto/keygen/KeyGeneratorsTests.java
index 665323fe2e..4fa1b5e502 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/keygen/KeyGeneratorsTests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/keygen/KeyGeneratorsTests.java
@@ -15,13 +15,14 @@
  */
 package org.springframework.security.crypto.keygen;
 
-import static org.assertj.core.api.Assertions.*;
-
 import java.util.Arrays;
 
 import org.junit.Test;
+
 import org.springframework.security.crypto.codec.Hex;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 public class KeyGeneratorsTests {
 
 	@Test
diff --git a/crypto/src/test/java/org/springframework/security/crypto/password/DelegatingPasswordEncoderTests.java b/crypto/src/test/java/org/springframework/security/crypto/password/DelegatingPasswordEncoderTests.java
index 5274531101..4a5499b3ca 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/password/DelegatingPasswordEncoderTests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/password/DelegatingPasswordEncoderTests.java
@@ -16,16 +16,16 @@
 
 package org.springframework.security.crypto.password;
 
+import java.util.HashMap;
+import java.util.Hashtable;
+import java.util.Map;
+
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
 
-import java.util.HashMap;
-import java.util.Hashtable;
-import java.util.Map;
-
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.mockito.ArgumentMatchers.any;
diff --git a/crypto/src/test/java/org/springframework/security/crypto/password/DigesterTests.java b/crypto/src/test/java/org/springframework/security/crypto/password/DigesterTests.java
index 1f270dc2d8..24c8a58d46 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/password/DigesterTests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/password/DigesterTests.java
@@ -15,12 +15,12 @@
  */
 package org.springframework.security.crypto.password;
 
-import static org.assertj.core.api.Assertions.assertThat;
-
 import org.junit.Test;
+
 import org.springframework.security.crypto.codec.Hex;
 import org.springframework.security.crypto.codec.Utf8;
-import org.springframework.security.crypto.password.Digester;
+
+import static org.assertj.core.api.Assertions.assertThat;
 
 public class DigesterTests {
 
diff --git a/crypto/src/test/java/org/springframework/security/crypto/password/LdapShaPasswordEncoderTests.java b/crypto/src/test/java/org/springframework/security/crypto/password/LdapShaPasswordEncoderTests.java
index 99b6021f0b..dfd72f22af 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/password/LdapShaPasswordEncoderTests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/password/LdapShaPasswordEncoderTests.java
@@ -17,6 +17,7 @@
 package org.springframework.security.crypto.password;
 
 import org.junit.Test;
+
 import org.springframework.security.crypto.keygen.KeyGenerators;
 
 import static org.assertj.core.api.Assertions.assertThat;
diff --git a/crypto/src/test/java/org/springframework/security/crypto/password/Md4PasswordEncoderTests.java b/crypto/src/test/java/org/springframework/security/crypto/password/Md4PasswordEncoderTests.java
index b3b4d2e09b..b36ac74940 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/password/Md4PasswordEncoderTests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/password/Md4PasswordEncoderTests.java
@@ -16,10 +16,10 @@
 
 package org.springframework.security.crypto.password;
 
-import static org.assertj.core.api.Assertions.assertThat;
-
 import org.junit.Test;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 @SuppressWarnings("deprecation")
 public class Md4PasswordEncoderTests {
 
diff --git a/crypto/src/test/java/org/springframework/security/crypto/password/StandardPasswordEncoderTests.java b/crypto/src/test/java/org/springframework/security/crypto/password/StandardPasswordEncoderTests.java
index ed9bc39a3d..c6b1a3a44a 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/password/StandardPasswordEncoderTests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/password/StandardPasswordEncoderTests.java
@@ -15,10 +15,10 @@
  */
 package org.springframework.security.crypto.password;
 
-import static org.assertj.core.api.Assertions.assertThat;
-
 import org.junit.Test;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 @SuppressWarnings("deprecation")
 public class StandardPasswordEncoderTests {
 
diff --git a/crypto/src/test/java/org/springframework/security/crypto/scrypt/SCryptPasswordEncoderTests.java b/crypto/src/test/java/org/springframework/security/crypto/scrypt/SCryptPasswordEncoderTests.java
index 0bbaea7f68..e33eb2a8e6 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/scrypt/SCryptPasswordEncoderTests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/scrypt/SCryptPasswordEncoderTests.java
@@ -15,10 +15,10 @@
  */
 package org.springframework.security.crypto.scrypt;
 
-import static org.assertj.core.api.Assertions.*;
-
 import org.junit.Test;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 /**
  * @author Shazin Sadakath
  *
diff --git a/crypto/src/test/java/org/springframework/security/crypto/util/EncodingUtilsTests.java b/crypto/src/test/java/org/springframework/security/crypto/util/EncodingUtilsTests.java
index d05f6231c5..2bf80a3e4b 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/util/EncodingUtilsTests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/util/EncodingUtilsTests.java
@@ -15,13 +15,14 @@
  */
 package org.springframework.security.crypto.util;
 
-import static org.assertj.core.api.Assertions.assertThat;
-
 import java.util.Arrays;
 
 import org.junit.Test;
+
 import org.springframework.security.crypto.codec.Hex;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 public class EncodingUtilsTests {
 
 	@Test
diff --git a/data/src/test/java/org/springframework/security/data/repository/query/SecurityEvaluationContextExtensionTests.java b/data/src/test/java/org/springframework/security/data/repository/query/SecurityEvaluationContextExtensionTests.java
index b5193f8396..6fc7ebc2d8 100644
--- a/data/src/test/java/org/springframework/security/data/repository/query/SecurityEvaluationContextExtensionTests.java
+++ b/data/src/test/java/org/springframework/security/data/repository/query/SecurityEvaluationContextExtensionTests.java
@@ -18,6 +18,7 @@ package org.springframework.security.data.repository.query;
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.security.access.expression.SecurityExpressionRoot;
 import org.springframework.security.authentication.TestingAuthenticationToken;
 import org.springframework.security.core.context.SecurityContextHolder;
diff --git a/etc/checkstyle/checkstyle-suppressions.xml b/etc/checkstyle/checkstyle-suppressions.xml
index b662b79441..370491d8e3 100644
--- a/etc/checkstyle/checkstyle-suppressions.xml
+++ b/etc/checkstyle/checkstyle-suppressions.xml
@@ -3,7 +3,6 @@
 		"-//Checkstyle//DTD SuppressionFilter Configuration 1.2//EN"
 		"https://checkstyle.org/dtds/suppressions_1_2.dtd">
 <suppressions>
-	<suppress files=".*" checks="AvoidStarImport" />
 	<suppress files=".*" checks="EmptyBlock" />
 	<suppress files=".*" checks="FinalClass" />
 	<suppress files=".*" checks="InnerAssignment" />
diff --git a/itest/context/src/integration-test/java/org/springframework/security/integration/HttpNamespaceWithMultipleInterceptorsTests.java b/itest/context/src/integration-test/java/org/springframework/security/integration/HttpNamespaceWithMultipleInterceptorsTests.java
index 14cc63380e..9d92e8152e 100644
--- a/itest/context/src/integration-test/java/org/springframework/security/integration/HttpNamespaceWithMultipleInterceptorsTests.java
+++ b/itest/context/src/integration-test/java/org/springframework/security/integration/HttpNamespaceWithMultipleInterceptorsTests.java
@@ -15,12 +15,11 @@
  */
 package org.springframework.security.integration;
 
-import static org.assertj.core.api.Assertions.*;
-
 import javax.servlet.http.HttpSession;
 
 import org.junit.Test;
 import org.junit.runner.RunWith;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.mock.web.MockFilterChain;
 import org.springframework.mock.web.MockHttpServletRequest;
@@ -33,6 +32,8 @@ import org.springframework.security.web.context.HttpSessionSecurityContextReposi
 import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 @ContextConfiguration(locations = { "/http-extra-fsi-app-context.xml" })
 @RunWith(SpringJUnit4ClassRunner.class)
 public class HttpNamespaceWithMultipleInterceptorsTests {
diff --git a/itest/context/src/integration-test/java/org/springframework/security/integration/HttpPathParameterStrippingTests.java b/itest/context/src/integration-test/java/org/springframework/security/integration/HttpPathParameterStrippingTests.java
index 40b13468cd..b4000951fa 100644
--- a/itest/context/src/integration-test/java/org/springframework/security/integration/HttpPathParameterStrippingTests.java
+++ b/itest/context/src/integration-test/java/org/springframework/security/integration/HttpPathParameterStrippingTests.java
@@ -15,10 +15,11 @@
  */
 package org.springframework.security.integration;
 
-import static org.assertj.core.api.Assertions.assertThat;
+import javax.servlet.http.HttpSession;
 
 import org.junit.Test;
 import org.junit.runner.RunWith;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.mock.web.MockFilterChain;
 import org.springframework.mock.web.MockHttpServletRequest;
@@ -32,7 +33,7 @@ import org.springframework.security.web.firewall.RequestRejectedException;
 import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 
-import javax.servlet.http.HttpSession;
+import static org.assertj.core.api.Assertions.assertThat;
 
 @ContextConfiguration(locations = { "/http-path-param-stripping-app-context.xml" })
 @RunWith(SpringJUnit4ClassRunner.class)
diff --git a/itest/context/src/integration-test/java/org/springframework/security/integration/MultiAnnotationTests.java b/itest/context/src/integration-test/java/org/springframework/security/integration/MultiAnnotationTests.java
index 0a21e9b59a..8098ea2a1a 100644
--- a/itest/context/src/integration-test/java/org/springframework/security/integration/MultiAnnotationTests.java
+++ b/itest/context/src/integration-test/java/org/springframework/security/integration/MultiAnnotationTests.java
@@ -19,6 +19,7 @@ import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.authentication.TestingAuthenticationToken;
diff --git a/itest/context/src/integration-test/java/org/springframework/security/integration/SEC933ApplicationContextTests.java b/itest/context/src/integration-test/java/org/springframework/security/integration/SEC933ApplicationContextTests.java
index ec32100369..212c2a9dd7 100644
--- a/itest/context/src/integration-test/java/org/springframework/security/integration/SEC933ApplicationContextTests.java
+++ b/itest/context/src/integration-test/java/org/springframework/security/integration/SEC933ApplicationContextTests.java
@@ -15,15 +15,16 @@
  */
 package org.springframework.security.integration;
 
-import static org.assertj.core.api.Assertions.*;
-
 import org.junit.Test;
 import org.junit.runner.RunWith;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 @ContextConfiguration(locations = { "/sec-933-app-context.xml" })
 @RunWith(SpringJUnit4ClassRunner.class)
 public class SEC933ApplicationContextTests {
diff --git a/itest/context/src/integration-test/java/org/springframework/security/integration/SEC936ApplicationContextTests.java b/itest/context/src/integration-test/java/org/springframework/security/integration/SEC936ApplicationContextTests.java
index 24272de1c7..919c9bf7da 100644
--- a/itest/context/src/integration-test/java/org/springframework/security/integration/SEC936ApplicationContextTests.java
+++ b/itest/context/src/integration-test/java/org/springframework/security/integration/SEC936ApplicationContextTests.java
@@ -17,6 +17,7 @@ package org.springframework.security.integration;
 
 import org.junit.Test;
 import org.junit.runner.RunWith;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
diff --git a/itest/context/src/integration-test/java/org/springframework/security/integration/python/PythonInterpreterBasedSecurityTests.java b/itest/context/src/integration-test/java/org/springframework/security/integration/python/PythonInterpreterBasedSecurityTests.java
index 44d7f19b25..033857235a 100644
--- a/itest/context/src/integration-test/java/org/springframework/security/integration/python/PythonInterpreterBasedSecurityTests.java
+++ b/itest/context/src/integration-test/java/org/springframework/security/integration/python/PythonInterpreterBasedSecurityTests.java
@@ -17,6 +17,7 @@ package org.springframework.security.integration.python;
 
 import org.junit.Test;
 import org.junit.runner.RunWith;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.context.SecurityContextHolder;
diff --git a/itest/context/src/integration-test/java/org/springframework/security/performance/FilterChainPerformanceTests.java b/itest/context/src/integration-test/java/org/springframework/security/performance/FilterChainPerformanceTests.java
index 406d2f2d52..8ed19818d3 100644
--- a/itest/context/src/integration-test/java/org/springframework/security/performance/FilterChainPerformanceTests.java
+++ b/itest/context/src/integration-test/java/org/springframework/security/performance/FilterChainPerformanceTests.java
@@ -15,8 +15,17 @@
  */
 package org.springframework.security.performance;
 
-import org.junit.*;
+import java.util.Arrays;
+import java.util.List;
+
+import javax.servlet.http.HttpSession;
+
+import org.junit.After;
+import org.junit.AfterClass;
+import org.junit.Before;
+import org.junit.Test;
 import org.junit.runner.RunWith;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.mock.web.MockFilterChain;
@@ -33,9 +42,6 @@ import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 import org.springframework.util.StopWatch;
 
-import javax.servlet.http.HttpSession;
-import java.util.*;
-
 /**
  * @author Luke Taylor
  * @since 2.0
diff --git a/itest/context/src/integration-test/java/org/springframework/security/performance/ProtectPointcutPerformanceTests.java b/itest/context/src/integration-test/java/org/springframework/security/performance/ProtectPointcutPerformanceTests.java
index 9cc283202f..a468fabb6d 100644
--- a/itest/context/src/integration-test/java/org/springframework/security/performance/ProtectPointcutPerformanceTests.java
+++ b/itest/context/src/integration-test/java/org/springframework/security/performance/ProtectPointcutPerformanceTests.java
@@ -15,11 +15,10 @@
  */
 package org.springframework.security.performance;
 
-import static org.assertj.core.api.Assertions.fail;
-
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
+
 import org.springframework.beans.BeansException;
 import org.springframework.context.ApplicationContext;
 import org.springframework.context.ApplicationContextAware;
@@ -30,6 +29,8 @@ import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 import org.springframework.util.StopWatch;
 
+import static org.assertj.core.api.Assertions.fail;
+
 /**
  * @author Luke Taylor
  */
diff --git a/itest/context/src/main/java/org/springframework/security/integration/python/PythonInterpreterPostInvocationAdvice.java b/itest/context/src/main/java/org/springframework/security/integration/python/PythonInterpreterPostInvocationAdvice.java
index 168a3f053b..21cda9c594 100644
--- a/itest/context/src/main/java/org/springframework/security/integration/python/PythonInterpreterPostInvocationAdvice.java
+++ b/itest/context/src/main/java/org/springframework/security/integration/python/PythonInterpreterPostInvocationAdvice.java
@@ -16,6 +16,7 @@
 package org.springframework.security.integration.python;
 
 import org.aopalliance.intercept.MethodInvocation;
+
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.access.prepost.PostInvocationAttribute;
 import org.springframework.security.access.prepost.PostInvocationAuthorizationAdvice;
diff --git a/itest/context/src/main/java/org/springframework/security/integration/python/PythonInterpreterPreInvocationAdvice.java b/itest/context/src/main/java/org/springframework/security/integration/python/PythonInterpreterPreInvocationAdvice.java
index 1ad4a6e78d..8ff1a27aa3 100644
--- a/itest/context/src/main/java/org/springframework/security/integration/python/PythonInterpreterPreInvocationAdvice.java
+++ b/itest/context/src/main/java/org/springframework/security/integration/python/PythonInterpreterPreInvocationAdvice.java
@@ -24,6 +24,7 @@ import org.aopalliance.intercept.MethodInvocation;
 import org.python.core.Py;
 import org.python.core.PyObject;
 import org.python.util.PythonInterpreter;
+
 import org.springframework.core.LocalVariableTableParameterNameDiscoverer;
 import org.springframework.core.ParameterNameDiscoverer;
 import org.springframework.core.io.Resource;
diff --git a/itest/context/src/main/java/org/springframework/security/integration/python/PythonInterpreterPrePostInvocationAttributeFactory.java b/itest/context/src/main/java/org/springframework/security/integration/python/PythonInterpreterPrePostInvocationAttributeFactory.java
index d1997e7726..2b6c4599cb 100644
--- a/itest/context/src/main/java/org/springframework/security/integration/python/PythonInterpreterPrePostInvocationAttributeFactory.java
+++ b/itest/context/src/main/java/org/springframework/security/integration/python/PythonInterpreterPrePostInvocationAttributeFactory.java
@@ -16,6 +16,7 @@
 package org.springframework.security.integration.python;
 
 import org.python.util.PythonInterpreter;
+
 import org.springframework.security.access.prepost.PostInvocationAttribute;
 import org.springframework.security.access.prepost.PreInvocationAttribute;
 import org.springframework.security.access.prepost.PrePostInvocationAttributeFactory;
diff --git a/itest/web/src/integration-test/java/org/springframework/security/integration/AbstractWebServerIntegrationTests.java b/itest/web/src/integration-test/java/org/springframework/security/integration/AbstractWebServerIntegrationTests.java
index f11648d9ee..3dcc4312c6 100644
--- a/itest/web/src/integration-test/java/org/springframework/security/integration/AbstractWebServerIntegrationTests.java
+++ b/itest/web/src/integration-test/java/org/springframework/security/integration/AbstractWebServerIntegrationTests.java
@@ -15,15 +15,16 @@
  */
 package org.springframework.security.integration;
 
-import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.springSecurity;
-
 import org.junit.After;
+
 import org.springframework.context.ConfigurableApplicationContext;
 import org.springframework.mock.web.MockServletContext;
 import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.test.web.servlet.setup.MockMvcBuilders;
 import org.springframework.web.context.support.XmlWebApplicationContext;
 
+import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.springSecurity;
+
 /**
  * Base class which allows the application to be started with a particular Spring
  * application context. Subclasses override the <tt>getContextConfigLocations</tt> method
diff --git a/ldap/src/integration-test/java/org/springframework/security/ldap/DefaultSpringSecurityContextSourceTests.java b/ldap/src/integration-test/java/org/springframework/security/ldap/DefaultSpringSecurityContextSourceTests.java
index e993a200fe..7465a78637 100644
--- a/ldap/src/integration-test/java/org/springframework/security/ldap/DefaultSpringSecurityContextSourceTests.java
+++ b/ldap/src/integration-test/java/org/springframework/security/ldap/DefaultSpringSecurityContextSourceTests.java
@@ -15,8 +15,6 @@
  */
 package org.springframework.security.ldap;
 
-import static org.assertj.core.api.Assertions.*;
-
 import java.util.ArrayList;
 import java.util.Hashtable;
 import java.util.List;
@@ -32,6 +30,8 @@ import org.springframework.ldap.core.support.AbstractContextSource;
 import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.junit4.SpringRunner;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 /**
  * @author Luke Taylor
  * @author Eddú Meléndez
diff --git a/ldap/src/integration-test/java/org/springframework/security/ldap/SpringSecurityLdapTemplateITests.java b/ldap/src/integration-test/java/org/springframework/security/ldap/SpringSecurityLdapTemplateITests.java
index c68fc51bc5..064505ac36 100644
--- a/ldap/src/integration-test/java/org/springframework/security/ldap/SpringSecurityLdapTemplateITests.java
+++ b/ldap/src/integration-test/java/org/springframework/security/ldap/SpringSecurityLdapTemplateITests.java
@@ -16,8 +16,6 @@
 
 package org.springframework.security.ldap;
 
-import static org.assertj.core.api.Assertions.*;
-
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
@@ -28,7 +26,8 @@ import javax.naming.directory.DirContext;
 import javax.naming.directory.SearchControls;
 import javax.naming.directory.SearchResult;
 
-import org.junit.*;
+import org.junit.Before;
+import org.junit.Test;
 import org.junit.runner.RunWith;
 
 import org.springframework.beans.factory.annotation.Autowired;
@@ -38,6 +37,9 @@ import org.springframework.security.crypto.codec.Utf8;
 import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.junit4.SpringRunner;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.fail;
+
 /**
  * @author Luke Taylor
  * @author Eddú Meléndez
diff --git a/ldap/src/integration-test/java/org/springframework/security/ldap/authentication/PasswordComparisonAuthenticatorTests.java b/ldap/src/integration-test/java/org/springframework/security/ldap/authentication/PasswordComparisonAuthenticatorTests.java
index 0e11271e20..24fac9f207 100644
--- a/ldap/src/integration-test/java/org/springframework/security/ldap/authentication/PasswordComparisonAuthenticatorTests.java
+++ b/ldap/src/integration-test/java/org/springframework/security/ldap/authentication/PasswordComparisonAuthenticatorTests.java
@@ -16,10 +16,13 @@
 
 package org.springframework.security.ldap.authentication;
 
-import org.junit.*;
+import org.junit.Before;
+import org.junit.Test;
 import org.junit.runner.RunWith;
 
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.ldap.core.DirContextAdapter;
+import org.springframework.ldap.core.DistinguishedName;
 import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
@@ -27,15 +30,13 @@ import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.security.crypto.keygen.KeyGenerators;
 import org.springframework.security.crypto.password.LdapShaPasswordEncoder;
 import org.springframework.security.crypto.password.NoOpPasswordEncoder;
-
-import org.springframework.ldap.core.DirContextAdapter;
-import org.springframework.ldap.core.DistinguishedName;
 import org.springframework.security.ldap.ApacheDsContainerConfig;
 import org.springframework.security.ldap.DefaultSpringSecurityContextSource;
 import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.junit4.SpringRunner;
 
-import static org.assertj.core.api.Assertions.*;
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.fail;
 
 /**
  * Tests for {@link PasswordComparisonAuthenticator}.
diff --git a/ldap/src/integration-test/java/org/springframework/security/ldap/search/FilterBasedLdapUserSearchTests.java b/ldap/src/integration-test/java/org/springframework/security/ldap/search/FilterBasedLdapUserSearchTests.java
index 8483981bde..517a4f67cf 100644
--- a/ldap/src/integration-test/java/org/springframework/security/ldap/search/FilterBasedLdapUserSearchTests.java
+++ b/ldap/src/integration-test/java/org/springframework/security/ldap/search/FilterBasedLdapUserSearchTests.java
@@ -16,8 +16,6 @@
 
 package org.springframework.security.ldap.search;
 
-import static org.assertj.core.api.Assertions.assertThat;
-
 import javax.naming.ldap.LdapName;
 
 import org.junit.Test;
@@ -32,6 +30,8 @@ import org.springframework.security.ldap.DefaultSpringSecurityContextSource;
 import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.junit4.SpringRunner;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 /**
  * Tests for FilterBasedLdapUserSearch.
  *
diff --git a/ldap/src/integration-test/java/org/springframework/security/ldap/server/ApacheDSContainerTests.java b/ldap/src/integration-test/java/org/springframework/security/ldap/server/ApacheDSContainerTests.java
index da2976563f..49d647ac47 100644
--- a/ldap/src/integration-test/java/org/springframework/security/ldap/server/ApacheDSContainerTests.java
+++ b/ldap/src/integration-test/java/org/springframework/security/ldap/server/ApacheDSContainerTests.java
@@ -16,9 +16,6 @@
 
 package org.springframework.security.ldap.server;
 
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.fail;
-
 import java.io.File;
 import java.io.FileOutputStream;
 import java.io.IOException;
@@ -30,9 +27,13 @@ import java.util.List;
 import org.junit.Rule;
 import org.junit.Test;
 import org.junit.rules.TemporaryFolder;
+
 import org.springframework.core.io.ClassPathResource;
 import org.springframework.util.FileCopyUtils;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.fail;
+
 /**
  * Useful for debugging the container by itself.
  *
diff --git a/ldap/src/integration-test/java/org/springframework/security/ldap/server/UnboundIdContainerLdifTests.java b/ldap/src/integration-test/java/org/springframework/security/ldap/server/UnboundIdContainerLdifTests.java
index 5956506982..884351baa7 100644
--- a/ldap/src/integration-test/java/org/springframework/security/ldap/server/UnboundIdContainerLdifTests.java
+++ b/ldap/src/integration-test/java/org/springframework/security/ldap/server/UnboundIdContainerLdifTests.java
@@ -15,8 +15,11 @@
  */
 package org.springframework.security.ldap.server;
 
+import javax.annotation.PreDestroy;
+
 import org.junit.After;
 import org.junit.Test;
+
 import org.springframework.context.annotation.AnnotationConfigApplicationContext;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -24,8 +27,6 @@ import org.springframework.ldap.core.ContextSource;
 import org.springframework.security.ldap.DefaultSpringSecurityContextSource;
 import org.springframework.security.ldap.SpringSecurityLdapTemplate;
 
-import javax.annotation.PreDestroy;
-
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.failBecauseExceptionWasNotThrown;
 
diff --git a/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/DefaultLdapAuthoritiesPopulatorTests.java b/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/DefaultLdapAuthoritiesPopulatorTests.java
index fe8f635ad8..5e0ab55d66 100644
--- a/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/DefaultLdapAuthoritiesPopulatorTests.java
+++ b/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/DefaultLdapAuthoritiesPopulatorTests.java
@@ -16,14 +16,14 @@
 
 package org.springframework.security.ldap.userdetails;
 
-import static org.assertj.core.api.Assertions.*;
-
 import java.util.Collection;
 import java.util.HashSet;
 import java.util.Set;
 
-import org.junit.*;
+import org.junit.Before;
+import org.junit.Test;
 import org.junit.runner.RunWith;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.ldap.core.ContextSource;
 import org.springframework.ldap.core.DirContextAdapter;
@@ -36,6 +36,8 @@ import org.springframework.security.ldap.SpringSecurityLdapTemplate;
 import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.junit4.SpringRunner;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 /**
  * @author Luke Taylor
  * @author Eddú Meléndez
diff --git a/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsManagerTests.java b/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsManagerTests.java
index af95a939c0..20bddda27d 100644
--- a/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsManagerTests.java
+++ b/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsManagerTests.java
@@ -16,9 +16,6 @@
 
 package org.springframework.security.ldap.userdetails;
 
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.fail;
-
 import java.util.List;
 
 import org.junit.After;
@@ -41,6 +38,9 @@ import org.springframework.security.ldap.SpringSecurityLdapTemplate;
 import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.junit4.SpringRunner;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.fail;
+
 /**
  * @author Luke Taylor
  * @author Eddú Meléndez
diff --git a/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/NestedLdapAuthoritiesPopulatorTests.java b/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/NestedLdapAuthoritiesPopulatorTests.java
index 04aeb47b39..a1142aebb0 100644
--- a/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/NestedLdapAuthoritiesPopulatorTests.java
+++ b/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/NestedLdapAuthoritiesPopulatorTests.java
@@ -15,6 +15,10 @@
  */
 package org.springframework.security.ldap.userdetails;
 
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.HashSet;
+
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
@@ -27,11 +31,7 @@ import org.springframework.security.ldap.ApacheDsContainerConfig;
 import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.junit4.SpringRunner;
 
-import java.util.Arrays;
-import java.util.Collection;
-import java.util.HashSet;
-
-import static org.assertj.core.api.Assertions.*;
+import static org.assertj.core.api.Assertions.assertThat;
 
 /**
  * @author Filip Hanik
diff --git a/ldap/src/main/java/org/springframework/security/ldap/LdapUtils.java b/ldap/src/main/java/org/springframework/security/ldap/LdapUtils.java
index 3568bf4fe9..0f24974075 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/LdapUtils.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/LdapUtils.java
@@ -16,19 +16,20 @@
 
 package org.springframework.security.ldap;
 
-import org.springframework.ldap.core.DirContextAdapter;
-import org.springframework.ldap.core.DistinguishedName;
-import org.springframework.security.crypto.codec.Utf8;
-import org.springframework.util.Assert;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
+import java.net.URI;
+import java.net.URISyntaxException;
 
 import javax.naming.Context;
 import javax.naming.NamingEnumeration;
 import javax.naming.NamingException;
-import java.net.URI;
-import java.net.URISyntaxException;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import org.springframework.ldap.core.DirContextAdapter;
+import org.springframework.ldap.core.DistinguishedName;
+import org.springframework.security.crypto.codec.Utf8;
+import org.springframework.util.Assert;
 
 /**
  * LDAP Utility methods.
diff --git a/ldap/src/main/java/org/springframework/security/ldap/SpringSecurityLdapTemplate.java b/ldap/src/main/java/org/springframework/security/ldap/SpringSecurityLdapTemplate.java
index d0ca97112b..a363e2a137 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/SpringSecurityLdapTemplate.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/SpringSecurityLdapTemplate.java
@@ -15,17 +15,14 @@
  */
 package org.springframework.security.ldap;
 
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.springframework.dao.IncorrectResultSizeDataAccessException;
-import org.springframework.ldap.core.ContextExecutor;
-import org.springframework.ldap.core.ContextMapper;
-import org.springframework.ldap.core.ContextSource;
-import org.springframework.ldap.core.DirContextAdapter;
-import org.springframework.ldap.core.DirContextOperations;
-import org.springframework.ldap.core.DistinguishedName;
-import org.springframework.ldap.core.LdapTemplate;
-import org.springframework.util.Assert;
+import java.text.MessageFormat;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
 
 import javax.naming.NamingEnumeration;
 import javax.naming.NamingException;
@@ -35,14 +32,19 @@ import javax.naming.directory.Attributes;
 import javax.naming.directory.DirContext;
 import javax.naming.directory.SearchControls;
 import javax.naming.directory.SearchResult;
-import java.text.MessageFormat;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import org.springframework.dao.IncorrectResultSizeDataAccessException;
+import org.springframework.ldap.core.ContextExecutor;
+import org.springframework.ldap.core.ContextMapper;
+import org.springframework.ldap.core.ContextSource;
+import org.springframework.ldap.core.DirContextAdapter;
+import org.springframework.ldap.core.DirContextOperations;
+import org.springframework.ldap.core.DistinguishedName;
+import org.springframework.ldap.core.LdapTemplate;
+import org.springframework.util.Assert;
 
 /**
  * Extension of Spring LDAP's LdapTemplate class which adds extra functionality required
diff --git a/ldap/src/main/java/org/springframework/security/ldap/authentication/AbstractLdapAuthenticator.java b/ldap/src/main/java/org/springframework/security/ldap/authentication/AbstractLdapAuthenticator.java
index 599f5d04b1..db1522e7c5 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/authentication/AbstractLdapAuthenticator.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/authentication/AbstractLdapAuthenticator.java
@@ -16,20 +16,20 @@
 
 package org.springframework.security.ldap.authentication;
 
-import org.springframework.security.core.SpringSecurityMessageSource;
-import org.springframework.security.ldap.search.LdapUserSearch;
+import java.text.MessageFormat;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.context.MessageSource;
 import org.springframework.context.MessageSourceAware;
 import org.springframework.context.support.MessageSourceAccessor;
 import org.springframework.ldap.core.ContextSource;
+import org.springframework.security.core.SpringSecurityMessageSource;
+import org.springframework.security.ldap.search.LdapUserSearch;
 import org.springframework.util.Assert;
 
-import java.text.MessageFormat;
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.List;
-
 /**
  * Base class for the authenticator implementations.
  *
diff --git a/ldap/src/main/java/org/springframework/security/ldap/authentication/BindAuthenticator.java b/ldap/src/main/java/org/springframework/security/ldap/authentication/BindAuthenticator.java
index 145456bc47..06a8ce1b1e 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/authentication/BindAuthenticator.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/authentication/BindAuthenticator.java
@@ -16,8 +16,12 @@
 
 package org.springframework.security.ldap.authentication;
 
+import javax.naming.directory.Attributes;
+import javax.naming.directory.DirContext;
+
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+
 import org.springframework.ldap.NamingException;
 import org.springframework.ldap.core.DirContextAdapter;
 import org.springframework.ldap.core.DirContextOperations;
@@ -32,9 +36,6 @@ import org.springframework.security.ldap.ppolicy.PasswordPolicyControlExtractor;
 import org.springframework.util.Assert;
 import org.springframework.util.StringUtils;
 
-import javax.naming.directory.Attributes;
-import javax.naming.directory.DirContext;
-
 /**
  * An authenticator which binds as a user.
  *
diff --git a/ldap/src/main/java/org/springframework/security/ldap/authentication/LdapAuthenticator.java b/ldap/src/main/java/org/springframework/security/ldap/authentication/LdapAuthenticator.java
index e1d2d9b391..f1492aa34b 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/authentication/LdapAuthenticator.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/authentication/LdapAuthenticator.java
@@ -16,8 +16,8 @@
 
 package org.springframework.security.ldap.authentication;
 
-import org.springframework.security.core.Authentication;
 import org.springframework.ldap.core.DirContextOperations;
+import org.springframework.security.core.Authentication;
 
 /**
  * The strategy interface for locating and authenticating an Ldap user.
diff --git a/ldap/src/main/java/org/springframework/security/ldap/authentication/PasswordComparisonAuthenticator.java b/ldap/src/main/java/org/springframework/security/ldap/authentication/PasswordComparisonAuthenticator.java
index 147d1b9ab3..db72e51ed7 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/authentication/PasswordComparisonAuthenticator.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/authentication/PasswordComparisonAuthenticator.java
@@ -18,6 +18,7 @@ package org.springframework.security.ldap.authentication;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+
 import org.springframework.ldap.NameNotFoundException;
 import org.springframework.ldap.core.DirContextOperations;
 import org.springframework.ldap.core.support.BaseLdapPathContextSource;
diff --git a/ldap/src/main/java/org/springframework/security/ldap/authentication/SpringSecurityAuthenticationSource.java b/ldap/src/main/java/org/springframework/security/ldap/authentication/SpringSecurityAuthenticationSource.java
index 164b032fcc..08e6a5f297 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/authentication/SpringSecurityAuthenticationSource.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/authentication/SpringSecurityAuthenticationSource.java
@@ -15,14 +15,14 @@
  */
 package org.springframework.security.ldap.authentication;
 
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import org.springframework.ldap.core.AuthenticationSource;
 import org.springframework.security.authentication.AnonymousAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.ldap.userdetails.LdapUserDetails;
-import org.springframework.ldap.core.AuthenticationSource;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
 
 /**
  * An AuthenticationSource to retrieve authentication information stored in Spring
diff --git a/ldap/src/main/java/org/springframework/security/ldap/authentication/UserDetailsServiceLdapAuthoritiesPopulator.java b/ldap/src/main/java/org/springframework/security/ldap/authentication/UserDetailsServiceLdapAuthoritiesPopulator.java
index d845eaafb0..80999875b6 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/authentication/UserDetailsServiceLdapAuthoritiesPopulator.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/authentication/UserDetailsServiceLdapAuthoritiesPopulator.java
@@ -17,10 +17,10 @@ package org.springframework.security.ldap.authentication;
 
 import java.util.Collection;
 
+import org.springframework.ldap.core.DirContextOperations;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator;
-import org.springframework.ldap.core.DirContextOperations;
 import org.springframework.util.Assert;
 
 /**
diff --git a/ldap/src/main/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProvider.java b/ldap/src/main/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProvider.java
index 241ebcde4b..56cd883979 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProvider.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProvider.java
@@ -15,6 +15,24 @@
  */
 package org.springframework.security.ldap.authentication.ad;
 
+import java.io.Serializable;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.HashMap;
+import java.util.Hashtable;
+import java.util.Map;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+import javax.naming.AuthenticationException;
+import javax.naming.Context;
+import javax.naming.NamingException;
+import javax.naming.OperationNotSupportedException;
+import javax.naming.directory.DirContext;
+import javax.naming.directory.SearchControls;
+import javax.naming.ldap.InitialLdapContext;
+
 import org.springframework.dao.IncorrectResultSizeDataAccessException;
 import org.springframework.ldap.CommunicationException;
 import org.springframework.ldap.core.DirContextOperations;
@@ -37,18 +55,6 @@ import org.springframework.security.ldap.authentication.AbstractLdapAuthenticati
 import org.springframework.util.Assert;
 import org.springframework.util.StringUtils;
 
-import javax.naming.AuthenticationException;
-import javax.naming.Context;
-import javax.naming.NamingException;
-import javax.naming.OperationNotSupportedException;
-import javax.naming.directory.DirContext;
-import javax.naming.directory.SearchControls;
-import javax.naming.ldap.InitialLdapContext;
-import java.io.Serializable;
-import java.util.*;
-import java.util.regex.Matcher;
-import java.util.regex.Pattern;
-
 /**
  * Specialized LDAP authentication provider which uses Active Directory configuration
  * conventions.
diff --git a/ldap/src/main/java/org/springframework/security/ldap/search/FilterBasedLdapUserSearch.java b/ldap/src/main/java/org/springframework/security/ldap/search/FilterBasedLdapUserSearch.java
index f10bd4d8f0..7eecc6de77 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/search/FilterBasedLdapUserSearch.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/search/FilterBasedLdapUserSearch.java
@@ -16,21 +16,18 @@
 
 package org.springframework.security.ldap.search;
 
-import org.springframework.security.core.userdetails.UsernameNotFoundException;
-import org.springframework.security.ldap.SpringSecurityLdapTemplate;
+import javax.naming.directory.SearchControls;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
 import org.springframework.dao.IncorrectResultSizeDataAccessException;
-
-import org.springframework.util.Assert;
-
 import org.springframework.ldap.core.ContextSource;
 import org.springframework.ldap.core.DirContextOperations;
 import org.springframework.ldap.core.support.BaseLdapPathContextSource;
-
-import javax.naming.directory.SearchControls;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.security.ldap.SpringSecurityLdapTemplate;
+import org.springframework.util.Assert;
 
 /**
  * LdapUserSearch implementation which uses an Ldap filter to locate the user.
diff --git a/ldap/src/main/java/org/springframework/security/ldap/server/ApacheDSContainer.java b/ldap/src/main/java/org/springframework/security/ldap/server/ApacheDSContainer.java
index 7b5401da77..2424e98d51 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/server/ApacheDSContainer.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/server/ApacheDSContainer.java
@@ -15,14 +15,13 @@
  */
 package org.springframework.security.ldap.server;
 
+import java.io.File;
+import java.io.IOException;
 import java.net.InetSocketAddress;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.List;
 
-import java.io.File;
-import java.io.IOException;
-
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.apache.directory.server.core.DefaultDirectoryService;
@@ -41,6 +40,7 @@ import org.apache.directory.server.protocol.shared.transport.TcpTransport;
 import org.apache.directory.shared.ldap.exception.LdapNameNotFoundException;
 import org.apache.directory.shared.ldap.name.LdapDN;
 import org.apache.mina.transport.socket.SocketAcceptor;
+
 import org.springframework.beans.BeansException;
 import org.springframework.beans.factory.DisposableBean;
 import org.springframework.beans.factory.InitializingBean;
diff --git a/ldap/src/main/java/org/springframework/security/ldap/userdetails/DefaultLdapAuthoritiesPopulator.java b/ldap/src/main/java/org/springframework/security/ldap/userdetails/DefaultLdapAuthoritiesPopulator.java
index 0820351a28..f53807f665 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/userdetails/DefaultLdapAuthoritiesPopulator.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/userdetails/DefaultLdapAuthoritiesPopulator.java
@@ -28,6 +28,7 @@ import javax.naming.directory.SearchControls;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+
 import org.springframework.ldap.core.ContextSource;
 import org.springframework.ldap.core.DirContextOperations;
 import org.springframework.ldap.core.LdapTemplate;
diff --git a/ldap/src/main/java/org/springframework/security/ldap/userdetails/InetOrgPersonContextMapper.java b/ldap/src/main/java/org/springframework/security/ldap/userdetails/InetOrgPersonContextMapper.java
index e3bc69af94..3d11bf884a 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/userdetails/InetOrgPersonContextMapper.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/userdetails/InetOrgPersonContextMapper.java
@@ -17,10 +17,10 @@ package org.springframework.security.ldap.userdetails;
 
 import java.util.Collection;
 
+import org.springframework.ldap.core.DirContextAdapter;
+import org.springframework.ldap.core.DirContextOperations;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.userdetails.UserDetails;
-import org.springframework.ldap.core.DirContextOperations;
-import org.springframework.ldap.core.DirContextAdapter;
 import org.springframework.util.Assert;
 
 /**
diff --git a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapAuthoritiesPopulator.java b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapAuthoritiesPopulator.java
index aad3425419..629c177ba3 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapAuthoritiesPopulator.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapAuthoritiesPopulator.java
@@ -18,9 +18,8 @@ package org.springframework.security.ldap.userdetails;
 
 import java.util.Collection;
 
-import org.springframework.security.core.GrantedAuthority;
-
 import org.springframework.ldap.core.DirContextOperations;
+import org.springframework.security.core.GrantedAuthority;
 
 /**
  * Obtains a list of granted authorities for an Ldap user.
diff --git a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapAuthority.java b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapAuthority.java
index dc8c80a0ff..fba5560f2d 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapAuthority.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapAuthority.java
@@ -15,13 +15,13 @@
  */
 package org.springframework.security.ldap.userdetails;
 
-import org.springframework.security.core.GrantedAuthority;
-import org.springframework.util.Assert;
-
 import java.util.Collections;
 import java.util.List;
 import java.util.Map;
 
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.util.Assert;
+
 /**
  * An authority that contains at least a DN and a role name for an LDAP entry but can also
  * contain other desired attributes to be fetched during an LDAP authority search.
diff --git a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsManager.java b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsManager.java
index 37d4078219..45a25cbe9d 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsManager.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsManager.java
@@ -22,6 +22,7 @@ import java.util.Collection;
 import java.util.LinkedList;
 import java.util.List;
 import java.util.ListIterator;
+
 import javax.naming.Context;
 import javax.naming.NameNotFoundException;
 import javax.naming.NamingEnumeration;
diff --git a/ldap/src/main/java/org/springframework/security/ldap/userdetails/Person.java b/ldap/src/main/java/org/springframework/security/ldap/userdetails/Person.java
index d8726e16ea..36b5d6fef2 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/userdetails/Person.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/userdetails/Person.java
@@ -15,17 +15,15 @@
  */
 package org.springframework.security.ldap.userdetails;
 
-import org.springframework.security.core.SpringSecurityCoreVersion;
-import org.springframework.util.Assert;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
 
 import org.springframework.ldap.core.DirContextAdapter;
 import org.springframework.ldap.core.DirContextOperations;
-
+import org.springframework.security.core.SpringSecurityCoreVersion;
 import org.springframework.security.ldap.LdapUtils;
-
-import java.util.List;
-import java.util.ArrayList;
-import java.util.Arrays;
+import org.springframework.util.Assert;
 
 /**
  * UserDetails implementation whose properties are based on the LDAP schema for
diff --git a/ldap/src/main/java/org/springframework/security/ldap/userdetails/PersonContextMapper.java b/ldap/src/main/java/org/springframework/security/ldap/userdetails/PersonContextMapper.java
index 288d34af9b..bc4e6438b3 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/userdetails/PersonContextMapper.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/userdetails/PersonContextMapper.java
@@ -17,10 +17,10 @@ package org.springframework.security.ldap.userdetails;
 
 import java.util.Collection;
 
+import org.springframework.ldap.core.DirContextAdapter;
+import org.springframework.ldap.core.DirContextOperations;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.userdetails.UserDetails;
-import org.springframework.ldap.core.DirContextOperations;
-import org.springframework.ldap.core.DirContextAdapter;
 import org.springframework.util.Assert;
 
 /**
diff --git a/ldap/src/main/java/org/springframework/security/ldap/userdetails/UserDetailsContextMapper.java b/ldap/src/main/java/org/springframework/security/ldap/userdetails/UserDetailsContextMapper.java
index 81632818a1..d9d0aaadf2 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/userdetails/UserDetailsContextMapper.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/userdetails/UserDetailsContextMapper.java
@@ -17,10 +17,10 @@ package org.springframework.security.ldap.userdetails;
 
 import java.util.Collection;
 
+import org.springframework.ldap.core.DirContextAdapter;
+import org.springframework.ldap.core.DirContextOperations;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.userdetails.UserDetails;
-import org.springframework.ldap.core.DirContextOperations;
-import org.springframework.ldap.core.DirContextAdapter;
 
 /**
  * Operations to map a UserDetails object to and from a Spring LDAP
diff --git a/ldap/src/test/java/org/springframework/security/ldap/LdapUtilsTests.java b/ldap/src/test/java/org/springframework/security/ldap/LdapUtilsTests.java
index e6ae41692e..69f8ff8c68 100644
--- a/ldap/src/test/java/org/springframework/security/ldap/LdapUtilsTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/LdapUtilsTests.java
@@ -16,14 +16,16 @@
 
 package org.springframework.security.ldap;
 
-import static org.assertj.core.api.Assertions.*;
-import static org.mockito.Mockito.*;
-
 import javax.naming.NamingException;
 import javax.naming.directory.DirContext;
 
 import org.junit.Test;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.Mockito.doThrow;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
 /**
  * Tests {@link LdapUtils}
  *
diff --git a/ldap/src/test/java/org/springframework/security/ldap/SpringSecurityAuthenticationSourceTests.java b/ldap/src/test/java/org/springframework/security/ldap/SpringSecurityAuthenticationSourceTests.java
index e90379289e..b0749df09b 100644
--- a/ldap/src/test/java/org/springframework/security/ldap/SpringSecurityAuthenticationSourceTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/SpringSecurityAuthenticationSourceTests.java
@@ -15,19 +15,20 @@
  */
 package org.springframework.security.ldap;
 
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+
+import org.springframework.ldap.core.AuthenticationSource;
+import org.springframework.ldap.core.DistinguishedName;
 import org.springframework.security.authentication.AnonymousAuthenticationToken;
 import org.springframework.security.authentication.TestingAuthenticationToken;
 import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.ldap.authentication.SpringSecurityAuthenticationSource;
 import org.springframework.security.ldap.userdetails.LdapUserDetailsImpl;
-import org.springframework.ldap.core.AuthenticationSource;
-import org.springframework.ldap.core.DistinguishedName;
 
-import org.junit.After;
 import static org.assertj.core.api.Assertions.assertThat;
-import org.junit.Before;
-import org.junit.Test;
 
 /**
  * @author Luke Taylor
diff --git a/ldap/src/test/java/org/springframework/security/ldap/SpringSecurityLdapTemplateTests.java b/ldap/src/test/java/org/springframework/security/ldap/SpringSecurityLdapTemplateTests.java
index 45afb11dd8..06f9bd79e7 100644
--- a/ldap/src/test/java/org/springframework/security/ldap/SpringSecurityLdapTemplateTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/SpringSecurityLdapTemplateTests.java
@@ -15,9 +15,6 @@
  */
 package org.springframework.security.ldap;
 
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.Mockito.*;
-
 import javax.naming.NamingEnumeration;
 import javax.naming.directory.DirContext;
 import javax.naming.directory.SearchControls;
@@ -29,9 +26,16 @@ import org.mockito.ArgumentCaptor;
 import org.mockito.Captor;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
+
 import org.springframework.ldap.core.DirContextAdapter;
 import org.springframework.ldap.core.DistinguishedName;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
 @RunWith(MockitoJUnitRunner.class)
 public class SpringSecurityLdapTemplateTests {
 
diff --git a/ldap/src/test/java/org/springframework/security/ldap/authentication/LdapAuthenticationProviderTests.java b/ldap/src/test/java/org/springframework/security/ldap/authentication/LdapAuthenticationProviderTests.java
index dac158ac86..0518c1ba00 100644
--- a/ldap/src/test/java/org/springframework/security/ldap/authentication/LdapAuthenticationProviderTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/authentication/LdapAuthenticationProviderTests.java
@@ -16,12 +16,10 @@
 
 package org.springframework.security.ldap.authentication;
 
-import static org.assertj.core.api.Assertions.*;
-import static org.mockito.Mockito.*;
-
-import java.util.*;
+import java.util.Collection;
 
 import org.junit.Test;
+
 import org.springframework.ldap.CommunicationException;
 import org.springframework.ldap.core.DirContextAdapter;
 import org.springframework.ldap.core.DirContextOperations;
@@ -37,6 +35,11 @@ import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator;
 import org.springframework.security.ldap.userdetails.LdapUserDetailsMapper;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.fail;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
 /**
  * Tests {@link LdapAuthenticationProvider}.
  *
diff --git a/ldap/src/test/java/org/springframework/security/ldap/authentication/MockUserSearch.java b/ldap/src/test/java/org/springframework/security/ldap/authentication/MockUserSearch.java
index ee772012f5..8a147d39de 100644
--- a/ldap/src/test/java/org/springframework/security/ldap/authentication/MockUserSearch.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/authentication/MockUserSearch.java
@@ -16,9 +16,8 @@
 
 package org.springframework.security.ldap.authentication;
 
-import org.springframework.security.ldap.search.LdapUserSearch;
-
 import org.springframework.ldap.core.DirContextOperations;
+import org.springframework.security.ldap.search.LdapUserSearch;
 
 /**
  * @author Luke Taylor
diff --git a/ldap/src/test/java/org/springframework/security/ldap/authentication/PasswordComparisonAuthenticatorMockTests.java b/ldap/src/test/java/org/springframework/security/ldap/authentication/PasswordComparisonAuthenticatorMockTests.java
index f292edaf7a..e81d8f5db8 100644
--- a/ldap/src/test/java/org/springframework/security/ldap/authentication/PasswordComparisonAuthenticatorMockTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/authentication/PasswordComparisonAuthenticatorMockTests.java
@@ -16,8 +16,6 @@
 
 package org.springframework.security.ldap.authentication;
 
-import static org.mockito.Mockito.*;
-
 import javax.naming.NamingEnumeration;
 import javax.naming.directory.BasicAttribute;
 import javax.naming.directory.BasicAttributes;
@@ -25,9 +23,15 @@ import javax.naming.directory.DirContext;
 import javax.naming.directory.SearchControls;
 
 import org.junit.Test;
+
 import org.springframework.ldap.core.support.BaseLdapPathContextSource;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
 /**
  * @author Luke Taylor
  */
diff --git a/ldap/src/test/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProviderTests.java b/ldap/src/test/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProviderTests.java
index cfcd2a18e3..539256359b 100644
--- a/ldap/src/test/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProviderTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProviderTests.java
@@ -17,6 +17,7 @@ package org.springframework.security.ldap.authentication.ad;
 
 import java.util.Collections;
 import java.util.Hashtable;
+
 import javax.naming.AuthenticationException;
 import javax.naming.CommunicationException;
 import javax.naming.Name;
@@ -49,15 +50,15 @@ import org.springframework.security.authentication.InternalAuthenticationService
 import org.springframework.security.authentication.LockedException;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
+import org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider.ContextFactory;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.fail;
-import static org.mockito.Mockito.any;
-import static org.mockito.Mockito.eq;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.when;
-import static org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider.ContextFactory;
 
 /**
  * @author Luke Taylor
diff --git a/ldap/src/test/java/org/springframework/security/ldap/ppolicy/PasswordPolicyAwareContextSourceTests.java b/ldap/src/test/java/org/springframework/security/ldap/ppolicy/PasswordPolicyAwareContextSourceTests.java
index c90ab5f98f..f9e2f8ab3e 100644
--- a/ldap/src/test/java/org/springframework/security/ldap/ppolicy/PasswordPolicyAwareContextSourceTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/ppolicy/PasswordPolicyAwareContextSourceTests.java
@@ -15,18 +15,25 @@
  */
 package org.springframework.security.ldap.ppolicy;
 
-import static org.assertj.core.api.Assertions.*;
-import static org.mockito.Mockito.*;
-
-import org.junit.*;
-import org.springframework.ldap.UncategorizedLdapException;
+import java.util.Hashtable;
 
 import javax.naming.Context;
 import javax.naming.NamingException;
 import javax.naming.directory.DirContext;
 import javax.naming.ldap.Control;
 import javax.naming.ldap.LdapContext;
-import java.util.*;
+
+import org.junit.Before;
+import org.junit.Test;
+
+import org.springframework.ldap.UncategorizedLdapException;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.doThrow;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.reset;
+import static org.mockito.Mockito.when;
 
 /**
  * @author Luke Taylor
diff --git a/ldap/src/test/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControlFactoryTests.java b/ldap/src/test/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControlFactoryTests.java
index e8a687fa52..41ff2a17f7 100644
--- a/ldap/src/test/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControlFactoryTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControlFactoryTests.java
@@ -15,13 +15,14 @@
  */
 package org.springframework.security.ldap.ppolicy;
 
-import static org.assertj.core.api.Assertions.*;
-import static org.mockito.Mockito.*;
-
-import org.junit.*;
-
 import javax.naming.ldap.Control;
 
+import org.junit.Test;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
 /**
  * @author Luke Taylor
  */
diff --git a/ldap/src/test/java/org/springframework/security/ldap/ppolicy/PasswordPolicyResponseControlTests.java b/ldap/src/test/java/org/springframework/security/ldap/ppolicy/PasswordPolicyResponseControlTests.java
index 9844581a5c..ebca7d35ba 100644
--- a/ldap/src/test/java/org/springframework/security/ldap/ppolicy/PasswordPolicyResponseControlTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/ppolicy/PasswordPolicyResponseControlTests.java
@@ -16,10 +16,10 @@
 
 package org.springframework.security.ldap.ppolicy;
 
-import static org.assertj.core.api.Assertions.*;
-
 import org.junit.Test;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 /**
  * Tests for <tt>PasswordPolicyResponse</tt>.
  *
diff --git a/ldap/src/test/java/org/springframework/security/ldap/userdetails/InetOrgPersonTests.java b/ldap/src/test/java/org/springframework/security/ldap/userdetails/InetOrgPersonTests.java
index bb30851175..74355326e9 100644
--- a/ldap/src/test/java/org/springframework/security/ldap/userdetails/InetOrgPersonTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/userdetails/InetOrgPersonTests.java
@@ -15,15 +15,16 @@
  */
 package org.springframework.security.ldap.userdetails;
 
-import static org.assertj.core.api.Assertions.*;
-
 import java.util.HashSet;
 import java.util.Set;
 
 import org.junit.Test;
+
 import org.springframework.ldap.core.DirContextAdapter;
 import org.springframework.ldap.core.DistinguishedName;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 /**
  * @author Luke Taylor
  */
diff --git a/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapAuthorityTests.java b/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapAuthorityTests.java
index b2d51183f2..b8a597ddbc 100644
--- a/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapAuthorityTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapAuthorityTests.java
@@ -15,15 +15,16 @@
  */
 package org.springframework.security.ldap.userdetails;
 
-import org.junit.Before;
-import org.junit.Test;
-import org.springframework.security.ldap.SpringSecurityLdapTemplate;
-
 import java.util.Arrays;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 
+import org.junit.Before;
+import org.junit.Test;
+
+import org.springframework.security.ldap.SpringSecurityLdapTemplate;
+
 import static org.assertj.core.api.Assertions.assertThat;
 
 /**
diff --git a/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsImplTests.java b/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsImplTests.java
index 30556e3002..4352352500 100644
--- a/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsImplTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsImplTests.java
@@ -16,6 +16,7 @@
 package org.springframework.security.ldap.userdetails;
 
 import org.junit.Test;
+
 import org.springframework.security.core.CredentialsContainer;
 
 import static org.assertj.core.api.Assertions.assertThat;
diff --git a/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsServiceTests.java b/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsServiceTests.java
index 5c283eb01b..a7788003db 100644
--- a/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsServiceTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsServiceTests.java
@@ -15,12 +15,11 @@
  */
 package org.springframework.security.ldap.userdetails;
 
-import static org.assertj.core.api.Assertions.*;
-
 import java.util.Collection;
 import java.util.Set;
 
 import org.junit.Test;
+
 import org.springframework.ldap.core.DirContextAdapter;
 import org.springframework.ldap.core.DirContextOperations;
 import org.springframework.ldap.core.DistinguishedName;
@@ -30,6 +29,8 @@ import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.ldap.authentication.MockUserSearch;
 import org.springframework.security.ldap.authentication.NullLdapAuthoritiesPopulator;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 /**
  * Tests for {@link LdapUserDetailsService}
  *
diff --git a/ldap/src/test/java/org/springframework/security/ldap/userdetails/UserDetailsServiceLdapAuthoritiesPopulatorTests.java b/ldap/src/test/java/org/springframework/security/ldap/userdetails/UserDetailsServiceLdapAuthoritiesPopulatorTests.java
index cc96cfeefc..c93f66885f 100644
--- a/ldap/src/test/java/org/springframework/security/ldap/userdetails/UserDetailsServiceLdapAuthoritiesPopulatorTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/userdetails/UserDetailsServiceLdapAuthoritiesPopulatorTests.java
@@ -15,13 +15,11 @@
  */
 package org.springframework.security.ldap.userdetails;
 
-import static org.assertj.core.api.Assertions.*;
-import static org.mockito.Mockito.*;
-
 import java.util.Collection;
 import java.util.List;
 
 import org.junit.Test;
+
 import org.springframework.ldap.core.DirContextAdapter;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.AuthorityUtils;
@@ -29,6 +27,10 @@ import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.ldap.authentication.UserDetailsServiceLdapAuthoritiesPopulator;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
 /**
  * @author Luke Taylor
  */
diff --git a/messaging/src/main/java/org/springframework/security/messaging/access/expression/MessageExpressionConfigAttribute.java b/messaging/src/main/java/org/springframework/security/messaging/access/expression/MessageExpressionConfigAttribute.java
index 84ffed8135..17aac56cf4 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/access/expression/MessageExpressionConfigAttribute.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/access/expression/MessageExpressionConfigAttribute.java
@@ -15,6 +15,8 @@
  */
 package org.springframework.security.messaging.access.expression;
 
+import java.util.Map;
+
 import org.springframework.expression.EvaluationContext;
 import org.springframework.expression.Expression;
 import org.springframework.messaging.Message;
@@ -23,8 +25,6 @@ import org.springframework.security.messaging.util.matcher.MessageMatcher;
 import org.springframework.security.messaging.util.matcher.SimpDestinationMessageMatcher;
 import org.springframework.util.Assert;
 
-import java.util.Map;
-
 /**
  * Simple expression configuration attribute for use in {@link Message} authorizations.
  *
diff --git a/messaging/src/main/java/org/springframework/security/messaging/access/expression/MessageExpressionVoter.java b/messaging/src/main/java/org/springframework/security/messaging/access/expression/MessageExpressionVoter.java
index 1d33bd50d0..f859e4a7da 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/access/expression/MessageExpressionVoter.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/access/expression/MessageExpressionVoter.java
@@ -15,6 +15,8 @@
  */
 package org.springframework.security.messaging.access.expression;
 
+import java.util.Collection;
+
 import org.springframework.expression.EvaluationContext;
 import org.springframework.messaging.Message;
 import org.springframework.security.access.AccessDecisionVoter;
@@ -24,8 +26,6 @@ import org.springframework.security.access.expression.SecurityExpressionHandler;
 import org.springframework.security.core.Authentication;
 import org.springframework.util.Assert;
 
-import java.util.Collection;
-
 /**
  * Voter which handles {@link Message} authorisation decisions. If a
  * {@link MessageExpressionConfigAttribute} is found, then its expression is evaluated. If
diff --git a/messaging/src/main/java/org/springframework/security/messaging/access/intercept/DefaultMessageSecurityMetadataSource.java b/messaging/src/main/java/org/springframework/security/messaging/access/intercept/DefaultMessageSecurityMetadataSource.java
index ce32332255..96fbaefa71 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/access/intercept/DefaultMessageSecurityMetadataSource.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/access/intercept/DefaultMessageSecurityMetadataSource.java
@@ -15,13 +15,17 @@
  */
 package org.springframework.security.messaging.access.intercept;
 
+import java.util.Collection;
+import java.util.HashSet;
+import java.util.LinkedHashMap;
+import java.util.Map;
+import java.util.Set;
+
 import org.springframework.messaging.Message;
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.messaging.access.expression.ExpressionBasedMessageSecurityMetadataSourceFactory;
 import org.springframework.security.messaging.util.matcher.MessageMatcher;
 
-import java.util.*;
-
 /**
  * A default implementation of {@link MessageSecurityMetadataSource} that looks up the
  * {@link ConfigAttribute} instances using a {@link MessageMatcher}.
diff --git a/messaging/src/main/java/org/springframework/security/messaging/handler/invocation/reactive/AuthenticationPrincipalArgumentResolver.java b/messaging/src/main/java/org/springframework/security/messaging/handler/invocation/reactive/AuthenticationPrincipalArgumentResolver.java
index a62bae337e..1e3e90eafd 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/handler/invocation/reactive/AuthenticationPrincipalArgumentResolver.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/handler/invocation/reactive/AuthenticationPrincipalArgumentResolver.java
@@ -16,7 +16,11 @@
 
 package org.springframework.security.messaging.handler.invocation.reactive;
 
+import java.lang.annotation.Annotation;
+
 import org.reactivestreams.Publisher;
+import reactor.core.publisher.Mono;
+
 import org.springframework.core.MethodParameter;
 import org.springframework.core.ReactiveAdapter;
 import org.springframework.core.ReactiveAdapterRegistry;
@@ -36,9 +40,6 @@ import org.springframework.security.core.context.SecurityContext;
 import org.springframework.stereotype.Controller;
 import org.springframework.util.Assert;
 import org.springframework.util.StringUtils;
-import reactor.core.publisher.Mono;
-
-import java.lang.annotation.Annotation;
 
 /**
  * Allows resolving the {@link Authentication#getPrincipal()} using the
diff --git a/messaging/src/main/java/org/springframework/security/messaging/handler/invocation/reactive/CurrentSecurityContextArgumentResolver.java b/messaging/src/main/java/org/springframework/security/messaging/handler/invocation/reactive/CurrentSecurityContextArgumentResolver.java
index 02c7e6a375..f8ea0528de 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/handler/invocation/reactive/CurrentSecurityContextArgumentResolver.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/handler/invocation/reactive/CurrentSecurityContextArgumentResolver.java
@@ -16,7 +16,11 @@
 
 package org.springframework.security.messaging.handler.invocation.reactive;
 
+import java.lang.annotation.Annotation;
+
 import org.reactivestreams.Publisher;
+import reactor.core.publisher.Mono;
+
 import org.springframework.core.MethodParameter;
 import org.springframework.core.ReactiveAdapter;
 import org.springframework.core.ReactiveAdapterRegistry;
@@ -36,9 +40,6 @@ import org.springframework.security.core.context.SecurityContext;
 import org.springframework.stereotype.Controller;
 import org.springframework.util.Assert;
 import org.springframework.util.StringUtils;
-import reactor.core.publisher.Mono;
-
-import java.lang.annotation.Annotation;
 
 /**
  * Allows resolving the {@link Authentication#getPrincipal()} using the
diff --git a/messaging/src/main/java/org/springframework/security/messaging/util/matcher/AbstractMessageMatcherComposite.java b/messaging/src/main/java/org/springframework/security/messaging/util/matcher/AbstractMessageMatcherComposite.java
index 9f03c4abc1..0a8b7b3aa6 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/util/matcher/AbstractMessageMatcherComposite.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/util/matcher/AbstractMessageMatcherComposite.java
@@ -15,14 +15,14 @@
  */
 package org.springframework.security.messaging.util.matcher;
 
-import static java.util.Arrays.asList;
-import static org.apache.commons.logging.LogFactory.getLog;
-import static org.springframework.util.Assert.notEmpty;
-
 import java.util.List;
 
 import org.apache.commons.logging.Log;
 
+import static java.util.Arrays.asList;
+import static org.apache.commons.logging.LogFactory.getLog;
+import static org.springframework.util.Assert.notEmpty;
+
 /**
  * Abstract {@link MessageMatcher} containing multiple {@link MessageMatcher}
  *
diff --git a/messaging/src/main/java/org/springframework/security/messaging/util/matcher/SimpDestinationMessageMatcher.java b/messaging/src/main/java/org/springframework/security/messaging/util/matcher/SimpDestinationMessageMatcher.java
index b1295d3215..c9b2513bbc 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/util/matcher/SimpDestinationMessageMatcher.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/util/matcher/SimpDestinationMessageMatcher.java
@@ -15,6 +15,9 @@
  */
 package org.springframework.security.messaging.util.matcher;
 
+import java.util.Collections;
+import java.util.Map;
+
 import org.springframework.messaging.Message;
 import org.springframework.messaging.simp.SimpMessageHeaderAccessor;
 import org.springframework.messaging.simp.SimpMessageType;
@@ -22,9 +25,6 @@ import org.springframework.util.AntPathMatcher;
 import org.springframework.util.Assert;
 import org.springframework.util.PathMatcher;
 
-import java.util.Collections;
-import java.util.Map;
-
 /**
  * <p>
  * MessageMatcher which compares a pre-defined pattern against the destination of a
diff --git a/messaging/src/test/java/org/springframework/security/messaging/access/expression/DefaultMessageSecurityExpressionHandlerTests.java b/messaging/src/test/java/org/springframework/security/messaging/access/expression/DefaultMessageSecurityExpressionHandlerTests.java
index 03f8b45913..9b63807aa4 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/access/expression/DefaultMessageSecurityExpressionHandlerTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/access/expression/DefaultMessageSecurityExpressionHandlerTests.java
@@ -15,14 +15,12 @@
  */
 package org.springframework.security.messaging.access.expression;
 
-import static org.assertj.core.api.Assertions.*;
-import static org.mockito.Mockito.*;
-
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
+
 import org.springframework.expression.EvaluationContext;
 import org.springframework.expression.Expression;
 import org.springframework.messaging.Message;
@@ -36,6 +34,9 @@ import org.springframework.security.authentication.TestingAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.authority.AuthorityUtils;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.Mockito.when;
+
 @RunWith(MockitoJUnitRunner.class)
 public class DefaultMessageSecurityExpressionHandlerTests {
 
diff --git a/messaging/src/test/java/org/springframework/security/messaging/access/expression/ExpressionBasedMessageSecurityMetadataSourceFactoryTests.java b/messaging/src/test/java/org/springframework/security/messaging/access/expression/ExpressionBasedMessageSecurityMetadataSourceFactoryTests.java
index 61f9d05a4d..0b8c1a7fd9 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/access/expression/ExpressionBasedMessageSecurityMetadataSourceFactoryTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/access/expression/ExpressionBasedMessageSecurityMetadataSourceFactoryTests.java
@@ -15,23 +15,24 @@
  */
 package org.springframework.security.messaging.access.expression;
 
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.powermock.api.mockito.PowerMockito.when;
-import static org.springframework.security.messaging.access.expression.ExpressionBasedMessageSecurityMetadataSourceFactory.*;
+import java.util.Collection;
+import java.util.LinkedHashMap;
 
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
+
 import org.springframework.messaging.Message;
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.messaging.access.intercept.MessageSecurityMetadataSource;
 import org.springframework.security.messaging.util.matcher.MessageMatcher;
 
-import java.util.Collection;
-import java.util.LinkedHashMap;
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.powermock.api.mockito.PowerMockito.when;
+import static org.springframework.security.messaging.access.expression.ExpressionBasedMessageSecurityMetadataSourceFactory.createExpressionMessageMetadataSource;
 
 @RunWith(MockitoJUnitRunner.class)
 public class ExpressionBasedMessageSecurityMetadataSourceFactoryTests {
diff --git a/messaging/src/test/java/org/springframework/security/messaging/access/expression/MessageExpressionConfigAttributeTests.java b/messaging/src/test/java/org/springframework/security/messaging/access/expression/MessageExpressionConfigAttributeTests.java
index 799aaf3df0..ecd57ac342 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/access/expression/MessageExpressionConfigAttributeTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/access/expression/MessageExpressionConfigAttributeTests.java
@@ -20,6 +20,7 @@ import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
+
 import org.springframework.expression.EvaluationContext;
 import org.springframework.expression.Expression;
 import org.springframework.messaging.Message;
@@ -29,7 +30,9 @@ import org.springframework.security.messaging.util.matcher.MessageMatcher;
 import org.springframework.security.messaging.util.matcher.SimpDestinationMessageMatcher;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.Mockito.*;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
 
 @RunWith(MockitoJUnitRunner.class)
 public class MessageExpressionConfigAttributeTests {
diff --git a/messaging/src/test/java/org/springframework/security/messaging/access/expression/MessageExpressionVoterTests.java b/messaging/src/test/java/org/springframework/security/messaging/access/expression/MessageExpressionVoterTests.java
index b2daa2c874..97c73f9d58 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/access/expression/MessageExpressionVoterTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/access/expression/MessageExpressionVoterTests.java
@@ -15,11 +15,15 @@
  */
 package org.springframework.security.messaging.access.expression;
 
+import java.util.Arrays;
+import java.util.Collection;
+
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
+
 import org.springframework.expression.EvaluationContext;
 import org.springframework.expression.Expression;
 import org.springframework.messaging.Message;
@@ -29,12 +33,15 @@ import org.springframework.security.access.expression.SecurityExpressionHandler;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.messaging.util.matcher.MessageMatcher;
 
-import java.util.Arrays;
-import java.util.Collection;
-
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.Mockito.*;
-import static org.springframework.security.access.AccessDecisionVoter.*;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+import static org.springframework.security.access.AccessDecisionVoter.ACCESS_ABSTAIN;
+import static org.springframework.security.access.AccessDecisionVoter.ACCESS_DENIED;
+import static org.springframework.security.access.AccessDecisionVoter.ACCESS_GRANTED;
 
 @RunWith(MockitoJUnitRunner.class)
 public class MessageExpressionVoterTests {
diff --git a/messaging/src/test/java/org/springframework/security/messaging/access/intercept/ChannelSecurityInterceptorTests.java b/messaging/src/test/java/org/springframework/security/messaging/access/intercept/ChannelSecurityInterceptorTests.java
index d961ecc141..e5afacf92f 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/access/intercept/ChannelSecurityInterceptorTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/access/intercept/ChannelSecurityInterceptorTests.java
@@ -15,12 +15,17 @@
  */
 package org.springframework.security.messaging.access.intercept;
 
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.List;
+
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
+
 import org.springframework.messaging.Message;
 import org.springframework.messaging.MessageChannel;
 import org.springframework.security.access.AccessDecisionManager;
@@ -32,10 +37,6 @@ import org.springframework.security.authentication.TestingAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
 
-import java.util.Arrays;
-import java.util.Collection;
-import java.util.List;
-
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
diff --git a/messaging/src/test/java/org/springframework/security/messaging/access/intercept/DefaultMessageSecurityMetadataSourceTests.java b/messaging/src/test/java/org/springframework/security/messaging/access/intercept/DefaultMessageSecurityMetadataSourceTests.java
index a38dadc8f6..823e3941d0 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/access/intercept/DefaultMessageSecurityMetadataSourceTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/access/intercept/DefaultMessageSecurityMetadataSourceTests.java
@@ -15,21 +15,22 @@
  */
 package org.springframework.security.messaging.access.intercept;
 
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.LinkedHashMap;
+
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
+
 import org.springframework.messaging.Message;
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.access.SecurityConfig;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.messaging.util.matcher.MessageMatcher;
 
-import java.util.Arrays;
-import java.util.Collection;
-import java.util.LinkedHashMap;
-
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.powermock.api.mockito.PowerMockito.when;
 
diff --git a/messaging/src/test/java/org/springframework/security/messaging/context/AuthenticationPrincipalArgumentResolverTests.java b/messaging/src/test/java/org/springframework/security/messaging/context/AuthenticationPrincipalArgumentResolverTests.java
index 36628ad6d3..7bd32174e1 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/context/AuthenticationPrincipalArgumentResolverTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/context/AuthenticationPrincipalArgumentResolverTests.java
@@ -15,8 +15,6 @@
  */
 package org.springframework.security.messaging.context;
 
-import static org.assertj.core.api.Assertions.assertThat;
-
 import java.lang.annotation.ElementType;
 import java.lang.annotation.Retention;
 import java.lang.annotation.RetentionPolicy;
@@ -26,6 +24,7 @@ import java.lang.reflect.Method;
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.core.MethodParameter;
 import org.springframework.security.authentication.TestingAuthenticationToken;
 import org.springframework.security.core.annotation.AuthenticationPrincipal;
@@ -35,6 +34,8 @@ import org.springframework.security.core.userdetails.User;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.util.ReflectionUtils;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 /**
  * @author Rob Winch
  *
diff --git a/messaging/src/test/java/org/springframework/security/messaging/context/SecurityContextChannelInterceptorTests.java b/messaging/src/test/java/org/springframework/security/messaging/context/SecurityContextChannelInterceptorTests.java
index 8352806911..edd6fad469 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/context/SecurityContextChannelInterceptorTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/context/SecurityContextChannelInterceptorTests.java
@@ -15,12 +15,15 @@
  */
 package org.springframework.security.messaging.context;
 
+import java.security.Principal;
+
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
+
 import org.springframework.messaging.MessageChannel;
 import org.springframework.messaging.MessageHandler;
 import org.springframework.messaging.simp.SimpMessageHeaderAccessor;
@@ -30,12 +33,9 @@ import org.springframework.security.authentication.TestingAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.security.messaging.context.SecurityContextChannelInterceptor;
-
-import java.security.Principal;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.springframework.security.core.context.SecurityContextHolder.*;
+import static org.springframework.security.core.context.SecurityContextHolder.clearContext;
 
 @RunWith(MockitoJUnitRunner.class)
 public class SecurityContextChannelInterceptorTests {
diff --git a/messaging/src/test/java/org/springframework/security/messaging/handler/invocation/reactive/AuthenticationPrincipalArgumentResolverTests.java b/messaging/src/test/java/org/springframework/security/messaging/handler/invocation/reactive/AuthenticationPrincipalArgumentResolverTests.java
index 73ae9dfa76..9032d1b8ee 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/handler/invocation/reactive/AuthenticationPrincipalArgumentResolverTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/handler/invocation/reactive/AuthenticationPrincipalArgumentResolverTests.java
@@ -16,7 +16,12 @@
 
 package org.springframework.security.messaging.handler.invocation.reactive;
 
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+
 import org.junit.Test;
+import reactor.core.publisher.Mono;
+
 import org.springframework.core.MethodParameter;
 import org.springframework.core.annotation.SynthesizingMethodParameter;
 import org.springframework.security.authentication.TestAuthentication;
@@ -25,12 +30,8 @@ import org.springframework.security.core.annotation.AuthenticationPrincipal;
 import org.springframework.security.core.context.ReactiveSecurityContextHolder;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.messaging.handler.invocation.ResolvableMethod;
-import reactor.core.publisher.Mono;
 
-import java.lang.annotation.Retention;
-import java.lang.annotation.RetentionPolicy;
-
-import static org.assertj.core.api.Assertions.*;
+import static org.assertj.core.api.Assertions.assertThat;
 
 /**
  * @author Rob Winch
diff --git a/messaging/src/test/java/org/springframework/security/messaging/handler/invocation/reactive/CurrentSecurityContextArgumentResolverTests.java b/messaging/src/test/java/org/springframework/security/messaging/handler/invocation/reactive/CurrentSecurityContextArgumentResolverTests.java
index d24540ceca..79f86ce422 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/handler/invocation/reactive/CurrentSecurityContextArgumentResolverTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/handler/invocation/reactive/CurrentSecurityContextArgumentResolverTests.java
@@ -16,7 +16,12 @@
 
 package org.springframework.security.messaging.handler.invocation.reactive;
 
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+
 import org.junit.Test;
+import reactor.core.publisher.Mono;
+
 import org.springframework.core.MethodParameter;
 import org.springframework.core.annotation.SynthesizingMethodParameter;
 import org.springframework.security.authentication.TestAuthentication;
@@ -26,10 +31,6 @@ import org.springframework.security.core.context.ReactiveSecurityContextHolder;
 import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.messaging.handler.invocation.ResolvableMethod;
-import reactor.core.publisher.Mono;
-
-import java.lang.annotation.Retention;
-import java.lang.annotation.RetentionPolicy;
 
 import static org.assertj.core.api.Assertions.assertThat;
 
diff --git a/messaging/src/test/java/org/springframework/security/messaging/util/matcher/AndMessageMatcherTests.java b/messaging/src/test/java/org/springframework/security/messaging/util/matcher/AndMessageMatcherTests.java
index 0a637e4fc4..8f749ec73d 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/util/matcher/AndMessageMatcherTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/util/matcher/AndMessageMatcherTests.java
@@ -15,9 +15,6 @@
  */
 package org.springframework.security.messaging.util.matcher;
 
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.Mockito.when;
-
 import java.util.Arrays;
 import java.util.Collections;
 import java.util.List;
@@ -26,8 +23,12 @@ import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
+
 import org.springframework.messaging.Message;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.Mockito.when;
+
 @RunWith(MockitoJUnitRunner.class)
 public class AndMessageMatcherTests {
 
diff --git a/messaging/src/test/java/org/springframework/security/messaging/util/matcher/OrMessageMatcherTests.java b/messaging/src/test/java/org/springframework/security/messaging/util/matcher/OrMessageMatcherTests.java
index 87295c0c58..14ed456a44 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/util/matcher/OrMessageMatcherTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/util/matcher/OrMessageMatcherTests.java
@@ -15,9 +15,6 @@
  */
 package org.springframework.security.messaging.util.matcher;
 
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.Mockito.when;
-
 import java.util.Arrays;
 import java.util.Collections;
 import java.util.List;
@@ -26,8 +23,12 @@ import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
+
 import org.springframework.messaging.Message;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.Mockito.when;
+
 @RunWith(MockitoJUnitRunner.class)
 public class OrMessageMatcherTests {
 
diff --git a/messaging/src/test/java/org/springframework/security/messaging/util/matcher/SimpDestinationMessageMatcherTests.java b/messaging/src/test/java/org/springframework/security/messaging/util/matcher/SimpDestinationMessageMatcherTests.java
index daa8ba19de..536f7b569a 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/util/matcher/SimpDestinationMessageMatcherTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/util/matcher/SimpDestinationMessageMatcherTests.java
@@ -15,16 +15,17 @@
  */
 package org.springframework.security.messaging.util.matcher;
 
-import static org.assertj.core.api.Assertions.assertThat;
-
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.messaging.simp.SimpMessageHeaderAccessor;
 import org.springframework.messaging.simp.SimpMessageType;
 import org.springframework.messaging.support.MessageBuilder;
 import org.springframework.util.AntPathMatcher;
 import org.springframework.util.PathMatcher;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 public class SimpDestinationMessageMatcherTests {
 
 	MessageBuilder<String> messageBuilder;
diff --git a/messaging/src/test/java/org/springframework/security/messaging/util/matcher/SimpMessageTypeMatcherTests.java b/messaging/src/test/java/org/springframework/security/messaging/util/matcher/SimpMessageTypeMatcherTests.java
index 57115af1b3..92a4626549 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/util/matcher/SimpMessageTypeMatcherTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/util/matcher/SimpMessageTypeMatcherTests.java
@@ -15,15 +15,16 @@
  */
 package org.springframework.security.messaging.util.matcher;
 
-import static org.assertj.core.api.Assertions.assertThat;
-
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.messaging.Message;
 import org.springframework.messaging.simp.SimpMessageHeaderAccessor;
 import org.springframework.messaging.simp.SimpMessageType;
 import org.springframework.messaging.support.MessageBuilder;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 public class SimpMessageTypeMatcherTests {
 
 	private SimpMessageTypeMatcher matcher;
diff --git a/messaging/src/test/java/org/springframework/security/messaging/web/csrf/CsrfChannelInterceptorTests.java b/messaging/src/test/java/org/springframework/security/messaging/web/csrf/CsrfChannelInterceptorTests.java
index 71aab036d0..64281e1f59 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/web/csrf/CsrfChannelInterceptorTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/web/csrf/CsrfChannelInterceptorTests.java
@@ -23,6 +23,7 @@ import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
+
 import org.springframework.messaging.Message;
 import org.springframework.messaging.MessageChannel;
 import org.springframework.messaging.simp.SimpMessageHeaderAccessor;
diff --git a/messaging/src/test/java/org/springframework/security/messaging/web/socket/server/CsrfTokenHandshakeInterceptorTests.java b/messaging/src/test/java/org/springframework/security/messaging/web/socket/server/CsrfTokenHandshakeInterceptorTests.java
index 027da27ecf..eff918868a 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/web/socket/server/CsrfTokenHandshakeInterceptorTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/web/socket/server/CsrfTokenHandshakeInterceptorTests.java
@@ -15,11 +15,15 @@
  */
 package org.springframework.security.messaging.web.socket.server;
 
-import org.junit.Test;
+import java.util.HashMap;
+import java.util.Map;
+
 import org.junit.Before;
+import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
+
 import org.springframework.http.server.ServerHttpRequest;
 import org.springframework.http.server.ServerHttpResponse;
 import org.springframework.http.server.ServletServerHttpRequest;
@@ -28,9 +32,6 @@ import org.springframework.security.web.csrf.CsrfToken;
 import org.springframework.security.web.csrf.DefaultCsrfToken;
 import org.springframework.web.socket.WebSocketHandler;
 
-import java.util.HashMap;
-import java.util.Map;
-
 import static org.assertj.core.api.Assertions.assertThat;
 
 /**
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizationCodeReactiveOAuth2AuthorizedClientProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizationCodeReactiveOAuth2AuthorizedClientProvider.java
index d49feb2e6c..3608d49117 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizationCodeReactiveOAuth2AuthorizedClientProvider.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizationCodeReactiveOAuth2AuthorizedClientProvider.java
@@ -15,10 +15,11 @@
  */
 package org.springframework.security.oauth2.client;
 
+import reactor.core.publisher.Mono;
+
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
 import org.springframework.security.oauth2.core.AuthorizationGrantType;
 import org.springframework.util.Assert;
-import reactor.core.publisher.Mono;
 
 /**
  * An implementation of a {@link ReactiveOAuth2AuthorizedClientProvider} for the
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizedClientServiceOAuth2AuthorizedClientManager.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizedClientServiceOAuth2AuthorizedClientManager.java
index 2ca6eea561..769ee45e2a 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizedClientServiceOAuth2AuthorizedClientManager.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizedClientServiceOAuth2AuthorizedClientManager.java
@@ -15,6 +15,11 @@
  */
 package org.springframework.security.oauth2.client;
 
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.function.Function;
+
 import org.springframework.lang.Nullable;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
@@ -27,11 +32,6 @@ import org.springframework.util.Assert;
 import org.springframework.util.CollectionUtils;
 import org.springframework.util.StringUtils;
 
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.function.Function;
-
 /**
  * An implementation of an {@link OAuth2AuthorizedClientManager} that is capable of
  * operating outside of the context of a {@code HttpServletRequest}, e.g. in a
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager.java
index 26776668ed..bab13821fc 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager.java
@@ -15,17 +15,18 @@
  */
 package org.springframework.security.oauth2.client;
 
+import java.util.Collections;
+import java.util.Map;
+import java.util.function.Function;
+
+import reactor.core.publisher.Mono;
+
 import org.springframework.security.core.Authentication;
 import org.springframework.security.oauth2.client.registration.ReactiveClientRegistrationRepository;
 import org.springframework.security.oauth2.client.web.DefaultReactiveOAuth2AuthorizedClientManager;
 import org.springframework.security.oauth2.core.OAuth2AuthorizationException;
 import org.springframework.util.Assert;
 import org.springframework.web.server.ServerWebExchange;
-import reactor.core.publisher.Mono;
-
-import java.util.Collections;
-import java.util.Map;
-import java.util.function.Function;
 
 /**
  * An implementation of a {@link ReactiveOAuth2AuthorizedClientManager} that is capable of
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ClientCredentialsOAuth2AuthorizedClientProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ClientCredentialsOAuth2AuthorizedClientProvider.java
index 20f5b318e1..5ef6bb621b 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ClientCredentialsOAuth2AuthorizedClientProvider.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ClientCredentialsOAuth2AuthorizedClientProvider.java
@@ -15,6 +15,10 @@
  */
 package org.springframework.security.oauth2.client;
 
+import java.time.Clock;
+import java.time.Duration;
+import java.time.Instant;
+
 import org.springframework.lang.Nullable;
 import org.springframework.security.oauth2.client.endpoint.DefaultClientCredentialsTokenResponseClient;
 import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient;
@@ -26,10 +30,6 @@ import org.springframework.security.oauth2.core.OAuth2AuthorizationException;
 import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
 import org.springframework.util.Assert;
 
-import java.time.Clock;
-import java.time.Duration;
-import java.time.Instant;
-
 /**
  * An implementation of an {@link OAuth2AuthorizedClientProvider} for the
  * {@link AuthorizationGrantType#CLIENT_CREDENTIALS client_credentials} grant.
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ClientCredentialsReactiveOAuth2AuthorizedClientProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ClientCredentialsReactiveOAuth2AuthorizedClientProvider.java
index 3b9cfc78c3..e878c6c56c 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ClientCredentialsReactiveOAuth2AuthorizedClientProvider.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ClientCredentialsReactiveOAuth2AuthorizedClientProvider.java
@@ -15,6 +15,12 @@
  */
 package org.springframework.security.oauth2.client;
 
+import java.time.Clock;
+import java.time.Duration;
+import java.time.Instant;
+
+import reactor.core.publisher.Mono;
+
 import org.springframework.security.oauth2.client.endpoint.OAuth2ClientCredentialsGrantRequest;
 import org.springframework.security.oauth2.client.endpoint.ReactiveOAuth2AccessTokenResponseClient;
 import org.springframework.security.oauth2.client.endpoint.WebClientReactiveClientCredentialsTokenResponseClient;
@@ -23,11 +29,6 @@ import org.springframework.security.oauth2.core.AbstractOAuth2Token;
 import org.springframework.security.oauth2.core.AuthorizationGrantType;
 import org.springframework.security.oauth2.core.OAuth2AuthorizationException;
 import org.springframework.util.Assert;
-import reactor.core.publisher.Mono;
-
-import java.time.Clock;
-import java.time.Duration;
-import java.time.Instant;
 
 /**
  * An implementation of a {@link ReactiveOAuth2AuthorizedClientProvider} for the
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/DelegatingOAuth2AuthorizedClientProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/DelegatingOAuth2AuthorizedClientProvider.java
index cd7148e25a..9e7965337d 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/DelegatingOAuth2AuthorizedClientProvider.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/DelegatingOAuth2AuthorizedClientProvider.java
@@ -15,14 +15,14 @@
  */
 package org.springframework.security.oauth2.client;
 
-import org.springframework.lang.Nullable;
-import org.springframework.util.Assert;
-
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collections;
 import java.util.List;
 
+import org.springframework.lang.Nullable;
+import org.springframework.util.Assert;
+
 /**
  * An implementation of an {@link OAuth2AuthorizedClientProvider} that simply delegates to
  * it's internal {@code List} of {@link OAuth2AuthorizedClientProvider}(s).
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/DelegatingReactiveOAuth2AuthorizedClientProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/DelegatingReactiveOAuth2AuthorizedClientProvider.java
index 1d3c49e888..1c26826ba5 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/DelegatingReactiveOAuth2AuthorizedClientProvider.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/DelegatingReactiveOAuth2AuthorizedClientProvider.java
@@ -15,15 +15,16 @@
  */
 package org.springframework.security.oauth2.client;
 
-import org.springframework.util.Assert;
-import reactor.core.publisher.Flux;
-import reactor.core.publisher.Mono;
-
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collections;
 import java.util.List;
 
+import reactor.core.publisher.Flux;
+import reactor.core.publisher.Mono;
+
+import org.springframework.util.Assert;
+
 /**
  * An implementation of a {@link ReactiveOAuth2AuthorizedClientProvider} that simply
  * delegates to it's internal {@code List} of
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/InMemoryOAuth2AuthorizedClientService.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/InMemoryOAuth2AuthorizedClientService.java
index a78bab512f..6e22c9f1ed 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/InMemoryOAuth2AuthorizedClientService.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/InMemoryOAuth2AuthorizedClientService.java
@@ -15,14 +15,14 @@
  */
 package org.springframework.security.oauth2.client;
 
+import java.util.Map;
+import java.util.concurrent.ConcurrentHashMap;
+
 import org.springframework.security.core.Authentication;
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
 import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
 import org.springframework.util.Assert;
 
-import java.util.Map;
-import java.util.concurrent.ConcurrentHashMap;
-
 /**
  * An {@link OAuth2AuthorizedClientService} that stores {@link OAuth2AuthorizedClient
  * Authorized Client(s)} in-memory.
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/InMemoryReactiveOAuth2AuthorizedClientService.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/InMemoryReactiveOAuth2AuthorizedClientService.java
index 4f58699305..6ece1e03f1 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/InMemoryReactiveOAuth2AuthorizedClientService.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/InMemoryReactiveOAuth2AuthorizedClientService.java
@@ -15,14 +15,15 @@
  */
 package org.springframework.security.oauth2.client;
 
+import java.util.Map;
+import java.util.concurrent.ConcurrentHashMap;
+
+import reactor.core.publisher.Mono;
+
 import org.springframework.security.core.Authentication;
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
 import org.springframework.security.oauth2.client.registration.ReactiveClientRegistrationRepository;
 import org.springframework.util.Assert;
-import reactor.core.publisher.Mono;
-
-import java.util.Map;
-import java.util.concurrent.ConcurrentHashMap;
 
 /**
  * An {@link OAuth2AuthorizedClientService} that stores {@link OAuth2AuthorizedClient
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/JdbcOAuth2AuthorizedClientService.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/JdbcOAuth2AuthorizedClientService.java
index 05bc2405d9..82977f5b43 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/JdbcOAuth2AuthorizedClientService.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/JdbcOAuth2AuthorizedClientService.java
@@ -15,6 +15,18 @@
  */
 package org.springframework.security.oauth2.client;
 
+import java.nio.charset.StandardCharsets;
+import java.sql.ResultSet;
+import java.sql.SQLException;
+import java.sql.Timestamp;
+import java.sql.Types;
+import java.time.Instant;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+import java.util.Set;
+import java.util.function.Function;
+
 import org.springframework.dao.DataRetrievalFailureException;
 import org.springframework.dao.DuplicateKeyException;
 import org.springframework.jdbc.core.ArgumentPreparedStatementSetter;
@@ -31,18 +43,6 @@ import org.springframework.util.Assert;
 import org.springframework.util.CollectionUtils;
 import org.springframework.util.StringUtils;
 
-import java.nio.charset.StandardCharsets;
-import java.sql.ResultSet;
-import java.sql.SQLException;
-import java.sql.Timestamp;
-import java.sql.Types;
-import java.time.Instant;
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.List;
-import java.util.Set;
-import java.util.function.Function;
-
 /**
  * A JDBC implementation of an {@link OAuth2AuthorizedClientService} that uses a
  * {@link JdbcOperations} for {@link OAuth2AuthorizedClient} persistence.
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizationContext.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizationContext.java
index 29fbf35c9c..38779bf650 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizationContext.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizationContext.java
@@ -15,18 +15,18 @@
  */
 package org.springframework.security.oauth2.client;
 
-import org.springframework.lang.Nullable;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.oauth2.client.registration.ClientRegistration;
-import org.springframework.util.Assert;
-import org.springframework.util.CollectionUtils;
-
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.LinkedHashMap;
 import java.util.Map;
 import java.util.function.Consumer;
 
+import org.springframework.lang.Nullable;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.oauth2.client.registration.ClientRegistration;
+import org.springframework.util.Assert;
+import org.springframework.util.CollectionUtils;
+
 /**
  * A context that holds authorization-specific state and is used by an
  * {@link OAuth2AuthorizedClientProvider} when attempting to authorize (or re-authorize)
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizationFailureHandler.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizationFailureHandler.java
index 7ddbecf503..e13064f94d 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizationFailureHandler.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizationFailureHandler.java
@@ -15,11 +15,11 @@
  */
 package org.springframework.security.oauth2.client;
 
+import java.util.Map;
+
 import org.springframework.security.core.Authentication;
 import org.springframework.security.oauth2.core.OAuth2AuthorizationException;
 
-import java.util.Map;
-
 /**
  * Handles when an OAuth 2.0 Client fails to authorize (or re-authorize) via the
  * Authorization Server or Resource Server.
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizationSuccessHandler.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizationSuccessHandler.java
index c49129e26a..7a9f8eec1b 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizationSuccessHandler.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizationSuccessHandler.java
@@ -15,10 +15,10 @@
  */
 package org.springframework.security.oauth2.client;
 
-import org.springframework.security.core.Authentication;
-
 import java.util.Map;
 
+import org.springframework.security.core.Authentication;
+
 /**
  * Handles when an OAuth 2.0 Client has been successfully authorized (or re-authorized)
  * via the Authorization Server.
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizeRequest.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizeRequest.java
index 8009e84b65..26c1fababb 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizeRequest.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizeRequest.java
@@ -15,6 +15,12 @@
  */
 package org.springframework.security.oauth2.client;
 
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.LinkedHashMap;
+import java.util.Map;
+import java.util.function.Consumer;
+
 import org.springframework.lang.Nullable;
 import org.springframework.security.authentication.AbstractAuthenticationToken;
 import org.springframework.security.core.Authentication;
@@ -22,12 +28,6 @@ import org.springframework.security.oauth2.client.registration.ClientRegistratio
 import org.springframework.util.Assert;
 import org.springframework.util.CollectionUtils;
 
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.LinkedHashMap;
-import java.util.Map;
-import java.util.function.Consumer;
-
 /**
  * Represents a request the {@link OAuth2AuthorizedClientManager} uses to
  * {@link OAuth2AuthorizedClientManager#authorize(OAuth2AuthorizeRequest) authorize} (or
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClient.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClient.java
index 4538ae0d4b..a2aa6ed59b 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClient.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClient.java
@@ -15,6 +15,8 @@
  */
 package org.springframework.security.oauth2.client;
 
+import java.io.Serializable;
+
 import org.springframework.lang.Nullable;
 import org.springframework.security.core.SpringSecurityCoreVersion;
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
@@ -22,8 +24,6 @@ import org.springframework.security.oauth2.core.OAuth2AccessToken;
 import org.springframework.security.oauth2.core.OAuth2RefreshToken;
 import org.springframework.util.Assert;
 
-import java.io.Serializable;
-
 /**
  * A representation of an OAuth 2.0 &quot;Authorized Client&quot;.
  * <p>
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientId.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientId.java
index e36da1fa5e..9dd649556c 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientId.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientId.java
@@ -15,12 +15,12 @@
  */
 package org.springframework.security.oauth2.client;
 
-import org.springframework.security.core.SpringSecurityCoreVersion;
-import org.springframework.util.Assert;
-
 import java.io.Serializable;
 import java.util.Objects;
 
+import org.springframework.security.core.SpringSecurityCoreVersion;
+import org.springframework.util.Assert;
+
 /**
  * The identifier for {@link OAuth2AuthorizedClient}.
  *
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientProviderBuilder.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientProviderBuilder.java
index 375eacffb3..a3e8a1e08a 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientProviderBuilder.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientProviderBuilder.java
@@ -15,12 +15,6 @@
  */
 package org.springframework.security.oauth2.client;
 
-import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient;
-import org.springframework.security.oauth2.client.endpoint.OAuth2ClientCredentialsGrantRequest;
-import org.springframework.security.oauth2.client.endpoint.OAuth2PasswordGrantRequest;
-import org.springframework.security.oauth2.client.endpoint.OAuth2RefreshTokenGrantRequest;
-import org.springframework.util.Assert;
-
 import java.time.Clock;
 import java.time.Duration;
 import java.time.Instant;
@@ -30,6 +24,12 @@ import java.util.List;
 import java.util.Map;
 import java.util.function.Consumer;
 
+import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient;
+import org.springframework.security.oauth2.client.endpoint.OAuth2ClientCredentialsGrantRequest;
+import org.springframework.security.oauth2.client.endpoint.OAuth2PasswordGrantRequest;
+import org.springframework.security.oauth2.client.endpoint.OAuth2RefreshTokenGrantRequest;
+import org.springframework.util.Assert;
+
 /**
  * A builder that builds a {@link DelegatingOAuth2AuthorizedClientProvider} composed of
  * one or more {@link OAuth2AuthorizedClientProvider}(s) that implement specific
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/PasswordOAuth2AuthorizedClientProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/PasswordOAuth2AuthorizedClientProvider.java
index 921f588031..9633578151 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/PasswordOAuth2AuthorizedClientProvider.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/PasswordOAuth2AuthorizedClientProvider.java
@@ -15,6 +15,10 @@
  */
 package org.springframework.security.oauth2.client;
 
+import java.time.Clock;
+import java.time.Duration;
+import java.time.Instant;
+
 import org.springframework.lang.Nullable;
 import org.springframework.security.oauth2.client.endpoint.DefaultPasswordTokenResponseClient;
 import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient;
@@ -27,10 +31,6 @@ import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenRespon
 import org.springframework.util.Assert;
 import org.springframework.util.StringUtils;
 
-import java.time.Clock;
-import java.time.Duration;
-import java.time.Instant;
-
 /**
  * An implementation of an {@link OAuth2AuthorizedClientProvider} for the
  * {@link AuthorizationGrantType#PASSWORD password} grant.
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/PasswordReactiveOAuth2AuthorizedClientProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/PasswordReactiveOAuth2AuthorizedClientProvider.java
index b4ad2e52a8..267f6db0ed 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/PasswordReactiveOAuth2AuthorizedClientProvider.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/PasswordReactiveOAuth2AuthorizedClientProvider.java
@@ -15,6 +15,12 @@
  */
 package org.springframework.security.oauth2.client;
 
+import java.time.Clock;
+import java.time.Duration;
+import java.time.Instant;
+
+import reactor.core.publisher.Mono;
+
 import org.springframework.security.oauth2.client.endpoint.OAuth2PasswordGrantRequest;
 import org.springframework.security.oauth2.client.endpoint.ReactiveOAuth2AccessTokenResponseClient;
 import org.springframework.security.oauth2.client.endpoint.WebClientReactivePasswordTokenResponseClient;
@@ -24,11 +30,6 @@ import org.springframework.security.oauth2.core.AuthorizationGrantType;
 import org.springframework.security.oauth2.core.OAuth2AuthorizationException;
 import org.springframework.util.Assert;
 import org.springframework.util.StringUtils;
-import reactor.core.publisher.Mono;
-
-import java.time.Clock;
-import java.time.Duration;
-import java.time.Instant;
 
 /**
  * An implementation of a {@link ReactiveOAuth2AuthorizedClientProvider} for the
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizationFailureHandler.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizationFailureHandler.java
index 7a92cae654..ae7b203467 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizationFailureHandler.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizationFailureHandler.java
@@ -15,11 +15,12 @@
  */
 package org.springframework.security.oauth2.client;
 
-import org.springframework.security.core.Authentication;
-import org.springframework.security.oauth2.core.OAuth2AuthorizationException;
+import java.util.Map;
+
 import reactor.core.publisher.Mono;
 
-import java.util.Map;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.oauth2.core.OAuth2AuthorizationException;
 
 /**
  * Handles when an OAuth 2.0 Client fails to authorize (or re-authorize) via the
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizationSuccessHandler.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizationSuccessHandler.java
index 48ded751b9..55e7965c0a 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizationSuccessHandler.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizationSuccessHandler.java
@@ -15,10 +15,11 @@
  */
 package org.springframework.security.oauth2.client;
 
-import org.springframework.security.core.Authentication;
+import java.util.Map;
+
 import reactor.core.publisher.Mono;
 
-import java.util.Map;
+import org.springframework.security.core.Authentication;
 
 /**
  * Handles when an OAuth 2.0 Client has been successfully authorized (or re-authorized)
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientManager.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientManager.java
index fb489614c9..41f2347a30 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientManager.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientManager.java
@@ -15,9 +15,10 @@
  */
 package org.springframework.security.oauth2.client;
 
+import reactor.core.publisher.Mono;
+
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
 import org.springframework.security.oauth2.client.web.server.ServerOAuth2AuthorizedClientRepository;
-import reactor.core.publisher.Mono;
 
 /**
  * Implementations of this interface are responsible for the overall management of
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientProvider.java
index e47a26305f..9270a1889f 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientProvider.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientProvider.java
@@ -15,9 +15,10 @@
  */
 package org.springframework.security.oauth2.client;
 
+import reactor.core.publisher.Mono;
+
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
 import org.springframework.security.oauth2.core.AuthorizationGrantType;
-import reactor.core.publisher.Mono;
 
 /**
  * A strategy for authorizing (or re-authorizing) an OAuth 2.0 Client. Implementations
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientProviderBuilder.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientProviderBuilder.java
index 9cdf6d9ff4..2149cc1440 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientProviderBuilder.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientProviderBuilder.java
@@ -15,12 +15,6 @@
  */
 package org.springframework.security.oauth2.client;
 
-import org.springframework.security.oauth2.client.endpoint.OAuth2ClientCredentialsGrantRequest;
-import org.springframework.security.oauth2.client.endpoint.OAuth2PasswordGrantRequest;
-import org.springframework.security.oauth2.client.endpoint.OAuth2RefreshTokenGrantRequest;
-import org.springframework.security.oauth2.client.endpoint.ReactiveOAuth2AccessTokenResponseClient;
-import org.springframework.util.Assert;
-
 import java.time.Clock;
 import java.time.Duration;
 import java.time.Instant;
@@ -30,6 +24,12 @@ import java.util.Map;
 import java.util.function.Consumer;
 import java.util.stream.Collectors;
 
+import org.springframework.security.oauth2.client.endpoint.OAuth2ClientCredentialsGrantRequest;
+import org.springframework.security.oauth2.client.endpoint.OAuth2PasswordGrantRequest;
+import org.springframework.security.oauth2.client.endpoint.OAuth2RefreshTokenGrantRequest;
+import org.springframework.security.oauth2.client.endpoint.ReactiveOAuth2AccessTokenResponseClient;
+import org.springframework.util.Assert;
+
 /**
  * A builder that builds a {@link DelegatingReactiveOAuth2AuthorizedClientProvider}
  * composed of one or more {@link ReactiveOAuth2AuthorizedClientProvider}(s) that
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientService.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientService.java
index ac78d89aa0..affacb99c3 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientService.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientService.java
@@ -15,12 +15,12 @@
  */
 package org.springframework.security.oauth2.client;
 
+import reactor.core.publisher.Mono;
+
 import org.springframework.security.core.Authentication;
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
 import org.springframework.security.oauth2.core.OAuth2AccessToken;
 
-import reactor.core.publisher.Mono;
-
 /**
  * Implementations of this interface are responsible for the management of
  * {@link OAuth2AuthorizedClient Authorized Client(s)}, which provide the purpose of
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RefreshTokenOAuth2AuthorizedClientProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RefreshTokenOAuth2AuthorizedClientProvider.java
index 2f19d5ec6d..bfcc85b466 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RefreshTokenOAuth2AuthorizedClientProvider.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RefreshTokenOAuth2AuthorizedClientProvider.java
@@ -15,6 +15,14 @@
  */
 package org.springframework.security.oauth2.client;
 
+import java.time.Clock;
+import java.time.Duration;
+import java.time.Instant;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Set;
+
 import org.springframework.lang.Nullable;
 import org.springframework.security.oauth2.client.endpoint.DefaultRefreshTokenTokenResponseClient;
 import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient;
@@ -25,14 +33,6 @@ import org.springframework.security.oauth2.core.OAuth2AuthorizationException;
 import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
 import org.springframework.util.Assert;
 
-import java.time.Clock;
-import java.time.Duration;
-import java.time.Instant;
-import java.util.Arrays;
-import java.util.Collections;
-import java.util.HashSet;
-import java.util.Set;
-
 /**
  * An implementation of an {@link OAuth2AuthorizedClientProvider} for the
  * {@link AuthorizationGrantType#REFRESH_TOKEN refresh_token} grant.
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RefreshTokenReactiveOAuth2AuthorizedClientProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RefreshTokenReactiveOAuth2AuthorizedClientProvider.java
index d96984b59a..78f947883e 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RefreshTokenReactiveOAuth2AuthorizedClientProvider.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RefreshTokenReactiveOAuth2AuthorizedClientProvider.java
@@ -15,6 +15,16 @@
  */
 package org.springframework.security.oauth2.client;
 
+import java.time.Clock;
+import java.time.Duration;
+import java.time.Instant;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Set;
+
+import reactor.core.publisher.Mono;
+
 import org.springframework.security.oauth2.client.endpoint.OAuth2RefreshTokenGrantRequest;
 import org.springframework.security.oauth2.client.endpoint.ReactiveOAuth2AccessTokenResponseClient;
 import org.springframework.security.oauth2.client.endpoint.WebClientReactiveRefreshTokenTokenResponseClient;
@@ -23,15 +33,6 @@ import org.springframework.security.oauth2.core.AbstractOAuth2Token;
 import org.springframework.security.oauth2.core.AuthorizationGrantType;
 import org.springframework.security.oauth2.core.OAuth2AuthorizationException;
 import org.springframework.util.Assert;
-import reactor.core.publisher.Mono;
-
-import java.time.Clock;
-import java.time.Duration;
-import java.time.Instant;
-import java.util.Arrays;
-import java.util.Collections;
-import java.util.HashSet;
-import java.util.Set;
 
 /**
  * An implementation of a {@link ReactiveOAuth2AuthorizedClientProvider} for the
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RemoveAuthorizedClientOAuth2AuthorizationFailureHandler.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RemoveAuthorizedClientOAuth2AuthorizationFailureHandler.java
index cb10fdb195..51df5fb0c7 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RemoveAuthorizedClientOAuth2AuthorizationFailureHandler.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RemoveAuthorizedClientOAuth2AuthorizationFailureHandler.java
@@ -15,6 +15,12 @@
  */
 package org.springframework.security.oauth2.client;
 
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
+
 import org.springframework.security.core.Authentication;
 import org.springframework.security.oauth2.client.web.OAuth2AuthorizedClientRepository;
 import org.springframework.security.oauth2.core.OAuth2AuthorizationException;
@@ -22,12 +28,6 @@ import org.springframework.security.oauth2.core.OAuth2Error;
 import org.springframework.security.oauth2.core.OAuth2ErrorCodes;
 import org.springframework.util.Assert;
 
-import java.util.Arrays;
-import java.util.Collections;
-import java.util.HashSet;
-import java.util.Map;
-import java.util.Set;
-
 /**
  * An {@link OAuth2AuthorizationFailureHandler} that removes an
  * {@link OAuth2AuthorizedClient} when the {@link OAuth2Error#getErrorCode()} matches one
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler.java
index 2d1e3225a8..179ce268ec 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler.java
@@ -15,19 +15,20 @@
  */
 package org.springframework.security.oauth2.client;
 
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
+
+import reactor.core.publisher.Mono;
+
 import org.springframework.security.core.Authentication;
 import org.springframework.security.oauth2.client.web.server.ServerOAuth2AuthorizedClientRepository;
 import org.springframework.security.oauth2.core.OAuth2AuthorizationException;
 import org.springframework.security.oauth2.core.OAuth2Error;
 import org.springframework.security.oauth2.core.OAuth2ErrorCodes;
 import org.springframework.util.Assert;
-import reactor.core.publisher.Mono;
-
-import java.util.Arrays;
-import java.util.Collections;
-import java.util.HashSet;
-import java.util.Map;
-import java.util.Set;
 
 /**
  * A {@link ReactiveOAuth2AuthorizationFailureHandler} that removes an
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/annotation/RegisteredOAuth2AuthorizedClient.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/annotation/RegisteredOAuth2AuthorizedClient.java
index 86925cc002..e207bdcfc8 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/annotation/RegisteredOAuth2AuthorizedClient.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/annotation/RegisteredOAuth2AuthorizedClient.java
@@ -15,16 +15,16 @@
  */
 package org.springframework.security.oauth2.client.annotation;
 
-import org.springframework.core.annotation.AliasFor;
-import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
-import org.springframework.security.oauth2.client.web.method.annotation.OAuth2AuthorizedClientArgumentResolver;
-
 import java.lang.annotation.Documented;
 import java.lang.annotation.ElementType;
 import java.lang.annotation.Retention;
 import java.lang.annotation.RetentionPolicy;
 import java.lang.annotation.Target;
 
+import org.springframework.core.annotation.AliasFor;
+import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
+import org.springframework.security.oauth2.client.web.method.annotation.OAuth2AuthorizedClientArgumentResolver;
+
 /**
  * This annotation may be used to resolve a method parameter to an argument value of type
  * {@link OAuth2AuthorizedClient}.
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthenticationToken.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthenticationToken.java
index e63c363ad2..7e8197a459 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthenticationToken.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthenticationToken.java
@@ -15,6 +15,8 @@
  */
 package org.springframework.security.oauth2.client.authentication;
 
+import java.util.Collection;
+
 import org.springframework.security.authentication.AbstractAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.GrantedAuthority;
@@ -23,8 +25,6 @@ import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
 import org.springframework.security.oauth2.core.user.OAuth2User;
 import org.springframework.util.Assert;
 
-import java.util.Collection;
-
 /**
  * An implementation of an {@link AbstractAuthenticationToken} that represents an OAuth
  * 2.0 {@link Authentication}.
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationToken.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationToken.java
index 09f642289d..f1e371d3c7 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationToken.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationToken.java
@@ -15,6 +15,10 @@
  */
 package org.springframework.security.oauth2.client.authentication;
 
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+
 import org.springframework.lang.Nullable;
 import org.springframework.security.authentication.AbstractAuthenticationToken;
 import org.springframework.security.core.SpringSecurityCoreVersion;
@@ -24,10 +28,6 @@ import org.springframework.security.oauth2.core.OAuth2RefreshToken;
 import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange;
 import org.springframework.util.Assert;
 
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.Map;
-
 /**
  * An {@link AbstractAuthenticationToken} for the OAuth 2.0 Authorization Code Grant.
  *
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeReactiveAuthenticationManager.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeReactiveAuthenticationManager.java
index 0e4d36bab5..e947fe4537 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeReactiveAuthenticationManager.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeReactiveAuthenticationManager.java
@@ -15,6 +15,10 @@
  */
 package org.springframework.security.oauth2.client.authentication;
 
+import java.util.function.Function;
+
+import reactor.core.publisher.Mono;
+
 import org.springframework.security.authentication.ReactiveAuthenticationManager;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest;
@@ -31,9 +35,6 @@ import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequ
 import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse;
 import org.springframework.security.oauth2.core.user.OAuth2User;
 import org.springframework.util.Assert;
-import reactor.core.publisher.Mono;
-
-import java.util.function.Function;
 
 /**
  * An implementation of an
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProvider.java
index d27e0fe7c2..abc2b4701f 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProvider.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProvider.java
@@ -15,6 +15,9 @@
  */
 package org.springframework.security.oauth2.client.authentication;
 
+import java.util.Collection;
+import java.util.Map;
+
 import org.springframework.security.authentication.AuthenticationProvider;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
@@ -31,9 +34,6 @@ import org.springframework.security.oauth2.core.OAuth2Error;
 import org.springframework.security.oauth2.core.user.OAuth2User;
 import org.springframework.util.Assert;
 
-import java.util.Collection;
-import java.util.Map;
-
 /**
  * An implementation of an {@link AuthenticationProvider} for OAuth 2.0 Login, which
  * leverages the OAuth 2.0 Authorization Code Grant Flow.
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationToken.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationToken.java
index d2d8f62b24..aeb385f478 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationToken.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationToken.java
@@ -15,6 +15,9 @@
  */
 package org.springframework.security.oauth2.client.authentication;
 
+import java.util.Collection;
+import java.util.Collections;
+
 import org.springframework.lang.Nullable;
 import org.springframework.security.authentication.AbstractAuthenticationToken;
 import org.springframework.security.core.GrantedAuthority;
@@ -26,9 +29,6 @@ import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExch
 import org.springframework.security.oauth2.core.user.OAuth2User;
 import org.springframework.util.Assert;
 
-import java.util.Collection;
-import java.util.Collections;
-
 /**
  * An {@link AbstractAuthenticationToken} for OAuth 2.0 Login, which leverages the OAuth
  * 2.0 Authorization Code Grant Flow.
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginReactiveAuthenticationManager.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginReactiveAuthenticationManager.java
index dc00fed7d0..8fdb066ef2 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginReactiveAuthenticationManager.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginReactiveAuthenticationManager.java
@@ -15,6 +15,11 @@
  */
 package org.springframework.security.oauth2.client.authentication;
 
+import java.util.Collection;
+import java.util.Map;
+
+import reactor.core.publisher.Mono;
+
 import org.springframework.security.authentication.ReactiveAuthenticationManager;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.GrantedAuthority;
@@ -28,10 +33,6 @@ import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
 import org.springframework.security.oauth2.core.OAuth2AuthorizationException;
 import org.springframework.security.oauth2.core.user.OAuth2User;
 import org.springframework.util.Assert;
-import reactor.core.publisher.Mono;
-
-import java.util.Collection;
-import java.util.Map;
 
 /**
  * An implementation of an
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/AbstractWebClientReactiveOAuth2AccessTokenResponseClient.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/AbstractWebClientReactiveOAuth2AccessTokenResponseClient.java
index 0e6cc41167..67a489046e 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/AbstractWebClientReactiveOAuth2AccessTokenResponseClient.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/AbstractWebClientReactiveOAuth2AccessTokenResponseClient.java
@@ -15,6 +15,11 @@
  */
 package org.springframework.security.oauth2.client.endpoint;
 
+import java.util.Collections;
+import java.util.Set;
+
+import reactor.core.publisher.Mono;
+
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.MediaType;
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
@@ -27,10 +32,6 @@ import org.springframework.util.StringUtils;
 import org.springframework.web.reactive.function.BodyInserters;
 import org.springframework.web.reactive.function.client.ClientResponse;
 import org.springframework.web.reactive.function.client.WebClient;
-import reactor.core.publisher.Mono;
-
-import java.util.Collections;
-import java.util.Set;
 
 import static org.springframework.security.oauth2.core.web.reactive.function.OAuth2BodyExtractors.oauth2AccessTokenResponse;
 
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/DefaultAuthorizationCodeTokenResponseClient.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/DefaultAuthorizationCodeTokenResponseClient.java
index 656d55c195..589eaca98a 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/DefaultAuthorizationCodeTokenResponseClient.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/DefaultAuthorizationCodeTokenResponseClient.java
@@ -15,6 +15,8 @@
  */
 package org.springframework.security.oauth2.client.endpoint;
 
+import java.util.Arrays;
+
 import org.springframework.core.convert.converter.Converter;
 import org.springframework.http.RequestEntity;
 import org.springframework.http.ResponseEntity;
@@ -33,8 +35,6 @@ import org.springframework.web.client.RestClientException;
 import org.springframework.web.client.RestOperations;
 import org.springframework.web.client.RestTemplate;
 
-import java.util.Arrays;
-
 /**
  * The default implementation of an {@link OAuth2AccessTokenResponseClient} for the
  * {@link AuthorizationGrantType#AUTHORIZATION_CODE authorization_code} grant. This
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/DefaultClientCredentialsTokenResponseClient.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/DefaultClientCredentialsTokenResponseClient.java
index 155d1f8d22..76772c945e 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/DefaultClientCredentialsTokenResponseClient.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/DefaultClientCredentialsTokenResponseClient.java
@@ -15,6 +15,8 @@
  */
 package org.springframework.security.oauth2.client.endpoint;
 
+import java.util.Arrays;
+
 import org.springframework.core.convert.converter.Converter;
 import org.springframework.http.RequestEntity;
 import org.springframework.http.ResponseEntity;
@@ -33,8 +35,6 @@ import org.springframework.web.client.RestClientException;
 import org.springframework.web.client.RestOperations;
 import org.springframework.web.client.RestTemplate;
 
-import java.util.Arrays;
-
 /**
  * The default implementation of an {@link OAuth2AccessTokenResponseClient} for the
  * {@link AuthorizationGrantType#CLIENT_CREDENTIALS client_credentials} grant. This
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/DefaultPasswordTokenResponseClient.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/DefaultPasswordTokenResponseClient.java
index 05e71120c4..7dc693ec3e 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/DefaultPasswordTokenResponseClient.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/DefaultPasswordTokenResponseClient.java
@@ -15,6 +15,8 @@
  */
 package org.springframework.security.oauth2.client.endpoint;
 
+import java.util.Arrays;
+
 import org.springframework.core.convert.converter.Converter;
 import org.springframework.http.RequestEntity;
 import org.springframework.http.ResponseEntity;
@@ -33,8 +35,6 @@ import org.springframework.web.client.RestClientException;
 import org.springframework.web.client.RestOperations;
 import org.springframework.web.client.RestTemplate;
 
-import java.util.Arrays;
-
 /**
  * The default implementation of an {@link OAuth2AccessTokenResponseClient} for the
  * {@link AuthorizationGrantType#PASSWORD password} grant. This implementation uses a
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/DefaultRefreshTokenTokenResponseClient.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/DefaultRefreshTokenTokenResponseClient.java
index 4cd267db54..2e470ab382 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/DefaultRefreshTokenTokenResponseClient.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/DefaultRefreshTokenTokenResponseClient.java
@@ -15,6 +15,8 @@
  */
 package org.springframework.security.oauth2.client.endpoint;
 
+import java.util.Arrays;
+
 import org.springframework.core.convert.converter.Converter;
 import org.springframework.http.RequestEntity;
 import org.springframework.http.ResponseEntity;
@@ -33,8 +35,6 @@ import org.springframework.web.client.RestClientException;
 import org.springframework.web.client.RestOperations;
 import org.springframework.web.client.RestTemplate;
 
-import java.util.Arrays;
-
 /**
  * The default implementation of an {@link OAuth2AccessTokenResponseClient} for the
  * {@link AuthorizationGrantType#REFRESH_TOKEN refresh_token} grant. This implementation
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/NimbusAuthorizationCodeTokenResponseClient.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/NimbusAuthorizationCodeTokenResponseClient.java
index ea3e1ffbd8..a9adea42fa 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/NimbusAuthorizationCodeTokenResponseClient.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/NimbusAuthorizationCodeTokenResponseClient.java
@@ -15,6 +15,13 @@
  */
 package org.springframework.security.oauth2.client.endpoint;
 
+import java.io.IOException;
+import java.net.URI;
+import java.util.LinkedHashMap;
+import java.util.LinkedHashSet;
+import java.util.Map;
+import java.util.Set;
+
 import com.nimbusds.oauth2.sdk.AccessTokenResponse;
 import com.nimbusds.oauth2.sdk.AuthorizationCode;
 import com.nimbusds.oauth2.sdk.AuthorizationCodeGrant;
@@ -29,6 +36,7 @@ import com.nimbusds.oauth2.sdk.auth.ClientSecretPost;
 import com.nimbusds.oauth2.sdk.auth.Secret;
 import com.nimbusds.oauth2.sdk.http.HTTPRequest;
 import com.nimbusds.oauth2.sdk.id.ClientID;
+
 import org.springframework.http.MediaType;
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
 import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
@@ -39,13 +47,6 @@ import org.springframework.security.oauth2.core.OAuth2ErrorCodes;
 import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
 import org.springframework.util.CollectionUtils;
 
-import java.io.IOException;
-import java.net.URI;
-import java.util.LinkedHashMap;
-import java.util.LinkedHashSet;
-import java.util.Map;
-import java.util.Set;
-
 /**
  * An implementation of an {@link OAuth2AccessTokenResponseClient} that
  * &quot;exchanges&quot; an authorization code credential for an access token credential
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestEntityConverter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestEntityConverter.java
index 146e3f4ab8..9ff364c9d7 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestEntityConverter.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestEntityConverter.java
@@ -15,6 +15,8 @@
  */
 package org.springframework.security.oauth2.client.endpoint;
 
+import java.net.URI;
+
 import org.springframework.core.convert.converter.Converter;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpMethod;
@@ -28,8 +30,6 @@ import org.springframework.util.LinkedMultiValueMap;
 import org.springframework.util.MultiValueMap;
 import org.springframework.web.util.UriComponentsBuilder;
 
-import java.net.URI;
-
 /**
  * A {@link Converter} that converts the provided
  * {@link OAuth2AuthorizationCodeGrantRequest} to a {@link RequestEntity} representation
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationGrantRequestEntityUtils.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationGrantRequestEntityUtils.java
index 2fe790d956..af7b288ac2 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationGrantRequestEntityUtils.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationGrantRequestEntityUtils.java
@@ -15,6 +15,8 @@
  */
 package org.springframework.security.oauth2.client.endpoint;
 
+import java.util.Collections;
+
 import org.springframework.core.convert.converter.Converter;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.MediaType;
@@ -22,8 +24,6 @@ import org.springframework.http.RequestEntity;
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
 import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
 
-import java.util.Collections;
-
 import static org.springframework.http.MediaType.APPLICATION_FORM_URLENCODED_VALUE;
 
 /**
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestEntityConverter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestEntityConverter.java
index bfbd63f12b..67784177a0 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestEntityConverter.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestEntityConverter.java
@@ -15,6 +15,8 @@
  */
 package org.springframework.security.oauth2.client.endpoint;
 
+import java.net.URI;
+
 import org.springframework.core.convert.converter.Converter;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpMethod;
@@ -28,8 +30,6 @@ import org.springframework.util.MultiValueMap;
 import org.springframework.util.StringUtils;
 import org.springframework.web.util.UriComponentsBuilder;
 
-import java.net.URI;
-
 /**
  * A {@link Converter} that converts the provided
  * {@link OAuth2ClientCredentialsGrantRequest} to a {@link RequestEntity} representation
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2PasswordGrantRequestEntityConverter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2PasswordGrantRequestEntityConverter.java
index 465b27071c..5d5e43232a 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2PasswordGrantRequestEntityConverter.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2PasswordGrantRequestEntityConverter.java
@@ -15,6 +15,8 @@
  */
 package org.springframework.security.oauth2.client.endpoint;
 
+import java.net.URI;
+
 import org.springframework.core.convert.converter.Converter;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpMethod;
@@ -28,8 +30,6 @@ import org.springframework.util.MultiValueMap;
 import org.springframework.util.StringUtils;
 import org.springframework.web.util.UriComponentsBuilder;
 
-import java.net.URI;
-
 /**
  * A {@link Converter} that converts the provided {@link OAuth2PasswordGrantRequest} to a
  * {@link RequestEntity} representation of an OAuth 2.0 Access Token Request for the
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2RefreshTokenGrantRequest.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2RefreshTokenGrantRequest.java
index f94b5fafd2..5229f7fa64 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2RefreshTokenGrantRequest.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2RefreshTokenGrantRequest.java
@@ -15,16 +15,16 @@
  */
 package org.springframework.security.oauth2.client.endpoint;
 
+import java.util.Collections;
+import java.util.LinkedHashSet;
+import java.util.Set;
+
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
 import org.springframework.security.oauth2.core.AuthorizationGrantType;
 import org.springframework.security.oauth2.core.OAuth2AccessToken;
 import org.springframework.security.oauth2.core.OAuth2RefreshToken;
 import org.springframework.util.Assert;
 
-import java.util.Collections;
-import java.util.LinkedHashSet;
-import java.util.Set;
-
 /**
  * An OAuth 2.0 Refresh Token Grant request that holds the {@link OAuth2RefreshToken
  * refresh token} credential granted to the {@link #getClientRegistration() client}.
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2RefreshTokenGrantRequestEntityConverter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2RefreshTokenGrantRequestEntityConverter.java
index 8bf4cfd3b3..21c8a9c09d 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2RefreshTokenGrantRequestEntityConverter.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2RefreshTokenGrantRequestEntityConverter.java
@@ -15,6 +15,8 @@
  */
 package org.springframework.security.oauth2.client.endpoint;
 
+import java.net.URI;
+
 import org.springframework.core.convert.converter.Converter;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpMethod;
@@ -28,8 +30,6 @@ import org.springframework.util.MultiValueMap;
 import org.springframework.util.StringUtils;
 import org.springframework.web.util.UriComponentsBuilder;
 
-import java.net.URI;
-
 /**
  * A {@link Converter} that converts the provided {@link OAuth2RefreshTokenGrantRequest}
  * to a {@link RequestEntity} representation of an OAuth 2.0 Access Token Request for the
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/ReactiveOAuth2AccessTokenResponseClient.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/ReactiveOAuth2AccessTokenResponseClient.java
index fa09352341..7dd03c92eb 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/ReactiveOAuth2AccessTokenResponseClient.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/ReactiveOAuth2AccessTokenResponseClient.java
@@ -15,10 +15,11 @@
  */
 package org.springframework.security.oauth2.client.endpoint;
 
+import reactor.core.publisher.Mono;
+
 import org.springframework.security.oauth2.core.AuthorizationGrantType;
 import org.springframework.security.oauth2.core.OAuth2AuthorizationException;
 import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
-import reactor.core.publisher.Mono;
 
 /**
  * A reactive strategy for &quot;exchanging&quot; an authorization grant credential (e.g.
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveAuthorizationCodeTokenResponseClient.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveAuthorizationCodeTokenResponseClient.java
index 8ada808580..f565d24a75 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveAuthorizationCodeTokenResponseClient.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveAuthorizationCodeTokenResponseClient.java
@@ -15,6 +15,9 @@
  */
 package org.springframework.security.oauth2.client.endpoint;
 
+import java.util.Collections;
+import java.util.Set;
+
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
 import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
 import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange;
@@ -23,9 +26,6 @@ import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
 import org.springframework.security.oauth2.core.endpoint.PkceParameterNames;
 import org.springframework.web.reactive.function.BodyInserters;
 
-import java.util.Collections;
-import java.util.Set;
-
 /**
  * An implementation of a {@link ReactiveOAuth2AccessTokenResponseClient} that
  * &quot;exchanges&quot; an authorization code credential for an access token credential
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveClientCredentialsTokenResponseClient.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveClientCredentialsTokenResponseClient.java
index 95c01b2672..8fdd865bd6 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveClientCredentialsTokenResponseClient.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveClientCredentialsTokenResponseClient.java
@@ -15,11 +15,11 @@
  */
 package org.springframework.security.oauth2.client.endpoint;
 
+import java.util.Set;
+
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
 import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
 
-import java.util.Set;
-
 /**
  * An implementation of a {@link ReactiveOAuth2AccessTokenResponseClient} that
  * &quot;exchanges&quot; a client credential for an access token credential at the
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/WebClientReactivePasswordTokenResponseClient.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/WebClientReactivePasswordTokenResponseClient.java
index 354b2b3368..edb2a20aa2 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/WebClientReactivePasswordTokenResponseClient.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/WebClientReactivePasswordTokenResponseClient.java
@@ -15,6 +15,8 @@
  */
 package org.springframework.security.oauth2.client.endpoint;
 
+import java.util.Set;
+
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
 import org.springframework.security.oauth2.core.AuthorizationGrantType;
 import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
@@ -22,8 +24,6 @@ import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
 import org.springframework.web.reactive.function.BodyInserters;
 import org.springframework.web.reactive.function.client.WebClient;
 
-import java.util.Set;
-
 /**
  * An implementation of a {@link ReactiveOAuth2AccessTokenResponseClient} for the
  * {@link AuthorizationGrantType#PASSWORD password} grant. This implementation uses
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveRefreshTokenTokenResponseClient.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveRefreshTokenTokenResponseClient.java
index e0d4924e1e..1e59a431c6 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveRefreshTokenTokenResponseClient.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveRefreshTokenTokenResponseClient.java
@@ -15,6 +15,8 @@
  */
 package org.springframework.security.oauth2.client.endpoint;
 
+import java.util.Set;
+
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
 import org.springframework.security.oauth2.core.AuthorizationGrantType;
 import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
@@ -23,8 +25,6 @@ import org.springframework.util.CollectionUtils;
 import org.springframework.web.reactive.function.BodyInserters;
 import org.springframework.web.reactive.function.client.WebClient;
 
-import java.util.Set;
-
 /**
  * An implementation of a {@link ReactiveOAuth2AccessTokenResponseClient} for the
  * {@link AuthorizationGrantType#REFRESH_TOKEN refresh_token} grant. This implementation
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/http/OAuth2ErrorResponseErrorHandler.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/http/OAuth2ErrorResponseErrorHandler.java
index f0fc1990b0..9f1e7be66a 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/http/OAuth2ErrorResponseErrorHandler.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/http/OAuth2ErrorResponseErrorHandler.java
@@ -15,7 +15,10 @@
  */
 package org.springframework.security.oauth2.client.http;
 
+import java.io.IOException;
+
 import com.nimbusds.oauth2.sdk.token.BearerTokenError;
+
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.client.ClientHttpResponse;
@@ -27,8 +30,6 @@ import org.springframework.util.StringUtils;
 import org.springframework.web.client.DefaultResponseErrorHandler;
 import org.springframework.web.client.ResponseErrorHandler;
 
-import java.io.IOException;
-
 /**
  * A {@link ResponseErrorHandler} that handles an {@link OAuth2Error OAuth 2.0 Error}.
  *
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/ClientRegistrationDeserializer.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/ClientRegistrationDeserializer.java
index 84c17c15fd..58482899c1 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/ClientRegistrationDeserializer.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/ClientRegistrationDeserializer.java
@@ -15,19 +15,20 @@
  */
 package org.springframework.security.oauth2.client.jackson2;
 
+import java.io.IOException;
+
 import com.fasterxml.jackson.core.JsonParser;
 import com.fasterxml.jackson.databind.DeserializationContext;
 import com.fasterxml.jackson.databind.JsonDeserializer;
 import com.fasterxml.jackson.databind.JsonNode;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.databind.util.StdConverter;
+
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
 import org.springframework.security.oauth2.core.AuthenticationMethod;
 import org.springframework.security.oauth2.core.AuthorizationGrantType;
 import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
 
-import java.io.IOException;
-
 import static org.springframework.security.oauth2.client.jackson2.JsonNodeUtils.MAP_TYPE_REFERENCE;
 import static org.springframework.security.oauth2.client.jackson2.JsonNodeUtils.SET_TYPE_REFERENCE;
 import static org.springframework.security.oauth2.client.jackson2.JsonNodeUtils.findObjectNode;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/ClientRegistrationMixin.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/ClientRegistrationMixin.java
index 50b7118969..e750d9f51d 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/ClientRegistrationMixin.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/ClientRegistrationMixin.java
@@ -19,6 +19,7 @@ import com.fasterxml.jackson.annotation.JsonAutoDetect;
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.annotation.JsonTypeInfo;
 import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
+
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
 
 /**
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/DefaultOAuth2UserMixin.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/DefaultOAuth2UserMixin.java
index 4743b62f3d..e73d5d0d16 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/DefaultOAuth2UserMixin.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/DefaultOAuth2UserMixin.java
@@ -15,17 +15,18 @@
  */
 package org.springframework.security.oauth2.client.jackson2;
 
+import java.util.Collection;
+import java.util.Map;
+
 import com.fasterxml.jackson.annotation.JsonAutoDetect;
 import com.fasterxml.jackson.annotation.JsonCreator;
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.annotation.JsonProperty;
 import com.fasterxml.jackson.annotation.JsonTypeInfo;
+
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.oauth2.core.user.DefaultOAuth2User;
 
-import java.util.Collection;
-import java.util.Map;
-
 /**
  * This mixin class is used to serialize/deserialize {@link DefaultOAuth2User}.
  *
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/DefaultOidcUserMixin.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/DefaultOidcUserMixin.java
index dcbee5ef45..bfdfa3b268 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/DefaultOidcUserMixin.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/DefaultOidcUserMixin.java
@@ -15,18 +15,19 @@
  */
 package org.springframework.security.oauth2.client.jackson2;
 
+import java.util.Collection;
+
 import com.fasterxml.jackson.annotation.JsonAutoDetect;
 import com.fasterxml.jackson.annotation.JsonCreator;
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.annotation.JsonProperty;
 import com.fasterxml.jackson.annotation.JsonTypeInfo;
+
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.oauth2.core.oidc.OidcIdToken;
 import org.springframework.security.oauth2.core.oidc.OidcUserInfo;
 import org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser;
 
-import java.util.Collection;
-
 /**
  * This mixin class is used to serialize/deserialize {@link DefaultOidcUser}.
  *
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/JsonNodeUtils.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/JsonNodeUtils.java
index 6e9afbb2ed..ce0d7b65d4 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/JsonNodeUtils.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/JsonNodeUtils.java
@@ -15,13 +15,13 @@
  */
 package org.springframework.security.oauth2.client.jackson2;
 
+import java.util.Map;
+import java.util.Set;
+
 import com.fasterxml.jackson.core.type.TypeReference;
 import com.fasterxml.jackson.databind.JsonNode;
 import com.fasterxml.jackson.databind.ObjectMapper;
 
-import java.util.Map;
-import java.util.Set;
-
 /**
  * Utility class for {@code JsonNode}.
  *
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AccessTokenMixin.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AccessTokenMixin.java
index a6ca1d18ff..0ac2181b72 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AccessTokenMixin.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AccessTokenMixin.java
@@ -15,16 +15,17 @@
  */
 package org.springframework.security.oauth2.client.jackson2;
 
+import java.time.Instant;
+import java.util.Set;
+
 import com.fasterxml.jackson.annotation.JsonAutoDetect;
 import com.fasterxml.jackson.annotation.JsonCreator;
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.annotation.JsonProperty;
 import com.fasterxml.jackson.annotation.JsonTypeInfo;
 import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
-import org.springframework.security.oauth2.core.OAuth2AccessToken;
 
-import java.time.Instant;
-import java.util.Set;
+import org.springframework.security.oauth2.core.OAuth2AccessToken;
 
 /**
  * This mixin class is used to serialize/deserialize {@link OAuth2AccessToken}.
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationExceptionMixin.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationExceptionMixin.java
index 9175b10e9e..e4d379189a 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationExceptionMixin.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationExceptionMixin.java
@@ -20,6 +20,7 @@ import com.fasterxml.jackson.annotation.JsonCreator;
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.annotation.JsonProperty;
 import com.fasterxml.jackson.annotation.JsonTypeInfo;
+
 import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
 import org.springframework.security.oauth2.core.OAuth2Error;
 
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationTokenMixin.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationTokenMixin.java
index cbfec890c2..78a4a1565c 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationTokenMixin.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationTokenMixin.java
@@ -15,17 +15,18 @@
  */
 package org.springframework.security.oauth2.client.jackson2;
 
+import java.util.Collection;
+
 import com.fasterxml.jackson.annotation.JsonAutoDetect;
 import com.fasterxml.jackson.annotation.JsonCreator;
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.annotation.JsonProperty;
 import com.fasterxml.jackson.annotation.JsonTypeInfo;
+
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
 import org.springframework.security.oauth2.core.user.OAuth2User;
 
-import java.util.Collection;
-
 /**
  * This mixin class is used to serialize/deserialize {@link OAuth2AuthenticationToken}.
  *
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizationRequestDeserializer.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizationRequestDeserializer.java
index 6c2e4a1753..33b33b9d46 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizationRequestDeserializer.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizationRequestDeserializer.java
@@ -15,6 +15,8 @@
  */
 package org.springframework.security.oauth2.client.jackson2;
 
+import java.io.IOException;
+
 import com.fasterxml.jackson.core.JsonParseException;
 import com.fasterxml.jackson.core.JsonParser;
 import com.fasterxml.jackson.databind.DeserializationContext;
@@ -22,11 +24,10 @@ import com.fasterxml.jackson.databind.JsonDeserializer;
 import com.fasterxml.jackson.databind.JsonNode;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.databind.util.StdConverter;
+
 import org.springframework.security.oauth2.core.AuthorizationGrantType;
 import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
 
-import java.io.IOException;
-
 import static org.springframework.security.oauth2.client.jackson2.JsonNodeUtils.MAP_TYPE_REFERENCE;
 import static org.springframework.security.oauth2.client.jackson2.JsonNodeUtils.SET_TYPE_REFERENCE;
 import static org.springframework.security.oauth2.client.jackson2.JsonNodeUtils.findObjectNode;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizationRequestMixin.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizationRequestMixin.java
index 760b536780..9398999951 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizationRequestMixin.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizationRequestMixin.java
@@ -19,6 +19,7 @@ import com.fasterxml.jackson.annotation.JsonAutoDetect;
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.annotation.JsonTypeInfo;
 import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
+
 import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
 
 /**
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizedClientMixin.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizedClientMixin.java
index f56c4d1ca1..a9af20a662 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizedClientMixin.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizedClientMixin.java
@@ -20,6 +20,7 @@ import com.fasterxml.jackson.annotation.JsonCreator;
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.annotation.JsonProperty;
 import com.fasterxml.jackson.annotation.JsonTypeInfo;
+
 import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
 import org.springframework.security.oauth2.core.OAuth2AccessToken;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2ClientJackson2Module.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2ClientJackson2Module.java
index 5ed27cf913..daa695bdfc 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2ClientJackson2Module.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2ClientJackson2Module.java
@@ -15,8 +15,11 @@
  */
 package org.springframework.security.oauth2.client.jackson2;
 
+import java.util.Collections;
+
 import com.fasterxml.jackson.core.Version;
 import com.fasterxml.jackson.databind.module.SimpleModule;
+
 import org.springframework.security.jackson2.SecurityJackson2Modules;
 import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
 import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
@@ -33,8 +36,6 @@ import org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority;
 import org.springframework.security.oauth2.core.user.DefaultOAuth2User;
 import org.springframework.security.oauth2.core.user.OAuth2UserAuthority;
 
-import java.util.Collections;
-
 /**
  * Jackson {@code Module} for {@code spring-security-oauth2-client}, that registers the
  * following mix-in annotations:
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2ErrorMixin.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2ErrorMixin.java
index 3d59400d42..5404c7177e 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2ErrorMixin.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2ErrorMixin.java
@@ -20,6 +20,7 @@ import com.fasterxml.jackson.annotation.JsonCreator;
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.annotation.JsonProperty;
 import com.fasterxml.jackson.annotation.JsonTypeInfo;
+
 import org.springframework.security.oauth2.core.OAuth2Error;
 
 /**
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2RefreshTokenMixin.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2RefreshTokenMixin.java
index 71c54c45c4..a241524ee4 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2RefreshTokenMixin.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2RefreshTokenMixin.java
@@ -15,14 +15,15 @@
  */
 package org.springframework.security.oauth2.client.jackson2;
 
+import java.time.Instant;
+
 import com.fasterxml.jackson.annotation.JsonAutoDetect;
 import com.fasterxml.jackson.annotation.JsonCreator;
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.annotation.JsonProperty;
 import com.fasterxml.jackson.annotation.JsonTypeInfo;
-import org.springframework.security.oauth2.core.OAuth2RefreshToken;
 
-import java.time.Instant;
+import org.springframework.security.oauth2.core.OAuth2RefreshToken;
 
 /**
  * This mixin class is used to serialize/deserialize {@link OAuth2RefreshToken}.
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2UserAuthorityMixin.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2UserAuthorityMixin.java
index 481a64e18c..35b4fa12cb 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2UserAuthorityMixin.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2UserAuthorityMixin.java
@@ -15,14 +15,15 @@
  */
 package org.springframework.security.oauth2.client.jackson2;
 
+import java.util.Map;
+
 import com.fasterxml.jackson.annotation.JsonAutoDetect;
 import com.fasterxml.jackson.annotation.JsonCreator;
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.annotation.JsonProperty;
 import com.fasterxml.jackson.annotation.JsonTypeInfo;
-import org.springframework.security.oauth2.core.user.OAuth2UserAuthority;
 
-import java.util.Map;
+import org.springframework.security.oauth2.core.user.OAuth2UserAuthority;
 
 /**
  * This mixin class is used to serialize/deserialize {@link OAuth2UserAuthority}.
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OidcIdTokenMixin.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OidcIdTokenMixin.java
index 2f687460b7..81f2f61f42 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OidcIdTokenMixin.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OidcIdTokenMixin.java
@@ -15,15 +15,16 @@
  */
 package org.springframework.security.oauth2.client.jackson2;
 
+import java.time.Instant;
+import java.util.Map;
+
 import com.fasterxml.jackson.annotation.JsonAutoDetect;
 import com.fasterxml.jackson.annotation.JsonCreator;
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.annotation.JsonProperty;
 import com.fasterxml.jackson.annotation.JsonTypeInfo;
-import org.springframework.security.oauth2.core.oidc.OidcIdToken;
 
-import java.time.Instant;
-import java.util.Map;
+import org.springframework.security.oauth2.core.oidc.OidcIdToken;
 
 /**
  * This mixin class is used to serialize/deserialize {@link OidcIdToken}.
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OidcUserAuthorityMixin.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OidcUserAuthorityMixin.java
index 324b69160b..1d25f5f7c0 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OidcUserAuthorityMixin.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OidcUserAuthorityMixin.java
@@ -20,6 +20,7 @@ import com.fasterxml.jackson.annotation.JsonCreator;
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.annotation.JsonProperty;
 import com.fasterxml.jackson.annotation.JsonTypeInfo;
+
 import org.springframework.security.oauth2.core.oidc.OidcIdToken;
 import org.springframework.security.oauth2.core.oidc.OidcUserInfo;
 import org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OidcUserInfoMixin.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OidcUserInfoMixin.java
index 83d624e467..adecd16dc0 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OidcUserInfoMixin.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OidcUserInfoMixin.java
@@ -15,14 +15,15 @@
  */
 package org.springframework.security.oauth2.client.jackson2;
 
+import java.util.Map;
+
 import com.fasterxml.jackson.annotation.JsonAutoDetect;
 import com.fasterxml.jackson.annotation.JsonCreator;
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.annotation.JsonProperty;
 import com.fasterxml.jackson.annotation.JsonTypeInfo;
-import org.springframework.security.oauth2.core.oidc.OidcUserInfo;
 
-import java.util.Map;
+import org.springframework.security.oauth2.core.oidc.OidcUserInfo;
 
 /**
  * This mixin class is used to serialize/deserialize {@link OidcUserInfo}.
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/StdConverters.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/StdConverters.java
index ec6ecde107..adf21d9759 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/StdConverters.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/StdConverters.java
@@ -17,6 +17,7 @@ package org.springframework.security.oauth2.client.jackson2;
 
 import com.fasterxml.jackson.databind.JsonNode;
 import com.fasterxml.jackson.databind.util.StdConverter;
+
 import org.springframework.security.oauth2.core.AuthenticationMethod;
 import org.springframework.security.oauth2.core.AuthorizationGrantType;
 import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/UnmodifiableMapDeserializer.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/UnmodifiableMapDeserializer.java
index 03070f3be8..4e0b1636e4 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/UnmodifiableMapDeserializer.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/UnmodifiableMapDeserializer.java
@@ -15,17 +15,17 @@
  */
 package org.springframework.security.oauth2.client.jackson2;
 
+import java.io.IOException;
+import java.util.Collections;
+import java.util.LinkedHashMap;
+import java.util.Map;
+
 import com.fasterxml.jackson.core.JsonParser;
 import com.fasterxml.jackson.databind.DeserializationContext;
 import com.fasterxml.jackson.databind.JsonDeserializer;
 import com.fasterxml.jackson.databind.JsonNode;
 import com.fasterxml.jackson.databind.ObjectMapper;
 
-import java.io.IOException;
-import java.util.Collections;
-import java.util.LinkedHashMap;
-import java.util.Map;
-
 /**
  * A {@code JsonDeserializer} for {@link Collections#unmodifiableMap(Map)}.
  *
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/UnmodifiableMapMixin.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/UnmodifiableMapMixin.java
index 577c3e3064..604cfeb9d5 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/UnmodifiableMapMixin.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/UnmodifiableMapMixin.java
@@ -15,13 +15,13 @@
  */
 package org.springframework.security.oauth2.client.jackson2;
 
+import java.util.Collections;
+import java.util.Map;
+
 import com.fasterxml.jackson.annotation.JsonCreator;
 import com.fasterxml.jackson.annotation.JsonTypeInfo;
 import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
 
-import java.util.Collections;
-import java.util.Map;
-
 /**
  * This mixin class is used to serialize/deserialize
  * {@link Collections#unmodifiableMap(Map)}. It also registers a custom deserializer
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/DefaultOidcIdTokenValidatorFactory.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/DefaultOidcIdTokenValidatorFactory.java
index 3e7d066e63..aa23dd680a 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/DefaultOidcIdTokenValidatorFactory.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/DefaultOidcIdTokenValidatorFactory.java
@@ -15,14 +15,14 @@
  */
 package org.springframework.security.oauth2.client.oidc.authentication;
 
+import java.util.function.Function;
+
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
 import org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator;
 import org.springframework.security.oauth2.core.OAuth2TokenValidator;
 import org.springframework.security.oauth2.jwt.Jwt;
 import org.springframework.security.oauth2.jwt.JwtTimestampValidator;
 
-import java.util.function.Function;
-
 /**
  * @author Joe Grandja
  * @since 5.2
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProvider.java
index ff935bd0bf..5e0b4764e2 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProvider.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProvider.java
@@ -15,6 +15,13 @@
  */
 package org.springframework.security.oauth2.client.oidc.authentication;
 
+import java.nio.charset.StandardCharsets;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.util.Base64;
+import java.util.Collection;
+import java.util.Map;
+
 import org.springframework.security.authentication.AuthenticationProvider;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
@@ -43,13 +50,6 @@ import org.springframework.security.oauth2.jwt.JwtDecoderFactory;
 import org.springframework.security.oauth2.jwt.JwtException;
 import org.springframework.util.Assert;
 
-import java.nio.charset.StandardCharsets;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.util.Base64;
-import java.util.Collection;
-import java.util.Map;
-
 /**
  * An implementation of an {@link AuthenticationProvider} for the OpenID Connect Core 1.0
  * Authorization Code Grant Flow.
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManager.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManager.java
index 09522ad275..b91a27f38e 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManager.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManager.java
@@ -15,6 +15,15 @@
  */
 package org.springframework.security.oauth2.client.oidc.authentication;
 
+import java.nio.charset.StandardCharsets;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.util.Base64;
+import java.util.Collection;
+import java.util.Map;
+
+import reactor.core.publisher.Mono;
+
 import org.springframework.security.authentication.ReactiveAuthenticationManager;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.GrantedAuthority;
@@ -41,14 +50,6 @@ import org.springframework.security.oauth2.jwt.JwtException;
 import org.springframework.security.oauth2.jwt.ReactiveJwtDecoder;
 import org.springframework.security.oauth2.jwt.ReactiveJwtDecoderFactory;
 import org.springframework.util.Assert;
-import reactor.core.publisher.Mono;
-
-import java.nio.charset.StandardCharsets;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.util.Base64;
-import java.util.Collection;
-import java.util.Map;
 
 /**
  * An implementation of an
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenDecoderFactory.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenDecoderFactory.java
index 10d48ea8e4..dfd55548ec 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenDecoderFactory.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenDecoderFactory.java
@@ -23,6 +23,7 @@ import java.util.HashMap;
 import java.util.Map;
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.function.Function;
+
 import javax.crypto.spec.SecretKeySpec;
 
 import org.springframework.core.convert.TypeDescriptor;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenValidator.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenValidator.java
index cc1921210f..92c3ebacc9 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenValidator.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenValidator.java
@@ -15,6 +15,15 @@
  */
 package org.springframework.security.oauth2.client.oidc.authentication;
 
+import java.net.URL;
+import java.time.Clock;
+import java.time.Duration;
+import java.time.Instant;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Objects;
+
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
 import org.springframework.security.oauth2.core.OAuth2Error;
 import org.springframework.security.oauth2.core.OAuth2TokenValidator;
@@ -26,15 +35,6 @@ import org.springframework.security.oauth2.jwt.JwtClaimNames;
 import org.springframework.util.Assert;
 import org.springframework.util.CollectionUtils;
 
-import java.net.URL;
-import java.time.Clock;
-import java.time.Duration;
-import java.time.Instant;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-import java.util.Objects;
-
 /**
  * An {@link OAuth2TokenValidator} responsible for validating the claims in an
  * {@link OidcIdToken ID Token}.
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/ReactiveOidcIdTokenDecoderFactory.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/ReactiveOidcIdTokenDecoderFactory.java
index c4421c1fbf..d5f07724b0 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/ReactiveOidcIdTokenDecoderFactory.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/ReactiveOidcIdTokenDecoderFactory.java
@@ -23,6 +23,7 @@ import java.util.HashMap;
 import java.util.Map;
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.function.Function;
+
 import javax.crypto.spec.SecretKeySpec;
 
 import org.springframework.core.convert.TypeDescriptor;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcReactiveOAuth2UserService.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcReactiveOAuth2UserService.java
index 21f575b522..0cc56ec6d9 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcReactiveOAuth2UserService.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcReactiveOAuth2UserService.java
@@ -15,6 +15,15 @@
  */
 package org.springframework.security.oauth2.client.oidc.userinfo;
 
+import java.time.Instant;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
+import java.util.function.Function;
+
+import reactor.core.publisher.Mono;
+
 import org.springframework.core.convert.TypeDescriptor;
 import org.springframework.core.convert.converter.Converter;
 import org.springframework.security.core.GrantedAuthority;
@@ -36,14 +45,6 @@ import org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority;
 import org.springframework.security.oauth2.core.user.OAuth2User;
 import org.springframework.util.Assert;
 import org.springframework.util.StringUtils;
-import reactor.core.publisher.Mono;
-
-import java.time.Instant;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Map;
-import java.util.Set;
-import java.util.function.Function;
 
 /**
  * An implementation of an {@link ReactiveOAuth2UserService} that supports OpenID Connect
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequest.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequest.java
index 39c1b3e8b3..65b1134619 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequest.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequest.java
@@ -15,15 +15,15 @@
  */
 package org.springframework.security.oauth2.client.oidc.userinfo;
 
+import java.util.Collections;
+import java.util.Map;
+
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
 import org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest;
 import org.springframework.security.oauth2.core.OAuth2AccessToken;
 import org.springframework.security.oauth2.core.oidc.OidcIdToken;
 import org.springframework.util.Assert;
 
-import java.util.Collections;
-import java.util.Map;
-
 /**
  * Represents a request the {@link OidcUserService} uses when initiating a request to the
  * UserInfo Endpoint.
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/web/logout/OidcClientInitiatedLogoutSuccessHandler.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/web/logout/OidcClientInitiatedLogoutSuccessHandler.java
index 49fa376e41..b3e6e04b8e 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/web/logout/OidcClientInitiatedLogoutSuccessHandler.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/web/logout/OidcClientInitiatedLogoutSuccessHandler.java
@@ -19,6 +19,7 @@ package org.springframework.security.oauth2.client.oidc.web.logout;
 import java.net.URI;
 import java.nio.charset.StandardCharsets;
 import java.util.Collections;
+
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/InMemoryClientRegistrationRepository.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/InMemoryClientRegistrationRepository.java
index b50e5fee8e..36e72e5e9d 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/InMemoryClientRegistrationRepository.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/InMemoryClientRegistrationRepository.java
@@ -15,8 +15,6 @@
  */
 package org.springframework.security.oauth2.client.registration;
 
-import org.springframework.util.Assert;
-
 import java.util.Arrays;
 import java.util.Collections;
 import java.util.Iterator;
@@ -24,6 +22,8 @@ import java.util.List;
 import java.util.Map;
 import java.util.concurrent.ConcurrentHashMap;
 
+import org.springframework.util.Assert;
+
 /**
  * A {@link ClientRegistrationRepository} that stores {@link ClientRegistration}(s)
  * in-memory.
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/CustomUserTypesOAuth2UserService.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/CustomUserTypesOAuth2UserService.java
index e8cc175587..b830f6bb6f 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/CustomUserTypesOAuth2UserService.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/CustomUserTypesOAuth2UserService.java
@@ -15,6 +15,10 @@
  */
 package org.springframework.security.oauth2.client.userinfo;
 
+import java.util.Collections;
+import java.util.LinkedHashMap;
+import java.util.Map;
+
 import org.springframework.core.convert.converter.Converter;
 import org.springframework.http.RequestEntity;
 import org.springframework.http.ResponseEntity;
@@ -29,10 +33,6 @@ import org.springframework.web.client.RestClientException;
 import org.springframework.web.client.RestOperations;
 import org.springframework.web.client.RestTemplate;
 
-import java.util.Collections;
-import java.util.LinkedHashMap;
-import java.util.Map;
-
 /**
  * An implementation of an {@link OAuth2UserService} that supports custom
  * {@link OAuth2User} types.
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserService.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserService.java
index e654eb571d..97e498207e 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserService.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserService.java
@@ -21,6 +21,11 @@ import java.util.HashSet;
 import java.util.Map;
 import java.util.Set;
 
+import com.nimbusds.oauth2.sdk.ErrorObject;
+import com.nimbusds.openid.connect.sdk.UserInfoErrorResponse;
+import net.minidev.json.JSONObject;
+import reactor.core.publisher.Mono;
+
 import org.springframework.core.ParameterizedTypeReference;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpStatus;
@@ -41,12 +46,6 @@ import org.springframework.web.reactive.function.UnsupportedMediaTypeException;
 import org.springframework.web.reactive.function.client.ClientResponse;
 import org.springframework.web.reactive.function.client.WebClient;
 
-import com.nimbusds.oauth2.sdk.ErrorObject;
-import com.nimbusds.openid.connect.sdk.UserInfoErrorResponse;
-
-import net.minidev.json.JSONObject;
-import reactor.core.publisher.Mono;
-
 /**
  * An implementation of an {@link ReactiveOAuth2UserService} that supports standard OAuth
  * 2.0 Provider's.
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DelegatingOAuth2UserService.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DelegatingOAuth2UserService.java
index 1012c4c978..72fd1f7e4f 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DelegatingOAuth2UserService.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DelegatingOAuth2UserService.java
@@ -15,15 +15,15 @@
  */
 package org.springframework.security.oauth2.client.userinfo;
 
-import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
-import org.springframework.security.oauth2.core.user.OAuth2User;
-import org.springframework.util.Assert;
-
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;
 import java.util.Objects;
 
+import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
+import org.springframework.security.oauth2.core.user.OAuth2User;
+import org.springframework.util.Assert;
+
 /**
  * An implementation of an {@link OAuth2UserService} that simply delegates to it's
  * internal {@code List} of {@link OAuth2UserService}(s).
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequest.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequest.java
index a295d6dc7a..daceb0783a 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequest.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequest.java
@@ -15,15 +15,15 @@
  */
 package org.springframework.security.oauth2.client.userinfo;
 
+import java.util.Collections;
+import java.util.LinkedHashMap;
+import java.util.Map;
+
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
 import org.springframework.security.oauth2.core.OAuth2AccessToken;
 import org.springframework.util.Assert;
 import org.springframework.util.CollectionUtils;
 
-import java.util.Collections;
-import java.util.LinkedHashMap;
-import java.util.Map;
-
 /**
  * Represents a request the {@link OAuth2UserService} uses when initiating a request to
  * the UserInfo Endpoint.
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequestEntityConverter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequestEntityConverter.java
index 09379adf3f..e0213ca9b4 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequestEntityConverter.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequestEntityConverter.java
@@ -15,6 +15,9 @@
  */
 package org.springframework.security.oauth2.client.userinfo;
 
+import java.net.URI;
+import java.util.Collections;
+
 import org.springframework.core.convert.converter.Converter;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpMethod;
@@ -27,9 +30,6 @@ import org.springframework.util.LinkedMultiValueMap;
 import org.springframework.util.MultiValueMap;
 import org.springframework.web.util.UriComponentsBuilder;
 
-import java.net.URI;
-import java.util.Collections;
-
 import static org.springframework.http.MediaType.APPLICATION_FORM_URLENCODED_VALUE;
 
 /**
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/ReactiveOAuth2UserService.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/ReactiveOAuth2UserService.java
index be73af0f98..eaecb1638e 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/ReactiveOAuth2UserService.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/ReactiveOAuth2UserService.java
@@ -15,10 +15,11 @@
  */
 package org.springframework.security.oauth2.client.userinfo;
 
+import reactor.core.publisher.Mono;
+
 import org.springframework.security.core.AuthenticatedPrincipal;
 import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
 import org.springframework.security.oauth2.core.user.OAuth2User;
-import reactor.core.publisher.Mono;
 
 /**
  * Implementations of this interface are responsible for obtaining the user attributes of
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthenticatedPrincipalOAuth2AuthorizedClientRepository.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthenticatedPrincipalOAuth2AuthorizedClientRepository.java
index 62527e9035..a8886c8981 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthenticatedPrincipalOAuth2AuthorizedClientRepository.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthenticatedPrincipalOAuth2AuthorizedClientRepository.java
@@ -15,6 +15,9 @@
  */
 package org.springframework.security.oauth2.client.web;
 
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
 import org.springframework.security.authentication.AuthenticationTrustResolver;
 import org.springframework.security.authentication.AuthenticationTrustResolverImpl;
 import org.springframework.security.core.Authentication;
@@ -22,9 +25,6 @@ import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
 import org.springframework.security.oauth2.client.OAuth2AuthorizedClientService;
 import org.springframework.util.Assert;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
 /**
  * An implementation of an {@link OAuth2AuthorizedClientRepository} that delegates to the
  * provided {@link OAuth2AuthorizedClientService} if the current {@code Principal} is
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthorizationRequestRepository.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthorizationRequestRepository.java
index e4d5c4e9d7..3ebd8161fd 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthorizationRequestRepository.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthorizationRequestRepository.java
@@ -15,11 +15,11 @@
  */
 package org.springframework.security.oauth2.client.web;
 
-import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
-
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
+
 /**
  * Implementations of this interface are responsible for the persistence of
  * {@link OAuth2AuthorizationRequest} between requests.
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolver.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolver.java
index e86e2bfc89..2a959215e2 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolver.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolver.java
@@ -15,6 +15,16 @@
  */
 package org.springframework.security.oauth2.client.web;
 
+import java.nio.charset.StandardCharsets;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.util.Base64;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.function.Consumer;
+
+import javax.servlet.http.HttpServletRequest;
+
 import org.springframework.security.crypto.keygen.Base64StringKeyGenerator;
 import org.springframework.security.crypto.keygen.StringKeyGenerator;
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
@@ -34,15 +44,6 @@ import org.springframework.util.StringUtils;
 import org.springframework.web.util.UriComponents;
 import org.springframework.web.util.UriComponentsBuilder;
 
-import javax.servlet.http.HttpServletRequest;
-import java.nio.charset.StandardCharsets;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.util.Base64;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.function.Consumer;
-
 /**
  * An implementation of an {@link OAuth2AuthorizationRequestResolver} that attempts to
  * resolve an {@link OAuth2AuthorizationRequest} from the provided
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManager.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManager.java
index 9c64cb9bcb..83863e6915 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManager.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManager.java
@@ -15,6 +15,14 @@
  */
 package org.springframework.security.oauth2.client.web;
 
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.function.Function;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
 import org.springframework.lang.Nullable;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.oauth2.client.AuthorizedClientServiceOAuth2AuthorizedClientManager;
@@ -39,13 +47,6 @@ import org.springframework.web.context.request.RequestAttributes;
 import org.springframework.web.context.request.RequestContextHolder;
 import org.springframework.web.context.request.ServletRequestAttributes;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.function.Function;
-
 /**
  * The default implementation of an {@link OAuth2AuthorizedClientManager} for use within
  * the context of a {@code HttpServletRequest}.
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultReactiveOAuth2AuthorizedClientManager.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultReactiveOAuth2AuthorizedClientManager.java
index 59589f8bfe..85bc53a165 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultReactiveOAuth2AuthorizedClientManager.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultReactiveOAuth2AuthorizedClientManager.java
@@ -15,6 +15,13 @@
  */
 package org.springframework.security.oauth2.client.web;
 
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.function.Function;
+
+import reactor.core.publisher.Mono;
+
 import org.springframework.security.core.Authentication;
 import org.springframework.security.oauth2.client.OAuth2AuthorizationContext;
 import org.springframework.security.oauth2.client.OAuth2AuthorizeRequest;
@@ -34,12 +41,6 @@ import org.springframework.util.Assert;
 import org.springframework.util.CollectionUtils;
 import org.springframework.util.StringUtils;
 import org.springframework.web.server.ServerWebExchange;
-import reactor.core.publisher.Mono;
-
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.function.Function;
 
 /**
  * The default implementation of a {@link ReactiveOAuth2AuthorizedClientManager} for use
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizationRequestRepository.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizationRequestRepository.java
index 9ff3664282..d72a4262ce 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizationRequestRepository.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizationRequestRepository.java
@@ -15,15 +15,16 @@
  */
 package org.springframework.security.oauth2.client.web;
 
-import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
-import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
-import org.springframework.util.Assert;
+import java.util.HashMap;
+import java.util.Map;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
-import java.util.HashMap;
-import java.util.Map;
+
+import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
+import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
+import org.springframework.util.Assert;
 
 /**
  * An implementation of an {@link AuthorizationRequestRepository} that stores
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizedClientRepository.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizedClientRepository.java
index ea3e519712..7ad9841321 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizedClientRepository.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizedClientRepository.java
@@ -15,15 +15,16 @@
  */
 package org.springframework.security.oauth2.client.web;
 
-import org.springframework.security.core.Authentication;
-import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
-import org.springframework.util.Assert;
+import java.util.HashMap;
+import java.util.Map;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
-import java.util.HashMap;
-import java.util.Map;
+
+import org.springframework.security.core.Authentication;
+import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
+import org.springframework.util.Assert;
 
 /**
  * An implementation of an {@link OAuth2AuthorizedClientRepository} that stores
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilter.java
index 8f963b1669..32c8b9aeba 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilter.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilter.java
@@ -15,6 +15,18 @@
  */
 package org.springframework.security.oauth2.client.web;
 
+import java.io.IOException;
+import java.util.LinkedHashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Objects;
+import java.util.Set;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
 import org.springframework.security.authentication.AuthenticationDetailsSource;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.core.Authentication;
@@ -44,17 +56,6 @@ import org.springframework.web.filter.OncePerRequestFilter;
 import org.springframework.web.util.UriComponents;
 import org.springframework.web.util.UriComponentsBuilder;
 
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-import java.util.LinkedHashSet;
-import java.util.List;
-import java.util.Map;
-import java.util.Objects;
-import java.util.Set;
-
 /**
  * A {@code Filter} for the OAuth 2.0 Authorization Code Grant, which handles the
  * processing of the OAuth 2.0 Authorization Response.
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilter.java
index 32420b09ce..7e256f177c 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilter.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilter.java
@@ -15,6 +15,13 @@
  */
 package org.springframework.security.oauth2.client.web;
 
+import java.io.IOException;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
 import org.springframework.http.HttpStatus;
 import org.springframework.security.oauth2.client.ClientAuthorizationRequiredException;
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
@@ -29,12 +36,6 @@ import org.springframework.security.web.util.ThrowableAnalyzer;
 import org.springframework.util.Assert;
 import org.springframework.web.filter.OncePerRequestFilter;
 
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-
 /**
  * This {@code Filter} initiates the authorization code grant or implicit grant flow by
  * redirecting the End-User's user-agent to the Authorization Server's Authorization
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestResolver.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestResolver.java
index 372dfd290a..d4b56b86cc 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestResolver.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestResolver.java
@@ -15,10 +15,10 @@
  */
 package org.springframework.security.oauth2.client.web;
 
-import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
-
 import javax.servlet.http.HttpServletRequest;
 
+import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
+
 /**
  * Implementations of this interface are capable of resolving an
  * {@link OAuth2AuthorizationRequest} from the provided {@code HttpServletRequest}. Used
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizedClientRepository.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizedClientRepository.java
index 459c3f966e..5577972e33 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizedClientRepository.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizedClientRepository.java
@@ -15,14 +15,14 @@
  */
 package org.springframework.security.oauth2.client.web;
 
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
 import org.springframework.security.core.Authentication;
 import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
 import org.springframework.security.oauth2.core.OAuth2AccessToken;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
 /**
  * Implementations of this interface are responsible for the persistence of
  * {@link OAuth2AuthorizedClient Authorized Client(s)} between requests.
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilter.java
index 3ed0e8096f..067a2024cb 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilter.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilter.java
@@ -15,6 +15,9 @@
  */
 package org.springframework.security.oauth2.client.web;
 
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
@@ -39,9 +42,6 @@ import org.springframework.util.Assert;
 import org.springframework.util.MultiValueMap;
 import org.springframework.web.util.UriComponentsBuilder;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
 /**
  * An implementation of an {@link AbstractAuthenticationProcessingFilter} for OAuth 2.0
  * Login.
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolver.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolver.java
index 1d0760b5ad..9e43aae6ab 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolver.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolver.java
@@ -15,6 +15,9 @@
  */
 package org.springframework.security.oauth2.client.web.method.annotation;
 
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
 import org.springframework.core.MethodParameter;
 import org.springframework.core.annotation.AnnotatedElementUtils;
 import org.springframework.lang.NonNull;
@@ -24,7 +27,9 @@ import org.springframework.security.core.Authentication;
 import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.oauth2.client.ClientCredentialsOAuth2AuthorizedClientProvider;
+import org.springframework.security.oauth2.client.OAuth2AuthorizeRequest;
 import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
+import org.springframework.security.oauth2.client.OAuth2AuthorizedClientManager;
 import org.springframework.security.oauth2.client.OAuth2AuthorizedClientProvider;
 import org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder;
 import org.springframework.security.oauth2.client.annotation.RegisteredOAuth2AuthorizedClient;
@@ -33,8 +38,6 @@ import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResp
 import org.springframework.security.oauth2.client.endpoint.OAuth2ClientCredentialsGrantRequest;
 import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
 import org.springframework.security.oauth2.client.web.DefaultOAuth2AuthorizedClientManager;
-import org.springframework.security.oauth2.client.OAuth2AuthorizeRequest;
-import org.springframework.security.oauth2.client.OAuth2AuthorizedClientManager;
 import org.springframework.security.oauth2.client.web.OAuth2AuthorizedClientRepository;
 import org.springframework.util.Assert;
 import org.springframework.util.StringUtils;
@@ -43,9 +46,6 @@ import org.springframework.web.context.request.NativeWebRequest;
 import org.springframework.web.method.support.HandlerMethodArgumentResolver;
 import org.springframework.web.method.support.ModelAndViewContainer;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
 /**
  * An implementation of a {@link HandlerMethodArgumentResolver} that is capable of
  * resolving a method parameter to an argument value of type
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunction.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunction.java
index 5ffbe25106..480c793c85 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunction.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunction.java
@@ -16,6 +16,17 @@
 
 package org.springframework.security.oauth2.client.web.reactive.function.client;
 
+import java.time.Duration;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Optional;
+import java.util.function.Consumer;
+import java.util.stream.Collectors;
+import java.util.stream.Stream;
+
+import reactor.core.publisher.Mono;
+
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpStatus;
 import org.springframework.security.authentication.AnonymousAuthenticationToken;
@@ -55,16 +66,6 @@ import org.springframework.web.reactive.function.client.ExchangeFilterFunction;
 import org.springframework.web.reactive.function.client.ExchangeFunction;
 import org.springframework.web.reactive.function.client.WebClientResponseException;
 import org.springframework.web.server.ServerWebExchange;
-import reactor.core.publisher.Mono;
-
-import java.time.Duration;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.Optional;
-import java.util.function.Consumer;
-import java.util.stream.Collectors;
-import java.util.stream.Stream;
 
 /**
  * Provides an easy mechanism for using an {@link OAuth2AuthorizedClient} to make OAuth2
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunction.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunction.java
index 8b1b21850b..6849ee1178 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunction.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunction.java
@@ -15,6 +15,21 @@
  */
 package org.springframework.security.oauth2.client.web.reactive.function.client;
 
+import java.time.Duration;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.function.Consumer;
+import java.util.stream.Collectors;
+import java.util.stream.Stream;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import reactor.core.publisher.Mono;
+import reactor.core.scheduler.Schedulers;
+import reactor.util.context.Context;
+
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpStatus;
 import org.springframework.security.authentication.AbstractAuthenticationToken;
@@ -54,19 +69,6 @@ import org.springframework.web.reactive.function.client.ExchangeFilterFunction;
 import org.springframework.web.reactive.function.client.ExchangeFunction;
 import org.springframework.web.reactive.function.client.WebClient;
 import org.springframework.web.reactive.function.client.WebClientResponseException;
-import reactor.core.publisher.Mono;
-import reactor.core.scheduler.Schedulers;
-import reactor.util.context.Context;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.time.Duration;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.function.Consumer;
-import java.util.stream.Collectors;
-import java.util.stream.Stream;
 
 /**
  * Provides an easy mechanism for using an {@link OAuth2AuthorizedClient} to make OAuth
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/result/method/annotation/OAuth2AuthorizedClientArgumentResolver.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/result/method/annotation/OAuth2AuthorizedClientArgumentResolver.java
index 0179740229..68689fadbc 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/result/method/annotation/OAuth2AuthorizedClientArgumentResolver.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/result/method/annotation/OAuth2AuthorizedClientArgumentResolver.java
@@ -16,6 +16,8 @@
 
 package org.springframework.security.oauth2.client.web.reactive.result.method.annotation;
 
+import reactor.core.publisher.Mono;
+
 import org.springframework.core.MethodParameter;
 import org.springframework.core.annotation.AnnotatedElementUtils;
 import org.springframework.security.authentication.AnonymousAuthenticationToken;
@@ -36,7 +38,6 @@ import org.springframework.util.StringUtils;
 import org.springframework.web.reactive.BindingContext;
 import org.springframework.web.reactive.result.method.HandlerMethodArgumentResolver;
 import org.springframework.web.server.ServerWebExchange;
-import reactor.core.publisher.Mono;
 
 /**
  * An implementation of a {@link HandlerMethodArgumentResolver} that is capable of
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/AuthenticatedPrincipalServerOAuth2AuthorizedClientRepository.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/AuthenticatedPrincipalServerOAuth2AuthorizedClientRepository.java
index 79746fe621..ed37074c4b 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/AuthenticatedPrincipalServerOAuth2AuthorizedClientRepository.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/AuthenticatedPrincipalServerOAuth2AuthorizedClientRepository.java
@@ -15,6 +15,8 @@
  */
 package org.springframework.security.oauth2.client.web.server;
 
+import reactor.core.publisher.Mono;
+
 import org.springframework.security.authentication.AuthenticationTrustResolver;
 import org.springframework.security.authentication.AuthenticationTrustResolverImpl;
 import org.springframework.security.core.Authentication;
@@ -25,7 +27,6 @@ import org.springframework.security.oauth2.client.web.HttpSessionOAuth2Authorize
 import org.springframework.security.oauth2.client.web.OAuth2AuthorizedClientRepository;
 import org.springframework.util.Assert;
 import org.springframework.web.server.ServerWebExchange;
-import reactor.core.publisher.Mono;
 
 /**
  * An implementation of an {@link ServerOAuth2AuthorizedClientRepository} that delegates
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolver.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolver.java
index c18dc66864..09cb3603dc 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolver.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolver.java
@@ -16,6 +16,16 @@
 
 package org.springframework.security.oauth2.client.web.server;
 
+import java.nio.charset.StandardCharsets;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.util.Base64;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.function.Consumer;
+
+import reactor.core.publisher.Mono;
+
 import org.springframework.http.HttpStatus;
 import org.springframework.http.server.reactive.ServerHttpRequest;
 import org.springframework.security.crypto.keygen.Base64StringKeyGenerator;
@@ -38,15 +48,6 @@ import org.springframework.web.server.ResponseStatusException;
 import org.springframework.web.server.ServerWebExchange;
 import org.springframework.web.util.UriComponents;
 import org.springframework.web.util.UriComponentsBuilder;
-import reactor.core.publisher.Mono;
-
-import java.nio.charset.StandardCharsets;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.util.Base64;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.function.Consumer;
 
 /**
  * The default implementation of {@link ServerOAuth2AuthorizationRequestResolver}.
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationCodeGrantWebFilter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationCodeGrantWebFilter.java
index f39e4a2ad2..6ea168f55a 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationCodeGrantWebFilter.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationCodeGrantWebFilter.java
@@ -16,6 +16,15 @@
 
 package org.springframework.security.oauth2.client.web.server;
 
+import java.net.URI;
+import java.util.LinkedHashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Objects;
+import java.util.Set;
+
+import reactor.core.publisher.Mono;
+
 import org.springframework.security.authentication.AnonymousAuthenticationToken;
 import org.springframework.security.authentication.ReactiveAuthenticationManager;
 import org.springframework.security.core.Authentication;
@@ -46,14 +55,6 @@ import org.springframework.web.server.WebFilter;
 import org.springframework.web.server.WebFilterChain;
 import org.springframework.web.util.UriComponents;
 import org.springframework.web.util.UriComponentsBuilder;
-import reactor.core.publisher.Mono;
-
-import java.net.URI;
-import java.util.LinkedHashSet;
-import java.util.List;
-import java.util.Map;
-import java.util.Objects;
-import java.util.Set;
 
 /**
  * A {@code Filter} for the OAuth 2.0 Authorization Code Grant, which handles the
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationRequestRedirectWebFilter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationRequestRedirectWebFilter.java
index 0c2cfd56ed..0d29ee76a6 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationRequestRedirectWebFilter.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationRequestRedirectWebFilter.java
@@ -15,6 +15,10 @@
  */
 package org.springframework.security.oauth2.client.web.server;
 
+import java.net.URI;
+
+import reactor.core.publisher.Mono;
+
 import org.springframework.security.oauth2.client.ClientAuthorizationRequiredException;
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
 import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
@@ -31,9 +35,6 @@ import org.springframework.web.server.ServerWebExchange;
 import org.springframework.web.server.WebFilter;
 import org.springframework.web.server.WebFilterChain;
 import org.springframework.web.util.UriComponentsBuilder;
-import reactor.core.publisher.Mono;
-
-import java.net.URI;
 
 /**
  * This {@code WebFilter} initiates the authorization code grant or implicit grant flow by
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationResponseUtils.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationResponseUtils.java
index f14e0898f5..95e45665a9 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationResponseUtils.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationResponseUtils.java
@@ -15,14 +15,14 @@
  */
 package org.springframework.security.oauth2.client.web.server;
 
+import java.util.Map;
+
 import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse;
 import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
 import org.springframework.util.LinkedMultiValueMap;
 import org.springframework.util.MultiValueMap;
 import org.springframework.util.StringUtils;
 
-import java.util.Map;
-
 /**
  * Utility methods for an OAuth 2.0 Authorization Response.
  *
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/ServerAuthorizationRequestRepository.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/ServerAuthorizationRequestRepository.java
index 0dde709779..6bc5404463 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/ServerAuthorizationRequestRepository.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/ServerAuthorizationRequestRepository.java
@@ -16,14 +16,14 @@
 
 package org.springframework.security.oauth2.client.web.server;
 
+import reactor.core.publisher.Mono;
+
 import org.springframework.security.oauth2.client.web.HttpSessionOAuth2AuthorizationRequestRepository;
 import org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter;
 import org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter;
 import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
 import org.springframework.web.server.ServerWebExchange;
 
-import reactor.core.publisher.Mono;
-
 /**
  * Implementations of this interface are responsible for the persistence of
  * {@link OAuth2AuthorizationRequest} between requests.
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizationCodeAuthenticationTokenConverter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizationCodeAuthenticationTokenConverter.java
index 36da4d9696..01dd09a1bc 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizationCodeAuthenticationTokenConverter.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizationCodeAuthenticationTokenConverter.java
@@ -16,6 +16,8 @@
 
 package org.springframework.security.oauth2.client.web.server;
 
+import reactor.core.publisher.Mono;
+
 import org.springframework.security.core.Authentication;
 import org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken;
 import org.springframework.security.oauth2.client.registration.ReactiveClientRegistrationRepository;
@@ -29,7 +31,6 @@ import org.springframework.security.web.server.authentication.ServerAuthenticati
 import org.springframework.util.Assert;
 import org.springframework.web.server.ServerWebExchange;
 import org.springframework.web.util.UriComponentsBuilder;
-import reactor.core.publisher.Mono;
 
 /**
  * Converts from a {@link ServerWebExchange} to an
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizationRequestResolver.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizationRequestResolver.java
index b750bba16c..61f16fb52f 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizationRequestResolver.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizationRequestResolver.java
@@ -15,9 +15,10 @@
  */
 package org.springframework.security.oauth2.client.web.server;
 
+import reactor.core.publisher.Mono;
+
 import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
 import org.springframework.web.server.ServerWebExchange;
-import reactor.core.publisher.Mono;
 
 /**
  * Implementations of this interface are capable of resolving an
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizedClientRepository.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizedClientRepository.java
index 8c86b30bf5..968be5b086 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizedClientRepository.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizedClientRepository.java
@@ -15,12 +15,13 @@
  */
 package org.springframework.security.oauth2.client.web.server;
 
+import reactor.core.publisher.Mono;
+
 import org.springframework.security.core.Authentication;
 import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
 import org.springframework.security.oauth2.core.OAuth2AccessToken;
 import org.springframework.web.server.ServerWebExchange;
-import reactor.core.publisher.Mono;
 
 /**
  * Implementations of this interface are responsible for the persistence of
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/UnAuthenticatedServerOAuth2AuthorizedClientRepository.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/UnAuthenticatedServerOAuth2AuthorizedClientRepository.java
index e77a10b9b8..fe9c8e0c77 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/UnAuthenticatedServerOAuth2AuthorizedClientRepository.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/UnAuthenticatedServerOAuth2AuthorizedClientRepository.java
@@ -16,6 +16,11 @@
 
 package org.springframework.security.oauth2.client.web.server;
 
+import java.util.Map;
+import java.util.concurrent.ConcurrentHashMap;
+
+import reactor.core.publisher.Mono;
+
 import org.springframework.security.authentication.AuthenticationTrustResolver;
 import org.springframework.security.authentication.AuthenticationTrustResolverImpl;
 import org.springframework.security.core.Authentication;
@@ -23,10 +28,6 @@ import org.springframework.security.oauth2.client.AuthorizedClientServiceReactiv
 import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
 import org.springframework.util.Assert;
 import org.springframework.web.server.ServerWebExchange;
-import reactor.core.publisher.Mono;
-
-import java.util.Map;
-import java.util.concurrent.ConcurrentHashMap;
 
 /**
  * Provides support for an unauthenticated user. This is useful when running as a process
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/WebSessionOAuth2ServerAuthorizationRequestRepository.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/WebSessionOAuth2ServerAuthorizationRequestRepository.java
index 2422c80aaf..558641eeaa 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/WebSessionOAuth2ServerAuthorizationRequestRepository.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/WebSessionOAuth2ServerAuthorizationRequestRepository.java
@@ -19,6 +19,8 @@ package org.springframework.security.oauth2.client.web.server;
 import java.util.HashMap;
 import java.util.Map;
 
+import reactor.core.publisher.Mono;
+
 import org.springframework.http.server.reactive.ServerHttpRequest;
 import org.springframework.security.oauth2.client.web.AuthorizationRequestRepository;
 import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
@@ -27,8 +29,6 @@ import org.springframework.util.Assert;
 import org.springframework.web.server.ServerWebExchange;
 import org.springframework.web.server.WebSession;
 
-import reactor.core.publisher.Mono;
-
 /**
  * An implementation of an {@link ServerAuthorizationRequestRepository} that stores
  * {@link OAuth2AuthorizationRequest} in the {@code WebSession}.
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/WebSessionServerOAuth2AuthorizedClientRepository.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/WebSessionServerOAuth2AuthorizedClientRepository.java
index a066fb5399..d4515ba0dc 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/WebSessionServerOAuth2AuthorizedClientRepository.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/WebSessionServerOAuth2AuthorizedClientRepository.java
@@ -15,16 +15,17 @@
  */
 package org.springframework.security.oauth2.client.web.server;
 
+import java.util.HashMap;
+import java.util.Map;
+
+import reactor.core.publisher.Mono;
+
 import org.springframework.security.core.Authentication;
 import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
 import org.springframework.security.oauth2.client.web.OAuth2AuthorizedClientRepository;
 import org.springframework.util.Assert;
 import org.springframework.web.server.ServerWebExchange;
 import org.springframework.web.server.WebSession;
-import reactor.core.publisher.Mono;
-
-import java.util.HashMap;
-import java.util.Map;
 
 /**
  * An implementation of an {@link OAuth2AuthorizedClientRepository} that stores
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/authentication/OAuth2LoginAuthenticationWebFilter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/authentication/OAuth2LoginAuthenticationWebFilter.java
index 0c3fdc5a78..792fda6d07 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/authentication/OAuth2LoginAuthenticationWebFilter.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/authentication/OAuth2LoginAuthenticationWebFilter.java
@@ -15,6 +15,8 @@
  */
 package org.springframework.security.oauth2.client.web.server.authentication;
 
+import reactor.core.publisher.Mono;
+
 import org.springframework.security.authentication.ReactiveAuthenticationManager;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
@@ -24,7 +26,6 @@ import org.springframework.security.oauth2.client.web.server.ServerOAuth2Authori
 import org.springframework.security.web.server.WebFilterExchange;
 import org.springframework.security.web.server.authentication.AuthenticationWebFilter;
 import org.springframework.util.Assert;
-import reactor.core.publisher.Mono;
 
 /**
  * A specialized {@link AuthenticationWebFilter} that converts from an
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizationCodeOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizationCodeOAuth2AuthorizedClientProviderTests.java
index 921d3d03a4..9ef11087d1 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizationCodeOAuth2AuthorizedClientProviderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizationCodeOAuth2AuthorizedClientProviderTests.java
@@ -17,6 +17,7 @@ package org.springframework.security.oauth2.client;
 
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.security.authentication.TestingAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizationCodeReactiveOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizationCodeReactiveOAuth2AuthorizedClientProviderTests.java
index 2e6d4ce9c9..ad0783edbd 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizationCodeReactiveOAuth2AuthorizedClientProviderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizationCodeReactiveOAuth2AuthorizedClientProviderTests.java
@@ -17,6 +17,7 @@ package org.springframework.security.oauth2.client;
 
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.security.authentication.TestingAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceOAuth2AuthorizedClientManagerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceOAuth2AuthorizedClientManagerTests.java
index b176d88d9b..b2aa1f7d77 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceOAuth2AuthorizedClientManagerTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceOAuth2AuthorizedClientManagerTests.java
@@ -15,9 +15,13 @@
  */
 package org.springframework.security.oauth2.client;
 
+import java.util.Map;
+import java.util.function.Function;
+
 import org.junit.Before;
 import org.junit.Test;
 import org.mockito.ArgumentCaptor;
+
 import org.springframework.security.authentication.TestingAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
@@ -29,9 +33,6 @@ import org.springframework.security.oauth2.core.TestOAuth2AccessTokens;
 import org.springframework.security.oauth2.core.TestOAuth2RefreshTokens;
 import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
 
-import java.util.Map;
-import java.util.function.Function;
-
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatCode;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests.java
index 8bcd9e335d..c923751fc2 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests.java
@@ -15,9 +15,16 @@
  */
 package org.springframework.security.oauth2.client;
 
+import java.util.Map;
+import java.util.function.Function;
+
 import org.junit.Before;
 import org.junit.Test;
 import org.mockito.ArgumentCaptor;
+import reactor.core.publisher.Mono;
+import reactor.test.StepVerifier;
+import reactor.test.publisher.PublisherProbe;
+
 import org.springframework.security.authentication.TestingAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
@@ -29,12 +36,6 @@ import org.springframework.security.oauth2.core.OAuth2ErrorCodes;
 import org.springframework.security.oauth2.core.TestOAuth2AccessTokens;
 import org.springframework.security.oauth2.core.TestOAuth2RefreshTokens;
 import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
-import reactor.core.publisher.Mono;
-import reactor.test.StepVerifier;
-import reactor.test.publisher.PublisherProbe;
-
-import java.util.Map;
-import java.util.function.Function;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatCode;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ClientCredentialsOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ClientCredentialsOAuth2AuthorizedClientProviderTests.java
index 9255fdfd6b..a73b3fe666 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ClientCredentialsOAuth2AuthorizedClientProviderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ClientCredentialsOAuth2AuthorizedClientProviderTests.java
@@ -15,8 +15,12 @@
  */
 package org.springframework.security.oauth2.client;
 
+import java.time.Duration;
+import java.time.Instant;
+
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.security.authentication.TestingAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient;
@@ -28,9 +32,6 @@ import org.springframework.security.oauth2.core.TestOAuth2AccessTokens;
 import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
 import org.springframework.security.oauth2.core.endpoint.TestOAuth2AccessTokenResponses;
 
-import java.time.Duration;
-import java.time.Instant;
-
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.mockito.ArgumentMatchers.any;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ClientCredentialsReactiveOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ClientCredentialsReactiveOAuth2AuthorizedClientProviderTests.java
index 607b00036a..e6c0fff247 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ClientCredentialsReactiveOAuth2AuthorizedClientProviderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ClientCredentialsReactiveOAuth2AuthorizedClientProviderTests.java
@@ -15,8 +15,13 @@
  */
 package org.springframework.security.oauth2.client;
 
+import java.time.Duration;
+import java.time.Instant;
+
 import org.junit.Before;
 import org.junit.Test;
+import reactor.core.publisher.Mono;
+
 import org.springframework.security.authentication.TestingAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.oauth2.client.endpoint.OAuth2ClientCredentialsGrantRequest;
@@ -27,10 +32,6 @@ import org.springframework.security.oauth2.core.OAuth2AccessToken;
 import org.springframework.security.oauth2.core.TestOAuth2AccessTokens;
 import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
 import org.springframework.security.oauth2.core.endpoint.TestOAuth2AccessTokenResponses;
-import reactor.core.publisher.Mono;
-
-import java.time.Duration;
-import java.time.Instant;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/DelegatingOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/DelegatingOAuth2AuthorizedClientProviderTests.java
index 5ec89f06b7..9e8f49d452 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/DelegatingOAuth2AuthorizedClientProviderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/DelegatingOAuth2AuthorizedClientProviderTests.java
@@ -15,15 +15,16 @@
  */
 package org.springframework.security.oauth2.client;
 
+import java.util.Collections;
+
 import org.junit.Test;
+
 import org.springframework.security.authentication.TestingAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
 import org.springframework.security.oauth2.client.registration.TestClientRegistrations;
 import org.springframework.security.oauth2.core.TestOAuth2AccessTokens;
 
-import java.util.Collections;
-
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.mockito.ArgumentMatchers.any;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/DelegatingReactiveOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/DelegatingReactiveOAuth2AuthorizedClientProviderTests.java
index c136b6232a..9ceebf12af 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/DelegatingReactiveOAuth2AuthorizedClientProviderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/DelegatingReactiveOAuth2AuthorizedClientProviderTests.java
@@ -15,15 +15,16 @@
  */
 package org.springframework.security.oauth2.client;
 
+import java.util.Collections;
+
 import org.junit.Test;
+import reactor.core.publisher.Mono;
+
 import org.springframework.security.authentication.TestingAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
 import org.springframework.security.oauth2.client.registration.TestClientRegistrations;
 import org.springframework.security.oauth2.core.TestOAuth2AccessTokens;
-import reactor.core.publisher.Mono;
-
-import java.util.Collections;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryOAuth2AuthorizedClientServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryOAuth2AuthorizedClientServiceTests.java
index 6561adab35..49af3ef323 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryOAuth2AuthorizedClientServiceTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryOAuth2AuthorizedClientServiceTests.java
@@ -15,7 +15,11 @@
  */
 package org.springframework.security.oauth2.client;
 
+import java.util.Collections;
+import java.util.Map;
+
 import org.junit.Test;
+
 import org.springframework.security.core.Authentication;
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
 import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
@@ -23,9 +27,6 @@ import org.springframework.security.oauth2.client.registration.InMemoryClientReg
 import org.springframework.security.oauth2.client.registration.TestClientRegistrations;
 import org.springframework.security.oauth2.core.OAuth2AccessToken;
 
-import java.util.Collections;
-import java.util.Map;
-
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.mockito.ArgumentMatchers.eq;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryReactiveOAuth2AuthorizedClientServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryReactiveOAuth2AuthorizedClientServiceTests.java
index 69aa766928..a2a7702fa9 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryReactiveOAuth2AuthorizedClientServiceTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryReactiveOAuth2AuthorizedClientServiceTests.java
@@ -16,11 +16,17 @@
 
 package org.springframework.security.oauth2.client;
 
+import java.time.Duration;
+import java.time.Instant;
+
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
+import reactor.core.publisher.Mono;
+import reactor.test.StepVerifier;
+
 import org.springframework.security.authentication.TestingAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
@@ -28,13 +34,8 @@ import org.springframework.security.oauth2.client.registration.ReactiveClientReg
 import org.springframework.security.oauth2.core.AuthorizationGrantType;
 import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
 import org.springframework.security.oauth2.core.OAuth2AccessToken;
-import reactor.core.publisher.Mono;
-import reactor.test.StepVerifier;
 
-import java.time.Duration;
-import java.time.Instant;
-
-import static org.assertj.core.api.Assertions.*;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.mockito.Mockito.when;
 
 /**
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/JdbcOAuth2AuthorizedClientServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/JdbcOAuth2AuthorizedClientServiceTests.java
index 978da44b57..12faee7be2 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/JdbcOAuth2AuthorizedClientServiceTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/JdbcOAuth2AuthorizedClientServiceTests.java
@@ -15,9 +15,21 @@
  */
 package org.springframework.security.oauth2.client;
 
+import java.nio.charset.StandardCharsets;
+import java.sql.ResultSet;
+import java.sql.SQLException;
+import java.sql.Timestamp;
+import java.sql.Types;
+import java.time.Instant;
+import java.time.temporal.ChronoUnit;
+import java.util.Collections;
+import java.util.List;
+import java.util.Set;
+
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.dao.DataRetrievalFailureException;
 import org.springframework.jdbc.core.ArgumentPreparedStatementSetter;
 import org.springframework.jdbc.core.JdbcOperations;
@@ -40,17 +52,6 @@ import org.springframework.security.oauth2.core.TestOAuth2RefreshTokens;
 import org.springframework.util.Assert;
 import org.springframework.util.StringUtils;
 
-import java.nio.charset.StandardCharsets;
-import java.sql.ResultSet;
-import java.sql.SQLException;
-import java.sql.Timestamp;
-import java.sql.Types;
-import java.time.Instant;
-import java.time.temporal.ChronoUnit;
-import java.util.Collections;
-import java.util.List;
-import java.util.Set;
-
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.assertj.core.api.Assertions.within;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizationContextTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizationContextTests.java
index 5c4a86c8d4..27b135d92d 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizationContextTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizationContextTests.java
@@ -17,13 +17,16 @@ package org.springframework.security.oauth2.client;
 
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.security.authentication.TestingAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
 import org.springframework.security.oauth2.client.registration.TestClientRegistrations;
 import org.springframework.security.oauth2.core.TestOAuth2AccessTokens;
 
-import static org.assertj.core.api.Assertions.*;
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.entry;
 
 /**
  * Tests for {@link OAuth2AuthorizationContext}.
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizeRequestTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizeRequestTests.java
index b52a3b99d5..e693b11ae9 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizeRequestTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizeRequestTests.java
@@ -16,6 +16,7 @@
 package org.springframework.security.oauth2.client;
 
 import org.junit.Test;
+
 import org.springframework.security.authentication.TestingAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientProviderBuilderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientProviderBuilderTests.java
index 473e28e0d2..03b266b3dd 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientProviderBuilderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientProviderBuilderTests.java
@@ -15,8 +15,12 @@
  */
 package org.springframework.security.oauth2.client;
 
+import java.time.Duration;
+import java.time.Instant;
+
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.http.HttpStatus;
 import org.springframework.http.RequestEntity;
 import org.springframework.http.ResponseEntity;
@@ -33,12 +37,14 @@ import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenRespon
 import org.springframework.security.oauth2.core.endpoint.TestOAuth2AccessTokenResponses;
 import org.springframework.web.client.RestOperations;
 
-import java.time.Duration;
-import java.time.Instant;
-
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
-import static org.mockito.Mockito.*;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
 
 /**
  * Tests for {@link OAuth2AuthorizedClientProviderBuilder}.
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/PasswordOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/PasswordOAuth2AuthorizedClientProviderTests.java
index 5507ddbcdd..51bac59ef9 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/PasswordOAuth2AuthorizedClientProviderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/PasswordOAuth2AuthorizedClientProviderTests.java
@@ -15,8 +15,12 @@
  */
 package org.springframework.security.oauth2.client;
 
+import java.time.Duration;
+import java.time.Instant;
+
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.security.authentication.TestingAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient;
@@ -28,9 +32,6 @@ import org.springframework.security.oauth2.core.TestOAuth2RefreshTokens;
 import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
 import org.springframework.security.oauth2.core.endpoint.TestOAuth2AccessTokenResponses;
 
-import java.time.Duration;
-import java.time.Instant;
-
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.mockito.ArgumentMatchers.any;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/PasswordReactiveOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/PasswordReactiveOAuth2AuthorizedClientProviderTests.java
index 272c710fce..78762ffe16 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/PasswordReactiveOAuth2AuthorizedClientProviderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/PasswordReactiveOAuth2AuthorizedClientProviderTests.java
@@ -15,8 +15,13 @@
  */
 package org.springframework.security.oauth2.client;
 
+import java.time.Duration;
+import java.time.Instant;
+
 import org.junit.Before;
 import org.junit.Test;
+import reactor.core.publisher.Mono;
+
 import org.springframework.security.authentication.TestingAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.oauth2.client.endpoint.OAuth2PasswordGrantRequest;
@@ -27,10 +32,6 @@ import org.springframework.security.oauth2.core.OAuth2AccessToken;
 import org.springframework.security.oauth2.core.TestOAuth2RefreshTokens;
 import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
 import org.springframework.security.oauth2.core.endpoint.TestOAuth2AccessTokenResponses;
-import reactor.core.publisher.Mono;
-
-import java.time.Duration;
-import java.time.Instant;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientProviderBuilderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientProviderBuilderTests.java
index cf4e77b63b..6bec75a33c 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientProviderBuilderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientProviderBuilderTests.java
@@ -15,12 +15,17 @@
  */
 package org.springframework.security.oauth2.client;
 
+import java.time.Duration;
+import java.time.Instant;
+
 import okhttp3.mockwebserver.MockResponse;
 import okhttp3.mockwebserver.MockWebServer;
 import okhttp3.mockwebserver.RecordedRequest;
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
+import reactor.core.publisher.Mono;
+
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.MediaType;
 import org.springframework.security.authentication.TestingAuthenticationToken;
@@ -30,14 +35,13 @@ import org.springframework.security.oauth2.client.registration.TestClientRegistr
 import org.springframework.security.oauth2.core.AuthorizationGrantType;
 import org.springframework.security.oauth2.core.OAuth2AccessToken;
 import org.springframework.security.oauth2.core.TestOAuth2RefreshTokens;
-import reactor.core.publisher.Mono;
-
-import java.time.Duration;
-import java.time.Instant;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
-import static org.mockito.Mockito.*;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
 
 /**
  * Tests for {@link ReactiveOAuth2AuthorizedClientProviderBuilder}.
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/RefreshTokenOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/RefreshTokenOAuth2AuthorizedClientProviderTests.java
index 1676183e8c..0eaa623124 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/RefreshTokenOAuth2AuthorizedClientProviderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/RefreshTokenOAuth2AuthorizedClientProviderTests.java
@@ -15,9 +15,15 @@
  */
 package org.springframework.security.oauth2.client;
 
+import java.time.Duration;
+import java.time.Instant;
+import java.util.Arrays;
+import java.util.HashSet;
+
 import org.junit.Before;
 import org.junit.Test;
 import org.mockito.ArgumentCaptor;
+
 import org.springframework.security.authentication.TestingAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient;
@@ -30,14 +36,12 @@ import org.springframework.security.oauth2.core.TestOAuth2RefreshTokens;
 import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
 import org.springframework.security.oauth2.core.endpoint.TestOAuth2AccessTokenResponses;
 
-import java.time.Duration;
-import java.time.Instant;
-import java.util.Arrays;
-import java.util.HashSet;
-
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
-import static org.mockito.Mockito.*;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
 
 /**
  * Tests for {@link RefreshTokenOAuth2AuthorizedClientProvider}.
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/RefreshTokenReactiveOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/RefreshTokenReactiveOAuth2AuthorizedClientProviderTests.java
index 82d915ee40..350bb39254 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/RefreshTokenReactiveOAuth2AuthorizedClientProviderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/RefreshTokenReactiveOAuth2AuthorizedClientProviderTests.java
@@ -15,9 +15,16 @@
  */
 package org.springframework.security.oauth2.client;
 
+import java.time.Duration;
+import java.time.Instant;
+import java.util.Arrays;
+import java.util.HashSet;
+
 import org.junit.Before;
 import org.junit.Test;
 import org.mockito.ArgumentCaptor;
+import reactor.core.publisher.Mono;
+
 import org.springframework.security.authentication.TestingAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.oauth2.client.endpoint.OAuth2RefreshTokenGrantRequest;
@@ -29,16 +36,13 @@ import org.springframework.security.oauth2.core.TestOAuth2AccessTokens;
 import org.springframework.security.oauth2.core.TestOAuth2RefreshTokens;
 import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
 import org.springframework.security.oauth2.core.endpoint.TestOAuth2AccessTokenResponses;
-import reactor.core.publisher.Mono;
-
-import java.time.Duration;
-import java.time.Instant;
-import java.util.Arrays;
-import java.util.HashSet;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
-import static org.mockito.Mockito.*;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
 
 /**
  * Tests for {@link RefreshTokenReactiveOAuth2AuthorizedClientProvider}.
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthenticationTokenTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthenticationTokenTests.java
index 13cfd2be38..a51ce7f6d3 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthenticationTokenTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthenticationTokenTests.java
@@ -15,14 +15,15 @@
  */
 package org.springframework.security.oauth2.client.authentication;
 
-import org.junit.Before;
-import org.junit.Test;
-import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.oauth2.core.user.OAuth2User;
-
 import java.util.Collection;
 import java.util.Collections;
 
+import org.junit.Before;
+import org.junit.Test;
+
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.oauth2.core.user.OAuth2User;
+
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.Mockito.mock;
 
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginReactiveAuthenticationManagerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginReactiveAuthenticationManagerTests.java
index dbba4bbb0c..82e3c52831 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginReactiveAuthenticationManagerTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginReactiveAuthenticationManagerTests.java
@@ -16,14 +16,6 @@
 
 package org.springframework.security.oauth2.client.authentication;
 
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatCode;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
-import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.ArgumentMatchers.anyCollection;
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
-
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.List;
@@ -37,6 +29,8 @@ import org.mockito.ArgumentCaptor;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
 import org.mockito.stubbing.Answer;
+import reactor.core.publisher.Mono;
+
 import org.springframework.security.authentication.TestingAuthenticationToken;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.AuthorityUtils;
@@ -57,7 +51,13 @@ import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResp
 import org.springframework.security.oauth2.core.user.DefaultOAuth2User;
 import org.springframework.security.oauth2.core.user.OAuth2User;
 
-import reactor.core.publisher.Mono;
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatCode;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.anyCollection;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
 
 /**
  * @author Rob Winch
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestEntityConverterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestEntityConverterTests.java
index 2fc9a2c6e0..a108d44ad0 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestEntityConverterTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestEntityConverterTests.java
@@ -15,7 +15,13 @@
  */
 package org.springframework.security.oauth2.client.endpoint;
 
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Map;
+
 import org.junit.Test;
+
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpMethod;
 import org.springframework.http.MediaType;
@@ -30,11 +36,6 @@ import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
 import org.springframework.security.oauth2.core.endpoint.PkceParameterNames;
 import org.springframework.util.MultiValueMap;
 
-import java.util.Arrays;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Map;
-
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.springframework.http.MediaType.APPLICATION_FORM_URLENCODED_VALUE;
 
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestEntityConverterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestEntityConverterTests.java
index 72a9735ca9..dcc6e6cc64 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestEntityConverterTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestEntityConverterTests.java
@@ -17,6 +17,7 @@ package org.springframework.security.oauth2.client.endpoint;
 
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpMethod;
 import org.springframework.http.MediaType;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestTests.java
index b6c4bf7f2b..35bb1b74dd 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestTests.java
@@ -17,6 +17,7 @@ package org.springframework.security.oauth2.client.endpoint;
 
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
 import org.springframework.security.oauth2.core.AuthorizationGrantType;
 import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2PasswordGrantRequestEntityConverterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2PasswordGrantRequestEntityConverterTests.java
index a2146f925f..127adf35fd 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2PasswordGrantRequestEntityConverterTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2PasswordGrantRequestEntityConverterTests.java
@@ -17,6 +17,7 @@ package org.springframework.security.oauth2.client.endpoint;
 
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpMethod;
 import org.springframework.http.MediaType;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2PasswordGrantRequestTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2PasswordGrantRequestTests.java
index e736b5b83d..7fe0c24845 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2PasswordGrantRequestTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2PasswordGrantRequestTests.java
@@ -16,6 +16,7 @@
 package org.springframework.security.oauth2.client.endpoint;
 
 import org.junit.Test;
+
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
 import org.springframework.security.oauth2.client.registration.TestClientRegistrations;
 import org.springframework.security.oauth2.core.AuthorizationGrantType;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2RefreshTokenGrantRequestEntityConverterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2RefreshTokenGrantRequestEntityConverterTests.java
index 240f23a3b2..02b7bf6ff3 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2RefreshTokenGrantRequestEntityConverterTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2RefreshTokenGrantRequestEntityConverterTests.java
@@ -15,8 +15,11 @@
  */
 package org.springframework.security.oauth2.client.endpoint;
 
+import java.util.Collections;
+
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpMethod;
 import org.springframework.http.MediaType;
@@ -30,8 +33,6 @@ import org.springframework.security.oauth2.core.TestOAuth2RefreshTokens;
 import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
 import org.springframework.util.MultiValueMap;
 
-import java.util.Collections;
-
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.springframework.http.MediaType.APPLICATION_FORM_URLENCODED_VALUE;
 
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2RefreshTokenGrantRequestTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2RefreshTokenGrantRequestTests.java
index b0595f15a8..ea83b03789 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2RefreshTokenGrantRequestTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2RefreshTokenGrantRequestTests.java
@@ -15,8 +15,13 @@
  */
 package org.springframework.security.oauth2.client.endpoint;
 
+import java.util.Arrays;
+import java.util.HashSet;
+import java.util.Set;
+
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
 import org.springframework.security.oauth2.client.registration.TestClientRegistrations;
 import org.springframework.security.oauth2.core.OAuth2AccessToken;
@@ -24,10 +29,6 @@ import org.springframework.security.oauth2.core.OAuth2RefreshToken;
 import org.springframework.security.oauth2.core.TestOAuth2AccessTokens;
 import org.springframework.security.oauth2.core.TestOAuth2RefreshTokens;
 
-import java.util.Arrays;
-import java.util.HashSet;
-import java.util.Set;
-
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveAuthorizationCodeTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveAuthorizationCodeTokenResponseClientTests.java
index 190b925f2b..78e4fb711d 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveAuthorizationCodeTokenResponseClientTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveAuthorizationCodeTokenResponseClientTests.java
@@ -16,11 +16,16 @@
 
 package org.springframework.security.oauth2.client.endpoint;
 
+import java.time.Instant;
+import java.util.HashMap;
+import java.util.Map;
+
 import okhttp3.mockwebserver.MockResponse;
 import okhttp3.mockwebserver.MockWebServer;
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
@@ -35,10 +40,6 @@ import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResp
 import org.springframework.security.oauth2.core.endpoint.PkceParameterNames;
 import org.springframework.web.reactive.function.client.WebClient;
 
-import java.time.Instant;
-import java.util.HashMap;
-import java.util.Map;
-
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.mockito.Mockito.atLeastOnce;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveClientCredentialsTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveClientCredentialsTokenResponseClientTests.java
index 4c1f2da432..00984777dc 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveClientCredentialsTokenResponseClientTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveClientCredentialsTokenResponseClientTests.java
@@ -22,6 +22,7 @@ import okhttp3.mockwebserver.RecordedRequest;
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.MediaType;
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactivePasswordTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactivePasswordTokenResponseClientTests.java
index 12001a2f47..8414ae92d0 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactivePasswordTokenResponseClientTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactivePasswordTokenResponseClientTests.java
@@ -15,12 +15,15 @@
  */
 package org.springframework.security.oauth2.client.endpoint;
 
+import java.time.Instant;
+
 import okhttp3.mockwebserver.MockResponse;
 import okhttp3.mockwebserver.MockWebServer;
 import okhttp3.mockwebserver.RecordedRequest;
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpMethod;
 import org.springframework.http.MediaType;
@@ -31,8 +34,6 @@ import org.springframework.security.oauth2.core.OAuth2AccessToken;
 import org.springframework.security.oauth2.core.OAuth2AuthorizationException;
 import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
 
-import java.time.Instant;
-
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveRefreshTokenTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveRefreshTokenTokenResponseClientTests.java
index 3c461eeb9b..ce92de3aeb 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveRefreshTokenTokenResponseClientTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveRefreshTokenTokenResponseClientTests.java
@@ -15,12 +15,16 @@
  */
 package org.springframework.security.oauth2.client.endpoint;
 
+import java.time.Instant;
+import java.util.Collections;
+
 import okhttp3.mockwebserver.MockResponse;
 import okhttp3.mockwebserver.MockWebServer;
 import okhttp3.mockwebserver.RecordedRequest;
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpMethod;
 import org.springframework.http.MediaType;
@@ -34,9 +38,6 @@ import org.springframework.security.oauth2.core.TestOAuth2AccessTokens;
 import org.springframework.security.oauth2.core.TestOAuth2RefreshTokens;
 import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
 
-import java.time.Instant;
-import java.util.Collections;
-
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/http/OAuth2ErrorResponseErrorHandlerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/http/OAuth2ErrorResponseErrorHandlerTests.java
index 1652e8a9fc..f1a549b387 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/http/OAuth2ErrorResponseErrorHandlerTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/http/OAuth2ErrorResponseErrorHandlerTests.java
@@ -16,6 +16,7 @@
 package org.springframework.security.oauth2.client.http;
 
 import org.junit.Test;
+
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpStatus;
 import org.springframework.mock.http.client.MockClientHttpResponse;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationExceptionMixinTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationExceptionMixinTests.java
index 574cf4c566..56d9202b4e 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationExceptionMixinTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationExceptionMixinTests.java
@@ -20,6 +20,7 @@ import com.fasterxml.jackson.databind.ObjectMapper;
 import org.junit.Before;
 import org.junit.Test;
 import org.skyscreamer.jsonassert.JSONAssert;
+
 import org.springframework.security.jackson2.SecurityJackson2Modules;
 import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
 import org.springframework.security.oauth2.core.OAuth2Error;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationTokenMixinTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationTokenMixinTests.java
index 88154d9a96..db8b48d968 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationTokenMixinTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationTokenMixinTests.java
@@ -15,12 +15,20 @@
  */
 package org.springframework.security.oauth2.client.jackson2;
 
+import java.time.Instant;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.List;
+import java.util.stream.Collectors;
+
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.datatype.jsr310.DecimalUtils;
 import org.junit.Before;
 import org.junit.Test;
 import org.skyscreamer.jsonassert.JSONAssert;
+
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.jackson2.SecurityJackson2Modules;
@@ -37,13 +45,6 @@ import org.springframework.security.oauth2.core.user.OAuth2UserAuthority;
 import org.springframework.util.CollectionUtils;
 import org.springframework.util.StringUtils;
 
-import java.time.Instant;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.Collections;
-import java.util.List;
-import java.util.stream.Collectors;
-
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.springframework.security.oauth2.core.oidc.StandardClaimNames.NAME;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizationRequestMixinTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizationRequestMixinTests.java
index 32bd7413db..3307bde4a0 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizationRequestMixinTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizationRequestMixinTests.java
@@ -15,22 +15,23 @@
  */
 package org.springframework.security.oauth2.client.jackson2;
 
+import java.util.LinkedHashMap;
+import java.util.Map;
+import java.util.stream.Collectors;
+
 import com.fasterxml.jackson.core.JsonParseException;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import org.junit.Before;
 import org.junit.Test;
 import org.skyscreamer.jsonassert.JSONAssert;
+
 import org.springframework.security.jackson2.SecurityJackson2Modules;
 import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
 import org.springframework.security.oauth2.core.endpoint.TestOAuth2AuthorizationRequests;
 import org.springframework.util.CollectionUtils;
 import org.springframework.util.StringUtils;
 
-import java.util.LinkedHashMap;
-import java.util.Map;
-import java.util.stream.Collectors;
-
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizedClientMixinTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizedClientMixinTests.java
index 71e4be37f8..b1bc06b2d8 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizedClientMixinTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizedClientMixinTests.java
@@ -15,12 +15,18 @@
  */
 package org.springframework.security.oauth2.client.jackson2;
 
+import java.time.Instant;
+import java.util.LinkedHashMap;
+import java.util.Map;
+import java.util.stream.Collectors;
+
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.datatype.jsr310.DecimalUtils;
 import org.junit.Before;
 import org.junit.Test;
 import org.skyscreamer.jsonassert.JSONAssert;
+
 import org.springframework.security.jackson2.SecurityJackson2Modules;
 import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
@@ -32,11 +38,6 @@ import org.springframework.security.oauth2.core.TestOAuth2RefreshTokens;
 import org.springframework.util.CollectionUtils;
 import org.springframework.util.StringUtils;
 
-import java.time.Instant;
-import java.util.LinkedHashMap;
-import java.util.Map;
-import java.util.stream.Collectors;
-
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProviderTests.java
index 667a256004..fff4999dc1 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProviderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProviderTests.java
@@ -15,12 +15,24 @@
  */
 package org.springframework.security.oauth2.client.oidc.authentication;
 
+import java.security.NoSuchAlgorithmException;
+import java.time.Instant;
+import java.util.Arrays;
+import java.util.Base64;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.LinkedHashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
 import org.junit.Before;
 import org.junit.Rule;
 import org.junit.Test;
 import org.junit.rules.ExpectedException;
 import org.mockito.ArgumentCaptor;
 import org.mockito.stubbing.Answer;
+
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
@@ -46,20 +58,11 @@ import org.springframework.security.oauth2.jwt.Jwt;
 import org.springframework.security.oauth2.jwt.JwtDecoder;
 import org.springframework.security.oauth2.jwt.JwtException;
 
-import java.security.NoSuchAlgorithmException;
-import java.time.Instant;
-import java.util.Arrays;
-import java.util.Base64;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.LinkedHashSet;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.hamcrest.CoreMatchers.containsString;
-import static org.mockito.ArgumentMatchers.*;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.anyCollection;
+import static org.mockito.ArgumentMatchers.anyString;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.when;
 import static org.springframework.security.oauth2.client.oidc.authentication.OidcAuthorizationCodeAuthenticationProvider.createHash;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManagerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManagerTests.java
index ea88bf4460..3e5c059c68 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManagerTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManagerTests.java
@@ -31,13 +31,13 @@ import org.mockito.ArgumentCaptor;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
 import org.mockito.stubbing.Answer;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
 import reactor.core.publisher.Mono;
 
 import org.springframework.security.authentication.TestingAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.AuthorityUtils;
+import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
 import org.springframework.security.crypto.keygen.Base64StringKeyGenerator;
 import org.springframework.security.crypto.keygen.StringKeyGenerator;
 import org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenDecoderFactoryTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenDecoderFactoryTests.java
index 3679a7797e..3267549be6 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenDecoderFactoryTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenDecoderFactoryTests.java
@@ -15,8 +15,12 @@
  */
 package org.springframework.security.oauth2.client.oidc.authentication;
 
+import java.util.Map;
+import java.util.function.Function;
+
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.core.convert.converter.Converter;
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
 import org.springframework.security.oauth2.client.registration.TestClientRegistrations;
@@ -30,12 +34,12 @@ import org.springframework.security.oauth2.jose.jws.MacAlgorithm;
 import org.springframework.security.oauth2.jose.jws.SignatureAlgorithm;
 import org.springframework.security.oauth2.jwt.Jwt;
 
-import java.util.Map;
-import java.util.function.Function;
-
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
-import static org.mockito.Mockito.*;
+import static org.mockito.ArgumentMatchers.same;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
 
 /**
  * @author Joe Grandja
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenValidatorTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenValidatorTests.java
index e813ac2da7..b87e1ed2b3 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenValidatorTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenValidatorTests.java
@@ -15,15 +15,6 @@
  */
 package org.springframework.security.oauth2.client.oidc.authentication;
 
-import org.junit.Before;
-import org.junit.Test;
-import org.springframework.security.oauth2.client.registration.ClientRegistration;
-import org.springframework.security.oauth2.client.registration.TestClientRegistrations;
-import org.springframework.security.oauth2.core.OAuth2Error;
-import org.springframework.security.oauth2.core.oidc.IdTokenClaimNames;
-import org.springframework.security.oauth2.jose.jws.JwsAlgorithms;
-import org.springframework.security.oauth2.jwt.Jwt;
-
 import java.time.Duration;
 import java.time.Instant;
 import java.util.Arrays;
@@ -32,6 +23,16 @@ import java.util.Collections;
 import java.util.HashMap;
 import java.util.Map;
 
+import org.junit.Before;
+import org.junit.Test;
+
+import org.springframework.security.oauth2.client.registration.ClientRegistration;
+import org.springframework.security.oauth2.client.registration.TestClientRegistrations;
+import org.springframework.security.oauth2.core.OAuth2Error;
+import org.springframework.security.oauth2.core.oidc.IdTokenClaimNames;
+import org.springframework.security.oauth2.jose.jws.JwsAlgorithms;
+import org.springframework.security.oauth2.jwt.Jwt;
+
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/ReactiveOidcIdTokenDecoderFactoryTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/ReactiveOidcIdTokenDecoderFactoryTests.java
index dc9f2b0513..5cbeefeeb4 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/ReactiveOidcIdTokenDecoderFactoryTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/ReactiveOidcIdTokenDecoderFactoryTests.java
@@ -15,8 +15,12 @@
  */
 package org.springframework.security.oauth2.client.oidc.authentication;
 
+import java.util.Map;
+import java.util.function.Function;
+
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.core.convert.converter.Converter;
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
 import org.springframework.security.oauth2.client.registration.TestClientRegistrations;
@@ -30,12 +34,12 @@ import org.springframework.security.oauth2.jose.jws.MacAlgorithm;
 import org.springframework.security.oauth2.jose.jws.SignatureAlgorithm;
 import org.springframework.security.oauth2.jwt.Jwt;
 
-import java.util.Map;
-import java.util.function.Function;
-
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
-import static org.mockito.Mockito.*;
+import static org.mockito.ArgumentMatchers.same;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
 
 /**
  * @author Joe Grandja
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcReactiveOAuth2UserServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcReactiveOAuth2UserServiceTests.java
index 52c101f0c9..eb334875a6 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcReactiveOAuth2UserServiceTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcReactiveOAuth2UserServiceTests.java
@@ -53,9 +53,9 @@ import org.springframework.security.oauth2.core.user.OAuth2UserAuthority;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatCode;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
-import static org.mockito.Mockito.any;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.same;
 import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.same;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.when;
 import static org.springframework.security.oauth2.client.registration.TestClientRegistrations.clientRegistration;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserServiceTests.java
index 9f3c338456..40484897c0 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserServiceTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserServiceTests.java
@@ -54,8 +54,8 @@ import org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.hamcrest.CoreMatchers.containsString;
+import static org.mockito.ArgumentMatchers.same;
 import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.same;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.when;
 import static org.springframework.security.oauth2.client.registration.TestClientRegistrations.clientRegistration;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/logout/OidcClientInitiatedLogoutSuccessHandlerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/logout/OidcClientInitiatedLogoutSuccessHandlerTests.java
index 8413106273..220790a3c7 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/logout/OidcClientInitiatedLogoutSuccessHandlerTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/logout/OidcClientInitiatedLogoutSuccessHandlerTests.java
@@ -19,6 +19,7 @@ package org.springframework.security.oauth2.client.oidc.web.logout;
 import java.io.IOException;
 import java.net.URI;
 import java.util.Collections;
+
 import javax.servlet.ServletException;
 
 import org.junit.Before;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/server/logout/OidcClientInitiatedServerLogoutSuccessHandlerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/server/logout/OidcClientInitiatedServerLogoutSuccessHandlerTests.java
index 3ef91ffb3c..eeb74e5f3e 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/server/logout/OidcClientInitiatedServerLogoutSuccessHandlerTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/server/logout/OidcClientInitiatedServerLogoutSuccessHandlerTests.java
@@ -19,6 +19,7 @@ package org.springframework.security.oauth2.client.oidc.web.server.logout;
 import java.io.IOException;
 import java.net.URI;
 import java.util.Collections;
+
 import javax.servlet.ServletException;
 
 import org.junit.Before;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/InMemoryClientRegistrationRepositoryTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/InMemoryClientRegistrationRepositoryTests.java
index 182ef5b3d2..e222dd63fd 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/InMemoryClientRegistrationRepositoryTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/InMemoryClientRegistrationRepositoryTests.java
@@ -16,14 +16,14 @@
 
 package org.springframework.security.oauth2.client.registration;
 
-import org.junit.Test;
-
 import java.util.Arrays;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 
+import org.junit.Test;
+
 import static org.assertj.core.api.Assertions.assertThat;
 
 /**
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DelegatingOAuth2UserServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DelegatingOAuth2UserServiceTests.java
index 976841b553..96306065a0 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DelegatingOAuth2UserServiceTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DelegatingOAuth2UserServiceTests.java
@@ -15,12 +15,13 @@
  */
 package org.springframework.security.oauth2.client.userinfo;
 
-import org.junit.Test;
-import org.springframework.security.oauth2.core.user.OAuth2User;
-
 import java.util.Arrays;
 import java.util.Collections;
 
+import org.junit.Test;
+
+import org.springframework.security.oauth2.core.user.OAuth2User;
+
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.mock;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequestEntityConverterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequestEntityConverterTests.java
index 1d24762f7d..7516095a72 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequestEntityConverterTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequestEntityConverterTests.java
@@ -15,7 +15,12 @@
  */
 package org.springframework.security.oauth2.client.userinfo;
 
+import java.time.Instant;
+import java.util.Arrays;
+import java.util.LinkedHashSet;
+
 import org.junit.Test;
+
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpMethod;
 import org.springframework.http.MediaType;
@@ -27,10 +32,6 @@ import org.springframework.security.oauth2.core.OAuth2AccessToken;
 import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
 import org.springframework.util.MultiValueMap;
 
-import java.time.Instant;
-import java.util.Arrays;
-import java.util.LinkedHashSet;
-
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.springframework.http.MediaType.APPLICATION_FORM_URLENCODED_VALUE;
 
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequestTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequestTests.java
index 4b683b86cb..62b712ab1d 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequestTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequestTests.java
@@ -15,19 +15,20 @@
  */
 package org.springframework.security.oauth2.client.userinfo;
 
-import org.junit.Before;
-import org.junit.Test;
-import org.springframework.security.oauth2.client.registration.ClientRegistration;
-import org.springframework.security.oauth2.core.AuthorizationGrantType;
-import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
-import org.springframework.security.oauth2.core.OAuth2AccessToken;
-
 import java.time.Instant;
 import java.util.Arrays;
 import java.util.HashMap;
 import java.util.LinkedHashSet;
 import java.util.Map;
 
+import org.junit.Before;
+import org.junit.Test;
+
+import org.springframework.security.oauth2.client.registration.ClientRegistration;
+import org.springframework.security.oauth2.core.AuthorizationGrantType;
+import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
+import org.springframework.security.oauth2.core.OAuth2AccessToken;
+
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/AuthenticatedPrincipalOAuth2AuthorizedClientRepositoryTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/AuthenticatedPrincipalOAuth2AuthorizedClientRepositoryTests.java
index 6d1f516676..2d26750126 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/AuthenticatedPrincipalOAuth2AuthorizedClientRepositoryTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/AuthenticatedPrincipalOAuth2AuthorizedClientRepositoryTests.java
@@ -17,6 +17,7 @@ package org.springframework.security.oauth2.client.web;
 
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.security.authentication.AnonymousAuthenticationToken;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolverTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolverTests.java
index 06272933ec..44ddf1ef28 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolverTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolverTests.java
@@ -17,10 +17,13 @@ package org.springframework.security.oauth2.client.web;
 
 import java.io.IOException;
 import java.nio.charset.StandardCharsets;
+
 import javax.servlet.http.HttpServletRequest;
+
 import org.junit.Before;
 import org.junit.Test;
 import org.mockito.Mockito;
+
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
 import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManagerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManagerTests.java
index df43c8d154..ca352ed8f8 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManagerTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManagerTests.java
@@ -15,9 +15,17 @@
  */
 package org.springframework.security.oauth2.client.web;
 
+import java.util.HashMap;
+import java.util.Map;
+import java.util.function.Function;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
 import org.junit.Before;
 import org.junit.Test;
 import org.mockito.ArgumentCaptor;
+
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.security.authentication.TestingAuthenticationToken;
@@ -40,17 +48,11 @@ import org.springframework.security.oauth2.core.TestOAuth2RefreshTokens;
 import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
 import org.springframework.util.StringUtils;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.function.Function;
-
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatCode;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
-import static org.mockito.Mockito.any;
-import static org.mockito.Mockito.eq;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.never;
 import static org.mockito.Mockito.spy;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultReactiveOAuth2AuthorizedClientManagerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultReactiveOAuth2AuthorizedClientManagerTests.java
index 070a1367df..8987e12067 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultReactiveOAuth2AuthorizedClientManagerTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultReactiveOAuth2AuthorizedClientManagerTests.java
@@ -15,9 +15,18 @@
  */
 package org.springframework.security.oauth2.client.web;
 
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.function.Function;
+
 import org.junit.Before;
 import org.junit.Test;
 import org.mockito.ArgumentCaptor;
+import reactor.core.publisher.Mono;
+import reactor.test.publisher.PublisherProbe;
+import reactor.util.context.Context;
+
 import org.springframework.http.MediaType;
 import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
 import org.springframework.mock.web.server.MockServerWebExchange;
@@ -39,19 +48,17 @@ import org.springframework.security.oauth2.core.TestOAuth2AccessTokens;
 import org.springframework.security.oauth2.core.TestOAuth2RefreshTokens;
 import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
 import org.springframework.web.server.ServerWebExchange;
-import reactor.core.publisher.Mono;
-import reactor.test.publisher.PublisherProbe;
-import reactor.util.context.Context;
-
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.function.Function;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatCode;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
-import static org.mockito.Mockito.*;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.anyString;
+import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.never;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
 
 /**
  * Tests for {@link DefaultReactiveOAuth2AuthorizedClientManager}.
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizationRequestRepositoryTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizationRequestRepositoryTests.java
index 9f4de6dc62..2f7863e238 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizationRequestRepositoryTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizationRequestRepositoryTests.java
@@ -15,18 +15,19 @@
  */
 package org.springframework.security.oauth2.client.web;
 
+import java.util.HashMap;
+import java.util.Map;
+
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.junit.MockitoJUnitRunner;
+
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.mock.web.MockHttpSession;
 import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
 import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
 
-import java.util.HashMap;
-import java.util.Map;
-
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizedClientRepositoryTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizedClientRepositoryTests.java
index 60a4020465..d24c8e2b21 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizedClientRepositoryTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizedClientRepositoryTests.java
@@ -15,8 +15,13 @@
  */
 package org.springframework.security.oauth2.client.web;
 
+import java.util.Map;
+
+import javax.servlet.http.HttpSession;
+
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
@@ -24,9 +29,6 @@ import org.springframework.security.oauth2.client.registration.ClientRegistratio
 import org.springframework.security.oauth2.client.registration.TestClientRegistrations;
 import org.springframework.security.oauth2.core.OAuth2AccessToken;
 
-import javax.servlet.http.HttpSession;
-import java.util.Map;
-
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.mockito.Mockito.mock;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilterTests.java
index 765cec6535..50c850d9d7 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilterTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilterTests.java
@@ -15,9 +15,20 @@
  */
 package org.springframework.security.oauth2.client.web;
 
+import java.util.HashMap;
+import java.util.LinkedHashMap;
+import java.util.Map;
+import java.util.stream.Collectors;
+
+import javax.servlet.FilterChain;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.security.authentication.AnonymousAuthenticationToken;
@@ -45,18 +56,9 @@ import org.springframework.security.web.savedrequest.RequestCache;
 import org.springframework.security.web.util.UrlUtils;
 import org.springframework.util.CollectionUtils;
 
-import javax.servlet.FilterChain;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
-import java.util.HashMap;
-import java.util.LinkedHashMap;
-import java.util.Map;
-import java.util.stream.Collectors;
-
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
-import static org.mockito.Mockito.any;
+import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.spy;
 import static org.mockito.Mockito.times;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilterTests.java
index 3208657a9c..3523691a71 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilterTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilterTests.java
@@ -15,8 +15,20 @@
  */
 package org.springframework.security.oauth2.client.web;
 
+import java.lang.reflect.Constructor;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.http.HttpStatus;
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
@@ -31,19 +43,15 @@ import org.springframework.security.web.savedrequest.RequestCache;
 import org.springframework.util.ClassUtils;
 import org.springframework.web.util.UriComponentsBuilder;
 
-import javax.servlet.FilterChain;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.lang.reflect.Constructor;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.Map;
-
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
-import static org.mockito.Mockito.*;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.doThrow;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.verifyZeroInteractions;
+import static org.mockito.Mockito.when;
 
 /**
  * Tests for {@link OAuth2AuthorizationRequestRedirectFilter}.
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilterTests.java
index 00e584296f..7bda9447a7 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilterTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilterTests.java
@@ -17,6 +17,7 @@ package org.springframework.security.oauth2.client.web;
 
 import java.util.HashMap;
 import java.util.Map;
+
 import javax.servlet.FilterChain;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
@@ -57,7 +58,7 @@ import org.springframework.web.util.UriComponentsBuilder;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
-import static org.mockito.Mockito.any;
+import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.never;
 import static org.mockito.Mockito.spy;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolverTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolverTests.java
index 088a992959..6942c53c7d 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolverTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolverTests.java
@@ -15,9 +15,17 @@
  */
 package org.springframework.security.oauth2.client.web.method.annotation;
 
+import java.lang.reflect.Method;
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.core.MethodParameter;
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
@@ -53,15 +61,14 @@ import org.springframework.util.ReflectionUtils;
 import org.springframework.util.StringUtils;
 import org.springframework.web.context.request.ServletWebRequest;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.lang.reflect.Method;
-import java.util.HashMap;
-import java.util.Map;
-
+import static org.assertj.core.api.AssertionsForClassTypes.assertThat;
 import static org.assertj.core.api.AssertionsForClassTypes.assertThatThrownBy;
-import static org.assertj.core.api.AssertionsForInterfaceTypes.assertThat;
-import static org.mockito.Mockito.*;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.anyString;
+import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
 
 /**
  * Tests for {@link OAuth2AuthorizedClientArgumentResolver}.
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/MockExchangeFunction.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/MockExchangeFunction.java
index e581fca243..46e6f20d0f 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/MockExchangeFunction.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/MockExchangeFunction.java
@@ -16,16 +16,16 @@
 
 package org.springframework.security.oauth2.client.web.reactive.function.client;
 
-import static org.mockito.Mockito.mock;
+import java.util.ArrayList;
+import java.util.List;
+
+import reactor.core.publisher.Mono;
 
 import org.springframework.web.reactive.function.client.ClientRequest;
 import org.springframework.web.reactive.function.client.ClientResponse;
 import org.springframework.web.reactive.function.client.ExchangeFunction;
 
-import reactor.core.publisher.Mono;
-
-import java.util.ArrayList;
-import java.util.List;
+import static org.mockito.Mockito.mock;
 
 /**
  * @author Rob Winch
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionITests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionITests.java
index 9bc02e8427..589600730a 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionITests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionITests.java
@@ -15,12 +15,20 @@
  */
 package org.springframework.security.oauth2.client.web.reactive.function.client;
 
+import java.time.Duration;
+import java.time.Instant;
+import java.util.Arrays;
+import java.util.HashSet;
+
 import okhttp3.mockwebserver.MockResponse;
 import okhttp3.mockwebserver.MockWebServer;
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
 import org.mockito.ArgumentCaptor;
+import reactor.core.publisher.Mono;
+import reactor.util.context.Context;
+
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
@@ -43,13 +51,6 @@ import org.springframework.security.oauth2.core.TestOAuth2RefreshTokens;
 import org.springframework.web.reactive.function.client.WebClient;
 import org.springframework.web.reactive.function.client.WebClientResponseException;
 import org.springframework.web.server.ServerWebExchange;
-import reactor.core.publisher.Mono;
-import reactor.util.context.Context;
-
-import java.time.Duration;
-import java.time.Instant;
-import java.util.Arrays;
-import java.util.HashSet;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatCode;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionTests.java
index 50612fc76a..797ee45727 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionTests.java
@@ -15,6 +15,17 @@
  */
 package org.springframework.security.oauth2.client.web.reactive.function.client;
 
+import java.net.URI;
+import java.nio.charset.StandardCharsets;
+import java.time.Duration;
+import java.time.Instant;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Optional;
+
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
@@ -22,6 +33,10 @@ import org.mockito.ArgumentCaptor;
 import org.mockito.Captor;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
+import reactor.core.publisher.Mono;
+import reactor.test.publisher.PublisherProbe;
+import reactor.util.context.Context;
+
 import org.springframework.core.codec.ByteBufferEncoder;
 import org.springframework.core.codec.CharSequenceEncoder;
 import org.springframework.http.HttpHeaders;
@@ -78,27 +93,13 @@ import org.springframework.web.reactive.function.client.ClientResponse;
 import org.springframework.web.reactive.function.client.ExchangeFunction;
 import org.springframework.web.reactive.function.client.WebClientResponseException;
 import org.springframework.web.server.ServerWebExchange;
-import reactor.core.publisher.Mono;
-import reactor.test.publisher.PublisherProbe;
-import reactor.util.context.Context;
-
-import java.net.URI;
-import java.nio.charset.StandardCharsets;
-import java.time.Duration;
-import java.time.Instant;
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-import java.util.Optional;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatCode;
 import static org.assertj.core.api.Assertions.entry;
 import static org.assertj.core.api.AssertionsForClassTypes.assertThatThrownBy;
-import static org.mockito.Mockito.any;
-import static org.mockito.Mockito.eq;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.never;
 import static org.mockito.Mockito.spy;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionITests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionITests.java
index 280323e56b..cd2fbb3438 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionITests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionITests.java
@@ -15,6 +15,16 @@
  */
 package org.springframework.security.oauth2.client.web.reactive.function.client;
 
+import java.time.Duration;
+import java.time.Instant;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Map;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
 import okhttp3.mockwebserver.MockResponse;
 import okhttp3.mockwebserver.MockWebServer;
 import org.junit.After;
@@ -22,6 +32,9 @@ import org.junit.Before;
 import org.junit.BeforeClass;
 import org.junit.Test;
 import org.mockito.ArgumentCaptor;
+import reactor.blockhound.BlockHound;
+import reactor.util.context.Context;
+
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.MediaType;
 import org.springframework.mock.web.MockHttpServletRequest;
@@ -42,20 +55,15 @@ import org.springframework.security.oauth2.core.TestOAuth2RefreshTokens;
 import org.springframework.web.context.request.RequestContextHolder;
 import org.springframework.web.context.request.ServletRequestAttributes;
 import org.springframework.web.reactive.function.client.WebClient;
-import reactor.blockhound.BlockHound;
-import reactor.util.context.Context;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.time.Duration;
-import java.time.Instant;
-import java.util.Arrays;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Map;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.Mockito.*;
+import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.Mockito.doReturn;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.spy;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
 import static org.springframework.security.oauth2.client.web.reactive.function.client.ServletOAuth2AuthorizedClientExchangeFilterFunction.SECURITY_REACTOR_CONTEXT_ATTRIBUTES_KEY;
 import static org.springframework.security.oauth2.client.web.reactive.function.client.ServletOAuth2AuthorizedClientExchangeFilterFunction.clientRegistrationId;
 
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionTests.java
index 726f7891c1..8cf9fd05f4 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionTests.java
@@ -15,6 +15,21 @@
  */
 package org.springframework.security.oauth2.client.web.reactive.function.client;
 
+import java.net.URI;
+import java.nio.charset.StandardCharsets;
+import java.time.Duration;
+import java.time.Instant;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Optional;
+import java.util.function.Consumer;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
@@ -23,6 +38,9 @@ import org.mockito.ArgumentCaptor;
 import org.mockito.Captor;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
+import reactor.core.publisher.Mono;
+import reactor.util.context.Context;
+
 import org.springframework.core.codec.ByteBufferEncoder;
 import org.springframework.core.codec.CharSequenceEncoder;
 import org.springframework.http.HttpHeaders;
@@ -84,29 +102,13 @@ import org.springframework.web.reactive.function.client.ClientResponse;
 import org.springframework.web.reactive.function.client.ExchangeFunction;
 import org.springframework.web.reactive.function.client.WebClient;
 import org.springframework.web.reactive.function.client.WebClientResponseException;
-import reactor.core.publisher.Mono;
-import reactor.util.context.Context;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.net.URI;
-import java.nio.charset.StandardCharsets;
-import java.time.Duration;
-import java.time.Instant;
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-import java.util.Optional;
-import java.util.function.Consumer;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatCode;
 import static org.assertj.core.api.Assertions.entry;
 import static org.assertj.core.api.AssertionsForClassTypes.assertThatThrownBy;
-import static org.mockito.Mockito.any;
-import static org.mockito.Mockito.eq;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.never;
 import static org.mockito.Mockito.verify;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/result/method/annotation/OAuth2AuthorizedClientArgumentResolverTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/result/method/annotation/OAuth2AuthorizedClientArgumentResolverTests.java
index 5068c43d65..eb3f47b240 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/result/method/annotation/OAuth2AuthorizedClientArgumentResolverTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/result/method/annotation/OAuth2AuthorizedClientArgumentResolverTests.java
@@ -16,11 +16,16 @@
 
 package org.springframework.security.oauth2.client.web.reactive.result.method.annotation;
 
+import java.lang.reflect.Method;
+
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
+import reactor.core.publisher.Mono;
+import reactor.util.context.Context;
+
 import org.springframework.core.MethodParameter;
 import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
 import org.springframework.mock.web.server.MockServerWebExchange;
@@ -41,10 +46,6 @@ import org.springframework.security.oauth2.client.web.server.ServerOAuth2Authori
 import org.springframework.security.oauth2.core.TestOAuth2AccessTokens;
 import org.springframework.util.ReflectionUtils;
 import org.springframework.web.server.ServerWebExchange;
-import reactor.core.publisher.Mono;
-import reactor.util.context.Context;
-
-import java.lang.reflect.Method;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/AuthenticatedPrincipalServerOAuth2AuthorizedClientRepositoryTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/AuthenticatedPrincipalServerOAuth2AuthorizedClientRepositoryTests.java
index 274413e8a7..119eaa1f3e 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/AuthenticatedPrincipalServerOAuth2AuthorizedClientRepositoryTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/AuthenticatedPrincipalServerOAuth2AuthorizedClientRepositoryTests.java
@@ -17,6 +17,8 @@ package org.springframework.security.oauth2.client.web.server;
 
 import org.junit.Before;
 import org.junit.Test;
+import reactor.core.publisher.Mono;
+
 import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
 import org.springframework.mock.web.server.MockServerWebExchange;
 import org.springframework.security.authentication.AnonymousAuthenticationToken;
@@ -26,9 +28,6 @@ import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
 import org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientService;
 import org.springframework.security.oauth2.client.web.AuthenticatedPrincipalOAuth2AuthorizedClientRepository;
-import org.springframework.security.oauth2.client.web.server.AuthenticatedPrincipalServerOAuth2AuthorizedClientRepository;
-import org.springframework.security.oauth2.client.web.server.ServerOAuth2AuthorizedClientRepository;
-import reactor.core.publisher.Mono;
 
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.mockito.ArgumentMatchers.any;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolverTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolverTests.java
index 868db33116..cd11c7910f 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolverTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolverTests.java
@@ -21,6 +21,8 @@ import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
+import reactor.core.publisher.Mono;
+
 import org.springframework.http.HttpStatus;
 import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
 import org.springframework.mock.web.server.MockServerWebExchange;
@@ -35,7 +37,6 @@ import org.springframework.security.oauth2.core.oidc.OidcScopes;
 import org.springframework.security.oauth2.core.oidc.endpoint.OidcParameterNames;
 import org.springframework.web.server.ResponseStatusException;
 import org.springframework.web.server.ServerWebExchange;
-import reactor.core.publisher.Mono;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationCodeGrantWebFilterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationCodeGrantWebFilterTests.java
index 8eefa4b920..afaf4dd12f 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationCodeGrantWebFilterTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationCodeGrantWebFilterTests.java
@@ -16,11 +16,19 @@
 
 package org.springframework.security.oauth2.client.web.server;
 
+import java.net.URI;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.LinkedHashMap;
+import java.util.Map;
+
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
+import reactor.core.publisher.Mono;
+
 import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
 import org.springframework.mock.web.server.MockServerWebExchange;
 import org.springframework.security.authentication.AnonymousAuthenticationToken;
@@ -38,13 +46,6 @@ import org.springframework.security.web.server.savedrequest.ServerRequestCache;
 import org.springframework.util.CollectionUtils;
 import org.springframework.web.server.ServerWebExchange;
 import org.springframework.web.server.handler.DefaultWebFilterChain;
-import reactor.core.publisher.Mono;
-
-import java.net.URI;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.LinkedHashMap;
-import java.util.Map;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatCode;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationRequestRedirectWebFilterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationRequestRedirectWebFilterTests.java
index 6a146fae58..c978fa1296 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationRequestRedirectWebFilterTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationRequestRedirectWebFilterTests.java
@@ -16,11 +16,16 @@
 
 package org.springframework.security.oauth2.client.web.server;
 
+import java.net.URI;
+import java.util.Arrays;
+
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
+import reactor.core.publisher.Mono;
+
 import org.springframework.security.oauth2.client.ClientAuthorizationRequiredException;
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
 import org.springframework.security.oauth2.client.registration.ReactiveClientRegistrationRepository;
@@ -30,10 +35,6 @@ import org.springframework.security.web.server.savedrequest.ServerRequestCache;
 import org.springframework.test.web.reactive.server.FluxExchangeResult;
 import org.springframework.test.web.reactive.server.WebTestClient;
 import org.springframework.web.server.handler.FilteringWebHandler;
-import reactor.core.publisher.Mono;
-
-import java.net.URI;
-import java.util.Arrays;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.AssertionsForClassTypes.assertThatThrownBy;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizationCodeAuthenticationTokenConverterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizationCodeAuthenticationTokenConverterTests.java
index 75e833fa86..9b139c4a22 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizationCodeAuthenticationTokenConverterTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizationCodeAuthenticationTokenConverterTests.java
@@ -16,11 +16,16 @@
 
 package org.springframework.security.oauth2.client.web.server;
 
+import java.util.Collections;
+import java.util.Map;
+
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
+import reactor.core.publisher.Mono;
+
 import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
 import org.springframework.mock.web.server.MockServerWebExchange;
 import org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken;
@@ -32,10 +37,6 @@ import org.springframework.security.oauth2.core.OAuth2AuthorizationException;
 import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
 import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse;
 import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
-import reactor.core.publisher.Mono;
-
-import java.util.Collections;
-import java.util.Map;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/UnAuthenticatedServerOAuth2AuthorizedClientRepositoryTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/UnAuthenticatedServerOAuth2AuthorizedClientRepositoryTests.java
index 1a3f6632c9..0e6ed8a94c 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/UnAuthenticatedServerOAuth2AuthorizedClientRepositoryTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/UnAuthenticatedServerOAuth2AuthorizedClientRepositoryTests.java
@@ -18,6 +18,7 @@ package org.springframework.security.oauth2.client.web.server;
 
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
 import org.springframework.mock.web.server.MockServerWebExchange;
 import org.springframework.security.authentication.AnonymousAuthenticationToken;
@@ -31,7 +32,8 @@ import org.springframework.security.oauth2.core.OAuth2AccessToken;
 import org.springframework.security.oauth2.core.TestOAuth2AccessTokens;
 import org.springframework.web.server.ServerWebExchange;
 
-import static org.assertj.core.api.Assertions.*;
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
 
 /**
  * @author Rob Winch
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/WebSessionOAuth2ServerAuthorizationRequestRepositoryTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/WebSessionOAuth2ServerAuthorizationRequestRepositoryTests.java
index 1130ee5d3e..9ca8a5302d 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/WebSessionOAuth2ServerAuthorizationRequestRepositoryTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/WebSessionOAuth2ServerAuthorizationRequestRepositoryTests.java
@@ -16,18 +16,13 @@
 
 package org.springframework.security.oauth2.client.web.server;
 
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
-
-import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.spy;
-import static org.mockito.Mockito.times;
-import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 import java.util.HashMap;
 import java.util.Map;
 
 import org.junit.Test;
+import reactor.core.publisher.Mono;
+import reactor.test.StepVerifier;
+
 import org.springframework.http.codec.ServerCodecConfigurer;
 import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
 import org.springframework.mock.http.server.reactive.MockServerHttpResponse;
@@ -40,8 +35,13 @@ import org.springframework.web.server.adapter.DefaultServerWebExchange;
 import org.springframework.web.server.i18n.AcceptHeaderLocaleContextResolver;
 import org.springframework.web.server.session.WebSessionManager;
 
-import reactor.core.publisher.Mono;
-import reactor.test.StepVerifier;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.spy;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
 
 /**
  * @author Rob Winch
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/WebSessionServerOAuth2AuthorizedClientRepositoryTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/WebSessionServerOAuth2AuthorizedClientRepositoryTests.java
index 0b74c0396e..54bef10037 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/WebSessionServerOAuth2AuthorizedClientRepositoryTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/WebSessionServerOAuth2AuthorizedClientRepositoryTests.java
@@ -16,16 +16,17 @@
 package org.springframework.security.oauth2.client.web.server;
 
 import org.junit.Test;
+
 import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
 import org.springframework.mock.web.server.MockServerWebExchange;
 import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
 import org.springframework.security.oauth2.client.registration.TestClientRegistrations;
-import org.springframework.security.oauth2.client.web.server.WebSessionServerOAuth2AuthorizedClientRepository;
 import org.springframework.security.oauth2.core.OAuth2AccessToken;
 import org.springframework.web.server.WebSession;
 
-import static org.assertj.core.api.Assertions.*;
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.mockito.Mockito.mock;
 
 /**
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/authentication/OAuth2LoginAuthenticationWebFilterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/authentication/OAuth2LoginAuthenticationWebFilterTests.java
index ba9ce10a63..f151ed3285 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/authentication/OAuth2LoginAuthenticationWebFilterTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/authentication/OAuth2LoginAuthenticationWebFilterTests.java
@@ -16,11 +16,17 @@
 
 package org.springframework.security.oauth2.client.web.server.authentication;
 
+import java.time.Duration;
+import java.time.Instant;
+import java.util.Collections;
+
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
+import reactor.core.publisher.Mono;
+
 import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
 import org.springframework.mock.web.server.MockServerWebExchange;
 import org.springframework.security.authentication.ReactiveAuthenticationManager;
@@ -36,11 +42,6 @@ import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResp
 import org.springframework.security.oauth2.core.user.DefaultOAuth2User;
 import org.springframework.security.web.server.WebFilterExchange;
 import org.springframework.web.server.handler.DefaultWebFilterChain;
-import reactor.core.publisher.Mono;
-
-import java.time.Duration;
-import java.time.Instant;
-import java.util.Collections;
 
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.verify;
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/AbstractOAuth2Token.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/AbstractOAuth2Token.java
index d007bfdcc2..9dc4cb454c 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/AbstractOAuth2Token.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/AbstractOAuth2Token.java
@@ -15,13 +15,13 @@
  */
 package org.springframework.security.oauth2.core;
 
+import java.io.Serializable;
+import java.time.Instant;
+
 import org.springframework.lang.Nullable;
 import org.springframework.security.core.SpringSecurityCoreVersion;
 import org.springframework.util.Assert;
 
-import java.io.Serializable;
-import java.time.Instant;
-
 /**
  * Base class for OAuth 2.0 Token implementations.
  *
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/AuthorizationGrantType.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/AuthorizationGrantType.java
index 1ad5709b83..6b588a631a 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/AuthorizationGrantType.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/AuthorizationGrantType.java
@@ -15,11 +15,11 @@
  */
 package org.springframework.security.oauth2.core;
 
+import java.io.Serializable;
+
 import org.springframework.security.core.SpringSecurityCoreVersion;
 import org.springframework.util.Assert;
 
-import java.io.Serializable;
-
 /**
  * An authorization grant is a credential representing the resource owner's authorization
  * (to access it's protected resources) to the client and used by the client to obtain an
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/ClaimAccessor.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/ClaimAccessor.java
index 44295ab3bb..cedb349bca 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/ClaimAccessor.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/ClaimAccessor.java
@@ -15,15 +15,15 @@
  */
 package org.springframework.security.oauth2.core;
 
-import org.springframework.core.convert.TypeDescriptor;
-import org.springframework.security.oauth2.core.converter.ClaimConversionService;
-import org.springframework.util.Assert;
-
 import java.net.URL;
 import java.time.Instant;
 import java.util.List;
 import java.util.Map;
 
+import org.springframework.core.convert.TypeDescriptor;
+import org.springframework.security.oauth2.core.converter.ClaimConversionService;
+import org.springframework.util.Assert;
+
 /**
  * An &quot;accessor&quot; for a set of claims that may be used for assertions.
  *
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/ClientAuthenticationMethod.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/ClientAuthenticationMethod.java
index 2f988f68c1..ae824fbd83 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/ClientAuthenticationMethod.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/ClientAuthenticationMethod.java
@@ -15,11 +15,11 @@
  */
 package org.springframework.security.oauth2.core;
 
+import java.io.Serializable;
+
 import org.springframework.security.core.SpringSecurityCoreVersion;
 import org.springframework.util.Assert;
 
-import java.io.Serializable;
-
 /**
  * The authentication method used when authenticating the client with the authorization
  * server.
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2AccessToken.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2AccessToken.java
index 633696e201..6565de7a98 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2AccessToken.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2AccessToken.java
@@ -15,14 +15,14 @@
  */
 package org.springframework.security.oauth2.core;
 
-import org.springframework.security.core.SpringSecurityCoreVersion;
-import org.springframework.util.Assert;
-
 import java.io.Serializable;
 import java.time.Instant;
 import java.util.Collections;
 import java.util.Set;
 
+import org.springframework.security.core.SpringSecurityCoreVersion;
+import org.springframework.util.Assert;
+
 /**
  * An implementation of an {@link AbstractOAuth2Token} representing an OAuth 2.0 Access
  * Token.
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2Error.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2Error.java
index 032afe23f7..2abf857ab6 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2Error.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2Error.java
@@ -15,11 +15,11 @@
  */
 package org.springframework.security.oauth2.core;
 
+import java.io.Serializable;
+
 import org.springframework.security.core.SpringSecurityCoreVersion;
 import org.springframework.util.Assert;
 
-import java.io.Serializable;
-
 /**
  * A representation of an OAuth 2.0 Error.
  *
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ClaimTypeConverter.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ClaimTypeConverter.java
index 44d88c4fb4..881b25c0de 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ClaimTypeConverter.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ClaimTypeConverter.java
@@ -15,15 +15,15 @@
  */
 package org.springframework.security.oauth2.core.converter;
 
-import org.springframework.core.convert.converter.Converter;
-import org.springframework.util.Assert;
-import org.springframework.util.CollectionUtils;
-
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.LinkedHashMap;
 import java.util.Map;
 
+import org.springframework.core.convert.converter.Converter;
+import org.springframework.util.Assert;
+import org.springframework.util.CollectionUtils;
+
 /**
  * A {@link Converter} that provides type conversion for claim values.
  *
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ObjectToBooleanConverter.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ObjectToBooleanConverter.java
index 10d21f0fda..38e0f8d06e 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ObjectToBooleanConverter.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ObjectToBooleanConverter.java
@@ -15,12 +15,12 @@
  */
 package org.springframework.security.oauth2.core.converter;
 
-import org.springframework.core.convert.TypeDescriptor;
-import org.springframework.core.convert.converter.GenericConverter;
-
 import java.util.Collections;
 import java.util.Set;
 
+import org.springframework.core.convert.TypeDescriptor;
+import org.springframework.core.convert.converter.GenericConverter;
+
 /**
  * @author Joe Grandja
  * @since 5.2
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ObjectToInstantConverter.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ObjectToInstantConverter.java
index c86edb8b9c..5b329d1d9e 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ObjectToInstantConverter.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ObjectToInstantConverter.java
@@ -15,14 +15,14 @@
  */
 package org.springframework.security.oauth2.core.converter;
 
-import org.springframework.core.convert.TypeDescriptor;
-import org.springframework.core.convert.converter.GenericConverter;
-
 import java.time.Instant;
 import java.util.Collections;
 import java.util.Date;
 import java.util.Set;
 
+import org.springframework.core.convert.TypeDescriptor;
+import org.springframework.core.convert.converter.GenericConverter;
+
 /**
  * @author Joe Grandja
  * @since 5.2
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ObjectToListStringConverter.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ObjectToListStringConverter.java
index cbc13b7a47..041909ae57 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ObjectToListStringConverter.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ObjectToListStringConverter.java
@@ -15,16 +15,16 @@
  */
 package org.springframework.security.oauth2.core.converter;
 
-import org.springframework.core.convert.TypeDescriptor;
-import org.springframework.core.convert.converter.ConditionalGenericConverter;
-import org.springframework.util.ClassUtils;
-
+import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.LinkedHashSet;
 import java.util.List;
 import java.util.Set;
-import java.util.ArrayList;
+
+import org.springframework.core.convert.TypeDescriptor;
+import org.springframework.core.convert.converter.ConditionalGenericConverter;
+import org.springframework.util.ClassUtils;
 
 /**
  * @author Joe Grandja
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ObjectToMapStringObjectConverter.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ObjectToMapStringObjectConverter.java
index 0ba486c558..66895c2115 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ObjectToMapStringObjectConverter.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ObjectToMapStringObjectConverter.java
@@ -15,14 +15,14 @@
  */
 package org.springframework.security.oauth2.core.converter;
 
-import org.springframework.core.convert.TypeDescriptor;
-import org.springframework.core.convert.converter.ConditionalGenericConverter;
-
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.Map;
 import java.util.Set;
 
+import org.springframework.core.convert.TypeDescriptor;
+import org.springframework.core.convert.converter.ConditionalGenericConverter;
+
 /**
  * @author Joe Grandja
  * @since 5.2
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ObjectToStringConverter.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ObjectToStringConverter.java
index 1f843f3646..5e4c551918 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ObjectToStringConverter.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ObjectToStringConverter.java
@@ -15,12 +15,12 @@
  */
 package org.springframework.security.oauth2.core.converter;
 
-import org.springframework.core.convert.TypeDescriptor;
-import org.springframework.core.convert.converter.GenericConverter;
-
 import java.util.Collections;
 import java.util.Set;
 
+import org.springframework.core.convert.TypeDescriptor;
+import org.springframework.core.convert.converter.GenericConverter;
+
 /**
  * @author Joe Grandja
  * @since 5.2
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ObjectToURLConverter.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ObjectToURLConverter.java
index 483a31b2fb..9209d59980 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ObjectToURLConverter.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ObjectToURLConverter.java
@@ -15,14 +15,14 @@
  */
 package org.springframework.security.oauth2.core.converter;
 
-import org.springframework.core.convert.TypeDescriptor;
-import org.springframework.core.convert.converter.GenericConverter;
-
 import java.net.URI;
 import java.net.URL;
 import java.util.Collections;
 import java.util.Set;
 
+import org.springframework.core.convert.TypeDescriptor;
+import org.springframework.core.convert.converter.GenericConverter;
+
 /**
  * @author Joe Grandja
  * @since 5.2
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponse.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponse.java
index 9c050cc6a7..13a0ff023d 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponse.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponse.java
@@ -15,17 +15,17 @@
  */
 package org.springframework.security.oauth2.core.endpoint;
 
+import java.time.Instant;
+import java.util.Collections;
+import java.util.Map;
+import java.util.Set;
+
 import org.springframework.lang.Nullable;
 import org.springframework.security.oauth2.core.OAuth2AccessToken;
 import org.springframework.security.oauth2.core.OAuth2RefreshToken;
 import org.springframework.util.CollectionUtils;
 import org.springframework.util.StringUtils;
 
-import java.time.Instant;
-import java.util.Collections;
-import java.util.Map;
-import java.util.Set;
-
 /**
  * A representation of an OAuth 2.0 Access Token Response.
  *
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequest.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequest.java
index e7696604d0..ced36218f8 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequest.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequest.java
@@ -15,17 +15,6 @@
  */
 package org.springframework.security.oauth2.core.endpoint;
 
-import org.springframework.security.core.SpringSecurityCoreVersion;
-import org.springframework.security.oauth2.core.AuthorizationGrantType;
-import org.springframework.util.Assert;
-import org.springframework.util.CollectionUtils;
-import org.springframework.util.LinkedMultiValueMap;
-import org.springframework.util.MultiValueMap;
-import org.springframework.util.StringUtils;
-import org.springframework.web.util.DefaultUriBuilderFactory;
-import org.springframework.web.util.UriBuilder;
-import org.springframework.web.util.UriUtils;
-
 import java.io.Serializable;
 import java.net.URI;
 import java.nio.charset.StandardCharsets;
@@ -38,6 +27,17 @@ import java.util.Set;
 import java.util.function.Consumer;
 import java.util.function.Function;
 
+import org.springframework.security.core.SpringSecurityCoreVersion;
+import org.springframework.security.oauth2.core.AuthorizationGrantType;
+import org.springframework.util.Assert;
+import org.springframework.util.CollectionUtils;
+import org.springframework.util.LinkedMultiValueMap;
+import org.springframework.util.MultiValueMap;
+import org.springframework.util.StringUtils;
+import org.springframework.web.util.DefaultUriBuilderFactory;
+import org.springframework.web.util.UriBuilder;
+import org.springframework.web.util.UriUtils;
+
 /**
  * A representation of an OAuth 2.0 Authorization Request for the authorization code grant
  * type or implicit grant type.
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationResponseType.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationResponseType.java
index 70d6b0976e..b6a8c09301 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationResponseType.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationResponseType.java
@@ -15,11 +15,11 @@
  */
 package org.springframework.security.oauth2.core.endpoint;
 
+import java.io.Serializable;
+
 import org.springframework.security.core.SpringSecurityCoreVersion;
 import org.springframework.util.Assert;
 
-import java.io.Serializable;
-
 /**
  * The {@code response_type} parameter is consumed by the authorization endpoint which is
  * used by the authorization code grant type and implicit grant type. The client sets the
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/http/converter/OAuth2ErrorHttpMessageConverter.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/http/converter/OAuth2ErrorHttpMessageConverter.java
index a5e854aff2..1d075df2fc 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/http/converter/OAuth2ErrorHttpMessageConverter.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/http/converter/OAuth2ErrorHttpMessageConverter.java
@@ -15,6 +15,12 @@
  */
 package org.springframework.security.oauth2.core.http.converter;
 
+import java.nio.charset.Charset;
+import java.nio.charset.StandardCharsets;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.stream.Collectors;
+
 import org.springframework.core.ParameterizedTypeReference;
 import org.springframework.core.convert.converter.Converter;
 import org.springframework.http.HttpInputMessage;
@@ -30,12 +36,6 @@ import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
 import org.springframework.util.Assert;
 import org.springframework.util.StringUtils;
 
-import java.nio.charset.Charset;
-import java.nio.charset.StandardCharsets;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.stream.Collectors;
-
 /**
  * A {@link HttpMessageConverter} for an {@link OAuth2Error OAuth 2.0 Error}.
  *
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/IdTokenClaimAccessor.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/IdTokenClaimAccessor.java
index 1cb14aff5a..e0900300cc 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/IdTokenClaimAccessor.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/IdTokenClaimAccessor.java
@@ -15,12 +15,12 @@
  */
 package org.springframework.security.oauth2.core.oidc;
 
-import org.springframework.security.oauth2.core.ClaimAccessor;
-
 import java.net.URL;
 import java.time.Instant;
 import java.util.List;
 
+import org.springframework.security.oauth2.core.ClaimAccessor;
+
 /**
  * A {@link ClaimAccessor} for the &quot;claims&quot; that can be returned in the ID
  * Token, which provides information about the authentication of an End-User by an
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/StandardClaimAccessor.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/StandardClaimAccessor.java
index 497a823ed0..0d90e22bf9 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/StandardClaimAccessor.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/StandardClaimAccessor.java
@@ -15,12 +15,12 @@
  */
 package org.springframework.security.oauth2.core.oidc;
 
-import org.springframework.security.oauth2.core.ClaimAccessor;
-import org.springframework.util.CollectionUtils;
-
 import java.time.Instant;
 import java.util.Map;
 
+import org.springframework.security.oauth2.core.ClaimAccessor;
+import org.springframework.util.CollectionUtils;
+
 /**
  * A {@link ClaimAccessor} for the &quot;Standard Claims&quot; that can be returned either
  * in the UserInfo Response or the ID Token.
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/DefaultOidcUser.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/DefaultOidcUser.java
index 34ab430cf8..2266fcf0e1 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/DefaultOidcUser.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/DefaultOidcUser.java
@@ -16,15 +16,15 @@
 
 package org.springframework.security.oauth2.core.oidc.user;
 
+import java.util.Collection;
+import java.util.Map;
+
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.oauth2.core.oidc.IdTokenClaimNames;
 import org.springframework.security.oauth2.core.oidc.OidcIdToken;
 import org.springframework.security.oauth2.core.oidc.OidcUserInfo;
 import org.springframework.security.oauth2.core.user.DefaultOAuth2User;
 
-import java.util.Collection;
-import java.util.Map;
-
 /**
  * The default implementation of an {@link OidcUser}.
  *
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/OidcUser.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/OidcUser.java
index e975c06f1a..278bb08742 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/OidcUser.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/OidcUser.java
@@ -15,6 +15,8 @@
  */
 package org.springframework.security.oauth2.core.oidc.user;
 
+import java.util.Map;
+
 import org.springframework.security.core.AuthenticatedPrincipal;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.oauth2.core.oidc.IdTokenClaimAccessor;
@@ -23,8 +25,6 @@ import org.springframework.security.oauth2.core.oidc.OidcUserInfo;
 import org.springframework.security.oauth2.core.oidc.StandardClaimAccessor;
 import org.springframework.security.oauth2.core.user.OAuth2User;
 
-import java.util.Map;
-
 /**
  * A representation of a user {@code Principal} that is registered with an OpenID Connect
  * 1.0 Provider.
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/OidcUserAuthority.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/OidcUserAuthority.java
index 210c310b85..a06112bd7e 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/OidcUserAuthority.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/OidcUserAuthority.java
@@ -15,15 +15,15 @@
  */
 package org.springframework.security.oauth2.core.oidc.user;
 
+import java.util.HashMap;
+import java.util.Map;
+
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.oauth2.core.oidc.OidcIdToken;
 import org.springframework.security.oauth2.core.oidc.OidcUserInfo;
 import org.springframework.security.oauth2.core.user.OAuth2UserAuthority;
 import org.springframework.util.Assert;
 
-import java.util.HashMap;
-import java.util.Map;
-
 /**
  * A {@link GrantedAuthority} that may be associated to an {@link OidcUser}.
  *
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/user/DefaultOAuth2User.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/user/DefaultOAuth2User.java
index 97805ca257..167b8ffd30 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/user/DefaultOAuth2User.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/user/DefaultOAuth2User.java
@@ -15,21 +15,21 @@
  */
 package org.springframework.security.oauth2.core.user;
 
+import java.io.Serializable;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.Comparator;
+import java.util.LinkedHashMap;
+import java.util.LinkedHashSet;
+import java.util.Map;
+import java.util.Set;
+import java.util.SortedSet;
+import java.util.TreeSet;
+
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.SpringSecurityCoreVersion;
 import org.springframework.util.Assert;
 
-import java.io.Serializable;
-import java.util.Map;
-import java.util.Set;
-import java.util.Collections;
-import java.util.Collection;
-import java.util.LinkedHashMap;
-import java.util.TreeSet;
-import java.util.SortedSet;
-import java.util.Comparator;
-import java.util.LinkedHashSet;
-
 /**
  * The default implementation of an {@link OAuth2User}.
  *
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/user/OAuth2UserAuthority.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/user/OAuth2UserAuthority.java
index d0e513bcd6..89f051b4ba 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/user/OAuth2UserAuthority.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/user/OAuth2UserAuthority.java
@@ -15,14 +15,14 @@
  */
 package org.springframework.security.oauth2.core.user;
 
-import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.core.SpringSecurityCoreVersion;
-import org.springframework.util.Assert;
-
 import java.util.Collections;
 import java.util.LinkedHashMap;
 import java.util.Map;
 
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.SpringSecurityCoreVersion;
+import org.springframework.util.Assert;
+
 /**
  * A {@link GrantedAuthority} that may be associated to an {@link OAuth2User}.
  *
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/web/reactive/function/OAuth2AccessTokenResponseBodyExtractor.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/web/reactive/function/OAuth2AccessTokenResponseBodyExtractor.java
index fdd4407674..00462bd2e0 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/web/reactive/function/OAuth2AccessTokenResponseBodyExtractor.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/web/reactive/function/OAuth2AccessTokenResponseBodyExtractor.java
@@ -16,6 +16,12 @@
 
 package org.springframework.security.oauth2.core.web.reactive.function;
 
+import java.util.Collections;
+import java.util.LinkedHashMap;
+import java.util.LinkedHashSet;
+import java.util.Map;
+import java.util.Set;
+
 import com.nimbusds.oauth2.sdk.AccessTokenResponse;
 import com.nimbusds.oauth2.sdk.ErrorObject;
 import com.nimbusds.oauth2.sdk.ParseException;
@@ -23,6 +29,8 @@ import com.nimbusds.oauth2.sdk.TokenErrorResponse;
 import com.nimbusds.oauth2.sdk.TokenResponse;
 import com.nimbusds.oauth2.sdk.token.AccessToken;
 import net.minidev.json.JSONObject;
+import reactor.core.publisher.Mono;
+
 import org.springframework.core.ParameterizedTypeReference;
 import org.springframework.http.ReactiveHttpInputMessage;
 import org.springframework.security.oauth2.core.OAuth2AccessToken;
@@ -32,13 +40,6 @@ import org.springframework.security.oauth2.core.OAuth2ErrorCodes;
 import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
 import org.springframework.web.reactive.function.BodyExtractor;
 import org.springframework.web.reactive.function.BodyExtractors;
-import reactor.core.publisher.Mono;
-
-import java.util.Collections;
-import java.util.LinkedHashMap;
-import java.util.LinkedHashSet;
-import java.util.Map;
-import java.util.Set;
 
 /**
  * Provides a way to create an {@link OAuth2AccessTokenResponse} from a
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/web/reactive/function/OAuth2BodyExtractors.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/web/reactive/function/OAuth2BodyExtractors.java
index 10625ce160..77ed941a0d 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/web/reactive/function/OAuth2BodyExtractors.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/web/reactive/function/OAuth2BodyExtractors.java
@@ -16,10 +16,11 @@
 
 package org.springframework.security.oauth2.core.web.reactive.function;
 
+import reactor.core.publisher.Mono;
+
 import org.springframework.http.ReactiveHttpInputMessage;
 import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
 import org.springframework.web.reactive.function.BodyExtractor;
-import reactor.core.publisher.Mono;
 
 /**
  * Static factory methods for OAuth2 {@link BodyExtractor} implementations.
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/AuthenticationMethodTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/AuthenticationMethodTests.java
index ce937dea1a..f8a1dd7601 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/AuthenticationMethodTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/AuthenticationMethodTests.java
@@ -15,10 +15,11 @@
  */
 package org.springframework.security.oauth2.core;
 
-import static org.assertj.core.api.Assertions.*;
-
 import org.junit.Test;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
+
 /**
  * Tests for {@link AuthenticationMethod}.
  *
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/ClaimAccessorTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/ClaimAccessorTests.java
index 4a5a8a2854..f8449c42f5 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/ClaimAccessorTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/ClaimAccessorTests.java
@@ -15,9 +15,6 @@
  */
 package org.springframework.security.oauth2.core;
 
-import org.junit.Before;
-import org.junit.Test;
-
 import java.time.Instant;
 import java.util.Arrays;
 import java.util.Date;
@@ -25,6 +22,9 @@ import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 
+import org.junit.Before;
+import org.junit.Test;
+
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.catchThrowable;
 
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2AccessTokenTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2AccessTokenTests.java
index 4a63db8351..4f5525fb4a 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2AccessTokenTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2AccessTokenTests.java
@@ -15,14 +15,15 @@
  */
 package org.springframework.security.oauth2.core;
 
-import org.junit.Test;
-import org.springframework.util.SerializationUtils;
-
 import java.time.Instant;
 import java.util.Arrays;
 import java.util.LinkedHashSet;
 import java.util.Set;
 
+import org.junit.Test;
+
+import org.springframework.util.SerializationUtils;
+
 import static org.assertj.core.api.Assertions.assertThat;
 
 /**
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2TokenValidatorResultTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2TokenValidatorResultTests.java
index 940d485a9b..8d6a2827f3 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2TokenValidatorResultTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2TokenValidatorResultTests.java
@@ -17,9 +17,6 @@ package org.springframework.security.oauth2.core;
 
 import org.junit.Test;
 
-import org.springframework.security.oauth2.core.OAuth2Error;
-import org.springframework.security.oauth2.core.OAuth2TokenValidatorResult;
-
 import static org.assertj.core.api.Assertions.assertThat;
 
 /**
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/converter/ClaimConversionServiceTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/converter/ClaimConversionServiceTests.java
index 42cb3ffdb4..863197dee8 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/converter/ClaimConversionServiceTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/converter/ClaimConversionServiceTests.java
@@ -15,10 +15,6 @@
  */
 package org.springframework.security.oauth2.core.converter;
 
-import org.assertj.core.util.Lists;
-import org.junit.Test;
-import org.springframework.core.convert.ConversionService;
-
 import java.net.URL;
 import java.time.Instant;
 import java.time.temporal.ChronoUnit;
@@ -29,6 +25,11 @@ import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 
+import org.assertj.core.util.Lists;
+import org.junit.Test;
+
+import org.springframework.core.convert.ConversionService;
+
 import static org.assertj.core.api.Assertions.assertThat;
 
 /**
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/converter/ClaimTypeConverterTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/converter/ClaimTypeConverterTests.java
index 9996851324..12e0572c50 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/converter/ClaimTypeConverterTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/converter/ClaimTypeConverterTests.java
@@ -15,12 +15,6 @@
  */
 package org.springframework.security.oauth2.core.converter;
 
-import org.assertj.core.util.Lists;
-import org.junit.Before;
-import org.junit.Test;
-import org.springframework.core.convert.TypeDescriptor;
-import org.springframework.core.convert.converter.Converter;
-
 import java.net.URL;
 import java.time.Instant;
 import java.util.Collection;
@@ -28,6 +22,13 @@ import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 
+import org.assertj.core.util.Lists;
+import org.junit.Before;
+import org.junit.Test;
+
+import org.springframework.core.convert.TypeDescriptor;
+import org.springframework.core.convert.converter.Converter;
+
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseTests.java
index 0e678aef39..6d1cc2818f 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseTests.java
@@ -15,9 +15,6 @@
  */
 package org.springframework.security.oauth2.core.endpoint;
 
-import org.junit.Test;
-import org.springframework.security.oauth2.core.OAuth2AccessToken;
-
 import java.time.Instant;
 import java.util.Arrays;
 import java.util.HashMap;
@@ -25,6 +22,10 @@ import java.util.LinkedHashSet;
 import java.util.Map;
 import java.util.Set;
 
+import org.junit.Test;
+
+import org.springframework.security.oauth2.core.OAuth2AccessToken;
+
 import static org.assertj.core.api.Assertions.assertThat;
 
 /**
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequestTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequestTests.java
index 4805ed0770..6208840c9a 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequestTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequestTests.java
@@ -15,9 +15,6 @@
  */
 package org.springframework.security.oauth2.core.endpoint;
 
-import org.junit.Test;
-import org.springframework.security.oauth2.core.AuthorizationGrantType;
-
 import java.net.URI;
 import java.util.Arrays;
 import java.util.HashMap;
@@ -25,6 +22,10 @@ import java.util.LinkedHashSet;
 import java.util.Map;
 import java.util.Set;
 
+import org.junit.Test;
+
+import org.springframework.security.oauth2.core.AuthorizationGrantType;
+
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatCode;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TestOAuth2AccessTokenResponses.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TestOAuth2AccessTokenResponses.java
index 7cc0bf27f5..c8e0a75079 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TestOAuth2AccessTokenResponses.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TestOAuth2AccessTokenResponses.java
@@ -16,12 +16,12 @@
 
 package org.springframework.security.oauth2.core.endpoint;
 
-import org.springframework.security.oauth2.core.OAuth2AccessToken;
-import org.springframework.security.oauth2.core.oidc.endpoint.OidcParameterNames;
-
 import java.util.HashMap;
 import java.util.Map;
 
+import org.springframework.security.oauth2.core.OAuth2AccessToken;
+import org.springframework.security.oauth2.core.oidc.endpoint.OidcParameterNames;
+
 /**
  * @author Rob Winch
  * @since 5.1
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/http/converter/OAuth2AccessTokenResponseHttpMessageConverterTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/http/converter/OAuth2AccessTokenResponseHttpMessageConverterTests.java
index 798e32ec78..85d88e928b 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/http/converter/OAuth2AccessTokenResponseHttpMessageConverterTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/http/converter/OAuth2AccessTokenResponseHttpMessageConverterTests.java
@@ -15,8 +15,16 @@
  */
 package org.springframework.security.oauth2.core.http.converter;
 
+import java.time.Instant;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.LinkedHashSet;
+import java.util.Map;
+import java.util.Set;
+
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.core.convert.converter.Converter;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.converter.HttpMessageNotReadableException;
@@ -26,14 +34,9 @@ import org.springframework.mock.http.client.MockClientHttpResponse;
 import org.springframework.security.oauth2.core.OAuth2AccessToken;
 import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
 
-import java.time.Instant;
-import java.util.Arrays;
-import java.util.HashMap;
-import java.util.LinkedHashSet;
-import java.util.Map;
-import java.util.Set;
-
-import static org.assertj.core.api.Assertions.*;
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.entry;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.when;
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/http/converter/OAuth2ErrorHttpMessageConverterTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/http/converter/OAuth2ErrorHttpMessageConverterTests.java
index ace827314c..c2d4d952ad 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/http/converter/OAuth2ErrorHttpMessageConverterTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/http/converter/OAuth2ErrorHttpMessageConverterTests.java
@@ -17,6 +17,7 @@ package org.springframework.security.oauth2.core.http.converter;
 
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.core.convert.converter.Converter;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.converter.HttpMessageNotReadableException;
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/DefaultAddressStandardClaimTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/DefaultAddressStandardClaimTests.java
index f9f3aa6312..63816583b0 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/DefaultAddressStandardClaimTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/DefaultAddressStandardClaimTests.java
@@ -15,11 +15,11 @@
  */
 package org.springframework.security.oauth2.core.oidc;
 
-import org.junit.Test;
-
 import java.util.HashMap;
 import java.util.Map;
 
+import org.junit.Test;
+
 import static org.assertj.core.api.Assertions.assertThat;
 
 /**
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcIdTokenTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcIdTokenTests.java
index 55e722a704..aeccd0b3f2 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcIdTokenTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcIdTokenTests.java
@@ -15,8 +15,6 @@
  */
 package org.springframework.security.oauth2.core.oidc;
 
-import org.junit.Test;
-
 import java.time.Instant;
 import java.util.Arrays;
 import java.util.Collections;
@@ -24,6 +22,8 @@ import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 
+import org.junit.Test;
+
 import static org.assertj.core.api.Assertions.assertThat;
 
 /**
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcUserInfoTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcUserInfoTests.java
index 81827d0cb3..da3cd4a489 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcUserInfoTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcUserInfoTests.java
@@ -15,15 +15,26 @@
  */
 package org.springframework.security.oauth2.core.oidc;
 
-import org.junit.Test;
-
 import java.time.Instant;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.Map;
 
+import org.junit.Test;
+
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.springframework.security.oauth2.core.oidc.DefaultAddressStandardClaimTests.*;
+import static org.springframework.security.oauth2.core.oidc.DefaultAddressStandardClaimTests.COUNTRY;
+import static org.springframework.security.oauth2.core.oidc.DefaultAddressStandardClaimTests.COUNTRY_FIELD_NAME;
+import static org.springframework.security.oauth2.core.oidc.DefaultAddressStandardClaimTests.FORMATTED;
+import static org.springframework.security.oauth2.core.oidc.DefaultAddressStandardClaimTests.FORMATTED_FIELD_NAME;
+import static org.springframework.security.oauth2.core.oidc.DefaultAddressStandardClaimTests.LOCALITY;
+import static org.springframework.security.oauth2.core.oidc.DefaultAddressStandardClaimTests.LOCALITY_FIELD_NAME;
+import static org.springframework.security.oauth2.core.oidc.DefaultAddressStandardClaimTests.POSTAL_CODE;
+import static org.springframework.security.oauth2.core.oidc.DefaultAddressStandardClaimTests.POSTAL_CODE_FIELD_NAME;
+import static org.springframework.security.oauth2.core.oidc.DefaultAddressStandardClaimTests.REGION;
+import static org.springframework.security.oauth2.core.oidc.DefaultAddressStandardClaimTests.REGION_FIELD_NAME;
+import static org.springframework.security.oauth2.core.oidc.DefaultAddressStandardClaimTests.STREET_ADDRESS;
+import static org.springframework.security.oauth2.core.oidc.DefaultAddressStandardClaimTests.STREET_ADDRESS_FIELD_NAME;
 
 /**
  * Tests for {@link OidcUserInfo}.
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/user/DefaultOidcUserTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/user/DefaultOidcUserTests.java
index edba3543bb..ef8501ead2 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/user/DefaultOidcUserTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/user/DefaultOidcUserTests.java
@@ -16,7 +16,14 @@
 
 package org.springframework.security.oauth2.core.oidc.user;
 
+import java.time.Instant;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Set;
+
 import org.junit.Test;
+
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.oauth2.core.oidc.IdTokenClaimNames;
@@ -24,12 +31,6 @@ import org.springframework.security.oauth2.core.oidc.OidcIdToken;
 import org.springframework.security.oauth2.core.oidc.OidcUserInfo;
 import org.springframework.security.oauth2.core.oidc.StandardClaimNames;
 
-import java.time.Instant;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.Set;
-
 import static org.assertj.core.api.Assertions.assertThat;
 
 /**
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/user/OidcUserAuthorityTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/user/OidcUserAuthorityTests.java
index 0331d1cf69..d4a7f19394 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/user/OidcUserAuthorityTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/user/OidcUserAuthorityTests.java
@@ -15,16 +15,17 @@
  */
 package org.springframework.security.oauth2.core.oidc.user;
 
+import java.time.Instant;
+import java.util.HashMap;
+import java.util.Map;
+
 import org.junit.Test;
+
 import org.springframework.security.oauth2.core.oidc.IdTokenClaimNames;
 import org.springframework.security.oauth2.core.oidc.OidcIdToken;
 import org.springframework.security.oauth2.core.oidc.OidcUserInfo;
 import org.springframework.security.oauth2.core.oidc.StandardClaimNames;
 
-import java.time.Instant;
-import java.util.HashMap;
-import java.util.Map;
-
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatCode;
 
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/user/TestOidcUsers.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/user/TestOidcUsers.java
index b71ef0aa80..55eedf2d78 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/user/TestOidcUsers.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/user/TestOidcUsers.java
@@ -15,17 +15,17 @@
  */
 package org.springframework.security.oauth2.core.oidc.user;
 
-import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.core.authority.SimpleGrantedAuthority;
-import org.springframework.security.oauth2.core.oidc.OidcIdToken;
-import org.springframework.security.oauth2.core.oidc.OidcUserInfo;
-
 import java.time.Instant;
 import java.util.Arrays;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.LinkedHashSet;
 
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.oauth2.core.oidc.OidcIdToken;
+import org.springframework.security.oauth2.core.oidc.OidcUserInfo;
+
 /**
  * @author Joe Grandja
  */
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/user/DefaultOAuth2UserTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/user/DefaultOAuth2UserTests.java
index ff82d711db..88f20d81c1 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/user/DefaultOAuth2UserTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/user/DefaultOAuth2UserTests.java
@@ -16,15 +16,16 @@
 
 package org.springframework.security.oauth2.core.user;
 
-import org.junit.Test;
-import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.core.authority.SimpleGrantedAuthority;
-import org.springframework.util.SerializationUtils;
-
 import java.util.Collections;
 import java.util.Map;
 import java.util.Set;
 
+import org.junit.Test;
+
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.util.SerializationUtils;
+
 import static org.assertj.core.api.Assertions.assertThat;
 
 /**
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/user/OAuth2UserAuthorityTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/user/OAuth2UserAuthorityTests.java
index dca030c8e4..d8eb1039b8 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/user/OAuth2UserAuthorityTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/user/OAuth2UserAuthorityTests.java
@@ -15,11 +15,11 @@
  */
 package org.springframework.security.oauth2.core.user;
 
-import org.junit.Test;
-
 import java.util.Collections;
 import java.util.Map;
 
+import org.junit.Test;
+
 import static org.assertj.core.api.Assertions.assertThat;
 
 /**
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/user/TestOAuth2Users.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/user/TestOAuth2Users.java
index bdf2c155d5..e36228a757 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/user/TestOAuth2Users.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/user/TestOAuth2Users.java
@@ -16,15 +16,15 @@
 
 package org.springframework.security.oauth2.core.user;
 
-import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.core.authority.SimpleGrantedAuthority;
-
 import java.util.Arrays;
 import java.util.Collection;
 import java.util.HashMap;
 import java.util.LinkedHashSet;
 import java.util.Map;
 
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+
 /**
  * @author Rob Winch
  */
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/web/reactive/function/OAuth2BodyExtractorsTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/web/reactive/function/OAuth2BodyExtractorsTests.java
index 61de352edd..bfdd17de31 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/web/reactive/function/OAuth2BodyExtractorsTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/web/reactive/function/OAuth2BodyExtractorsTests.java
@@ -16,8 +16,17 @@
 
 package org.springframework.security.oauth2.core.web.reactive.function;
 
+import java.time.Instant;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Optional;
+
 import org.junit.Before;
 import org.junit.Test;
+import reactor.core.publisher.Mono;
+
 import org.springframework.core.codec.ByteBufferDecoder;
 import org.springframework.core.codec.StringDecoder;
 import org.springframework.http.HttpStatus;
@@ -33,14 +42,6 @@ import org.springframework.security.oauth2.core.OAuth2AccessToken;
 import org.springframework.security.oauth2.core.OAuth2AuthorizationException;
 import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
 import org.springframework.web.reactive.function.BodyExtractor;
-import reactor.core.publisher.Mono;
-
-import java.time.Instant;
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-import java.util.Optional;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatCode;
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtClaimAccessor.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtClaimAccessor.java
index 8c9fc4bf4b..192ef3f241 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtClaimAccessor.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtClaimAccessor.java
@@ -15,12 +15,12 @@
  */
 package org.springframework.security.oauth2.jwt;
 
-import org.springframework.security.oauth2.core.ClaimAccessor;
-
 import java.net.URL;
 import java.time.Instant;
 import java.util.List;
 
+import org.springframework.security.oauth2.core.ClaimAccessor;
+
 /**
  * A {@link ClaimAccessor} for the &quot;claims&quot; that may be contained in the JSON
  * object JWT Claims Set of a JSON Web Token (JWT).
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtDecoderProviderConfigurationUtils.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtDecoderProviderConfigurationUtils.java
index b730f48b53..9565b95a3a 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtDecoderProviderConfigurationUtils.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtDecoderProviderConfigurationUtils.java
@@ -15,6 +15,10 @@
  */
 package org.springframework.security.oauth2.jwt;
 
+import java.net.URI;
+import java.util.Collections;
+import java.util.Map;
+
 import org.springframework.core.ParameterizedTypeReference;
 import org.springframework.http.RequestEntity;
 import org.springframework.http.ResponseEntity;
@@ -22,10 +26,6 @@ import org.springframework.web.client.HttpClientErrorException;
 import org.springframework.web.client.RestTemplate;
 import org.springframework.web.util.UriComponentsBuilder;
 
-import java.net.URI;
-import java.util.Collections;
-import java.util.Map;
-
 /**
  * Allows resolving configuration from an <a href=
  * "https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig">OpenID
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/MappedJwtClaimSetConverter.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/MappedJwtClaimSetConverter.java
index bb8d502446..c6acdd92cc 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/MappedJwtClaimSetConverter.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/MappedJwtClaimSetConverter.java
@@ -16,13 +16,6 @@
 
 package org.springframework.security.oauth2.jwt;
 
-import org.springframework.core.convert.ConversionService;
-import org.springframework.core.convert.TypeDescriptor;
-import org.springframework.core.convert.converter.Converter;
-import org.springframework.security.oauth2.core.converter.ClaimConversionService;
-import org.springframework.security.oauth2.core.converter.ClaimTypeConverter;
-import org.springframework.util.Assert;
-
 import java.net.URI;
 import java.net.URL;
 import java.time.Instant;
@@ -30,6 +23,13 @@ import java.util.Collection;
 import java.util.HashMap;
 import java.util.Map;
 
+import org.springframework.core.convert.ConversionService;
+import org.springframework.core.convert.TypeDescriptor;
+import org.springframework.core.convert.converter.Converter;
+import org.springframework.security.oauth2.core.converter.ClaimConversionService;
+import org.springframework.security.oauth2.core.converter.ClaimTypeConverter;
+import org.springframework.util.Assert;
+
 /**
  * Converts a JWT claim set, claim by claim. Can be configured with custom converters by
  * claim name.
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoder.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoder.java
index 5c0ebbd528..c15da7031a 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoder.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoder.java
@@ -29,6 +29,7 @@ import java.util.LinkedHashMap;
 import java.util.Map;
 import java.util.Set;
 import java.util.function.Consumer;
+
 import javax.crypto.SecretKey;
 
 import com.nimbusds.jose.JOSEException;
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderJwkSupport.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderJwkSupport.java
index 8accd3ed23..2e381ab758 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderJwkSupport.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderJwkSupport.java
@@ -15,6 +15,9 @@
  */
 package org.springframework.security.oauth2.jwt;
 
+import java.util.Collections;
+import java.util.Map;
+
 import org.springframework.core.convert.converter.Converter;
 import org.springframework.security.oauth2.core.OAuth2TokenValidator;
 import org.springframework.security.oauth2.jose.jws.JwsAlgorithms;
@@ -22,9 +25,6 @@ import org.springframework.security.oauth2.jose.jws.SignatureAlgorithm;
 import org.springframework.util.Assert;
 import org.springframework.web.client.RestOperations;
 
-import java.util.Collections;
-import java.util.Map;
-
 import static org.springframework.security.oauth2.jwt.NimbusJwtDecoder.withJwkSetUri;
 
 /**
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoder.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoder.java
index 2cbfbaf8ce..53a119cdb0 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoder.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoder.java
@@ -15,6 +15,18 @@
  */
 package org.springframework.security.oauth2.jwt;
 
+import java.security.interfaces.RSAPublicKey;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.LinkedHashMap;
+import java.util.Map;
+import java.util.Set;
+import java.util.function.Consumer;
+import java.util.function.Function;
+
+import javax.crypto.SecretKey;
+
 import com.nimbusds.jose.Header;
 import com.nimbusds.jose.JOSEException;
 import com.nimbusds.jose.JWSAlgorithm;
@@ -37,6 +49,9 @@ import com.nimbusds.jwt.SignedJWT;
 import com.nimbusds.jwt.proc.ConfigurableJWTProcessor;
 import com.nimbusds.jwt.proc.DefaultJWTProcessor;
 import com.nimbusds.jwt.proc.JWTProcessor;
+import reactor.core.publisher.Flux;
+import reactor.core.publisher.Mono;
+
 import org.springframework.core.convert.converter.Converter;
 import org.springframework.security.oauth2.core.OAuth2Error;
 import org.springframework.security.oauth2.core.OAuth2TokenValidator;
@@ -47,19 +62,6 @@ import org.springframework.security.oauth2.jose.jws.SignatureAlgorithm;
 import org.springframework.util.Assert;
 import org.springframework.util.StringUtils;
 import org.springframework.web.reactive.function.client.WebClient;
-import reactor.core.publisher.Flux;
-import reactor.core.publisher.Mono;
-
-import javax.crypto.SecretKey;
-import java.security.interfaces.RSAPublicKey;
-import java.util.Collection;
-import java.util.Collections;
-import java.util.HashSet;
-import java.util.LinkedHashMap;
-import java.util.Map;
-import java.util.Set;
-import java.util.function.Consumer;
-import java.util.function.Function;
 
 /**
  * An implementation of a {@link ReactiveJwtDecoder} that &quot;decodes&quot; a JSON Web
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveJWKSource.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveJWKSource.java
index a13866f122..40799f08a5 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveJWKSource.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveJWKSource.java
@@ -16,12 +16,12 @@
 
 package org.springframework.security.oauth2.jwt;
 
+import java.util.List;
+
 import com.nimbusds.jose.jwk.JWK;
 import com.nimbusds.jose.jwk.JWKSelector;
 import reactor.core.publisher.Mono;
 
-import java.util.List;
-
 /**
  * A reactive version of {@link com.nimbusds.jose.jwk.source.JWKSource}
  *
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveJWKSourceAdapter.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveJWKSourceAdapter.java
index 24da1b0984..a7a2dc8aa9 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveJWKSourceAdapter.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveJWKSourceAdapter.java
@@ -16,14 +16,14 @@
 
 package org.springframework.security.oauth2.jwt;
 
+import java.util.List;
+
 import com.nimbusds.jose.jwk.JWK;
 import com.nimbusds.jose.jwk.JWKSelector;
 import com.nimbusds.jose.jwk.source.JWKSource;
 import com.nimbusds.jose.proc.SecurityContext;
 import reactor.core.publisher.Mono;
 
-import java.util.List;
-
 /**
  * Adapts a {@link JWKSource} to a {@link ReactiveJWKSource} which must be non-blocking.
  *
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jose/TestKeys.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jose/TestKeys.java
index 4871860b55..23e9bb5d1f 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jose/TestKeys.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jose/TestKeys.java
@@ -23,6 +23,7 @@ import java.security.spec.InvalidKeySpecException;
 import java.security.spec.PKCS8EncodedKeySpec;
 import java.security.spec.X509EncodedKeySpec;
 import java.util.Base64;
+
 import javax.crypto.SecretKey;
 import javax.crypto.spec.SecretKeySpec;
 
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtClaimValidatorTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtClaimValidatorTests.java
index de223c8d76..32f47e1887 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtClaimValidatorTests.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtClaimValidatorTests.java
@@ -15,11 +15,12 @@
  */
 package org.springframework.security.oauth2.jwt;
 
-import org.junit.Test;
-import org.springframework.security.oauth2.core.OAuth2TokenValidatorResult;
-
 import java.util.function.Predicate;
 
+import org.junit.Test;
+
+import org.springframework.security.oauth2.core.OAuth2TokenValidatorResult;
+
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.springframework.security.oauth2.jwt.JwtClaimNames.ISS;
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtTests.java
index ba686bf90e..27eca21bfc 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtTests.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtTests.java
@@ -15,9 +15,6 @@
  */
 package org.springframework.security.oauth2.jwt;
 
-import org.junit.Test;
-import org.springframework.security.oauth2.jose.jws.JwsAlgorithms;
-
 import java.time.Instant;
 import java.util.Arrays;
 import java.util.Collections;
@@ -25,6 +22,10 @@ import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 
+import org.junit.Test;
+
+import org.springframework.security.oauth2.jose.jws.JwsAlgorithms;
+
 import static org.assertj.core.api.Assertions.assertThat;
 
 /**
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderTests.java
index 82cb1e729c..946c822d95 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderTests.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderTests.java
@@ -33,6 +33,7 @@ import java.util.Date;
 import java.util.List;
 import java.util.Map;
 import java.util.concurrent.Callable;
+
 import javax.crypto.SecretKey;
 
 import com.nimbusds.jose.JOSEObjectType;
@@ -56,8 +57,8 @@ import okhttp3.mockwebserver.MockWebServer;
 import org.assertj.core.api.Assertions;
 import org.junit.BeforeClass;
 import org.junit.Test;
-
 import org.mockito.ArgumentCaptor;
+
 import org.springframework.cache.Cache;
 import org.springframework.cache.concurrent.ConcurrentMapCache;
 import org.springframework.core.convert.converter.Converter;
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoderTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoderTests.java
index 2927e89441..30422bbdcc 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoderTests.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoderTests.java
@@ -29,6 +29,7 @@ import java.util.Base64;
 import java.util.Collections;
 import java.util.Date;
 import java.util.Map;
+
 import javax.crypto.SecretKey;
 
 import com.nimbusds.jose.JOSEObjectType;
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/ReactiveRemoteJWKSourceTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/ReactiveRemoteJWKSourceTests.java
index 15d952ed10..e995feaef2 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/ReactiveRemoteJWKSourceTests.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/ReactiveRemoteJWKSourceTests.java
@@ -16,6 +16,9 @@
 
 package org.springframework.security.oauth2.jwt;
 
+import java.util.Collections;
+import java.util.List;
+
 import com.nimbusds.jose.jwk.JWK;
 import com.nimbusds.jose.jwk.JWKMatcher;
 import com.nimbusds.jose.jwk.JWKSelector;
@@ -29,9 +32,6 @@ import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
 
-import java.util.Collections;
-import java.util.List;
-
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.when;
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerAuthenticationManagerResolver.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerAuthenticationManagerResolver.java
index 86db91c361..fe230c6605 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerAuthenticationManagerResolver.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerAuthenticationManagerResolver.java
@@ -22,6 +22,7 @@ import java.util.Collections;
 import java.util.Map;
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.function.Predicate;
+
 import javax.servlet.http.HttpServletRequest;
 
 import com.nimbusds.jwt.JWTParser;
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationEntryPoint.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationEntryPoint.java
index 06abfecd4e..b92d88ac19 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationEntryPoint.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationEntryPoint.java
@@ -18,6 +18,7 @@ package org.springframework.security.oauth2.server.resource.web;
 
 import java.util.LinkedHashMap;
 import java.util.Map;
+
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationFilter.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationFilter.java
index 5ffaab7f2e..034913e7e9 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationFilter.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationFilter.java
@@ -17,6 +17,7 @@
 package org.springframework.security.oauth2.server.resource.web;
 
 import java.io.IOException;
+
 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/DefaultBearerTokenResolver.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/DefaultBearerTokenResolver.java
index 25419df655..f83cbbd90e 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/DefaultBearerTokenResolver.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/DefaultBearerTokenResolver.java
@@ -18,6 +18,7 @@ package org.springframework.security.oauth2.server.resource.web;
 
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
+
 import javax.servlet.http.HttpServletRequest;
 
 import org.springframework.http.HttpHeaders;
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/HeaderBearerTokenResolver.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/HeaderBearerTokenResolver.java
index ff5c9a7ae2..abbabcd845 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/HeaderBearerTokenResolver.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/HeaderBearerTokenResolver.java
@@ -17,6 +17,7 @@
 package org.springframework.security.oauth2.server.resource.web;
 
 import javax.servlet.http.HttpServletRequest;
+
 import org.springframework.util.Assert;
 
 /**
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/access/BearerTokenAccessDeniedHandler.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/access/BearerTokenAccessDeniedHandler.java
index ab81fa900c..452f940d8c 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/access/BearerTokenAccessDeniedHandler.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/access/BearerTokenAccessDeniedHandler.java
@@ -16,6 +16,12 @@
 
 package org.springframework.security.oauth2.server.resource.web.access;
 
+import java.util.LinkedHashMap;
+import java.util.Map;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpStatus;
 import org.springframework.security.access.AccessDeniedException;
@@ -24,11 +30,6 @@ import org.springframework.security.oauth2.server.resource.BearerTokenErrorCodes
 import org.springframework.security.oauth2.server.resource.authentication.AbstractOAuth2TokenAuthenticationToken;
 import org.springframework.security.web.access.AccessDeniedHandler;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.util.LinkedHashMap;
-import java.util.Map;
-
 /**
  * Translates any {@link AccessDeniedException} into an HTTP response in accordance with
  * <a href="https://tools.ietf.org/html/rfc6750#section-3" target="_blank">RFC 6750
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/access/server/BearerTokenServerAccessDeniedHandler.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/access/server/BearerTokenServerAccessDeniedHandler.java
index 2a397afb9e..7b0c43c0ed 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/access/server/BearerTokenServerAccessDeniedHandler.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/access/server/BearerTokenServerAccessDeniedHandler.java
@@ -16,6 +16,13 @@
 
 package org.springframework.security.oauth2.server.resource.web.access.server;
 
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.LinkedHashMap;
+import java.util.Map;
+
+import reactor.core.publisher.Mono;
+
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpStatus;
 import org.springframework.security.access.AccessDeniedException;
@@ -24,12 +31,6 @@ import org.springframework.security.oauth2.server.resource.BearerTokenErrorCodes
 import org.springframework.security.oauth2.server.resource.authentication.AbstractOAuth2TokenAuthenticationToken;
 import org.springframework.security.web.server.authorization.ServerAccessDeniedHandler;
 import org.springframework.web.server.ServerWebExchange;
-import reactor.core.publisher.Mono;
-
-import java.util.Arrays;
-import java.util.Collection;
-import java.util.LinkedHashMap;
-import java.util.Map;
 
 /**
  * Translates any {@link AccessDeniedException} into an HTTP response in accordance with
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/server/BearerTokenServerAuthenticationEntryPoint.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/server/BearerTokenServerAuthenticationEntryPoint.java
index ee3beb886e..3e8ded5d9c 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/server/BearerTokenServerAuthenticationEntryPoint.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/server/BearerTokenServerAuthenticationEntryPoint.java
@@ -16,6 +16,11 @@
 
 package org.springframework.security.oauth2.server.resource.web.server;
 
+import java.util.LinkedHashMap;
+import java.util.Map;
+
+import reactor.core.publisher.Mono;
+
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.server.reactive.ServerHttpResponse;
@@ -28,10 +33,6 @@ import org.springframework.security.web.AuthenticationEntryPoint;
 import org.springframework.security.web.server.ServerAuthenticationEntryPoint;
 import org.springframework.util.StringUtils;
 import org.springframework.web.server.ServerWebExchange;
-import reactor.core.publisher.Mono;
-
-import java.util.LinkedHashMap;
-import java.util.Map;
 
 /**
  * An {@link AuthenticationEntryPoint} implementation used to commence authentication of
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/OAuth2IntrospectionAuthenticatedPrincipalTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/OAuth2IntrospectionAuthenticatedPrincipalTests.java
index b0cff1801f..2ebc828f33 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/OAuth2IntrospectionAuthenticatedPrincipalTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/OAuth2IntrospectionAuthenticatedPrincipalTests.java
@@ -16,9 +16,6 @@
 
 package org.springframework.security.oauth2.server.resource.introspection;
 
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatCode;
-
 import java.time.Instant;
 import java.util.Arrays;
 import java.util.Collection;
@@ -28,10 +25,14 @@ import java.util.List;
 import java.util.Map;
 
 import org.junit.Test;
+
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.oauth2.core.OAuth2AuthenticatedPrincipal;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatCode;
+
 /**
  * Tests for {@link OAuth2IntrospectionAuthenticatedPrincipal}
  *
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationFilterTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationFilterTests.java
index 065e41ed08..0525260526 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationFilterTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationFilterTests.java
@@ -16,6 +16,7 @@
 package org.springframework.security.oauth2.server.resource.web;
 
 import java.io.IOException;
+
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/access/BearerTokenAccessDeniedHandlerTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/access/BearerTokenAccessDeniedHandlerTests.java
index 7961b5a1f3..6e8c63769d 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/access/BearerTokenAccessDeniedHandlerTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/access/BearerTokenAccessDeniedHandlerTests.java
@@ -16,8 +16,12 @@
 
 package org.springframework.security.oauth2.server.resource.web.access;
 
+import java.util.Collections;
+import java.util.Map;
+
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.security.authentication.TestingAuthenticationToken;
@@ -25,9 +29,6 @@ import org.springframework.security.core.Authentication;
 import org.springframework.security.oauth2.core.AbstractOAuth2Token;
 import org.springframework.security.oauth2.server.resource.authentication.AbstractOAuth2TokenAuthenticationToken;
 
-import java.util.Collections;
-import java.util.Map;
-
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatCode;
 
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/access/server/BearerTokenServerAccessDeniedHandlerTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/access/server/BearerTokenServerAccessDeniedHandlerTests.java
index 5edb11aebf..856028a968 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/access/server/BearerTokenServerAccessDeniedHandlerTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/access/server/BearerTokenServerAccessDeniedHandlerTests.java
@@ -16,8 +16,14 @@
 
 package org.springframework.security.oauth2.server.resource.web.access.server;
 
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.Map;
+
 import org.junit.Before;
 import org.junit.Test;
+import reactor.core.publisher.Mono;
+
 import org.springframework.http.HttpStatus;
 import org.springframework.mock.http.server.reactive.MockServerHttpResponse;
 import org.springframework.security.authentication.TestingAuthenticationToken;
@@ -25,11 +31,6 @@ import org.springframework.security.core.Authentication;
 import org.springframework.security.oauth2.core.AbstractOAuth2Token;
 import org.springframework.security.oauth2.server.resource.authentication.AbstractOAuth2TokenAuthenticationToken;
 import org.springframework.web.server.ServerWebExchange;
-import reactor.core.publisher.Mono;
-
-import java.util.Arrays;
-import java.util.Collections;
-import java.util.Map;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatCode;
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/server/BearerTokenServerAuthenticationEntryPointTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/server/BearerTokenServerAuthenticationEntryPointTests.java
index a5e044252a..9b93b9236e 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/server/BearerTokenServerAuthenticationEntryPointTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/server/BearerTokenServerAuthenticationEntryPointTests.java
@@ -17,6 +17,7 @@
 package org.springframework.security.oauth2.server.resource.web.server;
 
 import org.junit.Test;
+
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpStatus;
 import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
@@ -28,7 +29,7 @@ import org.springframework.security.oauth2.core.OAuth2Error;
 import org.springframework.security.oauth2.core.OAuth2ErrorCodes;
 import org.springframework.security.oauth2.server.resource.BearerTokenError;
 
-import static org.assertj.core.api.Assertions.*;
+import static org.assertj.core.api.Assertions.assertThat;
 
 /**
  * @author Rob Winch
diff --git a/openid/src/main/java/org/springframework/security/openid/OpenID4JavaConsumer.java b/openid/src/main/java/org/springframework/security/openid/OpenID4JavaConsumer.java
index 65d6926568..d5783de5c4 100644
--- a/openid/src/main/java/org/springframework/security/openid/OpenID4JavaConsumer.java
+++ b/openid/src/main/java/org/springframework/security/openid/OpenID4JavaConsumer.java
@@ -38,6 +38,7 @@ import org.openid4java.message.ParameterList;
 import org.openid4java.message.ax.AxMessage;
 import org.openid4java.message.ax.FetchRequest;
 import org.openid4java.message.ax.FetchResponse;
+
 import org.springframework.util.StringUtils;
 
 /**
diff --git a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationFilter.java b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationFilter.java
index 89ff57f6d3..fe00a93c13 100644
--- a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationFilter.java
+++ b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationFilter.java
@@ -16,7 +16,22 @@
 
 package org.springframework.security.openid;
 
+import java.io.IOException;
+import java.io.UnsupportedEncodingException;
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.net.URLEncoder;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Map;
+import java.util.Set;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
 import org.openid4java.consumer.ConsumerException;
+
 import org.springframework.security.authentication.AuthenticationServiceException;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
@@ -25,15 +40,6 @@ import org.springframework.security.web.authentication.rememberme.AbstractRememb
 import org.springframework.util.Assert;
 import org.springframework.util.StringUtils;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-import java.io.UnsupportedEncodingException;
-import java.net.MalformedURLException;
-import java.net.URL;
-import java.net.URLEncoder;
-import java.util.*;
-
 /**
  * Filter which processes OpenID authentication requests.
  * <p>
diff --git a/openid/src/test/java/org/springframework/security/openid/OpenID4JavaConsumerTests.java b/openid/src/test/java/org/springframework/security/openid/OpenID4JavaConsumerTests.java
index f71600c629..09142e1e17 100644
--- a/openid/src/test/java/org/springframework/security/openid/OpenID4JavaConsumerTests.java
+++ b/openid/src/test/java/org/springframework/security/openid/OpenID4JavaConsumerTests.java
@@ -15,12 +15,10 @@
  */
 package org.springframework.security.openid;
 
-import static org.assertj.core.api.Assertions.*;
-import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
+import java.util.Arrays;
+import java.util.List;
 
-import org.junit.*;
+import org.junit.Test;
 import org.mockito.ArgumentMatchers;
 import org.openid4java.association.AssociationException;
 import org.openid4java.consumer.ConsumerException;
@@ -35,9 +33,14 @@ import org.openid4java.message.MessageException;
 import org.openid4java.message.ParameterList;
 import org.openid4java.message.ax.AxMessage;
 import org.openid4java.message.ax.FetchResponse;
+
 import org.springframework.mock.web.MockHttpServletRequest;
 
-import java.util.*;
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.fail;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
 
 /**
  * @author Luke Taylor
diff --git a/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationFilterTests.java b/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationFilterTests.java
index f01c669bd6..d5253fde1c 100644
--- a/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationFilterTests.java
+++ b/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationFilterTests.java
@@ -15,9 +15,6 @@
  */
 package org.springframework.security.openid;
 
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.Mockito.*;
-
 import java.net.URI;
 import java.util.Collections;
 
@@ -27,10 +24,17 @@ import javax.servlet.http.HttpServletResponse;
 
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.never;
+import static org.mockito.Mockito.verify;
+
 /**
  * @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are
  * <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to
diff --git a/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationProviderTests.java b/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationProviderTests.java
index bb1d2c10fc..de3e1a6b3d 100644
--- a/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationProviderTests.java
+++ b/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationProviderTests.java
@@ -16,10 +16,8 @@
 
 package org.springframework.security.openid;
 
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.fail;
-
 import org.junit.Test;
+
 import org.springframework.security.authentication.AuthenticationServiceException;
 import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
@@ -32,6 +30,9 @@ import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper;
 import org.springframework.security.core.userdetails.UserDetailsService;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.fail;
+
 /**
  * Tests {@link OpenIDAuthenticationProvider}
  *
diff --git a/remoting/src/main/java/org/springframework/security/remoting/httpinvoker/AuthenticationSimpleHttpInvokerRequestExecutor.java b/remoting/src/main/java/org/springframework/security/remoting/httpinvoker/AuthenticationSimpleHttpInvokerRequestExecutor.java
index 13cd7bc8ee..3768be9186 100644
--- a/remoting/src/main/java/org/springframework/security/remoting/httpinvoker/AuthenticationSimpleHttpInvokerRequestExecutor.java
+++ b/remoting/src/main/java/org/springframework/security/remoting/httpinvoker/AuthenticationSimpleHttpInvokerRequestExecutor.java
@@ -22,6 +22,7 @@ import java.util.Base64;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+
 import org.springframework.remoting.httpinvoker.SimpleHttpInvokerRequestExecutor;
 import org.springframework.security.authentication.AuthenticationTrustResolver;
 import org.springframework.security.authentication.AuthenticationTrustResolverImpl;
diff --git a/remoting/src/main/java/org/springframework/security/remoting/rmi/ContextPropagatingRemoteInvocation.java b/remoting/src/main/java/org/springframework/security/remoting/rmi/ContextPropagatingRemoteInvocation.java
index 475da26fcc..09bbd95c2a 100644
--- a/remoting/src/main/java/org/springframework/security/remoting/rmi/ContextPropagatingRemoteInvocation.java
+++ b/remoting/src/main/java/org/springframework/security/remoting/rmi/ContextPropagatingRemoteInvocation.java
@@ -16,17 +16,18 @@
 
 package org.springframework.security.remoting.rmi;
 
+import java.lang.reflect.InvocationTargetException;
+
 import org.aopalliance.intercept.MethodInvocation;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+
 import org.springframework.remoting.support.RemoteInvocation;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.SpringSecurityCoreVersion;
 import org.springframework.security.core.context.SecurityContextHolder;
 
-import java.lang.reflect.InvocationTargetException;
-
 /**
  * The actual {@code RemoteInvocation} that is passed from the client to the server.
  * <p>
diff --git a/remoting/src/test/java/org/springframework/security/remoting/dns/JndiDnsResolverTests.java b/remoting/src/test/java/org/springframework/security/remoting/dns/JndiDnsResolverTests.java
index 497daccdb0..67c48447b6 100644
--- a/remoting/src/test/java/org/springframework/security/remoting/dns/JndiDnsResolverTests.java
+++ b/remoting/src/test/java/org/springframework/security/remoting/dns/JndiDnsResolverTests.java
@@ -16,9 +16,6 @@
 
 package org.springframework.security.remoting.dns;
 
-import static org.assertj.core.api.Assertions.*;
-import static org.mockito.Mockito.*;
-
 import javax.naming.NameNotFoundException;
 import javax.naming.NamingException;
 import javax.naming.directory.Attributes;
@@ -29,6 +26,11 @@ import javax.naming.directory.DirContext;
 import org.junit.Before;
 import org.junit.Test;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
 /**
  * @author Mike Wiesner
  * @since 3.0
diff --git a/remoting/src/test/java/org/springframework/security/remoting/httpinvoker/AuthenticationSimpleHttpInvokerRequestExecutorTests.java b/remoting/src/test/java/org/springframework/security/remoting/httpinvoker/AuthenticationSimpleHttpInvokerRequestExecutorTests.java
index c266330ded..449b23532e 100644
--- a/remoting/src/test/java/org/springframework/security/remoting/httpinvoker/AuthenticationSimpleHttpInvokerRequestExecutorTests.java
+++ b/remoting/src/test/java/org/springframework/security/remoting/httpinvoker/AuthenticationSimpleHttpInvokerRequestExecutorTests.java
@@ -16,8 +16,6 @@
 
 package org.springframework.security.remoting.httpinvoker;
 
-import static org.assertj.core.api.Assertions.assertThat;
-
 import java.net.HttpURLConnection;
 import java.net.URL;
 import java.util.HashMap;
@@ -25,12 +23,15 @@ import java.util.Map;
 
 import org.junit.After;
 import org.junit.Test;
+
 import org.springframework.security.authentication.AnonymousAuthenticationToken;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.core.context.SecurityContextHolder;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 /**
  * Tests {@link AuthenticationSimpleHttpInvokerRequestExecutor}.
  *
diff --git a/remoting/src/test/java/org/springframework/security/remoting/rmi/ContextPropagatingRemoteInvocationTests.java b/remoting/src/test/java/org/springframework/security/remoting/rmi/ContextPropagatingRemoteInvocationTests.java
index 2f9779ca55..6a2f084c93 100644
--- a/remoting/src/test/java/org/springframework/security/remoting/rmi/ContextPropagatingRemoteInvocationTests.java
+++ b/remoting/src/test/java/org/springframework/security/remoting/rmi/ContextPropagatingRemoteInvocationTests.java
@@ -16,14 +16,12 @@
 
 package org.springframework.security.remoting.rmi;
 
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.fail;
-
 import java.lang.reflect.Method;
 
 import org.aopalliance.intercept.MethodInvocation;
 import org.junit.After;
 import org.junit.Test;
+
 import org.springframework.security.TargetObject;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
@@ -31,6 +29,9 @@ import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.util.SimpleMethodInvocation;
 import org.springframework.test.util.ReflectionTestUtils;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.fail;
+
 /**
  * Tests {@link ContextPropagatingRemoteInvocation} and
  * {@link ContextPropagatingRemoteInvocationFactory}.
diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/api/PayloadExchange.java b/rsocket/src/main/java/org/springframework/security/rsocket/api/PayloadExchange.java
index 4caa557536..e08708b570 100644
--- a/rsocket/src/main/java/org/springframework/security/rsocket/api/PayloadExchange.java
+++ b/rsocket/src/main/java/org/springframework/security/rsocket/api/PayloadExchange.java
@@ -17,6 +17,7 @@
 package org.springframework.security.rsocket.api;
 
 import io.rsocket.Payload;
+
 import org.springframework.util.MimeType;
 
 /**
diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/authentication/AnonymousPayloadInterceptor.java b/rsocket/src/main/java/org/springframework/security/rsocket/authentication/AnonymousPayloadInterceptor.java
index 292ac8a8ca..b3f9e2c9d4 100644
--- a/rsocket/src/main/java/org/springframework/security/rsocket/authentication/AnonymousPayloadInterceptor.java
+++ b/rsocket/src/main/java/org/springframework/security/rsocket/authentication/AnonymousPayloadInterceptor.java
@@ -16,18 +16,19 @@
 
 package org.springframework.security.rsocket.authentication;
 
+import java.util.List;
+
+import reactor.core.publisher.Mono;
+
 import org.springframework.core.Ordered;
 import org.springframework.security.authentication.AnonymousAuthenticationToken;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.core.context.ReactiveSecurityContextHolder;
-import org.springframework.util.Assert;
-import reactor.core.publisher.Mono;
-import org.springframework.security.rsocket.api.PayloadInterceptorChain;
 import org.springframework.security.rsocket.api.PayloadExchange;
 import org.springframework.security.rsocket.api.PayloadInterceptor;
-
-import java.util.List;
+import org.springframework.security.rsocket.api.PayloadInterceptorChain;
+import org.springframework.util.Assert;
 
 /**
  * If {@link ReactiveSecurityContextHolder} is empty populates an
diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadExchangeConverter.java b/rsocket/src/main/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadExchangeConverter.java
index fcd709b65b..cc084f6e07 100644
--- a/rsocket/src/main/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadExchangeConverter.java
+++ b/rsocket/src/main/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadExchangeConverter.java
@@ -16,11 +16,16 @@
 
 package org.springframework.security.rsocket.authentication;
 
+import java.nio.charset.StandardCharsets;
+import java.util.Map;
+
 import io.netty.buffer.ByteBuf;
 import io.netty.buffer.ByteBufAllocator;
 import io.rsocket.metadata.WellKnownMimeType;
 import io.rsocket.metadata.AuthMetadataCodec;
-import io.rsocket.metadata.WellKnownAuthType;
+import io.rsocket.metadata.security.WellKnownAuthType;
+import reactor.core.publisher.Mono;
+
 import org.springframework.core.codec.ByteArrayDecoder;
 import org.springframework.messaging.rsocket.DefaultMetadataExtractor;
 import org.springframework.messaging.rsocket.MetadataExtractor;
@@ -30,10 +35,6 @@ import org.springframework.security.oauth2.server.resource.BearerTokenAuthentica
 import org.springframework.security.rsocket.api.PayloadExchange;
 import org.springframework.util.MimeType;
 import org.springframework.util.MimeTypeUtils;
-import reactor.core.publisher.Mono;
-
-import java.nio.charset.StandardCharsets;
-import java.util.Map;
 
 /**
  * Converts from the {@link PayloadExchange} for <a href=
diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadInterceptor.java b/rsocket/src/main/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadInterceptor.java
index 0ec051a213..468ca39add 100644
--- a/rsocket/src/main/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadInterceptor.java
+++ b/rsocket/src/main/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadInterceptor.java
@@ -16,6 +16,8 @@
 
 package org.springframework.security.rsocket.authentication;
 
+import reactor.core.publisher.Mono;
+
 import org.springframework.core.Ordered;
 import org.springframework.security.authentication.ReactiveAuthenticationManager;
 import org.springframework.security.core.Authentication;
@@ -24,7 +26,6 @@ import org.springframework.security.rsocket.api.PayloadExchange;
 import org.springframework.security.rsocket.api.PayloadInterceptor;
 import org.springframework.security.rsocket.api.PayloadInterceptorChain;
 import org.springframework.util.Assert;
-import reactor.core.publisher.Mono;
 
 /**
  * Uses the provided {@code ReactiveAuthenticationManager} to authenticate a Payload. If
diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/authentication/BasicAuthenticationPayloadExchangeConverter.java b/rsocket/src/main/java/org/springframework/security/rsocket/authentication/BasicAuthenticationPayloadExchangeConverter.java
index eefb071a03..4da1b0db74 100644
--- a/rsocket/src/main/java/org/springframework/security/rsocket/authentication/BasicAuthenticationPayloadExchangeConverter.java
+++ b/rsocket/src/main/java/org/springframework/security/rsocket/authentication/BasicAuthenticationPayloadExchangeConverter.java
@@ -17,6 +17,8 @@
 package org.springframework.security.rsocket.authentication;
 
 import io.rsocket.metadata.WellKnownMimeType;
+import reactor.core.publisher.Mono;
+
 import org.springframework.messaging.rsocket.DefaultMetadataExtractor;
 import org.springframework.messaging.rsocket.MetadataExtractor;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
@@ -26,7 +28,6 @@ import org.springframework.security.rsocket.metadata.BasicAuthenticationDecoder;
 import org.springframework.security.rsocket.metadata.UsernamePasswordMetadata;
 import org.springframework.util.MimeType;
 import org.springframework.util.MimeTypeUtils;
-import reactor.core.publisher.Mono;
 
 /**
  * Converts from the {@link PayloadExchange} to a
diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/authentication/BearerPayloadExchangeConverter.java b/rsocket/src/main/java/org/springframework/security/rsocket/authentication/BearerPayloadExchangeConverter.java
index de0ffe5bc8..030b1d260f 100644
--- a/rsocket/src/main/java/org/springframework/security/rsocket/authentication/BearerPayloadExchangeConverter.java
+++ b/rsocket/src/main/java/org/springframework/security/rsocket/authentication/BearerPayloadExchangeConverter.java
@@ -16,15 +16,16 @@
 
 package org.springframework.security.rsocket.authentication;
 
+import java.nio.charset.StandardCharsets;
+
 import io.netty.buffer.ByteBuf;
 import io.rsocket.metadata.CompositeMetadata;
+import reactor.core.publisher.Mono;
+
 import org.springframework.security.core.Authentication;
 import org.springframework.security.oauth2.server.resource.BearerTokenAuthenticationToken;
 import org.springframework.security.rsocket.api.PayloadExchange;
 import org.springframework.security.rsocket.metadata.BearerTokenMetadata;
-import reactor.core.publisher.Mono;
-
-import java.nio.charset.StandardCharsets;
 
 /**
  * Converts from the {@link PayloadExchange} to a {@link BearerTokenAuthenticationToken}
diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/authentication/PayloadExchangeAuthenticationConverter.java b/rsocket/src/main/java/org/springframework/security/rsocket/authentication/PayloadExchangeAuthenticationConverter.java
index 25123f7aca..1b1e5d98ff 100644
--- a/rsocket/src/main/java/org/springframework/security/rsocket/authentication/PayloadExchangeAuthenticationConverter.java
+++ b/rsocket/src/main/java/org/springframework/security/rsocket/authentication/PayloadExchangeAuthenticationConverter.java
@@ -16,9 +16,10 @@
 
 package org.springframework.security.rsocket.authentication;
 
+import reactor.core.publisher.Mono;
+
 import org.springframework.security.core.Authentication;
 import org.springframework.security.rsocket.api.PayloadExchange;
-import reactor.core.publisher.Mono;
 
 /**
  * Converts from a {@link PayloadExchange} to an {@link Authentication}
diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/authorization/AuthorizationPayloadInterceptor.java b/rsocket/src/main/java/org/springframework/security/rsocket/authorization/AuthorizationPayloadInterceptor.java
index 3f323f8b69..bdaadec7eb 100644
--- a/rsocket/src/main/java/org/springframework/security/rsocket/authorization/AuthorizationPayloadInterceptor.java
+++ b/rsocket/src/main/java/org/springframework/security/rsocket/authorization/AuthorizationPayloadInterceptor.java
@@ -16,16 +16,17 @@
 
 package org.springframework.security.rsocket.authorization;
 
+import reactor.core.publisher.Mono;
+
 import org.springframework.core.Ordered;
 import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
 import org.springframework.security.authorization.ReactiveAuthorizationManager;
 import org.springframework.security.core.context.ReactiveSecurityContextHolder;
 import org.springframework.security.core.context.SecurityContext;
-import org.springframework.util.Assert;
-import reactor.core.publisher.Mono;
-import org.springframework.security.rsocket.api.PayloadInterceptorChain;
 import org.springframework.security.rsocket.api.PayloadExchange;
 import org.springframework.security.rsocket.api.PayloadInterceptor;
+import org.springframework.security.rsocket.api.PayloadInterceptorChain;
+import org.springframework.util.Assert;
 
 /**
  * Provides authorization of the {@link PayloadExchange}.
diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/authorization/PayloadExchangeMatcherReactiveAuthorizationManager.java b/rsocket/src/main/java/org/springframework/security/rsocket/authorization/PayloadExchangeMatcherReactiveAuthorizationManager.java
index 604efe22d5..aa132a8528 100644
--- a/rsocket/src/main/java/org/springframework/security/rsocket/authorization/PayloadExchangeMatcherReactiveAuthorizationManager.java
+++ b/rsocket/src/main/java/org/springframework/security/rsocket/authorization/PayloadExchangeMatcherReactiveAuthorizationManager.java
@@ -16,19 +16,20 @@
 
 package org.springframework.security.rsocket.authorization;
 
+import java.util.ArrayList;
+import java.util.List;
+
+import reactor.core.publisher.Flux;
+import reactor.core.publisher.Mono;
+
 import org.springframework.security.authorization.AuthorizationDecision;
 import org.springframework.security.authorization.ReactiveAuthorizationManager;
 import org.springframework.security.core.Authentication;
-import org.springframework.util.Assert;
-import reactor.core.publisher.Flux;
-import reactor.core.publisher.Mono;
 import org.springframework.security.rsocket.api.PayloadExchange;
 import org.springframework.security.rsocket.util.matcher.PayloadExchangeAuthorizationContext;
 import org.springframework.security.rsocket.util.matcher.PayloadExchangeMatcher;
 import org.springframework.security.rsocket.util.matcher.PayloadExchangeMatcherEntry;
-
-import java.util.ArrayList;
-import java.util.List;
+import org.springframework.util.Assert;
 
 /**
  * Maps a @{code List} of {@link PayloadExchangeMatcher} instances to
diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/core/ContextPayloadInterceptorChain.java b/rsocket/src/main/java/org/springframework/security/rsocket/core/ContextPayloadInterceptorChain.java
index 7efcc28239..319ba043cb 100644
--- a/rsocket/src/main/java/org/springframework/security/rsocket/core/ContextPayloadInterceptorChain.java
+++ b/rsocket/src/main/java/org/springframework/security/rsocket/core/ContextPayloadInterceptorChain.java
@@ -16,14 +16,15 @@
 
 package org.springframework.security.rsocket.core;
 
-import org.springframework.security.rsocket.api.PayloadExchange;
-import org.springframework.security.rsocket.api.PayloadInterceptor;
-import org.springframework.security.rsocket.api.PayloadInterceptorChain;
+import java.util.List;
+import java.util.ListIterator;
+
 import reactor.core.publisher.Mono;
 import reactor.util.context.Context;
 
-import java.util.List;
-import java.util.ListIterator;
+import org.springframework.security.rsocket.api.PayloadExchange;
+import org.springframework.security.rsocket.api.PayloadInterceptor;
+import org.springframework.security.rsocket.api.PayloadInterceptorChain;
 
 /**
  * A {@link PayloadInterceptorChain} which exposes the Reactor {@link Context} via a
diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/core/DefaultPayloadExchange.java b/rsocket/src/main/java/org/springframework/security/rsocket/core/DefaultPayloadExchange.java
index 7deba38628..e824c23f9e 100644
--- a/rsocket/src/main/java/org/springframework/security/rsocket/core/DefaultPayloadExchange.java
+++ b/rsocket/src/main/java/org/springframework/security/rsocket/core/DefaultPayloadExchange.java
@@ -17,6 +17,7 @@
 package org.springframework.security.rsocket.core;
 
 import io.rsocket.Payload;
+
 import org.springframework.security.rsocket.api.PayloadExchange;
 import org.springframework.security.rsocket.api.PayloadExchangeType;
 import org.springframework.util.Assert;
diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/core/PayloadInterceptorRSocket.java b/rsocket/src/main/java/org/springframework/security/rsocket/core/PayloadInterceptorRSocket.java
index ac122c3208..f297fe322b 100644
--- a/rsocket/src/main/java/org/springframework/security/rsocket/core/PayloadInterceptorRSocket.java
+++ b/rsocket/src/main/java/org/springframework/security/rsocket/core/PayloadInterceptorRSocket.java
@@ -16,18 +16,19 @@
 
 package org.springframework.security.rsocket.core;
 
+import java.util.List;
+
 import io.rsocket.Payload;
 import io.rsocket.RSocket;
 import io.rsocket.util.RSocketProxy;
 import org.reactivestreams.Publisher;
-import org.springframework.security.rsocket.api.PayloadExchangeType;
-import org.springframework.security.rsocket.api.PayloadInterceptor;
-import org.springframework.util.MimeType;
 import reactor.core.publisher.Flux;
 import reactor.core.publisher.Mono;
 import reactor.util.context.Context;
 
-import java.util.List;
+import org.springframework.security.rsocket.api.PayloadExchangeType;
+import org.springframework.security.rsocket.api.PayloadInterceptor;
+import org.springframework.util.MimeType;
 
 /**
  * Combines the {@link PayloadInterceptor} with an {@link RSocketProxy}
diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/core/PayloadSocketAcceptor.java b/rsocket/src/main/java/org/springframework/security/rsocket/core/PayloadSocketAcceptor.java
index fb07b9c1a5..848eae1cda 100644
--- a/rsocket/src/main/java/org/springframework/security/rsocket/core/PayloadSocketAcceptor.java
+++ b/rsocket/src/main/java/org/springframework/security/rsocket/core/PayloadSocketAcceptor.java
@@ -16,11 +16,16 @@
 
 package org.springframework.security.rsocket.core;
 
+import java.util.List;
+
 import io.rsocket.ConnectionSetupPayload;
 import io.rsocket.Payload;
 import io.rsocket.RSocket;
 import io.rsocket.SocketAcceptor;
 import io.rsocket.metadata.WellKnownMimeType;
+import reactor.core.publisher.Mono;
+import reactor.util.context.Context;
+
 import org.springframework.lang.Nullable;
 import org.springframework.security.rsocket.api.PayloadExchangeType;
 import org.springframework.security.rsocket.api.PayloadInterceptor;
@@ -28,10 +33,6 @@ import org.springframework.util.Assert;
 import org.springframework.util.MimeType;
 import org.springframework.util.MimeTypeUtils;
 import org.springframework.util.StringUtils;
-import reactor.core.publisher.Mono;
-import reactor.util.context.Context;
-
-import java.util.List;
 
 /**
  * @author Rob Winch
diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/core/PayloadSocketAcceptorInterceptor.java b/rsocket/src/main/java/org/springframework/security/rsocket/core/PayloadSocketAcceptorInterceptor.java
index 02402a6fe8..45af27cb83 100644
--- a/rsocket/src/main/java/org/springframework/security/rsocket/core/PayloadSocketAcceptorInterceptor.java
+++ b/rsocket/src/main/java/org/springframework/security/rsocket/core/PayloadSocketAcceptorInterceptor.java
@@ -16,17 +16,18 @@
 
 package org.springframework.security.rsocket.core;
 
+import java.util.List;
+
 import io.rsocket.SocketAcceptor;
 import io.rsocket.metadata.WellKnownMimeType;
 import io.rsocket.plugins.SocketAcceptorInterceptor;
+
 import org.springframework.lang.Nullable;
 import org.springframework.security.rsocket.api.PayloadInterceptor;
 import org.springframework.util.Assert;
 import org.springframework.util.MimeType;
 import org.springframework.util.MimeTypeUtils;
 
-import java.util.List;
-
 /**
  * A {@link SocketAcceptorInterceptor} that applies the {@link PayloadInterceptor}s
  *
diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/core/SecuritySocketAcceptorInterceptor.java b/rsocket/src/main/java/org/springframework/security/rsocket/core/SecuritySocketAcceptorInterceptor.java
index 73470acc74..9eeede18b5 100644
--- a/rsocket/src/main/java/org/springframework/security/rsocket/core/SecuritySocketAcceptorInterceptor.java
+++ b/rsocket/src/main/java/org/springframework/security/rsocket/core/SecuritySocketAcceptorInterceptor.java
@@ -18,6 +18,7 @@ package org.springframework.security.rsocket.core;
 
 import io.rsocket.SocketAcceptor;
 import io.rsocket.plugins.SocketAcceptorInterceptor;
+
 import org.springframework.util.Assert;
 
 /**
diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/metadata/BasicAuthenticationDecoder.java b/rsocket/src/main/java/org/springframework/security/rsocket/metadata/BasicAuthenticationDecoder.java
index ca673d6be9..85d75dc4e9 100644
--- a/rsocket/src/main/java/org/springframework/security/rsocket/metadata/BasicAuthenticationDecoder.java
+++ b/rsocket/src/main/java/org/springframework/security/rsocket/metadata/BasicAuthenticationDecoder.java
@@ -16,15 +16,16 @@
 
 package org.springframework.security.rsocket.metadata;
 
+import java.util.Map;
+
 import org.reactivestreams.Publisher;
+import reactor.core.publisher.Flux;
+import reactor.core.publisher.Mono;
+
 import org.springframework.core.ResolvableType;
 import org.springframework.core.codec.AbstractDecoder;
 import org.springframework.core.io.buffer.DataBuffer;
 import org.springframework.util.MimeType;
-import reactor.core.publisher.Flux;
-import reactor.core.publisher.Mono;
-
-import java.util.Map;
 
 /**
  * Decodes {@link UsernamePasswordMetadata#BASIC_AUTHENTICATION_MIME_TYPE}
diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/metadata/BasicAuthenticationEncoder.java b/rsocket/src/main/java/org/springframework/security/rsocket/metadata/BasicAuthenticationEncoder.java
index 596e4d11d0..327c900e03 100644
--- a/rsocket/src/main/java/org/springframework/security/rsocket/metadata/BasicAuthenticationEncoder.java
+++ b/rsocket/src/main/java/org/springframework/security/rsocket/metadata/BasicAuthenticationEncoder.java
@@ -16,18 +16,19 @@
 
 package org.springframework.security.rsocket.metadata;
 
+import java.nio.ByteBuffer;
+import java.nio.charset.StandardCharsets;
+import java.util.Map;
+
 import org.reactivestreams.Publisher;
+import reactor.core.publisher.Flux;
+
 import org.springframework.core.ResolvableType;
 import org.springframework.core.codec.AbstractEncoder;
 import org.springframework.core.io.buffer.DataBuffer;
 import org.springframework.core.io.buffer.DataBufferFactory;
 import org.springframework.core.io.buffer.DataBufferUtils;
 import org.springframework.util.MimeType;
-import reactor.core.publisher.Flux;
-
-import java.nio.ByteBuffer;
-import java.nio.charset.StandardCharsets;
-import java.util.Map;
 
 /**
  * Encodes {@link UsernamePasswordMetadata#BASIC_AUTHENTICATION_MIME_TYPE}
diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/metadata/BearerTokenAuthenticationEncoder.java b/rsocket/src/main/java/org/springframework/security/rsocket/metadata/BearerTokenAuthenticationEncoder.java
index 2f5f51c451..ac7c61496a 100644
--- a/rsocket/src/main/java/org/springframework/security/rsocket/metadata/BearerTokenAuthenticationEncoder.java
+++ b/rsocket/src/main/java/org/springframework/security/rsocket/metadata/BearerTokenAuthenticationEncoder.java
@@ -16,10 +16,14 @@
 
 package org.springframework.security.rsocket.metadata;
 
+import java.util.Map;
+
 import io.netty.buffer.ByteBuf;
 import io.netty.buffer.ByteBufAllocator;
 import io.rsocket.metadata.AuthMetadataCodec;
 import org.reactivestreams.Publisher;
+import reactor.core.publisher.Flux;
+
 import org.springframework.core.ResolvableType;
 import org.springframework.core.codec.AbstractEncoder;
 import org.springframework.core.io.buffer.DataBuffer;
@@ -27,9 +31,6 @@ import org.springframework.core.io.buffer.DataBufferFactory;
 import org.springframework.core.io.buffer.NettyDataBufferFactory;
 import org.springframework.util.MimeType;
 import org.springframework.util.MimeTypeUtils;
-import reactor.core.publisher.Flux;
-
-import java.util.Map;
 
 /**
  * Encodes <a href=
diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/metadata/SimpleAuthenticationEncoder.java b/rsocket/src/main/java/org/springframework/security/rsocket/metadata/SimpleAuthenticationEncoder.java
index 01f31b172d..4bbc479f98 100644
--- a/rsocket/src/main/java/org/springframework/security/rsocket/metadata/SimpleAuthenticationEncoder.java
+++ b/rsocket/src/main/java/org/springframework/security/rsocket/metadata/SimpleAuthenticationEncoder.java
@@ -16,10 +16,14 @@
 
 package org.springframework.security.rsocket.metadata;
 
+import java.util.Map;
+
 import io.netty.buffer.ByteBuf;
 import io.netty.buffer.ByteBufAllocator;
 import io.rsocket.metadata.AuthMetadataCodec;
 import org.reactivestreams.Publisher;
+import reactor.core.publisher.Flux;
+
 import org.springframework.core.ResolvableType;
 import org.springframework.core.codec.AbstractEncoder;
 import org.springframework.core.io.buffer.DataBuffer;
@@ -27,9 +31,6 @@ import org.springframework.core.io.buffer.DataBufferFactory;
 import org.springframework.core.io.buffer.NettyDataBufferFactory;
 import org.springframework.util.MimeType;
 import org.springframework.util.MimeTypeUtils;
-import reactor.core.publisher.Flux;
-
-import java.util.Map;
 
 /**
  * Encodes <a href=
diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/metadata/UsernamePasswordMetadata.java b/rsocket/src/main/java/org/springframework/security/rsocket/metadata/UsernamePasswordMetadata.java
index 946e5227a7..de32ecc872 100644
--- a/rsocket/src/main/java/org/springframework/security/rsocket/metadata/UsernamePasswordMetadata.java
+++ b/rsocket/src/main/java/org/springframework/security/rsocket/metadata/UsernamePasswordMetadata.java
@@ -17,6 +17,7 @@
 package org.springframework.security.rsocket.metadata;
 
 import io.rsocket.Payload;
+
 import org.springframework.http.MediaType;
 import org.springframework.util.MimeType;
 
diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/util/matcher/PayloadExchangeAuthorizationContext.java b/rsocket/src/main/java/org/springframework/security/rsocket/util/matcher/PayloadExchangeAuthorizationContext.java
index 4f0882905d..7236d7f248 100644
--- a/rsocket/src/main/java/org/springframework/security/rsocket/util/matcher/PayloadExchangeAuthorizationContext.java
+++ b/rsocket/src/main/java/org/springframework/security/rsocket/util/matcher/PayloadExchangeAuthorizationContext.java
@@ -16,11 +16,11 @@
 
 package org.springframework.security.rsocket.util.matcher;
 
-import org.springframework.security.rsocket.api.PayloadExchange;
-
 import java.util.Collections;
 import java.util.Map;
 
+import org.springframework.security.rsocket.api.PayloadExchange;
+
 /**
  * @author Rob Winch
  * @since 5.2
diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/util/matcher/PayloadExchangeMatcher.java b/rsocket/src/main/java/org/springframework/security/rsocket/util/matcher/PayloadExchangeMatcher.java
index d1310eb15b..c50665eca2 100644
--- a/rsocket/src/main/java/org/springframework/security/rsocket/util/matcher/PayloadExchangeMatcher.java
+++ b/rsocket/src/main/java/org/springframework/security/rsocket/util/matcher/PayloadExchangeMatcher.java
@@ -15,13 +15,14 @@
  */
 package org.springframework.security.rsocket.util.matcher;
 
-import org.springframework.security.rsocket.api.PayloadExchange;
-import reactor.core.publisher.Mono;
-
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.Map;
 
+import reactor.core.publisher.Mono;
+
+import org.springframework.security.rsocket.api.PayloadExchange;
+
 /**
  * An interface for determining if a {@link PayloadExchangeMatcher} matches.
  *
diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/util/matcher/PayloadExchangeMatchers.java b/rsocket/src/main/java/org/springframework/security/rsocket/util/matcher/PayloadExchangeMatchers.java
index ac1558fcf4..264715cdb0 100644
--- a/rsocket/src/main/java/org/springframework/security/rsocket/util/matcher/PayloadExchangeMatchers.java
+++ b/rsocket/src/main/java/org/springframework/security/rsocket/util/matcher/PayloadExchangeMatchers.java
@@ -16,9 +16,10 @@
 
 package org.springframework.security.rsocket.util.matcher;
 
+import reactor.core.publisher.Mono;
+
 import org.springframework.security.rsocket.api.PayloadExchange;
 import org.springframework.security.rsocket.api.PayloadExchangeType;
-import reactor.core.publisher.Mono;
 
 /**
  * @author Rob Winch
diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/util/matcher/RoutePayloadExchangeMatcher.java b/rsocket/src/main/java/org/springframework/security/rsocket/util/matcher/RoutePayloadExchangeMatcher.java
index 27d63d7091..8496a5ffec 100644
--- a/rsocket/src/main/java/org/springframework/security/rsocket/util/matcher/RoutePayloadExchangeMatcher.java
+++ b/rsocket/src/main/java/org/springframework/security/rsocket/util/matcher/RoutePayloadExchangeMatcher.java
@@ -16,14 +16,15 @@
 
 package org.springframework.security.rsocket.util.matcher;
 
+import java.util.Map;
+import java.util.Optional;
+
+import reactor.core.publisher.Mono;
+
 import org.springframework.messaging.rsocket.MetadataExtractor;
 import org.springframework.security.rsocket.api.PayloadExchange;
 import org.springframework.util.Assert;
 import org.springframework.util.RouteMatcher;
-import reactor.core.publisher.Mono;
-
-import java.util.Map;
-import java.util.Optional;
 
 /**
  * FIXME: Pay attention to the package this goes into. It requires spring-messaging for
diff --git a/rsocket/src/test/java/org/springframework/security/rsocket/authentication/AnonymousPayloadInterceptorTests.java b/rsocket/src/test/java/org/springframework/security/rsocket/authentication/AnonymousPayloadInterceptorTests.java
index 87c354e0c9..5c6c5f8d14 100644
--- a/rsocket/src/test/java/org/springframework/security/rsocket/authentication/AnonymousPayloadInterceptorTests.java
+++ b/rsocket/src/test/java/org/springframework/security/rsocket/authentication/AnonymousPayloadInterceptorTests.java
@@ -16,11 +16,14 @@
 
 package org.springframework.security.rsocket.authentication;
 
+import java.util.List;
+
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.runners.MockitoJUnitRunner;
+
 import org.springframework.security.authentication.AnonymousAuthenticationToken;
 import org.springframework.security.authentication.TestingAuthenticationToken;
 import org.springframework.security.core.Authentication;
@@ -29,9 +32,8 @@ import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.core.context.ReactiveSecurityContextHolder;
 import org.springframework.security.rsocket.api.PayloadExchange;
 
-import java.util.List;
-
-import static org.assertj.core.api.Assertions.*;
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatCode;
 
 /**
  * @author Rob Winch
diff --git a/rsocket/src/test/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadInterceptorChain.java b/rsocket/src/test/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadInterceptorChain.java
index 68b3505aa4..b503f15bba 100644
--- a/rsocket/src/test/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadInterceptorChain.java
+++ b/rsocket/src/test/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadInterceptorChain.java
@@ -16,12 +16,13 @@
 
 package org.springframework.security.rsocket.authentication;
 
+import reactor.core.publisher.Mono;
+
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.ReactiveSecurityContextHolder;
 import org.springframework.security.core.context.SecurityContext;
-import reactor.core.publisher.Mono;
-import org.springframework.security.rsocket.api.PayloadInterceptorChain;
 import org.springframework.security.rsocket.api.PayloadExchange;
+import org.springframework.security.rsocket.api.PayloadInterceptorChain;
 
 /**
  * @author Rob Winch
diff --git a/rsocket/src/test/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadInterceptorTests.java b/rsocket/src/test/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadInterceptorTests.java
index 0cf10b8ecd..f360bf1b2e 100644
--- a/rsocket/src/test/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadInterceptorTests.java
+++ b/rsocket/src/test/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadInterceptorTests.java
@@ -16,6 +16,8 @@
 
 package org.springframework.security.rsocket.authentication;
 
+import java.util.Map;
+
 import io.netty.buffer.ByteBufAllocator;
 import io.netty.buffer.CompositeByteBuf;
 import io.rsocket.Payload;
@@ -28,6 +30,10 @@ import org.mockito.ArgumentCaptor;
 import org.mockito.Captor;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
+import reactor.core.publisher.Mono;
+import reactor.test.StepVerifier;
+import reactor.test.publisher.PublisherProbe;
+
 import org.springframework.core.ResolvableType;
 import org.springframework.core.io.buffer.DataBuffer;
 import org.springframework.core.io.buffer.DefaultDataBufferFactory;
@@ -37,21 +43,17 @@ import org.springframework.security.authentication.ReactiveAuthenticationManager
 import org.springframework.security.authentication.TestingAuthenticationToken;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
+import org.springframework.security.rsocket.api.PayloadExchange;
 import org.springframework.security.rsocket.api.PayloadExchangeType;
+import org.springframework.security.rsocket.api.PayloadInterceptorChain;
+import org.springframework.security.rsocket.core.DefaultPayloadExchange;
 import org.springframework.security.rsocket.metadata.BasicAuthenticationEncoder;
 import org.springframework.security.rsocket.metadata.UsernamePasswordMetadata;
 import org.springframework.util.MimeType;
 import org.springframework.util.MimeTypeUtils;
-import reactor.core.publisher.Mono;
-import reactor.test.StepVerifier;
-import reactor.test.publisher.PublisherProbe;
-import org.springframework.security.rsocket.core.DefaultPayloadExchange;
-import org.springframework.security.rsocket.api.PayloadInterceptorChain;
-import org.springframework.security.rsocket.api.PayloadExchange;
 
-import java.util.Map;
-
-import static org.assertj.core.api.Assertions.*;
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatCode;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
diff --git a/rsocket/src/test/java/org/springframework/security/rsocket/authorization/AuthorizationPayloadInterceptorTests.java b/rsocket/src/test/java/org/springframework/security/rsocket/authorization/AuthorizationPayloadInterceptorTests.java
index e47494e886..99f7de80f1 100644
--- a/rsocket/src/test/java/org/springframework/security/rsocket/authorization/AuthorizationPayloadInterceptorTests.java
+++ b/rsocket/src/test/java/org/springframework/security/rsocket/authorization/AuthorizationPayloadInterceptorTests.java
@@ -20,19 +20,20 @@ import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.runners.MockitoJUnitRunner;
+import reactor.core.publisher.Mono;
+import reactor.test.StepVerifier;
+import reactor.test.publisher.PublisherProbe;
+import reactor.util.context.Context;
+
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
 import org.springframework.security.authentication.TestingAuthenticationToken;
 import org.springframework.security.authorization.ReactiveAuthorizationManager;
 import org.springframework.security.core.context.ReactiveSecurityContextHolder;
-import reactor.core.publisher.Mono;
-import reactor.test.StepVerifier;
-import reactor.test.publisher.PublisherProbe;
-import reactor.util.context.Context;
-import org.springframework.security.rsocket.api.PayloadInterceptorChain;
 import org.springframework.security.rsocket.api.PayloadExchange;
+import org.springframework.security.rsocket.api.PayloadInterceptorChain;
 
-import static org.mockito.Matchers.any;
+import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.when;
 import static org.springframework.security.authorization.AuthenticatedReactiveAuthorizationManager.authenticated;
 import static org.springframework.security.authorization.AuthorityReactiveAuthorizationManager.hasRole;
diff --git a/rsocket/src/test/java/org/springframework/security/rsocket/authorization/PayloadExchangeMatcherReactiveAuthorizationManagerTests.java b/rsocket/src/test/java/org/springframework/security/rsocket/authorization/PayloadExchangeMatcherReactiveAuthorizationManagerTests.java
index f33546ac29..709ddfbf37 100644
--- a/rsocket/src/test/java/org/springframework/security/rsocket/authorization/PayloadExchangeMatcherReactiveAuthorizationManagerTests.java
+++ b/rsocket/src/test/java/org/springframework/security/rsocket/authorization/PayloadExchangeMatcherReactiveAuthorizationManagerTests.java
@@ -20,6 +20,8 @@ import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
+import reactor.core.publisher.Mono;
+
 import org.springframework.security.authorization.AuthorizationDecision;
 import org.springframework.security.authorization.ReactiveAuthorizationManager;
 import org.springframework.security.rsocket.api.PayloadExchange;
@@ -27,7 +29,6 @@ import org.springframework.security.rsocket.util.matcher.PayloadExchangeAuthoriz
 import org.springframework.security.rsocket.util.matcher.PayloadExchangeMatcher;
 import org.springframework.security.rsocket.util.matcher.PayloadExchangeMatcherEntry;
 import org.springframework.security.rsocket.util.matcher.PayloadExchangeMatchers;
-import reactor.core.publisher.Mono;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
diff --git a/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadInterceptorRSocketTests.java b/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadInterceptorRSocketTests.java
index c5c259de8f..6cf687eced 100644
--- a/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadInterceptorRSocketTests.java
+++ b/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadInterceptorRSocketTests.java
@@ -16,6 +16,10 @@
 
 package org.springframework.security.rsocket.core;
 
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
+
 import io.rsocket.Payload;
 import io.rsocket.RSocket;
 import io.rsocket.metadata.WellKnownMimeType;
@@ -28,6 +32,12 @@ import org.mockito.Mock;
 import org.mockito.runners.MockitoJUnitRunner;
 import org.mockito.stubbing.Answer;
 import org.reactivestreams.Publisher;
+import reactor.core.publisher.Flux;
+import reactor.core.publisher.Mono;
+import reactor.test.StepVerifier;
+import reactor.test.publisher.PublisherProbe;
+import reactor.test.publisher.TestPublisher;
+
 import org.springframework.http.MediaType;
 import org.springframework.security.authentication.TestingAuthenticationToken;
 import org.springframework.security.core.Authentication;
@@ -37,21 +47,11 @@ import org.springframework.security.rsocket.api.PayloadExchange;
 import org.springframework.security.rsocket.api.PayloadExchangeType;
 import org.springframework.security.rsocket.api.PayloadInterceptor;
 import org.springframework.security.rsocket.api.PayloadInterceptorChain;
-import org.springframework.security.rsocket.core.DefaultPayloadExchange;
-import org.springframework.security.rsocket.core.PayloadInterceptorRSocket;
 import org.springframework.util.MimeType;
 import org.springframework.util.MimeTypeUtils;
-import reactor.core.publisher.Flux;
-import reactor.core.publisher.Mono;
-import reactor.test.StepVerifier;
-import reactor.test.publisher.PublisherProbe;
-import reactor.test.publisher.TestPublisher;
 
-import java.util.Arrays;
-import java.util.Collections;
-import java.util.List;
-
-import static org.assertj.core.api.Assertions.*;
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatCode;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.Mockito.verify;
diff --git a/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadSocketAcceptorInterceptorTests.java b/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadSocketAcceptorInterceptorTests.java
index 225a95b776..3212bd1ae8 100644
--- a/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadSocketAcceptorInterceptorTests.java
+++ b/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadSocketAcceptorInterceptorTests.java
@@ -16,6 +16,9 @@
 
 package org.springframework.security.rsocket.core;
 
+import java.util.Arrays;
+import java.util.List;
+
 import io.rsocket.ConnectionSetupPayload;
 import io.rsocket.Payload;
 import io.rsocket.RSocket;
@@ -27,18 +30,14 @@ import org.junit.runner.RunWith;
 import org.mockito.ArgumentCaptor;
 import org.mockito.Mock;
 import org.mockito.runners.MockitoJUnitRunner;
+import reactor.core.publisher.Mono;
+
 import org.springframework.http.MediaType;
 import org.springframework.security.rsocket.api.PayloadExchange;
 import org.springframework.security.rsocket.api.PayloadInterceptor;
-import org.springframework.security.rsocket.core.PayloadInterceptorRSocket;
-import org.springframework.security.rsocket.core.PayloadSocketAcceptorInterceptor;
-import reactor.core.publisher.Mono;
-
-import java.util.Arrays;
-import java.util.List;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.Matchers.any;
+import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.when;
diff --git a/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadSocketAcceptorTests.java b/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadSocketAcceptorTests.java
index 6d907f604c..0c695fef6d 100644
--- a/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadSocketAcceptorTests.java
+++ b/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadSocketAcceptorTests.java
@@ -44,7 +44,7 @@ import org.springframework.security.rsocket.api.PayloadInterceptor;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatCode;
-import static org.mockito.Matchers.any;
+import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.when;
diff --git a/rsocket/src/test/java/org/springframework/security/rsocket/metadata/BasicAuthenticationDecoderTests.java b/rsocket/src/test/java/org/springframework/security/rsocket/metadata/BasicAuthenticationDecoderTests.java
index 258f29d8df..4c088123e4 100644
--- a/rsocket/src/test/java/org/springframework/security/rsocket/metadata/BasicAuthenticationDecoderTests.java
+++ b/rsocket/src/test/java/org/springframework/security/rsocket/metadata/BasicAuthenticationDecoderTests.java
@@ -16,14 +16,15 @@
 
 package org.springframework.security.rsocket.metadata;
 
+import java.util.Map;
+
 import org.junit.Test;
+import reactor.core.publisher.Mono;
+
 import org.springframework.core.ResolvableType;
 import org.springframework.core.io.buffer.DataBuffer;
 import org.springframework.core.io.buffer.DefaultDataBufferFactory;
 import org.springframework.util.MimeType;
-import reactor.core.publisher.Mono;
-
-import java.util.Map;
 
 import static org.assertj.core.api.Assertions.assertThat;
 
diff --git a/rsocket/src/test/java/org/springframework/security/rsocket/util/matcher/RoutePayloadExchangeMatcherTests.java b/rsocket/src/test/java/org/springframework/security/rsocket/util/matcher/RoutePayloadExchangeMatcherTests.java
index cf15b44ba3..6ecd661eb0 100644
--- a/rsocket/src/test/java/org/springframework/security/rsocket/util/matcher/RoutePayloadExchangeMatcherTests.java
+++ b/rsocket/src/test/java/org/springframework/security/rsocket/util/matcher/RoutePayloadExchangeMatcherTests.java
@@ -16,6 +16,9 @@
 
 package org.springframework.security.rsocket.util.matcher;
 
+import java.util.Collections;
+import java.util.Map;
+
 import io.rsocket.Payload;
 import io.rsocket.metadata.WellKnownMimeType;
 import org.junit.Before;
@@ -23,20 +26,18 @@ import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.runners.MockitoJUnitRunner;
+
 import org.springframework.http.MediaType;
 import org.springframework.messaging.rsocket.MetadataExtractor;
-import org.springframework.security.rsocket.core.DefaultPayloadExchange;
 import org.springframework.security.rsocket.api.PayloadExchange;
 import org.springframework.security.rsocket.api.PayloadExchangeType;
+import org.springframework.security.rsocket.core.DefaultPayloadExchange;
 import org.springframework.util.MimeType;
 import org.springframework.util.MimeTypeUtils;
 import org.springframework.util.RouteMatcher;
 
-import java.util.Collections;
-import java.util.Map;
-
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.Matchers.any;
+import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.when;
 
 /**
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/core/OpenSamlInitializationService.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/core/OpenSamlInitializationService.java
index 67e36d0593..25cf7269f2 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/core/OpenSamlInitializationService.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/core/OpenSamlInitializationService.java
@@ -20,6 +20,7 @@ import java.util.HashMap;
 import java.util.Map;
 import java.util.concurrent.atomic.AtomicBoolean;
 import java.util.function.Consumer;
+
 import javax.xml.XMLConstants;
 
 import net.shibboleth.utilities.java.support.xml.BasicParserPool;
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/AbstractSaml2AuthenticationRequest.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/AbstractSaml2AuthenticationRequest.java
index 486d8b26a4..49884728bc 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/AbstractSaml2AuthenticationRequest.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/AbstractSaml2AuthenticationRequest.java
@@ -16,11 +16,11 @@
 
 package org.springframework.security.saml2.provider.service.authentication;
 
+import java.nio.charset.Charset;
+
 import org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding;
 import org.springframework.util.Assert;
 
-import java.nio.charset.Charset;
-
 /**
  * Data holder for {@code AuthNRequest} parameters to be sent using either the
  * {@link Saml2MessageBinding#POST} or {@link Saml2MessageBinding#REDIRECT} binding. Data
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/DefaultSaml2AuthenticatedPrincipal.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/DefaultSaml2AuthenticatedPrincipal.java
index 5223c084ec..b282f581db 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/DefaultSaml2AuthenticatedPrincipal.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/DefaultSaml2AuthenticatedPrincipal.java
@@ -16,12 +16,12 @@
 
 package org.springframework.security.saml2.provider.service.authentication;
 
-import org.springframework.util.Assert;
-
 import java.io.Serializable;
 import java.util.List;
 import java.util.Map;
 
+import org.springframework.util.Assert;
+
 /**
  * Default implementation of a {@link Saml2AuthenticatedPrincipal}.
  *
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProvider.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProvider.java
index c31f1f8f27..1980184f02 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProvider.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProvider.java
@@ -29,6 +29,7 @@ import java.util.List;
 import java.util.Map;
 import java.util.Set;
 import java.util.function.Function;
+
 import javax.annotation.Nonnull;
 
 import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticatedPrincipal.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticatedPrincipal.java
index 83cd4128c4..5996b0a4c5 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticatedPrincipal.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticatedPrincipal.java
@@ -16,14 +16,14 @@
 
 package org.springframework.security.saml2.provider.service.authentication;
 
-import org.springframework.lang.Nullable;
-import org.springframework.security.core.AuthenticatedPrincipal;
-import org.springframework.util.CollectionUtils;
-
 import java.util.Collections;
 import java.util.List;
 import java.util.Map;
 
+import org.springframework.lang.Nullable;
+import org.springframework.security.core.AuthenticatedPrincipal;
+import org.springframework.util.CollectionUtils;
+
 /**
  * Saml2 representation of an {@link AuthenticatedPrincipal}.
  *
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2Authentication.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2Authentication.java
index c4c2a9347e..d37792456b 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2Authentication.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2Authentication.java
@@ -16,14 +16,14 @@
 
 package org.springframework.security.saml2.provider.service.authentication;
 
+import java.util.Collection;
+
 import org.springframework.security.authentication.AbstractAuthenticationToken;
 import org.springframework.security.core.AuthenticatedPrincipal;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.util.Assert;
 
-import java.util.Collection;
-
 /**
  * An implementation of an {@link AbstractAuthenticationToken} that represents an
  * authenticated SAML 2.0 {@link Authentication}.
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationRequest.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationRequest.java
index fbcdbf4f1d..bb00ebcb36 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationRequest.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationRequest.java
@@ -16,14 +16,14 @@
 
 package org.springframework.security.saml2.provider.service.authentication;
 
-import org.springframework.security.saml2.credentials.Saml2X509Credential;
-import org.springframework.util.Assert;
-
 import java.util.Collection;
 import java.util.LinkedList;
 import java.util.List;
 import java.util.function.Consumer;
 
+import org.springframework.security.saml2.credentials.Saml2X509Credential;
+import org.springframework.util.Assert;
+
 /**
  * Data holder for information required to send an {@code AuthNRequest} from the service
  * provider to the identity provider
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2Utils.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2Utils.java
index b1efb7b1df..9bf270edeb 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2Utils.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2Utils.java
@@ -16,9 +16,6 @@
 
 package org.springframework.security.saml2.provider.service.authentication;
 
-import org.apache.commons.codec.binary.Base64;
-import org.springframework.security.saml2.Saml2Exception;
-
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 import java.util.zip.Deflater;
@@ -26,6 +23,10 @@ import java.util.zip.DeflaterOutputStream;
 import java.util.zip.Inflater;
 import java.util.zip.InflaterOutputStream;
 
+import org.apache.commons.codec.binary.Base64;
+
+import org.springframework.security.saml2.Saml2Exception;
+
 import static java.nio.charset.StandardCharsets.UTF_8;
 import static java.util.zip.Deflater.DEFLATED;
 
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/metadata/OpenSamlMetadataResolver.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/metadata/OpenSamlMetadataResolver.java
index c7b43e2637..d30439d3ee 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/metadata/OpenSamlMetadataResolver.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/metadata/OpenSamlMetadataResolver.java
@@ -21,6 +21,7 @@ import java.util.ArrayList;
 import java.util.Base64;
 import java.util.Collection;
 import java.util.List;
+
 import javax.xml.namespace.QName;
 
 import net.shibboleth.utilities.java.support.xml.SerializeSupport;
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/InMemoryRelyingPartyRegistrationRepository.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/InMemoryRelyingPartyRegistrationRepository.java
index df53cfa514..e8b199652a 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/InMemoryRelyingPartyRegistrationRepository.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/InMemoryRelyingPartyRegistrationRepository.java
@@ -16,14 +16,14 @@
 
 package org.springframework.security.saml2.provider.service.registration;
 
-import org.springframework.util.Assert;
-
 import java.util.Collection;
 import java.util.Collections;
 import java.util.Iterator;
 import java.util.LinkedHashMap;
 import java.util.Map;
 
+import org.springframework.util.Assert;
+
 import static java.util.Arrays.asList;
 import static org.springframework.util.Assert.notEmpty;
 import static org.springframework.util.Assert.notNull;
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistration.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistration.java
index 17dede124a..fea758f5a1 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistration.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistration.java
@@ -28,8 +28,6 @@ import java.util.function.Consumer;
 import java.util.function.Function;
 
 import org.springframework.security.saml2.core.Saml2X509Credential;
-import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails;
-import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.ProviderDetails;
 import org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationFilter;
 import org.springframework.util.Assert;
 
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationRequestFilter.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationRequestFilter.java
index 70b595cb45..96e5d072a9 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationRequestFilter.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationRequestFilter.java
@@ -17,6 +17,7 @@
 package org.springframework.security.saml2.provider.service.servlet.filter;
 
 import java.io.IOException;
+
 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/DefaultRelyingPartyRegistrationResolver.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/DefaultRelyingPartyRegistrationResolver.java
index c7acd46e51..e1b770f1cd 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/DefaultRelyingPartyRegistrationResolver.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/DefaultRelyingPartyRegistrationResolver.java
@@ -19,6 +19,7 @@ package org.springframework.security.saml2.provider.service.web;
 import java.util.HashMap;
 import java.util.Map;
 import java.util.function.Function;
+
 import javax.servlet.http.HttpServletRequest;
 
 import org.springframework.core.convert.converter.Converter;
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationTokenConverter.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationTokenConverter.java
index 29be8459f2..5e6e1d7816 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationTokenConverter.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationTokenConverter.java
@@ -20,6 +20,7 @@ import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 import java.util.zip.Inflater;
 import java.util.zip.InflaterOutputStream;
+
 import javax.servlet.http.HttpServletRequest;
 
 import org.apache.commons.codec.binary.Base64;
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilter.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilter.java
index 097d79ea11..d06f63d663 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilter.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilter.java
@@ -17,6 +17,7 @@
 package org.springframework.security.saml2.provider.service.web;
 
 import java.io.IOException;
+
 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/credentials/Saml2X509CredentialTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/credentials/Saml2X509CredentialTests.java
index db58fd8f5a..ec29a21fc5 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/credentials/Saml2X509CredentialTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/credentials/Saml2X509CredentialTests.java
@@ -16,17 +16,17 @@
 
 package org.springframework.security.saml2.credentials;
 
-import org.springframework.security.converter.RsaKeyConverters;
+import java.io.ByteArrayInputStream;
+import java.security.PrivateKey;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
 
 import org.junit.Before;
 import org.junit.Rule;
 import org.junit.Test;
 import org.junit.rules.ExpectedException;
 
-import java.io.ByteArrayInputStream;
-import java.security.PrivateKey;
-import java.security.cert.CertificateFactory;
-import java.security.cert.X509Certificate;
+import org.springframework.security.converter.RsaKeyConverters;
 
 import static java.nio.charset.StandardCharsets.UTF_8;
 import static org.springframework.security.saml2.credentials.Saml2X509Credential.Saml2X509CredentialType.DECRYPTION;
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/DefaultSaml2AuthenticatedPrincipalTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/DefaultSaml2AuthenticatedPrincipalTests.java
index fabb649f78..73d1bee9db 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/DefaultSaml2AuthenticatedPrincipalTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/DefaultSaml2AuthenticatedPrincipalTests.java
@@ -16,15 +16,15 @@
 
 package org.springframework.security.saml2.provider.service.authentication;
 
-import org.joda.time.DateTime;
-import org.junit.Test;
-
 import java.time.Instant;
 import java.util.Arrays;
 import java.util.LinkedHashMap;
 import java.util.List;
 import java.util.Map;
 
+import org.joda.time.DateTime;
+import org.junit.Test;
+
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatCode;
 
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProviderTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProviderTests.java
index 25fe55dca4..c9356536a7 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProviderTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProviderTests.java
@@ -27,6 +27,7 @@ import java.util.HashMap;
 import java.util.LinkedHashMap;
 import java.util.List;
 import java.util.Map;
+
 import javax.xml.namespace.QName;
 import javax.xml.parsers.DocumentBuilder;
 import javax.xml.parsers.DocumentBuilderFactory;
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationRequestFactoryTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationRequestFactoryTests.java
index 9f60be3e14..d204d8e361 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationRequestFactoryTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationRequestFactoryTests.java
@@ -23,9 +23,9 @@ import org.junit.Test;
 import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.springframework.security.saml2.credentials.TestSaml2X509Credentials.relyingPartySigningCredential;
 import static org.springframework.security.saml2.provider.service.authentication.Saml2Utils.samlDecode;
 import static org.springframework.security.saml2.provider.service.authentication.Saml2Utils.samlInflate;
-import static org.springframework.security.saml2.credentials.TestSaml2X509Credentials.relyingPartySigningCredential;
 
 /**
  * Tests for {@link Saml2AuthenticationRequestFactory} default interface methods
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationFilterTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationFilterTests.java
index 495cfa3498..6e7a086016 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationFilterTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationFilterTests.java
@@ -16,18 +16,19 @@
 
 package org.springframework.security.saml2.provider.service.servlet.filter;
 
+import javax.servlet.http.HttpServletResponse;
+
 import org.junit.Assert;
 import org.junit.Before;
 import org.junit.Rule;
 import org.junit.Test;
 import org.junit.rules.ExpectedException;
+
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationException;
 import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository;
 
-import javax.servlet.http.HttpServletResponse;
-
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.failBecauseExceptionWasNotThrown;
 import static org.mockito.Mockito.mock;
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationRequestFilterTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationRequestFilterTests.java
index 8a12be054d..7cd21c6c40 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationRequestFilterTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationRequestFilterTests.java
@@ -18,6 +18,7 @@ package org.springframework.security.saml2.provider.service.servlet.filter;
 
 import java.io.IOException;
 import java.nio.charset.StandardCharsets;
+
 import javax.servlet.ServletException;
 
 import org.junit.Before;
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationTokenConverterTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationTokenConverterTests.java
index 9889c5a793..dcfc97e310 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationTokenConverterTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationTokenConverterTests.java
@@ -18,6 +18,7 @@ package org.springframework.security.saml2.provider.service.web;
 
 import java.io.IOException;
 import java.nio.charset.StandardCharsets;
+
 import javax.servlet.http.HttpServletRequest;
 
 import org.junit.Test;
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilterTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilterTests.java
index afcee7b395..6d1b0455e9 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilterTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilterTests.java
@@ -16,8 +16,11 @@
 
 package org.springframework.security.saml2.provider.service.web;
 
+import javax.servlet.FilterChain;
+
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.security.saml2.provider.service.metadata.Saml2MetadataResolver;
@@ -25,8 +28,6 @@ import org.springframework.security.saml2.provider.service.registration.RelyingP
 import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 
-import javax.servlet.FilterChain;
-
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatCode;
 import static org.mockito.Mockito.mock;
diff --git a/taglibs/src/main/java/org/springframework/security/taglibs/TagLibConfig.java b/taglibs/src/main/java/org/springframework/security/taglibs/TagLibConfig.java
index fecf9288b9..9499636e10 100644
--- a/taglibs/src/main/java/org/springframework/security/taglibs/TagLibConfig.java
+++ b/taglibs/src/main/java/org/springframework/security/taglibs/TagLibConfig.java
@@ -16,11 +16,11 @@
 
 package org.springframework.security.taglibs;
 
+import javax.servlet.jsp.tagext.Tag;
+
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
-import javax.servlet.jsp.tagext.Tag;
-
 /**
  * internal configuration class for taglibs.
  *
diff --git a/taglibs/src/main/java/org/springframework/security/taglibs/authz/AccessControlListTag.java b/taglibs/src/main/java/org/springframework/security/taglibs/authz/AccessControlListTag.java
index f9ffb91dae..967adb5e47 100644
--- a/taglibs/src/main/java/org/springframework/security/taglibs/authz/AccessControlListTag.java
+++ b/taglibs/src/main/java/org/springframework/security/taglibs/authz/AccessControlListTag.java
@@ -27,6 +27,7 @@ import javax.servlet.jsp.tagext.TagSupport;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+
 import org.springframework.context.ApplicationContext;
 import org.springframework.security.access.PermissionEvaluator;
 import org.springframework.security.core.Authentication;
diff --git a/taglibs/src/main/java/org/springframework/security/taglibs/authz/AuthenticationTag.java b/taglibs/src/main/java/org/springframework/security/taglibs/authz/AuthenticationTag.java
index cb55b89aa2..84932cbf95 100644
--- a/taglibs/src/main/java/org/springframework/security/taglibs/authz/AuthenticationTag.java
+++ b/taglibs/src/main/java/org/springframework/security/taglibs/authz/AuthenticationTag.java
@@ -16,15 +16,6 @@
 
 package org.springframework.security.taglibs.authz;
 
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.context.SecurityContext;
-import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.security.web.util.TextEscapeUtils;
-
-import org.springframework.beans.BeanWrapperImpl;
-import org.springframework.beans.BeansException;
-import org.springframework.web.util.TagUtils;
-
 import java.io.IOException;
 
 import javax.servlet.jsp.JspException;
@@ -32,6 +23,14 @@ import javax.servlet.jsp.PageContext;
 import javax.servlet.jsp.tagext.Tag;
 import javax.servlet.jsp.tagext.TagSupport;
 
+import org.springframework.beans.BeanWrapperImpl;
+import org.springframework.beans.BeansException;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContext;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.web.util.TextEscapeUtils;
+import org.springframework.web.util.TagUtils;
+
 /**
  * An {@link javax.servlet.jsp.tagext.Tag} implementation that allows convenient access to
  * the current <code>Authentication</code> object.
diff --git a/taglibs/src/main/java/org/springframework/security/taglibs/authz/JspAuthorizeTag.java b/taglibs/src/main/java/org/springframework/security/taglibs/authz/JspAuthorizeTag.java
index 6584e3ee5e..5ec2dfc7d5 100644
--- a/taglibs/src/main/java/org/springframework/security/taglibs/authz/JspAuthorizeTag.java
+++ b/taglibs/src/main/java/org/springframework/security/taglibs/authz/JspAuthorizeTag.java
@@ -16,7 +16,7 @@
 package org.springframework.security.taglibs.authz;
 
 import java.io.IOException;
-import java.util.*;
+import java.util.List;
 
 import javax.servlet.ServletContext;
 import javax.servlet.ServletRequest;
diff --git a/taglibs/src/main/java/org/springframework/security/taglibs/csrf/AbstractCsrfTag.java b/taglibs/src/main/java/org/springframework/security/taglibs/csrf/AbstractCsrfTag.java
index 3dbe9cee9a..88fbf28043 100644
--- a/taglibs/src/main/java/org/springframework/security/taglibs/csrf/AbstractCsrfTag.java
+++ b/taglibs/src/main/java/org/springframework/security/taglibs/csrf/AbstractCsrfTag.java
@@ -16,11 +16,12 @@
 
 package org.springframework.security.taglibs.csrf;
 
-import org.springframework.security.web.csrf.CsrfToken;
+import java.io.IOException;
 
 import javax.servlet.jsp.JspException;
 import javax.servlet.jsp.tagext.TagSupport;
-import java.io.IOException;
+
+import org.springframework.security.web.csrf.CsrfToken;
 
 /**
  * An abstract tag for handling CSRF operations.
diff --git a/taglibs/src/test/java/org/springframework/security/taglibs/TldTests.java b/taglibs/src/test/java/org/springframework/security/taglibs/TldTests.java
index 24a69c89d5..038907f71f 100644
--- a/taglibs/src/test/java/org/springframework/security/taglibs/TldTests.java
+++ b/taglibs/src/test/java/org/springframework/security/taglibs/TldTests.java
@@ -16,12 +16,13 @@
 
 package org.springframework.security.taglibs;
 
-import org.junit.Test;
-import org.w3c.dom.Document;
+import java.io.File;
 
 import javax.xml.parsers.DocumentBuilder;
 import javax.xml.parsers.DocumentBuilderFactory;
-import java.io.File;
+
+import org.junit.Test;
+import org.w3c.dom.Document;
 
 import static org.assertj.core.api.Assertions.assertThat;
 
diff --git a/taglibs/src/test/java/org/springframework/security/taglibs/authz/AbstractAuthorizeTagTests.java b/taglibs/src/test/java/org/springframework/security/taglibs/authz/AbstractAuthorizeTagTests.java
index 26b6efff14..e8060964b4 100644
--- a/taglibs/src/test/java/org/springframework/security/taglibs/authz/AbstractAuthorizeTagTests.java
+++ b/taglibs/src/test/java/org/springframework/security/taglibs/authz/AbstractAuthorizeTagTests.java
@@ -15,14 +15,6 @@
  */
 package org.springframework.security.taglibs.authz;
 
-import static org.assertj.core.api.Assertions.*;
-
-import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.ArgumentMatchers.eq;
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
-
 import java.io.IOException;
 import java.util.Collections;
 
@@ -33,6 +25,7 @@ import javax.servlet.ServletResponse;
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.mock.web.MockServletContext;
@@ -44,6 +37,13 @@ import org.springframework.security.web.access.WebInvocationPrivilegeEvaluator;
 import org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler;
 import org.springframework.web.context.WebApplicationContext;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+
 /**
  * @author Rob Winch
  *
diff --git a/taglibs/src/test/java/org/springframework/security/taglibs/authz/AccessControlListTagTests.java b/taglibs/src/test/java/org/springframework/security/taglibs/authz/AccessControlListTagTests.java
index a37c2f974a..93df9244bd 100644
--- a/taglibs/src/test/java/org/springframework/security/taglibs/authz/AccessControlListTagTests.java
+++ b/taglibs/src/test/java/org/springframework/security/taglibs/authz/AccessControlListTagTests.java
@@ -15,10 +15,16 @@
  */
 package org.springframework.security.taglibs.authz;
 
-import static org.assertj.core.api.Assertions.*;
-import static org.mockito.Mockito.*;
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.servlet.ServletContext;
+import javax.servlet.jsp.tagext.Tag;
+
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
 
-import org.junit.*;
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.mock.web.MockPageContext;
@@ -29,9 +35,11 @@ import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.web.context.WebApplicationContext;
 
-import javax.servlet.ServletContext;
-import javax.servlet.jsp.tagext.Tag;
-import java.util.*;
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.verifyNoMoreInteractions;
+import static org.mockito.Mockito.when;
 
 /**
  * @author Luke Taylor
diff --git a/taglibs/src/test/java/org/springframework/security/taglibs/authz/AuthenticationTagTests.java b/taglibs/src/test/java/org/springframework/security/taglibs/authz/AuthenticationTagTests.java
index f4582fdcde..5dac768bf5 100644
--- a/taglibs/src/test/java/org/springframework/security/taglibs/authz/AuthenticationTagTests.java
+++ b/taglibs/src/test/java/org/springframework/security/taglibs/authz/AuthenticationTagTests.java
@@ -16,19 +16,21 @@
 
 package org.springframework.security.taglibs.authz;
 
-import static org.assertj.core.api.Assertions.*;
-
 import javax.servlet.jsp.JspException;
 import javax.servlet.jsp.tagext.Tag;
 
 import org.junit.After;
 import org.junit.Test;
+
 import org.springframework.security.authentication.TestingAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.core.userdetails.User;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.fail;
+
 /**
  * Tests {@link AuthenticationTag}.
  *
diff --git a/taglibs/src/test/java/org/springframework/security/taglibs/authz/AuthorizeTagTests.java b/taglibs/src/test/java/org/springframework/security/taglibs/authz/AuthorizeTagTests.java
index f9cd559ffc..b5ba3b9ae7 100644
--- a/taglibs/src/test/java/org/springframework/security/taglibs/authz/AuthorizeTagTests.java
+++ b/taglibs/src/test/java/org/springframework/security/taglibs/authz/AuthorizeTagTests.java
@@ -16,9 +16,6 @@
 
 package org.springframework.security.taglibs.authz;
 
-import static org.mockito.Mockito.*;
-import static org.assertj.core.api.Assertions.assertThat;
-
 import javax.servlet.jsp.JspException;
 import javax.servlet.jsp.tagext.Tag;
 
@@ -28,6 +25,7 @@ import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
+
 import org.springframework.beans.factory.support.BeanDefinitionBuilder;
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
@@ -42,6 +40,11 @@ import org.springframework.security.web.access.expression.DefaultWebSecurityExpr
 import org.springframework.web.context.WebApplicationContext;
 import org.springframework.web.context.support.StaticWebApplicationContext;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.ArgumentMatchers.anyString;
+import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.Mockito.when;
+
 /**
  * @author Francois Beausoleil
  * @author Luke Taylor
diff --git a/taglibs/src/test/java/org/springframework/security/taglibs/csrf/AbstractCsrfTagTests.java b/taglibs/src/test/java/org/springframework/security/taglibs/csrf/AbstractCsrfTagTests.java
index 45e5db311a..eaa680f080 100644
--- a/taglibs/src/test/java/org/springframework/security/taglibs/csrf/AbstractCsrfTagTests.java
+++ b/taglibs/src/test/java/org/springframework/security/taglibs/csrf/AbstractCsrfTagTests.java
@@ -15,8 +15,14 @@
  */
 package org.springframework.security.taglibs.csrf;
 
+import java.io.UnsupportedEncodingException;
+
+import javax.servlet.jsp.JspException;
+import javax.servlet.jsp.tagext.TagSupport;
+
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.mock.web.MockPageContext;
@@ -24,12 +30,7 @@ import org.springframework.mock.web.MockServletContext;
 import org.springframework.security.web.csrf.CsrfToken;
 import org.springframework.security.web.csrf.DefaultCsrfToken;
 
-import javax.servlet.jsp.JspException;
-import javax.servlet.jsp.tagext.TagSupport;
-
-import java.io.UnsupportedEncodingException;
-
-import static org.assertj.core.api.Assertions.*;
+import static org.assertj.core.api.Assertions.assertThat;
 
 /**
  * @author Nick Williams
diff --git a/taglibs/src/test/java/org/springframework/security/taglibs/csrf/CsrfInputTagTests.java b/taglibs/src/test/java/org/springframework/security/taglibs/csrf/CsrfInputTagTests.java
index 17b3bdec19..8b456428cc 100644
--- a/taglibs/src/test/java/org/springframework/security/taglibs/csrf/CsrfInputTagTests.java
+++ b/taglibs/src/test/java/org/springframework/security/taglibs/csrf/CsrfInputTagTests.java
@@ -17,10 +17,11 @@ package org.springframework.security.taglibs.csrf;
 
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.security.web.csrf.CsrfToken;
 import org.springframework.security.web.csrf.DefaultCsrfToken;
 
-import static org.assertj.core.api.Assertions.*;
+import static org.assertj.core.api.Assertions.assertThat;
 
 /**
  * @author Nick Williams
diff --git a/taglibs/src/test/java/org/springframework/security/taglibs/csrf/CsrfMetaTagsTagTests.java b/taglibs/src/test/java/org/springframework/security/taglibs/csrf/CsrfMetaTagsTagTests.java
index ae3e0b20ed..bc0c231396 100644
--- a/taglibs/src/test/java/org/springframework/security/taglibs/csrf/CsrfMetaTagsTagTests.java
+++ b/taglibs/src/test/java/org/springframework/security/taglibs/csrf/CsrfMetaTagsTagTests.java
@@ -17,10 +17,11 @@ package org.springframework.security.taglibs.csrf;
 
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.security.web.csrf.CsrfToken;
 import org.springframework.security.web.csrf.DefaultCsrfToken;
 
-import static org.assertj.core.api.Assertions.*;
+import static org.assertj.core.api.Assertions.assertThat;
 
 /**
  * @author Nick Williams
diff --git a/test/src/main/java/org/springframework/security/test/context/support/ReactorContextTestExecutionListener.java b/test/src/main/java/org/springframework/security/test/context/support/ReactorContextTestExecutionListener.java
index 5e1d95cc59..f35b37e705 100644
--- a/test/src/main/java/org/springframework/security/test/context/support/ReactorContextTestExecutionListener.java
+++ b/test/src/main/java/org/springframework/security/test/context/support/ReactorContextTestExecutionListener.java
@@ -17,6 +17,12 @@
 package org.springframework.security.test.context.support;
 
 import org.reactivestreams.Subscription;
+import reactor.core.CoreSubscriber;
+import reactor.core.publisher.Hooks;
+import reactor.core.publisher.Mono;
+import reactor.core.publisher.Operators;
+import reactor.util.context.Context;
+
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.ReactiveSecurityContextHolder;
 import org.springframework.security.core.context.SecurityContext;
@@ -25,11 +31,6 @@ import org.springframework.test.context.TestContext;
 import org.springframework.test.context.TestExecutionListener;
 import org.springframework.test.context.support.AbstractTestExecutionListener;
 import org.springframework.util.ClassUtils;
-import reactor.core.CoreSubscriber;
-import reactor.core.publisher.Hooks;
-import reactor.core.publisher.Mono;
-import reactor.core.publisher.Operators;
-import reactor.util.context.Context;
 
 /**
  * Sets up the Reactor Context with the Authentication from the TestSecurityContextHolder
diff --git a/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestBuilders.java b/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestBuilders.java
index 47a7c7e304..6bb7660bb6 100644
--- a/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestBuilders.java
+++ b/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestBuilders.java
@@ -15,6 +15,8 @@
  */
 package org.springframework.security.test.web.servlet.request;
 
+import javax.servlet.ServletContext;
+
 import org.springframework.beans.Mergeable;
 import org.springframework.http.MediaType;
 import org.springframework.mock.web.MockHttpServletRequest;
@@ -25,8 +27,6 @@ import org.springframework.test.web.servlet.request.MockHttpServletRequestBuilde
 import org.springframework.test.web.servlet.request.RequestPostProcessor;
 import org.springframework.web.util.UriComponentsBuilder;
 
-import javax.servlet.ServletContext;
-
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
 
diff --git a/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessors.java b/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessors.java
index a0fe23aa6b..1cfa77fee4 100644
--- a/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessors.java
+++ b/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessors.java
@@ -35,6 +35,7 @@ import java.util.Set;
 import java.util.function.Consumer;
 import java.util.function.Supplier;
 import java.util.stream.Collectors;
+
 import javax.servlet.ServletContext;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
diff --git a/test/src/main/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurer.java b/test/src/main/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurer.java
index da9ee1dd6e..b3808f25a3 100644
--- a/test/src/main/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurer.java
+++ b/test/src/main/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurer.java
@@ -15,6 +15,8 @@
  */
 package org.springframework.security.test.web.servlet.setup;
 
+import java.io.IOException;
+
 import javax.servlet.Filter;
 import javax.servlet.FilterChain;
 import javax.servlet.FilterConfig;
@@ -28,8 +30,6 @@ import org.springframework.test.web.servlet.setup.ConfigurableMockMvcBuilder;
 import org.springframework.test.web.servlet.setup.MockMvcConfigurerAdapter;
 import org.springframework.web.context.WebApplicationContext;
 
-import java.io.IOException;
-
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.testSecurityContext;
 
 /**
diff --git a/test/src/main/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurers.java b/test/src/main/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurers.java
index 1fa2af9be4..987c78ddac 100644
--- a/test/src/main/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurers.java
+++ b/test/src/main/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurers.java
@@ -15,11 +15,11 @@
  */
 package org.springframework.security.test.web.servlet.setup;
 
+import javax.servlet.Filter;
+
 import org.springframework.test.web.servlet.setup.MockMvcConfigurer;
 import org.springframework.util.Assert;
 
-import javax.servlet.Filter;
-
 /**
  * Provides Security related
  * {@link org.springframework.test.web.servlet.setup.MockMvcConfigurer} implementations.
diff --git a/test/src/test/java/org/springframework/security/test/context/TestSecurityContextHolderTests.java b/test/src/test/java/org/springframework/security/test/context/TestSecurityContextHolderTests.java
index 515b02558b..b1f3585a82 100644
--- a/test/src/test/java/org/springframework/security/test/context/TestSecurityContextHolderTests.java
+++ b/test/src/test/java/org/springframework/security/test/context/TestSecurityContextHolderTests.java
@@ -15,16 +15,17 @@
  */
 package org.springframework.security.test.context;
 
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.Mockito.mock;
-
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.core.context.SecurityContextHolder;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.Mockito.mock;
+
 public class TestSecurityContextHolderTests {
 
 	private SecurityContext context;
diff --git a/test/src/test/java/org/springframework/security/test/context/annotation/SecurityTestExecutionListenerTests.java b/test/src/test/java/org/springframework/security/test/context/annotation/SecurityTestExecutionListenerTests.java
index 8c46563128..ba752f72f5 100644
--- a/test/src/test/java/org/springframework/security/test/context/annotation/SecurityTestExecutionListenerTests.java
+++ b/test/src/test/java/org/springframework/security/test/context/annotation/SecurityTestExecutionListenerTests.java
@@ -15,19 +15,20 @@
  */
 package org.springframework.security.test.context.annotation;
 
-import static org.assertj.core.api.Assertions.assertThat;
+import java.security.Principal;
 
 import org.junit.Test;
 import org.junit.runner.RunWith;
+import reactor.core.publisher.Mono;
+import reactor.test.StepVerifier;
+
 import org.springframework.security.core.context.ReactiveSecurityContextHolder;
 import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.test.context.support.WithMockUser;
 import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
-import reactor.core.publisher.Mono;
-import reactor.test.StepVerifier;
 
-import java.security.Principal;
+import static org.assertj.core.api.Assertions.assertThat;
 
 @RunWith(SpringJUnit4ClassRunner.class)
 @SecurityTestExecutionListeners
diff --git a/test/src/test/java/org/springframework/security/test/context/showcase/CustomUserDetails.java b/test/src/test/java/org/springframework/security/test/context/showcase/CustomUserDetails.java
index f0857d1d20..e039d46bcb 100644
--- a/test/src/test/java/org/springframework/security/test/context/showcase/CustomUserDetails.java
+++ b/test/src/test/java/org/springframework/security/test/context/showcase/CustomUserDetails.java
@@ -15,12 +15,12 @@
  */
 package org.springframework.security.test.context.showcase;
 
+import java.util.Collection;
+
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.core.userdetails.UserDetails;
 
-import java.util.Collection;
-
 /**
  * @author Rob Winch
  */
diff --git a/test/src/test/java/org/springframework/security/test/context/showcase/WithMockUserParentTests.java b/test/src/test/java/org/springframework/security/test/context/showcase/WithMockUserParentTests.java
index 431f2b41fd..7586d93046 100644
--- a/test/src/test/java/org/springframework/security/test/context/showcase/WithMockUserParentTests.java
+++ b/test/src/test/java/org/springframework/security/test/context/showcase/WithMockUserParentTests.java
@@ -15,7 +15,8 @@
  */
 package org.springframework.security.test.context.showcase;
 
-import static org.assertj.core.api.Assertions.assertThat;
+import org.junit.Test;
+import org.junit.runner.RunWith;
 
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.ComponentScan;
@@ -26,8 +27,7 @@ import org.springframework.security.test.context.showcase.service.MessageService
 import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 
-import org.junit.Test;
-import org.junit.runner.RunWith;
+import static org.assertj.core.api.Assertions.assertThat;
 
 /**
  * @author Eddú Meléndez
diff --git a/test/src/test/java/org/springframework/security/test/context/showcase/WithMockUserTests.java b/test/src/test/java/org/springframework/security/test/context/showcase/WithMockUserTests.java
index b0c060c9cd..e81f698062 100644
--- a/test/src/test/java/org/springframework/security/test/context/showcase/WithMockUserTests.java
+++ b/test/src/test/java/org/springframework/security/test/context/showcase/WithMockUserTests.java
@@ -15,10 +15,9 @@
  */
 package org.springframework.security.test.context.showcase;
 
-import static org.assertj.core.api.Assertions.assertThat;
-
 import org.junit.Test;
 import org.junit.runner.RunWith;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.ComponentScan;
 import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
@@ -30,6 +29,8 @@ import org.springframework.security.test.context.support.WithMockUser;
 import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 /**
  * @author Rob Winch
  */
diff --git a/test/src/test/java/org/springframework/security/test/context/showcase/WithUserDetailsTests.java b/test/src/test/java/org/springframework/security/test/context/showcase/WithUserDetailsTests.java
index 4f2b36d35a..1df06646fb 100644
--- a/test/src/test/java/org/springframework/security/test/context/showcase/WithUserDetailsTests.java
+++ b/test/src/test/java/org/springframework/security/test/context/showcase/WithUserDetailsTests.java
@@ -15,10 +15,9 @@
  */
 package org.springframework.security.test.context.showcase;
 
-import static org.assertj.core.api.Assertions.assertThat;
-
 import org.junit.Test;
 import org.junit.runner.RunWith;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.ComponentScan;
@@ -35,6 +34,8 @@ import org.springframework.security.test.context.support.WithUserDetails;
 import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 /**
  * @author Rob Winch
  */
diff --git a/test/src/test/java/org/springframework/security/test/context/support/ReactorContextTestExecutionListenerTests.java b/test/src/test/java/org/springframework/security/test/context/support/ReactorContextTestExecutionListenerTests.java
index efb491b1db..82aa46912e 100644
--- a/test/src/test/java/org/springframework/security/test/context/support/ReactorContextTestExecutionListenerTests.java
+++ b/test/src/test/java/org/springframework/security/test/context/support/ReactorContextTestExecutionListenerTests.java
@@ -28,8 +28,6 @@ import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
-import org.springframework.security.core.context.ReactiveSecurityContextHolder;
-import org.springframework.security.core.context.SecurityContext;
 import reactor.core.publisher.Hooks;
 import reactor.core.publisher.Mono;
 import reactor.test.StepVerifier;
@@ -37,6 +35,8 @@ import reactor.test.StepVerifier;
 import org.springframework.core.OrderComparator;
 import org.springframework.security.authentication.TestingAuthenticationToken;
 import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.ReactiveSecurityContextHolder;
+import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.core.context.SecurityContextImpl;
 import org.springframework.security.test.context.TestSecurityContextHolder;
 import org.springframework.test.context.TestContext;
diff --git a/test/src/test/java/org/springframework/security/test/context/support/WithAnonymousUserTests.java b/test/src/test/java/org/springframework/security/test/context/support/WithAnonymousUserTests.java
index 1092a0973b..7922953309 100644
--- a/test/src/test/java/org/springframework/security/test/context/support/WithAnonymousUserTests.java
+++ b/test/src/test/java/org/springframework/security/test/context/support/WithAnonymousUserTests.java
@@ -17,6 +17,7 @@
 package org.springframework.security.test.context.support;
 
 import org.junit.Test;
+
 import org.springframework.core.annotation.AnnotatedElementUtils;
 
 import static org.assertj.core.api.Assertions.assertThat;
diff --git a/test/src/test/java/org/springframework/security/test/context/support/WithMockUserSecurityContextFactoryTests.java b/test/src/test/java/org/springframework/security/test/context/support/WithMockUserSecurityContextFactoryTests.java
index 6899c89aa6..5b3b87e1e8 100644
--- a/test/src/test/java/org/springframework/security/test/context/support/WithMockUserSecurityContextFactoryTests.java
+++ b/test/src/test/java/org/springframework/security/test/context/support/WithMockUserSecurityContextFactoryTests.java
@@ -15,15 +15,15 @@
  */
 package org.springframework.security.test.context.support;
 
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.Mockito.*;
-
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.Mockito.when;
+
 @RunWith(MockitoJUnitRunner.class)
 public class WithMockUserSecurityContextFactoryTests {
 
diff --git a/test/src/test/java/org/springframework/security/test/context/support/WithMockUserTests.java b/test/src/test/java/org/springframework/security/test/context/support/WithMockUserTests.java
index c60eaead3b..50f1cf76ab 100644
--- a/test/src/test/java/org/springframework/security/test/context/support/WithMockUserTests.java
+++ b/test/src/test/java/org/springframework/security/test/context/support/WithMockUserTests.java
@@ -16,11 +16,12 @@
 
 package org.springframework.security.test.context.support;
 
-import static org.assertj.core.api.Assertions.assertThat;
-
 import org.junit.Test;
+
 import org.springframework.core.annotation.AnnotatedElementUtils;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 public class WithMockUserTests {
 
 	@Test
diff --git a/test/src/test/java/org/springframework/security/test/context/support/WithSecurityContextTestExecutionListenerTests.java b/test/src/test/java/org/springframework/security/test/context/support/WithSecurityContextTestExecutionListenerTests.java
index 8b2c1dd8c8..3fd1c645c6 100644
--- a/test/src/test/java/org/springframework/security/test/context/support/WithSecurityContextTestExecutionListenerTests.java
+++ b/test/src/test/java/org/springframework/security/test/context/support/WithSecurityContextTestExecutionListenerTests.java
@@ -16,6 +16,9 @@
 
 package org.springframework.security.test.context.support;
 
+import java.lang.reflect.Method;
+import java.util.function.Supplier;
+
 import org.junit.After;
 import org.junit.ClassRule;
 import org.junit.Rule;
@@ -25,6 +28,7 @@ import org.mockito.ArgumentCaptor;
 import org.mockito.ArgumentMatchers;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.ApplicationContext;
 import org.springframework.context.annotation.Configuration;
@@ -37,10 +41,7 @@ import org.springframework.test.context.TestContext;
 import org.springframework.test.context.junit4.rules.SpringClassRule;
 import org.springframework.test.context.junit4.rules.SpringMethodRule;
 
-import java.lang.reflect.Method;
-import java.util.function.Supplier;
-
-import static org.assertj.core.api.Assertions.*;
+import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.Mockito.never;
diff --git a/test/src/test/java/org/springframework/security/test/context/support/WithUserDetailsSecurityContextFactoryTests.java b/test/src/test/java/org/springframework/security/test/context/support/WithUserDetailsSecurityContextFactoryTests.java
index 4cf7a1800b..5db8eff4f9 100644
--- a/test/src/test/java/org/springframework/security/test/context/support/WithUserDetailsSecurityContextFactoryTests.java
+++ b/test/src/test/java/org/springframework/security/test/context/support/WithUserDetailsSecurityContextFactoryTests.java
@@ -15,15 +15,13 @@
  */
 package org.springframework.security.test.context.support;
 
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
-
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
+import reactor.core.publisher.Mono;
+
 import org.springframework.beans.factory.BeanFactory;
 import org.springframework.beans.factory.BeanNotOfRequiredTypeException;
 import org.springframework.beans.factory.NoSuchBeanDefinitionException;
@@ -33,7 +31,9 @@ import org.springframework.security.core.userdetails.ReactiveUserDetailsService;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
 
-import reactor.core.publisher.Mono;
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
 
 @RunWith(MockitoJUnitRunner.class)
 public class WithUserDetailsSecurityContextFactoryTests {
diff --git a/test/src/test/java/org/springframework/security/test/context/support/WithUserDetailsTests.java b/test/src/test/java/org/springframework/security/test/context/support/WithUserDetailsTests.java
index cb3681b902..886bfc128c 100644
--- a/test/src/test/java/org/springframework/security/test/context/support/WithUserDetailsTests.java
+++ b/test/src/test/java/org/springframework/security/test/context/support/WithUserDetailsTests.java
@@ -15,12 +15,13 @@
  */
 package org.springframework.security.test.context.support;
 
-import static org.assertj.core.api.Assertions.assertThat;
-
 import org.junit.Test;
+
 import org.springframework.core.annotation.AnnotatedElementUtils;
 import org.springframework.core.annotation.AnnotationUtils;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 public class WithUserDetailsTests {
 
 	@Test
diff --git a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersAnnotatedTests.java b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersAnnotatedTests.java
index 540fe4c4fe..4289e4cfe0 100644
--- a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersAnnotatedTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersAnnotatedTests.java
@@ -20,6 +20,7 @@ import java.util.concurrent.ForkJoinPool;
 
 import org.junit.Test;
 import org.junit.runner.RunWith;
+
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.MediaType;
 import org.springframework.security.authentication.TestingAuthenticationToken;
diff --git a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersClassAnnotatedTests.java b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersClassAnnotatedTests.java
index 7c68c798f0..a0fcc549df 100644
--- a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersClassAnnotatedTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersClassAnnotatedTests.java
@@ -16,8 +16,11 @@
 
 package org.springframework.security.test.web.reactive.server;
 
+import java.security.Principal;
+
 import org.junit.Test;
 import org.junit.runner.RunWith;
+
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.MediaType;
 import org.springframework.security.core.Authentication;
@@ -28,8 +31,6 @@ import org.springframework.security.web.server.context.SecurityContextServerWebE
 import org.springframework.test.context.junit4.SpringRunner;
 import org.springframework.test.web.reactive.server.WebTestClient;
 
-import java.security.Principal;
-
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.mockUser;
 import static org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.springSecurity;
diff --git a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersTests.java b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersTests.java
index 4bd771830d..62135103a7 100644
--- a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersTests.java
@@ -16,7 +16,10 @@
 
 package org.springframework.security.test.web.reactive.server;
 
+import java.security.Principal;
+
 import org.junit.Test;
+
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
@@ -27,10 +30,11 @@ import org.springframework.security.web.server.context.SecurityContextServerWebE
 import org.springframework.security.web.server.csrf.CsrfWebFilter;
 import org.springframework.test.web.reactive.server.WebTestClient;
 
-import java.security.Principal;
-
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.*;
+import static org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.csrf;
+import static org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.mockAuthentication;
+import static org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.mockUser;
+import static org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.springSecurity;
 
 /**
  * @author Rob Winch
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/Sec2935Tests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/Sec2935Tests.java
index 00f9dff771..64f306fb7d 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/Sec2935Tests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/Sec2935Tests.java
@@ -15,17 +15,11 @@
  */
 package org.springframework.security.test.web.servlet.request;
 
-import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.user;
-import static org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.authenticated;
-import static org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.unauthenticated;
-import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.springSecurity;
-import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
-import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
-
 import org.junit.Before;
 import org.junit.Ignore;
 import org.junit.Test;
 import org.junit.runner.RunWith;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
@@ -40,6 +34,13 @@ import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.test.web.servlet.setup.MockMvcBuilders;
 import org.springframework.web.context.WebApplicationContext;
 
+import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.user;
+import static org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.authenticated;
+import static org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.unauthenticated;
+import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.springSecurity;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
+
 /**
  * @author Rob Winch
  */
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestBuildersFormLoginTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestBuildersFormLoginTests.java
index 5b3ba5f44e..24b64f990a 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestBuildersFormLoginTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestBuildersFormLoginTests.java
@@ -15,8 +15,11 @@
  */
 package org.springframework.security.test.web.servlet.request;
 
+import java.util.Arrays;
+
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.http.HttpMethod;
 import org.springframework.http.MediaType;
 import org.springframework.mock.web.MockHttpServletRequest;
@@ -29,8 +32,6 @@ import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
 import org.springframework.test.web.servlet.request.RequestPostProcessor;
 import org.springframework.test.web.servlet.setup.MockMvcBuilders;
 
-import java.util.Arrays;
-
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.mock;
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestBuildersFormLogoutTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestBuildersFormLogoutTests.java
index a65ba5a5d0..60ca04c417 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestBuildersFormLogoutTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestBuildersFormLogoutTests.java
@@ -15,8 +15,11 @@
  */
 package org.springframework.security.test.web.servlet.request;
 
+import java.util.Arrays;
+
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.http.HttpMethod;
 import org.springframework.http.MediaType;
 import org.springframework.mock.web.MockHttpServletRequest;
@@ -29,8 +32,6 @@ import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
 import org.springframework.test.web.servlet.request.RequestPostProcessor;
 import org.springframework.test.web.servlet.setup.MockMvcBuilders;
 
-import java.util.Arrays;
-
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.mock;
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsAuthenticationStatelessTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsAuthenticationStatelessTests.java
index a7dd2d0c4a..72c2fd2435 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsAuthenticationStatelessTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsAuthenticationStatelessTests.java
@@ -18,11 +18,12 @@ package org.springframework.security.test.web.servlet.request;
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.test.context.support.WithMockUser;
 import org.springframework.test.context.ContextConfiguration;
@@ -35,8 +36,8 @@ import org.springframework.web.bind.annotation.RestController;
 import org.springframework.web.context.WebApplicationContext;
 import org.springframework.web.servlet.config.annotation.EnableWebMvc;
 
-import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.*;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.user;
+import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.springSecurity;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
 
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsAuthenticationTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsAuthenticationTests.java
index 9a8f0d392f..d24f9a67ee 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsAuthenticationTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsAuthenticationTests.java
@@ -15,14 +15,6 @@
  */
 package org.springframework.security.test.web.servlet.request;
 
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.ArgumentMatchers.eq;
-import static org.mockito.Mockito.verify;
-import static org.powermock.api.mockito.PowerMockito.spy;
-import static org.powermock.api.mockito.PowerMockito.when;
-import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.authentication;
-
 import javax.servlet.http.HttpServletResponse;
 
 import org.junit.After;
@@ -35,6 +27,7 @@ import org.mockito.Mock;
 import org.powermock.core.classloader.annotations.PowerMockIgnore;
 import org.powermock.core.classloader.annotations.PrepareOnlyThisForTest;
 import org.powermock.modules.junit4.PowerMockRunner;
+
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContext;
@@ -42,6 +35,14 @@ import org.springframework.security.test.context.TestSecurityContextHolder;
 import org.springframework.security.test.web.support.WebTestUtils;
 import org.springframework.security.web.context.SecurityContextRepository;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.Mockito.verify;
+import static org.powermock.api.mockito.PowerMockito.spy;
+import static org.powermock.api.mockito.PowerMockito.when;
+import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.authentication;
+
 @RunWith(PowerMockRunner.class)
 @PrepareOnlyThisForTest(WebTestUtils.class)
 @PowerMockIgnore({ "javax.security.auth.*", "org.w3c.dom.*", "org.xml.sax.*", "org.apache.xerces.*",
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCertificateTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCertificateTests.java
index 0953513cdb..b7a275d170 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCertificateTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCertificateTests.java
@@ -15,14 +15,15 @@
  */
 package org.springframework.security.test.web.servlet.request;
 
+import java.security.cert.X509Certificate;
+
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
-import org.springframework.mock.web.MockHttpServletRequest;
 
-import java.security.cert.X509Certificate;
+import org.springframework.mock.web.MockHttpServletRequest;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.x509;
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCsrfDebugFilterTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCsrfDebugFilterTests.java
index 7c7d9923d0..c8e79f0fa5 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCsrfDebugFilterTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCsrfDebugFilterTests.java
@@ -17,6 +17,7 @@ package org.springframework.security.test.web.servlet.request;
 
 import org.junit.Test;
 import org.junit.runner.RunWith;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsDigestTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsDigestTests.java
index 412a3bce13..c3d65d4d5f 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsDigestTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsDigestTests.java
@@ -15,9 +15,16 @@
  */
 package org.springframework.security.test.web.servlet.request;
 
+import java.io.IOException;
+
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.mock.web.MockFilterChain;
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
@@ -28,11 +35,6 @@ import org.springframework.security.core.userdetails.User;
 import org.springframework.security.web.authentication.www.DigestAuthenticationEntryPoint;
 import org.springframework.security.web.authentication.www.DigestAuthenticationFilter;
 
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import java.io.IOException;
-
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.digest;
 
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsJwtTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsJwtTests.java
index 2e1e95039a..a1ea6ce8af 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsJwtTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsJwtTests.java
@@ -17,6 +17,7 @@ package org.springframework.security.test.web.servlet.request;
 
 import java.util.Arrays;
 import java.util.List;
+
 import javax.servlet.http.HttpServletResponse;
 
 import org.junit.After;
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsSecurityContextTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsSecurityContextTests.java
index 1c64417cfc..37c404ae0c 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsSecurityContextTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsSecurityContextTests.java
@@ -15,14 +15,6 @@
  */
 package org.springframework.security.test.web.servlet.request;
 
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.ArgumentMatchers.eq;
-import static org.mockito.Mockito.verify;
-import static org.powermock.api.mockito.PowerMockito.spy;
-import static org.powermock.api.mockito.PowerMockito.when;
-import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.securityContext;
-
 import javax.servlet.http.HttpServletResponse;
 
 import org.junit.After;
@@ -35,12 +27,21 @@ import org.mockito.Mock;
 import org.powermock.core.classloader.annotations.PowerMockIgnore;
 import org.powermock.core.classloader.annotations.PrepareOnlyThisForTest;
 import org.powermock.modules.junit4.PowerMockRunner;
+
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.test.context.TestSecurityContextHolder;
 import org.springframework.security.test.web.support.WebTestUtils;
 import org.springframework.security.web.context.SecurityContextRepository;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.Mockito.verify;
+import static org.powermock.api.mockito.PowerMockito.spy;
+import static org.powermock.api.mockito.PowerMockito.when;
+import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.securityContext;
+
 @RunWith(PowerMockRunner.class)
 @PrepareOnlyThisForTest(WebTestUtils.class)
 @PowerMockIgnore({ "javax.security.auth.*", "org.w3c.dom.*", "org.xml.sax.*", "org.apache.xerces.*",
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsTestSecurityContextStatelessTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsTestSecurityContextStatelessTests.java
index 6d30683d18..6d6a86e979 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsTestSecurityContextStatelessTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsTestSecurityContextStatelessTests.java
@@ -15,14 +15,17 @@
  */
 package org.springframework.security.test.web.servlet.request;
 
+import javax.servlet.Filter;
+
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.test.context.support.WithMockUser;
 import org.springframework.test.context.ContextConfiguration;
@@ -35,10 +38,7 @@ import org.springframework.web.bind.annotation.RestController;
 import org.springframework.web.context.WebApplicationContext;
 import org.springframework.web.servlet.config.annotation.EnableWebMvc;
 
-import javax.servlet.Filter;
-
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.testSecurityContext;
-
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
 
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsTestSecurityContextTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsTestSecurityContextTests.java
index 73f1b42f2d..236743d83a 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsTestSecurityContextTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsTestSecurityContextTests.java
@@ -15,13 +15,6 @@
  */
 package org.springframework.security.test.web.servlet.request;
 
-import static org.powermock.api.mockito.PowerMockito.*;
-import static org.mockito.Mockito.never;
-import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.eq;
-import static org.mockito.Mockito.any;
-import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.testSecurityContext;
-
 import javax.servlet.http.HttpServletResponse;
 
 import org.junit.After;
@@ -32,12 +25,21 @@ import org.mockito.Mock;
 import org.powermock.core.classloader.annotations.PowerMockIgnore;
 import org.powermock.core.classloader.annotations.PrepareOnlyThisForTest;
 import org.powermock.modules.junit4.PowerMockRunner;
+
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.test.context.TestSecurityContextHolder;
 import org.springframework.security.test.web.support.WebTestUtils;
 import org.springframework.security.web.context.SecurityContextRepository;
 
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.Mockito.never;
+import static org.mockito.Mockito.verify;
+import static org.powermock.api.mockito.PowerMockito.spy;
+import static org.powermock.api.mockito.PowerMockito.when;
+import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.testSecurityContext;
+
 @RunWith(PowerMockRunner.class)
 @PrepareOnlyThisForTest(WebTestUtils.class)
 @PowerMockIgnore({ "javax.security.auth.*", "org.w3c.dom.*", "org.xml.sax.*", "org.apache.xerces.*",
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsUserDetailsTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsUserDetailsTests.java
index 2e7bee6151..51b55c84db 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsUserDetailsTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsUserDetailsTests.java
@@ -15,14 +15,6 @@
  */
 package org.springframework.security.test.web.servlet.request;
 
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.ArgumentMatchers.eq;
-import static org.mockito.Mockito.verify;
-import static org.powermock.api.mockito.PowerMockito.spy;
-import static org.powermock.api.mockito.PowerMockito.when;
-import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.user;
-
 import javax.servlet.http.HttpServletResponse;
 
 import org.junit.After;
@@ -35,6 +27,7 @@ import org.mockito.Mock;
 import org.powermock.core.classloader.annotations.PowerMockIgnore;
 import org.powermock.core.classloader.annotations.PrepareOnlyThisForTest;
 import org.powermock.modules.junit4.PowerMockRunner;
+
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.context.SecurityContext;
@@ -43,6 +36,14 @@ import org.springframework.security.test.context.TestSecurityContextHolder;
 import org.springframework.security.test.web.support.WebTestUtils;
 import org.springframework.security.web.context.SecurityContextRepository;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.Mockito.verify;
+import static org.powermock.api.mockito.PowerMockito.spy;
+import static org.powermock.api.mockito.PowerMockito.when;
+import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.user;
+
 @RunWith(PowerMockRunner.class)
 @PrepareOnlyThisForTest(WebTestUtils.class)
 @PowerMockIgnore({ "javax.security.auth.*", "org.w3c.dom.*", "org.xml.sax.*", "org.apache.xerces.*",
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsUserTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsUserTests.java
index 02546f3a63..1ea0c37353 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsUserTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsUserTests.java
@@ -15,14 +15,6 @@
  */
 package org.springframework.security.test.web.servlet.request;
 
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.ArgumentMatchers.eq;
-import static org.mockito.Mockito.verify;
-import static org.powermock.api.mockito.PowerMockito.spy;
-import static org.powermock.api.mockito.PowerMockito.when;
-import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.user;
-
 import java.util.Arrays;
 import java.util.List;
 
@@ -38,6 +30,7 @@ import org.mockito.Mock;
 import org.powermock.core.classloader.annotations.PowerMockIgnore;
 import org.powermock.core.classloader.annotations.PrepareOnlyThisForTest;
 import org.powermock.modules.junit4.PowerMockRunner;
+
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.GrantedAuthority;
@@ -46,6 +39,14 @@ import org.springframework.security.test.context.TestSecurityContextHolder;
 import org.springframework.security.test.web.support.WebTestUtils;
 import org.springframework.security.web.context.SecurityContextRepository;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.Mockito.verify;
+import static org.powermock.api.mockito.PowerMockito.spy;
+import static org.powermock.api.mockito.PowerMockito.when;
+import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.user;
+
 @RunWith(PowerMockRunner.class)
 @PrepareOnlyThisForTest(WebTestUtils.class)
 @PowerMockIgnore({ "javax.security.auth.*", "org.w3c.dom.*", "org.xml.sax.*", "org.apache.xerces.*",
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/response/SecurityMockWithAuthoritiesMvcResultMatchersTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/response/SecurityMockWithAuthoritiesMvcResultMatchersTests.java
index 33ce9a23bd..fd83a9a39d 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/response/SecurityMockWithAuthoritiesMvcResultMatchersTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/response/SecurityMockWithAuthoritiesMvcResultMatchersTests.java
@@ -15,10 +15,6 @@
  */
 package org.springframework.security.test.web.servlet.response;
 
-import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.formLogin;
-import static org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.authenticated;
-import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.springSecurity;
-
 import java.util.ArrayList;
 import java.util.List;
 
@@ -45,6 +41,10 @@ import org.springframework.web.bind.annotation.RestController;
 import org.springframework.web.context.WebApplicationContext;
 import org.springframework.web.servlet.config.annotation.EnableWebMvc;
 
+import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.formLogin;
+import static org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.authenticated;
+import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.springSecurity;
+
 @RunWith(SpringJUnit4ClassRunner.class)
 @ContextConfiguration(classes = SecurityMockWithAuthoritiesMvcResultMatchersTests.Config.class)
 @WebAppConfiguration
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurerTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurerTests.java
index 97e19fbb17..1e0ce9e7ad 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurerTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurerTests.java
@@ -15,19 +15,20 @@
  */
 package org.springframework.security.test.web.servlet.setup;
 
+import javax.servlet.Filter;
+import javax.servlet.ServletContext;
+
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.ArgumentCaptor;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
+
 import org.springframework.security.config.BeanIds;
 import org.springframework.test.web.servlet.setup.ConfigurableMockMvcBuilder;
 import org.springframework.web.context.WebApplicationContext;
 
-import javax.servlet.Filter;
-import javax.servlet.ServletContext;
-
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.anyString;
 import static org.mockito.ArgumentMatchers.eq;
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurersTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurersTests.java
index 44e0452330..f65fca98c2 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurersTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurersTests.java
@@ -15,8 +15,11 @@
  */
 package org.springframework.security.test.web.servlet.setup;
 
+import javax.servlet.Filter;
+
 import org.junit.Test;
 import org.junit.runner.RunWith;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Import;
@@ -29,8 +32,6 @@ import org.springframework.test.web.servlet.setup.MockMvcBuilders;
 import org.springframework.web.context.WebApplicationContext;
 import org.springframework.web.servlet.config.annotation.EnableWebMvc;
 
-import javax.servlet.Filter;
-
 import static org.mockito.Mockito.mock;
 import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.springSecurity;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/CsrfShowcaseTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/CsrfShowcaseTests.java
index 99ee310c1c..915ce34cbe 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/CsrfShowcaseTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/CsrfShowcaseTests.java
@@ -15,15 +15,10 @@
  */
 package org.springframework.security.test.web.servlet.showcase.csrf;
 
-import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf;
-import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.springSecurity;
-import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
-import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.put;
-import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
-
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
@@ -37,6 +32,12 @@ import org.springframework.test.web.servlet.setup.MockMvcBuilders;
 import org.springframework.web.context.WebApplicationContext;
 import org.springframework.web.servlet.config.annotation.EnableWebMvc;
 
+import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf;
+import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.springSecurity;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.put;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
+
 @RunWith(SpringJUnit4ClassRunner.class)
 @ContextConfiguration(classes = CsrfShowcaseTests.Config.class)
 @WebAppConfiguration
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/CustomCsrfShowcaseTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/CustomCsrfShowcaseTests.java
index 211d5929d9..4fcc234014 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/CustomCsrfShowcaseTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/CustomCsrfShowcaseTests.java
@@ -15,16 +15,10 @@
  */
 package org.springframework.security.test.web.servlet.showcase.csrf;
 
-import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf;
-import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.springSecurity;
-import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
-import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
-import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.put;
-import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
-
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
@@ -41,6 +35,13 @@ import org.springframework.test.web.servlet.setup.MockMvcBuilders;
 import org.springframework.web.context.WebApplicationContext;
 import org.springframework.web.servlet.config.annotation.EnableWebMvc;
 
+import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf;
+import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.springSecurity;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.put;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
+
 @RunWith(SpringJUnit4ClassRunner.class)
 @ContextConfiguration(classes = CustomCsrfShowcaseTests.Config.class)
 @WebAppConfiguration
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/DefaultCsrfShowcaseTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/DefaultCsrfShowcaseTests.java
index 5c7480e343..23dbaac5aa 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/DefaultCsrfShowcaseTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/DefaultCsrfShowcaseTests.java
@@ -15,19 +15,15 @@
  */
 package org.springframework.security.test.web.servlet.showcase.csrf;
 
-import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.*;
-import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.springSecurity;
-import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.*;
-import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.*;
-
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 import org.springframework.test.context.web.WebAppConfiguration;
@@ -36,6 +32,13 @@ import org.springframework.test.web.servlet.setup.MockMvcBuilders;
 import org.springframework.web.context.WebApplicationContext;
 import org.springframework.web.servlet.config.annotation.EnableWebMvc;
 
+import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf;
+import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.springSecurity;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.put;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
+
 @RunWith(SpringJUnit4ClassRunner.class)
 @ContextConfiguration(classes = DefaultCsrfShowcaseTests.Config.class)
 @WebAppConfiguration
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/AuthenticationTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/AuthenticationTests.java
index 24665d3289..a243e28125 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/AuthenticationTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/AuthenticationTests.java
@@ -15,21 +15,15 @@
  */
 package org.springframework.security.test.web.servlet.showcase.login;
 
-import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.*;
-import static org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.*;
-import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.springSecurity;
-import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.*;
-import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.*;
-import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.*;
-
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.http.MediaType;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.core.userdetails.User;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
@@ -42,6 +36,15 @@ import org.springframework.test.web.servlet.setup.MockMvcBuilders;
 import org.springframework.web.context.WebApplicationContext;
 import org.springframework.web.servlet.config.annotation.EnableWebMvc;
 
+import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.formLogin;
+import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.httpBasic;
+import static org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.authenticated;
+import static org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.unauthenticated;
+import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.springSecurity;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.redirectedUrl;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
+
 @RunWith(SpringJUnit4ClassRunner.class)
 @ContextConfiguration(classes = AuthenticationTests.Config.class)
 @WebAppConfiguration
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomConfigAuthenticationTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomConfigAuthenticationTests.java
index 2edcd0e68a..b9af354c9f 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomConfigAuthenticationTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomConfigAuthenticationTests.java
@@ -15,21 +15,15 @@
  */
 package org.springframework.security.test.web.servlet.showcase.login;
 
-import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.*;
-import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.*;
-import static org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.*;
-import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.springSecurity;
-import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.*;
-import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.*;
-
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.core.userdetails.User;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
@@ -44,6 +38,15 @@ import org.springframework.test.web.servlet.setup.MockMvcBuilders;
 import org.springframework.web.context.WebApplicationContext;
 import org.springframework.web.servlet.config.annotation.EnableWebMvc;
 
+import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.formLogin;
+import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.user;
+import static org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.authenticated;
+import static org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.unauthenticated;
+import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.springSecurity;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.redirectedUrl;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
+
 @RunWith(SpringJUnit4ClassRunner.class)
 @ContextConfiguration(classes = CustomConfigAuthenticationTests.Config.class)
 @WebAppConfiguration
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomLoginRequestBuilderAuthenticationTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomLoginRequestBuilderAuthenticationTests.java
index 8fed1f3daa..4d6f952653 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomLoginRequestBuilderAuthenticationTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomLoginRequestBuilderAuthenticationTests.java
@@ -15,18 +15,15 @@
  */
 package org.springframework.security.test.web.servlet.showcase.login;
 
-import static org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.*;
-import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.springSecurity;
-import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.*;
-
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.core.userdetails.User;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
@@ -41,6 +38,12 @@ import org.springframework.test.web.servlet.setup.MockMvcBuilders;
 import org.springframework.web.context.WebApplicationContext;
 import org.springframework.web.servlet.config.annotation.EnableWebMvc;
 
+import static org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.authenticated;
+import static org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.unauthenticated;
+import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.springSecurity;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.redirectedUrl;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
+
 @RunWith(SpringJUnit4ClassRunner.class)
 @ContextConfiguration(classes = CustomLoginRequestBuilderAuthenticationTests.Config.class)
 @WebAppConfiguration
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/DefaultfSecurityRequestsTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/DefaultfSecurityRequestsTests.java
index db78fdeed0..1cd16f57a1 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/DefaultfSecurityRequestsTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/DefaultfSecurityRequestsTests.java
@@ -15,15 +15,10 @@
  */
 package org.springframework.security.test.web.servlet.showcase.secured;
 
-import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.*;
-import static org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.*;
-import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.springSecurity;
-import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
-import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
-
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
@@ -37,6 +32,14 @@ import org.springframework.test.web.servlet.setup.MockMvcBuilders;
 import org.springframework.web.context.WebApplicationContext;
 import org.springframework.web.servlet.config.annotation.EnableWebMvc;
 
+import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.anonymous;
+import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.user;
+import static org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.authenticated;
+import static org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.unauthenticated;
+import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.springSecurity;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
+
 @RunWith(SpringJUnit4ClassRunner.class)
 @ContextConfiguration(classes = DefaultfSecurityRequestsTests.Config.class)
 @WebAppConfiguration
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/SecurityRequestsTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/SecurityRequestsTests.java
index 964aa64793..89d9fdfb79 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/SecurityRequestsTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/SecurityRequestsTests.java
@@ -15,22 +15,17 @@
  */
 package org.springframework.security.test.web.servlet.showcase.secured;
 
-import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.*;
-import static org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.*;
-import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.springSecurity;
-import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.*;
-import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.*;
-
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.security.authentication.TestingAuthenticationToken;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
@@ -42,6 +37,13 @@ import org.springframework.test.web.servlet.setup.MockMvcBuilders;
 import org.springframework.web.context.WebApplicationContext;
 import org.springframework.web.servlet.config.annotation.EnableWebMvc;
 
+import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.authentication;
+import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.user;
+import static org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.authenticated;
+import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.springSecurity;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
+
 @RunWith(SpringJUnit4ClassRunner.class)
 @ContextConfiguration(classes = SecurityRequestsTests.Config.class)
 @WebAppConfiguration
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserAuthenticationTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserAuthenticationTests.java
index 8d18ae7c11..54e85ba39d 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserAuthenticationTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserAuthenticationTests.java
@@ -18,11 +18,12 @@ package org.springframework.security.test.web.servlet.showcase.secured;
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.test.context.support.WithMockUser;
 import org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers;
 import org.springframework.test.context.ContextConfiguration;
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserClassLevelAuthenticationTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserClassLevelAuthenticationTests.java
index fd2460f0ba..1c8b3c8ef6 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserClassLevelAuthenticationTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserClassLevelAuthenticationTests.java
@@ -15,15 +15,10 @@
  */
 package org.springframework.security.test.web.servlet.showcase.secured;
 
-import static org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.authenticated;
-import static org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.unauthenticated;
-import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.springSecurity;
-import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
-import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
-
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
@@ -39,6 +34,12 @@ import org.springframework.test.web.servlet.setup.MockMvcBuilders;
 import org.springframework.web.context.WebApplicationContext;
 import org.springframework.web.servlet.config.annotation.EnableWebMvc;
 
+import static org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.authenticated;
+import static org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.unauthenticated;
+import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.springSecurity;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
+
 @RunWith(SpringJUnit4ClassRunner.class)
 @ContextConfiguration(classes = WithUserClassLevelAuthenticationTests.Config.class)
 @WebAppConfiguration
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserDetailsAuthenticationTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserDetailsAuthenticationTests.java
index e5faa59067..2c242fcf7e 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserDetailsAuthenticationTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserDetailsAuthenticationTests.java
@@ -15,14 +15,10 @@
  */
 package org.springframework.security.test.web.servlet.showcase.secured;
 
-import static org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.authenticated;
-import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.springSecurity;
-import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
-import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
-
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
@@ -39,6 +35,11 @@ import org.springframework.test.web.servlet.setup.MockMvcBuilders;
 import org.springframework.web.context.WebApplicationContext;
 import org.springframework.web.servlet.config.annotation.EnableWebMvc;
 
+import static org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.authenticated;
+import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.springSecurity;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
+
 @RunWith(SpringJUnit4ClassRunner.class)
 @ContextConfiguration(classes = WithUserDetailsAuthenticationTests.Config.class)
 @WebAppConfiguration
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserDetailsClassLevelAuthenticationTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserDetailsClassLevelAuthenticationTests.java
index e6a0007a01..41d52a8529 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserDetailsClassLevelAuthenticationTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserDetailsClassLevelAuthenticationTests.java
@@ -18,12 +18,13 @@ package org.springframework.security.test.web.servlet.showcase.secured;
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.test.context.support.WithUserDetails;
 import org.springframework.test.context.ContextConfiguration;
diff --git a/web/src/main/java/org/springframework/security/web/AuthenticationEntryPoint.java b/web/src/main/java/org/springframework/security/web/AuthenticationEntryPoint.java
index b21dd85078..eb47070ccc 100644
--- a/web/src/main/java/org/springframework/security/web/AuthenticationEntryPoint.java
+++ b/web/src/main/java/org/springframework/security/web/AuthenticationEntryPoint.java
@@ -16,15 +16,15 @@
 
 package org.springframework.security.web;
 
-import org.springframework.security.core.AuthenticationException;
-import org.springframework.security.web.access.ExceptionTranslationFilter;
-
 import java.io.IOException;
 
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.access.ExceptionTranslationFilter;
+
 /**
  * Used by {@link ExceptionTranslationFilter} to commence an authentication scheme.
  *
diff --git a/web/src/main/java/org/springframework/security/web/DefaultRedirectStrategy.java b/web/src/main/java/org/springframework/security/web/DefaultRedirectStrategy.java
index e8db558a53..b995357de3 100644
--- a/web/src/main/java/org/springframework/security/web/DefaultRedirectStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/DefaultRedirectStrategy.java
@@ -22,6 +22,7 @@ import javax.servlet.http.HttpServletResponse;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+
 import org.springframework.security.web.util.UrlUtils;
 
 /**
diff --git a/web/src/main/java/org/springframework/security/web/DefaultSecurityFilterChain.java b/web/src/main/java/org/springframework/security/web/DefaultSecurityFilterChain.java
index 85d3efeab2..8b564650f4 100644
--- a/web/src/main/java/org/springframework/security/web/DefaultSecurityFilterChain.java
+++ b/web/src/main/java/org/springframework/security/web/DefaultSecurityFilterChain.java
@@ -15,13 +15,17 @@
  */
 package org.springframework.security.web;
 
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.springframework.security.web.util.matcher.RequestMatcher;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
 
 import javax.servlet.Filter;
 import javax.servlet.http.HttpServletRequest;
-import java.util.*;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import org.springframework.security.web.util.matcher.RequestMatcher;
 
 /**
  * Standard implementation of {@code SecurityFilterChain}.
diff --git a/web/src/main/java/org/springframework/security/web/FilterChainProxy.java b/web/src/main/java/org/springframework/security/web/FilterChainProxy.java
index 6796b3a6a2..20331a208c 100644
--- a/web/src/main/java/org/springframework/security/web/FilterChainProxy.java
+++ b/web/src/main/java/org/springframework/security/web/FilterChainProxy.java
@@ -16,20 +16,10 @@
 
 package org.springframework.security.web;
 
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.security.web.firewall.DefaultRequestRejectedHandler;
-import org.springframework.security.web.firewall.FirewalledRequest;
-import org.springframework.security.web.firewall.HttpFirewall;
-import org.springframework.security.web.firewall.RequestRejectedException;
-import org.springframework.security.web.firewall.RequestRejectedHandler;
-import org.springframework.security.web.firewall.StrictHttpFirewall;
-import org.springframework.security.web.util.matcher.RequestMatcher;
-import org.springframework.security.web.util.UrlUtils;
-import org.springframework.util.Assert;
-import org.springframework.web.filter.DelegatingFilterProxy;
-import org.springframework.web.filter.GenericFilterBean;
+import java.io.IOException;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
 
 import javax.servlet.Filter;
 import javax.servlet.FilterChain;
@@ -38,8 +28,22 @@ import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-import java.util.*;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.web.firewall.DefaultRequestRejectedHandler;
+import org.springframework.security.web.firewall.FirewalledRequest;
+import org.springframework.security.web.firewall.HttpFirewall;
+import org.springframework.security.web.firewall.RequestRejectedException;
+import org.springframework.security.web.firewall.RequestRejectedHandler;
+import org.springframework.security.web.firewall.StrictHttpFirewall;
+import org.springframework.security.web.util.UrlUtils;
+import org.springframework.security.web.util.matcher.RequestMatcher;
+import org.springframework.util.Assert;
+import org.springframework.web.filter.DelegatingFilterProxy;
+import org.springframework.web.filter.GenericFilterBean;
 
 /**
  * Delegates {@code Filter} requests to a list of Spring-managed filter beans. As of
diff --git a/web/src/main/java/org/springframework/security/web/PortResolverImpl.java b/web/src/main/java/org/springframework/security/web/PortResolverImpl.java
index ba89b6fba0..5ad6ba791c 100644
--- a/web/src/main/java/org/springframework/security/web/PortResolverImpl.java
+++ b/web/src/main/java/org/springframework/security/web/PortResolverImpl.java
@@ -16,10 +16,10 @@
 
 package org.springframework.security.web;
 
-import org.springframework.util.Assert;
-
 import javax.servlet.ServletRequest;
 
+import org.springframework.util.Assert;
+
 /**
  * Concrete implementation of {@link PortResolver} that obtains the port from
  * <tt>ServletRequest.getServerPort()</tt>.
diff --git a/web/src/main/java/org/springframework/security/web/SecurityFilterChain.java b/web/src/main/java/org/springframework/security/web/SecurityFilterChain.java
index 8ef72b0b67..49fefc5c06 100644
--- a/web/src/main/java/org/springframework/security/web/SecurityFilterChain.java
+++ b/web/src/main/java/org/springframework/security/web/SecurityFilterChain.java
@@ -15,9 +15,10 @@
  */
 package org.springframework.security.web;
 
+import java.util.List;
+
 import javax.servlet.Filter;
 import javax.servlet.http.HttpServletRequest;
-import java.util.*;
 
 /**
  * Defines a filter chain which is capable of being matched against an
diff --git a/web/src/main/java/org/springframework/security/web/access/AccessDeniedHandler.java b/web/src/main/java/org/springframework/security/web/access/AccessDeniedHandler.java
index 28b73013c2..8c4495ca6f 100644
--- a/web/src/main/java/org/springframework/security/web/access/AccessDeniedHandler.java
+++ b/web/src/main/java/org/springframework/security/web/access/AccessDeniedHandler.java
@@ -16,14 +16,14 @@
 
 package org.springframework.security.web.access;
 
-import org.springframework.security.access.AccessDeniedException;
-
 import java.io.IOException;
 
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.springframework.security.access.AccessDeniedException;
+
 /**
  * Used by {@link ExceptionTranslationFilter} to handle an
  * <code>AccessDeniedException</code>.
diff --git a/web/src/main/java/org/springframework/security/web/access/AccessDeniedHandlerImpl.java b/web/src/main/java/org/springframework/security/web/access/AccessDeniedHandlerImpl.java
index 5e9971bee1..b5376ea9a4 100644
--- a/web/src/main/java/org/springframework/security/web/access/AccessDeniedHandlerImpl.java
+++ b/web/src/main/java/org/springframework/security/web/access/AccessDeniedHandlerImpl.java
@@ -25,6 +25,7 @@ import javax.servlet.http.HttpServletResponse;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+
 import org.springframework.http.HttpStatus;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.web.WebAttributes;
diff --git a/web/src/main/java/org/springframework/security/web/access/DefaultWebInvocationPrivilegeEvaluator.java b/web/src/main/java/org/springframework/security/web/access/DefaultWebInvocationPrivilegeEvaluator.java
index cc4372bfed..87c81ddf14 100644
--- a/web/src/main/java/org/springframework/security/web/access/DefaultWebInvocationPrivilegeEvaluator.java
+++ b/web/src/main/java/org/springframework/security/web/access/DefaultWebInvocationPrivilegeEvaluator.java
@@ -20,6 +20,7 @@ import java.util.Collection;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.access.intercept.AbstractSecurityInterceptor;
diff --git a/web/src/main/java/org/springframework/security/web/access/ExceptionTranslationFilter.java b/web/src/main/java/org/springframework/security/web/access/ExceptionTranslationFilter.java
index 01720b26ff..a006882889 100644
--- a/web/src/main/java/org/springframework/security/web/access/ExceptionTranslationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/access/ExceptionTranslationFilter.java
@@ -15,6 +15,16 @@
  */
 package org.springframework.security.web.access;
 
+import java.io.IOException;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.context.support.MessageSourceAccessor;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.authentication.AuthenticationTrustResolver;
 import org.springframework.security.authentication.AuthenticationTrustResolverImpl;
@@ -30,16 +40,6 @@ import org.springframework.security.web.util.ThrowableAnalyzer;
 import org.springframework.util.Assert;
 import org.springframework.web.filter.GenericFilterBean;
 
-import org.springframework.context.support.MessageSourceAccessor;
-
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-
 /**
  * Handles any <code>AccessDeniedException</code> and <code>AuthenticationException</code>
  * thrown within the filter chain.
diff --git a/web/src/main/java/org/springframework/security/web/access/RequestMatcherDelegatingAccessDeniedHandler.java b/web/src/main/java/org/springframework/security/web/access/RequestMatcherDelegatingAccessDeniedHandler.java
index 1cb2835ffc..06888c3f3a 100644
--- a/web/src/main/java/org/springframework/security/web/access/RequestMatcherDelegatingAccessDeniedHandler.java
+++ b/web/src/main/java/org/springframework/security/web/access/RequestMatcherDelegatingAccessDeniedHandler.java
@@ -18,6 +18,7 @@ package org.springframework.security.web.access;
 import java.io.IOException;
 import java.util.LinkedHashMap;
 import java.util.Map.Entry;
+
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
diff --git a/web/src/main/java/org/springframework/security/web/access/channel/AbstractRetryEntryPoint.java b/web/src/main/java/org/springframework/security/web/access/channel/AbstractRetryEntryPoint.java
index 59b91251ba..7c1c111b4e 100644
--- a/web/src/main/java/org/springframework/security/web/access/channel/AbstractRetryEntryPoint.java
+++ b/web/src/main/java/org/springframework/security/web/access/channel/AbstractRetryEntryPoint.java
@@ -15,15 +15,21 @@
  */
 package org.springframework.security.web.access.channel;
 
-import org.springframework.security.web.*;
-import org.springframework.util.Assert;
+import java.io.IOException;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
+import org.springframework.security.web.DefaultRedirectStrategy;
+import org.springframework.security.web.PortMapper;
+import org.springframework.security.web.PortMapperImpl;
+import org.springframework.security.web.PortResolver;
+import org.springframework.security.web.PortResolverImpl;
+import org.springframework.security.web.RedirectStrategy;
+import org.springframework.util.Assert;
 
 /**
  * @author Luke Taylor
diff --git a/web/src/main/java/org/springframework/security/web/access/channel/ChannelDecisionManager.java b/web/src/main/java/org/springframework/security/web/access/channel/ChannelDecisionManager.java
index 24780a9817..a2bf53d11a 100644
--- a/web/src/main/java/org/springframework/security/web/access/channel/ChannelDecisionManager.java
+++ b/web/src/main/java/org/springframework/security/web/access/channel/ChannelDecisionManager.java
@@ -16,14 +16,14 @@
 
 package org.springframework.security.web.access.channel;
 
-import org.springframework.security.access.ConfigAttribute;
-import org.springframework.security.web.FilterInvocation;
-
 import java.io.IOException;
 import java.util.Collection;
 
 import javax.servlet.ServletException;
 
+import org.springframework.security.access.ConfigAttribute;
+import org.springframework.security.web.FilterInvocation;
+
 /**
  * Decides whether a web channel provides sufficient security.
  *
diff --git a/web/src/main/java/org/springframework/security/web/access/channel/ChannelDecisionManagerImpl.java b/web/src/main/java/org/springframework/security/web/access/channel/ChannelDecisionManagerImpl.java
index 64d1144cfb..a07bee1ef4 100644
--- a/web/src/main/java/org/springframework/security/web/access/channel/ChannelDecisionManagerImpl.java
+++ b/web/src/main/java/org/springframework/security/web/access/channel/ChannelDecisionManagerImpl.java
@@ -16,20 +16,18 @@
 
 package org.springframework.security.web.access.channel;
 
-import org.springframework.security.access.ConfigAttribute;
-import org.springframework.security.web.FilterInvocation;
-
-import org.springframework.beans.factory.InitializingBean;
-import org.springframework.util.Assert;
-
 import java.io.IOException;
-
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.List;
 
 import javax.servlet.ServletException;
 
+import org.springframework.beans.factory.InitializingBean;
+import org.springframework.security.access.ConfigAttribute;
+import org.springframework.security.web.FilterInvocation;
+import org.springframework.util.Assert;
+
 /**
  * Implementation of {@link ChannelDecisionManager}.
  * <p>
diff --git a/web/src/main/java/org/springframework/security/web/access/channel/ChannelEntryPoint.java b/web/src/main/java/org/springframework/security/web/access/channel/ChannelEntryPoint.java
index 485411327a..f3e09d3beb 100644
--- a/web/src/main/java/org/springframework/security/web/access/channel/ChannelEntryPoint.java
+++ b/web/src/main/java/org/springframework/security/web/access/channel/ChannelEntryPoint.java
@@ -17,6 +17,7 @@
 package org.springframework.security.web.access.channel;
 
 import java.io.IOException;
+
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
diff --git a/web/src/main/java/org/springframework/security/web/access/channel/ChannelProcessor.java b/web/src/main/java/org/springframework/security/web/access/channel/ChannelProcessor.java
index 838b6a4591..1aca25bf4b 100644
--- a/web/src/main/java/org/springframework/security/web/access/channel/ChannelProcessor.java
+++ b/web/src/main/java/org/springframework/security/web/access/channel/ChannelProcessor.java
@@ -16,14 +16,14 @@
 
 package org.springframework.security.web.access.channel;
 
-import org.springframework.security.access.ConfigAttribute;
-import org.springframework.security.web.FilterInvocation;
-
 import java.io.IOException;
 import java.util.Collection;
 
 import javax.servlet.ServletException;
 
+import org.springframework.security.access.ConfigAttribute;
+import org.springframework.security.web.FilterInvocation;
+
 /**
  * Decides whether a web channel meets a specific security condition.
  * <p>
diff --git a/web/src/main/java/org/springframework/security/web/access/intercept/DefaultFilterInvocationSecurityMetadataSource.java b/web/src/main/java/org/springframework/security/web/access/intercept/DefaultFilterInvocationSecurityMetadataSource.java
index f7312bf654..1cbd1f28d9 100644
--- a/web/src/main/java/org/springframework/security/web/access/intercept/DefaultFilterInvocationSecurityMetadataSource.java
+++ b/web/src/main/java/org/springframework/security/web/access/intercept/DefaultFilterInvocationSecurityMetadataSource.java
@@ -26,6 +26,7 @@ import javax.servlet.http.HttpServletRequest;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.web.FilterInvocation;
 import org.springframework.security.web.util.matcher.RequestMatcher;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationTargetUrlRequestHandler.java b/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationTargetUrlRequestHandler.java
index 6f42eadf1e..08e88651fb 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationTargetUrlRequestHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationTargetUrlRequestHandler.java
@@ -16,6 +16,7 @@
 package org.springframework.security.web.authentication;
 
 import java.io.IOException;
+
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/AnonymousAuthenticationFilter.java b/web/src/main/java/org/springframework/security/web/authentication/AnonymousAuthenticationFilter.java
index 86179f12a3..c693682301 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/AnonymousAuthenticationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/AnonymousAuthenticationFilter.java
@@ -17,7 +17,7 @@
 package org.springframework.security.web.authentication;
 
 import java.io.IOException;
-import java.util.*;
+import java.util.List;
 
 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/AuthenticationFilter.java b/web/src/main/java/org/springframework/security/web/authentication/AuthenticationFilter.java
index 60674e96f6..8a4f66b4b8 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/AuthenticationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/AuthenticationFilter.java
@@ -16,6 +16,7 @@
 package org.springframework.security.web.authentication;
 
 import java.io.IOException;
+
 import javax.servlet.Filter;
 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPoint.java b/web/src/main/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPoint.java
index 79a973ad5e..3622602ea8 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPoint.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPoint.java
@@ -24,6 +24,7 @@ import javax.servlet.http.HttpServletResponse;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.web.AuthenticationEntryPoint;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/DelegatingAuthenticationFailureHandler.java b/web/src/main/java/org/springframework/security/web/authentication/DelegatingAuthenticationFailureHandler.java
index 646afc0c37..9cced72eb7 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/DelegatingAuthenticationFailureHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/DelegatingAuthenticationFailureHandler.java
@@ -15,15 +15,16 @@
  */
 package org.springframework.security.web.authentication;
 
-import org.springframework.security.core.AuthenticationException;
-import org.springframework.util.Assert;
+import java.io.IOException;
+import java.util.LinkedHashMap;
+import java.util.Map;
 
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-import java.util.LinkedHashMap;
-import java.util.Map;
+
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.util.Assert;
 
 /**
  * An {@link AuthenticationFailureHandler} that delegates to other
diff --git a/web/src/main/java/org/springframework/security/web/authentication/ForwardAuthenticationFailureHandler.java b/web/src/main/java/org/springframework/security/web/authentication/ForwardAuthenticationFailureHandler.java
index 0566731cda..4a68a13c10 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/ForwardAuthenticationFailureHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/ForwardAuthenticationFailureHandler.java
@@ -15,15 +15,16 @@
  */
 package org.springframework.security.web.authentication;
 
-import org.springframework.security.core.AuthenticationException;
-import org.springframework.security.web.WebAttributes;
-import org.springframework.security.web.util.UrlUtils;
-import org.springframework.util.Assert;
+import java.io.IOException;
 
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
+
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.WebAttributes;
+import org.springframework.security.web.util.UrlUtils;
+import org.springframework.util.Assert;
 
 /**
  * <p>
diff --git a/web/src/main/java/org/springframework/security/web/authentication/ForwardAuthenticationSuccessHandler.java b/web/src/main/java/org/springframework/security/web/authentication/ForwardAuthenticationSuccessHandler.java
index 1965d19f7f..54f831c55f 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/ForwardAuthenticationSuccessHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/ForwardAuthenticationSuccessHandler.java
@@ -15,14 +15,15 @@
  */
 package org.springframework.security.web.authentication;
 
-import org.springframework.security.core.Authentication;
-import org.springframework.security.web.util.UrlUtils;
-import org.springframework.util.Assert;
+import java.io.IOException;
 
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
+
+import org.springframework.security.core.Authentication;
+import org.springframework.security.web.util.UrlUtils;
+import org.springframework.util.Assert;
 
 /**
  * <p>
diff --git a/web/src/main/java/org/springframework/security/web/authentication/Http403ForbiddenEntryPoint.java b/web/src/main/java/org/springframework/security/web/authentication/Http403ForbiddenEntryPoint.java
index a9f54f952f..220cd721fb 100755
--- a/web/src/main/java/org/springframework/security/web/authentication/Http403ForbiddenEntryPoint.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/Http403ForbiddenEntryPoint.java
@@ -22,6 +22,7 @@ import javax.servlet.http.HttpServletResponse;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.web.AuthenticationEntryPoint;
 
diff --git a/web/src/main/java/org/springframework/security/web/authentication/LoginUrlAuthenticationEntryPoint.java b/web/src/main/java/org/springframework/security/web/authentication/LoginUrlAuthenticationEntryPoint.java
index d1f18f9403..4aa08635f2 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/LoginUrlAuthenticationEntryPoint.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/LoginUrlAuthenticationEntryPoint.java
@@ -25,6 +25,7 @@ import javax.servlet.http.HttpServletResponse;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.web.AuthenticationEntryPoint;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/NullRememberMeServices.java b/web/src/main/java/org/springframework/security/web/authentication/NullRememberMeServices.java
index fdf2b9a0ca..a09937ba20 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/NullRememberMeServices.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/NullRememberMeServices.java
@@ -16,11 +16,11 @@
 
 package org.springframework.security.web.authentication;
 
-import org.springframework.security.core.Authentication;
-
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.springframework.security.core.Authentication;
+
 /**
  * Implementation of {@link NullRememberMeServices} that does nothing.
  * <p>
diff --git a/web/src/main/java/org/springframework/security/web/authentication/SavedRequestAwareAuthenticationSuccessHandler.java b/web/src/main/java/org/springframework/security/web/authentication/SavedRequestAwareAuthenticationSuccessHandler.java
index 5f43b67022..68d81e51c0 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/SavedRequestAwareAuthenticationSuccessHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/SavedRequestAwareAuthenticationSuccessHandler.java
@@ -23,12 +23,13 @@ import javax.servlet.http.HttpServletResponse;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+
 import org.springframework.security.core.Authentication;
 import org.springframework.security.web.access.ExceptionTranslationFilter;
-import org.springframework.util.StringUtils;
-import org.springframework.security.web.savedrequest.SavedRequest;
-import org.springframework.security.web.savedrequest.RequestCache;
 import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
+import org.springframework.security.web.savedrequest.RequestCache;
+import org.springframework.security.web.savedrequest.SavedRequest;
+import org.springframework.util.StringUtils;
 
 /**
  * An authentication success strategy which can make use of the
diff --git a/web/src/main/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationFailureHandler.java b/web/src/main/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationFailureHandler.java
index 4f1ff78d53..d17cdd2078 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationFailureHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationFailureHandler.java
@@ -24,11 +24,12 @@ import javax.servlet.http.HttpSession;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+
 import org.springframework.http.HttpStatus;
 import org.springframework.security.core.AuthenticationException;
-import org.springframework.security.web.WebAttributes;
 import org.springframework.security.web.DefaultRedirectStrategy;
 import org.springframework.security.web.RedirectStrategy;
+import org.springframework.security.web.WebAttributes;
 import org.springframework.security.web.util.UrlUtils;
 import org.springframework.util.Assert;
 
diff --git a/web/src/main/java/org/springframework/security/web/authentication/UsernamePasswordAuthenticationFilter.java b/web/src/main/java/org/springframework/security/web/authentication/UsernamePasswordAuthenticationFilter.java
index 7958999813..b4a2ca7317 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/UsernamePasswordAuthenticationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/UsernamePasswordAuthenticationFilter.java
@@ -16,6 +16,9 @@
 
 package org.springframework.security.web.authentication;
 
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
 import org.springframework.lang.Nullable;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.AuthenticationServiceException;
@@ -25,9 +28,6 @@ import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 import org.springframework.util.Assert;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
 /**
  * Processes an authentication form submission. Called
  * {@code AuthenticationProcessingFilter} prior to Spring Security 3.0.
diff --git a/web/src/main/java/org/springframework/security/web/authentication/WebAuthenticationDetails.java b/web/src/main/java/org/springframework/security/web/authentication/WebAuthenticationDetails.java
index 53e0f204a6..f4a9a66879 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/WebAuthenticationDetails.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/WebAuthenticationDetails.java
@@ -16,12 +16,13 @@
 
 package org.springframework.security.web.authentication;
 
-import org.springframework.security.core.SpringSecurityCoreVersion;
-
 import java.io.Serializable;
+
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpSession;
 
+import org.springframework.security.core.SpringSecurityCoreVersion;
+
 /**
  * A holder of selected HTTP details related to a web authentication request.
  *
diff --git a/web/src/main/java/org/springframework/security/web/authentication/WebAuthenticationDetailsSource.java b/web/src/main/java/org/springframework/security/web/authentication/WebAuthenticationDetailsSource.java
index 8214d3d168..3b0ab2014b 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/WebAuthenticationDetailsSource.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/WebAuthenticationDetailsSource.java
@@ -16,10 +16,10 @@
 
 package org.springframework.security.web.authentication;
 
-import org.springframework.security.authentication.AuthenticationDetailsSource;
-
 import javax.servlet.http.HttpServletRequest;
 
+import org.springframework.security.authentication.AuthenticationDetailsSource;
+
 /**
  * Implementation of {@link AuthenticationDetailsSource} which builds the details object
  * from an <tt>HttpServletRequest</tt> object, creating a {@code WebAuthenticationDetails}
diff --git a/web/src/main/java/org/springframework/security/web/authentication/logout/CookieClearingLogoutHandler.java b/web/src/main/java/org/springframework/security/web/authentication/logout/CookieClearingLogoutHandler.java
index 7b88d97dab..8ca32044c6 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/logout/CookieClearingLogoutHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/logout/CookieClearingLogoutHandler.java
@@ -15,7 +15,8 @@
  */
 package org.springframework.security.web.authentication.logout;
 
-import java.util.*;
+import java.util.ArrayList;
+import java.util.List;
 import java.util.function.Function;
 
 import javax.servlet.http.Cookie;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/logout/LogoutFilter.java b/web/src/main/java/org/springframework/security/web/authentication/logout/LogoutFilter.java
index e26fadae9e..26c4487e18 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/logout/LogoutFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/logout/LogoutFilter.java
@@ -27,9 +27,9 @@ import javax.servlet.http.HttpServletResponse;
 
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.web.util.UrlUtils;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 import org.springframework.security.web.util.matcher.RequestMatcher;
-import org.springframework.security.web.util.UrlUtils;
 import org.springframework.util.Assert;
 import org.springframework.util.StringUtils;
 import org.springframework.web.filter.GenericFilterBean;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/logout/LogoutHandler.java b/web/src/main/java/org/springframework/security/web/authentication/logout/LogoutHandler.java
index c8895803c6..4551d588a3 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/logout/LogoutHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/logout/LogoutHandler.java
@@ -16,11 +16,11 @@
 
 package org.springframework.security.web.authentication.logout;
 
-import org.springframework.security.core.Authentication;
-
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.springframework.security.core.Authentication;
+
 /**
  * Indicates a class that is able to participate in logout handling.
  *
diff --git a/web/src/main/java/org/springframework/security/web/authentication/logout/LogoutSuccessEventPublishingLogoutHandler.java b/web/src/main/java/org/springframework/security/web/authentication/logout/LogoutSuccessEventPublishingLogoutHandler.java
index b43e4c4dea..8992ebab17 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/logout/LogoutSuccessEventPublishingLogoutHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/logout/LogoutSuccessEventPublishingLogoutHandler.java
@@ -18,6 +18,7 @@ package org.springframework.security.web.authentication.logout;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+
 import org.springframework.context.ApplicationEventPublisher;
 import org.springframework.context.ApplicationEventPublisherAware;
 import org.springframework.security.authentication.event.LogoutSuccessEvent;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/logout/SecurityContextLogoutHandler.java b/web/src/main/java/org/springframework/security/web/authentication/logout/SecurityContextLogoutHandler.java
index 1dd512eca9..cd0cc7fef0 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/logout/SecurityContextLogoutHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/logout/SecurityContextLogoutHandler.java
@@ -22,6 +22,7 @@ import javax.servlet.http.HttpSession;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.core.context.SecurityContextHolder;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilter.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilter.java
index 17e1ce0e20..87d70731f1 100755
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilter.java
@@ -16,6 +16,7 @@
 package org.springframework.security.web.authentication.preauth;
 
 import java.io.IOException;
+
 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
@@ -33,7 +34,9 @@ import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.web.WebAttributes;
-import org.springframework.security.web.authentication.*;
+import org.springframework.security.web.authentication.AuthenticationFailureHandler;
+import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
+import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
 import org.springframework.security.web.util.matcher.RequestMatcher;
 import org.springframework.util.Assert;
 import org.springframework.web.filter.GenericFilterBean;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationProvider.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationProvider.java
index 50ec3209c8..d4e5c8308a 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationProvider.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationProvider.java
@@ -17,6 +17,7 @@ package org.springframework.security.web.authentication.preauth;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.core.Ordered;
 import org.springframework.security.authentication.AccountStatusUserDetailsChecker;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesUserDetailsService.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesUserDetailsService.java
index ffbbb33aa2..9f1e2f4f69 100755
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesUserDetailsService.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesUserDetailsService.java
@@ -15,7 +15,7 @@
  */
 package org.springframework.security.web.authentication.preauth;
 
-import java.util.*;
+import java.util.Collection;
 
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
@@ -24,7 +24,6 @@ import org.springframework.security.core.authority.GrantedAuthoritiesContainer;
 import org.springframework.security.core.userdetails.AuthenticationUserDetailsService;
 import org.springframework.security.core.userdetails.User;
 import org.springframework.security.core.userdetails.UserDetails;
-
 import org.springframework.util.Assert;
 
 /**
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails.java
index 14f9238d29..b2bcc058f2 100755
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails.java
@@ -15,14 +15,18 @@
  */
 package org.springframework.security.web.authentication.preauth;
 
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.SpringSecurityCoreVersion;
 import org.springframework.security.core.authority.GrantedAuthoritiesContainer;
 import org.springframework.security.web.authentication.WebAuthenticationDetails;
 
-import javax.servlet.http.HttpServletRequest;
-import java.util.*;
-
 /**
  * This WebAuthenticationDetails implementation allows for storing a list of
  * pre-authenticated Granted Authorities.
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource.java
index d65b3a25bb..00509e906f 100755
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource.java
@@ -15,8 +15,16 @@
  */
 package org.springframework.security.web.authentication.preauth.j2ee;
 
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.Set;
+
+import javax.servlet.http.HttpServletRequest;
+
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.security.authentication.AuthenticationDetailsSource;
 import org.springframework.security.core.GrantedAuthority;
@@ -26,9 +34,6 @@ import org.springframework.security.core.authority.mapping.SimpleAttributes2Gran
 import org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails;
 import org.springframework.util.Assert;
 
-import javax.servlet.http.HttpServletRequest;
-import java.util.*;
-
 /**
  * Implementation of AuthenticationDetailsSource which converts the user's J2EE roles (as
  * obtained by calling {@link HttpServletRequest#isUserInRole(String)}) into
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/WebXmlMappableAttributesRetriever.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/WebXmlMappableAttributesRetriever.java
index 046a1ac8ac..e55d006eb3 100755
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/WebXmlMappableAttributesRetriever.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/WebXmlMappableAttributesRetriever.java
@@ -30,11 +30,6 @@ import javax.xml.parsers.ParserConfigurationException;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
-import org.springframework.beans.factory.InitializingBean;
-import org.springframework.context.ResourceLoaderAware;
-import org.springframework.core.io.Resource;
-import org.springframework.core.io.ResourceLoader;
-import org.springframework.security.core.authority.mapping.MappableAttributesRetriever;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.NodeList;
@@ -42,6 +37,12 @@ import org.xml.sax.EntityResolver;
 import org.xml.sax.InputSource;
 import org.xml.sax.SAXException;
 
+import org.springframework.beans.factory.InitializingBean;
+import org.springframework.context.ResourceLoaderAware;
+import org.springframework.core.io.Resource;
+import org.springframework.core.io.ResourceLoader;
+import org.springframework.security.core.authority.mapping.MappableAttributesRetriever;
+
 /**
  * This <tt>MappableAttributesRetriever</tt> implementation reads the list of defined J2EE
  * roles from a <tt>web.xml</tt> file and returns these from {
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedWebAuthenticationDetailsSource.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedWebAuthenticationDetailsSource.java
index 6a43aa94ad..7e5597e69a 100755
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedWebAuthenticationDetailsSource.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedWebAuthenticationDetailsSource.java
@@ -15,17 +15,20 @@
  */
 package org.springframework.security.web.authentication.preauth.websphere;
 
+import java.util.Collection;
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+
 import org.springframework.security.authentication.AuthenticationDetailsSource;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.mapping.Attributes2GrantedAuthoritiesMapper;
 import org.springframework.security.core.authority.mapping.SimpleAttributes2GrantedAuthoritiesMapper;
 import org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails;
 
-import javax.servlet.http.HttpServletRequest;
-import java.util.*;
-
 /**
  * This AuthenticationDetailsSource implementation will set the pre-authenticated granted
  * authorities based on the WebSphere groups for the current WebSphere user, mapped using
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/x509/SubjectDnX509PrincipalExtractor.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/x509/SubjectDnX509PrincipalExtractor.java
index 11d1b3fe6c..2b212368c0 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/x509/SubjectDnX509PrincipalExtractor.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/x509/SubjectDnX509PrincipalExtractor.java
@@ -15,18 +15,18 @@
  */
 package org.springframework.security.web.authentication.preauth.x509;
 
-import org.springframework.security.authentication.BadCredentialsException;
-import org.springframework.security.core.SpringSecurityMessageSource;
-import org.springframework.util.Assert;
-import org.springframework.context.support.MessageSourceAccessor;
-import org.springframework.context.MessageSource;
+import java.security.cert.X509Certificate;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
-import java.security.cert.X509Certificate;
-import java.util.regex.Pattern;
-import java.util.regex.Matcher;
+import org.springframework.context.MessageSource;
+import org.springframework.context.support.MessageSourceAccessor;
+import org.springframework.security.authentication.BadCredentialsException;
+import org.springframework.security.core.SpringSecurityMessageSource;
+import org.springframework.util.Assert;
 
 /**
  * Obtains the principal from a certificate using a regular expression match against the
diff --git a/web/src/main/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServices.java b/web/src/main/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServices.java
index 6edc207e27..f676a0e0f2 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServices.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServices.java
@@ -16,10 +16,10 @@
 package org.springframework.security.web.authentication.rememberme;
 
 import java.io.UnsupportedEncodingException;
-import java.util.Base64;
 import java.net.URLDecoder;
 import java.net.URLEncoder;
 import java.nio.charset.StandardCharsets;
+import java.util.Base64;
 
 import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
@@ -27,6 +27,7 @@ import javax.servlet.http.HttpServletResponse;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.context.support.MessageSourceAccessor;
 import org.springframework.security.authentication.AccountStatusException;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/rememberme/InMemoryTokenRepositoryImpl.java b/web/src/main/java/org/springframework/security/web/authentication/rememberme/InMemoryTokenRepositoryImpl.java
index 87c613967b..62c3641407 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/rememberme/InMemoryTokenRepositoryImpl.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/rememberme/InMemoryTokenRepositoryImpl.java
@@ -15,13 +15,13 @@
  */
 package org.springframework.security.web.authentication.rememberme;
 
-import org.springframework.dao.DataIntegrityViolationException;
-
 import java.util.Date;
 import java.util.HashMap;
 import java.util.Iterator;
 import java.util.Map;
 
+import org.springframework.dao.DataIntegrityViolationException;
+
 /**
  * Simple <tt>PersistentTokenRepository</tt> implementation backed by a Map. Intended for
  * testing only.
diff --git a/web/src/main/java/org/springframework/security/web/authentication/rememberme/JdbcTokenRepositoryImpl.java b/web/src/main/java/org/springframework/security/web/authentication/rememberme/JdbcTokenRepositoryImpl.java
index 6dd195c2cd..e1b0094c9e 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/rememberme/JdbcTokenRepositoryImpl.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/rememberme/JdbcTokenRepositoryImpl.java
@@ -15,13 +15,13 @@
  */
 package org.springframework.security.web.authentication.rememberme;
 
+import java.util.Date;
+
 import org.springframework.dao.DataAccessException;
 import org.springframework.dao.EmptyResultDataAccessException;
 import org.springframework.dao.IncorrectResultSizeDataAccessException;
 import org.springframework.jdbc.core.support.JdbcDaoSupport;
 
-import java.util.*;
-
 /**
  * JDBC based persistent login token repository implementation.
  *
diff --git a/web/src/main/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServices.java b/web/src/main/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServices.java
index 893b06e9b0..383071ae32 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServices.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServices.java
@@ -24,8 +24,8 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import org.springframework.security.core.Authentication;
-import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.web.authentication.RememberMeServices;
 import org.springframework.util.Assert;
 
diff --git a/web/src/main/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServices.java b/web/src/main/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServices.java
index 71add1e380..6085a00f83 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServices.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServices.java
@@ -16,22 +16,22 @@
 
 package org.springframework.security.web.authentication.rememberme;
 
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.userdetails.UserDetailsService;
-import org.springframework.security.crypto.codec.Hex;
-import org.springframework.security.core.userdetails.UserDetails;
-import org.springframework.security.crypto.codec.Utf8;
-import org.springframework.util.Assert;
-import org.springframework.util.StringUtils;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
 import java.util.Arrays;
 import java.util.Date;
 
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.crypto.codec.Hex;
+import org.springframework.security.crypto.codec.Utf8;
+import org.springframework.util.Assert;
+import org.springframework.util.StringUtils;
+
 /**
  * Identifies previously remembered users by a Base-64 encoded cookie.
  *
diff --git a/web/src/main/java/org/springframework/security/web/authentication/session/AbstractSessionFixationProtectionStrategy.java b/web/src/main/java/org/springframework/security/web/authentication/session/AbstractSessionFixationProtectionStrategy.java
index d31bdd29a0..6a75ca247f 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/session/AbstractSessionFixationProtectionStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/session/AbstractSessionFixationProtectionStrategy.java
@@ -21,6 +21,7 @@ import javax.servlet.http.HttpSession;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+
 import org.springframework.context.ApplicationEvent;
 import org.springframework.context.ApplicationEventPublisher;
 import org.springframework.context.ApplicationEventPublisherAware;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLoginPageGeneratingFilter.java b/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLoginPageGeneratingFilter.java
index ec061e849a..3babb5b8f9 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLoginPageGeneratingFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLoginPageGeneratingFilter.java
@@ -15,6 +15,20 @@
  */
 package org.springframework.security.web.authentication.ui;
 
+import java.io.IOException;
+import java.nio.charset.StandardCharsets;
+import java.util.Collections;
+import java.util.Map;
+import java.util.function.Function;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.web.WebAttributes;
 import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
@@ -24,19 +38,6 @@ import org.springframework.util.Assert;
 import org.springframework.web.filter.GenericFilterBean;
 import org.springframework.web.util.HtmlUtils;
 
-import java.io.IOException;
-import java.nio.charset.StandardCharsets;
-import java.util.Collections;
-import java.util.Map;
-import java.util.function.Function;
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
-
 /**
  * For internal use with namespace configuration in the case where a user doesn't
  * configure a login page. The configuration code will insert this filter in the chain
diff --git a/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLogoutPageGeneratingFilter.java b/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLogoutPageGeneratingFilter.java
index d46747b821..e8b9e9c666 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLogoutPageGeneratingFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLogoutPageGeneratingFilter.java
@@ -16,19 +16,20 @@
 
 package org.springframework.security.web.authentication.ui;
 
-import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
-import org.springframework.security.web.util.matcher.RequestMatcher;
-import org.springframework.util.Assert;
-import org.springframework.web.filter.OncePerRequestFilter;
+import java.io.IOException;
+import java.util.Collections;
+import java.util.Map;
+import java.util.function.Function;
 
 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-import java.util.Collections;
-import java.util.Map;
-import java.util.function.Function;
+
+import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
+import org.springframework.security.web.util.matcher.RequestMatcher;
+import org.springframework.util.Assert;
+import org.springframework.web.filter.OncePerRequestFilter;
 
 /**
  * Generates a default log out page.
diff --git a/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationConverter.java b/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationConverter.java
index 835fe37490..4ed29678c3 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationConverter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationConverter.java
@@ -15,8 +15,6 @@
  */
 package org.springframework.security.web.authentication.www;
 
-import static org.springframework.http.HttpHeaders.AUTHORIZATION;
-
 import java.nio.charset.Charset;
 import java.nio.charset.StandardCharsets;
 import java.util.Base64;
@@ -31,6 +29,8 @@ import org.springframework.security.web.authentication.WebAuthenticationDetailsS
 import org.springframework.util.Assert;
 import org.springframework.util.StringUtils;
 
+import static org.springframework.http.HttpHeaders.AUTHORIZATION;
+
 /**
  * Converts from a HttpServletRequest to {@link UsernamePasswordAuthenticationToken} that
  * can be authenticated. Null authentication possible if there was no Authorization header
diff --git a/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationEntryPoint.java b/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationEntryPoint.java
index 252d1cc3b5..f044ec6725 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationEntryPoint.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationEntryPoint.java
@@ -21,10 +21,10 @@ import java.io.IOException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.springframework.beans.factory.InitializingBean;
 import org.springframework.http.HttpStatus;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.web.AuthenticationEntryPoint;
-import org.springframework.beans.factory.InitializingBean;
 import org.springframework.util.Assert;
 
 /**
diff --git a/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthenticationEntryPoint.java b/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthenticationEntryPoint.java
index 896c4c417a..6284faf187 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthenticationEntryPoint.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthenticationEntryPoint.java
@@ -24,6 +24,7 @@ import javax.servlet.http.HttpServletResponse;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.core.Ordered;
 import org.springframework.http.HttpStatus;
diff --git a/web/src/main/java/org/springframework/security/web/context/support/SecurityWebApplicationContextUtils.java b/web/src/main/java/org/springframework/security/web/context/support/SecurityWebApplicationContextUtils.java
index b97b5fd6d7..6a896c3e48 100644
--- a/web/src/main/java/org/springframework/security/web/context/support/SecurityWebApplicationContextUtils.java
+++ b/web/src/main/java/org/springframework/security/web/context/support/SecurityWebApplicationContextUtils.java
@@ -16,6 +16,7 @@
 package org.springframework.security.web.context.support;
 
 import java.util.Enumeration;
+
 import javax.servlet.ServletContext;
 
 import org.springframework.web.context.WebApplicationContext;
diff --git a/web/src/main/java/org/springframework/security/web/debug/DebugFilter.java b/web/src/main/java/org/springframework/security/web/debug/DebugFilter.java
index 152e455de2..232ddcb480 100644
--- a/web/src/main/java/org/springframework/security/web/debug/DebugFilter.java
+++ b/web/src/main/java/org/springframework/security/web/debug/DebugFilter.java
@@ -15,9 +15,9 @@
  */
 package org.springframework.security.web.debug;
 
-import org.springframework.security.web.FilterChainProxy;
-import org.springframework.security.web.SecurityFilterChain;
-import org.springframework.security.web.util.UrlUtils;
+import java.io.IOException;
+import java.util.Enumeration;
+import java.util.List;
 
 import javax.servlet.Filter;
 import javax.servlet.FilterChain;
@@ -29,8 +29,10 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletRequestWrapper;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
-import java.io.IOException;
-import java.util.*;
+
+import org.springframework.security.web.FilterChainProxy;
+import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.util.UrlUtils;
 
 /**
  * Spring Security debugging filter.
diff --git a/web/src/main/java/org/springframework/security/web/firewall/RequestWrapper.java b/web/src/main/java/org/springframework/security/web/firewall/RequestWrapper.java
index c3f76dbba9..76184ff16d 100644
--- a/web/src/main/java/org/springframework/security/web/firewall/RequestWrapper.java
+++ b/web/src/main/java/org/springframework/security/web/firewall/RequestWrapper.java
@@ -15,15 +15,15 @@
  */
 package org.springframework.security.web.firewall;
 
+import java.io.IOException;
+import java.util.StringTokenizer;
+
 import javax.servlet.RequestDispatcher;
 import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
 
-import java.io.IOException;
-import java.util.*;
-
 /**
  * Request wrapper which ensures values of {@code servletPath} and {@code pathInfo} are
  * returned which are suitable for pattern matching against. It strips out path parameters
diff --git a/web/src/main/java/org/springframework/security/web/firewall/StrictHttpFirewall.java b/web/src/main/java/org/springframework/security/web/firewall/StrictHttpFirewall.java
index 8fcd7b9107..ea1e1aac89 100644
--- a/web/src/main/java/org/springframework/security/web/firewall/StrictHttpFirewall.java
+++ b/web/src/main/java/org/springframework/security/web/firewall/StrictHttpFirewall.java
@@ -26,6 +26,7 @@ import java.util.Map;
 import java.util.Set;
 import java.util.function.Predicate;
 import java.util.regex.Pattern;
+
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/CompositeHeaderWriter.java b/web/src/main/java/org/springframework/security/web/header/writers/CompositeHeaderWriter.java
index a95c76e6cc..871a80add3 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/CompositeHeaderWriter.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/CompositeHeaderWriter.java
@@ -15,12 +15,13 @@
  */
 package org.springframework.security.web.header.writers;
 
-import org.springframework.security.web.header.HeaderWriter;
-import org.springframework.util.Assert;
+import java.util.List;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
-import java.util.List;
+
+import org.springframework.security.web.header.HeaderWriter;
+import org.springframework.util.Assert;
 
 /**
  * A {@link HeaderWriter} that delegates to several other {@link HeaderWriter}s.
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/ContentSecurityPolicyHeaderWriter.java b/web/src/main/java/org/springframework/security/web/header/writers/ContentSecurityPolicyHeaderWriter.java
index 8dc6e7dafe..4ba5ff81c6 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/ContentSecurityPolicyHeaderWriter.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/ContentSecurityPolicyHeaderWriter.java
@@ -15,12 +15,12 @@
  */
 package org.springframework.security.web.header.writers;
 
-import org.springframework.security.web.header.HeaderWriter;
-import org.springframework.util.Assert;
-
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.springframework.security.web.header.HeaderWriter;
+import org.springframework.util.Assert;
+
 /**
  * <p>
  * Provides support for <a href="https://www.w3.org/TR/CSP2/">Content Security Policy
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/HpkpHeaderWriter.java b/web/src/main/java/org/springframework/security/web/header/writers/HpkpHeaderWriter.java
index c003b29ddc..cb848e4838 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/HpkpHeaderWriter.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/HpkpHeaderWriter.java
@@ -15,19 +15,21 @@
  */
 package org.springframework.security.web.header.writers;
 
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.springframework.security.web.header.HeaderWriter;
-import org.springframework.security.web.util.matcher.RequestMatcher;
-import org.springframework.util.Assert;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
 import java.net.URI;
 import java.net.URISyntaxException;
 import java.util.LinkedHashMap;
 import java.util.Map;
 
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import org.springframework.security.web.header.HeaderWriter;
+import org.springframework.security.web.util.matcher.RequestMatcher;
+import org.springframework.util.Assert;
+
 /**
  * Provides support for <a href="https://tools.ietf.org/html/rfc7469">HTTP Public Key
  * Pinning (HPKP)</a>.
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/AbstractRequestParameterAllowFromStrategy.java b/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/AbstractRequestParameterAllowFromStrategy.java
index 3d0dbf11d8..521606956d 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/AbstractRequestParameterAllowFromStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/AbstractRequestParameterAllowFromStrategy.java
@@ -15,13 +15,14 @@
  */
 package org.springframework.security.web.header.writers.frameoptions;
 
+import javax.servlet.http.HttpServletRequest;
+
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+
 import org.springframework.util.Assert;
 import org.springframework.util.StringUtils;
 
-import javax.servlet.http.HttpServletRequest;
-
 /**
  * Base class for AllowFromStrategy implementations which use a request parameter to
  * retrieve the origin. By default the parameter named <code>x-frames-allow-from</code> is
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/RegExpAllowFromStrategy.java b/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/RegExpAllowFromStrategy.java
index c013af3596..f3c95e8a0a 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/RegExpAllowFromStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/RegExpAllowFromStrategy.java
@@ -15,10 +15,10 @@
  */
 package org.springframework.security.web.header.writers.frameoptions;
 
-import org.springframework.util.Assert;
-
 import java.util.regex.Pattern;
 
+import org.springframework.util.Assert;
+
 /**
  * Implementation which uses a regular expression to validate the supplied origin. If the
  * value of the HTTP parameter matches the pattern, then the result will be ALLOW-FROM
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/StaticAllowFromStrategy.java b/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/StaticAllowFromStrategy.java
index 415072434f..12c45e6e18 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/StaticAllowFromStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/StaticAllowFromStrategy.java
@@ -15,9 +15,10 @@
  */
 package org.springframework.security.web.header.writers.frameoptions;
 
-import javax.servlet.http.HttpServletRequest;
 import java.net.URI;
 
+import javax.servlet.http.HttpServletRequest;
+
 /**
  * Simple implementation of the {@code AllowFromStrategy}
  *
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/XFrameOptionsHeaderWriter.java b/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/XFrameOptionsHeaderWriter.java
index f1aa040f46..a44e864a31 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/XFrameOptionsHeaderWriter.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/XFrameOptionsHeaderWriter.java
@@ -15,12 +15,12 @@
  */
 package org.springframework.security.web.header.writers.frameoptions;
 
-import org.springframework.security.web.header.HeaderWriter;
-import org.springframework.util.Assert;
-
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.springframework.security.web.header.HeaderWriter;
+import org.springframework.util.Assert;
+
 /**
  * {@code HeaderWriter} implementation for the X-Frame-Options headers. When using the
  * ALLOW-FROM directive the actual value is determined by a {@code AllowFromStrategy}.
diff --git a/web/src/main/java/org/springframework/security/web/http/SecurityHeaders.java b/web/src/main/java/org/springframework/security/web/http/SecurityHeaders.java
index 309dafa450..55c7c486c2 100644
--- a/web/src/main/java/org/springframework/security/web/http/SecurityHeaders.java
+++ b/web/src/main/java/org/springframework/security/web/http/SecurityHeaders.java
@@ -16,11 +16,11 @@
 
 package org.springframework.security.web.http;
 
+import java.util.function.Consumer;
+
 import org.springframework.http.HttpHeaders;
 import org.springframework.util.Assert;
 
-import java.util.function.Consumer;
-
 /**
  * Utilities for interacting with {@link HttpHeaders}
  *
diff --git a/web/src/main/java/org/springframework/security/web/jackson2/CookieDeserializer.java b/web/src/main/java/org/springframework/security/web/jackson2/CookieDeserializer.java
index 6dc09a05cb..f6ad7efc04 100644
--- a/web/src/main/java/org/springframework/security/web/jackson2/CookieDeserializer.java
+++ b/web/src/main/java/org/springframework/security/web/jackson2/CookieDeserializer.java
@@ -16,6 +16,10 @@
 
 package org.springframework.security.web.jackson2;
 
+import java.io.IOException;
+
+import javax.servlet.http.Cookie;
+
 import com.fasterxml.jackson.core.JsonParser;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.DeserializationContext;
@@ -25,9 +29,6 @@ import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.databind.node.MissingNode;
 import com.fasterxml.jackson.databind.node.NullNode;
 
-import javax.servlet.http.Cookie;
-import java.io.IOException;
-
 /**
  * Jackson deserializer for {@link Cookie}. This is needed because in most cases we don't
  * set {@link Cookie#getDomain()} property. So when jackson deserialize that json
diff --git a/web/src/main/java/org/springframework/security/web/jackson2/DefaultSavedRequestMixin.java b/web/src/main/java/org/springframework/security/web/jackson2/DefaultSavedRequestMixin.java
index 5097385da1..2c19ae4645 100644
--- a/web/src/main/java/org/springframework/security/web/jackson2/DefaultSavedRequestMixin.java
+++ b/web/src/main/java/org/springframework/security/web/jackson2/DefaultSavedRequestMixin.java
@@ -19,6 +19,7 @@ package org.springframework.security.web.jackson2;
 import com.fasterxml.jackson.annotation.JsonAutoDetect;
 import com.fasterxml.jackson.annotation.JsonTypeInfo;
 import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
+
 import org.springframework.security.web.savedrequest.DefaultSavedRequest;
 
 /**
diff --git a/web/src/main/java/org/springframework/security/web/jackson2/PreAuthenticatedAuthenticationTokenDeserializer.java b/web/src/main/java/org/springframework/security/web/jackson2/PreAuthenticatedAuthenticationTokenDeserializer.java
index 0b1ded683a..b1742dcc8b 100644
--- a/web/src/main/java/org/springframework/security/web/jackson2/PreAuthenticatedAuthenticationTokenDeserializer.java
+++ b/web/src/main/java/org/springframework/security/web/jackson2/PreAuthenticatedAuthenticationTokenDeserializer.java
@@ -19,9 +19,6 @@ package org.springframework.security.web.jackson2;
 import java.io.IOException;
 import java.util.List;
 
-import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
-
 import com.fasterxml.jackson.core.JsonParser;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.core.type.TypeReference;
@@ -31,6 +28,9 @@ import com.fasterxml.jackson.databind.JsonNode;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.databind.node.MissingNode;
 
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
+
 /**
  * Custom deserializer for {@link PreAuthenticatedAuthenticationToken}. At the time of
  * deserialization it will invoke suitable constructor depending on the value of
diff --git a/web/src/main/java/org/springframework/security/web/jackson2/PreAuthenticatedAuthenticationTokenMixin.java b/web/src/main/java/org/springframework/security/web/jackson2/PreAuthenticatedAuthenticationTokenMixin.java
index b75eae055b..24f7238a72 100644
--- a/web/src/main/java/org/springframework/security/web/jackson2/PreAuthenticatedAuthenticationTokenMixin.java
+++ b/web/src/main/java/org/springframework/security/web/jackson2/PreAuthenticatedAuthenticationTokenMixin.java
@@ -16,13 +16,13 @@
 
 package org.springframework.security.web.jackson2;
 
-import org.springframework.security.jackson2.SecurityJackson2Modules;
-import org.springframework.security.jackson2.SimpleGrantedAuthorityMixin;
-
 import com.fasterxml.jackson.annotation.JsonAutoDetect;
 import com.fasterxml.jackson.annotation.JsonTypeInfo;
 import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
 
+import org.springframework.security.jackson2.SecurityJackson2Modules;
+import org.springframework.security.jackson2.SimpleGrantedAuthorityMixin;
+
 /**
  * This mixin class is used to serialize / deserialize
  * {@link org.springframework.security.authentication.UsernamePasswordAuthenticationToken}.
diff --git a/web/src/main/java/org/springframework/security/web/jackson2/SavedCookieMixin.java b/web/src/main/java/org/springframework/security/web/jackson2/SavedCookieMixin.java
index 1ad3e10e8e..bd480dca54 100644
--- a/web/src/main/java/org/springframework/security/web/jackson2/SavedCookieMixin.java
+++ b/web/src/main/java/org/springframework/security/web/jackson2/SavedCookieMixin.java
@@ -16,7 +16,11 @@
 
 package org.springframework.security.web.jackson2;
 
-import com.fasterxml.jackson.annotation.*;
+import com.fasterxml.jackson.annotation.JsonAutoDetect;
+import com.fasterxml.jackson.annotation.JsonCreator;
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.annotation.JsonTypeInfo;
 
 /**
  * Jackson mixin class to serialize/deserialize
diff --git a/web/src/main/java/org/springframework/security/web/jackson2/WebAuthenticationDetailsMixin.java b/web/src/main/java/org/springframework/security/web/jackson2/WebAuthenticationDetailsMixin.java
index 967c8ed306..822a297fa8 100644
--- a/web/src/main/java/org/springframework/security/web/jackson2/WebAuthenticationDetailsMixin.java
+++ b/web/src/main/java/org/springframework/security/web/jackson2/WebAuthenticationDetailsMixin.java
@@ -16,7 +16,11 @@
 
 package org.springframework.security.web.jackson2;
 
-import com.fasterxml.jackson.annotation.*;
+import com.fasterxml.jackson.annotation.JsonAutoDetect;
+import com.fasterxml.jackson.annotation.JsonCreator;
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.annotation.JsonTypeInfo;
 
 /**
  * Jackson mixin class to serialize/deserialize
diff --git a/web/src/main/java/org/springframework/security/web/jackson2/WebJackson2Module.java b/web/src/main/java/org/springframework/security/web/jackson2/WebJackson2Module.java
index 49d1d21039..a54a55a96d 100644
--- a/web/src/main/java/org/springframework/security/web/jackson2/WebJackson2Module.java
+++ b/web/src/main/java/org/springframework/security/web/jackson2/WebJackson2Module.java
@@ -16,13 +16,13 @@
 
 package org.springframework.security.web.jackson2;
 
+import com.fasterxml.jackson.core.Version;
+import com.fasterxml.jackson.databind.module.SimpleModule;
+
 import org.springframework.security.jackson2.SecurityJackson2Modules;
 import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
 import org.springframework.security.web.csrf.DefaultCsrfToken;
 
-import com.fasterxml.jackson.core.Version;
-import com.fasterxml.jackson.databind.module.SimpleModule;
-
 /**
  * Jackson module for spring-security-web. This module register
  * {@link DefaultCsrfTokenMixin} and {@link PreAuthenticatedAuthenticationTokenMixin}. If
diff --git a/web/src/main/java/org/springframework/security/web/jackson2/WebServletJackson2Module.java b/web/src/main/java/org/springframework/security/web/jackson2/WebServletJackson2Module.java
index 1727edf74c..89fe0be169 100644
--- a/web/src/main/java/org/springframework/security/web/jackson2/WebServletJackson2Module.java
+++ b/web/src/main/java/org/springframework/security/web/jackson2/WebServletJackson2Module.java
@@ -18,14 +18,14 @@ package org.springframework.security.web.jackson2;
 
 import javax.servlet.http.Cookie;
 
+import com.fasterxml.jackson.core.Version;
+import com.fasterxml.jackson.databind.module.SimpleModule;
+
 import org.springframework.security.jackson2.SecurityJackson2Modules;
 import org.springframework.security.web.authentication.WebAuthenticationDetails;
 import org.springframework.security.web.savedrequest.DefaultSavedRequest;
 import org.springframework.security.web.savedrequest.SavedCookie;
 
-import com.fasterxml.jackson.core.Version;
-import com.fasterxml.jackson.databind.module.SimpleModule;
-
 /**
  * Jackson module for spring-security-web related to servlet. This module register
  * {@link CookieMixin}, {@link SavedCookieMixin}, {@link DefaultSavedRequestMixin} and
diff --git a/web/src/main/java/org/springframework/security/web/reactive/result/method/annotation/AuthenticationPrincipalArgumentResolver.java b/web/src/main/java/org/springframework/security/web/reactive/result/method/annotation/AuthenticationPrincipalArgumentResolver.java
index 0a89f290be..323050980a 100644
--- a/web/src/main/java/org/springframework/security/web/reactive/result/method/annotation/AuthenticationPrincipalArgumentResolver.java
+++ b/web/src/main/java/org/springframework/security/web/reactive/result/method/annotation/AuthenticationPrincipalArgumentResolver.java
@@ -18,6 +18,8 @@ package org.springframework.security.web.reactive.result.method.annotation;
 import java.lang.annotation.Annotation;
 
 import org.reactivestreams.Publisher;
+import reactor.core.publisher.Mono;
+
 import org.springframework.core.MethodParameter;
 import org.springframework.core.ReactiveAdapter;
 import org.springframework.core.ReactiveAdapterRegistry;
@@ -36,8 +38,6 @@ import org.springframework.web.reactive.BindingContext;
 import org.springframework.web.reactive.result.method.HandlerMethodArgumentResolverSupport;
 import org.springframework.web.server.ServerWebExchange;
 
-import reactor.core.publisher.Mono;
-
 /**
  * Resolves the Authentication
  *
diff --git a/web/src/main/java/org/springframework/security/web/reactive/result/view/CsrfRequestDataValueProcessor.java b/web/src/main/java/org/springframework/security/web/reactive/result/view/CsrfRequestDataValueProcessor.java
index 9da2ceaec2..af83bc939e 100644
--- a/web/src/main/java/org/springframework/security/web/reactive/result/view/CsrfRequestDataValueProcessor.java
+++ b/web/src/main/java/org/springframework/security/web/reactive/result/view/CsrfRequestDataValueProcessor.java
@@ -16,15 +16,15 @@
 
 package org.springframework.security.web.reactive.result.view;
 
+import java.util.Collections;
+import java.util.Map;
+import java.util.regex.Pattern;
+
 import org.springframework.lang.NonNull;
 import org.springframework.security.web.server.csrf.CsrfToken;
 import org.springframework.web.reactive.result.view.RequestDataValueProcessor;
 import org.springframework.web.server.ServerWebExchange;
 
-import java.util.Collections;
-import java.util.Map;
-import java.util.regex.Pattern;
-
 /**
  * @author Rob Winch
  * @since 5.0
diff --git a/web/src/main/java/org/springframework/security/web/savedrequest/CookieRequestCache.java b/web/src/main/java/org/springframework/security/web/savedrequest/CookieRequestCache.java
index ea7d8e3162..0c827dae38 100644
--- a/web/src/main/java/org/springframework/security/web/savedrequest/CookieRequestCache.java
+++ b/web/src/main/java/org/springframework/security/web/savedrequest/CookieRequestCache.java
@@ -15,8 +15,16 @@
  */
 package org.springframework.security.web.savedrequest;
 
+import java.util.Base64;
+import java.util.HashMap;
+
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+
 import org.springframework.security.web.util.UrlUtils;
 import org.springframework.security.web.util.matcher.AnyRequestMatcher;
 import org.springframework.security.web.util.matcher.RequestMatcher;
@@ -27,12 +35,6 @@ import org.springframework.web.util.UriComponents;
 import org.springframework.web.util.UriComponentsBuilder;
 import org.springframework.web.util.WebUtils;
 
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.util.Base64;
-import java.util.HashMap;
-
 /**
  * An Implementation of {@code RequestCache} which saves the original request URI in a
  * cookie.
diff --git a/web/src/main/java/org/springframework/security/web/savedrequest/DefaultSavedRequest.java b/web/src/main/java/org/springframework/security/web/savedrequest/DefaultSavedRequest.java
index 1384bb8ae5..a1db061978 100644
--- a/web/src/main/java/org/springframework/security/web/savedrequest/DefaultSavedRequest.java
+++ b/web/src/main/java/org/springframework/security/web/savedrequest/DefaultSavedRequest.java
@@ -16,19 +16,28 @@
 
 package org.springframework.security.web.savedrequest;
 
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.Enumeration;
+import java.util.List;
+import java.util.Locale;
+import java.util.Map;
+import java.util.TreeMap;
+
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
+
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.databind.annotation.JsonPOJOBuilder;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+
 import org.springframework.security.web.PortResolver;
 import org.springframework.security.web.util.UrlUtils;
 import org.springframework.util.Assert;
 import org.springframework.util.ObjectUtils;
 
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
-import java.util.*;
-
 /**
  * Represents central information from a {@code HttpServletRequest}.
  * <p>
diff --git a/web/src/main/java/org/springframework/security/web/savedrequest/FastHttpDateFormat.java b/web/src/main/java/org/springframework/security/web/savedrequest/FastHttpDateFormat.java
index 087a4c5b7a..aeac06f347 100644
--- a/web/src/main/java/org/springframework/security/web/savedrequest/FastHttpDateFormat.java
+++ b/web/src/main/java/org/springframework/security/web/savedrequest/FastHttpDateFormat.java
@@ -19,7 +19,6 @@ package org.springframework.security.web.savedrequest;
 import java.text.DateFormat;
 import java.text.ParseException;
 import java.text.SimpleDateFormat;
-
 import java.util.Date;
 import java.util.HashMap;
 import java.util.Locale;
diff --git a/web/src/main/java/org/springframework/security/web/savedrequest/HttpSessionRequestCache.java b/web/src/main/java/org/springframework/security/web/savedrequest/HttpSessionRequestCache.java
index be6947b72e..63e415bcba 100644
--- a/web/src/main/java/org/springframework/security/web/savedrequest/HttpSessionRequestCache.java
+++ b/web/src/main/java/org/springframework/security/web/savedrequest/HttpSessionRequestCache.java
@@ -21,6 +21,7 @@ import javax.servlet.http.HttpSession;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+
 import org.springframework.security.web.PortResolver;
 import org.springframework.security.web.PortResolverImpl;
 import org.springframework.security.web.util.UrlUtils;
diff --git a/web/src/main/java/org/springframework/security/web/savedrequest/SavedCookie.java b/web/src/main/java/org/springframework/security/web/savedrequest/SavedCookie.java
index 88b0522528..922bf169ec 100644
--- a/web/src/main/java/org/springframework/security/web/savedrequest/SavedCookie.java
+++ b/web/src/main/java/org/springframework/security/web/savedrequest/SavedCookie.java
@@ -15,9 +15,10 @@
  */
 package org.springframework.security.web.savedrequest;
 
-import javax.servlet.http.Cookie;
 import java.io.Serializable;
 
+import javax.servlet.http.Cookie;
+
 /**
  * Stores off the values of a cookie in a serializable holder
  *
diff --git a/web/src/main/java/org/springframework/security/web/savedrequest/SimpleSavedRequest.java b/web/src/main/java/org/springframework/security/web/savedrequest/SimpleSavedRequest.java
index 2a6f4aebd6..c04a687f68 100644
--- a/web/src/main/java/org/springframework/security/web/savedrequest/SimpleSavedRequest.java
+++ b/web/src/main/java/org/springframework/security/web/savedrequest/SimpleSavedRequest.java
@@ -15,9 +15,6 @@
  */
 package org.springframework.security.web.savedrequest;
 
-import org.springframework.util.Assert;
-
-import javax.servlet.http.Cookie;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.HashMap;
@@ -25,6 +22,10 @@ import java.util.List;
 import java.util.Locale;
 import java.util.Map;
 
+import javax.servlet.http.Cookie;
+
+import org.springframework.util.Assert;
+
 /**
  * A Bean implementation of SavedRequest
  *
diff --git a/web/src/main/java/org/springframework/security/web/server/DefaultServerRedirectStrategy.java b/web/src/main/java/org/springframework/security/web/server/DefaultServerRedirectStrategy.java
index 3ebc906336..0ce2e0bba7 100644
--- a/web/src/main/java/org/springframework/security/web/server/DefaultServerRedirectStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/server/DefaultServerRedirectStrategy.java
@@ -16,15 +16,16 @@
 
 package org.springframework.security.web.server;
 
+import java.net.URI;
+
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import reactor.core.publisher.Mono;
+
 import org.springframework.http.HttpStatus;
 import org.springframework.http.server.reactive.ServerHttpResponse;
 import org.springframework.util.Assert;
 import org.springframework.web.server.ServerWebExchange;
-import reactor.core.publisher.Mono;
-
-import java.net.URI;
 
 /**
  * The default {@link ServerRedirectStrategy} to use.
diff --git a/web/src/main/java/org/springframework/security/web/server/DelegatingServerAuthenticationEntryPoint.java b/web/src/main/java/org/springframework/security/web/server/DelegatingServerAuthenticationEntryPoint.java
index f8aee9bcb6..40c2f3d177 100644
--- a/web/src/main/java/org/springframework/security/web/server/DelegatingServerAuthenticationEntryPoint.java
+++ b/web/src/main/java/org/springframework/security/web/server/DelegatingServerAuthenticationEntryPoint.java
@@ -16,20 +16,20 @@
 
 package org.springframework.security.web.server;
 
+import java.util.Arrays;
+import java.util.List;
+
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
-import org.springframework.http.HttpStatus;
-import org.springframework.util.Assert;
 import reactor.core.publisher.Flux;
 import reactor.core.publisher.Mono;
 
+import org.springframework.http.HttpStatus;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher;
+import org.springframework.util.Assert;
 import org.springframework.web.server.ServerWebExchange;
 
-import java.util.Arrays;
-import java.util.List;
-
 /**
  * A {@link ServerAuthenticationEntryPoint} which delegates to multiple
  * {@link ServerAuthenticationEntryPoint} based on a {@link ServerWebExchangeMatcher}
diff --git a/web/src/main/java/org/springframework/security/web/server/MatcherSecurityWebFilterChain.java b/web/src/main/java/org/springframework/security/web/server/MatcherSecurityWebFilterChain.java
index 628fee71b9..bd9be5d2dd 100644
--- a/web/src/main/java/org/springframework/security/web/server/MatcherSecurityWebFilterChain.java
+++ b/web/src/main/java/org/springframework/security/web/server/MatcherSecurityWebFilterChain.java
@@ -16,14 +16,15 @@
 
 package org.springframework.security.web.server;
 
+import java.util.List;
+
+import reactor.core.publisher.Flux;
+import reactor.core.publisher.Mono;
+
 import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher;
 import org.springframework.util.Assert;
 import org.springframework.web.server.ServerWebExchange;
 import org.springframework.web.server.WebFilter;
-import reactor.core.publisher.Flux;
-import reactor.core.publisher.Mono;
-
-import java.util.List;
 
 /**
  * A {@link SecurityWebFilterChain} that leverages a {@link ServerWebExchangeMatcher} to
diff --git a/web/src/main/java/org/springframework/security/web/server/SecurityWebFilterChain.java b/web/src/main/java/org/springframework/security/web/server/SecurityWebFilterChain.java
index 3b601e0179..bff9a78028 100644
--- a/web/src/main/java/org/springframework/security/web/server/SecurityWebFilterChain.java
+++ b/web/src/main/java/org/springframework/security/web/server/SecurityWebFilterChain.java
@@ -16,11 +16,12 @@
 
 package org.springframework.security.web.server;
 
-import org.springframework.web.server.ServerWebExchange;
-import org.springframework.web.server.WebFilter;
 import reactor.core.publisher.Flux;
 import reactor.core.publisher.Mono;
 
+import org.springframework.web.server.ServerWebExchange;
+import org.springframework.web.server.WebFilter;
+
 /**
  * Defines a filter chain which is capable of being matched against a
  * {@link ServerWebExchange} in order to decide whether it applies to that request.
diff --git a/web/src/main/java/org/springframework/security/web/server/ServerFormLoginAuthenticationConverter.java b/web/src/main/java/org/springframework/security/web/server/ServerFormLoginAuthenticationConverter.java
index 3909d15d1a..6e12ac2254 100644
--- a/web/src/main/java/org/springframework/security/web/server/ServerFormLoginAuthenticationConverter.java
+++ b/web/src/main/java/org/springframework/security/web/server/ServerFormLoginAuthenticationConverter.java
@@ -15,16 +15,16 @@
  */
 package org.springframework.security.web.server;
 
-import org.springframework.util.Assert;
+import java.util.function.Function;
+
 import reactor.core.publisher.Mono;
 
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
+import org.springframework.util.Assert;
 import org.springframework.util.MultiValueMap;
 import org.springframework.web.server.ServerWebExchange;
 
-import java.util.function.Function;
-
 /**
  * Converts a ServerWebExchange into a UsernamePasswordAuthenticationToken from the form
  * data HTTP parameters.
diff --git a/web/src/main/java/org/springframework/security/web/server/ServerHttpBasicAuthenticationConverter.java b/web/src/main/java/org/springframework/security/web/server/ServerHttpBasicAuthenticationConverter.java
index a56ed3b61c..80d9546ee2 100644
--- a/web/src/main/java/org/springframework/security/web/server/ServerHttpBasicAuthenticationConverter.java
+++ b/web/src/main/java/org/springframework/security/web/server/ServerHttpBasicAuthenticationConverter.java
@@ -18,6 +18,8 @@ package org.springframework.security.web.server;
 import java.util.Base64;
 import java.util.function.Function;
 
+import reactor.core.publisher.Mono;
+
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.server.reactive.ServerHttpRequest;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
@@ -25,8 +27,6 @@ import org.springframework.security.core.Authentication;
 import org.springframework.util.StringUtils;
 import org.springframework.web.server.ServerWebExchange;
 
-import reactor.core.publisher.Mono;
-
 /**
  * Converts from a {@link ServerWebExchange} to an {@link Authentication} that can be
  * authenticated.
diff --git a/web/src/main/java/org/springframework/security/web/server/WebFilterChainProxy.java b/web/src/main/java/org/springframework/security/web/server/WebFilterChainProxy.java
index 75930d2223..1df0d3b8e8 100644
--- a/web/src/main/java/org/springframework/security/web/server/WebFilterChainProxy.java
+++ b/web/src/main/java/org/springframework/security/web/server/WebFilterChainProxy.java
@@ -18,14 +18,14 @@ package org.springframework.security.web.server;
 import java.util.Arrays;
 import java.util.List;
 
+import reactor.core.publisher.Flux;
+import reactor.core.publisher.Mono;
+
 import org.springframework.web.server.ServerWebExchange;
 import org.springframework.web.server.WebFilter;
 import org.springframework.web.server.WebFilterChain;
-
 import org.springframework.web.server.handler.DefaultWebFilterChain;
 import org.springframework.web.server.handler.FilteringWebHandler;
-import reactor.core.publisher.Flux;
-import reactor.core.publisher.Mono;
 
 /**
  * Used to delegate to a List of {@link SecurityWebFilterChain} instances.
diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/AuthenticationConverterServerWebExchangeMatcher.java b/web/src/main/java/org/springframework/security/web/server/authentication/AuthenticationConverterServerWebExchangeMatcher.java
index 7bef478cad..47f7eb3fdf 100644
--- a/web/src/main/java/org/springframework/security/web/server/authentication/AuthenticationConverterServerWebExchangeMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/server/authentication/AuthenticationConverterServerWebExchangeMatcher.java
@@ -16,15 +16,15 @@
 
 package org.springframework.security.web.server.authentication;
 
-import static org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher.MatchResult.match;
-import static org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher.MatchResult.notMatch;
+import reactor.core.publisher.Mono;
 
 import org.springframework.security.core.Authentication;
 import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher;
 import org.springframework.util.Assert;
 import org.springframework.web.server.ServerWebExchange;
 
-import reactor.core.publisher.Mono;
+import static org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher.MatchResult.match;
+import static org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher.MatchResult.notMatch;
 
 /**
  * Matches if the {@link ServerAuthenticationConverter} can convert a
diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/DelegatingServerAuthenticationSuccessHandler.java b/web/src/main/java/org/springframework/security/web/server/authentication/DelegatingServerAuthenticationSuccessHandler.java
index 0440678424..bbda2025bd 100644
--- a/web/src/main/java/org/springframework/security/web/server/authentication/DelegatingServerAuthenticationSuccessHandler.java
+++ b/web/src/main/java/org/springframework/security/web/server/authentication/DelegatingServerAuthenticationSuccessHandler.java
@@ -16,14 +16,15 @@
 
 package org.springframework.security.web.server.authentication;
 
-import org.springframework.security.core.Authentication;
-import org.springframework.security.web.server.WebFilterExchange;
-import org.springframework.util.Assert;
+import java.util.Arrays;
+import java.util.List;
+
 import reactor.core.publisher.Flux;
 import reactor.core.publisher.Mono;
 
-import java.util.Arrays;
-import java.util.List;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.web.server.WebFilterExchange;
+import org.springframework.util.Assert;
 
 /**
  * Delegates to a collection of {@link ServerAuthenticationSuccessHandler}
diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/HttpBasicServerAuthenticationEntryPoint.java b/web/src/main/java/org/springframework/security/web/server/authentication/HttpBasicServerAuthenticationEntryPoint.java
index 1cff591536..e724ba892b 100644
--- a/web/src/main/java/org/springframework/security/web/server/authentication/HttpBasicServerAuthenticationEntryPoint.java
+++ b/web/src/main/java/org/springframework/security/web/server/authentication/HttpBasicServerAuthenticationEntryPoint.java
@@ -15,6 +15,8 @@
  */
 package org.springframework.security.web.server.authentication;
 
+import reactor.core.publisher.Mono;
+
 import org.springframework.http.HttpStatus;
 import org.springframework.http.server.reactive.ServerHttpResponse;
 import org.springframework.security.core.AuthenticationException;
@@ -22,8 +24,6 @@ import org.springframework.security.web.server.ServerAuthenticationEntryPoint;
 import org.springframework.util.Assert;
 import org.springframework.web.server.ServerWebExchange;
 
-import reactor.core.publisher.Mono;
-
 /**
  * Prompts a user for HTTP Basic authentication.
  *
diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/HttpStatusServerEntryPoint.java b/web/src/main/java/org/springframework/security/web/server/authentication/HttpStatusServerEntryPoint.java
index a306473a7a..bde89c52e2 100644
--- a/web/src/main/java/org/springframework/security/web/server/authentication/HttpStatusServerEntryPoint.java
+++ b/web/src/main/java/org/springframework/security/web/server/authentication/HttpStatusServerEntryPoint.java
@@ -16,14 +16,14 @@
 
 package org.springframework.security.web.server.authentication;
 
+import reactor.core.publisher.Mono;
+
 import org.springframework.http.HttpStatus;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.web.server.ServerAuthenticationEntryPoint;
 import org.springframework.util.Assert;
 import org.springframework.web.server.ServerWebExchange;
 
-import reactor.core.publisher.Mono;
-
 /**
  * A {@link ServerAuthenticationEntryPoint} that sends a generic {@link HttpStatus} as a
  * response. Useful for JavaScript clients which cannot use Basic authentication since the
diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/ReactivePreAuthenticatedAuthenticationManager.java b/web/src/main/java/org/springframework/security/web/server/authentication/ReactivePreAuthenticatedAuthenticationManager.java
index 0658897a2f..85e2a3deb1 100644
--- a/web/src/main/java/org/springframework/security/web/server/authentication/ReactivePreAuthenticatedAuthenticationManager.java
+++ b/web/src/main/java/org/springframework/security/web/server/authentication/ReactivePreAuthenticatedAuthenticationManager.java
@@ -15,6 +15,8 @@
  */
 package org.springframework.security.web.server.authentication;
 
+import reactor.core.publisher.Mono;
+
 import org.springframework.security.authentication.AccountStatusUserDetailsChecker;
 import org.springframework.security.authentication.ReactiveAuthenticationManager;
 import org.springframework.security.core.Authentication;
@@ -22,7 +24,6 @@ import org.springframework.security.core.userdetails.ReactiveUserDetailsService;
 import org.springframework.security.core.userdetails.UserDetailsChecker;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
-import reactor.core.publisher.Mono;
 
 /**
  * Reactive version of
diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationEntryPoint.java b/web/src/main/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationEntryPoint.java
index 01424c122b..a6995f45c9 100644
--- a/web/src/main/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationEntryPoint.java
+++ b/web/src/main/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationEntryPoint.java
@@ -18,14 +18,14 @@ package org.springframework.security.web.server.authentication;
 
 import java.net.URI;
 
-import org.springframework.security.web.server.DefaultServerRedirectStrategy;
-import org.springframework.security.web.server.ServerRedirectStrategy;
-import org.springframework.security.web.server.savedrequest.ServerRequestCache;
-import org.springframework.security.web.server.savedrequest.WebSessionServerRequestCache;
 import reactor.core.publisher.Mono;
 
 import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.server.DefaultServerRedirectStrategy;
 import org.springframework.security.web.server.ServerAuthenticationEntryPoint;
+import org.springframework.security.web.server.ServerRedirectStrategy;
+import org.springframework.security.web.server.savedrequest.ServerRequestCache;
+import org.springframework.security.web.server.savedrequest.WebSessionServerRequestCache;
 import org.springframework.util.Assert;
 import org.springframework.web.server.ServerWebExchange;
 
diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationFailureHandler.java b/web/src/main/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationFailureHandler.java
index d648291988..37c1e2de52 100644
--- a/web/src/main/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationFailureHandler.java
+++ b/web/src/main/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationFailureHandler.java
@@ -16,14 +16,15 @@
 
 package org.springframework.security.web.server.authentication;
 
+import java.net.URI;
+
+import reactor.core.publisher.Mono;
+
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.web.server.DefaultServerRedirectStrategy;
 import org.springframework.security.web.server.ServerRedirectStrategy;
 import org.springframework.security.web.server.WebFilterExchange;
 import org.springframework.util.Assert;
-import reactor.core.publisher.Mono;
-
-import java.net.URI;
 
 /**
  * Performs a redirect to a specified location.
diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationSuccessHandler.java b/web/src/main/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationSuccessHandler.java
index 66ebfd5eb4..0f479ef470 100644
--- a/web/src/main/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationSuccessHandler.java
+++ b/web/src/main/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationSuccessHandler.java
@@ -16,6 +16,10 @@
 
 package org.springframework.security.web.server.authentication;
 
+import java.net.URI;
+
+import reactor.core.publisher.Mono;
+
 import org.springframework.security.core.Authentication;
 import org.springframework.security.web.server.DefaultServerRedirectStrategy;
 import org.springframework.security.web.server.ServerRedirectStrategy;
@@ -24,9 +28,6 @@ import org.springframework.security.web.server.savedrequest.ServerRequestCache;
 import org.springframework.security.web.server.savedrequest.WebSessionServerRequestCache;
 import org.springframework.util.Assert;
 import org.springframework.web.server.ServerWebExchange;
-import reactor.core.publisher.Mono;
-
-import java.net.URI;
 
 /**
  * Performs a redirect on authentication success. The default is to redirect to a saved
diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/ServerAuthenticationConverter.java b/web/src/main/java/org/springframework/security/web/server/authentication/ServerAuthenticationConverter.java
index b9f7321a26..90d1327451 100644
--- a/web/src/main/java/org/springframework/security/web/server/authentication/ServerAuthenticationConverter.java
+++ b/web/src/main/java/org/springframework/security/web/server/authentication/ServerAuthenticationConverter.java
@@ -16,11 +16,11 @@
 
 package org.springframework.security.web.server.authentication;
 
+import reactor.core.publisher.Mono;
+
 import org.springframework.security.core.Authentication;
 import org.springframework.web.server.ServerWebExchange;
 
-import reactor.core.publisher.Mono;
-
 /**
  * A strategy used for converting from a {@link ServerWebExchange} to an
  * {@link Authentication} used for authenticating with a provided
diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/ServerAuthenticationEntryPointFailureHandler.java b/web/src/main/java/org/springframework/security/web/server/authentication/ServerAuthenticationEntryPointFailureHandler.java
index 3ee108c4a6..04061d91f9 100644
--- a/web/src/main/java/org/springframework/security/web/server/authentication/ServerAuthenticationEntryPointFailureHandler.java
+++ b/web/src/main/java/org/springframework/security/web/server/authentication/ServerAuthenticationEntryPointFailureHandler.java
@@ -16,11 +16,12 @@
 
 package org.springframework.security.web.server.authentication;
 
+import reactor.core.publisher.Mono;
+
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.web.server.ServerAuthenticationEntryPoint;
 import org.springframework.security.web.server.WebFilterExchange;
 import org.springframework.util.Assert;
-import reactor.core.publisher.Mono;
 
 /**
  * Adapts a {@link ServerAuthenticationEntryPoint} into a
diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/ServerAuthenticationFailureHandler.java b/web/src/main/java/org/springframework/security/web/server/authentication/ServerAuthenticationFailureHandler.java
index cc858e0164..e80f6d5666 100644
--- a/web/src/main/java/org/springframework/security/web/server/authentication/ServerAuthenticationFailureHandler.java
+++ b/web/src/main/java/org/springframework/security/web/server/authentication/ServerAuthenticationFailureHandler.java
@@ -16,9 +16,9 @@
 
 package org.springframework.security.web.server.authentication;
 
-import org.springframework.security.core.AuthenticationException;
 import reactor.core.publisher.Mono;
 
+import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.web.server.WebFilterExchange;
 
 /**
diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/ServerAuthenticationSuccessHandler.java b/web/src/main/java/org/springframework/security/web/server/authentication/ServerAuthenticationSuccessHandler.java
index 77a1460e0a..0ec5bd9bbd 100644
--- a/web/src/main/java/org/springframework/security/web/server/authentication/ServerAuthenticationSuccessHandler.java
+++ b/web/src/main/java/org/springframework/security/web/server/authentication/ServerAuthenticationSuccessHandler.java
@@ -16,9 +16,10 @@
 
 package org.springframework.security.web.server.authentication;
 
+import reactor.core.publisher.Mono;
+
 import org.springframework.security.core.Authentication;
 import org.springframework.security.web.server.WebFilterExchange;
-import reactor.core.publisher.Mono;
 
 /**
  * Handles authentication success
diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/ServerFormLoginAuthenticationConverter.java b/web/src/main/java/org/springframework/security/web/server/authentication/ServerFormLoginAuthenticationConverter.java
index 07ecda24f1..85c028da16 100644
--- a/web/src/main/java/org/springframework/security/web/server/authentication/ServerFormLoginAuthenticationConverter.java
+++ b/web/src/main/java/org/springframework/security/web/server/authentication/ServerFormLoginAuthenticationConverter.java
@@ -15,9 +15,10 @@
  */
 package org.springframework.security.web.server.authentication;
 
+import reactor.core.publisher.Mono;
+
 import org.springframework.security.core.Authentication;
 import org.springframework.web.server.ServerWebExchange;
-import reactor.core.publisher.Mono;
 
 /**
  * Converts a ServerWebExchange into a UsernamePasswordAuthenticationToken from the form
diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/ServerHttpBasicAuthenticationConverter.java b/web/src/main/java/org/springframework/security/web/server/authentication/ServerHttpBasicAuthenticationConverter.java
index 16553e78e9..72d0ca9ec1 100644
--- a/web/src/main/java/org/springframework/security/web/server/authentication/ServerHttpBasicAuthenticationConverter.java
+++ b/web/src/main/java/org/springframework/security/web/server/authentication/ServerHttpBasicAuthenticationConverter.java
@@ -15,9 +15,10 @@
  */
 package org.springframework.security.web.server.authentication;
 
+import reactor.core.publisher.Mono;
+
 import org.springframework.security.core.Authentication;
 import org.springframework.web.server.ServerWebExchange;
-import reactor.core.publisher.Mono;
 
 /**
  * Converts from a {@link ServerWebExchange} to an {@link Authentication} that can be
diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/ServerX509AuthenticationConverter.java b/web/src/main/java/org/springframework/security/web/server/authentication/ServerX509AuthenticationConverter.java
index 00f585b88b..5d2f51a285 100644
--- a/web/src/main/java/org/springframework/security/web/server/authentication/ServerX509AuthenticationConverter.java
+++ b/web/src/main/java/org/springframework/security/web/server/authentication/ServerX509AuthenticationConverter.java
@@ -16,17 +16,18 @@
 
 package org.springframework.security.web.server.authentication;
 
+import java.security.cert.X509Certificate;
+
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import reactor.core.publisher.Mono;
+
 import org.springframework.http.server.reactive.SslInfo;
 import org.springframework.lang.NonNull;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
 import org.springframework.security.web.authentication.preauth.x509.X509PrincipalExtractor;
 import org.springframework.web.server.ServerWebExchange;
-import reactor.core.publisher.Mono;
-
-import java.security.cert.X509Certificate;
 
 /**
  * Converts from a {@link SslInfo} provided by a request to an
diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/SwitchUserWebFilter.java b/web/src/main/java/org/springframework/security/web/server/authentication/SwitchUserWebFilter.java
index 33ab29fab5..e4e45b9e4f 100644
--- a/web/src/main/java/org/springframework/security/web/server/authentication/SwitchUserWebFilter.java
+++ b/web/src/main/java/org/springframework/security/web/server/authentication/SwitchUserWebFilter.java
@@ -16,8 +16,15 @@
 
 package org.springframework.security.web.server.authentication;
 
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.List;
+import java.util.Optional;
+
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import reactor.core.publisher.Mono;
+
 import org.springframework.http.HttpMethod;
 import org.springframework.lang.NonNull;
 import org.springframework.lang.Nullable;
@@ -44,12 +51,6 @@ import org.springframework.util.Assert;
 import org.springframework.web.server.ServerWebExchange;
 import org.springframework.web.server.WebFilter;
 import org.springframework.web.server.WebFilterChain;
-import reactor.core.publisher.Mono;
-
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.List;
-import java.util.Optional;
 
 /**
  * Switch User processing filter responsible for user context switching. A common use-case
diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/WebFilterChainServerAuthenticationSuccessHandler.java b/web/src/main/java/org/springframework/security/web/server/authentication/WebFilterChainServerAuthenticationSuccessHandler.java
index 419bb768b3..6bbbcca670 100644
--- a/web/src/main/java/org/springframework/security/web/server/authentication/WebFilterChainServerAuthenticationSuccessHandler.java
+++ b/web/src/main/java/org/springframework/security/web/server/authentication/WebFilterChainServerAuthenticationSuccessHandler.java
@@ -16,10 +16,11 @@
 
 package org.springframework.security.web.server.authentication;
 
+import reactor.core.publisher.Mono;
+
 import org.springframework.security.core.Authentication;
 import org.springframework.security.web.server.WebFilterExchange;
 import org.springframework.web.server.ServerWebExchange;
-import reactor.core.publisher.Mono;
 
 /**
  * Success handler that continues the filter chain after authentication success.
diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/logout/HeaderWriterServerLogoutHandler.java b/web/src/main/java/org/springframework/security/web/server/authentication/logout/HeaderWriterServerLogoutHandler.java
index 3694bbcb70..ddb29e1d08 100644
--- a/web/src/main/java/org/springframework/security/web/server/authentication/logout/HeaderWriterServerLogoutHandler.java
+++ b/web/src/main/java/org/springframework/security/web/server/authentication/logout/HeaderWriterServerLogoutHandler.java
@@ -15,13 +15,13 @@
  */
 package org.springframework.security.web.server.authentication.logout;
 
+import reactor.core.publisher.Mono;
+
 import org.springframework.security.core.Authentication;
 import org.springframework.security.web.server.WebFilterExchange;
 import org.springframework.security.web.server.header.ServerHttpHeadersWriter;
 import org.springframework.util.Assert;
 
-import reactor.core.publisher.Mono;
-
 /**
  * <p>
  * A {@link ServerLogoutHandler} implementation which writes HTTP headers during logout.
diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/logout/HttpStatusReturningServerLogoutSuccessHandler.java b/web/src/main/java/org/springframework/security/web/server/authentication/logout/HttpStatusReturningServerLogoutSuccessHandler.java
index fba83e1daa..a91eb89888 100644
--- a/web/src/main/java/org/springframework/security/web/server/authentication/logout/HttpStatusReturningServerLogoutSuccessHandler.java
+++ b/web/src/main/java/org/springframework/security/web/server/authentication/logout/HttpStatusReturningServerLogoutSuccessHandler.java
@@ -16,13 +16,13 @@
 
 package org.springframework.security.web.server.authentication.logout;
 
+import reactor.core.publisher.Mono;
+
 import org.springframework.http.HttpStatus;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.web.server.WebFilterExchange;
 import org.springframework.util.Assert;
 
-import reactor.core.publisher.Mono;
-
 /**
  * Implementation of the {@link ServerLogoutSuccessHandler}. By default returns an HTTP
  * status code of {@code 200}. This is useful in REST-type scenarios where a redirect upon
diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/logout/RedirectServerLogoutSuccessHandler.java b/web/src/main/java/org/springframework/security/web/server/authentication/logout/RedirectServerLogoutSuccessHandler.java
index 979411df46..4840376632 100644
--- a/web/src/main/java/org/springframework/security/web/server/authentication/logout/RedirectServerLogoutSuccessHandler.java
+++ b/web/src/main/java/org/springframework/security/web/server/authentication/logout/RedirectServerLogoutSuccessHandler.java
@@ -16,14 +16,15 @@
 
 package org.springframework.security.web.server.authentication.logout;
 
+import java.net.URI;
+
+import reactor.core.publisher.Mono;
+
 import org.springframework.security.core.Authentication;
 import org.springframework.security.web.server.DefaultServerRedirectStrategy;
 import org.springframework.security.web.server.ServerRedirectStrategy;
 import org.springframework.security.web.server.WebFilterExchange;
 import org.springframework.util.Assert;
-import reactor.core.publisher.Mono;
-
-import java.net.URI;
 
 /**
  * Performs a redirect on log out success.
diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/logout/SecurityContextServerLogoutHandler.java b/web/src/main/java/org/springframework/security/web/server/authentication/logout/SecurityContextServerLogoutHandler.java
index 76647e1abe..19f1e4e4e0 100644
--- a/web/src/main/java/org/springframework/security/web/server/authentication/logout/SecurityContextServerLogoutHandler.java
+++ b/web/src/main/java/org/springframework/security/web/server/authentication/logout/SecurityContextServerLogoutHandler.java
@@ -16,12 +16,13 @@
 
 package org.springframework.security.web.server.authentication.logout;
 
+import reactor.core.publisher.Mono;
+
 import org.springframework.security.core.Authentication;
-import org.springframework.security.web.server.context.ServerSecurityContextRepository;
 import org.springframework.security.web.server.WebFilterExchange;
+import org.springframework.security.web.server.context.ServerSecurityContextRepository;
 import org.springframework.security.web.server.context.WebSessionServerSecurityContextRepository;
 import org.springframework.util.Assert;
-import reactor.core.publisher.Mono;
 
 /**
  * A {@link ServerLogoutHandler} which removes the SecurityContext using the provided
diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/logout/ServerLogoutHandler.java b/web/src/main/java/org/springframework/security/web/server/authentication/logout/ServerLogoutHandler.java
index 5f1d8cda5e..e9f6176296 100644
--- a/web/src/main/java/org/springframework/security/web/server/authentication/logout/ServerLogoutHandler.java
+++ b/web/src/main/java/org/springframework/security/web/server/authentication/logout/ServerLogoutHandler.java
@@ -16,9 +16,10 @@
 
 package org.springframework.security.web.server.authentication.logout;
 
+import reactor.core.publisher.Mono;
+
 import org.springframework.security.core.Authentication;
 import org.springframework.security.web.server.WebFilterExchange;
-import reactor.core.publisher.Mono;
 
 /**
  * Handles log out
diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/logout/ServerLogoutSuccessHandler.java b/web/src/main/java/org/springframework/security/web/server/authentication/logout/ServerLogoutSuccessHandler.java
index d7c92d9401..9e8a836ad2 100644
--- a/web/src/main/java/org/springframework/security/web/server/authentication/logout/ServerLogoutSuccessHandler.java
+++ b/web/src/main/java/org/springframework/security/web/server/authentication/logout/ServerLogoutSuccessHandler.java
@@ -16,9 +16,10 @@
 
 package org.springframework.security.web.server.authentication.logout;
 
+import reactor.core.publisher.Mono;
+
 import org.springframework.security.core.Authentication;
 import org.springframework.security.web.server.WebFilterExchange;
-import reactor.core.publisher.Mono;
 
 /**
  * Strategy for when log out was successfully performed (typically after
diff --git a/web/src/main/java/org/springframework/security/web/server/authorization/AuthorizationContext.java b/web/src/main/java/org/springframework/security/web/server/authorization/AuthorizationContext.java
index 7a3ec0ea8c..2f8bd8dfc6 100644
--- a/web/src/main/java/org/springframework/security/web/server/authorization/AuthorizationContext.java
+++ b/web/src/main/java/org/springframework/security/web/server/authorization/AuthorizationContext.java
@@ -16,11 +16,11 @@
 
 package org.springframework.security.web.server.authorization;
 
-import org.springframework.web.server.ServerWebExchange;
-
 import java.util.Collections;
 import java.util.Map;
 
+import org.springframework.web.server.ServerWebExchange;
+
 /**
  * @author Rob Winch
  * @since 5.0
diff --git a/web/src/main/java/org/springframework/security/web/server/authorization/AuthorizationWebFilter.java b/web/src/main/java/org/springframework/security/web/server/authorization/AuthorizationWebFilter.java
index c4db84b195..07ce081b55 100644
--- a/web/src/main/java/org/springframework/security/web/server/authorization/AuthorizationWebFilter.java
+++ b/web/src/main/java/org/springframework/security/web/server/authorization/AuthorizationWebFilter.java
@@ -17,6 +17,8 @@ package org.springframework.security.web.server.authorization;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import reactor.core.publisher.Mono;
+
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.authorization.ReactiveAuthorizationManager;
 import org.springframework.security.core.context.ReactiveSecurityContextHolder;
@@ -25,8 +27,6 @@ import org.springframework.web.server.ServerWebExchange;
 import org.springframework.web.server.WebFilter;
 import org.springframework.web.server.WebFilterChain;
 
-import reactor.core.publisher.Mono;
-
 /**
  * @author Rob Winch
  * @author Mathieu Ouellet
diff --git a/web/src/main/java/org/springframework/security/web/server/authorization/DelegatingReactiveAuthorizationManager.java b/web/src/main/java/org/springframework/security/web/server/authorization/DelegatingReactiveAuthorizationManager.java
index 1256d888b5..5799269cb8 100644
--- a/web/src/main/java/org/springframework/security/web/server/authorization/DelegatingReactiveAuthorizationManager.java
+++ b/web/src/main/java/org/springframework/security/web/server/authorization/DelegatingReactiveAuthorizationManager.java
@@ -15,8 +15,14 @@
  */
 package org.springframework.security.web.server.authorization;
 
+import java.util.ArrayList;
+import java.util.List;
+
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import reactor.core.publisher.Flux;
+import reactor.core.publisher.Mono;
+
 import org.springframework.security.authorization.AuthorizationDecision;
 import org.springframework.security.authorization.ReactiveAuthorizationManager;
 import org.springframework.security.core.Authentication;
@@ -24,12 +30,6 @@ import org.springframework.security.web.server.util.matcher.ServerWebExchangeMat
 import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcherEntry;
 import org.springframework.web.server.ServerWebExchange;
 
-import reactor.core.publisher.Flux;
-import reactor.core.publisher.Mono;
-
-import java.util.ArrayList;
-import java.util.List;
-
 /**
  * @author Rob Winch
  * @author Mathieu Ouellet
diff --git a/web/src/main/java/org/springframework/security/web/server/authorization/HttpStatusServerAccessDeniedHandler.java b/web/src/main/java/org/springframework/security/web/server/authorization/HttpStatusServerAccessDeniedHandler.java
index a0019b5c8b..58a2308a9c 100644
--- a/web/src/main/java/org/springframework/security/web/server/authorization/HttpStatusServerAccessDeniedHandler.java
+++ b/web/src/main/java/org/springframework/security/web/server/authorization/HttpStatusServerAccessDeniedHandler.java
@@ -16,19 +16,19 @@
 
 package org.springframework.security.web.server.authorization;
 
+import java.nio.charset.Charset;
+
+import reactor.core.publisher.Mono;
+
 import org.springframework.core.io.buffer.DataBuffer;
 import org.springframework.core.io.buffer.DataBufferFactory;
 import org.springframework.core.io.buffer.DataBufferUtils;
-import org.springframework.http.MediaType;
-import reactor.core.publisher.Mono;
-
 import org.springframework.http.HttpStatus;
+import org.springframework.http.MediaType;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.util.Assert;
 import org.springframework.web.server.ServerWebExchange;
 
-import java.nio.charset.Charset;
-
 /**
  * Sets the provided HTTP Status when access is denied.
  *
diff --git a/web/src/main/java/org/springframework/security/web/server/authorization/ServerAccessDeniedHandler.java b/web/src/main/java/org/springframework/security/web/server/authorization/ServerAccessDeniedHandler.java
index 72780e301f..c466da293c 100644
--- a/web/src/main/java/org/springframework/security/web/server/authorization/ServerAccessDeniedHandler.java
+++ b/web/src/main/java/org/springframework/security/web/server/authorization/ServerAccessDeniedHandler.java
@@ -15,9 +15,10 @@
  */
 package org.springframework.security.web.server.authorization;
 
+import reactor.core.publisher.Mono;
+
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.web.server.ServerWebExchange;
-import reactor.core.publisher.Mono;
 
 /**
  * @author Rob Winch
diff --git a/web/src/main/java/org/springframework/security/web/server/context/NoOpServerSecurityContextRepository.java b/web/src/main/java/org/springframework/security/web/server/context/NoOpServerSecurityContextRepository.java
index 7594406daa..42e1ee275e 100644
--- a/web/src/main/java/org/springframework/security/web/server/context/NoOpServerSecurityContextRepository.java
+++ b/web/src/main/java/org/springframework/security/web/server/context/NoOpServerSecurityContextRepository.java
@@ -16,9 +16,10 @@
 
 package org.springframework.security.web.server.context;
 
+import reactor.core.publisher.Mono;
+
 import org.springframework.security.core.context.SecurityContext;
 import org.springframework.web.server.ServerWebExchange;
-import reactor.core.publisher.Mono;
 
 /**
  * A do nothing implementation of {@link ServerSecurityContextRepository}. Used in
diff --git a/web/src/main/java/org/springframework/security/web/server/context/ReactorContextWebFilter.java b/web/src/main/java/org/springframework/security/web/server/context/ReactorContextWebFilter.java
index 87c5010dbc..dc02c90d32 100644
--- a/web/src/main/java/org/springframework/security/web/server/context/ReactorContextWebFilter.java
+++ b/web/src/main/java/org/springframework/security/web/server/context/ReactorContextWebFilter.java
@@ -15,14 +15,15 @@
  */
 package org.springframework.security.web.server.context;
 
+import reactor.core.publisher.Mono;
+import reactor.util.context.Context;
+
 import org.springframework.security.core.context.ReactiveSecurityContextHolder;
 import org.springframework.security.core.context.SecurityContext;
 import org.springframework.util.Assert;
 import org.springframework.web.server.ServerWebExchange;
 import org.springframework.web.server.WebFilter;
 import org.springframework.web.server.WebFilterChain;
-import reactor.core.publisher.Mono;
-import reactor.util.context.Context;
 
 /**
  * Uses a {@link ServerSecurityContextRepository} to provide the {@link SecurityContext}
diff --git a/web/src/main/java/org/springframework/security/web/server/context/SecurityContextServerWebExchange.java b/web/src/main/java/org/springframework/security/web/server/context/SecurityContextServerWebExchange.java
index 24bf2a08ff..0008931bea 100644
--- a/web/src/main/java/org/springframework/security/web/server/context/SecurityContextServerWebExchange.java
+++ b/web/src/main/java/org/springframework/security/web/server/context/SecurityContextServerWebExchange.java
@@ -17,12 +17,12 @@ package org.springframework.security.web.server.context;
 
 import java.security.Principal;
 
+import reactor.core.publisher.Mono;
+
 import org.springframework.security.core.context.SecurityContext;
 import org.springframework.web.server.ServerWebExchange;
 import org.springframework.web.server.ServerWebExchangeDecorator;
 
-import reactor.core.publisher.Mono;
-
 /**
  * Overrides the {@link ServerWebExchange#getPrincipal()} with the provided
  * SecurityContext
diff --git a/web/src/main/java/org/springframework/security/web/server/context/SecurityContextServerWebExchangeWebFilter.java b/web/src/main/java/org/springframework/security/web/server/context/SecurityContextServerWebExchangeWebFilter.java
index bc9b970a8a..91346b9216 100644
--- a/web/src/main/java/org/springframework/security/web/server/context/SecurityContextServerWebExchangeWebFilter.java
+++ b/web/src/main/java/org/springframework/security/web/server/context/SecurityContextServerWebExchangeWebFilter.java
@@ -16,11 +16,12 @@
 
 package org.springframework.security.web.server.context;
 
+import reactor.core.publisher.Mono;
+
 import org.springframework.security.core.context.ReactiveSecurityContextHolder;
 import org.springframework.web.server.ServerWebExchange;
 import org.springframework.web.server.WebFilter;
 import org.springframework.web.server.WebFilterChain;
-import reactor.core.publisher.Mono;
 
 /**
  * Override the {@link ServerWebExchange#getPrincipal()} to be looked up using
diff --git a/web/src/main/java/org/springframework/security/web/server/context/ServerSecurityContextRepository.java b/web/src/main/java/org/springframework/security/web/server/context/ServerSecurityContextRepository.java
index fd7f333fa6..b895187271 100644
--- a/web/src/main/java/org/springframework/security/web/server/context/ServerSecurityContextRepository.java
+++ b/web/src/main/java/org/springframework/security/web/server/context/ServerSecurityContextRepository.java
@@ -15,11 +15,11 @@
  */
 package org.springframework.security.web.server.context;
 
+import reactor.core.publisher.Mono;
+
 import org.springframework.security.core.context.SecurityContext;
 import org.springframework.web.server.ServerWebExchange;
 
-import reactor.core.publisher.Mono;
-
 /**
  * Strategy used for persisting a {@link SecurityContext} between requests.
  *
diff --git a/web/src/main/java/org/springframework/security/web/server/context/WebSessionServerSecurityContextRepository.java b/web/src/main/java/org/springframework/security/web/server/context/WebSessionServerSecurityContextRepository.java
index 9757a3b38b..f6cde328bd 100644
--- a/web/src/main/java/org/springframework/security/web/server/context/WebSessionServerSecurityContextRepository.java
+++ b/web/src/main/java/org/springframework/security/web/server/context/WebSessionServerSecurityContextRepository.java
@@ -17,12 +17,12 @@ package org.springframework.security.web.server.context;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import reactor.core.publisher.Mono;
+
 import org.springframework.security.core.context.SecurityContext;
 import org.springframework.util.Assert;
 import org.springframework.web.server.ServerWebExchange;
 
-import reactor.core.publisher.Mono;
-
 /**
  * Stores the {@link SecurityContext} in the
  * {@link org.springframework.web.server.WebSession}. When a {@link SecurityContext} is
diff --git a/web/src/main/java/org/springframework/security/web/server/csrf/CookieServerCsrfTokenRepository.java b/web/src/main/java/org/springframework/security/web/server/csrf/CookieServerCsrfTokenRepository.java
index a8235c34b1..85d0119544 100644
--- a/web/src/main/java/org/springframework/security/web/server/csrf/CookieServerCsrfTokenRepository.java
+++ b/web/src/main/java/org/springframework/security/web/server/csrf/CookieServerCsrfTokenRepository.java
@@ -18,6 +18,8 @@ package org.springframework.security.web.server.csrf;
 
 import java.util.UUID;
 
+import reactor.core.publisher.Mono;
+
 import org.springframework.http.HttpCookie;
 import org.springframework.http.ResponseCookie;
 import org.springframework.http.server.reactive.ServerHttpRequest;
@@ -25,8 +27,6 @@ import org.springframework.util.Assert;
 import org.springframework.util.StringUtils;
 import org.springframework.web.server.ServerWebExchange;
 
-import reactor.core.publisher.Mono;
-
 /**
  * A {@link ServerCsrfTokenRepository} that persists the CSRF token in a cookie named
  * "XSRF-TOKEN" and reads from the header "X-XSRF-TOKEN" following the conventions of
diff --git a/web/src/main/java/org/springframework/security/web/server/csrf/CsrfServerLogoutHandler.java b/web/src/main/java/org/springframework/security/web/server/csrf/CsrfServerLogoutHandler.java
index 5e6955bc3c..20d39774ef 100644
--- a/web/src/main/java/org/springframework/security/web/server/csrf/CsrfServerLogoutHandler.java
+++ b/web/src/main/java/org/springframework/security/web/server/csrf/CsrfServerLogoutHandler.java
@@ -16,13 +16,13 @@
 
 package org.springframework.security.web.server.csrf;
 
+import reactor.core.publisher.Mono;
+
 import org.springframework.security.core.Authentication;
 import org.springframework.security.web.server.WebFilterExchange;
 import org.springframework.security.web.server.authentication.logout.ServerLogoutHandler;
 import org.springframework.util.Assert;
 
-import reactor.core.publisher.Mono;
-
 /**
  * {@link CsrfServerLogoutHandler} is in charge of removing the {@link CsrfToken} upon
  * logout. A new {@link CsrfToken} will then be generated by the framework upon the next
diff --git a/web/src/main/java/org/springframework/security/web/server/csrf/CsrfWebFilter.java b/web/src/main/java/org/springframework/security/web/server/csrf/CsrfWebFilter.java
index 3803f3d8a4..007b205128 100644
--- a/web/src/main/java/org/springframework/security/web/server/csrf/CsrfWebFilter.java
+++ b/web/src/main/java/org/springframework/security/web/server/csrf/CsrfWebFilter.java
@@ -16,6 +16,12 @@
 
 package org.springframework.security.web.server.csrf;
 
+import java.util.Arrays;
+import java.util.HashSet;
+import java.util.Set;
+
+import reactor.core.publisher.Mono;
+
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpMethod;
 import org.springframework.http.HttpStatus;
@@ -29,11 +35,6 @@ import org.springframework.util.Assert;
 import org.springframework.web.server.ServerWebExchange;
 import org.springframework.web.server.WebFilter;
 import org.springframework.web.server.WebFilterChain;
-import reactor.core.publisher.Mono;
-
-import java.util.Arrays;
-import java.util.HashSet;
-import java.util.Set;
 
 import static java.lang.Boolean.TRUE;
 
diff --git a/web/src/main/java/org/springframework/security/web/server/csrf/ServerCsrfTokenRepository.java b/web/src/main/java/org/springframework/security/web/server/csrf/ServerCsrfTokenRepository.java
index 85871853dd..e4d9262f77 100644
--- a/web/src/main/java/org/springframework/security/web/server/csrf/ServerCsrfTokenRepository.java
+++ b/web/src/main/java/org/springframework/security/web/server/csrf/ServerCsrfTokenRepository.java
@@ -15,9 +15,10 @@
  */
 package org.springframework.security.web.server.csrf;
 
-import org.springframework.web.server.ServerWebExchange;
 import reactor.core.publisher.Mono;
 
+import org.springframework.web.server.ServerWebExchange;
+
 /**
  * An API to allow changing the method in which the expected {@link CsrfToken} is
  * associated to the {@link ServerWebExchange}. For example, it may be stored in
diff --git a/web/src/main/java/org/springframework/security/web/server/csrf/WebSessionServerCsrfTokenRepository.java b/web/src/main/java/org/springframework/security/web/server/csrf/WebSessionServerCsrfTokenRepository.java
index b723141f64..ccd785ea61 100644
--- a/web/src/main/java/org/springframework/security/web/server/csrf/WebSessionServerCsrfTokenRepository.java
+++ b/web/src/main/java/org/springframework/security/web/server/csrf/WebSessionServerCsrfTokenRepository.java
@@ -15,15 +15,17 @@
  */
 package org.springframework.security.web.server.csrf;
 
-import org.springframework.util.Assert;
-import org.springframework.web.server.ServerWebExchange;
-import reactor.core.publisher.Mono;
-import reactor.core.scheduler.Schedulers;
+import java.util.Map;
+import java.util.UUID;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpSession;
-import java.util.Map;
-import java.util.UUID;
+
+import reactor.core.publisher.Mono;
+import reactor.core.scheduler.Schedulers;
+
+import org.springframework.util.Assert;
+import org.springframework.web.server.ServerWebExchange;
 
 /**
  * A {@link ServerCsrfTokenRepository} that stores the {@link CsrfToken} in the
diff --git a/web/src/main/java/org/springframework/security/web/server/header/CacheControlServerHttpHeadersWriter.java b/web/src/main/java/org/springframework/security/web/server/header/CacheControlServerHttpHeadersWriter.java
index 3268cdb4ce..ea6d37057d 100644
--- a/web/src/main/java/org/springframework/security/web/server/header/CacheControlServerHttpHeadersWriter.java
+++ b/web/src/main/java/org/springframework/security/web/server/header/CacheControlServerHttpHeadersWriter.java
@@ -15,12 +15,12 @@
  */
 package org.springframework.security.web.server.header;
 
+import reactor.core.publisher.Mono;
+
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpStatus;
 import org.springframework.web.server.ServerWebExchange;
 
-import reactor.core.publisher.Mono;
-
 /**
  * Writes cache control related headers.
  *
diff --git a/web/src/main/java/org/springframework/security/web/server/header/CompositeServerHttpHeadersWriter.java b/web/src/main/java/org/springframework/security/web/server/header/CompositeServerHttpHeadersWriter.java
index f44115cc60..896a72b87a 100644
--- a/web/src/main/java/org/springframework/security/web/server/header/CompositeServerHttpHeadersWriter.java
+++ b/web/src/main/java/org/springframework/security/web/server/header/CompositeServerHttpHeadersWriter.java
@@ -15,12 +15,13 @@
  */
 package org.springframework.security.web.server.header;
 
-import org.springframework.web.server.ServerWebExchange;
+import java.util.Arrays;
+import java.util.List;
+
 import reactor.core.publisher.Flux;
 import reactor.core.publisher.Mono;
 
-import java.util.Arrays;
-import java.util.List;
+import org.springframework.web.server.ServerWebExchange;
 
 /**
  * Combines multiple {@link ServerHttpHeadersWriter} instances into a single instance.
diff --git a/web/src/main/java/org/springframework/security/web/server/header/ContentTypeOptionsServerHttpHeadersWriter.java b/web/src/main/java/org/springframework/security/web/server/header/ContentTypeOptionsServerHttpHeadersWriter.java
index 79b8d0082f..bd2f33f783 100644
--- a/web/src/main/java/org/springframework/security/web/server/header/ContentTypeOptionsServerHttpHeadersWriter.java
+++ b/web/src/main/java/org/springframework/security/web/server/header/ContentTypeOptionsServerHttpHeadersWriter.java
@@ -15,9 +15,10 @@
  */
 package org.springframework.security.web.server.header;
 
-import org.springframework.web.server.ServerWebExchange;
 import reactor.core.publisher.Mono;
 
+import org.springframework.web.server.ServerWebExchange;
+
 /**
  * Adds X-Content-Type-Options: nosniff
  *
diff --git a/web/src/main/java/org/springframework/security/web/server/header/HttpHeaderWriterWebFilter.java b/web/src/main/java/org/springframework/security/web/server/header/HttpHeaderWriterWebFilter.java
index c3805a8187..d147bc74eb 100644
--- a/web/src/main/java/org/springframework/security/web/server/header/HttpHeaderWriterWebFilter.java
+++ b/web/src/main/java/org/springframework/security/web/server/header/HttpHeaderWriterWebFilter.java
@@ -15,13 +15,13 @@
  */
 package org.springframework.security.web.server.header;
 
+import reactor.core.publisher.Mono;
+
 import org.springframework.http.server.reactive.ServerHttpResponse;
 import org.springframework.web.server.ServerWebExchange;
 import org.springframework.web.server.WebFilter;
 import org.springframework.web.server.WebFilterChain;
 
-import reactor.core.publisher.Mono;
-
 /**
  * Invokes a {@link ServerHttpHeadersWriter} on
  * {@link ServerHttpResponse#beforeCommit(java.util.function.Supplier)}.
diff --git a/web/src/main/java/org/springframework/security/web/server/header/ServerHttpHeadersWriter.java b/web/src/main/java/org/springframework/security/web/server/header/ServerHttpHeadersWriter.java
index cbfd478f9b..191a64a608 100644
--- a/web/src/main/java/org/springframework/security/web/server/header/ServerHttpHeadersWriter.java
+++ b/web/src/main/java/org/springframework/security/web/server/header/ServerHttpHeadersWriter.java
@@ -17,11 +17,11 @@ package org.springframework.security.web.server.header;
 
 import java.util.function.Supplier;
 
+import reactor.core.publisher.Mono;
+
 import org.springframework.http.server.reactive.ServerHttpResponse;
 import org.springframework.web.server.ServerWebExchange;
 
-import reactor.core.publisher.Mono;
-
 /**
  * Interface for writing headers just before the response is committed.
  *
diff --git a/web/src/main/java/org/springframework/security/web/server/header/StaticServerHttpHeadersWriter.java b/web/src/main/java/org/springframework/security/web/server/header/StaticServerHttpHeadersWriter.java
index 4dcc9e38fc..42d0596d7f 100644
--- a/web/src/main/java/org/springframework/security/web/server/header/StaticServerHttpHeadersWriter.java
+++ b/web/src/main/java/org/springframework/security/web/server/header/StaticServerHttpHeadersWriter.java
@@ -18,11 +18,11 @@ package org.springframework.security.web.server.header;
 import java.util.Arrays;
 import java.util.Collections;
 
+import reactor.core.publisher.Mono;
+
 import org.springframework.http.HttpHeaders;
 import org.springframework.web.server.ServerWebExchange;
 
-import reactor.core.publisher.Mono;
-
 /**
  * Allows specifying {@link HttpHeaders} that should be written to the response.
  *
diff --git a/web/src/main/java/org/springframework/security/web/server/header/StrictTransportSecurityServerHttpHeadersWriter.java b/web/src/main/java/org/springframework/security/web/server/header/StrictTransportSecurityServerHttpHeadersWriter.java
index d78942e610..f81989f94c 100644
--- a/web/src/main/java/org/springframework/security/web/server/header/StrictTransportSecurityServerHttpHeadersWriter.java
+++ b/web/src/main/java/org/springframework/security/web/server/header/StrictTransportSecurityServerHttpHeadersWriter.java
@@ -17,10 +17,10 @@ package org.springframework.security.web.server.header;
 
 import java.time.Duration;
 
-import org.springframework.web.server.ServerWebExchange;
-
 import reactor.core.publisher.Mono;
 
+import org.springframework.web.server.ServerWebExchange;
+
 /**
  * Writes the Strict-Transport-Security if the request is secure.
  *
diff --git a/web/src/main/java/org/springframework/security/web/server/header/XContentTypeOptionsServerHttpHeadersWriter.java b/web/src/main/java/org/springframework/security/web/server/header/XContentTypeOptionsServerHttpHeadersWriter.java
index 4da90b5852..98edc40a93 100644
--- a/web/src/main/java/org/springframework/security/web/server/header/XContentTypeOptionsServerHttpHeadersWriter.java
+++ b/web/src/main/java/org/springframework/security/web/server/header/XContentTypeOptionsServerHttpHeadersWriter.java
@@ -15,10 +15,10 @@
  */
 package org.springframework.security.web.server.header;
 
-import org.springframework.web.server.ServerWebExchange;
-
 import reactor.core.publisher.Mono;
 
+import org.springframework.web.server.ServerWebExchange;
+
 /**
  * Adds X-Content-Type-Options: nosniff
  *
diff --git a/web/src/main/java/org/springframework/security/web/server/header/XFrameOptionsServerHttpHeadersWriter.java b/web/src/main/java/org/springframework/security/web/server/header/XFrameOptionsServerHttpHeadersWriter.java
index e8e417fe83..cb5a64c9c8 100644
--- a/web/src/main/java/org/springframework/security/web/server/header/XFrameOptionsServerHttpHeadersWriter.java
+++ b/web/src/main/java/org/springframework/security/web/server/header/XFrameOptionsServerHttpHeadersWriter.java
@@ -15,10 +15,10 @@
  */
 package org.springframework.security.web.server.header;
 
-import org.springframework.web.server.ServerWebExchange;
-
 import reactor.core.publisher.Mono;
 
+import org.springframework.web.server.ServerWebExchange;
+
 /**
  * {@code ServerHttpHeadersWriter} implementation for the X-Frame-Options headers.
  *
diff --git a/web/src/main/java/org/springframework/security/web/server/header/XXssProtectionServerHttpHeadersWriter.java b/web/src/main/java/org/springframework/security/web/server/header/XXssProtectionServerHttpHeadersWriter.java
index a05e53e5b2..54f9711b71 100644
--- a/web/src/main/java/org/springframework/security/web/server/header/XXssProtectionServerHttpHeadersWriter.java
+++ b/web/src/main/java/org/springframework/security/web/server/header/XXssProtectionServerHttpHeadersWriter.java
@@ -15,10 +15,10 @@
  */
 package org.springframework.security.web.server.header;
 
-import org.springframework.web.server.ServerWebExchange;
-
 import reactor.core.publisher.Mono;
 
+import org.springframework.web.server.ServerWebExchange;
+
 /**
  * Add the x-xss-protection header.
  *
diff --git a/web/src/main/java/org/springframework/security/web/server/jackson2/WebServerJackson2Module.java b/web/src/main/java/org/springframework/security/web/server/jackson2/WebServerJackson2Module.java
index 20f7616275..ce75493721 100644
--- a/web/src/main/java/org/springframework/security/web/server/jackson2/WebServerJackson2Module.java
+++ b/web/src/main/java/org/springframework/security/web/server/jackson2/WebServerJackson2Module.java
@@ -18,6 +18,7 @@ package org.springframework.security.web.server.jackson2;
 
 import com.fasterxml.jackson.core.Version;
 import com.fasterxml.jackson.databind.module.SimpleModule;
+
 import org.springframework.security.jackson2.SecurityJackson2Modules;
 import org.springframework.security.web.server.csrf.DefaultCsrfToken;
 
diff --git a/web/src/main/java/org/springframework/security/web/server/savedrequest/CookieServerRequestCache.java b/web/src/main/java/org/springframework/security/web/server/savedrequest/CookieServerRequestCache.java
index 1a28061aa6..7f74da047f 100644
--- a/web/src/main/java/org/springframework/security/web/server/savedrequest/CookieServerRequestCache.java
+++ b/web/src/main/java/org/springframework/security/web/server/savedrequest/CookieServerRequestCache.java
@@ -16,8 +16,15 @@
 
 package org.springframework.security.web.server.savedrequest;
 
+import java.net.URI;
+import java.time.Duration;
+import java.util.Base64;
+import java.util.Collections;
+
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import reactor.core.publisher.Mono;
+
 import org.springframework.http.HttpCookie;
 import org.springframework.http.HttpMethod;
 import org.springframework.http.MediaType;
@@ -32,12 +39,6 @@ import org.springframework.security.web.server.util.matcher.ServerWebExchangeMat
 import org.springframework.util.Assert;
 import org.springframework.util.MultiValueMap;
 import org.springframework.web.server.ServerWebExchange;
-import reactor.core.publisher.Mono;
-
-import java.net.URI;
-import java.time.Duration;
-import java.util.Base64;
-import java.util.Collections;
 
 /**
  * An implementation of {@link ServerRequestCache} that saves the requested URI in a
diff --git a/web/src/main/java/org/springframework/security/web/server/savedrequest/NoOpServerRequestCache.java b/web/src/main/java/org/springframework/security/web/server/savedrequest/NoOpServerRequestCache.java
index 87b1f0bcd0..b14c64db85 100644
--- a/web/src/main/java/org/springframework/security/web/server/savedrequest/NoOpServerRequestCache.java
+++ b/web/src/main/java/org/springframework/security/web/server/savedrequest/NoOpServerRequestCache.java
@@ -16,11 +16,12 @@
 
 package org.springframework.security.web.server.savedrequest;
 
-import org.springframework.http.server.reactive.ServerHttpRequest;
-import org.springframework.web.server.ServerWebExchange;
+import java.net.URI;
+
 import reactor.core.publisher.Mono;
 
-import java.net.URI;
+import org.springframework.http.server.reactive.ServerHttpRequest;
+import org.springframework.web.server.ServerWebExchange;
 
 /**
  * An implementation of {@link ServerRequestCache} that does nothing. This is used in
diff --git a/web/src/main/java/org/springframework/security/web/server/savedrequest/ServerRequestCache.java b/web/src/main/java/org/springframework/security/web/server/savedrequest/ServerRequestCache.java
index 147042ed6b..d0e07cd151 100644
--- a/web/src/main/java/org/springframework/security/web/server/savedrequest/ServerRequestCache.java
+++ b/web/src/main/java/org/springframework/security/web/server/savedrequest/ServerRequestCache.java
@@ -16,11 +16,12 @@
 
 package org.springframework.security.web.server.savedrequest;
 
-import org.springframework.http.server.reactive.ServerHttpRequest;
-import org.springframework.web.server.ServerWebExchange;
+import java.net.URI;
+
 import reactor.core.publisher.Mono;
 
-import java.net.URI;
+import org.springframework.http.server.reactive.ServerHttpRequest;
+import org.springframework.web.server.ServerWebExchange;
 
 /**
  * Saves a {@link ServerHttpRequest} so it can be "replayed" later. This is useful for
diff --git a/web/src/main/java/org/springframework/security/web/server/savedrequest/ServerRequestCacheWebFilter.java b/web/src/main/java/org/springframework/security/web/server/savedrequest/ServerRequestCacheWebFilter.java
index 176fcfca50..846b17fa40 100644
--- a/web/src/main/java/org/springframework/security/web/server/savedrequest/ServerRequestCacheWebFilter.java
+++ b/web/src/main/java/org/springframework/security/web/server/savedrequest/ServerRequestCacheWebFilter.java
@@ -16,11 +16,12 @@
 
 package org.springframework.security.web.server.savedrequest;
 
+import reactor.core.publisher.Mono;
+
 import org.springframework.util.Assert;
 import org.springframework.web.server.ServerWebExchange;
 import org.springframework.web.server.WebFilter;
 import org.springframework.web.server.WebFilterChain;
-import reactor.core.publisher.Mono;
 
 /**
  * A {@link WebFilter} that replays any matching request in {@link ServerRequestCache}
diff --git a/web/src/main/java/org/springframework/security/web/server/savedrequest/WebSessionServerRequestCache.java b/web/src/main/java/org/springframework/security/web/server/savedrequest/WebSessionServerRequestCache.java
index 01afc67356..d30a128cc3 100644
--- a/web/src/main/java/org/springframework/security/web/server/savedrequest/WebSessionServerRequestCache.java
+++ b/web/src/main/java/org/springframework/security/web/server/savedrequest/WebSessionServerRequestCache.java
@@ -16,8 +16,13 @@
 
 package org.springframework.security.web.server.savedrequest;
 
+import java.net.URI;
+import java.util.Collections;
+
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import reactor.core.publisher.Mono;
+
 import org.springframework.http.HttpMethod;
 import org.springframework.http.MediaType;
 import org.springframework.http.server.reactive.ServerHttpRequest;
@@ -30,10 +35,6 @@ import org.springframework.security.web.server.util.matcher.ServerWebExchangeMat
 import org.springframework.util.Assert;
 import org.springframework.web.server.ServerWebExchange;
 import org.springframework.web.server.WebSession;
-import reactor.core.publisher.Mono;
-
-import java.net.URI;
-import java.util.Collections;
 
 /**
  * An implementation of {@link ServerRequestCache} that saves the
diff --git a/web/src/main/java/org/springframework/security/web/server/ui/LoginPageGeneratingWebFilter.java b/web/src/main/java/org/springframework/security/web/server/ui/LoginPageGeneratingWebFilter.java
index a20195ecab..82acde159f 100644
--- a/web/src/main/java/org/springframework/security/web/server/ui/LoginPageGeneratingWebFilter.java
+++ b/web/src/main/java/org/springframework/security/web/server/ui/LoginPageGeneratingWebFilter.java
@@ -20,6 +20,8 @@ import java.nio.charset.Charset;
 import java.util.HashMap;
 import java.util.Map;
 
+import reactor.core.publisher.Mono;
+
 import org.springframework.core.io.buffer.DataBuffer;
 import org.springframework.core.io.buffer.DataBufferFactory;
 import org.springframework.http.HttpMethod;
@@ -36,8 +38,6 @@ import org.springframework.web.server.WebFilter;
 import org.springframework.web.server.WebFilterChain;
 import org.springframework.web.util.HtmlUtils;
 
-import reactor.core.publisher.Mono;
-
 /**
  * Generates a default log in page used for authenticating users.
  *
diff --git a/web/src/main/java/org/springframework/security/web/server/ui/LogoutPageGeneratingWebFilter.java b/web/src/main/java/org/springframework/security/web/server/ui/LogoutPageGeneratingWebFilter.java
index 376ba61907..4b51f239aa 100644
--- a/web/src/main/java/org/springframework/security/web/server/ui/LogoutPageGeneratingWebFilter.java
+++ b/web/src/main/java/org/springframework/security/web/server/ui/LogoutPageGeneratingWebFilter.java
@@ -16,6 +16,10 @@
 
 package org.springframework.security.web.server.ui;
 
+import java.nio.charset.Charset;
+
+import reactor.core.publisher.Mono;
+
 import org.springframework.core.io.buffer.DataBuffer;
 import org.springframework.core.io.buffer.DataBufferFactory;
 import org.springframework.http.HttpMethod;
@@ -28,9 +32,6 @@ import org.springframework.security.web.server.util.matcher.ServerWebExchangeMat
 import org.springframework.web.server.ServerWebExchange;
 import org.springframework.web.server.WebFilter;
 import org.springframework.web.server.WebFilterChain;
-import reactor.core.publisher.Mono;
-
-import java.nio.charset.Charset;
 
 /**
  * Generates a default log out page.
diff --git a/web/src/main/java/org/springframework/security/web/server/util/matcher/AndServerWebExchangeMatcher.java b/web/src/main/java/org/springframework/security/web/server/util/matcher/AndServerWebExchangeMatcher.java
index 68cf0fa7d9..49aa7a94b1 100644
--- a/web/src/main/java/org/springframework/security/web/server/util/matcher/AndServerWebExchangeMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/server/util/matcher/AndServerWebExchangeMatcher.java
@@ -15,18 +15,19 @@
  */
 package org.springframework.security.web.server.util.matcher;
 
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.springframework.util.Assert;
-import org.springframework.web.server.ServerWebExchange;
-import reactor.core.publisher.Flux;
-import reactor.core.publisher.Mono;
-
 import java.util.Arrays;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import reactor.core.publisher.Flux;
+import reactor.core.publisher.Mono;
+
+import org.springframework.util.Assert;
+import org.springframework.web.server.ServerWebExchange;
+
 /**
  * Matches if all the provided {@link ServerWebExchangeMatcher} match
  *
diff --git a/web/src/main/java/org/springframework/security/web/server/util/matcher/MediaTypeServerWebExchangeMatcher.java b/web/src/main/java/org/springframework/security/web/server/util/matcher/MediaTypeServerWebExchangeMatcher.java
index 8acdddf6eb..445c5d3b40 100644
--- a/web/src/main/java/org/springframework/security/web/server/util/matcher/MediaTypeServerWebExchangeMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/server/util/matcher/MediaTypeServerWebExchangeMatcher.java
@@ -24,9 +24,9 @@ import java.util.Set;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
-import org.springframework.http.InvalidMediaTypeException;
 import reactor.core.publisher.Mono;
 
+import org.springframework.http.InvalidMediaTypeException;
 import org.springframework.http.MediaType;
 import org.springframework.util.Assert;
 import org.springframework.web.accept.ContentNegotiationStrategy;
diff --git a/web/src/main/java/org/springframework/security/web/server/util/matcher/NegatedServerWebExchangeMatcher.java b/web/src/main/java/org/springframework/security/web/server/util/matcher/NegatedServerWebExchangeMatcher.java
index 4ed17c2a40..e5bc6dedf6 100644
--- a/web/src/main/java/org/springframework/security/web/server/util/matcher/NegatedServerWebExchangeMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/server/util/matcher/NegatedServerWebExchangeMatcher.java
@@ -17,9 +17,10 @@ package org.springframework.security.web.server.util.matcher;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import reactor.core.publisher.Mono;
+
 import org.springframework.util.Assert;
 import org.springframework.web.server.ServerWebExchange;
-import reactor.core.publisher.Mono;
 
 /**
  * Negates the provided matcher. If the provided matcher returns true, then the result
diff --git a/web/src/main/java/org/springframework/security/web/server/util/matcher/OrServerWebExchangeMatcher.java b/web/src/main/java/org/springframework/security/web/server/util/matcher/OrServerWebExchangeMatcher.java
index 3ecaf5106b..d253ea26eb 100644
--- a/web/src/main/java/org/springframework/security/web/server/util/matcher/OrServerWebExchangeMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/server/util/matcher/OrServerWebExchangeMatcher.java
@@ -20,11 +20,12 @@ import java.util.List;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
-import org.springframework.util.Assert;
-import org.springframework.web.server.ServerWebExchange;
 import reactor.core.publisher.Flux;
 import reactor.core.publisher.Mono;
 
+import org.springframework.util.Assert;
+import org.springframework.web.server.ServerWebExchange;
+
 /**
  * Matches if any of the provided {@link ServerWebExchangeMatcher} match
  *
diff --git a/web/src/main/java/org/springframework/security/web/server/util/matcher/PathPatternParserServerWebExchangeMatcher.java b/web/src/main/java/org/springframework/security/web/server/util/matcher/PathPatternParserServerWebExchangeMatcher.java
index a4aedc8465..0b3c8ff476 100644
--- a/web/src/main/java/org/springframework/security/web/server/util/matcher/PathPatternParserServerWebExchangeMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/server/util/matcher/PathPatternParserServerWebExchangeMatcher.java
@@ -15,8 +15,13 @@
  */
 package org.springframework.security.web.server.util.matcher;
 
+import java.util.HashMap;
+import java.util.Map;
+
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import reactor.core.publisher.Mono;
+
 import org.springframework.http.HttpMethod;
 import org.springframework.http.server.PathContainer;
 import org.springframework.http.server.reactive.ServerHttpRequest;
@@ -24,10 +29,6 @@ import org.springframework.util.Assert;
 import org.springframework.web.server.ServerWebExchange;
 import org.springframework.web.util.pattern.PathPattern;
 import org.springframework.web.util.pattern.PathPatternParser;
-import reactor.core.publisher.Mono;
-
-import java.util.HashMap;
-import java.util.Map;
 
 /**
  * Matches if the {@link PathPattern} matches the path within the application.
diff --git a/web/src/main/java/org/springframework/security/web/server/util/matcher/ServerWebExchangeMatcher.java b/web/src/main/java/org/springframework/security/web/server/util/matcher/ServerWebExchangeMatcher.java
index 59d6c08018..fa30e9605e 100644
--- a/web/src/main/java/org/springframework/security/web/server/util/matcher/ServerWebExchangeMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/server/util/matcher/ServerWebExchangeMatcher.java
@@ -18,9 +18,10 @@ package org.springframework.security.web.server.util.matcher;
 import java.util.Collections;
 import java.util.Map;
 
-import org.springframework.web.server.ServerWebExchange;
 import reactor.core.publisher.Mono;
 
+import org.springframework.web.server.ServerWebExchange;
+
 /**
  * An interface for determining if a {@link ServerWebExchangeMatcher} matches.
  *
diff --git a/web/src/main/java/org/springframework/security/web/server/util/matcher/ServerWebExchangeMatchers.java b/web/src/main/java/org/springframework/security/web/server/util/matcher/ServerWebExchangeMatchers.java
index b4e105837a..eccab0ab2d 100644
--- a/web/src/main/java/org/springframework/security/web/server/util/matcher/ServerWebExchangeMatchers.java
+++ b/web/src/main/java/org/springframework/security/web/server/util/matcher/ServerWebExchangeMatchers.java
@@ -15,13 +15,14 @@
  */
 package org.springframework.security.web.server.util.matcher;
 
-import org.springframework.http.HttpMethod;
-import org.springframework.web.server.ServerWebExchange;
-import reactor.core.publisher.Mono;
-
 import java.util.ArrayList;
 import java.util.List;
 
+import reactor.core.publisher.Mono;
+
+import org.springframework.http.HttpMethod;
+import org.springframework.web.server.ServerWebExchange;
+
 /**
  * Provides factory methods for creating common {@link ServerWebExchangeMatcher}
  *
diff --git a/web/src/main/java/org/springframework/security/web/session/ConcurrentSessionFilter.java b/web/src/main/java/org/springframework/security/web/session/ConcurrentSessionFilter.java
index cbd5404ec4..3af59ac8ac 100644
--- a/web/src/main/java/org/springframework/security/web/session/ConcurrentSessionFilter.java
+++ b/web/src/main/java/org/springframework/security/web/session/ConcurrentSessionFilter.java
@@ -17,8 +17,8 @@
 package org.springframework.security.web.session;
 
 import java.io.IOException;
-
 import java.util.List;
+
 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
diff --git a/web/src/main/java/org/springframework/security/web/session/HttpSessionDestroyedEvent.java b/web/src/main/java/org/springframework/security/web/session/HttpSessionDestroyedEvent.java
index 6d14edc90a..7cce0db2b4 100644
--- a/web/src/main/java/org/springframework/security/web/session/HttpSessionDestroyedEvent.java
+++ b/web/src/main/java/org/springframework/security/web/session/HttpSessionDestroyedEvent.java
@@ -16,13 +16,15 @@
 
 package org.springframework.security.web.session;
 
+import java.util.ArrayList;
+import java.util.Enumeration;
+import java.util.List;
+
 import javax.servlet.http.HttpSession;
 
 import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.core.session.SessionDestroyedEvent;
 
-import java.util.*;
-
 /**
  * Published by the {@link HttpSessionEventPublisher} when a HttpSession is removed from
  * the container
diff --git a/web/src/main/java/org/springframework/security/web/session/HttpSessionEventPublisher.java b/web/src/main/java/org/springframework/security/web/session/HttpSessionEventPublisher.java
index 90e4ec18d3..3ed1eb44f7 100644
--- a/web/src/main/java/org/springframework/security/web/session/HttpSessionEventPublisher.java
+++ b/web/src/main/java/org/springframework/security/web/session/HttpSessionEventPublisher.java
@@ -16,17 +16,17 @@
 
 package org.springframework.security.web.session;
 
+import javax.servlet.ServletContext;
+import javax.servlet.http.HttpSessionEvent;
+import javax.servlet.http.HttpSessionIdListener;
+import javax.servlet.http.HttpSessionListener;
+
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
 import org.springframework.context.ApplicationContext;
 import org.springframework.security.web.context.support.SecurityWebApplicationContextUtils;
 
-import javax.servlet.ServletContext;
-import javax.servlet.http.HttpSessionEvent;
-import javax.servlet.http.HttpSessionIdListener;
-import javax.servlet.http.HttpSessionListener;
-
 /**
  * Declared in web.xml as
  *
diff --git a/web/src/main/java/org/springframework/security/web/session/HttpSessionIdChangedEvent.java b/web/src/main/java/org/springframework/security/web/session/HttpSessionIdChangedEvent.java
index 248a67c4de..99ca160e16 100644
--- a/web/src/main/java/org/springframework/security/web/session/HttpSessionIdChangedEvent.java
+++ b/web/src/main/java/org/springframework/security/web/session/HttpSessionIdChangedEvent.java
@@ -16,10 +16,10 @@
 
 package org.springframework.security.web.session;
 
-import org.springframework.security.core.session.SessionIdChangedEvent;
-
 import javax.servlet.http.HttpSession;
 
+import org.springframework.security.core.session.SessionIdChangedEvent;
+
 /**
  * Published by the {@link HttpSessionEventPublisher} when an {@link HttpSession} ID is
  * changed.
diff --git a/web/src/main/java/org/springframework/security/web/session/InvalidSessionStrategy.java b/web/src/main/java/org/springframework/security/web/session/InvalidSessionStrategy.java
index e77390b2f2..ba320fc043 100644
--- a/web/src/main/java/org/springframework/security/web/session/InvalidSessionStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/session/InvalidSessionStrategy.java
@@ -16,6 +16,7 @@
 package org.springframework.security.web.session;
 
 import java.io.IOException;
+
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
diff --git a/web/src/main/java/org/springframework/security/web/session/SessionInformationExpiredStrategy.java b/web/src/main/java/org/springframework/security/web/session/SessionInformationExpiredStrategy.java
index 12325ed409..fec0ad9af8 100644
--- a/web/src/main/java/org/springframework/security/web/session/SessionInformationExpiredStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/session/SessionInformationExpiredStrategy.java
@@ -16,6 +16,7 @@
 package org.springframework.security.web.session;
 
 import java.io.IOException;
+
 import javax.servlet.ServletException;
 
 /**
diff --git a/web/src/main/java/org/springframework/security/web/session/SimpleRedirectInvalidSessionStrategy.java b/web/src/main/java/org/springframework/security/web/session/SimpleRedirectInvalidSessionStrategy.java
index e0a40e6e29..4de98a70f3 100644
--- a/web/src/main/java/org/springframework/security/web/session/SimpleRedirectInvalidSessionStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/session/SimpleRedirectInvalidSessionStrategy.java
@@ -15,17 +15,19 @@
  */
 package org.springframework.security.web.session;
 
+import java.io.IOException;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+
 import org.springframework.security.web.DefaultRedirectStrategy;
 import org.springframework.security.web.RedirectStrategy;
 import org.springframework.security.web.util.UrlUtils;
 import org.springframework.util.Assert;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-
 /**
  * Performs a redirect to a fixed URL when an invalid requested session is detected by the
  * {@code SessionManagementFilter}.
diff --git a/web/src/main/java/org/springframework/security/web/util/matcher/AndRequestMatcher.java b/web/src/main/java/org/springframework/security/web/util/matcher/AndRequestMatcher.java
index 6f7630f6e4..01f081e257 100644
--- a/web/src/main/java/org/springframework/security/web/util/matcher/AndRequestMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/util/matcher/AndRequestMatcher.java
@@ -22,7 +22,7 @@ import javax.servlet.http.HttpServletRequest;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
-import org.springframework.security.web.util.matcher.RequestMatcher;
+
 import org.springframework.util.Assert;
 
 /**
diff --git a/web/src/main/java/org/springframework/security/web/util/matcher/AnyRequestMatcher.java b/web/src/main/java/org/springframework/security/web/util/matcher/AnyRequestMatcher.java
index 34d74eb435..4ba8b5217c 100644
--- a/web/src/main/java/org/springframework/security/web/util/matcher/AnyRequestMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/util/matcher/AnyRequestMatcher.java
@@ -17,8 +17,6 @@ package org.springframework.security.web.util.matcher;
 
 import javax.servlet.http.HttpServletRequest;
 
-import org.springframework.security.web.util.matcher.RequestMatcher;
-
 /**
  * Matches any supplied request.
  *
diff --git a/web/src/main/java/org/springframework/security/web/util/matcher/ELRequestMatcher.java b/web/src/main/java/org/springframework/security/web/util/matcher/ELRequestMatcher.java
index ae90043132..c591028d36 100644
--- a/web/src/main/java/org/springframework/security/web/util/matcher/ELRequestMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/util/matcher/ELRequestMatcher.java
@@ -23,7 +23,6 @@ import org.springframework.expression.Expression;
 import org.springframework.expression.spel.standard.SpelExpressionParser;
 import org.springframework.expression.spel.support.StandardEvaluationContext;
 import org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint;
-import org.springframework.security.web.util.matcher.RequestMatcher;
 
 /**
  * A RequestMatcher implementation which uses a SpEL expression
diff --git a/web/src/main/java/org/springframework/security/web/util/matcher/IpAddressMatcher.java b/web/src/main/java/org/springframework/security/web/util/matcher/IpAddressMatcher.java
index b0cf2fa3ee..52cb321e3d 100644
--- a/web/src/main/java/org/springframework/security/web/util/matcher/IpAddressMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/util/matcher/IpAddressMatcher.java
@@ -20,9 +20,8 @@ import java.net.UnknownHostException;
 
 import javax.servlet.http.HttpServletRequest;
 
-import org.springframework.security.web.util.matcher.RequestMatcher;
-import org.springframework.util.StringUtils;
 import org.springframework.util.Assert;
+import org.springframework.util.StringUtils;
 
 /**
  * Matches a request based on IP Address or subnet mask matching against the remote
diff --git a/web/src/main/java/org/springframework/security/web/util/matcher/NegatedRequestMatcher.java b/web/src/main/java/org/springframework/security/web/util/matcher/NegatedRequestMatcher.java
index 474d0ed500..430c652355 100644
--- a/web/src/main/java/org/springframework/security/web/util/matcher/NegatedRequestMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/util/matcher/NegatedRequestMatcher.java
@@ -19,7 +19,7 @@ import javax.servlet.http.HttpServletRequest;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
-import org.springframework.security.web.util.matcher.RequestMatcher;
+
 import org.springframework.util.Assert;
 
 /**
diff --git a/web/src/main/java/org/springframework/security/web/util/matcher/OrRequestMatcher.java b/web/src/main/java/org/springframework/security/web/util/matcher/OrRequestMatcher.java
index 5760df1370..da03cda07e 100644
--- a/web/src/main/java/org/springframework/security/web/util/matcher/OrRequestMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/util/matcher/OrRequestMatcher.java
@@ -22,7 +22,7 @@ import javax.servlet.http.HttpServletRequest;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
-import org.springframework.security.web.util.matcher.RequestMatcher;
+
 import org.springframework.util.Assert;
 
 /**
diff --git a/web/src/main/java/org/springframework/security/web/util/matcher/RegexRequestMatcher.java b/web/src/main/java/org/springframework/security/web/util/matcher/RegexRequestMatcher.java
index e0caf843ee..56b4b79d49 100644
--- a/web/src/main/java/org/springframework/security/web/util/matcher/RegexRequestMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/util/matcher/RegexRequestMatcher.java
@@ -21,8 +21,8 @@ import javax.servlet.http.HttpServletRequest;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+
 import org.springframework.http.HttpMethod;
-import org.springframework.security.web.util.matcher.RequestMatcher;
 import org.springframework.util.StringUtils;
 
 /**
diff --git a/web/src/main/java/org/springframework/security/web/util/matcher/RequestHeaderRequestMatcher.java b/web/src/main/java/org/springframework/security/web/util/matcher/RequestHeaderRequestMatcher.java
index f5c9191d10..274c9e01ba 100644
--- a/web/src/main/java/org/springframework/security/web/util/matcher/RequestHeaderRequestMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/util/matcher/RequestHeaderRequestMatcher.java
@@ -17,7 +17,6 @@ package org.springframework.security.web.util.matcher;
 
 import javax.servlet.http.HttpServletRequest;
 
-import org.springframework.security.web.util.matcher.RequestMatcher;
 import org.springframework.util.Assert;
 
 /**
diff --git a/web/src/test/java/org/springframework/security/MockPortResolver.java b/web/src/test/java/org/springframework/security/MockPortResolver.java
index b06d4af07c..245de791ec 100644
--- a/web/src/test/java/org/springframework/security/MockPortResolver.java
+++ b/web/src/test/java/org/springframework/security/MockPortResolver.java
@@ -16,10 +16,10 @@
 
 package org.springframework.security;
 
-import org.springframework.security.web.PortResolver;
-
 import javax.servlet.ServletRequest;
 
+import org.springframework.security.web.PortResolver;
+
 /**
  * Always returns the constructor-specified HTTP and HTTPS ports.
  *
diff --git a/web/src/test/java/org/springframework/security/test/web/reactive/server/WebTestHandler.java b/web/src/test/java/org/springframework/security/test/web/reactive/server/WebTestHandler.java
index 063ebdf591..a92872d685 100644
--- a/web/src/test/java/org/springframework/security/test/web/reactive/server/WebTestHandler.java
+++ b/web/src/test/java/org/springframework/security/test/web/reactive/server/WebTestHandler.java
@@ -15,6 +15,10 @@
  */
 package org.springframework.security.test.web.reactive.server;
 
+import java.util.Arrays;
+
+import reactor.core.publisher.Mono;
+
 import org.springframework.mock.http.server.reactive.MockServerHttpRequest.BaseBuilder;
 import org.springframework.mock.web.server.MockServerWebExchange;
 import org.springframework.web.server.ServerWebExchange;
@@ -22,10 +26,6 @@ import org.springframework.web.server.WebFilter;
 import org.springframework.web.server.WebHandler;
 import org.springframework.web.server.handler.FilteringWebHandler;
 
-import reactor.core.publisher.Mono;
-
-import java.util.Arrays;
-
 /**
  * @author Rob Winch
  * @since 5.0
diff --git a/web/src/test/java/org/springframework/security/web/DefaultRedirectStrategyTests.java b/web/src/test/java/org/springframework/security/web/DefaultRedirectStrategyTests.java
index 4aa6916719..685f0ee901 100644
--- a/web/src/test/java/org/springframework/security/web/DefaultRedirectStrategyTests.java
+++ b/web/src/test/java/org/springframework/security/web/DefaultRedirectStrategyTests.java
@@ -15,12 +15,13 @@
  */
 package org.springframework.security.web;
 
-import static org.assertj.core.api.Assertions.*;
-
 import org.junit.Test;
+
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 /**
  * @author Luke Taylor
  * @since 3.0
diff --git a/web/src/test/java/org/springframework/security/web/FilterChainProxyTests.java b/web/src/test/java/org/springframework/security/web/FilterChainProxyTests.java
index 1c407abc95..5bf0ccab8c 100644
--- a/web/src/test/java/org/springframework/security/web/FilterChainProxyTests.java
+++ b/web/src/test/java/org/springframework/security/web/FilterChainProxyTests.java
@@ -15,13 +15,22 @@
  */
 package org.springframework.security.web;
 
-import static org.assertj.core.api.Assertions.*;
-import static org.mockito.Mockito.*;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
+
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletRequestWrapper;
+import javax.servlet.http.HttpServletResponse;
 
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
 import org.mockito.stubbing.Answer;
+
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.security.authentication.TestingAuthenticationToken;
@@ -32,13 +41,15 @@ import org.springframework.security.web.firewall.RequestRejectedException;
 import org.springframework.security.web.firewall.RequestRejectedHandler;
 import org.springframework.security.web.util.matcher.RequestMatcher;
 
-import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletRequestWrapper;
-import javax.servlet.http.HttpServletResponse;
-import java.util.*;
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.fail;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.Mockito.doAnswer;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.verifyZeroInteractions;
+import static org.mockito.Mockito.when;
 
 /**
  * @author Luke Taylor
diff --git a/web/src/test/java/org/springframework/security/web/FilterInvocationTests.java b/web/src/test/java/org/springframework/security/web/FilterInvocationTests.java
index a17c05cbfc..1a01b9ddf6 100644
--- a/web/src/test/java/org/springframework/security/web/FilterInvocationTests.java
+++ b/web/src/test/java/org/springframework/security/web/FilterInvocationTests.java
@@ -16,19 +16,19 @@
 
 package org.springframework.security.web;
 
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.Mockito.mock;
-
 import javax.servlet.FilterChain;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import org.junit.Test;
+
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
-import org.springframework.security.web.FilterInvocation;
 import org.springframework.security.web.util.UrlUtils;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.Mockito.mock;
+
 /**
  * Tests {@link FilterInvocation}.
  *
diff --git a/web/src/test/java/org/springframework/security/web/PortMapperImplTests.java b/web/src/test/java/org/springframework/security/web/PortMapperImplTests.java
index 1c4a6db3c7..326a889de8 100644
--- a/web/src/test/java/org/springframework/security/web/PortMapperImplTests.java
+++ b/web/src/test/java/org/springframework/security/web/PortMapperImplTests.java
@@ -16,14 +16,14 @@
 
 package org.springframework.security.web;
 
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.fail;
-
 import java.util.HashMap;
 import java.util.Map;
 
 import org.junit.Test;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.fail;
+
 /**
  * Tests {@link PortMapperImpl}.
  *
diff --git a/web/src/test/java/org/springframework/security/web/PortResolverImplTests.java b/web/src/test/java/org/springframework/security/web/PortResolverImplTests.java
index 7a8f1f16ec..80240082a7 100644
--- a/web/src/test/java/org/springframework/security/web/PortResolverImplTests.java
+++ b/web/src/test/java/org/springframework/security/web/PortResolverImplTests.java
@@ -16,12 +16,13 @@
 
 package org.springframework.security.web;
 
+import org.junit.Test;
+
+import org.springframework.mock.web.MockHttpServletRequest;
+
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.fail;
 
-import org.junit.Test;
-import org.springframework.mock.web.MockHttpServletRequest;
-
 /**
  * Tests {@link PortResolverImpl}.
  *
diff --git a/web/src/test/java/org/springframework/security/web/access/DefaultWebInvocationPrivilegeEvaluatorTests.java b/web/src/test/java/org/springframework/security/web/access/DefaultWebInvocationPrivilegeEvaluatorTests.java
index 8337dc2cf1..2f2a52b20f 100644
--- a/web/src/test/java/org/springframework/security/web/access/DefaultWebInvocationPrivilegeEvaluatorTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/DefaultWebInvocationPrivilegeEvaluatorTests.java
@@ -16,11 +16,9 @@
 
 package org.springframework.security.web.access;
 
-import static org.assertj.core.api.Assertions.*;
-import static org.mockito.Mockito.*;
-
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.context.ApplicationEventPublisher;
 import org.springframework.security.access.AccessDecisionManager;
 import org.springframework.security.access.AccessDeniedException;
@@ -32,6 +30,14 @@ import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
 import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.anyList;
+import static org.mockito.ArgumentMatchers.anyObject;
+import static org.mockito.Mockito.doThrow;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
 /**
  * Tests
  * {@link org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator}.
diff --git a/web/src/test/java/org/springframework/security/web/access/DelegatingAccessDeniedHandlerTests.java b/web/src/test/java/org/springframework/security/web/access/DelegatingAccessDeniedHandlerTests.java
index b558a3727f..ae3af51c4b 100644
--- a/web/src/test/java/org/springframework/security/web/access/DelegatingAccessDeniedHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/DelegatingAccessDeniedHandlerTests.java
@@ -15,10 +15,6 @@
  */
 package org.springframework.security.web.access;
 
-import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.Mockito.never;
-import static org.mockito.Mockito.verify;
-
 import java.util.LinkedHashMap;
 
 import javax.servlet.http.HttpServletRequest;
@@ -29,11 +25,16 @@ import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
+
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.web.csrf.CsrfException;
 import org.springframework.security.web.csrf.InvalidCsrfTokenException;
 import org.springframework.security.web.csrf.MissingCsrfTokenException;
 
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.never;
+import static org.mockito.Mockito.verify;
+
 @RunWith(MockitoJUnitRunner.class)
 public class DelegatingAccessDeniedHandlerTests {
 
diff --git a/web/src/test/java/org/springframework/security/web/access/ExceptionTranslationFilterTests.java b/web/src/test/java/org/springframework/security/web/access/ExceptionTranslationFilterTests.java
index ebff713f6b..10ff2b8a23 100644
--- a/web/src/test/java/org/springframework/security/web/access/ExceptionTranslationFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/ExceptionTranslationFilterTests.java
@@ -15,14 +15,6 @@
  */
 package org.springframework.security.web.access;
 
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
-import static org.assertj.core.api.Assertions.fail;
-import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.Mockito.doThrow;
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.verifyZeroInteractions;
-
 import java.io.IOException;
 import java.util.Locale;
 
@@ -35,6 +27,7 @@ import javax.servlet.http.HttpSession;
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.context.i18n.LocaleContextHolder;
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
@@ -52,6 +45,14 @@ import org.springframework.security.web.WebAttributes;
 import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
 import org.springframework.security.web.savedrequest.SavedRequest;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.fail;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.doThrow;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verifyZeroInteractions;
+
 /**
  * Tests {@link ExceptionTranslationFilter}.
  *
diff --git a/web/src/test/java/org/springframework/security/web/access/RequestMatcherDelegatingAccessDeniedHandlerTests.java b/web/src/test/java/org/springframework/security/web/access/RequestMatcherDelegatingAccessDeniedHandlerTests.java
index a81a8f189a..add9ce044f 100644
--- a/web/src/test/java/org/springframework/security/web/access/RequestMatcherDelegatingAccessDeniedHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/RequestMatcherDelegatingAccessDeniedHandlerTests.java
@@ -17,6 +17,7 @@
 package org.springframework.security.web.access;
 
 import java.util.LinkedHashMap;
+
 import javax.servlet.http.HttpServletRequest;
 
 import org.junit.Before;
diff --git a/web/src/test/java/org/springframework/security/web/access/channel/ChannelProcessingFilterTests.java b/web/src/test/java/org/springframework/security/web/access/channel/ChannelProcessingFilterTests.java
index db85f0540a..64464a451a 100644
--- a/web/src/test/java/org/springframework/security/web/access/channel/ChannelProcessingFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/channel/ChannelProcessingFilterTests.java
@@ -16,15 +16,13 @@
 
 package org.springframework.security.web.access.channel;
 
-import static org.assertj.core.api.Assertions.*;
-import static org.mockito.Mockito.mock;
-
 import java.io.IOException;
 import java.util.Collection;
 
 import javax.servlet.FilterChain;
 
 import org.junit.Test;
+
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.security.access.ConfigAttribute;
@@ -32,6 +30,9 @@ import org.springframework.security.access.SecurityConfig;
 import org.springframework.security.web.FilterInvocation;
 import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.Mockito.mock;
+
 /**
  * Tests {@link ChannelProcessingFilter}.
  *
diff --git a/web/src/test/java/org/springframework/security/web/access/channel/RetryWithHttpsEntryPointTests.java b/web/src/test/java/org/springframework/security/web/access/channel/RetryWithHttpsEntryPointTests.java
index f41efbcabc..3fdf255079 100644
--- a/web/src/test/java/org/springframework/security/web/access/channel/RetryWithHttpsEntryPointTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/channel/RetryWithHttpsEntryPointTests.java
@@ -16,19 +16,19 @@
 
 package org.springframework.security.web.access.channel;
 
-import static org.assertj.core.api.Assertions.*;
-
-import org.springframework.security.MockPortResolver;
-
-import org.springframework.security.web.PortMapperImpl;
-import org.springframework.security.web.access.channel.RetryWithHttpsEntryPoint;
-import org.junit.Test;
-import org.springframework.mock.web.MockHttpServletRequest;
-import org.springframework.mock.web.MockHttpServletResponse;
-
 import java.util.HashMap;
 import java.util.Map;
 
+import org.junit.Test;
+
+import org.springframework.mock.web.MockHttpServletRequest;
+import org.springframework.mock.web.MockHttpServletResponse;
+import org.springframework.security.MockPortResolver;
+import org.springframework.security.web.PortMapperImpl;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.fail;
+
 /**
  * Tests {@link RetryWithHttpsEntryPoint}.
  *
diff --git a/web/src/test/java/org/springframework/security/web/access/channel/SecureChannelProcessorTests.java b/web/src/test/java/org/springframework/security/web/access/channel/SecureChannelProcessorTests.java
index ed32daf7a2..9c472da817 100644
--- a/web/src/test/java/org/springframework/security/web/access/channel/SecureChannelProcessorTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/channel/SecureChannelProcessorTests.java
@@ -16,17 +16,18 @@
 
 package org.springframework.security.web.access.channel;
 
-import static org.mockito.Mockito.mock;
-import static org.assertj.core.api.Assertions.*;
-
 import javax.servlet.FilterChain;
 
 import org.junit.Test;
+
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.security.access.SecurityConfig;
 import org.springframework.security.web.FilterInvocation;
-import org.springframework.security.web.access.channel.SecureChannelProcessor;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.fail;
+import static org.mockito.Mockito.mock;
 
 /**
  * Tests {@link SecureChannelProcessor}.
diff --git a/web/src/test/java/org/springframework/security/web/access/expression/ExpressionBasedFilterInvocationSecurityMetadataSourceTests.java b/web/src/test/java/org/springframework/security/web/access/expression/ExpressionBasedFilterInvocationSecurityMetadataSourceTests.java
index 0fa33ad0f1..ca426b3a29 100644
--- a/web/src/test/java/org/springframework/security/web/access/expression/ExpressionBasedFilterInvocationSecurityMetadataSourceTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/expression/ExpressionBasedFilterInvocationSecurityMetadataSourceTests.java
@@ -15,17 +15,18 @@
  */
 package org.springframework.security.web.access.expression;
 
-import static org.assertj.core.api.Assertions.*;
+import java.util.Collection;
+import java.util.LinkedHashMap;
 
 import org.junit.Test;
+
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.access.SecurityConfig;
 import org.springframework.security.web.FilterInvocation;
 import org.springframework.security.web.util.matcher.AnyRequestMatcher;
 import org.springframework.security.web.util.matcher.RequestMatcher;
 
-import java.util.Collection;
-import java.util.LinkedHashMap;
+import static org.assertj.core.api.Assertions.assertThat;
 
 /**
  * @author Luke Taylor
diff --git a/web/src/test/java/org/springframework/security/web/access/expression/WebExpressionVoterTests.java b/web/src/test/java/org/springframework/security/web/access/expression/WebExpressionVoterTests.java
index ea5da3a507..b2da9ea7e3 100644
--- a/web/src/test/java/org/springframework/security/web/access/expression/WebExpressionVoterTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/expression/WebExpressionVoterTests.java
@@ -15,11 +15,6 @@
  */
 package org.springframework.security.web.access.expression;
 
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
-
 import java.util.ArrayList;
 
 import javax.servlet.FilterChain;
@@ -28,6 +23,7 @@ import javax.servlet.ServletResponse;
 
 import org.aopalliance.intercept.MethodInvocation;
 import org.junit.Test;
+
 import org.springframework.expression.EvaluationContext;
 import org.springframework.expression.Expression;
 import org.springframework.security.access.AccessDecisionVoter;
@@ -37,6 +33,11 @@ import org.springframework.security.authentication.TestingAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.web.FilterInvocation;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
 /**
  * @author Luke Taylor
  */
diff --git a/web/src/test/java/org/springframework/security/web/access/expression/WebSecurityExpressionRootTests.java b/web/src/test/java/org/springframework/security/web/access/expression/WebSecurityExpressionRootTests.java
index 2f781b81ea..f10ad0d18a 100644
--- a/web/src/test/java/org/springframework/security/web/access/expression/WebSecurityExpressionRootTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/expression/WebSecurityExpressionRootTests.java
@@ -15,17 +15,17 @@
  */
 package org.springframework.security.web.access.expression;
 
-import static org.assertj.core.api.Assertions.*;
-import static org.mockito.Mockito.mock;
-
 import javax.servlet.FilterChain;
 import javax.servlet.http.HttpServletResponse;
 
 import org.junit.Test;
+
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.web.FilterInvocation;
-import org.springframework.security.web.access.expression.WebSecurityExpressionRoot;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.Mockito.mock;
 
 /**
  * Tests for {@link WebSecurityExpressionRoot}.
diff --git a/web/src/test/java/org/springframework/security/web/access/intercept/FilterSecurityInterceptorTests.java b/web/src/test/java/org/springframework/security/web/access/intercept/FilterSecurityInterceptorTests.java
index 34d8b79cf4..a9c34ba4bd 100644
--- a/web/src/test/java/org/springframework/security/web/access/intercept/FilterSecurityInterceptorTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/intercept/FilterSecurityInterceptorTests.java
@@ -16,10 +16,14 @@
 
 package org.springframework.security.web.access.intercept;
 
-import static org.assertj.core.api.Assertions.*;
-import static org.mockito.Mockito.*;
+import javax.servlet.FilterChain;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
 
-import org.junit.*;
 import org.springframework.context.ApplicationEventPublisher;
 import org.springframework.mock.web.MockFilterChain;
 import org.springframework.mock.web.MockHttpServletRequest;
@@ -37,9 +41,17 @@ import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.web.FilterInvocation;
 
-import javax.servlet.FilterChain;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.fail;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.anyCollection;
+import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.Mockito.doThrow;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.never;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.verifyZeroInteractions;
+import static org.mockito.Mockito.when;
 
 /**
  * Tests {@link FilterSecurityInterceptor}.
diff --git a/web/src/test/java/org/springframework/security/web/access/intercept/RequestKeyTests.java b/web/src/test/java/org/springframework/security/web/access/intercept/RequestKeyTests.java
index 913527092c..543eb20351 100644
--- a/web/src/test/java/org/springframework/security/web/access/intercept/RequestKeyTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/intercept/RequestKeyTests.java
@@ -19,7 +19,6 @@ import org.junit.Test;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
-import org.springframework.security.web.access.intercept.RequestKey;
 
 /**
  * @author Luke Taylor
diff --git a/web/src/test/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilterTests.java
index f6690cd940..492eda2854 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilterTests.java
@@ -16,14 +16,6 @@
 
 package org.springframework.security.web.authentication;
 
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.fail;
-import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.ArgumentMatchers.anyString;
-import static org.mockito.ArgumentMatchers.eq;
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.verify;
-
 import javax.servlet.FilterChain;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
@@ -35,6 +27,7 @@ import org.apache.commons.logging.Log;
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.mock.web.MockFilterConfig;
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
@@ -54,6 +47,14 @@ import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 import org.springframework.security.web.util.matcher.RequestMatcher;
 import org.springframework.test.util.ReflectionTestUtils;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.fail;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.anyString;
+import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+
 /**
  * Tests {@link AbstractAuthenticationProcessingFilter}.
  *
diff --git a/web/src/test/java/org/springframework/security/web/authentication/DefaultLoginPageGeneratingFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/DefaultLoginPageGeneratingFilterTests.java
index c095377a47..d270d3773a 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/DefaultLoginPageGeneratingFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/DefaultLoginPageGeneratingFilterTests.java
@@ -15,6 +15,15 @@
  */
 package org.springframework.security.web.authentication;
 
+import java.util.Collections;
+import java.util.Locale;
+
+import javax.servlet.FilterChain;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.junit.Test;
+
 import org.springframework.context.support.MessageSourceAccessor;
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
@@ -25,14 +34,6 @@ import org.springframework.security.core.SpringSecurityMessageSource;
 import org.springframework.security.web.WebAttributes;
 import org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter;
 
-import org.junit.Test;
-
-import java.util.Collections;
-import java.util.Locale;
-import javax.servlet.FilterChain;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.Mockito.mock;
 
diff --git a/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPointContextTests.java b/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPointContextTests.java
index 03599a603a..9c80ce2b63 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPointContextTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPointContextTests.java
@@ -15,13 +15,12 @@
  */
 package org.springframework.security.web.authentication;
 
-import static org.mockito.Mockito.*;
-
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import org.junit.Test;
 import org.junit.runner.RunWith;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.mock.web.MockHttpServletRequest;
@@ -31,6 +30,10 @@ import org.springframework.test.annotation.DirtiesContext;
 import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.never;
+import static org.mockito.Mockito.verify;
+
 @RunWith(SpringJUnit4ClassRunner.class)
 @ContextConfiguration(
 		locations = "classpath:org/springframework/security/web/authentication/DelegatingAuthenticationEntryPointTest-context.xml")
diff --git a/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPointTests.java b/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPointTests.java
index 2ce50f24c8..4f97b0e352 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPointTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPointTests.java
@@ -15,18 +15,22 @@
  */
 package org.springframework.security.web.authentication;
 
-import static org.mockito.Mockito.*;
-
 import java.util.LinkedHashMap;
 
 import javax.servlet.http.HttpServletRequest;
 
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.security.web.AuthenticationEntryPoint;
 import org.springframework.security.web.util.matcher.RequestMatcher;
 
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.never;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+
 /**
  * Test class for {@link DelegatingAuthenticationEntryPoint}
  *
diff --git a/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationFailureHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationFailureHandlerTests.java
index 8fce0fd8a2..d4422d8d2a 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationFailureHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationFailureHandlerTests.java
@@ -15,6 +15,11 @@
  */
 package org.springframework.security.web.authentication;
 
+import java.util.LinkedHashMap;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
 import org.junit.Before;
 import org.junit.Rule;
 import org.junit.Test;
@@ -22,16 +27,13 @@ import org.junit.rules.ExpectedException;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
+
 import org.springframework.security.authentication.AccountExpiredException;
 import org.springframework.security.authentication.AccountStatusException;
 import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.authentication.CredentialsExpiredException;
 import org.springframework.security.core.AuthenticationException;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.util.LinkedHashMap;
-
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.verifyZeroInteractions;
 
diff --git a/web/src/test/java/org/springframework/security/web/authentication/ExceptionMappingAuthenticationFailureHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/ExceptionMappingAuthenticationFailureHandlerTests.java
index a322a16b63..40f928ce87 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/ExceptionMappingAuthenticationFailureHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/ExceptionMappingAuthenticationFailureHandlerTests.java
@@ -15,14 +15,15 @@
  */
 package org.springframework.security.web.authentication;
 
-import static org.assertj.core.api.Assertions.assertThat;
+import java.util.HashMap;
 
 import org.junit.Test;
+
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.security.authentication.BadCredentialsException;
 
-import java.util.HashMap;
+import static org.assertj.core.api.Assertions.assertThat;
 
 /**
  * @author Luke Taylor
diff --git a/web/src/test/java/org/springframework/security/web/authentication/ForwardAuthenticaionSuccessHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/ForwardAuthenticaionSuccessHandlerTests.java
index a8985e0bec..fe9c9e434c 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/ForwardAuthenticaionSuccessHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/ForwardAuthenticaionSuccessHandlerTests.java
@@ -16,12 +16,13 @@
 package org.springframework.security.web.authentication;
 
 import org.junit.Test;
+
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.security.core.Authentication;
 
+import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.Mockito.mock;
-import static org.assertj.core.api.Assertions.*;
 
 /**
  * <p>
diff --git a/web/src/test/java/org/springframework/security/web/authentication/ForwardAuthenticationFailureHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/ForwardAuthenticationFailureHandlerTests.java
index 4b0d3f07b8..2f28538b1e 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/ForwardAuthenticationFailureHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/ForwardAuthenticationFailureHandlerTests.java
@@ -16,6 +16,7 @@
 package org.springframework.security.web.authentication;
 
 import org.junit.Test;
+
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.security.core.AuthenticationException;
diff --git a/web/src/test/java/org/springframework/security/web/authentication/HttpStatusEntryPointTests.java b/web/src/test/java/org/springframework/security/web/authentication/HttpStatusEntryPointTests.java
index aa2a9bfd69..46e8b2a17d 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/HttpStatusEntryPointTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/HttpStatusEntryPointTests.java
@@ -15,15 +15,16 @@
  */
 package org.springframework.security.web.authentication;
 
-import static org.assertj.core.api.Assertions.assertThat;
-
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.http.HttpStatus;
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.security.core.AuthenticationException;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 /**
  * @author Rob Winch
  * @since 4.0
diff --git a/web/src/test/java/org/springframework/security/web/authentication/LoginUrlAuthenticationEntryPointTests.java b/web/src/test/java/org/springframework/security/web/authentication/LoginUrlAuthenticationEntryPointTests.java
index 8919062fe8..0754b7803c 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/LoginUrlAuthenticationEntryPointTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/LoginUrlAuthenticationEntryPointTests.java
@@ -16,16 +16,18 @@
 
 package org.springframework.security.web.authentication;
 
-import static org.assertj.core.api.Assertions.*;
-
-import java.util.*;
+import java.util.HashMap;
+import java.util.Map;
 
 import org.junit.Test;
+
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.security.MockPortResolver;
 import org.springframework.security.web.PortMapperImpl;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 /**
  * Tests {@link LoginUrlAuthenticationEntryPoint}.
  *
diff --git a/web/src/test/java/org/springframework/security/web/authentication/SavedRequestAwareAuthenticationSuccessHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/SavedRequestAwareAuthenticationSuccessHandlerTests.java
index 840d142d8d..d836bc701b 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/SavedRequestAwareAuthenticationSuccessHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/SavedRequestAwareAuthenticationSuccessHandlerTests.java
@@ -15,10 +15,8 @@
  */
 package org.springframework.security.web.authentication;
 
-import static org.assertj.core.api.Assertions.fail;
-import static org.mockito.Mockito.*;
-
 import org.junit.Test;
+
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.security.core.Authentication;
@@ -26,6 +24,11 @@ import org.springframework.security.web.RedirectStrategy;
 import org.springframework.security.web.savedrequest.RequestCache;
 import org.springframework.security.web.savedrequest.SavedRequest;
 
+import static org.assertj.core.api.Assertions.fail;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+
 public class SavedRequestAwareAuthenticationSuccessHandlerTests {
 
 	@Test
diff --git a/web/src/test/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationFailureHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationFailureHandlerTests.java
index b68bdc7234..1df1153e29 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationFailureHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationFailureHandlerTests.java
@@ -15,16 +15,17 @@
  */
 package org.springframework.security.web.authentication;
 
-import static org.assertj.core.api.Assertions.*;
-import static org.mockito.Mockito.mock;
-
 import org.junit.Test;
+
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.web.RedirectStrategy;
 import org.springframework.security.web.WebAttributes;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.Mockito.mock;
+
 /**
  * @author Luke Taylor
  */
diff --git a/web/src/test/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationSuccessHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationSuccessHandlerTests.java
index 332c063fc9..a7cbac033a 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationSuccessHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationSuccessHandlerTests.java
@@ -15,14 +15,16 @@
  */
 package org.springframework.security.web.authentication;
 
-import static org.assertj.core.api.Assertions.*;
-import static org.mockito.Mockito.*;
-
 import org.junit.Test;
+
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.security.core.Authentication;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.fail;
+import static org.mockito.Mockito.mock;
+
 /**
  * @author Luke Taylor
  */
diff --git a/web/src/test/java/org/springframework/security/web/authentication/UsernamePasswordAuthenticationFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/UsernamePasswordAuthenticationFilterTests.java
index 84b3986697..f1417f9121 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/UsernamePasswordAuthenticationFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/UsernamePasswordAuthenticationFilterTests.java
@@ -16,11 +16,9 @@
 
 package org.springframework.security.web.authentication;
 
-import static org.mockito.Mockito.*;
-import static org.assertj.core.api.Assertions.*;
-
 import org.junit.Test;
 import org.mockito.stubbing.Answer;
+
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.security.authentication.AuthenticationManager;
@@ -28,6 +26,12 @@ import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.fail;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
 /**
  * Tests {@link UsernamePasswordAuthenticationFilter}.
  *
diff --git a/web/src/test/java/org/springframework/security/web/authentication/logout/CookieClearingLogoutHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/logout/CookieClearingLogoutHandlerTests.java
index b5192159d6..d1887b01c2 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/logout/CookieClearingLogoutHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/logout/CookieClearingLogoutHandlerTests.java
@@ -15,16 +15,17 @@
  */
 package org.springframework.security.web.authentication.logout;
 
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.Mockito.mock;
-
 import javax.servlet.http.Cookie;
 
 import org.junit.Test;
+
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.security.core.Authentication;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.Mockito.mock;
+
 /**
  * @author Luke Taylor
  * @author Onur Kagan Ozcan
diff --git a/web/src/test/java/org/springframework/security/web/authentication/logout/ForwardLogoutSuccessHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/logout/ForwardLogoutSuccessHandlerTests.java
index 212c5e880e..d4a95a3b71 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/logout/ForwardLogoutSuccessHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/logout/ForwardLogoutSuccessHandlerTests.java
@@ -19,6 +19,7 @@ package org.springframework.security.web.authentication.logout;
 import org.junit.Rule;
 import org.junit.Test;
 import org.junit.rules.ExpectedException;
+
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.security.core.Authentication;
diff --git a/web/src/test/java/org/springframework/security/web/authentication/logout/LogoutHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/logout/LogoutHandlerTests.java
index 675d301d5d..4b575ccfe8 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/logout/LogoutHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/logout/LogoutHandlerTests.java
@@ -15,16 +15,15 @@
  */
 package org.springframework.security.web.authentication.logout;
 
-import static org.assertj.core.api.Assertions.*;
-
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
-import org.springframework.security.web.authentication.logout.LogoutFilter;
-import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
 import org.springframework.security.web.firewall.DefaultHttpFirewall;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 /**
  * @author Luke Taylor
  */
diff --git a/web/src/test/java/org/springframework/security/web/authentication/logout/LogoutSuccessEventPublishingLogoutHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/logout/LogoutSuccessEventPublishingLogoutHandlerTests.java
index 2ef3c9d1ab..8e5f5f20ac 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/logout/LogoutSuccessEventPublishingLogoutHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/logout/LogoutSuccessEventPublishingLogoutHandlerTests.java
@@ -17,6 +17,7 @@
 package org.springframework.security.web.authentication.logout;
 
 import org.junit.Test;
+
 import org.springframework.context.ApplicationEventPublisher;
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
diff --git a/web/src/test/java/org/springframework/security/web/authentication/logout/SecurityContextLogoutHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/logout/SecurityContextLogoutHandlerTests.java
index f6159c14d1..9bd5e9dbb5 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/logout/SecurityContextLogoutHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/logout/SecurityContextLogoutHandlerTests.java
@@ -15,11 +15,10 @@
  */
 package org.springframework.security.web.authentication.logout;
 
-import static org.assertj.core.api.Assertions.*;
-
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.security.authentication.TestingAuthenticationToken;
@@ -28,6 +27,8 @@ import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.core.context.SecurityContextHolder;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 /**
  * @author Rob Winch
  *
diff --git a/web/src/test/java/org/springframework/security/web/authentication/logout/SimpleUrlLogoutSuccessHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/logout/SimpleUrlLogoutSuccessHandlerTests.java
index dddf75f4e4..50f43d1926 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/logout/SimpleUrlLogoutSuccessHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/logout/SimpleUrlLogoutSuccessHandlerTests.java
@@ -15,14 +15,15 @@
  */
 package org.springframework.security.web.authentication.logout;
 
-import static org.assertj.core.api.Assertions.*;
-import static org.mockito.Mockito.mock;
-
 import org.junit.Test;
+
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.security.core.Authentication;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.Mockito.mock;
+
 /**
  * @author Luke Taylor
  */
diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilterTests.java
index 0b7809392e..922d3b8b92 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilterTests.java
@@ -15,14 +15,6 @@
  */
 package org.springframework.security.web.authentication.preauth;
 
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.fail;
-import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.verifyZeroInteractions;
-import static org.mockito.Mockito.when;
-
 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
@@ -31,6 +23,7 @@ import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
 import org.mockito.stubbing.Answer;
+
 import org.springframework.mock.web.MockFilterChain;
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
@@ -47,6 +40,14 @@ import org.springframework.security.web.authentication.ForwardAuthenticationFail
 import org.springframework.security.web.authentication.ForwardAuthenticationSuccessHandler;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.fail;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.verifyZeroInteractions;
+import static org.mockito.Mockito.when;
+
 /**
  * @author Rob Winch
  * @author Tadaya Tsuyukubo
diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/Http403ForbiddenEntryPointTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/Http403ForbiddenEntryPointTests.java
index e06cb6548f..9d4fa105b8 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/preauth/Http403ForbiddenEntryPointTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/Http403ForbiddenEntryPointTests.java
@@ -15,9 +15,6 @@
  */
 package org.springframework.security.web.authentication.preauth;
 
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.fail;
-
 import java.io.IOException;
 
 import javax.servlet.http.HttpServletResponse;
@@ -27,6 +24,9 @@ import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
 import org.springframework.security.web.authentication.Http403ForbiddenEntryPoint;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.fail;
+
 public class Http403ForbiddenEntryPointTests {
 
 	public void testCommence() {
diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationProviderTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationProviderTests.java
index 4063c0b485..3bb99184e2 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationProviderTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationProviderTests.java
@@ -15,9 +15,8 @@
  */
 package org.springframework.security.web.authentication.preauth;
 
-import static org.assertj.core.api.Assertions.assertThat;
-
 import org.junit.Test;
+
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.authority.AuthorityUtils;
@@ -26,6 +25,8 @@ import org.springframework.security.core.userdetails.User;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 /**
  * @author TSARDD
  * @since 18-okt-2007
diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationTokenTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationTokenTests.java
index 7663b8ee9a..f86a01abd4 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationTokenTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationTokenTests.java
@@ -15,15 +15,16 @@
  */
 package org.springframework.security.web.authentication.preauth;
 
-import static org.assertj.core.api.Assertions.assertThat;
-
 import java.util.Collection;
 import java.util.List;
 
 import org.junit.Test;
+
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.AuthorityUtils;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 /**
  * @author TSARDD
  * @since 18-okt-2007
diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesUserDetailsServiceTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesUserDetailsServiceTests.java
index 1d5362ee25..aff725f6b5 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesUserDetailsServiceTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesUserDetailsServiceTests.java
@@ -15,16 +15,17 @@
  */
 package org.springframework.security.web.authentication.preauth;
 
-import static org.assertj.core.api.Assertions.*;
-
-import java.util.*;
+import java.util.List;
 
 import org.junit.Test;
+
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.core.authority.GrantedAuthoritiesContainer;
 import org.springframework.security.core.userdetails.UserDetails;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 /**
  * @author TSARDD
  * @since 18-okt-2007
diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetailsTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetailsTests.java
index ddbce204bb..bea868e108 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetailsTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetailsTests.java
@@ -15,19 +15,21 @@
  */
 package org.springframework.security.web.authentication.preauth;
 
-import static org.assertj.core.api.Assertions.*;
-
-import org.junit.Test;
-import org.springframework.mock.web.MockHttpServletRequest;
-import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.core.authority.AuthorityUtils;
-
-import javax.servlet.http.HttpServletRequest;
 import java.util.Arrays;
 import java.util.HashSet;
 import java.util.List;
 import java.util.Set;
 
+import javax.servlet.http.HttpServletRequest;
+
+import org.junit.Test;
+
+import org.springframework.mock.web.MockHttpServletRequest;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.AuthorityUtils;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
 /**
  * @author TSARDD
  */
diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/RequestAttributeAuthenticationFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/RequestAttributeAuthenticationFilterTests.java
index 7d807cb769..73bdc2b076 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/preauth/RequestAttributeAuthenticationFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/RequestAttributeAuthenticationFilterTests.java
@@ -15,13 +15,11 @@
  */
 package org.springframework.security.web.authentication.preauth;
 
-import static org.assertj.core.api.Assertions.*;
-import static org.mockito.Mockito.*;
-
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
 import org.mockito.stubbing.Answer;
+
 import org.springframework.mock.web.MockFilterChain;
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
@@ -29,6 +27,11 @@ import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
 /**
  * @author Milan Sevcik
  */
diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/header/RequestHeaderAuthenticationFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/header/RequestHeaderAuthenticationFilterTests.java
index c5237ba162..11b36ed7bf 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/preauth/header/RequestHeaderAuthenticationFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/header/RequestHeaderAuthenticationFilterTests.java
@@ -15,13 +15,11 @@
  */
 package org.springframework.security.web.authentication.preauth.header;
 
-import static org.assertj.core.api.Assertions.*;
-import static org.mockito.Mockito.*;
-
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
 import org.mockito.stubbing.Answer;
+
 import org.springframework.mock.web.MockFilterChain;
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
@@ -31,6 +29,11 @@ import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.web.authentication.preauth.PreAuthenticatedCredentialsNotFoundException;
 import org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
 /**
  * @author Luke Taylor
  */
diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/J2eeBasedPreAuthenticatedWebAuthenticationDetailsSourceTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/J2eeBasedPreAuthenticatedWebAuthenticationDetailsSourceTests.java
index 0b78e6f2d2..a8af439c91 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/J2eeBasedPreAuthenticatedWebAuthenticationDetailsSourceTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/J2eeBasedPreAuthenticatedWebAuthenticationDetailsSourceTests.java
@@ -15,9 +15,6 @@
  */
 package org.springframework.security.web.authentication.preauth.j2ee;
 
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.fail;
-
 import java.util.Arrays;
 import java.util.Collection;
 import java.util.HashSet;
@@ -27,6 +24,7 @@ import java.util.Set;
 import javax.servlet.http.HttpServletRequest;
 
 import org.junit.Test;
+
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.mapping.Attributes2GrantedAuthoritiesMapper;
@@ -35,6 +33,9 @@ import org.springframework.security.core.authority.mapping.SimpleAttributes2Gran
 import org.springframework.security.core.authority.mapping.SimpleMappableAttributesRetriever;
 import org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.fail;
+
 /**
  * @author TSARDD
  */
diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/J2eePreAuthenticatedProcessingFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/J2eePreAuthenticatedProcessingFilterTests.java
index fb13d866a7..e2026090de 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/J2eePreAuthenticatedProcessingFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/J2eePreAuthenticatedProcessingFilterTests.java
@@ -15,8 +15,6 @@
  */
 package org.springframework.security.web.authentication.preauth.j2ee;
 
-import static org.assertj.core.api.Assertions.assertThat;
-
 import java.util.Arrays;
 import java.util.HashSet;
 import java.util.Set;
@@ -24,8 +22,11 @@ import java.util.Set;
 import javax.servlet.http.HttpServletRequest;
 
 import org.junit.Test;
+
 import org.springframework.mock.web.MockHttpServletRequest;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 /**
  * @author TSARDD
  * @since 18-okt-2007
diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/WebXmlJ2eeDefinedRolesRetrieverTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/WebXmlJ2eeDefinedRolesRetrieverTests.java
index bf97620e76..31f1957c9e 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/WebXmlJ2eeDefinedRolesRetrieverTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/WebXmlJ2eeDefinedRolesRetrieverTests.java
@@ -15,17 +15,18 @@
  */
 package org.springframework.security.web.authentication.preauth.j2ee;
 
-import static org.assertj.core.api.Assertions.*;
-
 import java.util.Arrays;
 import java.util.List;
 import java.util.Set;
 
 import org.junit.Test;
+
 import org.springframework.core.io.ClassPathResource;
 import org.springframework.core.io.Resource;
 import org.springframework.core.io.ResourceLoader;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 public class WebXmlJ2eeDefinedRolesRetrieverTests {
 
 	@Test
diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedProcessingFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedProcessingFilterTests.java
index 381682ed48..e4c818d23c 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedProcessingFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedProcessingFilterTests.java
@@ -15,13 +15,12 @@
  */
 package org.springframework.security.web.authentication.preauth.websphere;
 
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
+import javax.servlet.FilterChain;
 
-import org.junit.*;
+import org.junit.After;
+import org.junit.Test;
 import org.mockito.stubbing.Answer;
+
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.security.authentication.AuthenticationManager;
@@ -29,7 +28,10 @@ import org.springframework.security.core.Authentication;
 import org.springframework.security.core.authority.mapping.SimpleAttributes2GrantedAuthoritiesMapper;
 import org.springframework.security.core.context.SecurityContextHolder;
 
-import javax.servlet.FilterChain;
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
 
 /**
  * @author Luke Taylor
diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/x509/SubjectDnX509PrincipalExtractorTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/x509/SubjectDnX509PrincipalExtractorTests.java
index cabf01e390..ecdb831ebd 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/preauth/x509/SubjectDnX509PrincipalExtractorTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/x509/SubjectDnX509PrincipalExtractorTests.java
@@ -15,14 +15,13 @@
  */
 package org.springframework.security.web.authentication.preauth.x509;
 
-import static org.assertj.core.api.Assertions.assertThat;
+import org.junit.Before;
+import org.junit.Test;
 
 import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.core.SpringSecurityMessageSource;
-import org.springframework.security.web.authentication.preauth.x509.SubjectDnX509PrincipalExtractor;
 
-import org.junit.Test;
-import org.junit.Before;
+import static org.assertj.core.api.Assertions.assertThat;
 
 /**
  * @author Luke Taylor
diff --git a/web/src/test/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServicesTests.java b/web/src/test/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServicesTests.java
index 396d067d24..42bb0831fa 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServicesTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServicesTests.java
@@ -15,8 +15,6 @@
  */
 package org.springframework.security.web.authentication.rememberme;
 
-import static org.assertj.core.api.Assertions.assertThat;
-
 import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
@@ -28,6 +26,7 @@ import org.mockito.Mockito;
 import org.powermock.core.classloader.annotations.PowerMockIgnore;
 import org.powermock.core.classloader.annotations.PrepareOnlyThisForTest;
 import org.powermock.modules.junit4.PowerMockRunner;
+
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.security.authentication.AccountStatusUserDetailsChecker;
@@ -42,6 +41,8 @@ import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.util.ReflectionUtils;
 import org.springframework.util.StringUtils;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 /**
  * @author Luke Taylor
  */
diff --git a/web/src/test/java/org/springframework/security/web/authentication/rememberme/JdbcTokenRepositoryImplTests.java b/web/src/test/java/org/springframework/security/web/authentication/rememberme/JdbcTokenRepositoryImplTests.java
index 14380a6025..595be85ccf 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/rememberme/JdbcTokenRepositoryImplTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/rememberme/JdbcTokenRepositoryImplTests.java
@@ -16,15 +16,6 @@
 
 package org.springframework.security.web.authentication.rememberme;
 
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.ArgumentMatchers.anyString;
-import static org.mockito.ArgumentMatchers.eq;
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.verifyNoMoreInteractions;
-import static org.mockito.Mockito.when;
-
 import java.sql.Timestamp;
 import java.util.Calendar;
 import java.util.Date;
@@ -40,11 +31,21 @@ import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
+
 import org.springframework.dao.EmptyResultDataAccessException;
 import org.springframework.jdbc.core.JdbcTemplate;
 import org.springframework.jdbc.datasource.SingleConnectionDataSource;
 import org.springframework.test.util.ReflectionTestUtils;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.anyString;
+import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.verifyNoMoreInteractions;
+import static org.mockito.Mockito.when;
+
 /**
  * @author Luke Taylor
  */
diff --git a/web/src/test/java/org/springframework/security/web/authentication/rememberme/NullRememberMeServicesTests.java b/web/src/test/java/org/springframework/security/web/authentication/rememberme/NullRememberMeServicesTests.java
index 2c68d151ed..2ad5f33561 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/rememberme/NullRememberMeServicesTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/rememberme/NullRememberMeServicesTests.java
@@ -16,11 +16,12 @@
 
 package org.springframework.security.web.authentication.rememberme;
 
-import static org.assertj.core.api.Assertions.assertThat;
-
 import org.junit.Test;
+
 import org.springframework.security.web.authentication.NullRememberMeServices;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 /**
  * Tests {@link org.springframework.security.web.authentication.NullRememberMeServices}.
  *
diff --git a/web/src/test/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServicesTests.java b/web/src/test/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServicesTests.java
index 931651d22e..77a0d51b79 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServicesTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServicesTests.java
@@ -15,8 +15,6 @@
  */
 package org.springframework.security.web.authentication.rememberme;
 
-import static org.assertj.core.api.Assertions.*;
-
 import java.util.Date;
 import java.util.concurrent.TimeUnit;
 
@@ -24,16 +22,13 @@ import javax.servlet.http.Cookie;
 
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.security.authentication.TestingAuthenticationToken;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
-import org.springframework.security.web.authentication.rememberme.CookieTheftException;
-import org.springframework.security.web.authentication.rememberme.InvalidCookieException;
-import org.springframework.security.web.authentication.rememberme.PersistentRememberMeToken;
-import org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices;
-import org.springframework.security.web.authentication.rememberme.PersistentTokenRepository;
-import org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationException;
+
+import static org.assertj.core.api.Assertions.assertThat;
 
 /**
  * @author Luke Taylor
diff --git a/web/src/test/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationFilterTests.java
index 8680042509..73b76b5463 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationFilterTests.java
@@ -16,10 +16,14 @@
 
 package org.springframework.security.web.authentication.rememberme;
 
-import static org.assertj.core.api.Assertions.*;
-import static org.mockito.Mockito.*;
+import javax.servlet.FilterChain;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
 
-import org.junit.*;
 import org.springframework.context.ApplicationEventPublisher;
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
@@ -33,9 +37,12 @@ import org.springframework.security.web.authentication.NullRememberMeServices;
 import org.springframework.security.web.authentication.RememberMeServices;
 import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;
 
-import javax.servlet.FilterChain;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.verifyZeroInteractions;
+import static org.mockito.Mockito.when;
 
 /**
  * Tests {@link RememberMeAuthenticationFilter}.
diff --git a/web/src/test/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServicesTests.java b/web/src/test/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServicesTests.java
index 940bc7b468..e32c53b971 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServicesTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServicesTests.java
@@ -16,17 +16,15 @@
 
 package org.springframework.security.web.authentication.rememberme;
 
-import static org.assertj.core.api.Assertions.*;
-import static org.mockito.Mockito.*;
-import static org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices.*;
+import java.util.Date;
 
-import java.util.*;
 import javax.servlet.http.Cookie;
 
 import org.apache.commons.codec.binary.Base64;
 import org.apache.commons.codec.digest.DigestUtils;
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.security.authentication.TestingAuthenticationToken;
@@ -38,6 +36,14 @@ import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.util.StringUtils;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+import static org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices.DEFAULT_PARAMETER;
+import static org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY;
+import static org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices.TWO_WEEKS_S;
+
 /**
  * Tests
  * {@link org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices}
diff --git a/web/src/test/java/org/springframework/security/web/authentication/session/CompositeSessionAuthenticationStrategyTests.java b/web/src/test/java/org/springframework/security/web/authentication/session/CompositeSessionAuthenticationStrategyTests.java
index a45f8aa16b..a55f7799f0 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/session/CompositeSessionAuthenticationStrategyTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/session/CompositeSessionAuthenticationStrategyTests.java
@@ -16,11 +16,6 @@
 
 package org.springframework.security.web.authentication.session;
 
-import static org.assertj.core.api.Assertions.fail;
-import static org.mockito.Mockito.doThrow;
-import static org.mockito.Mockito.times;
-import static org.mockito.Mockito.verify;
-
 import java.util.Arrays;
 import java.util.Collections;
 
@@ -31,8 +26,14 @@ import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
+
 import org.springframework.security.core.Authentication;
 
+import static org.assertj.core.api.Assertions.fail;
+import static org.mockito.Mockito.doThrow;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
+
 /**
  * @author Rob Winch
  *
diff --git a/web/src/test/java/org/springframework/security/web/authentication/session/ConcurrentSessionControlAuthenticationStrategyTests.java b/web/src/test/java/org/springframework/security/web/authentication/session/ConcurrentSessionControlAuthenticationStrategyTests.java
index e2e50d8b3a..fc585794d2 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/session/ConcurrentSessionControlAuthenticationStrategyTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/session/ConcurrentSessionControlAuthenticationStrategyTests.java
@@ -16,11 +16,6 @@
 
 package org.springframework.security.web.authentication.session;
 
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.ArgumentMatchers.anyBoolean;
-import static org.mockito.Mockito.when;
-
 import java.util.Arrays;
 import java.util.Collections;
 import java.util.Date;
@@ -30,6 +25,7 @@ import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
+
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.mock.web.MockHttpSession;
@@ -39,6 +35,11 @@ import org.springframework.security.core.Authentication;
 import org.springframework.security.core.session.SessionInformation;
 import org.springframework.security.core.session.SessionRegistry;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.anyBoolean;
+import static org.mockito.Mockito.when;
+
 /**
  * @author Rob Winch
  *
diff --git a/web/src/test/java/org/springframework/security/web/authentication/session/RegisterSessionAuthenticationStrategyTests.java b/web/src/test/java/org/springframework/security/web/authentication/session/RegisterSessionAuthenticationStrategyTests.java
index fa2d175880..389841c2c9 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/session/RegisterSessionAuthenticationStrategyTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/session/RegisterSessionAuthenticationStrategyTests.java
@@ -15,19 +15,20 @@
  */
 package org.springframework.security.web.authentication.session;
 
-import static org.mockito.Mockito.verify;
-
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
+
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.security.authentication.TestingAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.session.SessionRegistry;
 
+import static org.mockito.Mockito.verify;
+
 /**
  * @author Rob Winch
  *
diff --git a/web/src/test/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilterTests.java
index 47ad26bdc0..3c4979448c 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilterTests.java
@@ -18,6 +18,7 @@ package org.springframework.security.web.authentication.switchuser;
 
 import java.util.ArrayList;
 import java.util.List;
+
 import javax.servlet.FilterChain;
 
 import org.junit.After;
diff --git a/web/src/test/java/org/springframework/security/web/authentication/switchuser/SwitchUserGrantedAuthorityTests.java b/web/src/test/java/org/springframework/security/web/authentication/switchuser/SwitchUserGrantedAuthorityTests.java
index b9c6a361ce..845363de76 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/switchuser/SwitchUserGrantedAuthorityTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/switchuser/SwitchUserGrantedAuthorityTests.java
@@ -18,7 +18,6 @@ package org.springframework.security.web.authentication.switchuser;
 import org.junit.Test;
 
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
-import org.springframework.security.web.authentication.switchuser.SwitchUserGrantedAuthority;
 
 /**
  * @author Clement Ng
diff --git a/web/src/test/java/org/springframework/security/web/authentication/ui/DefaultLogoutPageGeneratingFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/ui/DefaultLogoutPageGeneratingFilterTests.java
index 0168a0b655..0036813bd4 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/ui/DefaultLogoutPageGeneratingFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/ui/DefaultLogoutPageGeneratingFilterTests.java
@@ -16,12 +16,13 @@
 
 package org.springframework.security.web.authentication.ui;
 
+import java.util.Collections;
+
 import org.junit.Test;
+
 import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.test.web.servlet.setup.MockMvcBuilders;
 
-import java.util.Collections;
-
 import static org.hamcrest.core.StringContains.containsString;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content;
diff --git a/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationConverterTests.java b/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationConverterTests.java
index c23ecbaf58..902538ac22 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationConverterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationConverterTests.java
@@ -15,11 +15,6 @@
  */
 package org.springframework.security.web.authentication.www;
 
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.verifyZeroInteractions;
-
 import javax.servlet.http.HttpServletRequest;
 
 import org.apache.commons.codec.binary.Base64;
@@ -28,11 +23,17 @@ import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
+
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.security.authentication.AuthenticationDetailsSource;
 import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.verifyZeroInteractions;
+
 /**
  * @author Sergey Bespalov
  * @since 5.2.0
diff --git a/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilterTests.java
index b592cf3150..10fa23917c 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilterTests.java
@@ -16,9 +16,7 @@
 
 package org.springframework.security.web.authentication.www;
 
-import static org.assertj.core.api.Assertions.*;
-import static org.mockito.AdditionalMatchers.not;
-import static org.mockito.Mockito.*;
+import java.nio.charset.StandardCharsets;
 
 import javax.servlet.FilterChain;
 import javax.servlet.ServletRequest;
@@ -29,6 +27,7 @@ import org.apache.commons.codec.binary.Base64;
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.mock.web.MockHttpSession;
@@ -41,7 +40,14 @@ import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.web.authentication.WebAuthenticationDetails;
 import org.springframework.web.util.WebUtils;
 
-import java.nio.charset.StandardCharsets;
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.AdditionalMatchers.not;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.never;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
 
 /**
  * Tests {@link BasicAuthenticationFilter}.
diff --git a/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthUtilsTests.java b/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthUtilsTests.java
index 4fe571904c..4d13ededfd 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthUtilsTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthUtilsTests.java
@@ -16,14 +16,15 @@
 
 package org.springframework.security.web.authentication.www;
 
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.fail;
-
 import java.util.Map;
 
 import org.junit.Test;
+
 import org.springframework.util.StringUtils;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.fail;
+
 /**
  * Tests {@link org.springframework.security.util.StringSplitUtils}.
  *
diff --git a/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilterTests.java
index 55d77f89d5..f1fabc3d98 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilterTests.java
@@ -18,6 +18,7 @@ package org.springframework.security.web.authentication.www;
 
 import java.io.IOException;
 import java.util.Map;
+
 import javax.servlet.Filter;
 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
diff --git a/web/src/test/java/org/springframework/security/web/bind/support/AuthenticationPrincipalArgumentResolverTests.java b/web/src/test/java/org/springframework/security/web/bind/support/AuthenticationPrincipalArgumentResolverTests.java
index e41604a4dc..65ea39de3b 100644
--- a/web/src/test/java/org/springframework/security/web/bind/support/AuthenticationPrincipalArgumentResolverTests.java
+++ b/web/src/test/java/org/springframework/security/web/bind/support/AuthenticationPrincipalArgumentResolverTests.java
@@ -15,8 +15,6 @@
  */
 package org.springframework.security.web.bind.support;
 
-import static org.assertj.core.api.Assertions.assertThat;
-
 import java.lang.annotation.ElementType;
 import java.lang.annotation.Retention;
 import java.lang.annotation.RetentionPolicy;
@@ -26,6 +24,7 @@ import java.lang.reflect.Method;
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.core.MethodParameter;
 import org.springframework.security.authentication.TestingAuthenticationToken;
 import org.springframework.security.core.authority.AuthorityUtils;
@@ -35,6 +34,8 @@ import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.web.bind.annotation.AuthenticationPrincipal;
 import org.springframework.util.ReflectionUtils;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 /**
  * @author Rob Winch
  *
diff --git a/web/src/test/java/org/springframework/security/web/context/AbstractSecurityWebApplicationInitializerTests.java b/web/src/test/java/org/springframework/security/web/context/AbstractSecurityWebApplicationInitializerTests.java
index 11abe05139..89d2238916 100644
--- a/web/src/test/java/org/springframework/security/web/context/AbstractSecurityWebApplicationInitializerTests.java
+++ b/web/src/test/java/org/springframework/security/web/context/AbstractSecurityWebApplicationInitializerTests.java
@@ -20,6 +20,7 @@ import java.util.EnumSet;
 import java.util.EventListener;
 import java.util.HashSet;
 import java.util.Set;
+
 import javax.servlet.DispatcherType;
 import javax.servlet.Filter;
 import javax.servlet.FilterRegistration;
diff --git a/web/src/test/java/org/springframework/security/web/context/HttpSessionSecurityContextRepositoryTests.java b/web/src/test/java/org/springframework/security/web/context/HttpSessionSecurityContextRepositoryTests.java
index 1095ba1313..ca049bad82 100644
--- a/web/src/test/java/org/springframework/security/web/context/HttpSessionSecurityContextRepositoryTests.java
+++ b/web/src/test/java/org/springframework/security/web/context/HttpSessionSecurityContextRepositoryTests.java
@@ -20,6 +20,7 @@ import java.lang.annotation.ElementType;
 import java.lang.annotation.Retention;
 import java.lang.annotation.RetentionPolicy;
 import java.lang.annotation.Target;
+
 import javax.servlet.ServletOutputStream;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletRequestWrapper;
diff --git a/web/src/test/java/org/springframework/security/web/context/SaveContextOnUpdateOrErrorResponseWrapperTests.java b/web/src/test/java/org/springframework/security/web/context/SaveContextOnUpdateOrErrorResponseWrapperTests.java
index 04fc9d05b7..3d2040bab5 100644
--- a/web/src/test/java/org/springframework/security/web/context/SaveContextOnUpdateOrErrorResponseWrapperTests.java
+++ b/web/src/test/java/org/springframework/security/web/context/SaveContextOnUpdateOrErrorResponseWrapperTests.java
@@ -15,8 +15,6 @@
  */
 package org.springframework.security.web.context;
 
-import static org.assertj.core.api.Assertions.assertThat;
-
 import javax.servlet.http.HttpServletResponse;
 
 import org.junit.After;
@@ -25,10 +23,13 @@ import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
+
 import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.core.context.SecurityContextHolder;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 /**
  * @author Rob Winch
  *
diff --git a/web/src/test/java/org/springframework/security/web/context/SecurityContextPersistenceFilterTests.java b/web/src/test/java/org/springframework/security/web/context/SecurityContextPersistenceFilterTests.java
index 775a647977..c0447913d3 100644
--- a/web/src/test/java/org/springframework/security/web/context/SecurityContextPersistenceFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/context/SecurityContextPersistenceFilterTests.java
@@ -15,16 +15,15 @@
  */
 package org.springframework.security.web.context;
 
-import static org.assertj.core.api.Assertions.*;
-import static org.mockito.Mockito.*;
-
 import java.io.IOException;
+
 import javax.servlet.FilterChain;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
 
 import org.junit.After;
 import org.junit.Test;
+
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.security.authentication.TestingAuthenticationToken;
@@ -32,6 +31,14 @@ import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.core.context.SecurityContextImpl;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.fail;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.doThrow;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+
 public class SecurityContextPersistenceFilterTests {
 
 	TestingAuthenticationToken testToken = new TestingAuthenticationToken("someone", "passwd", "ROLE_A");
diff --git a/web/src/test/java/org/springframework/security/web/context/request/async/SecurityContextCallableProcessingInterceptorTests.java b/web/src/test/java/org/springframework/security/web/context/request/async/SecurityContextCallableProcessingInterceptorTests.java
index 8ecbf5ce95..c7527604fa 100644
--- a/web/src/test/java/org/springframework/security/web/context/request/async/SecurityContextCallableProcessingInterceptorTests.java
+++ b/web/src/test/java/org/springframework/security/web/context/request/async/SecurityContextCallableProcessingInterceptorTests.java
@@ -15,8 +15,6 @@
  */
 package org.springframework.security.web.context.request.async;
 
-import static org.assertj.core.api.Assertions.assertThat;
-
 import java.util.concurrent.Callable;
 
 import org.junit.After;
@@ -24,10 +22,13 @@ import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
+
 import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.web.context.request.NativeWebRequest;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 /**
  * @author Rob Winch
  *
diff --git a/web/src/test/java/org/springframework/security/web/context/request/async/WebAsyncManagerIntegrationFilterTests.java b/web/src/test/java/org/springframework/security/web/context/request/async/WebAsyncManagerIntegrationFilterTests.java
index 681d5031e6..bcc21e6c6c 100644
--- a/web/src/test/java/org/springframework/security/web/context/request/async/WebAsyncManagerIntegrationFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/context/request/async/WebAsyncManagerIntegrationFilterTests.java
@@ -15,9 +15,6 @@
  */
 package org.springframework.security.web.context.request.async;
 
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.Mockito.when;
-
 import java.util.concurrent.Callable;
 import java.util.concurrent.ThreadFactory;
 
@@ -30,6 +27,7 @@ import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
+
 import org.springframework.core.task.SimpleAsyncTaskExecutor;
 import org.springframework.mock.web.MockFilterChain;
 import org.springframework.security.core.context.SecurityContext;
@@ -40,6 +38,9 @@ import org.springframework.web.context.request.async.CallableProcessingIntercept
 import org.springframework.web.context.request.async.WebAsyncManager;
 import org.springframework.web.context.request.async.WebAsyncUtils;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.Mockito.when;
+
 /**
  * @author Rob Winch
  *
diff --git a/web/src/test/java/org/springframework/security/web/csrf/CookieCsrfTokenRepositoryTests.java b/web/src/test/java/org/springframework/security/web/csrf/CookieCsrfTokenRepositoryTests.java
index b9399fe85e..6f0aa4fddf 100644
--- a/web/src/test/java/org/springframework/security/web/csrf/CookieCsrfTokenRepositoryTests.java
+++ b/web/src/test/java/org/springframework/security/web/csrf/CookieCsrfTokenRepositoryTests.java
@@ -16,13 +16,14 @@
 
 package org.springframework.security.web.csrf;
 
+import javax.servlet.http.Cookie;
+
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
 
-import javax.servlet.http.Cookie;
-
 import static org.assertj.core.api.Assertions.assertThat;
 
 /**
diff --git a/web/src/test/java/org/springframework/security/web/csrf/CsrfLogoutHandlerTests.java b/web/src/test/java/org/springframework/security/web/csrf/CsrfLogoutHandlerTests.java
index a26cdd80af..e2dbd09701 100644
--- a/web/src/test/java/org/springframework/security/web/csrf/CsrfLogoutHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/csrf/CsrfLogoutHandlerTests.java
@@ -15,17 +15,18 @@
  */
 package org.springframework.security.web.csrf;
 
-import static org.mockito.Mockito.verify;
-
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
+
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.security.authentication.TestingAuthenticationToken;
 
+import static org.mockito.Mockito.verify;
+
 /**
  * @author Rob Winch
  * @since 3.2
diff --git a/web/src/test/java/org/springframework/security/web/csrf/HttpSessionCsrfTokenRepositoryTests.java b/web/src/test/java/org/springframework/security/web/csrf/HttpSessionCsrfTokenRepositoryTests.java
index 5ee346d43c..6145fd1329 100644
--- a/web/src/test/java/org/springframework/security/web/csrf/HttpSessionCsrfTokenRepositoryTests.java
+++ b/web/src/test/java/org/springframework/security/web/csrf/HttpSessionCsrfTokenRepositoryTests.java
@@ -15,13 +15,14 @@
  */
 package org.springframework.security.web.csrf;
 
-import static org.assertj.core.api.Assertions.assertThat;
-
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 /**
  * @author Rob Winch
  *
diff --git a/web/src/test/java/org/springframework/security/web/debug/DebugFilterTests.java b/web/src/test/java/org/springframework/security/web/debug/DebugFilterTests.java
index 65590f7d4e..6fdcd455d6 100644
--- a/web/src/test/java/org/springframework/security/web/debug/DebugFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/debug/DebugFilterTests.java
@@ -15,13 +15,6 @@
  */
 package org.springframework.security.web.debug;
 
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.ArgumentMatchers.anyString;
-import static org.mockito.ArgumentMatchers.eq;
-import static org.mockito.Mockito.never;
-import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
-
 import java.util.Collections;
 
 import javax.servlet.FilterChain;
@@ -37,10 +30,18 @@ import org.mockito.Captor;
 import org.mockito.Mock;
 import org.powermock.core.classloader.annotations.PrepareOnlyThisForTest;
 import org.powermock.modules.junit4.PowerMockRunner;
+
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.security.web.FilterChainProxy;
 import org.springframework.test.util.ReflectionTestUtils;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.ArgumentMatchers.anyString;
+import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.Mockito.never;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+
 /**
  * @author Rob Winch
  *
diff --git a/web/src/test/java/org/springframework/security/web/firewall/DefaultRequestRejectedHandlerTests.java b/web/src/test/java/org/springframework/security/web/firewall/DefaultRequestRejectedHandlerTests.java
index 5af445f362..3aafb0ebab 100644
--- a/web/src/test/java/org/springframework/security/web/firewall/DefaultRequestRejectedHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/firewall/DefaultRequestRejectedHandlerTests.java
@@ -15,8 +15,6 @@
  */
 package org.springframework.security.web.firewall;
 
-import static org.mockito.Mockito.mock;
-
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
@@ -24,6 +22,8 @@ import org.hamcrest.CoreMatchers;
 import org.junit.Assert;
 import org.junit.Test;
 
+import static org.mockito.Mockito.mock;
+
 public class DefaultRequestRejectedHandlerTests {
 
 	@Test
diff --git a/web/src/test/java/org/springframework/security/web/firewall/HttpStatusRequestRejectedHandlerTests.java b/web/src/test/java/org/springframework/security/web/firewall/HttpStatusRequestRejectedHandlerTests.java
index 4ccb834053..a68fcd3c72 100644
--- a/web/src/test/java/org/springframework/security/web/firewall/HttpStatusRequestRejectedHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/firewall/HttpStatusRequestRejectedHandlerTests.java
@@ -15,14 +15,14 @@
  */
 package org.springframework.security.web.firewall;
 
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.verify;
-
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import org.junit.Test;
 
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+
 public class HttpStatusRequestRejectedHandlerTests {
 
 	@Test
diff --git a/web/src/test/java/org/springframework/security/web/firewall/RequestWrapperTests.java b/web/src/test/java/org/springframework/security/web/firewall/RequestWrapperTests.java
index 93b411f2d7..b4e92e8c64 100644
--- a/web/src/test/java/org/springframework/security/web/firewall/RequestWrapperTests.java
+++ b/web/src/test/java/org/springframework/security/web/firewall/RequestWrapperTests.java
@@ -15,9 +15,6 @@
  */
 package org.springframework.security.web.firewall;
 
-import static org.assertj.core.api.Assertions.*;
-import static org.mockito.Mockito.*;
-
 import java.util.LinkedHashMap;
 import java.util.Map;
 
@@ -27,8 +24,16 @@ import javax.servlet.http.HttpServletResponse;
 
 import org.junit.BeforeClass;
 import org.junit.Test;
+
 import org.springframework.mock.web.MockHttpServletRequest;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.verifyNoMoreInteractions;
+import static org.mockito.Mockito.when;
+
 /**
  * @author Luke Taylor
  */
diff --git a/web/src/test/java/org/springframework/security/web/firewall/StrictHttpFirewallTests.java b/web/src/test/java/org/springframework/security/web/firewall/StrictHttpFirewallTests.java
index f18e9bdd00..c42e98034e 100644
--- a/web/src/test/java/org/springframework/security/web/firewall/StrictHttpFirewallTests.java
+++ b/web/src/test/java/org/springframework/security/web/firewall/StrictHttpFirewallTests.java
@@ -16,19 +16,20 @@
 
 package org.springframework.security.web.firewall;
 
-import static org.assertj.core.api.Assertions.assertThatCode;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
-import static org.assertj.core.api.Assertions.fail;
-
 import java.util.Arrays;
 import java.util.List;
 
 import javax.servlet.http.HttpServletRequest;
 
 import org.junit.Test;
+
 import org.springframework.http.HttpMethod;
 import org.springframework.mock.web.MockHttpServletRequest;
 
+import static org.assertj.core.api.Assertions.assertThatCode;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.fail;
+
 /**
  * @author Rob Winch
  * @author Eddú Meléndez
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/CompositeHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/CompositeHeaderWriterTests.java
index 755fcaa642..d0b7accf29 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/CompositeHeaderWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/CompositeHeaderWriterTests.java
@@ -15,13 +15,15 @@
  */
 package org.springframework.security.web.header.writers;
 
-import org.junit.Test;
-import org.springframework.security.web.header.HeaderWriter;
+import java.util.Arrays;
+import java.util.Collections;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
-import java.util.Arrays;
-import java.util.Collections;
+
+import org.junit.Test;
+
+import org.springframework.security.web.header.HeaderWriter;
 
 import static org.assertj.core.api.Assertions.assertThatCode;
 import static org.mockito.Mockito.mock;
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/ContentSecurityPolicyHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/ContentSecurityPolicyHeaderWriterTests.java
index d1e05ecd9e..b57993c4e5 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/ContentSecurityPolicyHeaderWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/ContentSecurityPolicyHeaderWriterTests.java
@@ -17,6 +17,7 @@ package org.springframework.security.web.header.writers;
 
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
 
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/DelegatingRequestMatcherHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/DelegatingRequestMatcherHeaderWriterTests.java
index c19caab1bb..f37f8510eb 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/DelegatingRequestMatcherHeaderWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/DelegatingRequestMatcherHeaderWriterTests.java
@@ -15,20 +15,21 @@
  */
 package org.springframework.security.web.header.writers;
 
-import static org.mockito.Mockito.times;
-import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
-
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
+
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.security.web.header.HeaderWriter;
 import org.springframework.security.web.util.matcher.RequestMatcher;
 
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+
 /**
  * @author Rob Winch
  *
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/ReferrerPolicyHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/ReferrerPolicyHeaderWriterTests.java
index ebd51183fe..f51bd14cb2 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/ReferrerPolicyHeaderWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/ReferrerPolicyHeaderWriterTests.java
@@ -20,9 +20,9 @@ import org.junit.Test;
 
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
+import org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter.ReferrerPolicy;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter.ReferrerPolicy;
 
 /**
  * @author Eddú Meléndez
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/XContentTypeOptionsHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/XContentTypeOptionsHeaderWriterTests.java
index 8f58af1cd7..92141c4e00 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/XContentTypeOptionsHeaderWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/XContentTypeOptionsHeaderWriterTests.java
@@ -15,13 +15,14 @@
  */
 package org.springframework.security.web.header.writers;
 
-import static org.assertj.core.api.Assertions.assertThat;
-
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 /**
  * @author Rob Winch
  *
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/AbstractRequestParameterAllowFromStrategyTests.java b/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/AbstractRequestParameterAllowFromStrategyTests.java
index 38c73ba6b1..f8fa7300a8 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/AbstractRequestParameterAllowFromStrategyTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/AbstractRequestParameterAllowFromStrategyTests.java
@@ -15,12 +15,12 @@
  */
 package org.springframework.security.web.header.writers.frameoptions;
 
-import static org.assertj.core.api.Assertions.assertThat;
-
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.mock.web.MockHttpServletRequest;
-import org.springframework.security.web.header.writers.frameoptions.AbstractRequestParameterAllowFromStrategy;
+
+import static org.assertj.core.api.Assertions.assertThat;
 
 /**
  * @author Rob Winch
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/FrameOptionsHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/FrameOptionsHeaderWriterTests.java
index 879a18c8e6..deeb9dc7ba 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/FrameOptionsHeaderWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/FrameOptionsHeaderWriterTests.java
@@ -15,20 +15,19 @@
  */
 package org.springframework.security.web.header.writers.frameoptions;
 
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.Mockito.when;
-
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
+
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
-import org.springframework.security.web.header.writers.frameoptions.AllowFromStrategy;
-import org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter;
 import org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter.XFrameOptionsMode;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.Mockito.when;
+
 /**
  * @author Rob Winch
  *
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/RegExpAllowFromStrategyTests.java b/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/RegExpAllowFromStrategyTests.java
index 39a7d76241..4850081c0e 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/RegExpAllowFromStrategyTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/RegExpAllowFromStrategyTests.java
@@ -15,13 +15,14 @@
  */
 package org.springframework.security.web.header.writers.frameoptions;
 
-import static org.assertj.core.api.Assertions.assertThat;
-
 import java.util.regex.PatternSyntaxException;
 
 import org.junit.Test;
+
 import org.springframework.mock.web.MockHttpServletRequest;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 /**
  * @author Marten Deinum
  */
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/StaticAllowFromStrategyTests.java b/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/StaticAllowFromStrategyTests.java
index 1602246a77..a9d8a2d5ff 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/StaticAllowFromStrategyTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/StaticAllowFromStrategyTests.java
@@ -15,12 +15,12 @@
  */
 package org.springframework.security.web.header.writers.frameoptions;
 
-import org.junit.Test;
-import org.springframework.mock.web.MockHttpServletRequest;
-import org.springframework.security.web.header.writers.frameoptions.StaticAllowFromStrategy;
-
 import java.net.URI;
 
+import org.junit.Test;
+
+import org.springframework.mock.web.MockHttpServletRequest;
+
 import static org.assertj.core.api.Assertions.assertThat;
 
 /**
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/WhiteListedAllowFromStrategyTests.java b/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/WhiteListedAllowFromStrategyTests.java
index c67a047792..89f57cc6e2 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/WhiteListedAllowFromStrategyTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/WhiteListedAllowFromStrategyTests.java
@@ -15,12 +15,13 @@
  */
 package org.springframework.security.web.header.writers.frameoptions;
 
-import org.junit.Test;
-import org.springframework.mock.web.MockHttpServletRequest;
-
 import java.util.ArrayList;
 import java.util.List;
 
+import org.junit.Test;
+
+import org.springframework.mock.web.MockHttpServletRequest;
+
 import static org.assertj.core.api.Assertions.assertThat;
 
 /**
diff --git a/web/src/test/java/org/springframework/security/web/jaasapi/JaasApiIntegrationFilterTests.java b/web/src/test/java/org/springframework/security/web/jaasapi/JaasApiIntegrationFilterTests.java
index 6dd353faf5..d269aa3aa2 100644
--- a/web/src/test/java/org/springframework/security/web/jaasapi/JaasApiIntegrationFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/jaasapi/JaasApiIntegrationFilterTests.java
@@ -16,8 +16,6 @@
 
 package org.springframework.security.web.jaasapi;
 
-import static org.assertj.core.api.Assertions.assertThat;
-
 import java.io.IOException;
 import java.security.AccessController;
 import java.util.HashMap;
@@ -40,6 +38,7 @@ import javax.servlet.ServletResponse;
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.mock.web.MockFilterChain;
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
@@ -50,6 +49,8 @@ import org.springframework.security.core.Authentication;
 import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.core.context.SecurityContextHolder;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 /**
  * Tests the JaasApiIntegrationFilter.
  *
diff --git a/web/src/test/java/org/springframework/security/web/jackson2/PreAuthenticatedAuthenticationTokenMixinTests.java b/web/src/test/java/org/springframework/security/web/jackson2/PreAuthenticatedAuthenticationTokenMixinTests.java
index 26f3bb9e4b..602416dfec 100644
--- a/web/src/test/java/org/springframework/security/web/jackson2/PreAuthenticatedAuthenticationTokenMixinTests.java
+++ b/web/src/test/java/org/springframework/security/web/jackson2/PreAuthenticatedAuthenticationTokenMixinTests.java
@@ -16,17 +16,17 @@
 
 package org.springframework.security.web.jackson2;
 
-import static org.assertj.core.api.Assertions.assertThat;
-
+import com.fasterxml.jackson.core.JsonProcessingException;
 import org.json.JSONException;
 import org.junit.Before;
 import org.junit.Test;
 import org.skyscreamer.jsonassert.JSONAssert;
+
 import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.jackson2.SimpleGrantedAuthorityMixinTests;
 import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
 
-import com.fasterxml.jackson.core.JsonProcessingException;
+import static org.assertj.core.api.Assertions.assertThat;
 
 /**
  * @author Rob Winch
diff --git a/web/src/test/java/org/springframework/security/web/method/annotation/AuthenticationPrincipalArgumentResolverTests.java b/web/src/test/java/org/springframework/security/web/method/annotation/AuthenticationPrincipalArgumentResolverTests.java
index 7dd4081807..c20f92a6fd 100644
--- a/web/src/test/java/org/springframework/security/web/method/annotation/AuthenticationPrincipalArgumentResolverTests.java
+++ b/web/src/test/java/org/springframework/security/web/method/annotation/AuthenticationPrincipalArgumentResolverTests.java
@@ -15,8 +15,6 @@
  */
 package org.springframework.security.web.method.annotation;
 
-import static org.assertj.core.api.Assertions.assertThat;
-
 import java.lang.annotation.ElementType;
 import java.lang.annotation.Retention;
 import java.lang.annotation.RetentionPolicy;
@@ -26,6 +24,7 @@ import java.lang.reflect.Method;
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.core.MethodParameter;
 import org.springframework.security.authentication.TestingAuthenticationToken;
 import org.springframework.security.core.annotation.AuthenticationPrincipal;
@@ -35,6 +34,8 @@ import org.springframework.security.core.userdetails.User;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.util.ReflectionUtils;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 /**
  * @author Rob Winch
  *
diff --git a/web/src/test/java/org/springframework/security/web/method/annotation/CsrfTokenArgumentResolverTests.java b/web/src/test/java/org/springframework/security/web/method/annotation/CsrfTokenArgumentResolverTests.java
index fdcf9794c0..3d8b235342 100644
--- a/web/src/test/java/org/springframework/security/web/method/annotation/CsrfTokenArgumentResolverTests.java
+++ b/web/src/test/java/org/springframework/security/web/method/annotation/CsrfTokenArgumentResolverTests.java
@@ -15,8 +15,6 @@
  */
 package org.springframework.security.web.method.annotation;
 
-import static org.assertj.core.api.Assertions.assertThat;
-
 import java.lang.reflect.Method;
 
 import org.junit.Before;
@@ -24,6 +22,7 @@ import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
+
 import org.springframework.core.MethodParameter;
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.security.web.csrf.CsrfToken;
@@ -34,6 +33,8 @@ import org.springframework.web.context.request.NativeWebRequest;
 import org.springframework.web.context.request.ServletWebRequest;
 import org.springframework.web.method.support.ModelAndViewContainer;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 /**
  * @author Rob Winch
  *
diff --git a/web/src/test/java/org/springframework/security/web/reactive/result/method/annotation/AuthenticationPrincipalArgumentResolverTests.java b/web/src/test/java/org/springframework/security/web/reactive/result/method/annotation/AuthenticationPrincipalArgumentResolverTests.java
index 73def76790..b61603f66a 100644
--- a/web/src/test/java/org/springframework/security/web/reactive/result/method/annotation/AuthenticationPrincipalArgumentResolverTests.java
+++ b/web/src/test/java/org/springframework/security/web/reactive/result/method/annotation/AuthenticationPrincipalArgumentResolverTests.java
@@ -16,11 +16,19 @@
 
 package org.springframework.security.web.reactive.result.method.annotation;
 
+import java.lang.annotation.Documented;
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
+import reactor.core.publisher.Mono;
+
 import org.springframework.core.MethodParameter;
 import org.springframework.core.ReactiveAdapterRegistry;
 import org.springframework.expression.BeanResolver;
@@ -30,9 +38,6 @@ import org.springframework.security.core.context.ReactiveSecurityContextHolder;
 import org.springframework.security.web.method.ResolvableMethod;
 import org.springframework.web.reactive.BindingContext;
 import org.springframework.web.server.ServerWebExchange;
-import reactor.core.publisher.Mono;
-
-import java.lang.annotation.*;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
diff --git a/web/src/test/java/org/springframework/security/web/reactive/result/view/CsrfRequestDataValueProcessorTests.java b/web/src/test/java/org/springframework/security/web/reactive/result/view/CsrfRequestDataValueProcessorTests.java
index b88fec1ae5..439292d034 100644
--- a/web/src/test/java/org/springframework/security/web/reactive/result/view/CsrfRequestDataValueProcessorTests.java
+++ b/web/src/test/java/org/springframework/security/web/reactive/result/view/CsrfRequestDataValueProcessorTests.java
@@ -16,8 +16,13 @@
 
 package org.springframework.security.web.reactive.result.view;
 
+import java.lang.reflect.Method;
+import java.util.HashMap;
+import java.util.Map;
+
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.http.HttpMethod;
 import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
 import org.springframework.mock.web.server.MockServerWebExchange;
@@ -25,11 +30,7 @@ import org.springframework.security.web.server.csrf.CsrfToken;
 import org.springframework.security.web.server.csrf.DefaultCsrfToken;
 import org.springframework.util.ReflectionUtils;
 
-import java.lang.reflect.Method;
-import java.util.HashMap;
-import java.util.Map;
-
-import static org.assertj.core.api.Assertions.*;
+import static org.assertj.core.api.Assertions.assertThat;
 import static org.springframework.security.web.reactive.result.view.CsrfRequestDataValueProcessor.DEFAULT_CSRF_ATTR_NAME;
 
 /**
diff --git a/web/src/test/java/org/springframework/security/web/savedrequest/CookieRequestCacheTests.java b/web/src/test/java/org/springframework/security/web/savedrequest/CookieRequestCacheTests.java
index 760a359798..b4c5df2465 100644
--- a/web/src/test/java/org/springframework/security/web/savedrequest/CookieRequestCacheTests.java
+++ b/web/src/test/java/org/springframework/security/web/savedrequest/CookieRequestCacheTests.java
@@ -15,14 +15,15 @@
  */
 package org.springframework.security.web.savedrequest;
 
-import org.junit.Test;
-import org.springframework.mock.web.MockHttpServletRequest;
-import org.springframework.mock.web.MockHttpServletResponse;
+import java.util.Base64;
 
 import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
 
-import java.util.Base64;
+import org.junit.Test;
+
+import org.springframework.mock.web.MockHttpServletRequest;
+import org.springframework.mock.web.MockHttpServletResponse;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
diff --git a/web/src/test/java/org/springframework/security/web/savedrequest/DefaultSavedRequestTests.java b/web/src/test/java/org/springframework/security/web/savedrequest/DefaultSavedRequestTests.java
index 28ff375aa4..9d4f8408ef 100644
--- a/web/src/test/java/org/springframework/security/web/savedrequest/DefaultSavedRequestTests.java
+++ b/web/src/test/java/org/springframework/security/web/savedrequest/DefaultSavedRequestTests.java
@@ -15,12 +15,12 @@
  */
 package org.springframework.security.web.savedrequest;
 
-import static org.assertj.core.api.Assertions.*;
-
 import org.junit.Test;
-import org.springframework.security.MockPortResolver;
-import org.springframework.security.web.savedrequest.DefaultSavedRequest;
+
 import org.springframework.mock.web.MockHttpServletRequest;
+import org.springframework.security.MockPortResolver;
+
+import static org.assertj.core.api.Assertions.assertThat;
 
 /**
  *
diff --git a/web/src/test/java/org/springframework/security/web/savedrequest/HttpSessionRequestCacheTests.java b/web/src/test/java/org/springframework/security/web/savedrequest/HttpSessionRequestCacheTests.java
index 0089fd3b03..8222d25dad 100644
--- a/web/src/test/java/org/springframework/security/web/savedrequest/HttpSessionRequestCacheTests.java
+++ b/web/src/test/java/org/springframework/security/web/savedrequest/HttpSessionRequestCacheTests.java
@@ -15,8 +15,6 @@
  */
 package org.springframework.security.web.savedrequest;
 
-import static org.assertj.core.api.Assertions.assertThat;
-
 import java.util.Collection;
 import java.util.List;
 import java.util.Locale;
@@ -27,10 +25,13 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import org.junit.Test;
+
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.security.web.PortResolverImpl;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 /**
  * @author Luke Taylor
  * @author Eddú Meléndez
diff --git a/web/src/test/java/org/springframework/security/web/savedrequest/RequestCacheAwareFilterTests.java b/web/src/test/java/org/springframework/security/web/savedrequest/RequestCacheAwareFilterTests.java
index 39aa95dda7..aa8a5ae0df 100644
--- a/web/src/test/java/org/springframework/security/web/savedrequest/RequestCacheAwareFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/savedrequest/RequestCacheAwareFilterTests.java
@@ -15,15 +15,17 @@
  */
 package org.springframework.security.web.savedrequest;
 
-import static org.assertj.core.api.Assertions.*;
+import java.util.Base64;
+
+import javax.servlet.http.Cookie;
 
 import org.junit.Test;
+
 import org.springframework.mock.web.MockFilterChain;
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
 
-import javax.servlet.http.Cookie;
-import java.util.Base64;
+import static org.assertj.core.api.Assertions.assertThat;
 
 public class RequestCacheAwareFilterTests {
 
diff --git a/web/src/test/java/org/springframework/security/web/savedrequest/SavedCookieTests.java b/web/src/test/java/org/springframework/security/web/savedrequest/SavedCookieTests.java
index 3b7134b499..d71ca86641 100644
--- a/web/src/test/java/org/springframework/security/web/savedrequest/SavedCookieTests.java
+++ b/web/src/test/java/org/springframework/security/web/savedrequest/SavedCookieTests.java
@@ -15,15 +15,14 @@
  */
 package org.springframework.security.web.savedrequest;
 
-import static org.assertj.core.api.Assertions.*;
+import java.io.Serializable;
 
 import javax.servlet.http.Cookie;
 
 import org.junit.Before;
 import org.junit.Test;
-import org.springframework.security.web.savedrequest.SavedCookie;
 
-import java.io.Serializable;
+import static org.assertj.core.api.Assertions.assertThat;
 
 public class SavedCookieTests {
 
diff --git a/web/src/test/java/org/springframework/security/web/savedrequest/SavedRequestAwareWrapperTests.java b/web/src/test/java/org/springframework/security/web/savedrequest/SavedRequestAwareWrapperTests.java
index 95c27b05d4..86a28343f5 100644
--- a/web/src/test/java/org/springframework/security/web/savedrequest/SavedRequestAwareWrapperTests.java
+++ b/web/src/test/java/org/springframework/security/web/savedrequest/SavedRequestAwareWrapperTests.java
@@ -15,8 +15,6 @@
  */
 package org.springframework.security.web.savedrequest;
 
-import static org.assertj.core.api.Assertions.*;
-
 import java.text.SimpleDateFormat;
 import java.util.Date;
 import java.util.Enumeration;
@@ -25,11 +23,11 @@ import java.util.Locale;
 import javax.servlet.http.Cookie;
 
 import org.junit.Test;
+
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.security.web.PortResolverImpl;
-import org.springframework.security.web.savedrequest.FastHttpDateFormat;
-import org.springframework.security.web.savedrequest.DefaultSavedRequest;
-import org.springframework.security.web.savedrequest.SavedRequestAwareWrapper;
+
+import static org.assertj.core.api.Assertions.assertThat;
 
 public class SavedRequestAwareWrapperTests {
 
diff --git a/web/src/test/java/org/springframework/security/web/savedrequest/SimpleSavedRequestTests.java b/web/src/test/java/org/springframework/security/web/savedrequest/SimpleSavedRequestTests.java
index 95f5ee3985..6753ff5dc4 100644
--- a/web/src/test/java/org/springframework/security/web/savedrequest/SimpleSavedRequestTests.java
+++ b/web/src/test/java/org/springframework/security/web/savedrequest/SimpleSavedRequestTests.java
@@ -20,7 +20,9 @@ import java.util.Collections;
 import java.util.List;
 import java.util.Locale;
 import java.util.Map;
+
 import javax.servlet.http.Cookie;
+
 import org.junit.Test;
 
 import static org.assertj.core.api.Assertions.assertThat;
diff --git a/web/src/test/java/org/springframework/security/web/server/DefaultServerRedirectStrategyTests.java b/web/src/test/java/org/springframework/security/web/server/DefaultServerRedirectStrategyTests.java
index a74d731362..634f0704dc 100644
--- a/web/src/test/java/org/springframework/security/web/server/DefaultServerRedirectStrategyTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/DefaultServerRedirectStrategyTests.java
@@ -16,17 +16,18 @@
 
 package org.springframework.security.web.server;
 
+import java.net.URI;
+
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
+
 import org.springframework.http.HttpStatus;
 import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
 import org.springframework.mock.web.server.MockServerWebExchange;
 import org.springframework.web.server.ServerWebExchange;
 
-import java.net.URI;
-
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.Mockito.verifyZeroInteractions;
 
diff --git a/web/src/test/java/org/springframework/security/web/server/DelegatingServerAuthenticationEntryPointTests.java b/web/src/test/java/org/springframework/security/web/server/DelegatingServerAuthenticationEntryPointTests.java
index dc28edf932..ccd315867f 100644
--- a/web/src/test/java/org/springframework/security/web/server/DelegatingServerAuthenticationEntryPointTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/DelegatingServerAuthenticationEntryPointTests.java
@@ -20,20 +20,21 @@ import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
+import reactor.core.publisher.Mono;
+
 import org.springframework.http.HttpStatus;
 import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
 import org.springframework.mock.web.server.MockServerWebExchange;
 import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
 import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.server.DelegatingServerAuthenticationEntryPoint.DelegateEntry;
 import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher;
 import org.springframework.web.server.ServerWebExchange;
-import reactor.core.publisher.Mono;
 
-import static org.assertj.core.api.Assertions.*;
+import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.verifyZeroInteractions;
 import static org.mockito.Mockito.when;
-import static org.springframework.security.web.server.DelegatingServerAuthenticationEntryPoint.*;
 
 /**
  * @author Rob Winch
diff --git a/web/src/test/java/org/springframework/security/web/server/WebFilterChainProxyTests.java b/web/src/test/java/org/springframework/security/web/server/WebFilterChainProxyTests.java
index 1afad15692..45a66d8387 100644
--- a/web/src/test/java/org/springframework/security/web/server/WebFilterChainProxyTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/WebFilterChainProxyTests.java
@@ -16,7 +16,12 @@
 
 package org.springframework.security.web.server;
 
+import java.util.Arrays;
+import java.util.List;
+
 import org.junit.Test;
+import reactor.core.publisher.Mono;
+
 import org.springframework.http.HttpStatus;
 import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher;
 import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher.MatchResult;
@@ -24,10 +29,6 @@ import org.springframework.test.web.reactive.server.WebTestClient;
 import org.springframework.web.server.ServerWebExchange;
 import org.springframework.web.server.WebFilter;
 import org.springframework.web.server.WebFilterChain;
-import reactor.core.publisher.Mono;
-
-import java.util.Arrays;
-import java.util.List;
 
 /**
  * @author Rob Winch
diff --git a/web/src/test/java/org/springframework/security/web/server/WebFilterExchangeTests.java b/web/src/test/java/org/springframework/security/web/server/WebFilterExchangeTests.java
index 82a3bac64a..f5e67ca78c 100644
--- a/web/src/test/java/org/springframework/security/web/server/WebFilterExchangeTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/WebFilterExchangeTests.java
@@ -20,6 +20,7 @@ import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
+
 import org.springframework.web.server.ServerWebExchange;
 import org.springframework.web.server.WebFilterChain;
 
diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/AnonymousAuthenticationWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/AnonymousAuthenticationWebFilterTests.java
index e641312516..41c965d4f5 100644
--- a/web/src/test/java/org/springframework/security/web/server/authentication/AnonymousAuthenticationWebFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authentication/AnonymousAuthenticationWebFilterTests.java
@@ -21,18 +21,17 @@ import java.util.UUID;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.junit.MockitoJUnitRunner;
-
 import reactor.core.publisher.Mono;
 
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.ReactiveSecurityContextHolder;
 import org.springframework.security.core.context.SecurityContext;
+import org.springframework.security.test.web.reactive.server.WebTestClientBuilder;
 import org.springframework.test.web.reactive.server.WebTestClient;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 import org.springframework.web.server.ServerWebExchange;
-import org.springframework.security.test.web.reactive.server.WebTestClientBuilder;
 
 /**
  * @author Ankur Pathak
diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/AuthenticationWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/AuthenticationWebFilterTests.java
index ac761ef238..0850d3cdff 100644
--- a/web/src/test/java/org/springframework/security/web/server/authentication/AuthenticationWebFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authentication/AuthenticationWebFilterTests.java
@@ -36,8 +36,8 @@ import org.springframework.test.web.reactive.server.WebTestClient;
 import org.springframework.web.server.ServerWebExchange;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.Mockito.any;
-import static org.mockito.Mockito.eq;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.Mockito.never;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.verifyZeroInteractions;
diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/DelegatingServerAuthenticationSuccessHandlerTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/DelegatingServerAuthenticationSuccessHandlerTests.java
index c92a508d9c..fabf198d03 100644
--- a/web/src/test/java/org/springframework/security/web/server/authentication/DelegatingServerAuthenticationSuccessHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authentication/DelegatingServerAuthenticationSuccessHandlerTests.java
@@ -16,20 +16,21 @@
 
 package org.springframework.security.web.server.authentication;
 
+import java.time.Duration;
+import java.util.concurrent.CountDownLatch;
+import java.util.concurrent.TimeUnit;
+import java.util.concurrent.atomic.AtomicBoolean;
+
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.web.server.WebFilterExchange;
 import reactor.core.publisher.Mono;
 import reactor.test.publisher.PublisherProbe;
 
-import java.time.Duration;
-import java.util.concurrent.CountDownLatch;
-import java.util.concurrent.TimeUnit;
-import java.util.concurrent.atomic.AtomicBoolean;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.web.server.WebFilterExchange;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/HttpBasicServerAuthenticationEntryPointTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/HttpBasicServerAuthenticationEntryPointTests.java
index 456c39a1e9..b40e6b5d06 100644
--- a/web/src/test/java/org/springframework/security/web/server/authentication/HttpBasicServerAuthenticationEntryPointTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authentication/HttpBasicServerAuthenticationEntryPointTests.java
@@ -26,7 +26,6 @@ import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
 import org.springframework.mock.web.server.MockServerWebExchange;
 import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
 import org.springframework.security.core.AuthenticationException;
-import org.springframework.security.web.server.authentication.HttpBasicServerAuthenticationEntryPoint;
 import org.springframework.web.server.ServerWebExchange;
 
 import static org.assertj.core.api.Assertions.assertThat;
diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/HttpStatusServerEntryPointTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/HttpStatusServerEntryPointTests.java
index 14fdf1b987..4adcb4b705 100644
--- a/web/src/test/java/org/springframework/security/web/server/authentication/HttpStatusServerEntryPointTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authentication/HttpStatusServerEntryPointTests.java
@@ -16,8 +16,6 @@
 
 package org.springframework.security.web.server.authentication;
 
-import static org.assertj.core.api.Assertions.*;
-
 import org.junit.Before;
 import org.junit.Test;
 
@@ -26,6 +24,9 @@ import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
 import org.springframework.mock.web.server.MockServerWebExchange;
 import org.springframework.security.core.AuthenticationException;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+
 /**
  * @author Eric Deandrea
  * @since 5.1
diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/ReactivePreAuthenticatedAuthenticationManagerTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/ReactivePreAuthenticatedAuthenticationManagerTests.java
index 5970a16ba7..2c98b364ea 100644
--- a/web/src/test/java/org/springframework/security/web/server/authentication/ReactivePreAuthenticatedAuthenticationManagerTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authentication/ReactivePreAuthenticatedAuthenticationManagerTests.java
@@ -16,7 +16,11 @@
 
 package org.springframework.security.web.server.authentication;
 
+import java.util.Collections;
+
 import org.junit.Test;
+import reactor.core.publisher.Mono;
+
 import org.springframework.security.authentication.AccountExpiredException;
 import org.springframework.security.authentication.CredentialsExpiredException;
 import org.springframework.security.authentication.DisabledException;
@@ -26,9 +30,6 @@ import org.springframework.security.core.userdetails.ReactiveUserDetailsService;
 import org.springframework.security.core.userdetails.User;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
-import reactor.core.publisher.Mono;
-
-import java.util.Collections;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.anyString;
diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationEntryPointTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationEntryPointTests.java
index ef13a1a0ee..6630efac28 100644
--- a/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationEntryPointTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationEntryPointTests.java
@@ -20,6 +20,7 @@ import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
+import reactor.test.publisher.PublisherProbe;
 
 import org.springframework.http.HttpStatus;
 import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
@@ -28,7 +29,6 @@ import org.springframework.security.authentication.AuthenticationCredentialsNotF
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.web.server.ServerRedirectStrategy;
 import org.springframework.web.server.ServerWebExchange;
-import reactor.test.publisher.PublisherProbe;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationFailureHandlerTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationFailureHandlerTests.java
index 2d022b5b16..9f884fb884 100644
--- a/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationFailureHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationFailureHandlerTests.java
@@ -20,6 +20,9 @@ import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
+import reactor.core.publisher.Mono;
+import reactor.test.publisher.PublisherProbe;
+
 import org.springframework.http.HttpStatus;
 import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
 import org.springframework.mock.web.server.MockServerWebExchange;
@@ -28,8 +31,6 @@ import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.web.server.ServerRedirectStrategy;
 import org.springframework.security.web.server.WebFilterExchange;
 import org.springframework.web.server.handler.DefaultWebFilterChain;
-import reactor.core.publisher.Mono;
-import reactor.test.publisher.PublisherProbe;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationSuccessHandlerTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationSuccessHandlerTests.java
index a75bb557be..178a18eae8 100644
--- a/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationSuccessHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationSuccessHandlerTests.java
@@ -16,10 +16,14 @@
 
 package org.springframework.security.web.server.authentication;
 
+import java.net.URI;
+
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
+import reactor.test.publisher.PublisherProbe;
+
 import org.springframework.http.HttpStatus;
 import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
 import org.springframework.mock.web.server.MockServerWebExchange;
@@ -28,9 +32,6 @@ import org.springframework.security.web.server.ServerRedirectStrategy;
 import org.springframework.security.web.server.WebFilterExchange;
 import org.springframework.web.server.ServerWebExchange;
 import org.springframework.web.server.WebFilterChain;
-import reactor.test.publisher.PublisherProbe;
-
-import java.net.URI;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/ServerFormLoginAuthenticationConverterTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/ServerFormLoginAuthenticationConverterTests.java
index 4d948e5fc9..623d772621 100644
--- a/web/src/test/java/org/springframework/security/web/server/authentication/ServerFormLoginAuthenticationConverterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authentication/ServerFormLoginAuthenticationConverterTests.java
@@ -21,11 +21,12 @@ import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
+import reactor.core.publisher.Mono;
+
 import org.springframework.security.core.Authentication;
 import org.springframework.util.LinkedMultiValueMap;
 import org.springframework.util.MultiValueMap;
 import org.springframework.web.server.ServerWebExchange;
-import reactor.core.publisher.Mono;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.Mockito.when;
diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/ServerX509AuthenticationConverterTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/ServerX509AuthenticationConverterTests.java
index fc91edf0f5..291d164514 100644
--- a/web/src/test/java/org/springframework/security/web/server/authentication/ServerX509AuthenticationConverterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authentication/ServerX509AuthenticationConverterTests.java
@@ -16,12 +16,15 @@
 
 package org.springframework.security.web.server.authentication;
 
+import java.security.cert.X509Certificate;
+
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.InjectMocks;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
+
 import org.springframework.http.server.reactive.SslInfo;
 import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
 import org.springframework.mock.web.server.MockServerWebExchange;
@@ -29,8 +32,6 @@ import org.springframework.security.core.Authentication;
 import org.springframework.security.web.authentication.preauth.x509.X509PrincipalExtractor;
 import org.springframework.security.web.authentication.preauth.x509.X509TestUtils;
 
-import java.security.cert.X509Certificate;
-
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.when;
diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/SwitchUserWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/SwitchUserWebFilterTests.java
index 369c1dc916..8c19a1ba59 100644
--- a/web/src/test/java/org/springframework/security/web/server/authentication/SwitchUserWebFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authentication/SwitchUserWebFilterTests.java
@@ -16,6 +16,9 @@
 
 package org.springframework.security.web.server.authentication;
 
+import java.security.Principal;
+import java.util.Collections;
+
 import org.junit.Before;
 import org.junit.Rule;
 import org.junit.Test;
@@ -24,6 +27,8 @@ import org.junit.runner.RunWith;
 import org.mockito.ArgumentCaptor;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
+import reactor.core.publisher.Mono;
+
 import org.springframework.http.HttpMethod;
 import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
 import org.springframework.mock.web.server.MockServerWebExchange;
@@ -47,16 +52,18 @@ import org.springframework.security.web.server.util.matcher.ServerWebExchangeMat
 import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers;
 import org.springframework.test.util.ReflectionTestUtils;
 import org.springframework.web.server.WebFilterChain;
-import reactor.core.publisher.Mono;
-
-import java.security.Principal;
-import java.util.Collections;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.junit.Assert.*;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertSame;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
-import static org.mockito.Mockito.*;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.verifyNoInteractions;
+import static org.mockito.Mockito.when;
 import static org.springframework.security.core.context.ReactiveSecurityContextHolder.withSecurityContext;
 import static org.springframework.security.web.server.authentication.SwitchUserWebFilter.ROLE_PREVIOUS_ADMINISTRATOR;
 
diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/logout/DelegatingServerLogoutHandlerTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/logout/DelegatingServerLogoutHandlerTests.java
index 0bb9cae3e0..1d0b697926 100644
--- a/web/src/test/java/org/springframework/security/web/server/authentication/logout/DelegatingServerLogoutHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authentication/logout/DelegatingServerLogoutHandlerTests.java
@@ -16,27 +16,27 @@
 
 package org.springframework.security.web.server.authentication.logout;
 
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
-import static org.mockito.Mockito.*;
+import java.time.Duration;
+import java.util.List;
+import java.util.concurrent.CountDownLatch;
+import java.util.concurrent.TimeUnit;
+import java.util.concurrent.atomic.AtomicBoolean;
 
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
+import reactor.core.publisher.Mono;
+import reactor.test.publisher.PublisherProbe;
 
 import org.springframework.security.core.Authentication;
 import org.springframework.security.web.server.WebFilterExchange;
 
-import reactor.core.publisher.Mono;
-import reactor.test.publisher.PublisherProbe;
-
-import java.time.Duration;
-import java.util.List;
-import java.util.concurrent.CountDownLatch;
-import java.util.concurrent.TimeUnit;
-import java.util.concurrent.atomic.AtomicBoolean;
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.when;
 
 /**
  * @author Eric Deandrea
diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/logout/HeaderWriterServerLogoutHandlerTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/logout/HeaderWriterServerLogoutHandlerTests.java
index 0e952c9ca6..0989750a2f 100644
--- a/web/src/test/java/org/springframework/security/web/server/authentication/logout/HeaderWriterServerLogoutHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authentication/logout/HeaderWriterServerLogoutHandlerTests.java
@@ -15,13 +15,13 @@
  */
 package org.springframework.security.web.server.authentication.logout;
 
+import org.junit.Test;
+
 import org.springframework.security.core.Authentication;
 import org.springframework.security.web.server.WebFilterExchange;
 import org.springframework.security.web.server.header.ServerHttpHeadersWriter;
 import org.springframework.web.server.ServerWebExchange;
 
-import org.junit.Test;
-
 import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/logout/HttpStatusReturningServerLogoutSuccessHandlerTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/logout/HttpStatusReturningServerLogoutSuccessHandlerTests.java
index ca7582f312..09065c9dd7 100644
--- a/web/src/test/java/org/springframework/security/web/server/authentication/logout/HttpStatusReturningServerLogoutSuccessHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authentication/logout/HttpStatusReturningServerLogoutSuccessHandlerTests.java
@@ -16,9 +16,6 @@
 
 package org.springframework.security.web.server.authentication.logout;
 
-import static org.assertj.core.api.Assertions.*;
-import static org.mockito.Mockito.mock;
-
 import org.junit.Test;
 
 import org.springframework.http.HttpStatus;
@@ -28,6 +25,10 @@ import org.springframework.security.core.Authentication;
 import org.springframework.security.web.server.WebFilterExchange;
 import org.springframework.web.server.WebFilterChain;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+import static org.mockito.Mockito.mock;
+
 /**
  * @author Eric Deandrea
  * @since 5.1
diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/logout/LogoutWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/logout/LogoutWebFilterTests.java
index 904a623a0f..69e63942f2 100644
--- a/web/src/test/java/org/springframework/security/web/server/authentication/logout/LogoutWebFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authentication/logout/LogoutWebFilterTests.java
@@ -16,8 +16,6 @@
 
 package org.springframework.security.web.server.authentication.logout;
 
-import static org.assertj.core.api.Assertions.assertThat;
-
 import java.util.Arrays;
 import java.util.Collection;
 import java.util.stream.Collectors;
@@ -29,6 +27,8 @@ import org.mockito.junit.MockitoJUnitRunner;
 
 import org.springframework.test.util.ReflectionTestUtils;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 /**
  * @author Eric Deandrea
  * @since 5.1
diff --git a/web/src/test/java/org/springframework/security/web/server/authorization/AuthorizationWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/authorization/AuthorizationWebFilterTests.java
index efe84ef5ad..1b4771e78f 100644
--- a/web/src/test/java/org/springframework/security/web/server/authorization/AuthorizationWebFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authorization/AuthorizationWebFilterTests.java
@@ -20,6 +20,10 @@ import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
+import reactor.core.publisher.Mono;
+import reactor.test.StepVerifier;
+import reactor.test.publisher.PublisherProbe;
+
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.authentication.TestingAuthenticationToken;
 import org.springframework.security.authorization.AuthorizationDecision;
@@ -28,9 +32,6 @@ import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.core.context.SecurityContextImpl;
 import org.springframework.web.server.ServerWebExchange;
 import org.springframework.web.server.WebFilterChain;
-import reactor.core.publisher.Mono;
-import reactor.test.StepVerifier;
-import reactor.test.publisher.PublisherProbe;
 
 import static org.mockito.Mockito.when;
 
diff --git a/web/src/test/java/org/springframework/security/web/server/authorization/DelegatingReactiveAuthorizationManagerTests.java b/web/src/test/java/org/springframework/security/web/server/authorization/DelegatingReactiveAuthorizationManagerTests.java
index 48e3e8bb39..b251073861 100644
--- a/web/src/test/java/org/springframework/security/web/server/authorization/DelegatingReactiveAuthorizationManagerTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authorization/DelegatingReactiveAuthorizationManagerTests.java
@@ -21,13 +21,14 @@ import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
+import reactor.core.publisher.Mono;
+
 import org.springframework.security.authorization.AuthorityReactiveAuthorizationManager;
 import org.springframework.security.authorization.AuthorizationDecision;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher;
 import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcherEntry;
 import org.springframework.web.server.ServerWebExchange;
-import reactor.core.publisher.Mono;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
diff --git a/web/src/test/java/org/springframework/security/web/server/authorization/ServerWebExchangeDelegatingServerAccessDeniedHandlerTests.java b/web/src/test/java/org/springframework/security/web/server/authorization/ServerWebExchangeDelegatingServerAccessDeniedHandlerTests.java
index 7089b4d6bb..4d5ae38707 100644
--- a/web/src/test/java/org/springframework/security/web/server/authorization/ServerWebExchangeDelegatingServerAccessDeniedHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authorization/ServerWebExchangeDelegatingServerAccessDeniedHandlerTests.java
@@ -23,6 +23,7 @@ import org.junit.Before;
 import org.junit.Test;
 import reactor.core.publisher.Mono;
 
+import org.springframework.security.web.server.authorization.ServerWebExchangeDelegatingServerAccessDeniedHandler.DelegateEntry;
 import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher;
 import org.springframework.web.server.ServerWebExchange;
 
@@ -30,7 +31,6 @@ import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.never;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.when;
-import static org.springframework.security.web.server.authorization.ServerWebExchangeDelegatingServerAccessDeniedHandler.DelegateEntry;
 import static org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher.MatchResult.match;
 import static org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher.MatchResult.notMatch;
 
diff --git a/web/src/test/java/org/springframework/security/web/server/context/NoOpServerSecurityContextRepositoryTests.java b/web/src/test/java/org/springframework/security/web/server/context/NoOpServerSecurityContextRepositoryTests.java
index 3f64204489..1c216cfcde 100644
--- a/web/src/test/java/org/springframework/security/web/server/context/NoOpServerSecurityContextRepositoryTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/context/NoOpServerSecurityContextRepositoryTests.java
@@ -17,13 +17,14 @@
 package org.springframework.security.web.server.context;
 
 import org.junit.Test;
+import reactor.core.publisher.Mono;
+import reactor.test.StepVerifier;
+
 import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
 import org.springframework.mock.web.server.MockServerWebExchange;
 import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.core.context.SecurityContextImpl;
 import org.springframework.web.server.ServerWebExchange;
-import reactor.core.publisher.Mono;
-import reactor.test.StepVerifier;
 
 /**
  * @author Rob Winch
diff --git a/web/src/test/java/org/springframework/security/web/server/context/ReactorContextWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/context/ReactorContextWebFilterTests.java
index 09d7c8a6d7..29b19d2654 100644
--- a/web/src/test/java/org/springframework/security/web/server/context/ReactorContextWebFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/context/ReactorContextWebFilterTests.java
@@ -21,6 +21,11 @@ import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
+import reactor.core.publisher.Mono;
+import reactor.test.StepVerifier;
+import reactor.test.publisher.TestPublisher;
+import reactor.util.context.Context;
+
 import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
 import org.springframework.mock.web.server.MockServerWebExchange;
 import org.springframework.security.core.Authentication;
@@ -31,13 +36,10 @@ import org.springframework.security.test.web.reactive.server.WebTestHandler;
 import org.springframework.web.server.WebFilter;
 import org.springframework.web.server.WebFilterChain;
 import org.springframework.web.server.handler.DefaultWebFilterChain;
-import reactor.core.publisher.Mono;
-import reactor.test.StepVerifier;
-import reactor.test.publisher.TestPublisher;
-import reactor.util.context.Context;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.Mockito.*;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.when;
 
 /**
  * @author Rob Winch
diff --git a/web/src/test/java/org/springframework/security/web/server/context/SecurityContextServerWebExchangeWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/context/SecurityContextServerWebExchangeWebFilterTests.java
index 7b1b7a74ea..ec72ed3591 100644
--- a/web/src/test/java/org/springframework/security/web/server/context/SecurityContextServerWebExchangeWebFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/context/SecurityContextServerWebExchangeWebFilterTests.java
@@ -17,6 +17,9 @@
 package org.springframework.security.web.server.context;
 
 import org.junit.Test;
+import reactor.core.publisher.Mono;
+import reactor.test.StepVerifier;
+
 import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
 import org.springframework.mock.web.server.MockServerWebExchange;
 import org.springframework.security.authentication.TestingAuthenticationToken;
@@ -24,8 +27,6 @@ import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.ReactiveSecurityContextHolder;
 import org.springframework.web.server.ServerWebExchange;
 import org.springframework.web.server.handler.DefaultWebFilterChain;
-import reactor.core.publisher.Mono;
-import reactor.test.StepVerifier;
 
 import static org.assertj.core.api.Assertions.assertThat;
 
diff --git a/web/src/test/java/org/springframework/security/web/server/context/WebSessionServerSecurityContextRepositoryTests.java b/web/src/test/java/org/springframework/security/web/server/context/WebSessionServerSecurityContextRepositoryTests.java
index 8336e89b46..1ecf1e7fdf 100644
--- a/web/src/test/java/org/springframework/security/web/server/context/WebSessionServerSecurityContextRepositoryTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/context/WebSessionServerSecurityContextRepositoryTests.java
@@ -17,13 +17,14 @@
 package org.springframework.security.web.server.context;
 
 import org.junit.Test;
+
 import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
 import org.springframework.mock.web.server.MockServerWebExchange;
 import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.core.context.SecurityContextImpl;
 import org.springframework.web.server.WebSession;
 
-import static org.assertj.core.api.Assertions.*;
+import static org.assertj.core.api.Assertions.assertThat;
 
 /**
  * @author Rob Winch
diff --git a/web/src/test/java/org/springframework/security/web/server/csrf/CsrfServerLogoutHandlerTests.java b/web/src/test/java/org/springframework/security/web/server/csrf/CsrfServerLogoutHandlerTests.java
index 03a975b4ff..0c7a38378e 100644
--- a/web/src/test/java/org/springframework/security/web/server/csrf/CsrfServerLogoutHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/csrf/CsrfServerLogoutHandlerTests.java
@@ -15,14 +15,12 @@
  */
 package org.springframework.security.web.server.csrf;
 
-import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
-import static org.mockito.Mockito.*;
-
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
+import reactor.core.publisher.Mono;
 
 import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
 import org.springframework.mock.web.server.MockServerWebExchange;
@@ -30,7 +28,9 @@ import org.springframework.security.authentication.TestingAuthenticationToken;
 import org.springframework.security.web.server.WebFilterExchange;
 import org.springframework.web.server.WebFilterChain;
 
-import reactor.core.publisher.Mono;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
 
 /**
  * @author Eric Deandrea
diff --git a/web/src/test/java/org/springframework/security/web/server/csrf/CsrfWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/csrf/CsrfWebFilterTests.java
index 5f846e2b99..4f440ff8bc 100644
--- a/web/src/test/java/org/springframework/security/web/server/csrf/CsrfWebFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/csrf/CsrfWebFilterTests.java
@@ -20,6 +20,9 @@ import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
+import reactor.core.publisher.Mono;
+import reactor.test.StepVerifier;
+import reactor.test.publisher.PublisherProbe;
 
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
@@ -33,10 +36,8 @@ import org.springframework.web.bind.annotation.RestController;
 import org.springframework.web.server.ServerWebExchange;
 import org.springframework.web.server.WebFilterChain;
 import org.springframework.web.server.WebSession;
-import reactor.core.publisher.Mono;
-import reactor.test.StepVerifier;
-import reactor.test.publisher.PublisherProbe;
 
+import static org.assertj.core.api.AssertionsForClassTypes.assertThat;
 import static org.assertj.core.api.AssertionsForInterfaceTypes.assertThat;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.mock;
diff --git a/web/src/test/java/org/springframework/security/web/server/csrf/WebSessionServerCsrfTokenRepositoryTests.java b/web/src/test/java/org/springframework/security/web/server/csrf/WebSessionServerCsrfTokenRepositoryTests.java
index 85e3e296df..12065047cd 100644
--- a/web/src/test/java/org/springframework/security/web/server/csrf/WebSessionServerCsrfTokenRepositoryTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/csrf/WebSessionServerCsrfTokenRepositoryTests.java
@@ -16,16 +16,17 @@
 
 package org.springframework.security.web.server.csrf;
 
+import java.util.Map;
+
 import org.junit.Test;
-import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
-import org.springframework.mock.web.server.MockServerWebExchange;
-import org.springframework.web.server.WebSession;
 import reactor.core.publisher.Mono;
 import reactor.test.StepVerifier;
 
-import java.util.Map;
+import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
+import org.springframework.mock.web.server.MockServerWebExchange;
+import org.springframework.web.server.WebSession;
 
-import static org.assertj.core.api.Assertions.*;
+import static org.assertj.core.api.Assertions.assertThat;
 
 /**
  * @author Rob Winch
diff --git a/web/src/test/java/org/springframework/security/web/server/header/CacheControlServerHttpHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/server/header/CacheControlServerHttpHeadersWriterTests.java
index 954897dd6f..e19fcf4a43 100644
--- a/web/src/test/java/org/springframework/security/web/server/header/CacheControlServerHttpHeadersWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/header/CacheControlServerHttpHeadersWriterTests.java
@@ -15,15 +15,16 @@
  */
 package org.springframework.security.web.server.header;
 
-import static org.assertj.core.api.Assertions.assertThat;
-
 import org.junit.Test;
+
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpStatus;
 import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
 import org.springframework.mock.web.server.MockServerWebExchange;
 import org.springframework.web.server.ServerWebExchange;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 /**
  * @author Rob Winch
  * @since 5.0
diff --git a/web/src/test/java/org/springframework/security/web/server/header/ClearSiteDataServerHttpHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/server/header/ClearSiteDataServerHttpHeadersWriterTests.java
index 58f3e6901c..9dbadbdd71 100644
--- a/web/src/test/java/org/springframework/security/web/server/header/ClearSiteDataServerHttpHeadersWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/header/ClearSiteDataServerHttpHeadersWriterTests.java
@@ -15,6 +15,13 @@
  */
 package org.springframework.security.web.server.header;
 
+import java.util.List;
+import java.util.stream.Collectors;
+import java.util.stream.Stream;
+
+import org.assertj.core.api.AbstractAssert;
+import org.junit.Test;
+
 import org.springframework.http.server.reactive.ServerHttpResponse;
 import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
 import org.springframework.mock.web.server.MockServerWebExchange;
@@ -22,13 +29,6 @@ import org.springframework.security.web.server.header.ClearSiteDataServerHttpHea
 import org.springframework.util.CollectionUtils;
 import org.springframework.web.server.ServerWebExchange;
 
-import org.assertj.core.api.AbstractAssert;
-import org.junit.Test;
-
-import java.util.List;
-import java.util.stream.Collectors;
-import java.util.stream.Stream;
-
 import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 
 /**
diff --git a/web/src/test/java/org/springframework/security/web/server/header/CompositeServerHttpHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/server/header/CompositeServerHttpHeadersWriterTests.java
index 84f906d8c6..eecedea166 100644
--- a/web/src/test/java/org/springframework/security/web/server/header/CompositeServerHttpHeadersWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/header/CompositeServerHttpHeadersWriterTests.java
@@ -15,23 +15,24 @@
  */
 package org.springframework.security.web.server.header;
 
-import org.junit.Before;
-import org.junit.Test;
-import org.junit.runner.RunWith;
-import org.mockito.Mock;
-import org.mockito.junit.MockitoJUnitRunner;
-import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
-import org.springframework.mock.web.server.MockServerWebExchange;
-import org.springframework.web.server.ServerWebExchange;
-import reactor.core.publisher.Mono;
-import reactor.test.StepVerifier;
-
 import java.time.Duration;
 import java.util.Arrays;
 import java.util.concurrent.CountDownLatch;
 import java.util.concurrent.TimeUnit;
 import java.util.concurrent.atomic.AtomicBoolean;
 
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.Mock;
+import org.mockito.junit.MockitoJUnitRunner;
+import reactor.core.publisher.Mono;
+import reactor.test.StepVerifier;
+
+import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
+import org.springframework.mock.web.server.MockServerWebExchange;
+import org.springframework.web.server.ServerWebExchange;
+
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.when;
diff --git a/web/src/test/java/org/springframework/security/web/server/header/HttpHeaderWriterWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/header/HttpHeaderWriterWebFilterTests.java
index 5dda17defd..3a0c499179 100644
--- a/web/src/test/java/org/springframework/security/web/server/header/HttpHeaderWriterWebFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/header/HttpHeaderWriterWebFilterTests.java
@@ -15,23 +15,23 @@
  */
 package org.springframework.security.web.server.header;
 
-import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.Mockito.never;
-import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
-
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
+import reactor.core.publisher.Mono;
+
 import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
+import org.springframework.security.test.web.reactive.server.WebTestClientBuilder;
 import org.springframework.security.test.web.reactive.server.WebTestHandler;
 import org.springframework.security.test.web.reactive.server.WebTestHandler.WebHandlerResult;
-import org.springframework.security.test.web.reactive.server.WebTestClientBuilder;
 import org.springframework.test.web.reactive.server.WebTestClient;
 
-import reactor.core.publisher.Mono;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.never;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
 
 /**
  * @author Rob Winch
diff --git a/web/src/test/java/org/springframework/security/web/server/header/StaticServerHttpHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/server/header/StaticServerHttpHeadersWriterTests.java
index 07da0c6968..ea763b9d3d 100644
--- a/web/src/test/java/org/springframework/security/web/server/header/StaticServerHttpHeadersWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/header/StaticServerHttpHeadersWriterTests.java
@@ -15,14 +15,15 @@
  */
 package org.springframework.security.web.server.header;
 
-import static org.assertj.core.api.Assertions.assertThat;
-
 import org.junit.Test;
+
 import org.springframework.http.HttpHeaders;
 import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
 import org.springframework.mock.web.server.MockServerWebExchange;
 import org.springframework.web.server.ServerWebExchange;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 /**
  * @author Rob Winch
  * @since 5.0
diff --git a/web/src/test/java/org/springframework/security/web/server/header/StrictTransportSecurityServerHttpHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/server/header/StrictTransportSecurityServerHttpHeadersWriterTests.java
index 3dd3837d2c..afab695569 100644
--- a/web/src/test/java/org/springframework/security/web/server/header/StrictTransportSecurityServerHttpHeadersWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/header/StrictTransportSecurityServerHttpHeadersWriterTests.java
@@ -15,17 +15,18 @@
  */
 package org.springframework.security.web.server.header;
 
-import static org.assertj.core.api.Assertions.assertThat;
-
 import java.time.Duration;
 import java.util.Arrays;
 
 import org.junit.Test;
+
 import org.springframework.http.HttpHeaders;
 import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
 import org.springframework.mock.web.server.MockServerWebExchange;
 import org.springframework.web.server.ServerWebExchange;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 /**
  * @author Rob Winch
  * @since 5.0
diff --git a/web/src/test/java/org/springframework/security/web/server/header/XContentTypeOptionsServerHttpHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/server/header/XContentTypeOptionsServerHttpHeadersWriterTests.java
index 6d55368ded..4ad324becf 100644
--- a/web/src/test/java/org/springframework/security/web/server/header/XContentTypeOptionsServerHttpHeadersWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/header/XContentTypeOptionsServerHttpHeadersWriterTests.java
@@ -15,14 +15,15 @@
  */
 package org.springframework.security.web.server.header;
 
-import static org.assertj.core.api.Assertions.assertThat;
-
 import org.junit.Test;
+
 import org.springframework.http.HttpHeaders;
 import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
 import org.springframework.mock.web.server.MockServerWebExchange;
 import org.springframework.web.server.ServerWebExchange;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 /**
  * @author Rob Winch
  * @since 5.0
diff --git a/web/src/test/java/org/springframework/security/web/server/header/XFrameOptionsServerHttpHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/server/header/XFrameOptionsServerHttpHeadersWriterTests.java
index 5a14f035e9..6df82302a2 100644
--- a/web/src/test/java/org/springframework/security/web/server/header/XFrameOptionsServerHttpHeadersWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/header/XFrameOptionsServerHttpHeadersWriterTests.java
@@ -15,15 +15,16 @@
  */
 package org.springframework.security.web.server.header;
 
-import static org.assertj.core.api.Assertions.assertThat;
-
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.http.HttpHeaders;
 import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
 import org.springframework.mock.web.server.MockServerWebExchange;
 import org.springframework.web.server.ServerWebExchange;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 /**
  * @author Rob Winch
  * @since 5.0
diff --git a/web/src/test/java/org/springframework/security/web/server/header/XXssProtectionServerHttpHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/server/header/XXssProtectionServerHttpHeadersWriterTests.java
index bdab85dd4c..3ed9201e4b 100644
--- a/web/src/test/java/org/springframework/security/web/server/header/XXssProtectionServerHttpHeadersWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/header/XXssProtectionServerHttpHeadersWriterTests.java
@@ -15,14 +15,15 @@
  */
 package org.springframework.security.web.server.header;
 
-import static org.assertj.core.api.Assertions.assertThat;
-
 import org.junit.Test;
+
 import org.springframework.http.HttpHeaders;
 import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
 import org.springframework.mock.web.server.MockServerWebExchange;
 import org.springframework.web.server.ServerWebExchange;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 /**
  * @author Rob Winch
  * @since 5.0
diff --git a/web/src/test/java/org/springframework/security/web/server/jackson2/DefaultCsrfServerTokenMixinTests.java b/web/src/test/java/org/springframework/security/web/server/jackson2/DefaultCsrfServerTokenMixinTests.java
index e45155428e..7b6ad834ec 100644
--- a/web/src/test/java/org/springframework/security/web/server/jackson2/DefaultCsrfServerTokenMixinTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/jackson2/DefaultCsrfServerTokenMixinTests.java
@@ -16,16 +16,17 @@
 
 package org.springframework.security.web.server.jackson2;
 
+import java.io.IOException;
+
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.JsonMappingException;
 import org.json.JSONException;
 import org.junit.Test;
 import org.skyscreamer.jsonassert.JSONAssert;
+
 import org.springframework.security.web.jackson2.AbstractMixinTests;
 import org.springframework.security.web.server.csrf.DefaultCsrfToken;
 
-import java.io.IOException;
-
 import static org.assertj.core.api.Assertions.assertThat;
 
 /**
diff --git a/web/src/test/java/org/springframework/security/web/server/savedrequest/CookieServerRequestCacheTests.java b/web/src/test/java/org/springframework/security/web/server/savedrequest/CookieServerRequestCacheTests.java
index e78bde705a..d9295ab015 100644
--- a/web/src/test/java/org/springframework/security/web/server/savedrequest/CookieServerRequestCacheTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/savedrequest/CookieServerRequestCacheTests.java
@@ -16,7 +16,11 @@
 
 package org.springframework.security.web.server.savedrequest;
 
+import java.net.URI;
+import java.util.Base64;
+
 import org.junit.Test;
+
 import org.springframework.http.HttpCookie;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseCookie;
@@ -25,9 +29,6 @@ import org.springframework.mock.web.server.MockServerWebExchange;
 import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher;
 import org.springframework.util.MultiValueMap;
 
-import java.net.URI;
-import java.util.Base64;
-
 import static org.assertj.core.api.Assertions.assertThat;
 
 /**
diff --git a/web/src/test/java/org/springframework/security/web/server/savedrequest/ServerRequestCacheWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/savedrequest/ServerRequestCacheWebFilterTests.java
index c67896f152..e8fc9c970e 100644
--- a/web/src/test/java/org/springframework/security/web/server/savedrequest/ServerRequestCacheWebFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/savedrequest/ServerRequestCacheWebFilterTests.java
@@ -23,6 +23,8 @@ import org.mockito.ArgumentCaptor;
 import org.mockito.Captor;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
+import reactor.core.publisher.Mono;
+
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.MediaType;
 import org.springframework.http.server.reactive.ServerHttpRequest;
@@ -30,7 +32,6 @@ import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
 import org.springframework.mock.web.server.MockServerWebExchange;
 import org.springframework.web.server.ServerWebExchange;
 import org.springframework.web.server.WebFilterChain;
-import reactor.core.publisher.Mono;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
diff --git a/web/src/test/java/org/springframework/security/web/server/savedrequest/WebSessionServerRequestCacheTests.java b/web/src/test/java/org/springframework/security/web/server/savedrequest/WebSessionServerRequestCacheTests.java
index b300390cef..d3b4267df5 100644
--- a/web/src/test/java/org/springframework/security/web/server/savedrequest/WebSessionServerRequestCacheTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/savedrequest/WebSessionServerRequestCacheTests.java
@@ -16,16 +16,17 @@
 
 package org.springframework.security.web.server.savedrequest;
 
+import java.net.URI;
+
 import org.junit.Test;
+
 import org.springframework.http.MediaType;
 import org.springframework.http.server.reactive.ServerHttpRequest;
 import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
 import org.springframework.mock.web.server.MockServerWebExchange;
 import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher;
 
-import java.net.URI;
-
-import static org.assertj.core.api.Assertions.*;
+import static org.assertj.core.api.Assertions.assertThat;
 
 /**
  * @author Rob Winch
diff --git a/web/src/test/java/org/springframework/security/web/server/ui/LoginPageGeneratingWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/ui/LoginPageGeneratingWebFilterTests.java
index cd837d12eb..2735794b47 100644
--- a/web/src/test/java/org/springframework/security/web/server/ui/LoginPageGeneratingWebFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/ui/LoginPageGeneratingWebFilterTests.java
@@ -17,9 +17,10 @@
 package org.springframework.security.web.server.ui;
 
 import org.junit.Test;
+import reactor.core.publisher.Mono;
+
 import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
 import org.springframework.mock.web.server.MockServerWebExchange;
-import reactor.core.publisher.Mono;
 
 import static org.assertj.core.api.Assertions.assertThat;
 
diff --git a/web/src/test/java/org/springframework/security/web/server/util/matcher/AndServerWebExchangeMatcherTests.java b/web/src/test/java/org/springframework/security/web/server/util/matcher/AndServerWebExchangeMatcherTests.java
index 08962aed37..329c77e221 100644
--- a/web/src/test/java/org/springframework/security/web/server/util/matcher/AndServerWebExchangeMatcherTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/util/matcher/AndServerWebExchangeMatcherTests.java
@@ -16,15 +16,16 @@
 
 package org.springframework.security.web.server.util.matcher;
 
+import java.util.Collections;
+import java.util.Map;
+
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
-import org.springframework.web.server.ServerWebExchange;
 
-import java.util.Collections;
-import java.util.Map;
+import org.springframework.web.server.ServerWebExchange;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.Mockito.never;
diff --git a/web/src/test/java/org/springframework/security/web/server/util/matcher/NegatedServerWebExchangeMatcherTests.java b/web/src/test/java/org/springframework/security/web/server/util/matcher/NegatedServerWebExchangeMatcherTests.java
index 8472deec8c..b1a2bc0c06 100644
--- a/web/src/test/java/org/springframework/security/web/server/util/matcher/NegatedServerWebExchangeMatcherTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/util/matcher/NegatedServerWebExchangeMatcherTests.java
@@ -21,6 +21,7 @@ import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
+
 import org.springframework.web.server.ServerWebExchange;
 
 import static org.assertj.core.api.Assertions.assertThat;
diff --git a/web/src/test/java/org/springframework/security/web/server/util/matcher/OrServerWebExchangeMatcherTests.java b/web/src/test/java/org/springframework/security/web/server/util/matcher/OrServerWebExchangeMatcherTests.java
index 474befda73..3024aa8be9 100644
--- a/web/src/test/java/org/springframework/security/web/server/util/matcher/OrServerWebExchangeMatcherTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/util/matcher/OrServerWebExchangeMatcherTests.java
@@ -16,15 +16,16 @@
 
 package org.springframework.security.web.server.util.matcher;
 
+import java.util.Collections;
+import java.util.Map;
+
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
-import org.springframework.web.server.ServerWebExchange;
 
-import java.util.Collections;
-import java.util.Map;
+import org.springframework.web.server.ServerWebExchange;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.Mockito.never;
diff --git a/web/src/test/java/org/springframework/security/web/server/util/matcher/PathMatcherServerWebExchangeMatcherTests.java b/web/src/test/java/org/springframework/security/web/server/util/matcher/PathMatcherServerWebExchangeMatcherTests.java
index 643642ce5e..e953a07c87 100644
--- a/web/src/test/java/org/springframework/security/web/server/util/matcher/PathMatcherServerWebExchangeMatcherTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/util/matcher/PathMatcherServerWebExchangeMatcherTests.java
@@ -15,11 +15,14 @@
  */
 package org.springframework.security.web.server.util.matcher;
 
+import java.util.HashMap;
+
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
+
 import org.springframework.http.HttpMethod;
 import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
 import org.springframework.mock.http.server.reactive.MockServerHttpResponse;
@@ -27,8 +30,6 @@ import org.springframework.mock.web.server.MockServerWebExchange;
 import org.springframework.web.server.session.DefaultWebSessionManager;
 import org.springframework.web.util.pattern.PathPattern;
 
-import java.util.HashMap;
-
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.verifyZeroInteractions;
diff --git a/web/src/test/java/org/springframework/security/web/server/util/matcher/ServerWebExchangeMatchersTests.java b/web/src/test/java/org/springframework/security/web/server/util/matcher/ServerWebExchangeMatchersTests.java
index 2259b222cc..6bc4010405 100644
--- a/web/src/test/java/org/springframework/security/web/server/util/matcher/ServerWebExchangeMatchersTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/util/matcher/ServerWebExchangeMatchersTests.java
@@ -17,16 +17,17 @@
 package org.springframework.security.web.server.util.matcher;
 
 import org.junit.Test;
+
 import org.springframework.http.HttpMethod;
 import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
 import org.springframework.mock.web.server.MockServerWebExchange;
 import org.springframework.web.server.ServerWebExchange;
 
-import static org.assertj.core.api.Assertions.*;
+import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verifyZeroInteractions;
-import static org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers.pathMatchers;
 import static org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers.anyExchange;
+import static org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers.pathMatchers;
 
 /**
  * @author Rob Winch
diff --git a/web/src/test/java/org/springframework/security/web/servlet/support/csrf/CsrfRequestDataValueProcessorTests.java b/web/src/test/java/org/springframework/security/web/servlet/support/csrf/CsrfRequestDataValueProcessorTests.java
index aee1a59306..661dae27fa 100644
--- a/web/src/test/java/org/springframework/security/web/servlet/support/csrf/CsrfRequestDataValueProcessorTests.java
+++ b/web/src/test/java/org/springframework/security/web/servlet/support/csrf/CsrfRequestDataValueProcessorTests.java
@@ -15,20 +15,21 @@
  */
 package org.springframework.security.web.servlet.support.csrf;
 
-import static org.assertj.core.api.Assertions.assertThat;
-
 import java.lang.reflect.Method;
 import java.util.HashMap;
 import java.util.Map;
 
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.security.web.csrf.CsrfToken;
 import org.springframework.security.web.csrf.DefaultCsrfToken;
 import org.springframework.util.ReflectionUtils;
 import org.springframework.web.servlet.support.RequestDataValueProcessor;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 /**
  * @author Rob Winch
  *
diff --git a/web/src/test/java/org/springframework/security/web/session/DefaultSessionAuthenticationStrategyTests.java b/web/src/test/java/org/springframework/security/web/session/DefaultSessionAuthenticationStrategyTests.java
index 9a9f81c63b..6754bc5701 100644
--- a/web/src/test/java/org/springframework/security/web/session/DefaultSessionAuthenticationStrategyTests.java
+++ b/web/src/test/java/org/springframework/security/web/session/DefaultSessionAuthenticationStrategyTests.java
@@ -16,14 +16,12 @@
 
 package org.springframework.security.web.session;
 
-import static org.assertj.core.api.Assertions.*;
-import static org.mockito.Mockito.*;
-
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpSession;
 
 import org.junit.Test;
 import org.mockito.ArgumentCaptor;
+
 import org.springframework.context.ApplicationEvent;
 import org.springframework.context.ApplicationEventPublisher;
 import org.springframework.mock.web.MockHttpServletRequest;
@@ -32,6 +30,10 @@ import org.springframework.security.core.Authentication;
 import org.springframework.security.web.authentication.session.SessionFixationProtectionEvent;
 import org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+
 /**
  * @author Luke Taylor
  */
diff --git a/web/src/test/java/org/springframework/security/web/session/HttpSessionDestroyedEventTests.java b/web/src/test/java/org/springframework/security/web/session/HttpSessionDestroyedEventTests.java
index 5804fe9213..091a04db38 100644
--- a/web/src/test/java/org/springframework/security/web/session/HttpSessionDestroyedEventTests.java
+++ b/web/src/test/java/org/springframework/security/web/session/HttpSessionDestroyedEventTests.java
@@ -15,17 +15,18 @@
  */
 package org.springframework.security.web.session;
 
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.Mockito.mock;
-
 import java.util.List;
 
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.mock.web.MockHttpSession;
 import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.core.context.SecurityContextImpl;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.Mockito.mock;
+
 /**
  * @author Rob Winch
  *
diff --git a/web/src/test/java/org/springframework/security/web/session/HttpSessionEventPublisherTests.java b/web/src/test/java/org/springframework/security/web/session/HttpSessionEventPublisherTests.java
index 4f577f9d36..09aff5b751 100644
--- a/web/src/test/java/org/springframework/security/web/session/HttpSessionEventPublisherTests.java
+++ b/web/src/test/java/org/springframework/security/web/session/HttpSessionEventPublisherTests.java
@@ -16,16 +16,16 @@
 
 package org.springframework.security.web.session;
 
-import static org.assertj.core.api.Assertions.*;
-
 import javax.servlet.http.HttpSessionEvent;
 
 import org.junit.Test;
+
 import org.springframework.mock.web.MockHttpSession;
 import org.springframework.mock.web.MockServletContext;
-import org.springframework.security.web.session.HttpSessionEventPublisher;
 import org.springframework.web.context.support.StaticWebApplicationContext;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 /**
  * The HttpSessionEventPublisher tests
  *
diff --git a/web/src/test/java/org/springframework/security/web/session/MockApplicationListener.java b/web/src/test/java/org/springframework/security/web/session/MockApplicationListener.java
index 2996f80ee0..ba7fa20817 100644
--- a/web/src/test/java/org/springframework/security/web/session/MockApplicationListener.java
+++ b/web/src/test/java/org/springframework/security/web/session/MockApplicationListener.java
@@ -18,8 +18,6 @@ package org.springframework.security.web.session;
 
 import org.springframework.context.ApplicationEvent;
 import org.springframework.context.ApplicationListener;
-import org.springframework.security.web.session.HttpSessionCreatedEvent;
-import org.springframework.security.web.session.HttpSessionDestroyedEvent;
 
 /**
  * Listener for tests
diff --git a/web/src/test/java/org/springframework/security/web/session/SessionManagementFilterTests.java b/web/src/test/java/org/springframework/security/web/session/SessionManagementFilterTests.java
index 0ea3a7b883..aaca1c9f64 100644
--- a/web/src/test/java/org/springframework/security/web/session/SessionManagementFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/session/SessionManagementFilterTests.java
@@ -15,15 +15,13 @@
  */
 package org.springframework.security.web.session;
 
-import static org.assertj.core.api.Assertions.*;
-import static org.mockito.Mockito.*;
-
 import javax.servlet.FilterChain;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import org.junit.After;
 import org.junit.Test;
+
 import org.springframework.mock.web.MockFilterChain;
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
@@ -36,6 +34,15 @@ import org.springframework.security.web.authentication.session.SessionAuthentica
 import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
 import org.springframework.security.web.context.SecurityContextRepository;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.doThrow;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.verifyNoMoreInteractions;
+import static org.mockito.Mockito.verifyZeroInteractions;
+import static org.mockito.Mockito.when;
+
 /**
  * @author Luke Taylor
  * @author Rob Winch
diff --git a/web/src/test/java/org/springframework/security/web/util/OnCommittedResponseWrapperTests.java b/web/src/test/java/org/springframework/security/web/util/OnCommittedResponseWrapperTests.java
index 2b075bc06c..1e7ff849b9 100644
--- a/web/src/test/java/org/springframework/security/web/util/OnCommittedResponseWrapperTests.java
+++ b/web/src/test/java/org/springframework/security/web/util/OnCommittedResponseWrapperTests.java
@@ -19,17 +19,15 @@ import java.io.IOException;
 import java.io.PrintWriter;
 import java.util.Locale;
 
+import javax.servlet.ServletOutputStream;
+import javax.servlet.http.HttpServletResponse;
+
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
 
-import org.springframework.security.web.util.OnCommittedResponseWrapper;
-
-import javax.servlet.ServletOutputStream;
-import javax.servlet.http.HttpServletResponse;
-
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.when;
diff --git a/web/src/test/java/org/springframework/security/web/util/TextEscapeUtilsTests.java b/web/src/test/java/org/springframework/security/web/util/TextEscapeUtilsTests.java
index 43be56ebd5..90f6dcd4d7 100644
--- a/web/src/test/java/org/springframework/security/web/util/TextEscapeUtilsTests.java
+++ b/web/src/test/java/org/springframework/security/web/util/TextEscapeUtilsTests.java
@@ -15,10 +15,9 @@
  */
 package org.springframework.security.web.util;
 
-import static org.assertj.core.api.Assertions.*;
-
 import org.junit.Test;
-import org.springframework.security.web.util.TextEscapeUtils;
+
+import static org.assertj.core.api.Assertions.assertThat;
 
 public class TextEscapeUtilsTests {
 
diff --git a/web/src/test/java/org/springframework/security/web/util/ThrowableAnalyzerTests.java b/web/src/test/java/org/springframework/security/web/util/ThrowableAnalyzerTests.java
index 6003031b44..10aa4a20f3 100644
--- a/web/src/test/java/org/springframework/security/web/util/ThrowableAnalyzerTests.java
+++ b/web/src/test/java/org/springframework/security/web/util/ThrowableAnalyzerTests.java
@@ -15,14 +15,14 @@
  */
 package org.springframework.security.web.util;
 
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.fail;
-
 import java.lang.reflect.InvocationTargetException;
 
 import org.junit.Before;
 import org.junit.Test;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.fail;
+
 /**
  * Test cases for {@link ThrowableAnalyzer}.
  *
diff --git a/web/src/test/java/org/springframework/security/web/util/UrlUtilsTests.java b/web/src/test/java/org/springframework/security/web/util/UrlUtilsTests.java
index fb7980f138..a5a9313a2a 100644
--- a/web/src/test/java/org/springframework/security/web/util/UrlUtilsTests.java
+++ b/web/src/test/java/org/springframework/security/web/util/UrlUtilsTests.java
@@ -15,10 +15,10 @@
  */
 package org.springframework.security.web.util;
 
-import static org.assertj.core.api.Assertions.*;
-
 import org.junit.Test;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 /**
  * @author Luke Taylor
  */
diff --git a/web/src/test/java/org/springframework/security/web/util/matcher/AndRequestMatcherTests.java b/web/src/test/java/org/springframework/security/web/util/matcher/AndRequestMatcherTests.java
index fd6492b4b0..cb4e373b5f 100644
--- a/web/src/test/java/org/springframework/security/web/util/matcher/AndRequestMatcherTests.java
+++ b/web/src/test/java/org/springframework/security/web/util/matcher/AndRequestMatcherTests.java
@@ -15,9 +15,6 @@
  */
 package org.springframework.security.web.util.matcher;
 
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.Mockito.when;
-
 import java.util.Arrays;
 import java.util.Collections;
 import java.util.List;
@@ -27,10 +24,10 @@ import javax.servlet.http.HttpServletRequest;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
-
 import org.mockito.junit.MockitoJUnitRunner;
-import org.springframework.security.web.util.matcher.RequestMatcher;
-import org.springframework.security.web.util.matcher.AndRequestMatcher;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.Mockito.when;
 
 /**
  * @author Rob Winch
diff --git a/web/src/test/java/org/springframework/security/web/util/matcher/ELRequestMatcherTests.java b/web/src/test/java/org/springframework/security/web/util/matcher/ELRequestMatcherTests.java
index e169fcf8c5..5c7f5ba565 100644
--- a/web/src/test/java/org/springframework/security/web/util/matcher/ELRequestMatcherTests.java
+++ b/web/src/test/java/org/springframework/security/web/util/matcher/ELRequestMatcherTests.java
@@ -15,11 +15,11 @@
  */
 package org.springframework.security.web.util.matcher;
 
-import static org.assertj.core.api.Assertions.*;
-
 import org.junit.Test;
+
 import org.springframework.mock.web.MockHttpServletRequest;
-import org.springframework.security.web.util.matcher.ELRequestMatcher;
+
+import static org.assertj.core.api.Assertions.assertThat;
 
 /**
  * @author Mike Wiesner
diff --git a/web/src/test/java/org/springframework/security/web/util/matcher/IpAddressMatcherTests.java b/web/src/test/java/org/springframework/security/web/util/matcher/IpAddressMatcherTests.java
index 48a93e771c..127e6bd793 100644
--- a/web/src/test/java/org/springframework/security/web/util/matcher/IpAddressMatcherTests.java
+++ b/web/src/test/java/org/springframework/security/web/util/matcher/IpAddressMatcherTests.java
@@ -15,12 +15,13 @@
  */
 package org.springframework.security.web.util.matcher;
 
-import static org.assertj.core.api.Assertions.*;
-
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.mock.web.MockHttpServletRequest;
-import org.springframework.security.web.util.matcher.IpAddressMatcher;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatCode;
 
 /**
  * @author Luke Taylor
diff --git a/web/src/test/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcherRequestHCNSTests.java b/web/src/test/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcherRequestHCNSTests.java
index e022303faf..bd4afb7b4c 100644
--- a/web/src/test/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcherRequestHCNSTests.java
+++ b/web/src/test/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcherRequestHCNSTests.java
@@ -15,18 +15,18 @@
  */
 package org.springframework.security.web.util.matcher;
 
-import static org.assertj.core.api.Assertions.assertThat;
-
 import java.util.Collections;
 
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.http.MediaType;
 import org.springframework.mock.web.MockHttpServletRequest;
-import org.springframework.security.web.util.matcher.MediaTypeRequestMatcher;
 import org.springframework.web.accept.ContentNegotiationStrategy;
 import org.springframework.web.accept.HeaderContentNegotiationStrategy;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 /**
  * Verify how integrates with {@link HeaderContentNegotiationStrategy}.
  *
diff --git a/web/src/test/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcherTests.java b/web/src/test/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcherTests.java
index b25efd2fbc..53e59823d2 100644
--- a/web/src/test/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcherTests.java
+++ b/web/src/test/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcherTests.java
@@ -15,10 +15,6 @@
  */
 package org.springframework.security.web.util.matcher;
 
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.Mockito.when;
-
 import java.util.Arrays;
 import java.util.Collection;
 import java.util.Collections;
@@ -35,6 +31,10 @@ import org.springframework.web.HttpMediaTypeNotAcceptableException;
 import org.springframework.web.accept.ContentNegotiationStrategy;
 import org.springframework.web.context.request.NativeWebRequest;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.when;
+
 /**
  * @author Rob Winch
  * @author Dan Zheng
diff --git a/web/src/test/java/org/springframework/security/web/util/matcher/NegatedRequestMatcherTests.java b/web/src/test/java/org/springframework/security/web/util/matcher/NegatedRequestMatcherTests.java
index 64b93b645c..71e8acd008 100644
--- a/web/src/test/java/org/springframework/security/web/util/matcher/NegatedRequestMatcherTests.java
+++ b/web/src/test/java/org/springframework/security/web/util/matcher/NegatedRequestMatcherTests.java
@@ -15,17 +15,15 @@
  */
 package org.springframework.security.web.util.matcher;
 
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.Mockito.when;
-
 import javax.servlet.http.HttpServletRequest;
 
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
-import org.springframework.security.web.util.matcher.RequestMatcher;
-import org.springframework.security.web.util.matcher.NegatedRequestMatcher;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.Mockito.when;
 
 /**
  * @author Rob Winch
diff --git a/web/src/test/java/org/springframework/security/web/util/matcher/OrRequestMatcherTests.java b/web/src/test/java/org/springframework/security/web/util/matcher/OrRequestMatcherTests.java
index 1bca4fd7e3..3284acfd03 100644
--- a/web/src/test/java/org/springframework/security/web/util/matcher/OrRequestMatcherTests.java
+++ b/web/src/test/java/org/springframework/security/web/util/matcher/OrRequestMatcherTests.java
@@ -15,9 +15,6 @@
  */
 package org.springframework.security.web.util.matcher;
 
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.Mockito.when;
-
 import java.util.Arrays;
 import java.util.Collections;
 import java.util.List;
@@ -28,8 +25,9 @@ import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
-import org.springframework.security.web.util.matcher.RequestMatcher;
-import org.springframework.security.web.util.matcher.OrRequestMatcher;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.Mockito.when;
 
 /**
  * @author Rob Winch
diff --git a/web/src/test/java/org/springframework/security/web/util/matcher/RegexRequestMatcherTests.java b/web/src/test/java/org/springframework/security/web/util/matcher/RegexRequestMatcherTests.java
index 76f0ee78d9..6af02418f9 100644
--- a/web/src/test/java/org/springframework/security/web/util/matcher/RegexRequestMatcherTests.java
+++ b/web/src/test/java/org/springframework/security/web/util/matcher/RegexRequestMatcherTests.java
@@ -16,17 +16,18 @@
 
 package org.springframework.security.web.util.matcher;
 
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.Mockito.when;
-
 import javax.servlet.http.HttpServletRequest;
 
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
+
 import org.springframework.mock.web.MockHttpServletRequest;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.Mockito.when;
+
 /**
  * @author Luke Taylor
  * @author Rob Winch
diff --git a/web/src/test/java/org/springframework/security/web/util/matcher/RequestHeaderRequestMatcherTests.java b/web/src/test/java/org/springframework/security/web/util/matcher/RequestHeaderRequestMatcherTests.java
index a2e462dbcf..69e09cca4e 100644
--- a/web/src/test/java/org/springframework/security/web/util/matcher/RequestHeaderRequestMatcherTests.java
+++ b/web/src/test/java/org/springframework/security/web/util/matcher/RequestHeaderRequestMatcherTests.java
@@ -15,12 +15,12 @@
  */
 package org.springframework.security.web.util.matcher;
 
-import static org.assertj.core.api.Assertions.assertThat;
-
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.mock.web.MockHttpServletRequest;
-import org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher;
+
+import static org.assertj.core.api.Assertions.assertThat;
 
 /**
  * @author Rob Winch

From b5d499e2ebf53ba84d312c95d175e850a1f7c168 Mon Sep 17 00:00:00 2001
From: Phillip Webb <pwebb@vmware.com>
Date: Fri, 24 Jul 2020 18:42:11 -0700
Subject: [PATCH 16/84] Remove empty block

Refactor a few classes so that empty blocks are not longer used. For
example, rather than:

	if(x) {
	} else {
		i++;
	}

use:

	if(!x) {
		i++;
	}

Issue gh-8945
---
 .../config/doc/SpringSecurityXsdParser.java   | 27 +++++++++----------
 etc/checkstyle/checkstyle-suppressions.xml    |  2 --
 ...ctAuthenticationProcessingFilterTests.java |  5 +---
 3 files changed, 13 insertions(+), 21 deletions(-)

diff --git a/config/src/test/java/org/springframework/security/config/doc/SpringSecurityXsdParser.java b/config/src/test/java/org/springframework/security/config/doc/SpringSecurityXsdParser.java
index cc690fb088..bb81c4b893 100644
--- a/config/src/test/java/org/springframework/security/config/doc/SpringSecurityXsdParser.java
+++ b/config/src/test/java/org/springframework/security/config/doc/SpringSecurityXsdParser.java
@@ -85,9 +85,7 @@ public class SpringSecurityXsdParser {
 			if ("attribute".equals(name)) {
 				attrs.add(attr(c));
 			}
-			else if ("element".equals(name)) {
-			}
-			else {
+			else if (!"element".equals(name)) {
 				attrs.addAll(attrs(c));
 			}
 		});
@@ -105,22 +103,21 @@ public class SpringSecurityXsdParser {
 		Collection<Attribute> attrgrp = new ArrayList<>();
 
 		element.children().forEach(c -> {
-			if ("element".equals(c.simpleName())) {
-
-			}
-			else if ("attributeGroup".equals(c.simpleName())) {
-				if (c.attribute("name") != null) {
-					attrgrp.addAll(attrgrp(c));
+			if (!"element".equals(c.simpleName())) {
+				if ("attributeGroup".equals(c.simpleName())) {
+					if (c.attribute("name") != null) {
+						attrgrp.addAll(attrgrp(c));
+					}
+					else {
+						String name = c.attribute("ref").split(":")[1];
+						XmlNode attrGrp = findNode(element, name);
+						attrgrp.addAll(attrgrp(attrGrp));
+					}
 				}
 				else {
-					String name = c.attribute("ref").split(":")[1];
-					XmlNode attrGrp = findNode(element, name);
-					attrgrp.addAll(attrgrp(attrGrp));
+					attrgrp.addAll(attrgrps(c));
 				}
 			}
-			else {
-				attrgrp.addAll(attrgrps(c));
-			}
 		});
 
 		return attrgrp;
diff --git a/etc/checkstyle/checkstyle-suppressions.xml b/etc/checkstyle/checkstyle-suppressions.xml
index 370491d8e3..3fd9f4387c 100644
--- a/etc/checkstyle/checkstyle-suppressions.xml
+++ b/etc/checkstyle/checkstyle-suppressions.xml
@@ -3,7 +3,6 @@
 		"-//Checkstyle//DTD SuppressionFilter Configuration 1.2//EN"
 		"https://checkstyle.org/dtds/suppressions_1_2.dtd">
 <suppressions>
-	<suppress files=".*" checks="EmptyBlock" />
 	<suppress files=".*" checks="FinalClass" />
 	<suppress files=".*" checks="InnerAssignment" />
 	<suppress files=".*" checks="InnerTypeLast" />
@@ -32,7 +31,6 @@
 	<suppress files=".*" checks="SpringCatch" />
 	<suppress files=".*" checks="SpringHeader" />
 	<suppress files=".*" checks="SpringHideUtilityClassConstructor" />
-	<suppress files=".*" checks="SpringImportOrder" />
 	<suppress files=".*" checks="SpringJavadoc" />
 	<suppress files=".*" checks="SpringLambda" />
 	<suppress files=".*" checks="SpringMethodOrder" />
diff --git a/web/src/test/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilterTests.java
index 492eda2854..be8d0831a9 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilterTests.java
@@ -533,10 +533,7 @@ public class AbstractAuthenticationProcessingFilterTests {
 		}
 
 		public void doFilter(ServletRequest request, ServletResponse response) {
-			if (expectToProceed) {
-
-			}
-			else {
+			if (!expectToProceed) {
 				fail("Did not expect filter chain to proceed");
 			}
 		}

From 6894ff5d12de93d9f06b328d5cd4d34041c60cff Mon Sep 17 00:00:00 2001
From: Phillip Webb <pwebb@vmware.com>
Date: Fri, 24 Jul 2020 19:03:31 -0700
Subject: [PATCH 17/84] Make classes final where possible

Update classes that have private constructors so that they are also
declared final. In a few cases, inner-classes used private constructors
but were subclassed. These have now been changed to have package-private
constructors.

Issue gh-8945
---
 .../acls/jdbc/JdbcMutableAclServiceTests.java |   2 +-
 .../UserDetailsManagerConfigurer.java         |   2 +-
 .../annotation/rsocket/RSocketSecurity.java   |   8 +-
 .../annotation/web/builders/HttpSecurity.java |   5 +-
 .../annotation/web/builders/WebSecurity.java  |   2 +-
 .../ChannelSecurityConfigurer.java            |   2 +-
 .../web/configurers/CsrfConfigurer.java       |   9 +-
 .../ExpressionUrlAuthorizationConfigurer.java |   8 +-
 .../UrlAuthorizationConfigurer.java           |   6 +-
 .../oauth2/client/OAuth2ClientConfigurer.java |   2 +-
 .../oauth2/client/OAuth2LoginConfigurer.java  |   8 +-
 ...MessageSecurityMetadataSourceRegistry.java |   6 +-
 .../GrantedAuthorityDefaultsParserUtils.java  |   8 +-
 .../config/web/server/ServerHttpSecurity.java | 112 +++++++++---------
 ...bstractConfiguredSecurityBuilderTests.java |   2 +-
 .../WebTestClientHtmlUnitDriverBuilder.java   |   2 +-
 ...enticatedReactiveAuthorizationManager.java |   6 +-
 ...AuthorityReactiveAuthorizationManager.java |   2 +-
 .../security/core/userdetails/User.java       |   2 +-
 .../security/PopulatedDatabase.java           |   2 +-
 .../security/crypto/encrypt/CipherUtils.java  |   8 +-
 .../security/crypto/encrypt/Encryptors.java   |   8 +-
 .../factory/PasswordEncoderFactories.java     |   8 +-
 .../security/crypto/keygen/KeyGenerators.java |  10 +-
 .../crypto/password/PasswordEncoderUtils.java |  14 +--
 .../security/crypto/util/EncodingUtils.java   |   8 +-
 etc/checkstyle/checkstyle-suppressions.xml    |   1 -
 .../handler/invocation/ResolvableMethod.java  |  18 +--
 .../client/OAuth2AuthorizationContext.java    |   2 +-
 .../oauth2/client/OAuth2AuthorizeRequest.java |   2 +-
 ...OAuth2AuthorizedClientProviderBuilder.java |   8 +-
 ...OAuth2AuthorizedClientProviderBuilder.java |   8 +-
 .../registration/ClientRegistration.java      |   6 +-
 ...uthorizedClientExchangeFilterFunction.java |  28 +++--
 ...uthorizedClientExchangeFilterFunction.java |   2 +-
 ...dbcOAuth2AuthorizedClientServiceTests.java |   4 +-
 .../DelegatingOAuth2UserServiceTests.java     |   3 +-
 .../endpoint/OAuth2AccessTokenResponse.java   |   2 +-
 .../endpoint/OAuth2AuthorizationRequest.java  |   2 +-
 .../endpoint/OAuth2AuthorizationResponse.java |   2 +-
 ...geMatcherReactiveAuthorizationManager.java |   4 +-
 .../OpenSamlAuthenticationProvider.java       |   2 +-
 .../Saml2AuthenticationRequest.java           |   2 +-
 .../Saml2AuthenticationRequestContext.java    |   2 +-
 .../Saml2PostAuthenticationRequest.java       |   4 +-
 .../Saml2RedirectAuthenticationRequest.java   |   4 +-
 .../RelyingPartyRegistration.java             |   4 +-
 ...WithUserDetailsSecurityContextFactory.java |   2 +-
 .../server/SecurityMockServerConfigurers.java |  26 ++--
 .../SecurityMockMvcRequestPostProcessors.java |  18 +--
 .../security/web/FilterChainProxy.java        |   2 +-
 ...elegatingReactiveAuthorizationManager.java |   4 +-
 .../NoOpServerSecurityContextRepository.java  |   9 +-
 .../savedrequest/NoOpServerRequestCache.java  |   8 +-
 .../util/matcher/AntPathRequestMatcher.java   |   4 +-
 .../web/reactive/server/WebTestHandler.java   |   4 +-
 ...tentTokenBasedRememberMeServicesTests.java |   2 +-
 .../security/web/method/ResolvableMethod.java |  14 +--
 58 files changed, 229 insertions(+), 226 deletions(-)

diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTests.java b/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTests.java
index df0d18603d..bab5a11958 100644
--- a/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTests.java
@@ -550,7 +550,7 @@ public class JdbcMutableAclServiceTests extends AbstractTransactionalJUnit4Sprin
 	 */
 	private class CustomJdbcMutableAclService extends JdbcMutableAclService {
 
-		private CustomJdbcMutableAclService(DataSource dataSource, LookupStrategy lookupStrategy, AclCache aclCache) {
+		CustomJdbcMutableAclService(DataSource dataSource, LookupStrategy lookupStrategy, AclCache aclCache) {
 			super(dataSource, lookupStrategy, aclCache);
 		}
 
diff --git a/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/provisioning/UserDetailsManagerConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/provisioning/UserDetailsManagerConfigurer.java
index d6681aa70d..3ae55eba45 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/provisioning/UserDetailsManagerConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/provisioning/UserDetailsManagerConfigurer.java
@@ -104,7 +104,7 @@ public class UserDetailsManagerConfigurer<B extends ProviderManagerBuilder<B>, C
 	 * Builds the user to be added. At minimum the username, password, and authorities
 	 * should provided. The remaining attributes have reasonable defaults.
 	 */
-	public class UserDetailsBuilder {
+	public final class UserDetailsBuilder {
 
 		private UserBuilder user;
 
diff --git a/config/src/main/java/org/springframework/security/config/annotation/rsocket/RSocketSecurity.java b/config/src/main/java/org/springframework/security/config/annotation/rsocket/RSocketSecurity.java
index 7bf6051025..b55fd0e1de 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/rsocket/RSocketSecurity.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/rsocket/RSocketSecurity.java
@@ -164,7 +164,7 @@ public class RSocketSecurity {
 	/**
 	 * @since 5.3
 	 */
-	public class SimpleAuthenticationSpec {
+	public final class SimpleAuthenticationSpec {
 
 		private ReactiveAuthenticationManager authenticationManager;
 
@@ -208,7 +208,7 @@ public class RSocketSecurity {
 		return this;
 	}
 
-	public class BasicAuthenticationSpec {
+	public final class BasicAuthenticationSpec {
 
 		private ReactiveAuthenticationManager authenticationManager;
 
@@ -244,7 +244,7 @@ public class RSocketSecurity {
 		return this;
 	}
 
-	public class JwtSpec {
+	public final class JwtSpec {
 
 		private ReactiveAuthenticationManager authenticationManager;
 
@@ -370,7 +370,7 @@ public class RSocketSecurity {
 			return new Access(matcher);
 		}
 
-		public class Access {
+		public final class Access {
 
 			private final PayloadExchangeMatcher matcher;
 
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java b/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java
index 1c71ad0ba2..b4936abec5 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java
@@ -2942,10 +2942,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 
 		protected List<RequestMatcher> matchers = new ArrayList<>();
 
-		/**
-		 * @param context
-		 */
-		private RequestMatcherConfigurer(ApplicationContext context) {
+		RequestMatcherConfigurer(ApplicationContext context) {
 			setApplicationContext(context);
 		}
 
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/builders/WebSecurity.java b/config/src/main/java/org/springframework/security/config/annotation/web/builders/WebSecurity.java
index 7d8ef3304c..34abe958f3 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/builders/WebSecurity.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/builders/WebSecurity.java
@@ -337,7 +337,7 @@ public final class WebSecurity extends AbstractConfiguredSecurityBuilder<Filter,
 	 */
 	public class IgnoredRequestConfigurer extends AbstractRequestMatcherRegistry<IgnoredRequestConfigurer> {
 
-		private IgnoredRequestConfigurer(ApplicationContext context) {
+		IgnoredRequestConfigurer(ApplicationContext context) {
 			setApplicationContext(context);
 		}
 
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ChannelSecurityConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ChannelSecurityConfigurer.java
index 6e32cbec24..30d08a20c9 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ChannelSecurityConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ChannelSecurityConfigurer.java
@@ -220,7 +220,7 @@ public final class ChannelSecurityConfigurer<H extends HttpSecurityBuilder<H>>
 
 		protected List<? extends RequestMatcher> requestMatchers;
 
-		private RequiresChannelUrl(List<? extends RequestMatcher> requestMatchers) {
+		RequiresChannelUrl(List<? extends RequestMatcher> requestMatchers) {
 			this.requestMatchers = requestMatchers;
 		}
 
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurer.java
index 672c17f4fa..9245a1b93e 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurer.java
@@ -303,8 +303,8 @@ public final class CsrfConfigurer<H extends HttpSecurityBuilder<H>>
 	 * @since 5.2
 	 */
 	private SessionAuthenticationStrategy getSessionAuthenticationStrategy() {
-		if (sessionAuthenticationStrategy != null) {
-			return sessionAuthenticationStrategy;
+		if (this.sessionAuthenticationStrategy != null) {
+			return this.sessionAuthenticationStrategy;
 		}
 		else {
 			return new CsrfAuthenticationStrategy(this.csrfTokenRepository);
@@ -321,10 +321,7 @@ public final class CsrfConfigurer<H extends HttpSecurityBuilder<H>>
 	 */
 	private class IgnoreCsrfProtectionRegistry extends AbstractRequestMatcherRegistry<IgnoreCsrfProtectionRegistry> {
 
-		/**
-		 * @param context
-		 */
-		private IgnoreCsrfProtectionRegistry(ApplicationContext context) {
+		IgnoreCsrfProtectionRegistry(ApplicationContext context) {
 			setApplicationContext(context);
 		}
 
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurer.java
index 1a6bdf8acb..8d14c69455 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurer.java
@@ -109,7 +109,7 @@ public final class ExpressionUrlAuthorizationConfigurer<H extends HttpSecurityBu
 		return REGISTRY;
 	}
 
-	public class ExpressionInterceptUrlRegistry extends
+	public final class ExpressionInterceptUrlRegistry extends
 			ExpressionUrlAuthorizationConfigurer<H>.AbstractInterceptUrlRegistry<ExpressionInterceptUrlRegistry, AuthorizedUrl> {
 
 		/**
@@ -130,7 +130,7 @@ public final class ExpressionUrlAuthorizationConfigurer<H extends HttpSecurityBu
 		}
 
 		@Override
-		protected final AuthorizedUrl chainRequestMatchersInternal(List<RequestMatcher> requestMatchers) {
+		protected AuthorizedUrl chainRequestMatchersInternal(List<RequestMatcher> requestMatchers) {
 			return new AuthorizedUrl(requestMatchers);
 		}
 
@@ -267,7 +267,7 @@ public final class ExpressionUrlAuthorizationConfigurer<H extends HttpSecurityBu
 	 *
 	 * @author Rob Winch
 	 */
-	public class MvcMatchersAuthorizedUrl extends AuthorizedUrl {
+	public final class MvcMatchersAuthorizedUrl extends AuthorizedUrl {
 
 		/**
 		 * Creates a new instance
@@ -296,7 +296,7 @@ public final class ExpressionUrlAuthorizationConfigurer<H extends HttpSecurityBu
 		 * Creates a new instance
 		 * @param requestMatchers the {@link RequestMatcher} instances to map
 		 */
-		private AuthorizedUrl(List<? extends RequestMatcher> requestMatchers) {
+		AuthorizedUrl(List<? extends RequestMatcher> requestMatchers) {
 			this.requestMatchers = requestMatchers;
 		}
 
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationConfigurer.java
index 7eb350a744..3bb7f5c96c 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationConfigurer.java
@@ -113,7 +113,7 @@ public final class UrlAuthorizationConfigurer<H extends HttpSecurityBuilder<H>>
 		return this;
 	}
 
-	public class StandardInterceptUrlRegistry extends
+	public final class StandardInterceptUrlRegistry extends
 			ExpressionUrlAuthorizationConfigurer<H>.AbstractInterceptUrlRegistry<StandardInterceptUrlRegistry, AuthorizedUrl> {
 
 		/**
@@ -134,7 +134,7 @@ public final class UrlAuthorizationConfigurer<H extends HttpSecurityBuilder<H>>
 		}
 
 		@Override
-		protected final AuthorizedUrl chainRequestMatchersInternal(List<RequestMatcher> requestMatchers) {
+		protected AuthorizedUrl chainRequestMatchersInternal(List<RequestMatcher> requestMatchers) {
 			return new AuthorizedUrl(requestMatchers);
 		}
 
@@ -275,7 +275,7 @@ public final class UrlAuthorizationConfigurer<H extends HttpSecurityBuilder<H>>
 		 * @param requestMatchers the {@link RequestMatcher} instances to map to some
 		 * {@link ConfigAttribute} instances.
 		 */
-		private AuthorizedUrl(List<? extends RequestMatcher> requestMatchers) {
+		AuthorizedUrl(List<? extends RequestMatcher> requestMatchers) {
 			Assert.notEmpty(requestMatchers, "requestMatchers must contain at least one value");
 			this.requestMatchers = requestMatchers;
 		}
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurer.java
index b504c8d6f8..64e9205359 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurer.java
@@ -154,7 +154,7 @@ public final class OAuth2ClientConfigurer<B extends HttpSecurityBuilder<B>>
 	/**
 	 * Configuration options for the OAuth 2.0 Authorization Code Grant.
 	 */
-	public class AuthorizationCodeGrantConfigurer {
+	public final class AuthorizationCodeGrantConfigurer {
 
 		private OAuth2AuthorizationRequestResolver authorizationRequestResolver;
 
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java
index 09addf7ea9..01c8d1625d 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java
@@ -224,7 +224,7 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>
 	/**
 	 * Configuration options for the Authorization Server's Authorization Endpoint.
 	 */
-	public class AuthorizationEndpointConfig {
+	public final class AuthorizationEndpointConfig {
 
 		private String authorizationRequestBaseUri;
 
@@ -308,7 +308,7 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>
 	/**
 	 * Configuration options for the Authorization Server's Token Endpoint.
 	 */
-	public class TokenEndpointConfig {
+	public final class TokenEndpointConfig {
 
 		private OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient;
 
@@ -364,7 +364,7 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>
 	/**
 	 * Configuration options for the Client's Redirection Endpoint.
 	 */
-	public class RedirectionEndpointConfig {
+	public final class RedirectionEndpointConfig {
 
 		private String authorizationResponseBaseUri;
 
@@ -416,7 +416,7 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>
 	/**
 	 * Configuration options for the Authorization Server's UserInfo Endpoint.
 	 */
-	public class UserInfoEndpointConfig {
+	public final class UserInfoEndpointConfig {
 
 		private OAuth2UserService<OAuth2UserRequest, OAuth2User> userService;
 
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistry.java b/config/src/main/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistry.java
index 78ef22909a..4017be49e2 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistry.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistry.java
@@ -251,7 +251,7 @@ public class MessageSecurityMetadataSourceRegistry {
 	 * Represents the security constraint to be applied to the {@link MessageMatcher}
 	 * instances.
 	 */
-	public class Constraint {
+	public final class Constraint {
 
 		private final List<? extends MatcherBuilder> messageMatchers;
 
@@ -409,7 +409,7 @@ public class MessageSecurityMetadataSourceRegistry {
 		return "hasAnyAuthority('" + anyAuthorities + "')";
 	}
 
-	private static class PreBuiltMatcherBuilder implements MatcherBuilder {
+	private final static class PreBuiltMatcherBuilder implements MatcherBuilder {
 
 		private MessageMatcher<?> matcher;
 
@@ -423,7 +423,7 @@ public class MessageSecurityMetadataSourceRegistry {
 
 	}
 
-	private class PathMatcherMessageMatcherBuilder implements MatcherBuilder {
+	private final class PathMatcherMessageMatcherBuilder implements MatcherBuilder {
 
 		private final String pattern;
 
diff --git a/config/src/main/java/org/springframework/security/config/http/GrantedAuthorityDefaultsParserUtils.java b/config/src/main/java/org/springframework/security/config/http/GrantedAuthorityDefaultsParserUtils.java
index 625b4a8c1f..3f8e9e89be 100644
--- a/config/src/main/java/org/springframework/security/config/http/GrantedAuthorityDefaultsParserUtils.java
+++ b/config/src/main/java/org/springframework/security/config/http/GrantedAuthorityDefaultsParserUtils.java
@@ -27,7 +27,10 @@ import org.springframework.security.config.core.GrantedAuthorityDefaults;
  * @author Rob Winch
  * @since 4.2
  */
-class GrantedAuthorityDefaultsParserUtils {
+final class GrantedAuthorityDefaultsParserUtils {
+
+	private GrantedAuthorityDefaultsParserUtils() {
+	}
 
 	static RootBeanDefinition registerWithDefaultRolePrefix(ParserContext pc,
 			Class<? extends AbstractGrantedAuthorityDefaultsBeanFactory> beanFactoryClass) {
@@ -60,7 +63,4 @@ class GrantedAuthorityDefaultsParserUtils {
 
 	}
 
-	private GrantedAuthorityDefaultsParserUtils() {
-	}
-
 }
diff --git a/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java b/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java
index eaade885f4..759228c707 100644
--- a/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java
+++ b/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java
@@ -628,10 +628,13 @@ public class ServerHttpSecurity {
 	 * Configures CORS support within Spring Security. This ensures that the
 	 * {@link CorsWebFilter} is place in the correct order.
 	 */
-	public class CorsSpec {
+	public final class CorsSpec {
 
 		private CorsWebFilter corsFilter;
 
+		private CorsSpec() {
+		}
+
 		/**
 		 * Configures the {@link CorsConfigurationSource} to be used
 		 * @param source the source to use
@@ -683,9 +686,6 @@ public class ServerHttpSecurity {
 			return this.corsFilter;
 		}
 
-		private CorsSpec() {
-		}
-
 	}
 
 	/**
@@ -874,12 +874,15 @@ public class ServerHttpSecurity {
 	 * @since 5.2
 	 * @see #x509()
 	 */
-	public class X509Spec {
+	public final class X509Spec {
 
 		private X509PrincipalExtractor principalExtractor;
 
 		private ReactiveAuthenticationManager authenticationManager;
 
+		private X509Spec() {
+		}
+
 		public X509Spec principalExtractor(X509PrincipalExtractor principalExtractor) {
 			this.principalExtractor = principalExtractor;
 			return this;
@@ -923,9 +926,6 @@ public class ServerHttpSecurity {
 			return authenticationManager;
 		}
 
-		private X509Spec() {
-		}
-
 	}
 
 	/**
@@ -981,7 +981,7 @@ public class ServerHttpSecurity {
 		return this;
 	}
 
-	public class OAuth2LoginSpec {
+	public final class OAuth2LoginSpec {
 
 		private ReactiveClientRegistrationRepository clientRegistrationRepository;
 
@@ -1003,6 +1003,9 @@ public class ServerHttpSecurity {
 
 		private ServerAuthenticationFailureHandler authenticationFailureHandler;
 
+		private OAuth2LoginSpec() {
+		}
+
 		/**
 		 * Configures the {@link ReactiveAuthenticationManager} to use. The default is
 		 * {@link OAuth2AuthorizationCodeReactiveAuthenticationManager}
@@ -1378,9 +1381,6 @@ public class ServerHttpSecurity {
 			return service;
 		}
 
-		private OAuth2LoginSpec() {
-		}
-
 	}
 
 	/**
@@ -1434,7 +1434,7 @@ public class ServerHttpSecurity {
 		return this;
 	}
 
-	public class OAuth2ClientSpec {
+	public final class OAuth2ClientSpec {
 
 		private ReactiveClientRegistrationRepository clientRegistrationRepository;
 
@@ -1446,6 +1446,9 @@ public class ServerHttpSecurity {
 
 		private ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository;
 
+		private OAuth2ClientSpec() {
+		}
+
 		/**
 		 * Sets the converter to use
 		 * @param authenticationConverter the converter to use
@@ -1595,9 +1598,6 @@ public class ServerHttpSecurity {
 			return service;
 		}
 
-		private OAuth2ClientSpec() {
-		}
-
 	}
 
 	/**
@@ -1794,8 +1794,9 @@ public class ServerHttpSecurity {
 
 			if (this.authenticationManagerResolver != null) {
 				AuthenticationWebFilter oauth2 = new AuthenticationWebFilter(this.authenticationManagerResolver);
-				oauth2.setServerAuthenticationConverter(bearerTokenConverter);
-				oauth2.setAuthenticationFailureHandler(new ServerAuthenticationEntryPointFailureHandler(entryPoint));
+				oauth2.setServerAuthenticationConverter(this.bearerTokenConverter);
+				oauth2.setAuthenticationFailureHandler(
+						new ServerAuthenticationEntryPointFailureHandler(this.entryPoint));
 				http.addFilterAt(oauth2, SecurityWebFiltersOrder.AUTHENTICATION);
 			}
 			else if (this.jwt != null) {
@@ -1961,8 +1962,9 @@ public class ServerHttpSecurity {
 			protected void configure(ServerHttpSecurity http) {
 				ReactiveAuthenticationManager authenticationManager = getAuthenticationManager();
 				AuthenticationWebFilter oauth2 = new BearerTokenAuthenticationWebFilter(authenticationManager);
-				oauth2.setServerAuthenticationConverter(bearerTokenConverter);
-				oauth2.setAuthenticationFailureHandler(new ServerAuthenticationEntryPointFailureHandler(entryPoint));
+				oauth2.setServerAuthenticationConverter(OAuth2ResourceServerSpec.this.bearerTokenConverter);
+				oauth2.setAuthenticationFailureHandler(
+						new ServerAuthenticationEntryPointFailureHandler(OAuth2ResourceServerSpec.this.entryPoint));
 				// @formatter:off
 				http
 					.addFilterAt(oauth2, SecurityWebFiltersOrder.AUTHENTICATION);
@@ -2003,7 +2005,7 @@ public class ServerHttpSecurity {
 		 * @author Josh Cummings
 		 * @since 5.2
 		 */
-		public class OpaqueTokenSpec {
+		public final class OpaqueTokenSpec {
 
 			private String introspectionUri;
 
@@ -2013,6 +2015,9 @@ public class ServerHttpSecurity {
 
 			private Supplier<ReactiveOpaqueTokenIntrospector> introspector;
 
+			private OpaqueTokenSpec() {
+			}
+
 			/**
 			 * Configures the URI of the Introspection endpoint
 			 * @param introspectionUri The URI of the Introspection endpoint
@@ -2071,14 +2076,12 @@ public class ServerHttpSecurity {
 			protected void configure(ServerHttpSecurity http) {
 				ReactiveAuthenticationManager authenticationManager = getAuthenticationManager();
 				AuthenticationWebFilter oauth2 = new BearerTokenAuthenticationWebFilter(authenticationManager);
-				oauth2.setServerAuthenticationConverter(bearerTokenConverter);
-				oauth2.setAuthenticationFailureHandler(new ServerAuthenticationEntryPointFailureHandler(entryPoint));
+				oauth2.setServerAuthenticationConverter(OAuth2ResourceServerSpec.this.bearerTokenConverter);
+				oauth2.setAuthenticationFailureHandler(
+						new ServerAuthenticationEntryPointFailureHandler(OAuth2ResourceServerSpec.this.entryPoint));
 				http.addFilterAt(oauth2, SecurityWebFiltersOrder.AUTHENTICATION);
 			}
 
-			private OpaqueTokenSpec() {
-			}
-
 		}
 
 		public ServerHttpSecurity and() {
@@ -2820,7 +2823,7 @@ public class ServerHttpSecurity {
 	 * @since 5.0
 	 * @see #csrf()
 	 */
-	public class CsrfSpec {
+	public final class CsrfSpec {
 
 		private CsrfWebFilter filter = new CsrfWebFilter();
 
@@ -2917,7 +2920,7 @@ public class ServerHttpSecurity {
 	 * @since 5.0
 	 * @see #exceptionHandling()
 	 */
-	public class ExceptionHandlingSpec {
+	public final class ExceptionHandlingSpec {
 
 		/**
 		 * Configures what to do when the application request authentication
@@ -2963,7 +2966,7 @@ public class ServerHttpSecurity {
 	 * @since 5.0
 	 * @see #requestCache()
 	 */
-	public class RequestCacheSpec {
+	public final class RequestCacheSpec {
 
 		private ServerRequestCache requestCache = new WebSessionServerRequestCache();
 
@@ -3013,7 +3016,7 @@ public class ServerHttpSecurity {
 	 * @since 5.0
 	 * @see #httpBasic()
 	 */
-	public class HttpBasicSpec {
+	public final class HttpBasicSpec {
 
 		private ReactiveAuthenticationManager authenticationManager;
 
@@ -3104,7 +3107,7 @@ public class ServerHttpSecurity {
 	 * @since 5.0
 	 * @see #formLogin()
 	 */
-	public class FormLoginSpec {
+	public final class FormLoginSpec {
 
 		private final RedirectServerAuthenticationSuccessHandler defaultSuccessHandler = new RedirectServerAuthenticationSuccessHandler(
 				"/");
@@ -3282,7 +3285,7 @@ public class ServerHttpSecurity {
 
 	}
 
-	private class LoginPageSpec {
+	private final class LoginPageSpec {
 
 		protected void configure(ServerHttpSecurity http) {
 			if (http.authenticationEntryPoint != null) {
@@ -3321,7 +3324,7 @@ public class ServerHttpSecurity {
 	 * @since 5.0
 	 * @see #headers()
 	 */
-	public class HeaderSpec {
+	public final class HeaderSpec {
 
 		private final List<ServerHttpHeadersWriter> writers;
 
@@ -3535,7 +3538,7 @@ public class ServerHttpSecurity {
 		 *
 		 * @see #cache()
 		 */
-		public class CacheSpec {
+		public final class CacheSpec {
 
 			/**
 			 * Disables cache control response headers
@@ -3556,7 +3559,7 @@ public class ServerHttpSecurity {
 		 *
 		 * @see #contentTypeOptions()
 		 */
-		public class ContentTypeOptionsSpec {
+		public final class ContentTypeOptionsSpec {
 
 			/**
 			 * Disables the content type options response header
@@ -3577,7 +3580,7 @@ public class ServerHttpSecurity {
 		 *
 		 * @see #frameOptions()
 		 */
-		public class FrameOptionsSpec {
+		public final class FrameOptionsSpec {
 
 			/**
 			 * The mode to configure. Default is
@@ -3618,7 +3621,7 @@ public class ServerHttpSecurity {
 		 *
 		 * @see #hsts()
 		 */
-		public class HstsSpec {
+		public final class HstsSpec {
 
 			/**
 			 * Configures the max age. Default is one year.
@@ -3687,7 +3690,10 @@ public class ServerHttpSecurity {
 		 *
 		 * @see #xssProtection()
 		 */
-		public class XssProtectionSpec {
+		public final class XssProtectionSpec {
+
+			private XssProtectionSpec() {
+			}
 
 			/**
 			 * Disables the x-xss-protection response header
@@ -3698,9 +3704,6 @@ public class ServerHttpSecurity {
 				return HeaderSpec.this;
 			}
 
-			private XssProtectionSpec() {
-			}
-
 		}
 
 		/**
@@ -3709,7 +3712,7 @@ public class ServerHttpSecurity {
 		 * @since 5.1
 		 * @see #contentSecurityPolicy(String)
 		 */
-		public class ContentSecurityPolicySpec {
+		public final class ContentSecurityPolicySpec {
 
 			private static final String DEFAULT_SRC_SELF_POLICY = "default-src 'self'";
 
@@ -3760,7 +3763,7 @@ public class ServerHttpSecurity {
 		 * @since 5.1
 		 * @see #featurePolicy(String)
 		 */
-		public class FeaturePolicySpec {
+		public final class FeaturePolicySpec {
 
 			/**
 			 * Allows method chaining to continue configuring the
@@ -3784,7 +3787,11 @@ public class ServerHttpSecurity {
 		 * @see #referrerPolicy()
 		 * @see #referrerPolicy(ReferrerPolicy)
 		 */
-		public class ReferrerPolicySpec {
+		public final class ReferrerPolicySpec {
+
+			private ReferrerPolicySpec(ReferrerPolicy referrerPolicy) {
+				HeaderSpec.this.referrerPolicy.setPolicy(referrerPolicy);
+			}
 
 			/**
 			 * Sets the policy to be used in the response header.
@@ -3808,10 +3815,6 @@ public class ServerHttpSecurity {
 			private ReferrerPolicySpec() {
 			}
 
-			private ReferrerPolicySpec(ReferrerPolicy referrerPolicy) {
-				HeaderSpec.this.referrerPolicy.setPolicy(referrerPolicy);
-			}
-
 		}
 
 		private HeaderSpec() {
@@ -4095,17 +4098,18 @@ public class ServerHttpSecurity {
 		}
 
 		protected void configure(ServerHttpSecurity http) {
-			if (authenticationFilter == null) {
-				authenticationFilter = new AnonymousAuthenticationWebFilter(getKey(), principal, authorities);
+			if (this.authenticationFilter == null) {
+				this.authenticationFilter = new AnonymousAuthenticationWebFilter(getKey(), this.principal,
+						this.authorities);
 			}
-			http.addFilterAt(authenticationFilter, SecurityWebFiltersOrder.ANONYMOUS_AUTHENTICATION);
+			http.addFilterAt(this.authenticationFilter, SecurityWebFiltersOrder.ANONYMOUS_AUTHENTICATION);
 		}
 
 		private String getKey() {
-			if (key == null) {
-				key = UUID.randomUUID().toString();
+			if (this.key == null) {
+				this.key = UUID.randomUUID().toString();
 			}
-			return key;
+			return this.key;
 		}
 
 		private AnonymousSpec() {
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/AbstractConfiguredSecurityBuilderTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/AbstractConfiguredSecurityBuilderTests.java
index d1ea811fa6..b7a26da9a7 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/AbstractConfiguredSecurityBuilderTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/AbstractConfiguredSecurityBuilderTests.java
@@ -144,7 +144,7 @@ public class AbstractConfiguredSecurityBuilderTests {
 
 	}
 
-	private static class TestConfiguredSecurityBuilder
+	private static final class TestConfiguredSecurityBuilder
 			extends AbstractConfiguredSecurityBuilder<Object, TestConfiguredSecurityBuilder> {
 
 		private TestConfiguredSecurityBuilder(ObjectPostProcessor<Object> objectPostProcessor) {
diff --git a/config/src/test/java/org/springframework/security/htmlunit/server/WebTestClientHtmlUnitDriverBuilder.java b/config/src/test/java/org/springframework/security/htmlunit/server/WebTestClientHtmlUnitDriverBuilder.java
index 47d4a77783..db19b75056 100644
--- a/config/src/test/java/org/springframework/security/htmlunit/server/WebTestClientHtmlUnitDriverBuilder.java
+++ b/config/src/test/java/org/springframework/security/htmlunit/server/WebTestClientHtmlUnitDriverBuilder.java
@@ -30,7 +30,7 @@ import org.springframework.test.web.servlet.htmlunit.webdriver.WebConnectionHtml
  * @author Rob Winch
  * @since 5.0
  */
-public class WebTestClientHtmlUnitDriverBuilder {
+public final class WebTestClientHtmlUnitDriverBuilder {
 
 	private final WebTestClient webTestClient;
 
diff --git a/core/src/main/java/org/springframework/security/authorization/AuthenticatedReactiveAuthorizationManager.java b/core/src/main/java/org/springframework/security/authorization/AuthenticatedReactiveAuthorizationManager.java
index 1d995be615..e20d1ed5a2 100644
--- a/core/src/main/java/org/springframework/security/authorization/AuthenticatedReactiveAuthorizationManager.java
+++ b/core/src/main/java/org/springframework/security/authorization/AuthenticatedReactiveAuthorizationManager.java
@@ -34,6 +34,9 @@ public class AuthenticatedReactiveAuthorizationManager<T> implements ReactiveAut
 
 	private AuthenticationTrustResolver authTrustResolver = new AuthenticationTrustResolverImpl();
 
+	AuthenticatedReactiveAuthorizationManager() {
+	}
+
 	@Override
 	public Mono<AuthorizationDecision> check(Mono<Authentication> authentication, T object) {
 		return authentication.filter(this::isNotAnonymous).map(a -> new AuthorizationDecision(a.isAuthenticated()))
@@ -59,7 +62,4 @@ public class AuthenticatedReactiveAuthorizationManager<T> implements ReactiveAut
 		return new AuthenticatedReactiveAuthorizationManager<>();
 	}
 
-	private AuthenticatedReactiveAuthorizationManager() {
-	}
-
 }
diff --git a/core/src/main/java/org/springframework/security/authorization/AuthorityReactiveAuthorizationManager.java b/core/src/main/java/org/springframework/security/authorization/AuthorityReactiveAuthorizationManager.java
index a1a2a4784a..e1faf00f95 100644
--- a/core/src/main/java/org/springframework/security/authorization/AuthorityReactiveAuthorizationManager.java
+++ b/core/src/main/java/org/springframework/security/authorization/AuthorityReactiveAuthorizationManager.java
@@ -36,7 +36,7 @@ public class AuthorityReactiveAuthorizationManager<T> implements ReactiveAuthori
 
 	private final List<String> authorities;
 
-	private AuthorityReactiveAuthorizationManager(String... authorities) {
+	AuthorityReactiveAuthorizationManager(String... authorities) {
 		this.authorities = Arrays.asList(authorities);
 	}
 
diff --git a/core/src/main/java/org/springframework/security/core/userdetails/User.java b/core/src/main/java/org/springframework/security/core/userdetails/User.java
index fa4bb98bfb..31d0892520 100644
--- a/core/src/main/java/org/springframework/security/core/userdetails/User.java
+++ b/core/src/main/java/org/springframework/security/core/userdetails/User.java
@@ -334,7 +334,7 @@ public class User implements UserDetails, CredentialsContainer {
 	 * Builds the user to be added. At minimum the username, password, and authorities
 	 * should provided. The remaining attributes have reasonable defaults.
 	 */
-	public static class UserBuilder {
+	public static final class UserBuilder {
 
 		private String username;
 
diff --git a/core/src/test/java/org/springframework/security/PopulatedDatabase.java b/core/src/test/java/org/springframework/security/PopulatedDatabase.java
index bb3f0c7793..f450a2bb76 100644
--- a/core/src/test/java/org/springframework/security/PopulatedDatabase.java
+++ b/core/src/test/java/org/springframework/security/PopulatedDatabase.java
@@ -26,7 +26,7 @@ import org.springframework.jdbc.core.JdbcTemplate;
  *
  * @author Ben Alex
  */
-public class PopulatedDatabase {
+public final class PopulatedDatabase {
 
 	private static TestDataSource dataSource = null;
 
diff --git a/crypto/src/main/java/org/springframework/security/crypto/encrypt/CipherUtils.java b/crypto/src/main/java/org/springframework/security/crypto/encrypt/CipherUtils.java
index 58a268abe7..753a7b535f 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/encrypt/CipherUtils.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/encrypt/CipherUtils.java
@@ -36,7 +36,10 @@ import javax.crypto.spec.PBEParameterSpec;
  *
  * @author Keith Donald
  */
-class CipherUtils {
+final class CipherUtils {
+
+	private CipherUtils() {
+	}
 
 	/**
 	 * Generates a SecretKey.
@@ -138,7 +141,4 @@ class CipherUtils {
 		}
 	}
 
-	private CipherUtils() {
-	}
-
 }
diff --git a/crypto/src/main/java/org/springframework/security/crypto/encrypt/Encryptors.java b/crypto/src/main/java/org/springframework/security/crypto/encrypt/Encryptors.java
index 6b972d9e59..53270a01fa 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/encrypt/Encryptors.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/encrypt/Encryptors.java
@@ -24,7 +24,10 @@ import org.springframework.security.crypto.keygen.KeyGenerators;
  *
  * @author Keith Donald
  */
-public class Encryptors {
+public final class Encryptors {
+
+	private Encryptors() {
+	}
 
 	/**
 	 * Creates a standard password-based bytes encryptor using 256 bit AES encryption with
@@ -112,9 +115,6 @@ public class Encryptors {
 		return NO_OP_TEXT_INSTANCE;
 	}
 
-	private Encryptors() {
-	}
-
 	private static final TextEncryptor NO_OP_TEXT_INSTANCE = new NoOpTextEncryptor();
 
 	private static final class NoOpTextEncryptor implements TextEncryptor {
diff --git a/crypto/src/main/java/org/springframework/security/crypto/factory/PasswordEncoderFactories.java b/crypto/src/main/java/org/springframework/security/crypto/factory/PasswordEncoderFactories.java
index c954da5d07..a3f995d23d 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/factory/PasswordEncoderFactories.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/factory/PasswordEncoderFactories.java
@@ -32,7 +32,10 @@ import org.springframework.security.crypto.scrypt.SCryptPasswordEncoder;
  * @author Rob Winch
  * @since 5.0
  */
-public class PasswordEncoderFactories {
+public final class PasswordEncoderFactories {
+
+	private PasswordEncoderFactories() {
+	}
 
 	/**
 	 * Creates a {@link DelegatingPasswordEncoder} with default mappings. Additional
@@ -79,7 +82,4 @@ public class PasswordEncoderFactories {
 		return new DelegatingPasswordEncoder(encodingId, encoders);
 	}
 
-	private PasswordEncoderFactories() {
-	}
-
 }
diff --git a/crypto/src/main/java/org/springframework/security/crypto/keygen/KeyGenerators.java b/crypto/src/main/java/org/springframework/security/crypto/keygen/KeyGenerators.java
index 4a70ccef19..02d781788a 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/keygen/KeyGenerators.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/keygen/KeyGenerators.java
@@ -23,7 +23,10 @@ import java.security.SecureRandom;
  *
  * @author Keith Donald
  */
-public class KeyGenerators {
+public final class KeyGenerators {
+
+	private KeyGenerators() {
+	}
 
 	/**
 	 * Create a {@link BytesKeyGenerator} that uses a {@link SecureRandom} to generate
@@ -59,9 +62,4 @@ public class KeyGenerators {
 		return new HexEncodingStringKeyGenerator(secureRandom());
 	}
 
-	// internal helpers
-
-	private KeyGenerators() {
-	}
-
 }
diff --git a/crypto/src/main/java/org/springframework/security/crypto/password/PasswordEncoderUtils.java b/crypto/src/main/java/org/springframework/security/crypto/password/PasswordEncoderUtils.java
index 167a51b1d3..d30b10d0bf 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/password/PasswordEncoderUtils.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/password/PasswordEncoderUtils.java
@@ -24,7 +24,10 @@ import org.springframework.security.crypto.codec.Utf8;
  *
  * @author Rob Winch
  */
-class PasswordEncoderUtils {
+final class PasswordEncoderUtils {
+
+	private PasswordEncoderUtils() {
+	}
 
 	/**
 	 * Constant time comparison to prevent against timing attacks.
@@ -43,12 +46,9 @@ class PasswordEncoderUtils {
 		if (s == null) {
 			return null;
 		}
-
-		return Utf8.encode(s); // need to check if Utf8.encode() runs in constant time
-								// (probably not). This may leak length of string.
-	}
-
-	private PasswordEncoderUtils() {
+		// need to check if Utf8.encode() runs in constant time (probably not).
+		// This may leak length of string.
+		return Utf8.encode(s);
 	}
 
 }
diff --git a/crypto/src/main/java/org/springframework/security/crypto/util/EncodingUtils.java b/crypto/src/main/java/org/springframework/security/crypto/util/EncodingUtils.java
index 4a49aaedfc..f71e9f8cb2 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/util/EncodingUtils.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/util/EncodingUtils.java
@@ -22,7 +22,10 @@ package org.springframework.security.crypto.util;
  *
  * @author Keith Donald
  */
-public class EncodingUtils {
+public final class EncodingUtils {
+
+	private EncodingUtils() {
+	}
 
 	/**
 	 * Combine the individual byte arrays into one array.
@@ -54,7 +57,4 @@ public class EncodingUtils {
 		return subarray;
 	}
 
-	private EncodingUtils() {
-	}
-
 }
diff --git a/etc/checkstyle/checkstyle-suppressions.xml b/etc/checkstyle/checkstyle-suppressions.xml
index 3fd9f4387c..ae0b46bcac 100644
--- a/etc/checkstyle/checkstyle-suppressions.xml
+++ b/etc/checkstyle/checkstyle-suppressions.xml
@@ -3,7 +3,6 @@
 		"-//Checkstyle//DTD SuppressionFilter Configuration 1.2//EN"
 		"https://checkstyle.org/dtds/suppressions_1_2.dtd">
 <suppressions>
-	<suppress files=".*" checks="FinalClass" />
 	<suppress files=".*" checks="InnerAssignment" />
 	<suppress files=".*" checks="InnerTypeLast" />
 	<suppress files=".*" checks="InterfaceIsType" />
diff --git a/messaging/src/test/java/org/springframework/security/messaging/handler/invocation/ResolvableMethod.java b/messaging/src/test/java/org/springframework/security/messaging/handler/invocation/ResolvableMethod.java
index 9f969752e4..999589a8ce 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/handler/invocation/ResolvableMethod.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/handler/invocation/ResolvableMethod.java
@@ -127,7 +127,7 @@ import static java.util.stream.Collectors.joining;
  * @author Rossen Stoyanchev
  * @since 5.2
  */
-public class ResolvableMethod {
+public final class ResolvableMethod {
 
 	private static final Log logger = LogFactory.getLog(ResolvableMethod.class);
 
@@ -258,7 +258,7 @@ public class ResolvableMethod {
 	/**
 	 * Builder for {@code ResolvableMethod}.
 	 */
-	public static class Builder<T> {
+	public static final class Builder<T> {
 
 		private final Class<?> objectClass;
 
@@ -400,7 +400,7 @@ public class ResolvableMethod {
 		 * <p>
 		 * {@code build().method()}
 		 */
-		public final Method resolveMethod() {
+		public Method resolveMethod() {
 			return method().method();
 		}
 
@@ -418,7 +418,7 @@ public class ResolvableMethod {
 		 * <p>
 		 * {@code build().returnType()}
 		 */
-		public final MethodParameter resolveReturnType() {
+		public MethodParameter resolveReturnType() {
 			return method().returnType();
 		}
 
@@ -466,7 +466,7 @@ public class ResolvableMethod {
 	/**
 	 * Predicate with a descriptive label.
 	 */
-	private static class LabeledPredicate<T> implements Predicate<T> {
+	private static final class LabeledPredicate<T> implements Predicate<T> {
 
 		private final String label;
 
@@ -507,7 +507,7 @@ public class ResolvableMethod {
 	/**
 	 * Resolver for method arguments.
 	 */
-	public class ArgResolver {
+	public final class ArgResolver {
 
 		private final List<Predicate<MethodParameter>> filters = new ArrayList<>(4);
 
@@ -578,7 +578,7 @@ public class ResolvableMethod {
 		/**
 		 * Resolve the argument.
 		 */
-		public final MethodParameter arg() {
+		public MethodParameter arg() {
 			List<MethodParameter> matches = applyFilters();
 			Assert.state(!matches.isEmpty(), () -> "No matching arg in method\n" + formatMethod());
 			Assert.state(matches.size() == 1,
@@ -588,8 +588,8 @@ public class ResolvableMethod {
 
 		private List<MethodParameter> applyFilters() {
 			List<MethodParameter> matches = new ArrayList<>();
-			for (int i = 0; i < method.getParameterCount(); i++) {
-				MethodParameter param = new SynthesizingMethodParameter(method, i);
+			for (int i = 0; i < ResolvableMethod.this.method.getParameterCount(); i++) {
+				MethodParameter param = new SynthesizingMethodParameter(ResolvableMethod.this.method, i);
 				param.initParameterNameDiscovery(nameDiscoverer);
 				if (this.filters.stream().allMatch(p -> p.test(param))) {
 					matches.add(param);
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizationContext.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizationContext.java
index 38779bf650..7dcbed8268 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizationContext.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizationContext.java
@@ -140,7 +140,7 @@ public final class OAuth2AuthorizationContext {
 	/**
 	 * A builder for {@link OAuth2AuthorizationContext}.
 	 */
-	public static class Builder {
+	public static final class Builder {
 
 		private ClientRegistration clientRegistration;
 
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizeRequest.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizeRequest.java
index 26c1fababb..aead6ea1ab 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizeRequest.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizeRequest.java
@@ -122,7 +122,7 @@ public final class OAuth2AuthorizeRequest {
 	/**
 	 * A builder for {@link OAuth2AuthorizeRequest}.
 	 */
-	public static class Builder {
+	public static final class Builder {
 
 		private String clientRegistrationId;
 
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientProviderBuilder.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientProviderBuilder.java
index a3e8a1e08a..4a510258e8 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientProviderBuilder.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientProviderBuilder.java
@@ -89,7 +89,7 @@ public final class OAuth2AuthorizedClientProviderBuilder {
 	/**
 	 * A builder for the {@code authorization_code} grant.
 	 */
-	public class AuthorizationCodeGrantBuilder implements Builder {
+	public final class AuthorizationCodeGrantBuilder implements Builder {
 
 		private AuthorizationCodeGrantBuilder() {
 		}
@@ -131,7 +131,7 @@ public final class OAuth2AuthorizedClientProviderBuilder {
 	/**
 	 * A builder for the {@code refresh_token} grant.
 	 */
-	public class RefreshTokenGrantBuilder implements Builder {
+	public final class RefreshTokenGrantBuilder implements Builder {
 
 		private OAuth2AccessTokenResponseClient<OAuth2RefreshTokenGrantRequest> accessTokenResponseClient;
 
@@ -226,7 +226,7 @@ public final class OAuth2AuthorizedClientProviderBuilder {
 	/**
 	 * A builder for the {@code client_credentials} grant.
 	 */
-	public class ClientCredentialsGrantBuilder implements Builder {
+	public final class ClientCredentialsGrantBuilder implements Builder {
 
 		private OAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest> accessTokenResponseClient;
 
@@ -319,7 +319,7 @@ public final class OAuth2AuthorizedClientProviderBuilder {
 	/**
 	 * A builder for the {@code password} grant.
 	 */
-	public class PasswordGrantBuilder implements Builder {
+	public final class PasswordGrantBuilder implements Builder {
 
 		private OAuth2AccessTokenResponseClient<OAuth2PasswordGrantRequest> accessTokenResponseClient;
 
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientProviderBuilder.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientProviderBuilder.java
index 2149cc1440..2e6eb85eb4 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientProviderBuilder.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientProviderBuilder.java
@@ -89,7 +89,7 @@ public final class ReactiveOAuth2AuthorizedClientProviderBuilder {
 	/**
 	 * A builder for the {@code authorization_code} grant.
 	 */
-	public class AuthorizationCodeGrantBuilder implements Builder {
+	public final class AuthorizationCodeGrantBuilder implements Builder {
 
 		private AuthorizationCodeGrantBuilder() {
 		}
@@ -133,7 +133,7 @@ public final class ReactiveOAuth2AuthorizedClientProviderBuilder {
 	/**
 	 * A builder for the {@code refresh_token} grant.
 	 */
-	public class RefreshTokenGrantBuilder implements Builder {
+	public final class RefreshTokenGrantBuilder implements Builder {
 
 		private ReactiveOAuth2AccessTokenResponseClient<OAuth2RefreshTokenGrantRequest> accessTokenResponseClient;
 
@@ -230,7 +230,7 @@ public final class ReactiveOAuth2AuthorizedClientProviderBuilder {
 	/**
 	 * A builder for the {@code client_credentials} grant.
 	 */
-	public class ClientCredentialsGrantBuilder implements Builder {
+	public final class ClientCredentialsGrantBuilder implements Builder {
 
 		private ReactiveOAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest> accessTokenResponseClient;
 
@@ -325,7 +325,7 @@ public final class ReactiveOAuth2AuthorizedClientProviderBuilder {
 	/**
 	 * A builder for the {@code password} grant.
 	 */
-	public class PasswordGrantBuilder implements Builder {
+	public final class PasswordGrantBuilder implements Builder {
 
 		private ReactiveOAuth2AccessTokenResponseClient<OAuth2PasswordGrantRequest> accessTokenResponseClient;
 
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistration.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistration.java
index 807f915db6..b4ecb5748d 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistration.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistration.java
@@ -195,7 +195,7 @@ public final class ClientRegistration implements Serializable {
 
 		private Map<String, Object> configurationMetadata = Collections.emptyMap();
 
-		private ProviderDetails() {
+		ProviderDetails() {
 		}
 
 		/**
@@ -263,7 +263,7 @@ public final class ClientRegistration implements Serializable {
 
 			private String userNameAttributeName;
 
-			private UserInfoEndpoint() {
+			UserInfoEndpoint() {
 			}
 
 			/**
@@ -322,7 +322,7 @@ public final class ClientRegistration implements Serializable {
 	/**
 	 * A builder for {@link ClientRegistration}.
 	 */
-	public static class Builder implements Serializable {
+	public static final class Builder implements Serializable {
 
 		private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
 
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunction.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunction.java
index 480c793c85..9ea3263d5b 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunction.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunction.java
@@ -131,7 +131,7 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements
 	private final Mono<Authentication> currentAuthenticationMono = ReactiveSecurityContextHolder.getContext()
 			.map(SecurityContext::getAuthentication).defaultIfEmpty(ANONYMOUS_USER_TOKEN);
 
-	private final Mono<String> clientRegistrationIdMono = currentAuthenticationMono
+	private final Mono<String> clientRegistrationIdMono = this.currentAuthenticationMono
 			.filter(t -> this.defaultOAuth2AuthorizedClient && t instanceof OAuth2AuthenticationToken)
 			.cast(OAuth2AuthenticationToken.class).map(OAuth2AuthenticationToken::getAuthorizedClientRegistrationId);
 
@@ -472,7 +472,7 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements
 	private Mono<String> effectiveClientRegistrationId(ClientRequest request) {
 		return Mono.justOrEmpty(clientRegistrationId(request))
 				.switchIfEmpty(Mono.justOrEmpty(this.defaultClientRegistrationId))
-				.switchIfEmpty(clientRegistrationIdMono);
+				.switchIfEmpty(this.clientRegistrationIdMono);
 	}
 
 	/**
@@ -488,7 +488,7 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements
 	 * {@link ServerWebExchange} that is active for the given request.
 	 */
 	private Mono<Optional<ServerWebExchange>> effectiveServerWebExchange(ClientRequest request) {
-		return Mono.justOrEmpty(serverWebExchange(request)).switchIfEmpty(currentServerWebExchangeMono)
+		return Mono.justOrEmpty(serverWebExchange(request)).switchIfEmpty(this.currentServerWebExchangeMono)
 				.map(Optional::of).defaultIfEmpty(Optional.empty());
 	}
 
@@ -534,7 +534,7 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements
 		this.clientResponseHandler = new AuthorizationFailureForwarder(authorizationFailureHandler);
 	}
 
-	private static class UnAuthenticatedReactiveOAuth2AuthorizedClientManager
+	private static final class UnAuthenticatedReactiveOAuth2AuthorizedClientManager
 			implements ReactiveOAuth2AuthorizedClientManager {
 
 		private final ReactiveClientRegistrationRepository clientRegistrationRepository;
@@ -628,7 +628,7 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements
 	 *
 	 * @since 5.3
 	 */
-	private class AuthorizationFailureForwarder implements ClientResponseHandler {
+	private final class AuthorizationFailureForwarder implements ClientResponseHandler {
 
 		/**
 		 * A map of HTTP Status Code to OAuth 2.0 Error codes for HTTP status codes that
@@ -667,7 +667,9 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements
 
 				Mono<String> clientRegistrationId = effectiveClientRegistrationId(request);
 
-				return Mono.zip(currentAuthenticationMono, serverWebExchange, clientRegistrationId)
+				return Mono
+						.zip(ServerOAuth2AuthorizedClientExchangeFilterFunction.this.currentAuthenticationMono,
+								serverWebExchange, clientRegistrationId)
 						.flatMap(tuple3 -> handleAuthorizationFailure(tuple3.getT1(), // Authentication
 																						// principal
 								tuple3.getT2().orElse(null), // ServerWebExchange exchange
@@ -723,7 +725,9 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements
 
 				Mono<String> clientRegistrationId = effectiveClientRegistrationId(request);
 
-				return Mono.zip(currentAuthenticationMono, serverWebExchange, clientRegistrationId)
+				return Mono
+						.zip(ServerOAuth2AuthorizedClientExchangeFilterFunction.this.currentAuthenticationMono,
+								serverWebExchange, clientRegistrationId)
 						.flatMap(tuple3 -> handleAuthorizationFailure(tuple3.getT1(), // Authentication
 																						// principal
 								tuple3.getT2().orElse(null), // ServerWebExchange exchange
@@ -744,11 +748,13 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements
 		private Mono<Void> handleAuthorizationException(ClientRequest request, OAuth2AuthorizationException exception) {
 			Mono<Optional<ServerWebExchange>> serverWebExchange = effectiveServerWebExchange(request);
 
-			return Mono.zip(currentAuthenticationMono, serverWebExchange)
-					.flatMap(tuple2 -> handleAuthorizationFailure(tuple2.getT1(), // Authentication
+			return Mono.zip(ServerOAuth2AuthorizedClientExchangeFilterFunction.this.currentAuthenticationMono,
+					serverWebExchange).flatMap(
+							tuple2 -> handleAuthorizationFailure(tuple2.getT1(), // Authentication
 																					// principal
-							tuple2.getT2().orElse(null), // ServerWebExchange exchange
-							exception));
+									tuple2.getT2().orElse(null), // ServerWebExchange
+																	// exchange
+									exception));
 		}
 
 		/**
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunction.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunction.java
index 6849ee1178..6600151027 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunction.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunction.java
@@ -637,7 +637,7 @@ public final class ServletOAuth2AuthorizedClientExchangeFilterFunction implement
 	 *
 	 * @since 5.3
 	 */
-	private static class AuthorizationFailureForwarder implements ClientResponseHandler {
+	private static final class AuthorizationFailureForwarder implements ClientResponseHandler {
 
 		/**
 		 * A map of HTTP status code to OAuth 2.0 error code for HTTP status codes that
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/JdbcOAuth2AuthorizedClientServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/JdbcOAuth2AuthorizedClientServiceTests.java
index 12faee7be2..fde3807a62 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/JdbcOAuth2AuthorizedClientServiceTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/JdbcOAuth2AuthorizedClientServiceTests.java
@@ -398,7 +398,7 @@ public class JdbcOAuth2AuthorizedClientServiceTests {
 		return new OAuth2AuthorizedClient(clientRegistration, principal.getName(), accessToken, refreshToken);
 	}
 
-	private static class CustomTableDefinitionJdbcOAuth2AuthorizedClientService
+	private final static class CustomTableDefinitionJdbcOAuth2AuthorizedClientService
 			extends JdbcOAuth2AuthorizedClientService {
 
 		private static final String COLUMN_NAMES = "clientRegistrationId, " + "principalName, " + "accessTokenType, "
@@ -453,7 +453,7 @@ public class JdbcOAuth2AuthorizedClientServiceTests {
 			this.jdbcOperations.update(REMOVE_AUTHORIZED_CLIENT_SQL, pss);
 		}
 
-		private static class OAuth2AuthorizedClientRowMapper implements RowMapper<OAuth2AuthorizedClient> {
+		private final static class OAuth2AuthorizedClientRowMapper implements RowMapper<OAuth2AuthorizedClient> {
 
 			private final ClientRegistrationRepository clientRegistrationRepository;
 
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DelegatingOAuth2UserServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DelegatingOAuth2UserServiceTests.java
index 96306065a0..6038e10130 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DelegatingOAuth2UserServiceTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DelegatingOAuth2UserServiceTests.java
@@ -47,8 +47,9 @@ public class DelegatingOAuth2UserServiceTests {
 	@Test(expected = IllegalArgumentException.class)
 	@SuppressWarnings("unchecked")
 	public void loadUserWhenUserRequestIsNullThenThrowIllegalArgumentException() {
+		OAuth2UserService<OAuth2UserRequest, OAuth2User> userService = mock(OAuth2UserService.class);
 		DelegatingOAuth2UserService<OAuth2UserRequest, OAuth2User> delegatingUserService = new DelegatingOAuth2UserService<>(
-				Arrays.asList(mock(OAuth2UserService.class), mock(OAuth2UserService.class)));
+				Arrays.asList(userService, userService));
 		delegatingUserService.loadUser(null);
 	}
 
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponse.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponse.java
index 13a0ff023d..1d26409579 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponse.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponse.java
@@ -94,7 +94,7 @@ public final class OAuth2AccessTokenResponse {
 	/**
 	 * A builder for {@link OAuth2AccessTokenResponse}.
 	 */
-	public static class Builder {
+	public static final class Builder {
 
 		private String tokenValue;
 
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequest.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequest.java
index ced36218f8..7b43028e73 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequest.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequest.java
@@ -226,7 +226,7 @@ public final class OAuth2AuthorizationRequest implements Serializable {
 	/**
 	 * A builder for {@link OAuth2AuthorizationRequest}.
 	 */
-	public static class Builder {
+	public static final class Builder {
 
 		private String authorizationUri;
 
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationResponse.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationResponse.java
index a43785e4b2..3cb0d23607 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationResponse.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationResponse.java
@@ -118,7 +118,7 @@ public final class OAuth2AuthorizationResponse {
 	/**
 	 * A builder for {@link OAuth2AuthorizationResponse}.
 	 */
-	public static class Builder {
+	public static final class Builder {
 
 		private String redirectUri;
 
diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/authorization/PayloadExchangeMatcherReactiveAuthorizationManager.java b/rsocket/src/main/java/org/springframework/security/rsocket/authorization/PayloadExchangeMatcherReactiveAuthorizationManager.java
index aa132a8528..cd3e7015aa 100644
--- a/rsocket/src/main/java/org/springframework/security/rsocket/authorization/PayloadExchangeMatcherReactiveAuthorizationManager.java
+++ b/rsocket/src/main/java/org/springframework/security/rsocket/authorization/PayloadExchangeMatcherReactiveAuthorizationManager.java
@@ -38,7 +38,7 @@ import org.springframework.util.Assert;
  * @author Rob Winch
  * @since 5.2
  */
-public class PayloadExchangeMatcherReactiveAuthorizationManager
+public final class PayloadExchangeMatcherReactiveAuthorizationManager
 		implements ReactiveAuthorizationManager<PayloadExchange> {
 
 	private final List<PayloadExchangeMatcherEntry<ReactiveAuthorizationManager<PayloadExchangeAuthorizationContext>>> mappings;
@@ -63,7 +63,7 @@ public class PayloadExchangeMatcherReactiveAuthorizationManager
 		return new PayloadExchangeMatcherReactiveAuthorizationManager.Builder();
 	}
 
-	public static class Builder {
+	public static final class Builder {
 
 		private final List<PayloadExchangeMatcherEntry<ReactiveAuthorizationManager<PayloadExchangeAuthorizationContext>>> mappings = new ArrayList<>();
 
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProvider.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProvider.java
index 1980184f02..cf749a5361 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProvider.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProvider.java
@@ -673,7 +673,7 @@ public final class OpenSamlAuthenticationProvider implements AuthenticationProvi
 	 *
 	 * @since 5.4
 	 */
-	public static class Tuple {
+	public static final class Tuple {
 
 		private final Saml2AuthenticationToken authentication;
 
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationRequest.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationRequest.java
index bb00ebcb36..7f428f7a3e 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationRequest.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationRequest.java
@@ -119,7 +119,7 @@ public final class Saml2AuthenticationRequest {
 	/**
 	 * A builder for {@link Saml2AuthenticationRequest}.
 	 */
-	public static class Builder {
+	public static final class Builder {
 
 		private String issuer;
 
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationRequestContext.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationRequestContext.java
index 690ebbd98a..53c87b0560 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationRequestContext.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationRequestContext.java
@@ -108,7 +108,7 @@ public class Saml2AuthenticationRequestContext {
 	/**
 	 * A builder for {@link Saml2AuthenticationRequestContext}.
 	 */
-	public static class Builder {
+	public static final class Builder {
 
 		private String issuer;
 
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2PostAuthenticationRequest.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2PostAuthenticationRequest.java
index b767af35e6..99503faf40 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2PostAuthenticationRequest.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2PostAuthenticationRequest.java
@@ -31,7 +31,7 @@ import static org.springframework.security.saml2.provider.service.registration.S
  */
 public class Saml2PostAuthenticationRequest extends AbstractSaml2AuthenticationRequest {
 
-	private Saml2PostAuthenticationRequest(String samlRequest, String relayState, String authenticationRequestUri) {
+	Saml2PostAuthenticationRequest(String samlRequest, String relayState, String authenticationRequestUri) {
 		super(samlRequest, relayState, authenticationRequestUri);
 	}
 
@@ -59,7 +59,7 @@ public class Saml2PostAuthenticationRequest extends AbstractSaml2AuthenticationR
 	/**
 	 * Builder class for a {@link Saml2PostAuthenticationRequest} object.
 	 */
-	public static class Builder extends AbstractSaml2AuthenticationRequest.Builder<Builder> {
+	public static final class Builder extends AbstractSaml2AuthenticationRequest.Builder<Builder> {
 
 		private Builder() {
 			super();
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2RedirectAuthenticationRequest.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2RedirectAuthenticationRequest.java
index a4b0d25c95..c9d2909156 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2RedirectAuthenticationRequest.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2RedirectAuthenticationRequest.java
@@ -29,7 +29,7 @@ import static org.springframework.security.saml2.provider.service.registration.S
  * @since 5.3
  * @see Saml2AuthenticationRequestFactory
  */
-public class Saml2RedirectAuthenticationRequest extends AbstractSaml2AuthenticationRequest {
+public final class Saml2RedirectAuthenticationRequest extends AbstractSaml2AuthenticationRequest {
 
 	private final String sigAlg;
 
@@ -82,7 +82,7 @@ public class Saml2RedirectAuthenticationRequest extends AbstractSaml2Authenticat
 	/**
 	 * Builder class for a {@link Saml2RedirectAuthenticationRequest} object.
 	 */
-	public static class Builder extends AbstractSaml2AuthenticationRequest.Builder<Builder> {
+	public static final class Builder extends AbstractSaml2AuthenticationRequest.Builder<Builder> {
 
 		private String sigAlg;
 
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistration.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistration.java
index fea758f5a1..f739e7e427 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistration.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistration.java
@@ -28,6 +28,8 @@ import java.util.function.Consumer;
 import java.util.function.Function;
 
 import org.springframework.security.saml2.core.Saml2X509Credential;
+import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails;
+import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.ProviderDetails;
 import org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationFilter;
 import org.springframework.util.Assert;
 
@@ -69,7 +71,7 @@ import org.springframework.util.Assert;
  * @author Josh Cummings
  * @since 5.2
  */
-public class RelyingPartyRegistration {
+public final class RelyingPartyRegistration {
 
 	private final String registrationId;
 
diff --git a/test/src/main/java/org/springframework/security/test/context/support/WithUserDetailsSecurityContextFactory.java b/test/src/main/java/org/springframework/security/test/context/support/WithUserDetailsSecurityContextFactory.java
index 55b3d48060..c1be09f80c 100644
--- a/test/src/main/java/org/springframework/security/test/context/support/WithUserDetailsSecurityContextFactory.java
+++ b/test/src/main/java/org/springframework/security/test/context/support/WithUserDetailsSecurityContextFactory.java
@@ -87,7 +87,7 @@ final class WithUserDetailsSecurityContextFactory implements WithSecurityContext
 		}
 	}
 
-	private class ReactiveUserDetailsServiceAdapter implements UserDetailsService {
+	private final class ReactiveUserDetailsServiceAdapter implements UserDetailsService {
 
 		private final ReactiveUserDetailsService userDetailsService;
 
diff --git a/test/src/main/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurers.java b/test/src/main/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurers.java
index 153e4692cd..6fc1d68fef 100644
--- a/test/src/main/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurers.java
+++ b/test/src/main/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurers.java
@@ -242,7 +242,10 @@ public class SecurityMockServerConfigurers {
 		return new CsrfMutator();
 	}
 
-	public static class CsrfMutator implements WebTestClientConfigurer, MockServerConfigurer {
+	public static final class CsrfMutator implements WebTestClientConfigurer, MockServerConfigurer {
+
+		private CsrfMutator() {
+		}
 
 		@Override
 		public void afterConfigurerAdded(WebTestClient.Builder builder,
@@ -262,9 +265,6 @@ public class SecurityMockServerConfigurers {
 
 		}
 
-		private CsrfMutator() {
-		}
-
 	}
 
 	/**
@@ -272,7 +272,7 @@ public class SecurityMockServerConfigurers {
 	 * SecurityMockServerConfigurers#mockUser(UserDetails)}}. Defaults to use a password
 	 * of "password" and granted authorities of "ROLE_USER".
 	 */
-	public static class UserExchangeMutator implements WebTestClientConfigurer, MockServerConfigurer {
+	public static final class UserExchangeMutator implements WebTestClientConfigurer, MockServerConfigurer {
 
 		private final User.UserBuilder userBuilder;
 
@@ -376,7 +376,7 @@ public class SecurityMockServerConfigurers {
 
 	}
 
-	private static class MutatorWebTestClientConfigurer implements WebTestClientConfigurer, MockServerConfigurer {
+	private static final class MutatorWebTestClientConfigurer implements WebTestClientConfigurer, MockServerConfigurer {
 
 		private final Supplier<Mono<SecurityContext>> context;
 
@@ -402,7 +402,7 @@ public class SecurityMockServerConfigurers {
 
 	}
 
-	private static class SetupMutatorFilter implements WebFilter {
+	private static final class SetupMutatorFilter implements WebFilter {
 
 		private final Supplier<Mono<SecurityContext>> context;
 
@@ -443,7 +443,7 @@ public class SecurityMockServerConfigurers {
 	 * @author Josh Cummings
 	 * @since 5.2
 	 */
-	public static class JwtMutator implements WebTestClientConfigurer, MockServerConfigurer {
+	public static final class JwtMutator implements WebTestClientConfigurer, MockServerConfigurer {
 
 		private Jwt jwt;
 
@@ -1149,7 +1149,7 @@ public class SecurityMockServerConfigurers {
 		 * Used to wrap the {@link OAuth2AuthorizedClientManager} to provide support for
 		 * testing when the request is wrapped
 		 */
-		private static class TestReactiveOAuth2AuthorizedClientManager
+		private static final class TestReactiveOAuth2AuthorizedClientManager
 				implements ReactiveOAuth2AuthorizedClientManager {
 
 			final static String TOKEN_ATTR_NAME = TestReactiveOAuth2AuthorizedClientManager.class.getName()
@@ -1186,10 +1186,13 @@ public class SecurityMockServerConfigurers {
 
 		}
 
-		private static class OAuth2ClientServerTestUtils {
+		private static final class OAuth2ClientServerTestUtils {
 
 			private static final ServerOAuth2AuthorizedClientRepository DEFAULT_CLIENT_REPO = new WebSessionServerOAuth2AuthorizedClientRepository();
 
+			private OAuth2ClientServerTestUtils() {
+			}
+
 			/**
 			 * Gets the {@link ReactiveOAuth2AuthorizedClientManager} for the specified
 			 * {@link ServerWebExchange}. If one is not found, one based off of
@@ -1278,9 +1281,6 @@ public class SecurityMockServerConfigurers {
 
 			}
 
-			private OAuth2ClientServerTestUtils() {
-			}
-
 		}
 
 	}
diff --git a/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessors.java b/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessors.java
index 1cfa77fee4..e40a60659b 100644
--- a/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessors.java
+++ b/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessors.java
@@ -457,7 +457,7 @@ public final class SecurityMockMvcRequestPostProcessors {
 	/**
 	 * Populates the X509Certificate instances onto the request
 	 */
-	private static class X509RequestPostProcessor implements RequestPostProcessor {
+	private static final class X509RequestPostProcessor implements RequestPostProcessor {
 
 		private final X509Certificate[] certificates;
 
@@ -480,12 +480,15 @@ public final class SecurityMockMvcRequestPostProcessors {
 	 * @author Rob Winch
 	 * @since 4.0
 	 */
-	public static class CsrfRequestPostProcessor implements RequestPostProcessor {
+	public static final class CsrfRequestPostProcessor implements RequestPostProcessor {
 
 		private boolean asHeader;
 
 		private boolean useInvalidToken;
 
+		private CsrfRequestPostProcessor() {
+		}
+
 		/*
 		 * (non-Javadoc)
 		 *
@@ -531,9 +534,6 @@ public final class SecurityMockMvcRequestPostProcessors {
 			return this;
 		}
 
-		private CsrfRequestPostProcessor() {
-		}
-
 		/**
 		 * Used to wrap the CsrfTokenRepository to provide support for testing when the
 		 * request is wrapped (i.e. Spring Session is in use).
@@ -759,7 +759,7 @@ public final class SecurityMockMvcRequestPostProcessors {
 		 * Used to wrap the SecurityContextRepository to provide support for testing in
 		 * stateless mode
 		 */
-		static class TestSecurityContextRepository implements SecurityContextRepository {
+		static final class TestSecurityContextRepository implements SecurityContextRepository {
 
 			private final static String ATTR_NAME = TestSecurityContextRepository.class.getName().concat(".REPO");
 
@@ -1035,7 +1035,7 @@ public final class SecurityMockMvcRequestPostProcessors {
 
 	}
 
-	private static class HttpBasicRequestPostProcessor implements RequestPostProcessor {
+	private static final class HttpBasicRequestPostProcessor implements RequestPostProcessor {
 
 		private String headerValue;
 
@@ -1648,7 +1648,7 @@ public final class SecurityMockMvcRequestPostProcessors {
 		 * Used to wrap the {@link OAuth2AuthorizedClientManager} to provide support for
 		 * testing when the request is wrapped
 		 */
-		private static class TestOAuth2AuthorizedClientManager implements OAuth2AuthorizedClientManager {
+		private static final class TestOAuth2AuthorizedClientManager implements OAuth2AuthorizedClientManager {
 
 			final static String TOKEN_ATTR_NAME = TestOAuth2AuthorizedClientManager.class.getName().concat(".TOKEN");
 
@@ -1682,7 +1682,7 @@ public final class SecurityMockMvcRequestPostProcessors {
 
 		}
 
-		private static class OAuth2ClientServletTestUtils {
+		private static final class OAuth2ClientServletTestUtils {
 
 			private static final OAuth2AuthorizedClientRepository DEFAULT_CLIENT_REPO = new HttpSessionOAuth2AuthorizedClientRepository();
 
diff --git a/web/src/main/java/org/springframework/security/web/FilterChainProxy.java b/web/src/main/java/org/springframework/security/web/FilterChainProxy.java
index 20331a208c..54cf8b3778 100644
--- a/web/src/main/java/org/springframework/security/web/FilterChainProxy.java
+++ b/web/src/main/java/org/springframework/security/web/FilterChainProxy.java
@@ -294,7 +294,7 @@ public class FilterChainProxy extends GenericFilterBean {
 	 * Internal {@code FilterChain} implementation that is used to pass a request through
 	 * the additional internal list of filters which match the request.
 	 */
-	private static class VirtualFilterChain implements FilterChain {
+	private static final class VirtualFilterChain implements FilterChain {
 
 		private final FilterChain originalChain;
 
diff --git a/web/src/main/java/org/springframework/security/web/server/authorization/DelegatingReactiveAuthorizationManager.java b/web/src/main/java/org/springframework/security/web/server/authorization/DelegatingReactiveAuthorizationManager.java
index 5799269cb8..63b542ed52 100644
--- a/web/src/main/java/org/springframework/security/web/server/authorization/DelegatingReactiveAuthorizationManager.java
+++ b/web/src/main/java/org/springframework/security/web/server/authorization/DelegatingReactiveAuthorizationManager.java
@@ -35,7 +35,7 @@ import org.springframework.web.server.ServerWebExchange;
  * @author Mathieu Ouellet
  * @since 5.0
  */
-public class DelegatingReactiveAuthorizationManager implements ReactiveAuthorizationManager<ServerWebExchange> {
+public final class DelegatingReactiveAuthorizationManager implements ReactiveAuthorizationManager<ServerWebExchange> {
 
 	private static final Log logger = LogFactory.getLog(DelegatingReactiveAuthorizationManager.class);
 
@@ -63,7 +63,7 @@ public class DelegatingReactiveAuthorizationManager implements ReactiveAuthoriza
 		return new DelegatingReactiveAuthorizationManager.Builder();
 	}
 
-	public static class Builder {
+	public static final class Builder {
 
 		private final List<ServerWebExchangeMatcherEntry<ReactiveAuthorizationManager<AuthorizationContext>>> mappings = new ArrayList<>();
 
diff --git a/web/src/main/java/org/springframework/security/web/server/context/NoOpServerSecurityContextRepository.java b/web/src/main/java/org/springframework/security/web/server/context/NoOpServerSecurityContextRepository.java
index 42e1ee275e..06d7ff0cc8 100644
--- a/web/src/main/java/org/springframework/security/web/server/context/NoOpServerSecurityContextRepository.java
+++ b/web/src/main/java/org/springframework/security/web/server/context/NoOpServerSecurityContextRepository.java
@@ -28,13 +28,15 @@ import org.springframework.web.server.ServerWebExchange;
  * @author Rob Winch
  * @since 5.0
  */
-public class NoOpServerSecurityContextRepository implements ServerSecurityContextRepository {
+public final class NoOpServerSecurityContextRepository implements ServerSecurityContextRepository {
 
 	private static final NoOpServerSecurityContextRepository INSTANCE = new NoOpServerSecurityContextRepository();
 
+	private NoOpServerSecurityContextRepository() {
+	}
+
 	public Mono<Void> save(ServerWebExchange exchange, SecurityContext context) {
 		return Mono.empty();
-
 	}
 
 	public Mono<SecurityContext> load(ServerWebExchange exchange) {
@@ -45,7 +47,4 @@ public class NoOpServerSecurityContextRepository implements ServerSecurityContex
 		return INSTANCE;
 	}
 
-	private NoOpServerSecurityContextRepository() {
-	}
-
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/savedrequest/NoOpServerRequestCache.java b/web/src/main/java/org/springframework/security/web/server/savedrequest/NoOpServerRequestCache.java
index b14c64db85..3155e69845 100644
--- a/web/src/main/java/org/springframework/security/web/server/savedrequest/NoOpServerRequestCache.java
+++ b/web/src/main/java/org/springframework/security/web/server/savedrequest/NoOpServerRequestCache.java
@@ -30,7 +30,10 @@ import org.springframework.web.server.ServerWebExchange;
  * @author Rob Winch
  * @since 5.0
  */
-public class NoOpServerRequestCache implements ServerRequestCache {
+public final class NoOpServerRequestCache implements ServerRequestCache {
+
+	private NoOpServerRequestCache() {
+	}
 
 	@Override
 	public Mono<Void> saveRequest(ServerWebExchange exchange) {
@@ -51,7 +54,4 @@ public class NoOpServerRequestCache implements ServerRequestCache {
 		return new NoOpServerRequestCache();
 	}
 
-	private NoOpServerRequestCache() {
-	}
-
 }
diff --git a/web/src/main/java/org/springframework/security/web/util/matcher/AntPathRequestMatcher.java b/web/src/main/java/org/springframework/security/web/util/matcher/AntPathRequestMatcher.java
index f995c831da..5005f6a140 100644
--- a/web/src/main/java/org/springframework/security/web/util/matcher/AntPathRequestMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/util/matcher/AntPathRequestMatcher.java
@@ -263,7 +263,7 @@ public final class AntPathRequestMatcher implements RequestMatcher, RequestVaria
 
 	}
 
-	private static class SpringAntMatcher implements Matcher {
+	private static final class SpringAntMatcher implements Matcher {
 
 		private final AntPathMatcher antMatcher;
 
@@ -296,7 +296,7 @@ public final class AntPathRequestMatcher implements RequestMatcher, RequestVaria
 	/**
 	 * Optimized matcher for trailing wildcards
 	 */
-	private static class SubpathMatcher implements Matcher {
+	private static final class SubpathMatcher implements Matcher {
 
 		private final String subpath;
 
diff --git a/web/src/test/java/org/springframework/security/test/web/reactive/server/WebTestHandler.java b/web/src/test/java/org/springframework/security/test/web/reactive/server/WebTestHandler.java
index a92872d685..166e893415 100644
--- a/web/src/test/java/org/springframework/security/test/web/reactive/server/WebTestHandler.java
+++ b/web/src/test/java/org/springframework/security/test/web/reactive/server/WebTestHandler.java
@@ -30,7 +30,7 @@ import org.springframework.web.server.handler.FilteringWebHandler;
  * @author Rob Winch
  * @since 5.0
  */
-public class WebTestHandler {
+public final class WebTestHandler {
 
 	private final MockWebHandler webHandler = new MockWebHandler();
 
@@ -50,7 +50,7 @@ public class WebTestHandler {
 		return new WebHandlerResult(webHandler.exchange);
 	}
 
-	public static class WebHandlerResult {
+	public static final class WebHandlerResult {
 
 		private final ServerWebExchange exchange;
 
diff --git a/web/src/test/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServicesTests.java b/web/src/test/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServicesTests.java
index 77a0d51b79..6d72826eb5 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServicesTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServicesTests.java
@@ -138,7 +138,7 @@ public class PersistentTokenBasedRememberMeServicesTests {
 		return services;
 	}
 
-	private class MockTokenRepository implements PersistentTokenRepository {
+	private final class MockTokenRepository implements PersistentTokenRepository {
 
 		private PersistentRememberMeToken storedToken;
 
diff --git a/web/src/test/java/org/springframework/security/web/method/ResolvableMethod.java b/web/src/test/java/org/springframework/security/web/method/ResolvableMethod.java
index b0950c542e..605a796c27 100644
--- a/web/src/test/java/org/springframework/security/web/method/ResolvableMethod.java
+++ b/web/src/test/java/org/springframework/security/web/method/ResolvableMethod.java
@@ -126,7 +126,7 @@ import static java.util.stream.Collectors.joining;
  * @author Rossen Stoyanchev
  * @since 5.0
  */
-public class ResolvableMethod {
+public final class ResolvableMethod {
 
 	private static final Log logger = LogFactory.getLog(ResolvableMethod.class);
 
@@ -253,7 +253,7 @@ public class ResolvableMethod {
 	/**
 	 * Builder for {@code ResolvableMethod}.
 	 */
-	public static class Builder<T> {
+	public static final class Builder<T> {
 
 		private final Class<?> objectClass;
 
@@ -386,7 +386,7 @@ public class ResolvableMethod {
 		 * <p>
 		 * {@code build().method()}
 		 */
-		public final Method resolveMethod() {
+		public Method resolveMethod() {
 			return build().method();
 		}
 
@@ -404,7 +404,7 @@ public class ResolvableMethod {
 		 * <p>
 		 * {@code build().returnType()}
 		 */
-		public final MethodParameter resolveReturnType() {
+		public MethodParameter resolveReturnType() {
 			return build().returnType();
 		}
 
@@ -452,7 +452,7 @@ public class ResolvableMethod {
 	/**
 	 * Predicate with a descriptive label.
 	 */
-	private static class LabeledPredicate<T> implements Predicate<T> {
+	private static final class LabeledPredicate<T> implements Predicate<T> {
 
 		private final String label;
 
@@ -493,7 +493,7 @@ public class ResolvableMethod {
 	/**
 	 * Resolver for method arguments.
 	 */
-	public class ArgResolver {
+	public final class ArgResolver {
 
 		private final List<Predicate<MethodParameter>> filters = new ArrayList<>(4);
 
@@ -564,7 +564,7 @@ public class ResolvableMethod {
 		/**
 		 * Resolve the argument.
 		 */
-		public final MethodParameter arg() {
+		public MethodParameter arg() {
 			List<MethodParameter> matches = applyFilters();
 			Assert.state(!matches.isEmpty(), () -> "No matching arg in method\n" + formatMethod());
 			Assert.state(matches.size() == 1,

From 8866fa6fb065b206724f36d1c9ee1d6bee46a4bd Mon Sep 17 00:00:00 2001
From: Phillip Webb <pwebb@vmware.com>
Date: Sun, 26 Jul 2020 11:51:05 -0700
Subject: [PATCH 18/84] Always use 'this.' when accessing fields

Apply an Eclipse cleanup rules to ensure that fields are always accessed
using `this.`. This aligns with the style used by Spring Framework and
helps users quickly see the difference between a local and member
variable.

Issue gh-8945
---
 .../security/acls/AclEntryVoter.java          |  22 +-
 .../acls/AclPermissionCacheOptimizer.java     |  10 +-
 .../security/acls/AclPermissionEvaluator.java |  24 +-
 .../afterinvocation/AbstractAclProvider.java  |  12 +-
 .../AclEntryAfterInvocationProvider.java      |   2 +-
 .../acls/afterinvocation/ArrayFilterer.java   |  20 +-
 .../afterinvocation/CollectionFilterer.java   |  16 +-
 .../acls/domain/AbstractPermission.java       |   6 +-
 .../acls/domain/AccessControlEntryImpl.java   |  14 +-
 .../domain/AclAuthorizationStrategyImpl.java  |  10 +-
 .../security/acls/domain/AclImpl.java         |  42 +-
 .../acls/domain/DefaultPermissionFactory.java |  16 +-
 .../DefaultPermissionGrantingStrategy.java    |   4 +-
 .../acls/domain/EhCacheBasedAclCache.java     |  18 +-
 .../acls/domain/GrantedAuthoritySid.java      |   2 +-
 .../acls/domain/ObjectIdentityImpl.java       |  14 +-
 .../security/acls/domain/PrincipalSid.java    |   2 +-
 .../acls/domain/SidRetrievalStrategyImpl.java |   2 +-
 .../acls/domain/SpringCacheBasedAclCache.java |  16 +-
 .../security/acls/jdbc/AclClassIdUtils.java   |   8 +-
 .../acls/jdbc/BasicLookupStrategy.java        |  54 +-
 .../security/acls/jdbc/JdbcAclService.java    |   8 +-
 .../acls/jdbc/JdbcMutableAclService.java      |  36 +-
 .../security/acls/TargetObjectWithUUID.java   |   2 +-
 .../AclAuthorizationStrategyImplTests.java    |  10 +-
 .../security/acls/domain/AclImplTests.java    |  98 +--
 .../acls/domain/AuditLoggerTests.java         |  40 +-
 .../acls/domain/ObjectIdentityImplTests.java  |   4 +-
 ...ectIdentityRetrievalStrategyImplTests.java |   2 +-
 .../security/acls/domain/PermissionTests.java |  10 +-
 .../AbstractBasicLookupStrategyTests.java     |  18 +-
 .../acls/jdbc/AclClassIdUtilsTests.java       |  40 +-
 .../BasicLookupStrategyTestsDbHelper.java     |  14 +-
 ...icLookupStrategyWithAclClassTypeTests.java |  14 +-
 .../acls/jdbc/EhCacheBasedAclCacheTests.java  |  95 +--
 .../acls/jdbc/JdbcAclServiceTests.java        |  36 +-
 .../acls/jdbc/JdbcMutableAclServiceTests.java | 176 +++---
 ...cMutableAclServiceTestsWithAclClassId.java |   6 +-
 .../security/acls/sid/CustomSid.java          |   2 +-
 .../acls/sid/SidRetrievalStrategyTests.java   |   4 +-
 .../security/acls/sid/SidTests.java           |   4 +-
 .../aspect/AnnotationSecurityAspectTests.java |  46 +-
 .../CasAuthenticationToken.java               |   2 +-
 .../EhCacheBasedTicketCache.java              |  10 +-
 .../SpringCacheBasedTicketCache.java          |   6 +-
 .../cas/web/CasAuthenticationFilter.java      |  44 +-
 .../DefaultServiceAuthenticationDetails.java  |   8 +-
 .../ServiceAuthenticationDetailsSource.java   |   3 +-
 .../CasAuthenticationProviderTests.java       |   6 +-
 .../CasAuthenticationTokenTests.java          |  39 +-
 .../NullStatelessTicketCacheTests.java        |   8 +-
 .../CasAuthenticationTokenMixinTests.java     |  12 +-
 ...onProviderBuilderSecurityBuilderTests.java |   4 +-
 ...LdapProviderBeanDefinitionParserTests.java |  34 +-
 .../LdapServerBeanDefinitionParserTests.java  |  25 +-
 ...pUserServiceBeanDefinitionParserTests.java |  24 +-
 .../config/SecurityNamespaceHandler.java      |  54 +-
 .../AbstractConfiguredSecurityBuilder.java    |  33 +-
 .../annotation/SecurityConfigurerAdapter.java |   8 +-
 .../AuthenticationManagerBuilder.java         |  15 +-
 .../AuthenticationConfiguration.java          |  23 +-
 .../LdapAuthenticationProviderConfigurer.java |  68 +--
 .../JdbcUserDetailsManagerConfigurer.java     |   6 +-
 .../UserDetailsManagerConfigurer.java         |   4 +-
 .../AbstractDaoAuthenticationConfigurer.java  |  12 +-
 ...utowireBeanFactoryObjectPostProcessor.java |   2 +-
 .../GlobalMethodSecurityConfiguration.java    |  44 +-
 .../ReactiveMethodSecurityConfiguration.java  |   2 +-
 .../web/builders/FilterComparator.java        |  22 +-
 .../annotation/web/builders/HttpSecurity.java |  14 +-
 .../annotation/web/builders/WebSecurity.java  |  36 +-
 ...edWebSecurityConfigurersIgnoreParents.java |   2 +-
 .../HttpSecurityConfiguration.java            |   4 +-
 .../WebMvcSecurityConfiguration.java          |   4 +-
 .../WebSecurityConfiguration.java             |  34 +-
 .../WebSecurityConfigurerAdapter.java         |  98 +--
 ...bstractAuthenticationFilterConfigurer.java |  46 +-
 ...ConfigAttributeRequestMatcherRegistry.java |  10 +-
 .../AbstractInterceptUrlConfigurer.java       |  10 +-
 .../web/configurers/AnonymousConfigurer.java  |  22 +-
 .../ChannelSecurityConfigurer.java            |  22 +-
 .../DefaultLoginPageConfigurer.java           |   8 +-
 .../ExpressionUrlAuthorizationConfigurer.java |  16 +-
 .../web/configurers/HeadersConfigurer.java    | 124 ++--
 .../web/configurers/JeeConfigurer.java        |  19 +-
 .../web/configurers/LogoutConfigurer.java     |  28 +-
 .../web/configurers/PermitAllSupport.java     |   6 +-
 .../web/configurers/PortMapperConfigurer.java |   8 +-
 .../web/configurers/RememberMeConfigurer.java |   2 +-
 .../web/configurers/ServletApiConfigurer.java |  16 +-
 .../UrlAuthorizationConfigurer.java           |  10 +-
 .../web/configurers/X509Configurer.java       |  22 +-
 .../saml2/Saml2LoginConfigurer.java           |   8 +-
 ...MessageSecurityMetadataSourceRegistry.java |  39 +-
 ...urityWebSocketMessageBrokerConfigurer.java |  30 +-
 .../AuthenticationManagerFactoryBean.java     |   4 +-
 .../authentication/PasswordEncoderParser.java |   8 +-
 .../UserServiceBeanDefinitionParser.java      |   6 +-
 ...UserDetailsServiceResourceFactoryBean.java |   4 +-
 .../UserDetailsResourceFactoryBean.java       |   6 +-
 ...SecurityDebugBeanFactoryPostProcessor.java |   2 +-
 .../http/AuthenticationConfigBuilder.java     | 405 ++++++-------
 .../http/DefaultFilterChainValidator.java     |  25 +-
 ...nvocationSecurityMetadataSourceParser.java |   4 +-
 .../http/FormLoginBeanDefinitionParser.java   |  50 +-
 .../http/HeadersBeanDefinitionParser.java     |  28 +-
 .../config/http/HttpConfigurationBuilder.java | 264 ++++----
 .../HttpSecurityBeanDefinitionParser.java     |   4 +-
 .../http/LogoutBeanDefinitionParser.java      |  18 +-
 .../security/config/http/MatcherType.java     |   2 +-
 .../http/OAuth2LoginBeanDefinitionParser.java |  38 +-
 .../http/RememberMeBeanDefinitionParser.java  |   4 +-
 .../http/UserDetailsServiceFactoryBean.java   |  14 +-
 .../ContextSourceSettingPostProcessor.java    |   2 +-
 .../LdapProviderBeanDefinitionParser.java     |   2 +-
 ...balMethodSecurityBeanDefinitionParser.java |  28 +-
 ...terceptMethodsBeanDefinitionDecorator.java |   2 +-
 .../method/ProtectPointcutPostProcessor.java  |  23 +-
 ...UserDetailsManagerResourceFactoryBean.java |   4 +-
 ...ageBrokerSecurityBeanDefinitionParser.java |  20 +-
 .../BeanNameCollectingPostProcessor.java      |   8 +-
 .../security/CollectingAppListener.java       |  20 +-
 .../security/config/DataSourcePopulator.java  |  38 +-
 .../config/FilterChainProxyConfigTests.java   |  20 +-
 .../config/InvalidConfigurationTests.java     |   6 +-
 .../PostProcessedMockUserDetailsService.java  |   2 +-
 .../config/SecurityNamespaceHandlerTests.java |   8 +-
 .../ConcereteSecurityConfigurerAdapter.java   |   2 +-
 .../SecurityConfigurerAdapterTests.java       |  12 +-
 .../EnableGlobalAuthenticationTests.java      |   4 +-
 ...AuthenticationProviderConfigurerTests.java |   8 +-
 .../UserDetailsManagerConfigurerTests.java    |  11 +-
 .../annotation/issue50/SecurityConfig.java    |   4 +-
 .../annotation/issue50/domain/User.java       |   6 +-
 .../DelegatingReactiveMessageService.java     |  30 +-
 .../EnableReactiveMethodSecurityTests.java    | 116 ++--
 .../NamespaceGlobalMethodSecurityTests.java   |   2 +-
 .../annotation/sec2758/Sec2758Tests.java      |   4 +-
 .../web/HttpSecurityHeadersTests.java         |   6 +-
 ...curityConfigurerAdapterPowermockTests.java |   4 +-
 ...icationPrincipalArgumentResolverTests.java |   2 +-
 .../configuration/EnableWebSecurityTests.java |   2 +-
 .../WebMvcSecurityConfigurationTests.java     |  15 +-
 ...gAttributeRequestMatcherRegistryTests.java |  10 +-
 .../ChannelSecurityConfigurerTests.java       |   4 +-
 .../CsrfConfigurerNoWebMvcTests.java          |  10 +-
 .../HttpSecurityAntMatchersTests.java         |  30 +-
 .../configurers/HttpSecurityLogoutTests.java  |  26 +-
 .../HttpSecurityRequestMatchersTests.java     |   2 +-
 .../RememberMeConfigurerTests.java            |   2 +-
 ...ionManagementConfigurerServlet31Tests.java |  16 +-
 ...geSecurityMetadataSourceRegistryTests.java |  82 +--
 .../reactive/EnableWebFluxSecurityTests.java  |   2 +-
 ...SocketMessageBrokerConfigurerDocTests.java |  26 +-
 ...WebSocketMessageBrokerConfigurerTests.java |  68 +--
 ...tionProviderBeanDefinitionParserTests.java |  32 +-
 ...cUserServiceBeanDefinitionParserTests.java |  26 +-
 .../UserServiceBeanDefinitionParserTests.java |  20 +-
 .../core/GrantedAuthorityDefaultsJcTests.java |  39 +-
 .../GrantedAuthorityDefaultsXmlTests.java     |  39 +-
 ...ceFactoryBeanPropertiesResourceITests.java |   2 +-
 ...yBeanPropertiesResourceLocationITests.java |   2 +-
 ...erviceResourceFactoryBeanStringITests.java |   2 +-
 .../UserDetailsResourceFactoryBeanTests.java  |  18 +-
 .../DefaultFilterChainValidatorTests.java     |  24 +-
 .../config/http/HttpInterceptUrlTests.java    |  13 +-
 .../OAuth2LoginBeanDefinitionParserTests.java |  22 +-
 ...SessionManagementConfigServlet31Tests.java |  16 +-
 .../config/http/WebConfigUtilsTests.java      |   4 +-
 .../customconfigurer/CustomConfigurer.java    |   4 +-
 .../CustomHttpSecurityConfigurerTests.java    |  38 +-
 .../security/config/method/Contact.java       |   2 +-
 ...thodSecurityBeanDefinitionParserTests.java |  92 +--
 ...ptMethodsBeanDefinitionDecoratorTests.java |  18 +-
 ...tationDrivenBeanDefinitionParserTests.java |  18 +-
 .../config/method/PreAuthorizeTests.java      |   8 +-
 .../security/config/method/Sec2196Tests.java  |  10 +-
 ...tationDrivenBeanDefinitionParserTests.java |  20 +-
 .../security/config/method/SecuredTests.java  |   4 +-
 .../config/method/sec2499/Sec2499Tests.java   |  18 +-
 ...egistrationsBeanDefinitionParserTests.java |  10 +-
 ...ceFactoryBeanPropertiesResourceITests.java |   2 +-
 ...yBeanPropertiesResourceLocationITests.java |   2 +-
 .../util/InMemoryXmlApplicationContext.java   |   4 +-
 .../InMemoryXmlWebApplicationContext.java     |   4 +-
 .../config/web/server/OAuth2LoginTests.java   |  32 +-
 .../server/OAuth2ResourceServerSpecTests.java |   4 +-
 .../MessageSecurityPostProcessorTests.java    |   2 +-
 ...SecurityInterceptorWithAopConfigTests.java |  12 +-
 .../Jsr250MethodSecurityMetadataSource.java   |   6 +-
 ...curedAnnotationSecurityMetadataSource.java |  14 +-
 ...uthenticationCredentialsNotFoundEvent.java |   4 +-
 .../event/AuthorizationFailureEvent.java      |   6 +-
 .../access/event/AuthorizedEvent.java         |   4 +-
 .../AbstractSecurityExpressionHandler.java    |  10 +-
 .../DenyAllPermissionEvaluator.java           |   6 +-
 .../expression/SecurityExpressionRoot.java    |  30 +-
 ...tExpressionBasedMethodConfigAttribute.java |   4 +-
 ...efaultMethodSecurityExpressionHandler.java |  30 +-
 ...essionBasedAnnotationAttributeFactory.java |   4 +-
 .../ExpressionBasedPostInvocationAdvice.java  |  18 +-
 .../ExpressionBasedPreInvocationAdvice.java   |   4 +-
 .../method/MethodSecurityExpressionRoot.java  |   6 +-
 .../PreInvocationExpressionAttribute.java     |   4 +-
 .../RoleHierarchyAuthoritiesMapper.java       |   2 +-
 .../AbstractSecurityInterceptor.java          |  58 +-
 .../AfterInvocationProviderManager.java       |  10 +-
 .../intercept/InterceptorStatusToken.java     |   8 +-
 .../MethodInvocationPrivilegeEvaluator.java   |   8 +-
 .../RunAsImplAuthenticationProvider.java      |   8 +-
 .../access/intercept/RunAsManagerImpl.java    |   6 +-
 .../MethodSecurityMetadataSourceAdvisor.java  |  20 +-
 .../aspectj/MethodInvocationAdapter.java      |  18 +-
 ...elegatingMethodSecurityMetadataSource.java |  17 +-
 .../MapBasedMethodSecurityMetadataSource.java |  33 +-
 .../prepost/PostInvocationAdviceProvider.java |   2 +-
 ...PreInvocationAuthorizationAdviceVoter.java |   2 +-
 .../vote/AbstractAccessDecisionManager.java   |   4 +-
 .../access/vote/AbstractAclVoter.java         |   6 +-
 .../access/vote/AffirmativeBased.java         |   6 +-
 .../access/vote/AuthenticatedVoter.java       |  11 +-
 .../security/access/vote/ConsensusBased.java  |  10 +-
 .../access/vote/RoleHierarchyVoter.java       |   2 +-
 .../security/access/vote/RoleVoter.java       |   2 +-
 .../security/access/vote/UnanimousBased.java  |   6 +-
 .../AbstractAuthenticationToken.java          |  16 +-
 ...rDetailsReactiveAuthenticationManager.java |   8 +-
 .../AccountStatusUserDetailsChecker.java      |   8 +-
 .../AnonymousAuthenticationProvider.java      |   4 +-
 .../AuthenticationTrustResolverImpl.java      |  12 +-
 .../CachingUserDetailsService.java            |  12 +-
 .../DefaultAuthenticationEventPublisher.java  |  14 +-
 .../authentication/ProviderManager.java       |  20 +-
 .../ReactiveAuthenticationManagerAdapter.java |   2 +-
 .../RememberMeAuthenticationProvider.java     |   4 +-
 .../UsernamePasswordAuthenticationToken.java  |   2 +-
 ...ractUserDetailsAuthenticationProvider.java |  50 +-
 .../dao/DaoAuthenticationProvider.java        |  18 +-
 .../AbstractAuthenticationFailureEvent.java   |   2 +-
 ...InteractiveAuthenticationSuccessEvent.java |   2 +-
 .../authentication/event/LoggerListener.java  |   4 +-
 .../jaas/JaasAuthenticationToken.java         |   2 +-
 .../jaas/JaasGrantedAuthority.java            |   6 +-
 .../jaas/SecurityContextLoginModule.java      |  26 +-
 .../jaas/event/JaasAuthenticationEvent.java   |   2 +-
 .../event/JaasAuthenticationFailedEvent.java  |   2 +-
 .../rcp/RemoteAuthenticationManagerImpl.java  |   4 +-
 .../rcp/RemoteAuthenticationProvider.java     |   6 +-
 .../authorization/AuthorizationDecision.java  |   2 +-
 ...tractDelegatingSecurityContextSupport.java |   4 +-
 .../DelegatingSecurityContextCallable.java    |  10 +-
 .../DelegatingSecurityContextExecutor.java    |   4 +-
 .../DelegatingSecurityContextRunnable.java    |  10 +-
 .../DelegatingApplicationListener.java        |   4 +-
 .../authority/SimpleGrantedAuthority.java     |   4 +-
 ...edAttributes2GrantedAuthoritiesMapper.java |  14 +-
 ...leAttributes2GrantedAuthoritiesMapper.java |  16 +-
 .../mapping/SimpleAuthorityMapper.java        |  14 +-
 .../core/context/SecurityContextImpl.java     |   2 +-
 .../core/session/SessionInformation.java      |   8 +-
 .../security/core/token/DefaultToken.java     |  16 +-
 .../KeyBasedPersistenceTokenService.java      |  12 +-
 .../core/token/SecureRandomFactoryBean.java   |   6 +-
 .../MapReactiveUserDetailsService.java        |   2 +-
 .../security/core/userdetails/User.java       |  30 +-
 .../cache/EhCacheBasedUserCache.java          |  10 +-
 .../cache/SpringCacheBasedUserCache.java      |   6 +-
 .../userdetails/memory/UserAttribute.java     |   6 +-
 .../jackson2/SecurityJackson2Modules.java     |  14 +-
 .../InMemoryUserDetailsManager.java           |  22 +-
 .../provisioning/JdbcUserDetailsManager.java  |  83 +--
 .../security/provisioning/MutableUser.java    |  14 +-
 ...elegatingSecurityContextTaskScheduler.java |  12 +-
 .../security/util/InMemoryResource.java       |   6 +-
 .../security/util/SimpleMethodInvocation.java |   6 +-
 .../security/TestDataSource.java              |   6 +-
 .../AuthorizationFailureEventTests.java       |  17 +-
 ...AnnotationSecurityMetadataSourceTests.java |  10 +-
 ...bstractSecurityExpressionHandlerTests.java |  15 +-
 .../SecurityExpressionRootTests.java          |  74 +--
 ...tMethodSecurityExpressionHandlerTests.java |  46 +-
 ...pressionBasedPreInvocationAdviceTests.java |  18 +-
 .../method/MethodExpressionVoterTests.java    |  20 +-
 .../MethodSecurityEvaluationContextTests.java |  10 +-
 .../MethodSecurityExpressionRootTests.java    |  82 +--
 ...AnnotationSecurityMetadataSourceTests.java |  43 +-
 .../AbstractSecurityInterceptorTests.java     |   4 +-
 .../AfterInvocationProviderManagerTests.java  |   8 +-
 .../MethodSecurityInterceptorTests.java       | 182 +++---
 ...AspectJMethodSecurityInterceptorTests.java |  86 +--
 ...asedMethodSecurityMetadataSourceTests.java |  20 +-
 ...thodInvocationPrivilegeEvaluatorTests.java |  42 +-
 .../method/MockMethodInvocation.java          |   6 +-
 ...tingMethodSecurityMetadataSourceTests.java |  23 +-
 ...vocationAuthorizationAdviceVoterTests.java |   8 +-
 .../access/vote/AbstractAclVoterTests.java    |  12 +-
 .../access/vote/AffirmativeBasedTests.java    |  50 +-
 .../access/vote/SomeDomainObject.java         |   2 +-
 .../AbstractAuthenticationTokenTests.java     |  26 +-
 ...aultAuthenticationEventPublisherTests.java | 103 ++--
 ...tiveAuthenticationManagerAdapterTests.java |  18 +-
 ...ailsServiceAuthenticationManagerTests.java |  26 +-
 .../dao/DaoAuthenticationProviderTests.java   |   2 +-
 .../authentication/dao/MockUserCache.java     |   6 +-
 ...efaultJaasAuthenticationProviderTests.java |  78 +--
 .../jaas/JaasAuthenticationProviderTests.java |  85 ++-
 .../authentication/jaas/JaasEventCheck.java   |   4 +-
 .../authentication/jaas/TestLoginModule.java  |  12 +-
 ...atedReactiveAuthorizationManagerTests.java |  12 +-
 ...rityReactiveAuthorizationManagerTests.java |  45 +-
 ...ngSecurityContextExecutorServiceTests.java |  94 +--
 ...elegatingSecurityContextExecutorTests.java |   8 +-
 ...yContextScheduledExecutorServiceTests.java |  40 +-
 ...tDelegatingSecurityContextTestSupport.java |  14 +-
 ...ngSecurityContextExecutorServiceTests.java |   2 +-
 ...yContextScheduledExecutorServiceTests.java |   2 +-
 ...elegatingSecurityContextCallableTests.java |  53 +-
 ...elegatingSecurityContextRunnableTests.java |  54 +-
 ...DelegatingSecurityContextSupportTests.java |  20 +-
 ...ngSecurityContextExecutorServiceTests.java |   2 +-
 ...elegatingSecurityContextExecutorTests.java |   2 +-
 ...yContextScheduledExecutorServiceTests.java |   2 +-
 .../DelegatingApplicationListenerTests.java   |  30 +-
 .../core/SpringSecurityCoreVersionTests.java  |  14 +-
 ...nnotationParameterNameDiscovererTests.java |  39 +-
 ...tSecurityParameterNameDiscovererTests.java |   8 +-
 .../session/SessionRegistryImplTests.java     |  88 +--
 .../MapReactiveUserDetailsServiceTests.java   |  14 +-
 .../userdetails/MockUserDetailsService.java   |  14 +-
 .../security/jackson2/AbstractMixinTests.java |   4 +-
 ...nonymousAuthenticationTokenMixinTests.java |   8 +-
 .../BadCredentialsExceptionMixinTests.java    |   4 +-
 ...memberMeAuthenticationTokenMixinTests.java |  10 +-
 .../jackson2/SecurityContextMixinTests.java   |   4 +-
 .../SecurityJackson2ModulesTests.java         |  32 +-
 .../SimpleGrantedAuthorityMixinTests.java     |   6 +-
 .../jackson2/UserDeserializerTests.java       |  14 +-
 ...PasswordAuthenticationTokenMixinTests.java |  22 +-
 .../JdbcUserDetailsManagerTests.java          | 205 +++----
 ...ityContextSchedulingTaskExecutorTests.java |   8 +-
 ...ityContextSchedulingTaskExecutorTests.java |   2 +-
 ...tingSecurityContextTaskSchedulerTests.java |  22 +-
 ...ityContextSchedulingTaskExecutorTests.java |   2 +-
 ...SecurityContextAsyncTaskExecutorTests.java |  16 +-
 ...SecurityContextAsyncTaskExecutorTests.java |   2 +-
 ...atingSecurityContextTaskExecutorTests.java |   4 +-
 ...SecurityContextAsyncTaskExecutorTests.java |   2 +-
 ...atingSecurityContextTaskExecutorTests.java |   4 +-
 .../crypto/argon2/Argon2EncodingUtils.java    |   4 +-
 .../crypto/argon2/Argon2PasswordEncoder.java  |  12 +-
 .../security/crypto/bcrypt/BCrypt.java        |  56 +-
 .../crypto/bcrypt/BCryptPasswordEncoder.java  |  16 +-
 .../BouncyCastleAesCbcBytesEncryptor.java     |   4 +-
 .../BouncyCastleAesGcmBytesEncryptor.java     |   4 +-
 .../encrypt/HexEncodingTextEncryptor.java     |   4 +-
 .../keygen/HexEncodingStringKeyGenerator.java |   2 +-
 .../keygen/SecureRandomBytesKeyGenerator.java |   6 +-
 .../crypto/keygen/SharedKeyGenerator.java     |   4 +-
 .../security/crypto/password/Digester.java    |   4 +-
 .../password/LdapShaPasswordEncoder.java      |   4 +-
 .../security/crypto/password/Md4.java         | 134 ++---
 .../password/StandardPasswordEncoder.java     |   6 +-
 .../crypto/scrypt/SCryptPasswordEncoder.java  |  17 +-
 .../argon2/Argon2EncodingUtilsTests.java      |  16 +-
 .../argon2/Argon2PasswordEncoderTests.java    |  58 +-
 .../security/crypto/codec/HexTests.java       |  16 +-
 ...stleAesBytesEncryptorEquivalencyTests.java |  55 +-
 .../BouncyCastleAesBytesEncryptorTests.java   |  24 +-
 .../DelegatingPasswordEncoderTests.java       |   6 +-
 .../StandardPasswordEncoderTests.java         |  12 +-
 ...curityEvaluationContextExtensionTests.java |   8 +-
 etc/checkstyle/checkstyle-suppressions.xml    |   1 -
 ...amespaceWithMultipleInterceptorsTests.java |   4 +-
 .../HttpPathParameterStrippingTests.java      |   6 +-
 .../integration/MultiAnnotationTests.java     |  32 +-
 .../SEC933ApplicationContextTests.java        |   2 +-
 .../SEC936ApplicationContextTests.java        |   2 +-
 .../PythonInterpreterBasedSecurityTests.java  |   2 +-
 .../FilterChainPerformanceTests.java          |  18 +-
 .../ProtectPointcutPerformanceTests.java      |   4 +-
 .../PythonInterpreterPreInvocationAdvice.java |   2 +-
 ...thonInterpreterPreInvocationAttribute.java |   2 +-
 .../AbstractWebServerIntegrationTests.java    |   4 +-
 .../ConcurrentSessionManagementTests.java     |   2 +-
 .../SpringSecurityLdapTemplateITests.java     |  26 +-
 .../PasswordComparisonAuthenticatorTests.java |  70 +--
 .../ldap/server/ApacheDSContainerTests.java   |   4 +-
 .../server/UnboundIdContainerLdifTests.java   |  18 +-
 .../DefaultLdapAuthoritiesPopulatorTests.java |  76 +--
 .../LdapUserDetailsManagerTests.java          |  64 +-
 .../NestedLdapAuthoritiesPopulatorTests.java  |  58 +-
 .../ldap/DefaultLdapUsernameToDnMapper.java   |   4 +-
 .../ldap/SpringSecurityLdapTemplate.java      |   6 +-
 .../AbstractLdapAuthenticator.java            |  20 +-
 .../authentication/BindAuthenticator.java     |   5 +-
 .../PasswordComparisonAuthenticator.java      |  12 +-
 ...etailsServiceLdapAuthoritiesPopulator.java |   2 +-
 ...ctiveDirectoryAuthenticationException.java |   2 +-
 ...veDirectoryLdapAuthenticationProvider.java |  50 +-
 .../PasswordPolicyAwareContextSource.java     |  14 +-
 .../ldap/ppolicy/PasswordPolicyControl.java   |   2 +-
 .../ppolicy/PasswordPolicyErrorStatus.java    |   4 +-
 .../ldap/ppolicy/PasswordPolicyException.java |   2 +-
 .../search/FilterBasedLdapUserSearch.java     |  27 +-
 .../ldap/server/ApacheDSContainer.java        | 102 ++--
 .../DefaultLdapAuthoritiesPopulator.java      |   2 +-
 .../ldap/userdetails/InetOrgPerson.java       | 108 ++--
 .../ldap/userdetails/LdapAuthority.java       |  20 +-
 .../ldap/userdetails/LdapUserDetailsImpl.java |  70 +--
 .../userdetails/LdapUserDetailsManager.java   |  73 +--
 .../userdetails/LdapUserDetailsService.java   |   6 +-
 .../security/ldap/userdetails/Person.java     |  28 +-
 .../ldap/SpringSecurityLdapTemplateTests.java |  15 +-
 .../LdapAuthenticationProviderTests.java      |   2 +-
 .../ldap/authentication/MockUserSearch.java   |   2 +-
 ...ectoryLdapAuthenticationProviderTests.java | 137 ++---
 ...PasswordPolicyAwareContextSourceTests.java |  24 +-
 .../ldap/userdetails/LdapAuthorityTests.java  |  26 +-
 ...faultMessageSecurityExpressionHandler.java |   2 +-
 .../MessageExpressionConfigAttribute.java     |   8 +-
 .../expression/MessageExpressionVoter.java    |   2 +-
 .../intercept/ChannelSecurityInterceptor.java |   2 +-
 .../DefaultMessageSecurityMetadataSource.java |   4 +-
 .../SecurityContextChannelInterceptor.java    |   4 +-
 .../AbstractMessageMatcherComposite.java      |   4 +-
 .../util/matcher/AndMessageMatcher.java       |   8 +-
 .../util/matcher/OrMessageMatcher.java        |   8 +-
 .../SimpDestinationMessageMatcher.java        |  13 +-
 .../util/matcher/SimpMessageTypeMatcher.java  |   4 +-
 .../web/csrf/CsrfChannelInterceptor.java      |   2 +-
 ...MessageSecurityExpressionHandlerTests.java |  36 +-
 ...ageSecurityMetadataSourceFactoryTests.java |  28 +-
 ...MessageExpressionConfigAttributeTests.java |  18 +-
 .../MessageExpressionVoterTests.java          |  55 +-
 .../ChannelSecurityInterceptorTests.java      |  66 +-
 ...ultMessageSecurityMetadataSourceTests.java |  24 +-
 ...icationPrincipalArgumentResolverTests.java |  35 +-
 ...ecurityContextChannelInterceptorTests.java |  92 +--
 .../handler/invocation/ResolvableMethod.java  |  10 +-
 .../util/matcher/AndMessageMatcherTests.java  |  34 +-
 .../util/matcher/OrMessageMatcherTests.java   |  32 +-
 .../SimpDestinationMessageMatcherTests.java   |  70 +--
 .../matcher/SimpMessageTypeMatcherTests.java  |   8 +-
 .../web/csrf/CsrfChannelInterceptorTests.java |  64 +-
 .../CsrfTokenHandshakeInterceptorTests.java   |  20 +-
 ...ReactiveOAuth2AuthorizedClientManager.java |   2 +-
 ...egatingOAuth2AuthorizedClientProvider.java |   2 +-
 ...th2AuthorizationRequestRedirectFilter.java |   4 +-
 ...iceOAuth2AuthorizedClientManagerTests.java |   3 +-
 ...iveOAuth2AuthorizedClientManagerTests.java |   2 +-
 ...ginReactiveAuthenticationManagerTests.java |   2 +-
 ...nCodeGrantRequestEntityConverterTests.java |  12 +-
 ...orizationCodeTokenResponseClientTests.java |   4 +-
 ...ntCredentialsTokenResponseClientTests.java |   2 +-
 .../oidc/userinfo/OidcUserServiceTests.java   |   2 +-
 ...entInitiatedLogoutSuccessHandlerTests.java |   2 +-
 ...tiatedServerLogoutSuccessHandlerTests.java |  15 +-
 ...ultOAuth2AuthorizedClientManagerTests.java |   5 +-
 .../OAuth2LoginAuthenticationFilterTests.java |   2 +-
 ...izedClientExchangeFilterFunctionTests.java | 124 ++--
 ...izedClientExchangeFilterFunctionTests.java |   8 +-
 ...uth2AccessTokenResponseConverterTests.java |   6 +-
 ...2AccessTokenResponseMapConverterTests.java |   4 +-
 .../oauth2/jwt/JwtTimestampValidator.java     |   6 +-
 .../jwt/MappedJwtClaimSetConverter.java       |   2 +-
 .../oauth2/jwt/JwtClaimValidatorTests.java    |   6 +-
 .../jwt/NimbusJwtDecoderJwkSupportTests.java  |   2 +-
 .../jwt/NimbusReactiveJwtDecoderTests.java    |  10 +-
 .../web/BearerTokenAuthenticationFilter.java  |   2 +-
 .../JwtAuthenticationProviderTests.java       |   2 +-
 ...wtAuthenticationConverterAdapterTests.java |   2 +-
 ...rverBearerExchangeFilterFunctionTests.java |   3 +-
 ...vletBearerExchangeFilterFunctionTests.java |   3 +-
 .../security/openid/OpenID4JavaConsumer.java  |  22 +-
 .../security/openid/OpenIDAttribute.java      |  18 +-
 .../openid/OpenIDAuthenticationFilter.java    |  38 +-
 .../openid/OpenIDAuthenticationStatus.java    |   2 +-
 .../openid/OpenIDAuthenticationToken.java     |  12 +-
 .../openid/RegexBasedAxFetchListFactory.java  |   6 +-
 .../security/openid/MockOpenIDConsumer.java   |   4 +-
 .../openid/OpenID4JavaConsumerTests.java      |  10 +-
 .../OpenIDAuthenticationFilterTests.java      |  18 +-
 ...ationSimpleHttpInvokerRequestExecutor.java |   2 +-
 .../ContextPropagatingRemoteInvocation.java   |  14 +-
 .../remoting/dns/JndiDnsResolverTests.java    |  37 +-
 ...SimpleHttpInvokerRequestExecutorTests.java |   4 +-
 .../util/matcher/PayloadExchangeMatcher.java  |   4 +-
 .../core/PayloadInterceptorRSocketTests.java  |  46 +-
 .../Saml2AuthenticationException.java         |   2 +-
 .../Saml2AuthenticationRequest.java           |   2 +-
 .../Saml2AuthenticationRequestContext.java    |   2 +-
 .../registration/Saml2MessageBinding.java     |   2 +-
 .../saml2/core/Saml2X509CredentialTests.java  |  76 +--
 .../credentials/Saml2X509CredentialTests.java |  44 +-
 ...SamlAuthenticationRequestFactoryTests.java |  47 +-
 ...aml2AuthenticationRequestFactoryTests.java |   4 +-
 .../Saml2WebSsoAuthenticationFilterTests.java |  34 +-
 ...ebSsoAuthenticationRequestFilterTests.java |  67 ++-
 ...enticationRequestContextResolverTests.java |   2 +-
 ...aml2AuthenticationTokenConverterTests.java |   4 +-
 .../taglibs/authz/AbstractAuthorizeTag.java   |   6 +-
 .../taglibs/authz/AccessControlListTag.java   |  30 +-
 .../taglibs/authz/AuthenticationTag.java      |  26 +-
 .../taglibs/authz/JspAuthorizeTag.java        |  56 +-
 .../authz/AbstractAuthorizeTagTests.java      |  32 +-
 .../authz/AccessControlListTagTests.java      | 130 ++--
 .../taglibs/authz/AuthenticationTagTests.java |  78 +--
 .../taglibs/authz/AuthorizeTagTests.java      |  54 +-
 .../DelegatingTestExecutionListener.java      |  14 +-
 .../ReactorContextTestExecutionListener.java  |  12 +-
 .../TestSecurityContextHolderTests.java       |  16 +-
 .../context/showcase/CustomUserDetails.java   |   6 +-
 .../showcase/WithMockUserParentTests.java     |   2 +-
 .../context/showcase/WithMockUserTests.java   |  10 +-
 .../showcase/WithUserDetailsTests.java        |   8 +-
 ...thMockUserSecurityContextFactoryTests.java |  67 ++-
 ...ityContextTestExcecutionListenerTests.java |  20 +-
 ...serDetailsSecurityContextFactoryTests.java |  52 +-
 ...yMockServerConfigurerOpaqueTokenTests.java |  14 +-
 ...tyMockServerConfigurersAnnotatedTests.java |  39 +-
 ...kServerConfigurersClassAnnotatedTests.java |  16 +-
 ...SecurityMockServerConfigurersJwtTests.java |  26 +-
 .../SecurityMockServerConfigurersTests.java   |  53 +-
 .../web/servlet/request/Sec2935Tests.java     |  26 +-
 ...MockMvcRequestBuildersFormLogoutTests.java |   8 +-
 ...rocessorsAuthenticationStatelessTests.java |   6 +-
 ...uestPostProcessorsAuthenticationTests.java |  13 +-
 ...RequestPostProcessorsCertificateTests.java |   8 +-
 ...estPostProcessorsCsrfDebugFilterTests.java |   2 +-
 ...ckMvcRequestPostProcessorsDigestTests.java |  43 +-
 ...estPostProcessorsSecurityContextTests.java |  11 +-
 ...sorsTestSecurityContextStatelessTests.java |   4 +-
 ...ostProcessorsTestSecurityContextTests.java |  14 +-
 ...RequestPostProcessorsUserDetailsTests.java |  13 +-
 ...MockMvcRequestPostProcessorsUserTests.java |  42 +-
 ...WithAuthoritiesMvcResultMatchersTests.java |   6 +-
 .../showcase/csrf/CsrfShowcaseTests.java      |   8 +-
 .../csrf/CustomCsrfShowcaseTests.java         |   8 +-
 .../csrf/DefaultCsrfShowcaseTests.java        |   8 +-
 .../showcase/login/AuthenticationTests.java   |  12 +-
 .../CustomConfigAuthenticationTests.java      |   8 +-
 ...oginRequestBuilderAuthenticationTests.java |   6 +-
 .../DefaultfSecurityRequestsTests.java        |  10 +-
 .../secured/SecurityRequestsTests.java        |  12 +-
 .../secured/WithUserAuthenticationTests.java  |   9 +-
 ...WithUserClassLevelAuthenticationTests.java |   8 +-
 .../WithUserDetailsAuthenticationTests.java   |   6 +-
 ...rDetailsClassLevelAuthenticationTests.java |   6 +-
 .../security/web/DefaultRedirectStrategy.java |   6 +-
 .../web/DefaultSecurityFilterChain.java       |   8 +-
 .../security/web/FilterChainProxy.java        |  31 +-
 .../security/web/PortResolverImpl.java        |   6 +-
 .../web/access/AccessDeniedHandlerImpl.java   |   4 +-
 ...efaultWebInvocationPrivilegeEvaluator.java |   6 +-
 .../access/DelegatingAccessDeniedHandler.java |   4 +-
 .../access/ExceptionTranslationFilter.java    |  42 +-
 ...tMatcherDelegatingAccessDeniedHandler.java |   2 +-
 .../channel/AbstractRetryEntryPoint.java      |  19 +-
 .../channel/ChannelDecisionManagerImpl.java   |  10 +-
 .../channel/InsecureChannelProcessor.java     |  10 +-
 .../channel/SecureChannelProcessor.java       |  10 +-
 .../DefaultWebSecurityExpressionHandler.java  |   2 +-
 .../access/expression/WebExpressionVoter.java |   2 +-
 .../expression/WebSecurityExpressionRoot.java |   2 +-
 ...ilterInvocationSecurityMetadataSource.java |   4 +-
 .../intercept/FilterSecurityInterceptor.java  |   6 +-
 .../web/access/intercept/RequestKey.java      |  18 +-
 ...bstractAuthenticationProcessingFilter.java |  46 +-
 ...AuthenticationTargetUrlRequestHandler.java |  28 +-
 .../AnonymousAuthenticationFilter.java        |  23 +-
 .../DelegatingAuthenticationEntryPoint.java   |  22 +-
 ...elegatingAuthenticationFailureHandler.java |   4 +-
 ...onMappingAuthenticationFailureHandler.java |   2 +-
 .../ForwardAuthenticationFailureHandler.java  |   2 +-
 .../ForwardAuthenticationSuccessHandler.java  |   2 +-
 .../authentication/HttpStatusEntryPoint.java  |   2 +-
 .../LoginUrlAuthenticationEntryPoint.java     |  34 +-
 ...uestAwareAuthenticationSuccessHandler.java |   6 +-
 ...SimpleUrlAuthenticationFailureHandler.java |  24 +-
 .../UsernamePasswordAuthenticationFilter.java |  12 +-
 .../WebAuthenticationDetails.java             |  20 +-
 .../logout/CookieClearingLogoutHandler.java   |   2 +-
 .../authentication/logout/LogoutFilter.java   |  10 +-
 ...utSuccessEventPublishingLogoutHandler.java |   4 +-
 .../logout/SecurityContextLogoutHandler.java  |   8 +-
 ...tractPreAuthenticatedProcessingFilter.java |  59 +-
 ...reAuthenticatedAuthenticationProvider.java |  14 +-
 ...edAuthoritiesWebAuthenticationDetails.java |   4 +-
 .../RequestAttributeAuthenticationFilter.java |  10 +-
 .../RequestHeaderAuthenticationFilter.java    |  10 +-
 ...ticatedWebAuthenticationDetailsSource.java |  14 +-
 .../J2eePreAuthenticatedProcessingFilter.java |   4 +-
 .../WebXmlMappableAttributesRetriever.java    |  12 +-
 ...pherePreAuthenticatedProcessingFilter.java |   6 +-
 ...ticatedWebAuthenticationDetailsSource.java |  10 +-
 .../x509/SubjectDnX509PrincipalExtractor.java |  10 +-
 .../x509/X509AuthenticationFilter.java        |  10 +-
 .../AbstractRememberMeServices.java           |  82 +--
 .../InMemoryTokenRepositoryImpl.java          |  12 +-
 .../rememberme/JdbcTokenRepositoryImpl.java   |  18 +-
 .../rememberme/PersistentRememberMeToken.java |   8 +-
 ...ersistentTokenBasedRememberMeServices.java |  33 +-
 .../RememberMeAuthenticationFilter.java       |  33 +-
 .../TokenBasedRememberMeServices.java         |   8 +-
 ...ractSessionFixationProtectionStrategy.java |   6 +-
 ...tSessionControlAuthenticationStrategy.java |  11 +-
 ...RegisterSessionAuthenticationStrategy.java |   2 +-
 .../SessionFixationProtectionStrategy.java    |  14 +-
 .../AuthenticationSwitchUserEvent.java        |   2 +-
 .../SwitchUserGrantedAuthority.java           |   6 +-
 .../ui/DefaultLoginPageGeneratingFilter.java  |  34 +-
 .../www/BasicAuthenticationEntryPoint.java    |   6 +-
 .../www/BasicAuthenticationFilter.java        |   4 +-
 .../www/DigestAuthenticationEntryPoint.java   |  20 +-
 .../context/HttpRequestResponseHolder.java    |   4 +-
 .../HttpSessionSecurityContextRepository.java |  85 +--
 .../SecurityContextPersistenceFilter.java     |  12 +-
 ...yContextCallableProcessingInterceptor.java |   4 +-
 .../web/csrf/CookieCsrfTokenRepository.java   |   6 +-
 .../security/web/debug/DebugFilter.java       |  10 +-
 .../HttpStatusRequestRejectedHandler.java     |   4 +-
 .../security/web/firewall/RequestWrapper.java |  10 +-
 .../web/firewall/StrictHttpFirewall.java      |  28 +-
 .../security/web/header/Header.java           |   4 +-
 .../writers/ClearSiteDataHeaderWriter.java    |   4 +-
 .../ContentSecurityPolicyHeaderWriter.java    |   8 +-
 .../web/header/writers/HpkpHeaderWriter.java  |  26 +-
 .../header/writers/StaticHeadersWriter.java   |   4 +-
 .../writers/XXssProtectionHeaderWriter.java   |  10 +-
 ...ractRequestParameterAllowFromStrategy.java |   6 +-
 .../frameoptions/RegExpAllowFromStrategy.java |   2 +-
 .../frameoptions/StaticAllowFromStrategy.java |   2 +-
 .../WhiteListedAllowFromStrategy.java         |   2 +-
 .../XFrameOptionsHeaderWriter.java            |   6 +-
 .../web/jaasapi/JaasApiIntegrationFilter.java |  18 +-
 ...thenticationPrincipalArgumentResolver.java |   2 +-
 ...thenticationPrincipalArgumentResolver.java |   2 +-
 ...urrentSecurityContextArgumentResolver.java |   2 +-
 .../web/savedrequest/CookieRequestCache.java  |   4 +-
 .../web/savedrequest/DefaultSavedRequest.java |  45 +-
 .../security/web/savedrequest/Enumerator.java |   4 +-
 .../savedrequest/HttpSessionRequestCache.java |  14 +-
 .../savedrequest/RequestCacheAwareFilter.java |   2 +-
 .../web/savedrequest/SavedCookie.java         |  16 +-
 .../SavedRequestAwareWrapper.java             |  34 +-
 ...egatingServerAuthenticationEntryPoint.java |   2 +-
 .../server/MatcherSecurityWebFilterChain.java |   2 +-
 .../AnonymousAuthenticationWebFilter.java     |   3 +-
 ...PreAuthenticatedAuthenticationManager.java |   4 +-
 .../ServerX509AuthenticationConverter.java    |   8 +-
 .../authentication/SwitchUserWebFilter.java   |  17 +-
 .../authorization/AuthorizationContext.java   |   4 +-
 ...elegatingReactiveAuthorizationManager.java |   4 +-
 .../header/HttpHeaderWriterWebFilter.java     |   2 +-
 .../header/StaticServerHttpHeadersWriter.java |   4 +-
 ...nsportSecurityServerHttpHeadersWriter.java |   8 +-
 .../XFrameOptionsServerHttpHeadersWriter.java |   2 +-
 ...XXssProtectionServerHttpHeadersWriter.java |   8 +-
 .../matcher/AndServerWebExchangeMatcher.java  |   4 +-
 .../NegatedServerWebExchangeMatcher.java      |   4 +-
 .../matcher/OrServerWebExchangeMatcher.java   |   4 +-
 ...PatternParserServerWebExchangeMatcher.java |   3 +-
 .../matcher/ServerWebExchangeMatcher.java     |   4 +-
 .../ServerWebExchangeMatcherEntry.java        |   4 +-
 .../csrf/CsrfRequestDataValueProcessor.java   |  10 +-
 ...urityContextHolderAwareRequestWrapper.java |   6 +-
 .../web/session/ConcurrentSessionFilter.java  |  14 +-
 .../session/HttpSessionIdChangedEvent.java    |   4 +-
 .../InvalidSessionAccessDeniedHandler.java    |   2 +-
 .../SessionInformationExpiredEvent.java       |   4 +-
 .../web/session/SessionManagementFilter.java  |  20 +-
 .../SimpleRedirectInvalidSessionStrategy.java |   6 +-
 ...rectSessionInformationExpiredStrategy.java |   4 +-
 .../security/web/util/RedirectUrlBuilder.java |  26 +-
 .../security/web/util/ThrowableAnalyzer.java  |   2 +-
 .../web/util/matcher/AndRequestMatcher.java   |  12 +-
 .../web/util/matcher/ELRequestMatcher.java    |   4 +-
 .../util/matcher/ELRequestMatcherContext.java |   4 +-
 .../web/util/matcher/IpAddressMatcher.java    |  22 +-
 .../util/matcher/NegatedRequestMatcher.java   |   8 +-
 .../web/util/matcher/OrRequestMatcher.java    |  12 +-
 .../web/util/matcher/RegexRequestMatcher.java |   6 +-
 .../matcher/RequestHeaderRequestMatcher.java  |  10 +-
 .../security/MockFilterConfig.java            |   4 +-
 .../security/MockPortResolver.java            |   4 +-
 .../web/reactive/server/WebTestHandler.java   |   8 +-
 .../security/web/FilterChainProxyTests.java   | 131 ++--
 ...tWebInvocationPrivilegeEvaluatorTests.java |  36 +-
 .../DelegatingAccessDeniedHandlerTests.java   |  26 +-
 .../ExceptionTranslationFilterTests.java      |  22 +-
 .../channel/ChannelProcessingFilterTests.java |  12 +-
 ...aultWebSecurityExpressionHandlerTests.java |  18 +-
 .../expression/WebExpressionVoterTests.java   |  11 +-
 .../FilterSecurityInterceptorTests.java       |  50 +-
 ...ctAuthenticationProcessingFilterTests.java |  54 +-
 .../AnonymousAuthenticationFilterTests.java   |   2 +-
 .../AuthenticationFilterTests.java            |   4 +-
 ...DefaultLoginPageGeneratingFilterTests.java |  26 +-
 ...gAuthenticationEntryPointContextTests.java |  12 +-
 ...legatingAuthenticationEntryPointTests.java |  50 +-
 ...tingAuthenticationFailureHandlerTests.java |  58 +-
 .../HttpStatusEntryPointTests.java            |  12 +-
 .../logout/LogoutHandlerTests.java            |   6 +-
 ...cessEventPublishingLogoutHandlerTests.java |   2 +-
 .../SecurityContextLogoutHandlerTests.java    |  12 +-
 ...PreAuthenticatedProcessingFilterTests.java |  20 +-
 ...horitiesWebAuthenticationDetailsTests.java |  11 +-
 ...edWebAuthenticationDetailsSourceTests.java |   2 +-
 ...PreAuthenticatedProcessingFilterTests.java |   2 +-
 .../SubjectDnX509PrincipalExtractorTests.java |  18 +-
 .../AbstractRememberMeServicesTests.java      |  64 +-
 .../JdbcTokenRepositoryImplTests.java         |  64 +-
 ...tentTokenBasedRememberMeServicesTests.java |  81 +--
 .../RememberMeAuthenticationFilterTests.java  |  16 +-
 .../TokenBasedRememberMeServicesTests.java    |  69 ++-
 ...iteSessionAuthenticationStrategyTests.java |  20 +-
 ...ionControlAuthenticationStrategyTests.java |  83 +--
 ...terSessionAuthenticationStrategyTests.java |  12 +-
 .../switchuser/SwitchUserFilterTests.java     |  12 +-
 .../BasicAuthenticationConverterTests.java    |  24 +-
 .../www/BasicAuthenticationFilterTests.java   |  80 +--
 .../www/DigestAuthenticationFilterTests.java  |  94 +--
 ...icationPrincipalArgumentResolverTests.java |  40 +-
 ...SessionSecurityContextRepositoryTests.java |  48 +-
 ...xtOnUpdateOrErrorResponseWrapperTests.java | 104 ++--
 ...SecurityContextPersistenceFilterTests.java |   6 +-
 ...extCallableProcessingInterceptorTests.java |  22 +-
 ...WebAsyncManagerIntegrationFilterTests.java |  52 +-
 .../web/csrf/CsrfLogoutHandlerTests.java      |  11 +-
 .../web/csrf/DefaultCsrfTokenTests.java       |  12 +-
 .../HttpSessionCsrfTokenRepositoryTests.java  |  66 +-
 .../security/web/debug/DebugFilterTests.java  |  46 +-
 .../web/firewall/FirewalledResponseTests.java |  50 +-
 ...ontentSecurityPolicyHeaderWriterTests.java |  58 +-
 ...gatingRequestMatcherHeaderWriterTests.java |  22 +-
 .../FeaturePolicyHeaderWriterTests.java       |   2 +-
 .../header/writers/HpkpHeaderWriterTests.java | 110 ++--
 .../header/writers/HstsHeaderWriterTests.java |  89 +--
 .../ReferrerPolicyHeaderWriterTests.java      |   2 +-
 .../writers/StaticHeaderWriterTests.java      |  16 +-
 .../XContentTypeOptionsHeaderWriterTests.java |  12 +-
 .../XXssProtectionHeaderWriterTests.java      |  44 +-
 ...equestParameterAllowFromStrategyTests.java |  22 +-
 .../FrameOptionsHeaderWriterTests.java        |  48 +-
 .../JaasApiIntegrationFilterTests.java        |  57 +-
 .../web/jackson2/AbstractMixinTests.java      |   4 +-
 .../web/jackson2/CookieMixinTests.java        |   4 +-
 .../jackson2/DefaultCsrfTokenMixinTests.java  |   8 +-
 .../DefaultSavedRequestMixinTests.java        |   6 +-
 ...nticatedAuthenticationTokenMixinTests.java |   8 +-
 .../web/jackson2/SavedCookieMixinTests.java   |  12 +-
 .../WebAuthenticationDetailsMixinTests.java   |   6 +-
 .../security/web/method/ResolvableMethod.java |  14 +-
 ...icationPrincipalArgumentResolverTests.java |  40 +-
 .../CsrfTokenArgumentResolverTests.java       |  20 +-
 ...tSecurityContextArgumentResolverTests.java |   2 +-
 ...icationPrincipalArgumentResolverTests.java |  70 +--
 ...tSecurityContextArgumentResolverTests.java |   2 +-
 .../HttpSessionRequestCacheTests.java         |  16 +-
 .../web/savedrequest/SavedCookieTests.java    |  50 +-
 ...thenticatedAuthenticationManagerTests.java |  28 +-
 ...erverX509AuthenticationConverterTests.java |  16 +-
 .../SwitchUserWebFilterTests.java             | 211 +++----
 ...tingReactiveAuthorizationManagerTests.java |  26 +-
 ...ontextServerWebExchangeWebFilterTests.java |   2 +-
 ...heControlServerHttpHeadersWriterTests.java |  41 +-
 ...rSiteDataServerHttpHeadersWriterTests.java |   2 +-
 ...CompositeServerHttpHeadersWriterTests.java |  24 +-
 .../HttpHeaderWriterWebFilterTests.java       |  14 +-
 .../StaticServerHttpHeadersWriterTests.java   |  34 +-
 ...tSecurityServerHttpHeadersWriterTests.java |  34 +-
 ...peOptionsServerHttpHeadersWriterTests.java |  17 +-
 ...meOptionsServerHttpHeadersWriterTests.java |  24 +-
 ...rotectionServerHttpHeadersWriterTests.java |  33 +-
 .../DefaultCsrfServerTokenMixinTests.java     |   8 +-
 .../ServerRequestCacheWebFilterTests.java     |  10 +-
 .../AndServerWebExchangeMatcherTests.java     |  38 +-
 .../NegatedServerWebExchangeMatcherTests.java |  14 +-
 .../OrServerWebExchangeMatcherTests.java      |  30 +-
 ...hMatcherServerWebExchangeMatcherTests.java |  37 +-
 .../ServerWebExchangeMatchersTests.java       |  13 +-
 .../CsrfRequestDataValueProcessorTests.java   |  44 +-
 .../HttpSessionDestroyedEventTests.java       |  24 +-
 .../web/session/MockApplicationListener.java  |  12 +-
 .../util/OnCommittedResponseWrapperTests.java | 566 +++++++++---------
 .../util/matcher/AndRequestMatcherTests.java  |  34 +-
 .../util/matcher/IpAddressMatcherTests.java   |  18 +-
 ...diaTypeRequestMatcherRequestHCNSTests.java |  86 +--
 .../matcher/MediaTypeRequestMatcherTests.java | 235 ++++----
 .../matcher/NegatedRequestMatcherTests.java   |  12 +-
 .../util/matcher/OrRequestMatcherTests.java   |  32 +-
 .../matcher/RegexRequestMatcherTests.java     |   6 +-
 .../RequestHeaderRequestMatcherTests.java     |  28 +-
 793 files changed, 8689 insertions(+), 8459 deletions(-)

diff --git a/acl/src/main/java/org/springframework/security/acls/AclEntryVoter.java b/acl/src/main/java/org/springframework/security/acls/AclEntryVoter.java
index d44ce0075a..c57bf5ec71 100644
--- a/acl/src/main/java/org/springframework/security/acls/AclEntryVoter.java
+++ b/acl/src/main/java/org/springframework/security/acls/AclEntryVoter.java
@@ -135,7 +135,7 @@ public class AclEntryVoter extends AbstractAclVoter {
 	 * which will be the domain object used for ACL evaluation
 	 */
 	protected String getInternalMethod() {
-		return internalMethod;
+		return this.internalMethod;
 	}
 
 	public void setInternalMethod(String internalMethod) {
@@ -143,7 +143,7 @@ public class AclEntryVoter extends AbstractAclVoter {
 	}
 
 	protected String getProcessConfigAttribute() {
-		return processConfigAttribute;
+		return this.processConfigAttribute;
 	}
 
 	public void setObjectIdentityRetrievalStrategy(ObjectIdentityRetrievalStrategy objectIdentityRetrievalStrategy) {
@@ -181,41 +181,41 @@ public class AclEntryVoter extends AbstractAclVoter {
 			}
 
 			// Evaluate if we are required to use an inner domain object
-			if (StringUtils.hasText(internalMethod)) {
+			if (StringUtils.hasText(this.internalMethod)) {
 				try {
 					Class<?> clazz = domainObject.getClass();
-					Method method = clazz.getMethod(internalMethod, new Class[0]);
+					Method method = clazz.getMethod(this.internalMethod, new Class[0]);
 					domainObject = method.invoke(domainObject);
 				}
 				catch (NoSuchMethodException nsme) {
 					throw new AuthorizationServiceException("Object of class '" + domainObject.getClass()
-							+ "' does not provide the requested internalMethod: " + internalMethod);
+							+ "' does not provide the requested internalMethod: " + this.internalMethod);
 				}
 				catch (IllegalAccessException iae) {
 					logger.debug("IllegalAccessException", iae);
 
 					throw new AuthorizationServiceException(
-							"Problem invoking internalMethod: " + internalMethod + " for object: " + domainObject);
+							"Problem invoking internalMethod: " + this.internalMethod + " for object: " + domainObject);
 				}
 				catch (InvocationTargetException ite) {
 					logger.debug("InvocationTargetException", ite);
 
 					throw new AuthorizationServiceException(
-							"Problem invoking internalMethod: " + internalMethod + " for object: " + domainObject);
+							"Problem invoking internalMethod: " + this.internalMethod + " for object: " + domainObject);
 				}
 			}
 
 			// Obtain the OID applicable to the domain object
-			ObjectIdentity objectIdentity = objectIdentityRetrievalStrategy.getObjectIdentity(domainObject);
+			ObjectIdentity objectIdentity = this.objectIdentityRetrievalStrategy.getObjectIdentity(domainObject);
 
 			// Obtain the SIDs applicable to the principal
-			List<Sid> sids = sidRetrievalStrategy.getSids(authentication);
+			List<Sid> sids = this.sidRetrievalStrategy.getSids(authentication);
 
 			Acl acl;
 
 			try {
 				// Lookup only ACLs for SIDs we're interested in
-				acl = aclService.readAclById(objectIdentity, sids);
+				acl = this.aclService.readAclById(objectIdentity, sids);
 			}
 			catch (NotFoundException nfe) {
 				if (logger.isDebugEnabled()) {
@@ -226,7 +226,7 @@ public class AclEntryVoter extends AbstractAclVoter {
 			}
 
 			try {
-				if (acl.isGranted(requirePermission, sids, false)) {
+				if (acl.isGranted(this.requirePermission, sids, false)) {
 					if (logger.isDebugEnabled()) {
 						logger.debug("Voting to grant access");
 					}
diff --git a/acl/src/main/java/org/springframework/security/acls/AclPermissionCacheOptimizer.java b/acl/src/main/java/org/springframework/security/acls/AclPermissionCacheOptimizer.java
index 240aed171e..26f327a961 100644
--- a/acl/src/main/java/org/springframework/security/acls/AclPermissionCacheOptimizer.java
+++ b/acl/src/main/java/org/springframework/security/acls/AclPermissionCacheOptimizer.java
@@ -63,17 +63,17 @@ public class AclPermissionCacheOptimizer implements PermissionCacheOptimizer {
 			if (domainObject == null) {
 				continue;
 			}
-			ObjectIdentity oid = oidRetrievalStrategy.getObjectIdentity(domainObject);
+			ObjectIdentity oid = this.oidRetrievalStrategy.getObjectIdentity(domainObject);
 			oidsToCache.add(oid);
 		}
 
-		List<Sid> sids = sidRetrievalStrategy.getSids(authentication);
+		List<Sid> sids = this.sidRetrievalStrategy.getSids(authentication);
 
-		if (logger.isDebugEnabled()) {
-			logger.debug("Eagerly loading Acls for " + oidsToCache.size() + " objects");
+		if (this.logger.isDebugEnabled()) {
+			this.logger.debug("Eagerly loading Acls for " + oidsToCache.size() + " objects");
 		}
 
-		aclService.readAclsById(oidsToCache, sids);
+		this.aclService.readAclsById(oidsToCache, sids);
 	}
 
 	public void setObjectIdentityRetrievalStrategy(ObjectIdentityRetrievalStrategy objectIdentityRetrievalStrategy) {
diff --git a/acl/src/main/java/org/springframework/security/acls/AclPermissionEvaluator.java b/acl/src/main/java/org/springframework/security/acls/AclPermissionEvaluator.java
index 08a86995ef..0477f03b88 100644
--- a/acl/src/main/java/org/springframework/security/acls/AclPermissionEvaluator.java
+++ b/acl/src/main/java/org/springframework/security/acls/AclPermissionEvaluator.java
@@ -75,49 +75,49 @@ public class AclPermissionEvaluator implements PermissionEvaluator {
 			return false;
 		}
 
-		ObjectIdentity objectIdentity = objectIdentityRetrievalStrategy.getObjectIdentity(domainObject);
+		ObjectIdentity objectIdentity = this.objectIdentityRetrievalStrategy.getObjectIdentity(domainObject);
 
 		return checkPermission(authentication, objectIdentity, permission);
 	}
 
 	public boolean hasPermission(Authentication authentication, Serializable targetId, String targetType,
 			Object permission) {
-		ObjectIdentity objectIdentity = objectIdentityGenerator.createObjectIdentity(targetId, targetType);
+		ObjectIdentity objectIdentity = this.objectIdentityGenerator.createObjectIdentity(targetId, targetType);
 
 		return checkPermission(authentication, objectIdentity, permission);
 	}
 
 	private boolean checkPermission(Authentication authentication, ObjectIdentity oid, Object permission) {
 		// Obtain the SIDs applicable to the principal
-		List<Sid> sids = sidRetrievalStrategy.getSids(authentication);
+		List<Sid> sids = this.sidRetrievalStrategy.getSids(authentication);
 		List<Permission> requiredPermission = resolvePermission(permission);
 
-		final boolean debug = logger.isDebugEnabled();
+		final boolean debug = this.logger.isDebugEnabled();
 
 		if (debug) {
-			logger.debug("Checking permission '" + permission + "' for object '" + oid + "'");
+			this.logger.debug("Checking permission '" + permission + "' for object '" + oid + "'");
 		}
 
 		try {
 			// Lookup only ACLs for SIDs we're interested in
-			Acl acl = aclService.readAclById(oid, sids);
+			Acl acl = this.aclService.readAclById(oid, sids);
 
 			if (acl.isGranted(requiredPermission, sids, false)) {
 				if (debug) {
-					logger.debug("Access is granted");
+					this.logger.debug("Access is granted");
 				}
 
 				return true;
 			}
 
 			if (debug) {
-				logger.debug("Returning false - ACLs returned, but insufficient permissions for this principal");
+				this.logger.debug("Returning false - ACLs returned, but insufficient permissions for this principal");
 			}
 
 		}
 		catch (NotFoundException nfe) {
 			if (debug) {
-				logger.debug("Returning false - no ACLs apply for this principal");
+				this.logger.debug("Returning false - no ACLs apply for this principal");
 			}
 		}
 
@@ -127,7 +127,7 @@ public class AclPermissionEvaluator implements PermissionEvaluator {
 
 	List<Permission> resolvePermission(Object permission) {
 		if (permission instanceof Integer) {
-			return Arrays.asList(permissionFactory.buildFromMask((Integer) permission));
+			return Arrays.asList(this.permissionFactory.buildFromMask((Integer) permission));
 		}
 
 		if (permission instanceof Permission) {
@@ -143,10 +143,10 @@ public class AclPermissionEvaluator implements PermissionEvaluator {
 			Permission p;
 
 			try {
-				p = permissionFactory.buildFromName(permString);
+				p = this.permissionFactory.buildFromName(permString);
 			}
 			catch (IllegalArgumentException notfound) {
-				p = permissionFactory.buildFromName(permString.toUpperCase(Locale.ENGLISH));
+				p = this.permissionFactory.buildFromName(permString.toUpperCase(Locale.ENGLISH));
 			}
 
 			if (p != null) {
diff --git a/acl/src/main/java/org/springframework/security/acls/afterinvocation/AbstractAclProvider.java b/acl/src/main/java/org/springframework/security/acls/afterinvocation/AbstractAclProvider.java
index da4a3464f1..743b945c11 100644
--- a/acl/src/main/java/org/springframework/security/acls/afterinvocation/AbstractAclProvider.java
+++ b/acl/src/main/java/org/springframework/security/acls/afterinvocation/AbstractAclProvider.java
@@ -68,21 +68,21 @@ public abstract class AbstractAclProvider implements AfterInvocationProvider {
 	}
 
 	protected Class<?> getProcessDomainObjectClass() {
-		return processDomainObjectClass;
+		return this.processDomainObjectClass;
 	}
 
 	protected boolean hasPermission(Authentication authentication, Object domainObject) {
 		// Obtain the OID applicable to the domain object
-		ObjectIdentity objectIdentity = objectIdentityRetrievalStrategy.getObjectIdentity(domainObject);
+		ObjectIdentity objectIdentity = this.objectIdentityRetrievalStrategy.getObjectIdentity(domainObject);
 
 		// Obtain the SIDs applicable to the principal
-		List<Sid> sids = sidRetrievalStrategy.getSids(authentication);
+		List<Sid> sids = this.sidRetrievalStrategy.getSids(authentication);
 
 		try {
 			// Lookup only ACLs for SIDs we're interested in
-			Acl acl = aclService.readAclById(objectIdentity, sids);
+			Acl acl = this.aclService.readAclById(objectIdentity, sids);
 
-			return acl.isGranted(requirePermission, sids, false);
+			return acl.isGranted(this.requirePermission, sids, false);
 		}
 		catch (NotFoundException ignore) {
 			return false;
@@ -110,7 +110,7 @@ public abstract class AbstractAclProvider implements AfterInvocationProvider {
 	}
 
 	public boolean supports(ConfigAttribute attribute) {
-		return processConfigAttribute.equals(attribute.getAttribute());
+		return this.processConfigAttribute.equals(attribute.getAttribute());
 	}
 
 	/**
diff --git a/acl/src/main/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationProvider.java b/acl/src/main/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationProvider.java
index be28dc0811..5483ccc937 100644
--- a/acl/src/main/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationProvider.java
+++ b/acl/src/main/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationProvider.java
@@ -103,7 +103,7 @@ public class AclEntryAfterInvocationProvider extends AbstractAclProvider impleme
 
 			logger.debug("Denying access");
 
-			throw new AccessDeniedException(messages.getMessage("AclEntryAfterInvocationProvider.noPermission",
+			throw new AccessDeniedException(this.messages.getMessage("AclEntryAfterInvocationProvider.noPermission",
 					new Object[] { authentication.getName(), returnedObject },
 					"Authentication {0} has NO permissions to the domain object {1}"));
 		}
diff --git a/acl/src/main/java/org/springframework/security/acls/afterinvocation/ArrayFilterer.java b/acl/src/main/java/org/springframework/security/acls/afterinvocation/ArrayFilterer.java
index c908ef52aa..ae5d2d23f2 100644
--- a/acl/src/main/java/org/springframework/security/acls/afterinvocation/ArrayFilterer.java
+++ b/acl/src/main/java/org/springframework/security/acls/afterinvocation/ArrayFilterer.java
@@ -45,7 +45,7 @@ class ArrayFilterer<T> implements Filterer<T> {
 		// Collect the removed objects to a HashSet so that
 		// it is fast to lookup them when a filtered array
 		// is constructed.
-		removeList = new HashSet<>();
+		this.removeList = new HashSet<>();
 	}
 
 	/**
@@ -55,14 +55,14 @@ class ArrayFilterer<T> implements Filterer<T> {
 	@SuppressWarnings("unchecked")
 	public T[] getFilteredObject() {
 		// Recreate an array of same type and filter the removed objects.
-		int originalSize = list.length;
-		int sizeOfResultingList = originalSize - removeList.size();
-		T[] filtered = (T[]) Array.newInstance(list.getClass().getComponentType(), sizeOfResultingList);
+		int originalSize = this.list.length;
+		int sizeOfResultingList = originalSize - this.removeList.size();
+		T[] filtered = (T[]) Array.newInstance(this.list.getClass().getComponentType(), sizeOfResultingList);
 
-		for (int i = 0, j = 0; i < list.length; i++) {
-			T object = list[i];
+		for (int i = 0, j = 0; i < this.list.length; i++) {
+			T object = this.list[i];
 
-			if (!removeList.contains(object)) {
+			if (!this.removeList.contains(object)) {
 				filtered[j] = object;
 				j++;
 			}
@@ -85,14 +85,14 @@ class ArrayFilterer<T> implements Filterer<T> {
 			private int index = 0;
 
 			public boolean hasNext() {
-				return index < list.length;
+				return this.index < ArrayFilterer.this.list.length;
 			}
 
 			public T next() {
 				if (!hasNext()) {
 					throw new NoSuchElementException();
 				}
-				return list[index++];
+				return ArrayFilterer.this.list[this.index++];
 			}
 
 			public void remove() {
@@ -106,7 +106,7 @@ class ArrayFilterer<T> implements Filterer<T> {
 	 * @see org.springframework.security.acls.afterinvocation.Filterer#remove(java.lang.Object)
 	 */
 	public void remove(T object) {
-		removeList.add(object);
+		this.removeList.add(object);
 	}
 
 }
diff --git a/acl/src/main/java/org/springframework/security/acls/afterinvocation/CollectionFilterer.java b/acl/src/main/java/org/springframework/security/acls/afterinvocation/CollectionFilterer.java
index 9ca71e2b4d..4c68101c09 100644
--- a/acl/src/main/java/org/springframework/security/acls/afterinvocation/CollectionFilterer.java
+++ b/acl/src/main/java/org/springframework/security/acls/afterinvocation/CollectionFilterer.java
@@ -48,7 +48,7 @@ class CollectionFilterer<T> implements Filterer<T> {
 		// to the method may not necessarily be re-constructable (as
 		// the Collection(collection) constructor is not guaranteed and
 		// manually adding may lose sort order or other capabilities)
-		removeList = new HashSet<>();
+		this.removeList = new HashSet<>();
 	}
 
 	/**
@@ -57,20 +57,20 @@ class CollectionFilterer<T> implements Filterer<T> {
 	 */
 	public Object getFilteredObject() {
 		// Now the Iterator has ended, remove Objects from Collection
-		Iterator<T> removeIter = removeList.iterator();
+		Iterator<T> removeIter = this.removeList.iterator();
 
-		int originalSize = collection.size();
+		int originalSize = this.collection.size();
 
 		while (removeIter.hasNext()) {
-			collection.remove(removeIter.next());
+			this.collection.remove(removeIter.next());
 		}
 
 		if (logger.isDebugEnabled()) {
 			logger.debug("Original collection contained " + originalSize + " elements; now contains "
-					+ collection.size() + " elements");
+					+ this.collection.size() + " elements");
 		}
 
-		return collection;
+		return this.collection;
 	}
 
 	/**
@@ -78,7 +78,7 @@ class CollectionFilterer<T> implements Filterer<T> {
 	 * @see org.springframework.security.acls.afterinvocation.Filterer#iterator()
 	 */
 	public Iterator<T> iterator() {
-		return collection.iterator();
+		return this.collection.iterator();
 	}
 
 	/**
@@ -86,7 +86,7 @@ class CollectionFilterer<T> implements Filterer<T> {
 	 * @see org.springframework.security.acls.afterinvocation.Filterer#remove(java.lang.Object)
 	 */
 	public void remove(T object) {
-		removeList.add(object);
+		this.removeList.add(object);
 	}
 
 }
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/AbstractPermission.java b/acl/src/main/java/org/springframework/security/acls/domain/AbstractPermission.java
index ff5d8fd9a9..9c45624976 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/AbstractPermission.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/AbstractPermission.java
@@ -65,15 +65,15 @@ public abstract class AbstractPermission implements Permission {
 	}
 
 	public final int getMask() {
-		return mask;
+		return this.mask;
 	}
 
 	public String getPattern() {
-		return AclFormattingUtils.printBinary(mask, code);
+		return AclFormattingUtils.printBinary(this.mask, this.code);
 	}
 
 	public final String toString() {
-		return this.getClass().getSimpleName() + "[" + getPattern() + "=" + mask + "]";
+		return this.getClass().getSimpleName() + "[" + getPattern() + "=" + this.mask + "]";
 	}
 
 	public final int hashCode() {
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/AccessControlEntryImpl.java b/acl/src/main/java/org/springframework/security/acls/domain/AccessControlEntryImpl.java
index 5c189c52d9..8a6ff5bee6 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/AccessControlEntryImpl.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/AccessControlEntryImpl.java
@@ -134,37 +134,37 @@ public class AccessControlEntryImpl implements AccessControlEntry, AuditableAcce
 
 	@Override
 	public Acl getAcl() {
-		return acl;
+		return this.acl;
 	}
 
 	@Override
 	public Serializable getId() {
-		return id;
+		return this.id;
 	}
 
 	@Override
 	public Permission getPermission() {
-		return permission;
+		return this.permission;
 	}
 
 	@Override
 	public Sid getSid() {
-		return sid;
+		return this.sid;
 	}
 
 	@Override
 	public boolean isAuditFailure() {
-		return auditFailure;
+		return this.auditFailure;
 	}
 
 	@Override
 	public boolean isAuditSuccess() {
-		return auditSuccess;
+		return this.auditSuccess;
 	}
 
 	@Override
 	public boolean isGranting() {
-		return granting;
+		return this.granting;
 	}
 
 	void setAuditFailure(boolean auditFailure) {
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/AclAuthorizationStrategyImpl.java b/acl/src/main/java/org/springframework/security/acls/domain/AclAuthorizationStrategyImpl.java
index 60b887dd69..5dae15cc60 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/AclAuthorizationStrategyImpl.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/AclAuthorizationStrategyImpl.java
@@ -68,12 +68,12 @@ public class AclAuthorizationStrategyImpl implements AclAuthorizationStrategy {
 		Assert.isTrue(auths != null && (auths.length == 3 || auths.length == 1),
 				"One or three GrantedAuthority instances required");
 		if (auths.length == 3) {
-			gaTakeOwnership = auths[0];
-			gaModifyAuditing = auths[1];
-			gaGeneralChanges = auths[2];
+			this.gaTakeOwnership = auths[0];
+			this.gaModifyAuditing = auths[1];
+			this.gaGeneralChanges = auths[2];
 		}
 		else {
-			gaTakeOwnership = gaModifyAuditing = gaGeneralChanges = auths[0];
+			this.gaTakeOwnership = this.gaModifyAuditing = this.gaGeneralChanges = auths[0];
 		}
 	}
 
@@ -117,7 +117,7 @@ public class AclAuthorizationStrategyImpl implements AclAuthorizationStrategy {
 		}
 
 		// Try to get permission via ACEs within the ACL
-		List<Sid> sids = sidRetrievalStrategy.getSids(authentication);
+		List<Sid> sids = this.sidRetrievalStrategy.getSids(authentication);
 
 		if (acl.isGranted(Arrays.asList(BasePermission.ADMINISTRATION), sids, false)) {
 			return;
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/AclImpl.java b/acl/src/main/java/org/springframework/security/acls/domain/AclImpl.java
index a5493ca43d..01b0303d55 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/AclImpl.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/AclImpl.java
@@ -121,10 +121,10 @@ public class AclImpl implements Acl, MutableAcl, AuditableAcl, OwnershipAcl {
 
 	@Override
 	public void deleteAce(int aceIndex) throws NotFoundException {
-		aclAuthorizationStrategy.securityCheck(this, AclAuthorizationStrategy.CHANGE_GENERAL);
+		this.aclAuthorizationStrategy.securityCheck(this, AclAuthorizationStrategy.CHANGE_GENERAL);
 		verifyAceIndexExists(aceIndex);
 
-		synchronized (aces) {
+		synchronized (this.aces) {
 			this.aces.remove(aceIndex);
 		}
 	}
@@ -135,14 +135,14 @@ public class AclImpl implements Acl, MutableAcl, AuditableAcl, OwnershipAcl {
 		}
 		if (aceIndex >= this.aces.size()) {
 			throw new NotFoundException("aceIndex must refer to an index of the AccessControlEntry list. "
-					+ "List size is " + aces.size() + ", index was " + aceIndex);
+					+ "List size is " + this.aces.size() + ", index was " + aceIndex);
 		}
 	}
 
 	@Override
 	public void insertAce(int atIndexLocation, Permission permission, Sid sid, boolean granting)
 			throws NotFoundException {
-		aclAuthorizationStrategy.securityCheck(this, AclAuthorizationStrategy.CHANGE_GENERAL);
+		this.aclAuthorizationStrategy.securityCheck(this, AclAuthorizationStrategy.CHANGE_GENERAL);
 		Assert.notNull(permission, "Permission required");
 		Assert.notNull(sid, "Sid required");
 		if (atIndexLocation < 0) {
@@ -155,7 +155,7 @@ public class AclImpl implements Acl, MutableAcl, AuditableAcl, OwnershipAcl {
 
 		AccessControlEntryImpl ace = new AccessControlEntryImpl(null, this, sid, permission, granting, false, false);
 
-		synchronized (aces) {
+		synchronized (this.aces) {
 			this.aces.add(atIndexLocation, ace);
 		}
 	}
@@ -164,7 +164,7 @@ public class AclImpl implements Acl, MutableAcl, AuditableAcl, OwnershipAcl {
 	public List<AccessControlEntry> getEntries() {
 		// Can safely return AccessControlEntry directly, as they're immutable outside the
 		// ACL package
-		return new ArrayList<>(aces);
+		return new ArrayList<>(this.aces);
 	}
 
 	@Override
@@ -174,12 +174,12 @@ public class AclImpl implements Acl, MutableAcl, AuditableAcl, OwnershipAcl {
 
 	@Override
 	public ObjectIdentity getObjectIdentity() {
-		return objectIdentity;
+		return this.objectIdentity;
 	}
 
 	@Override
 	public boolean isEntriesInheriting() {
-		return entriesInheriting;
+		return this.entriesInheriting;
 	}
 
 	/**
@@ -198,7 +198,7 @@ public class AclImpl implements Acl, MutableAcl, AuditableAcl, OwnershipAcl {
 			throw new UnloadedSidException("ACL was not loaded for one or more SID");
 		}
 
-		return permissionGrantingStrategy.isGranted(this, permission, sids, administrativeMode);
+		return this.permissionGrantingStrategy.isGranted(this, permission, sids, administrativeMode);
 	}
 
 	@Override
@@ -213,7 +213,7 @@ public class AclImpl implements Acl, MutableAcl, AuditableAcl, OwnershipAcl {
 		for (Sid sid : sids) {
 			boolean found = false;
 
-			for (Sid loadedSid : loadedSids) {
+			for (Sid loadedSid : this.loadedSids) {
 				if (sid.equals(loadedSid)) {
 					// this SID is OK
 					found = true;
@@ -232,13 +232,13 @@ public class AclImpl implements Acl, MutableAcl, AuditableAcl, OwnershipAcl {
 
 	@Override
 	public void setEntriesInheriting(boolean entriesInheriting) {
-		aclAuthorizationStrategy.securityCheck(this, AclAuthorizationStrategy.CHANGE_GENERAL);
+		this.aclAuthorizationStrategy.securityCheck(this, AclAuthorizationStrategy.CHANGE_GENERAL);
 		this.entriesInheriting = entriesInheriting;
 	}
 
 	@Override
 	public void setOwner(Sid newOwner) {
-		aclAuthorizationStrategy.securityCheck(this, AclAuthorizationStrategy.CHANGE_OWNERSHIP);
+		this.aclAuthorizationStrategy.securityCheck(this, AclAuthorizationStrategy.CHANGE_OWNERSHIP);
 		Assert.notNull(newOwner, "Owner required");
 		this.owner = newOwner;
 	}
@@ -250,34 +250,34 @@ public class AclImpl implements Acl, MutableAcl, AuditableAcl, OwnershipAcl {
 
 	@Override
 	public void setParent(Acl newParent) {
-		aclAuthorizationStrategy.securityCheck(this, AclAuthorizationStrategy.CHANGE_GENERAL);
+		this.aclAuthorizationStrategy.securityCheck(this, AclAuthorizationStrategy.CHANGE_GENERAL);
 		Assert.isTrue(newParent == null || !newParent.equals(this), "Cannot be the parent of yourself");
 		this.parentAcl = newParent;
 	}
 
 	@Override
 	public Acl getParentAcl() {
-		return parentAcl;
+		return this.parentAcl;
 	}
 
 	@Override
 	public void updateAce(int aceIndex, Permission permission) throws NotFoundException {
-		aclAuthorizationStrategy.securityCheck(this, AclAuthorizationStrategy.CHANGE_GENERAL);
+		this.aclAuthorizationStrategy.securityCheck(this, AclAuthorizationStrategy.CHANGE_GENERAL);
 		verifyAceIndexExists(aceIndex);
 
-		synchronized (aces) {
-			AccessControlEntryImpl ace = (AccessControlEntryImpl) aces.get(aceIndex);
+		synchronized (this.aces) {
+			AccessControlEntryImpl ace = (AccessControlEntryImpl) this.aces.get(aceIndex);
 			ace.setPermission(permission);
 		}
 	}
 
 	@Override
 	public void updateAuditing(int aceIndex, boolean auditSuccess, boolean auditFailure) {
-		aclAuthorizationStrategy.securityCheck(this, AclAuthorizationStrategy.CHANGE_AUDITING);
+		this.aclAuthorizationStrategy.securityCheck(this, AclAuthorizationStrategy.CHANGE_AUDITING);
 		verifyAceIndexExists(aceIndex);
 
-		synchronized (aces) {
-			AccessControlEntryImpl ace = (AccessControlEntryImpl) aces.get(aceIndex);
+		synchronized (this.aces) {
+			AccessControlEntryImpl ace = (AccessControlEntryImpl) this.aces.get(aceIndex);
 			ace.setAuditSuccess(auditSuccess);
 			ace.setAuditFailure(auditFailure);
 		}
@@ -342,7 +342,7 @@ public class AclImpl implements Acl, MutableAcl, AuditableAcl, OwnershipAcl {
 
 		int count = 0;
 
-		for (AccessControlEntry ace : aces) {
+		for (AccessControlEntry ace : this.aces) {
 			count++;
 
 			if (count == 1) {
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/DefaultPermissionFactory.java b/acl/src/main/java/org/springframework/security/acls/domain/DefaultPermissionFactory.java
index a830067997..068b786069 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/DefaultPermissionFactory.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/DefaultPermissionFactory.java
@@ -103,21 +103,21 @@ public class DefaultPermissionFactory implements PermissionFactory {
 		Integer mask = perm.getMask();
 
 		// Ensure no existing Permission uses this integer or code
-		Assert.isTrue(!registeredPermissionsByInteger.containsKey(mask),
+		Assert.isTrue(!this.registeredPermissionsByInteger.containsKey(mask),
 				() -> "An existing Permission already provides mask " + mask);
-		Assert.isTrue(!registeredPermissionsByName.containsKey(permissionName),
+		Assert.isTrue(!this.registeredPermissionsByName.containsKey(permissionName),
 				() -> "An existing Permission already provides name '" + permissionName + "'");
 
 		// Register the new Permission
-		registeredPermissionsByInteger.put(mask, perm);
-		registeredPermissionsByName.put(permissionName, perm);
+		this.registeredPermissionsByInteger.put(mask, perm);
+		this.registeredPermissionsByName.put(permissionName, perm);
 	}
 
 	public Permission buildFromMask(int mask) {
-		if (registeredPermissionsByInteger.containsKey(mask)) {
+		if (this.registeredPermissionsByInteger.containsKey(mask)) {
 			// The requested mask has an exact match against a statically-defined
 			// Permission, so return it
-			return registeredPermissionsByInteger.get(mask);
+			return this.registeredPermissionsByInteger.get(mask);
 		}
 
 		// To get this far, we have to use a CumulativePermission
@@ -127,7 +127,7 @@ public class DefaultPermissionFactory implements PermissionFactory {
 			int permissionToCheck = 1 << i;
 
 			if ((mask & permissionToCheck) == permissionToCheck) {
-				Permission p = registeredPermissionsByInteger.get(permissionToCheck);
+				Permission p = this.registeredPermissionsByInteger.get(permissionToCheck);
 
 				if (p == null) {
 					throw new IllegalStateException(
@@ -141,7 +141,7 @@ public class DefaultPermissionFactory implements PermissionFactory {
 	}
 
 	public Permission buildFromName(String name) {
-		Permission p = registeredPermissionsByName.get(name);
+		Permission p = this.registeredPermissionsByName.get(name);
 
 		if (p == null) {
 			throw new IllegalArgumentException("Unknown permission '" + name + "'");
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/DefaultPermissionGrantingStrategy.java b/acl/src/main/java/org/springframework/security/acls/domain/DefaultPermissionGrantingStrategy.java
index 18027573d5..edd3f85a56 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/DefaultPermissionGrantingStrategy.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/DefaultPermissionGrantingStrategy.java
@@ -90,7 +90,7 @@ public class DefaultPermissionGrantingStrategy implements PermissionGrantingStra
 						if (ace.isGranting()) {
 							// Success
 							if (!administrativeMode) {
-								auditLogger.logIfNeeded(true, ace);
+								this.auditLogger.logIfNeeded(true, ace);
 							}
 
 							return true;
@@ -120,7 +120,7 @@ public class DefaultPermissionGrantingStrategy implements PermissionGrantingStra
 			// We found an ACE to reject the request at this point, as no
 			// other ACEs were found that granted a different permission
 			if (!administrativeMode) {
-				auditLogger.logIfNeeded(false, firstRejection);
+				this.auditLogger.logIfNeeded(false, firstRejection);
 			}
 
 			return false;
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/EhCacheBasedAclCache.java b/acl/src/main/java/org/springframework/security/acls/domain/EhCacheBasedAclCache.java
index 2091760b3a..f9c16a8e96 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/EhCacheBasedAclCache.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/EhCacheBasedAclCache.java
@@ -61,8 +61,8 @@ public class EhCacheBasedAclCache implements AclCache {
 		MutableAcl acl = getFromCache(pk);
 
 		if (acl != null) {
-			cache.remove(acl.getId());
-			cache.remove(acl.getObjectIdentity());
+			this.cache.remove(acl.getId());
+			this.cache.remove(acl.getObjectIdentity());
 		}
 	}
 
@@ -72,8 +72,8 @@ public class EhCacheBasedAclCache implements AclCache {
 		MutableAcl acl = getFromCache(objectIdentity);
 
 		if (acl != null) {
-			cache.remove(acl.getId());
-			cache.remove(acl.getObjectIdentity());
+			this.cache.remove(acl.getId());
+			this.cache.remove(acl.getObjectIdentity());
 		}
 	}
 
@@ -83,7 +83,7 @@ public class EhCacheBasedAclCache implements AclCache {
 		Element element = null;
 
 		try {
-			element = cache.get(objectIdentity);
+			element = this.cache.get(objectIdentity);
 		}
 		catch (CacheException ignored) {
 		}
@@ -101,7 +101,7 @@ public class EhCacheBasedAclCache implements AclCache {
 		Element element = null;
 
 		try {
-			element = cache.get(pk);
+			element = this.cache.get(pk);
 		}
 		catch (CacheException ignored) {
 		}
@@ -131,8 +131,8 @@ public class EhCacheBasedAclCache implements AclCache {
 			putInCache((MutableAcl) acl.getParentAcl());
 		}
 
-		cache.put(new Element(acl.getObjectIdentity(), acl));
-		cache.put(new Element(acl.getId(), acl));
+		this.cache.put(new Element(acl.getObjectIdentity(), acl));
+		this.cache.put(new Element(acl.getId(), acl));
 	}
 
 	private MutableAcl initializeTransientFields(MutableAcl value) {
@@ -148,7 +148,7 @@ public class EhCacheBasedAclCache implements AclCache {
 	}
 
 	public void clearCache() {
-		cache.removeAll();
+		this.cache.removeAll();
 	}
 
 }
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/GrantedAuthoritySid.java b/acl/src/main/java/org/springframework/security/acls/domain/GrantedAuthoritySid.java
index abc1b19aaf..1389700d94 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/GrantedAuthoritySid.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/GrantedAuthoritySid.java
@@ -62,7 +62,7 @@ public class GrantedAuthoritySid implements Sid {
 	}
 
 	public String getGrantedAuthority() {
-		return grantedAuthority;
+		return this.grantedAuthority;
 	}
 
 	@Override
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/ObjectIdentityImpl.java b/acl/src/main/java/org/springframework/security/acls/domain/ObjectIdentityImpl.java
index bfc975f355..727e81ee77 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/ObjectIdentityImpl.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/ObjectIdentityImpl.java
@@ -69,7 +69,7 @@ public class ObjectIdentityImpl implements ObjectIdentity {
 		Assert.notNull(object, "object cannot be null");
 
 		Class<?> typeClass = ClassUtils.getUserClass(object.getClass());
-		type = typeClass.getName();
+		this.type = typeClass.getName();
 
 		Object result;
 
@@ -105,30 +105,30 @@ public class ObjectIdentityImpl implements ObjectIdentity {
 
 		ObjectIdentityImpl other = (ObjectIdentityImpl) arg0;
 
-		if (identifier instanceof Number && other.identifier instanceof Number) {
+		if (this.identifier instanceof Number && other.identifier instanceof Number) {
 			// Integers and Longs with same value should be considered equal
-			if (((Number) identifier).longValue() != ((Number) other.identifier).longValue()) {
+			if (((Number) this.identifier).longValue() != ((Number) other.identifier).longValue()) {
 				return false;
 			}
 		}
 		else {
 			// Use plain equality for other serializable types
-			if (!identifier.equals(other.identifier)) {
+			if (!this.identifier.equals(other.identifier)) {
 				return false;
 			}
 		}
 
-		return type.equals(other.type);
+		return this.type.equals(other.type);
 	}
 
 	@Override
 	public Serializable getIdentifier() {
-		return identifier;
+		return this.identifier;
 	}
 
 	@Override
 	public String getType() {
-		return type;
+		return this.type;
 	}
 
 	/**
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/PrincipalSid.java b/acl/src/main/java/org/springframework/security/acls/domain/PrincipalSid.java
index 22326bd469..71dae880aa 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/PrincipalSid.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/PrincipalSid.java
@@ -62,7 +62,7 @@ public class PrincipalSid implements Sid {
 	}
 
 	public String getPrincipal() {
-		return principal;
+		return this.principal;
 	}
 
 	@Override
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/SidRetrievalStrategyImpl.java b/acl/src/main/java/org/springframework/security/acls/domain/SidRetrievalStrategyImpl.java
index 10df1af2d0..2a9619a46a 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/SidRetrievalStrategyImpl.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/SidRetrievalStrategyImpl.java
@@ -52,7 +52,7 @@ public class SidRetrievalStrategyImpl implements SidRetrievalStrategy {
 	}
 
 	public List<Sid> getSids(Authentication authentication) {
-		Collection<? extends GrantedAuthority> authorities = roleHierarchy
+		Collection<? extends GrantedAuthority> authorities = this.roleHierarchy
 				.getReachableGrantedAuthorities(authentication.getAuthorities());
 		List<Sid> sids = new ArrayList<>(authorities.size() + 1);
 
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/SpringCacheBasedAclCache.java b/acl/src/main/java/org/springframework/security/acls/domain/SpringCacheBasedAclCache.java
index a2e9eda533..1d2913602c 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/SpringCacheBasedAclCache.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/SpringCacheBasedAclCache.java
@@ -62,8 +62,8 @@ public class SpringCacheBasedAclCache implements AclCache {
 		MutableAcl acl = getFromCache(pk);
 
 		if (acl != null) {
-			cache.evict(acl.getId());
-			cache.evict(acl.getObjectIdentity());
+			this.cache.evict(acl.getId());
+			this.cache.evict(acl.getObjectIdentity());
 		}
 	}
 
@@ -73,8 +73,8 @@ public class SpringCacheBasedAclCache implements AclCache {
 		MutableAcl acl = getFromCache(objectIdentity);
 
 		if (acl != null) {
-			cache.evict(acl.getId());
-			cache.evict(acl.getObjectIdentity());
+			this.cache.evict(acl.getId());
+			this.cache.evict(acl.getObjectIdentity());
 		}
 	}
 
@@ -97,12 +97,12 @@ public class SpringCacheBasedAclCache implements AclCache {
 			putInCache((MutableAcl) acl.getParentAcl());
 		}
 
-		cache.put(acl.getObjectIdentity(), acl);
-		cache.put(acl.getId(), acl);
+		this.cache.put(acl.getObjectIdentity(), acl);
+		this.cache.put(acl.getId(), acl);
 	}
 
 	private MutableAcl getFromCache(Object key) {
-		Cache.ValueWrapper element = cache.get(key);
+		Cache.ValueWrapper element = this.cache.get(key);
 
 		if (element == null) {
 			return null;
@@ -124,7 +124,7 @@ public class SpringCacheBasedAclCache implements AclCache {
 	}
 
 	public void clearCache() {
-		cache.clear();
+		this.cache.clear();
 	}
 
 }
diff --git a/acl/src/main/java/org/springframework/security/acls/jdbc/AclClassIdUtils.java b/acl/src/main/java/org/springframework/security/acls/jdbc/AclClassIdUtils.java
index a244cbf1f4..d8b4ca7555 100644
--- a/acl/src/main/java/org/springframework/security/acls/jdbc/AclClassIdUtils.java
+++ b/acl/src/main/java/org/springframework/security/acls/jdbc/AclClassIdUtils.java
@@ -109,11 +109,11 @@ class AclClassIdUtils {
 	}
 
 	private <T> boolean canConvertFromStringTo(Class<T> targetType) {
-		return conversionService.canConvert(String.class, targetType);
+		return this.conversionService.canConvert(String.class, targetType);
 	}
 
 	private <T extends Serializable> T convertFromStringTo(String identifier, Class<T> targetType) {
-		return conversionService.convert(identifier, targetType);
+		return this.conversionService.convert(identifier, targetType);
 	}
 
 	/**
@@ -128,8 +128,8 @@ class AclClassIdUtils {
 	 */
 	private Long convertToLong(Serializable identifier) {
 		Long idAsLong;
-		if (conversionService.canConvert(identifier.getClass(), Long.class)) {
-			idAsLong = conversionService.convert(identifier, Long.class);
+		if (this.conversionService.canConvert(identifier.getClass(), Long.class)) {
+			idAsLong = this.conversionService.convert(identifier, Long.class);
 		}
 		else {
 			idAsLong = Long.valueOf(identifier.toString());
diff --git a/acl/src/main/java/org/springframework/security/acls/jdbc/BasicLookupStrategy.java b/acl/src/main/java/org/springframework/security/acls/jdbc/BasicLookupStrategy.java
index 326b2f2c76..a8314d2dd7 100644
--- a/acl/src/main/java/org/springframework/security/acls/jdbc/BasicLookupStrategy.java
+++ b/acl/src/main/java/org/springframework/security/acls/jdbc/BasicLookupStrategy.java
@@ -156,21 +156,21 @@ public class BasicLookupStrategy implements LookupStrategy {
 		Assert.notNull(aclCache, "AclCache required");
 		Assert.notNull(aclAuthorizationStrategy, "AclAuthorizationStrategy required");
 		Assert.notNull(grantingStrategy, "grantingStrategy required");
-		jdbcTemplate = new JdbcTemplate(dataSource);
+		this.jdbcTemplate = new JdbcTemplate(dataSource);
 		this.aclCache = aclCache;
 		this.aclAuthorizationStrategy = aclAuthorizationStrategy;
 		this.grantingStrategy = grantingStrategy;
 		this.aclClassIdUtils = new AclClassIdUtils();
-		fieldAces.setAccessible(true);
-		fieldAcl.setAccessible(true);
+		this.fieldAces.setAccessible(true);
+		this.fieldAcl.setAccessible(true);
 	}
 
 	private String computeRepeatingSql(String repeatingSql, int requiredRepetitions) {
 		assert requiredRepetitions > 0 : "requiredRepetitions must be > 0";
 
-		final String startSql = selectClause;
+		final String startSql = this.selectClause;
 
-		final String endSql = orderByClause;
+		final String endSql = this.orderByClause;
 
 		StringBuilder sqlStringBldr = new StringBuilder(
 				startSql.length() + endSql.length() + requiredRepetitions * (repeatingSql.length() + 4));
@@ -192,7 +192,7 @@ public class BasicLookupStrategy implements LookupStrategy {
 	@SuppressWarnings("unchecked")
 	private List<AccessControlEntryImpl> readAces(AclImpl acl) {
 		try {
-			return (List<AccessControlEntryImpl>) fieldAces.get(acl);
+			return (List<AccessControlEntryImpl>) this.fieldAces.get(acl);
 		}
 		catch (IllegalAccessException e) {
 			throw new IllegalStateException("Could not obtain AclImpl.aces field", e);
@@ -201,7 +201,7 @@ public class BasicLookupStrategy implements LookupStrategy {
 
 	private void setAclOnAce(AccessControlEntryImpl ace, AclImpl acl) {
 		try {
-			fieldAcl.set(ace, acl);
+			this.fieldAcl.set(ace, acl);
 		}
 		catch (IllegalAccessException e) {
 			throw new IllegalStateException("Could not or set AclImpl on AccessControlEntryImpl fields", e);
@@ -210,7 +210,7 @@ public class BasicLookupStrategy implements LookupStrategy {
 
 	private void setAces(AclImpl acl, List<AccessControlEntryImpl> aces) {
 		try {
-			fieldAces.set(acl, aces);
+			this.fieldAces.set(acl, aces);
 		}
 		catch (IllegalAccessException e) {
 			throw new IllegalStateException("Could not set AclImpl entries", e);
@@ -228,9 +228,9 @@ public class BasicLookupStrategy implements LookupStrategy {
 		Assert.notNull(acls, "ACLs are required");
 		Assert.notEmpty(findNow, "Items to find now required");
 
-		String sql = computeRepeatingSql(lookupPrimaryKeysWhereClause, findNow.size());
+		String sql = computeRepeatingSql(this.lookupPrimaryKeysWhereClause, findNow.size());
 
-		Set<Long> parentsToLookup = jdbcTemplate.query(sql, ps -> {
+		Set<Long> parentsToLookup = this.jdbcTemplate.query(sql, ps -> {
 			int i = 0;
 
 			for (Long toFind : findNow) {
@@ -265,7 +265,7 @@ public class BasicLookupStrategy implements LookupStrategy {
 	 * automatically create entries if required)
 	 */
 	public final Map<ObjectIdentity, Acl> readAclsById(List<ObjectIdentity> objects, List<Sid> sids) {
-		Assert.isTrue(batchSize >= 1, "BatchSize must be >= 1");
+		Assert.isTrue(this.batchSize >= 1, "BatchSize must be >= 1");
 		Assert.notEmpty(objects, "Objects to lookup required");
 
 		// Map<ObjectIdentity,Acl>
@@ -288,7 +288,7 @@ public class BasicLookupStrategy implements LookupStrategy {
 
 			// Check cache for the present ACL entry
 			if (!aclFound) {
-				Acl acl = aclCache.getFromCache(oid);
+				Acl acl = this.aclCache.getFromCache(oid);
 
 				// Ensure any cached element supports all the requested SIDs
 				// (they should always, as our base impl doesn't filter on SID)
@@ -321,7 +321,7 @@ public class BasicLookupStrategy implements LookupStrategy {
 					// Add the loaded batch to the cache
 
 					for (Acl loadedAcl : loadedBatch.values()) {
-						aclCache.putInCache((AclImpl) loadedAcl);
+						this.aclCache.putInCache((AclImpl) loadedAcl);
 					}
 
 					currentBatchToLoad.clear();
@@ -354,9 +354,9 @@ public class BasicLookupStrategy implements LookupStrategy {
 
 		// Make the "acls" map contain all requested objectIdentities
 		// (including markers to each parent in the hierarchy)
-		String sql = computeRepeatingSql(lookupObjectIdentitiesWhereClause, objectIdentities.size());
+		String sql = computeRepeatingSql(this.lookupObjectIdentitiesWhereClause, objectIdentities.size());
 
-		Set<Long> parentsToLookup = jdbcTemplate.query(sql, ps -> {
+		Set<Long> parentsToLookup = this.jdbcTemplate.query(sql, ps -> {
 			int i = 0;
 			for (ObjectIdentity oid : objectIdentities) {
 				// Determine prepared statement values for this iteration
@@ -421,8 +421,8 @@ public class BasicLookupStrategy implements LookupStrategy {
 		}
 
 		// Now we have the parent (if there is one), create the true AclImpl
-		AclImpl result = new AclImpl(inputAcl.getObjectIdentity(), inputAcl.getId(), aclAuthorizationStrategy,
-				grantingStrategy, parent, null, inputAcl.isEntriesInheriting(), inputAcl.getOwner());
+		AclImpl result = new AclImpl(inputAcl.getObjectIdentity(), inputAcl.getId(), this.aclAuthorizationStrategy,
+				this.grantingStrategy, parent, null, inputAcl.isEntriesInheriting(), inputAcl.getOwner());
 
 		// Copy the "aces" from the input to the destination
 
@@ -548,27 +548,27 @@ public class BasicLookupStrategy implements LookupStrategy {
 
 			while (rs.next()) {
 				// Convert current row into an Acl (albeit with a StubAclParent)
-				convertCurrentResultIntoObject(acls, rs);
+				convertCurrentResultIntoObject(this.acls, rs);
 
 				// Figure out if this row means we need to lookup another parent
 				long parentId = rs.getLong("parent_object");
 
 				if (parentId != 0) {
 					// See if it's already in the "acls"
-					if (acls.containsKey(parentId)) {
+					if (this.acls.containsKey(parentId)) {
 						continue; // skip this while iteration
 					}
 
 					// Now try to find it in the cache
-					MutableAcl cached = aclCache.getFromCache(parentId);
+					MutableAcl cached = BasicLookupStrategy.this.aclCache.getFromCache(parentId);
 
-					if ((cached == null) || !cached.isSidLoaded(sids)) {
+					if ((cached == null) || !cached.isSidLoaded(this.sids)) {
 						parentIdsToLookup.add(parentId);
 					}
 					else {
 						// Pop into the acls map, so our convert method doesn't
 						// need to deal with an unsynchronized AclCache
-						acls.put(cached.getId(), cached);
+						this.acls.put(cached.getId(), cached);
 					}
 				}
 			}
@@ -597,7 +597,7 @@ public class BasicLookupStrategy implements LookupStrategy {
 				// If the Java type is a String, check to see if we can convert it to the
 				// target id type, e.g. UUID.
 				Serializable identifier = (Serializable) rs.getObject("object_id_identity");
-				identifier = aclClassIdUtils.identifierFrom(identifier, rs);
+				identifier = BasicLookupStrategy.this.aclClassIdUtils.identifierFrom(identifier, rs);
 				ObjectIdentity objectIdentity = new ObjectIdentityImpl(rs.getString("class"), identifier);
 
 				Acl parentAcl = null;
@@ -610,8 +610,8 @@ public class BasicLookupStrategy implements LookupStrategy {
 				boolean entriesInheriting = rs.getBoolean("entries_inheriting");
 				Sid owner = createSid(rs.getBoolean("acl_principal"), rs.getString("acl_sid"));
 
-				acl = new AclImpl(objectIdentity, id, aclAuthorizationStrategy, grantingStrategy, parentAcl, null,
-						entriesInheriting, owner);
+				acl = new AclImpl(objectIdentity, id, BasicLookupStrategy.this.aclAuthorizationStrategy,
+						BasicLookupStrategy.this.grantingStrategy, parentAcl, null, entriesInheriting, owner);
 
 				acls.put(id, acl);
 			}
@@ -624,7 +624,7 @@ public class BasicLookupStrategy implements LookupStrategy {
 				Sid recipient = createSid(rs.getBoolean("ace_principal"), rs.getString("ace_sid"));
 
 				int mask = rs.getInt("mask");
-				Permission permission = permissionFactory.buildFromMask(mask);
+				Permission permission = BasicLookupStrategy.this.permissionFactory.buildFromMask(mask);
 				boolean granting = rs.getBoolean("granting");
 				boolean auditSuccess = rs.getBoolean("audit_success");
 				boolean auditFailure = rs.getBoolean("audit_failure");
@@ -657,7 +657,7 @@ public class BasicLookupStrategy implements LookupStrategy {
 		}
 
 		public Long getId() {
-			return id;
+			return this.id;
 		}
 
 		public ObjectIdentity getObjectIdentity() {
diff --git a/acl/src/main/java/org/springframework/security/acls/jdbc/JdbcAclService.java b/acl/src/main/java/org/springframework/security/acls/jdbc/JdbcAclService.java
index c6d2479b34..4899243c8d 100644
--- a/acl/src/main/java/org/springframework/security/acls/jdbc/JdbcAclService.java
+++ b/acl/src/main/java/org/springframework/security/acls/jdbc/JdbcAclService.java
@@ -92,10 +92,10 @@ public class JdbcAclService implements AclService {
 
 	public List<ObjectIdentity> findChildren(ObjectIdentity parentIdentity) {
 		Object[] args = { parentIdentity.getIdentifier().toString(), parentIdentity.getType() };
-		List<ObjectIdentity> objects = jdbcOperations.query(findChildrenSql, args, (rs, rowNum) -> {
+		List<ObjectIdentity> objects = this.jdbcOperations.query(this.findChildrenSql, args, (rs, rowNum) -> {
 			String javaType = rs.getString("class");
 			Serializable identifier = (Serializable) rs.getObject("obj_id");
-			identifier = aclClassIdUtils.identifierFrom(identifier, rs);
+			identifier = this.aclClassIdUtils.identifierFrom(identifier, rs);
 			return new ObjectIdentityImpl(javaType, identifier);
 		});
 
@@ -124,7 +124,7 @@ public class JdbcAclService implements AclService {
 
 	public Map<ObjectIdentity, Acl> readAclsById(List<ObjectIdentity> objects, List<Sid> sids)
 			throws NotFoundException {
-		Map<ObjectIdentity, Acl> result = lookupStrategy.readAclsById(objects, sids);
+		Map<ObjectIdentity, Acl> result = this.lookupStrategy.readAclsById(objects, sids);
 
 		// Check every requested object identity was found (throw NotFoundException if
 		// needed)
@@ -163,7 +163,7 @@ public class JdbcAclService implements AclService {
 	}
 
 	protected boolean isAclClassIdSupported() {
-		return aclClassIdSupported;
+		return this.aclClassIdSupported;
 	}
 
 }
diff --git a/acl/src/main/java/org/springframework/security/acls/jdbc/JdbcMutableAclService.java b/acl/src/main/java/org/springframework/security/acls/jdbc/JdbcMutableAclService.java
index 88271c7ec1..144085607a 100644
--- a/acl/src/main/java/org/springframework/security/acls/jdbc/JdbcMutableAclService.java
+++ b/acl/src/main/java/org/springframework/security/acls/jdbc/JdbcMutableAclService.java
@@ -136,7 +136,7 @@ public class JdbcMutableAclService extends JdbcAclService implements MutableAclS
 		if (acl.getEntries().isEmpty()) {
 			return;
 		}
-		jdbcOperations.batchUpdate(insertEntry, new BatchPreparedStatementSetter() {
+		this.jdbcOperations.batchUpdate(this.insertEntry, new BatchPreparedStatementSetter() {
 			public int getBatchSize() {
 				return acl.getEntries().size();
 			}
@@ -168,7 +168,8 @@ public class JdbcMutableAclService extends JdbcAclService implements MutableAclS
 	protected void createObjectIdentity(ObjectIdentity object, Sid owner) {
 		Long sidId = createOrRetrieveSidPrimaryKey(owner, true);
 		Long classId = createOrRetrieveClassPrimaryKey(object.getType(), true, object.getIdentifier().getClass());
-		jdbcOperations.update(insertObjectIdentity, classId, object.getIdentifier().toString(), sidId, Boolean.TRUE);
+		this.jdbcOperations.update(this.insertObjectIdentity, classId, object.getIdentifier().toString(), sidId,
+				Boolean.TRUE);
 	}
 
 	/**
@@ -179,7 +180,8 @@ public class JdbcMutableAclService extends JdbcAclService implements MutableAclS
 	 * @return the primary key or null if not found
 	 */
 	protected Long createOrRetrieveClassPrimaryKey(String type, boolean allowCreate, Class idType) {
-		List<Long> classIds = jdbcOperations.queryForList(selectClassPrimaryKey, new Object[] { type }, Long.class);
+		List<Long> classIds = this.jdbcOperations.queryForList(this.selectClassPrimaryKey, new Object[] { type },
+				Long.class);
 
 		if (!classIds.isEmpty()) {
 			return classIds.get(0);
@@ -187,13 +189,13 @@ public class JdbcMutableAclService extends JdbcAclService implements MutableAclS
 
 		if (allowCreate) {
 			if (!isAclClassIdSupported()) {
-				jdbcOperations.update(insertClass, type);
+				this.jdbcOperations.update(this.insertClass, type);
 			}
 			else {
-				jdbcOperations.update(insertClass, type, idType.getCanonicalName());
+				this.jdbcOperations.update(this.insertClass, type, idType.getCanonicalName());
 			}
 			Assert.isTrue(TransactionSynchronizationManager.isSynchronizationActive(), "Transaction must be running");
-			return jdbcOperations.queryForObject(classIdentityQuery, Long.class);
+			return this.jdbcOperations.queryForObject(this.classIdentityQuery, Long.class);
 		}
 
 		return null;
@@ -238,17 +240,17 @@ public class JdbcMutableAclService extends JdbcAclService implements MutableAclS
 	 */
 	protected Long createOrRetrieveSidPrimaryKey(String sidName, boolean sidIsPrincipal, boolean allowCreate) {
 
-		List<Long> sidIds = jdbcOperations.queryForList(selectSidPrimaryKey, new Object[] { sidIsPrincipal, sidName },
-				Long.class);
+		List<Long> sidIds = this.jdbcOperations.queryForList(this.selectSidPrimaryKey,
+				new Object[] { sidIsPrincipal, sidName }, Long.class);
 
 		if (!sidIds.isEmpty()) {
 			return sidIds.get(0);
 		}
 
 		if (allowCreate) {
-			jdbcOperations.update(insertSid, sidIsPrincipal, sidName);
+			this.jdbcOperations.update(this.insertSid, sidIsPrincipal, sidName);
 			Assert.isTrue(TransactionSynchronizationManager.isSynchronizationActive(), "Transaction must be running");
-			return jdbcOperations.queryForObject(sidIdentityQuery, Long.class);
+			return this.jdbcOperations.queryForObject(this.sidIdentityQuery, Long.class);
 		}
 
 		return null;
@@ -267,7 +269,7 @@ public class JdbcMutableAclService extends JdbcAclService implements MutableAclS
 			}
 		}
 		else {
-			if (!foreignKeysInDatabase) {
+			if (!this.foreignKeysInDatabase) {
 				// We need to perform a manual verification for what a FK would normally
 				// do
 				// We generally don't do this, in the interests of deadlock management
@@ -288,7 +290,7 @@ public class JdbcMutableAclService extends JdbcAclService implements MutableAclS
 		deleteObjectIdentity(oidPrimaryKey);
 
 		// Clear the cache
-		aclCache.evictFromCache(objectIdentity);
+		this.aclCache.evictFromCache(objectIdentity);
 	}
 
 	/**
@@ -297,7 +299,7 @@ public class JdbcMutableAclService extends JdbcAclService implements MutableAclS
 	 * @param oidPrimaryKey the rows in acl_entry to delete
 	 */
 	protected void deleteEntries(Long oidPrimaryKey) {
-		jdbcOperations.update(deleteEntryByObjectIdentityForeignKey, oidPrimaryKey);
+		this.jdbcOperations.update(this.deleteEntryByObjectIdentityForeignKey, oidPrimaryKey);
 	}
 
 	/**
@@ -310,7 +312,7 @@ public class JdbcMutableAclService extends JdbcAclService implements MutableAclS
 	 */
 	protected void deleteObjectIdentity(Long oidPrimaryKey) {
 		// Delete the acl_object_identity row
-		jdbcOperations.update(deleteObjectIdentityByPrimaryKey, oidPrimaryKey);
+		this.jdbcOperations.update(this.deleteObjectIdentityByPrimaryKey, oidPrimaryKey);
 	}
 
 	/**
@@ -322,7 +324,7 @@ public class JdbcMutableAclService extends JdbcAclService implements MutableAclS
 	 */
 	protected Long retrieveObjectIdentityPrimaryKey(ObjectIdentity oid) {
 		try {
-			return jdbcOperations.queryForObject(selectObjectIdentityPrimaryKey, Long.class, oid.getType(),
+			return this.jdbcOperations.queryForObject(this.selectObjectIdentityPrimaryKey, Long.class, oid.getType(),
 					oid.getIdentifier().toString());
 		}
 		catch (DataAccessException notFound) {
@@ -364,7 +366,7 @@ public class JdbcMutableAclService extends JdbcAclService implements MutableAclS
 				clearCacheIncludingChildren(child);
 			}
 		}
-		aclCache.evictFromCache(objectIdentity);
+		this.aclCache.evictFromCache(objectIdentity);
 	}
 
 	/**
@@ -388,7 +390,7 @@ public class JdbcMutableAclService extends JdbcAclService implements MutableAclS
 		Assert.notNull(acl.getOwner(), "Owner is required in this implementation");
 
 		Long ownerSid = createOrRetrieveSidPrimaryKey(acl.getOwner(), true);
-		int count = jdbcOperations.update(updateObjectIdentity, parentId, ownerSid, acl.isEntriesInheriting(),
+		int count = this.jdbcOperations.update(this.updateObjectIdentity, parentId, ownerSid, acl.isEntriesInheriting(),
 				acl.getId());
 
 		if (count != 1) {
diff --git a/acl/src/test/java/org/springframework/security/acls/TargetObjectWithUUID.java b/acl/src/test/java/org/springframework/security/acls/TargetObjectWithUUID.java
index 11b297257d..199eff0eb2 100644
--- a/acl/src/test/java/org/springframework/security/acls/TargetObjectWithUUID.java
+++ b/acl/src/test/java/org/springframework/security/acls/TargetObjectWithUUID.java
@@ -27,7 +27,7 @@ public final class TargetObjectWithUUID {
 	private UUID id;
 
 	public UUID getId() {
-		return id;
+		return this.id;
 	}
 
 	public void setId(UUID id) {
diff --git a/acl/src/test/java/org/springframework/security/acls/domain/AclAuthorizationStrategyImplTests.java b/acl/src/test/java/org/springframework/security/acls/domain/AclAuthorizationStrategyImplTests.java
index 219c434806..907f7c1cc0 100644
--- a/acl/src/test/java/org/springframework/security/acls/domain/AclAuthorizationStrategyImplTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/domain/AclAuthorizationStrategyImplTests.java
@@ -46,9 +46,9 @@ public class AclAuthorizationStrategyImplTests {
 
 	@Before
 	public void setup() {
-		authority = new SimpleGrantedAuthority("ROLE_AUTH");
+		this.authority = new SimpleGrantedAuthority("ROLE_AUTH");
 		TestingAuthenticationToken authentication = new TestingAuthenticationToken("foo", "bar",
-				Arrays.asList(authority));
+				Arrays.asList(this.authority));
 		authentication.setAuthenticated(true);
 		SecurityContextHolder.getContext().setAuthentication(authentication);
 	}
@@ -61,8 +61,8 @@ public class AclAuthorizationStrategyImplTests {
 	// gh-4085
 	@Test
 	public void securityCheckWhenCustomAuthorityThenNameIsUsed() {
-		strategy = new AclAuthorizationStrategyImpl(new CustomAuthority());
-		strategy.securityCheck(acl, AclAuthorizationStrategy.CHANGE_GENERAL);
+		this.strategy = new AclAuthorizationStrategyImpl(new CustomAuthority());
+		this.strategy.securityCheck(this.acl, AclAuthorizationStrategy.CHANGE_GENERAL);
 	}
 
 	@SuppressWarnings("serial")
@@ -70,7 +70,7 @@ public class AclAuthorizationStrategyImplTests {
 
 		@Override
 		public String getAuthority() {
-			return authority.getAuthority();
+			return AclAuthorizationStrategyImplTests.this.authority.getAuthority();
 		}
 
 	}
diff --git a/acl/src/test/java/org/springframework/security/acls/domain/AclImplTests.java b/acl/src/test/java/org/springframework/security/acls/domain/AclImplTests.java
index 187b1a6631..e49c990ab1 100644
--- a/acl/src/test/java/org/springframework/security/acls/domain/AclImplTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/domain/AclImplTests.java
@@ -83,12 +83,12 @@ public class AclImplTests {
 
 	@Before
 	public void setUp() {
-		SecurityContextHolder.getContext().setAuthentication(auth);
-		authzStrategy = mock(AclAuthorizationStrategy.class);
-		mockAuditLogger = mock(AuditLogger.class);
-		pgs = new DefaultPermissionGrantingStrategy(mockAuditLogger);
-		auth.setAuthenticated(true);
-		permissionFactory = new DefaultPermissionFactory();
+		SecurityContextHolder.getContext().setAuthentication(this.auth);
+		this.authzStrategy = mock(AclAuthorizationStrategy.class);
+		this.mockAuditLogger = mock(AuditLogger.class);
+		this.pgs = new DefaultPermissionGrantingStrategy(this.mockAuditLogger);
+		this.auth.setAuthenticated(true);
+		this.permissionFactory = new DefaultPermissionFactory();
 	}
 
 	@After
@@ -99,41 +99,43 @@ public class AclImplTests {
 	@Test(expected = IllegalArgumentException.class)
 	public void constructorsRejectNullObjectIdentity() {
 		try {
-			new AclImpl(null, 1, authzStrategy, pgs, null, null, true, new PrincipalSid("joe"));
+			new AclImpl(null, 1, this.authzStrategy, this.pgs, null, null, true, new PrincipalSid("joe"));
 			fail("Should have thrown IllegalArgumentException");
 		}
 		catch (IllegalArgumentException expected) {
 		}
-		new AclImpl(null, 1, authzStrategy, mockAuditLogger);
+		new AclImpl(null, 1, this.authzStrategy, this.mockAuditLogger);
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void constructorsRejectNullId() {
 		try {
-			new AclImpl(objectIdentity, null, authzStrategy, pgs, null, null, true, new PrincipalSid("joe"));
+			new AclImpl(this.objectIdentity, null, this.authzStrategy, this.pgs, null, null, true,
+					new PrincipalSid("joe"));
 			fail("Should have thrown IllegalArgumentException");
 		}
 		catch (IllegalArgumentException expected) {
 		}
-		new AclImpl(objectIdentity, null, authzStrategy, mockAuditLogger);
+		new AclImpl(this.objectIdentity, null, this.authzStrategy, this.mockAuditLogger);
 	}
 
 	@SuppressWarnings("deprecation")
 	@Test(expected = IllegalArgumentException.class)
 	public void constructorsRejectNullAclAuthzStrategy() {
 		try {
-			new AclImpl(objectIdentity, 1, null, new DefaultPermissionGrantingStrategy(mockAuditLogger), null, null,
-					true, new PrincipalSid("joe"));
+			new AclImpl(this.objectIdentity, 1, null, new DefaultPermissionGrantingStrategy(this.mockAuditLogger), null,
+					null, true, new PrincipalSid("joe"));
 			fail("It should have thrown IllegalArgumentException");
 		}
 		catch (IllegalArgumentException expected) {
 		}
-		new AclImpl(objectIdentity, 1, null, mockAuditLogger);
+		new AclImpl(this.objectIdentity, 1, null, this.mockAuditLogger);
 	}
 
 	@Test
 	public void insertAceRejectsNullParameters() {
-		MutableAcl acl = new AclImpl(objectIdentity, 1, authzStrategy, pgs, null, null, true, new PrincipalSid("joe"));
+		MutableAcl acl = new AclImpl(this.objectIdentity, 1, this.authzStrategy, this.pgs, null, null, true,
+				new PrincipalSid("joe"));
 		try {
 			acl.insertAce(0, null, new GrantedAuthoritySid("ROLE_IGNORED"), true);
 			fail("It should have thrown IllegalArgumentException");
@@ -150,7 +152,8 @@ public class AclImplTests {
 
 	@Test
 	public void insertAceAddsElementAtCorrectIndex() {
-		MutableAcl acl = new AclImpl(objectIdentity, 1, authzStrategy, pgs, null, null, true, new PrincipalSid("joe"));
+		MutableAcl acl = new AclImpl(this.objectIdentity, 1, this.authzStrategy, this.pgs, null, null, true,
+				new PrincipalSid("joe"));
 		MockAclService service = new MockAclService();
 
 		// Insert one permission
@@ -186,7 +189,8 @@ public class AclImplTests {
 
 	@Test(expected = NotFoundException.class)
 	public void insertAceFailsForNonExistentElement() {
-		MutableAcl acl = new AclImpl(objectIdentity, 1, authzStrategy, pgs, null, null, true, new PrincipalSid("joe"));
+		MutableAcl acl = new AclImpl(this.objectIdentity, 1, this.authzStrategy, this.pgs, null, null, true,
+				new PrincipalSid("joe"));
 		MockAclService service = new MockAclService();
 
 		// Insert one permission
@@ -198,7 +202,8 @@ public class AclImplTests {
 
 	@Test
 	public void deleteAceKeepsInitialOrdering() {
-		MutableAcl acl = new AclImpl(objectIdentity, 1, authzStrategy, pgs, null, null, true, new PrincipalSid("joe"));
+		MutableAcl acl = new AclImpl(this.objectIdentity, 1, this.authzStrategy, this.pgs, null, null, true,
+				new PrincipalSid("joe"));
 		MockAclService service = new MockAclService();
 
 		// Add several permissions
@@ -233,7 +238,8 @@ public class AclImplTests {
 		AclAuthorizationStrategyImpl strategy = new AclAuthorizationStrategyImpl(
 				new SimpleGrantedAuthority("ROLE_OWNERSHIP"), new SimpleGrantedAuthority("ROLE_AUDITING"),
 				new SimpleGrantedAuthority("ROLE_GENERAL"));
-		MutableAcl acl = new AclImpl(objectIdentity, (1), strategy, pgs, null, null, true, new PrincipalSid("joe"));
+		MutableAcl acl = new AclImpl(this.objectIdentity, (1), strategy, this.pgs, null, null, true,
+				new PrincipalSid("joe"));
 		try {
 			acl.deleteAce(99);
 			fail("It should have thrown NotFoundException");
@@ -244,7 +250,8 @@ public class AclImplTests {
 
 	@Test
 	public void isGrantingRejectsEmptyParameters() {
-		MutableAcl acl = new AclImpl(objectIdentity, 1, authzStrategy, pgs, null, null, true, new PrincipalSid("joe"));
+		MutableAcl acl = new AclImpl(this.objectIdentity, 1, this.authzStrategy, this.pgs, null, null, true,
+				new PrincipalSid("joe"));
 		Sid ben = new PrincipalSid("ben");
 		try {
 			acl.isGranted(new ArrayList<>(0), Arrays.asList(ben), false);
@@ -268,7 +275,8 @@ public class AclImplTests {
 		ObjectIdentity rootOid = new ObjectIdentityImpl(TARGET_CLASS, 100);
 
 		// Create an ACL which owner is not the authenticated principal
-		MutableAcl rootAcl = new AclImpl(rootOid, 1, authzStrategy, pgs, null, null, false, new PrincipalSid("joe"));
+		MutableAcl rootAcl = new AclImpl(rootOid, 1, this.authzStrategy, this.pgs, null, null, false,
+				new PrincipalSid("joe"));
 
 		// Grant some permissions
 		rootAcl.insertAce(0, BasePermission.READ, new PrincipalSid("ben"), false);
@@ -314,11 +322,12 @@ public class AclImplTests {
 
 		// Create ACLs
 		PrincipalSid joe = new PrincipalSid("joe");
-		MutableAcl grandParentAcl = new AclImpl(grandParentOid, 1, authzStrategy, pgs, null, null, false, joe);
-		MutableAcl parentAcl1 = new AclImpl(parentOid1, 2, authzStrategy, pgs, null, null, true, joe);
-		MutableAcl parentAcl2 = new AclImpl(parentOid2, 3, authzStrategy, pgs, null, null, true, joe);
-		MutableAcl childAcl1 = new AclImpl(childOid1, 4, authzStrategy, pgs, null, null, true, joe);
-		MutableAcl childAcl2 = new AclImpl(childOid2, 4, authzStrategy, pgs, null, null, false, joe);
+		MutableAcl grandParentAcl = new AclImpl(grandParentOid, 1, this.authzStrategy, this.pgs, null, null, false,
+				joe);
+		MutableAcl parentAcl1 = new AclImpl(parentOid1, 2, this.authzStrategy, this.pgs, null, null, true, joe);
+		MutableAcl parentAcl2 = new AclImpl(parentOid2, 3, this.authzStrategy, this.pgs, null, null, true, joe);
+		MutableAcl childAcl1 = new AclImpl(childOid1, 4, this.authzStrategy, this.pgs, null, null, true, joe);
+		MutableAcl childAcl2 = new AclImpl(childOid2, 4, this.authzStrategy, this.pgs, null, null, false, joe);
 
 		// Create hierarchies
 		childAcl2.setParent(childAcl1);
@@ -376,7 +385,8 @@ public class AclImplTests {
 		Authentication auth = new TestingAuthenticationToken("ben", "ignored", "ROLE_GENERAL");
 		auth.setAuthenticated(true);
 		SecurityContextHolder.getContext().setAuthentication(auth);
-		MutableAcl acl = new AclImpl(objectIdentity, 1, authzStrategy, pgs, null, null, false, new PrincipalSid("joe"));
+		MutableAcl acl = new AclImpl(this.objectIdentity, 1, this.authzStrategy, this.pgs, null, null, false,
+				new PrincipalSid("joe"));
 		MockAclService service = new MockAclService();
 
 		acl.insertAce(0, BasePermission.READ, new GrantedAuthoritySid("ROLE_USER_READ"), true);
@@ -404,7 +414,8 @@ public class AclImplTests {
 		Authentication auth = new TestingAuthenticationToken("ben", "ignored", "ROLE_AUDITING", "ROLE_GENERAL");
 		auth.setAuthenticated(true);
 		SecurityContextHolder.getContext().setAuthentication(auth);
-		MutableAcl acl = new AclImpl(objectIdentity, 1, authzStrategy, pgs, null, null, false, new PrincipalSid("joe"));
+		MutableAcl acl = new AclImpl(this.objectIdentity, 1, this.authzStrategy, this.pgs, null, null, false,
+				new PrincipalSid("joe"));
 		MockAclService service = new MockAclService();
 
 		acl.insertAce(0, BasePermission.READ, new GrantedAuthoritySid("ROLE_USER_READ"), true);
@@ -432,8 +443,10 @@ public class AclImplTests {
 		SecurityContextHolder.getContext().setAuthentication(auth);
 		ObjectIdentity identity = new ObjectIdentityImpl(TARGET_CLASS, (100));
 		ObjectIdentity identity2 = new ObjectIdentityImpl(TARGET_CLASS, (101));
-		MutableAcl acl = new AclImpl(identity, 1, authzStrategy, pgs, null, null, true, new PrincipalSid("joe"));
-		MutableAcl parentAcl = new AclImpl(identity2, 2, authzStrategy, pgs, null, null, true, new PrincipalSid("joe"));
+		MutableAcl acl = new AclImpl(identity, 1, this.authzStrategy, this.pgs, null, null, true,
+				new PrincipalSid("joe"));
+		MutableAcl parentAcl = new AclImpl(identity2, 2, this.authzStrategy, this.pgs, null, null, true,
+				new PrincipalSid("joe"));
 		MockAclService service = new MockAclService();
 		acl.insertAce(0, BasePermission.READ, new GrantedAuthoritySid("ROLE_USER_READ"), true);
 		acl.insertAce(1, BasePermission.WRITE, new GrantedAuthoritySid("ROLE_USER_READ"), true);
@@ -459,7 +472,7 @@ public class AclImplTests {
 	@Test
 	public void isSidLoadedBehavesAsExpected() {
 		List<Sid> loadedSids = Arrays.asList(new PrincipalSid("ben"), new GrantedAuthoritySid("ROLE_IGNORED"));
-		MutableAcl acl = new AclImpl(objectIdentity, 1, authzStrategy, pgs, null, loadedSids, true,
+		MutableAcl acl = new AclImpl(this.objectIdentity, 1, this.authzStrategy, this.pgs, null, loadedSids, true,
 				new PrincipalSid("joe"));
 
 		assertThat(acl.isSidLoaded(loadedSids)).isTrue();
@@ -482,19 +495,22 @@ public class AclImplTests {
 
 	@Test(expected = NotFoundException.class)
 	public void insertAceRaisesNotFoundExceptionForIndexLessThanZero() {
-		AclImpl acl = new AclImpl(objectIdentity, 1, authzStrategy, pgs, null, null, true, new PrincipalSid("joe"));
+		AclImpl acl = new AclImpl(this.objectIdentity, 1, this.authzStrategy, this.pgs, null, null, true,
+				new PrincipalSid("joe"));
 		acl.insertAce(-1, mock(Permission.class), mock(Sid.class), true);
 	}
 
 	@Test(expected = NotFoundException.class)
 	public void deleteAceRaisesNotFoundExceptionForIndexLessThanZero() {
-		AclImpl acl = new AclImpl(objectIdentity, 1, authzStrategy, pgs, null, null, true, new PrincipalSid("joe"));
+		AclImpl acl = new AclImpl(this.objectIdentity, 1, this.authzStrategy, this.pgs, null, null, true,
+				new PrincipalSid("joe"));
 		acl.deleteAce(-1);
 	}
 
 	@Test(expected = NotFoundException.class)
 	public void insertAceRaisesNotFoundExceptionForIndexGreaterThanSize() {
-		AclImpl acl = new AclImpl(objectIdentity, 1, authzStrategy, pgs, null, null, true, new PrincipalSid("joe"));
+		AclImpl acl = new AclImpl(this.objectIdentity, 1, this.authzStrategy, this.pgs, null, null, true,
+				new PrincipalSid("joe"));
 		// Insert at zero, OK.
 		acl.insertAce(0, mock(Permission.class), mock(Sid.class), true);
 		// Size is now 1
@@ -504,7 +520,8 @@ public class AclImplTests {
 	// SEC-1151
 	@Test(expected = NotFoundException.class)
 	public void deleteAceRaisesNotFoundExceptionForIndexEqualToSize() {
-		AclImpl acl = new AclImpl(objectIdentity, 1, authzStrategy, pgs, null, null, true, new PrincipalSid("joe"));
+		AclImpl acl = new AclImpl(this.objectIdentity, 1, this.authzStrategy, this.pgs, null, null, true,
+				new PrincipalSid("joe"));
 		acl.insertAce(0, mock(Permission.class), mock(Sid.class), true);
 		// Size is now 1
 		acl.deleteAce(1);
@@ -513,9 +530,9 @@ public class AclImplTests {
 	// SEC-1795
 	@Test
 	public void changingParentIsSuccessful() {
-		AclImpl parentAcl = new AclImpl(objectIdentity, 1L, authzStrategy, mockAuditLogger);
-		AclImpl childAcl = new AclImpl(objectIdentity, 2L, authzStrategy, mockAuditLogger);
-		AclImpl changeParentAcl = new AclImpl(objectIdentity, 3L, authzStrategy, mockAuditLogger);
+		AclImpl parentAcl = new AclImpl(this.objectIdentity, 1L, this.authzStrategy, this.mockAuditLogger);
+		AclImpl childAcl = new AclImpl(this.objectIdentity, 2L, this.authzStrategy, this.mockAuditLogger);
+		AclImpl changeParentAcl = new AclImpl(this.objectIdentity, 3L, this.authzStrategy, this.mockAuditLogger);
 
 		childAcl.setParent(parentAcl);
 		childAcl.setParent(changeParentAcl);
@@ -524,10 +541,11 @@ public class AclImplTests {
 	// SEC-2342
 	@Test
 	public void maskPermissionGrantingStrategy() {
-		DefaultPermissionGrantingStrategy maskPgs = new MaskPermissionGrantingStrategy(mockAuditLogger);
+		DefaultPermissionGrantingStrategy maskPgs = new MaskPermissionGrantingStrategy(this.mockAuditLogger);
 		MockAclService service = new MockAclService();
-		AclImpl acl = new AclImpl(objectIdentity, 1, authzStrategy, maskPgs, null, null, true, new PrincipalSid("joe"));
-		Permission permission = permissionFactory
+		AclImpl acl = new AclImpl(this.objectIdentity, 1, this.authzStrategy, maskPgs, null, null, true,
+				new PrincipalSid("joe"));
+		Permission permission = this.permissionFactory
 				.buildFromMask(BasePermission.READ.getMask() | BasePermission.WRITE.getMask());
 		Sid sid = new PrincipalSid("ben");
 		acl.insertAce(0, permission, sid, true);
diff --git a/acl/src/test/java/org/springframework/security/acls/domain/AuditLoggerTests.java b/acl/src/test/java/org/springframework/security/acls/domain/AuditLoggerTests.java
index 491bffcc4f..095983b49c 100644
--- a/acl/src/test/java/org/springframework/security/acls/domain/AuditLoggerTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/domain/AuditLoggerTests.java
@@ -46,52 +46,52 @@ public class AuditLoggerTests {
 
 	@Before
 	public void setUp() {
-		logger = new ConsoleAuditLogger();
-		ace = mock(AuditableAccessControlEntry.class);
-		console = System.out;
-		System.setOut(new PrintStream(bytes));
+		this.logger = new ConsoleAuditLogger();
+		this.ace = mock(AuditableAccessControlEntry.class);
+		this.console = System.out;
+		System.setOut(new PrintStream(this.bytes));
 	}
 
 	@After
 	public void tearDown() {
-		System.setOut(console);
-		bytes.reset();
+		System.setOut(this.console);
+		this.bytes.reset();
 	}
 
 	@Test
 	public void nonAuditableAceIsIgnored() {
 		AccessControlEntry ace = mock(AccessControlEntry.class);
-		logger.logIfNeeded(true, ace);
-		assertThat(bytes.size()).isZero();
+		this.logger.logIfNeeded(true, ace);
+		assertThat(this.bytes.size()).isZero();
 	}
 
 	@Test
 	public void successIsNotLoggedIfAceDoesntRequireSuccessAudit() {
-		when(ace.isAuditSuccess()).thenReturn(false);
-		logger.logIfNeeded(true, ace);
-		assertThat(bytes.size()).isZero();
+		when(this.ace.isAuditSuccess()).thenReturn(false);
+		this.logger.logIfNeeded(true, this.ace);
+		assertThat(this.bytes.size()).isZero();
 	}
 
 	@Test
 	public void successIsLoggedIfAceRequiresSuccessAudit() {
-		when(ace.isAuditSuccess()).thenReturn(true);
+		when(this.ace.isAuditSuccess()).thenReturn(true);
 
-		logger.logIfNeeded(true, ace);
-		assertThat(bytes.toString()).startsWith("GRANTED due to ACE");
+		this.logger.logIfNeeded(true, this.ace);
+		assertThat(this.bytes.toString()).startsWith("GRANTED due to ACE");
 	}
 
 	@Test
 	public void failureIsntLoggedIfAceDoesntRequireFailureAudit() {
-		when(ace.isAuditFailure()).thenReturn(false);
-		logger.logIfNeeded(false, ace);
-		assertThat(bytes.size()).isZero();
+		when(this.ace.isAuditFailure()).thenReturn(false);
+		this.logger.logIfNeeded(false, this.ace);
+		assertThat(this.bytes.size()).isZero();
 	}
 
 	@Test
 	public void failureIsLoggedIfAceRequiresFailureAudit() {
-		when(ace.isAuditFailure()).thenReturn(true);
-		logger.logIfNeeded(false, ace);
-		assertThat(bytes.toString()).startsWith("DENIED due to ACE");
+		when(this.ace.isAuditFailure()).thenReturn(true);
+		this.logger.logIfNeeded(false, this.ace);
+		assertThat(this.bytes.toString()).startsWith("DENIED due to ACE");
 	}
 
 }
diff --git a/acl/src/test/java/org/springframework/security/acls/domain/ObjectIdentityImplTests.java b/acl/src/test/java/org/springframework/security/acls/domain/ObjectIdentityImplTests.java
index 160f233fab..aa0c527ca4 100644
--- a/acl/src/test/java/org/springframework/security/acls/domain/ObjectIdentityImplTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/domain/ObjectIdentityImplTests.java
@@ -179,7 +179,7 @@ public class ObjectIdentityImplTests {
 		private Object id;
 
 		public Object getId() {
-			return id;
+			return this.id;
 		}
 
 		public void setId(Object id) {
@@ -193,7 +193,7 @@ public class ObjectIdentityImplTests {
 		private Object id;
 
 		public Object getId() {
-			return id;
+			return this.id;
 		}
 
 		public void setId(Object id) {
diff --git a/acl/src/test/java/org/springframework/security/acls/domain/ObjectIdentityRetrievalStrategyImplTests.java b/acl/src/test/java/org/springframework/security/acls/domain/ObjectIdentityRetrievalStrategyImplTests.java
index 30d894d2ed..4cf3431e7b 100644
--- a/acl/src/test/java/org/springframework/security/acls/domain/ObjectIdentityRetrievalStrategyImplTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/domain/ObjectIdentityRetrievalStrategyImplTests.java
@@ -47,7 +47,7 @@ public class ObjectIdentityRetrievalStrategyImplTests {
 		private Object id;
 
 		public Object getId() {
-			return id;
+			return this.id;
 		}
 
 		public void setId(Object id) {
diff --git a/acl/src/test/java/org/springframework/security/acls/domain/PermissionTests.java b/acl/src/test/java/org/springframework/security/acls/domain/PermissionTests.java
index 518b908be3..f81c64ff6d 100644
--- a/acl/src/test/java/org/springframework/security/acls/domain/PermissionTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/domain/PermissionTests.java
@@ -33,12 +33,12 @@ public class PermissionTests {
 
 	@Before
 	public void createPermissionfactory() {
-		permissionFactory = new DefaultPermissionFactory();
+		this.permissionFactory = new DefaultPermissionFactory();
 	}
 
 	@Test
 	public void basePermissionTest() {
-		Permission p = permissionFactory.buildFromName("WRITE");
+		Permission p = this.permissionFactory.buildFromName("WRITE");
 		assertThat(p).isNotNull();
 	}
 
@@ -54,13 +54,13 @@ public class PermissionTests {
 
 	@Test
 	public void fromInteger() {
-		Permission permission = permissionFactory.buildFromMask(7);
-		permission = permissionFactory.buildFromMask(4);
+		Permission permission = this.permissionFactory.buildFromMask(7);
+		permission = this.permissionFactory.buildFromMask(4);
 	}
 
 	@Test
 	public void stringConversion() {
-		permissionFactory.registerPublicPermissions(SpecialPermission.class);
+		this.permissionFactory.registerPublicPermissions(SpecialPermission.class);
 
 		assertThat(BasePermission.READ.toString()).isEqualTo("BasePermission[...............................R=1]");
 
diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/AbstractBasicLookupStrategyTests.java b/acl/src/test/java/org/springframework/security/acls/jdbc/AbstractBasicLookupStrategyTests.java
index 4aa9a8e0e4..d3a32c1996 100644
--- a/acl/src/test/java/org/springframework/security/acls/jdbc/AbstractBasicLookupStrategyTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/jdbc/AbstractBasicLookupStrategyTests.java
@@ -109,9 +109,9 @@ public abstract class AbstractBasicLookupStrategyTests {
 
 	@Before
 	public void initializeBeans() {
-		strategy = new BasicLookupStrategy(getDataSource(), aclCache(), aclAuthStrategy(),
+		this.strategy = new BasicLookupStrategy(getDataSource(), aclCache(), aclAuthStrategy(),
 				new DefaultPermissionGrantingStrategy(new ConsoleAuditLogger()));
-		strategy.setPermissionFactory(new DefaultPermissionFactory());
+		this.strategy.setPermissionFactory(new DefaultPermissionFactory());
 	}
 
 	protected AclAuthorizationStrategy aclAuthStrategy() {
@@ -159,7 +159,7 @@ public abstract class AbstractBasicLookupStrategyTests {
 		ObjectIdentity childOid = new ObjectIdentityImpl(TARGET_CLASS, 102L);
 
 		// Objects were put in cache
-		strategy.readAclsById(Arrays.asList(topParentOid, middleParentOid, childOid), null);
+		this.strategy.readAclsById(Arrays.asList(topParentOid, middleParentOid, childOid), null);
 
 		// Let's empty the database to force acls retrieval from cache
 		emptyDatabase();
@@ -299,8 +299,8 @@ public abstract class AbstractBasicLookupStrategyTests {
 		List<Sid> sids = Arrays.asList(BEN_SID);
 		List<ObjectIdentity> childOids = Arrays.asList(childOid);
 
-		strategy.setBatchSize(6);
-		Map<ObjectIdentity, Acl> foundAcls = strategy.readAclsById(childOids, sids);
+		this.strategy.setBatchSize(6);
+		Map<ObjectIdentity, Acl> foundAcls = this.strategy.readAclsById(childOids, sids);
 
 		Acl foundChildAcl = foundAcls.get(childOid);
 		assertThat(foundChildAcl).isNotNull();
@@ -313,7 +313,7 @@ public abstract class AbstractBasicLookupStrategyTests {
 		// cache
 		List<ObjectIdentity> allOids = Arrays.asList(grandParentOid, parent1Oid, parent2Oid, childOid);
 		try {
-			foundAcls = strategy.readAclsById(allOids, sids);
+			foundAcls = this.strategy.readAclsById(allOids, sids);
 
 		}
 		catch (NotFoundException notExpected) {
@@ -333,12 +333,12 @@ public abstract class AbstractBasicLookupStrategyTests {
 
 		ObjectIdentity oid = new ObjectIdentityImpl(TARGET_CLASS, 104L);
 
-		strategy.readAclsById(Arrays.asList(oid), Arrays.asList(BEN_SID));
+		this.strategy.readAclsById(Arrays.asList(oid), Arrays.asList(BEN_SID));
 	}
 
 	@Test
 	public void testCreatePrincipalSid() {
-		Sid result = strategy.createSid(true, "sid");
+		Sid result = this.strategy.createSid(true, "sid");
 
 		assertThat(result.getClass()).isEqualTo(PrincipalSid.class);
 		assertThat(((PrincipalSid) result).getPrincipal()).isEqualTo("sid");
@@ -346,7 +346,7 @@ public abstract class AbstractBasicLookupStrategyTests {
 
 	@Test
 	public void testCreateGrantedAuthority() {
-		Sid result = strategy.createSid(false, "sid");
+		Sid result = this.strategy.createSid(false, "sid");
 
 		assertThat(result.getClass()).isEqualTo(GrantedAuthoritySid.class);
 		assertThat(((GrantedAuthoritySid) result).getGrantedAuthority()).isEqualTo("sid");
diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/AclClassIdUtilsTests.java b/acl/src/test/java/org/springframework/security/acls/jdbc/AclClassIdUtilsTests.java
index 8cea9d0570..bf913fcab9 100644
--- a/acl/src/test/java/org/springframework/security/acls/jdbc/AclClassIdUtilsTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/jdbc/AclClassIdUtilsTests.java
@@ -56,13 +56,13 @@ public class AclClassIdUtilsTests {
 
 	@Before
 	public void setUp() {
-		aclClassIdUtils = new AclClassIdUtils();
+		this.aclClassIdUtils = new AclClassIdUtils();
 	}
 
 	@Test
 	public void shouldReturnLongIfIdentifierIsLong() throws SQLException {
 		// when
-		Serializable newIdentifier = aclClassIdUtils.identifierFrom(DEFAULT_IDENTIFIER, resultSet);
+		Serializable newIdentifier = this.aclClassIdUtils.identifierFrom(DEFAULT_IDENTIFIER, this.resultSet);
 
 		// then
 		assertThat(newIdentifier).isEqualTo(DEFAULT_IDENTIFIER);
@@ -71,7 +71,7 @@ public class AclClassIdUtilsTests {
 	@Test
 	public void shouldReturnLongIfIdentifierIsBigInteger() throws SQLException {
 		// when
-		Serializable newIdentifier = aclClassIdUtils.identifierFrom(BIGINT_IDENTIFIER, resultSet);
+		Serializable newIdentifier = this.aclClassIdUtils.identifierFrom(BIGINT_IDENTIFIER, this.resultSet);
 
 		// then
 		assertThat(newIdentifier).isEqualTo(DEFAULT_IDENTIFIER);
@@ -80,10 +80,10 @@ public class AclClassIdUtilsTests {
 	@Test
 	public void shouldReturnLongIfClassIdTypeIsNull() throws SQLException {
 		// given
-		given(resultSet.getString("class_id_type")).willReturn(null);
+		given(this.resultSet.getString("class_id_type")).willReturn(null);
 
 		// when
-		Serializable newIdentifier = aclClassIdUtils.identifierFrom(DEFAULT_IDENTIFIER_AS_STRING, resultSet);
+		Serializable newIdentifier = this.aclClassIdUtils.identifierFrom(DEFAULT_IDENTIFIER_AS_STRING, this.resultSet);
 
 		// then
 		assertThat(newIdentifier).isEqualTo(DEFAULT_IDENTIFIER);
@@ -92,10 +92,10 @@ public class AclClassIdUtilsTests {
 	@Test
 	public void shouldReturnLongIfNoClassIdTypeColumn() throws SQLException {
 		// given
-		given(resultSet.getString("class_id_type")).willThrow(SQLException.class);
+		given(this.resultSet.getString("class_id_type")).willThrow(SQLException.class);
 
 		// when
-		Serializable newIdentifier = aclClassIdUtils.identifierFrom(DEFAULT_IDENTIFIER_AS_STRING, resultSet);
+		Serializable newIdentifier = this.aclClassIdUtils.identifierFrom(DEFAULT_IDENTIFIER_AS_STRING, this.resultSet);
 
 		// then
 		assertThat(newIdentifier).isEqualTo(DEFAULT_IDENTIFIER);
@@ -104,10 +104,10 @@ public class AclClassIdUtilsTests {
 	@Test
 	public void shouldReturnLongIfTypeClassNotFound() throws SQLException {
 		// given
-		given(resultSet.getString("class_id_type")).willReturn("com.example.UnknownType");
+		given(this.resultSet.getString("class_id_type")).willReturn("com.example.UnknownType");
 
 		// when
-		Serializable newIdentifier = aclClassIdUtils.identifierFrom(DEFAULT_IDENTIFIER_AS_STRING, resultSet);
+		Serializable newIdentifier = this.aclClassIdUtils.identifierFrom(DEFAULT_IDENTIFIER_AS_STRING, this.resultSet);
 
 		// then
 		assertThat(newIdentifier).isEqualTo(DEFAULT_IDENTIFIER);
@@ -116,12 +116,12 @@ public class AclClassIdUtilsTests {
 	@Test
 	public void shouldReturnLongEvenIfCustomConversionServiceDoesNotSupportLongConversion() throws SQLException {
 		// given
-		given(resultSet.getString("class_id_type")).willReturn("java.lang.Long");
-		given(conversionService.canConvert(String.class, Long.class)).willReturn(false);
-		aclClassIdUtils.setConversionService(conversionService);
+		given(this.resultSet.getString("class_id_type")).willReturn("java.lang.Long");
+		given(this.conversionService.canConvert(String.class, Long.class)).willReturn(false);
+		this.aclClassIdUtils.setConversionService(this.conversionService);
 
 		// when
-		Serializable newIdentifier = aclClassIdUtils.identifierFrom(DEFAULT_IDENTIFIER_AS_STRING, resultSet);
+		Serializable newIdentifier = this.aclClassIdUtils.identifierFrom(DEFAULT_IDENTIFIER_AS_STRING, this.resultSet);
 
 		// then
 		assertThat(newIdentifier).isEqualTo(DEFAULT_IDENTIFIER);
@@ -130,10 +130,10 @@ public class AclClassIdUtilsTests {
 	@Test
 	public void shouldReturnLongWhenLongClassIdType() throws SQLException {
 		// given
-		given(resultSet.getString("class_id_type")).willReturn("java.lang.Long");
+		given(this.resultSet.getString("class_id_type")).willReturn("java.lang.Long");
 
 		// when
-		Serializable newIdentifier = aclClassIdUtils.identifierFrom(DEFAULT_IDENTIFIER_AS_STRING, resultSet);
+		Serializable newIdentifier = this.aclClassIdUtils.identifierFrom(DEFAULT_IDENTIFIER_AS_STRING, this.resultSet);
 
 		// then
 		assertThat(newIdentifier).isEqualTo(DEFAULT_IDENTIFIER);
@@ -143,10 +143,10 @@ public class AclClassIdUtilsTests {
 	public void shouldReturnUUIDWhenUUIDClassIdType() throws SQLException {
 		// given
 		UUID identifier = UUID.randomUUID();
-		given(resultSet.getString("class_id_type")).willReturn("java.util.UUID");
+		given(this.resultSet.getString("class_id_type")).willReturn("java.util.UUID");
 
 		// when
-		Serializable newIdentifier = aclClassIdUtils.identifierFrom(identifier.toString(), resultSet);
+		Serializable newIdentifier = this.aclClassIdUtils.identifierFrom(identifier.toString(), this.resultSet);
 
 		// then
 		assertThat(newIdentifier).isEqualTo(identifier);
@@ -156,10 +156,10 @@ public class AclClassIdUtilsTests {
 	public void shouldReturnStringWhenStringClassIdType() throws SQLException {
 		// given
 		String identifier = "MY_STRING_IDENTIFIER";
-		given(resultSet.getString("class_id_type")).willReturn("java.lang.String");
+		given(this.resultSet.getString("class_id_type")).willReturn("java.lang.String");
 
 		// when
-		Serializable newIdentifier = aclClassIdUtils.identifierFrom(identifier, resultSet);
+		Serializable newIdentifier = this.aclClassIdUtils.identifierFrom(identifier, this.resultSet);
 
 		// then
 		assertThat(newIdentifier).isEqualTo(identifier);
@@ -174,7 +174,7 @@ public class AclClassIdUtilsTests {
 	@Test(expected = IllegalArgumentException.class)
 	public void shouldNotAcceptNullConversionServiceInSetter() {
 		// when
-		aclClassIdUtils.setConversionService(null);
+		this.aclClassIdUtils.setConversionService(null);
 	}
 
 }
diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/BasicLookupStrategyTestsDbHelper.java b/acl/src/test/java/org/springframework/security/acls/jdbc/BasicLookupStrategyTestsDbHelper.java
index c181522900..b15647d16c 100644
--- a/acl/src/test/java/org/springframework/security/acls/jdbc/BasicLookupStrategyTestsDbHelper.java
+++ b/acl/src/test/java/org/springframework/security/acls/jdbc/BasicLookupStrategyTestsDbHelper.java
@@ -50,7 +50,7 @@ public class BasicLookupStrategyTestsDbHelper {
 		// Use a different connection url so the tests can run in parallel
 		String connectionUrl;
 		String sqlClassPathResource;
-		if (!withAclClassIdType) {
+		if (!this.withAclClassIdType) {
 			connectionUrl = "jdbc:hsqldb:mem:lookupstrategytest";
 			sqlClassPathResource = ACL_SCHEMA_SQL_FILE;
 		}
@@ -59,21 +59,21 @@ public class BasicLookupStrategyTestsDbHelper {
 			sqlClassPathResource = ACL_SCHEMA_SQL_FILE_WITH_ACL_CLASS_ID;
 
 		}
-		dataSource = new SingleConnectionDataSource(connectionUrl, "sa", "", true);
-		dataSource.setDriverClassName("org.hsqldb.jdbcDriver");
-		jdbcTemplate = new JdbcTemplate(dataSource);
+		this.dataSource = new SingleConnectionDataSource(connectionUrl, "sa", "", true);
+		this.dataSource.setDriverClassName("org.hsqldb.jdbcDriver");
+		this.jdbcTemplate = new JdbcTemplate(this.dataSource);
 
 		Resource resource = new ClassPathResource(sqlClassPathResource);
 		String sql = new String(FileCopyUtils.copyToByteArray(resource.getInputStream()));
-		jdbcTemplate.execute(sql);
+		this.jdbcTemplate.execute(sql);
 	}
 
 	public JdbcTemplate getJdbcTemplate() {
-		return jdbcTemplate;
+		return this.jdbcTemplate;
 	}
 
 	public SingleConnectionDataSource getDataSource() {
-		return dataSource;
+		return this.dataSource;
 	}
 
 }
diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/BasicLookupStrategyWithAclClassTypeTests.java b/acl/src/test/java/org/springframework/security/acls/jdbc/BasicLookupStrategyWithAclClassTypeTests.java
index f540a9e9ab..f4d80a3e72 100644
--- a/acl/src/test/java/org/springframework/security/acls/jdbc/BasicLookupStrategyWithAclClassTypeTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/jdbc/BasicLookupStrategyWithAclClassTypeTests.java
@@ -70,11 +70,11 @@ public class BasicLookupStrategyWithAclClassTypeTests extends AbstractBasicLooku
 	@Before
 	public void initializeBeans() {
 		super.initializeBeans();
-		uuidEnabledStrategy = new BasicLookupStrategy(getDataSource(), aclCache(), aclAuthStrategy(),
+		this.uuidEnabledStrategy = new BasicLookupStrategy(getDataSource(), aclCache(), aclAuthStrategy(),
 				new DefaultPermissionGrantingStrategy(new ConsoleAuditLogger()));
-		uuidEnabledStrategy.setPermissionFactory(new DefaultPermissionFactory());
-		uuidEnabledStrategy.setAclClassIdSupported(true);
-		uuidEnabledStrategy.setConversionService(new DefaultConversionService());
+		this.uuidEnabledStrategy.setPermissionFactory(new DefaultPermissionFactory());
+		this.uuidEnabledStrategy.setAclClassIdSupported(true);
+		this.uuidEnabledStrategy.setConversionService(new DefaultConversionService());
 	}
 
 	@Before
@@ -93,7 +93,7 @@ public class BasicLookupStrategyWithAclClassTypeTests extends AbstractBasicLooku
 	@Test
 	public void testReadObjectIdentityUsingUuidType() {
 		ObjectIdentity oid = new ObjectIdentityImpl(TARGET_CLASS_WITH_UUID, OBJECT_IDENTITY_UUID);
-		Map<ObjectIdentity, Acl> foundAcls = uuidEnabledStrategy.readAclsById(Arrays.asList(oid),
+		Map<ObjectIdentity, Acl> foundAcls = this.uuidEnabledStrategy.readAclsById(Arrays.asList(oid),
 				Arrays.asList(BEN_SID));
 		Assert.assertEquals(1, foundAcls.size());
 		Assert.assertNotNull(foundAcls.get(oid));
@@ -102,7 +102,7 @@ public class BasicLookupStrategyWithAclClassTypeTests extends AbstractBasicLooku
 	@Test
 	public void testReadObjectIdentityUsingLongTypeWithConversionServiceEnabled() {
 		ObjectIdentity oid = new ObjectIdentityImpl(TARGET_CLASS, 100L);
-		Map<ObjectIdentity, Acl> foundAcls = uuidEnabledStrategy.readAclsById(Arrays.asList(oid),
+		Map<ObjectIdentity, Acl> foundAcls = this.uuidEnabledStrategy.readAclsById(Arrays.asList(oid),
 				Arrays.asList(BEN_SID));
 		Assert.assertEquals(1, foundAcls.size());
 		Assert.assertNotNull(foundAcls.get(oid));
@@ -111,7 +111,7 @@ public class BasicLookupStrategyWithAclClassTypeTests extends AbstractBasicLooku
 	@Test(expected = ConversionFailedException.class)
 	public void testReadObjectIdentityUsingNonUuidInDatabase() {
 		ObjectIdentity oid = new ObjectIdentityImpl(TARGET_CLASS_WITH_UUID, OBJECT_IDENTITY_LONG_AS_UUID);
-		uuidEnabledStrategy.readAclsById(Arrays.asList(oid), Arrays.asList(BEN_SID));
+		this.uuidEnabledStrategy.readAclsById(Arrays.asList(oid), Arrays.asList(BEN_SID));
 	}
 
 }
diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/EhCacheBasedAclCacheTests.java b/acl/src/test/java/org/springframework/security/acls/jdbc/EhCacheBasedAclCacheTests.java
index 008345bf25..d8a48ccf8b 100644
--- a/acl/src/test/java/org/springframework/security/acls/jdbc/EhCacheBasedAclCacheTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/jdbc/EhCacheBasedAclCacheTests.java
@@ -78,7 +78,8 @@ public class EhCacheBasedAclCacheTests {
 
 	@Before
 	public void setup() {
-		myCache = new EhCacheBasedAclCache(cache, new DefaultPermissionGrantingStrategy(new ConsoleAuditLogger()),
+		this.myCache = new EhCacheBasedAclCache(this.cache,
+				new DefaultPermissionGrantingStrategy(new ConsoleAuditLogger()),
 				new AclAuthorizationStrategyImpl(new SimpleGrantedAuthority("ROLE_USER")));
 
 		ObjectIdentity identity = new ObjectIdentityImpl(TARGET_CLASS, 100L);
@@ -86,7 +87,7 @@ public class EhCacheBasedAclCacheTests {
 				new SimpleGrantedAuthority("ROLE_OWNERSHIP"), new SimpleGrantedAuthority("ROLE_AUDITING"),
 				new SimpleGrantedAuthority("ROLE_GENERAL"));
 
-		acl = new AclImpl(identity, 1L, aclAuthorizationStrategy, new ConsoleAuditLogger());
+		this.acl = new AclImpl(identity, 1L, aclAuthorizationStrategy, new ConsoleAuditLogger());
 	}
 
 	@After
@@ -104,7 +105,7 @@ public class EhCacheBasedAclCacheTests {
 	public void methodsRejectNullParameters() {
 		try {
 			Serializable id = null;
-			myCache.evictFromCache(id);
+			this.myCache.evictFromCache(id);
 			fail("It should have thrown IllegalArgumentException");
 		}
 		catch (IllegalArgumentException expected) {
@@ -112,7 +113,7 @@ public class EhCacheBasedAclCacheTests {
 
 		try {
 			ObjectIdentity obj = null;
-			myCache.evictFromCache(obj);
+			this.myCache.evictFromCache(obj);
 			fail("It should have thrown IllegalArgumentException");
 		}
 		catch (IllegalArgumentException expected) {
@@ -120,7 +121,7 @@ public class EhCacheBasedAclCacheTests {
 
 		try {
 			Serializable id = null;
-			myCache.getFromCache(id);
+			this.myCache.getFromCache(id);
 			fail("It should have thrown IllegalArgumentException");
 		}
 		catch (IllegalArgumentException expected) {
@@ -128,7 +129,7 @@ public class EhCacheBasedAclCacheTests {
 
 		try {
 			ObjectIdentity obj = null;
-			myCache.getFromCache(obj);
+			this.myCache.getFromCache(obj);
 			fail("It should have thrown IllegalArgumentException");
 		}
 		catch (IllegalArgumentException expected) {
@@ -136,7 +137,7 @@ public class EhCacheBasedAclCacheTests {
 
 		try {
 			MutableAcl acl = null;
-			myCache.putInCache(acl);
+			this.myCache.putInCache(acl);
 			fail("It should have thrown IllegalArgumentException");
 		}
 		catch (IllegalArgumentException expected) {
@@ -150,7 +151,7 @@ public class EhCacheBasedAclCacheTests {
 		File file = File.createTempFile("SEC_TEST", ".object");
 		FileOutputStream fos = new FileOutputStream(file);
 		ObjectOutputStream oos = new ObjectOutputStream(fos);
-		oos.writeObject(acl);
+		oos.writeObject(this.acl);
 		oos.close();
 
 		FileInputStream fis = new FileInputStream(file);
@@ -158,7 +159,7 @@ public class EhCacheBasedAclCacheTests {
 		MutableAcl retrieved = (MutableAcl) ois.readObject();
 		ois.close();
 
-		assertThat(retrieved).isEqualTo(acl);
+		assertThat(retrieved).isEqualTo(this.acl);
 
 		Object retrieved1 = FieldUtils.getProtectedFieldValue("aclAuthorizationStrategy", retrieved);
 		assertThat(retrieved1).isNull();
@@ -169,20 +170,20 @@ public class EhCacheBasedAclCacheTests {
 
 	@Test
 	public void clearCache() {
-		myCache.clearCache();
+		this.myCache.clearCache();
 
-		verify(cache).removeAll();
+		verify(this.cache).removeAll();
 	}
 
 	@Test
 	public void putInCache() {
-		myCache.putInCache(acl);
+		this.myCache.putInCache(this.acl);
 
-		verify(cache, times(2)).put(element.capture());
-		assertThat(element.getValue().getKey()).isEqualTo(acl.getId());
-		assertThat(element.getValue().getObjectValue()).isEqualTo(acl);
-		assertThat(element.getAllValues().get(0).getKey()).isEqualTo(acl.getObjectIdentity());
-		assertThat(element.getAllValues().get(0).getObjectValue()).isEqualTo(acl);
+		verify(this.cache, times(2)).put(this.element.capture());
+		assertThat(this.element.getValue().getKey()).isEqualTo(this.acl.getId());
+		assertThat(this.element.getValue().getObjectValue()).isEqualTo(this.acl);
+		assertThat(this.element.getAllValues().get(0).getKey()).isEqualTo(this.acl.getObjectIdentity());
+		assertThat(this.element.getAllValues().get(0).getObjectValue()).isEqualTo(this.acl);
 	}
 
 	@Test
@@ -196,13 +197,13 @@ public class EhCacheBasedAclCacheTests {
 				new SimpleGrantedAuthority("ROLE_OWNERSHIP"), new SimpleGrantedAuthority("ROLE_AUDITING"),
 				new SimpleGrantedAuthority("ROLE_GENERAL"));
 		MutableAcl parentAcl = new AclImpl(identityParent, 2L, aclAuthorizationStrategy, new ConsoleAuditLogger());
-		acl.setParent(parentAcl);
+		this.acl.setParent(parentAcl);
 
-		myCache.putInCache(acl);
+		this.myCache.putInCache(this.acl);
 
-		verify(cache, times(4)).put(element.capture());
+		verify(this.cache, times(4)).put(this.element.capture());
 
-		List<Element> allValues = element.getAllValues();
+		List<Element> allValues = this.element.getAllValues();
 
 		assertThat(allValues.get(0).getKey()).isEqualTo(parentAcl.getObjectIdentity());
 		assertThat(allValues.get(0).getObjectValue()).isEqualTo(parentAcl);
@@ -210,30 +211,30 @@ public class EhCacheBasedAclCacheTests {
 		assertThat(allValues.get(1).getKey()).isEqualTo(parentAcl.getId());
 		assertThat(allValues.get(1).getObjectValue()).isEqualTo(parentAcl);
 
-		assertThat(allValues.get(2).getKey()).isEqualTo(acl.getObjectIdentity());
-		assertThat(allValues.get(2).getObjectValue()).isEqualTo(acl);
+		assertThat(allValues.get(2).getKey()).isEqualTo(this.acl.getObjectIdentity());
+		assertThat(allValues.get(2).getObjectValue()).isEqualTo(this.acl);
 
-		assertThat(allValues.get(3).getKey()).isEqualTo(acl.getId());
-		assertThat(allValues.get(3).getObjectValue()).isEqualTo(acl);
+		assertThat(allValues.get(3).getKey()).isEqualTo(this.acl.getId());
+		assertThat(allValues.get(3).getObjectValue()).isEqualTo(this.acl);
 	}
 
 	@Test
 	public void getFromCacheSerializable() {
-		when(cache.get(acl.getId())).thenReturn(new Element(acl.getId(), acl));
+		when(this.cache.get(this.acl.getId())).thenReturn(new Element(this.acl.getId(), this.acl));
 
-		assertThat(myCache.getFromCache(acl.getId())).isEqualTo(acl);
+		assertThat(this.myCache.getFromCache(this.acl.getId())).isEqualTo(this.acl);
 	}
 
 	@Test
 	public void getFromCacheSerializablePopulatesTransient() {
-		when(cache.get(acl.getId())).thenReturn(new Element(acl.getId(), acl));
+		when(this.cache.get(this.acl.getId())).thenReturn(new Element(this.acl.getId(), this.acl));
 
-		myCache.putInCache(acl);
+		this.myCache.putInCache(this.acl);
 
-		ReflectionTestUtils.setField(acl, "permissionGrantingStrategy", null);
-		ReflectionTestUtils.setField(acl, "aclAuthorizationStrategy", null);
+		ReflectionTestUtils.setField(this.acl, "permissionGrantingStrategy", null);
+		ReflectionTestUtils.setField(this.acl, "aclAuthorizationStrategy", null);
 
-		MutableAcl fromCache = myCache.getFromCache(acl.getId());
+		MutableAcl fromCache = this.myCache.getFromCache(this.acl.getId());
 
 		assertThat(ReflectionTestUtils.getField(fromCache, "aclAuthorizationStrategy")).isNotNull();
 		assertThat(ReflectionTestUtils.getField(fromCache, "permissionGrantingStrategy")).isNotNull();
@@ -241,21 +242,21 @@ public class EhCacheBasedAclCacheTests {
 
 	@Test
 	public void getFromCacheObjectIdentity() {
-		when(cache.get(acl.getId())).thenReturn(new Element(acl.getId(), acl));
+		when(this.cache.get(this.acl.getId())).thenReturn(new Element(this.acl.getId(), this.acl));
 
-		assertThat(myCache.getFromCache(acl.getId())).isEqualTo(acl);
+		assertThat(this.myCache.getFromCache(this.acl.getId())).isEqualTo(this.acl);
 	}
 
 	@Test
 	public void getFromCacheObjectIdentityPopulatesTransient() {
-		when(cache.get(acl.getObjectIdentity())).thenReturn(new Element(acl.getId(), acl));
+		when(this.cache.get(this.acl.getObjectIdentity())).thenReturn(new Element(this.acl.getId(), this.acl));
 
-		myCache.putInCache(acl);
+		this.myCache.putInCache(this.acl);
 
-		ReflectionTestUtils.setField(acl, "permissionGrantingStrategy", null);
-		ReflectionTestUtils.setField(acl, "aclAuthorizationStrategy", null);
+		ReflectionTestUtils.setField(this.acl, "permissionGrantingStrategy", null);
+		ReflectionTestUtils.setField(this.acl, "aclAuthorizationStrategy", null);
 
-		MutableAcl fromCache = myCache.getFromCache(acl.getObjectIdentity());
+		MutableAcl fromCache = this.myCache.getFromCache(this.acl.getObjectIdentity());
 
 		assertThat(ReflectionTestUtils.getField(fromCache, "aclAuthorizationStrategy")).isNotNull();
 		assertThat(ReflectionTestUtils.getField(fromCache, "permissionGrantingStrategy")).isNotNull();
@@ -263,22 +264,22 @@ public class EhCacheBasedAclCacheTests {
 
 	@Test
 	public void evictCacheSerializable() {
-		when(cache.get(acl.getObjectIdentity())).thenReturn(new Element(acl.getId(), acl));
+		when(this.cache.get(this.acl.getObjectIdentity())).thenReturn(new Element(this.acl.getId(), this.acl));
 
-		myCache.evictFromCache(acl.getObjectIdentity());
+		this.myCache.evictFromCache(this.acl.getObjectIdentity());
 
-		verify(cache).remove(acl.getId());
-		verify(cache).remove(acl.getObjectIdentity());
+		verify(this.cache).remove(this.acl.getId());
+		verify(this.cache).remove(this.acl.getObjectIdentity());
 	}
 
 	@Test
 	public void evictCacheObjectIdentity() {
-		when(cache.get(acl.getId())).thenReturn(new Element(acl.getId(), acl));
+		when(this.cache.get(this.acl.getId())).thenReturn(new Element(this.acl.getId(), this.acl));
 
-		myCache.evictFromCache(acl.getId());
+		this.myCache.evictFromCache(this.acl.getId());
 
-		verify(cache).remove(acl.getId());
-		verify(cache).remove(acl.getObjectIdentity());
+		verify(this.cache).remove(this.acl.getId());
+		verify(this.cache).remove(this.acl.getObjectIdentity());
 	}
 
 }
diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcAclServiceTests.java b/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcAclServiceTests.java
index 3176a54592..a6e7ac36ce 100644
--- a/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcAclServiceTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcAclServiceTests.java
@@ -74,30 +74,30 @@ public class JdbcAclServiceTests {
 
 	@Before
 	public void setUp() {
-		aclService = new JdbcAclService(jdbcOperations, lookupStrategy);
-		aclServiceIntegration = new JdbcAclService(embeddedDatabase, lookupStrategy);
+		this.aclService = new JdbcAclService(this.jdbcOperations, this.lookupStrategy);
+		this.aclServiceIntegration = new JdbcAclService(this.embeddedDatabase, this.lookupStrategy);
 	}
 
 	@Before
 	public void setUpEmbeddedDatabase() {
-		embeddedDatabase = new EmbeddedDatabaseBuilder()//
+		this.embeddedDatabase = new EmbeddedDatabaseBuilder()//
 				.addScript("createAclSchemaWithAclClassIdType.sql").addScript("db/sql/test_data_hierarchy.sql").build();
 	}
 
 	@After
 	public void tearDownEmbeddedDatabase() {
-		embeddedDatabase.shutdown();
+		this.embeddedDatabase.shutdown();
 	}
 
 	// SEC-1898
 	@Test(expected = NotFoundException.class)
 	public void readAclByIdMissingAcl() {
 		Map<ObjectIdentity, Acl> result = new HashMap<>();
-		when(lookupStrategy.readAclsById(anyList(), anyList())).thenReturn(result);
+		when(this.lookupStrategy.readAclsById(anyList(), anyList())).thenReturn(result);
 		ObjectIdentity objectIdentity = new ObjectIdentityImpl(Object.class, 1);
 		List<Sid> sids = Arrays.<Sid>asList(new PrincipalSid("user"));
 
-		aclService.readAclById(objectIdentity, sids);
+		this.aclService.readAclById(objectIdentity, sids);
 	}
 
 	@Test
@@ -105,10 +105,10 @@ public class JdbcAclServiceTests {
 		List<ObjectIdentity> result = new ArrayList<>();
 		result.add(new ObjectIdentityImpl(Object.class, "5577"));
 		Object[] args = { "1", "org.springframework.security.acls.jdbc.JdbcAclServiceTests$MockLongIdDomainObject" };
-		when(jdbcOperations.query(anyString(), aryEq(args), any(RowMapper.class))).thenReturn(result);
+		when(this.jdbcOperations.query(anyString(), aryEq(args), any(RowMapper.class))).thenReturn(result);
 		ObjectIdentity objectIdentity = new ObjectIdentityImpl(MockLongIdDomainObject.class, 1L);
 
-		List<ObjectIdentity> objectIdentities = aclService.findChildren(objectIdentity);
+		List<ObjectIdentity> objectIdentities = this.aclService.findChildren(objectIdentity);
 		assertThat(objectIdentities.size()).isEqualTo(1);
 		assertThat(objectIdentities.get(0).getIdentifier()).isEqualTo("5577");
 	}
@@ -117,7 +117,7 @@ public class JdbcAclServiceTests {
 	public void findNoChildren() {
 		ObjectIdentity objectIdentity = new ObjectIdentityImpl(MockLongIdDomainObject.class, 1L);
 
-		List<ObjectIdentity> objectIdentities = aclService.findChildren(objectIdentity);
+		List<ObjectIdentity> objectIdentities = this.aclService.findChildren(objectIdentity);
 		assertThat(objectIdentities).isNull();
 	}
 
@@ -125,7 +125,7 @@ public class JdbcAclServiceTests {
 	public void findChildrenWithoutIdType() {
 		ObjectIdentity objectIdentity = new ObjectIdentityImpl(MockLongIdDomainObject.class, 4711L);
 
-		List<ObjectIdentity> objectIdentities = aclServiceIntegration.findChildren(objectIdentity);
+		List<ObjectIdentity> objectIdentities = this.aclServiceIntegration.findChildren(objectIdentity);
 		assertThat(objectIdentities.size()).isEqualTo(1);
 		assertThat(objectIdentities.get(0).getType()).isEqualTo(MockUntypedIdDomainObject.class.getName());
 		assertThat(objectIdentities.get(0).getIdentifier()).isEqualTo(5000L);
@@ -135,7 +135,7 @@ public class JdbcAclServiceTests {
 	public void findChildrenForUnknownObject() {
 		ObjectIdentity objectIdentity = new ObjectIdentityImpl(Object.class, 33);
 
-		List<ObjectIdentity> objectIdentities = aclServiceIntegration.findChildren(objectIdentity);
+		List<ObjectIdentity> objectIdentities = this.aclServiceIntegration.findChildren(objectIdentity);
 		assertThat(objectIdentities).isNull();
 	}
 
@@ -143,7 +143,7 @@ public class JdbcAclServiceTests {
 	public void findChildrenOfIdTypeLong() {
 		ObjectIdentity objectIdentity = new ObjectIdentityImpl("location", "US-PAL");
 
-		List<ObjectIdentity> objectIdentities = aclServiceIntegration.findChildren(objectIdentity);
+		List<ObjectIdentity> objectIdentities = this.aclServiceIntegration.findChildren(objectIdentity);
 		assertThat(objectIdentities.size()).isEqualTo(2);
 		assertThat(objectIdentities.get(0).getType()).isEqualTo(MockLongIdDomainObject.class.getName());
 		assertThat(objectIdentities.get(0).getIdentifier()).isEqualTo(4711L);
@@ -155,8 +155,8 @@ public class JdbcAclServiceTests {
 	public void findChildrenOfIdTypeString() {
 		ObjectIdentity objectIdentity = new ObjectIdentityImpl("location", "US");
 
-		aclServiceIntegration.setAclClassIdSupported(true);
-		List<ObjectIdentity> objectIdentities = aclServiceIntegration.findChildren(objectIdentity);
+		this.aclServiceIntegration.setAclClassIdSupported(true);
+		List<ObjectIdentity> objectIdentities = this.aclServiceIntegration.findChildren(objectIdentity);
 		assertThat(objectIdentities.size()).isEqualTo(1);
 		assertThat(objectIdentities.get(0).getType()).isEqualTo("location");
 		assertThat(objectIdentities.get(0).getIdentifier()).isEqualTo("US-PAL");
@@ -166,8 +166,8 @@ public class JdbcAclServiceTests {
 	public void findChildrenOfIdTypeUUID() {
 		ObjectIdentity objectIdentity = new ObjectIdentityImpl(MockUntypedIdDomainObject.class, 5000L);
 
-		aclServiceIntegration.setAclClassIdSupported(true);
-		List<ObjectIdentity> objectIdentities = aclServiceIntegration.findChildren(objectIdentity);
+		this.aclServiceIntegration.setAclClassIdSupported(true);
+		List<ObjectIdentity> objectIdentities = this.aclServiceIntegration.findChildren(objectIdentity);
 		assertThat(objectIdentities.size()).isEqualTo(1);
 		assertThat(objectIdentities.get(0).getType()).isEqualTo("costcenter");
 		assertThat(objectIdentities.get(0).getIdentifier())
@@ -179,7 +179,7 @@ public class JdbcAclServiceTests {
 		private Object id;
 
 		public Object getId() {
-			return id;
+			return this.id;
 		}
 
 		public void setId(Object id) {
@@ -193,7 +193,7 @@ public class JdbcAclServiceTests {
 		private Object id;
 
 		public Object getId() {
-			return id;
+			return this.id;
 		}
 
 		public void setId(Object id) {
diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTests.java b/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTests.java
index bab5a11958..b4eb501350 100644
--- a/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTests.java
@@ -99,15 +99,15 @@ public class JdbcMutableAclServiceTests extends AbstractTransactionalJUnit4Sprin
 	}
 
 	protected ObjectIdentity getTopParentOid() {
-		return topParentOid;
+		return this.topParentOid;
 	}
 
 	protected ObjectIdentity getMiddleParentOid() {
-		return middleParentOid;
+		return this.middleParentOid;
 	}
 
 	protected ObjectIdentity getChildOid() {
-		return childOid;
+		return this.childOid;
 	}
 
 	protected String getTargetClass() {
@@ -117,7 +117,7 @@ public class JdbcMutableAclServiceTests extends AbstractTransactionalJUnit4Sprin
 	@BeforeTransaction
 	public void createTables() throws Exception {
 		try {
-			new DatabaseSeeder(dataSource, new ClassPathResource(getSqlClassPathResource()));
+			new DatabaseSeeder(this.dataSource, new ClassPathResource(getSqlClassPathResource()));
 			// new DatabaseSeeder(dataSource, new
 			// ClassPathResource("createAclSchemaPostgres.sql"));
 		}
@@ -130,39 +130,39 @@ public class JdbcMutableAclServiceTests extends AbstractTransactionalJUnit4Sprin
 	@AfterTransaction
 	public void clearContextAndData() {
 		SecurityContextHolder.clearContext();
-		jdbcTemplate.execute("drop table acl_entry");
-		jdbcTemplate.execute("drop table acl_object_identity");
-		jdbcTemplate.execute("drop table acl_class");
-		jdbcTemplate.execute("drop table acl_sid");
-		aclCache.clearCache();
+		this.jdbcTemplate.execute("drop table acl_entry");
+		this.jdbcTemplate.execute("drop table acl_object_identity");
+		this.jdbcTemplate.execute("drop table acl_class");
+		this.jdbcTemplate.execute("drop table acl_sid");
+		this.aclCache.clearCache();
 	}
 
 	@Test
 	@Transactional
 	public void testLifecycle() {
-		SecurityContextHolder.getContext().setAuthentication(auth);
+		SecurityContextHolder.getContext().setAuthentication(this.auth);
 
-		MutableAcl topParent = jdbcMutableAclService.createAcl(getTopParentOid());
-		MutableAcl middleParent = jdbcMutableAclService.createAcl(getMiddleParentOid());
-		MutableAcl child = jdbcMutableAclService.createAcl(getChildOid());
+		MutableAcl topParent = this.jdbcMutableAclService.createAcl(getTopParentOid());
+		MutableAcl middleParent = this.jdbcMutableAclService.createAcl(getMiddleParentOid());
+		MutableAcl child = this.jdbcMutableAclService.createAcl(getChildOid());
 
 		// Specify the inheritance hierarchy
 		middleParent.setParent(topParent);
 		child.setParent(middleParent);
 
 		// Now let's add a couple of permissions
-		topParent.insertAce(0, BasePermission.READ, new PrincipalSid(auth), true);
-		topParent.insertAce(1, BasePermission.WRITE, new PrincipalSid(auth), false);
-		middleParent.insertAce(0, BasePermission.DELETE, new PrincipalSid(auth), true);
-		child.insertAce(0, BasePermission.DELETE, new PrincipalSid(auth), false);
+		topParent.insertAce(0, BasePermission.READ, new PrincipalSid(this.auth), true);
+		topParent.insertAce(1, BasePermission.WRITE, new PrincipalSid(this.auth), false);
+		middleParent.insertAce(0, BasePermission.DELETE, new PrincipalSid(this.auth), true);
+		child.insertAce(0, BasePermission.DELETE, new PrincipalSid(this.auth), false);
 
 		// Explicitly save the changed ACL
-		jdbcMutableAclService.updateAcl(topParent);
-		jdbcMutableAclService.updateAcl(middleParent);
-		jdbcMutableAclService.updateAcl(child);
+		this.jdbcMutableAclService.updateAcl(topParent);
+		this.jdbcMutableAclService.updateAcl(middleParent);
+		this.jdbcMutableAclService.updateAcl(child);
 
 		// Let's check if we can read them back correctly
-		Map<ObjectIdentity, Acl> map = jdbcMutableAclService
+		Map<ObjectIdentity, Acl> map = this.jdbcMutableAclService
 				.readAclsById(Arrays.asList(getTopParentOid(), getMiddleParentOid(), getChildOid()));
 		assertThat(map).hasSize(3);
 
@@ -190,7 +190,7 @@ public class JdbcMutableAclServiceTests extends AbstractTransactionalJUnit4Sprin
 		List<Permission> read = Arrays.asList(BasePermission.READ);
 		List<Permission> write = Arrays.asList(BasePermission.WRITE);
 		List<Permission> delete = Arrays.asList(BasePermission.DELETE);
-		List<Sid> pSid = Arrays.asList((Sid) new PrincipalSid(auth));
+		List<Sid> pSid = Arrays.asList((Sid) new PrincipalSid(this.auth));
 
 		assertThat(topParent.isGranted(read, pSid, false)).isTrue();
 		assertThat(topParent.isGranted(write, pSid, false)).isFalse();
@@ -212,8 +212,8 @@ public class JdbcMutableAclServiceTests extends AbstractTransactionalJUnit4Sprin
 
 		// Next change the child so it doesn't inherit permissions from above
 		child.setEntriesInheriting(false);
-		jdbcMutableAclService.updateAcl(child);
-		child = (MutableAcl) jdbcMutableAclService.readAclById(getChildOid());
+		this.jdbcMutableAclService.updateAcl(child);
+		child = (MutableAcl) this.jdbcMutableAclService.readAclById(getChildOid());
 		assertThat(child.isEntriesInheriting()).isFalse();
 
 		// Check the child permissions no longer inherit
@@ -237,14 +237,14 @@ public class JdbcMutableAclServiceTests extends AbstractTransactionalJUnit4Sprin
 
 		// Let's add an identical permission to the child, but it'll appear AFTER the
 		// current permission, so has no impact
-		child.insertAce(1, BasePermission.DELETE, new PrincipalSid(auth), true);
+		child.insertAce(1, BasePermission.DELETE, new PrincipalSid(this.auth), true);
 
 		// Let's also add another permission to the child
-		child.insertAce(2, BasePermission.CREATE, new PrincipalSid(auth), true);
+		child.insertAce(2, BasePermission.CREATE, new PrincipalSid(this.auth), true);
 
 		// Save the changed child
-		jdbcMutableAclService.updateAcl(child);
-		child = (MutableAcl) jdbcMutableAclService.readAclById(getChildOid());
+		this.jdbcMutableAclService.updateAcl(child);
+		child = (MutableAcl) this.jdbcMutableAclService.readAclById(getChildOid());
 		assertThat(child.getEntries()).hasSize(3);
 
 		// Output permissions
@@ -262,7 +262,7 @@ public class JdbcMutableAclServiceTests extends AbstractTransactionalJUnit4Sprin
 		// non-granting
 		AccessControlEntry entry = child.getEntries().get(0);
 		assertThat(entry.getPermission().getMask()).isEqualTo(BasePermission.DELETE.getMask());
-		assertThat(entry.getSid()).isEqualTo(new PrincipalSid(auth));
+		assertThat(entry.getSid()).isEqualTo(new PrincipalSid(this.auth));
 		assertThat(entry.isGranting()).isFalse();
 		assertThat(entry.getId()).isNotNull();
 
@@ -270,7 +270,7 @@ public class JdbcMutableAclServiceTests extends AbstractTransactionalJUnit4Sprin
 		child.deleteAce(0);
 
 		// Save and check it worked
-		child = jdbcMutableAclService.updateAcl(child);
+		child = this.jdbcMutableAclService.updateAcl(child);
 		assertThat(child.getEntries()).hasSize(2);
 		assertThat(child.isGranted(delete, pSid, false)).isTrue();
 
@@ -283,38 +283,38 @@ public class JdbcMutableAclServiceTests extends AbstractTransactionalJUnit4Sprin
 	@Test
 	@Transactional
 	public void deleteAclAlsoDeletesChildren() {
-		SecurityContextHolder.getContext().setAuthentication(auth);
+		SecurityContextHolder.getContext().setAuthentication(this.auth);
 
-		jdbcMutableAclService.createAcl(getTopParentOid());
-		MutableAcl middleParent = jdbcMutableAclService.createAcl(getMiddleParentOid());
-		MutableAcl child = jdbcMutableAclService.createAcl(getChildOid());
+		this.jdbcMutableAclService.createAcl(getTopParentOid());
+		MutableAcl middleParent = this.jdbcMutableAclService.createAcl(getMiddleParentOid());
+		MutableAcl child = this.jdbcMutableAclService.createAcl(getChildOid());
 		child.setParent(middleParent);
-		jdbcMutableAclService.updateAcl(middleParent);
-		jdbcMutableAclService.updateAcl(child);
+		this.jdbcMutableAclService.updateAcl(middleParent);
+		this.jdbcMutableAclService.updateAcl(child);
 		// Check the childOid really is a child of middleParentOid
-		Acl childAcl = jdbcMutableAclService.readAclById(getChildOid());
+		Acl childAcl = this.jdbcMutableAclService.readAclById(getChildOid());
 
 		assertThat(childAcl.getParentAcl().getObjectIdentity()).isEqualTo(getMiddleParentOid());
 
 		// Delete the mid-parent and test if the child was deleted, as well
-		jdbcMutableAclService.deleteAcl(getMiddleParentOid(), true);
+		this.jdbcMutableAclService.deleteAcl(getMiddleParentOid(), true);
 
 		try {
-			jdbcMutableAclService.readAclById(getMiddleParentOid());
+			this.jdbcMutableAclService.readAclById(getMiddleParentOid());
 			fail("It should have thrown NotFoundException");
 		}
 		catch (NotFoundException expected) {
 
 		}
 		try {
-			jdbcMutableAclService.readAclById(getChildOid());
+			this.jdbcMutableAclService.readAclById(getChildOid());
 			fail("It should have thrown NotFoundException");
 		}
 		catch (NotFoundException expected) {
 
 		}
 
-		Acl acl = jdbcMutableAclService.readAclById(getTopParentOid());
+		Acl acl = this.jdbcMutableAclService.readAclById(getTopParentOid());
 		assertThat(acl).isNotNull();
 		assertThat(getTopParentOid()).isEqualTo(acl.getObjectIdentity());
 	}
@@ -322,21 +322,21 @@ public class JdbcMutableAclServiceTests extends AbstractTransactionalJUnit4Sprin
 	@Test
 	public void constructorRejectsNullParameters() {
 		try {
-			new JdbcMutableAclService(null, lookupStrategy, aclCache);
+			new JdbcMutableAclService(null, this.lookupStrategy, this.aclCache);
 			fail("It should have thrown IllegalArgumentException");
 		}
 		catch (IllegalArgumentException expected) {
 		}
 
 		try {
-			new JdbcMutableAclService(dataSource, null, aclCache);
+			new JdbcMutableAclService(this.dataSource, null, this.aclCache);
 			fail("It should have thrown IllegalArgumentException");
 		}
 		catch (IllegalArgumentException expected) {
 		}
 
 		try {
-			new JdbcMutableAclService(dataSource, lookupStrategy, null);
+			new JdbcMutableAclService(this.dataSource, this.lookupStrategy, null);
 			fail("It should have thrown IllegalArgumentException");
 		}
 		catch (IllegalArgumentException expected) {
@@ -346,7 +346,7 @@ public class JdbcMutableAclServiceTests extends AbstractTransactionalJUnit4Sprin
 	@Test
 	public void createAclRejectsNullParameter() {
 		try {
-			jdbcMutableAclService.createAcl(null);
+			this.jdbcMutableAclService.createAcl(null);
 			fail("It should have thrown IllegalArgumentException");
 		}
 		catch (IllegalArgumentException expected) {
@@ -356,12 +356,12 @@ public class JdbcMutableAclServiceTests extends AbstractTransactionalJUnit4Sprin
 	@Test
 	@Transactional
 	public void createAclForADuplicateDomainObject() {
-		SecurityContextHolder.getContext().setAuthentication(auth);
+		SecurityContextHolder.getContext().setAuthentication(this.auth);
 		ObjectIdentity duplicateOid = new ObjectIdentityImpl(TARGET_CLASS, 100L);
-		jdbcMutableAclService.createAcl(duplicateOid);
+		this.jdbcMutableAclService.createAcl(duplicateOid);
 		// Try to add the same object second time
 		try {
-			jdbcMutableAclService.createAcl(duplicateOid);
+			this.jdbcMutableAclService.createAcl(duplicateOid);
 			fail("It should have thrown AlreadyExistsException");
 		}
 		catch (AlreadyExistsException expected) {
@@ -372,7 +372,7 @@ public class JdbcMutableAclServiceTests extends AbstractTransactionalJUnit4Sprin
 	@Transactional
 	public void deleteAclRejectsNullParameters() {
 		try {
-			jdbcMutableAclService.deleteAcl(null, true);
+			this.jdbcMutableAclService.deleteAcl(null, true);
 			fail("It should have thrown IllegalArgumentException");
 		}
 		catch (IllegalArgumentException expected) {
@@ -382,25 +382,25 @@ public class JdbcMutableAclServiceTests extends AbstractTransactionalJUnit4Sprin
 	@Test
 	@Transactional
 	public void deleteAclWithChildrenThrowsException() {
-		SecurityContextHolder.getContext().setAuthentication(auth);
-		MutableAcl parent = jdbcMutableAclService.createAcl(getTopParentOid());
-		MutableAcl child = jdbcMutableAclService.createAcl(getMiddleParentOid());
+		SecurityContextHolder.getContext().setAuthentication(this.auth);
+		MutableAcl parent = this.jdbcMutableAclService.createAcl(getTopParentOid());
+		MutableAcl child = this.jdbcMutableAclService.createAcl(getMiddleParentOid());
 
 		// Specify the inheritance hierarchy
 		child.setParent(parent);
-		jdbcMutableAclService.updateAcl(child);
+		this.jdbcMutableAclService.updateAcl(child);
 
 		try {
-			jdbcMutableAclService.setForeignKeysInDatabase(false); // switch on FK
+			this.jdbcMutableAclService.setForeignKeysInDatabase(false); // switch on FK
 																	// checking in the
 																	// class, not database
-			jdbcMutableAclService.deleteAcl(getTopParentOid(), false);
+			this.jdbcMutableAclService.deleteAcl(getTopParentOid(), false);
 			fail("It should have thrown ChildrenExistException");
 		}
 		catch (ChildrenExistException expected) {
 		}
 		finally {
-			jdbcMutableAclService.setForeignKeysInDatabase(true); // restore to the
+			this.jdbcMutableAclService.setForeignKeysInDatabase(true); // restore to the
 																	// default
 		}
 	}
@@ -408,31 +408,31 @@ public class JdbcMutableAclServiceTests extends AbstractTransactionalJUnit4Sprin
 	@Test
 	@Transactional
 	public void deleteAclRemovesRowsFromDatabase() {
-		SecurityContextHolder.getContext().setAuthentication(auth);
-		MutableAcl child = jdbcMutableAclService.createAcl(getChildOid());
-		child.insertAce(0, BasePermission.DELETE, new PrincipalSid(auth), false);
-		jdbcMutableAclService.updateAcl(child);
+		SecurityContextHolder.getContext().setAuthentication(this.auth);
+		MutableAcl child = this.jdbcMutableAclService.createAcl(getChildOid());
+		child.insertAce(0, BasePermission.DELETE, new PrincipalSid(this.auth), false);
+		this.jdbcMutableAclService.updateAcl(child);
 
 		// Remove the child and check all related database rows were removed accordingly
-		jdbcMutableAclService.deleteAcl(getChildOid(), false);
-		assertThat(jdbcTemplate.queryForList(SELECT_ALL_CLASSES, new Object[] { getTargetClass() })).hasSize(1);
-		assertThat(jdbcTemplate.queryForList("select * from acl_object_identity")).isEmpty();
-		assertThat(jdbcTemplate.queryForList("select * from acl_entry")).isEmpty();
+		this.jdbcMutableAclService.deleteAcl(getChildOid(), false);
+		assertThat(this.jdbcTemplate.queryForList(SELECT_ALL_CLASSES, new Object[] { getTargetClass() })).hasSize(1);
+		assertThat(this.jdbcTemplate.queryForList("select * from acl_object_identity")).isEmpty();
+		assertThat(this.jdbcTemplate.queryForList("select * from acl_entry")).isEmpty();
 
 		// Check the cache
-		assertThat(aclCache.getFromCache(getChildOid())).isNull();
-		assertThat(aclCache.getFromCache(102L)).isNull();
+		assertThat(this.aclCache.getFromCache(getChildOid())).isNull();
+		assertThat(this.aclCache.getFromCache(102L)).isNull();
 	}
 
 	/** SEC-1107 */
 	@Test
 	@Transactional
 	public void identityWithIntegerIdIsSupportedByCreateAcl() {
-		SecurityContextHolder.getContext().setAuthentication(auth);
+		SecurityContextHolder.getContext().setAuthentication(this.auth);
 		ObjectIdentity oid = new ObjectIdentityImpl(TARGET_CLASS, 101);
-		jdbcMutableAclService.createAcl(oid);
+		this.jdbcMutableAclService.createAcl(oid);
 
-		assertThat(jdbcMutableAclService.readAclById(new ObjectIdentityImpl(TARGET_CLASS, 101L))).isNotNull();
+		assertThat(this.jdbcMutableAclService.readAclById(new ObjectIdentityImpl(TARGET_CLASS, 101L))).isNotNull();
 	}
 
 	/**
@@ -448,21 +448,21 @@ public class JdbcMutableAclServiceTests extends AbstractTransactionalJUnit4Sprin
 		ObjectIdentity parentOid = new ObjectIdentityImpl(TARGET_CLASS, 104L);
 		ObjectIdentity childOid = new ObjectIdentityImpl(TARGET_CLASS, 105L);
 
-		MutableAcl parent = jdbcMutableAclService.createAcl(parentOid);
-		MutableAcl child = jdbcMutableAclService.createAcl(childOid);
+		MutableAcl parent = this.jdbcMutableAclService.createAcl(parentOid);
+		MutableAcl child = this.jdbcMutableAclService.createAcl(childOid);
 
 		child.setParent(parent);
-		jdbcMutableAclService.updateAcl(child);
+		this.jdbcMutableAclService.updateAcl(child);
 
-		parent = (AclImpl) jdbcMutableAclService.readAclById(parentOid);
+		parent = (AclImpl) this.jdbcMutableAclService.readAclById(parentOid);
 		parent.insertAce(0, BasePermission.READ, new PrincipalSid("ben"), true);
-		jdbcMutableAclService.updateAcl(parent);
+		this.jdbcMutableAclService.updateAcl(parent);
 
-		parent = (AclImpl) jdbcMutableAclService.readAclById(parentOid);
+		parent = (AclImpl) this.jdbcMutableAclService.readAclById(parentOid);
 		parent.insertAce(1, BasePermission.READ, new PrincipalSid("scott"), true);
-		jdbcMutableAclService.updateAcl(parent);
+		this.jdbcMutableAclService.updateAcl(parent);
 
-		child = (MutableAcl) jdbcMutableAclService.readAclById(childOid);
+		child = (MutableAcl) this.jdbcMutableAclService.readAclById(childOid);
 		parent = (MutableAcl) child.getParentAcl();
 
 		assertThat(parent.getEntries()).hasSize(2)
@@ -483,18 +483,18 @@ public class JdbcMutableAclServiceTests extends AbstractTransactionalJUnit4Sprin
 		SecurityContextHolder.getContext().setAuthentication(auth);
 		ObjectIdentityImpl rootObject = new ObjectIdentityImpl(TARGET_CLASS, 1L);
 
-		MutableAcl parent = jdbcMutableAclService.createAcl(rootObject);
-		MutableAcl child = jdbcMutableAclService.createAcl(new ObjectIdentityImpl(TARGET_CLASS, 2L));
+		MutableAcl parent = this.jdbcMutableAclService.createAcl(rootObject);
+		MutableAcl child = this.jdbcMutableAclService.createAcl(new ObjectIdentityImpl(TARGET_CLASS, 2L));
 		child.setParent(parent);
-		jdbcMutableAclService.updateAcl(child);
+		this.jdbcMutableAclService.updateAcl(child);
 
 		parent.insertAce(0, BasePermission.ADMINISTRATION, new GrantedAuthoritySid("ROLE_ADMINISTRATOR"), true);
-		jdbcMutableAclService.updateAcl(parent);
+		this.jdbcMutableAclService.updateAcl(parent);
 
 		parent.insertAce(1, BasePermission.DELETE, new PrincipalSid("terry"), true);
-		jdbcMutableAclService.updateAcl(parent);
+		this.jdbcMutableAclService.updateAcl(parent);
 
-		child = (MutableAcl) jdbcMutableAclService.readAclById(new ObjectIdentityImpl(TARGET_CLASS, 2L));
+		child = (MutableAcl) this.jdbcMutableAclService.readAclById(new ObjectIdentityImpl(TARGET_CLASS, 2L));
 
 		parent = (MutableAcl) child.getParentAcl();
 
@@ -513,7 +513,7 @@ public class JdbcMutableAclServiceTests extends AbstractTransactionalJUnit4Sprin
 		SecurityContextHolder.getContext().setAuthentication(auth);
 
 		ObjectIdentity topParentOid = new ObjectIdentityImpl(TARGET_CLASS, 110L);
-		MutableAcl topParent = jdbcMutableAclService.createAcl(topParentOid);
+		MutableAcl topParent = this.jdbcMutableAclService.createAcl(topParentOid);
 
 		// Add an ACE permission entry
 		Permission cm = new CumulativePermission().set(BasePermission.READ).set(BasePermission.ADMINISTRATION);
@@ -523,7 +523,7 @@ public class JdbcMutableAclServiceTests extends AbstractTransactionalJUnit4Sprin
 		assertThat(topParent.getEntries()).hasSize(1);
 
 		// Explicitly save the changed ACL
-		topParent = jdbcMutableAclService.updateAcl(topParent);
+		topParent = this.jdbcMutableAclService.updateAcl(topParent);
 
 		// Check the mask was retrieved correctly
 		assertThat(topParent.getEntries().get(0).getPermission().getMask()).isEqualTo(17);
@@ -535,7 +535,7 @@ public class JdbcMutableAclServiceTests extends AbstractTransactionalJUnit4Sprin
 	@Test
 	public void testProcessingCustomSid() {
 		CustomJdbcMutableAclService customJdbcMutableAclService = spy(
-				new CustomJdbcMutableAclService(dataSource, lookupStrategy, aclCache));
+				new CustomJdbcMutableAclService(this.dataSource, this.lookupStrategy, this.aclCache));
 		CustomSid customSid = new CustomSid("Custom sid");
 		when(customJdbcMutableAclService.createOrRetrieveSidPrimaryKey("Custom sid", false, false)).thenReturn(1L);
 
@@ -574,11 +574,11 @@ public class JdbcMutableAclServiceTests extends AbstractTransactionalJUnit4Sprin
 	}
 
 	protected Authentication getAuth() {
-		return auth;
+		return this.auth;
 	}
 
 	protected JdbcMutableAclService getJdbcMutableAclService() {
-		return jdbcMutableAclService;
+		return this.jdbcMutableAclService;
 	}
 
 }
diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTestsWithAclClassId.java b/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTestsWithAclClassId.java
index 2a822ce95f..a0c990fe74 100644
--- a/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTestsWithAclClassId.java
+++ b/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTestsWithAclClassId.java
@@ -52,17 +52,17 @@ public class JdbcMutableAclServiceTestsWithAclClassId extends JdbcMutableAclServ
 
 	@Override
 	protected ObjectIdentity getTopParentOid() {
-		return topParentOid;
+		return this.topParentOid;
 	}
 
 	@Override
 	protected ObjectIdentity getMiddleParentOid() {
-		return middleParentOid;
+		return this.middleParentOid;
 	}
 
 	@Override
 	protected ObjectIdentity getChildOid() {
-		return childOid;
+		return this.childOid;
 	}
 
 	@Override
diff --git a/acl/src/test/java/org/springframework/security/acls/sid/CustomSid.java b/acl/src/test/java/org/springframework/security/acls/sid/CustomSid.java
index c872258518..ab947c00e6 100644
--- a/acl/src/test/java/org/springframework/security/acls/sid/CustomSid.java
+++ b/acl/src/test/java/org/springframework/security/acls/sid/CustomSid.java
@@ -31,7 +31,7 @@ public class CustomSid implements Sid {
 	}
 
 	public String getSid() {
-		return sid;
+		return this.sid;
 	}
 
 	public void setSid(String sid) {
diff --git a/acl/src/test/java/org/springframework/security/acls/sid/SidRetrievalStrategyTests.java b/acl/src/test/java/org/springframework/security/acls/sid/SidRetrievalStrategyTests.java
index a992aea93f..2202be86ea 100644
--- a/acl/src/test/java/org/springframework/security/acls/sid/SidRetrievalStrategyTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/sid/SidRetrievalStrategyTests.java
@@ -48,7 +48,7 @@ public class SidRetrievalStrategyTests {
 	@Test
 	public void correctSidsAreRetrieved() {
 		SidRetrievalStrategy retrStrategy = new SidRetrievalStrategyImpl();
-		List<Sid> sids = retrStrategy.getSids(authentication);
+		List<Sid> sids = retrStrategy.getSids(this.authentication);
 
 		assertThat(sids).isNotNull();
 		assertThat(sids).hasSize(4);
@@ -72,7 +72,7 @@ public class SidRetrievalStrategyTests {
 		when(rh.getReachableGrantedAuthorities(anyCollection())).thenReturn(rhAuthorities);
 		SidRetrievalStrategy strat = new SidRetrievalStrategyImpl(rh);
 
-		List<Sid> sids = strat.getSids(authentication);
+		List<Sid> sids = strat.getSids(this.authentication);
 		assertThat(sids).hasSize(2);
 		assertThat(sids.get(0)).isNotNull();
 		assertThat(sids.get(0) instanceof PrincipalSid).isTrue();
diff --git a/acl/src/test/java/org/springframework/security/acls/sid/SidTests.java b/acl/src/test/java/org/springframework/security/acls/sid/SidTests.java
index 3087cf5372..7cf9bad483 100644
--- a/acl/src/test/java/org/springframework/security/acls/sid/SidTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/sid/SidTests.java
@@ -249,7 +249,7 @@ public class SidTests {
 
 		@Override
 		public String getName() {
-			return principal.getName();
+			return this.principal.getName();
 		}
 
 	}
@@ -263,7 +263,7 @@ public class SidTests {
 		}
 
 		String getName() {
-			return name;
+			return this.name;
 		}
 
 	}
diff --git a/aspects/src/test/java/org/springframework/security/access/intercept/aspectj/aspect/AnnotationSecurityAspectTests.java b/aspects/src/test/java/org/springframework/security/access/intercept/aspectj/aspect/AnnotationSecurityAspectTests.java
index 4a9b5456f0..6a6422d6c7 100644
--- a/aspects/src/test/java/org/springframework/security/access/intercept/aspectj/aspect/AnnotationSecurityAspectTests.java
+++ b/aspects/src/test/java/org/springframework/security/access/intercept/aspectj/aspect/AnnotationSecurityAspectTests.java
@@ -75,15 +75,15 @@ public class AnnotationSecurityAspectTests {
 	@Before
 	public final void setUp() {
 		MockitoAnnotations.initMocks(this);
-		interceptor = new AspectJMethodSecurityInterceptor();
+		this.interceptor = new AspectJMethodSecurityInterceptor();
 		AccessDecisionVoter[] voters = new AccessDecisionVoter[] { new RoleVoter(),
 				new PreInvocationAuthorizationAdviceVoter(new ExpressionBasedPreInvocationAdvice()) };
-		adm = new AffirmativeBased(Arrays.<AccessDecisionVoter<? extends Object>>asList(voters));
-		interceptor.setAccessDecisionManager(adm);
-		interceptor.setAuthenticationManager(authman);
-		interceptor.setSecurityMetadataSource(new SecuredAnnotationSecurityMetadataSource());
+		this.adm = new AffirmativeBased(Arrays.<AccessDecisionVoter<? extends Object>>asList(voters));
+		this.interceptor.setAccessDecisionManager(this.adm);
+		this.interceptor.setAuthenticationManager(this.authman);
+		this.interceptor.setSecurityMetadataSource(new SecuredAnnotationSecurityMetadataSource());
 		AnnotationSecurityAspect secAspect = AnnotationSecurityAspect.aspectOf();
-		secAspect.setSecurityInterceptor(interceptor);
+		secAspect.setSecurityInterceptor(this.interceptor);
 	}
 
 	@After
@@ -93,59 +93,59 @@ public class AnnotationSecurityAspectTests {
 
 	@Test
 	public void securedInterfaceMethodAllowsAllAccess() {
-		secured.securedMethod();
+		this.secured.securedMethod();
 	}
 
 	@Test(expected = AuthenticationCredentialsNotFoundException.class)
 	public void securedClassMethodDeniesUnauthenticatedAccess() {
-		secured.securedClassMethod();
+		this.secured.securedClassMethod();
 	}
 
 	@Test
 	public void securedClassMethodAllowsAccessToRoleA() {
-		SecurityContextHolder.getContext().setAuthentication(anne);
-		secured.securedClassMethod();
+		SecurityContextHolder.getContext().setAuthentication(this.anne);
+		this.secured.securedClassMethod();
 	}
 
 	@Test(expected = AccessDeniedException.class)
 	public void internalPrivateCallIsIntercepted() {
-		SecurityContextHolder.getContext().setAuthentication(anne);
+		SecurityContextHolder.getContext().setAuthentication(this.anne);
 
 		try {
-			secured.publicCallsPrivate();
+			this.secured.publicCallsPrivate();
 			fail("Expected AccessDeniedException");
 		}
 		catch (AccessDeniedException expected) {
 		}
-		securedSub.publicCallsPrivate();
+		this.securedSub.publicCallsPrivate();
 	}
 
 	@Test(expected = AccessDeniedException.class)
 	public void protectedMethodIsIntercepted() {
-		SecurityContextHolder.getContext().setAuthentication(anne);
+		SecurityContextHolder.getContext().setAuthentication(this.anne);
 
-		secured.protectedMethod();
+		this.secured.protectedMethod();
 	}
 
 	@Test
 	public void overriddenProtectedMethodIsNotIntercepted() {
 		// AspectJ doesn't inherit annotations
-		securedSub.protectedMethod();
+		this.securedSub.protectedMethod();
 	}
 
 	// SEC-1262
 	@Test(expected = AccessDeniedException.class)
 	public void denyAllPreAuthorizeDeniesAccess() {
 		configureForElAnnotations();
-		SecurityContextHolder.getContext().setAuthentication(anne);
-		prePostSecured.denyAllMethod();
+		SecurityContextHolder.getContext().setAuthentication(this.anne);
+		this.prePostSecured.denyAllMethod();
 	}
 
 	@Test
 	public void postFilterIsApplied() {
 		configureForElAnnotations();
-		SecurityContextHolder.getContext().setAuthentication(anne);
-		List<String> objects = prePostSecured.postFilterMethod();
+		SecurityContextHolder.getContext().setAuthentication(this.anne);
+		List<String> objects = this.prePostSecured.postFilterMethod();
 		assertThat(objects).hasSize(2);
 		assertThat(objects.contains("apple")).isTrue();
 		assertThat(objects.contains("aubergine")).isTrue();
@@ -153,12 +153,12 @@ public class AnnotationSecurityAspectTests {
 
 	private void configureForElAnnotations() {
 		DefaultMethodSecurityExpressionHandler eh = new DefaultMethodSecurityExpressionHandler();
-		interceptor.setSecurityMetadataSource(
+		this.interceptor.setSecurityMetadataSource(
 				new PrePostAnnotationSecurityMetadataSource(new ExpressionBasedAnnotationAttributeFactory(eh)));
-		interceptor.setAccessDecisionManager(adm);
+		this.interceptor.setAccessDecisionManager(this.adm);
 		AfterInvocationProviderManager aim = new AfterInvocationProviderManager();
 		aim.setProviders(Arrays.asList(new PostInvocationAdviceProvider(new ExpressionBasedPostInvocationAdvice(eh))));
-		interceptor.setAfterInvocationManager(aim);
+		this.interceptor.setAfterInvocationManager(aim);
 	}
 
 }
diff --git a/cas/src/main/java/org/springframework/security/cas/authentication/CasAuthenticationToken.java b/cas/src/main/java/org/springframework/security/cas/authentication/CasAuthenticationToken.java
index d08fdf3066..f44403e829 100644
--- a/cas/src/main/java/org/springframework/security/cas/authentication/CasAuthenticationToken.java
+++ b/cas/src/main/java/org/springframework/security/cas/authentication/CasAuthenticationToken.java
@@ -164,7 +164,7 @@ public class CasAuthenticationToken extends AbstractAuthenticationToken implemen
 	}
 
 	public UserDetails getUserDetails() {
-		return userDetails;
+		return this.userDetails;
 	}
 
 	@Override
diff --git a/cas/src/main/java/org/springframework/security/cas/authentication/EhCacheBasedTicketCache.java b/cas/src/main/java/org/springframework/security/cas/authentication/EhCacheBasedTicketCache.java
index 19b0f6012c..c0bd4cdac0 100644
--- a/cas/src/main/java/org/springframework/security/cas/authentication/EhCacheBasedTicketCache.java
+++ b/cas/src/main/java/org/springframework/security/cas/authentication/EhCacheBasedTicketCache.java
@@ -37,11 +37,11 @@ public class EhCacheBasedTicketCache implements StatelessTicketCache, Initializi
 	private Ehcache cache;
 
 	public void afterPropertiesSet() {
-		Assert.notNull(cache, "cache mandatory");
+		Assert.notNull(this.cache, "cache mandatory");
 	}
 
 	public CasAuthenticationToken getByTicketId(final String serviceTicket) {
-		final Element element = cache.get(serviceTicket);
+		final Element element = this.cache.get(serviceTicket);
 
 		if (logger.isDebugEnabled()) {
 			logger.debug("Cache hit: " + (element != null) + "; service ticket: " + serviceTicket);
@@ -51,7 +51,7 @@ public class EhCacheBasedTicketCache implements StatelessTicketCache, Initializi
 	}
 
 	public Ehcache getCache() {
-		return cache;
+		return this.cache;
 	}
 
 	public void putTicketInCache(final CasAuthenticationToken token) {
@@ -61,7 +61,7 @@ public class EhCacheBasedTicketCache implements StatelessTicketCache, Initializi
 			logger.debug("Cache put: " + element.getKey());
 		}
 
-		cache.put(element);
+		this.cache.put(element);
 	}
 
 	public void removeTicketFromCache(final CasAuthenticationToken token) {
@@ -73,7 +73,7 @@ public class EhCacheBasedTicketCache implements StatelessTicketCache, Initializi
 	}
 
 	public void removeTicketFromCache(final String serviceTicket) {
-		cache.remove(serviceTicket);
+		this.cache.remove(serviceTicket);
 	}
 
 	public void setCache(final Ehcache cache) {
diff --git a/cas/src/main/java/org/springframework/security/cas/authentication/SpringCacheBasedTicketCache.java b/cas/src/main/java/org/springframework/security/cas/authentication/SpringCacheBasedTicketCache.java
index 0c0ea3245e..28dcd5e291 100644
--- a/cas/src/main/java/org/springframework/security/cas/authentication/SpringCacheBasedTicketCache.java
+++ b/cas/src/main/java/org/springframework/security/cas/authentication/SpringCacheBasedTicketCache.java
@@ -40,7 +40,7 @@ public class SpringCacheBasedTicketCache implements StatelessTicketCache {
 	}
 
 	public CasAuthenticationToken getByTicketId(final String serviceTicket) {
-		final Cache.ValueWrapper element = serviceTicket != null ? cache.get(serviceTicket) : null;
+		final Cache.ValueWrapper element = serviceTicket != null ? this.cache.get(serviceTicket) : null;
 
 		if (logger.isDebugEnabled()) {
 			logger.debug("Cache hit: " + (element != null) + "; service ticket: " + serviceTicket);
@@ -56,7 +56,7 @@ public class SpringCacheBasedTicketCache implements StatelessTicketCache {
 			logger.debug("Cache put: " + key);
 		}
 
-		cache.put(key, token);
+		this.cache.put(key, token);
 	}
 
 	public void removeTicketFromCache(final CasAuthenticationToken token) {
@@ -68,7 +68,7 @@ public class SpringCacheBasedTicketCache implements StatelessTicketCache {
 	}
 
 	public void removeTicketFromCache(final String serviceTicket) {
-		cache.evict(serviceTicket);
+		this.cache.evict(serviceTicket);
 	}
 
 }
diff --git a/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationFilter.java b/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationFilter.java
index e6fb1657dc..e7666a1cdd 100644
--- a/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationFilter.java
+++ b/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationFilter.java
@@ -217,15 +217,15 @@ public class CasAuthenticationFilter extends AbstractAuthenticationProcessingFil
 			return;
 		}
 
-		if (logger.isDebugEnabled()) {
-			logger.debug("Authentication success. Updating SecurityContextHolder to contain: " + authResult);
+		if (this.logger.isDebugEnabled()) {
+			this.logger.debug("Authentication success. Updating SecurityContextHolder to contain: " + authResult);
 		}
 
 		SecurityContextHolder.getContext().setAuthentication(authResult);
 
 		// Fire event
 		if (this.eventPublisher != null) {
-			eventPublisher.publishEvent(new InteractiveAuthenticationSuccessEvent(authResult, this.getClass()));
+			this.eventPublisher.publishEvent(new InteractiveAuthenticationSuccessEvent(authResult, this.getClass()));
 		}
 
 		chain.doFilter(request, response);
@@ -237,7 +237,7 @@ public class CasAuthenticationFilter extends AbstractAuthenticationProcessingFil
 		// if the request is a proxy request process it and return null to indicate the
 		// request has been processed
 		if (proxyReceptorRequest(request)) {
-			logger.debug("Responding to proxy receptor request");
+			this.logger.debug("Responding to proxy receptor request");
 			CommonUtils.readAndRespondToProxyReceptorRequest(request, response, this.proxyGrantingTicketStorage);
 			return null;
 		}
@@ -247,14 +247,14 @@ public class CasAuthenticationFilter extends AbstractAuthenticationProcessingFil
 		String password = obtainArtifact(request);
 
 		if (password == null) {
-			logger.debug("Failed to obtain an artifact (cas ticket)");
+			this.logger.debug("Failed to obtain an artifact (cas ticket)");
 			password = "";
 		}
 
 		final UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username,
 				password);
 
-		authRequest.setDetails(authenticationDetailsSource.buildDetails(request));
+		authRequest.setDetails(this.authenticationDetailsSource.buildDetails(request));
 
 		return this.getAuthenticationManager().authenticate(authRequest);
 	}
@@ -265,7 +265,7 @@ public class CasAuthenticationFilter extends AbstractAuthenticationProcessingFil
 	 * @return if present the artifact from the {@link HttpServletRequest}, else null
 	 */
 	protected String obtainArtifact(HttpServletRequest request) {
-		return request.getParameter(artifactParameter);
+		return request.getParameter(this.artifactParameter);
 	}
 
 	/**
@@ -275,8 +275,8 @@ public class CasAuthenticationFilter extends AbstractAuthenticationProcessingFil
 		final boolean serviceTicketRequest = serviceTicketRequest(request, response);
 		final boolean result = serviceTicketRequest || proxyReceptorRequest(request)
 				|| (proxyTicketRequest(serviceTicketRequest, request));
-		if (logger.isDebugEnabled()) {
-			logger.debug("requiresAuthentication = " + result);
+		if (this.logger.isDebugEnabled()) {
+			this.logger.debug("requiresAuthentication = " + result);
 		}
 		return result;
 	}
@@ -321,8 +321,8 @@ public class CasAuthenticationFilter extends AbstractAuthenticationProcessingFil
 	 */
 	private boolean serviceTicketRequest(final HttpServletRequest request, final HttpServletResponse response) {
 		boolean result = super.requiresAuthentication(request, response);
-		if (logger.isDebugEnabled()) {
-			logger.debug("serviceTicketRequest = " + result);
+		if (this.logger.isDebugEnabled()) {
+			this.logger.debug("serviceTicketRequest = " + result);
 		}
 		return result;
 	}
@@ -336,9 +336,9 @@ public class CasAuthenticationFilter extends AbstractAuthenticationProcessingFil
 		if (serviceTicketRequest) {
 			return false;
 		}
-		final boolean result = authenticateAllArtifacts && obtainArtifact(request) != null && !authenticated();
-		if (logger.isDebugEnabled()) {
-			logger.debug("proxyTicketRequest = " + result);
+		final boolean result = this.authenticateAllArtifacts && obtainArtifact(request) != null && !authenticated();
+		if (this.logger.isDebugEnabled()) {
+			this.logger.debug("proxyTicketRequest = " + result);
 		}
 		return result;
 	}
@@ -359,9 +359,9 @@ public class CasAuthenticationFilter extends AbstractAuthenticationProcessingFil
 	 * @return
 	 */
 	private boolean proxyReceptorRequest(final HttpServletRequest request) {
-		final boolean result = proxyReceptorConfigured() && proxyReceptorMatcher.matches(request);
-		if (logger.isDebugEnabled()) {
-			logger.debug("proxyReceptorRequest = " + result);
+		final boolean result = proxyReceptorConfigured() && this.proxyReceptorMatcher.matches(request);
+		if (this.logger.isDebugEnabled()) {
+			this.logger.debug("proxyReceptorRequest = " + result);
 		}
 		return result;
 	}
@@ -372,9 +372,9 @@ public class CasAuthenticationFilter extends AbstractAuthenticationProcessingFil
 	 * @return
 	 */
 	private boolean proxyReceptorConfigured() {
-		final boolean result = this.proxyGrantingTicketStorage != null && proxyReceptorMatcher != null;
-		if (logger.isDebugEnabled()) {
-			logger.debug("proxyReceptorConfigured = " + result);
+		final boolean result = this.proxyGrantingTicketStorage != null && this.proxyReceptorMatcher != null;
+		if (this.logger.isDebugEnabled()) {
+			this.logger.debug("proxyReceptorConfigured = " + result);
 		}
 		return result;
 	}
@@ -401,10 +401,10 @@ public class CasAuthenticationFilter extends AbstractAuthenticationProcessingFil
 		public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
 				AuthenticationException exception) throws IOException, ServletException {
 			if (serviceTicketRequest(request, response)) {
-				serviceTicketFailureHandler.onAuthenticationFailure(request, response, exception);
+				this.serviceTicketFailureHandler.onAuthenticationFailure(request, response, exception);
 			}
 			else {
-				proxyFailureHandler.onAuthenticationFailure(request, response, exception);
+				CasAuthenticationFilter.this.proxyFailureHandler.onAuthenticationFailure(request, response, exception);
 			}
 		}
 
diff --git a/cas/src/main/java/org/springframework/security/cas/web/authentication/DefaultServiceAuthenticationDetails.java b/cas/src/main/java/org/springframework/security/cas/web/authentication/DefaultServiceAuthenticationDetails.java
index 6fc344e4f1..049bc3b8d4 100644
--- a/cas/src/main/java/org/springframework/security/cas/web/authentication/DefaultServiceAuthenticationDetails.java
+++ b/cas/src/main/java/org/springframework/security/cas/web/authentication/DefaultServiceAuthenticationDetails.java
@@ -62,14 +62,14 @@ final class DefaultServiceAuthenticationDetails extends WebAuthenticationDetails
 	 * @see org.springframework.security.cas.web.authentication.ServiceAuthenticationDetails#getServiceUrl()
 	 */
 	public String getServiceUrl() {
-		return serviceUrl;
+		return this.serviceUrl;
 	}
 
 	@Override
 	public int hashCode() {
 		final int prime = 31;
 		int result = super.hashCode();
-		result = prime * result + serviceUrl.hashCode();
+		result = prime * result + this.serviceUrl.hashCode();
 		return result;
 	}
 
@@ -82,7 +82,7 @@ final class DefaultServiceAuthenticationDetails extends WebAuthenticationDetails
 			return false;
 		}
 		ServiceAuthenticationDetails that = (ServiceAuthenticationDetails) obj;
-		return serviceUrl.equals(that.getServiceUrl());
+		return this.serviceUrl.equals(that.getServiceUrl());
 	}
 
 	@Override
@@ -90,7 +90,7 @@ final class DefaultServiceAuthenticationDetails extends WebAuthenticationDetails
 		StringBuilder result = new StringBuilder();
 		result.append(super.toString());
 		result.append("ServiceUrl: ");
-		result.append(serviceUrl);
+		result.append(this.serviceUrl);
 		return result.toString();
 	}
 
diff --git a/cas/src/main/java/org/springframework/security/cas/web/authentication/ServiceAuthenticationDetailsSource.java b/cas/src/main/java/org/springframework/security/cas/web/authentication/ServiceAuthenticationDetailsSource.java
index 1ab7fd4cc3..4e8a777fa1 100644
--- a/cas/src/main/java/org/springframework/security/cas/web/authentication/ServiceAuthenticationDetailsSource.java
+++ b/cas/src/main/java/org/springframework/security/cas/web/authentication/ServiceAuthenticationDetailsSource.java
@@ -70,7 +70,8 @@ public class ServiceAuthenticationDetailsSource
 	 */
 	public ServiceAuthenticationDetails buildDetails(HttpServletRequest context) {
 		try {
-			return new DefaultServiceAuthenticationDetails(serviceProperties.getService(), context, artifactPattern);
+			return new DefaultServiceAuthenticationDetails(this.serviceProperties.getService(), context,
+					this.artifactPattern);
 		}
 		catch (MalformedURLException e) {
 			throw new RuntimeException(e);
diff --git a/cas/src/test/java/org/springframework/security/cas/authentication/CasAuthenticationProviderTests.java b/cas/src/test/java/org/springframework/security/cas/authentication/CasAuthenticationProviderTests.java
index 269c463aee..b85f6baeb7 100644
--- a/cas/src/test/java/org/springframework/security/cas/authentication/CasAuthenticationProviderTests.java
+++ b/cas/src/test/java/org/springframework/security/cas/authentication/CasAuthenticationProviderTests.java
@@ -389,11 +389,11 @@ public class CasAuthenticationProviderTests {
 		private Map<String, CasAuthenticationToken> cache = new HashMap<>();
 
 		public CasAuthenticationToken getByTicketId(String serviceTicket) {
-			return cache.get(serviceTicket);
+			return this.cache.get(serviceTicket);
 		}
 
 		public void putTicketInCache(CasAuthenticationToken token) {
-			cache.put(token.getCredentials().toString(), token);
+			this.cache.put(token.getCredentials().toString(), token);
 		}
 
 		public void removeTicketFromCache(CasAuthenticationToken token) {
@@ -415,7 +415,7 @@ public class CasAuthenticationProviderTests {
 		}
 
 		public Assertion validate(final String ticket, final String service) {
-			if (returnTicket) {
+			if (this.returnTicket) {
 				return new AssertionImpl("rod");
 			}
 			throw new BadCredentialsException("As requested from mock");
diff --git a/cas/src/test/java/org/springframework/security/cas/authentication/CasAuthenticationTokenTests.java b/cas/src/test/java/org/springframework/security/cas/authentication/CasAuthenticationTokenTests.java
index e782e8ecb4..2de2cc4ea6 100644
--- a/cas/src/test/java/org/springframework/security/cas/authentication/CasAuthenticationTokenTests.java
+++ b/cas/src/test/java/org/springframework/security/cas/authentication/CasAuthenticationTokenTests.java
@@ -47,42 +47,42 @@ public class CasAuthenticationTokenTests {
 	}
 
 	private UserDetails makeUserDetails(final String name) {
-		return new User(name, "password", true, true, true, true, ROLES);
+		return new User(name, "password", true, true, true, true, this.ROLES);
 	}
 
 	@Test
 	public void testConstructorRejectsNulls() {
 		final Assertion assertion = new AssertionImpl("test");
 		try {
-			new CasAuthenticationToken(null, makeUserDetails(), "Password", ROLES, makeUserDetails(), assertion);
+			new CasAuthenticationToken(null, makeUserDetails(), "Password", this.ROLES, makeUserDetails(), assertion);
 			fail("Should have thrown IllegalArgumentException");
 		}
 		catch (IllegalArgumentException expected) {
 		}
 
 		try {
-			new CasAuthenticationToken("key", null, "Password", ROLES, makeUserDetails(), assertion);
+			new CasAuthenticationToken("key", null, "Password", this.ROLES, makeUserDetails(), assertion);
 			fail("Should have thrown IllegalArgumentException");
 		}
 		catch (IllegalArgumentException expected) {
 		}
 
 		try {
-			new CasAuthenticationToken("key", makeUserDetails(), null, ROLES, makeUserDetails(), assertion);
+			new CasAuthenticationToken("key", makeUserDetails(), null, this.ROLES, makeUserDetails(), assertion);
 			fail("Should have thrown IllegalArgumentException");
 		}
 		catch (IllegalArgumentException expected) {
 		}
 
 		try {
-			new CasAuthenticationToken("key", makeUserDetails(), "Password", ROLES, makeUserDetails(), null);
+			new CasAuthenticationToken("key", makeUserDetails(), "Password", this.ROLES, makeUserDetails(), null);
 			fail("Should have thrown IllegalArgumentException");
 		}
 		catch (IllegalArgumentException expected) {
 		}
 
 		try {
-			new CasAuthenticationToken("key", makeUserDetails(), "Password", ROLES, null, assertion);
+			new CasAuthenticationToken("key", makeUserDetails(), "Password", this.ROLES, null, assertion);
 			fail("Should have thrown IllegalArgumentException");
 		}
 		catch (IllegalArgumentException expected) {
@@ -107,10 +107,10 @@ public class CasAuthenticationTokenTests {
 	public void testEqualsWhenEqual() {
 		final Assertion assertion = new AssertionImpl("test");
 
-		CasAuthenticationToken token1 = new CasAuthenticationToken("key", makeUserDetails(), "Password", ROLES,
+		CasAuthenticationToken token1 = new CasAuthenticationToken("key", makeUserDetails(), "Password", this.ROLES,
 				makeUserDetails(), assertion);
 
-		CasAuthenticationToken token2 = new CasAuthenticationToken("key", makeUserDetails(), "Password", ROLES,
+		CasAuthenticationToken token2 = new CasAuthenticationToken("key", makeUserDetails(), "Password", this.ROLES,
 				makeUserDetails(), assertion);
 
 		assertThat(token2).isEqualTo(token1);
@@ -120,7 +120,7 @@ public class CasAuthenticationTokenTests {
 	public void testGetters() {
 		// Build the proxy list returned in the ticket from CAS
 		final Assertion assertion = new AssertionImpl("test");
-		CasAuthenticationToken token = new CasAuthenticationToken("key", makeUserDetails(), "Password", ROLES,
+		CasAuthenticationToken token = new CasAuthenticationToken("key", makeUserDetails(), "Password", this.ROLES,
 				makeUserDetails(), assertion);
 		assertThat(token.getKeyHash()).isEqualTo("key".hashCode());
 		assertThat(token.getPrincipal()).isEqualTo(makeUserDetails());
@@ -146,11 +146,11 @@ public class CasAuthenticationTokenTests {
 	public void testNotEqualsDueToAbstractParentEqualsCheck() {
 		final Assertion assertion = new AssertionImpl("test");
 
-		CasAuthenticationToken token1 = new CasAuthenticationToken("key", makeUserDetails(), "Password", ROLES,
+		CasAuthenticationToken token1 = new CasAuthenticationToken("key", makeUserDetails(), "Password", this.ROLES,
 				makeUserDetails(), assertion);
 
 		CasAuthenticationToken token2 = new CasAuthenticationToken("key", makeUserDetails("OTHER_NAME"), "Password",
-				ROLES, makeUserDetails(), assertion);
+				this.ROLES, makeUserDetails(), assertion);
 
 		assertThat(!token1.equals(token2)).isTrue();
 	}
@@ -159,10 +159,11 @@ public class CasAuthenticationTokenTests {
 	public void testNotEqualsDueToDifferentAuthenticationClass() {
 		final Assertion assertion = new AssertionImpl("test");
 
-		CasAuthenticationToken token1 = new CasAuthenticationToken("key", makeUserDetails(), "Password", ROLES,
+		CasAuthenticationToken token1 = new CasAuthenticationToken("key", makeUserDetails(), "Password", this.ROLES,
 				makeUserDetails(), assertion);
 
-		UsernamePasswordAuthenticationToken token2 = new UsernamePasswordAuthenticationToken("Test", "Password", ROLES);
+		UsernamePasswordAuthenticationToken token2 = new UsernamePasswordAuthenticationToken("Test", "Password",
+				this.ROLES);
 		assertThat(!token1.equals(token2)).isTrue();
 	}
 
@@ -170,11 +171,11 @@ public class CasAuthenticationTokenTests {
 	public void testNotEqualsDueToKey() {
 		final Assertion assertion = new AssertionImpl("test");
 
-		CasAuthenticationToken token1 = new CasAuthenticationToken("key", makeUserDetails(), "Password", ROLES,
+		CasAuthenticationToken token1 = new CasAuthenticationToken("key", makeUserDetails(), "Password", this.ROLES,
 				makeUserDetails(), assertion);
 
 		CasAuthenticationToken token2 = new CasAuthenticationToken("DIFFERENT_KEY", makeUserDetails(), "Password",
-				ROLES, makeUserDetails(), assertion);
+				this.ROLES, makeUserDetails(), assertion);
 
 		assertThat(!token1.equals(token2)).isTrue();
 	}
@@ -184,10 +185,10 @@ public class CasAuthenticationTokenTests {
 		final Assertion assertion = new AssertionImpl("test");
 		final Assertion assertion2 = new AssertionImpl("test");
 
-		CasAuthenticationToken token1 = new CasAuthenticationToken("key", makeUserDetails(), "Password", ROLES,
+		CasAuthenticationToken token1 = new CasAuthenticationToken("key", makeUserDetails(), "Password", this.ROLES,
 				makeUserDetails(), assertion);
 
-		CasAuthenticationToken token2 = new CasAuthenticationToken("key", makeUserDetails(), "Password", ROLES,
+		CasAuthenticationToken token2 = new CasAuthenticationToken("key", makeUserDetails(), "Password", this.ROLES,
 				makeUserDetails(), assertion2);
 
 		assertThat(!token1.equals(token2)).isTrue();
@@ -196,7 +197,7 @@ public class CasAuthenticationTokenTests {
 	@Test
 	public void testSetAuthenticated() {
 		final Assertion assertion = new AssertionImpl("test");
-		CasAuthenticationToken token = new CasAuthenticationToken("key", makeUserDetails(), "Password", ROLES,
+		CasAuthenticationToken token = new CasAuthenticationToken("key", makeUserDetails(), "Password", this.ROLES,
 				makeUserDetails(), assertion);
 		assertThat(token.isAuthenticated()).isTrue();
 		token.setAuthenticated(false);
@@ -206,7 +207,7 @@ public class CasAuthenticationTokenTests {
 	@Test
 	public void testToString() {
 		final Assertion assertion = new AssertionImpl("test");
-		CasAuthenticationToken token = new CasAuthenticationToken("key", makeUserDetails(), "Password", ROLES,
+		CasAuthenticationToken token = new CasAuthenticationToken("key", makeUserDetails(), "Password", this.ROLES,
 				makeUserDetails(), assertion);
 		String result = token.toString();
 		assertThat(result.lastIndexOf("Credentials (Service/Proxy Ticket):") != -1).isTrue();
diff --git a/cas/src/test/java/org/springframework/security/cas/authentication/NullStatelessTicketCacheTests.java b/cas/src/test/java/org/springframework/security/cas/authentication/NullStatelessTicketCacheTests.java
index 2ee90854ad..ddbaafe5e0 100644
--- a/cas/src/test/java/org/springframework/security/cas/authentication/NullStatelessTicketCacheTests.java
+++ b/cas/src/test/java/org/springframework/security/cas/authentication/NullStatelessTicketCacheTests.java
@@ -31,15 +31,15 @@ public class NullStatelessTicketCacheTests extends AbstractStatelessTicketCacheT
 
 	@Test
 	public void testGetter() {
-		assertThat(cache.getByTicketId(null)).isNull();
-		assertThat(cache.getByTicketId("test")).isNull();
+		assertThat(this.cache.getByTicketId(null)).isNull();
+		assertThat(this.cache.getByTicketId("test")).isNull();
 	}
 
 	@Test
 	public void testInsertAndGet() {
 		final CasAuthenticationToken token = getToken();
-		cache.putTicketInCache(token);
-		assertThat(cache.getByTicketId((String) token.getCredentials())).isNull();
+		this.cache.putTicketInCache(token);
+		assertThat(this.cache.getByTicketId((String) token.getCredentials())).isNull();
 	}
 
 }
diff --git a/cas/src/test/java/org/springframework/security/cas/jackson2/CasAuthenticationTokenMixinTests.java b/cas/src/test/java/org/springframework/security/cas/jackson2/CasAuthenticationTokenMixinTests.java
index 45956f171e..7ed182ccc9 100644
--- a/cas/src/test/java/org/springframework/security/cas/jackson2/CasAuthenticationTokenMixinTests.java
+++ b/cas/src/test/java/org/springframework/security/cas/jackson2/CasAuthenticationTokenMixinTests.java
@@ -95,15 +95,15 @@ public class CasAuthenticationTokenMixinTests {
 
 	@Before
 	public void setup() {
-		mapper = new ObjectMapper();
+		this.mapper = new ObjectMapper();
 		ClassLoader loader = getClass().getClassLoader();
-		mapper.registerModules(SecurityJackson2Modules.getModules(loader));
+		this.mapper.registerModules(SecurityJackson2Modules.getModules(loader));
 	}
 
 	@Test
 	public void serializeCasAuthenticationTest() throws JsonProcessingException, JSONException {
 		CasAuthenticationToken token = createCasAuthenticationToken();
-		String actualJson = mapper.writeValueAsString(token);
+		String actualJson = this.mapper.writeValueAsString(token);
 		JSONAssert.assertEquals(CAS_TOKEN_JSON, actualJson, true);
 	}
 
@@ -112,19 +112,19 @@ public class CasAuthenticationTokenMixinTests {
 			throws JsonProcessingException, JSONException {
 		CasAuthenticationToken token = createCasAuthenticationToken();
 		token.eraseCredentials();
-		String actualJson = mapper.writeValueAsString(token);
+		String actualJson = this.mapper.writeValueAsString(token);
 		JSONAssert.assertEquals(CAS_TOKEN_CLEARED_JSON, actualJson, true);
 	}
 
 	@Test
 	public void deserializeCasAuthenticationTestAfterEraseCredentialInvoked() throws Exception {
-		CasAuthenticationToken token = mapper.readValue(CAS_TOKEN_CLEARED_JSON, CasAuthenticationToken.class);
+		CasAuthenticationToken token = this.mapper.readValue(CAS_TOKEN_CLEARED_JSON, CasAuthenticationToken.class);
 		assertThat(((UserDetails) token.getPrincipal()).getPassword()).isNull();
 	}
 
 	@Test
 	public void deserializeCasAuthenticationTest() throws IOException {
-		CasAuthenticationToken token = mapper.readValue(CAS_TOKEN_JSON, CasAuthenticationToken.class);
+		CasAuthenticationToken token = this.mapper.readValue(CAS_TOKEN_JSON, CasAuthenticationToken.class);
 		assertThat(token).isNotNull();
 		assertThat(token.getPrincipal()).isNotNull().isInstanceOf(User.class);
 		assertThat(((User) token.getPrincipal()).getUsername()).isEqualTo("admin");
diff --git a/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/LdapAuthenticationProviderBuilderSecurityBuilderTests.java b/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/LdapAuthenticationProviderBuilderSecurityBuilderTests.java
index b712aa3ce4..915a3187a0 100644
--- a/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/LdapAuthenticationProviderBuilderSecurityBuilderTests.java
+++ b/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/LdapAuthenticationProviderBuilderSecurityBuilderTests.java
@@ -237,8 +237,8 @@ public class LdapAuthenticationProviderBuilderSecurityBuilderTests {
 	}
 
 	private LdapAuthenticationProvider ldapProvider() {
-		return ((List<LdapAuthenticationProvider>) ReflectionTestUtils.getField(authenticationManager, "providers"))
-				.get(0);
+		return ((List<LdapAuthenticationProvider>) ReflectionTestUtils.getField(this.authenticationManager,
+				"providers")).get(0);
 	}
 
 	private LdapAuthoritiesPopulator getAuthoritiesPopulator(LdapAuthenticationProvider provider) {
diff --git a/config/src/integration-test/java/org/springframework/security/config/ldap/LdapProviderBeanDefinitionParserTests.java b/config/src/integration-test/java/org/springframework/security/config/ldap/LdapProviderBeanDefinitionParserTests.java
index d2ae81bdc7..250197b140 100644
--- a/config/src/integration-test/java/org/springframework/security/config/ldap/LdapProviderBeanDefinitionParserTests.java
+++ b/config/src/integration-test/java/org/springframework/security/config/ldap/LdapProviderBeanDefinitionParserTests.java
@@ -40,19 +40,19 @@ public class LdapProviderBeanDefinitionParserTests {
 
 	@After
 	public void closeAppContext() {
-		if (appCtx != null) {
-			appCtx.close();
-			appCtx = null;
+		if (this.appCtx != null) {
+			this.appCtx.close();
+			this.appCtx = null;
 		}
 	}
 
 	@Test
 	public void simpleProviderAuthenticatesCorrectly() {
-		appCtx = new InMemoryXmlApplicationContext("<ldap-server ldif='classpath:test-server.ldif' port='0'/>"
+		this.appCtx = new InMemoryXmlApplicationContext("<ldap-server ldif='classpath:test-server.ldif' port='0'/>"
 				+ "<authentication-manager>" + "  <ldap-authentication-provider group-search-filter='member={0}' />"
 				+ "</authentication-manager>");
 
-		AuthenticationManager authenticationManager = appCtx.getBean(BeanIds.AUTHENTICATION_MANAGER,
+		AuthenticationManager authenticationManager = this.appCtx.getBean(BeanIds.AUTHENTICATION_MANAGER,
 				AuthenticationManager.class);
 		Authentication auth = authenticationManager
 				.authenticate(new UsernamePasswordAuthenticationToken("ben", "benspassword"));
@@ -62,12 +62,12 @@ public class LdapProviderBeanDefinitionParserTests {
 
 	@Test
 	public void multipleProvidersAreSupported() {
-		appCtx = new InMemoryXmlApplicationContext("<ldap-server ldif='classpath:test-server.ldif' port='0'/>"
+		this.appCtx = new InMemoryXmlApplicationContext("<ldap-server ldif='classpath:test-server.ldif' port='0'/>"
 				+ "<authentication-manager>" + "  <ldap-authentication-provider group-search-filter='member={0}' />"
 				+ "  <ldap-authentication-provider group-search-filter='uniqueMember={0}' />"
 				+ "</authentication-manager>");
 
-		ProviderManager providerManager = appCtx.getBean(BeanIds.AUTHENTICATION_MANAGER, ProviderManager.class);
+		ProviderManager providerManager = this.appCtx.getBean(BeanIds.AUTHENTICATION_MANAGER, ProviderManager.class);
 		assertThat(providerManager.getProviders()).hasSize(2);
 		assertThat(providerManager.getProviders()).extracting("authoritiesPopulator.groupSearchFilter")
 				.containsExactly("member={0}", "uniqueMember={0}");
@@ -81,11 +81,11 @@ public class LdapProviderBeanDefinitionParserTests {
 
 	@Test
 	public void supportsPasswordComparisonAuthentication() {
-		appCtx = new InMemoryXmlApplicationContext("<ldap-server ldif='classpath:test-server.ldif' port='0'/>"
+		this.appCtx = new InMemoryXmlApplicationContext("<ldap-server ldif='classpath:test-server.ldif' port='0'/>"
 				+ "<authentication-manager>" + "  <ldap-authentication-provider user-dn-pattern='uid={0},ou=people'>"
 				+ "    <password-compare />" + "  </ldap-authentication-provider>" + "</authentication-manager>");
 
-		AuthenticationManager authenticationManager = appCtx.getBean(BeanIds.AUTHENTICATION_MANAGER,
+		AuthenticationManager authenticationManager = this.appCtx.getBean(BeanIds.AUTHENTICATION_MANAGER,
 				AuthenticationManager.class);
 		Authentication auth = authenticationManager
 				.authenticate(new UsernamePasswordAuthenticationToken("ben", "benspassword"));
@@ -95,13 +95,13 @@ public class LdapProviderBeanDefinitionParserTests {
 
 	@Test
 	public void supportsPasswordComparisonAuthenticationWithPasswordEncoder() {
-		appCtx = new InMemoryXmlApplicationContext("<ldap-server ldif='classpath:test-server.ldif' port='0'/>"
+		this.appCtx = new InMemoryXmlApplicationContext("<ldap-server ldif='classpath:test-server.ldif' port='0'/>"
 				+ "<authentication-manager>" + "  <ldap-authentication-provider user-dn-pattern='uid={0},ou=people'>"
 				+ "    <password-compare password-attribute='uid'>" + "      <password-encoder ref='passwordEncoder' />"
 				+ "    </password-compare>" + "  </ldap-authentication-provider>" + "</authentication-manager>"
 				+ "<b:bean id='passwordEncoder' class='org.springframework.security.crypto.password.NoOpPasswordEncoder' factory-method='getInstance' />");
 
-		AuthenticationManager authenticationManager = appCtx.getBean(BeanIds.AUTHENTICATION_MANAGER,
+		AuthenticationManager authenticationManager = this.appCtx.getBean(BeanIds.AUTHENTICATION_MANAGER,
 				AuthenticationManager.class);
 		Authentication auth = authenticationManager.authenticate(new UsernamePasswordAuthenticationToken("ben", "ben"));
 
@@ -111,13 +111,13 @@ public class LdapProviderBeanDefinitionParserTests {
 	// SEC-2472
 	@Test
 	public void supportsCryptoPasswordEncoder() {
-		appCtx = new InMemoryXmlApplicationContext("<ldap-server ldif='classpath:test-server.ldif' port='0'/>"
+		this.appCtx = new InMemoryXmlApplicationContext("<ldap-server ldif='classpath:test-server.ldif' port='0'/>"
 				+ "<authentication-manager>" + "  <ldap-authentication-provider user-dn-pattern='uid={0},ou=people'>"
 				+ "    <password-compare>" + "      <password-encoder ref='pe' />" + "    </password-compare>"
 				+ "  </ldap-authentication-provider>" + "</authentication-manager>"
 				+ "<b:bean id='pe' class='org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder' />");
 
-		AuthenticationManager authenticationManager = appCtx.getBean(BeanIds.AUTHENTICATION_MANAGER,
+		AuthenticationManager authenticationManager = this.appCtx.getBean(BeanIds.AUTHENTICATION_MANAGER,
 				AuthenticationManager.class);
 		Authentication auth = authenticationManager
 				.authenticate(new UsernamePasswordAuthenticationToken("bcrypt", "password"));
@@ -127,13 +127,13 @@ public class LdapProviderBeanDefinitionParserTests {
 
 	@Test
 	public void inetOrgContextMapperIsSupported() {
-		appCtx = new InMemoryXmlApplicationContext(
+		this.appCtx = new InMemoryXmlApplicationContext(
 				"<ldap-server url='ldap://127.0.0.1:343/dc=springframework,dc=org' port='0'/>"
 						+ "<authentication-manager>"
 						+ "  <ldap-authentication-provider user-details-class='inetOrgPerson' />"
 						+ "</authentication-manager>");
 
-		ProviderManager providerManager = appCtx.getBean(BeanIds.AUTHENTICATION_MANAGER, ProviderManager.class);
+		ProviderManager providerManager = this.appCtx.getBean(BeanIds.AUTHENTICATION_MANAGER, ProviderManager.class);
 		assertThat(providerManager.getProviders()).hasSize(1);
 		assertThat(providerManager.getProviders()).extracting("userDetailsContextMapper")
 				.allSatisfy(contextMapper -> assertThat(contextMapper).isInstanceOf(InetOrgPersonContextMapper.class));
@@ -143,12 +143,12 @@ public class LdapProviderBeanDefinitionParserTests {
 	public void ldapAuthenticationProviderWorksWithPlaceholders() {
 		System.setProperty("udp", "people");
 		System.setProperty("gsf", "member");
-		appCtx = new InMemoryXmlApplicationContext("<ldap-server />" + "<authentication-manager>"
+		this.appCtx = new InMemoryXmlApplicationContext("<ldap-server />" + "<authentication-manager>"
 				+ "  <ldap-authentication-provider user-dn-pattern='uid={0},ou=${udp}' group-search-filter='${gsf}={0}' />"
 				+ "</authentication-manager>"
 				+ "<b:bean id='org.springframework.beans.factory.config.PropertyPlaceholderConfigurer' class='org.springframework.beans.factory.config.PropertyPlaceholderConfigurer' />");
 
-		ProviderManager providerManager = appCtx.getBean(BeanIds.AUTHENTICATION_MANAGER, ProviderManager.class);
+		ProviderManager providerManager = this.appCtx.getBean(BeanIds.AUTHENTICATION_MANAGER, ProviderManager.class);
 		assertThat(providerManager.getProviders()).hasSize(1);
 
 		AuthenticationProvider authenticationProvider = providerManager.getProviders().get(0);
diff --git a/config/src/integration-test/java/org/springframework/security/config/ldap/LdapServerBeanDefinitionParserTests.java b/config/src/integration-test/java/org/springframework/security/config/ldap/LdapServerBeanDefinitionParserTests.java
index 5eaa5a9a9e..aeb55cb2ee 100644
--- a/config/src/integration-test/java/org/springframework/security/config/ldap/LdapServerBeanDefinitionParserTests.java
+++ b/config/src/integration-test/java/org/springframework/security/config/ldap/LdapServerBeanDefinitionParserTests.java
@@ -40,17 +40,17 @@ public class LdapServerBeanDefinitionParserTests {
 
 	@After
 	public void closeAppContext() {
-		if (appCtx != null) {
-			appCtx.close();
-			appCtx = null;
+		if (this.appCtx != null) {
+			this.appCtx.close();
+			this.appCtx = null;
 		}
 	}
 
 	@Test
 	public void embeddedServerCreationContainsExpectedContextSourceAndData() {
-		appCtx = new InMemoryXmlApplicationContext("<ldap-server ldif='classpath:test-server.ldif' port='0'/>");
+		this.appCtx = new InMemoryXmlApplicationContext("<ldap-server ldif='classpath:test-server.ldif' port='0'/>");
 
-		DefaultSpringSecurityContextSource contextSource = (DefaultSpringSecurityContextSource) appCtx
+		DefaultSpringSecurityContextSource contextSource = (DefaultSpringSecurityContextSource) this.appCtx
 				.getBean(BeanIds.CONTEXT_SOURCE);
 
 		// Check data is loaded
@@ -62,14 +62,15 @@ public class LdapServerBeanDefinitionParserTests {
 	public void useOfUrlAttributeCreatesCorrectContextSource() throws Exception {
 		int port = getDefaultPort();
 		// Create second "server" with a url pointing at embedded one
-		appCtx = new InMemoryXmlApplicationContext("<ldap-server ldif='classpath:test-server.ldif' port='" + port
+		this.appCtx = new InMemoryXmlApplicationContext("<ldap-server ldif='classpath:test-server.ldif' port='" + port
 				+ "'/>" + "<ldap-server ldif='classpath:test-server.ldif' id='blah' url='ldap://127.0.0.1:" + port
 				+ "/dc=springframework,dc=org' />");
 
 		// Check the default context source is still there.
-		appCtx.getBean(BeanIds.CONTEXT_SOURCE);
+		this.appCtx.getBean(BeanIds.CONTEXT_SOURCE);
 
-		DefaultSpringSecurityContextSource contextSource = (DefaultSpringSecurityContextSource) appCtx.getBean("blah");
+		DefaultSpringSecurityContextSource contextSource = (DefaultSpringSecurityContextSource) this.appCtx
+				.getBean("blah");
 
 		// Check data is loaded as before
 		LdapTemplate template = new LdapTemplate(contextSource);
@@ -78,9 +79,9 @@ public class LdapServerBeanDefinitionParserTests {
 
 	@Test
 	public void loadingSpecificLdifFileIsSuccessful() {
-		appCtx = new InMemoryXmlApplicationContext(
+		this.appCtx = new InMemoryXmlApplicationContext(
 				"<ldap-server ldif='classpath*:test-server2.xldif' root='dc=monkeymachine,dc=co,dc=uk' port='0'/>");
-		DefaultSpringSecurityContextSource contextSource = (DefaultSpringSecurityContextSource) appCtx
+		DefaultSpringSecurityContextSource contextSource = (DefaultSpringSecurityContextSource) this.appCtx
 				.getBean(BeanIds.CONTEXT_SOURCE);
 
 		LdapTemplate template = new LdapTemplate(contextSource);
@@ -89,8 +90,8 @@ public class LdapServerBeanDefinitionParserTests {
 
 	@Test
 	public void defaultLdifFileIsSuccessful() {
-		appCtx = new InMemoryXmlApplicationContext("<ldap-server/>");
-		ApacheDSContainer dsContainer = appCtx.getBean(ApacheDSContainer.class);
+		this.appCtx = new InMemoryXmlApplicationContext("<ldap-server/>");
+		ApacheDSContainer dsContainer = this.appCtx.getBean(ApacheDSContainer.class);
 
 		assertThat(ReflectionTestUtils.getField(dsContainer, "ldifResources")).isEqualTo("classpath*:*.ldif");
 	}
diff --git a/config/src/integration-test/java/org/springframework/security/config/ldap/LdapUserServiceBeanDefinitionParserTests.java b/config/src/integration-test/java/org/springframework/security/config/ldap/LdapUserServiceBeanDefinitionParserTests.java
index 36b8921c69..219c11db0b 100644
--- a/config/src/integration-test/java/org/springframework/security/config/ldap/LdapUserServiceBeanDefinitionParserTests.java
+++ b/config/src/integration-test/java/org/springframework/security/config/ldap/LdapUserServiceBeanDefinitionParserTests.java
@@ -53,9 +53,9 @@ public class LdapUserServiceBeanDefinitionParserTests {
 
 	@After
 	public void closeAppContext() {
-		if (appCtx != null) {
-			appCtx.close();
-			appCtx = null;
+		if (this.appCtx != null) {
+			this.appCtx.close();
+			this.appCtx = null;
 		}
 	}
 
@@ -81,7 +81,7 @@ public class LdapUserServiceBeanDefinitionParserTests {
 		setContext(
 				"<ldap-user-service id='ldapUDS' user-search-filter='(uid={0})' group-search-filter='member={0}' /><ldap-server ldif='classpath:test-server.ldif'/>");
 
-		UserDetailsService uds = (UserDetailsService) appCtx.getBean("ldapUDS");
+		UserDetailsService uds = (UserDetailsService) this.appCtx.getBean("ldapUDS");
 		UserDetails ben = uds.loadUserByUsername("ben");
 
 		Set<String> authorities = AuthorityUtils.authorityListToSet(ben.getAuthorities());
@@ -95,7 +95,7 @@ public class LdapUserServiceBeanDefinitionParserTests {
 				+ "       user-search-filter='(cn={0})' "
 				+ "       group-search-filter='member={0}' /><ldap-server ldif='classpath:test-server.ldif'/>");
 
-		UserDetailsService uds = (UserDetailsService) appCtx.getBean("ldapUDS");
+		UserDetailsService uds = (UserDetailsService) this.appCtx.getBean("ldapUDS");
 		UserDetails joe = uds.loadUserByUsername("Joe Smeth");
 
 		assertThat(joe.getUsername()).isEqualTo("Joe Smeth");
@@ -108,11 +108,11 @@ public class LdapUserServiceBeanDefinitionParserTests {
 				+ "<ldap-user-service id='ldapUDSNoPrefix' " + "     user-search-filter='(uid={0})' "
 				+ "     group-search-filter='member={0}' role-prefix='none'/><ldap-server ldif='classpath:test-server.ldif'/>");
 
-		UserDetailsService uds = (UserDetailsService) appCtx.getBean("ldapUDS");
+		UserDetailsService uds = (UserDetailsService) this.appCtx.getBean("ldapUDS");
 		UserDetails ben = uds.loadUserByUsername("ben");
 		assertThat(AuthorityUtils.authorityListToSet(ben.getAuthorities())).contains("PREFIX_DEVELOPERS");
 
-		uds = (UserDetailsService) appCtx.getBean("ldapUDSNoPrefix");
+		uds = (UserDetailsService) this.appCtx.getBean("ldapUDSNoPrefix");
 		ben = uds.loadUserByUsername("ben");
 		assertThat(AuthorityUtils.authorityListToSet(ben.getAuthorities())).contains("DEVELOPERS");
 	}
@@ -122,7 +122,7 @@ public class LdapUserServiceBeanDefinitionParserTests {
 		setContext(
 				"<ldap-user-service id='ldapUDS' user-search-filter='(uid={0})' group-role-attribute='ou' group-search-filter='member={0}' /><ldap-server ldif='classpath:test-server.ldif'/>");
 
-		UserDetailsService uds = (UserDetailsService) appCtx.getBean("ldapUDS");
+		UserDetailsService uds = (UserDetailsService) this.appCtx.getBean("ldapUDS");
 		UserDetails ben = uds.loadUserByUsername("ben");
 
 		Set<String> authorities = AuthorityUtils.authorityListToSet(ben.getAuthorities());
@@ -144,7 +144,7 @@ public class LdapUserServiceBeanDefinitionParserTests {
 	public void personContextMapperIsSupported() {
 		setContext("<ldap-server ldif='classpath:test-server.ldif'/>"
 				+ "<ldap-user-service id='ldapUDS' user-search-filter='(uid={0})' user-details-class='person'/>");
-		UserDetailsService uds = (UserDetailsService) appCtx.getBean("ldapUDS");
+		UserDetailsService uds = (UserDetailsService) this.appCtx.getBean("ldapUDS");
 		UserDetails ben = uds.loadUserByUsername("ben");
 		assertThat(ben instanceof Person).isTrue();
 	}
@@ -153,7 +153,7 @@ public class LdapUserServiceBeanDefinitionParserTests {
 	public void inetOrgContextMapperIsSupported() {
 		setContext("<ldap-server id='someServer' ldif='classpath:test-server.ldif'/>"
 				+ "<ldap-user-service id='ldapUDS' user-search-filter='(uid={0})' user-details-class='inetOrgPerson'/>");
-		UserDetailsService uds = (UserDetailsService) appCtx.getBean("ldapUDS");
+		UserDetailsService uds = (UserDetailsService) this.appCtx.getBean("ldapUDS");
 		UserDetails ben = uds.loadUserByUsername("ben");
 		assertThat(ben instanceof InetOrgPerson).isTrue();
 	}
@@ -164,13 +164,13 @@ public class LdapUserServiceBeanDefinitionParserTests {
 				+ "<ldap-user-service id='ldapUDS' user-search-filter='(uid={0})' user-context-mapper-ref='mapper'/>"
 				+ "<b:bean id='mapper' class='" + InetOrgPersonContextMapper.class.getName() + "'/>");
 
-		UserDetailsService uds = (UserDetailsService) appCtx.getBean("ldapUDS");
+		UserDetailsService uds = (UserDetailsService) this.appCtx.getBean("ldapUDS");
 		UserDetails ben = uds.loadUserByUsername("ben");
 		assertThat(ben instanceof InetOrgPerson).isTrue();
 	}
 
 	private void setContext(String context) {
-		appCtx = new InMemoryXmlApplicationContext(context);
+		this.appCtx = new InMemoryXmlApplicationContext(context);
 	}
 
 }
diff --git a/config/src/main/java/org/springframework/security/config/SecurityNamespaceHandler.java b/config/src/main/java/org/springframework/security/config/SecurityNamespaceHandler.java
index b92ff3f560..9de6be2efb 100644
--- a/config/src/main/java/org/springframework/security/config/SecurityNamespaceHandler.java
+++ b/config/src/main/java/org/springframework/security/config/SecurityNamespaceHandler.java
@@ -78,15 +78,16 @@ public final class SecurityNamespaceHandler implements NamespaceHandler {
 		Package pkg = SpringSecurityCoreVersion.class.getPackage();
 
 		if (pkg == null || coreVersion == null) {
-			logger.info("Couldn't determine package version information.");
+			this.logger.info("Couldn't determine package version information.");
 			return;
 		}
 
 		String version = pkg.getImplementationVersion();
-		logger.info("Spring Security 'config' module version is " + version);
+		this.logger.info("Spring Security 'config' module version is " + version);
 
 		if (version.compareTo(coreVersion) != 0) {
-			logger.error("You are running with different versions of the Spring Security 'core' and 'config' modules");
+			this.logger.error(
+					"You are running with different versions of the Spring Security 'core' and 'config' modules");
 		}
 	}
 
@@ -98,7 +99,7 @@ public final class SecurityNamespaceHandler implements NamespaceHandler {
 					element);
 		}
 		String name = pc.getDelegate().getLocalName(element);
-		BeanDefinitionParser parser = parsers.get(name);
+		BeanDefinitionParser parser = this.parsers.get(name);
 
 		if (parser == null) {
 			// SEC-1455. Load parsers when required, not just on init().
@@ -126,17 +127,17 @@ public final class SecurityNamespaceHandler implements NamespaceHandler {
 		// We only handle elements
 		if (node instanceof Element) {
 			if (Elements.INTERCEPT_METHODS.equals(name)) {
-				return interceptMethodsBDD.decorate(node, definition, pc);
+				return this.interceptMethodsBDD.decorate(node, definition, pc);
 			}
 
 			if (Elements.FILTER_CHAIN_MAP.equals(name)) {
-				if (filterChainMapBDD == null) {
+				if (this.filterChainMapBDD == null) {
 					loadParsers();
 				}
-				if (filterChainMapBDD == null) {
+				if (this.filterChainMapBDD == null) {
 					reportMissingWebClasses(name, pc, node);
 				}
-				return filterChainMapBDD.decorate(node, definition, pc);
+				return this.filterChainMapBDD.decorate(node, definition, pc);
 			}
 		}
 
@@ -170,29 +171,32 @@ public final class SecurityNamespaceHandler implements NamespaceHandler {
 
 	private void loadParsers() {
 		// Parsers
-		parsers.put(Elements.LDAP_PROVIDER, new LdapProviderBeanDefinitionParser());
-		parsers.put(Elements.LDAP_SERVER, new LdapServerBeanDefinitionParser());
-		parsers.put(Elements.LDAP_USER_SERVICE, new LdapUserServiceBeanDefinitionParser());
-		parsers.put(Elements.USER_SERVICE, new UserServiceBeanDefinitionParser());
-		parsers.put(Elements.JDBC_USER_SERVICE, new JdbcUserServiceBeanDefinitionParser());
-		parsers.put(Elements.AUTHENTICATION_PROVIDER, new AuthenticationProviderBeanDefinitionParser());
-		parsers.put(Elements.GLOBAL_METHOD_SECURITY, new GlobalMethodSecurityBeanDefinitionParser());
-		parsers.put(Elements.AUTHENTICATION_MANAGER, new AuthenticationManagerBeanDefinitionParser());
-		parsers.put(Elements.METHOD_SECURITY_METADATA_SOURCE, new MethodSecurityMetadataSourceBeanDefinitionParser());
+		this.parsers.put(Elements.LDAP_PROVIDER, new LdapProviderBeanDefinitionParser());
+		this.parsers.put(Elements.LDAP_SERVER, new LdapServerBeanDefinitionParser());
+		this.parsers.put(Elements.LDAP_USER_SERVICE, new LdapUserServiceBeanDefinitionParser());
+		this.parsers.put(Elements.USER_SERVICE, new UserServiceBeanDefinitionParser());
+		this.parsers.put(Elements.JDBC_USER_SERVICE, new JdbcUserServiceBeanDefinitionParser());
+		this.parsers.put(Elements.AUTHENTICATION_PROVIDER, new AuthenticationProviderBeanDefinitionParser());
+		this.parsers.put(Elements.GLOBAL_METHOD_SECURITY, new GlobalMethodSecurityBeanDefinitionParser());
+		this.parsers.put(Elements.AUTHENTICATION_MANAGER, new AuthenticationManagerBeanDefinitionParser());
+		this.parsers.put(Elements.METHOD_SECURITY_METADATA_SOURCE,
+				new MethodSecurityMetadataSourceBeanDefinitionParser());
 
 		// Only load the web-namespace parsers if the web classes are available
 		if (ClassUtils.isPresent(FILTER_CHAIN_PROXY_CLASSNAME, getClass().getClassLoader())) {
-			parsers.put(Elements.DEBUG, new DebugBeanDefinitionParser());
-			parsers.put(Elements.HTTP, new HttpSecurityBeanDefinitionParser());
-			parsers.put(Elements.HTTP_FIREWALL, new HttpFirewallBeanDefinitionParser());
-			parsers.put(Elements.FILTER_SECURITY_METADATA_SOURCE, new FilterInvocationSecurityMetadataSourceParser());
-			parsers.put(Elements.FILTER_CHAIN, new FilterChainBeanDefinitionParser());
-			filterChainMapBDD = new FilterChainMapBeanDefinitionDecorator();
-			parsers.put(Elements.CLIENT_REGISTRATIONS, new ClientRegistrationsBeanDefinitionParser());
+			this.parsers.put(Elements.DEBUG, new DebugBeanDefinitionParser());
+			this.parsers.put(Elements.HTTP, new HttpSecurityBeanDefinitionParser());
+			this.parsers.put(Elements.HTTP_FIREWALL, new HttpFirewallBeanDefinitionParser());
+			this.parsers.put(Elements.FILTER_SECURITY_METADATA_SOURCE,
+					new FilterInvocationSecurityMetadataSourceParser());
+			this.parsers.put(Elements.FILTER_CHAIN, new FilterChainBeanDefinitionParser());
+			this.filterChainMapBDD = new FilterChainMapBeanDefinitionDecorator();
+			this.parsers.put(Elements.CLIENT_REGISTRATIONS, new ClientRegistrationsBeanDefinitionParser());
 		}
 
 		if (ClassUtils.isPresent(MESSAGE_CLASSNAME, getClass().getClassLoader())) {
-			parsers.put(Elements.WEBSOCKET_MESSAGE_BROKER, new WebSocketMessageBrokerSecurityBeanDefinitionParser());
+			this.parsers.put(Elements.WEBSOCKET_MESSAGE_BROKER,
+					new WebSocketMessageBrokerSecurityBeanDefinitionParser());
 		}
 	}
 
diff --git a/config/src/main/java/org/springframework/security/config/annotation/AbstractConfiguredSecurityBuilder.java b/config/src/main/java/org/springframework/security/config/annotation/AbstractConfiguredSecurityBuilder.java
index a1e2e854fe..76f47b51cb 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/AbstractConfiguredSecurityBuilder.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/AbstractConfiguredSecurityBuilder.java
@@ -103,7 +103,7 @@ public abstract class AbstractConfiguredSecurityBuilder<O, B extends SecurityBui
 				return build();
 			}
 			catch (Exception e) {
-				logger.debug("Failed to perform build. Returning null", e);
+				this.logger.debug("Failed to perform build. Returning null", e);
 				return null;
 			}
 		}
@@ -121,7 +121,7 @@ public abstract class AbstractConfiguredSecurityBuilder<O, B extends SecurityBui
 	 */
 	@SuppressWarnings("unchecked")
 	public <C extends SecurityConfigurerAdapter<O, B>> C apply(C configurer) throws Exception {
-		configurer.addObjectPostProcessor(objectPostProcessor);
+		configurer.addObjectPostProcessor(this.objectPostProcessor);
 		configurer.setBuilder((B) this);
 		add(configurer);
 		return configurer;
@@ -179,17 +179,18 @@ public abstract class AbstractConfiguredSecurityBuilder<O, B extends SecurityBui
 
 		Class<? extends SecurityConfigurer<O, B>> clazz = (Class<? extends SecurityConfigurer<O, B>>) configurer
 				.getClass();
-		synchronized (configurers) {
-			if (buildState.isConfigured()) {
+		synchronized (this.configurers) {
+			if (this.buildState.isConfigured()) {
 				throw new IllegalStateException("Cannot apply " + configurer + " to already built object");
 			}
-			List<SecurityConfigurer<O, B>> configs = allowConfigurersOfSameType ? this.configurers.get(clazz) : null;
+			List<SecurityConfigurer<O, B>> configs = this.allowConfigurersOfSameType ? this.configurers.get(clazz)
+					: null;
 			if (configs == null) {
 				configs = new ArrayList<>(1);
 			}
 			configs.add(configurer);
 			this.configurers.put(clazz, configs);
-			if (buildState.isInitializing()) {
+			if (this.buildState.isInitializing()) {
 				this.configurersAddedInInitializing.add(configurer);
 			}
 		}
@@ -297,22 +298,22 @@ public abstract class AbstractConfiguredSecurityBuilder<O, B extends SecurityBui
 	 */
 	@Override
 	protected final O doBuild() throws Exception {
-		synchronized (configurers) {
-			buildState = BuildState.INITIALIZING;
+		synchronized (this.configurers) {
+			this.buildState = BuildState.INITIALIZING;
 
 			beforeInit();
 			init();
 
-			buildState = BuildState.CONFIGURING;
+			this.buildState = BuildState.CONFIGURING;
 
 			beforeConfigure();
 			configure();
 
-			buildState = BuildState.BUILDING;
+			this.buildState = BuildState.BUILDING;
 
 			O result = performBuild();
 
-			buildState = BuildState.BUILT;
+			this.buildState = BuildState.BUILT;
 
 			return result;
 		}
@@ -349,7 +350,7 @@ public abstract class AbstractConfiguredSecurityBuilder<O, B extends SecurityBui
 			configurer.init((B) this);
 		}
 
-		for (SecurityConfigurer<O, B> configurer : configurersAddedInInitializing) {
+		for (SecurityConfigurer<O, B> configurer : this.configurersAddedInInitializing) {
 			configurer.init((B) this);
 		}
 	}
@@ -376,8 +377,8 @@ public abstract class AbstractConfiguredSecurityBuilder<O, B extends SecurityBui
 	 * @return true, if unbuilt else false
 	 */
 	private boolean isUnbuilt() {
-		synchronized (configurers) {
-			return buildState == BuildState.UNBUILT;
+		synchronized (this.configurers) {
+			return this.buildState == BuildState.UNBUILT;
 		}
 	}
 
@@ -427,7 +428,7 @@ public abstract class AbstractConfiguredSecurityBuilder<O, B extends SecurityBui
 		}
 
 		public boolean isInitializing() {
-			return INITIALIZING.order == order;
+			return INITIALIZING.order == this.order;
 		}
 
 		/**
@@ -435,7 +436,7 @@ public abstract class AbstractConfiguredSecurityBuilder<O, B extends SecurityBui
 		 * @return
 		 */
 		public boolean isConfigured() {
-			return order >= CONFIGURING.order;
+			return this.order >= CONFIGURING.order;
 		}
 
 	}
diff --git a/config/src/main/java/org/springframework/security/config/annotation/SecurityConfigurerAdapter.java b/config/src/main/java/org/springframework/security/config/annotation/SecurityConfigurerAdapter.java
index ec8f0e290c..befa941eeb 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/SecurityConfigurerAdapter.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/SecurityConfigurerAdapter.java
@@ -60,10 +60,10 @@ public abstract class SecurityConfigurerAdapter<O, B extends SecurityBuilder<O>>
 	 * @throws IllegalStateException if {@link SecurityBuilder} is null
 	 */
 	protected final B getBuilder() {
-		if (securityBuilder == null) {
+		if (this.securityBuilder == null) {
 			throw new IllegalStateException("securityBuilder cannot be null");
 		}
-		return securityBuilder;
+		return this.securityBuilder;
 	}
 
 	/**
@@ -108,7 +108,7 @@ public abstract class SecurityConfigurerAdapter<O, B extends SecurityBuilder<O>>
 
 		@SuppressWarnings({ "rawtypes", "unchecked" })
 		public Object postProcess(Object object) {
-			for (ObjectPostProcessor opp : postProcessors) {
+			for (ObjectPostProcessor opp : this.postProcessors) {
 				Class<?> oppClass = opp.getClass();
 				Class<?> oppType = GenericTypeResolver.resolveTypeArgument(oppClass, ObjectPostProcessor.class);
 				if (oppType == null || oppType.isAssignableFrom(object.getClass())) {
@@ -125,7 +125,7 @@ public abstract class SecurityConfigurerAdapter<O, B extends SecurityBuilder<O>>
 		 */
 		private boolean addObjectPostProcessor(ObjectPostProcessor<?> objectPostProcessor) {
 			boolean result = this.postProcessors.add(objectPostProcessor);
-			postProcessors.sort(AnnotationAwareOrderComparator.INSTANCE);
+			this.postProcessors.sort(AnnotationAwareOrderComparator.INSTANCE);
 			return result;
 		}
 
diff --git a/config/src/main/java/org/springframework/security/config/annotation/authentication/builders/AuthenticationManagerBuilder.java b/config/src/main/java/org/springframework/security/config/annotation/authentication/builders/AuthenticationManagerBuilder.java
index f9d5e7d88d..a4080c2f8c 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/authentication/builders/AuthenticationManagerBuilder.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/authentication/builders/AuthenticationManagerBuilder.java
@@ -220,15 +220,16 @@ public class AuthenticationManagerBuilder
 	@Override
 	protected ProviderManager performBuild() throws Exception {
 		if (!isConfigured()) {
-			logger.debug("No authenticationProviders and no parentAuthenticationManager defined. Returning null.");
+			this.logger.debug("No authenticationProviders and no parentAuthenticationManager defined. Returning null.");
 			return null;
 		}
-		ProviderManager providerManager = new ProviderManager(authenticationProviders, parentAuthenticationManager);
-		if (eraseCredentials != null) {
-			providerManager.setEraseCredentialsAfterAuthentication(eraseCredentials);
+		ProviderManager providerManager = new ProviderManager(this.authenticationProviders,
+				this.parentAuthenticationManager);
+		if (this.eraseCredentials != null) {
+			providerManager.setEraseCredentialsAfterAuthentication(this.eraseCredentials);
 		}
-		if (eventPublisher != null) {
-			providerManager.setAuthenticationEventPublisher(eventPublisher);
+		if (this.eventPublisher != null) {
+			providerManager.setAuthenticationEventPublisher(this.eventPublisher);
 		}
 		providerManager = postProcess(providerManager);
 		return providerManager;
@@ -250,7 +251,7 @@ public class AuthenticationManagerBuilder
 	 * false
 	 */
 	public boolean isConfigured() {
-		return !authenticationProviders.isEmpty() || parentAuthenticationManager != null;
+		return !this.authenticationProviders.isEmpty() || this.parentAuthenticationManager != null;
 	}
 
 	/**
diff --git a/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfiguration.java
index 32afab9466..40c54c62ad 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfiguration.java
@@ -115,18 +115,18 @@ public class AuthenticationConfiguration {
 			return new AuthenticationManagerDelegator(authBuilder);
 		}
 
-		for (GlobalAuthenticationConfigurerAdapter config : globalAuthConfigurers) {
+		for (GlobalAuthenticationConfigurerAdapter config : this.globalAuthConfigurers) {
 			authBuilder.apply(config);
 		}
 
-		authenticationManager = authBuilder.build();
+		this.authenticationManager = authBuilder.build();
 
-		if (authenticationManager == null) {
-			authenticationManager = getAuthenticationManagerBean();
+		if (this.authenticationManager == null) {
+			this.authenticationManager = getAuthenticationManagerBean();
 		}
 
 		this.authenticationManagerInitialized = true;
-		return authenticationManager;
+		return this.authenticationManager;
 	}
 
 	@Autowired(required = false)
@@ -148,7 +148,7 @@ public class AuthenticationConfiguration {
 	@SuppressWarnings("unchecked")
 	private <T> T lazyBean(Class<T> interfaceName) {
 		LazyInitTargetSource lazyTargetSource = new LazyInitTargetSource();
-		String[] beanNamesForType = BeanFactoryUtils.beanNamesForTypeIncludingAncestors(applicationContext,
+		String[] beanNamesForType = BeanFactoryUtils.beanNamesForTypeIncludingAncestors(this.applicationContext,
 				interfaceName);
 		if (beanNamesForType.length == 0) {
 			return null;
@@ -168,20 +168,20 @@ public class AuthenticationConfiguration {
 		}
 
 		lazyTargetSource.setTargetBeanName(beanName);
-		lazyTargetSource.setBeanFactory(applicationContext);
+		lazyTargetSource.setBeanFactory(this.applicationContext);
 		ProxyFactoryBean proxyFactory = new ProxyFactoryBean();
-		proxyFactory = objectPostProcessor.postProcess(proxyFactory);
+		proxyFactory = this.objectPostProcessor.postProcess(proxyFactory);
 		proxyFactory.setTargetSource(lazyTargetSource);
 		return (T) proxyFactory.getObject();
 	}
 
 	private List<String> getPrimaryBeanNames(String[] beanNamesForType) {
 		List<String> list = new ArrayList<>();
-		if (!(applicationContext instanceof ConfigurableApplicationContext)) {
+		if (!(this.applicationContext instanceof ConfigurableApplicationContext)) {
 			return Collections.emptyList();
 		}
 		for (String beanName : beanNamesForType) {
-			if (((ConfigurableApplicationContext) applicationContext).getBeanFactory().getBeanDefinition(beanName)
+			if (((ConfigurableApplicationContext) this.applicationContext).getBeanFactory().getBeanDefinition(beanName)
 					.isPrimary()) {
 				list.add(beanName);
 			}
@@ -214,7 +214,8 @@ public class AuthenticationConfiguration {
 
 		@Override
 		public void init(AuthenticationManagerBuilder auth) {
-			Map<String, Object> beansWithAnnotation = context.getBeansWithAnnotation(EnableGlobalAuthentication.class);
+			Map<String, Object> beansWithAnnotation = this.context
+					.getBeansWithAnnotation(EnableGlobalAuthentication.class);
 			if (logger.isDebugEnabled()) {
 				logger.debug("Eagerly initializing " + beansWithAnnotation);
 			}
diff --git a/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/ldap/LdapAuthenticationProviderConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/ldap/LdapAuthenticationProviderConfigurer.java
index 2e3514057c..60196d9fc7 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/ldap/LdapAuthenticationProviderConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/ldap/LdapAuthenticationProviderConfigurer.java
@@ -98,8 +98,8 @@ public class LdapAuthenticationProviderConfigurer<B extends ProviderManagerBuild
 		LdapAuthenticationProvider ldapAuthenticationProvider = new LdapAuthenticationProvider(ldapAuthenticator,
 				authoritiesPopulator);
 		ldapAuthenticationProvider.setAuthoritiesMapper(getAuthoritiesMapper());
-		if (userDetailsContextMapper != null) {
-			ldapAuthenticationProvider.setUserDetailsContextMapper(userDetailsContextMapper);
+		if (this.userDetailsContextMapper != null) {
+			ldapAuthenticationProvider.setUserDetailsContextMapper(this.userDetailsContextMapper);
 		}
 		return ldapAuthenticationProvider;
 	}
@@ -132,15 +132,15 @@ public class LdapAuthenticationProviderConfigurer<B extends ProviderManagerBuild
 	 * @return the {@link LdapAuthoritiesPopulator}
 	 */
 	private LdapAuthoritiesPopulator getLdapAuthoritiesPopulator() {
-		if (ldapAuthoritiesPopulator != null) {
-			return ldapAuthoritiesPopulator;
+		if (this.ldapAuthoritiesPopulator != null) {
+			return this.ldapAuthoritiesPopulator;
 		}
 
-		DefaultLdapAuthoritiesPopulator defaultAuthoritiesPopulator = new DefaultLdapAuthoritiesPopulator(contextSource,
-				groupSearchBase);
-		defaultAuthoritiesPopulator.setGroupRoleAttribute(groupRoleAttribute);
-		defaultAuthoritiesPopulator.setGroupSearchFilter(groupSearchFilter);
-		defaultAuthoritiesPopulator.setSearchSubtree(groupSearchSubtree);
+		DefaultLdapAuthoritiesPopulator defaultAuthoritiesPopulator = new DefaultLdapAuthoritiesPopulator(
+				this.contextSource, this.groupSearchBase);
+		defaultAuthoritiesPopulator.setGroupRoleAttribute(this.groupRoleAttribute);
+		defaultAuthoritiesPopulator.setGroupSearchFilter(this.groupSearchFilter);
+		defaultAuthoritiesPopulator.setSearchSubtree(this.groupSearchSubtree);
 		defaultAuthoritiesPopulator.setRolePrefix(this.rolePrefix);
 
 		this.ldapAuthoritiesPopulator = defaultAuthoritiesPopulator;
@@ -169,8 +169,8 @@ public class LdapAuthenticationProviderConfigurer<B extends ProviderManagerBuild
 	 * @throws Exception if errors in {@link SimpleAuthorityMapper#afterPropertiesSet()}
 	 */
 	protected GrantedAuthoritiesMapper getAuthoritiesMapper() throws Exception {
-		if (authoritiesMapper != null) {
-			return authoritiesMapper;
+		if (this.authoritiesMapper != null) {
+			return this.authoritiesMapper;
 		}
 
 		SimpleAuthorityMapper simpleAuthorityMapper = new SimpleAuthorityMapper();
@@ -186,14 +186,14 @@ public class LdapAuthenticationProviderConfigurer<B extends ProviderManagerBuild
 	 * @return the {@link LdapAuthenticator} to use
 	 */
 	private LdapAuthenticator createLdapAuthenticator(BaseLdapPathContextSource contextSource) {
-		AbstractLdapAuthenticator ldapAuthenticator = passwordEncoder == null ? createBindAuthenticator(contextSource)
-				: createPasswordCompareAuthenticator(contextSource);
+		AbstractLdapAuthenticator ldapAuthenticator = this.passwordEncoder == null
+				? createBindAuthenticator(contextSource) : createPasswordCompareAuthenticator(contextSource);
 		LdapUserSearch userSearch = createUserSearch();
 		if (userSearch != null) {
 			ldapAuthenticator.setUserSearch(userSearch);
 		}
-		if (userDnPatterns != null && userDnPatterns.length > 0) {
-			ldapAuthenticator.setUserDnPatterns(userDnPatterns);
+		if (this.userDnPatterns != null && this.userDnPatterns.length > 0) {
+			ldapAuthenticator.setUserDnPatterns(this.userDnPatterns);
 		}
 		return postProcess(ldapAuthenticator);
 	}
@@ -206,10 +206,10 @@ public class LdapAuthenticationProviderConfigurer<B extends ProviderManagerBuild
 	private PasswordComparisonAuthenticator createPasswordCompareAuthenticator(
 			BaseLdapPathContextSource contextSource) {
 		PasswordComparisonAuthenticator ldapAuthenticator = new PasswordComparisonAuthenticator(contextSource);
-		if (passwordAttribute != null) {
-			ldapAuthenticator.setPasswordAttributeName(passwordAttribute);
+		if (this.passwordAttribute != null) {
+			ldapAuthenticator.setPasswordAttributeName(this.passwordAttribute);
 		}
-		ldapAuthenticator.setPasswordEncoder(passwordEncoder);
+		ldapAuthenticator.setPasswordEncoder(this.passwordEncoder);
 		return ldapAuthenticator;
 	}
 
@@ -223,10 +223,10 @@ public class LdapAuthenticationProviderConfigurer<B extends ProviderManagerBuild
 	}
 
 	private LdapUserSearch createUserSearch() {
-		if (userSearchFilter == null) {
+		if (this.userSearchFilter == null) {
 			return null;
 		}
-		return new FilterBasedLdapUserSearch(userSearchBase, userSearchFilter, contextSource);
+		return new FilterBasedLdapUserSearch(this.userSearchBase, this.userSearchFilter, this.contextSource);
 	}
 
 	/**
@@ -247,7 +247,7 @@ public class LdapAuthenticationProviderConfigurer<B extends ProviderManagerBuild
 	 * @return the {@link ContextSourceBuilder} for further customizations
 	 */
 	public ContextSourceBuilder contextSource() {
-		return contextSourceBuilder;
+		return this.contextSourceBuilder;
 	}
 
 	/**
@@ -540,12 +540,12 @@ public class LdapAuthenticationProviderConfigurer<B extends ProviderManagerBuild
 			}
 
 			DefaultSpringSecurityContextSource contextSource = new DefaultSpringSecurityContextSource(getProviderUrl());
-			if (managerDn != null) {
-				contextSource.setUserDn(managerDn);
-				if (managerPassword == null) {
+			if (this.managerDn != null) {
+				contextSource.setUserDn(this.managerDn);
+				if (this.managerPassword == null) {
 					throw new IllegalStateException("managerPassword is required if managerDn is supplied");
 				}
-				contextSource.setPassword(managerPassword);
+				contextSource.setPassword(this.managerPassword);
 			}
 			contextSource = postProcess(contextSource);
 			return contextSource;
@@ -570,10 +570,10 @@ public class LdapAuthenticationProviderConfigurer<B extends ProviderManagerBuild
 		}
 
 		private int getPort() {
-			if (port == null) {
-				port = getDefaultPort();
+			if (this.port == null) {
+				this.port = getDefaultPort();
 			}
-			return port;
+			return this.port;
 		}
 
 		private int getDefaultPort() {
@@ -586,10 +586,10 @@ public class LdapAuthenticationProviderConfigurer<B extends ProviderManagerBuild
 		}
 
 		private String getProviderUrl() {
-			if (url == null) {
-				return "ldap://127.0.0.1:" + getPort() + "/" + root;
+			if (this.url == null) {
+				return "ldap://127.0.0.1:" + getPort() + "/" + this.root;
 			}
-			return url;
+			return this.url;
 		}
 
 		private ContextSourceBuilder() {
@@ -598,10 +598,10 @@ public class LdapAuthenticationProviderConfigurer<B extends ProviderManagerBuild
 	}
 
 	private BaseLdapPathContextSource getContextSource() throws Exception {
-		if (contextSource == null) {
-			contextSource = contextSourceBuilder.build();
+		if (this.contextSource == null) {
+			this.contextSource = this.contextSourceBuilder.build();
 		}
-		return contextSource;
+		return this.contextSource;
 	}
 
 	/**
diff --git a/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/provisioning/JdbcUserDetailsManagerConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/provisioning/JdbcUserDetailsManagerConfigurer.java
index 89928fb6e6..ce4c6d3506 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/provisioning/JdbcUserDetailsManagerConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/provisioning/JdbcUserDetailsManagerConfigurer.java
@@ -150,7 +150,7 @@ public class JdbcUserDetailsManagerConfigurer<B extends ProviderManagerBuilder<B
 
 	@Override
 	protected void initUserDetailsService() throws Exception {
-		if (!initScripts.isEmpty()) {
+		if (!this.initScripts.isEmpty()) {
 			getDataSourceInit().afterPropertiesSet();
 		}
 		super.initUserDetailsService();
@@ -173,14 +173,14 @@ public class JdbcUserDetailsManagerConfigurer<B extends ProviderManagerBuilder<B
 
 	protected DatabasePopulator getDatabasePopulator() {
 		ResourceDatabasePopulator dbp = new ResourceDatabasePopulator();
-		dbp.setScripts(initScripts.toArray(new Resource[0]));
+		dbp.setScripts(this.initScripts.toArray(new Resource[0]));
 		return dbp;
 	}
 
 	private DataSourceInitializer getDataSourceInit() {
 		DataSourceInitializer dsi = new DataSourceInitializer();
 		dsi.setDatabasePopulator(getDatabasePopulator());
-		dsi.setDataSource(dataSource);
+		dsi.setDataSource(this.dataSource);
 		return dsi;
 	}
 
diff --git a/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/provisioning/UserDetailsManagerConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/provisioning/UserDetailsManagerConfigurer.java
index 3ae55eba45..217b9c5d19 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/provisioning/UserDetailsManagerConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/provisioning/UserDetailsManagerConfigurer.java
@@ -54,7 +54,7 @@ public class UserDetailsManagerConfigurer<B extends ProviderManagerBuilder<B>, C
 	 */
 	@Override
 	protected void initUserDetailsService() throws Exception {
-		for (UserDetailsBuilder userBuilder : userBuilders) {
+		for (UserDetailsBuilder userBuilder : this.userBuilders) {
 			getUserDetailsService().createUser(userBuilder.build());
 		}
 		for (UserDetails userDetails : this.users) {
@@ -124,7 +124,7 @@ public class UserDetailsManagerConfigurer<B extends ProviderManagerBuilder<B>, C
 		 * @return the {@link UserDetailsManagerConfigurer} for method chaining
 		 */
 		public C and() {
-			return builder;
+			return this.builder;
 		}
 
 		/**
diff --git a/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/userdetails/AbstractDaoAuthenticationConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/userdetails/AbstractDaoAuthenticationConfigurer.java
index e85040f8ed..e0cf9686f1 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/userdetails/AbstractDaoAuthenticationConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/userdetails/AbstractDaoAuthenticationConfigurer.java
@@ -45,7 +45,7 @@ abstract class AbstractDaoAuthenticationConfigurer<B extends ProviderManagerBuil
 	 */
 	protected AbstractDaoAuthenticationConfigurer(U userDetailsService) {
 		this.userDetailsService = userDetailsService;
-		provider.setUserDetailsService(userDetailsService);
+		this.provider.setUserDetailsService(userDetailsService);
 		if (userDetailsService instanceof UserDetailsPasswordService) {
 			this.provider.setUserDetailsPasswordService((UserDetailsPasswordService) userDetailsService);
 		}
@@ -70,19 +70,19 @@ abstract class AbstractDaoAuthenticationConfigurer<B extends ProviderManagerBuil
 	 */
 	@SuppressWarnings("unchecked")
 	public C passwordEncoder(PasswordEncoder passwordEncoder) {
-		provider.setPasswordEncoder(passwordEncoder);
+		this.provider.setPasswordEncoder(passwordEncoder);
 		return (C) this;
 	}
 
 	public C userDetailsPasswordManager(UserDetailsPasswordService passwordManager) {
-		provider.setUserDetailsPasswordService(passwordManager);
+		this.provider.setUserDetailsPasswordService(passwordManager);
 		return (C) this;
 	}
 
 	@Override
 	public void configure(B builder) throws Exception {
-		provider = postProcess(provider);
-		builder.authenticationProvider(provider);
+		this.provider = postProcess(this.provider);
+		builder.authenticationProvider(this.provider);
 	}
 
 	/**
@@ -92,7 +92,7 @@ abstract class AbstractDaoAuthenticationConfigurer<B extends ProviderManagerBuil
 	 * {@link DaoAuthenticationProvider}
 	 */
 	public U getUserDetailsService() {
-		return userDetailsService;
+		return this.userDetailsService;
 	}
 
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/configuration/AutowireBeanFactoryObjectPostProcessor.java b/config/src/main/java/org/springframework/security/config/annotation/configuration/AutowireBeanFactoryObjectPostProcessor.java
index 5844af0506..a7348f28c8 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/configuration/AutowireBeanFactoryObjectPostProcessor.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/configuration/AutowireBeanFactoryObjectPostProcessor.java
@@ -91,7 +91,7 @@ final class AutowireBeanFactoryObjectPostProcessor
 	 */
 	@Override
 	public void afterSingletonsInstantiated() {
-		for (SmartInitializingSingleton singleton : smartSingletons) {
+		for (SmartInitializingSingleton singleton : this.smartSingletons) {
 			singleton.afterSingletonsInstantiated();
 		}
 	}
diff --git a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfiguration.java
index a63b33d511..d1f447f54d 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfiguration.java
@@ -136,12 +136,12 @@ public class GlobalMethodSecurityConfiguration implements ImportAware, SmartInit
 	public MethodInterceptor methodSecurityInterceptor(MethodSecurityMetadataSource methodSecurityMetadataSource) {
 		this.methodSecurityInterceptor = isAspectJ() ? new AspectJMethodSecurityInterceptor()
 				: new MethodSecurityInterceptor();
-		methodSecurityInterceptor.setAccessDecisionManager(accessDecisionManager());
-		methodSecurityInterceptor.setAfterInvocationManager(afterInvocationManager());
-		methodSecurityInterceptor.setSecurityMetadataSource(methodSecurityMetadataSource);
+		this.methodSecurityInterceptor.setAccessDecisionManager(accessDecisionManager());
+		this.methodSecurityInterceptor.setAfterInvocationManager(afterInvocationManager());
+		this.methodSecurityInterceptor.setSecurityMetadataSource(methodSecurityMetadataSource);
 		RunAsManager runAsManager = runAsManager();
 		if (runAsManager != null) {
-			methodSecurityInterceptor.setRunAsManager(runAsManager);
+			this.methodSecurityInterceptor.setRunAsManager(runAsManager);
 		}
 
 		return this.methodSecurityInterceptor;
@@ -185,7 +185,7 @@ public class GlobalMethodSecurityConfiguration implements ImportAware, SmartInit
 
 	private <T> T getSingleBeanOrNull(Class<T> type) {
 		try {
-			return context.getBean(type);
+			return this.context.getBean(type);
 		}
 		catch (NoSuchBeanDefinitionException e) {
 		}
@@ -279,7 +279,7 @@ public class GlobalMethodSecurityConfiguration implements ImportAware, SmartInit
 	 * @return the {@link MethodSecurityExpressionHandler} to use
 	 */
 	protected MethodSecurityExpressionHandler createExpressionHandler() {
-		return defaultMethodExpressionHandler;
+		return this.defaultMethodExpressionHandler;
 	}
 
 	/**
@@ -288,10 +288,10 @@ public class GlobalMethodSecurityConfiguration implements ImportAware, SmartInit
 	 * @return a non {@code null} {@link MethodSecurityExpressionHandler}
 	 */
 	protected final MethodSecurityExpressionHandler getExpressionHandler() {
-		if (expressionHandler == null) {
-			expressionHandler = createExpressionHandler();
+		if (this.expressionHandler == null) {
+			this.expressionHandler = createExpressionHandler();
 		}
-		return expressionHandler;
+		return this.expressionHandler;
 	}
 
 	/**
@@ -313,20 +313,20 @@ public class GlobalMethodSecurityConfiguration implements ImportAware, SmartInit
 	 * @return the {@link AuthenticationManager} to use
 	 */
 	protected AuthenticationManager authenticationManager() throws Exception {
-		if (authenticationManager == null) {
-			DefaultAuthenticationEventPublisher eventPublisher = objectPostProcessor
+		if (this.authenticationManager == null) {
+			DefaultAuthenticationEventPublisher eventPublisher = this.objectPostProcessor
 					.postProcess(new DefaultAuthenticationEventPublisher());
-			auth = new AuthenticationManagerBuilder(objectPostProcessor);
-			auth.authenticationEventPublisher(eventPublisher);
-			configure(auth);
-			if (disableAuthenticationRegistry) {
-				authenticationManager = getAuthenticationConfiguration().getAuthenticationManager();
+			this.auth = new AuthenticationManagerBuilder(this.objectPostProcessor);
+			this.auth.authenticationEventPublisher(eventPublisher);
+			configure(this.auth);
+			if (this.disableAuthenticationRegistry) {
+				this.authenticationManager = getAuthenticationConfiguration().getAuthenticationManager();
 			}
 			else {
-				authenticationManager = auth.build();
+				this.authenticationManager = this.auth.build();
 			}
 		}
-		return authenticationManager;
+		return this.authenticationManager;
 	}
 
 	/**
@@ -405,13 +405,13 @@ public class GlobalMethodSecurityConfiguration implements ImportAware, SmartInit
 	public final void setImportMetadata(AnnotationMetadata importMetadata) {
 		Map<String, Object> annotationAttributes = importMetadata
 				.getAnnotationAttributes(EnableGlobalMethodSecurity.class.getName());
-		enableMethodSecurity = AnnotationAttributes.fromMap(annotationAttributes);
+		this.enableMethodSecurity = AnnotationAttributes.fromMap(annotationAttributes);
 	}
 
 	@Autowired(required = false)
 	public void setObjectPostProcessor(ObjectPostProcessor<Object> objectPostProcessor) {
 		this.objectPostProcessor = objectPostProcessor;
-		this.defaultMethodExpressionHandler = objectPostProcessor.postProcess(defaultMethodExpressionHandler);
+		this.defaultMethodExpressionHandler = objectPostProcessor.postProcess(this.defaultMethodExpressionHandler);
 	}
 
 	@Autowired(required = false)
@@ -429,7 +429,7 @@ public class GlobalMethodSecurityConfiguration implements ImportAware, SmartInit
 	}
 
 	private AuthenticationConfiguration getAuthenticationConfiguration() {
-		return context.getBean(AuthenticationConfiguration.class);
+		return this.context.getBean(AuthenticationConfiguration.class);
 	}
 
 	private boolean prePostEnabled() {
@@ -453,7 +453,7 @@ public class GlobalMethodSecurityConfiguration implements ImportAware, SmartInit
 	}
 
 	private AnnotationAttributes enableMethodSecurity() {
-		if (enableMethodSecurity == null) {
+		if (this.enableMethodSecurity == null) {
 			// if it is null look at this instance (i.e. a subclass was used)
 			EnableGlobalMethodSecurity methodSecurityAnnotation = AnnotationUtils.findAnnotation(getClass(),
 					EnableGlobalMethodSecurity.class);
diff --git a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecurityConfiguration.java
index be94a313d1..39ac8e362b 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecurityConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecurityConfiguration.java
@@ -54,7 +54,7 @@ class ReactiveMethodSecurityConfiguration implements ImportAware {
 	public MethodSecurityMetadataSourceAdvisor methodSecurityInterceptor(AbstractMethodSecurityMetadataSource source) {
 		MethodSecurityMetadataSourceAdvisor advisor = new MethodSecurityMetadataSourceAdvisor(
 				"securityMethodInterceptor", source, "methodMetadataSource");
-		advisor.setOrder(advisorOrder);
+		advisor.setOrder(this.advisorOrder);
 		return advisor;
 	}
 
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/builders/FilterComparator.java b/config/src/main/java/org/springframework/security/config/annotation/web/builders/FilterComparator.java
index a0a6ab37fb..85a5585ebe 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/builders/FilterComparator.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/builders/FilterComparator.java
@@ -74,27 +74,29 @@ final class FilterComparator implements Comparator<Filter>, Serializable {
 		put(CorsFilter.class, order.next());
 		put(CsrfFilter.class, order.next());
 		put(LogoutFilter.class, order.next());
-		filterToOrder.put("org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter",
+		this.filterToOrder.put(
+				"org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter",
 				order.next());
-		filterToOrder.put(
+		this.filterToOrder.put(
 				"org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationRequestFilter",
 				order.next());
 		put(X509AuthenticationFilter.class, order.next());
 		put(AbstractPreAuthenticatedProcessingFilter.class, order.next());
-		filterToOrder.put("org.springframework.security.cas.web.CasAuthenticationFilter", order.next());
-		filterToOrder.put("org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter",
+		this.filterToOrder.put("org.springframework.security.cas.web.CasAuthenticationFilter", order.next());
+		this.filterToOrder.put("org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter",
 				order.next());
-		filterToOrder.put(
+		this.filterToOrder.put(
 				"org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationFilter",
 				order.next());
 		put(UsernamePasswordAuthenticationFilter.class, order.next());
 		order.next(); // gh-8105
-		filterToOrder.put("org.springframework.security.openid.OpenIDAuthenticationFilter", order.next());
+		this.filterToOrder.put("org.springframework.security.openid.OpenIDAuthenticationFilter", order.next());
 		put(DefaultLoginPageGeneratingFilter.class, order.next());
 		put(DefaultLogoutPageGeneratingFilter.class, order.next());
 		put(ConcurrentSessionFilter.class, order.next());
 		put(DigestAuthenticationFilter.class, order.next());
-		filterToOrder.put("org.springframework.security.oauth2.server.resource.web.BearerTokenAuthenticationFilter",
+		this.filterToOrder.put(
+				"org.springframework.security.oauth2.server.resource.web.BearerTokenAuthenticationFilter",
 				order.next());
 		put(BasicAuthenticationFilter.class, order.next());
 		put(RequestCacheAwareFilter.class, order.next());
@@ -102,7 +104,7 @@ final class FilterComparator implements Comparator<Filter>, Serializable {
 		put(JaasApiIntegrationFilter.class, order.next());
 		put(RememberMeAuthenticationFilter.class, order.next());
 		put(AnonymousAuthenticationFilter.class, order.next());
-		filterToOrder.put("org.springframework.security.oauth2.client.web.OAuth2AuthorizationCodeGrantFilter",
+		this.filterToOrder.put("org.springframework.security.oauth2.client.web.OAuth2AuthorizationCodeGrantFilter",
 				order.next());
 		put(SessionManagementFilter.class, order.next());
 		put(ExceptionTranslationFilter.class, order.next());
@@ -174,7 +176,7 @@ final class FilterComparator implements Comparator<Filter>, Serializable {
 
 	private void put(Class<? extends Filter> filter, int position) {
 		String className = filter.getName();
-		filterToOrder.put(className, position);
+		this.filterToOrder.put(className, position);
 	}
 
 	/**
@@ -185,7 +187,7 @@ final class FilterComparator implements Comparator<Filter>, Serializable {
 	 */
 	private Integer getOrder(Class<?> clazz) {
 		while (clazz != null) {
-			Integer result = filterToOrder.get(clazz.getName());
+			Integer result = this.filterToOrder.get(clazz.getName());
 			if (result != null) {
 				return result;
 			}
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java b/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java
index b4936abec5..7c8ceeabc7 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java
@@ -2518,8 +2518,8 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 
 	@Override
 	protected DefaultSecurityFilterChain performBuild() {
-		filters.sort(comparator);
-		return new DefaultSecurityFilterChain(requestMatcher, filters);
+		this.filters.sort(this.comparator);
+		return new DefaultSecurityFilterChain(this.requestMatcher, this.filters);
 	}
 
 	/*
@@ -2557,7 +2557,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * addFilterAfter(javax .servlet.Filter, java.lang.Class)
 	 */
 	public HttpSecurity addFilterAfter(Filter filter, Class<? extends Filter> afterFilter) {
-		comparator.registerAfter(filter.getClass(), afterFilter);
+		this.comparator.registerAfter(filter.getClass(), afterFilter);
 		return addFilter(filter);
 	}
 
@@ -2568,7 +2568,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * addFilterBefore( javax.servlet.Filter, java.lang.Class)
 	 */
 	public HttpSecurity addFilterBefore(Filter filter, Class<? extends Filter> beforeFilter) {
-		comparator.registerBefore(filter.getClass(), beforeFilter);
+		this.comparator.registerBefore(filter.getClass(), beforeFilter);
 		return addFilter(filter);
 	}
 
@@ -2581,7 +2581,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 */
 	public HttpSecurity addFilter(Filter filter) {
 		Class<? extends Filter> filterClass = filter.getClass();
-		if (!comparator.isRegistered(filterClass)) {
+		if (!this.comparator.isRegistered(filterClass)) {
 			throw new IllegalArgumentException("The Filter class " + filterClass.getName()
 					+ " does not have a registered order and cannot be added without a specified order. Consider using addFilterBefore or addFilterAfter instead.");
 		}
@@ -2720,7 +2720,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * @return the {@link RequestMatcherConfigurer} for further customizations
 	 */
 	public RequestMatcherConfigurer requestMatchers() {
-		return requestMatcherConfigurer;
+		return this.requestMatcherConfigurer;
 	}
 
 	/**
@@ -2819,7 +2819,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * @return the {@link HttpSecurity} for further customizations
 	 */
 	public HttpSecurity requestMatchers(Customizer<RequestMatcherConfigurer> requestMatcherCustomizer) {
-		requestMatcherCustomizer.customize(requestMatcherConfigurer);
+		requestMatcherCustomizer.customize(this.requestMatcherConfigurer);
 		return HttpSecurity.this;
 	}
 
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/builders/WebSecurity.java b/config/src/main/java/org/springframework/security/config/annotation/web/builders/WebSecurity.java
index 34abe958f3..9bb3e2183c 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/builders/WebSecurity.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/builders/WebSecurity.java
@@ -101,7 +101,7 @@ public final class WebSecurity extends AbstractConfiguredSecurityBuilder<Filter,
 
 	private DefaultWebSecurityExpressionHandler defaultWebSecurityExpressionHandler = new DefaultWebSecurityExpressionHandler();
 
-	private SecurityExpressionHandler<FilterInvocation> expressionHandler = defaultWebSecurityExpressionHandler;
+	private SecurityExpressionHandler<FilterInvocation> expressionHandler = this.defaultWebSecurityExpressionHandler;
 
 	private Runnable postBuildAction = () -> {
 	};
@@ -156,7 +156,7 @@ public final class WebSecurity extends AbstractConfiguredSecurityBuilder<Filter,
 	 * should be ignored
 	 */
 	public IgnoredRequestConfigurer ignoring() {
-		return ignoredRequestRegistry;
+		return this.ignoredRequestRegistry;
 	}
 
 	/**
@@ -230,7 +230,7 @@ public final class WebSecurity extends AbstractConfiguredSecurityBuilder<Filter,
 	 * @return the {@link SecurityExpressionHandler} for further customizations
 	 */
 	public SecurityExpressionHandler<FilterInvocation> getExpressionHandler() {
-		return expressionHandler;
+		return this.expressionHandler;
 	}
 
 	/**
@@ -238,11 +238,11 @@ public final class WebSecurity extends AbstractConfiguredSecurityBuilder<Filter,
 	 * @return the {@link WebInvocationPrivilegeEvaluator} for further customizations
 	 */
 	public WebInvocationPrivilegeEvaluator getPrivilegeEvaluator() {
-		if (privilegeEvaluator != null) {
-			return privilegeEvaluator;
+		if (this.privilegeEvaluator != null) {
+			return this.privilegeEvaluator;
 		}
-		return filterSecurityInterceptor == null ? null
-				: new DefaultWebInvocationPrivilegeEvaluator(filterSecurityInterceptor);
+		return this.filterSecurityInterceptor == null ? null
+				: new DefaultWebInvocationPrivilegeEvaluator(this.filterSecurityInterceptor);
 	}
 
 	/**
@@ -268,39 +268,39 @@ public final class WebSecurity extends AbstractConfiguredSecurityBuilder<Filter,
 
 	@Override
 	protected Filter performBuild() throws Exception {
-		Assert.state(!securityFilterChainBuilders.isEmpty(),
+		Assert.state(!this.securityFilterChainBuilders.isEmpty(),
 				() -> "At least one SecurityBuilder<? extends SecurityFilterChain> needs to be specified. "
 						+ "Typically this is done by exposing a SecurityFilterChain bean "
 						+ "or by adding a @Configuration that extends WebSecurityConfigurerAdapter. "
 						+ "More advanced users can invoke " + WebSecurity.class.getSimpleName()
 						+ ".addSecurityFilterChainBuilder directly");
-		int chainSize = ignoredRequests.size() + securityFilterChainBuilders.size();
+		int chainSize = this.ignoredRequests.size() + this.securityFilterChainBuilders.size();
 		List<SecurityFilterChain> securityFilterChains = new ArrayList<>(chainSize);
-		for (RequestMatcher ignoredRequest : ignoredRequests) {
+		for (RequestMatcher ignoredRequest : this.ignoredRequests) {
 			securityFilterChains.add(new DefaultSecurityFilterChain(ignoredRequest));
 		}
-		for (SecurityBuilder<? extends SecurityFilterChain> securityFilterChainBuilder : securityFilterChainBuilders) {
+		for (SecurityBuilder<? extends SecurityFilterChain> securityFilterChainBuilder : this.securityFilterChainBuilders) {
 			securityFilterChains.add(securityFilterChainBuilder.build());
 		}
 		FilterChainProxy filterChainProxy = new FilterChainProxy(securityFilterChains);
-		if (httpFirewall != null) {
-			filterChainProxy.setFirewall(httpFirewall);
+		if (this.httpFirewall != null) {
+			filterChainProxy.setFirewall(this.httpFirewall);
 		}
-		if (requestRejectedHandler != null) {
-			filterChainProxy.setRequestRejectedHandler(requestRejectedHandler);
+		if (this.requestRejectedHandler != null) {
+			filterChainProxy.setRequestRejectedHandler(this.requestRejectedHandler);
 		}
 		filterChainProxy.afterPropertiesSet();
 
 		Filter result = filterChainProxy;
-		if (debugEnabled) {
-			logger.warn("\n\n" + "********************************************************************\n"
+		if (this.debugEnabled) {
+			this.logger.warn("\n\n" + "********************************************************************\n"
 					+ "**********        Security debugging is enabled.       *************\n"
 					+ "**********    This may include sensitive information.  *************\n"
 					+ "**********      Do not use in a production system!     *************\n"
 					+ "********************************************************************\n\n");
 			result = new DebugFilter(filterChainProxy);
 		}
-		postBuildAction.run();
+		this.postBuildAction.run();
 		return result;
 	}
 
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/AutowiredWebSecurityConfigurersIgnoreParents.java b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/AutowiredWebSecurityConfigurersIgnoreParents.java
index 012c0fec66..5aca276c39 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/AutowiredWebSecurityConfigurersIgnoreParents.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/AutowiredWebSecurityConfigurersIgnoreParents.java
@@ -48,7 +48,7 @@ final class AutowiredWebSecurityConfigurersIgnoreParents {
 	@SuppressWarnings({ "rawtypes", "unchecked" })
 	public List<SecurityConfigurer<Filter, WebSecurity>> getWebSecurityConfigurers() {
 		List<SecurityConfigurer<Filter, WebSecurity>> webSecurityConfigurers = new ArrayList<>();
-		Map<String, WebSecurityConfigurer> beansOfType = beanFactory.getBeansOfType(WebSecurityConfigurer.class);
+		Map<String, WebSecurityConfigurer> beansOfType = this.beanFactory.getBeansOfType(WebSecurityConfigurer.class);
 		for (Entry<String, WebSecurityConfigurer> entry : beansOfType.entrySet()) {
 			webSecurityConfigurers.add(entry.getValue());
 		}
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfiguration.java
index b7ef0c280c..1a38a58bf0 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfiguration.java
@@ -85,7 +85,7 @@ class HttpSecurityConfiguration {
 				this.objectPostProcessor, passwordEncoder);
 		authenticationBuilder.parentAuthenticationManager(authenticationManager());
 
-		HttpSecurity http = new HttpSecurity(objectPostProcessor, authenticationBuilder, createSharedObjects());
+		HttpSecurity http = new HttpSecurity(this.objectPostProcessor, authenticationBuilder, createSharedObjects());
 		http.csrf(withDefaults()).addFilter(new WebAsyncManagerIntegrationFilter()).exceptionHandling(withDefaults())
 				.headers(withDefaults()).sessionManagement(withDefaults()).securityContext(withDefaults())
 				.requestCache(withDefaults()).anonymous(withDefaults()).servletApi(withDefaults())
@@ -105,7 +105,7 @@ class HttpSecurityConfiguration {
 
 	private Map<Class<?>, Object> createSharedObjects() {
 		Map<Class<?>, Object> sharedObjects = new HashMap<>();
-		sharedObjects.put(ApplicationContext.class, context);
+		sharedObjects.put(ApplicationContext.class, this.context);
 		return sharedObjects;
 	}
 
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebMvcSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebMvcSecurityConfiguration.java
index 3e6487a08e..445ba5e020 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebMvcSecurityConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebMvcSecurityConfiguration.java
@@ -53,13 +53,13 @@ class WebMvcSecurityConfiguration implements WebMvcConfigurer, ApplicationContex
 	@SuppressWarnings("deprecation")
 	public void addArgumentResolvers(List<HandlerMethodArgumentResolver> argumentResolvers) {
 		AuthenticationPrincipalArgumentResolver authenticationPrincipalResolver = new AuthenticationPrincipalArgumentResolver();
-		authenticationPrincipalResolver.setBeanResolver(beanResolver);
+		authenticationPrincipalResolver.setBeanResolver(this.beanResolver);
 		argumentResolvers.add(authenticationPrincipalResolver);
 		argumentResolvers
 				.add(new org.springframework.security.web.bind.support.AuthenticationPrincipalArgumentResolver());
 
 		CurrentSecurityContextArgumentResolver currentSecurityContextArgumentResolver = new CurrentSecurityContextArgumentResolver();
-		currentSecurityContextArgumentResolver.setBeanResolver(beanResolver);
+		currentSecurityContextArgumentResolver.setBeanResolver(this.beanResolver);
 		argumentResolvers.add(currentSecurityContextArgumentResolver);
 		argumentResolvers.add(new CsrfTokenArgumentResolver());
 	}
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.java
index 4fe4959cdd..73c62f6896 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.java
@@ -88,7 +88,7 @@ public class WebSecurityConfiguration implements ImportAware, BeanClassLoaderAwa
 	@Bean
 	@DependsOn(AbstractSecurityWebApplicationInitializer.DEFAULT_FILTER_NAME)
 	public SecurityExpressionHandler<FilterInvocation> webSecurityExpressionHandler() {
-		return webSecurity.getExpressionHandler();
+		return this.webSecurity.getExpressionHandler();
 	}
 
 	/**
@@ -98,28 +98,28 @@ public class WebSecurityConfiguration implements ImportAware, BeanClassLoaderAwa
 	 */
 	@Bean(name = AbstractSecurityWebApplicationInitializer.DEFAULT_FILTER_NAME)
 	public Filter springSecurityFilterChain() throws Exception {
-		boolean hasConfigurers = webSecurityConfigurers != null && !webSecurityConfigurers.isEmpty();
-		boolean hasFilterChain = !securityFilterChains.isEmpty();
+		boolean hasConfigurers = this.webSecurityConfigurers != null && !this.webSecurityConfigurers.isEmpty();
+		boolean hasFilterChain = !this.securityFilterChains.isEmpty();
 		if (hasConfigurers && hasFilterChain) {
 			throw new IllegalStateException(
 					"Found WebSecurityConfigurerAdapter as well as SecurityFilterChain." + "Please select just one.");
 		}
 		if (!hasConfigurers && !hasFilterChain) {
-			WebSecurityConfigurerAdapter adapter = objectObjectPostProcessor
+			WebSecurityConfigurerAdapter adapter = this.objectObjectPostProcessor
 					.postProcess(new WebSecurityConfigurerAdapter() {
 					});
-			webSecurity.apply(adapter);
+			this.webSecurity.apply(adapter);
 		}
-		for (SecurityFilterChain securityFilterChain : securityFilterChains) {
-			webSecurity.addSecurityFilterChainBuilder(() -> securityFilterChain);
+		for (SecurityFilterChain securityFilterChain : this.securityFilterChains) {
+			this.webSecurity.addSecurityFilterChainBuilder(() -> securityFilterChain);
 			for (Filter filter : securityFilterChain.getFilters()) {
 				if (filter instanceof FilterSecurityInterceptor) {
-					webSecurity.securityInterceptor((FilterSecurityInterceptor) filter);
+					this.webSecurity.securityInterceptor((FilterSecurityInterceptor) filter);
 					break;
 				}
 			}
 		}
-		return webSecurity.build();
+		return this.webSecurity.build();
 	}
 
 	/**
@@ -130,7 +130,7 @@ public class WebSecurityConfiguration implements ImportAware, BeanClassLoaderAwa
 	@Bean
 	@DependsOn(AbstractSecurityWebApplicationInitializer.DEFAULT_FILTER_NAME)
 	public WebInvocationPrivilegeEvaluator privilegeEvaluator() {
-		return webSecurity.getPrivilegeEvaluator();
+		return this.webSecurity.getPrivilegeEvaluator();
 	}
 
 	/**
@@ -147,9 +147,9 @@ public class WebSecurityConfiguration implements ImportAware, BeanClassLoaderAwa
 	public void setFilterChainProxySecurityConfigurer(ObjectPostProcessor<Object> objectPostProcessor,
 			@Value("#{@autowiredWebSecurityConfigurersIgnoreParents.getWebSecurityConfigurers()}") List<SecurityConfigurer<Filter, WebSecurity>> webSecurityConfigurers)
 			throws Exception {
-		webSecurity = objectPostProcessor.postProcess(new WebSecurity(objectPostProcessor));
-		if (debugEnabled != null) {
-			webSecurity.debug(debugEnabled);
+		this.webSecurity = objectPostProcessor.postProcess(new WebSecurity(objectPostProcessor));
+		if (this.debugEnabled != null) {
+			this.webSecurity.debug(this.debugEnabled);
 		}
 
 		webSecurityConfigurers.sort(AnnotationAwareOrderComparator.INSTANCE);
@@ -166,7 +166,7 @@ public class WebSecurityConfiguration implements ImportAware, BeanClassLoaderAwa
 			previousConfig = config;
 		}
 		for (SecurityConfigurer<Filter, WebSecurity> webSecurityConfigurer : webSecurityConfigurers) {
-			webSecurity.apply(webSecurityConfigurer);
+			this.webSecurity.apply(webSecurityConfigurer);
 		}
 		this.webSecurityConfigurers = webSecurityConfigurers;
 	}
@@ -231,9 +231,9 @@ public class WebSecurityConfiguration implements ImportAware, BeanClassLoaderAwa
 		Map<String, Object> enableWebSecurityAttrMap = importMetadata
 				.getAnnotationAttributes(EnableWebSecurity.class.getName());
 		AnnotationAttributes enableWebSecurityAttrs = AnnotationAttributes.fromMap(enableWebSecurityAttrMap);
-		debugEnabled = enableWebSecurityAttrs.getBoolean("debug");
-		if (webSecurity != null) {
-			webSecurity.debug(debugEnabled);
+		this.debugEnabled = enableWebSecurityAttrs.getBoolean("debug");
+		if (this.webSecurity != null) {
+			this.webSecurity.debug(this.debugEnabled);
 		}
 	}
 
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurerAdapter.java b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurerAdapter.java
index 1125884f2f..27404b9486 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurerAdapter.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurerAdapter.java
@@ -195,21 +195,21 @@ public abstract class WebSecurityConfigurerAdapter implements WebSecurityConfigu
 	 */
 	@SuppressWarnings({ "rawtypes", "unchecked" })
 	protected final HttpSecurity getHttp() throws Exception {
-		if (http != null) {
-			return http;
+		if (this.http != null) {
+			return this.http;
 		}
 
 		AuthenticationEventPublisher eventPublisher = getAuthenticationEventPublisher();
-		localConfigureAuthenticationBldr.authenticationEventPublisher(eventPublisher);
+		this.localConfigureAuthenticationBldr.authenticationEventPublisher(eventPublisher);
 
 		AuthenticationManager authenticationManager = authenticationManager();
-		authenticationBuilder.parentAuthenticationManager(authenticationManager);
+		this.authenticationBuilder.parentAuthenticationManager(authenticationManager);
 		Map<Class<?>, Object> sharedObjects = createSharedObjects();
 
-		http = new HttpSecurity(objectPostProcessor, authenticationBuilder, sharedObjects);
-		if (!disableDefaults) {
+		this.http = new HttpSecurity(this.objectPostProcessor, this.authenticationBuilder, sharedObjects);
+		if (!this.disableDefaults) {
 			// @formatter:off
-			http
+			this.http
 				.csrf().and()
 				.addFilter(new WebAsyncManagerIntegrationFilter())
 				.exceptionHandling().and()
@@ -227,11 +227,11 @@ public abstract class WebSecurityConfigurerAdapter implements WebSecurityConfigu
 					.loadFactories(AbstractHttpConfigurer.class, classLoader);
 
 			for (AbstractHttpConfigurer configurer : defaultHttpConfigurers) {
-				http.apply(configurer);
+				this.http.apply(configurer);
 			}
 		}
-		configure(http);
-		return http;
+		configure(this.http);
+		return this.http;
 	}
 
 	/**
@@ -250,7 +250,7 @@ public abstract class WebSecurityConfigurerAdapter implements WebSecurityConfigu
 	 * @throws Exception
 	 */
 	public AuthenticationManager authenticationManagerBean() throws Exception {
-		return new AuthenticationManagerDelegator(authenticationBuilder, context);
+		return new AuthenticationManagerDelegator(this.authenticationBuilder, this.context);
 	}
 
 	/**
@@ -262,17 +262,17 @@ public abstract class WebSecurityConfigurerAdapter implements WebSecurityConfigu
 	 * @throws Exception
 	 */
 	protected AuthenticationManager authenticationManager() throws Exception {
-		if (!authenticationManagerInitialized) {
-			configure(localConfigureAuthenticationBldr);
-			if (disableLocalConfigureAuthenticationBldr) {
-				authenticationManager = authenticationConfiguration.getAuthenticationManager();
+		if (!this.authenticationManagerInitialized) {
+			configure(this.localConfigureAuthenticationBldr);
+			if (this.disableLocalConfigureAuthenticationBldr) {
+				this.authenticationManager = this.authenticationConfiguration.getAuthenticationManager();
 			}
 			else {
-				authenticationManager = localConfigureAuthenticationBldr.build();
+				this.authenticationManager = this.localConfigureAuthenticationBldr.build();
 			}
-			authenticationManagerInitialized = true;
+			this.authenticationManagerInitialized = true;
 		}
-		return authenticationManager;
+		return this.authenticationManager;
 	}
 
 	/**
@@ -296,8 +296,8 @@ public abstract class WebSecurityConfigurerAdapter implements WebSecurityConfigu
 	 * @see #userDetailsService()
 	 */
 	public UserDetailsService userDetailsServiceBean() throws Exception {
-		AuthenticationManagerBuilder globalAuthBuilder = context.getBean(AuthenticationManagerBuilder.class);
-		return new UserDetailsServiceDelegator(Arrays.asList(localConfigureAuthenticationBldr, globalAuthBuilder));
+		AuthenticationManagerBuilder globalAuthBuilder = this.context.getBean(AuthenticationManagerBuilder.class);
+		return new UserDetailsServiceDelegator(Arrays.asList(this.localConfigureAuthenticationBldr, globalAuthBuilder));
 	}
 
 	/**
@@ -308,8 +308,8 @@ public abstract class WebSecurityConfigurerAdapter implements WebSecurityConfigu
 	 * @return the {@link UserDetailsService} to use
 	 */
 	protected UserDetailsService userDetailsService() {
-		AuthenticationManagerBuilder globalAuthBuilder = context.getBean(AuthenticationManagerBuilder.class);
-		return new UserDetailsServiceDelegator(Arrays.asList(localConfigureAuthenticationBldr, globalAuthBuilder));
+		AuthenticationManagerBuilder globalAuthBuilder = this.context.getBean(AuthenticationManagerBuilder.class);
+		return new UserDetailsServiceDelegator(Arrays.asList(this.localConfigureAuthenticationBldr, globalAuthBuilder));
 	}
 
 	public void init(final WebSecurity web) throws Exception {
@@ -350,7 +350,7 @@ public abstract class WebSecurityConfigurerAdapter implements WebSecurityConfigu
 	 * @throws Exception if an error occurs
 	 */
 	protected void configure(HttpSecurity http) throws Exception {
-		logger.debug(
+		this.logger.debug(
 				"Using default configure(HttpSecurity). If subclassed this will potentially override subclass configure(HttpSecurity).");
 
 		// @formatter:off
@@ -378,20 +378,20 @@ public abstract class WebSecurityConfigurerAdapter implements WebSecurityConfigu
 		ObjectPostProcessor<Object> objectPostProcessor = context.getBean(ObjectPostProcessor.class);
 		LazyPasswordEncoder passwordEncoder = new LazyPasswordEncoder(context);
 
-		authenticationBuilder = new DefaultPasswordEncoderAuthenticationManagerBuilder(objectPostProcessor,
+		this.authenticationBuilder = new DefaultPasswordEncoderAuthenticationManagerBuilder(objectPostProcessor,
 				passwordEncoder);
-		localConfigureAuthenticationBldr = new DefaultPasswordEncoderAuthenticationManagerBuilder(objectPostProcessor,
-				passwordEncoder) {
+		this.localConfigureAuthenticationBldr = new DefaultPasswordEncoderAuthenticationManagerBuilder(
+				objectPostProcessor, passwordEncoder) {
 			@Override
 			public AuthenticationManagerBuilder eraseCredentials(boolean eraseCredentials) {
-				authenticationBuilder.eraseCredentials(eraseCredentials);
+				WebSecurityConfigurerAdapter.this.authenticationBuilder.eraseCredentials(eraseCredentials);
 				return super.eraseCredentials(eraseCredentials);
 			}
 
 			@Override
 			public AuthenticationManagerBuilder authenticationEventPublisher(
 					AuthenticationEventPublisher eventPublisher) {
-				authenticationBuilder.authenticationEventPublisher(eventPublisher);
+				WebSecurityConfigurerAdapter.this.authenticationBuilder.authenticationEventPublisher(eventPublisher);
 				return super.authenticationEventPublisher(eventPublisher);
 			}
 		};
@@ -430,11 +430,11 @@ public abstract class WebSecurityConfigurerAdapter implements WebSecurityConfigu
 	 */
 	private Map<Class<?>, Object> createSharedObjects() {
 		Map<Class<?>, Object> sharedObjects = new HashMap<>();
-		sharedObjects.putAll(localConfigureAuthenticationBldr.getSharedObjects());
+		sharedObjects.putAll(this.localConfigureAuthenticationBldr.getSharedObjects());
 		sharedObjects.put(UserDetailsService.class, userDetailsService());
-		sharedObjects.put(ApplicationContext.class, context);
-		sharedObjects.put(ContentNegotiationStrategy.class, contentNegotiationStrategy);
-		sharedObjects.put(AuthenticationTrustResolver.class, trustResolver);
+		sharedObjects.put(ApplicationContext.class, this.context);
+		sharedObjects.put(ContentNegotiationStrategy.class, this.contentNegotiationStrategy);
+		sharedObjects.put(AuthenticationTrustResolver.class, this.trustResolver);
 		return sharedObjects;
 	}
 
@@ -462,27 +462,27 @@ public abstract class WebSecurityConfigurerAdapter implements WebSecurityConfigu
 		}
 
 		public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
-			if (delegate != null) {
-				return delegate.loadUserByUsername(username);
+			if (this.delegate != null) {
+				return this.delegate.loadUserByUsername(username);
 			}
 
-			synchronized (delegateMonitor) {
-				if (delegate == null) {
-					for (AuthenticationManagerBuilder delegateBuilder : delegateBuilders) {
-						delegate = delegateBuilder.getDefaultUserDetailsService();
-						if (delegate != null) {
+			synchronized (this.delegateMonitor) {
+				if (this.delegate == null) {
+					for (AuthenticationManagerBuilder delegateBuilder : this.delegateBuilders) {
+						this.delegate = delegateBuilder.getDefaultUserDetailsService();
+						if (this.delegate != null) {
 							break;
 						}
 					}
 
-					if (delegate == null) {
+					if (this.delegate == null) {
 						throw new IllegalStateException("UserDetailsService is required.");
 					}
 					this.delegateBuilders = null;
 				}
 			}
 
-			return delegate.loadUserByUsername(username);
+			return this.delegate.loadUserByUsername(username);
 		}
 
 	}
@@ -509,24 +509,24 @@ public abstract class WebSecurityConfigurerAdapter implements WebSecurityConfigu
 			Field parentAuthMgrField = ReflectionUtils.findField(AuthenticationManagerBuilder.class,
 					"parentAuthenticationManager");
 			ReflectionUtils.makeAccessible(parentAuthMgrField);
-			beanNames = getAuthenticationManagerBeanNames(context);
-			validateBeanCycle(ReflectionUtils.getField(parentAuthMgrField, delegateBuilder), beanNames);
+			this.beanNames = getAuthenticationManagerBeanNames(context);
+			validateBeanCycle(ReflectionUtils.getField(parentAuthMgrField, delegateBuilder), this.beanNames);
 			this.delegateBuilder = delegateBuilder;
 		}
 
 		public Authentication authenticate(Authentication authentication) throws AuthenticationException {
-			if (delegate != null) {
-				return delegate.authenticate(authentication);
+			if (this.delegate != null) {
+				return this.delegate.authenticate(authentication);
 			}
 
-			synchronized (delegateMonitor) {
-				if (delegate == null) {
-					delegate = this.delegateBuilder.getObject();
+			synchronized (this.delegateMonitor) {
+				if (this.delegate == null) {
+					this.delegate = this.delegateBuilder.getObject();
 					this.delegateBuilder = null;
 				}
 			}
 
-			return delegate.authenticate(authentication);
+			return this.delegate.authenticate(authentication);
 		}
 
 		private static Set<String> getAuthenticationManagerBeanNames(ApplicationContext applicationContext) {
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractAuthenticationFilterConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractAuthenticationFilterConfigurer.java
index 5bec102392..a0f88c138c 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractAuthenticationFilterConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractAuthenticationFilterConfigurer.java
@@ -141,7 +141,7 @@ public abstract class AbstractAuthenticationFilterConfigurer<B extends HttpSecur
 	 */
 	public T loginProcessingUrl(String loginProcessingUrl) {
 		this.loginProcessingUrl = loginProcessingUrl;
-		authFilter.setRequiresAuthenticationRequestMatcher(createLoginProcessingUrlMatcher(loginProcessingUrl));
+		this.authFilter.setRequiresAuthenticationRequestMatcher(createLoginProcessingUrlMatcher(loginProcessingUrl));
 		return getSelf();
 	}
 
@@ -268,7 +268,7 @@ public abstract class AbstractAuthenticationFilterConfigurer<B extends HttpSecur
 	public void configure(B http) throws Exception {
 		PortMapper portMapper = http.getSharedObject(PortMapper.class);
 		if (portMapper != null) {
-			authenticationEntryPoint.setPortMapper(portMapper);
+			this.authenticationEntryPoint.setPortMapper(portMapper);
 		}
 
 		RequestCache requestCache = http.getSharedObject(RequestCache.class);
@@ -276,22 +276,22 @@ public abstract class AbstractAuthenticationFilterConfigurer<B extends HttpSecur
 			this.defaultSuccessHandler.setRequestCache(requestCache);
 		}
 
-		authFilter.setAuthenticationManager(http.getSharedObject(AuthenticationManager.class));
-		authFilter.setAuthenticationSuccessHandler(successHandler);
-		authFilter.setAuthenticationFailureHandler(failureHandler);
-		if (authenticationDetailsSource != null) {
-			authFilter.setAuthenticationDetailsSource(authenticationDetailsSource);
+		this.authFilter.setAuthenticationManager(http.getSharedObject(AuthenticationManager.class));
+		this.authFilter.setAuthenticationSuccessHandler(this.successHandler);
+		this.authFilter.setAuthenticationFailureHandler(this.failureHandler);
+		if (this.authenticationDetailsSource != null) {
+			this.authFilter.setAuthenticationDetailsSource(this.authenticationDetailsSource);
 		}
 		SessionAuthenticationStrategy sessionAuthenticationStrategy = http
 				.getSharedObject(SessionAuthenticationStrategy.class);
 		if (sessionAuthenticationStrategy != null) {
-			authFilter.setSessionAuthenticationStrategy(sessionAuthenticationStrategy);
+			this.authFilter.setSessionAuthenticationStrategy(sessionAuthenticationStrategy);
 		}
 		RememberMeServices rememberMeServices = http.getSharedObject(RememberMeServices.class);
 		if (rememberMeServices != null) {
-			authFilter.setRememberMeServices(rememberMeServices);
+			this.authFilter.setRememberMeServices(rememberMeServices);
 		}
-		F filter = postProcess(authFilter);
+		F filter = postProcess(this.authFilter);
 		http.addFilter(filter);
 	}
 
@@ -319,7 +319,7 @@ public abstract class AbstractAuthenticationFilterConfigurer<B extends HttpSecur
 	 * @return true if a custom login page has been specified, else false
 	 */
 	public final boolean isCustomLoginPage() {
-		return customLoginPage;
+		return this.customLoginPage;
 	}
 
 	/**
@@ -327,7 +327,7 @@ public abstract class AbstractAuthenticationFilterConfigurer<B extends HttpSecur
 	 * @return the Authentication Filter
 	 */
 	protected final F getAuthenticationFilter() {
-		return authFilter;
+		return this.authFilter;
 	}
 
 	/**
@@ -343,7 +343,7 @@ public abstract class AbstractAuthenticationFilterConfigurer<B extends HttpSecur
 	 * @return the login page
 	 */
 	protected final String getLoginPage() {
-		return loginPage;
+		return this.loginPage;
 	}
 
 	/**
@@ -351,7 +351,7 @@ public abstract class AbstractAuthenticationFilterConfigurer<B extends HttpSecur
 	 * @return the Authentication Entry Point
 	 */
 	protected final AuthenticationEntryPoint getAuthenticationEntryPoint() {
-		return authenticationEntryPoint;
+		return this.authenticationEntryPoint;
 	}
 
 	/**
@@ -360,7 +360,7 @@ public abstract class AbstractAuthenticationFilterConfigurer<B extends HttpSecur
 	 * @return the URL to submit an authentication request to
 	 */
 	protected final String getLoginProcessingUrl() {
-		return loginProcessingUrl;
+		return this.loginProcessingUrl;
 	}
 
 	/**
@@ -368,7 +368,7 @@ public abstract class AbstractAuthenticationFilterConfigurer<B extends HttpSecur
 	 * @return the URL to send users if authentication fails (e.g. "/login?error").
 	 */
 	protected final String getFailureUrl() {
-		return failureUrl;
+		return this.failureUrl;
 	}
 
 	/**
@@ -376,16 +376,16 @@ public abstract class AbstractAuthenticationFilterConfigurer<B extends HttpSecur
 	 * @throws Exception
 	 */
 	protected final void updateAuthenticationDefaults() {
-		if (loginProcessingUrl == null) {
-			loginProcessingUrl(loginPage);
+		if (this.loginProcessingUrl == null) {
+			loginProcessingUrl(this.loginPage);
 		}
-		if (failureHandler == null) {
-			failureUrl(loginPage + "?error");
+		if (this.failureHandler == null) {
+			failureUrl(this.loginPage + "?error");
 		}
 
 		final LogoutConfigurer<B> logoutConfigurer = getBuilder().getConfigurer(LogoutConfigurer.class);
 		if (logoutConfigurer != null && !logoutConfigurer.isCustomLogoutSuccess()) {
-			logoutConfigurer.logoutSuccessUrl(loginPage + "?logout");
+			logoutConfigurer.logoutSuccessUrl(this.loginPage + "?logout");
 		}
 	}
 
@@ -393,8 +393,8 @@ public abstract class AbstractAuthenticationFilterConfigurer<B extends HttpSecur
 	 * Updates the default values for access.
 	 */
 	protected final void updateAccessDefaults(B http) {
-		if (permitAll) {
-			PermitAllSupport.permitAll(http, loginPage, loginProcessingUrl, failureUrl);
+		if (this.permitAll) {
+			PermitAllSupport.permitAll(http, this.loginPage, this.loginProcessingUrl, this.failureUrl);
 		}
 	}
 
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractConfigAttributeRequestMatcherRegistry.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractConfigAttributeRequestMatcherRegistry.java
index 092681c195..cc3d26f1bd 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractConfigAttributeRequestMatcherRegistry.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractConfigAttributeRequestMatcherRegistry.java
@@ -48,7 +48,7 @@ public abstract class AbstractConfigAttributeRequestMatcherRegistry<C> extends A
 	 * {@link #chainRequestMatchers(java.util.List)}
 	 */
 	final List<UrlMapping> getUrlMappings() {
-		return urlMappings;
+		return this.urlMappings;
 	}
 
 	/**
@@ -100,8 +100,8 @@ public abstract class AbstractConfigAttributeRequestMatcherRegistry<C> extends A
 	 * {@link ConfigAttribute} instances. Cannot be null.
 	 */
 	final LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>> createRequestMap() {
-		if (unmappedMatchers != null) {
-			throw new IllegalStateException("An incomplete mapping was found for " + unmappedMatchers
+		if (this.unmappedMatchers != null) {
+			throw new IllegalStateException("An incomplete mapping was found for " + this.unmappedMatchers
 					+ ". Try completing it with something like requestUrls().<something>.hasRole('USER')");
 		}
 
@@ -130,11 +130,11 @@ public abstract class AbstractConfigAttributeRequestMatcherRegistry<C> extends A
 		}
 
 		public RequestMatcher getRequestMatcher() {
-			return requestMatcher;
+			return this.requestMatcher;
 		}
 
 		public Collection<ConfigAttribute> getConfigAttrs() {
-			return configAttrs;
+			return this.configAttrs;
 		}
 
 	}
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractInterceptUrlConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractInterceptUrlConfigurer.java
index aa8bb0c8ab..dd1d6bc749 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractInterceptUrlConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractInterceptUrlConfigurer.java
@@ -75,8 +75,8 @@ abstract class AbstractInterceptUrlConfigurer<C extends AbstractInterceptUrlConf
 		}
 		FilterSecurityInterceptor securityInterceptor = createFilterSecurityInterceptor(http, metadataSource,
 				http.getSharedObject(AuthenticationManager.class));
-		if (filterSecurityInterceptorOncePerRequest != null) {
-			securityInterceptor.setObserveOncePerRequest(filterSecurityInterceptorOncePerRequest);
+		if (this.filterSecurityInterceptorOncePerRequest != null) {
+			securityInterceptor.setObserveOncePerRequest(this.filterSecurityInterceptorOncePerRequest);
 		}
 		securityInterceptor = postProcess(securityInterceptor);
 		http.addFilter(securityInterceptor);
@@ -157,10 +157,10 @@ abstract class AbstractInterceptUrlConfigurer<C extends AbstractInterceptUrlConf
 	 * @return the {@link AccessDecisionManager} to use
 	 */
 	private AccessDecisionManager getAccessDecisionManager(H http) {
-		if (accessDecisionManager == null) {
-			accessDecisionManager = createDefaultAccessDecisionManager(http);
+		if (this.accessDecisionManager == null) {
+			this.accessDecisionManager = createDefaultAccessDecisionManager(http);
 		}
-		return accessDecisionManager;
+		return this.accessDecisionManager;
 	}
 
 	/**
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AnonymousConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AnonymousConfigurer.java
index 0f9c2b99b3..0f575e88b3 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AnonymousConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AnonymousConfigurer.java
@@ -140,27 +140,27 @@ public final class AnonymousConfigurer<H extends HttpSecurityBuilder<H>>
 
 	@Override
 	public void init(H http) {
-		if (authenticationProvider == null) {
-			authenticationProvider = new AnonymousAuthenticationProvider(getKey());
+		if (this.authenticationProvider == null) {
+			this.authenticationProvider = new AnonymousAuthenticationProvider(getKey());
 		}
-		if (authenticationFilter == null) {
-			authenticationFilter = new AnonymousAuthenticationFilter(getKey(), principal, authorities);
+		if (this.authenticationFilter == null) {
+			this.authenticationFilter = new AnonymousAuthenticationFilter(getKey(), this.principal, this.authorities);
 		}
-		authenticationProvider = postProcess(authenticationProvider);
-		http.authenticationProvider(authenticationProvider);
+		this.authenticationProvider = postProcess(this.authenticationProvider);
+		http.authenticationProvider(this.authenticationProvider);
 	}
 
 	@Override
 	public void configure(H http) {
-		authenticationFilter.afterPropertiesSet();
-		http.addFilter(authenticationFilter);
+		this.authenticationFilter.afterPropertiesSet();
+		http.addFilter(this.authenticationFilter);
 	}
 
 	private String getKey() {
-		if (key == null) {
-			key = UUID.randomUUID().toString();
+		if (this.key == null) {
+			this.key = UUID.randomUUID().toString();
 		}
-		return key;
+		return this.key;
 	}
 
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ChannelSecurityConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ChannelSecurityConfigurer.java
index 30d08a20c9..54369e6894 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ChannelSecurityConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ChannelSecurityConfigurer.java
@@ -96,7 +96,7 @@ public final class ChannelSecurityConfigurer<H extends HttpSecurityBuilder<H>>
 	}
 
 	public ChannelRequestMatcherRegistry getRegistry() {
-		return REGISTRY;
+		return this.REGISTRY;
 	}
 
 	@Override
@@ -105,19 +105,19 @@ public final class ChannelSecurityConfigurer<H extends HttpSecurityBuilder<H>>
 		channelDecisionManager.setChannelProcessors(getChannelProcessors(http));
 		channelDecisionManager = postProcess(channelDecisionManager);
 
-		channelFilter.setChannelDecisionManager(channelDecisionManager);
+		this.channelFilter.setChannelDecisionManager(channelDecisionManager);
 
 		DefaultFilterInvocationSecurityMetadataSource filterInvocationSecurityMetadataSource = new DefaultFilterInvocationSecurityMetadataSource(
-				requestMap);
-		channelFilter.setSecurityMetadataSource(filterInvocationSecurityMetadataSource);
+				this.requestMap);
+		this.channelFilter.setSecurityMetadataSource(filterInvocationSecurityMetadataSource);
 
-		channelFilter = postProcess(channelFilter);
-		http.addFilter(channelFilter);
+		this.channelFilter = postProcess(this.channelFilter);
+		http.addFilter(this.channelFilter);
 	}
 
 	private List<ChannelProcessor> getChannelProcessors(H http) {
-		if (channelProcessors != null) {
-			return channelProcessors;
+		if (this.channelProcessors != null) {
+			return this.channelProcessors;
 		}
 
 		InsecureChannelProcessor insecureChannelProcessor = new InsecureChannelProcessor();
@@ -141,9 +141,9 @@ public final class ChannelSecurityConfigurer<H extends HttpSecurityBuilder<H>>
 	private ChannelRequestMatcherRegistry addAttribute(String attribute, List<? extends RequestMatcher> matchers) {
 		for (RequestMatcher matcher : matchers) {
 			Collection<ConfigAttribute> attrs = Arrays.<ConfigAttribute>asList(new SecurityConfig(attribute));
-			requestMap.put(matcher, attrs);
+			this.requestMap.put(matcher, attrs);
 		}
-		return REGISTRY;
+		return this.REGISTRY;
 	}
 
 	public final class ChannelRequestMatcherRegistry
@@ -233,7 +233,7 @@ public final class ChannelSecurityConfigurer<H extends HttpSecurityBuilder<H>>
 		}
 
 		public ChannelRequestMatcherRegistry requires(String attribute) {
-			return addAttribute(attribute, requestMatchers);
+			return addAttribute(attribute, this.requestMatchers);
 		}
 
 	}
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/DefaultLoginPageConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/DefaultLoginPageConfigurer.java
index 0f373d4f8d..0e2d3567e1 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/DefaultLoginPageConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/DefaultLoginPageConfigurer.java
@@ -84,7 +84,7 @@ public final class DefaultLoginPageConfigurer<H extends HttpSecurityBuilder<H>>
 		};
 		this.loginPageGeneratingFilter.setResolveHiddenInputs(hiddenInputs);
 		this.logoutPageGeneratingFilter.setResolveHiddenInputs(hiddenInputs);
-		http.setSharedObject(DefaultLoginPageGeneratingFilter.class, loginPageGeneratingFilter);
+		http.setSharedObject(DefaultLoginPageGeneratingFilter.class, this.loginPageGeneratingFilter);
 	}
 
 	@Override
@@ -96,9 +96,9 @@ public final class DefaultLoginPageConfigurer<H extends HttpSecurityBuilder<H>>
 			authenticationEntryPoint = exceptionConf.getAuthenticationEntryPoint();
 		}
 
-		if (loginPageGeneratingFilter.isEnabled() && authenticationEntryPoint == null) {
-			loginPageGeneratingFilter = postProcess(loginPageGeneratingFilter);
-			http.addFilter(loginPageGeneratingFilter);
+		if (this.loginPageGeneratingFilter.isEnabled() && authenticationEntryPoint == null) {
+			this.loginPageGeneratingFilter = postProcess(this.loginPageGeneratingFilter);
+			http.addFilter(this.loginPageGeneratingFilter);
 			http.addFilter(this.logoutPageGeneratingFilter);
 		}
 	}
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurer.java
index 8d14c69455..d75c6d44b4 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurer.java
@@ -106,7 +106,7 @@ public final class ExpressionUrlAuthorizationConfigurer<H extends HttpSecurityBu
 	}
 
 	public ExpressionInterceptUrlRegistry getRegistry() {
-		return REGISTRY;
+		return this.REGISTRY;
 	}
 
 	public final class ExpressionInterceptUrlRegistry extends
@@ -175,7 +175,7 @@ public final class ExpressionUrlAuthorizationConfigurer<H extends HttpSecurityBu
 	private void interceptUrl(Iterable<? extends RequestMatcher> requestMatchers,
 			Collection<ConfigAttribute> configAttributes) {
 		for (RequestMatcher requestMatcher : requestMatchers) {
-			REGISTRY.addMapping(
+			this.REGISTRY.addMapping(
 					new AbstractConfigAttributeRequestMatcherRegistry.UrlMapping(requestMatcher, configAttributes));
 		}
 	}
@@ -192,7 +192,7 @@ public final class ExpressionUrlAuthorizationConfigurer<H extends HttpSecurityBu
 
 	@Override
 	ExpressionBasedFilterInvocationSecurityMetadataSource createMetadataSource(H http) {
-		LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>> requestMap = REGISTRY.createRequestMap();
+		LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>> requestMap = this.REGISTRY.createRequestMap();
 		if (requestMap.isEmpty()) {
 			throw new IllegalStateException(
 					"At least one mapping is required (i.e. authorizeRequests().anyRequest().authenticated())");
@@ -201,7 +201,7 @@ public final class ExpressionUrlAuthorizationConfigurer<H extends HttpSecurityBu
 	}
 
 	private SecurityExpressionHandler<FilterInvocation> getExpressionHandler(H http) {
-		if (expressionHandler == null) {
+		if (this.expressionHandler == null) {
 			DefaultWebSecurityExpressionHandler defaultHandler = new DefaultWebSecurityExpressionHandler();
 			AuthenticationTrustResolver trustResolver = http.getSharedObject(AuthenticationTrustResolver.class);
 			if (trustResolver != null) {
@@ -228,10 +228,10 @@ public final class ExpressionUrlAuthorizationConfigurer<H extends HttpSecurityBu
 				}
 			}
 
-			expressionHandler = postProcess(defaultHandler);
+			this.expressionHandler = postProcess(defaultHandler);
 		}
 
-		return expressionHandler;
+		return this.expressionHandler;
 	}
 
 	private static String hasAnyRole(String... authorities) {
@@ -439,10 +439,10 @@ public final class ExpressionUrlAuthorizationConfigurer<H extends HttpSecurityBu
 		 * customization
 		 */
 		public ExpressionInterceptUrlRegistry access(String attribute) {
-			if (not) {
+			if (this.not) {
 				attribute = "!" + attribute;
 			}
-			interceptUrl(requestMatchers, SecurityConfig.createList(attribute));
+			interceptUrl(this.requestMatchers, SecurityConfig.createList(attribute));
 			return ExpressionUrlAuthorizationConfigurer.this.REGISTRY;
 		}
 
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurer.java
index 28e1c87b63..5c9e997931 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurer.java
@@ -125,7 +125,7 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 	 * @return the {@link ContentTypeOptionsConfig} for additional customizations
 	 */
 	public ContentTypeOptionsConfig contentTypeOptions() {
-		return contentTypeOptions.enable();
+		return this.contentTypeOptions.enable();
 	}
 
 	/**
@@ -141,7 +141,7 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 	 * @return the {@link HeadersConfigurer} for additional customizations
 	 */
 	public HeadersConfigurer<H> contentTypeOptions(Customizer<ContentTypeOptionsConfig> contentTypeOptionsCustomizer) {
-		contentTypeOptionsCustomizer.customize(contentTypeOptions.enable());
+		contentTypeOptionsCustomizer.customize(this.contentTypeOptions.enable());
 		return HeadersConfigurer.this;
 	}
 
@@ -158,7 +158,7 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 		 * @return {@link HeadersConfigurer} for additional customization.
 		 */
 		public HeadersConfigurer<H> disable() {
-			writer = null;
+			this.writer = null;
 			return and();
 		}
 
@@ -175,8 +175,8 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 		 * @return the {@link ContentTypeOptionsConfig} for additional customization
 		 */
 		private ContentTypeOptionsConfig enable() {
-			if (writer == null) {
-				writer = new XContentTypeOptionsHeaderWriter();
+			if (this.writer == null) {
+				this.writer = new XContentTypeOptionsHeaderWriter();
 			}
 			return this;
 		}
@@ -194,7 +194,7 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 	 * @return the {@link XXssConfig} for additional customizations
 	 */
 	public XXssConfig xssProtection() {
-		return xssProtection.enable();
+		return this.xssProtection.enable();
 	}
 
 	/**
@@ -210,7 +210,7 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 	 * @return the {@link HeadersConfigurer} for additional customizations
 	 */
 	public HeadersConfigurer<H> xssProtection(Customizer<XXssConfig> xssCustomizer) {
-		xssCustomizer.customize(xssProtection.enable());
+		xssCustomizer.customize(this.xssProtection.enable());
 		return HeadersConfigurer.this;
 	}
 
@@ -228,7 +228,7 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 		 * @param enabled the new value
 		 */
 		public XXssConfig block(boolean enabled) {
-			writer.setBlock(enabled);
+			this.writer.setBlock(enabled);
 			return this;
 		}
 
@@ -256,7 +256,7 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 		 * @param enabled the new value
 		 */
 		public XXssConfig xssProtectionEnabled(boolean enabled) {
-			writer.setEnabled(enabled);
+			this.writer.setEnabled(enabled);
 			return this;
 		}
 
@@ -265,7 +265,7 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 		 * @return the {@link HeadersConfigurer} for additional configuration
 		 */
 		public HeadersConfigurer<H> disable() {
-			writer = null;
+			this.writer = null;
 			return and();
 		}
 
@@ -283,8 +283,8 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 		 * @return the {@link XXssConfig} for additional customization
 		 */
 		private XXssConfig enable() {
-			if (writer == null) {
-				writer = new XXssProtectionHeaderWriter();
+			if (this.writer == null) {
+				this.writer = new XXssProtectionHeaderWriter();
 			}
 			return this;
 		}
@@ -302,7 +302,7 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 	 * @return the {@link CacheControlConfig} for additional customizations
 	 */
 	public CacheControlConfig cacheControl() {
-		return cacheControl.enable();
+		return this.cacheControl.enable();
 	}
 
 	/**
@@ -318,7 +318,7 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 	 * @return the {@link HeadersConfigurer} for additional customizations
 	 */
 	public HeadersConfigurer<H> cacheControl(Customizer<CacheControlConfig> cacheControlCustomizer) {
-		cacheControlCustomizer.customize(cacheControl.enable());
+		cacheControlCustomizer.customize(this.cacheControl.enable());
 		return HeadersConfigurer.this;
 	}
 
@@ -335,7 +335,7 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 		 * @return the {@link HeadersConfigurer} for additional configuration
 		 */
 		public HeadersConfigurer<H> disable() {
-			writer = null;
+			this.writer = null;
 			return HeadersConfigurer.this;
 		}
 
@@ -353,8 +353,8 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 		 * @return the {@link CacheControlConfig} for additional customization
 		 */
 		private CacheControlConfig enable() {
-			if (writer == null) {
-				writer = new CacheControlHeadersWriter();
+			if (this.writer == null) {
+				this.writer = new CacheControlHeadersWriter();
 			}
 			return this;
 		}
@@ -368,7 +368,7 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 	 * @return the {@link HstsConfig} for additional customizations
 	 */
 	public HstsConfig httpStrictTransportSecurity() {
-		return hsts.enable();
+		return this.hsts.enable();
 	}
 
 	/**
@@ -380,7 +380,7 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 	 * @return the {@link HeadersConfigurer} for additional customizations
 	 */
 	public HeadersConfigurer<H> httpStrictTransportSecurity(Customizer<HstsConfig> hstsCustomizer) {
-		hstsCustomizer.customize(hsts.enable());
+		hstsCustomizer.customize(this.hsts.enable());
 		return HeadersConfigurer.this;
 	}
 
@@ -409,7 +409,7 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 		 * @throws IllegalArgumentException if maxAgeInSeconds is negative
 		 */
 		public HstsConfig maxAgeInSeconds(long maxAgeInSeconds) {
-			writer.setMaxAgeInSeconds(maxAgeInSeconds);
+			this.writer.setMaxAgeInSeconds(maxAgeInSeconds);
 			return this;
 		}
 
@@ -422,7 +422,7 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 		 * @throws IllegalArgumentException if {@link RequestMatcher} is null
 		 */
 		public HstsConfig requestMatcher(RequestMatcher requestMatcher) {
-			writer.setRequestMatcher(requestMatcher);
+			this.writer.setRequestMatcher(requestMatcher);
 			return this;
 		}
 
@@ -438,7 +438,7 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 		 * @param includeSubDomains true to include subdomains, else false
 		 */
 		public HstsConfig includeSubDomains(boolean includeSubDomains) {
-			writer.setIncludeSubDomains(includeSubDomains);
+			this.writer.setIncludeSubDomains(includeSubDomains);
 			return this;
 		}
 
@@ -456,7 +456,7 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 		 * @author Ankur Pathak
 		 */
 		public HstsConfig preload(boolean preload) {
-			writer.setPreload(preload);
+			this.writer.setPreload(preload);
 			return this;
 		}
 
@@ -465,7 +465,7 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 		 * @return the {@link HeadersConfigurer} for additional configuration
 		 */
 		public HeadersConfigurer<H> disable() {
-			writer = null;
+			this.writer = null;
 			return HeadersConfigurer.this;
 		}
 
@@ -483,8 +483,8 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 		 * @return the {@link HstsConfig} for additional customization
 		 */
 		private HstsConfig enable() {
-			if (writer == null) {
-				writer = new HstsHeaderWriter();
+			if (this.writer == null) {
+				this.writer = new HstsHeaderWriter();
 			}
 			return this;
 		}
@@ -496,7 +496,7 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 	 * @return the {@link FrameOptionsConfig} for additional customizations
 	 */
 	public FrameOptionsConfig frameOptions() {
-		return frameOptions.enable();
+		return this.frameOptions.enable();
 	}
 
 	/**
@@ -506,7 +506,7 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 	 * @return the {@link HeadersConfigurer} for additional customizations
 	 */
 	public HeadersConfigurer<H> frameOptions(Customizer<FrameOptionsConfig> frameOptionsCustomizer) {
-		frameOptionsCustomizer.customize(frameOptions.enable());
+		frameOptionsCustomizer.customize(this.frameOptions.enable());
 		return HeadersConfigurer.this;
 	}
 
@@ -523,7 +523,7 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 		 * @return the {@link HeadersConfigurer} for additional customization.
 		 */
 		public HeadersConfigurer<H> deny() {
-			writer = new XFrameOptionsHeaderWriter(XFrameOptionsMode.DENY);
+			this.writer = new XFrameOptionsHeaderWriter(XFrameOptionsMode.DENY);
 			return and();
 		}
 
@@ -537,7 +537,7 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 		 * @return the {@link HeadersConfigurer} for additional customization.
 		 */
 		public HeadersConfigurer<H> sameOrigin() {
-			writer = new XFrameOptionsHeaderWriter(XFrameOptionsMode.SAMEORIGIN);
+			this.writer = new XFrameOptionsHeaderWriter(XFrameOptionsMode.SAMEORIGIN);
 			return and();
 		}
 
@@ -546,7 +546,7 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 		 * @return the {@link HeadersConfigurer} for additional configuration.
 		 */
 		public HeadersConfigurer<H> disable() {
-			writer = null;
+			this.writer = null;
 			return and();
 		}
 
@@ -563,8 +563,8 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 		 * @return the FrameOptionsConfig for additional customization.
 		 */
 		private FrameOptionsConfig enable() {
-			if (writer == null) {
-				writer = new XFrameOptionsHeaderWriter(XFrameOptionsMode.DENY);
+			if (this.writer == null) {
+				this.writer = new XFrameOptionsHeaderWriter(XFrameOptionsMode.DENY);
 			}
 			return this;
 		}
@@ -579,7 +579,7 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 	 * @since 4.1
 	 */
 	public HpkpConfig httpPublicKeyPinning() {
-		return hpkp.enable();
+		return this.hpkp.enable();
 	}
 
 	/**
@@ -590,7 +590,7 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 	 * @return the {@link HeadersConfigurer} for additional customizations
 	 */
 	public HeadersConfigurer<H> httpPublicKeyPinning(Customizer<HpkpConfig> hpkpCustomizer) {
-		hpkpCustomizer.customize(hpkp.enable());
+		hpkpCustomizer.customize(this.hpkp.enable());
 		return HeadersConfigurer.this;
 	}
 
@@ -617,7 +617,7 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 		 * @throws IllegalArgumentException if pins is null
 		 */
 		public HpkpConfig withPins(Map<String, String> pins) {
-			writer.setPins(pins);
+			this.writer.setPins(pins);
 			return this;
 		}
 
@@ -637,7 +637,7 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 		 * @throws IllegalArgumentException if a pin is null
 		 */
 		public HpkpConfig addSha256Pins(String... pins) {
-			writer.addSha256Pins(pins);
+			this.writer.addSha256Pins(pins);
 			return this;
 		}
 
@@ -658,7 +658,7 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 		 * @throws IllegalArgumentException if maxAgeInSeconds is negative
 		 */
 		public HpkpConfig maxAgeInSeconds(long maxAgeInSeconds) {
-			writer.setMaxAgeInSeconds(maxAgeInSeconds);
+			this.writer.setMaxAgeInSeconds(maxAgeInSeconds);
 			return this;
 		}
 
@@ -675,7 +675,7 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 		 * @param includeSubDomains true to include subdomains, else false
 		 */
 		public HpkpConfig includeSubDomains(boolean includeSubDomains) {
-			writer.setIncludeSubDomains(includeSubDomains);
+			this.writer.setIncludeSubDomains(includeSubDomains);
 			return this;
 		}
 
@@ -692,7 +692,7 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 		 * @param reportOnly true to report only, else false
 		 */
 		public HpkpConfig reportOnly(boolean reportOnly) {
-			writer.setReportOnly(reportOnly);
+			this.writer.setReportOnly(reportOnly);
 			return this;
 		}
 
@@ -708,7 +708,7 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 		 * @param reportUri the URI where the browser should send the report to.
 		 */
 		public HpkpConfig reportUri(URI reportUri) {
-			writer.setReportUri(reportUri);
+			this.writer.setReportUri(reportUri);
 			return this;
 		}
 
@@ -725,7 +725,7 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 		 * @throws IllegalArgumentException if the reportUri is not a valid URI
 		 */
 		public HpkpConfig reportUri(String reportUri) {
-			writer.setReportUri(reportUri);
+			this.writer.setReportUri(reportUri);
 			return this;
 		}
 
@@ -734,7 +734,7 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 		 * @return the {@link HeadersConfigurer} for additional configuration.
 		 */
 		public HeadersConfigurer<H> disable() {
-			writer = null;
+			this.writer = null;
 			return and();
 		}
 
@@ -753,8 +753,8 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 		 * @return the {@link HstsConfig} for additional customization
 		 */
 		private HpkpConfig enable() {
-			if (writer == null) {
-				writer = new HpkpHeaderWriter();
+			if (this.writer == null) {
+				this.writer = new HpkpHeaderWriter();
 			}
 			return this;
 		}
@@ -788,7 +788,7 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 	 */
 	public ContentSecurityPolicyConfig contentSecurityPolicy(String policyDirectives) {
 		this.contentSecurityPolicy.writer = new ContentSecurityPolicyHeaderWriter(policyDirectives);
-		return contentSecurityPolicy;
+		return this.contentSecurityPolicy;
 	}
 
 	/**
@@ -874,11 +874,11 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 	 * @return the {@link HeadersConfigurer} for additional customization
 	 */
 	public HeadersConfigurer<H> defaultsDisabled() {
-		contentTypeOptions.disable();
-		xssProtection.disable();
-		cacheControl.disable();
-		hsts.disable();
-		frameOptions.disable();
+		this.contentTypeOptions.disable();
+		this.xssProtection.disable();
+		this.cacheControl.disable();
+		this.hsts.disable();
+		this.frameOptions.disable();
 		return this;
 	}
 
@@ -909,16 +909,16 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 	 */
 	private List<HeaderWriter> getHeaderWriters() {
 		List<HeaderWriter> writers = new ArrayList<>();
-		addIfNotNull(writers, contentTypeOptions.writer);
-		addIfNotNull(writers, xssProtection.writer);
-		addIfNotNull(writers, cacheControl.writer);
-		addIfNotNull(writers, hsts.writer);
-		addIfNotNull(writers, frameOptions.writer);
-		addIfNotNull(writers, hpkp.writer);
-		addIfNotNull(writers, contentSecurityPolicy.writer);
-		addIfNotNull(writers, referrerPolicy.writer);
-		addIfNotNull(writers, featurePolicy.writer);
-		writers.addAll(headerWriters);
+		addIfNotNull(writers, this.contentTypeOptions.writer);
+		addIfNotNull(writers, this.xssProtection.writer);
+		addIfNotNull(writers, this.cacheControl.writer);
+		addIfNotNull(writers, this.hsts.writer);
+		addIfNotNull(writers, this.frameOptions.writer);
+		addIfNotNull(writers, this.hpkp.writer);
+		addIfNotNull(writers, this.contentSecurityPolicy.writer);
+		addIfNotNull(writers, this.referrerPolicy.writer);
+		addIfNotNull(writers, this.featurePolicy.writer);
+		writers.addAll(this.headerWriters);
 		return writers;
 	}
 
@@ -1045,7 +1045,7 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 	 */
 	public FeaturePolicyConfig featurePolicy(String policyDirectives) {
 		this.featurePolicy.writer = new FeaturePolicyHeaderWriter(policyDirectives);
-		return featurePolicy;
+		return this.featurePolicy;
 	}
 
 	public final class FeaturePolicyConfig {
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/JeeConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/JeeConfigurer.java
index 67151567e6..999bd834b4 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/JeeConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/JeeConfigurer.java
@@ -212,14 +212,15 @@ public final class JeeConfigurer<H extends HttpSecurityBuilder<H>> extends Abstr
 	 * @return the {@link J2eePreAuthenticatedProcessingFilter} to use.
 	 */
 	private J2eePreAuthenticatedProcessingFilter getFilter(AuthenticationManager authenticationManager) {
-		if (j2eePreAuthenticatedProcessingFilter == null) {
-			j2eePreAuthenticatedProcessingFilter = new J2eePreAuthenticatedProcessingFilter();
-			j2eePreAuthenticatedProcessingFilter.setAuthenticationManager(authenticationManager);
-			j2eePreAuthenticatedProcessingFilter.setAuthenticationDetailsSource(createWebAuthenticationDetailsSource());
-			j2eePreAuthenticatedProcessingFilter = postProcess(j2eePreAuthenticatedProcessingFilter);
+		if (this.j2eePreAuthenticatedProcessingFilter == null) {
+			this.j2eePreAuthenticatedProcessingFilter = new J2eePreAuthenticatedProcessingFilter();
+			this.j2eePreAuthenticatedProcessingFilter.setAuthenticationManager(authenticationManager);
+			this.j2eePreAuthenticatedProcessingFilter
+					.setAuthenticationDetailsSource(createWebAuthenticationDetailsSource());
+			this.j2eePreAuthenticatedProcessingFilter = postProcess(this.j2eePreAuthenticatedProcessingFilter);
 		}
 
-		return j2eePreAuthenticatedProcessingFilter;
+		return this.j2eePreAuthenticatedProcessingFilter;
 	}
 
 	/**
@@ -228,8 +229,8 @@ public final class JeeConfigurer<H extends HttpSecurityBuilder<H>> extends Abstr
 	 * @return the {@link AuthenticationUserDetailsService} to use
 	 */
 	private AuthenticationUserDetailsService<PreAuthenticatedAuthenticationToken> getUserDetailsService() {
-		return authenticationUserDetailsService == null ? new PreAuthenticatedGrantedAuthoritiesUserDetailsService()
-				: authenticationUserDetailsService;
+		return this.authenticationUserDetailsService == null
+				? new PreAuthenticatedGrantedAuthoritiesUserDetailsService() : this.authenticationUserDetailsService;
 	}
 
 	/**
@@ -241,7 +242,7 @@ public final class JeeConfigurer<H extends HttpSecurityBuilder<H>> extends Abstr
 	private J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource createWebAuthenticationDetailsSource() {
 		J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource detailsSource = new J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource();
 		SimpleMappableAttributesRetriever rolesRetriever = new SimpleMappableAttributesRetriever();
-		rolesRetriever.setMappableAttributes(mappableRoles);
+		rolesRetriever.setMappableAttributes(this.mappableRoles);
 		detailsSource.setMappableRolesRetriever(rolesRetriever);
 
 		detailsSource = postProcess(detailsSource);
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurer.java
index 7b9aa5132a..bb9a63f159 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurer.java
@@ -114,7 +114,7 @@ public final class LogoutConfigurer<H extends HttpSecurityBuilder<H>>
 	 * @return the {@link LogoutConfigurer} for further customization
 	 */
 	public LogoutConfigurer<H> clearAuthentication(boolean clearAuthentication) {
-		contextLogoutHandler.setClearAuthentication(clearAuthentication);
+		this.contextLogoutHandler.setClearAuthentication(clearAuthentication);
 		return this;
 	}
 
@@ -126,7 +126,7 @@ public final class LogoutConfigurer<H extends HttpSecurityBuilder<H>>
 	 * @return the {@link LogoutConfigurer} for further customization
 	 */
 	public LogoutConfigurer<H> invalidateHttpSession(boolean invalidateHttpSession) {
-		contextLogoutHandler.setInvalidateHttpSession(invalidateHttpSession);
+		this.contextLogoutHandler.setInvalidateHttpSession(invalidateHttpSession);
 		return this;
 	}
 
@@ -259,19 +259,19 @@ public final class LogoutConfigurer<H extends HttpSecurityBuilder<H>>
 
 	private LogoutSuccessHandler createDefaultSuccessHandler() {
 		SimpleUrlLogoutSuccessHandler urlLogoutHandler = new SimpleUrlLogoutSuccessHandler();
-		urlLogoutHandler.setDefaultTargetUrl(logoutSuccessUrl);
-		if (defaultLogoutSuccessHandlerMappings.isEmpty()) {
+		urlLogoutHandler.setDefaultTargetUrl(this.logoutSuccessUrl);
+		if (this.defaultLogoutSuccessHandlerMappings.isEmpty()) {
 			return urlLogoutHandler;
 		}
 		DelegatingLogoutSuccessHandler successHandler = new DelegatingLogoutSuccessHandler(
-				defaultLogoutSuccessHandlerMappings);
+				this.defaultLogoutSuccessHandlerMappings);
 		successHandler.setDefaultLogoutSuccessHandler(urlLogoutHandler);
 		return successHandler;
 	}
 
 	@Override
 	public void init(H http) {
-		if (permitAll) {
+		if (this.permitAll) {
 			PermitAllSupport.permitAll(http, this.logoutSuccessUrl);
 			PermitAllSupport.permitAll(http, this.getLogoutRequestMatcher(http));
 		}
@@ -296,7 +296,7 @@ public final class LogoutConfigurer<H extends HttpSecurityBuilder<H>>
 	 * @return true if logout success handling has been customized, else false
 	 */
 	boolean isCustomLogoutSuccess() {
-		return customLogoutSuccess;
+		return this.customLogoutSuccess;
 	}
 
 	/**
@@ -305,7 +305,7 @@ public final class LogoutConfigurer<H extends HttpSecurityBuilder<H>>
 	 * @return the logoutSuccessUrl
 	 */
 	private String getLogoutSuccessUrl() {
-		return logoutSuccessUrl;
+		return this.logoutSuccessUrl;
 	}
 
 	/**
@@ -313,7 +313,7 @@ public final class LogoutConfigurer<H extends HttpSecurityBuilder<H>>
 	 * @return the {@link LogoutHandler} instances. Cannot be null.
 	 */
 	List<LogoutHandler> getLogoutHandlers() {
-		return logoutHandlers;
+		return this.logoutHandlers;
 	}
 
 	/**
@@ -324,9 +324,9 @@ public final class LogoutConfigurer<H extends HttpSecurityBuilder<H>>
 	 * @return the {@link LogoutFilter} to use.
 	 */
 	private LogoutFilter createLogoutFilter(H http) {
-		logoutHandlers.add(contextLogoutHandler);
-		logoutHandlers.add(postProcess(new LogoutSuccessEventPublishingLogoutHandler()));
-		LogoutHandler[] handlers = logoutHandlers.toArray(new LogoutHandler[0]);
+		this.logoutHandlers.add(this.contextLogoutHandler);
+		this.logoutHandlers.add(postProcess(new LogoutSuccessEventPublishingLogoutHandler()));
+		LogoutHandler[] handlers = this.logoutHandlers.toArray(new LogoutHandler[0]);
 		LogoutFilter result = new LogoutFilter(getLogoutSuccessHandler(), handlers);
 		result.setLogoutRequestMatcher(getLogoutRequestMatcher(http));
 		result = postProcess(result);
@@ -335,8 +335,8 @@ public final class LogoutConfigurer<H extends HttpSecurityBuilder<H>>
 
 	@SuppressWarnings("unchecked")
 	private RequestMatcher getLogoutRequestMatcher(H http) {
-		if (logoutRequestMatcher != null) {
-			return logoutRequestMatcher;
+		if (this.logoutRequestMatcher != null) {
+			return this.logoutRequestMatcher;
 		}
 		if (http.getConfigurer(CsrfConfigurer.class) != null) {
 			this.logoutRequestMatcher = new AntPathRequestMatcher(this.logoutUrl, "POST");
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/PermitAllSupport.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/PermitAllSupport.java
index 78ebe6417d..0d8a6cecf2 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/PermitAllSupport.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/PermitAllSupport.java
@@ -73,16 +73,16 @@ final class PermitAllSupport {
 			}
 
 			if ("".equals(request.getContextPath())) {
-				return uri.equals(processUrl);
+				return uri.equals(this.processUrl);
 			}
 
-			return uri.equals(request.getContextPath() + processUrl);
+			return uri.equals(request.getContextPath() + this.processUrl);
 		}
 
 		@Override
 		public String toString() {
 			StringBuilder sb = new StringBuilder();
-			sb.append("ExactUrl [processUrl='").append(processUrl).append("']");
+			sb.append("ExactUrl [processUrl='").append(this.processUrl).append("']");
 			return sb.toString();
 		}
 
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/PortMapperConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/PortMapperConfigurer.java
index 983cc726b2..25bd2b1b77 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/PortMapperConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/PortMapperConfigurer.java
@@ -75,12 +75,12 @@ public final class PortMapperConfigurer<H extends HttpSecurityBuilder<H>>
 	 * @return the {@link PortMapper} to use
 	 */
 	private PortMapper getPortMapper() {
-		if (portMapper == null) {
+		if (this.portMapper == null) {
 			PortMapperImpl portMapper = new PortMapperImpl();
-			portMapper.setPortMappings(httpsPortMappings);
+			portMapper.setPortMappings(this.httpsPortMappings);
 			this.portMapper = portMapper;
 		}
-		return portMapper;
+		return this.portMapper;
 	}
 
 	/**
@@ -109,7 +109,7 @@ public final class PortMapperConfigurer<H extends HttpSecurityBuilder<H>>
 		 * @return the {@link PortMapperConfigurer} for further customization
 		 */
 		public PortMapperConfigurer<H> mapsTo(int httpsPort) {
-			httpsPortMappings.put(String.valueOf(httpPort), String.valueOf(httpsPort));
+			PortMapperConfigurer.this.httpsPortMappings.put(String.valueOf(this.httpPort), String.valueOf(httpsPort));
 			return PortMapperConfigurer.this;
 		}
 
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurer.java
index 878f11ed6c..a4aa031a56 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurer.java
@@ -424,7 +424,7 @@ public final class RememberMeConfigurer<H extends HttpSecurityBuilder<H>>
 	private String getKey() {
 		if (this.key == null) {
 			if (this.rememberMeServices instanceof AbstractRememberMeServices) {
-				this.key = ((AbstractRememberMeServices) rememberMeServices).getKey();
+				this.key = ((AbstractRememberMeServices) this.rememberMeServices).getKey();
 			}
 			else {
 				this.key = UUID.randomUUID().toString();
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ServletApiConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ServletApiConfigurer.java
index 3175ac3f30..9cc00c5862 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ServletApiConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ServletApiConfigurer.java
@@ -70,24 +70,24 @@ public final class ServletApiConfigurer<H extends HttpSecurityBuilder<H>>
 	}
 
 	public ServletApiConfigurer<H> rolePrefix(String rolePrefix) {
-		securityContextRequestFilter.setRolePrefix(rolePrefix);
+		this.securityContextRequestFilter.setRolePrefix(rolePrefix);
 		return this;
 	}
 
 	@Override
 	@SuppressWarnings("unchecked")
 	public void configure(H http) {
-		securityContextRequestFilter.setAuthenticationManager(http.getSharedObject(AuthenticationManager.class));
+		this.securityContextRequestFilter.setAuthenticationManager(http.getSharedObject(AuthenticationManager.class));
 		ExceptionHandlingConfigurer<H> exceptionConf = http.getConfigurer(ExceptionHandlingConfigurer.class);
 		AuthenticationEntryPoint authenticationEntryPoint = exceptionConf == null ? null
 				: exceptionConf.getAuthenticationEntryPoint(http);
-		securityContextRequestFilter.setAuthenticationEntryPoint(authenticationEntryPoint);
+		this.securityContextRequestFilter.setAuthenticationEntryPoint(authenticationEntryPoint);
 		LogoutConfigurer<H> logoutConf = http.getConfigurer(LogoutConfigurer.class);
 		List<LogoutHandler> logoutHandlers = logoutConf == null ? null : logoutConf.getLogoutHandlers();
-		securityContextRequestFilter.setLogoutHandlers(logoutHandlers);
+		this.securityContextRequestFilter.setLogoutHandlers(logoutHandlers);
 		AuthenticationTrustResolver trustResolver = http.getSharedObject(AuthenticationTrustResolver.class);
 		if (trustResolver != null) {
-			securityContextRequestFilter.setTrustResolver(trustResolver);
+			this.securityContextRequestFilter.setTrustResolver(trustResolver);
 		}
 		ApplicationContext context = http.getSharedObject(ApplicationContext.class);
 		if (context != null) {
@@ -95,11 +95,11 @@ public final class ServletApiConfigurer<H extends HttpSecurityBuilder<H>>
 			if (grantedAuthorityDefaultsBeanNames.length == 1) {
 				GrantedAuthorityDefaults grantedAuthorityDefaults = context
 						.getBean(grantedAuthorityDefaultsBeanNames[0], GrantedAuthorityDefaults.class);
-				securityContextRequestFilter.setRolePrefix(grantedAuthorityDefaults.getRolePrefix());
+				this.securityContextRequestFilter.setRolePrefix(grantedAuthorityDefaults.getRolePrefix());
 			}
 		}
-		securityContextRequestFilter = postProcess(securityContextRequestFilter);
-		http.addFilter(securityContextRequestFilter);
+		this.securityContextRequestFilter = postProcess(this.securityContextRequestFilter);
+		http.addFilter(this.securityContextRequestFilter);
 	}
 
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationConfigurer.java
index 3bb7f5c96c..3c9458ff72 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationConfigurer.java
@@ -100,7 +100,7 @@ public final class UrlAuthorizationConfigurer<H extends HttpSecurityBuilder<H>>
 	 * @return the {@link ExpressionUrlAuthorizationConfigurer} for further customizations
 	 */
 	public StandardInterceptUrlRegistry getRegistry() {
-		return REGISTRY;
+		return this.REGISTRY;
 	}
 
 	/**
@@ -176,7 +176,7 @@ public final class UrlAuthorizationConfigurer<H extends HttpSecurityBuilder<H>>
 	 */
 	@Override
 	FilterInvocationSecurityMetadataSource createMetadataSource(H http) {
-		return new DefaultFilterInvocationSecurityMetadataSource(REGISTRY.createRequestMap());
+		return new DefaultFilterInvocationSecurityMetadataSource(this.REGISTRY.createRequestMap());
 	}
 
 	/**
@@ -191,10 +191,10 @@ public final class UrlAuthorizationConfigurer<H extends HttpSecurityBuilder<H>>
 	private StandardInterceptUrlRegistry addMapping(Iterable<? extends RequestMatcher> requestMatchers,
 			Collection<ConfigAttribute> configAttributes) {
 		for (RequestMatcher requestMatcher : requestMatchers) {
-			REGISTRY.addMapping(
+			this.REGISTRY.addMapping(
 					new AbstractConfigAttributeRequestMatcherRegistry.UrlMapping(requestMatcher, configAttributes));
 		}
-		return REGISTRY;
+		return this.REGISTRY;
 	}
 
 	/**
@@ -334,7 +334,7 @@ public final class UrlAuthorizationConfigurer<H extends HttpSecurityBuilder<H>>
 		 * @return the {@link UrlAuthorizationConfigurer} for further customization
 		 */
 		public StandardInterceptUrlRegistry access(String... attributes) {
-			addMapping(requestMatchers, SecurityConfig.createList(attributes));
+			addMapping(this.requestMatchers, SecurityConfig.createList(attributes));
 			return UrlAuthorizationConfigurer.this.REGISTRY;
 		}
 
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/X509Configurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/X509Configurer.java
index 072084b45b..674135f333 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/X509Configurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/X509Configurer.java
@@ -185,27 +185,27 @@ public final class X509Configurer<H extends HttpSecurityBuilder<H>>
 	}
 
 	private X509AuthenticationFilter getFilter(AuthenticationManager authenticationManager) {
-		if (x509AuthenticationFilter == null) {
-			x509AuthenticationFilter = new X509AuthenticationFilter();
-			x509AuthenticationFilter.setAuthenticationManager(authenticationManager);
-			if (x509PrincipalExtractor != null) {
-				x509AuthenticationFilter.setPrincipalExtractor(x509PrincipalExtractor);
+		if (this.x509AuthenticationFilter == null) {
+			this.x509AuthenticationFilter = new X509AuthenticationFilter();
+			this.x509AuthenticationFilter.setAuthenticationManager(authenticationManager);
+			if (this.x509PrincipalExtractor != null) {
+				this.x509AuthenticationFilter.setPrincipalExtractor(this.x509PrincipalExtractor);
 			}
-			if (authenticationDetailsSource != null) {
-				x509AuthenticationFilter.setAuthenticationDetailsSource(authenticationDetailsSource);
+			if (this.authenticationDetailsSource != null) {
+				this.x509AuthenticationFilter.setAuthenticationDetailsSource(this.authenticationDetailsSource);
 			}
-			x509AuthenticationFilter = postProcess(x509AuthenticationFilter);
+			this.x509AuthenticationFilter = postProcess(this.x509AuthenticationFilter);
 		}
 
-		return x509AuthenticationFilter;
+		return this.x509AuthenticationFilter;
 	}
 
 	private AuthenticationUserDetailsService<PreAuthenticatedAuthenticationToken> getAuthenticationUserDetailsService(
 			H http) {
-		if (authenticationUserDetailsService == null) {
+		if (this.authenticationUserDetailsService == null) {
 			userDetailsService(http.getSharedObject(UserDetailsService.class));
 		}
-		return authenticationUserDetailsService;
+		return this.authenticationUserDetailsService;
 	}
 
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurer.java
index 8c485b9850..7e5ab127bb 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurer.java
@@ -210,9 +210,9 @@ public final class Saml2LoginConfigurer<B extends HttpSecurityBuilder<B>>
 			this.relyingPartyRegistrationRepository = getSharedOrBean(http, RelyingPartyRegistrationRepository.class);
 		}
 
-		saml2WebSsoAuthenticationFilter = new Saml2WebSsoAuthenticationFilter(getAuthenticationConverter(http),
+		this.saml2WebSsoAuthenticationFilter = new Saml2WebSsoAuthenticationFilter(getAuthenticationConverter(http),
 				this.loginProcessingUrl);
-		setAuthenticationFilter(saml2WebSsoAuthenticationFilter);
+		setAuthenticationFilter(this.saml2WebSsoAuthenticationFilter);
 		super.loginProcessingUrl(this.loginProcessingUrl);
 
 		if (hasText(this.loginPage)) {
@@ -258,7 +258,7 @@ public final class Saml2LoginConfigurer<B extends HttpSecurityBuilder<B>>
 			registerDefaultAuthenticationProvider(http);
 		}
 		else {
-			saml2WebSsoAuthenticationFilter.setAuthenticationManager(this.authenticationManager);
+			this.saml2WebSsoAuthenticationFilter.setAuthenticationManager(this.authenticationManager);
 		}
 	}
 
@@ -281,7 +281,7 @@ public final class Saml2LoginConfigurer<B extends HttpSecurityBuilder<B>>
 			return;
 		}
 
-		csrf.ignoringRequestMatchers(new AntPathRequestMatcher(loginProcessingUrl));
+		csrf.ignoringRequestMatchers(new AntPathRequestMatcher(this.loginProcessingUrl));
 	}
 
 	private void initDefaultLoginFilter(B http) {
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistry.java b/config/src/main/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistry.java
index 4017be49e2..ecf90a4c93 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistry.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistry.java
@@ -231,7 +231,7 @@ public class MessageSecurityMetadataSourceRegistry {
 			matcherToExpression.put(entry.getKey().build(), entry.getValue());
 		}
 		return ExpressionBasedMessageSecurityMetadataSourceFactory
-				.createExpressionMessageMetadataSource(matcherToExpression, expressionHandler);
+				.createExpressionMessageMetadataSource(matcherToExpression, this.expressionHandler);
 	}
 
 	/**
@@ -378,8 +378,8 @@ public class MessageSecurityMetadataSourceRegistry {
 		 * customization
 		 */
 		public MessageSecurityMetadataSourceRegistry access(String attribute) {
-			for (MatcherBuilder messageMatcher : messageMatchers) {
-				matcherToExpression.put(messageMatcher, attribute);
+			for (MatcherBuilder messageMatcher : this.messageMatchers) {
+				MessageSecurityMetadataSourceRegistry.this.matcherToExpression.put(messageMatcher, attribute);
 			}
 			return MessageSecurityMetadataSourceRegistry.this;
 		}
@@ -418,7 +418,7 @@ public class MessageSecurityMetadataSourceRegistry {
 		}
 
 		public MessageMatcher<?> build() {
-			return matcher;
+			return this.matcher;
 		}
 
 	}
@@ -435,16 +435,19 @@ public class MessageSecurityMetadataSourceRegistry {
 		}
 
 		public MessageMatcher<?> build() {
-			if (type == null) {
-				return new SimpDestinationMessageMatcher(pattern, pathMatcher);
+			if (this.type == null) {
+				return new SimpDestinationMessageMatcher(this.pattern,
+						MessageSecurityMetadataSourceRegistry.this.pathMatcher);
 			}
-			else if (SimpMessageType.MESSAGE == type) {
-				return SimpDestinationMessageMatcher.createMessageMatcher(pattern, pathMatcher);
+			else if (SimpMessageType.MESSAGE == this.type) {
+				return SimpDestinationMessageMatcher.createMessageMatcher(this.pattern,
+						MessageSecurityMetadataSourceRegistry.this.pathMatcher);
 			}
-			else if (SimpMessageType.SUBSCRIBE == type) {
-				return SimpDestinationMessageMatcher.createSubscribeMatcher(pattern, pathMatcher);
+			else if (SimpMessageType.SUBSCRIBE == this.type) {
+				return SimpDestinationMessageMatcher.createSubscribeMatcher(this.pattern,
+						MessageSecurityMetadataSourceRegistry.this.pathMatcher);
 			}
-			throw new IllegalStateException(type + " is not supported since it does not have a destination");
+			throw new IllegalStateException(this.type + " is not supported since it does not have a destination");
 		}
 
 	}
@@ -460,31 +463,31 @@ public class MessageSecurityMetadataSourceRegistry {
 		private PathMatcher delegate = new AntPathMatcher();
 
 		public boolean isPattern(String path) {
-			return delegate.isPattern(path);
+			return this.delegate.isPattern(path);
 		}
 
 		public boolean match(String pattern, String path) {
-			return delegate.match(pattern, path);
+			return this.delegate.match(pattern, path);
 		}
 
 		public boolean matchStart(String pattern, String path) {
-			return delegate.matchStart(pattern, path);
+			return this.delegate.matchStart(pattern, path);
 		}
 
 		public String extractPathWithinPattern(String pattern, String path) {
-			return delegate.extractPathWithinPattern(pattern, path);
+			return this.delegate.extractPathWithinPattern(pattern, path);
 		}
 
 		public Map<String, String> extractUriTemplateVariables(String pattern, String path) {
-			return delegate.extractUriTemplateVariables(pattern, path);
+			return this.delegate.extractUriTemplateVariables(pattern, path);
 		}
 
 		public Comparator<String> getPatternComparator(String path) {
-			return delegate.getPatternComparator(path);
+			return this.delegate.getPatternComparator(path);
 		}
 
 		public String combine(String pattern1, String pattern2) {
-			return delegate.combine(pattern1, pattern2);
+			return this.delegate.combine(pattern1, pattern2);
 		}
 
 		void setPathMatcher(PathMatcher pathMatcher) {
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurer.java
index b048d19913..1e70040bd7 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurer.java
@@ -103,12 +103,12 @@ public abstract class AbstractSecurityWebSocketMessageBrokerConfigurer extends A
 
 	@Override
 	public final void configureClientInboundChannel(ChannelRegistration registration) {
-		ChannelSecurityInterceptor inboundChannelSecurity = context.getBean(ChannelSecurityInterceptor.class);
-		registration.setInterceptors(context.getBean(SecurityContextChannelInterceptor.class));
+		ChannelSecurityInterceptor inboundChannelSecurity = this.context.getBean(ChannelSecurityInterceptor.class);
+		registration.setInterceptors(this.context.getBean(SecurityContextChannelInterceptor.class));
 		if (!sameOriginDisabled()) {
-			registration.setInterceptors(context.getBean(CsrfChannelInterceptor.class));
+			registration.setInterceptors(this.context.getBean(CsrfChannelInterceptor.class));
 		}
-		if (inboundRegistry.containsMapping()) {
+		if (this.inboundRegistry.containsMapping()) {
 			registration.setInterceptors(inboundChannelSecurity);
 		}
 		customizeClientInboundChannel(registration);
@@ -116,7 +116,7 @@ public abstract class AbstractSecurityWebSocketMessageBrokerConfigurer extends A
 
 	private PathMatcher getDefaultPathMatcher() {
 		try {
-			return context.getBean(SimpAnnotationMethodMessageHandler.class).getPathMatcher();
+			return this.context.getBean(SimpAnnotationMethodMessageHandler.class).getPathMatcher();
 		}
 		catch (NoSuchBeanDefinitionException e) {
 			return new AntPathMatcher();
@@ -174,9 +174,9 @@ public abstract class AbstractSecurityWebSocketMessageBrokerConfigurer extends A
 
 	@Bean
 	public MessageSecurityMetadataSource inboundMessageSecurityMetadataSource() {
-		inboundRegistry.expressionHandler(getMessageExpressionHandler());
-		configureInbound(inboundRegistry);
-		return inboundRegistry.createMetadataSource();
+		this.inboundRegistry.expressionHandler(getMessageExpressionHandler());
+		configureInbound(this.inboundRegistry);
+		return this.inboundRegistry.createMetadataSource();
 	}
 
 	/**
@@ -223,14 +223,14 @@ public abstract class AbstractSecurityWebSocketMessageBrokerConfigurer extends A
 
 	@Autowired(required = false)
 	public void setObjectPostProcessor(ObjectPostProcessor<Object> objectPostProcessor) {
-		defaultExpressionHandler = objectPostProcessor.postProcess(defaultExpressionHandler);
+		this.defaultExpressionHandler = objectPostProcessor.postProcess(this.defaultExpressionHandler);
 	}
 
 	private SecurityExpressionHandler<Message<Object>> getMessageExpressionHandler() {
-		if (expressionHandler == null) {
-			return defaultExpressionHandler;
+		if (this.expressionHandler == null) {
+			return this.defaultExpressionHandler;
 		}
-		return expressionHandler;
+		return this.expressionHandler;
 	}
 
 	public void afterSingletonsInstantiated() {
@@ -239,7 +239,7 @@ public abstract class AbstractSecurityWebSocketMessageBrokerConfigurer extends A
 		}
 
 		String beanName = "stompWebSocketHandlerMapping";
-		SimpleUrlHandlerMapping mapping = context.getBean(beanName, SimpleUrlHandlerMapping.class);
+		SimpleUrlHandlerMapping mapping = this.context.getBean(beanName, SimpleUrlHandlerMapping.class);
 		Map<String, Object> mappings = mapping.getHandlerMap();
 		for (Object object : mappings.values()) {
 			if (object instanceof SockJsHttpRequestHandler) {
@@ -275,9 +275,9 @@ public abstract class AbstractSecurityWebSocketMessageBrokerConfigurer extends A
 			}
 		}
 
-		if (inboundRegistry.containsMapping() && !inboundRegistry.isSimpDestPathMatcherConfigured()) {
+		if (this.inboundRegistry.containsMapping() && !this.inboundRegistry.isSimpDestPathMatcherConfigured()) {
 			PathMatcher pathMatcher = getDefaultPathMatcher();
-			inboundRegistry.simpDestPathMatcher(pathMatcher);
+			this.inboundRegistry.simpDestPathMatcher(pathMatcher);
 		}
 	}
 
diff --git a/config/src/main/java/org/springframework/security/config/authentication/AuthenticationManagerFactoryBean.java b/config/src/main/java/org/springframework/security/config/authentication/AuthenticationManagerFactoryBean.java
index 5e99b50867..0a64abf68c 100644
--- a/config/src/main/java/org/springframework/security/config/authentication/AuthenticationManagerFactoryBean.java
+++ b/config/src/main/java/org/springframework/security/config/authentication/AuthenticationManagerFactoryBean.java
@@ -48,7 +48,7 @@ public class AuthenticationManagerFactoryBean implements FactoryBean<Authenticat
 
 	public AuthenticationManager getObject() throws Exception {
 		try {
-			return (AuthenticationManager) bf.getBean(BeanIds.AUTHENTICATION_MANAGER);
+			return (AuthenticationManager) this.bf.getBean(BeanIds.AUTHENTICATION_MANAGER);
 		}
 		catch (NoSuchBeanDefinitionException e) {
 			if (!BeanIds.AUTHENTICATION_MANAGER.equals(e.getBeanName())) {
@@ -80,7 +80,7 @@ public class AuthenticationManagerFactoryBean implements FactoryBean<Authenticat
 	}
 
 	public void setBeanFactory(BeanFactory beanFactory) throws BeansException {
-		bf = beanFactory;
+		this.bf = beanFactory;
 	}
 
 	private <T> T getBeanOrNull(Class<T> type) {
diff --git a/config/src/main/java/org/springframework/security/config/authentication/PasswordEncoderParser.java b/config/src/main/java/org/springframework/security/config/authentication/PasswordEncoderParser.java
index a0e9b5e424..0ee8d05205 100644
--- a/config/src/main/java/org/springframework/security/config/authentication/PasswordEncoderParser.java
+++ b/config/src/main/java/org/springframework/security/config/authentication/PasswordEncoderParser.java
@@ -76,11 +76,11 @@ public class PasswordEncoderParser {
 		String ref = element.getAttribute(ATT_REF);
 
 		if (StringUtils.hasText(ref)) {
-			passwordEncoder = new RuntimeBeanReference(ref);
+			this.passwordEncoder = new RuntimeBeanReference(ref);
 		}
 		else {
-			passwordEncoder = createPasswordEncoderBeanDefinition(hash, useBase64);
-			((RootBeanDefinition) passwordEncoder).setSource(parserContext.extractSource(element));
+			this.passwordEncoder = createPasswordEncoderBeanDefinition(hash, useBase64);
+			((RootBeanDefinition) this.passwordEncoder).setSource(parserContext.extractSource(element));
 		}
 	}
 
@@ -91,7 +91,7 @@ public class PasswordEncoderParser {
 	}
 
 	public BeanMetadataElement getPasswordEncoder() {
-		return passwordEncoder;
+		return this.passwordEncoder;
 	}
 
 }
diff --git a/config/src/main/java/org/springframework/security/config/authentication/UserServiceBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/authentication/UserServiceBeanDefinitionParser.java
index f63c2d2b67..d9b806c360 100644
--- a/config/src/main/java/org/springframework/security/config/authentication/UserServiceBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/authentication/UserServiceBeanDefinitionParser.java
@@ -112,16 +112,16 @@ public class UserServiceBeanDefinitionParser extends AbstractUserDetailsServiceB
 	}
 
 	private String generateRandomPassword() {
-		if (random == null) {
+		if (this.random == null) {
 			try {
-				random = SecureRandom.getInstance("SHA1PRNG");
+				this.random = SecureRandom.getInstance("SHA1PRNG");
 			}
 			catch (NoSuchAlgorithmException e) {
 				// Shouldn't happen...
 				throw new RuntimeException("Failed find SHA1PRNG algorithm!");
 			}
 		}
-		return Long.toString(random.nextLong());
+		return Long.toString(this.random.nextLong());
 	}
 
 }
diff --git a/config/src/main/java/org/springframework/security/config/core/userdetails/ReactiveUserDetailsServiceResourceFactoryBean.java b/config/src/main/java/org/springframework/security/config/core/userdetails/ReactiveUserDetailsServiceResourceFactoryBean.java
index dc30f05887..34c3ab73f8 100644
--- a/config/src/main/java/org/springframework/security/config/core/userdetails/ReactiveUserDetailsServiceResourceFactoryBean.java
+++ b/config/src/main/java/org/springframework/security/config/core/userdetails/ReactiveUserDetailsServiceResourceFactoryBean.java
@@ -41,7 +41,7 @@ public class ReactiveUserDetailsServiceResourceFactoryBean
 
 	@Override
 	public MapReactiveUserDetailsService getObject() throws Exception {
-		Collection<UserDetails> users = userDetails.getObject();
+		Collection<UserDetails> users = this.userDetails.getObject();
 		return new MapReactiveUserDetailsService(users);
 	}
 
@@ -52,7 +52,7 @@ public class ReactiveUserDetailsServiceResourceFactoryBean
 
 	@Override
 	public void setResourceLoader(ResourceLoader resourceLoader) {
-		userDetails.setResourceLoader(resourceLoader);
+		this.userDetails.setResourceLoader(resourceLoader);
 	}
 
 	/**
diff --git a/config/src/main/java/org/springframework/security/config/core/userdetails/UserDetailsResourceFactoryBean.java b/config/src/main/java/org/springframework/security/config/core/userdetails/UserDetailsResourceFactoryBean.java
index ce4b7ad975..ed74783d5c 100644
--- a/config/src/main/java/org/springframework/security/config/core/userdetails/UserDetailsResourceFactoryBean.java
+++ b/config/src/main/java/org/springframework/security/config/core/userdetails/UserDetailsResourceFactoryBean.java
@@ -98,9 +98,9 @@ public class UserDetailsResourceFactoryBean implements ResourceLoaderAware, Fact
 	}
 
 	private Resource getPropertiesResource() {
-		Resource result = resource;
-		if (result == null && resourceLocation != null) {
-			result = resourceLoader.getResource(resourceLocation);
+		Resource result = this.resource;
+		if (result == null && this.resourceLocation != null) {
+			result = this.resourceLoader.getResource(this.resourceLocation);
 		}
 		Assert.notNull(result, "resource cannot be null if resourceLocation is null");
 		return result;
diff --git a/config/src/main/java/org/springframework/security/config/debug/SecurityDebugBeanFactoryPostProcessor.java b/config/src/main/java/org/springframework/security/config/debug/SecurityDebugBeanFactoryPostProcessor.java
index 975e0dfc43..23b00c6e45 100644
--- a/config/src/main/java/org/springframework/security/config/debug/SecurityDebugBeanFactoryPostProcessor.java
+++ b/config/src/main/java/org/springframework/security/config/debug/SecurityDebugBeanFactoryPostProcessor.java
@@ -36,7 +36,7 @@ public class SecurityDebugBeanFactoryPostProcessor implements BeanDefinitionRegi
 	private final Log logger = LogFactory.getLog(getClass());
 
 	public void postProcessBeanDefinitionRegistry(BeanDefinitionRegistry registry) throws BeansException {
-		logger.warn("\n\n" + "********************************************************************\n"
+		this.logger.warn("\n\n" + "********************************************************************\n"
 				+ "**********        Security debugging is enabled.       *************\n"
 				+ "**********    This may include sensitive information.  *************\n"
 				+ "**********      Do not use in a production system!     *************\n"
diff --git a/config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java b/config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java
index 0d2d830bdc..bf1fc0692d 100644
--- a/config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java
+++ b/config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java
@@ -235,7 +235,7 @@ final class AuthenticationConfigBuilder {
 		this.httpElt = element;
 		this.pc = pc;
 		this.requestCache = requestCache;
-		autoConfig = forceAutoConfig | "true".equals(element.getAttribute(ATT_AUTO_CONFIG));
+		this.autoConfig = forceAutoConfig | "true".equals(element.getAttribute(ATT_AUTO_CONFIG));
 		this.allowSessionCreation = sessionPolicy != SessionCreationPolicy.NEVER
 				&& sessionPolicy != SessionCreationPolicy.STATELESS;
 		this.portMapper = portMapper;
@@ -261,7 +261,7 @@ final class AuthenticationConfigBuilder {
 
 		// Parse remember me before logout as RememberMeServices is also a LogoutHandler
 		// implementation.
-		Element rememberMeElt = DomUtils.getChildElementByTagName(httpElt, Elements.REMEMBER_ME);
+		Element rememberMeElt = DomUtils.getChildElementByTagName(this.httpElt, Elements.REMEMBER_ME);
 
 		if (rememberMeElt != null) {
 			String key = rememberMeElt.getAttribute(ATT_KEY);
@@ -272,49 +272,49 @@ final class AuthenticationConfigBuilder {
 
 			RememberMeBeanDefinitionParser rememberMeParser = new RememberMeBeanDefinitionParser(key,
 					authenticationManager);
-			rememberMeFilter = rememberMeParser.parse(rememberMeElt, pc);
-			rememberMeServicesId = rememberMeParser.getRememberMeServicesId();
+			this.rememberMeFilter = rememberMeParser.parse(rememberMeElt, this.pc);
+			this.rememberMeServicesId = rememberMeParser.getRememberMeServicesId();
 			createRememberMeProvider(key);
 		}
 	}
 
 	private void createRememberMeProvider(String key) {
 		RootBeanDefinition provider = new RootBeanDefinition(RememberMeAuthenticationProvider.class);
-		provider.setSource(rememberMeFilter.getSource());
+		provider.setSource(this.rememberMeFilter.getSource());
 
 		provider.getConstructorArgumentValues().addGenericArgumentValue(key);
 
-		String id = pc.getReaderContext().generateBeanName(provider);
-		pc.registerBeanComponent(new BeanComponentDefinition(provider, id));
+		String id = this.pc.getReaderContext().generateBeanName(provider);
+		this.pc.registerBeanComponent(new BeanComponentDefinition(provider, id));
 
-		rememberMeProviderRef = new RuntimeBeanReference(id);
+		this.rememberMeProviderRef = new RuntimeBeanReference(id);
 	}
 
 	void createFormLoginFilter(BeanReference sessionStrategy, BeanReference authManager) {
 
-		Element formLoginElt = DomUtils.getChildElementByTagName(httpElt, Elements.FORM_LOGIN);
+		Element formLoginElt = DomUtils.getChildElementByTagName(this.httpElt, Elements.FORM_LOGIN);
 		RootBeanDefinition formFilter = null;
 
-		if (formLoginElt != null || autoConfig) {
+		if (formLoginElt != null || this.autoConfig) {
 			FormLoginBeanDefinitionParser parser = new FormLoginBeanDefinitionParser("/login", "POST",
-					AUTHENTICATION_PROCESSING_FILTER_CLASS, requestCache, sessionStrategy, allowSessionCreation,
-					portMapper, portResolver);
+					AUTHENTICATION_PROCESSING_FILTER_CLASS, this.requestCache, sessionStrategy,
+					this.allowSessionCreation, this.portMapper, this.portResolver);
 
-			parser.parse(formLoginElt, pc);
+			parser.parse(formLoginElt, this.pc);
 			formFilter = parser.getFilterBean();
-			formEntryPoint = parser.getEntryPointBean();
-			loginProcessingUrl = parser.getLoginProcessingUrl();
-			formLoginPage = parser.getLoginPage();
+			this.formEntryPoint = parser.getEntryPointBean();
+			this.loginProcessingUrl = parser.getLoginProcessingUrl();
+			this.formLoginPage = parser.getLoginPage();
 		}
 
 		if (formFilter != null) {
-			formFilter.getPropertyValues().addPropertyValue("allowSessionCreation", allowSessionCreation);
+			formFilter.getPropertyValues().addPropertyValue("allowSessionCreation", this.allowSessionCreation);
 			formFilter.getPropertyValues().addPropertyValue("authenticationManager", authManager);
 
 			// Id is required by login page filter
-			formFilterId = pc.getReaderContext().generateBeanName(formFilter);
-			pc.registerBeanComponent(new BeanComponentDefinition(formFilter, formFilterId));
-			injectRememberMeServicesRef(formFilter, rememberMeServicesId);
+			this.formFilterId = this.pc.getReaderContext().generateBeanName(formFilter);
+			this.pc.registerBeanComponent(new BeanComponentDefinition(formFilter, this.formFilterId));
+			injectRememberMeServicesRef(formFilter, this.rememberMeServicesId);
 		}
 	}
 
@@ -332,8 +332,8 @@ final class AuthenticationConfigBuilder {
 		}
 		this.oauth2LoginEnabled = true;
 
-		OAuth2LoginBeanDefinitionParser parser = new OAuth2LoginBeanDefinitionParser(requestCache, portMapper,
-				portResolver, sessionStrategy, allowSessionCreation);
+		OAuth2LoginBeanDefinitionParser parser = new OAuth2LoginBeanDefinitionParser(this.requestCache, this.portMapper,
+				this.portResolver, sessionStrategy, this.allowSessionCreation);
 		BeanDefinition oauth2LoginFilterBean = parser.parse(oauth2LoginElt, this.pc);
 
 		BeanDefinition defaultAuthorizedClientRepository = parser.getDefaultAuthorizedClientRepository();
@@ -343,30 +343,30 @@ final class AuthenticationConfigBuilder {
 
 		// retrieve the other bean result
 		BeanDefinition oauth2LoginAuthProvider = parser.getOAuth2LoginAuthenticationProvider();
-		oauth2AuthorizationRequestRedirectFilter = parser.getOAuth2AuthorizationRequestRedirectFilter();
-		oauth2LoginEntryPoint = parser.getOAuth2LoginAuthenticationEntryPoint();
+		this.oauth2AuthorizationRequestRedirectFilter = parser.getOAuth2AuthorizationRequestRedirectFilter();
+		this.oauth2LoginEntryPoint = parser.getOAuth2LoginAuthenticationEntryPoint();
 
 		// generate bean name to be registered
-		String oauth2LoginAuthProviderId = pc.getReaderContext().generateBeanName(oauth2LoginAuthProvider);
-		oauth2LoginFilterId = pc.getReaderContext().generateBeanName(oauth2LoginFilterBean);
-		String oauth2AuthorizationRequestRedirectFilterId = pc.getReaderContext()
-				.generateBeanName(oauth2AuthorizationRequestRedirectFilter);
-		oauth2LoginLinks = parser.getOAuth2LoginLinks();
+		String oauth2LoginAuthProviderId = this.pc.getReaderContext().generateBeanName(oauth2LoginAuthProvider);
+		this.oauth2LoginFilterId = this.pc.getReaderContext().generateBeanName(oauth2LoginFilterBean);
+		String oauth2AuthorizationRequestRedirectFilterId = this.pc.getReaderContext()
+				.generateBeanName(this.oauth2AuthorizationRequestRedirectFilter);
+		this.oauth2LoginLinks = parser.getOAuth2LoginLinks();
 
 		// register the component
-		pc.registerBeanComponent(new BeanComponentDefinition(oauth2LoginFilterBean, oauth2LoginFilterId));
-		pc.registerBeanComponent(new BeanComponentDefinition(oauth2AuthorizationRequestRedirectFilter,
+		this.pc.registerBeanComponent(new BeanComponentDefinition(oauth2LoginFilterBean, this.oauth2LoginFilterId));
+		this.pc.registerBeanComponent(new BeanComponentDefinition(this.oauth2AuthorizationRequestRedirectFilter,
 				oauth2AuthorizationRequestRedirectFilterId));
-		pc.registerBeanComponent(new BeanComponentDefinition(oauth2LoginAuthProvider, oauth2LoginAuthProviderId));
+		this.pc.registerBeanComponent(new BeanComponentDefinition(oauth2LoginAuthProvider, oauth2LoginAuthProviderId));
 
-		oauth2LoginAuthenticationProviderRef = new RuntimeBeanReference(oauth2LoginAuthProviderId);
+		this.oauth2LoginAuthenticationProviderRef = new RuntimeBeanReference(oauth2LoginAuthProviderId);
 
 		// oidc provider
 		BeanDefinition oauth2LoginOidcAuthProvider = parser.getOAuth2LoginOidcAuthenticationProvider();
-		String oauth2LoginOidcAuthProviderId = pc.getReaderContext().generateBeanName(oauth2LoginOidcAuthProvider);
-		pc.registerBeanComponent(
+		String oauth2LoginOidcAuthProviderId = this.pc.getReaderContext().generateBeanName(oauth2LoginOidcAuthProvider);
+		this.pc.registerBeanComponent(
 				new BeanComponentDefinition(oauth2LoginOidcAuthProvider, oauth2LoginOidcAuthProviderId));
-		oauth2LoginOidcAuthenticationProviderRef = new RuntimeBeanReference(oauth2LoginOidcAuthProviderId);
+		this.oauth2LoginOidcAuthenticationProviderRef = new RuntimeBeanReference(oauth2LoginOidcAuthProviderId);
 	}
 
 	void createOAuth2ClientFilter(BeanReference requestCache, BeanReference authenticationManager) {
@@ -384,19 +384,19 @@ final class AuthenticationConfigBuilder {
 		registerDefaultAuthorizedClientRepositoryIfNecessary(defaultAuthorizedClientRepository);
 
 		this.authorizationRequestRedirectFilter = parser.getAuthorizationRequestRedirectFilter();
-		String authorizationRequestRedirectFilterId = pc.getReaderContext()
+		String authorizationRequestRedirectFilterId = this.pc.getReaderContext()
 				.generateBeanName(this.authorizationRequestRedirectFilter);
 		this.pc.registerBeanComponent(new BeanComponentDefinition(this.authorizationRequestRedirectFilter,
 				authorizationRequestRedirectFilterId));
 
 		this.authorizationCodeGrantFilter = parser.getAuthorizationCodeGrantFilter();
-		String authorizationCodeGrantFilterId = pc.getReaderContext()
+		String authorizationCodeGrantFilterId = this.pc.getReaderContext()
 				.generateBeanName(this.authorizationCodeGrantFilter);
 		this.pc.registerBeanComponent(
 				new BeanComponentDefinition(this.authorizationCodeGrantFilter, authorizationCodeGrantFilterId));
 
 		BeanDefinition authorizationCodeAuthenticationProvider = parser.getAuthorizationCodeAuthenticationProvider();
-		String authorizationCodeAuthenticationProviderId = pc.getReaderContext()
+		String authorizationCodeAuthenticationProviderId = this.pc.getReaderContext()
 				.generateBeanName(authorizationCodeAuthenticationProvider);
 		this.pc.registerBeanComponent(new BeanComponentDefinition(authorizationCodeAuthenticationProvider,
 				authorizationCodeAuthenticationProviderId));
@@ -406,7 +406,7 @@ final class AuthenticationConfigBuilder {
 
 	void registerDefaultAuthorizedClientRepositoryIfNecessary(BeanDefinition defaultAuthorizedClientRepository) {
 		if (!this.defaultAuthorizedClientRepositoryRegistered && defaultAuthorizedClientRepository != null) {
-			String authorizedClientRepositoryId = pc.getReaderContext()
+			String authorizedClientRepositoryId = this.pc.getReaderContext()
 					.generateBeanName(defaultAuthorizedClientRepository);
 			this.pc.registerBeanComponent(
 					new BeanComponentDefinition(defaultAuthorizedClientRepository, authorizedClientRepositoryId));
@@ -428,7 +428,7 @@ final class AuthenticationConfigBuilder {
 	}
 
 	void createOpenIDLoginFilter(BeanReference sessionStrategy, BeanReference authManager) {
-		Element openIDLoginElt = DomUtils.getChildElementByTagName(httpElt, Elements.OPENID_LOGIN);
+		Element openIDLoginElt = DomUtils.getChildElementByTagName(this.httpElt, Elements.OPENID_LOGIN);
 		RootBeanDefinition openIDFilter = null;
 
 		if (openIDLoginElt != null) {
@@ -436,12 +436,12 @@ final class AuthenticationConfigBuilder {
 		}
 
 		if (openIDFilter != null) {
-			openIDFilter.getPropertyValues().addPropertyValue("allowSessionCreation", allowSessionCreation);
+			openIDFilter.getPropertyValues().addPropertyValue("allowSessionCreation", this.allowSessionCreation);
 			openIDFilter.getPropertyValues().addPropertyValue("authenticationManager", authManager);
 			// Required by login page filter
-			openIDFilterId = pc.getReaderContext().generateBeanName(openIDFilter);
-			pc.registerBeanComponent(new BeanComponentDefinition(openIDFilter, openIDFilterId));
-			injectRememberMeServicesRef(openIDFilter, rememberMeServicesId);
+			this.openIDFilterId = this.pc.getReaderContext().generateBeanName(openIDFilter);
+			this.pc.registerBeanComponent(new BeanComponentDefinition(openIDFilter, this.openIDFilterId));
+			injectRememberMeServicesRef(openIDFilter, this.rememberMeServicesId);
 
 			createOpenIDProvider();
 		}
@@ -460,14 +460,14 @@ final class AuthenticationConfigBuilder {
 	private RootBeanDefinition parseOpenIDFilter(BeanReference sessionStrategy, Element openIDLoginElt) {
 		RootBeanDefinition openIDFilter;
 		FormLoginBeanDefinitionParser parser = new FormLoginBeanDefinitionParser("/login/openid", null,
-				OPEN_ID_AUTHENTICATION_PROCESSING_FILTER_CLASS, requestCache, sessionStrategy, allowSessionCreation,
-				portMapper, portResolver);
+				OPEN_ID_AUTHENTICATION_PROCESSING_FILTER_CLASS, this.requestCache, sessionStrategy,
+				this.allowSessionCreation, this.portMapper, this.portResolver);
 
-		parser.parse(openIDLoginElt, pc);
+		parser.parse(openIDLoginElt, this.pc);
 		openIDFilter = parser.getFilterBean();
-		openIDEntryPoint = parser.getEntryPointBean();
-		openidLoginProcessingUrl = parser.getLoginProcessingUrl();
-		openIDLoginPage = parser.getLoginPage();
+		this.openIDEntryPoint = parser.getEntryPointBean();
+		this.openidLoginProcessingUrl = parser.getLoginProcessingUrl();
+		this.openIDLoginPage = parser.getLoginPage();
 
 		List<Element> attrExElts = DomUtils.getChildElementsByTagName(openIDLoginElt,
 				Elements.OPENID_ATTRIBUTE_EXCHANGE);
@@ -483,7 +483,7 @@ final class AuthenticationConfigBuilder {
 
 				if (!StringUtils.hasText(identifierMatch)) {
 					if (attrExElts.size() > 1) {
-						pc.getReaderContext().error("You must supply an identifier-match attribute if using more"
+						this.pc.getReaderContext().error("You must supply an identifier-match attribute if using more"
 								+ " than one " + Elements.OPENID_ATTRIBUTE_EXCHANGE + " element", attrExElt);
 					}
 					// Match anything
@@ -524,7 +524,7 @@ final class AuthenticationConfigBuilder {
 	}
 
 	private void createOpenIDProvider() {
-		Element openIDLoginElt = DomUtils.getChildElementByTagName(httpElt, Elements.OPENID_LOGIN);
+		Element openIDLoginElt = DomUtils.getChildElementByTagName(this.httpElt, Elements.OPENID_LOGIN);
 		BeanDefinitionBuilder openIDProviderBuilder = BeanDefinitionBuilder
 				.rootBeanDefinition(OPEN_ID_AUTHENTICATION_PROVIDER_CLASS);
 
@@ -536,7 +536,8 @@ final class AuthenticationConfigBuilder {
 		openIDProviderBuilder.addPropertyValue("authenticationUserDetailsService", uds);
 
 		BeanDefinition openIDProvider = openIDProviderBuilder.getBeanDefinition();
-		openIDProviderRef = new RuntimeBeanReference(pc.getReaderContext().registerWithGeneratedName(openIDProvider));
+		this.openIDProviderRef = new RuntimeBeanReference(
+				this.pc.getReaderContext().registerWithGeneratedName(openIDProvider));
 	}
 
 	private void injectRememberMeServicesRef(RootBeanDefinition bean, String rememberMeServicesId) {
@@ -547,14 +548,14 @@ final class AuthenticationConfigBuilder {
 	}
 
 	void createBasicFilter(BeanReference authManager) {
-		Element basicAuthElt = DomUtils.getChildElementByTagName(httpElt, Elements.BASIC_AUTH);
+		Element basicAuthElt = DomUtils.getChildElementByTagName(this.httpElt, Elements.BASIC_AUTH);
 
-		if (basicAuthElt == null && !autoConfig) {
+		if (basicAuthElt == null && !this.autoConfig) {
 			// No basic auth, do nothing
 			return;
 		}
 
-		String realm = httpElt.getAttribute(ATT_REALM);
+		String realm = this.httpElt.getAttribute(ATT_REALM);
 		if (!StringUtils.hasText(realm)) {
 			realm = DEF_REALM;
 		}
@@ -565,29 +566,29 @@ final class AuthenticationConfigBuilder {
 
 		if (basicAuthElt != null) {
 			if (StringUtils.hasText(basicAuthElt.getAttribute(ATT_ENTRY_POINT_REF))) {
-				basicEntryPoint = new RuntimeBeanReference(basicAuthElt.getAttribute(ATT_ENTRY_POINT_REF));
+				this.basicEntryPoint = new RuntimeBeanReference(basicAuthElt.getAttribute(ATT_ENTRY_POINT_REF));
 			}
 
 			injectAuthenticationDetailsSource(basicAuthElt, filterBuilder);
 
 		}
 
-		if (basicEntryPoint == null) {
+		if (this.basicEntryPoint == null) {
 			RootBeanDefinition entryPoint = new RootBeanDefinition(BasicAuthenticationEntryPoint.class);
-			entryPoint.setSource(pc.extractSource(httpElt));
+			entryPoint.setSource(this.pc.extractSource(this.httpElt));
 			entryPoint.getPropertyValues().addPropertyValue("realmName", realm);
-			entryPointId = pc.getReaderContext().generateBeanName(entryPoint);
-			pc.registerBeanComponent(new BeanComponentDefinition(entryPoint, entryPointId));
-			basicEntryPoint = new RuntimeBeanReference(entryPointId);
+			entryPointId = this.pc.getReaderContext().generateBeanName(entryPoint);
+			this.pc.registerBeanComponent(new BeanComponentDefinition(entryPoint, entryPointId));
+			this.basicEntryPoint = new RuntimeBeanReference(entryPointId);
 		}
 
 		filterBuilder.addConstructorArgValue(authManager);
-		filterBuilder.addConstructorArgValue(basicEntryPoint);
-		basicFilter = filterBuilder.getBeanDefinition();
+		filterBuilder.addConstructorArgValue(this.basicEntryPoint);
+		this.basicFilter = filterBuilder.getBeanDefinition();
 	}
 
 	void createBearerTokenAuthenticationFilter(BeanReference authManager) {
-		Element resourceServerElt = DomUtils.getChildElementByTagName(httpElt, Elements.OAUTH2_RESOURCE_SERVER);
+		Element resourceServerElt = DomUtils.getChildElementByTagName(this.httpElt, Elements.OAUTH2_RESOURCE_SERVER);
 
 		if (resourceServerElt == null) {
 			// No resource server, do nothing
@@ -595,19 +596,19 @@ final class AuthenticationConfigBuilder {
 		}
 
 		OAuth2ResourceServerBeanDefinitionParser resourceServerBuilder = new OAuth2ResourceServerBeanDefinitionParser(
-				authManager, authenticationProviders, defaultEntryPointMappings, defaultDeniedHandlerMappings,
-				csrfIgnoreRequestMatchers);
-		bearerTokenAuthenticationFilter = resourceServerBuilder.parse(resourceServerElt, pc);
+				authManager, this.authenticationProviders, this.defaultEntryPointMappings,
+				this.defaultDeniedHandlerMappings, this.csrfIgnoreRequestMatchers);
+		this.bearerTokenAuthenticationFilter = resourceServerBuilder.parse(resourceServerElt, this.pc);
 	}
 
 	void createX509Filter(BeanReference authManager) {
-		Element x509Elt = DomUtils.getChildElementByTagName(httpElt, Elements.X509);
+		Element x509Elt = DomUtils.getChildElementByTagName(this.httpElt, Elements.X509);
 		RootBeanDefinition filter = null;
 
 		if (x509Elt != null) {
 			BeanDefinitionBuilder filterBuilder = BeanDefinitionBuilder
 					.rootBeanDefinition(X509AuthenticationFilter.class);
-			filterBuilder.getRawBeanDefinition().setSource(pc.extractSource(x509Elt));
+			filterBuilder.getRawBeanDefinition().setSource(this.pc.extractSource(x509Elt));
 			filterBuilder.addPropertyValue("authenticationManager", authManager);
 
 			String regex = x509Elt.getAttribute("subject-principal-regex");
@@ -628,7 +629,7 @@ final class AuthenticationConfigBuilder {
 			createX509Provider();
 		}
 
-		x509Filter = filter;
+		this.x509Filter = filter;
 	}
 
 	private void injectAuthenticationDetailsSource(Element elt, BeanDefinitionBuilder filterBuilder) {
@@ -640,7 +641,7 @@ final class AuthenticationConfigBuilder {
 	}
 
 	private void createX509Provider() {
-		Element x509Elt = DomUtils.getChildElementByTagName(httpElt, Elements.X509);
+		Element x509Elt = DomUtils.getChildElementByTagName(this.httpElt, Elements.X509);
 		BeanDefinition provider = new RootBeanDefinition(PreAuthenticatedAuthenticationProvider.class);
 
 		RootBeanDefinition uds = new RootBeanDefinition();
@@ -650,26 +651,26 @@ final class AuthenticationConfigBuilder {
 
 		provider.getPropertyValues().addPropertyValue("preAuthenticatedUserDetailsService", uds);
 
-		x509ProviderRef = new RuntimeBeanReference(pc.getReaderContext().registerWithGeneratedName(provider));
+		this.x509ProviderRef = new RuntimeBeanReference(this.pc.getReaderContext().registerWithGeneratedName(provider));
 	}
 
 	private void createPrauthEntryPoint(Element source) {
-		if (preAuthEntryPoint == null) {
-			preAuthEntryPoint = new RootBeanDefinition(Http403ForbiddenEntryPoint.class);
-			preAuthEntryPoint.setSource(pc.extractSource(source));
+		if (this.preAuthEntryPoint == null) {
+			this.preAuthEntryPoint = new RootBeanDefinition(Http403ForbiddenEntryPoint.class);
+			this.preAuthEntryPoint.setSource(this.pc.extractSource(source));
 		}
 	}
 
 	void createJeeFilter(BeanReference authManager) {
 		final String ATT_MAPPABLE_ROLES = "mappable-roles";
 
-		Element jeeElt = DomUtils.getChildElementByTagName(httpElt, Elements.JEE);
+		Element jeeElt = DomUtils.getChildElementByTagName(this.httpElt, Elements.JEE);
 		RootBeanDefinition filter = null;
 
 		if (jeeElt != null) {
 			BeanDefinitionBuilder filterBuilder = BeanDefinitionBuilder
 					.rootBeanDefinition(J2eePreAuthenticatedProcessingFilter.class);
-			filterBuilder.getRawBeanDefinition().setSource(pc.extractSource(jeeElt));
+			filterBuilder.getRawBeanDefinition().setSource(this.pc.extractSource(jeeElt));
 			filterBuilder.addPropertyValue("authenticationManager", authManager);
 
 			BeanDefinitionBuilder adsBldr = BeanDefinitionBuilder
@@ -695,11 +696,11 @@ final class AuthenticationConfigBuilder {
 			createJeeProvider();
 		}
 
-		jeeFilter = filter;
+		this.jeeFilter = filter;
 	}
 
 	private void createJeeProvider() {
-		Element jeeElt = DomUtils.getChildElementByTagName(httpElt, Elements.JEE);
+		Element jeeElt = DomUtils.getChildElementByTagName(this.httpElt, Elements.JEE);
 		BeanDefinition provider = new RootBeanDefinition(PreAuthenticatedAuthenticationProvider.class);
 
 		RootBeanDefinition uds;
@@ -715,15 +716,16 @@ final class AuthenticationConfigBuilder {
 
 		provider.getPropertyValues().addPropertyValue("preAuthenticatedUserDetailsService", uds);
 
-		jeeProviderRef = new RuntimeBeanReference(pc.getReaderContext().registerWithGeneratedName(provider));
+		this.jeeProviderRef = new RuntimeBeanReference(this.pc.getReaderContext().registerWithGeneratedName(provider));
 	}
 
 	void createLoginPageFilterIfNeeded() {
-		boolean needLoginPage = formFilterId != null || openIDFilterId != null || oauth2LoginFilterId != null;
+		boolean needLoginPage = this.formFilterId != null || this.openIDFilterId != null
+				|| this.oauth2LoginFilterId != null;
 
 		// If no login page has been defined, add in the default page generator.
-		if (needLoginPage && formLoginPage == null && openIDLoginPage == null) {
-			logger.info("No login page configured. The default internal one will be used. Use the '"
+		if (needLoginPage && this.formLoginPage == null && this.openIDLoginPage == null) {
+			this.logger.info("No login page configured. The default internal one will be used. Use the '"
 					+ FormLoginBeanDefinitionParser.ATT_LOGIN_PAGE + "' attribute to set the URL of the login page.");
 			BeanDefinitionBuilder loginPageFilter = BeanDefinitionBuilder
 					.rootBeanDefinition(DefaultLoginPageGeneratingFilter.class);
@@ -733,69 +735,69 @@ final class AuthenticationConfigBuilder {
 					.rootBeanDefinition(DefaultLogoutPageGeneratingFilter.class);
 			logoutPageFilter.addPropertyValue("resolveHiddenInputs", new CsrfTokenHiddenInputFunction());
 
-			if (formFilterId != null) {
-				loginPageFilter.addConstructorArgReference(formFilterId);
-				loginPageFilter.addPropertyValue("authenticationUrl", loginProcessingUrl);
+			if (this.formFilterId != null) {
+				loginPageFilter.addConstructorArgReference(this.formFilterId);
+				loginPageFilter.addPropertyValue("authenticationUrl", this.loginProcessingUrl);
 			}
 
-			if (openIDFilterId != null) {
-				loginPageFilter.addConstructorArgReference(openIDFilterId);
-				loginPageFilter.addPropertyValue("openIDauthenticationUrl", openidLoginProcessingUrl);
+			if (this.openIDFilterId != null) {
+				loginPageFilter.addConstructorArgReference(this.openIDFilterId);
+				loginPageFilter.addPropertyValue("openIDauthenticationUrl", this.openidLoginProcessingUrl);
 			}
 
-			if (oauth2LoginFilterId != null) {
-				loginPageFilter.addConstructorArgReference(oauth2LoginFilterId);
+			if (this.oauth2LoginFilterId != null) {
+				loginPageFilter.addConstructorArgReference(this.oauth2LoginFilterId);
 				loginPageFilter.addPropertyValue("Oauth2LoginEnabled", true);
-				loginPageFilter.addPropertyValue("Oauth2AuthenticationUrlToClientName", oauth2LoginLinks);
+				loginPageFilter.addPropertyValue("Oauth2AuthenticationUrlToClientName", this.oauth2LoginLinks);
 			}
 
-			loginPageGenerationFilter = loginPageFilter.getBeanDefinition();
+			this.loginPageGenerationFilter = loginPageFilter.getBeanDefinition();
 			this.logoutPageGenerationFilter = logoutPageFilter.getBeanDefinition();
 		}
 	}
 
 	void createLogoutFilter() {
-		Element logoutElt = DomUtils.getChildElementByTagName(httpElt, Elements.LOGOUT);
-		if (logoutElt != null || autoConfig) {
+		Element logoutElt = DomUtils.getChildElementByTagName(this.httpElt, Elements.LOGOUT);
+		if (logoutElt != null || this.autoConfig) {
 			String formLoginPage = this.formLoginPage;
 			if (formLoginPage == null) {
 				formLoginPage = DefaultLoginPageGeneratingFilter.DEFAULT_LOGIN_PAGE_URL;
 			}
 			LogoutBeanDefinitionParser logoutParser = new LogoutBeanDefinitionParser(formLoginPage,
-					rememberMeServicesId, csrfLogoutHandler);
-			logoutFilter = logoutParser.parse(logoutElt, pc);
-			logoutHandlers = logoutParser.getLogoutHandlers();
+					this.rememberMeServicesId, this.csrfLogoutHandler);
+			this.logoutFilter = logoutParser.parse(logoutElt, this.pc);
+			this.logoutHandlers = logoutParser.getLogoutHandlers();
 		}
 	}
 
 	@SuppressWarnings({ "rawtypes", "unchecked" })
 	ManagedList getLogoutHandlers() {
-		if (logoutHandlers == null && rememberMeProviderRef != null) {
-			logoutHandlers = new ManagedList();
-			if (csrfLogoutHandler != null) {
-				logoutHandlers.add(csrfLogoutHandler);
+		if (this.logoutHandlers == null && this.rememberMeProviderRef != null) {
+			this.logoutHandlers = new ManagedList();
+			if (this.csrfLogoutHandler != null) {
+				this.logoutHandlers.add(this.csrfLogoutHandler);
 			}
-			logoutHandlers.add(new RuntimeBeanReference(rememberMeServicesId));
-			logoutHandlers.add(new RootBeanDefinition(SecurityContextLogoutHandler.class));
+			this.logoutHandlers.add(new RuntimeBeanReference(this.rememberMeServicesId));
+			this.logoutHandlers.add(new RootBeanDefinition(SecurityContextLogoutHandler.class));
 		}
 
-		return logoutHandlers;
+		return this.logoutHandlers;
 	}
 
 	BeanMetadataElement getEntryPointBean() {
-		return mainEntryPoint;
+		return this.mainEntryPoint;
 	}
 
 	BeanMetadataElement getAccessDeniedHandlerBean() {
-		return accessDeniedHandler;
+		return this.accessDeniedHandler;
 	}
 
 	List<BeanDefinition> getCsrfIgnoreRequestMatchers() {
-		return csrfIgnoreRequestMatchers;
+		return this.csrfIgnoreRequestMatchers;
 	}
 
 	void createAnonymousFilter() {
-		Element anonymousElt = DomUtils.getChildElementByTagName(httpElt, Elements.ANONYMOUS);
+		Element anonymousElt = DomUtils.getChildElementByTagName(this.httpElt, Elements.ANONYMOUS);
 
 		if (anonymousElt != null && "false".equals(anonymousElt.getAttribute("enabled"))) {
 			return;
@@ -804,13 +806,13 @@ final class AuthenticationConfigBuilder {
 		String grantedAuthority = null;
 		String username = null;
 		String key = null;
-		Object source = pc.extractSource(httpElt);
+		Object source = this.pc.extractSource(this.httpElt);
 
 		if (anonymousElt != null) {
 			grantedAuthority = anonymousElt.getAttribute("granted-authority");
 			username = anonymousElt.getAttribute("username");
 			key = anonymousElt.getAttribute(ATT_KEY);
-			source = pc.extractSource(anonymousElt);
+			source = this.pc.extractSource(anonymousElt);
 		}
 
 		if (!StringUtils.hasText(grantedAuthority)) {
@@ -826,20 +828,20 @@ final class AuthenticationConfigBuilder {
 			key = createKey();
 		}
 
-		anonymousFilter = new RootBeanDefinition(AnonymousAuthenticationFilter.class);
-		anonymousFilter.getConstructorArgumentValues().addIndexedArgumentValue(0, key);
-		anonymousFilter.getConstructorArgumentValues().addIndexedArgumentValue(1, username);
-		anonymousFilter.getConstructorArgumentValues().addIndexedArgumentValue(2,
+		this.anonymousFilter = new RootBeanDefinition(AnonymousAuthenticationFilter.class);
+		this.anonymousFilter.getConstructorArgumentValues().addIndexedArgumentValue(0, key);
+		this.anonymousFilter.getConstructorArgumentValues().addIndexedArgumentValue(1, username);
+		this.anonymousFilter.getConstructorArgumentValues().addIndexedArgumentValue(2,
 				AuthorityUtils.commaSeparatedStringToAuthorityList(grantedAuthority));
-		anonymousFilter.setSource(source);
+		this.anonymousFilter.setSource(source);
 
 		RootBeanDefinition anonymousProviderBean = new RootBeanDefinition(AnonymousAuthenticationProvider.class);
 		anonymousProviderBean.getConstructorArgumentValues().addIndexedArgumentValue(0, key);
-		anonymousProviderBean.setSource(anonymousFilter.getSource());
-		String id = pc.getReaderContext().generateBeanName(anonymousProviderBean);
-		pc.registerBeanComponent(new BeanComponentDefinition(anonymousProviderBean, id));
+		anonymousProviderBean.setSource(this.anonymousFilter.getSource());
+		String id = this.pc.getReaderContext().generateBeanName(anonymousProviderBean);
+		this.pc.registerBeanComponent(new BeanComponentDefinition(anonymousProviderBean, id));
 
-		anonymousProviderRef = new RuntimeBeanReference(id);
+		this.anonymousProviderRef = new RuntimeBeanReference(id);
 
 	}
 
@@ -850,14 +852,14 @@ final class AuthenticationConfigBuilder {
 
 	void createExceptionTranslationFilter() {
 		BeanDefinitionBuilder etfBuilder = BeanDefinitionBuilder.rootBeanDefinition(ExceptionTranslationFilter.class);
-		accessDeniedHandler = createAccessDeniedHandler(httpElt, pc);
-		etfBuilder.addPropertyValue("accessDeniedHandler", accessDeniedHandler);
-		assert requestCache != null;
-		mainEntryPoint = selectEntryPoint();
-		etfBuilder.addConstructorArgValue(mainEntryPoint);
-		etfBuilder.addConstructorArgValue(requestCache);
+		this.accessDeniedHandler = createAccessDeniedHandler(this.httpElt, this.pc);
+		etfBuilder.addPropertyValue("accessDeniedHandler", this.accessDeniedHandler);
+		assert this.requestCache != null;
+		this.mainEntryPoint = selectEntryPoint();
+		etfBuilder.addConstructorArgValue(this.mainEntryPoint);
+		etfBuilder.addConstructorArgValue(this.requestCache);
 
-		etf = etfBuilder.getBeanDefinition();
+		this.etf = etfBuilder.getBeanDefinition();
 	}
 
 	private BeanMetadataElement createAccessDeniedHandler(Element element, ParserContext pc) {
@@ -905,143 +907,144 @@ final class AuthenticationConfigBuilder {
 	private BeanMetadataElement selectEntryPoint() {
 		// We need to establish the main entry point.
 		// First check if a custom entry point bean is set
-		String customEntryPoint = httpElt.getAttribute(ATT_ENTRY_POINT_REF);
+		String customEntryPoint = this.httpElt.getAttribute(ATT_ENTRY_POINT_REF);
 
 		if (StringUtils.hasText(customEntryPoint)) {
 			return new RuntimeBeanReference(customEntryPoint);
 		}
 
-		if (!defaultEntryPointMappings.isEmpty()) {
-			if (defaultEntryPointMappings.size() == 1) {
-				return defaultEntryPointMappings.values().iterator().next();
+		if (!this.defaultEntryPointMappings.isEmpty()) {
+			if (this.defaultEntryPointMappings.size() == 1) {
+				return this.defaultEntryPointMappings.values().iterator().next();
 			}
 			BeanDefinitionBuilder delegatingEntryPoint = BeanDefinitionBuilder
 					.rootBeanDefinition(DelegatingAuthenticationEntryPoint.class);
-			delegatingEntryPoint.addConstructorArgValue(defaultEntryPointMappings);
+			delegatingEntryPoint.addConstructorArgValue(this.defaultEntryPointMappings);
 			return delegatingEntryPoint.getBeanDefinition();
 		}
 
-		Element basicAuthElt = DomUtils.getChildElementByTagName(httpElt, Elements.BASIC_AUTH);
-		Element formLoginElt = DomUtils.getChildElementByTagName(httpElt, Elements.FORM_LOGIN);
-		Element openIDLoginElt = DomUtils.getChildElementByTagName(httpElt, Elements.OPENID_LOGIN);
+		Element basicAuthElt = DomUtils.getChildElementByTagName(this.httpElt, Elements.BASIC_AUTH);
+		Element formLoginElt = DomUtils.getChildElementByTagName(this.httpElt, Elements.FORM_LOGIN);
+		Element openIDLoginElt = DomUtils.getChildElementByTagName(this.httpElt, Elements.OPENID_LOGIN);
 		// Basic takes precedence if explicit element is used and no others are configured
-		if (basicAuthElt != null && formLoginElt == null && openIDLoginElt == null && oauth2LoginEntryPoint == null) {
-			return basicEntryPoint;
+		if (basicAuthElt != null && formLoginElt == null && openIDLoginElt == null
+				&& this.oauth2LoginEntryPoint == null) {
+			return this.basicEntryPoint;
 		}
 
 		// If formLogin has been enabled either through an element or auto-config, then it
 		// is used if no openID login page
 		// has been set.
 
-		if (formLoginPage != null && openIDLoginPage != null) {
-			pc.getReaderContext().error(
+		if (this.formLoginPage != null && this.openIDLoginPage != null) {
+			this.pc.getReaderContext().error(
 					"Only one login-page can be defined, either for OpenID or form-login, " + "but not both.",
-					pc.extractSource(openIDLoginElt));
+					this.pc.extractSource(openIDLoginElt));
 		}
 
-		if (formFilterId != null && openIDLoginPage == null) {
+		if (this.formFilterId != null && this.openIDLoginPage == null) {
 			// gh-6802
 			// If form login was enabled through element and Oauth2 login was enabled from
 			// element then use form login
-			if (formLoginElt != null && oauth2LoginEntryPoint != null) {
-				return formEntryPoint;
+			if (formLoginElt != null && this.oauth2LoginEntryPoint != null) {
+				return this.formEntryPoint;
 			}
 			// If form login was enabled through auto-config, and Oauth2 login was not
 			// enabled then use form login
-			if (oauth2LoginEntryPoint == null) {
-				return formEntryPoint;
+			if (this.oauth2LoginEntryPoint == null) {
+				return this.formEntryPoint;
 			}
 		}
 
 		// Otherwise use OpenID if enabled
-		if (openIDFilterId != null) {
-			return openIDEntryPoint;
+		if (this.openIDFilterId != null) {
+			return this.openIDEntryPoint;
 		}
 
 		// If X.509 or JEE have been enabled, use the preauth entry point.
-		if (preAuthEntryPoint != null) {
-			return preAuthEntryPoint;
+		if (this.preAuthEntryPoint != null) {
+			return this.preAuthEntryPoint;
 		}
 
 		// OAuth2 entry point will not be null if only 1 client registration
-		if (oauth2LoginEntryPoint != null) {
-			return oauth2LoginEntryPoint;
+		if (this.oauth2LoginEntryPoint != null) {
+			return this.oauth2LoginEntryPoint;
 		}
 
-		pc.getReaderContext().error("No AuthenticationEntryPoint could be established. Please "
+		this.pc.getReaderContext().error("No AuthenticationEntryPoint could be established. Please "
 				+ "make sure you have a login mechanism configured through the namespace (such as form-login) or "
 				+ "specify a custom AuthenticationEntryPoint with the '" + ATT_ENTRY_POINT_REF + "' attribute ",
-				pc.extractSource(httpElt));
+				this.pc.extractSource(this.httpElt));
 		return null;
 	}
 
 	private void createUserDetailsServiceFactory() {
-		if (pc.getRegistry().containsBeanDefinition(BeanIds.USER_DETAILS_SERVICE_FACTORY)) {
+		if (this.pc.getRegistry().containsBeanDefinition(BeanIds.USER_DETAILS_SERVICE_FACTORY)) {
 			// Multiple <http> case
 			return;
 		}
 		RootBeanDefinition bean = new RootBeanDefinition(UserDetailsServiceFactoryBean.class);
 		bean.setRole(BeanDefinition.ROLE_INFRASTRUCTURE);
-		pc.registerBeanComponent(new BeanComponentDefinition(bean, BeanIds.USER_DETAILS_SERVICE_FACTORY));
+		this.pc.registerBeanComponent(new BeanComponentDefinition(bean, BeanIds.USER_DETAILS_SERVICE_FACTORY));
 	}
 
 	List<OrderDecorator> getFilters() {
 		List<OrderDecorator> filters = new ArrayList<>();
 
-		if (anonymousFilter != null) {
-			filters.add(new OrderDecorator(anonymousFilter, ANONYMOUS_FILTER));
+		if (this.anonymousFilter != null) {
+			filters.add(new OrderDecorator(this.anonymousFilter, ANONYMOUS_FILTER));
 		}
 
-		if (rememberMeFilter != null) {
-			filters.add(new OrderDecorator(rememberMeFilter, REMEMBER_ME_FILTER));
+		if (this.rememberMeFilter != null) {
+			filters.add(new OrderDecorator(this.rememberMeFilter, REMEMBER_ME_FILTER));
 		}
 
-		if (logoutFilter != null) {
-			filters.add(new OrderDecorator(logoutFilter, LOGOUT_FILTER));
+		if (this.logoutFilter != null) {
+			filters.add(new OrderDecorator(this.logoutFilter, LOGOUT_FILTER));
 		}
 
-		if (x509Filter != null) {
-			filters.add(new OrderDecorator(x509Filter, X509_FILTER));
+		if (this.x509Filter != null) {
+			filters.add(new OrderDecorator(this.x509Filter, X509_FILTER));
 		}
 
-		if (jeeFilter != null) {
-			filters.add(new OrderDecorator(jeeFilter, PRE_AUTH_FILTER));
+		if (this.jeeFilter != null) {
+			filters.add(new OrderDecorator(this.jeeFilter, PRE_AUTH_FILTER));
 		}
 
-		if (formFilterId != null) {
-			filters.add(new OrderDecorator(new RuntimeBeanReference(formFilterId), FORM_LOGIN_FILTER));
+		if (this.formFilterId != null) {
+			filters.add(new OrderDecorator(new RuntimeBeanReference(this.formFilterId), FORM_LOGIN_FILTER));
 		}
 
-		if (oauth2LoginFilterId != null) {
-			filters.add(new OrderDecorator(new RuntimeBeanReference(oauth2LoginFilterId), OAUTH2_LOGIN_FILTER));
-			filters.add(
-					new OrderDecorator(oauth2AuthorizationRequestRedirectFilter, OAUTH2_AUTHORIZATION_REQUEST_FILTER));
+		if (this.oauth2LoginFilterId != null) {
+			filters.add(new OrderDecorator(new RuntimeBeanReference(this.oauth2LoginFilterId), OAUTH2_LOGIN_FILTER));
+			filters.add(new OrderDecorator(this.oauth2AuthorizationRequestRedirectFilter,
+					OAUTH2_AUTHORIZATION_REQUEST_FILTER));
 		}
 
-		if (openIDFilterId != null) {
-			filters.add(new OrderDecorator(new RuntimeBeanReference(openIDFilterId), OPENID_FILTER));
+		if (this.openIDFilterId != null) {
+			filters.add(new OrderDecorator(new RuntimeBeanReference(this.openIDFilterId), OPENID_FILTER));
 		}
 
-		if (loginPageGenerationFilter != null) {
-			filters.add(new OrderDecorator(loginPageGenerationFilter, LOGIN_PAGE_FILTER));
+		if (this.loginPageGenerationFilter != null) {
+			filters.add(new OrderDecorator(this.loginPageGenerationFilter, LOGIN_PAGE_FILTER));
 			filters.add(new OrderDecorator(this.logoutPageGenerationFilter, LOGOUT_PAGE_FILTER));
 		}
 
-		if (basicFilter != null) {
-			filters.add(new OrderDecorator(basicFilter, BASIC_AUTH_FILTER));
+		if (this.basicFilter != null) {
+			filters.add(new OrderDecorator(this.basicFilter, BASIC_AUTH_FILTER));
 		}
 
-		if (bearerTokenAuthenticationFilter != null) {
-			filters.add(new OrderDecorator(bearerTokenAuthenticationFilter, BEARER_TOKEN_AUTH_FILTER));
+		if (this.bearerTokenAuthenticationFilter != null) {
+			filters.add(new OrderDecorator(this.bearerTokenAuthenticationFilter, BEARER_TOKEN_AUTH_FILTER));
 		}
 
-		if (authorizationCodeGrantFilter != null) {
-			filters.add(new OrderDecorator(authorizationRequestRedirectFilter,
+		if (this.authorizationCodeGrantFilter != null) {
+			filters.add(new OrderDecorator(this.authorizationRequestRedirectFilter,
 					OAUTH2_AUTHORIZATION_REQUEST_FILTER.getOrder() + 1));
-			filters.add(new OrderDecorator(authorizationCodeGrantFilter, OAUTH2_AUTHORIZATION_CODE_GRANT_FILTER));
+			filters.add(new OrderDecorator(this.authorizationCodeGrantFilter, OAUTH2_AUTHORIZATION_CODE_GRANT_FILTER));
 		}
 
-		filters.add(new OrderDecorator(etf, EXCEPTION_TRANSLATION_FILTER));
+		filters.add(new OrderDecorator(this.etf, EXCEPTION_TRANSLATION_FILTER));
 
 		return filters;
 	}
@@ -1049,36 +1052,36 @@ final class AuthenticationConfigBuilder {
 	List<BeanReference> getProviders() {
 		List<BeanReference> providers = new ArrayList<>();
 
-		if (anonymousProviderRef != null) {
-			providers.add(anonymousProviderRef);
+		if (this.anonymousProviderRef != null) {
+			providers.add(this.anonymousProviderRef);
 		}
 
-		if (rememberMeProviderRef != null) {
-			providers.add(rememberMeProviderRef);
+		if (this.rememberMeProviderRef != null) {
+			providers.add(this.rememberMeProviderRef);
 		}
 
-		if (openIDProviderRef != null) {
-			providers.add(openIDProviderRef);
+		if (this.openIDProviderRef != null) {
+			providers.add(this.openIDProviderRef);
 		}
 
-		if (x509ProviderRef != null) {
-			providers.add(x509ProviderRef);
+		if (this.x509ProviderRef != null) {
+			providers.add(this.x509ProviderRef);
 		}
 
-		if (jeeProviderRef != null) {
-			providers.add(jeeProviderRef);
+		if (this.jeeProviderRef != null) {
+			providers.add(this.jeeProviderRef);
 		}
 
-		if (oauth2LoginAuthenticationProviderRef != null) {
-			providers.add(oauth2LoginAuthenticationProviderRef);
+		if (this.oauth2LoginAuthenticationProviderRef != null) {
+			providers.add(this.oauth2LoginAuthenticationProviderRef);
 		}
 
-		if (oauth2LoginOidcAuthenticationProviderRef != null) {
-			providers.add(oauth2LoginOidcAuthenticationProviderRef);
+		if (this.oauth2LoginOidcAuthenticationProviderRef != null) {
+			providers.add(this.oauth2LoginOidcAuthenticationProviderRef);
 		}
 
-		if (authorizationCodeAuthenticationProviderRef != null) {
-			providers.add(authorizationCodeAuthenticationProviderRef);
+		if (this.authorizationCodeAuthenticationProviderRef != null) {
+			providers.add(this.authorizationCodeAuthenticationProviderRef);
 		}
 
 		providers.addAll(this.authenticationProviders);
diff --git a/config/src/main/java/org/springframework/security/config/http/DefaultFilterChainValidator.java b/config/src/main/java/org/springframework/security/config/http/DefaultFilterChainValidator.java
index 027b6e166f..360c1dfd04 100644
--- a/config/src/main/java/org/springframework/security/config/http/DefaultFilterChainValidator.java
+++ b/config/src/main/java/org/springframework/security/config/http/DefaultFilterChainValidator.java
@@ -123,7 +123,7 @@ public class DefaultFilterChainValidator implements FilterChainProxy.FilterChain
 				for (int j = i + 1; j < filters.size(); j++) {
 					Filter f2 = filters.get(j);
 					if (clazz.isAssignableFrom(f2.getClass())) {
-						logger.warn("Possible error: Filters at position " + i + " and " + j + " are both "
+						this.logger.warn("Possible error: Filters at position " + i + " and " + j + " are both "
 								+ "instances of " + clazz.getName());
 						return;
 					}
@@ -144,7 +144,7 @@ public class DefaultFilterChainValidator implements FilterChainProxy.FilterChain
 		}
 
 		String loginPage = ((LoginUrlAuthenticationEntryPoint) etf.getAuthenticationEntryPoint()).getLoginFormUrl();
-		logger.info("Checking whether login URL '" + loginPage + "' is accessible with your configuration");
+		this.logger.info("Checking whether login URL '" + loginPage + "' is accessible with your configuration");
 		FilterInvocation loginRequest = new FilterInvocation(loginPage, "POST");
 		List<Filter> filters = null;
 
@@ -155,16 +155,16 @@ public class DefaultFilterChainValidator implements FilterChainProxy.FilterChain
 			// May happen legitimately if a filter-chain request matcher requires more
 			// request data than that provided
 			// by the dummy request used when creating the filter invocation.
-			logger.info("Failed to obtain filter chain information for the login page. Unable to complete check.");
+			this.logger.info("Failed to obtain filter chain information for the login page. Unable to complete check.");
 		}
 
 		if (filters == null || filters.isEmpty()) {
-			logger.debug("Filter chain is empty for the login page");
+			this.logger.debug("Filter chain is empty for the login page");
 			return;
 		}
 
 		if (getFilter(DefaultLoginPageGeneratingFilter.class, filters) != null) {
-			logger.debug("Default generated login page is in use");
+			this.logger.debug("Default generated login page is in use");
 			return;
 		}
 
@@ -174,9 +174,9 @@ public class DefaultFilterChainValidator implements FilterChainProxy.FilterChain
 		Collection<ConfigAttribute> attributes = fids.getAttributes(loginRequest);
 
 		if (attributes == null) {
-			logger.debug("No access attributes defined for login page URL");
+			this.logger.debug("No access attributes defined for login page URL");
 			if (fsi.isRejectPublicInvocations()) {
-				logger.warn("FilterSecurityInterceptor is configured to reject public invocations."
+				this.logger.warn("FilterSecurityInterceptor is configured to reject public invocations."
 						+ " Your login page may not be accessible.");
 			}
 			return;
@@ -184,7 +184,7 @@ public class DefaultFilterChainValidator implements FilterChainProxy.FilterChain
 
 		AnonymousAuthenticationFilter anonPF = getFilter(AnonymousAuthenticationFilter.class, filters);
 		if (anonPF == null) {
-			logger.warn("The login page is being protected by the filter chain, but you don't appear to have"
+			this.logger.warn("The login page is being protected by the filter chain, but you don't appear to have"
 					+ " anonymous authentication enabled. This is almost certainly an error.");
 			return;
 		}
@@ -196,15 +196,16 @@ public class DefaultFilterChainValidator implements FilterChainProxy.FilterChain
 			fsi.getAccessDecisionManager().decide(token, loginRequest, attributes);
 		}
 		catch (AccessDeniedException e) {
-			logger.warn("Anonymous access to the login page doesn't appear to be enabled. This is almost certainly "
-					+ "an error. Please check your configuration allows unauthenticated access to the configured "
-					+ "login page. (Simulated access was rejected: " + e + ")");
+			this.logger
+					.warn("Anonymous access to the login page doesn't appear to be enabled. This is almost certainly "
+							+ "an error. Please check your configuration allows unauthenticated access to the configured "
+							+ "login page. (Simulated access was rejected: " + e + ")");
 		}
 		catch (Exception e) {
 			// May happen legitimately if a filter-chain request matcher requires more
 			// request data than that provided
 			// by the dummy request used when creating the filter invocation. See SEC-1878
-			logger.info(
+			this.logger.info(
 					"Unable to check access to the login page to determine if anonymous access is allowed. This might be an error, but can happen under normal circumstances.",
 					e);
 		}
diff --git a/config/src/main/java/org/springframework/security/config/http/FilterInvocationSecurityMetadataSourceParser.java b/config/src/main/java/org/springframework/security/config/http/FilterInvocationSecurityMetadataSourceParser.java
index 067308a6bc..d26e26dfb8 100644
--- a/config/src/main/java/org/springframework/security/config/http/FilterInvocationSecurityMetadataSourceParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/FilterInvocationSecurityMetadataSourceParser.java
@@ -224,8 +224,8 @@ public class FilterInvocationSecurityMetadataSourceParser implements BeanDefinit
 		private DefaultWebSecurityExpressionHandler handler = new DefaultWebSecurityExpressionHandler();
 
 		public DefaultWebSecurityExpressionHandler getBean() {
-			handler.setDefaultRolePrefix(this.rolePrefix);
-			return handler;
+			this.handler.setDefaultRolePrefix(this.rolePrefix);
+			return this.handler;
 		}
 
 	}
diff --git a/config/src/main/java/org/springframework/security/config/http/FormLoginBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/FormLoginBeanDefinitionParser.java
index 626dace287..c5e844740c 100644
--- a/config/src/main/java/org/springframework/security/config/http/FormLoginBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/FormLoginBeanDefinitionParser.java
@@ -134,7 +134,7 @@ public class FormLoginBeanDefinitionParser {
 			authenticationFailureUrl = elt.getAttribute(ATT_FORM_LOGIN_AUTHENTICATION_FAILURE_URL);
 			WebConfigUtils.validateHttpRedirect(authenticationFailureUrl, pc, source);
 			alwaysUseDefault = elt.getAttribute(ATT_ALWAYS_USE_DEFAULT_TARGET_URL);
-			loginPage = elt.getAttribute(ATT_LOGIN_PAGE);
+			this.loginPage = elt.getAttribute(ATT_LOGIN_PAGE);
 			successHandlerRef = elt.getAttribute(ATT_SUCCESS_HANDLER_REF);
 			failureHandlerRef = elt.getAttribute(ATT_FAILURE_HANDLER_REF);
 			authDetailsSourceRef = elt.getAttribute(AuthenticationConfigBuilder.ATT_AUTH_DETAILS_SOURCE_REF);
@@ -143,34 +143,34 @@ public class FormLoginBeanDefinitionParser {
 			authenticationSuccessForwardUrl = elt.getAttribute(ATT_FORM_LOGIN_AUTHENTICATION_SUCCESS_FORWARD_URL);
 			WebConfigUtils.validateHttpRedirect(authenticationSuccessForwardUrl, pc, source);
 
-			if (!StringUtils.hasText(loginPage)) {
-				loginPage = null;
+			if (!StringUtils.hasText(this.loginPage)) {
+				this.loginPage = null;
 			}
-			WebConfigUtils.validateHttpRedirect(loginPage, pc, source);
+			WebConfigUtils.validateHttpRedirect(this.loginPage, pc, source);
 			usernameParameter = elt.getAttribute(ATT_USERNAME_PARAMETER);
 			passwordParameter = elt.getAttribute(ATT_PASSWORD_PARAMETER);
 		}
 
-		filterBean = createFilterBean(loginUrl, defaultTargetUrl, alwaysUseDefault, loginPage, authenticationFailureUrl,
-				successHandlerRef, failureHandlerRef, authDetailsSourceRef, authenticationFailureForwardUrl,
-				authenticationSuccessForwardUrl);
+		this.filterBean = createFilterBean(loginUrl, defaultTargetUrl, alwaysUseDefault, this.loginPage,
+				authenticationFailureUrl, successHandlerRef, failureHandlerRef, authDetailsSourceRef,
+				authenticationFailureForwardUrl, authenticationSuccessForwardUrl);
 
 		if (StringUtils.hasText(usernameParameter)) {
-			filterBean.getPropertyValues().addPropertyValue("usernameParameter", usernameParameter);
+			this.filterBean.getPropertyValues().addPropertyValue("usernameParameter", usernameParameter);
 		}
 		if (StringUtils.hasText(passwordParameter)) {
-			filterBean.getPropertyValues().addPropertyValue("passwordParameter", passwordParameter);
+			this.filterBean.getPropertyValues().addPropertyValue("passwordParameter", passwordParameter);
 		}
 
-		filterBean.setSource(source);
+		this.filterBean.setSource(source);
 
 		BeanDefinitionBuilder entryPointBuilder = BeanDefinitionBuilder
 				.rootBeanDefinition(LoginUrlAuthenticationEntryPoint.class);
 		entryPointBuilder.getRawBeanDefinition().setSource(source);
-		entryPointBuilder.addConstructorArgValue(loginPage != null ? loginPage : DEF_LOGIN_PAGE);
-		entryPointBuilder.addPropertyValue("portMapper", portMapper);
-		entryPointBuilder.addPropertyValue("portResolver", portResolver);
-		entryPointBean = (RootBeanDefinition) entryPointBuilder.getBeanDefinition();
+		entryPointBuilder.addConstructorArgValue(this.loginPage != null ? this.loginPage : DEF_LOGIN_PAGE);
+		entryPointBuilder.addPropertyValue("portMapper", this.portMapper);
+		entryPointBuilder.addPropertyValue("portResolver", this.portResolver);
+		this.entryPointBean = (RootBeanDefinition) entryPointBuilder.getBeanDefinition();
 
 		return null;
 	}
@@ -180,10 +180,10 @@ public class FormLoginBeanDefinitionParser {
 			String authDetailsSourceRef, String authenticationFailureForwardUrl,
 			String authenticationSuccessForwardUrl) {
 
-		BeanDefinitionBuilder filterBuilder = BeanDefinitionBuilder.rootBeanDefinition(filterClassName);
+		BeanDefinitionBuilder filterBuilder = BeanDefinitionBuilder.rootBeanDefinition(this.filterClassName);
 
 		if (!StringUtils.hasText(loginUrl)) {
-			loginUrl = defaultLoginProcessingUrl;
+			loginUrl = this.defaultLoginProcessingUrl;
 		}
 
 		this.loginProcessingUrl = loginUrl;
@@ -191,7 +191,7 @@ public class FormLoginBeanDefinitionParser {
 		BeanDefinitionBuilder matcherBuilder = BeanDefinitionBuilder
 				.rootBeanDefinition("org.springframework.security.web.util.matcher.AntPathRequestMatcher");
 		matcherBuilder.addConstructorArgValue(loginUrl);
-		if (loginMethod != null) {
+		if (this.loginMethod != null) {
 			matcherBuilder.addConstructorArgValue("POST");
 		}
 
@@ -212,7 +212,7 @@ public class FormLoginBeanDefinitionParser {
 			if ("true".equals(alwaysUseDefault)) {
 				successHandler.addPropertyValue("alwaysUseDefaultTargetUrl", Boolean.TRUE);
 			}
-			successHandler.addPropertyValue("requestCache", requestCache);
+			successHandler.addPropertyValue("requestCache", this.requestCache);
 			successHandler.addPropertyValue("defaultTargetUrl",
 					StringUtils.hasText(defaultTargetUrl) ? defaultTargetUrl : DEF_FORM_LOGIN_TARGET_URL);
 			filterBuilder.addPropertyValue("authenticationSuccessHandler", successHandler.getBeanDefinition());
@@ -222,8 +222,8 @@ public class FormLoginBeanDefinitionParser {
 			filterBuilder.addPropertyReference("authenticationDetailsSource", authDetailsSourceRef);
 		}
 
-		if (sessionStrategy != null) {
-			filterBuilder.addPropertyValue("sessionAuthenticationStrategy", sessionStrategy);
+		if (this.sessionStrategy != null) {
+			filterBuilder.addPropertyValue("sessionAuthenticationStrategy", this.sessionStrategy);
 		}
 
 		if (StringUtils.hasText(failureHandlerRef)) {
@@ -248,7 +248,7 @@ public class FormLoginBeanDefinitionParser {
 				}
 			}
 			failureHandler.addPropertyValue("defaultFailureUrl", authenticationFailureUrl);
-			failureHandler.addPropertyValue("allowSessionCreation", allowSessionCreation);
+			failureHandler.addPropertyValue("allowSessionCreation", this.allowSessionCreation);
 			filterBuilder.addPropertyValue("authenticationFailureHandler", failureHandler.getBeanDefinition());
 		}
 
@@ -256,19 +256,19 @@ public class FormLoginBeanDefinitionParser {
 	}
 
 	RootBeanDefinition getFilterBean() {
-		return filterBean;
+		return this.filterBean;
 	}
 
 	RootBeanDefinition getEntryPointBean() {
-		return entryPointBean;
+		return this.entryPointBean;
 	}
 
 	String getLoginPage() {
-		return loginPage;
+		return this.loginPage;
 	}
 
 	String getLoginProcessingUrl() {
-		return loginProcessingUrl;
+		return this.loginProcessingUrl;
 	}
 
 }
diff --git a/config/src/main/java/org/springframework/security/config/http/HeadersBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/HeadersBeanDefinitionParser.java
index 924a17ffe2..332e83199b 100644
--- a/config/src/main/java/org/springframework/security/config/http/HeadersBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/HeadersBeanDefinitionParser.java
@@ -125,7 +125,7 @@ public class HeadersBeanDefinitionParser implements BeanDefinitionParser {
 
 	public BeanDefinition parse(Element element, ParserContext parserContext) {
 
-		headerWriters = new ManagedList<>();
+		this.headerWriters = new ManagedList<>();
 		BeanDefinitionBuilder builder = BeanDefinitionBuilder.rootBeanDefinition(HeaderWriterFilter.class);
 
 		boolean disabled = element != null && "true".equals(resolveAttribute(parserContext, element, "disabled"));
@@ -150,7 +150,7 @@ public class HeadersBeanDefinitionParser implements BeanDefinitionParser {
 
 		parseHeaderElements(element);
 
-		boolean noWriters = headerWriters.isEmpty();
+		boolean noWriters = this.headerWriters.isEmpty();
 		if (disabled && !noWriters) {
 			parserContext.getReaderContext().error("Cannot specify <headers disabled=\"true\"> with child elements.",
 					element);
@@ -159,7 +159,7 @@ public class HeadersBeanDefinitionParser implements BeanDefinitionParser {
 			return null;
 		}
 
-		builder.addConstructorArgValue(headerWriters);
+		builder.addConstructorArgValue(this.headerWriters);
 		return builder.getBeanDefinition();
 	}
 
@@ -190,7 +190,7 @@ public class HeadersBeanDefinitionParser implements BeanDefinitionParser {
 	private void addCacheControl() {
 		BeanDefinitionBuilder headersWriter = BeanDefinitionBuilder
 				.genericBeanDefinition(CacheControlHeadersWriter.class);
-		headerWriters.add(headersWriter.getBeanDefinition());
+		this.headerWriters.add(headersWriter.getBeanDefinition());
 	}
 
 	private void parseHstsElement(boolean addIfNotPresent, Element element, ParserContext context) {
@@ -238,7 +238,7 @@ public class HeadersBeanDefinitionParser implements BeanDefinitionParser {
 			}
 		}
 		if (addIfNotPresent || hstsElement != null) {
-			headerWriters.add(headersWriter.getBeanDefinition());
+			this.headerWriters.add(headersWriter.getBeanDefinition());
 		}
 	}
 
@@ -306,7 +306,7 @@ public class HeadersBeanDefinitionParser implements BeanDefinitionParser {
 			}
 
 			if (addIfNotPresent) {
-				headerWriters.add(headersWriter.getBeanDefinition());
+				this.headerWriters.add(headersWriter.getBeanDefinition());
 			}
 		}
 	}
@@ -337,7 +337,7 @@ public class HeadersBeanDefinitionParser implements BeanDefinitionParser {
 			headersWriter.addPropertyValue("reportOnly", reportOnly);
 		}
 
-		headerWriters.add(headersWriter.getBeanDefinition());
+		this.headerWriters.add(headersWriter.getBeanDefinition());
 	}
 
 	private void parseReferrerPolicyElement(Element element, ParserContext context) {
@@ -356,7 +356,7 @@ public class HeadersBeanDefinitionParser implements BeanDefinitionParser {
 		if (StringUtils.hasLength(policy)) {
 			headersWriter.addConstructorArgValue(ReferrerPolicy.get(policy));
 		}
-		headerWriters.add(headersWriter.getBeanDefinition());
+		this.headerWriters.add(headersWriter.getBeanDefinition());
 	}
 
 	private void parseFeaturePolicyElement(Element element, ParserContext context) {
@@ -380,7 +380,7 @@ public class HeadersBeanDefinitionParser implements BeanDefinitionParser {
 			headersWriter.addConstructorArgValue(policyDirectives);
 		}
 
-		headerWriters.add(headersWriter.getBeanDefinition());
+		this.headerWriters.add(headersWriter.getBeanDefinition());
 	}
 
 	private void attrNotAllowed(ParserContext context, String attrName, String otherAttrName, Element element) {
@@ -394,13 +394,13 @@ public class HeadersBeanDefinitionParser implements BeanDefinitionParser {
 		for (Element headerElt : headerElts) {
 			String headerFactoryRef = headerElt.getAttribute(ATT_REF);
 			if (StringUtils.hasText(headerFactoryRef)) {
-				headerWriters.add(new RuntimeBeanReference(headerFactoryRef));
+				this.headerWriters.add(new RuntimeBeanReference(headerFactoryRef));
 			}
 			else {
 				BeanDefinitionBuilder builder = BeanDefinitionBuilder.genericBeanDefinition(StaticHeadersWriter.class);
 				builder.addConstructorArgValue(headerElt.getAttribute(ATT_NAME));
 				builder.addConstructorArgValue(headerElt.getAttribute(ATT_VALUE));
-				headerWriters.add(builder.getBeanDefinition());
+				this.headerWriters.add(builder.getBeanDefinition());
 			}
 		}
 	}
@@ -420,7 +420,7 @@ public class HeadersBeanDefinitionParser implements BeanDefinitionParser {
 	private void addContentTypeOptions() {
 		BeanDefinitionBuilder builder = BeanDefinitionBuilder
 				.genericBeanDefinition(XContentTypeOptionsHeaderWriter.class);
-		headerWriters.add(builder.getBeanDefinition());
+		this.headerWriters.add(builder.getBeanDefinition());
 	}
 
 	private void parseFrameOptionsElement(boolean addIfNotPresent, Element element, ParserContext parserContext) {
@@ -495,7 +495,7 @@ public class HeadersBeanDefinitionParser implements BeanDefinitionParser {
 		}
 
 		if (addIfNotPresent || frameElt != null) {
-			headerWriters.add(builder.getBeanDefinition());
+			this.headerWriters.add(builder.getBeanDefinition());
 		}
 	}
 
@@ -526,7 +526,7 @@ public class HeadersBeanDefinitionParser implements BeanDefinitionParser {
 			}
 		}
 		if (addIfNotPresent || xssElt != null) {
-			headerWriters.add(builder.getBeanDefinition());
+			this.headerWriters.add(builder.getBeanDefinition());
 		}
 	}
 
diff --git a/config/src/main/java/org/springframework/security/config/http/HttpConfigurationBuilder.java b/config/src/main/java/org/springframework/security/config/http/HttpConfigurationBuilder.java
index c6b14f77cf..babb529960 100644
--- a/config/src/main/java/org/springframework/security/config/http/HttpConfigurationBuilder.java
+++ b/config/src/main/java/org/springframework/security/config/http/HttpConfigurationBuilder.java
@@ -194,9 +194,9 @@ class HttpConfigurationBuilder {
 		this.portMapper = portMapper;
 		this.portResolver = portResolver;
 		this.matcherType = MatcherType.fromElement(element);
-		interceptUrls = DomUtils.getChildElementsByTagName(element, Elements.INTERCEPT_URL);
+		this.interceptUrls = DomUtils.getChildElementsByTagName(element, Elements.INTERCEPT_URL);
 
-		for (Element urlElt : interceptUrls) {
+		for (Element urlElt : this.interceptUrls) {
 			if (StringUtils.hasText(urlElt.getAttribute(ATT_FILTERS))) {
 				pc.getReaderContext()
 						.error("The use of \"filters='none'\" is no longer supported. Please define a"
@@ -208,10 +208,10 @@ class HttpConfigurationBuilder {
 		String createSession = element.getAttribute(ATT_CREATE_SESSION);
 
 		if (StringUtils.hasText(createSession)) {
-			sessionPolicy = createPolicy(createSession);
+			this.sessionPolicy = createPolicy(createSession);
 		}
 		else {
-			sessionPolicy = SessionCreationPolicy.IF_REQUIRED;
+			this.sessionPolicy = SessionCreationPolicy.IF_REQUIRED;
 		}
 
 		createCsrfFilter();
@@ -248,30 +248,30 @@ class HttpConfigurationBuilder {
 	@SuppressWarnings("rawtypes")
 	void setLogoutHandlers(ManagedList logoutHandlers) {
 		if (logoutHandlers != null) {
-			if (concurrentSessionFilter != null) {
-				concurrentSessionFilter.getPropertyValues().add("logoutHandlers", logoutHandlers);
+			if (this.concurrentSessionFilter != null) {
+				this.concurrentSessionFilter.getPropertyValues().add("logoutHandlers", logoutHandlers);
 			}
-			if (servApiFilter != null) {
-				servApiFilter.getPropertyValues().add("logoutHandlers", logoutHandlers);
+			if (this.servApiFilter != null) {
+				this.servApiFilter.getPropertyValues().add("logoutHandlers", logoutHandlers);
 			}
 		}
 	}
 
 	void setEntryPoint(BeanMetadataElement entryPoint) {
-		if (servApiFilter != null) {
-			servApiFilter.getPropertyValues().add("authenticationEntryPoint", entryPoint);
+		if (this.servApiFilter != null) {
+			this.servApiFilter.getPropertyValues().add("authenticationEntryPoint", entryPoint);
 		}
 	}
 
 	void setAccessDeniedHandler(BeanMetadataElement accessDeniedHandler) {
-		if (csrfParser != null) {
-			csrfParser.initAccessDeniedHandler(this.invalidSession, accessDeniedHandler);
+		if (this.csrfParser != null) {
+			this.csrfParser.initAccessDeniedHandler(this.invalidSession, accessDeniedHandler);
 		}
 	}
 
 	void setCsrfIgnoreRequestMatchers(List<BeanDefinition> requestMatchers) {
-		if (csrfParser != null) {
-			csrfParser.setIgnoreCsrfRequestMatchers(requestMatchers);
+		if (this.csrfParser != null) {
+			this.csrfParser.setIgnoreCsrfRequestMatchers(requestMatchers);
 		}
 	}
 
@@ -283,25 +283,25 @@ class HttpConfigurationBuilder {
 	private void createSecurityContextPersistenceFilter() {
 		BeanDefinitionBuilder scpf = BeanDefinitionBuilder.rootBeanDefinition(SecurityContextPersistenceFilter.class);
 
-		String repoRef = httpElt.getAttribute(ATT_SECURITY_CONTEXT_REPOSITORY);
-		String disableUrlRewriting = httpElt.getAttribute(ATT_DISABLE_URL_REWRITING);
+		String repoRef = this.httpElt.getAttribute(ATT_SECURITY_CONTEXT_REPOSITORY);
+		String disableUrlRewriting = this.httpElt.getAttribute(ATT_DISABLE_URL_REWRITING);
 		if (!StringUtils.hasText(disableUrlRewriting)) {
 			disableUrlRewriting = "true";
 		}
 
 		if (StringUtils.hasText(repoRef)) {
-			if (sessionPolicy == SessionCreationPolicy.ALWAYS) {
+			if (this.sessionPolicy == SessionCreationPolicy.ALWAYS) {
 				scpf.addPropertyValue("forceEagerSessionCreation", Boolean.TRUE);
 			}
 		}
 		else {
 			BeanDefinitionBuilder contextRepo;
-			if (sessionPolicy == SessionCreationPolicy.STATELESS) {
+			if (this.sessionPolicy == SessionCreationPolicy.STATELESS) {
 				contextRepo = BeanDefinitionBuilder.rootBeanDefinition(NullSecurityContextRepository.class);
 			}
 			else {
 				contextRepo = BeanDefinitionBuilder.rootBeanDefinition(HttpSessionSecurityContextRepository.class);
-				switch (sessionPolicy) {
+				switch (this.sessionPolicy) {
 				case ALWAYS:
 					contextRepo.addPropertyValue("allowSessionCreation", Boolean.TRUE);
 					scpf.addPropertyValue("forceEagerSessionCreation", Boolean.TRUE);
@@ -321,18 +321,18 @@ class HttpConfigurationBuilder {
 			}
 
 			BeanDefinition repoBean = contextRepo.getBeanDefinition();
-			repoRef = pc.getReaderContext().generateBeanName(repoBean);
-			pc.registerBeanComponent(new BeanComponentDefinition(repoBean, repoRef));
+			repoRef = this.pc.getReaderContext().generateBeanName(repoBean);
+			this.pc.registerBeanComponent(new BeanComponentDefinition(repoBean, repoRef));
 		}
 
-		contextRepoRef = new RuntimeBeanReference(repoRef);
-		scpf.addConstructorArgValue(contextRepoRef);
+		this.contextRepoRef = new RuntimeBeanReference(repoRef);
+		scpf.addConstructorArgValue(this.contextRepoRef);
 
-		securityContextPersistenceFilter = scpf.getBeanDefinition();
+		this.securityContextPersistenceFilter = scpf.getBeanDefinition();
 	}
 
 	private void createSessionManagementFilters() {
-		Element sessionMgmtElt = DomUtils.getChildElementByTagName(httpElt, Elements.SESSION_MANAGEMENT);
+		Element sessionMgmtElt = DomUtils.getChildElementByTagName(this.httpElt, Elements.SESSION_MANAGEMENT);
 		Element sessionCtrlElt = null;
 
 		String sessionFixationAttribute = null;
@@ -343,11 +343,11 @@ class HttpConfigurationBuilder {
 
 		boolean sessionControlEnabled = false;
 		if (sessionMgmtElt != null) {
-			if (sessionPolicy == SessionCreationPolicy.STATELESS) {
-				pc.getReaderContext()
+			if (this.sessionPolicy == SessionCreationPolicy.STATELESS) {
+				this.pc.getReaderContext()
 						.error(Elements.SESSION_MANAGEMENT + "  cannot be used" + " in combination with "
 								+ ATT_CREATE_SESSION + "='" + SessionCreationPolicy.STATELESS + "'",
-								pc.extractSource(sessionMgmtElt));
+								this.pc.extractSource(sessionMgmtElt));
 			}
 			sessionFixationAttribute = sessionMgmtElt.getAttribute(ATT_SESSION_FIXATION_PROTECTION);
 			invalidSessionUrl = sessionMgmtElt.getAttribute(ATT_INVALID_SESSION_URL);
@@ -359,16 +359,17 @@ class HttpConfigurationBuilder {
 			sessionControlEnabled = sessionCtrlElt != null;
 
 			if (StringUtils.hasText(invalidSessionUrl) && StringUtils.hasText(invalidSessionStrategyRef)) {
-				pc.getReaderContext().error(ATT_INVALID_SESSION_URL + " attribute cannot be used in combination with"
-						+ " the " + ATT_INVALID_SESSION_STRATEGY_REF + " attribute.", sessionMgmtElt);
+				this.pc.getReaderContext()
+						.error(ATT_INVALID_SESSION_URL + " attribute cannot be used in combination with" + " the "
+								+ ATT_INVALID_SESSION_STRATEGY_REF + " attribute.", sessionMgmtElt);
 			}
 
 			if (sessionControlEnabled) {
 				if (StringUtils.hasText(sessionAuthStratRef)) {
-					pc.getReaderContext()
+					this.pc.getReaderContext()
 							.error(ATT_SESSION_AUTH_STRATEGY_REF + " attribute cannot be used"
 									+ " in combination with <" + Elements.CONCURRENT_SESSIONS + ">",
-									pc.extractSource(sessionCtrlElt));
+									this.pc.extractSource(sessionCtrlElt));
 				}
 				createConcurrencyControlFilterAndSessionRegistry(sessionCtrlElt);
 			}
@@ -378,11 +379,11 @@ class HttpConfigurationBuilder {
 			sessionFixationAttribute = OPT_CHANGE_SESSION_ID;
 		}
 		else if (StringUtils.hasText(sessionAuthStratRef)) {
-			pc.getReaderContext().error(ATT_SESSION_FIXATION_PROTECTION + " attribute cannot be used"
-					+ " in combination with " + ATT_SESSION_AUTH_STRATEGY_REF, pc.extractSource(sessionMgmtElt));
+			this.pc.getReaderContext().error(ATT_SESSION_FIXATION_PROTECTION + " attribute cannot be used"
+					+ " in combination with " + ATT_SESSION_AUTH_STRATEGY_REF, this.pc.extractSource(sessionMgmtElt));
 		}
 
-		if (sessionPolicy == SessionCreationPolicy.STATELESS) {
+		if (this.sessionPolicy == SessionCreationPolicy.STATELESS) {
 			// SEC-1424: do nothing
 			return;
 		}
@@ -395,15 +396,15 @@ class HttpConfigurationBuilder {
 		BeanDefinitionBuilder sessionFixationStrategy = null;
 		BeanDefinitionBuilder registerSessionStrategy;
 
-		if (csrfAuthStrategy != null) {
-			delegateSessionStrategies.add(csrfAuthStrategy);
+		if (this.csrfAuthStrategy != null) {
+			delegateSessionStrategies.add(this.csrfAuthStrategy);
 		}
 
 		if (sessionControlEnabled) {
-			assert sessionRegistryRef != null;
+			assert this.sessionRegistryRef != null;
 			concurrentSessionStrategy = BeanDefinitionBuilder
 					.rootBeanDefinition(ConcurrentSessionControlAuthenticationStrategy.class);
-			concurrentSessionStrategy.addConstructorArgValue(sessionRegistryRef);
+			concurrentSessionStrategy.addConstructorArgValue(this.sessionRegistryRef);
 
 			String maxSessions = sessionCtrlElt.getAttribute("max-sessions");
 
@@ -438,12 +439,12 @@ class HttpConfigurationBuilder {
 		if (sessionControlEnabled) {
 			registerSessionStrategy = BeanDefinitionBuilder
 					.rootBeanDefinition(RegisterSessionAuthenticationStrategy.class);
-			registerSessionStrategy.addConstructorArgValue(sessionRegistryRef);
+			registerSessionStrategy.addConstructorArgValue(this.sessionRegistryRef);
 			delegateSessionStrategies.add(registerSessionStrategy.getBeanDefinition());
 		}
 
 		if (delegateSessionStrategies.isEmpty()) {
-			sfpf = null;
+			this.sfpf = null;
 			return;
 		}
 
@@ -454,7 +455,7 @@ class HttpConfigurationBuilder {
 			failureHandler.getPropertyValues().addPropertyValue("defaultFailureUrl", errorUrl);
 		}
 		sessionMgmtFilter.addPropertyValue("authenticationFailureHandler", failureHandler);
-		sessionMgmtFilter.addConstructorArgValue(contextRepoRef);
+		sessionMgmtFilter.addConstructorArgValue(this.contextRepoRef);
 
 		if (!StringUtils.hasText(sessionAuthStratRef) && sessionFixationStrategy != null && !useChangeSessionId) {
 
@@ -469,8 +470,8 @@ class HttpConfigurationBuilder {
 					.rootBeanDefinition(CompositeSessionAuthenticationStrategy.class);
 			BeanDefinition strategyBean = sessionStrategy.getBeanDefinition();
 			sessionStrategy.addConstructorArgValue(delegateSessionStrategies);
-			sessionAuthStratRef = pc.getReaderContext().generateBeanName(strategyBean);
-			pc.registerBeanComponent(new BeanComponentDefinition(strategyBean, sessionAuthStratRef));
+			sessionAuthStratRef = this.pc.getReaderContext().generateBeanName(strategyBean);
+			this.pc.registerBeanComponent(new BeanComponentDefinition(strategyBean, sessionAuthStratRef));
 
 		}
 
@@ -478,8 +479,8 @@ class HttpConfigurationBuilder {
 			BeanDefinitionBuilder invalidSessionBldr = BeanDefinitionBuilder
 					.rootBeanDefinition(SimpleRedirectInvalidSessionStrategy.class);
 			invalidSessionBldr.addConstructorArgValue(invalidSessionUrl);
-			invalidSession = invalidSessionBldr.getBeanDefinition();
-			sessionMgmtFilter.addPropertyValue("invalidSessionStrategy", invalidSession);
+			this.invalidSession = invalidSessionBldr.getBeanDefinition();
+			sessionMgmtFilter.addPropertyValue("invalidSessionStrategy", this.invalidSession);
 		}
 		else if (StringUtils.hasText(invalidSessionStrategyRef)) {
 			sessionMgmtFilter.addPropertyReference("invalidSessionStrategy", invalidSessionStrategyRef);
@@ -487,8 +488,8 @@ class HttpConfigurationBuilder {
 
 		sessionMgmtFilter.addConstructorArgReference(sessionAuthStratRef);
 
-		sfpf = (RootBeanDefinition) sessionMgmtFilter.getBeanDefinition();
-		sessionStrategyRef = new RuntimeBeanReference(sessionAuthStratRef);
+		this.sfpf = (RootBeanDefinition) sessionMgmtFilter.getBeanDefinition();
+		this.sessionStrategyRef = new RuntimeBeanReference(sessionAuthStratRef);
 	}
 
 	private void createConcurrencyControlFilterAndSessionRegistry(Element element) {
@@ -498,18 +499,18 @@ class HttpConfigurationBuilder {
 		final String ATT_SESSION_REGISTRY_REF = "session-registry-ref";
 
 		CompositeComponentDefinition compositeDef = new CompositeComponentDefinition(element.getTagName(),
-				pc.extractSource(element));
-		pc.pushContainingComponent(compositeDef);
+				this.pc.extractSource(element));
+		this.pc.pushContainingComponent(compositeDef);
 
-		BeanDefinitionRegistry beanRegistry = pc.getRegistry();
+		BeanDefinitionRegistry beanRegistry = this.pc.getRegistry();
 
 		String sessionRegistryId = element.getAttribute(ATT_SESSION_REGISTRY_REF);
 
 		if (!StringUtils.hasText(sessionRegistryId)) {
 			// Register an internal SessionRegistryImpl if no external reference supplied.
 			RootBeanDefinition sessionRegistry = new RootBeanDefinition(SessionRegistryImpl.class);
-			sessionRegistryId = pc.getReaderContext().registerWithGeneratedName(sessionRegistry);
-			pc.registerComponent(new BeanComponentDefinition(sessionRegistry, sessionRegistryId));
+			sessionRegistryId = this.pc.getReaderContext().registerWithGeneratedName(sessionRegistry);
+			this.pc.registerComponent(new BeanComponentDefinition(sessionRegistry, sessionRegistryId));
 		}
 
 		String registryAlias = element.getAttribute(ATT_SESSION_REGISTRY_ALIAS);
@@ -520,7 +521,7 @@ class HttpConfigurationBuilder {
 		BeanDefinitionBuilder filterBuilder = BeanDefinitionBuilder.rootBeanDefinition(ConcurrentSessionFilter.class);
 		filterBuilder.addConstructorArgReference(sessionRegistryId);
 
-		Object source = pc.extractSource(element);
+		Object source = this.pc.extractSource(element);
 		filterBuilder.getRawBeanDefinition().setSource(source);
 		filterBuilder.setRole(BeanDefinition.ROLE_INFRASTRUCTURE);
 
@@ -528,7 +529,7 @@ class HttpConfigurationBuilder {
 		String expiredSessionStrategyRef = element.getAttribute(ATT_EXPIRED_SESSION_STRATEGY_REF);
 
 		if (StringUtils.hasText(expiryUrl) && StringUtils.hasText(expiredSessionStrategyRef)) {
-			pc.getReaderContext().error(
+			this.pc.getReaderContext().error(
 					"Cannot use 'expired-url' attribute and 'expired-session-strategy-ref'" + " attribute together.",
 					source);
 		}
@@ -543,16 +544,16 @@ class HttpConfigurationBuilder {
 			filterBuilder.addConstructorArgReference(expiredSessionStrategyRef);
 		}
 
-		pc.popAndRegisterContainingComponent();
+		this.pc.popAndRegisterContainingComponent();
 
-		concurrentSessionFilter = filterBuilder.getBeanDefinition();
-		sessionRegistryRef = new RuntimeBeanReference(sessionRegistryId);
+		this.concurrentSessionFilter = filterBuilder.getBeanDefinition();
+		this.sessionRegistryRef = new RuntimeBeanReference(sessionRegistryId);
 	}
 
 	private void createWebAsyncManagerFilter() {
 		boolean asyncSupported = ClassUtils.hasMethod(ServletRequest.class, "startAsync");
 		if (asyncSupported) {
-			webAsyncManagerFilter = new RootBeanDefinition(WebAsyncManagerIntegrationFilter.class);
+			this.webAsyncManagerFilter = new RootBeanDefinition(WebAsyncManagerIntegrationFilter.class);
 		}
 	}
 
@@ -561,15 +562,15 @@ class HttpConfigurationBuilder {
 		final String ATT_SERVLET_API_PROVISION = "servlet-api-provision";
 		final String DEF_SERVLET_API_PROVISION = "true";
 
-		String provideServletApi = httpElt.getAttribute(ATT_SERVLET_API_PROVISION);
+		String provideServletApi = this.httpElt.getAttribute(ATT_SERVLET_API_PROVISION);
 		if (!StringUtils.hasText(provideServletApi)) {
 			provideServletApi = DEF_SERVLET_API_PROVISION;
 		}
 
 		if ("true".equals(provideServletApi)) {
-			servApiFilter = GrantedAuthorityDefaultsParserUtils.registerWithDefaultRolePrefix(pc,
+			this.servApiFilter = GrantedAuthorityDefaultsParserUtils.registerWithDefaultRolePrefix(this.pc,
 					SecurityContextHolderAwareRequestFilterBeanFactory.class);
-			servApiFilter.getPropertyValues().add("authenticationManager", authenticationManager);
+			this.servApiFilter.getPropertyValues().add("authenticationManager", authenticationManager);
 		}
 	}
 
@@ -578,13 +579,13 @@ class HttpConfigurationBuilder {
 		final String ATT_JAAS_API_PROVISION = "jaas-api-provision";
 		final String DEF_JAAS_API_PROVISION = "false";
 
-		String provideJaasApi = httpElt.getAttribute(ATT_JAAS_API_PROVISION);
+		String provideJaasApi = this.httpElt.getAttribute(ATT_JAAS_API_PROVISION);
 		if (!StringUtils.hasText(provideJaasApi)) {
 			provideJaasApi = DEF_JAAS_API_PROVISION;
 		}
 
 		if ("true".equals(provideJaasApi)) {
-			jaasApiFilter = new RootBeanDefinition(JaasApiIntegrationFilter.class);
+			this.jaasApiFilter = new RootBeanDefinition(JaasApiIntegrationFilter.class);
 		}
 	}
 
@@ -610,10 +611,10 @@ class HttpConfigurationBuilder {
 		RootBeanDefinition retryWithHttp = new RootBeanDefinition(RetryWithHttpEntryPoint.class);
 		RootBeanDefinition retryWithHttps = new RootBeanDefinition(RetryWithHttpsEntryPoint.class);
 
-		retryWithHttp.getPropertyValues().addPropertyValue("portMapper", portMapper);
-		retryWithHttp.getPropertyValues().addPropertyValue("portResolver", portResolver);
-		retryWithHttps.getPropertyValues().addPropertyValue("portMapper", portMapper);
-		retryWithHttps.getPropertyValues().addPropertyValue("portResolver", portResolver);
+		retryWithHttp.getPropertyValues().addPropertyValue("portMapper", this.portMapper);
+		retryWithHttp.getPropertyValues().addPropertyValue("portResolver", this.portResolver);
+		retryWithHttps.getPropertyValues().addPropertyValue("portMapper", this.portMapper);
+		retryWithHttps.getPropertyValues().addPropertyValue("portResolver", this.portResolver);
 		secureChannelProcessor.getPropertyValues().addPropertyValue("entryPoint", retryWithHttps);
 		RootBeanDefinition inSecureChannelProcessor = new RootBeanDefinition(InsecureChannelProcessor.class);
 		inSecureChannelProcessor.getPropertyValues().addPropertyValue("entryPoint", retryWithHttp);
@@ -621,9 +622,9 @@ class HttpConfigurationBuilder {
 		channelProcessors.add(inSecureChannelProcessor);
 		channelDecisionManager.getPropertyValues().addPropertyValue("channelProcessors", channelProcessors);
 
-		String id = pc.getReaderContext().registerWithGeneratedName(channelDecisionManager);
+		String id = this.pc.getReaderContext().registerWithGeneratedName(channelDecisionManager);
 		channelFilter.getPropertyValues().addPropertyValue("channelDecisionManager", new RuntimeBeanReference(id));
-		cpf = channelFilter;
+		this.cpf = channelFilter;
 	}
 
 	/**
@@ -635,21 +636,21 @@ class HttpConfigurationBuilder {
 
 		ManagedMap<BeanMetadataElement, BeanDefinition> channelRequestMap = new ManagedMap<>();
 
-		for (Element urlElt : interceptUrls) {
+		for (Element urlElt : this.interceptUrls) {
 			String path = urlElt.getAttribute(ATT_PATH_PATTERN);
 			String method = urlElt.getAttribute(ATT_HTTP_METHOD);
 			String matcherRef = urlElt.getAttribute(ATT_REQUEST_MATCHER_REF);
 			boolean hasMatcherRef = StringUtils.hasText(matcherRef);
 
 			if (!hasMatcherRef && !StringUtils.hasText(path)) {
-				pc.getReaderContext().error("pattern attribute cannot be empty or null", urlElt);
+				this.pc.getReaderContext().error("pattern attribute cannot be empty or null", urlElt);
 			}
 
 			String requiredChannel = urlElt.getAttribute(ATT_REQUIRES_CHANNEL);
 
 			if (StringUtils.hasText(requiredChannel)) {
 				BeanMetadataElement matcher = hasMatcherRef ? new RuntimeBeanReference(matcherRef)
-						: matcherType.createMatcher(pc, path, method);
+						: this.matcherType.createMatcher(this.pc, path, method);
 
 				RootBeanDefinition channelAttributes = new RootBeanDefinition(ChannelAttributeFactory.class);
 				channelAttributes.getConstructorArgumentValues().addGenericArgumentValue(requiredChannel);
@@ -663,23 +664,23 @@ class HttpConfigurationBuilder {
 	}
 
 	private void createRequestCacheFilter() {
-		Element requestCacheElt = DomUtils.getChildElementByTagName(httpElt, Elements.REQUEST_CACHE);
+		Element requestCacheElt = DomUtils.getChildElementByTagName(this.httpElt, Elements.REQUEST_CACHE);
 
 		if (requestCacheElt != null) {
-			requestCache = new RuntimeBeanReference(requestCacheElt.getAttribute(ATT_REF));
+			this.requestCache = new RuntimeBeanReference(requestCacheElt.getAttribute(ATT_REF));
 		}
 		else {
 			BeanDefinitionBuilder requestCacheBldr;
 
-			if (sessionPolicy == SessionCreationPolicy.STATELESS) {
+			if (this.sessionPolicy == SessionCreationPolicy.STATELESS) {
 				requestCacheBldr = BeanDefinitionBuilder.rootBeanDefinition(NullRequestCache.class);
 			}
 			else {
 				requestCacheBldr = BeanDefinitionBuilder.rootBeanDefinition(HttpSessionRequestCache.class);
 				requestCacheBldr.addPropertyValue("createSessionAllowed",
-						sessionPolicy == SessionCreationPolicy.IF_REQUIRED);
-				requestCacheBldr.addPropertyValue("portResolver", portResolver);
-				if (csrfFilter != null) {
+						this.sessionPolicy == SessionCreationPolicy.IF_REQUIRED);
+				requestCacheBldr.addPropertyValue("portResolver", this.portResolver);
+				if (this.csrfFilter != null) {
 					BeanDefinitionBuilder requestCacheMatcherBldr = BeanDefinitionBuilder
 							.rootBeanDefinition(AntPathRequestMatcher.class);
 					requestCacheMatcherBldr.addConstructorArgValue("/**");
@@ -689,20 +690,20 @@ class HttpConfigurationBuilder {
 			}
 
 			BeanDefinition bean = requestCacheBldr.getBeanDefinition();
-			String id = pc.getReaderContext().generateBeanName(bean);
-			pc.registerBeanComponent(new BeanComponentDefinition(bean, id));
+			String id = this.pc.getReaderContext().generateBeanName(bean);
+			this.pc.registerBeanComponent(new BeanComponentDefinition(bean, id));
 
 			this.requestCache = new RuntimeBeanReference(id);
 		}
 
-		requestCacheAwareFilter = new RootBeanDefinition(RequestCacheAwareFilter.class);
-		requestCacheAwareFilter.getConstructorArgumentValues().addGenericArgumentValue(requestCache);
+		this.requestCacheAwareFilter = new RootBeanDefinition(RequestCacheAwareFilter.class);
+		this.requestCacheAwareFilter.getConstructorArgumentValues().addGenericArgumentValue(this.requestCache);
 	}
 
 	private void createFilterSecurityInterceptor(BeanReference authManager) {
-		boolean useExpressions = FilterInvocationSecurityMetadataSourceParser.isUseExpressions(httpElt);
+		boolean useExpressions = FilterInvocationSecurityMetadataSourceParser.isUseExpressions(this.httpElt);
 		RootBeanDefinition securityMds = FilterInvocationSecurityMetadataSourceParser
-				.createSecurityMetadataSource(interceptUrls, addAllAuth, httpElt, pc);
+				.createSecurityMetadataSource(this.interceptUrls, this.addAllAuth, this.httpElt, this.pc);
 
 		RootBeanDefinition accessDecisionMgr;
 		ManagedList<BeanDefinition> voters = new ManagedList<>(2);
@@ -718,20 +719,20 @@ class HttpConfigurationBuilder {
 			voters.add(expressionVoter.getBeanDefinition());
 		}
 		else {
-			voters.add(
-					GrantedAuthorityDefaultsParserUtils.registerWithDefaultRolePrefix(pc, RoleVoterBeanFactory.class));
+			voters.add(GrantedAuthorityDefaultsParserUtils.registerWithDefaultRolePrefix(this.pc,
+					RoleVoterBeanFactory.class));
 			voters.add(new RootBeanDefinition(AuthenticatedVoter.class));
 		}
 		accessDecisionMgr = new RootBeanDefinition(AffirmativeBased.class);
 		accessDecisionMgr.getConstructorArgumentValues().addGenericArgumentValue(voters);
-		accessDecisionMgr.setSource(pc.extractSource(httpElt));
+		accessDecisionMgr.setSource(this.pc.extractSource(this.httpElt));
 
 		// Set up the access manager reference for http
-		String accessManagerId = httpElt.getAttribute(ATT_ACCESS_MGR);
+		String accessManagerId = this.httpElt.getAttribute(ATT_ACCESS_MGR);
 
 		if (!StringUtils.hasText(accessManagerId)) {
-			accessManagerId = pc.getReaderContext().generateBeanName(accessDecisionMgr);
-			pc.registerBeanComponent(new BeanComponentDefinition(accessDecisionMgr, accessManagerId));
+			accessManagerId = this.pc.getReaderContext().generateBeanName(accessDecisionMgr);
+			this.pc.registerBeanComponent(new BeanComponentDefinition(accessDecisionMgr, accessManagerId));
 		}
 
 		BeanDefinitionBuilder builder = BeanDefinitionBuilder.rootBeanDefinition(FilterSecurityInterceptor.class);
@@ -739,28 +740,29 @@ class HttpConfigurationBuilder {
 		builder.addPropertyReference("accessDecisionManager", accessManagerId);
 		builder.addPropertyValue("authenticationManager", authManager);
 
-		if ("false".equals(httpElt.getAttribute(ATT_ONCE_PER_REQUEST))) {
+		if ("false".equals(this.httpElt.getAttribute(ATT_ONCE_PER_REQUEST))) {
 			builder.addPropertyValue("observeOncePerRequest", Boolean.FALSE);
 		}
 
 		builder.addPropertyValue("securityMetadataSource", securityMds);
 		BeanDefinition fsiBean = builder.getBeanDefinition();
-		String fsiId = pc.getReaderContext().generateBeanName(fsiBean);
-		pc.registerBeanComponent(new BeanComponentDefinition(fsiBean, fsiId));
+		String fsiId = this.pc.getReaderContext().generateBeanName(fsiBean);
+		this.pc.registerBeanComponent(new BeanComponentDefinition(fsiBean, fsiId));
 
 		// Create and register a DefaultWebInvocationPrivilegeEvaluator for use with
 		// taglibs etc.
 		BeanDefinition wipe = new RootBeanDefinition(DefaultWebInvocationPrivilegeEvaluator.class);
 		wipe.getConstructorArgumentValues().addGenericArgumentValue(new RuntimeBeanReference(fsiId));
 
-		pc.registerBeanComponent(new BeanComponentDefinition(wipe, pc.getReaderContext().generateBeanName(wipe)));
+		this.pc.registerBeanComponent(
+				new BeanComponentDefinition(wipe, this.pc.getReaderContext().generateBeanName(wipe)));
 
 		this.fsi = new RuntimeBeanReference(fsiId);
 	}
 
 	private void createAddHeadersFilter() {
-		Element elmt = DomUtils.getChildElementByTagName(httpElt, Elements.HEADERS);
-		this.addHeadersFilter = new HeadersBeanDefinitionParser().parse(elmt, pc);
+		Element elmt = DomUtils.getChildElementByTagName(this.httpElt, Elements.HEADERS);
+		this.addHeadersFilter = new HeadersBeanDefinitionParser().parse(elmt, this.pc);
 	}
 
 	private void createCorsFilter() {
@@ -770,17 +772,17 @@ class HttpConfigurationBuilder {
 	}
 
 	private void createCsrfFilter() {
-		Element elmt = DomUtils.getChildElementByTagName(httpElt, Elements.CSRF);
-		csrfParser = new CsrfBeanDefinitionParser();
-		csrfFilter = csrfParser.parse(elmt, pc);
+		Element elmt = DomUtils.getChildElementByTagName(this.httpElt, Elements.CSRF);
+		this.csrfParser = new CsrfBeanDefinitionParser();
+		this.csrfFilter = this.csrfParser.parse(elmt, this.pc);
 
-		if (csrfFilter == null) {
-			csrfParser = null;
+		if (this.csrfFilter == null) {
+			this.csrfParser = null;
 			return;
 		}
 
-		this.csrfAuthStrategy = csrfParser.getCsrfAuthenticationStrategy();
-		this.csrfLogoutHandler = csrfParser.getCsrfLogoutHandler();
+		this.csrfAuthStrategy = this.csrfParser.getCsrfAuthenticationStrategy();
+		this.csrfLogoutHandler = this.csrfParser.getCsrfLogoutHandler();
 	}
 
 	BeanMetadataElement getCsrfLogoutHandler() {
@@ -788,62 +790,62 @@ class HttpConfigurationBuilder {
 	}
 
 	BeanReference getSessionStrategy() {
-		return sessionStrategyRef;
+		return this.sessionStrategyRef;
 	}
 
 	SessionCreationPolicy getSessionCreationPolicy() {
-		return sessionPolicy;
+		return this.sessionPolicy;
 	}
 
 	BeanReference getRequestCache() {
-		return requestCache;
+		return this.requestCache;
 	}
 
 	List<OrderDecorator> getFilters() {
 		List<OrderDecorator> filters = new ArrayList<>();
 
-		if (cpf != null) {
-			filters.add(new OrderDecorator(cpf, CHANNEL_FILTER));
+		if (this.cpf != null) {
+			filters.add(new OrderDecorator(this.cpf, CHANNEL_FILTER));
 		}
 
-		if (concurrentSessionFilter != null) {
-			filters.add(new OrderDecorator(concurrentSessionFilter, CONCURRENT_SESSION_FILTER));
+		if (this.concurrentSessionFilter != null) {
+			filters.add(new OrderDecorator(this.concurrentSessionFilter, CONCURRENT_SESSION_FILTER));
 		}
 
-		if (webAsyncManagerFilter != null) {
-			filters.add(new OrderDecorator(webAsyncManagerFilter, WEB_ASYNC_MANAGER_FILTER));
+		if (this.webAsyncManagerFilter != null) {
+			filters.add(new OrderDecorator(this.webAsyncManagerFilter, WEB_ASYNC_MANAGER_FILTER));
 		}
 
-		filters.add(new OrderDecorator(securityContextPersistenceFilter, SECURITY_CONTEXT_FILTER));
+		filters.add(new OrderDecorator(this.securityContextPersistenceFilter, SECURITY_CONTEXT_FILTER));
 
-		if (servApiFilter != null) {
-			filters.add(new OrderDecorator(servApiFilter, SERVLET_API_SUPPORT_FILTER));
+		if (this.servApiFilter != null) {
+			filters.add(new OrderDecorator(this.servApiFilter, SERVLET_API_SUPPORT_FILTER));
 		}
 
-		if (jaasApiFilter != null) {
-			filters.add(new OrderDecorator(jaasApiFilter, JAAS_API_SUPPORT_FILTER));
+		if (this.jaasApiFilter != null) {
+			filters.add(new OrderDecorator(this.jaasApiFilter, JAAS_API_SUPPORT_FILTER));
 		}
 
-		if (sfpf != null) {
-			filters.add(new OrderDecorator(sfpf, SESSION_MANAGEMENT_FILTER));
+		if (this.sfpf != null) {
+			filters.add(new OrderDecorator(this.sfpf, SESSION_MANAGEMENT_FILTER));
 		}
 
-		filters.add(new OrderDecorator(fsi, FILTER_SECURITY_INTERCEPTOR));
+		filters.add(new OrderDecorator(this.fsi, FILTER_SECURITY_INTERCEPTOR));
 
-		if (sessionPolicy != SessionCreationPolicy.STATELESS) {
-			filters.add(new OrderDecorator(requestCacheAwareFilter, REQUEST_CACHE_FILTER));
+		if (this.sessionPolicy != SessionCreationPolicy.STATELESS) {
+			filters.add(new OrderDecorator(this.requestCacheAwareFilter, REQUEST_CACHE_FILTER));
 		}
 
 		if (this.corsFilter != null) {
 			filters.add(new OrderDecorator(this.corsFilter, CORS_FILTER));
 		}
 
-		if (addHeadersFilter != null) {
-			filters.add(new OrderDecorator(addHeadersFilter, HEADERS_FILTER));
+		if (this.addHeadersFilter != null) {
+			filters.add(new OrderDecorator(this.addHeadersFilter, HEADERS_FILTER));
 		}
 
-		if (csrfFilter != null) {
-			filters.add(new OrderDecorator(csrfFilter, CSRF_FILTER));
+		if (this.csrfFilter != null) {
+			filters.add(new OrderDecorator(this.csrfFilter, CSRF_FILTER));
 		}
 
 		return filters;
@@ -854,8 +856,8 @@ class HttpConfigurationBuilder {
 		private RoleVoter voter = new RoleVoter();
 
 		public RoleVoter getBean() {
-			voter.setRolePrefix(this.rolePrefix);
-			return voter;
+			this.voter.setRolePrefix(this.rolePrefix);
+			return this.voter;
 		}
 
 	}
@@ -866,8 +868,8 @@ class HttpConfigurationBuilder {
 		private SecurityContextHolderAwareRequestFilter filter = new SecurityContextHolderAwareRequestFilter();
 
 		public SecurityContextHolderAwareRequestFilter getBean() {
-			filter.setRolePrefix(this.rolePrefix);
-			return filter;
+			this.filter.setRolePrefix(this.rolePrefix);
+			return this.filter;
 		}
 
 	}
diff --git a/config/src/main/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParser.java
index acaa187f45..9ffa600d88 100644
--- a/config/src/main/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParser.java
@@ -448,12 +448,12 @@ class OrderDecorator implements Ordered {
 
 	@Override
 	public int getOrder() {
-		return order;
+		return this.order;
 	}
 
 	@Override
 	public String toString() {
-		return bean + ", order = " + order;
+		return this.bean + ", order = " + this.order;
 	}
 
 }
diff --git a/config/src/main/java/org/springframework/security/config/http/LogoutBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/LogoutBeanDefinitionParser.java
index 36b7662e5a..55ec0df211 100644
--- a/config/src/main/java/org/springframework/security/config/http/LogoutBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/LogoutBeanDefinitionParser.java
@@ -60,7 +60,7 @@ class LogoutBeanDefinitionParser implements BeanDefinitionParser {
 		this.rememberMeServices = rememberMeServices;
 		this.csrfEnabled = csrfLogoutHandler != null;
 		if (this.csrfEnabled) {
-			logoutHandlers.add(csrfLogoutHandler);
+			this.logoutHandlers.add(csrfLogoutHandler);
 		}
 	}
 
@@ -102,29 +102,29 @@ class LogoutBeanDefinitionParser implements BeanDefinitionParser {
 		else {
 			// Use the logout URL if no handler set
 			if (!StringUtils.hasText(logoutSuccessUrl)) {
-				logoutSuccessUrl = defaultLogoutUrl;
+				logoutSuccessUrl = this.defaultLogoutUrl;
 			}
 			builder.addConstructorArgValue(logoutSuccessUrl);
 		}
 
 		BeanDefinition sclh = new RootBeanDefinition(SecurityContextLogoutHandler.class);
 		sclh.getPropertyValues().addPropertyValue("invalidateHttpSession", !"false".equals(invalidateSession));
-		logoutHandlers.add(sclh);
+		this.logoutHandlers.add(sclh);
 
-		if (rememberMeServices != null) {
-			logoutHandlers.add(new RuntimeBeanReference(rememberMeServices));
+		if (this.rememberMeServices != null) {
+			this.logoutHandlers.add(new RuntimeBeanReference(this.rememberMeServices));
 		}
 
 		if (StringUtils.hasText(deleteCookies)) {
 			BeanDefinition cookieDeleter = new RootBeanDefinition(CookieClearingLogoutHandler.class);
 			String[] names = StringUtils.tokenizeToStringArray(deleteCookies, ",");
 			cookieDeleter.getConstructorArgumentValues().addGenericArgumentValue(names);
-			logoutHandlers.add(cookieDeleter);
+			this.logoutHandlers.add(cookieDeleter);
 		}
 
-		logoutHandlers.add(new RootBeanDefinition(LogoutSuccessEventPublishingLogoutHandler.class));
+		this.logoutHandlers.add(new RootBeanDefinition(LogoutSuccessEventPublishingLogoutHandler.class));
 
-		builder.addConstructorArgValue(logoutHandlers);
+		builder.addConstructorArgValue(this.logoutHandlers);
 
 		return builder.getBeanDefinition();
 	}
@@ -141,7 +141,7 @@ class LogoutBeanDefinitionParser implements BeanDefinitionParser {
 	}
 
 	ManagedList<BeanMetadataElement> getLogoutHandlers() {
-		return logoutHandlers;
+		return this.logoutHandlers;
 	}
 
 }
diff --git a/config/src/main/java/org/springframework/security/config/http/MatcherType.java b/config/src/main/java/org/springframework/security/config/http/MatcherType.java
index 2858ef0414..a3444624a8 100644
--- a/config/src/main/java/org/springframework/security/config/http/MatcherType.java
+++ b/config/src/main/java/org/springframework/security/config/http/MatcherType.java
@@ -58,7 +58,7 @@ public enum MatcherType {
 			return new RootBeanDefinition(AnyRequestMatcher.class);
 		}
 
-		BeanDefinitionBuilder matcherBldr = BeanDefinitionBuilder.rootBeanDefinition(type);
+		BeanDefinitionBuilder matcherBldr = BeanDefinitionBuilder.rootBeanDefinition(this.type);
 
 		if (this == mvc) {
 			matcherBldr.addConstructorArgValue(new RootBeanDefinition(HandlerMappingIntrospectorFactoryBean.class));
diff --git a/config/src/main/java/org/springframework/security/config/http/OAuth2LoginBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/OAuth2LoginBeanDefinitionParser.java
index 7ae4e76a72..c99d48c0a1 100644
--- a/config/src/main/java/org/springframework/security/config/http/OAuth2LoginBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/OAuth2LoginBeanDefinitionParser.java
@@ -167,8 +167,9 @@ final class OAuth2LoginBeanDefinitionParser implements BeanDefinitionParser {
 				.addConstructorArgValue(clientRegistrationRepository).addConstructorArgValue(authorizedClientRepository)
 				.addPropertyValue("authorizationRequestRepository", authorizationRequestRepository);
 
-		if (sessionStrategy != null) {
-			oauth2LoginAuthenticationFilterBuilder.addPropertyValue("sessionAuthenticationStrategy", sessionStrategy);
+		if (this.sessionStrategy != null) {
+			oauth2LoginAuthenticationFilterBuilder.addPropertyValue("sessionAuthenticationStrategy",
+					this.sessionStrategy);
 		}
 
 		Object source = parserContext.extractSource(element);
@@ -192,9 +193,9 @@ final class OAuth2LoginBeanDefinitionParser implements BeanDefinitionParser {
 					userAuthoritiesMapperRef);
 		}
 
-		oauth2LoginAuthenticationProvider = oauth2LoginAuthenticationProviderBuilder.getBeanDefinition();
+		this.oauth2LoginAuthenticationProvider = oauth2LoginAuthenticationProviderBuilder.getBeanDefinition();
 
-		oauth2LoginOidcAuthenticationProvider = getOidcAuthProvider(element, accessTokenResponseClient,
+		this.oauth2LoginOidcAuthenticationProvider = getOidcAuthProvider(element, accessTokenResponseClient,
 				userAuthoritiesMapperRef);
 
 		BeanDefinitionBuilder oauth2AuthorizationRequestRedirectFilterBuilder = BeanDefinitionBuilder
@@ -210,8 +211,9 @@ final class OAuth2LoginBeanDefinitionParser implements BeanDefinitionParser {
 
 		oauth2AuthorizationRequestRedirectFilterBuilder
 				.addPropertyValue("authorizationRequestRepository", authorizationRequestRepository)
-				.addPropertyValue("requestCache", requestCache);
-		oauth2AuthorizationRequestRedirectFilter = oauth2AuthorizationRequestRedirectFilterBuilder.getBeanDefinition();
+				.addPropertyValue("requestCache", this.requestCache);
+		this.oauth2AuthorizationRequestRedirectFilter = oauth2AuthorizationRequestRedirectFilterBuilder
+				.getBeanDefinition();
 
 		String authenticationSuccessHandlerRef = element.getAttribute(ATT_AUTHENTICATION_SUCCESS_HANDLER_REF);
 		if (!StringUtils.isEmpty(authenticationSuccessHandlerRef)) {
@@ -221,7 +223,7 @@ final class OAuth2LoginBeanDefinitionParser implements BeanDefinitionParser {
 		else {
 			BeanDefinitionBuilder successHandlerBuilder = BeanDefinitionBuilder.rootBeanDefinition(
 					"org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler")
-					.addPropertyValue("requestCache", requestCache);
+					.addPropertyValue("requestCache", this.requestCache);
 			oauth2LoginAuthenticationFilterBuilder.addPropertyValue("authenticationSuccessHandler",
 					successHandlerBuilder.getBeanDefinition());
 		}
@@ -229,15 +231,15 @@ final class OAuth2LoginBeanDefinitionParser implements BeanDefinitionParser {
 		String loginPage = element.getAttribute(ATT_LOGIN_PAGE);
 		if (!StringUtils.isEmpty(loginPage)) {
 			WebConfigUtils.validateHttpRedirect(loginPage, parserContext, source);
-			oauth2LoginAuthenticationEntryPoint = BeanDefinitionBuilder
+			this.oauth2LoginAuthenticationEntryPoint = BeanDefinitionBuilder
 					.rootBeanDefinition(LoginUrlAuthenticationEntryPoint.class).addConstructorArgValue(loginPage)
-					.addPropertyValue("portMapper", portMapper).addPropertyValue("portResolver", portResolver)
+					.addPropertyValue("portMapper", this.portMapper).addPropertyValue("portResolver", this.portResolver)
 					.getBeanDefinition();
 		}
 		else {
 			Map<RequestMatcher, AuthenticationEntryPoint> entryPoint = getLoginEntryPoint(element);
 			if (entryPoint != null) {
-				oauth2LoginAuthenticationEntryPoint = BeanDefinitionBuilder
+				this.oauth2LoginAuthenticationEntryPoint = BeanDefinitionBuilder
 						.rootBeanDefinition(DelegatingAuthenticationEntryPoint.class).addConstructorArgValue(entryPoint)
 						.addPropertyValue("defaultEntryPoint", new LoginUrlAuthenticationEntryPoint(DEFAULT_LOGIN_URI))
 						.getBeanDefinition();
@@ -254,13 +256,13 @@ final class OAuth2LoginBeanDefinitionParser implements BeanDefinitionParser {
 					"org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler");
 			failureHandlerBuilder.addConstructorArgValue(
 					DEFAULT_LOGIN_URI + "?" + DefaultLoginPageGeneratingFilter.ERROR_PARAMETER_NAME);
-			failureHandlerBuilder.addPropertyValue("allowSessionCreation", allowSessionCreation);
+			failureHandlerBuilder.addPropertyValue("allowSessionCreation", this.allowSessionCreation);
 			oauth2LoginAuthenticationFilterBuilder.addPropertyValue("authenticationFailureHandler",
 					failureHandlerBuilder.getBeanDefinition());
 		}
 
 		// prepare loginlinks
-		oauth2LoginLinks = BeanDefinitionBuilder.rootBeanDefinition(Map.class)
+		this.oauth2LoginLinks = BeanDefinitionBuilder.rootBeanDefinition(Map.class)
 				.setFactoryMethodOnBean("getLoginLinks", oauth2LoginBeanConfigId).getBeanDefinition();
 
 		return oauth2LoginAuthenticationFilterBuilder.getBeanDefinition();
@@ -354,23 +356,23 @@ final class OAuth2LoginBeanDefinitionParser implements BeanDefinitionParser {
 	}
 
 	BeanDefinition getOAuth2AuthorizationRequestRedirectFilter() {
-		return oauth2AuthorizationRequestRedirectFilter;
+		return this.oauth2AuthorizationRequestRedirectFilter;
 	}
 
 	BeanDefinition getOAuth2LoginAuthenticationEntryPoint() {
-		return oauth2LoginAuthenticationEntryPoint;
+		return this.oauth2LoginAuthenticationEntryPoint;
 	}
 
 	BeanDefinition getOAuth2LoginAuthenticationProvider() {
-		return oauth2LoginAuthenticationProvider;
+		return this.oauth2LoginAuthenticationProvider;
 	}
 
 	BeanDefinition getOAuth2LoginOidcAuthenticationProvider() {
-		return oauth2LoginOidcAuthenticationProvider;
+		return this.oauth2LoginOidcAuthenticationProvider;
 	}
 
 	BeanDefinition getOAuth2LoginLinks() {
-		return oauth2LoginLinks;
+		return this.oauth2LoginLinks;
 	}
 
 	private Map<RequestMatcher, AuthenticationEntryPoint> getLoginEntryPoint(Element element) {
@@ -456,7 +458,7 @@ final class OAuth2LoginBeanDefinitionParser implements BeanDefinitionParser {
 		@SuppressWarnings({ "unchecked", "unused" })
 		public Map<String, String> getLoginLinks() {
 			Iterable<ClientRegistration> clientRegistrations = null;
-			ClientRegistrationRepository clientRegistrationRepository = context
+			ClientRegistrationRepository clientRegistrationRepository = this.context
 					.getBean(ClientRegistrationRepository.class);
 			ResolvableType type = ResolvableType.forInstance(clientRegistrationRepository).as(Iterable.class);
 			if (type != ResolvableType.NONE && ClientRegistration.class.isAssignableFrom(type.resolveGenerics()[0])) {
diff --git a/config/src/main/java/org/springframework/security/config/http/RememberMeBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/RememberMeBeanDefinitionParser.java
index d753f36bfd..82ae2cf36e 100644
--- a/config/src/main/java/org/springframework/security/config/http/RememberMeBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/RememberMeBeanDefinitionParser.java
@@ -136,7 +136,7 @@ class RememberMeBeanDefinitionParser implements BeanDefinitionParser {
 			uds.setFactoryMethodName("cachingUserDetailsService");
 			uds.getConstructorArgumentValues().addGenericArgumentValue(userServiceRef);
 
-			services.getConstructorArgumentValues().addGenericArgumentValue(key);
+			services.getConstructorArgumentValues().addGenericArgumentValue(this.key);
 			services.getConstructorArgumentValues().addGenericArgumentValue(uds);
 			// tokenRepo is already added if it is a
 			// PersistentTokenBasedRememberMeServices
@@ -183,7 +183,7 @@ class RememberMeBeanDefinitionParser implements BeanDefinitionParser {
 			filter.addPropertyReference("authenticationSuccessHandler", successHandlerRef);
 		}
 
-		filter.addConstructorArgValue(authenticationManager);
+		filter.addConstructorArgValue(this.authenticationManager);
 		filter.addConstructorArgReference(servicesName);
 
 		pc.popAndRegisterContainingComponent();
diff --git a/config/src/main/java/org/springframework/security/config/http/UserDetailsServiceFactoryBean.java b/config/src/main/java/org/springframework/security/config/http/UserDetailsServiceFactoryBean.java
index 50c7fbfd6b..c39b7ba054 100644
--- a/config/src/main/java/org/springframework/security/config/http/UserDetailsServiceFactoryBean.java
+++ b/config/src/main/java/org/springframework/security/config/http/UserDetailsServiceFactoryBean.java
@@ -46,7 +46,7 @@ public class UserDetailsServiceFactoryBean implements ApplicationContextAware {
 			return getUserDetailsService();
 		}
 
-		return (UserDetailsService) beanFactory.getBean(id);
+		return (UserDetailsService) this.beanFactory.getBean(id);
 	}
 
 	UserDetailsService cachingUserDetailsService(String id) {
@@ -56,11 +56,11 @@ public class UserDetailsServiceFactoryBean implements ApplicationContextAware {
 		// Overwrite with the caching version if available
 		String cachingId = id + AbstractUserDetailsServiceBeanDefinitionParser.CACHING_SUFFIX;
 
-		if (beanFactory.containsBeanDefinition(cachingId)) {
-			return (UserDetailsService) beanFactory.getBean(cachingId);
+		if (this.beanFactory.containsBeanDefinition(cachingId)) {
+			return (UserDetailsService) this.beanFactory.getBean(cachingId);
 		}
 
-		return (UserDetailsService) beanFactory.getBean(id);
+		return (UserDetailsService) this.beanFactory.getBean(id);
 	}
 
 	@SuppressWarnings("unchecked")
@@ -81,7 +81,7 @@ public class UserDetailsServiceFactoryBean implements ApplicationContextAware {
 			uds = getUserDetailsService();
 		}
 		else {
-			Object bean = beanFactory.getBean(name);
+			Object bean = this.beanFactory.getBean(name);
 
 			if (bean instanceof AuthenticationUserDetailsService) {
 				return (AuthenticationUserDetailsService) bean;
@@ -131,11 +131,11 @@ public class UserDetailsServiceFactoryBean implements ApplicationContextAware {
 	}
 
 	private Map<String, ?> getBeansOfType(Class<?> type) {
-		Map<String, ?> beans = beanFactory.getBeansOfType(type);
+		Map<String, ?> beans = this.beanFactory.getBeansOfType(type);
 
 		// Check ancestor bean factories if they exist and the current one has none of the
 		// required type
-		BeanFactory parent = beanFactory.getParentBeanFactory();
+		BeanFactory parent = this.beanFactory.getParentBeanFactory();
 		while (parent != null && beans.size() == 0) {
 			if (parent instanceof ListableBeanFactory) {
 				beans = ((ListableBeanFactory) parent).getBeansOfType(type);
diff --git a/config/src/main/java/org/springframework/security/config/ldap/ContextSourceSettingPostProcessor.java b/config/src/main/java/org/springframework/security/config/ldap/ContextSourceSettingPostProcessor.java
index 9216cbd9d8..06566efae8 100644
--- a/config/src/main/java/org/springframework/security/config/ldap/ContextSourceSettingPostProcessor.java
+++ b/config/src/main/java/org/springframework/security/config/ldap/ContextSourceSettingPostProcessor.java
@@ -65,7 +65,7 @@ class ContextSourceSettingPostProcessor implements BeanFactoryPostProcessor, Ord
 					+ "declared an explicit bean, do not use lazy-init");
 		}
 
-		if (!bf.containsBean(BeanIds.CONTEXT_SOURCE) && defaultNameRequired) {
+		if (!bf.containsBean(BeanIds.CONTEXT_SOURCE) && this.defaultNameRequired) {
 			if (sources.length > 1) {
 				throw new ApplicationContextException("More than one BaseLdapPathContextSource instance found. "
 						+ "Please specify a specific server id using the 'server-ref' attribute when configuring your <"
diff --git a/config/src/main/java/org/springframework/security/config/ldap/LdapProviderBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/ldap/LdapProviderBeanDefinitionParser.java
index 0246f1333f..cce4c06c39 100644
--- a/config/src/main/java/org/springframework/security/config/ldap/LdapProviderBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/ldap/LdapProviderBeanDefinitionParser.java
@@ -65,7 +65,7 @@ public class LdapProviderBeanDefinitionParser implements BeanDefinitionParser {
 			// TODO: Validate the pattern and make sure it is a valid DN.
 		}
 		else if (searchBean == null) {
-			logger.info("No search information or DN pattern specified. Using default search filter '"
+			this.logger.info("No search information or DN pattern specified. Using default search filter '"
 					+ DEF_USER_SEARCH_FILTER + "'");
 			BeanDefinitionBuilder searchBeanBuilder = BeanDefinitionBuilder
 					.rootBeanDefinition(LdapUserServiceBeanDefinitionParser.LDAP_SEARCH_CLASS);
diff --git a/config/src/main/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParser.java
index 050550c0e2..3fe5515568 100644
--- a/config/src/main/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParser.java
@@ -186,7 +186,8 @@ public class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionP
 						: expressionHandlerElt.getAttribute("ref");
 
 				if (StringUtils.hasText(expressionHandlerRef)) {
-					logger.info("Using bean '" + expressionHandlerRef + "' as method ExpressionHandler implementation");
+					this.logger.info(
+							"Using bean '" + expressionHandlerRef + "' as method ExpressionHandler implementation");
 					RootBeanDefinition lazyInitPP = new RootBeanDefinition(
 							LazyInitBeanDefinitionRegistryPostProcessor.class);
 					lazyInitPP.getConstructorArgumentValues().addGenericArgumentValue(expressionHandlerRef);
@@ -215,7 +216,7 @@ public class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionP
 
 					expressionHandlerRef = pc.getReaderContext().generateBeanName(expressionHandler);
 					pc.registerBeanComponent(new BeanComponentDefinition(expressionHandler, expressionHandlerRef));
-					logger.info(
+					this.logger.info(
 							"Expressions were enabled for method security but no SecurityExpressionHandler was configured. "
 									+ "All hasPermission() expressions will evaluate to false.");
 				}
@@ -485,11 +486,12 @@ public class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionP
 		}
 
 		public Authentication authenticate(Authentication authentication) throws AuthenticationException {
-			synchronized (delegateMonitor) {
-				if (delegate == null) {
-					Assert.state(beanFactory != null, () -> "BeanFactory must be set to resolve " + authMgrBean);
+			synchronized (this.delegateMonitor) {
+				if (this.delegate == null) {
+					Assert.state(this.beanFactory != null,
+							() -> "BeanFactory must be set to resolve " + this.authMgrBean);
 					try {
-						delegate = beanFactory.getBean(authMgrBean, AuthenticationManager.class);
+						this.delegate = this.beanFactory.getBean(this.authMgrBean, AuthenticationManager.class);
 					}
 					catch (NoSuchBeanDefinitionException e) {
 						if (BeanIds.AUTHENTICATION_MANAGER.equals(e.getBeanName())) {
@@ -501,7 +503,7 @@ public class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionP
 				}
 			}
 
-			return delegate.authenticate(authentication);
+			return this.delegate.authenticate(authentication);
 		}
 
 		public void setBeanFactory(BeanFactory beanFactory) throws BeansException {
@@ -515,8 +517,8 @@ public class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionP
 		private Jsr250MethodSecurityMetadataSource source = new Jsr250MethodSecurityMetadataSource();
 
 		public Jsr250MethodSecurityMetadataSource getBean() {
-			source.setDefaultRolePrefix(this.rolePrefix);
-			return source;
+			this.source.setDefaultRolePrefix(this.rolePrefix);
+			return this.source;
 		}
 
 	}
@@ -526,8 +528,8 @@ public class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionP
 		private DefaultMethodSecurityExpressionHandler handler = new DefaultMethodSecurityExpressionHandler();
 
 		public DefaultMethodSecurityExpressionHandler getBean() {
-			handler.setDefaultRolePrefix(this.rolePrefix);
-			return handler;
+			this.handler.setDefaultRolePrefix(this.rolePrefix);
+			return this.handler;
 		}
 
 	}
@@ -566,10 +568,10 @@ public class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionP
 		}
 
 		public void postProcessBeanDefinitionRegistry(BeanDefinitionRegistry registry) throws BeansException {
-			if (!registry.containsBeanDefinition(beanName)) {
+			if (!registry.containsBeanDefinition(this.beanName)) {
 				return;
 			}
-			BeanDefinition beanDefinition = registry.getBeanDefinition(beanName);
+			BeanDefinition beanDefinition = registry.getBeanDefinition(this.beanName);
 			beanDefinition.setLazyInit(true);
 		}
 
diff --git a/config/src/main/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecorator.java b/config/src/main/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecorator.java
index 171e01fed2..77eade5729 100644
--- a/config/src/main/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecorator.java
+++ b/config/src/main/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecorator.java
@@ -50,7 +50,7 @@ public class InterceptMethodsBeanDefinitionDecorator implements BeanDefinitionDe
 	public BeanDefinitionHolder decorate(Node node, BeanDefinitionHolder definition, ParserContext parserContext) {
 		MethodConfigUtils.registerDefaultMethodAccessManagerIfNecessary(parserContext);
 
-		return delegate.decorate(node, definition, parserContext);
+		return this.delegate.decorate(node, definition, parserContext);
 	}
 
 }
diff --git a/config/src/main/java/org/springframework/security/config/method/ProtectPointcutPostProcessor.java b/config/src/main/java/org/springframework/security/config/method/ProtectPointcutPostProcessor.java
index 23b75e2817..59cb2d951b 100644
--- a/config/src/main/java/org/springframework/security/config/method/ProtectPointcutPostProcessor.java
+++ b/config/src/main/java/org/springframework/security/config/method/ProtectPointcutPostProcessor.java
@@ -94,8 +94,9 @@ final class ProtectPointcutPostProcessor implements BeanPostProcessor {
 		// supportedPrimitives.add(PointcutPrimitive.AT_WITHIN);
 		// supportedPrimitives.add(PointcutPrimitive.AT_ARGS);
 		// supportedPrimitives.add(PointcutPrimitive.AT_TARGET);
-		parser = PointcutParser.getPointcutParserSupportingSpecifiedPrimitivesAndUsingContextClassloaderForResolution(
-				supportedPrimitives);
+		this.parser = PointcutParser
+				.getPointcutParserSupportingSpecifiedPrimitivesAndUsingContextClassloaderForResolution(
+						supportedPrimitives);
 	}
 
 	public Object postProcessAfterInitialization(Object bean, String beanName) throws BeansException {
@@ -103,14 +104,14 @@ final class ProtectPointcutPostProcessor implements BeanPostProcessor {
 	}
 
 	public Object postProcessBeforeInitialization(Object bean, String beanName) throws BeansException {
-		if (processedBeans.contains(beanName)) {
+		if (this.processedBeans.contains(beanName)) {
 			// We already have the metadata for this bean
 			return bean;
 		}
 
-		synchronized (processedBeans) {
+		synchronized (this.processedBeans) {
 			// check again synchronized this time
-			if (processedBeans.contains(beanName)) {
+			if (this.processedBeans.contains(beanName)) {
 				return bean;
 			}
 
@@ -126,7 +127,7 @@ final class ProtectPointcutPostProcessor implements BeanPostProcessor {
 			// Check to see if any of those methods are compatible with our pointcut
 			// expressions
 			for (Method method : methods) {
-				for (PointcutExpression expression : pointCutExpressions) {
+				for (PointcutExpression expression : this.pointCutExpressions) {
 					// Try for the bean class directly
 					if (attemptMatch(bean.getClass(), method, expression, beanName)) {
 						// We've found the first expression that matches this method, so
@@ -136,7 +137,7 @@ final class ProtectPointcutPostProcessor implements BeanPostProcessor {
 				}
 			}
 
-			processedBeans.add(beanName);
+			this.processedBeans.add(beanName);
 		}
 
 		return bean;
@@ -148,7 +149,7 @@ final class ProtectPointcutPostProcessor implements BeanPostProcessor {
 
 		// Handle accordingly
 		if (matches) {
-			List<ConfigAttribute> attr = pointcutMap.get(expression.getPointcutExpression());
+			List<ConfigAttribute> attr = this.pointcutMap.get(expression.getPointcutExpression());
 
 			if (logger.isDebugEnabled()) {
 				logger.debug("AspectJ pointcut expression '" + expression.getPointcutExpression()
@@ -157,7 +158,7 @@ final class ProtectPointcutPostProcessor implements BeanPostProcessor {
 						+ "'");
 			}
 
-			mapBasedMethodSecurityMetadataSource.addSecureMethod(targetClass, method, attr);
+			this.mapBasedMethodSecurityMetadataSource.addSecureMethod(targetClass, method, attr);
 		}
 
 		return matches;
@@ -175,9 +176,9 @@ final class ProtectPointcutPostProcessor implements BeanPostProcessor {
 		Assert.hasText(pointcutExpression, "An AspectJ pointcut expression is required");
 		Assert.notNull(definition, "A List of ConfigAttributes is required");
 		pointcutExpression = replaceBooleanOperators(pointcutExpression);
-		pointcutMap.put(pointcutExpression, definition);
+		this.pointcutMap.put(pointcutExpression, definition);
 		// Parse the presented AspectJ pointcut expression and add it to the cache
-		pointCutExpressions.add(parser.parsePointcutExpression(pointcutExpression));
+		this.pointCutExpressions.add(this.parser.parsePointcutExpression(pointcutExpression));
 
 		if (logger.isDebugEnabled()) {
 			logger.debug("AspectJ pointcut expression '" + pointcutExpression
diff --git a/config/src/main/java/org/springframework/security/config/provisioning/UserDetailsManagerResourceFactoryBean.java b/config/src/main/java/org/springframework/security/config/provisioning/UserDetailsManagerResourceFactoryBean.java
index 705ebe122f..a8c45f04d3 100644
--- a/config/src/main/java/org/springframework/security/config/provisioning/UserDetailsManagerResourceFactoryBean.java
+++ b/config/src/main/java/org/springframework/security/config/provisioning/UserDetailsManagerResourceFactoryBean.java
@@ -42,7 +42,7 @@ public class UserDetailsManagerResourceFactoryBean
 
 	@Override
 	public InMemoryUserDetailsManager getObject() throws Exception {
-		Collection<UserDetails> users = userDetails.getObject();
+		Collection<UserDetails> users = this.userDetails.getObject();
 		return new InMemoryUserDetailsManager(users);
 	}
 
@@ -53,7 +53,7 @@ public class UserDetailsManagerResourceFactoryBean
 
 	@Override
 	public void setResourceLoader(ResourceLoader resourceLoader) {
-		userDetails.setResourceLoader(resourceLoader);
+		this.userDetails.setResourceLoader(resourceLoader);
 	}
 
 	/**
diff --git a/config/src/main/java/org/springframework/security/config/websocket/WebSocketMessageBrokerSecurityBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/websocket/WebSocketMessageBrokerSecurityBeanDefinitionParser.java
index 0ce21afb08..17b839be34 100644
--- a/config/src/main/java/org/springframework/security/config/websocket/WebSocketMessageBrokerSecurityBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/websocket/WebSocketMessageBrokerSecurityBeanDefinitionParser.java
@@ -276,10 +276,10 @@ public final class WebSocketMessageBrokerSecurityBeanDefinitionParser implements
 			}
 			ManagedList<Object> interceptors = new ManagedList();
 			interceptors.add(new RootBeanDefinition(SecurityContextChannelInterceptor.class));
-			if (!sameOriginDisabled) {
+			if (!this.sameOriginDisabled) {
 				interceptors.add(new RootBeanDefinition(CsrfChannelInterceptor.class));
 			}
-			interceptors.add(registry.getBeanDefinition(inboundSecurityInterceptorId));
+			interceptors.add(registry.getBeanDefinition(this.inboundSecurityInterceptorId));
 
 			BeanDefinition inboundChannel = registry.getBeanDefinition(CLIENT_INBOUND_CHANNEL_BEAN_ID);
 			PropertyValue currentInterceptorsPv = inboundChannel.getPropertyValues()
@@ -297,7 +297,7 @@ public final class WebSocketMessageBrokerSecurityBeanDefinitionParser implements
 		}
 
 		private void addCsrfTokenHandshakeInterceptor(BeanDefinition bd) {
-			if (sameOriginDisabled) {
+			if (this.sameOriginDisabled) {
 				return;
 			}
 			String interceptorPropertyName = "handshakeInterceptors";
@@ -318,31 +318,31 @@ public final class WebSocketMessageBrokerSecurityBeanDefinitionParser implements
 		private PathMatcher delegate = new AntPathMatcher();
 
 		public boolean isPattern(String path) {
-			return delegate.isPattern(path);
+			return this.delegate.isPattern(path);
 		}
 
 		public boolean match(String pattern, String path) {
-			return delegate.match(pattern, path);
+			return this.delegate.match(pattern, path);
 		}
 
 		public boolean matchStart(String pattern, String path) {
-			return delegate.matchStart(pattern, path);
+			return this.delegate.matchStart(pattern, path);
 		}
 
 		public String extractPathWithinPattern(String pattern, String path) {
-			return delegate.extractPathWithinPattern(pattern, path);
+			return this.delegate.extractPathWithinPattern(pattern, path);
 		}
 
 		public Map<String, String> extractUriTemplateVariables(String pattern, String path) {
-			return delegate.extractUriTemplateVariables(pattern, path);
+			return this.delegate.extractUriTemplateVariables(pattern, path);
 		}
 
 		public Comparator<String> getPatternComparator(String path) {
-			return delegate.getPatternComparator(path);
+			return this.delegate.getPatternComparator(path);
 		}
 
 		public String combine(String pattern1, String pattern2) {
-			return delegate.combine(pattern1, pattern2);
+			return this.delegate.combine(pattern1, pattern2);
 		}
 
 		void setPathMatcher(PathMatcher pathMatcher) {
diff --git a/config/src/test/java/org/springframework/security/BeanNameCollectingPostProcessor.java b/config/src/test/java/org/springframework/security/BeanNameCollectingPostProcessor.java
index 58a232135f..e3d2d5a466 100644
--- a/config/src/test/java/org/springframework/security/BeanNameCollectingPostProcessor.java
+++ b/config/src/test/java/org/springframework/security/BeanNameCollectingPostProcessor.java
@@ -32,24 +32,24 @@ public class BeanNameCollectingPostProcessor implements BeanPostProcessor {
 
 	public Object postProcessBeforeInitialization(Object bean, String beanName) throws BeansException {
 		if (beanName != null) {
-			beforeInitPostProcessedBeans.add(beanName);
+			this.beforeInitPostProcessedBeans.add(beanName);
 		}
 		return bean;
 	}
 
 	public Object postProcessAfterInitialization(Object bean, String beanName) throws BeansException {
 		if (beanName != null) {
-			afterInitPostProcessedBeans.add(beanName);
+			this.afterInitPostProcessedBeans.add(beanName);
 		}
 		return bean;
 	}
 
 	public Set<String> getBeforeInitPostProcessedBeans() {
-		return beforeInitPostProcessedBeans;
+		return this.beforeInitPostProcessedBeans;
 	}
 
 	public Set<String> getAfterInitPostProcessedBeans() {
-		return afterInitPostProcessedBeans;
+		return this.afterInitPostProcessedBeans;
 	}
 
 }
diff --git a/config/src/test/java/org/springframework/security/CollectingAppListener.java b/config/src/test/java/org/springframework/security/CollectingAppListener.java
index 09d61fc169..0a8140af25 100644
--- a/config/src/test/java/org/springframework/security/CollectingAppListener.java
+++ b/config/src/test/java/org/springframework/security/CollectingAppListener.java
@@ -42,33 +42,33 @@ public class CollectingAppListener implements ApplicationListener {
 
 	public void onApplicationEvent(ApplicationEvent event) {
 		if (event instanceof AbstractAuthenticationEvent) {
-			events.add(event);
-			authenticationEvents.add((AbstractAuthenticationEvent) event);
+			this.events.add(event);
+			this.authenticationEvents.add((AbstractAuthenticationEvent) event);
 		}
 		if (event instanceof AbstractAuthenticationFailureEvent) {
-			events.add(event);
-			authenticationFailureEvents.add((AbstractAuthenticationFailureEvent) event);
+			this.events.add(event);
+			this.authenticationFailureEvents.add((AbstractAuthenticationFailureEvent) event);
 		}
 		if (event instanceof AbstractAuthorizationEvent) {
-			events.add(event);
-			authorizationEvents.add((AbstractAuthorizationEvent) event);
+			this.events.add(event);
+			this.authorizationEvents.add((AbstractAuthorizationEvent) event);
 		}
 	}
 
 	public Set<ApplicationEvent> getEvents() {
-		return events;
+		return this.events;
 	}
 
 	public Set<AbstractAuthenticationEvent> getAuthenticationEvents() {
-		return authenticationEvents;
+		return this.authenticationEvents;
 	}
 
 	public Set<AbstractAuthenticationFailureEvent> getAuthenticationFailureEvents() {
-		return authenticationFailureEvents;
+		return this.authenticationFailureEvents;
 	}
 
 	public Set<AbstractAuthorizationEvent> getAuthorizationEvents() {
-		return authorizationEvents;
+		return this.authorizationEvents;
 	}
 
 }
diff --git a/config/src/test/java/org/springframework/security/config/DataSourcePopulator.java b/config/src/test/java/org/springframework/security/config/DataSourcePopulator.java
index 911f8f0738..b14c1c37ad 100644
--- a/config/src/test/java/org/springframework/security/config/DataSourcePopulator.java
+++ b/config/src/test/java/org/springframework/security/config/DataSourcePopulator.java
@@ -31,13 +31,13 @@ public class DataSourcePopulator implements InitializingBean {
 	JdbcTemplate template;
 
 	public void afterPropertiesSet() {
-		Assert.notNull(template, "dataSource required");
+		Assert.notNull(this.template, "dataSource required");
 
-		template.execute(
+		this.template.execute(
 				"CREATE TABLE USERS(USERNAME VARCHAR_IGNORECASE(50) NOT NULL PRIMARY KEY,PASSWORD VARCHAR_IGNORECASE(500) NOT NULL,ENABLED BOOLEAN NOT NULL);");
-		template.execute(
+		this.template.execute(
 				"CREATE TABLE AUTHORITIES(USERNAME VARCHAR_IGNORECASE(50) NOT NULL,AUTHORITY VARCHAR_IGNORECASE(50) NOT NULL,CONSTRAINT FK_AUTHORITIES_USERS FOREIGN KEY(USERNAME) REFERENCES USERS(USERNAME));");
-		template.execute("CREATE UNIQUE INDEX IX_AUTH_USERNAME ON AUTHORITIES(USERNAME,AUTHORITY);");
+		this.template.execute("CREATE UNIQUE INDEX IX_AUTH_USERNAME ON AUTHORITIES(USERNAME,AUTHORITY);");
 
 		/*
 		 * Passwords encoded using MD5, NOT in Base64 format, with null as salt Encoded
@@ -46,21 +46,21 @@ public class DataSourcePopulator implements InitializingBean {
 		 * is disabled) Encoded password for bill is "wombat" Encoded password for bob is
 		 * "wombat" Encoded password for jane is "wombat"
 		 */
-		template.execute("INSERT INTO USERS VALUES('rod','{noop}koala',TRUE);");
-		template.execute("INSERT INTO USERS VALUES('dianne','{MD5}65d15fe9156f9c4bbffd98085992a44e',TRUE);");
-		template.execute("INSERT INTO USERS VALUES('scott','{MD5}2b58af6dddbd072ed27ffc86725d7d3a',TRUE);");
-		template.execute("INSERT INTO USERS VALUES('peter','{MD5}22b5c9accc6e1ba628cedc63a72d57f8',FALSE);");
-		template.execute("INSERT INTO USERS VALUES('bill','{MD5}2b58af6dddbd072ed27ffc86725d7d3a',TRUE);");
-		template.execute("INSERT INTO USERS VALUES('bob','{MD5}2b58af6dddbd072ed27ffc86725d7d3a',TRUE);");
-		template.execute("INSERT INTO USERS VALUES('jane','{MD5}2b58af6dddbd072ed27ffc86725d7d3a',TRUE);");
-		template.execute("INSERT INTO AUTHORITIES VALUES('rod','ROLE_USER');");
-		template.execute("INSERT INTO AUTHORITIES VALUES('rod','ROLE_SUPERVISOR');");
-		template.execute("INSERT INTO AUTHORITIES VALUES('dianne','ROLE_USER');");
-		template.execute("INSERT INTO AUTHORITIES VALUES('scott','ROLE_USER');");
-		template.execute("INSERT INTO AUTHORITIES VALUES('peter','ROLE_USER');");
-		template.execute("INSERT INTO AUTHORITIES VALUES('bill','ROLE_USER');");
-		template.execute("INSERT INTO AUTHORITIES VALUES('bob','ROLE_USER');");
-		template.execute("INSERT INTO AUTHORITIES VALUES('jane','ROLE_USER');");
+		this.template.execute("INSERT INTO USERS VALUES('rod','{noop}koala',TRUE);");
+		this.template.execute("INSERT INTO USERS VALUES('dianne','{MD5}65d15fe9156f9c4bbffd98085992a44e',TRUE);");
+		this.template.execute("INSERT INTO USERS VALUES('scott','{MD5}2b58af6dddbd072ed27ffc86725d7d3a',TRUE);");
+		this.template.execute("INSERT INTO USERS VALUES('peter','{MD5}22b5c9accc6e1ba628cedc63a72d57f8',FALSE);");
+		this.template.execute("INSERT INTO USERS VALUES('bill','{MD5}2b58af6dddbd072ed27ffc86725d7d3a',TRUE);");
+		this.template.execute("INSERT INTO USERS VALUES('bob','{MD5}2b58af6dddbd072ed27ffc86725d7d3a',TRUE);");
+		this.template.execute("INSERT INTO USERS VALUES('jane','{MD5}2b58af6dddbd072ed27ffc86725d7d3a',TRUE);");
+		this.template.execute("INSERT INTO AUTHORITIES VALUES('rod','ROLE_USER');");
+		this.template.execute("INSERT INTO AUTHORITIES VALUES('rod','ROLE_SUPERVISOR');");
+		this.template.execute("INSERT INTO AUTHORITIES VALUES('dianne','ROLE_USER');");
+		this.template.execute("INSERT INTO AUTHORITIES VALUES('scott','ROLE_USER');");
+		this.template.execute("INSERT INTO AUTHORITIES VALUES('peter','ROLE_USER');");
+		this.template.execute("INSERT INTO AUTHORITIES VALUES('bill','ROLE_USER');");
+		this.template.execute("INSERT INTO AUTHORITIES VALUES('bob','ROLE_USER');");
+		this.template.execute("INSERT INTO AUTHORITIES VALUES('jane','ROLE_USER');");
 	}
 
 	public void setDataSource(DataSource dataSource) {
diff --git a/config/src/test/java/org/springframework/security/config/FilterChainProxyConfigTests.java b/config/src/test/java/org/springframework/security/config/FilterChainProxyConfigTests.java
index aafe570bad..0730702b94 100644
--- a/config/src/test/java/org/springframework/security/config/FilterChainProxyConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/FilterChainProxyConfigTests.java
@@ -59,25 +59,25 @@ public class FilterChainProxyConfigTests {
 	public void loadContext() {
 		System.setProperty("sec1235.pattern1", "/login");
 		System.setProperty("sec1235.pattern2", "/logout");
-		appCtx = new ClassPathXmlApplicationContext("org/springframework/security/util/filtertest-valid.xml");
+		this.appCtx = new ClassPathXmlApplicationContext("org/springframework/security/util/filtertest-valid.xml");
 	}
 
 	@After
 	public void closeContext() {
-		if (appCtx != null) {
-			appCtx.close();
+		if (this.appCtx != null) {
+			this.appCtx.close();
 		}
 	}
 
 	@Test
 	public void normalOperation() throws Exception {
-		FilterChainProxy filterChainProxy = appCtx.getBean("filterChain", FilterChainProxy.class);
+		FilterChainProxy filterChainProxy = this.appCtx.getBean("filterChain", FilterChainProxy.class);
 		doNormalOperation(filterChainProxy);
 	}
 
 	@Test
 	public void normalOperationWithNewConfig() throws Exception {
-		FilterChainProxy filterChainProxy = appCtx.getBean("newFilterChainProxy", FilterChainProxy.class);
+		FilterChainProxy filterChainProxy = this.appCtx.getBean("newFilterChainProxy", FilterChainProxy.class);
 		filterChainProxy.setFirewall(new DefaultHttpFirewall());
 		checkPathAndFilterOrder(filterChainProxy);
 		doNormalOperation(filterChainProxy);
@@ -85,7 +85,7 @@ public class FilterChainProxyConfigTests {
 
 	@Test
 	public void normalOperationWithNewConfigRegex() throws Exception {
-		FilterChainProxy filterChainProxy = appCtx.getBean("newFilterChainProxyRegex", FilterChainProxy.class);
+		FilterChainProxy filterChainProxy = this.appCtx.getBean("newFilterChainProxyRegex", FilterChainProxy.class);
 		filterChainProxy.setFirewall(new DefaultHttpFirewall());
 		checkPathAndFilterOrder(filterChainProxy);
 		doNormalOperation(filterChainProxy);
@@ -93,7 +93,8 @@ public class FilterChainProxyConfigTests {
 
 	@Test
 	public void normalOperationWithNewConfigNonNamespace() throws Exception {
-		FilterChainProxy filterChainProxy = appCtx.getBean("newFilterChainProxyNonNamespace", FilterChainProxy.class);
+		FilterChainProxy filterChainProxy = this.appCtx.getBean("newFilterChainProxyNonNamespace",
+				FilterChainProxy.class);
 		filterChainProxy.setFirewall(new DefaultHttpFirewall());
 		checkPathAndFilterOrder(filterChainProxy);
 		doNormalOperation(filterChainProxy);
@@ -101,14 +102,15 @@ public class FilterChainProxyConfigTests {
 
 	@Test
 	public void pathWithNoMatchHasNoFilters() {
-		FilterChainProxy filterChainProxy = appCtx.getBean("newFilterChainProxyNoDefaultPath", FilterChainProxy.class);
+		FilterChainProxy filterChainProxy = this.appCtx.getBean("newFilterChainProxyNoDefaultPath",
+				FilterChainProxy.class);
 		assertThat(filterChainProxy.getFilters("/nomatch")).isNull();
 	}
 
 	// SEC-1235
 	@Test
 	public void mixingPatternsAndPlaceholdersDoesntCauseOrderingIssues() {
-		FilterChainProxy fcp = appCtx.getBean("sec1235FilterChainProxy", FilterChainProxy.class);
+		FilterChainProxy fcp = this.appCtx.getBean("sec1235FilterChainProxy", FilterChainProxy.class);
 
 		List<SecurityFilterChain> chains = fcp.getFilterChains();
 		assertThat(getPattern(chains.get(0))).isEqualTo("/login*");
diff --git a/config/src/test/java/org/springframework/security/config/InvalidConfigurationTests.java b/config/src/test/java/org/springframework/security/config/InvalidConfigurationTests.java
index f4ee273515..7870b89cac 100644
--- a/config/src/test/java/org/springframework/security/config/InvalidConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/InvalidConfigurationTests.java
@@ -40,8 +40,8 @@ public class InvalidConfigurationTests {
 
 	@After
 	public void closeAppContext() {
-		if (appContext != null) {
-			appContext.close();
+		if (this.appContext != null) {
+			this.appContext.close();
 		}
 	}
 
@@ -79,7 +79,7 @@ public class InvalidConfigurationTests {
 	}
 
 	private void setContext(String context) {
-		appContext = new InMemoryXmlApplicationContext(context);
+		this.appContext = new InMemoryXmlApplicationContext(context);
 	}
 
 }
diff --git a/config/src/test/java/org/springframework/security/config/PostProcessedMockUserDetailsService.java b/config/src/test/java/org/springframework/security/config/PostProcessedMockUserDetailsService.java
index 7245db7ecf..c2c70116f7 100644
--- a/config/src/test/java/org/springframework/security/config/PostProcessedMockUserDetailsService.java
+++ b/config/src/test/java/org/springframework/security/config/PostProcessedMockUserDetailsService.java
@@ -27,7 +27,7 @@ public class PostProcessedMockUserDetailsService implements UserDetailsService {
 	}
 
 	public String getPostProcessorWasHere() {
-		return postProcessorWasHere;
+		return this.postProcessorWasHere;
 	}
 
 	public void setPostProcessorWasHere(String postProcessorWasHere) {
diff --git a/config/src/test/java/org/springframework/security/config/SecurityNamespaceHandlerTests.java b/config/src/test/java/org/springframework/security/config/SecurityNamespaceHandlerTests.java
index 7831e310fb..3623491195 100644
--- a/config/src/test/java/org/springframework/security/config/SecurityNamespaceHandlerTests.java
+++ b/config/src/test/java/org/springframework/security/config/SecurityNamespaceHandlerTests.java
@@ -106,8 +106,8 @@ public class SecurityNamespaceHandlerTests {
 	@Test
 	public void filterNoClassDefFoundError() throws Exception {
 		String className = "javax.servlet.Filter";
-		thrown.expect(BeanDefinitionParsingException.class);
-		thrown.expectMessage("NoClassDefFoundError: " + className);
+		this.thrown.expect(BeanDefinitionParsingException.class);
+		this.thrown.expectMessage("NoClassDefFoundError: " + className);
 		spy(ClassUtils.class);
 		doThrow(new NoClassDefFoundError(className)).when(ClassUtils.class, "forName", eq(FILTER_CHAIN_PROXY_CLASSNAME),
 				any(ClassLoader.class));
@@ -127,8 +127,8 @@ public class SecurityNamespaceHandlerTests {
 	@Test
 	public void filterChainProxyClassNotFoundException() throws Exception {
 		String className = FILTER_CHAIN_PROXY_CLASSNAME;
-		thrown.expect(BeanDefinitionParsingException.class);
-		thrown.expectMessage("ClassNotFoundException: " + className);
+		this.thrown.expect(BeanDefinitionParsingException.class);
+		this.thrown.expectMessage("ClassNotFoundException: " + className);
 		spy(ClassUtils.class);
 		doThrow(new ClassNotFoundException(className)).when(ClassUtils.class, "forName",
 				eq(FILTER_CHAIN_PROXY_CLASSNAME), any(ClassLoader.class));
diff --git a/config/src/test/java/org/springframework/security/config/annotation/ConcereteSecurityConfigurerAdapter.java b/config/src/test/java/org/springframework/security/config/annotation/ConcereteSecurityConfigurerAdapter.java
index 5075300c77..d1fb0deae6 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/ConcereteSecurityConfigurerAdapter.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/ConcereteSecurityConfigurerAdapter.java
@@ -28,7 +28,7 @@ class ConcereteSecurityConfigurerAdapter extends SecurityConfigurerAdapter<Objec
 
 	@Override
 	public void configure(SecurityBuilder<Object> builder) {
-		list = postProcess(list);
+		this.list = postProcess(this.list);
 	}
 
 	public ConcereteSecurityConfigurerAdapter list(List<Object> l) {
diff --git a/config/src/test/java/org/springframework/security/config/annotation/SecurityConfigurerAdapterTests.java b/config/src/test/java/org/springframework/security/config/annotation/SecurityConfigurerAdapterTests.java
index 9e60cd0d74..a75c8ed610 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/SecurityConfigurerAdapterTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/SecurityConfigurerAdapterTests.java
@@ -28,15 +28,15 @@ public class SecurityConfigurerAdapterTests {
 
 	@Before
 	public void setup() {
-		adapter = new ConcereteSecurityConfigurerAdapter();
+		this.adapter = new ConcereteSecurityConfigurerAdapter();
 	}
 
 	@Test
 	public void postProcessObjectPostProcessorsAreSorted() {
-		adapter.addObjectPostProcessor(new OrderedObjectPostProcessor(Ordered.LOWEST_PRECEDENCE));
-		adapter.addObjectPostProcessor(new OrderedObjectPostProcessor(Ordered.HIGHEST_PRECEDENCE));
+		this.adapter.addObjectPostProcessor(new OrderedObjectPostProcessor(Ordered.LOWEST_PRECEDENCE));
+		this.adapter.addObjectPostProcessor(new OrderedObjectPostProcessor(Ordered.HIGHEST_PRECEDENCE));
 
-		assertThat(adapter.postProcess("hi"))
+		assertThat(this.adapter.postProcess("hi"))
 				.isEqualTo("hi " + Ordered.HIGHEST_PRECEDENCE + " " + Ordered.LOWEST_PRECEDENCE);
 	}
 
@@ -49,12 +49,12 @@ public class SecurityConfigurerAdapterTests {
 		}
 
 		public int getOrder() {
-			return order;
+			return this.order;
 		}
 
 		@SuppressWarnings("unchecked")
 		public String postProcess(String object) {
-			return object + " " + order;
+			return object + " " + this.order;
 		}
 
 	}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/EnableGlobalAuthenticationTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/EnableGlobalAuthenticationTests.java
index dd6faa94ae..c36a69936c 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/EnableGlobalAuthenticationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/EnableGlobalAuthenticationTests.java
@@ -40,7 +40,7 @@ public class EnableGlobalAuthenticationTests {
 	public void authenticationConfigurationWhenGetAuthenticationManagerThenNotNull() throws Exception {
 		this.spring.register(Config.class).autowire();
 
-		AuthenticationConfiguration auth = spring.getContext().getBean(AuthenticationConfiguration.class);
+		AuthenticationConfiguration auth = this.spring.getContext().getBean(AuthenticationConfiguration.class);
 
 		assertThat(auth.getAuthenticationManager()).isNotNull();
 	}
@@ -116,7 +116,7 @@ public class EnableGlobalAuthenticationTests {
 		}
 
 		public Child getChild() {
-			return child;
+			return this.child;
 		}
 
 	}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/configurers/ldap/LdapAuthenticationProviderConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/configurers/ldap/LdapAuthenticationProviderConfigurerTests.java
index 0c786825ff..41dd70e31e 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/authentication/configurers/ldap/LdapAuthenticationProviderConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/configurers/ldap/LdapAuthenticationProviderConfigurerTests.java
@@ -30,15 +30,15 @@ public class LdapAuthenticationProviderConfigurerTests {
 
 	@Before
 	public void setUp() {
-		configurer = new LdapAuthenticationProviderConfigurer<>();
+		this.configurer = new LdapAuthenticationProviderConfigurer<>();
 	}
 
 	// SEC-2557
 	@Test
 	public void getAuthoritiesMapper() throws Exception {
-		assertThat(configurer.getAuthoritiesMapper()).isInstanceOf(SimpleAuthorityMapper.class);
-		configurer.authoritiesMapper(new NullAuthoritiesMapper());
-		assertThat(configurer.getAuthoritiesMapper()).isInstanceOf(NullAuthoritiesMapper.class);
+		assertThat(this.configurer.getAuthoritiesMapper()).isInstanceOf(SimpleAuthorityMapper.class);
+		this.configurer.authoritiesMapper(new NullAuthoritiesMapper());
+		assertThat(this.configurer.getAuthoritiesMapper()).isInstanceOf(NullAuthoritiesMapper.class);
 
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/configurers/provisioning/UserDetailsManagerConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/configurers/provisioning/UserDetailsManagerConfigurerTests.java
index 03ec10796e..a6e2e698c7 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/authentication/configurers/provisioning/UserDetailsManagerConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/configurers/provisioning/UserDetailsManagerConfigurerTests.java
@@ -38,13 +38,13 @@ public class UserDetailsManagerConfigurerTests {
 
 	@Before
 	public void setup() {
-		userDetailsManager = new InMemoryUserDetailsManager();
+		this.userDetailsManager = new InMemoryUserDetailsManager();
 	}
 
 	@Test
 	public void allAttributesSupported() {
 		UserDetails userDetails = new UserDetailsManagerConfigurer<AuthenticationManagerBuilder, InMemoryUserDetailsManagerConfigurer<AuthenticationManagerBuilder>>(
-				userDetailsManager).withUser("user").password("password").roles("USER").disabled(true)
+				this.userDetailsManager).withUser("user").password("password").roles("USER").disabled(true)
 						.accountExpired(true).accountLocked(true).credentialsExpired(true).build();
 
 		assertThat(userDetails.getUsername()).isEqualTo("user");
@@ -61,7 +61,7 @@ public class UserDetailsManagerConfigurerTests {
 		SimpleGrantedAuthority authority = new SimpleGrantedAuthority("ROLE_USER");
 
 		UserDetails userDetails = new UserDetailsManagerConfigurer<AuthenticationManagerBuilder, InMemoryUserDetailsManagerConfigurer<AuthenticationManagerBuilder>>(
-				userDetailsManager).withUser("user").password("password").authorities(authority).build();
+				this.userDetailsManager).withUser("user").password("password").authorities(authority).build();
 
 		assertThat(userDetails.getAuthorities().stream().findFirst().get()).isEqualTo(authority);
 	}
@@ -71,7 +71,7 @@ public class UserDetailsManagerConfigurerTests {
 		String authority = "ROLE_USER";
 
 		UserDetails userDetails = new UserDetailsManagerConfigurer<AuthenticationManagerBuilder, InMemoryUserDetailsManagerConfigurer<AuthenticationManagerBuilder>>(
-				userDetailsManager).withUser("user").password("password").authorities(authority).build();
+				this.userDetailsManager).withUser("user").password("password").authorities(authority).build();
 
 		assertThat(userDetails.getAuthorities().stream().findFirst().get().getAuthority()).isEqualTo(authority);
 	}
@@ -81,7 +81,8 @@ public class UserDetailsManagerConfigurerTests {
 		SimpleGrantedAuthority authority = new SimpleGrantedAuthority("ROLE_USER");
 
 		UserDetails userDetails = new UserDetailsManagerConfigurer<AuthenticationManagerBuilder, InMemoryUserDetailsManagerConfigurer<AuthenticationManagerBuilder>>(
-				userDetailsManager).withUser("user").password("password").authorities(Arrays.asList(authority)).build();
+				this.userDetailsManager).withUser("user").password("password").authorities(Arrays.asList(authority))
+						.build();
 
 		assertThat(userDetails.getAuthorities().stream().findFirst().get()).isEqualTo(authority);
 	}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/issue50/SecurityConfig.java b/config/src/test/java/org/springframework/security/config/annotation/issue50/SecurityConfig.java
index 791452636f..10d4e5f8ec 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/issue50/SecurityConfig.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/issue50/SecurityConfig.java
@@ -71,7 +71,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
 
 	@Bean
 	public AuthenticationProvider authenticationProvider() {
-		Assert.notNull(myUserRepository);
+		Assert.notNull(this.myUserRepository);
 		return new AuthenticationProvider() {
 			public boolean supports(Class<?> authentication) {
 				return true;
@@ -80,7 +80,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
 			public Authentication authenticate(Authentication authentication) throws AuthenticationException {
 				Object principal = authentication.getPrincipal();
 				String username = String.valueOf(principal);
-				User user = myUserRepository.findByUsername(username);
+				User user = SecurityConfig.this.myUserRepository.findByUsername(username);
 				if (user == null) {
 					throw new UsernameNotFoundException("No user for principal " + principal);
 				}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/issue50/domain/User.java b/config/src/test/java/org/springframework/security/config/annotation/issue50/domain/User.java
index 919a378429..9d77f983cf 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/issue50/domain/User.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/issue50/domain/User.java
@@ -36,7 +36,7 @@ public class User {
 	private String password;
 
 	public Long getId() {
-		return id;
+		return this.id;
 	}
 
 	public void setId(Long id) {
@@ -44,7 +44,7 @@ public class User {
 	}
 
 	public String getUsername() {
-		return username;
+		return this.username;
 	}
 
 	public void setUsername(String username) {
@@ -52,7 +52,7 @@ public class User {
 	}
 
 	public String getPassword() {
-		return password;
+		return this.password;
 	}
 
 	public void setPassword(String password) {
diff --git a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/DelegatingReactiveMessageService.java b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/DelegatingReactiveMessageService.java
index c6a8980a0f..41b952f911 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/DelegatingReactiveMessageService.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/DelegatingReactiveMessageService.java
@@ -38,89 +38,89 @@ public class DelegatingReactiveMessageService implements ReactiveMessageService
 
 	@Override
 	public Mono<String> monoFindById(long id) {
-		return delegate.monoFindById(id);
+		return this.delegate.monoFindById(id);
 	}
 
 	@Override
 	@PreAuthorize("hasRole('ADMIN')")
 	public Mono<String> monoPreAuthorizeHasRoleFindById(long id) {
-		return delegate.monoPreAuthorizeHasRoleFindById(id);
+		return this.delegate.monoPreAuthorizeHasRoleFindById(id);
 	}
 
 	@Override
 	@PostAuthorize("returnObject?.contains(authentication?.name)")
 	public Mono<String> monoPostAuthorizeFindById(long id) {
-		return delegate.monoPostAuthorizeFindById(id);
+		return this.delegate.monoPostAuthorizeFindById(id);
 	}
 
 	@Override
 	@PreAuthorize("@authz.check(#id)")
 	public Mono<String> monoPreAuthorizeBeanFindById(long id) {
-		return delegate.monoPreAuthorizeBeanFindById(id);
+		return this.delegate.monoPreAuthorizeBeanFindById(id);
 	}
 
 	@Override
 	@PostAuthorize("@authz.check(authentication, returnObject)")
 	public Mono<String> monoPostAuthorizeBeanFindById(long id) {
-		return delegate.monoPostAuthorizeBeanFindById(id);
+		return this.delegate.monoPostAuthorizeBeanFindById(id);
 	}
 
 	@Override
 	public Flux<String> fluxFindById(long id) {
-		return delegate.fluxFindById(id);
+		return this.delegate.fluxFindById(id);
 	}
 
 	@Override
 	@PreAuthorize("hasRole('ADMIN')")
 	public Flux<String> fluxPreAuthorizeHasRoleFindById(long id) {
-		return delegate.fluxPreAuthorizeHasRoleFindById(id);
+		return this.delegate.fluxPreAuthorizeHasRoleFindById(id);
 	}
 
 	@Override
 	@PostAuthorize("returnObject?.contains(authentication?.name)")
 	public Flux<String> fluxPostAuthorizeFindById(long id) {
-		return delegate.fluxPostAuthorizeFindById(id);
+		return this.delegate.fluxPostAuthorizeFindById(id);
 	}
 
 	@Override
 	@PreAuthorize("@authz.check(#id)")
 	public Flux<String> fluxPreAuthorizeBeanFindById(long id) {
-		return delegate.fluxPreAuthorizeBeanFindById(id);
+		return this.delegate.fluxPreAuthorizeBeanFindById(id);
 	}
 
 	@Override
 	@PostAuthorize("@authz.check(authentication, returnObject)")
 	public Flux<String> fluxPostAuthorizeBeanFindById(long id) {
-		return delegate.fluxPostAuthorizeBeanFindById(id);
+		return this.delegate.fluxPostAuthorizeBeanFindById(id);
 	}
 
 	@Override
 	public Publisher<String> publisherFindById(long id) {
-		return delegate.publisherFindById(id);
+		return this.delegate.publisherFindById(id);
 	}
 
 	@Override
 	@PreAuthorize("hasRole('ADMIN')")
 	public Publisher<String> publisherPreAuthorizeHasRoleFindById(long id) {
-		return delegate.publisherPreAuthorizeHasRoleFindById(id);
+		return this.delegate.publisherPreAuthorizeHasRoleFindById(id);
 	}
 
 	@Override
 	@PostAuthorize("returnObject?.contains(authentication?.name)")
 	public Publisher<String> publisherPostAuthorizeFindById(long id) {
-		return delegate.publisherPostAuthorizeFindById(id);
+		return this.delegate.publisherPostAuthorizeFindById(id);
 	}
 
 	@Override
 	@PreAuthorize("@authz.check(#id)")
 	public Publisher<String> publisherPreAuthorizeBeanFindById(long id) {
-		return delegate.publisherPreAuthorizeBeanFindById(id);
+		return this.delegate.publisherPreAuthorizeBeanFindById(id);
 	}
 
 	@Override
 	@PostAuthorize("@authz.check(authentication, returnObject)")
 	public Publisher<String> publisherPostAuthorizeBeanFindById(long id) {
-		return delegate.publisherPostAuthorizeBeanFindById(id);
+		return this.delegate.publisherPostAuthorizeBeanFindById(id);
 	}
 
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/EnableReactiveMethodSecurityTests.java b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/EnableReactiveMethodSecurityTests.java
index c68be1a0cc..96ec318fb6 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/EnableReactiveMethodSecurityTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/EnableReactiveMethodSecurityTests.java
@@ -63,7 +63,7 @@ public class EnableReactiveMethodSecurityTests {
 
 	@After
 	public void cleanup() {
-		reset(delegate);
+		reset(this.delegate);
 	}
 
 	@Autowired
@@ -80,11 +80,11 @@ public class EnableReactiveMethodSecurityTests {
 
 	@Test
 	public void monoWhenPermitAllThenAopDoesNotSubscribe() {
-		when(this.delegate.monoFindById(1L)).thenReturn(Mono.from(result));
+		when(this.delegate.monoFindById(1L)).thenReturn(Mono.from(this.result));
 
 		this.delegate.monoFindById(1L);
 
-		result.assertNoSubscribers();
+		this.result.assertNoSubscribers();
 	}
 
 	@Test
@@ -98,35 +98,37 @@ public class EnableReactiveMethodSecurityTests {
 	public void monoPreAuthorizeHasRoleWhenGrantedThenSuccess() {
 		when(this.delegate.monoPreAuthorizeHasRoleFindById(1L)).thenReturn(Mono.just("result"));
 
-		Mono<String> findById = this.messageService.monoPreAuthorizeHasRoleFindById(1L).subscriberContext(withAdmin);
+		Mono<String> findById = this.messageService.monoPreAuthorizeHasRoleFindById(1L)
+				.subscriberContext(this.withAdmin);
 		StepVerifier.create(findById).expectNext("result").verifyComplete();
 	}
 
 	@Test
 	public void monoPreAuthorizeHasRoleWhenNoAuthenticationThenDenied() {
-		when(this.delegate.monoPreAuthorizeHasRoleFindById(1L)).thenReturn(Mono.from(result));
+		when(this.delegate.monoPreAuthorizeHasRoleFindById(1L)).thenReturn(Mono.from(this.result));
 
 		Mono<String> findById = this.messageService.monoPreAuthorizeHasRoleFindById(1L);
 		StepVerifier.create(findById).expectError(AccessDeniedException.class).verify();
 
-		result.assertNoSubscribers();
+		this.result.assertNoSubscribers();
 	}
 
 	@Test
 	public void monoPreAuthorizeHasRoleWhenNotAuthorizedThenDenied() {
-		when(this.delegate.monoPreAuthorizeHasRoleFindById(1L)).thenReturn(Mono.from(result));
+		when(this.delegate.monoPreAuthorizeHasRoleFindById(1L)).thenReturn(Mono.from(this.result));
 
-		Mono<String> findById = this.messageService.monoPreAuthorizeHasRoleFindById(1L).subscriberContext(withUser);
+		Mono<String> findById = this.messageService.monoPreAuthorizeHasRoleFindById(1L)
+				.subscriberContext(this.withUser);
 		StepVerifier.create(findById).expectError(AccessDeniedException.class).verify();
 
-		result.assertNoSubscribers();
+		this.result.assertNoSubscribers();
 	}
 
 	@Test
 	public void monoPreAuthorizeBeanWhenGrantedThenSuccess() {
 		when(this.delegate.monoPreAuthorizeBeanFindById(2L)).thenReturn(Mono.just("result"));
 
-		Mono<String> findById = this.messageService.monoPreAuthorizeBeanFindById(2L).subscriberContext(withAdmin);
+		Mono<String> findById = this.messageService.monoPreAuthorizeBeanFindById(2L).subscriberContext(this.withAdmin);
 		StepVerifier.create(findById).expectNext("result").verifyComplete();
 	}
 
@@ -140,29 +142,29 @@ public class EnableReactiveMethodSecurityTests {
 
 	@Test
 	public void monoPreAuthorizeBeanWhenNoAuthenticationThenDenied() {
-		when(this.delegate.monoPreAuthorizeBeanFindById(1L)).thenReturn(Mono.from(result));
+		when(this.delegate.monoPreAuthorizeBeanFindById(1L)).thenReturn(Mono.from(this.result));
 
 		Mono<String> findById = this.messageService.monoPreAuthorizeBeanFindById(1L);
 		StepVerifier.create(findById).expectError(AccessDeniedException.class).verify();
 
-		result.assertNoSubscribers();
+		this.result.assertNoSubscribers();
 	}
 
 	@Test
 	public void monoPreAuthorizeBeanWhenNotAuthorizedThenDenied() {
-		when(this.delegate.monoPreAuthorizeBeanFindById(1L)).thenReturn(Mono.from(result));
+		when(this.delegate.monoPreAuthorizeBeanFindById(1L)).thenReturn(Mono.from(this.result));
 
-		Mono<String> findById = this.messageService.monoPreAuthorizeBeanFindById(1L).subscriberContext(withUser);
+		Mono<String> findById = this.messageService.monoPreAuthorizeBeanFindById(1L).subscriberContext(this.withUser);
 		StepVerifier.create(findById).expectError(AccessDeniedException.class).verify();
 
-		result.assertNoSubscribers();
+		this.result.assertNoSubscribers();
 	}
 
 	@Test
 	public void monoPostAuthorizeWhenAuthorizedThenSuccess() {
 		when(this.delegate.monoPostAuthorizeFindById(1L)).thenReturn(Mono.just("user"));
 
-		Mono<String> findById = this.messageService.monoPostAuthorizeFindById(1L).subscriberContext(withUser);
+		Mono<String> findById = this.messageService.monoPostAuthorizeFindById(1L).subscriberContext(this.withUser);
 		StepVerifier.create(findById).expectNext("user").verifyComplete();
 	}
 
@@ -170,7 +172,7 @@ public class EnableReactiveMethodSecurityTests {
 	public void monoPostAuthorizeWhenNotAuthorizedThenDenied() {
 		when(this.delegate.monoPostAuthorizeBeanFindById(1L)).thenReturn(Mono.just("not-authorized"));
 
-		Mono<String> findById = this.messageService.monoPostAuthorizeBeanFindById(1L).subscriberContext(withUser);
+		Mono<String> findById = this.messageService.monoPostAuthorizeBeanFindById(1L).subscriberContext(this.withUser);
 		StepVerifier.create(findById).expectError(AccessDeniedException.class).verify();
 	}
 
@@ -178,7 +180,7 @@ public class EnableReactiveMethodSecurityTests {
 	public void monoPostAuthorizeWhenBeanAndAuthorizedThenSuccess() {
 		when(this.delegate.monoPostAuthorizeBeanFindById(2L)).thenReturn(Mono.just("user"));
 
-		Mono<String> findById = this.messageService.monoPostAuthorizeBeanFindById(2L).subscriberContext(withUser);
+		Mono<String> findById = this.messageService.monoPostAuthorizeBeanFindById(2L).subscriberContext(this.withUser);
 		StepVerifier.create(findById).expectNext("user").verifyComplete();
 	}
 
@@ -194,7 +196,7 @@ public class EnableReactiveMethodSecurityTests {
 	public void monoPostAuthorizeWhenBeanAndNotAuthorizedThenDenied() {
 		when(this.delegate.monoPostAuthorizeBeanFindById(1L)).thenReturn(Mono.just("not-authorized"));
 
-		Mono<String> findById = this.messageService.monoPostAuthorizeBeanFindById(1L).subscriberContext(withUser);
+		Mono<String> findById = this.messageService.monoPostAuthorizeBeanFindById(1L).subscriberContext(this.withUser);
 		StepVerifier.create(findById).expectError(AccessDeniedException.class).verify();
 	}
 
@@ -202,11 +204,11 @@ public class EnableReactiveMethodSecurityTests {
 
 	@Test
 	public void fluxWhenPermitAllThenAopDoesNotSubscribe() {
-		when(this.delegate.fluxFindById(1L)).thenReturn(Flux.from(result));
+		when(this.delegate.fluxFindById(1L)).thenReturn(Flux.from(this.result));
 
 		this.delegate.fluxFindById(1L);
 
-		result.assertNoSubscribers();
+		this.result.assertNoSubscribers();
 	}
 
 	@Test
@@ -220,36 +222,38 @@ public class EnableReactiveMethodSecurityTests {
 	public void fluxPreAuthorizeHasRoleWhenGrantedThenSuccess() {
 		when(this.delegate.fluxPreAuthorizeHasRoleFindById(1L)).thenReturn(Flux.just("result"));
 
-		Flux<String> findById = this.messageService.fluxPreAuthorizeHasRoleFindById(1L).subscriberContext(withAdmin);
+		Flux<String> findById = this.messageService.fluxPreAuthorizeHasRoleFindById(1L)
+				.subscriberContext(this.withAdmin);
 		StepVerifier.create(findById).consumeNextWith(s -> AssertionsForClassTypes.assertThat(s).isEqualTo("result"))
 				.verifyComplete();
 	}
 
 	@Test
 	public void fluxPreAuthorizeHasRoleWhenNoAuthenticationThenDenied() {
-		when(this.delegate.fluxPreAuthorizeHasRoleFindById(1L)).thenReturn(Flux.from(result));
+		when(this.delegate.fluxPreAuthorizeHasRoleFindById(1L)).thenReturn(Flux.from(this.result));
 
 		Flux<String> findById = this.messageService.fluxPreAuthorizeHasRoleFindById(1L);
 		StepVerifier.create(findById).expectError(AccessDeniedException.class).verify();
 
-		result.assertNoSubscribers();
+		this.result.assertNoSubscribers();
 	}
 
 	@Test
 	public void fluxPreAuthorizeHasRoleWhenNotAuthorizedThenDenied() {
-		when(this.delegate.fluxPreAuthorizeHasRoleFindById(1L)).thenReturn(Flux.from(result));
+		when(this.delegate.fluxPreAuthorizeHasRoleFindById(1L)).thenReturn(Flux.from(this.result));
 
-		Flux<String> findById = this.messageService.fluxPreAuthorizeHasRoleFindById(1L).subscriberContext(withUser);
+		Flux<String> findById = this.messageService.fluxPreAuthorizeHasRoleFindById(1L)
+				.subscriberContext(this.withUser);
 		StepVerifier.create(findById).expectError(AccessDeniedException.class).verify();
 
-		result.assertNoSubscribers();
+		this.result.assertNoSubscribers();
 	}
 
 	@Test
 	public void fluxPreAuthorizeBeanWhenGrantedThenSuccess() {
 		when(this.delegate.fluxPreAuthorizeBeanFindById(2L)).thenReturn(Flux.just("result"));
 
-		Flux<String> findById = this.messageService.fluxPreAuthorizeBeanFindById(2L).subscriberContext(withAdmin);
+		Flux<String> findById = this.messageService.fluxPreAuthorizeBeanFindById(2L).subscriberContext(this.withAdmin);
 		StepVerifier.create(findById).expectNext("result").verifyComplete();
 	}
 
@@ -263,29 +267,29 @@ public class EnableReactiveMethodSecurityTests {
 
 	@Test
 	public void fluxPreAuthorizeBeanWhenNoAuthenticationThenDenied() {
-		when(this.delegate.fluxPreAuthorizeBeanFindById(1L)).thenReturn(Flux.from(result));
+		when(this.delegate.fluxPreAuthorizeBeanFindById(1L)).thenReturn(Flux.from(this.result));
 
 		Flux<String> findById = this.messageService.fluxPreAuthorizeBeanFindById(1L);
 		StepVerifier.create(findById).expectError(AccessDeniedException.class).verify();
 
-		result.assertNoSubscribers();
+		this.result.assertNoSubscribers();
 	}
 
 	@Test
 	public void fluxPreAuthorizeBeanWhenNotAuthorizedThenDenied() {
-		when(this.delegate.fluxPreAuthorizeBeanFindById(1L)).thenReturn(Flux.from(result));
+		when(this.delegate.fluxPreAuthorizeBeanFindById(1L)).thenReturn(Flux.from(this.result));
 
-		Flux<String> findById = this.messageService.fluxPreAuthorizeBeanFindById(1L).subscriberContext(withUser);
+		Flux<String> findById = this.messageService.fluxPreAuthorizeBeanFindById(1L).subscriberContext(this.withUser);
 		StepVerifier.create(findById).expectError(AccessDeniedException.class).verify();
 
-		result.assertNoSubscribers();
+		this.result.assertNoSubscribers();
 	}
 
 	@Test
 	public void fluxPostAuthorizeWhenAuthorizedThenSuccess() {
 		when(this.delegate.fluxPostAuthorizeFindById(1L)).thenReturn(Flux.just("user"));
 
-		Flux<String> findById = this.messageService.fluxPostAuthorizeFindById(1L).subscriberContext(withUser);
+		Flux<String> findById = this.messageService.fluxPostAuthorizeFindById(1L).subscriberContext(this.withUser);
 		StepVerifier.create(findById).expectNext("user").verifyComplete();
 	}
 
@@ -293,7 +297,7 @@ public class EnableReactiveMethodSecurityTests {
 	public void fluxPostAuthorizeWhenNotAuthorizedThenDenied() {
 		when(this.delegate.fluxPostAuthorizeBeanFindById(1L)).thenReturn(Flux.just("not-authorized"));
 
-		Flux<String> findById = this.messageService.fluxPostAuthorizeBeanFindById(1L).subscriberContext(withUser);
+		Flux<String> findById = this.messageService.fluxPostAuthorizeBeanFindById(1L).subscriberContext(this.withUser);
 		StepVerifier.create(findById).expectError(AccessDeniedException.class).verify();
 	}
 
@@ -301,7 +305,7 @@ public class EnableReactiveMethodSecurityTests {
 	public void fluxPostAuthorizeWhenBeanAndAuthorizedThenSuccess() {
 		when(this.delegate.fluxPostAuthorizeBeanFindById(2L)).thenReturn(Flux.just("user"));
 
-		Flux<String> findById = this.messageService.fluxPostAuthorizeBeanFindById(2L).subscriberContext(withUser);
+		Flux<String> findById = this.messageService.fluxPostAuthorizeBeanFindById(2L).subscriberContext(this.withUser);
 		StepVerifier.create(findById).expectNext("user").verifyComplete();
 	}
 
@@ -317,7 +321,7 @@ public class EnableReactiveMethodSecurityTests {
 	public void fluxPostAuthorizeWhenBeanAndNotAuthorizedThenDenied() {
 		when(this.delegate.fluxPostAuthorizeBeanFindById(1L)).thenReturn(Flux.just("not-authorized"));
 
-		Flux<String> findById = this.messageService.fluxPostAuthorizeBeanFindById(1L).subscriberContext(withUser);
+		Flux<String> findById = this.messageService.fluxPostAuthorizeBeanFindById(1L).subscriberContext(this.withUser);
 		StepVerifier.create(findById).expectError(AccessDeniedException.class).verify();
 	}
 
@@ -325,11 +329,11 @@ public class EnableReactiveMethodSecurityTests {
 
 	@Test
 	public void publisherWhenPermitAllThenAopDoesNotSubscribe() {
-		when(this.delegate.publisherFindById(1L)).thenReturn(result);
+		when(this.delegate.publisherFindById(1L)).thenReturn(this.result);
 
 		this.delegate.publisherFindById(1L);
 
-		result.assertNoSubscribers();
+		this.result.assertNoSubscribers();
 	}
 
 	@Test
@@ -344,30 +348,30 @@ public class EnableReactiveMethodSecurityTests {
 		when(this.delegate.publisherPreAuthorizeHasRoleFindById(1L)).thenReturn(publisherJust("result"));
 
 		Publisher<String> findById = Flux.from(this.messageService.publisherPreAuthorizeHasRoleFindById(1L))
-				.subscriberContext(withAdmin);
+				.subscriberContext(this.withAdmin);
 		StepVerifier.create(findById).consumeNextWith(s -> AssertionsForClassTypes.assertThat(s).isEqualTo("result"))
 				.verifyComplete();
 	}
 
 	@Test
 	public void publisherPreAuthorizeHasRoleWhenNoAuthenticationThenDenied() {
-		when(this.delegate.publisherPreAuthorizeHasRoleFindById(1L)).thenReturn(result);
+		when(this.delegate.publisherPreAuthorizeHasRoleFindById(1L)).thenReturn(this.result);
 
 		Publisher<String> findById = this.messageService.publisherPreAuthorizeHasRoleFindById(1L);
 		StepVerifier.create(findById).expectError(AccessDeniedException.class).verify();
 
-		result.assertNoSubscribers();
+		this.result.assertNoSubscribers();
 	}
 
 	@Test
 	public void publisherPreAuthorizeHasRoleWhenNotAuthorizedThenDenied() {
-		when(this.delegate.publisherPreAuthorizeHasRoleFindById(1L)).thenReturn(result);
+		when(this.delegate.publisherPreAuthorizeHasRoleFindById(1L)).thenReturn(this.result);
 
 		Publisher<String> findById = Flux.from(this.messageService.publisherPreAuthorizeHasRoleFindById(1L))
-				.subscriberContext(withUser);
+				.subscriberContext(this.withUser);
 		StepVerifier.create(findById).expectError(AccessDeniedException.class).verify();
 
-		result.assertNoSubscribers();
+		this.result.assertNoSubscribers();
 	}
 
 	@Test
@@ -375,7 +379,7 @@ public class EnableReactiveMethodSecurityTests {
 		when(this.delegate.publisherPreAuthorizeBeanFindById(2L)).thenReturn(publisherJust("result"));
 
 		Publisher<String> findById = Flux.from(this.messageService.publisherPreAuthorizeBeanFindById(2L))
-				.subscriberContext(withAdmin);
+				.subscriberContext(this.withAdmin);
 		StepVerifier.create(findById).expectNext("result").verifyComplete();
 	}
 
@@ -389,23 +393,23 @@ public class EnableReactiveMethodSecurityTests {
 
 	@Test
 	public void publisherPreAuthorizeBeanWhenNoAuthenticationThenDenied() {
-		when(this.delegate.publisherPreAuthorizeBeanFindById(1L)).thenReturn(result);
+		when(this.delegate.publisherPreAuthorizeBeanFindById(1L)).thenReturn(this.result);
 
 		Publisher<String> findById = this.messageService.publisherPreAuthorizeBeanFindById(1L);
 		StepVerifier.create(findById).expectError(AccessDeniedException.class).verify();
 
-		result.assertNoSubscribers();
+		this.result.assertNoSubscribers();
 	}
 
 	@Test
 	public void publisherPreAuthorizeBeanWhenNotAuthorizedThenDenied() {
-		when(this.delegate.publisherPreAuthorizeBeanFindById(1L)).thenReturn(result);
+		when(this.delegate.publisherPreAuthorizeBeanFindById(1L)).thenReturn(this.result);
 
 		Publisher<String> findById = Flux.from(this.messageService.publisherPreAuthorizeBeanFindById(1L))
-				.subscriberContext(withUser);
+				.subscriberContext(this.withUser);
 		StepVerifier.create(findById).expectError(AccessDeniedException.class).verify();
 
-		result.assertNoSubscribers();
+		this.result.assertNoSubscribers();
 	}
 
 	@Test
@@ -413,7 +417,7 @@ public class EnableReactiveMethodSecurityTests {
 		when(this.delegate.publisherPostAuthorizeFindById(1L)).thenReturn(publisherJust("user"));
 
 		Publisher<String> findById = Flux.from(this.messageService.publisherPostAuthorizeFindById(1L))
-				.subscriberContext(withUser);
+				.subscriberContext(this.withUser);
 		StepVerifier.create(findById).expectNext("user").verifyComplete();
 	}
 
@@ -422,7 +426,7 @@ public class EnableReactiveMethodSecurityTests {
 		when(this.delegate.publisherPostAuthorizeBeanFindById(1L)).thenReturn(publisherJust("not-authorized"));
 
 		Publisher<String> findById = Flux.from(this.messageService.publisherPostAuthorizeBeanFindById(1L))
-				.subscriberContext(withUser);
+				.subscriberContext(this.withUser);
 		StepVerifier.create(findById).expectError(AccessDeniedException.class).verify();
 	}
 
@@ -431,7 +435,7 @@ public class EnableReactiveMethodSecurityTests {
 		when(this.delegate.publisherPostAuthorizeBeanFindById(2L)).thenReturn(publisherJust("user"));
 
 		Publisher<String> findById = Flux.from(this.messageService.publisherPostAuthorizeBeanFindById(2L))
-				.subscriberContext(withUser);
+				.subscriberContext(this.withUser);
 		StepVerifier.create(findById).expectNext("user").verifyComplete();
 	}
 
@@ -448,7 +452,7 @@ public class EnableReactiveMethodSecurityTests {
 		when(this.delegate.publisherPostAuthorizeBeanFindById(1L)).thenReturn(publisherJust("not-authorized"));
 
 		Publisher<String> findById = Flux.from(this.messageService.publisherPostAuthorizeBeanFindById(1L))
-				.subscriberContext(withUser);
+				.subscriberContext(this.withUser);
 		StepVerifier.create(findById).expectError(AccessDeniedException.class).verify();
 	}
 
@@ -467,7 +471,7 @@ public class EnableReactiveMethodSecurityTests {
 
 		@Bean
 		public DelegatingReactiveMessageService defaultMessageService() {
-			return new DelegatingReactiveMessageService(delegate);
+			return new DelegatingReactiveMessageService(this.delegate);
 		}
 
 		@Bean
diff --git a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/NamespaceGlobalMethodSecurityTests.java b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/NamespaceGlobalMethodSecurityTests.java
index 7655f8c422..8ea847e694 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/NamespaceGlobalMethodSecurityTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/NamespaceGlobalMethodSecurityTests.java
@@ -437,7 +437,7 @@ public class NamespaceGlobalMethodSecurityTests {
 	public void methodSecurityWhenCustomRunAsManagerThenRunAsWrapsAuthentication() {
 		this.spring.register(CustomRunAsManagerConfig.class, MethodSecurityServiceConfig.class).autowire();
 
-		assertThat(service.runAs().getAuthorities())
+		assertThat(this.service.runAs().getAuthorities())
 				.anyMatch(authority -> "ROLE_RUN_AS_SUPER".equals(authority.getAuthority()));
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/sec2758/Sec2758Tests.java b/config/src/test/java/org/springframework/security/config/annotation/sec2758/Sec2758Tests.java
index 208d514d06..9909c8b765 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/sec2758/Sec2758Tests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/sec2758/Sec2758Tests.java
@@ -78,9 +78,9 @@ public class Sec2758Tests {
 
 		this.spring.register(SecurityConfig.class).autowire();
 
-		assertThatCode(() -> service.doJsr250()).doesNotThrowAnyException();
+		assertThatCode(() -> this.service.doJsr250()).doesNotThrowAnyException();
 
-		assertThatCode(() -> service.doPreAuthorize()).doesNotThrowAnyException();
+		assertThatCode(() -> this.service.doPreAuthorize()).doesNotThrowAnyException();
 	}
 
 	@EnableWebSecurity
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/HttpSecurityHeadersTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/HttpSecurityHeadersTests.java
index 70d0f53ed3..8b994a5fb1 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/HttpSecurityHeadersTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/HttpSecurityHeadersTests.java
@@ -60,14 +60,14 @@ public class HttpSecurityHeadersTests {
 
 	@Before
 	public void setup() {
-		mockMvc = MockMvcBuilders.webAppContextSetup(wac).addFilters(springSecurityFilterChain).build();
+		this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).addFilters(this.springSecurityFilterChain).build();
 	}
 
 	// gh-2953
 	// gh-3975
 	@Test
 	public void headerWhenSpringMvcResourceThenCacheRelatedHeadersReset() throws Exception {
-		mockMvc.perform(get("/resources/file.js")).andExpect(status().isOk())
+		this.mockMvc.perform(get("/resources/file.js")).andExpect(status().isOk())
 				.andExpect(header().string(HttpHeaders.CACHE_CONTROL, "max-age=12345"))
 				.andExpect(header().doesNotExist(HttpHeaders.PRAGMA))
 				.andExpect(header().doesNotExist(HttpHeaders.EXPIRES));
@@ -75,7 +75,7 @@ public class HttpSecurityHeadersTests {
 
 	@Test
 	public void headerWhenNotSpringResourceThenCacheRelatedHeadersSet() throws Exception {
-		mockMvc.perform(get("/notresource"))
+		this.mockMvc.perform(get("/notresource"))
 				.andExpect(header().string(HttpHeaders.CACHE_CONTROL, "no-cache, no-store, max-age=0, must-revalidate"))
 				.andExpect(header().string(HttpHeaders.PRAGMA, "no-cache"))
 				.andExpect(header().string(HttpHeaders.EXPIRES, "0"));
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterPowermockTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterPowermockTests.java
index bcebf665c5..a5cf2d3dd9 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterPowermockTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterPowermockTests.java
@@ -72,8 +72,8 @@ public class WebSecurityConfigurerAdapterPowermockTests {
 
 	@After
 	public void close() {
-		if (context != null) {
-			context.close();
+		if (this.context != null) {
+			this.context.close();
 		}
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/AuthenticationPrincipalArgumentResolverTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/AuthenticationPrincipalArgumentResolverTests.java
index c9857bee0c..38cc3b7b58 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/AuthenticationPrincipalArgumentResolverTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/AuthenticationPrincipalArgumentResolverTests.java
@@ -67,7 +67,7 @@ public class AuthenticationPrincipalArgumentResolverTests {
 				new UsernamePasswordAuthenticationToken(user, user.getPassword(), user.getAuthorities()));
 		SecurityContextHolder.setContext(context);
 
-		MockMvc mockMvc = MockMvcBuilders.webAppContextSetup(wac).build();
+		MockMvc mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build();
 
 		mockMvc.perform(get("/users/self")).andExpect(status().isOk()).andExpect(content().string("extracted-user"));
 	}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/EnableWebSecurityTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/EnableWebSecurityTests.java
index e7b4611028..aaa399372f 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/EnableWebSecurityTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/EnableWebSecurityTests.java
@@ -227,7 +227,7 @@ public class EnableWebSecurityTests {
 		}
 
 		public Child getChild() {
-			return child;
+			return this.child;
 		}
 
 	}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebMvcSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebMvcSecurityConfigurationTests.java
index 034933a5b5..227dbc258c 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebMvcSecurityConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebMvcSecurityConfigurationTests.java
@@ -64,10 +64,10 @@ public class WebMvcSecurityConfigurationTests {
 
 	@Before
 	public void setup() {
-		mockMvc = MockMvcBuilders.webAppContextSetup(context).build();
-		authentication = new TestingAuthenticationToken("user", "password",
+		this.mockMvc = MockMvcBuilders.webAppContextSetup(this.context).build();
+		this.authentication = new TestingAuthenticationToken("user", "password",
 				AuthorityUtils.createAuthorityList("ROLE_USER"));
-		SecurityContextHolder.getContext().setAuthentication(authentication);
+		SecurityContextHolder.getContext().setAuthentication(this.authentication);
 	}
 
 	@After
@@ -77,14 +77,15 @@ public class WebMvcSecurityConfigurationTests {
 
 	@Test
 	public void authenticationPrincipalResolved() throws Exception {
-		mockMvc.perform(get("/authentication-principal")).andExpect(assertResult(authentication.getPrincipal()))
+		this.mockMvc.perform(get("/authentication-principal"))
+				.andExpect(assertResult(this.authentication.getPrincipal()))
 				.andExpect(view().name("authentication-principal-view"));
 	}
 
 	@Test
 	public void deprecatedAuthenticationPrincipalResolved() throws Exception {
-		mockMvc.perform(get("/deprecated-authentication-principal"))
-				.andExpect(assertResult(authentication.getPrincipal()))
+		this.mockMvc.perform(get("/deprecated-authentication-principal"))
+				.andExpect(assertResult(this.authentication.getPrincipal()))
 				.andExpect(view().name("deprecated-authentication-principal-view"));
 	}
 
@@ -93,7 +94,7 @@ public class WebMvcSecurityConfigurationTests {
 		CsrfToken csrfToken = new DefaultCsrfToken("headerName", "paramName", "token");
 		MockHttpServletRequestBuilder request = get("/csrf").requestAttr(CsrfToken.class.getName(), csrfToken);
 
-		mockMvc.perform(request).andExpect(assertResult(csrfToken));
+		this.mockMvc.perform(request).andExpect(assertResult(csrfToken));
 	}
 
 	private ResultMatcher assertResult(Object expected) {
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AbstractConfigAttributeRequestMatcherRegistryTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AbstractConfigAttributeRequestMatcherRegistryTests.java
index 2795e62c79..3af3031559 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AbstractConfigAttributeRequestMatcherRegistryTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AbstractConfigAttributeRequestMatcherRegistryTests.java
@@ -35,12 +35,12 @@ public class AbstractConfigAttributeRequestMatcherRegistryTests {
 
 	@Before
 	public void setup() {
-		registry = new ConcreteAbstractRequestMatcherMappingConfigurer();
+		this.registry = new ConcreteAbstractRequestMatcherMappingConfigurer();
 	}
 
 	@Test
 	public void testGetRequestMatcherIsTypeRegexMatcher() {
-		List<RequestMatcher> requestMatchers = registry.regexMatchers(HttpMethod.GET, "/a.*");
+		List<RequestMatcher> requestMatchers = this.registry.regexMatchers(HttpMethod.GET, "/a.*");
 
 		for (RequestMatcher requestMatcher : requestMatchers) {
 			assertThat(requestMatcher).isInstanceOf(RegexRequestMatcher.class);
@@ -49,7 +49,7 @@ public class AbstractConfigAttributeRequestMatcherRegistryTests {
 
 	@Test
 	public void testRequestMatcherIsTypeRegexMatcher() {
-		List<RequestMatcher> requestMatchers = registry.regexMatchers("/a.*");
+		List<RequestMatcher> requestMatchers = this.registry.regexMatchers("/a.*");
 
 		for (RequestMatcher requestMatcher : requestMatchers) {
 			assertThat(requestMatcher).isInstanceOf(RegexRequestMatcher.class);
@@ -58,7 +58,7 @@ public class AbstractConfigAttributeRequestMatcherRegistryTests {
 
 	@Test
 	public void testGetRequestMatcherIsTypeAntPathRequestMatcher() {
-		List<RequestMatcher> requestMatchers = registry.antMatchers(HttpMethod.GET, "/a.*");
+		List<RequestMatcher> requestMatchers = this.registry.antMatchers(HttpMethod.GET, "/a.*");
 
 		for (RequestMatcher requestMatcher : requestMatchers) {
 			assertThat(requestMatcher).isInstanceOf(AntPathRequestMatcher.class);
@@ -67,7 +67,7 @@ public class AbstractConfigAttributeRequestMatcherRegistryTests {
 
 	@Test
 	public void testRequestMatcherIsTypeAntPathRequestMatcher() {
-		List<RequestMatcher> requestMatchers = registry.antMatchers("/a.*");
+		List<RequestMatcher> requestMatchers = this.registry.antMatchers("/a.*");
 
 		for (RequestMatcher requestMatcher : requestMatchers) {
 			assertThat(requestMatcher).isInstanceOf(AntPathRequestMatcher.class);
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ChannelSecurityConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ChannelSecurityConfigurerTests.java
index 4c0396030c..d448f8e3cd 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ChannelSecurityConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ChannelSecurityConfigurerTests.java
@@ -118,7 +118,7 @@ public class ChannelSecurityConfigurerTests {
 	public void requiresChannelWhenInvokesTwiceThenUsesOriginalRequiresSecure() throws Exception {
 		this.spring.register(DuplicateInvocationsDoesNotOverrideConfig.class).autowire();
 
-		mvc.perform(get("/")).andExpect(redirectedUrl("https://localhost/"));
+		this.mvc.perform(get("/")).andExpect(redirectedUrl("https://localhost/"));
 	}
 
 	@EnableWebSecurity
@@ -141,7 +141,7 @@ public class ChannelSecurityConfigurerTests {
 	public void requestWhenRequiresChannelConfiguredInLambdaThenRedirectsToHttps() throws Exception {
 		this.spring.register(RequiresChannelInLambdaConfig.class).autowire();
 
-		mvc.perform(get("/")).andExpect(redirectedUrl("https://localhost/"));
+		this.mvc.perform(get("/")).andExpect(redirectedUrl("https://localhost/"));
 	}
 
 	@EnableWebSecurity
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerNoWebMvcTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerNoWebMvcTests.java
index 2c0107d82e..74e98391d9 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerNoWebMvcTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerNoWebMvcTests.java
@@ -41,8 +41,8 @@ public class CsrfConfigurerNoWebMvcTests {
 
 	@After
 	public void teardown() {
-		if (context != null) {
-			context.close();
+		if (this.context != null) {
+			this.context.close();
 		}
 	}
 
@@ -50,21 +50,21 @@ public class CsrfConfigurerNoWebMvcTests {
 	public void missingDispatcherServletPreventsCsrfRequestDataValueProcessor() {
 		loadContext(EnableWebConfig.class);
 
-		assertThat(context.containsBeanDefinition("requestDataValueProcessor")).isTrue();
+		assertThat(this.context.containsBeanDefinition("requestDataValueProcessor")).isTrue();
 	}
 
 	@Test
 	public void findDispatcherServletPreventsCsrfRequestDataValueProcessor() {
 		loadContext(EnableWebMvcConfig.class);
 
-		assertThat(context.containsBeanDefinition("requestDataValueProcessor")).isTrue();
+		assertThat(this.context.containsBeanDefinition("requestDataValueProcessor")).isTrue();
 	}
 
 	@Test
 	public void overrideCsrfRequestDataValueProcessor() {
 		loadContext(EnableWebOverrideRequestDataConfig.class);
 
-		assertThat(context.getBean(RequestDataValueProcessor.class).getClass())
+		assertThat(this.context.getBean(RequestDataValueProcessor.class).getClass())
 				.isNotEqualTo(CsrfRequestDataValueProcessor.class);
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityAntMatchersTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityAntMatchersTests.java
index 0f19e4ebda..9a68ea4a24 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityAntMatchersTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityAntMatchersTests.java
@@ -55,15 +55,15 @@ public class HttpSecurityAntMatchersTests {
 
 	@Before
 	public void setup() {
-		request = new MockHttpServletRequest("GET", "");
-		response = new MockHttpServletResponse();
-		chain = new MockFilterChain();
+		this.request = new MockHttpServletRequest("GET", "");
+		this.response = new MockHttpServletResponse();
+		this.chain = new MockFilterChain();
 	}
 
 	@After
 	public void cleanup() {
-		if (context != null) {
-			context.close();
+		if (this.context != null) {
+			this.context.close();
 		}
 	}
 
@@ -71,11 +71,11 @@ public class HttpSecurityAntMatchersTests {
 	@Test
 	public void antMatchersMethodAndNoPatterns() throws Exception {
 		loadConfig(AntMatchersNoPatternsConfig.class);
-		request.setMethod("POST");
+		this.request.setMethod("POST");
 
-		springSecurityFilterChain.doFilter(request, response, chain);
+		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
 
-		assertThat(response.getStatus()).isEqualTo(HttpServletResponse.SC_FORBIDDEN);
+		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_FORBIDDEN);
 	}
 
 	@EnableWebSecurity
@@ -107,11 +107,11 @@ public class HttpSecurityAntMatchersTests {
 	@Test
 	public void antMatchersMethodAndEmptyPatterns() throws Exception {
 		loadConfig(AntMatchersEmptyPatternsConfig.class);
-		request.setMethod("POST");
+		this.request.setMethod("POST");
 
-		springSecurityFilterChain.doFilter(request, response, chain);
+		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
 
-		assertThat(response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
+		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
 	}
 
 	@EnableWebSecurity
@@ -141,11 +141,11 @@ public class HttpSecurityAntMatchersTests {
 	}
 
 	public void loadConfig(Class<?>... configs) {
-		context = new AnnotationConfigWebApplicationContext();
-		context.register(configs);
-		context.refresh();
+		this.context = new AnnotationConfigWebApplicationContext();
+		this.context.register(configs);
+		this.context.refresh();
 
-		context.getAutowireCapableBeanFactory().autowireBean(this);
+		this.context.getAutowireCapableBeanFactory().autowireBean(this);
 	}
 
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityLogoutTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityLogoutTests.java
index 3914fccdf2..6b078b4b95 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityLogoutTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityLogoutTests.java
@@ -56,15 +56,15 @@ public class HttpSecurityLogoutTests {
 
 	@Before
 	public void setup() {
-		request = new MockHttpServletRequest("GET", "");
-		response = new MockHttpServletResponse();
-		chain = new MockFilterChain();
+		this.request = new MockHttpServletRequest("GET", "");
+		this.response = new MockHttpServletResponse();
+		this.chain = new MockFilterChain();
 	}
 
 	@After
 	public void cleanup() {
-		if (context != null) {
-			context.close();
+		if (this.context != null) {
+			this.context.close();
 		}
 	}
 
@@ -76,12 +76,12 @@ public class HttpSecurityLogoutTests {
 		SecurityContext currentContext = SecurityContextHolder.createEmptyContext();
 		currentContext.setAuthentication(new TestingAuthenticationToken("user", "password", "ROLE_USER"));
 
-		request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY,
+		this.request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY,
 				currentContext);
-		request.setMethod("POST");
-		request.setServletPath("/logout");
+		this.request.setMethod("POST");
+		this.request.setServletPath("/logout");
 
-		springSecurityFilterChain.doFilter(request, response, chain);
+		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
 
 		assertThat(currentContext.getAuthentication()).isNotNull();
 	}
@@ -110,11 +110,11 @@ public class HttpSecurityLogoutTests {
 	}
 
 	public void loadConfig(Class<?>... configs) {
-		context = new AnnotationConfigWebApplicationContext();
-		context.register(configs);
-		context.refresh();
+		this.context = new AnnotationConfigWebApplicationContext();
+		this.context.register(configs);
+		this.context.refresh();
 
-		context.getAutowireCapableBeanFactory().autowireBean(this);
+		this.context.getAutowireCapableBeanFactory().autowireBean(this);
 	}
 
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityRequestMatchersTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityRequestMatchersTests.java
index c5ea556034..606c164b8e 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityRequestMatchersTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityRequestMatchersTests.java
@@ -102,7 +102,7 @@ public class HttpSecurityRequestMatchersTests {
 	public void mvcMatcherGetFiltersNoUnsupportedMethodExceptionFromDummyRequest() {
 		loadConfig(MvcMatcherConfig.class);
 
-		assertThat(springSecurityFilterChain.getFilters("/path")).isNotEmpty();
+		assertThat(this.springSecurityFilterChain.getFilters("/path")).isNotEmpty();
 	}
 
 	@EnableWebSecurity
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurerTests.java
index 086fb317e3..fe4dcebba8 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurerTests.java
@@ -82,7 +82,7 @@ public class RememberMeConfigurerTests {
 	public void postWhenNoUserDetailsServiceThenException() {
 		this.spring.register(NullUserDetailsConfig.class).autowire();
 
-		assertThatThrownBy(() -> mvc.perform(post("/login").param("username", "user").param("password", "password")
+		assertThatThrownBy(() -> this.mvc.perform(post("/login").param("username", "user").param("password", "password")
 				.param("remember-me", "true").with(csrf()))).hasMessageContaining("UserDetailsService is required");
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerServlet31Tests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerServlet31Tests.java
index 78f60d461e..a200d42087 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerServlet31Tests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerServlet31Tests.java
@@ -68,15 +68,15 @@ public class SessionManagementConfigurerServlet31Tests {
 
 	@Before
 	public void setup() {
-		request = new MockHttpServletRequest("GET", "");
-		response = new MockHttpServletResponse();
-		chain = new MockFilterChain();
+		this.request = new MockHttpServletRequest("GET", "");
+		this.response = new MockHttpServletResponse();
+		this.chain = new MockFilterChain();
 	}
 
 	@After
 	public void teardown() {
-		if (context != null) {
-			context.close();
+		if (this.context != null) {
+			this.context.close();
 		}
 	}
 
@@ -91,13 +91,13 @@ public class SessionManagementConfigurerServlet31Tests {
 		request.setParameter("password", "password");
 		HttpSessionCsrfTokenRepository repository = new HttpSessionCsrfTokenRepository();
 		CsrfToken token = repository.generateToken(request);
-		repository.saveToken(token, request, response);
+		repository.saveToken(token, request, this.response);
 		request.setParameter(token.getParameterName(), token.getToken());
 		request.getSession().setAttribute("attribute1", "value1");
 
 		loadConfig(SessionManagementDefaultSessionFixationServlet31Config.class);
 
-		springSecurityFilterChain.doFilter(request, response, chain);
+		this.springSecurityFilterChain.doFilter(request, this.response, this.chain);
 
 		assertThat(request.getSession().getId()).isNotEqualTo(id);
 		assertThat(request.getSession().getAttribute("attribute1")).isEqualTo("value1");
@@ -137,7 +137,7 @@ public class SessionManagementConfigurerServlet31Tests {
 
 	private void login(Authentication auth) {
 		HttpSessionSecurityContextRepository repo = new HttpSessionSecurityContextRepository();
-		HttpRequestResponseHolder requestResponseHolder = new HttpRequestResponseHolder(request, response);
+		HttpRequestResponseHolder requestResponseHolder = new HttpRequestResponseHolder(this.request, this.response);
 		repo.loadContext(requestResponseHolder);
 
 		SecurityContextImpl securityContextImpl = new SecurityContextImpl();
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistryTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistryTests.java
index ebb58a950a..76fd74d14b 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistryTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistryTests.java
@@ -47,8 +47,9 @@ public class MessageSecurityMetadataSourceRegistryTests {
 
 	@Before
 	public void setup() {
-		messages = new MessageSecurityMetadataSourceRegistry();
-		message = MessageBuilder.withPayload("Hi").setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "location")
+		this.messages = new MessageSecurityMetadataSourceRegistry();
+		this.message = MessageBuilder.withPayload("Hi")
+				.setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "location")
 				.setHeader(SimpMessageHeaderAccessor.MESSAGE_TYPE_HEADER, SimpMessageType.MESSAGE).build();
 	}
 
@@ -57,85 +58,85 @@ public class MessageSecurityMetadataSourceRegistryTests {
 	// https://jira.spring.io/browse/SPR-11660
 	@Test
 	public void simpDestMatchersCustom() {
-		message = MessageBuilder.withPayload("Hi")
+		this.message = MessageBuilder.withPayload("Hi")
 				.setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "price.stock.1.2").build();
-		messages.simpDestPathMatcher(new AntPathMatcher(".")).simpDestMatchers("price.stock.*").permitAll();
+		this.messages.simpDestPathMatcher(new AntPathMatcher(".")).simpDestMatchers("price.stock.*").permitAll();
 
 		assertThat(getAttribute()).isNull();
 
-		message = MessageBuilder.withPayload("Hi")
+		this.message = MessageBuilder.withPayload("Hi")
 				.setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "price.stock.1.2").build();
-		messages.simpDestPathMatcher(new AntPathMatcher(".")).simpDestMatchers("price.stock.**").permitAll();
+		this.messages.simpDestPathMatcher(new AntPathMatcher(".")).simpDestMatchers("price.stock.**").permitAll();
 
 		assertThat(getAttribute()).isEqualTo("permitAll");
 	}
 
 	@Test
 	public void simpDestMatchersCustomSetAfterMatchersDoesNotMatter() {
-		message = MessageBuilder.withPayload("Hi")
+		this.message = MessageBuilder.withPayload("Hi")
 				.setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "price.stock.1.2").build();
-		messages.simpDestMatchers("price.stock.*").permitAll().simpDestPathMatcher(new AntPathMatcher("."));
+		this.messages.simpDestMatchers("price.stock.*").permitAll().simpDestPathMatcher(new AntPathMatcher("."));
 
 		assertThat(getAttribute()).isNull();
 
-		message = MessageBuilder.withPayload("Hi")
+		this.message = MessageBuilder.withPayload("Hi")
 				.setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "price.stock.1.2").build();
-		messages.simpDestMatchers("price.stock.**").permitAll().simpDestPathMatcher(new AntPathMatcher("."));
+		this.messages.simpDestMatchers("price.stock.**").permitAll().simpDestPathMatcher(new AntPathMatcher("."));
 
 		assertThat(getAttribute()).isEqualTo("permitAll");
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void pathMatcherNull() {
-		messages.simpDestPathMatcher(null);
+		this.messages.simpDestPathMatcher(null);
 	}
 
 	@Test
 	public void matchersFalse() {
-		messages.matchers(matcher).permitAll();
+		this.messages.matchers(this.matcher).permitAll();
 
 		assertThat(getAttribute()).isNull();
 	}
 
 	@Test
 	public void matchersTrue() {
-		when(matcher.matches(message)).thenReturn(true);
-		messages.matchers(matcher).permitAll();
+		when(this.matcher.matches(this.message)).thenReturn(true);
+		this.messages.matchers(this.matcher).permitAll();
 
 		assertThat(getAttribute()).isEqualTo("permitAll");
 	}
 
 	@Test
 	public void simpDestMatchersExact() {
-		messages.simpDestMatchers("location").permitAll();
+		this.messages.simpDestMatchers("location").permitAll();
 
 		assertThat(getAttribute()).isEqualTo("permitAll");
 	}
 
 	@Test
 	public void simpDestMatchersMulti() {
-		messages.simpDestMatchers("admin/**", "api/**").hasRole("ADMIN").simpDestMatchers("location").permitAll();
+		this.messages.simpDestMatchers("admin/**", "api/**").hasRole("ADMIN").simpDestMatchers("location").permitAll();
 
 		assertThat(getAttribute()).isEqualTo("permitAll");
 	}
 
 	@Test
 	public void simpDestMatchersRole() {
-		messages.simpDestMatchers("admin/**", "location/**").hasRole("ADMIN").anyMessage().denyAll();
+		this.messages.simpDestMatchers("admin/**", "location/**").hasRole("ADMIN").anyMessage().denyAll();
 
 		assertThat(getAttribute()).isEqualTo("hasRole('ROLE_ADMIN')");
 	}
 
 	@Test
 	public void simpDestMatchersAnyRole() {
-		messages.simpDestMatchers("admin/**", "location/**").hasAnyRole("ADMIN", "ROOT").anyMessage().denyAll();
+		this.messages.simpDestMatchers("admin/**", "location/**").hasAnyRole("ADMIN", "ROOT").anyMessage().denyAll();
 
 		assertThat(getAttribute()).isEqualTo("hasAnyRole('ROLE_ADMIN','ROLE_ROOT')");
 	}
 
 	@Test
 	public void simpDestMatchersAuthority() {
-		messages.simpDestMatchers("admin/**", "location/**").hasAuthority("ROLE_ADMIN").anyMessage()
+		this.messages.simpDestMatchers("admin/**", "location/**").hasAuthority("ROLE_ADMIN").anyMessage()
 				.fullyAuthenticated();
 
 		assertThat(getAttribute()).isEqualTo("hasAuthority('ROLE_ADMIN')");
@@ -144,127 +145,128 @@ public class MessageSecurityMetadataSourceRegistryTests {
 	@Test
 	public void simpDestMatchersAccess() {
 		String expected = "hasRole('ROLE_ADMIN') and fullyAuthenticated";
-		messages.simpDestMatchers("admin/**", "location/**").access(expected).anyMessage().denyAll();
+		this.messages.simpDestMatchers("admin/**", "location/**").access(expected).anyMessage().denyAll();
 
 		assertThat(getAttribute()).isEqualTo(expected);
 	}
 
 	@Test
 	public void simpDestMatchersAnyAuthority() {
-		messages.simpDestMatchers("admin/**", "location/**").hasAnyAuthority("ROLE_ADMIN", "ROLE_ROOT").anyMessage()
-				.denyAll();
+		this.messages.simpDestMatchers("admin/**", "location/**").hasAnyAuthority("ROLE_ADMIN", "ROLE_ROOT")
+				.anyMessage().denyAll();
 
 		assertThat(getAttribute()).isEqualTo("hasAnyAuthority('ROLE_ADMIN','ROLE_ROOT')");
 	}
 
 	@Test
 	public void simpDestMatchersRememberMe() {
-		messages.simpDestMatchers("admin/**", "location/**").rememberMe().anyMessage().denyAll();
+		this.messages.simpDestMatchers("admin/**", "location/**").rememberMe().anyMessage().denyAll();
 
 		assertThat(getAttribute()).isEqualTo("rememberMe");
 	}
 
 	@Test
 	public void simpDestMatchersAnonymous() {
-		messages.simpDestMatchers("admin/**", "location/**").anonymous().anyMessage().denyAll();
+		this.messages.simpDestMatchers("admin/**", "location/**").anonymous().anyMessage().denyAll();
 
 		assertThat(getAttribute()).isEqualTo("anonymous");
 	}
 
 	@Test
 	public void simpDestMatchersFullyAuthenticated() {
-		messages.simpDestMatchers("admin/**", "location/**").fullyAuthenticated().anyMessage().denyAll();
+		this.messages.simpDestMatchers("admin/**", "location/**").fullyAuthenticated().anyMessage().denyAll();
 
 		assertThat(getAttribute()).isEqualTo("fullyAuthenticated");
 	}
 
 	@Test
 	public void simpDestMatchersDenyAll() {
-		messages.simpDestMatchers("admin/**", "location/**").denyAll().anyMessage().permitAll();
+		this.messages.simpDestMatchers("admin/**", "location/**").denyAll().anyMessage().permitAll();
 
 		assertThat(getAttribute()).isEqualTo("denyAll");
 	}
 
 	@Test
 	public void simpDestMessageMatchersNotMatch() {
-		messages.simpMessageDestMatchers("admin/**").denyAll().anyMessage().permitAll();
+		this.messages.simpMessageDestMatchers("admin/**").denyAll().anyMessage().permitAll();
 
 		assertThat(getAttribute()).isEqualTo("permitAll");
 	}
 
 	@Test
 	public void simpDestMessageMatchersMatch() {
-		messages.simpMessageDestMatchers("location/**").denyAll().anyMessage().permitAll();
+		this.messages.simpMessageDestMatchers("location/**").denyAll().anyMessage().permitAll();
 
 		assertThat(getAttribute()).isEqualTo("denyAll");
 	}
 
 	@Test
 	public void simpDestSubscribeMatchersNotMatch() {
-		messages.simpSubscribeDestMatchers("location/**").denyAll().anyMessage().permitAll();
+		this.messages.simpSubscribeDestMatchers("location/**").denyAll().anyMessage().permitAll();
 
 		assertThat(getAttribute()).isEqualTo("permitAll");
 	}
 
 	@Test
 	public void simpDestSubscribeMatchersMatch() {
-		message = MessageBuilder.fromMessage(message)
+		this.message = MessageBuilder.fromMessage(this.message)
 				.setHeader(SimpMessageHeaderAccessor.MESSAGE_TYPE_HEADER, SimpMessageType.SUBSCRIBE).build();
 
-		messages.simpSubscribeDestMatchers("location/**").denyAll().anyMessage().permitAll();
+		this.messages.simpSubscribeDestMatchers("location/**").denyAll().anyMessage().permitAll();
 
 		assertThat(getAttribute()).isEqualTo("denyAll");
 	}
 
 	@Test
 	public void nullDestMatcherNotMatches() {
-		messages.nullDestMatcher().denyAll().anyMessage().permitAll();
+		this.messages.nullDestMatcher().denyAll().anyMessage().permitAll();
 
 		assertThat(getAttribute()).isEqualTo("permitAll");
 	}
 
 	@Test
 	public void nullDestMatcherMatch() {
-		message = MessageBuilder.withPayload("Hi")
+		this.message = MessageBuilder.withPayload("Hi")
 				.setHeader(SimpMessageHeaderAccessor.MESSAGE_TYPE_HEADER, SimpMessageType.CONNECT).build();
 
-		messages.nullDestMatcher().denyAll().anyMessage().permitAll();
+		this.messages.nullDestMatcher().denyAll().anyMessage().permitAll();
 
 		assertThat(getAttribute()).isEqualTo("denyAll");
 	}
 
 	@Test
 	public void simpTypeMatchersMatch() {
-		messages.simpTypeMatchers(SimpMessageType.MESSAGE).denyAll().anyMessage().permitAll();
+		this.messages.simpTypeMatchers(SimpMessageType.MESSAGE).denyAll().anyMessage().permitAll();
 
 		assertThat(getAttribute()).isEqualTo("denyAll");
 	}
 
 	@Test
 	public void simpTypeMatchersMatchMulti() {
-		messages.simpTypeMatchers(SimpMessageType.CONNECT, SimpMessageType.MESSAGE).denyAll().anyMessage().permitAll();
+		this.messages.simpTypeMatchers(SimpMessageType.CONNECT, SimpMessageType.MESSAGE).denyAll().anyMessage()
+				.permitAll();
 
 		assertThat(getAttribute()).isEqualTo("denyAll");
 	}
 
 	@Test
 	public void simpTypeMatchersNotMatch() {
-		messages.simpTypeMatchers(SimpMessageType.CONNECT).denyAll().anyMessage().permitAll();
+		this.messages.simpTypeMatchers(SimpMessageType.CONNECT).denyAll().anyMessage().permitAll();
 
 		assertThat(getAttribute()).isEqualTo("permitAll");
 	}
 
 	@Test
 	public void simpTypeMatchersNotMatchMulti() {
-		messages.simpTypeMatchers(SimpMessageType.CONNECT, SimpMessageType.DISCONNECT).denyAll().anyMessage()
+		this.messages.simpTypeMatchers(SimpMessageType.CONNECT, SimpMessageType.DISCONNECT).denyAll().anyMessage()
 				.permitAll();
 
 		assertThat(getAttribute()).isEqualTo("permitAll");
 	}
 
 	private String getAttribute() {
-		MessageSecurityMetadataSource source = messages.createMetadataSource();
-		Collection<ConfigAttribute> attrs = source.getAttributes(message);
+		MessageSecurityMetadataSource source = this.messages.createMetadataSource();
+		Collection<ConfigAttribute> attrs = source.getAttributes(this.message);
 		if (attrs == null) {
 			return null;
 		}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurityTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurityTests.java
index 46b00019d2..5f01efd285 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurityTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurityTests.java
@@ -381,7 +381,7 @@ public class EnableWebFluxSecurityTests {
 		}
 
 		public Child getChild() {
-			return child;
+			return this.child;
 		}
 
 	}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerDocTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerDocTests.java
index 9069f21133..89d07f6259 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerDocTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerDocTests.java
@@ -61,15 +61,15 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerDocTests {
 
 	@Before
 	public void setup() {
-		token = new DefaultCsrfToken("header", "param", "token");
-		sessionAttr = "sessionAttr";
-		messageUser = new TestingAuthenticationToken("user", "pass", "ROLE_USER");
+		this.token = new DefaultCsrfToken("header", "param", "token");
+		this.sessionAttr = "sessionAttr";
+		this.messageUser = new TestingAuthenticationToken("user", "pass", "ROLE_USER");
 	}
 
 	@After
 	public void cleanup() {
-		if (context != null) {
-			context.close();
+		if (this.context != null) {
+			this.context.close();
 		}
 	}
 
@@ -89,15 +89,15 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerDocTests {
 	}
 
 	private void loadConfig(Class<?>... configs) {
-		context = new AnnotationConfigWebApplicationContext();
-		context.register(configs);
-		context.register(WebSocketConfig.class, SyncExecutorConfig.class);
-		context.setServletConfig(new MockServletConfig());
-		context.refresh();
+		this.context = new AnnotationConfigWebApplicationContext();
+		this.context.register(configs);
+		this.context.register(WebSocketConfig.class, SyncExecutorConfig.class);
+		this.context.setServletConfig(new MockServletConfig());
+		this.context.refresh();
 	}
 
 	private MessageChannel clientInboundChannel() {
-		return context.getBean("clientInboundChannel", MessageChannel.class);
+		return this.context.getBean("clientInboundChannel", MessageChannel.class);
 	}
 
 	private Message<String> message(String destination, SimpMessageType type) {
@@ -111,8 +111,8 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerDocTests {
 		if (destination != null) {
 			headers.setDestination(destination);
 		}
-		if (messageUser != null) {
-			headers.setUser(messageUser);
+		if (this.messageUser != null) {
+			headers.setUser(this.messageUser);
 		}
 		return new GenericMessage<>("hi", headers.getMessageHeaders());
 	}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerTests.java
index 73217c0a3b..e9fac39e07 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerTests.java
@@ -91,15 +91,15 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
 
 	@Before
 	public void setup() {
-		token = new DefaultCsrfToken("header", "param", "token");
-		sessionAttr = "sessionAttr";
-		messageUser = new TestingAuthenticationToken("user", "pass", "ROLE_USER");
+		this.token = new DefaultCsrfToken("header", "param", "token");
+		this.sessionAttr = "sessionAttr";
+		this.messageUser = new TestingAuthenticationToken("user", "pass", "ROLE_USER");
 	}
 
 	@After
 	public void cleanup() {
-		if (context != null) {
-			context.close();
+		if (this.context != null) {
+			this.context.close();
 		}
 	}
 
@@ -122,7 +122,7 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
 	public void annonymousSupported() {
 		loadConfig(SockJsSecurityConfig.class);
 
-		messageUser = null;
+		this.messageUser = null;
 		clientInboundChannel().send(message("/permitAll"));
 	}
 
@@ -131,7 +131,7 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
 	public void beanResolver() {
 		loadConfig(SockJsSecurityConfig.class);
 
-		messageUser = null;
+		this.messageUser = null;
 		clientInboundChannel().send(message("/beanResolver"));
 	}
 
@@ -143,8 +143,8 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
 		Message<String> message = message("/permitAll/authentication");
 		messageChannel.send(message);
 
-		assertThat(context.getBean(MyController.class).authenticationPrincipal)
-				.isEqualTo((String) messageUser.getPrincipal());
+		assertThat(this.context.getBean(MyController.class).authenticationPrincipal)
+				.isEqualTo((String) this.messageUser.getPrincipal());
 	}
 
 	@Test
@@ -155,8 +155,8 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
 		Message<String> message = message("/permitAll/authentication");
 		messageChannel.send(message);
 
-		assertThat(context.getBean(MyController.class).authenticationPrincipal)
-				.isEqualTo((String) messageUser.getPrincipal());
+		assertThat(this.context.getBean(MyController.class).authenticationPrincipal)
+				.isEqualTo((String) this.messageUser.getPrincipal());
 	}
 
 	@Test
@@ -209,7 +209,7 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
 		loadConfig(SockJsProxylessSecurityConfig.class);
 
 		MessageChannel messageChannel = clientInboundChannel();
-		CsrfChannelInterceptor csrfChannelInterceptor = context.getBean(CsrfChannelInterceptor.class);
+		CsrfChannelInterceptor csrfChannelInterceptor = this.context.getBean(CsrfChannelInterceptor.class);
 
 		assertThat(((AbstractMessageChannel) messageChannel).getInterceptors()).contains(csrfChannelInterceptor);
 	}
@@ -432,8 +432,8 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
 
 		loadConfig(SockJsProxylessSecurityConfig.class);
 
-		ChannelSecurityInterceptor channelSecurityInterceptor = context.getBean(ChannelSecurityInterceptor.class);
-		MessageSecurityMetadataSource messageSecurityMetadataSource = context
+		ChannelSecurityInterceptor channelSecurityInterceptor = this.context.getBean(ChannelSecurityInterceptor.class);
+		MessageSecurityMetadataSource messageSecurityMetadataSource = this.context
 				.getBean(MessageSecurityMetadataSource.class);
 
 		assertThat(channelSecurityInterceptor.obtainSecurityMetadataSource()).isSameAs(messageSecurityMetadataSource);
@@ -444,7 +444,7 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
 		loadConfig(SockJsProxylessSecurityConfig.class);
 
 		MessageChannel messageChannel = clientInboundChannel();
-		SecurityContextChannelInterceptor securityContextChannelInterceptor = context
+		SecurityContextChannelInterceptor securityContextChannelInterceptor = this.context
 				.getBean(SecurityContextChannelInterceptor.class);
 
 		assertThat(((AbstractMessageChannel) messageChannel).getInterceptors())
@@ -456,7 +456,7 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
 		loadConfig(SockJsProxylessSecurityConfig.class);
 
 		MessageChannel messageChannel = clientInboundChannel();
-		ChannelSecurityInterceptor inboundChannelSecurity = context.getBean(ChannelSecurityInterceptor.class);
+		ChannelSecurityInterceptor inboundChannelSecurity = this.context.getBean(ChannelSecurityInterceptor.class);
 
 		assertThat(((AbstractMessageChannel) messageChannel).getInterceptors()).contains(inboundChannelSecurity);
 	}
@@ -512,14 +512,14 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
 	}
 
 	private void assertHandshake(HttpServletRequest request) {
-		TestHandshakeHandler handshakeHandler = context.getBean(TestHandshakeHandler.class);
-		assertThat(handshakeHandler.attributes.get(CsrfToken.class.getName())).isSameAs(token);
-		assertThat(handshakeHandler.attributes.get(sessionAttr))
-				.isEqualTo(request.getSession().getAttribute(sessionAttr));
+		TestHandshakeHandler handshakeHandler = this.context.getBean(TestHandshakeHandler.class);
+		assertThat(handshakeHandler.attributes.get(CsrfToken.class.getName())).isSameAs(this.token);
+		assertThat(handshakeHandler.attributes.get(this.sessionAttr))
+				.isEqualTo(request.getSession().getAttribute(this.sessionAttr));
 	}
 
 	private HttpRequestHandler handler(HttpServletRequest request) throws Exception {
-		HandlerMapping handlerMapping = context.getBean(HandlerMapping.class);
+		HandlerMapping handlerMapping = this.context.getBean(HandlerMapping.class);
 		return (HttpRequestHandler) handlerMapping.getHandler(request).getHandler();
 	}
 
@@ -534,9 +534,9 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
 		request.setMethod("GET");
 		request.setAttribute(HandlerMapping.PATH_WITHIN_HANDLER_MAPPING_ATTRIBUTE, "/289/tpyx6mde/websocket");
 		request.setRequestURI(mapping + "/289/tpyx6mde/websocket");
-		request.getSession().setAttribute(sessionAttr, "sessionValue");
+		request.getSession().setAttribute(this.sessionAttr, "sessionValue");
 
-		request.setAttribute(CsrfToken.class.getName(), token);
+		request.setAttribute(CsrfToken.class.getName(), this.token);
 		return request;
 	}
 
@@ -551,21 +551,21 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
 		if (destination != null) {
 			headers.setDestination(destination);
 		}
-		if (messageUser != null) {
-			headers.setUser(messageUser);
+		if (this.messageUser != null) {
+			headers.setUser(this.messageUser);
 		}
 		return new GenericMessage<>("hi", headers.getMessageHeaders());
 	}
 
 	private MessageChannel clientInboundChannel() {
-		return context.getBean("clientInboundChannel", MessageChannel.class);
+		return this.context.getBean("clientInboundChannel", MessageChannel.class);
 	}
 
 	private void loadConfig(Class<?>... configs) {
-		context = new AnnotationConfigWebApplicationContext();
-		context.register(configs);
-		context.setServletConfig(new MockServletConfig());
-		context.refresh();
+		this.context = new AnnotationConfigWebApplicationContext();
+		this.context.register(configs);
+		this.context.setServletConfig(new MockServletConfig());
+		this.context.refresh();
 	}
 
 	@Controller
@@ -674,8 +674,8 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
 			private boolean check;
 
 			public boolean check() {
-				check = !check;
-				return check;
+				this.check = !this.check;
+				return this.check;
 			}
 
 		}
@@ -755,8 +755,8 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
 		private ApplicationContext context;
 
 		public void registerStompEndpoints(StompEndpointRegistry registry) {
-			registry.addEndpoint("/chat").setHandshakeHandler(context.getBean(TestHandshakeHandler.class)).withSockJS()
-					.setInterceptors(new HttpSessionHandshakeInterceptor());
+			registry.addEndpoint("/chat").setHandshakeHandler(this.context.getBean(TestHandshakeHandler.class))
+					.withSockJS().setInterceptors(new HttpSessionHandshakeInterceptor());
 		}
 
 		@Autowired
diff --git a/config/src/test/java/org/springframework/security/config/authentication/AuthenticationProviderBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/authentication/AuthenticationProviderBeanDefinitionParserTests.java
index b90ce679d7..7fc1d471b1 100644
--- a/config/src/test/java/org/springframework/security/config/authentication/AuthenticationProviderBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/authentication/AuthenticationProviderBeanDefinitionParserTests.java
@@ -43,8 +43,8 @@ public class AuthenticationProviderBeanDefinitionParserTests {
 
 	@After
 	public void closeAppContext() {
-		if (appContext != null) {
-			appContext.close();
+		if (this.appContext != null) {
+			this.appContext.close();
 		}
 	}
 
@@ -53,17 +53,17 @@ public class AuthenticationProviderBeanDefinitionParserTests {
 		setContext(" <authentication-provider>" + "        <user-service>"
 				+ "            <user name='bob' password='{noop}bobspassword' authorities='ROLE_A' />"
 				+ "        </user-service>" + "    </authentication-provider>");
-		getProvider().authenticate(bob);
+		getProvider().authenticate(this.bob);
 	}
 
 	@Test
 	public void externalUserServiceRefWorks() {
-		appContext = new InMemoryXmlApplicationContext(
+		this.appContext = new InMemoryXmlApplicationContext(
 				"    <authentication-manager>" + "        <authentication-provider user-service-ref='myUserService' />"
 						+ "    </authentication-manager>" + "    <user-service id='myUserService'>"
 						+ "       <user name='bob' password='{noop}bobspassword' authorities='ROLE_A' />"
 						+ "    </user-service>");
-		getProvider().authenticate(bob);
+		getProvider().authenticate(this.bob);
 	}
 
 	@Test
@@ -72,35 +72,35 @@ public class AuthenticationProviderBeanDefinitionParserTests {
 				+ "            <user name='bob' password='$2a$05$dRmjl1T05J7rvCPD2NgsHesCEJHww3pdmesUhjM3PD4m/gaEYyx/G' authorities='ROLE_A' />"
 				+ "        </user-service>" + "    </authentication-provider>");
 
-		getProvider().authenticate(bob);
+		getProvider().authenticate(this.bob);
 	}
 
 	@Test
 	public void providerWithMd5PasswordEncoderWorks() {
-		appContext = new InMemoryXmlApplicationContext(" <authentication-manager>" + " <authentication-provider>"
+		this.appContext = new InMemoryXmlApplicationContext(" <authentication-manager>" + " <authentication-provider>"
 				+ "        <password-encoder ref='passwordEncoder'/>" + "        <user-service>"
 				+ "            <user name='bob' password='12b141f35d58b8b3a46eea65e6ac179e' authorities='ROLE_A' />"
 				+ "        </user-service>" + "    </authentication-provider>" + " </authentication-manager>"
 				+ " <b:bean id='passwordEncoder'  class='" + MessageDigestPasswordEncoder.class.getName() + "'>"
 				+ "     <b:constructor-arg value='MD5'/>" + " </b:bean>");
 
-		getProvider().authenticate(bob);
+		getProvider().authenticate(this.bob);
 	}
 
 	@Test
 	public void providerWithShaPasswordEncoderWorks() {
-		appContext = new InMemoryXmlApplicationContext(" <authentication-manager>" + " <authentication-provider>"
+		this.appContext = new InMemoryXmlApplicationContext(" <authentication-manager>" + " <authentication-provider>"
 				+ "        <password-encoder ref='passwordEncoder'/>" + "        <user-service>"
 				+ "            <user name='bob' password='{SSHA}PpuEwfdj7M1rs0C2W4ssSM2XEN/Y6S5U' authorities='ROLE_A' />"
 				+ "        </user-service>" + "    </authentication-provider>" + " </authentication-manager>"
 				+ " <b:bean id='passwordEncoder'  class='" + LdapShaPasswordEncoder.class.getName() + "'/>");
 
-		getProvider().authenticate(bob);
+		getProvider().authenticate(this.bob);
 	}
 
 	@Test
 	public void passwordIsBase64EncodedWhenBase64IsEnabled() {
-		appContext = new InMemoryXmlApplicationContext(" <authentication-manager>" + " <authentication-provider>"
+		this.appContext = new InMemoryXmlApplicationContext(" <authentication-manager>" + " <authentication-provider>"
 				+ "        <password-encoder ref='passwordEncoder'/>" + "        <user-service>"
 				+ "            <user name='bob' password='ErFB811YuLOkbupl5qwXng==' authorities='ROLE_A' />"
 				+ "        </user-service>" + "    </authentication-provider>" + " </authentication-manager>"
@@ -108,13 +108,13 @@ public class AuthenticationProviderBeanDefinitionParserTests {
 				+ "     <b:constructor-arg value='MD5'/>" + "     <b:property name='encodeHashAsBase64' value='true'/>"
 				+ " </b:bean>");
 
-		getProvider().authenticate(bob);
+		getProvider().authenticate(this.bob);
 	}
 
 	// SEC-1466
 	@Test(expected = BeanDefinitionParsingException.class)
 	public void exernalProviderDoesNotSupportChildElements() {
-		appContext = new InMemoryXmlApplicationContext("    <authentication-manager>"
+		this.appContext = new InMemoryXmlApplicationContext("    <authentication-manager>"
 				+ "      <authentication-provider ref='aProvider'> "
 				+ "        <password-encoder ref='customPasswordEncoder'/>" + "      </authentication-provider>"
 				+ "    </authentication-manager>"
@@ -124,14 +124,14 @@ public class AuthenticationProviderBeanDefinitionParserTests {
 	}
 
 	private AuthenticationProvider getProvider() {
-		List<AuthenticationProvider> providers = ((ProviderManager) appContext.getBean(BeanIds.AUTHENTICATION_MANAGER))
-				.getProviders();
+		List<AuthenticationProvider> providers = ((ProviderManager) this.appContext
+				.getBean(BeanIds.AUTHENTICATION_MANAGER)).getProviders();
 
 		return providers.get(0);
 	}
 
 	private void setContext(String context) {
-		appContext = new InMemoryXmlApplicationContext(
+		this.appContext = new InMemoryXmlApplicationContext(
 				"<authentication-manager>" + context + "</authentication-manager>");
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/authentication/JdbcUserServiceBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/authentication/JdbcUserServiceBeanDefinitionParserTests.java
index 5248bd9f32..66835a6e4a 100644
--- a/config/src/test/java/org/springframework/security/config/authentication/JdbcUserServiceBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/authentication/JdbcUserServiceBeanDefinitionParserTests.java
@@ -53,8 +53,8 @@ public class JdbcUserServiceBeanDefinitionParserTests {
 
 	@After
 	public void closeAppContext() {
-		if (appContext != null) {
-			appContext.close();
+		if (this.appContext != null) {
+			this.appContext.close();
 		}
 	}
 
@@ -67,14 +67,14 @@ public class JdbcUserServiceBeanDefinitionParserTests {
 	@Test
 	public void validUsernameIsFound() {
 		setContext("<jdbc-user-service data-source-ref='dataSource'/>" + DATA_SOURCE);
-		JdbcUserDetailsManager mgr = (JdbcUserDetailsManager) appContext.getBean(BeanIds.USER_DETAILS_SERVICE);
+		JdbcUserDetailsManager mgr = (JdbcUserDetailsManager) this.appContext.getBean(BeanIds.USER_DETAILS_SERVICE);
 		assertThat(mgr.loadUserByUsername("rod")).isNotNull();
 	}
 
 	@Test
 	public void beanIdIsParsedCorrectly() {
 		setContext("<jdbc-user-service id='myUserService' data-source-ref='dataSource'/>" + DATA_SOURCE);
-		assertThat(appContext.getBean("myUserService") instanceof JdbcUserDetailsManager).isTrue();
+		assertThat(this.appContext.getBean("myUserService") instanceof JdbcUserDetailsManager).isTrue();
 	}
 
 	@Test
@@ -84,7 +84,7 @@ public class JdbcUserServiceBeanDefinitionParserTests {
 		setContext("<jdbc-user-service id='myUserService' " + "data-source-ref='dataSource' "
 				+ "users-by-username-query='" + userQuery + "' " + "authorities-by-username-query='" + authoritiesQuery
 				+ "'/>" + DATA_SOURCE);
-		JdbcUserDetailsManager mgr = (JdbcUserDetailsManager) appContext.getBean("myUserService");
+		JdbcUserDetailsManager mgr = (JdbcUserDetailsManager) this.appContext.getBean("myUserService");
 		assertThat(FieldUtils.getFieldValue(mgr, "usersByUsernameQuery")).isEqualTo(userQuery);
 		assertThat(FieldUtils.getFieldValue(mgr, "authoritiesByUsernameQuery")).isEqualTo(authoritiesQuery);
 		assertThat(mgr.loadUserByUsername("rod") != null).isTrue();
@@ -94,7 +94,7 @@ public class JdbcUserServiceBeanDefinitionParserTests {
 	public void groupQueryIsParsedCorrectly() throws Exception {
 		setContext("<jdbc-user-service id='myUserService' " + "data-source-ref='dataSource' "
 				+ "group-authorities-by-username-query='blah blah'/>" + DATA_SOURCE);
-		JdbcUserDetailsManager mgr = (JdbcUserDetailsManager) appContext.getBean("myUserService");
+		JdbcUserDetailsManager mgr = (JdbcUserDetailsManager) this.appContext.getBean("myUserService");
 		assertThat(FieldUtils.getFieldValue(mgr, "groupAuthoritiesByUsernameQuery")).isEqualTo("blah blah");
 		assertThat((Boolean) FieldUtils.getFieldValue(mgr, "enableGroups")).isTrue();
 	}
@@ -103,9 +103,9 @@ public class JdbcUserServiceBeanDefinitionParserTests {
 	public void cacheRefIsparsedCorrectly() {
 		setContext("<jdbc-user-service id='myUserService' cache-ref='userCache' data-source-ref='dataSource'/>"
 				+ DATA_SOURCE + USER_CACHE_XML);
-		CachingUserDetailsService cachingUserService = (CachingUserDetailsService) appContext
+		CachingUserDetailsService cachingUserService = (CachingUserDetailsService) this.appContext
 				.getBean("myUserService" + AbstractUserDetailsServiceBeanDefinitionParser.CACHING_SUFFIX);
-		assertThat(appContext.getBean("userCache")).isSameAs(cachingUserService.getUserCache());
+		assertThat(this.appContext.getBean("userCache")).isSameAs(cachingUserService.getUserCache());
 		assertThat(cachingUserService.loadUserByUsername("rod")).isNotNull();
 		assertThat(cachingUserService.loadUserByUsername("rod")).isNotNull();
 	}
@@ -115,7 +115,7 @@ public class JdbcUserServiceBeanDefinitionParserTests {
 		setContext("<authentication-manager>" + "  <authentication-provider>"
 				+ "    <jdbc-user-service data-source-ref='dataSource'/>" + "  </authentication-provider>"
 				+ "</authentication-manager>" + DATA_SOURCE);
-		AuthenticationManager mgr = (AuthenticationManager) appContext.getBean(BeanIds.AUTHENTICATION_MANAGER);
+		AuthenticationManager mgr = (AuthenticationManager) this.appContext.getBean(BeanIds.AUTHENTICATION_MANAGER);
 		mgr.authenticate(new UsernamePasswordAuthenticationToken("rod", "koala"));
 	}
 
@@ -124,9 +124,9 @@ public class JdbcUserServiceBeanDefinitionParserTests {
 		setContext("<authentication-manager>" + "  <authentication-provider>"
 				+ "    <jdbc-user-service cache-ref='userCache' data-source-ref='dataSource'/>"
 				+ "  </authentication-provider>" + "</authentication-manager>" + DATA_SOURCE + USER_CACHE_XML);
-		ProviderManager mgr = (ProviderManager) appContext.getBean(BeanIds.AUTHENTICATION_MANAGER);
+		ProviderManager mgr = (ProviderManager) this.appContext.getBean(BeanIds.AUTHENTICATION_MANAGER);
 		DaoAuthenticationProvider provider = (DaoAuthenticationProvider) mgr.getProviders().get(0);
-		assertThat(appContext.getBean("userCache")).isSameAs(provider.getUserCache());
+		assertThat(this.appContext.getBean("userCache")).isSameAs(provider.getUserCache());
 		provider.authenticate(new UsernamePasswordAuthenticationToken("rod", "koala"));
 		assertThat(provider.getUserCache().getUserFromCache("rod")).isNotNull()
 				.withFailMessage("Cache should contain user after authentication");
@@ -136,13 +136,13 @@ public class JdbcUserServiceBeanDefinitionParserTests {
 	public void rolePrefixIsUsedWhenSet() {
 		setContext("<jdbc-user-service id='myUserService' role-prefix='PREFIX_' data-source-ref='dataSource'/>"
 				+ DATA_SOURCE);
-		JdbcUserDetailsManager mgr = (JdbcUserDetailsManager) appContext.getBean("myUserService");
+		JdbcUserDetailsManager mgr = (JdbcUserDetailsManager) this.appContext.getBean("myUserService");
 		UserDetails rod = mgr.loadUserByUsername("rod");
 		assertThat(AuthorityUtils.authorityListToSet(rod.getAuthorities())).contains("PREFIX_ROLE_SUPERVISOR");
 	}
 
 	private void setContext(String context) {
-		appContext = new InMemoryXmlApplicationContext(context);
+		this.appContext = new InMemoryXmlApplicationContext(context);
 	}
 
 }
diff --git a/config/src/test/java/org/springframework/security/config/authentication/UserServiceBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/authentication/UserServiceBeanDefinitionParserTests.java
index f4fa4a70a9..772c21b290 100644
--- a/config/src/test/java/org/springframework/security/config/authentication/UserServiceBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/authentication/UserServiceBeanDefinitionParserTests.java
@@ -35,8 +35,8 @@ public class UserServiceBeanDefinitionParserTests {
 
 	@After
 	public void closeAppContext() {
-		if (appContext != null) {
-			appContext.close();
+		if (this.appContext != null) {
+			this.appContext.close();
 		}
 	}
 
@@ -44,7 +44,7 @@ public class UserServiceBeanDefinitionParserTests {
 	public void userServiceWithValidPropertiesFileWorksSuccessfully() {
 		setContext("<user-service id='service' "
 				+ "properties='classpath:org/springframework/security/config/users.properties'/>");
-		UserDetailsService userService = (UserDetailsService) appContext.getBean("service");
+		UserDetailsService userService = (UserDetailsService) this.appContext.getBean("service");
 		userService.loadUserByUsername("bob");
 		userService.loadUserByUsername("joe");
 	}
@@ -53,7 +53,7 @@ public class UserServiceBeanDefinitionParserTests {
 	public void userServiceWithEmbeddedUsersWorksSuccessfully() {
 		setContext("<user-service id='service'>" + "    <user name='joe' password='joespassword' authorities='ROLE_A'/>"
 				+ "</user-service>");
-		UserDetailsService userService = (UserDetailsService) appContext.getBean("service");
+		UserDetailsService userService = (UserDetailsService) this.appContext.getBean("service");
 		userService.loadUserByUsername("joe");
 	}
 
@@ -66,7 +66,7 @@ public class UserServiceBeanDefinitionParserTests {
 				+ "<user-service id='service'>"
 				+ "    <user name='${principal.name}' password='${principal.pass}' authorities='${principal.authorities}'/>"
 				+ "</user-service>");
-		UserDetailsService userService = (UserDetailsService) appContext.getBean("service");
+		UserDetailsService userService = (UserDetailsService) this.appContext.getBean("service");
 		UserDetails joe = userService.loadUserByUsername("joe");
 		assertThat(joe.getPassword()).isEqualTo("joespassword");
 		assertThat(joe.getAuthorities()).hasSize(2);
@@ -75,7 +75,7 @@ public class UserServiceBeanDefinitionParserTests {
 	@Test
 	public void embeddedUsersWithNoPasswordIsGivenGeneratedValue() {
 		setContext("<user-service id='service'>" + "    <user name='joe' authorities='ROLE_A'/>" + "</user-service>");
-		UserDetailsService userService = (UserDetailsService) appContext.getBean("service");
+		UserDetailsService userService = (UserDetailsService) this.appContext.getBean("service");
 		UserDetails joe = userService.loadUserByUsername("joe");
 		assertThat(joe.getPassword().length() > 0).isTrue();
 		Long.parseLong(joe.getPassword());
@@ -86,7 +86,7 @@ public class UserServiceBeanDefinitionParserTests {
 		setContext("<user-service id='service'>" + "    <user name='https://joe.myopenid.com/' authorities='ROLE_A'/>"
 				+ "    <user name='https://www.google.com/accounts/o8/id?id=MPtOaenBIk5yzW9n7n9' authorities='ROLE_A'/>"
 				+ "</user-service>");
-		UserDetailsService userService = (UserDetailsService) appContext.getBean("service");
+		UserDetailsService userService = (UserDetailsService) this.appContext.getBean("service");
 		assertThat(userService.loadUserByUsername("https://joe.myopenid.com/").getUsername())
 				.isEqualTo("https://joe.myopenid.com/");
 		assertThat(userService.loadUserByUsername("https://www.google.com/accounts/o8/id?id=MPtOaenBIk5yzW9n7n9")
@@ -99,7 +99,7 @@ public class UserServiceBeanDefinitionParserTests {
 				+ "    <user name='joe' password='joespassword' authorities='ROLE_A' locked='true'/>"
 				+ "    <user name='Bob' password='bobspassword' authorities='ROLE_A' disabled='true'/>"
 				+ "</user-service>");
-		UserDetailsService userService = (UserDetailsService) appContext.getBean("service");
+		UserDetailsService userService = (UserDetailsService) this.appContext.getBean("service");
 		UserDetails joe = userService.loadUserByUsername("joe");
 		assertThat(joe.isAccountNonLocked()).isFalse();
 		// Check case-sensitive lookup SEC-1432
@@ -111,7 +111,7 @@ public class UserServiceBeanDefinitionParserTests {
 	public void userWithBothPropertiesAndEmbeddedUsersThrowsException() {
 		setContext("<user-service id='service' properties='doesntmatter.props'>"
 				+ "    <user name='joe' password='joespassword' authorities='ROLE_A'/>" + "</user-service>");
-		UserDetailsService userService = (UserDetailsService) appContext.getBean("service");
+		UserDetailsService userService = (UserDetailsService) this.appContext.getBean("service");
 		userService.loadUserByUsername("Joe");
 	}
 
@@ -128,7 +128,7 @@ public class UserServiceBeanDefinitionParserTests {
 	}
 
 	private void setContext(String context) {
-		appContext = new InMemoryXmlApplicationContext(context);
+		this.appContext = new InMemoryXmlApplicationContext(context);
 	}
 
 }
diff --git a/config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsJcTests.java b/config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsJcTests.java
index e7cbe00575..e0f7bc36dc 100644
--- a/config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsJcTests.java
+++ b/config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsJcTests.java
@@ -70,10 +70,10 @@ public class GrantedAuthorityDefaultsJcTests {
 	public void setup() {
 		setup("USER");
 
-		request = new MockHttpServletRequest("GET", "");
-		request.setMethod("GET");
-		response = new MockHttpServletResponse();
-		chain = new MockFilterChain();
+		this.request = new MockHttpServletRequest("GET", "");
+		this.request.setMethod("GET");
+		this.response = new MockHttpServletResponse();
+		this.chain = new MockFilterChain();
 	}
 
 	@After
@@ -84,11 +84,12 @@ public class GrantedAuthorityDefaultsJcTests {
 	@Test
 	public void doFilter() throws Exception {
 		SecurityContext context = SecurityContextHolder.getContext();
-		request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, context);
+		this.request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY,
+				context);
 
-		springSecurityFilterChain.doFilter(request, response, chain);
+		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
 
-		assertThat(response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
+		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
 	}
 
 	@Test
@@ -96,44 +97,46 @@ public class GrantedAuthorityDefaultsJcTests {
 		setup("DENIED");
 
 		SecurityContext context = SecurityContextHolder.getContext();
-		request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, context);
+		this.request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY,
+				context);
 
-		springSecurityFilterChain.doFilter(request, response, chain);
+		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
 
-		assertThat(response.getStatus()).isEqualTo(HttpServletResponse.SC_FORBIDDEN);
+		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_FORBIDDEN);
 	}
 
 	@Test
 	public void message() {
-		messageService.getMessage();
+		this.messageService.getMessage();
 	}
 
 	@Test
 	public void jsrMessage() {
-		messageService.getJsrMessage();
+		this.messageService.getJsrMessage();
 	}
 
 	@Test(expected = AccessDeniedException.class)
 	public void messageDenied() {
 		setup("DENIED");
 
-		messageService.getMessage();
+		this.messageService.getMessage();
 	}
 
 	@Test(expected = AccessDeniedException.class)
 	public void jsrMessageDenied() {
 		setup("DENIED");
 
-		messageService.getJsrMessage();
+		this.messageService.getJsrMessage();
 	}
 
 	// SEC-2926
 	@Test
 	public void doFilterIsUserInRole() throws Exception {
 		SecurityContext context = SecurityContextHolder.getContext();
-		request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, context);
+		this.request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY,
+				context);
 
-		chain = new MockFilterChain() {
+		this.chain = new MockFilterChain() {
 
 			@Override
 			public void doFilter(ServletRequest request, ServletResponse response)
@@ -146,9 +149,9 @@ public class GrantedAuthorityDefaultsJcTests {
 
 		};
 
-		springSecurityFilterChain.doFilter(request, response, chain);
+		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
 
-		assertThat(chain.getRequest()).isNotNull();
+		assertThat(this.chain.getRequest()).isNotNull();
 	}
 
 	private void setup(String role) {
diff --git a/config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsXmlTests.java b/config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsXmlTests.java
index ace553d52d..8325261560 100644
--- a/config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsXmlTests.java
+++ b/config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsXmlTests.java
@@ -63,10 +63,10 @@ public class GrantedAuthorityDefaultsXmlTests {
 	public void setup() {
 		setup("USER");
 
-		request = new MockHttpServletRequest("GET", "");
-		request.setMethod("GET");
-		response = new MockHttpServletResponse();
-		chain = new MockFilterChain();
+		this.request = new MockHttpServletRequest("GET", "");
+		this.request.setMethod("GET");
+		this.response = new MockHttpServletResponse();
+		this.chain = new MockFilterChain();
 	}
 
 	@After
@@ -77,11 +77,12 @@ public class GrantedAuthorityDefaultsXmlTests {
 	@Test
 	public void doFilter() throws Exception {
 		SecurityContext context = SecurityContextHolder.getContext();
-		request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, context);
+		this.request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY,
+				context);
 
-		springSecurityFilterChain.doFilter(request, response, chain);
+		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
 
-		assertThat(response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
+		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
 	}
 
 	@Test
@@ -89,44 +90,46 @@ public class GrantedAuthorityDefaultsXmlTests {
 		setup("DENIED");
 
 		SecurityContext context = SecurityContextHolder.getContext();
-		request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, context);
+		this.request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY,
+				context);
 
-		springSecurityFilterChain.doFilter(request, response, chain);
+		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
 
-		assertThat(response.getStatus()).isEqualTo(HttpServletResponse.SC_FORBIDDEN);
+		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_FORBIDDEN);
 	}
 
 	@Test
 	public void message() {
-		messageService.getMessage();
+		this.messageService.getMessage();
 	}
 
 	@Test
 	public void jsrMessage() {
-		messageService.getJsrMessage();
+		this.messageService.getJsrMessage();
 	}
 
 	@Test(expected = AccessDeniedException.class)
 	public void messageDenied() {
 		setup("DENIED");
 
-		messageService.getMessage();
+		this.messageService.getMessage();
 	}
 
 	@Test(expected = AccessDeniedException.class)
 	public void jsrMessageDenied() {
 		setup("DENIED");
 
-		messageService.getJsrMessage();
+		this.messageService.getJsrMessage();
 	}
 
 	// SEC-2926
 	@Test
 	public void doFilterIsUserInRole() throws Exception {
 		SecurityContext context = SecurityContextHolder.getContext();
-		request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, context);
+		this.request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY,
+				context);
 
-		chain = new MockFilterChain() {
+		this.chain = new MockFilterChain() {
 
 			@Override
 			public void doFilter(ServletRequest request, ServletResponse response)
@@ -139,9 +142,9 @@ public class GrantedAuthorityDefaultsXmlTests {
 
 		};
 
-		springSecurityFilterChain.doFilter(request, response, chain);
+		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
 
-		assertThat(chain.getRequest()).isNotNull();
+		assertThat(this.chain.getRequest()).isNotNull();
 	}
 
 	private void setup(String role) {
diff --git a/config/src/test/java/org/springframework/security/config/core/userdetails/ReactiveUserDetailsServiceResourceFactoryBeanPropertiesResourceITests.java b/config/src/test/java/org/springframework/security/config/core/userdetails/ReactiveUserDetailsServiceResourceFactoryBeanPropertiesResourceITests.java
index a400358fd6..58c4e09397 100644
--- a/config/src/test/java/org/springframework/security/config/core/userdetails/ReactiveUserDetailsServiceResourceFactoryBeanPropertiesResourceITests.java
+++ b/config/src/test/java/org/springframework/security/config/core/userdetails/ReactiveUserDetailsServiceResourceFactoryBeanPropertiesResourceITests.java
@@ -40,7 +40,7 @@ public class ReactiveUserDetailsServiceResourceFactoryBeanPropertiesResourceITes
 
 	@Test
 	public void loadUserByUsernameWhenUserFoundThenNotNull() {
-		assertThat(users.findByUsername("user").block()).isNotNull();
+		assertThat(this.users.findByUsername("user").block()).isNotNull();
 	}
 
 	@Configuration
diff --git a/config/src/test/java/org/springframework/security/config/core/userdetails/ReactiveUserDetailsServiceResourceFactoryBeanPropertiesResourceLocationITests.java b/config/src/test/java/org/springframework/security/config/core/userdetails/ReactiveUserDetailsServiceResourceFactoryBeanPropertiesResourceLocationITests.java
index 01e2975e09..28908297f8 100644
--- a/config/src/test/java/org/springframework/security/config/core/userdetails/ReactiveUserDetailsServiceResourceFactoryBeanPropertiesResourceLocationITests.java
+++ b/config/src/test/java/org/springframework/security/config/core/userdetails/ReactiveUserDetailsServiceResourceFactoryBeanPropertiesResourceLocationITests.java
@@ -39,7 +39,7 @@ public class ReactiveUserDetailsServiceResourceFactoryBeanPropertiesResourceLoca
 
 	@Test
 	public void loadUserByUsernameWhenUserFoundThenNotNull() {
-		assertThat(users.findByUsername("user").block()).isNotNull();
+		assertThat(this.users.findByUsername("user").block()).isNotNull();
 	}
 
 	@Configuration
diff --git a/config/src/test/java/org/springframework/security/config/core/userdetails/ReactiveUserDetailsServiceResourceFactoryBeanStringITests.java b/config/src/test/java/org/springframework/security/config/core/userdetails/ReactiveUserDetailsServiceResourceFactoryBeanStringITests.java
index d81b5bdea3..ff4eac53f2 100644
--- a/config/src/test/java/org/springframework/security/config/core/userdetails/ReactiveUserDetailsServiceResourceFactoryBeanStringITests.java
+++ b/config/src/test/java/org/springframework/security/config/core/userdetails/ReactiveUserDetailsServiceResourceFactoryBeanStringITests.java
@@ -39,7 +39,7 @@ public class ReactiveUserDetailsServiceResourceFactoryBeanStringITests {
 
 	@Test
 	public void findByUsernameWhenUserFoundThenNotNull() {
-		assertThat(users.findByUsername("user").block()).isNotNull();
+		assertThat(this.users.findByUsername("user").block()).isNotNull();
 	}
 
 	@Configuration
diff --git a/config/src/test/java/org/springframework/security/config/core/userdetails/UserDetailsResourceFactoryBeanTests.java b/config/src/test/java/org/springframework/security/config/core/userdetails/UserDetailsResourceFactoryBeanTests.java
index 5e76b25291..6a366f7fcc 100644
--- a/config/src/test/java/org/springframework/security/config/core/userdetails/UserDetailsResourceFactoryBeanTests.java
+++ b/config/src/test/java/org/springframework/security/config/core/userdetails/UserDetailsResourceFactoryBeanTests.java
@@ -45,39 +45,39 @@ public class UserDetailsResourceFactoryBeanTests {
 
 	@Test
 	public void setResourceLoaderWhenNullThenThrowsException() {
-		assertThatThrownBy(() -> factory.setResourceLoader(null)).isInstanceOf(IllegalArgumentException.class)
+		assertThatThrownBy(() -> this.factory.setResourceLoader(null)).isInstanceOf(IllegalArgumentException.class)
 				.hasStackTraceContaining("resourceLoader cannot be null");
 	}
 
 	@Test
 	public void getObjectWhenPropertiesResourceLocationNullThenThrowsIllegalStateException() {
-		factory.setResourceLoader(resourceLoader);
+		this.factory.setResourceLoader(this.resourceLoader);
 
-		assertThatThrownBy(() -> factory.getObject()).isInstanceOf(IllegalArgumentException.class)
+		assertThatThrownBy(() -> this.factory.getObject()).isInstanceOf(IllegalArgumentException.class)
 				.hasStackTraceContaining("resource cannot be null if resourceLocation is null");
 	}
 
 	@Test
 	public void getObjectWhenPropertiesResourceLocationSingleUserThenThrowsGetsSingleUser() throws Exception {
-		factory.setResourceLocation("classpath:users.properties");
+		this.factory.setResourceLocation("classpath:users.properties");
 
-		Collection<UserDetails> users = factory.getObject();
+		Collection<UserDetails> users = this.factory.getObject();
 
 		assertLoaded();
 	}
 
 	@Test
 	public void getObjectWhenPropertiesResourceSingleUserThenThrowsGetsSingleUser() throws Exception {
-		factory.setResource(new InMemoryResource("user=password,ROLE_USER"));
+		this.factory.setResource(new InMemoryResource("user=password,ROLE_USER"));
 
 		assertLoaded();
 	}
 
 	@Test
 	public void getObjectWhenInvalidUserThenThrowsMeaningfulException() {
-		factory.setResource(new InMemoryResource("user=invalidFormatHere"));
+		this.factory.setResource(new InMemoryResource("user=invalidFormatHere"));
 
-		assertThatThrownBy(() -> factory.getObject()).isInstanceOf(IllegalStateException.class)
+		assertThatThrownBy(() -> this.factory.getObject()).isInstanceOf(IllegalStateException.class)
 				.hasStackTraceContaining("user").hasStackTraceContaining("invalidFormatHere");
 	}
 
@@ -89,7 +89,7 @@ public class UserDetailsResourceFactoryBeanTests {
 	}
 
 	private void assertLoaded() throws Exception {
-		Collection<UserDetails> users = factory.getObject();
+		Collection<UserDetails> users = this.factory.getObject();
 		// @formatter:off
 		UserDetails expectedUser = User.withUsername("user")
 			.password("password")
diff --git a/config/src/test/java/org/springframework/security/config/http/DefaultFilterChainValidatorTests.java b/config/src/test/java/org/springframework/security/config/http/DefaultFilterChainValidatorTests.java
index a2887488bf..c2795425e7 100644
--- a/config/src/test/java/org/springframework/security/config/http/DefaultFilterChainValidatorTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/DefaultFilterChainValidatorTests.java
@@ -68,17 +68,17 @@ public class DefaultFilterChainValidatorTests {
 	@Before
 	public void setUp() {
 		AnonymousAuthenticationFilter aaf = new AnonymousAuthenticationFilter("anonymous");
-		fsi = new FilterSecurityInterceptor();
-		fsi.setAccessDecisionManager(accessDecisionManager);
-		fsi.setSecurityMetadataSource(metadataSource);
+		this.fsi = new FilterSecurityInterceptor();
+		this.fsi.setAccessDecisionManager(this.accessDecisionManager);
+		this.fsi.setSecurityMetadataSource(this.metadataSource);
 		AuthenticationEntryPoint authenticationEntryPoint = new LoginUrlAuthenticationEntryPoint("/login");
 		ExceptionTranslationFilter etf = new ExceptionTranslationFilter(authenticationEntryPoint);
 		DefaultSecurityFilterChain securityChain = new DefaultSecurityFilterChain(AnyRequestMatcher.INSTANCE, aaf, etf,
-				fsi);
-		fcp = new FilterChainProxy(securityChain);
-		validator = new DefaultFilterChainValidator();
+				this.fsi);
+		this.fcp = new FilterChainProxy(securityChain);
+		this.validator = new DefaultFilterChainValidator();
 
-		ReflectionTestUtils.setField(validator, "logger", logger);
+		ReflectionTestUtils.setField(this.validator, "logger", this.logger);
 	}
 
 	// SEC-1878
@@ -86,10 +86,10 @@ public class DefaultFilterChainValidatorTests {
 	@Test
 	public void validateCheckLoginPageIsntProtectedThrowsIllegalArgumentException() {
 		IllegalArgumentException toBeThrown = new IllegalArgumentException("failed to eval expression");
-		doThrow(toBeThrown).when(accessDecisionManager).decide(any(Authentication.class), anyObject(),
+		doThrow(toBeThrown).when(this.accessDecisionManager).decide(any(Authentication.class), anyObject(),
 				any(Collection.class));
-		validator.validate(fcp);
-		verify(logger).info(
+		this.validator.validate(this.fcp);
+		verify(this.logger).info(
 				"Unable to check access to the login page to determine if anonymous access is allowed. This might be an error, but can happen under normal circumstances.",
 				toBeThrown);
 	}
@@ -99,9 +99,9 @@ public class DefaultFilterChainValidatorTests {
 	public void validateCustomMetadataSource() {
 		FilterInvocationSecurityMetadataSource customMetaDataSource = mock(
 				FilterInvocationSecurityMetadataSource.class);
-		fsi.setSecurityMetadataSource(customMetaDataSource);
+		this.fsi.setSecurityMetadataSource(customMetaDataSource);
 
-		validator.validate(fcp);
+		this.validator.validate(this.fcp);
 
 		verify(customMetaDataSource).getAttributes(any());
 	}
diff --git a/config/src/test/java/org/springframework/security/config/http/HttpInterceptUrlTests.java b/config/src/test/java/org/springframework/security/config/http/HttpInterceptUrlTests.java
index 0c0dac1e0b..86bb8e9707 100644
--- a/config/src/test/java/org/springframework/security/config/http/HttpInterceptUrlTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/HttpInterceptUrlTests.java
@@ -39,8 +39,8 @@ public class HttpInterceptUrlTests {
 
 	@After
 	public void close() {
-		if (context != null) {
-			context.close();
+		if (this.context != null) {
+			this.context.close();
 		}
 	}
 
@@ -48,11 +48,11 @@ public class HttpInterceptUrlTests {
 	public void interceptUrlWhenRequestMatcherRefThenWorks() throws Exception {
 		loadConfig("interceptUrlWhenRequestMatcherRefThenWorks.xml");
 
-		mockMvc.perform(get("/foo")).andExpect(status().isUnauthorized());
+		this.mockMvc.perform(get("/foo")).andExpect(status().isUnauthorized());
 
-		mockMvc.perform(get("/FOO")).andExpect(status().isUnauthorized());
+		this.mockMvc.perform(get("/FOO")).andExpect(status().isUnauthorized());
 
-		mockMvc.perform(get("/other")).andExpect(status().isOk());
+		this.mockMvc.perform(get("/other")).andExpect(status().isOk());
 	}
 
 	private void loadConfig(String... configLocations) {
@@ -68,7 +68,8 @@ public class HttpInterceptUrlTests {
 		context.getAutowireCapableBeanFactory().autowireBean(this);
 
 		Filter springSecurityFilterChain = context.getBean("springSecurityFilterChain", Filter.class);
-		mockMvc = MockMvcBuilders.standaloneSetup(new FooController()).addFilters(springSecurityFilterChain).build();
+		this.mockMvc = MockMvcBuilders.standaloneSetup(new FooController()).addFilters(springSecurityFilterChain)
+				.build();
 	}
 
 	@RestController
diff --git a/config/src/test/java/org/springframework/security/config/http/OAuth2LoginBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/http/OAuth2LoginBeanDefinitionParserTests.java
index 7d23a7d0ea..5d29fc8360 100644
--- a/config/src/test/java/org/springframework/security/config/http/OAuth2LoginBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/OAuth2LoginBeanDefinitionParserTests.java
@@ -161,7 +161,7 @@ public class OAuth2LoginBeanDefinitionParserTests {
 		this.mvc.perform(get("/")).andExpect(status().is3xxRedirection())
 				.andExpect(redirectedUrl("http://localhost/oauth2/authorization/google-login"));
 
-		verify(requestCache).saveRequest(any(), any());
+		verify(this.requestCache).saveRequest(any(), any());
 	}
 
 	// gh-5347
@@ -196,7 +196,7 @@ public class OAuth2LoginBeanDefinitionParserTests {
 
 		ArgumentCaptor<AuthenticationException> exceptionCaptor = ArgumentCaptor
 				.forClass(AuthenticationException.class);
-		verify(authenticationFailureHandler).onAuthenticationFailure(any(), any(), exceptionCaptor.capture());
+		verify(this.authenticationFailureHandler).onAuthenticationFailure(any(), any(), exceptionCaptor.capture());
 		AuthenticationException exception = exceptionCaptor.getValue();
 		assertThat(exception).isInstanceOf(OAuth2AuthenticationException.class);
 		assertThat(((OAuth2AuthenticationException) exception).getError().getErrorCode())
@@ -226,7 +226,7 @@ public class OAuth2LoginBeanDefinitionParserTests {
 		this.mvc.perform(get("/login/oauth2/code/github-login").params(params)).andExpect(status().is2xxSuccessful());
 
 		ArgumentCaptor<Authentication> authenticationCaptor = ArgumentCaptor.forClass(Authentication.class);
-		verify(authenticationSuccessHandler).onAuthenticationSuccess(any(), any(), authenticationCaptor.capture());
+		verify(this.authenticationSuccessHandler).onAuthenticationSuccess(any(), any(), authenticationCaptor.capture());
 		Authentication authentication = authenticationCaptor.getValue();
 		assertThat(authentication.getPrincipal()).isInstanceOf(OAuth2User.class);
 	}
@@ -254,7 +254,7 @@ public class OAuth2LoginBeanDefinitionParserTests {
 		params.add("state", authorizationRequest.getState());
 		this.mvc.perform(get("/login/oauth2/code/github-login").params(params));
 
-		verify(authenticationSuccessListener).onApplicationEvent(any(AuthenticationSuccessEvent.class));
+		verify(this.authenticationSuccessListener).onApplicationEvent(any(AuthenticationSuccessEvent.class));
 	}
 
 	@Test
@@ -312,7 +312,7 @@ public class OAuth2LoginBeanDefinitionParserTests {
 		this.mvc.perform(get("/login/oauth2/code/github-login").params(params)).andExpect(status().is2xxSuccessful());
 
 		ArgumentCaptor<Authentication> authenticationCaptor = ArgumentCaptor.forClass(Authentication.class);
-		verify(authenticationSuccessHandler).onAuthenticationSuccess(any(), any(), authenticationCaptor.capture());
+		verify(this.authenticationSuccessHandler).onAuthenticationSuccess(any(), any(), authenticationCaptor.capture());
 		Authentication authentication = authenticationCaptor.getValue();
 		assertThat(authentication.getPrincipal()).isInstanceOf(OAuth2User.class);
 		assertThat(authentication.getAuthorities()).hasSize(1);
@@ -338,7 +338,7 @@ public class OAuth2LoginBeanDefinitionParserTests {
 		this.mvc.perform(get("/login/oauth2/code/google-login").params(params)).andExpect(status().is2xxSuccessful());
 
 		authenticationCaptor = ArgumentCaptor.forClass(Authentication.class);
-		verify(authenticationSuccessHandler, times(2)).onAuthenticationSuccess(any(), any(),
+		verify(this.authenticationSuccessHandler, times(2)).onAuthenticationSuccess(any(), any(),
 				authenticationCaptor.capture());
 		authentication = authenticationCaptor.getValue();
 		assertThat(authentication.getPrincipal()).isInstanceOf(OidcUser.class);
@@ -371,7 +371,7 @@ public class OAuth2LoginBeanDefinitionParserTests {
 		this.mvc.perform(get("/login/oauth2/github-login").params(params)).andExpect(status().is2xxSuccessful());
 
 		ArgumentCaptor<Authentication> authenticationCaptor = ArgumentCaptor.forClass(Authentication.class);
-		verify(authenticationSuccessHandler).onAuthenticationSuccess(any(), any(), authenticationCaptor.capture());
+		verify(this.authenticationSuccessHandler).onAuthenticationSuccess(any(), any(), authenticationCaptor.capture());
 		Authentication authentication = authenticationCaptor.getValue();
 		assertThat(authentication.getPrincipal()).isInstanceOf(OAuth2User.class);
 	}
@@ -384,7 +384,7 @@ public class OAuth2LoginBeanDefinitionParserTests {
 
 		this.mvc.perform(get("/oauth2/authorization/google-login")).andExpect(status().is3xxRedirection());
 
-		verify(authorizationRequestResolver).resolve(any());
+		verify(this.authorizationRequestResolver).resolve(any());
 	}
 
 	// gh-5347
@@ -439,7 +439,7 @@ public class OAuth2LoginBeanDefinitionParserTests {
 		params.add("state", authorizationRequest.getState());
 		this.mvc.perform(get("/login/oauth2/code/" + clientRegistration.getRegistrationId()).params(params));
 
-		verify(clientRegistrationRepository).findByRegistrationId(clientRegistration.getRegistrationId());
+		verify(this.clientRegistrationRepository).findByRegistrationId(clientRegistration.getRegistrationId());
 	}
 
 	@Test
@@ -467,7 +467,7 @@ public class OAuth2LoginBeanDefinitionParserTests {
 		params.add("state", authorizationRequest.getState());
 		this.mvc.perform(get("/login/oauth2/code/" + clientRegistration.getRegistrationId()).params(params));
 
-		verify(authorizedClientRepository).saveAuthorizedClient(any(), any(), any(), any());
+		verify(this.authorizedClientRepository).saveAuthorizedClient(any(), any(), any(), any());
 	}
 
 	@Test
@@ -495,7 +495,7 @@ public class OAuth2LoginBeanDefinitionParserTests {
 		params.add("state", authorizationRequest.getState());
 		this.mvc.perform(get("/login/oauth2/code/" + clientRegistration.getRegistrationId()).params(params));
 
-		verify(authorizedClientService).saveAuthorizedClient(any(), any());
+		verify(this.authorizedClientService).saveAuthorizedClient(any(), any());
 	}
 
 	@WithMockUser
diff --git a/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigServlet31Tests.java b/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigServlet31Tests.java
index c7fbebe5b6..6fe90928bb 100644
--- a/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigServlet31Tests.java
+++ b/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigServlet31Tests.java
@@ -69,15 +69,15 @@ public class SessionManagementConfigServlet31Tests {
 
 	@Before
 	public void setup() {
-		request = new MockHttpServletRequest("GET", "");
-		response = new MockHttpServletResponse();
-		chain = new MockFilterChain();
+		this.request = new MockHttpServletRequest("GET", "");
+		this.response = new MockHttpServletResponse();
+		this.chain = new MockFilterChain();
 	}
 
 	@After
 	public void teardown() {
-		if (context != null) {
-			context.close();
+		if (this.context != null) {
+			this.context.close();
 		}
 	}
 
@@ -97,7 +97,7 @@ public class SessionManagementConfigServlet31Tests {
 		loadContext("<http>\n" + "        <form-login/>\n" + "        <session-management/>\n"
 				+ "        <csrf disabled='true'/>\n" + "    </http>" + XML_AUTHENTICATION_MANAGER);
 
-		springSecurityFilterChain.doFilter(request, response, chain);
+		this.springSecurityFilterChain.doFilter(request, this.response, this.chain);
 
 		assertThat(request.getSession().getId()).isNotEqualTo(id);
 		assertThat(request.getSession().getAttribute("attribute1")).isEqualTo("value1");
@@ -119,7 +119,7 @@ public class SessionManagementConfigServlet31Tests {
 				+ "        <session-management session-fixation-protection='changeSessionId'/>\n"
 				+ "        <csrf disabled='true'/>\n" + "    </http>" + XML_AUTHENTICATION_MANAGER);
 
-		springSecurityFilterChain.doFilter(request, response, chain);
+		this.springSecurityFilterChain.doFilter(request, this.response, this.chain);
 
 		assertThat(request.getSession().getId()).isNotEqualTo(id);
 
@@ -132,7 +132,7 @@ public class SessionManagementConfigServlet31Tests {
 
 	private void login(Authentication auth) {
 		HttpSessionSecurityContextRepository repo = new HttpSessionSecurityContextRepository();
-		HttpRequestResponseHolder requestResponseHolder = new HttpRequestResponseHolder(request, response);
+		HttpRequestResponseHolder requestResponseHolder = new HttpRequestResponseHolder(this.request, this.response);
 		repo.loadContext(requestResponseHolder);
 
 		SecurityContextImpl securityContextImpl = new SecurityContextImpl();
diff --git a/config/src/test/java/org/springframework/security/config/http/WebConfigUtilsTests.java b/config/src/test/java/org/springframework/security/config/http/WebConfigUtilsTests.java
index cb74d3d1b2..0db59ee857 100644
--- a/config/src/test/java/org/springframework/security/config/http/WebConfigUtilsTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/WebConfigUtilsTests.java
@@ -38,8 +38,8 @@ public class WebConfigUtilsTests {
 	@Test
 	public void validateHttpRedirectSpELNoParserWarning() {
 		WebConfigUtils.validateHttpRedirect("#{T(org.springframework.security.config.http.WebConfigUtilsTest).URL}",
-				parserContext, "fakeSource");
-		verifyZeroInteractions(parserContext);
+				this.parserContext, "fakeSource");
+		verifyZeroInteractions(this.parserContext);
 	}
 
 }
\ No newline at end of file
diff --git a/config/src/test/java/org/springframework/security/config/http/customconfigurer/CustomConfigurer.java b/config/src/test/java/org/springframework/security/config/http/customconfigurer/CustomConfigurer.java
index c3ee15d29f..730e35620a 100644
--- a/config/src/test/java/org/springframework/security/config/http/customconfigurer/CustomConfigurer.java
+++ b/config/src/test/java/org/springframework/security/config/http/customconfigurer/CustomConfigurer.java
@@ -49,7 +49,7 @@ public class CustomConfigurer extends SecurityConfigurerAdapter<DefaultSecurityF
 		// @formatter:off
 		http
 			.authorizeRequests()
-				.antMatchers(permitAllPattern).permitAll()
+				.antMatchers(this.permitAllPattern).permitAll()
 				.anyRequest().authenticated();
 		// @formatter:on
 		if (http.getConfigurer(FormLoginConfigurer.class) == null) {
@@ -57,7 +57,7 @@ public class CustomConfigurer extends SecurityConfigurerAdapter<DefaultSecurityF
 			// @formatter:off
 			http
 				.formLogin()
-					.loginPage(loginPage);
+					.loginPage(this.loginPage);
 			// @formatter:on
 		}
 	}
diff --git a/config/src/test/java/org/springframework/security/config/http/customconfigurer/CustomHttpSecurityConfigurerTests.java b/config/src/test/java/org/springframework/security/config/http/customconfigurer/CustomHttpSecurityConfigurerTests.java
index e46e604ff0..8826baff99 100644
--- a/config/src/test/java/org/springframework/security/config/http/customconfigurer/CustomHttpSecurityConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/customconfigurer/CustomHttpSecurityConfigurerTests.java
@@ -59,16 +59,16 @@ public class CustomHttpSecurityConfigurerTests {
 
 	@Before
 	public void setup() {
-		request = new MockHttpServletRequest("GET", "");
-		response = new MockHttpServletResponse();
-		chain = new MockFilterChain();
-		request.setMethod("GET");
+		this.request = new MockHttpServletRequest("GET", "");
+		this.response = new MockHttpServletResponse();
+		this.chain = new MockFilterChain();
+		this.request.setMethod("GET");
 	}
 
 	@After
 	public void cleanup() {
-		if (context != null) {
-			context.close();
+		if (this.context != null) {
+			this.context.close();
 		}
 	}
 
@@ -76,42 +76,42 @@ public class CustomHttpSecurityConfigurerTests {
 	public void customConfiguerPermitAll() throws Exception {
 		loadContext(Config.class);
 
-		request.setPathInfo("/public/something");
+		this.request.setPathInfo("/public/something");
 
-		springSecurityFilterChain.doFilter(request, response, chain);
+		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
 
-		assertThat(response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
+		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
 	}
 
 	@Test
 	public void customConfiguerFormLogin() throws Exception {
 		loadContext(Config.class);
-		request.setPathInfo("/requires-authentication");
+		this.request.setPathInfo("/requires-authentication");
 
-		springSecurityFilterChain.doFilter(request, response, chain);
+		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
 
-		assertThat(response.getRedirectedUrl()).endsWith("/custom");
+		assertThat(this.response.getRedirectedUrl()).endsWith("/custom");
 	}
 
 	@Test
 	public void customConfiguerCustomizeDisablesCsrf() throws Exception {
 		loadContext(ConfigCustomize.class);
-		request.setPathInfo("/public/something");
-		request.setMethod("POST");
+		this.request.setPathInfo("/public/something");
+		this.request.setMethod("POST");
 
-		springSecurityFilterChain.doFilter(request, response, chain);
+		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
 
-		assertThat(response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
+		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
 	}
 
 	@Test
 	public void customConfiguerCustomizeFormLogin() throws Exception {
 		loadContext(ConfigCustomize.class);
-		request.setPathInfo("/requires-authentication");
+		this.request.setPathInfo("/requires-authentication");
 
-		springSecurityFilterChain.doFilter(request, response, chain);
+		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
 
-		assertThat(response.getRedirectedUrl()).endsWith("/other");
+		assertThat(this.response.getRedirectedUrl()).endsWith("/other");
 	}
 
 	private void loadContext(Class<?> clazz) {
diff --git a/config/src/test/java/org/springframework/security/config/method/Contact.java b/config/src/test/java/org/springframework/security/config/method/Contact.java
index 56f149ec2f..e79739ef90 100644
--- a/config/src/test/java/org/springframework/security/config/method/Contact.java
+++ b/config/src/test/java/org/springframework/security/config/method/Contact.java
@@ -34,7 +34,7 @@ public class Contact {
 	 * @return the name
 	 */
 	public String getName() {
-		return name;
+		return this.name;
 	}
 
 }
diff --git a/config/src/test/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParserTests.java
index 2bcd096cde..3f5a56f46e 100644
--- a/config/src/test/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParserTests.java
@@ -80,24 +80,24 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
 				+ "    <protect-pointcut expression='execution(* *.someUser*(..))' access='ROLE_USER'/>"
 				+ "    <protect-pointcut expression='execution(* *.someAdmin*(..))' access='ROLE_ADMIN'/>"
 				+ "</global-method-security>" + ConfigTestUtils.AUTH_PROVIDER_XML);
-		target = (BusinessService) appContext.getBean("target");
+		this.target = (BusinessService) this.appContext.getBean("target");
 	}
 
 	@After
 	public void closeAppContext() {
-		if (appContext != null) {
-			appContext.close();
-			appContext = null;
+		if (this.appContext != null) {
+			this.appContext.close();
+			this.appContext = null;
 		}
 		SecurityContextHolder.clearContext();
-		target = null;
+		this.target = null;
 	}
 
 	@Test(expected = AuthenticationCredentialsNotFoundException.class)
 	public void targetShouldPreventProtectedMethodInvocationWithNoContext() {
 		loadContext();
 
-		target.someUserMethod1();
+		this.target.someUserMethod1();
 	}
 
 	@Test
@@ -106,10 +106,10 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("user", "password");
 		SecurityContextHolder.getContext().setAuthentication(token);
 
-		target.someUserMethod1();
+		this.target.someUserMethod1();
 
 		// SEC-1213. Check the order
-		Advisor[] advisors = ((Advised) target).getAdvisors();
+		Advisor[] advisors = ((Advised) this.target).getAdvisors();
 		assertThat(advisors).hasSize(1);
 		assertThat(((MethodSecurityMetadataSourceAdvisor) advisors[0]).getOrder()).isEqualTo(1001);
 	}
@@ -122,7 +122,7 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
 
 		SecurityContextHolder.getContext().setAuthentication(token);
 
-		target.someAdminMethod();
+		this.target.someAdminMethod();
 	}
 
 	@Test
@@ -133,7 +133,7 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
 						+ "   <authentication-provider user-service-ref='myUserService'/>" + "</authentication-manager>"
 						+ "<b:bean id='beanPostProcessor' class='org.springframework.security.config.MockUserServiceBeanPostProcessor'/>");
 
-		PostProcessedMockUserDetailsService service = (PostProcessedMockUserDetailsService) appContext
+		PostProcessedMockUserDetailsService service = (PostProcessedMockUserDetailsService) this.appContext
 				.getBean("myUserService");
 
 		assertThat(service.getPostProcessorWasHere()).isEqualTo("Hello from the post processor!");
@@ -148,7 +148,7 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
 				+ "<aop:aspectj-autoproxy />" + "<authentication-manager>"
 				+ "   <authentication-provider user-service-ref='myUserService'/>" + "</authentication-manager>");
 
-		UserDetailsService service = (UserDetailsService) appContext.getBean("myUserService");
+		UserDetailsService service = (UserDetailsService) this.appContext.getBean("myUserService");
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password",
 				AuthorityUtils.createAuthorityList("ROLE_SOMEOTHERROLE"));
 		SecurityContextHolder.getContext().setAuthentication(token);
@@ -165,14 +165,14 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
 				+ "</global-method-security>" + ConfigTestUtils.AUTH_PROVIDER_XML);
 		SecurityContextHolder.getContext()
 				.setAuthentication(new UsernamePasswordAuthenticationToken("user", "password"));
-		target = (BusinessService) appContext.getBean("target");
+		this.target = (BusinessService) this.appContext.getBean("target");
 		// someOther(int) should not be matched by someOther(String), but should require
 		// ROLE_USER
-		target.someOther(0);
+		this.target.someOther(0);
 
 		try {
 			// String version should required admin role
-			target.someOther("somestring");
+			this.target.someOther("somestring");
 			fail("Expected AccessDeniedException");
 		}
 		catch (AccessDeniedException expected) {
@@ -186,13 +186,13 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
 				+ "     'execution(* org.springframework.security.access.annotation.BusinessService.*(..)) "
 				+ "       and not execution(* org.springframework.security.access.annotation.BusinessService.someOther(String)))' "
 				+ "               access='ROLE_USER'/>" + "</global-method-security>" + AUTH_PROVIDER_XML);
-		target = (BusinessService) appContext.getBean("target");
+		this.target = (BusinessService) this.appContext.getBean("target");
 		// String method should not be protected
-		target.someOther("somestring");
+		this.target.someOther("somestring");
 
 		// All others should require ROLE_USER
 		try {
-			target.someOther(0);
+			this.target.someOther(0);
 			fail("Expected AuthenticationCredentialsNotFoundException");
 		}
 		catch (AuthenticationCredentialsNotFoundException expected) {
@@ -200,7 +200,7 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
 
 		SecurityContextHolder.getContext()
 				.setAuthentication(new UsernamePasswordAuthenticationToken("user", "password"));
-		target.someOther(0);
+		this.target.someOther(0);
 	}
 
 	@Test(expected = BeanDefinitionParsingException.class)
@@ -220,8 +220,8 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password",
 				AuthorityUtils.createAuthorityList("ROLE_SOMEOTHERROLE"));
 		SecurityContextHolder.getContext().setAuthentication(token);
-		target = (BusinessService) appContext.getBean("businessService");
-		target.someUserMethod1();
+		this.target = (BusinessService) this.appContext.getBean("businessService");
+		this.target.someUserMethod1();
 	}
 
 	// Expression configuration tests
@@ -230,11 +230,11 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
 	@Test
 	public void expressionVoterAndAfterInvocationProviderUseSameExpressionHandlerInstance() throws Exception {
 		setContext("<global-method-security pre-post-annotations='enabled'/>" + AUTH_PROVIDER_XML);
-		AffirmativeBased adm = (AffirmativeBased) appContext.getBeansOfType(AffirmativeBased.class).values()
+		AffirmativeBased adm = (AffirmativeBased) this.appContext.getBeansOfType(AffirmativeBased.class).values()
 				.toArray()[0];
 		List voters = (List) FieldUtils.getFieldValue(adm, "decisionVoters");
 		PreInvocationAuthorizationAdviceVoter mev = (PreInvocationAuthorizationAdviceVoter) voters.get(0);
-		MethodSecurityMetadataSourceAdvisor msi = (MethodSecurityMetadataSourceAdvisor) appContext
+		MethodSecurityMetadataSourceAdvisor msi = (MethodSecurityMetadataSourceAdvisor) this.appContext
 				.getBeansOfType(MethodSecurityMetadataSourceAdvisor.class).values().toArray()[0];
 		AfterInvocationProviderManager pm = (AfterInvocationProviderManager) ((MethodSecurityInterceptor) msi
 				.getAdvice()).getAfterInvocationManager();
@@ -248,9 +248,9 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
 		setContext("<global-method-security pre-post-annotations='enabled'/>"
 				+ "<b:bean id='target' class='org.springframework.security.access.annotation.ExpressionProtectedBusinessServiceImpl'/>"
 				+ AUTH_PROVIDER_XML);
-		SecurityContextHolder.getContext().setAuthentication(bob);
-		target = (BusinessService) appContext.getBean("target");
-		target.someAdminMethod();
+		SecurityContextHolder.getContext().setAuthentication(this.bob);
+		this.target = (BusinessService) this.appContext.getBean("target");
+		this.target.someAdminMethod();
 	}
 
 	@Test
@@ -260,8 +260,8 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
 				+ "</b:bean>"
 				+ "<b:bean id='target' class='org.springframework.security.access.annotation.ExpressionProtectedBusinessServiceImpl'/>"
 				+ AUTH_PROVIDER_XML);
-		SecurityContextHolder.getContext().setAuthentication(bob);
-		ExpressionProtectedBusinessServiceImpl target = (ExpressionProtectedBusinessServiceImpl) appContext
+		SecurityContextHolder.getContext().setAuthentication(this.bob);
+		ExpressionProtectedBusinessServiceImpl target = (ExpressionProtectedBusinessServiceImpl) this.appContext
 				.getBean("target");
 		target.methodWithBeanNamePropertyAccessExpression("x");
 	}
@@ -271,13 +271,13 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
 		setContext("<global-method-security pre-post-annotations='enabled'/>"
 				+ "<b:bean id='target' class='org.springframework.security.access.annotation.ExpressionProtectedBusinessServiceImpl'/>"
 				+ AUTH_PROVIDER_XML);
-		SecurityContextHolder.getContext().setAuthentication(bob);
-		target = (BusinessService) appContext.getBean("target");
+		SecurityContextHolder.getContext().setAuthentication(this.bob);
+		this.target = (BusinessService) this.appContext.getBean("target");
 		List<String> arg = new ArrayList<>();
 		arg.add("joe");
 		arg.add("bob");
 		arg.add("sam");
-		List<?> result = target.methodReturningAList(arg);
+		List<?> result = this.target.methodReturningAList(arg);
 		// Expression is (filterObject == name or filterObject == 'sam'), so "joe" should
 		// be gone after pre-filter
 		// PostFilter should remove sam from the return object
@@ -290,10 +290,10 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
 		setContext("<global-method-security pre-post-annotations='enabled'/>"
 				+ "<b:bean id='target' class='org.springframework.security.access.annotation.ExpressionProtectedBusinessServiceImpl'/>"
 				+ AUTH_PROVIDER_XML);
-		SecurityContextHolder.getContext().setAuthentication(bob);
-		target = (BusinessService) appContext.getBean("target");
+		SecurityContextHolder.getContext().setAuthentication(this.bob);
+		this.target = (BusinessService) this.appContext.getBean("target");
 		Object[] arg = new String[] { "joe", "bob", "sam" };
-		Object[] result = target.methodReturningAnArray(arg);
+		Object[] result = this.target.methodReturningAnArray(arg);
 		assertThat(result).hasSize(1);
 		assertThat(result[0]).isEqualTo("bob");
 	}
@@ -318,7 +318,7 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
 						+ "<global-method-security>"
 						+ "   <protect-pointcut expression='execution(* org..*Foo.foo(..))' access='ROLE_USER'/>"
 						+ "</global-method-security>" + AUTH_PROVIDER_XML);
-		Foo foo = (Foo) appContext.getBean("target");
+		Foo foo = (Foo) this.appContext.getBean("target");
 		foo.foo(new SecurityConfig("A"));
 	}
 
@@ -328,8 +328,8 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
 	public void genericsMethodArgumentNamesAreResolved() {
 		setContext("<b:bean id='target' class='" + ConcreteFoo.class.getName() + "'/>"
 				+ "<global-method-security pre-post-annotations='enabled'/>" + AUTH_PROVIDER_XML);
-		SecurityContextHolder.getContext().setAuthentication(bob);
-		Foo foo = (Foo) appContext.getBean("target");
+		SecurityContextHolder.getContext().setAuthentication(this.bob);
+		Foo foo = (Foo) this.appContext.getBean("target");
 		foo.foo(new SecurityConfig("A"));
 	}
 
@@ -342,8 +342,8 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
 		parent.refresh();
 
 		setContext("<global-method-security run-as-manager-ref='runAsMgr'/>" + AUTH_PROVIDER_XML, parent);
-		RunAsManagerImpl ram = (RunAsManagerImpl) appContext.getBean("runAsMgr");
-		MethodSecurityMetadataSourceAdvisor msi = (MethodSecurityMetadataSourceAdvisor) appContext
+		RunAsManagerImpl ram = (RunAsManagerImpl) this.appContext.getBean("runAsMgr");
+		MethodSecurityMetadataSourceAdvisor msi = (MethodSecurityMetadataSourceAdvisor) this.appContext
 				.getBeansOfType(MethodSecurityMetadataSourceAdvisor.class).values().toArray()[0];
 		assertThat(ram).isSameAs(FieldUtils.getFieldValue(msi.getAdvice(), "runAsManager"));
 	}
@@ -357,8 +357,8 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
 				+ "<global-method-security pre-post-annotations='enabled' metadata-source-ref='mds'/>"
 				+ AUTH_PROVIDER_XML);
 		// External MDS should take precedence over PreAuthorize
-		SecurityContextHolder.getContext().setAuthentication(bob);
-		Foo foo = (Foo) appContext.getBean("target");
+		SecurityContextHolder.getContext().setAuthentication(this.bob);
+		Foo foo = (Foo) this.appContext.getBean("target");
 		try {
 			foo.foo(new SecurityConfig("A"));
 			fail("Bob can't invoke admin methods");
@@ -378,8 +378,8 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
 				+ "<global-method-security pre-post-annotations='enabled' metadata-source-ref='mds' authentication-manager-ref='customAuthMgr'/>"
 				+ "<b:bean id='customAuthMgr' class='org.springframework.security.config.method.GlobalMethodSecurityBeanDefinitionParserTests$CustomAuthManager'>"
 				+ "      <b:constructor-arg value='authManager'/>" + "</b:bean>" + AUTH_PROVIDER_XML);
-		SecurityContextHolder.getContext().setAuthentication(bob);
-		Foo foo = (Foo) appContext.getBean("target");
+		SecurityContextHolder.getContext().setAuthentication(this.bob);
+		Foo foo = (Foo) this.appContext.getBean("target");
 		try {
 			foo.foo(new SecurityConfig("A"));
 			fail("Bob can't invoke admin methods");
@@ -402,7 +402,7 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
 		}
 
 		public Authentication authenticate(Authentication authentication) throws AuthenticationException {
-			return authenticationManager.authenticate(authentication);
+			return this.authenticationManager.authenticate(authentication);
 		}
 
 		/*
@@ -413,17 +413,17 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
 		 * .springframework.context.ApplicationContext)
 		 */
 		public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
-			this.authenticationManager = applicationContext.getBean(beanName, AuthenticationManager.class);
+			this.authenticationManager = applicationContext.getBean(this.beanName, AuthenticationManager.class);
 		}
 
 	}
 
 	private void setContext(String context) {
-		appContext = new InMemoryXmlApplicationContext(context);
+		this.appContext = new InMemoryXmlApplicationContext(context);
 	}
 
 	private void setContext(String context, ApplicationContext parent) {
-		appContext = new InMemoryXmlApplicationContext(context, parent);
+		this.appContext = new InMemoryXmlApplicationContext(context, parent);
 	}
 
 	interface Foo<T extends ConfigAttribute> {
diff --git a/config/src/test/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecoratorTests.java b/config/src/test/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecoratorTests.java
index c49964bfc5..62eca788ef 100644
--- a/config/src/test/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecoratorTests.java
+++ b/config/src/test/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecoratorTests.java
@@ -70,21 +70,21 @@ public class InterceptMethodsBeanDefinitionDecoratorTests implements Application
 
 	@Test
 	public void targetDoesntLoseApplicationListenerInterface() {
-		assertThat(appContext.getBeansOfType(ApplicationListener.class)).hasSize(1);
-		assertThat(appContext.getBeanNamesForType(ApplicationListener.class)).hasSize(1);
-		appContext.publishEvent(new AuthenticationSuccessEvent(new TestingAuthenticationToken("user", "")));
+		assertThat(this.appContext.getBeansOfType(ApplicationListener.class)).hasSize(1);
+		assertThat(this.appContext.getBeanNamesForType(ApplicationListener.class)).hasSize(1);
+		this.appContext.publishEvent(new AuthenticationSuccessEvent(new TestingAuthenticationToken("user", "")));
 
-		assertThat(target).isInstanceOf(ApplicationListener.class);
+		assertThat(this.target).isInstanceOf(ApplicationListener.class);
 	}
 
 	@Test
 	public void targetShouldAllowUnprotectedMethodInvocationWithNoContext() {
-		target.unprotected();
+		this.target.unprotected();
 	}
 
 	@Test(expected = AuthenticationCredentialsNotFoundException.class)
 	public void targetShouldPreventProtectedMethodInvocationWithNoContext() {
-		target.doSomething();
+		this.target.doSomething();
 	}
 
 	@Test
@@ -93,7 +93,7 @@ public class InterceptMethodsBeanDefinitionDecoratorTests implements Application
 				AuthorityUtils.createAuthorityList("ROLE_USER"));
 		SecurityContextHolder.getContext().setAuthentication(token);
 
-		target.doSomething();
+		this.target.doSomething();
 	}
 
 	@Test(expected = AccessDeniedException.class)
@@ -102,12 +102,12 @@ public class InterceptMethodsBeanDefinitionDecoratorTests implements Application
 				AuthorityUtils.createAuthorityList("ROLE_SOMEOTHERROLE"));
 		SecurityContextHolder.getContext().setAuthentication(token);
 
-		target.doSomething();
+		this.target.doSomething();
 	}
 
 	@Test(expected = AuthenticationException.class)
 	public void transactionalMethodsShouldBeSecured() {
-		transactionalTarget.doSomething();
+		this.transactionalTarget.doSomething();
 	}
 
 	public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
diff --git a/config/src/test/java/org/springframework/security/config/method/Jsr250AnnotationDrivenBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/method/Jsr250AnnotationDrivenBeanDefinitionParserTests.java
index 194ac1fe62..e1e48925a7 100644
--- a/config/src/test/java/org/springframework/security/config/method/Jsr250AnnotationDrivenBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/method/Jsr250AnnotationDrivenBeanDefinitionParserTests.java
@@ -39,23 +39,23 @@ public class Jsr250AnnotationDrivenBeanDefinitionParserTests {
 
 	@Before
 	public void loadContext() {
-		appContext = new InMemoryXmlApplicationContext(
+		this.appContext = new InMemoryXmlApplicationContext(
 				"<b:bean id='target' class='org.springframework.security.access.annotation.Jsr250BusinessServiceImpl'/>"
 						+ "<global-method-security jsr250-annotations='enabled'/>" + ConfigTestUtils.AUTH_PROVIDER_XML);
-		target = (BusinessService) appContext.getBean("target");
+		this.target = (BusinessService) this.appContext.getBean("target");
 	}
 
 	@After
 	public void closeAppContext() {
-		if (appContext != null) {
-			appContext.close();
+		if (this.appContext != null) {
+			this.appContext.close();
 		}
 		SecurityContextHolder.clearContext();
 	}
 
 	@Test(expected = AuthenticationCredentialsNotFoundException.class)
 	public void targetShouldPreventProtectedMethodInvocationWithNoContext() {
-		target.someUserMethod1();
+		this.target.someUserMethod1();
 	}
 
 	@Test
@@ -64,7 +64,7 @@ public class Jsr250AnnotationDrivenBeanDefinitionParserTests {
 				AuthorityUtils.createAuthorityList("ROLE_USER"));
 		SecurityContextHolder.getContext().setAuthentication(token);
 
-		target.someOther(0);
+		this.target.someOther(0);
 	}
 
 	@Test
@@ -73,7 +73,7 @@ public class Jsr250AnnotationDrivenBeanDefinitionParserTests {
 				AuthorityUtils.createAuthorityList("ROLE_USER"));
 		SecurityContextHolder.getContext().setAuthentication(token);
 
-		target.someUserMethod1();
+		this.target.someUserMethod1();
 	}
 
 	@Test(expected = AccessDeniedException.class)
@@ -82,7 +82,7 @@ public class Jsr250AnnotationDrivenBeanDefinitionParserTests {
 				AuthorityUtils.createAuthorityList("ROLE_SOMEOTHERROLE"));
 		SecurityContextHolder.getContext().setAuthentication(token);
 
-		target.someAdminMethod();
+		this.target.someAdminMethod();
 	}
 
 	@Test
@@ -91,7 +91,7 @@ public class Jsr250AnnotationDrivenBeanDefinitionParserTests {
 				AuthorityUtils.createAuthorityList("ROLE_USER"));
 		SecurityContextHolder.getContext().setAuthentication(token);
 
-		target.rolesAllowedUser();
+		this.target.rolesAllowedUser();
 	}
 
 }
diff --git a/config/src/test/java/org/springframework/security/config/method/PreAuthorizeTests.java b/config/src/test/java/org/springframework/security/config/method/PreAuthorizeTests.java
index db9fddee30..459c2a89ec 100644
--- a/config/src/test/java/org/springframework/security/config/method/PreAuthorizeTests.java
+++ b/config/src/test/java/org/springframework/security/config/method/PreAuthorizeTests.java
@@ -46,28 +46,28 @@ public class PreAuthorizeTests {
 	public void preAuthorizeAdminRoleDenied() {
 		SecurityContextHolder.getContext()
 				.setAuthentication(new TestingAuthenticationToken("user", "pass", "ROLE_USER"));
-		service.preAuthorizeAdminRole();
+		this.service.preAuthorizeAdminRole();
 	}
 
 	@Test
 	public void preAuthorizeAdminRoleGranted() {
 		SecurityContextHolder.getContext()
 				.setAuthentication(new TestingAuthenticationToken("user", "pass", "ROLE_ADMIN"));
-		service.preAuthorizeAdminRole();
+		this.service.preAuthorizeAdminRole();
 	}
 
 	@Test
 	public void preAuthorizeContactPermissionGranted() {
 		SecurityContextHolder.getContext()
 				.setAuthentication(new TestingAuthenticationToken("user", "pass", "ROLE_ADMIN"));
-		service.contactPermission(new Contact("user"));
+		this.service.contactPermission(new Contact("user"));
 	}
 
 	@Test(expected = AccessDeniedException.class)
 	public void preAuthorizeContactPermissionDenied() {
 		SecurityContextHolder.getContext()
 				.setAuthentication(new TestingAuthenticationToken("user", "pass", "ROLE_ADMIN"));
-		service.contactPermission(new Contact("admin"));
+		this.service.contactPermission(new Contact("admin"));
 	}
 
 }
\ No newline at end of file
diff --git a/config/src/test/java/org/springframework/security/config/method/Sec2196Tests.java b/config/src/test/java/org/springframework/security/config/method/Sec2196Tests.java
index e521cd18ed..1b255256ee 100644
--- a/config/src/test/java/org/springframework/security/config/method/Sec2196Tests.java
+++ b/config/src/test/java/org/springframework/security/config/method/Sec2196Tests.java
@@ -40,7 +40,7 @@ public class Sec2196Tests {
 
 		SecurityContextHolder.getContext()
 				.setAuthentication(new TestingAuthenticationToken("test", "pass", "ROLE_USER"));
-		Service service = context.getBean(Service.class);
+		Service service = this.context.getBean(Service.class);
 		service.save(new User());
 	}
 
@@ -51,7 +51,7 @@ public class Sec2196Tests {
 
 		SecurityContextHolder.getContext()
 				.setAuthentication(new TestingAuthenticationToken("test", "pass", "saveUsers"));
-		Service service = context.getBean(Service.class);
+		Service service = this.context.getBean(Service.class);
 		service.save(new User());
 	}
 
@@ -61,9 +61,9 @@ public class Sec2196Tests {
 
 	@After
 	public void closeAppContext() {
-		if (context != null) {
-			context.close();
-			context = null;
+		if (this.context != null) {
+			this.context.close();
+			this.context = null;
 		}
 		SecurityContextHolder.clearContext();
 	}
diff --git a/config/src/test/java/org/springframework/security/config/method/SecuredAnnotationDrivenBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/method/SecuredAnnotationDrivenBeanDefinitionParserTests.java
index 10b57e0ec1..7c69b15459 100644
--- a/config/src/test/java/org/springframework/security/config/method/SecuredAnnotationDrivenBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/method/SecuredAnnotationDrivenBeanDefinitionParserTests.java
@@ -47,24 +47,24 @@ public class SecuredAnnotationDrivenBeanDefinitionParserTests {
 	@Before
 	public void loadContext() {
 		SecurityContextHolder.clearContext();
-		appContext = new InMemoryXmlApplicationContext(
+		this.appContext = new InMemoryXmlApplicationContext(
 				"<b:bean id='target' class='org.springframework.security.access.annotation.BusinessServiceImpl'/>"
 						+ "<global-method-security secured-annotations='enabled'/>"
 						+ ConfigTestUtils.AUTH_PROVIDER_XML);
-		target = (BusinessService) appContext.getBean("target");
+		this.target = (BusinessService) this.appContext.getBean("target");
 	}
 
 	@After
 	public void closeAppContext() {
-		if (appContext != null) {
-			appContext.close();
+		if (this.appContext != null) {
+			this.appContext.close();
 		}
 		SecurityContextHolder.clearContext();
 	}
 
 	@Test(expected = AuthenticationCredentialsNotFoundException.class)
 	public void targetShouldPreventProtectedMethodInvocationWithNoContext() {
-		target.someUserMethod1();
+		this.target.someUserMethod1();
 	}
 
 	@Test
@@ -73,7 +73,7 @@ public class SecuredAnnotationDrivenBeanDefinitionParserTests {
 				AuthorityUtils.createAuthorityList("ROLE_USER"));
 		SecurityContextHolder.getContext().setAuthentication(token);
 
-		target.someUserMethod1();
+		this.target.someUserMethod1();
 	}
 
 	@Test(expected = AccessDeniedException.class)
@@ -82,26 +82,26 @@ public class SecuredAnnotationDrivenBeanDefinitionParserTests {
 				AuthorityUtils.createAuthorityList("ROLE_SOMEOTHER"));
 		SecurityContextHolder.getContext().setAuthentication(token);
 
-		target.someAdminMethod();
+		this.target.someAdminMethod();
 	}
 
 	// SEC-1387
 	@Test(expected = AuthenticationCredentialsNotFoundException.class)
 	public void targetIsSerializableBeforeUse() throws Exception {
-		BusinessService chompedTarget = (BusinessService) serializeAndDeserialize(target);
+		BusinessService chompedTarget = (BusinessService) serializeAndDeserialize(this.target);
 		chompedTarget.someAdminMethod();
 	}
 
 	@Test(expected = AccessDeniedException.class)
 	public void targetIsSerializableAfterUse() throws Exception {
 		try {
-			target.someAdminMethod();
+			this.target.someAdminMethod();
 		}
 		catch (AuthenticationCredentialsNotFoundException expected) {
 		}
 		SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken("u", "p", "ROLE_A"));
 
-		BusinessService chompedTarget = (BusinessService) serializeAndDeserialize(target);
+		BusinessService chompedTarget = (BusinessService) serializeAndDeserialize(this.target);
 		chompedTarget.someAdminMethod();
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/method/SecuredTests.java b/config/src/test/java/org/springframework/security/config/method/SecuredTests.java
index 488104d024..9c3690a2b4 100644
--- a/config/src/test/java/org/springframework/security/config/method/SecuredTests.java
+++ b/config/src/test/java/org/springframework/security/config/method/SecuredTests.java
@@ -46,14 +46,14 @@ public class SecuredTests {
 	public void securedAdminRoleDenied() {
 		SecurityContextHolder.getContext()
 				.setAuthentication(new TestingAuthenticationToken("user", "pass", "ROLE_USER"));
-		service.securedAdminRole();
+		this.service.securedAdminRole();
 	}
 
 	@Test
 	public void securedAdminRoleGranted() {
 		SecurityContextHolder.getContext()
 				.setAuthentication(new TestingAuthenticationToken("user", "pass", "ROLE_ADMIN"));
-		service.securedAdminRole();
+		this.service.securedAdminRole();
 	}
 
 }
\ No newline at end of file
diff --git a/config/src/test/java/org/springframework/security/config/method/sec2499/Sec2499Tests.java b/config/src/test/java/org/springframework/security/config/method/sec2499/Sec2499Tests.java
index 8c4e755cca..20a13f9ec0 100644
--- a/config/src/test/java/org/springframework/security/config/method/sec2499/Sec2499Tests.java
+++ b/config/src/test/java/org/springframework/security/config/method/sec2499/Sec2499Tests.java
@@ -32,21 +32,21 @@ public class Sec2499Tests {
 
 	@After
 	public void cleanup() {
-		if (parent != null) {
-			parent.close();
+		if (this.parent != null) {
+			this.parent.close();
 		}
-		if (child != null) {
-			child.close();
+		if (this.child != null) {
+			this.child.close();
 		}
 	}
 
 	@Test
 	public void methodExpressionHandlerInParentContextLoads() {
-		parent = new GenericXmlApplicationContext("org/springframework/security/config/method/sec2499/parent.xml");
-		child = new GenericXmlApplicationContext();
-		child.load("org/springframework/security/config/method/sec2499/child.xml");
-		child.setParent(parent);
-		child.refresh();
+		this.parent = new GenericXmlApplicationContext("org/springframework/security/config/method/sec2499/parent.xml");
+		this.child = new GenericXmlApplicationContext();
+		this.child.load("org/springframework/security/config/method/sec2499/child.xml");
+		this.child.setParent(this.parent);
+		this.child.refresh();
 	}
 
 }
\ No newline at end of file
diff --git a/config/src/test/java/org/springframework/security/config/oauth2/client/ClientRegistrationsBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/oauth2/client/ClientRegistrationsBeanDefinitionParserTests.java
index cbabcc193d..193d8c4a4e 100644
--- a/config/src/test/java/org/springframework/security/config/oauth2/client/ClientRegistrationsBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/oauth2/client/ClientRegistrationsBeanDefinitionParserTests.java
@@ -106,9 +106,9 @@ public class ClientRegistrationsBeanDefinitionParserTests {
 		String contextConfig = ISSUER_URI_XML_CONFIG.replace("${issuer-uri}", serverUrl);
 		this.spring.context(contextConfig).autowire();
 
-		assertThat(clientRegistrationRepository).isInstanceOf(InMemoryClientRegistrationRepository.class);
+		assertThat(this.clientRegistrationRepository).isInstanceOf(InMemoryClientRegistrationRepository.class);
 
-		ClientRegistration googleRegistration = clientRegistrationRepository.findByRegistrationId("google-login");
+		ClientRegistration googleRegistration = this.clientRegistrationRepository.findByRegistrationId("google-login");
 		assertThat(googleRegistration).isNotNull();
 		assertThat(googleRegistration.getRegistrationId()).isEqualTo("google-login");
 		assertThat(googleRegistration.getClientId()).isEqualTo("google-client-id");
@@ -137,9 +137,9 @@ public class ClientRegistrationsBeanDefinitionParserTests {
 	public void parseWhenMultipleClientsConfiguredThenAvailableInRepository() {
 		this.spring.configLocations(this.xml("MultiClientRegistration")).autowire();
 
-		assertThat(clientRegistrationRepository).isInstanceOf(InMemoryClientRegistrationRepository.class);
+		assertThat(this.clientRegistrationRepository).isInstanceOf(InMemoryClientRegistrationRepository.class);
 
-		ClientRegistration googleRegistration = clientRegistrationRepository.findByRegistrationId("google-login");
+		ClientRegistration googleRegistration = this.clientRegistrationRepository.findByRegistrationId("google-login");
 		assertThat(googleRegistration).isNotNull();
 		assertThat(googleRegistration.getRegistrationId()).isEqualTo("google-login");
 		assertThat(googleRegistration.getClientId()).isEqualTo("google-client-id");
@@ -164,7 +164,7 @@ public class ClientRegistrationsBeanDefinitionParserTests {
 		assertThat(googleProviderDetails.getJwkSetUri()).isEqualTo("https://www.googleapis.com/oauth2/v3/certs");
 		assertThat(googleProviderDetails.getIssuerUri()).isEqualTo("https://accounts.google.com");
 
-		ClientRegistration githubRegistration = clientRegistrationRepository.findByRegistrationId("github-login");
+		ClientRegistration githubRegistration = this.clientRegistrationRepository.findByRegistrationId("github-login");
 		assertThat(githubRegistration).isNotNull();
 		assertThat(githubRegistration.getRegistrationId()).isEqualTo("github-login");
 		assertThat(githubRegistration.getClientId()).isEqualTo("github-client-id");
diff --git a/config/src/test/java/org/springframework/security/config/provisioning/UserDetailsManagerResourceFactoryBeanPropertiesResourceITests.java b/config/src/test/java/org/springframework/security/config/provisioning/UserDetailsManagerResourceFactoryBeanPropertiesResourceITests.java
index 191ffa1132..b873becd89 100644
--- a/config/src/test/java/org/springframework/security/config/provisioning/UserDetailsManagerResourceFactoryBeanPropertiesResourceITests.java
+++ b/config/src/test/java/org/springframework/security/config/provisioning/UserDetailsManagerResourceFactoryBeanPropertiesResourceITests.java
@@ -40,7 +40,7 @@ public class UserDetailsManagerResourceFactoryBeanPropertiesResourceITests {
 
 	@Test
 	public void loadUserByUsernameWhenUserFoundThenNotNull() {
-		assertThat(users.loadUserByUsername("user")).isNotNull();
+		assertThat(this.users.loadUserByUsername("user")).isNotNull();
 	}
 
 	@Configuration
diff --git a/config/src/test/java/org/springframework/security/config/provisioning/UserDetailsManagerResourceFactoryBeanPropertiesResourceLocationITests.java b/config/src/test/java/org/springframework/security/config/provisioning/UserDetailsManagerResourceFactoryBeanPropertiesResourceLocationITests.java
index 180ea0b40a..086a067fdf 100644
--- a/config/src/test/java/org/springframework/security/config/provisioning/UserDetailsManagerResourceFactoryBeanPropertiesResourceLocationITests.java
+++ b/config/src/test/java/org/springframework/security/config/provisioning/UserDetailsManagerResourceFactoryBeanPropertiesResourceLocationITests.java
@@ -39,7 +39,7 @@ public class UserDetailsManagerResourceFactoryBeanPropertiesResourceLocationITes
 
 	@Test
 	public void loadUserByUsernameWhenUserFoundThenNotNull() {
-		assertThat(users.loadUserByUsername("user")).isNotNull();
+		assertThat(this.users.loadUserByUsername("user")).isNotNull();
 	}
 
 	@Configuration
diff --git a/config/src/test/java/org/springframework/security/config/util/InMemoryXmlApplicationContext.java b/config/src/test/java/org/springframework/security/config/util/InMemoryXmlApplicationContext.java
index bb324e3491..dafad7a02f 100644
--- a/config/src/test/java/org/springframework/security/config/util/InMemoryXmlApplicationContext.java
+++ b/config/src/test/java/org/springframework/security/config/util/InMemoryXmlApplicationContext.java
@@ -56,7 +56,7 @@ public class InMemoryXmlApplicationContext extends AbstractXmlApplicationContext
 
 	public InMemoryXmlApplicationContext(String xml, String secVersion, ApplicationContext parent) {
 		String fullXml = BEANS_OPENING + secVersion + ".xsd'>\n" + xml + BEANS_CLOSE;
-		inMemoryXml = new InMemoryResource(fullXml);
+		this.inMemoryXml = new InMemoryResource(fullXml);
 		setAllowBeanDefinitionOverriding(true);
 		setParent(parent);
 		refresh();
@@ -73,7 +73,7 @@ public class InMemoryXmlApplicationContext extends AbstractXmlApplicationContext
 	}
 
 	protected Resource[] getConfigResources() {
-		return new Resource[] { inMemoryXml };
+		return new Resource[] { this.inMemoryXml };
 	}
 
 }
diff --git a/config/src/test/java/org/springframework/security/config/util/InMemoryXmlWebApplicationContext.java b/config/src/test/java/org/springframework/security/config/util/InMemoryXmlWebApplicationContext.java
index affe2e9d50..5ffae5ac04 100644
--- a/config/src/test/java/org/springframework/security/config/util/InMemoryXmlWebApplicationContext.java
+++ b/config/src/test/java/org/springframework/security/config/util/InMemoryXmlWebApplicationContext.java
@@ -44,7 +44,7 @@ public class InMemoryXmlWebApplicationContext extends AbstractRefreshableWebAppl
 
 	public InMemoryXmlWebApplicationContext(String xml, String secVersion, ApplicationContext parent) {
 		String fullXml = BEANS_OPENING + secVersion + ".xsd'>\n" + xml + BEANS_CLOSE;
-		inMemoryXml = new InMemoryResource(fullXml);
+		this.inMemoryXml = new InMemoryResource(fullXml);
 		setAllowBeanDefinitionOverriding(true);
 		setParent(parent);
 	}
@@ -52,7 +52,7 @@ public class InMemoryXmlWebApplicationContext extends AbstractRefreshableWebAppl
 	@Override
 	protected void loadBeanDefinitions(DefaultListableBeanFactory beanFactory) throws BeansException {
 		XmlBeanDefinitionReader reader = new XmlBeanDefinitionReader(beanFactory);
-		reader.loadBeanDefinitions(new Resource[] { inMemoryXml });
+		reader.loadBeanDefinitions(new Resource[] { this.inMemoryXml });
 	}
 
 }
diff --git a/config/src/test/java/org/springframework/security/config/web/server/OAuth2LoginTests.java b/config/src/test/java/org/springframework/security/config/web/server/OAuth2LoginTests.java
index d4a34905af..c6bd79537a 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/OAuth2LoginTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/OAuth2LoginTests.java
@@ -382,12 +382,12 @@ public class OAuth2LoginTests {
 					.anyExchange().authenticated()
 					.and()
 				.oauth2Login()
-					.authenticationConverter(authenticationConverter)
-					.authenticationManager(manager)
-					.authenticationMatcher(matcher)
-					.authorizationRequestResolver(resolver)
-					.authenticationSuccessHandler(successHandler)
-					.authenticationFailureHandler(failureHandler);
+					.authenticationConverter(this.authenticationConverter)
+					.authenticationManager(this.manager)
+					.authenticationMatcher(this.matcher)
+					.authorizationRequestResolver(this.resolver)
+					.authenticationSuccessHandler(this.successHandler)
+					.authenticationFailureHandler(this.failureHandler);
 			// @formatter:on
 			return http.build();
 		}
@@ -463,11 +463,11 @@ public class OAuth2LoginTests {
 				)
 				.oauth2Login(oauth2Login ->
 					oauth2Login
-						.authenticationConverter(authenticationConverter)
-						.authenticationManager(manager)
-						.authenticationMatcher(matcher)
-						.authorizationRequestResolver(resolver)
-						.authenticationSuccessHandler(successHandler)
+						.authenticationConverter(this.authenticationConverter)
+						.authenticationManager(this.manager)
+						.authenticationMatcher(this.matcher)
+						.authorizationRequestResolver(this.resolver)
+						.authenticationSuccessHandler(this.successHandler)
 				);
 			// @formatter:on
 			return http.build();
@@ -607,28 +607,28 @@ public class OAuth2LoginTests {
 					.anyExchange().authenticated()
 					.and()
 				.oauth2Login()
-					.authenticationConverter(authenticationConverter)
+					.authenticationConverter(this.authenticationConverter)
 					.authenticationManager(authenticationManager())
-					.securityContextRepository(securityContextRepository);
+					.securityContextRepository(this.securityContextRepository);
 			return http.build();
 			// @formatter:on
 		}
 
 		private ReactiveAuthenticationManager authenticationManager() {
 			OidcAuthorizationCodeReactiveAuthenticationManager oidc = new OidcAuthorizationCodeReactiveAuthenticationManager(
-					tokenResponseClient, userService);
+					this.tokenResponseClient, this.userService);
 			oidc.setJwtDecoderFactory(jwtDecoderFactory());
 			return oidc;
 		}
 
 		@Bean
 		public ReactiveJwtDecoderFactory<ClientRegistration> jwtDecoderFactory() {
-			return jwtDecoderFactory;
+			return this.jwtDecoderFactory;
 		}
 
 		@Bean
 		public ReactiveOAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient() {
-			return tokenResponseClient;
+			return this.tokenResponseClient;
 		}
 
 		private static class JwtDecoderFactory implements ReactiveJwtDecoderFactory<ClientRegistration> {
diff --git a/config/src/test/java/org/springframework/security/config/web/server/OAuth2ResourceServerSpecTests.java b/config/src/test/java/org/springframework/security/config/web/server/OAuth2ResourceServerSpecTests.java
index 55330713e1..8026f28f4d 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/OAuth2ResourceServerSpecTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/OAuth2ResourceServerSpecTests.java
@@ -390,7 +390,7 @@ public class OAuth2ResourceServerSpecTests {
 	public void introspectWhenValidThenReturnsOk() {
 		this.spring.register(IntrospectionConfig.class, RootController.class).autowire();
 		this.spring.getContext().getBean(MockWebServer.class)
-				.setDispatcher(requiresAuth(clientId, clientSecret, active));
+				.setDispatcher(requiresAuth(this.clientId, this.clientSecret, this.active));
 
 		this.client.get().headers(headers -> headers.setBearerAuth(this.messageReadToken)).exchange().expectStatus()
 				.isOk();
@@ -400,7 +400,7 @@ public class OAuth2ResourceServerSpecTests {
 	public void introspectWhenValidAndIntrospectionInLambdaThenReturnsOk() {
 		this.spring.register(IntrospectionInLambdaConfig.class, RootController.class).autowire();
 		this.spring.getContext().getBean(MockWebServer.class)
-				.setDispatcher(requiresAuth(clientId, clientSecret, active));
+				.setDispatcher(requiresAuth(this.clientId, this.clientSecret, this.active));
 
 		this.client.get().headers(headers -> headers.setBearerAuth(this.messageReadToken)).exchange().expectStatus()
 				.isOk();
diff --git a/config/src/test/java/org/springframework/security/config/websocket/MessageSecurityPostProcessorTests.java b/config/src/test/java/org/springframework/security/config/websocket/MessageSecurityPostProcessorTests.java
index ca6b1dc65a..7b3a9660a0 100644
--- a/config/src/test/java/org/springframework/security/config/websocket/MessageSecurityPostProcessorTests.java
+++ b/config/src/test/java/org/springframework/security/config/websocket/MessageSecurityPostProcessorTests.java
@@ -30,7 +30,7 @@ public class MessageSecurityPostProcessorTests {
 	public void handlesBeansWithoutClass() {
 		BeanDefinitionRegistry registry = new SimpleBeanDefinitionRegistry();
 		registry.registerBeanDefinition("beanWithoutClass", new GenericBeanDefinition());
-		postProcessor.postProcessBeanDefinitionRegistry(registry);
+		this.postProcessor.postProcessBeanDefinitionRegistry(registry);
 	}
 
 }
diff --git a/config/src/test/java/org/springframework/security/intercept/method/aopalliance/MethodSecurityInterceptorWithAopConfigTests.java b/config/src/test/java/org/springframework/security/intercept/method/aopalliance/MethodSecurityInterceptorWithAopConfigTests.java
index 1469d5c06a..d8fd4bf34b 100644
--- a/config/src/test/java/org/springframework/security/intercept/method/aopalliance/MethodSecurityInterceptorWithAopConfigTests.java
+++ b/config/src/test/java/org/springframework/security/intercept/method/aopalliance/MethodSecurityInterceptorWithAopConfigTests.java
@@ -64,9 +64,9 @@ public class MethodSecurityInterceptorWithAopConfigTests {
 	@After
 	public void closeAppContext() {
 		SecurityContextHolder.clearContext();
-		if (appContext != null) {
-			appContext.close();
-			appContext = null;
+		if (this.appContext != null) {
+			this.appContext.close();
+			this.appContext = null;
 		}
 	}
 
@@ -77,7 +77,7 @@ public class MethodSecurityInterceptorWithAopConfigTests {
 				+ "     <aop:advisor advice-ref='securityInterceptor' pointcut-ref='targetMethods' />" + "</aop:config>"
 				+ TARGET_BEAN_AND_INTERCEPTOR + AUTH_PROVIDER_XML + ACCESS_MANAGER_XML);
 
-		ITargetObject target = (ITargetObject) appContext.getBean("target");
+		ITargetObject target = (ITargetObject) this.appContext.getBean("target");
 
 		// Check both against interface and class
 		try {
@@ -101,7 +101,7 @@ public class MethodSecurityInterceptorWithAopConfigTests {
 						+ "   <b:property name='proxyTargetClass' value='false'/>" + "</b:bean>"
 						+ TARGET_BEAN_AND_INTERCEPTOR + AUTH_PROVIDER_XML + ACCESS_MANAGER_XML);
 
-		ITargetObject target = (ITargetObject) appContext.getBean("target");
+		ITargetObject target = (ITargetObject) this.appContext.getBean("target");
 
 		try {
 			target.makeLowerCase("TEST");
@@ -115,7 +115,7 @@ public class MethodSecurityInterceptorWithAopConfigTests {
 	}
 
 	private void setContext(String context) {
-		appContext = new InMemoryXmlApplicationContext(context);
+		this.appContext = new InMemoryXmlApplicationContext(context);
 	}
 
 }
diff --git a/core/src/main/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSource.java b/core/src/main/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSource.java
index 71dc67b443..4ccef31e78 100644
--- a/core/src/main/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSource.java
+++ b/core/src/main/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSource.java
@@ -100,13 +100,13 @@ public class Jsr250MethodSecurityMetadataSource extends AbstractFallbackMethodSe
 		if (role == null) {
 			return role;
 		}
-		if (defaultRolePrefix == null || defaultRolePrefix.length() == 0) {
+		if (this.defaultRolePrefix == null || this.defaultRolePrefix.length() == 0) {
 			return role;
 		}
-		if (role.startsWith(defaultRolePrefix)) {
+		if (role.startsWith(this.defaultRolePrefix)) {
 			return role;
 		}
-		return defaultRolePrefix + role;
+		return this.defaultRolePrefix + role;
 	}
 
 }
diff --git a/core/src/main/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSource.java b/core/src/main/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSource.java
index 3de23b2117..64a51bb038 100644
--- a/core/src/main/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSource.java
+++ b/core/src/main/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSource.java
@@ -52,19 +52,19 @@ public class SecuredAnnotationSecurityMetadataSource extends AbstractFallbackMet
 
 	public SecuredAnnotationSecurityMetadataSource(AnnotationMetadataExtractor annotationMetadataExtractor) {
 		Assert.notNull(annotationMetadataExtractor, "annotationMetadataExtractor cannot be null");
-		annotationExtractor = annotationMetadataExtractor;
-		annotationType = (Class<? extends Annotation>) GenericTypeResolver
-				.resolveTypeArgument(annotationExtractor.getClass(), AnnotationMetadataExtractor.class);
-		Assert.notNull(annotationType, () -> annotationExtractor.getClass().getName()
+		this.annotationExtractor = annotationMetadataExtractor;
+		this.annotationType = (Class<? extends Annotation>) GenericTypeResolver
+				.resolveTypeArgument(this.annotationExtractor.getClass(), AnnotationMetadataExtractor.class);
+		Assert.notNull(this.annotationType, () -> this.annotationExtractor.getClass().getName()
 				+ " must supply a generic parameter for AnnotationMetadataExtractor");
 	}
 
 	protected Collection<ConfigAttribute> findAttributes(Class<?> clazz) {
-		return processAnnotation(AnnotationUtils.findAnnotation(clazz, annotationType));
+		return processAnnotation(AnnotationUtils.findAnnotation(clazz, this.annotationType));
 	}
 
 	protected Collection<ConfigAttribute> findAttributes(Method method, Class<?> targetClass) {
-		return processAnnotation(AnnotationUtils.findAnnotation(method, annotationType));
+		return processAnnotation(AnnotationUtils.findAnnotation(method, this.annotationType));
 	}
 
 	public Collection<ConfigAttribute> getAllConfigAttributes() {
@@ -76,7 +76,7 @@ public class SecuredAnnotationSecurityMetadataSource extends AbstractFallbackMet
 			return null;
 		}
 
-		return annotationExtractor.extractAttributes(a);
+		return this.annotationExtractor.extractAttributes(a);
 	}
 
 }
diff --git a/core/src/main/java/org/springframework/security/access/event/AuthenticationCredentialsNotFoundEvent.java b/core/src/main/java/org/springframework/security/access/event/AuthenticationCredentialsNotFoundEvent.java
index fedad57952..2a380cdb73 100644
--- a/core/src/main/java/org/springframework/security/access/event/AuthenticationCredentialsNotFoundEvent.java
+++ b/core/src/main/java/org/springframework/security/access/event/AuthenticationCredentialsNotFoundEvent.java
@@ -54,11 +54,11 @@ public class AuthenticationCredentialsNotFoundEvent extends AbstractAuthorizatio
 	}
 
 	public Collection<ConfigAttribute> getConfigAttributes() {
-		return configAttribs;
+		return this.configAttribs;
 	}
 
 	public AuthenticationCredentialsNotFoundException getCredentialsNotFoundException() {
-		return credentialsNotFoundException;
+		return this.credentialsNotFoundException;
 	}
 
 }
diff --git a/core/src/main/java/org/springframework/security/access/event/AuthorizationFailureEvent.java b/core/src/main/java/org/springframework/security/access/event/AuthorizationFailureEvent.java
index f9672400c5..a3a39198e3 100644
--- a/core/src/main/java/org/springframework/security/access/event/AuthorizationFailureEvent.java
+++ b/core/src/main/java/org/springframework/security/access/event/AuthorizationFailureEvent.java
@@ -65,15 +65,15 @@ public class AuthorizationFailureEvent extends AbstractAuthorizationEvent {
 	}
 
 	public AccessDeniedException getAccessDeniedException() {
-		return accessDeniedException;
+		return this.accessDeniedException;
 	}
 
 	public Authentication getAuthentication() {
-		return authentication;
+		return this.authentication;
 	}
 
 	public Collection<ConfigAttribute> getConfigAttributes() {
-		return configAttributes;
+		return this.configAttributes;
 	}
 
 }
diff --git a/core/src/main/java/org/springframework/security/access/event/AuthorizedEvent.java b/core/src/main/java/org/springframework/security/access/event/AuthorizedEvent.java
index ea5873bd86..dbe2e8d434 100644
--- a/core/src/main/java/org/springframework/security/access/event/AuthorizedEvent.java
+++ b/core/src/main/java/org/springframework/security/access/event/AuthorizedEvent.java
@@ -54,11 +54,11 @@ public class AuthorizedEvent extends AbstractAuthorizationEvent {
 	}
 
 	public Authentication getAuthentication() {
-		return authentication;
+		return this.authentication;
 	}
 
 	public Collection<ConfigAttribute> getConfigAttributes() {
-		return configAttributes;
+		return this.configAttributes;
 	}
 
 }
diff --git a/core/src/main/java/org/springframework/security/access/expression/AbstractSecurityExpressionHandler.java b/core/src/main/java/org/springframework/security/access/expression/AbstractSecurityExpressionHandler.java
index 046749155f..aa519605aa 100644
--- a/core/src/main/java/org/springframework/security/access/expression/AbstractSecurityExpressionHandler.java
+++ b/core/src/main/java/org/springframework/security/access/expression/AbstractSecurityExpressionHandler.java
@@ -48,7 +48,7 @@ public abstract class AbstractSecurityExpressionHandler<T>
 	private PermissionEvaluator permissionEvaluator = new DenyAllPermissionEvaluator();
 
 	public final ExpressionParser getExpressionParser() {
-		return expressionParser;
+		return this.expressionParser;
 	}
 
 	public final void setExpressionParser(ExpressionParser expressionParser) {
@@ -67,7 +67,7 @@ public abstract class AbstractSecurityExpressionHandler<T>
 	public final EvaluationContext createEvaluationContext(Authentication authentication, T invocation) {
 		SecurityExpressionOperations root = createSecurityExpressionRoot(authentication, invocation);
 		StandardEvaluationContext ctx = createEvaluationContextInternal(authentication, invocation);
-		ctx.setBeanResolver(br);
+		ctx.setBeanResolver(this.br);
 		ctx.setRootObject(root);
 
 		return ctx;
@@ -99,7 +99,7 @@ public abstract class AbstractSecurityExpressionHandler<T>
 			T invocation);
 
 	protected RoleHierarchy getRoleHierarchy() {
-		return roleHierarchy;
+		return this.roleHierarchy;
 	}
 
 	public void setRoleHierarchy(RoleHierarchy roleHierarchy) {
@@ -107,7 +107,7 @@ public abstract class AbstractSecurityExpressionHandler<T>
 	}
 
 	protected PermissionEvaluator getPermissionEvaluator() {
-		return permissionEvaluator;
+		return this.permissionEvaluator;
 	}
 
 	public void setPermissionEvaluator(PermissionEvaluator permissionEvaluator) {
@@ -115,7 +115,7 @@ public abstract class AbstractSecurityExpressionHandler<T>
 	}
 
 	public void setApplicationContext(ApplicationContext applicationContext) {
-		br = new BeanFactoryResolver(applicationContext);
+		this.br = new BeanFactoryResolver(applicationContext);
 	}
 
 }
diff --git a/core/src/main/java/org/springframework/security/access/expression/DenyAllPermissionEvaluator.java b/core/src/main/java/org/springframework/security/access/expression/DenyAllPermissionEvaluator.java
index 89ba56b486..e394b37b80 100644
--- a/core/src/main/java/org/springframework/security/access/expression/DenyAllPermissionEvaluator.java
+++ b/core/src/main/java/org/springframework/security/access/expression/DenyAllPermissionEvaluator.java
@@ -38,7 +38,7 @@ public class DenyAllPermissionEvaluator implements PermissionEvaluator {
 	 * @return false always
 	 */
 	public boolean hasPermission(Authentication authentication, Object target, Object permission) {
-		logger.warn(
+		this.logger.warn(
 				"Denying user " + authentication.getName() + " permission '" + permission + "' on object " + target);
 		return false;
 	}
@@ -48,8 +48,8 @@ public class DenyAllPermissionEvaluator implements PermissionEvaluator {
 	 */
 	public boolean hasPermission(Authentication authentication, Serializable targetId, String targetType,
 			Object permission) {
-		logger.warn("Denying user " + authentication.getName() + " permission '" + permission + "' on object with Id '"
-				+ targetId);
+		this.logger.warn("Denying user " + authentication.getName() + " permission '" + permission
+				+ "' on object with Id '" + targetId);
 		return false;
 	}
 
diff --git a/core/src/main/java/org/springframework/security/access/expression/SecurityExpressionRoot.java b/core/src/main/java/org/springframework/security/access/expression/SecurityExpressionRoot.java
index 9e37c514cb..c85eda4c92 100644
--- a/core/src/main/java/org/springframework/security/access/expression/SecurityExpressionRoot.java
+++ b/core/src/main/java/org/springframework/security/access/expression/SecurityExpressionRoot.java
@@ -86,7 +86,7 @@ public abstract class SecurityExpressionRoot implements SecurityExpressionOperat
 	}
 
 	public final boolean hasAnyRole(String... roles) {
-		return hasAnyAuthorityName(defaultRolePrefix, roles);
+		return hasAnyAuthorityName(this.defaultRolePrefix, roles);
 	}
 
 	private boolean hasAnyAuthorityName(String prefix, String... roles) {
@@ -103,7 +103,7 @@ public abstract class SecurityExpressionRoot implements SecurityExpressionOperat
 	}
 
 	public final Authentication getAuthentication() {
-		return authentication;
+		return this.authentication;
 	}
 
 	public final boolean permitAll() {
@@ -115,7 +115,7 @@ public abstract class SecurityExpressionRoot implements SecurityExpressionOperat
 	}
 
 	public final boolean isAnonymous() {
-		return trustResolver.isAnonymous(authentication);
+		return this.trustResolver.isAnonymous(this.authentication);
 	}
 
 	public final boolean isAuthenticated() {
@@ -123,11 +123,12 @@ public abstract class SecurityExpressionRoot implements SecurityExpressionOperat
 	}
 
 	public final boolean isRememberMe() {
-		return trustResolver.isRememberMe(authentication);
+		return this.trustResolver.isRememberMe(this.authentication);
 	}
 
 	public final boolean isFullyAuthenticated() {
-		return !trustResolver.isAnonymous(authentication) && !trustResolver.isRememberMe(authentication);
+		return !this.trustResolver.isAnonymous(this.authentication)
+				&& !this.trustResolver.isRememberMe(this.authentication);
 	}
 
 	/**
@@ -136,7 +137,7 @@ public abstract class SecurityExpressionRoot implements SecurityExpressionOperat
 	 * @return
 	 */
 	public Object getPrincipal() {
-		return authentication.getPrincipal();
+		return this.authentication.getPrincipal();
 	}
 
 	public void setTrustResolver(AuthenticationTrustResolver trustResolver) {
@@ -165,25 +166,26 @@ public abstract class SecurityExpressionRoot implements SecurityExpressionOperat
 	}
 
 	private Set<String> getAuthoritySet() {
-		if (roles == null) {
-			Collection<? extends GrantedAuthority> userAuthorities = authentication.getAuthorities();
+		if (this.roles == null) {
+			Collection<? extends GrantedAuthority> userAuthorities = this.authentication.getAuthorities();
 
-			if (roleHierarchy != null) {
-				userAuthorities = roleHierarchy.getReachableGrantedAuthorities(userAuthorities);
+			if (this.roleHierarchy != null) {
+				userAuthorities = this.roleHierarchy.getReachableGrantedAuthorities(userAuthorities);
 			}
 
-			roles = AuthorityUtils.authorityListToSet(userAuthorities);
+			this.roles = AuthorityUtils.authorityListToSet(userAuthorities);
 		}
 
-		return roles;
+		return this.roles;
 	}
 
 	public boolean hasPermission(Object target, Object permission) {
-		return permissionEvaluator.hasPermission(authentication, target, permission);
+		return this.permissionEvaluator.hasPermission(this.authentication, target, permission);
 	}
 
 	public boolean hasPermission(Object targetId, String targetType, Object permission) {
-		return permissionEvaluator.hasPermission(authentication, (Serializable) targetId, targetType, permission);
+		return this.permissionEvaluator.hasPermission(this.authentication, (Serializable) targetId, targetType,
+				permission);
 	}
 
 	public void setPermissionEvaluator(PermissionEvaluator permissionEvaluator) {
diff --git a/core/src/main/java/org/springframework/security/access/expression/method/AbstractExpressionBasedMethodConfigAttribute.java b/core/src/main/java/org/springframework/security/access/expression/method/AbstractExpressionBasedMethodConfigAttribute.java
index 8a5c8ed2d1..17d156fbe2 100644
--- a/core/src/main/java/org/springframework/security/access/expression/method/AbstractExpressionBasedMethodConfigAttribute.java
+++ b/core/src/main/java/org/springframework/security/access/expression/method/AbstractExpressionBasedMethodConfigAttribute.java
@@ -59,11 +59,11 @@ abstract class AbstractExpressionBasedMethodConfigAttribute implements ConfigAtt
 	}
 
 	Expression getFilterExpression() {
-		return filterExpression;
+		return this.filterExpression;
 	}
 
 	Expression getAuthorizeExpression() {
-		return authorizeExpression;
+		return this.authorizeExpression;
 	}
 
 	public String getAttribute() {
diff --git a/core/src/main/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandler.java b/core/src/main/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandler.java
index d734e5c48d..e9a2da23ce 100644
--- a/core/src/main/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandler.java
+++ b/core/src/main/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandler.java
@@ -101,11 +101,11 @@ public class DefaultMethodSecurityExpressionHandler extends AbstractSecurityExpr
 	public Object filter(Object filterTarget, Expression filterExpression, EvaluationContext ctx) {
 		MethodSecurityExpressionOperations rootObject = (MethodSecurityExpressionOperations) ctx.getRootObject()
 				.getValue();
-		final boolean debug = logger.isDebugEnabled();
+		final boolean debug = this.logger.isDebugEnabled();
 		List retainList;
 
 		if (debug) {
-			logger.debug("Filtering with expression: " + filterExpression.getExpressionString());
+			this.logger.debug("Filtering with expression: " + filterExpression.getExpressionString());
 		}
 
 		if (filterTarget instanceof Collection) {
@@ -113,11 +113,11 @@ public class DefaultMethodSecurityExpressionHandler extends AbstractSecurityExpr
 			retainList = new ArrayList(collection.size());
 
 			if (debug) {
-				logger.debug("Filtering collection with " + collection.size() + " elements");
+				this.logger.debug("Filtering collection with " + collection.size() + " elements");
 			}
 
-			if (permissionCacheOptimizer != null) {
-				permissionCacheOptimizer.cachePermissionsFor(rootObject.getAuthentication(), collection);
+			if (this.permissionCacheOptimizer != null) {
+				this.permissionCacheOptimizer.cachePermissionsFor(rootObject.getAuthentication(), collection);
 			}
 
 			for (Object filterObject : (Collection) filterTarget) {
@@ -129,7 +129,7 @@ public class DefaultMethodSecurityExpressionHandler extends AbstractSecurityExpr
 			}
 
 			if (debug) {
-				logger.debug("Retaining elements: " + retainList);
+				this.logger.debug("Retaining elements: " + retainList);
 			}
 
 			collection.clear();
@@ -143,11 +143,11 @@ public class DefaultMethodSecurityExpressionHandler extends AbstractSecurityExpr
 			retainList = new ArrayList(array.length);
 
 			if (debug) {
-				logger.debug("Filtering array with " + array.length + " elements");
+				this.logger.debug("Filtering array with " + array.length + " elements");
 			}
 
-			if (permissionCacheOptimizer != null) {
-				permissionCacheOptimizer.cachePermissionsFor(rootObject.getAuthentication(), Arrays.asList(array));
+			if (this.permissionCacheOptimizer != null) {
+				this.permissionCacheOptimizer.cachePermissionsFor(rootObject.getAuthentication(), Arrays.asList(array));
 			}
 
 			for (Object o : array) {
@@ -159,7 +159,7 @@ public class DefaultMethodSecurityExpressionHandler extends AbstractSecurityExpr
 			}
 
 			if (debug) {
-				logger.debug("Retaining elements: " + retainList);
+				this.logger.debug("Retaining elements: " + retainList);
 			}
 
 			Object[] filtered = (Object[]) Array.newInstance(filterTarget.getClass().getComponentType(),
@@ -176,7 +176,7 @@ public class DefaultMethodSecurityExpressionHandler extends AbstractSecurityExpr
 			final Map retainMap = new LinkedHashMap(map.size());
 
 			if (debug) {
-				logger.debug("Filtering map with " + map.size() + " elements");
+				this.logger.debug("Filtering map with " + map.size() + " elements");
 			}
 
 			for (Map.Entry<?, ?> filterObject : map.entrySet()) {
@@ -188,7 +188,7 @@ public class DefaultMethodSecurityExpressionHandler extends AbstractSecurityExpr
 			}
 
 			if (debug) {
-				logger.debug("Retaining elements: " + retainMap);
+				this.logger.debug("Retaining elements: " + retainMap);
 			}
 
 			map.clear();
@@ -225,7 +225,7 @@ public class DefaultMethodSecurityExpressionHandler extends AbstractSecurityExpr
 	 * @return The current {@link AuthenticationTrustResolver}
 	 */
 	protected AuthenticationTrustResolver getTrustResolver() {
-		return trustResolver;
+		return this.trustResolver;
 	}
 
 	/**
@@ -241,7 +241,7 @@ public class DefaultMethodSecurityExpressionHandler extends AbstractSecurityExpr
 	 * @return The current {@link ParameterNameDiscoverer}
 	 */
 	protected ParameterNameDiscoverer getParameterNameDiscoverer() {
-		return parameterNameDiscoverer;
+		return this.parameterNameDiscoverer;
 	}
 
 	public void setPermissionCacheOptimizer(PermissionCacheOptimizer permissionCacheOptimizer) {
@@ -275,7 +275,7 @@ public class DefaultMethodSecurityExpressionHandler extends AbstractSecurityExpr
 	 * @return The default role prefix
 	 */
 	protected String getDefaultRolePrefix() {
-		return defaultRolePrefix;
+		return this.defaultRolePrefix;
 	}
 
 }
diff --git a/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedAnnotationAttributeFactory.java b/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedAnnotationAttributeFactory.java
index e12ea859da..40e0f0c500 100644
--- a/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedAnnotationAttributeFactory.java
+++ b/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedAnnotationAttributeFactory.java
@@ -86,8 +86,8 @@ public class ExpressionBasedAnnotationAttributeFactory implements PrePostInvocat
 		if (this.parser != null) {
 			return this.parser;
 		}
-		synchronized (parserLock) {
-			this.parser = handler.getExpressionParser();
+		synchronized (this.parserLock) {
+			this.parser = this.handler.getExpressionParser();
 			this.handler = null;
 		}
 		return this.parser;
diff --git a/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPostInvocationAdvice.java b/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPostInvocationAdvice.java
index c05f5622c7..d9f049fcb7 100644
--- a/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPostInvocationAdvice.java
+++ b/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPostInvocationAdvice.java
@@ -44,30 +44,30 @@ public class ExpressionBasedPostInvocationAdvice implements PostInvocationAuthor
 	public Object after(Authentication authentication, MethodInvocation mi, PostInvocationAttribute postAttr,
 			Object returnedObject) throws AccessDeniedException {
 		PostInvocationExpressionAttribute pia = (PostInvocationExpressionAttribute) postAttr;
-		EvaluationContext ctx = expressionHandler.createEvaluationContext(authentication, mi);
+		EvaluationContext ctx = this.expressionHandler.createEvaluationContext(authentication, mi);
 		Expression postFilter = pia.getFilterExpression();
 		Expression postAuthorize = pia.getAuthorizeExpression();
 
 		if (postFilter != null) {
-			if (logger.isDebugEnabled()) {
-				logger.debug("Applying PostFilter expression " + postFilter);
+			if (this.logger.isDebugEnabled()) {
+				this.logger.debug("Applying PostFilter expression " + postFilter);
 			}
 
 			if (returnedObject != null) {
-				returnedObject = expressionHandler.filter(returnedObject, postFilter, ctx);
+				returnedObject = this.expressionHandler.filter(returnedObject, postFilter, ctx);
 			}
 			else {
-				if (logger.isDebugEnabled()) {
-					logger.debug("Return object is null, filtering will be skipped");
+				if (this.logger.isDebugEnabled()) {
+					this.logger.debug("Return object is null, filtering will be skipped");
 				}
 			}
 		}
 
-		expressionHandler.setReturnObject(returnedObject, ctx);
+		this.expressionHandler.setReturnObject(returnedObject, ctx);
 
 		if (postAuthorize != null && !ExpressionUtils.evaluateAsBoolean(postAuthorize, ctx)) {
-			if (logger.isDebugEnabled()) {
-				logger.debug("PostAuthorize expression rejected access");
+			if (this.logger.isDebugEnabled()) {
+				this.logger.debug("PostAuthorize expression rejected access");
 			}
 			throw new AccessDeniedException("Access is denied");
 		}
diff --git a/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPreInvocationAdvice.java b/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPreInvocationAdvice.java
index 056b042593..9a1de85b5b 100644
--- a/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPreInvocationAdvice.java
+++ b/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPreInvocationAdvice.java
@@ -41,14 +41,14 @@ public class ExpressionBasedPreInvocationAdvice implements PreInvocationAuthoriz
 
 	public boolean before(Authentication authentication, MethodInvocation mi, PreInvocationAttribute attr) {
 		PreInvocationExpressionAttribute preAttr = (PreInvocationExpressionAttribute) attr;
-		EvaluationContext ctx = expressionHandler.createEvaluationContext(authentication, mi);
+		EvaluationContext ctx = this.expressionHandler.createEvaluationContext(authentication, mi);
 		Expression preFilter = preAttr.getFilterExpression();
 		Expression preAuthorize = preAttr.getAuthorizeExpression();
 
 		if (preFilter != null) {
 			Object filterTarget = findFilterTarget(preAttr.getFilterTarget(), ctx, mi);
 
-			expressionHandler.filter(filterTarget, preFilter, ctx);
+			this.expressionHandler.filter(filterTarget, preFilter, ctx);
 		}
 
 		if (preAuthorize == null) {
diff --git a/core/src/main/java/org/springframework/security/access/expression/method/MethodSecurityExpressionRoot.java b/core/src/main/java/org/springframework/security/access/expression/method/MethodSecurityExpressionRoot.java
index 7c3f52b881..8e78613699 100644
--- a/core/src/main/java/org/springframework/security/access/expression/method/MethodSecurityExpressionRoot.java
+++ b/core/src/main/java/org/springframework/security/access/expression/method/MethodSecurityExpressionRoot.java
@@ -41,7 +41,7 @@ class MethodSecurityExpressionRoot extends SecurityExpressionRoot implements Met
 	}
 
 	public Object getFilterObject() {
-		return filterObject;
+		return this.filterObject;
 	}
 
 	public void setReturnObject(Object returnObject) {
@@ -49,7 +49,7 @@ class MethodSecurityExpressionRoot extends SecurityExpressionRoot implements Met
 	}
 
 	public Object getReturnObject() {
-		return returnObject;
+		return this.returnObject;
 	}
 
 	/**
@@ -63,7 +63,7 @@ class MethodSecurityExpressionRoot extends SecurityExpressionRoot implements Met
 	}
 
 	public Object getThis() {
-		return target;
+		return this.target;
 	}
 
 }
diff --git a/core/src/main/java/org/springframework/security/access/expression/method/PreInvocationExpressionAttribute.java b/core/src/main/java/org/springframework/security/access/expression/method/PreInvocationExpressionAttribute.java
index 950998a785..978bffd88d 100644
--- a/core/src/main/java/org/springframework/security/access/expression/method/PreInvocationExpressionAttribute.java
+++ b/core/src/main/java/org/springframework/security/access/expression/method/PreInvocationExpressionAttribute.java
@@ -48,7 +48,7 @@ class PreInvocationExpressionAttribute extends AbstractExpressionBasedMethodConf
 	 * @return the method parameter name
 	 */
 	String getFilterTarget() {
-		return filterTarget;
+		return this.filterTarget;
 	}
 
 	@Override
@@ -58,7 +58,7 @@ class PreInvocationExpressionAttribute extends AbstractExpressionBasedMethodConf
 		Expression filter = getFilterExpression();
 		sb.append("[authorize: '").append(authorize == null ? "null" : authorize.getExpressionString());
 		sb.append("', filter: '").append(filter == null ? "null" : filter.getExpressionString());
-		sb.append("', filterTarget: '").append(filterTarget).append("']");
+		sb.append("', filterTarget: '").append(this.filterTarget).append("']");
 		return sb.toString();
 	}
 
diff --git a/core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyAuthoritiesMapper.java b/core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyAuthoritiesMapper.java
index 54edf424e8..f78b286041 100644
--- a/core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyAuthoritiesMapper.java
+++ b/core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyAuthoritiesMapper.java
@@ -32,7 +32,7 @@ public class RoleHierarchyAuthoritiesMapper implements GrantedAuthoritiesMapper
 	}
 
 	public Collection<? extends GrantedAuthority> mapAuthorities(Collection<? extends GrantedAuthority> authorities) {
-		return roleHierarchy.getReachableGrantedAuthorities(authorities);
+		return this.roleHierarchy.getReachableGrantedAuthorities(authorities);
 	}
 
 }
diff --git a/core/src/main/java/org/springframework/security/access/intercept/AbstractSecurityInterceptor.java b/core/src/main/java/org/springframework/security/access/intercept/AbstractSecurityInterceptor.java
index 693542c831..c5780221d4 100644
--- a/core/src/main/java/org/springframework/security/access/intercept/AbstractSecurityInterceptor.java
+++ b/core/src/main/java/org/springframework/security/access/intercept/AbstractSecurityInterceptor.java
@@ -150,8 +150,9 @@ public abstract class AbstractSecurityInterceptor
 			Collection<ConfigAttribute> attributeDefs = this.obtainSecurityMetadataSource().getAllConfigAttributes();
 
 			if (attributeDefs == null) {
-				logger.warn("Could not validate configuration attributes as the SecurityMetadataSource did not return "
-						+ "any attributes from getAllConfigAttributes()");
+				this.logger.warn(
+						"Could not validate configuration attributes as the SecurityMetadataSource did not return "
+								+ "any attributes from getAllConfigAttributes()");
 				return;
 			}
 
@@ -168,13 +169,13 @@ public abstract class AbstractSecurityInterceptor
 				throw new IllegalArgumentException("Unsupported configuration attributes: " + unsupportedAttrs);
 			}
 
-			logger.debug("Validated configuration attributes");
+			this.logger.debug("Validated configuration attributes");
 		}
 	}
 
 	protected InterceptorStatusToken beforeInvocation(Object object) {
 		Assert.notNull(object, "Object was null");
-		final boolean debug = logger.isDebugEnabled();
+		final boolean debug = this.logger.isDebugEnabled();
 
 		if (!getSecureObjectClass().isAssignableFrom(object.getClass())) {
 			throw new IllegalArgumentException("Security invocation attempted for object " + object.getClass().getName()
@@ -185,7 +186,7 @@ public abstract class AbstractSecurityInterceptor
 		Collection<ConfigAttribute> attributes = this.obtainSecurityMetadataSource().getAttributes(object);
 
 		if (attributes == null || attributes.isEmpty()) {
-			if (rejectPublicInvocations) {
+			if (this.rejectPublicInvocations) {
 				throw new IllegalArgumentException("Secure object invocation " + object
 						+ " was denied as public invocations are not allowed via this interceptor. "
 						+ "This indicates a configuration error because the "
@@ -193,7 +194,7 @@ public abstract class AbstractSecurityInterceptor
 			}
 
 			if (debug) {
-				logger.debug("Public object - authentication not attempted");
+				this.logger.debug("Public object - authentication not attempted");
 			}
 
 			publishEvent(new PublicInvocationEvent(object));
@@ -202,11 +203,11 @@ public abstract class AbstractSecurityInterceptor
 		}
 
 		if (debug) {
-			logger.debug("Secure object: " + object + "; Attributes: " + attributes);
+			this.logger.debug("Secure object: " + object + "; Attributes: " + attributes);
 		}
 
 		if (SecurityContextHolder.getContext().getAuthentication() == null) {
-			credentialsNotFound(messages.getMessage("AbstractSecurityInterceptor.authenticationNotFound",
+			credentialsNotFound(this.messages.getMessage("AbstractSecurityInterceptor.authenticationNotFound",
 					"An Authentication object was not found in the SecurityContext"), object, attributes);
 		}
 
@@ -223,10 +224,10 @@ public abstract class AbstractSecurityInterceptor
 		}
 
 		if (debug) {
-			logger.debug("Authorization successful");
+			this.logger.debug("Authorization successful");
 		}
 
-		if (publishAuthorizationSuccess) {
+		if (this.publishAuthorizationSuccess) {
 			publishEvent(new AuthorizedEvent(object, attributes, authenticated));
 		}
 
@@ -235,7 +236,7 @@ public abstract class AbstractSecurityInterceptor
 
 		if (runAs == null) {
 			if (debug) {
-				logger.debug("RunAsManager did not change Authentication object");
+				this.logger.debug("RunAsManager did not change Authentication object");
 			}
 
 			// no further work post-invocation
@@ -243,7 +244,7 @@ public abstract class AbstractSecurityInterceptor
 		}
 		else {
 			if (debug) {
-				logger.debug("Switching to RunAs Authentication: " + runAs);
+				this.logger.debug("Switching to RunAs Authentication: " + runAs);
 			}
 
 			SecurityContext origCtx = SecurityContextHolder.getContext();
@@ -264,8 +265,9 @@ public abstract class AbstractSecurityInterceptor
 	 */
 	protected void finallyInvocation(InterceptorStatusToken token) {
 		if (token != null && token.isContextHolderRefreshRequired()) {
-			if (logger.isDebugEnabled()) {
-				logger.debug("Reverting to original Authentication: " + token.getSecurityContext().getAuthentication());
+			if (this.logger.isDebugEnabled()) {
+				this.logger.debug(
+						"Reverting to original Authentication: " + token.getSecurityContext().getAuthentication());
 			}
 
 			SecurityContextHolder.setContext(token.getSecurityContext());
@@ -289,10 +291,10 @@ public abstract class AbstractSecurityInterceptor
 
 		finallyInvocation(token); // continue to clean in this method for passivity
 
-		if (afterInvocationManager != null) {
+		if (this.afterInvocationManager != null) {
 			// Attempt after invocation handling
 			try {
-				returnedObject = afterInvocationManager.decide(token.getSecurityContext().getAuthentication(),
+				returnedObject = this.afterInvocationManager.decide(token.getSecurityContext().getAuthentication(),
 						token.getSecureObject(), token.getAttributes(), returnedObject);
 			}
 			catch (AccessDeniedException accessDeniedException) {
@@ -316,20 +318,20 @@ public abstract class AbstractSecurityInterceptor
 	private Authentication authenticateIfRequired() {
 		Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
 
-		if (authentication.isAuthenticated() && !alwaysReauthenticate) {
-			if (logger.isDebugEnabled()) {
-				logger.debug("Previously Authenticated: " + authentication);
+		if (authentication.isAuthenticated() && !this.alwaysReauthenticate) {
+			if (this.logger.isDebugEnabled()) {
+				this.logger.debug("Previously Authenticated: " + authentication);
 			}
 
 			return authentication;
 		}
 
-		authentication = authenticationManager.authenticate(authentication);
+		authentication = this.authenticationManager.authenticate(authentication);
 
 		// We don't authenticated.setAuthentication(true), because each provider should do
 		// that
-		if (logger.isDebugEnabled()) {
-			logger.debug("Successfully Authenticated: " + authentication);
+		if (this.logger.isDebugEnabled()) {
+			this.logger.debug("Successfully Authenticated: " + authentication);
 		}
 
 		SecurityContextHolder.getContext().setAuthentication(authentication);
@@ -357,11 +359,11 @@ public abstract class AbstractSecurityInterceptor
 	}
 
 	public AccessDecisionManager getAccessDecisionManager() {
-		return accessDecisionManager;
+		return this.accessDecisionManager;
 	}
 
 	public AfterInvocationManager getAfterInvocationManager() {
-		return afterInvocationManager;
+		return this.afterInvocationManager;
 	}
 
 	public AuthenticationManager getAuthenticationManager() {
@@ -369,7 +371,7 @@ public abstract class AbstractSecurityInterceptor
 	}
 
 	public RunAsManager getRunAsManager() {
-		return runAsManager;
+		return this.runAsManager;
 	}
 
 	/**
@@ -381,15 +383,15 @@ public abstract class AbstractSecurityInterceptor
 	public abstract Class<?> getSecureObjectClass();
 
 	public boolean isAlwaysReauthenticate() {
-		return alwaysReauthenticate;
+		return this.alwaysReauthenticate;
 	}
 
 	public boolean isRejectPublicInvocations() {
-		return rejectPublicInvocations;
+		return this.rejectPublicInvocations;
 	}
 
 	public boolean isValidateConfigAttributes() {
-		return validateConfigAttributes;
+		return this.validateConfigAttributes;
 	}
 
 	public abstract SecurityMetadataSource obtainSecurityMetadataSource();
diff --git a/core/src/main/java/org/springframework/security/access/intercept/AfterInvocationProviderManager.java b/core/src/main/java/org/springframework/security/access/intercept/AfterInvocationProviderManager.java
index 05ac387142..f4311b5ac4 100644
--- a/core/src/main/java/org/springframework/security/access/intercept/AfterInvocationProviderManager.java
+++ b/core/src/main/java/org/springframework/security/access/intercept/AfterInvocationProviderManager.java
@@ -67,7 +67,7 @@ public class AfterInvocationProviderManager implements AfterInvocationManager, I
 
 		Object result = returnedObject;
 
-		for (AfterInvocationProvider provider : providers) {
+		for (AfterInvocationProvider provider : this.providers) {
 			result = provider.decide(authentication, object, config, result);
 		}
 
@@ -80,17 +80,17 @@ public class AfterInvocationProviderManager implements AfterInvocationManager, I
 
 	public void setProviders(List<?> newList) {
 		checkIfValidList(newList);
-		providers = new ArrayList<>(newList.size());
+		this.providers = new ArrayList<>(newList.size());
 
 		for (Object currentObject : newList) {
 			Assert.isInstanceOf(AfterInvocationProvider.class, currentObject, () -> "AfterInvocationProvider "
 					+ currentObject.getClass().getName() + " must implement AfterInvocationProvider");
-			providers.add((AfterInvocationProvider) currentObject);
+			this.providers.add((AfterInvocationProvider) currentObject);
 		}
 	}
 
 	public boolean supports(ConfigAttribute attribute) {
-		for (AfterInvocationProvider provider : providers) {
+		for (AfterInvocationProvider provider : this.providers) {
 			if (logger.isDebugEnabled()) {
 				logger.debug("Evaluating " + attribute + " against " + provider);
 			}
@@ -115,7 +115,7 @@ public class AfterInvocationProviderManager implements AfterInvocationManager, I
 	 * to support the secure object class
 	 */
 	public boolean supports(Class<?> clazz) {
-		for (AfterInvocationProvider provider : providers) {
+		for (AfterInvocationProvider provider : this.providers) {
 			if (!provider.supports(clazz)) {
 				return false;
 			}
diff --git a/core/src/main/java/org/springframework/security/access/intercept/InterceptorStatusToken.java b/core/src/main/java/org/springframework/security/access/intercept/InterceptorStatusToken.java
index 0199ed258e..de97aebf60 100644
--- a/core/src/main/java/org/springframework/security/access/intercept/InterceptorStatusToken.java
+++ b/core/src/main/java/org/springframework/security/access/intercept/InterceptorStatusToken.java
@@ -49,19 +49,19 @@ public class InterceptorStatusToken {
 	}
 
 	public Collection<ConfigAttribute> getAttributes() {
-		return attr;
+		return this.attr;
 	}
 
 	public SecurityContext getSecurityContext() {
-		return securityContext;
+		return this.securityContext;
 	}
 
 	public Object getSecureObject() {
-		return secureObject;
+		return this.secureObject;
 	}
 
 	public boolean isContextHolderRefreshRequired() {
-		return contextHolderRefreshRequired;
+		return this.contextHolderRefreshRequired;
 	}
 
 }
diff --git a/core/src/main/java/org/springframework/security/access/intercept/MethodInvocationPrivilegeEvaluator.java b/core/src/main/java/org/springframework/security/access/intercept/MethodInvocationPrivilegeEvaluator.java
index 5a39f695c8..ed897c3604 100644
--- a/core/src/main/java/org/springframework/security/access/intercept/MethodInvocationPrivilegeEvaluator.java
+++ b/core/src/main/java/org/springframework/security/access/intercept/MethodInvocationPrivilegeEvaluator.java
@@ -50,17 +50,17 @@ public class MethodInvocationPrivilegeEvaluator implements InitializingBean {
 	private AbstractSecurityInterceptor securityInterceptor;
 
 	public void afterPropertiesSet() {
-		Assert.notNull(securityInterceptor, "SecurityInterceptor required");
+		Assert.notNull(this.securityInterceptor, "SecurityInterceptor required");
 	}
 
 	public boolean isAllowed(MethodInvocation mi, Authentication authentication) {
 		Assert.notNull(mi, "MethodInvocation required");
 		Assert.notNull(mi.getMethod(), "MethodInvocation must provide a non-null getMethod()");
 
-		Collection<ConfigAttribute> attrs = securityInterceptor.obtainSecurityMetadataSource().getAttributes(mi);
+		Collection<ConfigAttribute> attrs = this.securityInterceptor.obtainSecurityMetadataSource().getAttributes(mi);
 
 		if (attrs == null) {
-			if (securityInterceptor.isRejectPublicInvocations()) {
+			if (this.securityInterceptor.isRejectPublicInvocations()) {
 				return false;
 			}
 
@@ -72,7 +72,7 @@ public class MethodInvocationPrivilegeEvaluator implements InitializingBean {
 		}
 
 		try {
-			securityInterceptor.getAccessDecisionManager().decide(authentication, mi, attrs);
+			this.securityInterceptor.getAccessDecisionManager().decide(authentication, mi, attrs);
 		}
 		catch (AccessDeniedException unauthorized) {
 			if (logger.isDebugEnabled()) {
diff --git a/core/src/main/java/org/springframework/security/access/intercept/RunAsImplAuthenticationProvider.java b/core/src/main/java/org/springframework/security/access/intercept/RunAsImplAuthenticationProvider.java
index 7712242d56..9c571ae280 100644
--- a/core/src/main/java/org/springframework/security/access/intercept/RunAsImplAuthenticationProvider.java
+++ b/core/src/main/java/org/springframework/security/access/intercept/RunAsImplAuthenticationProvider.java
@@ -47,23 +47,23 @@ public class RunAsImplAuthenticationProvider implements InitializingBean, Authen
 	private String key;
 
 	public void afterPropertiesSet() {
-		Assert.notNull(key, "A Key is required and should match that configured for the RunAsManagerImpl");
+		Assert.notNull(this.key, "A Key is required and should match that configured for the RunAsManagerImpl");
 	}
 
 	public Authentication authenticate(Authentication authentication) throws AuthenticationException {
 		RunAsUserToken token = (RunAsUserToken) authentication;
 
-		if (token.getKeyHash() == key.hashCode()) {
+		if (token.getKeyHash() == this.key.hashCode()) {
 			return authentication;
 		}
 		else {
-			throw new BadCredentialsException(messages.getMessage("RunAsImplAuthenticationProvider.incorrectKey",
+			throw new BadCredentialsException(this.messages.getMessage("RunAsImplAuthenticationProvider.incorrectKey",
 					"The presented RunAsUserToken does not contain the expected key"));
 		}
 	}
 
 	public String getKey() {
-		return key;
+		return this.key;
 	}
 
 	public void setKey(String key) {
diff --git a/core/src/main/java/org/springframework/security/access/intercept/RunAsManagerImpl.java b/core/src/main/java/org/springframework/security/access/intercept/RunAsManagerImpl.java
index ddb28f4b1f..22b72fd757 100644
--- a/core/src/main/java/org/springframework/security/access/intercept/RunAsManagerImpl.java
+++ b/core/src/main/java/org/springframework/security/access/intercept/RunAsManagerImpl.java
@@ -60,7 +60,7 @@ public class RunAsManagerImpl implements RunAsManager, InitializingBean {
 	private String rolePrefix = "ROLE_";
 
 	public void afterPropertiesSet() {
-		Assert.notNull(key,
+		Assert.notNull(this.key,
 				"A Key is required and should match that configured for the RunAsImplAuthenticationProvider");
 	}
 
@@ -88,11 +88,11 @@ public class RunAsManagerImpl implements RunAsManager, InitializingBean {
 	}
 
 	public String getKey() {
-		return key;
+		return this.key;
 	}
 
 	public String getRolePrefix() {
-		return rolePrefix;
+		return this.rolePrefix;
 	}
 
 	public void setKey(String key) {
diff --git a/core/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisor.java b/core/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisor.java
index c38da9055a..cc0872503a 100644
--- a/core/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisor.java
+++ b/core/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisor.java
@@ -92,17 +92,17 @@ public class MethodSecurityMetadataSourceAdvisor extends AbstractPointcutAdvisor
 	}
 
 	public Pointcut getPointcut() {
-		return pointcut;
+		return this.pointcut;
 	}
 
 	public Advice getAdvice() {
 		synchronized (this.adviceMonitor) {
-			if (interceptor == null) {
-				Assert.notNull(adviceBeanName, "'adviceBeanName' must be set for use with bean factory lookup.");
-				Assert.state(beanFactory != null, "BeanFactory must be set to resolve 'adviceBeanName'");
-				interceptor = beanFactory.getBean(this.adviceBeanName, MethodInterceptor.class);
+			if (this.interceptor == null) {
+				Assert.notNull(this.adviceBeanName, "'adviceBeanName' must be set for use with bean factory lookup.");
+				Assert.state(this.beanFactory != null, "BeanFactory must be set to resolve 'adviceBeanName'");
+				this.interceptor = this.beanFactory.getBean(this.adviceBeanName, MethodInterceptor.class);
 			}
-			return interceptor;
+			return this.interceptor;
 		}
 	}
 
@@ -112,15 +112,17 @@ public class MethodSecurityMetadataSourceAdvisor extends AbstractPointcutAdvisor
 
 	private void readObject(ObjectInputStream ois) throws IOException, ClassNotFoundException {
 		ois.defaultReadObject();
-		adviceMonitor = new Object();
-		attributeSource = beanFactory.getBean(metadataSourceBeanName, MethodSecurityMetadataSource.class);
+		this.adviceMonitor = new Object();
+		this.attributeSource = this.beanFactory.getBean(this.metadataSourceBeanName,
+				MethodSecurityMetadataSource.class);
 	}
 
 	class MethodSecurityMetadataSourcePointcut extends StaticMethodMatcherPointcut implements Serializable {
 
 		@SuppressWarnings("unchecked")
 		public boolean matches(Method m, Class targetClass) {
-			Collection attributes = attributeSource.getAttributes(m, targetClass);
+			Collection attributes = MethodSecurityMetadataSourceAdvisor.this.attributeSource.getAttributes(m,
+					targetClass);
 			return attributes != null && !attributes.isEmpty();
 		}
 
diff --git a/core/src/main/java/org/springframework/security/access/intercept/aspectj/MethodInvocationAdapter.java b/core/src/main/java/org/springframework/security/access/intercept/aspectj/MethodInvocationAdapter.java
index 5a19ddffaf..a3a84f48fa 100644
--- a/core/src/main/java/org/springframework/security/access/intercept/aspectj/MethodInvocationAdapter.java
+++ b/core/src/main/java/org/springframework/security/access/intercept/aspectj/MethodInvocationAdapter.java
@@ -41,19 +41,19 @@ public final class MethodInvocationAdapter implements MethodInvocation {
 	MethodInvocationAdapter(JoinPoint jp) {
 		this.jp = (ProceedingJoinPoint) jp;
 		if (jp.getTarget() != null) {
-			target = jp.getTarget();
+			this.target = jp.getTarget();
 		}
 		else {
 			// SEC-1295: target may be null if an ITD is in use
-			target = jp.getSignature().getDeclaringType();
+			this.target = jp.getSignature().getDeclaringType();
 		}
 		String targetMethodName = jp.getStaticPart().getSignature().getName();
 		Class<?>[] types = ((CodeSignature) jp.getStaticPart().getSignature()).getParameterTypes();
 		Class<?> declaringType = jp.getStaticPart().getSignature().getDeclaringType();
 
-		method = findMethod(targetMethodName, declaringType, types);
+		this.method = findMethod(targetMethodName, declaringType, types);
 
-		if (method == null) {
+		if (this.method == null) {
 			throw new IllegalArgumentException("Could not obtain target method from JoinPoint: '" + jp + "'");
 		}
 	}
@@ -79,23 +79,23 @@ public final class MethodInvocationAdapter implements MethodInvocation {
 	}
 
 	public Method getMethod() {
-		return method;
+		return this.method;
 	}
 
 	public Object[] getArguments() {
-		return jp.getArgs();
+		return this.jp.getArgs();
 	}
 
 	public AccessibleObject getStaticPart() {
-		return method;
+		return this.method;
 	}
 
 	public Object getThis() {
-		return target;
+		return this.target;
 	}
 
 	public Object proceed() throws Throwable {
-		return jp.proceed();
+		return this.jp.proceed();
 	}
 
 }
diff --git a/core/src/main/java/org/springframework/security/access/method/DelegatingMethodSecurityMetadataSource.java b/core/src/main/java/org/springframework/security/access/method/DelegatingMethodSecurityMetadataSource.java
index a0173dd043..11306bd964 100644
--- a/core/src/main/java/org/springframework/security/access/method/DelegatingMethodSecurityMetadataSource.java
+++ b/core/src/main/java/org/springframework/security/access/method/DelegatingMethodSecurityMetadataSource.java
@@ -51,8 +51,8 @@ public final class DelegatingMethodSecurityMetadataSource extends AbstractMethod
 
 	public Collection<ConfigAttribute> getAttributes(Method method, Class<?> targetClass) {
 		DefaultCacheKey cacheKey = new DefaultCacheKey(method, targetClass);
-		synchronized (attributeCache) {
-			Collection<ConfigAttribute> cached = attributeCache.get(cacheKey);
+		synchronized (this.attributeCache) {
+			Collection<ConfigAttribute> cached = this.attributeCache.get(cacheKey);
 			// Check for canonical value indicating there is no config attribute,
 
 			if (cached != null) {
@@ -61,7 +61,7 @@ public final class DelegatingMethodSecurityMetadataSource extends AbstractMethod
 
 			// No cached value, so query the sources to find a result
 			Collection<ConfigAttribute> attributes = null;
-			for (MethodSecurityMetadataSource s : methodSecurityMetadataSources) {
+			for (MethodSecurityMetadataSource s : this.methodSecurityMetadataSources) {
 				attributes = s.getAttributes(method, targetClass);
 				if (attributes != null && !attributes.isEmpty()) {
 					break;
@@ -74,8 +74,8 @@ public final class DelegatingMethodSecurityMetadataSource extends AbstractMethod
 				return NULL_CONFIG_ATTRIBUTE;
 			}
 
-			if (logger.isDebugEnabled()) {
-				logger.debug("Caching method [" + cacheKey + "] with attributes " + attributes);
+			if (this.logger.isDebugEnabled()) {
+				this.logger.debug("Caching method [" + cacheKey + "] with attributes " + attributes);
 			}
 
 			this.attributeCache.put(cacheKey, attributes);
@@ -87,7 +87,7 @@ public final class DelegatingMethodSecurityMetadataSource extends AbstractMethod
 	@Override
 	public Collection<ConfigAttribute> getAllConfigAttributes() {
 		Set<ConfigAttribute> set = new HashSet<>();
-		for (MethodSecurityMetadataSource s : methodSecurityMetadataSources) {
+		for (MethodSecurityMetadataSource s : this.methodSecurityMetadataSources) {
 			Collection<ConfigAttribute> attrs = s.getAllConfigAttributes();
 			if (attrs != null) {
 				set.addAll(attrs);
@@ -97,7 +97,7 @@ public final class DelegatingMethodSecurityMetadataSource extends AbstractMethod
 	}
 
 	public List<MethodSecurityMetadataSource> getMethodSecurityMetadataSources() {
-		return methodSecurityMetadataSources;
+		return this.methodSecurityMetadataSources;
 	}
 
 	private static class DefaultCacheKey {
@@ -125,7 +125,8 @@ public final class DelegatingMethodSecurityMetadataSource extends AbstractMethod
 
 		@Override
 		public String toString() {
-			return "CacheKey[" + (targetClass == null ? "-" : targetClass.getName()) + "; " + method + "]";
+			return "CacheKey[" + (this.targetClass == null ? "-" : this.targetClass.getName()) + "; " + this.method
+					+ "]";
 		}
 
 	}
diff --git a/core/src/main/java/org/springframework/security/access/method/MapBasedMethodSecurityMetadataSource.java b/core/src/main/java/org/springframework/security/access/method/MapBasedMethodSecurityMetadataSource.java
index a501544ed6..5b6c45bd69 100644
--- a/core/src/main/java/org/springframework/security/access/method/MapBasedMethodSecurityMetadataSource.java
+++ b/core/src/main/java/org/springframework/security/access/method/MapBasedMethodSecurityMetadataSource.java
@@ -89,8 +89,8 @@ public class MapBasedMethodSecurityMetadataSource extends AbstractFallbackMethod
 
 	private List<ConfigAttribute> findAttributesSpecifiedAgainst(Method method, Class<?> clazz) {
 		RegisteredMethod registeredMethod = new RegisteredMethod(method, clazz);
-		if (methodMap.containsKey(registeredMethod)) {
-			return methodMap.get(registeredMethod);
+		if (this.methodMap.containsKey(registeredMethod)) {
+			return this.methodMap.get(registeredMethod);
 		}
 		// Search superclass
 		if (clazz.getSuperclass() != null) {
@@ -132,8 +132,8 @@ public class MapBasedMethodSecurityMetadataSource extends AbstractFallbackMethod
 	public void addSecureMethod(Class<?> javaType, String mappedName, List<ConfigAttribute> attr) {
 		String name = javaType.getName() + '.' + mappedName;
 
-		if (logger.isDebugEnabled()) {
-			logger.debug("Request to add secure method [" + name + "] with attributes [" + attr + "]");
+		if (this.logger.isDebugEnabled()) {
+			this.logger.debug("Request to add secure method [" + name + "] with attributes [" + attr + "]");
 		}
 
 		Method[] methods = javaType.getMethods();
@@ -158,7 +158,7 @@ public class MapBasedMethodSecurityMetadataSource extends AbstractFallbackMethod
 				// no already registered method name, or more specific
 				// method name specification now -> (re-)register method
 				if (regMethodName != null) {
-					logger.debug("Replacing attributes for secure method [" + method + "]: current name [" + name
+					this.logger.debug("Replacing attributes for secure method [" + method + "]: current name [" + name
 							+ "] is more specific than [" + regMethodName + "]");
 				}
 
@@ -166,7 +166,7 @@ public class MapBasedMethodSecurityMetadataSource extends AbstractFallbackMethod
 				addSecureMethod(registeredMethod, attr);
 			}
 			else {
-				logger.debug("Keeping attributes for secure method [" + method + "]: current name [" + name
+				this.logger.debug("Keeping attributes for secure method [" + method + "]: current name [" + name
 						+ "] is not more specific than [" + regMethodName + "]");
 			}
 		}
@@ -184,12 +184,13 @@ public class MapBasedMethodSecurityMetadataSource extends AbstractFallbackMethod
 	public void addSecureMethod(Class<?> javaType, Method method, List<ConfigAttribute> attr) {
 		RegisteredMethod key = new RegisteredMethod(method, javaType);
 
-		if (methodMap.containsKey(key)) {
-			logger.debug("Method [" + method + "] is already registered with attributes [" + methodMap.get(key) + "]");
+		if (this.methodMap.containsKey(key)) {
+			this.logger.debug(
+					"Method [" + method + "] is already registered with attributes [" + this.methodMap.get(key) + "]");
 			return;
 		}
 
-		methodMap.put(key, attr);
+		this.methodMap.put(key, attr);
 	}
 
 	/**
@@ -200,8 +201,8 @@ public class MapBasedMethodSecurityMetadataSource extends AbstractFallbackMethod
 	private void addSecureMethod(RegisteredMethod method, List<ConfigAttribute> attr) {
 		Assert.notNull(method, "RegisteredMethod required");
 		Assert.notNull(attr, "Configuration attribute required");
-		if (logger.isInfoEnabled()) {
-			logger.info("Adding secure method [" + method + "] with attributes [" + attr + "]");
+		if (this.logger.isInfoEnabled()) {
+			this.logger.info("Adding secure method [" + method + "] with attributes [" + attr + "]");
 		}
 		this.methodMap.put(method, attr);
 	}
@@ -214,7 +215,7 @@ public class MapBasedMethodSecurityMetadataSource extends AbstractFallbackMethod
 	public Collection<ConfigAttribute> getAllConfigAttributes() {
 		Set<ConfigAttribute> allAttributes = new HashSet<>();
 
-		for (List<ConfigAttribute> attributeList : methodMap.values()) {
+		for (List<ConfigAttribute> attributeList : this.methodMap.values()) {
 			allAttributes.addAll(attributeList);
 		}
 
@@ -243,7 +244,7 @@ public class MapBasedMethodSecurityMetadataSource extends AbstractFallbackMethod
 	 * @return map size (for unit tests and diagnostics)
 	 */
 	public int getMethodMapSize() {
-		return methodMap.size();
+		return this.methodMap.size();
 	}
 
 	/**
@@ -275,19 +276,19 @@ public class MapBasedMethodSecurityMetadataSource extends AbstractFallbackMethod
 			}
 			if (obj != null && obj instanceof RegisteredMethod) {
 				RegisteredMethod rhs = (RegisteredMethod) obj;
-				return method.equals(rhs.method) && registeredJavaType.equals(rhs.registeredJavaType);
+				return this.method.equals(rhs.method) && this.registeredJavaType.equals(rhs.registeredJavaType);
 			}
 			return false;
 		}
 
 		@Override
 		public int hashCode() {
-			return method.hashCode() * registeredJavaType.hashCode();
+			return this.method.hashCode() * this.registeredJavaType.hashCode();
 		}
 
 		@Override
 		public String toString() {
-			return "RegisteredMethod[" + registeredJavaType.getName() + "; " + method + "]";
+			return "RegisteredMethod[" + this.registeredJavaType.getName() + "; " + this.method + "]";
 		}
 
 	}
diff --git a/core/src/main/java/org/springframework/security/access/prepost/PostInvocationAdviceProvider.java b/core/src/main/java/org/springframework/security/access/prepost/PostInvocationAdviceProvider.java
index 3b2f04d843..00a143dd34 100644
--- a/core/src/main/java/org/springframework/security/access/prepost/PostInvocationAdviceProvider.java
+++ b/core/src/main/java/org/springframework/security/access/prepost/PostInvocationAdviceProvider.java
@@ -54,7 +54,7 @@ public class PostInvocationAdviceProvider implements AfterInvocationProvider {
 			return returnedObject;
 		}
 
-		return postAdvice.after(authentication, (MethodInvocation) object, pia, returnedObject);
+		return this.postAdvice.after(authentication, (MethodInvocation) object, pia, returnedObject);
 	}
 
 	private PostInvocationAttribute findPostInvocationAttribute(Collection<ConfigAttribute> config) {
diff --git a/core/src/main/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdviceVoter.java b/core/src/main/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdviceVoter.java
index b77cfb6e6f..cf5d41dee9 100644
--- a/core/src/main/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdviceVoter.java
+++ b/core/src/main/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdviceVoter.java
@@ -69,7 +69,7 @@ public class PreInvocationAuthorizationAdviceVoter implements AccessDecisionVote
 			return ACCESS_ABSTAIN;
 		}
 
-		boolean allowed = preAdvice.before(authentication, method, preAttr);
+		boolean allowed = this.preAdvice.before(authentication, method, preAttr);
 
 		return allowed ? ACCESS_GRANTED : ACCESS_DENIED;
 	}
diff --git a/core/src/main/java/org/springframework/security/access/vote/AbstractAccessDecisionManager.java b/core/src/main/java/org/springframework/security/access/vote/AbstractAccessDecisionManager.java
index d591a7aa73..4aafaaeac6 100644
--- a/core/src/main/java/org/springframework/security/access/vote/AbstractAccessDecisionManager.java
+++ b/core/src/main/java/org/springframework/security/access/vote/AbstractAccessDecisionManager.java
@@ -64,7 +64,7 @@ public abstract class AbstractAccessDecisionManager
 	protected final void checkAllowIfAllAbstainDecisions() {
 		if (!this.isAllowIfAllAbstainDecisions()) {
 			throw new AccessDeniedException(
-					messages.getMessage("AbstractAccessDecisionManager.accessDenied", "Access is denied"));
+					this.messages.getMessage("AbstractAccessDecisionManager.accessDenied", "Access is denied"));
 		}
 	}
 
@@ -73,7 +73,7 @@ public abstract class AbstractAccessDecisionManager
 	}
 
 	public boolean isAllowIfAllAbstainDecisions() {
-		return allowIfAllAbstainDecisions;
+		return this.allowIfAllAbstainDecisions;
 	}
 
 	public void setAllowIfAllAbstainDecisions(boolean allowIfAllAbstainDecisions) {
diff --git a/core/src/main/java/org/springframework/security/access/vote/AbstractAclVoter.java b/core/src/main/java/org/springframework/security/access/vote/AbstractAclVoter.java
index 480b8dc205..b5ed99bc61 100644
--- a/core/src/main/java/org/springframework/security/access/vote/AbstractAclVoter.java
+++ b/core/src/main/java/org/springframework/security/access/vote/AbstractAclVoter.java
@@ -39,17 +39,17 @@ public abstract class AbstractAclVoter implements AccessDecisionVoter<MethodInvo
 		args = invocation.getArguments();
 
 		for (int i = 0; i < params.length; i++) {
-			if (processDomainObjectClass.isAssignableFrom(params[i])) {
+			if (this.processDomainObjectClass.isAssignableFrom(params[i])) {
 				return args[i];
 			}
 		}
 
 		throw new AuthorizationServiceException("MethodInvocation: " + invocation
-				+ " did not provide any argument of type: " + processDomainObjectClass);
+				+ " did not provide any argument of type: " + this.processDomainObjectClass);
 	}
 
 	public Class<?> getProcessDomainObjectClass() {
-		return processDomainObjectClass;
+		return this.processDomainObjectClass;
 	}
 
 	public void setProcessDomainObjectClass(Class<?> processDomainObjectClass) {
diff --git a/core/src/main/java/org/springframework/security/access/vote/AffirmativeBased.java b/core/src/main/java/org/springframework/security/access/vote/AffirmativeBased.java
index 5e58261bae..7031d4c995 100644
--- a/core/src/main/java/org/springframework/security/access/vote/AffirmativeBased.java
+++ b/core/src/main/java/org/springframework/security/access/vote/AffirmativeBased.java
@@ -58,8 +58,8 @@ public class AffirmativeBased extends AbstractAccessDecisionManager {
 		for (AccessDecisionVoter voter : getDecisionVoters()) {
 			int result = voter.vote(authentication, object, configAttributes);
 
-			if (logger.isDebugEnabled()) {
-				logger.debug("Voter: " + voter + ", returned: " + result);
+			if (this.logger.isDebugEnabled()) {
+				this.logger.debug("Voter: " + voter + ", returned: " + result);
 			}
 
 			switch (result) {
@@ -78,7 +78,7 @@ public class AffirmativeBased extends AbstractAccessDecisionManager {
 
 		if (deny > 0) {
 			throw new AccessDeniedException(
-					messages.getMessage("AbstractAccessDecisionManager.accessDenied", "Access is denied"));
+					this.messages.getMessage("AbstractAccessDecisionManager.accessDenied", "Access is denied"));
 		}
 
 		// To get this far, every AccessDecisionVoter abstained
diff --git a/core/src/main/java/org/springframework/security/access/vote/AuthenticatedVoter.java b/core/src/main/java/org/springframework/security/access/vote/AuthenticatedVoter.java
index 7307254fb7..ea30cdc8c6 100644
--- a/core/src/main/java/org/springframework/security/access/vote/AuthenticatedVoter.java
+++ b/core/src/main/java/org/springframework/security/access/vote/AuthenticatedVoter.java
@@ -57,8 +57,8 @@ public class AuthenticatedVoter implements AccessDecisionVoter<Object> {
 	private AuthenticationTrustResolver authenticationTrustResolver = new AuthenticationTrustResolverImpl();
 
 	private boolean isFullyAuthenticated(Authentication authentication) {
-		return (!authenticationTrustResolver.isAnonymous(authentication)
-				&& !authenticationTrustResolver.isRememberMe(authentication));
+		return (!this.authenticationTrustResolver.isAnonymous(authentication)
+				&& !this.authenticationTrustResolver.isRememberMe(authentication));
 	}
 
 	public void setAuthenticationTrustResolver(AuthenticationTrustResolver authenticationTrustResolver) {
@@ -101,15 +101,16 @@ public class AuthenticatedVoter implements AccessDecisionVoter<Object> {
 				}
 
 				if (IS_AUTHENTICATED_REMEMBERED.equals(attribute.getAttribute())) {
-					if (authenticationTrustResolver.isRememberMe(authentication)
+					if (this.authenticationTrustResolver.isRememberMe(authentication)
 							|| isFullyAuthenticated(authentication)) {
 						return ACCESS_GRANTED;
 					}
 				}
 
 				if (IS_AUTHENTICATED_ANONYMOUSLY.equals(attribute.getAttribute())) {
-					if (authenticationTrustResolver.isAnonymous(authentication) || isFullyAuthenticated(authentication)
-							|| authenticationTrustResolver.isRememberMe(authentication)) {
+					if (this.authenticationTrustResolver.isAnonymous(authentication)
+							|| isFullyAuthenticated(authentication)
+							|| this.authenticationTrustResolver.isRememberMe(authentication)) {
 						return ACCESS_GRANTED;
 					}
 				}
diff --git a/core/src/main/java/org/springframework/security/access/vote/ConsensusBased.java b/core/src/main/java/org/springframework/security/access/vote/ConsensusBased.java
index a060200f70..80c0098f25 100644
--- a/core/src/main/java/org/springframework/security/access/vote/ConsensusBased.java
+++ b/core/src/main/java/org/springframework/security/access/vote/ConsensusBased.java
@@ -66,8 +66,8 @@ public class ConsensusBased extends AbstractAccessDecisionManager {
 		for (AccessDecisionVoter voter : getDecisionVoters()) {
 			int result = voter.vote(authentication, object, configAttributes);
 
-			if (logger.isDebugEnabled()) {
-				logger.debug("Voter: " + voter + ", returned: " + result);
+			if (this.logger.isDebugEnabled()) {
+				this.logger.debug("Voter: " + voter + ", returned: " + result);
 			}
 
 			switch (result) {
@@ -92,7 +92,7 @@ public class ConsensusBased extends AbstractAccessDecisionManager {
 
 		if (deny > grant) {
 			throw new AccessDeniedException(
-					messages.getMessage("AbstractAccessDecisionManager.accessDenied", "Access is denied"));
+					this.messages.getMessage("AbstractAccessDecisionManager.accessDenied", "Access is denied"));
 		}
 
 		if ((grant == deny) && (grant != 0)) {
@@ -101,7 +101,7 @@ public class ConsensusBased extends AbstractAccessDecisionManager {
 			}
 			else {
 				throw new AccessDeniedException(
-						messages.getMessage("AbstractAccessDecisionManager.accessDenied", "Access is denied"));
+						this.messages.getMessage("AbstractAccessDecisionManager.accessDenied", "Access is denied"));
 			}
 		}
 
@@ -110,7 +110,7 @@ public class ConsensusBased extends AbstractAccessDecisionManager {
 	}
 
 	public boolean isAllowIfEqualGrantedDeniedDecisions() {
-		return allowIfEqualGrantedDeniedDecisions;
+		return this.allowIfEqualGrantedDeniedDecisions;
 	}
 
 	public void setAllowIfEqualGrantedDeniedDecisions(boolean allowIfEqualGrantedDeniedDecisions) {
diff --git a/core/src/main/java/org/springframework/security/access/vote/RoleHierarchyVoter.java b/core/src/main/java/org/springframework/security/access/vote/RoleHierarchyVoter.java
index 88da1dc1bd..9da2fff2d5 100644
--- a/core/src/main/java/org/springframework/security/access/vote/RoleHierarchyVoter.java
+++ b/core/src/main/java/org/springframework/security/access/vote/RoleHierarchyVoter.java
@@ -43,7 +43,7 @@ public class RoleHierarchyVoter extends RoleVoter {
 	 */
 	@Override
 	Collection<? extends GrantedAuthority> extractAuthorities(Authentication authentication) {
-		return roleHierarchy.getReachableGrantedAuthorities(authentication.getAuthorities());
+		return this.roleHierarchy.getReachableGrantedAuthorities(authentication.getAuthorities());
 	}
 
 }
diff --git a/core/src/main/java/org/springframework/security/access/vote/RoleVoter.java b/core/src/main/java/org/springframework/security/access/vote/RoleVoter.java
index 4f2d4a6ae0..b087c5784a 100644
--- a/core/src/main/java/org/springframework/security/access/vote/RoleVoter.java
+++ b/core/src/main/java/org/springframework/security/access/vote/RoleVoter.java
@@ -54,7 +54,7 @@ public class RoleVoter implements AccessDecisionVoter<Object> {
 	private String rolePrefix = "ROLE_";
 
 	public String getRolePrefix() {
-		return rolePrefix;
+		return this.rolePrefix;
 	}
 
 	/**
diff --git a/core/src/main/java/org/springframework/security/access/vote/UnanimousBased.java b/core/src/main/java/org/springframework/security/access/vote/UnanimousBased.java
index ad6c9a6e6a..ae5a1b0b4a 100644
--- a/core/src/main/java/org/springframework/security/access/vote/UnanimousBased.java
+++ b/core/src/main/java/org/springframework/security/access/vote/UnanimousBased.java
@@ -69,8 +69,8 @@ public class UnanimousBased extends AbstractAccessDecisionManager {
 			for (AccessDecisionVoter voter : getDecisionVoters()) {
 				int result = voter.vote(authentication, object, singleAttributeList);
 
-				if (logger.isDebugEnabled()) {
-					logger.debug("Voter: " + voter + ", returned: " + result);
+				if (this.logger.isDebugEnabled()) {
+					this.logger.debug("Voter: " + voter + ", returned: " + result);
 				}
 
 				switch (result) {
@@ -81,7 +81,7 @@ public class UnanimousBased extends AbstractAccessDecisionManager {
 
 				case AccessDecisionVoter.ACCESS_DENIED:
 					throw new AccessDeniedException(
-							messages.getMessage("AbstractAccessDecisionManager.accessDenied", "Access is denied"));
+							this.messages.getMessage("AbstractAccessDecisionManager.accessDenied", "Access is denied"));
 
 				default:
 					break;
diff --git a/core/src/main/java/org/springframework/security/authentication/AbstractAuthenticationToken.java b/core/src/main/java/org/springframework/security/authentication/AbstractAuthenticationToken.java
index 8df8fc9fd2..80146f6b27 100644
--- a/core/src/main/java/org/springframework/security/authentication/AbstractAuthenticationToken.java
+++ b/core/src/main/java/org/springframework/security/authentication/AbstractAuthenticationToken.java
@@ -66,7 +66,7 @@ public abstract class AbstractAuthenticationToken implements Authentication, Cre
 	}
 
 	public Collection<GrantedAuthority> getAuthorities() {
-		return authorities;
+		return this.authorities;
 	}
 
 	public String getName() {
@@ -84,7 +84,7 @@ public abstract class AbstractAuthenticationToken implements Authentication, Cre
 	}
 
 	public boolean isAuthenticated() {
-		return authenticated;
+		return this.authenticated;
 	}
 
 	public void setAuthenticated(boolean authenticated) {
@@ -92,7 +92,7 @@ public abstract class AbstractAuthenticationToken implements Authentication, Cre
 	}
 
 	public Object getDetails() {
-		return details;
+		return this.details;
 	}
 
 	public void setDetails(Object details) {
@@ -107,7 +107,7 @@ public abstract class AbstractAuthenticationToken implements Authentication, Cre
 	public void eraseCredentials() {
 		eraseSecret(getCredentials());
 		eraseSecret(getPrincipal());
-		eraseSecret(details);
+		eraseSecret(this.details);
 	}
 
 	private void eraseSecret(Object secret) {
@@ -124,7 +124,7 @@ public abstract class AbstractAuthenticationToken implements Authentication, Cre
 
 		AbstractAuthenticationToken test = (AbstractAuthenticationToken) obj;
 
-		if (!authorities.equals(test.authorities)) {
+		if (!this.authorities.equals(test.authorities)) {
 			return false;
 		}
 
@@ -163,7 +163,7 @@ public abstract class AbstractAuthenticationToken implements Authentication, Cre
 	public int hashCode() {
 		int code = 31;
 
-		for (GrantedAuthority authority : authorities) {
+		for (GrantedAuthority authority : this.authorities) {
 			code ^= authority.hashCode();
 		}
 
@@ -195,11 +195,11 @@ public abstract class AbstractAuthenticationToken implements Authentication, Cre
 		sb.append("Authenticated: ").append(this.isAuthenticated()).append("; ");
 		sb.append("Details: ").append(this.getDetails()).append("; ");
 
-		if (!authorities.isEmpty()) {
+		if (!this.authorities.isEmpty()) {
 			sb.append("Granted Authorities: ");
 
 			int i = 0;
-			for (GrantedAuthority authority : authorities) {
+			for (GrantedAuthority authority : this.authorities) {
 				if (i++ > 0) {
 					sb.append(", ");
 				}
diff --git a/core/src/main/java/org/springframework/security/authentication/AbstractUserDetailsReactiveAuthenticationManager.java b/core/src/main/java/org/springframework/security/authentication/AbstractUserDetailsReactiveAuthenticationManager.java
index 7351278502..b936c38b28 100644
--- a/core/src/main/java/org/springframework/security/authentication/AbstractUserDetailsReactiveAuthenticationManager.java
+++ b/core/src/main/java/org/springframework/security/authentication/AbstractUserDetailsReactiveAuthenticationManager.java
@@ -59,21 +59,21 @@ public abstract class AbstractUserDetailsReactiveAuthenticationManager implement
 
 	private UserDetailsChecker preAuthenticationChecks = user -> {
 		if (!user.isAccountNonLocked()) {
-			logger.debug("User account is locked");
+			this.logger.debug("User account is locked");
 
 			throw new LockedException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.locked",
 					"User account is locked"));
 		}
 
 		if (!user.isEnabled()) {
-			logger.debug("User account is disabled");
+			this.logger.debug("User account is disabled");
 
 			throw new DisabledException(
 					this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.disabled", "User is disabled"));
 		}
 
 		if (!user.isAccountNonExpired()) {
-			logger.debug("User account is expired");
+			this.logger.debug("User account is expired");
 
 			throw new AccountExpiredException(this.messages
 					.getMessage("AbstractUserDetailsAuthenticationProvider.expired", "User account has expired"));
@@ -82,7 +82,7 @@ public abstract class AbstractUserDetailsReactiveAuthenticationManager implement
 
 	private UserDetailsChecker postAuthenticationChecks = user -> {
 		if (!user.isCredentialsNonExpired()) {
-			logger.debug("User account credentials have expired");
+			this.logger.debug("User account credentials have expired");
 
 			throw new CredentialsExpiredException(this.messages.getMessage(
 					"AbstractUserDetailsAuthenticationProvider.credentialsExpired", "User credentials have expired"));
diff --git a/core/src/main/java/org/springframework/security/authentication/AccountStatusUserDetailsChecker.java b/core/src/main/java/org/springframework/security/authentication/AccountStatusUserDetailsChecker.java
index f8b0015531..1acd873244 100644
--- a/core/src/main/java/org/springframework/security/authentication/AccountStatusUserDetailsChecker.java
+++ b/core/src/main/java/org/springframework/security/authentication/AccountStatusUserDetailsChecker.java
@@ -33,21 +33,21 @@ public class AccountStatusUserDetailsChecker implements UserDetailsChecker, Mess
 	public void check(UserDetails user) {
 		if (!user.isAccountNonLocked()) {
 			throw new LockedException(
-					messages.getMessage("AccountStatusUserDetailsChecker.locked", "User account is locked"));
+					this.messages.getMessage("AccountStatusUserDetailsChecker.locked", "User account is locked"));
 		}
 
 		if (!user.isEnabled()) {
 			throw new DisabledException(
-					messages.getMessage("AccountStatusUserDetailsChecker.disabled", "User is disabled"));
+					this.messages.getMessage("AccountStatusUserDetailsChecker.disabled", "User is disabled"));
 		}
 
 		if (!user.isAccountNonExpired()) {
 			throw new AccountExpiredException(
-					messages.getMessage("AccountStatusUserDetailsChecker.expired", "User account has expired"));
+					this.messages.getMessage("AccountStatusUserDetailsChecker.expired", "User account has expired"));
 		}
 
 		if (!user.isCredentialsNonExpired()) {
-			throw new CredentialsExpiredException(messages
+			throw new CredentialsExpiredException(this.messages
 					.getMessage("AccountStatusUserDetailsChecker.credentialsExpired", "User credentials have expired"));
 		}
 	}
diff --git a/core/src/main/java/org/springframework/security/authentication/AnonymousAuthenticationProvider.java b/core/src/main/java/org/springframework/security/authentication/AnonymousAuthenticationProvider.java
index 6643dc6695..098e061f95 100644
--- a/core/src/main/java/org/springframework/security/authentication/AnonymousAuthenticationProvider.java
+++ b/core/src/main/java/org/springframework/security/authentication/AnonymousAuthenticationProvider.java
@@ -50,7 +50,7 @@ public class AnonymousAuthenticationProvider implements AuthenticationProvider,
 		}
 
 		if (this.key.hashCode() != ((AnonymousAuthenticationToken) authentication).getKeyHash()) {
-			throw new BadCredentialsException(messages.getMessage("AnonymousAuthenticationProvider.incorrectKey",
+			throw new BadCredentialsException(this.messages.getMessage("AnonymousAuthenticationProvider.incorrectKey",
 					"The presented AnonymousAuthenticationToken does not contain the expected key"));
 		}
 
@@ -58,7 +58,7 @@ public class AnonymousAuthenticationProvider implements AuthenticationProvider,
 	}
 
 	public String getKey() {
-		return key;
+		return this.key;
 	}
 
 	public void setMessageSource(MessageSource messageSource) {
diff --git a/core/src/main/java/org/springframework/security/authentication/AuthenticationTrustResolverImpl.java b/core/src/main/java/org/springframework/security/authentication/AuthenticationTrustResolverImpl.java
index ae20478bb3..019207b4a5 100644
--- a/core/src/main/java/org/springframework/security/authentication/AuthenticationTrustResolverImpl.java
+++ b/core/src/main/java/org/springframework/security/authentication/AuthenticationTrustResolverImpl.java
@@ -36,27 +36,27 @@ public class AuthenticationTrustResolverImpl implements AuthenticationTrustResol
 	private Class<? extends Authentication> rememberMeClass = RememberMeAuthenticationToken.class;
 
 	Class<? extends Authentication> getAnonymousClass() {
-		return anonymousClass;
+		return this.anonymousClass;
 	}
 
 	Class<? extends Authentication> getRememberMeClass() {
-		return rememberMeClass;
+		return this.rememberMeClass;
 	}
 
 	public boolean isAnonymous(Authentication authentication) {
-		if ((anonymousClass == null) || (authentication == null)) {
+		if ((this.anonymousClass == null) || (authentication == null)) {
 			return false;
 		}
 
-		return anonymousClass.isAssignableFrom(authentication.getClass());
+		return this.anonymousClass.isAssignableFrom(authentication.getClass());
 	}
 
 	public boolean isRememberMe(Authentication authentication) {
-		if ((rememberMeClass == null) || (authentication == null)) {
+		if ((this.rememberMeClass == null) || (authentication == null)) {
 			return false;
 		}
 
-		return rememberMeClass.isAssignableFrom(authentication.getClass());
+		return this.rememberMeClass.isAssignableFrom(authentication.getClass());
 	}
 
 	public void setAnonymousClass(Class<? extends Authentication> anonymousClass) {
diff --git a/core/src/main/java/org/springframework/security/authentication/CachingUserDetailsService.java b/core/src/main/java/org/springframework/security/authentication/CachingUserDetailsService.java
index aaefaa570f..c87424f900 100644
--- a/core/src/main/java/org/springframework/security/authentication/CachingUserDetailsService.java
+++ b/core/src/main/java/org/springframework/security/authentication/CachingUserDetailsService.java
@@ -36,7 +36,7 @@ public class CachingUserDetailsService implements UserDetailsService {
 	}
 
 	public UserCache getUserCache() {
-		return userCache;
+		return this.userCache;
 	}
 
 	public void setUserCache(UserCache userCache) {
@@ -44,16 +44,16 @@ public class CachingUserDetailsService implements UserDetailsService {
 	}
 
 	public UserDetails loadUserByUsername(String username) {
-		UserDetails user = userCache.getUserFromCache(username);
+		UserDetails user = this.userCache.getUserFromCache(username);
 
 		if (user == null) {
-			user = delegate.loadUserByUsername(username);
+			user = this.delegate.loadUserByUsername(username);
 		}
 
-		Assert.notNull(user, () -> "UserDetailsService " + delegate + " returned null for username " + username + ". "
-				+ "This is an interface contract violation");
+		Assert.notNull(user, () -> "UserDetailsService " + this.delegate + " returned null for username " + username
+				+ ". " + "This is an interface contract violation");
 
-		userCache.putUserInCache(user);
+		this.userCache.putUserInCache(user);
 
 		return user;
 	}
diff --git a/core/src/main/java/org/springframework/security/authentication/DefaultAuthenticationEventPublisher.java b/core/src/main/java/org/springframework/security/authentication/DefaultAuthenticationEventPublisher.java
index 10619ceebb..8871f82af2 100644
--- a/core/src/main/java/org/springframework/security/authentication/DefaultAuthenticationEventPublisher.java
+++ b/core/src/main/java/org/springframework/security/authentication/DefaultAuthenticationEventPublisher.java
@@ -94,8 +94,8 @@ public class DefaultAuthenticationEventPublisher
 	}
 
 	public void publishAuthenticationSuccess(Authentication authentication) {
-		if (applicationEventPublisher != null) {
-			applicationEventPublisher.publishEvent(new AuthenticationSuccessEvent(authentication));
+		if (this.applicationEventPublisher != null) {
+			this.applicationEventPublisher.publishEvent(new AuthenticationSuccessEvent(authentication));
 		}
 	}
 
@@ -112,13 +112,13 @@ public class DefaultAuthenticationEventPublisher
 		}
 
 		if (event != null) {
-			if (applicationEventPublisher != null) {
-				applicationEventPublisher.publishEvent(event);
+			if (this.applicationEventPublisher != null) {
+				this.applicationEventPublisher.publishEvent(event);
 			}
 		}
 		else {
-			if (logger.isDebugEnabled()) {
-				logger.debug("No event was found for the exception " + exception.getClass().getName());
+			if (this.logger.isDebugEnabled()) {
+				this.logger.debug("No event was found for the exception " + exception.getClass().getName());
 			}
 		}
 	}
@@ -201,7 +201,7 @@ public class DefaultAuthenticationEventPublisher
 		try {
 			Constructor<? extends AbstractAuthenticationEvent> constructor = eventClass
 					.getConstructor(Authentication.class, AuthenticationException.class);
-			exceptionMappings.put(exceptionClass, constructor);
+			this.exceptionMappings.put(exceptionClass, constructor);
 		}
 		catch (NoSuchMethodException e) {
 			throw new RuntimeException(
diff --git a/core/src/main/java/org/springframework/security/authentication/ProviderManager.java b/core/src/main/java/org/springframework/security/authentication/ProviderManager.java
index 5a84c15b0a..bb0c7192a6 100644
--- a/core/src/main/java/org/springframework/security/authentication/ProviderManager.java
+++ b/core/src/main/java/org/springframework/security/authentication/ProviderManager.java
@@ -132,11 +132,11 @@ public class ProviderManager implements AuthenticationManager, MessageSourceAwar
 	}
 
 	private void checkState() {
-		if (parent == null && providers.isEmpty()) {
+		if (this.parent == null && this.providers.isEmpty()) {
 			throw new IllegalArgumentException(
 					"A parent AuthenticationManager or a list " + "of AuthenticationProviders is required");
 		}
-		else if (CollectionUtils.contains(providers.iterator(), null)) {
+		else if (CollectionUtils.contains(this.providers.iterator(), null)) {
 			throw new IllegalArgumentException("providers list cannot contain null values");
 		}
 	}
@@ -197,10 +197,10 @@ public class ProviderManager implements AuthenticationManager, MessageSourceAwar
 			}
 		}
 
-		if (result == null && parent != null) {
+		if (result == null && this.parent != null) {
 			// Allow the parent to try.
 			try {
-				result = parentResult = parent.authenticate(authentication);
+				result = parentResult = this.parent.authenticate(authentication);
 			}
 			catch (ProviderNotFoundException e) {
 				// ignore as we will throw below if no other exception occurred prior to
@@ -214,7 +214,7 @@ public class ProviderManager implements AuthenticationManager, MessageSourceAwar
 		}
 
 		if (result != null) {
-			if (eraseCredentialsAfterAuthentication && (result instanceof CredentialsContainer)) {
+			if (this.eraseCredentialsAfterAuthentication && (result instanceof CredentialsContainer)) {
 				// Authentication is complete. Remove credentials and other secret data
 				// from authentication
 				((CredentialsContainer) result).eraseCredentials();
@@ -225,7 +225,7 @@ public class ProviderManager implements AuthenticationManager, MessageSourceAwar
 			// This check prevents a duplicate AuthenticationSuccessEvent if the parent
 			// AuthenticationManager already published it
 			if (parentResult == null) {
-				eventPublisher.publishAuthenticationSuccess(result);
+				this.eventPublisher.publishAuthenticationSuccess(result);
 			}
 			return result;
 		}
@@ -233,7 +233,7 @@ public class ProviderManager implements AuthenticationManager, MessageSourceAwar
 		// Parent was null, or didn't authenticate (or throw an exception).
 
 		if (lastException == null) {
-			lastException = new ProviderNotFoundException(messages.getMessage("ProviderManager.providerNotFound",
+			lastException = new ProviderNotFoundException(this.messages.getMessage("ProviderManager.providerNotFound",
 					new Object[] { toTest.getName() }, "No AuthenticationProvider found for {0}"));
 		}
 
@@ -250,7 +250,7 @@ public class ProviderManager implements AuthenticationManager, MessageSourceAwar
 
 	@SuppressWarnings("deprecation")
 	private void prepareException(AuthenticationException ex, Authentication auth) {
-		eventPublisher.publishAuthenticationFailure(ex, auth);
+		this.eventPublisher.publishAuthenticationFailure(ex, auth);
 	}
 
 	/**
@@ -268,7 +268,7 @@ public class ProviderManager implements AuthenticationManager, MessageSourceAwar
 	}
 
 	public List<AuthenticationProvider> getProviders() {
-		return providers;
+		return this.providers;
 	}
 
 	public void setMessageSource(MessageSource messageSource) {
@@ -293,7 +293,7 @@ public class ProviderManager implements AuthenticationManager, MessageSourceAwar
 	}
 
 	public boolean isEraseCredentialsAfterAuthentication() {
-		return eraseCredentialsAfterAuthentication;
+		return this.eraseCredentialsAfterAuthentication;
 	}
 
 	private static final class NullEventPublisher implements AuthenticationEventPublisher {
diff --git a/core/src/main/java/org/springframework/security/authentication/ReactiveAuthenticationManagerAdapter.java b/core/src/main/java/org/springframework/security/authentication/ReactiveAuthenticationManagerAdapter.java
index 88bec60958..ddbe07a111 100644
--- a/core/src/main/java/org/springframework/security/authentication/ReactiveAuthenticationManagerAdapter.java
+++ b/core/src/main/java/org/springframework/security/authentication/ReactiveAuthenticationManagerAdapter.java
@@ -48,7 +48,7 @@ public class ReactiveAuthenticationManagerAdapter implements ReactiveAuthenticat
 	public Mono<Authentication> authenticate(Authentication token) {
 		return Mono.just(token).publishOn(this.scheduler).flatMap(t -> {
 			try {
-				return Mono.just(authenticationManager.authenticate(t));
+				return Mono.just(this.authenticationManager.authenticate(t));
 			}
 			catch (Throwable error) {
 				return Mono.error(error);
diff --git a/core/src/main/java/org/springframework/security/authentication/RememberMeAuthenticationProvider.java b/core/src/main/java/org/springframework/security/authentication/RememberMeAuthenticationProvider.java
index 552232bddb..5c792ccafd 100644
--- a/core/src/main/java/org/springframework/security/authentication/RememberMeAuthenticationProvider.java
+++ b/core/src/main/java/org/springframework/security/authentication/RememberMeAuthenticationProvider.java
@@ -53,7 +53,7 @@ public class RememberMeAuthenticationProvider implements AuthenticationProvider,
 		}
 
 		if (this.key.hashCode() != ((RememberMeAuthenticationToken) authentication).getKeyHash()) {
-			throw new BadCredentialsException(messages.getMessage("RememberMeAuthenticationProvider.incorrectKey",
+			throw new BadCredentialsException(this.messages.getMessage("RememberMeAuthenticationProvider.incorrectKey",
 					"The presented RememberMeAuthenticationToken does not contain the expected key"));
 		}
 
@@ -61,7 +61,7 @@ public class RememberMeAuthenticationProvider implements AuthenticationProvider,
 	}
 
 	public String getKey() {
-		return key;
+		return this.key;
 	}
 
 	public void setMessageSource(MessageSource messageSource) {
diff --git a/core/src/main/java/org/springframework/security/authentication/UsernamePasswordAuthenticationToken.java b/core/src/main/java/org/springframework/security/authentication/UsernamePasswordAuthenticationToken.java
index 4dbb5778fe..e293aa67cd 100644
--- a/core/src/main/java/org/springframework/security/authentication/UsernamePasswordAuthenticationToken.java
+++ b/core/src/main/java/org/springframework/security/authentication/UsernamePasswordAuthenticationToken.java
@@ -90,7 +90,7 @@ public class UsernamePasswordAuthenticationToken extends AbstractAuthenticationT
 	@Override
 	public void eraseCredentials() {
 		super.eraseCredentials();
-		credentials = null;
+		this.credentials = null;
 	}
 
 }
diff --git a/core/src/main/java/org/springframework/security/authentication/dao/AbstractUserDetailsAuthenticationProvider.java b/core/src/main/java/org/springframework/security/authentication/dao/AbstractUserDetailsAuthenticationProvider.java
index 36ed0cd429..9bbe5a32ef 100644
--- a/core/src/main/java/org/springframework/security/authentication/dao/AbstractUserDetailsAuthenticationProvider.java
+++ b/core/src/main/java/org/springframework/security/authentication/dao/AbstractUserDetailsAuthenticationProvider.java
@@ -120,7 +120,7 @@ public abstract class AbstractUserDetailsAuthenticationProvider
 
 	public Authentication authenticate(Authentication authentication) throws AuthenticationException {
 		Assert.isInstanceOf(UsernamePasswordAuthenticationToken.class, authentication,
-				() -> messages.getMessage("AbstractUserDetailsAuthenticationProvider.onlySupports",
+				() -> this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.onlySupports",
 						"Only UsernamePasswordAuthenticationToken is supported"));
 
 		// Determine username
@@ -136,10 +136,10 @@ public abstract class AbstractUserDetailsAuthenticationProvider
 				user = retrieveUser(username, (UsernamePasswordAuthenticationToken) authentication);
 			}
 			catch (UsernameNotFoundException notFound) {
-				logger.debug("User '" + username + "' not found");
+				this.logger.debug("User '" + username + "' not found");
 
-				if (hideUserNotFoundExceptions) {
-					throw new BadCredentialsException(messages
+				if (this.hideUserNotFoundExceptions) {
+					throw new BadCredentialsException(this.messages
 							.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
 				}
 				else {
@@ -151,7 +151,7 @@ public abstract class AbstractUserDetailsAuthenticationProvider
 		}
 
 		try {
-			preAuthenticationChecks.check(user);
+			this.preAuthenticationChecks.check(user);
 			additionalAuthenticationChecks(user, (UsernamePasswordAuthenticationToken) authentication);
 		}
 		catch (AuthenticationException exception) {
@@ -160,7 +160,7 @@ public abstract class AbstractUserDetailsAuthenticationProvider
 				// we're using latest data (i.e. not from the cache)
 				cacheWasUsed = false;
 				user = retrieveUser(username, (UsernamePasswordAuthenticationToken) authentication);
-				preAuthenticationChecks.check(user);
+				this.preAuthenticationChecks.check(user);
 				additionalAuthenticationChecks(user, (UsernamePasswordAuthenticationToken) authentication);
 			}
 			else {
@@ -168,7 +168,7 @@ public abstract class AbstractUserDetailsAuthenticationProvider
 			}
 		}
 
-		postAuthenticationChecks.check(user);
+		this.postAuthenticationChecks.check(user);
 
 		if (!cacheWasUsed) {
 			this.userCache.putUserInCache(user);
@@ -176,7 +176,7 @@ public abstract class AbstractUserDetailsAuthenticationProvider
 
 		Object principalToReturn = user;
 
-		if (forcePrincipalAsString) {
+		if (this.forcePrincipalAsString) {
 			principalToReturn = user.getUsername();
 		}
 
@@ -205,7 +205,7 @@ public abstract class AbstractUserDetailsAuthenticationProvider
 		// Also ensure we return the original getDetails(), so that future
 		// authentication events after cache expiry contain the details
 		UsernamePasswordAuthenticationToken result = new UsernamePasswordAuthenticationToken(principal,
-				authentication.getCredentials(), authoritiesMapper.mapAuthorities(user.getAuthorities()));
+				authentication.getCredentials(), this.authoritiesMapper.mapAuthorities(user.getAuthorities()));
 		result.setDetails(authentication.getDetails());
 
 		return result;
@@ -215,15 +215,15 @@ public abstract class AbstractUserDetailsAuthenticationProvider
 	}
 
 	public UserCache getUserCache() {
-		return userCache;
+		return this.userCache;
 	}
 
 	public boolean isForcePrincipalAsString() {
-		return forcePrincipalAsString;
+		return this.forcePrincipalAsString;
 	}
 
 	public boolean isHideUserNotFoundExceptions() {
-		return hideUserNotFoundExceptions;
+		return this.hideUserNotFoundExceptions;
 	}
 
 	/**
@@ -299,7 +299,7 @@ public abstract class AbstractUserDetailsAuthenticationProvider
 	}
 
 	protected UserDetailsChecker getPreAuthenticationChecks() {
-		return preAuthenticationChecks;
+		return this.preAuthenticationChecks;
 	}
 
 	/**
@@ -312,7 +312,7 @@ public abstract class AbstractUserDetailsAuthenticationProvider
 	}
 
 	protected UserDetailsChecker getPostAuthenticationChecks() {
-		return postAuthenticationChecks;
+		return this.postAuthenticationChecks;
 	}
 
 	public void setPostAuthenticationChecks(UserDetailsChecker postAuthenticationChecks) {
@@ -327,23 +327,23 @@ public abstract class AbstractUserDetailsAuthenticationProvider
 
 		public void check(UserDetails user) {
 			if (!user.isAccountNonLocked()) {
-				logger.debug("User account is locked");
+				AbstractUserDetailsAuthenticationProvider.this.logger.debug("User account is locked");
 
-				throw new LockedException(messages.getMessage("AbstractUserDetailsAuthenticationProvider.locked",
-						"User account is locked"));
+				throw new LockedException(AbstractUserDetailsAuthenticationProvider.this.messages
+						.getMessage("AbstractUserDetailsAuthenticationProvider.locked", "User account is locked"));
 			}
 
 			if (!user.isEnabled()) {
-				logger.debug("User account is disabled");
+				AbstractUserDetailsAuthenticationProvider.this.logger.debug("User account is disabled");
 
-				throw new DisabledException(
-						messages.getMessage("AbstractUserDetailsAuthenticationProvider.disabled", "User is disabled"));
+				throw new DisabledException(AbstractUserDetailsAuthenticationProvider.this.messages
+						.getMessage("AbstractUserDetailsAuthenticationProvider.disabled", "User is disabled"));
 			}
 
 			if (!user.isAccountNonExpired()) {
-				logger.debug("User account is expired");
+				AbstractUserDetailsAuthenticationProvider.this.logger.debug("User account is expired");
 
-				throw new AccountExpiredException(messages
+				throw new AccountExpiredException(AbstractUserDetailsAuthenticationProvider.this.messages
 						.getMessage("AbstractUserDetailsAuthenticationProvider.expired", "User account has expired"));
 			}
 		}
@@ -354,10 +354,10 @@ public abstract class AbstractUserDetailsAuthenticationProvider
 
 		public void check(UserDetails user) {
 			if (!user.isCredentialsNonExpired()) {
-				logger.debug("User account credentials have expired");
+				AbstractUserDetailsAuthenticationProvider.this.logger.debug("User account credentials have expired");
 
-				throw new CredentialsExpiredException(
-						messages.getMessage("AbstractUserDetailsAuthenticationProvider.credentialsExpired",
+				throw new CredentialsExpiredException(AbstractUserDetailsAuthenticationProvider.this.messages
+						.getMessage("AbstractUserDetailsAuthenticationProvider.credentialsExpired",
 								"User credentials have expired"));
 			}
 		}
diff --git a/core/src/main/java/org/springframework/security/authentication/dao/DaoAuthenticationProvider.java b/core/src/main/java/org/springframework/security/authentication/dao/DaoAuthenticationProvider.java
index 4fc4a67168..691050d60f 100644
--- a/core/src/main/java/org/springframework/security/authentication/dao/DaoAuthenticationProvider.java
+++ b/core/src/main/java/org/springframework/security/authentication/dao/DaoAuthenticationProvider.java
@@ -67,19 +67,19 @@ public class DaoAuthenticationProvider extends AbstractUserDetailsAuthentication
 	protected void additionalAuthenticationChecks(UserDetails userDetails,
 			UsernamePasswordAuthenticationToken authentication) throws AuthenticationException {
 		if (authentication.getCredentials() == null) {
-			logger.debug("Authentication failed: no credentials provided");
+			this.logger.debug("Authentication failed: no credentials provided");
 
-			throw new BadCredentialsException(
-					messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
+			throw new BadCredentialsException(this.messages
+					.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
 		}
 
 		String presentedPassword = authentication.getCredentials().toString();
 
-		if (!passwordEncoder.matches(presentedPassword, userDetails.getPassword())) {
-			logger.debug("Authentication failed: password does not match stored value");
+		if (!this.passwordEncoder.matches(presentedPassword, userDetails.getPassword())) {
+			this.logger.debug("Authentication failed: password does not match stored value");
 
-			throw new BadCredentialsException(
-					messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
+			throw new BadCredentialsException(this.messages
+					.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
 		}
 	}
 
@@ -150,7 +150,7 @@ public class DaoAuthenticationProvider extends AbstractUserDetailsAuthentication
 	}
 
 	protected PasswordEncoder getPasswordEncoder() {
-		return passwordEncoder;
+		return this.passwordEncoder;
 	}
 
 	public void setUserDetailsService(UserDetailsService userDetailsService) {
@@ -158,7 +158,7 @@ public class DaoAuthenticationProvider extends AbstractUserDetailsAuthentication
 	}
 
 	protected UserDetailsService getUserDetailsService() {
-		return userDetailsService;
+		return this.userDetailsService;
 	}
 
 	public void setUserDetailsPasswordService(UserDetailsPasswordService userDetailsPasswordService) {
diff --git a/core/src/main/java/org/springframework/security/authentication/event/AbstractAuthenticationFailureEvent.java b/core/src/main/java/org/springframework/security/authentication/event/AbstractAuthenticationFailureEvent.java
index b1cb398631..0f06d0b94c 100644
--- a/core/src/main/java/org/springframework/security/authentication/event/AbstractAuthenticationFailureEvent.java
+++ b/core/src/main/java/org/springframework/security/authentication/event/AbstractAuthenticationFailureEvent.java
@@ -36,7 +36,7 @@ public abstract class AbstractAuthenticationFailureEvent extends AbstractAuthent
 	}
 
 	public AuthenticationException getException() {
-		return exception;
+		return this.exception;
 	}
 
 }
diff --git a/core/src/main/java/org/springframework/security/authentication/event/InteractiveAuthenticationSuccessEvent.java b/core/src/main/java/org/springframework/security/authentication/event/InteractiveAuthenticationSuccessEvent.java
index 6388b4b752..c93d2a9165 100644
--- a/core/src/main/java/org/springframework/security/authentication/event/InteractiveAuthenticationSuccessEvent.java
+++ b/core/src/main/java/org/springframework/security/authentication/event/InteractiveAuthenticationSuccessEvent.java
@@ -48,7 +48,7 @@ public class InteractiveAuthenticationSuccessEvent extends AbstractAuthenticatio
 	 * @return the class
 	 */
 	public Class<?> getGeneratedBy() {
-		return generatedBy;
+		return this.generatedBy;
 	}
 
 }
diff --git a/core/src/main/java/org/springframework/security/authentication/event/LoggerListener.java b/core/src/main/java/org/springframework/security/authentication/event/LoggerListener.java
index 16ef4430f4..57c69c66fb 100644
--- a/core/src/main/java/org/springframework/security/authentication/event/LoggerListener.java
+++ b/core/src/main/java/org/springframework/security/authentication/event/LoggerListener.java
@@ -40,7 +40,7 @@ public class LoggerListener implements ApplicationListener<AbstractAuthenticatio
 	private boolean logInteractiveAuthenticationSuccessEvents = true;
 
 	public void onApplicationEvent(AbstractAuthenticationEvent event) {
-		if (!logInteractiveAuthenticationSuccessEvents && event instanceof InteractiveAuthenticationSuccessEvent) {
+		if (!this.logInteractiveAuthenticationSuccessEvents && event instanceof InteractiveAuthenticationSuccessEvent) {
 			return;
 		}
 
@@ -63,7 +63,7 @@ public class LoggerListener implements ApplicationListener<AbstractAuthenticatio
 	}
 
 	public boolean isLogInteractiveAuthenticationSuccessEvents() {
-		return logInteractiveAuthenticationSuccessEvents;
+		return this.logInteractiveAuthenticationSuccessEvents;
 	}
 
 	public void setLogInteractiveAuthenticationSuccessEvents(boolean logInteractiveAuthenticationSuccessEvents) {
diff --git a/core/src/main/java/org/springframework/security/authentication/jaas/JaasAuthenticationToken.java b/core/src/main/java/org/springframework/security/authentication/jaas/JaasAuthenticationToken.java
index 05690f7afd..410f7e5f06 100644
--- a/core/src/main/java/org/springframework/security/authentication/jaas/JaasAuthenticationToken.java
+++ b/core/src/main/java/org/springframework/security/authentication/jaas/JaasAuthenticationToken.java
@@ -48,7 +48,7 @@ public class JaasAuthenticationToken extends UsernamePasswordAuthenticationToken
 	}
 
 	public LoginContext getLoginContext() {
-		return loginContext;
+		return this.loginContext;
 	}
 
 }
diff --git a/core/src/main/java/org/springframework/security/authentication/jaas/JaasGrantedAuthority.java b/core/src/main/java/org/springframework/security/authentication/jaas/JaasGrantedAuthority.java
index c322f730a4..4bfadc6454 100644
--- a/core/src/main/java/org/springframework/security/authentication/jaas/JaasGrantedAuthority.java
+++ b/core/src/main/java/org/springframework/security/authentication/jaas/JaasGrantedAuthority.java
@@ -45,12 +45,12 @@ public final class JaasGrantedAuthority implements GrantedAuthority {
 	}
 
 	public Principal getPrincipal() {
-		return principal;
+		return this.principal;
 	}
 
 	@Override
 	public String getAuthority() {
-		return role;
+		return this.role;
 	}
 
 	@Override
@@ -76,7 +76,7 @@ public final class JaasGrantedAuthority implements GrantedAuthority {
 
 	@Override
 	public String toString() {
-		return "Jaas Authority [" + role + "," + principal + "]";
+		return "Jaas Authority [" + this.role + "," + this.principal + "]";
 	}
 
 }
diff --git a/core/src/main/java/org/springframework/security/authentication/jaas/SecurityContextLoginModule.java b/core/src/main/java/org/springframework/security/authentication/jaas/SecurityContextLoginModule.java
index 4599d0387a..4a629c4323 100644
--- a/core/src/main/java/org/springframework/security/authentication/jaas/SecurityContextLoginModule.java
+++ b/core/src/main/java/org/springframework/security/authentication/jaas/SecurityContextLoginModule.java
@@ -69,11 +69,11 @@ public class SecurityContextLoginModule implements LoginModule {
 	 * @exception LoginException if the abort fails
 	 */
 	public boolean abort() {
-		if (authen == null) {
+		if (this.authen == null) {
 			return false;
 		}
 
-		authen = null;
+		this.authen = null;
 
 		return true;
 	}
@@ -86,21 +86,21 @@ public class SecurityContextLoginModule implements LoginModule {
 	 * @exception LoginException if the commit fails
 	 */
 	public boolean commit() {
-		if (authen == null) {
+		if (this.authen == null) {
 			return false;
 		}
 
-		subject.getPrincipals().add(authen);
+		this.subject.getPrincipals().add(this.authen);
 
 		return true;
 	}
 
 	Authentication getAuthentication() {
-		return authen;
+		return this.authen;
 	}
 
 	Subject getSubject() {
-		return subject;
+		return this.subject;
 	}
 
 	/**
@@ -118,7 +118,7 @@ public class SecurityContextLoginModule implements LoginModule {
 		this.subject = subject;
 
 		if (options != null) {
-			ignoreMissingAuthentication = "true".equals(options.get("ignoreMissingAuthentication"));
+			this.ignoreMissingAuthentication = "true".equals(options.get("ignoreMissingAuthentication"));
 		}
 	}
 
@@ -130,12 +130,12 @@ public class SecurityContextLoginModule implements LoginModule {
 	 * @throws LoginException if the authentication fails
 	 */
 	public boolean login() throws LoginException {
-		authen = SecurityContextHolder.getContext().getAuthentication();
+		this.authen = SecurityContextHolder.getContext().getAuthentication();
 
-		if (authen == null) {
+		if (this.authen == null) {
 			String msg = "Login cannot complete, authentication not found in security context";
 
-			if (ignoreMissingAuthentication) {
+			if (this.ignoreMissingAuthentication) {
 				log.warn(msg);
 
 				return false;
@@ -155,12 +155,12 @@ public class SecurityContextLoginModule implements LoginModule {
 	 * @exception LoginException if the logout fails
 	 */
 	public boolean logout() {
-		if (authen == null) {
+		if (this.authen == null) {
 			return false;
 		}
 
-		subject.getPrincipals().remove(authen);
-		authen = null;
+		this.subject.getPrincipals().remove(this.authen);
+		this.authen = null;
 
 		return true;
 	}
diff --git a/core/src/main/java/org/springframework/security/authentication/jaas/event/JaasAuthenticationEvent.java b/core/src/main/java/org/springframework/security/authentication/jaas/event/JaasAuthenticationEvent.java
index 4ed01dcb87..c5aa50f97d 100644
--- a/core/src/main/java/org/springframework/security/authentication/jaas/event/JaasAuthenticationEvent.java
+++ b/core/src/main/java/org/springframework/security/authentication/jaas/event/JaasAuthenticationEvent.java
@@ -41,7 +41,7 @@ public abstract class JaasAuthenticationEvent extends ApplicationEvent {
 	 * @return the Authentication
 	 */
 	public Authentication getAuthentication() {
-		return (Authentication) source;
+		return (Authentication) this.source;
 	}
 
 }
diff --git a/core/src/main/java/org/springframework/security/authentication/jaas/event/JaasAuthenticationFailedEvent.java b/core/src/main/java/org/springframework/security/authentication/jaas/event/JaasAuthenticationFailedEvent.java
index 73851f4652..4b70d77950 100644
--- a/core/src/main/java/org/springframework/security/authentication/jaas/event/JaasAuthenticationFailedEvent.java
+++ b/core/src/main/java/org/springframework/security/authentication/jaas/event/JaasAuthenticationFailedEvent.java
@@ -34,7 +34,7 @@ public class JaasAuthenticationFailedEvent extends JaasAuthenticationEvent {
 	}
 
 	public Exception getException() {
-		return exception;
+		return this.exception;
 	}
 
 }
diff --git a/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationManagerImpl.java b/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationManagerImpl.java
index 49f2361035..d4a0bbe1a7 100644
--- a/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationManagerImpl.java
+++ b/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationManagerImpl.java
@@ -46,7 +46,7 @@ public class RemoteAuthenticationManagerImpl implements RemoteAuthenticationMana
 		UsernamePasswordAuthenticationToken request = new UsernamePasswordAuthenticationToken(username, password);
 
 		try {
-			return authenticationManager.authenticate(request).getAuthorities();
+			return this.authenticationManager.authenticate(request).getAuthorities();
 		}
 		catch (AuthenticationException authEx) {
 			throw new RemoteAuthenticationException(authEx.getMessage());
@@ -54,7 +54,7 @@ public class RemoteAuthenticationManagerImpl implements RemoteAuthenticationMana
 	}
 
 	protected AuthenticationManager getAuthenticationManager() {
-		return authenticationManager;
+		return this.authenticationManager;
 	}
 
 	public void setAuthenticationManager(AuthenticationManager authenticationManager) {
diff --git a/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationProvider.java b/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationProvider.java
index c08b632004..f63e34517e 100644
--- a/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationProvider.java
+++ b/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationProvider.java
@@ -62,14 +62,14 @@ public class RemoteAuthenticationProvider implements AuthenticationProvider, Ini
 		String username = authentication.getPrincipal().toString();
 		Object credentials = authentication.getCredentials();
 		String password = credentials == null ? null : credentials.toString();
-		Collection<? extends GrantedAuthority> authorities = remoteAuthenticationManager.attemptAuthentication(username,
-				password);
+		Collection<? extends GrantedAuthority> authorities = this.remoteAuthenticationManager
+				.attemptAuthentication(username, password);
 
 		return new UsernamePasswordAuthenticationToken(username, password, authorities);
 	}
 
 	public RemoteAuthenticationManager getRemoteAuthenticationManager() {
-		return remoteAuthenticationManager;
+		return this.remoteAuthenticationManager;
 	}
 
 	public void setRemoteAuthenticationManager(RemoteAuthenticationManager remoteAuthenticationManager) {
diff --git a/core/src/main/java/org/springframework/security/authorization/AuthorizationDecision.java b/core/src/main/java/org/springframework/security/authorization/AuthorizationDecision.java
index 2ad6b7cf33..026d5afdbc 100644
--- a/core/src/main/java/org/springframework/security/authorization/AuthorizationDecision.java
+++ b/core/src/main/java/org/springframework/security/authorization/AuthorizationDecision.java
@@ -29,7 +29,7 @@ public class AuthorizationDecision {
 	}
 
 	public boolean isGranted() {
-		return granted;
+		return this.granted;
 	}
 
 }
diff --git a/core/src/main/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextSupport.java b/core/src/main/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextSupport.java
index ea3d40857c..995d5a3789 100644
--- a/core/src/main/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextSupport.java
+++ b/core/src/main/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextSupport.java
@@ -44,11 +44,11 @@ abstract class AbstractDelegatingSecurityContextSupport {
 	}
 
 	protected final Runnable wrap(Runnable delegate) {
-		return DelegatingSecurityContextRunnable.create(delegate, securityContext);
+		return DelegatingSecurityContextRunnable.create(delegate, this.securityContext);
 	}
 
 	protected final <T> Callable<T> wrap(Callable<T> delegate) {
-		return DelegatingSecurityContextCallable.create(delegate, securityContext);
+		return DelegatingSecurityContextCallable.create(delegate, this.securityContext);
 	}
 
 }
diff --git a/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextCallable.java b/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextCallable.java
index 9b4934feb6..f545c99a51 100644
--- a/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextCallable.java
+++ b/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextCallable.java
@@ -80,16 +80,16 @@ public final class DelegatingSecurityContextCallable<V> implements Callable<V> {
 		this.originalSecurityContext = SecurityContextHolder.getContext();
 
 		try {
-			SecurityContextHolder.setContext(delegateSecurityContext);
-			return delegate.call();
+			SecurityContextHolder.setContext(this.delegateSecurityContext);
+			return this.delegate.call();
 		}
 		finally {
 			SecurityContext emptyContext = SecurityContextHolder.createEmptyContext();
-			if (emptyContext.equals(originalSecurityContext)) {
+			if (emptyContext.equals(this.originalSecurityContext)) {
 				SecurityContextHolder.clearContext();
 			}
 			else {
-				SecurityContextHolder.setContext(originalSecurityContext);
+				SecurityContextHolder.setContext(this.originalSecurityContext);
 			}
 			this.originalSecurityContext = null;
 		}
@@ -97,7 +97,7 @@ public final class DelegatingSecurityContextCallable<V> implements Callable<V> {
 
 	@Override
 	public String toString() {
-		return delegate.toString();
+		return this.delegate.toString();
 	}
 
 	/**
diff --git a/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextExecutor.java b/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextExecutor.java
index 9e55733767..967edc6281 100644
--- a/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextExecutor.java
+++ b/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextExecutor.java
@@ -58,11 +58,11 @@ public class DelegatingSecurityContextExecutor extends AbstractDelegatingSecurit
 
 	public final void execute(Runnable task) {
 		task = wrap(task);
-		delegate.execute(task);
+		this.delegate.execute(task);
 	}
 
 	protected final Executor getDelegateExecutor() {
-		return delegate;
+		return this.delegate;
 	}
 
 }
\ No newline at end of file
diff --git a/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextRunnable.java b/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextRunnable.java
index e4cbd752f6..6dcf5874c5 100644
--- a/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextRunnable.java
+++ b/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextRunnable.java
@@ -78,16 +78,16 @@ public final class DelegatingSecurityContextRunnable implements Runnable {
 		this.originalSecurityContext = SecurityContextHolder.getContext();
 
 		try {
-			SecurityContextHolder.setContext(delegateSecurityContext);
-			delegate.run();
+			SecurityContextHolder.setContext(this.delegateSecurityContext);
+			this.delegate.run();
 		}
 		finally {
 			SecurityContext emptyContext = SecurityContextHolder.createEmptyContext();
-			if (emptyContext.equals(originalSecurityContext)) {
+			if (emptyContext.equals(this.originalSecurityContext)) {
 				SecurityContextHolder.clearContext();
 			}
 			else {
-				SecurityContextHolder.setContext(originalSecurityContext);
+				SecurityContextHolder.setContext(this.originalSecurityContext);
 			}
 			this.originalSecurityContext = null;
 		}
@@ -95,7 +95,7 @@ public final class DelegatingSecurityContextRunnable implements Runnable {
 
 	@Override
 	public String toString() {
-		return delegate.toString();
+		return this.delegate.toString();
 	}
 
 	/**
diff --git a/core/src/main/java/org/springframework/security/context/DelegatingApplicationListener.java b/core/src/main/java/org/springframework/security/context/DelegatingApplicationListener.java
index ddf216a9bb..89dd8982bd 100644
--- a/core/src/main/java/org/springframework/security/context/DelegatingApplicationListener.java
+++ b/core/src/main/java/org/springframework/security/context/DelegatingApplicationListener.java
@@ -38,7 +38,7 @@ public final class DelegatingApplicationListener implements ApplicationListener<
 		if (event == null) {
 			return;
 		}
-		for (SmartApplicationListener listener : listeners) {
+		for (SmartApplicationListener listener : this.listeners) {
 			Object source = event.getSource();
 			if (source != null && listener.supportsEventType(event.getClass())
 					&& listener.supportsSourceType(source.getClass())) {
@@ -54,7 +54,7 @@ public final class DelegatingApplicationListener implements ApplicationListener<
 	 */
 	public void addListener(SmartApplicationListener smartApplicationListener) {
 		Assert.notNull(smartApplicationListener, "smartApplicationListener cannot be null");
-		listeners.add(smartApplicationListener);
+		this.listeners.add(smartApplicationListener);
 	}
 
 }
diff --git a/core/src/main/java/org/springframework/security/core/authority/SimpleGrantedAuthority.java b/core/src/main/java/org/springframework/security/core/authority/SimpleGrantedAuthority.java
index e2081c0af4..e57784c75c 100644
--- a/core/src/main/java/org/springframework/security/core/authority/SimpleGrantedAuthority.java
+++ b/core/src/main/java/org/springframework/security/core/authority/SimpleGrantedAuthority.java
@@ -41,7 +41,7 @@ public final class SimpleGrantedAuthority implements GrantedAuthority {
 
 	@Override
 	public String getAuthority() {
-		return role;
+		return this.role;
 	}
 
 	@Override
@@ -51,7 +51,7 @@ public final class SimpleGrantedAuthority implements GrantedAuthority {
 		}
 
 		if (obj instanceof SimpleGrantedAuthority) {
-			return role.equals(((SimpleGrantedAuthority) obj).role);
+			return this.role.equals(((SimpleGrantedAuthority) obj).role);
 		}
 
 		return false;
diff --git a/core/src/main/java/org/springframework/security/core/authority/mapping/MapBasedAttributes2GrantedAuthoritiesMapper.java b/core/src/main/java/org/springframework/security/core/authority/mapping/MapBasedAttributes2GrantedAuthoritiesMapper.java
index 22641c5618..1d02d0ad9c 100755
--- a/core/src/main/java/org/springframework/security/core/authority/mapping/MapBasedAttributes2GrantedAuthoritiesMapper.java
+++ b/core/src/main/java/org/springframework/security/core/authority/mapping/MapBasedAttributes2GrantedAuthoritiesMapper.java
@@ -48,7 +48,7 @@ public class MapBasedAttributes2GrantedAuthoritiesMapper
 	private Set<String> mappableAttributes = null;
 
 	public void afterPropertiesSet() {
-		Assert.notNull(attributes2grantedAuthoritiesMap, "attributes2grantedAuthoritiesMap must be set");
+		Assert.notNull(this.attributes2grantedAuthoritiesMap, "attributes2grantedAuthoritiesMap must be set");
 	}
 
 	/**
@@ -57,7 +57,7 @@ public class MapBasedAttributes2GrantedAuthoritiesMapper
 	public List<GrantedAuthority> getGrantedAuthorities(Collection<String> attributes) {
 		ArrayList<GrantedAuthority> gaList = new ArrayList<>();
 		for (String attribute : attributes) {
-			Collection<GrantedAuthority> c = attributes2grantedAuthoritiesMap.get(attribute);
+			Collection<GrantedAuthority> c = this.attributes2grantedAuthoritiesMap.get(attribute);
 			if (c != null) {
 				gaList.addAll(c);
 			}
@@ -71,7 +71,7 @@ public class MapBasedAttributes2GrantedAuthoritiesMapper
 	 * @return Returns the attributes2grantedAuthoritiesMap.
 	 */
 	public Map<String, Collection<GrantedAuthority>> getAttributes2grantedAuthoritiesMap() {
-		return attributes2grantedAuthoritiesMap;
+		return this.attributes2grantedAuthoritiesMap;
 	}
 
 	/**
@@ -83,7 +83,7 @@ public class MapBasedAttributes2GrantedAuthoritiesMapper
 				"A non-empty attributes2grantedAuthoritiesMap must be supplied");
 		this.attributes2grantedAuthoritiesMap = preProcessMap(attributes2grantedAuthoritiesMap);
 
-		mappableAttributes = Collections.unmodifiableSet(this.attributes2grantedAuthoritiesMap.keySet());
+		this.mappableAttributes = Collections.unmodifiableSet(this.attributes2grantedAuthoritiesMap.keySet());
 	}
 
 	/**
@@ -153,7 +153,7 @@ public class MapBasedAttributes2GrantedAuthoritiesMapper
 	}
 
 	private void addGrantedAuthorityCollection(Collection<GrantedAuthority> result, String value) {
-		StringTokenizer st = new StringTokenizer(value, stringSeparator, false);
+		StringTokenizer st = new StringTokenizer(value, this.stringSeparator, false);
 		while (st.hasMoreTokens()) {
 			String nextToken = st.nextToken();
 			if (StringUtils.hasText(nextToken)) {
@@ -167,14 +167,14 @@ public class MapBasedAttributes2GrantedAuthoritiesMapper
 	 * @see org.springframework.security.core.authority.mapping.MappableAttributesRetriever#getMappableAttributes()
 	 */
 	public Set<String> getMappableAttributes() {
-		return mappableAttributes;
+		return this.mappableAttributes;
 	}
 
 	/**
 	 * @return Returns the stringSeparator.
 	 */
 	public String getStringSeparator() {
-		return stringSeparator;
+		return this.stringSeparator;
 	}
 
 	/**
diff --git a/core/src/main/java/org/springframework/security/core/authority/mapping/SimpleAttributes2GrantedAuthoritiesMapper.java b/core/src/main/java/org/springframework/security/core/authority/mapping/SimpleAttributes2GrantedAuthoritiesMapper.java
index 76f94a433d..41f9fe7fd7 100755
--- a/core/src/main/java/org/springframework/security/core/authority/mapping/SimpleAttributes2GrantedAuthoritiesMapper.java
+++ b/core/src/main/java/org/springframework/security/core/authority/mapping/SimpleAttributes2GrantedAuthoritiesMapper.java
@@ -90,35 +90,35 @@ public class SimpleAttributes2GrantedAuthoritiesMapper
 	}
 
 	private boolean isConvertAttributeToLowerCase() {
-		return convertAttributeToLowerCase;
+		return this.convertAttributeToLowerCase;
 	}
 
 	public void setConvertAttributeToLowerCase(boolean b) {
-		convertAttributeToLowerCase = b;
+		this.convertAttributeToLowerCase = b;
 	}
 
 	private boolean isConvertAttributeToUpperCase() {
-		return convertAttributeToUpperCase;
+		return this.convertAttributeToUpperCase;
 	}
 
 	public void setConvertAttributeToUpperCase(boolean b) {
-		convertAttributeToUpperCase = b;
+		this.convertAttributeToUpperCase = b;
 	}
 
 	private String getAttributePrefix() {
-		return attributePrefix == null ? "" : attributePrefix;
+		return this.attributePrefix == null ? "" : this.attributePrefix;
 	}
 
 	public void setAttributePrefix(String string) {
-		attributePrefix = string;
+		this.attributePrefix = string;
 	}
 
 	private boolean isAddPrefixIfAlreadyExisting() {
-		return addPrefixIfAlreadyExisting;
+		return this.addPrefixIfAlreadyExisting;
 	}
 
 	public void setAddPrefixIfAlreadyExisting(boolean b) {
-		addPrefixIfAlreadyExisting = b;
+		this.addPrefixIfAlreadyExisting = b;
 	}
 
 }
diff --git a/core/src/main/java/org/springframework/security/core/authority/mapping/SimpleAuthorityMapper.java b/core/src/main/java/org/springframework/security/core/authority/mapping/SimpleAuthorityMapper.java
index 5daa983b21..0a061772c3 100644
--- a/core/src/main/java/org/springframework/security/core/authority/mapping/SimpleAuthorityMapper.java
+++ b/core/src/main/java/org/springframework/security/core/authority/mapping/SimpleAuthorityMapper.java
@@ -43,7 +43,7 @@ public final class SimpleAuthorityMapper implements GrantedAuthoritiesMapper, In
 	private boolean convertToLowerCase = false;
 
 	public void afterPropertiesSet() {
-		Assert.isTrue(!(convertToUpperCase && convertToLowerCase),
+		Assert.isTrue(!(this.convertToUpperCase && this.convertToLowerCase),
 				"Either convertToUpperCase or convertToLowerCase can be set to true, but not both");
 	}
 
@@ -61,23 +61,23 @@ public final class SimpleAuthorityMapper implements GrantedAuthoritiesMapper, In
 			mapped.add(mapAuthority(authority.getAuthority()));
 		}
 
-		if (defaultAuthority != null) {
-			mapped.add(defaultAuthority);
+		if (this.defaultAuthority != null) {
+			mapped.add(this.defaultAuthority);
 		}
 
 		return mapped;
 	}
 
 	private GrantedAuthority mapAuthority(String name) {
-		if (convertToUpperCase) {
+		if (this.convertToUpperCase) {
 			name = name.toUpperCase();
 		}
-		else if (convertToLowerCase) {
+		else if (this.convertToLowerCase) {
 			name = name.toLowerCase();
 		}
 
-		if (prefix.length() > 0 && !name.startsWith(prefix)) {
-			name = prefix + name;
+		if (this.prefix.length() > 0 && !name.startsWith(this.prefix)) {
+			name = this.prefix + name;
 		}
 
 		return new SimpleGrantedAuthority(name);
diff --git a/core/src/main/java/org/springframework/security/core/context/SecurityContextImpl.java b/core/src/main/java/org/springframework/security/core/context/SecurityContextImpl.java
index 4cef1edce8..e38de5e3e2 100644
--- a/core/src/main/java/org/springframework/security/core/context/SecurityContextImpl.java
+++ b/core/src/main/java/org/springframework/security/core/context/SecurityContextImpl.java
@@ -59,7 +59,7 @@ public class SecurityContextImpl implements SecurityContext {
 
 	@Override
 	public Authentication getAuthentication() {
-		return authentication;
+		return this.authentication;
 	}
 
 	@Override
diff --git a/core/src/main/java/org/springframework/security/core/session/SessionInformation.java b/core/src/main/java/org/springframework/security/core/session/SessionInformation.java
index 3f774d8c66..54b05bbbb0 100644
--- a/core/src/main/java/org/springframework/security/core/session/SessionInformation.java
+++ b/core/src/main/java/org/springframework/security/core/session/SessionInformation.java
@@ -63,19 +63,19 @@ public class SessionInformation implements Serializable {
 	}
 
 	public Date getLastRequest() {
-		return lastRequest;
+		return this.lastRequest;
 	}
 
 	public Object getPrincipal() {
-		return principal;
+		return this.principal;
 	}
 
 	public String getSessionId() {
-		return sessionId;
+		return this.sessionId;
 	}
 
 	public boolean isExpired() {
-		return expired;
+		return this.expired;
 	}
 
 	/**
diff --git a/core/src/main/java/org/springframework/security/core/token/DefaultToken.java b/core/src/main/java/org/springframework/security/core/token/DefaultToken.java
index 77fc1a3622..9fbf405bd2 100644
--- a/core/src/main/java/org/springframework/security/core/token/DefaultToken.java
+++ b/core/src/main/java/org/springframework/security/core/token/DefaultToken.java
@@ -43,17 +43,17 @@ public class DefaultToken implements Token {
 
 	@Override
 	public String getKey() {
-		return key;
+		return this.key;
 	}
 
 	@Override
 	public long getKeyCreationTime() {
-		return keyCreationTime;
+		return this.keyCreationTime;
 	}
 
 	@Override
 	public String getExtendedInformation() {
-		return extendedInformation;
+		return this.extendedInformation;
 	}
 
 	@Override
@@ -69,16 +69,16 @@ public class DefaultToken implements Token {
 	@Override
 	public int hashCode() {
 		int code = 979;
-		code = code * key.hashCode();
-		code = code * new Long(keyCreationTime).hashCode();
-		code = code * extendedInformation.hashCode();
+		code = code * this.key.hashCode();
+		code = code * new Long(this.keyCreationTime).hashCode();
+		code = code * this.extendedInformation.hashCode();
 		return code;
 	}
 
 	@Override
 	public String toString() {
-		return "DefaultToken[key=" + key + "; creation=" + new Date(keyCreationTime) + "; extended="
-				+ extendedInformation + "]";
+		return "DefaultToken[key=" + this.key + "; creation=" + new Date(this.keyCreationTime) + "; extended="
+				+ this.extendedInformation + "]";
 	}
 
 }
diff --git a/core/src/main/java/org/springframework/security/core/token/KeyBasedPersistenceTokenService.java b/core/src/main/java/org/springframework/security/core/token/KeyBasedPersistenceTokenService.java
index d4114cb19f..f4a0effa70 100644
--- a/core/src/main/java/org/springframework/security/core/token/KeyBasedPersistenceTokenService.java
+++ b/core/src/main/java/org/springframework/security/core/token/KeyBasedPersistenceTokenService.java
@@ -138,13 +138,13 @@ public class KeyBasedPersistenceTokenService implements TokenService, Initializi
 	 * @return a pseduo random number (hex encoded)
 	 */
 	private String generatePseudoRandomNumber() {
-		byte[] randomBytes = new byte[pseudoRandomNumberBytes];
-		secureRandom.nextBytes(randomBytes);
+		byte[] randomBytes = new byte[this.pseudoRandomNumberBytes];
+		this.secureRandom.nextBytes(randomBytes);
 		return new String(Hex.encode(randomBytes));
 	}
 
 	private String computeServerSecretApplicableAt(long time) {
-		return serverSecret + ":" + new Long(time % serverInteger).intValue();
+		return this.serverSecret + ":" + new Long(time % this.serverInteger).intValue();
 	}
 
 	/**
@@ -173,9 +173,9 @@ public class KeyBasedPersistenceTokenService implements TokenService, Initializi
 	}
 
 	public void afterPropertiesSet() {
-		Assert.hasText(serverSecret, "Server secret required");
-		Assert.notNull(serverInteger, "Server integer required");
-		Assert.notNull(secureRandom, "SecureRandom instance required");
+		Assert.hasText(this.serverSecret, "Server secret required");
+		Assert.notNull(this.serverInteger, "Server integer required");
+		Assert.notNull(this.secureRandom, "SecureRandom instance required");
 	}
 
 }
diff --git a/core/src/main/java/org/springframework/security/core/token/SecureRandomFactoryBean.java b/core/src/main/java/org/springframework/security/core/token/SecureRandomFactoryBean.java
index fed76cf109..bf2cbaee39 100644
--- a/core/src/main/java/org/springframework/security/core/token/SecureRandomFactoryBean.java
+++ b/core/src/main/java/org/springframework/security/core/token/SecureRandomFactoryBean.java
@@ -36,15 +36,15 @@ public class SecureRandomFactoryBean implements FactoryBean<SecureRandom> {
 	private Resource seed;
 
 	public SecureRandom getObject() throws Exception {
-		SecureRandom rnd = SecureRandom.getInstance(algorithm);
+		SecureRandom rnd = SecureRandom.getInstance(this.algorithm);
 
 		// Request the next bytes, thus eagerly incurring the expense of default
 		// seeding and to prevent the see from replacing the entire state
 		rnd.nextBytes(new byte[1]);
 
-		if (seed != null) {
+		if (this.seed != null) {
 			// Seed specified, so use it
-			byte[] seedBytes = FileCopyUtils.copyToByteArray(seed.getInputStream());
+			byte[] seedBytes = FileCopyUtils.copyToByteArray(this.seed.getInputStream());
 			rnd.setSeed(seedBytes);
 		}
 
diff --git a/core/src/main/java/org/springframework/security/core/userdetails/MapReactiveUserDetailsService.java b/core/src/main/java/org/springframework/security/core/userdetails/MapReactiveUserDetailsService.java
index 7574b1d128..bab768315a 100644
--- a/core/src/main/java/org/springframework/security/core/userdetails/MapReactiveUserDetailsService.java
+++ b/core/src/main/java/org/springframework/security/core/userdetails/MapReactiveUserDetailsService.java
@@ -66,7 +66,7 @@ public class MapReactiveUserDetailsService implements ReactiveUserDetailsService
 	@Override
 	public Mono<UserDetails> findByUsername(String username) {
 		String key = getKey(username);
-		UserDetails result = users.get(key);
+		UserDetails result = this.users.get(key);
 		return result == null ? Mono.empty() : Mono.just(User.withUserDetails(result).build());
 	}
 
diff --git a/core/src/main/java/org/springframework/security/core/userdetails/User.java b/core/src/main/java/org/springframework/security/core/userdetails/User.java
index 31d0892520..408cff8a7a 100644
--- a/core/src/main/java/org/springframework/security/core/userdetails/User.java
+++ b/core/src/main/java/org/springframework/security/core/userdetails/User.java
@@ -122,35 +122,35 @@ public class User implements UserDetails, CredentialsContainer {
 	}
 
 	public Collection<GrantedAuthority> getAuthorities() {
-		return authorities;
+		return this.authorities;
 	}
 
 	public String getPassword() {
-		return password;
+		return this.password;
 	}
 
 	public String getUsername() {
-		return username;
+		return this.username;
 	}
 
 	public boolean isEnabled() {
-		return enabled;
+		return this.enabled;
 	}
 
 	public boolean isAccountNonExpired() {
-		return accountNonExpired;
+		return this.accountNonExpired;
 	}
 
 	public boolean isAccountNonLocked() {
-		return accountNonLocked;
+		return this.accountNonLocked;
 	}
 
 	public boolean isCredentialsNonExpired() {
-		return credentialsNonExpired;
+		return this.credentialsNonExpired;
 	}
 
 	public void eraseCredentials() {
-		password = null;
+		this.password = null;
 	}
 
 	private static SortedSet<GrantedAuthority> sortAuthorities(Collection<? extends GrantedAuthority> authorities) {
@@ -199,7 +199,7 @@ public class User implements UserDetails, CredentialsContainer {
 	@Override
 	public boolean equals(Object rhs) {
 		if (rhs instanceof User) {
-			return username.equals(((User) rhs).username);
+			return this.username.equals(((User) rhs).username);
 		}
 		return false;
 	}
@@ -209,7 +209,7 @@ public class User implements UserDetails, CredentialsContainer {
 	 */
 	@Override
 	public int hashCode() {
-		return username.hashCode();
+		return this.username.hashCode();
 	}
 
 	@Override
@@ -223,11 +223,11 @@ public class User implements UserDetails, CredentialsContainer {
 		sb.append("credentialsNonExpired: ").append(this.credentialsNonExpired).append("; ");
 		sb.append("AccountNonLocked: ").append(this.accountNonLocked).append("; ");
 
-		if (!authorities.isEmpty()) {
+		if (!this.authorities.isEmpty()) {
 			sb.append("Granted Authorities: ");
 
 			boolean first = true;
-			for (GrantedAuthority auth : authorities) {
+			for (GrantedAuthority auth : this.authorities) {
 				if (!first) {
 					sb.append(",");
 				}
@@ -511,9 +511,9 @@ public class User implements UserDetails, CredentialsContainer {
 		}
 
 		public UserDetails build() {
-			String encodedPassword = this.passwordEncoder.apply(password);
-			return new User(username, encodedPassword, !disabled, !accountExpired, !credentialsExpired, !accountLocked,
-					authorities);
+			String encodedPassword = this.passwordEncoder.apply(this.password);
+			return new User(this.username, encodedPassword, !this.disabled, !this.accountExpired,
+					!this.credentialsExpired, !this.accountLocked, this.authorities);
 		}
 
 	}
diff --git a/core/src/main/java/org/springframework/security/core/userdetails/cache/EhCacheBasedUserCache.java b/core/src/main/java/org/springframework/security/core/userdetails/cache/EhCacheBasedUserCache.java
index cc968cbe4e..e133cda228 100644
--- a/core/src/main/java/org/springframework/security/core/userdetails/cache/EhCacheBasedUserCache.java
+++ b/core/src/main/java/org/springframework/security/core/userdetails/cache/EhCacheBasedUserCache.java
@@ -39,15 +39,15 @@ public class EhCacheBasedUserCache implements UserCache, InitializingBean {
 	private Ehcache cache;
 
 	public void afterPropertiesSet() {
-		Assert.notNull(cache, "cache mandatory");
+		Assert.notNull(this.cache, "cache mandatory");
 	}
 
 	public Ehcache getCache() {
-		return cache;
+		return this.cache;
 	}
 
 	public UserDetails getUserFromCache(String username) {
-		Element element = cache.get(username);
+		Element element = this.cache.get(username);
 
 		if (logger.isDebugEnabled()) {
 			logger.debug("Cache hit: " + (element != null) + "; username: " + username);
@@ -68,7 +68,7 @@ public class EhCacheBasedUserCache implements UserCache, InitializingBean {
 			logger.debug("Cache put: " + element.getKey());
 		}
 
-		cache.put(element);
+		this.cache.put(element);
 	}
 
 	public void removeUserFromCache(UserDetails user) {
@@ -80,7 +80,7 @@ public class EhCacheBasedUserCache implements UserCache, InitializingBean {
 	}
 
 	public void removeUserFromCache(String username) {
-		cache.remove(username);
+		this.cache.remove(username);
 	}
 
 	public void setCache(Ehcache cache) {
diff --git a/core/src/main/java/org/springframework/security/core/userdetails/cache/SpringCacheBasedUserCache.java b/core/src/main/java/org/springframework/security/core/userdetails/cache/SpringCacheBasedUserCache.java
index f728f4bd7f..9cde0fb887 100644
--- a/core/src/main/java/org/springframework/security/core/userdetails/cache/SpringCacheBasedUserCache.java
+++ b/core/src/main/java/org/springframework/security/core/userdetails/cache/SpringCacheBasedUserCache.java
@@ -41,7 +41,7 @@ public class SpringCacheBasedUserCache implements UserCache {
 	}
 
 	public UserDetails getUserFromCache(String username) {
-		Cache.ValueWrapper element = username != null ? cache.get(username) : null;
+		Cache.ValueWrapper element = username != null ? this.cache.get(username) : null;
 
 		if (logger.isDebugEnabled()) {
 			logger.debug("Cache hit: " + (element != null) + "; username: " + username);
@@ -59,7 +59,7 @@ public class SpringCacheBasedUserCache implements UserCache {
 		if (logger.isDebugEnabled()) {
 			logger.debug("Cache put: " + user.getUsername());
 		}
-		cache.put(user.getUsername(), user);
+		this.cache.put(user.getUsername(), user);
 	}
 
 	public void removeUserFromCache(UserDetails user) {
@@ -71,7 +71,7 @@ public class SpringCacheBasedUserCache implements UserCache {
 	}
 
 	public void removeUserFromCache(String username) {
-		cache.evict(username);
+		this.cache.evict(username);
 	}
 
 }
diff --git a/core/src/main/java/org/springframework/security/core/userdetails/memory/UserAttribute.java b/core/src/main/java/org/springframework/security/core/userdetails/memory/UserAttribute.java
index 64f8ab9179..309b16e72d 100644
--- a/core/src/main/java/org/springframework/security/core/userdetails/memory/UserAttribute.java
+++ b/core/src/main/java/org/springframework/security/core/userdetails/memory/UserAttribute.java
@@ -68,15 +68,15 @@ public class UserAttribute {
 	}
 
 	public String getPassword() {
-		return password;
+		return this.password;
 	}
 
 	public boolean isEnabled() {
-		return enabled;
+		return this.enabled;
 	}
 
 	public boolean isValid() {
-		if ((this.password != null) && (authorities.size() > 0)) {
+		if ((this.password != null) && (this.authorities.size() > 0)) {
 			return true;
 		}
 		else {
diff --git a/core/src/main/java/org/springframework/security/jackson2/SecurityJackson2Modules.java b/core/src/main/java/org/springframework/security/jackson2/SecurityJackson2Modules.java
index efa24feee1..a4b4c9cf3c 100644
--- a/core/src/main/java/org/springframework/security/jackson2/SecurityJackson2Modules.java
+++ b/core/src/main/java/org/springframework/security/jackson2/SecurityJackson2Modules.java
@@ -208,28 +208,28 @@ public final class SecurityJackson2Modules {
 
 		@Override
 		public void init(JavaType baseType) {
-			delegate.init(baseType);
+			this.delegate.init(baseType);
 		}
 
 		@Override
 		public String idFromValue(Object value) {
-			return delegate.idFromValue(value);
+			return this.delegate.idFromValue(value);
 		}
 
 		@Override
 		public String idFromValueAndType(Object value, Class<?> suggestedType) {
-			return delegate.idFromValueAndType(value, suggestedType);
+			return this.delegate.idFromValueAndType(value, suggestedType);
 		}
 
 		@Override
 		public String idFromBaseType() {
-			return delegate.idFromBaseType();
+			return this.delegate.idFromBaseType();
 		}
 
 		@Override
 		public JavaType typeFromId(DatabindContext context, String id) throws IOException {
 			DeserializationConfig config = (DeserializationConfig) context.getConfig();
-			JavaType result = delegate.typeFromId(context, id);
+			JavaType result = this.delegate.typeFromId(context, id);
 			String className = result.getRawClass().getName();
 			if (isInAllowlist(className)) {
 				return result;
@@ -256,12 +256,12 @@ public final class SecurityJackson2Modules {
 
 		@Override
 		public String getDescForKnownTypeIds() {
-			return delegate.getDescForKnownTypeIds();
+			return this.delegate.getDescForKnownTypeIds();
 		}
 
 		@Override
 		public JsonTypeInfo.Id getMechanism() {
-			return delegate.getMechanism();
+			return this.delegate.getMechanism();
 		}
 
 	}
diff --git a/core/src/main/java/org/springframework/security/provisioning/InMemoryUserDetailsManager.java b/core/src/main/java/org/springframework/security/provisioning/InMemoryUserDetailsManager.java
index c5370692ec..256155d9c5 100644
--- a/core/src/main/java/org/springframework/security/provisioning/InMemoryUserDetailsManager.java
+++ b/core/src/main/java/org/springframework/security/provisioning/InMemoryUserDetailsManager.java
@@ -87,21 +87,21 @@ public class InMemoryUserDetailsManager implements UserDetailsManager, UserDetai
 	public void createUser(UserDetails user) {
 		Assert.isTrue(!userExists(user.getUsername()), "user should not exist");
 
-		users.put(user.getUsername().toLowerCase(), new MutableUser(user));
+		this.users.put(user.getUsername().toLowerCase(), new MutableUser(user));
 	}
 
 	public void deleteUser(String username) {
-		users.remove(username.toLowerCase());
+		this.users.remove(username.toLowerCase());
 	}
 
 	public void updateUser(UserDetails user) {
 		Assert.isTrue(userExists(user.getUsername()), "user should exist");
 
-		users.put(user.getUsername().toLowerCase(), new MutableUser(user));
+		this.users.put(user.getUsername().toLowerCase(), new MutableUser(user));
 	}
 
 	public boolean userExists(String username) {
-		return users.containsKey(username.toLowerCase());
+		return this.users.containsKey(username.toLowerCase());
 	}
 
 	public void changePassword(String oldPassword, String newPassword) {
@@ -115,20 +115,20 @@ public class InMemoryUserDetailsManager implements UserDetailsManager, UserDetai
 
 		String username = currentUser.getName();
 
-		logger.debug("Changing password for user '" + username + "'");
+		this.logger.debug("Changing password for user '" + username + "'");
 
 		// If an authentication manager has been set, re-authenticate the user with the
 		// supplied password.
-		if (authenticationManager != null) {
-			logger.debug("Reauthenticating user '" + username + "' for password change request.");
+		if (this.authenticationManager != null) {
+			this.logger.debug("Reauthenticating user '" + username + "' for password change request.");
 
-			authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(username, oldPassword));
+			this.authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(username, oldPassword));
 		}
 		else {
-			logger.debug("No authentication manager set. Password won't be re-checked.");
+			this.logger.debug("No authentication manager set. Password won't be re-checked.");
 		}
 
-		MutableUserDetails user = users.get(username);
+		MutableUserDetails user = this.users.get(username);
 
 		if (user == null) {
 			throw new IllegalStateException("Current user doesn't exist in database.");
@@ -146,7 +146,7 @@ public class InMemoryUserDetailsManager implements UserDetailsManager, UserDetai
 	}
 
 	public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
-		UserDetails user = users.get(username.toLowerCase());
+		UserDetails user = this.users.get(username.toLowerCase());
 
 		if (user == null) {
 			throw new UsernameNotFoundException(username);
diff --git a/core/src/main/java/org/springframework/security/provisioning/JdbcUserDetailsManager.java b/core/src/main/java/org/springframework/security/provisioning/JdbcUserDetailsManager.java
index 4264068d9d..a0ff27fe75 100644
--- a/core/src/main/java/org/springframework/security/provisioning/JdbcUserDetailsManager.java
+++ b/core/src/main/java/org/springframework/security/provisioning/JdbcUserDetailsManager.java
@@ -157,8 +157,8 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
 	}
 
 	protected void initDao() throws ApplicationContextException {
-		if (authenticationManager == null) {
-			logger.info("No authentication manager set. Reauthentication of users when changing passwords will "
+		if (this.authenticationManager == null) {
+			this.logger.info("No authentication manager set. Reauthentication of users when changing passwords will "
 					+ "not be performed.");
 		}
 
@@ -194,7 +194,7 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
 	public void createUser(final UserDetails user) {
 		validateUserDetails(user);
 
-		getJdbcTemplate().update(createUserSql, ps -> {
+		getJdbcTemplate().update(this.createUserSql, ps -> {
 			ps.setString(1, user.getUsername());
 			ps.setString(2, user.getPassword());
 			ps.setBoolean(3, user.isEnabled());
@@ -216,7 +216,7 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
 	public void updateUser(final UserDetails user) {
 		validateUserDetails(user);
 
-		getJdbcTemplate().update(updateUserSql, ps -> {
+		getJdbcTemplate().update(this.updateUserSql, ps -> {
 			ps.setString(1, user.getPassword());
 			ps.setBoolean(2, user.isEnabled());
 
@@ -240,12 +240,12 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
 			insertUserAuthorities(user);
 		}
 
-		userCache.removeUserFromCache(user.getUsername());
+		this.userCache.removeUserFromCache(user.getUsername());
 	}
 
 	private void insertUserAuthorities(UserDetails user) {
 		for (GrantedAuthority auth : user.getAuthorities()) {
-			getJdbcTemplate().update(createAuthoritySql, user.getUsername(), auth.getAuthority());
+			getJdbcTemplate().update(this.createAuthoritySql, user.getUsername(), auth.getAuthority());
 		}
 	}
 
@@ -253,12 +253,12 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
 		if (getEnableAuthorities()) {
 			deleteUserAuthorities(username);
 		}
-		getJdbcTemplate().update(deleteUserSql, username);
-		userCache.removeUserFromCache(username);
+		getJdbcTemplate().update(this.deleteUserSql, username);
+		this.userCache.removeUserFromCache(username);
 	}
 
 	private void deleteUserAuthorities(String username) {
-		getJdbcTemplate().update(deleteUserAuthoritiesSql, username);
+		getJdbcTemplate().update(this.deleteUserAuthoritiesSql, username);
 	}
 
 	public void changePassword(String oldPassword, String newPassword) throws AuthenticationException {
@@ -274,22 +274,22 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
 
 		// If an authentication manager has been set, re-authenticate the user with the
 		// supplied password.
-		if (authenticationManager != null) {
-			logger.debug("Reauthenticating user '" + username + "' for password change request.");
+		if (this.authenticationManager != null) {
+			this.logger.debug("Reauthenticating user '" + username + "' for password change request.");
 
-			authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(username, oldPassword));
+			this.authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(username, oldPassword));
 		}
 		else {
-			logger.debug("No authentication manager set. Password won't be re-checked.");
+			this.logger.debug("No authentication manager set. Password won't be re-checked.");
 		}
 
-		logger.debug("Changing password for user '" + username + "'");
+		this.logger.debug("Changing password for user '" + username + "'");
 
-		getJdbcTemplate().update(changePasswordSql, newPassword, username);
+		getJdbcTemplate().update(this.changePasswordSql, newPassword, username);
 
 		SecurityContextHolder.getContext().setAuthentication(createNewAuthentication(currentUser, newPassword));
 
-		userCache.removeUserFromCache(username);
+		this.userCache.removeUserFromCache(username);
 	}
 
 	protected Authentication createNewAuthentication(Authentication currentAuth, String newPassword) {
@@ -303,7 +303,8 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
 	}
 
 	public boolean userExists(String username) {
-		List<String> users = getJdbcTemplate().queryForList(userExistsSql, new String[] { username }, String.class);
+		List<String> users = getJdbcTemplate().queryForList(this.userExistsSql, new String[] { username },
+				String.class);
 
 		if (users.size() > 1) {
 			throw new IncorrectResultSizeDataAccessException("More than one user found with name '" + username + "'",
@@ -314,28 +315,28 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
 	}
 
 	public List<String> findAllGroups() {
-		return getJdbcTemplate().queryForList(findAllGroupsSql, String.class);
+		return getJdbcTemplate().queryForList(this.findAllGroupsSql, String.class);
 	}
 
 	public List<String> findUsersInGroup(String groupName) {
 		Assert.hasText(groupName, "groupName should have text");
-		return getJdbcTemplate().queryForList(findUsersInGroupSql, new String[] { groupName }, String.class);
+		return getJdbcTemplate().queryForList(this.findUsersInGroupSql, new String[] { groupName }, String.class);
 	}
 
 	public void createGroup(final String groupName, final List<GrantedAuthority> authorities) {
 		Assert.hasText(groupName, "groupName should have text");
 		Assert.notNull(authorities, "authorities cannot be null");
 
-		logger.debug("Creating new group '" + groupName + "' with authorities "
+		this.logger.debug("Creating new group '" + groupName + "' with authorities "
 				+ AuthorityUtils.authorityListToSet(authorities));
 
-		getJdbcTemplate().update(insertGroupSql, groupName);
+		getJdbcTemplate().update(this.insertGroupSql, groupName);
 
 		final int groupId = findGroupId(groupName);
 
 		for (GrantedAuthority a : authorities) {
 			final String authority = a.getAuthority();
-			getJdbcTemplate().update(insertGroupAuthoritySql, ps -> {
+			getJdbcTemplate().update(this.insertGroupAuthoritySql, ps -> {
 				ps.setInt(1, groupId);
 				ps.setString(2, authority);
 			});
@@ -343,58 +344,58 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
 	}
 
 	public void deleteGroup(String groupName) {
-		logger.debug("Deleting group '" + groupName + "'");
+		this.logger.debug("Deleting group '" + groupName + "'");
 		Assert.hasText(groupName, "groupName should have text");
 
 		final int id = findGroupId(groupName);
 		PreparedStatementSetter groupIdPSS = ps -> ps.setInt(1, id);
-		getJdbcTemplate().update(deleteGroupMembersSql, groupIdPSS);
-		getJdbcTemplate().update(deleteGroupAuthoritiesSql, groupIdPSS);
-		getJdbcTemplate().update(deleteGroupSql, groupIdPSS);
+		getJdbcTemplate().update(this.deleteGroupMembersSql, groupIdPSS);
+		getJdbcTemplate().update(this.deleteGroupAuthoritiesSql, groupIdPSS);
+		getJdbcTemplate().update(this.deleteGroupSql, groupIdPSS);
 	}
 
 	public void renameGroup(String oldName, String newName) {
-		logger.debug("Changing group name from '" + oldName + "' to '" + newName + "'");
+		this.logger.debug("Changing group name from '" + oldName + "' to '" + newName + "'");
 		Assert.hasText(oldName, "oldName should have text");
 		Assert.hasText(newName, "newName should have text");
 
-		getJdbcTemplate().update(renameGroupSql, newName, oldName);
+		getJdbcTemplate().update(this.renameGroupSql, newName, oldName);
 	}
 
 	public void addUserToGroup(final String username, final String groupName) {
-		logger.debug("Adding user '" + username + "' to group '" + groupName + "'");
+		this.logger.debug("Adding user '" + username + "' to group '" + groupName + "'");
 		Assert.hasText(username, "username should have text");
 		Assert.hasText(groupName, "groupName should have text");
 
 		final int id = findGroupId(groupName);
-		getJdbcTemplate().update(insertGroupMemberSql, ps -> {
+		getJdbcTemplate().update(this.insertGroupMemberSql, ps -> {
 			ps.setInt(1, id);
 			ps.setString(2, username);
 		});
 
-		userCache.removeUserFromCache(username);
+		this.userCache.removeUserFromCache(username);
 	}
 
 	public void removeUserFromGroup(final String username, final String groupName) {
-		logger.debug("Removing user '" + username + "' to group '" + groupName + "'");
+		this.logger.debug("Removing user '" + username + "' to group '" + groupName + "'");
 		Assert.hasText(username, "username should have text");
 		Assert.hasText(groupName, "groupName should have text");
 
 		final int id = findGroupId(groupName);
 
-		getJdbcTemplate().update(deleteGroupMemberSql, ps -> {
+		getJdbcTemplate().update(this.deleteGroupMemberSql, ps -> {
 			ps.setInt(1, id);
 			ps.setString(2, username);
 		});
 
-		userCache.removeUserFromCache(username);
+		this.userCache.removeUserFromCache(username);
 	}
 
 	public List<GrantedAuthority> findGroupAuthorities(String groupName) {
-		logger.debug("Loading authorities for group '" + groupName + "'");
+		this.logger.debug("Loading authorities for group '" + groupName + "'");
 		Assert.hasText(groupName, "groupName should have text");
 
-		return getJdbcTemplate().query(groupAuthoritiesSql, new String[] { groupName }, (rs, rowNum) -> {
+		return getJdbcTemplate().query(this.groupAuthoritiesSql, new String[] { groupName }, (rs, rowNum) -> {
 			String roleName = getRolePrefix() + rs.getString(3);
 
 			return new SimpleGrantedAuthority(roleName);
@@ -402,32 +403,32 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
 	}
 
 	public void removeGroupAuthority(String groupName, final GrantedAuthority authority) {
-		logger.debug("Removing authority '" + authority + "' from group '" + groupName + "'");
+		this.logger.debug("Removing authority '" + authority + "' from group '" + groupName + "'");
 		Assert.hasText(groupName, "groupName should have text");
 		Assert.notNull(authority, "authority cannot be null");
 
 		final int id = findGroupId(groupName);
 
-		getJdbcTemplate().update(deleteGroupAuthoritySql, ps -> {
+		getJdbcTemplate().update(this.deleteGroupAuthoritySql, ps -> {
 			ps.setInt(1, id);
 			ps.setString(2, authority.getAuthority());
 		});
 	}
 
 	public void addGroupAuthority(final String groupName, final GrantedAuthority authority) {
-		logger.debug("Adding authority '" + authority + "' to group '" + groupName + "'");
+		this.logger.debug("Adding authority '" + authority + "' to group '" + groupName + "'");
 		Assert.hasText(groupName, "groupName should have text");
 		Assert.notNull(authority, "authority cannot be null");
 
 		final int id = findGroupId(groupName);
-		getJdbcTemplate().update(insertGroupAuthoritySql, ps -> {
+		getJdbcTemplate().update(this.insertGroupAuthoritySql, ps -> {
 			ps.setInt(1, id);
 			ps.setString(2, authority.getAuthority());
 		});
 	}
 
 	private int findGroupId(String group) {
-		return getJdbcTemplate().queryForObject(findGroupIdSql, Integer.class, group);
+		return getJdbcTemplate().queryForObject(this.findGroupIdSql, Integer.class, group);
 	}
 
 	public void setAuthenticationManager(AuthenticationManager authenticationManager) {
diff --git a/core/src/main/java/org/springframework/security/provisioning/MutableUser.java b/core/src/main/java/org/springframework/security/provisioning/MutableUser.java
index b5df07122e..09af62611b 100644
--- a/core/src/main/java/org/springframework/security/provisioning/MutableUser.java
+++ b/core/src/main/java/org/springframework/security/provisioning/MutableUser.java
@@ -39,7 +39,7 @@ class MutableUser implements MutableUserDetails {
 	}
 
 	public String getPassword() {
-		return password;
+		return this.password;
 	}
 
 	public void setPassword(String password) {
@@ -47,27 +47,27 @@ class MutableUser implements MutableUserDetails {
 	}
 
 	public Collection<? extends GrantedAuthority> getAuthorities() {
-		return delegate.getAuthorities();
+		return this.delegate.getAuthorities();
 	}
 
 	public String getUsername() {
-		return delegate.getUsername();
+		return this.delegate.getUsername();
 	}
 
 	public boolean isAccountNonExpired() {
-		return delegate.isAccountNonExpired();
+		return this.delegate.isAccountNonExpired();
 	}
 
 	public boolean isAccountNonLocked() {
-		return delegate.isAccountNonLocked();
+		return this.delegate.isAccountNonLocked();
 	}
 
 	public boolean isCredentialsNonExpired() {
-		return delegate.isCredentialsNonExpired();
+		return this.delegate.isCredentialsNonExpired();
 	}
 
 	public boolean isEnabled() {
-		return delegate.isEnabled();
+		return this.delegate.isEnabled();
 	}
 
 }
diff --git a/core/src/main/java/org/springframework/security/scheduling/DelegatingSecurityContextTaskScheduler.java b/core/src/main/java/org/springframework/security/scheduling/DelegatingSecurityContextTaskScheduler.java
index 1180c486f8..d1a3642228 100644
--- a/core/src/main/java/org/springframework/security/scheduling/DelegatingSecurityContextTaskScheduler.java
+++ b/core/src/main/java/org/springframework/security/scheduling/DelegatingSecurityContextTaskScheduler.java
@@ -44,32 +44,32 @@ public class DelegatingSecurityContextTaskScheduler implements TaskScheduler {
 
 	@Override
 	public ScheduledFuture<?> schedule(Runnable task, Trigger trigger) {
-		return taskScheduler.schedule(task, trigger);
+		return this.taskScheduler.schedule(task, trigger);
 	}
 
 	@Override
 	public ScheduledFuture<?> schedule(Runnable task, Date startTime) {
-		return taskScheduler.schedule(task, startTime);
+		return this.taskScheduler.schedule(task, startTime);
 	}
 
 	@Override
 	public ScheduledFuture<?> scheduleAtFixedRate(Runnable task, Date startTime, long period) {
-		return taskScheduler.scheduleAtFixedRate(task, startTime, period);
+		return this.taskScheduler.scheduleAtFixedRate(task, startTime, period);
 	}
 
 	@Override
 	public ScheduledFuture<?> scheduleAtFixedRate(Runnable task, long period) {
-		return taskScheduler.scheduleAtFixedRate(task, period);
+		return this.taskScheduler.scheduleAtFixedRate(task, period);
 	}
 
 	@Override
 	public ScheduledFuture<?> scheduleWithFixedDelay(Runnable task, Date startTime, long delay) {
-		return taskScheduler.scheduleWithFixedDelay(task, startTime, delay);
+		return this.taskScheduler.scheduleWithFixedDelay(task, startTime, delay);
 	}
 
 	@Override
 	public ScheduledFuture<?> scheduleWithFixedDelay(Runnable task, long delay) {
-		return taskScheduler.scheduleWithFixedDelay(task, delay);
+		return this.taskScheduler.scheduleWithFixedDelay(task, delay);
 	}
 
 }
diff --git a/core/src/main/java/org/springframework/security/util/InMemoryResource.java b/core/src/main/java/org/springframework/security/util/InMemoryResource.java
index b0bdf23fca..c027324f90 100644
--- a/core/src/main/java/org/springframework/security/util/InMemoryResource.java
+++ b/core/src/main/java/org/springframework/security/util/InMemoryResource.java
@@ -54,12 +54,12 @@ public class InMemoryResource extends AbstractResource {
 
 	@Override
 	public String getDescription() {
-		return description;
+		return this.description;
 	}
 
 	@Override
 	public InputStream getInputStream() {
-		return new ByteArrayInputStream(source);
+		return new ByteArrayInputStream(this.source);
 	}
 
 	@Override
@@ -73,7 +73,7 @@ public class InMemoryResource extends AbstractResource {
 			return false;
 		}
 
-		return Arrays.equals(source, ((InMemoryResource) res).source);
+		return Arrays.equals(this.source, ((InMemoryResource) res).source);
 	}
 
 }
diff --git a/core/src/main/java/org/springframework/security/util/SimpleMethodInvocation.java b/core/src/main/java/org/springframework/security/util/SimpleMethodInvocation.java
index 199bbe52a7..8f7bf0d803 100644
--- a/core/src/main/java/org/springframework/security/util/SimpleMethodInvocation.java
+++ b/core/src/main/java/org/springframework/security/util/SimpleMethodInvocation.java
@@ -44,11 +44,11 @@ public class SimpleMethodInvocation implements MethodInvocation {
 	}
 
 	public Object[] getArguments() {
-		return arguments;
+		return this.arguments;
 	}
 
 	public Method getMethod() {
-		return method;
+		return this.method;
 	}
 
 	public AccessibleObject getStaticPart() {
@@ -56,7 +56,7 @@ public class SimpleMethodInvocation implements MethodInvocation {
 	}
 
 	public Object getThis() {
-		return targetObject;
+		return this.targetObject;
 	}
 
 	public Object proceed() {
diff --git a/core/src/test/java/org/springframework/security/TestDataSource.java b/core/src/test/java/org/springframework/security/TestDataSource.java
index 2f65116039..9d79516ce1 100644
--- a/core/src/test/java/org/springframework/security/TestDataSource.java
+++ b/core/src/test/java/org/springframework/security/TestDataSource.java
@@ -30,8 +30,8 @@ public class TestDataSource extends DriverManagerDataSource implements Disposabl
 	String name;
 
 	public TestDataSource(String databaseName) {
-		name = databaseName;
-		System.out.println("Creating database: " + name);
+		this.name = databaseName;
+		System.out.println("Creating database: " + this.name);
 		setDriverClassName("org.hsqldb.jdbcDriver");
 		setUrl("jdbc:hsqldb:mem:" + databaseName);
 		setUsername("sa");
@@ -39,7 +39,7 @@ public class TestDataSource extends DriverManagerDataSource implements Disposabl
 	}
 
 	public void destroy() {
-		System.out.println("Shutting down database: " + name);
+		System.out.println("Shutting down database: " + this.name);
 		new JdbcTemplate(this).execute("SHUTDOWN");
 	}
 
diff --git a/core/src/test/java/org/springframework/security/access/AuthorizationFailureEventTests.java b/core/src/test/java/org/springframework/security/access/AuthorizationFailureEventTests.java
index a363ae4c38..b6f5766cfe 100644
--- a/core/src/test/java/org/springframework/security/access/AuthorizationFailureEventTests.java
+++ b/core/src/test/java/org/springframework/security/access/AuthorizationFailureEventTests.java
@@ -41,30 +41,31 @@ public class AuthorizationFailureEventTests {
 
 	@Test(expected = IllegalArgumentException.class)
 	public void rejectsNullSecureObject() {
-		new AuthorizationFailureEvent(null, attributes, foo, exception);
+		new AuthorizationFailureEvent(null, this.attributes, this.foo, this.exception);
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void rejectsNullAttributesList() {
-		new AuthorizationFailureEvent(new SimpleMethodInvocation(), null, foo, exception);
+		new AuthorizationFailureEvent(new SimpleMethodInvocation(), null, this.foo, this.exception);
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void rejectsNullAuthentication() {
-		new AuthorizationFailureEvent(new SimpleMethodInvocation(), attributes, null, exception);
+		new AuthorizationFailureEvent(new SimpleMethodInvocation(), this.attributes, null, this.exception);
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void rejectsNullException() {
-		new AuthorizationFailureEvent(new SimpleMethodInvocation(), attributes, foo, null);
+		new AuthorizationFailureEvent(new SimpleMethodInvocation(), this.attributes, this.foo, null);
 	}
 
 	@Test
 	public void gettersReturnCtorSuppliedData() {
-		AuthorizationFailureEvent event = new AuthorizationFailureEvent(new Object(), attributes, foo, exception);
-		assertThat(event.getConfigAttributes()).isSameAs(attributes);
-		assertThat(event.getAccessDeniedException()).isSameAs(exception);
-		assertThat(event.getAuthentication()).isSameAs(foo);
+		AuthorizationFailureEvent event = new AuthorizationFailureEvent(new Object(), this.attributes, this.foo,
+				this.exception);
+		assertThat(event.getConfigAttributes()).isSameAs(this.attributes);
+		assertThat(event.getAccessDeniedException()).isSameAs(this.exception);
+		assertThat(event.getAuthentication()).isSameAs(this.foo);
 	}
 
 }
diff --git a/core/src/test/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSourceTests.java b/core/src/test/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSourceTests.java
index 47fa1e0c6b..6f306a7cd3 100644
--- a/core/src/test/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSourceTests.java
+++ b/core/src/test/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSourceTests.java
@@ -62,7 +62,7 @@ public class SecuredAnnotationSecurityMetadataSourceTests {
 			fail("Should be a superMethod called 'someUserMethod3' on class!");
 		}
 
-		Collection<ConfigAttribute> attrs = mds.findAttributes(method, DepartmentServiceImpl.class);
+		Collection<ConfigAttribute> attrs = this.mds.findAttributes(method, DepartmentServiceImpl.class);
 
 		assertThat(attrs).isNotNull();
 
@@ -160,7 +160,7 @@ public class SecuredAnnotationSecurityMetadataSourceTests {
 		MockMethodInvocation annotatedAtClassLevel = new MockMethodInvocation(new AnnotatedAnnotationAtClassLevel(),
 				ReturnVoid.class, "doSomething", List.class);
 
-		ConfigAttribute[] attrs = mds.getAttributes(annotatedAtClassLevel).toArray(new ConfigAttribute[0]);
+		ConfigAttribute[] attrs = this.mds.getAttributes(annotatedAtClassLevel).toArray(new ConfigAttribute[0]);
 
 		assertThat(attrs).hasSize(1);
 		assertThat(attrs).extracting("attribute").containsOnly("CUSTOM");
@@ -171,7 +171,7 @@ public class SecuredAnnotationSecurityMetadataSourceTests {
 		MockMethodInvocation annotatedAtInterfaceLevel = new MockMethodInvocation(
 				new AnnotatedAnnotationAtInterfaceLevel(), ReturnVoid2.class, "doSomething", List.class);
 
-		ConfigAttribute[] attrs = mds.getAttributes(annotatedAtInterfaceLevel).toArray(new ConfigAttribute[0]);
+		ConfigAttribute[] attrs = this.mds.getAttributes(annotatedAtInterfaceLevel).toArray(new ConfigAttribute[0]);
 
 		assertThat(attrs).hasSize(1);
 		assertThat(attrs).extracting("attribute").containsOnly("CUSTOM");
@@ -181,7 +181,7 @@ public class SecuredAnnotationSecurityMetadataSourceTests {
 	public void annotatedAnnotationAtMethodLevelIsDetected() throws Exception {
 		MockMethodInvocation annotatedAtMethodLevel = new MockMethodInvocation(new AnnotatedAnnotationAtMethodLevel(),
 				ReturnVoid.class, "doSomething", List.class);
-		ConfigAttribute[] attrs = mds.getAttributes(annotatedAtMethodLevel).toArray(new ConfigAttribute[0]);
+		ConfigAttribute[] attrs = this.mds.getAttributes(annotatedAtMethodLevel).toArray(new ConfigAttribute[0]);
 
 		assertThat(attrs).hasSize(1);
 		assertThat(attrs).extracting("attribute").containsOnly("CUSTOM");
@@ -190,7 +190,7 @@ public class SecuredAnnotationSecurityMetadataSourceTests {
 	@Test
 	public void proxyFactoryInterfaceAttributesFound() throws Exception {
 		MockMethodInvocation mi = MethodInvocationFactory.createSec2150MethodInvocation();
-		Collection<ConfigAttribute> attributes = mds.getAttributes(mi);
+		Collection<ConfigAttribute> attributes = this.mds.getAttributes(mi);
 		assertThat(attributes).hasSize(1);
 		assertThat(attributes).extracting("attribute").containsOnly("ROLE_PERSON");
 	}
diff --git a/core/src/test/java/org/springframework/security/access/expression/AbstractSecurityExpressionHandlerTests.java b/core/src/test/java/org/springframework/security/access/expression/AbstractSecurityExpressionHandlerTests.java
index 1ca4760866..259474e668 100644
--- a/core/src/test/java/org/springframework/security/access/expression/AbstractSecurityExpressionHandlerTests.java
+++ b/core/src/test/java/org/springframework/security/access/expression/AbstractSecurityExpressionHandlerTests.java
@@ -37,7 +37,7 @@ public class AbstractSecurityExpressionHandlerTests {
 
 	@Before
 	public void setUp() {
-		handler = new AbstractSecurityExpressionHandler<Object>() {
+		this.handler = new AbstractSecurityExpressionHandler<Object>() {
 			@Override
 			protected SecurityExpressionOperations createSecurityExpressionRoot(Authentication authentication,
 					Object o) {
@@ -49,23 +49,24 @@ public class AbstractSecurityExpressionHandlerTests {
 
 	@Test
 	public void beanNamesAreCorrectlyResolved() {
-		handler.setApplicationContext(new AnnotationConfigApplicationContext(TestConfiguration.class));
+		this.handler.setApplicationContext(new AnnotationConfigApplicationContext(TestConfiguration.class));
 
-		Expression expression = handler.getExpressionParser().parseExpression("@number10.compareTo(@number20) < 0");
-		assertThat(expression.getValue(handler.createEvaluationContext(mock(Authentication.class), new Object())))
+		Expression expression = this.handler.getExpressionParser()
+				.parseExpression("@number10.compareTo(@number20) < 0");
+		assertThat(expression.getValue(this.handler.createEvaluationContext(mock(Authentication.class), new Object())))
 				.isEqualTo(true);
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void setExpressionParserNull() {
-		handler.setExpressionParser(null);
+		this.handler.setExpressionParser(null);
 	}
 
 	@Test
 	public void setExpressionParser() {
 		SpelExpressionParser parser = new SpelExpressionParser();
-		handler.setExpressionParser(parser);
-		assertThat(parser == handler.getExpressionParser()).isTrue();
+		this.handler.setExpressionParser(parser);
+		assertThat(parser == this.handler.getExpressionParser()).isTrue();
 	}
 
 }
diff --git a/core/src/test/java/org/springframework/security/access/expression/SecurityExpressionRootTests.java b/core/src/test/java/org/springframework/security/access/expression/SecurityExpressionRootTests.java
index 29c1e8d144..140ac517e3 100644
--- a/core/src/test/java/org/springframework/security/access/expression/SecurityExpressionRootTests.java
+++ b/core/src/test/java/org/springframework/security/access/expression/SecurityExpressionRootTests.java
@@ -39,58 +39,58 @@ public class SecurityExpressionRootTests {
 
 	@Before
 	public void setup() {
-		root = new SecurityExpressionRoot(JOE) {
+		this.root = new SecurityExpressionRoot(JOE) {
 		};
 	}
 
 	@Test
 	public void denyAllIsFalsePermitAllTrue() {
-		assertThat(root.denyAll()).isFalse();
-		assertThat(root.denyAll).isFalse();
-		assertThat(root.permitAll()).isTrue();
-		assertThat(root.permitAll).isTrue();
+		assertThat(this.root.denyAll()).isFalse();
+		assertThat(this.root.denyAll).isFalse();
+		assertThat(this.root.permitAll()).isTrue();
+		assertThat(this.root.permitAll).isTrue();
 	}
 
 	@Test
 	public void rememberMeIsCorrectlyDetected() {
 		AuthenticationTrustResolver atr = mock(AuthenticationTrustResolver.class);
-		root.setTrustResolver(atr);
+		this.root.setTrustResolver(atr);
 		when(atr.isRememberMe(JOE)).thenReturn(true);
-		assertThat(root.isRememberMe()).isTrue();
-		assertThat(root.isFullyAuthenticated()).isFalse();
+		assertThat(this.root.isRememberMe()).isTrue();
+		assertThat(this.root.isFullyAuthenticated()).isFalse();
 	}
 
 	@Test
 	public void roleHierarchySupportIsCorrectlyUsedInEvaluatingRoles() {
-		root.setRoleHierarchy(authorities -> AuthorityUtils.createAuthorityList("ROLE_C"));
+		this.root.setRoleHierarchy(authorities -> AuthorityUtils.createAuthorityList("ROLE_C"));
 
-		assertThat(root.hasRole("C")).isTrue();
-		assertThat(root.hasAuthority("ROLE_C")).isTrue();
-		assertThat(root.hasRole("A")).isFalse();
-		assertThat(root.hasRole("B")).isFalse();
-		assertThat(root.hasAnyRole("C", "A", "B")).isTrue();
-		assertThat(root.hasAnyAuthority("ROLE_C", "ROLE_A", "ROLE_B")).isTrue();
-		assertThat(root.hasAnyRole("A", "B")).isFalse();
+		assertThat(this.root.hasRole("C")).isTrue();
+		assertThat(this.root.hasAuthority("ROLE_C")).isTrue();
+		assertThat(this.root.hasRole("A")).isFalse();
+		assertThat(this.root.hasRole("B")).isFalse();
+		assertThat(this.root.hasAnyRole("C", "A", "B")).isTrue();
+		assertThat(this.root.hasAnyAuthority("ROLE_C", "ROLE_A", "ROLE_B")).isTrue();
+		assertThat(this.root.hasAnyRole("A", "B")).isFalse();
 	}
 
 	@Test
 	public void hasRoleAddsDefaultPrefix() {
-		assertThat(root.hasRole("A")).isTrue();
-		assertThat(root.hasRole("NO")).isFalse();
+		assertThat(this.root.hasRole("A")).isTrue();
+		assertThat(this.root.hasRole("NO")).isFalse();
 	}
 
 	@Test
 	public void hasRoleEmptyPrefixDoesNotAddsDefaultPrefix() {
-		root.setDefaultRolePrefix("");
-		assertThat(root.hasRole("A")).isFalse();
-		assertThat(root.hasRole("ROLE_A")).isTrue();
+		this.root.setDefaultRolePrefix("");
+		assertThat(this.root.hasRole("A")).isFalse();
+		assertThat(this.root.hasRole("ROLE_A")).isTrue();
 	}
 
 	@Test
 	public void hasRoleNullPrefixDoesNotAddsDefaultPrefix() {
-		root.setDefaultRolePrefix(null);
-		assertThat(root.hasRole("A")).isFalse();
-		assertThat(root.hasRole("ROLE_A")).isTrue();
+		this.root.setDefaultRolePrefix(null);
+		assertThat(this.root.hasRole("A")).isFalse();
+		assertThat(this.root.hasRole("ROLE_A")).isTrue();
 	}
 
 	@Test
@@ -104,35 +104,35 @@ public class SecurityExpressionRootTests {
 
 	@Test
 	public void hasAnyRoleAddsDefaultPrefix() {
-		assertThat(root.hasAnyRole("NO", "A")).isTrue();
-		assertThat(root.hasAnyRole("NO", "NOT")).isFalse();
+		assertThat(this.root.hasAnyRole("NO", "A")).isTrue();
+		assertThat(this.root.hasAnyRole("NO", "NOT")).isFalse();
 	}
 
 	@Test
 	public void hasAnyRoleDoesNotAddDefaultPrefixForAlreadyPrefixedRoles() {
-		assertThat(root.hasAnyRole("ROLE_NO", "ROLE_A")).isTrue();
-		assertThat(root.hasAnyRole("ROLE_NO", "ROLE_NOT")).isFalse();
+		assertThat(this.root.hasAnyRole("ROLE_NO", "ROLE_A")).isTrue();
+		assertThat(this.root.hasAnyRole("ROLE_NO", "ROLE_NOT")).isFalse();
 	}
 
 	@Test
 	public void hasAnyRoleEmptyPrefixDoesNotAddsDefaultPrefix() {
-		root.setDefaultRolePrefix("");
-		assertThat(root.hasRole("A")).isFalse();
-		assertThat(root.hasRole("ROLE_A")).isTrue();
+		this.root.setDefaultRolePrefix("");
+		assertThat(this.root.hasRole("A")).isFalse();
+		assertThat(this.root.hasRole("ROLE_A")).isTrue();
 	}
 
 	@Test
 	public void hasAnyRoleNullPrefixDoesNotAddsDefaultPrefix() {
-		root.setDefaultRolePrefix(null);
-		assertThat(root.hasAnyRole("A")).isFalse();
-		assertThat(root.hasAnyRole("ROLE_A")).isTrue();
+		this.root.setDefaultRolePrefix(null);
+		assertThat(this.root.hasAnyRole("A")).isFalse();
+		assertThat(this.root.hasAnyRole("ROLE_A")).isTrue();
 	}
 
 	@Test
 	public void hasAuthorityDoesNotAddDefaultPrefix() {
-		assertThat(root.hasAuthority("A")).isFalse();
-		assertThat(root.hasAnyAuthority("NO", "A")).isFalse();
-		assertThat(root.hasAnyAuthority("ROLE_A", "NOT")).isTrue();
+		assertThat(this.root.hasAuthority("A")).isFalse();
+		assertThat(this.root.hasAnyAuthority("NO", "A")).isFalse();
+		assertThat(this.root.hasAnyAuthority("ROLE_A", "NOT")).isTrue();
 	}
 
 }
diff --git a/core/src/test/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandlerTests.java b/core/src/test/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandlerTests.java
index 8a814ef0ef..443a3c4ed7 100644
--- a/core/src/test/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandlerTests.java
+++ b/core/src/test/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandlerTests.java
@@ -58,9 +58,9 @@ public class DefaultMethodSecurityExpressionHandlerTests {
 
 	@Before
 	public void setup() {
-		handler = new DefaultMethodSecurityExpressionHandler();
-		when(methodInvocation.getThis()).thenReturn(new Foo());
-		when(methodInvocation.getMethod()).thenReturn(Foo.class.getMethods()[0]);
+		this.handler = new DefaultMethodSecurityExpressionHandler();
+		when(this.methodInvocation.getThis()).thenReturn(new Foo());
+		when(this.methodInvocation.getMethod()).thenReturn(Foo.class.getMethods()[0]);
 	}
 
 	@After
@@ -70,18 +70,18 @@ public class DefaultMethodSecurityExpressionHandlerTests {
 
 	@Test(expected = IllegalArgumentException.class)
 	public void setTrustResolverNull() {
-		handler.setTrustResolver(null);
+		this.handler.setTrustResolver(null);
 	}
 
 	@Test
 	public void createEvaluationContextCustomTrustResolver() {
-		handler.setTrustResolver(trustResolver);
+		this.handler.setTrustResolver(this.trustResolver);
 
-		Expression expression = handler.getExpressionParser().parseExpression("anonymous");
-		EvaluationContext context = handler.createEvaluationContext(authentication, methodInvocation);
+		Expression expression = this.handler.getExpressionParser().parseExpression("anonymous");
+		EvaluationContext context = this.handler.createEvaluationContext(this.authentication, this.methodInvocation);
 		expression.getValue(context, Boolean.class);
 
-		verify(trustResolver).isAnonymous(authentication);
+		verify(this.trustResolver).isAnonymous(this.authentication);
 	}
 
 	@Test
@@ -92,11 +92,11 @@ public class DefaultMethodSecurityExpressionHandlerTests {
 		map.put("key2", "value2");
 		map.put("key3", "value3");
 
-		Expression expression = handler.getExpressionParser().parseExpression("filterObject.key eq 'key2'");
+		Expression expression = this.handler.getExpressionParser().parseExpression("filterObject.key eq 'key2'");
 
-		EvaluationContext context = handler.createEvaluationContext(authentication, methodInvocation);
+		EvaluationContext context = this.handler.createEvaluationContext(this.authentication, this.methodInvocation);
 
-		Object filtered = handler.filter(map, expression, context);
+		Object filtered = this.handler.filter(map, expression, context);
 
 		assertThat(filtered == map);
 		Map<String, String> result = ((Map<String, String>) filtered);
@@ -113,11 +113,11 @@ public class DefaultMethodSecurityExpressionHandlerTests {
 		map.put("key2", "value2");
 		map.put("key3", "value3");
 
-		Expression expression = handler.getExpressionParser().parseExpression("filterObject.value eq 'value3'");
+		Expression expression = this.handler.getExpressionParser().parseExpression("filterObject.value eq 'value3'");
 
-		EvaluationContext context = handler.createEvaluationContext(authentication, methodInvocation);
+		EvaluationContext context = this.handler.createEvaluationContext(this.authentication, this.methodInvocation);
 
-		Object filtered = handler.filter(map, expression, context);
+		Object filtered = this.handler.filter(map, expression, context);
 
 		assertThat(filtered == map);
 		Map<String, String> result = ((Map<String, String>) filtered);
@@ -134,12 +134,12 @@ public class DefaultMethodSecurityExpressionHandlerTests {
 		map.put("key2", "value2");
 		map.put("key3", "value3");
 
-		Expression expression = handler.getExpressionParser()
+		Expression expression = this.handler.getExpressionParser()
 				.parseExpression("(filterObject.key eq 'key1') or (filterObject.value eq 'value2')");
 
-		EvaluationContext context = handler.createEvaluationContext(authentication, methodInvocation);
+		EvaluationContext context = this.handler.createEvaluationContext(this.authentication, this.methodInvocation);
 
-		Object filtered = handler.filter(map, expression, context);
+		Object filtered = this.handler.filter(map, expression, context);
 
 		assertThat(filtered == map);
 		Map<String, String> result = ((Map<String, String>) filtered);
@@ -153,11 +153,11 @@ public class DefaultMethodSecurityExpressionHandlerTests {
 	public void filterWhenUsingStreamThenFiltersStream() {
 		final Stream<String> stream = Stream.of("1", "2", "3");
 
-		Expression expression = handler.getExpressionParser().parseExpression("filterObject ne '2'");
+		Expression expression = this.handler.getExpressionParser().parseExpression("filterObject ne '2'");
 
-		EvaluationContext context = handler.createEvaluationContext(authentication, methodInvocation);
+		EvaluationContext context = this.handler.createEvaluationContext(this.authentication, this.methodInvocation);
 
-		Object filtered = handler.filter(stream, expression, context);
+		Object filtered = this.handler.filter(stream, expression, context);
 
 		assertThat(filtered).isInstanceOf(Stream.class);
 		List<String> list = ((Stream<String>) filtered).collect(Collectors.toList());
@@ -169,11 +169,11 @@ public class DefaultMethodSecurityExpressionHandlerTests {
 		final Stream<?> upstream = mock(Stream.class);
 		doReturn(Stream.<String>empty()).when(upstream).filter(any());
 
-		Expression expression = handler.getExpressionParser().parseExpression("true");
+		Expression expression = this.handler.getExpressionParser().parseExpression("true");
 
-		EvaluationContext context = handler.createEvaluationContext(authentication, methodInvocation);
+		EvaluationContext context = this.handler.createEvaluationContext(this.authentication, this.methodInvocation);
 
-		((Stream) handler.filter(upstream, expression, context)).close();
+		((Stream) this.handler.filter(upstream, expression, context)).close();
 		verify(upstream).close();
 	}
 
diff --git a/core/src/test/java/org/springframework/security/access/expression/method/ExpressionBasedPreInvocationAdviceTests.java b/core/src/test/java/org/springframework/security/access/expression/method/ExpressionBasedPreInvocationAdviceTests.java
index f6cb59ef10..d54ad3faca 100644
--- a/core/src/test/java/org/springframework/security/access/expression/method/ExpressionBasedPreInvocationAdviceTests.java
+++ b/core/src/test/java/org/springframework/security/access/expression/method/ExpressionBasedPreInvocationAdviceTests.java
@@ -46,7 +46,7 @@ public class ExpressionBasedPreInvocationAdviceTests {
 
 	@Before
 	public void setUp() {
-		expressionBasedPreInvocationAdvice = new ExpressionBasedPreInvocationAdvice();
+		this.expressionBasedPreInvocationAdvice = new ExpressionBasedPreInvocationAdvice();
 	}
 
 	@Test(expected = IllegalArgumentException.class)
@@ -57,7 +57,7 @@ public class ExpressionBasedPreInvocationAdviceTests {
 		MockMethodInvocation methodInvocation = new MockMethodInvocation(new TestClass(), TestClass.class,
 				"doSomethingCollection", new Class[] { List.class }, new Object[] { new ArrayList<>() });
 		// when - then
-		expressionBasedPreInvocationAdvice.before(authentication, methodInvocation, attribute);
+		this.expressionBasedPreInvocationAdvice.before(this.authentication, methodInvocation, attribute);
 	}
 
 	@Test(expected = IllegalArgumentException.class)
@@ -67,7 +67,7 @@ public class ExpressionBasedPreInvocationAdviceTests {
 		MockMethodInvocation methodInvocation = new MockMethodInvocation(new TestClass(), TestClass.class,
 				"doSomethingArray", new Class[] { String[].class }, new Object[] { new String[0] });
 		// when - then
-		expressionBasedPreInvocationAdvice.before(authentication, methodInvocation, attribute);
+		this.expressionBasedPreInvocationAdvice.before(this.authentication, methodInvocation, attribute);
 	}
 
 	@Test
@@ -78,7 +78,8 @@ public class ExpressionBasedPreInvocationAdviceTests {
 				"doSomethingCollection", new Class[] { List.class }, new Object[] { new ArrayList<>() });
 
 		// when
-		boolean result = expressionBasedPreInvocationAdvice.before(authentication, methodInvocation, attribute);
+		boolean result = this.expressionBasedPreInvocationAdvice.before(this.authentication, methodInvocation,
+				attribute);
 		// then
 		assertThat(result).isTrue();
 	}
@@ -90,7 +91,7 @@ public class ExpressionBasedPreInvocationAdviceTests {
 		MockMethodInvocation methodInvocation = new MockMethodInvocation(new TestClass(), TestClass.class,
 				"doSomethingArray", new Class[] { String[].class }, new Object[] { new String[0] });
 		// when - then
-		expressionBasedPreInvocationAdvice.before(authentication, methodInvocation, attribute);
+		this.expressionBasedPreInvocationAdvice.before(this.authentication, methodInvocation, attribute);
 	}
 
 	@Test
@@ -100,7 +101,8 @@ public class ExpressionBasedPreInvocationAdviceTests {
 		MockMethodInvocation methodInvocation = new MockMethodInvocation(new TestClass(), TestClass.class,
 				"doSomethingCollection", new Class[] { List.class }, new Object[] { new ArrayList<>() });
 		// when
-		boolean result = expressionBasedPreInvocationAdvice.before(authentication, methodInvocation, attribute);
+		boolean result = this.expressionBasedPreInvocationAdvice.before(this.authentication, methodInvocation,
+				attribute);
 		// then
 		assertThat(result).isTrue();
 	}
@@ -112,7 +114,7 @@ public class ExpressionBasedPreInvocationAdviceTests {
 		MockMethodInvocation methodInvocation = new MockMethodInvocation(new TestClass(), TestClass.class,
 				"doSomethingString", new Class[] { String.class }, new Object[] { "param" });
 		// when - then
-		expressionBasedPreInvocationAdvice.before(authentication, methodInvocation, attribute);
+		this.expressionBasedPreInvocationAdvice.before(this.authentication, methodInvocation, attribute);
 	}
 
 	@Test(expected = IllegalArgumentException.class)
@@ -123,7 +125,7 @@ public class ExpressionBasedPreInvocationAdviceTests {
 				"doSomethingTwoArgs", new Class[] { String.class, List.class },
 				new Object[] { "param", new ArrayList<>() });
 		// when - then
-		expressionBasedPreInvocationAdvice.before(authentication, methodInvocation, attribute);
+		this.expressionBasedPreInvocationAdvice.before(this.authentication, methodInvocation, attribute);
 	}
 
 	private class TestClass {
diff --git a/core/src/test/java/org/springframework/security/access/expression/method/MethodExpressionVoterTests.java b/core/src/test/java/org/springframework/security/access/expression/method/MethodExpressionVoterTests.java
index 6c7576b899..79fb22a272 100644
--- a/core/src/test/java/org/springframework/security/access/expression/method/MethodExpressionVoterTests.java
+++ b/core/src/test/java/org/springframework/security/access/expression/method/MethodExpressionVoterTests.java
@@ -43,8 +43,8 @@ public class MethodExpressionVoterTests {
 	@Test
 	public void hasRoleExpressionAllowsUserWithRole() throws Exception {
 		MethodInvocation mi = new SimpleMethodInvocation(new TargetImpl(), methodTakingAnArray());
-		assertThat(
-				am.vote(joe, mi, createAttributes(new PreInvocationExpressionAttribute(null, null, "hasRole('blah')"))))
+		assertThat(this.am.vote(this.joe, mi,
+				createAttributes(new PreInvocationExpressionAttribute(null, null, "hasRole('blah')"))))
 						.isEqualTo(AccessDecisionVoter.ACCESS_GRANTED);
 	}
 
@@ -53,13 +53,13 @@ public class MethodExpressionVoterTests {
 		List<ConfigAttribute> cad = new ArrayList<>(1);
 		cad.add(new PreInvocationExpressionAttribute(null, null, "hasRole('joedoesnt')"));
 		MethodInvocation mi = new SimpleMethodInvocation(new TargetImpl(), methodTakingAnArray());
-		assertThat(am.vote(joe, mi, cad)).isEqualTo(AccessDecisionVoter.ACCESS_DENIED);
+		assertThat(this.am.vote(this.joe, mi, cad)).isEqualTo(AccessDecisionVoter.ACCESS_DENIED);
 	}
 
 	@Test
 	public void matchingArgAgainstAuthenticationNameIsSuccessful() throws Exception {
 		MethodInvocation mi = new SimpleMethodInvocation(new TargetImpl(), methodTakingAString(), "joe");
-		assertThat(am.vote(joe, mi,
+		assertThat(this.am.vote(this.joe, mi,
 				createAttributes(new PreInvocationExpressionAttribute(null, null,
 						"(#argument == principal) and (principal == 'joe')"))))
 								.isEqualTo(AccessDecisionVoter.ACCESS_GRANTED);
@@ -69,7 +69,7 @@ public class MethodExpressionVoterTests {
 	public void accessIsGrantedIfNoPreAuthorizeAttributeIsUsed() throws Exception {
 		Collection arg = createCollectionArg("joe", "bob", "sam");
 		MethodInvocation mi = new SimpleMethodInvocation(new TargetImpl(), methodTakingACollection(), arg);
-		assertThat(am.vote(joe, mi,
+		assertThat(this.am.vote(this.joe, mi,
 				createAttributes(new PreInvocationExpressionAttribute("(filterObject == 'jim')", "collection", null))))
 						.isEqualTo(AccessDecisionVoter.ACCESS_GRANTED);
 		// All objects should have been removed, because the expression is always false
@@ -80,7 +80,7 @@ public class MethodExpressionVoterTests {
 	public void collectionPreFilteringIsSuccessful() throws Exception {
 		List arg = createCollectionArg("joe", "bob", "sam");
 		MethodInvocation mi = new SimpleMethodInvocation(new TargetImpl(), methodTakingACollection(), arg);
-		am.vote(joe, mi, createAttributes(new PreInvocationExpressionAttribute(
+		this.am.vote(this.joe, mi, createAttributes(new PreInvocationExpressionAttribute(
 				"(filterObject == 'joe' or filterObject == 'sam')", "collection", "permitAll")));
 		assertThat(arg).containsExactly("joe", "sam");
 	}
@@ -89,7 +89,7 @@ public class MethodExpressionVoterTests {
 	public void arraysCannotBePrefiltered() throws Exception {
 		MethodInvocation mi = new SimpleMethodInvocation(new TargetImpl(), methodTakingAnArray(),
 				createArrayArg("sam", "joe"));
-		am.vote(joe, mi,
+		this.am.vote(this.joe, mi,
 				createAttributes(new PreInvocationExpressionAttribute("(filterObject == 'jim')", "someArray", null)));
 	}
 
@@ -97,7 +97,7 @@ public class MethodExpressionVoterTests {
 	public void incorrectFilterTargetNameIsRejected() throws Exception {
 		MethodInvocation mi = new SimpleMethodInvocation(new TargetImpl(), methodTakingACollection(),
 				createCollectionArg("joe", "bob"));
-		am.vote(joe, mi,
+		this.am.vote(this.joe, mi,
 				createAttributes(new PreInvocationExpressionAttribute("(filterObject == 'joe')", "collcetion", null)));
 	}
 
@@ -105,7 +105,7 @@ public class MethodExpressionVoterTests {
 	public void nullNamedFilterTargetIsRejected() throws Exception {
 		MethodInvocation mi = new SimpleMethodInvocation(new TargetImpl(), methodTakingACollection(),
 				new Object[] { null });
-		am.vote(joe, mi,
+		this.am.vote(this.joe, mi,
 				createAttributes(new PreInvocationExpressionAttribute("(filterObject == 'joe')", "collection", null)));
 	}
 
@@ -114,7 +114,7 @@ public class MethodExpressionVoterTests {
 		MethodInvocation mi = new SimpleMethodInvocation(new TargetImpl(), methodTakingAString(), "joe");
 		assertThat(
 
-				am.vote(joe, mi, createAttributes(new PreInvocationExpressionAttribute(null, null,
+				this.am.vote(this.joe, mi, createAttributes(new PreInvocationExpressionAttribute(null, null,
 						"T(org.springframework.security.access.expression.method.SecurityRules).isJoe(#argument)"))))
 								.isEqualTo(AccessDecisionVoter.ACCESS_GRANTED);
 	}
diff --git a/core/src/test/java/org/springframework/security/access/expression/method/MethodSecurityEvaluationContextTests.java b/core/src/test/java/org/springframework/security/access/expression/method/MethodSecurityEvaluationContextTests.java
index 5d83a6b8e8..7870917a46 100644
--- a/core/src/test/java/org/springframework/security/access/expression/method/MethodSecurityEvaluationContextTests.java
+++ b/core/src/test/java/org/springframework/security/access/expression/method/MethodSecurityEvaluationContextTests.java
@@ -50,12 +50,12 @@ public class MethodSecurityEvaluationContextTests {
 	public void lookupVariableWhenParameterNameNullThenNotSet() {
 		Class<String> type = String.class;
 		Method method = ReflectionUtils.findMethod(String.class, "contains", CharSequence.class);
-		doReturn(new String[] { null }).when(paramNameDiscoverer).getParameterNames(method);
-		doReturn(new Object[] { null }).when(methodInvocation).getArguments();
-		doReturn(type).when(methodInvocation).getThis();
-		doReturn(method).when(methodInvocation).getMethod();
+		doReturn(new String[] { null }).when(this.paramNameDiscoverer).getParameterNames(method);
+		doReturn(new Object[] { null }).when(this.methodInvocation).getArguments();
+		doReturn(type).when(this.methodInvocation).getThis();
+		doReturn(method).when(this.methodInvocation).getMethod();
 		NotNullVariableMethodSecurityEvaluationContext context = new NotNullVariableMethodSecurityEvaluationContext(
-				authentication, methodInvocation, paramNameDiscoverer);
+				this.authentication, this.methodInvocation, this.paramNameDiscoverer);
 		context.lookupVariable("testVariable");
 	}
 
diff --git a/core/src/test/java/org/springframework/security/access/expression/method/MethodSecurityExpressionRootTests.java b/core/src/test/java/org/springframework/security/access/expression/method/MethodSecurityExpressionRootTests.java
index a29e12e241..4867824140 100644
--- a/core/src/test/java/org/springframework/security/access/expression/method/MethodSecurityExpressionRootTests.java
+++ b/core/src/test/java/org/springframework/security/access/expression/method/MethodSecurityExpressionRootTests.java
@@ -51,43 +51,43 @@ public class MethodSecurityExpressionRootTests {
 
 	@Before
 	public void createContext() {
-		user = mock(Authentication.class);
-		root = new MethodSecurityExpressionRoot(user);
-		ctx = new StandardEvaluationContext();
-		ctx.setRootObject(root);
-		trustResolver = mock(AuthenticationTrustResolver.class);
-		root.setTrustResolver(trustResolver);
+		this.user = mock(Authentication.class);
+		this.root = new MethodSecurityExpressionRoot(this.user);
+		this.ctx = new StandardEvaluationContext();
+		this.ctx.setRootObject(this.root);
+		this.trustResolver = mock(AuthenticationTrustResolver.class);
+		this.root.setTrustResolver(this.trustResolver);
 	}
 
 	@Test
 	public void canCallMethodsOnVariables() {
-		ctx.setVariable("var", "somestring");
-		Expression e = parser.parseExpression("#var.length() == 10");
+		this.ctx.setVariable("var", "somestring");
+		Expression e = this.parser.parseExpression("#var.length() == 10");
 
-		assertThat(ExpressionUtils.evaluateAsBoolean(e, ctx)).isTrue();
+		assertThat(ExpressionUtils.evaluateAsBoolean(e, this.ctx)).isTrue();
 	}
 
 	@Test
 	public void isAnonymousReturnsTrueIfTrustResolverReportsAnonymous() {
-		when(trustResolver.isAnonymous(user)).thenReturn(true);
-		assertThat(root.isAnonymous()).isTrue();
+		when(this.trustResolver.isAnonymous(this.user)).thenReturn(true);
+		assertThat(this.root.isAnonymous()).isTrue();
 	}
 
 	@Test
 	public void isAnonymousReturnsFalseIfTrustResolverReportsNonAnonymous() {
-		when(trustResolver.isAnonymous(user)).thenReturn(false);
-		assertThat(root.isAnonymous()).isFalse();
+		when(this.trustResolver.isAnonymous(this.user)).thenReturn(false);
+		assertThat(this.root.isAnonymous()).isFalse();
 	}
 
 	@Test
 	public void hasPermissionOnDomainObjectReturnsFalseIfPermissionEvaluatorDoes() {
 		final Object dummyDomainObject = new Object();
 		final PermissionEvaluator pe = mock(PermissionEvaluator.class);
-		ctx.setVariable("domainObject", dummyDomainObject);
-		root.setPermissionEvaluator(pe);
-		when(pe.hasPermission(user, dummyDomainObject, "ignored")).thenReturn(false);
+		this.ctx.setVariable("domainObject", dummyDomainObject);
+		this.root.setPermissionEvaluator(pe);
+		when(pe.hasPermission(this.user, dummyDomainObject, "ignored")).thenReturn(false);
 
-		assertThat(root.hasPermission(dummyDomainObject, "ignored")).isFalse();
+		assertThat(this.root.hasPermission(dummyDomainObject, "ignored")).isFalse();
 
 	}
 
@@ -95,31 +95,31 @@ public class MethodSecurityExpressionRootTests {
 	public void hasPermissionOnDomainObjectReturnsTrueIfPermissionEvaluatorDoes() {
 		final Object dummyDomainObject = new Object();
 		final PermissionEvaluator pe = mock(PermissionEvaluator.class);
-		ctx.setVariable("domainObject", dummyDomainObject);
-		root.setPermissionEvaluator(pe);
-		when(pe.hasPermission(user, dummyDomainObject, "ignored")).thenReturn(true);
+		this.ctx.setVariable("domainObject", dummyDomainObject);
+		this.root.setPermissionEvaluator(pe);
+		when(pe.hasPermission(this.user, dummyDomainObject, "ignored")).thenReturn(true);
 
-		assertThat(root.hasPermission(dummyDomainObject, "ignored")).isTrue();
+		assertThat(this.root.hasPermission(dummyDomainObject, "ignored")).isTrue();
 	}
 
 	@Test
 	public void hasPermissionOnDomainObjectWorksWithIntegerExpressions() {
 		final Object dummyDomainObject = new Object();
-		ctx.setVariable("domainObject", dummyDomainObject);
+		this.ctx.setVariable("domainObject", dummyDomainObject);
 		final PermissionEvaluator pe = mock(PermissionEvaluator.class);
-		root.setPermissionEvaluator(pe);
-		when(pe.hasPermission(eq(user), eq(dummyDomainObject), any(Integer.class))).thenReturn(true).thenReturn(true)
-				.thenReturn(false);
+		this.root.setPermissionEvaluator(pe);
+		when(pe.hasPermission(eq(this.user), eq(dummyDomainObject), any(Integer.class))).thenReturn(true)
+				.thenReturn(true).thenReturn(false);
 
-		Expression e = parser.parseExpression("hasPermission(#domainObject, 0xA)");
+		Expression e = this.parser.parseExpression("hasPermission(#domainObject, 0xA)");
 		// evaluator returns true
-		assertThat(ExpressionUtils.evaluateAsBoolean(e, ctx)).isTrue();
-		e = parser.parseExpression("hasPermission(#domainObject, 10)");
+		assertThat(ExpressionUtils.evaluateAsBoolean(e, this.ctx)).isTrue();
+		e = this.parser.parseExpression("hasPermission(#domainObject, 10)");
 		// evaluator returns true
-		assertThat(ExpressionUtils.evaluateAsBoolean(e, ctx)).isTrue();
-		e = parser.parseExpression("hasPermission(#domainObject, 0xFF)");
+		assertThat(ExpressionUtils.evaluateAsBoolean(e, this.ctx)).isTrue();
+		e = this.parser.parseExpression("hasPermission(#domainObject, 0xFF)");
 		// evaluator returns false, make sure return value matches
-		assertThat(ExpressionUtils.evaluateAsBoolean(e, ctx)).isFalse();
+		assertThat(ExpressionUtils.evaluateAsBoolean(e, this.ctx)).isFalse();
 	}
 
 	@Test
@@ -129,20 +129,20 @@ public class MethodSecurityExpressionRootTests {
 				return "x";
 			}
 		};
-		root.setThis(targetObject);
+		this.root.setThis(targetObject);
 		Integer i = 2;
 		PermissionEvaluator pe = mock(PermissionEvaluator.class);
-		root.setPermissionEvaluator(pe);
-		when(pe.hasPermission(user, targetObject, i)).thenReturn(true).thenReturn(false);
-		when(pe.hasPermission(user, "x", i)).thenReturn(true);
+		this.root.setPermissionEvaluator(pe);
+		when(pe.hasPermission(this.user, targetObject, i)).thenReturn(true).thenReturn(false);
+		when(pe.hasPermission(this.user, "x", i)).thenReturn(true);
 
-		Expression e = parser.parseExpression("hasPermission(this, 2)");
-		assertThat(ExpressionUtils.evaluateAsBoolean(e, ctx)).isTrue();
-		e = parser.parseExpression("hasPermission(this, 2)");
-		assertThat(ExpressionUtils.evaluateAsBoolean(e, ctx)).isFalse();
+		Expression e = this.parser.parseExpression("hasPermission(this, 2)");
+		assertThat(ExpressionUtils.evaluateAsBoolean(e, this.ctx)).isTrue();
+		e = this.parser.parseExpression("hasPermission(this, 2)");
+		assertThat(ExpressionUtils.evaluateAsBoolean(e, this.ctx)).isFalse();
 
-		e = parser.parseExpression("hasPermission(this.x, 2)");
-		assertThat(ExpressionUtils.evaluateAsBoolean(e, ctx)).isTrue();
+		e = this.parser.parseExpression("hasPermission(this.x, 2)");
+		assertThat(ExpressionUtils.evaluateAsBoolean(e, this.ctx)).isTrue();
 	}
 
 }
diff --git a/core/src/test/java/org/springframework/security/access/expression/method/PrePostAnnotationSecurityMetadataSourceTests.java b/core/src/test/java/org/springframework/security/access/expression/method/PrePostAnnotationSecurityMetadataSourceTests.java
index a1ea26bf53..2b6deae285 100644
--- a/core/src/test/java/org/springframework/security/access/expression/method/PrePostAnnotationSecurityMetadataSourceTests.java
+++ b/core/src/test/java/org/springframework/security/access/expression/method/PrePostAnnotationSecurityMetadataSourceTests.java
@@ -68,25 +68,25 @@ public class PrePostAnnotationSecurityMetadataSourceTests {
 
 	@Before
 	public void setUpData() throws Exception {
-		voidImpl1 = new MockMethodInvocation(new ReturnVoidImpl1(), ReturnVoid.class, "doSomething", List.class);
-		voidImpl2 = new MockMethodInvocation(new ReturnVoidImpl2(), ReturnVoid.class, "doSomething", List.class);
-		voidImpl3 = new MockMethodInvocation(new ReturnVoidImpl3(), ReturnVoid.class, "doSomething", List.class);
-		listImpl1 = new MockMethodInvocation(new ReturnAListImpl1(), ReturnAList.class, "doSomething", List.class);
-		notherListImpl1 = new MockMethodInvocation(new ReturnAnotherListImpl1(), ReturnAnotherList.class, "doSomething",
-				List.class);
-		notherListImpl2 = new MockMethodInvocation(new ReturnAnotherListImpl2(), ReturnAnotherList.class, "doSomething",
-				List.class);
-		annotatedAtClassLevel = new MockMethodInvocation(new CustomAnnotationAtClassLevel(), ReturnVoid.class,
+		this.voidImpl1 = new MockMethodInvocation(new ReturnVoidImpl1(), ReturnVoid.class, "doSomething", List.class);
+		this.voidImpl2 = new MockMethodInvocation(new ReturnVoidImpl2(), ReturnVoid.class, "doSomething", List.class);
+		this.voidImpl3 = new MockMethodInvocation(new ReturnVoidImpl3(), ReturnVoid.class, "doSomething", List.class);
+		this.listImpl1 = new MockMethodInvocation(new ReturnAListImpl1(), ReturnAList.class, "doSomething", List.class);
+		this.notherListImpl1 = new MockMethodInvocation(new ReturnAnotherListImpl1(), ReturnAnotherList.class,
 				"doSomething", List.class);
-		annotatedAtInterfaceLevel = new MockMethodInvocation(new CustomAnnotationAtInterfaceLevel(), ReturnVoid2.class,
+		this.notherListImpl2 = new MockMethodInvocation(new ReturnAnotherListImpl2(), ReturnAnotherList.class,
 				"doSomething", List.class);
-		annotatedAtMethodLevel = new MockMethodInvocation(new CustomAnnotationAtMethodLevel(), ReturnVoid.class,
+		this.annotatedAtClassLevel = new MockMethodInvocation(new CustomAnnotationAtClassLevel(), ReturnVoid.class,
+				"doSomething", List.class);
+		this.annotatedAtInterfaceLevel = new MockMethodInvocation(new CustomAnnotationAtInterfaceLevel(),
+				ReturnVoid2.class, "doSomething", List.class);
+		this.annotatedAtMethodLevel = new MockMethodInvocation(new CustomAnnotationAtMethodLevel(), ReturnVoid.class,
 				"doSomething", List.class);
 	}
 
 	@Test
 	public void classLevelPreAnnotationIsPickedUpWhenNoMethodLevelExists() {
-		ConfigAttribute[] attrs = mds.getAttributes(voidImpl1).toArray(new ConfigAttribute[0]);
+		ConfigAttribute[] attrs = this.mds.getAttributes(this.voidImpl1).toArray(new ConfigAttribute[0]);
 
 		assertThat(attrs).hasSize(1);
 		assertThat(attrs[0] instanceof PreInvocationExpressionAttribute).isTrue();
@@ -98,7 +98,7 @@ public class PrePostAnnotationSecurityMetadataSourceTests {
 
 	@Test
 	public void mixedClassAndMethodPreAnnotationsAreBothIncluded() {
-		ConfigAttribute[] attrs = mds.getAttributes(voidImpl2).toArray(new ConfigAttribute[0]);
+		ConfigAttribute[] attrs = this.mds.getAttributes(this.voidImpl2).toArray(new ConfigAttribute[0]);
 
 		assertThat(attrs).hasSize(1);
 		assertThat(attrs[0] instanceof PreInvocationExpressionAttribute).isTrue();
@@ -110,7 +110,7 @@ public class PrePostAnnotationSecurityMetadataSourceTests {
 
 	@Test
 	public void methodWithPreFilterOnlyIsAllowed() {
-		ConfigAttribute[] attrs = mds.getAttributes(voidImpl3).toArray(new ConfigAttribute[0]);
+		ConfigAttribute[] attrs = this.mds.getAttributes(this.voidImpl3).toArray(new ConfigAttribute[0]);
 
 		assertThat(attrs).hasSize(1);
 		assertThat(attrs[0] instanceof PreInvocationExpressionAttribute).isTrue();
@@ -122,7 +122,7 @@ public class PrePostAnnotationSecurityMetadataSourceTests {
 
 	@Test
 	public void methodWithPostFilterOnlyIsAllowed() {
-		ConfigAttribute[] attrs = mds.getAttributes(listImpl1).toArray(new ConfigAttribute[0]);
+		ConfigAttribute[] attrs = this.mds.getAttributes(this.listImpl1).toArray(new ConfigAttribute[0]);
 
 		assertThat(attrs).hasSize(2);
 		assertThat(attrs[0] instanceof PreInvocationExpressionAttribute).isTrue();
@@ -136,7 +136,7 @@ public class PrePostAnnotationSecurityMetadataSourceTests {
 
 	@Test
 	public void interfaceAttributesAreIncluded() {
-		ConfigAttribute[] attrs = mds.getAttributes(notherListImpl1).toArray(new ConfigAttribute[0]);
+		ConfigAttribute[] attrs = this.mds.getAttributes(this.notherListImpl1).toArray(new ConfigAttribute[0]);
 
 		assertThat(attrs).hasSize(1);
 		assertThat(attrs[0] instanceof PreInvocationExpressionAttribute).isTrue();
@@ -149,7 +149,7 @@ public class PrePostAnnotationSecurityMetadataSourceTests {
 
 	@Test
 	public void classAttributesTakesPrecedeceOverInterfaceAttributes() {
-		ConfigAttribute[] attrs = mds.getAttributes(notherListImpl2).toArray(new ConfigAttribute[0]);
+		ConfigAttribute[] attrs = this.mds.getAttributes(this.notherListImpl2).toArray(new ConfigAttribute[0]);
 
 		assertThat(attrs).hasSize(1);
 		assertThat(attrs[0] instanceof PreInvocationExpressionAttribute).isTrue();
@@ -162,21 +162,22 @@ public class PrePostAnnotationSecurityMetadataSourceTests {
 
 	@Test
 	public void customAnnotationAtClassLevelIsDetected() {
-		ConfigAttribute[] attrs = mds.getAttributes(annotatedAtClassLevel).toArray(new ConfigAttribute[0]);
+		ConfigAttribute[] attrs = this.mds.getAttributes(this.annotatedAtClassLevel).toArray(new ConfigAttribute[0]);
 
 		assertThat(attrs).hasSize(1);
 	}
 
 	@Test
 	public void customAnnotationAtInterfaceLevelIsDetected() {
-		ConfigAttribute[] attrs = mds.getAttributes(annotatedAtInterfaceLevel).toArray(new ConfigAttribute[0]);
+		ConfigAttribute[] attrs = this.mds.getAttributes(this.annotatedAtInterfaceLevel)
+				.toArray(new ConfigAttribute[0]);
 
 		assertThat(attrs).hasSize(1);
 	}
 
 	@Test
 	public void customAnnotationAtMethodLevelIsDetected() {
-		ConfigAttribute[] attrs = mds.getAttributes(annotatedAtMethodLevel).toArray(new ConfigAttribute[0]);
+		ConfigAttribute[] attrs = this.mds.getAttributes(this.annotatedAtMethodLevel).toArray(new ConfigAttribute[0]);
 
 		assertThat(attrs).hasSize(1);
 	}
@@ -184,7 +185,7 @@ public class PrePostAnnotationSecurityMetadataSourceTests {
 	@Test
 	public void proxyFactoryInterfaceAttributesFound() throws Exception {
 		MockMethodInvocation mi = MethodInvocationFactory.createSec2150MethodInvocation();
-		Collection<ConfigAttribute> attributes = mds.getAttributes(mi);
+		Collection<ConfigAttribute> attributes = this.mds.getAttributes(mi);
 		assertThat(attributes).hasSize(1);
 		Expression expression = (Expression) ReflectionTestUtils.getField(attributes.iterator().next(),
 				"authorizeExpression");
diff --git a/core/src/test/java/org/springframework/security/access/intercept/AbstractSecurityInterceptorTests.java b/core/src/test/java/org/springframework/security/access/intercept/AbstractSecurityInterceptorTests.java
index 15ba3a6911..0f97da499c 100644
--- a/core/src/test/java/org/springframework/security/access/intercept/AbstractSecurityInterceptorTests.java
+++ b/core/src/test/java/org/springframework/security/access/intercept/AbstractSecurityInterceptorTests.java
@@ -65,7 +65,7 @@ public class AbstractSecurityInterceptorTests {
 		}
 
 		public SecurityMetadataSource obtainSecurityMetadataSource() {
-			return securityMetadataSource;
+			return this.securityMetadataSource;
 		}
 
 		public void setSecurityMetadataSource(SecurityMetadataSource securityMetadataSource) {
@@ -83,7 +83,7 @@ public class AbstractSecurityInterceptorTests {
 		}
 
 		public SecurityMetadataSource obtainSecurityMetadataSource() {
-			return securityMetadataSource;
+			return this.securityMetadataSource;
 		}
 
 		public void setSecurityMetadataSource(SecurityMetadataSource securityMetadataSource) {
diff --git a/core/src/test/java/org/springframework/security/access/intercept/AfterInvocationProviderManagerTests.java b/core/src/test/java/org/springframework/security/access/intercept/AfterInvocationProviderManagerTests.java
index eb219a0907..95c72aee73 100644
--- a/core/src/test/java/org/springframework/security/access/intercept/AfterInvocationProviderManagerTests.java
+++ b/core/src/test/java/org/springframework/security/access/intercept/AfterInvocationProviderManagerTests.java
@@ -167,19 +167,19 @@ public class AfterInvocationProviderManagerTests {
 
 		public Object decide(Authentication authentication, Object object, Collection<ConfigAttribute> config,
 				Object returnedObject) throws AccessDeniedException {
-			if (config.contains(configAttribute)) {
-				return forceReturnObject;
+			if (config.contains(this.configAttribute)) {
+				return this.forceReturnObject;
 			}
 
 			return returnedObject;
 		}
 
 		public boolean supports(Class<?> clazz) {
-			return secureObject.isAssignableFrom(clazz);
+			return this.secureObject.isAssignableFrom(clazz);
 		}
 
 		public boolean supports(ConfigAttribute attribute) {
-			return attribute.equals(configAttribute);
+			return attribute.equals(this.configAttribute);
 		}
 
 	}
diff --git a/core/src/test/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptorTests.java b/core/src/test/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptorTests.java
index 556e6212cb..87293e45be 100644
--- a/core/src/test/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptorTests.java
+++ b/core/src/test/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptorTests.java
@@ -86,16 +86,16 @@ public class MethodSecurityInterceptorTests {
 	@Before
 	public final void setUp() {
 		SecurityContextHolder.clearContext();
-		token = new TestingAuthenticationToken("Test", "Password");
-		interceptor = new MethodSecurityInterceptor();
-		adm = mock(AccessDecisionManager.class);
-		authman = mock(AuthenticationManager.class);
-		mds = mock(MethodSecurityMetadataSource.class);
-		eventPublisher = mock(ApplicationEventPublisher.class);
-		interceptor.setAccessDecisionManager(adm);
-		interceptor.setAuthenticationManager(authman);
-		interceptor.setSecurityMetadataSource(mds);
-		interceptor.setApplicationEventPublisher(eventPublisher);
+		this.token = new TestingAuthenticationToken("Test", "Password");
+		this.interceptor = new MethodSecurityInterceptor();
+		this.adm = mock(AccessDecisionManager.class);
+		this.authman = mock(AuthenticationManager.class);
+		this.mds = mock(MethodSecurityMetadataSource.class);
+		this.eventPublisher = mock(ApplicationEventPublisher.class);
+		this.interceptor.setAccessDecisionManager(this.adm);
+		this.interceptor.setAuthenticationManager(this.authman);
+		this.interceptor.setSecurityMetadataSource(this.mds);
+		this.interceptor.setApplicationEventPublisher(this.eventPublisher);
 		createTarget(false);
 	}
 
@@ -105,119 +105,119 @@ public class MethodSecurityInterceptorTests {
 	}
 
 	private void createTarget(boolean useMock) {
-		realTarget = useMock ? mock(ITargetObject.class) : new TargetObject();
-		ProxyFactory pf = new ProxyFactory(realTarget);
-		pf.addAdvice(interceptor);
-		advisedTarget = (ITargetObject) pf.getProxy();
+		this.realTarget = useMock ? mock(ITargetObject.class) : new TargetObject();
+		ProxyFactory pf = new ProxyFactory(this.realTarget);
+		pf.addAdvice(this.interceptor);
+		this.advisedTarget = (ITargetObject) pf.getProxy();
 	}
 
 	@Test
 	public void gettersReturnExpectedData() {
 		RunAsManager runAs = mock(RunAsManager.class);
 		AfterInvocationManager aim = mock(AfterInvocationManager.class);
-		interceptor.setRunAsManager(runAs);
-		interceptor.setAfterInvocationManager(aim);
-		assertThat(interceptor.getAccessDecisionManager()).isEqualTo(adm);
-		assertThat(interceptor.getRunAsManager()).isEqualTo(runAs);
-		assertThat(interceptor.getAuthenticationManager()).isEqualTo(authman);
-		assertThat(interceptor.getSecurityMetadataSource()).isEqualTo(mds);
-		assertThat(interceptor.getAfterInvocationManager()).isEqualTo(aim);
+		this.interceptor.setRunAsManager(runAs);
+		this.interceptor.setAfterInvocationManager(aim);
+		assertThat(this.interceptor.getAccessDecisionManager()).isEqualTo(this.adm);
+		assertThat(this.interceptor.getRunAsManager()).isEqualTo(runAs);
+		assertThat(this.interceptor.getAuthenticationManager()).isEqualTo(this.authman);
+		assertThat(this.interceptor.getSecurityMetadataSource()).isEqualTo(this.mds);
+		assertThat(this.interceptor.getAfterInvocationManager()).isEqualTo(aim);
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void missingAccessDecisionManagerIsDetected() throws Exception {
-		interceptor.setAccessDecisionManager(null);
-		interceptor.afterPropertiesSet();
+		this.interceptor.setAccessDecisionManager(null);
+		this.interceptor.afterPropertiesSet();
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void missingAuthenticationManagerIsDetected() throws Exception {
-		interceptor.setAuthenticationManager(null);
-		interceptor.afterPropertiesSet();
+		this.interceptor.setAuthenticationManager(null);
+		this.interceptor.afterPropertiesSet();
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void missingMethodSecurityMetadataSourceIsRejected() throws Exception {
-		interceptor.setSecurityMetadataSource(null);
-		interceptor.afterPropertiesSet();
+		this.interceptor.setSecurityMetadataSource(null);
+		this.interceptor.afterPropertiesSet();
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void missingRunAsManagerIsRejected() throws Exception {
-		interceptor.setRunAsManager(null);
-		interceptor.afterPropertiesSet();
+		this.interceptor.setRunAsManager(null);
+		this.interceptor.afterPropertiesSet();
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void initializationRejectsSecurityMetadataSourceThatDoesNotSupportMethodInvocation() throws Throwable {
-		when(mds.supports(MethodInvocation.class)).thenReturn(false);
-		interceptor.afterPropertiesSet();
+		when(this.mds.supports(MethodInvocation.class)).thenReturn(false);
+		this.interceptor.afterPropertiesSet();
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void initializationRejectsAccessDecisionManagerThatDoesNotSupportMethodInvocation() throws Exception {
-		when(mds.supports(MethodInvocation.class)).thenReturn(true);
-		when(adm.supports(MethodInvocation.class)).thenReturn(false);
-		interceptor.afterPropertiesSet();
+		when(this.mds.supports(MethodInvocation.class)).thenReturn(true);
+		when(this.adm.supports(MethodInvocation.class)).thenReturn(false);
+		this.interceptor.afterPropertiesSet();
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void intitalizationRejectsRunAsManagerThatDoesNotSupportMethodInvocation() throws Exception {
 		final RunAsManager ram = mock(RunAsManager.class);
 		when(ram.supports(MethodInvocation.class)).thenReturn(false);
-		interceptor.setRunAsManager(ram);
-		interceptor.afterPropertiesSet();
+		this.interceptor.setRunAsManager(ram);
+		this.interceptor.afterPropertiesSet();
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void intitalizationRejectsAfterInvocationManagerThatDoesNotSupportMethodInvocation() throws Exception {
 		final AfterInvocationManager aim = mock(AfterInvocationManager.class);
 		when(aim.supports(MethodInvocation.class)).thenReturn(false);
-		interceptor.setAfterInvocationManager(aim);
-		interceptor.afterPropertiesSet();
+		this.interceptor.setAfterInvocationManager(aim);
+		this.interceptor.afterPropertiesSet();
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void initializationFailsIfAccessDecisionManagerRejectsConfigAttributes() throws Exception {
-		when(adm.supports(any(ConfigAttribute.class))).thenReturn(false);
-		interceptor.afterPropertiesSet();
+		when(this.adm.supports(any(ConfigAttribute.class))).thenReturn(false);
+		this.interceptor.afterPropertiesSet();
 	}
 
 	@Test
 	public void validationNotAttemptedIfIsValidateConfigAttributesSetToFalse() throws Exception {
-		when(adm.supports(MethodInvocation.class)).thenReturn(true);
-		when(mds.supports(MethodInvocation.class)).thenReturn(true);
-		interceptor.setValidateConfigAttributes(false);
-		interceptor.afterPropertiesSet();
-		verify(mds, never()).getAllConfigAttributes();
-		verify(adm, never()).supports(any(ConfigAttribute.class));
+		when(this.adm.supports(MethodInvocation.class)).thenReturn(true);
+		when(this.mds.supports(MethodInvocation.class)).thenReturn(true);
+		this.interceptor.setValidateConfigAttributes(false);
+		this.interceptor.afterPropertiesSet();
+		verify(this.mds, never()).getAllConfigAttributes();
+		verify(this.adm, never()).supports(any(ConfigAttribute.class));
 	}
 
 	@Test
 	public void validationNotAttemptedIfMethodSecurityMetadataSourceReturnsNullForAttributes() throws Exception {
-		when(adm.supports(MethodInvocation.class)).thenReturn(true);
-		when(mds.supports(MethodInvocation.class)).thenReturn(true);
-		when(mds.getAllConfigAttributes()).thenReturn(null);
+		when(this.adm.supports(MethodInvocation.class)).thenReturn(true);
+		when(this.mds.supports(MethodInvocation.class)).thenReturn(true);
+		when(this.mds.getAllConfigAttributes()).thenReturn(null);
 
-		interceptor.setValidateConfigAttributes(true);
-		interceptor.afterPropertiesSet();
-		verify(adm, never()).supports(any(ConfigAttribute.class));
+		this.interceptor.setValidateConfigAttributes(true);
+		this.interceptor.afterPropertiesSet();
+		verify(this.adm, never()).supports(any(ConfigAttribute.class));
 	}
 
 	@Test
 	public void callingAPublicMethodFacadeWillNotRepeatSecurityChecksWhenPassedToTheSecuredMethodItFronts() {
 		mdsReturnsNull();
-		String result = advisedTarget.publicMakeLowerCase("HELLO");
+		String result = this.advisedTarget.publicMakeLowerCase("HELLO");
 		assertThat(result).isEqualTo("hello Authentication empty");
 	}
 
 	@Test
 	public void callingAPublicMethodWhenPresentingAnAuthenticationObjectDoesntChangeItsAuthenticatedProperty() {
 		mdsReturnsNull();
-		SecurityContextHolder.getContext().setAuthentication(token);
-		assertThat(advisedTarget.publicMakeLowerCase("HELLO"))
+		SecurityContextHolder.getContext().setAuthentication(this.token);
+		assertThat(this.advisedTarget.publicMakeLowerCase("HELLO"))
 				.isEqualTo("hello org.springframework.security.authentication.TestingAuthenticationToken false");
-		assertThat(!token.isAuthenticated()).isTrue();
+		assertThat(!this.token.isAuthenticated()).isTrue();
 	}
 
 	@Test(expected = AuthenticationException.class)
@@ -226,87 +226,87 @@ public class MethodSecurityInterceptorTests {
 		SecurityContextHolder.getContext().setAuthentication(token);
 
 		mdsReturnsUserRole();
-		when(authman.authenticate(token)).thenThrow(new BadCredentialsException("rejected"));
+		when(this.authman.authenticate(token)).thenThrow(new BadCredentialsException("rejected"));
 
-		advisedTarget.makeLowerCase("HELLO");
+		this.advisedTarget.makeLowerCase("HELLO");
 	}
 
 	@Test
 	public void callSucceedsIfAccessDecisionManagerGrantsAccess() {
-		token.setAuthenticated(true);
-		interceptor.setPublishAuthorizationSuccess(true);
-		SecurityContextHolder.getContext().setAuthentication(token);
+		this.token.setAuthenticated(true);
+		this.interceptor.setPublishAuthorizationSuccess(true);
+		SecurityContextHolder.getContext().setAuthentication(this.token);
 		mdsReturnsUserRole();
 
-		String result = advisedTarget.makeLowerCase("HELLO");
+		String result = this.advisedTarget.makeLowerCase("HELLO");
 
 		// Note we check the isAuthenticated remained true in following line
 		assertThat(result)
 				.isEqualTo("hello org.springframework.security.authentication.TestingAuthenticationToken true");
-		verify(eventPublisher).publishEvent(any(AuthorizedEvent.class));
+		verify(this.eventPublisher).publishEvent(any(AuthorizedEvent.class));
 	}
 
 	@Test
 	public void callIsntMadeWhenAccessDecisionManagerRejectsAccess() {
-		SecurityContextHolder.getContext().setAuthentication(token);
+		SecurityContextHolder.getContext().setAuthentication(this.token);
 		// Use mocked target to make sure invocation doesn't happen (not in expectations
 		// so test would fail)
 		createTarget(true);
 		mdsReturnsUserRole();
-		when(authman.authenticate(token)).thenReturn(token);
-		doThrow(new AccessDeniedException("rejected")).when(adm).decide(any(Authentication.class),
+		when(this.authman.authenticate(this.token)).thenReturn(this.token);
+		doThrow(new AccessDeniedException("rejected")).when(this.adm).decide(any(Authentication.class),
 				any(MethodInvocation.class), any(List.class));
 
 		try {
-			advisedTarget.makeUpperCase("HELLO");
+			this.advisedTarget.makeUpperCase("HELLO");
 			fail("Expected Exception");
 		}
 		catch (AccessDeniedException expected) {
 		}
-		verify(eventPublisher).publishEvent(any(AuthorizationFailureEvent.class));
+		verify(this.eventPublisher).publishEvent(any(AuthorizationFailureEvent.class));
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void rejectsNullSecuredObjects() throws Throwable {
-		interceptor.invoke(null);
+		this.interceptor.invoke(null);
 	}
 
 	@Test
 	public void runAsReplacementIsCorrectlySet() {
 		SecurityContext ctx = SecurityContextHolder.getContext();
-		ctx.setAuthentication(token);
-		token.setAuthenticated(true);
+		ctx.setAuthentication(this.token);
+		this.token.setAuthenticated(true);
 		final RunAsManager runAs = mock(RunAsManager.class);
-		final RunAsUserToken runAsToken = new RunAsUserToken("key", "someone", "creds", token.getAuthorities(),
+		final RunAsUserToken runAsToken = new RunAsUserToken("key", "someone", "creds", this.token.getAuthorities(),
 				TestingAuthenticationToken.class);
-		interceptor.setRunAsManager(runAs);
+		this.interceptor.setRunAsManager(runAs);
 		mdsReturnsUserRole();
-		when(runAs.buildRunAs(eq(token), any(MethodInvocation.class), any(List.class))).thenReturn(runAsToken);
+		when(runAs.buildRunAs(eq(this.token), any(MethodInvocation.class), any(List.class))).thenReturn(runAsToken);
 
-		String result = advisedTarget.makeUpperCase("hello");
+		String result = this.advisedTarget.makeUpperCase("hello");
 		assertThat(result).isEqualTo("HELLO org.springframework.security.access.intercept.RunAsUserToken true");
 		// Check we've changed back
 		assertThat(SecurityContextHolder.getContext()).isSameAs(ctx);
-		assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(token);
+		assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(this.token);
 	}
 
 	// SEC-1967
 	@Test
 	public void runAsReplacementCleansAfterException() {
 		createTarget(true);
-		when(realTarget.makeUpperCase(anyString())).thenThrow(new RuntimeException());
+		when(this.realTarget.makeUpperCase(anyString())).thenThrow(new RuntimeException());
 		SecurityContext ctx = SecurityContextHolder.getContext();
-		ctx.setAuthentication(token);
-		token.setAuthenticated(true);
+		ctx.setAuthentication(this.token);
+		this.token.setAuthenticated(true);
 		final RunAsManager runAs = mock(RunAsManager.class);
-		final RunAsUserToken runAsToken = new RunAsUserToken("key", "someone", "creds", token.getAuthorities(),
+		final RunAsUserToken runAsToken = new RunAsUserToken("key", "someone", "creds", this.token.getAuthorities(),
 				TestingAuthenticationToken.class);
-		interceptor.setRunAsManager(runAs);
+		this.interceptor.setRunAsManager(runAs);
 		mdsReturnsUserRole();
-		when(runAs.buildRunAs(eq(token), any(MethodInvocation.class), any(List.class))).thenReturn(runAsToken);
+		when(runAs.buildRunAs(eq(this.token), any(MethodInvocation.class), any(List.class))).thenReturn(runAsToken);
 
 		try {
-			advisedTarget.makeUpperCase("hello");
+			this.advisedTarget.makeUpperCase("hello");
 			fail("Expected Exception");
 		}
 		catch (RuntimeException success) {
@@ -314,29 +314,29 @@ public class MethodSecurityInterceptorTests {
 
 		// Check we've changed back
 		assertThat(SecurityContextHolder.getContext()).isSameAs(ctx);
-		assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(token);
+		assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(this.token);
 	}
 
 	@Test(expected = AuthenticationCredentialsNotFoundException.class)
 	public void emptySecurityContextIsRejected() {
 		mdsReturnsUserRole();
-		advisedTarget.makeUpperCase("hello");
+		this.advisedTarget.makeUpperCase("hello");
 	}
 
 	@Test
 	public void afterInvocationManagerIsNotInvokedIfExceptionIsRaised() throws Throwable {
 		MethodInvocation mi = mock(MethodInvocation.class);
-		token.setAuthenticated(true);
-		SecurityContextHolder.getContext().setAuthentication(token);
+		this.token.setAuthenticated(true);
+		SecurityContextHolder.getContext().setAuthentication(this.token);
 		mdsReturnsUserRole();
 
 		AfterInvocationManager aim = mock(AfterInvocationManager.class);
-		interceptor.setAfterInvocationManager(aim);
+		this.interceptor.setAfterInvocationManager(aim);
 
 		when(mi.proceed()).thenThrow(new Throwable());
 
 		try {
-			interceptor.invoke(mi);
+			this.interceptor.invoke(mi);
 			fail("Expected exception");
 		}
 		catch (Throwable expected) {
@@ -346,11 +346,11 @@ public class MethodSecurityInterceptorTests {
 	}
 
 	void mdsReturnsNull() {
-		when(mds.getAttributes(any(MethodInvocation.class))).thenReturn(null);
+		when(this.mds.getAttributes(any(MethodInvocation.class))).thenReturn(null);
 	}
 
 	void mdsReturnsUserRole() {
-		when(mds.getAttributes(any(MethodInvocation.class))).thenReturn(SecurityConfig.createList("ROLE_USER"));
+		when(this.mds.getAttributes(any(MethodInvocation.class))).thenReturn(SecurityConfig.createList("ROLE_USER"));
 	}
 
 }
diff --git a/core/src/test/java/org/springframework/security/access/intercept/aspectj/AspectJMethodSecurityInterceptorTests.java b/core/src/test/java/org/springframework/security/access/intercept/aspectj/AspectJMethodSecurityInterceptorTests.java
index ec0135c570..7eb19045b9 100644
--- a/core/src/test/java/org/springframework/security/access/intercept/aspectj/AspectJMethodSecurityInterceptorTests.java
+++ b/core/src/test/java/org/springframework/security/access/intercept/aspectj/AspectJMethodSecurityInterceptorTests.java
@@ -82,26 +82,26 @@ public class AspectJMethodSecurityInterceptorTests {
 	public final void setUp() {
 		MockitoAnnotations.initMocks(this);
 		SecurityContextHolder.clearContext();
-		token = new TestingAuthenticationToken("Test", "Password");
-		interceptor = new AspectJMethodSecurityInterceptor();
-		interceptor.setAccessDecisionManager(adm);
-		interceptor.setAuthenticationManager(authman);
-		interceptor.setSecurityMetadataSource(mds);
+		this.token = new TestingAuthenticationToken("Test", "Password");
+		this.interceptor = new AspectJMethodSecurityInterceptor();
+		this.interceptor.setAccessDecisionManager(this.adm);
+		this.interceptor.setAuthenticationManager(this.authman);
+		this.interceptor.setSecurityMetadataSource(this.mds);
 		// Set up joinpoint information for the countLength method on TargetObject
-		joinPoint = mock(ProceedingJoinPoint.class); // new MockJoinPoint(new
-														// TargetObject(), method);
+		this.joinPoint = mock(ProceedingJoinPoint.class); // new MockJoinPoint(new
+															// TargetObject(), method);
 		Signature sig = mock(Signature.class);
 		when(sig.getDeclaringType()).thenReturn(TargetObject.class);
 		JoinPoint.StaticPart staticPart = mock(JoinPoint.StaticPart.class);
-		when(joinPoint.getSignature()).thenReturn(sig);
-		when(joinPoint.getStaticPart()).thenReturn(staticPart);
+		when(this.joinPoint.getSignature()).thenReturn(sig);
+		when(this.joinPoint.getStaticPart()).thenReturn(staticPart);
 		CodeSignature codeSig = mock(CodeSignature.class);
 		when(codeSig.getName()).thenReturn("countLength");
 		when(codeSig.getDeclaringType()).thenReturn(TargetObject.class);
 		when(codeSig.getParameterTypes()).thenReturn(new Class[] { String.class });
 		when(staticPart.getSignature()).thenReturn(codeSig);
-		when(mds.getAttributes(any())).thenReturn(SecurityConfig.createList("ROLE_USER"));
-		when(authman.authenticate(token)).thenReturn(token);
+		when(this.mds.getAttributes(any())).thenReturn(SecurityConfig.createList("ROLE_USER"));
+		when(this.authman.authenticate(this.token)).thenReturn(this.token);
 	}
 
 	@After
@@ -111,27 +111,27 @@ public class AspectJMethodSecurityInterceptorTests {
 
 	@Test
 	public void callbackIsInvokedWhenPermissionGranted() throws Throwable {
-		SecurityContextHolder.getContext().setAuthentication(token);
-		interceptor.invoke(joinPoint, aspectJCallback);
-		verify(aspectJCallback).proceedWithObject();
+		SecurityContextHolder.getContext().setAuthentication(this.token);
+		this.interceptor.invoke(this.joinPoint, this.aspectJCallback);
+		verify(this.aspectJCallback).proceedWithObject();
 
 		// Just try the other method too
-		interceptor.invoke(joinPoint);
+		this.interceptor.invoke(this.joinPoint);
 	}
 
 	@SuppressWarnings("unchecked")
 	@Test
 	public void callbackIsNotInvokedWhenPermissionDenied() {
-		doThrow(new AccessDeniedException("denied")).when(adm).decide(any(), any(), any());
+		doThrow(new AccessDeniedException("denied")).when(this.adm).decide(any(), any(), any());
 
-		SecurityContextHolder.getContext().setAuthentication(token);
+		SecurityContextHolder.getContext().setAuthentication(this.token);
 		try {
-			interceptor.invoke(joinPoint, aspectJCallback);
+			this.interceptor.invoke(this.joinPoint, this.aspectJCallback);
 			fail("Expected AccessDeniedException");
 		}
 		catch (AccessDeniedException expected) {
 		}
-		verify(aspectJCallback, never()).proceedWithObject();
+		verify(this.aspectJCallback, never()).proceedWithObject();
 	}
 
 	@Test
@@ -139,9 +139,9 @@ public class AspectJMethodSecurityInterceptorTests {
 		TargetObject to = new TargetObject();
 		Method m = ClassUtils.getMethodIfAvailable(TargetObject.class, "countLength", new Class[] { String.class });
 
-		when(joinPoint.getTarget()).thenReturn(to);
-		when(joinPoint.getArgs()).thenReturn(new Object[] { "Hi" });
-		MethodInvocationAdapter mia = new MethodInvocationAdapter(joinPoint);
+		when(this.joinPoint.getTarget()).thenReturn(to);
+		when(this.joinPoint.getArgs()).thenReturn(new Object[] { "Hi" });
+		MethodInvocationAdapter mia = new MethodInvocationAdapter(this.joinPoint);
 		assertThat(mia.getArguments()[0]).isEqualTo("Hi");
 		assertThat(mia.getStaticPart()).isEqualTo(m);
 		assertThat(mia.getMethod()).isEqualTo(m);
@@ -150,16 +150,16 @@ public class AspectJMethodSecurityInterceptorTests {
 
 	@Test
 	public void afterInvocationManagerIsNotInvokedIfExceptionIsRaised() {
-		token.setAuthenticated(true);
-		SecurityContextHolder.getContext().setAuthentication(token);
+		this.token.setAuthenticated(true);
+		SecurityContextHolder.getContext().setAuthentication(this.token);
 
 		AfterInvocationManager aim = mock(AfterInvocationManager.class);
-		interceptor.setAfterInvocationManager(aim);
+		this.interceptor.setAfterInvocationManager(aim);
 
-		when(aspectJCallback.proceedWithObject()).thenThrow(new RuntimeException());
+		when(this.aspectJCallback.proceedWithObject()).thenThrow(new RuntimeException());
 
 		try {
-			interceptor.invoke(joinPoint, aspectJCallback);
+			this.interceptor.invoke(this.joinPoint, this.aspectJCallback);
 			fail("Expected exception");
 		}
 		catch (RuntimeException expected) {
@@ -173,17 +173,17 @@ public class AspectJMethodSecurityInterceptorTests {
 	@SuppressWarnings("unchecked")
 	public void invokeWithAspectJCallbackRunAsReplacementCleansAfterException() {
 		SecurityContext ctx = SecurityContextHolder.getContext();
-		ctx.setAuthentication(token);
-		token.setAuthenticated(true);
+		ctx.setAuthentication(this.token);
+		this.token.setAuthenticated(true);
 		final RunAsManager runAs = mock(RunAsManager.class);
-		final RunAsUserToken runAsToken = new RunAsUserToken("key", "someone", "creds", token.getAuthorities(),
+		final RunAsUserToken runAsToken = new RunAsUserToken("key", "someone", "creds", this.token.getAuthorities(),
 				TestingAuthenticationToken.class);
-		interceptor.setRunAsManager(runAs);
-		when(runAs.buildRunAs(eq(token), any(MethodInvocation.class), any(List.class))).thenReturn(runAsToken);
-		when(aspectJCallback.proceedWithObject()).thenThrow(new RuntimeException());
+		this.interceptor.setRunAsManager(runAs);
+		when(runAs.buildRunAs(eq(this.token), any(MethodInvocation.class), any(List.class))).thenReturn(runAsToken);
+		when(this.aspectJCallback.proceedWithObject()).thenThrow(new RuntimeException());
 
 		try {
-			interceptor.invoke(joinPoint, aspectJCallback);
+			this.interceptor.invoke(this.joinPoint, this.aspectJCallback);
 			fail("Expected Exception");
 		}
 		catch (RuntimeException success) {
@@ -191,7 +191,7 @@ public class AspectJMethodSecurityInterceptorTests {
 
 		// Check we've changed back
 		assertThat(SecurityContextHolder.getContext()).isSameAs(ctx);
-		assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(token);
+		assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(this.token);
 	}
 
 	// SEC-1967
@@ -199,17 +199,17 @@ public class AspectJMethodSecurityInterceptorTests {
 	@SuppressWarnings("unchecked")
 	public void invokeRunAsReplacementCleansAfterException() throws Throwable {
 		SecurityContext ctx = SecurityContextHolder.getContext();
-		ctx.setAuthentication(token);
-		token.setAuthenticated(true);
+		ctx.setAuthentication(this.token);
+		this.token.setAuthenticated(true);
 		final RunAsManager runAs = mock(RunAsManager.class);
-		final RunAsUserToken runAsToken = new RunAsUserToken("key", "someone", "creds", token.getAuthorities(),
+		final RunAsUserToken runAsToken = new RunAsUserToken("key", "someone", "creds", this.token.getAuthorities(),
 				TestingAuthenticationToken.class);
-		interceptor.setRunAsManager(runAs);
-		when(runAs.buildRunAs(eq(token), any(MethodInvocation.class), any(List.class))).thenReturn(runAsToken);
-		when(joinPoint.proceed()).thenThrow(new RuntimeException());
+		this.interceptor.setRunAsManager(runAs);
+		when(runAs.buildRunAs(eq(this.token), any(MethodInvocation.class), any(List.class))).thenReturn(runAsToken);
+		when(this.joinPoint.proceed()).thenThrow(new RuntimeException());
 
 		try {
-			interceptor.invoke(joinPoint);
+			this.interceptor.invoke(this.joinPoint);
 			fail("Expected Exception");
 		}
 		catch (RuntimeException success) {
@@ -217,7 +217,7 @@ public class AspectJMethodSecurityInterceptorTests {
 
 		// Check we've changed back
 		assertThat(SecurityContextHolder.getContext()).isSameAs(ctx);
-		assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(token);
+		assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(this.token);
 	}
 
 }
diff --git a/core/src/test/java/org/springframework/security/access/intercept/method/MapBasedMethodSecurityMetadataSourceTests.java b/core/src/test/java/org/springframework/security/access/intercept/method/MapBasedMethodSecurityMetadataSourceTests.java
index 2ba54a6dd7..cc977f4176 100644
--- a/core/src/test/java/org/springframework/security/access/intercept/method/MapBasedMethodSecurityMetadataSourceTests.java
+++ b/core/src/test/java/org/springframework/security/access/intercept/method/MapBasedMethodSecurityMetadataSourceTests.java
@@ -47,25 +47,25 @@ public class MapBasedMethodSecurityMetadataSourceTests {
 
 	@Before
 	public void initialize() throws Exception {
-		mds = new MapBasedMethodSecurityMetadataSource();
-		someMethodString = MockService.class.getMethod("someMethod", String.class);
-		someMethodInteger = MockService.class.getMethod("someMethod", Integer.class);
+		this.mds = new MapBasedMethodSecurityMetadataSource();
+		this.someMethodString = MockService.class.getMethod("someMethod", String.class);
+		this.someMethodInteger = MockService.class.getMethod("someMethod", Integer.class);
 	}
 
 	@Test
 	public void wildcardedMatchIsOverwrittenByMoreSpecificMatch() {
-		mds.addSecureMethod(MockService.class, "some*", ROLE_A);
-		mds.addSecureMethod(MockService.class, "someMethod*", ROLE_B);
-		assertThat(mds.getAttributes(someMethodInteger, MockService.class)).isEqualTo(ROLE_B);
+		this.mds.addSecureMethod(MockService.class, "some*", this.ROLE_A);
+		this.mds.addSecureMethod(MockService.class, "someMethod*", this.ROLE_B);
+		assertThat(this.mds.getAttributes(this.someMethodInteger, MockService.class)).isEqualTo(this.ROLE_B);
 	}
 
 	@Test
 	public void methodsWithDifferentArgumentsAreMatchedCorrectly() {
-		mds.addSecureMethod(MockService.class, someMethodInteger, ROLE_A);
-		mds.addSecureMethod(MockService.class, someMethodString, ROLE_B);
+		this.mds.addSecureMethod(MockService.class, this.someMethodInteger, this.ROLE_A);
+		this.mds.addSecureMethod(MockService.class, this.someMethodString, this.ROLE_B);
 
-		assertThat(mds.getAttributes(someMethodInteger, MockService.class)).isEqualTo(ROLE_A);
-		assertThat(mds.getAttributes(someMethodString, MockService.class)).isEqualTo(ROLE_B);
+		assertThat(this.mds.getAttributes(this.someMethodInteger, MockService.class)).isEqualTo(this.ROLE_A);
+		assertThat(this.mds.getAttributes(this.someMethodString, MockService.class)).isEqualTo(this.ROLE_B);
 	}
 
 	@SuppressWarnings("unused")
diff --git a/core/src/test/java/org/springframework/security/access/intercept/method/MethodInvocationPrivilegeEvaluatorTests.java b/core/src/test/java/org/springframework/security/access/intercept/method/MethodInvocationPrivilegeEvaluatorTests.java
index 999d8dd7f2..b98b4c3487 100644
--- a/core/src/test/java/org/springframework/security/access/intercept/method/MethodInvocationPrivilegeEvaluatorTests.java
+++ b/core/src/test/java/org/springframework/security/access/intercept/method/MethodInvocationPrivilegeEvaluatorTests.java
@@ -64,14 +64,14 @@ public class MethodInvocationPrivilegeEvaluatorTests {
 	@Before
 	public final void setUp() {
 		SecurityContextHolder.clearContext();
-		interceptor = new MethodSecurityInterceptor();
-		token = new TestingAuthenticationToken("Test", "Password", "ROLE_SOMETHING");
-		adm = mock(AccessDecisionManager.class);
+		this.interceptor = new MethodSecurityInterceptor();
+		this.token = new TestingAuthenticationToken("Test", "Password", "ROLE_SOMETHING");
+		this.adm = mock(AccessDecisionManager.class);
 		AuthenticationManager authman = mock(AuthenticationManager.class);
-		mds = mock(MethodSecurityMetadataSource.class);
-		interceptor.setAccessDecisionManager(adm);
-		interceptor.setAuthenticationManager(authman);
-		interceptor.setSecurityMetadataSource(mds);
+		this.mds = mock(MethodSecurityMetadataSource.class);
+		this.interceptor.setAccessDecisionManager(this.adm);
+		this.interceptor.setAuthenticationManager(authman);
+		this.interceptor.setSecurityMetadataSource(this.mds);
 	}
 
 	@Test
@@ -80,12 +80,12 @@ public class MethodInvocationPrivilegeEvaluatorTests {
 		final MethodInvocation mi = MethodInvocationUtils.create(object, "makeLowerCase", "foobar");
 
 		MethodInvocationPrivilegeEvaluator mipe = new MethodInvocationPrivilegeEvaluator();
-		when(mds.getAttributes(mi)).thenReturn(role);
+		when(this.mds.getAttributes(mi)).thenReturn(this.role);
 
-		mipe.setSecurityInterceptor(interceptor);
+		mipe.setSecurityInterceptor(this.interceptor);
 		mipe.afterPropertiesSet();
 
-		assertThat(mipe.isAllowed(mi, token)).isTrue();
+		assertThat(mipe.isAllowed(mi, this.token)).isTrue();
 	}
 
 	@Test
@@ -93,10 +93,10 @@ public class MethodInvocationPrivilegeEvaluatorTests {
 		final MethodInvocation mi = MethodInvocationUtils.createFromClass(new OtherTargetObject(), ITargetObject.class,
 				"makeLowerCase", new Class[] { String.class }, new Object[] { "Hello world" });
 		MethodInvocationPrivilegeEvaluator mipe = new MethodInvocationPrivilegeEvaluator();
-		mipe.setSecurityInterceptor(interceptor);
-		when(mds.getAttributes(mi)).thenReturn(role);
+		mipe.setSecurityInterceptor(this.interceptor);
+		when(this.mds.getAttributes(mi)).thenReturn(this.role);
 
-		assertThat(mipe.isAllowed(mi, token)).isTrue();
+		assertThat(mipe.isAllowed(mi, this.token)).isTrue();
 	}
 
 	@Test
@@ -104,11 +104,11 @@ public class MethodInvocationPrivilegeEvaluatorTests {
 		Object object = new TargetObject();
 		final MethodInvocation mi = MethodInvocationUtils.create(object, "makeLowerCase", "foobar");
 		MethodInvocationPrivilegeEvaluator mipe = new MethodInvocationPrivilegeEvaluator();
-		mipe.setSecurityInterceptor(interceptor);
-		when(mds.getAttributes(mi)).thenReturn(role);
-		doThrow(new AccessDeniedException("rejected")).when(adm).decide(token, mi, role);
+		mipe.setSecurityInterceptor(this.interceptor);
+		when(this.mds.getAttributes(mi)).thenReturn(this.role);
+		doThrow(new AccessDeniedException("rejected")).when(this.adm).decide(this.token, mi, this.role);
 
-		assertThat(mipe.isAllowed(mi, token)).isFalse();
+		assertThat(mipe.isAllowed(mi, this.token)).isFalse();
 	}
 
 	@Test
@@ -117,11 +117,11 @@ public class MethodInvocationPrivilegeEvaluatorTests {
 				"makeLowerCase", new Class[] { String.class }, new Object[] { "helloWorld" });
 
 		MethodInvocationPrivilegeEvaluator mipe = new MethodInvocationPrivilegeEvaluator();
-		mipe.setSecurityInterceptor(interceptor);
-		when(mds.getAttributes(mi)).thenReturn(role);
-		doThrow(new AccessDeniedException("rejected")).when(adm).decide(token, mi, role);
+		mipe.setSecurityInterceptor(this.interceptor);
+		when(this.mds.getAttributes(mi)).thenReturn(this.role);
+		doThrow(new AccessDeniedException("rejected")).when(this.adm).decide(this.token, mi, this.role);
 
-		assertThat(mipe.isAllowed(mi, token)).isFalse();
+		assertThat(mipe.isAllowed(mi, this.token)).isFalse();
 	}
 
 }
diff --git a/core/src/test/java/org/springframework/security/access/intercept/method/MockMethodInvocation.java b/core/src/test/java/org/springframework/security/access/intercept/method/MockMethodInvocation.java
index b070aec736..75b6009ba3 100644
--- a/core/src/test/java/org/springframework/security/access/intercept/method/MockMethodInvocation.java
+++ b/core/src/test/java/org/springframework/security/access/intercept/method/MockMethodInvocation.java
@@ -42,11 +42,11 @@ public class MockMethodInvocation implements MethodInvocation {
 	}
 
 	public Object[] getArguments() {
-		return arguments;
+		return this.arguments;
 	}
 
 	public Method getMethod() {
-		return method;
+		return this.method;
 	}
 
 	public AccessibleObject getStaticPart() {
@@ -54,7 +54,7 @@ public class MockMethodInvocation implements MethodInvocation {
 	}
 
 	public Object getThis() {
-		return targetObject;
+		return this.targetObject;
 	}
 
 	public Object proceed() {
diff --git a/core/src/test/java/org/springframework/security/access/method/DelegatingMethodSecurityMetadataSourceTests.java b/core/src/test/java/org/springframework/security/access/method/DelegatingMethodSecurityMetadataSourceTests.java
index c9ea88654d..9cb4449776 100644
--- a/core/src/test/java/org/springframework/security/access/method/DelegatingMethodSecurityMetadataSourceTests.java
+++ b/core/src/test/java/org/springframework/security/access/method/DelegatingMethodSecurityMetadataSourceTests.java
@@ -47,13 +47,13 @@ public class DelegatingMethodSecurityMetadataSourceTests {
 		when(delegate.getAttributes(ArgumentMatchers.<Method>any(), ArgumentMatchers.any(Class.class)))
 				.thenReturn(null);
 		sources.add(delegate);
-		mds = new DelegatingMethodSecurityMetadataSource(sources);
-		assertThat(mds.getMethodSecurityMetadataSources()).isSameAs(sources);
-		assertThat(mds.getAllConfigAttributes().isEmpty()).isTrue();
+		this.mds = new DelegatingMethodSecurityMetadataSource(sources);
+		assertThat(this.mds.getMethodSecurityMetadataSources()).isSameAs(sources);
+		assertThat(this.mds.getAllConfigAttributes().isEmpty()).isTrue();
 		MethodInvocation mi = new SimpleMethodInvocation(null, String.class.getMethod("toString"));
-		assertThat(mds.getAttributes(mi)).isEqualTo(Collections.emptyList());
+		assertThat(this.mds.getAttributes(mi)).isEqualTo(Collections.emptyList());
 		// Exercise the cached case
-		assertThat(mds.getAttributes(mi)).isEqualTo(Collections.emptyList());
+		assertThat(this.mds.getAttributes(mi)).isEqualTo(Collections.emptyList());
 	}
 
 	@Test
@@ -65,14 +65,15 @@ public class DelegatingMethodSecurityMetadataSourceTests {
 		Method toString = String.class.getMethod("toString");
 		when(delegate.getAttributes(toString, String.class)).thenReturn(attributes);
 		sources.add(delegate);
-		mds = new DelegatingMethodSecurityMetadataSource(sources);
-		assertThat(mds.getMethodSecurityMetadataSources()).isSameAs(sources);
-		assertThat(mds.getAllConfigAttributes().isEmpty()).isTrue();
+		this.mds = new DelegatingMethodSecurityMetadataSource(sources);
+		assertThat(this.mds.getMethodSecurityMetadataSources()).isSameAs(sources);
+		assertThat(this.mds.getAllConfigAttributes().isEmpty()).isTrue();
 		MethodInvocation mi = new SimpleMethodInvocation("", toString);
-		assertThat(mds.getAttributes(mi)).isSameAs(attributes);
+		assertThat(this.mds.getAttributes(mi)).isSameAs(attributes);
 		// Exercise the cached case
-		assertThat(mds.getAttributes(mi)).isSameAs(attributes);
-		assertThat(mds.getAttributes(new SimpleMethodInvocation(null, String.class.getMethod("length")))).isEmpty();
+		assertThat(this.mds.getAttributes(mi)).isSameAs(attributes);
+		assertThat(this.mds.getAttributes(new SimpleMethodInvocation(null, String.class.getMethod("length"))))
+				.isEmpty();
 	}
 
 }
diff --git a/core/src/test/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdviceVoterTests.java b/core/src/test/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdviceVoterTests.java
index 00807efebb..1dbdc8eb7c 100644
--- a/core/src/test/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdviceVoterTests.java
+++ b/core/src/test/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdviceVoterTests.java
@@ -37,23 +37,23 @@ public class PreInvocationAuthorizationAdviceVoterTests {
 
 	@Before
 	public void setUp() {
-		voter = new PreInvocationAuthorizationAdviceVoter(authorizationAdvice);
+		this.voter = new PreInvocationAuthorizationAdviceVoter(this.authorizationAdvice);
 	}
 
 	@Test
 	public void supportsMethodInvocation() {
-		assertThat(voter.supports(MethodInvocation.class)).isTrue();
+		assertThat(this.voter.supports(MethodInvocation.class)).isTrue();
 	}
 
 	// SEC-2031
 	@Test
 	public void supportsProxyMethodInvocation() {
-		assertThat(voter.supports(ProxyMethodInvocation.class)).isTrue();
+		assertThat(this.voter.supports(ProxyMethodInvocation.class)).isTrue();
 	}
 
 	@Test
 	public void supportsMethodInvocationAdapter() {
-		assertThat(voter.supports(MethodInvocationAdapter.class)).isTrue();
+		assertThat(this.voter.supports(MethodInvocationAdapter.class)).isTrue();
 	}
 
 }
diff --git a/core/src/test/java/org/springframework/security/access/vote/AbstractAclVoterTests.java b/core/src/test/java/org/springframework/security/access/vote/AbstractAclVoterTests.java
index 3b96281ca8..036cf30154 100644
--- a/core/src/test/java/org/springframework/security/access/vote/AbstractAclVoterTests.java
+++ b/core/src/test/java/org/springframework/security/access/vote/AbstractAclVoterTests.java
@@ -45,23 +45,23 @@ public class AbstractAclVoterTests {
 
 	@Test
 	public void supportsMethodInvocations() {
-		assertThat(voter.supports(MethodInvocation.class)).isTrue();
-		assertThat(voter.supports(String.class)).isFalse();
+		assertThat(this.voter.supports(MethodInvocation.class)).isTrue();
+		assertThat(this.voter.supports(String.class)).isFalse();
 	}
 
 	@Test
 	public void expectedDomainObjectArgumentIsReturnedFromMethodInvocation() {
-		voter.setProcessDomainObjectClass(String.class);
+		this.voter.setProcessDomainObjectClass(String.class);
 		MethodInvocation mi = MethodInvocationUtils.create(new TestClass(), "methodTakingAString", "The Argument");
-		assertThat(voter.getDomainObjectInstance(mi)).isEqualTo("The Argument");
+		assertThat(this.voter.getDomainObjectInstance(mi)).isEqualTo("The Argument");
 	}
 
 	@Test
 	public void correctArgumentIsSelectedFromMultipleArgs() {
-		voter.setProcessDomainObjectClass(String.class);
+		this.voter.setProcessDomainObjectClass(String.class);
 		MethodInvocation mi = MethodInvocationUtils.create(new TestClass(), "methodTakingAListAndAString",
 				new ArrayList<>(), "The Argument");
-		assertThat(voter.getDomainObjectInstance(mi)).isEqualTo("The Argument");
+		assertThat(this.voter.getDomainObjectInstance(mi)).isEqualTo("The Argument");
 	}
 
 	@SuppressWarnings("unused")
diff --git a/core/src/test/java/org/springframework/security/access/vote/AffirmativeBasedTests.java b/core/src/test/java/org/springframework/security/access/vote/AffirmativeBasedTests.java
index a172eddeea..78cb5f1e62 100644
--- a/core/src/test/java/org/springframework/security/access/vote/AffirmativeBasedTests.java
+++ b/core/src/test/java/org/springframework/security/access/vote/AffirmativeBasedTests.java
@@ -57,59 +57,65 @@ public class AffirmativeBasedTests {
 	@SuppressWarnings("unchecked")
 	public void setup() {
 
-		grant = mock(AccessDecisionVoter.class);
-		abstain = mock(AccessDecisionVoter.class);
-		deny = mock(AccessDecisionVoter.class);
+		this.grant = mock(AccessDecisionVoter.class);
+		this.abstain = mock(AccessDecisionVoter.class);
+		this.deny = mock(AccessDecisionVoter.class);
 
-		when(grant.vote(any(Authentication.class), any(Object.class), any(List.class)))
+		when(this.grant.vote(any(Authentication.class), any(Object.class), any(List.class)))
 				.thenReturn(AccessDecisionVoter.ACCESS_GRANTED);
-		when(abstain.vote(any(Authentication.class), any(Object.class), any(List.class)))
+		when(this.abstain.vote(any(Authentication.class), any(Object.class), any(List.class)))
 				.thenReturn(AccessDecisionVoter.ACCESS_ABSTAIN);
-		when(deny.vote(any(Authentication.class), any(Object.class), any(List.class)))
+		when(this.deny.vote(any(Authentication.class), any(Object.class), any(List.class)))
 				.thenReturn(AccessDecisionVoter.ACCESS_DENIED);
 	}
 
 	@Test
 	public void oneAffirmativeVoteOneDenyVoteOneAbstainVoteGrantsAccess() throws Exception {
 
-		mgr = new AffirmativeBased(Arrays.<AccessDecisionVoter<? extends Object>>asList(grant, deny, abstain));
-		mgr.afterPropertiesSet();
-		mgr.decide(user, new Object(), attrs);
+		this.mgr = new AffirmativeBased(
+				Arrays.<AccessDecisionVoter<? extends Object>>asList(this.grant, this.deny, this.abstain));
+		this.mgr.afterPropertiesSet();
+		this.mgr.decide(this.user, new Object(), this.attrs);
 	}
 
 	@Test
 	public void oneDenyVoteOneAbstainVoteOneAffirmativeVoteGrantsAccess() {
-		mgr = new AffirmativeBased(Arrays.<AccessDecisionVoter<? extends Object>>asList(deny, abstain, grant));
-		mgr.decide(user, new Object(), attrs);
+		this.mgr = new AffirmativeBased(
+				Arrays.<AccessDecisionVoter<? extends Object>>asList(this.deny, this.abstain, this.grant));
+		this.mgr.decide(this.user, new Object(), this.attrs);
 	}
 
 	@Test
 	public void oneAffirmativeVoteTwoAbstainVotesGrantsAccess() {
-		mgr = new AffirmativeBased(Arrays.<AccessDecisionVoter<? extends Object>>asList(grant, abstain, abstain));
-		mgr.decide(user, new Object(), attrs);
+		this.mgr = new AffirmativeBased(
+				Arrays.<AccessDecisionVoter<? extends Object>>asList(this.grant, this.abstain, this.abstain));
+		this.mgr.decide(this.user, new Object(), this.attrs);
 	}
 
 	@Test(expected = AccessDeniedException.class)
 	public void oneDenyVoteTwoAbstainVotesDeniesAccess() {
-		mgr = new AffirmativeBased(Arrays.<AccessDecisionVoter<? extends Object>>asList(deny, abstain, abstain));
-		mgr.decide(user, new Object(), attrs);
+		this.mgr = new AffirmativeBased(
+				Arrays.<AccessDecisionVoter<? extends Object>>asList(this.deny, this.abstain, this.abstain));
+		this.mgr.decide(this.user, new Object(), this.attrs);
 	}
 
 	@Test(expected = AccessDeniedException.class)
 	public void onlyAbstainVotesDeniesAccessWithDefault() {
-		mgr = new AffirmativeBased(Arrays.<AccessDecisionVoter<? extends Object>>asList(abstain, abstain, abstain));
-		assertThat(!mgr.isAllowIfAllAbstainDecisions()).isTrue(); // check default
+		this.mgr = new AffirmativeBased(
+				Arrays.<AccessDecisionVoter<? extends Object>>asList(this.abstain, this.abstain, this.abstain));
+		assertThat(!this.mgr.isAllowIfAllAbstainDecisions()).isTrue(); // check default
 
-		mgr.decide(user, new Object(), attrs);
+		this.mgr.decide(this.user, new Object(), this.attrs);
 	}
 
 	@Test
 	public void testThreeAbstainVotesGrantsAccessIfAllowIfAllAbstainDecisionsIsSet() {
-		mgr = new AffirmativeBased(Arrays.<AccessDecisionVoter<? extends Object>>asList(abstain, abstain, abstain));
-		mgr.setAllowIfAllAbstainDecisions(true);
-		assertThat(mgr.isAllowIfAllAbstainDecisions()).isTrue(); // check changed
+		this.mgr = new AffirmativeBased(
+				Arrays.<AccessDecisionVoter<? extends Object>>asList(this.abstain, this.abstain, this.abstain));
+		this.mgr.setAllowIfAllAbstainDecisions(true);
+		assertThat(this.mgr.isAllowIfAllAbstainDecisions()).isTrue(); // check changed
 
-		mgr.decide(user, new Object(), attrs);
+		this.mgr.decide(this.user, new Object(), this.attrs);
 	}
 
 }
diff --git a/core/src/test/java/org/springframework/security/access/vote/SomeDomainObject.java b/core/src/test/java/org/springframework/security/access/vote/SomeDomainObject.java
index d8507a9fc0..93d47219e0 100644
--- a/core/src/test/java/org/springframework/security/access/vote/SomeDomainObject.java
+++ b/core/src/test/java/org/springframework/security/access/vote/SomeDomainObject.java
@@ -30,7 +30,7 @@ public class SomeDomainObject {
 	}
 
 	public String getParent() {
-		return "parentOf" + identity;
+		return "parentOf" + this.identity;
 	}
 
 }
diff --git a/core/src/test/java/org/springframework/security/authentication/AbstractAuthenticationTokenTests.java b/core/src/test/java/org/springframework/security/authentication/AbstractAuthenticationTokenTests.java
index 686c209458..e4f324e122 100644
--- a/core/src/test/java/org/springframework/security/authentication/AbstractAuthenticationTokenTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/AbstractAuthenticationTokenTests.java
@@ -43,21 +43,21 @@ public class AbstractAuthenticationTokenTests {
 
 	@Before
 	public final void setUp() {
-		authorities = AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO");
+		this.authorities = AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO");
 	}
 
 	@Test(expected = UnsupportedOperationException.class)
 	public void testAuthoritiesAreImmutable() {
-		MockAuthenticationImpl token = new MockAuthenticationImpl("Test", "Password", authorities);
+		MockAuthenticationImpl token = new MockAuthenticationImpl("Test", "Password", this.authorities);
 		List<GrantedAuthority> gotAuthorities = (List<GrantedAuthority>) token.getAuthorities();
-		assertThat(gotAuthorities).isNotSameAs(authorities);
+		assertThat(gotAuthorities).isNotSameAs(this.authorities);
 
 		gotAuthorities.set(0, new SimpleGrantedAuthority("ROLE_SUPER_USER"));
 	}
 
 	@Test
 	public void testGetters() {
-		MockAuthenticationImpl token = new MockAuthenticationImpl("Test", "Password", authorities);
+		MockAuthenticationImpl token = new MockAuthenticationImpl("Test", "Password", this.authorities);
 		assertThat(token.getPrincipal()).isEqualTo("Test");
 		assertThat(token.getCredentials()).isEqualTo("Password");
 		assertThat(token.getName()).isEqualTo("Test");
@@ -65,8 +65,8 @@ public class AbstractAuthenticationTokenTests {
 
 	@Test
 	public void testHashCode() {
-		MockAuthenticationImpl token1 = new MockAuthenticationImpl("Test", "Password", authorities);
-		MockAuthenticationImpl token2 = new MockAuthenticationImpl("Test", "Password", authorities);
+		MockAuthenticationImpl token1 = new MockAuthenticationImpl("Test", "Password", this.authorities);
+		MockAuthenticationImpl token2 = new MockAuthenticationImpl("Test", "Password", this.authorities);
 		MockAuthenticationImpl token3 = new MockAuthenticationImpl(null, null, AuthorityUtils.NO_AUTHORITIES);
 		assertThat(token2.hashCode()).isEqualTo(token1.hashCode());
 		assertThat(token1.hashCode() != token3.hashCode()).isTrue();
@@ -78,14 +78,14 @@ public class AbstractAuthenticationTokenTests {
 
 	@Test
 	public void testObjectsEquals() {
-		MockAuthenticationImpl token1 = new MockAuthenticationImpl("Test", "Password", authorities);
-		MockAuthenticationImpl token2 = new MockAuthenticationImpl("Test", "Password", authorities);
+		MockAuthenticationImpl token1 = new MockAuthenticationImpl("Test", "Password", this.authorities);
+		MockAuthenticationImpl token2 = new MockAuthenticationImpl("Test", "Password", this.authorities);
 		assertThat(token2).isEqualTo(token1);
 
-		MockAuthenticationImpl token3 = new MockAuthenticationImpl("Test", "Password_Changed", authorities);
+		MockAuthenticationImpl token3 = new MockAuthenticationImpl("Test", "Password_Changed", this.authorities);
 		assertThat(!token1.equals(token3)).isTrue();
 
-		MockAuthenticationImpl token4 = new MockAuthenticationImpl("Test_Changed", "Password", authorities);
+		MockAuthenticationImpl token4 = new MockAuthenticationImpl("Test_Changed", "Password", this.authorities);
 		assertThat(!token1.equals(token4)).isTrue();
 
 		MockAuthenticationImpl token5 = new MockAuthenticationImpl("Test", "Password",
@@ -105,7 +105,7 @@ public class AbstractAuthenticationTokenTests {
 
 	@Test
 	public void testSetAuthenticated() {
-		MockAuthenticationImpl token = new MockAuthenticationImpl("Test", "Password", authorities);
+		MockAuthenticationImpl token = new MockAuthenticationImpl("Test", "Password", this.authorities);
 		assertThat(!token.isAuthenticated()).isTrue();
 		token.setAuthenticated(true);
 		assertThat(token.isAuthenticated()).isTrue();
@@ -113,7 +113,7 @@ public class AbstractAuthenticationTokenTests {
 
 	@Test
 	public void testToStringWithAuthorities() {
-		MockAuthenticationImpl token = new MockAuthenticationImpl("Test", "Password", authorities);
+		MockAuthenticationImpl token = new MockAuthenticationImpl("Test", "Password", this.authorities);
 		assertThat(token.toString().lastIndexOf("ROLE_TWO") != -1).isTrue();
 	}
 
@@ -130,7 +130,7 @@ public class AbstractAuthenticationTokenTests {
 		AuthenticatedPrincipal principal = mock(AuthenticatedPrincipal.class);
 		when(principal.getName()).thenReturn(principalName);
 
-		MockAuthenticationImpl token = new MockAuthenticationImpl(principal, "Password", authorities);
+		MockAuthenticationImpl token = new MockAuthenticationImpl(principal, "Password", this.authorities);
 		assertThat(token.getName()).isEqualTo(principalName);
 		verify(principal, times(1)).getName();
 	}
diff --git a/core/src/test/java/org/springframework/security/authentication/DefaultAuthenticationEventPublisherTests.java b/core/src/test/java/org/springframework/security/authentication/DefaultAuthenticationEventPublisherTests.java
index c4e4e78993..d3ac44699d 100644
--- a/core/src/test/java/org/springframework/security/authentication/DefaultAuthenticationEventPublisherTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/DefaultAuthenticationEventPublisherTests.java
@@ -52,30 +52,30 @@ public class DefaultAuthenticationEventPublisherTests {
 
 	@Test
 	public void expectedDefaultMappingsAreSatisfied() {
-		publisher = new DefaultAuthenticationEventPublisher();
+		this.publisher = new DefaultAuthenticationEventPublisher();
 		ApplicationEventPublisher appPublisher = mock(ApplicationEventPublisher.class);
-		publisher.setApplicationEventPublisher(appPublisher);
+		this.publisher.setApplicationEventPublisher(appPublisher);
 		Authentication a = mock(Authentication.class);
 
 		Exception cause = new Exception();
 		Object extraInfo = new Object();
-		publisher.publishAuthenticationFailure(new BadCredentialsException(""), a);
-		publisher.publishAuthenticationFailure(new BadCredentialsException("", cause), a);
+		this.publisher.publishAuthenticationFailure(new BadCredentialsException(""), a);
+		this.publisher.publishAuthenticationFailure(new BadCredentialsException("", cause), a);
 		verify(appPublisher, times(2)).publishEvent(isA(AuthenticationFailureBadCredentialsEvent.class));
 		reset(appPublisher);
-		publisher.publishAuthenticationFailure(new UsernameNotFoundException(""), a);
-		publisher.publishAuthenticationFailure(new UsernameNotFoundException("", cause), a);
-		publisher.publishAuthenticationFailure(new AccountExpiredException(""), a);
-		publisher.publishAuthenticationFailure(new AccountExpiredException("", cause), a);
-		publisher.publishAuthenticationFailure(new ProviderNotFoundException(""), a);
-		publisher.publishAuthenticationFailure(new DisabledException(""), a);
-		publisher.publishAuthenticationFailure(new DisabledException("", cause), a);
-		publisher.publishAuthenticationFailure(new LockedException(""), a);
-		publisher.publishAuthenticationFailure(new LockedException("", cause), a);
-		publisher.publishAuthenticationFailure(new AuthenticationServiceException(""), a);
-		publisher.publishAuthenticationFailure(new AuthenticationServiceException("", cause), a);
-		publisher.publishAuthenticationFailure(new CredentialsExpiredException(""), a);
-		publisher.publishAuthenticationFailure(new CredentialsExpiredException("", cause), a);
+		this.publisher.publishAuthenticationFailure(new UsernameNotFoundException(""), a);
+		this.publisher.publishAuthenticationFailure(new UsernameNotFoundException("", cause), a);
+		this.publisher.publishAuthenticationFailure(new AccountExpiredException(""), a);
+		this.publisher.publishAuthenticationFailure(new AccountExpiredException("", cause), a);
+		this.publisher.publishAuthenticationFailure(new ProviderNotFoundException(""), a);
+		this.publisher.publishAuthenticationFailure(new DisabledException(""), a);
+		this.publisher.publishAuthenticationFailure(new DisabledException("", cause), a);
+		this.publisher.publishAuthenticationFailure(new LockedException(""), a);
+		this.publisher.publishAuthenticationFailure(new LockedException("", cause), a);
+		this.publisher.publishAuthenticationFailure(new AuthenticationServiceException(""), a);
+		this.publisher.publishAuthenticationFailure(new AuthenticationServiceException("", cause), a);
+		this.publisher.publishAuthenticationFailure(new CredentialsExpiredException(""), a);
+		this.publisher.publishAuthenticationFailure(new CredentialsExpiredException("", cause), a);
 		verify(appPublisher, times(2)).publishEvent(isA(AuthenticationFailureBadCredentialsEvent.class));
 		verify(appPublisher, times(2)).publishEvent(isA(AuthenticationFailureExpiredEvent.class));
 		verify(appPublisher).publishEvent(isA(AuthenticationFailureProviderNotFoundEvent.class));
@@ -88,48 +88,49 @@ public class DefaultAuthenticationEventPublisherTests {
 
 	@Test
 	public void authenticationSuccessIsPublished() {
-		publisher = new DefaultAuthenticationEventPublisher();
+		this.publisher = new DefaultAuthenticationEventPublisher();
 		ApplicationEventPublisher appPublisher = mock(ApplicationEventPublisher.class);
-		publisher.setApplicationEventPublisher(appPublisher);
-		publisher.publishAuthenticationSuccess(mock(Authentication.class));
+		this.publisher.setApplicationEventPublisher(appPublisher);
+		this.publisher.publishAuthenticationSuccess(mock(Authentication.class));
 		verify(appPublisher).publishEvent(isA(AuthenticationSuccessEvent.class));
 
-		publisher.setApplicationEventPublisher(null);
+		this.publisher.setApplicationEventPublisher(null);
 		// Should be ignored with null app publisher
-		publisher.publishAuthenticationSuccess(mock(Authentication.class));
+		this.publisher.publishAuthenticationSuccess(mock(Authentication.class));
 	}
 
 	@Test
 	public void additionalExceptionMappingsAreSupported() {
-		publisher = new DefaultAuthenticationEventPublisher();
+		this.publisher = new DefaultAuthenticationEventPublisher();
 		Properties p = new Properties();
 		p.put(MockAuthenticationException.class.getName(), AuthenticationFailureDisabledEvent.class.getName());
-		publisher.setAdditionalExceptionMappings(p);
+		this.publisher.setAdditionalExceptionMappings(p);
 		ApplicationEventPublisher appPublisher = mock(ApplicationEventPublisher.class);
 
-		publisher.setApplicationEventPublisher(appPublisher);
-		publisher.publishAuthenticationFailure(new MockAuthenticationException("test"), mock(Authentication.class));
+		this.publisher.setApplicationEventPublisher(appPublisher);
+		this.publisher.publishAuthenticationFailure(new MockAuthenticationException("test"),
+				mock(Authentication.class));
 		verify(appPublisher).publishEvent(isA(AuthenticationFailureDisabledEvent.class));
 	}
 
 	@Test(expected = RuntimeException.class)
 	public void missingEventClassExceptionCausesException() {
-		publisher = new DefaultAuthenticationEventPublisher();
+		this.publisher = new DefaultAuthenticationEventPublisher();
 		Properties p = new Properties();
 		p.put(MockAuthenticationException.class.getName(), "NoSuchClass");
-		publisher.setAdditionalExceptionMappings(p);
+		this.publisher.setAdditionalExceptionMappings(p);
 	}
 
 	@Test
 	public void unknownFailureExceptionIsIgnored() {
-		publisher = new DefaultAuthenticationEventPublisher();
+		this.publisher = new DefaultAuthenticationEventPublisher();
 		Properties p = new Properties();
 		p.put(MockAuthenticationException.class.getName(), AuthenticationFailureDisabledEvent.class.getName());
-		publisher.setAdditionalExceptionMappings(p);
+		this.publisher.setAdditionalExceptionMappings(p);
 		ApplicationEventPublisher appPublisher = mock(ApplicationEventPublisher.class);
 
-		publisher.setApplicationEventPublisher(appPublisher);
-		publisher.publishAuthenticationFailure(new AuthenticationException("") {
+		this.publisher.setApplicationEventPublisher(appPublisher);
+		this.publisher.publishAuthenticationFailure(new AuthenticationException("") {
 		}, mock(Authentication.class));
 		verifyZeroInteractions(appPublisher);
 	}
@@ -137,61 +138,63 @@ public class DefaultAuthenticationEventPublisherTests {
 	@Test(expected = IllegalArgumentException.class)
 	public void emptyMapCausesException() {
 		Map<Class<? extends AuthenticationException>, Class<? extends AbstractAuthenticationFailureEvent>> mappings = new HashMap<>();
-		publisher = new DefaultAuthenticationEventPublisher();
-		publisher.setAdditionalExceptionMappings(mappings);
+		this.publisher = new DefaultAuthenticationEventPublisher();
+		this.publisher.setAdditionalExceptionMappings(mappings);
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void missingExceptionClassCausesException() {
 		Map<Class<? extends AuthenticationException>, Class<? extends AbstractAuthenticationFailureEvent>> mappings = new HashMap<>();
 		mappings.put(null, AuthenticationFailureLockedEvent.class);
-		publisher = new DefaultAuthenticationEventPublisher();
-		publisher.setAdditionalExceptionMappings(mappings);
+		this.publisher = new DefaultAuthenticationEventPublisher();
+		this.publisher.setAdditionalExceptionMappings(mappings);
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void missingEventClassAsMapValueCausesException() {
 		Map<Class<? extends AuthenticationException>, Class<? extends AbstractAuthenticationFailureEvent>> mappings = new HashMap<>();
 		mappings.put(LockedException.class, null);
-		publisher = new DefaultAuthenticationEventPublisher();
-		publisher.setAdditionalExceptionMappings(mappings);
+		this.publisher = new DefaultAuthenticationEventPublisher();
+		this.publisher.setAdditionalExceptionMappings(mappings);
 	}
 
 	@Test
 	public void additionalExceptionMappingsUsingMapAreSupported() {
-		publisher = new DefaultAuthenticationEventPublisher();
+		this.publisher = new DefaultAuthenticationEventPublisher();
 		Map<Class<? extends AuthenticationException>, Class<? extends AbstractAuthenticationFailureEvent>> mappings = new HashMap<>();
 		mappings.put(MockAuthenticationException.class, AuthenticationFailureDisabledEvent.class);
-		publisher.setAdditionalExceptionMappings(mappings);
+		this.publisher.setAdditionalExceptionMappings(mappings);
 		ApplicationEventPublisher appPublisher = mock(ApplicationEventPublisher.class);
 
-		publisher.setApplicationEventPublisher(appPublisher);
-		publisher.publishAuthenticationFailure(new MockAuthenticationException("test"), mock(Authentication.class));
+		this.publisher.setApplicationEventPublisher(appPublisher);
+		this.publisher.publishAuthenticationFailure(new MockAuthenticationException("test"),
+				mock(Authentication.class));
 		verify(appPublisher).publishEvent(isA(AuthenticationFailureDisabledEvent.class));
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void defaultAuthenticationFailureEventClassSetNullThen() {
-		publisher = new DefaultAuthenticationEventPublisher();
-		publisher.setDefaultAuthenticationFailureEvent(null);
+		this.publisher = new DefaultAuthenticationEventPublisher();
+		this.publisher.setDefaultAuthenticationFailureEvent(null);
 	}
 
 	@Test
 	public void defaultAuthenticationFailureEventIsPublished() {
-		publisher = new DefaultAuthenticationEventPublisher();
-		publisher.setDefaultAuthenticationFailureEvent(AuthenticationFailureBadCredentialsEvent.class);
+		this.publisher = new DefaultAuthenticationEventPublisher();
+		this.publisher.setDefaultAuthenticationFailureEvent(AuthenticationFailureBadCredentialsEvent.class);
 		ApplicationEventPublisher appPublisher = mock(ApplicationEventPublisher.class);
 
-		publisher.setApplicationEventPublisher(appPublisher);
-		publisher.publishAuthenticationFailure(new AuthenticationException("") {
+		this.publisher.setApplicationEventPublisher(appPublisher);
+		this.publisher.publishAuthenticationFailure(new AuthenticationException("") {
 		}, mock(Authentication.class));
 		verify(appPublisher).publishEvent(isA(AuthenticationFailureBadCredentialsEvent.class));
 	}
 
 	@Test(expected = RuntimeException.class)
 	public void defaultAuthenticationFailureEventMissingAppropriateConstructorThen() {
-		publisher = new DefaultAuthenticationEventPublisher();
-		publisher.setDefaultAuthenticationFailureEvent(AuthenticationFailureEventWithoutAppropriateConstructor.class);
+		this.publisher = new DefaultAuthenticationEventPublisher();
+		this.publisher
+				.setDefaultAuthenticationFailureEvent(AuthenticationFailureEventWithoutAppropriateConstructor.class);
 	}
 
 	private static final class AuthenticationFailureEventWithoutAppropriateConstructor
diff --git a/core/src/test/java/org/springframework/security/authentication/ReactiveAuthenticationManagerAdapterTests.java b/core/src/test/java/org/springframework/security/authentication/ReactiveAuthenticationManagerAdapterTests.java
index d523d7df24..93621f82df 100644
--- a/core/src/test/java/org/springframework/security/authentication/ReactiveAuthenticationManagerAdapterTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/ReactiveAuthenticationManagerAdapterTests.java
@@ -47,7 +47,7 @@ public class ReactiveAuthenticationManagerAdapterTests {
 
 	@Before
 	public void setup() {
-		manager = new ReactiveAuthenticationManagerAdapter(delegate);
+		this.manager = new ReactiveAuthenticationManagerAdapter(this.delegate);
 	}
 
 	@Test(expected = IllegalArgumentException.class)
@@ -62,28 +62,28 @@ public class ReactiveAuthenticationManagerAdapterTests {
 
 	@Test
 	public void authenticateWhenSuccessThenSuccess() {
-		when(delegate.authenticate(any())).thenReturn(authentication);
-		when(authentication.isAuthenticated()).thenReturn(true);
+		when(this.delegate.authenticate(any())).thenReturn(this.authentication);
+		when(this.authentication.isAuthenticated()).thenReturn(true);
 
-		Authentication result = manager.authenticate(authentication).block();
+		Authentication result = this.manager.authenticate(this.authentication).block();
 
-		assertThat(result).isEqualTo(authentication);
+		assertThat(result).isEqualTo(this.authentication);
 	}
 
 	@Test
 	public void authenticateWhenReturnNotAuthenticatedThenError() {
-		when(delegate.authenticate(any())).thenReturn(authentication);
+		when(this.delegate.authenticate(any())).thenReturn(this.authentication);
 
-		Authentication result = manager.authenticate(authentication).block();
+		Authentication result = this.manager.authenticate(this.authentication).block();
 
 		assertThat(result).isNull();
 	}
 
 	@Test
 	public void authenticateWhenBadCredentialsThenError() {
-		when(delegate.authenticate(any())).thenThrow(new BadCredentialsException("Failed"));
+		when(this.delegate.authenticate(any())).thenThrow(new BadCredentialsException("Failed"));
 
-		Mono<Authentication> result = manager.authenticate(authentication);
+		Mono<Authentication> result = this.manager.authenticate(this.authentication);
 
 		StepVerifier.create(result).expectError(BadCredentialsException.class).verify();
 	}
diff --git a/core/src/test/java/org/springframework/security/authentication/ReactiveUserDetailsServiceAuthenticationManagerTests.java b/core/src/test/java/org/springframework/security/authentication/ReactiveUserDetailsServiceAuthenticationManagerTests.java
index 39fff03071..55c85a7954 100644
--- a/core/src/test/java/org/springframework/security/authentication/ReactiveUserDetailsServiceAuthenticationManagerTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/ReactiveUserDetailsServiceAuthenticationManagerTests.java
@@ -56,9 +56,9 @@ public class ReactiveUserDetailsServiceAuthenticationManagerTests {
 
 	@Before
 	public void setup() {
-		manager = new UserDetailsRepositoryReactiveAuthenticationManager(repository);
-		username = "user";
-		password = "pass";
+		this.manager = new UserDetailsRepositoryReactiveAuthenticationManager(this.repository);
+		this.username = "user";
+		this.password = "pass";
 	}
 
 	@Test(expected = IllegalArgumentException.class)
@@ -69,10 +69,11 @@ public class ReactiveUserDetailsServiceAuthenticationManagerTests {
 
 	@Test
 	public void authenticateWhenUserNotFoundThenBadCredentials() {
-		when(repository.findByUsername(username)).thenReturn(Mono.empty());
+		when(this.repository.findByUsername(this.username)).thenReturn(Mono.empty());
 
-		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(username, password);
-		Mono<Authentication> authentication = manager.authenticate(token);
+		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(this.username,
+				this.password);
+		Mono<Authentication> authentication = this.manager.authenticate(token);
 
 		StepVerifier.create(authentication).expectError(BadCredentialsException.class).verify();
 	}
@@ -85,11 +86,11 @@ public class ReactiveUserDetailsServiceAuthenticationManagerTests {
 			.roles("USER")
 			.build();
 		// @formatter:on
-		when(repository.findByUsername(user.getUsername())).thenReturn(Mono.just(user));
+		when(this.repository.findByUsername(user.getUsername())).thenReturn(Mono.just(user));
 
-		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(username,
+		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(this.username,
 				this.password + "INVALID");
-		Mono<Authentication> authentication = manager.authenticate(token);
+		Mono<Authentication> authentication = this.manager.authenticate(token);
 
 		StepVerifier.create(authentication).expectError(BadCredentialsException.class).verify();
 	}
@@ -102,10 +103,11 @@ public class ReactiveUserDetailsServiceAuthenticationManagerTests {
 			.roles("USER")
 			.build();
 		// @formatter:on
-		when(repository.findByUsername(user.getUsername())).thenReturn(Mono.just(user));
+		when(this.repository.findByUsername(user.getUsername())).thenReturn(Mono.just(user));
 
-		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(username, password);
-		Authentication authentication = manager.authenticate(token).block();
+		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(this.username,
+				this.password);
+		Authentication authentication = this.manager.authenticate(token).block();
 
 		assertThat(authentication).isEqualTo(authentication);
 	}
diff --git a/core/src/test/java/org/springframework/security/authentication/dao/DaoAuthenticationProviderTests.java b/core/src/test/java/org/springframework/security/authentication/dao/DaoAuthenticationProviderTests.java
index 89a00fe35c..16071648e3 100644
--- a/core/src/test/java/org/springframework/security/authentication/dao/DaoAuthenticationProviderTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/dao/DaoAuthenticationProviderTests.java
@@ -705,7 +705,7 @@ public class DaoAuthenticationProviderTests {
 
 		public UserDetails loadUserByUsername(String username) {
 			if ("rod".equals(username)) {
-				return new User("rod", password, true, true, true, true, ROLES_12);
+				return new User("rod", this.password, true, true, true, true, ROLES_12);
 			}
 			throw new UsernameNotFoundException("Could not find: " + username);
 		}
diff --git a/core/src/test/java/org/springframework/security/authentication/dao/MockUserCache.java b/core/src/test/java/org/springframework/security/authentication/dao/MockUserCache.java
index 68e2c068d8..939e39a98d 100644
--- a/core/src/test/java/org/springframework/security/authentication/dao/MockUserCache.java
+++ b/core/src/test/java/org/springframework/security/authentication/dao/MockUserCache.java
@@ -29,15 +29,15 @@ public class MockUserCache implements UserCache {
 	private Map<String, UserDetails> cache = new HashMap<>();
 
 	public UserDetails getUserFromCache(String username) {
-		return cache.get(username);
+		return this.cache.get(username);
 	}
 
 	public void putUserInCache(UserDetails user) {
-		cache.put(user.getUsername(), user);
+		this.cache.put(user.getUsername(), user);
 	}
 
 	public void removeUserFromCache(String username) {
-		cache.remove(username);
+		this.cache.remove(username);
 	}
 
 }
diff --git a/core/src/test/java/org/springframework/security/authentication/jaas/DefaultJaasAuthenticationProviderTests.java b/core/src/test/java/org/springframework/security/authentication/jaas/DefaultJaasAuthenticationProviderTests.java
index 6562d1decc..190e116a80 100644
--- a/core/src/test/java/org/springframework/security/authentication/jaas/DefaultJaasAuthenticationProviderTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/jaas/DefaultJaasAuthenticationProviderTests.java
@@ -66,54 +66,54 @@ public class DefaultJaasAuthenticationProviderTests {
 	@Before
 	public void setUp() throws Exception {
 		Configuration configuration = mock(Configuration.class);
-		publisher = mock(ApplicationEventPublisher.class);
-		log = mock(Log.class);
-		provider = new DefaultJaasAuthenticationProvider();
-		provider.setConfiguration(configuration);
-		provider.setApplicationEventPublisher(publisher);
-		provider.setAuthorityGranters(new AuthorityGranter[] { new TestAuthorityGranter() });
-		provider.afterPropertiesSet();
+		this.publisher = mock(ApplicationEventPublisher.class);
+		this.log = mock(Log.class);
+		this.provider = new DefaultJaasAuthenticationProvider();
+		this.provider.setConfiguration(configuration);
+		this.provider.setApplicationEventPublisher(this.publisher);
+		this.provider.setAuthorityGranters(new AuthorityGranter[] { new TestAuthorityGranter() });
+		this.provider.afterPropertiesSet();
 		AppConfigurationEntry[] aces = new AppConfigurationEntry[] {
 				new AppConfigurationEntry(TestLoginModule.class.getName(), LoginModuleControlFlag.REQUIRED,
 						Collections.<String, Object>emptyMap()) };
-		when(configuration.getAppConfigurationEntry(provider.getLoginContextName())).thenReturn(aces);
-		token = new UsernamePasswordAuthenticationToken("user", "password");
-		ReflectionTestUtils.setField(provider, "log", log);
+		when(configuration.getAppConfigurationEntry(this.provider.getLoginContextName())).thenReturn(aces);
+		this.token = new UsernamePasswordAuthenticationToken("user", "password");
+		ReflectionTestUtils.setField(this.provider, "log", this.log);
 
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void afterPropertiesSetNullConfiguration() throws Exception {
-		provider.setConfiguration(null);
-		provider.afterPropertiesSet();
+		this.provider.setConfiguration(null);
+		this.provider.afterPropertiesSet();
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void afterPropertiesSetNullAuthorityGranters() throws Exception {
-		provider.setAuthorityGranters(null);
-		provider.afterPropertiesSet();
+		this.provider.setAuthorityGranters(null);
+		this.provider.afterPropertiesSet();
 	}
 
 	@Test
 	public void authenticateUnsupportedAuthentication() {
-		assertThat(provider.authenticate(new TestingAuthenticationToken("user", "password"))).isNull();
+		assertThat(this.provider.authenticate(new TestingAuthenticationToken("user", "password"))).isNull();
 	}
 
 	@Test
 	public void authenticateSuccess() {
-		Authentication auth = provider.authenticate(token);
-		assertThat(auth.getPrincipal()).isEqualTo(token.getPrincipal());
-		assertThat(auth.getCredentials()).isEqualTo(token.getCredentials());
+		Authentication auth = this.provider.authenticate(this.token);
+		assertThat(auth.getPrincipal()).isEqualTo(this.token.getPrincipal());
+		assertThat(auth.getCredentials()).isEqualTo(this.token.getCredentials());
 		assertThat(auth.isAuthenticated()).isEqualTo(true);
 		assertThat(auth.getAuthorities().isEmpty()).isEqualTo(false);
-		verify(publisher).publishEvent(isA(JaasAuthenticationSuccessEvent.class));
-		verifyNoMoreInteractions(publisher);
+		verify(this.publisher).publishEvent(isA(JaasAuthenticationSuccessEvent.class));
+		verifyNoMoreInteractions(this.publisher);
 	}
 
 	@Test
 	public void authenticateBadPassword() {
 		try {
-			provider.authenticate(new UsernamePasswordAuthenticationToken("user", "asdf"));
+			this.provider.authenticate(new UsernamePasswordAuthenticationToken("user", "asdf"));
 			fail("LoginException should have been thrown for the bad password");
 		}
 		catch (AuthenticationException success) {
@@ -125,7 +125,7 @@ public class DefaultJaasAuthenticationProviderTests {
 	@Test
 	public void authenticateBadUser() {
 		try {
-			provider.authenticate(new UsernamePasswordAuthenticationToken("asdf", "password"));
+			this.provider.authenticate(new UsernamePasswordAuthenticationToken("asdf", "password"));
 			fail("LoginException should have been thrown for the bad user");
 		}
 		catch (AuthenticationException success) {
@@ -145,7 +145,7 @@ public class DefaultJaasAuthenticationProviderTests {
 		when(securityContext.getAuthentication()).thenReturn(token);
 		when(token.getLoginContext()).thenReturn(context);
 
-		provider.onApplicationEvent(event);
+		this.provider.onApplicationEvent(event);
 
 		verify(event).getSecurityContexts();
 		verify(securityContext).getAuthentication();
@@ -158,10 +158,10 @@ public class DefaultJaasAuthenticationProviderTests {
 	public void logoutNullSession() {
 		SessionDestroyedEvent event = mock(SessionDestroyedEvent.class);
 
-		provider.handleLogout(event);
+		this.provider.handleLogout(event);
 
 		verify(event).getSecurityContexts();
-		verify(log).debug(anyString());
+		verify(this.log).debug(anyString());
 		verifyNoMoreInteractions(event);
 	}
 
@@ -172,7 +172,7 @@ public class DefaultJaasAuthenticationProviderTests {
 
 		when(event.getSecurityContexts()).thenReturn(Arrays.asList(securityContext));
 
-		provider.handleLogout(event);
+		this.provider.handleLogout(event);
 
 		verify(event).getSecurityContexts();
 		verify(event).getSecurityContexts();
@@ -186,9 +186,9 @@ public class DefaultJaasAuthenticationProviderTests {
 		SecurityContext securityContext = mock(SecurityContext.class);
 
 		when(event.getSecurityContexts()).thenReturn(Arrays.asList(securityContext));
-		when(securityContext.getAuthentication()).thenReturn(token);
+		when(securityContext.getAuthentication()).thenReturn(this.token);
 
-		provider.handleLogout(event);
+		this.provider.handleLogout(event);
 
 		verify(event).getSecurityContexts();
 		verify(event).getSecurityContexts();
@@ -205,7 +205,7 @@ public class DefaultJaasAuthenticationProviderTests {
 		when(event.getSecurityContexts()).thenReturn(Arrays.asList(securityContext));
 		when(securityContext.getAuthentication()).thenReturn(token);
 
-		provider.onApplicationEvent(event);
+		this.provider.onApplicationEvent(event);
 		verify(event).getSecurityContexts();
 		verify(securityContext).getAuthentication();
 		verify(token).getLoginContext();
@@ -226,23 +226,23 @@ public class DefaultJaasAuthenticationProviderTests {
 		when(token.getLoginContext()).thenReturn(context);
 		doThrow(loginException).when(context).logout();
 
-		provider.onApplicationEvent(event);
+		this.provider.onApplicationEvent(event);
 
 		verify(event).getSecurityContexts();
 		verify(securityContext).getAuthentication();
 		verify(token).getLoginContext();
 		verify(context).logout();
-		verify(log).warn(anyString(), eq(loginException));
+		verify(this.log).warn(anyString(), eq(loginException));
 		verifyNoMoreInteractions(event, securityContext, token, context);
 	}
 
 	@Test
 	public void publishNullPublisher() {
-		provider.setApplicationEventPublisher(null);
+		this.provider.setApplicationEventPublisher(null);
 		AuthenticationException ae = new BadCredentialsException("Failed to login");
 
-		provider.publishFailureEvent(token, ae);
-		provider.publishSuccessEvent(token);
+		this.provider.publishFailureEvent(this.token, ae);
+		this.provider.publishSuccessEvent(this.token);
 	}
 
 	@Test
@@ -251,10 +251,10 @@ public class DefaultJaasAuthenticationProviderTests {
 		ClassPathXmlApplicationContext context = new ClassPathXmlApplicationContext(resName);
 		context.registerShutdownHook();
 		try {
-			provider = context.getBean(DefaultJaasAuthenticationProvider.class);
-			Authentication auth = provider.authenticate(token);
+			this.provider = context.getBean(DefaultJaasAuthenticationProvider.class);
+			Authentication auth = this.provider.authenticate(this.token);
 			assertThat(auth.isAuthenticated()).isEqualTo(true);
-			assertThat(auth.getPrincipal()).isEqualTo(token.getPrincipal());
+			assertThat(auth.getPrincipal()).isEqualTo(this.token.getPrincipal());
 		}
 		finally {
 			context.close();
@@ -264,10 +264,10 @@ public class DefaultJaasAuthenticationProviderTests {
 	private void verifyFailedLogin() {
 		ArgumentCaptor<JaasAuthenticationFailedEvent> event = ArgumentCaptor
 				.forClass(JaasAuthenticationFailedEvent.class);
-		verify(publisher).publishEvent(event.capture());
+		verify(this.publisher).publishEvent(event.capture());
 		assertThat(event.getValue()).isInstanceOf(JaasAuthenticationFailedEvent.class);
 		assertThat(event.getValue().getException()).isNotNull();
-		verifyNoMoreInteractions(publisher);
+		verifyNoMoreInteractions(this.publisher);
 	}
 
 }
diff --git a/core/src/test/java/org/springframework/security/authentication/jaas/JaasAuthenticationProviderTests.java b/core/src/test/java/org/springframework/security/authentication/jaas/JaasAuthenticationProviderTests.java
index 197c22cd05..08cc0d8e73 100644
--- a/core/src/test/java/org/springframework/security/authentication/jaas/JaasAuthenticationProviderTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/jaas/JaasAuthenticationProviderTests.java
@@ -66,39 +66,39 @@ public class JaasAuthenticationProviderTests {
 	@Before
 	public void setUp() {
 		String resName = "/" + getClass().getName().replace('.', '/') + ".xml";
-		context = new ClassPathXmlApplicationContext(resName);
-		eventCheck = (JaasEventCheck) context.getBean("eventCheck");
-		jaasProvider = (JaasAuthenticationProvider) context.getBean("jaasAuthenticationProvider");
+		this.context = new ClassPathXmlApplicationContext(resName);
+		this.eventCheck = (JaasEventCheck) this.context.getBean("eventCheck");
+		this.jaasProvider = (JaasAuthenticationProvider) this.context.getBean("jaasAuthenticationProvider");
 	}
 
 	@Test
 	public void testBadPassword() {
 		try {
-			jaasProvider.authenticate(new UsernamePasswordAuthenticationToken("user", "asdf"));
+			this.jaasProvider.authenticate(new UsernamePasswordAuthenticationToken("user", "asdf"));
 			fail("LoginException should have been thrown for the bad password");
 		}
 		catch (AuthenticationException e) {
 		}
 
-		assertThat(eventCheck.failedEvent).as("Failure event not fired").isNotNull();
-		assertThat(eventCheck.failedEvent.getException()).withFailMessage("Failure event exception was null")
+		assertThat(this.eventCheck.failedEvent).as("Failure event not fired").isNotNull();
+		assertThat(this.eventCheck.failedEvent.getException()).withFailMessage("Failure event exception was null")
 				.isNotNull();
-		assertThat(eventCheck.successEvent).as("Success event was fired").isNull();
+		assertThat(this.eventCheck.successEvent).as("Success event was fired").isNull();
 	}
 
 	@Test
 	public void testBadUser() {
 		try {
-			jaasProvider.authenticate(new UsernamePasswordAuthenticationToken("asdf", "password"));
+			this.jaasProvider.authenticate(new UsernamePasswordAuthenticationToken("asdf", "password"));
 			fail("LoginException should have been thrown for the bad user");
 		}
 		catch (AuthenticationException e) {
 		}
 
-		assertThat(eventCheck.failedEvent).as("Failure event not fired").isNotNull();
-		assertThat(eventCheck.failedEvent.getException()).withFailMessage("Failure event exception was null")
+		assertThat(this.eventCheck.failedEvent).as("Failure event not fired").isNotNull();
+		assertThat(this.eventCheck.failedEvent.getException()).withFailMessage("Failure event exception was null")
 				.isNotNull();
-		assertThat(eventCheck.successEvent).as("Success event was fired").isNull();
+		assertThat(this.eventCheck.successEvent).as("Success event was fired").isNull();
 	}
 
 	@Test
@@ -115,10 +115,10 @@ public class JaasAuthenticationProviderTests {
 	@Test
 	public void detectsMissingLoginConfig() throws Exception {
 		JaasAuthenticationProvider myJaasProvider = new JaasAuthenticationProvider();
-		myJaasProvider.setApplicationEventPublisher(context);
-		myJaasProvider.setAuthorityGranters(jaasProvider.getAuthorityGranters());
-		myJaasProvider.setCallbackHandlers(jaasProvider.getCallbackHandlers());
-		myJaasProvider.setLoginContextName(jaasProvider.getLoginContextName());
+		myJaasProvider.setApplicationEventPublisher(this.context);
+		myJaasProvider.setAuthorityGranters(this.jaasProvider.getAuthorityGranters());
+		myJaasProvider.setCallbackHandlers(this.jaasProvider.getCallbackHandlers());
+		myJaasProvider.setLoginContextName(this.jaasProvider.getLoginContextName());
 
 		try {
 			myJaasProvider.afterPropertiesSet();
@@ -151,11 +151,11 @@ public class JaasAuthenticationProviderTests {
 		pw.close();
 
 		JaasAuthenticationProvider myJaasProvider = new JaasAuthenticationProvider();
-		myJaasProvider.setApplicationEventPublisher(context);
+		myJaasProvider.setApplicationEventPublisher(this.context);
 		myJaasProvider.setLoginConfig(new FileSystemResource(configFile));
-		myJaasProvider.setAuthorityGranters(jaasProvider.getAuthorityGranters());
-		myJaasProvider.setCallbackHandlers(jaasProvider.getCallbackHandlers());
-		myJaasProvider.setLoginContextName(jaasProvider.getLoginContextName());
+		myJaasProvider.setAuthorityGranters(this.jaasProvider.getAuthorityGranters());
+		myJaasProvider.setCallbackHandlers(this.jaasProvider.getCallbackHandlers());
+		myJaasProvider.setLoginContextName(this.jaasProvider.getLoginContextName());
 
 		myJaasProvider.afterPropertiesSet();
 	}
@@ -163,10 +163,10 @@ public class JaasAuthenticationProviderTests {
 	@Test
 	public void detectsMissingLoginContextName() throws Exception {
 		JaasAuthenticationProvider myJaasProvider = new JaasAuthenticationProvider();
-		myJaasProvider.setApplicationEventPublisher(context);
-		myJaasProvider.setAuthorityGranters(jaasProvider.getAuthorityGranters());
-		myJaasProvider.setCallbackHandlers(jaasProvider.getCallbackHandlers());
-		myJaasProvider.setLoginConfig(jaasProvider.getLoginConfig());
+		myJaasProvider.setApplicationEventPublisher(this.context);
+		myJaasProvider.setAuthorityGranters(this.jaasProvider.getAuthorityGranters());
+		myJaasProvider.setCallbackHandlers(this.jaasProvider.getCallbackHandlers());
+		myJaasProvider.setLoginConfig(this.jaasProvider.getLoginConfig());
 		myJaasProvider.setLoginContextName(null);
 
 		try {
@@ -193,14 +193,14 @@ public class JaasAuthenticationProviderTests {
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("user", "password",
 				AuthorityUtils.createAuthorityList("ROLE_ONE"));
 
-		assertThat(jaasProvider.supports(UsernamePasswordAuthenticationToken.class)).isTrue();
+		assertThat(this.jaasProvider.supports(UsernamePasswordAuthenticationToken.class)).isTrue();
 
-		Authentication auth = jaasProvider.authenticate(token);
+		Authentication auth = this.jaasProvider.authenticate(token);
 
-		assertThat(jaasProvider.getAuthorityGranters()).isNotNull();
-		assertThat(jaasProvider.getCallbackHandlers()).isNotNull();
-		assertThat(jaasProvider.getLoginConfig()).isNotNull();
-		assertThat(jaasProvider.getLoginContextName()).isNotNull();
+		assertThat(this.jaasProvider.getAuthorityGranters()).isNotNull();
+		assertThat(this.jaasProvider.getCallbackHandlers()).isNotNull();
+		assertThat(this.jaasProvider.getLoginConfig()).isNotNull();
+		assertThat(this.jaasProvider.getLoginContextName()).isNotNull();
 
 		Collection<? extends GrantedAuthority> list = auth.getAuthorities();
 		Set<String> set = AuthorityUtils.authorityListToSet(list);
@@ -222,24 +222,24 @@ public class JaasAuthenticationProviderTests {
 
 		assertThat(foundit).as("Could not find a JaasGrantedAuthority").isTrue();
 
-		assertThat(eventCheck.successEvent).as("Success event should be fired").isNotNull();
-		assertThat(eventCheck.successEvent.getAuthentication()).withFailMessage("Auth objects should be equal")
+		assertThat(this.eventCheck.successEvent).as("Success event should be fired").isNotNull();
+		assertThat(this.eventCheck.successEvent.getAuthentication()).withFailMessage("Auth objects should be equal")
 				.isEqualTo(auth);
-		assertThat(eventCheck.failedEvent).as("Failure event should not be fired").isNull();
+		assertThat(this.eventCheck.failedEvent).as("Failure event should not be fired").isNull();
 	}
 
 	@Test
 	public void testGetApplicationEventPublisher() {
-		assertThat(jaasProvider.getApplicationEventPublisher()).isNotNull();
+		assertThat(this.jaasProvider.getApplicationEventPublisher()).isNotNull();
 	}
 
 	@Test
 	public void testLoginExceptionResolver() {
-		assertThat(jaasProvider.getLoginExceptionResolver()).isNotNull();
-		jaasProvider.setLoginExceptionResolver(e -> new LockedException("This is just a test!"));
+		assertThat(this.jaasProvider.getLoginExceptionResolver()).isNotNull();
+		this.jaasProvider.setLoginExceptionResolver(e -> new LockedException("This is just a test!"));
 
 		try {
-			jaasProvider.authenticate(new UsernamePasswordAuthenticationToken("user", "password"));
+			this.jaasProvider.authenticate(new UsernamePasswordAuthenticationToken("user", "password"));
 		}
 		catch (LockedException e) {
 		}
@@ -250,7 +250,7 @@ public class JaasAuthenticationProviderTests {
 
 	@Test
 	public void testLogout() throws Exception {
-		MockLoginContext loginContext = new MockLoginContext(jaasProvider.getLoginContextName());
+		MockLoginContext loginContext = new MockLoginContext(this.jaasProvider.getLoginContextName());
 
 		JaasAuthenticationToken token = new JaasAuthenticationToken(null, null, loginContext);
 
@@ -260,7 +260,7 @@ public class JaasAuthenticationProviderTests {
 		SessionDestroyedEvent event = mock(SessionDestroyedEvent.class);
 		when(event.getSecurityContexts()).thenReturn(Arrays.asList(context));
 
-		jaasProvider.handleLogout(event);
+		this.jaasProvider.handleLogout(event);
 
 		assertThat(loginContext.loggedOut).isTrue();
 	}
@@ -269,18 +269,17 @@ public class JaasAuthenticationProviderTests {
 	public void testNullDefaultAuthorities() {
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("user", "password");
 
-		assertThat(jaasProvider.supports(UsernamePasswordAuthenticationToken.class)).isTrue();
+		assertThat(this.jaasProvider.supports(UsernamePasswordAuthenticationToken.class)).isTrue();
 
-		Authentication auth = jaasProvider.authenticate(token);
+		Authentication auth = this.jaasProvider.authenticate(token);
 		assertThat(auth.getAuthorities()).withFailMessage("Only ROLE_TEST1 and ROLE_TEST2 should have been returned")
 				.hasSize(2);
 	}
 
 	@Test
 	public void testUnsupportedAuthenticationObjectReturnsNull() {
-		assertThat(
-				jaasProvider.authenticate(new TestingAuthenticationToken("foo", "bar", AuthorityUtils.NO_AUTHORITIES)))
-						.isNull();
+		assertThat(this.jaasProvider
+				.authenticate(new TestingAuthenticationToken("foo", "bar", AuthorityUtils.NO_AUTHORITIES))).isNull();
 	}
 
 	private static class MockLoginContext extends LoginContext {
diff --git a/core/src/test/java/org/springframework/security/authentication/jaas/JaasEventCheck.java b/core/src/test/java/org/springframework/security/authentication/jaas/JaasEventCheck.java
index fb42097d7c..f93bc489ea 100644
--- a/core/src/test/java/org/springframework/security/authentication/jaas/JaasEventCheck.java
+++ b/core/src/test/java/org/springframework/security/authentication/jaas/JaasEventCheck.java
@@ -32,11 +32,11 @@ public class JaasEventCheck implements ApplicationListener<JaasAuthenticationEve
 
 	public void onApplicationEvent(JaasAuthenticationEvent event) {
 		if (event instanceof JaasAuthenticationFailedEvent) {
-			failedEvent = (JaasAuthenticationFailedEvent) event;
+			this.failedEvent = (JaasAuthenticationFailedEvent) event;
 		}
 
 		if (event instanceof JaasAuthenticationSuccessEvent) {
-			successEvent = (JaasAuthenticationSuccessEvent) event;
+			this.successEvent = (JaasAuthenticationSuccessEvent) event;
 		}
 	}
 
diff --git a/core/src/test/java/org/springframework/security/authentication/jaas/TestLoginModule.java b/core/src/test/java/org/springframework/security/authentication/jaas/TestLoginModule.java
index af341e9f94..4305ab8b86 100644
--- a/core/src/test/java/org/springframework/security/authentication/jaas/TestLoginModule.java
+++ b/core/src/test/java/org/springframework/security/authentication/jaas/TestLoginModule.java
@@ -57,8 +57,8 @@ public class TestLoginModule implements LoginModule {
 
 			callbackHandler.handle(new Callback[] { textCallback, nameCallback, passwordCallback });
 
-			password = new String(passwordCallback.getPassword());
-			user = nameCallback.getName();
+			this.password = new String(passwordCallback.getPassword());
+			this.user = nameCallback.getName();
 		}
 		catch (Exception e) {
 			throw new RuntimeException(e);
@@ -66,17 +66,17 @@ public class TestLoginModule implements LoginModule {
 	}
 
 	public boolean login() throws LoginException {
-		if (!user.equals("user")) {
+		if (!this.user.equals("user")) {
 			throw new LoginException("Bad User");
 		}
 
-		if (!password.equals("password")) {
+		if (!this.password.equals("password")) {
 			throw new LoginException("Bad Password");
 		}
 
-		subject.getPrincipals().add(() -> "TEST_PRINCIPAL");
+		this.subject.getPrincipals().add(() -> "TEST_PRINCIPAL");
 
-		subject.getPrincipals().add(() -> "NULL_PRINCIPAL");
+		this.subject.getPrincipals().add(() -> "NULL_PRINCIPAL");
 
 		return true;
 	}
diff --git a/core/src/test/java/org/springframework/security/authorization/AuthenticatedReactiveAuthorizationManagerTests.java b/core/src/test/java/org/springframework/security/authorization/AuthenticatedReactiveAuthorizationManagerTests.java
index 9d85af9d45..fb8f606b39 100644
--- a/core/src/test/java/org/springframework/security/authorization/AuthenticatedReactiveAuthorizationManagerTests.java
+++ b/core/src/test/java/org/springframework/security/authorization/AuthenticatedReactiveAuthorizationManagerTests.java
@@ -45,23 +45,23 @@ public class AuthenticatedReactiveAuthorizationManagerTests {
 
 	@Test
 	public void checkWhenAuthenticatedThenReturnTrue() {
-		when(authentication.isAuthenticated()).thenReturn(true);
+		when(this.authentication.isAuthenticated()).thenReturn(true);
 
-		boolean granted = manager.check(Mono.just(authentication), null).block().isGranted();
+		boolean granted = this.manager.check(Mono.just(this.authentication), null).block().isGranted();
 
 		assertThat(granted).isTrue();
 	}
 
 	@Test
 	public void checkWhenNotAuthenticatedThenReturnFalse() {
-		boolean granted = manager.check(Mono.just(authentication), null).block().isGranted();
+		boolean granted = this.manager.check(Mono.just(this.authentication), null).block().isGranted();
 
 		assertThat(granted).isFalse();
 	}
 
 	@Test
 	public void checkWhenEmptyThenReturnFalse() {
-		boolean granted = manager.check(Mono.empty(), null).block().isGranted();
+		boolean granted = this.manager.check(Mono.empty(), null).block().isGranted();
 
 		assertThat(granted).isFalse();
 	}
@@ -70,14 +70,14 @@ public class AuthenticatedReactiveAuthorizationManagerTests {
 	public void checkWhenAnonymousAuthenticatedThenReturnFalse() {
 		AnonymousAuthenticationToken anonymousAuthenticationToken = mock(AnonymousAuthenticationToken.class);
 
-		boolean granted = manager.check(Mono.just(anonymousAuthenticationToken), null).block().isGranted();
+		boolean granted = this.manager.check(Mono.just(anonymousAuthenticationToken), null).block().isGranted();
 
 		assertThat(granted).isFalse();
 	}
 
 	@Test
 	public void checkWhenErrorThenError() {
-		Mono<AuthorizationDecision> result = manager.check(Mono.error(new RuntimeException("ooops")), null);
+		Mono<AuthorizationDecision> result = this.manager.check(Mono.error(new RuntimeException("ooops")), null);
 
 		StepVerifier.create(result).expectError().verify();
 	}
diff --git a/core/src/test/java/org/springframework/security/authorization/AuthorityReactiveAuthorizationManagerTests.java b/core/src/test/java/org/springframework/security/authorization/AuthorityReactiveAuthorizationManagerTests.java
index 40c70c1403..0a97cec9df 100644
--- a/core/src/test/java/org/springframework/security/authorization/AuthorityReactiveAuthorizationManagerTests.java
+++ b/core/src/test/java/org/springframework/security/authorization/AuthorityReactiveAuthorizationManagerTests.java
@@ -45,89 +45,90 @@ public class AuthorityReactiveAuthorizationManagerTests {
 
 	@Test
 	public void checkWhenHasAuthorityAndNotAuthenticatedThenReturnFalse() {
-		boolean granted = manager.check(Mono.just(authentication), null).block().isGranted();
+		boolean granted = this.manager.check(Mono.just(this.authentication), null).block().isGranted();
 
 		assertThat(granted).isFalse();
 	}
 
 	@Test
 	public void checkWhenHasAuthorityAndEmptyThenReturnFalse() {
-		boolean granted = manager.check(Mono.empty(), null).block().isGranted();
+		boolean granted = this.manager.check(Mono.empty(), null).block().isGranted();
 
 		assertThat(granted).isFalse();
 	}
 
 	@Test
 	public void checkWhenHasAuthorityAndErrorThenError() {
-		Mono<AuthorizationDecision> result = manager.check(Mono.error(new RuntimeException("ooops")), null);
+		Mono<AuthorizationDecision> result = this.manager.check(Mono.error(new RuntimeException("ooops")), null);
 
 		StepVerifier.create(result).expectError().verify();
 	}
 
 	@Test
 	public void checkWhenHasAuthorityAndAuthenticatedAndNoAuthoritiesThenReturnFalse() {
-		when(authentication.isAuthenticated()).thenReturn(true);
-		when(authentication.getAuthorities()).thenReturn(Collections.emptyList());
+		when(this.authentication.isAuthenticated()).thenReturn(true);
+		when(this.authentication.getAuthorities()).thenReturn(Collections.emptyList());
 
-		boolean granted = manager.check(Mono.just(authentication), null).block().isGranted();
+		boolean granted = this.manager.check(Mono.just(this.authentication), null).block().isGranted();
 
 		assertThat(granted).isFalse();
 	}
 
 	@Test
 	public void checkWhenHasAuthorityAndAuthenticatedAndWrongAuthoritiesThenReturnFalse() {
-		authentication = new TestingAuthenticationToken("rob", "secret", "ROLE_ADMIN");
+		this.authentication = new TestingAuthenticationToken("rob", "secret", "ROLE_ADMIN");
 
-		boolean granted = manager.check(Mono.just(authentication), null).block().isGranted();
+		boolean granted = this.manager.check(Mono.just(this.authentication), null).block().isGranted();
 
 		assertThat(granted).isFalse();
 	}
 
 	@Test
 	public void checkWhenHasAuthorityAndAuthorizedThenReturnTrue() {
-		authentication = new TestingAuthenticationToken("rob", "secret", "ADMIN");
+		this.authentication = new TestingAuthenticationToken("rob", "secret", "ADMIN");
 
-		boolean granted = manager.check(Mono.just(authentication), null).block().isGranted();
+		boolean granted = this.manager.check(Mono.just(this.authentication), null).block().isGranted();
 
 		assertThat(granted).isTrue();
 	}
 
 	@Test
 	public void checkWhenHasRoleAndAuthorizedThenReturnTrue() {
-		manager = AuthorityReactiveAuthorizationManager.hasRole("ADMIN");
-		authentication = new TestingAuthenticationToken("rob", "secret", "ROLE_ADMIN");
+		this.manager = AuthorityReactiveAuthorizationManager.hasRole("ADMIN");
+		this.authentication = new TestingAuthenticationToken("rob", "secret", "ROLE_ADMIN");
 
-		boolean granted = manager.check(Mono.just(authentication), null).block().isGranted();
+		boolean granted = this.manager.check(Mono.just(this.authentication), null).block().isGranted();
 
 		assertThat(granted).isTrue();
 	}
 
 	@Test
 	public void checkWhenHasRoleAndNotAuthorizedThenReturnFalse() {
-		manager = AuthorityReactiveAuthorizationManager.hasRole("ADMIN");
-		authentication = new TestingAuthenticationToken("rob", "secret", "ADMIN");
+		this.manager = AuthorityReactiveAuthorizationManager.hasRole("ADMIN");
+		this.authentication = new TestingAuthenticationToken("rob", "secret", "ADMIN");
 
-		boolean granted = manager.check(Mono.just(authentication), null).block().isGranted();
+		boolean granted = this.manager.check(Mono.just(this.authentication), null).block().isGranted();
 
 		assertThat(granted).isFalse();
 	}
 
 	@Test
 	public void checkWhenHasAnyRoleAndAuthorizedThenReturnTrue() {
-		manager = AuthorityReactiveAuthorizationManager.hasAnyRole("GENERAL", "USER", "TEST");
-		authentication = new TestingAuthenticationToken("rob", "secret", "ROLE_USER", "ROLE_AUDITING", "ROLE_ADMIN");
+		this.manager = AuthorityReactiveAuthorizationManager.hasAnyRole("GENERAL", "USER", "TEST");
+		this.authentication = new TestingAuthenticationToken("rob", "secret", "ROLE_USER", "ROLE_AUDITING",
+				"ROLE_ADMIN");
 
-		boolean granted = manager.check(Mono.just(authentication), null).block().isGranted();
+		boolean granted = this.manager.check(Mono.just(this.authentication), null).block().isGranted();
 
 		assertThat(granted).isTrue();
 	}
 
 	@Test
 	public void checkWhenHasAnyRoleAndNotAuthorizedThenReturnFalse() {
-		manager = AuthorityReactiveAuthorizationManager.hasAnyRole("GENERAL", "USER", "TEST");
-		authentication = new TestingAuthenticationToken("rob", "secret", "USER", "AUDITING", "ADMIN");
+		this.manager = AuthorityReactiveAuthorizationManager.hasAnyRole("GENERAL", "USER", "TEST");
+		this.authentication = new TestingAuthenticationToken("rob", "secret", "USER", "AUDITING", "ADMIN");
 
-		boolean granted = manager.check(Mono.just(authentication), null).block().isGranted();
+		boolean granted = this.manager.check(Mono.just(this.authentication), null).block().isGranted();
 
 		assertThat(granted).isFalse();
 	}
diff --git a/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextExecutorServiceTests.java b/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextExecutorServiceTests.java
index a08af9ee13..c9da178681 100644
--- a/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextExecutorServiceTests.java
+++ b/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextExecutorServiceTests.java
@@ -52,7 +52,7 @@ public abstract class AbstractDelegatingSecurityContextExecutorServiceTests
 
 	@Before
 	public final void setUpExecutorService() {
-		executor = create();
+		this.executor = create();
 	}
 
 	@Test(expected = IllegalArgumentException.class)
@@ -62,104 +62,104 @@ public abstract class AbstractDelegatingSecurityContextExecutorServiceTests
 
 	@Test
 	public void shutdown() {
-		executor.shutdown();
-		verify(delegate).shutdown();
+		this.executor.shutdown();
+		verify(this.delegate).shutdown();
 	}
 
 	@Test
 	public void shutdownNow() {
-		List<Runnable> result = executor.shutdownNow();
-		verify(delegate).shutdownNow();
-		assertThat(result).isEqualTo(delegate.shutdownNow()).isNotNull();
+		List<Runnable> result = this.executor.shutdownNow();
+		verify(this.delegate).shutdownNow();
+		assertThat(result).isEqualTo(this.delegate.shutdownNow()).isNotNull();
 	}
 
 	@Test
 	public void isShutdown() {
-		boolean result = executor.isShutdown();
-		verify(delegate).isShutdown();
-		assertThat(result).isEqualTo(delegate.isShutdown()).isNotNull();
+		boolean result = this.executor.isShutdown();
+		verify(this.delegate).isShutdown();
+		assertThat(result).isEqualTo(this.delegate.isShutdown()).isNotNull();
 	}
 
 	@Test
 	public void isTerminated() {
-		boolean result = executor.isTerminated();
-		verify(delegate).isTerminated();
-		assertThat(result).isEqualTo(delegate.isTerminated()).isNotNull();
+		boolean result = this.executor.isTerminated();
+		verify(this.delegate).isTerminated();
+		assertThat(result).isEqualTo(this.delegate.isTerminated()).isNotNull();
 	}
 
 	@Test
 	public void awaitTermination() throws InterruptedException {
-		boolean result = executor.awaitTermination(1, TimeUnit.SECONDS);
-		verify(delegate).awaitTermination(1, TimeUnit.SECONDS);
-		assertThat(result).isEqualTo(delegate.awaitTermination(1, TimeUnit.SECONDS)).isNotNull();
+		boolean result = this.executor.awaitTermination(1, TimeUnit.SECONDS);
+		verify(this.delegate).awaitTermination(1, TimeUnit.SECONDS);
+		assertThat(result).isEqualTo(this.delegate.awaitTermination(1, TimeUnit.SECONDS)).isNotNull();
 	}
 
 	@Test
 	public void submitCallable() {
-		when(delegate.submit(wrappedCallable)).thenReturn(expectedFutureObject);
-		Future<Object> result = executor.submit(callable);
-		verify(delegate).submit(wrappedCallable);
-		assertThat(result).isEqualTo(expectedFutureObject);
+		when(this.delegate.submit(this.wrappedCallable)).thenReturn(this.expectedFutureObject);
+		Future<Object> result = this.executor.submit(this.callable);
+		verify(this.delegate).submit(this.wrappedCallable);
+		assertThat(result).isEqualTo(this.expectedFutureObject);
 	}
 
 	@Test
 	public void submitRunnableWithResult() {
-		when(delegate.submit(wrappedRunnable, resultArg)).thenReturn(expectedFutureObject);
-		Future<Object> result = executor.submit(runnable, resultArg);
-		verify(delegate).submit(wrappedRunnable, resultArg);
-		assertThat(result).isEqualTo(expectedFutureObject);
+		when(this.delegate.submit(this.wrappedRunnable, this.resultArg)).thenReturn(this.expectedFutureObject);
+		Future<Object> result = this.executor.submit(this.runnable, this.resultArg);
+		verify(this.delegate).submit(this.wrappedRunnable, this.resultArg);
+		assertThat(result).isEqualTo(this.expectedFutureObject);
 	}
 
 	@Test
 	@SuppressWarnings("unchecked")
 	public void submitRunnable() {
-		when((Future<Object>) delegate.submit(wrappedRunnable)).thenReturn(expectedFutureObject);
-		Future<?> result = executor.submit(runnable);
-		verify(delegate).submit(wrappedRunnable);
-		assertThat(result).isEqualTo(expectedFutureObject);
+		when((Future<Object>) this.delegate.submit(this.wrappedRunnable)).thenReturn(this.expectedFutureObject);
+		Future<?> result = this.executor.submit(this.runnable);
+		verify(this.delegate).submit(this.wrappedRunnable);
+		assertThat(result).isEqualTo(this.expectedFutureObject);
 	}
 
 	@Test
 	@SuppressWarnings("unchecked")
 	public void invokeAll() throws Exception {
-		List<Future<Object>> exectedResult = Arrays.asList(expectedFutureObject);
-		List<Callable<Object>> wrappedCallables = Arrays.asList(wrappedCallable);
-		when(delegate.invokeAll(wrappedCallables)).thenReturn(exectedResult);
-		List<Future<Object>> result = executor.invokeAll(Arrays.asList(callable));
-		verify(delegate).invokeAll(wrappedCallables);
+		List<Future<Object>> exectedResult = Arrays.asList(this.expectedFutureObject);
+		List<Callable<Object>> wrappedCallables = Arrays.asList(this.wrappedCallable);
+		when(this.delegate.invokeAll(wrappedCallables)).thenReturn(exectedResult);
+		List<Future<Object>> result = this.executor.invokeAll(Arrays.asList(this.callable));
+		verify(this.delegate).invokeAll(wrappedCallables);
 		assertThat(result).isEqualTo(exectedResult);
 	}
 
 	@Test
 	@SuppressWarnings("unchecked")
 	public void invokeAllTimeout() throws Exception {
-		List<Future<Object>> exectedResult = Arrays.asList(expectedFutureObject);
-		List<Callable<Object>> wrappedCallables = Arrays.asList(wrappedCallable);
-		when(delegate.invokeAll(wrappedCallables, 1, TimeUnit.SECONDS)).thenReturn(exectedResult);
-		List<Future<Object>> result = executor.invokeAll(Arrays.asList(callable), 1, TimeUnit.SECONDS);
-		verify(delegate).invokeAll(wrappedCallables, 1, TimeUnit.SECONDS);
+		List<Future<Object>> exectedResult = Arrays.asList(this.expectedFutureObject);
+		List<Callable<Object>> wrappedCallables = Arrays.asList(this.wrappedCallable);
+		when(this.delegate.invokeAll(wrappedCallables, 1, TimeUnit.SECONDS)).thenReturn(exectedResult);
+		List<Future<Object>> result = this.executor.invokeAll(Arrays.asList(this.callable), 1, TimeUnit.SECONDS);
+		verify(this.delegate).invokeAll(wrappedCallables, 1, TimeUnit.SECONDS);
 		assertThat(result).isEqualTo(exectedResult);
 	}
 
 	@Test
 	@SuppressWarnings("unchecked")
 	public void invokeAny() throws Exception {
-		List<Future<Object>> exectedResult = Arrays.asList(expectedFutureObject);
-		List<Callable<Object>> wrappedCallables = Arrays.asList(wrappedCallable);
-		when(delegate.invokeAny(wrappedCallables)).thenReturn(exectedResult);
-		Object result = executor.invokeAny(Arrays.asList(callable));
-		verify(delegate).invokeAny(wrappedCallables);
+		List<Future<Object>> exectedResult = Arrays.asList(this.expectedFutureObject);
+		List<Callable<Object>> wrappedCallables = Arrays.asList(this.wrappedCallable);
+		when(this.delegate.invokeAny(wrappedCallables)).thenReturn(exectedResult);
+		Object result = this.executor.invokeAny(Arrays.asList(this.callable));
+		verify(this.delegate).invokeAny(wrappedCallables);
 		assertThat(result).isEqualTo(exectedResult);
 	}
 
 	@Test
 	@SuppressWarnings("unchecked")
 	public void invokeAnyTimeout() throws Exception {
-		List<Future<Object>> exectedResult = Arrays.asList(expectedFutureObject);
-		List<Callable<Object>> wrappedCallables = Arrays.asList(wrappedCallable);
-		when(delegate.invokeAny(wrappedCallables, 1, TimeUnit.SECONDS)).thenReturn(exectedResult);
-		Object result = executor.invokeAny(Arrays.asList(callable), 1, TimeUnit.SECONDS);
-		verify(delegate).invokeAny(wrappedCallables, 1, TimeUnit.SECONDS);
+		List<Future<Object>> exectedResult = Arrays.asList(this.expectedFutureObject);
+		List<Callable<Object>> wrappedCallables = Arrays.asList(this.wrappedCallable);
+		when(this.delegate.invokeAny(wrappedCallables, 1, TimeUnit.SECONDS)).thenReturn(exectedResult);
+		Object result = this.executor.invokeAny(Arrays.asList(this.callable), 1, TimeUnit.SECONDS);
+		verify(this.delegate).invokeAny(wrappedCallables, 1, TimeUnit.SECONDS);
 		assertThat(result).isEqualTo(exectedResult);
 	}
 
diff --git a/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextExecutorTests.java b/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextExecutorTests.java
index ab21514a15..486f9b35c3 100644
--- a/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextExecutorTests.java
+++ b/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextExecutorTests.java
@@ -52,13 +52,13 @@ public abstract class AbstractDelegatingSecurityContextExecutorTests
 
 	@Test
 	public void execute() {
-		executor = create();
-		executor.execute(runnable);
-		verify(getExecutor()).execute(wrappedRunnable);
+		this.executor = create();
+		this.executor.execute(this.runnable);
+		verify(getExecutor()).execute(this.wrappedRunnable);
 	}
 
 	protected Executor getExecutor() {
-		return delegate;
+		return this.delegate;
 	}
 
 	protected abstract DelegatingSecurityContextExecutor create();
diff --git a/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextScheduledExecutorServiceTests.java b/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextScheduledExecutorServiceTests.java
index 057eeec6a5..d46f018dcf 100644
--- a/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextScheduledExecutorServiceTests.java
+++ b/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextScheduledExecutorServiceTests.java
@@ -46,45 +46,45 @@ public abstract class AbstractDelegatingSecurityContextScheduledExecutorServiceT
 
 	@Before
 	public final void setUpExecutor() {
-		executor = create();
+		this.executor = create();
 	}
 
 	@Test
 	@SuppressWarnings("unchecked")
 	public void scheduleRunnable() {
-		when((ScheduledFuture<Object>) delegate.schedule(wrappedRunnable, 1, TimeUnit.SECONDS))
-				.thenReturn(expectedResult);
-		ScheduledFuture<?> result = executor.schedule(runnable, 1, TimeUnit.SECONDS);
-		assertThat(result).isEqualTo(expectedResult);
-		verify(delegate).schedule(wrappedRunnable, 1, TimeUnit.SECONDS);
+		when((ScheduledFuture<Object>) this.delegate.schedule(this.wrappedRunnable, 1, TimeUnit.SECONDS))
+				.thenReturn(this.expectedResult);
+		ScheduledFuture<?> result = this.executor.schedule(this.runnable, 1, TimeUnit.SECONDS);
+		assertThat(result).isEqualTo(this.expectedResult);
+		verify(this.delegate).schedule(this.wrappedRunnable, 1, TimeUnit.SECONDS);
 	}
 
 	@Test
 	public void scheduleCallable() {
-		when(delegate.schedule(wrappedCallable, 1, TimeUnit.SECONDS)).thenReturn(expectedResult);
-		ScheduledFuture<Object> result = executor.schedule(callable, 1, TimeUnit.SECONDS);
-		assertThat(result).isEqualTo(expectedResult);
-		verify(delegate).schedule(wrappedCallable, 1, TimeUnit.SECONDS);
+		when(this.delegate.schedule(this.wrappedCallable, 1, TimeUnit.SECONDS)).thenReturn(this.expectedResult);
+		ScheduledFuture<Object> result = this.executor.schedule(this.callable, 1, TimeUnit.SECONDS);
+		assertThat(result).isEqualTo(this.expectedResult);
+		verify(this.delegate).schedule(this.wrappedCallable, 1, TimeUnit.SECONDS);
 	}
 
 	@Test
 	@SuppressWarnings("unchecked")
 	public void scheduleAtFixedRate() {
-		when((ScheduledFuture<Object>) delegate.scheduleAtFixedRate(wrappedRunnable, 1, 2, TimeUnit.SECONDS))
-				.thenReturn(expectedResult);
-		ScheduledFuture<?> result = executor.scheduleAtFixedRate(runnable, 1, 2, TimeUnit.SECONDS);
-		assertThat(result).isEqualTo(expectedResult);
-		verify(delegate).scheduleAtFixedRate(wrappedRunnable, 1, 2, TimeUnit.SECONDS);
+		when((ScheduledFuture<Object>) this.delegate.scheduleAtFixedRate(this.wrappedRunnable, 1, 2, TimeUnit.SECONDS))
+				.thenReturn(this.expectedResult);
+		ScheduledFuture<?> result = this.executor.scheduleAtFixedRate(this.runnable, 1, 2, TimeUnit.SECONDS);
+		assertThat(result).isEqualTo(this.expectedResult);
+		verify(this.delegate).scheduleAtFixedRate(this.wrappedRunnable, 1, 2, TimeUnit.SECONDS);
 	}
 
 	@Test
 	@SuppressWarnings("unchecked")
 	public void scheduleWithFixedDelay() {
-		when((ScheduledFuture<Object>) delegate.scheduleWithFixedDelay(wrappedRunnable, 1, 2, TimeUnit.SECONDS))
-				.thenReturn(expectedResult);
-		ScheduledFuture<?> result = executor.scheduleWithFixedDelay(runnable, 1, 2, TimeUnit.SECONDS);
-		assertThat(result).isEqualTo(expectedResult);
-		verify(delegate).scheduleWithFixedDelay(wrappedRunnable, 1, 2, TimeUnit.SECONDS);
+		when((ScheduledFuture<Object>) this.delegate.scheduleWithFixedDelay(this.wrappedRunnable, 1, 2,
+				TimeUnit.SECONDS)).thenReturn(this.expectedResult);
+		ScheduledFuture<?> result = this.executor.scheduleWithFixedDelay(this.runnable, 1, 2, TimeUnit.SECONDS);
+		assertThat(result).isEqualTo(this.expectedResult);
+		verify(this.delegate).scheduleWithFixedDelay(this.wrappedRunnable, 1, 2, TimeUnit.SECONDS);
 	}
 
 	@Override
diff --git a/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextTestSupport.java b/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextTestSupport.java
index e4b7c4b564..c5bf4e56cc 100644
--- a/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextTestSupport.java
+++ b/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextTestSupport.java
@@ -68,23 +68,23 @@ public abstract class AbstractDelegatingSecurityContextTestSupport {
 
 	public final void explicitSecurityContextPowermockSetup() throws Exception {
 		spy(DelegatingSecurityContextCallable.class);
-		doReturn(wrappedCallable).when(DelegatingSecurityContextCallable.class, "create", eq(callable),
-				securityContextCaptor.capture());
+		doReturn(this.wrappedCallable).when(DelegatingSecurityContextCallable.class, "create", eq(this.callable),
+				this.securityContextCaptor.capture());
 		spy(DelegatingSecurityContextRunnable.class);
-		doReturn(wrappedRunnable).when(DelegatingSecurityContextRunnable.class, "create", eq(runnable),
-				securityContextCaptor.capture());
+		doReturn(this.wrappedRunnable).when(DelegatingSecurityContextRunnable.class, "create", eq(this.runnable),
+				this.securityContextCaptor.capture());
 	}
 
 	public final void currentSecurityContextPowermockSetup() throws Exception {
 		spy(DelegatingSecurityContextCallable.class);
-		doReturn(wrappedCallable).when(DelegatingSecurityContextCallable.class, "create", callable, null);
+		doReturn(this.wrappedCallable).when(DelegatingSecurityContextCallable.class, "create", this.callable, null);
 		spy(DelegatingSecurityContextRunnable.class);
-		doReturn(wrappedRunnable).when(DelegatingSecurityContextRunnable.class, "create", runnable, null);
+		doReturn(this.wrappedRunnable).when(DelegatingSecurityContextRunnable.class, "create", this.runnable, null);
 	}
 
 	@Before
 	public final void setContext() {
-		SecurityContextHolder.setContext(currentSecurityContext);
+		SecurityContextHolder.setContext(this.currentSecurityContext);
 	}
 
 	@After
diff --git a/core/src/test/java/org/springframework/security/concurrent/CurrentDelegatingSecurityContextExecutorServiceTests.java b/core/src/test/java/org/springframework/security/concurrent/CurrentDelegatingSecurityContextExecutorServiceTests.java
index 10a5cd39fa..eb4b404ddd 100644
--- a/core/src/test/java/org/springframework/security/concurrent/CurrentDelegatingSecurityContextExecutorServiceTests.java
+++ b/core/src/test/java/org/springframework/security/concurrent/CurrentDelegatingSecurityContextExecutorServiceTests.java
@@ -37,7 +37,7 @@ public class CurrentDelegatingSecurityContextExecutorServiceTests
 
 	@Override
 	protected DelegatingSecurityContextExecutorService create() {
-		return new DelegatingSecurityContextExecutorService(delegate);
+		return new DelegatingSecurityContextExecutorService(this.delegate);
 	}
 
 }
\ No newline at end of file
diff --git a/core/src/test/java/org/springframework/security/concurrent/CurrentDelegatingSecurityContextScheduledExecutorServiceTests.java b/core/src/test/java/org/springframework/security/concurrent/CurrentDelegatingSecurityContextScheduledExecutorServiceTests.java
index 6912843fcf..53f20764a0 100644
--- a/core/src/test/java/org/springframework/security/concurrent/CurrentDelegatingSecurityContextScheduledExecutorServiceTests.java
+++ b/core/src/test/java/org/springframework/security/concurrent/CurrentDelegatingSecurityContextScheduledExecutorServiceTests.java
@@ -37,7 +37,7 @@ public class CurrentDelegatingSecurityContextScheduledExecutorServiceTests
 
 	@Override
 	protected DelegatingSecurityContextScheduledExecutorService create() {
-		return new DelegatingSecurityContextScheduledExecutorService(delegate);
+		return new DelegatingSecurityContextScheduledExecutorService(this.delegate);
 	}
 
 }
diff --git a/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextCallableTests.java b/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextCallableTests.java
index 9c8f281586..dd47ea392b 100644
--- a/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextCallableTests.java
+++ b/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextCallableTests.java
@@ -61,15 +61,16 @@ public class DelegatingSecurityContextCallableTests {
 	@Before
 	@SuppressWarnings("serial")
 	public void setUp() throws Exception {
-		originalSecurityContext = SecurityContextHolder.createEmptyContext();
-		when(delegate.call()).thenAnswer(new Returns(callableResult) {
+		this.originalSecurityContext = SecurityContextHolder.createEmptyContext();
+		when(this.delegate.call()).thenAnswer(new Returns(this.callableResult) {
 			@Override
 			public Object answer(InvocationOnMock invocation) throws Throwable {
-				assertThat(SecurityContextHolder.getContext()).isEqualTo(securityContext);
+				assertThat(SecurityContextHolder.getContext())
+						.isEqualTo(DelegatingSecurityContextCallableTests.this.securityContext);
 				return super.answer(invocation);
 			}
 		});
-		executor = Executors.newFixedThreadPool(1);
+		this.executor = Executors.newFixedThreadPool(1);
 	}
 
 	@After
@@ -86,7 +87,7 @@ public class DelegatingSecurityContextCallableTests {
 
 	@Test(expected = IllegalArgumentException.class)
 	public void constructorNullDelegateNonNullSecurityContext() {
-		new DelegatingSecurityContextCallable<>(null, securityContext);
+		new DelegatingSecurityContextCallable<>(null, this.securityContext);
 	}
 
 	@Test(expected = IllegalArgumentException.class)
@@ -96,40 +97,40 @@ public class DelegatingSecurityContextCallableTests {
 
 	@Test(expected = IllegalArgumentException.class)
 	public void constructorNullSecurityContext() {
-		new DelegatingSecurityContextCallable<>(delegate, null);
+		new DelegatingSecurityContextCallable<>(this.delegate, null);
 	}
 
 	// --- call ---
 
 	@Test
 	public void call() throws Exception {
-		callable = new DelegatingSecurityContextCallable<>(delegate, securityContext);
-		assertWrapped(callable);
+		this.callable = new DelegatingSecurityContextCallable<>(this.delegate, this.securityContext);
+		assertWrapped(this.callable);
 	}
 
 	@Test
 	public void callDefaultSecurityContext() throws Exception {
-		SecurityContextHolder.setContext(securityContext);
-		callable = new DelegatingSecurityContextCallable<>(delegate);
+		SecurityContextHolder.setContext(this.securityContext);
+		this.callable = new DelegatingSecurityContextCallable<>(this.delegate);
 		SecurityContextHolder.clearContext(); // ensure callable is what sets up the
 												// SecurityContextHolder
-		assertWrapped(callable);
+		assertWrapped(this.callable);
 	}
 
 	// SEC-3031
 	@Test
 	public void callOnSameThread() throws Exception {
-		originalSecurityContext = securityContext;
-		SecurityContextHolder.setContext(originalSecurityContext);
-		callable = new DelegatingSecurityContextCallable<>(delegate, securityContext);
-		assertWrapped(callable.call());
+		this.originalSecurityContext = this.securityContext;
+		SecurityContextHolder.setContext(this.originalSecurityContext);
+		this.callable = new DelegatingSecurityContextCallable<>(this.delegate, this.securityContext);
+		assertWrapped(this.callable.call());
 	}
 
 	// --- create ---
 
 	@Test(expected = IllegalArgumentException.class)
 	public void createNullDelegate() {
-		DelegatingSecurityContextCallable.create(null, securityContext);
+		DelegatingSecurityContextCallable.create(null, this.securityContext);
 	}
 
 	@Test(expected = IllegalArgumentException.class)
@@ -139,17 +140,17 @@ public class DelegatingSecurityContextCallableTests {
 
 	@Test
 	public void createNullSecurityContext() throws Exception {
-		SecurityContextHolder.setContext(securityContext);
-		callable = DelegatingSecurityContextCallable.create(delegate, null);
+		SecurityContextHolder.setContext(this.securityContext);
+		this.callable = DelegatingSecurityContextCallable.create(this.delegate, null);
 		SecurityContextHolder.clearContext(); // ensure callable is what sets up the
 												// SecurityContextHolder
-		assertWrapped(callable);
+		assertWrapped(this.callable);
 	}
 
 	@Test
 	public void create() throws Exception {
-		callable = DelegatingSecurityContextCallable.create(delegate, securityContext);
-		assertWrapped(callable);
+		this.callable = DelegatingSecurityContextCallable.create(this.delegate, this.securityContext);
+		assertWrapped(this.callable);
 	}
 
 	// --- toString
@@ -157,18 +158,18 @@ public class DelegatingSecurityContextCallableTests {
 	// SEC-2682
 	@Test
 	public void toStringDelegates() {
-		callable = new DelegatingSecurityContextCallable<>(delegate, securityContext);
-		assertThat(callable.toString()).isEqualTo(delegate.toString());
+		this.callable = new DelegatingSecurityContextCallable<>(this.delegate, this.securityContext);
+		assertThat(this.callable.toString()).isEqualTo(this.delegate.toString());
 	}
 
 	private void assertWrapped(Callable<Object> callable) throws Exception {
-		Future<Object> submit = executor.submit(callable);
+		Future<Object> submit = this.executor.submit(callable);
 		assertWrapped(submit.get());
 	}
 
 	private void assertWrapped(Object callableResult) throws Exception {
-		verify(delegate).call();
-		assertThat(SecurityContextHolder.getContext()).isEqualTo(originalSecurityContext);
+		verify(this.delegate).call();
+		assertThat(SecurityContextHolder.getContext()).isEqualTo(this.originalSecurityContext);
 	}
 
 }
diff --git a/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextRunnableTests.java b/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextRunnableTests.java
index 4e0ee3ae65..a444ff0dc0 100644
--- a/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextRunnableTests.java
+++ b/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextRunnableTests.java
@@ -60,13 +60,13 @@ public class DelegatingSecurityContextRunnableTests {
 
 	@Before
 	public void setUp() {
-		originalSecurityContext = SecurityContextHolder.createEmptyContext();
+		this.originalSecurityContext = SecurityContextHolder.createEmptyContext();
 		doAnswer((Answer<Object>) invocation -> {
-			assertThat(SecurityContextHolder.getContext()).isEqualTo(securityContext);
+			assertThat(SecurityContextHolder.getContext()).isEqualTo(this.securityContext);
 			return null;
-		}).when(delegate).run();
+		}).when(this.delegate).run();
 
-		executor = Executors.newFixedThreadPool(1);
+		this.executor = Executors.newFixedThreadPool(1);
 	}
 
 	@After
@@ -83,7 +83,7 @@ public class DelegatingSecurityContextRunnableTests {
 
 	@Test(expected = IllegalArgumentException.class)
 	public void constructorNullDelegateNonNullSecurityContext() {
-		new DelegatingSecurityContextRunnable(null, securityContext);
+		new DelegatingSecurityContextRunnable(null, this.securityContext);
 	}
 
 	@Test(expected = IllegalArgumentException.class)
@@ -93,41 +93,41 @@ public class DelegatingSecurityContextRunnableTests {
 
 	@Test(expected = IllegalArgumentException.class)
 	public void constructorNullSecurityContext() {
-		new DelegatingSecurityContextRunnable(delegate, null);
+		new DelegatingSecurityContextRunnable(this.delegate, null);
 	}
 
 	// --- run ---
 
 	@Test
 	public void call() throws Exception {
-		runnable = new DelegatingSecurityContextRunnable(delegate, securityContext);
-		assertWrapped(runnable);
+		this.runnable = new DelegatingSecurityContextRunnable(this.delegate, this.securityContext);
+		assertWrapped(this.runnable);
 	}
 
 	@Test
 	public void callDefaultSecurityContext() throws Exception {
-		SecurityContextHolder.setContext(securityContext);
-		runnable = new DelegatingSecurityContextRunnable(delegate);
+		SecurityContextHolder.setContext(this.securityContext);
+		this.runnable = new DelegatingSecurityContextRunnable(this.delegate);
 		SecurityContextHolder.clearContext(); // ensure runnable is what sets up the
 												// SecurityContextHolder
-		assertWrapped(runnable);
+		assertWrapped(this.runnable);
 	}
 
 	// SEC-3031
 	@Test
 	public void callOnSameThread() throws Exception {
-		originalSecurityContext = securityContext;
-		SecurityContextHolder.setContext(originalSecurityContext);
-		executor = synchronousExecutor();
-		runnable = new DelegatingSecurityContextRunnable(delegate, securityContext);
-		assertWrapped(runnable);
+		this.originalSecurityContext = this.securityContext;
+		SecurityContextHolder.setContext(this.originalSecurityContext);
+		this.executor = synchronousExecutor();
+		this.runnable = new DelegatingSecurityContextRunnable(this.delegate, this.securityContext);
+		assertWrapped(this.runnable);
 	}
 
 	// --- create ---
 
 	@Test(expected = IllegalArgumentException.class)
 	public void createNullDelegate() {
-		DelegatingSecurityContextRunnable.create(null, securityContext);
+		DelegatingSecurityContextRunnable.create(null, this.securityContext);
 	}
 
 	@Test(expected = IllegalArgumentException.class)
@@ -137,17 +137,17 @@ public class DelegatingSecurityContextRunnableTests {
 
 	@Test
 	public void createNullSecurityContext() throws Exception {
-		SecurityContextHolder.setContext(securityContext);
-		runnable = DelegatingSecurityContextRunnable.create(delegate, null);
+		SecurityContextHolder.setContext(this.securityContext);
+		this.runnable = DelegatingSecurityContextRunnable.create(this.delegate, null);
 		SecurityContextHolder.clearContext(); // ensure runnable is what sets up the
 												// SecurityContextHolder
-		assertWrapped(runnable);
+		assertWrapped(this.runnable);
 	}
 
 	@Test
 	public void create() throws Exception {
-		runnable = DelegatingSecurityContextRunnable.create(delegate, securityContext);
-		assertWrapped(runnable);
+		this.runnable = DelegatingSecurityContextRunnable.create(this.delegate, this.securityContext);
+		assertWrapped(this.runnable);
 	}
 
 	// --- toString
@@ -155,15 +155,15 @@ public class DelegatingSecurityContextRunnableTests {
 	// SEC-2682
 	@Test
 	public void toStringDelegates() {
-		runnable = new DelegatingSecurityContextRunnable(delegate, securityContext);
-		assertThat(runnable.toString()).isEqualTo(delegate.toString());
+		this.runnable = new DelegatingSecurityContextRunnable(this.delegate, this.securityContext);
+		assertThat(this.runnable.toString()).isEqualTo(this.delegate.toString());
 	}
 
 	private void assertWrapped(Runnable runnable) throws Exception {
-		Future<?> submit = executor.submit(runnable);
+		Future<?> submit = this.executor.submit(runnable);
 		submit.get();
-		verify(delegate).run();
-		assertThat(SecurityContextHolder.getContext()).isEqualTo(originalSecurityContext);
+		verify(this.delegate).run();
+		assertThat(SecurityContextHolder.getContext()).isEqualTo(this.originalSecurityContext);
 	}
 
 	private static ExecutorService synchronousExecutor() {
diff --git a/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextSupportTests.java b/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextSupportTests.java
index fb91ba5ade..c2135e3a8a 100644
--- a/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextSupportTests.java
+++ b/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextSupportTests.java
@@ -33,31 +33,31 @@ public class DelegatingSecurityContextSupportTests extends AbstractDelegatingSec
 	@Test
 	public void wrapCallable() throws Exception {
 		explicitSecurityContextPowermockSetup();
-		support = new ConcreteDelegatingSecurityContextSupport(securityContext);
-		assertThat(support.wrap(callable)).isSameAs(wrappedCallable);
-		assertThat(securityContextCaptor.getValue()).isSameAs(securityContext);
+		this.support = new ConcreteDelegatingSecurityContextSupport(this.securityContext);
+		assertThat(this.support.wrap(this.callable)).isSameAs(this.wrappedCallable);
+		assertThat(this.securityContextCaptor.getValue()).isSameAs(this.securityContext);
 	}
 
 	@Test
 	public void wrapCallableNullSecurityContext() throws Exception {
 		currentSecurityContextPowermockSetup();
-		support = new ConcreteDelegatingSecurityContextSupport(null);
-		assertThat(support.wrap(callable)).isSameAs(wrappedCallable);
+		this.support = new ConcreteDelegatingSecurityContextSupport(null);
+		assertThat(this.support.wrap(this.callable)).isSameAs(this.wrappedCallable);
 	}
 
 	@Test
 	public void wrapRunnable() throws Exception {
 		explicitSecurityContextPowermockSetup();
-		support = new ConcreteDelegatingSecurityContextSupport(securityContext);
-		assertThat(support.wrap(runnable)).isSameAs(wrappedRunnable);
-		assertThat(securityContextCaptor.getValue()).isSameAs(securityContext);
+		this.support = new ConcreteDelegatingSecurityContextSupport(this.securityContext);
+		assertThat(this.support.wrap(this.runnable)).isSameAs(this.wrappedRunnable);
+		assertThat(this.securityContextCaptor.getValue()).isSameAs(this.securityContext);
 	}
 
 	@Test
 	public void wrapRunnableNullSecurityContext() throws Exception {
 		currentSecurityContextPowermockSetup();
-		support = new ConcreteDelegatingSecurityContextSupport(null);
-		assertThat(support.wrap(runnable)).isSameAs(wrappedRunnable);
+		this.support = new ConcreteDelegatingSecurityContextSupport(null);
+		assertThat(this.support.wrap(this.runnable)).isSameAs(this.wrappedRunnable);
 	}
 
 	private static class ConcreteDelegatingSecurityContextSupport extends AbstractDelegatingSecurityContextSupport {
diff --git a/core/src/test/java/org/springframework/security/concurrent/ExplicitDelegatingSecurityContextExecutorServiceTests.java b/core/src/test/java/org/springframework/security/concurrent/ExplicitDelegatingSecurityContextExecutorServiceTests.java
index 459951e3b9..f221ba93f8 100644
--- a/core/src/test/java/org/springframework/security/concurrent/ExplicitDelegatingSecurityContextExecutorServiceTests.java
+++ b/core/src/test/java/org/springframework/security/concurrent/ExplicitDelegatingSecurityContextExecutorServiceTests.java
@@ -37,7 +37,7 @@ public class ExplicitDelegatingSecurityContextExecutorServiceTests
 
 	@Override
 	protected DelegatingSecurityContextExecutorService create() {
-		return new DelegatingSecurityContextExecutorService(delegate, securityContext);
+		return new DelegatingSecurityContextExecutorService(this.delegate, this.securityContext);
 	}
 
 }
\ No newline at end of file
diff --git a/core/src/test/java/org/springframework/security/concurrent/ExplicitDelegatingSecurityContextExecutorTests.java b/core/src/test/java/org/springframework/security/concurrent/ExplicitDelegatingSecurityContextExecutorTests.java
index 326a4726cc..b54376d27f 100644
--- a/core/src/test/java/org/springframework/security/concurrent/ExplicitDelegatingSecurityContextExecutorTests.java
+++ b/core/src/test/java/org/springframework/security/concurrent/ExplicitDelegatingSecurityContextExecutorTests.java
@@ -36,7 +36,7 @@ public class ExplicitDelegatingSecurityContextExecutorTests extends AbstractDele
 
 	@Override
 	protected DelegatingSecurityContextExecutor create() {
-		return new DelegatingSecurityContextExecutor(getExecutor(), securityContext);
+		return new DelegatingSecurityContextExecutor(getExecutor(), this.securityContext);
 	}
 
 }
diff --git a/core/src/test/java/org/springframework/security/concurrent/ExplicitDelegatingSecurityContextScheduledExecutorServiceTests.java b/core/src/test/java/org/springframework/security/concurrent/ExplicitDelegatingSecurityContextScheduledExecutorServiceTests.java
index a6897a83ef..46d59cf36f 100644
--- a/core/src/test/java/org/springframework/security/concurrent/ExplicitDelegatingSecurityContextScheduledExecutorServiceTests.java
+++ b/core/src/test/java/org/springframework/security/concurrent/ExplicitDelegatingSecurityContextScheduledExecutorServiceTests.java
@@ -37,7 +37,7 @@ public class ExplicitDelegatingSecurityContextScheduledExecutorServiceTests
 
 	@Override
 	protected DelegatingSecurityContextScheduledExecutorService create() {
-		return new DelegatingSecurityContextScheduledExecutorService(delegate, securityContext);
+		return new DelegatingSecurityContextScheduledExecutorService(this.delegate, this.securityContext);
 	}
 
 }
\ No newline at end of file
diff --git a/core/src/test/java/org/springframework/security/context/DelegatingApplicationListenerTests.java b/core/src/test/java/org/springframework/security/context/DelegatingApplicationListenerTests.java
index 66009a9942..3c4a7c50bf 100644
--- a/core/src/test/java/org/springframework/security/context/DelegatingApplicationListenerTests.java
+++ b/core/src/test/java/org/springframework/security/context/DelegatingApplicationListenerTests.java
@@ -41,46 +41,46 @@ public class DelegatingApplicationListenerTests {
 
 	@Before
 	public void setup() {
-		event = new ApplicationEvent(this) {
+		this.event = new ApplicationEvent(this) {
 		};
-		listener = new DelegatingApplicationListener();
-		listener.addListener(delegate);
+		this.listener = new DelegatingApplicationListener();
+		this.listener.addListener(this.delegate);
 	}
 
 	@Test
 	public void processEventNull() {
-		listener.onApplicationEvent(null);
+		this.listener.onApplicationEvent(null);
 
-		verify(delegate, never()).onApplicationEvent(any(ApplicationEvent.class));
+		verify(this.delegate, never()).onApplicationEvent(any(ApplicationEvent.class));
 	}
 
 	@Test
 	public void processEventSuccess() {
-		when(delegate.supportsEventType(event.getClass())).thenReturn(true);
-		when(delegate.supportsSourceType(event.getSource().getClass())).thenReturn(true);
-		listener.onApplicationEvent(event);
+		when(this.delegate.supportsEventType(this.event.getClass())).thenReturn(true);
+		when(this.delegate.supportsSourceType(this.event.getSource().getClass())).thenReturn(true);
+		this.listener.onApplicationEvent(this.event);
 
-		verify(delegate).onApplicationEvent(event);
+		verify(this.delegate).onApplicationEvent(this.event);
 	}
 
 	@Test
 	public void processEventEventTypeNotSupported() {
-		listener.onApplicationEvent(event);
+		this.listener.onApplicationEvent(this.event);
 
-		verify(delegate, never()).onApplicationEvent(any(ApplicationEvent.class));
+		verify(this.delegate, never()).onApplicationEvent(any(ApplicationEvent.class));
 	}
 
 	@Test
 	public void processEventSourceTypeNotSupported() {
-		when(delegate.supportsEventType(event.getClass())).thenReturn(true);
-		listener.onApplicationEvent(event);
+		when(this.delegate.supportsEventType(this.event.getClass())).thenReturn(true);
+		this.listener.onApplicationEvent(this.event);
 
-		verify(delegate, never()).onApplicationEvent(any(ApplicationEvent.class));
+		verify(this.delegate, never()).onApplicationEvent(any(ApplicationEvent.class));
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void addNull() {
-		listener.addListener(null);
+		this.listener.addListener(null);
 	}
 
 }
diff --git a/core/src/test/java/org/springframework/security/core/SpringSecurityCoreVersionTests.java b/core/src/test/java/org/springframework/security/core/SpringSecurityCoreVersionTests.java
index 450eb7bc43..e743fb1212 100644
--- a/core/src/test/java/org/springframework/security/core/SpringSecurityCoreVersionTests.java
+++ b/core/src/test/java/org/springframework/security/core/SpringSecurityCoreVersionTests.java
@@ -51,7 +51,7 @@ public class SpringSecurityCoreVersionTests {
 
 	@Before
 	public void setup() {
-		Whitebox.setInternalState(SpringSecurityCoreVersion.class, logger);
+		Whitebox.setInternalState(SpringSecurityCoreVersion.class, this.logger);
 	}
 
 	@After
@@ -90,7 +90,7 @@ public class SpringSecurityCoreVersionTests {
 
 		performChecks();
 
-		verifyZeroInteractions(logger);
+		verifyZeroInteractions(this.logger);
 	}
 
 	@Test
@@ -102,7 +102,7 @@ public class SpringSecurityCoreVersionTests {
 
 		performChecks();
 
-		verifyZeroInteractions(logger);
+		verifyZeroInteractions(this.logger);
 	}
 
 	@Test
@@ -114,7 +114,7 @@ public class SpringSecurityCoreVersionTests {
 
 		performChecks();
 
-		verify(logger, times(1)).warn(any());
+		verify(this.logger, times(1)).warn(any());
 	}
 
 	@Test
@@ -126,7 +126,7 @@ public class SpringSecurityCoreVersionTests {
 
 		performChecks();
 
-		verify(logger, never()).warn(any());
+		verify(this.logger, never()).warn(any());
 	}
 
 	// SEC-2697
@@ -140,7 +140,7 @@ public class SpringSecurityCoreVersionTests {
 
 		performChecks(minSpringVersion);
 
-		verify(logger, never()).warn(any());
+		verify(this.logger, never()).warn(any());
 	}
 
 	@Test
@@ -153,7 +153,7 @@ public class SpringSecurityCoreVersionTests {
 
 		performChecks();
 
-		verifyZeroInteractions(logger);
+		verifyZeroInteractions(this.logger);
 	}
 
 	private String getDisableChecksProperty() {
diff --git a/core/src/test/java/org/springframework/security/core/parameters/AnnotationParameterNameDiscovererTests.java b/core/src/test/java/org/springframework/security/core/parameters/AnnotationParameterNameDiscovererTests.java
index f15f56cdee..f71ffb8f6e 100644
--- a/core/src/test/java/org/springframework/security/core/parameters/AnnotationParameterNameDiscovererTests.java
+++ b/core/src/test/java/org/springframework/security/core/parameters/AnnotationParameterNameDiscovererTests.java
@@ -29,85 +29,88 @@ public class AnnotationParameterNameDiscovererTests {
 
 	@Before
 	public void setup() {
-		discoverer = new AnnotationParameterNameDiscoverer(P.class.getName());
+		this.discoverer = new AnnotationParameterNameDiscoverer(P.class.getName());
 	}
 
 	@Test
 	public void getParameterNamesInterfaceSingleParam() {
-		assertThat(discoverer.getParameterNames(ReflectionUtils.findMethod(Dao.class, "findMessageByTo", String.class)))
-				.isEqualTo(new String[] { "to" });
+		assertThat(this.discoverer
+				.getParameterNames(ReflectionUtils.findMethod(Dao.class, "findMessageByTo", String.class)))
+						.isEqualTo(new String[] { "to" });
 	}
 
 	@Test
 	public void getParameterNamesInterfaceSingleParamAnnotatedWithMultiParams() {
-		assertThat(discoverer.getParameterNames(
+		assertThat(this.discoverer.getParameterNames(
 				ReflectionUtils.findMethod(Dao.class, "findMessageByToAndFrom", String.class, String.class)))
 						.isEqualTo(new String[] { "to", null });
 	}
 
 	@Test
 	public void getParameterNamesInterfaceNoAnnotation() {
-		assertThat(discoverer
+		assertThat(this.discoverer
 				.getParameterNames(ReflectionUtils.findMethod(Dao.class, "findMessageByIdNoAnnotation", String.class)))
 						.isNull();
 	}
 
 	@Test
 	public void getParameterNamesClassSingleParam() {
-		assertThat(discoverer.getParameterNames(ReflectionUtils.findMethod(Dao.class, "findMessageByTo", String.class)))
-				.isEqualTo(new String[] { "to" });
+		assertThat(this.discoverer
+				.getParameterNames(ReflectionUtils.findMethod(Dao.class, "findMessageByTo", String.class)))
+						.isEqualTo(new String[] { "to" });
 	}
 
 	@Test
 	public void getParameterNamesClassSingleParamAnnotatedWithMultiParams() {
-		assertThat(discoverer.getParameterNames(
+		assertThat(this.discoverer.getParameterNames(
 				ReflectionUtils.findMethod(Dao.class, "findMessageByToAndFrom", String.class, String.class)))
 						.isEqualTo(new String[] { "to", null });
 	}
 
 	@Test
 	public void getParameterNamesClassNoAnnotation() {
-		assertThat(discoverer
+		assertThat(this.discoverer
 				.getParameterNames(ReflectionUtils.findMethod(Dao.class, "findMessageByIdNoAnnotation", String.class)))
 						.isNull();
 	}
 
 	@Test
 	public void getParameterNamesConstructor() throws Exception {
-		assertThat(discoverer.getParameterNames(Impl.class.getDeclaredConstructor(String.class)))
+		assertThat(this.discoverer.getParameterNames(Impl.class.getDeclaredConstructor(String.class)))
 				.isEqualTo(new String[] { "id" });
 	}
 
 	@Test
 	public void getParameterNamesConstructorNoAnnotation() throws Exception {
-		assertThat(discoverer.getParameterNames(Impl.class.getDeclaredConstructor(Long.class))).isNull();
+		assertThat(this.discoverer.getParameterNames(Impl.class.getDeclaredConstructor(Long.class))).isNull();
 	}
 
 	@Test
 	public void getParameterNamesClassAnnotationOnInterface() {
-		assertThat(discoverer
+		assertThat(this.discoverer
 				.getParameterNames(ReflectionUtils.findMethod(DaoImpl.class, "findMessageByTo", String.class)))
 						.isEqualTo(new String[] { "to" });
-		assertThat(discoverer.getParameterNames(ReflectionUtils.findMethod(Dao.class, "findMessageByTo", String.class)))
-				.isEqualTo(new String[] { "to" });
+		assertThat(this.discoverer
+				.getParameterNames(ReflectionUtils.findMethod(Dao.class, "findMessageByTo", String.class)))
+						.isEqualTo(new String[] { "to" });
 	}
 
 	@Test
 	public void getParameterNamesClassAnnotationOnImpl() {
-		assertThat(discoverer.getParameterNames(
+		assertThat(this.discoverer.getParameterNames(
 				ReflectionUtils.findMethod(Dao.class, "findMessageByToAndFrom", String.class, String.class)))
 						.isEqualTo(new String[] { "to", null });
-		assertThat(discoverer.getParameterNames(
+		assertThat(this.discoverer.getParameterNames(
 				ReflectionUtils.findMethod(DaoImpl.class, "findMessageByToAndFrom", String.class, String.class)))
 						.isEqualTo(new String[] { "to", "from" });
 	}
 
 	@Test
 	public void getParameterNamesClassAnnotationOnBaseClass() {
-		assertThat(discoverer
+		assertThat(this.discoverer
 				.getParameterNames(ReflectionUtils.findMethod(Dao.class, "findMessageByIdNoAnnotation", String.class)))
 						.isNull();
-		assertThat(discoverer.getParameterNames(
+		assertThat(this.discoverer.getParameterNames(
 				ReflectionUtils.findMethod(DaoImpl.class, "findMessageByIdNoAnnotation", String.class)))
 						.isEqualTo(new String[] { "id" });
 	}
diff --git a/core/src/test/java/org/springframework/security/core/parameters/DefaultSecurityParameterNameDiscovererTests.java b/core/src/test/java/org/springframework/security/core/parameters/DefaultSecurityParameterNameDiscovererTests.java
index f2ab668673..fdea9f25c8 100644
--- a/core/src/test/java/org/springframework/security/core/parameters/DefaultSecurityParameterNameDiscovererTests.java
+++ b/core/src/test/java/org/springframework/security/core/parameters/DefaultSecurityParameterNameDiscovererTests.java
@@ -40,13 +40,13 @@ public class DefaultSecurityParameterNameDiscovererTests {
 
 	@Before
 	public void setup() {
-		discoverer = new DefaultSecurityParameterNameDiscoverer();
+		this.discoverer = new DefaultSecurityParameterNameDiscoverer();
 	}
 
 	@Test
 	public void constructorDefault() {
 		List<ParameterNameDiscoverer> discoverers = (List<ParameterNameDiscoverer>) ReflectionTestUtils
-				.getField(discoverer, "parameterNameDiscoverers");
+				.getField(this.discoverer, "parameterNameDiscoverers");
 
 		assertThat(discoverers).hasSize(2);
 
@@ -61,11 +61,11 @@ public class DefaultSecurityParameterNameDiscovererTests {
 
 	@Test
 	public void constructorDiscoverers() {
-		discoverer = new DefaultSecurityParameterNameDiscoverer(
+		this.discoverer = new DefaultSecurityParameterNameDiscoverer(
 				Arrays.asList(new LocalVariableTableParameterNameDiscoverer()));
 
 		List<ParameterNameDiscoverer> discoverers = (List<ParameterNameDiscoverer>) ReflectionTestUtils
-				.getField(discoverer, "parameterNameDiscoverers");
+				.getField(this.discoverer, "parameterNameDiscoverers");
 
 		assertThat(discoverers).hasSize(3);
 		assertThat(discoverers.get(0)).isInstanceOf(LocalVariableTableParameterNameDiscoverer.class);
diff --git a/core/src/test/java/org/springframework/security/core/session/SessionRegistryImplTests.java b/core/src/test/java/org/springframework/security/core/session/SessionRegistryImplTests.java
index 21de69ed01..404722f8cb 100644
--- a/core/src/test/java/org/springframework/security/core/session/SessionRegistryImplTests.java
+++ b/core/src/test/java/org/springframework/security/core/session/SessionRegistryImplTests.java
@@ -37,7 +37,7 @@ public class SessionRegistryImplTests {
 
 	@Before
 	public void setUp() {
-		sessionRegistry = new SessionRegistryImpl();
+		this.sessionRegistry = new SessionRegistryImpl();
 	}
 
 	@Test
@@ -46,10 +46,10 @@ public class SessionRegistryImplTests {
 		final String sessionId = "zzzz";
 
 		// Register new Session
-		sessionRegistry.registerNewSession(sessionId, principal);
+		this.sessionRegistry.registerNewSession(sessionId, principal);
 
 		// De-register session via an ApplicationEvent
-		sessionRegistry.onApplicationEvent(new SessionDestroyedEvent("") {
+		this.sessionRegistry.onApplicationEvent(new SessionDestroyedEvent("") {
 			@Override
 			public String getId() {
 				return sessionId;
@@ -62,7 +62,7 @@ public class SessionRegistryImplTests {
 		});
 
 		// Check attempts to retrieve cleared session return null
-		assertThat(sessionRegistry.getSessionInformation(sessionId)).isNull();
+		assertThat(this.sessionRegistry.getSessionInformation(sessionId)).isNull();
 	}
 
 	@Test
@@ -72,10 +72,10 @@ public class SessionRegistryImplTests {
 		final String newSessionId = "123";
 
 		// Register new Session
-		sessionRegistry.registerNewSession(sessionId, principal);
+		this.sessionRegistry.registerNewSession(sessionId, principal);
 
 		// De-register session via an ApplicationEvent
-		sessionRegistry.onApplicationEvent(new SessionIdChangedEvent("") {
+		this.sessionRegistry.onApplicationEvent(new SessionIdChangedEvent("") {
 			@Override
 			public String getOldSessionId() {
 				return sessionId;
@@ -87,9 +87,9 @@ public class SessionRegistryImplTests {
 			}
 		});
 
-		assertThat(sessionRegistry.getSessionInformation(sessionId)).isNull();
-		assertThat(sessionRegistry.getSessionInformation(newSessionId)).isNotNull();
-		assertThat(sessionRegistry.getSessionInformation(newSessionId).getPrincipal()).isEqualTo(principal);
+		assertThat(this.sessionRegistry.getSessionInformation(sessionId)).isNull();
+		assertThat(this.sessionRegistry.getSessionInformation(newSessionId)).isNotNull();
+		assertThat(this.sessionRegistry.getSessionInformation(newSessionId).getPrincipal()).isEqualTo(principal);
 	}
 
 	@Test
@@ -100,13 +100,13 @@ public class SessionRegistryImplTests {
 		String sessionId2 = "9876543210";
 		String sessionId3 = "5432109876";
 
-		sessionRegistry.registerNewSession(sessionId1, principal1);
-		sessionRegistry.registerNewSession(sessionId2, principal1);
-		sessionRegistry.registerNewSession(sessionId3, principal2);
+		this.sessionRegistry.registerNewSession(sessionId1, principal1);
+		this.sessionRegistry.registerNewSession(sessionId2, principal1);
+		this.sessionRegistry.registerNewSession(sessionId3, principal2);
 
-		assertThat(sessionRegistry.getAllPrincipals()).hasSize(2);
-		assertThat(sessionRegistry.getAllPrincipals().contains(principal1)).isTrue();
-		assertThat(sessionRegistry.getAllPrincipals().contains(principal2)).isTrue();
+		assertThat(this.sessionRegistry.getAllPrincipals()).hasSize(2);
+		assertThat(this.sessionRegistry.getAllPrincipals().contains(principal1)).isTrue();
+		assertThat(this.sessionRegistry.getAllPrincipals().contains(principal2)).isTrue();
 	}
 
 	@Test
@@ -114,36 +114,36 @@ public class SessionRegistryImplTests {
 		Object principal = "Some principal object";
 		String sessionId = "1234567890";
 		// Register new Session
-		sessionRegistry.registerNewSession(sessionId, principal);
+		this.sessionRegistry.registerNewSession(sessionId, principal);
 
 		// Retrieve existing session by session ID
-		Date currentDateTime = sessionRegistry.getSessionInformation(sessionId).getLastRequest();
-		assertThat(sessionRegistry.getSessionInformation(sessionId).getPrincipal()).isEqualTo(principal);
-		assertThat(sessionRegistry.getSessionInformation(sessionId).getSessionId()).isEqualTo(sessionId);
-		assertThat(sessionRegistry.getSessionInformation(sessionId).getLastRequest()).isNotNull();
+		Date currentDateTime = this.sessionRegistry.getSessionInformation(sessionId).getLastRequest();
+		assertThat(this.sessionRegistry.getSessionInformation(sessionId).getPrincipal()).isEqualTo(principal);
+		assertThat(this.sessionRegistry.getSessionInformation(sessionId).getSessionId()).isEqualTo(sessionId);
+		assertThat(this.sessionRegistry.getSessionInformation(sessionId).getLastRequest()).isNotNull();
 
 		// Retrieve existing session by principal
-		assertThat(sessionRegistry.getAllSessions(principal, false)).hasSize(1);
+		assertThat(this.sessionRegistry.getAllSessions(principal, false)).hasSize(1);
 
 		// Sleep to ensure SessionRegistryImpl will update time
 		Thread.sleep(1000);
 
 		// Update request date/time
-		sessionRegistry.refreshLastRequest(sessionId);
+		this.sessionRegistry.refreshLastRequest(sessionId);
 
-		Date retrieved = sessionRegistry.getSessionInformation(sessionId).getLastRequest();
+		Date retrieved = this.sessionRegistry.getSessionInformation(sessionId).getLastRequest();
 		assertThat(retrieved.after(currentDateTime)).isTrue();
 
 		// Check it retrieves correctly when looked up via principal
-		assertThat(sessionRegistry.getAllSessions(principal, false).get(0).getLastRequest()).isCloseTo(retrieved,
+		assertThat(this.sessionRegistry.getAllSessions(principal, false).get(0).getLastRequest()).isCloseTo(retrieved,
 				2000L);
 
 		// Clear session information
-		sessionRegistry.removeSessionInformation(sessionId);
+		this.sessionRegistry.removeSessionInformation(sessionId);
 
 		// Check attempts to retrieve cleared session return null
-		assertThat(sessionRegistry.getSessionInformation(sessionId)).isNull();
-		assertThat(sessionRegistry.getAllSessions(principal, false)).isEmpty();
+		assertThat(this.sessionRegistry.getSessionInformation(sessionId)).isNull();
+		assertThat(this.sessionRegistry.getAllSessions(principal, false)).isEmpty();
 	}
 
 	@Test
@@ -152,23 +152,23 @@ public class SessionRegistryImplTests {
 		String sessionId1 = "1234567890";
 		String sessionId2 = "9876543210";
 
-		sessionRegistry.registerNewSession(sessionId1, principal);
-		List<SessionInformation> sessions = sessionRegistry.getAllSessions(principal, false);
+		this.sessionRegistry.registerNewSession(sessionId1, principal);
+		List<SessionInformation> sessions = this.sessionRegistry.getAllSessions(principal, false);
 		assertThat(sessions).hasSize(1);
 		assertThat(contains(sessionId1, principal)).isTrue();
 
-		sessionRegistry.registerNewSession(sessionId2, principal);
-		sessions = sessionRegistry.getAllSessions(principal, false);
+		this.sessionRegistry.registerNewSession(sessionId2, principal);
+		sessions = this.sessionRegistry.getAllSessions(principal, false);
 		assertThat(sessions).hasSize(2);
 		assertThat(contains(sessionId2, principal)).isTrue();
 
 		// Expire one session
-		SessionInformation session = sessionRegistry.getSessionInformation(sessionId2);
+		SessionInformation session = this.sessionRegistry.getSessionInformation(sessionId2);
 		session.expireNow();
 
 		// Check retrieval still correct
-		assertThat(sessionRegistry.getSessionInformation(sessionId2).isExpired()).isTrue();
-		assertThat(sessionRegistry.getSessionInformation(sessionId1).isExpired()).isFalse();
+		assertThat(this.sessionRegistry.getSessionInformation(sessionId2).isExpired()).isTrue();
+		assertThat(this.sessionRegistry.getSessionInformation(sessionId1).isExpired()).isFalse();
 	}
 
 	@Test
@@ -177,28 +177,28 @@ public class SessionRegistryImplTests {
 		String sessionId1 = "1234567890";
 		String sessionId2 = "9876543210";
 
-		sessionRegistry.registerNewSession(sessionId1, principal);
-		List<SessionInformation> sessions = sessionRegistry.getAllSessions(principal, false);
+		this.sessionRegistry.registerNewSession(sessionId1, principal);
+		List<SessionInformation> sessions = this.sessionRegistry.getAllSessions(principal, false);
 		assertThat(sessions).hasSize(1);
 		assertThat(contains(sessionId1, principal)).isTrue();
 
-		sessionRegistry.registerNewSession(sessionId2, principal);
-		sessions = sessionRegistry.getAllSessions(principal, false);
+		this.sessionRegistry.registerNewSession(sessionId2, principal);
+		sessions = this.sessionRegistry.getAllSessions(principal, false);
 		assertThat(sessions).hasSize(2);
 		assertThat(contains(sessionId2, principal)).isTrue();
 
-		sessionRegistry.removeSessionInformation(sessionId1);
-		sessions = sessionRegistry.getAllSessions(principal, false);
+		this.sessionRegistry.removeSessionInformation(sessionId1);
+		sessions = this.sessionRegistry.getAllSessions(principal, false);
 		assertThat(sessions).hasSize(1);
 		assertThat(contains(sessionId2, principal)).isTrue();
 
-		sessionRegistry.removeSessionInformation(sessionId2);
-		assertThat(sessionRegistry.getSessionInformation(sessionId2)).isNull();
-		assertThat(sessionRegistry.getAllSessions(principal, false)).isEmpty();
+		this.sessionRegistry.removeSessionInformation(sessionId2);
+		assertThat(this.sessionRegistry.getSessionInformation(sessionId2)).isNull();
+		assertThat(this.sessionRegistry.getAllSessions(principal, false)).isEmpty();
 	}
 
 	private boolean contains(String sessionId, Object principal) {
-		List<SessionInformation> info = sessionRegistry.getAllSessions(principal, false);
+		List<SessionInformation> info = this.sessionRegistry.getAllSessions(principal, false);
 
 		for (SessionInformation sessionInformation : info) {
 			if (sessionId.equals(sessionInformation.getSessionId())) {
diff --git a/core/src/test/java/org/springframework/security/core/userdetails/MapReactiveUserDetailsServiceTests.java b/core/src/test/java/org/springframework/security/core/userdetails/MapReactiveUserDetailsServiceTests.java
index c58d52a5ab..34d633c551 100644
--- a/core/src/test/java/org/springframework/security/core/userdetails/MapReactiveUserDetailsServiceTests.java
+++ b/core/src/test/java/org/springframework/security/core/userdetails/MapReactiveUserDetailsServiceTests.java
@@ -56,34 +56,34 @@ public class MapReactiveUserDetailsServiceTests {
 
 	@Test
 	public void findByUsernameWhenFoundThenReturns() {
-		assertThat((users.findByUsername(USER_DETAILS.getUsername()).block())).isEqualTo(USER_DETAILS);
+		assertThat((this.users.findByUsername(USER_DETAILS.getUsername()).block())).isEqualTo(USER_DETAILS);
 	}
 
 	@Test
 	public void findByUsernameWhenDifferentCaseThenReturns() {
-		assertThat((users.findByUsername("uSeR").block())).isEqualTo(USER_DETAILS);
+		assertThat((this.users.findByUsername("uSeR").block())).isEqualTo(USER_DETAILS);
 	}
 
 	@Test
 	public void findByUsernameWhenClearCredentialsThenFindByUsernameStillHasCredentials() {
-		User foundUser = users.findByUsername(USER_DETAILS.getUsername()).cast(User.class).block();
+		User foundUser = this.users.findByUsername(USER_DETAILS.getUsername()).cast(User.class).block();
 		assertThat(foundUser.getPassword()).isNotEmpty();
 		foundUser.eraseCredentials();
 		assertThat(foundUser.getPassword()).isNull();
 
-		foundUser = users.findByUsername(USER_DETAILS.getUsername()).cast(User.class).block();
+		foundUser = this.users.findByUsername(USER_DETAILS.getUsername()).cast(User.class).block();
 		assertThat(foundUser.getPassword()).isNotEmpty();
 	}
 
 	@Test
 	public void findByUsernameWhenNotFoundThenEmpty() {
-		assertThat((users.findByUsername("notfound"))).isEqualTo(Mono.empty());
+		assertThat((this.users.findByUsername("notfound"))).isEqualTo(Mono.empty());
 	}
 
 	@Test
 	public void updatePassword() {
-		users.updatePassword(USER_DETAILS, "new").block();
-		assertThat(users.findByUsername(USER_DETAILS.getUsername()).block().getPassword()).isEqualTo("new");
+		this.users.updatePassword(USER_DETAILS, "new").block();
+		assertThat(this.users.findByUsername(USER_DETAILS.getUsername()).block().getPassword()).isEqualTo("new");
 	}
 
 }
diff --git a/core/src/test/java/org/springframework/security/core/userdetails/MockUserDetailsService.java b/core/src/test/java/org/springframework/security/core/userdetails/MockUserDetailsService.java
index 6a51285265..b342cc6ff3 100644
--- a/core/src/test/java/org/springframework/security/core/userdetails/MockUserDetailsService.java
+++ b/core/src/test/java/org/springframework/security/core/userdetails/MockUserDetailsService.java
@@ -36,19 +36,19 @@ public class MockUserDetailsService implements UserDetailsService {
 	private List<GrantedAuthority> auths = AuthorityUtils.createAuthorityList("ROLE_USER");
 
 	public MockUserDetailsService() {
-		users.put("valid", new User("valid", "", true, true, true, true, auths));
-		users.put("locked", new User("locked", "", true, true, true, false, auths));
-		users.put("disabled", new User("disabled", "", false, true, true, true, auths));
-		users.put("credentialsExpired", new User("credentialsExpired", "", true, true, false, true, auths));
-		users.put("expired", new User("expired", "", true, false, true, true, auths));
+		this.users.put("valid", new User("valid", "", true, true, true, true, this.auths));
+		this.users.put("locked", new User("locked", "", true, true, true, false, this.auths));
+		this.users.put("disabled", new User("disabled", "", false, true, true, true, this.auths));
+		this.users.put("credentialsExpired", new User("credentialsExpired", "", true, true, false, true, this.auths));
+		this.users.put("expired", new User("expired", "", true, false, true, true, this.auths));
 	}
 
 	public UserDetails loadUserByUsername(String username) {
-		if (users.get(username) == null) {
+		if (this.users.get(username) == null) {
 			throw new UsernameNotFoundException("User not found: " + username);
 		}
 
-		return users.get(username);
+		return this.users.get(username);
 	}
 
 }
diff --git a/core/src/test/java/org/springframework/security/jackson2/AbstractMixinTests.java b/core/src/test/java/org/springframework/security/jackson2/AbstractMixinTests.java
index f89ae7475a..a29801bd5a 100644
--- a/core/src/test/java/org/springframework/security/jackson2/AbstractMixinTests.java
+++ b/core/src/test/java/org/springframework/security/jackson2/AbstractMixinTests.java
@@ -32,9 +32,9 @@ public abstract class AbstractMixinTests {
 
 	@Before
 	public void setup() {
-		mapper = new ObjectMapper();
+		this.mapper = new ObjectMapper();
 		ClassLoader loader = getClass().getClassLoader();
-		mapper.registerModules(SecurityJackson2Modules.getModules(loader));
+		this.mapper.registerModules(SecurityJackson2Modules.getModules(loader));
 	}
 
 	User createDefaultUser() {
diff --git a/core/src/test/java/org/springframework/security/jackson2/AnonymousAuthenticationTokenMixinTests.java b/core/src/test/java/org/springframework/security/jackson2/AnonymousAuthenticationTokenMixinTests.java
index 9eb5b46e26..1efa6f4b62 100644
--- a/core/src/test/java/org/springframework/security/jackson2/AnonymousAuthenticationTokenMixinTests.java
+++ b/core/src/test/java/org/springframework/security/jackson2/AnonymousAuthenticationTokenMixinTests.java
@@ -53,13 +53,13 @@ public class AnonymousAuthenticationTokenMixinTests extends AbstractMixinTests {
 	public void serializeAnonymousAuthenticationTokenTest() throws JsonProcessingException, JSONException {
 		User user = createDefaultUser();
 		AnonymousAuthenticationToken token = new AnonymousAuthenticationToken(HASH_KEY, user, user.getAuthorities());
-		String actualJson = mapper.writeValueAsString(token);
+		String actualJson = this.mapper.writeValueAsString(token);
 		JSONAssert.assertEquals(ANONYMOUS_JSON, actualJson, true);
 	}
 
 	@Test
 	public void deserializeAnonymousAuthenticationTokenTest() throws IOException {
-		AnonymousAuthenticationToken token = mapper.readValue(ANONYMOUS_JSON, AnonymousAuthenticationToken.class);
+		AnonymousAuthenticationToken token = this.mapper.readValue(ANONYMOUS_JSON, AnonymousAuthenticationToken.class);
 		assertThat(token).isNotNull();
 		assertThat(token.getKeyHash()).isEqualTo(HASH_KEY.hashCode());
 		assertThat(token.getAuthorities()).isNotNull().hasSize(1).contains(new SimpleGrantedAuthority("ROLE_USER"));
@@ -70,7 +70,7 @@ public class AnonymousAuthenticationTokenMixinTests extends AbstractMixinTests {
 		String jsonString = "{\"@class\": \"org.springframework.security.authentication.AnonymousAuthenticationToken\", \"details\": null,"
 				+ "\"principal\": \"user\", \"authenticated\": true, \"keyHash\": " + HASH_KEY.hashCode() + ","
 				+ "\"authorities\": [\"java.util.ArrayList\", []]}";
-		mapper.readValue(jsonString, AnonymousAuthenticationToken.class);
+		this.mapper.readValue(jsonString, AnonymousAuthenticationToken.class);
 	}
 
 	@Test
@@ -79,7 +79,7 @@ public class AnonymousAuthenticationTokenMixinTests extends AbstractMixinTests {
 		User user = createDefaultUser();
 		AnonymousAuthenticationToken token = new AnonymousAuthenticationToken(HASH_KEY, user, user.getAuthorities());
 		token.eraseCredentials();
-		String actualJson = mapper.writeValueAsString(token);
+		String actualJson = this.mapper.writeValueAsString(token);
 		JSONAssert.assertEquals(ANONYMOUS_JSON.replace(UserDeserializerTests.USER_PASSWORD, "null"), actualJson, true);
 	}
 
diff --git a/core/src/test/java/org/springframework/security/jackson2/BadCredentialsExceptionMixinTests.java b/core/src/test/java/org/springframework/security/jackson2/BadCredentialsExceptionMixinTests.java
index 8fce534128..6a62775408 100644
--- a/core/src/test/java/org/springframework/security/jackson2/BadCredentialsExceptionMixinTests.java
+++ b/core/src/test/java/org/springframework/security/jackson2/BadCredentialsExceptionMixinTests.java
@@ -44,13 +44,13 @@ public class BadCredentialsExceptionMixinTests extends AbstractMixinTests {
 	@Test
 	public void serializeBadCredentialsExceptionMixinTest() throws JsonProcessingException, JSONException {
 		BadCredentialsException exception = new BadCredentialsException("message");
-		String serializedJson = mapper.writeValueAsString(exception);
+		String serializedJson = this.mapper.writeValueAsString(exception);
 		JSONAssert.assertEquals(EXCEPTION_JSON, serializedJson, true);
 	}
 
 	@Test
 	public void deserializeBadCredentialsExceptionMixinTest() throws IOException {
-		BadCredentialsException exception = mapper.readValue(EXCEPTION_JSON, BadCredentialsException.class);
+		BadCredentialsException exception = this.mapper.readValue(EXCEPTION_JSON, BadCredentialsException.class);
 		assertThat(exception).isNotNull();
 		assertThat(exception.getCause()).isNull();
 		assertThat(exception.getMessage()).isEqualTo("message");
diff --git a/core/src/test/java/org/springframework/security/jackson2/RememberMeAuthenticationTokenMixinTests.java b/core/src/test/java/org/springframework/security/jackson2/RememberMeAuthenticationTokenMixinTests.java
index 1fae8cbded..9500354e97 100644
--- a/core/src/test/java/org/springframework/security/jackson2/RememberMeAuthenticationTokenMixinTests.java
+++ b/core/src/test/java/org/springframework/security/jackson2/RememberMeAuthenticationTokenMixinTests.java
@@ -74,7 +74,7 @@ public class RememberMeAuthenticationTokenMixinTests extends AbstractMixinTests
 	public void serializeRememberMeAuthenticationToken() throws JsonProcessingException, JSONException {
 		RememberMeAuthenticationToken token = new RememberMeAuthenticationToken(REMEMBERME_KEY, "admin",
 				Collections.singleton(new SimpleGrantedAuthority("ROLE_USER")));
-		String actualJson = mapper.writeValueAsString(token);
+		String actualJson = this.mapper.writeValueAsString(token);
 		JSONAssert.assertEquals(REMEMBERME_AUTH_STRINGPRINCIPAL_JSON, actualJson, true);
 	}
 
@@ -83,7 +83,7 @@ public class RememberMeAuthenticationTokenMixinTests extends AbstractMixinTests
 		User user = createDefaultUser();
 		RememberMeAuthenticationToken token = new RememberMeAuthenticationToken(REMEMBERME_KEY, user,
 				user.getAuthorities());
-		String actualJson = mapper.writeValueAsString(token);
+		String actualJson = this.mapper.writeValueAsString(token);
 		JSONAssert.assertEquals(String.format(REMEMBERME_AUTH_JSON, "\"password\""), actualJson, true);
 	}
 
@@ -94,14 +94,14 @@ public class RememberMeAuthenticationTokenMixinTests extends AbstractMixinTests
 		RememberMeAuthenticationToken token = new RememberMeAuthenticationToken(REMEMBERME_KEY, user,
 				user.getAuthorities());
 		token.eraseCredentials();
-		String actualJson = mapper.writeValueAsString(token);
+		String actualJson = this.mapper.writeValueAsString(token);
 		JSONAssert.assertEquals(REMEMBERME_AUTH_JSON.replace(UserDeserializerTests.USER_PASSWORD, "null"), actualJson,
 				true);
 	}
 
 	@Test
 	public void deserializeRememberMeAuthenticationToken() throws IOException {
-		RememberMeAuthenticationToken token = mapper.readValue(REMEMBERME_AUTH_STRINGPRINCIPAL_JSON,
+		RememberMeAuthenticationToken token = this.mapper.readValue(REMEMBERME_AUTH_STRINGPRINCIPAL_JSON,
 				RememberMeAuthenticationToken.class);
 		assertThat(token).isNotNull();
 		assertThat(token.getPrincipal()).isNotNull().isEqualTo("admin").isEqualTo(token.getName());
@@ -110,7 +110,7 @@ public class RememberMeAuthenticationTokenMixinTests extends AbstractMixinTests
 
 	@Test
 	public void deserializeRememberMeAuthenticationTokenWithUserTest() throws IOException {
-		RememberMeAuthenticationToken token = mapper.readValue(String.format(REMEMBERME_AUTH_JSON, "\"password\""),
+		RememberMeAuthenticationToken token = this.mapper.readValue(String.format(REMEMBERME_AUTH_JSON, "\"password\""),
 				RememberMeAuthenticationToken.class);
 		assertThat(token).isNotNull();
 		assertThat(token.getPrincipal()).isNotNull().isInstanceOf(User.class);
diff --git a/core/src/test/java/org/springframework/security/jackson2/SecurityContextMixinTests.java b/core/src/test/java/org/springframework/security/jackson2/SecurityContextMixinTests.java
index 64427cb9f4..ab9405c986 100644
--- a/core/src/test/java/org/springframework/security/jackson2/SecurityContextMixinTests.java
+++ b/core/src/test/java/org/springframework/security/jackson2/SecurityContextMixinTests.java
@@ -50,13 +50,13 @@ public class SecurityContextMixinTests extends AbstractMixinTests {
 		SecurityContext context = new SecurityContextImpl();
 		context.setAuthentication(new UsernamePasswordAuthenticationToken("admin", "1234",
 				Collections.singleton(new SimpleGrantedAuthority("ROLE_USER"))));
-		String actualJson = mapper.writeValueAsString(context);
+		String actualJson = this.mapper.writeValueAsString(context);
 		JSONAssert.assertEquals(SECURITY_CONTEXT_JSON, actualJson, true);
 	}
 
 	@Test
 	public void securityContextDeserializeTest() throws IOException {
-		SecurityContext context = mapper.readValue(SECURITY_CONTEXT_JSON, SecurityContextImpl.class);
+		SecurityContext context = this.mapper.readValue(SECURITY_CONTEXT_JSON, SecurityContextImpl.class);
 		assertThat(context).isNotNull();
 		assertThat(context.getAuthentication()).isNotNull().isInstanceOf(UsernamePasswordAuthenticationToken.class);
 		assertThat(context.getAuthentication().getPrincipal()).isEqualTo("admin");
diff --git a/core/src/test/java/org/springframework/security/jackson2/SecurityJackson2ModulesTests.java b/core/src/test/java/org/springframework/security/jackson2/SecurityJackson2ModulesTests.java
index 0e28240fee..79fb7d4fa4 100644
--- a/core/src/test/java/org/springframework/security/jackson2/SecurityJackson2ModulesTests.java
+++ b/core/src/test/java/org/springframework/security/jackson2/SecurityJackson2ModulesTests.java
@@ -44,57 +44,57 @@ public class SecurityJackson2ModulesTests {
 
 	@Before
 	public void setup() {
-		mapper = new ObjectMapper();
-		SecurityJackson2Modules.enableDefaultTyping(mapper);
+		this.mapper = new ObjectMapper();
+		SecurityJackson2Modules.enableDefaultTyping(this.mapper);
 	}
 
 	@Test
 	public void readValueWhenNotAllowedOrMappedThenThrowsException() {
 		String content = "{\"@class\":\"org.springframework.security.jackson2.SecurityJackson2ModulesTests$NotAllowlisted\",\"property\":\"bar\"}";
 		assertThatThrownBy(() -> {
-			mapper.readValue(content, Object.class);
+			this.mapper.readValue(content, Object.class);
 		}).hasStackTraceContaining("allowlist");
 	}
 
 	@Test
 	public void readValueWhenExplicitDefaultTypingAfterSecuritySetupThenReadsAsSpecificType() throws Exception {
-		mapper.enableDefaultTyping(ObjectMapper.DefaultTyping.NON_FINAL, JsonTypeInfo.As.PROPERTY);
+		this.mapper.enableDefaultTyping(ObjectMapper.DefaultTyping.NON_FINAL, JsonTypeInfo.As.PROPERTY);
 		String content = "{\"@class\":\"org.springframework.security.jackson2.SecurityJackson2ModulesTests$NotAllowlisted\",\"property\":\"bar\"}";
 
-		assertThat(mapper.readValue(content, Object.class)).isInstanceOf(NotAllowlisted.class);
+		assertThat(this.mapper.readValue(content, Object.class)).isInstanceOf(NotAllowlisted.class);
 	}
 
 	@Test
 	public void readValueWhenExplicitDefaultTypingBeforeSecuritySetupThenReadsAsSpecificType() throws Exception {
-		mapper = new ObjectMapper();
-		mapper.enableDefaultTyping(ObjectMapper.DefaultTyping.NON_FINAL, JsonTypeInfo.As.PROPERTY);
-		SecurityJackson2Modules.enableDefaultTyping(mapper);
+		this.mapper = new ObjectMapper();
+		this.mapper.enableDefaultTyping(ObjectMapper.DefaultTyping.NON_FINAL, JsonTypeInfo.As.PROPERTY);
+		SecurityJackson2Modules.enableDefaultTyping(this.mapper);
 		String content = "{\"@class\":\"org.springframework.security.jackson2.SecurityJackson2ModulesTests$NotAllowlisted\",\"property\":\"bar\"}";
 
-		assertThat(mapper.readValue(content, Object.class)).isInstanceOf(NotAllowlisted.class);
+		assertThat(this.mapper.readValue(content, Object.class)).isInstanceOf(NotAllowlisted.class);
 	}
 
 	@Test
 	public void readValueWhenAnnotatedThenReadsAsSpecificType() throws Exception {
 		String content = "{\"@class\":\"org.springframework.security.jackson2.SecurityJackson2ModulesTests$NotAllowlistedButAnnotated\",\"property\":\"bar\"}";
 
-		assertThat(mapper.readValue(content, Object.class)).isInstanceOf(NotAllowlistedButAnnotated.class);
+		assertThat(this.mapper.readValue(content, Object.class)).isInstanceOf(NotAllowlistedButAnnotated.class);
 	}
 
 	@Test
 	public void readValueWhenMixinProvidedThenReadsAsSpecificType() throws Exception {
-		mapper.addMixIn(NotAllowlisted.class, NotAllowlistedMixin.class);
+		this.mapper.addMixIn(NotAllowlisted.class, NotAllowlistedMixin.class);
 		String content = "{\"@class\":\"org.springframework.security.jackson2.SecurityJackson2ModulesTests$NotAllowlisted\",\"property\":\"bar\"}";
 
-		assertThat(mapper.readValue(content, Object.class)).isInstanceOf(NotAllowlisted.class);
+		assertThat(this.mapper.readValue(content, Object.class)).isInstanceOf(NotAllowlisted.class);
 	}
 
 	@Test
 	public void readValueWhenHashMapThenReadsAsSpecificType() throws Exception {
-		mapper.addMixIn(NotAllowlisted.class, NotAllowlistedMixin.class);
+		this.mapper.addMixIn(NotAllowlisted.class, NotAllowlistedMixin.class);
 		String content = "{\"@class\":\"java.util.HashMap\"}";
 
-		assertThat(mapper.readValue(content, Object.class)).isInstanceOf(HashMap.class);
+		assertThat(this.mapper.readValue(content, Object.class)).isInstanceOf(HashMap.class);
 	}
 
 	@Target({ ElementType.TYPE, ElementType.ANNOTATION_TYPE })
@@ -110,7 +110,7 @@ public class SecurityJackson2ModulesTests {
 		private String property = "bar";
 
 		public String getProperty() {
-			return property;
+			return this.property;
 		}
 
 		public void setProperty(String property) {
@@ -124,7 +124,7 @@ public class SecurityJackson2ModulesTests {
 		private String property = "bar";
 
 		public String getProperty() {
-			return property;
+			return this.property;
 		}
 
 		public void setProperty(String property) {
diff --git a/core/src/test/java/org/springframework/security/jackson2/SimpleGrantedAuthorityMixinTests.java b/core/src/test/java/org/springframework/security/jackson2/SimpleGrantedAuthorityMixinTests.java
index 73bb8f3d31..2786cd2b24 100644
--- a/core/src/test/java/org/springframework/security/jackson2/SimpleGrantedAuthorityMixinTests.java
+++ b/core/src/test/java/org/springframework/security/jackson2/SimpleGrantedAuthorityMixinTests.java
@@ -51,13 +51,13 @@ public class SimpleGrantedAuthorityMixinTests extends AbstractMixinTests {
 	@Test
 	public void serializeSimpleGrantedAuthorityTest() throws JsonProcessingException, JSONException {
 		SimpleGrantedAuthority authority = new SimpleGrantedAuthority("ROLE_USER");
-		String serializeJson = mapper.writeValueAsString(authority);
+		String serializeJson = this.mapper.writeValueAsString(authority);
 		JSONAssert.assertEquals(AUTHORITY_JSON, serializeJson, true);
 	}
 
 	@Test
 	public void deserializeGrantedAuthorityTest() throws IOException {
-		SimpleGrantedAuthority authority = mapper.readValue(AUTHORITY_JSON, SimpleGrantedAuthority.class);
+		SimpleGrantedAuthority authority = this.mapper.readValue(AUTHORITY_JSON, SimpleGrantedAuthority.class);
 		assertThat(authority).isNotNull();
 		assertThat(authority.getAuthority()).isNotNull().isEqualTo("ROLE_USER");
 	}
@@ -65,7 +65,7 @@ public class SimpleGrantedAuthorityMixinTests extends AbstractMixinTests {
 	@Test(expected = JsonMappingException.class)
 	public void deserializeGrantedAuthorityWithoutRoleTest() throws IOException {
 		String json = "{\"@class\": \"org.springframework.security.core.authority.SimpleGrantedAuthority\"}";
-		mapper.readValue(json, SimpleGrantedAuthority.class);
+		this.mapper.readValue(json, SimpleGrantedAuthority.class);
 	}
 
 }
diff --git a/core/src/test/java/org/springframework/security/jackson2/UserDeserializerTests.java b/core/src/test/java/org/springframework/security/jackson2/UserDeserializerTests.java
index b3aa03f696..5f165c43d3 100644
--- a/core/src/test/java/org/springframework/security/jackson2/UserDeserializerTests.java
+++ b/core/src/test/java/org/springframework/security/jackson2/UserDeserializerTests.java
@@ -57,14 +57,14 @@ public class UserDeserializerTests extends AbstractMixinTests {
 	@Test
 	public void serializeUserTest() throws JsonProcessingException, JSONException {
 		User user = createDefaultUser();
-		String userJson = mapper.writeValueAsString(user);
+		String userJson = this.mapper.writeValueAsString(user);
 		JSONAssert.assertEquals(userWithPasswordJson(user.getPassword()), userJson, true);
 	}
 
 	@Test
 	public void serializeUserWithoutAuthority() throws JsonProcessingException, JSONException {
 		User user = new User("admin", "1234", Collections.<GrantedAuthority>emptyList());
-		String userJson = mapper.writeValueAsString(user);
+		String userJson = this.mapper.writeValueAsString(user);
 		JSONAssert.assertEquals(userWithNoAuthoritiesJson(), userJson, true);
 	}
 
@@ -73,14 +73,14 @@ public class UserDeserializerTests extends AbstractMixinTests {
 		String userJsonWithoutPasswordString = USER_JSON.replace(SimpleGrantedAuthorityMixinTests.AUTHORITIES_SET_JSON,
 				"[]");
 
-		mapper.readValue(userJsonWithoutPasswordString, User.class);
+		this.mapper.readValue(userJsonWithoutPasswordString, User.class);
 	}
 
 	@Test
 	public void deserializeUserWithNullPasswordNoAuthorityTest() throws Exception {
-		String userJsonWithoutPasswordString = removeNode(userWithNoAuthoritiesJson(), mapper, "password");
+		String userJsonWithoutPasswordString = removeNode(userWithNoAuthoritiesJson(), this.mapper, "password");
 
-		User user = mapper.readValue(userJsonWithoutPasswordString, User.class);
+		User user = this.mapper.readValue(userJsonWithoutPasswordString, User.class);
 		assertThat(user).isNotNull();
 		assertThat(user.getUsername()).isEqualTo("admin");
 		assertThat(user.getPassword()).isNull();
@@ -92,12 +92,12 @@ public class UserDeserializerTests extends AbstractMixinTests {
 	public void deserializeUserWithNoClassIdInAuthoritiesTest() throws Exception {
 		String userJson = USER_JSON.replace(SimpleGrantedAuthorityMixinTests.AUTHORITIES_SET_JSON,
 				"[{\"authority\": \"ROLE_USER\"}]");
-		mapper.readValue(userJson, User.class);
+		this.mapper.readValue(userJson, User.class);
 	}
 
 	@Test
 	public void deserializeUserWithClassIdInAuthoritiesTest() throws IOException {
-		User user = mapper.readValue(userJson(), User.class);
+		User user = this.mapper.readValue(userJson(), User.class);
 		assertThat(user).isNotNull();
 		assertThat(user.getUsername()).isEqualTo("admin");
 		assertThat(user.getPassword()).isEqualTo("1234");
diff --git a/core/src/test/java/org/springframework/security/jackson2/UsernamePasswordAuthenticationTokenMixinTests.java b/core/src/test/java/org/springframework/security/jackson2/UsernamePasswordAuthenticationTokenMixinTests.java
index 1b5791ecc9..18905cf639 100644
--- a/core/src/test/java/org/springframework/security/jackson2/UsernamePasswordAuthenticationTokenMixinTests.java
+++ b/core/src/test/java/org/springframework/security/jackson2/UsernamePasswordAuthenticationTokenMixinTests.java
@@ -86,7 +86,7 @@ public class UsernamePasswordAuthenticationTokenMixinTests extends AbstractMixin
 	public void serializeUnauthenticatedUsernamePasswordAuthenticationTokenMixinTest()
 			throws JsonProcessingException, JSONException {
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("admin", "1234");
-		String serializedJson = mapper.writeValueAsString(token);
+		String serializedJson = this.mapper.writeValueAsString(token);
 		JSONAssert.assertEquals(UNAUTHENTICATED_STRINGPRINCIPAL_JSON, serializedJson, true);
 	}
 
@@ -96,13 +96,13 @@ public class UsernamePasswordAuthenticationTokenMixinTests extends AbstractMixin
 		User user = createDefaultUser();
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(user.getUsername(),
 				user.getPassword(), user.getAuthorities());
-		String serializedJson = mapper.writeValueAsString(token);
+		String serializedJson = this.mapper.writeValueAsString(token);
 		JSONAssert.assertEquals(AUTHENTICATED_STRINGPRINCIPAL_JSON, serializedJson, true);
 	}
 
 	@Test
 	public void deserializeUnauthenticatedUsernamePasswordAuthenticationTokenMixinTest() throws IOException {
-		UsernamePasswordAuthenticationToken token = mapper.readValue(UNAUTHENTICATED_STRINGPRINCIPAL_JSON,
+		UsernamePasswordAuthenticationToken token = this.mapper.readValue(UNAUTHENTICATED_STRINGPRINCIPAL_JSON,
 				UsernamePasswordAuthenticationToken.class);
 		assertThat(token).isNotNull();
 		assertThat(token.isAuthenticated()).isEqualTo(false);
@@ -112,7 +112,7 @@ public class UsernamePasswordAuthenticationTokenMixinTests extends AbstractMixin
 	@Test
 	public void deserializeAuthenticatedUsernamePasswordAuthenticationTokenMixinTest() throws IOException {
 		UsernamePasswordAuthenticationToken expectedToken = createToken();
-		UsernamePasswordAuthenticationToken token = mapper.readValue(AUTHENTICATED_STRINGPRINCIPAL_JSON,
+		UsernamePasswordAuthenticationToken token = this.mapper.readValue(AUTHENTICATED_STRINGPRINCIPAL_JSON,
 				UsernamePasswordAuthenticationToken.class);
 		assertThat(token).isNotNull();
 		assertThat(token.isAuthenticated()).isTrue();
@@ -123,13 +123,13 @@ public class UsernamePasswordAuthenticationTokenMixinTests extends AbstractMixin
 	public void serializeAuthenticatedUsernamePasswordAuthenticationTokenMixinWithUserTest()
 			throws JsonProcessingException, JSONException {
 		UsernamePasswordAuthenticationToken token = createToken();
-		String actualJson = mapper.writeValueAsString(token);
+		String actualJson = this.mapper.writeValueAsString(token);
 		JSONAssert.assertEquals(AUTHENTICATED_JSON, actualJson, true);
 	}
 
 	@Test
 	public void deserializeAuthenticatedUsernamePasswordAuthenticationTokenWithUserTest() throws IOException {
-		UsernamePasswordAuthenticationToken token = mapper.readValue(AUTHENTICATED_JSON,
+		UsernamePasswordAuthenticationToken token = this.mapper.readValue(AUTHENTICATED_JSON,
 				UsernamePasswordAuthenticationToken.class);
 		assertThat(token).isNotNull();
 		assertThat(token.getPrincipal()).isNotNull().isInstanceOf(User.class);
@@ -144,7 +144,7 @@ public class UsernamePasswordAuthenticationTokenMixinTests extends AbstractMixin
 			throws JsonProcessingException, JSONException {
 		UsernamePasswordAuthenticationToken token = createToken();
 		token.eraseCredentials();
-		String actualJson = mapper.writeValueAsString(token);
+		String actualJson = this.mapper.writeValueAsString(token);
 		JSONAssert.assertEquals(AUTHENTICATED_JSON.replaceAll(UserDeserializerTests.USER_PASSWORD, "null"), actualJson,
 				true);
 	}
@@ -156,14 +156,14 @@ public class UsernamePasswordAuthenticationTokenMixinTests extends AbstractMixin
 		principal.setUsername("admin");
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(principal, null,
 				new ArrayList<>());
-		String actualJson = mapper.writeValueAsString(token);
+		String actualJson = this.mapper.writeValueAsString(token);
 		JSONAssert.assertEquals(AUTHENTICATED_NON_USER_PRINCIPAL_JSON, actualJson, true);
 	}
 
 	@Test
 	public void deserializeAuthenticatedUsernamePasswordAuthenticationTokenWithNonUserPrincipalTest()
 			throws IOException {
-		UsernamePasswordAuthenticationToken token = mapper.readValue(AUTHENTICATED_NON_USER_PRINCIPAL_JSON,
+		UsernamePasswordAuthenticationToken token = this.mapper.readValue(AUTHENTICATED_NON_USER_PRINCIPAL_JSON,
 				UsernamePasswordAuthenticationToken.class);
 		assertThat(token).isNotNull();
 		assertThat(token.getPrincipal()).isNotNull().isInstanceOf(NonUserPrincipal.class);
@@ -171,7 +171,7 @@ public class UsernamePasswordAuthenticationTokenMixinTests extends AbstractMixin
 
 	@Test
 	public void deserializeAuthenticatedUsernamePasswordAuthenticationTokenWithDetailsTest() throws IOException {
-		UsernamePasswordAuthenticationToken token = mapper.readValue(AUTHENTICATED_STRINGDETAILS_JSON,
+		UsernamePasswordAuthenticationToken token = this.mapper.readValue(AUTHENTICATED_STRINGDETAILS_JSON,
 				UsernamePasswordAuthenticationToken.class);
 		assertThat(token).isNotNull();
 		assertThat(token.getPrincipal()).isNotNull().isInstanceOf(User.class);
@@ -224,7 +224,7 @@ public class UsernamePasswordAuthenticationTokenMixinTests extends AbstractMixin
 		private String username;
 
 		public String getUsername() {
-			return username;
+			return this.username;
 		}
 
 		public void setUsername(String username) {
diff --git a/core/src/test/java/org/springframework/security/provisioning/JdbcUserDetailsManagerTests.java b/core/src/test/java/org/springframework/security/provisioning/JdbcUserDetailsManagerTests.java
index 14b5941d7c..343b04cb9f 100644
--- a/core/src/test/java/org/springframework/security/provisioning/JdbcUserDetailsManagerTests.java
+++ b/core/src/test/java/org/springframework/security/provisioning/JdbcUserDetailsManagerTests.java
@@ -83,56 +83,57 @@ public class JdbcUserDetailsManagerTests {
 
 	@Before
 	public void initializeManagerAndCreateTables() {
-		manager = new JdbcUserDetailsManager();
-		cache = new MockUserCache();
-		manager.setUserCache(cache);
-		manager.setDataSource(dataSource);
-		manager.setCreateUserSql(JdbcUserDetailsManager.DEF_CREATE_USER_SQL);
-		manager.setUpdateUserSql(JdbcUserDetailsManager.DEF_UPDATE_USER_SQL);
-		manager.setUserExistsSql(JdbcUserDetailsManager.DEF_USER_EXISTS_SQL);
-		manager.setCreateAuthoritySql(JdbcUserDetailsManager.DEF_INSERT_AUTHORITY_SQL);
-		manager.setDeleteUserAuthoritiesSql(JdbcUserDetailsManager.DEF_DELETE_USER_AUTHORITIES_SQL);
-		manager.setDeleteUserSql(JdbcUserDetailsManager.DEF_DELETE_USER_SQL);
-		manager.setChangePasswordSql(JdbcUserDetailsManager.DEF_CHANGE_PASSWORD_SQL);
-		manager.initDao();
-		template = manager.getJdbcTemplate();
+		this.manager = new JdbcUserDetailsManager();
+		this.cache = new MockUserCache();
+		this.manager.setUserCache(this.cache);
+		this.manager.setDataSource(dataSource);
+		this.manager.setCreateUserSql(JdbcUserDetailsManager.DEF_CREATE_USER_SQL);
+		this.manager.setUpdateUserSql(JdbcUserDetailsManager.DEF_UPDATE_USER_SQL);
+		this.manager.setUserExistsSql(JdbcUserDetailsManager.DEF_USER_EXISTS_SQL);
+		this.manager.setCreateAuthoritySql(JdbcUserDetailsManager.DEF_INSERT_AUTHORITY_SQL);
+		this.manager.setDeleteUserAuthoritiesSql(JdbcUserDetailsManager.DEF_DELETE_USER_AUTHORITIES_SQL);
+		this.manager.setDeleteUserSql(JdbcUserDetailsManager.DEF_DELETE_USER_SQL);
+		this.manager.setChangePasswordSql(JdbcUserDetailsManager.DEF_CHANGE_PASSWORD_SQL);
+		this.manager.initDao();
+		this.template = this.manager.getJdbcTemplate();
 
-		template.execute("create table users(username varchar(20) not null primary key,"
+		this.template.execute("create table users(username varchar(20) not null primary key,"
 				+ "password varchar(20) not null, enabled boolean not null)");
-		template.execute("create table authorities (username varchar(20) not null, authority varchar(20) not null, "
-				+ "constraint fk_authorities_users foreign key(username) references users(username))");
-		PopulatedDatabase.createGroupTables(template);
-		PopulatedDatabase.insertGroupData(template);
+		this.template
+				.execute("create table authorities (username varchar(20) not null, authority varchar(20) not null, "
+						+ "constraint fk_authorities_users foreign key(username) references users(username))");
+		PopulatedDatabase.createGroupTables(this.template);
+		PopulatedDatabase.insertGroupData(this.template);
 	}
 
 	@After
 	public void dropTablesAndClearContext() {
-		template.execute("drop table authorities");
-		template.execute("drop table users");
-		template.execute("drop table group_authorities");
-		template.execute("drop table group_members");
-		template.execute("drop table groups");
+		this.template.execute("drop table authorities");
+		this.template.execute("drop table users");
+		this.template.execute("drop table group_authorities");
+		this.template.execute("drop table group_members");
+		this.template.execute("drop table groups");
 		SecurityContextHolder.clearContext();
 	}
 
 	private void setUpAccLockingColumns() {
-		template.execute("alter table users add column acc_locked boolean default false not null");
-		template.execute("alter table users add column acc_expired boolean default false not null");
-		template.execute("alter table users add column creds_expired boolean default false not null");
+		this.template.execute("alter table users add column acc_locked boolean default false not null");
+		this.template.execute("alter table users add column acc_expired boolean default false not null");
+		this.template.execute("alter table users add column creds_expired boolean default false not null");
 
-		manager.setUsersByUsernameQuery(
+		this.manager.setUsersByUsernameQuery(
 				"select username,password,enabled, acc_locked, acc_expired, creds_expired from users where username = ?");
-		manager.setCreateUserSql(
+		this.manager.setCreateUserSql(
 				"insert into users (username, password, enabled, acc_locked, acc_expired, creds_expired) values (?,?,?,?,?,?)");
-		manager.setUpdateUserSql(
+		this.manager.setUpdateUserSql(
 				"update users set password = ?, enabled = ?, acc_locked=?, acc_expired=?, creds_expired=? where username = ?");
 	}
 
 	@Test
 	public void createUserInsertsCorrectData() {
-		manager.createUser(joe);
+		this.manager.createUser(joe);
 
-		UserDetails joe2 = manager.loadUserByUsername("joe");
+		UserDetails joe2 = this.manager.loadUserByUsername("joe");
 
 		assertThat(joe2).isEqualTo(joe);
 	}
@@ -143,9 +144,9 @@ public class JdbcUserDetailsManagerTests {
 
 		UserDetails user = new User("joe", "pass", true, false, true, false,
 				AuthorityUtils.createAuthorityList("A", "B"));
-		manager.createUser(user);
+		this.manager.createUser(user);
 
-		UserDetails user2 = manager.loadUserByUsername(user.getUsername());
+		UserDetails user2 = this.manager.loadUserByUsername(user.getUsername());
 
 		assertThat(user2).isEqualToComparingFieldByField(user);
 	}
@@ -153,11 +154,11 @@ public class JdbcUserDetailsManagerTests {
 	@Test
 	public void deleteUserRemovesUserDataAndAuthoritiesAndClearsCache() {
 		insertJoe();
-		manager.deleteUser("joe");
+		this.manager.deleteUser("joe");
 
-		assertThat(template.queryForList(SELECT_JOE_SQL)).isEmpty();
-		assertThat(template.queryForList(SELECT_JOE_AUTHORITIES_SQL)).isEmpty();
-		assertThat(cache.getUserMap().containsKey("joe")).isFalse();
+		assertThat(this.template.queryForList(SELECT_JOE_SQL)).isEmpty();
+		assertThat(this.template.queryForList(SELECT_JOE_AUTHORITIES_SQL)).isEmpty();
+		assertThat(this.cache.getUserMap().containsKey("joe")).isFalse();
 	}
 
 	@Test
@@ -166,12 +167,12 @@ public class JdbcUserDetailsManagerTests {
 		User newJoe = new User("joe", "newpassword", false, true, true, true,
 				AuthorityUtils.createAuthorityList(new String[] { "D", "F", "E" }));
 
-		manager.updateUser(newJoe);
+		this.manager.updateUser(newJoe);
 
-		UserDetails joe = manager.loadUserByUsername("joe");
+		UserDetails joe = this.manager.loadUserByUsername("joe");
 
 		assertThat(joe).isEqualTo(newJoe);
-		assertThat(cache.getUserMap().containsKey("joe")).isFalse();
+		assertThat(this.cache.getUserMap().containsKey("joe")).isFalse();
 	}
 
 	@Test
@@ -183,40 +184,40 @@ public class JdbcUserDetailsManagerTests {
 		User newJoe = new User("joe", "newpassword", false, false, false, true,
 				AuthorityUtils.createAuthorityList("D", "F", "E"));
 
-		manager.updateUser(newJoe);
+		this.manager.updateUser(newJoe);
 
-		UserDetails joe = manager.loadUserByUsername(newJoe.getUsername());
+		UserDetails joe = this.manager.loadUserByUsername(newJoe.getUsername());
 
 		assertThat(joe).isEqualToComparingFieldByField(newJoe);
-		assertThat(cache.getUserMap().containsKey(newJoe.getUsername())).isFalse();
+		assertThat(this.cache.getUserMap().containsKey(newJoe.getUsername())).isFalse();
 	}
 
 	@Test
 	public void userExistsReturnsFalseForNonExistentUsername() {
-		assertThat(manager.userExists("joe")).isFalse();
+		assertThat(this.manager.userExists("joe")).isFalse();
 	}
 
 	@Test
 	public void userExistsReturnsTrueForExistingUsername() {
 		insertJoe();
-		assertThat(manager.userExists("joe")).isTrue();
-		assertThat(cache.getUserMap().containsKey("joe")).isTrue();
+		assertThat(this.manager.userExists("joe")).isTrue();
+		assertThat(this.cache.getUserMap().containsKey("joe")).isTrue();
 	}
 
 	@Test(expected = AccessDeniedException.class)
 	public void changePasswordFailsForUnauthenticatedUser() {
-		manager.changePassword("password", "newPassword");
+		this.manager.changePassword("password", "newPassword");
 	}
 
 	@Test
 	public void changePasswordSucceedsWithAuthenticatedUserAndNoAuthenticationManagerSet() {
 		insertJoe();
 		authenticateJoe();
-		manager.changePassword("wrongpassword", "newPassword");
-		UserDetails newJoe = manager.loadUserByUsername("joe");
+		this.manager.changePassword("wrongpassword", "newPassword");
+		UserDetails newJoe = this.manager.loadUserByUsername("joe");
 
 		assertThat(newJoe.getPassword()).isEqualTo("newPassword");
-		assertThat(cache.getUserMap().containsKey("joe")).isFalse();
+		assertThat(this.cache.getUserMap().containsKey("joe")).isFalse();
 	}
 
 	@Test
@@ -226,9 +227,9 @@ public class JdbcUserDetailsManagerTests {
 		AuthenticationManager am = mock(AuthenticationManager.class);
 		when(am.authenticate(currentAuth)).thenReturn(currentAuth);
 
-		manager.setAuthenticationManager(am);
-		manager.changePassword("password", "newPassword");
-		UserDetails newJoe = manager.loadUserByUsername("joe");
+		this.manager.setAuthenticationManager(am);
+		this.manager.changePassword("password", "newPassword");
+		UserDetails newJoe = this.manager.loadUserByUsername("joe");
 
 		assertThat(newJoe.getPassword()).isEqualTo("newPassword");
 		// The password in the context should also be altered
@@ -236,7 +237,7 @@ public class JdbcUserDetailsManagerTests {
 		assertThat(newAuth.getName()).isEqualTo("joe");
 		assertThat(newAuth.getDetails()).isEqualTo(currentAuth.getDetails());
 		assertThat(newAuth.getCredentials()).isNull();
-		assertThat(cache.getUserMap().containsKey("joe")).isFalse();
+		assertThat(this.cache.getUserMap().containsKey("joe")).isFalse();
 	}
 
 	@Test
@@ -246,25 +247,25 @@ public class JdbcUserDetailsManagerTests {
 		AuthenticationManager am = mock(AuthenticationManager.class);
 		when(am.authenticate(any(Authentication.class))).thenThrow(new BadCredentialsException(""));
 
-		manager.setAuthenticationManager(am);
+		this.manager.setAuthenticationManager(am);
 
 		try {
-			manager.changePassword("password", "newPassword");
+			this.manager.changePassword("password", "newPassword");
 			fail("Expected BadCredentialsException");
 		}
 		catch (BadCredentialsException expected) {
 		}
 
 		// Check password hasn't changed.
-		UserDetails newJoe = manager.loadUserByUsername("joe");
+		UserDetails newJoe = this.manager.loadUserByUsername("joe");
 		assertThat(newJoe.getPassword()).isEqualTo("password");
 		assertThat(SecurityContextHolder.getContext().getAuthentication().getCredentials()).isEqualTo("password");
-		assertThat(cache.getUserMap().containsKey("joe")).isTrue();
+		assertThat(this.cache.getUserMap().containsKey("joe")).isTrue();
 	}
 
 	@Test
 	public void findAllGroupsReturnsExpectedGroupNames() {
-		List<String> groups = manager.findAllGroups();
+		List<String> groups = this.manager.findAllGroups();
 		assertThat(groups).hasSize(4);
 
 		Collections.sort(groups);
@@ -276,19 +277,19 @@ public class JdbcUserDetailsManagerTests {
 
 	@Test
 	public void findGroupMembersReturnsCorrectData() {
-		List<String> groupMembers = manager.findUsersInGroup("GROUP_0");
+		List<String> groupMembers = this.manager.findUsersInGroup("GROUP_0");
 		assertThat(groupMembers).hasSize(1);
 		assertThat(groupMembers.get(0)).isEqualTo("jerry");
-		groupMembers = manager.findUsersInGroup("GROUP_1");
+		groupMembers = this.manager.findUsersInGroup("GROUP_1");
 		assertThat(groupMembers).hasSize(2);
 	}
 
 	@Test
 	@SuppressWarnings("unchecked")
 	public void createGroupInsertsCorrectData() {
-		manager.createGroup("TEST_GROUP", AuthorityUtils.createAuthorityList("ROLE_X", "ROLE_Y"));
+		this.manager.createGroup("TEST_GROUP", AuthorityUtils.createAuthorityList("ROLE_X", "ROLE_Y"));
 
-		List roles = template.queryForList("select ga.authority from groups g, group_authorities ga "
+		List roles = this.template.queryForList("select ga.authority from groups g, group_authorities ga "
 				+ "where ga.group_id = g.id " + "and g.group_name = 'TEST_GROUP'");
 
 		assertThat(roles).hasSize(2);
@@ -296,78 +297,80 @@ public class JdbcUserDetailsManagerTests {
 
 	@Test
 	public void deleteGroupRemovesData() {
-		manager.deleteGroup("GROUP_0");
-		manager.deleteGroup("GROUP_1");
-		manager.deleteGroup("GROUP_2");
-		manager.deleteGroup("GROUP_3");
+		this.manager.deleteGroup("GROUP_0");
+		this.manager.deleteGroup("GROUP_1");
+		this.manager.deleteGroup("GROUP_2");
+		this.manager.deleteGroup("GROUP_3");
 
-		assertThat(template.queryForList("select * from group_authorities")).isEmpty();
-		assertThat(template.queryForList("select * from group_members")).isEmpty();
-		assertThat(template.queryForList("select id from groups")).isEmpty();
+		assertThat(this.template.queryForList("select * from group_authorities")).isEmpty();
+		assertThat(this.template.queryForList("select * from group_members")).isEmpty();
+		assertThat(this.template.queryForList("select id from groups")).isEmpty();
 	}
 
 	@Test
 	public void renameGroupIsSuccessful() {
-		manager.renameGroup("GROUP_0", "GROUP_X");
+		this.manager.renameGroup("GROUP_0", "GROUP_X");
 
-		assertThat(template.queryForObject("select id from groups where group_name = 'GROUP_X'", Integer.class))
+		assertThat(this.template.queryForObject("select id from groups where group_name = 'GROUP_X'", Integer.class))
 				.isZero();
 	}
 
 	@Test
 	public void addingGroupUserSetsCorrectData() {
-		manager.addUserToGroup("tom", "GROUP_0");
+		this.manager.addUserToGroup("tom", "GROUP_0");
 
-		assertThat(template.queryForList("select username from group_members where group_id = 0")).hasSize(2);
+		assertThat(this.template.queryForList("select username from group_members where group_id = 0")).hasSize(2);
 	}
 
 	@Test
 	public void removeUserFromGroupDeletesGroupMemberRow() {
-		manager.removeUserFromGroup("jerry", "GROUP_1");
+		this.manager.removeUserFromGroup("jerry", "GROUP_1");
 
-		assertThat(template.queryForList("select group_id from group_members where username = 'jerry'")).hasSize(1);
+		assertThat(this.template.queryForList("select group_id from group_members where username = 'jerry'"))
+				.hasSize(1);
 	}
 
 	@Test
 	public void findGroupAuthoritiesReturnsCorrectAuthorities() {
-		assertThat(AuthorityUtils.createAuthorityList("ROLE_A")).isEqualTo(manager.findGroupAuthorities("GROUP_0"));
+		assertThat(AuthorityUtils.createAuthorityList("ROLE_A"))
+				.isEqualTo(this.manager.findGroupAuthorities("GROUP_0"));
 	}
 
 	@Test
 	public void addGroupAuthorityInsertsCorrectGroupAuthorityRow() {
 		GrantedAuthority auth = new SimpleGrantedAuthority("ROLE_X");
-		manager.addGroupAuthority("GROUP_0", auth);
+		this.manager.addGroupAuthority("GROUP_0", auth);
 
-		template.queryForObject("select authority from group_authorities where authority = 'ROLE_X' and group_id = 0",
-				String.class);
+		this.template.queryForObject(
+				"select authority from group_authorities where authority = 'ROLE_X' and group_id = 0", String.class);
 	}
 
 	@Test
 	public void deleteGroupAuthorityRemovesCorrectRows() {
 		GrantedAuthority auth = new SimpleGrantedAuthority("ROLE_A");
-		manager.removeGroupAuthority("GROUP_0", auth);
-		assertThat(template.queryForList("select authority from group_authorities where group_id = 0")).isEmpty();
+		this.manager.removeGroupAuthority("GROUP_0", auth);
+		assertThat(this.template.queryForList("select authority from group_authorities where group_id = 0")).isEmpty();
 
-		manager.removeGroupAuthority("GROUP_2", auth);
-		assertThat(template.queryForList("select authority from group_authorities where group_id = 2")).hasSize(2);
+		this.manager.removeGroupAuthority("GROUP_2", auth);
+		assertThat(this.template.queryForList("select authority from group_authorities where group_id = 2")).hasSize(2);
 	}
 
 	// SEC-1156
 	@Test
 	public void createUserDoesNotSaveAuthoritiesIfEnableAuthoritiesIsFalse() {
-		manager.setEnableAuthorities(false);
-		manager.createUser(joe);
-		assertThat(template.queryForList(SELECT_JOE_AUTHORITIES_SQL)).isEmpty();
+		this.manager.setEnableAuthorities(false);
+		this.manager.createUser(joe);
+		assertThat(this.template.queryForList(SELECT_JOE_AUTHORITIES_SQL)).isEmpty();
 	}
 
 	// SEC-1156
 	@Test
 	public void updateUserDoesNotSaveAuthoritiesIfEnableAuthoritiesIsFalse() {
-		manager.setEnableAuthorities(false);
+		this.manager.setEnableAuthorities(false);
 		insertJoe();
-		template.execute("delete from authorities where username='joe'");
-		manager.updateUser(joe);
-		assertThat(template.queryForList(SELECT_JOE_AUTHORITIES_SQL)).isEmpty();
+		this.template.execute("delete from authorities where username='joe'");
+		this.manager.updateUser(joe);
+		assertThat(this.template.queryForList(SELECT_JOE_AUTHORITIES_SQL)).isEmpty();
 	}
 
 	// SEC-2166
@@ -376,7 +379,7 @@ public class JdbcUserDetailsManagerTests {
 		insertJoe();
 		UsernamePasswordAuthenticationToken currentAuth = new UsernamePasswordAuthenticationToken("joe", null,
 				AuthorityUtils.createAuthorityList("ROLE_USER"));
-		Authentication updatedAuth = manager.createNewAuthentication(currentAuth, "new");
+		Authentication updatedAuth = this.manager.createNewAuthentication(currentAuth, "new");
 		assertThat(updatedAuth.getCredentials()).isNull();
 	}
 
@@ -389,11 +392,11 @@ public class JdbcUserDetailsManagerTests {
 	}
 
 	private void insertJoe() {
-		template.execute("insert into users (username, password, enabled) values ('joe','password','true')");
-		template.execute("insert into authorities (username, authority) values ('joe','A')");
-		template.execute("insert into authorities (username, authority) values ('joe','B')");
-		template.execute("insert into authorities (username, authority) values ('joe','C')");
-		cache.putUserInCache(joe);
+		this.template.execute("insert into users (username, password, enabled) values ('joe','password','true')");
+		this.template.execute("insert into authorities (username, authority) values ('joe','A')");
+		this.template.execute("insert into authorities (username, authority) values ('joe','B')");
+		this.template.execute("insert into authorities (username, authority) values ('joe','C')");
+		this.cache.putUserInCache(joe);
 	}
 
 	private class MockUserCache implements UserCache {
@@ -401,19 +404,19 @@ public class JdbcUserDetailsManagerTests {
 		private Map<String, UserDetails> cache = new HashMap<>();
 
 		public UserDetails getUserFromCache(String username) {
-			return cache.get(username);
+			return this.cache.get(username);
 		}
 
 		public void putUserInCache(UserDetails user) {
-			cache.put(user.getUsername(), user);
+			this.cache.put(user.getUsername(), user);
 		}
 
 		public void removeUserFromCache(String username) {
-			cache.remove(username);
+			this.cache.remove(username);
 		}
 
 		Map<String, UserDetails> getUserMap() {
-			return cache;
+			return this.cache;
 		}
 
 	}
diff --git a/core/src/test/java/org/springframework/security/scheduling/AbstractSecurityContextSchedulingTaskExecutorTests.java b/core/src/test/java/org/springframework/security/scheduling/AbstractSecurityContextSchedulingTaskExecutorTests.java
index 09079fc17e..554f805617 100644
--- a/core/src/test/java/org/springframework/security/scheduling/AbstractSecurityContextSchedulingTaskExecutorTests.java
+++ b/core/src/test/java/org/springframework/security/scheduling/AbstractSecurityContextSchedulingTaskExecutorTests.java
@@ -43,13 +43,13 @@ public abstract class AbstractSecurityContextSchedulingTaskExecutorTests
 
 	@Test
 	public void prefersShortLivedTasks() {
-		executor = create();
-		executor.prefersShortLivedTasks();
-		verify(taskExecutorDelegate).prefersShortLivedTasks();
+		this.executor = create();
+		this.executor.prefersShortLivedTasks();
+		verify(this.taskExecutorDelegate).prefersShortLivedTasks();
 	}
 
 	protected SchedulingTaskExecutor getExecutor() {
-		return taskExecutorDelegate;
+		return this.taskExecutorDelegate;
 	}
 
 	protected abstract DelegatingSecurityContextSchedulingTaskExecutor create();
diff --git a/core/src/test/java/org/springframework/security/scheduling/CurrentSecurityContextSchedulingTaskExecutorTests.java b/core/src/test/java/org/springframework/security/scheduling/CurrentSecurityContextSchedulingTaskExecutorTests.java
index 700e55bd7b..9da5a21301 100644
--- a/core/src/test/java/org/springframework/security/scheduling/CurrentSecurityContextSchedulingTaskExecutorTests.java
+++ b/core/src/test/java/org/springframework/security/scheduling/CurrentSecurityContextSchedulingTaskExecutorTests.java
@@ -36,7 +36,7 @@ public class CurrentSecurityContextSchedulingTaskExecutorTests
 	}
 
 	protected DelegatingSecurityContextSchedulingTaskExecutor create() {
-		return new DelegatingSecurityContextSchedulingTaskExecutor(taskExecutorDelegate);
+		return new DelegatingSecurityContextSchedulingTaskExecutor(this.taskExecutorDelegate);
 	}
 
 }
diff --git a/core/src/test/java/org/springframework/security/scheduling/DelegatingSecurityContextTaskSchedulerTests.java b/core/src/test/java/org/springframework/security/scheduling/DelegatingSecurityContextTaskSchedulerTests.java
index fbbb4e5f51..3828bb755d 100644
--- a/core/src/test/java/org/springframework/security/scheduling/DelegatingSecurityContextTaskSchedulerTests.java
+++ b/core/src/test/java/org/springframework/security/scheduling/DelegatingSecurityContextTaskSchedulerTests.java
@@ -56,44 +56,44 @@ public class DelegatingSecurityContextTaskSchedulerTests {
 	@Before
 	public void setup() {
 		MockitoAnnotations.initMocks(this);
-		delegatingSecurityContextTaskScheduler = new DelegatingSecurityContextTaskScheduler(scheduler);
+		this.delegatingSecurityContextTaskScheduler = new DelegatingSecurityContextTaskScheduler(this.scheduler);
 	}
 
 	@After
 	public void cleanup() {
-		delegatingSecurityContextTaskScheduler = null;
+		this.delegatingSecurityContextTaskScheduler = null;
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void testSchedulerIsNotNull() {
-		delegatingSecurityContextTaskScheduler = new DelegatingSecurityContextTaskScheduler(null);
+		this.delegatingSecurityContextTaskScheduler = new DelegatingSecurityContextTaskScheduler(null);
 	}
 
 	@Test
 	public void testSchedulerWithRunnableAndTrigger() {
-		delegatingSecurityContextTaskScheduler.schedule(runnable, trigger);
-		verify(scheduler).schedule(any(Runnable.class), any(Trigger.class));
+		this.delegatingSecurityContextTaskScheduler.schedule(this.runnable, this.trigger);
+		verify(this.scheduler).schedule(any(Runnable.class), any(Trigger.class));
 	}
 
 	@Test
 	public void testSchedulerWithRunnableAndInstant() {
 		Instant date = Instant.now();
-		delegatingSecurityContextTaskScheduler.schedule(runnable, date);
-		verify(scheduler).schedule(any(Runnable.class), any(Date.class));
+		this.delegatingSecurityContextTaskScheduler.schedule(this.runnable, date);
+		verify(this.scheduler).schedule(any(Runnable.class), any(Date.class));
 	}
 
 	@Test
 	public void testScheduleAtFixedRateWithRunnableAndDate() {
 		Date date = new Date(1544751374L);
 		Duration duration = Duration.ofSeconds(4L);
-		delegatingSecurityContextTaskScheduler.scheduleAtFixedRate(runnable, date, 1000L);
-		verify(scheduler).scheduleAtFixedRate(isA(Runnable.class), isA(Date.class), eq(1000L));
+		this.delegatingSecurityContextTaskScheduler.scheduleAtFixedRate(this.runnable, date, 1000L);
+		verify(this.scheduler).scheduleAtFixedRate(isA(Runnable.class), isA(Date.class), eq(1000L));
 	}
 
 	@Test
 	public void testScheduleAtFixedRateWithRunnableAndLong() {
-		delegatingSecurityContextTaskScheduler.scheduleAtFixedRate(runnable, 1000L);
-		verify(scheduler).scheduleAtFixedRate(isA(Runnable.class), eq(1000L));
+		this.delegatingSecurityContextTaskScheduler.scheduleAtFixedRate(this.runnable, 1000L);
+		verify(this.scheduler).scheduleAtFixedRate(isA(Runnable.class), eq(1000L));
 	}
 
 }
diff --git a/core/src/test/java/org/springframework/security/scheduling/ExplicitSecurityContextSchedulingTaskExecutorTests.java b/core/src/test/java/org/springframework/security/scheduling/ExplicitSecurityContextSchedulingTaskExecutorTests.java
index e51baf34c2..4cf8cdd943 100644
--- a/core/src/test/java/org/springframework/security/scheduling/ExplicitSecurityContextSchedulingTaskExecutorTests.java
+++ b/core/src/test/java/org/springframework/security/scheduling/ExplicitSecurityContextSchedulingTaskExecutorTests.java
@@ -36,7 +36,7 @@ public class ExplicitSecurityContextSchedulingTaskExecutorTests
 	}
 
 	protected DelegatingSecurityContextSchedulingTaskExecutor create() {
-		return new DelegatingSecurityContextSchedulingTaskExecutor(taskExecutorDelegate, securityContext);
+		return new DelegatingSecurityContextSchedulingTaskExecutor(this.taskExecutorDelegate, this.securityContext);
 	}
 
 }
diff --git a/core/src/test/java/org/springframework/security/task/AbstractDelegatingSecurityContextAsyncTaskExecutorTests.java b/core/src/test/java/org/springframework/security/task/AbstractDelegatingSecurityContextAsyncTaskExecutorTests.java
index 206a541991..38af77b257 100644
--- a/core/src/test/java/org/springframework/security/task/AbstractDelegatingSecurityContextAsyncTaskExecutorTests.java
+++ b/core/src/test/java/org/springframework/security/task/AbstractDelegatingSecurityContextAsyncTaskExecutorTests.java
@@ -44,29 +44,29 @@ public abstract class AbstractDelegatingSecurityContextAsyncTaskExecutorTests
 
 	@Before
 	public final void setUpExecutor() {
-		executor = create();
+		this.executor = create();
 	}
 
 	@Test
 	public void executeStartTimeout() {
-		executor.execute(runnable, 1);
-		verify(getExecutor()).execute(wrappedRunnable, 1);
+		this.executor.execute(this.runnable, 1);
+		verify(getExecutor()).execute(this.wrappedRunnable, 1);
 	}
 
 	@Test
 	public void submit() {
-		executor.submit(runnable);
-		verify(getExecutor()).submit(wrappedRunnable);
+		this.executor.submit(this.runnable);
+		verify(getExecutor()).submit(this.wrappedRunnable);
 	}
 
 	@Test
 	public void submitCallable() {
-		executor.submit(callable);
-		verify(getExecutor()).submit(wrappedCallable);
+		this.executor.submit(this.callable);
+		verify(getExecutor()).submit(this.wrappedCallable);
 	}
 
 	protected AsyncTaskExecutor getExecutor() {
-		return taskExecutorDelegate;
+		return this.taskExecutorDelegate;
 	}
 
 	protected abstract DelegatingSecurityContextAsyncTaskExecutor create();
diff --git a/core/src/test/java/org/springframework/security/task/CurrentDelegatingSecurityContextAsyncTaskExecutorTests.java b/core/src/test/java/org/springframework/security/task/CurrentDelegatingSecurityContextAsyncTaskExecutorTests.java
index 814530f82a..53b94f6c16 100644
--- a/core/src/test/java/org/springframework/security/task/CurrentDelegatingSecurityContextAsyncTaskExecutorTests.java
+++ b/core/src/test/java/org/springframework/security/task/CurrentDelegatingSecurityContextAsyncTaskExecutorTests.java
@@ -37,7 +37,7 @@ public class CurrentDelegatingSecurityContextAsyncTaskExecutorTests
 
 	@Override
 	protected DelegatingSecurityContextAsyncTaskExecutor create() {
-		return new DelegatingSecurityContextAsyncTaskExecutor(taskExecutorDelegate);
+		return new DelegatingSecurityContextAsyncTaskExecutor(this.taskExecutorDelegate);
 	}
 
 }
diff --git a/core/src/test/java/org/springframework/security/task/CurrentDelegatingSecurityContextTaskExecutorTests.java b/core/src/test/java/org/springframework/security/task/CurrentDelegatingSecurityContextTaskExecutorTests.java
index b95fbccdb3..5a7aacc4df 100644
--- a/core/src/test/java/org/springframework/security/task/CurrentDelegatingSecurityContextTaskExecutorTests.java
+++ b/core/src/test/java/org/springframework/security/task/CurrentDelegatingSecurityContextTaskExecutorTests.java
@@ -44,11 +44,11 @@ public class CurrentDelegatingSecurityContextTaskExecutorTests extends AbstractD
 	}
 
 	protected Executor getExecutor() {
-		return taskExecutorDelegate;
+		return this.taskExecutorDelegate;
 	}
 
 	protected DelegatingSecurityContextExecutor create() {
-		return new DelegatingSecurityContextTaskExecutor(taskExecutorDelegate);
+		return new DelegatingSecurityContextTaskExecutor(this.taskExecutorDelegate);
 	}
 
 }
diff --git a/core/src/test/java/org/springframework/security/task/ExplicitDelegatingSecurityContextAsyncTaskExecutorTests.java b/core/src/test/java/org/springframework/security/task/ExplicitDelegatingSecurityContextAsyncTaskExecutorTests.java
index 515dfad44f..89f611a613 100644
--- a/core/src/test/java/org/springframework/security/task/ExplicitDelegatingSecurityContextAsyncTaskExecutorTests.java
+++ b/core/src/test/java/org/springframework/security/task/ExplicitDelegatingSecurityContextAsyncTaskExecutorTests.java
@@ -37,7 +37,7 @@ public class ExplicitDelegatingSecurityContextAsyncTaskExecutorTests
 
 	@Override
 	protected DelegatingSecurityContextAsyncTaskExecutor create() {
-		return new DelegatingSecurityContextAsyncTaskExecutor(taskExecutorDelegate, securityContext);
+		return new DelegatingSecurityContextAsyncTaskExecutor(this.taskExecutorDelegate, this.securityContext);
 	}
 
 }
diff --git a/core/src/test/java/org/springframework/security/task/ExplicitDelegatingSecurityContextTaskExecutorTests.java b/core/src/test/java/org/springframework/security/task/ExplicitDelegatingSecurityContextTaskExecutorTests.java
index 788e994259..2d1e5ce8b3 100644
--- a/core/src/test/java/org/springframework/security/task/ExplicitDelegatingSecurityContextTaskExecutorTests.java
+++ b/core/src/test/java/org/springframework/security/task/ExplicitDelegatingSecurityContextTaskExecutorTests.java
@@ -44,11 +44,11 @@ public class ExplicitDelegatingSecurityContextTaskExecutorTests extends Abstract
 	}
 
 	protected Executor getExecutor() {
-		return taskExecutorDelegate;
+		return this.taskExecutorDelegate;
 	}
 
 	protected DelegatingSecurityContextExecutor create() {
-		return new DelegatingSecurityContextTaskExecutor(taskExecutorDelegate, securityContext);
+		return new DelegatingSecurityContextTaskExecutor(this.taskExecutorDelegate, this.securityContext);
 	}
 
 }
diff --git a/crypto/src/main/java/org/springframework/security/crypto/argon2/Argon2EncodingUtils.java b/crypto/src/main/java/org/springframework/security/crypto/argon2/Argon2EncodingUtils.java
index 51c19da427..0424fef616 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/argon2/Argon2EncodingUtils.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/argon2/Argon2EncodingUtils.java
@@ -174,7 +174,7 @@ class Argon2EncodingUtils {
 		}
 
 		public byte[] getHash() {
-			return Arrays.clone(hash);
+			return Arrays.clone(this.hash);
 		}
 
 		public void setHash(byte[] hash) {
@@ -182,7 +182,7 @@ class Argon2EncodingUtils {
 		}
 
 		public Argon2Parameters getParameters() {
-			return parameters;
+			return this.parameters;
 		}
 
 		public void setParameters(Argon2Parameters parameters) {
diff --git a/crypto/src/main/java/org/springframework/security/crypto/argon2/Argon2PasswordEncoder.java b/crypto/src/main/java/org/springframework/security/crypto/argon2/Argon2PasswordEncoder.java
index 550da56193..75cf6b3202 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/argon2/Argon2PasswordEncoder.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/argon2/Argon2PasswordEncoder.java
@@ -83,11 +83,11 @@ public class Argon2PasswordEncoder implements PasswordEncoder {
 
 	@Override
 	public String encode(CharSequence rawPassword) {
-		byte[] salt = saltGenerator.generateKey();
-		byte[] hash = new byte[hashLength];
+		byte[] salt = this.saltGenerator.generateKey();
+		byte[] hash = new byte[this.hashLength];
 
 		Argon2Parameters params = new Argon2Parameters.Builder(Argon2Parameters.ARGON2_id).withSalt(salt)
-				.withParallelism(parallelism).withMemoryAsKB(memory).withIterations(iterations).build();
+				.withParallelism(this.parallelism).withMemoryAsKB(this.memory).withIterations(this.iterations).build();
 		Argon2BytesGenerator generator = new Argon2BytesGenerator();
 		generator.init(params);
 		generator.generateBytes(rawPassword.toString().toCharArray(), hash);
@@ -98,7 +98,7 @@ public class Argon2PasswordEncoder implements PasswordEncoder {
 	@Override
 	public boolean matches(CharSequence rawPassword, String encodedPassword) {
 		if (encodedPassword == null) {
-			logger.warn("password hash is null");
+			this.logger.warn("password hash is null");
 			return false;
 		}
 
@@ -108,7 +108,7 @@ public class Argon2PasswordEncoder implements PasswordEncoder {
 			decoded = Argon2EncodingUtils.decode(encodedPassword);
 		}
 		catch (IllegalArgumentException e) {
-			logger.warn("Malformed password hash", e);
+			this.logger.warn("Malformed password hash", e);
 			return false;
 		}
 
@@ -124,7 +124,7 @@ public class Argon2PasswordEncoder implements PasswordEncoder {
 	@Override
 	public boolean upgradeEncoding(String encodedPassword) {
 		if (encodedPassword == null || encodedPassword.length() == 0) {
-			logger.warn("password hash is null");
+			this.logger.warn("password hash is null");
 			return false;
 		}
 
diff --git a/crypto/src/main/java/org/springframework/security/crypto/bcrypt/BCrypt.java b/crypto/src/main/java/org/springframework/security/crypto/bcrypt/BCrypt.java
index f3a9f0007b..d3ee504223 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/bcrypt/BCrypt.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/bcrypt/BCrypt.java
@@ -321,23 +321,23 @@ public class BCrypt {
 	private void encipher(int lr[], int off) {
 		int i, n, l = lr[off], r = lr[off + 1];
 
-		l ^= P[0];
+		l ^= this.P[0];
 		for (i = 0; i <= BLOWFISH_NUM_ROUNDS - 2;) {
 			// Feistel substitution on left word
-			n = S[(l >> 24) & 0xff];
-			n += S[0x100 | ((l >> 16) & 0xff)];
-			n ^= S[0x200 | ((l >> 8) & 0xff)];
-			n += S[0x300 | (l & 0xff)];
-			r ^= n ^ P[++i];
+			n = this.S[(l >> 24) & 0xff];
+			n += this.S[0x100 | ((l >> 16) & 0xff)];
+			n ^= this.S[0x200 | ((l >> 8) & 0xff)];
+			n += this.S[0x300 | (l & 0xff)];
+			r ^= n ^ this.P[++i];
 
 			// Feistel substitution on right word
-			n = S[(r >> 24) & 0xff];
-			n += S[0x100 | ((r >> 16) & 0xff)];
-			n ^= S[0x200 | ((r >> 8) & 0xff)];
-			n += S[0x300 | (r & 0xff)];
-			l ^= n ^ P[++i];
+			n = this.S[(r >> 24) & 0xff];
+			n += this.S[0x100 | ((r >> 16) & 0xff)];
+			n ^= this.S[0x200 | ((r >> 8) & 0xff)];
+			n += this.S[0x300 | (r & 0xff)];
+			l ^= n ^ this.P[++i];
 		}
-		lr[off] = r ^ P[BLOWFISH_NUM_ROUNDS + 1];
+		lr[off] = r ^ this.P[BLOWFISH_NUM_ROUNDS + 1];
 		lr[off + 1] = l;
 	}
 
@@ -394,8 +394,8 @@ public class BCrypt {
 	 * Initialise the Blowfish key schedule
 	 */
 	private void init_key() {
-		P = P_orig.clone();
-		S = S_orig.clone();
+		this.P = P_orig.clone();
+		this.S = S_orig.clone();
 	}
 
 	/**
@@ -408,24 +408,24 @@ public class BCrypt {
 		int i;
 		int koffp[] = { 0 };
 		int lr[] = { 0, 0 };
-		int plen = P.length, slen = S.length;
+		int plen = this.P.length, slen = this.S.length;
 
 		for (i = 0; i < plen; i++)
 			if (!sign_ext_bug)
-				P[i] = P[i] ^ streamtoword(key, koffp);
+				this.P[i] = this.P[i] ^ streamtoword(key, koffp);
 			else
-				P[i] = P[i] ^ streamtoword_bug(key, koffp);
+				this.P[i] = this.P[i] ^ streamtoword_bug(key, koffp);
 
 		for (i = 0; i < plen; i += 2) {
 			encipher(lr, 0);
-			P[i] = lr[0];
-			P[i + 1] = lr[1];
+			this.P[i] = lr[0];
+			this.P[i + 1] = lr[1];
 		}
 
 		for (i = 0; i < slen; i += 2) {
 			encipher(lr, 0);
-			S[i] = lr[0];
-			S[i + 1] = lr[1];
+			this.S[i] = lr[0];
+			this.S[i + 1] = lr[1];
 		}
 	}
 
@@ -441,14 +441,14 @@ public class BCrypt {
 		int i;
 		int koffp[] = { 0 }, doffp[] = { 0 };
 		int lr[] = { 0, 0 };
-		int plen = P.length, slen = S.length;
+		int plen = this.P.length, slen = this.S.length;
 		int signp[] = { 0 }; // non-benign sign-extension flag
 		int diff = 0; // zero iff correct and buggy are same
 
 		for (i = 0; i < plen; i++) {
 			int words[] = streamtowords(key, koffp, signp);
 			diff |= words[0] ^ words[1];
-			P[i] = P[i] ^ words[sign_ext_bug ? 1 : 0];
+			this.P[i] = this.P[i] ^ words[sign_ext_bug ? 1 : 0];
 		}
 
 		int sign = signp[0];
@@ -479,22 +479,22 @@ public class BCrypt {
 		 * that could be directly specified by a password to the buggy algorithm (and to
 		 * the fully correct one as well, but that's a side-effect).
 		 */
-		P[0] ^= sign;
+		this.P[0] ^= sign;
 
 		for (i = 0; i < plen; i += 2) {
 			lr[0] ^= streamtoword(data, doffp);
 			lr[1] ^= streamtoword(data, doffp);
 			encipher(lr, 0);
-			P[i] = lr[0];
-			P[i + 1] = lr[1];
+			this.P[i] = lr[0];
+			this.P[i + 1] = lr[1];
 		}
 
 		for (i = 0; i < slen; i += 2) {
 			lr[0] ^= streamtoword(data, doffp);
 			lr[1] ^= streamtoword(data, doffp);
 			encipher(lr, 0);
-			S[i] = lr[0];
-			S[i + 1] = lr[1];
+			this.S[i] = lr[0];
+			this.S[i + 1] = lr[1];
 		}
 	}
 
diff --git a/crypto/src/main/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoder.java b/crypto/src/main/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoder.java
index 36d07ae755..d93d28a72f 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoder.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoder.java
@@ -106,11 +106,11 @@ public class BCryptPasswordEncoder implements PasswordEncoder {
 		}
 
 		String salt;
-		if (random != null) {
-			salt = BCrypt.gensalt(version.getVersion(), strength, random);
+		if (this.random != null) {
+			salt = BCrypt.gensalt(this.version.getVersion(), this.strength, this.random);
 		}
 		else {
-			salt = BCrypt.gensalt(version.getVersion(), strength);
+			salt = BCrypt.gensalt(this.version.getVersion(), this.strength);
 		}
 		return BCrypt.hashpw(rawPassword.toString(), salt);
 	}
@@ -121,12 +121,12 @@ public class BCryptPasswordEncoder implements PasswordEncoder {
 		}
 
 		if (encodedPassword == null || encodedPassword.length() == 0) {
-			logger.warn("Empty encoded password");
+			this.logger.warn("Empty encoded password");
 			return false;
 		}
 
-		if (!BCRYPT_PATTERN.matcher(encodedPassword).matches()) {
-			logger.warn("Encoded password does not look like BCrypt");
+		if (!this.BCRYPT_PATTERN.matcher(encodedPassword).matches()) {
+			this.logger.warn("Encoded password does not look like BCrypt");
 			return false;
 		}
 
@@ -136,11 +136,11 @@ public class BCryptPasswordEncoder implements PasswordEncoder {
 	@Override
 	public boolean upgradeEncoding(String encodedPassword) {
 		if (encodedPassword == null || encodedPassword.length() == 0) {
-			logger.warn("Empty encoded password");
+			this.logger.warn("Empty encoded password");
 			return false;
 		}
 
-		Matcher matcher = BCRYPT_PATTERN.matcher(encodedPassword);
+		Matcher matcher = this.BCRYPT_PATTERN.matcher(encodedPassword);
 		if (!matcher.matches()) {
 			throw new IllegalArgumentException("Encoded password does not look like BCrypt: " + encodedPassword);
 		}
diff --git a/crypto/src/main/java/org/springframework/security/crypto/encrypt/BouncyCastleAesCbcBytesEncryptor.java b/crypto/src/main/java/org/springframework/security/crypto/encrypt/BouncyCastleAesCbcBytesEncryptor.java
index bd60fe5236..4ddcd5684a 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/encrypt/BouncyCastleAesCbcBytesEncryptor.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/encrypt/BouncyCastleAesCbcBytesEncryptor.java
@@ -53,7 +53,7 @@ public class BouncyCastleAesCbcBytesEncryptor extends BouncyCastleAesBytesEncryp
 		@SuppressWarnings("deprecation")
 		PaddedBufferedBlockCipher blockCipher = new PaddedBufferedBlockCipher(
 				new CBCBlockCipher(new org.bouncycastle.crypto.engines.AESFastEngine()), new PKCS7Padding());
-		blockCipher.init(true, new ParametersWithIV(secretKey, iv));
+		blockCipher.init(true, new ParametersWithIV(this.secretKey, iv));
 		byte[] encrypted = process(blockCipher, bytes);
 		return iv != null ? concatenate(iv, encrypted) : encrypted;
 	}
@@ -66,7 +66,7 @@ public class BouncyCastleAesCbcBytesEncryptor extends BouncyCastleAesBytesEncryp
 		@SuppressWarnings("deprecation")
 		PaddedBufferedBlockCipher blockCipher = new PaddedBufferedBlockCipher(
 				new CBCBlockCipher(new org.bouncycastle.crypto.engines.AESFastEngine()), new PKCS7Padding());
-		blockCipher.init(false, new ParametersWithIV(secretKey, iv));
+		blockCipher.init(false, new ParametersWithIV(this.secretKey, iv));
 		return process(blockCipher, encryptedBytes);
 	}
 
diff --git a/crypto/src/main/java/org/springframework/security/crypto/encrypt/BouncyCastleAesGcmBytesEncryptor.java b/crypto/src/main/java/org/springframework/security/crypto/encrypt/BouncyCastleAesGcmBytesEncryptor.java
index bc43375fbc..d017530c0a 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/encrypt/BouncyCastleAesGcmBytesEncryptor.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/encrypt/BouncyCastleAesGcmBytesEncryptor.java
@@ -50,7 +50,7 @@ public class BouncyCastleAesGcmBytesEncryptor extends BouncyCastleAesBytesEncryp
 
 		@SuppressWarnings("deprecation")
 		GCMBlockCipher blockCipher = new GCMBlockCipher(new org.bouncycastle.crypto.engines.AESFastEngine());
-		blockCipher.init(true, new AEADParameters(secretKey, 128, iv, null));
+		blockCipher.init(true, new AEADParameters(this.secretKey, 128, iv, null));
 
 		byte[] encrypted = process(blockCipher, bytes);
 		return iv != null ? concatenate(iv, encrypted) : encrypted;
@@ -63,7 +63,7 @@ public class BouncyCastleAesGcmBytesEncryptor extends BouncyCastleAesBytesEncryp
 
 		@SuppressWarnings("deprecation")
 		GCMBlockCipher blockCipher = new GCMBlockCipher(new org.bouncycastle.crypto.engines.AESFastEngine());
-		blockCipher.init(false, new AEADParameters(secretKey, 128, iv, null));
+		blockCipher.init(false, new AEADParameters(this.secretKey, 128, iv, null));
 		return process(blockCipher, encryptedBytes);
 	}
 
diff --git a/crypto/src/main/java/org/springframework/security/crypto/encrypt/HexEncodingTextEncryptor.java b/crypto/src/main/java/org/springframework/security/crypto/encrypt/HexEncodingTextEncryptor.java
index 8407dd8704..e8c51d79cd 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/encrypt/HexEncodingTextEncryptor.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/encrypt/HexEncodingTextEncryptor.java
@@ -34,11 +34,11 @@ final class HexEncodingTextEncryptor implements TextEncryptor {
 	}
 
 	public String encrypt(String text) {
-		return new String(Hex.encode(encryptor.encrypt(Utf8.encode(text))));
+		return new String(Hex.encode(this.encryptor.encrypt(Utf8.encode(text))));
 	}
 
 	public String decrypt(String encryptedText) {
-		return Utf8.decode(encryptor.decrypt(Hex.decode(encryptedText)));
+		return Utf8.decode(this.encryptor.decrypt(Hex.decode(encryptedText)));
 	}
 
 }
diff --git a/crypto/src/main/java/org/springframework/security/crypto/keygen/HexEncodingStringKeyGenerator.java b/crypto/src/main/java/org/springframework/security/crypto/keygen/HexEncodingStringKeyGenerator.java
index 0ce886425c..fa00b501ce 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/keygen/HexEncodingStringKeyGenerator.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/keygen/HexEncodingStringKeyGenerator.java
@@ -32,7 +32,7 @@ final class HexEncodingStringKeyGenerator implements StringKeyGenerator {
 	}
 
 	public String generateKey() {
-		return new String(Hex.encode(keyGenerator.generateKey()));
+		return new String(Hex.encode(this.keyGenerator.generateKey()));
 	}
 
 }
diff --git a/crypto/src/main/java/org/springframework/security/crypto/keygen/SecureRandomBytesKeyGenerator.java b/crypto/src/main/java/org/springframework/security/crypto/keygen/SecureRandomBytesKeyGenerator.java
index f04577802d..e32cf34aae 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/keygen/SecureRandomBytesKeyGenerator.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/keygen/SecureRandomBytesKeyGenerator.java
@@ -47,12 +47,12 @@ final class SecureRandomBytesKeyGenerator implements BytesKeyGenerator {
 	}
 
 	public int getKeyLength() {
-		return keyLength;
+		return this.keyLength;
 	}
 
 	public byte[] generateKey() {
-		byte[] bytes = new byte[keyLength];
-		random.nextBytes(bytes);
+		byte[] bytes = new byte[this.keyLength];
+		this.random.nextBytes(bytes);
 		return bytes;
 	}
 
diff --git a/crypto/src/main/java/org/springframework/security/crypto/keygen/SharedKeyGenerator.java b/crypto/src/main/java/org/springframework/security/crypto/keygen/SharedKeyGenerator.java
index 5b9e7f5638..58b5f53645 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/keygen/SharedKeyGenerator.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/keygen/SharedKeyGenerator.java
@@ -31,11 +31,11 @@ final class SharedKeyGenerator implements BytesKeyGenerator {
 	}
 
 	public int getKeyLength() {
-		return sharedKey.length;
+		return this.sharedKey.length;
 	}
 
 	public byte[] generateKey() {
-		return sharedKey;
+		return this.sharedKey;
 	}
 
 }
diff --git a/crypto/src/main/java/org/springframework/security/crypto/password/Digester.java b/crypto/src/main/java/org/springframework/security/crypto/password/Digester.java
index b14feb22e3..7e4755512c 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/password/Digester.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/password/Digester.java
@@ -46,8 +46,8 @@ final class Digester {
 	}
 
 	public byte[] digest(byte[] value) {
-		MessageDigest messageDigest = createDigest(algorithm);
-		for (int i = 0; i < iterations; i++) {
+		MessageDigest messageDigest = createDigest(this.algorithm);
+		for (int i = 0; i < this.iterations; i++) {
 			value = messageDigest.digest(value);
 		}
 		return value;
diff --git a/crypto/src/main/java/org/springframework/security/crypto/password/LdapShaPasswordEncoder.java b/crypto/src/main/java/org/springframework/security/crypto/password/LdapShaPasswordEncoder.java
index 91e5fa6d23..d322d36aec 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/password/LdapShaPasswordEncoder.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/password/LdapShaPasswordEncoder.java
@@ -116,10 +116,10 @@ public class LdapShaPasswordEncoder implements PasswordEncoder {
 		String prefix;
 
 		if (salt == null || salt.length == 0) {
-			prefix = forceLowerCasePrefix ? SHA_PREFIX_LC : SHA_PREFIX;
+			prefix = this.forceLowerCasePrefix ? SHA_PREFIX_LC : SHA_PREFIX;
 		}
 		else {
-			prefix = forceLowerCasePrefix ? SSHA_PREFIX_LC : SSHA_PREFIX;
+			prefix = this.forceLowerCasePrefix ? SSHA_PREFIX_LC : SSHA_PREFIX;
 		}
 
 		return prefix + Utf8.decode(Base64.getEncoder().encode(hash));
diff --git a/crypto/src/main/java/org/springframework/security/crypto/password/Md4.java b/crypto/src/main/java/org/springframework/security/crypto/password/Md4.java
index ea5101cfb2..20fe205baf 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/password/Md4.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/password/Md4.java
@@ -42,12 +42,12 @@ class Md4 {
 	}
 
 	public void reset() {
-		bufferOffset = 0;
-		byteCount = 0;
-		state[0] = 0x67452301;
-		state[1] = 0xEFCDAB89;
-		state[2] = 0x98BADCFE;
-		state[3] = 0x10325476;
+		this.bufferOffset = 0;
+		this.byteCount = 0;
+		this.state[0] = 0x67452301;
+		this.state[1] = 0xEFCDAB89;
+		this.state[2] = 0x98BADCFE;
+		this.state[3] = 0x10325476;
 	}
 
 	public byte[] digest() {
@@ -59,7 +59,7 @@ class Md4 {
 	private void digest(byte[] buffer, int off) {
 		for (int i = 0; i < 4; i++) {
 			for (int j = 0; j < 4; j++) {
-				buffer[off + (i * 4 + j)] = (byte) (state[i] >>> (8 * j));
+				buffer[off + (i * 4 + j)] = (byte) (this.state[i] >>> (8 * j));
 			}
 		}
 	}
@@ -80,7 +80,7 @@ class Md4 {
 			this.buffer[this.bufferOffset++] = (byte) 0x00;
 		}
 
-		long bitCount = byteCount * 8;
+		long bitCount = this.byteCount * 8;
 		for (int i = 0; i < 64; i += 8) {
 			this.buffer[this.bufferOffset++] = (byte) (bitCount >>> (i));
 		}
@@ -90,7 +90,7 @@ class Md4 {
 	}
 
 	public void update(byte[] input, int offset, int length) {
-		byteCount += length;
+		this.byteCount += length;
 		int todo;
 		while (length >= (todo = BLOCK_SIZE - this.bufferOffset)) {
 			System.arraycopy(input, offset, this.buffer, this.bufferOffset, todo);
@@ -101,75 +101,75 @@ class Md4 {
 		}
 
 		System.arraycopy(input, offset, this.buffer, this.bufferOffset, length);
-		bufferOffset += length;
+		this.bufferOffset += length;
 	}
 
 	private void update(byte[] block, int offset) {
 		for (int i = 0; i < 16; i++) {
-			tmp[i] = (block[offset++] & 0xFF) | (block[offset++] & 0xFF) << 8 | (block[offset++] & 0xFF) << 16
+			this.tmp[i] = (block[offset++] & 0xFF) | (block[offset++] & 0xFF) << 8 | (block[offset++] & 0xFF) << 16
 					| (block[offset++] & 0xFF) << 24;
 		}
 
-		int A = state[0];
-		int B = state[1];
-		int C = state[2];
-		int D = state[3];
+		int A = this.state[0];
+		int B = this.state[1];
+		int C = this.state[2];
+		int D = this.state[3];
 
-		A = FF(A, B, C, D, tmp[0], 3);
-		D = FF(D, A, B, C, tmp[1], 7);
-		C = FF(C, D, A, B, tmp[2], 11);
-		B = FF(B, C, D, A, tmp[3], 19);
-		A = FF(A, B, C, D, tmp[4], 3);
-		D = FF(D, A, B, C, tmp[5], 7);
-		C = FF(C, D, A, B, tmp[6], 11);
-		B = FF(B, C, D, A, tmp[7], 19);
-		A = FF(A, B, C, D, tmp[8], 3);
-		D = FF(D, A, B, C, tmp[9], 7);
-		C = FF(C, D, A, B, tmp[10], 11);
-		B = FF(B, C, D, A, tmp[11], 19);
-		A = FF(A, B, C, D, tmp[12], 3);
-		D = FF(D, A, B, C, tmp[13], 7);
-		C = FF(C, D, A, B, tmp[14], 11);
-		B = FF(B, C, D, A, tmp[15], 19);
+		A = FF(A, B, C, D, this.tmp[0], 3);
+		D = FF(D, A, B, C, this.tmp[1], 7);
+		C = FF(C, D, A, B, this.tmp[2], 11);
+		B = FF(B, C, D, A, this.tmp[3], 19);
+		A = FF(A, B, C, D, this.tmp[4], 3);
+		D = FF(D, A, B, C, this.tmp[5], 7);
+		C = FF(C, D, A, B, this.tmp[6], 11);
+		B = FF(B, C, D, A, this.tmp[7], 19);
+		A = FF(A, B, C, D, this.tmp[8], 3);
+		D = FF(D, A, B, C, this.tmp[9], 7);
+		C = FF(C, D, A, B, this.tmp[10], 11);
+		B = FF(B, C, D, A, this.tmp[11], 19);
+		A = FF(A, B, C, D, this.tmp[12], 3);
+		D = FF(D, A, B, C, this.tmp[13], 7);
+		C = FF(C, D, A, B, this.tmp[14], 11);
+		B = FF(B, C, D, A, this.tmp[15], 19);
 
-		A = GG(A, B, C, D, tmp[0], 3);
-		D = GG(D, A, B, C, tmp[4], 5);
-		C = GG(C, D, A, B, tmp[8], 9);
-		B = GG(B, C, D, A, tmp[12], 13);
-		A = GG(A, B, C, D, tmp[1], 3);
-		D = GG(D, A, B, C, tmp[5], 5);
-		C = GG(C, D, A, B, tmp[9], 9);
-		B = GG(B, C, D, A, tmp[13], 13);
-		A = GG(A, B, C, D, tmp[2], 3);
-		D = GG(D, A, B, C, tmp[6], 5);
-		C = GG(C, D, A, B, tmp[10], 9);
-		B = GG(B, C, D, A, tmp[14], 13);
-		A = GG(A, B, C, D, tmp[3], 3);
-		D = GG(D, A, B, C, tmp[7], 5);
-		C = GG(C, D, A, B, tmp[11], 9);
-		B = GG(B, C, D, A, tmp[15], 13);
+		A = GG(A, B, C, D, this.tmp[0], 3);
+		D = GG(D, A, B, C, this.tmp[4], 5);
+		C = GG(C, D, A, B, this.tmp[8], 9);
+		B = GG(B, C, D, A, this.tmp[12], 13);
+		A = GG(A, B, C, D, this.tmp[1], 3);
+		D = GG(D, A, B, C, this.tmp[5], 5);
+		C = GG(C, D, A, B, this.tmp[9], 9);
+		B = GG(B, C, D, A, this.tmp[13], 13);
+		A = GG(A, B, C, D, this.tmp[2], 3);
+		D = GG(D, A, B, C, this.tmp[6], 5);
+		C = GG(C, D, A, B, this.tmp[10], 9);
+		B = GG(B, C, D, A, this.tmp[14], 13);
+		A = GG(A, B, C, D, this.tmp[3], 3);
+		D = GG(D, A, B, C, this.tmp[7], 5);
+		C = GG(C, D, A, B, this.tmp[11], 9);
+		B = GG(B, C, D, A, this.tmp[15], 13);
 
-		A = HH(A, B, C, D, tmp[0], 3);
-		D = HH(D, A, B, C, tmp[8], 9);
-		C = HH(C, D, A, B, tmp[4], 11);
-		B = HH(B, C, D, A, tmp[12], 15);
-		A = HH(A, B, C, D, tmp[2], 3);
-		D = HH(D, A, B, C, tmp[10], 9);
-		C = HH(C, D, A, B, tmp[6], 11);
-		B = HH(B, C, D, A, tmp[14], 15);
-		A = HH(A, B, C, D, tmp[1], 3);
-		D = HH(D, A, B, C, tmp[9], 9);
-		C = HH(C, D, A, B, tmp[5], 11);
-		B = HH(B, C, D, A, tmp[13], 15);
-		A = HH(A, B, C, D, tmp[3], 3);
-		D = HH(D, A, B, C, tmp[11], 9);
-		C = HH(C, D, A, B, tmp[7], 11);
-		B = HH(B, C, D, A, tmp[15], 15);
+		A = HH(A, B, C, D, this.tmp[0], 3);
+		D = HH(D, A, B, C, this.tmp[8], 9);
+		C = HH(C, D, A, B, this.tmp[4], 11);
+		B = HH(B, C, D, A, this.tmp[12], 15);
+		A = HH(A, B, C, D, this.tmp[2], 3);
+		D = HH(D, A, B, C, this.tmp[10], 9);
+		C = HH(C, D, A, B, this.tmp[6], 11);
+		B = HH(B, C, D, A, this.tmp[14], 15);
+		A = HH(A, B, C, D, this.tmp[1], 3);
+		D = HH(D, A, B, C, this.tmp[9], 9);
+		C = HH(C, D, A, B, this.tmp[5], 11);
+		B = HH(B, C, D, A, this.tmp[13], 15);
+		A = HH(A, B, C, D, this.tmp[3], 3);
+		D = HH(D, A, B, C, this.tmp[11], 9);
+		C = HH(C, D, A, B, this.tmp[7], 11);
+		B = HH(B, C, D, A, this.tmp[15], 15);
 
-		state[0] += A;
-		state[1] += B;
-		state[2] += C;
-		state[3] += D;
+		this.state[0] += A;
+		this.state[1] += B;
+		this.state[2] += C;
+		this.state[3] += D;
 	}
 
 	private int FF(int a, int b, int c, int d, int x, int s) {
diff --git a/crypto/src/main/java/org/springframework/security/crypto/password/StandardPasswordEncoder.java b/crypto/src/main/java/org/springframework/security/crypto/password/StandardPasswordEncoder.java
index 2164e1fd88..f9160a4af0 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/password/StandardPasswordEncoder.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/password/StandardPasswordEncoder.java
@@ -74,12 +74,12 @@ public final class StandardPasswordEncoder implements PasswordEncoder {
 	}
 
 	public String encode(CharSequence rawPassword) {
-		return encode(rawPassword, saltGenerator.generateKey());
+		return encode(rawPassword, this.saltGenerator.generateKey());
 	}
 
 	public boolean matches(CharSequence rawPassword, String encodedPassword) {
 		byte[] digested = decode(encodedPassword);
-		byte[] salt = subArray(digested, 0, saltGenerator.getKeyLength());
+		byte[] salt = subArray(digested, 0, this.saltGenerator.getKeyLength());
 		return MessageDigest.isEqual(digested, digest(rawPassword, salt));
 	}
 
@@ -97,7 +97,7 @@ public final class StandardPasswordEncoder implements PasswordEncoder {
 	}
 
 	private byte[] digest(CharSequence rawPassword, byte[] salt) {
-		byte[] digest = digester.digest(concatenate(salt, secret, Utf8.encode(rawPassword)));
+		byte[] digest = this.digester.digest(concatenate(salt, this.secret, Utf8.encode(rawPassword)));
 		return concatenate(salt, digest);
 	}
 
diff --git a/crypto/src/main/java/org/springframework/security/crypto/scrypt/SCryptPasswordEncoder.java b/crypto/src/main/java/org/springframework/security/crypto/scrypt/SCryptPasswordEncoder.java
index ebd5f6d059..c496c6c907 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/scrypt/SCryptPasswordEncoder.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/scrypt/SCryptPasswordEncoder.java
@@ -117,12 +117,12 @@ public class SCryptPasswordEncoder implements PasswordEncoder {
 	}
 
 	public String encode(CharSequence rawPassword) {
-		return digest(rawPassword, saltGenerator.generateKey());
+		return digest(rawPassword, this.saltGenerator.generateKey());
 	}
 
 	public boolean matches(CharSequence rawPassword, String encodedPassword) {
-		if (encodedPassword == null || encodedPassword.length() < keyLength) {
-			logger.warn("Empty encoded password");
+		if (encodedPassword == null || encodedPassword.length() < this.keyLength) {
+			this.logger.warn("Empty encoded password");
 			return false;
 		}
 		return decodeAndCheckMatches(rawPassword, encodedPassword);
@@ -165,17 +165,18 @@ public class SCryptPasswordEncoder implements PasswordEncoder {
 		int parallelization = (int) params & 0xff;
 
 		byte[] generated = SCrypt.generate(Utf8.encode(rawPassword), salt, cpuCost, memoryCost, parallelization,
-				keyLength);
+				this.keyLength);
 
 		return MessageDigest.isEqual(derived, generated);
 	}
 
 	private String digest(CharSequence rawPassword, byte[] salt) {
-		byte[] derived = SCrypt.generate(Utf8.encode(rawPassword), salt, cpuCost, memoryCost, parallelization,
-				keyLength);
+		byte[] derived = SCrypt.generate(Utf8.encode(rawPassword), salt, this.cpuCost, this.memoryCost,
+				this.parallelization, this.keyLength);
 
-		String params = Long
-				.toString(((int) (Math.log(cpuCost) / Math.log(2)) << 16L) | memoryCost << 8 | parallelization, 16);
+		String params = Long.toString(
+				((int) (Math.log(this.cpuCost) / Math.log(2)) << 16L) | this.memoryCost << 8 | this.parallelization,
+				16);
 
 		StringBuilder sb = new StringBuilder((salt.length + derived.length) * 2);
 		sb.append("$").append(params).append('$');
diff --git a/crypto/src/test/java/org/springframework/security/crypto/argon2/Argon2EncodingUtilsTests.java b/crypto/src/test/java/org/springframework/security/crypto/argon2/Argon2EncodingUtilsTests.java
index 8a3ca5e371..e3f4391401 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/argon2/Argon2EncodingUtilsTests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/argon2/Argon2EncodingUtilsTests.java
@@ -31,38 +31,38 @@ public class Argon2EncodingUtilsTests {
 
 	private TestDataEntry testDataEntry1 = new TestDataEntry(
 			"$argon2i$v=19$m=1024,t=3,p=2$Y1JkRmJDdzIzZ3oyTWx4aw$cGE5Cbd/cx7micVhXVBdH5qTr66JI1iUyuNNVAnErXs",
-			new Argon2EncodingUtils.Argon2Hash(decoder.decode("cGE5Cbd/cx7micVhXVBdH5qTr66JI1iUyuNNVAnErXs"),
+			new Argon2EncodingUtils.Argon2Hash(this.decoder.decode("cGE5Cbd/cx7micVhXVBdH5qTr66JI1iUyuNNVAnErXs"),
 					(new Argon2Parameters.Builder(Argon2Parameters.ARGON2_i)).withVersion(19).withMemoryAsKB(1024)
 							.withIterations(3).withParallelism(2).withSalt("cRdFbCw23gz2Mlxk".getBytes()).build()));
 
 	private TestDataEntry testDataEntry2 = new TestDataEntry(
 			"$argon2id$v=19$m=333,t=5,p=2$JDR8N3k1QWx0$+PrEoHOHsWkU9lnsxqnOFrWTVEuOh7ZRIUIbe2yUG8FgTYNCWJfHQI09JAAFKzr2JAvoejEpTMghUt0WsntQYA",
 			new Argon2EncodingUtils.Argon2Hash(
-					decoder.decode(
+					this.decoder.decode(
 							"+PrEoHOHsWkU9lnsxqnOFrWTVEuOh7ZRIUIbe2yUG8FgTYNCWJfHQI09JAAFKzr2JAvoejEpTMghUt0WsntQYA"),
 					(new Argon2Parameters.Builder(Argon2Parameters.ARGON2_id)).withVersion(19).withMemoryAsKB(333)
 							.withIterations(5).withParallelism(2).withSalt("$4|7y5Alt".getBytes()).build()));
 
 	@Test
 	public void decodeWhenValidEncodedHashWithIThenDecodeCorrectly() {
-		assertArgon2HashEquals(testDataEntry1.decoded, Argon2EncodingUtils.decode(testDataEntry1.encoded));
+		assertArgon2HashEquals(this.testDataEntry1.decoded, Argon2EncodingUtils.decode(this.testDataEntry1.encoded));
 	}
 
 	@Test
 	public void decodeWhenValidEncodedHashWithIDThenDecodeCorrectly() {
-		assertArgon2HashEquals(testDataEntry2.decoded, Argon2EncodingUtils.decode(testDataEntry2.encoded));
+		assertArgon2HashEquals(this.testDataEntry2.decoded, Argon2EncodingUtils.decode(this.testDataEntry2.encoded));
 	}
 
 	@Test
 	public void encodeWhenValidArgumentsWithIThenEncodeToCorrectHash() {
-		assertThat(Argon2EncodingUtils.encode(testDataEntry1.decoded.getHash(), testDataEntry1.decoded.getParameters()))
-				.isEqualTo(testDataEntry1.encoded);
+		assertThat(Argon2EncodingUtils.encode(this.testDataEntry1.decoded.getHash(),
+				this.testDataEntry1.decoded.getParameters())).isEqualTo(this.testDataEntry1.encoded);
 	}
 
 	@Test
 	public void encodeWhenValidArgumentsWithID2ThenEncodeToCorrectHash() {
-		assertThat(Argon2EncodingUtils.encode(testDataEntry2.decoded.getHash(), testDataEntry2.decoded.getParameters()))
-				.isEqualTo(testDataEntry2.encoded);
+		assertThat(Argon2EncodingUtils.encode(this.testDataEntry2.decoded.getHash(),
+				this.testDataEntry2.decoded.getParameters())).isEqualTo(this.testDataEntry2.encoded);
 	}
 
 	@Test(expected = IllegalArgumentException.class)
diff --git a/crypto/src/test/java/org/springframework/security/crypto/argon2/Argon2PasswordEncoderTests.java b/crypto/src/test/java/org/springframework/security/crypto/argon2/Argon2PasswordEncoderTests.java
index ab7a560399..da18ccbedc 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/argon2/Argon2PasswordEncoderTests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/argon2/Argon2PasswordEncoderTests.java
@@ -41,47 +41,47 @@ public class Argon2PasswordEncoderTests {
 
 	@Test
 	public void encodeDoesNotEqualPassword() {
-		String result = encoder.encode("password");
+		String result = this.encoder.encode("password");
 		assertThat(result).isNotEqualTo("password");
 	}
 
 	@Test
 	public void encodeWhenEqualPasswordThenMatches() {
-		String result = encoder.encode("password");
-		assertThat(encoder.matches("password", result)).isTrue();
+		String result = this.encoder.encode("password");
+		assertThat(this.encoder.matches("password", result)).isTrue();
 	}
 
 	@Test
 	public void encodeWhenEqualWithUnicodeThenMatches() {
-		String result = encoder.encode("passw\u9292rd");
-		assertThat(encoder.matches("pass\u9292\u9292rd", result)).isFalse();
-		assertThat(encoder.matches("passw\u9292rd", result)).isTrue();
+		String result = this.encoder.encode("passw\u9292rd");
+		assertThat(this.encoder.matches("pass\u9292\u9292rd", result)).isFalse();
+		assertThat(this.encoder.matches("passw\u9292rd", result)).isTrue();
 	}
 
 	@Test
 	public void encodeWhenNotEqualThenNotMatches() {
-		String result = encoder.encode("password");
-		assertThat(encoder.matches("bogus", result)).isFalse();
+		String result = this.encoder.encode("password");
+		assertThat(this.encoder.matches("bogus", result)).isFalse();
 	}
 
 	@Test
 	public void encodeWhenEqualPasswordWithCustomParamsThenMatches() {
-		encoder = new Argon2PasswordEncoder(20, 64, 4, 256, 4);
-		String result = encoder.encode("password");
-		assertThat(encoder.matches("password", result)).isTrue();
+		this.encoder = new Argon2PasswordEncoder(20, 64, 4, 256, 4);
+		String result = this.encoder.encode("password");
+		assertThat(this.encoder.matches("password", result)).isTrue();
 	}
 
 	@Test
 	public void encodeWhenRanTwiceThenResultsNotEqual() {
 		String password = "secret";
-		assertThat(encoder.encode(password)).isNotEqualTo(encoder.encode(password));
+		assertThat(this.encoder.encode(password)).isNotEqualTo(this.encoder.encode(password));
 	}
 
 	@Test
 	public void encodeWhenRanTwiceWithCustomParamsThenNotEquals() {
-		encoder = new Argon2PasswordEncoder(20, 64, 4, 256, 4);
+		this.encoder = new Argon2PasswordEncoder(20, 64, 4, 256, 4);
 		String password = "secret";
-		assertThat(encoder.encode(password)).isNotEqualTo(encoder.encode(password));
+		assertThat(this.encoder.encode(password)).isNotEqualTo(this.encoder.encode(password));
 	}
 
 	@Test
@@ -96,24 +96,24 @@ public class Argon2PasswordEncoderTests {
 
 	@Test
 	public void matchesWhenEncodedPassIsNullThenFalse() {
-		assertThat(encoder.matches("password", null)).isFalse();
+		assertThat(this.encoder.matches("password", null)).isFalse();
 	}
 
 	@Test
 	public void matchesWhenEncodedPassIsEmptyThenFalse() {
-		assertThat(encoder.matches("password", "")).isFalse();
+		assertThat(this.encoder.matches("password", "")).isFalse();
 	}
 
 	@Test
 	public void matchesWhenEncodedPassIsBogusThenFalse() {
-		assertThat(encoder.matches("password", "012345678901234567890123456789")).isFalse();
+		assertThat(this.encoder.matches("password", "012345678901234567890123456789")).isFalse();
 	}
 
 	@Test
 	public void encodeWhenUsingPredictableSaltThenEqualTestHash() throws Exception {
 		injectPredictableSaltGen();
 
-		String hash = encoder.encode("sometestpassword");
+		String hash = this.encoder.encode("sometestpassword");
 
 		assertThat(hash).isEqualTo(
 				"$argon2id$v=19$m=4096,t=3,p=1$QUFBQUFBQUFBQUFBQUFBQQ$hmmTNyJlwbb6HAvFoHFWF+u03fdb0F2qA+39oPlcAqo");
@@ -121,9 +121,9 @@ public class Argon2PasswordEncoderTests {
 
 	@Test
 	public void encodeWhenUsingPredictableSaltWithCustomParamsThenEqualTestHash() throws Exception {
-		encoder = new Argon2PasswordEncoder(16, 32, 4, 512, 5);
+		this.encoder = new Argon2PasswordEncoder(16, 32, 4, 512, 5);
 		injectPredictableSaltGen();
-		String hash = encoder.encode("sometestpassword");
+		String hash = this.encoder.encode("sometestpassword");
 
 		assertThat(hash).isEqualTo(
 				"$argon2id$v=19$m=512,t=5,p=4$QUFBQUFBQUFBQUFBQUFBQQ$PNv4C3K50bz3rmON+LtFpdisD7ePieLNq+l5iUHgc1k");
@@ -131,16 +131,16 @@ public class Argon2PasswordEncoderTests {
 
 	@Test
 	public void upgradeEncodingWhenSameEncodingThenFalse() {
-		String hash = encoder.encode("password");
+		String hash = this.encoder.encode("password");
 
-		assertThat(encoder.upgradeEncoding(hash)).isFalse();
+		assertThat(this.encoder.upgradeEncoding(hash)).isFalse();
 	}
 
 	@Test
 	public void upgradeEncodingWhenSameStandardParamsThenFalse() {
 		Argon2PasswordEncoder newEncoder = new Argon2PasswordEncoder();
 
-		String hash = encoder.encode("password");
+		String hash = this.encoder.encode("password");
 
 		assertThat(newEncoder.upgradeEncoding(hash)).isFalse();
 	}
@@ -187,30 +187,30 @@ public class Argon2PasswordEncoderTests {
 
 	@Test
 	public void upgradeEncodingWhenEncodedPassIsNullThenFalse() {
-		assertThat(encoder.upgradeEncoding(null)).isFalse();
+		assertThat(this.encoder.upgradeEncoding(null)).isFalse();
 	}
 
 	@Test
 	public void upgradeEncodingWhenEncodedPassIsEmptyThenFalse() {
-		assertThat(encoder.upgradeEncoding("")).isFalse();
+		assertThat(this.encoder.upgradeEncoding("")).isFalse();
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void upgradeEncodingWhenEncodedPassIsBogusThenThrowException() {
-		encoder.upgradeEncoding("thisIsNoValidHash");
+		this.encoder.upgradeEncoding("thisIsNoValidHash");
 	}
 
 	private void injectPredictableSaltGen() throws Exception {
 		byte[] bytes = new byte[16];
 		Arrays.fill(bytes, (byte) 0x41);
-		Mockito.when(keyGeneratorMock.generateKey()).thenReturn(bytes);
+		Mockito.when(this.keyGeneratorMock.generateKey()).thenReturn(bytes);
 
 		// we can't use the @InjectMock-annotation because the salt-generator is set in
 		// the constructor
 		// and Mockito will only inject mocks if they are null
-		Field saltGen = encoder.getClass().getDeclaredField("saltGenerator");
+		Field saltGen = this.encoder.getClass().getDeclaredField("saltGenerator");
 		saltGen.setAccessible(true);
-		saltGen.set(encoder, keyGeneratorMock);
+		saltGen.set(this.encoder, this.keyGeneratorMock);
 		saltGen.setAccessible(false);
 	}
 
diff --git a/crypto/src/test/java/org/springframework/security/crypto/codec/HexTests.java b/crypto/src/test/java/org/springframework/security/crypto/codec/HexTests.java
index ccfec27b5f..f5d53d3a19 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/codec/HexTests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/codec/HexTests.java
@@ -54,29 +54,29 @@ public class HexTests {
 
 	@Test
 	public void decodeNotEven() {
-		expectedException.expect(IllegalArgumentException.class);
-		expectedException.expectMessage("Hex-encoded string must have an even number of characters");
+		this.expectedException.expect(IllegalArgumentException.class);
+		this.expectedException.expectMessage("Hex-encoded string must have an even number of characters");
 		Hex.decode("414243444");
 	}
 
 	@Test
 	public void decodeExistNonHexCharAtFirst() {
-		expectedException.expect(IllegalArgumentException.class);
-		expectedException.expectMessage("Detected a Non-hex character at 1 or 2 position");
+		this.expectedException.expect(IllegalArgumentException.class);
+		this.expectedException.expectMessage("Detected a Non-hex character at 1 or 2 position");
 		Hex.decode("G0");
 	}
 
 	@Test
 	public void decodeExistNonHexCharAtSecond() {
-		expectedException.expect(IllegalArgumentException.class);
-		expectedException.expectMessage("Detected a Non-hex character at 3 or 4 position");
+		this.expectedException.expect(IllegalArgumentException.class);
+		this.expectedException.expectMessage("Detected a Non-hex character at 3 or 4 position");
 		Hex.decode("410G");
 	}
 
 	@Test
 	public void decodeExistNonHexCharAtBoth() {
-		expectedException.expect(IllegalArgumentException.class);
-		expectedException.expectMessage("Detected a Non-hex character at 5 or 6 position");
+		this.expectedException.expect(IllegalArgumentException.class);
+		this.expectedException.expectMessage("Detected a Non-hex character at 5 or 6 position");
 		Hex.decode("4142GG");
 	}
 
diff --git a/crypto/src/test/java/org/springframework/security/crypto/encrypt/BouncyCastleAesBytesEncryptorEquivalencyTests.java b/crypto/src/test/java/org/springframework/security/crypto/encrypt/BouncyCastleAesBytesEncryptorEquivalencyTests.java
index 71cf37a9f7..199d213d52 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/encrypt/BouncyCastleAesBytesEncryptorEquivalencyTests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/encrypt/BouncyCastleAesBytesEncryptorEquivalencyTests.java
@@ -41,64 +41,65 @@ public class BouncyCastleAesBytesEncryptorEquivalencyTests {
 	@Before
 	public void setup() {
 		// generate random password, salt, and test data
-		password = UUID.randomUUID().toString();
+		this.password = UUID.randomUUID().toString();
 		/** insecure salt byte, recommend 64 or larger than 64 */
 		byte[] saltBytes = new byte[16];
-		secureRandom.nextBytes(saltBytes);
-		salt = new String(Hex.encode(saltBytes));
+		this.secureRandom.nextBytes(saltBytes);
+		this.salt = new String(Hex.encode(saltBytes));
 	}
 
 	@Test
 	public void bouncyCastleAesCbcWithPredictableIvEquvalent() throws Exception {
 		CryptoAssumptions.assumeCBCJCE();
-		BytesEncryptor bcEncryptor = new BouncyCastleAesCbcBytesEncryptor(password, salt,
+		BytesEncryptor bcEncryptor = new BouncyCastleAesCbcBytesEncryptor(this.password, this.salt,
+				new PredictableRandomBytesKeyGenerator(16));
+		BytesEncryptor jceEncryptor = new AesBytesEncryptor(this.password, this.salt,
 				new PredictableRandomBytesKeyGenerator(16));
-		BytesEncryptor jceEncryptor = new AesBytesEncryptor(password, salt, new PredictableRandomBytesKeyGenerator(16));
 		testEquivalence(bcEncryptor, jceEncryptor);
 	}
 
 	@Test
 	public void bouncyCastleAesCbcWithSecureIvCompatible() throws Exception {
 		CryptoAssumptions.assumeCBCJCE();
-		BytesEncryptor bcEncryptor = new BouncyCastleAesCbcBytesEncryptor(password, salt,
+		BytesEncryptor bcEncryptor = new BouncyCastleAesCbcBytesEncryptor(this.password, this.salt,
 				KeyGenerators.secureRandom(16));
-		BytesEncryptor jceEncryptor = new AesBytesEncryptor(password, salt, KeyGenerators.secureRandom(16));
+		BytesEncryptor jceEncryptor = new AesBytesEncryptor(this.password, this.salt, KeyGenerators.secureRandom(16));
 		testCompatibility(bcEncryptor, jceEncryptor);
 	}
 
 	@Test
 	public void bouncyCastleAesGcmWithPredictableIvEquvalent() throws Exception {
 		CryptoAssumptions.assumeGCMJCE();
-		BytesEncryptor bcEncryptor = new BouncyCastleAesGcmBytesEncryptor(password, salt,
+		BytesEncryptor bcEncryptor = new BouncyCastleAesGcmBytesEncryptor(this.password, this.salt,
 				new PredictableRandomBytesKeyGenerator(16));
-		BytesEncryptor jceEncryptor = new AesBytesEncryptor(password, salt, new PredictableRandomBytesKeyGenerator(16),
-				CipherAlgorithm.GCM);
+		BytesEncryptor jceEncryptor = new AesBytesEncryptor(this.password, this.salt,
+				new PredictableRandomBytesKeyGenerator(16), CipherAlgorithm.GCM);
 		testEquivalence(bcEncryptor, jceEncryptor);
 	}
 
 	@Test
 	public void bouncyCastleAesGcmWithSecureIvCompatible() throws Exception {
 		CryptoAssumptions.assumeGCMJCE();
-		BytesEncryptor bcEncryptor = new BouncyCastleAesGcmBytesEncryptor(password, salt,
+		BytesEncryptor bcEncryptor = new BouncyCastleAesGcmBytesEncryptor(this.password, this.salt,
 				KeyGenerators.secureRandom(16));
-		BytesEncryptor jceEncryptor = new AesBytesEncryptor(password, salt, KeyGenerators.secureRandom(16),
+		BytesEncryptor jceEncryptor = new AesBytesEncryptor(this.password, this.salt, KeyGenerators.secureRandom(16),
 				CipherAlgorithm.GCM);
 		testCompatibility(bcEncryptor, jceEncryptor);
 	}
 
 	private void testEquivalence(BytesEncryptor left, BytesEncryptor right) {
 		for (int size = 1; size < 2048; size++) {
-			testData = new byte[size];
-			secureRandom.nextBytes(testData);
+			this.testData = new byte[size];
+			this.secureRandom.nextBytes(this.testData);
 			// tests that right and left generate the same encrypted bytes
 			// and can decrypt back to the original input
-			byte[] leftEncrypted = left.encrypt(testData);
-			byte[] rightEncrypted = right.encrypt(testData);
+			byte[] leftEncrypted = left.encrypt(this.testData);
+			byte[] rightEncrypted = right.encrypt(this.testData);
 			Assert.assertArrayEquals(leftEncrypted, rightEncrypted);
 			byte[] leftDecrypted = left.decrypt(leftEncrypted);
 			byte[] rightDecrypted = right.decrypt(rightEncrypted);
-			Assert.assertArrayEquals(testData, leftDecrypted);
-			Assert.assertArrayEquals(testData, rightDecrypted);
+			Assert.assertArrayEquals(this.testData, leftDecrypted);
+			Assert.assertArrayEquals(this.testData, rightDecrypted);
 		}
 
 	}
@@ -107,14 +108,14 @@ public class BouncyCastleAesBytesEncryptorEquivalencyTests {
 		// tests that right can decrypt what left encrypted and vice versa
 		// and that the decypted data is the same as the original
 		for (int size = 1; size < 2048; size++) {
-			testData = new byte[size];
-			secureRandom.nextBytes(testData);
-			byte[] leftEncrypted = left.encrypt(testData);
-			byte[] rightEncrypted = right.encrypt(testData);
+			this.testData = new byte[size];
+			this.secureRandom.nextBytes(this.testData);
+			byte[] leftEncrypted = left.encrypt(this.testData);
+			byte[] rightEncrypted = right.encrypt(this.testData);
 			byte[] leftDecrypted = left.decrypt(rightEncrypted);
 			byte[] rightDecrypted = right.decrypt(leftEncrypted);
-			Assert.assertArrayEquals(testData, leftDecrypted);
-			Assert.assertArrayEquals(testData, rightDecrypted);
+			Assert.assertArrayEquals(this.testData, leftDecrypted);
+			Assert.assertArrayEquals(this.testData, rightDecrypted);
 		}
 	}
 
@@ -133,12 +134,12 @@ public class BouncyCastleAesBytesEncryptorEquivalencyTests {
 		}
 
 		public int getKeyLength() {
-			return keyLength;
+			return this.keyLength;
 		}
 
 		public byte[] generateKey() {
-			byte[] bytes = new byte[keyLength];
-			random.nextBytes(bytes);
+			byte[] bytes = new byte[this.keyLength];
+			this.random.nextBytes(bytes);
 			return bytes;
 		}
 
diff --git a/crypto/src/test/java/org/springframework/security/crypto/encrypt/BouncyCastleAesBytesEncryptorTests.java b/crypto/src/test/java/org/springframework/security/crypto/encrypt/BouncyCastleAesBytesEncryptorTests.java
index df881313a6..af0030ad23 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/encrypt/BouncyCastleAesBytesEncryptorTests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/encrypt/BouncyCastleAesBytesEncryptorTests.java
@@ -38,44 +38,44 @@ public class BouncyCastleAesBytesEncryptorTests {
 	public void setup() {
 		// generate random password, salt, and test data
 		SecureRandom secureRandom = new SecureRandom();
-		password = UUID.randomUUID().toString();
+		this.password = UUID.randomUUID().toString();
 		byte[] saltBytes = new byte[16];
 		secureRandom.nextBytes(saltBytes);
-		salt = new String(Hex.encode(saltBytes));
-		testData = new byte[1024 * 1024];
-		secureRandom.nextBytes(testData);
+		this.salt = new String(Hex.encode(saltBytes));
+		this.testData = new byte[1024 * 1024];
+		secureRandom.nextBytes(this.testData);
 	}
 
 	@Test
 	public void bcCbcWithSecureIvGeneratesDifferentMessages() {
-		BytesEncryptor bcEncryptor = new BouncyCastleAesCbcBytesEncryptor(password, salt);
+		BytesEncryptor bcEncryptor = new BouncyCastleAesCbcBytesEncryptor(this.password, this.salt);
 		generatesDifferentCipherTexts(bcEncryptor);
 	}
 
 	@Test
 	public void bcGcmWithSecureIvGeneratesDifferentMessages() {
-		BytesEncryptor bcEncryptor = new BouncyCastleAesGcmBytesEncryptor(password, salt);
+		BytesEncryptor bcEncryptor = new BouncyCastleAesGcmBytesEncryptor(this.password, this.salt);
 		generatesDifferentCipherTexts(bcEncryptor);
 	}
 
 	private void generatesDifferentCipherTexts(BytesEncryptor bcEncryptor) {
-		byte[] encrypted1 = bcEncryptor.encrypt(testData);
-		byte[] encrypted2 = bcEncryptor.encrypt(testData);
+		byte[] encrypted1 = bcEncryptor.encrypt(this.testData);
+		byte[] encrypted2 = bcEncryptor.encrypt(this.testData);
 		Assert.assertFalse(Arrays.areEqual(encrypted1, encrypted2));
 		byte[] decrypted1 = bcEncryptor.decrypt(encrypted1);
 		byte[] decrypted2 = bcEncryptor.decrypt(encrypted2);
-		Assert.assertArrayEquals(testData, decrypted1);
-		Assert.assertArrayEquals(testData, decrypted2);
+		Assert.assertArrayEquals(this.testData, decrypted1);
+		Assert.assertArrayEquals(this.testData, decrypted2);
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void bcCbcWithWrongLengthIv() {
-		new BouncyCastleAesCbcBytesEncryptor(password, salt, KeyGenerators.secureRandom(8));
+		new BouncyCastleAesCbcBytesEncryptor(this.password, this.salt, KeyGenerators.secureRandom(8));
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void bcGcmWithWrongLengthIv() {
-		new BouncyCastleAesGcmBytesEncryptor(password, salt, KeyGenerators.secureRandom(8));
+		new BouncyCastleAesGcmBytesEncryptor(this.password, this.salt, KeyGenerators.secureRandom(8));
 	}
 
 }
diff --git a/crypto/src/test/java/org/springframework/security/crypto/password/DelegatingPasswordEncoderTests.java b/crypto/src/test/java/org/springframework/security/crypto/password/DelegatingPasswordEncoderTests.java
index 4a5499b3ca..b9ab13312c 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/password/DelegatingPasswordEncoderTests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/password/DelegatingPasswordEncoderTests.java
@@ -220,7 +220,7 @@ public class DelegatingPasswordEncoderTests {
 	public void upgradeEncodingWhenSameIdAndEncoderFalseThenEncoderDecidesFalse() {
 		assertThat(this.passwordEncoder.upgradeEncoding(this.bcryptEncodedPassword)).isFalse();
 
-		verify(bcrypt).upgradeEncoding(this.encodedPassword);
+		verify(this.bcrypt).upgradeEncoding(this.encodedPassword);
 	}
 
 	@Test
@@ -229,14 +229,14 @@ public class DelegatingPasswordEncoderTests {
 
 		assertThat(this.passwordEncoder.upgradeEncoding(this.bcryptEncodedPassword)).isTrue();
 
-		verify(bcrypt).upgradeEncoding(this.encodedPassword);
+		verify(this.bcrypt).upgradeEncoding(this.encodedPassword);
 	}
 
 	@Test
 	public void upgradeEncodingWhenDifferentIdThenTrue() {
 		assertThat(this.passwordEncoder.upgradeEncoding(this.noopEncodedPassword)).isTrue();
 
-		verifyZeroInteractions(bcrypt);
+		verifyZeroInteractions(this.bcrypt);
 	}
 
 }
diff --git a/crypto/src/test/java/org/springframework/security/crypto/password/StandardPasswordEncoderTests.java b/crypto/src/test/java/org/springframework/security/crypto/password/StandardPasswordEncoderTests.java
index c6b1a3a44a..f1025f03a1 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/password/StandardPasswordEncoderTests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/password/StandardPasswordEncoderTests.java
@@ -26,21 +26,21 @@ public class StandardPasswordEncoderTests {
 
 	@Test
 	public void matches() {
-		String result = encoder.encode("password");
+		String result = this.encoder.encode("password");
 		assertThat(result).isNotEqualTo("password");
-		assertThat(encoder.matches("password", result)).isTrue();
+		assertThat(this.encoder.matches("password", result)).isTrue();
 	}
 
 	@Test
 	public void matchesLengthChecked() {
-		String result = encoder.encode("password");
-		assertThat(encoder.matches("password", result.substring(0, result.length() - 2))).isFalse();
+		String result = this.encoder.encode("password");
+		assertThat(this.encoder.matches("password", result.substring(0, result.length() - 2))).isFalse();
 	}
 
 	@Test
 	public void notMatches() {
-		String result = encoder.encode("password");
-		assertThat(encoder.matches("bogus", result)).isFalse();
+		String result = this.encoder.encode("password");
+		assertThat(this.encoder.matches("bogus", result)).isFalse();
 	}
 
 }
diff --git a/data/src/test/java/org/springframework/security/data/repository/query/SecurityEvaluationContextExtensionTests.java b/data/src/test/java/org/springframework/security/data/repository/query/SecurityEvaluationContextExtensionTests.java
index 6fc7ebc2d8..a74b296078 100644
--- a/data/src/test/java/org/springframework/security/data/repository/query/SecurityEvaluationContextExtensionTests.java
+++ b/data/src/test/java/org/springframework/security/data/repository/query/SecurityEvaluationContextExtensionTests.java
@@ -31,7 +31,7 @@ public class SecurityEvaluationContextExtensionTests {
 
 	@Before
 	public void setup() {
-		securityExtension = new SecurityEvaluationContextExtension();
+		this.securityExtension = new SecurityEvaluationContextExtension();
 	}
 
 	@After
@@ -55,7 +55,7 @@ public class SecurityEvaluationContextExtensionTests {
 	@Test
 	public void getRootObjectExplicitAuthenticationOverridesSecurityContextHolder() {
 		TestingAuthenticationToken explicit = new TestingAuthenticationToken("explicit", "password", "ROLE_EXPLICIT");
-		securityExtension = new SecurityEvaluationContextExtension(explicit);
+		this.securityExtension = new SecurityEvaluationContextExtension(explicit);
 
 		TestingAuthenticationToken authentication = new TestingAuthenticationToken("user", "password", "ROLE_USER");
 		SecurityContextHolder.getContext().setAuthentication(authentication);
@@ -66,13 +66,13 @@ public class SecurityEvaluationContextExtensionTests {
 	@Test
 	public void getRootObjectExplicitAuthentication() {
 		TestingAuthenticationToken explicit = new TestingAuthenticationToken("explicit", "password", "ROLE_EXPLICIT");
-		securityExtension = new SecurityEvaluationContextExtension(explicit);
+		this.securityExtension = new SecurityEvaluationContextExtension(explicit);
 
 		assertThat(getRoot().getAuthentication()).isSameAs(explicit);
 	}
 
 	private SecurityExpressionRoot getRoot() {
-		return (SecurityExpressionRoot) securityExtension.getRootObject();
+		return (SecurityExpressionRoot) this.securityExtension.getRootObject();
 	}
 
 }
\ No newline at end of file
diff --git a/etc/checkstyle/checkstyle-suppressions.xml b/etc/checkstyle/checkstyle-suppressions.xml
index ae0b46bcac..fc3a5e9cc4 100644
--- a/etc/checkstyle/checkstyle-suppressions.xml
+++ b/etc/checkstyle/checkstyle-suppressions.xml
@@ -23,7 +23,6 @@
 	<suppress files=".*" checks="ParenPad" />
 	<suppress files=".*" checks="RedundantImport" />
 	<suppress files=".*" checks="RegexpSinglelineJava" />
-	<suppress files=".*" checks="RequireThis" />
 	<suppress files=".*" checks="SimplifyBooleanExpression" />
 	<suppress files=".*" checks="SimplifyBooleanReturn" />
 	<suppress files=".*" checks="SpringAvoidStaticImport" />
diff --git a/itest/context/src/integration-test/java/org/springframework/security/integration/HttpNamespaceWithMultipleInterceptorsTests.java b/itest/context/src/integration-test/java/org/springframework/security/integration/HttpNamespaceWithMultipleInterceptorsTests.java
index 9d92e8152e..89c3a11289 100644
--- a/itest/context/src/integration-test/java/org/springframework/security/integration/HttpNamespaceWithMultipleInterceptorsTests.java
+++ b/itest/context/src/integration-test/java/org/springframework/security/integration/HttpNamespaceWithMultipleInterceptorsTests.java
@@ -48,7 +48,7 @@ public class HttpNamespaceWithMultipleInterceptorsTests {
 		request.setServletPath("/somefile.html");
 		request.setSession(createAuthenticatedSession("ROLE_0", "ROLE_1", "ROLE_2"));
 		MockHttpServletResponse response = new MockHttpServletResponse();
-		fcp.doFilter(request, response, new MockFilterChain());
+		this.fcp.doFilter(request, response, new MockFilterChain());
 		assertThat(response.getStatus()).isEqualTo(200);
 	}
 
@@ -60,7 +60,7 @@ public class HttpNamespaceWithMultipleInterceptorsTests {
 		request.setServletPath("/secure/somefile.html");
 		request.setSession(createAuthenticatedSession("ROLE_0"));
 		MockHttpServletResponse response = new MockHttpServletResponse();
-		fcp.doFilter(request, response, new MockFilterChain());
+		this.fcp.doFilter(request, response, new MockFilterChain());
 		assertThat(response.getStatus()).isEqualTo(403);
 	}
 
diff --git a/itest/context/src/integration-test/java/org/springframework/security/integration/HttpPathParameterStrippingTests.java b/itest/context/src/integration-test/java/org/springframework/security/integration/HttpPathParameterStrippingTests.java
index b4000951fa..46032d7af2 100644
--- a/itest/context/src/integration-test/java/org/springframework/security/integration/HttpPathParameterStrippingTests.java
+++ b/itest/context/src/integration-test/java/org/springframework/security/integration/HttpPathParameterStrippingTests.java
@@ -48,7 +48,7 @@ public class HttpPathParameterStrippingTests {
 		request.setPathInfo("/secured;x=y/admin.html");
 		request.setSession(createAuthenticatedSession("ROLE_USER"));
 		MockHttpServletResponse response = new MockHttpServletResponse();
-		fcp.doFilter(request, response, new MockFilterChain());
+		this.fcp.doFilter(request, response, new MockFilterChain());
 	}
 
 	@Test(expected = RequestRejectedException.class)
@@ -57,7 +57,7 @@ public class HttpPathParameterStrippingTests {
 		request.setServletPath("/secured/admin.html;x=user.html");
 		request.setSession(createAuthenticatedSession("ROLE_USER"));
 		MockHttpServletResponse response = new MockHttpServletResponse();
-		fcp.doFilter(request, response, new MockFilterChain());
+		this.fcp.doFilter(request, response, new MockFilterChain());
 	}
 
 	@Test(expected = RequestRejectedException.class)
@@ -67,7 +67,7 @@ public class HttpPathParameterStrippingTests {
 		request.setPathInfo("/admin.html;x=user.html");
 		request.setSession(createAuthenticatedSession("ROLE_USER"));
 		MockHttpServletResponse response = new MockHttpServletResponse();
-		fcp.doFilter(request, response, new MockFilterChain());
+		this.fcp.doFilter(request, response, new MockFilterChain());
 		assertThat(response.getStatus()).isEqualTo(403);
 	}
 
diff --git a/itest/context/src/integration-test/java/org/springframework/security/integration/MultiAnnotationTests.java b/itest/context/src/integration-test/java/org/springframework/security/integration/MultiAnnotationTests.java
index 8098ea2a1a..f66094a252 100644
--- a/itest/context/src/integration-test/java/org/springframework/security/integration/MultiAnnotationTests.java
+++ b/itest/context/src/integration-test/java/org/springframework/security/integration/MultiAnnotationTests.java
@@ -58,50 +58,50 @@ public class MultiAnnotationTests {
 
 	@Test(expected = AccessDeniedException.class)
 	public void preAuthorizeDeniedIsDenied() {
-		SecurityContextHolder.getContext().setAuthentication(joe_a);
-		service.preAuthorizeDenyAllMethod();
+		SecurityContextHolder.getContext().setAuthentication(this.joe_a);
+		this.service.preAuthorizeDenyAllMethod();
 	}
 
 	@Test(expected = AccessDeniedException.class)
 	public void preAuthorizeRoleAIsDeniedIfRoleMissing() {
-		SecurityContextHolder.getContext().setAuthentication(joe_b);
-		service.preAuthorizeHasRoleAMethod();
+		SecurityContextHolder.getContext().setAuthentication(this.joe_b);
+		this.service.preAuthorizeHasRoleAMethod();
 	}
 
 	@Test
 	public void preAuthorizeRoleAIsAllowedIfRolePresent() {
-		SecurityContextHolder.getContext().setAuthentication(joe_a);
-		service.preAuthorizeHasRoleAMethod();
+		SecurityContextHolder.getContext().setAuthentication(this.joe_a);
+		this.service.preAuthorizeHasRoleAMethod();
 	}
 
 	@Test
 	public void securedAnonymousIsAllowed() {
-		SecurityContextHolder.getContext().setAuthentication(joe_a);
-		service.securedAnonymousMethod();
+		SecurityContextHolder.getContext().setAuthentication(this.joe_a);
+		this.service.securedAnonymousMethod();
 	}
 
 	@Test(expected = AccessDeniedException.class)
 	public void securedRoleAIsDeniedIfRoleMissing() {
-		SecurityContextHolder.getContext().setAuthentication(joe_b);
-		service.securedRoleAMethod();
+		SecurityContextHolder.getContext().setAuthentication(this.joe_b);
+		this.service.securedRoleAMethod();
 	}
 
 	@Test
 	public void securedRoleAIsAllowedIfRolePresent() {
-		SecurityContextHolder.getContext().setAuthentication(joe_a);
-		service.securedRoleAMethod();
+		SecurityContextHolder.getContext().setAuthentication(this.joe_a);
+		this.service.securedRoleAMethod();
 	}
 
 	@Test(expected = AccessDeniedException.class)
 	public void preAuthorizedOnlyServiceDeniesIfRoleMissing() {
-		SecurityContextHolder.getContext().setAuthentication(joe_b);
-		preService.preAuthorizedMethod();
+		SecurityContextHolder.getContext().setAuthentication(this.joe_b);
+		this.preService.preAuthorizedMethod();
 	}
 
 	@Test(expected = AccessDeniedException.class)
 	public void securedOnlyRoleAServiceDeniesIfRoleMissing() {
-		SecurityContextHolder.getContext().setAuthentication(joe_b);
-		secService.securedMethod();
+		SecurityContextHolder.getContext().setAuthentication(this.joe_b);
+		this.secService.securedMethod();
 	}
 
 }
diff --git a/itest/context/src/integration-test/java/org/springframework/security/integration/SEC933ApplicationContextTests.java b/itest/context/src/integration-test/java/org/springframework/security/integration/SEC933ApplicationContextTests.java
index 212c2a9dd7..d4873d0098 100644
--- a/itest/context/src/integration-test/java/org/springframework/security/integration/SEC933ApplicationContextTests.java
+++ b/itest/context/src/integration-test/java/org/springframework/security/integration/SEC933ApplicationContextTests.java
@@ -34,7 +34,7 @@ public class SEC933ApplicationContextTests {
 
 	@Test
 	public void testSimpleApplicationContextBootstrap() {
-		assertThat(userDetailsService).isNotNull();
+		assertThat(this.userDetailsService).isNotNull();
 	}
 
 }
diff --git a/itest/context/src/integration-test/java/org/springframework/security/integration/SEC936ApplicationContextTests.java b/itest/context/src/integration-test/java/org/springframework/security/integration/SEC936ApplicationContextTests.java
index 919c9bf7da..2bc4f511da 100644
--- a/itest/context/src/integration-test/java/org/springframework/security/integration/SEC936ApplicationContextTests.java
+++ b/itest/context/src/integration-test/java/org/springframework/security/integration/SEC936ApplicationContextTests.java
@@ -44,7 +44,7 @@ public class SEC936ApplicationContextTests {
 	public void securityInterceptorHandlesCallWithNoTargetObject() {
 		SecurityContextHolder.getContext()
 				.setAuthentication(new UsernamePasswordAuthenticationToken("bob", "bobspassword"));
-		sessionRegistry.getAllPrincipals();
+		this.sessionRegistry.getAllPrincipals();
 	}
 
 }
diff --git a/itest/context/src/integration-test/java/org/springframework/security/integration/python/PythonInterpreterBasedSecurityTests.java b/itest/context/src/integration-test/java/org/springframework/security/integration/python/PythonInterpreterBasedSecurityTests.java
index 033857235a..22bfaf7020 100644
--- a/itest/context/src/integration-test/java/org/springframework/security/integration/python/PythonInterpreterBasedSecurityTests.java
+++ b/itest/context/src/integration-test/java/org/springframework/security/integration/python/PythonInterpreterBasedSecurityTests.java
@@ -37,7 +37,7 @@ public class PythonInterpreterBasedSecurityTests {
 				.setAuthentication(new UsernamePasswordAuthenticationToken("bob", "bobspassword"));
 
 		// for (int i=0; i < 1000; i++) {
-		service.someMethod();
+		this.service.someMethod();
 		// }
 	}
 
diff --git a/itest/context/src/integration-test/java/org/springframework/security/performance/FilterChainPerformanceTests.java b/itest/context/src/integration-test/java/org/springframework/security/performance/FilterChainPerformanceTests.java
index 8ed19818d3..70964bc91b 100644
--- a/itest/context/src/integration-test/java/org/springframework/security/performance/FilterChainPerformanceTests.java
+++ b/itest/context/src/integration-test/java/org/springframework/security/performance/FilterChainPerformanceTests.java
@@ -72,9 +72,9 @@ public class FilterChainPerformanceTests {
 
 	@Before
 	public void createAuthenticatedSession() {
-		session = new MockHttpSession();
-		SecurityContextHolder.getContext().setAuthentication(user);
-		session.setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY,
+		this.session = new MockHttpSession();
+		SecurityContextHolder.getContext().setAuthentication(this.user);
+		this.session.setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY,
 				SecurityContextHolder.getContext());
 		SecurityContextHolder.clearContext();
 	}
@@ -91,7 +91,7 @@ public class FilterChainPerformanceTests {
 
 	private MockHttpServletRequest createRequest(String url) {
 		MockHttpServletRequest request = new MockHttpServletRequest();
-		request.setSession(session);
+		request.setSession(this.session);
 		request.setServletPath(url);
 		request.setMethod("GET");
 		return request;
@@ -101,21 +101,21 @@ public class FilterChainPerformanceTests {
 		for (int i = 0; i < N_INVOCATIONS; i++) {
 			MockHttpServletRequest request = createRequest("/somefile.html");
 			stack.doFilter(request, new MockHttpServletResponse(), new MockFilterChain());
-			session = request.getSession();
+			this.session = request.getSession();
 		}
 	}
 
 	@Test
 	public void minimalStackInvocation() throws Exception {
 		sw.start("Run with Minimal Filter Stack");
-		runWithStack(minimalStack);
+		runWithStack(this.minimalStack);
 		sw.stop();
 	}
 
 	@Test
 	public void fullStackInvocation() throws Exception {
 		sw.start("Run with Full Filter Stack");
-		runWithStack(fullStack);
+		runWithStack(this.fullStack);
 		sw.stop();
 	}
 
@@ -130,11 +130,11 @@ public class FilterChainPerformanceTests {
 			int nAuthorities = user == 0 ? 1 : user * 10;
 			SecurityContextHolder.getContext().setAuthentication(
 					new UsernamePasswordAuthenticationToken("bob", "bobspassword", createRoles(nAuthorities)));
-			session.setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY,
+			this.session.setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY,
 					SecurityContextHolder.getContext());
 			SecurityContextHolder.clearContext();
 			sw.start(nAuthorities + " authorities");
-			runWithStack(minimalStack);
+			runWithStack(this.minimalStack);
 			System.out.println(sw.shortSummary());
 			sw.stop();
 		}
diff --git a/itest/context/src/integration-test/java/org/springframework/security/performance/ProtectPointcutPerformanceTests.java b/itest/context/src/integration-test/java/org/springframework/security/performance/ProtectPointcutPerformanceTests.java
index a468fabb6d..3196c019c9 100644
--- a/itest/context/src/integration-test/java/org/springframework/security/performance/ProtectPointcutPerformanceTests.java
+++ b/itest/context/src/integration-test/java/org/springframework/security/performance/ProtectPointcutPerformanceTests.java
@@ -52,7 +52,7 @@ public class ProtectPointcutPerformanceTests implements ApplicationContextAware
 		sw.start();
 		for (int i = 0; i < 1000; i++) {
 			try {
-				SessionRegistry reg = (SessionRegistry) ctx.getBean("sessionRegistryPrototype");
+				SessionRegistry reg = (SessionRegistry) this.ctx.getBean("sessionRegistryPrototype");
 				reg.getAllPrincipals();
 				fail("Expected AuthenticationCredentialsNotFoundException");
 			}
@@ -65,7 +65,7 @@ public class ProtectPointcutPerformanceTests implements ApplicationContextAware
 	}
 
 	public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
-		ctx = applicationContext;
+		this.ctx = applicationContext;
 	}
 
 }
diff --git a/itest/context/src/main/java/org/springframework/security/integration/python/PythonInterpreterPreInvocationAdvice.java b/itest/context/src/main/java/org/springframework/security/integration/python/PythonInterpreterPreInvocationAdvice.java
index 8ff1a27aa3..f510e8a613 100644
--- a/itest/context/src/main/java/org/springframework/security/integration/python/PythonInterpreterPreInvocationAdvice.java
+++ b/itest/context/src/main/java/org/springframework/security/integration/python/PythonInterpreterPreInvocationAdvice.java
@@ -68,7 +68,7 @@ public class PythonInterpreterPreInvocationAdvice implements PreInvocationAuthor
 		Object[] args = mi.getArguments();
 		Object targetObject = mi.getThis();
 		Method method = ClassUtils.getMostSpecificMethod(mi.getMethod(), targetObject.getClass());
-		String[] paramNames = parameterNameDiscoverer.getParameterNames(method);
+		String[] paramNames = this.parameterNameDiscoverer.getParameterNames(method);
 
 		Map<String, Object> argMap = new HashMap<>();
 		for (int i = 0; i < args.length; i++) {
diff --git a/itest/context/src/main/java/org/springframework/security/integration/python/PythonInterpreterPreInvocationAttribute.java b/itest/context/src/main/java/org/springframework/security/integration/python/PythonInterpreterPreInvocationAttribute.java
index 960a8475b8..3fb06bd3ef 100644
--- a/itest/context/src/main/java/org/springframework/security/integration/python/PythonInterpreterPreInvocationAttribute.java
+++ b/itest/context/src/main/java/org/springframework/security/integration/python/PythonInterpreterPreInvocationAttribute.java
@@ -30,7 +30,7 @@ public class PythonInterpreterPreInvocationAttribute implements PreInvocationAtt
 	}
 
 	public String getScript() {
-		return script;
+		return this.script;
 	}
 
 }
diff --git a/itest/web/src/integration-test/java/org/springframework/security/integration/AbstractWebServerIntegrationTests.java b/itest/web/src/integration-test/java/org/springframework/security/integration/AbstractWebServerIntegrationTests.java
index 3dcc4312c6..6a433d0483 100644
--- a/itest/web/src/integration-test/java/org/springframework/security/integration/AbstractWebServerIntegrationTests.java
+++ b/itest/web/src/integration-test/java/org/springframework/security/integration/AbstractWebServerIntegrationTests.java
@@ -39,8 +39,8 @@ public abstract class AbstractWebServerIntegrationTests {
 
 	@After
 	public void close() {
-		if (context != null) {
-			context.close();
+		if (this.context != null) {
+			this.context.close();
 		}
 	}
 
diff --git a/itest/web/src/integration-test/java/org/springframework/security/integration/ConcurrentSessionManagementTests.java b/itest/web/src/integration-test/java/org/springframework/security/integration/ConcurrentSessionManagementTests.java
index 5a12ec245d..2240396fd3 100644
--- a/itest/web/src/integration-test/java/org/springframework/security/integration/ConcurrentSessionManagementTests.java
+++ b/itest/web/src/integration-test/java/org/springframework/security/integration/ConcurrentSessionManagementTests.java
@@ -62,7 +62,7 @@ public class ConcurrentSessionManagementTests extends AbstractWebServerIntegrati
 
 		// Now logout to kill first session
 		mockMvc.perform(post("/logout").with(csrf())).andExpect(status().is3xxRedirection())
-				.andDo(result -> context.publishEvent(new SessionDestroyedEvent(session1) {
+				.andDo(result -> this.context.publishEvent(new SessionDestroyedEvent(session1) {
 					@Override
 					public List<SecurityContext> getSecurityContexts() {
 						return Collections.emptyList();
diff --git a/ldap/src/integration-test/java/org/springframework/security/ldap/SpringSecurityLdapTemplateITests.java b/ldap/src/integration-test/java/org/springframework/security/ldap/SpringSecurityLdapTemplateITests.java
index 064505ac36..ba1c820021 100644
--- a/ldap/src/integration-test/java/org/springframework/security/ldap/SpringSecurityLdapTemplateITests.java
+++ b/ldap/src/integration-test/java/org/springframework/security/ldap/SpringSecurityLdapTemplateITests.java
@@ -55,27 +55,27 @@ public class SpringSecurityLdapTemplateITests {
 
 	@Before
 	public void setUp() {
-		template = new SpringSecurityLdapTemplate(this.contextSource);
+		this.template = new SpringSecurityLdapTemplate(this.contextSource);
 	}
 
 	@Test
 	public void compareOfCorrectValueSucceeds() {
-		assertThat(template.compare("uid=bob,ou=people", "uid", "bob")).isTrue();
+		assertThat(this.template.compare("uid=bob,ou=people", "uid", "bob")).isTrue();
 	}
 
 	@Test
 	public void compareOfCorrectByteValueSucceeds() {
-		assertThat(template.compare("uid=bob,ou=people", "userPassword", Utf8.encode("bobspassword"))).isTrue();
+		assertThat(this.template.compare("uid=bob,ou=people", "userPassword", Utf8.encode("bobspassword"))).isTrue();
 	}
 
 	@Test
 	public void compareOfWrongByteValueFails() {
-		assertThat(template.compare("uid=bob,ou=people", "userPassword", Utf8.encode("wrongvalue"))).isFalse();
+		assertThat(this.template.compare("uid=bob,ou=people", "userPassword", Utf8.encode("wrongvalue"))).isFalse();
 	}
 
 	@Test
 	public void compareOfWrongValueFails() {
-		assertThat(template.compare("uid=bob,ou=people", "uid", "wrongvalue")).isFalse();
+		assertThat(this.template.compare("uid=bob,ou=people", "uid", "wrongvalue")).isFalse();
 	}
 
 	// @Test
@@ -91,7 +91,7 @@ public class SpringSecurityLdapTemplateITests {
 	@Test
 	public void namingExceptionIsTranslatedCorrectly() {
 		try {
-			template.executeReadOnly((ContextExecutor) dirContext -> {
+			this.template.executeReadOnly((ContextExecutor) dirContext -> {
 				throw new NamingException();
 			});
 			fail("Expected UncategorizedLdapException on NamingException");
@@ -104,7 +104,7 @@ public class SpringSecurityLdapTemplateITests {
 	public void roleSearchReturnsCorrectNumberOfRoles() {
 		String param = "uid=ben,ou=people,dc=springframework,dc=org";
 
-		Set<String> values = template.searchForSingleAttributeValues("ou=groups", "(member={0})",
+		Set<String> values = this.template.searchForSingleAttributeValues("ou=groups", "(member={0})",
 				new String[] { param }, "ou");
 
 		assertThat(values).as("Expected 3 results from search").hasSize(3);
@@ -115,7 +115,7 @@ public class SpringSecurityLdapTemplateITests {
 
 	@Test
 	public void testMultiAttributeRetrievalWithNullAttributeNames() {
-		Set<Map<String, List<String>>> values = template.searchForMultipleAttributeValues("ou=people", "(uid={0})",
+		Set<Map<String, List<String>>> values = this.template.searchForMultipleAttributeValues("ou=people", "(uid={0})",
 				new String[] { "bob" }, null);
 		assertThat(values).hasSize(1);
 		Map<String, List<String>> record = values.iterator().next();
@@ -128,7 +128,7 @@ public class SpringSecurityLdapTemplateITests {
 
 	@Test
 	public void testMultiAttributeRetrievalWithZeroLengthAttributeNames() {
-		Set<Map<String, List<String>>> values = template.searchForMultipleAttributeValues("ou=people", "(uid={0})",
+		Set<Map<String, List<String>>> values = this.template.searchForMultipleAttributeValues("ou=people", "(uid={0})",
 				new String[] { "bob" }, new String[0]);
 		assertThat(values).hasSize(1);
 		Map<String, List<String>> record = values.iterator().next();
@@ -141,7 +141,7 @@ public class SpringSecurityLdapTemplateITests {
 
 	@Test
 	public void testMultiAttributeRetrievalWithSpecifiedAttributeNames() {
-		Set<Map<String, List<String>>> values = template.searchForMultipleAttributeValues("ou=people", "(uid={0})",
+		Set<Map<String, List<String>>> values = this.template.searchForMultipleAttributeValues("ou=people", "(uid={0})",
 				new String[] { "bob" }, new String[] { "uid", "cn", "sn" });
 		assertThat(values).hasSize(1);
 		Map<String, List<String>> record = values.iterator().next();
@@ -164,7 +164,7 @@ public class SpringSecurityLdapTemplateITests {
 	public void testRoleSearchForMissingAttributeFailsGracefully() {
 		String param = "uid=ben,ou=people,dc=springframework,dc=org";
 
-		Set<String> values = template.searchForSingleAttributeValues("ou=groups", "(member={0})",
+		Set<String> values = this.template.searchForSingleAttributeValues("ou=groups", "(member={0})",
 				new String[] { param }, "mail");
 
 		assertThat(values).isEmpty();
@@ -174,7 +174,7 @@ public class SpringSecurityLdapTemplateITests {
 	public void roleSearchWithEscapedCharacterSucceeds() {
 		String param = "cn=mouse\\, jerry,ou=people,dc=springframework,dc=org";
 
-		Set<String> values = template.searchForSingleAttributeValues("ou=groups", "(member={0})",
+		Set<String> values = this.template.searchForSingleAttributeValues("ou=groups", "(member={0})",
 				new String[] { param }, "cn");
 
 		assertThat(values).hasSize(1);
@@ -205,7 +205,7 @@ public class SpringSecurityLdapTemplateITests {
 	public void searchForSingleEntryWithEscapedCharsInDnSucceeds() {
 		String param = "mouse, jerry";
 
-		template.searchForSingleEntry("ou=people", "(cn={0})", new String[] { param });
+		this.template.searchForSingleEntry("ou=people", "(cn={0})", new String[] { param });
 	}
 
 }
diff --git a/ldap/src/integration-test/java/org/springframework/security/ldap/authentication/PasswordComparisonAuthenticatorTests.java b/ldap/src/integration-test/java/org/springframework/security/ldap/authentication/PasswordComparisonAuthenticatorTests.java
index 24fac9f207..54ddd40d8c 100644
--- a/ldap/src/integration-test/java/org/springframework/security/ldap/authentication/PasswordComparisonAuthenticatorTests.java
+++ b/ldap/src/integration-test/java/org/springframework/security/ldap/authentication/PasswordComparisonAuthenticatorTests.java
@@ -59,29 +59,30 @@ public class PasswordComparisonAuthenticatorTests {
 
 	@Before
 	public void setUp() {
-		authenticator = new PasswordComparisonAuthenticator(this.contextSource);
-		authenticator.setPasswordEncoder(NoOpPasswordEncoder.getInstance());
-		authenticator.setUserDnPatterns(new String[] { "uid={0},ou=people" });
-		bob = new UsernamePasswordAuthenticationToken("bob", "bobspassword");
-		ben = new UsernamePasswordAuthenticationToken("ben", "benspassword");
+		this.authenticator = new PasswordComparisonAuthenticator(this.contextSource);
+		this.authenticator.setPasswordEncoder(NoOpPasswordEncoder.getInstance());
+		this.authenticator.setUserDnPatterns(new String[] { "uid={0},ou=people" });
+		this.bob = new UsernamePasswordAuthenticationToken("bob", "bobspassword");
+		this.ben = new UsernamePasswordAuthenticationToken("ben", "benspassword");
 	}
 
 	@Test
 	public void testAllAttributesAreRetrievedByDefault() {
-		DirContextAdapter user = (DirContextAdapter) authenticator.authenticate(bob);
+		DirContextAdapter user = (DirContextAdapter) this.authenticator.authenticate(this.bob);
 		// System.out.println(user.getAttributes().toString());
 		assertThat(user.getAttributes().size()).withFailMessage("User should have 5 attributes").isEqualTo(5);
 	}
 
 	@Test
 	public void testFailedSearchGivesUserNotFoundException() throws Exception {
-		authenticator = new PasswordComparisonAuthenticator(this.contextSource);
-		assertThat(authenticator.getUserDns("Bob")).withFailMessage("User DN matches shouldn't be available").isEmpty();
-		authenticator.setUserSearch(new MockUserSearch(null));
-		authenticator.afterPropertiesSet();
+		this.authenticator = new PasswordComparisonAuthenticator(this.contextSource);
+		assertThat(this.authenticator.getUserDns("Bob")).withFailMessage("User DN matches shouldn't be available")
+				.isEmpty();
+		this.authenticator.setUserSearch(new MockUserSearch(null));
+		this.authenticator.afterPropertiesSet();
 
 		try {
-			authenticator.authenticate(new UsernamePasswordAuthenticationToken("Joe", "pass"));
+			this.authenticator.authenticate(new UsernamePasswordAuthenticationToken("Joe", "pass"));
 			fail("Expected exception on failed user search");
 		}
 		catch (UsernameNotFoundException expected) {
@@ -91,69 +92,70 @@ public class PasswordComparisonAuthenticatorTests {
 	@Test(expected = BadCredentialsException.class)
 	public void testLdapPasswordCompareFailsWithWrongPassword() {
 		// Don't retrieve the password
-		authenticator.setUserAttributes(new String[] { "uid", "cn", "sn" });
-		authenticator.authenticate(new UsernamePasswordAuthenticationToken("bob", "wrongpass"));
+		this.authenticator.setUserAttributes(new String[] { "uid", "cn", "sn" });
+		this.authenticator.authenticate(new UsernamePasswordAuthenticationToken("bob", "wrongpass"));
 	}
 
 	@Test
 	public void testMultipleDnPatternsWorkOk() {
-		authenticator.setUserDnPatterns(new String[] { "uid={0},ou=nonexistent", "uid={0},ou=people" });
-		authenticator.authenticate(bob);
+		this.authenticator.setUserDnPatterns(new String[] { "uid={0},ou=nonexistent", "uid={0},ou=people" });
+		this.authenticator.authenticate(this.bob);
 	}
 
 	@Test
 	public void testOnlySpecifiedAttributesAreRetrieved() {
-		authenticator.setUserAttributes(new String[] { "uid", "userPassword" });
+		this.authenticator.setUserAttributes(new String[] { "uid", "userPassword" });
 
-		DirContextAdapter user = (DirContextAdapter) authenticator.authenticate(bob);
+		DirContextAdapter user = (DirContextAdapter) this.authenticator.authenticate(this.bob);
 		assertThat(user.getAttributes().size()).withFailMessage("Should have retrieved 2 attribute (uid)").isEqualTo(2);
 	}
 
 	@Test
 	public void testLdapCompareSucceedsWithCorrectPassword() {
 		// Don't retrieve the password
-		authenticator.setUserAttributes(new String[] { "uid" });
-		authenticator.authenticate(bob);
+		this.authenticator.setUserAttributes(new String[] { "uid" });
+		this.authenticator.authenticate(this.bob);
 	}
 
 	@Test
 	public void testLdapCompareSucceedsWithShaEncodedPassword() {
 		// Don't retrieve the password
-		authenticator.setUserAttributes(new String[] { "uid" });
-		authenticator.setPasswordEncoder(new LdapShaPasswordEncoder(KeyGenerators.shared(0)));
-		authenticator.setUsePasswordAttrCompare(false);
-		authenticator.authenticate(ben);
+		this.authenticator.setUserAttributes(new String[] { "uid" });
+		this.authenticator.setPasswordEncoder(new LdapShaPasswordEncoder(KeyGenerators.shared(0)));
+		this.authenticator.setUsePasswordAttrCompare(false);
+		this.authenticator.authenticate(this.ben);
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void testPasswordEncoderCantBeNull() {
-		authenticator.setPasswordEncoder(null);
+		this.authenticator.setPasswordEncoder(null);
 	}
 
 	@Test
 	public void testUseOfDifferentPasswordAttributeSucceeds() {
-		authenticator.setPasswordAttributeName("uid");
-		authenticator.authenticate(new UsernamePasswordAuthenticationToken("bob", "bob"));
+		this.authenticator.setPasswordAttributeName("uid");
+		this.authenticator.authenticate(new UsernamePasswordAuthenticationToken("bob", "bob"));
 	}
 
 	@Test
 	public void testLdapCompareWithDifferentPasswordAttributeSucceeds() {
-		authenticator.setUserAttributes(new String[] { "uid" });
-		authenticator.setPasswordAttributeName("cn");
-		authenticator.authenticate(new UsernamePasswordAuthenticationToken("ben", "Ben Alex"));
+		this.authenticator.setUserAttributes(new String[] { "uid" });
+		this.authenticator.setPasswordAttributeName("cn");
+		this.authenticator.authenticate(new UsernamePasswordAuthenticationToken("ben", "Ben Alex"));
 	}
 
 	@Test
 	public void testWithUserSearch() {
-		authenticator = new PasswordComparisonAuthenticator(this.contextSource);
-		authenticator.setPasswordEncoder(NoOpPasswordEncoder.getInstance());
-		assertThat(authenticator.getUserDns("Bob")).withFailMessage("User DN matches shouldn't be available").isEmpty();
+		this.authenticator = new PasswordComparisonAuthenticator(this.contextSource);
+		this.authenticator.setPasswordEncoder(NoOpPasswordEncoder.getInstance());
+		assertThat(this.authenticator.getUserDns("Bob")).withFailMessage("User DN matches shouldn't be available")
+				.isEmpty();
 
 		DirContextAdapter ctx = new DirContextAdapter(new DistinguishedName("uid=Bob,ou=people"));
 		ctx.setAttributeValue("userPassword", "bobspassword");
 
-		authenticator.setUserSearch(new MockUserSearch(ctx));
-		authenticator.authenticate(new UsernamePasswordAuthenticationToken("shouldntbeused", "bobspassword"));
+		this.authenticator.setUserSearch(new MockUserSearch(ctx));
+		this.authenticator.authenticate(new UsernamePasswordAuthenticationToken("shouldntbeused", "bobspassword"));
 	}
 
 }
diff --git a/ldap/src/integration-test/java/org/springframework/security/ldap/server/ApacheDSContainerTests.java b/ldap/src/integration-test/java/org/springframework/security/ldap/server/ApacheDSContainerTests.java
index 49d647ac47..eebf38e583 100644
--- a/ldap/src/integration-test/java/org/springframework/security/ldap/server/ApacheDSContainerTests.java
+++ b/ldap/src/integration-test/java/org/springframework/security/ldap/server/ApacheDSContainerTests.java
@@ -125,7 +125,7 @@ public class ApacheDSContainerTests {
 	public void startWithLdapOverSslWithWrongPassword() throws Exception {
 		final ClassPathResource keyStoreResource = new ClassPathResource(
 				"/org/springframework/security/ldap/server/spring.keystore");
-		final File temporaryKeyStoreFile = new File(temporaryFolder.getRoot(), "spring.keystore");
+		final File temporaryKeyStoreFile = new File(this.temporaryFolder.getRoot(), "spring.keystore");
 		FileCopyUtils.copy(keyStoreResource.getInputStream(), new FileOutputStream(temporaryKeyStoreFile));
 
 		assertThat(temporaryKeyStoreFile).isFile();
@@ -166,7 +166,7 @@ public class ApacheDSContainerTests {
 
 		final ClassPathResource keyStoreResource = new ClassPathResource(
 				"/org/springframework/security/ldap/server/spring.keystore");
-		final File temporaryKeyStoreFile = new File(temporaryFolder.getRoot(), "spring.keystore");
+		final File temporaryKeyStoreFile = new File(this.temporaryFolder.getRoot(), "spring.keystore");
 		FileCopyUtils.copy(keyStoreResource.getInputStream(), new FileOutputStream(temporaryKeyStoreFile));
 
 		assertThat(temporaryKeyStoreFile).isFile();
diff --git a/ldap/src/integration-test/java/org/springframework/security/ldap/server/UnboundIdContainerLdifTests.java b/ldap/src/integration-test/java/org/springframework/security/ldap/server/UnboundIdContainerLdifTests.java
index 884351baa7..a5fb47cd56 100644
--- a/ldap/src/integration-test/java/org/springframework/security/ldap/server/UnboundIdContainerLdifTests.java
+++ b/ldap/src/integration-test/java/org/springframework/security/ldap/server/UnboundIdContainerLdifTests.java
@@ -41,17 +41,17 @@ public class UnboundIdContainerLdifTests {
 
 	@After
 	public void closeAppContext() {
-		if (appCtx != null) {
-			appCtx.close();
-			appCtx = null;
+		if (this.appCtx != null) {
+			this.appCtx.close();
+			this.appCtx = null;
 		}
 	}
 
 	@Test
 	public void unboundIdContainerWhenCustomLdifNameThenLdifLoaded() {
-		appCtx = new AnnotationConfigApplicationContext(CustomLdifConfig.class);
+		this.appCtx = new AnnotationConfigApplicationContext(CustomLdifConfig.class);
 
-		DefaultSpringSecurityContextSource contextSource = (DefaultSpringSecurityContextSource) appCtx
+		DefaultSpringSecurityContextSource contextSource = (DefaultSpringSecurityContextSource) this.appCtx
 				.getBean(ContextSource.class);
 
 		SpringSecurityLdapTemplate template = new SpringSecurityLdapTemplate(contextSource);
@@ -85,9 +85,9 @@ public class UnboundIdContainerLdifTests {
 
 	@Test
 	public void unboundIdContainerWhenWildcardLdifNameThenLdifLoaded() {
-		appCtx = new AnnotationConfigApplicationContext(WildcardLdifConfig.class);
+		this.appCtx = new AnnotationConfigApplicationContext(WildcardLdifConfig.class);
 
-		DefaultSpringSecurityContextSource contextSource = (DefaultSpringSecurityContextSource) appCtx
+		DefaultSpringSecurityContextSource contextSource = (DefaultSpringSecurityContextSource) this.appCtx
 				.getBean(ContextSource.class);
 
 		SpringSecurityLdapTemplate template = new SpringSecurityLdapTemplate(contextSource);
@@ -122,7 +122,7 @@ public class UnboundIdContainerLdifTests {
 	@Test
 	public void unboundIdContainerWhenMalformedLdifThenException() {
 		try {
-			appCtx = new AnnotationConfigApplicationContext(MalformedLdifConfig.class);
+			this.appCtx = new AnnotationConfigApplicationContext(MalformedLdifConfig.class);
 			failBecauseExceptionWasNotThrown(IllegalStateException.class);
 		}
 		catch (Exception e) {
@@ -153,7 +153,7 @@ public class UnboundIdContainerLdifTests {
 	@Test
 	public void unboundIdContainerWhenMissingLdifThenException() {
 		try {
-			appCtx = new AnnotationConfigApplicationContext(MissingLdifConfig.class);
+			this.appCtx = new AnnotationConfigApplicationContext(MissingLdifConfig.class);
 			failBecauseExceptionWasNotThrown(IllegalStateException.class);
 		}
 		catch (Exception e) {
diff --git a/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/DefaultLdapAuthoritiesPopulatorTests.java b/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/DefaultLdapAuthoritiesPopulatorTests.java
index 5e0ab55d66..b448b9518b 100644
--- a/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/DefaultLdapAuthoritiesPopulatorTests.java
+++ b/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/DefaultLdapAuthoritiesPopulatorTests.java
@@ -54,28 +54,28 @@ public class DefaultLdapAuthoritiesPopulatorTests {
 
 	@Before
 	public void setUp() {
-		populator = new DefaultLdapAuthoritiesPopulator(this.contextSource, "ou=groups");
-		populator.setIgnorePartialResultException(false);
+		this.populator = new DefaultLdapAuthoritiesPopulator(this.contextSource, "ou=groups");
+		this.populator.setIgnorePartialResultException(false);
 	}
 
 	@Test
 	public void defaultRoleIsAssignedWhenSet() {
-		populator.setDefaultRole("ROLE_USER");
-		assertThat(populator.getContextSource()).isSameAs(this.contextSource);
+		this.populator.setDefaultRole("ROLE_USER");
+		assertThat(this.populator.getContextSource()).isSameAs(this.contextSource);
 
 		DirContextAdapter ctx = new DirContextAdapter(new DistinguishedName("cn=notfound"));
 
-		Collection<GrantedAuthority> authorities = populator.getGrantedAuthorities(ctx, "notfound");
+		Collection<GrantedAuthority> authorities = this.populator.getGrantedAuthorities(ctx, "notfound");
 		assertThat(authorities).hasSize(1);
 		assertThat(AuthorityUtils.authorityListToSet(authorities).contains("ROLE_USER")).isTrue();
 	}
 
 	@Test
 	public void nullSearchBaseIsAccepted() {
-		populator = new DefaultLdapAuthoritiesPopulator(this.contextSource, null);
-		populator.setDefaultRole("ROLE_USER");
+		this.populator = new DefaultLdapAuthoritiesPopulator(this.contextSource, null);
+		this.populator.setDefaultRole("ROLE_USER");
 
-		Collection<GrantedAuthority> authorities = populator
+		Collection<GrantedAuthority> authorities = this.populator
 				.getGrantedAuthorities(new DirContextAdapter(new DistinguishedName("cn=notused")), "notused");
 		assertThat(authorities).hasSize(1);
 		assertThat(AuthorityUtils.authorityListToSet(authorities).contains("ROLE_USER")).isTrue();
@@ -83,17 +83,17 @@ public class DefaultLdapAuthoritiesPopulatorTests {
 
 	@Test
 	public void groupSearchReturnsExpectedRoles() {
-		populator.setRolePrefix("ROLE_");
-		populator.setGroupRoleAttribute("ou");
-		populator.setSearchSubtree(true);
-		populator.setSearchSubtree(false);
-		populator.setConvertToUpperCase(true);
-		populator.setGroupSearchFilter("(member={0})");
+		this.populator.setRolePrefix("ROLE_");
+		this.populator.setGroupRoleAttribute("ou");
+		this.populator.setSearchSubtree(true);
+		this.populator.setSearchSubtree(false);
+		this.populator.setConvertToUpperCase(true);
+		this.populator.setGroupSearchFilter("(member={0})");
 
 		DirContextAdapter ctx = new DirContextAdapter(
 				new DistinguishedName("uid=ben,ou=people,dc=springframework,dc=org"));
 
-		Set<String> authorities = AuthorityUtils.authorityListToSet(populator.getGrantedAuthorities(ctx, "ben"));
+		Set<String> authorities = AuthorityUtils.authorityListToSet(this.populator.getGrantedAuthorities(ctx, "ben"));
 
 		assertThat(authorities).as("Should have 2 roles").hasSize(2);
 
@@ -103,14 +103,15 @@ public class DefaultLdapAuthoritiesPopulatorTests {
 
 	@Test
 	public void useOfUsernameParameterReturnsExpectedRoles() {
-		populator.setGroupRoleAttribute("ou");
-		populator.setConvertToUpperCase(true);
-		populator.setGroupSearchFilter("(ou={1})");
+		this.populator.setGroupRoleAttribute("ou");
+		this.populator.setConvertToUpperCase(true);
+		this.populator.setGroupSearchFilter("(ou={1})");
 
 		DirContextAdapter ctx = new DirContextAdapter(
 				new DistinguishedName("uid=ben,ou=people,dc=springframework,dc=org"));
 
-		Set<String> authorities = AuthorityUtils.authorityListToSet(populator.getGrantedAuthorities(ctx, "manager"));
+		Set<String> authorities = AuthorityUtils
+				.authorityListToSet(this.populator.getGrantedAuthorities(ctx, "manager"));
 
 		assertThat(authorities).as("Should have 1 role").hasSize(1);
 		assertThat(authorities.contains("ROLE_MANAGER")).isTrue();
@@ -118,13 +119,14 @@ public class DefaultLdapAuthoritiesPopulatorTests {
 
 	@Test
 	public void subGroupRolesAreNotFoundByDefault() {
-		populator.setGroupRoleAttribute("ou");
-		populator.setConvertToUpperCase(true);
+		this.populator.setGroupRoleAttribute("ou");
+		this.populator.setConvertToUpperCase(true);
 
 		DirContextAdapter ctx = new DirContextAdapter(
 				new DistinguishedName("uid=ben,ou=people,dc=springframework,dc=org"));
 
-		Set<String> authorities = AuthorityUtils.authorityListToSet(populator.getGrantedAuthorities(ctx, "manager"));
+		Set<String> authorities = AuthorityUtils
+				.authorityListToSet(this.populator.getGrantedAuthorities(ctx, "manager"));
 
 		assertThat(authorities).as("Should have 2 roles").hasSize(2);
 		assertThat(authorities.contains("ROLE_MANAGER")).isTrue();
@@ -133,14 +135,15 @@ public class DefaultLdapAuthoritiesPopulatorTests {
 
 	@Test
 	public void subGroupRolesAreFoundWhenSubtreeSearchIsEnabled() {
-		populator.setGroupRoleAttribute("ou");
-		populator.setConvertToUpperCase(true);
-		populator.setSearchSubtree(true);
+		this.populator.setGroupRoleAttribute("ou");
+		this.populator.setConvertToUpperCase(true);
+		this.populator.setSearchSubtree(true);
 
 		DirContextAdapter ctx = new DirContextAdapter(
 				new DistinguishedName("uid=ben,ou=people,dc=springframework,dc=org"));
 
-		Set<String> authorities = AuthorityUtils.authorityListToSet(populator.getGrantedAuthorities(ctx, "manager"));
+		Set<String> authorities = AuthorityUtils
+				.authorityListToSet(this.populator.getGrantedAuthorities(ctx, "manager"));
 
 		assertThat(authorities).as("Should have 3 roles").hasSize(3);
 		assertThat(authorities.contains("ROLE_MANAGER")).isTrue();
@@ -150,14 +153,14 @@ public class DefaultLdapAuthoritiesPopulatorTests {
 
 	@Test
 	public void extraRolesAreAdded() {
-		populator = new DefaultLdapAuthoritiesPopulator(this.contextSource, null) {
+		this.populator = new DefaultLdapAuthoritiesPopulator(this.contextSource, null) {
 			@Override
 			protected Set<GrantedAuthority> getAdditionalRoles(DirContextOperations user, String username) {
 				return new HashSet<>(AuthorityUtils.createAuthorityList("ROLE_EXTRA"));
 			}
 		};
 
-		Collection<GrantedAuthority> authorities = populator
+		Collection<GrantedAuthority> authorities = this.populator
 				.getGrantedAuthorities(new DirContextAdapter(new DistinguishedName("cn=notused")), "notused");
 		assertThat(authorities).hasSize(1);
 		assertThat(AuthorityUtils.authorityListToSet(authorities).contains("ROLE_EXTRA")).isTrue();
@@ -165,14 +168,15 @@ public class DefaultLdapAuthoritiesPopulatorTests {
 
 	@Test
 	public void userDnWithEscapedCharacterParameterReturnsExpectedRoles() {
-		populator.setGroupRoleAttribute("ou");
-		populator.setConvertToUpperCase(true);
-		populator.setGroupSearchFilter("(member={0})");
+		this.populator.setGroupRoleAttribute("ou");
+		this.populator.setConvertToUpperCase(true);
+		this.populator.setGroupSearchFilter("(member={0})");
 
 		DirContextAdapter ctx = new DirContextAdapter(
 				new DistinguishedName("cn=mouse\\, jerry,ou=people,dc=springframework,dc=org"));
 
-		Set<String> authorities = AuthorityUtils.authorityListToSet(populator.getGrantedAuthorities(ctx, "notused"));
+		Set<String> authorities = AuthorityUtils
+				.authorityListToSet(this.populator.getGrantedAuthorities(ctx, "notused"));
 
 		assertThat(authorities).as("Should have 1 role").hasSize(1);
 		assertThat(authorities.contains("ROLE_MANAGER")).isTrue();
@@ -180,23 +184,23 @@ public class DefaultLdapAuthoritiesPopulatorTests {
 
 	@Test
 	public void customAuthoritiesMappingFunction() {
-		populator.setAuthorityMapper(record -> {
+		this.populator.setAuthorityMapper(record -> {
 			String dn = record.get(SpringSecurityLdapTemplate.DN_KEY).get(0);
-			String role = record.get(populator.getGroupRoleAttribute()).get(0);
+			String role = record.get(this.populator.getGroupRoleAttribute()).get(0);
 			return new LdapAuthority(role, dn);
 		});
 
 		DirContextAdapter ctx = new DirContextAdapter(
 				new DistinguishedName("cn=mouse\\, jerry,ou=people,dc=springframework,dc=org"));
 
-		Collection<GrantedAuthority> authorities = populator.getGrantedAuthorities(ctx, "notused");
+		Collection<GrantedAuthority> authorities = this.populator.getGrantedAuthorities(ctx, "notused");
 
 		assertThat(authorities).allMatch(LdapAuthority.class::isInstance);
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void customAuthoritiesMappingFunctionThrowsIfNull() {
-		populator.setAuthorityMapper(null);
+		this.populator.setAuthorityMapper(null);
 	}
 
 }
diff --git a/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsManagerTests.java b/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsManagerTests.java
index 20bddda27d..c02d3c3564 100644
--- a/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsManagerTests.java
+++ b/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsManagerTests.java
@@ -61,32 +61,32 @@ public class LdapUserDetailsManagerTests {
 
 	@Before
 	public void setUp() {
-		mgr = new LdapUserDetailsManager(this.contextSource);
-		template = new SpringSecurityLdapTemplate(this.contextSource);
+		this.mgr = new LdapUserDetailsManager(this.contextSource);
+		this.template = new SpringSecurityLdapTemplate(this.contextSource);
 		DirContextAdapter ctx = new DirContextAdapter();
 
 		ctx.setAttributeValue("objectclass", "organizationalUnit");
 		ctx.setAttributeValue("ou", "test people");
-		template.bind("ou=test people", ctx, null);
+		this.template.bind("ou=test people", ctx, null);
 
 		ctx.setAttributeValue("ou", "testgroups");
-		template.bind("ou=testgroups", ctx, null);
+		this.template.bind("ou=testgroups", ctx, null);
 
 		DirContextAdapter group = new DirContextAdapter();
 
 		group.setAttributeValue("objectclass", "groupOfNames");
 		group.setAttributeValue("cn", "clowns");
 		group.setAttributeValue("member", "cn=nobody,ou=test people,dc=springframework,dc=org");
-		template.bind("cn=clowns,ou=testgroups", group, null);
+		this.template.bind("cn=clowns,ou=testgroups", group, null);
 
 		group.setAttributeValue("cn", "acrobats");
-		template.bind("cn=acrobats,ou=testgroups", group, null);
+		this.template.bind("cn=acrobats,ou=testgroups", group, null);
 
-		mgr.setUsernameMapper(new DefaultLdapUsernameToDnMapper("ou=test people", "uid"));
-		mgr.setGroupSearchBase("ou=testgroups");
-		mgr.setGroupRoleAttributeName("cn");
-		mgr.setGroupMemberAttributeName("member");
-		mgr.setUserDetailsMapper(new PersonContextMapper());
+		this.mgr.setUsernameMapper(new DefaultLdapUsernameToDnMapper("ou=test people", "uid"));
+		this.mgr.setGroupSearchBase("ou=testgroups");
+		this.mgr.setGroupRoleAttributeName("cn");
+		this.mgr.setGroupMemberAttributeName("member");
+		this.mgr.setUserDetailsMapper(new PersonContextMapper());
 	}
 
 	@After
@@ -100,17 +100,17 @@ public class LdapUserDetailsManagerTests {
 		// template.unbind((String) people.next() + ",ou=testpeople");
 		// }
 
-		template.unbind("ou=test people", true);
-		template.unbind("ou=testgroups", true);
+		this.template.unbind("ou=test people", true);
+		this.template.unbind("ou=testgroups", true);
 
 		SecurityContextHolder.clearContext();
 	}
 
 	@Test
 	public void testLoadUserByUsernameReturnsCorrectData() {
-		mgr.setUsernameMapper(new DefaultLdapUsernameToDnMapper("ou=people", "uid"));
-		mgr.setGroupSearchBase("ou=groups");
-		LdapUserDetails bob = (LdapUserDetails) mgr.loadUserByUsername("bob");
+		this.mgr.setUsernameMapper(new DefaultLdapUsernameToDnMapper("ou=people", "uid"));
+		this.mgr.setGroupSearchBase("ou=groups");
+		LdapUserDetails bob = (LdapUserDetails) this.mgr.loadUserByUsername("bob");
 		assertThat(bob.getUsername()).isEqualTo("bob");
 		assertThat(bob.getDn()).isEqualTo("uid=bob,ou=people,dc=springframework,dc=org");
 		assertThat(bob.getPassword()).isEqualTo("bobspassword");
@@ -120,18 +120,18 @@ public class LdapUserDetailsManagerTests {
 
 	@Test(expected = UsernameNotFoundException.class)
 	public void testLoadingInvalidUsernameThrowsUsernameNotFoundException() {
-		mgr.loadUserByUsername("jim");
+		this.mgr.loadUserByUsername("jim");
 	}
 
 	@Test
 	public void testUserExistsReturnsTrueForValidUser() {
-		mgr.setUsernameMapper(new DefaultLdapUsernameToDnMapper("ou=people", "uid"));
-		assertThat(mgr.userExists("bob")).isTrue();
+		this.mgr.setUsernameMapper(new DefaultLdapUsernameToDnMapper("ou=people", "uid"));
+		assertThat(this.mgr.userExists("bob")).isTrue();
 	}
 
 	@Test
 	public void testUserExistsReturnsFalseForInValidUser() {
-		assertThat(mgr.userExists("jim")).isFalse();
+		assertThat(this.mgr.userExists("jim")).isFalse();
 	}
 
 	@Test
@@ -154,7 +154,7 @@ public class LdapUserDetailsManagerTests {
 
 		p.setAuthorities(TEST_AUTHORITIES);
 
-		mgr.createUser(p.createUserDetails());
+		this.mgr.createUser(p.createUserDetails());
 	}
 
 	@Test
@@ -166,17 +166,17 @@ public class LdapUserDetailsManagerTests {
 		p.setUid("don");
 		p.setAuthorities(TEST_AUTHORITIES);
 
-		mgr.createUser(p.createUserDetails());
-		mgr.setUserDetailsMapper(new InetOrgPersonContextMapper());
+		this.mgr.createUser(p.createUserDetails());
+		this.mgr.setUserDetailsMapper(new InetOrgPersonContextMapper());
 
-		InetOrgPerson don = (InetOrgPerson) mgr.loadUserByUsername("don");
+		InetOrgPerson don = (InetOrgPerson) this.mgr.loadUserByUsername("don");
 
 		assertThat(don.getAuthorities()).hasSize(2);
 
-		mgr.deleteUser("don");
+		this.mgr.deleteUser("don");
 
 		try {
-			mgr.loadUserByUsername("don");
+			this.mgr.loadUserByUsername("don");
 			fail("Expected UsernameNotFoundException after deleting user");
 		}
 		catch (UsernameNotFoundException expected) {
@@ -184,7 +184,7 @@ public class LdapUserDetailsManagerTests {
 		}
 
 		// Check that no authorities are left
-		assertThat(mgr.getUserAuthorities(mgr.usernameMapper.buildDn("don"), "don")).hasSize(0);
+		assertThat(this.mgr.getUserAuthorities(this.mgr.usernameMapper.buildDn("don"), "don")).hasSize(0);
 	}
 
 	@Test
@@ -197,14 +197,14 @@ public class LdapUserDetailsManagerTests {
 		p.setPassword("yossarianspassword");
 		p.setAuthorities(TEST_AUTHORITIES);
 
-		mgr.createUser(p.createUserDetails());
+		this.mgr.createUser(p.createUserDetails());
 
 		SecurityContextHolder.getContext().setAuthentication(
 				new UsernamePasswordAuthenticationToken("johnyossarian", "yossarianspassword", TEST_AUTHORITIES));
 
-		mgr.changePassword("yossarianspassword", "yossariansnewpassword");
+		this.mgr.changePassword("yossarianspassword", "yossariansnewpassword");
 
-		assertThat(template.compare("uid=johnyossarian,ou=test people", "userPassword", "yossariansnewpassword"))
+		assertThat(this.template.compare("uid=johnyossarian,ou=test people", "userPassword", "yossariansnewpassword"))
 				.isTrue();
 	}
 
@@ -218,12 +218,12 @@ public class LdapUserDetailsManagerTests {
 		p.setPassword("yossarianspassword");
 		p.setAuthorities(TEST_AUTHORITIES);
 
-		mgr.createUser(p.createUserDetails());
+		this.mgr.createUser(p.createUserDetails());
 
 		SecurityContextHolder.getContext().setAuthentication(
 				new UsernamePasswordAuthenticationToken("johnyossarian", "yossarianspassword", TEST_AUTHORITIES));
 
-		mgr.changePassword("wrongpassword", "yossariansnewpassword");
+		this.mgr.changePassword("wrongpassword", "yossariansnewpassword");
 	}
 
 }
diff --git a/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/NestedLdapAuthoritiesPopulatorTests.java b/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/NestedLdapAuthoritiesPopulatorTests.java
index a1142aebb0..657cf67edc 100644
--- a/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/NestedLdapAuthoritiesPopulatorTests.java
+++ b/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/NestedLdapAuthoritiesPopulatorTests.java
@@ -60,69 +60,69 @@ public class NestedLdapAuthoritiesPopulatorTests {
 
 	@Before
 	public void setUp() {
-		populator = new NestedLdapAuthoritiesPopulator(this.contextSource, "ou=jdeveloper");
-		populator.setGroupSearchFilter("(member={0})");
-		populator.setIgnorePartialResultException(false);
-		populator.setRolePrefix("");
-		populator.setSearchSubtree(true);
-		populator.setConvertToUpperCase(false);
-		jDevelopers = new LdapAuthority("j-developers", "cn=j-developers,ou=jdeveloper,dc=springframework,dc=org");
-		javaDevelopers = new LdapAuthority("java-developers",
+		this.populator = new NestedLdapAuthoritiesPopulator(this.contextSource, "ou=jdeveloper");
+		this.populator.setGroupSearchFilter("(member={0})");
+		this.populator.setIgnorePartialResultException(false);
+		this.populator.setRolePrefix("");
+		this.populator.setSearchSubtree(true);
+		this.populator.setConvertToUpperCase(false);
+		this.jDevelopers = new LdapAuthority("j-developers", "cn=j-developers,ou=jdeveloper,dc=springframework,dc=org");
+		this.javaDevelopers = new LdapAuthority("java-developers",
 				"cn=java-developers,ou=jdeveloper,dc=springframework,dc=org");
-		groovyDevelopers = new LdapAuthority("groovy-developers",
+		this.groovyDevelopers = new LdapAuthority("groovy-developers",
 				"cn=groovy-developers,ou=jdeveloper,dc=springframework,dc=org");
-		scalaDevelopers = new LdapAuthority("scala-developers",
+		this.scalaDevelopers = new LdapAuthority("scala-developers",
 				"cn=scala-developers,ou=jdeveloper,dc=springframework,dc=org");
-		closureDevelopers = new LdapAuthority("closure-developers",
+		this.closureDevelopers = new LdapAuthority("closure-developers",
 				"cn=closure-developers,ou=jdeveloper,dc=springframework,dc=org");
-		circularJavaDevelopers = new LdapAuthority("circular-java-developers",
+		this.circularJavaDevelopers = new LdapAuthority("circular-java-developers",
 				"cn=circular-java-developers,ou=jdeveloper,dc=springframework,dc=org");
 	}
 
 	@Test
 	public void testScalaDudeJDevelopersAuthorities() {
 		DirContextAdapter ctx = new DirContextAdapter("uid=scaladude,ou=people,dc=springframework,dc=org");
-		Collection<GrantedAuthority> authorities = populator.getGrantedAuthorities(ctx, "scaladude");
+		Collection<GrantedAuthority> authorities = this.populator.getGrantedAuthorities(ctx, "scaladude");
 		assertThat(authorities).hasSize(5);
-		assertThat(authorities).isEqualTo(
-				Arrays.asList(javaDevelopers, circularJavaDevelopers, scalaDevelopers, groovyDevelopers, jDevelopers));
+		assertThat(authorities).isEqualTo(Arrays.asList(this.javaDevelopers, this.circularJavaDevelopers,
+				this.scalaDevelopers, this.groovyDevelopers, this.jDevelopers));
 	}
 
 	@Test
 	public void testJavaDudeJDevelopersAuthorities() {
 		DirContextAdapter ctx = new DirContextAdapter("uid=javadude,ou=people,dc=springframework,dc=org");
-		Collection<GrantedAuthority> authorities = populator.getGrantedAuthorities(ctx, "javadude");
+		Collection<GrantedAuthority> authorities = this.populator.getGrantedAuthorities(ctx, "javadude");
 		assertThat(authorities).hasSize(4);
-		assertThat(authorities).contains(javaDevelopers);
+		assertThat(authorities).contains(this.javaDevelopers);
 	}
 
 	@Test
 	public void testScalaDudeJDevelopersAuthoritiesWithSearchLimit() {
-		populator.setMaxSearchDepth(1);
+		this.populator.setMaxSearchDepth(1);
 		DirContextAdapter ctx = new DirContextAdapter("uid=scaladude,ou=people,dc=springframework,dc=org");
-		Collection<GrantedAuthority> authorities = populator.getGrantedAuthorities(ctx, "scaladude");
+		Collection<GrantedAuthority> authorities = this.populator.getGrantedAuthorities(ctx, "scaladude");
 		assertThat(authorities).hasSize(1);
-		assertThat(authorities).isEqualTo(Arrays.asList(scalaDevelopers));
+		assertThat(authorities).isEqualTo(Arrays.asList(this.scalaDevelopers));
 	}
 
 	@Test
 	public void testGroovyDudeJDevelopersAuthorities() {
 		DirContextAdapter ctx = new DirContextAdapter("uid=groovydude,ou=people,dc=springframework,dc=org");
-		Collection<GrantedAuthority> authorities = populator.getGrantedAuthorities(ctx, "groovydude");
+		Collection<GrantedAuthority> authorities = this.populator.getGrantedAuthorities(ctx, "groovydude");
 		assertThat(authorities).hasSize(4);
-		assertThat(authorities)
-				.isEqualTo(Arrays.asList(javaDevelopers, circularJavaDevelopers, groovyDevelopers, jDevelopers));
+		assertThat(authorities).isEqualTo(Arrays.asList(this.javaDevelopers, this.circularJavaDevelopers,
+				this.groovyDevelopers, this.jDevelopers));
 	}
 
 	@Test
 	public void testClosureDudeJDevelopersWithMembershipAsAttributeValues() {
-		populator.setAttributeNames(new HashSet(Arrays.asList("member")));
+		this.populator.setAttributeNames(new HashSet(Arrays.asList("member")));
 
 		DirContextAdapter ctx = new DirContextAdapter("uid=closuredude,ou=people,dc=springframework,dc=org");
-		Collection<GrantedAuthority> authorities = populator.getGrantedAuthorities(ctx, "closuredude");
+		Collection<GrantedAuthority> authorities = this.populator.getGrantedAuthorities(ctx, "closuredude");
 		assertThat(authorities).hasSize(5);
-		assertThat(authorities).isEqualTo(Arrays.asList(javaDevelopers, circularJavaDevelopers, closureDevelopers,
-				groovyDevelopers, jDevelopers));
+		assertThat(authorities).isEqualTo(Arrays.asList(this.javaDevelopers, this.circularJavaDevelopers,
+				this.closureDevelopers, this.groovyDevelopers, this.jDevelopers));
 
 		LdapAuthority[] ldapAuthorities = authorities.toArray(new LdapAuthority[0]);
 		assertThat(ldapAuthorities).hasSize(5);
@@ -137,7 +137,7 @@ public class NestedLdapAuthoritiesPopulatorTests {
 		assertThat(ldapAuthorities[1].getAttributes().containsKey("member")).isTrue();
 		assertThat(ldapAuthorities[1].getAttributes().get("member")).isNotNull();
 		assertThat(ldapAuthorities[1].getAttributes().get("member")).hasSize(3);
-		assertThat(groovyDevelopers.getDn()).isEqualTo(ldapAuthorities[1].getFirstAttributeValue("member"));
+		assertThat(this.groovyDevelopers.getDn()).isEqualTo(ldapAuthorities[1].getFirstAttributeValue("member"));
 		assertThat(ldapAuthorities[2].getAttributes().get("member"))
 				.contains("uid=closuredude,ou=people,dc=springframework,dc=org");
 
@@ -146,7 +146,7 @@ public class NestedLdapAuthoritiesPopulatorTests {
 		assertThat(ldapAuthorities[2].getAttributeValues("test")).isNotNull();
 		assertThat(ldapAuthorities[2].getAttributeValues("test")).isEmpty();
 		// test role name
-		assertThat(ldapAuthorities[3].getAuthority()).isEqualTo(groovyDevelopers.getAuthority());
+		assertThat(ldapAuthorities[3].getAuthority()).isEqualTo(this.groovyDevelopers.getAuthority());
 	}
 
 }
diff --git a/ldap/src/main/java/org/springframework/security/ldap/DefaultLdapUsernameToDnMapper.java b/ldap/src/main/java/org/springframework/security/ldap/DefaultLdapUsernameToDnMapper.java
index 2b7a68bac0..8d15870ab6 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/DefaultLdapUsernameToDnMapper.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/DefaultLdapUsernameToDnMapper.java
@@ -44,9 +44,9 @@ public class DefaultLdapUsernameToDnMapper implements LdapUsernameToDnMapper {
 	 * Assembles the Distinguished Name that should be used the given username.
 	 */
 	public DistinguishedName buildDn(String username) {
-		DistinguishedName dn = new DistinguishedName(userDnBase);
+		DistinguishedName dn = new DistinguishedName(this.userDnBase);
 
-		dn.add(usernameAttribute, username);
+		dn.add(this.usernameAttribute, username);
 
 		return dn;
 	}
diff --git a/ldap/src/main/java/org/springframework/security/ldap/SpringSecurityLdapTemplate.java b/ldap/src/main/java/org/springframework/security/ldap/SpringSecurityLdapTemplate.java
index a363e2a137..8a855cefe8 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/SpringSecurityLdapTemplate.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/SpringSecurityLdapTemplate.java
@@ -76,7 +76,7 @@ public class SpringSecurityLdapTemplate extends LdapTemplate {
 		Assert.notNull(contextSource, "ContextSource cannot be null");
 		setContextSource(contextSource);
 
-		searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE);
+		this.searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE);
 	}
 
 	/**
@@ -211,7 +211,7 @@ public class SpringSecurityLdapTemplate extends LdapTemplate {
 		};
 
 		SearchControls ctls = new SearchControls();
-		ctls.setSearchScope(searchControls.getSearchScope());
+		ctls.setSearchScope(this.searchControls.getSearchScope());
 		ctls.setReturningAttributes(attributeNames != null && attributeNames.length > 0 ? attributeNames : null);
 
 		search(base, formattedFilter, ctls, roleMapper);
@@ -284,7 +284,7 @@ public class SpringSecurityLdapTemplate extends LdapTemplate {
 	public DirContextOperations searchForSingleEntry(final String base, final String filter, final Object[] params) {
 
 		return (DirContextOperations) executeReadOnly(
-				(ContextExecutor) ctx -> searchForSingleEntryInternal(ctx, searchControls, base, filter, params));
+				(ContextExecutor) ctx -> searchForSingleEntryInternal(ctx, this.searchControls, base, filter, params));
 	}
 
 	/**
diff --git a/ldap/src/main/java/org/springframework/security/ldap/authentication/AbstractLdapAuthenticator.java b/ldap/src/main/java/org/springframework/security/ldap/authentication/AbstractLdapAuthenticator.java
index db1522e7c5..79890a2022 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/authentication/AbstractLdapAuthenticator.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/authentication/AbstractLdapAuthenticator.java
@@ -67,16 +67,16 @@ public abstract class AbstractLdapAuthenticator implements LdapAuthenticator, In
 	}
 
 	public void afterPropertiesSet() {
-		Assert.isTrue((userDnFormat != null) || (userSearch != null),
+		Assert.isTrue((this.userDnFormat != null) || (this.userSearch != null),
 				"Either an LdapUserSearch or DN pattern (or both) must be supplied.");
 	}
 
 	protected ContextSource getContextSource() {
-		return contextSource;
+		return this.contextSource;
 	}
 
 	public String[] getUserAttributes() {
-		return userAttributes;
+		return this.userAttributes;
 	}
 
 	/**
@@ -87,15 +87,15 @@ public abstract class AbstractLdapAuthenticator implements LdapAuthenticator, In
 	 * set.
 	 */
 	protected List<String> getUserDns(String username) {
-		if (userDnFormat == null) {
+		if (this.userDnFormat == null) {
 			return Collections.emptyList();
 		}
 
-		List<String> userDns = new ArrayList<>(userDnFormat.length);
+		List<String> userDns = new ArrayList<>(this.userDnFormat.length);
 		String[] args = new String[] { LdapEncoder.nameEncode(username) };
 
-		synchronized (userDnFormat) {
-			for (MessageFormat formatter : userDnFormat) {
+		synchronized (this.userDnFormat) {
+			for (MessageFormat formatter : this.userDnFormat) {
 				userDns.add(formatter.format(args));
 			}
 		}
@@ -104,7 +104,7 @@ public abstract class AbstractLdapAuthenticator implements LdapAuthenticator, In
 	}
 
 	protected LdapUserSearch getUserSearch() {
-		return userSearch;
+		return this.userSearch;
 	}
 
 	public void setMessageSource(MessageSource messageSource) {
@@ -131,10 +131,10 @@ public abstract class AbstractLdapAuthenticator implements LdapAuthenticator, In
 	public void setUserDnPatterns(String[] dnPattern) {
 		Assert.notNull(dnPattern, "The array of DN patterns cannot be set to null");
 		// this.userDnPattern = dnPattern;
-		userDnFormat = new MessageFormat[dnPattern.length];
+		this.userDnFormat = new MessageFormat[dnPattern.length];
 
 		for (int i = 0; i < dnPattern.length; i++) {
-			userDnFormat[i] = new MessageFormat(dnPattern[i]);
+			this.userDnFormat[i] = new MessageFormat(dnPattern[i]);
 		}
 	}
 
diff --git a/ldap/src/main/java/org/springframework/security/ldap/authentication/BindAuthenticator.java b/ldap/src/main/java/org/springframework/security/ldap/authentication/BindAuthenticator.java
index 06a8ce1b1e..a374b5bf6e 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/authentication/BindAuthenticator.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/authentication/BindAuthenticator.java
@@ -67,7 +67,8 @@ public class BindAuthenticator extends AbstractLdapAuthenticator {
 
 		if (!StringUtils.hasLength(password)) {
 			logger.debug("Rejecting empty password for user " + username);
-			throw new BadCredentialsException(messages.getMessage("BindAuthenticator.emptyPassword", "Empty Password"));
+			throw new BadCredentialsException(
+					this.messages.getMessage("BindAuthenticator.emptyPassword", "Empty Password"));
 		}
 
 		// If DN patterns are configured, try authenticating with them directly
@@ -88,7 +89,7 @@ public class BindAuthenticator extends AbstractLdapAuthenticator {
 
 		if (user == null) {
 			throw new BadCredentialsException(
-					messages.getMessage("BindAuthenticator.badCredentials", "Bad credentials"));
+					this.messages.getMessage("BindAuthenticator.badCredentials", "Bad credentials"));
 		}
 
 		return user;
diff --git a/ldap/src/main/java/org/springframework/security/ldap/authentication/PasswordComparisonAuthenticator.java b/ldap/src/main/java/org/springframework/security/ldap/authentication/PasswordComparisonAuthenticator.java
index db72e51ed7..6a8eda48ce 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/authentication/PasswordComparisonAuthenticator.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/authentication/PasswordComparisonAuthenticator.java
@@ -92,23 +92,23 @@ public final class PasswordComparisonAuthenticator extends AbstractLdapAuthentic
 		}
 
 		if (logger.isDebugEnabled()) {
-			logger.debug("Performing LDAP compare of password attribute '" + passwordAttributeName + "' for user '"
+			logger.debug("Performing LDAP compare of password attribute '" + this.passwordAttributeName + "' for user '"
 					+ user.getDn() + "'");
 		}
 
-		if (usePasswordAttrCompare && isPasswordAttrCompare(user, password)) {
+		if (this.usePasswordAttrCompare && isPasswordAttrCompare(user, password)) {
 			return user;
 		}
 		else if (isLdapPasswordCompare(user, ldapTemplate, password)) {
 			return user;
 		}
 		throw new BadCredentialsException(
-				messages.getMessage("PasswordComparisonAuthenticator.badCredentials", "Bad credentials"));
+				this.messages.getMessage("PasswordComparisonAuthenticator.badCredentials", "Bad credentials"));
 	}
 
 	private boolean isPasswordAttrCompare(DirContextOperations user, String password) {
 		String passwordAttrValue = getPassword(user);
-		return passwordEncoder.matches(password, passwordAttrValue);
+		return this.passwordEncoder.matches(password, passwordAttrValue);
 	}
 
 	private String getPassword(DirContextOperations user) {
@@ -124,9 +124,9 @@ public final class PasswordComparisonAuthenticator extends AbstractLdapAuthentic
 
 	private boolean isLdapPasswordCompare(DirContextOperations user, SpringSecurityLdapTemplate ldapTemplate,
 			String password) {
-		String encodedPassword = passwordEncoder.encode(password);
+		String encodedPassword = this.passwordEncoder.encode(password);
 		byte[] passwordBytes = Utf8.encode(encodedPassword);
-		return ldapTemplate.compare(user.getDn().toString(), passwordAttributeName, passwordBytes);
+		return ldapTemplate.compare(user.getDn().toString(), this.passwordAttributeName, passwordBytes);
 	}
 
 	public void setPasswordAttributeName(String passwordAttribute) {
diff --git a/ldap/src/main/java/org/springframework/security/ldap/authentication/UserDetailsServiceLdapAuthoritiesPopulator.java b/ldap/src/main/java/org/springframework/security/ldap/authentication/UserDetailsServiceLdapAuthoritiesPopulator.java
index 80999875b6..fbf4682871 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/authentication/UserDetailsServiceLdapAuthoritiesPopulator.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/authentication/UserDetailsServiceLdapAuthoritiesPopulator.java
@@ -41,7 +41,7 @@ public class UserDetailsServiceLdapAuthoritiesPopulator implements LdapAuthoriti
 
 	public Collection<? extends GrantedAuthority> getGrantedAuthorities(DirContextOperations userData,
 			String username) {
-		return userDetailsService.loadUserByUsername(username).getAuthorities();
+		return this.userDetailsService.loadUserByUsername(username).getAuthorities();
 	}
 
 }
diff --git a/ldap/src/main/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryAuthenticationException.java b/ldap/src/main/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryAuthenticationException.java
index b6473ceaff..fb6f860a2a 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryAuthenticationException.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryAuthenticationException.java
@@ -50,7 +50,7 @@ public final class ActiveDirectoryAuthenticationException extends Authentication
 	}
 
 	public String getDataCode() {
-		return dataCode;
+		return this.dataCode;
 	}
 
 }
diff --git a/ldap/src/main/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProvider.java b/ldap/src/main/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProvider.java
index 56cd883979..baafbe38fd 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProvider.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProvider.java
@@ -152,7 +152,7 @@ public final class ActiveDirectoryLdapAuthenticationProvider extends AbstractLda
 		Assert.isTrue(StringUtils.hasText(url), "Url cannot be empty");
 		this.domain = StringUtils.hasText(domain) ? domain.toLowerCase() : null;
 		this.url = url;
-		rootDn = this.domain == null ? null : rootDnFromDomain(this.domain);
+		this.rootDn = this.domain == null ? null : rootDnFromDomain(this.domain);
 	}
 
 	@Override
@@ -169,7 +169,7 @@ public final class ActiveDirectoryLdapAuthenticationProvider extends AbstractLda
 			throw badLdapConnection(e);
 		}
 		catch (NamingException e) {
-			logger.error("Failed to locate directory entry for authenticated user: " + username, e);
+			this.logger.error("Failed to locate directory entry for authenticated user: " + username, e);
 			throw badCredentials(e);
 		}
 		finally {
@@ -187,13 +187,13 @@ public final class ActiveDirectoryLdapAuthenticationProvider extends AbstractLda
 		String[] groups = userData.getStringAttributes("memberOf");
 
 		if (groups == null) {
-			logger.debug("No values for 'memberOf' attribute.");
+			this.logger.debug("No values for 'memberOf' attribute.");
 
 			return AuthorityUtils.NO_AUTHORITIES;
 		}
 
-		if (logger.isDebugEnabled()) {
-			logger.debug("'memberOf' attribute values: " + Arrays.asList(groups));
+		if (this.logger.isDebugEnabled()) {
+			this.logger.debug("'memberOf' attribute values: " + Arrays.asList(groups));
 		}
 
 		ArrayList<GrantedAuthority> authorities = new ArrayList<>(groups.length);
@@ -207,7 +207,7 @@ public final class ActiveDirectoryLdapAuthenticationProvider extends AbstractLda
 
 	private DirContext bindAsUser(String username, String password) {
 		// TODO. add DNS lookup based on domain
-		final String bindUrl = url;
+		final String bindUrl = this.url;
 
 		Hashtable<String, Object> env = new Hashtable<>();
 		env.put(Context.SECURITY_AUTHENTICATION, "simple");
@@ -220,7 +220,7 @@ public final class ActiveDirectoryLdapAuthenticationProvider extends AbstractLda
 		env.putAll(this.contextEnvironmentProperties);
 
 		try {
-			return contextFactory.createContext(env);
+			return this.contextFactory.createContext(env);
 		}
 		catch (NamingException e) {
 			if ((e instanceof AuthenticationException) || (e instanceof OperationNotSupportedException)) {
@@ -234,8 +234,8 @@ public final class ActiveDirectoryLdapAuthenticationProvider extends AbstractLda
 	}
 
 	private void handleBindException(String bindPrincipal, NamingException exception) {
-		if (logger.isDebugEnabled()) {
-			logger.debug("Authentication for " + bindPrincipal + " failed:" + exception);
+		if (this.logger.isDebugEnabled()) {
+			this.logger.debug("Authentication for " + bindPrincipal + " failed:" + exception);
 		}
 
 		handleResolveObj(exception);
@@ -243,13 +243,13 @@ public final class ActiveDirectoryLdapAuthenticationProvider extends AbstractLda
 		int subErrorCode = parseSubErrorCode(exception.getMessage());
 
 		if (subErrorCode <= 0) {
-			logger.debug("Failed to locate AD-specific sub-error code in message");
+			this.logger.debug("Failed to locate AD-specific sub-error code in message");
 			return;
 		}
 
-		logger.info("Active Directory authentication failed: " + subCodeToLogMessage(subErrorCode));
+		this.logger.info("Active Directory authentication failed: " + subCodeToLogMessage(subErrorCode));
 
-		if (convertSubErrorCodesToExceptions) {
+		if (this.convertSubErrorCodesToExceptions) {
 			raiseExceptionForErrorCode(subErrorCode, exception);
 		}
 	}
@@ -277,17 +277,17 @@ public final class ActiveDirectoryLdapAuthenticationProvider extends AbstractLda
 		Throwable cause = new ActiveDirectoryAuthenticationException(hexString, exception.getMessage(), exception);
 		switch (code) {
 		case PASSWORD_EXPIRED:
-			throw new CredentialsExpiredException(messages.getMessage("LdapAuthenticationProvider.credentialsExpired",
-					"User credentials have expired"), cause);
+			throw new CredentialsExpiredException(this.messages.getMessage(
+					"LdapAuthenticationProvider.credentialsExpired", "User credentials have expired"), cause);
 		case ACCOUNT_DISABLED:
-			throw new DisabledException(messages.getMessage("LdapAuthenticationProvider.disabled", "User is disabled"),
-					cause);
+			throw new DisabledException(
+					this.messages.getMessage("LdapAuthenticationProvider.disabled", "User is disabled"), cause);
 		case ACCOUNT_EXPIRED:
 			throw new AccountExpiredException(
-					messages.getMessage("LdapAuthenticationProvider.expired", "User account has expired"), cause);
+					this.messages.getMessage("LdapAuthenticationProvider.expired", "User account has expired"), cause);
 		case ACCOUNT_LOCKED:
 			throw new LockedException(
-					messages.getMessage("LdapAuthenticationProvider.locked", "User account is locked"), cause);
+					this.messages.getMessage("LdapAuthenticationProvider.locked", "User account is locked"), cause);
 		default:
 			throw badCredentials(cause);
 		}
@@ -318,7 +318,7 @@ public final class ActiveDirectoryLdapAuthenticationProvider extends AbstractLda
 
 	private BadCredentialsException badCredentials() {
 		return new BadCredentialsException(
-				messages.getMessage("LdapAuthenticationProvider.badCredentials", "Bad credentials"));
+				this.messages.getMessage("LdapAuthenticationProvider.badCredentials", "Bad credentials"));
 	}
 
 	private BadCredentialsException badCredentials(Throwable cause) {
@@ -326,7 +326,7 @@ public final class ActiveDirectoryLdapAuthenticationProvider extends AbstractLda
 	}
 
 	private InternalAuthenticationServiceException badLdapConnection(Throwable cause) {
-		return new InternalAuthenticationServiceException(messages.getMessage(
+		return new InternalAuthenticationServiceException(this.messages.getMessage(
 				"LdapAuthenticationProvider.badLdapConnection", "Connection to LDAP server failed."), cause);
 	}
 
@@ -335,11 +335,11 @@ public final class ActiveDirectoryLdapAuthenticationProvider extends AbstractLda
 		searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE);
 
 		String bindPrincipal = createBindPrincipal(username);
-		String searchRoot = rootDn != null ? rootDn : searchRootFromPrincipal(bindPrincipal);
+		String searchRoot = this.rootDn != null ? this.rootDn : searchRootFromPrincipal(bindPrincipal);
 
 		try {
 			return SpringSecurityLdapTemplate.searchForSingleEntryInternal(context, searchControls, searchRoot,
-					searchFilter, new Object[] { bindPrincipal, username });
+					this.searchFilter, new Object[] { bindPrincipal, username });
 		}
 		catch (CommunicationException ldapCommunicationException) {
 			throw badLdapConnection(ldapCommunicationException);
@@ -361,7 +361,7 @@ public final class ActiveDirectoryLdapAuthenticationProvider extends AbstractLda
 		int atChar = bindPrincipal.lastIndexOf('@');
 
 		if (atChar < 0) {
-			logger.debug("User principal '" + bindPrincipal
+			this.logger.debug("User principal '" + bindPrincipal
 					+ "' does not contain the domain, and no domain has been configured");
 			throw badCredentials();
 		}
@@ -384,11 +384,11 @@ public final class ActiveDirectoryLdapAuthenticationProvider extends AbstractLda
 	}
 
 	String createBindPrincipal(String username) {
-		if (domain == null || username.toLowerCase().endsWith(domain)) {
+		if (this.domain == null || username.toLowerCase().endsWith(this.domain)) {
 			return username;
 		}
 
-		return username + "@" + domain;
+		return username + "@" + this.domain;
 	}
 
 	/**
diff --git a/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyAwareContextSource.java b/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyAwareContextSource.java
index 173582036d..9615bcba13 100755
--- a/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyAwareContextSource.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyAwareContextSource.java
@@ -45,18 +45,18 @@ public class PasswordPolicyAwareContextSource extends DefaultSpringSecurityConte
 
 	@Override
 	public DirContext getContext(String principal, String credentials) throws PasswordPolicyException {
-		if (principal.equals(userDn)) {
+		if (principal.equals(this.userDn)) {
 			return super.getContext(principal, credentials);
 		}
 
-		final boolean debug = logger.isDebugEnabled();
+		final boolean debug = this.logger.isDebugEnabled();
 
 		if (debug) {
-			logger.debug("Binding as '" + userDn + "', prior to reconnect as user '" + principal + "'");
+			this.logger.debug("Binding as '" + this.userDn + "', prior to reconnect as user '" + principal + "'");
 		}
 
 		// First bind as manager user before rebinding as the specific principal.
-		LdapContext ctx = (LdapContext) super.getContext(userDn, password);
+		LdapContext ctx = (LdapContext) super.getContext(this.userDn, this.password);
 
 		Control[] rctls = { new PasswordPolicyControl(false) };
 
@@ -68,8 +68,8 @@ public class PasswordPolicyAwareContextSource extends DefaultSpringSecurityConte
 		catch (javax.naming.NamingException ne) {
 			PasswordPolicyResponseControl ctrl = PasswordPolicyControlExtractor.extractControl(ctx);
 			if (debug) {
-				logger.debug("Failed to obtain context", ne);
-				logger.debug("Password policy response: " + ctrl);
+				this.logger.debug("Failed to obtain context", ne);
+				this.logger.debug("Password policy response: " + ctrl);
 			}
 
 			LdapUtils.closeContext(ctx);
@@ -84,7 +84,7 @@ public class PasswordPolicyAwareContextSource extends DefaultSpringSecurityConte
 		}
 
 		if (debug) {
-			logger.debug("PPolicy control returned: " + PasswordPolicyControlExtractor.extractControl(ctx));
+			this.logger.debug("PPolicy control returned: " + PasswordPolicyControlExtractor.extractControl(ctx));
 		}
 
 		return ctx;
diff --git a/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControl.java b/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControl.java
index a905c68c7b..73a865446e 100755
--- a/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControl.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControl.java
@@ -72,7 +72,7 @@ public class PasswordPolicyControl implements Control {
 	 * Returns whether the control is critical for the client.
 	 */
 	public boolean isCritical() {
-		return critical;
+		return this.critical;
 	}
 
 }
diff --git a/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyErrorStatus.java b/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyErrorStatus.java
index a9e52267a6..9aae7e4824 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyErrorStatus.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyErrorStatus.java
@@ -65,11 +65,11 @@ public enum PasswordPolicyErrorStatus {
 	}
 
 	public String getErrorCode() {
-		return errorCode;
+		return this.errorCode;
 	}
 
 	public String getDefaultMessage() {
-		return defaultMessage;
+		return this.defaultMessage;
 	}
 
 }
diff --git a/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyException.java b/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyException.java
index 62d4106d1b..b09b158d5a 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyException.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyException.java
@@ -34,7 +34,7 @@ public class PasswordPolicyException extends RuntimeException {
 	}
 
 	public PasswordPolicyErrorStatus getStatus() {
-		return status;
+		return this.status;
 	}
 
 }
diff --git a/ldap/src/main/java/org/springframework/security/ldap/search/FilterBasedLdapUserSearch.java b/ldap/src/main/java/org/springframework/security/ldap/search/FilterBasedLdapUserSearch.java
index 7eecc6de77..22bb16229d 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/search/FilterBasedLdapUserSearch.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/search/FilterBasedLdapUserSearch.java
@@ -99,13 +99,13 @@ public class FilterBasedLdapUserSearch implements LdapUserSearch {
 			logger.debug("Searching for user '" + username + "', with user search " + this);
 		}
 
-		SpringSecurityLdapTemplate template = new SpringSecurityLdapTemplate(contextSource);
+		SpringSecurityLdapTemplate template = new SpringSecurityLdapTemplate(this.contextSource);
 
-		template.setSearchControls(searchControls);
+		template.setSearchControls(this.searchControls);
 
 		try {
 
-			return template.searchForSingleEntry(searchBase, searchFilter, new String[] { username });
+			return template.searchForSingleEntry(this.searchBase, this.searchFilter, new String[] { username });
 
 		}
 		catch (IncorrectResultSizeDataAccessException notFound) {
@@ -124,7 +124,7 @@ public class FilterBasedLdapUserSearch implements LdapUserSearch {
 	 * @param deref the derefLinkFlag value as defined in SearchControls..
 	 */
 	public void setDerefLinkFlag(boolean deref) {
-		searchControls.setDerefLinkFlag(deref);
+		this.searchControls.setDerefLinkFlag(deref);
 	}
 
 	/**
@@ -134,7 +134,8 @@ public class FilterBasedLdapUserSearch implements LdapUserSearch {
 	 * SearchControls.SUBTREE_SCOPE rather than SearchControls.ONELEVEL_SCOPE.
 	 */
 	public void setSearchSubtree(boolean searchSubtree) {
-		searchControls.setSearchScope(searchSubtree ? SearchControls.SUBTREE_SCOPE : SearchControls.ONELEVEL_SCOPE);
+		this.searchControls
+				.setSearchScope(searchSubtree ? SearchControls.SUBTREE_SCOPE : SearchControls.ONELEVEL_SCOPE);
 	}
 
 	/**
@@ -142,7 +143,7 @@ public class FilterBasedLdapUserSearch implements LdapUserSearch {
 	 * @param searchTimeLimit the time limit for the search (in milliseconds).
 	 */
 	public void setSearchTimeLimit(int searchTimeLimit) {
-		searchControls.setTimeLimit(searchTimeLimit);
+		this.searchControls.setTimeLimit(searchTimeLimit);
 	}
 
 	/**
@@ -154,19 +155,19 @@ public class FilterBasedLdapUserSearch implements LdapUserSearch {
 	 * returned. Can be null.
 	 */
 	public void setReturningAttributes(String[] attrs) {
-		searchControls.setReturningAttributes(attrs);
+		this.searchControls.setReturningAttributes(attrs);
 	}
 
 	@Override
 	public String toString() {
 		StringBuilder sb = new StringBuilder();
 
-		sb.append("[ searchFilter: '").append(searchFilter).append("', ");
-		sb.append("searchBase: '").append(searchBase).append("'");
-		sb.append(", scope: ")
-				.append(searchControls.getSearchScope() == SearchControls.SUBTREE_SCOPE ? "subtree" : "single-level, ");
-		sb.append(", searchTimeLimit: ").append(searchControls.getTimeLimit());
-		sb.append(", derefLinkFlag: ").append(searchControls.getDerefLinkFlag()).append(" ]");
+		sb.append("[ searchFilter: '").append(this.searchFilter).append("', ");
+		sb.append("searchBase: '").append(this.searchBase).append("'");
+		sb.append(", scope: ").append(
+				this.searchControls.getSearchScope() == SearchControls.SUBTREE_SCOPE ? "subtree" : "single-level, ");
+		sb.append(", searchTimeLimit: ").append(this.searchControls.getTimeLimit());
+		sb.append(", derefLinkFlag: ").append(this.searchControls.getDerefLinkFlag()).append(" ]");
 		return sb.toString();
 	}
 
diff --git a/ldap/src/main/java/org/springframework/security/ldap/server/ApacheDSContainer.java b/ldap/src/main/java/org/springframework/security/ldap/server/ApacheDSContainer.java
index 2424e98d51..d4a0bb628e 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/server/ApacheDSContainer.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/server/ApacheDSContainer.java
@@ -110,7 +110,7 @@ public class ApacheDSContainer implements InitializingBean, DisposableBean, Life
 
 	public ApacheDSContainer(String root, String ldifs) throws Exception {
 		this.ldifResources = ldifs;
-		service = new DefaultDirectoryService();
+		this.service = new DefaultDirectoryService();
 		List<Interceptor> list = new ArrayList<>();
 
 		list.add(new NormalizationInterceptor());
@@ -128,20 +128,20 @@ public class ApacheDSContainer implements InitializingBean, DisposableBean, Life
 		// list.add( new TriggerInterceptor() );
 		// list.add( new JournalInterceptor() );
 
-		service.setInterceptors(list);
-		partition = new JdbmPartition();
-		partition.setId("rootPartition");
-		partition.setSuffix(root);
+		this.service.setInterceptors(list);
+		this.partition = new JdbmPartition();
+		this.partition.setId("rootPartition");
+		this.partition.setSuffix(root);
 		this.root = root;
-		service.addPartition(partition);
-		service.setExitVmOnShutdown(false);
-		service.setShutdownHookEnabled(false);
-		service.getChangeLog().setEnabled(false);
-		service.setDenormalizeOpAttrsEnabled(true);
+		this.service.addPartition(this.partition);
+		this.service.setExitVmOnShutdown(false);
+		this.service.setShutdownHookEnabled(false);
+		this.service.getChangeLog().setEnabled(false);
+		this.service.setDenormalizeOpAttrsEnabled(true);
 	}
 
 	public void afterPropertiesSet() throws Exception {
-		if (workingDir == null) {
+		if (this.workingDir == null) {
 			String apacheWorkDir = System.getProperty("apacheDSWorkDir");
 
 			if (apacheWorkDir == null) {
@@ -154,17 +154,17 @@ public class ApacheDSContainer implements InitializingBean, DisposableBean, Life
 			throw new IllegalArgumentException("When LdapOverSsl is enabled, the keyStoreFile property must be set.");
 		}
 
-		server = new LdapServer();
-		server.setDirectoryService(service);
+		this.server = new LdapServer();
+		this.server.setDirectoryService(this.service);
 		// AbstractLdapIntegrationTests assume IPv4, so we specify the same here
 
-		this.transport = new TcpTransport(port);
-		if (ldapOverSslEnabled) {
-			transport.setEnableSSL(true);
-			server.setKeystoreFile(this.keyStoreFile.getAbsolutePath());
-			server.setCertificatePassword(this.certificatePassord);
+		this.transport = new TcpTransport(this.port);
+		if (this.ldapOverSslEnabled) {
+			this.transport.setEnableSSL(true);
+			this.server.setKeystoreFile(this.keyStoreFile.getAbsolutePath());
+			this.server.setCertificatePassword(this.certificatePassord);
 		}
-		server.setTransports(transport);
+		this.server.setTransports(this.transport);
 		start();
 	}
 
@@ -173,13 +173,13 @@ public class ApacheDSContainer implements InitializingBean, DisposableBean, Life
 	}
 
 	public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
-		ctxt = applicationContext;
+		this.ctxt = applicationContext;
 	}
 
 	public void setWorkingDirectory(File workingDir) {
 		Assert.notNull(workingDir, "workingDir cannot be null");
 
-		logger.info("Setting working directory for LDAP_PROVIDER: " + workingDir.getAbsolutePath());
+		this.logger.info("Setting working directory for LDAP_PROVIDER: " + workingDir.getAbsolutePath());
 
 		if (workingDir.exists()) {
 			throw new IllegalArgumentException("The specified working directory '" + workingDir.getAbsolutePath()
@@ -190,7 +190,7 @@ public class ApacheDSContainer implements InitializingBean, DisposableBean, Life
 
 		this.workingDir = workingDir;
 
-		service.setWorkingDirectory(workingDir);
+		this.service.setWorkingDirectory(workingDir);
 	}
 
 	public void setPort(int port) {
@@ -238,7 +238,7 @@ public class ApacheDSContainer implements InitializingBean, DisposableBean, Life
 	}
 
 	public DefaultDirectoryService getService() {
-		return service;
+		return this.service;
 	}
 
 	public void start() {
@@ -246,45 +246,45 @@ public class ApacheDSContainer implements InitializingBean, DisposableBean, Life
 			return;
 		}
 
-		if (service.isStarted()) {
+		if (this.service.isStarted()) {
 			throw new IllegalStateException("DirectoryService is already running.");
 		}
 
-		logger.info("Starting directory server...");
+		this.logger.info("Starting directory server...");
 		try {
-			service.startup();
-			server.start();
+			this.service.startup();
+			this.server.start();
 		}
 		catch (Exception e) {
 			throw new RuntimeException("Server startup failed", e);
 		}
 
 		try {
-			service.getAdminSession().lookup(partition.getSuffixDn());
+			this.service.getAdminSession().lookup(this.partition.getSuffixDn());
 		}
 		catch (LdapNameNotFoundException e) {
 			try {
-				LdapDN dn = new LdapDN(root);
-				Assert.isTrue(root.startsWith("dc="), "root must start with dc=");
-				String dc = root.substring(3, root.indexOf(','));
-				ServerEntry entry = service.newEntry(dn);
+				LdapDN dn = new LdapDN(this.root);
+				Assert.isTrue(this.root.startsWith("dc="), "root must start with dc=");
+				String dc = this.root.substring(3, this.root.indexOf(','));
+				ServerEntry entry = this.service.newEntry(dn);
 				entry.add("objectClass", "top", "domain", "extensibleObject");
 				entry.add("dc", dc);
-				service.getAdminSession().add(entry);
+				this.service.getAdminSession().add(entry);
 			}
 			catch (Exception e1) {
-				logger.error("Failed to create dc entry", e1);
+				this.logger.error("Failed to create dc entry", e1);
 			}
 		}
 		catch (Exception e) {
-			logger.error("Lookup failed", e);
+			this.logger.error("Lookup failed", e);
 		}
 
 		SocketAcceptor socketAcceptor = this.server.getSocketAcceptor(this.transport);
 		InetSocketAddress localAddress = socketAcceptor.getLocalAddress();
 		this.localPort = localAddress.getPort();
 
-		running = true;
+		this.running = true;
 
 		try {
 			importLdifs();
@@ -299,21 +299,21 @@ public class ApacheDSContainer implements InitializingBean, DisposableBean, Life
 			return;
 		}
 
-		logger.info("Shutting down directory server ...");
+		this.logger.info("Shutting down directory server ...");
 		try {
-			server.stop();
-			service.shutdown();
+			this.server.stop();
+			this.service.shutdown();
 		}
 		catch (Exception e) {
-			logger.error("Shutdown failed", e);
+			this.logger.error("Shutdown failed", e);
 			return;
 		}
 
-		running = false;
+		this.running = false;
 
-		if (workingDir.exists()) {
-			logger.info("Deleting working directory " + workingDir.getAbsolutePath());
-			deleteDir(workingDir);
+		if (this.workingDir.exists()) {
+			this.logger.info("Deleting working directory " + this.workingDir.getAbsolutePath());
+			deleteDir(this.workingDir);
 		}
 	}
 
@@ -321,12 +321,12 @@ public class ApacheDSContainer implements InitializingBean, DisposableBean, Life
 		// Import any ldif files
 		Resource[] ldifs;
 
-		if (ctxt == null) {
+		if (this.ctxt == null) {
 			// Not running within an app context
-			ldifs = new PathMatchingResourcePatternResolver().getResources(ldifResources);
+			ldifs = new PathMatchingResourcePatternResolver().getResources(this.ldifResources);
 		}
 		else {
-			ldifs = ctxt.getResources(ldifResources);
+			ldifs = this.ctxt.getResources(this.ldifResources);
 		}
 
 		// Note that we can't just import using the ServerContext returned
@@ -348,14 +348,14 @@ public class ApacheDSContainer implements InitializingBean, DisposableBean, Life
 			catch (IOException e) {
 				ldifFile = ldifs[0].getURI().toString();
 			}
-			logger.info("Loading LDIF file: " + ldifFile);
-			LdifFileLoader loader = new LdifFileLoader(service.getAdminSession(), new File(ldifFile), null,
+			this.logger.info("Loading LDIF file: " + ldifFile);
+			LdifFileLoader loader = new LdifFileLoader(this.service.getAdminSession(), new File(ldifFile), null,
 					getClass().getClassLoader());
 			loader.execute();
 		}
 		else {
 			throw new IllegalArgumentException("More than one LDIF resource found with the supplied pattern:"
-					+ ldifResources + " Got " + Arrays.toString(ldifs));
+					+ this.ldifResources + " Got " + Arrays.toString(ldifs));
 		}
 	}
 
@@ -391,7 +391,7 @@ public class ApacheDSContainer implements InitializingBean, DisposableBean, Life
 	}
 
 	public boolean isRunning() {
-		return running;
+		return this.running;
 	}
 
 }
diff --git a/ldap/src/main/java/org/springframework/security/ldap/userdetails/DefaultLdapAuthoritiesPopulator.java b/ldap/src/main/java/org/springframework/security/ldap/userdetails/DefaultLdapAuthoritiesPopulator.java
index f53807f665..6ec5f13606 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/userdetails/DefaultLdapAuthoritiesPopulator.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/userdetails/DefaultLdapAuthoritiesPopulator.java
@@ -246,7 +246,7 @@ public class DefaultLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator
 		}
 
 		for (Map<String, List<String>> role : userRoles) {
-			authorities.add(authorityMapper.apply(role));
+			authorities.add(this.authorityMapper.apply(role));
 		}
 
 		return authorities;
diff --git a/ldap/src/main/java/org/springframework/security/ldap/userdetails/InetOrgPerson.java b/ldap/src/main/java/org/springframework/security/ldap/userdetails/InetOrgPerson.java
index 4f28e05ae5..8aa9e47766 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/userdetails/InetOrgPerson.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/userdetails/InetOrgPerson.java
@@ -73,96 +73,96 @@ public class InetOrgPerson extends Person {
 	private String uid;
 
 	public String getUid() {
-		return uid;
+		return this.uid;
 	}
 
 	public String getMail() {
-		return mail;
+		return this.mail;
 	}
 
 	public String getEmployeeNumber() {
-		return employeeNumber;
+		return this.employeeNumber;
 	}
 
 	public String getInitials() {
-		return initials;
+		return this.initials;
 	}
 
 	public String getDestinationIndicator() {
-		return destinationIndicator;
+		return this.destinationIndicator;
 	}
 
 	public String getO() {
-		return o;
+		return this.o;
 	}
 
 	public String getOu() {
-		return ou;
+		return this.ou;
 	}
 
 	public String getTitle() {
-		return title;
+		return this.title;
 	}
 
 	public String getCarLicense() {
-		return carLicense;
+		return this.carLicense;
 	}
 
 	public String getDepartmentNumber() {
-		return departmentNumber;
+		return this.departmentNumber;
 	}
 
 	public String getDisplayName() {
-		return displayName;
+		return this.displayName;
 	}
 
 	public String getHomePhone() {
-		return homePhone;
+		return this.homePhone;
 	}
 
 	public String getRoomNumber() {
-		return roomNumber;
+		return this.roomNumber;
 	}
 
 	public String getHomePostalAddress() {
-		return homePostalAddress;
+		return this.homePostalAddress;
 	}
 
 	public String getMobile() {
-		return mobile;
+		return this.mobile;
 	}
 
 	public String getPostalAddress() {
-		return postalAddress;
+		return this.postalAddress;
 	}
 
 	public String getPostalCode() {
-		return postalCode;
+		return this.postalCode;
 	}
 
 	public String getStreet() {
-		return street;
+		return this.street;
 	}
 
 	protected void populateContext(DirContextAdapter adapter) {
 		super.populateContext(adapter);
-		adapter.setAttributeValue("carLicense", carLicense);
-		adapter.setAttributeValue("departmentNumber", departmentNumber);
-		adapter.setAttributeValue("destinationIndicator", destinationIndicator);
-		adapter.setAttributeValue("displayName", displayName);
-		adapter.setAttributeValue("employeeNumber", employeeNumber);
-		adapter.setAttributeValue("homePhone", homePhone);
-		adapter.setAttributeValue("homePostalAddress", homePostalAddress);
-		adapter.setAttributeValue("initials", initials);
-		adapter.setAttributeValue("mail", mail);
-		adapter.setAttributeValue("mobile", mobile);
-		adapter.setAttributeValue("postalAddress", postalAddress);
-		adapter.setAttributeValue("postalCode", postalCode);
-		adapter.setAttributeValue("ou", ou);
-		adapter.setAttributeValue("o", o);
-		adapter.setAttributeValue("roomNumber", roomNumber);
-		adapter.setAttributeValue("street", street);
-		adapter.setAttributeValue("uid", uid);
+		adapter.setAttributeValue("carLicense", this.carLicense);
+		adapter.setAttributeValue("departmentNumber", this.departmentNumber);
+		adapter.setAttributeValue("destinationIndicator", this.destinationIndicator);
+		adapter.setAttributeValue("displayName", this.displayName);
+		adapter.setAttributeValue("employeeNumber", this.employeeNumber);
+		adapter.setAttributeValue("homePhone", this.homePhone);
+		adapter.setAttributeValue("homePostalAddress", this.homePostalAddress);
+		adapter.setAttributeValue("initials", this.initials);
+		adapter.setAttributeValue("mail", this.mail);
+		adapter.setAttributeValue("mobile", this.mobile);
+		adapter.setAttributeValue("postalAddress", this.postalAddress);
+		adapter.setAttributeValue("postalCode", this.postalCode);
+		adapter.setAttributeValue("ou", this.ou);
+		adapter.setAttributeValue("o", this.o);
+		adapter.setAttributeValue("roomNumber", this.roomNumber);
+		adapter.setAttributeValue("street", this.street);
+		adapter.setAttributeValue("uid", this.uid);
 		adapter.setAttributeValues("objectclass",
 				new String[] { "top", "person", "organizationalPerson", "inetOrgPerson" });
 	}
@@ -221,79 +221,79 @@ public class InetOrgPerson extends Person {
 		}
 
 		public void setMail(String email) {
-			((InetOrgPerson) instance).mail = email;
+			((InetOrgPerson) this.instance).mail = email;
 		}
 
 		public void setUid(String uid) {
-			((InetOrgPerson) instance).uid = uid;
+			((InetOrgPerson) this.instance).uid = uid;
 
-			if (instance.getUsername() == null) {
+			if (this.instance.getUsername() == null) {
 				setUsername(uid);
 			}
 		}
 
 		public void setInitials(String initials) {
-			((InetOrgPerson) instance).initials = initials;
+			((InetOrgPerson) this.instance).initials = initials;
 		}
 
 		public void setO(String organization) {
-			((InetOrgPerson) instance).o = organization;
+			((InetOrgPerson) this.instance).o = organization;
 		}
 
 		public void setOu(String ou) {
-			((InetOrgPerson) instance).ou = ou;
+			((InetOrgPerson) this.instance).ou = ou;
 		}
 
 		public void setRoomNumber(String no) {
-			((InetOrgPerson) instance).roomNumber = no;
+			((InetOrgPerson) this.instance).roomNumber = no;
 		}
 
 		public void setTitle(String title) {
-			((InetOrgPerson) instance).title = title;
+			((InetOrgPerson) this.instance).title = title;
 		}
 
 		public void setCarLicense(String carLicense) {
-			((InetOrgPerson) instance).carLicense = carLicense;
+			((InetOrgPerson) this.instance).carLicense = carLicense;
 		}
 
 		public void setDepartmentNumber(String departmentNumber) {
-			((InetOrgPerson) instance).departmentNumber = departmentNumber;
+			((InetOrgPerson) this.instance).departmentNumber = departmentNumber;
 		}
 
 		public void setDisplayName(String displayName) {
-			((InetOrgPerson) instance).displayName = displayName;
+			((InetOrgPerson) this.instance).displayName = displayName;
 		}
 
 		public void setEmployeeNumber(String no) {
-			((InetOrgPerson) instance).employeeNumber = no;
+			((InetOrgPerson) this.instance).employeeNumber = no;
 		}
 
 		public void setDestinationIndicator(String destination) {
-			((InetOrgPerson) instance).destinationIndicator = destination;
+			((InetOrgPerson) this.instance).destinationIndicator = destination;
 		}
 
 		public void setHomePhone(String homePhone) {
-			((InetOrgPerson) instance).homePhone = homePhone;
+			((InetOrgPerson) this.instance).homePhone = homePhone;
 		}
 
 		public void setStreet(String street) {
-			((InetOrgPerson) instance).street = street;
+			((InetOrgPerson) this.instance).street = street;
 		}
 
 		public void setPostalCode(String postalCode) {
-			((InetOrgPerson) instance).postalCode = postalCode;
+			((InetOrgPerson) this.instance).postalCode = postalCode;
 		}
 
 		public void setPostalAddress(String postalAddress) {
-			((InetOrgPerson) instance).postalAddress = postalAddress;
+			((InetOrgPerson) this.instance).postalAddress = postalAddress;
 		}
 
 		public void setMobile(String mobile) {
-			((InetOrgPerson) instance).mobile = mobile;
+			((InetOrgPerson) this.instance).mobile = mobile;
 		}
 
 		public void setHomePostalAddress(String homePostalAddress) {
-			((InetOrgPerson) instance).homePostalAddress = homePostalAddress;
+			((InetOrgPerson) this.instance).homePostalAddress = homePostalAddress;
 		}
 
 	}
diff --git a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapAuthority.java b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapAuthority.java
index fba5560f2d..98fe382fab 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapAuthority.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapAuthority.java
@@ -65,7 +65,7 @@ public class LdapAuthority implements GrantedAuthority {
 	 * @return the LDAP attributes, map can be null
 	 */
 	public Map<String, List<String>> getAttributes() {
-		return attributes;
+		return this.attributes;
 	}
 
 	/**
@@ -73,7 +73,7 @@ public class LdapAuthority implements GrantedAuthority {
 	 * @return
 	 */
 	public String getDn() {
-		return dn;
+		return this.dn;
 	}
 
 	/**
@@ -83,8 +83,8 @@ public class LdapAuthority implements GrantedAuthority {
 	 */
 	public List<String> getAttributeValues(String name) {
 		List<String> result = null;
-		if (attributes != null) {
-			result = attributes.get(name);
+		if (this.attributes != null) {
+			result = this.attributes.get(name);
 		}
 		if (result == null) {
 			result = Collections.emptyList();
@@ -112,7 +112,7 @@ public class LdapAuthority implements GrantedAuthority {
 	 */
 	@Override
 	public String getAuthority() {
-		return role;
+		return this.role;
 	}
 
 	/**
@@ -130,22 +130,22 @@ public class LdapAuthority implements GrantedAuthority {
 
 		LdapAuthority that = (LdapAuthority) o;
 
-		if (!dn.equals(that.dn)) {
+		if (!this.dn.equals(that.dn)) {
 			return false;
 		}
-		return role.equals(that.role);
+		return this.role.equals(that.role);
 	}
 
 	@Override
 	public int hashCode() {
-		int result = dn.hashCode();
-		result = 31 * result + (role != null ? role.hashCode() : 0);
+		int result = this.dn.hashCode();
+		result = 31 * result + (this.role != null ? this.role.hashCode() : 0);
 		return result;
 	}
 
 	@Override
 	public String toString() {
-		return "LdapAuthority{" + "dn='" + dn + '\'' + ", role='" + role + '\'' + '}';
+		return "LdapAuthority{" + "dn='" + this.dn + '\'' + ", role='" + this.role + '\'' + '}';
 	}
 
 }
diff --git a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsImpl.java b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsImpl.java
index 812f637d87..8985e401af 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsImpl.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsImpl.java
@@ -77,77 +77,77 @@ public class LdapUserDetailsImpl implements LdapUserDetails, PasswordPolicyData
 
 	@Override
 	public Collection<GrantedAuthority> getAuthorities() {
-		return authorities;
+		return this.authorities;
 	}
 
 	@Override
 	public String getDn() {
-		return dn;
+		return this.dn;
 	}
 
 	@Override
 	public String getPassword() {
-		return password;
+		return this.password;
 	}
 
 	@Override
 	public String getUsername() {
-		return username;
+		return this.username;
 	}
 
 	@Override
 	public boolean isAccountNonExpired() {
-		return accountNonExpired;
+		return this.accountNonExpired;
 	}
 
 	@Override
 	public boolean isAccountNonLocked() {
-		return accountNonLocked;
+		return this.accountNonLocked;
 	}
 
 	@Override
 	public boolean isCredentialsNonExpired() {
-		return credentialsNonExpired;
+		return this.credentialsNonExpired;
 	}
 
 	@Override
 	public boolean isEnabled() {
-		return enabled;
+		return this.enabled;
 	}
 
 	@Override
 	public void eraseCredentials() {
-		password = null;
+		this.password = null;
 	}
 
 	@Override
 	public int getTimeBeforeExpiration() {
-		return timeBeforeExpiration;
+		return this.timeBeforeExpiration;
 	}
 
 	@Override
 	public int getGraceLoginsRemaining() {
-		return graceLoginsRemaining;
+		return this.graceLoginsRemaining;
 	}
 
 	@Override
 	public boolean equals(Object obj) {
 		if (obj instanceof LdapUserDetailsImpl) {
-			return dn.equals(((LdapUserDetailsImpl) obj).dn);
+			return this.dn.equals(((LdapUserDetailsImpl) obj).dn);
 		}
 		return false;
 	}
 
 	@Override
 	public int hashCode() {
-		return dn.hashCode();
+		return this.dn.hashCode();
 	}
 
 	@Override
 	public String toString() {
 		StringBuilder sb = new StringBuilder();
 		sb.append(super.toString()).append(": ");
-		sb.append("Dn: ").append(dn).append("; ");
+		sb.append("Dn: ").append(this.dn).append("; ");
 		sb.append("Username: ").append(this.username).append("; ");
 		sb.append("Password: [PROTECTED]; ");
 		sb.append("Enabled: ").append(this.enabled).append("; ");
@@ -214,12 +214,12 @@ public class LdapUserDetailsImpl implements LdapUserDetails, PasswordPolicyData
 		 */
 		public void addAuthority(GrantedAuthority a) {
 			if (!hasAuthority(a)) {
-				mutableAuthorities.add(a);
+				this.mutableAuthorities.add(a);
 			}
 		}
 
 		private boolean hasAuthority(GrantedAuthority a) {
-			for (GrantedAuthority authority : mutableAuthorities) {
+			for (GrantedAuthority authority : this.mutableAuthorities) {
 				if (authority.equals(a)) {
 					return true;
 				}
@@ -228,66 +228,66 @@ public class LdapUserDetailsImpl implements LdapUserDetails, PasswordPolicyData
 		}
 
 		public LdapUserDetails createUserDetails() {
-			Assert.notNull(instance, "Essence can only be used to create a single instance");
-			Assert.notNull(instance.username, "username must not be null");
-			Assert.notNull(instance.getDn(), "Distinguished name must not be null");
+			Assert.notNull(this.instance, "Essence can only be used to create a single instance");
+			Assert.notNull(this.instance.username, "username must not be null");
+			Assert.notNull(this.instance.getDn(), "Distinguished name must not be null");
 
-			instance.authorities = Collections.unmodifiableList(mutableAuthorities);
+			this.instance.authorities = Collections.unmodifiableList(this.mutableAuthorities);
 
-			LdapUserDetails newInstance = instance;
+			LdapUserDetails newInstance = this.instance;
 
-			instance = null;
+			this.instance = null;
 
 			return newInstance;
 		}
 
 		public Collection<GrantedAuthority> getGrantedAuthorities() {
-			return mutableAuthorities;
+			return this.mutableAuthorities;
 		}
 
 		public void setAccountNonExpired(boolean accountNonExpired) {
-			instance.accountNonExpired = accountNonExpired;
+			this.instance.accountNonExpired = accountNonExpired;
 		}
 
 		public void setAccountNonLocked(boolean accountNonLocked) {
-			instance.accountNonLocked = accountNonLocked;
+			this.instance.accountNonLocked = accountNonLocked;
 		}
 
 		public void setAuthorities(Collection<? extends GrantedAuthority> authorities) {
-			mutableAuthorities = new ArrayList<>();
-			mutableAuthorities.addAll(authorities);
+			this.mutableAuthorities = new ArrayList<>();
+			this.mutableAuthorities.addAll(authorities);
 		}
 
 		public void setCredentialsNonExpired(boolean credentialsNonExpired) {
-			instance.credentialsNonExpired = credentialsNonExpired;
+			this.instance.credentialsNonExpired = credentialsNonExpired;
 		}
 
 		public void setDn(String dn) {
-			instance.dn = dn;
+			this.instance.dn = dn;
 		}
 
 		public void setDn(Name dn) {
-			instance.dn = dn.toString();
+			this.instance.dn = dn.toString();
 		}
 
 		public void setEnabled(boolean enabled) {
-			instance.enabled = enabled;
+			this.instance.enabled = enabled;
 		}
 
 		public void setPassword(String password) {
-			instance.password = password;
+			this.instance.password = password;
 		}
 
 		public void setUsername(String username) {
-			instance.username = username;
+			this.instance.username = username;
 		}
 
 		public void setTimeBeforeExpiration(int timeBeforeExpiration) {
-			instance.timeBeforeExpiration = timeBeforeExpiration;
+			this.instance.timeBeforeExpiration = timeBeforeExpiration;
 		}
 
 		public void setGraceLoginsRemaining(int graceLoginsRemaining) {
-			instance.graceLoginsRemaining = graceLoginsRemaining;
+			this.instance.graceLoginsRemaining = graceLoginsRemaining;
 		}
 
 	}
diff --git a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsManager.java b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsManager.java
index 45a25cbe9d..e44d8df42d 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsManager.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsManager.java
@@ -114,14 +114,14 @@ public class LdapUserDetailsManager implements UserDetailsManager {
 
 	/** Default context mapper used to create a set of roles from a list of attributes */
 	private AttributesMapper roleMapper = attributes -> {
-		Attribute roleAttr = attributes.get(groupRoleAttributeName);
+		Attribute roleAttr = attributes.get(this.groupRoleAttributeName);
 
 		NamingEnumeration<?> ne = roleAttr.getAll();
 		// assert ne.hasMore();
 		Object group = ne.next();
 		String role = group.toString();
 
-		return new SimpleGrantedAuthority(rolePrefix + role.toUpperCase());
+		return new SimpleGrantedAuthority(this.rolePrefix + role.toUpperCase());
 	};
 
 	private String[] attributesToRetrieve;
@@ -129,24 +129,24 @@ public class LdapUserDetailsManager implements UserDetailsManager {
 	private boolean usePasswordModifyExtensionOperation = false;
 
 	public LdapUserDetailsManager(ContextSource contextSource) {
-		template = new LdapTemplate(contextSource);
+		this.template = new LdapTemplate(contextSource);
 	}
 
 	public UserDetails loadUserByUsername(String username) {
-		DistinguishedName dn = usernameMapper.buildDn(username);
+		DistinguishedName dn = this.usernameMapper.buildDn(username);
 		List<GrantedAuthority> authorities = getUserAuthorities(dn, username);
 
-		logger.debug("Loading user '" + username + "' with DN '" + dn + "'");
+		this.logger.debug("Loading user '" + username + "' with DN '" + dn + "'");
 
 		DirContextAdapter userCtx = loadUserAsContext(dn, username);
 
-		return userDetailsMapper.mapUserFromContext(userCtx, username, authorities);
+		return this.userDetailsMapper.mapUserFromContext(userCtx, username, authorities);
 	}
 
 	private DirContextAdapter loadUserAsContext(final DistinguishedName dn, final String username) {
-		return (DirContextAdapter) template.executeReadOnly((ContextExecutor) ctx -> {
+		return (DirContextAdapter) this.template.executeReadOnly((ContextExecutor) ctx -> {
 			try {
-				Attributes attrs = ctx.getAttributes(dn, attributesToRetrieve);
+				Attributes attrs = ctx.getAttributes(dn, this.attributesToRetrieve);
 				return new DirContextAdapter(attrs, LdapUtils.getFullDn(dn, ctx));
 			}
 			catch (NameNotFoundException notFound) {
@@ -187,11 +187,11 @@ public class LdapUserDetailsManager implements UserDetailsManager {
 
 		String username = authentication.getName();
 
-		logger.debug("Changing password for user '" + username);
+		this.logger.debug("Changing password for user '" + username);
 
-		DistinguishedName userDn = usernameMapper.buildDn(username);
+		DistinguishedName userDn = this.usernameMapper.buildDn(username);
 
-		if (usePasswordModifyExtensionOperation) {
+		if (this.usePasswordModifyExtensionOperation) {
 			changePasswordUsingExtensionOperation(userDn, oldPassword, newPassword);
 		}
 		else {
@@ -210,25 +210,26 @@ public class LdapUserDetailsManager implements UserDetailsManager {
 		SearchExecutor se = ctx -> {
 			DistinguishedName fullDn = LdapUtils.getFullDn(dn, ctx);
 			SearchControls ctrls = new SearchControls();
-			ctrls.setReturningAttributes(new String[] { groupRoleAttributeName });
+			ctrls.setReturningAttributes(new String[] { this.groupRoleAttributeName });
 
-			return ctx.search(groupSearchBase, groupSearchFilter, new String[] { fullDn.toUrl(), username }, ctrls);
+			return ctx.search(this.groupSearchBase, this.groupSearchFilter, new String[] { fullDn.toUrl(), username },
+					ctrls);
 		};
 
-		AttributesMapperCallbackHandler roleCollector = new AttributesMapperCallbackHandler(roleMapper);
+		AttributesMapperCallbackHandler roleCollector = new AttributesMapperCallbackHandler(this.roleMapper);
 
-		template.search(se, roleCollector);
+		this.template.search(se, roleCollector);
 		return roleCollector.getList();
 	}
 
 	public void createUser(UserDetails user) {
 		DirContextAdapter ctx = new DirContextAdapter();
 		copyToContext(user, ctx);
-		DistinguishedName dn = usernameMapper.buildDn(user.getUsername());
+		DistinguishedName dn = this.usernameMapper.buildDn(user.getUsername());
 
-		logger.debug("Creating new user '" + user.getUsername() + "' with DN '" + dn + "'");
+		this.logger.debug("Creating new user '" + user.getUsername() + "' with DN '" + dn + "'");
 
-		template.bind(dn, ctx, null);
+		this.template.bind(dn, ctx, null);
 
 		// Check for any existing authorities which might be set for this DN and remove
 		// them
@@ -242,9 +243,9 @@ public class LdapUserDetailsManager implements UserDetailsManager {
 	}
 
 	public void updateUser(UserDetails user) {
-		DistinguishedName dn = usernameMapper.buildDn(user.getUsername());
+		DistinguishedName dn = this.usernameMapper.buildDn(user.getUsername());
 
-		logger.debug("Updating user '" + user.getUsername() + "' with DN '" + dn + "'");
+		this.logger.debug("Updating user '" + user.getUsername() + "' with DN '" + dn + "'");
 
 		List<GrantedAuthority> authorities = getUserAuthorities(dn, user.getUsername());
 
@@ -264,7 +265,7 @@ public class LdapUserDetailsManager implements UserDetailsManager {
 			}
 		}
 
-		template.modifyAttributes(dn, mods.toArray(new ModificationItem[0]));
+		this.template.modifyAttributes(dn, mods.toArray(new ModificationItem[0]));
 
 		// template.rebind(dn, ctx, null);
 		// Remove the old authorities and replace them with the new one
@@ -273,16 +274,16 @@ public class LdapUserDetailsManager implements UserDetailsManager {
 	}
 
 	public void deleteUser(String username) {
-		DistinguishedName dn = usernameMapper.buildDn(username);
+		DistinguishedName dn = this.usernameMapper.buildDn(username);
 		removeAuthorities(dn, getUserAuthorities(dn, username));
-		template.unbind(dn);
+		this.template.unbind(dn);
 	}
 
 	public boolean userExists(String username) {
-		DistinguishedName dn = usernameMapper.buildDn(username);
+		DistinguishedName dn = this.usernameMapper.buildDn(username);
 
 		try {
-			Object obj = template.lookup(dn);
+			Object obj = this.template.lookup(dn);
 			if (obj instanceof Context) {
 				LdapUtils.closeContext((Context) obj);
 			}
@@ -299,14 +300,14 @@ public class LdapUserDetailsManager implements UserDetailsManager {
 	 * @return the DN of the corresponding group, including the groupSearchBase
 	 */
 	protected DistinguishedName buildGroupDn(String group) {
-		DistinguishedName dn = new DistinguishedName(groupSearchBase);
-		dn.add(groupRoleAttributeName, group.toLowerCase());
+		DistinguishedName dn = new DistinguishedName(this.groupSearchBase);
+		dn.add(this.groupRoleAttributeName, group.toLowerCase());
 
 		return dn;
 	}
 
 	protected void copyToContext(UserDetails user, DirContextAdapter ctx) {
-		userDetailsMapper.mapUserToContext(user, ctx);
+		this.userDetailsMapper.mapUserToContext(user, ctx);
 	}
 
 	protected void addAuthorities(DistinguishedName userDn, Collection<? extends GrantedAuthority> authorities) {
@@ -319,12 +320,12 @@ public class LdapUserDetailsManager implements UserDetailsManager {
 
 	private void modifyAuthorities(final DistinguishedName userDn,
 			final Collection<? extends GrantedAuthority> authorities, final int modType) {
-		template.executeReadWrite((ContextExecutor) ctx -> {
+		this.template.executeReadWrite((ContextExecutor) ctx -> {
 			for (GrantedAuthority authority : authorities) {
 				String group = convertAuthorityToGroup(authority);
 				DistinguishedName fullDn = LdapUtils.getFullDn(userDn, ctx);
 				ModificationItem addGroup = new ModificationItem(modType,
-						new BasicAttribute(groupMemberAttributeName, fullDn.toUrl()));
+						new BasicAttribute(this.groupMemberAttributeName, fullDn.toUrl()));
 
 				ctx.modifyAttributes(buildGroupDn(group), new ModificationItem[] { addGroup });
 			}
@@ -335,8 +336,8 @@ public class LdapUserDetailsManager implements UserDetailsManager {
 	private String convertAuthorityToGroup(GrantedAuthority authority) {
 		String group = authority.getAuthority();
 
-		if (group.startsWith(rolePrefix)) {
-			group = group.substring(rolePrefix.length());
+		if (group.startsWith(this.rolePrefix)) {
+			group = group.substring(this.rolePrefix.length());
 		}
 
 		return group;
@@ -413,14 +414,14 @@ public class LdapUserDetailsManager implements UserDetailsManager {
 			String newPassword) {
 
 		final ModificationItem[] passwordChange = new ModificationItem[] { new ModificationItem(
-				DirContext.REPLACE_ATTRIBUTE, new BasicAttribute(passwordAttributeName, newPassword)) };
+				DirContext.REPLACE_ATTRIBUTE, new BasicAttribute(this.passwordAttributeName, newPassword)) };
 
 		if (oldPassword == null) {
-			template.modifyAttributes(userDn, passwordChange);
+			this.template.modifyAttributes(userDn, passwordChange);
 			return;
 		}
 
-		template.executeReadWrite(dirCtx -> {
+		this.template.executeReadWrite(dirCtx -> {
 			LdapContext ctx = (LdapContext) dirCtx;
 			ctx.removeFromEnvironment("com.sun.jndi.ldap.connect.pool");
 			ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, LdapUtils.getFullDn(userDn, ctx).toString());
@@ -443,7 +444,7 @@ public class LdapUserDetailsManager implements UserDetailsManager {
 	private void changePasswordUsingExtensionOperation(DistinguishedName userDn, String oldPassword,
 			String newPassword) {
 
-		template.executeReadWrite(dirCtx -> {
+		this.template.executeReadWrite(dirCtx -> {
 			LdapContext ctx = (LdapContext) dirCtx;
 
 			String userIdentity = LdapUtils.getFullDn(userDn, ctx).encode();
diff --git a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsService.java b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsService.java
index a02f714b94..d40111cbf9 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsService.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsService.java
@@ -54,10 +54,10 @@ public class LdapUserDetailsService implements UserDetailsService {
 	}
 
 	public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
-		DirContextOperations userData = userSearch.searchForUser(username);
+		DirContextOperations userData = this.userSearch.searchForUser(username);
 
-		return userDetailsMapper.mapUserFromContext(userData, username,
-				authoritiesPopulator.getGrantedAuthorities(userData, username));
+		return this.userDetailsMapper.mapUserFromContext(userData, username,
+				this.authoritiesPopulator.getGrantedAuthorities(userData, username));
 	}
 
 	public void setUserDetailsMapper(UserDetailsContextMapper userDetailsMapper) {
diff --git a/ldap/src/main/java/org/springframework/security/ldap/userdetails/Person.java b/ldap/src/main/java/org/springframework/security/ldap/userdetails/Person.java
index 36b5d6fef2..4237757c60 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/userdetails/Person.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/userdetails/Person.java
@@ -50,28 +50,28 @@ public class Person extends LdapUserDetailsImpl {
 	}
 
 	public String getGivenName() {
-		return givenName;
+		return this.givenName;
 	}
 
 	public String getSn() {
-		return sn;
+		return this.sn;
 	}
 
 	public String[] getCn() {
-		return cn.toArray(new String[0]);
+		return this.cn.toArray(new String[0]);
 	}
 
 	public String getDescription() {
-		return description;
+		return this.description;
 	}
 
 	public String getTelephoneNumber() {
-		return telephoneNumber;
+		return this.telephoneNumber;
 	}
 
 	protected void populateContext(DirContextAdapter adapter) {
-		adapter.setAttributeValue("givenName", givenName);
-		adapter.setAttributeValue("sn", sn);
+		adapter.setAttributeValue("givenName", this.givenName);
+		adapter.setAttributeValue("sn", this.sn);
 		adapter.setAttributeValues("cn", getCn());
 		adapter.setAttributeValue("description", getDescription());
 		adapter.setAttributeValue("telephoneNumber", getTelephoneNumber());
@@ -108,7 +108,7 @@ public class Person extends LdapUserDetailsImpl {
 			setSn(copyMe.sn);
 			setDescription(copyMe.getDescription());
 			setTelephoneNumber(copyMe.getTelephoneNumber());
-			((Person) instance).cn = new ArrayList<>(copyMe.cn);
+			((Person) this.instance).cn = new ArrayList<>(copyMe.cn);
 		}
 
 		protected LdapUserDetailsImpl createTarget() {
@@ -116,27 +116,27 @@ public class Person extends LdapUserDetailsImpl {
 		}
 
 		public void setGivenName(String givenName) {
-			((Person) instance).givenName = givenName;
+			((Person) this.instance).givenName = givenName;
 		}
 
 		public void setSn(String sn) {
-			((Person) instance).sn = sn;
+			((Person) this.instance).sn = sn;
 		}
 
 		public void setCn(String[] cn) {
-			((Person) instance).cn = Arrays.asList(cn);
+			((Person) this.instance).cn = Arrays.asList(cn);
 		}
 
 		public void addCn(String value) {
-			((Person) instance).cn.add(value);
+			((Person) this.instance).cn.add(value);
 		}
 
 		public void setTelephoneNumber(String tel) {
-			((Person) instance).telephoneNumber = tel;
+			((Person) this.instance).telephoneNumber = tel;
 		}
 
 		public void setDescription(String desc) {
-			((Person) instance).description = desc;
+			((Person) this.instance).description = desc;
 		}
 
 		public LdapUserDetails createUserDetails() {
diff --git a/ldap/src/test/java/org/springframework/security/ldap/SpringSecurityLdapTemplateTests.java b/ldap/src/test/java/org/springframework/security/ldap/SpringSecurityLdapTemplateTests.java
index 06f9bd79e7..069a4561db 100644
--- a/ldap/src/test/java/org/springframework/security/ldap/SpringSecurityLdapTemplateTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/SpringSecurityLdapTemplateTests.java
@@ -60,15 +60,16 @@ public class SpringSecurityLdapTemplateTests {
 		Object[] params = new Object[] {};
 		DirContextAdapter searchResultObject = mock(DirContextAdapter.class);
 
-		when(ctx.search(any(DistinguishedName.class), eq(filter), eq(params), searchControls.capture()))
-				.thenReturn(resultsEnum);
-		when(resultsEnum.hasMore()).thenReturn(true, false);
-		when(resultsEnum.next()).thenReturn(searchResult);
-		when(searchResult.getObject()).thenReturn(searchResultObject);
+		when(this.ctx.search(any(DistinguishedName.class), eq(filter), eq(params), this.searchControls.capture()))
+				.thenReturn(this.resultsEnum);
+		when(this.resultsEnum.hasMore()).thenReturn(true, false);
+		when(this.resultsEnum.next()).thenReturn(this.searchResult);
+		when(this.searchResult.getObject()).thenReturn(searchResultObject);
 
-		SpringSecurityLdapTemplate.searchForSingleEntryInternal(ctx, mock(SearchControls.class), base, filter, params);
+		SpringSecurityLdapTemplate.searchForSingleEntryInternal(this.ctx, mock(SearchControls.class), base, filter,
+				params);
 
-		assertThat(searchControls.getValue().getReturningObjFlag()).isTrue();
+		assertThat(this.searchControls.getValue().getReturningObjFlag()).isTrue();
 	}
 
 }
diff --git a/ldap/src/test/java/org/springframework/security/ldap/authentication/LdapAuthenticationProviderTests.java b/ldap/src/test/java/org/springframework/security/ldap/authentication/LdapAuthenticationProviderTests.java
index 0518c1ba00..7bf18ee4e2 100644
--- a/ldap/src/test/java/org/springframework/security/ldap/authentication/LdapAuthenticationProviderTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/authentication/LdapAuthenticationProviderTests.java
@@ -212,7 +212,7 @@ public class LdapAuthenticationProviderTests {
 		}
 
 		String getRequestedUsername() {
-			return username;
+			return this.username;
 		}
 
 	}
diff --git a/ldap/src/test/java/org/springframework/security/ldap/authentication/MockUserSearch.java b/ldap/src/test/java/org/springframework/security/ldap/authentication/MockUserSearch.java
index 8a147d39de..3e4cd05135 100644
--- a/ldap/src/test/java/org/springframework/security/ldap/authentication/MockUserSearch.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/authentication/MockUserSearch.java
@@ -34,7 +34,7 @@ public class MockUserSearch implements LdapUserSearch {
 	}
 
 	public DirContextOperations searchForUser(String username) {
-		return user;
+		return this.user;
 	}
 
 }
diff --git a/ldap/src/test/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProviderTests.java b/ldap/src/test/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProviderTests.java
index 539256359b..de9defc321 100644
--- a/ldap/src/test/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProviderTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProviderTests.java
@@ -79,18 +79,18 @@ public class ActiveDirectoryLdapAuthenticationProviderTests {
 
 	@Before
 	public void setUp() {
-		provider = new ActiveDirectoryLdapAuthenticationProvider("mydomain.eu", "ldap://192.168.1.200/");
+		this.provider = new ActiveDirectoryLdapAuthenticationProvider("mydomain.eu", "ldap://192.168.1.200/");
 	}
 
 	@Test
 	public void bindPrincipalIsCreatedCorrectly() {
-		assertThat(provider.createBindPrincipal("joe")).isEqualTo("joe@mydomain.eu");
-		assertThat(provider.createBindPrincipal("joe@mydomain.eu")).isEqualTo("joe@mydomain.eu");
+		assertThat(this.provider.createBindPrincipal("joe")).isEqualTo("joe@mydomain.eu");
+		assertThat(this.provider.createBindPrincipal("joe@mydomain.eu")).isEqualTo("joe@mydomain.eu");
 	}
 
 	@Test
 	public void successfulAuthenticationProducesExpectedAuthorities() throws Exception {
-		checkAuthentication("dc=mydomain,dc=eu", provider);
+		checkAuthentication("dc=mydomain,dc=eu", this.provider);
 	}
 
 	// SEC-1915
@@ -113,7 +113,7 @@ public class ActiveDirectoryLdapAuthenticationProviderTests {
 
 		// when
 		customProvider.setSearchFilter(customSearchFilter);
-		Authentication result = customProvider.authenticate(joe);
+		Authentication result = customProvider.authenticate(this.joe);
 
 		// then
 		assertThat(result.isAuthenticated()).isTrue();
@@ -137,7 +137,7 @@ public class ActiveDirectoryLdapAuthenticationProviderTests {
 		customProvider.contextFactory = createContextFactoryReturning(ctx);
 
 		// when
-		Authentication result = customProvider.authenticate(joe);
+		Authentication result = customProvider.authenticate(this.joe);
 
 		// then
 		assertThat(result.isAuthenticated()).isTrue();
@@ -165,7 +165,7 @@ public class ActiveDirectoryLdapAuthenticationProviderTests {
 		customProvider.contextFactory = createContextFactoryReturning(ctx);
 
 		// when
-		Authentication result = customProvider.authenticate(joe);
+		Authentication result = customProvider.authenticate(this.joe);
 
 		// then
 		assertThat(captor.getValue()).containsExactly("joe@mydomain.eu", "joe");
@@ -174,17 +174,17 @@ public class ActiveDirectoryLdapAuthenticationProviderTests {
 
 	@Test(expected = IllegalArgumentException.class)
 	public void setSearchFilterNull() {
-		provider.setSearchFilter(null);
+		this.provider.setSearchFilter(null);
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void setSearchFilterEmpty() {
-		provider.setSearchFilter(" ");
+		this.provider.setSearchFilter(" ");
 	}
 
 	@Test
 	public void nullDomainIsSupportedIfAuthenticatingWithFullUserPrincipal() throws Exception {
-		provider = new ActiveDirectoryLdapAuthenticationProvider(null, "ldap://192.168.1.200/");
+		this.provider = new ActiveDirectoryLdapAuthenticationProvider(null, "ldap://192.168.1.200/");
 		DirContext ctx = mock(DirContext.class);
 		when(ctx.getNameInNamespace()).thenReturn("");
 
@@ -192,16 +192,16 @@ public class ActiveDirectoryLdapAuthenticationProviderTests {
 		SearchResult sr = new SearchResult("CN=Joe Jannsen,CN=Users", dca, dca.getAttributes());
 		when(ctx.search(eq(new DistinguishedName("DC=mydomain,DC=eu")), any(String.class), any(Object[].class),
 				any(SearchControls.class))).thenReturn(new MockNamingEnumeration(sr));
-		provider.contextFactory = createContextFactoryReturning(ctx);
+		this.provider.contextFactory = createContextFactoryReturning(ctx);
 
 		try {
-			provider.authenticate(joe);
+			this.provider.authenticate(this.joe);
 			fail("Expected BadCredentialsException for user with no domain information");
 		}
 		catch (BadCredentialsException expected) {
 		}
 
-		provider.authenticate(new UsernamePasswordAuthenticationToken("joe@mydomain.eu", "password"));
+		this.provider.authenticate(new UsernamePasswordAuthenticationToken("joe@mydomain.eu", "password"));
 	}
 
 	@Test(expected = BadCredentialsException.class)
@@ -211,9 +211,9 @@ public class ActiveDirectoryLdapAuthenticationProviderTests {
 		when(ctx.search(any(Name.class), any(String.class), any(Object[].class), any(SearchControls.class)))
 				.thenThrow(new NameNotFoundException());
 
-		provider.contextFactory = createContextFactoryReturning(ctx);
+		this.provider.contextFactory = createContextFactoryReturning(ctx);
 
-		provider.authenticate(joe);
+		this.provider.authenticate(this.joe);
 	}
 
 	// SEC-2017
@@ -224,15 +224,15 @@ public class ActiveDirectoryLdapAuthenticationProviderTests {
 		when(ctx.search(any(Name.class), any(String.class), any(Object[].class), any(SearchControls.class)))
 				.thenReturn(new EmptyEnumeration<>());
 
-		provider.contextFactory = createContextFactoryReturning(ctx);
+		this.provider.contextFactory = createContextFactoryReturning(ctx);
 
-		provider.authenticate(joe);
+		this.provider.authenticate(this.joe);
 	}
 
 	// SEC-2500
 	@Test(expected = BadCredentialsException.class)
 	public void sec2500PreventAnonymousBind() {
-		provider.authenticate(new UsernamePasswordAuthenticationToken("rwinch", ""));
+		this.provider.authenticate(new UsernamePasswordAuthenticationToken("rwinch", ""));
 	}
 
 	@SuppressWarnings("unchecked")
@@ -248,42 +248,43 @@ public class ActiveDirectoryLdapAuthenticationProviderTests {
 		when(ctx.search(any(Name.class), any(String.class), any(Object[].class), any(SearchControls.class)))
 				.thenReturn(searchResults);
 
-		provider.contextFactory = createContextFactoryReturning(ctx);
+		this.provider.contextFactory = createContextFactoryReturning(ctx);
 
-		provider.authenticate(joe);
+		this.provider.authenticate(this.joe);
 	}
 
 	static final String msg = "[LDAP: error code 49 - 80858585: LdapErr: DSID-DECAFF0, comment: AcceptSecurityContext error, data ";
 
 	@Test(expected = BadCredentialsException.class)
 	public void userNotFoundIsCorrectlyMapped() {
-		provider.contextFactory = createContextFactoryThrowing(new AuthenticationException(msg + "525, xxxx]"));
-		provider.setConvertSubErrorCodesToExceptions(true);
-		provider.authenticate(joe);
+		this.provider.contextFactory = createContextFactoryThrowing(new AuthenticationException(msg + "525, xxxx]"));
+		this.provider.setConvertSubErrorCodesToExceptions(true);
+		this.provider.authenticate(this.joe);
 	}
 
 	@Test(expected = BadCredentialsException.class)
 	public void incorrectPasswordIsCorrectlyMapped() {
-		provider.contextFactory = createContextFactoryThrowing(new AuthenticationException(msg + "52e, xxxx]"));
-		provider.setConvertSubErrorCodesToExceptions(true);
-		provider.authenticate(joe);
+		this.provider.contextFactory = createContextFactoryThrowing(new AuthenticationException(msg + "52e, xxxx]"));
+		this.provider.setConvertSubErrorCodesToExceptions(true);
+		this.provider.authenticate(this.joe);
 	}
 
 	@Test(expected = BadCredentialsException.class)
 	public void notPermittedIsCorrectlyMapped() {
-		provider.contextFactory = createContextFactoryThrowing(new AuthenticationException(msg + "530, xxxx]"));
-		provider.setConvertSubErrorCodesToExceptions(true);
-		provider.authenticate(joe);
+		this.provider.contextFactory = createContextFactoryThrowing(new AuthenticationException(msg + "530, xxxx]"));
+		this.provider.setConvertSubErrorCodesToExceptions(true);
+		this.provider.authenticate(this.joe);
 	}
 
 	@Test
 	public void passwordNeedsResetIsCorrectlyMapped() {
 		final String dataCode = "773";
-		provider.contextFactory = createContextFactoryThrowing(new AuthenticationException(msg + dataCode + ", xxxx]"));
-		provider.setConvertSubErrorCodesToExceptions(true);
+		this.provider.contextFactory = createContextFactoryThrowing(
+				new AuthenticationException(msg + dataCode + ", xxxx]"));
+		this.provider.setConvertSubErrorCodesToExceptions(true);
 
-		thrown.expect(BadCredentialsException.class);
-		thrown.expect(new BaseMatcher<BadCredentialsException>() {
+		this.thrown.expect(BadCredentialsException.class);
+		this.thrown.expect(new BaseMatcher<BadCredentialsException>() {
 			private Matcher<Object> causeInstance = CoreMatchers
 					.instanceOf(ActiveDirectoryAuthenticationException.class);
 
@@ -292,75 +293,75 @@ public class ActiveDirectoryLdapAuthenticationProviderTests {
 			public boolean matches(Object that) {
 				Throwable t = (Throwable) that;
 				ActiveDirectoryAuthenticationException cause = (ActiveDirectoryAuthenticationException) t.getCause();
-				return causeInstance.matches(cause) && causeDataCode.matches(cause.getDataCode());
+				return this.causeInstance.matches(cause) && this.causeDataCode.matches(cause.getDataCode());
 			}
 
 			public void describeTo(Description desc) {
 				desc.appendText("getCause() ");
-				causeInstance.describeTo(desc);
+				this.causeInstance.describeTo(desc);
 				desc.appendText("getCause().getDataCode() ");
-				causeDataCode.describeTo(desc);
+				this.causeDataCode.describeTo(desc);
 			}
 		});
 
-		provider.authenticate(joe);
+		this.provider.authenticate(this.joe);
 	}
 
 	@Test(expected = CredentialsExpiredException.class)
 	public void expiredPasswordIsCorrectlyMapped() {
-		provider.contextFactory = createContextFactoryThrowing(new AuthenticationException(msg + "532, xxxx]"));
+		this.provider.contextFactory = createContextFactoryThrowing(new AuthenticationException(msg + "532, xxxx]"));
 
 		try {
-			provider.authenticate(joe);
+			this.provider.authenticate(this.joe);
 			fail("BadCredentialsException should had been thrown");
 		}
 		catch (BadCredentialsException expected) {
 		}
 
-		provider.setConvertSubErrorCodesToExceptions(true);
-		provider.authenticate(joe);
+		this.provider.setConvertSubErrorCodesToExceptions(true);
+		this.provider.authenticate(this.joe);
 	}
 
 	@Test(expected = DisabledException.class)
 	public void accountDisabledIsCorrectlyMapped() {
-		provider.contextFactory = createContextFactoryThrowing(new AuthenticationException(msg + "533, xxxx]"));
-		provider.setConvertSubErrorCodesToExceptions(true);
-		provider.authenticate(joe);
+		this.provider.contextFactory = createContextFactoryThrowing(new AuthenticationException(msg + "533, xxxx]"));
+		this.provider.setConvertSubErrorCodesToExceptions(true);
+		this.provider.authenticate(this.joe);
 	}
 
 	@Test(expected = AccountExpiredException.class)
 	public void accountExpiredIsCorrectlyMapped() {
-		provider.contextFactory = createContextFactoryThrowing(new AuthenticationException(msg + "701, xxxx]"));
-		provider.setConvertSubErrorCodesToExceptions(true);
-		provider.authenticate(joe);
+		this.provider.contextFactory = createContextFactoryThrowing(new AuthenticationException(msg + "701, xxxx]"));
+		this.provider.setConvertSubErrorCodesToExceptions(true);
+		this.provider.authenticate(this.joe);
 	}
 
 	@Test(expected = LockedException.class)
 	public void accountLockedIsCorrectlyMapped() {
-		provider.contextFactory = createContextFactoryThrowing(new AuthenticationException(msg + "775, xxxx]"));
-		provider.setConvertSubErrorCodesToExceptions(true);
-		provider.authenticate(joe);
+		this.provider.contextFactory = createContextFactoryThrowing(new AuthenticationException(msg + "775, xxxx]"));
+		this.provider.setConvertSubErrorCodesToExceptions(true);
+		this.provider.authenticate(this.joe);
 	}
 
 	@Test(expected = BadCredentialsException.class)
 	public void unknownErrorCodeIsCorrectlyMapped() {
-		provider.contextFactory = createContextFactoryThrowing(new AuthenticationException(msg + "999, xxxx]"));
-		provider.setConvertSubErrorCodesToExceptions(true);
-		provider.authenticate(joe);
+		this.provider.contextFactory = createContextFactoryThrowing(new AuthenticationException(msg + "999, xxxx]"));
+		this.provider.setConvertSubErrorCodesToExceptions(true);
+		this.provider.authenticate(this.joe);
 	}
 
 	@Test(expected = BadCredentialsException.class)
 	public void errorWithNoSubcodeIsHandledCleanly() {
-		provider.contextFactory = createContextFactoryThrowing(new AuthenticationException(msg));
-		provider.setConvertSubErrorCodesToExceptions(true);
-		provider.authenticate(joe);
+		this.provider.contextFactory = createContextFactoryThrowing(new AuthenticationException(msg));
+		this.provider.setConvertSubErrorCodesToExceptions(true);
+		this.provider.authenticate(this.joe);
 	}
 
 	@Test(expected = org.springframework.ldap.CommunicationException.class)
 	public void nonAuthenticationExceptionIsConvertedToSpringLdapException() throws Throwable {
 		try {
-			provider.contextFactory = createContextFactoryThrowing(new CommunicationException(msg));
-			provider.authenticate(joe);
+			this.provider.contextFactory = createContextFactoryThrowing(new CommunicationException(msg));
+			this.provider.authenticate(this.joe);
 		}
 		catch (InternalAuthenticationServiceException e) {
 			// Since GH-8418 ldap communication exception is wrapped into
@@ -376,7 +377,7 @@ public class ActiveDirectoryLdapAuthenticationProviderTests {
 				"mydomain.eu", NON_EXISTING_LDAP_PROVIDER, "dc=ad,dc=eu,dc=mydomain");
 		noneReachableProvider
 				.setContextEnvironmentProperties(Collections.singletonMap("com.sun.jndi.ldap.connect.timeout", "5"));
-		noneReachableProvider.doAuthentication(joe);
+		noneReachableProvider.doAuthentication(this.joe);
 	}
 
 	@Test
@@ -389,12 +390,12 @@ public class ActiveDirectoryLdapAuthenticationProviderTests {
 
 	@Test(expected = IllegalArgumentException.class)
 	public void setContextEnvironmentPropertiesNull() {
-		provider.setContextEnvironmentProperties(null);
+		this.provider.setContextEnvironmentProperties(null);
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void setContextEnvironmentPropertiesEmpty() {
-		provider.setContextEnvironmentProperties(new Hashtable<>());
+		this.provider.setContextEnvironmentProperties(new Hashtable<>());
 	}
 
 	@Test
@@ -402,10 +403,10 @@ public class ActiveDirectoryLdapAuthenticationProviderTests {
 		Hashtable<String, Object> env = new Hashtable<>();
 
 		env.put("java.naming.ldap.factory.socket", "unknown.package.NonExistingSocketFactory");
-		provider.setContextEnvironmentProperties(env);
+		this.provider.setContextEnvironmentProperties(env);
 
 		try {
-			provider.authenticate(joe);
+			this.provider.authenticate(this.joe);
 			fail("CommunicationException was expected with a root cause of ClassNotFoundException");
 		}
 		catch (InternalAuthenticationServiceException expected) {
@@ -448,13 +449,13 @@ public class ActiveDirectoryLdapAuthenticationProviderTests {
 
 		provider.contextFactory = createContextFactoryReturning(ctx);
 
-		Authentication result = provider.authenticate(joe);
+		Authentication result = provider.authenticate(this.joe);
 
 		assertThat(result.getAuthorities()).isEmpty();
 
 		dca.addAttributeValue("memberOf", "CN=Admin,CN=Users,DC=mydomain,DC=eu");
 
-		result = provider.authenticate(joe);
+		result = provider.authenticate(this.joe);
 
 		assertThat(result.getAuthorities()).hasSize(1);
 	}
@@ -468,13 +469,13 @@ public class ActiveDirectoryLdapAuthenticationProviderTests {
 		}
 
 		public SearchResult next() {
-			SearchResult result = sr;
-			sr = null;
+			SearchResult result = this.sr;
+			this.sr = null;
 			return result;
 		}
 
 		public boolean hasMore() {
-			return sr != null;
+			return this.sr != null;
 		}
 
 		public void close() {
diff --git a/ldap/src/test/java/org/springframework/security/ldap/ppolicy/PasswordPolicyAwareContextSourceTests.java b/ldap/src/test/java/org/springframework/security/ldap/ppolicy/PasswordPolicyAwareContextSourceTests.java
index f9e2f8ab3e..d215282ad5 100644
--- a/ldap/src/test/java/org/springframework/security/ldap/ppolicy/PasswordPolicyAwareContextSourceTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/ppolicy/PasswordPolicyAwareContextSourceTests.java
@@ -46,42 +46,42 @@ public class PasswordPolicyAwareContextSourceTests {
 
 	@Before
 	public void setUp() {
-		reset(ctx);
-		ctxSource = new PasswordPolicyAwareContextSource("ldap://blah:789/dc=springframework,dc=org") {
+		reset(this.ctx);
+		this.ctxSource = new PasswordPolicyAwareContextSource("ldap://blah:789/dc=springframework,dc=org") {
 			@Override
 			protected DirContext createContext(Hashtable env) {
 				if ("manager".equals(env.get(Context.SECURITY_PRINCIPAL))) {
-					return ctx;
+					return PasswordPolicyAwareContextSourceTests.this.ctx;
 				}
 
 				return null;
 			}
 		};
-		ctxSource.setUserDn("manager");
-		ctxSource.setPassword("password");
-		ctxSource.afterPropertiesSet();
+		this.ctxSource.setUserDn("manager");
+		this.ctxSource.setPassword("password");
+		this.ctxSource.afterPropertiesSet();
 	}
 
 	@Test
 	public void contextIsReturnedWhenNoControlsAreSetAndReconnectIsSuccessful() {
-		assertThat(ctxSource.getContext("user", "ignored")).isNotNull();
+		assertThat(this.ctxSource.getContext("user", "ignored")).isNotNull();
 	}
 
 	@Test(expected = UncategorizedLdapException.class)
 	public void standardExceptionIsPropagatedWhenExceptionRaisedAndNoControlsAreSet() throws Exception {
-		doThrow(new NamingException("some LDAP exception")).when(ctx).reconnect(any(Control[].class));
+		doThrow(new NamingException("some LDAP exception")).when(this.ctx).reconnect(any(Control[].class));
 
-		ctxSource.getContext("user", "ignored");
+		this.ctxSource.getContext("user", "ignored");
 	}
 
 	@Test(expected = PasswordPolicyException.class)
 	public void lockedPasswordPolicyControlRaisesPasswordPolicyException() throws Exception {
-		when(ctx.getResponseControls()).thenReturn(new Control[] {
+		when(this.ctx.getResponseControls()).thenReturn(new Control[] {
 				new PasswordPolicyResponseControl(PasswordPolicyResponseControlTests.OPENLDAP_LOCKED_CTRL) });
 
-		doThrow(new NamingException("locked message")).when(ctx).reconnect(any(Control[].class));
+		doThrow(new NamingException("locked message")).when(this.ctx).reconnect(any(Control[].class));
 
-		ctxSource.getContext("user", "ignored");
+		this.ctxSource.getContext("user", "ignored");
 	}
 
 }
diff --git a/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapAuthorityTests.java b/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapAuthorityTests.java
index b8a597ddbc..60a6779fba 100644
--- a/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapAuthorityTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapAuthorityTests.java
@@ -41,31 +41,31 @@ public class LdapAuthorityTests {
 		Map<String, List<String>> attributes = new HashMap<>();
 		attributes.put(SpringSecurityLdapTemplate.DN_KEY, Arrays.asList(DN));
 		attributes.put("mail", Arrays.asList("filip@ldap.test.org", "filip@ldap.test2.org"));
-		authority = new LdapAuthority("testRole", DN, attributes);
+		this.authority = new LdapAuthority("testRole", DN, attributes);
 	}
 
 	@Test
 	public void testGetDn() {
-		assertThat(authority.getDn()).isEqualTo(DN);
-		assertThat(authority.getAttributeValues(SpringSecurityLdapTemplate.DN_KEY)).isNotNull();
-		assertThat(authority.getAttributeValues(SpringSecurityLdapTemplate.DN_KEY)).hasSize(1);
-		assertThat(authority.getFirstAttributeValue(SpringSecurityLdapTemplate.DN_KEY)).isEqualTo(DN);
+		assertThat(this.authority.getDn()).isEqualTo(DN);
+		assertThat(this.authority.getAttributeValues(SpringSecurityLdapTemplate.DN_KEY)).isNotNull();
+		assertThat(this.authority.getAttributeValues(SpringSecurityLdapTemplate.DN_KEY)).hasSize(1);
+		assertThat(this.authority.getFirstAttributeValue(SpringSecurityLdapTemplate.DN_KEY)).isEqualTo(DN);
 	}
 
 	@Test
 	public void testGetAttributes() {
-		assertThat(authority.getAttributes()).isNotNull();
-		assertThat(authority.getAttributeValues("mail")).isNotNull();
-		assertThat(authority.getAttributeValues("mail")).hasSize(2);
-		assertThat(authority.getFirstAttributeValue("mail")).isEqualTo("filip@ldap.test.org");
-		assertThat(authority.getAttributeValues("mail").get(0)).isEqualTo("filip@ldap.test.org");
-		assertThat(authority.getAttributeValues("mail").get(1)).isEqualTo("filip@ldap.test2.org");
+		assertThat(this.authority.getAttributes()).isNotNull();
+		assertThat(this.authority.getAttributeValues("mail")).isNotNull();
+		assertThat(this.authority.getAttributeValues("mail")).hasSize(2);
+		assertThat(this.authority.getFirstAttributeValue("mail")).isEqualTo("filip@ldap.test.org");
+		assertThat(this.authority.getAttributeValues("mail").get(0)).isEqualTo("filip@ldap.test.org");
+		assertThat(this.authority.getAttributeValues("mail").get(1)).isEqualTo("filip@ldap.test2.org");
 	}
 
 	@Test
 	public void testGetAuthority() {
-		assertThat(authority.getAuthority()).isNotNull();
-		assertThat(authority.getAuthority()).isEqualTo("testRole");
+		assertThat(this.authority.getAuthority()).isNotNull();
+		assertThat(this.authority.getAuthority()).isEqualTo("testRole");
 	}
 
 }
diff --git a/messaging/src/main/java/org/springframework/security/messaging/access/expression/DefaultMessageSecurityExpressionHandler.java b/messaging/src/main/java/org/springframework/security/messaging/access/expression/DefaultMessageSecurityExpressionHandler.java
index fd01c9d3f1..c896eb3955 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/access/expression/DefaultMessageSecurityExpressionHandler.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/access/expression/DefaultMessageSecurityExpressionHandler.java
@@ -41,7 +41,7 @@ public class DefaultMessageSecurityExpressionHandler<T> extends AbstractSecurity
 			Message<T> invocation) {
 		MessageSecurityExpressionRoot root = new MessageSecurityExpressionRoot(authentication, invocation);
 		root.setPermissionEvaluator(getPermissionEvaluator());
-		root.setTrustResolver(trustResolver);
+		root.setTrustResolver(this.trustResolver);
 		root.setRoleHierarchy(getRoleHierarchy());
 		return root;
 	}
diff --git a/messaging/src/main/java/org/springframework/security/messaging/access/expression/MessageExpressionConfigAttribute.java b/messaging/src/main/java/org/springframework/security/messaging/access/expression/MessageExpressionConfigAttribute.java
index 17aac56cf4..66bbd3e237 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/access/expression/MessageExpressionConfigAttribute.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/access/expression/MessageExpressionConfigAttribute.java
@@ -52,7 +52,7 @@ class MessageExpressionConfigAttribute implements ConfigAttribute, EvaluationCon
 	}
 
 	Expression getAuthorizeExpression() {
-		return authorizeExpression;
+		return this.authorizeExpression;
 	}
 
 	public String getAttribute() {
@@ -61,13 +61,13 @@ class MessageExpressionConfigAttribute implements ConfigAttribute, EvaluationCon
 
 	@Override
 	public String toString() {
-		return authorizeExpression.getExpressionString();
+		return this.authorizeExpression.getExpressionString();
 	}
 
 	@Override
 	public EvaluationContext postProcess(EvaluationContext ctx, Message<?> message) {
-		if (matcher instanceof SimpDestinationMessageMatcher) {
-			final Map<String, String> variables = ((SimpDestinationMessageMatcher) matcher)
+		if (this.matcher instanceof SimpDestinationMessageMatcher) {
+			final Map<String, String> variables = ((SimpDestinationMessageMatcher) this.matcher)
 					.extractPathVariables(message);
 			for (Map.Entry<String, String> entry : variables.entrySet()) {
 				ctx.setVariable(entry.getKey(), entry.getValue());
diff --git a/messaging/src/main/java/org/springframework/security/messaging/access/expression/MessageExpressionVoter.java b/messaging/src/main/java/org/springframework/security/messaging/access/expression/MessageExpressionVoter.java
index f859e4a7da..dc517a42bb 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/access/expression/MessageExpressionVoter.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/access/expression/MessageExpressionVoter.java
@@ -52,7 +52,7 @@ public class MessageExpressionVoter<T> implements AccessDecisionVoter<Message<T>
 			return ACCESS_ABSTAIN;
 		}
 
-		EvaluationContext ctx = expressionHandler.createEvaluationContext(authentication, message);
+		EvaluationContext ctx = this.expressionHandler.createEvaluationContext(authentication, message);
 		ctx = attr.postProcess(ctx, message);
 
 		return ExpressionUtils.evaluateAsBoolean(attr.getAuthorizeExpression(), ctx) ? ACCESS_GRANTED : ACCESS_DENIED;
diff --git a/messaging/src/main/java/org/springframework/security/messaging/access/intercept/ChannelSecurityInterceptor.java b/messaging/src/main/java/org/springframework/security/messaging/access/intercept/ChannelSecurityInterceptor.java
index 5f52ff39c1..6f3c9871a9 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/access/intercept/ChannelSecurityInterceptor.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/access/intercept/ChannelSecurityInterceptor.java
@@ -61,7 +61,7 @@ public final class ChannelSecurityInterceptor extends AbstractSecurityIntercepto
 
 	@Override
 	public SecurityMetadataSource obtainSecurityMetadataSource() {
-		return metadataSource;
+		return this.metadataSource;
 	}
 
 	public Message<?> preSend(Message<?> message, MessageChannel channel) {
diff --git a/messaging/src/main/java/org/springframework/security/messaging/access/intercept/DefaultMessageSecurityMetadataSource.java b/messaging/src/main/java/org/springframework/security/messaging/access/intercept/DefaultMessageSecurityMetadataSource.java
index 96fbaefa71..98228e56e9 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/access/intercept/DefaultMessageSecurityMetadataSource.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/access/intercept/DefaultMessageSecurityMetadataSource.java
@@ -52,7 +52,7 @@ public final class DefaultMessageSecurityMetadataSource implements MessageSecuri
 	@SuppressWarnings({ "rawtypes", "unchecked" })
 	public Collection<ConfigAttribute> getAttributes(Object object) throws IllegalArgumentException {
 		final Message message = (Message) object;
-		for (Map.Entry<MessageMatcher<?>, Collection<ConfigAttribute>> entry : messageMap.entrySet()) {
+		for (Map.Entry<MessageMatcher<?>, Collection<ConfigAttribute>> entry : this.messageMap.entrySet()) {
 			if (entry.getKey().matches(message)) {
 				return entry.getValue();
 			}
@@ -63,7 +63,7 @@ public final class DefaultMessageSecurityMetadataSource implements MessageSecuri
 	public Collection<ConfigAttribute> getAllConfigAttributes() {
 		Set<ConfigAttribute> allAttributes = new HashSet<>();
 
-		for (Collection<ConfigAttribute> entry : messageMap.values()) {
+		for (Collection<ConfigAttribute> entry : this.messageMap.values()) {
 			allAttributes.addAll(entry);
 		}
 
diff --git a/messaging/src/main/java/org/springframework/security/messaging/context/SecurityContextChannelInterceptor.java b/messaging/src/main/java/org/springframework/security/messaging/context/SecurityContextChannelInterceptor.java
index 5549189cfd..ab9ea4c9eb 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/context/SecurityContextChannelInterceptor.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/context/SecurityContextChannelInterceptor.java
@@ -115,7 +115,7 @@ public final class SecurityContextChannelInterceptor extends ChannelInterceptorA
 		}
 		contextStack.push(currentContext);
 
-		Object user = message.getHeaders().get(authenticationHeaderName);
+		Object user = message.getHeaders().get(this.authenticationHeaderName);
 
 		Authentication authentication;
 		if ((user instanceof Authentication)) {
@@ -141,7 +141,7 @@ public final class SecurityContextChannelInterceptor extends ChannelInterceptorA
 		SecurityContext originalContext = contextStack.pop();
 
 		try {
-			if (EMPTY_CONTEXT.equals(originalContext)) {
+			if (this.EMPTY_CONTEXT.equals(originalContext)) {
 				SecurityContextHolder.clearContext();
 				ORIGINAL_CONTEXT.remove();
 			}
diff --git a/messaging/src/main/java/org/springframework/security/messaging/util/matcher/AbstractMessageMatcherComposite.java b/messaging/src/main/java/org/springframework/security/messaging/util/matcher/AbstractMessageMatcherComposite.java
index 0a8b7b3aa6..6bb2b627e8 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/util/matcher/AbstractMessageMatcherComposite.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/util/matcher/AbstractMessageMatcherComposite.java
@@ -57,12 +57,12 @@ abstract class AbstractMessageMatcherComposite<T> implements MessageMatcher<T> {
 	}
 
 	public List<MessageMatcher<T>> getMessageMatchers() {
-		return messageMatchers;
+		return this.messageMatchers;
 	}
 
 	@Override
 	public String toString() {
-		return getClass().getSimpleName() + "[messageMatchers=" + messageMatchers + "]";
+		return getClass().getSimpleName() + "[messageMatchers=" + this.messageMatchers + "]";
 	}
 
 }
diff --git a/messaging/src/main/java/org/springframework/security/messaging/util/matcher/AndMessageMatcher.java b/messaging/src/main/java/org/springframework/security/messaging/util/matcher/AndMessageMatcher.java
index 9210f59347..164d799ecf 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/util/matcher/AndMessageMatcher.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/util/matcher/AndMessageMatcher.java
@@ -47,15 +47,15 @@ public final class AndMessageMatcher<T> extends AbstractMessageMatcherComposite<
 
 	public boolean matches(Message<? extends T> message) {
 		for (MessageMatcher<T> matcher : getMessageMatchers()) {
-			if (LOGGER.isDebugEnabled()) {
-				LOGGER.debug("Trying to match using " + matcher);
+			if (this.LOGGER.isDebugEnabled()) {
+				this.LOGGER.debug("Trying to match using " + matcher);
 			}
 			if (!matcher.matches(message)) {
-				LOGGER.debug("Did not match");
+				this.LOGGER.debug("Did not match");
 				return false;
 			}
 		}
-		LOGGER.debug("All messageMatchers returned true");
+		this.LOGGER.debug("All messageMatchers returned true");
 		return true;
 	}
 
diff --git a/messaging/src/main/java/org/springframework/security/messaging/util/matcher/OrMessageMatcher.java b/messaging/src/main/java/org/springframework/security/messaging/util/matcher/OrMessageMatcher.java
index 90db0be394..b7f2a6ace9 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/util/matcher/OrMessageMatcher.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/util/matcher/OrMessageMatcher.java
@@ -47,15 +47,15 @@ public final class OrMessageMatcher<T> extends AbstractMessageMatcherComposite<T
 
 	public boolean matches(Message<? extends T> message) {
 		for (MessageMatcher<T> matcher : getMessageMatchers()) {
-			if (LOGGER.isDebugEnabled()) {
-				LOGGER.debug("Trying to match using " + matcher);
+			if (this.LOGGER.isDebugEnabled()) {
+				this.LOGGER.debug("Trying to match using " + matcher);
 			}
 			if (matcher.matches(message)) {
-				LOGGER.debug("matched");
+				this.LOGGER.debug("matched");
 				return true;
 			}
 		}
-		LOGGER.debug("No matches found");
+		this.LOGGER.debug("No matches found");
 		return false;
 	}
 
diff --git a/messaging/src/main/java/org/springframework/security/messaging/util/matcher/SimpDestinationMessageMatcher.java b/messaging/src/main/java/org/springframework/security/messaging/util/matcher/SimpDestinationMessageMatcher.java
index c9b2513bbc..fe24d4a766 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/util/matcher/SimpDestinationMessageMatcher.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/util/matcher/SimpDestinationMessageMatcher.java
@@ -117,27 +117,28 @@ public final class SimpDestinationMessageMatcher implements MessageMatcher<Objec
 	}
 
 	public boolean matches(Message<?> message) {
-		if (!messageTypeMatcher.matches(message)) {
+		if (!this.messageTypeMatcher.matches(message)) {
 			return false;
 		}
 
 		String destination = SimpMessageHeaderAccessor.getDestination(message.getHeaders());
-		return destination != null && matcher.match(pattern, destination);
+		return destination != null && this.matcher.match(this.pattern, destination);
 	}
 
 	public Map<String, String> extractPathVariables(Message<?> message) {
 		final String destination = SimpMessageHeaderAccessor.getDestination(message.getHeaders());
-		return destination != null ? matcher.extractUriTemplateVariables(pattern, destination) : Collections.emptyMap();
+		return destination != null ? this.matcher.extractUriTemplateVariables(this.pattern, destination)
+				: Collections.emptyMap();
 	}
 
 	public MessageMatcher<Object> getMessageTypeMatcher() {
-		return messageTypeMatcher;
+		return this.messageTypeMatcher;
 	}
 
 	@Override
 	public String toString() {
-		return "SimpDestinationMessageMatcher [matcher=" + matcher + ", messageTypeMatcher=" + messageTypeMatcher
-				+ ", pattern=" + pattern + "]";
+		return "SimpDestinationMessageMatcher [matcher=" + this.matcher + ", messageTypeMatcher="
+				+ this.messageTypeMatcher + ", pattern=" + this.pattern + "]";
 	}
 
 	private boolean isTypeWithDestination(SimpMessageType type) {
diff --git a/messaging/src/main/java/org/springframework/security/messaging/util/matcher/SimpMessageTypeMatcher.java b/messaging/src/main/java/org/springframework/security/messaging/util/matcher/SimpMessageTypeMatcher.java
index b441723ddc..b70e91395f 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/util/matcher/SimpMessageTypeMatcher.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/util/matcher/SimpMessageTypeMatcher.java
@@ -49,7 +49,7 @@ public class SimpMessageTypeMatcher implements MessageMatcher<Object> {
 		MessageHeaders headers = message.getHeaders();
 		SimpMessageType messageType = SimpMessageHeaderAccessor.getMessageType(headers);
 
-		return typeToMatch == messageType;
+		return this.typeToMatch == messageType;
 	}
 
 	@Override
@@ -73,7 +73,7 @@ public class SimpMessageTypeMatcher implements MessageMatcher<Object> {
 
 	@Override
 	public String toString() {
-		return "SimpMessageTypeMatcher [typeToMatch=" + typeToMatch + "]";
+		return "SimpMessageTypeMatcher [typeToMatch=" + this.typeToMatch + "]";
 	}
 
 }
diff --git a/messaging/src/main/java/org/springframework/security/messaging/web/csrf/CsrfChannelInterceptor.java b/messaging/src/main/java/org/springframework/security/messaging/web/csrf/CsrfChannelInterceptor.java
index 0e1a4623b2..ead278e4d7 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/web/csrf/CsrfChannelInterceptor.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/web/csrf/CsrfChannelInterceptor.java
@@ -42,7 +42,7 @@ public final class CsrfChannelInterceptor extends ChannelInterceptorAdapter {
 
 	@Override
 	public Message<?> preSend(Message<?> message, MessageChannel channel) {
-		if (!matcher.matches(message)) {
+		if (!this.matcher.matches(message)) {
 			return message;
 		}
 
diff --git a/messaging/src/test/java/org/springframework/security/messaging/access/expression/DefaultMessageSecurityExpressionHandlerTests.java b/messaging/src/test/java/org/springframework/security/messaging/access/expression/DefaultMessageSecurityExpressionHandlerTests.java
index 9b63807aa4..6501d44e9a 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/access/expression/DefaultMessageSecurityExpressionHandlerTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/access/expression/DefaultMessageSecurityExpressionHandlerTests.java
@@ -54,55 +54,55 @@ public class DefaultMessageSecurityExpressionHandlerTests {
 
 	@Before
 	public void setup() {
-		handler = new DefaultMessageSecurityExpressionHandler<>();
+		this.handler = new DefaultMessageSecurityExpressionHandler<>();
 
-		message = new GenericMessage<>("");
-		authentication = new AnonymousAuthenticationToken("key", "anonymous",
+		this.message = new GenericMessage<>("");
+		this.authentication = new AnonymousAuthenticationToken("key", "anonymous",
 				AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS"));
 	}
 
 	// SEC-2705
 	@Test
 	public void trustResolverPopulated() {
-		EvaluationContext context = handler.createEvaluationContext(authentication, message);
-		Expression expression = handler.getExpressionParser().parseExpression("authenticated");
+		EvaluationContext context = this.handler.createEvaluationContext(this.authentication, this.message);
+		Expression expression = this.handler.getExpressionParser().parseExpression("authenticated");
 
 		assertThat(ExpressionUtils.evaluateAsBoolean(expression, context)).isFalse();
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void trustResolverNull() {
-		handler.setTrustResolver(null);
+		this.handler.setTrustResolver(null);
 	}
 
 	@Test
 	public void trustResolverCustom() {
-		handler.setTrustResolver(trustResolver);
-		EvaluationContext context = handler.createEvaluationContext(authentication, message);
-		Expression expression = handler.getExpressionParser().parseExpression("authenticated");
-		when(trustResolver.isAnonymous(authentication)).thenReturn(false);
+		this.handler.setTrustResolver(this.trustResolver);
+		EvaluationContext context = this.handler.createEvaluationContext(this.authentication, this.message);
+		Expression expression = this.handler.getExpressionParser().parseExpression("authenticated");
+		when(this.trustResolver.isAnonymous(this.authentication)).thenReturn(false);
 
 		assertThat(ExpressionUtils.evaluateAsBoolean(expression, context)).isTrue();
 	}
 
 	@Test
 	public void roleHierarchy() {
-		authentication = new TestingAuthenticationToken("admin", "pass", "ROLE_ADMIN");
+		this.authentication = new TestingAuthenticationToken("admin", "pass", "ROLE_ADMIN");
 		RoleHierarchyImpl roleHierarchy = new RoleHierarchyImpl();
 		roleHierarchy.setHierarchy("ROLE_ADMIN > ROLE_USER");
-		handler.setRoleHierarchy(roleHierarchy);
-		EvaluationContext context = handler.createEvaluationContext(authentication, message);
-		Expression expression = handler.getExpressionParser().parseExpression("hasRole('ROLE_USER')");
+		this.handler.setRoleHierarchy(roleHierarchy);
+		EvaluationContext context = this.handler.createEvaluationContext(this.authentication, this.message);
+		Expression expression = this.handler.getExpressionParser().parseExpression("hasRole('ROLE_USER')");
 
 		assertThat(ExpressionUtils.evaluateAsBoolean(expression, context)).isTrue();
 	}
 
 	@Test
 	public void permissionEvaluator() {
-		handler.setPermissionEvaluator(permissionEvaluator);
-		EvaluationContext context = handler.createEvaluationContext(authentication, message);
-		Expression expression = handler.getExpressionParser().parseExpression("hasPermission(message, 'read')");
-		when(permissionEvaluator.hasPermission(authentication, message, "read")).thenReturn(true);
+		this.handler.setPermissionEvaluator(this.permissionEvaluator);
+		EvaluationContext context = this.handler.createEvaluationContext(this.authentication, this.message);
+		Expression expression = this.handler.getExpressionParser().parseExpression("hasPermission(message, 'read')");
+		when(this.permissionEvaluator.hasPermission(this.authentication, this.message, "read")).thenReturn(true);
 
 		assertThat(ExpressionUtils.evaluateAsBoolean(expression, context)).isTrue();
 	}
diff --git a/messaging/src/test/java/org/springframework/security/messaging/access/expression/ExpressionBasedMessageSecurityMetadataSourceFactoryTests.java b/messaging/src/test/java/org/springframework/security/messaging/access/expression/ExpressionBasedMessageSecurityMetadataSourceFactoryTests.java
index 0b8c1a7fd9..12b93ce5e3 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/access/expression/ExpressionBasedMessageSecurityMetadataSourceFactoryTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/access/expression/ExpressionBasedMessageSecurityMetadataSourceFactoryTests.java
@@ -61,47 +61,47 @@ public class ExpressionBasedMessageSecurityMetadataSourceFactoryTests {
 
 	@Before
 	public void setup() {
-		expression1 = "permitAll";
-		expression2 = "denyAll";
-		matcherToExpression = new LinkedHashMap<>();
-		matcherToExpression.put(matcher1, expression1);
-		matcherToExpression.put(matcher2, expression2);
+		this.expression1 = "permitAll";
+		this.expression2 = "denyAll";
+		this.matcherToExpression = new LinkedHashMap<>();
+		this.matcherToExpression.put(this.matcher1, this.expression1);
+		this.matcherToExpression.put(this.matcher2, this.expression2);
 
-		source = createExpressionMessageMetadataSource(matcherToExpression);
-		rootObject = new MessageSecurityExpressionRoot(authentication, message);
+		this.source = createExpressionMessageMetadataSource(this.matcherToExpression);
+		this.rootObject = new MessageSecurityExpressionRoot(this.authentication, this.message);
 	}
 
 	@Test
 	public void createExpressionMessageMetadataSourceNoMatch() {
 
-		Collection<ConfigAttribute> attrs = source.getAttributes(message);
+		Collection<ConfigAttribute> attrs = this.source.getAttributes(this.message);
 
 		assertThat(attrs).isNull();
 	}
 
 	@Test
 	public void createExpressionMessageMetadataSourceMatchFirst() {
-		when(matcher1.matches(message)).thenReturn(true);
+		when(this.matcher1.matches(this.message)).thenReturn(true);
 
-		Collection<ConfigAttribute> attrs = source.getAttributes(message);
+		Collection<ConfigAttribute> attrs = this.source.getAttributes(this.message);
 
 		assertThat(attrs).hasSize(1);
 		ConfigAttribute attr = attrs.iterator().next();
 		assertThat(attr).isInstanceOf(MessageExpressionConfigAttribute.class);
-		assertThat(((MessageExpressionConfigAttribute) attr).getAuthorizeExpression().getValue(rootObject))
+		assertThat(((MessageExpressionConfigAttribute) attr).getAuthorizeExpression().getValue(this.rootObject))
 				.isEqualTo(true);
 	}
 
 	@Test
 	public void createExpressionMessageMetadataSourceMatchSecond() {
-		when(matcher2.matches(message)).thenReturn(true);
+		when(this.matcher2.matches(this.message)).thenReturn(true);
 
-		Collection<ConfigAttribute> attrs = source.getAttributes(message);
+		Collection<ConfigAttribute> attrs = this.source.getAttributes(this.message);
 
 		assertThat(attrs).hasSize(1);
 		ConfigAttribute attr = attrs.iterator().next();
 		assertThat(attr).isInstanceOf(MessageExpressionConfigAttribute.class);
-		assertThat(((MessageExpressionConfigAttribute) attr).getAuthorizeExpression().getValue(rootObject))
+		assertThat(((MessageExpressionConfigAttribute) attr).getAuthorizeExpression().getValue(this.rootObject))
 				.isEqualTo(false);
 	}
 
diff --git a/messaging/src/test/java/org/springframework/security/messaging/access/expression/MessageExpressionConfigAttributeTests.java b/messaging/src/test/java/org/springframework/security/messaging/access/expression/MessageExpressionConfigAttributeTests.java
index ecd57ac342..df89b68aef 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/access/expression/MessageExpressionConfigAttributeTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/access/expression/MessageExpressionConfigAttributeTests.java
@@ -47,34 +47,34 @@ public class MessageExpressionConfigAttributeTests {
 
 	@Before
 	public void setup() {
-		attribute = new MessageExpressionConfigAttribute(expression, matcher);
+		this.attribute = new MessageExpressionConfigAttribute(this.expression, this.matcher);
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void constructorNullExpression() {
-		new MessageExpressionConfigAttribute(null, matcher);
+		new MessageExpressionConfigAttribute(null, this.matcher);
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void constructorNullMatcher() {
-		new MessageExpressionConfigAttribute(expression, null);
+		new MessageExpressionConfigAttribute(this.expression, null);
 	}
 
 	@Test
 	public void getAuthorizeExpression() {
-		assertThat(attribute.getAuthorizeExpression()).isSameAs(expression);
+		assertThat(this.attribute.getAuthorizeExpression()).isSameAs(this.expression);
 	}
 
 	@Test
 	public void getAttribute() {
-		assertThat(attribute.getAttribute()).isNull();
+		assertThat(this.attribute.getAttribute()).isNull();
 	}
 
 	@Test
 	public void toStringUsesExpressionString() {
-		when(expression.getExpressionString()).thenReturn("toString");
+		when(this.expression.getExpressionString()).thenReturn("toString");
 
-		assertThat(attribute.toString()).isEqualTo(expression.getExpressionString());
+		assertThat(this.attribute.toString()).isEqualTo(this.expression.getExpressionString());
 	}
 
 	@Test
@@ -84,8 +84,8 @@ public class MessageExpressionConfigAttributeTests {
 				.setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "/topics/someTopic/sub1").build();
 		EvaluationContext context = mock(EvaluationContext.class);
 
-		attribute = new MessageExpressionConfigAttribute(expression, matcher);
-		attribute.postProcess(context, message);
+		this.attribute = new MessageExpressionConfigAttribute(this.expression, matcher);
+		this.attribute.postProcess(context, message);
 
 		verify(context).setVariable("topic", "someTopic");
 	}
diff --git a/messaging/src/test/java/org/springframework/security/messaging/access/expression/MessageExpressionVoterTests.java b/messaging/src/test/java/org/springframework/security/messaging/access/expression/MessageExpressionVoterTests.java
index 97c73f9d58..e30e730fee 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/access/expression/MessageExpressionVoterTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/access/expression/MessageExpressionVoterTests.java
@@ -70,77 +70,80 @@ public class MessageExpressionVoterTests {
 
 	@Before
 	public void setup() {
-		attributes = Arrays.<ConfigAttribute>asList(new MessageExpressionConfigAttribute(expression, matcher));
+		this.attributes = Arrays
+				.<ConfigAttribute>asList(new MessageExpressionConfigAttribute(this.expression, this.matcher));
 
-		voter = new MessageExpressionVoter();
+		this.voter = new MessageExpressionVoter();
 	}
 
 	@Test
 	public void voteGranted() {
-		when(expression.getValue(any(EvaluationContext.class), eq(Boolean.class))).thenReturn(true);
-		assertThat(voter.vote(authentication, message, attributes)).isEqualTo(ACCESS_GRANTED);
+		when(this.expression.getValue(any(EvaluationContext.class), eq(Boolean.class))).thenReturn(true);
+		assertThat(this.voter.vote(this.authentication, this.message, this.attributes)).isEqualTo(ACCESS_GRANTED);
 	}
 
 	@Test
 	public void voteDenied() {
-		when(expression.getValue(any(EvaluationContext.class), eq(Boolean.class))).thenReturn(false);
-		assertThat(voter.vote(authentication, message, attributes)).isEqualTo(ACCESS_DENIED);
+		when(this.expression.getValue(any(EvaluationContext.class), eq(Boolean.class))).thenReturn(false);
+		assertThat(this.voter.vote(this.authentication, this.message, this.attributes)).isEqualTo(ACCESS_DENIED);
 	}
 
 	@Test
 	public void voteAbstain() {
-		attributes = Arrays.<ConfigAttribute>asList(new SecurityConfig("ROLE_USER"));
-		assertThat(voter.vote(authentication, message, attributes)).isEqualTo(ACCESS_ABSTAIN);
+		this.attributes = Arrays.<ConfigAttribute>asList(new SecurityConfig("ROLE_USER"));
+		assertThat(this.voter.vote(this.authentication, this.message, this.attributes)).isEqualTo(ACCESS_ABSTAIN);
 	}
 
 	@Test
 	public void supportsObjectClassFalse() {
-		assertThat(voter.supports(Object.class)).isFalse();
+		assertThat(this.voter.supports(Object.class)).isFalse();
 	}
 
 	@Test
 	public void supportsMessageClassTrue() {
-		assertThat(voter.supports(Message.class)).isTrue();
+		assertThat(this.voter.supports(Message.class)).isTrue();
 	}
 
 	@Test
 	public void supportsSecurityConfigFalse() {
-		assertThat(voter.supports(new SecurityConfig("ROLE_USER"))).isFalse();
+		assertThat(this.voter.supports(new SecurityConfig("ROLE_USER"))).isFalse();
 	}
 
 	@Test
 	public void supportsMessageExpressionConfigAttributeTrue() {
-		assertThat(voter.supports(new MessageExpressionConfigAttribute(expression, matcher))).isTrue();
+		assertThat(this.voter.supports(new MessageExpressionConfigAttribute(this.expression, this.matcher))).isTrue();
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void setExpressionHandlerNull() {
-		voter.setExpressionHandler(null);
+		this.voter.setExpressionHandler(null);
 	}
 
 	@Test
 	public void customExpressionHandler() {
-		voter.setExpressionHandler(expressionHandler);
-		when(expressionHandler.createEvaluationContext(authentication, message)).thenReturn(evaluationContext);
-		when(expression.getValue(evaluationContext, Boolean.class)).thenReturn(true);
+		this.voter.setExpressionHandler(this.expressionHandler);
+		when(this.expressionHandler.createEvaluationContext(this.authentication, this.message))
+				.thenReturn(this.evaluationContext);
+		when(this.expression.getValue(this.evaluationContext, Boolean.class)).thenReturn(true);
 
-		assertThat(voter.vote(authentication, message, attributes)).isEqualTo(ACCESS_GRANTED);
+		assertThat(this.voter.vote(this.authentication, this.message, this.attributes)).isEqualTo(ACCESS_GRANTED);
 
-		verify(expressionHandler).createEvaluationContext(authentication, message);
+		verify(this.expressionHandler).createEvaluationContext(this.authentication, this.message);
 	}
 
 	@Test
 	public void postProcessEvaluationContext() {
 		final MessageExpressionConfigAttribute configAttribute = mock(MessageExpressionConfigAttribute.class);
-		voter.setExpressionHandler(expressionHandler);
-		when(expressionHandler.createEvaluationContext(authentication, message)).thenReturn(evaluationContext);
-		when(configAttribute.getAuthorizeExpression()).thenReturn(expression);
-		attributes = Arrays.<ConfigAttribute>asList(configAttribute);
-		when(configAttribute.postProcess(evaluationContext, message)).thenReturn(evaluationContext);
-		when(expression.getValue(any(EvaluationContext.class), eq(Boolean.class))).thenReturn(true);
+		this.voter.setExpressionHandler(this.expressionHandler);
+		when(this.expressionHandler.createEvaluationContext(this.authentication, this.message))
+				.thenReturn(this.evaluationContext);
+		when(configAttribute.getAuthorizeExpression()).thenReturn(this.expression);
+		this.attributes = Arrays.<ConfigAttribute>asList(configAttribute);
+		when(configAttribute.postProcess(this.evaluationContext, this.message)).thenReturn(this.evaluationContext);
+		when(this.expression.getValue(any(EvaluationContext.class), eq(Boolean.class))).thenReturn(true);
 
-		assertThat(voter.vote(authentication, message, attributes)).isEqualTo(ACCESS_GRANTED);
-		verify(configAttribute).postProcess(evaluationContext, message);
+		assertThat(this.voter.vote(this.authentication, this.message, this.attributes)).isEqualTo(ACCESS_GRANTED);
+		verify(configAttribute).postProcess(this.evaluationContext, this.message);
 	}
 
 }
diff --git a/messaging/src/test/java/org/springframework/security/messaging/access/intercept/ChannelSecurityInterceptorTests.java b/messaging/src/test/java/org/springframework/security/messaging/access/intercept/ChannelSecurityInterceptorTests.java
index e5afacf92f..6743902f11 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/access/intercept/ChannelSecurityInterceptorTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/access/intercept/ChannelSecurityInterceptorTests.java
@@ -72,13 +72,13 @@ public class ChannelSecurityInterceptorTests {
 
 	@Before
 	public void setup() {
-		attrs = Arrays.<ConfigAttribute>asList(new SecurityConfig("ROLE_USER"));
-		interceptor = new ChannelSecurityInterceptor(source);
-		interceptor.setAccessDecisionManager(accessDecisionManager);
-		interceptor.setRunAsManager(runAsManager);
+		this.attrs = Arrays.<ConfigAttribute>asList(new SecurityConfig("ROLE_USER"));
+		this.interceptor = new ChannelSecurityInterceptor(this.source);
+		this.interceptor.setAccessDecisionManager(this.accessDecisionManager);
+		this.interceptor.setRunAsManager(this.runAsManager);
 
-		originalAuth = new TestingAuthenticationToken("user", "pass", "ROLE_USER");
-		SecurityContextHolder.getContext().setAuthentication(originalAuth);
+		this.originalAuth = new TestingAuthenticationToken("user", "pass", "ROLE_USER");
+		SecurityContextHolder.getContext().setAuthentication(this.originalAuth);
 	}
 
 	@After
@@ -93,85 +93,87 @@ public class ChannelSecurityInterceptorTests {
 
 	@Test
 	public void getSecureObjectClass() {
-		assertThat(interceptor.getSecureObjectClass()).isEqualTo(Message.class);
+		assertThat(this.interceptor.getSecureObjectClass()).isEqualTo(Message.class);
 	}
 
 	@Test
 	public void obtainSecurityMetadataSource() {
-		assertThat(interceptor.obtainSecurityMetadataSource()).isEqualTo(source);
+		assertThat(this.interceptor.obtainSecurityMetadataSource()).isEqualTo(this.source);
 	}
 
 	@Test
 	public void preSendNullAttributes() {
-		assertThat(interceptor.preSend(message, channel)).isSameAs(message);
+		assertThat(this.interceptor.preSend(this.message, this.channel)).isSameAs(this.message);
 	}
 
 	@Test
 	public void preSendGrant() {
-		when(source.getAttributes(message)).thenReturn(attrs);
+		when(this.source.getAttributes(this.message)).thenReturn(this.attrs);
 
-		Message<?> result = interceptor.preSend(message, channel);
+		Message<?> result = this.interceptor.preSend(this.message, this.channel);
 
-		assertThat(result).isSameAs(message);
+		assertThat(result).isSameAs(this.message);
 	}
 
 	@Test(expected = AccessDeniedException.class)
 	public void preSendDeny() {
-		when(source.getAttributes(message)).thenReturn(attrs);
-		doThrow(new AccessDeniedException("")).when(accessDecisionManager).decide(any(Authentication.class),
-				eq(message), eq(attrs));
+		when(this.source.getAttributes(this.message)).thenReturn(this.attrs);
+		doThrow(new AccessDeniedException("")).when(this.accessDecisionManager).decide(any(Authentication.class),
+				eq(this.message), eq(this.attrs));
 
-		interceptor.preSend(message, channel);
+		this.interceptor.preSend(this.message, this.channel);
 	}
 
 	@SuppressWarnings("unchecked")
 	@Test
 	public void preSendPostSendRunAs() {
-		when(source.getAttributes(message)).thenReturn(attrs);
-		when(runAsManager.buildRunAs(any(Authentication.class), any(), any(Collection.class))).thenReturn(runAs);
+		when(this.source.getAttributes(this.message)).thenReturn(this.attrs);
+		when(this.runAsManager.buildRunAs(any(Authentication.class), any(), any(Collection.class)))
+				.thenReturn(this.runAs);
 
-		Message<?> preSend = interceptor.preSend(message, channel);
+		Message<?> preSend = this.interceptor.preSend(this.message, this.channel);
 
-		assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(runAs);
+		assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(this.runAs);
 
-		interceptor.postSend(preSend, channel, true);
+		this.interceptor.postSend(preSend, this.channel, true);
 
-		assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(originalAuth);
+		assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(this.originalAuth);
 	}
 
 	@Test
 	public void afterSendCompletionNotTokenMessageNoExceptionThrown() {
-		interceptor.afterSendCompletion(message, channel, true, null);
+		this.interceptor.afterSendCompletion(this.message, this.channel, true, null);
 	}
 
 	@SuppressWarnings("unchecked")
 	@Test
 	public void preSendFinallySendRunAs() {
-		when(source.getAttributes(message)).thenReturn(attrs);
-		when(runAsManager.buildRunAs(any(Authentication.class), any(), any(Collection.class))).thenReturn(runAs);
+		when(this.source.getAttributes(this.message)).thenReturn(this.attrs);
+		when(this.runAsManager.buildRunAs(any(Authentication.class), any(), any(Collection.class)))
+				.thenReturn(this.runAs);
 
-		Message<?> preSend = interceptor.preSend(message, channel);
+		Message<?> preSend = this.interceptor.preSend(this.message, this.channel);
 
-		assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(runAs);
+		assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(this.runAs);
 
-		interceptor.afterSendCompletion(preSend, channel, true, new RuntimeException());
+		this.interceptor.afterSendCompletion(preSend, this.channel, true, new RuntimeException());
 
-		assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(originalAuth);
+		assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(this.originalAuth);
 	}
 
 	@Test
 	public void preReceive() {
-		assertThat(interceptor.preReceive(channel)).isTrue();
+		assertThat(this.interceptor.preReceive(this.channel)).isTrue();
 	}
 
 	@Test
 	public void postReceive() {
-		assertThat(interceptor.postReceive(message, channel)).isSameAs(message);
+		assertThat(this.interceptor.postReceive(this.message, this.channel)).isSameAs(this.message);
 	}
 
 	@Test
 	public void afterReceiveCompletionNullExceptionNoExceptionThrown() {
-		interceptor.afterReceiveCompletion(message, channel, null);
+		this.interceptor.afterReceiveCompletion(this.message, this.channel, null);
 	}
 
 }
diff --git a/messaging/src/test/java/org/springframework/security/messaging/access/intercept/DefaultMessageSecurityMetadataSourceTests.java b/messaging/src/test/java/org/springframework/security/messaging/access/intercept/DefaultMessageSecurityMetadataSourceTests.java
index 823e3941d0..3feaa06ec9 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/access/intercept/DefaultMessageSecurityMetadataSourceTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/access/intercept/DefaultMessageSecurityMetadataSourceTests.java
@@ -59,45 +59,45 @@ public class DefaultMessageSecurityMetadataSourceTests {
 
 	@Before
 	public void setup() {
-		messageMap = new LinkedHashMap<>();
-		messageMap.put(matcher1, Arrays.<ConfigAttribute>asList(config1));
-		messageMap.put(matcher2, Arrays.<ConfigAttribute>asList(config2));
+		this.messageMap = new LinkedHashMap<>();
+		this.messageMap.put(this.matcher1, Arrays.<ConfigAttribute>asList(this.config1));
+		this.messageMap.put(this.matcher2, Arrays.<ConfigAttribute>asList(this.config2));
 
-		source = new DefaultMessageSecurityMetadataSource(messageMap);
+		this.source = new DefaultMessageSecurityMetadataSource(this.messageMap);
 	}
 
 	@Test
 	public void getAttributesNull() {
-		assertThat(source.getAttributes(message)).isNull();
+		assertThat(this.source.getAttributes(this.message)).isNull();
 	}
 
 	@Test
 	public void getAttributesFirst() {
-		when(matcher1.matches(message)).thenReturn(true);
+		when(this.matcher1.matches(this.message)).thenReturn(true);
 
-		assertThat(source.getAttributes(message)).containsOnly(config1);
+		assertThat(this.source.getAttributes(this.message)).containsOnly(this.config1);
 	}
 
 	@Test
 	public void getAttributesSecond() {
-		when(matcher1.matches(message)).thenReturn(true);
+		when(this.matcher1.matches(this.message)).thenReturn(true);
 
-		assertThat(source.getAttributes(message)).containsOnly(config2);
+		assertThat(this.source.getAttributes(this.message)).containsOnly(this.config2);
 	}
 
 	@Test
 	public void getAllConfigAttributes() {
-		assertThat(source.getAllConfigAttributes()).containsOnly(config1, config2);
+		assertThat(this.source.getAllConfigAttributes()).containsOnly(this.config1, this.config2);
 	}
 
 	@Test
 	public void supportsFalse() {
-		assertThat(source.supports(Object.class)).isFalse();
+		assertThat(this.source.supports(Object.class)).isFalse();
 	}
 
 	@Test
 	public void supportsTrue() {
-		assertThat(source.supports(Message.class)).isTrue();
+		assertThat(this.source.supports(Message.class)).isTrue();
 	}
 
 }
diff --git a/messaging/src/test/java/org/springframework/security/messaging/context/AuthenticationPrincipalArgumentResolverTests.java b/messaging/src/test/java/org/springframework/security/messaging/context/AuthenticationPrincipalArgumentResolverTests.java
index 7bd32174e1..a483b5a870 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/context/AuthenticationPrincipalArgumentResolverTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/context/AuthenticationPrincipalArgumentResolverTests.java
@@ -48,7 +48,7 @@ public class AuthenticationPrincipalArgumentResolverTests {
 
 	@Before
 	public void setup() {
-		resolver = new AuthenticationPrincipalArgumentResolver();
+		this.resolver = new AuthenticationPrincipalArgumentResolver();
 	}
 
 	@After
@@ -58,59 +58,60 @@ public class AuthenticationPrincipalArgumentResolverTests {
 
 	@Test
 	public void supportsParameterNoAnnotation() {
-		assertThat(resolver.supportsParameter(showUserNoAnnotation())).isFalse();
+		assertThat(this.resolver.supportsParameter(showUserNoAnnotation())).isFalse();
 	}
 
 	@Test
 	public void supportsParameterAnnotation() {
-		assertThat(resolver.supportsParameter(showUserAnnotationObject())).isTrue();
+		assertThat(this.resolver.supportsParameter(showUserAnnotationObject())).isTrue();
 	}
 
 	@Test
 	public void supportsParameterCustomAnnotation() {
-		assertThat(resolver.supportsParameter(showUserCustomAnnotation())).isTrue();
+		assertThat(this.resolver.supportsParameter(showUserCustomAnnotation())).isTrue();
 	}
 
 	@Test
 	public void resolveArgumentNullAuthentication() throws Exception {
-		assertThat(resolver.resolveArgument(showUserAnnotationString(), null)).isNull();
+		assertThat(this.resolver.resolveArgument(showUserAnnotationString(), null)).isNull();
 	}
 
 	@Test
 	public void resolveArgumentNullPrincipal() throws Exception {
 		setAuthenticationPrincipal(null);
-		assertThat(resolver.resolveArgument(showUserAnnotationString(), null)).isNull();
+		assertThat(this.resolver.resolveArgument(showUserAnnotationString(), null)).isNull();
 	}
 
 	@Test
 	public void resolveArgumentString() throws Exception {
 		setAuthenticationPrincipal("john");
-		assertThat(resolver.resolveArgument(showUserAnnotationString(), null)).isEqualTo(expectedPrincipal);
+		assertThat(this.resolver.resolveArgument(showUserAnnotationString(), null)).isEqualTo(this.expectedPrincipal);
 	}
 
 	@Test
 	public void resolveArgumentPrincipalStringOnObject() throws Exception {
 		setAuthenticationPrincipal("john");
-		assertThat(resolver.resolveArgument(showUserAnnotationObject(), null)).isEqualTo(expectedPrincipal);
+		assertThat(this.resolver.resolveArgument(showUserAnnotationObject(), null)).isEqualTo(this.expectedPrincipal);
 	}
 
 	@Test
 	public void resolveArgumentUserDetails() throws Exception {
 		setAuthenticationPrincipal(new User("user", "password", AuthorityUtils.createAuthorityList("ROLE_USER")));
-		assertThat(resolver.resolveArgument(showUserAnnotationUserDetails(), null)).isEqualTo(expectedPrincipal);
+		assertThat(this.resolver.resolveArgument(showUserAnnotationUserDetails(), null))
+				.isEqualTo(this.expectedPrincipal);
 	}
 
 	@Test
 	public void resolveArgumentCustomUserPrincipal() throws Exception {
 		setAuthenticationPrincipal(new CustomUserPrincipal());
-		assertThat(resolver.resolveArgument(showUserAnnotationCustomUserPrincipal(), null))
-				.isEqualTo(expectedPrincipal);
+		assertThat(this.resolver.resolveArgument(showUserAnnotationCustomUserPrincipal(), null))
+				.isEqualTo(this.expectedPrincipal);
 	}
 
 	@Test
 	public void resolveArgumentCustomAnnotation() throws Exception {
 		setAuthenticationPrincipal(new CustomUserPrincipal());
-		assertThat(resolver.resolveArgument(showUserCustomAnnotation(), null)).isEqualTo(expectedPrincipal);
+		assertThat(this.resolver.resolveArgument(showUserCustomAnnotation(), null)).isEqualTo(this.expectedPrincipal);
 	}
 
 	@Test
@@ -133,25 +134,25 @@ public class AuthenticationPrincipalArgumentResolverTests {
 	@Test
 	public void resolveArgumentNullOnInvalidType() throws Exception {
 		setAuthenticationPrincipal(new CustomUserPrincipal());
-		assertThat(resolver.resolveArgument(showUserAnnotationString(), null)).isNull();
+		assertThat(this.resolver.resolveArgument(showUserAnnotationString(), null)).isNull();
 	}
 
 	@Test(expected = ClassCastException.class)
 	public void resolveArgumentErrorOnInvalidType() throws Exception {
 		setAuthenticationPrincipal(new CustomUserPrincipal());
-		resolver.resolveArgument(showUserAnnotationErrorOnInvalidType(), null);
+		this.resolver.resolveArgument(showUserAnnotationErrorOnInvalidType(), null);
 	}
 
 	@Test(expected = ClassCastException.class)
 	public void resolveArgumentCustomserErrorOnInvalidType() throws Exception {
 		setAuthenticationPrincipal(new CustomUserPrincipal());
-		resolver.resolveArgument(showUserAnnotationCurrentUserErrorOnInvalidType(), null);
+		this.resolver.resolveArgument(showUserAnnotationCurrentUserErrorOnInvalidType(), null);
 	}
 
 	@Test
 	public void resolveArgumentObject() throws Exception {
 		setAuthenticationPrincipal(new Object());
-		assertThat(resolver.resolveArgument(showUserAnnotationObject(), null)).isEqualTo(expectedPrincipal);
+		assertThat(this.resolver.resolveArgument(showUserAnnotationObject(), null)).isEqualTo(this.expectedPrincipal);
 	}
 
 	private MethodParameter showUserNoAnnotation() {
@@ -303,7 +304,7 @@ public class AuthenticationPrincipalArgumentResolverTests {
 	private void setAuthenticationPrincipal(Object principal) {
 		this.expectedPrincipal = principal;
 		SecurityContextHolder.getContext()
-				.setAuthentication(new TestingAuthenticationToken(expectedPrincipal, "password", "ROLE_USER"));
+				.setAuthentication(new TestingAuthenticationToken(this.expectedPrincipal, "password", "ROLE_USER"));
 	}
 
 }
diff --git a/messaging/src/test/java/org/springframework/security/messaging/context/SecurityContextChannelInterceptorTests.java b/messaging/src/test/java/org/springframework/security/messaging/context/SecurityContextChannelInterceptorTests.java
index edd6fad469..8b19f08fa5 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/context/SecurityContextChannelInterceptorTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/context/SecurityContextChannelInterceptorTests.java
@@ -59,12 +59,12 @@ public class SecurityContextChannelInterceptorTests {
 
 	@Before
 	public void setup() {
-		authentication = new TestingAuthenticationToken("user", "pass", "ROLE_USER");
-		messageBuilder = MessageBuilder.withPayload("payload");
-		expectedAnonymous = new AnonymousAuthenticationToken("key", "anonymous",
+		this.authentication = new TestingAuthenticationToken("user", "pass", "ROLE_USER");
+		this.messageBuilder = MessageBuilder.withPayload("payload");
+		this.expectedAnonymous = new AnonymousAuthenticationToken("key", "anonymous",
 				AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS"));
 
-		interceptor = new SecurityContextChannelInterceptor();
+		this.interceptor = new SecurityContextChannelInterceptor();
 	}
 
 	@After
@@ -80,35 +80,35 @@ public class SecurityContextChannelInterceptorTests {
 	@Test
 	public void preSendCustomHeader() {
 		String headerName = "header";
-		interceptor = new SecurityContextChannelInterceptor(headerName);
-		messageBuilder.setHeader(headerName, authentication);
+		this.interceptor = new SecurityContextChannelInterceptor(headerName);
+		this.messageBuilder.setHeader(headerName, this.authentication);
 
-		interceptor.preSend(messageBuilder.build(), channel);
+		this.interceptor.preSend(this.messageBuilder.build(), this.channel);
 
-		assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(authentication);
+		assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(this.authentication);
 	}
 
 	@Test
 	public void preSendUserSet() {
-		messageBuilder.setHeader(SimpMessageHeaderAccessor.USER_HEADER, authentication);
+		this.messageBuilder.setHeader(SimpMessageHeaderAccessor.USER_HEADER, this.authentication);
 
-		interceptor.preSend(messageBuilder.build(), channel);
+		this.interceptor.preSend(this.messageBuilder.build(), this.channel);
 
-		assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(authentication);
+		assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(this.authentication);
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void setAnonymousAuthenticationNull() {
-		interceptor.setAnonymousAuthentication(null);
+		this.interceptor.setAnonymousAuthentication(null);
 	}
 
 	@Test
 	public void preSendUsesCustomAnonymous() {
-		expectedAnonymous = new AnonymousAuthenticationToken("customKey", "customAnonymous",
+		this.expectedAnonymous = new AnonymousAuthenticationToken("customKey", "customAnonymous",
 				AuthorityUtils.createAuthorityList("ROLE_CUSTOM"));
-		interceptor.setAnonymousAuthentication(expectedAnonymous);
+		this.interceptor.setAnonymousAuthentication(this.expectedAnonymous);
 
-		interceptor.preSend(messageBuilder.build(), channel);
+		this.interceptor.preSend(this.messageBuilder.build(), this.channel);
 
 		assertAnonymous();
 	}
@@ -116,9 +116,9 @@ public class SecurityContextChannelInterceptorTests {
 	// SEC-2845
 	@Test
 	public void preSendUserNotAuthentication() {
-		messageBuilder.setHeader(SimpMessageHeaderAccessor.USER_HEADER, principal);
+		this.messageBuilder.setHeader(SimpMessageHeaderAccessor.USER_HEADER, this.principal);
 
-		interceptor.preSend(messageBuilder.build(), channel);
+		this.interceptor.preSend(this.messageBuilder.build(), this.channel);
 
 		assertAnonymous();
 	}
@@ -126,7 +126,7 @@ public class SecurityContextChannelInterceptorTests {
 	// SEC-2845
 	@Test
 	public void preSendUserNotSet() {
-		interceptor.preSend(messageBuilder.build(), channel);
+		this.interceptor.preSend(this.messageBuilder.build(), this.channel);
 
 		assertAnonymous();
 	}
@@ -134,42 +134,42 @@ public class SecurityContextChannelInterceptorTests {
 	// SEC-2845
 	@Test
 	public void preSendUserNotSetCustomAnonymous() {
-		interceptor.preSend(messageBuilder.build(), channel);
+		this.interceptor.preSend(this.messageBuilder.build(), this.channel);
 
 		assertAnonymous();
 	}
 
 	@Test
 	public void afterSendCompletion() {
-		SecurityContextHolder.getContext().setAuthentication(authentication);
+		SecurityContextHolder.getContext().setAuthentication(this.authentication);
 
-		interceptor.afterSendCompletion(messageBuilder.build(), channel, true, null);
+		this.interceptor.afterSendCompletion(this.messageBuilder.build(), this.channel, true, null);
 
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
 	}
 
 	@Test
 	public void afterSendCompletionNullAuthentication() {
-		interceptor.afterSendCompletion(messageBuilder.build(), channel, true, null);
+		this.interceptor.afterSendCompletion(this.messageBuilder.build(), this.channel, true, null);
 
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
 	}
 
 	@Test
 	public void beforeHandleUserSet() {
-		messageBuilder.setHeader(SimpMessageHeaderAccessor.USER_HEADER, authentication);
+		this.messageBuilder.setHeader(SimpMessageHeaderAccessor.USER_HEADER, this.authentication);
 
-		interceptor.beforeHandle(messageBuilder.build(), channel, handler);
+		this.interceptor.beforeHandle(this.messageBuilder.build(), this.channel, this.handler);
 
-		assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(authentication);
+		assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(this.authentication);
 	}
 
 	// SEC-2845
 	@Test
 	public void beforeHandleUserNotAuthentication() {
-		messageBuilder.setHeader(SimpMessageHeaderAccessor.USER_HEADER, principal);
+		this.messageBuilder.setHeader(SimpMessageHeaderAccessor.USER_HEADER, this.principal);
 
-		interceptor.beforeHandle(messageBuilder.build(), channel, handler);
+		this.interceptor.beforeHandle(this.messageBuilder.build(), this.channel, this.handler);
 
 		assertAnonymous();
 	}
@@ -177,23 +177,23 @@ public class SecurityContextChannelInterceptorTests {
 	// SEC-2845
 	@Test
 	public void beforeHandleUserNotSet() {
-		interceptor.beforeHandle(messageBuilder.build(), channel, handler);
+		this.interceptor.beforeHandle(this.messageBuilder.build(), this.channel, this.handler);
 
 		assertAnonymous();
 	}
 
 	@Test
 	public void afterMessageHandledUserNotSet() {
-		interceptor.afterMessageHandled(messageBuilder.build(), channel, handler, null);
+		this.interceptor.afterMessageHandled(this.messageBuilder.build(), this.channel, this.handler, null);
 
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
 	}
 
 	@Test
 	public void afterMessageHandled() {
-		SecurityContextHolder.getContext().setAuthentication(authentication);
+		SecurityContextHolder.getContext().setAuthentication(this.authentication);
 
-		interceptor.afterMessageHandled(messageBuilder.build(), channel, handler, null);
+		this.interceptor.afterMessageHandled(this.messageBuilder.build(), this.channel, this.handler, null);
 
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
 	}
@@ -204,12 +204,12 @@ public class SecurityContextChannelInterceptorTests {
 		TestingAuthenticationToken original = new TestingAuthenticationToken("original", "original", "ROLE_USER");
 		SecurityContextHolder.getContext().setAuthentication(original);
 
-		messageBuilder.setHeader(SimpMessageHeaderAccessor.USER_HEADER, authentication);
-		interceptor.beforeHandle(messageBuilder.build(), channel, handler);
+		this.messageBuilder.setHeader(SimpMessageHeaderAccessor.USER_HEADER, this.authentication);
+		this.interceptor.beforeHandle(this.messageBuilder.build(), this.channel, this.handler);
 
-		assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(authentication);
+		assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(this.authentication);
 
-		interceptor.afterMessageHandled(messageBuilder.build(), channel, handler, null);
+		this.interceptor.afterMessageHandled(this.messageBuilder.build(), this.channel, this.handler, null);
 
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(original);
 	}
@@ -226,23 +226,23 @@ public class SecurityContextChannelInterceptorTests {
 		TestingAuthenticationToken origional = new TestingAuthenticationToken("original", "origional", "ROLE_USER");
 		SecurityContextHolder.getContext().setAuthentication(origional);
 
-		messageBuilder.setHeader(SimpMessageHeaderAccessor.USER_HEADER, authentication);
-		interceptor.beforeHandle(messageBuilder.build(), channel, handler);
+		this.messageBuilder.setHeader(SimpMessageHeaderAccessor.USER_HEADER, this.authentication);
+		this.interceptor.beforeHandle(this.messageBuilder.build(), this.channel, this.handler);
 
-		assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(authentication);
+		assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(this.authentication);
 
 		// start send websocket
-		messageBuilder.setHeader(SimpMessageHeaderAccessor.USER_HEADER, null);
-		interceptor.beforeHandle(messageBuilder.build(), channel, handler);
+		this.messageBuilder.setHeader(SimpMessageHeaderAccessor.USER_HEADER, null);
+		this.interceptor.beforeHandle(this.messageBuilder.build(), this.channel, this.handler);
 
 		assertThat(SecurityContextHolder.getContext().getAuthentication().getName()).isEqualTo(anonymous.getName());
 
-		interceptor.afterMessageHandled(messageBuilder.build(), channel, handler, null);
+		this.interceptor.afterMessageHandled(this.messageBuilder.build(), this.channel, this.handler, null);
 
-		assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(authentication);
+		assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(this.authentication);
 		// end send websocket
 
-		interceptor.afterMessageHandled(messageBuilder.build(), channel, handler, null);
+		this.interceptor.afterMessageHandled(this.messageBuilder.build(), this.channel, this.handler, null);
 
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(origional);
 	}
@@ -252,9 +252,9 @@ public class SecurityContextChannelInterceptorTests {
 		assertThat(currentAuthentication).isInstanceOf(AnonymousAuthenticationToken.class);
 
 		AnonymousAuthenticationToken anonymous = (AnonymousAuthenticationToken) currentAuthentication;
-		assertThat(anonymous.getName()).isEqualTo(expectedAnonymous.getName());
-		assertThat(anonymous.getAuthorities()).containsOnlyElementsOf(expectedAnonymous.getAuthorities());
-		assertThat(anonymous.getKeyHash()).isEqualTo(expectedAnonymous.getKeyHash());
+		assertThat(anonymous.getName()).isEqualTo(this.expectedAnonymous.getName());
+		assertThat(anonymous.getAuthorities()).containsOnlyElementsOf(this.expectedAnonymous.getAuthorities());
+		assertThat(anonymous.getKeyHash()).isEqualTo(this.expectedAnonymous.getKeyHash());
 	}
 
 }
diff --git a/messaging/src/test/java/org/springframework/security/messaging/handler/invocation/ResolvableMethod.java b/messaging/src/test/java/org/springframework/security/messaging/handler/invocation/ResolvableMethod.java
index 999589a8ce..78e0e1fcbd 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/handler/invocation/ResolvableMethod.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/handler/invocation/ResolvableMethod.java
@@ -308,8 +308,8 @@ public final class ResolvableMethod {
 		@SafeVarargs
 		public final Builder<T> annotPresent(Class<? extends Annotation>... annotationTypes) {
 			String message = "annotationPresent=" + Arrays.toString(annotationTypes);
-			addFilter(message, method -> Arrays.stream(annotationTypes)
-					.allMatch(annotType -> AnnotatedElementUtils.findMergedAnnotation(method, annotType) != null));
+			addFilter(message, candidate -> Arrays.stream(annotationTypes)
+					.allMatch(annotType -> AnnotatedElementUtils.findMergedAnnotation(candidate, annotType) != null));
 			return this;
 		}
 
@@ -319,13 +319,13 @@ public final class ResolvableMethod {
 		@SafeVarargs
 		public final Builder<T> annotNotPresent(Class<? extends Annotation>... annotationTypes) {
 			String message = "annotationNotPresent=" + Arrays.toString(annotationTypes);
-			addFilter(message, method -> {
+			addFilter(message, candidate -> {
 				if (annotationTypes.length != 0) {
 					return Arrays.stream(annotationTypes).noneMatch(
-							annotType -> AnnotatedElementUtils.findMergedAnnotation(method, annotType) != null);
+							annotType -> AnnotatedElementUtils.findMergedAnnotation(candidate, annotType) != null);
 				}
 				else {
-					return method.getAnnotations().length == 0;
+					return candidate.getAnnotations().length == 0;
 				}
 			});
 			return this;
diff --git a/messaging/src/test/java/org/springframework/security/messaging/util/matcher/AndMessageMatcherTests.java b/messaging/src/test/java/org/springframework/security/messaging/util/matcher/AndMessageMatcherTests.java
index 8f749ec73d..9b98cd63ef 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/util/matcher/AndMessageMatcherTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/util/matcher/AndMessageMatcherTests.java
@@ -76,44 +76,44 @@ public class AndMessageMatcherTests {
 
 	@Test
 	public void matchesSingleTrue() {
-		when(delegate.matches(message)).thenReturn(true);
-		matcher = new AndMessageMatcher<>(delegate);
+		when(this.delegate.matches(this.message)).thenReturn(true);
+		this.matcher = new AndMessageMatcher<>(this.delegate);
 
-		assertThat(matcher.matches(message)).isTrue();
+		assertThat(this.matcher.matches(this.message)).isTrue();
 	}
 
 	@Test
 	public void matchesMultiTrue() {
-		when(delegate.matches(message)).thenReturn(true);
-		when(delegate2.matches(message)).thenReturn(true);
-		matcher = new AndMessageMatcher<>(delegate, delegate2);
+		when(this.delegate.matches(this.message)).thenReturn(true);
+		when(this.delegate2.matches(this.message)).thenReturn(true);
+		this.matcher = new AndMessageMatcher<>(this.delegate, this.delegate2);
 
-		assertThat(matcher.matches(message)).isTrue();
+		assertThat(this.matcher.matches(this.message)).isTrue();
 	}
 
 	@Test
 	public void matchesSingleFalse() {
-		when(delegate.matches(message)).thenReturn(false);
-		matcher = new AndMessageMatcher<>(delegate);
+		when(this.delegate.matches(this.message)).thenReturn(false);
+		this.matcher = new AndMessageMatcher<>(this.delegate);
 
-		assertThat(matcher.matches(message)).isFalse();
+		assertThat(this.matcher.matches(this.message)).isFalse();
 	}
 
 	@Test
 	public void matchesMultiBothFalse() {
-		when(delegate.matches(message)).thenReturn(false);
-		matcher = new AndMessageMatcher<>(delegate, delegate2);
+		when(this.delegate.matches(this.message)).thenReturn(false);
+		this.matcher = new AndMessageMatcher<>(this.delegate, this.delegate2);
 
-		assertThat(matcher.matches(message)).isFalse();
+		assertThat(this.matcher.matches(this.message)).isFalse();
 	}
 
 	@Test
 	public void matchesMultiSingleFalse() {
-		when(delegate.matches(message)).thenReturn(true);
-		when(delegate2.matches(message)).thenReturn(false);
-		matcher = new AndMessageMatcher<>(delegate, delegate2);
+		when(this.delegate.matches(this.message)).thenReturn(true);
+		when(this.delegate2.matches(this.message)).thenReturn(false);
+		this.matcher = new AndMessageMatcher<>(this.delegate, this.delegate2);
 
-		assertThat(matcher.matches(message)).isFalse();
+		assertThat(this.matcher.matches(this.message)).isFalse();
 	}
 
 }
diff --git a/messaging/src/test/java/org/springframework/security/messaging/util/matcher/OrMessageMatcherTests.java b/messaging/src/test/java/org/springframework/security/messaging/util/matcher/OrMessageMatcherTests.java
index 14ed456a44..fb35b0cebf 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/util/matcher/OrMessageMatcherTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/util/matcher/OrMessageMatcherTests.java
@@ -76,43 +76,43 @@ public class OrMessageMatcherTests {
 
 	@Test
 	public void matchesSingleTrue() {
-		when(delegate.matches(message)).thenReturn(true);
-		matcher = new OrMessageMatcher<>(delegate);
+		when(this.delegate.matches(this.message)).thenReturn(true);
+		this.matcher = new OrMessageMatcher<>(this.delegate);
 
-		assertThat(matcher.matches(message)).isTrue();
+		assertThat(this.matcher.matches(this.message)).isTrue();
 	}
 
 	@Test
 	public void matchesMultiTrue() {
-		when(delegate.matches(message)).thenReturn(true);
-		matcher = new OrMessageMatcher<>(delegate, delegate2);
+		when(this.delegate.matches(this.message)).thenReturn(true);
+		this.matcher = new OrMessageMatcher<>(this.delegate, this.delegate2);
 
-		assertThat(matcher.matches(message)).isTrue();
+		assertThat(this.matcher.matches(this.message)).isTrue();
 	}
 
 	@Test
 	public void matchesSingleFalse() {
-		when(delegate.matches(message)).thenReturn(false);
-		matcher = new OrMessageMatcher<>(delegate);
+		when(this.delegate.matches(this.message)).thenReturn(false);
+		this.matcher = new OrMessageMatcher<>(this.delegate);
 
-		assertThat(matcher.matches(message)).isFalse();
+		assertThat(this.matcher.matches(this.message)).isFalse();
 	}
 
 	@Test
 	public void matchesMultiBothFalse() {
-		when(delegate.matches(message)).thenReturn(false);
-		when(delegate2.matches(message)).thenReturn(false);
-		matcher = new OrMessageMatcher<>(delegate, delegate2);
+		when(this.delegate.matches(this.message)).thenReturn(false);
+		when(this.delegate2.matches(this.message)).thenReturn(false);
+		this.matcher = new OrMessageMatcher<>(this.delegate, this.delegate2);
 
-		assertThat(matcher.matches(message)).isFalse();
+		assertThat(this.matcher.matches(this.message)).isFalse();
 	}
 
 	@Test
 	public void matchesMultiSingleFalse() {
-		when(delegate.matches(message)).thenReturn(true);
-		matcher = new OrMessageMatcher<>(delegate, delegate2);
+		when(this.delegate.matches(this.message)).thenReturn(true);
+		this.matcher = new OrMessageMatcher<>(this.delegate, this.delegate2);
 
-		assertThat(matcher.matches(message)).isTrue();
+		assertThat(this.matcher.matches(this.message)).isTrue();
 	}
 
 }
diff --git a/messaging/src/test/java/org/springframework/security/messaging/util/matcher/SimpDestinationMessageMatcherTests.java b/messaging/src/test/java/org/springframework/security/messaging/util/matcher/SimpDestinationMessageMatcherTests.java
index 536f7b569a..ac04428c53 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/util/matcher/SimpDestinationMessageMatcherTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/util/matcher/SimpDestinationMessageMatcherTests.java
@@ -36,9 +36,9 @@ public class SimpDestinationMessageMatcherTests {
 
 	@Before
 	public void setup() {
-		messageBuilder = MessageBuilder.withPayload("M");
-		matcher = new SimpDestinationMessageMatcher("/**");
-		pathMatcher = new AntPathMatcher();
+		this.messageBuilder = MessageBuilder.withPayload("M");
+		this.matcher = new SimpDestinationMessageMatcher("/**");
+		this.pathMatcher = new AntPathMatcher();
 	}
 
 	@Test(expected = IllegalArgumentException.class)
@@ -52,96 +52,96 @@ public class SimpDestinationMessageMatcherTests {
 
 	@Test
 	public void matchesDoesNotMatchNullDestination() {
-		assertThat(matcher.matches(messageBuilder.build())).isFalse();
+		assertThat(this.matcher.matches(this.messageBuilder.build())).isFalse();
 	}
 
 	@Test
 	public void matchesAllWithDestination() {
-		messageBuilder.setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "/destination/1");
+		this.messageBuilder.setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "/destination/1");
 
-		assertThat(matcher.matches(messageBuilder.build())).isTrue();
+		assertThat(this.matcher.matches(this.messageBuilder.build())).isTrue();
 	}
 
 	@Test
 	public void matchesSpecificWithDestination() {
-		matcher = new SimpDestinationMessageMatcher("/destination/1");
+		this.matcher = new SimpDestinationMessageMatcher("/destination/1");
 
-		messageBuilder.setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "/destination/1");
+		this.messageBuilder.setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "/destination/1");
 
-		assertThat(matcher.matches(messageBuilder.build())).isTrue();
+		assertThat(this.matcher.matches(this.messageBuilder.build())).isTrue();
 	}
 
 	@Test
 	public void matchesFalseWithDestination() {
-		matcher = new SimpDestinationMessageMatcher("/nomatch");
+		this.matcher = new SimpDestinationMessageMatcher("/nomatch");
 
-		messageBuilder.setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "/destination/1");
+		this.messageBuilder.setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "/destination/1");
 
-		assertThat(matcher.matches(messageBuilder.build())).isFalse();
+		assertThat(this.matcher.matches(this.messageBuilder.build())).isFalse();
 	}
 
 	@Test
 	public void matchesFalseMessageTypeNotDisconnectType() {
-		matcher = SimpDestinationMessageMatcher.createMessageMatcher("/match", pathMatcher);
+		this.matcher = SimpDestinationMessageMatcher.createMessageMatcher("/match", this.pathMatcher);
 
-		messageBuilder.setHeader(SimpMessageHeaderAccessor.MESSAGE_TYPE_HEADER, SimpMessageType.DISCONNECT);
+		this.messageBuilder.setHeader(SimpMessageHeaderAccessor.MESSAGE_TYPE_HEADER, SimpMessageType.DISCONNECT);
 
-		assertThat(matcher.matches(messageBuilder.build())).isFalse();
+		assertThat(this.matcher.matches(this.messageBuilder.build())).isFalse();
 	}
 
 	@Test
 	public void matchesTrueMessageType() {
-		matcher = SimpDestinationMessageMatcher.createMessageMatcher("/match", pathMatcher);
+		this.matcher = SimpDestinationMessageMatcher.createMessageMatcher("/match", this.pathMatcher);
 
-		messageBuilder.setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "/match");
-		messageBuilder.setHeader(SimpMessageHeaderAccessor.MESSAGE_TYPE_HEADER, SimpMessageType.MESSAGE);
+		this.messageBuilder.setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "/match");
+		this.messageBuilder.setHeader(SimpMessageHeaderAccessor.MESSAGE_TYPE_HEADER, SimpMessageType.MESSAGE);
 
-		assertThat(matcher.matches(messageBuilder.build())).isTrue();
+		assertThat(this.matcher.matches(this.messageBuilder.build())).isTrue();
 	}
 
 	@Test
 	public void matchesTrueSubscribeType() {
-		matcher = SimpDestinationMessageMatcher.createSubscribeMatcher("/match", pathMatcher);
+		this.matcher = SimpDestinationMessageMatcher.createSubscribeMatcher("/match", this.pathMatcher);
 
-		messageBuilder.setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "/match");
-		messageBuilder.setHeader(SimpMessageHeaderAccessor.MESSAGE_TYPE_HEADER, SimpMessageType.SUBSCRIBE);
+		this.messageBuilder.setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "/match");
+		this.messageBuilder.setHeader(SimpMessageHeaderAccessor.MESSAGE_TYPE_HEADER, SimpMessageType.SUBSCRIBE);
 
-		assertThat(matcher.matches(messageBuilder.build())).isTrue();
+		assertThat(this.matcher.matches(this.messageBuilder.build())).isTrue();
 	}
 
 	@Test
 	public void matchesNullMessageType() {
-		matcher = new SimpDestinationMessageMatcher("/match");
+		this.matcher = new SimpDestinationMessageMatcher("/match");
 
-		messageBuilder.setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "/match");
-		messageBuilder.setHeader(SimpMessageHeaderAccessor.MESSAGE_TYPE_HEADER, SimpMessageType.MESSAGE);
+		this.messageBuilder.setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "/match");
+		this.messageBuilder.setHeader(SimpMessageHeaderAccessor.MESSAGE_TYPE_HEADER, SimpMessageType.MESSAGE);
 
-		assertThat(matcher.matches(messageBuilder.build())).isTrue();
+		assertThat(this.matcher.matches(this.messageBuilder.build())).isTrue();
 	}
 
 	@Test
 	public void extractPathVariablesFromDestination() {
-		matcher = new SimpDestinationMessageMatcher("/topics/{topic}/**");
+		this.matcher = new SimpDestinationMessageMatcher("/topics/{topic}/**");
 
-		messageBuilder.setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "/topics/someTopic/sub1");
-		messageBuilder.setHeader(SimpMessageHeaderAccessor.MESSAGE_TYPE_HEADER, SimpMessageType.MESSAGE);
+		this.messageBuilder.setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "/topics/someTopic/sub1");
+		this.messageBuilder.setHeader(SimpMessageHeaderAccessor.MESSAGE_TYPE_HEADER, SimpMessageType.MESSAGE);
 
-		assertThat(matcher.extractPathVariables(messageBuilder.build()).get("topic")).isEqualTo("someTopic");
+		assertThat(this.matcher.extractPathVariables(this.messageBuilder.build()).get("topic")).isEqualTo("someTopic");
 	}
 
 	@Test
 	public void extractedVariablesAreEmptyInNullDestination() {
-		matcher = new SimpDestinationMessageMatcher("/topics/{topic}/**");
-		assertThat(matcher.extractPathVariables(messageBuilder.build())).isEmpty();
+		this.matcher = new SimpDestinationMessageMatcher("/topics/{topic}/**");
+		assertThat(this.matcher.extractPathVariables(this.messageBuilder.build())).isEmpty();
 	}
 
 	@Test
 	public void typeConstructorParameterIsTransmitted() {
-		matcher = SimpDestinationMessageMatcher.createMessageMatcher("/match", pathMatcher);
+		this.matcher = SimpDestinationMessageMatcher.createMessageMatcher("/match", this.pathMatcher);
 
 		MessageMatcher<Object> expectedTypeMatcher = new SimpMessageTypeMatcher(SimpMessageType.MESSAGE);
 
-		assertThat(matcher.getMessageTypeMatcher()).isEqualTo(expectedTypeMatcher);
+		assertThat(this.matcher.getMessageTypeMatcher()).isEqualTo(expectedTypeMatcher);
 
 	}
 
diff --git a/messaging/src/test/java/org/springframework/security/messaging/util/matcher/SimpMessageTypeMatcherTests.java b/messaging/src/test/java/org/springframework/security/messaging/util/matcher/SimpMessageTypeMatcherTests.java
index 92a4626549..82fdd79c12 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/util/matcher/SimpMessageTypeMatcherTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/util/matcher/SimpMessageTypeMatcherTests.java
@@ -31,7 +31,7 @@ public class SimpMessageTypeMatcherTests {
 
 	@Before
 	public void setup() {
-		matcher = new SimpMessageTypeMatcher(SimpMessageType.MESSAGE);
+		this.matcher = new SimpMessageTypeMatcher(SimpMessageType.MESSAGE);
 	}
 
 	@Test(expected = IllegalArgumentException.class)
@@ -44,7 +44,7 @@ public class SimpMessageTypeMatcherTests {
 		Message<String> message = MessageBuilder.withPayload("Hi")
 				.setHeader(SimpMessageHeaderAccessor.MESSAGE_TYPE_HEADER, SimpMessageType.MESSAGE).build();
 
-		assertThat(matcher.matches(message)).isTrue();
+		assertThat(this.matcher.matches(message)).isTrue();
 	}
 
 	@Test
@@ -52,14 +52,14 @@ public class SimpMessageTypeMatcherTests {
 		Message<String> message = MessageBuilder.withPayload("Hi")
 				.setHeader(SimpMessageHeaderAccessor.MESSAGE_TYPE_HEADER, SimpMessageType.CONNECT).build();
 
-		assertThat(matcher.matches(message)).isFalse();
+		assertThat(this.matcher.matches(message)).isFalse();
 	}
 
 	@Test
 	public void matchesMessageNullFalse() {
 		Message<String> message = MessageBuilder.withPayload("Hi").build();
 
-		assertThat(matcher.matches(message)).isFalse();
+		assertThat(this.matcher.matches(message)).isFalse();
 	}
 
 }
diff --git a/messaging/src/test/java/org/springframework/security/messaging/web/csrf/CsrfChannelInterceptorTests.java b/messaging/src/test/java/org/springframework/security/messaging/web/csrf/CsrfChannelInterceptorTests.java
index 64281e1f59..85ab628039 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/web/csrf/CsrfChannelInterceptorTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/web/csrf/CsrfChannelInterceptorTests.java
@@ -48,106 +48,106 @@ public class CsrfChannelInterceptorTests {
 
 	@Before
 	public void setup() {
-		token = new DefaultCsrfToken("header", "param", "token");
-		interceptor = new CsrfChannelInterceptor();
+		this.token = new DefaultCsrfToken("header", "param", "token");
+		this.interceptor = new CsrfChannelInterceptor();
 
-		messageHeaders = SimpMessageHeaderAccessor.create(SimpMessageType.CONNECT);
-		messageHeaders.setNativeHeader(token.getHeaderName(), token.getToken());
-		messageHeaders.setSessionAttributes(new HashMap<>());
-		messageHeaders.getSessionAttributes().put(CsrfToken.class.getName(), token);
+		this.messageHeaders = SimpMessageHeaderAccessor.create(SimpMessageType.CONNECT);
+		this.messageHeaders.setNativeHeader(this.token.getHeaderName(), this.token.getToken());
+		this.messageHeaders.setSessionAttributes(new HashMap<>());
+		this.messageHeaders.getSessionAttributes().put(CsrfToken.class.getName(), this.token);
 	}
 
 	@Test
 	public void preSendValidToken() {
-		interceptor.preSend(message(), channel);
+		this.interceptor.preSend(message(), this.channel);
 	}
 
 	@Test
 	public void preSendIgnoresConnectAck() {
-		messageHeaders = SimpMessageHeaderAccessor.create(SimpMessageType.CONNECT_ACK);
+		this.messageHeaders = SimpMessageHeaderAccessor.create(SimpMessageType.CONNECT_ACK);
 
-		interceptor.preSend(message(), channel);
+		this.interceptor.preSend(message(), this.channel);
 	}
 
 	@Test
 	public void preSendIgnoresDisconnect() {
-		messageHeaders = SimpMessageHeaderAccessor.create(SimpMessageType.DISCONNECT);
+		this.messageHeaders = SimpMessageHeaderAccessor.create(SimpMessageType.DISCONNECT);
 
-		interceptor.preSend(message(), channel);
+		this.interceptor.preSend(message(), this.channel);
 	}
 
 	@Test
 	public void preSendIgnoresDisconnectAck() {
-		messageHeaders = SimpMessageHeaderAccessor.create(SimpMessageType.DISCONNECT_ACK);
+		this.messageHeaders = SimpMessageHeaderAccessor.create(SimpMessageType.DISCONNECT_ACK);
 
-		interceptor.preSend(message(), channel);
+		this.interceptor.preSend(message(), this.channel);
 	}
 
 	@Test
 	public void preSendIgnoresHeartbeat() {
-		messageHeaders = SimpMessageHeaderAccessor.create(SimpMessageType.HEARTBEAT);
+		this.messageHeaders = SimpMessageHeaderAccessor.create(SimpMessageType.HEARTBEAT);
 
-		interceptor.preSend(message(), channel);
+		this.interceptor.preSend(message(), this.channel);
 	}
 
 	@Test
 	public void preSendIgnoresMessage() {
-		messageHeaders = SimpMessageHeaderAccessor.create(SimpMessageType.MESSAGE);
+		this.messageHeaders = SimpMessageHeaderAccessor.create(SimpMessageType.MESSAGE);
 
-		interceptor.preSend(message(), channel);
+		this.interceptor.preSend(message(), this.channel);
 	}
 
 	@Test
 	public void preSendIgnoresOther() {
-		messageHeaders = SimpMessageHeaderAccessor.create(SimpMessageType.OTHER);
+		this.messageHeaders = SimpMessageHeaderAccessor.create(SimpMessageType.OTHER);
 
-		interceptor.preSend(message(), channel);
+		this.interceptor.preSend(message(), this.channel);
 	}
 
 	@Test
 	public void preSendIgnoresSubscribe() {
-		messageHeaders = SimpMessageHeaderAccessor.create(SimpMessageType.SUBSCRIBE);
+		this.messageHeaders = SimpMessageHeaderAccessor.create(SimpMessageType.SUBSCRIBE);
 
-		interceptor.preSend(message(), channel);
+		this.interceptor.preSend(message(), this.channel);
 	}
 
 	@Test
 	public void preSendIgnoresUnsubscribe() {
-		messageHeaders = SimpMessageHeaderAccessor.create(SimpMessageType.UNSUBSCRIBE);
+		this.messageHeaders = SimpMessageHeaderAccessor.create(SimpMessageType.UNSUBSCRIBE);
 
-		interceptor.preSend(message(), channel);
+		this.interceptor.preSend(message(), this.channel);
 	}
 
 	@Test(expected = InvalidCsrfTokenException.class)
 	public void preSendNoToken() {
-		messageHeaders.removeNativeHeader(token.getHeaderName());
+		this.messageHeaders.removeNativeHeader(this.token.getHeaderName());
 
-		interceptor.preSend(message(), channel);
+		this.interceptor.preSend(message(), this.channel);
 	}
 
 	@Test(expected = InvalidCsrfTokenException.class)
 	public void preSendInvalidToken() {
-		messageHeaders.setNativeHeader(token.getHeaderName(), token.getToken() + "invalid");
+		this.messageHeaders.setNativeHeader(this.token.getHeaderName(), this.token.getToken() + "invalid");
 
-		interceptor.preSend(message(), channel);
+		this.interceptor.preSend(message(), this.channel);
 	}
 
 	@Test(expected = MissingCsrfTokenException.class)
 	public void preSendMissingToken() {
-		messageHeaders.getSessionAttributes().clear();
+		this.messageHeaders.getSessionAttributes().clear();
 
-		interceptor.preSend(message(), channel);
+		this.interceptor.preSend(message(), this.channel);
 	}
 
 	@Test(expected = MissingCsrfTokenException.class)
 	public void preSendMissingTokenNullSessionAttributes() {
-		messageHeaders.setSessionAttributes(null);
+		this.messageHeaders.setSessionAttributes(null);
 
-		interceptor.preSend(message(), channel);
+		this.interceptor.preSend(message(), this.channel);
 	}
 
 	private Message<String> message() {
-		Map<String, Object> headersToCopy = messageHeaders.toMap();
+		Map<String, Object> headersToCopy = this.messageHeaders.toMap();
 		return MessageBuilder.withPayload("hi").copyHeaders(headersToCopy).build();
 	}
 
diff --git a/messaging/src/test/java/org/springframework/security/messaging/web/socket/server/CsrfTokenHandshakeInterceptorTests.java b/messaging/src/test/java/org/springframework/security/messaging/web/socket/server/CsrfTokenHandshakeInterceptorTests.java
index eff918868a..cad9a23c4d 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/web/socket/server/CsrfTokenHandshakeInterceptorTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/web/socket/server/CsrfTokenHandshakeInterceptorTests.java
@@ -56,29 +56,29 @@ public class CsrfTokenHandshakeInterceptorTests {
 
 	@Before
 	public void setup() {
-		httpRequest = new MockHttpServletRequest();
-		attributes = new HashMap<>();
-		request = new ServletServerHttpRequest(httpRequest);
+		this.httpRequest = new MockHttpServletRequest();
+		this.attributes = new HashMap<>();
+		this.request = new ServletServerHttpRequest(this.httpRequest);
 
-		interceptor = new CsrfTokenHandshakeInterceptor();
+		this.interceptor = new CsrfTokenHandshakeInterceptor();
 	}
 
 	@Test
 	public void beforeHandshakeNoAttribute() throws Exception {
-		interceptor.beforeHandshake(request, response, wsHandler, attributes);
+		this.interceptor.beforeHandshake(this.request, this.response, this.wsHandler, this.attributes);
 
-		assertThat(attributes).isEmpty();
+		assertThat(this.attributes).isEmpty();
 	}
 
 	@Test
 	public void beforeHandshake() throws Exception {
 		CsrfToken token = new DefaultCsrfToken("header", "param", "token");
-		httpRequest.setAttribute(CsrfToken.class.getName(), token);
+		this.httpRequest.setAttribute(CsrfToken.class.getName(), token);
 
-		interceptor.beforeHandshake(request, response, wsHandler, attributes);
+		this.interceptor.beforeHandshake(this.request, this.response, this.wsHandler, this.attributes);
 
-		assertThat(attributes.keySet()).containsOnly(CsrfToken.class.getName());
-		assertThat(attributes.values()).containsOnly(token);
+		assertThat(this.attributes.keySet()).containsOnly(CsrfToken.class.getName());
+		assertThat(this.attributes.values()).containsOnly(token);
 	}
 
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager.java
index bab13821fc..ef69a07419 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager.java
@@ -241,7 +241,7 @@ public final class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager
 
 		@Override
 		public Mono<Map<String, Object>> apply(OAuth2AuthorizeRequest authorizeRequest) {
-			return Mono.fromCallable(() -> mapper.apply(authorizeRequest));
+			return Mono.fromCallable(() -> this.mapper.apply(authorizeRequest));
 		}
 
 	}
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/DelegatingOAuth2AuthorizedClientProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/DelegatingOAuth2AuthorizedClientProvider.java
index 9e7965337d..0592ffe416 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/DelegatingOAuth2AuthorizedClientProvider.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/DelegatingOAuth2AuthorizedClientProvider.java
@@ -66,7 +66,7 @@ public final class DelegatingOAuth2AuthorizedClientProvider implements OAuth2Aut
 	@Nullable
 	public OAuth2AuthorizedClient authorize(OAuth2AuthorizationContext context) {
 		Assert.notNull(context, "context cannot be null");
-		for (OAuth2AuthorizedClientProvider authorizedClientProvider : authorizedClientProviders) {
+		for (OAuth2AuthorizedClientProvider authorizedClientProvider : this.authorizedClientProviders) {
 			OAuth2AuthorizedClient oauth2AuthorizedClient = authorizedClientProvider.authorize(context);
 			if (oauth2AuthorizedClient != null) {
 				return oauth2AuthorizedClient;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilter.java
index 7e256f177c..2688f65c9d 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilter.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilter.java
@@ -226,8 +226,8 @@ public class OAuth2AuthorizationRequestRedirectFilter extends OncePerRequestFilt
 	private void unsuccessfulRedirectForAuthorization(HttpServletRequest request, HttpServletResponse response,
 			Exception failed) throws IOException {
 
-		if (logger.isErrorEnabled()) {
-			logger.error("Authorization Request failed: " + failed.toString(), failed);
+		if (this.logger.isErrorEnabled()) {
+			this.logger.error("Authorization Request failed: " + failed.toString(), failed);
 		}
 		response.sendError(HttpStatus.INTERNAL_SERVER_ERROR.value(),
 				HttpStatus.INTERNAL_SERVER_ERROR.getReasonPhrase());
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceOAuth2AuthorizedClientManagerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceOAuth2AuthorizedClientManagerTests.java
index b2aa1f7d77..dd11f065b4 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceOAuth2AuthorizedClientManagerTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceOAuth2AuthorizedClientManagerTests.java
@@ -85,7 +85,8 @@ public class AuthorizedClientServiceOAuth2AuthorizedClientManagerTests {
 			@Override
 			public void onAuthorizationSuccess(OAuth2AuthorizedClient authorizedClient, Authentication principal,
 					Map<String, Object> attributes) {
-				authorizedClientService.saveAuthorizedClient(authorizedClient, principal);
+				AuthorizedClientServiceOAuth2AuthorizedClientManagerTests.this.authorizedClientService
+						.saveAuthorizedClient(authorizedClient, principal);
 			}
 		});
 		this.authorizationFailureHandler = spy(new RemoveAuthorizedClientOAuth2AuthorizationFailureHandler(
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests.java
index c923751fc2..3d308eef94 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests.java
@@ -164,7 +164,7 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests {
 				.thenReturn(Mono.just(this.clientRegistration));
 		when(this.authorizedClientService.loadAuthorizedClient(any(), any())).thenReturn(Mono.empty());
 
-		when(authorizedClientProvider.authorize(any())).thenReturn(Mono.empty());
+		when(this.authorizedClientProvider.authorize(any())).thenReturn(Mono.empty());
 		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
 				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
 				.build();
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginReactiveAuthenticationManagerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginReactiveAuthenticationManagerTests.java
index 82e3c52831..45ef576d48 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginReactiveAuthenticationManagerTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginReactiveAuthenticationManagerTests.java
@@ -198,7 +198,7 @@ public class OAuth2LoginReactiveAuthenticationManagerTests {
 		GrantedAuthoritiesMapper authoritiesMapper = mock(GrantedAuthoritiesMapper.class);
 		when(authoritiesMapper.mapAuthorities(anyCollection()))
 				.thenAnswer((Answer<List<GrantedAuthority>>) invocation -> mappedAuthorities);
-		manager.setAuthoritiesMapper(authoritiesMapper);
+		this.manager.setAuthoritiesMapper(authoritiesMapper);
 
 		OAuth2LoginAuthenticationToken result = (OAuth2LoginAuthenticationToken) this.manager.authenticate(loginToken())
 				.block();
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestEntityConverterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestEntityConverterTests.java
index a108d44ad0..6060fc316e 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestEntityConverterTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestEntityConverterTests.java
@@ -67,9 +67,9 @@ public class OAuth2AuthorizationCodeGrantRequestEntityConverterTests {
 	@SuppressWarnings("unchecked")
 	@Test
 	public void convertWhenGrantRequestValidThenConverts() {
-		ClientRegistration clientRegistration = clientRegistrationBuilder.build();
-		OAuth2AuthorizationRequest authorizationRequest = authorizationRequestBuilder.build();
-		OAuth2AuthorizationResponse authorizationResponse = authorizationResponseBuilder.build();
+		ClientRegistration clientRegistration = this.clientRegistrationBuilder.build();
+		OAuth2AuthorizationRequest authorizationRequest = this.authorizationRequestBuilder.build();
+		OAuth2AuthorizationResponse authorizationResponse = this.authorizationResponseBuilder.build();
 		OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(authorizationRequest,
 				authorizationResponse);
 		OAuth2AuthorizationCodeGrantRequest authorizationCodeGrantRequest = new OAuth2AuthorizationCodeGrantRequest(
@@ -99,7 +99,7 @@ public class OAuth2AuthorizationCodeGrantRequestEntityConverterTests {
 	@SuppressWarnings("unchecked")
 	@Test
 	public void convertWhenPkceGrantRequestValidThenConverts() {
-		ClientRegistration clientRegistration = clientRegistrationBuilder.clientAuthenticationMethod(null)
+		ClientRegistration clientRegistration = this.clientRegistrationBuilder.clientAuthenticationMethod(null)
 				.clientSecret(null).build();
 
 		Map<String, Object> attributes = new HashMap<>();
@@ -109,10 +109,10 @@ public class OAuth2AuthorizationCodeGrantRequestEntityConverterTests {
 		additionalParameters.put(PkceParameterNames.CODE_CHALLENGE, "code-challenge-1234");
 		additionalParameters.put(PkceParameterNames.CODE_CHALLENGE_METHOD, "S256");
 
-		OAuth2AuthorizationRequest authorizationRequest = authorizationRequestBuilder.attributes(attributes)
+		OAuth2AuthorizationRequest authorizationRequest = this.authorizationRequestBuilder.attributes(attributes)
 				.additionalParameters(additionalParameters).build();
 
-		OAuth2AuthorizationResponse authorizationResponse = authorizationResponseBuilder.build();
+		OAuth2AuthorizationResponse authorizationResponse = this.authorizationResponseBuilder.build();
 		OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(authorizationRequest,
 				authorizationResponse);
 		OAuth2AuthorizationCodeGrantRequest authorizationCodeGrantRequest = new OAuth2AuthorizationCodeGrantRequest(
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveAuthorizationCodeTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveAuthorizationCodeTokenResponseClientTests.java
index 78e4fb711d..d95f458da6 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveAuthorizationCodeTokenResponseClientTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveAuthorizationCodeTokenResponseClientTests.java
@@ -265,7 +265,7 @@ public class WebClientReactiveAuthorizationCodeTokenResponseClientTests {
 
 	@Test(expected = IllegalArgumentException.class)
 	public void setWebClientNullThenIllegalArgumentException() {
-		tokenResponseClient.setWebClient(null);
+		this.tokenResponseClient.setWebClient(null);
 	}
 
 	@Test
@@ -273,7 +273,7 @@ public class WebClientReactiveAuthorizationCodeTokenResponseClientTests {
 		WebClient customClient = mock(WebClient.class);
 		when(customClient.post()).thenReturn(WebClient.builder().build().post());
 
-		tokenResponseClient.setWebClient(customClient);
+		this.tokenResponseClient.setWebClient(customClient);
 
 		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
 				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\",\n"
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveClientCredentialsTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveClientCredentialsTokenResponseClientTests.java
index 00984777dc..5a38145e56 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveClientCredentialsTokenResponseClientTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveClientCredentialsTokenResponseClientTests.java
@@ -120,7 +120,7 @@ public class WebClientReactiveClientCredentialsTokenResponseClientTests {
 
 	@Test(expected = IllegalArgumentException.class)
 	public void setWebClientNullThenIllegalArgumentException() {
-		client.setWebClient(null);
+		this.client.setWebClient(null);
 	}
 
 	@Test
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserServiceTests.java
index 40484897c0..0be3918606 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserServiceTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserServiceTests.java
@@ -312,7 +312,7 @@ public class OidcUserServiceTests {
 
 		this.server.enqueue(new MockResponse().setResponseCode(500));
 
-		String userInfoUri = server.url("/user").toString();
+		String userInfoUri = this.server.url("/user").toString();
 
 		ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).build();
 
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/logout/OidcClientInitiatedLogoutSuccessHandlerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/logout/OidcClientInitiatedLogoutSuccessHandlerTests.java
index 220790a3c7..c55d019efe 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/logout/OidcClientInitiatedLogoutSuccessHandlerTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/logout/OidcClientInitiatedLogoutSuccessHandlerTests.java
@@ -53,7 +53,7 @@ public class OidcClientInitiatedLogoutSuccessHandlerTests {
 			.providerConfigurationMetadata(Collections.singletonMap("end_session_endpoint", "https://endpoint"))
 			.build();
 
-	ClientRegistrationRepository repository = new InMemoryClientRegistrationRepository(registration);
+	ClientRegistrationRepository repository = new InMemoryClientRegistrationRepository(this.registration);
 
 	MockHttpServletRequest request;
 
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/server/logout/OidcClientInitiatedServerLogoutSuccessHandlerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/server/logout/OidcClientInitiatedServerLogoutSuccessHandlerTests.java
index eeb74e5f3e..f78af6725e 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/server/logout/OidcClientInitiatedServerLogoutSuccessHandlerTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/server/logout/OidcClientInitiatedServerLogoutSuccessHandlerTests.java
@@ -55,7 +55,8 @@ public class OidcClientInitiatedServerLogoutSuccessHandlerTests {
 			.providerConfigurationMetadata(Collections.singletonMap("end_session_endpoint", "https://endpoint"))
 			.build();
 
-	ReactiveClientRegistrationRepository repository = new InMemoryReactiveClientRegistrationRepository(registration);
+	ReactiveClientRegistrationRepository repository = new InMemoryReactiveClientRegistrationRepository(
+			this.registration);
 
 	ServerWebExchange exchange;
 
@@ -78,7 +79,7 @@ public class OidcClientInitiatedServerLogoutSuccessHandlerTests {
 				AuthorityUtils.NO_AUTHORITIES, this.registration.getRegistrationId());
 
 		when(this.exchange.getPrincipal()).thenReturn(Mono.just(token));
-		WebFilterExchange f = new WebFilterExchange(exchange, this.chain);
+		WebFilterExchange f = new WebFilterExchange(this.exchange, this.chain);
 		this.handler.onLogoutSuccess(f, token).block();
 
 		assertThat(redirectedUrl(this.exchange)).isEqualTo("https://endpoint?id_token_hint=id-token");
@@ -89,7 +90,7 @@ public class OidcClientInitiatedServerLogoutSuccessHandlerTests {
 		Authentication token = mock(Authentication.class);
 
 		when(this.exchange.getPrincipal()).thenReturn(Mono.just(token));
-		WebFilterExchange f = new WebFilterExchange(exchange, this.chain);
+		WebFilterExchange f = new WebFilterExchange(this.exchange, this.chain);
 
 		this.handler.setLogoutSuccessUrl(URI.create("https://default"));
 		this.handler.onLogoutSuccess(f, token).block();
@@ -103,7 +104,7 @@ public class OidcClientInitiatedServerLogoutSuccessHandlerTests {
 				AuthorityUtils.NO_AUTHORITIES, this.registration.getRegistrationId());
 
 		when(this.exchange.getPrincipal()).thenReturn(Mono.just(token));
-		WebFilterExchange f = new WebFilterExchange(exchange, this.chain);
+		WebFilterExchange f = new WebFilterExchange(this.exchange, this.chain);
 
 		this.handler.setLogoutSuccessUrl(URI.create("https://default"));
 		this.handler.onLogoutSuccess(f, token).block();
@@ -124,7 +125,7 @@ public class OidcClientInitiatedServerLogoutSuccessHandlerTests {
 				AuthorityUtils.NO_AUTHORITIES, registration.getRegistrationId());
 
 		when(this.exchange.getPrincipal()).thenReturn(Mono.just(token));
-		WebFilterExchange f = new WebFilterExchange(exchange, this.chain);
+		WebFilterExchange f = new WebFilterExchange(this.exchange, this.chain);
 
 		handler.setLogoutSuccessUrl(URI.create("https://default"));
 		handler.onLogoutSuccess(f, token).block();
@@ -139,7 +140,7 @@ public class OidcClientInitiatedServerLogoutSuccessHandlerTests {
 				AuthorityUtils.NO_AUTHORITIES, this.registration.getRegistrationId());
 
 		when(this.exchange.getPrincipal()).thenReturn(Mono.just(token));
-		WebFilterExchange f = new WebFilterExchange(exchange, this.chain);
+		WebFilterExchange f = new WebFilterExchange(this.exchange, this.chain);
 
 		this.handler.setPostLogoutRedirectUri(URI.create("https://postlogout?encodedparam=value"));
 		this.handler.onLogoutSuccess(f, token).block();
@@ -157,7 +158,7 @@ public class OidcClientInitiatedServerLogoutSuccessHandlerTests {
 		when(this.exchange.getPrincipal()).thenReturn(Mono.just(token));
 		MockServerHttpRequest request = MockServerHttpRequest.get("https://rp.example.org/").build();
 		when(this.exchange.getRequest()).thenReturn(request);
-		WebFilterExchange f = new WebFilterExchange(exchange, this.chain);
+		WebFilterExchange f = new WebFilterExchange(this.exchange, this.chain);
 
 		this.handler.setPostLogoutRedirectUri("{baseUrl}");
 		this.handler.onLogoutSuccess(f, token).block();
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManagerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManagerTests.java
index ca352ed8f8..9595ff01fc 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManagerTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManagerTests.java
@@ -104,14 +104,15 @@ public class DefaultOAuth2AuthorizedClientManagerTests {
 			@Override
 			public void onAuthorizationSuccess(OAuth2AuthorizedClient authorizedClient, Authentication principal,
 					Map<String, Object> attributes) {
-				authorizedClientRepository.saveAuthorizedClient(authorizedClient, principal,
+				DefaultOAuth2AuthorizedClientManagerTests.this.authorizedClientRepository.saveAuthorizedClient(
+						authorizedClient, principal,
 						(HttpServletRequest) attributes.get(HttpServletRequest.class.getName()),
 						(HttpServletResponse) attributes.get(HttpServletResponse.class.getName()));
 			}
 		});
 		this.authorizationFailureHandler = spy(
 				new RemoveAuthorizedClientOAuth2AuthorizationFailureHandler((clientRegistrationId, principal,
-						attributes) -> authorizedClientRepository.removeAuthorizedClient(clientRegistrationId,
+						attributes) -> this.authorizedClientRepository.removeAuthorizedClient(clientRegistrationId,
 								principal, (HttpServletRequest) attributes.get(HttpServletRequest.class.getName()),
 								(HttpServletResponse) attributes.get(HttpServletResponse.class.getName()))));
 		this.authorizedClientManager = new DefaultOAuth2AuthorizedClientManager(this.clientRegistrationRepository,
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilterTests.java
index 7bda9447a7..25e3b6171d 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilterTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilterTests.java
@@ -446,7 +446,7 @@ public class OAuth2LoginAuthenticationFilterTests {
 		request.addParameter(OAuth2ParameterNames.STATE, state);
 
 		WebAuthenticationDetails webAuthenticationDetails = mock(WebAuthenticationDetails.class);
-		when(authenticationDetailsSource.buildDetails(any())).thenReturn(webAuthenticationDetails);
+		when(this.authenticationDetailsSource.buildDetails(any())).thenReturn(webAuthenticationDetails);
 
 		MockHttpServletResponse response = new MockHttpServletResponse();
 
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionTests.java
index 797ee45727..110026c1f2 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionTests.java
@@ -171,7 +171,7 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		this.authorizedClientManager = new DefaultReactiveOAuth2AuthorizedClientManager(
 				this.clientRegistrationRepository, this.authorizedClientRepository);
 		this.authorizedClientManager.setAuthorizedClientProvider(authorizedClientProvider);
-		this.function = new ServerOAuth2AuthorizedClientExchangeFilterFunction(authorizedClientManager);
+		this.function = new ServerOAuth2AuthorizedClientExchangeFilterFunction(this.authorizedClientManager);
 		when(this.authorizedClientRepository.saveAuthorizedClient(any(), any(), any())).thenReturn(Mono.empty());
 		when(this.exchange.getResponse().headers()).thenReturn(mock(ClientResponse.Headers.class));
 	}
@@ -329,7 +329,7 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		verify(this.authorizedClientRepository).saveAuthorizedClient(this.authorizedClientCaptor.capture(),
 				eq(authentication), any());
 
-		OAuth2AuthorizedClient newAuthorizedClient = authorizedClientCaptor.getValue();
+		OAuth2AuthorizedClient newAuthorizedClient = this.authorizedClientCaptor.getValue();
 		assertThat(newAuthorizedClient.getAccessToken()).isEqualTo(response.getAccessToken());
 		assertThat(newAuthorizedClient.getRefreshToken()).isEqualTo(response.getRefreshToken());
 
@@ -416,10 +416,11 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 
 	@Test
 	public void filterWhenUnauthorizedThenInvokeFailureHandler() {
-		function.setAuthorizationFailureHandler(authorizationFailureHandler);
+		this.function.setAuthorizationFailureHandler(this.authorizationFailureHandler);
 
 		PublisherProbe<Void> publisherProbe = PublisherProbe.empty();
-		when(authorizationFailureHandler.onAuthorizationFailure(any(), any(), any())).thenReturn(publisherProbe.mono());
+		when(this.authorizationFailureHandler.onAuthorizationFailure(any(), any(), any()))
+				.thenReturn(publisherProbe.mono());
 
 		OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", this.accessToken.getIssuedAt());
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
@@ -427,33 +428,34 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
 				.attributes(oauth2AuthorizedClient(authorizedClient)).build();
 
-		when(exchange.getResponse().rawStatusCode()).thenReturn(HttpStatus.UNAUTHORIZED.value());
+		when(this.exchange.getResponse().rawStatusCode()).thenReturn(HttpStatus.UNAUTHORIZED.value());
 
 		this.function.filter(request, this.exchange).subscriberContext(serverWebExchange()).block();
 
 		assertThat(publisherProbe.wasSubscribed()).isTrue();
 
-		verify(authorizationFailureHandler).onAuthorizationFailure(authorizationExceptionCaptor.capture(),
-				authenticationCaptor.capture(), attributesCaptor.capture());
+		verify(this.authorizationFailureHandler).onAuthorizationFailure(this.authorizationExceptionCaptor.capture(),
+				this.authenticationCaptor.capture(), this.attributesCaptor.capture());
 
-		assertThat(authorizationExceptionCaptor.getValue()).isInstanceOfSatisfying(ClientAuthorizationException.class,
-				e -> {
-					assertThat(e.getClientRegistrationId()).isEqualTo(registration.getRegistrationId());
+		assertThat(this.authorizationExceptionCaptor.getValue())
+				.isInstanceOfSatisfying(ClientAuthorizationException.class, e -> {
+					assertThat(e.getClientRegistrationId()).isEqualTo(this.registration.getRegistrationId());
 					assertThat(e.getError().getErrorCode()).isEqualTo("invalid_token");
 					assertThat(e).hasNoCause();
 					assertThat(e).hasMessageContaining("[invalid_token]");
 				});
-		assertThat(authenticationCaptor.getValue()).isInstanceOf(AnonymousAuthenticationToken.class);
-		assertThat(attributesCaptor.getValue())
+		assertThat(this.authenticationCaptor.getValue()).isInstanceOf(AnonymousAuthenticationToken.class);
+		assertThat(this.attributesCaptor.getValue())
 				.containsExactly(entry(ServerWebExchange.class.getName(), this.serverWebExchange));
 	}
 
 	@Test
 	public void filterWhenUnauthorizedWithWebClientExceptionThenInvokeFailureHandler() {
-		function.setAuthorizationFailureHandler(authorizationFailureHandler);
+		this.function.setAuthorizationFailureHandler(this.authorizationFailureHandler);
 
 		PublisherProbe<Void> publisherProbe = PublisherProbe.empty();
-		when(authorizationFailureHandler.onAuthorizationFailure(any(), any(), any())).thenReturn(publisherProbe.mono());
+		when(this.authorizationFailureHandler.onAuthorizationFailure(any(), any(), any()))
+				.thenReturn(publisherProbe.mono());
 
 		OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", this.accessToken.getIssuedAt());
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
@@ -471,27 +473,28 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 
 		assertThat(publisherProbe.wasSubscribed()).isTrue();
 
-		verify(authorizationFailureHandler).onAuthorizationFailure(authorizationExceptionCaptor.capture(),
-				authenticationCaptor.capture(), attributesCaptor.capture());
+		verify(this.authorizationFailureHandler).onAuthorizationFailure(this.authorizationExceptionCaptor.capture(),
+				this.authenticationCaptor.capture(), this.attributesCaptor.capture());
 
-		assertThat(authorizationExceptionCaptor.getValue()).isInstanceOfSatisfying(ClientAuthorizationException.class,
-				e -> {
-					assertThat(e.getClientRegistrationId()).isEqualTo(registration.getRegistrationId());
+		assertThat(this.authorizationExceptionCaptor.getValue())
+				.isInstanceOfSatisfying(ClientAuthorizationException.class, e -> {
+					assertThat(e.getClientRegistrationId()).isEqualTo(this.registration.getRegistrationId());
 					assertThat(e.getError().getErrorCode()).isEqualTo("invalid_token");
 					assertThat(e).hasCause(exception);
 					assertThat(e).hasMessageContaining("[invalid_token]");
 				});
-		assertThat(authenticationCaptor.getValue()).isInstanceOf(AnonymousAuthenticationToken.class);
-		assertThat(attributesCaptor.getValue())
+		assertThat(this.authenticationCaptor.getValue()).isInstanceOf(AnonymousAuthenticationToken.class);
+		assertThat(this.attributesCaptor.getValue())
 				.containsExactly(entry(ServerWebExchange.class.getName(), this.serverWebExchange));
 	}
 
 	@Test
 	public void filterWhenForbiddenThenInvokeFailureHandler() {
-		function.setAuthorizationFailureHandler(authorizationFailureHandler);
+		this.function.setAuthorizationFailureHandler(this.authorizationFailureHandler);
 
 		PublisherProbe<Void> publisherProbe = PublisherProbe.empty();
-		when(authorizationFailureHandler.onAuthorizationFailure(any(), any(), any())).thenReturn(publisherProbe.mono());
+		when(this.authorizationFailureHandler.onAuthorizationFailure(any(), any(), any()))
+				.thenReturn(publisherProbe.mono());
 
 		OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", this.accessToken.getIssuedAt());
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
@@ -499,33 +502,34 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
 				.attributes(oauth2AuthorizedClient(authorizedClient)).build();
 
-		when(exchange.getResponse().rawStatusCode()).thenReturn(HttpStatus.FORBIDDEN.value());
+		when(this.exchange.getResponse().rawStatusCode()).thenReturn(HttpStatus.FORBIDDEN.value());
 
 		this.function.filter(request, this.exchange).subscriberContext(serverWebExchange()).block();
 
 		assertThat(publisherProbe.wasSubscribed()).isTrue();
 
-		verify(authorizationFailureHandler).onAuthorizationFailure(authorizationExceptionCaptor.capture(),
-				authenticationCaptor.capture(), attributesCaptor.capture());
+		verify(this.authorizationFailureHandler).onAuthorizationFailure(this.authorizationExceptionCaptor.capture(),
+				this.authenticationCaptor.capture(), this.attributesCaptor.capture());
 
-		assertThat(authorizationExceptionCaptor.getValue()).isInstanceOfSatisfying(ClientAuthorizationException.class,
-				e -> {
-					assertThat(e.getClientRegistrationId()).isEqualTo(registration.getRegistrationId());
+		assertThat(this.authorizationExceptionCaptor.getValue())
+				.isInstanceOfSatisfying(ClientAuthorizationException.class, e -> {
+					assertThat(e.getClientRegistrationId()).isEqualTo(this.registration.getRegistrationId());
 					assertThat(e.getError().getErrorCode()).isEqualTo("insufficient_scope");
 					assertThat(e).hasNoCause();
 					assertThat(e).hasMessageContaining("[insufficient_scope]");
 				});
-		assertThat(authenticationCaptor.getValue()).isInstanceOf(AnonymousAuthenticationToken.class);
-		assertThat(attributesCaptor.getValue())
+		assertThat(this.authenticationCaptor.getValue()).isInstanceOf(AnonymousAuthenticationToken.class);
+		assertThat(this.attributesCaptor.getValue())
 				.containsExactly(entry(ServerWebExchange.class.getName(), this.serverWebExchange));
 	}
 
 	@Test
 	public void filterWhenForbiddenWithWebClientExceptionThenInvokeFailureHandler() {
-		function.setAuthorizationFailureHandler(authorizationFailureHandler);
+		this.function.setAuthorizationFailureHandler(this.authorizationFailureHandler);
 
 		PublisherProbe<Void> publisherProbe = PublisherProbe.empty();
-		when(authorizationFailureHandler.onAuthorizationFailure(any(), any(), any())).thenReturn(publisherProbe.mono());
+		when(this.authorizationFailureHandler.onAuthorizationFailure(any(), any(), any()))
+				.thenReturn(publisherProbe.mono());
 
 		OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", this.accessToken.getIssuedAt());
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
@@ -543,27 +547,28 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 
 		assertThat(publisherProbe.wasSubscribed()).isTrue();
 
-		verify(authorizationFailureHandler).onAuthorizationFailure(authorizationExceptionCaptor.capture(),
-				authenticationCaptor.capture(), attributesCaptor.capture());
+		verify(this.authorizationFailureHandler).onAuthorizationFailure(this.authorizationExceptionCaptor.capture(),
+				this.authenticationCaptor.capture(), this.attributesCaptor.capture());
 
-		assertThat(authorizationExceptionCaptor.getValue()).isInstanceOfSatisfying(ClientAuthorizationException.class,
-				e -> {
-					assertThat(e.getClientRegistrationId()).isEqualTo(registration.getRegistrationId());
+		assertThat(this.authorizationExceptionCaptor.getValue())
+				.isInstanceOfSatisfying(ClientAuthorizationException.class, e -> {
+					assertThat(e.getClientRegistrationId()).isEqualTo(this.registration.getRegistrationId());
 					assertThat(e.getError().getErrorCode()).isEqualTo("insufficient_scope");
 					assertThat(e).hasCause(exception);
 					assertThat(e).hasMessageContaining("[insufficient_scope]");
 				});
-		assertThat(authenticationCaptor.getValue()).isInstanceOf(AnonymousAuthenticationToken.class);
-		assertThat(attributesCaptor.getValue())
+		assertThat(this.authenticationCaptor.getValue()).isInstanceOf(AnonymousAuthenticationToken.class);
+		assertThat(this.attributesCaptor.getValue())
 				.containsExactly(entry(ServerWebExchange.class.getName(), this.serverWebExchange));
 	}
 
 	@Test
 	public void filterWhenWWWAuthenticateHeaderIncludesErrorThenInvokeFailureHandler() {
-		function.setAuthorizationFailureHandler(authorizationFailureHandler);
+		this.function.setAuthorizationFailureHandler(this.authorizationFailureHandler);
 
 		PublisherProbe<Void> publisherProbe = PublisherProbe.empty();
-		when(authorizationFailureHandler.onAuthorizationFailure(any(), any(), any())).thenReturn(publisherProbe.mono());
+		when(this.authorizationFailureHandler.onAuthorizationFailure(any(), any(), any()))
+				.thenReturn(publisherProbe.mono());
 
 		OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", this.accessToken.getIssuedAt());
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
@@ -583,12 +588,12 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 
 		assertThat(publisherProbe.wasSubscribed()).isTrue();
 
-		verify(authorizationFailureHandler).onAuthorizationFailure(authorizationExceptionCaptor.capture(),
-				authenticationCaptor.capture(), attributesCaptor.capture());
+		verify(this.authorizationFailureHandler).onAuthorizationFailure(this.authorizationExceptionCaptor.capture(),
+				this.authenticationCaptor.capture(), this.attributesCaptor.capture());
 
-		assertThat(authorizationExceptionCaptor.getValue()).isInstanceOfSatisfying(ClientAuthorizationException.class,
-				e -> {
-					assertThat(e.getClientRegistrationId()).isEqualTo(registration.getRegistrationId());
+		assertThat(this.authorizationExceptionCaptor.getValue())
+				.isInstanceOfSatisfying(ClientAuthorizationException.class, e -> {
+					assertThat(e.getClientRegistrationId()).isEqualTo(this.registration.getRegistrationId());
 					assertThat(e.getError().getErrorCode()).isEqualTo(OAuth2ErrorCodes.INSUFFICIENT_SCOPE);
 					assertThat(e.getError().getDescription())
 							.isEqualTo("The request requires higher privileges than provided by the access token.");
@@ -596,17 +601,18 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 					assertThat(e).hasNoCause();
 					assertThat(e).hasMessageContaining(OAuth2ErrorCodes.INSUFFICIENT_SCOPE);
 				});
-		assertThat(authenticationCaptor.getValue()).isInstanceOf(AnonymousAuthenticationToken.class);
-		assertThat(attributesCaptor.getValue())
+		assertThat(this.authenticationCaptor.getValue()).isInstanceOf(AnonymousAuthenticationToken.class);
+		assertThat(this.attributesCaptor.getValue())
 				.containsExactly(entry(ServerWebExchange.class.getName(), this.serverWebExchange));
 	}
 
 	@Test
 	public void filterWhenAuthorizationExceptionThenInvokeFailureHandler() {
-		function.setAuthorizationFailureHandler(authorizationFailureHandler);
+		this.function.setAuthorizationFailureHandler(this.authorizationFailureHandler);
 
 		PublisherProbe<Void> publisherProbe = PublisherProbe.empty();
-		when(authorizationFailureHandler.onAuthorizationFailure(any(), any(), any())).thenReturn(publisherProbe.mono());
+		when(this.authorizationFailureHandler.onAuthorizationFailure(any(), any(), any()))
+				.thenReturn(publisherProbe.mono());
 
 		OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", this.accessToken.getIssuedAt());
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
@@ -624,18 +630,18 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 
 		assertThat(publisherProbe.wasSubscribed()).isTrue();
 
-		verify(authorizationFailureHandler).onAuthorizationFailure(authorizationExceptionCaptor.capture(),
-				authenticationCaptor.capture(), attributesCaptor.capture());
+		verify(this.authorizationFailureHandler).onAuthorizationFailure(this.authorizationExceptionCaptor.capture(),
+				this.authenticationCaptor.capture(), this.attributesCaptor.capture());
 
-		assertThat(authorizationExceptionCaptor.getValue()).isSameAs(exception);
-		assertThat(authenticationCaptor.getValue()).isInstanceOf(AnonymousAuthenticationToken.class);
-		assertThat(attributesCaptor.getValue())
+		assertThat(this.authorizationExceptionCaptor.getValue()).isSameAs(exception);
+		assertThat(this.authenticationCaptor.getValue()).isInstanceOf(AnonymousAuthenticationToken.class);
+		assertThat(this.attributesCaptor.getValue())
 				.containsExactly(entry(ServerWebExchange.class.getName(), this.serverWebExchange));
 	}
 
 	@Test
 	public void filterWhenOtherHttpStatusShouldNotInvokeFailureHandler() {
-		function.setAuthorizationFailureHandler(authorizationFailureHandler);
+		this.function.setAuthorizationFailureHandler(this.authorizationFailureHandler);
 
 		OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", this.accessToken.getIssuedAt());
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
@@ -643,11 +649,11 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
 				.attributes(oauth2AuthorizedClient(authorizedClient)).build();
 
-		when(exchange.getResponse().rawStatusCode()).thenReturn(HttpStatus.BAD_REQUEST.value());
+		when(this.exchange.getResponse().rawStatusCode()).thenReturn(HttpStatus.BAD_REQUEST.value());
 
 		this.function.filter(request, this.exchange).subscriberContext(serverWebExchange()).block();
 
-		verify(authorizationFailureHandler, never()).onAuthorizationFailure(any(), any(), any());
+		verify(this.authorizationFailureHandler, never()).onAuthorizationFailure(any(), any(), any());
 	}
 
 	@Test
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionTests.java
index 8cf9fd05f4..2728dce197 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionTests.java
@@ -343,7 +343,7 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		verify(this.authorizedClientRepository).saveAuthorizedClient(this.authorizedClientCaptor.capture(),
 				eq(this.authentication), any(), any());
 
-		OAuth2AuthorizedClient newAuthorizedClient = authorizedClientCaptor.getValue();
+		OAuth2AuthorizedClient newAuthorizedClient = this.authorizedClientCaptor.getValue();
 		assertThat(newAuthorizedClient.getAccessToken()).isEqualTo(response.getAccessToken());
 		assertThat(newAuthorizedClient.getRefreshToken()).isEqualTo(response.getRefreshToken());
 
@@ -396,7 +396,7 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		verify(this.authorizedClientRepository).saveAuthorizedClient(this.authorizedClientCaptor.capture(),
 				eq(this.authentication), any(), any());
 
-		OAuth2AuthorizedClient newAuthorizedClient = authorizedClientCaptor.getValue();
+		OAuth2AuthorizedClient newAuthorizedClient = this.authorizedClientCaptor.getValue();
 		assertThat(newAuthorizedClient.getAccessToken()).isEqualTo(response.getAccessToken());
 		assertThat(newAuthorizedClient.getRefreshToken().getTokenValue()).isEqualTo(refreshToken.getTokenValue());
 
@@ -426,7 +426,7 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		verify(this.authorizedClientRepository, never()).saveAuthorizedClient(any(), eq(this.authentication), any(),
 				any());
 
-		verify(clientCredentialsTokenResponseClient, never()).getTokenResponse(any());
+		verify(this.clientCredentialsTokenResponseClient, never()).getTokenResponse(any());
 
 		List<ClientRequest> requests = this.exchange.getRequests();
 		assertThat(requests).hasSize(1);
@@ -510,7 +510,7 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		this.function.filter(request, this.exchange).block();
 
 		verify(this.passwordTokenResponseClient).getTokenResponse(any());
-		verify(this.authorizedClientRepository).saveAuthorizedClient(any(), eq(authentication), any(), any());
+		verify(this.authorizedClientRepository).saveAuthorizedClient(any(), eq(this.authentication), any(), any());
 
 		List<ClientRequest> requests = this.exchange.getRequests();
 		assertThat(requests).hasSize(1);
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/MapOAuth2AccessTokenResponseConverterTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/MapOAuth2AccessTokenResponseConverterTests.java
index e1bd4d0247..a7c052fb91 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/MapOAuth2AccessTokenResponseConverterTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/MapOAuth2AccessTokenResponseConverterTests.java
@@ -51,7 +51,7 @@ public class MapOAuth2AccessTokenResponseConverterTests {
 		map.put("refresh_token", "refresh-token-1234");
 		map.put("custom_parameter_1", "custom-value-1");
 		map.put("custom_parameter_2", "custom-value-2");
-		OAuth2AccessTokenResponse converted = messageConverter.convert(map);
+		OAuth2AccessTokenResponse converted = this.messageConverter.convert(map);
 		OAuth2AccessToken accessToken = converted.getAccessToken();
 		Assert.assertNotNull(accessToken);
 		Assert.assertEquals("access-token-1234", accessToken.getTokenValue());
@@ -79,7 +79,7 @@ public class MapOAuth2AccessTokenResponseConverterTests {
 		Map<String, String> map = new HashMap<>();
 		map.put("access_token", "access-token-1234");
 		map.put("token_type", "bearer");
-		OAuth2AccessTokenResponse converted = messageConverter.convert(map);
+		OAuth2AccessTokenResponse converted = this.messageConverter.convert(map);
 		OAuth2AccessToken accessToken = converted.getAccessToken();
 		Assert.assertNotNull(accessToken);
 		Assert.assertEquals("access-token-1234", accessToken.getTokenValue());
@@ -104,7 +104,7 @@ public class MapOAuth2AccessTokenResponseConverterTests {
 		map.put("access_token", "access-token-1234");
 		map.put("token_type", "bearer");
 		map.put("expires_in", "2100-01-01-abc");
-		OAuth2AccessTokenResponse converted = messageConverter.convert(map);
+		OAuth2AccessTokenResponse converted = this.messageConverter.convert(map);
 		OAuth2AccessToken accessToken = converted.getAccessToken();
 		Assert.assertNotNull(accessToken);
 		Assert.assertEquals("access-token-1234", accessToken.getTokenValue());
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseMapConverterTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseMapConverterTests.java
index 0b6abc2dee..2e7edf479f 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseMapConverterTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseMapConverterTests.java
@@ -53,7 +53,7 @@ public class OAuth2AccessTokenResponseMapConverterTests {
 		OAuth2AccessTokenResponse build = OAuth2AccessTokenResponse.withToken("access-token-value-1234").expiresIn(3699)
 				.additionalParameters(additionalParameters).refreshToken("refresh-token-value-1234").scopes(scopes)
 				.tokenType(OAuth2AccessToken.TokenType.BEARER).build();
-		Map<String, String> result = messageConverter.convert(build);
+		Map<String, String> result = this.messageConverter.convert(build);
 		Assert.assertEquals(7, result.size());
 
 		Assert.assertEquals("access-token-value-1234", result.get("access_token"));
@@ -69,7 +69,7 @@ public class OAuth2AccessTokenResponseMapConverterTests {
 	public void convertMinimal() {
 		OAuth2AccessTokenResponse build = OAuth2AccessTokenResponse.withToken("access-token-value-1234")
 				.tokenType(OAuth2AccessToken.TokenType.BEARER).build();
-		Map<String, String> result = messageConverter.convert(build);
+		Map<String, String> result = this.messageConverter.convert(build);
 		Assert.assertEquals(3, result.size());
 
 		Assert.assertEquals("access-token-value-1234", result.get("access_token"));
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtTimestampValidator.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtTimestampValidator.java
index 21ddb58aab..6659244242 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtTimestampValidator.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtTimestampValidator.java
@@ -77,7 +77,7 @@ public final class JwtTimestampValidator implements OAuth2TokenValidator<Jwt> {
 		Instant expiry = jwt.getExpiresAt();
 
 		if (expiry != null) {
-			if (Instant.now(this.clock).minus(clockSkew).isAfter(expiry)) {
+			if (Instant.now(this.clock).minus(this.clockSkew).isAfter(expiry)) {
 				OAuth2Error oAuth2Error = createOAuth2Error(String.format("Jwt expired at %s", jwt.getExpiresAt()));
 				return OAuth2TokenValidatorResult.failure(oAuth2Error);
 			}
@@ -86,7 +86,7 @@ public final class JwtTimestampValidator implements OAuth2TokenValidator<Jwt> {
 		Instant notBefore = jwt.getNotBefore();
 
 		if (notBefore != null) {
-			if (Instant.now(this.clock).plus(clockSkew).isBefore(notBefore)) {
+			if (Instant.now(this.clock).plus(this.clockSkew).isBefore(notBefore)) {
 				OAuth2Error oAuth2Error = createOAuth2Error(String.format("Jwt used before %s", jwt.getNotBefore()));
 				return OAuth2TokenValidatorResult.failure(oAuth2Error);
 			}
@@ -96,7 +96,7 @@ public final class JwtTimestampValidator implements OAuth2TokenValidator<Jwt> {
 	}
 
 	private OAuth2Error createOAuth2Error(String reason) {
-		logger.debug(reason);
+		this.logger.debug(reason);
 		return new OAuth2Error(OAuth2ErrorCodes.INVALID_REQUEST, reason,
 				"https://tools.ietf.org/html/rfc6750#section-3.1");
 	}
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/MappedJwtClaimSetConverter.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/MappedJwtClaimSetConverter.java
index c6acdd92cc..796689af8f 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/MappedJwtClaimSetConverter.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/MappedJwtClaimSetConverter.java
@@ -178,7 +178,7 @@ public final class MappedJwtClaimSetConverter implements Converter<Map<String, O
 
 	private Map<String, Object> addClaims(Map<String, Object> claims) {
 		Map<String, Object> result = new HashMap<>(claims);
-		for (Map.Entry<String, Converter<Object, ?>> entry : claimTypeConverters.entrySet()) {
+		for (Map.Entry<String, Converter<Object, ?>> entry : this.claimTypeConverters.entrySet()) {
 			if (!claims.containsKey(entry.getKey()) && entry.getValue().convert(null) != null) {
 				result.put(entry.getKey(), entry.getValue().convert(null));
 			}
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtClaimValidatorTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtClaimValidatorTests.java
index 32f47e1887..57d1d28c04 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtClaimValidatorTests.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtClaimValidatorTests.java
@@ -40,13 +40,13 @@ public class JwtClaimValidatorTests {
 	@Test
 	public void validateWhenClaimPassesTheTestThenReturnsSuccess() {
 		Jwt jwt = jwt().claim(ISS, "http://test").build();
-		assertThat(validator.validate(jwt)).isEqualTo(OAuth2TokenValidatorResult.success());
+		assertThat(this.validator.validate(jwt)).isEqualTo(OAuth2TokenValidatorResult.success());
 	}
 
 	@Test
 	public void validateWhenClaimFailsTheTestThenReturnsFailure() {
 		Jwt jwt = jwt().claim(ISS, "http://abc").build();
-		assertThat(validator.validate(jwt).getErrors().isEmpty()).isFalse();
+		assertThat(this.validator.validate(jwt).getErrors().isEmpty()).isFalse();
 	}
 
 	@Test
@@ -62,7 +62,7 @@ public class JwtClaimValidatorTests {
 
 	@Test
 	public void validateWhenJwtIsNullThenThrowsIllegalArgumentException() {
-		assertThatThrownBy(() -> validator.validate(null)).isInstanceOf(IllegalArgumentException.class);
+		assertThatThrownBy(() -> this.validator.validate(null)).isInstanceOf(IllegalArgumentException.class);
 	}
 
 }
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderJwkSupportTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderJwkSupportTests.java
index 937d0bdd41..acf9a911ac 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderJwkSupportTests.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderJwkSupportTests.java
@@ -230,7 +230,7 @@ public class NimbusJwtDecoderJwkSupportTests {
 
 	@Test
 	public void setClaimSetConverterWhenIsNullThenThrowsIllegalArgumentException() {
-		assertThatCode(() -> jwtDecoder.setClaimSetConverter(null)).isInstanceOf(IllegalArgumentException.class);
+		assertThatCode(() -> this.jwtDecoder.setClaimSetConverter(null)).isInstanceOf(IllegalArgumentException.class);
 	}
 
 	private static RestOperations mockJwkSetResponse(String response) {
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoderTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoderTests.java
index 30422bbdcc..28839446b8 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoderTests.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoderTests.java
@@ -118,7 +118,7 @@ public class NimbusReactiveJwtDecoderTests {
 	public void setup() throws Exception {
 		this.server = new MockWebServer();
 		this.server.start();
-		this.server.enqueue(new MockResponse().setBody(jwkSet));
+		this.server.enqueue(new MockResponse().setBody(this.jwkSet));
 		this.decoder = new NimbusReactiveJwtDecoder(this.server.url("/certs").toString());
 	}
 
@@ -282,7 +282,7 @@ public class NimbusReactiveJwtDecoderTests {
 
 	@Test
 	public void withJwkSetUriWhenJwtProcessorCustomizerNullThenThrowsIllegalArgumentException() {
-		assertThatCode(() -> withJwkSetUri(jwkSetUri).jwtProcessorCustomizer(null).build())
+		assertThatCode(() -> withJwkSetUri(this.jwkSetUri).jwtProcessorCustomizer(null).build())
 				.isInstanceOf(IllegalArgumentException.class).hasMessage("jwtProcessorCustomizer cannot be null");
 	}
 
@@ -297,7 +297,7 @@ public class NimbusReactiveJwtDecoderTests {
 	public void decodeWhenSignedThenOk() {
 		WebClient webClient = mockJwkSetResponse(this.jwkSet);
 		NimbusReactiveJwtDecoder decoder = withJwkSetUri(this.jwkSetUri).webClient(webClient).build();
-		assertThat(decoder.decode(messageReadToken).block()).extracting(Jwt::getExpiresAt).isNotNull();
+		assertThat(decoder.decode(this.messageReadToken).block()).extracting(Jwt::getExpiresAt).isNotNull();
 		verify(webClient).get();
 	}
 
@@ -309,7 +309,7 @@ public class NimbusReactiveJwtDecoderTests {
 				.jwtProcessorCustomizer(
 						p -> p.setJWSTypeVerifier(new DefaultJOSEObjectTypeVerifier<>(new JOSEObjectType("JWS"))))
 				.build();
-		assertThatCode(() -> decoder.decode(messageReadToken).block()).isInstanceOf(BadJwtException.class)
+		assertThatCode(() -> decoder.decode(this.messageReadToken).block()).isInstanceOf(BadJwtException.class)
 				.hasRootCauseMessage("Required JOSE header \"typ\" (type) parameter is missing");
 	}
 
@@ -433,7 +433,7 @@ public class NimbusReactiveJwtDecoderTests {
 				.jwtProcessorCustomizer(
 						p -> p.setJWSTypeVerifier(new DefaultJOSEObjectTypeVerifier<>(new JOSEObjectType("JWS"))))
 				.build();
-		assertThatCode(() -> decoder.decode(messageReadToken).block()).isInstanceOf(BadJwtException.class)
+		assertThatCode(() -> decoder.decode(this.messageReadToken).block()).isInstanceOf(BadJwtException.class)
 				.hasRootCauseMessage("Required JOSE header \"typ\" (type) parameter is missing");
 	}
 
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationFilter.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationFilter.java
index 034913e7e9..d294fb9d48 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationFilter.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationFilter.java
@@ -66,7 +66,7 @@ public final class BearerTokenAuthenticationFilter extends OncePerRequestFilter
 	private AuthenticationEntryPoint authenticationEntryPoint = new BearerTokenAuthenticationEntryPoint();
 
 	private AuthenticationFailureHandler authenticationFailureHandler = (request, response,
-			exception) -> authenticationEntryPoint.commence(request, response, exception);
+			exception) -> this.authenticationEntryPoint.commence(request, response, exception);
 
 	/**
 	 * Construct a {@code BearerTokenAuthenticationFilter} using the provided parameter(s)
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationProviderTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationProviderTests.java
index fe8c173d54..3fa0a85ff9 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationProviderTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationProviderTests.java
@@ -58,7 +58,7 @@ public class JwtAuthenticationProviderTests {
 	@Before
 	public void setup() {
 		this.provider = new JwtAuthenticationProvider(this.jwtDecoder);
-		this.provider.setJwtAuthenticationConverter(jwtAuthenticationConverter);
+		this.provider.setJwtAuthenticationConverter(this.jwtAuthenticationConverter);
 	}
 
 	@Test
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtAuthenticationConverterAdapterTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtAuthenticationConverterAdapterTests.java
index f9bfc8bc7d..d15161fd07 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtAuthenticationConverterAdapterTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtAuthenticationConverterAdapterTests.java
@@ -40,7 +40,7 @@ public class ReactiveJwtAuthenticationConverterAdapterTests {
 	Converter<Jwt, AbstractAuthenticationToken> converter = new JwtAuthenticationConverter();
 
 	ReactiveJwtAuthenticationConverterAdapter jwtAuthenticationConverter = new ReactiveJwtAuthenticationConverterAdapter(
-			converter);
+			this.converter);
 
 	@Test
 	public void convertWhenTokenHasScopeAttributeThenTranslatedToAuthorities() {
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServerBearerExchangeFilterFunctionTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServerBearerExchangeFilterFunctionTests.java
index 52517b788d..9d85454580 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServerBearerExchangeFilterFunctionTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServerBearerExchangeFilterFunctionTests.java
@@ -50,7 +50,8 @@ public class ServerBearerExchangeFilterFunctionTests {
 	private OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, "token-0",
 			Instant.now(), Instant.now().plus(Duration.ofDays(1)));
 
-	private Authentication authentication = new AbstractOAuth2TokenAuthenticationToken<OAuth2AccessToken>(accessToken) {
+	private Authentication authentication = new AbstractOAuth2TokenAuthenticationToken<OAuth2AccessToken>(
+			this.accessToken) {
 		@Override
 		public Map<String, Object> getTokenAttributes() {
 			return Collections.emptyMap();
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServletBearerExchangeFilterFunctionTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServletBearerExchangeFilterFunctionTests.java
index c4999fb545..9868ebfc2c 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServletBearerExchangeFilterFunctionTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServletBearerExchangeFilterFunctionTests.java
@@ -55,7 +55,8 @@ public class ServletBearerExchangeFilterFunctionTests {
 	private OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, "token-0",
 			Instant.now(), Instant.now().plus(Duration.ofDays(1)));
 
-	private Authentication authentication = new AbstractOAuth2TokenAuthenticationToken<OAuth2AccessToken>(accessToken) {
+	private Authentication authentication = new AbstractOAuth2TokenAuthenticationToken<OAuth2AccessToken>(
+			this.accessToken) {
 		@Override
 		public Map<String, Object> getTokenAttributes() {
 			return Collections.emptyMap();
diff --git a/openid/src/main/java/org/springframework/security/openid/OpenID4JavaConsumer.java b/openid/src/main/java/org/springframework/security/openid/OpenID4JavaConsumer.java
index d5783de5c4..741b81af09 100644
--- a/openid/src/main/java/org/springframework/security/openid/OpenID4JavaConsumer.java
+++ b/openid/src/main/java/org/springframework/security/openid/OpenID4JavaConsumer.java
@@ -80,30 +80,30 @@ public class OpenID4JavaConsumer implements OpenIDConsumer {
 		List<DiscoveryInformation> discoveries;
 
 		try {
-			discoveries = consumerManager.discover(identityUrl);
+			discoveries = this.consumerManager.discover(identityUrl);
 		}
 		catch (DiscoveryException e) {
 			throw new OpenIDConsumerException("Error during discovery", e);
 		}
 
-		DiscoveryInformation information = consumerManager.associate(discoveries);
+		DiscoveryInformation information = this.consumerManager.associate(discoveries);
 		req.getSession().setAttribute(DISCOVERY_INFO_KEY, information);
 
 		AuthRequest authReq;
 
 		try {
-			authReq = consumerManager.authenticate(information, returnToUrl, realm);
+			authReq = this.consumerManager.authenticate(information, returnToUrl, realm);
 
-			logger.debug("Looking up attribute fetch list for identifier: " + identityUrl);
+			this.logger.debug("Looking up attribute fetch list for identifier: " + identityUrl);
 
-			List<OpenIDAttribute> attributesToFetch = attributesToFetchFactory.createAttributeList(identityUrl);
+			List<OpenIDAttribute> attributesToFetch = this.attributesToFetchFactory.createAttributeList(identityUrl);
 
 			if (!attributesToFetch.isEmpty()) {
 				req.getSession().setAttribute(ATTRIBUTE_LIST_KEY, attributesToFetch);
 				FetchRequest fetchRequest = FetchRequest.createFetchRequest();
 				for (OpenIDAttribute attr : attributesToFetch) {
-					if (logger.isDebugEnabled()) {
-						logger.debug("Adding attribute " + attr.getType() + " to fetch request");
+					if (this.logger.isDebugEnabled()) {
+						this.logger.debug("Adding attribute " + attr.getType() + " to fetch request");
 					}
 					fetchRequest.addAttribute(attr.getName(), attr.getType(), attr.isRequired(), attr.getCount());
 				}
@@ -148,7 +148,7 @@ public class OpenID4JavaConsumer implements OpenIDConsumer {
 		VerificationResult verification;
 
 		try {
-			verification = consumerManager.verify(receivingURL.toString(), openidResp, discovered);
+			verification = this.consumerManager.verify(receivingURL.toString(), openidResp, discovered);
 		}
 		catch (MessageException | AssociationException | DiscoveryException e) {
 			throw new OpenIDConsumerException("Error verifying openid response", e);
@@ -178,7 +178,7 @@ public class OpenID4JavaConsumer implements OpenIDConsumer {
 			return Collections.emptyList();
 		}
 
-		logger.debug("Extracting attributes retrieved by attribute exchange");
+		this.logger.debug("Extracting attributes retrieved by attribute exchange");
 
 		List<OpenIDAttribute> attributes = Collections.emptyList();
 
@@ -202,8 +202,8 @@ public class OpenID4JavaConsumer implements OpenIDConsumer {
 			throw new OpenIDConsumerException("Attribute retrieval failed", e);
 		}
 
-		if (logger.isDebugEnabled()) {
-			logger.debug("Retrieved attributes" + attributes);
+		if (this.logger.isDebugEnabled()) {
+			this.logger.debug("Retrieved attributes" + attributes);
 		}
 
 		return attributes;
diff --git a/openid/src/main/java/org/springframework/security/openid/OpenIDAttribute.java b/openid/src/main/java/org/springframework/security/openid/OpenIDAttribute.java
index ff7a63ecc4..c60cb995e6 100644
--- a/openid/src/main/java/org/springframework/security/openid/OpenIDAttribute.java
+++ b/openid/src/main/java/org/springframework/security/openid/OpenIDAttribute.java
@@ -63,14 +63,14 @@ public class OpenIDAttribute implements Serializable {
 	 * The attribute name
 	 */
 	public String getName() {
-		return name;
+		return this.name;
 	}
 
 	/**
 	 * The attribute type Identifier (a URI).
 	 */
 	public String getType() {
-		return typeIdentifier;
+		return this.typeIdentifier;
 	}
 
 	/**
@@ -78,7 +78,7 @@ public class OpenIDAttribute implements Serializable {
 	 * Defaults to "false".
 	 */
 	public boolean isRequired() {
-		return required;
+		return this.required;
 	}
 
 	public void setRequired(boolean required) {
@@ -90,7 +90,7 @@ public class OpenIDAttribute implements Serializable {
 	 * request. Defaults to 1.
 	 */
 	public int getCount() {
-		return count;
+		return this.count;
 	}
 
 	public void setCount(int count) {
@@ -101,17 +101,17 @@ public class OpenIDAttribute implements Serializable {
 	 * The values obtained from an attribute exchange.
 	 */
 	public List<String> getValues() {
-		Assert.notNull(values, "Cannot read values from an authentication request attribute");
-		return values;
+		Assert.notNull(this.values, "Cannot read values from an authentication request attribute");
+		return this.values;
 	}
 
 	@Override
 	public String toString() {
 		StringBuilder result = new StringBuilder("[");
-		result.append(name);
-		if (values != null) {
+		result.append(this.name);
+		if (this.values != null) {
 			result.append(":");
-			result.append(values.toString());
+			result.append(this.values.toString());
 		}
 		result.append("]");
 		return result.toString();
diff --git a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationFilter.java b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationFilter.java
index fe00a93c13..97c51d27db 100644
--- a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationFilter.java
+++ b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationFilter.java
@@ -95,18 +95,18 @@ public class OpenIDAuthenticationFilter extends AbstractAuthenticationProcessing
 	public void afterPropertiesSet() {
 		super.afterPropertiesSet();
 
-		if (consumer == null) {
+		if (this.consumer == null) {
 			try {
-				consumer = new OpenID4JavaConsumer();
+				this.consumer = new OpenID4JavaConsumer();
 			}
 			catch (ConsumerException e) {
 				throw new IllegalArgumentException("Failed to initialize OpenID", e);
 			}
 		}
 
-		if (returnToUrlParameters.isEmpty() && getRememberMeServices() instanceof AbstractRememberMeServices) {
-			returnToUrlParameters = new HashSet<>();
-			returnToUrlParameters.add(((AbstractRememberMeServices) getRememberMeServices()).getParameter());
+		if (this.returnToUrlParameters.isEmpty() && getRememberMeServices() instanceof AbstractRememberMeServices) {
+			this.returnToUrlParameters = new HashSet<>();
+			this.returnToUrlParameters.add(((AbstractRememberMeServices) getRememberMeServices()).getParameter());
 		}
 	}
 
@@ -132,10 +132,10 @@ public class OpenIDAuthenticationFilter extends AbstractAuthenticationProcessing
 			try {
 				String returnToUrl = buildReturnToUrl(request);
 				String realm = lookupRealm(returnToUrl);
-				String openIdUrl = consumer.beginConsumption(request, claimedIdentity, returnToUrl, realm);
-				if (logger.isDebugEnabled()) {
-					logger.debug("return_to is '" + returnToUrl + "', realm is '" + realm + "'");
-					logger.debug("Redirecting to " + openIdUrl);
+				String openIdUrl = this.consumer.beginConsumption(request, claimedIdentity, returnToUrl, realm);
+				if (this.logger.isDebugEnabled()) {
+					this.logger.debug("return_to is '" + returnToUrl + "', realm is '" + realm + "'");
+					this.logger.debug("Redirecting to " + openIdUrl);
 				}
 				response.sendRedirect(openIdUrl);
 
@@ -143,24 +143,24 @@ public class OpenIDAuthenticationFilter extends AbstractAuthenticationProcessing
 				return null;
 			}
 			catch (OpenIDConsumerException e) {
-				logger.debug("Failed to consume claimedIdentity: " + claimedIdentity, e);
+				this.logger.debug("Failed to consume claimedIdentity: " + claimedIdentity, e);
 				throw new AuthenticationServiceException(
 						"Unable to process claimed identity '" + claimedIdentity + "'");
 			}
 		}
 
-		if (logger.isDebugEnabled()) {
-			logger.debug("Supplied OpenID identity is " + identity);
+		if (this.logger.isDebugEnabled()) {
+			this.logger.debug("Supplied OpenID identity is " + identity);
 		}
 
 		try {
-			token = consumer.endConsumption(request);
+			token = this.consumer.endConsumption(request);
 		}
 		catch (OpenIDConsumerException oice) {
 			throw new AuthenticationServiceException("Consumer error", oice);
 		}
 
-		token.setDetails(authenticationDetailsSource.buildDetails(request));
+		token.setDetails(this.authenticationDetailsSource.buildDetails(request));
 
 		// delegate to the authentication provider
 		Authentication authentication = this.getAuthenticationManager().authenticate(token);
@@ -169,7 +169,7 @@ public class OpenIDAuthenticationFilter extends AbstractAuthenticationProcessing
 	}
 
 	protected String lookupRealm(String returnToUrl) {
-		String mapping = realmMapping.get(returnToUrl);
+		String mapping = this.realmMapping.get(returnToUrl);
 
 		if (mapping == null) {
 			try {
@@ -185,7 +185,7 @@ public class OpenIDAuthenticationFilter extends AbstractAuthenticationProcessing
 				mapping = realmBuffer.toString();
 			}
 			catch (MalformedURLException e) {
-				logger.warn("returnToUrl was not a valid URL: [" + returnToUrl + "]", e);
+				this.logger.warn("returnToUrl was not a valid URL: [" + returnToUrl + "]", e);
 			}
 		}
 
@@ -201,7 +201,7 @@ public class OpenIDAuthenticationFilter extends AbstractAuthenticationProcessing
 	protected String buildReturnToUrl(HttpServletRequest request) {
 		StringBuffer sb = request.getRequestURL();
 
-		Iterator<String> iterator = returnToUrlParameters.iterator();
+		Iterator<String> iterator = this.returnToUrlParameters.iterator();
 		boolean isFirst = true;
 
 		while (iterator.hasNext()) {
@@ -230,10 +230,10 @@ public class OpenIDAuthenticationFilter extends AbstractAuthenticationProcessing
 	 * Reads the <tt>claimedIdentityFieldName</tt> from the submitted request.
 	 */
 	protected String obtainUsername(HttpServletRequest req) {
-		String claimedIdentity = req.getParameter(claimedIdentityFieldName);
+		String claimedIdentity = req.getParameter(this.claimedIdentityFieldName);
 
 		if (!StringUtils.hasText(claimedIdentity)) {
-			logger.error("No claimed identity supplied in authentication request");
+			this.logger.error("No claimed identity supplied in authentication request");
 			return "";
 		}
 
diff --git a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationStatus.java b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationStatus.java
index a95c579104..b46d8ffb47 100644
--- a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationStatus.java
+++ b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationStatus.java
@@ -53,7 +53,7 @@ public enum OpenIDAuthenticationStatus {
 
 	@Override
 	public String toString() {
-		return name;
+		return this.name;
 	}
 
 }
diff --git a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationToken.java b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationToken.java
index f854080877..f8ba9eb443 100644
--- a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationToken.java
+++ b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationToken.java
@@ -84,11 +84,11 @@ public class OpenIDAuthenticationToken extends AbstractAuthenticationToken {
 	}
 
 	public String getIdentityUrl() {
-		return identityUrl;
+		return this.identityUrl;
 	}
 
 	public String getMessage() {
-		return message;
+		return this.message;
 	}
 
 	/**
@@ -97,20 +97,20 @@ public class OpenIDAuthenticationToken extends AbstractAuthenticationToken {
 	 * @see org.springframework.security.core.Authentication#getPrincipal()
 	 */
 	public Object getPrincipal() {
-		return principal;
+		return this.principal;
 	}
 
 	public OpenIDAuthenticationStatus getStatus() {
-		return status;
+		return this.status;
 	}
 
 	public List<OpenIDAttribute> getAttributes() {
-		return attributes;
+		return this.attributes;
 	}
 
 	@Override
 	public String toString() {
-		return "[" + super.toString() + ", attributes : " + attributes + "]";
+		return "[" + super.toString() + ", attributes : " + this.attributes + "]";
 	}
 
 }
diff --git a/openid/src/main/java/org/springframework/security/openid/RegexBasedAxFetchListFactory.java b/openid/src/main/java/org/springframework/security/openid/RegexBasedAxFetchListFactory.java
index 39a0018530..dd86fd276d 100644
--- a/openid/src/main/java/org/springframework/security/openid/RegexBasedAxFetchListFactory.java
+++ b/openid/src/main/java/org/springframework/security/openid/RegexBasedAxFetchListFactory.java
@@ -38,9 +38,9 @@ public class RegexBasedAxFetchListFactory implements AxFetchListFactory {
 	 * which should be fetched for that pattern.
 	 */
 	public RegexBasedAxFetchListFactory(Map<String, List<OpenIDAttribute>> regexMap) {
-		idToAttributes = new LinkedHashMap<>();
+		this.idToAttributes = new LinkedHashMap<>();
 		for (Map.Entry<String, List<OpenIDAttribute>> entry : regexMap.entrySet()) {
-			idToAttributes.put(Pattern.compile(entry.getKey()), entry.getValue());
+			this.idToAttributes.put(Pattern.compile(entry.getKey()), entry.getValue());
 		}
 	}
 
@@ -49,7 +49,7 @@ public class RegexBasedAxFetchListFactory implements AxFetchListFactory {
 	 * defined for the first match. If no match is found, returns an empty list.
 	 */
 	public List<OpenIDAttribute> createAttributeList(String identifier) {
-		for (Map.Entry<Pattern, List<OpenIDAttribute>> entry : idToAttributes.entrySet()) {
+		for (Map.Entry<Pattern, List<OpenIDAttribute>> entry : this.idToAttributes.entrySet()) {
 			if (entry.getKey().matcher(identifier).matches()) {
 				return entry.getValue();
 			}
diff --git a/openid/src/test/java/org/springframework/security/openid/MockOpenIDConsumer.java b/openid/src/test/java/org/springframework/security/openid/MockOpenIDConsumer.java
index 9228c022c6..1b33455e2c 100644
--- a/openid/src/test/java/org/springframework/security/openid/MockOpenIDConsumer.java
+++ b/openid/src/test/java/org/springframework/security/openid/MockOpenIDConsumer.java
@@ -47,11 +47,11 @@ public class MockOpenIDConsumer implements OpenIDConsumer {
 	}
 
 	public String beginConsumption(HttpServletRequest req, String claimedIdentity, String returnToUrl, String realm) {
-		return redirectUrl;
+		return this.redirectUrl;
 	}
 
 	public OpenIDAuthenticationToken endConsumption(HttpServletRequest req) {
-		return token;
+		return this.token;
 	}
 
 	/**
diff --git a/openid/src/test/java/org/springframework/security/openid/OpenID4JavaConsumerTests.java b/openid/src/test/java/org/springframework/security/openid/OpenID4JavaConsumerTests.java
index 09142e1e17..e22514236a 100644
--- a/openid/src/test/java/org/springframework/security/openid/OpenID4JavaConsumerTests.java
+++ b/openid/src/test/java/org/springframework/security/openid/OpenID4JavaConsumerTests.java
@@ -70,7 +70,7 @@ public class OpenID4JavaConsumerTests {
 		consumer.beginConsumption(request, "", "", "");
 
 		assertThat(request.getSession().getAttribute("SPRING_SECURITY_OPEN_ID_ATTRIBUTES_FETCH_LIST"))
-				.isEqualTo(attributes);
+				.isEqualTo(this.attributes);
 		assertThat(request.getSession().getAttribute(DiscoveryInformation.class.getName())).isEqualTo(di);
 
 		// Check with empty attribute fetch list
@@ -180,7 +180,7 @@ public class OpenID4JavaConsumerTests {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 
 		request.getSession().setAttribute(DiscoveryInformation.class.getName(), di);
-		request.getSession().setAttribute("SPRING_SECURITY_OPEN_ID_ATTRIBUTES_FETCH_LIST", attributes);
+		request.getSession().setAttribute("SPRING_SECURITY_OPEN_ID_ATTRIBUTES_FETCH_LIST", this.attributes);
 
 		OpenIDAuthenticationToken auth = consumer.endConsumption(request);
 
@@ -196,7 +196,7 @@ public class OpenID4JavaConsumerTests {
 		when(msg.getExtension(AxMessage.OPENID_NS_AX)).thenReturn(fr);
 		when(fr.getAttributeValues("a")).thenReturn(Arrays.asList("x", "y"));
 
-		List<OpenIDAttribute> fetched = consumer.fetchAxAttributes(msg, attributes);
+		List<OpenIDAttribute> fetched = consumer.fetchAxAttributes(msg, this.attributes);
 
 		assertThat(fetched).hasSize(1);
 		assertThat(fetched.get(0).getValues()).hasSize(2);
@@ -211,7 +211,7 @@ public class OpenID4JavaConsumerTests {
 		when(msg.getExtension(AxMessage.OPENID_NS_AX)).thenThrow(new MessageException(""));
 		when(fr.getAttributeValues("a")).thenReturn(Arrays.asList("x", "y"));
 
-		consumer.fetchAxAttributes(msg, attributes);
+		consumer.fetchAxAttributes(msg, this.attributes);
 	}
 
 	@Test(expected = OpenIDConsumerException.class)
@@ -229,7 +229,7 @@ public class OpenID4JavaConsumerTests {
 	private class MockAttributesFactory implements AxFetchListFactory {
 
 		public List<OpenIDAttribute> createAttributeList(String identifier) {
-			return attributes;
+			return OpenID4JavaConsumerTests.this.attributes;
 		}
 
 	}
diff --git a/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationFilterTests.java b/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationFilterTests.java
index d5253fde1c..e2883a94a0 100644
--- a/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationFilterTests.java
+++ b/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationFilterTests.java
@@ -57,13 +57,13 @@ public class OpenIDAuthenticationFilterTests {
 
 	@Before
 	public void setUp() {
-		filter = new OpenIDAuthenticationFilter();
-		filter.setConsumer(new MockOpenIDConsumer(REDIRECT_URL));
+		this.filter = new OpenIDAuthenticationFilter();
+		this.filter.setConsumer(new MockOpenIDConsumer(REDIRECT_URL));
 		SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
-		filter.setAuthenticationSuccessHandler(new SavedRequestAwareAuthenticationSuccessHandler());
+		this.filter.setAuthenticationSuccessHandler(new SavedRequestAwareAuthenticationSuccessHandler());
 		successHandler.setDefaultTargetUrl(DEFAULT_TARGET_URL);
-		filter.setAuthenticationManager(a -> a);
-		filter.afterPropertiesSet();
+		this.filter.setAuthenticationManager(a -> a);
+		this.filter.afterPropertiesSet();
 	}
 
 	@Test
@@ -77,7 +77,7 @@ public class OpenIDAuthenticationFilterTests {
 		req.setParameter("openid_identifier", " " + CLAIMED_IDENTITY_URL);
 		req.setRemoteHost("www.example.com");
 
-		filter.setConsumer(new MockOpenIDConsumer() {
+		this.filter.setConsumer(new MockOpenIDConsumer() {
 			public String beginConsumption(HttpServletRequest req, String claimedIdentity, String returnToUrl,
 					String realm) {
 				assertThat(claimedIdentity).isEqualTo(CLAIMED_IDENTITY_URL);
@@ -88,7 +88,7 @@ public class OpenIDAuthenticationFilterTests {
 		});
 
 		FilterChain fc = mock(FilterChain.class);
-		filter.doFilter(req, response, fc);
+		this.filter.doFilter(req, response, fc);
 		assertThat(response.getRedirectedUrl()).isEqualTo(REDIRECT_URL);
 		// Filter chain shouldn't proceed
 		verify(fc, never()).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
@@ -104,9 +104,9 @@ public class OpenIDAuthenticationFilterTests {
 		String paramValue = "https://example.com/path?a=b&c=d";
 		MockHttpServletRequest req = new MockHttpServletRequest("GET", REQUEST_PATH);
 		req.addParameter(paramName, paramValue);
-		filter.setReturnToUrlParameters(Collections.singleton(paramName));
+		this.filter.setReturnToUrlParameters(Collections.singleton(paramName));
 
-		URI returnTo = new URI(filter.buildReturnToUrl(req));
+		URI returnTo = new URI(this.filter.buildReturnToUrl(req));
 		String query = returnTo.getRawQuery();
 		assertThat(count(query, '=')).isEqualTo(1);
 		assertThat(count(query, '&')).isZero();
diff --git a/remoting/src/main/java/org/springframework/security/remoting/httpinvoker/AuthenticationSimpleHttpInvokerRequestExecutor.java b/remoting/src/main/java/org/springframework/security/remoting/httpinvoker/AuthenticationSimpleHttpInvokerRequestExecutor.java
index 3768be9186..789e77ceb4 100644
--- a/remoting/src/main/java/org/springframework/security/remoting/httpinvoker/AuthenticationSimpleHttpInvokerRequestExecutor.java
+++ b/remoting/src/main/java/org/springframework/security/remoting/httpinvoker/AuthenticationSimpleHttpInvokerRequestExecutor.java
@@ -72,7 +72,7 @@ public class AuthenticationSimpleHttpInvokerRequestExecutor extends SimpleHttpIn
 		Authentication auth = SecurityContextHolder.getContext().getAuthentication();
 
 		if ((auth != null) && (auth.getName() != null) && (auth.getCredentials() != null)
-				&& !trustResolver.isAnonymous(auth)) {
+				&& !this.trustResolver.isAnonymous(auth)) {
 			String base64 = auth.getName() + ":" + auth.getCredentials().toString();
 			con.setRequestProperty("Authorization",
 					"Basic " + new String(Base64.getEncoder().encode(base64.getBytes())));
diff --git a/remoting/src/main/java/org/springframework/security/remoting/rmi/ContextPropagatingRemoteInvocation.java b/remoting/src/main/java/org/springframework/security/remoting/rmi/ContextPropagatingRemoteInvocation.java
index 09bbd95c2a..6967ee7ff2 100644
--- a/remoting/src/main/java/org/springframework/security/remoting/rmi/ContextPropagatingRemoteInvocation.java
+++ b/remoting/src/main/java/org/springframework/security/remoting/rmi/ContextPropagatingRemoteInvocation.java
@@ -63,17 +63,17 @@ public class ContextPropagatingRemoteInvocation extends RemoteInvocation {
 		Authentication currentUser = SecurityContextHolder.getContext().getAuthentication();
 
 		if (currentUser != null) {
-			principal = currentUser.getName();
+			this.principal = currentUser.getName();
 			Object userCredentials = currentUser.getCredentials();
-			credentials = userCredentials == null ? null : userCredentials.toString();
+			this.credentials = userCredentials == null ? null : userCredentials.toString();
 		}
 		else {
-			principal = credentials = null;
+			this.principal = this.credentials = null;
 		}
 
 		if (logger.isDebugEnabled()) {
-			logger.debug("RemoteInvocation now has principal: " + principal);
-			if (credentials == null) {
+			logger.debug("RemoteInvocation now has principal: " + this.principal);
+			if (this.credentials == null) {
 				logger.debug("RemoteInvocation now has null credentials.");
 			}
 		}
@@ -94,8 +94,8 @@ public class ContextPropagatingRemoteInvocation extends RemoteInvocation {
 	public Object invoke(Object targetObject)
 			throws NoSuchMethodException, IllegalAccessException, InvocationTargetException {
 
-		if (principal != null) {
-			Authentication request = createAuthenticationRequest(principal, credentials);
+		if (this.principal != null) {
+			Authentication request = createAuthenticationRequest(this.principal, this.credentials);
 			request.setAuthenticated(false);
 			SecurityContextHolder.getContext().setAuthentication(request);
 
diff --git a/remoting/src/test/java/org/springframework/security/remoting/dns/JndiDnsResolverTests.java b/remoting/src/test/java/org/springframework/security/remoting/dns/JndiDnsResolverTests.java
index 67c48447b6..38659f0f57 100644
--- a/remoting/src/test/java/org/springframework/security/remoting/dns/JndiDnsResolverTests.java
+++ b/remoting/src/test/java/org/springframework/security/remoting/dns/JndiDnsResolverTests.java
@@ -45,64 +45,65 @@ public class JndiDnsResolverTests {
 
 	@Before
 	public void setup() {
-		contextFactory = mock(InitialContextFactory.class);
-		context = mock(DirContext.class);
-		dnsResolver = new JndiDnsResolver();
-		dnsResolver.setCtxFactory(contextFactory);
-		when(contextFactory.getCtx()).thenReturn(context);
+		this.contextFactory = mock(InitialContextFactory.class);
+		this.context = mock(DirContext.class);
+		this.dnsResolver = new JndiDnsResolver();
+		this.dnsResolver.setCtxFactory(this.contextFactory);
+		when(this.contextFactory.getCtx()).thenReturn(this.context);
 	}
 
 	@Test
 	public void testResolveIpAddress() throws Exception {
 		Attributes records = new BasicAttributes("A", "63.246.7.80");
 
-		when(context.getAttributes("www.springsource.com", new String[] { "A" })).thenReturn(records);
+		when(this.context.getAttributes("www.springsource.com", new String[] { "A" })).thenReturn(records);
 
-		String ipAddress = dnsResolver.resolveIpAddress("www.springsource.com");
+		String ipAddress = this.dnsResolver.resolveIpAddress("www.springsource.com");
 		assertThat(ipAddress).isEqualTo("63.246.7.80");
 	}
 
 	@Test(expected = DnsEntryNotFoundException.class)
 	public void testResolveIpAddressNotExisting() throws Exception {
-		when(context.getAttributes(any(String.class), any(String[].class)))
+		when(this.context.getAttributes(any(String.class), any(String[].class)))
 				.thenThrow(new NameNotFoundException("not found"));
 
-		dnsResolver.resolveIpAddress("notexisting.ansdansdugiuzgguzgioansdiandwq.foo");
+		this.dnsResolver.resolveIpAddress("notexisting.ansdansdugiuzgguzgioansdiandwq.foo");
 	}
 
 	@Test
 	public void testResolveServiceEntry() throws Exception {
 		BasicAttributes records = createSrvRecords();
 
-		when(context.getAttributes("_ldap._tcp.springsource.com", new String[] { "SRV" })).thenReturn(records);
+		when(this.context.getAttributes("_ldap._tcp.springsource.com", new String[] { "SRV" })).thenReturn(records);
 
-		String hostname = dnsResolver.resolveServiceEntry("ldap", "springsource.com");
+		String hostname = this.dnsResolver.resolveServiceEntry("ldap", "springsource.com");
 		assertThat(hostname).isEqualTo("kdc.springsource.com");
 	}
 
 	@Test(expected = DnsEntryNotFoundException.class)
 	public void testResolveServiceEntryNotExisting() throws Exception {
-		when(context.getAttributes(any(String.class), any(String[].class)))
+		when(this.context.getAttributes(any(String.class), any(String[].class)))
 				.thenThrow(new NameNotFoundException("not found"));
 
-		dnsResolver.resolveServiceEntry("wrong", "secpod.de");
+		this.dnsResolver.resolveServiceEntry("wrong", "secpod.de");
 	}
 
 	@Test
 	public void testResolveServiceIpAddress() throws Exception {
 		BasicAttributes srvRecords = createSrvRecords();
 		BasicAttributes aRecords = new BasicAttributes("A", "63.246.7.80");
-		when(context.getAttributes("_ldap._tcp.springsource.com", new String[] { "SRV" })).thenReturn(srvRecords);
-		when(context.getAttributes("kdc.springsource.com", new String[] { "A" })).thenReturn(aRecords);
+		when(this.context.getAttributes("_ldap._tcp.springsource.com", new String[] { "SRV" })).thenReturn(srvRecords);
+		when(this.context.getAttributes("kdc.springsource.com", new String[] { "A" })).thenReturn(aRecords);
 
-		String ipAddress = dnsResolver.resolveServiceIpAddress("ldap", "springsource.com");
+		String ipAddress = this.dnsResolver.resolveServiceIpAddress("ldap", "springsource.com");
 		assertThat(ipAddress).isEqualTo("63.246.7.80");
 	}
 
 	@Test(expected = DnsLookupException.class)
 	public void testUnknowError() throws Exception {
-		when(context.getAttributes(any(String.class), any(String[].class))).thenThrow(new NamingException("error"));
-		dnsResolver.resolveIpAddress("");
+		when(this.context.getAttributes(any(String.class), any(String[].class)))
+				.thenThrow(new NamingException("error"));
+		this.dnsResolver.resolveIpAddress("");
 	}
 
 	private BasicAttributes createSrvRecords() {
diff --git a/remoting/src/test/java/org/springframework/security/remoting/httpinvoker/AuthenticationSimpleHttpInvokerRequestExecutorTests.java b/remoting/src/test/java/org/springframework/security/remoting/httpinvoker/AuthenticationSimpleHttpInvokerRequestExecutorTests.java
index 449b23532e..e6d1ad584a 100644
--- a/remoting/src/test/java/org/springframework/security/remoting/httpinvoker/AuthenticationSimpleHttpInvokerRequestExecutorTests.java
+++ b/remoting/src/test/java/org/springframework/security/remoting/httpinvoker/AuthenticationSimpleHttpInvokerRequestExecutorTests.java
@@ -111,11 +111,11 @@ public class AuthenticationSimpleHttpInvokerRequestExecutorTests {
 		}
 
 		public String getRequestProperty(String key) {
-			return requestProperties.get(key);
+			return this.requestProperties.get(key);
 		}
 
 		public void setRequestProperty(String key, String value) {
-			requestProperties.put(key, value);
+			this.requestProperties.put(key, value);
 		}
 
 		public boolean usingProxy() {
diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/util/matcher/PayloadExchangeMatcher.java b/rsocket/src/main/java/org/springframework/security/rsocket/util/matcher/PayloadExchangeMatcher.java
index c50665eca2..275208c6a6 100644
--- a/rsocket/src/main/java/org/springframework/security/rsocket/util/matcher/PayloadExchangeMatcher.java
+++ b/rsocket/src/main/java/org/springframework/security/rsocket/util/matcher/PayloadExchangeMatcher.java
@@ -53,7 +53,7 @@ public interface PayloadExchangeMatcher {
 		}
 
 		public boolean isMatch() {
-			return match;
+			return this.match;
 		}
 
 		/**
@@ -61,7 +61,7 @@ public interface PayloadExchangeMatcher {
 		 * @return
 		 */
 		public Map<String, Object> getVariables() {
-			return variables;
+			return this.variables;
 		}
 
 		/**
diff --git a/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadInterceptorRSocketTests.java b/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadInterceptorRSocketTests.java
index 6cf687eced..95ae4f08f7 100644
--- a/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadInterceptorRSocketTests.java
+++ b/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadInterceptorRSocketTests.java
@@ -95,22 +95,22 @@ public class PayloadInterceptorRSocketTests {
 		this.delegate = null;
 		List<PayloadInterceptor> interceptors = Arrays.asList(this.interceptor);
 		assertThatCode(() -> {
-			new PayloadInterceptorRSocket(this.delegate, interceptors, metadataMimeType, dataMimeType);
+			new PayloadInterceptorRSocket(this.delegate, interceptors, this.metadataMimeType, this.dataMimeType);
 		}).isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
 	public void constructorWhenNullInterceptorsThenException() {
 		List<PayloadInterceptor> interceptors = null;
-		assertThatCode(() -> new PayloadInterceptorRSocket(this.delegate, interceptors, metadataMimeType, dataMimeType))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatCode(() -> new PayloadInterceptorRSocket(this.delegate, interceptors, this.metadataMimeType,
+				this.dataMimeType)).isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
 	public void constructorWhenEmptyInterceptorsThenException() {
 		List<PayloadInterceptor> interceptors = Collections.emptyList();
-		assertThatCode(() -> new PayloadInterceptorRSocket(this.delegate, interceptors, metadataMimeType, dataMimeType))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatCode(() -> new PayloadInterceptorRSocket(this.delegate, interceptors, this.metadataMimeType,
+				this.dataMimeType)).isInstanceOf(IllegalArgumentException.class);
 	}
 
 	// single interceptor
@@ -121,7 +121,7 @@ public class PayloadInterceptorRSocketTests {
 		when(this.delegate.fireAndForget(any())).thenReturn(this.voidResult.mono());
 
 		PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(this.delegate,
-				Arrays.asList(this.interceptor), metadataMimeType, dataMimeType);
+				Arrays.asList(this.interceptor), this.metadataMimeType, this.dataMimeType);
 
 		StepVerifier.create(interceptor.fireAndForget(this.payload)).then(() -> this.voidResult.assertWasSubscribed())
 				.verifyComplete();
@@ -136,7 +136,7 @@ public class PayloadInterceptorRSocketTests {
 		when(this.interceptor.intercept(any(), any())).thenReturn(Mono.error(expected));
 
 		PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(this.delegate,
-				Arrays.asList(this.interceptor), metadataMimeType, dataMimeType);
+				Arrays.asList(this.interceptor), this.metadataMimeType, this.dataMimeType);
 
 		StepVerifier.create(interceptor.fireAndForget(this.payload))
 				.then(() -> this.voidResult.assertWasNotSubscribed())
@@ -159,7 +159,7 @@ public class PayloadInterceptorRSocketTests {
 			}
 		};
 		PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(assertAuthentication,
-				Arrays.asList(this.interceptor), metadataMimeType, dataMimeType);
+				Arrays.asList(this.interceptor), this.metadataMimeType, this.dataMimeType);
 
 		interceptor.fireAndForget(this.payload).block();
 
@@ -174,7 +174,7 @@ public class PayloadInterceptorRSocketTests {
 		when(this.delegate.requestResponse(any())).thenReturn(this.payloadResult.mono());
 
 		PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(this.delegate,
-				Arrays.asList(this.interceptor), metadataMimeType, dataMimeType);
+				Arrays.asList(this.interceptor), this.metadataMimeType, this.dataMimeType);
 
 		StepVerifier.create(interceptor.requestResponse(this.payload))
 				.then(() -> this.payloadResult.assertSubscribers()).then(() -> this.payloadResult.emit(this.payload))
@@ -191,7 +191,7 @@ public class PayloadInterceptorRSocketTests {
 		when(this.interceptor.intercept(any(), any())).thenReturn(Mono.error(expected));
 
 		PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(this.delegate,
-				Arrays.asList(this.interceptor), metadataMimeType, dataMimeType);
+				Arrays.asList(this.interceptor), this.metadataMimeType, this.dataMimeType);
 
 		assertThatCode(() -> interceptor.requestResponse(this.payload).block()).isEqualTo(expected);
 
@@ -213,7 +213,7 @@ public class PayloadInterceptorRSocketTests {
 			}
 		};
 		PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(assertAuthentication,
-				Arrays.asList(this.interceptor), metadataMimeType, dataMimeType);
+				Arrays.asList(this.interceptor), this.metadataMimeType, this.dataMimeType);
 
 		StepVerifier.create(interceptor.requestResponse(this.payload))
 				.then(() -> this.payloadResult.assertSubscribers()).then(() -> this.payloadResult.emit(this.payload))
@@ -230,7 +230,7 @@ public class PayloadInterceptorRSocketTests {
 		when(this.delegate.requestStream(any())).thenReturn(this.payloadResult.flux());
 
 		PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(this.delegate,
-				Arrays.asList(this.interceptor), metadataMimeType, dataMimeType);
+				Arrays.asList(this.interceptor), this.metadataMimeType, this.dataMimeType);
 
 		StepVerifier.create(interceptor.requestStream(this.payload)).then(() -> this.payloadResult.assertSubscribers())
 				.then(() -> this.payloadResult.emit(this.payload)).expectNext(this.payload).verifyComplete();
@@ -245,7 +245,7 @@ public class PayloadInterceptorRSocketTests {
 		when(this.interceptor.intercept(any(), any())).thenReturn(Mono.error(expected));
 
 		PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(this.delegate,
-				Arrays.asList(this.interceptor), metadataMimeType, dataMimeType);
+				Arrays.asList(this.interceptor), this.metadataMimeType, this.dataMimeType);
 
 		StepVerifier.create(interceptor.requestStream(this.payload))
 				.then(() -> this.payloadResult.assertNoSubscribers())
@@ -268,7 +268,7 @@ public class PayloadInterceptorRSocketTests {
 			}
 		};
 		PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(assertAuthentication,
-				Arrays.asList(this.interceptor), metadataMimeType, dataMimeType);
+				Arrays.asList(this.interceptor), this.metadataMimeType, this.dataMimeType);
 
 		StepVerifier.create(interceptor.requestStream(this.payload)).then(() -> this.payloadResult.assertSubscribers())
 				.then(() -> this.payloadResult.emit(this.payload)).expectNext(this.payload).verifyComplete();
@@ -284,7 +284,7 @@ public class PayloadInterceptorRSocketTests {
 		when(this.delegate.requestChannel(any())).thenReturn(this.payloadResult.flux());
 
 		PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(this.delegate,
-				Arrays.asList(this.interceptor), metadataMimeType, dataMimeType);
+				Arrays.asList(this.interceptor), this.metadataMimeType, this.dataMimeType);
 
 		StepVerifier.create(interceptor.requestChannel(Flux.just(this.payload)))
 				.then(() -> this.payloadResult.assertSubscribers()).then(() -> this.payloadResult.emit(this.payload))
@@ -325,7 +325,7 @@ public class PayloadInterceptorRSocketTests {
 			}
 		};
 		PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(assertAuthentication,
-				Arrays.asList(this.interceptor), metadataMimeType, dataMimeType);
+				Arrays.asList(this.interceptor), this.metadataMimeType, this.dataMimeType);
 
 		StepVerifier.create(interceptor.requestChannel(payload)).then(() -> this.payloadResult.assertSubscribers())
 				.then(() -> this.payloadResult.emit(this.payload)).expectNext(this.payload).verifyComplete();
@@ -341,7 +341,7 @@ public class PayloadInterceptorRSocketTests {
 		when(this.delegate.metadataPush(any())).thenReturn(this.voidResult.mono());
 
 		PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(this.delegate,
-				Arrays.asList(this.interceptor), metadataMimeType, dataMimeType);
+				Arrays.asList(this.interceptor), this.metadataMimeType, this.dataMimeType);
 
 		StepVerifier.create(interceptor.metadataPush(this.payload)).then(() -> this.voidResult.assertWasSubscribed())
 				.verifyComplete();
@@ -356,7 +356,7 @@ public class PayloadInterceptorRSocketTests {
 		when(this.interceptor.intercept(any(), any())).thenReturn(Mono.error(expected));
 
 		PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(this.delegate,
-				Arrays.asList(this.interceptor), metadataMimeType, dataMimeType);
+				Arrays.asList(this.interceptor), this.metadataMimeType, this.dataMimeType);
 
 		StepVerifier.create(interceptor.metadataPush(this.payload)).then(() -> this.voidResult.assertWasNotSubscribed())
 				.verifyErrorSatisfies(e -> assertThat(e).isEqualTo(expected));
@@ -378,7 +378,7 @@ public class PayloadInterceptorRSocketTests {
 			}
 		};
 		PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(assertAuthentication,
-				Arrays.asList(this.interceptor), metadataMimeType, dataMimeType);
+				Arrays.asList(this.interceptor), this.metadataMimeType, this.dataMimeType);
 
 		StepVerifier.create(interceptor.metadataPush(this.payload)).verifyComplete();
 
@@ -397,7 +397,7 @@ public class PayloadInterceptorRSocketTests {
 		when(this.delegate.fireAndForget(any())).thenReturn(this.voidResult.mono());
 
 		PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(this.delegate,
-				Arrays.asList(this.interceptor, this.interceptor2), metadataMimeType, dataMimeType);
+				Arrays.asList(this.interceptor, this.interceptor2), this.metadataMimeType, this.dataMimeType);
 
 		interceptor.fireAndForget(this.payload).block();
 
@@ -413,7 +413,7 @@ public class PayloadInterceptorRSocketTests {
 		when(this.delegate.fireAndForget(any())).thenReturn(this.voidResult.mono());
 
 		PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(this.delegate,
-				Arrays.asList(this.interceptor, this.interceptor2), metadataMimeType, dataMimeType);
+				Arrays.asList(this.interceptor, this.interceptor2), this.metadataMimeType, this.dataMimeType);
 
 		interceptor.fireAndForget(this.payload).block();
 
@@ -430,7 +430,7 @@ public class PayloadInterceptorRSocketTests {
 		when(this.interceptor.intercept(any(), any())).thenReturn(Mono.error(expected));
 
 		PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(this.delegate,
-				Arrays.asList(this.interceptor, this.interceptor2), metadataMimeType, dataMimeType);
+				Arrays.asList(this.interceptor, this.interceptor2), this.metadataMimeType, this.dataMimeType);
 
 		assertThatCode(() -> interceptor.fireAndForget(this.payload).block()).isEqualTo(expected);
 
@@ -447,7 +447,7 @@ public class PayloadInterceptorRSocketTests {
 		when(this.interceptor2.intercept(any(), any())).thenReturn(Mono.error(expected));
 
 		PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(this.delegate,
-				Arrays.asList(this.interceptor, this.interceptor2), metadataMimeType, dataMimeType);
+				Arrays.asList(this.interceptor, this.interceptor2), this.metadataMimeType, this.dataMimeType);
 
 		assertThatCode(() -> interceptor.fireAndForget(this.payload).block()).isEqualTo(expected);
 
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationException.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationException.java
index b462b18ccf..a2d5b7deea 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationException.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationException.java
@@ -174,7 +174,7 @@ public class Saml2AuthenticationException extends AuthenticationException {
 	@Override
 	public String toString() {
 		final StringBuffer sb = new StringBuffer("Saml2AuthenticationException{");
-		sb.append("error=").append(error);
+		sb.append("error=").append(this.error);
 		sb.append('}');
 		return sb.toString();
 	}
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationRequest.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationRequest.java
index 7f428f7a3e..495709919b 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationRequest.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationRequest.java
@@ -87,7 +87,7 @@ public final class Saml2AuthenticationRequest {
 	 * @return the AssertionConsumerServiceURL value
 	 */
 	public String getAssertionConsumerServiceUrl() {
-		return assertionConsumerServiceUrl;
+		return this.assertionConsumerServiceUrl;
 	}
 
 	/**
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationRequestContext.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationRequestContext.java
index 53c87b0560..a8bf6aeb51 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationRequestContext.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationRequestContext.java
@@ -76,7 +76,7 @@ public class Saml2AuthenticationRequestContext {
 	 * @return the AssertionConsumerServiceURL value
 	 */
 	public String getAssertionConsumerServiceUrl() {
-		return assertionConsumerServiceUrl;
+		return this.assertionConsumerServiceUrl;
 	}
 
 	/**
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/Saml2MessageBinding.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/Saml2MessageBinding.java
index f8d43315d0..958f608e7e 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/Saml2MessageBinding.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/Saml2MessageBinding.java
@@ -40,7 +40,7 @@ public enum Saml2MessageBinding {
 	 * @return URN value representing this binding
 	 */
 	public String getUrn() {
-		return urn;
+		return this.urn;
 	}
 
 }
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/core/Saml2X509CredentialTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/core/Saml2X509CredentialTests.java
index 600f2a4260..feb48316bc 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/core/Saml2X509CredentialTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/core/Saml2X509CredentialTests.java
@@ -60,7 +60,7 @@ public class Saml2X509CredentialTests {
 				+ "YX/sDTE2AdVBVGaMj1Cb51bPHnNC6Q5kXKQnj/YrLqRQND09Q7ParX0CQQC5NxZr\n"
 				+ "9jKqhHj8yQD6PlXTsY4Occ7DH6/IoDenfdEVD5qlet0zmd50HatN2Jiqm5ubN7CM\n" + "INrtuLp4YHbgk1mi\n"
 				+ "-----END PRIVATE KEY-----";
-		key = RsaKeyConverters.pkcs8().convert(new ByteArrayInputStream(keyData.getBytes(UTF_8)));
+		this.key = RsaKeyConverters.pkcs8().convert(new ByteArrayInputStream(keyData.getBytes(UTF_8)));
 		final CertificateFactory factory = CertificateFactory.getInstance("X.509");
 		String certificateData = "-----BEGIN CERTIFICATE-----\n"
 				+ "MIICgTCCAeoCCQCuVzyqFgMSyDANBgkqhkiG9w0BAQsFADCBhDELMAkGA1UEBhMC\n"
@@ -77,121 +77,121 @@ public class Saml2X509CredentialTests {
 				+ "XOfI2Z9eukwrSknDwq/zscR0YxwwqDBMt/QdAODfSwAfnciiYLkmEjlozWRtOeN+\n"
 				+ "qK7UFgP1bRl5qksrYX5S0z2iGJh0GvonLUt3e20Ssfl5tTEDDnAEUMLfBkyaxEHD\n"
 				+ "RZ/nbTJ7VTeZOSyRoVn5XHhpuJ0B\n" + "-----END CERTIFICATE-----";
-		certificate = (X509Certificate) factory
+		this.certificate = (X509Certificate) factory
 				.generateCertificate(new ByteArrayInputStream(certificateData.getBytes(UTF_8)));
 	}
 
 	@Test
 	public void constructorWhenRelyingPartyWithCredentialsThenItSucceeds() {
-		new Saml2X509Credential(key, certificate, SIGNING);
-		new Saml2X509Credential(key, certificate, SIGNING, DECRYPTION);
-		new Saml2X509Credential(key, certificate, DECRYPTION);
-		Saml2X509Credential.signing(key, certificate);
-		Saml2X509Credential.decryption(key, certificate);
+		new Saml2X509Credential(this.key, this.certificate, SIGNING);
+		new Saml2X509Credential(this.key, this.certificate, SIGNING, DECRYPTION);
+		new Saml2X509Credential(this.key, this.certificate, DECRYPTION);
+		Saml2X509Credential.signing(this.key, this.certificate);
+		Saml2X509Credential.decryption(this.key, this.certificate);
 	}
 
 	@Test
 	public void constructorWhenAssertingPartyWithCredentialsThenItSucceeds() {
-		new Saml2X509Credential(certificate, VERIFICATION);
-		new Saml2X509Credential(certificate, VERIFICATION, ENCRYPTION);
-		new Saml2X509Credential(certificate, ENCRYPTION);
-		Saml2X509Credential.verification(certificate);
-		Saml2X509Credential.encryption(certificate);
+		new Saml2X509Credential(this.certificate, VERIFICATION);
+		new Saml2X509Credential(this.certificate, VERIFICATION, ENCRYPTION);
+		new Saml2X509Credential(this.certificate, ENCRYPTION);
+		Saml2X509Credential.verification(this.certificate);
+		Saml2X509Credential.encryption(this.certificate);
 	}
 
 	@Test
 	public void constructorWhenRelyingPartyWithoutCredentialsThenItFails() {
-		exception.expect(IllegalArgumentException.class);
+		this.exception.expect(IllegalArgumentException.class);
 		new Saml2X509Credential(null, (X509Certificate) null, SIGNING);
 	}
 
 	@Test
 	public void constructorWhenRelyingPartyWithoutPrivateKeyThenItFails() {
-		exception.expect(IllegalArgumentException.class);
-		new Saml2X509Credential(null, certificate, SIGNING);
+		this.exception.expect(IllegalArgumentException.class);
+		new Saml2X509Credential(null, this.certificate, SIGNING);
 	}
 
 	@Test
 	public void constructorWhenRelyingPartyWithoutCertificateThenItFails() {
-		exception.expect(IllegalArgumentException.class);
-		new Saml2X509Credential(key, null, SIGNING);
+		this.exception.expect(IllegalArgumentException.class);
+		new Saml2X509Credential(this.key, null, SIGNING);
 	}
 
 	@Test
 	public void constructorWhenAssertingPartyWithoutCertificateThenItFails() {
-		exception.expect(IllegalArgumentException.class);
+		this.exception.expect(IllegalArgumentException.class);
 		new Saml2X509Credential(null, SIGNING);
 	}
 
 	@Test
 	public void constructorWhenRelyingPartyWithEncryptionUsageThenItFails() {
-		exception.expect(IllegalStateException.class);
-		new Saml2X509Credential(key, certificate, ENCRYPTION);
+		this.exception.expect(IllegalStateException.class);
+		new Saml2X509Credential(this.key, this.certificate, ENCRYPTION);
 	}
 
 	@Test
 	public void constructorWhenRelyingPartyWithVerificationUsageThenItFails() {
-		exception.expect(IllegalStateException.class);
-		new Saml2X509Credential(key, certificate, VERIFICATION);
+		this.exception.expect(IllegalStateException.class);
+		new Saml2X509Credential(this.key, this.certificate, VERIFICATION);
 	}
 
 	@Test
 	public void constructorWhenAssertingPartyWithSigningUsageThenItFails() {
-		exception.expect(IllegalStateException.class);
-		new Saml2X509Credential(certificate, SIGNING);
+		this.exception.expect(IllegalStateException.class);
+		new Saml2X509Credential(this.certificate, SIGNING);
 	}
 
 	@Test
 	public void constructorWhenAssertingPartyWithDecryptionUsageThenItFails() {
-		exception.expect(IllegalStateException.class);
-		new Saml2X509Credential(certificate, DECRYPTION);
+		this.exception.expect(IllegalStateException.class);
+		new Saml2X509Credential(this.certificate, DECRYPTION);
 	}
 
 	@Test
 	public void factoryWhenRelyingPartyForSigningWithoutCredentialsThenItFails() {
-		exception.expect(IllegalArgumentException.class);
+		this.exception.expect(IllegalArgumentException.class);
 		Saml2X509Credential.signing(null, null);
 	}
 
 	@Test
 	public void factoryWhenRelyingPartyForSigningWithoutPrivateKeyThenItFails() {
-		exception.expect(IllegalArgumentException.class);
-		Saml2X509Credential.signing(null, certificate);
+		this.exception.expect(IllegalArgumentException.class);
+		Saml2X509Credential.signing(null, this.certificate);
 	}
 
 	@Test
 	public void factoryWhenRelyingPartyForSigningWithoutCertificateThenItFails() {
-		exception.expect(IllegalArgumentException.class);
-		Saml2X509Credential.signing(key, null);
+		this.exception.expect(IllegalArgumentException.class);
+		Saml2X509Credential.signing(this.key, null);
 	}
 
 	@Test
 	public void factoryWhenRelyingPartyForDecryptionWithoutCredentialsThenItFails() {
-		exception.expect(IllegalArgumentException.class);
+		this.exception.expect(IllegalArgumentException.class);
 		Saml2X509Credential.decryption(null, null);
 	}
 
 	@Test
 	public void factoryWhenRelyingPartyForDecryptionWithoutPrivateKeyThenItFails() {
-		exception.expect(IllegalArgumentException.class);
-		Saml2X509Credential.decryption(null, certificate);
+		this.exception.expect(IllegalArgumentException.class);
+		Saml2X509Credential.decryption(null, this.certificate);
 	}
 
 	@Test
 	public void factoryWhenRelyingPartyForDecryptionWithoutCertificateThenItFails() {
-		exception.expect(IllegalArgumentException.class);
-		Saml2X509Credential.decryption(key, null);
+		this.exception.expect(IllegalArgumentException.class);
+		Saml2X509Credential.decryption(this.key, null);
 	}
 
 	@Test
 	public void factoryWhenAssertingPartyForVerificationWithoutCertificateThenItFails() {
-		exception.expect(IllegalArgumentException.class);
+		this.exception.expect(IllegalArgumentException.class);
 		Saml2X509Credential.verification(null);
 	}
 
 	@Test
 	public void factoryWhenAssertingPartyForEncryptionWithoutCertificateThenItFails() {
-		exception.expect(IllegalArgumentException.class);
+		this.exception.expect(IllegalArgumentException.class);
 		Saml2X509Credential.encryption(null);
 	}
 
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/credentials/Saml2X509CredentialTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/credentials/Saml2X509CredentialTests.java
index ec29a21fc5..7742ae3f40 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/credentials/Saml2X509CredentialTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/credentials/Saml2X509CredentialTests.java
@@ -62,7 +62,7 @@ public class Saml2X509CredentialTests {
 				+ "YX/sDTE2AdVBVGaMj1Cb51bPHnNC6Q5kXKQnj/YrLqRQND09Q7ParX0CQQC5NxZr\n"
 				+ "9jKqhHj8yQD6PlXTsY4Occ7DH6/IoDenfdEVD5qlet0zmd50HatN2Jiqm5ubN7CM\n" + "INrtuLp4YHbgk1mi\n"
 				+ "-----END PRIVATE KEY-----";
-		key = RsaKeyConverters.pkcs8().convert(new ByteArrayInputStream(keyData.getBytes(UTF_8)));
+		this.key = RsaKeyConverters.pkcs8().convert(new ByteArrayInputStream(keyData.getBytes(UTF_8)));
 		final CertificateFactory factory = CertificateFactory.getInstance("X.509");
 		String certificateData = "-----BEGIN CERTIFICATE-----\n"
 				+ "MIICgTCCAeoCCQCuVzyqFgMSyDANBgkqhkiG9w0BAQsFADCBhDELMAkGA1UEBhMC\n"
@@ -79,70 +79,70 @@ public class Saml2X509CredentialTests {
 				+ "XOfI2Z9eukwrSknDwq/zscR0YxwwqDBMt/QdAODfSwAfnciiYLkmEjlozWRtOeN+\n"
 				+ "qK7UFgP1bRl5qksrYX5S0z2iGJh0GvonLUt3e20Ssfl5tTEDDnAEUMLfBkyaxEHD\n"
 				+ "RZ/nbTJ7VTeZOSyRoVn5XHhpuJ0B\n" + "-----END CERTIFICATE-----";
-		certificate = (X509Certificate) factory
+		this.certificate = (X509Certificate) factory
 				.generateCertificate(new ByteArrayInputStream(certificateData.getBytes(UTF_8)));
 	}
 
 	@Test
 	public void constructorWhenRelyingPartyWithCredentialsThenItSucceeds() {
-		new Saml2X509Credential(key, certificate, SIGNING);
-		new Saml2X509Credential(key, certificate, SIGNING, DECRYPTION);
-		new Saml2X509Credential(key, certificate, DECRYPTION);
+		new Saml2X509Credential(this.key, this.certificate, SIGNING);
+		new Saml2X509Credential(this.key, this.certificate, SIGNING, DECRYPTION);
+		new Saml2X509Credential(this.key, this.certificate, DECRYPTION);
 	}
 
 	@Test
 	public void constructorWhenAssertingPartyWithCredentialsThenItSucceeds() {
-		new Saml2X509Credential(certificate, VERIFICATION);
-		new Saml2X509Credential(certificate, VERIFICATION, ENCRYPTION);
-		new Saml2X509Credential(certificate, ENCRYPTION);
+		new Saml2X509Credential(this.certificate, VERIFICATION);
+		new Saml2X509Credential(this.certificate, VERIFICATION, ENCRYPTION);
+		new Saml2X509Credential(this.certificate, ENCRYPTION);
 	}
 
 	@Test
 	public void constructorWhenRelyingPartyWithoutCredentialsThenItFails() {
-		exception.expect(IllegalArgumentException.class);
+		this.exception.expect(IllegalArgumentException.class);
 		new Saml2X509Credential(null, (X509Certificate) null, SIGNING);
 	}
 
 	@Test
 	public void constructorWhenRelyingPartyWithoutPrivateKeyThenItFails() {
-		exception.expect(IllegalArgumentException.class);
-		new Saml2X509Credential(null, certificate, SIGNING);
+		this.exception.expect(IllegalArgumentException.class);
+		new Saml2X509Credential(null, this.certificate, SIGNING);
 	}
 
 	@Test
 	public void constructorWhenRelyingPartyWithoutCertificateThenItFails() {
-		exception.expect(IllegalArgumentException.class);
-		new Saml2X509Credential(key, null, SIGNING);
+		this.exception.expect(IllegalArgumentException.class);
+		new Saml2X509Credential(this.key, null, SIGNING);
 	}
 
 	@Test
 	public void constructorWhenAssertingPartyWithoutCertificateThenItFails() {
-		exception.expect(IllegalArgumentException.class);
+		this.exception.expect(IllegalArgumentException.class);
 		new Saml2X509Credential(null, SIGNING);
 	}
 
 	@Test
 	public void constructorWhenRelyingPartyWithEncryptionUsageThenItFails() {
-		exception.expect(IllegalStateException.class);
-		new Saml2X509Credential(key, certificate, ENCRYPTION);
+		this.exception.expect(IllegalStateException.class);
+		new Saml2X509Credential(this.key, this.certificate, ENCRYPTION);
 	}
 
 	@Test
 	public void constructorWhenRelyingPartyWithVerificationUsageThenItFails() {
-		exception.expect(IllegalStateException.class);
-		new Saml2X509Credential(key, certificate, VERIFICATION);
+		this.exception.expect(IllegalStateException.class);
+		new Saml2X509Credential(this.key, this.certificate, VERIFICATION);
 	}
 
 	@Test
 	public void constructorWhenAssertingPartyWithSigningUsageThenItFails() {
-		exception.expect(IllegalStateException.class);
-		new Saml2X509Credential(certificate, SIGNING);
+		this.exception.expect(IllegalStateException.class);
+		new Saml2X509Credential(this.certificate, SIGNING);
 	}
 
 	@Test
 	public void constructorWhenAssertingPartyWithDecryptionUsageThenItFails() {
-		exception.expect(IllegalStateException.class);
-		new Saml2X509Credential(certificate, DECRYPTION);
+		this.exception.expect(IllegalStateException.class);
+		new Saml2X509Credential(this.certificate, DECRYPTION);
 	}
 
 }
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationRequestFactoryTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationRequestFactoryTests.java
index 31bd0db6f2..a3962b07ee 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationRequestFactoryTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationRequestFactoryTests.java
@@ -80,25 +80,26 @@ public class OpenSamlAuthenticationRequestFactoryTests {
 				.providerDetails(c -> c.entityId("remote-entity-id")).localEntityIdTemplate("local-entity-id")
 				.credentials(c -> c.add(relyingPartySigningCredential()));
 		this.relyingPartyRegistration = this.relyingPartyRegistrationBuilder.build();
-		contextBuilder = Saml2AuthenticationRequestContext.builder().issuer("https://issuer")
-				.relyingPartyRegistration(relyingPartyRegistration).assertionConsumerServiceUrl("https://issuer/sso");
-		context = contextBuilder.build();
-		factory = new OpenSamlAuthenticationRequestFactory();
+		this.contextBuilder = Saml2AuthenticationRequestContext.builder().issuer("https://issuer")
+				.relyingPartyRegistration(this.relyingPartyRegistration)
+				.assertionConsumerServiceUrl("https://issuer/sso");
+		this.context = this.contextBuilder.build();
+		this.factory = new OpenSamlAuthenticationRequestFactory();
 	}
 
 	@Test
 	public void createAuthenticationRequestWhenInvokingDeprecatedMethodThenReturnsXML() {
-		Saml2AuthenticationRequest request = Saml2AuthenticationRequest.withAuthenticationRequestContext(context)
+		Saml2AuthenticationRequest request = Saml2AuthenticationRequest.withAuthenticationRequestContext(this.context)
 				.build();
-		String result = factory.createAuthenticationRequest(request);
+		String result = this.factory.createAuthenticationRequest(request);
 		assertThat(result.replace("\n", ""))
 				.startsWith("<?xml version=\"1.0\" encoding=\"UTF-8\"?><saml2p:AuthnRequest");
 	}
 
 	@Test
 	public void createRedirectAuthenticationRequestWhenUsingContextThenAllValuesAreSet() {
-		context = contextBuilder.relayState("Relay State Value").build();
-		Saml2RedirectAuthenticationRequest result = factory.createRedirectAuthenticationRequest(context);
+		this.context = this.contextBuilder.relayState("Relay State Value").build();
+		Saml2RedirectAuthenticationRequest result = this.factory.createRedirectAuthenticationRequest(this.context);
 		assertThat(result.getSamlRequest()).isNotEmpty();
 		assertThat(result.getRelayState()).isEqualTo("Relay State Value");
 		assertThat(result.getSigAlg()).isNotEmpty();
@@ -109,11 +110,11 @@ public class OpenSamlAuthenticationRequestFactoryTests {
 	@Test
 	public void createRedirectAuthenticationRequestWhenNotSignRequestThenNoSignatureIsPresent() {
 
-		context = contextBuilder.relayState("Relay State Value")
-				.relyingPartyRegistration(withRelyingPartyRegistration(relyingPartyRegistration)
+		this.context = this.contextBuilder.relayState("Relay State Value")
+				.relyingPartyRegistration(withRelyingPartyRegistration(this.relyingPartyRegistration)
 						.providerDetails(c -> c.signAuthNRequest(false)).build())
 				.build();
-		Saml2RedirectAuthenticationRequest result = factory.createRedirectAuthenticationRequest(context);
+		Saml2RedirectAuthenticationRequest result = this.factory.createRedirectAuthenticationRequest(this.context);
 		assertThat(result.getSamlRequest()).isNotEmpty();
 		assertThat(result.getRelayState()).isEqualTo("Relay State Value");
 		assertThat(result.getSigAlg()).isNull();
@@ -123,11 +124,11 @@ public class OpenSamlAuthenticationRequestFactoryTests {
 
 	@Test
 	public void createPostAuthenticationRequestWhenNotSignRequestThenNoSignatureIsPresent() {
-		context = contextBuilder.relayState("Relay State Value")
-				.relyingPartyRegistration(withRelyingPartyRegistration(relyingPartyRegistration)
+		this.context = this.contextBuilder.relayState("Relay State Value")
+				.relyingPartyRegistration(withRelyingPartyRegistration(this.relyingPartyRegistration)
 						.providerDetails(c -> c.signAuthNRequest(false)).build())
 				.build();
-		Saml2PostAuthenticationRequest result = factory.createPostAuthenticationRequest(context);
+		Saml2PostAuthenticationRequest result = this.factory.createPostAuthenticationRequest(this.context);
 		assertThat(result.getSamlRequest()).isNotEmpty();
 		assertThat(result.getRelayState()).isEqualTo("Relay State Value");
 		assertThat(result.getBinding()).isEqualTo(POST);
@@ -136,9 +137,9 @@ public class OpenSamlAuthenticationRequestFactoryTests {
 
 	@Test
 	public void createPostAuthenticationRequestWhenSignRequestThenSignatureIsPresent() {
-		context = contextBuilder.relayState("Relay State Value")
-				.relyingPartyRegistration(withRelyingPartyRegistration(relyingPartyRegistration).build()).build();
-		Saml2PostAuthenticationRequest result = factory.createPostAuthenticationRequest(context);
+		this.context = this.contextBuilder.relayState("Relay State Value")
+				.relyingPartyRegistration(withRelyingPartyRegistration(this.relyingPartyRegistration).build()).build();
+		Saml2PostAuthenticationRequest result = this.factory.createPostAuthenticationRequest(this.context);
 		assertThat(result.getSamlRequest()).isNotEmpty();
 		assertThat(result.getRelayState()).isEqualTo("Relay State Value");
 		assertThat(result.getBinding()).isEqualTo(POST);
@@ -153,16 +154,16 @@ public class OpenSamlAuthenticationRequestFactoryTests {
 
 	@Test
 	public void createAuthenticationRequestWhenSetUriThenReturnsCorrectBinding() {
-		factory.setProtocolBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
+		this.factory.setProtocolBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
 		AuthnRequest authn = getAuthNRequest(POST);
 		Assert.assertEquals(SAMLConstants.SAML2_REDIRECT_BINDING_URI, authn.getProtocolBinding());
 	}
 
 	@Test
 	public void createAuthenticationRequestWhenSetUnsupportredUriThenThrowsIllegalArgumentException() {
-		exception.expect(IllegalArgumentException.class);
-		exception.expectMessage(containsString("my-invalid-binding"));
-		factory.setProtocolBinding("my-invalid-binding");
+		this.exception.expect(IllegalArgumentException.class);
+		this.exception.expectMessage(containsString("my-invalid-binding"));
+		this.factory.setProtocolBinding("my-invalid-binding");
 	}
 
 	@Test
@@ -209,8 +210,8 @@ public class OpenSamlAuthenticationRequestFactoryTests {
 
 	private AuthnRequest getAuthNRequest(Saml2MessageBinding binding) {
 		AbstractSaml2AuthenticationRequest result = (binding == REDIRECT)
-				? factory.createRedirectAuthenticationRequest(context)
-				: factory.createPostAuthenticationRequest(context);
+				? this.factory.createRedirectAuthenticationRequest(this.context)
+				: this.factory.createPostAuthenticationRequest(this.context);
 		String samlRequest = result.getSamlRequest();
 		assertThat(samlRequest).isNotEmpty();
 		if (result.getBinding() == REDIRECT) {
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationRequestFactoryTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationRequestFactoryTests.java
index d204d8e361..2a13ed2220 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationRequestFactoryTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationRequestFactoryTests.java
@@ -43,7 +43,7 @@ public class Saml2AuthenticationRequestFactoryTests {
 		final String value = "Test String: " + UUID.randomUUID().toString();
 		Saml2AuthenticationRequestFactory factory = request -> value;
 		Saml2AuthenticationRequestContext request = Saml2AuthenticationRequestContext.builder()
-				.relyingPartyRegistration(registration).issuer("https://example.com/issuer")
+				.relyingPartyRegistration(this.registration).issuer("https://example.com/issuer")
 				.assertionConsumerServiceUrl("https://example.com/acs-url").build();
 		Saml2RedirectAuthenticationRequest response = factory.createRedirectAuthenticationRequest(request);
 		String resultValue = response.getSamlRequest();
@@ -57,7 +57,7 @@ public class Saml2AuthenticationRequestFactoryTests {
 		final String value = "Test String: " + UUID.randomUUID().toString();
 		Saml2AuthenticationRequestFactory factory = request -> value;
 		Saml2AuthenticationRequestContext request = Saml2AuthenticationRequestContext.builder()
-				.relyingPartyRegistration(registration).issuer("https://example.com/issuer")
+				.relyingPartyRegistration(this.registration).issuer("https://example.com/issuer")
 				.assertionConsumerServiceUrl("https://example.com/acs-url").build();
 		Saml2PostAuthenticationRequest response = factory.createPostAuthenticationRequest(request);
 		String resultValue = response.getSamlRequest();
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationFilterTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationFilterTests.java
index 6e7a086016..2127ca11a4 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationFilterTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationFilterTests.java
@@ -49,47 +49,47 @@ public class Saml2WebSsoAuthenticationFilterTests {
 
 	@Before
 	public void setup() {
-		filter = new Saml2WebSsoAuthenticationFilter(repository);
-		request.setPathInfo("/login/saml2/sso/idp-registration-id");
-		request.setParameter("SAMLResponse", "xml-data-goes-here");
+		this.filter = new Saml2WebSsoAuthenticationFilter(this.repository);
+		this.request.setPathInfo("/login/saml2/sso/idp-registration-id");
+		this.request.setParameter("SAMLResponse", "xml-data-goes-here");
 	}
 
 	@Test
 	public void constructingFilterWithMissingRegistrationIdVariableThenThrowsException() {
-		exception.expect(IllegalArgumentException.class);
-		exception.expectMessage("filterProcessesUrl must contain a {registrationId} match variable");
-		filter = new Saml2WebSsoAuthenticationFilter(repository, "/url/missing/variable");
+		this.exception.expect(IllegalArgumentException.class);
+		this.exception.expectMessage("filterProcessesUrl must contain a {registrationId} match variable");
+		this.filter = new Saml2WebSsoAuthenticationFilter(this.repository, "/url/missing/variable");
 	}
 
 	@Test
 	public void constructingFilterWithValidRegistrationIdVariableThenSucceeds() {
-		filter = new Saml2WebSsoAuthenticationFilter(repository, "/url/variable/is/present/{registrationId}");
+		this.filter = new Saml2WebSsoAuthenticationFilter(this.repository, "/url/variable/is/present/{registrationId}");
 	}
 
 	@Test
 	public void requiresAuthenticationWhenHappyPathThenReturnsTrue() {
-		Assert.assertTrue(filter.requiresAuthentication(request, response));
+		Assert.assertTrue(this.filter.requiresAuthentication(this.request, this.response));
 	}
 
 	@Test
 	public void requiresAuthenticationWhenCustomProcessingUrlThenReturnsTrue() {
-		filter = new Saml2WebSsoAuthenticationFilter(repository, "/some/other/path/{registrationId}");
-		request.setPathInfo("/some/other/path/idp-registration-id");
-		request.setParameter("SAMLResponse", "xml-data-goes-here");
-		Assert.assertTrue(filter.requiresAuthentication(request, response));
+		this.filter = new Saml2WebSsoAuthenticationFilter(this.repository, "/some/other/path/{registrationId}");
+		this.request.setPathInfo("/some/other/path/idp-registration-id");
+		this.request.setParameter("SAMLResponse", "xml-data-goes-here");
+		Assert.assertTrue(this.filter.requiresAuthentication(this.request, this.response));
 	}
 
 	@Test
 	public void attemptAuthenticationWhenRegistrationIdDoesNotExistThenThrowsException() {
-		when(repository.findByRegistrationId("non-existent-id")).thenReturn(null);
+		when(this.repository.findByRegistrationId("non-existent-id")).thenReturn(null);
 
-		filter = new Saml2WebSsoAuthenticationFilter(repository, "/some/other/path/{registrationId}");
+		this.filter = new Saml2WebSsoAuthenticationFilter(this.repository, "/some/other/path/{registrationId}");
 
-		request.setPathInfo("/some/other/path/non-existent-id");
-		request.setParameter("SAMLResponse", "response");
+		this.request.setPathInfo("/some/other/path/non-existent-id");
+		this.request.setParameter("SAMLResponse", "response");
 
 		try {
-			filter.attemptAuthentication(request, response);
+			this.filter.attemptAuthentication(this.request, this.response);
 			failBecauseExceptionWasNotThrown(Saml2AuthenticationException.class);
 		}
 		catch (Exception e) {
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationRequestFilterTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationRequestFilterTests.java
index 7cd21c6c40..6526829196 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationRequestFilterTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationRequestFilterTests.java
@@ -68,14 +68,14 @@ public class Saml2WebSsoAuthenticationRequestFilterTests {
 
 	@Before
 	public void setup() {
-		filter = new Saml2WebSsoAuthenticationRequestFilter(repository);
-		request = new MockHttpServletRequest();
-		response = new MockHttpServletResponse();
-		request.setPathInfo("/saml2/authenticate/registration-id");
+		this.filter = new Saml2WebSsoAuthenticationRequestFilter(this.repository);
+		this.request = new MockHttpServletRequest();
+		this.response = new MockHttpServletResponse();
+		this.request.setPathInfo("/saml2/authenticate/registration-id");
 
-		filterChain = new MockFilterChain();
+		this.filterChain = new MockFilterChain();
 
-		rpBuilder = RelyingPartyRegistration.withRegistrationId("registration-id")
+		this.rpBuilder = RelyingPartyRegistration.withRegistrationId("registration-id")
 				.providerDetails(c -> c.entityId("idp-entity-id")).providerDetails(c -> c.webSsoUrl(IDP_SSO_URL))
 				.assertionConsumerServiceUrlTemplate("template")
 				.credentials(c -> c.add(assertingPartyPrivateCredential()));
@@ -83,62 +83,63 @@ public class Saml2WebSsoAuthenticationRequestFilterTests {
 
 	@Test
 	public void doFilterWhenNoRelayStateThenRedirectDoesNotContainParameter() throws ServletException, IOException {
-		when(repository.findByRegistrationId("registration-id")).thenReturn(rpBuilder.build());
-		filter.doFilterInternal(request, response, filterChain);
-		assertThat(response.getHeader("Location")).doesNotContain("RelayState=").startsWith(IDP_SSO_URL);
+		when(this.repository.findByRegistrationId("registration-id")).thenReturn(this.rpBuilder.build());
+		this.filter.doFilterInternal(this.request, this.response, this.filterChain);
+		assertThat(this.response.getHeader("Location")).doesNotContain("RelayState=").startsWith(IDP_SSO_URL);
 	}
 
 	@Test
 	public void doFilterWhenRelayStateThenRedirectDoesContainParameter() throws ServletException, IOException {
-		when(repository.findByRegistrationId("registration-id")).thenReturn(rpBuilder.build());
-		request.setParameter("RelayState", "my-relay-state");
-		filter.doFilterInternal(request, response, filterChain);
-		assertThat(response.getHeader("Location")).contains("RelayState=my-relay-state").startsWith(IDP_SSO_URL);
+		when(this.repository.findByRegistrationId("registration-id")).thenReturn(this.rpBuilder.build());
+		this.request.setParameter("RelayState", "my-relay-state");
+		this.filter.doFilterInternal(this.request, this.response, this.filterChain);
+		assertThat(this.response.getHeader("Location")).contains("RelayState=my-relay-state").startsWith(IDP_SSO_URL);
 	}
 
 	@Test
 	public void doFilterWhenRelayStateThatRequiresEncodingThenRedirectDoesContainsEncodedParameter() throws Exception {
-		when(repository.findByRegistrationId("registration-id")).thenReturn(rpBuilder.build());
+		when(this.repository.findByRegistrationId("registration-id")).thenReturn(this.rpBuilder.build());
 		final String relayStateValue = "https://my-relay-state.example.com?with=param&other=param";
 		final String relayStateEncoded = UriUtils.encode(relayStateValue, StandardCharsets.ISO_8859_1);
-		request.setParameter("RelayState", relayStateValue);
-		filter.doFilterInternal(request, response, filterChain);
-		assertThat(response.getHeader("Location")).contains("RelayState=" + relayStateEncoded).startsWith(IDP_SSO_URL);
+		this.request.setParameter("RelayState", relayStateValue);
+		this.filter.doFilterInternal(this.request, this.response, this.filterChain);
+		assertThat(this.response.getHeader("Location")).contains("RelayState=" + relayStateEncoded)
+				.startsWith(IDP_SSO_URL);
 	}
 
 	@Test
 	public void doFilterWhenSimpleSignatureSpecifiedThenSignatureParametersAreInTheRedirectURL() throws Exception {
-		when(repository.findByRegistrationId("registration-id")).thenReturn(rpBuilder.build());
+		when(this.repository.findByRegistrationId("registration-id")).thenReturn(this.rpBuilder.build());
 		final String relayStateValue = "https://my-relay-state.example.com?with=param&other=param";
 		final String relayStateEncoded = UriUtils.encode(relayStateValue, StandardCharsets.ISO_8859_1);
-		request.setParameter("RelayState", relayStateValue);
-		filter.doFilterInternal(request, response, filterChain);
-		assertThat(response.getHeader("Location")).contains("RelayState=" + relayStateEncoded).contains("SigAlg=")
+		this.request.setParameter("RelayState", relayStateValue);
+		this.filter.doFilterInternal(this.request, this.response, this.filterChain);
+		assertThat(this.response.getHeader("Location")).contains("RelayState=" + relayStateEncoded).contains("SigAlg=")
 				.contains("Signature=").startsWith(IDP_SSO_URL);
 	}
 
 	@Test
 	public void doFilterWhenSignatureIsDisabledThenSignatureParametersAreNotInTheRedirectURL() throws Exception {
-		when(repository.findByRegistrationId("registration-id"))
-				.thenReturn(rpBuilder.providerDetails(c -> c.signAuthNRequest(false)).build());
+		when(this.repository.findByRegistrationId("registration-id"))
+				.thenReturn(this.rpBuilder.providerDetails(c -> c.signAuthNRequest(false)).build());
 		final String relayStateValue = "https://my-relay-state.example.com?with=param&other=param";
 		final String relayStateEncoded = UriUtils.encode(relayStateValue, StandardCharsets.ISO_8859_1);
-		request.setParameter("RelayState", relayStateValue);
-		filter.doFilterInternal(request, response, filterChain);
-		assertThat(response.getHeader("Location")).contains("RelayState=" + relayStateEncoded).doesNotContain("SigAlg=")
-				.doesNotContain("Signature=").startsWith(IDP_SSO_URL);
+		this.request.setParameter("RelayState", relayStateValue);
+		this.filter.doFilterInternal(this.request, this.response, this.filterChain);
+		assertThat(this.response.getHeader("Location")).contains("RelayState=" + relayStateEncoded)
+				.doesNotContain("SigAlg=").doesNotContain("Signature=").startsWith(IDP_SSO_URL);
 	}
 
 	@Test
 	public void doFilterWhenPostFormDataIsPresent() throws Exception {
-		when(repository.findByRegistrationId("registration-id"))
-				.thenReturn(rpBuilder.providerDetails(c -> c.binding(POST)).build());
+		when(this.repository.findByRegistrationId("registration-id"))
+				.thenReturn(this.rpBuilder.providerDetails(c -> c.binding(POST)).build());
 		final String relayStateValue = "https://my-relay-state.example.com?with=param&other=param&javascript{alert('1');}";
 		final String relayStateEncoded = HtmlUtils.htmlEscape(relayStateValue);
-		request.setParameter("RelayState", relayStateValue);
-		filter.doFilterInternal(request, response, filterChain);
-		assertThat(response.getHeader("Location")).isNull();
-		assertThat(response.getContentAsString())
+		this.request.setParameter("RelayState", relayStateValue);
+		this.filter.doFilterInternal(this.request, this.response, this.filterChain);
+		assertThat(this.response.getHeader("Location")).isNull();
+		assertThat(this.response.getContentAsString())
 				.contains("<form action=\"https://sso-url.example.com/IDP/SSO\" method=\"post\">")
 				.contains("<input type=\"hidden\" name=\"SAMLRequest\"")
 				.contains("value=\"" + relayStateEncoded + "\"");
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/DefaultSaml2AuthenticationRequestContextResolverTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/DefaultSaml2AuthenticationRequestContextResolverTests.java
index 2419929132..8b70331dcd 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/DefaultSaml2AuthenticationRequestContextResolverTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/DefaultSaml2AuthenticationRequestContextResolverTests.java
@@ -50,7 +50,7 @@ public class DefaultSaml2AuthenticationRequestContextResolverTests {
 	private RelyingPartyRegistration.Builder relyingPartyBuilder;
 
 	private Saml2AuthenticationRequestContextResolver authenticationRequestContextResolver = new DefaultSaml2AuthenticationRequestContextResolver(
-			new DefaultRelyingPartyRegistrationResolver(id -> relyingPartyBuilder.build()));
+			new DefaultRelyingPartyRegistrationResolver(id -> this.relyingPartyBuilder.build()));
 
 	@Before
 	public void setup() {
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationTokenConverterTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationTokenConverterTests.java
index dcfc97e310..1de923bed4 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationTokenConverterTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationTokenConverterTests.java
@@ -61,7 +61,7 @@ public class Saml2AuthenticationTokenConverterTests {
 		Saml2AuthenticationToken token = converter.convert(request);
 		assertThat(token.getSaml2Response()).isEqualTo("response");
 		assertThat(token.getRelyingPartyRegistration().getRegistrationId())
-				.isEqualTo(relyingPartyRegistration.getRegistrationId());
+				.isEqualTo(this.relyingPartyRegistration.getRegistrationId());
 	}
 
 	@Test
@@ -97,7 +97,7 @@ public class Saml2AuthenticationTokenConverterTests {
 		Saml2AuthenticationToken token = converter.convert(request);
 		assertThat(token.getSaml2Response()).isEqualTo("response");
 		assertThat(token.getRelyingPartyRegistration().getRegistrationId())
-				.isEqualTo(relyingPartyRegistration.getRegistrationId());
+				.isEqualTo(this.relyingPartyRegistration.getRegistrationId());
 	}
 
 	@Test
diff --git a/taglibs/src/main/java/org/springframework/security/taglibs/authz/AbstractAuthorizeTag.java b/taglibs/src/main/java/org/springframework/security/taglibs/authz/AbstractAuthorizeTag.java
index fff580bc65..b848fe63bf 100644
--- a/taglibs/src/main/java/org/springframework/security/taglibs/authz/AbstractAuthorizeTag.java
+++ b/taglibs/src/main/java/org/springframework/security/taglibs/authz/AbstractAuthorizeTag.java
@@ -162,7 +162,7 @@ public abstract class AbstractAuthorizeTag {
 	}
 
 	public String getAccess() {
-		return access;
+		return this.access;
 	}
 
 	public void setAccess(String access) {
@@ -170,7 +170,7 @@ public abstract class AbstractAuthorizeTag {
 	}
 
 	public String getUrl() {
-		return url;
+		return this.url;
 	}
 
 	public void setUrl(String url) {
@@ -178,7 +178,7 @@ public abstract class AbstractAuthorizeTag {
 	}
 
 	public String getMethod() {
-		return method;
+		return this.method;
 	}
 
 	public void setMethod(String method) {
diff --git a/taglibs/src/main/java/org/springframework/security/taglibs/authz/AccessControlListTag.java b/taglibs/src/main/java/org/springframework/security/taglibs/authz/AccessControlListTag.java
index 967adb5e47..9da1c52e56 100644
--- a/taglibs/src/main/java/org/springframework/security/taglibs/authz/AccessControlListTag.java
+++ b/taglibs/src/main/java/org/springframework/security/taglibs/authz/AccessControlListTag.java
@@ -67,13 +67,13 @@ public class AccessControlListTag extends TagSupport {
 	private String var;
 
 	public int doStartTag() throws JspException {
-		if ((null == hasPermission) || "".equals(hasPermission)) {
+		if ((null == this.hasPermission) || "".equals(this.hasPermission)) {
 			return skipBody();
 		}
 
 		initializeIfRequired();
 
-		if (domainObject == null) {
+		if (this.domainObject == null) {
 			if (logger.isDebugEnabled()) {
 				logger.debug("domainObject resolved to null, so including tag body");
 			}
@@ -92,9 +92,9 @@ public class AccessControlListTag extends TagSupport {
 			return skipBody();
 		}
 
-		List<Object> requiredPermissions = parseHasPermission(hasPermission);
+		List<Object> requiredPermissions = parseHasPermission(this.hasPermission);
 		for (Object requiredPermission : requiredPermissions) {
-			if (!permissionEvaluator.hasPermission(authentication, domainObject, requiredPermission)) {
+			if (!this.permissionEvaluator.hasPermission(authentication, this.domainObject, requiredPermission)) {
 				return skipBody();
 			}
 		}
@@ -118,15 +118,15 @@ public class AccessControlListTag extends TagSupport {
 	}
 
 	private int skipBody() {
-		if (var != null) {
-			pageContext.setAttribute(var, Boolean.FALSE, PageContext.PAGE_SCOPE);
+		if (this.var != null) {
+			this.pageContext.setAttribute(this.var, Boolean.FALSE, PageContext.PAGE_SCOPE);
 		}
 		return TagLibConfig.evalOrSkip(false);
 	}
 
 	private int evalBody() {
-		if (var != null) {
-			pageContext.setAttribute(var, Boolean.TRUE, PageContext.PAGE_SCOPE);
+		if (this.var != null) {
+			this.pageContext.setAttribute(this.var, Boolean.TRUE, PageContext.PAGE_SCOPE);
 		}
 		return TagLibConfig.evalOrSkip(true);
 	}
@@ -144,27 +144,27 @@ public class AccessControlListTag extends TagSupport {
 	}
 
 	public Object getDomainObject() {
-		return domainObject;
+		return this.domainObject;
 	}
 
 	public String getHasPermission() {
-		return hasPermission;
+		return this.hasPermission;
 	}
 
 	private void initializeIfRequired() throws JspException {
-		if (applicationContext != null) {
+		if (this.applicationContext != null) {
 			return;
 		}
 
-		this.applicationContext = getContext(pageContext);
+		this.applicationContext = getContext(this.pageContext);
 
-		permissionEvaluator = getBeanOfType(PermissionEvaluator.class);
+		this.permissionEvaluator = getBeanOfType(PermissionEvaluator.class);
 	}
 
 	private <T> T getBeanOfType(Class<T> type) throws JspException {
-		Map<String, T> map = applicationContext.getBeansOfType(type);
+		Map<String, T> map = this.applicationContext.getBeansOfType(type);
 
-		for (ApplicationContext context = applicationContext.getParent(); context != null; context = context
+		for (ApplicationContext context = this.applicationContext.getParent(); context != null; context = context
 				.getParent()) {
 			map.putAll(context.getBeansOfType(type));
 		}
diff --git a/taglibs/src/main/java/org/springframework/security/taglibs/authz/AuthenticationTag.java b/taglibs/src/main/java/org/springframework/security/taglibs/authz/AuthenticationTag.java
index 84932cbf95..25eb513c6f 100644
--- a/taglibs/src/main/java/org/springframework/security/taglibs/authz/AuthenticationTag.java
+++ b/taglibs/src/main/java/org/springframework/security/taglibs/authz/AuthenticationTag.java
@@ -58,9 +58,9 @@ public class AuthenticationTag extends TagSupport {
 
 	// resets local state
 	private void init() {
-		var = null;
-		scopeSpecified = false;
-		scope = PageContext.PAGE_SCOPE;
+		this.var = null;
+		this.scopeSpecified = false;
+		this.scope = PageContext.PAGE_SCOPE;
 	}
 
 	public void setVar(String var) {
@@ -83,7 +83,7 @@ public class AuthenticationTag extends TagSupport {
 	public int doEndTag() throws JspException {
 		Object result = null;
 		// determine the value by...
-		if (property != null) {
+		if (this.property != null) {
 			if ((SecurityContextHolder.getContext() == null)
 					|| !(SecurityContextHolder.getContext() instanceof SecurityContext)
 					|| (SecurityContextHolder.getContext().getAuthentication() == null)) {
@@ -98,33 +98,33 @@ public class AuthenticationTag extends TagSupport {
 
 			try {
 				BeanWrapperImpl wrapper = new BeanWrapperImpl(auth);
-				result = wrapper.getPropertyValue(property);
+				result = wrapper.getPropertyValue(this.property);
 			}
 			catch (BeansException e) {
 				throw new JspException(e);
 			}
 		}
 
-		if (var != null) {
+		if (this.var != null) {
 			/*
 			 * Store the result, letting an IllegalArgumentException propagate back if the
 			 * scope is invalid (e.g., if an attempt is made to store something in the
 			 * session without any HttpSession existing).
 			 */
 			if (result != null) {
-				pageContext.setAttribute(var, result, scope);
+				this.pageContext.setAttribute(this.var, result, this.scope);
 			}
 			else {
-				if (scopeSpecified) {
-					pageContext.removeAttribute(var, scope);
+				if (this.scopeSpecified) {
+					this.pageContext.removeAttribute(this.var, this.scope);
 				}
 				else {
-					pageContext.removeAttribute(var);
+					this.pageContext.removeAttribute(this.var);
 				}
 			}
 		}
 		else {
-			if (htmlEscape) {
+			if (this.htmlEscape) {
 				writeMessage(TextEscapeUtils.escapeEntities(String.valueOf(result)));
 			}
 			else {
@@ -136,7 +136,7 @@ public class AuthenticationTag extends TagSupport {
 
 	protected void writeMessage(String msg) throws JspException {
 		try {
-			pageContext.getOut().write(String.valueOf(msg));
+			this.pageContext.getOut().write(String.valueOf(msg));
 		}
 		catch (IOException ioe) {
 			throw new JspException(ioe);
@@ -155,7 +155,7 @@ public class AuthenticationTag extends TagSupport {
 	 * overridden.
 	 */
 	protected boolean isHtmlEscape() {
-		return htmlEscape;
+		return this.htmlEscape;
 	}
 
 }
diff --git a/taglibs/src/main/java/org/springframework/security/taglibs/authz/JspAuthorizeTag.java b/taglibs/src/main/java/org/springframework/security/taglibs/authz/JspAuthorizeTag.java
index 5ec2dfc7d5..74f3669c49 100644
--- a/taglibs/src/main/java/org/springframework/security/taglibs/authz/JspAuthorizeTag.java
+++ b/taglibs/src/main/java/org/springframework/security/taglibs/authz/JspAuthorizeTag.java
@@ -65,17 +65,17 @@ public class JspAuthorizeTag extends AbstractAuthorizeTag implements Tag {
 	 */
 	public int doStartTag() throws JspException {
 		try {
-			authorized = super.authorize();
+			this.authorized = super.authorize();
 
-			if (!authorized && TagLibConfig.isUiSecurityDisabled()) {
-				pageContext.getOut().write(TagLibConfig.getSecuredUiPrefix());
+			if (!this.authorized && TagLibConfig.isUiSecurityDisabled()) {
+				this.pageContext.getOut().write(TagLibConfig.getSecuredUiPrefix());
 			}
 
-			if (var != null) {
-				pageContext.setAttribute(var, authorized, PageContext.PAGE_SCOPE);
+			if (this.var != null) {
+				this.pageContext.setAttribute(this.var, this.authorized, PageContext.PAGE_SCOPE);
 			}
 
-			return TagLibConfig.evalOrSkip(authorized);
+			return TagLibConfig.evalOrSkip(this.authorized);
 
 		}
 		catch (IOException e) {
@@ -95,8 +95,8 @@ public class JspAuthorizeTag extends AbstractAuthorizeTag implements Tag {
 	 */
 	public int doEndTag() throws JspException {
 		try {
-			if (!authorized && TagLibConfig.isUiSecurityDisabled()) {
-				pageContext.getOut().write(TagLibConfig.getSecuredUiSuffix());
+			if (!this.authorized && TagLibConfig.isUiSecurityDisabled()) {
+				this.pageContext.getOut().write(TagLibConfig.getSecuredUiSuffix());
 			}
 		}
 		catch (IOException e) {
@@ -107,7 +107,7 @@ public class JspAuthorizeTag extends AbstractAuthorizeTag implements Tag {
 	}
 
 	public String getId() {
-		return id;
+		return this.id;
 	}
 
 	public void setId(String id) {
@@ -115,7 +115,7 @@ public class JspAuthorizeTag extends AbstractAuthorizeTag implements Tag {
 	}
 
 	public Tag getParent() {
-		return parent;
+		return this.parent;
 	}
 
 	public void setParent(Tag parent) {
@@ -123,7 +123,7 @@ public class JspAuthorizeTag extends AbstractAuthorizeTag implements Tag {
 	}
 
 	public String getVar() {
-		return var;
+		return this.var;
 	}
 
 	public void setVar(String var) {
@@ -131,8 +131,8 @@ public class JspAuthorizeTag extends AbstractAuthorizeTag implements Tag {
 	}
 
 	public void release() {
-		parent = null;
-		id = null;
+		this.parent = null;
+		this.id = null;
 	}
 
 	public void setPageContext(PageContext pageContext) {
@@ -141,17 +141,17 @@ public class JspAuthorizeTag extends AbstractAuthorizeTag implements Tag {
 
 	@Override
 	protected ServletRequest getRequest() {
-		return pageContext.getRequest();
+		return this.pageContext.getRequest();
 	}
 
 	@Override
 	protected ServletResponse getResponse() {
-		return pageContext.getResponse();
+		return this.pageContext.getResponse();
 	}
 
 	@Override
 	protected ServletContext getServletContext() {
-		return pageContext.getServletContext();
+		return this.pageContext.getServletContext();
 	}
 
 	private final class PageContextVariableLookupEvaluationContext implements EvaluationContext {
@@ -163,50 +163,50 @@ public class JspAuthorizeTag extends AbstractAuthorizeTag implements Tag {
 		}
 
 		public TypedValue getRootObject() {
-			return delegate.getRootObject();
+			return this.delegate.getRootObject();
 		}
 
 		public List<ConstructorResolver> getConstructorResolvers() {
-			return delegate.getConstructorResolvers();
+			return this.delegate.getConstructorResolvers();
 		}
 
 		public List<MethodResolver> getMethodResolvers() {
-			return delegate.getMethodResolvers();
+			return this.delegate.getMethodResolvers();
 		}
 
 		public List<PropertyAccessor> getPropertyAccessors() {
-			return delegate.getPropertyAccessors();
+			return this.delegate.getPropertyAccessors();
 		}
 
 		public TypeLocator getTypeLocator() {
-			return delegate.getTypeLocator();
+			return this.delegate.getTypeLocator();
 		}
 
 		public TypeConverter getTypeConverter() {
-			return delegate.getTypeConverter();
+			return this.delegate.getTypeConverter();
 		}
 
 		public TypeComparator getTypeComparator() {
-			return delegate.getTypeComparator();
+			return this.delegate.getTypeComparator();
 		}
 
 		public OperatorOverloader getOperatorOverloader() {
-			return delegate.getOperatorOverloader();
+			return this.delegate.getOperatorOverloader();
 		}
 
 		public BeanResolver getBeanResolver() {
-			return delegate.getBeanResolver();
+			return this.delegate.getBeanResolver();
 		}
 
 		public void setVariable(String name, Object value) {
-			delegate.setVariable(name, value);
+			this.delegate.setVariable(name, value);
 		}
 
 		public Object lookupVariable(String name) {
-			Object result = delegate.lookupVariable(name);
+			Object result = this.delegate.lookupVariable(name);
 
 			if (result == null) {
-				result = pageContext.findAttribute(name);
+				result = JspAuthorizeTag.this.pageContext.findAttribute(name);
 			}
 			return result;
 		}
diff --git a/taglibs/src/test/java/org/springframework/security/taglibs/authz/AbstractAuthorizeTagTests.java b/taglibs/src/test/java/org/springframework/security/taglibs/authz/AbstractAuthorizeTagTests.java
index e8060964b4..5d009dde41 100644
--- a/taglibs/src/test/java/org/springframework/security/taglibs/authz/AbstractAuthorizeTagTests.java
+++ b/taglibs/src/test/java/org/springframework/security/taglibs/authz/AbstractAuthorizeTagTests.java
@@ -60,10 +60,10 @@ public class AbstractAuthorizeTagTests {
 
 	@Before
 	public void setup() {
-		tag = new AuthzTag();
-		request = new MockHttpServletRequest();
-		response = new MockHttpServletResponse();
-		servletContext = new MockServletContext();
+		this.tag = new AuthzTag();
+		this.request = new MockHttpServletRequest();
+		this.response = new MockHttpServletResponse();
+		this.servletContext = new MockServletContext();
 	}
 
 	@After
@@ -75,10 +75,10 @@ public class AbstractAuthorizeTagTests {
 	public void privilegeEvaluatorFromRequest() throws IOException {
 		String uri = "/something";
 		WebInvocationPrivilegeEvaluator expected = mock(WebInvocationPrivilegeEvaluator.class);
-		tag.setUrl(uri);
-		request.setAttribute(WebAttributes.WEB_INVOCATION_PRIVILEGE_EVALUATOR_ATTRIBUTE, expected);
+		this.tag.setUrl(uri);
+		this.request.setAttribute(WebAttributes.WEB_INVOCATION_PRIVILEGE_EVALUATOR_ATTRIBUTE, expected);
 
-		tag.authorizeUsingUrlCheck();
+		this.tag.authorizeUsingUrlCheck();
 
 		verify(expected).isAllowed(eq(""), eq(uri), eq("GET"), any());
 	}
@@ -87,13 +87,13 @@ public class AbstractAuthorizeTagTests {
 	public void privilegeEvaluatorFromChildContext() throws IOException {
 		String uri = "/something";
 		WebInvocationPrivilegeEvaluator expected = mock(WebInvocationPrivilegeEvaluator.class);
-		tag.setUrl(uri);
+		this.tag.setUrl(uri);
 		WebApplicationContext wac = mock(WebApplicationContext.class);
 		when(wac.getBeansOfType(WebInvocationPrivilegeEvaluator.class))
 				.thenReturn(Collections.singletonMap("wipe", expected));
-		servletContext.setAttribute("org.springframework.web.servlet.FrameworkServlet.CONTEXT.dispatcher", wac);
+		this.servletContext.setAttribute("org.springframework.web.servlet.FrameworkServlet.CONTEXT.dispatcher", wac);
 
-		tag.authorizeUsingUrlCheck();
+		this.tag.authorizeUsingUrlCheck();
 
 		verify(expected).isAllowed(eq(""), eq(uri), eq("GET"), any());
 	}
@@ -103,30 +103,30 @@ public class AbstractAuthorizeTagTests {
 	public void expressionFromChildContext() throws IOException {
 		SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken("user", "pass", "USER"));
 		DefaultWebSecurityExpressionHandler expected = new DefaultWebSecurityExpressionHandler();
-		tag.setAccess("permitAll");
+		this.tag.setAccess("permitAll");
 		WebApplicationContext wac = mock(WebApplicationContext.class);
 		when(wac.getBeansOfType(SecurityExpressionHandler.class))
 				.thenReturn(Collections.<String, SecurityExpressionHandler>singletonMap("wipe", expected));
-		servletContext.setAttribute("org.springframework.web.servlet.FrameworkServlet.CONTEXT.dispatcher", wac);
+		this.servletContext.setAttribute("org.springframework.web.servlet.FrameworkServlet.CONTEXT.dispatcher", wac);
 
-		assertThat(tag.authorize()).isTrue();
+		assertThat(this.tag.authorize()).isTrue();
 	}
 
 	private class AuthzTag extends AbstractAuthorizeTag {
 
 		@Override
 		protected ServletRequest getRequest() {
-			return request;
+			return AbstractAuthorizeTagTests.this.request;
 		}
 
 		@Override
 		protected ServletResponse getResponse() {
-			return response;
+			return AbstractAuthorizeTagTests.this.response;
 		}
 
 		@Override
 		protected ServletContext getServletContext() {
-			return servletContext;
+			return AbstractAuthorizeTagTests.this.servletContext;
 		}
 
 	}
diff --git a/taglibs/src/test/java/org/springframework/security/taglibs/authz/AccessControlListTagTests.java b/taglibs/src/test/java/org/springframework/security/taglibs/authz/AccessControlListTagTests.java
index 93df9244bd..05f54a0ae8 100644
--- a/taglibs/src/test/java/org/springframework/security/taglibs/authz/AccessControlListTagTests.java
+++ b/taglibs/src/test/java/org/springframework/security/taglibs/authz/AccessControlListTagTests.java
@@ -60,20 +60,20 @@ public class AccessControlListTagTests {
 	@Before
 	@SuppressWarnings("rawtypes")
 	public void setup() {
-		SecurityContextHolder.getContext().setAuthentication(bob);
-		tag = new AccessControlListTag();
+		SecurityContextHolder.getContext().setAuthentication(this.bob);
+		this.tag = new AccessControlListTag();
 		WebApplicationContext ctx = mock(WebApplicationContext.class);
 
-		pe = mock(PermissionEvaluator.class);
+		this.pe = mock(PermissionEvaluator.class);
 
 		Map beanMap = new HashMap();
-		beanMap.put("pe", pe);
+		beanMap.put("pe", this.pe);
 		when(ctx.getBeansOfType(PermissionEvaluator.class)).thenReturn(beanMap);
 
 		MockServletContext servletCtx = new MockServletContext();
 		servletCtx.setAttribute(WebApplicationContext.ROOT_WEB_APPLICATION_CONTEXT_ATTRIBUTE, ctx);
-		pageContext = new MockPageContext(servletCtx, new MockHttpServletRequest(), new MockHttpServletResponse());
-		tag.setPageContext(pageContext);
+		this.pageContext = new MockPageContext(servletCtx, new MockHttpServletRequest(), new MockHttpServletResponse());
+		this.tag.setPageContext(this.pageContext);
 	}
 
 	@After
@@ -84,109 +84,109 @@ public class AccessControlListTagTests {
 	@Test
 	public void bodyIsEvaluatedIfAclGrantsAccess() throws Exception {
 		Object domainObject = new Object();
-		when(pe.hasPermission(bob, domainObject, "READ")).thenReturn(true);
+		when(this.pe.hasPermission(this.bob, domainObject, "READ")).thenReturn(true);
 
-		tag.setDomainObject(domainObject);
-		tag.setHasPermission("READ");
-		tag.setVar("allowed");
-		assertThat(tag.getDomainObject()).isSameAs(domainObject);
-		assertThat(tag.getHasPermission()).isEqualTo("READ");
+		this.tag.setDomainObject(domainObject);
+		this.tag.setHasPermission("READ");
+		this.tag.setVar("allowed");
+		assertThat(this.tag.getDomainObject()).isSameAs(domainObject);
+		assertThat(this.tag.getHasPermission()).isEqualTo("READ");
 
-		assertThat(tag.doStartTag()).isEqualTo(Tag.EVAL_BODY_INCLUDE);
-		assertThat((Boolean) pageContext.getAttribute("allowed")).isTrue();
+		assertThat(this.tag.doStartTag()).isEqualTo(Tag.EVAL_BODY_INCLUDE);
+		assertThat((Boolean) this.pageContext.getAttribute("allowed")).isTrue();
 	}
 
 	@Test
 	public void childContext() throws Exception {
-		ServletContext servletContext = pageContext.getServletContext();
+		ServletContext servletContext = this.pageContext.getServletContext();
 		WebApplicationContext wac = (WebApplicationContext) servletContext
 				.getAttribute(WebApplicationContext.ROOT_WEB_APPLICATION_CONTEXT_ATTRIBUTE);
 		servletContext.removeAttribute(WebApplicationContext.ROOT_WEB_APPLICATION_CONTEXT_ATTRIBUTE);
 		servletContext.setAttribute("org.springframework.web.servlet.FrameworkServlet.CONTEXT.dispatcher", wac);
 
 		Object domainObject = new Object();
-		when(pe.hasPermission(bob, domainObject, "READ")).thenReturn(true);
+		when(this.pe.hasPermission(this.bob, domainObject, "READ")).thenReturn(true);
 
-		tag.setDomainObject(domainObject);
-		tag.setHasPermission("READ");
-		tag.setVar("allowed");
-		assertThat(tag.getDomainObject()).isSameAs(domainObject);
-		assertThat(tag.getHasPermission()).isEqualTo("READ");
+		this.tag.setDomainObject(domainObject);
+		this.tag.setHasPermission("READ");
+		this.tag.setVar("allowed");
+		assertThat(this.tag.getDomainObject()).isSameAs(domainObject);
+		assertThat(this.tag.getHasPermission()).isEqualTo("READ");
 
-		assertThat(tag.doStartTag()).isEqualTo(Tag.EVAL_BODY_INCLUDE);
-		assertThat((Boolean) pageContext.getAttribute("allowed")).isTrue();
+		assertThat(this.tag.doStartTag()).isEqualTo(Tag.EVAL_BODY_INCLUDE);
+		assertThat((Boolean) this.pageContext.getAttribute("allowed")).isTrue();
 	}
 
 	// SEC-2022
 	@Test
 	public void multiHasPermissionsAreSplit() throws Exception {
 		Object domainObject = new Object();
-		when(pe.hasPermission(bob, domainObject, "READ")).thenReturn(true);
-		when(pe.hasPermission(bob, domainObject, "WRITE")).thenReturn(true);
+		when(this.pe.hasPermission(this.bob, domainObject, "READ")).thenReturn(true);
+		when(this.pe.hasPermission(this.bob, domainObject, "WRITE")).thenReturn(true);
 
-		tag.setDomainObject(domainObject);
-		tag.setHasPermission("READ,WRITE");
-		tag.setVar("allowed");
-		assertThat(tag.getDomainObject()).isSameAs(domainObject);
-		assertThat(tag.getHasPermission()).isEqualTo("READ,WRITE");
+		this.tag.setDomainObject(domainObject);
+		this.tag.setHasPermission("READ,WRITE");
+		this.tag.setVar("allowed");
+		assertThat(this.tag.getDomainObject()).isSameAs(domainObject);
+		assertThat(this.tag.getHasPermission()).isEqualTo("READ,WRITE");
 
-		assertThat(tag.doStartTag()).isEqualTo(Tag.EVAL_BODY_INCLUDE);
-		assertThat((Boolean) pageContext.getAttribute("allowed")).isTrue();
-		verify(pe).hasPermission(bob, domainObject, "READ");
-		verify(pe).hasPermission(bob, domainObject, "WRITE");
-		verifyNoMoreInteractions(pe);
+		assertThat(this.tag.doStartTag()).isEqualTo(Tag.EVAL_BODY_INCLUDE);
+		assertThat((Boolean) this.pageContext.getAttribute("allowed")).isTrue();
+		verify(this.pe).hasPermission(this.bob, domainObject, "READ");
+		verify(this.pe).hasPermission(this.bob, domainObject, "WRITE");
+		verifyNoMoreInteractions(this.pe);
 	}
 
 	// SEC-2023
 	@Test
 	public void hasPermissionsBitMaskSupported() throws Exception {
 		Object domainObject = new Object();
-		when(pe.hasPermission(bob, domainObject, 1)).thenReturn(true);
-		when(pe.hasPermission(bob, domainObject, 2)).thenReturn(true);
+		when(this.pe.hasPermission(this.bob, domainObject, 1)).thenReturn(true);
+		when(this.pe.hasPermission(this.bob, domainObject, 2)).thenReturn(true);
 
-		tag.setDomainObject(domainObject);
-		tag.setHasPermission("1,2");
-		tag.setVar("allowed");
-		assertThat(tag.getDomainObject()).isSameAs(domainObject);
-		assertThat(tag.getHasPermission()).isEqualTo("1,2");
+		this.tag.setDomainObject(domainObject);
+		this.tag.setHasPermission("1,2");
+		this.tag.setVar("allowed");
+		assertThat(this.tag.getDomainObject()).isSameAs(domainObject);
+		assertThat(this.tag.getHasPermission()).isEqualTo("1,2");
 
-		assertThat(tag.doStartTag()).isEqualTo(Tag.EVAL_BODY_INCLUDE);
-		assertThat((Boolean) pageContext.getAttribute("allowed")).isTrue();
-		verify(pe).hasPermission(bob, domainObject, 1);
-		verify(pe).hasPermission(bob, domainObject, 2);
-		verifyNoMoreInteractions(pe);
+		assertThat(this.tag.doStartTag()).isEqualTo(Tag.EVAL_BODY_INCLUDE);
+		assertThat((Boolean) this.pageContext.getAttribute("allowed")).isTrue();
+		verify(this.pe).hasPermission(this.bob, domainObject, 1);
+		verify(this.pe).hasPermission(this.bob, domainObject, 2);
+		verifyNoMoreInteractions(this.pe);
 	}
 
 	@Test
 	public void hasPermissionsMixedBitMaskSupported() throws Exception {
 		Object domainObject = new Object();
-		when(pe.hasPermission(bob, domainObject, 1)).thenReturn(true);
-		when(pe.hasPermission(bob, domainObject, "WRITE")).thenReturn(true);
+		when(this.pe.hasPermission(this.bob, domainObject, 1)).thenReturn(true);
+		when(this.pe.hasPermission(this.bob, domainObject, "WRITE")).thenReturn(true);
 
-		tag.setDomainObject(domainObject);
-		tag.setHasPermission("1,WRITE");
-		tag.setVar("allowed");
-		assertThat(tag.getDomainObject()).isSameAs(domainObject);
-		assertThat(tag.getHasPermission()).isEqualTo("1,WRITE");
+		this.tag.setDomainObject(domainObject);
+		this.tag.setHasPermission("1,WRITE");
+		this.tag.setVar("allowed");
+		assertThat(this.tag.getDomainObject()).isSameAs(domainObject);
+		assertThat(this.tag.getHasPermission()).isEqualTo("1,WRITE");
 
-		assertThat(tag.doStartTag()).isEqualTo(Tag.EVAL_BODY_INCLUDE);
-		assertThat((Boolean) pageContext.getAttribute("allowed")).isTrue();
-		verify(pe).hasPermission(bob, domainObject, 1);
-		verify(pe).hasPermission(bob, domainObject, "WRITE");
-		verifyNoMoreInteractions(pe);
+		assertThat(this.tag.doStartTag()).isEqualTo(Tag.EVAL_BODY_INCLUDE);
+		assertThat((Boolean) this.pageContext.getAttribute("allowed")).isTrue();
+		verify(this.pe).hasPermission(this.bob, domainObject, 1);
+		verify(this.pe).hasPermission(this.bob, domainObject, "WRITE");
+		verifyNoMoreInteractions(this.pe);
 	}
 
 	@Test
 	public void bodyIsSkippedIfAclDeniesAccess() throws Exception {
 		Object domainObject = new Object();
-		when(pe.hasPermission(bob, domainObject, "READ")).thenReturn(false);
+		when(this.pe.hasPermission(this.bob, domainObject, "READ")).thenReturn(false);
 
-		tag.setDomainObject(domainObject);
-		tag.setHasPermission("READ");
-		tag.setVar("allowed");
+		this.tag.setDomainObject(domainObject);
+		this.tag.setHasPermission("READ");
+		this.tag.setVar("allowed");
 
-		assertThat(tag.doStartTag()).isEqualTo(Tag.SKIP_BODY);
-		assertThat((Boolean) pageContext.getAttribute("allowed")).isFalse();
+		assertThat(this.tag.doStartTag()).isEqualTo(Tag.SKIP_BODY);
+		assertThat((Boolean) this.pageContext.getAttribute("allowed")).isFalse();
 	}
 
 }
diff --git a/taglibs/src/test/java/org/springframework/security/taglibs/authz/AuthenticationTagTests.java b/taglibs/src/test/java/org/springframework/security/taglibs/authz/AuthenticationTagTests.java
index 5dac768bf5..f91977a420 100644
--- a/taglibs/src/test/java/org/springframework/security/taglibs/authz/AuthenticationTagTests.java
+++ b/taglibs/src/test/java/org/springframework/security/taglibs/authz/AuthenticationTagTests.java
@@ -51,12 +51,12 @@ public class AuthenticationTagTests {
 
 	@Test
 	public void testOperationWhenPrincipalIsAUserDetailsInstance() throws JspException {
-		SecurityContextHolder.getContext().setAuthentication(auth);
+		SecurityContextHolder.getContext().setAuthentication(this.auth);
 
-		authenticationTag.setProperty("name");
-		assertThat(authenticationTag.doStartTag()).isEqualTo(Tag.SKIP_BODY);
-		assertThat(authenticationTag.doEndTag()).isEqualTo(Tag.EVAL_PAGE);
-		assertThat(authenticationTag.getLastMessage()).isEqualTo("rodUserDetails");
+		this.authenticationTag.setProperty("name");
+		assertThat(this.authenticationTag.doStartTag()).isEqualTo(Tag.SKIP_BODY);
+		assertThat(this.authenticationTag.doEndTag()).isEqualTo(Tag.EVAL_PAGE);
+		assertThat(this.authenticationTag.getLastMessage()).isEqualTo("rodUserDetails");
 	}
 
 	@Test
@@ -64,20 +64,20 @@ public class AuthenticationTagTests {
 		SecurityContextHolder.getContext().setAuthentication(
 				new TestingAuthenticationToken("rodAsString", "koala", AuthorityUtils.NO_AUTHORITIES));
 
-		authenticationTag.setProperty("principal");
-		assertThat(authenticationTag.doStartTag()).isEqualTo(Tag.SKIP_BODY);
-		assertThat(authenticationTag.doEndTag()).isEqualTo(Tag.EVAL_PAGE);
-		assertThat(authenticationTag.getLastMessage()).isEqualTo("rodAsString");
+		this.authenticationTag.setProperty("principal");
+		assertThat(this.authenticationTag.doStartTag()).isEqualTo(Tag.SKIP_BODY);
+		assertThat(this.authenticationTag.doEndTag()).isEqualTo(Tag.EVAL_PAGE);
+		assertThat(this.authenticationTag.getLastMessage()).isEqualTo("rodAsString");
 	}
 
 	@Test
 	public void testNestedPropertyIsReadCorrectly() throws JspException {
-		SecurityContextHolder.getContext().setAuthentication(auth);
+		SecurityContextHolder.getContext().setAuthentication(this.auth);
 
-		authenticationTag.setProperty("principal.username");
-		assertThat(authenticationTag.doStartTag()).isEqualTo(Tag.SKIP_BODY);
-		assertThat(authenticationTag.doEndTag()).isEqualTo(Tag.EVAL_PAGE);
-		assertThat(authenticationTag.getLastMessage()).isEqualTo("rodUserDetails");
+		this.authenticationTag.setProperty("principal.username");
+		assertThat(this.authenticationTag.doStartTag()).isEqualTo(Tag.SKIP_BODY);
+		assertThat(this.authenticationTag.doEndTag()).isEqualTo(Tag.EVAL_PAGE);
+		assertThat(this.authenticationTag.getLastMessage()).isEqualTo("rodUserDetails");
 	}
 
 	@Test
@@ -85,36 +85,36 @@ public class AuthenticationTagTests {
 		SecurityContextHolder.getContext()
 				.setAuthentication(new TestingAuthenticationToken(null, "koala", AuthorityUtils.NO_AUTHORITIES));
 
-		authenticationTag.setProperty("principal");
-		assertThat(authenticationTag.doStartTag()).isEqualTo(Tag.SKIP_BODY);
-		assertThat(authenticationTag.doEndTag()).isEqualTo(Tag.EVAL_PAGE);
+		this.authenticationTag.setProperty("principal");
+		assertThat(this.authenticationTag.doStartTag()).isEqualTo(Tag.SKIP_BODY);
+		assertThat(this.authenticationTag.doEndTag()).isEqualTo(Tag.EVAL_PAGE);
 	}
 
 	@Test
 	public void testOperationWhenSecurityContextIsNull() throws Exception {
 		SecurityContextHolder.getContext().setAuthentication(null);
 
-		authenticationTag.setProperty("principal");
-		assertThat(authenticationTag.doStartTag()).isEqualTo(Tag.SKIP_BODY);
-		assertThat(authenticationTag.doEndTag()).isEqualTo(Tag.EVAL_PAGE);
-		assertThat(authenticationTag.getLastMessage()).isNull();
+		this.authenticationTag.setProperty("principal");
+		assertThat(this.authenticationTag.doStartTag()).isEqualTo(Tag.SKIP_BODY);
+		assertThat(this.authenticationTag.doEndTag()).isEqualTo(Tag.EVAL_PAGE);
+		assertThat(this.authenticationTag.getLastMessage()).isNull();
 	}
 
 	@Test
 	public void testSkipsBodyIfNullOrEmptyOperation() throws Exception {
-		authenticationTag.setProperty("");
-		assertThat(authenticationTag.doStartTag()).isEqualTo(Tag.SKIP_BODY);
-		assertThat(authenticationTag.doEndTag()).isEqualTo(Tag.EVAL_PAGE);
+		this.authenticationTag.setProperty("");
+		assertThat(this.authenticationTag.doStartTag()).isEqualTo(Tag.SKIP_BODY);
+		assertThat(this.authenticationTag.doEndTag()).isEqualTo(Tag.EVAL_PAGE);
 	}
 
 	@Test
 	public void testThrowsExceptionForUnrecognisedProperty() {
-		SecurityContextHolder.getContext().setAuthentication(auth);
-		authenticationTag.setProperty("qsq");
+		SecurityContextHolder.getContext().setAuthentication(this.auth);
+		this.authenticationTag.setProperty("qsq");
 
 		try {
-			authenticationTag.doStartTag();
-			authenticationTag.doEndTag();
+			this.authenticationTag.doStartTag();
+			this.authenticationTag.doEndTag();
 			fail("Should have throwns JspException");
 		}
 		catch (JspException expected) {
@@ -124,20 +124,20 @@ public class AuthenticationTagTests {
 	@Test
 	public void htmlEscapingIsUsedByDefault() throws Exception {
 		SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken("<>& ", ""));
-		authenticationTag.setProperty("name");
-		authenticationTag.doStartTag();
-		authenticationTag.doEndTag();
-		assertThat(authenticationTag.getLastMessage()).isEqualTo("&lt;&gt;&amp;&#32;");
+		this.authenticationTag.setProperty("name");
+		this.authenticationTag.doStartTag();
+		this.authenticationTag.doEndTag();
+		assertThat(this.authenticationTag.getLastMessage()).isEqualTo("&lt;&gt;&amp;&#32;");
 	}
 
 	@Test
 	public void settingHtmlEscapeToFalsePreventsEscaping() throws Exception {
 		SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken("<>& ", ""));
-		authenticationTag.setProperty("name");
-		authenticationTag.setHtmlEscape("false");
-		authenticationTag.doStartTag();
-		authenticationTag.doEndTag();
-		assertThat(authenticationTag.getLastMessage()).isEqualTo("<>& ");
+		this.authenticationTag.setProperty("name");
+		this.authenticationTag.setHtmlEscape("false");
+		this.authenticationTag.doStartTag();
+		this.authenticationTag.doEndTag();
+		assertThat(this.authenticationTag.getLastMessage()).isEqualTo("<>& ");
 	}
 
 	private class MyAuthenticationTag extends AuthenticationTag {
@@ -145,11 +145,11 @@ public class AuthenticationTagTests {
 		String lastMessage = null;
 
 		public String getLastMessage() {
-			return lastMessage;
+			return this.lastMessage;
 		}
 
 		protected void writeMessage(String msg) {
-			lastMessage = msg;
+			this.lastMessage = msg;
 		}
 
 	}
diff --git a/taglibs/src/test/java/org/springframework/security/taglibs/authz/AuthorizeTagTests.java b/taglibs/src/test/java/org/springframework/security/taglibs/authz/AuthorizeTagTests.java
index b5ba3b9ae7..5e78631b89 100644
--- a/taglibs/src/test/java/org/springframework/security/taglibs/authz/AuthorizeTagTests.java
+++ b/taglibs/src/test/java/org/springframework/security/taglibs/authz/AuthorizeTagTests.java
@@ -64,19 +64,19 @@ public class AuthorizeTagTests {
 
 	@Before
 	public void setUp() {
-		SecurityContextHolder.getContext().setAuthentication(currentUser);
+		SecurityContextHolder.getContext().setAuthentication(this.currentUser);
 		StaticWebApplicationContext ctx = new StaticWebApplicationContext();
 
 		BeanDefinitionBuilder webExpressionHandler = BeanDefinitionBuilder
 				.rootBeanDefinition(DefaultWebSecurityExpressionHandler.class);
-		webExpressionHandler.addPropertyValue("permissionEvaluator", permissionEvaluator);
+		webExpressionHandler.addPropertyValue("permissionEvaluator", this.permissionEvaluator);
 
 		ctx.registerBeanDefinition("expressionHandler", webExpressionHandler.getBeanDefinition());
 		ctx.registerSingleton("wipe", MockWebInvocationPrivilegeEvaluator.class);
 		MockServletContext servletCtx = new MockServletContext();
 		servletCtx.setAttribute(WebApplicationContext.ROOT_WEB_APPLICATION_CONTEXT_ATTRIBUTE, ctx);
-		authorizeTag = new JspAuthorizeTag();
-		authorizeTag.setPageContext(new MockPageContext(servletCtx, request, new MockHttpServletResponse()));
+		this.authorizeTag = new JspAuthorizeTag();
+		this.authorizeTag.setPageContext(new MockPageContext(servletCtx, this.request, new MockHttpServletResponse()));
 	}
 
 	@After
@@ -89,65 +89,65 @@ public class AuthorizeTagTests {
 	@Test
 	public void taglibsDocumentationHasPermissionOr() throws Exception {
 		Object domain = new Object();
-		request.setAttribute("domain", domain);
-		authorizeTag.setAccess("hasPermission(#domain,'read') or hasPermission(#domain,'write')");
-		when(permissionEvaluator.hasPermission(eq(currentUser), eq(domain), anyString())).thenReturn(true);
+		this.request.setAttribute("domain", domain);
+		this.authorizeTag.setAccess("hasPermission(#domain,'read') or hasPermission(#domain,'write')");
+		when(this.permissionEvaluator.hasPermission(eq(this.currentUser), eq(domain), anyString())).thenReturn(true);
 
-		assertThat(authorizeTag.doStartTag()).isEqualTo(Tag.EVAL_BODY_INCLUDE);
+		assertThat(this.authorizeTag.doStartTag()).isEqualTo(Tag.EVAL_BODY_INCLUDE);
 	}
 
 	@Test
 	public void skipsBodyIfNoAuthenticationPresent() throws Exception {
 		SecurityContextHolder.clearContext();
-		authorizeTag.setAccess("permitAll");
-		assertThat(authorizeTag.doStartTag()).isEqualTo(Tag.SKIP_BODY);
+		this.authorizeTag.setAccess("permitAll");
+		assertThat(this.authorizeTag.doStartTag()).isEqualTo(Tag.SKIP_BODY);
 	}
 
 	@Test
 	public void skipsBodyIfAccessExpressionDeniesAccess() throws Exception {
-		authorizeTag.setAccess("denyAll");
-		assertThat(authorizeTag.doStartTag()).isEqualTo(Tag.SKIP_BODY);
+		this.authorizeTag.setAccess("denyAll");
+		assertThat(this.authorizeTag.doStartTag()).isEqualTo(Tag.SKIP_BODY);
 	}
 
 	@Test
 	public void showsBodyIfAccessExpressionAllowsAccess() throws Exception {
-		authorizeTag.setAccess("permitAll");
-		assertThat(authorizeTag.doStartTag()).isEqualTo(Tag.EVAL_BODY_INCLUDE);
+		this.authorizeTag.setAccess("permitAll");
+		assertThat(this.authorizeTag.doStartTag()).isEqualTo(Tag.EVAL_BODY_INCLUDE);
 	}
 
 	@Test
 	public void requestAttributeIsResolvedAsElVariable() throws JspException {
-		request.setAttribute("blah", "blah");
-		authorizeTag.setAccess("#blah == 'blah'");
-		assertThat(authorizeTag.doStartTag()).isEqualTo(Tag.EVAL_BODY_INCLUDE);
+		this.request.setAttribute("blah", "blah");
+		this.authorizeTag.setAccess("#blah == 'blah'");
+		assertThat(this.authorizeTag.doStartTag()).isEqualTo(Tag.EVAL_BODY_INCLUDE);
 	}
 
 	// url attribute tests
 	@Test
 	public void skipsBodyWithUrlSetIfNoAuthenticationPresent() throws Exception {
 		SecurityContextHolder.clearContext();
-		authorizeTag.setUrl("/something");
-		assertThat(authorizeTag.doStartTag()).isEqualTo(Tag.SKIP_BODY);
+		this.authorizeTag.setUrl("/something");
+		assertThat(this.authorizeTag.doStartTag()).isEqualTo(Tag.SKIP_BODY);
 	}
 
 	@Test
 	public void skipsBodyIfUrlIsNotAllowed() throws Exception {
-		authorizeTag.setUrl("/notallowed");
-		assertThat(authorizeTag.doStartTag()).isEqualTo(Tag.SKIP_BODY);
+		this.authorizeTag.setUrl("/notallowed");
+		assertThat(this.authorizeTag.doStartTag()).isEqualTo(Tag.SKIP_BODY);
 	}
 
 	@Test
 	public void evaluatesBodyIfUrlIsAllowed() throws Exception {
-		authorizeTag.setUrl("/allowed");
-		authorizeTag.setMethod("GET");
-		assertThat(authorizeTag.doStartTag()).isEqualTo(Tag.EVAL_BODY_INCLUDE);
+		this.authorizeTag.setUrl("/allowed");
+		this.authorizeTag.setMethod("GET");
+		assertThat(this.authorizeTag.doStartTag()).isEqualTo(Tag.EVAL_BODY_INCLUDE);
 	}
 
 	@Test
 	public void skipsBodyIfMethodIsNotAllowed() throws Exception {
-		authorizeTag.setUrl("/allowed");
-		authorizeTag.setMethod("POST");
-		assertThat(authorizeTag.doStartTag()).isEqualTo(Tag.SKIP_BODY);
+		this.authorizeTag.setUrl("/allowed");
+		this.authorizeTag.setMethod("POST");
+		assertThat(this.authorizeTag.doStartTag()).isEqualTo(Tag.SKIP_BODY);
 	}
 
 	public static class MockWebInvocationPrivilegeEvaluator implements WebInvocationPrivilegeEvaluator {
diff --git a/test/src/main/java/org/springframework/security/test/context/support/DelegatingTestExecutionListener.java b/test/src/main/java/org/springframework/security/test/context/support/DelegatingTestExecutionListener.java
index 170d5f0e5a..a26db38020 100644
--- a/test/src/main/java/org/springframework/security/test/context/support/DelegatingTestExecutionListener.java
+++ b/test/src/main/java/org/springframework/security/test/context/support/DelegatingTestExecutionListener.java
@@ -36,37 +36,37 @@ class DelegatingTestExecutionListener extends AbstractTestExecutionListener {
 
 	@Override
 	public void beforeTestClass(TestContext testContext) throws Exception {
-		delegate.beforeTestClass(testContext);
+		this.delegate.beforeTestClass(testContext);
 	}
 
 	@Override
 	public void prepareTestInstance(TestContext testContext) throws Exception {
-		delegate.prepareTestInstance(testContext);
+		this.delegate.prepareTestInstance(testContext);
 	}
 
 	@Override
 	public void beforeTestMethod(TestContext testContext) throws Exception {
-		delegate.beforeTestMethod(testContext);
+		this.delegate.beforeTestMethod(testContext);
 	}
 
 	@Override
 	public void beforeTestExecution(TestContext testContext) throws Exception {
-		delegate.beforeTestExecution(testContext);
+		this.delegate.beforeTestExecution(testContext);
 	}
 
 	@Override
 	public void afterTestExecution(TestContext testContext) throws Exception {
-		delegate.afterTestExecution(testContext);
+		this.delegate.afterTestExecution(testContext);
 	}
 
 	@Override
 	public void afterTestMethod(TestContext testContext) throws Exception {
-		delegate.afterTestMethod(testContext);
+		this.delegate.afterTestMethod(testContext);
 	}
 
 	@Override
 	public void afterTestClass(TestContext testContext) throws Exception {
-		delegate.afterTestClass(testContext);
+		this.delegate.afterTestClass(testContext);
 	}
 
 }
diff --git a/test/src/main/java/org/springframework/security/test/context/support/ReactorContextTestExecutionListener.java b/test/src/main/java/org/springframework/security/test/context/support/ReactorContextTestExecutionListener.java
index f35b37e705..3c14d2ce20 100644
--- a/test/src/main/java/org/springframework/security/test/context/support/ReactorContextTestExecutionListener.java
+++ b/test/src/main/java/org/springframework/security/test/context/support/ReactorContextTestExecutionListener.java
@@ -87,12 +87,12 @@ public class ReactorContextTestExecutionListener extends DelegatingTestExecution
 
 			@Override
 			public Context currentContext() {
-				Context context = delegate.currentContext();
+				Context context = this.delegate.currentContext();
 				if (context.hasKey(CONTEXT_DEFAULTED_ATTR_NAME)) {
 					return context;
 				}
 				context = context.put(CONTEXT_DEFAULTED_ATTR_NAME, Boolean.TRUE);
-				Authentication authentication = securityContext.getAuthentication();
+				Authentication authentication = this.securityContext.getAuthentication();
 				if (authentication == null) {
 					return context;
 				}
@@ -102,22 +102,22 @@ public class ReactorContextTestExecutionListener extends DelegatingTestExecution
 
 			@Override
 			public void onSubscribe(Subscription s) {
-				delegate.onSubscribe(s);
+				this.delegate.onSubscribe(s);
 			}
 
 			@Override
 			public void onNext(T t) {
-				delegate.onNext(t);
+				this.delegate.onNext(t);
 			}
 
 			@Override
 			public void onError(Throwable t) {
-				delegate.onError(t);
+				this.delegate.onError(t);
 			}
 
 			@Override
 			public void onComplete() {
-				delegate.onComplete();
+				this.delegate.onComplete();
 			}
 
 		}
diff --git a/test/src/test/java/org/springframework/security/test/context/TestSecurityContextHolderTests.java b/test/src/test/java/org/springframework/security/test/context/TestSecurityContextHolderTests.java
index b1f3585a82..9d60a0e54a 100644
--- a/test/src/test/java/org/springframework/security/test/context/TestSecurityContextHolderTests.java
+++ b/test/src/test/java/org/springframework/security/test/context/TestSecurityContextHolderTests.java
@@ -32,7 +32,7 @@ public class TestSecurityContextHolderTests {
 
 	@Before
 	public void setup() {
-		context = SecurityContextHolder.createEmptyContext();
+		this.context = SecurityContextHolder.createEmptyContext();
 	}
 
 	@After
@@ -42,13 +42,13 @@ public class TestSecurityContextHolderTests {
 
 	@Test
 	public void clearContextClearsBoth() {
-		SecurityContextHolder.setContext(context);
-		TestSecurityContextHolder.setContext(context);
+		SecurityContextHolder.setContext(this.context);
+		TestSecurityContextHolder.setContext(this.context);
 
 		TestSecurityContextHolder.clearContext();
 
-		assertThat(SecurityContextHolder.getContext()).isNotSameAs(context);
-		assertThat(TestSecurityContextHolder.getContext()).isNotSameAs(context);
+		assertThat(SecurityContextHolder.getContext()).isNotSameAs(this.context);
+		assertThat(TestSecurityContextHolder.getContext()).isNotSameAs(this.context);
 	}
 
 	@Test
@@ -59,10 +59,10 @@ public class TestSecurityContextHolderTests {
 
 	@Test
 	public void setContextSetsBoth() {
-		TestSecurityContextHolder.setContext(context);
+		TestSecurityContextHolder.setContext(this.context);
 
-		assertThat(TestSecurityContextHolder.getContext()).isSameAs(context);
-		assertThat(SecurityContextHolder.getContext()).isSameAs(context);
+		assertThat(TestSecurityContextHolder.getContext()).isSameAs(this.context);
+		assertThat(SecurityContextHolder.getContext()).isSameAs(this.context);
 	}
 
 	@Test
diff --git a/test/src/test/java/org/springframework/security/test/context/showcase/CustomUserDetails.java b/test/src/test/java/org/springframework/security/test/context/showcase/CustomUserDetails.java
index e039d46bcb..5256b9f112 100644
--- a/test/src/test/java/org/springframework/security/test/context/showcase/CustomUserDetails.java
+++ b/test/src/test/java/org/springframework/security/test/context/showcase/CustomUserDetails.java
@@ -39,7 +39,7 @@ public class CustomUserDetails implements UserDetails {
 	}
 
 	public Collection<? extends GrantedAuthority> getAuthorities() {
-		return authorities;
+		return this.authorities;
 	}
 
 	public String getPassword() {
@@ -47,7 +47,7 @@ public class CustomUserDetails implements UserDetails {
 	}
 
 	public String getUsername() {
-		return username;
+		return this.username;
 	}
 
 	public boolean isAccountNonExpired() {
@@ -68,7 +68,7 @@ public class CustomUserDetails implements UserDetails {
 
 	@Override
 	public String toString() {
-		return "CustomUserDetails{" + "username='" + username + '\'' + '}';
+		return "CustomUserDetails{" + "username='" + this.username + '\'' + '}';
 	}
 
 }
\ No newline at end of file
diff --git a/test/src/test/java/org/springframework/security/test/context/showcase/WithMockUserParentTests.java b/test/src/test/java/org/springframework/security/test/context/showcase/WithMockUserParentTests.java
index 7586d93046..173829d3b9 100644
--- a/test/src/test/java/org/springframework/security/test/context/showcase/WithMockUserParentTests.java
+++ b/test/src/test/java/org/springframework/security/test/context/showcase/WithMockUserParentTests.java
@@ -41,7 +41,7 @@ public class WithMockUserParentTests extends WithMockUserParent {
 
 	@Test
 	public void getMessageWithMockUser() {
-		String message = messageService.getMessage();
+		String message = this.messageService.getMessage();
 		assertThat(message).contains("user");
 	}
 
diff --git a/test/src/test/java/org/springframework/security/test/context/showcase/WithMockUserTests.java b/test/src/test/java/org/springframework/security/test/context/showcase/WithMockUserTests.java
index e81f698062..3efd86fcbf 100644
--- a/test/src/test/java/org/springframework/security/test/context/showcase/WithMockUserTests.java
+++ b/test/src/test/java/org/springframework/security/test/context/showcase/WithMockUserTests.java
@@ -44,34 +44,34 @@ public class WithMockUserTests {
 
 	@Test(expected = AuthenticationCredentialsNotFoundException.class)
 	public void getMessageUnauthenticated() {
-		messageService.getMessage();
+		this.messageService.getMessage();
 	}
 
 	@Test
 	@WithMockUser
 	public void getMessageWithMockUser() {
-		String message = messageService.getMessage();
+		String message = this.messageService.getMessage();
 		assertThat(message).contains("user");
 	}
 
 	@Test
 	@WithMockUser("customUsername")
 	public void getMessageWithMockUserCustomUsername() {
-		String message = messageService.getMessage();
+		String message = this.messageService.getMessage();
 		assertThat(message).contains("customUsername");
 	}
 
 	@Test
 	@WithMockUser(username = "admin", roles = { "USER", "ADMIN" })
 	public void getMessageWithMockUserCustomUser() {
-		String message = messageService.getMessage();
+		String message = this.messageService.getMessage();
 		assertThat(message).contains("admin").contains("ROLE_USER").contains("ROLE_ADMIN");
 	}
 
 	@Test
 	@WithMockUser(username = "admin", authorities = { "ADMIN", "USER" })
 	public void getMessageWithMockUserCustomAuthorities() {
-		String message = messageService.getMessage();
+		String message = this.messageService.getMessage();
 		assertThat(message).contains("admin").contains("ADMIN").contains("USER").doesNotContain("ROLE_");
 	}
 
diff --git a/test/src/test/java/org/springframework/security/test/context/showcase/WithUserDetailsTests.java b/test/src/test/java/org/springframework/security/test/context/showcase/WithUserDetailsTests.java
index 1df06646fb..19e6a1b5e0 100644
--- a/test/src/test/java/org/springframework/security/test/context/showcase/WithUserDetailsTests.java
+++ b/test/src/test/java/org/springframework/security/test/context/showcase/WithUserDetailsTests.java
@@ -49,13 +49,13 @@ public class WithUserDetailsTests {
 
 	@Test(expected = AuthenticationCredentialsNotFoundException.class)
 	public void getMessageUnauthenticated() {
-		messageService.getMessage();
+		this.messageService.getMessage();
 	}
 
 	@Test
 	@WithUserDetails
 	public void getMessageWithUserDetails() {
-		String message = messageService.getMessage();
+		String message = this.messageService.getMessage();
 		assertThat(message).contains("user");
 		assertThat(getPrincipal()).isInstanceOf(CustomUserDetails.class);
 	}
@@ -63,7 +63,7 @@ public class WithUserDetailsTests {
 	@Test
 	@WithUserDetails("customUsername")
 	public void getMessageWithUserDetailsCustomUsername() {
-		String message = messageService.getMessage();
+		String message = this.messageService.getMessage();
 		assertThat(message).contains("customUsername");
 		assertThat(getPrincipal()).isInstanceOf(CustomUserDetails.class);
 	}
@@ -71,7 +71,7 @@ public class WithUserDetailsTests {
 	@Test
 	@WithUserDetails(value = "customUsername", userDetailsServiceBeanName = "myUserDetailsService")
 	public void getMessageWithUserDetailsServiceBeanName() {
-		String message = messageService.getMessage();
+		String message = this.messageService.getMessage();
 		assertThat(message).contains("customUsername");
 		assertThat(getPrincipal()).isInstanceOf(CustomUserDetails.class);
 	}
diff --git a/test/src/test/java/org/springframework/security/test/context/support/WithMockUserSecurityContextFactoryTests.java b/test/src/test/java/org/springframework/security/test/context/support/WithMockUserSecurityContextFactoryTests.java
index 5b3b87e1e8..1edb96de79 100644
--- a/test/src/test/java/org/springframework/security/test/context/support/WithMockUserSecurityContextFactoryTests.java
+++ b/test/src/test/java/org/springframework/security/test/context/support/WithMockUserSecurityContextFactoryTests.java
@@ -34,73 +34,74 @@ public class WithMockUserSecurityContextFactoryTests {
 
 	@Before
 	public void setup() {
-		factory = new WithMockUserSecurityContextFactory();
+		this.factory = new WithMockUserSecurityContextFactory();
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void usernameNull() {
-		factory.createSecurityContext(withUser);
+		this.factory.createSecurityContext(this.withUser);
 	}
 
 	@Test
 	public void valueDefaultsUsername() {
-		when(withUser.value()).thenReturn("valueUser");
-		when(withUser.password()).thenReturn("password");
-		when(withUser.roles()).thenReturn(new String[] { "USER" });
-		when(withUser.authorities()).thenReturn(new String[] {});
+		when(this.withUser.value()).thenReturn("valueUser");
+		when(this.withUser.password()).thenReturn("password");
+		when(this.withUser.roles()).thenReturn(new String[] { "USER" });
+		when(this.withUser.authorities()).thenReturn(new String[] {});
 
-		assertThat(factory.createSecurityContext(withUser).getAuthentication().getName()).isEqualTo(withUser.value());
+		assertThat(this.factory.createSecurityContext(this.withUser).getAuthentication().getName())
+				.isEqualTo(this.withUser.value());
 	}
 
 	@Test
 	public void usernamePrioritizedOverValue() {
-		when(withUser.username()).thenReturn("customUser");
-		when(withUser.password()).thenReturn("password");
-		when(withUser.roles()).thenReturn(new String[] { "USER" });
-		when(withUser.authorities()).thenReturn(new String[] {});
+		when(this.withUser.username()).thenReturn("customUser");
+		when(this.withUser.password()).thenReturn("password");
+		when(this.withUser.roles()).thenReturn(new String[] { "USER" });
+		when(this.withUser.authorities()).thenReturn(new String[] {});
 
-		assertThat(factory.createSecurityContext(withUser).getAuthentication().getName())
-				.isEqualTo(withUser.username());
+		assertThat(this.factory.createSecurityContext(this.withUser).getAuthentication().getName())
+				.isEqualTo(this.withUser.username());
 	}
 
 	@Test
 	public void rolesWorks() {
-		when(withUser.value()).thenReturn("valueUser");
-		when(withUser.password()).thenReturn("password");
-		when(withUser.roles()).thenReturn(new String[] { "USER", "CUSTOM" });
-		when(withUser.authorities()).thenReturn(new String[] {});
+		when(this.withUser.value()).thenReturn("valueUser");
+		when(this.withUser.password()).thenReturn("password");
+		when(this.withUser.roles()).thenReturn(new String[] { "USER", "CUSTOM" });
+		when(this.withUser.authorities()).thenReturn(new String[] {});
 
-		assertThat(factory.createSecurityContext(withUser).getAuthentication().getAuthorities()).extracting("authority")
-				.containsOnly("ROLE_USER", "ROLE_CUSTOM");
+		assertThat(this.factory.createSecurityContext(this.withUser).getAuthentication().getAuthorities())
+				.extracting("authority").containsOnly("ROLE_USER", "ROLE_CUSTOM");
 	}
 
 	@Test
 	public void authoritiesWorks() {
-		when(withUser.value()).thenReturn("valueUser");
-		when(withUser.password()).thenReturn("password");
-		when(withUser.roles()).thenReturn(new String[] { "USER" });
-		when(withUser.authorities()).thenReturn(new String[] { "USER", "CUSTOM" });
+		when(this.withUser.value()).thenReturn("valueUser");
+		when(this.withUser.password()).thenReturn("password");
+		when(this.withUser.roles()).thenReturn(new String[] { "USER" });
+		when(this.withUser.authorities()).thenReturn(new String[] { "USER", "CUSTOM" });
 
-		assertThat(factory.createSecurityContext(withUser).getAuthentication().getAuthorities()).extracting("authority")
-				.containsOnly("USER", "CUSTOM");
+		assertThat(this.factory.createSecurityContext(this.withUser).getAuthentication().getAuthorities())
+				.extracting("authority").containsOnly("USER", "CUSTOM");
 	}
 
 	@Test(expected = IllegalStateException.class)
 	public void authoritiesAndRolesInvalid() {
-		when(withUser.value()).thenReturn("valueUser");
-		when(withUser.roles()).thenReturn(new String[] { "CUSTOM" });
-		when(withUser.authorities()).thenReturn(new String[] { "USER", "CUSTOM" });
+		when(this.withUser.value()).thenReturn("valueUser");
+		when(this.withUser.roles()).thenReturn(new String[] { "CUSTOM" });
+		when(this.withUser.authorities()).thenReturn(new String[] { "USER", "CUSTOM" });
 
-		factory.createSecurityContext(withUser);
+		this.factory.createSecurityContext(this.withUser);
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void rolesWithRolePrefixFails() {
-		when(withUser.value()).thenReturn("valueUser");
-		when(withUser.roles()).thenReturn(new String[] { "ROLE_FAIL" });
-		when(withUser.authorities()).thenReturn(new String[] {});
+		when(this.withUser.value()).thenReturn("valueUser");
+		when(this.withUser.roles()).thenReturn(new String[] { "ROLE_FAIL" });
+		when(this.withUser.authorities()).thenReturn(new String[] {});
 
-		factory.createSecurityContext(withUser);
+		this.factory.createSecurityContext(this.withUser);
 	}
 
 }
diff --git a/test/src/test/java/org/springframework/security/test/context/support/WithSecurityContextTestExcecutionListenerTests.java b/test/src/test/java/org/springframework/security/test/context/support/WithSecurityContextTestExcecutionListenerTests.java
index da8b1884f1..dec5e7b65e 100644
--- a/test/src/test/java/org/springframework/security/test/context/support/WithSecurityContextTestExcecutionListenerTests.java
+++ b/test/src/test/java/org/springframework/security/test/context/support/WithSecurityContextTestExcecutionListenerTests.java
@@ -60,15 +60,15 @@ public class WithSecurityContextTestExcecutionListenerTests {
 
 	@Before
 	public void setup() {
-		listener = new WithSecurityContextTestExecutionListener();
-		context = new AnnotationConfigApplicationContext(Config.class);
+		this.listener = new WithSecurityContextTestExecutionListener();
+		this.context = new AnnotationConfigApplicationContext(Config.class);
 	}
 
 	@After
 	public void cleanup() {
 		TestSecurityContextHolder.clearContext();
-		if (context != null) {
-			context.close();
+		if (this.context != null) {
+			this.context.close();
 		}
 	}
 
@@ -76,20 +76,20 @@ public class WithSecurityContextTestExcecutionListenerTests {
 	@SuppressWarnings({ "rawtypes", "unchecked" })
 	public void beforeTestMethodNullSecurityContextNoError() throws Exception {
 		Class testClass = FakeTest.class;
-		when(testContext.getTestClass()).thenReturn(testClass);
-		when(testContext.getTestMethod()).thenReturn(ReflectionUtils.findMethod(testClass, "testNoAnnotation"));
+		when(this.testContext.getTestClass()).thenReturn(testClass);
+		when(this.testContext.getTestMethod()).thenReturn(ReflectionUtils.findMethod(testClass, "testNoAnnotation"));
 
-		listener.beforeTestMethod(testContext);
+		this.listener.beforeTestMethod(this.testContext);
 	}
 
 	@Test
 	@SuppressWarnings({ "rawtypes", "unchecked" })
 	public void beforeTestMethodNoApplicationContext() throws Exception {
 		Class testClass = FakeTest.class;
-		when(testContext.getApplicationContext()).thenThrow(new IllegalStateException());
-		when(testContext.getTestMethod()).thenReturn(ReflectionUtils.findMethod(testClass, "testWithMockUser"));
+		when(this.testContext.getApplicationContext()).thenThrow(new IllegalStateException());
+		when(this.testContext.getTestMethod()).thenReturn(ReflectionUtils.findMethod(testClass, "testWithMockUser"));
 
-		listener.beforeTestMethod(testContext);
+		this.listener.beforeTestMethod(this.testContext);
 
 		assertThat(TestSecurityContextHolder.getContext().getAuthentication().getName()).isEqualTo("user");
 	}
diff --git a/test/src/test/java/org/springframework/security/test/context/support/WithUserDetailsSecurityContextFactoryTests.java b/test/src/test/java/org/springframework/security/test/context/support/WithUserDetailsSecurityContextFactoryTests.java
index 5db8eff4f9..873ce590e2 100644
--- a/test/src/test/java/org/springframework/security/test/context/support/WithUserDetailsSecurityContextFactoryTests.java
+++ b/test/src/test/java/org/springframework/security/test/context/support/WithUserDetailsSecurityContextFactoryTests.java
@@ -57,33 +57,33 @@ public class WithUserDetailsSecurityContextFactoryTests {
 
 	@Before
 	public void setup() {
-		factory = new WithUserDetailsSecurityContextFactory(beans);
+		this.factory = new WithUserDetailsSecurityContextFactory(this.beans);
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void createSecurityContextNullValue() {
-		factory.createSecurityContext(withUserDetails);
+		this.factory.createSecurityContext(this.withUserDetails);
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void createSecurityContextEmptyValue() {
 
-		when(withUserDetails.value()).thenReturn("");
-		factory.createSecurityContext(withUserDetails);
+		when(this.withUserDetails.value()).thenReturn("");
+		this.factory.createSecurityContext(this.withUserDetails);
 	}
 
 	@Test
 	public void createSecurityContextWithExistingUser() {
 		String username = "user";
 		when(this.beans.getBean(ReactiveUserDetailsService.class)).thenThrow(new NoSuchBeanDefinitionException(""));
-		when(beans.getBean(UserDetailsService.class)).thenReturn(userDetailsService);
-		when(withUserDetails.value()).thenReturn(username);
-		when(userDetailsService.loadUserByUsername(username)).thenReturn(userDetails);
+		when(this.beans.getBean(UserDetailsService.class)).thenReturn(this.userDetailsService);
+		when(this.withUserDetails.value()).thenReturn(username);
+		when(this.userDetailsService.loadUserByUsername(username)).thenReturn(this.userDetails);
 
-		SecurityContext context = factory.createSecurityContext(withUserDetails);
+		SecurityContext context = this.factory.createSecurityContext(this.withUserDetails);
 		assertThat(context.getAuthentication()).isInstanceOf(UsernamePasswordAuthenticationToken.class);
-		assertThat(context.getAuthentication().getPrincipal()).isEqualTo(userDetails);
-		verify(beans).getBean(UserDetailsService.class);
+		assertThat(context.getAuthentication().getPrincipal()).isEqualTo(this.userDetails);
+		verify(this.beans).getBean(UserDetailsService.class);
 	}
 
 	// gh-3346
@@ -93,27 +93,27 @@ public class WithUserDetailsSecurityContextFactoryTests {
 		String username = "user";
 		when(this.beans.getBean(beanName, ReactiveUserDetailsService.class)).thenThrow(
 				new BeanNotOfRequiredTypeException("", ReactiveUserDetailsService.class, UserDetailsService.class));
-		when(withUserDetails.value()).thenReturn(username);
-		when(withUserDetails.userDetailsServiceBeanName()).thenReturn(beanName);
-		when(userDetailsService.loadUserByUsername(username)).thenReturn(userDetails);
-		when(beans.getBean(beanName, UserDetailsService.class)).thenReturn(userDetailsService);
+		when(this.withUserDetails.value()).thenReturn(username);
+		when(this.withUserDetails.userDetailsServiceBeanName()).thenReturn(beanName);
+		when(this.userDetailsService.loadUserByUsername(username)).thenReturn(this.userDetails);
+		when(this.beans.getBean(beanName, UserDetailsService.class)).thenReturn(this.userDetailsService);
 
-		SecurityContext context = factory.createSecurityContext(withUserDetails);
+		SecurityContext context = this.factory.createSecurityContext(this.withUserDetails);
 		assertThat(context.getAuthentication()).isInstanceOf(UsernamePasswordAuthenticationToken.class);
-		assertThat(context.getAuthentication().getPrincipal()).isEqualTo(userDetails);
-		verify(beans).getBean(beanName, UserDetailsService.class);
+		assertThat(context.getAuthentication().getPrincipal()).isEqualTo(this.userDetails);
+		verify(this.beans).getBean(beanName, UserDetailsService.class);
 	}
 
 	@Test
 	public void createSecurityContextWithReactiveUserDetailsService() {
 		String username = "user";
-		when(withUserDetails.value()).thenReturn(username);
+		when(this.withUserDetails.value()).thenReturn(username);
 		when(this.beans.getBean(ReactiveUserDetailsService.class)).thenReturn(this.reactiveUserDetailsService);
-		when(this.reactiveUserDetailsService.findByUsername(username)).thenReturn(Mono.just(userDetails));
+		when(this.reactiveUserDetailsService.findByUsername(username)).thenReturn(Mono.just(this.userDetails));
 
-		SecurityContext context = factory.createSecurityContext(withUserDetails);
+		SecurityContext context = this.factory.createSecurityContext(this.withUserDetails);
 		assertThat(context.getAuthentication()).isInstanceOf(UsernamePasswordAuthenticationToken.class);
-		assertThat(context.getAuthentication().getPrincipal()).isEqualTo(userDetails);
+		assertThat(context.getAuthentication().getPrincipal()).isEqualTo(this.userDetails);
 		verify(this.beans).getBean(ReactiveUserDetailsService.class);
 	}
 
@@ -121,15 +121,15 @@ public class WithUserDetailsSecurityContextFactoryTests {
 	public void createSecurityContextWithReactiveUserDetailsServiceAndBeanName() {
 		String beanName = "secondUserDetailsServiceBean";
 		String username = "user";
-		when(withUserDetails.value()).thenReturn(username);
-		when(withUserDetails.userDetailsServiceBeanName()).thenReturn(beanName);
+		when(this.withUserDetails.value()).thenReturn(username);
+		when(this.withUserDetails.userDetailsServiceBeanName()).thenReturn(beanName);
 		when(this.beans.getBean(beanName, ReactiveUserDetailsService.class))
 				.thenReturn(this.reactiveUserDetailsService);
-		when(this.reactiveUserDetailsService.findByUsername(username)).thenReturn(Mono.just(userDetails));
+		when(this.reactiveUserDetailsService.findByUsername(username)).thenReturn(Mono.just(this.userDetails));
 
-		SecurityContext context = factory.createSecurityContext(withUserDetails);
+		SecurityContext context = this.factory.createSecurityContext(this.withUserDetails);
 		assertThat(context.getAuthentication()).isInstanceOf(UsernamePasswordAuthenticationToken.class);
-		assertThat(context.getAuthentication().getPrincipal()).isEqualTo(userDetails);
+		assertThat(context.getAuthentication().getPrincipal()).isEqualTo(this.userDetails);
 		verify(this.beans).getBean(beanName, ReactiveUserDetailsService.class);
 	}
 
diff --git a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurerOpaqueTokenTests.java b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurerOpaqueTokenTests.java
index 1a19e6d064..a976d14356 100644
--- a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurerOpaqueTokenTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurerOpaqueTokenTests.java
@@ -50,7 +50,7 @@ public class SecurityMockServerConfigurerOpaqueTokenTests extends AbstractMockSe
 
 	private GrantedAuthority authority2 = new SimpleGrantedAuthority("two");
 
-	private WebTestClient client = WebTestClient.bindToController(securityContextController)
+	private WebTestClient client = WebTestClient.bindToController(this.securityContextController)
 			.webFilter(new SecurityContextServerWebExchangeWebFilter())
 			.argumentResolvers(resolvers -> resolvers
 					.addCustomResolver(new CurrentSecurityContextArgumentResolver(new ReactiveAdapterRegistry())))
@@ -61,7 +61,7 @@ public class SecurityMockServerConfigurerOpaqueTokenTests extends AbstractMockSe
 	public void mockOpaqueTokenWhenUsingDefaultsThenBearerTokenAuthentication() {
 		this.client.mutateWith(mockOpaqueToken()).get().exchange().expectStatus().isOk();
 
-		SecurityContext context = securityContextController.removeSecurityContext();
+		SecurityContext context = this.securityContextController.removeSecurityContext();
 		assertThat(context.getAuthentication()).isInstanceOf(BearerTokenAuthentication.class);
 		BearerTokenAuthentication token = (BearerTokenAuthentication) context.getAuthentication();
 		assertThat(token.getAuthorities()).isNotEmpty();
@@ -74,7 +74,7 @@ public class SecurityMockServerConfigurerOpaqueTokenTests extends AbstractMockSe
 		this.client.mutateWith(mockOpaqueToken().authorities(this.authority1, this.authority2)).get().exchange()
 				.expectStatus().isOk();
 
-		SecurityContext context = securityContextController.removeSecurityContext();
+		SecurityContext context = this.securityContextController.removeSecurityContext();
 		assertThat((List<GrantedAuthority>) context.getAuthentication().getAuthorities()).containsOnly(this.authority1,
 				this.authority2);
 	}
@@ -85,7 +85,7 @@ public class SecurityMockServerConfigurerOpaqueTokenTests extends AbstractMockSe
 		this.client.mutateWith(mockOpaqueToken().attributes(attributes -> attributes.put(SUBJECT, sub))).get()
 				.exchange().expectStatus().isOk();
 
-		SecurityContext context = securityContextController.removeSecurityContext();
+		SecurityContext context = this.securityContextController.removeSecurityContext();
 		assertThat(context.getAuthentication()).isInstanceOf(BearerTokenAuthentication.class);
 		BearerTokenAuthentication token = (BearerTokenAuthentication) context.getAuthentication();
 		assertThat(token.getTokenAttributes().get(SUBJECT)).isSameAs(sub);
@@ -96,7 +96,7 @@ public class SecurityMockServerConfigurerOpaqueTokenTests extends AbstractMockSe
 		OAuth2AuthenticatedPrincipal principal = active();
 		this.client.mutateWith(mockOpaqueToken().principal(principal)).get().exchange().expectStatus().isOk();
 
-		SecurityContext context = securityContextController.removeSecurityContext();
+		SecurityContext context = this.securityContextController.removeSecurityContext();
 		assertThat(context.getAuthentication()).isInstanceOf(BearerTokenAuthentication.class);
 		BearerTokenAuthentication token = (BearerTokenAuthentication) context.getAuthentication();
 		assertThat(token.getPrincipal()).isSameAs(principal);
@@ -109,7 +109,7 @@ public class SecurityMockServerConfigurerOpaqueTokenTests extends AbstractMockSe
 		this.client.mutateWith(mockOpaqueToken().attributes(a -> a.put(SUBJECT, "foo")).principal(principal)).get()
 				.exchange().expectStatus().isOk();
 
-		SecurityContext context = securityContextController.removeSecurityContext();
+		SecurityContext context = this.securityContextController.removeSecurityContext();
 		assertThat(context.getAuthentication()).isInstanceOf(BearerTokenAuthentication.class);
 		BearerTokenAuthentication token = (BearerTokenAuthentication) context.getAuthentication();
 		assertThat((String) ((OAuth2AuthenticatedPrincipal) token.getPrincipal()).getAttribute(SUBJECT))
@@ -118,7 +118,7 @@ public class SecurityMockServerConfigurerOpaqueTokenTests extends AbstractMockSe
 		this.client.mutateWith(mockOpaqueToken().principal(principal).attributes(a -> a.put(SUBJECT, "bar"))).get()
 				.exchange().expectStatus().isOk();
 
-		context = securityContextController.removeSecurityContext();
+		context = this.securityContextController.removeSecurityContext();
 		assertThat(context.getAuthentication()).isInstanceOf(BearerTokenAuthentication.class);
 		token = (BearerTokenAuthentication) context.getAuthentication();
 		assertThat((String) ((OAuth2AuthenticatedPrincipal) token.getPrincipal()).getAttribute(SUBJECT))
diff --git a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersAnnotatedTests.java b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersAnnotatedTests.java
index 4289e4cfe0..480cf1ed63 100644
--- a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersAnnotatedTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersAnnotatedTests.java
@@ -43,17 +43,17 @@ import static org.springframework.security.test.web.reactive.server.SecurityMock
 @SecurityTestExecutionListeners
 public class SecurityMockServerConfigurersAnnotatedTests extends AbstractMockServerConfigurersTests {
 
-	WebTestClient client = WebTestClient.bindToController(controller)
+	WebTestClient client = WebTestClient.bindToController(this.controller)
 			.webFilter(new SecurityContextServerWebExchangeWebFilter()).apply(springSecurity()).configureClient()
 			.defaultHeader(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_VALUE).build();
 
 	@Test
 	@WithMockUser
 	public void withMockUserWhenOnMethodThenSuccess() {
-		client.get().exchange().expectStatus().isOk();
+		this.client.get().exchange().expectStatus().isOk();
 
 		Authentication authentication = TestSecurityContextHolder.getContext().getAuthentication();
-		controller.assertPrincipalIsEqualTo(authentication);
+		this.controller.assertPrincipalIsEqualTo(authentication);
 	}
 
 	@Test
@@ -61,13 +61,14 @@ public class SecurityMockServerConfigurersAnnotatedTests extends AbstractMockSer
 	public void withMockUserWhenGlobalMockPrincipalThenOverridesAnnotation() {
 		TestingAuthenticationToken authentication = new TestingAuthenticationToken("authentication", "secret",
 				"ROLE_USER");
-		client = WebTestClient.bindToController(controller).webFilter(new SecurityContextServerWebExchangeWebFilter())
-				.apply(springSecurity()).apply(mockAuthentication(authentication)).configureClient()
+		this.client = WebTestClient.bindToController(this.controller)
+				.webFilter(new SecurityContextServerWebExchangeWebFilter()).apply(springSecurity())
+				.apply(mockAuthentication(authentication)).configureClient()
 				.defaultHeader(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_VALUE).build();
 
-		client.get().exchange().expectStatus().isOk();
+		this.client.get().exchange().expectStatus().isOk();
 
-		controller.assertPrincipalIsEqualTo(authentication);
+		this.controller.assertPrincipalIsEqualTo(authentication);
 	}
 
 	@Test
@@ -75,9 +76,9 @@ public class SecurityMockServerConfigurersAnnotatedTests extends AbstractMockSer
 	public void withMockUserWhenMutateWithMockPrincipalThenOverridesAnnotation() {
 		TestingAuthenticationToken authentication = new TestingAuthenticationToken("authentication", "secret",
 				"ROLE_USER");
-		client.mutateWith(mockAuthentication(authentication)).get().exchange().expectStatus().isOk();
+		this.client.mutateWith(mockAuthentication(authentication)).get().exchange().expectStatus().isOk();
 
-		controller.assertPrincipalIsEqualTo(authentication);
+		this.controller.assertPrincipalIsEqualTo(authentication);
 	}
 
 	@Test
@@ -85,22 +86,22 @@ public class SecurityMockServerConfigurersAnnotatedTests extends AbstractMockSer
 	public void withMockUserWhenMutateWithMockPrincipalAndNoMutateThenOverridesAnnotationAndUsesAnnotation() {
 		TestingAuthenticationToken authentication = new TestingAuthenticationToken("authentication", "secret",
 				"ROLE_USER");
-		client.mutateWith(mockAuthentication(authentication)).get().exchange().expectStatus().isOk();
+		this.client.mutateWith(mockAuthentication(authentication)).get().exchange().expectStatus().isOk();
 
-		controller.assertPrincipalIsEqualTo(authentication);
+		this.controller.assertPrincipalIsEqualTo(authentication);
 
-		client.get().exchange().expectStatus().isOk();
+		this.client.get().exchange().expectStatus().isOk();
 
-		assertPrincipalCreatedFromUserDetails(controller.removePrincipal(), userBuilder.build());
+		assertPrincipalCreatedFromUserDetails(this.controller.removePrincipal(), this.userBuilder.build());
 	}
 
 	@Test
 	@WithMockUser
 	public void withMockUserWhenOnMethodAndRequestIsExecutedOnDifferentThreadThenSuccess() {
 		Authentication authentication = TestSecurityContextHolder.getContext().getAuthentication();
-		ForkJoinPool.commonPool().submit(() -> client.get().exchange().expectStatus().isOk()).join();
+		ForkJoinPool.commonPool().submit(() -> this.client.get().exchange().expectStatus().isOk()).join();
 
-		controller.assertPrincipalIsEqualTo(authentication);
+		this.controller.assertPrincipalIsEqualTo(authentication);
 	}
 
 	@Test
@@ -110,14 +111,14 @@ public class SecurityMockServerConfigurersAnnotatedTests extends AbstractMockSer
 				"ROLE_USER");
 
 		ForkJoinPool.commonPool().submit(
-				() -> client.mutateWith(mockAuthentication(authentication)).get().exchange().expectStatus().isOk())
+				() -> this.client.mutateWith(mockAuthentication(authentication)).get().exchange().expectStatus().isOk())
 				.join();
 
-		controller.assertPrincipalIsEqualTo(authentication);
+		this.controller.assertPrincipalIsEqualTo(authentication);
 
-		ForkJoinPool.commonPool().submit(() -> client.get().exchange().expectStatus().isOk()).join();
+		ForkJoinPool.commonPool().submit(() -> this.client.get().exchange().expectStatus().isOk()).join();
 
-		assertPrincipalCreatedFromUserDetails(controller.removePrincipal(), userBuilder.build());
+		assertPrincipalCreatedFromUserDetails(this.controller.removePrincipal(), this.userBuilder.build());
 	}
 
 }
diff --git a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersClassAnnotatedTests.java b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersClassAnnotatedTests.java
index a0fcc549df..68857affa6 100644
--- a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersClassAnnotatedTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersClassAnnotatedTests.java
@@ -44,37 +44,37 @@ import static org.springframework.security.test.web.reactive.server.SecurityMock
 @SecurityTestExecutionListeners
 public class SecurityMockServerConfigurersClassAnnotatedTests extends AbstractMockServerConfigurersTests {
 
-	WebTestClient client = WebTestClient.bindToController(controller)
+	WebTestClient client = WebTestClient.bindToController(this.controller)
 			.webFilter(new SecurityContextServerWebExchangeWebFilter()).apply(springSecurity()).configureClient()
 			.defaultHeader(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_VALUE).build();
 
 	@Test
 	public void wheMockUserWhenClassAnnotatedThenSuccess() {
-		client.get().exchange().expectStatus().isOk().expectBody(String.class)
+		this.client.get().exchange().expectStatus().isOk().expectBody(String.class)
 				.consumeWith(response -> assertThat(response.getResponseBody()).contains("\"username\":\"user\""));
 
 		Authentication authentication = TestSecurityContextHolder.getContext().getAuthentication();
-		controller.assertPrincipalIsEqualTo(authentication);
+		this.controller.assertPrincipalIsEqualTo(authentication);
 	}
 
 	@Test
 	@WithMockUser("method-user")
 	public void withMockUserWhenClassAndMethodAnnotationThenMethodOverrides() {
-		client.get().exchange().expectStatus().isOk().expectBody(String.class).consumeWith(
+		this.client.get().exchange().expectStatus().isOk().expectBody(String.class).consumeWith(
 				response -> assertThat(response.getResponseBody()).contains("\"username\":\"method-user\""));
 
 		Authentication authentication = TestSecurityContextHolder.getContext().getAuthentication();
-		controller.assertPrincipalIsEqualTo(authentication);
+		this.controller.assertPrincipalIsEqualTo(authentication);
 	}
 
 	@Test
 	public void withMockUserWhenMutateWithThenMustateWithOverrides() {
-		client.mutateWith(mockUser("mutateWith-mockUser")).get().exchange().expectStatus().isOk()
+		this.client.mutateWith(mockUser("mutateWith-mockUser")).get().exchange().expectStatus().isOk()
 				.expectBody(String.class).consumeWith(response -> assertThat(response.getResponseBody())
 						.contains("\"username\":\"mutateWith-mockUser\""));
 
-		Principal principal = controller.removePrincipal();
-		assertPrincipalCreatedFromUserDetails(principal, userBuilder.username("mutateWith-mockUser").build());
+		Principal principal = this.controller.removePrincipal();
+		assertPrincipalCreatedFromUserDetails(principal, this.userBuilder.username("mutateWith-mockUser").build());
 	}
 
 }
diff --git a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersJwtTests.java b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersJwtTests.java
index 02a01cc8e3..7c64ffeda4 100644
--- a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersJwtTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersJwtTests.java
@@ -54,7 +54,7 @@ public class SecurityMockServerConfigurersJwtTests extends AbstractMockServerCon
 	@Mock
 	GrantedAuthority authority2;
 
-	WebTestClient client = WebTestClient.bindToController(securityContextController)
+	WebTestClient client = WebTestClient.bindToController(this.securityContextController)
 			.webFilter(new SecurityContextServerWebExchangeWebFilter())
 			.argumentResolvers(resolvers -> resolvers
 					.addCustomResolver(new CurrentSecurityContextArgumentResolver(new ReactiveAdapterRegistry())))
@@ -63,9 +63,9 @@ public class SecurityMockServerConfigurersJwtTests extends AbstractMockServerCon
 
 	@Test
 	public void mockJwtWhenUsingDefaultsTheCreatesJwtAuthentication() {
-		client.mutateWith(mockJwt()).get().exchange().expectStatus().isOk();
+		this.client.mutateWith(mockJwt()).get().exchange().expectStatus().isOk();
 
-		SecurityContext context = securityContextController.removeSecurityContext();
+		SecurityContext context = this.securityContextController.removeSecurityContext();
 		assertThat(context.getAuthentication()).isInstanceOf(JwtAuthenticationToken.class);
 		JwtAuthenticationToken token = (JwtAuthenticationToken) context.getAuthentication();
 		assertThat(token.getAuthorities()).isNotEmpty();
@@ -77,9 +77,9 @@ public class SecurityMockServerConfigurersJwtTests extends AbstractMockServerCon
 	@Test
 	public void mockJwtWhenProvidingBuilderConsumerThenProducesJwtAuthentication() {
 		String name = new String("user");
-		client.mutateWith(mockJwt().jwt(jwt -> jwt.subject(name))).get().exchange().expectStatus().isOk();
+		this.client.mutateWith(mockJwt().jwt(jwt -> jwt.subject(name))).get().exchange().expectStatus().isOk();
 
-		SecurityContext context = securityContextController.removeSecurityContext();
+		SecurityContext context = this.securityContextController.removeSecurityContext();
 		assertThat(context.getAuthentication()).isInstanceOf(JwtAuthenticationToken.class);
 		JwtAuthenticationToken token = (JwtAuthenticationToken) context.getAuthentication();
 		assertThat(token.getToken().getSubject()).isSameAs(name);
@@ -87,30 +87,30 @@ public class SecurityMockServerConfigurersJwtTests extends AbstractMockServerCon
 
 	@Test
 	public void mockJwtWhenProvidingCustomAuthoritiesThenProducesJwtAuthentication() {
-		client.mutateWith(mockJwt().jwt(jwt -> jwt.claim("scope", "ignored authorities")).authorities(this.authority1,
-				this.authority2)).get().exchange().expectStatus().isOk();
+		this.client.mutateWith(mockJwt().jwt(jwt -> jwt.claim("scope", "ignored authorities"))
+				.authorities(this.authority1, this.authority2)).get().exchange().expectStatus().isOk();
 
-		SecurityContext context = securityContextController.removeSecurityContext();
+		SecurityContext context = this.securityContextController.removeSecurityContext();
 		assertThat((List<GrantedAuthority>) context.getAuthentication().getAuthorities()).containsOnly(this.authority1,
 				this.authority2);
 	}
 
 	@Test
 	public void mockJwtWhenProvidingScopedAuthoritiesThenProducesJwtAuthentication() {
-		client.mutateWith(mockJwt().jwt(jwt -> jwt.claim("scope", "scoped authorities"))).get().exchange()
+		this.client.mutateWith(mockJwt().jwt(jwt -> jwt.claim("scope", "scoped authorities"))).get().exchange()
 				.expectStatus().isOk();
 
-		SecurityContext context = securityContextController.removeSecurityContext();
+		SecurityContext context = this.securityContextController.removeSecurityContext();
 		assertThat((List<GrantedAuthority>) context.getAuthentication().getAuthorities()).containsOnly(
 				new SimpleGrantedAuthority("SCOPE_scoped"), new SimpleGrantedAuthority("SCOPE_authorities"));
 	}
 
 	@Test
 	public void mockJwtWhenProvidingGrantedAuthoritiesThenProducesJwtAuthentication() {
-		client.mutateWith(mockJwt().jwt(jwt -> jwt.claim("scope", "ignored authorities"))
+		this.client.mutateWith(mockJwt().jwt(jwt -> jwt.claim("scope", "ignored authorities"))
 				.authorities(jwt -> Arrays.asList(this.authority1))).get().exchange().expectStatus().isOk();
 
-		SecurityContext context = securityContextController.removeSecurityContext();
+		SecurityContext context = this.securityContextController.removeSecurityContext();
 		assertThat((List<GrantedAuthority>) context.getAuthentication().getAuthorities()).containsOnly(this.authority1);
 	}
 
@@ -119,7 +119,7 @@ public class SecurityMockServerConfigurersJwtTests extends AbstractMockServerCon
 		Jwt originalToken = TestJwts.jwt().header("header1", "value1").subject("some_user").build();
 		this.client.mutateWith(mockJwt().jwt(originalToken)).get().exchange().expectStatus().isOk();
 
-		SecurityContext context = securityContextController.removeSecurityContext();
+		SecurityContext context = this.securityContextController.removeSecurityContext();
 		assertThat(context.getAuthentication()).isInstanceOf(JwtAuthenticationToken.class);
 		JwtAuthenticationToken retrievedToken = (JwtAuthenticationToken) context.getAuthentication();
 		assertThat(retrievedToken.getToken().getSubject()).isEqualTo("some_user");
diff --git a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersTests.java b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersTests.java
index 62135103a7..68354f6021 100644
--- a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersTests.java
@@ -42,7 +42,7 @@ import static org.springframework.security.test.web.reactive.server.SecurityMock
  */
 public class SecurityMockServerConfigurersTests extends AbstractMockServerConfigurersTests {
 
-	WebTestClient client = WebTestClient.bindToController(controller)
+	WebTestClient client = WebTestClient.bindToController(this.controller)
 			.webFilter(new CsrfWebFilter(), new SecurityContextServerWebExchangeWebFilter()).apply(springSecurity())
 			.configureClient().defaultHeader(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_VALUE).build();
 
@@ -50,70 +50,71 @@ public class SecurityMockServerConfigurersTests extends AbstractMockServerConfig
 	public void mockAuthenticationWhenLocalThenSuccess() {
 		TestingAuthenticationToken authentication = new TestingAuthenticationToken("authentication", "secret",
 				"ROLE_USER");
-		client.mutateWith(mockAuthentication(authentication)).get().exchange().expectStatus().isOk();
-		controller.assertPrincipalIsEqualTo(authentication);
+		this.client.mutateWith(mockAuthentication(authentication)).get().exchange().expectStatus().isOk();
+		this.controller.assertPrincipalIsEqualTo(authentication);
 	}
 
 	@Test
 	public void mockAuthenticationWhenGlobalThenSuccess() {
 		TestingAuthenticationToken authentication = new TestingAuthenticationToken("authentication", "secret",
 				"ROLE_USER");
-		client = WebTestClient.bindToController(controller).webFilter(new SecurityContextServerWebExchangeWebFilter())
-				.apply(springSecurity()).apply(mockAuthentication(authentication)).configureClient()
+		this.client = WebTestClient.bindToController(this.controller)
+				.webFilter(new SecurityContextServerWebExchangeWebFilter()).apply(springSecurity())
+				.apply(mockAuthentication(authentication)).configureClient()
 				.defaultHeader(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_VALUE).build();
-		client.get().exchange().expectStatus().isOk();
-		controller.assertPrincipalIsEqualTo(authentication);
+		this.client.get().exchange().expectStatus().isOk();
+		this.controller.assertPrincipalIsEqualTo(authentication);
 	}
 
 	@Test
 	public void mockUserWhenDefaultsThenSuccess() {
-		client.mutateWith(mockUser()).get().exchange().expectStatus().isOk();
+		this.client.mutateWith(mockUser()).get().exchange().expectStatus().isOk();
 
-		Principal actual = controller.removePrincipal();
+		Principal actual = this.controller.removePrincipal();
 
-		assertPrincipalCreatedFromUserDetails(actual, userBuilder.build());
+		assertPrincipalCreatedFromUserDetails(actual, this.userBuilder.build());
 	}
 
 	@Test
 	public void mockUserWhenGlobalThenSuccess() {
-		client = WebTestClient.bindToController(controller).webFilter(new SecurityContextServerWebExchangeWebFilter())
-				.apply(springSecurity()).apply(mockUser()).configureClient()
-				.defaultHeader(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_VALUE).build();
-		client.get().exchange().expectStatus().isOk();
+		this.client = WebTestClient.bindToController(this.controller)
+				.webFilter(new SecurityContextServerWebExchangeWebFilter()).apply(springSecurity()).apply(mockUser())
+				.configureClient().defaultHeader(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_VALUE).build();
+		this.client.get().exchange().expectStatus().isOk();
 
-		Principal actual = controller.removePrincipal();
+		Principal actual = this.controller.removePrincipal();
 
-		assertPrincipalCreatedFromUserDetails(actual, userBuilder.build());
+		assertPrincipalCreatedFromUserDetails(actual, this.userBuilder.build());
 	}
 
 	@Test
 	public void mockUserStringWhenLocalThenSuccess() {
-		client.mutateWith(mockUser(userBuilder.build().getUsername())).get().exchange().expectStatus().isOk();
+		this.client.mutateWith(mockUser(this.userBuilder.build().getUsername())).get().exchange().expectStatus().isOk();
 
-		Principal actual = controller.removePrincipal();
+		Principal actual = this.controller.removePrincipal();
 
-		assertPrincipalCreatedFromUserDetails(actual, userBuilder.build());
+		assertPrincipalCreatedFromUserDetails(actual, this.userBuilder.build());
 	}
 
 	@Test
 	public void mockUserStringWhenCustomThenSuccess() {
 		this.userBuilder = User.withUsername("admin").password("secret").roles("USER", "ADMIN");
-		client.mutateWith(mockUser("admin").password("secret").roles("USER", "ADMIN")).get().exchange().expectStatus()
-				.isOk();
+		this.client.mutateWith(mockUser("admin").password("secret").roles("USER", "ADMIN")).get().exchange()
+				.expectStatus().isOk();
 
-		Principal actual = controller.removePrincipal();
+		Principal actual = this.controller.removePrincipal();
 
-		assertPrincipalCreatedFromUserDetails(actual, userBuilder.build());
+		assertPrincipalCreatedFromUserDetails(actual, this.userBuilder.build());
 	}
 
 	@Test
 	public void mockUserUserDetailsLocalThenSuccess() {
 		UserDetails userDetails = this.userBuilder.build();
-		client.mutateWith(mockUser(userDetails)).get().exchange().expectStatus().isOk();
+		this.client.mutateWith(mockUser(userDetails)).get().exchange().expectStatus().isOk();
 
-		Principal actual = controller.removePrincipal();
+		Principal actual = this.controller.removePrincipal();
 
-		assertPrincipalCreatedFromUserDetails(actual, userBuilder.build());
+		assertPrincipalCreatedFromUserDetails(actual, this.userBuilder.build());
 	}
 
 	@Test
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/Sec2935Tests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/Sec2935Tests.java
index 64f306fb7d..f8ccde3430 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/Sec2935Tests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/Sec2935Tests.java
@@ -57,47 +57,47 @@ public class Sec2935Tests {
 
 	@Before
 	public void setup() {
-		mvc = MockMvcBuilders.webAppContextSetup(context).apply(springSecurity()).build();
+		this.mvc = MockMvcBuilders.webAppContextSetup(this.context).apply(springSecurity()).build();
 	}
 
 	// SEC-2935
 	@Test
 	public void postProcessorUserNoUser() throws Exception {
-		mvc.perform(get("/admin/abc").with(user("user").roles("ADMIN", "USER"))).andExpect(status().isNotFound())
+		this.mvc.perform(get("/admin/abc").with(user("user").roles("ADMIN", "USER"))).andExpect(status().isNotFound())
 				.andExpect(authenticated().withUsername("user"));
 
-		mvc.perform(get("/admin/abc")).andExpect(status().isUnauthorized()).andExpect(unauthenticated());
+		this.mvc.perform(get("/admin/abc")).andExpect(status().isUnauthorized()).andExpect(unauthenticated());
 	}
 
 	@Test
 	public void postProcessorUserOtherUser() throws Exception {
-		mvc.perform(get("/admin/abc").with(user("user1").roles("ADMIN", "USER"))).andExpect(status().isNotFound())
+		this.mvc.perform(get("/admin/abc").with(user("user1").roles("ADMIN", "USER"))).andExpect(status().isNotFound())
 				.andExpect(authenticated().withUsername("user1"));
 
-		mvc.perform(get("/admin/abc").with(user("user2").roles("USER"))).andExpect(status().isForbidden())
+		this.mvc.perform(get("/admin/abc").with(user("user2").roles("USER"))).andExpect(status().isForbidden())
 				.andExpect(authenticated().withUsername("user2"));
 	}
 
 	@WithMockUser
 	@Test
 	public void postProcessorUserWithMockUser() throws Exception {
-		mvc.perform(get("/admin/abc").with(user("user1").roles("ADMIN", "USER"))).andExpect(status().isNotFound())
+		this.mvc.perform(get("/admin/abc").with(user("user1").roles("ADMIN", "USER"))).andExpect(status().isNotFound())
 				.andExpect(authenticated().withUsername("user1"));
 
-		mvc.perform(get("/admin/abc")).andExpect(status().isForbidden())
+		this.mvc.perform(get("/admin/abc")).andExpect(status().isForbidden())
 				.andExpect(authenticated().withUsername("user"));
 	}
 
 	// SEC-2941
 	@Test
 	public void defaultRequest() throws Exception {
-		mvc = MockMvcBuilders.webAppContextSetup(context).apply(springSecurity())
+		this.mvc = MockMvcBuilders.webAppContextSetup(this.context).apply(springSecurity())
 				.defaultRequest(get("/").with(user("default"))).build();
 
-		mvc.perform(get("/admin/abc").with(user("user1").roles("ADMIN", "USER"))).andExpect(status().isNotFound())
+		this.mvc.perform(get("/admin/abc").with(user("user1").roles("ADMIN", "USER"))).andExpect(status().isNotFound())
 				.andExpect(authenticated().withUsername("user1"));
 
-		mvc.perform(get("/admin/abc")).andExpect(status().isForbidden())
+		this.mvc.perform(get("/admin/abc")).andExpect(status().isForbidden())
 				.andExpect(authenticated().withUsername("default"));
 	}
 
@@ -105,13 +105,13 @@ public class Sec2935Tests {
 	@WithMockUser
 	@Test
 	public void defaultRequestOverridesWithMockUser() throws Exception {
-		mvc = MockMvcBuilders.webAppContextSetup(context).apply(springSecurity())
+		this.mvc = MockMvcBuilders.webAppContextSetup(this.context).apply(springSecurity())
 				.defaultRequest(get("/").with(user("default"))).build();
 
-		mvc.perform(get("/admin/abc").with(user("user1").roles("ADMIN", "USER"))).andExpect(status().isNotFound())
+		this.mvc.perform(get("/admin/abc").with(user("user1").roles("ADMIN", "USER"))).andExpect(status().isNotFound())
 				.andExpect(authenticated().withUsername("user1"));
 
-		mvc.perform(get("/admin/abc")).andExpect(status().isForbidden())
+		this.mvc.perform(get("/admin/abc")).andExpect(status().isForbidden())
 				.andExpect(authenticated().withUsername("default"));
 	}
 
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestBuildersFormLogoutTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestBuildersFormLogoutTests.java
index 60ca04c417..5739ef9dc4 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestBuildersFormLogoutTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestBuildersFormLogoutTests.java
@@ -45,12 +45,12 @@ public class SecurityMockMvcRequestBuildersFormLogoutTests {
 
 	@Before
 	public void setup() {
-		servletContext = new MockServletContext();
+		this.servletContext = new MockServletContext();
 	}
 
 	@Test
 	public void defaults() {
-		MockHttpServletRequest request = logout().buildRequest(servletContext);
+		MockHttpServletRequest request = logout().buildRequest(this.servletContext);
 
 		CsrfToken token = (CsrfToken) request
 				.getAttribute(CsrfRequestPostProcessor.TestCsrfTokenRepository.TOKEN_ATTR_NAME);
@@ -62,7 +62,7 @@ public class SecurityMockMvcRequestBuildersFormLogoutTests {
 
 	@Test
 	public void custom() {
-		MockHttpServletRequest request = logout("/admin/logout").buildRequest(servletContext);
+		MockHttpServletRequest request = logout("/admin/logout").buildRequest(this.servletContext);
 
 		CsrfToken token = (CsrfToken) request
 				.getAttribute(CsrfRequestPostProcessor.TestCsrfTokenRepository.TOKEN_ATTR_NAME);
@@ -75,7 +75,7 @@ public class SecurityMockMvcRequestBuildersFormLogoutTests {
 	@Test
 	public void customWithUriVars() {
 		MockHttpServletRequest request = logout().logoutUrl("/uri-logout/{var1}/{var2}", "val1", "val2")
-				.buildRequest(servletContext);
+				.buildRequest(this.servletContext);
 
 		CsrfToken token = (CsrfToken) request
 				.getAttribute(CsrfRequestPostProcessor.TestCsrfTokenRepository.TOKEN_ATTR_NAME);
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsAuthenticationStatelessTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsAuthenticationStatelessTests.java
index 72c2fd2435..61cb427087 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsAuthenticationStatelessTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsAuthenticationStatelessTests.java
@@ -53,20 +53,20 @@ public class SecurityMockMvcRequestPostProcessorsAuthenticationStatelessTests {
 
 	@Before
 	public void setup() {
-		mvc = MockMvcBuilders.webAppContextSetup(context).apply(springSecurity()).build();
+		this.mvc = MockMvcBuilders.webAppContextSetup(this.context).apply(springSecurity()).build();
 	}
 
 	// SEC-2593
 	@Test
 	public void userRequestPostProcessorWorksWithStateless() throws Exception {
-		mvc.perform(get("/").with(user("user"))).andExpect(status().is2xxSuccessful());
+		this.mvc.perform(get("/").with(user("user"))).andExpect(status().is2xxSuccessful());
 	}
 
 	// SEC-2593
 	@WithMockUser
 	@Test
 	public void withMockUserWorksWithStateless() throws Exception {
-		mvc.perform(get("/")).andExpect(status().is2xxSuccessful());
+		this.mvc.perform(get("/")).andExpect(status().is2xxSuccessful());
 	}
 
 	@EnableWebSecurity
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsAuthenticationTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsAuthenticationTests.java
index d24f9a67ee..73c8dc0544 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsAuthenticationTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsAuthenticationTests.java
@@ -62,7 +62,7 @@ public class SecurityMockMvcRequestPostProcessorsAuthenticationTests {
 
 	@Before
 	public void setup() {
-		request = new MockHttpServletRequest();
+		this.request = new MockHttpServletRequest();
 		mockWebTestUtils();
 	}
 
@@ -73,16 +73,17 @@ public class SecurityMockMvcRequestPostProcessorsAuthenticationTests {
 
 	@Test
 	public void userDetails() {
-		authentication(authentication).postProcessRequest(request);
+		authentication(this.authentication).postProcessRequest(this.request);
 
-		verify(repository).saveContext(contextCaptor.capture(), eq(request), any(HttpServletResponse.class));
-		SecurityContext context = contextCaptor.getValue();
-		assertThat(context.getAuthentication()).isSameAs(authentication);
+		verify(this.repository).saveContext(this.contextCaptor.capture(), eq(this.request),
+				any(HttpServletResponse.class));
+		SecurityContext context = this.contextCaptor.getValue();
+		assertThat(context.getAuthentication()).isSameAs(this.authentication);
 	}
 
 	private void mockWebTestUtils() {
 		spy(WebTestUtils.class);
-		when(WebTestUtils.getSecurityContextRepository(request)).thenReturn(repository);
+		when(WebTestUtils.getSecurityContextRepository(this.request)).thenReturn(this.repository);
 	}
 
 }
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCertificateTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCertificateTests.java
index b7a275d170..d1389af563 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCertificateTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCertificateTests.java
@@ -38,22 +38,22 @@ public class SecurityMockMvcRequestPostProcessorsCertificateTests {
 
 	@Before
 	public void setup() {
-		request = new MockHttpServletRequest();
+		this.request = new MockHttpServletRequest();
 	}
 
 	@Test
 	public void x509SingleCertificate() {
-		MockHttpServletRequest postProcessedRequest = x509(certificate).postProcessRequest(request);
+		MockHttpServletRequest postProcessedRequest = x509(this.certificate).postProcessRequest(this.request);
 
 		X509Certificate[] certificates = (X509Certificate[]) postProcessedRequest
 				.getAttribute("javax.servlet.request.X509Certificate");
 
-		assertThat(certificates).containsOnly(certificate);
+		assertThat(certificates).containsOnly(this.certificate);
 	}
 
 	@Test
 	public void x509ResourceName() throws Exception {
-		MockHttpServletRequest postProcessedRequest = x509("rod.cer").postProcessRequest(request);
+		MockHttpServletRequest postProcessedRequest = x509("rod.cer").postProcessRequest(this.request);
 
 		X509Certificate[] certificates = (X509Certificate[]) postProcessedRequest
 				.getAttribute("javax.servlet.request.X509Certificate");
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCsrfDebugFilterTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCsrfDebugFilterTests.java
index c8e79f0fa5..1771697493 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCsrfDebugFilterTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCsrfDebugFilterTests.java
@@ -46,7 +46,7 @@ public class SecurityMockMvcRequestPostProcessorsCsrfDebugFilterTests {
 	// SEC-3836
 	@Test
 	public void findCookieCsrfTokenRepository() {
-		MockHttpServletRequest request = post("/").buildRequest(wac.getServletContext());
+		MockHttpServletRequest request = post("/").buildRequest(this.wac.getServletContext());
 		CsrfTokenRepository csrfTokenRepository = WebTestUtils.getCsrfTokenRepository(request);
 		assertThat(csrfTokenRepository).isNotNull();
 		assertThat(csrfTokenRepository).isEqualTo(Config.cookieCsrfTokenRepository);
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsDigestTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsDigestTests.java
index c3d65d4d5f..dab46c6b0c 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsDigestTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsDigestTests.java
@@ -53,16 +53,16 @@ public class SecurityMockMvcRequestPostProcessorsDigestTests {
 	@Before
 	public void setup() {
 		this.password = "password";
-		request = new MockHttpServletRequest();
+		this.request = new MockHttpServletRequest();
 
-		entryPoint = new DigestAuthenticationEntryPoint();
-		entryPoint.setKey("key");
-		entryPoint.setRealmName("Spring Security");
-		filter = new DigestAuthenticationFilter();
-		filter.setUserDetailsService(
-				username -> new User(username, password, AuthorityUtils.createAuthorityList("ROLE_USER")));
-		filter.setAuthenticationEntryPoint(entryPoint);
-		filter.afterPropertiesSet();
+		this.entryPoint = new DigestAuthenticationEntryPoint();
+		this.entryPoint.setKey("key");
+		this.entryPoint.setRealmName("Spring Security");
+		this.filter = new DigestAuthenticationFilter();
+		this.filter.setUserDetailsService(
+				username -> new User(username, this.password, AuthorityUtils.createAuthorityList("ROLE_USER")));
+		this.filter.setAuthenticationEntryPoint(this.entryPoint);
+		this.filter.afterPropertiesSet();
 	}
 
 	@After
@@ -72,7 +72,7 @@ public class SecurityMockMvcRequestPostProcessorsDigestTests {
 
 	@Test
 	public void digestWithFilter() throws Exception {
-		MockHttpServletRequest postProcessedRequest = digest().postProcessRequest(request);
+		MockHttpServletRequest postProcessedRequest = digest().postProcessRequest(this.request);
 
 		assertThat(extractUser()).isEqualTo("user");
 	}
@@ -80,7 +80,7 @@ public class SecurityMockMvcRequestPostProcessorsDigestTests {
 	@Test
 	public void digestWithFilterCustomUsername() throws Exception {
 		String username = "admin";
-		MockHttpServletRequest postProcessedRequest = digest(username).postProcessRequest(request);
+		MockHttpServletRequest postProcessedRequest = digest(username).postProcessRequest(this.request);
 
 		assertThat(extractUser()).isEqualTo(username);
 	}
@@ -88,8 +88,9 @@ public class SecurityMockMvcRequestPostProcessorsDigestTests {
 	@Test
 	public void digestWithFilterCustomPassword() throws Exception {
 		String username = "custom";
-		password = "secret";
-		MockHttpServletRequest postProcessedRequest = digest(username).password(password).postProcessRequest(request);
+		this.password = "secret";
+		MockHttpServletRequest postProcessedRequest = digest(username).password(this.password)
+				.postProcessRequest(this.request);
 
 		assertThat(extractUser()).isEqualTo(username);
 	}
@@ -97,9 +98,9 @@ public class SecurityMockMvcRequestPostProcessorsDigestTests {
 	@Test
 	public void digestWithFilterCustomRealm() throws Exception {
 		String username = "admin";
-		entryPoint.setRealmName("Custom");
-		MockHttpServletRequest postProcessedRequest = digest(username).realm(entryPoint.getRealmName())
-				.postProcessRequest(request);
+		this.entryPoint.setRealmName("Custom");
+		MockHttpServletRequest postProcessedRequest = digest(username).realm(this.entryPoint.getRealmName())
+				.postProcessRequest(this.request);
 
 		assertThat(extractUser()).isEqualTo(username);
 	}
@@ -107,20 +108,22 @@ public class SecurityMockMvcRequestPostProcessorsDigestTests {
 	@Test
 	public void digestWithFilterFails() throws Exception {
 		String username = "admin";
-		MockHttpServletRequest postProcessedRequest = digest(username).realm("Invalid").postProcessRequest(request);
+		MockHttpServletRequest postProcessedRequest = digest(username).realm("Invalid")
+				.postProcessRequest(this.request);
 
 		assertThat(extractUser()).isNull();
 	}
 
 	private String extractUser() throws IOException, ServletException {
-		filter.doFilter(request, new MockHttpServletResponse(), new MockFilterChain() {
+		this.filter.doFilter(this.request, new MockHttpServletResponse(), new MockFilterChain() {
 			@Override
 			public void doFilter(ServletRequest request, ServletResponse response) {
 				Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
-				username = authentication == null ? null : authentication.getName();
+				SecurityMockMvcRequestPostProcessorsDigestTests.this.username = authentication == null ? null
+						: authentication.getName();
 			}
 		});
-		return username;
+		return this.username;
 	}
 
 }
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsSecurityContextTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsSecurityContextTests.java
index 37c404ae0c..5a71745175 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsSecurityContextTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsSecurityContextTests.java
@@ -61,7 +61,7 @@ public class SecurityMockMvcRequestPostProcessorsSecurityContextTests {
 
 	@Before
 	public void setup() {
-		request = new MockHttpServletRequest();
+		this.request = new MockHttpServletRequest();
 		mockWebTestUtils();
 	}
 
@@ -72,16 +72,17 @@ public class SecurityMockMvcRequestPostProcessorsSecurityContextTests {
 
 	@Test
 	public void userDetails() {
-		securityContext(expectedContext).postProcessRequest(request);
+		securityContext(this.expectedContext).postProcessRequest(this.request);
 
-		verify(repository).saveContext(contextCaptor.capture(), eq(request), any(HttpServletResponse.class));
-		SecurityContext context = contextCaptor.getValue();
+		verify(this.repository).saveContext(this.contextCaptor.capture(), eq(this.request),
+				any(HttpServletResponse.class));
+		SecurityContext context = this.contextCaptor.getValue();
 		assertThat(context).isSameAs(this.expectedContext);
 	}
 
 	private void mockWebTestUtils() {
 		spy(WebTestUtils.class);
-		when(WebTestUtils.getSecurityContextRepository(request)).thenReturn(repository);
+		when(WebTestUtils.getSecurityContextRepository(this.request)).thenReturn(this.repository);
 	}
 
 }
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsTestSecurityContextStatelessTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsTestSecurityContextStatelessTests.java
index 6d6a86e979..5b7de6735d 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsTestSecurityContextStatelessTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsTestSecurityContextStatelessTests.java
@@ -57,14 +57,14 @@ public class SecurityMockMvcRequestPostProcessorsTestSecurityContextStatelessTes
 
 	@Before
 	public void setup() {
-		mvc = MockMvcBuilders.webAppContextSetup(context).addFilters(springSecurityFilterChain)
+		this.mvc = MockMvcBuilders.webAppContextSetup(this.context).addFilters(this.springSecurityFilterChain)
 				.defaultRequest(get("/").with(testSecurityContext())).build();
 	}
 
 	@Test
 	@WithMockUser
 	public void testSecurityContextWithMockUserWorksWithStateless() throws Exception {
-		mvc.perform(get("/")).andExpect(status().is2xxSuccessful());
+		this.mvc.perform(get("/")).andExpect(status().is2xxSuccessful());
 	}
 
 	@EnableWebSecurity
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsTestSecurityContextTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsTestSecurityContextTests.java
index 236743d83a..08f76801c5 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsTestSecurityContextTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsTestSecurityContextTests.java
@@ -56,7 +56,7 @@ public class SecurityMockMvcRequestPostProcessorsTestSecurityContextTests {
 
 	@Before
 	public void setup() {
-		request = new MockHttpServletRequest();
+		this.request = new MockHttpServletRequest();
 		mockWebTestUtils();
 	}
 
@@ -67,25 +67,25 @@ public class SecurityMockMvcRequestPostProcessorsTestSecurityContextTests {
 
 	@Test
 	public void testSecurityContextSaves() {
-		TestSecurityContextHolder.setContext(context);
+		TestSecurityContextHolder.setContext(this.context);
 
-		testSecurityContext().postProcessRequest(request);
+		testSecurityContext().postProcessRequest(this.request);
 
-		verify(repository).saveContext(eq(context), eq(request), any(HttpServletResponse.class));
+		verify(this.repository).saveContext(eq(this.context), eq(this.request), any(HttpServletResponse.class));
 	}
 
 	// Ensure it does not fail if TestSecurityContextHolder is not initialized
 	@Test
 	public void testSecurityContextNoContext() {
-		testSecurityContext().postProcessRequest(request);
+		testSecurityContext().postProcessRequest(this.request);
 
-		verify(repository, never()).saveContext(any(SecurityContext.class), eq(request),
+		verify(this.repository, never()).saveContext(any(SecurityContext.class), eq(this.request),
 				any(HttpServletResponse.class));
 	}
 
 	private void mockWebTestUtils() {
 		spy(WebTestUtils.class);
-		when(WebTestUtils.getSecurityContextRepository(request)).thenReturn(repository);
+		when(WebTestUtils.getSecurityContextRepository(this.request)).thenReturn(this.repository);
 	}
 
 }
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsUserDetailsTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsUserDetailsTests.java
index 51b55c84db..b3e27f1c96 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsUserDetailsTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsUserDetailsTests.java
@@ -63,7 +63,7 @@ public class SecurityMockMvcRequestPostProcessorsUserDetailsTests {
 
 	@Before
 	public void setup() {
-		request = new MockHttpServletRequest();
+		this.request = new MockHttpServletRequest();
 		mockWebTestUtils();
 	}
 
@@ -74,17 +74,18 @@ public class SecurityMockMvcRequestPostProcessorsUserDetailsTests {
 
 	@Test
 	public void userDetails() {
-		user(userDetails).postProcessRequest(request);
+		user(this.userDetails).postProcessRequest(this.request);
 
-		verify(repository).saveContext(contextCaptor.capture(), eq(request), any(HttpServletResponse.class));
-		SecurityContext context = contextCaptor.getValue();
+		verify(this.repository).saveContext(this.contextCaptor.capture(), eq(this.request),
+				any(HttpServletResponse.class));
+		SecurityContext context = this.contextCaptor.getValue();
 		assertThat(context.getAuthentication()).isInstanceOf(UsernamePasswordAuthenticationToken.class);
-		assertThat(context.getAuthentication().getPrincipal()).isSameAs(userDetails);
+		assertThat(context.getAuthentication().getPrincipal()).isSameAs(this.userDetails);
 	}
 
 	private void mockWebTestUtils() {
 		spy(WebTestUtils.class);
-		when(WebTestUtils.getSecurityContextRepository(request)).thenReturn(repository);
+		when(WebTestUtils.getSecurityContextRepository(this.request)).thenReturn(this.repository);
 	}
 
 }
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsUserTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsUserTests.java
index 1ea0c37353..3d3b4266ae 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsUserTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsUserTests.java
@@ -69,7 +69,7 @@ public class SecurityMockMvcRequestPostProcessorsUserTests {
 
 	@Before
 	public void setup() {
-		request = new MockHttpServletRequest();
+		this.request = new MockHttpServletRequest();
 		mockWebTestUtils();
 	}
 
@@ -82,10 +82,11 @@ public class SecurityMockMvcRequestPostProcessorsUserTests {
 	public void userWithDefaults() {
 		String username = "userabc";
 
-		user(username).postProcessRequest(request);
+		user(username).postProcessRequest(this.request);
 
-		verify(repository).saveContext(contextCaptor.capture(), eq(request), any(HttpServletResponse.class));
-		SecurityContext context = contextCaptor.getValue();
+		verify(this.repository).saveContext(this.contextCaptor.capture(), eq(this.request),
+				any(HttpServletResponse.class));
+		SecurityContext context = this.contextCaptor.getValue();
 		assertThat(context.getAuthentication()).isInstanceOf(UsernamePasswordAuthenticationToken.class);
 		assertThat(context.getAuthentication().getName()).isEqualTo(username);
 		assertThat(context.getAuthentication().getCredentials()).isEqualTo("password");
@@ -96,10 +97,11 @@ public class SecurityMockMvcRequestPostProcessorsUserTests {
 	public void userWithCustom() {
 		String username = "customuser";
 
-		user(username).roles("CUSTOM", "ADMIN").password("newpass").postProcessRequest(request);
+		user(username).roles("CUSTOM", "ADMIN").password("newpass").postProcessRequest(this.request);
 
-		verify(repository).saveContext(contextCaptor.capture(), eq(request), any(HttpServletResponse.class));
-		SecurityContext context = contextCaptor.getValue();
+		verify(this.repository).saveContext(this.contextCaptor.capture(), eq(this.request),
+				any(HttpServletResponse.class));
+		SecurityContext context = this.contextCaptor.getValue();
 		assertThat(context.getAuthentication()).isInstanceOf(UsernamePasswordAuthenticationToken.class);
 		assertThat(context.getAuthentication().getName()).isEqualTo(username);
 		assertThat(context.getAuthentication().getCredentials()).isEqualTo("newpass");
@@ -111,34 +113,36 @@ public class SecurityMockMvcRequestPostProcessorsUserTests {
 	public void userCustomAuthoritiesVarargs() {
 		String username = "customuser";
 
-		user(username).authorities(authority1, authority2).postProcessRequest(request);
+		user(username).authorities(this.authority1, this.authority2).postProcessRequest(this.request);
 
-		verify(repository).saveContext(contextCaptor.capture(), eq(request), any(HttpServletResponse.class));
-		SecurityContext context = contextCaptor.getValue();
-		assertThat((List<GrantedAuthority>) context.getAuthentication().getAuthorities()).containsOnly(authority1,
-				authority2);
+		verify(this.repository).saveContext(this.contextCaptor.capture(), eq(this.request),
+				any(HttpServletResponse.class));
+		SecurityContext context = this.contextCaptor.getValue();
+		assertThat((List<GrantedAuthority>) context.getAuthentication().getAuthorities()).containsOnly(this.authority1,
+				this.authority2);
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void userRolesWithRolePrefixErrors() {
-		user("user").roles("ROLE_INVALID").postProcessRequest(request);
+		user("user").roles("ROLE_INVALID").postProcessRequest(this.request);
 	}
 
 	@Test
 	public void userCustomAuthoritiesList() {
 		String username = "customuser";
 
-		user(username).authorities(Arrays.asList(authority1, authority2)).postProcessRequest(request);
+		user(username).authorities(Arrays.asList(this.authority1, this.authority2)).postProcessRequest(this.request);
 
-		verify(repository).saveContext(contextCaptor.capture(), eq(request), any(HttpServletResponse.class));
-		SecurityContext context = contextCaptor.getValue();
-		assertThat((List<GrantedAuthority>) context.getAuthentication().getAuthorities()).containsOnly(authority1,
-				authority2);
+		verify(this.repository).saveContext(this.contextCaptor.capture(), eq(this.request),
+				any(HttpServletResponse.class));
+		SecurityContext context = this.contextCaptor.getValue();
+		assertThat((List<GrantedAuthority>) context.getAuthentication().getAuthorities()).containsOnly(this.authority1,
+				this.authority2);
 	}
 
 	private void mockWebTestUtils() {
 		spy(WebTestUtils.class);
-		when(WebTestUtils.getSecurityContextRepository(request)).thenReturn(repository);
+		when(WebTestUtils.getSecurityContextRepository(this.request)).thenReturn(this.repository);
 	}
 
 }
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/response/SecurityMockWithAuthoritiesMvcResultMatchersTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/response/SecurityMockWithAuthoritiesMvcResultMatchersTests.java
index fd83a9a39d..799df7f5cb 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/response/SecurityMockWithAuthoritiesMvcResultMatchersTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/response/SecurityMockWithAuthoritiesMvcResultMatchersTests.java
@@ -57,7 +57,7 @@ public class SecurityMockWithAuthoritiesMvcResultMatchersTests {
 
 	@Before
 	public void setup() {
-		mockMvc = MockMvcBuilders.webAppContextSetup(context).apply(springSecurity()).build();
+		this.mockMvc = MockMvcBuilders.webAppContextSetup(this.context).apply(springSecurity()).build();
 	}
 
 	@Test
@@ -65,14 +65,14 @@ public class SecurityMockWithAuthoritiesMvcResultMatchersTests {
 		List<SimpleGrantedAuthority> grantedAuthorities = new ArrayList<>();
 		grantedAuthorities.add(new SimpleGrantedAuthority("ROLE_ADMIN"));
 		grantedAuthorities.add(new SimpleGrantedAuthority("ROLE_SELLER"));
-		mockMvc.perform(formLogin()).andExpect(authenticated().withAuthorities(grantedAuthorities));
+		this.mockMvc.perform(formLogin()).andExpect(authenticated().withAuthorities(grantedAuthorities));
 	}
 
 	@Test(expected = AssertionError.class)
 	public void withAuthoritiesFailsIfNotAllRoles() throws Exception {
 		List<SimpleGrantedAuthority> grantedAuthorities = new ArrayList<>();
 		grantedAuthorities.add(new SimpleGrantedAuthority("ROLE_ADMIN"));
-		mockMvc.perform(formLogin()).andExpect(authenticated().withAuthorities(grantedAuthorities));
+		this.mockMvc.perform(formLogin()).andExpect(authenticated().withAuthorities(grantedAuthorities));
 	}
 
 	@EnableWebSecurity
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/CsrfShowcaseTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/CsrfShowcaseTests.java
index 915ce34cbe..f6c42196ef 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/CsrfShowcaseTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/CsrfShowcaseTests.java
@@ -50,22 +50,22 @@ public class CsrfShowcaseTests {
 
 	@Before
 	public void setup() {
-		mvc = MockMvcBuilders.webAppContextSetup(context).apply(springSecurity()).build();
+		this.mvc = MockMvcBuilders.webAppContextSetup(this.context).apply(springSecurity()).build();
 	}
 
 	@Test
 	public void postWithCsrfWorks() throws Exception {
-		mvc.perform(post("/").with(csrf())).andExpect(status().isNotFound());
+		this.mvc.perform(post("/").with(csrf())).andExpect(status().isNotFound());
 	}
 
 	@Test
 	public void postWithCsrfWorksWithPut() throws Exception {
-		mvc.perform(put("/").with(csrf())).andExpect(status().isNotFound());
+		this.mvc.perform(put("/").with(csrf())).andExpect(status().isNotFound());
 	}
 
 	@Test
 	public void postWithNoCsrfForbidden() throws Exception {
-		mvc.perform(post("/")).andExpect(status().isForbidden());
+		this.mvc.perform(post("/")).andExpect(status().isForbidden());
 	}
 
 	@EnableWebSecurity
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/CustomCsrfShowcaseTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/CustomCsrfShowcaseTests.java
index 4fcc234014..711458b58f 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/CustomCsrfShowcaseTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/CustomCsrfShowcaseTests.java
@@ -57,18 +57,18 @@ public class CustomCsrfShowcaseTests {
 
 	@Before
 	public void setup() {
-		mvc = MockMvcBuilders.webAppContextSetup(context).defaultRequest(get("/").with(csrf())).apply(springSecurity())
-				.build();
+		this.mvc = MockMvcBuilders.webAppContextSetup(this.context).defaultRequest(get("/").with(csrf()))
+				.apply(springSecurity()).build();
 	}
 
 	@Test
 	public void postWithCsrfWorks() throws Exception {
-		mvc.perform(post("/").with(csrf())).andExpect(status().isNotFound());
+		this.mvc.perform(post("/").with(csrf())).andExpect(status().isNotFound());
 	}
 
 	@Test
 	public void postWithCsrfWorksWithPut() throws Exception {
-		mvc.perform(put("/").with(csrf())).andExpect(status().isNotFound());
+		this.mvc.perform(put("/").with(csrf())).andExpect(status().isNotFound());
 	}
 
 	@EnableWebSecurity
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/DefaultCsrfShowcaseTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/DefaultCsrfShowcaseTests.java
index 23dbaac5aa..634016c50c 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/DefaultCsrfShowcaseTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/DefaultCsrfShowcaseTests.java
@@ -51,18 +51,18 @@ public class DefaultCsrfShowcaseTests {
 
 	@Before
 	public void setup() {
-		mvc = MockMvcBuilders.webAppContextSetup(context).defaultRequest(get("/").with(csrf())).apply(springSecurity())
-				.build();
+		this.mvc = MockMvcBuilders.webAppContextSetup(this.context).defaultRequest(get("/").with(csrf()))
+				.apply(springSecurity()).build();
 	}
 
 	@Test
 	public void postWithCsrfWorks() throws Exception {
-		mvc.perform(post("/")).andExpect(status().isNotFound());
+		this.mvc.perform(post("/")).andExpect(status().isNotFound());
 	}
 
 	@Test
 	public void postWithCsrfWorksWithPut() throws Exception {
-		mvc.perform(put("/")).andExpect(status().isNotFound());
+		this.mvc.perform(put("/")).andExpect(status().isNotFound());
 	}
 
 	@EnableWebSecurity
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/AuthenticationTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/AuthenticationTests.java
index a243e28125..e76bcc76c9 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/AuthenticationTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/AuthenticationTests.java
@@ -57,30 +57,30 @@ public class AuthenticationTests {
 
 	@Before
 	public void setup() {
-		mvc = MockMvcBuilders.webAppContextSetup(context).apply(springSecurity())
+		this.mvc = MockMvcBuilders.webAppContextSetup(this.context).apply(springSecurity())
 				.defaultRequest(get("/").accept(MediaType.TEXT_HTML)).build();
 	}
 
 	@Test
 	public void requiresAuthentication() throws Exception {
-		mvc.perform(get("/")).andExpect(status().isFound());
+		this.mvc.perform(get("/")).andExpect(status().isFound());
 	}
 
 	@Test
 	public void httpBasicAuthenticationSuccess() throws Exception {
-		mvc.perform(get("/secured/butnotfound").with(httpBasic("user", "password"))).andExpect(status().isNotFound())
-				.andExpect(authenticated().withUsername("user"));
+		this.mvc.perform(get("/secured/butnotfound").with(httpBasic("user", "password")))
+				.andExpect(status().isNotFound()).andExpect(authenticated().withUsername("user"));
 	}
 
 	@Test
 	public void authenticationSuccess() throws Exception {
-		mvc.perform(formLogin()).andExpect(status().isFound()).andExpect(redirectedUrl("/"))
+		this.mvc.perform(formLogin()).andExpect(status().isFound()).andExpect(redirectedUrl("/"))
 				.andExpect(authenticated().withUsername("user"));
 	}
 
 	@Test
 	public void authenticationFailed() throws Exception {
-		mvc.perform(formLogin().user("user").password("invalid")).andExpect(status().isFound())
+		this.mvc.perform(formLogin().user("user").password("invalid")).andExpect(status().isFound())
 				.andExpect(redirectedUrl("/login?error")).andExpect(unauthenticated());
 	}
 
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomConfigAuthenticationTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomConfigAuthenticationTests.java
index b9af354c9f..60c13fb06e 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomConfigAuthenticationTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomConfigAuthenticationTests.java
@@ -62,25 +62,25 @@ public class CustomConfigAuthenticationTests {
 
 	@Before
 	public void setup() {
-		mvc = MockMvcBuilders.webAppContextSetup(context).apply(springSecurity()).build();
+		this.mvc = MockMvcBuilders.webAppContextSetup(this.context).apply(springSecurity()).build();
 	}
 
 	@Test
 	public void authenticationSuccess() throws Exception {
-		mvc.perform(formLogin("/authenticate").user("user", "user").password("pass", "password"))
+		this.mvc.perform(formLogin("/authenticate").user("user", "user").password("pass", "password"))
 				.andExpect(status().isFound()).andExpect(redirectedUrl("/"))
 				.andExpect(authenticated().withUsername("user"));
 	}
 
 	@Test
 	public void withUserSuccess() throws Exception {
-		mvc.perform(get("/").with(user("user"))).andExpect(status().isNotFound())
+		this.mvc.perform(get("/").with(user("user"))).andExpect(status().isNotFound())
 				.andExpect(authenticated().withUsername("user"));
 	}
 
 	@Test
 	public void authenticationFailed() throws Exception {
-		mvc.perform(formLogin("/authenticate").user("user", "notfound").password("pass", "invalid"))
+		this.mvc.perform(formLogin("/authenticate").user("user", "notfound").password("pass", "invalid"))
 				.andExpect(status().isFound()).andExpect(redirectedUrl("/authenticate?error"))
 				.andExpect(unauthenticated());
 	}
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomLoginRequestBuilderAuthenticationTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomLoginRequestBuilderAuthenticationTests.java
index 4d6f952653..e5a35f2e59 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomLoginRequestBuilderAuthenticationTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomLoginRequestBuilderAuthenticationTests.java
@@ -56,18 +56,18 @@ public class CustomLoginRequestBuilderAuthenticationTests {
 
 	@Before
 	public void setup() {
-		mvc = MockMvcBuilders.webAppContextSetup(context).apply(springSecurity()).build();
+		this.mvc = MockMvcBuilders.webAppContextSetup(this.context).apply(springSecurity()).build();
 	}
 
 	@Test
 	public void authenticationSuccess() throws Exception {
-		mvc.perform(login()).andExpect(status().isFound()).andExpect(redirectedUrl("/"))
+		this.mvc.perform(login()).andExpect(status().isFound()).andExpect(redirectedUrl("/"))
 				.andExpect(authenticated().withUsername("user"));
 	}
 
 	@Test
 	public void authenticationFailed() throws Exception {
-		mvc.perform(login().user("notfound").password("invalid")).andExpect(status().isFound())
+		this.mvc.perform(login().user("notfound").password("invalid")).andExpect(status().isFound())
 				.andExpect(redirectedUrl("/authenticate?error")).andExpect(unauthenticated());
 	}
 
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/DefaultfSecurityRequestsTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/DefaultfSecurityRequestsTests.java
index 1cd16f57a1..4cb445cc87 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/DefaultfSecurityRequestsTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/DefaultfSecurityRequestsTests.java
@@ -52,13 +52,13 @@ public class DefaultfSecurityRequestsTests {
 
 	@Before
 	public void setup() {
-		mvc = MockMvcBuilders.webAppContextSetup(context).defaultRequest(get("/").with(user("user").roles("ADMIN")))
-				.apply(springSecurity()).build();
+		this.mvc = MockMvcBuilders.webAppContextSetup(this.context)
+				.defaultRequest(get("/").with(user("user").roles("ADMIN"))).apply(springSecurity()).build();
 	}
 
 	@Test
 	public void requestProtectedUrlWithUser() throws Exception {
-		mvc.perform(get("/"))
+		this.mvc.perform(get("/"))
 				// Ensure we got past Security
 				.andExpect(status().isNotFound())
 				// Ensure it appears we are authenticated with user
@@ -67,7 +67,7 @@ public class DefaultfSecurityRequestsTests {
 
 	@Test
 	public void requestProtectedUrlWithAdmin() throws Exception {
-		mvc.perform(get("/admin"))
+		this.mvc.perform(get("/admin"))
 				// Ensure we got past Security
 				.andExpect(status().isNotFound())
 				// Ensure it appears we are authenticated with user
@@ -76,7 +76,7 @@ public class DefaultfSecurityRequestsTests {
 
 	@Test
 	public void requestProtectedUrlWithAnonymous() throws Exception {
-		mvc.perform(get("/admin").with(anonymous()))
+		this.mvc.perform(get("/admin").with(anonymous()))
 				// Ensure we got past Security
 				.andExpect(status().isUnauthorized())
 				// Ensure it appears we are authenticated with user
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/SecurityRequestsTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/SecurityRequestsTests.java
index 89d9fdfb79..50bd8bdaff 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/SecurityRequestsTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/SecurityRequestsTests.java
@@ -59,12 +59,12 @@ public class SecurityRequestsTests {
 
 	@Before
 	public void setup() {
-		mvc = MockMvcBuilders.webAppContextSetup(context).apply(springSecurity()).build();
+		this.mvc = MockMvcBuilders.webAppContextSetup(this.context).apply(springSecurity()).build();
 	}
 
 	@Test
 	public void requestProtectedUrlWithUser() throws Exception {
-		mvc.perform(get("/").with(user("user")))
+		this.mvc.perform(get("/").with(user("user")))
 				// Ensure we got past Security
 				.andExpect(status().isNotFound())
 				// Ensure it appears we are authenticated with user
@@ -73,7 +73,7 @@ public class SecurityRequestsTests {
 
 	@Test
 	public void requestProtectedUrlWithAdmin() throws Exception {
-		mvc.perform(get("/admin").with(user("admin").roles("ADMIN")))
+		this.mvc.perform(get("/admin").with(user("admin").roles("ADMIN")))
 				// Ensure we got past Security
 				.andExpect(status().isNotFound())
 				// Ensure it appears we are authenticated with admin
@@ -82,8 +82,8 @@ public class SecurityRequestsTests {
 
 	@Test
 	public void requestProtectedUrlWithUserDetails() throws Exception {
-		UserDetails user = userDetailsService.loadUserByUsername("user");
-		mvc.perform(get("/").with(user(user)))
+		UserDetails user = this.userDetailsService.loadUserByUsername("user");
+		this.mvc.perform(get("/").with(user(user)))
 				// Ensure we got past Security
 				.andExpect(status().isNotFound())
 				// Ensure it appears we are authenticated with user
@@ -93,7 +93,7 @@ public class SecurityRequestsTests {
 	@Test
 	public void requestProtectedUrlWithAuthentication() throws Exception {
 		Authentication authentication = new TestingAuthenticationToken("test", "notused", "ROLE_USER");
-		mvc.perform(get("/").with(authentication(authentication)))
+		this.mvc.perform(get("/").with(authentication(authentication)))
 				// Ensure we got past Security
 				.andExpect(status().isNotFound())
 				// Ensure it appears we are authenticated with user
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserAuthenticationTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserAuthenticationTests.java
index 54e85ba39d..528200ca45 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserAuthenticationTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserAuthenticationTests.java
@@ -50,13 +50,14 @@ public class WithUserAuthenticationTests {
 
 	@Before
 	public void setup() {
-		mvc = MockMvcBuilders.webAppContextSetup(context).apply(SecurityMockMvcConfigurers.springSecurity()).build();
+		this.mvc = MockMvcBuilders.webAppContextSetup(this.context).apply(SecurityMockMvcConfigurers.springSecurity())
+				.build();
 	}
 
 	@Test
 	@WithMockUser
 	public void requestProtectedUrlWithUser() throws Exception {
-		mvc.perform(get("/"))
+		this.mvc.perform(get("/"))
 				// Ensure we got past Security
 				.andExpect(status().isNotFound())
 				// Ensure it appears we are authenticated with user
@@ -66,7 +67,7 @@ public class WithUserAuthenticationTests {
 	@Test
 	@WithAdminRob
 	public void requestProtectedUrlWithAdminRob() throws Exception {
-		mvc.perform(get("/"))
+		this.mvc.perform(get("/"))
 				// Ensure we got past Security
 				.andExpect(status().isNotFound())
 				// Ensure it appears we are authenticated with user
@@ -76,7 +77,7 @@ public class WithUserAuthenticationTests {
 	@Test
 	@WithMockUser(roles = "ADMIN")
 	public void requestProtectedUrlWithAdmin() throws Exception {
-		mvc.perform(get("/admin"))
+		this.mvc.perform(get("/admin"))
 				// Ensure we got past Security
 				.andExpect(status().isNotFound())
 				// Ensure it appears we are authenticated with user
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserClassLevelAuthenticationTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserClassLevelAuthenticationTests.java
index 1c8b3c8ef6..9fd8215748 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserClassLevelAuthenticationTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserClassLevelAuthenticationTests.java
@@ -53,12 +53,12 @@ public class WithUserClassLevelAuthenticationTests {
 
 	@Before
 	public void setup() {
-		mvc = MockMvcBuilders.webAppContextSetup(context).apply(springSecurity()).build();
+		this.mvc = MockMvcBuilders.webAppContextSetup(this.context).apply(springSecurity()).build();
 	}
 
 	@Test
 	public void requestProtectedUrlWithUser() throws Exception {
-		mvc.perform(get("/"))
+		this.mvc.perform(get("/"))
 				// Ensure we got past Security
 				.andExpect(status().isNotFound())
 				// Ensure it appears we are authenticated with user
@@ -67,7 +67,7 @@ public class WithUserClassLevelAuthenticationTests {
 
 	@Test
 	public void requestProtectedUrlWithAdmin() throws Exception {
-		mvc.perform(get("/admin"))
+		this.mvc.perform(get("/admin"))
 				// Ensure we got past Security
 				.andExpect(status().isNotFound())
 				// Ensure it appears we are authenticated with user
@@ -77,7 +77,7 @@ public class WithUserClassLevelAuthenticationTests {
 	@Test
 	@WithAnonymousUser
 	public void requestProtectedUrlWithAnonymous() throws Exception {
-		mvc.perform(get("/"))
+		this.mvc.perform(get("/"))
 				// Ensure did not get past security
 				.andExpect(status().isUnauthorized())
 				// Ensure not authenticated
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserDetailsAuthenticationTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserDetailsAuthenticationTests.java
index 2c242fcf7e..d66a60472d 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserDetailsAuthenticationTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserDetailsAuthenticationTests.java
@@ -52,13 +52,13 @@ public class WithUserDetailsAuthenticationTests {
 
 	@Before
 	public void setup() {
-		mvc = MockMvcBuilders.webAppContextSetup(context).apply(springSecurity()).build();
+		this.mvc = MockMvcBuilders.webAppContextSetup(this.context).apply(springSecurity()).build();
 	}
 
 	@Test
 	@WithUserDetails
 	public void requestProtectedUrlWithUser() throws Exception {
-		mvc.perform(get("/"))
+		this.mvc.perform(get("/"))
 				// Ensure we got past Security
 				.andExpect(status().isNotFound())
 				// Ensure it appears we are authenticated with user
@@ -68,7 +68,7 @@ public class WithUserDetailsAuthenticationTests {
 	@Test
 	@WithUserDetails("admin")
 	public void requestProtectedUrlWithAdmin() throws Exception {
-		mvc.perform(get("/admin"))
+		this.mvc.perform(get("/admin"))
 				// Ensure we got past Security
 				.andExpect(status().isNotFound())
 				// Ensure it appears we are authenticated with user
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserDetailsClassLevelAuthenticationTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserDetailsClassLevelAuthenticationTests.java
index 41d52a8529..b52a0b4d0d 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserDetailsClassLevelAuthenticationTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserDetailsClassLevelAuthenticationTests.java
@@ -53,12 +53,12 @@ public class WithUserDetailsClassLevelAuthenticationTests {
 
 	@Before
 	public void setup() {
-		mvc = MockMvcBuilders.webAppContextSetup(context).apply(springSecurity()).build();
+		this.mvc = MockMvcBuilders.webAppContextSetup(this.context).apply(springSecurity()).build();
 	}
 
 	@Test
 	public void requestRootUrlWithAdmin() throws Exception {
-		mvc.perform(get("/"))
+		this.mvc.perform(get("/"))
 				// Ensure we got past Security
 				.andExpect(status().isNotFound())
 				// Ensure it appears we are authenticated with user
@@ -67,7 +67,7 @@ public class WithUserDetailsClassLevelAuthenticationTests {
 
 	@Test
 	public void requestProtectedUrlWithAdmin() throws Exception {
-		mvc.perform(get("/admin"))
+		this.mvc.perform(get("/admin"))
 				// Ensure we got past Security
 				.andExpect(status().isNotFound())
 				// Ensure it appears we are authenticated with user
diff --git a/web/src/main/java/org/springframework/security/web/DefaultRedirectStrategy.java b/web/src/main/java/org/springframework/security/web/DefaultRedirectStrategy.java
index b995357de3..13bab7101d 100644
--- a/web/src/main/java/org/springframework/security/web/DefaultRedirectStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/DefaultRedirectStrategy.java
@@ -50,8 +50,8 @@ public class DefaultRedirectStrategy implements RedirectStrategy {
 		String redirectUrl = calculateRedirectUrl(request.getContextPath(), url);
 		redirectUrl = response.encodeRedirectURL(redirectUrl);
 
-		if (logger.isDebugEnabled()) {
-			logger.debug("Redirecting to '" + redirectUrl + "'");
+		if (this.logger.isDebugEnabled()) {
+			this.logger.debug("Redirecting to '" + redirectUrl + "'");
 		}
 
 		response.sendRedirect(redirectUrl);
@@ -102,7 +102,7 @@ public class DefaultRedirectStrategy implements RedirectStrategy {
 	 * protocol and context path (defaults to <tt>false</tt>).
 	 */
 	protected boolean isContextRelative() {
-		return contextRelative;
+		return this.contextRelative;
 	}
 
 }
diff --git a/web/src/main/java/org/springframework/security/web/DefaultSecurityFilterChain.java b/web/src/main/java/org/springframework/security/web/DefaultSecurityFilterChain.java
index 8b564650f4..76eeaa1c8b 100644
--- a/web/src/main/java/org/springframework/security/web/DefaultSecurityFilterChain.java
+++ b/web/src/main/java/org/springframework/security/web/DefaultSecurityFilterChain.java
@@ -52,20 +52,20 @@ public final class DefaultSecurityFilterChain implements SecurityFilterChain {
 	}
 
 	public RequestMatcher getRequestMatcher() {
-		return requestMatcher;
+		return this.requestMatcher;
 	}
 
 	public List<Filter> getFilters() {
-		return filters;
+		return this.filters;
 	}
 
 	public boolean matches(HttpServletRequest request) {
-		return requestMatcher.matches(request);
+		return this.requestMatcher.matches(request);
 	}
 
 	@Override
 	public String toString() {
-		return "[ " + requestMatcher + ", " + filters + "]";
+		return "[ " + this.requestMatcher + ", " + this.filters + "]";
 	}
 
 }
diff --git a/web/src/main/java/org/springframework/security/web/FilterChainProxy.java b/web/src/main/java/org/springframework/security/web/FilterChainProxy.java
index 54cf8b3778..4758a34a65 100644
--- a/web/src/main/java/org/springframework/security/web/FilterChainProxy.java
+++ b/web/src/main/java/org/springframework/security/web/FilterChainProxy.java
@@ -166,7 +166,7 @@ public class FilterChainProxy extends GenericFilterBean {
 
 	@Override
 	public void afterPropertiesSet() {
-		filterChainValidator.validate(this);
+		this.filterChainValidator.validate(this);
 	}
 
 	@Override
@@ -194,8 +194,8 @@ public class FilterChainProxy extends GenericFilterBean {
 	private void doFilterInternal(ServletRequest request, ServletResponse response, FilterChain chain)
 			throws IOException, ServletException {
 
-		FirewalledRequest fwRequest = firewall.getFirewalledRequest((HttpServletRequest) request);
-		HttpServletResponse fwResponse = firewall.getFirewalledResponse((HttpServletResponse) response);
+		FirewalledRequest fwRequest = this.firewall.getFirewalledRequest((HttpServletRequest) request);
+		HttpServletResponse fwResponse = this.firewall.getFirewalledResponse((HttpServletResponse) response);
 
 		List<Filter> filters = getFilters(fwRequest);
 
@@ -222,7 +222,7 @@ public class FilterChainProxy extends GenericFilterBean {
 	 * @return an ordered array of Filters defining the filter chain
 	 */
 	private List<Filter> getFilters(HttpServletRequest request) {
-		for (SecurityFilterChain chain : filterChains) {
+		for (SecurityFilterChain chain : this.filterChains) {
 			if (chain.matches(request)) {
 				return chain.getFilters();
 			}
@@ -237,7 +237,7 @@ public class FilterChainProxy extends GenericFilterBean {
 	 * @return matching filter list
 	 */
 	public List<Filter> getFilters(String url) {
-		return getFilters(firewall.getFirewalledRequest((new FilterInvocation(url, "GET").getRequest())));
+		return getFilters(this.firewall.getFirewalledRequest((new FilterInvocation(url, "GET").getRequest())));
 	}
 
 	/**
@@ -245,7 +245,7 @@ public class FilterChainProxy extends GenericFilterBean {
 	 * applied to incoming requests.
 	 */
 	public List<SecurityFilterChain> getFilterChains() {
-		return Collections.unmodifiableList(filterChains);
+		return Collections.unmodifiableList(this.filterChains);
 	}
 
 	/**
@@ -284,7 +284,7 @@ public class FilterChainProxy extends GenericFilterBean {
 		StringBuilder sb = new StringBuilder();
 		sb.append("FilterChainProxy[");
 		sb.append("Filter Chains: ");
-		sb.append(filterChains);
+		sb.append(this.filterChains);
 		sb.append("]");
 
 		return sb.toString();
@@ -316,26 +316,27 @@ public class FilterChainProxy extends GenericFilterBean {
 
 		@Override
 		public void doFilter(ServletRequest request, ServletResponse response) throws IOException, ServletException {
-			if (currentPosition == size) {
+			if (this.currentPosition == this.size) {
 				if (logger.isDebugEnabled()) {
-					logger.debug(UrlUtils.buildRequestUrl(firewalledRequest)
+					logger.debug(UrlUtils.buildRequestUrl(this.firewalledRequest)
 							+ " reached end of additional filter chain; proceeding with original chain");
 				}
 
 				// Deactivate path stripping as we exit the security filter chain
 				this.firewalledRequest.reset();
 
-				originalChain.doFilter(request, response);
+				this.originalChain.doFilter(request, response);
 			}
 			else {
-				currentPosition++;
+				this.currentPosition++;
 
-				Filter nextFilter = additionalFilters.get(currentPosition - 1);
+				Filter nextFilter = this.additionalFilters.get(this.currentPosition - 1);
 
 				if (logger.isDebugEnabled()) {
-					logger.debug(UrlUtils.buildRequestUrl(firewalledRequest) + " at position " + currentPosition
-							+ " of " + size + " in additional filter chain; firing Filter: '"
-							+ nextFilter.getClass().getSimpleName() + "'");
+					logger.debug(
+							UrlUtils.buildRequestUrl(this.firewalledRequest) + " at position " + this.currentPosition
+									+ " of " + this.size + " in additional filter chain; firing Filter: '"
+									+ nextFilter.getClass().getSimpleName() + "'");
 				}
 
 				nextFilter.doFilter(request, response, this);
diff --git a/web/src/main/java/org/springframework/security/web/PortResolverImpl.java b/web/src/main/java/org/springframework/security/web/PortResolverImpl.java
index 5ad6ba791c..0f576789bb 100644
--- a/web/src/main/java/org/springframework/security/web/PortResolverImpl.java
+++ b/web/src/main/java/org/springframework/security/web/PortResolverImpl.java
@@ -39,7 +39,7 @@ public class PortResolverImpl implements PortResolver {
 	private PortMapper portMapper = new PortMapperImpl();
 
 	public PortMapper getPortMapper() {
-		return portMapper;
+		return this.portMapper;
 	}
 
 	public int getServerPort(ServletRequest request) {
@@ -49,11 +49,11 @@ public class PortResolverImpl implements PortResolver {
 		String scheme = request.getScheme().toLowerCase();
 
 		if ("http".equals(scheme)) {
-			portLookup = portMapper.lookupHttpPort(serverPort);
+			portLookup = this.portMapper.lookupHttpPort(serverPort);
 
 		}
 		else if ("https".equals(scheme)) {
-			portLookup = portMapper.lookupHttpsPort(serverPort);
+			portLookup = this.portMapper.lookupHttpsPort(serverPort);
 		}
 
 		if (portLookup != null) {
diff --git a/web/src/main/java/org/springframework/security/web/access/AccessDeniedHandlerImpl.java b/web/src/main/java/org/springframework/security/web/access/AccessDeniedHandlerImpl.java
index b5376ea9a4..225debefa8 100644
--- a/web/src/main/java/org/springframework/security/web/access/AccessDeniedHandlerImpl.java
+++ b/web/src/main/java/org/springframework/security/web/access/AccessDeniedHandlerImpl.java
@@ -52,7 +52,7 @@ public class AccessDeniedHandlerImpl implements AccessDeniedHandler {
 	public void handle(HttpServletRequest request, HttpServletResponse response,
 			AccessDeniedException accessDeniedException) throws IOException, ServletException {
 		if (!response.isCommitted()) {
-			if (errorPage != null) {
+			if (this.errorPage != null) {
 				// Put exception into request scope (perhaps of use to a view)
 				request.setAttribute(WebAttributes.ACCESS_DENIED_403, accessDeniedException);
 
@@ -60,7 +60,7 @@ public class AccessDeniedHandlerImpl implements AccessDeniedHandler {
 				response.setStatus(HttpStatus.FORBIDDEN.value());
 
 				// forward to error page.
-				RequestDispatcher dispatcher = request.getRequestDispatcher(errorPage);
+				RequestDispatcher dispatcher = request.getRequestDispatcher(this.errorPage);
 				dispatcher.forward(request, response);
 			}
 			else {
diff --git a/web/src/main/java/org/springframework/security/web/access/DefaultWebInvocationPrivilegeEvaluator.java b/web/src/main/java/org/springframework/security/web/access/DefaultWebInvocationPrivilegeEvaluator.java
index 87c81ddf14..15c54568aa 100644
--- a/web/src/main/java/org/springframework/security/web/access/DefaultWebInvocationPrivilegeEvaluator.java
+++ b/web/src/main/java/org/springframework/security/web/access/DefaultWebInvocationPrivilegeEvaluator.java
@@ -82,10 +82,10 @@ public class DefaultWebInvocationPrivilegeEvaluator implements WebInvocationPriv
 		Assert.notNull(uri, "uri parameter is required");
 
 		FilterInvocation fi = new FilterInvocation(contextPath, uri, method);
-		Collection<ConfigAttribute> attrs = securityInterceptor.obtainSecurityMetadataSource().getAttributes(fi);
+		Collection<ConfigAttribute> attrs = this.securityInterceptor.obtainSecurityMetadataSource().getAttributes(fi);
 
 		if (attrs == null) {
-			if (securityInterceptor.isRejectPublicInvocations()) {
+			if (this.securityInterceptor.isRejectPublicInvocations()) {
 				return false;
 			}
 
@@ -97,7 +97,7 @@ public class DefaultWebInvocationPrivilegeEvaluator implements WebInvocationPriv
 		}
 
 		try {
-			securityInterceptor.getAccessDecisionManager().decide(authentication, fi, attrs);
+			this.securityInterceptor.getAccessDecisionManager().decide(authentication, fi, attrs);
 		}
 		catch (AccessDeniedException unauthorized) {
 			if (logger.isDebugEnabled()) {
diff --git a/web/src/main/java/org/springframework/security/web/access/DelegatingAccessDeniedHandler.java b/web/src/main/java/org/springframework/security/web/access/DelegatingAccessDeniedHandler.java
index 812edbcd92..438fda55fa 100644
--- a/web/src/main/java/org/springframework/security/web/access/DelegatingAccessDeniedHandler.java
+++ b/web/src/main/java/org/springframework/security/web/access/DelegatingAccessDeniedHandler.java
@@ -60,7 +60,7 @@ public final class DelegatingAccessDeniedHandler implements AccessDeniedHandler
 
 	public void handle(HttpServletRequest request, HttpServletResponse response,
 			AccessDeniedException accessDeniedException) throws IOException, ServletException {
-		for (Entry<Class<? extends AccessDeniedException>, AccessDeniedHandler> entry : handlers.entrySet()) {
+		for (Entry<Class<? extends AccessDeniedException>, AccessDeniedHandler> entry : this.handlers.entrySet()) {
 			Class<? extends AccessDeniedException> handlerClass = entry.getKey();
 			if (handlerClass.isAssignableFrom(accessDeniedException.getClass())) {
 				AccessDeniedHandler handler = entry.getValue();
@@ -68,7 +68,7 @@ public final class DelegatingAccessDeniedHandler implements AccessDeniedHandler
 				return;
 			}
 		}
-		defaultHandler.handle(request, response, accessDeniedException);
+		this.defaultHandler.handle(request, response, accessDeniedException);
 	}
 
 }
diff --git a/web/src/main/java/org/springframework/security/web/access/ExceptionTranslationFilter.java b/web/src/main/java/org/springframework/security/web/access/ExceptionTranslationFilter.java
index a006882889..17460feda6 100644
--- a/web/src/main/java/org/springframework/security/web/access/ExceptionTranslationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/access/ExceptionTranslationFilter.java
@@ -102,7 +102,7 @@ public class ExceptionTranslationFilter extends GenericFilterBean {
 
 	@Override
 	public void afterPropertiesSet() {
-		Assert.notNull(authenticationEntryPoint, "authenticationEntryPoint must be specified");
+		Assert.notNull(this.authenticationEntryPoint, "authenticationEntryPoint must be specified");
 	}
 
 	public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
@@ -113,20 +113,20 @@ public class ExceptionTranslationFilter extends GenericFilterBean {
 		try {
 			chain.doFilter(request, response);
 
-			logger.debug("Chain processed normally");
+			this.logger.debug("Chain processed normally");
 		}
 		catch (IOException ex) {
 			throw ex;
 		}
 		catch (Exception ex) {
 			// Try to extract a SpringSecurityException from the stacktrace
-			Throwable[] causeChain = throwableAnalyzer.determineCauseChain(ex);
-			RuntimeException ase = (AuthenticationException) throwableAnalyzer
+			Throwable[] causeChain = this.throwableAnalyzer.determineCauseChain(ex);
+			RuntimeException ase = (AuthenticationException) this.throwableAnalyzer
 					.getFirstThrowableOfType(AuthenticationException.class, causeChain);
 
 			if (ase == null) {
-				ase = (AccessDeniedException) throwableAnalyzer.getFirstThrowableOfType(AccessDeniedException.class,
-						causeChain);
+				ase = (AccessDeniedException) this.throwableAnalyzer
+						.getFirstThrowableOfType(AccessDeniedException.class, causeChain);
 			}
 
 			if (ase != null) {
@@ -154,37 +154,41 @@ public class ExceptionTranslationFilter extends GenericFilterBean {
 	}
 
 	public AuthenticationEntryPoint getAuthenticationEntryPoint() {
-		return authenticationEntryPoint;
+		return this.authenticationEntryPoint;
 	}
 
 	protected AuthenticationTrustResolver getAuthenticationTrustResolver() {
-		return authenticationTrustResolver;
+		return this.authenticationTrustResolver;
 	}
 
 	private void handleSpringSecurityException(HttpServletRequest request, HttpServletResponse response,
 			FilterChain chain, RuntimeException exception) throws IOException, ServletException {
 		if (exception instanceof AuthenticationException) {
-			logger.debug("Authentication exception occurred; redirecting to authentication entry point", exception);
+			this.logger.debug("Authentication exception occurred; redirecting to authentication entry point",
+					exception);
 
 			sendStartAuthentication(request, response, chain, (AuthenticationException) exception);
 		}
 		else if (exception instanceof AccessDeniedException) {
 			Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
-			if (authenticationTrustResolver.isAnonymous(authentication)
-					|| authenticationTrustResolver.isRememberMe(authentication)) {
-				logger.debug("Access is denied (user is " + (authenticationTrustResolver.isAnonymous(authentication)
-						? "anonymous" : "not fully authenticated") + "); redirecting to authentication entry point",
+			if (this.authenticationTrustResolver.isAnonymous(authentication)
+					|| this.authenticationTrustResolver.isRememberMe(authentication)) {
+				this.logger.debug(
+						"Access is denied (user is " + (this.authenticationTrustResolver.isAnonymous(authentication)
+								? "anonymous" : "not fully authenticated")
+								+ "); redirecting to authentication entry point",
 						exception);
 
 				sendStartAuthentication(request, response, chain,
 						new InsufficientAuthenticationException(
-								messages.getMessage("ExceptionTranslationFilter.insufficientAuthentication",
+								this.messages.getMessage("ExceptionTranslationFilter.insufficientAuthentication",
 										"Full authentication is required to access this resource")));
 			}
 			else {
-				logger.debug("Access is denied (user is not anonymous); delegating to AccessDeniedHandler", exception);
+				this.logger.debug("Access is denied (user is not anonymous); delegating to AccessDeniedHandler",
+						exception);
 
-				accessDeniedHandler.handle(request, response, (AccessDeniedException) exception);
+				this.accessDeniedHandler.handle(request, response, (AccessDeniedException) exception);
 			}
 		}
 	}
@@ -194,9 +198,9 @@ public class ExceptionTranslationFilter extends GenericFilterBean {
 		// SEC-112: Clear the SecurityContextHolder's Authentication, as the
 		// existing Authentication is no longer considered valid
 		SecurityContextHolder.getContext().setAuthentication(null);
-		requestCache.saveRequest(request, response);
-		logger.debug("Calling Authentication entry point.");
-		authenticationEntryPoint.commence(request, response, reason);
+		this.requestCache.saveRequest(request, response);
+		this.logger.debug("Calling Authentication entry point.");
+		this.authenticationEntryPoint.commence(request, response, reason);
 	}
 
 	public void setAccessDeniedHandler(AccessDeniedHandler accessDeniedHandler) {
diff --git a/web/src/main/java/org/springframework/security/web/access/RequestMatcherDelegatingAccessDeniedHandler.java b/web/src/main/java/org/springframework/security/web/access/RequestMatcherDelegatingAccessDeniedHandler.java
index 06888c3f3a..a79a0c2aea 100644
--- a/web/src/main/java/org/springframework/security/web/access/RequestMatcherDelegatingAccessDeniedHandler.java
+++ b/web/src/main/java/org/springframework/security/web/access/RequestMatcherDelegatingAccessDeniedHandler.java
@@ -68,7 +68,7 @@ public final class RequestMatcherDelegatingAccessDeniedHandler implements Access
 				return;
 			}
 		}
-		defaultHandler.handle(request, response, accessDeniedException);
+		this.defaultHandler.handle(request, response, accessDeniedException);
 	}
 
 }
diff --git a/web/src/main/java/org/springframework/security/web/access/channel/AbstractRetryEntryPoint.java b/web/src/main/java/org/springframework/security/web/access/channel/AbstractRetryEntryPoint.java
index 7c1c111b4e..56a21c98f6 100644
--- a/web/src/main/java/org/springframework/security/web/access/channel/AbstractRetryEntryPoint.java
+++ b/web/src/main/java/org/springframework/security/web/access/channel/AbstractRetryEntryPoint.java
@@ -59,26 +59,27 @@ public abstract class AbstractRetryEntryPoint implements ChannelEntryPoint {
 		String queryString = request.getQueryString();
 		String redirectUrl = request.getRequestURI() + ((queryString == null) ? "" : ("?" + queryString));
 
-		Integer currentPort = portResolver.getServerPort(request);
+		Integer currentPort = this.portResolver.getServerPort(request);
 		Integer redirectPort = getMappedPort(currentPort);
 
 		if (redirectPort != null) {
-			boolean includePort = redirectPort != standardPort;
+			boolean includePort = redirectPort != this.standardPort;
 
-			redirectUrl = scheme + request.getServerName() + ((includePort) ? (":" + redirectPort) : "") + redirectUrl;
+			redirectUrl = this.scheme + request.getServerName() + ((includePort) ? (":" + redirectPort) : "")
+					+ redirectUrl;
 		}
 
-		if (logger.isDebugEnabled()) {
-			logger.debug("Redirecting to: " + redirectUrl);
+		if (this.logger.isDebugEnabled()) {
+			this.logger.debug("Redirecting to: " + redirectUrl);
 		}
 
-		redirectStrategy.sendRedirect(request, response, redirectUrl);
+		this.redirectStrategy.sendRedirect(request, response, redirectUrl);
 	}
 
 	protected abstract Integer getMappedPort(Integer mapFromPort);
 
 	protected final PortMapper getPortMapper() {
-		return portMapper;
+		return this.portMapper;
 	}
 
 	public void setPortMapper(PortMapper portMapper) {
@@ -92,7 +93,7 @@ public abstract class AbstractRetryEntryPoint implements ChannelEntryPoint {
 	}
 
 	protected final PortResolver getPortResolver() {
-		return portResolver;
+		return this.portResolver;
 	}
 
 	/**
@@ -106,7 +107,7 @@ public abstract class AbstractRetryEntryPoint implements ChannelEntryPoint {
 	}
 
 	protected final RedirectStrategy getRedirectStrategy() {
-		return redirectStrategy;
+		return this.redirectStrategy;
 	}
 
 }
diff --git a/web/src/main/java/org/springframework/security/web/access/channel/ChannelDecisionManagerImpl.java b/web/src/main/java/org/springframework/security/web/access/channel/ChannelDecisionManagerImpl.java
index a07bee1ef4..18014dfaa9 100644
--- a/web/src/main/java/org/springframework/security/web/access/channel/ChannelDecisionManagerImpl.java
+++ b/web/src/main/java/org/springframework/security/web/access/channel/ChannelDecisionManagerImpl.java
@@ -52,7 +52,7 @@ public class ChannelDecisionManagerImpl implements ChannelDecisionManager, Initi
 	private List<ChannelProcessor> channelProcessors;
 
 	public void afterPropertiesSet() {
-		Assert.notEmpty(channelProcessors, "A list of ChannelProcessors is required");
+		Assert.notEmpty(this.channelProcessors, "A list of ChannelProcessors is required");
 	}
 
 	public void decide(FilterInvocation invocation, Collection<ConfigAttribute> config)
@@ -63,7 +63,7 @@ public class ChannelDecisionManagerImpl implements ChannelDecisionManager, Initi
 			}
 		}
 
-		for (ChannelProcessor processor : channelProcessors) {
+		for (ChannelProcessor processor : this.channelProcessors) {
 			processor.decide(invocation, config);
 
 			if (invocation.getResponse().isCommitted()) {
@@ -79,12 +79,12 @@ public class ChannelDecisionManagerImpl implements ChannelDecisionManager, Initi
 	@SuppressWarnings("cast")
 	public void setChannelProcessors(List<?> newList) {
 		Assert.notEmpty(newList, "A list of ChannelProcessors is required");
-		channelProcessors = new ArrayList<>(newList.size());
+		this.channelProcessors = new ArrayList<>(newList.size());
 
 		for (Object currentObject : newList) {
 			Assert.isInstanceOf(ChannelProcessor.class, currentObject, () -> "ChannelProcessor "
 					+ currentObject.getClass().getName() + " must implement ChannelProcessor");
-			channelProcessors.add((ChannelProcessor) currentObject);
+			this.channelProcessors.add((ChannelProcessor) currentObject);
 		}
 	}
 
@@ -93,7 +93,7 @@ public class ChannelDecisionManagerImpl implements ChannelDecisionManager, Initi
 			return true;
 		}
 
-		for (ChannelProcessor processor : channelProcessors) {
+		for (ChannelProcessor processor : this.channelProcessors) {
 			if (processor.supports(attribute)) {
 				return true;
 			}
diff --git a/web/src/main/java/org/springframework/security/web/access/channel/InsecureChannelProcessor.java b/web/src/main/java/org/springframework/security/web/access/channel/InsecureChannelProcessor.java
index 7703a96e09..7404b17382 100644
--- a/web/src/main/java/org/springframework/security/web/access/channel/InsecureChannelProcessor.java
+++ b/web/src/main/java/org/springframework/security/web/access/channel/InsecureChannelProcessor.java
@@ -47,8 +47,8 @@ public class InsecureChannelProcessor implements InitializingBean, ChannelProces
 	private String insecureKeyword = "REQUIRES_INSECURE_CHANNEL";
 
 	public void afterPropertiesSet() {
-		Assert.hasLength(insecureKeyword, "insecureKeyword required");
-		Assert.notNull(entryPoint, "entryPoint required");
+		Assert.hasLength(this.insecureKeyword, "insecureKeyword required");
+		Assert.notNull(this.entryPoint, "entryPoint required");
 	}
 
 	public void decide(FilterInvocation invocation, Collection<ConfigAttribute> config)
@@ -60,18 +60,18 @@ public class InsecureChannelProcessor implements InitializingBean, ChannelProces
 		for (ConfigAttribute attribute : config) {
 			if (supports(attribute)) {
 				if (invocation.getHttpRequest().isSecure()) {
-					entryPoint.commence(invocation.getRequest(), invocation.getResponse());
+					this.entryPoint.commence(invocation.getRequest(), invocation.getResponse());
 				}
 			}
 		}
 	}
 
 	public ChannelEntryPoint getEntryPoint() {
-		return entryPoint;
+		return this.entryPoint;
 	}
 
 	public String getInsecureKeyword() {
-		return insecureKeyword;
+		return this.insecureKeyword;
 	}
 
 	public void setEntryPoint(ChannelEntryPoint entryPoint) {
diff --git a/web/src/main/java/org/springframework/security/web/access/channel/SecureChannelProcessor.java b/web/src/main/java/org/springframework/security/web/access/channel/SecureChannelProcessor.java
index 8c95c8fee2..23aac7f8e4 100644
--- a/web/src/main/java/org/springframework/security/web/access/channel/SecureChannelProcessor.java
+++ b/web/src/main/java/org/springframework/security/web/access/channel/SecureChannelProcessor.java
@@ -47,8 +47,8 @@ public class SecureChannelProcessor implements InitializingBean, ChannelProcesso
 	private String secureKeyword = "REQUIRES_SECURE_CHANNEL";
 
 	public void afterPropertiesSet() {
-		Assert.hasLength(secureKeyword, "secureKeyword required");
-		Assert.notNull(entryPoint, "entryPoint required");
+		Assert.hasLength(this.secureKeyword, "secureKeyword required");
+		Assert.notNull(this.entryPoint, "entryPoint required");
 	}
 
 	public void decide(FilterInvocation invocation, Collection<ConfigAttribute> config)
@@ -58,18 +58,18 @@ public class SecureChannelProcessor implements InitializingBean, ChannelProcesso
 		for (ConfigAttribute attribute : config) {
 			if (supports(attribute)) {
 				if (!invocation.getHttpRequest().isSecure()) {
-					entryPoint.commence(invocation.getRequest(), invocation.getResponse());
+					this.entryPoint.commence(invocation.getRequest(), invocation.getResponse());
 				}
 			}
 		}
 	}
 
 	public ChannelEntryPoint getEntryPoint() {
-		return entryPoint;
+		return this.entryPoint;
 	}
 
 	public String getSecureKeyword() {
-		return secureKeyword;
+		return this.secureKeyword;
 	}
 
 	public void setEntryPoint(ChannelEntryPoint entryPoint) {
diff --git a/web/src/main/java/org/springframework/security/web/access/expression/DefaultWebSecurityExpressionHandler.java b/web/src/main/java/org/springframework/security/web/access/expression/DefaultWebSecurityExpressionHandler.java
index d7bc805cd5..1450cd29fa 100644
--- a/web/src/main/java/org/springframework/security/web/access/expression/DefaultWebSecurityExpressionHandler.java
+++ b/web/src/main/java/org/springframework/security/web/access/expression/DefaultWebSecurityExpressionHandler.java
@@ -41,7 +41,7 @@ public class DefaultWebSecurityExpressionHandler extends AbstractSecurityExpress
 			FilterInvocation fi) {
 		WebSecurityExpressionRoot root = new WebSecurityExpressionRoot(authentication, fi);
 		root.setPermissionEvaluator(getPermissionEvaluator());
-		root.setTrustResolver(trustResolver);
+		root.setTrustResolver(this.trustResolver);
 		root.setRoleHierarchy(getRoleHierarchy());
 		root.setDefaultRolePrefix(this.defaultRolePrefix);
 		return root;
diff --git a/web/src/main/java/org/springframework/security/web/access/expression/WebExpressionVoter.java b/web/src/main/java/org/springframework/security/web/access/expression/WebExpressionVoter.java
index 707355ecf6..601f6b91ba 100644
--- a/web/src/main/java/org/springframework/security/web/access/expression/WebExpressionVoter.java
+++ b/web/src/main/java/org/springframework/security/web/access/expression/WebExpressionVoter.java
@@ -46,7 +46,7 @@ public class WebExpressionVoter implements AccessDecisionVoter<FilterInvocation>
 			return ACCESS_ABSTAIN;
 		}
 
-		EvaluationContext ctx = expressionHandler.createEvaluationContext(authentication, fi);
+		EvaluationContext ctx = this.expressionHandler.createEvaluationContext(authentication, fi);
 		ctx = weca.postProcess(ctx, fi);
 
 		return ExpressionUtils.evaluateAsBoolean(weca.getAuthorizeExpression(), ctx) ? ACCESS_GRANTED : ACCESS_DENIED;
diff --git a/web/src/main/java/org/springframework/security/web/access/expression/WebSecurityExpressionRoot.java b/web/src/main/java/org/springframework/security/web/access/expression/WebSecurityExpressionRoot.java
index 8b90b6d9cc..f1c85dd000 100644
--- a/web/src/main/java/org/springframework/security/web/access/expression/WebSecurityExpressionRoot.java
+++ b/web/src/main/java/org/springframework/security/web/access/expression/WebSecurityExpressionRoot.java
@@ -46,7 +46,7 @@ public class WebSecurityExpressionRoot extends SecurityExpressionRoot {
 	 * @return true if the IP address of the current request is in the required range.
 	 */
 	public boolean hasIpAddress(String ipAddress) {
-		return (new IpAddressMatcher(ipAddress).matches(request));
+		return (new IpAddressMatcher(ipAddress).matches(this.request));
 	}
 
 }
diff --git a/web/src/main/java/org/springframework/security/web/access/intercept/DefaultFilterInvocationSecurityMetadataSource.java b/web/src/main/java/org/springframework/security/web/access/intercept/DefaultFilterInvocationSecurityMetadataSource.java
index 1cbd1f28d9..79aeb6f727 100644
--- a/web/src/main/java/org/springframework/security/web/access/intercept/DefaultFilterInvocationSecurityMetadataSource.java
+++ b/web/src/main/java/org/springframework/security/web/access/intercept/DefaultFilterInvocationSecurityMetadataSource.java
@@ -72,7 +72,7 @@ public class DefaultFilterInvocationSecurityMetadataSource implements FilterInvo
 	public Collection<ConfigAttribute> getAllConfigAttributes() {
 		Set<ConfigAttribute> allAttributes = new HashSet<>();
 
-		for (Map.Entry<RequestMatcher, Collection<ConfigAttribute>> entry : requestMap.entrySet()) {
+		for (Map.Entry<RequestMatcher, Collection<ConfigAttribute>> entry : this.requestMap.entrySet()) {
 			allAttributes.addAll(entry.getValue());
 		}
 
@@ -81,7 +81,7 @@ public class DefaultFilterInvocationSecurityMetadataSource implements FilterInvo
 
 	public Collection<ConfigAttribute> getAttributes(Object object) {
 		final HttpServletRequest request = ((FilterInvocation) object).getRequest();
-		for (Map.Entry<RequestMatcher, Collection<ConfigAttribute>> entry : requestMap.entrySet()) {
+		for (Map.Entry<RequestMatcher, Collection<ConfigAttribute>> entry : this.requestMap.entrySet()) {
 			if (entry.getKey().matches(request)) {
 				return entry.getValue();
 			}
diff --git a/web/src/main/java/org/springframework/security/web/access/intercept/FilterSecurityInterceptor.java b/web/src/main/java/org/springframework/security/web/access/intercept/FilterSecurityInterceptor.java
index 1ca4f387b1..e282747327 100644
--- a/web/src/main/java/org/springframework/security/web/access/intercept/FilterSecurityInterceptor.java
+++ b/web/src/main/java/org/springframework/security/web/access/intercept/FilterSecurityInterceptor.java
@@ -97,14 +97,14 @@ public class FilterSecurityInterceptor extends AbstractSecurityInterceptor imple
 
 	public void invoke(FilterInvocation fi) throws IOException, ServletException {
 		if ((fi.getRequest() != null) && (fi.getRequest().getAttribute(FILTER_APPLIED) != null)
-				&& observeOncePerRequest) {
+				&& this.observeOncePerRequest) {
 			// filter already applied to this request and user wants us to observe
 			// once-per-request handling, so don't re-do security checking
 			fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
 		}
 		else {
 			// first time this request being called, so perform security checking
-			if (fi.getRequest() != null && observeOncePerRequest) {
+			if (fi.getRequest() != null && this.observeOncePerRequest) {
 				fi.getRequest().setAttribute(FILTER_APPLIED, Boolean.TRUE);
 			}
 
@@ -132,7 +132,7 @@ public class FilterSecurityInterceptor extends AbstractSecurityInterceptor imple
 	 * authorizations for each and every fragment of the HTTP request.
 	 */
 	public boolean isObserveOncePerRequest() {
-		return observeOncePerRequest;
+		return this.observeOncePerRequest;
 	}
 
 	public void setObserveOncePerRequest(boolean observeOncePerRequest) {
diff --git a/web/src/main/java/org/springframework/security/web/access/intercept/RequestKey.java b/web/src/main/java/org/springframework/security/web/access/intercept/RequestKey.java
index bc757cad0f..1aa48691e0 100644
--- a/web/src/main/java/org/springframework/security/web/access/intercept/RequestKey.java
+++ b/web/src/main/java/org/springframework/security/web/access/intercept/RequestKey.java
@@ -38,11 +38,11 @@ public class RequestKey {
 	}
 
 	String getUrl() {
-		return url;
+		return this.url;
 	}
 
 	String getMethod() {
-		return method;
+		return this.method;
 	}
 
 	@Override
@@ -60,25 +60,25 @@ public class RequestKey {
 
 		RequestKey key = (RequestKey) obj;
 
-		if (!url.equals(key.url)) {
+		if (!this.url.equals(key.url)) {
 			return false;
 		}
 
-		if (method == null) {
+		if (this.method == null) {
 			return key.method == null;
 		}
 
-		return method.equals(key.method);
+		return this.method.equals(key.method);
 	}
 
 	@Override
 	public String toString() {
-		StringBuilder sb = new StringBuilder(url.length() + 7);
+		StringBuilder sb = new StringBuilder(this.url.length() + 7);
 		sb.append("[");
-		if (method != null) {
-			sb.append(method).append(",");
+		if (this.method != null) {
+			sb.append(this.method).append(",");
 		}
-		sb.append(url);
+		sb.append(this.url);
 		sb.append("]");
 
 		return sb.toString();
diff --git a/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilter.java b/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilter.java
index 0d98bffd54..ffedf367d7 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilter.java
@@ -178,7 +178,7 @@ public abstract class AbstractAuthenticationProcessingFilter extends GenericFilt
 
 	@Override
 	public void afterPropertiesSet() {
-		Assert.notNull(authenticationManager, "authenticationManager must be specified");
+		Assert.notNull(this.authenticationManager, "authenticationManager must be specified");
 	}
 
 	/**
@@ -217,8 +217,8 @@ public abstract class AbstractAuthenticationProcessingFilter extends GenericFilt
 			return;
 		}
 
-		if (logger.isDebugEnabled()) {
-			logger.debug("Request is to process authentication");
+		if (this.logger.isDebugEnabled()) {
+			this.logger.debug("Request is to process authentication");
 		}
 
 		Authentication authResult;
@@ -230,10 +230,10 @@ public abstract class AbstractAuthenticationProcessingFilter extends GenericFilt
 				// authentication
 				return;
 			}
-			sessionStrategy.onAuthentication(authResult, request, response);
+			this.sessionStrategy.onAuthentication(authResult, request, response);
 		}
 		catch (InternalAuthenticationServiceException failed) {
-			logger.error("An internal error occurred while trying to authenticate the user.", failed);
+			this.logger.error("An internal error occurred while trying to authenticate the user.", failed);
 			unsuccessfulAuthentication(request, response, failed);
 
 			return;
@@ -246,7 +246,7 @@ public abstract class AbstractAuthenticationProcessingFilter extends GenericFilt
 		}
 
 		// Authentication success
-		if (continueChainBeforeSuccessfulAuthentication) {
+		if (this.continueChainBeforeSuccessfulAuthentication) {
 			chain.doFilter(request, response);
 		}
 
@@ -266,7 +266,7 @@ public abstract class AbstractAuthenticationProcessingFilter extends GenericFilt
 	 * <code>false</code> otherwise.
 	 */
 	protected boolean requiresAuthentication(HttpServletRequest request, HttpServletResponse response) {
-		return requiresAuthenticationRequestMatcher.matches(request);
+		return this.requiresAuthenticationRequestMatcher.matches(request);
 	}
 
 	/**
@@ -316,20 +316,20 @@ public abstract class AbstractAuthenticationProcessingFilter extends GenericFilt
 	protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain,
 			Authentication authResult) throws IOException, ServletException {
 
-		if (logger.isDebugEnabled()) {
-			logger.debug("Authentication success. Updating SecurityContextHolder to contain: " + authResult);
+		if (this.logger.isDebugEnabled()) {
+			this.logger.debug("Authentication success. Updating SecurityContextHolder to contain: " + authResult);
 		}
 
 		SecurityContextHolder.getContext().setAuthentication(authResult);
 
-		rememberMeServices.loginSuccess(request, response, authResult);
+		this.rememberMeServices.loginSuccess(request, response, authResult);
 
 		// Fire event
 		if (this.eventPublisher != null) {
-			eventPublisher.publishEvent(new InteractiveAuthenticationSuccessEvent(authResult, this.getClass()));
+			this.eventPublisher.publishEvent(new InteractiveAuthenticationSuccessEvent(authResult, this.getClass()));
 		}
 
-		successHandler.onAuthenticationSuccess(request, response, authResult);
+		this.successHandler.onAuthenticationSuccess(request, response, authResult);
 	}
 
 	/**
@@ -347,19 +347,19 @@ public abstract class AbstractAuthenticationProcessingFilter extends GenericFilt
 			AuthenticationException failed) throws IOException, ServletException {
 		SecurityContextHolder.clearContext();
 
-		if (logger.isDebugEnabled()) {
-			logger.debug("Authentication request failed: " + failed.toString(), failed);
-			logger.debug("Updated SecurityContextHolder to contain null Authentication");
-			logger.debug("Delegating to authentication failure handler " + failureHandler);
+		if (this.logger.isDebugEnabled()) {
+			this.logger.debug("Authentication request failed: " + failed.toString(), failed);
+			this.logger.debug("Updated SecurityContextHolder to contain null Authentication");
+			this.logger.debug("Delegating to authentication failure handler " + this.failureHandler);
 		}
 
-		rememberMeServices.loginFail(request, response);
+		this.rememberMeServices.loginFail(request, response);
 
-		failureHandler.onAuthenticationFailure(request, response, failed);
+		this.failureHandler.onAuthenticationFailure(request, response, failed);
 	}
 
 	protected AuthenticationManager getAuthenticationManager() {
-		return authenticationManager;
+		return this.authenticationManager;
 	}
 
 	public void setAuthenticationManager(AuthenticationManager authenticationManager) {
@@ -380,7 +380,7 @@ public abstract class AbstractAuthenticationProcessingFilter extends GenericFilt
 	}
 
 	public RememberMeServices getRememberMeServices() {
-		return rememberMeServices;
+		return this.rememberMeServices;
 	}
 
 	public void setRememberMeServices(RememberMeServices rememberMeServices) {
@@ -413,7 +413,7 @@ public abstract class AbstractAuthenticationProcessingFilter extends GenericFilt
 	}
 
 	protected boolean getAllowSessionCreation() {
-		return allowSessionCreation;
+		return this.allowSessionCreation;
 	}
 
 	public void setAllowSessionCreation(boolean allowSessionCreation) {
@@ -447,11 +447,11 @@ public abstract class AbstractAuthenticationProcessingFilter extends GenericFilt
 	}
 
 	protected AuthenticationSuccessHandler getSuccessHandler() {
-		return successHandler;
+		return this.successHandler;
 	}
 
 	protected AuthenticationFailureHandler getFailureHandler() {
-		return failureHandler;
+		return this.failureHandler;
 	}
 
 }
diff --git a/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationTargetUrlRequestHandler.java b/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationTargetUrlRequestHandler.java
index 08e88651fb..cf0b795c4f 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationTargetUrlRequestHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationTargetUrlRequestHandler.java
@@ -85,11 +85,11 @@ public abstract class AbstractAuthenticationTargetUrlRequestHandler {
 		String targetUrl = determineTargetUrl(request, response, authentication);
 
 		if (response.isCommitted()) {
-			logger.debug("Response has already been committed. Unable to redirect to " + targetUrl);
+			this.logger.debug("Response has already been committed. Unable to redirect to " + targetUrl);
 			return;
 		}
 
-		redirectStrategy.sendRedirect(request, response, targetUrl);
+		this.redirectStrategy.sendRedirect(request, response, targetUrl);
 	}
 
 	/**
@@ -107,30 +107,30 @@ public abstract class AbstractAuthenticationTargetUrlRequestHandler {
 	 */
 	protected String determineTargetUrl(HttpServletRequest request, HttpServletResponse response) {
 		if (isAlwaysUseDefaultTargetUrl()) {
-			return defaultTargetUrl;
+			return this.defaultTargetUrl;
 		}
 
 		// Check for the parameter and use that if available
 		String targetUrl = null;
 
-		if (targetUrlParameter != null) {
-			targetUrl = request.getParameter(targetUrlParameter);
+		if (this.targetUrlParameter != null) {
+			targetUrl = request.getParameter(this.targetUrlParameter);
 
 			if (StringUtils.hasText(targetUrl)) {
-				logger.debug("Found targetUrlParameter in request: " + targetUrl);
+				this.logger.debug("Found targetUrlParameter in request: " + targetUrl);
 
 				return targetUrl;
 			}
 		}
 
-		if (useReferer && !StringUtils.hasLength(targetUrl)) {
+		if (this.useReferer && !StringUtils.hasLength(targetUrl)) {
 			targetUrl = request.getHeader("Referer");
-			logger.debug("Using Referer header: " + targetUrl);
+			this.logger.debug("Using Referer header: " + targetUrl);
 		}
 
 		if (!StringUtils.hasText(targetUrl)) {
-			targetUrl = defaultTargetUrl;
-			logger.debug("Using default Url: " + targetUrl);
+			targetUrl = this.defaultTargetUrl;
+			this.logger.debug("Using default Url: " + targetUrl);
 		}
 
 		return targetUrl;
@@ -143,7 +143,7 @@ public abstract class AbstractAuthenticationTargetUrlRequestHandler {
 	 * @return the defaultTargetUrl property
 	 */
 	protected final String getDefaultTargetUrl() {
-		return defaultTargetUrl;
+		return this.defaultTargetUrl;
 	}
 
 	/**
@@ -170,7 +170,7 @@ public abstract class AbstractAuthenticationTargetUrlRequestHandler {
 	}
 
 	protected boolean isAlwaysUseDefaultTargetUrl() {
-		return alwaysUseDefaultTargetUrl;
+		return this.alwaysUseDefaultTargetUrl;
 	}
 
 	/**
@@ -187,7 +187,7 @@ public abstract class AbstractAuthenticationTargetUrlRequestHandler {
 	}
 
 	protected String getTargetUrlParameter() {
-		return targetUrlParameter;
+		return this.targetUrlParameter;
 	}
 
 	/**
@@ -198,7 +198,7 @@ public abstract class AbstractAuthenticationTargetUrlRequestHandler {
 	}
 
 	protected RedirectStrategy getRedirectStrategy() {
-		return redirectStrategy;
+		return this.redirectStrategy;
 	}
 
 	/**
diff --git a/web/src/main/java/org/springframework/security/web/authentication/AnonymousAuthenticationFilter.java b/web/src/main/java/org/springframework/security/web/authentication/AnonymousAuthenticationFilter.java
index c693682301..5a26991247 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/AnonymousAuthenticationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/AnonymousAuthenticationFilter.java
@@ -77,9 +77,9 @@ public class AnonymousAuthenticationFilter extends GenericFilterBean implements
 
 	@Override
 	public void afterPropertiesSet() {
-		Assert.hasLength(key, "key must have length");
-		Assert.notNull(principal, "Anonymous authentication principal must be set");
-		Assert.notNull(authorities, "Anonymous authorities must be set");
+		Assert.hasLength(this.key, "key must have length");
+		Assert.notNull(this.principal, "Anonymous authentication principal must be set");
+		Assert.notNull(this.authorities, "Anonymous authorities must be set");
 	}
 
 	public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
@@ -88,14 +88,14 @@ public class AnonymousAuthenticationFilter extends GenericFilterBean implements
 		if (SecurityContextHolder.getContext().getAuthentication() == null) {
 			SecurityContextHolder.getContext().setAuthentication(createAuthentication((HttpServletRequest) req));
 
-			if (logger.isDebugEnabled()) {
-				logger.debug("Populated SecurityContextHolder with anonymous token: '"
+			if (this.logger.isDebugEnabled()) {
+				this.logger.debug("Populated SecurityContextHolder with anonymous token: '"
 						+ SecurityContextHolder.getContext().getAuthentication() + "'");
 			}
 		}
 		else {
-			if (logger.isDebugEnabled()) {
-				logger.debug("SecurityContextHolder not populated with anonymous token, as it already contained: '"
+			if (this.logger.isDebugEnabled()) {
+				this.logger.debug("SecurityContextHolder not populated with anonymous token, as it already contained: '"
 						+ SecurityContextHolder.getContext().getAuthentication() + "'");
 			}
 		}
@@ -104,8 +104,9 @@ public class AnonymousAuthenticationFilter extends GenericFilterBean implements
 	}
 
 	protected Authentication createAuthentication(HttpServletRequest request) {
-		AnonymousAuthenticationToken auth = new AnonymousAuthenticationToken(key, principal, authorities);
-		auth.setDetails(authenticationDetailsSource.buildDetails(request));
+		AnonymousAuthenticationToken auth = new AnonymousAuthenticationToken(this.key, this.principal,
+				this.authorities);
+		auth.setDetails(this.authenticationDetailsSource.buildDetails(request));
 
 		return auth;
 	}
@@ -117,11 +118,11 @@ public class AnonymousAuthenticationFilter extends GenericFilterBean implements
 	}
 
 	public Object getPrincipal() {
-		return principal;
+		return this.principal;
 	}
 
 	public List<GrantedAuthority> getAuthorities() {
-		return authorities;
+		return this.authorities;
 	}
 
 }
diff --git a/web/src/main/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPoint.java b/web/src/main/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPoint.java
index 3622602ea8..fc04df9aa9 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPoint.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPoint.java
@@ -74,26 +74,26 @@ public class DelegatingAuthenticationEntryPoint implements AuthenticationEntryPo
 	public void commence(HttpServletRequest request, HttpServletResponse response,
 			AuthenticationException authException) throws IOException, ServletException {
 
-		for (RequestMatcher requestMatcher : entryPoints.keySet()) {
-			if (logger.isDebugEnabled()) {
-				logger.debug("Trying to match using " + requestMatcher);
+		for (RequestMatcher requestMatcher : this.entryPoints.keySet()) {
+			if (this.logger.isDebugEnabled()) {
+				this.logger.debug("Trying to match using " + requestMatcher);
 			}
 			if (requestMatcher.matches(request)) {
-				AuthenticationEntryPoint entryPoint = entryPoints.get(requestMatcher);
-				if (logger.isDebugEnabled()) {
-					logger.debug("Match found! Executing " + entryPoint);
+				AuthenticationEntryPoint entryPoint = this.entryPoints.get(requestMatcher);
+				if (this.logger.isDebugEnabled()) {
+					this.logger.debug("Match found! Executing " + entryPoint);
 				}
 				entryPoint.commence(request, response, authException);
 				return;
 			}
 		}
 
-		if (logger.isDebugEnabled()) {
-			logger.debug("No match found. Using default entry point " + defaultEntryPoint);
+		if (this.logger.isDebugEnabled()) {
+			this.logger.debug("No match found. Using default entry point " + this.defaultEntryPoint);
 		}
 
 		// No EntryPoint matched, use defaultEntryPoint
-		defaultEntryPoint.commence(request, response, authException);
+		this.defaultEntryPoint.commence(request, response, authException);
 	}
 
 	/**
@@ -104,8 +104,8 @@ public class DelegatingAuthenticationEntryPoint implements AuthenticationEntryPo
 	}
 
 	public void afterPropertiesSet() {
-		Assert.notEmpty(entryPoints, "entryPoints must be specified");
-		Assert.notNull(defaultEntryPoint, "defaultEntryPoint must be specified");
+		Assert.notEmpty(this.entryPoints, "entryPoints must be specified");
+		Assert.notNull(this.defaultEntryPoint, "defaultEntryPoint must be specified");
 	}
 
 }
diff --git a/web/src/main/java/org/springframework/security/web/authentication/DelegatingAuthenticationFailureHandler.java b/web/src/main/java/org/springframework/security/web/authentication/DelegatingAuthenticationFailureHandler.java
index 9cced72eb7..c96c8272b1 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/DelegatingAuthenticationFailureHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/DelegatingAuthenticationFailureHandler.java
@@ -67,7 +67,7 @@ public class DelegatingAuthenticationFailureHandler implements AuthenticationFai
 	@Override
 	public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
 			AuthenticationException exception) throws IOException, ServletException {
-		for (Map.Entry<Class<? extends AuthenticationException>, AuthenticationFailureHandler> entry : handlers
+		for (Map.Entry<Class<? extends AuthenticationException>, AuthenticationFailureHandler> entry : this.handlers
 				.entrySet()) {
 			Class<? extends AuthenticationException> handlerMappedExceptionClass = entry.getKey();
 			if (handlerMappedExceptionClass.isAssignableFrom(exception.getClass())) {
@@ -76,7 +76,7 @@ public class DelegatingAuthenticationFailureHandler implements AuthenticationFai
 				return;
 			}
 		}
-		defaultHandler.onAuthenticationFailure(request, response, exception);
+		this.defaultHandler.onAuthenticationFailure(request, response, exception);
 	}
 
 }
diff --git a/web/src/main/java/org/springframework/security/web/authentication/ExceptionMappingAuthenticationFailureHandler.java b/web/src/main/java/org/springframework/security/web/authentication/ExceptionMappingAuthenticationFailureHandler.java
index c97946b94d..5b62059654 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/ExceptionMappingAuthenticationFailureHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/ExceptionMappingAuthenticationFailureHandler.java
@@ -47,7 +47,7 @@ public class ExceptionMappingAuthenticationFailureHandler extends SimpleUrlAuthe
 	@Override
 	public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
 			AuthenticationException exception) throws IOException, ServletException {
-		String url = failureUrlMap.get(exception.getClass().getName());
+		String url = this.failureUrlMap.get(exception.getClass().getName());
 
 		if (url != null) {
 			getRedirectStrategy().sendRedirect(request, response, url);
diff --git a/web/src/main/java/org/springframework/security/web/authentication/ForwardAuthenticationFailureHandler.java b/web/src/main/java/org/springframework/security/web/authentication/ForwardAuthenticationFailureHandler.java
index 4a68a13c10..a7d924b174 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/ForwardAuthenticationFailureHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/ForwardAuthenticationFailureHandler.java
@@ -49,7 +49,7 @@ public class ForwardAuthenticationFailureHandler implements AuthenticationFailur
 	public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
 			AuthenticationException exception) throws IOException, ServletException {
 		request.setAttribute(WebAttributes.AUTHENTICATION_EXCEPTION, exception);
-		request.getRequestDispatcher(forwardUrl).forward(request, response);
+		request.getRequestDispatcher(this.forwardUrl).forward(request, response);
 	}
 
 }
diff --git a/web/src/main/java/org/springframework/security/web/authentication/ForwardAuthenticationSuccessHandler.java b/web/src/main/java/org/springframework/security/web/authentication/ForwardAuthenticationSuccessHandler.java
index 54f831c55f..f4c7d30bab 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/ForwardAuthenticationSuccessHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/ForwardAuthenticationSuccessHandler.java
@@ -48,7 +48,7 @@ public class ForwardAuthenticationSuccessHandler implements AuthenticationSucces
 
 	public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
 			Authentication authentication) throws IOException, ServletException {
-		request.getRequestDispatcher(forwardUrl).forward(request, response);
+		request.getRequestDispatcher(this.forwardUrl).forward(request, response);
 	}
 
 }
diff --git a/web/src/main/java/org/springframework/security/web/authentication/HttpStatusEntryPoint.java b/web/src/main/java/org/springframework/security/web/authentication/HttpStatusEntryPoint.java
index 001628d054..44e36b4e4a 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/HttpStatusEntryPoint.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/HttpStatusEntryPoint.java
@@ -46,7 +46,7 @@ public final class HttpStatusEntryPoint implements AuthenticationEntryPoint {
 
 	public void commence(HttpServletRequest request, HttpServletResponse response,
 			AuthenticationException authException) {
-		response.setStatus(httpStatus.value());
+		response.setStatus(this.httpStatus.value());
 	}
 
 }
diff --git a/web/src/main/java/org/springframework/security/web/authentication/LoginUrlAuthenticationEntryPoint.java b/web/src/main/java/org/springframework/security/web/authentication/LoginUrlAuthenticationEntryPoint.java
index 4aa08635f2..dec3bb4ffe 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/LoginUrlAuthenticationEntryPoint.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/LoginUrlAuthenticationEntryPoint.java
@@ -90,13 +90,13 @@ public class LoginUrlAuthenticationEntryPoint implements AuthenticationEntryPoin
 	}
 
 	public void afterPropertiesSet() {
-		Assert.isTrue(StringUtils.hasText(loginFormUrl) && UrlUtils.isValidRedirectUrl(loginFormUrl),
+		Assert.isTrue(StringUtils.hasText(this.loginFormUrl) && UrlUtils.isValidRedirectUrl(this.loginFormUrl),
 				"loginFormUrl must be specified and must be a valid redirect URL");
-		if (useForward && UrlUtils.isAbsoluteUrl(loginFormUrl)) {
+		if (this.useForward && UrlUtils.isAbsoluteUrl(this.loginFormUrl)) {
 			throw new IllegalArgumentException("useForward must be false if using an absolute loginFormURL");
 		}
-		Assert.notNull(portMapper, "portMapper must be specified");
-		Assert.notNull(portResolver, "portResolver must be specified");
+		Assert.notNull(this.portMapper, "portMapper must be specified");
+		Assert.notNull(this.portResolver, "portResolver must be specified");
 	}
 
 	/**
@@ -121,9 +121,9 @@ public class LoginUrlAuthenticationEntryPoint implements AuthenticationEntryPoin
 
 		String redirectUrl = null;
 
-		if (useForward) {
+		if (this.useForward) {
 
-			if (forceHttps && "http".equals(request.getScheme())) {
+			if (this.forceHttps && "http".equals(request.getScheme())) {
 				// First redirect the current request to HTTPS.
 				// When that request is received, the forward to the login page will be
 				// used.
@@ -151,7 +151,7 @@ public class LoginUrlAuthenticationEntryPoint implements AuthenticationEntryPoin
 
 		}
 
-		redirectStrategy.sendRedirect(request, response, redirectUrl);
+		this.redirectStrategy.sendRedirect(request, response, redirectUrl);
 	}
 
 	protected String buildRedirectUrlToLoginPage(HttpServletRequest request, HttpServletResponse response,
@@ -163,7 +163,7 @@ public class LoginUrlAuthenticationEntryPoint implements AuthenticationEntryPoin
 			return loginForm;
 		}
 
-		int serverPort = portResolver.getServerPort(request);
+		int serverPort = this.portResolver.getServerPort(request);
 		String scheme = request.getScheme();
 
 		RedirectUrlBuilder urlBuilder = new RedirectUrlBuilder();
@@ -174,8 +174,8 @@ public class LoginUrlAuthenticationEntryPoint implements AuthenticationEntryPoin
 		urlBuilder.setContextPath(request.getContextPath());
 		urlBuilder.setPathInfo(loginForm);
 
-		if (forceHttps && "http".equals(scheme)) {
-			Integer httpsPort = portMapper.lookupHttpsPort(serverPort);
+		if (this.forceHttps && "http".equals(scheme)) {
+			Integer httpsPort = this.portMapper.lookupHttpsPort(serverPort);
 
 			if (httpsPort != null) {
 				// Overwrite scheme and port in the redirect URL
@@ -196,8 +196,8 @@ public class LoginUrlAuthenticationEntryPoint implements AuthenticationEntryPoin
 	 */
 	protected String buildHttpsRedirectUrlForRequest(HttpServletRequest request) throws IOException, ServletException {
 
-		int serverPort = portResolver.getServerPort(request);
-		Integer httpsPort = portMapper.lookupHttpsPort(serverPort);
+		int serverPort = this.portResolver.getServerPort(request);
+		Integer httpsPort = this.portMapper.lookupHttpsPort(serverPort);
 
 		if (httpsPort != null) {
 			RedirectUrlBuilder urlBuilder = new RedirectUrlBuilder();
@@ -230,11 +230,11 @@ public class LoginUrlAuthenticationEntryPoint implements AuthenticationEntryPoin
 	}
 
 	protected boolean isForceHttps() {
-		return forceHttps;
+		return this.forceHttps;
 	}
 
 	public String getLoginFormUrl() {
-		return loginFormUrl;
+		return this.loginFormUrl;
 	}
 
 	public void setPortMapper(PortMapper portMapper) {
@@ -243,7 +243,7 @@ public class LoginUrlAuthenticationEntryPoint implements AuthenticationEntryPoin
 	}
 
 	protected PortMapper getPortMapper() {
-		return portMapper;
+		return this.portMapper;
 	}
 
 	public void setPortResolver(PortResolver portResolver) {
@@ -252,7 +252,7 @@ public class LoginUrlAuthenticationEntryPoint implements AuthenticationEntryPoin
 	}
 
 	protected PortResolver getPortResolver() {
-		return portResolver;
+		return this.portResolver;
 	}
 
 	/**
@@ -266,7 +266,7 @@ public class LoginUrlAuthenticationEntryPoint implements AuthenticationEntryPoin
 	}
 
 	protected boolean isUseForward() {
-		return useForward;
+		return this.useForward;
 	}
 
 }
diff --git a/web/src/main/java/org/springframework/security/web/authentication/SavedRequestAwareAuthenticationSuccessHandler.java b/web/src/main/java/org/springframework/security/web/authentication/SavedRequestAwareAuthenticationSuccessHandler.java
index 68d81e51c0..6f4ff39c82 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/SavedRequestAwareAuthenticationSuccessHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/SavedRequestAwareAuthenticationSuccessHandler.java
@@ -72,7 +72,7 @@ public class SavedRequestAwareAuthenticationSuccessHandler extends SimpleUrlAuth
 	@Override
 	public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
 			Authentication authentication) throws ServletException, IOException {
-		SavedRequest savedRequest = requestCache.getRequest(request, response);
+		SavedRequest savedRequest = this.requestCache.getRequest(request, response);
 
 		if (savedRequest == null) {
 			super.onAuthenticationSuccess(request, response, authentication);
@@ -82,7 +82,7 @@ public class SavedRequestAwareAuthenticationSuccessHandler extends SimpleUrlAuth
 		String targetUrlParameter = getTargetUrlParameter();
 		if (isAlwaysUseDefaultTargetUrl()
 				|| (targetUrlParameter != null && StringUtils.hasText(request.getParameter(targetUrlParameter)))) {
-			requestCache.removeRequest(request, response);
+			this.requestCache.removeRequest(request, response);
 			super.onAuthenticationSuccess(request, response, authentication);
 
 			return;
@@ -92,7 +92,7 @@ public class SavedRequestAwareAuthenticationSuccessHandler extends SimpleUrlAuth
 
 		// Use the DefaultSavedRequest URL
 		String targetUrl = savedRequest.getRedirectUrl();
-		logger.debug("Redirecting to DefaultSavedRequest Url: " + targetUrl);
+		this.logger.debug("Redirecting to DefaultSavedRequest Url: " + targetUrl);
 		getRedirectStrategy().sendRedirect(request, response, targetUrl);
 	}
 
diff --git a/web/src/main/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationFailureHandler.java b/web/src/main/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationFailureHandler.java
index d17cdd2078..1cd5312384 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationFailureHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationFailureHandler.java
@@ -75,22 +75,22 @@ public class SimpleUrlAuthenticationFailureHandler implements AuthenticationFail
 	public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
 			AuthenticationException exception) throws IOException, ServletException {
 
-		if (defaultFailureUrl == null) {
-			logger.debug("No failure URL set, sending 401 Unauthorized error");
+		if (this.defaultFailureUrl == null) {
+			this.logger.debug("No failure URL set, sending 401 Unauthorized error");
 
 			response.sendError(HttpStatus.UNAUTHORIZED.value(), HttpStatus.UNAUTHORIZED.getReasonPhrase());
 		}
 		else {
 			saveException(request, exception);
 
-			if (forwardToDestination) {
-				logger.debug("Forwarding to " + defaultFailureUrl);
+			if (this.forwardToDestination) {
+				this.logger.debug("Forwarding to " + this.defaultFailureUrl);
 
-				request.getRequestDispatcher(defaultFailureUrl).forward(request, response);
+				request.getRequestDispatcher(this.defaultFailureUrl).forward(request, response);
 			}
 			else {
-				logger.debug("Redirecting to " + defaultFailureUrl);
-				redirectStrategy.sendRedirect(request, response, defaultFailureUrl);
+				this.logger.debug("Redirecting to " + this.defaultFailureUrl);
+				this.redirectStrategy.sendRedirect(request, response, this.defaultFailureUrl);
 			}
 		}
 	}
@@ -104,13 +104,13 @@ public class SimpleUrlAuthenticationFailureHandler implements AuthenticationFail
 	 * Otherwise the exception will not be stored.
 	 */
 	protected final void saveException(HttpServletRequest request, AuthenticationException exception) {
-		if (forwardToDestination) {
+		if (this.forwardToDestination) {
 			request.setAttribute(WebAttributes.AUTHENTICATION_EXCEPTION, exception);
 		}
 		else {
 			HttpSession session = request.getSession(false);
 
-			if (session != null || allowSessionCreation) {
+			if (session != null || this.allowSessionCreation) {
 				request.getSession().setAttribute(WebAttributes.AUTHENTICATION_EXCEPTION, exception);
 			}
 		}
@@ -127,7 +127,7 @@ public class SimpleUrlAuthenticationFailureHandler implements AuthenticationFail
 	}
 
 	protected boolean isUseForward() {
-		return forwardToDestination;
+		return this.forwardToDestination;
 	}
 
 	/**
@@ -146,11 +146,11 @@ public class SimpleUrlAuthenticationFailureHandler implements AuthenticationFail
 	}
 
 	protected RedirectStrategy getRedirectStrategy() {
-		return redirectStrategy;
+		return this.redirectStrategy;
 	}
 
 	protected boolean isAllowSessionCreation() {
-		return allowSessionCreation;
+		return this.allowSessionCreation;
 	}
 
 	public void setAllowSessionCreation(boolean allowSessionCreation) {
diff --git a/web/src/main/java/org/springframework/security/web/authentication/UsernamePasswordAuthenticationFilter.java b/web/src/main/java/org/springframework/security/web/authentication/UsernamePasswordAuthenticationFilter.java
index b4a2ca7317..b640597f5d 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/UsernamePasswordAuthenticationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/UsernamePasswordAuthenticationFilter.java
@@ -70,7 +70,7 @@ public class UsernamePasswordAuthenticationFilter extends AbstractAuthentication
 
 	public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
 			throws AuthenticationException {
-		if (postOnly && !request.getMethod().equals("POST")) {
+		if (this.postOnly && !request.getMethod().equals("POST")) {
 			throw new AuthenticationServiceException("Authentication method not supported: " + request.getMethod());
 		}
 
@@ -110,7 +110,7 @@ public class UsernamePasswordAuthenticationFilter extends AbstractAuthentication
 	 */
 	@Nullable
 	protected String obtainPassword(HttpServletRequest request) {
-		return request.getParameter(passwordParameter);
+		return request.getParameter(this.passwordParameter);
 	}
 
 	/**
@@ -122,7 +122,7 @@ public class UsernamePasswordAuthenticationFilter extends AbstractAuthentication
 	 */
 	@Nullable
 	protected String obtainUsername(HttpServletRequest request) {
-		return request.getParameter(usernameParameter);
+		return request.getParameter(this.usernameParameter);
 	}
 
 	/**
@@ -133,7 +133,7 @@ public class UsernamePasswordAuthenticationFilter extends AbstractAuthentication
 	 * set
 	 */
 	protected void setDetails(HttpServletRequest request, UsernamePasswordAuthenticationToken authRequest) {
-		authRequest.setDetails(authenticationDetailsSource.buildDetails(request));
+		authRequest.setDetails(this.authenticationDetailsSource.buildDetails(request));
 	}
 
 	/**
@@ -170,11 +170,11 @@ public class UsernamePasswordAuthenticationFilter extends AbstractAuthentication
 	}
 
 	public final String getUsernameParameter() {
-		return usernameParameter;
+		return this.usernameParameter;
 	}
 
 	public final String getPasswordParameter() {
-		return passwordParameter;
+		return this.passwordParameter;
 	}
 
 }
diff --git a/web/src/main/java/org/springframework/security/web/authentication/WebAuthenticationDetails.java b/web/src/main/java/org/springframework/security/web/authentication/WebAuthenticationDetails.java
index f4a9a66879..24eef04985 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/WebAuthenticationDetails.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/WebAuthenticationDetails.java
@@ -64,30 +64,30 @@ public class WebAuthenticationDetails implements Serializable {
 		if (obj instanceof WebAuthenticationDetails) {
 			WebAuthenticationDetails rhs = (WebAuthenticationDetails) obj;
 
-			if ((remoteAddress == null) && (rhs.getRemoteAddress() != null)) {
+			if ((this.remoteAddress == null) && (rhs.getRemoteAddress() != null)) {
 				return false;
 			}
 
-			if ((remoteAddress != null) && (rhs.getRemoteAddress() == null)) {
+			if ((this.remoteAddress != null) && (rhs.getRemoteAddress() == null)) {
 				return false;
 			}
 
-			if (remoteAddress != null) {
-				if (!remoteAddress.equals(rhs.getRemoteAddress())) {
+			if (this.remoteAddress != null) {
+				if (!this.remoteAddress.equals(rhs.getRemoteAddress())) {
 					return false;
 				}
 			}
 
-			if ((sessionId == null) && (rhs.getSessionId() != null)) {
+			if ((this.sessionId == null) && (rhs.getSessionId() != null)) {
 				return false;
 			}
 
-			if ((sessionId != null) && (rhs.getSessionId() == null)) {
+			if ((this.sessionId != null) && (rhs.getSessionId() == null)) {
 				return false;
 			}
 
-			if (sessionId != null) {
-				if (!sessionId.equals(rhs.getSessionId())) {
+			if (this.sessionId != null) {
+				if (!this.sessionId.equals(rhs.getSessionId())) {
 					return false;
 				}
 			}
@@ -103,7 +103,7 @@ public class WebAuthenticationDetails implements Serializable {
 	 * @return the address
 	 */
 	public String getRemoteAddress() {
-		return remoteAddress;
+		return this.remoteAddress;
 	}
 
 	/**
@@ -112,7 +112,7 @@ public class WebAuthenticationDetails implements Serializable {
 	 * @return the session ID
 	 */
 	public String getSessionId() {
-		return sessionId;
+		return this.sessionId;
 	}
 
 	@Override
diff --git a/web/src/main/java/org/springframework/security/web/authentication/logout/CookieClearingLogoutHandler.java b/web/src/main/java/org/springframework/security/web/authentication/logout/CookieClearingLogoutHandler.java
index 8ca32044c6..5820cb6894 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/logout/CookieClearingLogoutHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/logout/CookieClearingLogoutHandler.java
@@ -71,7 +71,7 @@ public final class CookieClearingLogoutHandler implements LogoutHandler {
 	}
 
 	public void logout(HttpServletRequest request, HttpServletResponse response, Authentication authentication) {
-		cookiesToClear.forEach(f -> response.addCookie(f.apply(request)));
+		this.cookiesToClear.forEach(f -> response.addCookie(f.apply(request)));
 	}
 
 }
diff --git a/web/src/main/java/org/springframework/security/web/authentication/logout/LogoutFilter.java b/web/src/main/java/org/springframework/security/web/authentication/logout/LogoutFilter.java
index 26c4487e18..110daf321f 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/logout/LogoutFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/logout/LogoutFilter.java
@@ -78,7 +78,7 @@ public class LogoutFilter extends GenericFilterBean {
 		if (StringUtils.hasText(logoutSuccessUrl)) {
 			urlLogoutSuccessHandler.setDefaultTargetUrl(logoutSuccessUrl);
 		}
-		logoutSuccessHandler = urlLogoutSuccessHandler;
+		this.logoutSuccessHandler = urlLogoutSuccessHandler;
 		setFilterProcessesUrl("/logout");
 	}
 
@@ -90,13 +90,13 @@ public class LogoutFilter extends GenericFilterBean {
 		if (requiresLogout(request, response)) {
 			Authentication auth = SecurityContextHolder.getContext().getAuthentication();
 
-			if (logger.isDebugEnabled()) {
-				logger.debug("Logging out user '" + auth + "' and transferring to logout destination");
+			if (this.logger.isDebugEnabled()) {
+				this.logger.debug("Logging out user '" + auth + "' and transferring to logout destination");
 			}
 
 			this.handler.logout(request, response, auth);
 
-			logoutSuccessHandler.onLogoutSuccess(request, response, auth);
+			this.logoutSuccessHandler.onLogoutSuccess(request, response, auth);
 
 			return;
 		}
@@ -111,7 +111,7 @@ public class LogoutFilter extends GenericFilterBean {
 	 * @return <code>true</code> if logout should occur, <code>false</code> otherwise
 	 */
 	protected boolean requiresLogout(HttpServletRequest request, HttpServletResponse response) {
-		return logoutRequestMatcher.matches(request);
+		return this.logoutRequestMatcher.matches(request);
 	}
 
 	public void setLogoutRequestMatcher(RequestMatcher logoutRequestMatcher) {
diff --git a/web/src/main/java/org/springframework/security/web/authentication/logout/LogoutSuccessEventPublishingLogoutHandler.java b/web/src/main/java/org/springframework/security/web/authentication/logout/LogoutSuccessEventPublishingLogoutHandler.java
index 8992ebab17..e33e15cfaf 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/logout/LogoutSuccessEventPublishingLogoutHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/logout/LogoutSuccessEventPublishingLogoutHandler.java
@@ -36,13 +36,13 @@ public final class LogoutSuccessEventPublishingLogoutHandler implements LogoutHa
 
 	@Override
 	public void logout(HttpServletRequest request, HttpServletResponse response, Authentication authentication) {
-		if (eventPublisher == null) {
+		if (this.eventPublisher == null) {
 			return;
 		}
 		if (authentication == null) {
 			return;
 		}
-		eventPublisher.publishEvent(new LogoutSuccessEvent(authentication));
+		this.eventPublisher.publishEvent(new LogoutSuccessEvent(authentication));
 	}
 
 	@Override
diff --git a/web/src/main/java/org/springframework/security/web/authentication/logout/SecurityContextLogoutHandler.java b/web/src/main/java/org/springframework/security/web/authentication/logout/SecurityContextLogoutHandler.java
index cd0cc7fef0..8b3858f0ad 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/logout/SecurityContextLogoutHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/logout/SecurityContextLogoutHandler.java
@@ -57,15 +57,15 @@ public class SecurityContextLogoutHandler implements LogoutHandler {
 	 */
 	public void logout(HttpServletRequest request, HttpServletResponse response, Authentication authentication) {
 		Assert.notNull(request, "HttpServletRequest required");
-		if (invalidateHttpSession) {
+		if (this.invalidateHttpSession) {
 			HttpSession session = request.getSession(false);
 			if (session != null) {
-				logger.debug("Invalidating session: " + session.getId());
+				this.logger.debug("Invalidating session: " + session.getId());
 				session.invalidate();
 			}
 		}
 
-		if (clearAuthentication) {
+		if (this.clearAuthentication) {
 			SecurityContext context = SecurityContextHolder.getContext();
 			context.setAuthentication(null);
 		}
@@ -74,7 +74,7 @@ public class SecurityContextLogoutHandler implements LogoutHandler {
 	}
 
 	public boolean isInvalidateHttpSession() {
-		return invalidateHttpSession;
+		return this.invalidateHttpSession;
 	}
 
 	/**
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilter.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilter.java
index 87d70731f1..867cdf3476 100755
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilter.java
@@ -113,7 +113,7 @@ public abstract class AbstractPreAuthenticatedProcessingFilter extends GenericFi
 			// convert to RuntimeException for passivity on afterPropertiesSet signature
 			throw new RuntimeException(e);
 		}
-		Assert.notNull(authenticationManager, "An AuthenticationManager must be set");
+		Assert.notNull(this.authenticationManager, "An AuthenticationManager must be set");
 	}
 
 	/**
@@ -123,11 +123,12 @@ public abstract class AbstractPreAuthenticatedProcessingFilter extends GenericFi
 	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
 			throws IOException, ServletException {
 
-		if (logger.isDebugEnabled()) {
-			logger.debug("Checking secure context token: " + SecurityContextHolder.getContext().getAuthentication());
+		if (this.logger.isDebugEnabled()) {
+			this.logger
+					.debug("Checking secure context token: " + SecurityContextHolder.getContext().getAuthentication());
 		}
 
-		if (requiresAuthenticationRequestMatcher.matches((HttpServletRequest) request)) {
+		if (this.requiresAuthenticationRequestMatcher.matches((HttpServletRequest) request)) {
 			doAuthenticate((HttpServletRequest) request, (HttpServletResponse) response);
 		}
 
@@ -164,8 +165,9 @@ public abstract class AbstractPreAuthenticatedProcessingFilter extends GenericFi
 			return false;
 		}
 
-		if (logger.isDebugEnabled()) {
-			logger.debug("Pre-authenticated principal has changed to " + principal + " and will be reauthenticated");
+		if (this.logger.isDebugEnabled()) {
+			this.logger
+					.debug("Pre-authenticated principal has changed to " + principal + " and will be reauthenticated");
 		}
 		return true;
 	}
@@ -181,28 +183,28 @@ public abstract class AbstractPreAuthenticatedProcessingFilter extends GenericFi
 		Object credentials = getPreAuthenticatedCredentials(request);
 
 		if (principal == null) {
-			if (logger.isDebugEnabled()) {
-				logger.debug("No pre-authenticated principal found in request");
+			if (this.logger.isDebugEnabled()) {
+				this.logger.debug("No pre-authenticated principal found in request");
 			}
 
 			return;
 		}
 
-		if (logger.isDebugEnabled()) {
-			logger.debug("preAuthenticatedPrincipal = " + principal + ", trying to authenticate");
+		if (this.logger.isDebugEnabled()) {
+			this.logger.debug("preAuthenticatedPrincipal = " + principal + ", trying to authenticate");
 		}
 
 		try {
 			PreAuthenticatedAuthenticationToken authRequest = new PreAuthenticatedAuthenticationToken(principal,
 					credentials);
-			authRequest.setDetails(authenticationDetailsSource.buildDetails(request));
-			authResult = authenticationManager.authenticate(authRequest);
+			authRequest.setDetails(this.authenticationDetailsSource.buildDetails(request));
+			authResult = this.authenticationManager.authenticate(authRequest);
 			successfulAuthentication(request, response, authResult);
 		}
 		catch (AuthenticationException failed) {
 			unsuccessfulAuthentication(request, response, failed);
 
-			if (!continueFilterChainOnUnsuccessfulAuthentication) {
+			if (!this.continueFilterChainOnUnsuccessfulAuthentication) {
 				throw failed;
 			}
 		}
@@ -214,17 +216,17 @@ public abstract class AbstractPreAuthenticatedProcessingFilter extends GenericFi
 	 */
 	protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response,
 			Authentication authResult) throws IOException, ServletException {
-		if (logger.isDebugEnabled()) {
-			logger.debug("Authentication success: " + authResult);
+		if (this.logger.isDebugEnabled()) {
+			this.logger.debug("Authentication success: " + authResult);
 		}
 		SecurityContextHolder.getContext().setAuthentication(authResult);
 		// Fire event
 		if (this.eventPublisher != null) {
-			eventPublisher.publishEvent(new InteractiveAuthenticationSuccessEvent(authResult, this.getClass()));
+			this.eventPublisher.publishEvent(new InteractiveAuthenticationSuccessEvent(authResult, this.getClass()));
 		}
 
-		if (authenticationSuccessHandler != null) {
-			authenticationSuccessHandler.onAuthenticationSuccess(request, response, authResult);
+		if (this.authenticationSuccessHandler != null) {
+			this.authenticationSuccessHandler.onAuthenticationSuccess(request, response, authResult);
 		}
 	}
 
@@ -238,13 +240,13 @@ public abstract class AbstractPreAuthenticatedProcessingFilter extends GenericFi
 			AuthenticationException failed) throws IOException, ServletException {
 		SecurityContextHolder.clearContext();
 
-		if (logger.isDebugEnabled()) {
-			logger.debug("Cleared security context due to exception", failed);
+		if (this.logger.isDebugEnabled()) {
+			this.logger.debug("Cleared security context due to exception", failed);
 		}
 		request.setAttribute(WebAttributes.AUTHENTICATION_EXCEPTION, failed);
 
-		if (authenticationFailureHandler != null) {
-			authenticationFailureHandler.onAuthenticationFailure(request, response, failed);
+		if (this.authenticationFailureHandler != null) {
+			this.authenticationFailureHandler.onAuthenticationFailure(request, response, failed);
 		}
 	}
 
@@ -265,7 +267,7 @@ public abstract class AbstractPreAuthenticatedProcessingFilter extends GenericFi
 	}
 
 	protected AuthenticationDetailsSource<HttpServletRequest, ?> getAuthenticationDetailsSource() {
-		return authenticationDetailsSource;
+		return this.authenticationDetailsSource;
 	}
 
 	/**
@@ -284,7 +286,7 @@ public abstract class AbstractPreAuthenticatedProcessingFilter extends GenericFi
 	 * failed authentication.
 	 */
 	public void setContinueFilterChainOnUnsuccessfulAuthentication(boolean shouldContinue) {
-		continueFilterChainOnUnsuccessfulAuthentication = shouldContinue;
+		this.continueFilterChainOnUnsuccessfulAuthentication = shouldContinue;
 	}
 
 	/**
@@ -357,7 +359,7 @@ public abstract class AbstractPreAuthenticatedProcessingFilter extends GenericFi
 				return true;
 			}
 
-			if (!checkForPrincipalChanges) {
+			if (!AbstractPreAuthenticatedProcessingFilter.this.checkForPrincipalChanges) {
 				return false;
 			}
 
@@ -365,15 +367,16 @@ public abstract class AbstractPreAuthenticatedProcessingFilter extends GenericFi
 				return false;
 			}
 
-			logger.debug("Pre-authenticated principal has changed and will be reauthenticated");
+			AbstractPreAuthenticatedProcessingFilter.this.logger
+					.debug("Pre-authenticated principal has changed and will be reauthenticated");
 
-			if (invalidateSessionOnPrincipalChange) {
+			if (AbstractPreAuthenticatedProcessingFilter.this.invalidateSessionOnPrincipalChange) {
 				SecurityContextHolder.clearContext();
 
 				HttpSession session = request.getSession(false);
 
 				if (session != null) {
-					logger.debug("Invalidating existing session");
+					AbstractPreAuthenticatedProcessingFilter.this.logger.debug("Invalidating existing session");
 					session.invalidate();
 					request.getSession();
 				}
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationProvider.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationProvider.java
index d4e5c8308a..208fb4a164 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationProvider.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationProvider.java
@@ -61,7 +61,7 @@ public class PreAuthenticatedAuthenticationProvider implements AuthenticationPro
 	 * Check whether all required properties have been set.
 	 */
 	public void afterPropertiesSet() {
-		Assert.notNull(preAuthenticatedUserDetailsService, "An AuthenticationUserDetailsService must be set");
+		Assert.notNull(this.preAuthenticatedUserDetailsService, "An AuthenticationUserDetailsService must be set");
 	}
 
 	/**
@@ -82,7 +82,7 @@ public class PreAuthenticatedAuthenticationProvider implements AuthenticationPro
 		if (authentication.getPrincipal() == null) {
 			logger.debug("No pre-authenticated principal found in request.");
 
-			if (throwExceptionWhenTokenRejected) {
+			if (this.throwExceptionWhenTokenRejected) {
 				throw new BadCredentialsException("No pre-authenticated principal found in request.");
 			}
 			return null;
@@ -91,16 +91,16 @@ public class PreAuthenticatedAuthenticationProvider implements AuthenticationPro
 		if (authentication.getCredentials() == null) {
 			logger.debug("No pre-authenticated credentials found in request.");
 
-			if (throwExceptionWhenTokenRejected) {
+			if (this.throwExceptionWhenTokenRejected) {
 				throw new BadCredentialsException("No pre-authenticated credentials found in request.");
 			}
 			return null;
 		}
 
-		UserDetails ud = preAuthenticatedUserDetailsService
+		UserDetails ud = this.preAuthenticatedUserDetailsService
 				.loadUserDetails((PreAuthenticatedAuthenticationToken) authentication);
 
-		userDetailsChecker.check(ud);
+		this.userDetailsChecker.check(ud);
 
 		PreAuthenticatedAuthenticationToken result = new PreAuthenticatedAuthenticationToken(ud,
 				authentication.getCredentials(), ud.getAuthorities());
@@ -147,11 +147,11 @@ public class PreAuthenticatedAuthenticationProvider implements AuthenticationPro
 	}
 
 	public int getOrder() {
-		return order;
+		return this.order;
 	}
 
 	public void setOrder(int i) {
-		order = i;
+		this.order = i;
 	}
 
 }
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails.java
index b2bcc058f2..bb08b1bc3a 100755
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails.java
@@ -53,14 +53,14 @@ public class PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails extends
 
 	@Override
 	public List<GrantedAuthority> getGrantedAuthorities() {
-		return authorities;
+		return this.authorities;
 	}
 
 	@Override
 	public String toString() {
 		StringBuilder sb = new StringBuilder();
 		sb.append(super.toString()).append("; ");
-		sb.append(authorities);
+		sb.append(this.authorities);
 		return sb.toString();
 	}
 
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/RequestAttributeAuthenticationFilter.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/RequestAttributeAuthenticationFilter.java
index 16e82bdfd7..6102b55d2f 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/RequestAttributeAuthenticationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/RequestAttributeAuthenticationFilter.java
@@ -56,11 +56,11 @@ public class RequestAttributeAuthenticationFilter extends AbstractPreAuthenticat
 	 * missing and {@code exceptionIfVariableMissing} is set to {@code true}.
 	 */
 	protected Object getPreAuthenticatedPrincipal(HttpServletRequest request) {
-		String principal = (String) request.getAttribute(principalEnvironmentVariable);
+		String principal = (String) request.getAttribute(this.principalEnvironmentVariable);
 
-		if (principal == null && exceptionIfVariableMissing) {
+		if (principal == null && this.exceptionIfVariableMissing) {
 			throw new PreAuthenticatedCredentialsNotFoundException(
-					principalEnvironmentVariable + " variable not found in request.");
+					this.principalEnvironmentVariable + " variable not found in request.");
 		}
 
 		return principal;
@@ -72,8 +72,8 @@ public class RequestAttributeAuthenticationFilter extends AbstractPreAuthenticat
 	 * credentials value. Otherwise a dummy value will be used.
 	 */
 	protected Object getPreAuthenticatedCredentials(HttpServletRequest request) {
-		if (credentialsEnvironmentVariable != null) {
-			return request.getAttribute(credentialsEnvironmentVariable);
+		if (this.credentialsEnvironmentVariable != null) {
+			return request.getAttribute(this.credentialsEnvironmentVariable);
 		}
 
 		return "N/A";
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/RequestHeaderAuthenticationFilter.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/RequestHeaderAuthenticationFilter.java
index 115d9aa6cc..015567f67d 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/RequestHeaderAuthenticationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/RequestHeaderAuthenticationFilter.java
@@ -57,11 +57,11 @@ public class RequestHeaderAuthenticationFilter extends AbstractPreAuthenticatedP
 	 * {@code exceptionIfHeaderMissing} is set to {@code true}.
 	 */
 	protected Object getPreAuthenticatedPrincipal(HttpServletRequest request) {
-		String principal = request.getHeader(principalRequestHeader);
+		String principal = request.getHeader(this.principalRequestHeader);
 
-		if (principal == null && exceptionIfHeaderMissing) {
+		if (principal == null && this.exceptionIfHeaderMissing) {
 			throw new PreAuthenticatedCredentialsNotFoundException(
-					principalRequestHeader + " header not found in request.");
+					this.principalRequestHeader + " header not found in request.");
 		}
 
 		return principal;
@@ -73,8 +73,8 @@ public class RequestHeaderAuthenticationFilter extends AbstractPreAuthenticatedP
 	 * will be used.
 	 */
 	protected Object getPreAuthenticatedCredentials(HttpServletRequest request) {
-		if (credentialsRequestHeader != null) {
-			return request.getHeader(credentialsRequestHeader);
+		if (this.credentialsRequestHeader != null) {
+			return request.getHeader(this.credentialsRequestHeader);
 		}
 
 		return "N/A";
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource.java
index 00509e906f..e44fd3e8b4 100755
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource.java
@@ -59,8 +59,8 @@ public class J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource implements
 	 * Check that all required properties have been set.
 	 */
 	public void afterPropertiesSet() {
-		Assert.notNull(j2eeMappableRoles, "No mappable roles available");
-		Assert.notNull(j2eeUserRoles2GrantedAuthoritiesMapper, "Roles to granted authorities mapper not set");
+		Assert.notNull(this.j2eeMappableRoles, "No mappable roles available");
+		Assert.notNull(this.j2eeUserRoles2GrantedAuthoritiesMapper, "Roles to granted authorities mapper not set");
 	}
 
 	/**
@@ -75,7 +75,7 @@ public class J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource implements
 	protected Collection<String> getUserRoles(HttpServletRequest request) {
 		ArrayList<String> j2eeUserRolesList = new ArrayList<>();
 
-		for (String role : j2eeMappableRoles) {
+		for (String role : this.j2eeMappableRoles) {
 			if (request.isUserInRole(role)) {
 				j2eeUserRolesList.add(role);
 			}
@@ -92,11 +92,11 @@ public class J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource implements
 	public PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails buildDetails(HttpServletRequest context) {
 
 		Collection<String> j2eeUserRoles = getUserRoles(context);
-		Collection<? extends GrantedAuthority> userGas = j2eeUserRoles2GrantedAuthoritiesMapper
+		Collection<? extends GrantedAuthority> userGas = this.j2eeUserRoles2GrantedAuthoritiesMapper
 				.getGrantedAuthorities(j2eeUserRoles);
 
-		if (logger.isDebugEnabled()) {
-			logger.debug("J2EE roles [" + j2eeUserRoles + "] mapped to Granted Authorities: [" + userGas + "]");
+		if (this.logger.isDebugEnabled()) {
+			this.logger.debug("J2EE roles [" + j2eeUserRoles + "] mapped to Granted Authorities: [" + userGas + "]");
 		}
 
 		PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails result = new PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails(
@@ -116,7 +116,7 @@ public class J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource implements
 	 * @param mapper The Attributes2GrantedAuthoritiesMapper to use
 	 */
 	public void setUserRoles2GrantedAuthoritiesMapper(Attributes2GrantedAuthoritiesMapper mapper) {
-		j2eeUserRoles2GrantedAuthoritiesMapper = mapper;
+		this.j2eeUserRoles2GrantedAuthoritiesMapper = mapper;
 	}
 
 }
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/J2eePreAuthenticatedProcessingFilter.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/J2eePreAuthenticatedProcessingFilter.java
index 97e8e7e12e..14f732dcc8 100755
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/J2eePreAuthenticatedProcessingFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/J2eePreAuthenticatedProcessingFilter.java
@@ -34,8 +34,8 @@ public class J2eePreAuthenticatedProcessingFilter extends AbstractPreAuthenticat
 	 */
 	protected Object getPreAuthenticatedPrincipal(HttpServletRequest httpRequest) {
 		Object principal = httpRequest.getUserPrincipal() == null ? null : httpRequest.getUserPrincipal().getName();
-		if (logger.isDebugEnabled()) {
-			logger.debug("PreAuthenticated J2EE principal: " + principal);
+		if (this.logger.isDebugEnabled()) {
+			this.logger.debug("PreAuthenticated J2EE principal: " + principal);
 		}
 		return principal;
 	}
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/WebXmlMappableAttributesRetriever.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/WebXmlMappableAttributesRetriever.java
index e55d006eb3..2e0cd34d4f 100755
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/WebXmlMappableAttributesRetriever.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/WebXmlMappableAttributesRetriever.java
@@ -66,7 +66,7 @@ public class WebXmlMappableAttributesRetriever
 	}
 
 	public Set<String> getMappableAttributes() {
-		return mappableAttributes;
+		return this.mappableAttributes;
 	}
 
 	/**
@@ -75,7 +75,7 @@ public class WebXmlMappableAttributesRetriever
 	 */
 
 	public void afterPropertiesSet() throws Exception {
-		Resource webXml = resourceLoader.getResource("/WEB-INF/web.xml");
+		Resource webXml = this.resourceLoader.getResource("/WEB-INF/web.xml");
 		Document doc = getDocument(webXml.getInputStream());
 		NodeList webApp = doc.getElementsByTagName("web-app");
 		if (webApp.getLength() != 1) {
@@ -92,14 +92,14 @@ public class WebXmlMappableAttributesRetriever
 			if (roles.getLength() > 0) {
 				String roleName = roles.item(0).getTextContent().trim();
 				roleNames.add(roleName);
-				logger.info("Retrieved role-name '" + roleName + "' from web.xml");
+				this.logger.info("Retrieved role-name '" + roleName + "' from web.xml");
 			}
 			else {
-				logger.info("No security-role elements found in " + webXml);
+				this.logger.info("No security-role elements found in " + webXml);
 			}
 		}
 
-		mappableAttributes = Collections.unmodifiableSet(new HashSet<>(roleNames));
+		this.mappableAttributes = Collections.unmodifiableSet(new HashSet<>(roleNames));
 	}
 
 	/**
@@ -123,7 +123,7 @@ public class WebXmlMappableAttributesRetriever
 				aStream.close();
 			}
 			catch (IOException e) {
-				logger.warn("Failed to close input stream for web.xml", e);
+				this.logger.warn("Failed to close input stream for web.xml", e);
 			}
 		}
 	}
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedProcessingFilter.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedProcessingFilter.java
index 423c1aef81..ea7a493d7b 100755
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedProcessingFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedProcessingFilter.java
@@ -48,9 +48,9 @@ public class WebSpherePreAuthenticatedProcessingFilter extends AbstractPreAuthen
 	 * Return the WebSphere user name.
 	 */
 	protected Object getPreAuthenticatedPrincipal(HttpServletRequest httpRequest) {
-		Object principal = wasHelper.getCurrentUserName();
-		if (logger.isDebugEnabled()) {
-			logger.debug("PreAuthenticated WebSphere principal: " + principal);
+		Object principal = this.wasHelper.getCurrentUserName();
+		if (this.logger.isDebugEnabled()) {
+			this.logger.debug("PreAuthenticated WebSphere principal: " + principal);
 		}
 		return principal;
 	}
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedWebAuthenticationDetailsSource.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedWebAuthenticationDetailsSource.java
index 7e5597e69a..84ab9dd7c0 100755
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedWebAuthenticationDetailsSource.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedWebAuthenticationDetailsSource.java
@@ -63,11 +63,11 @@ public class WebSpherePreAuthenticatedWebAuthenticationDetailsSource implements
 	 * @return authorities mapped from the user's WebSphere groups.
 	 */
 	private Collection<? extends GrantedAuthority> getWebSphereGroupsBasedGrantedAuthorities() {
-		List<String> webSphereGroups = wasHelper.getGroupsForCurrentUser();
-		Collection<? extends GrantedAuthority> userGas = webSphereGroups2GrantedAuthoritiesMapper
+		List<String> webSphereGroups = this.wasHelper.getGroupsForCurrentUser();
+		Collection<? extends GrantedAuthority> userGas = this.webSphereGroups2GrantedAuthoritiesMapper
 				.getGrantedAuthorities(webSphereGroups);
-		if (logger.isDebugEnabled()) {
-			logger.debug("WebSphere groups: " + webSphereGroups + " mapped to Granted Authorities: " + userGas);
+		if (this.logger.isDebugEnabled()) {
+			this.logger.debug("WebSphere groups: " + webSphereGroups + " mapped to Granted Authorities: " + userGas);
 		}
 		return userGas;
 	}
@@ -77,7 +77,7 @@ public class WebSpherePreAuthenticatedWebAuthenticationDetailsSource implements
 	 * groups to authorities
 	 */
 	public void setWebSphereGroups2GrantedAuthoritiesMapper(Attributes2GrantedAuthoritiesMapper mapper) {
-		webSphereGroups2GrantedAuthoritiesMapper = mapper;
+		this.webSphereGroups2GrantedAuthoritiesMapper = mapper;
 	}
 
 }
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/x509/SubjectDnX509PrincipalExtractor.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/x509/SubjectDnX509PrincipalExtractor.java
index 2b212368c0..320db86eed 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/x509/SubjectDnX509PrincipalExtractor.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/x509/SubjectDnX509PrincipalExtractor.java
@@ -57,12 +57,12 @@ public class SubjectDnX509PrincipalExtractor implements X509PrincipalExtractor {
 		// String subjectDN = clientCert.getSubjectX500Principal().getName();
 		String subjectDN = clientCert.getSubjectDN().getName();
 
-		logger.debug("Subject DN is '" + subjectDN + "'");
+		this.logger.debug("Subject DN is '" + subjectDN + "'");
 
-		Matcher matcher = subjectDnPattern.matcher(subjectDN);
+		Matcher matcher = this.subjectDnPattern.matcher(subjectDN);
 
 		if (!matcher.find()) {
-			throw new BadCredentialsException(messages.getMessage("SubjectDnX509PrincipalExtractor.noMatching",
+			throw new BadCredentialsException(this.messages.getMessage("SubjectDnX509PrincipalExtractor.noMatching",
 					new Object[] { subjectDN }, "No matching pattern was found in subject DN: {0}"));
 		}
 
@@ -72,7 +72,7 @@ public class SubjectDnX509PrincipalExtractor implements X509PrincipalExtractor {
 
 		String username = matcher.group(1);
 
-		logger.debug("Extracted Principal name is '" + username + "'");
+		this.logger.debug("Extracted Principal name is '" + username + "'");
 
 		return username;
 	}
@@ -91,7 +91,7 @@ public class SubjectDnX509PrincipalExtractor implements X509PrincipalExtractor {
 	 */
 	public void setSubjectDnRegex(String subjectDnRegex) {
 		Assert.hasText(subjectDnRegex, "Regular expression may not be null or empty");
-		subjectDnPattern = Pattern.compile(subjectDnRegex, Pattern.CASE_INSENSITIVE);
+		this.subjectDnPattern = Pattern.compile(subjectDnRegex, Pattern.CASE_INSENSITIVE);
 	}
 
 	public void setMessageSource(MessageSource messageSource) {
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/x509/X509AuthenticationFilter.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/x509/X509AuthenticationFilter.java
index 96bc484218..6726a9d1c7 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/x509/X509AuthenticationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/x509/X509AuthenticationFilter.java
@@ -35,7 +35,7 @@ public class X509AuthenticationFilter extends AbstractPreAuthenticatedProcessing
 			return null;
 		}
 
-		return principalExtractor.extractPrincipal(cert);
+		return this.principalExtractor.extractPrincipal(cert);
 	}
 
 	protected Object getPreAuthenticatedCredentials(HttpServletRequest request) {
@@ -46,15 +46,15 @@ public class X509AuthenticationFilter extends AbstractPreAuthenticatedProcessing
 		X509Certificate[] certs = (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate");
 
 		if (certs != null && certs.length > 0) {
-			if (logger.isDebugEnabled()) {
-				logger.debug("X.509 client authentication certificate:" + certs[0]);
+			if (this.logger.isDebugEnabled()) {
+				this.logger.debug("X.509 client authentication certificate:" + certs[0]);
 			}
 
 			return certs[0];
 		}
 
-		if (logger.isDebugEnabled()) {
-			logger.debug("No client certificate found in request.");
+		if (this.logger.isDebugEnabled()) {
+			this.logger.debug("No client certificate found in request.");
 		}
 
 		return null;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServices.java b/web/src/main/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServices.java
index f676a0e0f2..a65e6a4579 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServices.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServices.java
@@ -102,8 +102,8 @@ public abstract class AbstractRememberMeServices implements RememberMeServices,
 
 	@Override
 	public void afterPropertiesSet() {
-		Assert.hasLength(key, "key cannot be empty or null");
-		Assert.notNull(userDetailsService, "A UserDetailsService is required");
+		Assert.hasLength(this.key, "key cannot be empty or null");
+		Assert.notNull(this.userDetailsService, "A UserDetailsService is required");
 	}
 
 	/**
@@ -122,10 +122,10 @@ public abstract class AbstractRememberMeServices implements RememberMeServices,
 			return null;
 		}
 
-		logger.debug("Remember-me cookie detected");
+		this.logger.debug("Remember-me cookie detected");
 
 		if (rememberMeCookie.length() == 0) {
-			logger.debug("Cookie was empty");
+			this.logger.debug("Cookie was empty");
 			cancelCookie(request, response);
 			return null;
 		}
@@ -135,9 +135,9 @@ public abstract class AbstractRememberMeServices implements RememberMeServices,
 		try {
 			String[] cookieTokens = decodeCookie(rememberMeCookie);
 			user = processAutoLoginCookie(cookieTokens, request, response);
-			userDetailsChecker.check(user);
+			this.userDetailsChecker.check(user);
 
-			logger.debug("Remember-me cookie accepted");
+			this.logger.debug("Remember-me cookie accepted");
 
 			return createSuccessfulAuthentication(request, user);
 		}
@@ -146,16 +146,16 @@ public abstract class AbstractRememberMeServices implements RememberMeServices,
 			throw cte;
 		}
 		catch (UsernameNotFoundException noUser) {
-			logger.debug("Remember-me login was valid but corresponding user not found.", noUser);
+			this.logger.debug("Remember-me login was valid but corresponding user not found.", noUser);
 		}
 		catch (InvalidCookieException invalidCookie) {
-			logger.debug("Invalid remember-me cookie: " + invalidCookie.getMessage());
+			this.logger.debug("Invalid remember-me cookie: " + invalidCookie.getMessage());
 		}
 		catch (AccountStatusException statusInvalid) {
-			logger.debug("Invalid UserDetails: " + statusInvalid.getMessage());
+			this.logger.debug("Invalid UserDetails: " + statusInvalid.getMessage());
 		}
 		catch (RememberMeAuthenticationException e) {
-			logger.debug(e.getMessage());
+			this.logger.debug(e.getMessage());
 		}
 
 		cancelCookie(request, response);
@@ -177,7 +177,7 @@ public abstract class AbstractRememberMeServices implements RememberMeServices,
 		}
 
 		for (Cookie cookie : cookies) {
-			if (cookieName.equals(cookie.getName())) {
+			if (this.cookieName.equals(cookie.getName())) {
 				return cookie.getValue();
 			}
 		}
@@ -198,9 +198,9 @@ public abstract class AbstractRememberMeServices implements RememberMeServices,
 	 * @return the <tt>Authentication</tt> for the remember-me authenticated user
 	 */
 	protected Authentication createSuccessfulAuthentication(HttpServletRequest request, UserDetails user) {
-		RememberMeAuthenticationToken auth = new RememberMeAuthenticationToken(key, user,
-				authoritiesMapper.mapAuthorities(user.getAuthorities()));
-		auth.setDetails(authenticationDetailsSource.buildDetails(request));
+		RememberMeAuthenticationToken auth = new RememberMeAuthenticationToken(this.key, user,
+				this.authoritiesMapper.mapAuthorities(user.getAuthorities()));
+		auth.setDetails(this.authenticationDetailsSource.buildDetails(request));
 		return auth;
 	}
 
@@ -232,7 +232,7 @@ public abstract class AbstractRememberMeServices implements RememberMeServices,
 				tokens[i] = URLDecoder.decode(tokens[i], StandardCharsets.UTF_8.toString());
 			}
 			catch (UnsupportedEncodingException e) {
-				logger.error(e.getMessage(), e);
+				this.logger.error(e.getMessage(), e);
 			}
 		}
 
@@ -251,7 +251,7 @@ public abstract class AbstractRememberMeServices implements RememberMeServices,
 				sb.append(URLEncoder.encode(cookieTokens[i], StandardCharsets.UTF_8.toString()));
 			}
 			catch (UnsupportedEncodingException e) {
-				logger.error(e.getMessage(), e);
+				this.logger.error(e.getMessage(), e);
 			}
 
 			if (i < cookieTokens.length - 1) {
@@ -272,7 +272,7 @@ public abstract class AbstractRememberMeServices implements RememberMeServices,
 
 	@Override
 	public final void loginFail(HttpServletRequest request, HttpServletResponse response) {
-		logger.debug("Interactive login attempt was unsuccessful.");
+		this.logger.debug("Interactive login attempt was unsuccessful.");
 		cancelCookie(request, response);
 		onLoginFail(request, response);
 	}
@@ -293,8 +293,8 @@ public abstract class AbstractRememberMeServices implements RememberMeServices,
 	public final void loginSuccess(HttpServletRequest request, HttpServletResponse response,
 			Authentication successfulAuthentication) {
 
-		if (!rememberMeRequested(request, parameter)) {
-			logger.debug("Remember-me login not requested.");
+		if (!rememberMeRequested(request, this.parameter)) {
+			this.logger.debug("Remember-me login not requested.");
 			return;
 		}
 
@@ -320,7 +320,7 @@ public abstract class AbstractRememberMeServices implements RememberMeServices,
 	 * has been requested.
 	 */
 	protected boolean rememberMeRequested(HttpServletRequest request, String parameter) {
-		if (alwaysRemember) {
+		if (this.alwaysRemember) {
 			return true;
 		}
 
@@ -333,8 +333,8 @@ public abstract class AbstractRememberMeServices implements RememberMeServices,
 			}
 		}
 
-		if (logger.isDebugEnabled()) {
-			logger.debug("Did not send remember-me cookie (principal did not set parameter '" + parameter + "')");
+		if (this.logger.isDebugEnabled()) {
+			this.logger.debug("Did not send remember-me cookie (principal did not set parameter '" + parameter + "')");
 		}
 
 		return false;
@@ -362,18 +362,18 @@ public abstract class AbstractRememberMeServices implements RememberMeServices,
 	 * logins.
 	 */
 	protected void cancelCookie(HttpServletRequest request, HttpServletResponse response) {
-		logger.debug("Cancelling cookie");
-		Cookie cookie = new Cookie(cookieName, null);
+		this.logger.debug("Cancelling cookie");
+		Cookie cookie = new Cookie(this.cookieName, null);
 		cookie.setMaxAge(0);
 		cookie.setPath(getCookiePath(request));
-		if (cookieDomain != null) {
-			cookie.setDomain(cookieDomain);
+		if (this.cookieDomain != null) {
+			cookie.setDomain(this.cookieDomain);
 		}
-		if (useSecureCookie == null) {
+		if (this.useSecureCookie == null) {
 			cookie.setSecure(request.isSecure());
 		}
 		else {
-			cookie.setSecure(useSecureCookie);
+			cookie.setSecure(this.useSecureCookie);
 		}
 		response.addCookie(cookie);
 	}
@@ -392,21 +392,21 @@ public abstract class AbstractRememberMeServices implements RememberMeServices,
 	 */
 	protected void setCookie(String[] tokens, int maxAge, HttpServletRequest request, HttpServletResponse response) {
 		String cookieValue = encodeCookie(tokens);
-		Cookie cookie = new Cookie(cookieName, cookieValue);
+		Cookie cookie = new Cookie(this.cookieName, cookieValue);
 		cookie.setMaxAge(maxAge);
 		cookie.setPath(getCookiePath(request));
-		if (cookieDomain != null) {
-			cookie.setDomain(cookieDomain);
+		if (this.cookieDomain != null) {
+			cookie.setDomain(this.cookieDomain);
 		}
 		if (maxAge < 1) {
 			cookie.setVersion(1);
 		}
 
-		if (useSecureCookie == null) {
+		if (this.useSecureCookie == null) {
 			cookie.setSecure(request.isSecure());
 		}
 		else {
-			cookie.setSecure(useSecureCookie);
+			cookie.setSecure(this.useSecureCookie);
 		}
 
 		cookie.setHttpOnly(true);
@@ -425,8 +425,8 @@ public abstract class AbstractRememberMeServices implements RememberMeServices,
 	 */
 	@Override
 	public void logout(HttpServletRequest request, HttpServletResponse response, Authentication authentication) {
-		if (logger.isDebugEnabled()) {
-			logger.debug("Logout of user " + (authentication == null ? "Unknown" : authentication.getName()));
+		if (this.logger.isDebugEnabled()) {
+			this.logger.debug("Logout of user " + (authentication == null ? "Unknown" : authentication.getName()));
 		}
 		cancelCookie(request, response);
 	}
@@ -442,7 +442,7 @@ public abstract class AbstractRememberMeServices implements RememberMeServices,
 	}
 
 	protected String getCookieName() {
-		return cookieName;
+		return this.cookieName;
 	}
 
 	public void setAlwaysRemember(boolean alwaysRemember) {
@@ -461,15 +461,15 @@ public abstract class AbstractRememberMeServices implements RememberMeServices,
 	}
 
 	public String getParameter() {
-		return parameter;
+		return this.parameter;
 	}
 
 	protected UserDetailsService getUserDetailsService() {
-		return userDetailsService;
+		return this.userDetailsService;
 	}
 
 	public String getKey() {
-		return key;
+		return this.key;
 	}
 
 	public void setTokenValiditySeconds(int tokenValiditySeconds) {
@@ -477,7 +477,7 @@ public abstract class AbstractRememberMeServices implements RememberMeServices,
 	}
 
 	protected int getTokenValiditySeconds() {
-		return tokenValiditySeconds;
+		return this.tokenValiditySeconds;
 	}
 
 	/**
@@ -496,7 +496,7 @@ public abstract class AbstractRememberMeServices implements RememberMeServices,
 	}
 
 	protected AuthenticationDetailsSource<HttpServletRequest, ?> getAuthenticationDetailsSource() {
-		return authenticationDetailsSource;
+		return this.authenticationDetailsSource;
 	}
 
 	public void setAuthenticationDetailsSource(
diff --git a/web/src/main/java/org/springframework/security/web/authentication/rememberme/InMemoryTokenRepositoryImpl.java b/web/src/main/java/org/springframework/security/web/authentication/rememberme/InMemoryTokenRepositoryImpl.java
index 62c3641407..2e0572b30d 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/rememberme/InMemoryTokenRepositoryImpl.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/rememberme/InMemoryTokenRepositoryImpl.java
@@ -33,13 +33,13 @@ public class InMemoryTokenRepositoryImpl implements PersistentTokenRepository {
 	private final Map<String, PersistentRememberMeToken> seriesTokens = new HashMap<>();
 
 	public synchronized void createNewToken(PersistentRememberMeToken token) {
-		PersistentRememberMeToken current = seriesTokens.get(token.getSeries());
+		PersistentRememberMeToken current = this.seriesTokens.get(token.getSeries());
 
 		if (current != null) {
 			throw new DataIntegrityViolationException("Series Id '" + token.getSeries() + "' already exists!");
 		}
 
-		seriesTokens.put(token.getSeries(), token);
+		this.seriesTokens.put(token.getSeries(), token);
 	}
 
 	public synchronized void updateToken(String series, String tokenValue, Date lastUsed) {
@@ -49,20 +49,20 @@ public class InMemoryTokenRepositoryImpl implements PersistentTokenRepository {
 				new Date());
 
 		// Store it, overwriting the existing one.
-		seriesTokens.put(series, newToken);
+		this.seriesTokens.put(series, newToken);
 	}
 
 	public synchronized PersistentRememberMeToken getTokenForSeries(String seriesId) {
-		return seriesTokens.get(seriesId);
+		return this.seriesTokens.get(seriesId);
 	}
 
 	public synchronized void removeUserTokens(String username) {
-		Iterator<String> series = seriesTokens.keySet().iterator();
+		Iterator<String> series = this.seriesTokens.keySet().iterator();
 
 		while (series.hasNext()) {
 			String seriesId = series.next();
 
-			PersistentRememberMeToken token = seriesTokens.get(seriesId);
+			PersistentRememberMeToken token = this.seriesTokens.get(seriesId);
 
 			if (username.equals(token.getUsername())) {
 				series.remove();
diff --git a/web/src/main/java/org/springframework/security/web/authentication/rememberme/JdbcTokenRepositoryImpl.java b/web/src/main/java/org/springframework/security/web/authentication/rememberme/JdbcTokenRepositoryImpl.java
index e1b0094c9e..d7a4d8857f 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/rememberme/JdbcTokenRepositoryImpl.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/rememberme/JdbcTokenRepositoryImpl.java
@@ -57,18 +57,18 @@ public class JdbcTokenRepositoryImpl extends JdbcDaoSupport implements Persisten
 	private boolean createTableOnStartup;
 
 	protected void initDao() {
-		if (createTableOnStartup) {
+		if (this.createTableOnStartup) {
 			getJdbcTemplate().execute(CREATE_TABLE_SQL);
 		}
 	}
 
 	public void createNewToken(PersistentRememberMeToken token) {
-		getJdbcTemplate().update(insertTokenSql, token.getUsername(), token.getSeries(), token.getTokenValue(),
+		getJdbcTemplate().update(this.insertTokenSql, token.getUsername(), token.getSeries(), token.getTokenValue(),
 				token.getDate());
 	}
 
 	public void updateToken(String series, String tokenValue, Date lastUsed) {
-		getJdbcTemplate().update(updateTokenSql, tokenValue, lastUsed, series);
+		getJdbcTemplate().update(this.updateTokenSql, tokenValue, lastUsed, series);
 	}
 
 	/**
@@ -82,29 +82,29 @@ public class JdbcTokenRepositoryImpl extends JdbcDaoSupport implements Persisten
 	 */
 	public PersistentRememberMeToken getTokenForSeries(String seriesId) {
 		try {
-			return getJdbcTemplate().queryForObject(tokensBySeriesSql,
+			return getJdbcTemplate().queryForObject(this.tokensBySeriesSql,
 					(rs, rowNum) -> new PersistentRememberMeToken(rs.getString(1), rs.getString(2), rs.getString(3),
 							rs.getTimestamp(4)),
 					seriesId);
 		}
 		catch (EmptyResultDataAccessException zeroResults) {
-			if (logger.isDebugEnabled()) {
-				logger.debug("Querying token for series '" + seriesId + "' returned no results.", zeroResults);
+			if (this.logger.isDebugEnabled()) {
+				this.logger.debug("Querying token for series '" + seriesId + "' returned no results.", zeroResults);
 			}
 		}
 		catch (IncorrectResultSizeDataAccessException moreThanOne) {
-			logger.error("Querying token for series '" + seriesId + "' returned more than one value. Series"
+			this.logger.error("Querying token for series '" + seriesId + "' returned more than one value. Series"
 					+ " should be unique");
 		}
 		catch (DataAccessException e) {
-			logger.error("Failed to load token for series " + seriesId, e);
+			this.logger.error("Failed to load token for series " + seriesId, e);
 		}
 
 		return null;
 	}
 
 	public void removeUserTokens(String username) {
-		getJdbcTemplate().update(removeUserTokensSql, username);
+		getJdbcTemplate().update(this.removeUserTokensSql, username);
 	}
 
 	/**
diff --git a/web/src/main/java/org/springframework/security/web/authentication/rememberme/PersistentRememberMeToken.java b/web/src/main/java/org/springframework/security/web/authentication/rememberme/PersistentRememberMeToken.java
index 8f1666a92a..2057dad4a1 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/rememberme/PersistentRememberMeToken.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/rememberme/PersistentRememberMeToken.java
@@ -38,19 +38,19 @@ public class PersistentRememberMeToken {
 	}
 
 	public String getUsername() {
-		return username;
+		return this.username;
 	}
 
 	public String getSeries() {
-		return series;
+		return this.series;
 	}
 
 	public String getTokenValue() {
-		return tokenValue;
+		return this.tokenValue;
 	}
 
 	public Date getDate() {
-		return date;
+		return this.date;
 	}
 
 }
diff --git a/web/src/main/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServices.java b/web/src/main/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServices.java
index 383071ae32..13bb9f6b73 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServices.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServices.java
@@ -73,7 +73,7 @@ public class PersistentTokenBasedRememberMeServices extends AbstractRememberMeSe
 	public PersistentTokenBasedRememberMeServices(String key, UserDetailsService userDetailsService,
 			PersistentTokenRepository tokenRepository) {
 		super(key, userDetailsService);
-		random = new SecureRandom();
+		this.random = new SecureRandom();
 		this.tokenRepository = tokenRepository;
 	}
 
@@ -100,7 +100,7 @@ public class PersistentTokenBasedRememberMeServices extends AbstractRememberMeSe
 		final String presentedSeries = cookieTokens[0];
 		final String presentedToken = cookieTokens[1];
 
-		PersistentRememberMeToken token = tokenRepository.getTokenForSeries(presentedSeries);
+		PersistentRememberMeToken token = this.tokenRepository.getTokenForSeries(presentedSeries);
 
 		if (token == null) {
 			// No series match, so we can't authenticate using this cookie
@@ -111,9 +111,10 @@ public class PersistentTokenBasedRememberMeServices extends AbstractRememberMeSe
 		if (!presentedToken.equals(token.getTokenValue())) {
 			// Token doesn't match series value. Delete all logins for this user and throw
 			// an exception to warn them.
-			tokenRepository.removeUserTokens(token.getUsername());
+			this.tokenRepository.removeUserTokens(token.getUsername());
 
-			throw new CookieTheftException(messages.getMessage("PersistentTokenBasedRememberMeServices.cookieStolen",
+			throw new CookieTheftException(this.messages.getMessage(
+					"PersistentTokenBasedRememberMeServices.cookieStolen",
 					"Invalid remember-me token (Series/token) mismatch. Implies previous cookie theft attack."));
 		}
 
@@ -123,8 +124,8 @@ public class PersistentTokenBasedRememberMeServices extends AbstractRememberMeSe
 
 		// Token also matches, so login is valid. Update the token value, keeping the
 		// *same* series number.
-		if (logger.isDebugEnabled()) {
-			logger.debug("Refreshing persistent login token for user '" + token.getUsername() + "', series '"
+		if (this.logger.isDebugEnabled()) {
+			this.logger.debug("Refreshing persistent login token for user '" + token.getUsername() + "', series '"
 					+ token.getSeries() + "'");
 		}
 
@@ -132,11 +133,11 @@ public class PersistentTokenBasedRememberMeServices extends AbstractRememberMeSe
 				generateTokenData(), new Date());
 
 		try {
-			tokenRepository.updateToken(newToken.getSeries(), newToken.getTokenValue(), newToken.getDate());
+			this.tokenRepository.updateToken(newToken.getSeries(), newToken.getTokenValue(), newToken.getDate());
 			addCookie(newToken, request, response);
 		}
 		catch (Exception e) {
-			logger.error("Failed to update token: ", e);
+			this.logger.error("Failed to update token: ", e);
 			throw new RememberMeAuthenticationException("Autologin failed due to data access problem");
 		}
 
@@ -152,16 +153,16 @@ public class PersistentTokenBasedRememberMeServices extends AbstractRememberMeSe
 			Authentication successfulAuthentication) {
 		String username = successfulAuthentication.getName();
 
-		logger.debug("Creating new persistent login for user " + username);
+		this.logger.debug("Creating new persistent login for user " + username);
 
 		PersistentRememberMeToken persistentToken = new PersistentRememberMeToken(username, generateSeriesData(),
 				generateTokenData(), new Date());
 		try {
-			tokenRepository.createNewToken(persistentToken);
+			this.tokenRepository.createNewToken(persistentToken);
 			addCookie(persistentToken, request, response);
 		}
 		catch (Exception e) {
-			logger.error("Failed to save persistent token ", e);
+			this.logger.error("Failed to save persistent token ", e);
 		}
 	}
 
@@ -170,19 +171,19 @@ public class PersistentTokenBasedRememberMeServices extends AbstractRememberMeSe
 		super.logout(request, response, authentication);
 
 		if (authentication != null) {
-			tokenRepository.removeUserTokens(authentication.getName());
+			this.tokenRepository.removeUserTokens(authentication.getName());
 		}
 	}
 
 	protected String generateSeriesData() {
-		byte[] newSeries = new byte[seriesLength];
-		random.nextBytes(newSeries);
+		byte[] newSeries = new byte[this.seriesLength];
+		this.random.nextBytes(newSeries);
 		return new String(Base64.getEncoder().encode(newSeries));
 	}
 
 	protected String generateTokenData() {
-		byte[] newToken = new byte[tokenLength];
-		random.nextBytes(newToken);
+		byte[] newToken = new byte[this.tokenLength];
+		this.random.nextBytes(newToken);
 		return new String(Base64.getEncoder().encode(newToken));
 	}
 
diff --git a/web/src/main/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationFilter.java b/web/src/main/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationFilter.java
index cd6ff9f875..be1f7f05e7 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationFilter.java
@@ -81,8 +81,8 @@ public class RememberMeAuthenticationFilter extends GenericFilterBean implements
 
 	@Override
 	public void afterPropertiesSet() {
-		Assert.notNull(authenticationManager, "authenticationManager must be specified");
-		Assert.notNull(rememberMeServices, "rememberMeServices must be specified");
+		Assert.notNull(this.authenticationManager, "authenticationManager must be specified");
+		Assert.notNull(this.rememberMeServices, "rememberMeServices must be specified");
 	}
 
 	public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
@@ -91,44 +91,44 @@ public class RememberMeAuthenticationFilter extends GenericFilterBean implements
 		HttpServletResponse response = (HttpServletResponse) res;
 
 		if (SecurityContextHolder.getContext().getAuthentication() == null) {
-			Authentication rememberMeAuth = rememberMeServices.autoLogin(request, response);
+			Authentication rememberMeAuth = this.rememberMeServices.autoLogin(request, response);
 
 			if (rememberMeAuth != null) {
 				// Attempt authenticaton via AuthenticationManager
 				try {
-					rememberMeAuth = authenticationManager.authenticate(rememberMeAuth);
+					rememberMeAuth = this.authenticationManager.authenticate(rememberMeAuth);
 
 					// Store to SecurityContextHolder
 					SecurityContextHolder.getContext().setAuthentication(rememberMeAuth);
 
 					onSuccessfulAuthentication(request, response, rememberMeAuth);
 
-					if (logger.isDebugEnabled()) {
-						logger.debug("SecurityContextHolder populated with remember-me token: '"
+					if (this.logger.isDebugEnabled()) {
+						this.logger.debug("SecurityContextHolder populated with remember-me token: '"
 								+ SecurityContextHolder.getContext().getAuthentication() + "'");
 					}
 
 					// Fire event
 					if (this.eventPublisher != null) {
-						eventPublisher.publishEvent(new InteractiveAuthenticationSuccessEvent(
+						this.eventPublisher.publishEvent(new InteractiveAuthenticationSuccessEvent(
 								SecurityContextHolder.getContext().getAuthentication(), this.getClass()));
 					}
 
-					if (successHandler != null) {
-						successHandler.onAuthenticationSuccess(request, response, rememberMeAuth);
+					if (this.successHandler != null) {
+						this.successHandler.onAuthenticationSuccess(request, response, rememberMeAuth);
 
 						return;
 					}
 
 				}
 				catch (AuthenticationException authenticationException) {
-					if (logger.isDebugEnabled()) {
-						logger.debug("SecurityContextHolder not populated with remember-me token, as "
+					if (this.logger.isDebugEnabled()) {
+						this.logger.debug("SecurityContextHolder not populated with remember-me token, as "
 								+ "AuthenticationManager rejected Authentication returned by RememberMeServices: '"
 								+ rememberMeAuth + "'; invalidating remember-me token", authenticationException);
 					}
 
-					rememberMeServices.loginFail(request, response);
+					this.rememberMeServices.loginFail(request, response);
 
 					onUnsuccessfulAuthentication(request, response, authenticationException);
 				}
@@ -137,9 +137,10 @@ public class RememberMeAuthenticationFilter extends GenericFilterBean implements
 			chain.doFilter(request, response);
 		}
 		else {
-			if (logger.isDebugEnabled()) {
-				logger.debug("SecurityContextHolder not populated with remember-me token, as it already contained: '"
-						+ SecurityContextHolder.getContext().getAuthentication() + "'");
+			if (this.logger.isDebugEnabled()) {
+				this.logger
+						.debug("SecurityContextHolder not populated with remember-me token, as it already contained: '"
+								+ SecurityContextHolder.getContext().getAuthentication() + "'");
 			}
 
 			chain.doFilter(request, response);
@@ -166,7 +167,7 @@ public class RememberMeAuthenticationFilter extends GenericFilterBean implements
 	}
 
 	public RememberMeServices getRememberMeServices() {
-		return rememberMeServices;
+		return this.rememberMeServices;
 	}
 
 	public void setApplicationEventPublisher(ApplicationEventPublisher eventPublisher) {
diff --git a/web/src/main/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServices.java b/web/src/main/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServices.java
index 6085a00f83..0fdf63e8d1 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServices.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServices.java
@@ -170,7 +170,7 @@ public class TokenBasedRememberMeServices extends AbstractRememberMeServices {
 		// TokenBasedRememberMeServices is
 		// unable to construct a valid token in this case.
 		if (!StringUtils.hasLength(username)) {
-			logger.debug("Unable to retrieve username");
+			this.logger.debug("Unable to retrieve username");
 			return;
 		}
 
@@ -179,7 +179,7 @@ public class TokenBasedRememberMeServices extends AbstractRememberMeServices {
 			password = user.getPassword();
 
 			if (!StringUtils.hasLength(password)) {
-				logger.debug("Unable to obtain password for user: " + username);
+				this.logger.debug("Unable to obtain password for user: " + username);
 				return;
 			}
 		}
@@ -194,8 +194,8 @@ public class TokenBasedRememberMeServices extends AbstractRememberMeServices {
 		setCookie(new String[] { username, Long.toString(expiryTime), signatureValue }, tokenLifetime, request,
 				response);
 
-		if (logger.isDebugEnabled()) {
-			logger.debug(
+		if (this.logger.isDebugEnabled()) {
+			this.logger.debug(
 					"Added remember-me cookie for user '" + username + "', expiry: '" + new Date(expiryTime) + "'");
 		}
 	}
diff --git a/web/src/main/java/org/springframework/security/web/authentication/session/AbstractSessionFixationProtectionStrategy.java b/web/src/main/java/org/springframework/security/web/authentication/session/AbstractSessionFixationProtectionStrategy.java
index 6a75ca247f..69304944f7 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/session/AbstractSessionFixationProtectionStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/session/AbstractSessionFixationProtectionStrategy.java
@@ -69,7 +69,7 @@ abstract class AbstractSessionFixationProtectionStrategy
 			HttpServletResponse response) {
 		boolean hadSessionAlready = request.getSession(false) != null;
 
-		if (!hadSessionAlready && !alwaysCreateSession) {
+		if (!hadSessionAlready && !this.alwaysCreateSession) {
 			// Session fixation isn't a problem if there's no session
 
 			return;
@@ -92,7 +92,7 @@ abstract class AbstractSessionFixationProtectionStrategy
 			}
 
 			if (originalSessionId.equals(newSessionId)) {
-				logger.warn(
+				this.logger.warn(
 						"Your servlet container did not change the session ID when a new session was created. You will"
 								+ " not be adequately protected against session-fixation attacks");
 			}
@@ -124,7 +124,7 @@ abstract class AbstractSessionFixationProtectionStrategy
 	 * @param auth the token for the newly authenticated principal
 	 */
 	protected void onSessionChange(String originalSessionId, HttpSession newSession, Authentication auth) {
-		applicationEventPublisher
+		this.applicationEventPublisher
 				.publishEvent(new SessionFixationProtectionEvent(auth, originalSessionId, newSession.getId()));
 	}
 
diff --git a/web/src/main/java/org/springframework/security/web/authentication/session/ConcurrentSessionControlAuthenticationStrategy.java b/web/src/main/java/org/springframework/security/web/authentication/session/ConcurrentSessionControlAuthenticationStrategy.java
index 936ff6efcc..0d3e89315c 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/session/ConcurrentSessionControlAuthenticationStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/session/ConcurrentSessionControlAuthenticationStrategy.java
@@ -93,7 +93,8 @@ public class ConcurrentSessionControlAuthenticationStrategy
 	public void onAuthentication(Authentication authentication, HttpServletRequest request,
 			HttpServletResponse response) {
 
-		final List<SessionInformation> sessions = sessionRegistry.getAllSessions(authentication.getPrincipal(), false);
+		final List<SessionInformation> sessions = this.sessionRegistry.getAllSessions(authentication.getPrincipal(),
+				false);
 
 		int sessionCount = sessions.size();
 		int allowedSessions = getMaximumSessionsForThisUser(authentication);
@@ -124,7 +125,7 @@ public class ConcurrentSessionControlAuthenticationStrategy
 			// exceeding the allowed number
 		}
 
-		allowableSessionsExceeded(sessions, allowedSessions, sessionRegistry);
+		allowableSessionsExceeded(sessions, allowedSessions, this.sessionRegistry);
 	}
 
 	/**
@@ -135,7 +136,7 @@ public class ConcurrentSessionControlAuthenticationStrategy
 	 * @return either -1 meaning unlimited, or a positive integer to limit (never zero)
 	 */
 	protected int getMaximumSessionsForThisUser(Authentication authentication) {
-		return maximumSessions;
+		return this.maximumSessions;
 	}
 
 	/**
@@ -149,9 +150,9 @@ public class ConcurrentSessionControlAuthenticationStrategy
 	 */
 	protected void allowableSessionsExceeded(List<SessionInformation> sessions, int allowableSessions,
 			SessionRegistry registry) throws SessionAuthenticationException {
-		if (exceptionIfMaximumExceeded || (sessions == null)) {
+		if (this.exceptionIfMaximumExceeded || (sessions == null)) {
 			throw new SessionAuthenticationException(
-					messages.getMessage("ConcurrentSessionControlAuthenticationStrategy.exceededAllowed",
+					this.messages.getMessage("ConcurrentSessionControlAuthenticationStrategy.exceededAllowed",
 							new Object[] { allowableSessions }, "Maximum sessions of {0} for this principal exceeded"));
 		}
 
diff --git a/web/src/main/java/org/springframework/security/web/authentication/session/RegisterSessionAuthenticationStrategy.java b/web/src/main/java/org/springframework/security/web/authentication/session/RegisterSessionAuthenticationStrategy.java
index 1f72780e57..0f23d62ee5 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/session/RegisterSessionAuthenticationStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/session/RegisterSessionAuthenticationStrategy.java
@@ -62,7 +62,7 @@ public class RegisterSessionAuthenticationStrategy implements SessionAuthenticat
 	 */
 	public void onAuthentication(Authentication authentication, HttpServletRequest request,
 			HttpServletResponse response) {
-		sessionRegistry.registerNewSession(request.getSession().getId(), authentication.getPrincipal());
+		this.sessionRegistry.registerNewSession(request.getSession().getId(), authentication.getPrincipal());
 	}
 
 }
diff --git a/web/src/main/java/org/springframework/security/web/authentication/session/SessionFixationProtectionStrategy.java b/web/src/main/java/org/springframework/security/web/authentication/session/SessionFixationProtectionStrategy.java
index bb211a1094..cd761c28fe 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/session/SessionFixationProtectionStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/session/SessionFixationProtectionStrategy.java
@@ -82,9 +82,9 @@ public class SessionFixationProtectionStrategy extends AbstractSessionFixationPr
 	final HttpSession applySessionFixation(HttpServletRequest request) {
 		HttpSession session = request.getSession();
 		String originalSessionId = session.getId();
-		if (logger.isDebugEnabled()) {
-			logger.debug("Invalidating session with Id '" + originalSessionId + "' "
-					+ (migrateSessionAttributes ? "and" : "without") + " migrating attributes.");
+		if (this.logger.isDebugEnabled()) {
+			this.logger.debug("Invalidating session with Id '" + originalSessionId + "' "
+					+ (this.migrateSessionAttributes ? "and" : "without") + " migrating attributes.");
 		}
 
 		Map<String, Object> attributesToMigrate = extractAttributes(session);
@@ -93,12 +93,12 @@ public class SessionFixationProtectionStrategy extends AbstractSessionFixationPr
 		session.invalidate();
 		session = request.getSession(true); // we now have a new session
 
-		if (logger.isDebugEnabled()) {
-			logger.debug("Started new session: " + session.getId());
+		if (this.logger.isDebugEnabled()) {
+			this.logger.debug("Started new session: " + session.getId());
 		}
 
 		transferAttributes(attributesToMigrate, session);
-		if (migrateSessionAttributes) {
+		if (this.migrateSessionAttributes) {
 			session.setMaxInactiveInterval(maxInactiveIntervalToMigrate);
 		}
 		return session;
@@ -125,7 +125,7 @@ public class SessionFixationProtectionStrategy extends AbstractSessionFixationPr
 
 		while (enumer.hasMoreElements()) {
 			String key = (String) enumer.nextElement();
-			if (!migrateSessionAttributes && !key.startsWith("SPRING_SECURITY_")) {
+			if (!this.migrateSessionAttributes && !key.startsWith("SPRING_SECURITY_")) {
 				// Only retain Spring Security attributes
 				continue;
 			}
diff --git a/web/src/main/java/org/springframework/security/web/authentication/switchuser/AuthenticationSwitchUserEvent.java b/web/src/main/java/org/springframework/security/web/authentication/switchuser/AuthenticationSwitchUserEvent.java
index 4f6d760a7b..70ba6108bb 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/switchuser/AuthenticationSwitchUserEvent.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/switchuser/AuthenticationSwitchUserEvent.java
@@ -40,7 +40,7 @@ public class AuthenticationSwitchUserEvent extends AbstractAuthenticationEvent {
 	}
 
 	public UserDetails getTargetUser() {
-		return targetUser;
+		return this.targetUser;
 	}
 
 }
diff --git a/web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserGrantedAuthority.java b/web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserGrantedAuthority.java
index 90f262a262..5764b1ca3b 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserGrantedAuthority.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserGrantedAuthority.java
@@ -51,12 +51,12 @@ public final class SwitchUserGrantedAuthority implements GrantedAuthority {
 	 * @return The original <code>Authentication</code> object of the switched user.
 	 */
 	public Authentication getSource() {
-		return source;
+		return this.source;
 	}
 
 	@Override
 	public String getAuthority() {
-		return role;
+		return this.role;
 	}
 
 	@Override
@@ -82,7 +82,7 @@ public final class SwitchUserGrantedAuthority implements GrantedAuthority {
 
 	@Override
 	public String toString() {
-		return "Switch User Authority [" + role + "," + source + "]";
+		return "Switch User Authority [" + this.role + "," + this.source + "]";
 	}
 
 }
diff --git a/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLoginPageGeneratingFilter.java b/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLoginPageGeneratingFilter.java
index 3babb5b8f9..c7378269a3 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLoginPageGeneratingFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLoginPageGeneratingFilter.java
@@ -111,21 +111,22 @@ public class DefaultLoginPageGeneratingFilter extends GenericFilterBean {
 		this.logoutSuccessUrl = DEFAULT_LOGIN_PAGE_URL + "?logout";
 		this.failureUrl = DEFAULT_LOGIN_PAGE_URL + "?" + ERROR_PARAMETER_NAME;
 		if (authFilter != null) {
-			formLoginEnabled = true;
-			usernameParameter = authFilter.getUsernameParameter();
-			passwordParameter = authFilter.getPasswordParameter();
+			this.formLoginEnabled = true;
+			this.usernameParameter = authFilter.getUsernameParameter();
+			this.passwordParameter = authFilter.getPasswordParameter();
 
 			if (authFilter.getRememberMeServices() instanceof AbstractRememberMeServices) {
-				rememberMeParameter = ((AbstractRememberMeServices) authFilter.getRememberMeServices()).getParameter();
+				this.rememberMeParameter = ((AbstractRememberMeServices) authFilter.getRememberMeServices())
+						.getParameter();
 			}
 		}
 
 		if (openIDFilter != null) {
-			openIdEnabled = true;
-			openIDusernameParameter = "openid_identifier";
+			this.openIdEnabled = true;
+			this.openIDusernameParameter = "openid_identifier";
 
 			if (openIDFilter.getRememberMeServices() instanceof AbstractRememberMeServices) {
-				openIDrememberMeParameter = ((AbstractRememberMeServices) openIDFilter.getRememberMeServices())
+				this.openIDrememberMeParameter = ((AbstractRememberMeServices) openIDFilter.getRememberMeServices())
 						.getParameter();
 			}
 		}
@@ -143,7 +144,7 @@ public class DefaultLoginPageGeneratingFilter extends GenericFilterBean {
 	}
 
 	public boolean isEnabled() {
-		return formLoginEnabled || openIdEnabled || oauth2LoginEnabled || this.saml2LoginEnabled;
+		return this.formLoginEnabled || this.openIdEnabled || this.oauth2LoginEnabled || this.saml2LoginEnabled;
 	}
 
 	public void setLogoutSuccessUrl(String logoutSuccessUrl) {
@@ -151,7 +152,7 @@ public class DefaultLoginPageGeneratingFilter extends GenericFilterBean {
 	}
 
 	public String getLoginPageUrl() {
-		return loginPageUrl;
+		return this.loginPageUrl;
 	}
 
 	public void setLoginPageUrl(String loginPageUrl) {
@@ -270,7 +271,7 @@ public class DefaultLoginPageGeneratingFilter extends GenericFilterBean {
 					+ "      </form>\n");
 		}
 
-		if (openIdEnabled) {
+		if (this.openIdEnabled) {
 			sb.append("      <form name=\"oidf\" class=\"form-signin\" method=\"post\" action=\"" + contextPath
 					+ this.openIDauthenticationUrl + "\">\n"
 					+ "        <h2 class=\"form-signin-heading\">Login with OpenID Identity</h2>\n"
@@ -283,12 +284,12 @@ public class DefaultLoginPageGeneratingFilter extends GenericFilterBean {
 					+ "      </form>\n");
 		}
 
-		if (oauth2LoginEnabled) {
+		if (this.oauth2LoginEnabled) {
 			sb.append("<h2 class=\"form-signin-heading\">Login with OAuth 2.0</h2>");
 			sb.append(createError(loginError, errorMsg));
 			sb.append(createLogoutSuccess(logoutSuccess));
 			sb.append("<table class=\"table table-striped\">\n");
-			for (Map.Entry<String, String> clientAuthenticationUrlToClientName : oauth2AuthenticationUrlToClientName
+			for (Map.Entry<String, String> clientAuthenticationUrlToClientName : this.oauth2AuthenticationUrlToClientName
 					.entrySet()) {
 				sb.append(" <tr><td>");
 				String url = clientAuthenticationUrlToClientName.getKey();
@@ -306,7 +307,8 @@ public class DefaultLoginPageGeneratingFilter extends GenericFilterBean {
 			sb.append(createError(loginError, errorMsg));
 			sb.append(createLogoutSuccess(logoutSuccess));
 			sb.append("<table class=\"table table-striped\">\n");
-			for (Map.Entry<String, String> relyingPartyUrlToName : saml2AuthenticationUrlToProviderName.entrySet()) {
+			for (Map.Entry<String, String> relyingPartyUrlToName : this.saml2AuthenticationUrlToProviderName
+					.entrySet()) {
 				sb.append(" <tr><td>");
 				String url = relyingPartyUrlToName.getKey();
 				sb.append("<a href=\"").append(contextPath).append(url).append("\">");
@@ -340,15 +342,15 @@ public class DefaultLoginPageGeneratingFilter extends GenericFilterBean {
 	}
 
 	private boolean isLogoutSuccess(HttpServletRequest request) {
-		return logoutSuccessUrl != null && matches(request, logoutSuccessUrl);
+		return this.logoutSuccessUrl != null && matches(request, this.logoutSuccessUrl);
 	}
 
 	private boolean isLoginUrlRequest(HttpServletRequest request) {
-		return matches(request, loginPageUrl);
+		return matches(request, this.loginPageUrl);
 	}
 
 	private boolean isErrorPage(HttpServletRequest request) {
-		return matches(request, failureUrl);
+		return matches(request, this.failureUrl);
 	}
 
 	private static String createError(boolean isError, String message) {
diff --git a/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationEntryPoint.java b/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationEntryPoint.java
index f044ec6725..b602b65fe9 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationEntryPoint.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationEntryPoint.java
@@ -45,17 +45,17 @@ public class BasicAuthenticationEntryPoint implements AuthenticationEntryPoint,
 	private String realmName;
 
 	public void afterPropertiesSet() {
-		Assert.hasText(realmName, "realmName must be specified");
+		Assert.hasText(this.realmName, "realmName must be specified");
 	}
 
 	public void commence(HttpServletRequest request, HttpServletResponse response,
 			AuthenticationException authException) throws IOException {
-		response.addHeader("WWW-Authenticate", "Basic realm=\"" + realmName + "\"");
+		response.addHeader("WWW-Authenticate", "Basic realm=\"" + this.realmName + "\"");
 		response.sendError(HttpStatus.UNAUTHORIZED.value(), HttpStatus.UNAUTHORIZED.getReasonPhrase());
 	}
 
 	public String getRealmName() {
-		return realmName;
+		return this.realmName;
 	}
 
 	public void setRealmName(String realmName) {
diff --git a/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilter.java b/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilter.java
index 4d39673623..620179bebe 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilter.java
@@ -143,7 +143,7 @@ public class BasicAuthenticationFilter extends OncePerRequestFilter {
 			throws IOException, ServletException {
 		final boolean debug = this.logger.isDebugEnabled();
 		try {
-			UsernamePasswordAuthenticationToken authRequest = authenticationConverter.convert(request);
+			UsernamePasswordAuthenticationToken authRequest = this.authenticationConverter.convert(request);
 			if (authRequest == null) {
 				chain.doFilter(request, response);
 				return;
@@ -254,7 +254,7 @@ public class BasicAuthenticationFilter extends OncePerRequestFilter {
 
 	public void setAuthenticationDetailsSource(
 			AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource) {
-		authenticationConverter.setAuthenticationDetailsSource(authenticationDetailsSource);
+		this.authenticationConverter.setAuthenticationDetailsSource(authenticationDetailsSource);
 	}
 
 	public void setRememberMeServices(RememberMeServices rememberMeServices) {
diff --git a/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthenticationEntryPoint.java b/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthenticationEntryPoint.java
index 6284faf187..7a464b2d2d 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthenticationEntryPoint.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthenticationEntryPoint.java
@@ -58,7 +58,7 @@ public class DigestAuthenticationEntryPoint implements AuthenticationEntryPoint,
 	private int order = Integer.MAX_VALUE; // ~ default
 
 	public int getOrder() {
-		return order;
+		return this.order;
 	}
 
 	public void setOrder(int order) {
@@ -66,11 +66,11 @@ public class DigestAuthenticationEntryPoint implements AuthenticationEntryPoint,
 	}
 
 	public void afterPropertiesSet() {
-		if ((realmName == null) || "".equals(realmName)) {
+		if ((this.realmName == null) || "".equals(this.realmName)) {
 			throw new IllegalArgumentException("realmName must be specified");
 		}
 
-		if ((key == null) || "".equals(key)) {
+		if ((this.key == null) || "".equals(this.key)) {
 			throw new IllegalArgumentException("key must be specified");
 		}
 	}
@@ -82,16 +82,16 @@ public class DigestAuthenticationEntryPoint implements AuthenticationEntryPoint,
 		// compute a nonce (do not use remote IP address due to proxy farms)
 		// format of nonce is:
 		// base64(expirationTime + ":" + md5Hex(expirationTime + ":" + key))
-		long expiryTime = System.currentTimeMillis() + (nonceValiditySeconds * 1000);
-		String signatureValue = DigestAuthUtils.md5Hex(expiryTime + ":" + key);
+		long expiryTime = System.currentTimeMillis() + (this.nonceValiditySeconds * 1000);
+		String signatureValue = DigestAuthUtils.md5Hex(expiryTime + ":" + this.key);
 		String nonceValue = expiryTime + ":" + signatureValue;
 		String nonceValueBase64 = new String(Base64.getEncoder().encode(nonceValue.getBytes()));
 
 		// qop is quality of protection, as defined by RFC 2617.
 		// we do not use opaque due to IE violation of RFC 2617 in not
 		// representing opaque on subsequent requests in same session.
-		String authenticateHeader = "Digest realm=\"" + realmName + "\", " + "qop=\"auth\", nonce=\"" + nonceValueBase64
-				+ "\"";
+		String authenticateHeader = "Digest realm=\"" + this.realmName + "\", " + "qop=\"auth\", nonce=\""
+				+ nonceValueBase64 + "\"";
 
 		if (authException instanceof NonceExpiredException) {
 			authenticateHeader = authenticateHeader + ", stale=\"true\"";
@@ -106,15 +106,15 @@ public class DigestAuthenticationEntryPoint implements AuthenticationEntryPoint,
 	}
 
 	public String getKey() {
-		return key;
+		return this.key;
 	}
 
 	public int getNonceValiditySeconds() {
-		return nonceValiditySeconds;
+		return this.nonceValiditySeconds;
 	}
 
 	public String getRealmName() {
-		return realmName;
+		return this.realmName;
 	}
 
 	public void setKey(String key) {
diff --git a/web/src/main/java/org/springframework/security/web/context/HttpRequestResponseHolder.java b/web/src/main/java/org/springframework/security/web/context/HttpRequestResponseHolder.java
index 95bde72c8c..a0cbdbc50f 100644
--- a/web/src/main/java/org/springframework/security/web/context/HttpRequestResponseHolder.java
+++ b/web/src/main/java/org/springframework/security/web/context/HttpRequestResponseHolder.java
@@ -39,7 +39,7 @@ public final class HttpRequestResponseHolder {
 	}
 
 	public HttpServletRequest getRequest() {
-		return request;
+		return this.request;
 	}
 
 	public void setRequest(HttpServletRequest request) {
@@ -47,7 +47,7 @@ public final class HttpRequestResponseHolder {
 	}
 
 	public HttpServletResponse getResponse() {
-		return response;
+		return this.response;
 	}
 
 	public void setResponse(HttpServletResponse response) {
diff --git a/web/src/main/java/org/springframework/security/web/context/HttpSessionSecurityContextRepository.java b/web/src/main/java/org/springframework/security/web/context/HttpSessionSecurityContextRepository.java
index 090cd33774..0d4d0729c8 100644
--- a/web/src/main/java/org/springframework/security/web/context/HttpSessionSecurityContextRepository.java
+++ b/web/src/main/java/org/springframework/security/web/context/HttpSessionSecurityContextRepository.java
@@ -117,8 +117,8 @@ public class HttpSessionSecurityContextRepository implements SecurityContextRepo
 		SecurityContext context = readSecurityContextFromSession(httpSession);
 
 		if (context == null) {
-			if (logger.isDebugEnabled()) {
-				logger.debug("No SecurityContext was available from the HttpSession: " + httpSession + ". "
+			if (this.logger.isDebugEnabled()) {
+				this.logger.debug("No SecurityContext was available from the HttpSession: " + httpSession + ". "
 						+ "A new one will be created.");
 			}
 			context = generateNewContext();
@@ -157,18 +157,18 @@ public class HttpSessionSecurityContextRepository implements SecurityContextRepo
 			return false;
 		}
 
-		return session.getAttribute(springSecurityContextKey) != null;
+		return session.getAttribute(this.springSecurityContextKey) != null;
 	}
 
 	/**
 	 * @param httpSession the session obtained from the request.
 	 */
 	private SecurityContext readSecurityContextFromSession(HttpSession httpSession) {
-		final boolean debug = logger.isDebugEnabled();
+		final boolean debug = this.logger.isDebugEnabled();
 
 		if (httpSession == null) {
 			if (debug) {
-				logger.debug("No HttpSession currently exists");
+				this.logger.debug("No HttpSession currently exists");
 			}
 
 			return null;
@@ -176,11 +176,11 @@ public class HttpSessionSecurityContextRepository implements SecurityContextRepo
 
 		// Session exists, so try to obtain a context from it.
 
-		Object contextFromSession = httpSession.getAttribute(springSecurityContextKey);
+		Object contextFromSession = httpSession.getAttribute(this.springSecurityContextKey);
 
 		if (contextFromSession == null) {
 			if (debug) {
-				logger.debug("HttpSession returned null object for SPRING_SECURITY_CONTEXT");
+				this.logger.debug("HttpSession returned null object for SPRING_SECURITY_CONTEXT");
 			}
 
 			return null;
@@ -188,8 +188,8 @@ public class HttpSessionSecurityContextRepository implements SecurityContextRepo
 
 		// We now have the security context object from the session.
 		if (!(contextFromSession instanceof SecurityContext)) {
-			if (logger.isWarnEnabled()) {
-				logger.warn(springSecurityContextKey + " did not contain a SecurityContext but contained: '"
+			if (this.logger.isWarnEnabled()) {
+				this.logger.warn(this.springSecurityContextKey + " did not contain a SecurityContext but contained: '"
 						+ contextFromSession + "'; are you improperly modifying the HttpSession directly "
 						+ "(you should always use SecurityContextHolder) or using the HttpSession attribute "
 						+ "reserved for this class?");
@@ -199,7 +199,7 @@ public class HttpSessionSecurityContextRepository implements SecurityContextRepo
 		}
 
 		if (debug) {
-			logger.debug("Obtained a valid SecurityContext from " + springSecurityContextKey + ": '"
+			this.logger.debug("Obtained a valid SecurityContext from " + this.springSecurityContextKey + ": '"
 					+ contextFromSession + "'");
 		}
 
@@ -264,14 +264,14 @@ public class HttpSessionSecurityContextRepository implements SecurityContextRepo
 
 		@Override
 		public AsyncContext startAsync() {
-			response.disableSaveOnResponseCommitted();
+			this.response.disableSaveOnResponseCommitted();
 			return super.startAsync();
 		}
 
 		@Override
 		public AsyncContext startAsync(ServletRequest servletRequest, ServletResponse servletResponse)
 				throws IllegalStateException {
-			response.disableSaveOnResponseCommitted();
+			this.response.disableSaveOnResponseCommitted();
 			return super.startAsync(servletRequest, servletResponse);
 		}
 
@@ -308,7 +308,7 @@ public class HttpSessionSecurityContextRepository implements SecurityContextRepo
 		 */
 		SaveToSessionResponseWrapper(HttpServletResponse response, HttpServletRequest request,
 				boolean httpSessionExistedAtStartOfRequest, SecurityContext context) {
-			super(response, disableUrlRewriting);
+			super(response, HttpSessionSecurityContextRepository.this.disableUrlRewriting);
 			this.request = request;
 			this.httpSessionExistedAtStartOfRequest = httpSessionExistedAtStartOfRequest;
 			this.contextBeforeExecution = context;
@@ -329,19 +329,20 @@ public class HttpSessionSecurityContextRepository implements SecurityContextRepo
 		@Override
 		protected void saveContext(SecurityContext context) {
 			final Authentication authentication = context.getAuthentication();
-			HttpSession httpSession = request.getSession(false);
+			HttpSession httpSession = this.request.getSession(false);
 
 			// See SEC-776
-			if (authentication == null || trustResolver.isAnonymous(authentication)) {
-				if (logger.isDebugEnabled()) {
-					logger.debug(
+			if (authentication == null
+					|| HttpSessionSecurityContextRepository.this.trustResolver.isAnonymous(authentication)) {
+				if (HttpSessionSecurityContextRepository.this.logger.isDebugEnabled()) {
+					HttpSessionSecurityContextRepository.this.logger.debug(
 							"SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.");
 				}
 
-				if (httpSession != null && authBeforeExecution != null) {
+				if (httpSession != null && this.authBeforeExecution != null) {
 					// SEC-1587 A non-anonymous context may still be in the session
 					// SEC-1735 remove if the contextBeforeExecution was not anonymous
-					httpSession.removeAttribute(springSecurityContextKey);
+					httpSession.removeAttribute(HttpSessionSecurityContextRepository.this.springSecurityContextKey);
 				}
 				return;
 			}
@@ -355,18 +356,21 @@ public class HttpSessionSecurityContextRepository implements SecurityContextRepo
 			if (httpSession != null) {
 				// We may have a new session, so check also whether the context attribute
 				// is set SEC-1561
-				if (contextChanged(context) || httpSession.getAttribute(springSecurityContextKey) == null) {
-					httpSession.setAttribute(springSecurityContextKey, context);
+				if (contextChanged(context) || httpSession
+						.getAttribute(HttpSessionSecurityContextRepository.this.springSecurityContextKey) == null) {
+					httpSession.setAttribute(HttpSessionSecurityContextRepository.this.springSecurityContextKey,
+							context);
 
-					if (logger.isDebugEnabled()) {
-						logger.debug("SecurityContext '" + context + "' stored to HttpSession: '" + httpSession);
+					if (HttpSessionSecurityContextRepository.this.logger.isDebugEnabled()) {
+						HttpSessionSecurityContextRepository.this.logger
+								.debug("SecurityContext '" + context + "' stored to HttpSession: '" + httpSession);
 					}
 				}
 			}
 		}
 
 		private boolean contextChanged(SecurityContext context) {
-			return context != contextBeforeExecution || context.getAuthentication() != authBeforeExecution;
+			return context != this.contextBeforeExecution || context.getAuthentication() != this.authBeforeExecution;
 		}
 
 		private HttpSession createNewSessionIfAllowed(SecurityContext context) {
@@ -374,18 +378,19 @@ public class HttpSessionSecurityContextRepository implements SecurityContextRepo
 				return null;
 			}
 
-			if (httpSessionExistedAtStartOfRequest) {
-				if (logger.isDebugEnabled()) {
-					logger.debug("HttpSession is now null, but was not null at start of request; "
-							+ "session was invalidated, so do not create a new session");
+			if (this.httpSessionExistedAtStartOfRequest) {
+				if (HttpSessionSecurityContextRepository.this.logger.isDebugEnabled()) {
+					HttpSessionSecurityContextRepository.this.logger
+							.debug("HttpSession is now null, but was not null at start of request; "
+									+ "session was invalidated, so do not create a new session");
 				}
 
 				return null;
 			}
 
-			if (!allowSessionCreation) {
-				if (logger.isDebugEnabled()) {
-					logger.debug("The HttpSession is currently null, and the "
+			if (!HttpSessionSecurityContextRepository.this.allowSessionCreation) {
+				if (HttpSessionSecurityContextRepository.this.logger.isDebugEnabled()) {
+					HttpSessionSecurityContextRepository.this.logger.debug("The HttpSession is currently null, and the "
 							+ HttpSessionSecurityContextRepository.class.getSimpleName()
 							+ " is prohibited from creating an HttpSession "
 							+ "(because the allowSessionCreation property is false) - SecurityContext thus not "
@@ -396,9 +401,9 @@ public class HttpSessionSecurityContextRepository implements SecurityContextRepo
 			}
 			// Generate a HttpSession only if we need to
 
-			if (contextObject.equals(context)) {
-				if (logger.isDebugEnabled()) {
-					logger.debug(
+			if (HttpSessionSecurityContextRepository.this.contextObject.equals(context)) {
+				if (HttpSessionSecurityContextRepository.this.logger.isDebugEnabled()) {
+					HttpSessionSecurityContextRepository.this.logger.debug(
 							"HttpSession is null, but SecurityContext has not changed from default empty context: ' "
 									+ context + "'; not creating HttpSession or storing SecurityContext");
 				}
@@ -406,18 +411,20 @@ public class HttpSessionSecurityContextRepository implements SecurityContextRepo
 				return null;
 			}
 
-			if (logger.isDebugEnabled()) {
-				logger.debug("HttpSession being created as SecurityContext is non-default");
+			if (HttpSessionSecurityContextRepository.this.logger.isDebugEnabled()) {
+				HttpSessionSecurityContextRepository.this.logger
+						.debug("HttpSession being created as SecurityContext is non-default");
 			}
 
 			try {
-				return request.getSession(true);
+				return this.request.getSession(true);
 			}
 			catch (IllegalStateException e) {
 				// Response must already be committed, therefore can't create a new
 				// session
-				logger.warn("Failed to create a session, as response has been committed. Unable to store"
-						+ " SecurityContext.");
+				HttpSessionSecurityContextRepository.this.logger
+						.warn("Failed to create a session, as response has been committed. Unable to store"
+								+ " SecurityContext.");
 			}
 
 			return null;
diff --git a/web/src/main/java/org/springframework/security/web/context/SecurityContextPersistenceFilter.java b/web/src/main/java/org/springframework/security/web/context/SecurityContextPersistenceFilter.java
index cce3d0fbc5..b74b7a1e19 100644
--- a/web/src/main/java/org/springframework/security/web/context/SecurityContextPersistenceFilter.java
+++ b/web/src/main/java/org/springframework/security/web/context/SecurityContextPersistenceFilter.java
@@ -83,20 +83,20 @@ public class SecurityContextPersistenceFilter extends GenericFilterBean {
 			return;
 		}
 
-		final boolean debug = logger.isDebugEnabled();
+		final boolean debug = this.logger.isDebugEnabled();
 
 		request.setAttribute(FILTER_APPLIED, Boolean.TRUE);
 
-		if (forceEagerSessionCreation) {
+		if (this.forceEagerSessionCreation) {
 			HttpSession session = request.getSession();
 
 			if (debug && session.isNew()) {
-				logger.debug("Eagerly created session: " + session.getId());
+				this.logger.debug("Eagerly created session: " + session.getId());
 			}
 		}
 
 		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, response);
-		SecurityContext contextBeforeChainExecution = repo.loadContext(holder);
+		SecurityContext contextBeforeChainExecution = this.repo.loadContext(holder);
 
 		try {
 			SecurityContextHolder.setContext(contextBeforeChainExecution);
@@ -109,11 +109,11 @@ public class SecurityContextPersistenceFilter extends GenericFilterBean {
 			// Crucial removal of SecurityContextHolder contents - do this before anything
 			// else.
 			SecurityContextHolder.clearContext();
-			repo.saveContext(contextAfterChainExecution, holder.getRequest(), holder.getResponse());
+			this.repo.saveContext(contextAfterChainExecution, holder.getRequest(), holder.getResponse());
 			request.removeAttribute(FILTER_APPLIED);
 
 			if (debug) {
-				logger.debug("SecurityContextHolder now cleared, as request processing completed");
+				this.logger.debug("SecurityContextHolder now cleared, as request processing completed");
 			}
 		}
 	}
diff --git a/web/src/main/java/org/springframework/security/web/context/request/async/SecurityContextCallableProcessingInterceptor.java b/web/src/main/java/org/springframework/security/web/context/request/async/SecurityContextCallableProcessingInterceptor.java
index 0eebfdcfa0..9f9a2fda46 100644
--- a/web/src/main/java/org/springframework/security/web/context/request/async/SecurityContextCallableProcessingInterceptor.java
+++ b/web/src/main/java/org/springframework/security/web/context/request/async/SecurityContextCallableProcessingInterceptor.java
@@ -66,14 +66,14 @@ public final class SecurityContextCallableProcessingInterceptor extends Callable
 
 	@Override
 	public <T> void beforeConcurrentHandling(NativeWebRequest request, Callable<T> task) {
-		if (securityContext == null) {
+		if (this.securityContext == null) {
 			setSecurityContext(SecurityContextHolder.getContext());
 		}
 	}
 
 	@Override
 	public <T> void preProcess(NativeWebRequest request, Callable<T> task) {
-		SecurityContextHolder.setContext(securityContext);
+		SecurityContextHolder.setContext(this.securityContext);
 	}
 
 	@Override
diff --git a/web/src/main/java/org/springframework/security/web/csrf/CookieCsrfTokenRepository.java b/web/src/main/java/org/springframework/security/web/csrf/CookieCsrfTokenRepository.java
index a5a6f69c61..b885ea265a 100644
--- a/web/src/main/java/org/springframework/security/web/csrf/CookieCsrfTokenRepository.java
+++ b/web/src/main/java/org/springframework/security/web/csrf/CookieCsrfTokenRepository.java
@@ -69,11 +69,11 @@ public final class CookieCsrfTokenRepository implements CsrfTokenRepository {
 	public void saveToken(CsrfToken token, HttpServletRequest request, HttpServletResponse response) {
 		String tokenValue = token == null ? "" : token.getToken();
 		Cookie cookie = new Cookie(this.cookieName, tokenValue);
-		if (secure == null) {
+		if (this.secure == null) {
 			cookie.setSecure(request.isSecure());
 		}
 		else {
-			cookie.setSecure(secure);
+			cookie.setSecure(this.secure);
 		}
 
 		if (this.cookiePath != null && !this.cookiePath.isEmpty()) {
@@ -88,7 +88,7 @@ public final class CookieCsrfTokenRepository implements CsrfTokenRepository {
 		else {
 			cookie.setMaxAge(-1);
 		}
-		cookie.setHttpOnly(cookieHttpOnly);
+		cookie.setHttpOnly(this.cookieHttpOnly);
 		if (this.cookieDomain != null && !this.cookieDomain.isEmpty()) {
 			cookie.setDomain(this.cookieDomain);
 		}
diff --git a/web/src/main/java/org/springframework/security/web/debug/DebugFilter.java b/web/src/main/java/org/springframework/security/web/debug/DebugFilter.java
index 232ddcb480..4ed1cab388 100644
--- a/web/src/main/java/org/springframework/security/web/debug/DebugFilter.java
+++ b/web/src/main/java/org/springframework/security/web/debug/DebugFilter.java
@@ -67,8 +67,8 @@ public final class DebugFilter implements Filter {
 		HttpServletResponse response = (HttpServletResponse) srvltResponse;
 
 		List<Filter> filters = getFilters(request);
-		logger.info("Request received for " + request.getMethod() + " '" + UrlUtils.buildRequestUrl(request) + "':\n\n"
-				+ request + "\n\n" + "servletPath:" + request.getServletPath() + "\n" + "pathInfo:"
+		this.logger.info("Request received for " + request.getMethod() + " '" + UrlUtils.buildRequestUrl(request)
+				+ "':\n\n" + request + "\n\n" + "servletPath:" + request.getServletPath() + "\n" + "pathInfo:"
 				+ request.getPathInfo() + "\n" + "headers: \n" + formatHeaders(request) + "\n\n"
 				+ formatFilters(filters));
 
@@ -76,7 +76,7 @@ public final class DebugFilter implements Filter {
 			invokeWithWrappedRequest(request, response, filterChain);
 		}
 		else {
-			fcp.doFilter(request, response, filterChain);
+			this.fcp.doFilter(request, response, filterChain);
 		}
 	}
 
@@ -85,7 +85,7 @@ public final class DebugFilter implements Filter {
 		request.setAttribute(ALREADY_FILTERED_ATTR_NAME, Boolean.TRUE);
 		request = new DebugRequestWrapper(request);
 		try {
-			fcp.doFilter(request, response, filterChain);
+			this.fcp.doFilter(request, response, filterChain);
 		}
 		finally {
 			request.removeAttribute(ALREADY_FILTERED_ATTR_NAME);
@@ -132,7 +132,7 @@ public final class DebugFilter implements Filter {
 	}
 
 	private List<Filter> getFilters(HttpServletRequest request) {
-		for (SecurityFilterChain chain : fcp.getFilterChains()) {
+		for (SecurityFilterChain chain : this.fcp.getFilterChains()) {
 			if (chain.matches(request)) {
 				return chain.getFilters();
 			}
diff --git a/web/src/main/java/org/springframework/security/web/firewall/HttpStatusRequestRejectedHandler.java b/web/src/main/java/org/springframework/security/web/firewall/HttpStatusRequestRejectedHandler.java
index 8d8ed2b353..4a0bf2f5c8 100644
--- a/web/src/main/java/org/springframework/security/web/firewall/HttpStatusRequestRejectedHandler.java
+++ b/web/src/main/java/org/springframework/security/web/firewall/HttpStatusRequestRejectedHandler.java
@@ -40,7 +40,7 @@ public class HttpStatusRequestRejectedHandler implements RequestRejectedHandler
 	 * Constructs an instance which uses {@code 400} as response code.
 	 */
 	public HttpStatusRequestRejectedHandler() {
-		httpError = HttpServletResponse.SC_BAD_REQUEST;
+		this.httpError = HttpServletResponse.SC_BAD_REQUEST;
 	}
 
 	/**
@@ -58,7 +58,7 @@ public class HttpStatusRequestRejectedHandler implements RequestRejectedHandler
 			logger.debug("Rejecting request due to: " + requestRejectedException.getMessage(),
 					requestRejectedException);
 		}
-		response.sendError(httpError);
+		response.sendError(this.httpError);
 	}
 
 }
diff --git a/web/src/main/java/org/springframework/security/web/firewall/RequestWrapper.java b/web/src/main/java/org/springframework/security/web/firewall/RequestWrapper.java
index 76184ff16d..44f623ffe8 100644
--- a/web/src/main/java/org/springframework/security/web/firewall/RequestWrapper.java
+++ b/web/src/main/java/org/springframework/security/web/firewall/RequestWrapper.java
@@ -53,12 +53,12 @@ final class RequestWrapper extends FirewalledRequest {
 
 	RequestWrapper(HttpServletRequest request) {
 		super(request);
-		strippedServletPath = strip(request.getServletPath());
+		this.strippedServletPath = strip(request.getServletPath());
 		String pathInfo = strip(request.getPathInfo());
 		if (pathInfo != null && pathInfo.length() == 0) {
 			pathInfo = null;
 		}
-		strippedPathInfo = pathInfo;
+		this.strippedPathInfo = pathInfo;
 	}
 
 	/**
@@ -112,12 +112,12 @@ final class RequestWrapper extends FirewalledRequest {
 
 	@Override
 	public String getPathInfo() {
-		return stripPaths ? strippedPathInfo : super.getPathInfo();
+		return this.stripPaths ? this.strippedPathInfo : super.getPathInfo();
 	}
 
 	@Override
 	public String getServletPath() {
-		return stripPaths ? strippedServletPath : super.getServletPath();
+		return this.stripPaths ? this.strippedServletPath : super.getServletPath();
 	}
 
 	@Override
@@ -158,7 +158,7 @@ final class RequestWrapper extends FirewalledRequest {
 		}
 
 		private RequestDispatcher getDelegateDispatcher() {
-			return RequestWrapper.super.getRequestDispatcher(path);
+			return RequestWrapper.super.getRequestDispatcher(this.path);
 		}
 
 	}
diff --git a/web/src/main/java/org/springframework/security/web/firewall/StrictHttpFirewall.java b/web/src/main/java/org/springframework/security/web/firewall/StrictHttpFirewall.java
index ea1e1aac89..4b63eb9b43 100644
--- a/web/src/main/java/org/springframework/security/web/firewall/StrictHttpFirewall.java
+++ b/web/src/main/java/org/springframework/security/web/firewall/StrictHttpFirewall.java
@@ -460,7 +460,7 @@ public class StrictHttpFirewall implements HttpFirewall {
 		return new FirewalledRequest(request) {
 			@Override
 			public long getDateHeader(String name) {
-				if (!allowedHeaderNames.test(name)) {
+				if (!StrictHttpFirewall.this.allowedHeaderNames.test(name)) {
 					throw new RequestRejectedException(
 							"The request was rejected because the header name \"" + name + "\" is not allowed.");
 				}
@@ -469,7 +469,7 @@ public class StrictHttpFirewall implements HttpFirewall {
 
 			@Override
 			public int getIntHeader(String name) {
-				if (!allowedHeaderNames.test(name)) {
+				if (!StrictHttpFirewall.this.allowedHeaderNames.test(name)) {
 					throw new RequestRejectedException(
 							"The request was rejected because the header name \"" + name + "\" is not allowed.");
 				}
@@ -478,12 +478,12 @@ public class StrictHttpFirewall implements HttpFirewall {
 
 			@Override
 			public String getHeader(String name) {
-				if (!allowedHeaderNames.test(name)) {
+				if (!StrictHttpFirewall.this.allowedHeaderNames.test(name)) {
 					throw new RequestRejectedException(
 							"The request was rejected because the header name \"" + name + "\" is not allowed.");
 				}
 				String value = super.getHeader(name);
-				if (value != null && !allowedHeaderValues.test(value)) {
+				if (value != null && !StrictHttpFirewall.this.allowedHeaderValues.test(value)) {
 					throw new RequestRejectedException(
 							"The request was rejected because the header value \"" + value + "\" is not allowed.");
 				}
@@ -492,7 +492,7 @@ public class StrictHttpFirewall implements HttpFirewall {
 
 			@Override
 			public Enumeration<String> getHeaders(String name) {
-				if (!allowedHeaderNames.test(name)) {
+				if (!StrictHttpFirewall.this.allowedHeaderNames.test(name)) {
 					throw new RequestRejectedException(
 							"The request was rejected because the header name \"" + name + "\" is not allowed.");
 				}
@@ -507,7 +507,7 @@ public class StrictHttpFirewall implements HttpFirewall {
 					@Override
 					public String nextElement() {
 						String value = valuesEnumeration.nextElement();
-						if (!allowedHeaderValues.test(value)) {
+						if (!StrictHttpFirewall.this.allowedHeaderValues.test(value)) {
 							throw new RequestRejectedException("The request was rejected because the header value \""
 									+ value + "\" is not allowed.");
 						}
@@ -528,7 +528,7 @@ public class StrictHttpFirewall implements HttpFirewall {
 					@Override
 					public String nextElement() {
 						String name = namesEnumeration.nextElement();
-						if (!allowedHeaderNames.test(name)) {
+						if (!StrictHttpFirewall.this.allowedHeaderNames.test(name)) {
 							throw new RequestRejectedException("The request was rejected because the header name \""
 									+ name + "\" is not allowed.");
 						}
@@ -539,12 +539,12 @@ public class StrictHttpFirewall implements HttpFirewall {
 
 			@Override
 			public String getParameter(String name) {
-				if (!allowedParameterNames.test(name)) {
+				if (!StrictHttpFirewall.this.allowedParameterNames.test(name)) {
 					throw new RequestRejectedException(
 							"The request was rejected because the parameter name \"" + name + "\" is not allowed.");
 				}
 				String value = super.getParameter(name);
-				if (value != null && !allowedParameterValues.test(value)) {
+				if (value != null && !StrictHttpFirewall.this.allowedParameterValues.test(value)) {
 					throw new RequestRejectedException(
 							"The request was rejected because the parameter value \"" + value + "\" is not allowed.");
 				}
@@ -557,12 +557,12 @@ public class StrictHttpFirewall implements HttpFirewall {
 				for (Map.Entry<String, String[]> entry : parameterMap.entrySet()) {
 					String name = entry.getKey();
 					String[] values = entry.getValue();
-					if (!allowedParameterNames.test(name)) {
+					if (!StrictHttpFirewall.this.allowedParameterNames.test(name)) {
 						throw new RequestRejectedException(
 								"The request was rejected because the parameter name \"" + name + "\" is not allowed.");
 					}
 					for (String value : values) {
-						if (!allowedParameterValues.test(value)) {
+						if (!StrictHttpFirewall.this.allowedParameterValues.test(value)) {
 							throw new RequestRejectedException("The request was rejected because the parameter value \""
 									+ value + "\" is not allowed.");
 						}
@@ -583,7 +583,7 @@ public class StrictHttpFirewall implements HttpFirewall {
 					@Override
 					public String nextElement() {
 						String name = namesEnumeration.nextElement();
-						if (!allowedParameterNames.test(name)) {
+						if (!StrictHttpFirewall.this.allowedParameterNames.test(name)) {
 							throw new RequestRejectedException("The request was rejected because the parameter name \""
 									+ name + "\" is not allowed.");
 						}
@@ -594,14 +594,14 @@ public class StrictHttpFirewall implements HttpFirewall {
 
 			@Override
 			public String[] getParameterValues(String name) {
-				if (!allowedParameterNames.test(name)) {
+				if (!StrictHttpFirewall.this.allowedParameterNames.test(name)) {
 					throw new RequestRejectedException(
 							"The request was rejected because the parameter name \"" + name + "\" is not allowed.");
 				}
 				String[] values = super.getParameterValues(name);
 				if (values != null) {
 					for (String value : values) {
-						if (!allowedParameterValues.test(value)) {
+						if (!StrictHttpFirewall.this.allowedParameterValues.test(value)) {
 							throw new RequestRejectedException("The request was rejected because the parameter value \""
 									+ value + "\" is not allowed.");
 						}
diff --git a/web/src/main/java/org/springframework/security/web/header/Header.java b/web/src/main/java/org/springframework/security/web/header/Header.java
index 69658fdac0..8902a190cc 100644
--- a/web/src/main/java/org/springframework/security/web/header/Header.java
+++ b/web/src/main/java/org/springframework/security/web/header/Header.java
@@ -79,12 +79,12 @@ public final class Header {
 
 	@Override
 	public int hashCode() {
-		return headerName.hashCode() + headerValues.hashCode();
+		return this.headerName.hashCode() + this.headerValues.hashCode();
 	}
 
 	@Override
 	public String toString() {
-		return "Header [name: " + headerName + ", values: " + headerValues + "]";
+		return "Header [name: " + this.headerName + ", values: " + this.headerValues + "]";
 	}
 
 }
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/ClearSiteDataHeaderWriter.java b/web/src/main/java/org/springframework/security/web/header/writers/ClearSiteDataHeaderWriter.java
index e761f41299..82ff0f3ecc 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/ClearSiteDataHeaderWriter.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/ClearSiteDataHeaderWriter.java
@@ -76,8 +76,8 @@ public final class ClearSiteDataHeaderWriter implements HeaderWriter {
 				response.setHeader(CLEAR_SITE_DATA_HEADER, this.headerValue);
 			}
 		}
-		else if (logger.isDebugEnabled()) {
-			logger.debug("Not injecting Clear-Site-Data header since it did not match the " + "requestMatcher "
+		else if (this.logger.isDebugEnabled()) {
+			this.logger.debug("Not injecting Clear-Site-Data header since it did not match the " + "requestMatcher "
 					+ this.requestMatcher);
 		}
 	}
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/ContentSecurityPolicyHeaderWriter.java b/web/src/main/java/org/springframework/security/web/header/writers/ContentSecurityPolicyHeaderWriter.java
index 4ba5ff81c6..79c29ad4a8 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/ContentSecurityPolicyHeaderWriter.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/ContentSecurityPolicyHeaderWriter.java
@@ -116,9 +116,10 @@ public final class ContentSecurityPolicyHeaderWriter implements HeaderWriter {
 	 */
 	@Override
 	public void writeHeaders(HttpServletRequest request, HttpServletResponse response) {
-		String headerName = !reportOnly ? CONTENT_SECURITY_POLICY_HEADER : CONTENT_SECURITY_POLICY_REPORT_ONLY_HEADER;
+		String headerName = !this.reportOnly ? CONTENT_SECURITY_POLICY_HEADER
+				: CONTENT_SECURITY_POLICY_REPORT_ONLY_HEADER;
 		if (!response.containsHeader(headerName)) {
-			response.setHeader(headerName, policyDirectives);
+			response.setHeader(headerName, this.policyDirectives);
 		}
 	}
 
@@ -143,7 +144,8 @@ public final class ContentSecurityPolicyHeaderWriter implements HeaderWriter {
 
 	@Override
 	public String toString() {
-		return getClass().getName() + " [policyDirectives=" + policyDirectives + "; reportOnly=" + reportOnly + "]";
+		return getClass().getName() + " [policyDirectives=" + this.policyDirectives + "; reportOnly=" + this.reportOnly
+				+ "]";
 	}
 
 }
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/HpkpHeaderWriter.java b/web/src/main/java/org/springframework/security/web/header/writers/HpkpHeaderWriter.java
index cb848e4838..120bc46ea5 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/HpkpHeaderWriter.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/HpkpHeaderWriter.java
@@ -178,19 +178,19 @@ public final class HpkpHeaderWriter implements HeaderWriter {
 	 * .servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
 	 */
 	public void writeHeaders(HttpServletRequest request, HttpServletResponse response) {
-		if (requestMatcher.matches(request)) {
-			if (!pins.isEmpty()) {
-				String headerName = reportOnly ? HPKP_RO_HEADER_NAME : HPKP_HEADER_NAME;
+		if (this.requestMatcher.matches(request)) {
+			if (!this.pins.isEmpty()) {
+				String headerName = this.reportOnly ? HPKP_RO_HEADER_NAME : HPKP_HEADER_NAME;
 				if (!response.containsHeader(headerName)) {
-					response.setHeader(headerName, hpkpHeaderValue);
+					response.setHeader(headerName, this.hpkpHeaderValue);
 				}
 			}
-			if (logger.isDebugEnabled()) {
-				logger.debug("Not injecting HPKP header since there aren't any pins");
+			if (this.logger.isDebugEnabled()) {
+				this.logger.debug("Not injecting HPKP header since there aren't any pins");
 			}
 		}
-		else if (logger.isDebugEnabled()) {
-			logger.debug("Not injecting HPKP header since it wasn't a secure connection");
+		else if (this.logger.isDebugEnabled()) {
+			this.logger.debug("Not injecting HPKP header since it wasn't a secure connection");
 		}
 	}
 
@@ -426,14 +426,14 @@ public final class HpkpHeaderWriter implements HeaderWriter {
 	}
 
 	private void updateHpkpHeaderValue() {
-		String headerValue = "max-age=" + maxAgeInSeconds;
-		for (Map.Entry<String, String> pin : pins.entrySet()) {
+		String headerValue = "max-age=" + this.maxAgeInSeconds;
+		for (Map.Entry<String, String> pin : this.pins.entrySet()) {
 			headerValue += " ; pin-" + pin.getValue() + "=\"" + pin.getKey() + "\"";
 		}
-		if (reportUri != null) {
-			headerValue += " ; report-uri=\"" + reportUri.toString() + "\"";
+		if (this.reportUri != null) {
+			headerValue += " ; report-uri=\"" + this.reportUri.toString() + "\"";
 		}
-		if (includeSubDomains) {
+		if (this.includeSubDomains) {
 			headerValue += " ; includeSubDomains";
 		}
 		this.hpkpHeaderValue = headerValue;
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/StaticHeadersWriter.java b/web/src/main/java/org/springframework/security/web/header/writers/StaticHeadersWriter.java
index 5358d6e154..5aa05bcad2 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/StaticHeadersWriter.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/StaticHeadersWriter.java
@@ -56,7 +56,7 @@ public class StaticHeadersWriter implements HeaderWriter {
 	}
 
 	public void writeHeaders(HttpServletRequest request, HttpServletResponse response) {
-		for (Header header : headers) {
+		for (Header header : this.headers) {
 			if (!response.containsHeader(header.getName())) {
 				for (String value : header.getValues()) {
 					response.addHeader(header.getName(), value);
@@ -67,7 +67,7 @@ public class StaticHeadersWriter implements HeaderWriter {
 
 	@Override
 	public String toString() {
-		return getClass().getName() + " [headers=" + headers + "]";
+		return getClass().getName() + " [headers=" + this.headers + "]";
 	}
 
 }
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/XXssProtectionHeaderWriter.java b/web/src/main/java/org/springframework/security/web/header/writers/XXssProtectionHeaderWriter.java
index fe255ae402..832d2dac88 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/XXssProtectionHeaderWriter.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/XXssProtectionHeaderWriter.java
@@ -50,7 +50,7 @@ public final class XXssProtectionHeaderWriter implements HeaderWriter {
 
 	public void writeHeaders(HttpServletRequest request, HttpServletResponse response) {
 		if (!response.containsHeader(XSS_PROTECTION_HEADER)) {
-			response.setHeader(XSS_PROTECTION_HEADER, headerValue);
+			response.setHeader(XSS_PROTECTION_HEADER, this.headerValue);
 		}
 	}
 
@@ -90,7 +90,7 @@ public final class XXssProtectionHeaderWriter implements HeaderWriter {
 	 * @param block the new value
 	 */
 	public void setBlock(boolean block) {
-		if (!enabled && block) {
+		if (!this.enabled && block) {
 			throw new IllegalArgumentException("Cannot set block to true with enabled false");
 		}
 		this.block = block;
@@ -98,19 +98,19 @@ public final class XXssProtectionHeaderWriter implements HeaderWriter {
 	}
 
 	private void updateHeaderValue() {
-		if (!enabled) {
+		if (!this.enabled) {
 			this.headerValue = "0";
 			return;
 		}
 		this.headerValue = "1";
-		if (block) {
+		if (this.block) {
 			this.headerValue += "; mode=block";
 		}
 	}
 
 	@Override
 	public String toString() {
-		return getClass().getName() + " [headerValue=" + headerValue + "]";
+		return getClass().getName() + " [headerValue=" + this.headerValue + "]";
 	}
 
 }
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/AbstractRequestParameterAllowFromStrategy.java b/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/AbstractRequestParameterAllowFromStrategy.java
index 521606956d..d1468e7c27 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/AbstractRequestParameterAllowFromStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/AbstractRequestParameterAllowFromStrategy.java
@@ -46,9 +46,9 @@ abstract class AbstractRequestParameterAllowFromStrategy implements AllowFromStr
 	protected final Log log = LogFactory.getLog(getClass());
 
 	public String getAllowFromValue(HttpServletRequest request) {
-		String allowFromOrigin = request.getParameter(allowFromParameterName);
-		if (log.isDebugEnabled()) {
-			log.debug("Supplied origin '" + allowFromOrigin + "'");
+		String allowFromOrigin = request.getParameter(this.allowFromParameterName);
+		if (this.log.isDebugEnabled()) {
+			this.log.debug("Supplied origin '" + allowFromOrigin + "'");
 		}
 		if (StringUtils.hasText(allowFromOrigin) && allowed(allowFromOrigin)) {
 			return allowFromOrigin;
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/RegExpAllowFromStrategy.java b/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/RegExpAllowFromStrategy.java
index f3c95e8a0a..3a6d98d1ed 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/RegExpAllowFromStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/RegExpAllowFromStrategy.java
@@ -48,7 +48,7 @@ public final class RegExpAllowFromStrategy extends AbstractRequestParameterAllow
 
 	@Override
 	protected boolean allowed(String allowFromOrigin) {
-		return pattern.matcher(allowFromOrigin).matches();
+		return this.pattern.matcher(allowFromOrigin).matches();
 	}
 
 }
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/StaticAllowFromStrategy.java b/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/StaticAllowFromStrategy.java
index 12c45e6e18..fdaffe60ce 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/StaticAllowFromStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/StaticAllowFromStrategy.java
@@ -37,7 +37,7 @@ public final class StaticAllowFromStrategy implements AllowFromStrategy {
 	}
 
 	public String getAllowFromValue(HttpServletRequest request) {
-		return uri.toString();
+		return this.uri.toString();
 	}
 
 }
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/WhiteListedAllowFromStrategy.java b/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/WhiteListedAllowFromStrategy.java
index bc96798f3b..a778f67bfa 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/WhiteListedAllowFromStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/WhiteListedAllowFromStrategy.java
@@ -45,7 +45,7 @@ public final class WhiteListedAllowFromStrategy extends AbstractRequestParameter
 
 	@Override
 	protected boolean allowed(String allowFromOrigin) {
-		return allowed.contains(allowFromOrigin);
+		return this.allowed.contains(allowFromOrigin);
 	}
 
 }
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/XFrameOptionsHeaderWriter.java b/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/XFrameOptionsHeaderWriter.java
index a44e864a31..13361add5c 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/XFrameOptionsHeaderWriter.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/XFrameOptionsHeaderWriter.java
@@ -84,7 +84,7 @@ public final class XFrameOptionsHeaderWriter implements HeaderWriter {
 	 * @param response the servlet response
 	 */
 	public void writeHeaders(HttpServletRequest request, HttpServletResponse response) {
-		if (XFrameOptionsMode.ALLOW_FROM.equals(frameOptionsMode)) {
+		if (XFrameOptionsMode.ALLOW_FROM.equals(this.frameOptionsMode)) {
 			String allowFromValue = this.allowFromStrategy.getAllowFromValue(request);
 			if (XFrameOptionsMode.DENY.getMode().equals(allowFromValue)) {
 				if (!response.containsHeader(XFRAME_OPTIONS_HEADER)) {
@@ -99,7 +99,7 @@ public final class XFrameOptionsHeaderWriter implements HeaderWriter {
 			}
 		}
 		else {
-			response.setHeader(XFRAME_OPTIONS_HEADER, frameOptionsMode.getMode());
+			response.setHeader(XFRAME_OPTIONS_HEADER, this.frameOptionsMode.getMode());
 		}
 	}
 
@@ -133,7 +133,7 @@ public final class XFrameOptionsHeaderWriter implements HeaderWriter {
 		 * @return the mode for the X-Frame-Options header value.
 		 */
 		private String getMode() {
-			return mode;
+			return this.mode;
 		}
 
 	}
diff --git a/web/src/main/java/org/springframework/security/web/jaasapi/JaasApiIntegrationFilter.java b/web/src/main/java/org/springframework/security/web/jaasapi/JaasApiIntegrationFilter.java
index 99ca04eba8..d288ff7157 100644
--- a/web/src/main/java/org/springframework/security/web/jaasapi/JaasApiIntegrationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/jaasapi/JaasApiIntegrationFilter.java
@@ -72,16 +72,16 @@ public class JaasApiIntegrationFilter extends GenericFilterBean {
 			throws ServletException, IOException {
 
 		Subject subject = obtainSubject(request);
-		if (subject == null && createEmptySubject) {
-			if (logger.isDebugEnabled()) {
-				logger.debug(
+		if (subject == null && this.createEmptySubject) {
+			if (this.logger.isDebugEnabled()) {
+				this.logger.debug(
 						"Subject returned was null and createEmtpySubject is true; creating new empty subject to run as.");
 			}
 			subject = new Subject();
 		}
 		if (subject == null) {
-			if (logger.isDebugEnabled()) {
-				logger.debug("Subject is null continue running with no Subject.");
+			if (this.logger.isDebugEnabled()) {
+				this.logger.debug("Subject is null continue running with no Subject.");
 			}
 			chain.doFilter(request, response);
 			return;
@@ -91,8 +91,8 @@ public class JaasApiIntegrationFilter extends GenericFilterBean {
 			return null;
 		};
 
-		if (logger.isDebugEnabled()) {
-			logger.debug("Running as Subject " + subject);
+		if (this.logger.isDebugEnabled()) {
+			this.logger.debug("Running as Subject " + subject);
 		}
 		try {
 			Subject.doAs(subject, continueChain);
@@ -119,8 +119,8 @@ public class JaasApiIntegrationFilter extends GenericFilterBean {
 	 */
 	protected Subject obtainSubject(ServletRequest request) {
 		Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
-		if (logger.isDebugEnabled()) {
-			logger.debug("Attempting to obtainSubject using authentication : " + authentication);
+		if (this.logger.isDebugEnabled()) {
+			this.logger.debug("Attempting to obtainSubject using authentication : " + authentication);
 		}
 		if (authentication == null) {
 			return null;
diff --git a/web/src/main/java/org/springframework/security/web/method/annotation/AuthenticationPrincipalArgumentResolver.java b/web/src/main/java/org/springframework/security/web/method/annotation/AuthenticationPrincipalArgumentResolver.java
index 9453af199c..84b4b5f4a9 100644
--- a/web/src/main/java/org/springframework/security/web/method/annotation/AuthenticationPrincipalArgumentResolver.java
+++ b/web/src/main/java/org/springframework/security/web/method/annotation/AuthenticationPrincipalArgumentResolver.java
@@ -124,7 +124,7 @@ public final class AuthenticationPrincipalArgumentResolver implements HandlerMet
 			StandardEvaluationContext context = new StandardEvaluationContext();
 			context.setRootObject(principal);
 			context.setVariable("this", principal);
-			context.setBeanResolver(beanResolver);
+			context.setBeanResolver(this.beanResolver);
 
 			Expression expression = this.parser.parseExpression(expressionToParse);
 			principal = expression.getValue(context);
diff --git a/web/src/main/java/org/springframework/security/web/reactive/result/method/annotation/AuthenticationPrincipalArgumentResolver.java b/web/src/main/java/org/springframework/security/web/reactive/result/method/annotation/AuthenticationPrincipalArgumentResolver.java
index 323050980a..5764e0b33c 100644
--- a/web/src/main/java/org/springframework/security/web/reactive/result/method/annotation/AuthenticationPrincipalArgumentResolver.java
+++ b/web/src/main/java/org/springframework/security/web/reactive/result/method/annotation/AuthenticationPrincipalArgumentResolver.java
@@ -86,7 +86,7 @@ public class AuthenticationPrincipalArgumentResolver extends HandlerMethodArgume
 			StandardEvaluationContext context = new StandardEvaluationContext();
 			context.setRootObject(principal);
 			context.setVariable("this", principal);
-			context.setBeanResolver(beanResolver);
+			context.setBeanResolver(this.beanResolver);
 
 			Expression expression = this.parser.parseExpression(expressionToParse);
 			principal = expression.getValue(context);
diff --git a/web/src/main/java/org/springframework/security/web/reactive/result/method/annotation/CurrentSecurityContextArgumentResolver.java b/web/src/main/java/org/springframework/security/web/reactive/result/method/annotation/CurrentSecurityContextArgumentResolver.java
index 5757eb7c46..5a0c490d0e 100644
--- a/web/src/main/java/org/springframework/security/web/reactive/result/method/annotation/CurrentSecurityContextArgumentResolver.java
+++ b/web/src/main/java/org/springframework/security/web/reactive/result/method/annotation/CurrentSecurityContextArgumentResolver.java
@@ -109,7 +109,7 @@ public class CurrentSecurityContextArgumentResolver extends HandlerMethodArgumen
 			StandardEvaluationContext context = new StandardEvaluationContext();
 			context.setRootObject(securityContext);
 			context.setVariable("this", securityContext);
-			context.setBeanResolver(beanResolver);
+			context.setBeanResolver(this.beanResolver);
 
 			Expression expression = this.parser.parseExpression(expressionToParse);
 			securityContextResult = expression.getValue(context);
diff --git a/web/src/main/java/org/springframework/security/web/savedrequest/CookieRequestCache.java b/web/src/main/java/org/springframework/security/web/savedrequest/CookieRequestCache.java
index 0c827dae38..a848804bdb 100644
--- a/web/src/main/java/org/springframework/security/web/savedrequest/CookieRequestCache.java
+++ b/web/src/main/java/org/springframework/security/web/savedrequest/CookieRequestCache.java
@@ -54,7 +54,7 @@ public class CookieRequestCache implements RequestCache {
 
 	@Override
 	public void saveRequest(HttpServletRequest request, HttpServletResponse response) {
-		if (requestMatcher.matches(request)) {
+		if (this.requestMatcher.matches(request)) {
 			String redirectUrl = UrlUtils.buildFullRequestUrl(request);
 			Cookie savedCookie = new Cookie(COOKIE_NAME, encodeCookie(redirectUrl));
 			savedCookie.setMaxAge(COOKIE_MAX_AGE);
@@ -65,7 +65,7 @@ public class CookieRequestCache implements RequestCache {
 			response.addCookie(savedCookie);
 		}
 		else {
-			logger.debug("Request not saved as configured RequestMatcher did not match");
+			this.logger.debug("Request not saved as configured RequestMatcher did not match");
 		}
 	}
 
diff --git a/web/src/main/java/org/springframework/security/web/savedrequest/DefaultSavedRequest.java b/web/src/main/java/org/springframework/security/web/savedrequest/DefaultSavedRequest.java
index a1db061978..7dfb04223d 100644
--- a/web/src/main/java/org/springframework/security/web/savedrequest/DefaultSavedRequest.java
+++ b/web/src/main/java/org/springframework/security/web/savedrequest/DefaultSavedRequest.java
@@ -166,11 +166,11 @@ public class DefaultSavedRequest implements SavedRequest {
 	}
 
 	private void addCookie(Cookie cookie) {
-		cookies.add(new SavedCookie(cookie));
+		this.cookies.add(new SavedCookie(cookie));
 	}
 
 	private void addHeader(String name, String value) {
-		List<String> values = headers.computeIfAbsent(name, k -> new ArrayList<>());
+		List<String> values = this.headers.computeIfAbsent(name, k -> new ArrayList<>());
 
 		values.add(value);
 	}
@@ -186,7 +186,7 @@ public class DefaultSavedRequest implements SavedRequest {
 	}
 
 	private void addLocale(Locale locale) {
-		locales.add(locale);
+		this.locales.add(locale);
 	}
 
 	/**
@@ -209,7 +209,7 @@ public class DefaultSavedRequest implements SavedRequest {
 	}
 
 	private void addParameter(String name, String[] values) {
-		parameters.put(name, values);
+		this.parameters.put(name, values);
 	}
 
 	/**
@@ -234,7 +234,7 @@ public class DefaultSavedRequest implements SavedRequest {
 			return false;
 		}
 
-		if (!"GET".equals(request.getMethod()) && "GET".equals(method)) {
+		if (!"GET".equals(request.getMethod()) && "GET".equals(this.method)) {
 			// A save GET should not match an incoming non-GET method
 			return false;
 		}
@@ -264,14 +264,14 @@ public class DefaultSavedRequest implements SavedRequest {
 	}
 
 	public String getContextPath() {
-		return contextPath;
+		return this.contextPath;
 	}
 
 	@Override
 	public List<Cookie> getCookies() {
-		List<Cookie> cookieList = new ArrayList<>(cookies.size());
+		List<Cookie> cookieList = new ArrayList<>(this.cookies.size());
 
-		for (SavedCookie savedCookie : cookies) {
+		for (SavedCookie savedCookie : this.cookies) {
 			cookieList.add(savedCookie.getCookie());
 		}
 
@@ -284,17 +284,18 @@ public class DefaultSavedRequest implements SavedRequest {
 	 */
 	@Override
 	public String getRedirectUrl() {
-		return UrlUtils.buildFullRequestUrl(scheme, serverName, serverPort, requestURI, queryString);
+		return UrlUtils.buildFullRequestUrl(this.scheme, this.serverName, this.serverPort, this.requestURI,
+				this.queryString);
 	}
 
 	@Override
 	public Collection<String> getHeaderNames() {
-		return headers.keySet();
+		return this.headers.keySet();
 	}
 
 	@Override
 	public List<String> getHeaderValues(String name) {
-		List<String> values = headers.get(name);
+		List<String> values = this.headers.get(name);
 
 		if (values == null) {
 			return Collections.emptyList();
@@ -305,30 +306,30 @@ public class DefaultSavedRequest implements SavedRequest {
 
 	@Override
 	public List<Locale> getLocales() {
-		return locales;
+		return this.locales;
 	}
 
 	@Override
 	public String getMethod() {
-		return method;
+		return this.method;
 	}
 
 	@Override
 	public Map<String, String[]> getParameterMap() {
-		return parameters;
+		return this.parameters;
 	}
 
 	public Collection<String> getParameterNames() {
-		return parameters.keySet();
+		return this.parameters.keySet();
 	}
 
 	@Override
 	public String[] getParameterValues(String name) {
-		return parameters.get(name);
+		return this.parameters.get(name);
 	}
 
 	public String getPathInfo() {
-		return pathInfo;
+		return this.pathInfo;
 	}
 
 	public String getQueryString() {
@@ -340,23 +341,23 @@ public class DefaultSavedRequest implements SavedRequest {
 	}
 
 	public String getRequestURL() {
-		return requestURL;
+		return this.requestURL;
 	}
 
 	public String getScheme() {
-		return scheme;
+		return this.scheme;
 	}
 
 	public String getServerName() {
-		return serverName;
+		return this.serverName;
 	}
 
 	public int getServerPort() {
-		return serverPort;
+		return this.serverPort;
 	}
 
 	public String getServletPath() {
-		return servletPath;
+		return this.servletPath;
 	}
 
 	private boolean propertyEquals(String log, Object arg1, Object arg2) {
diff --git a/web/src/main/java/org/springframework/security/web/savedrequest/Enumerator.java b/web/src/main/java/org/springframework/security/web/savedrequest/Enumerator.java
index 75cd7566fd..5692f643a3 100644
--- a/web/src/main/java/org/springframework/security/web/savedrequest/Enumerator.java
+++ b/web/src/main/java/org/springframework/security/web/savedrequest/Enumerator.java
@@ -116,7 +116,7 @@ public class Enumerator<T> implements Enumeration<T> {
 	 * one more element to provide, <code>false</code> otherwise
 	 */
 	public boolean hasMoreElements() {
-		return (iterator.hasNext());
+		return (this.iterator.hasNext());
 	}
 
 	/**
@@ -126,7 +126,7 @@ public class Enumerator<T> implements Enumeration<T> {
 	 * @exception NoSuchElementException if no more elements exist
 	 */
 	public T nextElement() throws NoSuchElementException {
-		return (iterator.next());
+		return (this.iterator.next());
 	}
 
 }
diff --git a/web/src/main/java/org/springframework/security/web/savedrequest/HttpSessionRequestCache.java b/web/src/main/java/org/springframework/security/web/savedrequest/HttpSessionRequestCache.java
index 63e415bcba..4704e2fe0f 100644
--- a/web/src/main/java/org/springframework/security/web/savedrequest/HttpSessionRequestCache.java
+++ b/web/src/main/java/org/springframework/security/web/savedrequest/HttpSessionRequestCache.java
@@ -55,19 +55,19 @@ public class HttpSessionRequestCache implements RequestCache {
 	 * Stores the current request, provided the configuration properties allow it.
 	 */
 	public void saveRequest(HttpServletRequest request, HttpServletResponse response) {
-		if (requestMatcher.matches(request)) {
-			DefaultSavedRequest savedRequest = new DefaultSavedRequest(request, portResolver);
+		if (this.requestMatcher.matches(request)) {
+			DefaultSavedRequest savedRequest = new DefaultSavedRequest(request, this.portResolver);
 
-			if (createSessionAllowed || request.getSession(false) != null) {
+			if (this.createSessionAllowed || request.getSession(false) != null) {
 				// Store the HTTP request itself. Used by
 				// AbstractAuthenticationProcessingFilter
 				// for redirection after successful authentication (SEC-29)
 				request.getSession().setAttribute(this.sessionAttrName, savedRequest);
-				logger.debug("DefaultSavedRequest added to Session: " + savedRequest);
+				this.logger.debug("DefaultSavedRequest added to Session: " + savedRequest);
 			}
 		}
 		else {
-			logger.debug("Request not saved as configured RequestMatcher did not match");
+			this.logger.debug("Request not saved as configured RequestMatcher did not match");
 		}
 	}
 
@@ -85,7 +85,7 @@ public class HttpSessionRequestCache implements RequestCache {
 		HttpSession session = currentRequest.getSession(false);
 
 		if (session != null) {
-			logger.debug("Removing DefaultSavedRequest from session if present");
+			this.logger.debug("Removing DefaultSavedRequest from session if present");
 			session.removeAttribute(this.sessionAttrName);
 		}
 	}
@@ -94,7 +94,7 @@ public class HttpSessionRequestCache implements RequestCache {
 		SavedRequest saved = getRequest(request, response);
 
 		if (!matchesSavedRequest(request, saved)) {
-			logger.debug("saved request doesn't match");
+			this.logger.debug("saved request doesn't match");
 			return null;
 		}
 
diff --git a/web/src/main/java/org/springframework/security/web/savedrequest/RequestCacheAwareFilter.java b/web/src/main/java/org/springframework/security/web/savedrequest/RequestCacheAwareFilter.java
index 72f9793fec..7aa57e956c 100644
--- a/web/src/main/java/org/springframework/security/web/savedrequest/RequestCacheAwareFilter.java
+++ b/web/src/main/java/org/springframework/security/web/savedrequest/RequestCacheAwareFilter.java
@@ -57,7 +57,7 @@ public class RequestCacheAwareFilter extends GenericFilterBean {
 	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
 			throws IOException, ServletException {
 
-		HttpServletRequest wrappedSavedRequest = requestCache.getMatchingRequest((HttpServletRequest) request,
+		HttpServletRequest wrappedSavedRequest = this.requestCache.getMatchingRequest((HttpServletRequest) request,
 				(HttpServletResponse) response);
 
 		chain.doFilter(wrappedSavedRequest == null ? request : wrappedSavedRequest, response);
diff --git a/web/src/main/java/org/springframework/security/web/savedrequest/SavedCookie.java b/web/src/main/java/org/springframework/security/web/savedrequest/SavedCookie.java
index 922bf169ec..8db916cbfc 100644
--- a/web/src/main/java/org/springframework/security/web/savedrequest/SavedCookie.java
+++ b/web/src/main/java/org/springframework/security/web/savedrequest/SavedCookie.java
@@ -60,35 +60,35 @@ public class SavedCookie implements Serializable {
 	}
 
 	public String getName() {
-		return name;
+		return this.name;
 	}
 
 	public String getValue() {
-		return value;
+		return this.value;
 	}
 
 	public String getComment() {
-		return comment;
+		return this.comment;
 	}
 
 	public String getDomain() {
-		return domain;
+		return this.domain;
 	}
 
 	public int getMaxAge() {
-		return maxAge;
+		return this.maxAge;
 	}
 
 	public String getPath() {
-		return path;
+		return this.path;
 	}
 
 	public boolean isSecure() {
-		return secure;
+		return this.secure;
 	}
 
 	public int getVersion() {
-		return version;
+		return this.version;
 	}
 
 	public Cookie getCookie() {
diff --git a/web/src/main/java/org/springframework/security/web/savedrequest/SavedRequestAwareWrapper.java b/web/src/main/java/org/springframework/security/web/savedrequest/SavedRequestAwareWrapper.java
index a8852f59cf..adee0172e6 100644
--- a/web/src/main/java/org/springframework/security/web/savedrequest/SavedRequestAwareWrapper.java
+++ b/web/src/main/java/org/springframework/security/web/savedrequest/SavedRequestAwareWrapper.java
@@ -72,15 +72,15 @@ class SavedRequestAwareWrapper extends HttpServletRequestWrapper {
 
 	SavedRequestAwareWrapper(SavedRequest saved, HttpServletRequest request) {
 		super(request);
-		savedRequest = saved;
+		this.savedRequest = saved;
 
-		formats[0] = new SimpleDateFormat("EEE, dd MMM yyyy HH:mm:ss zzz", Locale.US);
-		formats[1] = new SimpleDateFormat("EEEEEE, dd-MMM-yy HH:mm:ss zzz", Locale.US);
-		formats[2] = new SimpleDateFormat("EEE MMMM d HH:mm:ss yyyy", Locale.US);
+		this.formats[0] = new SimpleDateFormat("EEE, dd MMM yyyy HH:mm:ss zzz", Locale.US);
+		this.formats[1] = new SimpleDateFormat("EEEEEE, dd-MMM-yy HH:mm:ss zzz", Locale.US);
+		this.formats[2] = new SimpleDateFormat("EEE MMMM d HH:mm:ss yyyy", Locale.US);
 
-		formats[0].setTimeZone(GMT_ZONE);
-		formats[1].setTimeZone(GMT_ZONE);
-		formats[2].setTimeZone(GMT_ZONE);
+		this.formats[0].setTimeZone(GMT_ZONE);
+		this.formats[1].setTimeZone(GMT_ZONE);
+		this.formats[2].setTimeZone(GMT_ZONE);
 	}
 
 	@Override
@@ -92,7 +92,7 @@ class SavedRequestAwareWrapper extends HttpServletRequestWrapper {
 		}
 
 		// Attempt to convert the date header in a variety of formats
-		long result = FastHttpDateFormat.parseDate(value, formats);
+		long result = FastHttpDateFormat.parseDate(value, this.formats);
 
 		if (result != -1L) {
 			return result;
@@ -103,7 +103,7 @@ class SavedRequestAwareWrapper extends HttpServletRequestWrapper {
 
 	@Override
 	public String getHeader(String name) {
-		List<String> values = savedRequest.getHeaderValues(name);
+		List<String> values = this.savedRequest.getHeaderValues(name);
 
 		return values.isEmpty() ? null : values.get(0);
 	}
@@ -111,13 +111,13 @@ class SavedRequestAwareWrapper extends HttpServletRequestWrapper {
 	@Override
 	@SuppressWarnings("unchecked")
 	public Enumeration getHeaderNames() {
-		return new Enumerator<>(savedRequest.getHeaderNames());
+		return new Enumerator<>(this.savedRequest.getHeaderNames());
 	}
 
 	@Override
 	@SuppressWarnings("unchecked")
 	public Enumeration getHeaders(String name) {
-		return new Enumerator<>(savedRequest.getHeaderValues(name));
+		return new Enumerator<>(this.savedRequest.getHeaderValues(name));
 	}
 
 	@Override
@@ -134,7 +134,7 @@ class SavedRequestAwareWrapper extends HttpServletRequestWrapper {
 
 	@Override
 	public Locale getLocale() {
-		List<Locale> locales = savedRequest.getLocales();
+		List<Locale> locales = this.savedRequest.getLocales();
 
 		return locales.isEmpty() ? Locale.getDefault() : locales.get(0);
 	}
@@ -142,7 +142,7 @@ class SavedRequestAwareWrapper extends HttpServletRequestWrapper {
 	@Override
 	@SuppressWarnings("unchecked")
 	public Enumeration getLocales() {
-		List<Locale> locales = savedRequest.getLocales();
+		List<Locale> locales = this.savedRequest.getLocales();
 
 		if (locales.isEmpty()) {
 			// Fall back to default locale
@@ -155,7 +155,7 @@ class SavedRequestAwareWrapper extends HttpServletRequestWrapper {
 
 	@Override
 	public String getMethod() {
-		return savedRequest.getMethod();
+		return this.savedRequest.getMethod();
 	}
 
 	/**
@@ -176,7 +176,7 @@ class SavedRequestAwareWrapper extends HttpServletRequestWrapper {
 			return value;
 		}
 
-		String[] values = savedRequest.getParameterValues(name);
+		String[] values = this.savedRequest.getParameterValues(name);
 
 		if (values == null || values.length == 0) {
 			return null;
@@ -202,7 +202,7 @@ class SavedRequestAwareWrapper extends HttpServletRequestWrapper {
 	private Set<String> getCombinedParameterNames() {
 		Set<String> names = new HashSet<>();
 		names.addAll(super.getParameterMap().keySet());
-		names.addAll(savedRequest.getParameterMap().keySet());
+		names.addAll(this.savedRequest.getParameterMap().keySet());
 
 		return names;
 	}
@@ -215,7 +215,7 @@ class SavedRequestAwareWrapper extends HttpServletRequestWrapper {
 
 	@Override
 	public String[] getParameterValues(String name) {
-		String[] savedRequestParams = savedRequest.getParameterValues(name);
+		String[] savedRequestParams = this.savedRequest.getParameterValues(name);
 		String[] wrappedRequestParams = super.getParameterValues(name);
 
 		if (savedRequestParams == null) {
diff --git a/web/src/main/java/org/springframework/security/web/server/DelegatingServerAuthenticationEntryPoint.java b/web/src/main/java/org/springframework/security/web/server/DelegatingServerAuthenticationEntryPoint.java
index 40c2f3d177..460c875a28 100644
--- a/web/src/main/java/org/springframework/security/web/server/DelegatingServerAuthenticationEntryPoint.java
+++ b/web/src/main/java/org/springframework/security/web/server/DelegatingServerAuthenticationEntryPoint.java
@@ -66,7 +66,7 @@ public class DelegatingServerAuthenticationEntryPoint implements ServerAuthentic
 					}
 				}).switchIfEmpty(Mono.just(this.defaultEntryPoint).doOnNext(it -> {
 					if (logger.isDebugEnabled()) {
-						logger.debug("No match found. Using default entry point " + defaultEntryPoint);
+						logger.debug("No match found. Using default entry point " + this.defaultEntryPoint);
 					}
 				})).flatMap(entryPoint -> entryPoint.commence(exchange, e));
 	}
diff --git a/web/src/main/java/org/springframework/security/web/server/MatcherSecurityWebFilterChain.java b/web/src/main/java/org/springframework/security/web/server/MatcherSecurityWebFilterChain.java
index bd9be5d2dd..081e0c865e 100644
--- a/web/src/main/java/org/springframework/security/web/server/MatcherSecurityWebFilterChain.java
+++ b/web/src/main/java/org/springframework/security/web/server/MatcherSecurityWebFilterChain.java
@@ -48,7 +48,7 @@ public class MatcherSecurityWebFilterChain implements SecurityWebFilterChain {
 
 	@Override
 	public Mono<Boolean> matches(ServerWebExchange exchange) {
-		return matcher.matches(exchange).map(m -> m.isMatch());
+		return this.matcher.matches(exchange).map(m -> m.isMatch());
 	}
 
 	@Override
diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/AnonymousAuthenticationWebFilter.java b/web/src/main/java/org/springframework/security/web/server/authentication/AnonymousAuthenticationWebFilter.java
index 04aa38c961..efc927d835 100644
--- a/web/src/main/java/org/springframework/security/web/server/authentication/AnonymousAuthenticationWebFilter.java
+++ b/web/src/main/java/org/springframework/security/web/server/authentication/AnonymousAuthenticationWebFilter.java
@@ -95,7 +95,8 @@ public class AnonymousAuthenticationWebFilter implements WebFilter {
 	}
 
 	protected Authentication createAuthentication(ServerWebExchange exchange) {
-		AnonymousAuthenticationToken auth = new AnonymousAuthenticationToken(key, principal, authorities);
+		AnonymousAuthenticationToken auth = new AnonymousAuthenticationToken(this.key, this.principal,
+				this.authorities);
 		return auth;
 	}
 
diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/ReactivePreAuthenticatedAuthenticationManager.java b/web/src/main/java/org/springframework/security/web/server/authentication/ReactivePreAuthenticatedAuthenticationManager.java
index 85e2a3deb1..27512861b2 100644
--- a/web/src/main/java/org/springframework/security/web/server/authentication/ReactivePreAuthenticatedAuthenticationManager.java
+++ b/web/src/main/java/org/springframework/security/web/server/authentication/ReactivePreAuthenticatedAuthenticationManager.java
@@ -58,9 +58,9 @@ public class ReactivePreAuthenticatedAuthenticationManager implements ReactiveAu
 	@Override
 	public Mono<Authentication> authenticate(Authentication authentication) {
 		return Mono.just(authentication).filter(this::supports).map(Authentication::getName)
-				.flatMap(userDetailsService::findByUsername)
+				.flatMap(this.userDetailsService::findByUsername)
 				.switchIfEmpty(Mono.error(() -> new UsernameNotFoundException("User not found")))
-				.doOnNext(userDetailsChecker::check).map(ud -> {
+				.doOnNext(this.userDetailsChecker::check).map(ud -> {
 					PreAuthenticatedAuthenticationToken result = new PreAuthenticatedAuthenticationToken(ud,
 							authentication.getCredentials(), ud.getAuthorities());
 					result.setDetails(authentication.getDetails());
diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/ServerX509AuthenticationConverter.java b/web/src/main/java/org/springframework/security/web/server/authentication/ServerX509AuthenticationConverter.java
index 5d2f51a285..f7b9caae19 100644
--- a/web/src/main/java/org/springframework/security/web/server/authentication/ServerX509AuthenticationConverter.java
+++ b/web/src/main/java/org/springframework/security/web/server/authentication/ServerX509AuthenticationConverter.java
@@ -50,16 +50,16 @@ public class ServerX509AuthenticationConverter implements ServerAuthenticationCo
 	public Mono<Authentication> convert(ServerWebExchange exchange) {
 		SslInfo sslInfo = exchange.getRequest().getSslInfo();
 		if (sslInfo == null) {
-			if (logger.isDebugEnabled()) {
-				logger.debug("No SslInfo provided with a request, skipping x509 authentication");
+			if (this.logger.isDebugEnabled()) {
+				this.logger.debug("No SslInfo provided with a request, skipping x509 authentication");
 			}
 
 			return Mono.empty();
 		}
 
 		if (sslInfo.getPeerCertificates() == null || sslInfo.getPeerCertificates().length == 0) {
-			if (logger.isDebugEnabled()) {
-				logger.debug("No peer certificates found in SslInfo, skipping x509 authentication");
+			if (this.logger.isDebugEnabled()) {
+				this.logger.debug("No peer certificates found in SslInfo, skipping x509 authentication");
 			}
 
 			return Mono.empty();
diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/SwitchUserWebFilter.java b/web/src/main/java/org/springframework/security/web/server/authentication/SwitchUserWebFilter.java
index e4e45b9e4f..82455c1699 100644
--- a/web/src/main/java/org/springframework/security/web/server/authentication/SwitchUserWebFilter.java
+++ b/web/src/main/java/org/springframework/security/web/server/authentication/SwitchUserWebFilter.java
@@ -181,7 +181,7 @@ public class SwitchUserWebFilter implements WebFilter {
 	 * found by username
 	 */
 	protected Mono<Authentication> switchUser(WebFilterExchange webFilterExchange) {
-		return switchUserMatcher.matches(webFilterExchange.getExchange())
+		return this.switchUserMatcher.matches(webFilterExchange.getExchange())
 				.filter(ServerWebExchangeMatcher.MatchResult::isMatch)
 				.flatMap(matchResult -> ReactiveSecurityContextHolder.getContext())
 				.map(SecurityContext::getAuthentication).flatMap(currentAuthentication -> {
@@ -200,7 +200,7 @@ public class SwitchUserWebFilter implements WebFilter {
 	 * switched.
 	 */
 	protected Mono<Authentication> exitSwitchUser(WebFilterExchange webFilterExchange) {
-		return exitUserMatcher.matches(webFilterExchange.getExchange())
+		return this.exitUserMatcher.matches(webFilterExchange.getExchange())
 				.filter(ServerWebExchangeMatcher.MatchResult::isMatch)
 				.flatMap(matchResult -> ReactiveSecurityContextHolder.getContext()
 						.map(SecurityContext::getAuthentication)
@@ -225,8 +225,9 @@ public class SwitchUserWebFilter implements WebFilter {
 			this.logger.debug("Attempt to switch to user [" + userName + "]");
 		}
 
-		return userDetailsService.findByUsername(userName)
-				.switchIfEmpty(Mono.error(this::noTargetAuthenticationException)).doOnNext(userDetailsChecker::check)
+		return this.userDetailsService.findByUsername(userName)
+				.switchIfEmpty(Mono.error(this::noTargetAuthenticationException))
+				.doOnNext(this.userDetailsChecker::check)
 				.map(userDetails -> createSwitchUserToken(userDetails, currentAuthentication));
 	}
 
@@ -245,14 +246,14 @@ public class SwitchUserWebFilter implements WebFilter {
 	private Mono<Void> onAuthenticationSuccess(Authentication authentication, WebFilterExchange webFilterExchange) {
 		final ServerWebExchange exchange = webFilterExchange.getExchange();
 		final SecurityContextImpl securityContext = new SecurityContextImpl(authentication);
-		return securityContextRepository.save(exchange, securityContext)
+		return this.securityContextRepository.save(exchange, securityContext)
 				.then(this.successHandler.onAuthenticationSuccess(webFilterExchange, authentication))
 				.subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(securityContext)));
 	}
 
 	private Mono<Void> onAuthenticationFailure(AuthenticationException exception, WebFilterExchange webFilterExchange) {
-		return Mono.justOrEmpty(failureHandler).switchIfEmpty(Mono.defer(() -> {
-			logger.error("Switch User failed", exception);
+		return Mono.justOrEmpty(this.failureHandler).switchIfEmpty(Mono.defer(() -> {
+			this.logger.error("Switch User failed", exception);
 			return Mono.error(exception);
 		})).flatMap(failureHandler -> failureHandler.onAuthenticationFailure(webFilterExchange, exception));
 	}
@@ -262,7 +263,7 @@ public class SwitchUserWebFilter implements WebFilter {
 
 		if (sourceAuthentication.isPresent()) {
 			// SEC-1763. Check first if we are already switched.
-			logger.info("Found original switch user granted authority [" + sourceAuthentication.get() + "]");
+			this.logger.info("Found original switch user granted authority [" + sourceAuthentication.get() + "]");
 			currentAuthentication = sourceAuthentication.get();
 		}
 
diff --git a/web/src/main/java/org/springframework/security/web/server/authorization/AuthorizationContext.java b/web/src/main/java/org/springframework/security/web/server/authorization/AuthorizationContext.java
index 2f8bd8dfc6..9d8125dcd2 100644
--- a/web/src/main/java/org/springframework/security/web/server/authorization/AuthorizationContext.java
+++ b/web/src/main/java/org/springframework/security/web/server/authorization/AuthorizationContext.java
@@ -41,11 +41,11 @@ public class AuthorizationContext {
 	}
 
 	public ServerWebExchange getExchange() {
-		return exchange;
+		return this.exchange;
 	}
 
 	public Map<String, Object> getVariables() {
-		return Collections.unmodifiableMap(variables);
+		return Collections.unmodifiableMap(this.variables);
 	}
 
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/authorization/DelegatingReactiveAuthorizationManager.java b/web/src/main/java/org/springframework/security/web/server/authorization/DelegatingReactiveAuthorizationManager.java
index 63b542ed52..1579308e9b 100644
--- a/web/src/main/java/org/springframework/security/web/server/authorization/DelegatingReactiveAuthorizationManager.java
+++ b/web/src/main/java/org/springframework/security/web/server/authorization/DelegatingReactiveAuthorizationManager.java
@@ -48,7 +48,7 @@ public final class DelegatingReactiveAuthorizationManager implements ReactiveAut
 
 	@Override
 	public Mono<AuthorizationDecision> check(Mono<Authentication> authentication, ServerWebExchange exchange) {
-		return Flux.fromIterable(mappings).concatMap(mapping -> mapping.getMatcher().matches(exchange)
+		return Flux.fromIterable(this.mappings).concatMap(mapping -> mapping.getMatcher().matches(exchange)
 				.filter(MatchResult::isMatch).map(MatchResult::getVariables).flatMap(variables -> {
 					if (logger.isDebugEnabled()) {
 						logger.debug(
@@ -77,7 +77,7 @@ public final class DelegatingReactiveAuthorizationManager implements ReactiveAut
 		}
 
 		public DelegatingReactiveAuthorizationManager build() {
-			return new DelegatingReactiveAuthorizationManager(mappings);
+			return new DelegatingReactiveAuthorizationManager(this.mappings);
 		}
 
 	}
diff --git a/web/src/main/java/org/springframework/security/web/server/header/HttpHeaderWriterWebFilter.java b/web/src/main/java/org/springframework/security/web/server/header/HttpHeaderWriterWebFilter.java
index d147bc74eb..ab02ac1b09 100644
--- a/web/src/main/java/org/springframework/security/web/server/header/HttpHeaderWriterWebFilter.java
+++ b/web/src/main/java/org/springframework/security/web/server/header/HttpHeaderWriterWebFilter.java
@@ -39,7 +39,7 @@ public class HttpHeaderWriterWebFilter implements WebFilter {
 
 	@Override
 	public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
-		exchange.getResponse().beforeCommit(() -> writer.writeHttpHeaders(exchange));
+		exchange.getResponse().beforeCommit(() -> this.writer.writeHttpHeaders(exchange));
 		return chain.filter(exchange);
 	}
 
diff --git a/web/src/main/java/org/springframework/security/web/server/header/StaticServerHttpHeadersWriter.java b/web/src/main/java/org/springframework/security/web/server/header/StaticServerHttpHeadersWriter.java
index 42d0596d7f..dabfeab63e 100644
--- a/web/src/main/java/org/springframework/security/web/server/header/StaticServerHttpHeadersWriter.java
+++ b/web/src/main/java/org/springframework/security/web/server/header/StaticServerHttpHeadersWriter.java
@@ -65,12 +65,12 @@ public class StaticServerHttpHeadersWriter implements ServerHttpHeadersWriter {
 		private HttpHeaders headers = new HttpHeaders();
 
 		public Builder header(String headerName, String... values) {
-			headers.put(headerName, Arrays.asList(values));
+			this.headers.put(headerName, Arrays.asList(values));
 			return this;
 		}
 
 		public StaticServerHttpHeadersWriter build() {
-			return new StaticServerHttpHeadersWriter(headers);
+			return new StaticServerHttpHeadersWriter(this.headers);
 		}
 
 	}
diff --git a/web/src/main/java/org/springframework/security/web/server/header/StrictTransportSecurityServerHttpHeadersWriter.java b/web/src/main/java/org/springframework/security/web/server/header/StrictTransportSecurityServerHttpHeadersWriter.java
index f81989f94c..b1deb3c465 100644
--- a/web/src/main/java/org/springframework/security/web/server/header/StrictTransportSecurityServerHttpHeadersWriter.java
+++ b/web/src/main/java/org/springframework/security/web/server/header/StrictTransportSecurityServerHttpHeadersWriter.java
@@ -58,7 +58,7 @@ public final class StrictTransportSecurityServerHttpHeadersWriter implements Ser
 	 */
 	@Override
 	public Mono<Void> writeHttpHeaders(ServerWebExchange exchange) {
-		return isSecure(exchange) ? delegate.writeHttpHeaders(exchange) : Mono.empty();
+		return isSecure(exchange) ? this.delegate.writeHttpHeaders(exchange) : Mono.empty();
 	}
 
 	/**
@@ -66,7 +66,7 @@ public final class StrictTransportSecurityServerHttpHeadersWriter implements Ser
 	 * @param includeSubDomains if subdomains should be included
 	 */
 	public void setIncludeSubDomains(boolean includeSubDomains) {
-		subdomain = includeSubDomains ? " ; includeSubDomains" : "";
+		this.subdomain = includeSubDomains ? " ; includeSubDomains" : "";
 		updateDelegate();
 	}
 
@@ -98,8 +98,8 @@ public final class StrictTransportSecurityServerHttpHeadersWriter implements Ser
 	}
 
 	private void updateDelegate() {
-		delegate = StaticServerHttpHeadersWriter.builder()
-				.header(STRICT_TRANSPORT_SECURITY, maxAge + subdomain + preload).build();
+		this.delegate = StaticServerHttpHeadersWriter.builder()
+				.header(STRICT_TRANSPORT_SECURITY, this.maxAge + this.subdomain + this.preload).build();
 	}
 
 	private boolean isSecure(ServerWebExchange exchange) {
diff --git a/web/src/main/java/org/springframework/security/web/server/header/XFrameOptionsServerHttpHeadersWriter.java b/web/src/main/java/org/springframework/security/web/server/header/XFrameOptionsServerHttpHeadersWriter.java
index cb5a64c9c8..7dcd2a385a 100644
--- a/web/src/main/java/org/springframework/security/web/server/header/XFrameOptionsServerHttpHeadersWriter.java
+++ b/web/src/main/java/org/springframework/security/web/server/header/XFrameOptionsServerHttpHeadersWriter.java
@@ -39,7 +39,7 @@ public class XFrameOptionsServerHttpHeadersWriter implements ServerHttpHeadersWr
 	 */
 	@Override
 	public Mono<Void> writeHttpHeaders(ServerWebExchange exchange) {
-		return delegate.writeHttpHeaders(exchange);
+		return this.delegate.writeHttpHeaders(exchange);
 	}
 
 	/**
diff --git a/web/src/main/java/org/springframework/security/web/server/header/XXssProtectionServerHttpHeadersWriter.java b/web/src/main/java/org/springframework/security/web/server/header/XXssProtectionServerHttpHeadersWriter.java
index 54f9711b71..c3d1fd05f5 100644
--- a/web/src/main/java/org/springframework/security/web/server/header/XXssProtectionServerHttpHeadersWriter.java
+++ b/web/src/main/java/org/springframework/security/web/server/header/XXssProtectionServerHttpHeadersWriter.java
@@ -53,7 +53,7 @@ public class XXssProtectionServerHttpHeadersWriter implements ServerHttpHeadersW
 	 */
 	@Override
 	public Mono<Void> writeHttpHeaders(ServerWebExchange exchange) {
-		return delegate.writeHttpHeaders(exchange);
+		return this.delegate.writeHttpHeaders(exchange);
 	}
 
 	/**
@@ -92,7 +92,7 @@ public class XXssProtectionServerHttpHeadersWriter implements ServerHttpHeadersW
 	 * @param block the new value
 	 */
 	public void setBlock(boolean block) {
-		if (!enabled && block) {
+		if (!this.enabled && block) {
 			throw new IllegalArgumentException("Cannot set block to true with enabled false");
 		}
 		this.block = block;
@@ -105,10 +105,10 @@ public class XXssProtectionServerHttpHeadersWriter implements ServerHttpHeadersW
 	}
 
 	private String createHeaderValue() {
-		if (!enabled) {
+		if (!this.enabled) {
 			return "0";
 		}
-		if (!block) {
+		if (!this.block) {
 			return "1";
 		}
 		return "1 ; mode=block";
diff --git a/web/src/main/java/org/springframework/security/web/server/util/matcher/AndServerWebExchangeMatcher.java b/web/src/main/java/org/springframework/security/web/server/util/matcher/AndServerWebExchangeMatcher.java
index 49aa7a94b1..774b5fb569 100644
--- a/web/src/main/java/org/springframework/security/web/server/util/matcher/AndServerWebExchangeMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/server/util/matcher/AndServerWebExchangeMatcher.java
@@ -61,7 +61,7 @@ public class AndServerWebExchangeMatcher implements ServerWebExchangeMatcher {
 	public Mono<MatchResult> matches(ServerWebExchange exchange) {
 		return Mono.defer(() -> {
 			Map<String, Object> variables = new HashMap<>();
-			return Flux.fromIterable(matchers).doOnNext(it -> {
+			return Flux.fromIterable(this.matchers).doOnNext(it -> {
 				if (logger.isDebugEnabled()) {
 					logger.debug("Trying to match using " + it);
 				}
@@ -78,7 +78,7 @@ public class AndServerWebExchangeMatcher implements ServerWebExchangeMatcher {
 
 	@Override
 	public String toString() {
-		return "AndServerWebExchangeMatcher{" + "matchers=" + matchers + '}';
+		return "AndServerWebExchangeMatcher{" + "matchers=" + this.matchers + '}';
 	}
 
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/util/matcher/NegatedServerWebExchangeMatcher.java b/web/src/main/java/org/springframework/security/web/server/util/matcher/NegatedServerWebExchangeMatcher.java
index e5bc6dedf6..5ac9796f6e 100644
--- a/web/src/main/java/org/springframework/security/web/server/util/matcher/NegatedServerWebExchangeMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/server/util/matcher/NegatedServerWebExchangeMatcher.java
@@ -49,7 +49,7 @@ public class NegatedServerWebExchangeMatcher implements ServerWebExchangeMatcher
 	 */
 	@Override
 	public Mono<MatchResult> matches(ServerWebExchange exchange) {
-		return matcher.matches(exchange).flatMap(m -> m.isMatch() ? MatchResult.notMatch() : MatchResult.match())
+		return this.matcher.matches(exchange).flatMap(m -> m.isMatch() ? MatchResult.notMatch() : MatchResult.match())
 				.doOnNext(it -> {
 					if (logger.isDebugEnabled()) {
 						logger.debug("matches = " + it.isMatch());
@@ -59,7 +59,7 @@ public class NegatedServerWebExchangeMatcher implements ServerWebExchangeMatcher
 
 	@Override
 	public String toString() {
-		return "NegatedServerWebExchangeMatcher{" + "matcher=" + matcher + '}';
+		return "NegatedServerWebExchangeMatcher{" + "matcher=" + this.matcher + '}';
 	}
 
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/util/matcher/OrServerWebExchangeMatcher.java b/web/src/main/java/org/springframework/security/web/server/util/matcher/OrServerWebExchangeMatcher.java
index d253ea26eb..8675567f9a 100644
--- a/web/src/main/java/org/springframework/security/web/server/util/matcher/OrServerWebExchangeMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/server/util/matcher/OrServerWebExchangeMatcher.java
@@ -57,7 +57,7 @@ public class OrServerWebExchangeMatcher implements ServerWebExchangeMatcher {
 	 */
 	@Override
 	public Mono<MatchResult> matches(ServerWebExchange exchange) {
-		return Flux.fromIterable(matchers).doOnNext(it -> {
+		return Flux.fromIterable(this.matchers).doOnNext(it -> {
 			if (logger.isDebugEnabled()) {
 				logger.debug("Trying to match using " + it);
 			}
@@ -71,7 +71,7 @@ public class OrServerWebExchangeMatcher implements ServerWebExchangeMatcher {
 
 	@Override
 	public String toString() {
-		return "OrServerWebExchangeMatcher{" + "matchers=" + matchers + '}';
+		return "OrServerWebExchangeMatcher{" + "matchers=" + this.matchers + '}';
 	}
 
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/util/matcher/PathPatternParserServerWebExchangeMatcher.java b/web/src/main/java/org/springframework/security/web/server/util/matcher/PathPatternParserServerWebExchangeMatcher.java
index 0b3c8ff476..4fd4f0f1f8 100644
--- a/web/src/main/java/org/springframework/security/web/server/util/matcher/PathPatternParserServerWebExchangeMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/server/util/matcher/PathPatternParserServerWebExchangeMatcher.java
@@ -99,7 +99,8 @@ public final class PathPatternParserServerWebExchangeMatcher implements ServerWe
 
 	@Override
 	public String toString() {
-		return "PathMatcherServerWebExchangeMatcher{" + "pattern='" + pattern + '\'' + ", method=" + method + '}';
+		return "PathMatcherServerWebExchangeMatcher{" + "pattern='" + this.pattern + '\'' + ", method=" + this.method
+				+ '}';
 	}
 
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/util/matcher/ServerWebExchangeMatcher.java b/web/src/main/java/org/springframework/security/web/server/util/matcher/ServerWebExchangeMatcher.java
index fa30e9605e..c831ad0c2b 100644
--- a/web/src/main/java/org/springframework/security/web/server/util/matcher/ServerWebExchangeMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/server/util/matcher/ServerWebExchangeMatcher.java
@@ -52,7 +52,7 @@ public interface ServerWebExchangeMatcher {
 		}
 
 		public boolean isMatch() {
-			return match;
+			return this.match;
 		}
 
 		/**
@@ -60,7 +60,7 @@ public interface ServerWebExchangeMatcher {
 		 * @return
 		 */
 		public Map<String, Object> getVariables() {
-			return variables;
+			return this.variables;
 		}
 
 		/**
diff --git a/web/src/main/java/org/springframework/security/web/server/util/matcher/ServerWebExchangeMatcherEntry.java b/web/src/main/java/org/springframework/security/web/server/util/matcher/ServerWebExchangeMatcherEntry.java
index 56accfa5fd..a2a7dd7512 100644
--- a/web/src/main/java/org/springframework/security/web/server/util/matcher/ServerWebExchangeMatcherEntry.java
+++ b/web/src/main/java/org/springframework/security/web/server/util/matcher/ServerWebExchangeMatcherEntry.java
@@ -34,11 +34,11 @@ public class ServerWebExchangeMatcherEntry<T> {
 	}
 
 	public ServerWebExchangeMatcher getMatcher() {
-		return matcher;
+		return this.matcher;
 	}
 
 	public T getEntry() {
-		return entry;
+		return this.entry;
 	}
 
 }
diff --git a/web/src/main/java/org/springframework/security/web/servlet/support/csrf/CsrfRequestDataValueProcessor.java b/web/src/main/java/org/springframework/security/web/servlet/support/csrf/CsrfRequestDataValueProcessor.java
index 0782757970..d5784ebf73 100644
--- a/web/src/main/java/org/springframework/security/web/servlet/support/csrf/CsrfRequestDataValueProcessor.java
+++ b/web/src/main/java/org/springframework/security/web/servlet/support/csrf/CsrfRequestDataValueProcessor.java
@@ -43,11 +43,11 @@ public final class CsrfRequestDataValueProcessor implements RequestDataValueProc
 	}
 
 	public String processAction(HttpServletRequest request, String action, String method) {
-		if (method != null && DISABLE_CSRF_TOKEN_PATTERN.matcher(method).matches()) {
-			request.setAttribute(DISABLE_CSRF_TOKEN_ATTR, Boolean.TRUE);
+		if (method != null && this.DISABLE_CSRF_TOKEN_PATTERN.matcher(method).matches()) {
+			request.setAttribute(this.DISABLE_CSRF_TOKEN_ATTR, Boolean.TRUE);
 		}
 		else {
-			request.removeAttribute(DISABLE_CSRF_TOKEN_ATTR);
+			request.removeAttribute(this.DISABLE_CSRF_TOKEN_ATTR);
 		}
 		return action;
 	}
@@ -57,8 +57,8 @@ public final class CsrfRequestDataValueProcessor implements RequestDataValueProc
 	}
 
 	public Map<String, String> getExtraHiddenFields(HttpServletRequest request) {
-		if (Boolean.TRUE.equals(request.getAttribute(DISABLE_CSRF_TOKEN_ATTR))) {
-			request.removeAttribute(DISABLE_CSRF_TOKEN_ATTR);
+		if (Boolean.TRUE.equals(request.getAttribute(this.DISABLE_CSRF_TOKEN_ATTR))) {
+			request.removeAttribute(this.DISABLE_CSRF_TOKEN_ATTR);
 			return Collections.emptyMap();
 		}
 
diff --git a/web/src/main/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestWrapper.java b/web/src/main/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestWrapper.java
index 6fa6aec689..42932190ff 100644
--- a/web/src/main/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestWrapper.java
+++ b/web/src/main/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestWrapper.java
@@ -89,7 +89,7 @@ public class SecurityContextHolderAwareRequestWrapper extends HttpServletRequest
 	private Authentication getAuthentication() {
 		Authentication auth = SecurityContextHolder.getContext().getAuthentication();
 
-		if (!trustResolver.isAnonymous(auth)) {
+		if (!this.trustResolver.isAnonymous(auth)) {
 			return auth;
 		}
 
@@ -136,8 +136,8 @@ public class SecurityContextHolderAwareRequestWrapper extends HttpServletRequest
 	private boolean isGranted(String role) {
 		Authentication auth = getAuthentication();
 
-		if (rolePrefix != null && role != null && !role.startsWith(rolePrefix)) {
-			role = rolePrefix + role;
+		if (this.rolePrefix != null && role != null && !role.startsWith(this.rolePrefix)) {
+			role = this.rolePrefix + role;
 		}
 
 		if ((auth == null) || (auth.getPrincipal() == null)) {
diff --git a/web/src/main/java/org/springframework/security/web/session/ConcurrentSessionFilter.java b/web/src/main/java/org/springframework/security/web/session/ConcurrentSessionFilter.java
index 3af59ac8ac..585f55288c 100644
--- a/web/src/main/java/org/springframework/security/web/session/ConcurrentSessionFilter.java
+++ b/web/src/main/java/org/springframework/security/web/session/ConcurrentSessionFilter.java
@@ -102,7 +102,7 @@ public class ConcurrentSessionFilter extends GenericFilterBean {
 			HttpServletResponse response = event.getResponse();
 			SessionInformation info = event.getSessionInformation();
 
-			redirectStrategy.sendRedirect(request, response, determineExpiredUrl(request, info));
+			this.redirectStrategy.sendRedirect(request, response, determineExpiredUrl(request, info));
 		};
 	}
 
@@ -116,7 +116,7 @@ public class ConcurrentSessionFilter extends GenericFilterBean {
 
 	@Override
 	public void afterPropertiesSet() {
-		Assert.notNull(sessionRegistry, "SessionRegistry required");
+		Assert.notNull(this.sessionRegistry, "SessionRegistry required");
 	}
 
 	public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
@@ -127,13 +127,13 @@ public class ConcurrentSessionFilter extends GenericFilterBean {
 		HttpSession session = request.getSession(false);
 
 		if (session != null) {
-			SessionInformation info = sessionRegistry.getSessionInformation(session.getId());
+			SessionInformation info = this.sessionRegistry.getSessionInformation(session.getId());
 
 			if (info != null) {
 				if (info.isExpired()) {
 					// Expired - abort processing
-					if (logger.isDebugEnabled()) {
-						logger.debug("Requested session ID " + request.getRequestedSessionId() + " has expired.");
+					if (this.logger.isDebugEnabled()) {
+						this.logger.debug("Requested session ID " + request.getRequestedSessionId() + " has expired.");
 					}
 					doLogout(request, response);
 
@@ -143,7 +143,7 @@ public class ConcurrentSessionFilter extends GenericFilterBean {
 				}
 				else {
 					// Non-expired - update last request date/time
-					sessionRegistry.refreshLastRequest(info.getSessionId());
+					this.sessionRegistry.refreshLastRequest(info.getSessionId());
 				}
 			}
 		}
@@ -162,7 +162,7 @@ public class ConcurrentSessionFilter extends GenericFilterBean {
 	 */
 	@Deprecated
 	protected String determineExpiredUrl(HttpServletRequest request, SessionInformation info) {
-		return expiredUrl;
+		return this.expiredUrl;
 	}
 
 	private void doLogout(HttpServletRequest request, HttpServletResponse response) {
diff --git a/web/src/main/java/org/springframework/security/web/session/HttpSessionIdChangedEvent.java b/web/src/main/java/org/springframework/security/web/session/HttpSessionIdChangedEvent.java
index 99ca160e16..1d075c8a98 100644
--- a/web/src/main/java/org/springframework/security/web/session/HttpSessionIdChangedEvent.java
+++ b/web/src/main/java/org/springframework/security/web/session/HttpSessionIdChangedEvent.java
@@ -40,12 +40,12 @@ public class HttpSessionIdChangedEvent extends SessionIdChangedEvent {
 
 	@Override
 	public String getOldSessionId() {
-		return oldSessionId;
+		return this.oldSessionId;
 	}
 
 	@Override
 	public String getNewSessionId() {
-		return newSessionId;
+		return this.newSessionId;
 	}
 
 }
diff --git a/web/src/main/java/org/springframework/security/web/session/InvalidSessionAccessDeniedHandler.java b/web/src/main/java/org/springframework/security/web/session/InvalidSessionAccessDeniedHandler.java
index d8c157efd0..8a9a467a8e 100644
--- a/web/src/main/java/org/springframework/security/web/session/InvalidSessionAccessDeniedHandler.java
+++ b/web/src/main/java/org/springframework/security/web/session/InvalidSessionAccessDeniedHandler.java
@@ -46,7 +46,7 @@ public final class InvalidSessionAccessDeniedHandler implements AccessDeniedHand
 
 	public void handle(HttpServletRequest request, HttpServletResponse response,
 			AccessDeniedException accessDeniedException) throws IOException, ServletException {
-		invalidSessionStrategy.onInvalidSessionDetected(request, response);
+		this.invalidSessionStrategy.onInvalidSessionDetected(request, response);
 	}
 
 }
\ No newline at end of file
diff --git a/web/src/main/java/org/springframework/security/web/session/SessionInformationExpiredEvent.java b/web/src/main/java/org/springframework/security/web/session/SessionInformationExpiredEvent.java
index 4d469d2da6..7211a99e2a 100644
--- a/web/src/main/java/org/springframework/security/web/session/SessionInformationExpiredEvent.java
+++ b/web/src/main/java/org/springframework/security/web/session/SessionInformationExpiredEvent.java
@@ -54,14 +54,14 @@ public final class SessionInformationExpiredEvent extends ApplicationEvent {
 	 * @return the request
 	 */
 	public HttpServletRequest getRequest() {
-		return request;
+		return this.request;
 	}
 
 	/**
 	 * @return the response
 	 */
 	public HttpServletResponse getResponse() {
-		return response;
+		return this.response;
 	}
 
 	public SessionInformation getSessionInformation() {
diff --git a/web/src/main/java/org/springframework/security/web/session/SessionManagementFilter.java b/web/src/main/java/org/springframework/security/web/session/SessionManagementFilter.java
index 1c9f342b2d..ade6b59d4b 100644
--- a/web/src/main/java/org/springframework/security/web/session/SessionManagementFilter.java
+++ b/web/src/main/java/org/springframework/security/web/session/SessionManagementFilter.java
@@ -85,20 +85,20 @@ public class SessionManagementFilter extends GenericFilterBean {
 
 		request.setAttribute(FILTER_APPLIED, Boolean.TRUE);
 
-		if (!securityContextRepository.containsContext(request)) {
+		if (!this.securityContextRepository.containsContext(request)) {
 			Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
 
-			if (authentication != null && !trustResolver.isAnonymous(authentication)) {
+			if (authentication != null && !this.trustResolver.isAnonymous(authentication)) {
 				// The user has been authenticated during the current request, so call the
 				// session strategy
 				try {
-					sessionAuthenticationStrategy.onAuthentication(authentication, request, response);
+					this.sessionAuthenticationStrategy.onAuthentication(authentication, request, response);
 				}
 				catch (SessionAuthenticationException e) {
 					// The session strategy can reject the authentication
-					logger.debug("SessionAuthenticationStrategy rejected the authentication object", e);
+					this.logger.debug("SessionAuthenticationStrategy rejected the authentication object", e);
 					SecurityContextHolder.clearContext();
-					failureHandler.onAuthenticationFailure(request, response, e);
+					this.failureHandler.onAuthenticationFailure(request, response, e);
 
 					return;
 				}
@@ -106,18 +106,18 @@ public class SessionManagementFilter extends GenericFilterBean {
 				// re-entrant
 				// requests which may occur before the current request completes.
 				// SEC-1396.
-				securityContextRepository.saveContext(SecurityContextHolder.getContext(), request, response);
+				this.securityContextRepository.saveContext(SecurityContextHolder.getContext(), request, response);
 			}
 			else {
 				// No security context or authentication present. Check for a session
 				// timeout
 				if (request.getRequestedSessionId() != null && !request.isRequestedSessionIdValid()) {
-					if (logger.isDebugEnabled()) {
-						logger.debug("Requested session ID " + request.getRequestedSessionId() + " is invalid.");
+					if (this.logger.isDebugEnabled()) {
+						this.logger.debug("Requested session ID " + request.getRequestedSessionId() + " is invalid.");
 					}
 
-					if (invalidSessionStrategy != null) {
-						invalidSessionStrategy.onInvalidSessionDetected(request, response);
+					if (this.invalidSessionStrategy != null) {
+						this.invalidSessionStrategy.onInvalidSessionDetected(request, response);
 						return;
 					}
 				}
diff --git a/web/src/main/java/org/springframework/security/web/session/SimpleRedirectInvalidSessionStrategy.java b/web/src/main/java/org/springframework/security/web/session/SimpleRedirectInvalidSessionStrategy.java
index 4de98a70f3..46ef7b6f01 100644
--- a/web/src/main/java/org/springframework/security/web/session/SimpleRedirectInvalidSessionStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/session/SimpleRedirectInvalidSessionStrategy.java
@@ -50,11 +50,11 @@ public final class SimpleRedirectInvalidSessionStrategy implements InvalidSessio
 	}
 
 	public void onInvalidSessionDetected(HttpServletRequest request, HttpServletResponse response) throws IOException {
-		logger.debug("Starting new session (if required) and redirecting to '" + destinationUrl + "'");
-		if (createNewSession) {
+		this.logger.debug("Starting new session (if required) and redirecting to '" + this.destinationUrl + "'");
+		if (this.createNewSession) {
 			request.getSession();
 		}
-		redirectStrategy.sendRedirect(request, response, destinationUrl);
+		this.redirectStrategy.sendRedirect(request, response, this.destinationUrl);
 	}
 
 	/**
diff --git a/web/src/main/java/org/springframework/security/web/session/SimpleRedirectSessionInformationExpiredStrategy.java b/web/src/main/java/org/springframework/security/web/session/SimpleRedirectSessionInformationExpiredStrategy.java
index f213b74c4e..e83fe3fb08 100644
--- a/web/src/main/java/org/springframework/security/web/session/SimpleRedirectSessionInformationExpiredStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/session/SimpleRedirectSessionInformationExpiredStrategy.java
@@ -52,8 +52,8 @@ public final class SimpleRedirectSessionInformationExpiredStrategy implements Se
 	}
 
 	public void onExpiredSessionDetected(SessionInformationExpiredEvent event) throws IOException {
-		logger.debug("Redirecting to '" + destinationUrl + "'");
-		redirectStrategy.sendRedirect(event.getRequest(), event.getResponse(), destinationUrl);
+		this.logger.debug("Redirecting to '" + this.destinationUrl + "'");
+		this.redirectStrategy.sendRedirect(event.getRequest(), event.getResponse(), this.destinationUrl);
 	}
 
 }
diff --git a/web/src/main/java/org/springframework/security/web/util/RedirectUrlBuilder.java b/web/src/main/java/org/springframework/security/web/util/RedirectUrlBuilder.java
index b9a8f77835..61b2a1e666 100644
--- a/web/src/main/java/org/springframework/security/web/util/RedirectUrlBuilder.java
+++ b/web/src/main/java/org/springframework/security/web/util/RedirectUrlBuilder.java
@@ -75,30 +75,30 @@ public class RedirectUrlBuilder {
 	public String getUrl() {
 		StringBuilder sb = new StringBuilder();
 
-		Assert.notNull(scheme, "scheme cannot be null");
-		Assert.notNull(serverName, "serverName cannot be null");
+		Assert.notNull(this.scheme, "scheme cannot be null");
+		Assert.notNull(this.serverName, "serverName cannot be null");
 
-		sb.append(scheme).append("://").append(serverName);
+		sb.append(this.scheme).append("://").append(this.serverName);
 
 		// Append the port number if it's not standard for the scheme
-		if (port != (scheme.equals("http") ? 80 : 443)) {
-			sb.append(":").append(port);
+		if (this.port != (this.scheme.equals("http") ? 80 : 443)) {
+			sb.append(":").append(this.port);
 		}
 
-		if (contextPath != null) {
-			sb.append(contextPath);
+		if (this.contextPath != null) {
+			sb.append(this.contextPath);
 		}
 
-		if (servletPath != null) {
-			sb.append(servletPath);
+		if (this.servletPath != null) {
+			sb.append(this.servletPath);
 		}
 
-		if (pathInfo != null) {
-			sb.append(pathInfo);
+		if (this.pathInfo != null) {
+			sb.append(this.pathInfo);
 		}
 
-		if (query != null) {
-			sb.append("?").append(query);
+		if (this.query != null) {
+			sb.append("?").append(this.query);
 		}
 
 		return sb.toString();
diff --git a/web/src/main/java/org/springframework/security/web/util/ThrowableAnalyzer.java b/web/src/main/java/org/springframework/security/web/util/ThrowableAnalyzer.java
index c272f7c576..9b6af8a73e 100755
--- a/web/src/main/java/org/springframework/security/web/util/ThrowableAnalyzer.java
+++ b/web/src/main/java/org/springframework/security/web/util/ThrowableAnalyzer.java
@@ -175,7 +175,7 @@ public class ThrowableAnalyzer {
 	 * @return the cause, may be <code>null</code> if none could be resolved
 	 */
 	private Throwable extractCause(Throwable throwable) {
-		for (Map.Entry<Class<? extends Throwable>, ThrowableCauseExtractor> entry : extractorMap.entrySet()) {
+		for (Map.Entry<Class<? extends Throwable>, ThrowableCauseExtractor> entry : this.extractorMap.entrySet()) {
 			Class<? extends Throwable> throwableType = entry.getKey();
 			if (throwableType.isInstance(throwable)) {
 				ThrowableCauseExtractor extractor = entry.getValue();
diff --git a/web/src/main/java/org/springframework/security/web/util/matcher/AndRequestMatcher.java b/web/src/main/java/org/springframework/security/web/util/matcher/AndRequestMatcher.java
index 01f081e257..3818db6df7 100644
--- a/web/src/main/java/org/springframework/security/web/util/matcher/AndRequestMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/util/matcher/AndRequestMatcher.java
@@ -59,22 +59,22 @@ public final class AndRequestMatcher implements RequestMatcher {
 	}
 
 	public boolean matches(HttpServletRequest request) {
-		for (RequestMatcher matcher : requestMatchers) {
-			if (logger.isDebugEnabled()) {
-				logger.debug("Trying to match using " + matcher);
+		for (RequestMatcher matcher : this.requestMatchers) {
+			if (this.logger.isDebugEnabled()) {
+				this.logger.debug("Trying to match using " + matcher);
 			}
 			if (!matcher.matches(request)) {
-				logger.debug("Did not match");
+				this.logger.debug("Did not match");
 				return false;
 			}
 		}
-		logger.debug("All requestMatchers returned true");
+		this.logger.debug("All requestMatchers returned true");
 		return true;
 	}
 
 	@Override
 	public String toString() {
-		return "AndRequestMatcher [requestMatchers=" + requestMatchers + "]";
+		return "AndRequestMatcher [requestMatchers=" + this.requestMatchers + "]";
 	}
 
 }
\ No newline at end of file
diff --git a/web/src/main/java/org/springframework/security/web/util/matcher/ELRequestMatcher.java b/web/src/main/java/org/springframework/security/web/util/matcher/ELRequestMatcher.java
index c591028d36..a41ebdf151 100644
--- a/web/src/main/java/org/springframework/security/web/util/matcher/ELRequestMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/util/matcher/ELRequestMatcher.java
@@ -45,12 +45,12 @@ public class ELRequestMatcher implements RequestMatcher {
 
 	public ELRequestMatcher(String el) {
 		SpelExpressionParser parser = new SpelExpressionParser();
-		expression = parser.parseExpression(el);
+		this.expression = parser.parseExpression(el);
 	}
 
 	public boolean matches(HttpServletRequest request) {
 		EvaluationContext context = createELContext(request);
-		return expression.getValue(context, Boolean.class);
+		return this.expression.getValue(context, Boolean.class);
 	}
 
 	/**
diff --git a/web/src/main/java/org/springframework/security/web/util/matcher/ELRequestMatcherContext.java b/web/src/main/java/org/springframework/security/web/util/matcher/ELRequestMatcherContext.java
index a4e216c6c5..bb429742a5 100644
--- a/web/src/main/java/org/springframework/security/web/util/matcher/ELRequestMatcherContext.java
+++ b/web/src/main/java/org/springframework/security/web/util/matcher/ELRequestMatcherContext.java
@@ -28,11 +28,11 @@ class ELRequestMatcherContext {
 	}
 
 	public boolean hasIpAddress(String ipAddress) {
-		return (new IpAddressMatcher(ipAddress).matches(request));
+		return (new IpAddressMatcher(ipAddress).matches(this.request));
 	}
 
 	public boolean hasHeader(String headerName, String value) {
-		String header = request.getHeader(headerName);
+		String header = this.request.getHeader(headerName);
 		if (!StringUtils.hasText(header)) {
 			return false;
 		}
diff --git a/web/src/main/java/org/springframework/security/web/util/matcher/IpAddressMatcher.java b/web/src/main/java/org/springframework/security/web/util/matcher/IpAddressMatcher.java
index 52cb321e3d..6ab47a19f7 100644
--- a/web/src/main/java/org/springframework/security/web/util/matcher/IpAddressMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/util/matcher/IpAddressMatcher.java
@@ -50,14 +50,14 @@ public final class IpAddressMatcher implements RequestMatcher {
 		if (ipAddress.indexOf('/') > 0) {
 			String[] addressAndMask = StringUtils.split(ipAddress, "/");
 			ipAddress = addressAndMask[0];
-			nMaskBits = Integer.parseInt(addressAndMask[1]);
+			this.nMaskBits = Integer.parseInt(addressAndMask[1]);
 		}
 		else {
-			nMaskBits = -1;
+			this.nMaskBits = -1;
 		}
-		requiredAddress = parseAddress(ipAddress);
-		Assert.isTrue(requiredAddress.getAddress().length * 8 >= nMaskBits,
-				String.format("IP address %s is too short for bitmask of length %d", ipAddress, nMaskBits));
+		this.requiredAddress = parseAddress(ipAddress);
+		Assert.isTrue(this.requiredAddress.getAddress().length * 8 >= this.nMaskBits,
+				String.format("IP address %s is too short for bitmask of length %d", ipAddress, this.nMaskBits));
 	}
 
 	public boolean matches(HttpServletRequest request) {
@@ -67,19 +67,19 @@ public final class IpAddressMatcher implements RequestMatcher {
 	public boolean matches(String address) {
 		InetAddress remoteAddress = parseAddress(address);
 
-		if (!requiredAddress.getClass().equals(remoteAddress.getClass())) {
+		if (!this.requiredAddress.getClass().equals(remoteAddress.getClass())) {
 			return false;
 		}
 
-		if (nMaskBits < 0) {
-			return remoteAddress.equals(requiredAddress);
+		if (this.nMaskBits < 0) {
+			return remoteAddress.equals(this.requiredAddress);
 		}
 
 		byte[] remAddr = remoteAddress.getAddress();
-		byte[] reqAddr = requiredAddress.getAddress();
+		byte[] reqAddr = this.requiredAddress.getAddress();
 
-		int nMaskFullBytes = nMaskBits / 8;
-		byte finalByte = (byte) (0xFF00 >> (nMaskBits & 0x07));
+		int nMaskFullBytes = this.nMaskBits / 8;
+		byte finalByte = (byte) (0xFF00 >> (this.nMaskBits & 0x07));
 
 		// System.out.println("Mask is " + new sun.misc.HexDumpEncoder().encode(mask));
 
diff --git a/web/src/main/java/org/springframework/security/web/util/matcher/NegatedRequestMatcher.java b/web/src/main/java/org/springframework/security/web/util/matcher/NegatedRequestMatcher.java
index 430c652355..1dd2631e41 100644
--- a/web/src/main/java/org/springframework/security/web/util/matcher/NegatedRequestMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/util/matcher/NegatedRequestMatcher.java
@@ -47,16 +47,16 @@ public class NegatedRequestMatcher implements RequestMatcher {
 	}
 
 	public boolean matches(HttpServletRequest request) {
-		boolean result = !requestMatcher.matches(request);
-		if (logger.isDebugEnabled()) {
-			logger.debug("matches = " + result);
+		boolean result = !this.requestMatcher.matches(request);
+		if (this.logger.isDebugEnabled()) {
+			this.logger.debug("matches = " + result);
 		}
 		return result;
 	}
 
 	@Override
 	public String toString() {
-		return "NegatedRequestMatcher [requestMatcher=" + requestMatcher + "]";
+		return "NegatedRequestMatcher [requestMatcher=" + this.requestMatcher + "]";
 	}
 
 }
\ No newline at end of file
diff --git a/web/src/main/java/org/springframework/security/web/util/matcher/OrRequestMatcher.java b/web/src/main/java/org/springframework/security/web/util/matcher/OrRequestMatcher.java
index da03cda07e..4e38d5c600 100644
--- a/web/src/main/java/org/springframework/security/web/util/matcher/OrRequestMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/util/matcher/OrRequestMatcher.java
@@ -59,22 +59,22 @@ public final class OrRequestMatcher implements RequestMatcher {
 	}
 
 	public boolean matches(HttpServletRequest request) {
-		for (RequestMatcher matcher : requestMatchers) {
-			if (logger.isDebugEnabled()) {
-				logger.debug("Trying to match using " + matcher);
+		for (RequestMatcher matcher : this.requestMatchers) {
+			if (this.logger.isDebugEnabled()) {
+				this.logger.debug("Trying to match using " + matcher);
 			}
 			if (matcher.matches(request)) {
-				logger.debug("matched");
+				this.logger.debug("matched");
 				return true;
 			}
 		}
-		logger.debug("No matches found");
+		this.logger.debug("No matches found");
 		return false;
 	}
 
 	@Override
 	public String toString() {
-		return "OrRequestMatcher [requestMatchers=" + requestMatchers + "]";
+		return "OrRequestMatcher [requestMatchers=" + this.requestMatchers + "]";
 	}
 
 }
\ No newline at end of file
diff --git a/web/src/main/java/org/springframework/security/web/util/matcher/RegexRequestMatcher.java b/web/src/main/java/org/springframework/security/web/util/matcher/RegexRequestMatcher.java
index 56b4b79d49..b6158d30be 100644
--- a/web/src/main/java/org/springframework/security/web/util/matcher/RegexRequestMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/util/matcher/RegexRequestMatcher.java
@@ -81,7 +81,7 @@ public final class RegexRequestMatcher implements RequestMatcher {
 	 * @return true if the pattern matches the URL, false otherwise.
 	 */
 	public boolean matches(HttpServletRequest request) {
-		if (httpMethod != null && request.getMethod() != null && httpMethod != valueOf(request.getMethod())) {
+		if (this.httpMethod != null && request.getMethod() != null && this.httpMethod != valueOf(request.getMethod())) {
 			return false;
 		}
 
@@ -103,10 +103,10 @@ public final class RegexRequestMatcher implements RequestMatcher {
 		}
 
 		if (logger.isDebugEnabled()) {
-			logger.debug("Checking match of request : '" + url + "'; against '" + pattern + "'");
+			logger.debug("Checking match of request : '" + url + "'; against '" + this.pattern + "'");
 		}
 
-		return pattern.matcher(url).matches();
+		return this.pattern.matcher(url).matches();
 	}
 
 	/**
diff --git a/web/src/main/java/org/springframework/security/web/util/matcher/RequestHeaderRequestMatcher.java b/web/src/main/java/org/springframework/security/web/util/matcher/RequestHeaderRequestMatcher.java
index 274c9e01ba..235e001e1d 100644
--- a/web/src/main/java/org/springframework/security/web/util/matcher/RequestHeaderRequestMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/util/matcher/RequestHeaderRequestMatcher.java
@@ -81,18 +81,18 @@ public final class RequestHeaderRequestMatcher implements RequestMatcher {
 	}
 
 	public boolean matches(HttpServletRequest request) {
-		String actualHeaderValue = request.getHeader(expectedHeaderName);
-		if (expectedHeaderValue == null) {
+		String actualHeaderValue = request.getHeader(this.expectedHeaderName);
+		if (this.expectedHeaderValue == null) {
 			return actualHeaderValue != null;
 		}
 
-		return expectedHeaderValue.equals(actualHeaderValue);
+		return this.expectedHeaderValue.equals(actualHeaderValue);
 	}
 
 	@Override
 	public String toString() {
-		return "RequestHeaderRequestMatcher [expectedHeaderName=" + expectedHeaderName + ", expectedHeaderValue="
-				+ expectedHeaderValue + "]";
+		return "RequestHeaderRequestMatcher [expectedHeaderName=" + this.expectedHeaderName + ", expectedHeaderValue="
+				+ this.expectedHeaderValue + "]";
 	}
 
 }
diff --git a/web/src/test/java/org/springframework/security/MockFilterConfig.java b/web/src/test/java/org/springframework/security/MockFilterConfig.java
index a105de9600..f2ac50619f 100644
--- a/web/src/test/java/org/springframework/security/MockFilterConfig.java
+++ b/web/src/test/java/org/springframework/security/MockFilterConfig.java
@@ -36,7 +36,7 @@ public class MockFilterConfig implements FilterConfig {
 	}
 
 	public String getInitParameter(String arg0) {
-		Object result = map.get(arg0);
+		Object result = this.map.get(arg0);
 
 		if (result != null) {
 			return (String) result;
@@ -55,7 +55,7 @@ public class MockFilterConfig implements FilterConfig {
 	}
 
 	public void setInitParmeter(String parameter, String value) {
-		map.put(parameter, value);
+		this.map.put(parameter, value);
 	}
 
 }
diff --git a/web/src/test/java/org/springframework/security/MockPortResolver.java b/web/src/test/java/org/springframework/security/MockPortResolver.java
index 245de791ec..65be621c9b 100644
--- a/web/src/test/java/org/springframework/security/MockPortResolver.java
+++ b/web/src/test/java/org/springframework/security/MockPortResolver.java
@@ -38,10 +38,10 @@ public class MockPortResolver implements PortResolver {
 
 	public int getServerPort(ServletRequest request) {
 		if ((request.getScheme() != null) && request.getScheme().equals("https")) {
-			return https;
+			return this.https;
 		}
 		else {
-			return http;
+			return this.http;
 		}
 	}
 
diff --git a/web/src/test/java/org/springframework/security/test/web/reactive/server/WebTestHandler.java b/web/src/test/java/org/springframework/security/test/web/reactive/server/WebTestHandler.java
index 166e893415..6eb74cd5c4 100644
--- a/web/src/test/java/org/springframework/security/test/web/reactive/server/WebTestHandler.java
+++ b/web/src/test/java/org/springframework/security/test/web/reactive/server/WebTestHandler.java
@@ -37,7 +37,7 @@ public final class WebTestHandler {
 	private final WebHandler handler;
 
 	private WebTestHandler(WebFilter... filters) {
-		this.handler = new FilteringWebHandler(webHandler, Arrays.asList(filters));
+		this.handler = new FilteringWebHandler(this.webHandler, Arrays.asList(filters));
 	}
 
 	public WebHandlerResult exchange(BaseBuilder<?> baseBuilder) {
@@ -46,8 +46,8 @@ public final class WebTestHandler {
 	}
 
 	public WebHandlerResult exchange(ServerWebExchange exchange) {
-		handler.handle(exchange).block();
-		return new WebHandlerResult(webHandler.exchange);
+		this.handler.handle(exchange).block();
+		return new WebHandlerResult(this.webHandler.exchange);
 	}
 
 	public static final class WebHandlerResult {
@@ -59,7 +59,7 @@ public final class WebTestHandler {
 		}
 
 		public ServerWebExchange getExchange() {
-			return exchange;
+			return this.exchange;
 		}
 
 	}
diff --git a/web/src/test/java/org/springframework/security/web/FilterChainProxyTests.java b/web/src/test/java/org/springframework/security/web/FilterChainProxyTests.java
index 5bf0ccab8c..2c11daeee9 100644
--- a/web/src/test/java/org/springframework/security/web/FilterChainProxyTests.java
+++ b/web/src/test/java/org/springframework/security/web/FilterChainProxyTests.java
@@ -71,21 +71,21 @@ public class FilterChainProxyTests {
 
 	@Before
 	public void setup() throws Exception {
-		matcher = mock(RequestMatcher.class);
-		filter = mock(Filter.class);
+		this.matcher = mock(RequestMatcher.class);
+		this.filter = mock(Filter.class);
 		doAnswer((Answer<Object>) inv -> {
 			Object[] args = inv.getArguments();
 			FilterChain fc = (FilterChain) args[2];
 			HttpServletRequestWrapper extraWrapper = new HttpServletRequestWrapper((HttpServletRequest) args[0]);
 			fc.doFilter(extraWrapper, (HttpServletResponse) args[1]);
 			return null;
-		}).when(filter).doFilter(any(), any(), any());
-		fcp = new FilterChainProxy(new DefaultSecurityFilterChain(matcher, Arrays.asList(filter)));
-		fcp.setFilterChainValidator(mock(FilterChainProxy.FilterChainValidator.class));
-		request = new MockHttpServletRequest("GET", "");
-		request.setServletPath("/path");
-		response = new MockHttpServletResponse();
-		chain = mock(FilterChain.class);
+		}).when(this.filter).doFilter(any(), any(), any());
+		this.fcp = new FilterChainProxy(new DefaultSecurityFilterChain(this.matcher, Arrays.asList(this.filter)));
+		this.fcp.setFilterChainValidator(mock(FilterChainProxy.FilterChainValidator.class));
+		this.request = new MockHttpServletRequest("GET", "");
+		this.request.setServletPath("/path");
+		this.response = new MockHttpServletResponse();
+		this.chain = mock(FilterChain.class);
 	}
 
 	@After
@@ -95,58 +95,60 @@ public class FilterChainProxyTests {
 
 	@Test
 	public void toStringCallSucceeds() {
-		fcp.afterPropertiesSet();
-		fcp.toString();
+		this.fcp.afterPropertiesSet();
+		this.fcp.toString();
 	}
 
 	@Test
 	public void securityFilterChainIsNotInvokedIfMatchFails() throws Exception {
-		when(matcher.matches(any(HttpServletRequest.class))).thenReturn(false);
-		fcp.doFilter(request, response, chain);
-		assertThat(fcp.getFilterChains()).hasSize(1);
-		assertThat(fcp.getFilterChains().get(0).getFilters().get(0)).isSameAs(filter);
+		when(this.matcher.matches(any(HttpServletRequest.class))).thenReturn(false);
+		this.fcp.doFilter(this.request, this.response, this.chain);
+		assertThat(this.fcp.getFilterChains()).hasSize(1);
+		assertThat(this.fcp.getFilterChains().get(0).getFilters().get(0)).isSameAs(this.filter);
 
-		verifyZeroInteractions(filter);
+		verifyZeroInteractions(this.filter);
 		// The actual filter chain should be invoked though
-		verify(chain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
+		verify(this.chain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
 	}
 
 	@Test
 	public void originalChainIsInvokedAfterSecurityChainIfMatchSucceeds() throws Exception {
-		when(matcher.matches(any(HttpServletRequest.class))).thenReturn(true);
-		fcp.doFilter(request, response, chain);
+		when(this.matcher.matches(any(HttpServletRequest.class))).thenReturn(true);
+		this.fcp.doFilter(this.request, this.response, this.chain);
 
-		verify(filter).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class), any(FilterChain.class));
-		verify(chain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
+		verify(this.filter).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class),
+				any(FilterChain.class));
+		verify(this.chain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
 	}
 
 	@Test
 	public void originalFilterChainIsInvokedIfMatchingSecurityChainIsEmpty() throws Exception {
 		List<Filter> noFilters = Collections.emptyList();
-		fcp = new FilterChainProxy(new DefaultSecurityFilterChain(matcher, noFilters));
+		this.fcp = new FilterChainProxy(new DefaultSecurityFilterChain(this.matcher, noFilters));
 
-		when(matcher.matches(any(HttpServletRequest.class))).thenReturn(true);
-		fcp.doFilter(request, response, chain);
+		when(this.matcher.matches(any(HttpServletRequest.class))).thenReturn(true);
+		this.fcp.doFilter(this.request, this.response, this.chain);
 
-		verify(chain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
+		verify(this.chain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
 	}
 
 	@Test
 	public void requestIsWrappedForMatchingAndFilteringWhenMatchIsFound() throws Exception {
-		when(matcher.matches(any())).thenReturn(true);
-		fcp.doFilter(request, response, chain);
-		verify(matcher).matches(any(FirewalledRequest.class));
-		verify(filter).doFilter(any(FirewalledRequest.class), any(HttpServletResponse.class), any(FilterChain.class));
-		verify(chain).doFilter(any(), any(HttpServletResponse.class));
+		when(this.matcher.matches(any())).thenReturn(true);
+		this.fcp.doFilter(this.request, this.response, this.chain);
+		verify(this.matcher).matches(any(FirewalledRequest.class));
+		verify(this.filter).doFilter(any(FirewalledRequest.class), any(HttpServletResponse.class),
+				any(FilterChain.class));
+		verify(this.chain).doFilter(any(), any(HttpServletResponse.class));
 	}
 
 	@Test
 	public void requestIsWrappedForMatchingAndFilteringWhenMatchIsNotFound() throws Exception {
-		when(matcher.matches(any(HttpServletRequest.class))).thenReturn(false);
-		fcp.doFilter(request, response, chain);
-		verify(matcher).matches(any(FirewalledRequest.class));
-		verifyZeroInteractions(filter);
-		verify(chain).doFilter(any(FirewalledRequest.class), any(HttpServletResponse.class));
+		when(this.matcher.matches(any(HttpServletRequest.class))).thenReturn(false);
+		this.fcp.doFilter(this.request, this.response, this.chain);
+		verify(this.matcher).matches(any(FirewalledRequest.class));
+		verifyZeroInteractions(this.filter);
+		verify(this.chain).doFilter(any(FirewalledRequest.class), any(HttpServletResponse.class));
 	}
 
 	@Test
@@ -155,10 +157,10 @@ public class FilterChainProxyTests {
 		FirewalledRequest fwr = mock(FirewalledRequest.class);
 		when(fwr.getRequestURI()).thenReturn("/");
 		when(fwr.getContextPath()).thenReturn("");
-		fcp.setFirewall(fw);
-		when(fw.getFirewalledRequest(request)).thenReturn(fwr);
-		when(matcher.matches(any(HttpServletRequest.class))).thenReturn(false);
-		fcp.doFilter(request, response, chain);
+		this.fcp.setFirewall(fw);
+		when(fw.getFirewalledRequest(this.request)).thenReturn(fwr);
+		when(this.matcher.matches(any(HttpServletRequest.class))).thenReturn(false);
+		this.fcp.doFilter(this.request, this.response, this.chain);
 		verify(fwr).reset();
 	}
 
@@ -166,50 +168,52 @@ public class FilterChainProxyTests {
 	@Test
 	public void bothWrappersAreResetWithNestedFcps() throws Exception {
 		HttpFirewall fw = mock(HttpFirewall.class);
-		FilterChainProxy firstFcp = new FilterChainProxy(new DefaultSecurityFilterChain(matcher, fcp));
+		FilterChainProxy firstFcp = new FilterChainProxy(new DefaultSecurityFilterChain(this.matcher, this.fcp));
 		firstFcp.setFirewall(fw);
-		fcp.setFirewall(fw);
+		this.fcp.setFirewall(fw);
 		FirewalledRequest firstFwr = mock(FirewalledRequest.class, "firstFwr");
 		when(firstFwr.getRequestURI()).thenReturn("/");
 		when(firstFwr.getContextPath()).thenReturn("");
 		FirewalledRequest fwr = mock(FirewalledRequest.class, "fwr");
 		when(fwr.getRequestURI()).thenReturn("/");
 		when(fwr.getContextPath()).thenReturn("");
-		when(fw.getFirewalledRequest(request)).thenReturn(firstFwr);
+		when(fw.getFirewalledRequest(this.request)).thenReturn(firstFwr);
 		when(fw.getFirewalledRequest(firstFwr)).thenReturn(fwr);
 		when(fwr.getRequest()).thenReturn(firstFwr);
-		when(firstFwr.getRequest()).thenReturn(request);
-		when(matcher.matches(any())).thenReturn(true);
-		firstFcp.doFilter(request, response, chain);
+		when(firstFwr.getRequest()).thenReturn(this.request);
+		when(this.matcher.matches(any())).thenReturn(true);
+		firstFcp.doFilter(this.request, this.response, this.chain);
 		verify(firstFwr).reset();
 		verify(fwr).reset();
 	}
 
 	@Test
 	public void doFilterClearsSecurityContextHolder() throws Exception {
-		when(matcher.matches(any(HttpServletRequest.class))).thenReturn(true);
+		when(this.matcher.matches(any(HttpServletRequest.class))).thenReturn(true);
 		doAnswer((Answer<Object>) inv -> {
 			SecurityContextHolder.getContext()
 					.setAuthentication(new TestingAuthenticationToken("username", "password"));
 			return null;
-		}).when(filter).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class), any(FilterChain.class));
+		}).when(this.filter).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class),
+				any(FilterChain.class));
 
-		fcp.doFilter(request, response, chain);
+		this.fcp.doFilter(this.request, this.response, this.chain);
 
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
 	}
 
 	@Test
 	public void doFilterClearsSecurityContextHolderWithException() throws Exception {
-		when(matcher.matches(any(HttpServletRequest.class))).thenReturn(true);
+		when(this.matcher.matches(any(HttpServletRequest.class))).thenReturn(true);
 		doAnswer((Answer<Object>) inv -> {
 			SecurityContextHolder.getContext()
 					.setAuthentication(new TestingAuthenticationToken("username", "password"));
 			throw new ServletException("oops");
-		}).when(filter).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class), any(FilterChain.class));
+		}).when(this.filter).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class),
+				any(FilterChain.class));
 
 		try {
-			fcp.doFilter(request, response, chain);
+			this.fcp.doFilter(this.request, this.response, this.chain);
 			fail("Expected Exception");
 		}
 		catch (ServletException success) {
@@ -222,22 +226,23 @@ public class FilterChainProxyTests {
 	@Test
 	public void doFilterClearsSecurityContextHolderOnceOnForwards() throws Exception {
 		final FilterChain innerChain = mock(FilterChain.class);
-		when(matcher.matches(any(HttpServletRequest.class))).thenReturn(true);
+		when(this.matcher.matches(any(HttpServletRequest.class))).thenReturn(true);
 		doAnswer((Answer<Object>) inv -> {
 			TestingAuthenticationToken expected = new TestingAuthenticationToken("username", "password");
 			SecurityContextHolder.getContext().setAuthentication(expected);
 			doAnswer((Answer<Object>) inv1 -> {
-				innerChain.doFilter(request, response);
+				innerChain.doFilter(this.request, this.response);
 				return null;
-			}).when(filter).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class),
+			}).when(this.filter).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class),
 					any(FilterChain.class));
 
-			fcp.doFilter(request, response, innerChain);
+			this.fcp.doFilter(this.request, this.response, innerChain);
 			assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(expected);
 			return null;
-		}).when(filter).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class), any(FilterChain.class));
+		}).when(this.filter).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class),
+				any(FilterChain.class));
 
-		fcp.doFilter(request, response, chain);
+		this.fcp.doFilter(this.request, this.response, this.chain);
 
 		verify(innerChain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
@@ -245,19 +250,19 @@ public class FilterChainProxyTests {
 
 	@Test(expected = IllegalArgumentException.class)
 	public void setRequestRejectedHandlerDoesNotAcceptNull() {
-		fcp.setRequestRejectedHandler(null);
+		this.fcp.setRequestRejectedHandler(null);
 	}
 
 	@Test
 	public void requestRejectedHandlerIsCalledIfFirewallThrowsRequestRejectedException() throws Exception {
 		HttpFirewall fw = mock(HttpFirewall.class);
 		RequestRejectedHandler rjh = mock(RequestRejectedHandler.class);
-		fcp.setFirewall(fw);
-		fcp.setRequestRejectedHandler(rjh);
+		this.fcp.setFirewall(fw);
+		this.fcp.setRequestRejectedHandler(rjh);
 		RequestRejectedException requestRejectedException = new RequestRejectedException("Contains illegal chars");
-		when(fw.getFirewalledRequest(request)).thenThrow(requestRejectedException);
-		fcp.doFilter(request, response, chain);
-		verify(rjh).handle(eq(request), eq(response), eq((requestRejectedException)));
+		when(fw.getFirewalledRequest(this.request)).thenThrow(requestRejectedException);
+		this.fcp.doFilter(this.request, this.response, this.chain);
+		verify(rjh).handle(eq(this.request), eq(this.response), eq((requestRejectedException)));
 	}
 
 }
diff --git a/web/src/test/java/org/springframework/security/web/access/DefaultWebInvocationPrivilegeEvaluatorTests.java b/web/src/test/java/org/springframework/security/web/access/DefaultWebInvocationPrivilegeEvaluatorTests.java
index 2f2a52b20f..f5e98a599f 100644
--- a/web/src/test/java/org/springframework/security/web/access/DefaultWebInvocationPrivilegeEvaluatorTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/DefaultWebInvocationPrivilegeEvaluatorTests.java
@@ -56,43 +56,43 @@ public class DefaultWebInvocationPrivilegeEvaluatorTests {
 
 	@Before
 	public final void setUp() {
-		interceptor = new FilterSecurityInterceptor();
-		ods = mock(FilterInvocationSecurityMetadataSource.class);
-		adm = mock(AccessDecisionManager.class);
-		ram = mock(RunAsManager.class);
-		interceptor.setAuthenticationManager(mock(AuthenticationManager.class));
-		interceptor.setSecurityMetadataSource(ods);
-		interceptor.setAccessDecisionManager(adm);
-		interceptor.setRunAsManager(ram);
-		interceptor.setApplicationEventPublisher(mock(ApplicationEventPublisher.class));
+		this.interceptor = new FilterSecurityInterceptor();
+		this.ods = mock(FilterInvocationSecurityMetadataSource.class);
+		this.adm = mock(AccessDecisionManager.class);
+		this.ram = mock(RunAsManager.class);
+		this.interceptor.setAuthenticationManager(mock(AuthenticationManager.class));
+		this.interceptor.setSecurityMetadataSource(this.ods);
+		this.interceptor.setAccessDecisionManager(this.adm);
+		this.interceptor.setRunAsManager(this.ram);
+		this.interceptor.setApplicationEventPublisher(mock(ApplicationEventPublisher.class));
 		SecurityContextHolder.clearContext();
 	}
 
 	@Test
 	public void permitsAccessIfNoMatchingAttributesAndPublicInvocationsAllowed() {
-		DefaultWebInvocationPrivilegeEvaluator wipe = new DefaultWebInvocationPrivilegeEvaluator(interceptor);
-		when(ods.getAttributes(anyObject())).thenReturn(null);
+		DefaultWebInvocationPrivilegeEvaluator wipe = new DefaultWebInvocationPrivilegeEvaluator(this.interceptor);
+		when(this.ods.getAttributes(anyObject())).thenReturn(null);
 		assertThat(wipe.isAllowed("/context", "/foo/index.jsp", "GET", mock(Authentication.class))).isTrue();
 	}
 
 	@Test
 	public void deniesAccessIfNoMatchingAttributesAndPublicInvocationsNotAllowed() {
-		DefaultWebInvocationPrivilegeEvaluator wipe = new DefaultWebInvocationPrivilegeEvaluator(interceptor);
-		when(ods.getAttributes(anyObject())).thenReturn(null);
-		interceptor.setRejectPublicInvocations(true);
+		DefaultWebInvocationPrivilegeEvaluator wipe = new DefaultWebInvocationPrivilegeEvaluator(this.interceptor);
+		when(this.ods.getAttributes(anyObject())).thenReturn(null);
+		this.interceptor.setRejectPublicInvocations(true);
 		assertThat(wipe.isAllowed("/context", "/foo/index.jsp", "GET", mock(Authentication.class))).isFalse();
 	}
 
 	@Test
 	public void deniesAccessIfAuthenticationIsNull() {
-		DefaultWebInvocationPrivilegeEvaluator wipe = new DefaultWebInvocationPrivilegeEvaluator(interceptor);
+		DefaultWebInvocationPrivilegeEvaluator wipe = new DefaultWebInvocationPrivilegeEvaluator(this.interceptor);
 		assertThat(wipe.isAllowed("/foo/index.jsp", null)).isFalse();
 	}
 
 	@Test
 	public void allowsAccessIfAccessDecisionManagerDoes() {
 		Authentication token = new TestingAuthenticationToken("test", "Password", "MOCK_INDEX");
-		DefaultWebInvocationPrivilegeEvaluator wipe = new DefaultWebInvocationPrivilegeEvaluator(interceptor);
+		DefaultWebInvocationPrivilegeEvaluator wipe = new DefaultWebInvocationPrivilegeEvaluator(this.interceptor);
 		assertThat(wipe.isAllowed("/foo/index.jsp", token)).isTrue();
 	}
 
@@ -100,9 +100,9 @@ public class DefaultWebInvocationPrivilegeEvaluatorTests {
 	@Test
 	public void deniesAccessIfAccessDecisionManagerDoes() {
 		Authentication token = new TestingAuthenticationToken("test", "Password", "MOCK_INDEX");
-		DefaultWebInvocationPrivilegeEvaluator wipe = new DefaultWebInvocationPrivilegeEvaluator(interceptor);
+		DefaultWebInvocationPrivilegeEvaluator wipe = new DefaultWebInvocationPrivilegeEvaluator(this.interceptor);
 
-		doThrow(new AccessDeniedException("")).when(adm).decide(any(Authentication.class), anyObject(), anyList());
+		doThrow(new AccessDeniedException("")).when(this.adm).decide(any(Authentication.class), anyObject(), anyList());
 
 		assertThat(wipe.isAllowed("/foo/index.jsp", token)).isFalse();
 	}
diff --git a/web/src/test/java/org/springframework/security/web/access/DelegatingAccessDeniedHandlerTests.java b/web/src/test/java/org/springframework/security/web/access/DelegatingAccessDeniedHandlerTests.java
index ae3af51c4b..d7a53f822e 100644
--- a/web/src/test/java/org/springframework/security/web/access/DelegatingAccessDeniedHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/DelegatingAccessDeniedHandlerTests.java
@@ -59,35 +59,35 @@ public class DelegatingAccessDeniedHandlerTests {
 
 	@Before
 	public void setup() {
-		handlers = new LinkedHashMap<>();
+		this.handlers = new LinkedHashMap<>();
 	}
 
 	@Test
 	public void moreSpecificDoesNotInvokeLessSpecific() throws Exception {
-		handlers.put(CsrfException.class, handler1);
-		handler = new DelegatingAccessDeniedHandler(handlers, handler3);
+		this.handlers.put(CsrfException.class, this.handler1);
+		this.handler = new DelegatingAccessDeniedHandler(this.handlers, this.handler3);
 
 		AccessDeniedException accessDeniedException = new AccessDeniedException("");
-		handler.handle(request, response, accessDeniedException);
+		this.handler.handle(this.request, this.response, accessDeniedException);
 
-		verify(handler1, never()).handle(any(HttpServletRequest.class), any(HttpServletResponse.class),
+		verify(this.handler1, never()).handle(any(HttpServletRequest.class), any(HttpServletResponse.class),
 				any(AccessDeniedException.class));
-		verify(handler3).handle(request, response, accessDeniedException);
+		verify(this.handler3).handle(this.request, this.response, accessDeniedException);
 	}
 
 	@Test
 	public void matchesDoesNotInvokeDefault() throws Exception {
-		handlers.put(InvalidCsrfTokenException.class, handler1);
-		handlers.put(MissingCsrfTokenException.class, handler2);
-		handler = new DelegatingAccessDeniedHandler(handlers, handler3);
+		this.handlers.put(InvalidCsrfTokenException.class, this.handler1);
+		this.handlers.put(MissingCsrfTokenException.class, this.handler2);
+		this.handler = new DelegatingAccessDeniedHandler(this.handlers, this.handler3);
 
 		AccessDeniedException accessDeniedException = new MissingCsrfTokenException("123");
-		handler.handle(request, response, accessDeniedException);
+		this.handler.handle(this.request, this.response, accessDeniedException);
 
-		verify(handler1, never()).handle(any(HttpServletRequest.class), any(HttpServletResponse.class),
+		verify(this.handler1, never()).handle(any(HttpServletRequest.class), any(HttpServletResponse.class),
 				any(AccessDeniedException.class));
-		verify(handler2).handle(request, response, accessDeniedException);
-		verify(handler3, never()).handle(any(HttpServletRequest.class), any(HttpServletResponse.class),
+		verify(this.handler2).handle(this.request, this.response, accessDeniedException);
+		verify(this.handler3, never()).handle(any(HttpServletRequest.class), any(HttpServletResponse.class),
 				any(AccessDeniedException.class));
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/access/ExceptionTranslationFilterTests.java b/web/src/test/java/org/springframework/security/web/access/ExceptionTranslationFilterTests.java
index 10ff2b8a23..884035c0e6 100644
--- a/web/src/test/java/org/springframework/security/web/access/ExceptionTranslationFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/ExceptionTranslationFilterTests.java
@@ -101,7 +101,7 @@ public class ExceptionTranslationFilterTests {
 				new AnonymousAuthenticationToken("ignored", "ignored", AuthorityUtils.createAuthorityList("IGNORED")));
 
 		// Test
-		ExceptionTranslationFilter filter = new ExceptionTranslationFilter(mockEntryPoint);
+		ExceptionTranslationFilter filter = new ExceptionTranslationFilter(this.mockEntryPoint);
 		filter.setAuthenticationTrustResolver(new AuthenticationTrustResolverImpl());
 		assertThat(filter.getAuthenticationTrustResolver()).isNotNull();
 
@@ -134,7 +134,7 @@ public class ExceptionTranslationFilterTests {
 		SecurityContextHolder.setContext(securityContext);
 
 		// Test
-		ExceptionTranslationFilter filter = new ExceptionTranslationFilter(mockEntryPoint);
+		ExceptionTranslationFilter filter = new ExceptionTranslationFilter(this.mockEntryPoint);
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		filter.doFilter(request, response, fc);
 		assertThat(response.getRedirectedUrl()).isEqualTo("/mycontext/login.jsp");
@@ -161,7 +161,7 @@ public class ExceptionTranslationFilterTests {
 		adh.setErrorPage("/error.jsp");
 
 		// Test
-		ExceptionTranslationFilter filter = new ExceptionTranslationFilter(mockEntryPoint);
+		ExceptionTranslationFilter filter = new ExceptionTranslationFilter(this.mockEntryPoint);
 		filter.setAccessDeniedHandler(adh);
 
 		MockHttpServletResponse response = new MockHttpServletResponse();
@@ -217,7 +217,7 @@ public class ExceptionTranslationFilterTests {
 				any(HttpServletResponse.class));
 
 		// Test
-		ExceptionTranslationFilter filter = new ExceptionTranslationFilter(mockEntryPoint);
+		ExceptionTranslationFilter filter = new ExceptionTranslationFilter(this.mockEntryPoint);
 		filter.afterPropertiesSet();
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		filter.doFilter(request, response, fc);
@@ -244,7 +244,7 @@ public class ExceptionTranslationFilterTests {
 
 		// Test
 		HttpSessionRequestCache requestCache = new HttpSessionRequestCache();
-		ExceptionTranslationFilter filter = new ExceptionTranslationFilter(mockEntryPoint, requestCache);
+		ExceptionTranslationFilter filter = new ExceptionTranslationFilter(this.mockEntryPoint, requestCache);
 		requestCache.setPortResolver(new MockPortResolver(8080, 8443));
 		filter.afterPropertiesSet();
 		MockHttpServletResponse response = new MockHttpServletResponse();
@@ -260,7 +260,7 @@ public class ExceptionTranslationFilterTests {
 
 	@Test(expected = IllegalArgumentException.class)
 	public void startupDetectsMissingRequestCache() {
-		new ExceptionTranslationFilter(mockEntryPoint, null);
+		new ExceptionTranslationFilter(this.mockEntryPoint, null);
 	}
 
 	@Test
@@ -270,8 +270,8 @@ public class ExceptionTranslationFilterTests {
 		request.setServletPath("/secure/page.html");
 
 		// Test
-		ExceptionTranslationFilter filter = new ExceptionTranslationFilter(mockEntryPoint);
-		assertThat(filter.getAuthenticationEntryPoint()).isSameAs(mockEntryPoint);
+		ExceptionTranslationFilter filter = new ExceptionTranslationFilter(this.mockEntryPoint);
+		assertThat(filter.getAuthenticationEntryPoint()).isSameAs(this.mockEntryPoint);
 
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		filter.doFilter(request, response, mock(FilterChain.class));
@@ -279,7 +279,7 @@ public class ExceptionTranslationFilterTests {
 
 	@Test
 	public void thrownIOExceptionServletExceptionAndRuntimeExceptionsAreRethrown() throws Exception {
-		ExceptionTranslationFilter filter = new ExceptionTranslationFilter(mockEntryPoint);
+		ExceptionTranslationFilter filter = new ExceptionTranslationFilter(this.mockEntryPoint);
 
 		filter.afterPropertiesSet();
 		Exception[] exceptions = { new IOException(), new ServletException(), new RuntimeException() };
@@ -307,12 +307,12 @@ public class ExceptionTranslationFilterTests {
 		};
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
-		ExceptionTranslationFilter filter = new ExceptionTranslationFilter(mockEntryPoint);
+		ExceptionTranslationFilter filter = new ExceptionTranslationFilter(this.mockEntryPoint);
 
 		assertThatThrownBy(() -> filter.doFilter(request, response, chain)).isInstanceOf(ServletException.class)
 				.hasCauseInstanceOf(AccessDeniedException.class);
 
-		verifyZeroInteractions(mockEntryPoint);
+		verifyZeroInteractions(this.mockEntryPoint);
 	}
 
 	private AuthenticationEntryPoint mockEntryPoint = (request, response, authException) -> response
diff --git a/web/src/test/java/org/springframework/security/web/access/channel/ChannelProcessingFilterTests.java b/web/src/test/java/org/springframework/security/web/access/channel/ChannelProcessingFilterTests.java
index 64464a451a..ba8b7ea096 100644
--- a/web/src/test/java/org/springframework/security/web/access/channel/ChannelProcessingFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/channel/ChannelProcessingFilterTests.java
@@ -162,13 +162,13 @@ public class ChannelProcessingFilterTests {
 		}
 
 		public void decide(FilterInvocation invocation, Collection<ConfigAttribute> config) throws IOException {
-			if (commitAResponse) {
+			if (this.commitAResponse) {
 				invocation.getHttpResponse().sendRedirect("/redirected");
 			}
 		}
 
 		public boolean supports(ConfigAttribute attribute) {
-			if (attribute.getAttribute().equals(supportAttribute)) {
+			if (attribute.getAttribute().equals(this.supportAttribute)) {
 				return true;
 			}
 			else {
@@ -195,8 +195,8 @@ public class ChannelProcessingFilterTests {
 		public Collection<ConfigAttribute> getAttributes(Object object) throws IllegalArgumentException {
 			FilterInvocation fi = (FilterInvocation) object;
 
-			if (servletPath.equals(fi.getHttpRequest().getServletPath())) {
-				return toReturn;
+			if (this.servletPath.equals(fi.getHttpRequest().getServletPath())) {
+				return this.toReturn;
 			}
 			else {
 				return null;
@@ -204,11 +204,11 @@ public class ChannelProcessingFilterTests {
 		}
 
 		public Collection<ConfigAttribute> getAllConfigAttributes() {
-			if (!provideIterator) {
+			if (!this.provideIterator) {
 				return null;
 			}
 
-			return toReturn;
+			return this.toReturn;
 		}
 
 		public boolean supports(Class<?> clazz) {
diff --git a/web/src/test/java/org/springframework/security/web/access/expression/DefaultWebSecurityExpressionHandlerTests.java b/web/src/test/java/org/springframework/security/web/access/expression/DefaultWebSecurityExpressionHandlerTests.java
index 711d9a3359..16a5f0e164 100644
--- a/web/src/test/java/org/springframework/security/web/access/expression/DefaultWebSecurityExpressionHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/expression/DefaultWebSecurityExpressionHandlerTests.java
@@ -54,7 +54,7 @@ public class DefaultWebSecurityExpressionHandlerTests {
 
 	@Before
 	public void setup() {
-		handler = new DefaultWebSecurityExpressionHandler();
+		this.handler = new DefaultWebSecurityExpressionHandler();
 	}
 
 	@After
@@ -68,29 +68,29 @@ public class DefaultWebSecurityExpressionHandlerTests {
 		RootBeanDefinition bean = new RootBeanDefinition(SecurityConfig.class);
 		bean.getConstructorArgumentValues().addGenericArgumentValue("ROLE_A");
 		appContext.registerBeanDefinition("role", bean);
-		handler.setApplicationContext(appContext);
+		this.handler.setApplicationContext(appContext);
 
-		EvaluationContext ctx = handler.createEvaluationContext(mock(Authentication.class),
+		EvaluationContext ctx = this.handler.createEvaluationContext(mock(Authentication.class),
 				mock(FilterInvocation.class));
-		ExpressionParser parser = handler.getExpressionParser();
+		ExpressionParser parser = this.handler.getExpressionParser();
 		assertThat(parser.parseExpression("@role.getAttribute() == 'ROLE_A'").getValue(ctx, Boolean.class)).isTrue();
 		assertThat(parser.parseExpression("@role.attribute == 'ROLE_A'").getValue(ctx, Boolean.class)).isTrue();
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void setTrustResolverNull() {
-		handler.setTrustResolver(null);
+		this.handler.setTrustResolver(null);
 	}
 
 	@Test
 	public void createEvaluationContextCustomTrustResolver() {
-		handler.setTrustResolver(trustResolver);
+		this.handler.setTrustResolver(this.trustResolver);
 
-		Expression expression = handler.getExpressionParser().parseExpression("anonymous");
-		EvaluationContext context = handler.createEvaluationContext(authentication, invocation);
+		Expression expression = this.handler.getExpressionParser().parseExpression("anonymous");
+		EvaluationContext context = this.handler.createEvaluationContext(this.authentication, this.invocation);
 		assertThat(expression.getValue(context, Boolean.class)).isFalse();
 
-		verify(trustResolver).isAnonymous(authentication);
+		verify(this.trustResolver).isAnonymous(this.authentication);
 	}
 
 }
diff --git a/web/src/test/java/org/springframework/security/web/access/expression/WebExpressionVoterTests.java b/web/src/test/java/org/springframework/security/web/access/expression/WebExpressionVoterTests.java
index b2da9ea7e3..f08f177a57 100644
--- a/web/src/test/java/org/springframework/security/web/access/expression/WebExpressionVoterTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/expression/WebExpressionVoterTests.java
@@ -60,8 +60,9 @@ public class WebExpressionVoterTests {
 	@Test
 	public void abstainsIfNoAttributeFound() {
 		WebExpressionVoter voter = new WebExpressionVoter();
-		assertThat(voter.vote(user, new FilterInvocation("/path", "GET"), SecurityConfig.createList("A", "B", "C")))
-				.isEqualTo(AccessDecisionVoter.ACCESS_ABSTAIN);
+		assertThat(
+				voter.vote(this.user, new FilterInvocation("/path", "GET"), SecurityConfig.createList("A", "B", "C")))
+						.isEqualTo(AccessDecisionVoter.ACCESS_ABSTAIN);
 	}
 
 	@Test
@@ -76,16 +77,16 @@ public class WebExpressionVoterTests {
 		SecurityExpressionHandler eh = mock(SecurityExpressionHandler.class);
 		FilterInvocation fi = new FilterInvocation("/path", "GET");
 		voter.setExpressionHandler(eh);
-		when(eh.createEvaluationContext(user, fi)).thenReturn(ctx);
+		when(eh.createEvaluationContext(this.user, fi)).thenReturn(ctx);
 		when(ex.getValue(ctx, Boolean.class)).thenReturn(Boolean.TRUE).thenReturn(Boolean.FALSE);
 		ArrayList attributes = new ArrayList();
 		attributes.addAll(SecurityConfig.createList("A", "B", "C"));
 		attributes.add(weca);
 
-		assertThat(voter.vote(user, fi, attributes)).isEqualTo(AccessDecisionVoter.ACCESS_GRANTED);
+		assertThat(voter.vote(this.user, fi, attributes)).isEqualTo(AccessDecisionVoter.ACCESS_GRANTED);
 
 		// Second time false
-		assertThat(voter.vote(user, fi, attributes)).isEqualTo(AccessDecisionVoter.ACCESS_DENIED);
+		assertThat(voter.vote(this.user, fi, attributes)).isEqualTo(AccessDecisionVoter.ACCESS_DENIED);
 	}
 
 	// SEC-2507
diff --git a/web/src/test/java/org/springframework/security/web/access/intercept/FilterSecurityInterceptorTests.java b/web/src/test/java/org/springframework/security/web/access/intercept/FilterSecurityInterceptorTests.java
index a9c34ba4bd..d56a4de170 100644
--- a/web/src/test/java/org/springframework/security/web/access/intercept/FilterSecurityInterceptorTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/intercept/FilterSecurityInterceptorTests.java
@@ -76,17 +76,17 @@ public class FilterSecurityInterceptorTests {
 
 	@Before
 	public final void setUp() {
-		interceptor = new FilterSecurityInterceptor();
-		am = mock(AuthenticationManager.class);
-		ods = mock(FilterInvocationSecurityMetadataSource.class);
-		adm = mock(AccessDecisionManager.class);
-		ram = mock(RunAsManager.class);
-		publisher = mock(ApplicationEventPublisher.class);
-		interceptor.setAuthenticationManager(am);
-		interceptor.setSecurityMetadataSource(ods);
-		interceptor.setAccessDecisionManager(adm);
-		interceptor.setRunAsManager(ram);
-		interceptor.setApplicationEventPublisher(publisher);
+		this.interceptor = new FilterSecurityInterceptor();
+		this.am = mock(AuthenticationManager.class);
+		this.ods = mock(FilterInvocationSecurityMetadataSource.class);
+		this.adm = mock(AccessDecisionManager.class);
+		this.ram = mock(RunAsManager.class);
+		this.publisher = mock(ApplicationEventPublisher.class);
+		this.interceptor.setAuthenticationManager(this.am);
+		this.interceptor.setSecurityMetadataSource(this.ods);
+		this.interceptor.setAccessDecisionManager(this.adm);
+		this.interceptor.setRunAsManager(this.ram);
+		this.interceptor.setApplicationEventPublisher(this.publisher);
 		SecurityContextHolder.clearContext();
 	}
 
@@ -97,14 +97,14 @@ public class FilterSecurityInterceptorTests {
 
 	@Test(expected = IllegalArgumentException.class)
 	public void testEnsuresAccessDecisionManagerSupportsFilterInvocationClass() throws Exception {
-		when(adm.supports(FilterInvocation.class)).thenReturn(true);
-		interceptor.afterPropertiesSet();
+		when(this.adm.supports(FilterInvocation.class)).thenReturn(true);
+		this.interceptor.afterPropertiesSet();
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void testEnsuresRunAsManagerSupportsFilterInvocationClass() throws Exception {
-		when(adm.supports(FilterInvocation.class)).thenReturn(false);
-		interceptor.afterPropertiesSet();
+		when(this.adm.supports(FilterInvocation.class)).thenReturn(false);
+		this.interceptor.afterPropertiesSet();
 	}
 
 	/**
@@ -120,12 +120,12 @@ public class FilterSecurityInterceptorTests {
 
 		FilterInvocation fi = createinvocation();
 
-		when(ods.getAttributes(fi)).thenReturn(SecurityConfig.createList("MOCK_OK"));
+		when(this.ods.getAttributes(fi)).thenReturn(SecurityConfig.createList("MOCK_OK"));
 
-		interceptor.invoke(fi);
+		this.interceptor.invoke(fi);
 
 		// SEC-1697
-		verify(publisher, never()).publishEvent(any(AuthorizedEvent.class));
+		verify(this.publisher, never()).publishEvent(any(AuthorizedEvent.class));
 	}
 
 	@Test
@@ -138,13 +138,13 @@ public class FilterSecurityInterceptorTests {
 
 		doThrow(new RuntimeException()).when(chain).doFilter(any(HttpServletRequest.class),
 				any(HttpServletResponse.class));
-		when(ods.getAttributes(fi)).thenReturn(SecurityConfig.createList("MOCK_OK"));
+		when(this.ods.getAttributes(fi)).thenReturn(SecurityConfig.createList("MOCK_OK"));
 
 		AfterInvocationManager aim = mock(AfterInvocationManager.class);
-		interceptor.setAfterInvocationManager(aim);
+		this.interceptor.setAfterInvocationManager(aim);
 
 		try {
-			interceptor.invoke(fi);
+			this.interceptor.invoke(fi);
 			fail("Expected exception");
 		}
 		catch (RuntimeException expected) {
@@ -165,20 +165,20 @@ public class FilterSecurityInterceptorTests {
 		RunAsManager runAsManager = mock(RunAsManager.class);
 		when(runAsManager.buildRunAs(eq(token), any(), anyCollection()))
 				.thenReturn(new RunAsUserToken("key", "someone", "creds", token.getAuthorities(), token.getClass()));
-		interceptor.setRunAsManager(runAsManager);
+		this.interceptor.setRunAsManager(runAsManager);
 
 		FilterInvocation fi = createinvocation();
 		FilterChain chain = fi.getChain();
 
 		doThrow(new RuntimeException()).when(chain).doFilter(any(HttpServletRequest.class),
 				any(HttpServletResponse.class));
-		when(ods.getAttributes(fi)).thenReturn(SecurityConfig.createList("MOCK_OK"));
+		when(this.ods.getAttributes(fi)).thenReturn(SecurityConfig.createList("MOCK_OK"));
 
 		AfterInvocationManager aim = mock(AfterInvocationManager.class);
-		interceptor.setAfterInvocationManager(aim);
+		this.interceptor.setAfterInvocationManager(aim);
 
 		try {
-			interceptor.invoke(fi);
+			this.interceptor.invoke(fi);
 			fail("Expected exception");
 		}
 		catch (RuntimeException expected) {
diff --git a/web/src/test/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilterTests.java
index be8d0831a9..aa1d4986fb 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilterTests.java
@@ -83,10 +83,10 @@ public class AbstractAuthenticationProcessingFilterTests {
 
 	@Before
 	public void setUp() {
-		successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
-		successHandler.setDefaultTargetUrl("/logged_in.jsp");
-		failureHandler = new SimpleUrlAuthenticationFailureHandler();
-		failureHandler.setDefaultFailureUrl("/failed.jsp");
+		this.successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
+		this.successHandler.setDefaultTargetUrl("/logged_in.jsp");
+		this.failureHandler = new SimpleUrlAuthenticationFailureHandler();
+		this.failureHandler.setDefaultFailureUrl("/failed.jsp");
 		SecurityContextHolder.clearContext();
 	}
 
@@ -128,7 +128,7 @@ public class AbstractAuthenticationProcessingFilterTests {
 		// Setup our test object, to grant access
 		MockAuthenticationFilter filter = new MockAuthenticationFilter(true);
 		filter.setFilterProcessesUrl("/j_OTHER_LOCATION");
-		filter.setAuthenticationSuccessHandler(successHandler);
+		filter.setAuthenticationSuccessHandler(this.successHandler);
 
 		// Test
 		filter.doFilter(request, response, chain);
@@ -192,8 +192,8 @@ public class AbstractAuthenticationProcessingFilterTests {
 
 		filter.setFilterProcessesUrl("/j_mock_post");
 		filter.setSessionAuthenticationStrategy(mock(SessionAuthenticationStrategy.class));
-		filter.setAuthenticationSuccessHandler(successHandler);
-		filter.setAuthenticationFailureHandler(failureHandler);
+		filter.setAuthenticationSuccessHandler(this.successHandler);
+		filter.setAuthenticationFailureHandler(this.failureHandler);
 		filter.setAuthenticationManager(mock(AuthenticationManager.class));
 		filter.afterPropertiesSet();
 
@@ -225,8 +225,8 @@ public class AbstractAuthenticationProcessingFilterTests {
 				mock(AuthenticationManager.class));
 
 		filter.setSessionAuthenticationStrategy(mock(SessionAuthenticationStrategy.class));
-		filter.setAuthenticationSuccessHandler(successHandler);
-		filter.setAuthenticationFailureHandler(failureHandler);
+		filter.setAuthenticationSuccessHandler(this.successHandler);
+		filter.setAuthenticationFailureHandler(this.failureHandler);
 		filter.afterPropertiesSet();
 
 		// Test
@@ -259,8 +259,8 @@ public class AbstractAuthenticationProcessingFilterTests {
 				new AntPathRequestMatcher("/j_eradicate_corona_virus"), mock(AuthenticationManager.class));
 
 		filter.setSessionAuthenticationStrategy(mock(SessionAuthenticationStrategy.class));
-		filter.setAuthenticationSuccessHandler(successHandler);
-		filter.setAuthenticationFailureHandler(failureHandler);
+		filter.setAuthenticationSuccessHandler(this.successHandler);
+		filter.setAuthenticationFailureHandler(this.failureHandler);
 		filter.afterPropertiesSet();
 
 		// Test
@@ -275,9 +275,9 @@ public class AbstractAuthenticationProcessingFilterTests {
 	@Test
 	public void testStartupDetectsInvalidAuthenticationManager() {
 		AbstractAuthenticationProcessingFilter filter = new MockAuthenticationFilter();
-		filter.setAuthenticationFailureHandler(failureHandler);
-		successHandler.setDefaultTargetUrl("/");
-		filter.setAuthenticationSuccessHandler(successHandler);
+		filter.setAuthenticationFailureHandler(this.failureHandler);
+		this.successHandler.setDefaultTargetUrl("/");
+		filter.setAuthenticationSuccessHandler(this.successHandler);
 		filter.setFilterProcessesUrl("/login");
 
 		try {
@@ -292,9 +292,9 @@ public class AbstractAuthenticationProcessingFilterTests {
 	@Test
 	public void testStartupDetectsInvalidFilterProcessesUrl() {
 		AbstractAuthenticationProcessingFilter filter = new MockAuthenticationFilter();
-		filter.setAuthenticationFailureHandler(failureHandler);
+		filter.setAuthenticationFailureHandler(this.failureHandler);
 		filter.setAuthenticationManager(mock(AuthenticationManager.class));
-		filter.setAuthenticationSuccessHandler(successHandler);
+		filter.setAuthenticationSuccessHandler(this.successHandler);
 
 		try {
 			filter.setFilterProcessesUrl(null);
@@ -321,7 +321,7 @@ public class AbstractAuthenticationProcessingFilterTests {
 		// Setup our test object, to grant access
 		MockAuthenticationFilter filter = new MockAuthenticationFilter(true);
 		filter.setFilterProcessesUrl("/j_mock_post");
-		filter.setAuthenticationSuccessHandler(successHandler);
+		filter.setAuthenticationSuccessHandler(this.successHandler);
 
 		// Test
 		filter.doFilter(request, response, chain);
@@ -339,7 +339,7 @@ public class AbstractAuthenticationProcessingFilterTests {
 		// Setup our test object, to deny access
 		filter = new MockAuthenticationFilter(false);
 		filter.setFilterProcessesUrl("/j_mock_post");
-		filter.setAuthenticationFailureHandler(failureHandler);
+		filter.setAuthenticationFailureHandler(this.failureHandler);
 
 		// Test
 		filter.doFilter(request, response, chain);
@@ -414,8 +414,8 @@ public class AbstractAuthenticationProcessingFilterTests {
 
 		// Reject authentication, so exception would normally be stored in session
 		MockAuthenticationFilter filter = new MockAuthenticationFilter(false);
-		failureHandler.setAllowSessionCreation(false);
-		filter.setAuthenticationFailureHandler(failureHandler);
+		this.failureHandler.setAllowSessionCreation(false);
+		filter.setAuthenticationFailureHandler(this.failureHandler);
 
 		filter.doFilter(request, response, chain);
 
@@ -434,8 +434,8 @@ public class AbstractAuthenticationProcessingFilterTests {
 		MockHttpServletResponse response = new MockHttpServletResponse();
 
 		MockAuthenticationFilter filter = new MockAuthenticationFilter(false);
-		successHandler.setDefaultTargetUrl("https://monkeymachine.co.uk/");
-		filter.setAuthenticationSuccessHandler(successHandler);
+		this.successHandler.setDefaultTargetUrl("https://monkeymachine.co.uk/");
+		filter.setAuthenticationSuccessHandler(this.successHandler);
 
 		filter.doFilter(request, response, chain);
 
@@ -456,8 +456,8 @@ public class AbstractAuthenticationProcessingFilterTests {
 		MockAuthenticationFilter filter = new MockAuthenticationFilter(false);
 		ReflectionTestUtils.setField(filter, "logger", logger);
 		filter.exceptionToThrow = new InternalAuthenticationServiceException("Mock requested to do so");
-		successHandler.setDefaultTargetUrl("https://monkeymachine.co.uk/");
-		filter.setAuthenticationSuccessHandler(successHandler);
+		this.successHandler.setDefaultTargetUrl("https://monkeymachine.co.uk/");
+		filter.setAuthenticationSuccessHandler(this.successHandler);
 
 		filter.doFilter(request, response, chain);
 
@@ -508,12 +508,12 @@ public class AbstractAuthenticationProcessingFilterTests {
 
 		public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
 				throws AuthenticationException {
-			if (grantAccess) {
+			if (this.grantAccess) {
 				return new UsernamePasswordAuthenticationToken("test", "test",
 						AuthorityUtils.createAuthorityList("TEST"));
 			}
 			else {
-				throw exceptionToThrow;
+				throw this.exceptionToThrow;
 			}
 		}
 
@@ -533,7 +533,7 @@ public class AbstractAuthenticationProcessingFilterTests {
 		}
 
 		public void doFilter(ServletRequest request, ServletResponse response) {
-			if (!expectToProceed) {
+			if (!this.expectToProceed) {
 				fail("Did not expect filter chain to proceed");
 			}
 		}
diff --git a/web/src/test/java/org/springframework/security/web/authentication/AnonymousAuthenticationFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/AnonymousAuthenticationFilterTests.java
index 0816a26477..8fe9848e70 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/AnonymousAuthenticationFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/AnonymousAuthenticationFilterTests.java
@@ -115,7 +115,7 @@ public class AnonymousAuthenticationFilterTests {
 		}
 
 		public void doFilter(ServletRequest request, ServletResponse response) {
-			if (!expectToProceed) {
+			if (!this.expectToProceed) {
 				fail("Did not expect filter chain to proceed");
 			}
 		}
diff --git a/web/src/test/java/org/springframework/security/web/authentication/AuthenticationFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/AuthenticationFilterTests.java
index 9e3d720999..53e60f8f62 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/AuthenticationFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/AuthenticationFilterTests.java
@@ -212,7 +212,7 @@ public class AuthenticationFilterTests {
 
 		AuthenticationFilter filter = new AuthenticationFilter(this.authenticationManagerResolver,
 				this.authenticationConverter);
-		filter.setSuccessHandler(successHandler);
+		filter.setSuccessHandler(this.successHandler);
 
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", "/");
 		MockHttpServletResponse response = new MockHttpServletResponse();
@@ -232,7 +232,7 @@ public class AuthenticationFilterTests {
 
 		AuthenticationFilter filter = new AuthenticationFilter(this.authenticationManagerResolver,
 				this.authenticationConverter);
-		filter.setSuccessHandler(successHandler);
+		filter.setSuccessHandler(this.successHandler);
 
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", "/");
 		MockHttpServletResponse response = new MockHttpServletResponse();
diff --git a/web/src/test/java/org/springframework/security/web/authentication/DefaultLoginPageGeneratingFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/DefaultLoginPageGeneratingFilterTests.java
index d270d3773a..ff8e4b3560 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/DefaultLoginPageGeneratingFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/DefaultLoginPageGeneratingFilterTests.java
@@ -49,9 +49,9 @@ public class DefaultLoginPageGeneratingFilterTests {
 	public void generatingPageWithAuthenticationProcessingFilterOnlyIsSuccessFul() throws Exception {
 		DefaultLoginPageGeneratingFilter filter = new DefaultLoginPageGeneratingFilter(
 				new UsernamePasswordAuthenticationFilter());
-		filter.doFilter(new MockHttpServletRequest("GET", "/login"), new MockHttpServletResponse(), chain);
+		filter.doFilter(new MockHttpServletRequest("GET", "/login"), new MockHttpServletResponse(), this.chain);
 		filter.doFilter(new MockHttpServletRequest("GET", "/login;pathparam=unused"), new MockHttpServletResponse(),
-				chain);
+				this.chain);
 	}
 
 	@Test
@@ -60,7 +60,7 @@ public class DefaultLoginPageGeneratingFilterTests {
 				new UsernamePasswordAuthenticationFilter());
 		MockHttpServletResponse response = new MockHttpServletResponse();
 
-		filter.doFilter(new MockHttpServletRequest("GET", "/login"), response, chain);
+		filter.doFilter(new MockHttpServletRequest("GET", "/login"), response, this.chain);
 
 		assertThat(response.getContentAsString()).isNotEmpty();
 	}
@@ -72,7 +72,7 @@ public class DefaultLoginPageGeneratingFilterTests {
 		MockHttpServletResponse response = new MockHttpServletResponse();
 
 		MockHttpServletRequest request = new MockHttpServletRequest("POST", "/login");
-		filter.doFilter(request, response, chain);
+		filter.doFilter(request, response, this.chain);
 
 		assertThat(response.getContentAsString()).isEmpty();
 	}
@@ -85,7 +85,7 @@ public class DefaultLoginPageGeneratingFilterTests {
 
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", "/context/login");
 		request.setContextPath("/context");
-		filter.doFilter(request, response, chain);
+		filter.doFilter(request, response, this.chain);
 
 		assertThat(response.getContentAsString()).isNotEmpty();
 	}
@@ -96,7 +96,7 @@ public class DefaultLoginPageGeneratingFilterTests {
 				new UsernamePasswordAuthenticationFilter());
 		MockHttpServletResponse response = new MockHttpServletResponse();
 
-		filter.doFilter(new MockHttpServletRequest("GET", "/api/login"), response, chain);
+		filter.doFilter(new MockHttpServletRequest("GET", "/api/login"), response, this.chain);
 
 		assertThat(response.getContentAsString()).isEmpty();
 	}
@@ -110,7 +110,7 @@ public class DefaultLoginPageGeneratingFilterTests {
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", "/login");
 		request.setQueryString("error");
 
-		filter.doFilter(request, response, chain);
+		filter.doFilter(request, response, this.chain);
 
 		assertThat(response.getContentAsString()).isNotEmpty();
 	}
@@ -124,7 +124,7 @@ public class DefaultLoginPageGeneratingFilterTests {
 				Collections.singletonMap("XYUU", "\u8109\u640F\u7F51\u5E10\u6237\u767B\u5F55"));
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", "/login");
-		filter.doFilter(request, response, chain);
+		filter.doFilter(request, response, this.chain);
 		assertThat(response
 				.getContentLength() == response.getContentAsString().getBytes(response.getCharacterEncoding()).length)
 						.isTrue();
@@ -139,7 +139,7 @@ public class DefaultLoginPageGeneratingFilterTests {
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", "/login");
 		request.setQueryString("not");
 
-		filter.doFilter(request, response, chain);
+		filter.doFilter(request, response, this.chain);
 
 		assertThat(response.getContentAsString()).isEmpty();
 	}
@@ -147,7 +147,7 @@ public class DefaultLoginPageGeneratingFilterTests {
 	@Test
 	public void generatingPageWithOpenIdFilterOnlyIsSuccessFul() throws Exception {
 		DefaultLoginPageGeneratingFilter filter = new DefaultLoginPageGeneratingFilter(new MockProcessingFilter());
-		filter.doFilter(new MockHttpServletRequest("GET", "/login"), new MockHttpServletResponse(), chain);
+		filter.doFilter(new MockHttpServletRequest("GET", "/login"), new MockHttpServletResponse(), this.chain);
 	}
 
 	// Fake OpenID filter (since it's not in this module
@@ -182,7 +182,7 @@ public class DefaultLoginPageGeneratingFilterTests {
 				"Bad credentials", Locale.KOREA);
 		request.getSession().setAttribute(WebAttributes.AUTHENTICATION_EXCEPTION, new BadCredentialsException(message));
 
-		filter.doFilter(request, new MockHttpServletResponse(), chain);
+		filter.doFilter(request, new MockHttpServletResponse(), this.chain);
 	}
 
 	// gh-5394
@@ -197,7 +197,7 @@ public class DefaultLoginPageGeneratingFilterTests {
 				Collections.singletonMap("/oauth2/authorization/google", clientName));
 
 		MockHttpServletResponse response = new MockHttpServletResponse();
-		filter.doFilter(new MockHttpServletRequest("GET", "/login"), response, chain);
+		filter.doFilter(new MockHttpServletRequest("GET", "/login"), response, this.chain);
 
 		assertThat(response.getContentAsString())
 				.contains("<a href=\"/oauth2/authorization/google\">Google &lt; &gt; &quot; &#39; &amp;</a>");
@@ -213,7 +213,7 @@ public class DefaultLoginPageGeneratingFilterTests {
 		filter.setSaml2AuthenticationUrlToProviderName(Collections.singletonMap("/saml/sso/google", clientName));
 
 		MockHttpServletResponse response = new MockHttpServletResponse();
-		filter.doFilter(new MockHttpServletRequest("GET", "/login"), response, chain);
+		filter.doFilter(new MockHttpServletRequest("GET", "/login"), response, this.chain);
 
 		assertThat(response.getContentAsString()).contains("Login with SAML 2.0");
 		assertThat(response.getContentAsString())
diff --git a/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPointContextTests.java b/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPointContextTests.java
index 9c80ce2b63..43980c148a 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPointContextTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPointContextTests.java
@@ -56,9 +56,9 @@ public class DelegatingAuthenticationEntryPointContextTests {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setRemoteAddr("192.168.1.10");
 		request.addHeader("User-Agent", "Mozilla/5.0");
-		daep.commence(request, null, null);
-		verify(firstAEP).commence(request, null, null);
-		verify(defaultAEP, never()).commence(any(HttpServletRequest.class), any(HttpServletResponse.class),
+		this.daep.commence(request, null, null);
+		verify(this.firstAEP).commence(request, null, null);
+		verify(this.defaultAEP, never()).commence(any(HttpServletRequest.class), any(HttpServletResponse.class),
 				any(AuthenticationException.class));
 
 	}
@@ -68,9 +68,9 @@ public class DelegatingAuthenticationEntryPointContextTests {
 	public void testDefaultAEP() throws Exception {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setRemoteAddr("192.168.1.10");
-		daep.commence(request, null, null);
-		verify(defaultAEP).commence(request, null, null);
-		verify(firstAEP, never()).commence(any(HttpServletRequest.class), any(HttpServletResponse.class),
+		this.daep.commence(request, null, null);
+		verify(this.defaultAEP).commence(request, null, null);
+		verify(this.firstAEP, never()).commence(any(HttpServletRequest.class), any(HttpServletResponse.class),
 				any(AuthenticationException.class));
 
 	}
diff --git a/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPointTests.java b/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPointTests.java
index 4f97b0e352..767f6ce5ac 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPointTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPointTests.java
@@ -50,23 +50,23 @@ public class DelegatingAuthenticationEntryPointTests {
 
 	@Before
 	public void before() {
-		defaultEntryPoint = mock(AuthenticationEntryPoint.class);
-		entryPoints = new LinkedHashMap<>();
-		daep = new DelegatingAuthenticationEntryPoint(entryPoints);
-		daep.setDefaultEntryPoint(defaultEntryPoint);
+		this.defaultEntryPoint = mock(AuthenticationEntryPoint.class);
+		this.entryPoints = new LinkedHashMap<>();
+		this.daep = new DelegatingAuthenticationEntryPoint(this.entryPoints);
+		this.daep.setDefaultEntryPoint(this.defaultEntryPoint);
 	}
 
 	@Test
 	public void testDefaultEntryPoint() throws Exception {
 		AuthenticationEntryPoint firstAEP = mock(AuthenticationEntryPoint.class);
 		RequestMatcher firstRM = mock(RequestMatcher.class);
-		when(firstRM.matches(request)).thenReturn(false);
-		entryPoints.put(firstRM, firstAEP);
+		when(firstRM.matches(this.request)).thenReturn(false);
+		this.entryPoints.put(firstRM, firstAEP);
 
-		daep.commence(request, null, null);
+		this.daep.commence(this.request, null, null);
 
-		verify(defaultEntryPoint).commence(request, null, null);
-		verify(firstAEP, never()).commence(request, null, null);
+		verify(this.defaultEntryPoint).commence(this.request, null, null);
+		verify(firstAEP, never()).commence(this.request, null, null);
 	}
 
 	@Test
@@ -75,16 +75,16 @@ public class DelegatingAuthenticationEntryPointTests {
 		RequestMatcher firstRM = mock(RequestMatcher.class);
 		AuthenticationEntryPoint secondAEP = mock(AuthenticationEntryPoint.class);
 		RequestMatcher secondRM = mock(RequestMatcher.class);
-		when(firstRM.matches(request)).thenReturn(true);
-		entryPoints.put(firstRM, firstAEP);
-		entryPoints.put(secondRM, secondAEP);
+		when(firstRM.matches(this.request)).thenReturn(true);
+		this.entryPoints.put(firstRM, firstAEP);
+		this.entryPoints.put(secondRM, secondAEP);
 
-		daep.commence(request, null, null);
+		this.daep.commence(this.request, null, null);
 
-		verify(firstAEP).commence(request, null, null);
-		verify(secondAEP, never()).commence(request, null, null);
-		verify(defaultEntryPoint, never()).commence(request, null, null);
-		verify(secondRM, never()).matches(request);
+		verify(firstAEP).commence(this.request, null, null);
+		verify(secondAEP, never()).commence(this.request, null, null);
+		verify(this.defaultEntryPoint, never()).commence(this.request, null, null);
+		verify(secondRM, never()).matches(this.request);
 	}
 
 	@Test
@@ -93,16 +93,16 @@ public class DelegatingAuthenticationEntryPointTests {
 		RequestMatcher firstRM = mock(RequestMatcher.class);
 		AuthenticationEntryPoint secondAEP = mock(AuthenticationEntryPoint.class);
 		RequestMatcher secondRM = mock(RequestMatcher.class);
-		when(firstRM.matches(request)).thenReturn(false);
-		when(secondRM.matches(request)).thenReturn(true);
-		entryPoints.put(firstRM, firstAEP);
-		entryPoints.put(secondRM, secondAEP);
+		when(firstRM.matches(this.request)).thenReturn(false);
+		when(secondRM.matches(this.request)).thenReturn(true);
+		this.entryPoints.put(firstRM, firstAEP);
+		this.entryPoints.put(secondRM, secondAEP);
 
-		daep.commence(request, null, null);
+		this.daep.commence(this.request, null, null);
 
-		verify(secondAEP).commence(request, null, null);
-		verify(firstAEP, never()).commence(request, null, null);
-		verify(defaultEntryPoint, never()).commence(request, null, null);
+		verify(secondAEP).commence(this.request, null, null);
+		verify(firstAEP, never()).commence(this.request, null, null);
+		verify(this.defaultEntryPoint, never()).commence(this.request, null, null);
 	}
 
 }
diff --git a/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationFailureHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationFailureHandlerTests.java
index d4422d8d2a..8883e12c4d 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationFailureHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationFailureHandlerTests.java
@@ -71,76 +71,76 @@ public class DelegatingAuthenticationFailureHandlerTests {
 
 	@Before
 	public void setup() {
-		handlers = new LinkedHashMap<>();
+		this.handlers = new LinkedHashMap<>();
 	}
 
 	@Test
 	public void handleByDefaultHandler() throws Exception {
-		handlers.put(BadCredentialsException.class, handler1);
-		handler = new DelegatingAuthenticationFailureHandler(handlers, defaultHandler);
+		this.handlers.put(BadCredentialsException.class, this.handler1);
+		this.handler = new DelegatingAuthenticationFailureHandler(this.handlers, this.defaultHandler);
 
 		AuthenticationException exception = new AccountExpiredException("");
-		handler.onAuthenticationFailure(request, response, exception);
+		this.handler.onAuthenticationFailure(this.request, this.response, exception);
 
-		verifyZeroInteractions(handler1, handler2);
-		verify(defaultHandler).onAuthenticationFailure(request, response, exception);
+		verifyZeroInteractions(this.handler1, this.handler2);
+		verify(this.defaultHandler).onAuthenticationFailure(this.request, this.response, exception);
 	}
 
 	@Test
 	public void handleByMappedHandlerWithSameType() throws Exception {
-		handlers.put(BadCredentialsException.class, handler1); // same type
-		handlers.put(AccountStatusException.class, handler2);
-		handler = new DelegatingAuthenticationFailureHandler(handlers, defaultHandler);
+		this.handlers.put(BadCredentialsException.class, this.handler1); // same type
+		this.handlers.put(AccountStatusException.class, this.handler2);
+		this.handler = new DelegatingAuthenticationFailureHandler(this.handlers, this.defaultHandler);
 
 		AuthenticationException exception = new BadCredentialsException("");
-		handler.onAuthenticationFailure(request, response, exception);
+		this.handler.onAuthenticationFailure(this.request, this.response, exception);
 
-		verifyZeroInteractions(handler2, defaultHandler);
-		verify(handler1).onAuthenticationFailure(request, response, exception);
+		verifyZeroInteractions(this.handler2, this.defaultHandler);
+		verify(this.handler1).onAuthenticationFailure(this.request, this.response, exception);
 	}
 
 	@Test
 	public void handleByMappedHandlerWithSuperType() throws Exception {
-		handlers.put(BadCredentialsException.class, handler1);
-		handlers.put(AccountStatusException.class, handler2); // super type of
-																// CredentialsExpiredException
-		handler = new DelegatingAuthenticationFailureHandler(handlers, defaultHandler);
+		this.handlers.put(BadCredentialsException.class, this.handler1);
+		this.handlers.put(AccountStatusException.class, this.handler2); // super type of
+		// CredentialsExpiredException
+		this.handler = new DelegatingAuthenticationFailureHandler(this.handlers, this.defaultHandler);
 
 		AuthenticationException exception = new CredentialsExpiredException("");
-		handler.onAuthenticationFailure(request, response, exception);
+		this.handler.onAuthenticationFailure(this.request, this.response, exception);
 
-		verifyZeroInteractions(handler1, defaultHandler);
-		verify(handler2).onAuthenticationFailure(request, response, exception);
+		verifyZeroInteractions(this.handler1, this.defaultHandler);
+		verify(this.handler2).onAuthenticationFailure(this.request, this.response, exception);
 	}
 
 	@Test
 	public void handlersIsNull() {
 
-		thrown.expect(IllegalArgumentException.class);
-		thrown.expectMessage("handlers cannot be null or empty");
+		this.thrown.expect(IllegalArgumentException.class);
+		this.thrown.expectMessage("handlers cannot be null or empty");
 
-		new DelegatingAuthenticationFailureHandler(null, defaultHandler);
+		new DelegatingAuthenticationFailureHandler(null, this.defaultHandler);
 
 	}
 
 	@Test
 	public void handlersIsEmpty() {
 
-		thrown.expect(IllegalArgumentException.class);
-		thrown.expectMessage("handlers cannot be null or empty");
+		this.thrown.expect(IllegalArgumentException.class);
+		this.thrown.expectMessage("handlers cannot be null or empty");
 
-		new DelegatingAuthenticationFailureHandler(handlers, defaultHandler);
+		new DelegatingAuthenticationFailureHandler(this.handlers, this.defaultHandler);
 
 	}
 
 	@Test
 	public void defaultHandlerIsNull() {
 
-		thrown.expect(IllegalArgumentException.class);
-		thrown.expectMessage("defaultHandler cannot be null");
+		this.thrown.expect(IllegalArgumentException.class);
+		this.thrown.expectMessage("defaultHandler cannot be null");
 
-		handlers.put(BadCredentialsException.class, handler1);
-		new DelegatingAuthenticationFailureHandler(handlers, null);
+		this.handlers.put(BadCredentialsException.class, this.handler1);
+		new DelegatingAuthenticationFailureHandler(this.handlers, null);
 
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/authentication/HttpStatusEntryPointTests.java b/web/src/test/java/org/springframework/security/web/authentication/HttpStatusEntryPointTests.java
index 46e8b2a17d..2ad510a7ea 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/HttpStatusEntryPointTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/HttpStatusEntryPointTests.java
@@ -42,11 +42,11 @@ public class HttpStatusEntryPointTests {
 	@SuppressWarnings("serial")
 	@Before
 	public void setup() {
-		request = new MockHttpServletRequest();
-		response = new MockHttpServletResponse();
-		authException = new AuthenticationException("") {
+		this.request = new MockHttpServletRequest();
+		this.response = new MockHttpServletResponse();
+		this.authException = new AuthenticationException("") {
 		};
-		entryPoint = new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED);
+		this.entryPoint = new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED);
 	}
 
 	@Test(expected = IllegalArgumentException.class)
@@ -56,9 +56,9 @@ public class HttpStatusEntryPointTests {
 
 	@Test
 	public void unauthorized() throws Exception {
-		entryPoint.commence(request, response, authException);
+		this.entryPoint.commence(this.request, this.response, this.authException);
 
-		assertThat(response.getStatus()).isEqualTo(HttpStatus.UNAUTHORIZED.value());
+		assertThat(this.response.getStatus()).isEqualTo(HttpStatus.UNAUTHORIZED.value());
 	}
 
 }
\ No newline at end of file
diff --git a/web/src/test/java/org/springframework/security/web/authentication/logout/LogoutHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/logout/LogoutHandlerTests.java
index 4b575ccfe8..6050578eaf 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/logout/LogoutHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/logout/LogoutHandlerTests.java
@@ -33,7 +33,7 @@ public class LogoutHandlerTests {
 
 	@Before
 	public void setUp() {
-		filter = new LogoutFilter("/success", new SecurityContextLogoutHandler());
+		this.filter = new LogoutFilter("/success", new SecurityContextLogoutHandler());
 	}
 
 	@Test
@@ -46,7 +46,7 @@ public class LogoutHandlerTests {
 		request.setQueryString("otherparam=blah");
 
 		DefaultHttpFirewall fw = new DefaultHttpFirewall();
-		assertThat(filter.requiresLogout(fw.getFirewalledRequest(request), response)).isTrue();
+		assertThat(this.filter.requiresLogout(fw.getFirewalledRequest(request), response)).isTrue();
 	}
 
 	@Test
@@ -59,7 +59,7 @@ public class LogoutHandlerTests {
 		request.setRequestURI("/context/logout?param=blah");
 		request.setQueryString("otherparam=blah");
 
-		assertThat(filter.requiresLogout(request, response)).isTrue();
+		assertThat(this.filter.requiresLogout(request, response)).isTrue();
 	}
 
 }
diff --git a/web/src/test/java/org/springframework/security/web/authentication/logout/LogoutSuccessEventPublishingLogoutHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/logout/LogoutSuccessEventPublishingLogoutHandlerTests.java
index 8e5f5f20ac..31c2b4372d 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/logout/LogoutSuccessEventPublishingLogoutHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/logout/LogoutSuccessEventPublishingLogoutHandlerTests.java
@@ -61,7 +61,7 @@ public class LogoutSuccessEventPublishingLogoutHandlerTests {
 		@Override
 		public void publishEvent(Object event) {
 			if (LogoutSuccessEvent.class.isAssignableFrom(event.getClass())) {
-				flag = true;
+				this.flag = true;
 			}
 		}
 
diff --git a/web/src/test/java/org/springframework/security/web/authentication/logout/SecurityContextLogoutHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/logout/SecurityContextLogoutHandlerTests.java
index 9bd5e9dbb5..0874268b81 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/logout/SecurityContextLogoutHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/logout/SecurityContextLogoutHandlerTests.java
@@ -43,10 +43,10 @@ public class SecurityContextLogoutHandlerTests {
 
 	@Before
 	public void setUp() {
-		request = new MockHttpServletRequest();
-		response = new MockHttpServletResponse();
+		this.request = new MockHttpServletRequest();
+		this.response = new MockHttpServletResponse();
 
-		handler = new SecurityContextLogoutHandler();
+		this.handler = new SecurityContextLogoutHandler();
 
 		SecurityContext context = SecurityContextHolder.createEmptyContext();
 		context.setAuthentication(
@@ -63,16 +63,16 @@ public class SecurityContextLogoutHandlerTests {
 	@Test
 	public void clearsAuthentication() {
 		SecurityContext beforeContext = SecurityContextHolder.getContext();
-		handler.logout(request, response, SecurityContextHolder.getContext().getAuthentication());
+		this.handler.logout(this.request, this.response, SecurityContextHolder.getContext().getAuthentication());
 		assertThat(beforeContext.getAuthentication()).isNull();
 	}
 
 	@Test
 	public void disableClearsAuthentication() {
-		handler.setClearAuthentication(false);
+		this.handler.setClearAuthentication(false);
 		SecurityContext beforeContext = SecurityContextHolder.getContext();
 		Authentication beforeAuthentication = beforeContext.getAuthentication();
-		handler.logout(request, response, SecurityContextHolder.getContext().getAuthentication());
+		this.handler.logout(this.request, this.response, SecurityContextHolder.getContext().getAuthentication());
 
 		assertThat(beforeContext.getAuthentication()).isNotNull();
 		assertThat(beforeContext.getAuthentication()).isSameAs(beforeAuthentication);
diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilterTests.java
index 922d3b8b92..1f2a9cde5f 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilterTests.java
@@ -59,7 +59,7 @@ public class AbstractPreAuthenticatedProcessingFilterTests {
 
 	@Before
 	public void createFilter() {
-		filter = new AbstractPreAuthenticatedProcessingFilter() {
+		this.filter = new AbstractPreAuthenticatedProcessingFilter() {
 			protected Object getPreAuthenticatedCredentials(HttpServletRequest request) {
 				return "n/a";
 			}
@@ -80,9 +80,9 @@ public class AbstractPreAuthenticatedProcessingFilterTests {
 	public void filterChainProceedsOnFailedAuthenticationByDefault() throws Exception {
 		AuthenticationManager am = mock(AuthenticationManager.class);
 		when(am.authenticate(any(Authentication.class))).thenThrow(new BadCredentialsException(""));
-		filter.setAuthenticationManager(am);
-		filter.afterPropertiesSet();
-		filter.doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(), mock(FilterChain.class));
+		this.filter.setAuthenticationManager(am);
+		this.filter.afterPropertiesSet();
+		this.filter.doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(), mock(FilterChain.class));
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
 	}
 
@@ -92,10 +92,10 @@ public class AbstractPreAuthenticatedProcessingFilterTests {
 			throws Exception {
 		AuthenticationManager am = mock(AuthenticationManager.class);
 		when(am.authenticate(any(Authentication.class))).thenThrow(new BadCredentialsException(""));
-		filter.setContinueFilterChainOnUnsuccessfulAuthentication(false);
-		filter.setAuthenticationManager(am);
-		filter.afterPropertiesSet();
-		filter.doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(), mock(FilterChain.class));
+		this.filter.setContinueFilterChainOnUnsuccessfulAuthentication(false);
+		this.filter.setAuthenticationManager(am);
+		this.filter.afterPropertiesSet();
+		this.filter.doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(), mock(FilterChain.class));
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
 	}
 
@@ -435,7 +435,7 @@ public class AbstractPreAuthenticatedProcessingFilterTests {
 		private boolean initFilterBeanInvoked;
 
 		protected Object getPreAuthenticatedPrincipal(HttpServletRequest httpRequest) {
-			return principal;
+			return this.principal;
 		}
 
 		protected Object getPreAuthenticatedCredentials(HttpServletRequest httpRequest) {
@@ -445,7 +445,7 @@ public class AbstractPreAuthenticatedProcessingFilterTests {
 		@Override
 		protected void initFilterBean() throws ServletException {
 			super.initFilterBean();
-			initFilterBeanInvoked = true;
+			this.initFilterBeanInvoked = true;
 		}
 
 	}
diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetailsTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetailsTests.java
index bea868e108..897e88532a 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetailsTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetailsTests.java
@@ -40,7 +40,7 @@ public class PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetailsTests {
 	@Test
 	public void testToString() {
 		PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails details = new PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails(
-				getRequest("testUser", new String[] {}), gas);
+				getRequest("testUser", new String[] {}), this.gas);
 		String toString = details.toString();
 		assertThat(toString.contains("Role1")).as("toString should contain Role1").isTrue();
 		assertThat(toString.contains("Role2")).as("toString should contain Role2").isTrue();
@@ -49,11 +49,10 @@ public class PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetailsTests {
 	@Test
 	public void testGetSetPreAuthenticatedGrantedAuthorities() {
 		PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails details = new PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails(
-				getRequest("testUser", new String[] {}), gas);
+				getRequest("testUser", new String[] {}), this.gas);
 		List<GrantedAuthority> returnedGas = details.getGrantedAuthorities();
-		assertThat(gas.containsAll(returnedGas) && returnedGas.containsAll(gas))
-				.withFailMessage(
-						"Collections do not contain same elements; expected: " + gas + ", returned: " + returnedGas)
+		assertThat(this.gas.containsAll(returnedGas) && returnedGas.containsAll(this.gas)).withFailMessage(
+				"Collections do not contain same elements; expected: " + this.gas + ", returned: " + returnedGas)
 				.isTrue();
 	}
 
@@ -62,7 +61,7 @@ public class PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetailsTests {
 			private Set<String> roles = new HashSet<>(Arrays.asList(aRoles));
 
 			public boolean isUserInRole(String arg0) {
-				return roles.contains(arg0);
+				return this.roles.contains(arg0);
 			}
 		};
 		req.setRemoteUser(userName);
diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/J2eeBasedPreAuthenticatedWebAuthenticationDetailsSourceTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/J2eeBasedPreAuthenticatedWebAuthenticationDetailsSourceTests.java
index a8af439c91..d3c1df80fe 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/J2eeBasedPreAuthenticatedWebAuthenticationDetailsSourceTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/J2eeBasedPreAuthenticatedWebAuthenticationDetailsSourceTests.java
@@ -170,7 +170,7 @@ public class J2eeBasedPreAuthenticatedWebAuthenticationDetailsSourceTests {
 			private Set<String> roles = new HashSet<>(Arrays.asList(aRoles));
 
 			public boolean isUserInRole(String arg0) {
-				return roles.contains(arg0);
+				return this.roles.contains(arg0);
 			}
 		};
 		req.setRemoteUser(userName);
diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/J2eePreAuthenticatedProcessingFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/J2eePreAuthenticatedProcessingFilterTests.java
index e2026090de..d0677000c0 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/J2eePreAuthenticatedProcessingFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/J2eePreAuthenticatedProcessingFilterTests.java
@@ -52,7 +52,7 @@ public class J2eePreAuthenticatedProcessingFilterTests {
 			private Set<String> roles = new HashSet<>(Arrays.asList(aRoles));
 
 			public boolean isUserInRole(String arg0) {
-				return roles.contains(arg0);
+				return this.roles.contains(arg0);
 			}
 		};
 		req.setRemoteUser(aUserName);
diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/x509/SubjectDnX509PrincipalExtractorTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/x509/SubjectDnX509PrincipalExtractorTests.java
index ecdb831ebd..6c1e7da0be 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/preauth/x509/SubjectDnX509PrincipalExtractorTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/x509/SubjectDnX509PrincipalExtractorTests.java
@@ -32,37 +32,37 @@ public class SubjectDnX509PrincipalExtractorTests {
 
 	@Before
 	public void setUp() {
-		extractor = new SubjectDnX509PrincipalExtractor();
-		extractor.setMessageSource(new SpringSecurityMessageSource());
+		this.extractor = new SubjectDnX509PrincipalExtractor();
+		this.extractor.setMessageSource(new SpringSecurityMessageSource());
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void invalidRegexFails() {
-		extractor.setSubjectDnRegex("CN=(.*?,"); // missing closing bracket on group
+		this.extractor.setSubjectDnRegex("CN=(.*?,"); // missing closing bracket on group
 	}
 
 	@Test
 	public void defaultCNPatternReturnsExcpectedPrincipal() throws Exception {
-		Object principal = extractor.extractPrincipal(X509TestUtils.buildTestCertificate());
+		Object principal = this.extractor.extractPrincipal(X509TestUtils.buildTestCertificate());
 		assertThat(principal).isEqualTo("Luke Taylor");
 	}
 
 	@Test
 	public void matchOnEmailReturnsExpectedPrincipal() throws Exception {
-		extractor.setSubjectDnRegex("emailAddress=(.*?),");
-		Object principal = extractor.extractPrincipal(X509TestUtils.buildTestCertificate());
+		this.extractor.setSubjectDnRegex("emailAddress=(.*?),");
+		Object principal = this.extractor.extractPrincipal(X509TestUtils.buildTestCertificate());
 		assertThat(principal).isEqualTo("luke@monkeymachine");
 	}
 
 	@Test(expected = BadCredentialsException.class)
 	public void matchOnShoeSizeThrowsBadCredentials() throws Exception {
-		extractor.setSubjectDnRegex("shoeSize=(.*?),");
-		extractor.extractPrincipal(X509TestUtils.buildTestCertificate());
+		this.extractor.setSubjectDnRegex("shoeSize=(.*?),");
+		this.extractor.extractPrincipal(X509TestUtils.buildTestCertificate());
 	}
 
 	@Test
 	public void defaultCNPatternReturnsPrincipalAtEndOfDNString() throws Exception {
-		Object principal = extractor.extractPrincipal(X509TestUtils.buildTestCertificateWithCnAtEnd());
+		Object principal = this.extractor.extractPrincipal(X509TestUtils.buildTestCertificateWithCnAtEnd());
 		assertThat(principal).isEqualTo("Duke");
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServicesTests.java b/web/src/test/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServicesTests.java
index 42bb0831fa..d6c2569e85 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServicesTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServicesTests.java
@@ -58,17 +58,17 @@ public class AbstractRememberMeServicesTests {
 
 	@Before
 	public void setup() {
-		uds = new MockUserDetailsService(joe, false);
+		this.uds = new MockUserDetailsService(joe, false);
 	}
 
 	@Test(expected = InvalidCookieException.class)
 	public void nonBase64CookieShouldBeDetected() {
-		new MockRememberMeServices(uds).decodeCookie("nonBase64CookieValue%");
+		new MockRememberMeServices(this.uds).decodeCookie("nonBase64CookieValue%");
 	}
 
 	@Test
 	public void setAndGetAreConsistent() throws Exception {
-		MockRememberMeServices services = new MockRememberMeServices(uds);
+		MockRememberMeServices services = new MockRememberMeServices(this.uds);
 		assertThat(services.getCookieName()).isNotNull();
 		assertThat(services.getParameter()).isNotNull();
 		assertThat(services.getKey()).isEqualTo("xxxx");
@@ -78,7 +78,7 @@ public class AbstractRememberMeServicesTests {
 		assertThat(services.getCookieName()).isEqualTo("kookie");
 		services.setTokenValiditySeconds(600);
 		assertThat(services.getTokenValiditySeconds()).isEqualTo(600);
-		assertThat(services.getUserDetailsService()).isSameAs(uds);
+		assertThat(services.getUserDetailsService()).isSameAs(this.uds);
 		AuthenticationDetailsSource ads = Mockito.mock(AuthenticationDetailsSource.class);
 		services.setAuthenticationDetailsSource(ads);
 		assertThat(services.getAuthenticationDetailsSource()).isSameAs(ads);
@@ -88,7 +88,7 @@ public class AbstractRememberMeServicesTests {
 	@Test
 	public void cookieShouldBeCorrectlyEncodedAndDecoded() {
 		String[] cookie = new String[] { "name:with:colon", "cookie", "tokens", "blah" };
-		MockRememberMeServices services = new MockRememberMeServices(uds);
+		MockRememberMeServices services = new MockRememberMeServices(this.uds);
 
 		String encoded = services.encodeCookie(cookie);
 		// '=' aren't allowed in version 0 cookies.
@@ -101,7 +101,7 @@ public class AbstractRememberMeServicesTests {
 	@Test
 	public void cookieWithOpenIDidentifierAsNameIsEncodedAndDecoded() {
 		String[] cookie = new String[] { "https://id.openid.zz", "cookie", "tokens", "blah" };
-		MockRememberMeServices services = new MockRememberMeServices(uds);
+		MockRememberMeServices services = new MockRememberMeServices(this.uds);
 
 		String[] decoded = services.decodeCookie(services.encodeCookie(cookie));
 		assertThat(decoded).hasSize(4);
@@ -116,7 +116,7 @@ public class AbstractRememberMeServicesTests {
 
 	@Test
 	public void autoLoginShouldReturnNullIfNoLoginCookieIsPresented() {
-		MockRememberMeServices services = new MockRememberMeServices(uds);
+		MockRememberMeServices services = new MockRememberMeServices(this.uds);
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
 
@@ -135,7 +135,7 @@ public class AbstractRememberMeServicesTests {
 
 	@Test
 	public void successfulAutoLoginReturnsExpectedAuthentication() throws Exception {
-		MockRememberMeServices services = new MockRememberMeServices(uds);
+		MockRememberMeServices services = new MockRememberMeServices(this.uds);
 		services.afterPropertiesSet();
 		assertThat(services.getUserDetailsService()).isNotNull();
 
@@ -151,7 +151,7 @@ public class AbstractRememberMeServicesTests {
 
 	@Test
 	public void autoLoginShouldFailIfCookieIsNotBase64() {
-		MockRememberMeServices services = new MockRememberMeServices(uds);
+		MockRememberMeServices services = new MockRememberMeServices(this.uds);
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
 
@@ -163,7 +163,7 @@ public class AbstractRememberMeServicesTests {
 
 	@Test
 	public void autoLoginShouldFailIfCookieIsEmpty() {
-		MockRememberMeServices services = new MockRememberMeServices(uds);
+		MockRememberMeServices services = new MockRememberMeServices(this.uds);
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
 
@@ -191,8 +191,8 @@ public class AbstractRememberMeServicesTests {
 
 	@Test
 	public void autoLoginShouldFailIfUserNotFound() {
-		uds.setThrowException(true);
-		MockRememberMeServices services = new MockRememberMeServices(uds);
+		this.uds.setThrowException(true);
+		MockRememberMeServices services = new MockRememberMeServices(this.uds);
 
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setCookies(createLoginCookie("cookie:1:2"));
@@ -207,9 +207,9 @@ public class AbstractRememberMeServicesTests {
 
 	@Test
 	public void autoLoginShouldFailIfUserAccountIsLocked() {
-		MockRememberMeServices services = new MockRememberMeServices(uds);
+		MockRememberMeServices services = new MockRememberMeServices(this.uds);
 		services.setUserDetailsChecker(new AccountStatusUserDetailsChecker());
-		uds.toReturn = new User("joe", "password", false, true, true, true, joe.getAuthorities());
+		this.uds.toReturn = new User("joe", "password", false, true, true, true, joe.getAuthorities());
 
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setCookies(createLoginCookie("cookie:1:2"));
@@ -224,8 +224,8 @@ public class AbstractRememberMeServicesTests {
 
 	@Test
 	public void loginFailShouldCancelCookie() {
-		uds.setThrowException(true);
-		MockRememberMeServices services = new MockRememberMeServices(uds);
+		this.uds.setThrowException(true);
+		MockRememberMeServices services = new MockRememberMeServices(this.uds);
 
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setContextPath("contextpath");
@@ -239,7 +239,7 @@ public class AbstractRememberMeServicesTests {
 
 	@Test
 	public void logoutShouldCancelCookie() {
-		MockRememberMeServices services = new MockRememberMeServices(uds);
+		MockRememberMeServices services = new MockRememberMeServices(this.uds);
 		services.setCookieDomain("spring.io");
 
 		MockHttpServletRequest request = new MockHttpServletRequest();
@@ -261,7 +261,7 @@ public class AbstractRememberMeServicesTests {
 
 	@Test
 	public void cancelledCookieShouldUseSecureFlag() {
-		MockRememberMeServices services = new MockRememberMeServices(uds);
+		MockRememberMeServices services = new MockRememberMeServices(this.uds);
 		services.setCookieDomain("spring.io");
 		services.setUseSecureCookie(true);
 
@@ -285,7 +285,7 @@ public class AbstractRememberMeServicesTests {
 
 	@Test
 	public void cancelledCookieShouldUseRequestIsSecure() {
-		MockRememberMeServices services = new MockRememberMeServices(uds);
+		MockRememberMeServices services = new MockRememberMeServices(this.uds);
 		services.setCookieDomain("spring.io");
 
 		MockHttpServletRequest request = new MockHttpServletRequest();
@@ -309,7 +309,7 @@ public class AbstractRememberMeServicesTests {
 
 	@Test(expected = CookieTheftException.class)
 	public void cookieTheftExceptionShouldBeRethrown() {
-		MockRememberMeServices services = new MockRememberMeServices(uds) {
+		MockRememberMeServices services = new MockRememberMeServices(this.uds) {
 
 			protected UserDetails processAutoLoginCookie(String[] cookieTokens, HttpServletRequest request,
 					HttpServletResponse response) {
@@ -327,7 +327,7 @@ public class AbstractRememberMeServicesTests {
 
 	@Test
 	public void loginSuccessCallsOnLoginSuccessCorrectly() {
-		MockRememberMeServices services = new MockRememberMeServices(uds);
+		MockRememberMeServices services = new MockRememberMeServices(this.uds);
 
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
@@ -338,26 +338,26 @@ public class AbstractRememberMeServicesTests {
 		assertThat(services.loginSuccessCalled).isFalse();
 
 		// Parameter set to true
-		services = new MockRememberMeServices(uds);
+		services = new MockRememberMeServices(this.uds);
 		request.setParameter(MockRememberMeServices.DEFAULT_PARAMETER, "true");
 		services.loginSuccess(request, response, auth);
 		assertThat(services.loginSuccessCalled).isTrue();
 
 		// Different parameter name, set to true
-		services = new MockRememberMeServices(uds);
+		services = new MockRememberMeServices(this.uds);
 		services.setParameter("my_parameter");
 		request.setParameter("my_parameter", "true");
 		services.loginSuccess(request, response, auth);
 		assertThat(services.loginSuccessCalled).isTrue();
 
 		// Parameter set to false
-		services = new MockRememberMeServices(uds);
+		services = new MockRememberMeServices(this.uds);
 		request.setParameter(MockRememberMeServices.DEFAULT_PARAMETER, "false");
 		services.loginSuccess(request, response, auth);
 		assertThat(services.loginSuccessCalled).isFalse();
 
 		// alwaysRemember set to true
-		services = new MockRememberMeServices(uds);
+		services = new MockRememberMeServices(this.uds);
 		services.setAlwaysRemember(true);
 		services.loginSuccess(request, response, auth);
 		assertThat(services.loginSuccessCalled).isTrue();
@@ -368,7 +368,7 @@ public class AbstractRememberMeServicesTests {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		request.setContextPath("contextpath");
-		MockRememberMeServices services = new MockRememberMeServices(uds) {
+		MockRememberMeServices services = new MockRememberMeServices(this.uds) {
 
 			protected String encodeCookie(String[] cookieTokens) {
 				return cookieTokens[0];
@@ -391,7 +391,7 @@ public class AbstractRememberMeServicesTests {
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		request.setContextPath("contextpath");
 
-		MockRememberMeServices services = new MockRememberMeServices(uds) {
+		MockRememberMeServices services = new MockRememberMeServices(this.uds) {
 
 			protected String encodeCookie(String[] cookieTokens) {
 				return cookieTokens[0];
@@ -409,7 +409,7 @@ public class AbstractRememberMeServicesTests {
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		request.setContextPath("contextpath");
 
-		MockRememberMeServices services = new MockRememberMeServices(uds);
+		MockRememberMeServices services = new MockRememberMeServices(this.uds);
 		services.setCookie(new String[] { "mycookie" }, 1000, request, response);
 		Cookie cookie = response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
 		assertThat(cookie.isHttpOnly()).isTrue();
@@ -470,7 +470,7 @@ public class AbstractRememberMeServicesTests {
 	}
 
 	private Cookie[] createLoginCookie(String cookieToken) {
-		MockRememberMeServices services = new MockRememberMeServices(uds);
+		MockRememberMeServices services = new MockRememberMeServices(this.uds);
 		Cookie cookie = new Cookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY,
 				services.encodeCookie(StringUtils.delimitedListToStringArray(cookieToken, ":")));
 
@@ -501,7 +501,7 @@ public class AbstractRememberMeServicesTests {
 
 		protected void onLoginSuccess(HttpServletRequest request, HttpServletResponse response,
 				Authentication successfulAuthentication) {
-			loginSuccessCalled = true;
+			this.loginSuccessCalled = true;
 		}
 
 		protected UserDetails processAutoLoginCookie(String[] cookieTokens, HttpServletRequest request,
@@ -533,11 +533,11 @@ public class AbstractRememberMeServicesTests {
 		}
 
 		public UserDetails loadUserByUsername(String username) {
-			if (throwException) {
+			if (this.throwException) {
 				throw new UsernameNotFoundException("as requested by mock");
 			}
 
-			return toReturn;
+			return this.toReturn;
 		}
 
 		public void setThrowException(boolean value) {
diff --git a/web/src/test/java/org/springframework/security/web/authentication/rememberme/JdbcTokenRepositoryImplTests.java b/web/src/test/java/org/springframework/security/web/authentication/rememberme/JdbcTokenRepositoryImplTests.java
index 595be85ccf..0f2b2c693b 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/rememberme/JdbcTokenRepositoryImplTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/rememberme/JdbcTokenRepositoryImplTests.java
@@ -75,27 +75,27 @@ public class JdbcTokenRepositoryImplTests {
 
 	@Before
 	public void populateDatabase() {
-		repo = new JdbcTokenRepositoryImpl();
-		ReflectionTestUtils.setField(repo, "logger", logger);
-		repo.setDataSource(dataSource);
-		repo.initDao();
-		template = repo.getJdbcTemplate();
-		template.execute("create table persistent_logins (username varchar(100) not null, "
+		this.repo = new JdbcTokenRepositoryImpl();
+		ReflectionTestUtils.setField(this.repo, "logger", this.logger);
+		this.repo.setDataSource(dataSource);
+		this.repo.initDao();
+		this.template = this.repo.getJdbcTemplate();
+		this.template.execute("create table persistent_logins (username varchar(100) not null, "
 				+ "series varchar(100) not null, token varchar(500) not null, last_used timestamp not null)");
 	}
 
 	@After
 	public void clearData() {
-		template.execute("drop table persistent_logins");
+		this.template.execute("drop table persistent_logins");
 	}
 
 	@Test
 	public void createNewTokenInsertsCorrectData() {
 		Timestamp currentDate = new Timestamp(Calendar.getInstance().getTimeInMillis());
 		PersistentRememberMeToken token = new PersistentRememberMeToken("joeuser", "joesseries", "atoken", currentDate);
-		repo.createNewToken(token);
+		this.repo.createNewToken(token);
 
-		Map<String, Object> results = template.queryForMap("select * from persistent_logins");
+		Map<String, Object> results = this.template.queryForMap("select * from persistent_logins");
 
 		assertThat(results.get("last_used")).isEqualTo(currentDate);
 		assertThat(results.get("username")).isEqualTo("joeuser");
@@ -106,9 +106,9 @@ public class JdbcTokenRepositoryImplTests {
 	@Test
 	public void retrievingTokenReturnsCorrectData() {
 
-		template.execute("insert into persistent_logins (series, username, token, last_used) values "
+		this.template.execute("insert into persistent_logins (series, username, token, last_used) values "
 				+ "('joesseries', 'joeuser', 'atoken', '2007-10-09 18:19:25.000000000')");
-		PersistentRememberMeToken token = repo.getTokenForSeries("joesseries");
+		PersistentRememberMeToken token = this.repo.getTokenForSeries("joesseries");
 
 		assertThat(token.getUsername()).isEqualTo("joeuser");
 		assertThat(token.getSeries()).isEqualTo("joesseries");
@@ -118,45 +118,45 @@ public class JdbcTokenRepositoryImplTests {
 
 	@Test
 	public void retrievingTokenWithDuplicateSeriesReturnsNull() {
-		template.execute("insert into persistent_logins (series, username, token, last_used) values "
+		this.template.execute("insert into persistent_logins (series, username, token, last_used) values "
 				+ "('joesseries', 'joeuser', 'atoken2', '2007-10-19 18:19:25.000000000')");
-		template.execute("insert into persistent_logins (series, username, token, last_used) values "
+		this.template.execute("insert into persistent_logins (series, username, token, last_used) values "
 				+ "('joesseries', 'joeuser', 'atoken', '2007-10-09 18:19:25.000000000')");
 
 		// List results =
 		// template.queryForList("select * from persistent_logins where series =
 		// 'joesseries'");
 
-		assertThat(repo.getTokenForSeries("joesseries")).isNull();
+		assertThat(this.repo.getTokenForSeries("joesseries")).isNull();
 	}
 
 	// SEC-1964
 	@Test
 	public void retrievingTokenWithNoSeriesReturnsNull() {
-		when(logger.isDebugEnabled()).thenReturn(true);
+		when(this.logger.isDebugEnabled()).thenReturn(true);
 
-		assertThat(repo.getTokenForSeries("missingSeries")).isNull();
+		assertThat(this.repo.getTokenForSeries("missingSeries")).isNull();
 
-		verify(logger).isDebugEnabled();
-		verify(logger).debug(eq("Querying token for series 'missingSeries' returned no results."),
+		verify(this.logger).isDebugEnabled();
+		verify(this.logger).debug(eq("Querying token for series 'missingSeries' returned no results."),
 				any(EmptyResultDataAccessException.class));
-		verifyNoMoreInteractions(logger);
+		verifyNoMoreInteractions(this.logger);
 	}
 
 	@Test
 	public void removingUserTokensDeletesData() {
-		template.execute("insert into persistent_logins (series, username, token, last_used) values "
+		this.template.execute("insert into persistent_logins (series, username, token, last_used) values "
 				+ "('joesseries2', 'joeuser', 'atoken2', '2007-10-19 18:19:25.000000000')");
-		template.execute("insert into persistent_logins (series, username, token, last_used) values "
+		this.template.execute("insert into persistent_logins (series, username, token, last_used) values "
 				+ "('joesseries', 'joeuser', 'atoken', '2007-10-09 18:19:25.000000000')");
 
 		// List results =
 		// template.queryForList("select * from persistent_logins where series =
 		// 'joesseries'");
 
-		repo.removeUserTokens("joeuser");
+		this.repo.removeUserTokens("joeuser");
 
-		List<Map<String, Object>> results = template
+		List<Map<String, Object>> results = this.template
 				.queryForList("select * from persistent_logins where username = 'joeuser'");
 
 		assertThat(results).isEmpty();
@@ -165,11 +165,11 @@ public class JdbcTokenRepositoryImplTests {
 	@Test
 	public void updatingTokenModifiesTokenValueAndLastUsed() {
 		Timestamp ts = new Timestamp(System.currentTimeMillis() - 1);
-		template.execute("insert into persistent_logins (series, username, token, last_used) values "
+		this.template.execute("insert into persistent_logins (series, username, token, last_used) values "
 				+ "('joesseries', 'joeuser', 'atoken', '" + ts.toString() + "')");
-		repo.updateToken("joesseries", "newtoken", new Date());
+		this.repo.updateToken("joesseries", "newtoken", new Date());
 
-		Map<String, Object> results = template
+		Map<String, Object> results = this.template
 				.queryForMap("select * from persistent_logins where series = 'joesseries'");
 
 		assertThat(results.get("username")).isEqualTo("joeuser");
@@ -181,13 +181,13 @@ public class JdbcTokenRepositoryImplTests {
 
 	@Test
 	public void createTableOnStartupCreatesCorrectTable() {
-		template.execute("drop table persistent_logins");
-		repo = new JdbcTokenRepositoryImpl();
-		repo.setDataSource(dataSource);
-		repo.setCreateTableOnStartup(true);
-		repo.initDao();
+		this.template.execute("drop table persistent_logins");
+		this.repo = new JdbcTokenRepositoryImpl();
+		this.repo.setDataSource(dataSource);
+		this.repo.setCreateTableOnStartup(true);
+		this.repo.initDao();
 
-		template.queryForList("select username,series,token,last_used from persistent_logins");
+		this.template.queryForList("select username,series,token,last_used from persistent_logins");
 	}
 
 	// SEC-2879
diff --git a/web/src/test/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServicesTests.java b/web/src/test/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServicesTests.java
index 6d72826eb5..addb75cb0e 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServicesTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServicesTests.java
@@ -41,75 +41,76 @@ public class PersistentTokenBasedRememberMeServicesTests {
 
 	@Before
 	public void setUpData() throws Exception {
-		services = new PersistentTokenBasedRememberMeServices("key",
+		this.services = new PersistentTokenBasedRememberMeServices("key",
 				new AbstractRememberMeServicesTests.MockUserDetailsService(AbstractRememberMeServicesTests.joe, false),
 				new InMemoryTokenRepositoryImpl());
-		services.setCookieName("mycookiename");
+		this.services.setCookieName("mycookiename");
 		// Default to 100 days (see SEC-1081).
-		services.setTokenValiditySeconds(100 * 24 * 60 * 60);
-		services.afterPropertiesSet();
+		this.services.setTokenValiditySeconds(100 * 24 * 60 * 60);
+		this.services.afterPropertiesSet();
 	}
 
 	@Test(expected = InvalidCookieException.class)
 	public void loginIsRejectedWithWrongNumberOfCookieTokens() {
-		services.processAutoLoginCookie(new String[] { "series", "token", "extra" }, new MockHttpServletRequest(),
+		this.services.processAutoLoginCookie(new String[] { "series", "token", "extra" }, new MockHttpServletRequest(),
 				new MockHttpServletResponse());
 	}
 
 	@Test(expected = RememberMeAuthenticationException.class)
 	public void loginIsRejectedWhenNoTokenMatchingSeriesIsFound() {
-		services = create(null);
-		services.processAutoLoginCookie(new String[] { "series", "token" }, new MockHttpServletRequest(),
+		this.services = create(null);
+		this.services.processAutoLoginCookie(new String[] { "series", "token" }, new MockHttpServletRequest(),
 				new MockHttpServletResponse());
 	}
 
 	@Test(expected = RememberMeAuthenticationException.class)
 	public void loginIsRejectedWhenTokenIsExpired() {
-		services = create(new PersistentRememberMeToken("joe", "series", "token",
+		this.services = create(new PersistentRememberMeToken("joe", "series", "token",
 				new Date(System.currentTimeMillis() - TimeUnit.SECONDS.toMillis(1) - 100)));
-		services.setTokenValiditySeconds(1);
+		this.services.setTokenValiditySeconds(1);
 
-		services.processAutoLoginCookie(new String[] { "series", "token" }, new MockHttpServletRequest(),
+		this.services.processAutoLoginCookie(new String[] { "series", "token" }, new MockHttpServletRequest(),
 				new MockHttpServletResponse());
 	}
 
 	@Test(expected = CookieTheftException.class)
 	public void cookieTheftIsDetectedWhenSeriesAndTokenDontMatch() {
-		services = create(new PersistentRememberMeToken("joe", "series", "wrongtoken", new Date()));
-		services.processAutoLoginCookie(new String[] { "series", "token" }, new MockHttpServletRequest(),
+		this.services = create(new PersistentRememberMeToken("joe", "series", "wrongtoken", new Date()));
+		this.services.processAutoLoginCookie(new String[] { "series", "token" }, new MockHttpServletRequest(),
 				new MockHttpServletResponse());
 	}
 
 	@Test
 	public void successfulAutoLoginCreatesNewTokenAndCookieWithSameSeries() {
-		services = create(new PersistentRememberMeToken("joe", "series", "token", new Date()));
+		this.services = create(new PersistentRememberMeToken("joe", "series", "token", new Date()));
 		// 12 => b64 length will be 16
-		services.setTokenLength(12);
+		this.services.setTokenLength(12);
 		MockHttpServletResponse response = new MockHttpServletResponse();
-		services.processAutoLoginCookie(new String[] { "series", "token" }, new MockHttpServletRequest(), response);
-		assertThat(repo.getStoredToken().getSeries()).isEqualTo("series");
-		assertThat(repo.getStoredToken().getTokenValue().length()).isEqualTo(16);
-		String[] cookie = services.decodeCookie(response.getCookie("mycookiename").getValue());
+		this.services.processAutoLoginCookie(new String[] { "series", "token" }, new MockHttpServletRequest(),
+				response);
+		assertThat(this.repo.getStoredToken().getSeries()).isEqualTo("series");
+		assertThat(this.repo.getStoredToken().getTokenValue().length()).isEqualTo(16);
+		String[] cookie = this.services.decodeCookie(response.getCookie("mycookiename").getValue());
 		assertThat(cookie[0]).isEqualTo("series");
-		assertThat(cookie[1]).isEqualTo(repo.getStoredToken().getTokenValue());
+		assertThat(cookie[1]).isEqualTo(this.repo.getStoredToken().getTokenValue());
 	}
 
 	@Test
 	public void loginSuccessCreatesNewTokenAndCookieWithNewSeries() {
-		services = create(null);
-		services.setAlwaysRemember(true);
-		services.setTokenLength(12);
-		services.setSeriesLength(12);
+		this.services = create(null);
+		this.services.setAlwaysRemember(true);
+		this.services.setTokenLength(12);
+		this.services.setSeriesLength(12);
 		MockHttpServletResponse response = new MockHttpServletResponse();
-		services.loginSuccess(new MockHttpServletRequest(), response,
+		this.services.loginSuccess(new MockHttpServletRequest(), response,
 				new UsernamePasswordAuthenticationToken("joe", "password"));
-		assertThat(repo.getStoredToken().getSeries().length()).isEqualTo(16);
-		assertThat(repo.getStoredToken().getTokenValue().length()).isEqualTo(16);
+		assertThat(this.repo.getStoredToken().getSeries().length()).isEqualTo(16);
+		assertThat(this.repo.getStoredToken().getTokenValue().length()).isEqualTo(16);
 
-		String[] cookie = services.decodeCookie(response.getCookie("mycookiename").getValue());
+		String[] cookie = this.services.decodeCookie(response.getCookie("mycookiename").getValue());
 
-		assertThat(cookie[0]).isEqualTo(repo.getStoredToken().getSeries());
-		assertThat(cookie[1]).isEqualTo(repo.getStoredToken().getTokenValue());
+		assertThat(cookie[0]).isEqualTo(this.repo.getStoredToken().getSeries());
+		assertThat(cookie[1]).isEqualTo(this.repo.getStoredToken().getTokenValue());
 	}
 
 	@Test
@@ -118,21 +119,21 @@ public class PersistentTokenBasedRememberMeServicesTests {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setCookies(cookie);
 		MockHttpServletResponse response = new MockHttpServletResponse();
-		services = create(new PersistentRememberMeToken("joe", "series", "token", new Date()));
-		services.logout(request, response, new TestingAuthenticationToken("joe", "somepass", "SOME_AUTH"));
+		this.services = create(new PersistentRememberMeToken("joe", "series", "token", new Date()));
+		this.services.logout(request, response, new TestingAuthenticationToken("joe", "somepass", "SOME_AUTH"));
 		Cookie returnedCookie = response.getCookie("mycookiename");
 		assertThat(returnedCookie).isNotNull();
 		assertThat(returnedCookie.getMaxAge()).isZero();
 
 		// SEC-1280
-		services.logout(request, response, null);
+		this.services.logout(request, response, null);
 	}
 
 	private PersistentTokenBasedRememberMeServices create(PersistentRememberMeToken token) {
-		repo = new MockTokenRepository(token);
+		this.repo = new MockTokenRepository(token);
 		PersistentTokenBasedRememberMeServices services = new PersistentTokenBasedRememberMeServices("key",
 				new AbstractRememberMeServicesTests.MockUserDetailsService(AbstractRememberMeServicesTests.joe, false),
-				repo);
+				this.repo);
 
 		services.setCookieName("mycookiename");
 		return services;
@@ -143,27 +144,27 @@ public class PersistentTokenBasedRememberMeServicesTests {
 		private PersistentRememberMeToken storedToken;
 
 		private MockTokenRepository(PersistentRememberMeToken token) {
-			storedToken = token;
+			this.storedToken = token;
 		}
 
 		public void createNewToken(PersistentRememberMeToken token) {
-			storedToken = token;
+			this.storedToken = token;
 		}
 
 		public void updateToken(String series, String tokenValue, Date lastUsed) {
-			storedToken = new PersistentRememberMeToken(storedToken.getUsername(), storedToken.getSeries(), tokenValue,
-					lastUsed);
+			this.storedToken = new PersistentRememberMeToken(this.storedToken.getUsername(),
+					this.storedToken.getSeries(), tokenValue, lastUsed);
 		}
 
 		public PersistentRememberMeToken getTokenForSeries(String seriesId) {
-			return storedToken;
+			return this.storedToken;
 		}
 
 		public void removeUserTokens(String username) {
 		}
 
 		PersistentRememberMeToken getStoredToken() {
-			return storedToken;
+			return this.storedToken;
 		}
 
 	}
diff --git a/web/src/test/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationFilterTests.java
index 73b76b5463..8db5ac7cc6 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationFilterTests.java
@@ -81,7 +81,7 @@ public class RememberMeAuthenticationFilterTests {
 
 		// Setup our filter correctly
 		RememberMeAuthenticationFilter filter = new RememberMeAuthenticationFilter(mock(AuthenticationManager.class),
-				new MockRememberMeServices(remembered));
+				new MockRememberMeServices(this.remembered));
 		filter.afterPropertiesSet();
 
 		// Test
@@ -98,10 +98,10 @@ public class RememberMeAuthenticationFilterTests {
 	@Test
 	public void testOperationWhenNoAuthenticationInContextHolder() throws Exception {
 		AuthenticationManager am = mock(AuthenticationManager.class);
-		when(am.authenticate(remembered)).thenReturn(remembered);
+		when(am.authenticate(this.remembered)).thenReturn(this.remembered);
 
 		RememberMeAuthenticationFilter filter = new RememberMeAuthenticationFilter(am,
-				new MockRememberMeServices(remembered));
+				new MockRememberMeServices(this.remembered));
 		filter.afterPropertiesSet();
 
 		MockHttpServletRequest request = new MockHttpServletRequest();
@@ -110,7 +110,7 @@ public class RememberMeAuthenticationFilterTests {
 		filter.doFilter(request, new MockHttpServletResponse(), fc);
 
 		// Ensure filter setup with our remembered authentication object
-		assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(remembered);
+		assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(this.remembered);
 		verify(fc).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
 	}
 
@@ -121,7 +121,7 @@ public class RememberMeAuthenticationFilterTests {
 		when(am.authenticate(any(Authentication.class))).thenThrow(new BadCredentialsException(""));
 
 		RememberMeAuthenticationFilter filter = new RememberMeAuthenticationFilter(am,
-				new MockRememberMeServices(remembered)) {
+				new MockRememberMeServices(this.remembered)) {
 			protected void onUnsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response,
 					AuthenticationException failed) {
 				super.onUnsuccessfulAuthentication(request, response, failed);
@@ -143,9 +143,9 @@ public class RememberMeAuthenticationFilterTests {
 	@Test
 	public void authenticationSuccessHandlerIsInvokedOnSuccessfulAuthenticationIfSet() throws Exception {
 		AuthenticationManager am = mock(AuthenticationManager.class);
-		when(am.authenticate(remembered)).thenReturn(remembered);
+		when(am.authenticate(this.remembered)).thenReturn(this.remembered);
 		RememberMeAuthenticationFilter filter = new RememberMeAuthenticationFilter(am,
-				new MockRememberMeServices(remembered));
+				new MockRememberMeServices(this.remembered));
 		filter.setAuthenticationSuccessHandler(new SimpleUrlAuthenticationSuccessHandler("/target"));
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
@@ -168,7 +168,7 @@ public class RememberMeAuthenticationFilterTests {
 		}
 
 		public Authentication autoLogin(HttpServletRequest request, HttpServletResponse response) {
-			return authToReturn;
+			return this.authToReturn;
 		}
 
 		public void loginFail(HttpServletRequest request, HttpServletResponse response) {
diff --git a/web/src/test/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServicesTests.java b/web/src/test/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServicesTests.java
index e32c53b971..f9e6ed94c4 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServicesTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServicesTests.java
@@ -62,20 +62,20 @@ public class TokenBasedRememberMeServicesTests {
 
 	@Before
 	public void createTokenBasedRememberMeServices() {
-		uds = mock(UserDetailsService.class);
-		services = new TokenBasedRememberMeServices("key", uds);
+		this.uds = mock(UserDetailsService.class);
+		this.services = new TokenBasedRememberMeServices("key", this.uds);
 	}
 
 	void udsWillReturnUser() {
-		when(uds.loadUserByUsername(any(String.class))).thenReturn(user);
+		when(this.uds.loadUserByUsername(any(String.class))).thenReturn(this.user);
 	}
 
 	void udsWillThrowNotFound() {
-		when(uds.loadUserByUsername(any(String.class))).thenThrow(new UsernameNotFoundException(""));
+		when(this.uds.loadUserByUsername(any(String.class))).thenThrow(new UsernameNotFoundException(""));
 	}
 
 	void udsWillReturnNull() {
-		when(uds.loadUserByUsername(any(String.class))).thenReturn(null);
+		when(this.uds.loadUserByUsername(any(String.class))).thenReturn(null);
 	}
 
 	private long determineExpiryTimeFromBased64EncodedToken(String validToken) {
@@ -107,7 +107,7 @@ public class TokenBasedRememberMeServicesTests {
 	public void autoLoginReturnsNullIfNoCookiePresented() {
 		MockHttpServletResponse response = new MockHttpServletResponse();
 
-		Authentication result = services.autoLogin(new MockHttpServletRequest(), response);
+		Authentication result = this.services.autoLogin(new MockHttpServletRequest(), response);
 		assertThat(result).isNull();
 		// No cookie set
 		assertThat(response.getCookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY)).isNull();
@@ -120,7 +120,7 @@ public class TokenBasedRememberMeServicesTests {
 		request.setCookies(cookie);
 		MockHttpServletResponse response = new MockHttpServletResponse();
 
-		Authentication result = services.autoLogin(request, response);
+		Authentication result = this.services.autoLogin(request, response);
 
 		assertThat(result).isNull();
 		assertThat(response.getCookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY)).isNull();
@@ -135,7 +135,7 @@ public class TokenBasedRememberMeServicesTests {
 
 		MockHttpServletResponse response = new MockHttpServletResponse();
 
-		assertThat(services.autoLogin(request, response)).isNull();
+		assertThat(this.services.autoLogin(request, response)).isNull();
 		Cookie returnedCookie = response.getCookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
 		assertThat(returnedCookie).isNotNull();
 		assertThat(returnedCookie.getMaxAge()).isZero();
@@ -149,7 +149,7 @@ public class TokenBasedRememberMeServicesTests {
 		request.setCookies(cookie);
 
 		MockHttpServletResponse response = new MockHttpServletResponse();
-		assertThat(services.autoLogin(request, response)).isNull();
+		assertThat(this.services.autoLogin(request, response)).isNull();
 
 		Cookie returnedCookie = response.getCookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
 		assertThat(returnedCookie).isNotNull();
@@ -163,7 +163,7 @@ public class TokenBasedRememberMeServicesTests {
 		request.setCookies(cookie);
 
 		MockHttpServletResponse response = new MockHttpServletResponse();
-		assertThat(services.autoLogin(request, response)).isNull();
+		assertThat(this.services.autoLogin(request, response)).isNull();
 
 		Cookie returnedCookie = response.getCookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
 		assertThat(returnedCookie).isNotNull();
@@ -180,7 +180,7 @@ public class TokenBasedRememberMeServicesTests {
 
 		MockHttpServletResponse response = new MockHttpServletResponse();
 
-		assertThat(services.autoLogin(request, response)).isNull();
+		assertThat(this.services.autoLogin(request, response)).isNull();
 
 		Cookie returnedCookie = response.getCookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
 		assertThat(returnedCookie).isNotNull();
@@ -195,7 +195,7 @@ public class TokenBasedRememberMeServicesTests {
 		request.setCookies(cookie);
 
 		MockHttpServletResponse response = new MockHttpServletResponse();
-		assertThat(services.autoLogin(request, response)).isNull();
+		assertThat(this.services.autoLogin(request, response)).isNull();
 
 		Cookie returnedCookie = response.getCookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
 		assertThat(returnedCookie).isNotNull();
@@ -212,7 +212,7 @@ public class TokenBasedRememberMeServicesTests {
 
 		MockHttpServletResponse response = new MockHttpServletResponse();
 
-		assertThat(services.autoLogin(request, response)).isNull();
+		assertThat(this.services.autoLogin(request, response)).isNull();
 
 		Cookie returnedCookie = response.getCookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
 		assertThat(returnedCookie).isNotNull();
@@ -229,7 +229,7 @@ public class TokenBasedRememberMeServicesTests {
 
 		MockHttpServletResponse response = new MockHttpServletResponse();
 
-		services.autoLogin(request, response);
+		this.services.autoLogin(request, response);
 	}
 
 	@Test
@@ -242,31 +242,31 @@ public class TokenBasedRememberMeServicesTests {
 
 		MockHttpServletResponse response = new MockHttpServletResponse();
 
-		Authentication result = services.autoLogin(request, response);
+		Authentication result = this.services.autoLogin(request, response);
 
 		assertThat(result).isNotNull();
-		assertThat(result.getPrincipal()).isEqualTo(user);
+		assertThat(result.getPrincipal()).isEqualTo(this.user);
 	}
 
 	@Test
 	public void testGettersSetters() {
-		assertThat(services.getUserDetailsService()).isEqualTo(uds);
+		assertThat(this.services.getUserDetailsService()).isEqualTo(this.uds);
 
-		assertThat(services.getKey()).isEqualTo("key");
+		assertThat(this.services.getKey()).isEqualTo("key");
 
-		assertThat(services.getParameter()).isEqualTo(DEFAULT_PARAMETER);
-		services.setParameter("some_param");
-		assertThat(services.getParameter()).isEqualTo("some_param");
+		assertThat(this.services.getParameter()).isEqualTo(DEFAULT_PARAMETER);
+		this.services.setParameter("some_param");
+		assertThat(this.services.getParameter()).isEqualTo("some_param");
 
-		services.setTokenValiditySeconds(12);
-		assertThat(services.getTokenValiditySeconds()).isEqualTo(12);
+		this.services.setTokenValiditySeconds(12);
+		assertThat(this.services.getTokenValiditySeconds()).isEqualTo(12);
 	}
 
 	@Test
 	public void loginFailClearsCookie() {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
-		services.loginFail(request, response);
+		this.services.loginFail(request, response);
 
 		Cookie cookie = response.getCookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
 		assertThat(cookie).isNotNull();
@@ -290,20 +290,21 @@ public class TokenBasedRememberMeServicesTests {
 	@Test
 	public void loginSuccessNormalWithNonUserDetailsBasedPrincipalSetsExpectedCookie() {
 		// SEC-822
-		services.setTokenValiditySeconds(500000000);
+		this.services.setTokenValiditySeconds(500000000);
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.addParameter(TokenBasedRememberMeServices.DEFAULT_PARAMETER, "true");
 
 		MockHttpServletResponse response = new MockHttpServletResponse();
-		services.loginSuccess(request, response, new TestingAuthenticationToken("someone", "password", "ROLE_ABC"));
+		this.services.loginSuccess(request, response,
+				new TestingAuthenticationToken("someone", "password", "ROLE_ABC"));
 
 		Cookie cookie = response.getCookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
-		String expiryTime = services.decodeCookie(cookie.getValue())[1];
+		String expiryTime = this.services.decodeCookie(cookie.getValue())[1];
 		long expectedExpiryTime = 1000L * 500000000;
 		expectedExpiryTime += System.currentTimeMillis();
 		assertThat(Long.parseLong(expiryTime) > expectedExpiryTime - 10000).isTrue();
 		assertThat(cookie).isNotNull();
-		assertThat(cookie.getMaxAge()).isEqualTo(services.getTokenValiditySeconds());
+		assertThat(cookie.getMaxAge()).isEqualTo(this.services.getTokenValiditySeconds());
 		assertThat(Base64.isArrayByteBase64(cookie.getValue().getBytes())).isTrue();
 		assertThat(new Date().before(new Date(determineExpiryTimeFromBased64EncodedToken(cookie.getValue())))).isTrue();
 	}
@@ -314,11 +315,12 @@ public class TokenBasedRememberMeServicesTests {
 		request.addParameter(TokenBasedRememberMeServices.DEFAULT_PARAMETER, "true");
 
 		MockHttpServletResponse response = new MockHttpServletResponse();
-		services.loginSuccess(request, response, new TestingAuthenticationToken("someone", "password", "ROLE_ABC"));
+		this.services.loginSuccess(request, response,
+				new TestingAuthenticationToken("someone", "password", "ROLE_ABC"));
 
 		Cookie cookie = response.getCookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
 		assertThat(cookie).isNotNull();
-		assertThat(cookie.getMaxAge()).isEqualTo(services.getTokenValiditySeconds());
+		assertThat(cookie.getMaxAge()).isEqualTo(this.services.getTokenValiditySeconds());
 		assertThat(Base64.isArrayByteBase64(cookie.getValue().getBytes())).isTrue();
 		assertThat(new Date().before(new Date(determineExpiryTimeFromBased64EncodedToken(cookie.getValue())))).isTrue();
 	}
@@ -327,7 +329,7 @@ public class TokenBasedRememberMeServicesTests {
 	@Test
 	public void obtainPasswordReturnsNullForTokenWithNullCredentials() {
 		TestingAuthenticationToken token = new TestingAuthenticationToken("username", null);
-		assertThat(services.retrievePassword(token)).isNull();
+		assertThat(this.services.retrievePassword(token)).isNull();
 	}
 
 	// SEC-949
@@ -337,8 +339,9 @@ public class TokenBasedRememberMeServicesTests {
 		request.addParameter(DEFAULT_PARAMETER, "true");
 
 		MockHttpServletResponse response = new MockHttpServletResponse();
-		services.setTokenValiditySeconds(-1);
-		services.loginSuccess(request, response, new TestingAuthenticationToken("someone", "password", "ROLE_ABC"));
+		this.services.setTokenValiditySeconds(-1);
+		this.services.loginSuccess(request, response,
+				new TestingAuthenticationToken("someone", "password", "ROLE_ABC"));
 
 		Cookie cookie = response.getCookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
 		assertThat(cookie).isNotNull();
diff --git a/web/src/test/java/org/springframework/security/web/authentication/session/CompositeSessionAuthenticationStrategyTests.java b/web/src/test/java/org/springframework/security/web/authentication/session/CompositeSessionAuthenticationStrategyTests.java
index a55f7799f0..c840dd570b 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/session/CompositeSessionAuthenticationStrategyTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/session/CompositeSessionAuthenticationStrategyTests.java
@@ -74,30 +74,30 @@ public class CompositeSessionAuthenticationStrategyTests {
 	@Test
 	public void delegatesToAll() {
 		CompositeSessionAuthenticationStrategy strategy = new CompositeSessionAuthenticationStrategy(
-				Arrays.asList(strategy1, strategy2));
-		strategy.onAuthentication(authentication, request, response);
+				Arrays.asList(this.strategy1, this.strategy2));
+		strategy.onAuthentication(this.authentication, this.request, this.response);
 
-		verify(strategy1).onAuthentication(authentication, request, response);
-		verify(strategy2).onAuthentication(authentication, request, response);
+		verify(this.strategy1).onAuthentication(this.authentication, this.request, this.response);
+		verify(this.strategy2).onAuthentication(this.authentication, this.request, this.response);
 	}
 
 	@Test
 	public void delegateShortCircuits() {
-		doThrow(new SessionAuthenticationException("oops")).when(strategy1).onAuthentication(authentication, request,
-				response);
+		doThrow(new SessionAuthenticationException("oops")).when(this.strategy1).onAuthentication(this.authentication,
+				this.request, this.response);
 
 		CompositeSessionAuthenticationStrategy strategy = new CompositeSessionAuthenticationStrategy(
-				Arrays.asList(strategy1, strategy2));
+				Arrays.asList(this.strategy1, this.strategy2));
 
 		try {
-			strategy.onAuthentication(authentication, request, response);
+			strategy.onAuthentication(this.authentication, this.request, this.response);
 			fail("Expected Exception");
 		}
 		catch (SessionAuthenticationException success) {
 		}
 
-		verify(strategy1).onAuthentication(authentication, request, response);
-		verify(strategy2, times(0)).onAuthentication(authentication, request, response);
+		verify(this.strategy1).onAuthentication(this.authentication, this.request, this.response);
+		verify(this.strategy2, times(0)).onAuthentication(this.authentication, this.request, this.response);
 	}
 
 }
diff --git a/web/src/test/java/org/springframework/security/web/authentication/session/ConcurrentSessionControlAuthenticationStrategyTests.java b/web/src/test/java/org/springframework/security/web/authentication/session/ConcurrentSessionControlAuthenticationStrategyTests.java
index fc585794d2..9bcfc4b7dd 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/session/ConcurrentSessionControlAuthenticationStrategyTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/session/ConcurrentSessionControlAuthenticationStrategyTests.java
@@ -62,12 +62,13 @@ public class ConcurrentSessionControlAuthenticationStrategyTests {
 
 	@Before
 	public void setup() {
-		authentication = new TestingAuthenticationToken("user", "password", "ROLE_USER");
-		request = new MockHttpServletRequest();
-		response = new MockHttpServletResponse();
-		sessionInformation = new SessionInformation(authentication.getPrincipal(), "unique", new Date(1374766134216L));
+		this.authentication = new TestingAuthenticationToken("user", "password", "ROLE_USER");
+		this.request = new MockHttpServletRequest();
+		this.response = new MockHttpServletResponse();
+		this.sessionInformation = new SessionInformation(this.authentication.getPrincipal(), "unique",
+				new Date(1374766134216L));
 
-		strategy = new ConcurrentSessionControlAuthenticationStrategy(sessionRegistry);
+		this.strategy = new ConcurrentSessionControlAuthenticationStrategy(this.sessionRegistry);
 	}
 
 	@Test(expected = IllegalArgumentException.class)
@@ -77,84 +78,84 @@ public class ConcurrentSessionControlAuthenticationStrategyTests {
 
 	@Test
 	public void noRegisteredSession() {
-		when(sessionRegistry.getAllSessions(any(), anyBoolean()))
+		when(this.sessionRegistry.getAllSessions(any(), anyBoolean()))
 				.thenReturn(Collections.<SessionInformation>emptyList());
-		strategy.setMaximumSessions(1);
-		strategy.setExceptionIfMaximumExceeded(true);
+		this.strategy.setMaximumSessions(1);
+		this.strategy.setExceptionIfMaximumExceeded(true);
 
-		strategy.onAuthentication(authentication, request, response);
+		this.strategy.onAuthentication(this.authentication, this.request, this.response);
 
 		// no exception
 	}
 
 	@Test
 	public void maxSessionsSameSessionId() {
-		MockHttpSession session = new MockHttpSession(new MockServletContext(), sessionInformation.getSessionId());
-		request.setSession(session);
-		when(sessionRegistry.getAllSessions(any(), anyBoolean()))
-				.thenReturn(Collections.<SessionInformation>singletonList(sessionInformation));
-		strategy.setMaximumSessions(1);
-		strategy.setExceptionIfMaximumExceeded(true);
+		MockHttpSession session = new MockHttpSession(new MockServletContext(), this.sessionInformation.getSessionId());
+		this.request.setSession(session);
+		when(this.sessionRegistry.getAllSessions(any(), anyBoolean()))
+				.thenReturn(Collections.<SessionInformation>singletonList(this.sessionInformation));
+		this.strategy.setMaximumSessions(1);
+		this.strategy.setExceptionIfMaximumExceeded(true);
 
-		strategy.onAuthentication(authentication, request, response);
+		this.strategy.onAuthentication(this.authentication, this.request, this.response);
 
 		// no exception
 	}
 
 	@Test(expected = SessionAuthenticationException.class)
 	public void maxSessionsWithException() {
-		when(sessionRegistry.getAllSessions(any(), anyBoolean()))
-				.thenReturn(Collections.<SessionInformation>singletonList(sessionInformation));
-		strategy.setMaximumSessions(1);
-		strategy.setExceptionIfMaximumExceeded(true);
+		when(this.sessionRegistry.getAllSessions(any(), anyBoolean()))
+				.thenReturn(Collections.<SessionInformation>singletonList(this.sessionInformation));
+		this.strategy.setMaximumSessions(1);
+		this.strategy.setExceptionIfMaximumExceeded(true);
 
-		strategy.onAuthentication(authentication, request, response);
+		this.strategy.onAuthentication(this.authentication, this.request, this.response);
 	}
 
 	@Test
 	public void maxSessionsExpireExistingUser() {
-		when(sessionRegistry.getAllSessions(any(), anyBoolean()))
-				.thenReturn(Collections.<SessionInformation>singletonList(sessionInformation));
-		strategy.setMaximumSessions(1);
+		when(this.sessionRegistry.getAllSessions(any(), anyBoolean()))
+				.thenReturn(Collections.<SessionInformation>singletonList(this.sessionInformation));
+		this.strategy.setMaximumSessions(1);
 
-		strategy.onAuthentication(authentication, request, response);
+		this.strategy.onAuthentication(this.authentication, this.request, this.response);
 
-		assertThat(sessionInformation.isExpired()).isTrue();
+		assertThat(this.sessionInformation.isExpired()).isTrue();
 	}
 
 	@Test
 	public void maxSessionsExpireLeastRecentExistingUser() {
-		SessionInformation moreRecentSessionInfo = new SessionInformation(authentication.getPrincipal(), "unique",
+		SessionInformation moreRecentSessionInfo = new SessionInformation(this.authentication.getPrincipal(), "unique",
 				new Date(1374766999999L));
-		when(sessionRegistry.getAllSessions(any(), anyBoolean()))
-				.thenReturn(Arrays.<SessionInformation>asList(moreRecentSessionInfo, sessionInformation));
-		strategy.setMaximumSessions(2);
+		when(this.sessionRegistry.getAllSessions(any(), anyBoolean()))
+				.thenReturn(Arrays.<SessionInformation>asList(moreRecentSessionInfo, this.sessionInformation));
+		this.strategy.setMaximumSessions(2);
 
-		strategy.onAuthentication(authentication, request, response);
+		this.strategy.onAuthentication(this.authentication, this.request, this.response);
 
-		assertThat(sessionInformation.isExpired()).isTrue();
+		assertThat(this.sessionInformation.isExpired()).isTrue();
 	}
 
 	@Test
 	public void onAuthenticationWhenMaxSessionsExceededByTwoThenTwoSessionsExpired() {
-		SessionInformation oldestSessionInfo = new SessionInformation(authentication.getPrincipal(), "unique1",
+		SessionInformation oldestSessionInfo = new SessionInformation(this.authentication.getPrincipal(), "unique1",
 				new Date(1374766134214L));
-		SessionInformation secondOldestSessionInfo = new SessionInformation(authentication.getPrincipal(), "unique2",
-				new Date(1374766134215L));
-		when(sessionRegistry.getAllSessions(any(), anyBoolean())).thenReturn(
-				Arrays.<SessionInformation>asList(oldestSessionInfo, secondOldestSessionInfo, sessionInformation));
-		strategy.setMaximumSessions(2);
+		SessionInformation secondOldestSessionInfo = new SessionInformation(this.authentication.getPrincipal(),
+				"unique2", new Date(1374766134215L));
+		when(this.sessionRegistry.getAllSessions(any(), anyBoolean())).thenReturn(
+				Arrays.<SessionInformation>asList(oldestSessionInfo, secondOldestSessionInfo, this.sessionInformation));
+		this.strategy.setMaximumSessions(2);
 
-		strategy.onAuthentication(authentication, request, response);
+		this.strategy.onAuthentication(this.authentication, this.request, this.response);
 
 		assertThat(oldestSessionInfo.isExpired()).isTrue();
 		assertThat(secondOldestSessionInfo.isExpired()).isTrue();
-		assertThat(sessionInformation.isExpired()).isFalse();
+		assertThat(this.sessionInformation.isExpired()).isFalse();
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void setMessageSourceNull() {
-		strategy.setMessageSource(null);
+		this.strategy.setMessageSource(null);
 	}
 
 }
diff --git a/web/src/test/java/org/springframework/security/web/authentication/session/RegisterSessionAuthenticationStrategyTests.java b/web/src/test/java/org/springframework/security/web/authentication/session/RegisterSessionAuthenticationStrategyTests.java
index 389841c2c9..bcc1747e54 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/session/RegisterSessionAuthenticationStrategyTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/session/RegisterSessionAuthenticationStrategyTests.java
@@ -49,10 +49,10 @@ public class RegisterSessionAuthenticationStrategyTests {
 
 	@Before
 	public void setup() {
-		authenticationStrategy = new RegisterSessionAuthenticationStrategy(registry);
-		authentication = new TestingAuthenticationToken("user", "password", "ROLE_USER");
-		request = new MockHttpServletRequest();
-		response = new MockHttpServletResponse();
+		this.authenticationStrategy = new RegisterSessionAuthenticationStrategy(this.registry);
+		this.authentication = new TestingAuthenticationToken("user", "password", "ROLE_USER");
+		this.request = new MockHttpServletRequest();
+		this.response = new MockHttpServletResponse();
 	}
 
 	@Test(expected = IllegalArgumentException.class)
@@ -62,9 +62,9 @@ public class RegisterSessionAuthenticationStrategyTests {
 
 	@Test
 	public void onAuthenticationRegistersSession() {
-		authenticationStrategy.onAuthentication(authentication, request, response);
+		this.authenticationStrategy.onAuthentication(this.authentication, this.request, this.response);
 
-		verify(registry).registerNewSession(request.getSession().getId(), authentication.getPrincipal());
+		verify(this.registry).registerNewSession(this.request.getSession().getId(), this.authentication.getPrincipal());
 	}
 
 }
diff --git a/web/src/test/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilterTests.java
index 3c4979448c..3a4b5e401a 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilterTests.java
@@ -500,8 +500,8 @@ public class SwitchUserFilterTests {
 	// gh-3697
 	@Test
 	public void switchAuthorityRoleCannotBeNull() {
-		thrown.expect(IllegalArgumentException.class);
-		thrown.expectMessage("switchAuthorityRole cannot be null");
+		this.thrown.expect(IllegalArgumentException.class);
+		this.thrown.expectMessage("switchAuthorityRole cannot be null");
 		switchToUserWithAuthorityRole("dano", null);
 	}
 
@@ -559,16 +559,16 @@ public class SwitchUserFilterTests {
 			// wofat (account expired)
 			// steve (credentials expired)
 			if ("jacklord".equals(username) || "dano".equals(username)) {
-				return new User(username, password, true, true, true, true, ROLES_12);
+				return new User(username, this.password, true, true, true, true, ROLES_12);
 			}
 			else if ("mcgarrett".equals(username)) {
-				return new User(username, password, false, true, true, true, ROLES_12);
+				return new User(username, this.password, false, true, true, true, ROLES_12);
 			}
 			else if ("wofat".equals(username)) {
-				return new User(username, password, true, false, true, true, ROLES_12);
+				return new User(username, this.password, true, false, true, true, ROLES_12);
 			}
 			else if ("steve".equals(username)) {
-				return new User(username, password, true, true, false, true, ROLES_12);
+				return new User(username, this.password, true, true, false, true, ROLES_12);
 			}
 			else {
 				throw new UsernameNotFoundException("Could not find: " + username);
diff --git a/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationConverterTests.java b/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationConverterTests.java
index 902538ac22..33d282965b 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationConverterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationConverterTests.java
@@ -48,7 +48,7 @@ public class BasicAuthenticationConverterTests {
 
 	@Before
 	public void setup() {
-		converter = new BasicAuthenticationConverter(authenticationDetailsSource);
+		this.converter = new BasicAuthenticationConverter(this.authenticationDetailsSource);
 	}
 
 	@Test
@@ -56,9 +56,9 @@ public class BasicAuthenticationConverterTests {
 		String token = "rod:koala";
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.addHeader("Authorization", "Basic " + new String(Base64.encodeBase64(token.getBytes())));
-		UsernamePasswordAuthenticationToken authentication = converter.convert(request);
+		UsernamePasswordAuthenticationToken authentication = this.converter.convert(request);
 
-		verify(authenticationDetailsSource).buildDetails(any());
+		verify(this.authenticationDetailsSource).buildDetails(any());
 		assertThat(authentication).isNotNull();
 		assertThat(authentication.getName()).isEqualTo("rod");
 	}
@@ -68,9 +68,9 @@ public class BasicAuthenticationConverterTests {
 		String token = "rod:koala";
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.addHeader("Authorization", "BaSiC " + new String(Base64.encodeBase64(token.getBytes())));
-		UsernamePasswordAuthenticationToken authentication = converter.convert(request);
+		UsernamePasswordAuthenticationToken authentication = this.converter.convert(request);
 
-		verify(authenticationDetailsSource).buildDetails(any());
+		verify(this.authenticationDetailsSource).buildDetails(any());
 		assertThat(authentication).isNotNull();
 		assertThat(authentication.getName()).isEqualTo("rod");
 	}
@@ -79,9 +79,9 @@ public class BasicAuthenticationConverterTests {
 	public void testWhenUnsupportedAuthorizationHeaderThenIgnored() {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.addHeader("Authorization", "Bearer someOtherToken");
-		UsernamePasswordAuthenticationToken authentication = converter.convert(request);
+		UsernamePasswordAuthenticationToken authentication = this.converter.convert(request);
 
-		verifyZeroInteractions(authenticationDetailsSource);
+		verifyZeroInteractions(this.authenticationDetailsSource);
 		assertThat(authentication).isNull();
 	}
 
@@ -90,7 +90,7 @@ public class BasicAuthenticationConverterTests {
 		String token = "NOT_A_VALID_TOKEN_AS_MISSING_COLON";
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.addHeader("Authorization", "Basic " + new String(Base64.encodeBase64(token.getBytes())));
-		converter.convert(request);
+		this.converter.convert(request);
 	}
 
 	@Test(expected = BadCredentialsException.class)
@@ -98,7 +98,7 @@ public class BasicAuthenticationConverterTests {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.addHeader("Authorization", "Basic NOT_VALID_BASE64");
 
-		converter.convert(request);
+		this.converter.convert(request);
 	}
 
 	@Test
@@ -106,9 +106,9 @@ public class BasicAuthenticationConverterTests {
 		String token = "rod:";
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.addHeader("Authorization", "Basic " + new String(Base64.encodeBase64(token.getBytes())));
-		UsernamePasswordAuthenticationToken authentication = converter.convert(request);
+		UsernamePasswordAuthenticationToken authentication = this.converter.convert(request);
 
-		verify(authenticationDetailsSource).buildDetails(any());
+		verify(this.authenticationDetailsSource).buildDetails(any());
 		assertThat(authentication).isNotNull();
 		assertThat(authentication.getName()).isEqualTo("rod");
 		assertThat(authentication.getCredentials()).isEqualTo("");
@@ -118,7 +118,7 @@ public class BasicAuthenticationConverterTests {
 	public void requestWhenEmptyBasicAuthorizationHeaderTokenThenError() {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.addHeader("Authorization", "Basic ");
-		converter.convert(request);
+		this.converter.convert(request);
 	}
 
 }
diff --git a/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilterTests.java
index 10fa23917c..9367eac111 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilterTests.java
@@ -68,11 +68,11 @@ public class BasicAuthenticationFilterTests {
 		Authentication rod = new UsernamePasswordAuthenticationToken("rod", "koala",
 				AuthorityUtils.createAuthorityList("ROLE_1"));
 
-		manager = mock(AuthenticationManager.class);
-		when(manager.authenticate(rodRequest)).thenReturn(rod);
-		when(manager.authenticate(not(eq(rodRequest)))).thenThrow(new BadCredentialsException(""));
+		this.manager = mock(AuthenticationManager.class);
+		when(this.manager.authenticate(rodRequest)).thenReturn(rod);
+		when(this.manager.authenticate(not(eq(rodRequest)))).thenThrow(new BadCredentialsException(""));
 
-		filter = new BasicAuthenticationFilter(manager, new BasicAuthenticationEntryPoint());
+		this.filter = new BasicAuthenticationFilter(this.manager, new BasicAuthenticationEntryPoint());
 	}
 
 	@After
@@ -88,7 +88,7 @@ public class BasicAuthenticationFilterTests {
 		final MockHttpServletResponse response = new MockHttpServletResponse();
 
 		FilterChain chain = mock(FilterChain.class);
-		filter.doFilter(request, response, chain);
+		this.filter.doFilter(request, response, chain);
 
 		verify(chain).doFilter(any(ServletRequest.class), any(ServletResponse.class));
 
@@ -98,8 +98,8 @@ public class BasicAuthenticationFilterTests {
 
 	@Test
 	public void testGettersSetters() {
-		assertThat(filter.getAuthenticationManager()).isNotNull();
-		assertThat(filter.getAuthenticationEntryPoint()).isNotNull();
+		assertThat(this.filter.getAuthenticationManager()).isNotNull();
+		assertThat(this.filter.getAuthenticationEntryPoint()).isNotNull();
 	}
 
 	@Test
@@ -112,7 +112,7 @@ public class BasicAuthenticationFilterTests {
 		final MockHttpServletResponse response = new MockHttpServletResponse();
 
 		FilterChain chain = mock(FilterChain.class);
-		filter.doFilter(request, response, chain);
+		this.filter.doFilter(request, response, chain);
 
 		verify(chain, never()).doFilter(any(ServletRequest.class), any(ServletResponse.class));
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
@@ -128,7 +128,7 @@ public class BasicAuthenticationFilterTests {
 		final MockHttpServletResponse response = new MockHttpServletResponse();
 
 		FilterChain chain = mock(FilterChain.class);
-		filter.doFilter(request, response, chain);
+		this.filter.doFilter(request, response, chain);
 		// The filter chain shouldn't proceed
 		verify(chain, never()).doFilter(any(ServletRequest.class), any(ServletResponse.class));
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
@@ -145,7 +145,7 @@ public class BasicAuthenticationFilterTests {
 		// Test
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
 		FilterChain chain = mock(FilterChain.class);
-		filter.doFilter(request, new MockHttpServletResponse(), chain);
+		this.filter.doFilter(request, new MockHttpServletResponse(), chain);
 
 		verify(chain).doFilter(any(ServletRequest.class), any(ServletResponse.class));
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull();
@@ -163,7 +163,7 @@ public class BasicAuthenticationFilterTests {
 		// Test
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
 		FilterChain chain = mock(FilterChain.class);
-		filter.doFilter(request, new MockHttpServletResponse(), chain);
+		this.filter.doFilter(request, new MockHttpServletResponse(), chain);
 
 		verify(chain).doFilter(any(ServletRequest.class), any(ServletResponse.class));
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull();
@@ -179,7 +179,7 @@ public class BasicAuthenticationFilterTests {
 
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
 		FilterChain chain = mock(FilterChain.class);
-		filter.doFilter(request, new MockHttpServletResponse(), chain);
+		this.filter.doFilter(request, new MockHttpServletResponse(), chain);
 
 		verify(chain).doFilter(any(ServletRequest.class), any(ServletResponse.class));
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull();
@@ -193,7 +193,7 @@ public class BasicAuthenticationFilterTests {
 		request.addHeader("Authorization", "SOME_OTHER_AUTHENTICATION_SCHEME");
 		request.setServletPath("/some_file.html");
 		FilterChain chain = mock(FilterChain.class);
-		filter.doFilter(request, new MockHttpServletResponse(), chain);
+		this.filter.doFilter(request, new MockHttpServletResponse(), chain);
 
 		verify(chain).doFilter(any(ServletRequest.class), any(ServletResponse.class));
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
@@ -201,7 +201,7 @@ public class BasicAuthenticationFilterTests {
 
 	@Test(expected = IllegalArgumentException.class)
 	public void testStartupDetectsMissingAuthenticationEntryPoint() {
-		new BasicAuthenticationFilter(manager, null);
+		new BasicAuthenticationFilter(this.manager, null);
 	}
 
 	@Test(expected = IllegalArgumentException.class)
@@ -218,7 +218,7 @@ public class BasicAuthenticationFilterTests {
 		final MockHttpServletResponse response1 = new MockHttpServletResponse();
 
 		FilterChain chain = mock(FilterChain.class);
-		filter.doFilter(request, response1, chain);
+		this.filter.doFilter(request, response1, chain);
 
 		verify(chain).doFilter(any(ServletRequest.class), any(ServletResponse.class));
 
@@ -234,7 +234,7 @@ public class BasicAuthenticationFilterTests {
 		final MockHttpServletResponse response2 = new MockHttpServletResponse();
 
 		chain = mock(FilterChain.class);
-		filter.doFilter(request, response2, chain);
+		this.filter.doFilter(request, response2, chain);
 
 		verify(chain, never()).doFilter(any(ServletRequest.class), any(ServletResponse.class));
 		request.setServletPath("/some_file.html");
@@ -254,10 +254,10 @@ public class BasicAuthenticationFilterTests {
 		request.setServletPath("/some_file.html");
 		request.setSession(new MockHttpSession());
 
-		filter = new BasicAuthenticationFilter(manager);
-		assertThat(filter.isIgnoreFailure()).isTrue();
+		this.filter = new BasicAuthenticationFilter(this.manager);
+		assertThat(this.filter.isIgnoreFailure()).isTrue();
 		FilterChain chain = mock(FilterChain.class);
-		filter.doFilter(request, new MockHttpServletResponse(), chain);
+		this.filter.doFilter(request, new MockHttpServletResponse(), chain);
 
 		verify(chain).doFilter(any(ServletRequest.class), any(ServletResponse.class));
 
@@ -272,11 +272,11 @@ public class BasicAuthenticationFilterTests {
 		request.addHeader("Authorization", "Basic " + new String(Base64.encodeBase64(token.getBytes())));
 		request.setServletPath("/some_file.html");
 		request.setSession(new MockHttpSession());
-		assertThat(filter.isIgnoreFailure()).isFalse();
+		assertThat(this.filter.isIgnoreFailure()).isFalse();
 		final MockHttpServletResponse response = new MockHttpServletResponse();
 
 		FilterChain chain = mock(FilterChain.class);
-		filter.doFilter(request, response, chain);
+		this.filter.doFilter(request, response, chain);
 
 		// Test - the filter chain will not be invoked, as we get a 401 forbidden response
 		verify(chain, never()).doFilter(any(ServletRequest.class), any(ServletResponse.class));
@@ -297,7 +297,7 @@ public class BasicAuthenticationFilterTests {
 
 		FilterChain chain = mock(FilterChain.class);
 
-		filter.doFilter(request, response, chain);
+		this.filter.doFilter(request, response, chain);
 
 		assertThat(response.getStatus()).isEqualTo(200);
 	}
@@ -311,11 +311,11 @@ public class BasicAuthenticationFilterTests {
 		Authentication rod = new UsernamePasswordAuthenticationToken("rod", "äöü",
 				AuthorityUtils.createAuthorityList("ROLE_1"));
 
-		manager = mock(AuthenticationManager.class);
-		when(manager.authenticate(rodRequest)).thenReturn(rod);
-		when(manager.authenticate(not(eq(rodRequest)))).thenThrow(new BadCredentialsException(""));
+		this.manager = mock(AuthenticationManager.class);
+		when(this.manager.authenticate(rodRequest)).thenReturn(rod);
+		when(this.manager.authenticate(not(eq(rodRequest)))).thenThrow(new BadCredentialsException(""));
 
-		filter = new BasicAuthenticationFilter(manager, new BasicAuthenticationEntryPoint());
+		this.filter = new BasicAuthenticationFilter(this.manager, new BasicAuthenticationEntryPoint());
 
 		String token = "rod:äöü";
 		MockHttpServletRequest request = new MockHttpServletRequest();
@@ -329,7 +329,7 @@ public class BasicAuthenticationFilterTests {
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
 		FilterChain chain = mock(FilterChain.class);
 
-		filter.doFilter(request, response, chain);
+		this.filter.doFilter(request, response, chain);
 
 		assertThat(response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
 		verify(chain).doFilter(any(ServletRequest.class), any(ServletResponse.class));
@@ -346,12 +346,12 @@ public class BasicAuthenticationFilterTests {
 		Authentication rod = new UsernamePasswordAuthenticationToken("rod", "äöü",
 				AuthorityUtils.createAuthorityList("ROLE_1"));
 
-		manager = mock(AuthenticationManager.class);
-		when(manager.authenticate(rodRequest)).thenReturn(rod);
-		when(manager.authenticate(not(eq(rodRequest)))).thenThrow(new BadCredentialsException(""));
+		this.manager = mock(AuthenticationManager.class);
+		when(this.manager.authenticate(rodRequest)).thenReturn(rod);
+		when(this.manager.authenticate(not(eq(rodRequest)))).thenThrow(new BadCredentialsException(""));
 
-		filter = new BasicAuthenticationFilter(manager, new BasicAuthenticationEntryPoint());
-		filter.setCredentialsCharset("ISO-8859-1");
+		this.filter = new BasicAuthenticationFilter(this.manager, new BasicAuthenticationEntryPoint());
+		this.filter.setCredentialsCharset("ISO-8859-1");
 
 		String token = "rod:äöü";
 		MockHttpServletRequest request = new MockHttpServletRequest();
@@ -365,7 +365,7 @@ public class BasicAuthenticationFilterTests {
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
 		FilterChain chain = mock(FilterChain.class);
 
-		filter.doFilter(request, response, chain);
+		this.filter.doFilter(request, response, chain);
 
 		assertThat(response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
 		verify(chain).doFilter(any(ServletRequest.class), any(ServletResponse.class));
@@ -382,12 +382,12 @@ public class BasicAuthenticationFilterTests {
 		Authentication rod = new UsernamePasswordAuthenticationToken("rod", "äöü",
 				AuthorityUtils.createAuthorityList("ROLE_1"));
 
-		manager = mock(AuthenticationManager.class);
-		when(manager.authenticate(rodRequest)).thenReturn(rod);
-		when(manager.authenticate(not(eq(rodRequest)))).thenThrow(new BadCredentialsException(""));
+		this.manager = mock(AuthenticationManager.class);
+		when(this.manager.authenticate(rodRequest)).thenReturn(rod);
+		when(this.manager.authenticate(not(eq(rodRequest)))).thenThrow(new BadCredentialsException(""));
 
-		filter = new BasicAuthenticationFilter(manager, new BasicAuthenticationEntryPoint());
-		filter.setCredentialsCharset("ISO-8859-1");
+		this.filter = new BasicAuthenticationFilter(this.manager, new BasicAuthenticationEntryPoint());
+		this.filter.setCredentialsCharset("ISO-8859-1");
 
 		String token = "rod:äöü";
 		MockHttpServletRequest request = new MockHttpServletRequest();
@@ -401,7 +401,7 @@ public class BasicAuthenticationFilterTests {
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
 		FilterChain chain = mock(FilterChain.class);
 
-		filter.doFilter(request, response, chain);
+		this.filter.doFilter(request, response, chain);
 
 		assertThat(response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
 		verify(chain, never()).doFilter(any(ServletRequest.class), any(ServletResponse.class));
@@ -417,7 +417,7 @@ public class BasicAuthenticationFilterTests {
 		final MockHttpServletResponse response = new MockHttpServletResponse();
 
 		FilterChain chain = mock(FilterChain.class);
-		filter.doFilter(request, response, chain);
+		this.filter.doFilter(request, response, chain);
 		verify(chain, never()).doFilter(any(ServletRequest.class), any(ServletResponse.class));
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
 		assertThat(response.getStatus()).isEqualTo(401);
diff --git a/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilterTests.java
index f1fabc3d98..cc5ae3a032 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilterTests.java
@@ -128,12 +128,12 @@ public class DigestAuthenticationFilterTests {
 		ep.setRealmName(REALM);
 		ep.setKey(KEY);
 
-		filter = new DigestAuthenticationFilter();
-		filter.setUserDetailsService(uds);
-		filter.setAuthenticationEntryPoint(ep);
+		this.filter = new DigestAuthenticationFilter();
+		this.filter.setUserDetailsService(uds);
+		this.filter.setAuthenticationEntryPoint(ep);
 
-		request = new MockHttpServletRequest("GET", REQUEST_URI);
-		request.setServletPath(REQUEST_URI);
+		this.request = new MockHttpServletRequest("GET", REQUEST_URI);
+		this.request.setServletPath(REQUEST_URI);
 	}
 
 	@Test
@@ -142,12 +142,12 @@ public class DigestAuthenticationFilterTests {
 		String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM, PASSWORD, "GET", REQUEST_URI,
 				QOP, nonce, NC, CNONCE);
 
-		request.addHeader("Authorization",
+		this.request.addHeader("Authorization",
 				createAuthorizationHeader(USERNAME, REALM, nonce, REQUEST_URI, responseDigest, QOP, NC, CNONCE));
 
 		Thread.sleep(1000); // ensures token expired
 
-		MockHttpServletResponse response = executeFilterInContainerSimulator(filter, request, false);
+		MockHttpServletResponse response = executeFilterInContainerSimulator(this.filter, this.request, false);
 
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
 		assertThat(response.getStatus()).isEqualTo(401);
@@ -164,10 +164,10 @@ public class DigestAuthenticationFilterTests {
 		String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM, PASSWORD, "GET", REQUEST_URI,
 				QOP, badNonce, NC, CNONCE);
 
-		request.addHeader("Authorization",
+		this.request.addHeader("Authorization",
 				createAuthorizationHeader(USERNAME, REALM, badNonce, REQUEST_URI, responseDigest, QOP, NC, CNONCE));
 
-		MockHttpServletResponse response = executeFilterInContainerSimulator(filter, request, false);
+		MockHttpServletResponse response = executeFilterInContainerSimulator(this.filter, this.request, false);
 
 		assertThat(response.getStatus()).isEqualTo(401);
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
@@ -175,7 +175,7 @@ public class DigestAuthenticationFilterTests {
 
 	@Test
 	public void testFilterIgnoresRequestsContainingNoAuthorizationHeader() throws Exception {
-		executeFilterInContainerSimulator(filter, request, true);
+		executeFilterInContainerSimulator(this.filter, this.request, true);
 
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
 	}
@@ -199,9 +199,9 @@ public class DigestAuthenticationFilterTests {
 	public void testInvalidDigestAuthorizationTokenGeneratesError() throws Exception {
 		String token = "NOT_A_VALID_TOKEN_AS_MISSING_COLON";
 
-		request.addHeader("Authorization", "Digest " + new String(Base64.encodeBase64(token.getBytes())));
+		this.request.addHeader("Authorization", "Digest " + new String(Base64.encodeBase64(token.getBytes())));
 
-		MockHttpServletResponse response = executeFilterInContainerSimulator(filter, request, false);
+		MockHttpServletResponse response = executeFilterInContainerSimulator(this.filter, this.request, false);
 
 		assertThat(response.getStatus()).isEqualTo(401);
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
@@ -209,9 +209,9 @@ public class DigestAuthenticationFilterTests {
 
 	@Test
 	public void testMalformedHeaderReturnsForbidden() throws Exception {
-		request.addHeader("Authorization", "Digest scsdcsdc");
+		this.request.addHeader("Authorization", "Digest scsdcsdc");
 
-		MockHttpServletResponse response = executeFilterInContainerSimulator(filter, request, false);
+		MockHttpServletResponse response = executeFilterInContainerSimulator(this.filter, this.request, false);
 
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
 		assertThat(response.getStatus()).isEqualTo(401);
@@ -224,10 +224,10 @@ public class DigestAuthenticationFilterTests {
 		String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM, PASSWORD, "GET", REQUEST_URI,
 				QOP, nonce, NC, CNONCE);
 
-		request.addHeader("Authorization",
+		this.request.addHeader("Authorization",
 				createAuthorizationHeader(USERNAME, REALM, nonce, REQUEST_URI, responseDigest, QOP, NC, CNONCE));
 
-		MockHttpServletResponse response = executeFilterInContainerSimulator(filter, request, false);
+		MockHttpServletResponse response = executeFilterInContainerSimulator(this.filter, this.request, false);
 
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
 		assertThat(response.getStatus()).isEqualTo(401);
@@ -239,10 +239,10 @@ public class DigestAuthenticationFilterTests {
 		String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM, PASSWORD, "GET", REQUEST_URI,
 				QOP, nonce, NC, CNONCE);
 
-		request.addHeader("Authorization",
+		this.request.addHeader("Authorization",
 				createAuthorizationHeader(USERNAME, REALM, nonce, REQUEST_URI, responseDigest, QOP, NC, CNONCE));
 
-		MockHttpServletResponse response = executeFilterInContainerSimulator(filter, request, false);
+		MockHttpServletResponse response = executeFilterInContainerSimulator(this.filter, this.request, false);
 
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
 		assertThat(response.getStatus()).isEqualTo(401);
@@ -254,10 +254,10 @@ public class DigestAuthenticationFilterTests {
 		String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM, PASSWORD, "GET", REQUEST_URI,
 				QOP, nonce, NC, CNONCE);
 
-		request.addHeader("Authorization",
+		this.request.addHeader("Authorization",
 				createAuthorizationHeader(USERNAME, REALM, nonce, REQUEST_URI, responseDigest, QOP, NC, CNONCE));
 
-		MockHttpServletResponse response = executeFilterInContainerSimulator(filter, request, false);
+		MockHttpServletResponse response = executeFilterInContainerSimulator(this.filter, this.request, false);
 
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
 		assertThat(response.getStatus()).isEqualTo(401);
@@ -269,10 +269,10 @@ public class DigestAuthenticationFilterTests {
 		String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM, PASSWORD, "GET", REQUEST_URI,
 				QOP, nonce, NC, CNONCE);
 
-		request.addHeader("Authorization",
+		this.request.addHeader("Authorization",
 				createAuthorizationHeader(USERNAME, REALM, nonce, REQUEST_URI, responseDigest, QOP, NC, CNONCE));
 
-		MockHttpServletResponse response = executeFilterInContainerSimulator(filter, request, false);
+		MockHttpServletResponse response = executeFilterInContainerSimulator(this.filter, this.request, false);
 
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
 		assertThat(response.getStatus()).isEqualTo(401);
@@ -284,10 +284,10 @@ public class DigestAuthenticationFilterTests {
 		String responseDigest = DigestAuthUtils.generateDigest(true, USERNAME, REALM, encodedPassword, "GET",
 				REQUEST_URI, QOP, NONCE, NC, CNONCE);
 
-		request.addHeader("Authorization",
+		this.request.addHeader("Authorization",
 				createAuthorizationHeader(USERNAME, REALM, NONCE, REQUEST_URI, responseDigest, QOP, NC, CNONCE));
 
-		executeFilterInContainerSimulator(filter, request, true);
+		executeFilterInContainerSimulator(this.filter, this.request, true);
 
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull();
 		assertThat(((UserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getUsername())
@@ -299,10 +299,10 @@ public class DigestAuthenticationFilterTests {
 		String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM, PASSWORD, "GET", REQUEST_URI,
 				QOP, NONCE, NC, CNONCE);
 
-		request.addHeader("Authorization",
+		this.request.addHeader("Authorization",
 				createAuthorizationHeader(USERNAME, REALM, NONCE, REQUEST_URI, responseDigest, QOP, NC, CNONCE));
 
-		executeFilterInContainerSimulator(filter, request, true);
+		executeFilterInContainerSimulator(this.filter, this.request, true);
 
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull();
 		assertThat(((UserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getUsername())
@@ -315,11 +315,11 @@ public class DigestAuthenticationFilterTests {
 		String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM, PASSWORD, "GET", REQUEST_URI,
 				QOP, NONCE, NC, CNONCE);
 
-		request.addHeader("Authorization",
+		this.request.addHeader("Authorization",
 				createAuthorizationHeader(USERNAME, REALM, NONCE, REQUEST_URI, responseDigest, QOP, NC, CNONCE));
 
-		filter.setCreateAuthenticatedToken(true);
-		executeFilterInContainerSimulator(filter, request, true);
+		this.filter.setCreateAuthenticatedToken(true);
+		executeFilterInContainerSimulator(this.filter, this.request, true);
 
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull();
 		assertThat(((UserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getUsername())
@@ -331,9 +331,9 @@ public class DigestAuthenticationFilterTests {
 
 	@Test
 	public void otherAuthorizationSchemeIsIgnored() throws Exception {
-		request.addHeader("Authorization", "SOME_OTHER_AUTHENTICATION_SCHEME");
+		this.request.addHeader("Authorization", "SOME_OTHER_AUTHENTICATION_SCHEME");
 
-		executeFilterInContainerSimulator(filter, request, true);
+		executeFilterInContainerSimulator(this.filter, this.request, true);
 
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
 	}
@@ -357,10 +357,10 @@ public class DigestAuthenticationFilterTests {
 		String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM, PASSWORD, "GET", REQUEST_URI,
 				QOP, NONCE, NC, CNONCE);
 
-		request.addHeader("Authorization",
+		this.request.addHeader("Authorization",
 				createAuthorizationHeader(USERNAME, REALM, NONCE, REQUEST_URI, responseDigest, QOP, NC, CNONCE));
 
-		executeFilterInContainerSimulator(filter, request, true);
+		executeFilterInContainerSimulator(this.filter, this.request, true);
 
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull();
 
@@ -368,11 +368,11 @@ public class DigestAuthenticationFilterTests {
 		responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM, "WRONG_PASSWORD", "GET", REQUEST_URI,
 				QOP, NONCE, NC, CNONCE);
 
-		request = new MockHttpServletRequest();
-		request.addHeader("Authorization",
+		this.request = new MockHttpServletRequest();
+		this.request.addHeader("Authorization",
 				createAuthorizationHeader(USERNAME, REALM, NONCE, REQUEST_URI, responseDigest, QOP, NC, CNONCE));
 
-		MockHttpServletResponse response = executeFilterInContainerSimulator(filter, request, false);
+		MockHttpServletResponse response = executeFilterInContainerSimulator(this.filter, this.request, false);
 
 		// Check we lost our previous authentication
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
@@ -386,10 +386,10 @@ public class DigestAuthenticationFilterTests {
 		String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM, PASSWORD, "GET", REQUEST_URI,
 				QOP, NONCE, NC, "DIFFERENT_CNONCE");
 
-		request.addHeader("Authorization",
+		this.request.addHeader("Authorization",
 				createAuthorizationHeader(USERNAME, REALM, NONCE, REQUEST_URI, responseDigest, QOP, NC, cnonce));
 
-		MockHttpServletResponse response = executeFilterInContainerSimulator(filter, request, false);
+		MockHttpServletResponse response = executeFilterInContainerSimulator(this.filter, this.request, false);
 
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
 		assertThat(response.getStatus()).isEqualTo(401);
@@ -401,10 +401,10 @@ public class DigestAuthenticationFilterTests {
 		String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM, password, "GET", REQUEST_URI,
 				QOP, NONCE, NC, CNONCE);
 
-		request.addHeader("Authorization",
+		this.request.addHeader("Authorization",
 				createAuthorizationHeader(USERNAME, REALM, NONCE, REQUEST_URI, responseDigest, QOP, NC, CNONCE));
 
-		MockHttpServletResponse response = executeFilterInContainerSimulator(filter, request, false);
+		MockHttpServletResponse response = executeFilterInContainerSimulator(this.filter, this.request, false);
 
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
 		assertThat(response.getStatus()).isEqualTo(401);
@@ -416,10 +416,10 @@ public class DigestAuthenticationFilterTests {
 		String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, realm, PASSWORD, "GET", REQUEST_URI,
 				QOP, NONCE, NC, CNONCE);
 
-		request.addHeader("Authorization",
+		this.request.addHeader("Authorization",
 				createAuthorizationHeader(USERNAME, realm, NONCE, REQUEST_URI, responseDigest, QOP, NC, CNONCE));
 
-		MockHttpServletResponse response = executeFilterInContainerSimulator(filter, request, false);
+		MockHttpServletResponse response = executeFilterInContainerSimulator(this.filter, this.request, false);
 
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
 		assertThat(response.getStatus()).isEqualTo(401);
@@ -430,10 +430,10 @@ public class DigestAuthenticationFilterTests {
 		String responseDigest = DigestAuthUtils.generateDigest(false, "NOT_A_KNOWN_USER", REALM, PASSWORD, "GET",
 				REQUEST_URI, QOP, NONCE, NC, CNONCE);
 
-		request.addHeader("Authorization",
+		this.request.addHeader("Authorization",
 				createAuthorizationHeader(USERNAME, REALM, NONCE, REQUEST_URI, responseDigest, QOP, NC, CNONCE));
 
-		MockHttpServletResponse response = executeFilterInContainerSimulator(filter, request, false);
+		MockHttpServletResponse response = executeFilterInContainerSimulator(this.filter, this.request, false);
 
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
 		assertThat(response.getStatus()).isEqualTo(401);
@@ -452,11 +452,11 @@ public class DigestAuthenticationFilterTests {
 		String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM, PASSWORD, "GET", REQUEST_URI,
 				QOP, NONCE, NC, CNONCE);
 
-		request.addHeader("Authorization",
+		this.request.addHeader("Authorization",
 				createAuthorizationHeader(USERNAME, REALM, NONCE, REQUEST_URI, responseDigest, QOP, NC, CNONCE));
 
-		filter.setCreateAuthenticatedToken(true);
-		executeFilterInContainerSimulator(filter, request, true);
+		this.filter.setCreateAuthenticatedToken(true);
+		executeFilterInContainerSimulator(this.filter, this.request, true);
 
 		assertThat(existingAuthentication).isSameAs(existingContext.getAuthentication());
 	}
diff --git a/web/src/test/java/org/springframework/security/web/bind/support/AuthenticationPrincipalArgumentResolverTests.java b/web/src/test/java/org/springframework/security/web/bind/support/AuthenticationPrincipalArgumentResolverTests.java
index 65ea39de3b..3a0344cb33 100644
--- a/web/src/test/java/org/springframework/security/web/bind/support/AuthenticationPrincipalArgumentResolverTests.java
+++ b/web/src/test/java/org/springframework/security/web/bind/support/AuthenticationPrincipalArgumentResolverTests.java
@@ -49,7 +49,7 @@ public class AuthenticationPrincipalArgumentResolverTests {
 
 	@Before
 	public void setup() {
-		resolver = new AuthenticationPrincipalArgumentResolver();
+		this.resolver = new AuthenticationPrincipalArgumentResolver();
 	}
 
 	@After
@@ -59,84 +59,88 @@ public class AuthenticationPrincipalArgumentResolverTests {
 
 	@Test
 	public void supportsParameterNoAnnotation() {
-		assertThat(resolver.supportsParameter(showUserNoAnnotation())).isFalse();
+		assertThat(this.resolver.supportsParameter(showUserNoAnnotation())).isFalse();
 	}
 
 	@Test
 	public void supportsParameterAnnotation() {
-		assertThat(resolver.supportsParameter(showUserAnnotationObject())).isTrue();
+		assertThat(this.resolver.supportsParameter(showUserAnnotationObject())).isTrue();
 	}
 
 	@Test
 	public void supportsParameterCustomAnnotation() {
-		assertThat(resolver.supportsParameter(showUserCustomAnnotation())).isTrue();
+		assertThat(this.resolver.supportsParameter(showUserCustomAnnotation())).isTrue();
 	}
 
 	@Test
 	public void resolveArgumentNullAuthentication() throws Exception {
-		assertThat(resolver.resolveArgument(showUserAnnotationString(), null, null, null)).isNull();
+		assertThat(this.resolver.resolveArgument(showUserAnnotationString(), null, null, null)).isNull();
 	}
 
 	@Test
 	public void resolveArgumentNullPrincipal() throws Exception {
 		setAuthenticationPrincipal(null);
-		assertThat(resolver.resolveArgument(showUserAnnotationString(), null, null, null)).isNull();
+		assertThat(this.resolver.resolveArgument(showUserAnnotationString(), null, null, null)).isNull();
 	}
 
 	@Test
 	public void resolveArgumentString() throws Exception {
 		setAuthenticationPrincipal("john");
-		assertThat(resolver.resolveArgument(showUserAnnotationString(), null, null, null)).isEqualTo(expectedPrincipal);
+		assertThat(this.resolver.resolveArgument(showUserAnnotationString(), null, null, null))
+				.isEqualTo(this.expectedPrincipal);
 	}
 
 	@Test
 	public void resolveArgumentPrincipalStringOnObject() throws Exception {
 		setAuthenticationPrincipal("john");
-		assertThat(resolver.resolveArgument(showUserAnnotationObject(), null, null, null)).isEqualTo(expectedPrincipal);
+		assertThat(this.resolver.resolveArgument(showUserAnnotationObject(), null, null, null))
+				.isEqualTo(this.expectedPrincipal);
 	}
 
 	@Test
 	public void resolveArgumentUserDetails() throws Exception {
 		setAuthenticationPrincipal(new User("user", "password", AuthorityUtils.createAuthorityList("ROLE_USER")));
-		assertThat(resolver.resolveArgument(showUserAnnotationUserDetails(), null, null, null))
-				.isEqualTo(expectedPrincipal);
+		assertThat(this.resolver.resolveArgument(showUserAnnotationUserDetails(), null, null, null))
+				.isEqualTo(this.expectedPrincipal);
 	}
 
 	@Test
 	public void resolveArgumentCustomUserPrincipal() throws Exception {
 		setAuthenticationPrincipal(new CustomUserPrincipal());
-		assertThat(resolver.resolveArgument(showUserAnnotationCustomUserPrincipal(), null, null, null))
-				.isEqualTo(expectedPrincipal);
+		assertThat(this.resolver.resolveArgument(showUserAnnotationCustomUserPrincipal(), null, null, null))
+				.isEqualTo(this.expectedPrincipal);
 	}
 
 	@Test
 	public void resolveArgumentCustomAnnotation() throws Exception {
 		setAuthenticationPrincipal(new CustomUserPrincipal());
-		assertThat(resolver.resolveArgument(showUserCustomAnnotation(), null, null, null)).isEqualTo(expectedPrincipal);
+		assertThat(this.resolver.resolveArgument(showUserCustomAnnotation(), null, null, null))
+				.isEqualTo(this.expectedPrincipal);
 	}
 
 	@Test
 	public void resolveArgumentNullOnInvalidType() throws Exception {
 		setAuthenticationPrincipal(new CustomUserPrincipal());
-		assertThat(resolver.resolveArgument(showUserAnnotationString(), null, null, null)).isNull();
+		assertThat(this.resolver.resolveArgument(showUserAnnotationString(), null, null, null)).isNull();
 	}
 
 	@Test(expected = ClassCastException.class)
 	public void resolveArgumentErrorOnInvalidType() throws Exception {
 		setAuthenticationPrincipal(new CustomUserPrincipal());
-		resolver.resolveArgument(showUserAnnotationErrorOnInvalidType(), null, null, null);
+		this.resolver.resolveArgument(showUserAnnotationErrorOnInvalidType(), null, null, null);
 	}
 
 	@Test(expected = ClassCastException.class)
 	public void resolveArgumentCustomserErrorOnInvalidType() throws Exception {
 		setAuthenticationPrincipal(new CustomUserPrincipal());
-		resolver.resolveArgument(showUserAnnotationCurrentUserErrorOnInvalidType(), null, null, null);
+		this.resolver.resolveArgument(showUserAnnotationCurrentUserErrorOnInvalidType(), null, null, null);
 	}
 
 	@Test
 	public void resolveArgumentObject() throws Exception {
 		setAuthenticationPrincipal(new Object());
-		assertThat(resolver.resolveArgument(showUserAnnotationObject(), null, null, null)).isEqualTo(expectedPrincipal);
+		assertThat(this.resolver.resolveArgument(showUserAnnotationObject(), null, null, null))
+				.isEqualTo(this.expectedPrincipal);
 	}
 
 	private MethodParameter showUserNoAnnotation() {
@@ -226,7 +230,7 @@ public class AuthenticationPrincipalArgumentResolverTests {
 	private void setAuthenticationPrincipal(Object principal) {
 		this.expectedPrincipal = principal;
 		SecurityContextHolder.getContext()
-				.setAuthentication(new TestingAuthenticationToken(expectedPrincipal, "password", "ROLE_USER"));
+				.setAuthentication(new TestingAuthenticationToken(this.expectedPrincipal, "password", "ROLE_USER"));
 	}
 
 }
diff --git a/web/src/test/java/org/springframework/security/web/context/HttpSessionSecurityContextRepositoryTests.java b/web/src/test/java/org/springframework/security/web/context/HttpSessionSecurityContextRepositoryTests.java
index ca049bad82..4d0927b4e2 100644
--- a/web/src/test/java/org/springframework/security/web/context/HttpSessionSecurityContextRepositoryTests.java
+++ b/web/src/test/java/org/springframework/security/web/context/HttpSessionSecurityContextRepositoryTests.java
@@ -120,7 +120,7 @@ public class HttpSessionSecurityContextRepositoryTests {
 		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, response);
 		SecurityContext context = repo.loadContext(holder);
 		// Change context
-		context.setAuthentication(testToken);
+		context.setAuthentication(this.testToken);
 		repo.saveContext(context, holder.getRequest(), holder.getResponse());
 		assertThat(request.getSession(false)).isNull();
 	}
@@ -130,13 +130,13 @@ public class HttpSessionSecurityContextRepositoryTests {
 		HttpSessionSecurityContextRepository repo = new HttpSessionSecurityContextRepository();
 		repo.setSpringSecurityContextKey("imTheContext");
 		MockHttpServletRequest request = new MockHttpServletRequest();
-		SecurityContextHolder.getContext().setAuthentication(testToken);
+		SecurityContextHolder.getContext().setAuthentication(this.testToken);
 		request.getSession().setAttribute("imTheContext", SecurityContextHolder.getContext());
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, response);
 		SecurityContext context = repo.loadContext(holder);
 		assertThat(context).isNotNull();
-		assertThat(context.getAuthentication()).isEqualTo(testToken);
+		assertThat(context.getAuthentication()).isEqualTo(this.testToken);
 		// Won't actually be saved as it hasn't changed, but go through the use case
 		// anyway
 		repo.saveContext(context, holder.getRequest(), holder.getResponse());
@@ -151,7 +151,7 @@ public class HttpSessionSecurityContextRepositoryTests {
 		// Set up an existing authenticated context, mocking that it is in the session
 		// already
 		SecurityContext ctx = SecurityContextHolder.getContext();
-		ctx.setAuthentication(testToken);
+		ctx.setAuthentication(this.testToken);
 		HttpSession session = mock(HttpSession.class);
 		when(session.getAttribute(SPRING_SECURITY_CONTEXT_KEY)).thenReturn(ctx);
 		request.setSession(session);
@@ -171,7 +171,7 @@ public class HttpSessionSecurityContextRepositoryTests {
 	public void nonSecurityContextInSessionIsIgnored() {
 		HttpSessionSecurityContextRepository repo = new HttpSessionSecurityContextRepository();
 		MockHttpServletRequest request = new MockHttpServletRequest();
-		SecurityContextHolder.getContext().setAuthentication(testToken);
+		SecurityContextHolder.getContext().setAuthentication(this.testToken);
 		request.getSession().setAttribute(SPRING_SECURITY_CONTEXT_KEY, "NotASecurityContextInstance");
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, response);
@@ -189,7 +189,7 @@ public class HttpSessionSecurityContextRepositoryTests {
 		SecurityContext context = repo.loadContext(holder);
 		assertThat(request.getSession(false)).isNull();
 		// Simulate authentication during the request
-		context.setAuthentication(testToken);
+		context.setAuthentication(this.testToken);
 		repo.saveContext(context, holder.getRequest(), holder.getResponse());
 		assertThat(request.getSession(false)).isNotNull();
 		assertThat(request.getSession().getAttribute(SPRING_SECURITY_CONTEXT_KEY)).isEqualTo(context);
@@ -203,7 +203,7 @@ public class HttpSessionSecurityContextRepositoryTests {
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, response);
 		SecurityContextHolder.setContext(repo.loadContext(holder));
-		SecurityContextHolder.getContext().setAuthentication(testToken);
+		SecurityContextHolder.getContext().setAuthentication(this.testToken);
 		holder.getResponse().sendRedirect("/doesntmatter");
 		assertThat(request.getSession().getAttribute("imTheContext")).isEqualTo(SecurityContextHolder.getContext());
 		assertThat(((SaveContextOnUpdateOrErrorResponseWrapper) holder.getResponse()).isContextSaved()).isTrue();
@@ -220,7 +220,7 @@ public class HttpSessionSecurityContextRepositoryTests {
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, response);
 		SecurityContextHolder.setContext(repo.loadContext(holder));
-		SecurityContextHolder.getContext().setAuthentication(testToken);
+		SecurityContextHolder.getContext().setAuthentication(this.testToken);
 		holder.getResponse().sendError(404);
 		assertThat(request.getSession().getAttribute("imTheContext")).isEqualTo(SecurityContextHolder.getContext());
 
@@ -239,7 +239,7 @@ public class HttpSessionSecurityContextRepositoryTests {
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, response);
 		SecurityContextHolder.setContext(repo.loadContext(holder));
-		SecurityContextHolder.getContext().setAuthentication(testToken);
+		SecurityContextHolder.getContext().setAuthentication(this.testToken);
 		holder.getResponse().flushBuffer();
 		assertThat(request.getSession().getAttribute("imTheContext")).isEqualTo(SecurityContextHolder.getContext());
 		assertThat(((SaveContextOnUpdateOrErrorResponseWrapper) holder.getResponse()).isContextSaved()).isTrue();
@@ -257,7 +257,7 @@ public class HttpSessionSecurityContextRepositoryTests {
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, response);
 		SecurityContextHolder.setContext(repo.loadContext(holder));
-		SecurityContextHolder.getContext().setAuthentication(testToken);
+		SecurityContextHolder.getContext().setAuthentication(this.testToken);
 		holder.getResponse().getWriter().flush();
 		assertThat(request.getSession().getAttribute("imTheContext")).isEqualTo(SecurityContextHolder.getContext());
 		assertThat(((SaveContextOnUpdateOrErrorResponseWrapper) holder.getResponse()).isContextSaved()).isTrue();
@@ -275,7 +275,7 @@ public class HttpSessionSecurityContextRepositoryTests {
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, response);
 		SecurityContextHolder.setContext(repo.loadContext(holder));
-		SecurityContextHolder.getContext().setAuthentication(testToken);
+		SecurityContextHolder.getContext().setAuthentication(this.testToken);
 		holder.getResponse().getWriter().close();
 		assertThat(request.getSession().getAttribute("imTheContext")).isEqualTo(SecurityContextHolder.getContext());
 		assertThat(((SaveContextOnUpdateOrErrorResponseWrapper) holder.getResponse()).isContextSaved()).isTrue();
@@ -293,7 +293,7 @@ public class HttpSessionSecurityContextRepositoryTests {
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, response);
 		SecurityContextHolder.setContext(repo.loadContext(holder));
-		SecurityContextHolder.getContext().setAuthentication(testToken);
+		SecurityContextHolder.getContext().setAuthentication(this.testToken);
 		holder.getResponse().getOutputStream().flush();
 		assertThat(request.getSession().getAttribute("imTheContext")).isEqualTo(SecurityContextHolder.getContext());
 		assertThat(((SaveContextOnUpdateOrErrorResponseWrapper) holder.getResponse()).isContextSaved()).isTrue();
@@ -311,7 +311,7 @@ public class HttpSessionSecurityContextRepositoryTests {
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, response);
 		SecurityContextHolder.setContext(repo.loadContext(holder));
-		SecurityContextHolder.getContext().setAuthentication(testToken);
+		SecurityContextHolder.getContext().setAuthentication(this.testToken);
 		holder.getResponse().getOutputStream().close();
 		assertThat(request.getSession().getAttribute("imTheContext")).isEqualTo(SecurityContextHolder.getContext());
 		assertThat(((SaveContextOnUpdateOrErrorResponseWrapper) holder.getResponse()).isContextSaved()).isTrue();
@@ -331,7 +331,7 @@ public class HttpSessionSecurityContextRepositoryTests {
 		when(response.getOutputStream()).thenReturn(outputstream);
 		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, response);
 		SecurityContextHolder.setContext(repo.loadContext(holder));
-		SecurityContextHolder.getContext().setAuthentication(testToken);
+		SecurityContextHolder.getContext().setAuthentication(this.testToken);
 		holder.getResponse().getOutputStream().close();
 		verify(outputstream).close();
 	}
@@ -347,7 +347,7 @@ public class HttpSessionSecurityContextRepositoryTests {
 		when(response.getOutputStream()).thenReturn(outputstream);
 		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, response);
 		SecurityContextHolder.setContext(repo.loadContext(holder));
-		SecurityContextHolder.getContext().setAuthentication(testToken);
+		SecurityContextHolder.getContext().setAuthentication(this.testToken);
 		holder.getResponse().getOutputStream().flush();
 		verify(outputstream).flush();
 	}
@@ -360,7 +360,7 @@ public class HttpSessionSecurityContextRepositoryTests {
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, response);
 		SecurityContextHolder.setContext(repo.loadContext(holder));
-		SecurityContextHolder.getContext().setAuthentication(testToken);
+		SecurityContextHolder.getContext().setAuthentication(this.testToken);
 		request.getSession().invalidate();
 		repo.saveContext(SecurityContextHolder.getContext(), holder.getRequest(), holder.getResponse());
 		assertThat(request.getSession(false)).isNull();
@@ -386,12 +386,12 @@ public class HttpSessionSecurityContextRepositoryTests {
 		HttpSessionSecurityContextRepository repo = new HttpSessionSecurityContextRepository();
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		SecurityContext ctxInSession = SecurityContextHolder.createEmptyContext();
-		ctxInSession.setAuthentication(testToken);
+		ctxInSession.setAuthentication(this.testToken);
 		request.getSession().setAttribute(SPRING_SECURITY_CONTEXT_KEY, ctxInSession);
 		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, new MockHttpServletResponse());
 		repo.loadContext(holder);
 		SecurityContextHolder.getContext()
-				.setAuthentication(new AnonymousAuthenticationToken("x", "x", testToken.getAuthorities()));
+				.setAuthentication(new AnonymousAuthenticationToken("x", "x", this.testToken.getAuthorities()));
 		repo.saveContext(SecurityContextHolder.getContext(), holder.getRequest(), holder.getResponse());
 		assertThat(request.getSession().getAttribute(SPRING_SECURITY_CONTEXT_KEY)).isNull();
 	}
@@ -402,7 +402,7 @@ public class HttpSessionSecurityContextRepositoryTests {
 		repo.setSpringSecurityContextKey("imTheContext");
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		SecurityContext ctxInSession = SecurityContextHolder.createEmptyContext();
-		ctxInSession.setAuthentication(testToken);
+		ctxInSession.setAuthentication(this.testToken);
 		request.getSession().setAttribute("imTheContext", ctxInSession);
 		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, new MockHttpServletResponse());
 		repo.loadContext(holder);
@@ -419,7 +419,7 @@ public class HttpSessionSecurityContextRepositoryTests {
 		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, new MockHttpServletResponse());
 		repo.loadContext(holder);
 		SecurityContext ctxInSession = SecurityContextHolder.createEmptyContext();
-		ctxInSession.setAuthentication(testToken);
+		ctxInSession.setAuthentication(this.testToken);
 		request.getSession().setAttribute(SPRING_SECURITY_CONTEXT_KEY, ctxInSession);
 		SecurityContextHolder.getContext().setAuthentication(
 				new AnonymousAuthenticationToken("x", "x", AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS")));
@@ -433,7 +433,7 @@ public class HttpSessionSecurityContextRepositoryTests {
 		HttpSessionSecurityContextRepository repo = new HttpSessionSecurityContextRepository();
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		SecurityContext ctxInSession = SecurityContextHolder.createEmptyContext();
-		ctxInSession.setAuthentication(testToken);
+		ctxInSession.setAuthentication(this.testToken);
 		request.getSession().setAttribute(SPRING_SECURITY_CONTEXT_KEY, ctxInSession);
 
 		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, new MockHttpServletResponse());
@@ -492,7 +492,7 @@ public class HttpSessionSecurityContextRepositoryTests {
 	@Test
 	public void saveContextCustomTrustResolver() {
 		SecurityContext contextToSave = SecurityContextHolder.createEmptyContext();
-		contextToSave.setAuthentication(testToken);
+		contextToSave.setAuthentication(this.testToken);
 		HttpSessionSecurityContextRepository repo = new HttpSessionSecurityContextRepository();
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, new MockHttpServletResponse());
@@ -521,7 +521,7 @@ public class HttpSessionSecurityContextRepositoryTests {
 		SecurityContext context = repo.loadContext(holder);
 		assertThat(request.getSession(false)).isNull();
 		// Simulate authentication during the request
-		context.setAuthentication(testToken);
+		context.setAuthentication(this.testToken);
 
 		repo.saveContext(context, new HttpServletRequestWrapper(holder.getRequest()),
 				new HttpServletResponseWrapper(holder.getResponse()));
@@ -536,7 +536,7 @@ public class HttpSessionSecurityContextRepositoryTests {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		SecurityContext context = SecurityContextHolder.createEmptyContext();
-		context.setAuthentication(testToken);
+		context.setAuthentication(this.testToken);
 
 		repo.saveContext(context, request, response);
 	}
diff --git a/web/src/test/java/org/springframework/security/web/context/SaveContextOnUpdateOrErrorResponseWrapperTests.java b/web/src/test/java/org/springframework/security/web/context/SaveContextOnUpdateOrErrorResponseWrapperTests.java
index 3d2040bab5..8ea6d0344e 100644
--- a/web/src/test/java/org/springframework/security/web/context/SaveContextOnUpdateOrErrorResponseWrapperTests.java
+++ b/web/src/test/java/org/springframework/security/web/context/SaveContextOnUpdateOrErrorResponseWrapperTests.java
@@ -47,9 +47,9 @@ public class SaveContextOnUpdateOrErrorResponseWrapperTests {
 
 	@Before
 	public void setUp() {
-		response = new MockHttpServletResponse();
-		wrappedResponse = new SaveContextOnUpdateOrErrorResponseWrapperStub(response, true);
-		SecurityContextHolder.setContext(securityContext);
+		this.response = new MockHttpServletResponse();
+		this.wrappedResponse = new SaveContextOnUpdateOrErrorResponseWrapperStub(this.response, true);
+		SecurityContextHolder.setContext(this.securityContext);
 	}
 
 	@After
@@ -60,121 +60,121 @@ public class SaveContextOnUpdateOrErrorResponseWrapperTests {
 	@Test
 	public void sendErrorSavesSecurityContext() throws Exception {
 		int error = HttpServletResponse.SC_FORBIDDEN;
-		wrappedResponse.sendError(error);
-		assertThat(wrappedResponse.securityContext).isEqualTo(securityContext);
-		assertThat(response.getStatus()).isEqualTo(error);
+		this.wrappedResponse.sendError(error);
+		assertThat(this.wrappedResponse.securityContext).isEqualTo(this.securityContext);
+		assertThat(this.response.getStatus()).isEqualTo(error);
 	}
 
 	@Test
 	public void sendErrorSkipsSaveSecurityContextDisables() throws Exception {
 		final int error = HttpServletResponse.SC_FORBIDDEN;
-		wrappedResponse.disableSaveOnResponseCommitted();
-		wrappedResponse.sendError(error);
-		assertThat(wrappedResponse.securityContext).isNull();
-		assertThat(response.getStatus()).isEqualTo(error);
+		this.wrappedResponse.disableSaveOnResponseCommitted();
+		this.wrappedResponse.sendError(error);
+		assertThat(this.wrappedResponse.securityContext).isNull();
+		assertThat(this.response.getStatus()).isEqualTo(error);
 	}
 
 	@Test
 	public void sendErrorWithMessageSavesSecurityContext() throws Exception {
 		int error = HttpServletResponse.SC_FORBIDDEN;
 		String message = "Forbidden";
-		wrappedResponse.sendError(error, message);
-		assertThat(wrappedResponse.securityContext).isEqualTo(securityContext);
-		assertThat(response.getStatus()).isEqualTo(error);
-		assertThat(response.getErrorMessage()).isEqualTo(message);
+		this.wrappedResponse.sendError(error, message);
+		assertThat(this.wrappedResponse.securityContext).isEqualTo(this.securityContext);
+		assertThat(this.response.getStatus()).isEqualTo(error);
+		assertThat(this.response.getErrorMessage()).isEqualTo(message);
 	}
 
 	@Test
 	public void sendErrorWithMessageSkipsSaveSecurityContextDisables() throws Exception {
 		final int error = HttpServletResponse.SC_FORBIDDEN;
 		final String message = "Forbidden";
-		wrappedResponse.disableSaveOnResponseCommitted();
-		wrappedResponse.sendError(error, message);
-		assertThat(wrappedResponse.securityContext).isNull();
-		assertThat(response.getStatus()).isEqualTo(error);
-		assertThat(response.getErrorMessage()).isEqualTo(message);
+		this.wrappedResponse.disableSaveOnResponseCommitted();
+		this.wrappedResponse.sendError(error, message);
+		assertThat(this.wrappedResponse.securityContext).isNull();
+		assertThat(this.response.getStatus()).isEqualTo(error);
+		assertThat(this.response.getErrorMessage()).isEqualTo(message);
 	}
 
 	@Test
 	public void sendRedirectSavesSecurityContext() throws Exception {
 		String url = "/location";
-		wrappedResponse.sendRedirect(url);
-		assertThat(wrappedResponse.securityContext).isEqualTo(securityContext);
-		assertThat(response.getRedirectedUrl()).isEqualTo(url);
+		this.wrappedResponse.sendRedirect(url);
+		assertThat(this.wrappedResponse.securityContext).isEqualTo(this.securityContext);
+		assertThat(this.response.getRedirectedUrl()).isEqualTo(url);
 	}
 
 	@Test
 	public void sendRedirectSkipsSaveSecurityContextDisables() throws Exception {
 		final String url = "/location";
-		wrappedResponse.disableSaveOnResponseCommitted();
-		wrappedResponse.sendRedirect(url);
-		assertThat(wrappedResponse.securityContext).isNull();
-		assertThat(response.getRedirectedUrl()).isEqualTo(url);
+		this.wrappedResponse.disableSaveOnResponseCommitted();
+		this.wrappedResponse.sendRedirect(url);
+		assertThat(this.wrappedResponse.securityContext).isNull();
+		assertThat(this.response.getRedirectedUrl()).isEqualTo(url);
 	}
 
 	@Test
 	public void outputFlushSavesSecurityContext() throws Exception {
-		wrappedResponse.getOutputStream().flush();
-		assertThat(wrappedResponse.securityContext).isEqualTo(securityContext);
+		this.wrappedResponse.getOutputStream().flush();
+		assertThat(this.wrappedResponse.securityContext).isEqualTo(this.securityContext);
 	}
 
 	@Test
 	public void outputFlushSkipsSaveSecurityContextDisables() throws Exception {
-		wrappedResponse.disableSaveOnResponseCommitted();
-		wrappedResponse.getOutputStream().flush();
-		assertThat(wrappedResponse.securityContext).isNull();
+		this.wrappedResponse.disableSaveOnResponseCommitted();
+		this.wrappedResponse.getOutputStream().flush();
+		assertThat(this.wrappedResponse.securityContext).isNull();
 	}
 
 	@Test
 	public void outputCloseSavesSecurityContext() throws Exception {
-		wrappedResponse.getOutputStream().close();
-		assertThat(wrappedResponse.securityContext).isEqualTo(securityContext);
+		this.wrappedResponse.getOutputStream().close();
+		assertThat(this.wrappedResponse.securityContext).isEqualTo(this.securityContext);
 	}
 
 	@Test
 	public void outputCloseSkipsSaveSecurityContextDisables() throws Exception {
-		wrappedResponse.disableSaveOnResponseCommitted();
-		wrappedResponse.getOutputStream().close();
-		assertThat(wrappedResponse.securityContext).isNull();
+		this.wrappedResponse.disableSaveOnResponseCommitted();
+		this.wrappedResponse.getOutputStream().close();
+		assertThat(this.wrappedResponse.securityContext).isNull();
 	}
 
 	@Test
 	public void writerFlushSavesSecurityContext() throws Exception {
-		wrappedResponse.getWriter().flush();
-		assertThat(wrappedResponse.securityContext).isEqualTo(securityContext);
+		this.wrappedResponse.getWriter().flush();
+		assertThat(this.wrappedResponse.securityContext).isEqualTo(this.securityContext);
 	}
 
 	@Test
 	public void writerFlushSkipsSaveSecurityContextDisables() throws Exception {
-		wrappedResponse.disableSaveOnResponseCommitted();
-		wrappedResponse.getWriter().flush();
-		assertThat(wrappedResponse.securityContext).isNull();
+		this.wrappedResponse.disableSaveOnResponseCommitted();
+		this.wrappedResponse.getWriter().flush();
+		assertThat(this.wrappedResponse.securityContext).isNull();
 	}
 
 	@Test
 	public void writerCloseSavesSecurityContext() throws Exception {
-		wrappedResponse.getWriter().close();
-		assertThat(wrappedResponse.securityContext).isEqualTo(securityContext);
+		this.wrappedResponse.getWriter().close();
+		assertThat(this.wrappedResponse.securityContext).isEqualTo(this.securityContext);
 	}
 
 	@Test
 	public void writerCloseSkipsSaveSecurityContextDisables() throws Exception {
-		wrappedResponse.disableSaveOnResponseCommitted();
-		wrappedResponse.getWriter().close();
-		assertThat(wrappedResponse.securityContext).isNull();
+		this.wrappedResponse.disableSaveOnResponseCommitted();
+		this.wrappedResponse.getWriter().close();
+		assertThat(this.wrappedResponse.securityContext).isNull();
 	}
 
 	@Test
 	public void flushBufferSavesSecurityContext() throws Exception {
-		wrappedResponse.flushBuffer();
-		assertThat(wrappedResponse.securityContext).isEqualTo(securityContext);
+		this.wrappedResponse.flushBuffer();
+		assertThat(this.wrappedResponse.securityContext).isEqualTo(this.securityContext);
 	}
 
 	@Test
 	public void flushBufferSkipsSaveSecurityContextDisables() throws Exception {
-		wrappedResponse.disableSaveOnResponseCommitted();
-		wrappedResponse.flushBuffer();
-		assertThat(wrappedResponse.securityContext).isNull();
+		this.wrappedResponse.disableSaveOnResponseCommitted();
+		this.wrappedResponse.flushBuffer();
+		assertThat(this.wrappedResponse.securityContext).isNull();
 	}
 
 	private static class SaveContextOnUpdateOrErrorResponseWrapperStub
@@ -188,7 +188,7 @@ public class SaveContextOnUpdateOrErrorResponseWrapperTests {
 
 		@Override
 		protected void saveContext(SecurityContext context) {
-			securityContext = context;
+			this.securityContext = context;
 		}
 
 	}
diff --git a/web/src/test/java/org/springframework/security/web/context/SecurityContextPersistenceFilterTests.java b/web/src/test/java/org/springframework/security/web/context/SecurityContextPersistenceFilterTests.java
index c0447913d3..8bd39186b2 100644
--- a/web/src/test/java/org/springframework/security/web/context/SecurityContextPersistenceFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/context/SecurityContextPersistenceFilterTests.java
@@ -54,7 +54,7 @@ public class SecurityContextPersistenceFilterTests {
 		final MockHttpServletRequest request = new MockHttpServletRequest();
 		final MockHttpServletResponse response = new MockHttpServletResponse();
 		SecurityContextPersistenceFilter filter = new SecurityContextPersistenceFilter();
-		SecurityContextHolder.getContext().setAuthentication(testToken);
+		SecurityContextHolder.getContext().setAuthentication(this.testToken);
 
 		filter.doFilter(request, response, chain);
 		verify(chain).doFilter(any(ServletRequest.class), any(ServletResponse.class));
@@ -67,7 +67,7 @@ public class SecurityContextPersistenceFilterTests {
 		final MockHttpServletRequest request = new MockHttpServletRequest();
 		final MockHttpServletResponse response = new MockHttpServletResponse();
 		SecurityContextPersistenceFilter filter = new SecurityContextPersistenceFilter();
-		SecurityContextHolder.getContext().setAuthentication(testToken);
+		SecurityContextHolder.getContext().setAuthentication(this.testToken);
 		doThrow(new IOException()).when(chain).doFilter(any(ServletRequest.class), any(ServletResponse.class));
 		try {
 			filter.doFilter(request, response, chain);
@@ -86,7 +86,7 @@ public class SecurityContextPersistenceFilterTests {
 		final TestingAuthenticationToken beforeAuth = new TestingAuthenticationToken("someoneelse", "passwd", "ROLE_B");
 		final SecurityContext scBefore = new SecurityContextImpl();
 		final SecurityContext scExpectedAfter = new SecurityContextImpl();
-		scExpectedAfter.setAuthentication(testToken);
+		scExpectedAfter.setAuthentication(this.testToken);
 		scBefore.setAuthentication(beforeAuth);
 		final SecurityContextRepository repo = mock(SecurityContextRepository.class);
 		SecurityContextPersistenceFilter filter = new SecurityContextPersistenceFilter(repo);
diff --git a/web/src/test/java/org/springframework/security/web/context/request/async/SecurityContextCallableProcessingInterceptorTests.java b/web/src/test/java/org/springframework/security/web/context/request/async/SecurityContextCallableProcessingInterceptorTests.java
index c7527604fa..46a235bfe5 100644
--- a/web/src/test/java/org/springframework/security/web/context/request/async/SecurityContextCallableProcessingInterceptorTests.java
+++ b/web/src/test/java/org/springframework/security/web/context/request/async/SecurityContextCallableProcessingInterceptorTests.java
@@ -58,27 +58,27 @@ public class SecurityContextCallableProcessingInterceptorTests {
 	@Test
 	public void currentSecurityContext() throws Exception {
 		SecurityContextCallableProcessingInterceptor interceptor = new SecurityContextCallableProcessingInterceptor();
-		SecurityContextHolder.setContext(securityContext);
-		interceptor.beforeConcurrentHandling(webRequest, callable);
+		SecurityContextHolder.setContext(this.securityContext);
+		interceptor.beforeConcurrentHandling(this.webRequest, this.callable);
 		SecurityContextHolder.clearContext();
 
-		interceptor.preProcess(webRequest, callable);
-		assertThat(SecurityContextHolder.getContext()).isSameAs(securityContext);
+		interceptor.preProcess(this.webRequest, this.callable);
+		assertThat(SecurityContextHolder.getContext()).isSameAs(this.securityContext);
 
-		interceptor.postProcess(webRequest, callable, null);
-		assertThat(SecurityContextHolder.getContext()).isNotSameAs(securityContext);
+		interceptor.postProcess(this.webRequest, this.callable, null);
+		assertThat(SecurityContextHolder.getContext()).isNotSameAs(this.securityContext);
 	}
 
 	@Test
 	public void specificSecurityContext() throws Exception {
 		SecurityContextCallableProcessingInterceptor interceptor = new SecurityContextCallableProcessingInterceptor(
-				securityContext);
+				this.securityContext);
 
-		interceptor.preProcess(webRequest, callable);
-		assertThat(SecurityContextHolder.getContext()).isSameAs(securityContext);
+		interceptor.preProcess(this.webRequest, this.callable);
+		assertThat(SecurityContextHolder.getContext()).isSameAs(this.securityContext);
 
-		interceptor.postProcess(webRequest, callable, null);
-		assertThat(SecurityContextHolder.getContext()).isNotSameAs(securityContext);
+		interceptor.postProcess(this.webRequest, this.callable, null);
+		assertThat(SecurityContextHolder.getContext()).isNotSameAs(this.securityContext);
 	}
 
 }
diff --git a/web/src/test/java/org/springframework/security/web/context/request/async/WebAsyncManagerIntegrationFilterTests.java b/web/src/test/java/org/springframework/security/web/context/request/async/WebAsyncManagerIntegrationFilterTests.java
index bcc21e6c6c..ad49a9e4df 100644
--- a/web/src/test/java/org/springframework/security/web/context/request/async/WebAsyncManagerIntegrationFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/context/request/async/WebAsyncManagerIntegrationFilterTests.java
@@ -70,18 +70,18 @@ public class WebAsyncManagerIntegrationFilterTests {
 
 	@Before
 	public void setUp() {
-		filterChain = new MockFilterChain();
+		this.filterChain = new MockFilterChain();
 
-		threadFactory = new JoinableThreadFactory();
+		this.threadFactory = new JoinableThreadFactory();
 		SimpleAsyncTaskExecutor executor = new SimpleAsyncTaskExecutor();
-		executor.setThreadFactory(threadFactory);
+		executor.setThreadFactory(this.threadFactory);
 
-		asyncManager = WebAsyncUtils.getAsyncManager(request);
-		asyncManager.setAsyncWebRequest(asyncWebRequest);
-		asyncManager.setTaskExecutor(executor);
-		when(request.getAttribute(WebAsyncUtils.WEB_ASYNC_MANAGER_ATTRIBUTE)).thenReturn(asyncManager);
+		this.asyncManager = WebAsyncUtils.getAsyncManager(this.request);
+		this.asyncManager.setAsyncWebRequest(this.asyncWebRequest);
+		this.asyncManager.setTaskExecutor(executor);
+		when(this.request.getAttribute(WebAsyncUtils.WEB_ASYNC_MANAGER_ATTRIBUTE)).thenReturn(this.asyncManager);
 
-		filter = new WebAsyncManagerIntegrationFilter();
+		this.filter = new WebAsyncManagerIntegrationFilter();
 	}
 
 	@After
@@ -91,37 +91,39 @@ public class WebAsyncManagerIntegrationFilterTests {
 
 	@Test
 	public void doFilterInternalRegistersSecurityContextCallableProcessor() throws Exception {
-		SecurityContextHolder.setContext(securityContext);
-		asyncManager.registerCallableInterceptors(new CallableProcessingInterceptorAdapter() {
+		SecurityContextHolder.setContext(this.securityContext);
+		this.asyncManager.registerCallableInterceptors(new CallableProcessingInterceptorAdapter() {
 			@Override
 			public <T> void postProcess(NativeWebRequest request, Callable<T> task, Object concurrentResult) {
-				assertThat(SecurityContextHolder.getContext()).isNotSameAs(securityContext);
+				assertThat(SecurityContextHolder.getContext())
+						.isNotSameAs(WebAsyncManagerIntegrationFilterTests.this.securityContext);
 			}
 		});
-		filter.doFilterInternal(request, response, filterChain);
+		this.filter.doFilterInternal(this.request, this.response, this.filterChain);
 
 		VerifyingCallable verifyingCallable = new VerifyingCallable();
-		asyncManager.startCallableProcessing(verifyingCallable);
-		threadFactory.join();
-		assertThat(asyncManager.getConcurrentResult()).isSameAs(securityContext);
+		this.asyncManager.startCallableProcessing(verifyingCallable);
+		this.threadFactory.join();
+		assertThat(this.asyncManager.getConcurrentResult()).isSameAs(this.securityContext);
 	}
 
 	@Test
 	public void doFilterInternalRegistersSecurityContextCallableProcessorContextUpdated() throws Exception {
 		SecurityContextHolder.setContext(SecurityContextHolder.createEmptyContext());
-		asyncManager.registerCallableInterceptors(new CallableProcessingInterceptorAdapter() {
+		this.asyncManager.registerCallableInterceptors(new CallableProcessingInterceptorAdapter() {
 			@Override
 			public <T> void postProcess(NativeWebRequest request, Callable<T> task, Object concurrentResult) {
-				assertThat(SecurityContextHolder.getContext()).isNotSameAs(securityContext);
+				assertThat(SecurityContextHolder.getContext())
+						.isNotSameAs(WebAsyncManagerIntegrationFilterTests.this.securityContext);
 			}
 		});
-		filter.doFilterInternal(request, response, filterChain);
-		SecurityContextHolder.setContext(securityContext);
+		this.filter.doFilterInternal(this.request, this.response, this.filterChain);
+		SecurityContextHolder.setContext(this.securityContext);
 
 		VerifyingCallable verifyingCallable = new VerifyingCallable();
-		asyncManager.startCallableProcessing(verifyingCallable);
-		threadFactory.join();
-		assertThat(asyncManager.getConcurrentResult()).isSameAs(securityContext);
+		this.asyncManager.startCallableProcessing(verifyingCallable);
+		this.threadFactory.join();
+		assertThat(this.asyncManager.getConcurrentResult()).isSameAs(this.securityContext);
 	}
 
 	private static final class JoinableThreadFactory implements ThreadFactory {
@@ -129,12 +131,12 @@ public class WebAsyncManagerIntegrationFilterTests {
 		private Thread t;
 
 		public Thread newThread(Runnable r) {
-			t = new Thread(r);
-			return t;
+			this.t = new Thread(r);
+			return this.t;
 		}
 
 		public void join() throws InterruptedException {
-			t.join();
+			this.t.join();
 		}
 
 	}
diff --git a/web/src/test/java/org/springframework/security/web/csrf/CsrfLogoutHandlerTests.java b/web/src/test/java/org/springframework/security/web/csrf/CsrfLogoutHandlerTests.java
index e2dbd09701..424df7e7a1 100644
--- a/web/src/test/java/org/springframework/security/web/csrf/CsrfLogoutHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/csrf/CsrfLogoutHandlerTests.java
@@ -45,9 +45,9 @@ public class CsrfLogoutHandlerTests {
 
 	@Before
 	public void setup() {
-		request = new MockHttpServletRequest();
-		response = new MockHttpServletResponse();
-		handler = new CsrfLogoutHandler(csrfTokenRepository);
+		this.request = new MockHttpServletRequest();
+		this.response = new MockHttpServletResponse();
+		this.handler = new CsrfLogoutHandler(this.csrfTokenRepository);
 	}
 
 	@Test(expected = IllegalArgumentException.class)
@@ -57,9 +57,10 @@ public class CsrfLogoutHandlerTests {
 
 	@Test
 	public void logoutRemovesCsrfToken() {
-		handler.logout(request, response, new TestingAuthenticationToken("user", "password", "ROLE_USER"));
+		this.handler.logout(this.request, this.response,
+				new TestingAuthenticationToken("user", "password", "ROLE_USER"));
 
-		verify(csrfTokenRepository).saveToken(null, request, response);
+		verify(this.csrfTokenRepository).saveToken(null, this.request, this.response);
 	}
 
 }
diff --git a/web/src/test/java/org/springframework/security/web/csrf/DefaultCsrfTokenTests.java b/web/src/test/java/org/springframework/security/web/csrf/DefaultCsrfTokenTests.java
index 48b5710bcf..2fbfc69992 100644
--- a/web/src/test/java/org/springframework/security/web/csrf/DefaultCsrfTokenTests.java
+++ b/web/src/test/java/org/springframework/security/web/csrf/DefaultCsrfTokenTests.java
@@ -31,32 +31,32 @@ public class DefaultCsrfTokenTests {
 
 	@Test(expected = IllegalArgumentException.class)
 	public void constructorNullHeaderName() {
-		new DefaultCsrfToken(null, parameterName, tokenValue);
+		new DefaultCsrfToken(null, this.parameterName, this.tokenValue);
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void constructorEmptyHeaderName() {
-		new DefaultCsrfToken("", parameterName, tokenValue);
+		new DefaultCsrfToken("", this.parameterName, this.tokenValue);
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void constructorNullParameterName() {
-		new DefaultCsrfToken(headerName, null, tokenValue);
+		new DefaultCsrfToken(this.headerName, null, this.tokenValue);
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void constructorEmptyParameterName() {
-		new DefaultCsrfToken(headerName, "", tokenValue);
+		new DefaultCsrfToken(this.headerName, "", this.tokenValue);
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void constructorNullTokenValue() {
-		new DefaultCsrfToken(headerName, parameterName, null);
+		new DefaultCsrfToken(this.headerName, this.parameterName, null);
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void constructorEmptyTokenValue() {
-		new DefaultCsrfToken(headerName, parameterName, "");
+		new DefaultCsrfToken(this.headerName, this.parameterName, "");
 	}
 
 }
diff --git a/web/src/test/java/org/springframework/security/web/csrf/HttpSessionCsrfTokenRepositoryTests.java b/web/src/test/java/org/springframework/security/web/csrf/HttpSessionCsrfTokenRepositoryTests.java
index 6145fd1329..3280c2741a 100644
--- a/web/src/test/java/org/springframework/security/web/csrf/HttpSessionCsrfTokenRepositoryTests.java
+++ b/web/src/test/java/org/springframework/security/web/csrf/HttpSessionCsrfTokenRepositoryTests.java
@@ -39,19 +39,19 @@ public class HttpSessionCsrfTokenRepositoryTests {
 
 	@Before
 	public void setup() {
-		request = new MockHttpServletRequest();
-		response = new MockHttpServletResponse();
-		repo = new HttpSessionCsrfTokenRepository();
+		this.request = new MockHttpServletRequest();
+		this.response = new MockHttpServletResponse();
+		this.repo = new HttpSessionCsrfTokenRepository();
 	}
 
 	@Test
 	public void generateToken() {
-		token = repo.generateToken(request);
+		this.token = this.repo.generateToken(this.request);
 
-		assertThat(token.getParameterName()).isEqualTo("_csrf");
-		assertThat(token.getToken()).isNotEmpty();
+		assertThat(this.token.getParameterName()).isEqualTo("_csrf");
+		assertThat(this.token.getToken()).isNotEmpty();
 
-		CsrfToken loadedToken = repo.loadToken(request);
+		CsrfToken loadedToken = this.repo.loadToken(this.request);
 
 		assertThat(loadedToken).isNull();
 	}
@@ -59,44 +59,44 @@ public class HttpSessionCsrfTokenRepositoryTests {
 	@Test
 	public void generateCustomParameter() {
 		String paramName = "_csrf";
-		repo.setParameterName(paramName);
+		this.repo.setParameterName(paramName);
 
-		token = repo.generateToken(request);
+		this.token = this.repo.generateToken(this.request);
 
-		assertThat(token.getParameterName()).isEqualTo(paramName);
-		assertThat(token.getToken()).isNotEmpty();
+		assertThat(this.token.getParameterName()).isEqualTo(paramName);
+		assertThat(this.token.getToken()).isNotEmpty();
 	}
 
 	@Test
 	public void generateCustomHeader() {
 		String headerName = "CSRF";
-		repo.setHeaderName(headerName);
+		this.repo.setHeaderName(headerName);
 
-		token = repo.generateToken(request);
+		this.token = this.repo.generateToken(this.request);
 
-		assertThat(token.getHeaderName()).isEqualTo(headerName);
-		assertThat(token.getToken()).isNotEmpty();
+		assertThat(this.token.getHeaderName()).isEqualTo(headerName);
+		assertThat(this.token.getToken()).isNotEmpty();
 	}
 
 	@Test
 	public void loadTokenNull() {
-		assertThat(repo.loadToken(request)).isNull();
-		assertThat(request.getSession(false)).isNull();
+		assertThat(this.repo.loadToken(this.request)).isNull();
+		assertThat(this.request.getSession(false)).isNull();
 	}
 
 	@Test
 	public void loadTokenNullWhenSessionExists() {
-		request.getSession();
-		assertThat(repo.loadToken(request)).isNull();
+		this.request.getSession();
+		assertThat(this.repo.loadToken(this.request)).isNull();
 	}
 
 	@Test
 	public void saveToken() {
 		CsrfToken tokenToSave = new DefaultCsrfToken("123", "abc", "def");
-		repo.saveToken(tokenToSave, request, response);
+		this.repo.saveToken(tokenToSave, this.request, this.response);
 
-		String attrName = request.getSession().getAttributeNames().nextElement();
-		CsrfToken loadedToken = (CsrfToken) request.getSession().getAttribute(attrName);
+		String attrName = this.request.getSession().getAttributeNames().nextElement();
+		CsrfToken loadedToken = (CsrfToken) this.request.getSession().getAttribute(attrName);
 
 		assertThat(loadedToken).isEqualTo(tokenToSave);
 	}
@@ -105,10 +105,10 @@ public class HttpSessionCsrfTokenRepositoryTests {
 	public void saveTokenCustomSessionAttribute() {
 		CsrfToken tokenToSave = new DefaultCsrfToken("123", "abc", "def");
 		String sessionAttributeName = "custom";
-		repo.setSessionAttributeName(sessionAttributeName);
-		repo.saveToken(tokenToSave, request, response);
+		this.repo.setSessionAttributeName(sessionAttributeName);
+		this.repo.saveToken(tokenToSave, this.request, this.response);
 
-		CsrfToken loadedToken = (CsrfToken) request.getSession().getAttribute(sessionAttributeName);
+		CsrfToken loadedToken = (CsrfToken) this.request.getSession().getAttribute(sessionAttributeName);
 
 		assertThat(loadedToken).isEqualTo(tokenToSave);
 	}
@@ -117,37 +117,37 @@ public class HttpSessionCsrfTokenRepositoryTests {
 	public void saveTokenNullToken() {
 		saveToken();
 
-		repo.saveToken(null, request, response);
+		this.repo.saveToken(null, this.request, this.response);
 
-		assertThat(request.getSession().getAttributeNames().hasMoreElements()).isFalse();
+		assertThat(this.request.getSession().getAttributeNames().hasMoreElements()).isFalse();
 	}
 
 	@Test
 	public void saveTokenNullTokenWhenSessionNotExists() {
 
-		repo.saveToken(null, request, response);
+		this.repo.saveToken(null, this.request, this.response);
 
-		assertThat(request.getSession(false)).isNull();
+		assertThat(this.request.getSession(false)).isNull();
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void setSessionAttributeNameEmpty() {
-		repo.setSessionAttributeName("");
+		this.repo.setSessionAttributeName("");
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void setSessionAttributeNameNull() {
-		repo.setSessionAttributeName(null);
+		this.repo.setSessionAttributeName(null);
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void setParameterNameEmpty() {
-		repo.setParameterName("");
+		this.repo.setParameterName("");
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void setParameterNameNull() {
-		repo.setParameterName(null);
+		this.repo.setParameterName(null);
 	}
 
 }
diff --git a/web/src/test/java/org/springframework/security/web/debug/DebugFilterTests.java b/web/src/test/java/org/springframework/security/web/debug/DebugFilterTests.java
index 6fdcd455d6..f75efc8e0e 100644
--- a/web/src/test/java/org/springframework/security/web/debug/DebugFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/debug/DebugFilterTests.java
@@ -77,45 +77,45 @@ public class DebugFilterTests {
 
 	@Before
 	public void setUp() {
-		when(request.getHeaderNames()).thenReturn(Collections.enumeration(Collections.<String>emptyList()));
-		when(request.getServletPath()).thenReturn("/login");
-		filter = new DebugFilter(fcp);
-		ReflectionTestUtils.setField(filter, "logger", logger);
-		requestAttr = DebugFilter.ALREADY_FILTERED_ATTR_NAME;
+		when(this.request.getHeaderNames()).thenReturn(Collections.enumeration(Collections.<String>emptyList()));
+		when(this.request.getServletPath()).thenReturn("/login");
+		this.filter = new DebugFilter(this.fcp);
+		ReflectionTestUtils.setField(this.filter, "logger", this.logger);
+		this.requestAttr = DebugFilter.ALREADY_FILTERED_ATTR_NAME;
 	}
 
 	@Test
 	public void doFilterProcessesRequests() throws Exception {
-		filter.doFilter(request, response, filterChain);
+		this.filter.doFilter(this.request, this.response, this.filterChain);
 
-		verify(logger).info(anyString());
-		verify(request).setAttribute(requestAttr, Boolean.TRUE);
-		verify(fcp).doFilter(requestCaptor.capture(), eq(response), eq(filterChain));
-		assertThat(requestCaptor.getValue().getClass()).isEqualTo(DebugRequestWrapper.class);
-		verify(request).removeAttribute(requestAttr);
+		verify(this.logger).info(anyString());
+		verify(this.request).setAttribute(this.requestAttr, Boolean.TRUE);
+		verify(this.fcp).doFilter(this.requestCaptor.capture(), eq(this.response), eq(this.filterChain));
+		assertThat(this.requestCaptor.getValue().getClass()).isEqualTo(DebugRequestWrapper.class);
+		verify(this.request).removeAttribute(this.requestAttr);
 	}
 
 	// SEC-1901
 	@Test
 	public void doFilterProcessesForwardedRequests() throws Exception {
-		when(request.getAttribute(requestAttr)).thenReturn(Boolean.TRUE);
+		when(this.request.getAttribute(this.requestAttr)).thenReturn(Boolean.TRUE);
 		HttpServletRequest request = new DebugRequestWrapper(this.request);
 
-		filter.doFilter(request, response, filterChain);
+		this.filter.doFilter(request, this.response, this.filterChain);
 
-		verify(logger).info(anyString());
-		verify(fcp).doFilter(request, response, filterChain);
-		verify(this.request, never()).removeAttribute(requestAttr);
+		verify(this.logger).info(anyString());
+		verify(this.fcp).doFilter(request, this.response, this.filterChain);
+		verify(this.request, never()).removeAttribute(this.requestAttr);
 	}
 
 	@Test
 	public void doFilterDoesNotWrapWithDebugRequestWrapperAgain() throws Exception {
-		when(request.getAttribute(requestAttr)).thenReturn(Boolean.TRUE);
+		when(this.request.getAttribute(this.requestAttr)).thenReturn(Boolean.TRUE);
 		HttpServletRequest fireWalledRequest = new HttpServletRequestWrapper(new DebugRequestWrapper(this.request));
 
-		filter.doFilter(fireWalledRequest, response, filterChain);
+		this.filter.doFilter(fireWalledRequest, this.response, this.filterChain);
 
-		verify(fcp).doFilter(fireWalledRequest, response, filterChain);
+		verify(this.fcp).doFilter(fireWalledRequest, this.response, this.filterChain);
 	}
 
 	@Test
@@ -128,12 +128,12 @@ public class DebugFilterTests {
 		request.addHeader("A", "Another Value");
 		request.addHeader("B", "B Value");
 
-		filter.doFilter(request, response, filterChain);
+		this.filter.doFilter(request, this.response, this.filterChain);
 
-		verify(logger).info(logCaptor.capture());
+		verify(this.logger).info(this.logCaptor.capture());
 
-		assertThat(logCaptor.getValue()).isEqualTo("Request received for GET '/path/':\n" + "\n" + request + "\n" + "\n"
-				+ "servletPath:/path\n" + "pathInfo:/\n" + "headers: \n" + "A: A Value, Another Value\n"
+		assertThat(this.logCaptor.getValue()).isEqualTo("Request received for GET '/path/':\n" + "\n" + request + "\n"
+				+ "\n" + "servletPath:/path\n" + "pathInfo:/\n" + "headers: \n" + "A: A Value, Another Value\n"
 				+ "B: B Value\n" + "\n" + "\n" + "Security filter chain: no match");
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/firewall/FirewalledResponseTests.java b/web/src/test/java/org/springframework/security/web/firewall/FirewalledResponseTests.java
index 1ffb9e79aa..df0d31f616 100644
--- a/web/src/test/java/org/springframework/security/web/firewall/FirewalledResponseTests.java
+++ b/web/src/test/java/org/springframework/security/web/firewall/FirewalledResponseTests.java
@@ -43,57 +43,57 @@ public class FirewalledResponseTests {
 
 	@Before
 	public void setup() {
-		response = mock(HttpServletResponse.class);
-		fwResponse = new FirewalledResponse(response);
+		this.response = mock(HttpServletResponse.class);
+		this.fwResponse = new FirewalledResponse(this.response);
 	}
 
 	@Test
 	public void sendRedirectWhenValidThenNoException() throws Exception {
-		fwResponse.sendRedirect("/theURL");
+		this.fwResponse.sendRedirect("/theURL");
 
-		verify(response).sendRedirect("/theURL");
+		verify(this.response).sendRedirect("/theURL");
 	}
 
 	@Test
 	public void sendRedirectWhenNullThenDelegateInvoked() throws Exception {
-		fwResponse.sendRedirect(null);
+		this.fwResponse.sendRedirect(null);
 
-		verify(response).sendRedirect(null);
+		verify(this.response).sendRedirect(null);
 	}
 
 	@Test
 	public void sendRedirectWhenHasCrlfThenThrowsException() throws Exception {
 		expectCrlfValidationException();
 
-		fwResponse.sendRedirect("/theURL\r\nsomething");
+		this.fwResponse.sendRedirect("/theURL\r\nsomething");
 	}
 
 	@Test
 	public void addHeaderWhenValidThenDelegateInvoked() {
-		fwResponse.addHeader("foo", "bar");
+		this.fwResponse.addHeader("foo", "bar");
 
-		verify(response).addHeader("foo", "bar");
+		verify(this.response).addHeader("foo", "bar");
 	}
 
 	@Test
 	public void addHeaderWhenNullValueThenDelegateInvoked() {
-		fwResponse.addHeader("foo", null);
+		this.fwResponse.addHeader("foo", null);
 
-		verify(response).addHeader("foo", null);
+		verify(this.response).addHeader("foo", null);
 	}
 
 	@Test
 	public void addHeaderWhenHeaderValueHasCrlfThenException() {
 		expectCrlfValidationException();
 
-		fwResponse.addHeader("foo", "abc\r\nContent-Length:100");
+		this.fwResponse.addHeader("foo", "abc\r\nContent-Length:100");
 	}
 
 	@Test
 	public void addHeaderWhenHeaderNameHasCrlfThenException() {
 		expectCrlfValidationException();
 
-		fwResponse.addHeader("abc\r\nContent-Length:100", "bar");
+		this.fwResponse.addHeader("abc\r\nContent-Length:100", "bar");
 	}
 
 	@Test
@@ -103,16 +103,16 @@ public class FirewalledResponseTests {
 		cookie.setDomain("foobar");
 		cookie.setComment("foobar");
 
-		fwResponse.addCookie(cookie);
+		this.fwResponse.addCookie(cookie);
 
-		verify(response).addCookie(cookie);
+		verify(this.response).addCookie(cookie);
 	}
 
 	@Test
 	public void addCookieWhenNullThenDelegateInvoked() {
-		fwResponse.addCookie(null);
+		this.fwResponse.addCookie(null);
 
-		verify(response).addCookie(null);
+		verify(this.response).addCookie(null);
 	}
 
 	@Test
@@ -127,7 +127,7 @@ public class FirewalledResponseTests {
 		};
 		expectCrlfValidationException();
 
-		fwResponse.addCookie(cookie);
+		this.fwResponse.addCookie(cookie);
 	}
 
 	@Test
@@ -135,7 +135,7 @@ public class FirewalledResponseTests {
 		Cookie cookie = new Cookie("foo", "foo\r\nbar");
 		expectCrlfValidationException();
 
-		fwResponse.addCookie(cookie);
+		this.fwResponse.addCookie(cookie);
 	}
 
 	@Test
@@ -144,7 +144,7 @@ public class FirewalledResponseTests {
 		cookie.setPath("/foo\r\nbar");
 		expectCrlfValidationException();
 
-		fwResponse.addCookie(cookie);
+		this.fwResponse.addCookie(cookie);
 	}
 
 	@Test
@@ -153,7 +153,7 @@ public class FirewalledResponseTests {
 		cookie.setDomain("foo\r\nbar");
 		expectCrlfValidationException();
 
-		fwResponse.addCookie(cookie);
+		this.fwResponse.addCookie(cookie);
 	}
 
 	@Test
@@ -162,7 +162,7 @@ public class FirewalledResponseTests {
 		cookie.setComment("foo\r\nbar");
 		expectCrlfValidationException();
 
-		fwResponse.addCookie(cookie);
+		this.fwResponse.addCookie(cookie);
 	}
 
 	@Test
@@ -177,13 +177,13 @@ public class FirewalledResponseTests {
 	}
 
 	private void expectCrlfValidationException() {
-		expectedException.expect(IllegalArgumentException.class);
-		expectedException.expectMessage("Invalid characters (CR/LF)");
+		this.expectedException.expect(IllegalArgumentException.class);
+		this.expectedException.expectMessage("Invalid characters (CR/LF)");
 	}
 
 	private void validateLineEnding(String name, String value) {
 		try {
-			fwResponse.validateCrlf(name, value);
+			this.fwResponse.validateCrlf(name, value);
 			fail("IllegalArgumentException should have thrown");
 		}
 		catch (IllegalArgumentException expected) {
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/ContentSecurityPolicyHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/ContentSecurityPolicyHeaderWriterTests.java
index b57993c4e5..5deaa5c785 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/ContentSecurityPolicyHeaderWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/ContentSecurityPolicyHeaderWriterTests.java
@@ -43,27 +43,27 @@ public class ContentSecurityPolicyHeaderWriterTests {
 
 	@Before
 	public void setup() {
-		request = new MockHttpServletRequest();
-		request.setSecure(true);
-		response = new MockHttpServletResponse();
-		writer = new ContentSecurityPolicyHeaderWriter(DEFAULT_POLICY_DIRECTIVES);
+		this.request = new MockHttpServletRequest();
+		this.request.setSecure(true);
+		this.response = new MockHttpServletResponse();
+		this.writer = new ContentSecurityPolicyHeaderWriter(DEFAULT_POLICY_DIRECTIVES);
 	}
 
 	@Test
 	public void writeHeadersWhenNoPolicyDirectivesThenUsesDefault() {
 		ContentSecurityPolicyHeaderWriter noPolicyWriter = new ContentSecurityPolicyHeaderWriter();
-		noPolicyWriter.writeHeaders(request, response);
+		noPolicyWriter.writeHeaders(this.request, this.response);
 
-		assertThat(response.getHeaderNames()).hasSize(1);
-		assertThat(response.getHeader("Content-Security-Policy")).isEqualTo(DEFAULT_POLICY_DIRECTIVES);
+		assertThat(this.response.getHeaderNames()).hasSize(1);
+		assertThat(this.response.getHeader("Content-Security-Policy")).isEqualTo(DEFAULT_POLICY_DIRECTIVES);
 	}
 
 	@Test
 	public void writeHeadersContentSecurityPolicyDefault() {
-		writer.writeHeaders(request, response);
+		this.writer.writeHeaders(this.request, this.response);
 
-		assertThat(response.getHeaderNames()).hasSize(1);
-		assertThat(response.getHeader("Content-Security-Policy")).isEqualTo(DEFAULT_POLICY_DIRECTIVES);
+		assertThat(this.response.getHeaderNames()).hasSize(1);
+		assertThat(this.response.getHeader("Content-Security-Policy")).isEqualTo(DEFAULT_POLICY_DIRECTIVES);
 	}
 
 	@Test
@@ -71,48 +71,48 @@ public class ContentSecurityPolicyHeaderWriterTests {
 		String policyDirectives = "default-src 'self'; " + "object-src plugins1.example.com plugins2.example.com; "
 				+ "script-src trustedscripts.example.com";
 
-		writer = new ContentSecurityPolicyHeaderWriter(policyDirectives);
-		writer.writeHeaders(request, response);
+		this.writer = new ContentSecurityPolicyHeaderWriter(policyDirectives);
+		this.writer.writeHeaders(this.request, this.response);
 
-		assertThat(response.getHeaderNames()).hasSize(1);
-		assertThat(response.getHeader("Content-Security-Policy")).isEqualTo(policyDirectives);
+		assertThat(this.response.getHeaderNames()).hasSize(1);
+		assertThat(this.response.getHeader("Content-Security-Policy")).isEqualTo(policyDirectives);
 	}
 
 	@Test
 	public void writeHeadersWhenNoPolicyDirectivesReportOnlyThenUsesDefault() {
 		ContentSecurityPolicyHeaderWriter noPolicyWriter = new ContentSecurityPolicyHeaderWriter();
-		writer.setReportOnly(true);
-		noPolicyWriter.writeHeaders(request, response);
+		this.writer.setReportOnly(true);
+		noPolicyWriter.writeHeaders(this.request, this.response);
 
-		assertThat(response.getHeaderNames()).hasSize(1);
-		assertThat(response.getHeader("Content-Security-Policy")).isEqualTo(DEFAULT_POLICY_DIRECTIVES);
+		assertThat(this.response.getHeaderNames()).hasSize(1);
+		assertThat(this.response.getHeader("Content-Security-Policy")).isEqualTo(DEFAULT_POLICY_DIRECTIVES);
 	}
 
 	@Test
 	public void writeHeadersContentSecurityPolicyReportOnlyDefault() {
-		writer.setReportOnly(true);
-		writer.writeHeaders(request, response);
+		this.writer.setReportOnly(true);
+		this.writer.writeHeaders(this.request, this.response);
 
-		assertThat(response.getHeaderNames()).hasSize(1);
-		assertThat(response.getHeader("Content-Security-Policy-Report-Only")).isEqualTo(DEFAULT_POLICY_DIRECTIVES);
+		assertThat(this.response.getHeaderNames()).hasSize(1);
+		assertThat(this.response.getHeader("Content-Security-Policy-Report-Only")).isEqualTo(DEFAULT_POLICY_DIRECTIVES);
 	}
 
 	@Test
 	public void writeHeadersContentSecurityPolicyReportOnlyCustom() {
 		String policyDirectives = "default-src https:; report-uri https://example.com/";
 
-		writer = new ContentSecurityPolicyHeaderWriter(policyDirectives);
-		writer.setReportOnly(true);
-		writer.writeHeaders(request, response);
+		this.writer = new ContentSecurityPolicyHeaderWriter(policyDirectives);
+		this.writer.setReportOnly(true);
+		this.writer.writeHeaders(this.request, this.response);
 
-		assertThat(response.getHeaderNames()).hasSize(1);
-		assertThat(response.getHeader("Content-Security-Policy-Report-Only")).isEqualTo(policyDirectives);
+		assertThat(this.response.getHeaderNames()).hasSize(1);
+		assertThat(this.response.getHeader("Content-Security-Policy-Report-Only")).isEqualTo(policyDirectives);
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void writeHeadersContentSecurityPolicyInvalid() {
-		writer = new ContentSecurityPolicyHeaderWriter("");
-		writer = new ContentSecurityPolicyHeaderWriter(null);
+		this.writer = new ContentSecurityPolicyHeaderWriter("");
+		this.writer = new ContentSecurityPolicyHeaderWriter(null);
 	}
 
 	@Test
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/DelegatingRequestMatcherHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/DelegatingRequestMatcherHeaderWriterTests.java
index f37f8510eb..f80b2cafef 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/DelegatingRequestMatcherHeaderWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/DelegatingRequestMatcherHeaderWriterTests.java
@@ -51,37 +51,37 @@ public class DelegatingRequestMatcherHeaderWriterTests {
 
 	@Before
 	public void setup() {
-		request = new MockHttpServletRequest();
-		response = new MockHttpServletResponse();
-		headerWriter = new DelegatingRequestMatcherHeaderWriter(matcher, delegate);
+		this.request = new MockHttpServletRequest();
+		this.response = new MockHttpServletResponse();
+		this.headerWriter = new DelegatingRequestMatcherHeaderWriter(this.matcher, this.delegate);
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void constructorNullRequestMatcher() {
-		new DelegatingRequestMatcherHeaderWriter(null, delegate);
+		new DelegatingRequestMatcherHeaderWriter(null, this.delegate);
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void constructorNullDelegate() {
-		new DelegatingRequestMatcherHeaderWriter(matcher, null);
+		new DelegatingRequestMatcherHeaderWriter(this.matcher, null);
 	}
 
 	@Test
 	public void writeHeadersOnMatch() {
-		when(matcher.matches(request)).thenReturn(true);
+		when(this.matcher.matches(this.request)).thenReturn(true);
 
-		headerWriter.writeHeaders(request, response);
+		this.headerWriter.writeHeaders(this.request, this.response);
 
-		verify(delegate).writeHeaders(request, response);
+		verify(this.delegate).writeHeaders(this.request, this.response);
 	}
 
 	@Test
 	public void writeHeadersOnNoMatch() {
-		when(matcher.matches(request)).thenReturn(false);
+		when(this.matcher.matches(this.request)).thenReturn(false);
 
-		headerWriter.writeHeaders(request, response);
+		this.headerWriter.writeHeaders(this.request, this.response);
 
-		verify(delegate, times(0)).writeHeaders(request, response);
+		verify(this.delegate, times(0)).writeHeaders(this.request, this.response);
 	}
 
 }
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/FeaturePolicyHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/FeaturePolicyHeaderWriterTests.java
index 9639c5f0a9..00454d0459 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/FeaturePolicyHeaderWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/FeaturePolicyHeaderWriterTests.java
@@ -52,7 +52,7 @@ public class FeaturePolicyHeaderWriterTests {
 
 	@Test
 	public void writeHeadersFeaturePolicyDefault() {
-		writer.writeHeaders(this.request, this.response);
+		this.writer.writeHeaders(this.request, this.response);
 
 		assertThat(this.response.getHeaderNames()).hasSize(1);
 		assertThat(this.response.getHeader("Feature-Policy")).isEqualTo(DEFAULT_POLICY_DIRECTIVES);
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/HpkpHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/HpkpHeaderWriterTests.java
index 9e0e1a75b5..a3386c5734 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/HpkpHeaderWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/HpkpHeaderWriterTests.java
@@ -55,154 +55,154 @@ public class HpkpHeaderWriterTests {
 
 	@Before
 	public void setup() {
-		request = new MockHttpServletRequest();
-		response = new MockHttpServletResponse();
+		this.request = new MockHttpServletRequest();
+		this.response = new MockHttpServletResponse();
 
-		writer = new HpkpHeaderWriter();
+		this.writer = new HpkpHeaderWriter();
 
 		Map<String, String> defaultPins = new LinkedHashMap<>();
 		defaultPins.put("d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=", "sha256");
 
-		writer.setPins(defaultPins);
+		this.writer.setPins(defaultPins);
 
-		request.setSecure(true);
+		this.request.setSecure(true);
 	}
 
 	@Test
 	public void writeHeadersDefaultValues() {
-		writer.writeHeaders(request, response);
+		this.writer.writeHeaders(this.request, this.response);
 
-		assertThat(response.getHeaderNames()).hasSize(1);
-		assertThat(response.getHeader("Public-Key-Pins-Report-Only"))
+		assertThat(this.response.getHeaderNames()).hasSize(1);
+		assertThat(this.response.getHeader("Public-Key-Pins-Report-Only"))
 				.isEqualTo("max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\"");
 	}
 
 	@Test
 	public void maxAgeCustomConstructorWriteHeaders() {
-		writer = new HpkpHeaderWriter(2592000);
-		writer.setPins(DEFAULT_PINS);
+		this.writer = new HpkpHeaderWriter(2592000);
+		this.writer.setPins(DEFAULT_PINS);
 
-		writer.writeHeaders(request, response);
+		this.writer.writeHeaders(this.request, this.response);
 
-		assertThat(response.getHeaderNames()).hasSize(1);
-		assertThat(response.getHeader("Public-Key-Pins-Report-Only"))
+		assertThat(this.response.getHeaderNames()).hasSize(1);
+		assertThat(this.response.getHeader("Public-Key-Pins-Report-Only"))
 				.isEqualTo("max-age=2592000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\"");
 	}
 
 	@Test
 	public void maxAgeAndIncludeSubdomainsCustomConstructorWriteHeaders() {
-		writer = new HpkpHeaderWriter(2592000, true);
-		writer.setPins(DEFAULT_PINS);
+		this.writer = new HpkpHeaderWriter(2592000, true);
+		this.writer.setPins(DEFAULT_PINS);
 
-		writer.writeHeaders(request, response);
+		this.writer.writeHeaders(this.request, this.response);
 
-		assertThat(response.getHeaderNames()).hasSize(1);
-		assertThat(response.getHeader("Public-Key-Pins-Report-Only")).isEqualTo(
+		assertThat(this.response.getHeaderNames()).hasSize(1);
+		assertThat(this.response.getHeader("Public-Key-Pins-Report-Only")).isEqualTo(
 				"max-age=2592000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\" ; includeSubDomains");
 	}
 
 	@Test
 	public void allArgsCustomConstructorWriteHeaders() {
-		writer = new HpkpHeaderWriter(2592000, true, false);
-		writer.setPins(DEFAULT_PINS);
+		this.writer = new HpkpHeaderWriter(2592000, true, false);
+		this.writer.setPins(DEFAULT_PINS);
 
-		writer.writeHeaders(request, response);
+		this.writer.writeHeaders(this.request, this.response);
 
-		assertThat(response.getHeaderNames()).hasSize(1);
-		assertThat(response.getHeader("Public-Key-Pins")).isEqualTo(
+		assertThat(this.response.getHeaderNames()).hasSize(1);
+		assertThat(this.response.getHeader("Public-Key-Pins")).isEqualTo(
 				"max-age=2592000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\" ; includeSubDomains");
 	}
 
 	@Test
 	public void writeHeadersCustomMaxAgeInSeconds() {
-		writer.setMaxAgeInSeconds(2592000);
+		this.writer.setMaxAgeInSeconds(2592000);
 
-		writer.writeHeaders(request, response);
+		this.writer.writeHeaders(this.request, this.response);
 
-		assertThat(response.getHeaderNames()).hasSize(1);
-		assertThat(response.getHeader("Public-Key-Pins-Report-Only"))
+		assertThat(this.response.getHeaderNames()).hasSize(1);
+		assertThat(this.response.getHeader("Public-Key-Pins-Report-Only"))
 				.isEqualTo("max-age=2592000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\"");
 	}
 
 	@Test
 	public void writeHeadersIncludeSubDomains() {
-		writer.setIncludeSubDomains(true);
+		this.writer.setIncludeSubDomains(true);
 
-		writer.writeHeaders(request, response);
+		this.writer.writeHeaders(this.request, this.response);
 
-		assertThat(response.getHeaderNames()).hasSize(1);
-		assertThat(response.getHeader("Public-Key-Pins-Report-Only")).isEqualTo(
+		assertThat(this.response.getHeaderNames()).hasSize(1);
+		assertThat(this.response.getHeader("Public-Key-Pins-Report-Only")).isEqualTo(
 				"max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\" ; includeSubDomains");
 	}
 
 	@Test
 	public void writeHeadersTerminateConnection() {
-		writer.setReportOnly(false);
+		this.writer.setReportOnly(false);
 
-		writer.writeHeaders(request, response);
+		this.writer.writeHeaders(this.request, this.response);
 
-		assertThat(response.getHeaderNames()).hasSize(1);
-		assertThat(response.getHeader("Public-Key-Pins"))
+		assertThat(this.response.getHeaderNames()).hasSize(1);
+		assertThat(this.response.getHeader("Public-Key-Pins"))
 				.isEqualTo("max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\"");
 	}
 
 	@Test
 	public void writeHeadersTerminateConnectionWithURI() throws URISyntaxException {
-		writer.setReportOnly(false);
-		writer.setReportUri(new URI("https://example.com/pkp-report"));
+		this.writer.setReportOnly(false);
+		this.writer.setReportUri(new URI("https://example.com/pkp-report"));
 
-		writer.writeHeaders(request, response);
+		this.writer.writeHeaders(this.request, this.response);
 
-		assertThat(response.getHeaderNames()).hasSize(1);
-		assertThat(response.getHeader("Public-Key-Pins")).isEqualTo(
+		assertThat(this.response.getHeaderNames()).hasSize(1);
+		assertThat(this.response.getHeader("Public-Key-Pins")).isEqualTo(
 				"max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\" ; report-uri=\"https://example.com/pkp-report\"");
 	}
 
 	@Test
 	public void writeHeadersTerminateConnectionWithURIAsString() {
-		writer.setReportOnly(false);
-		writer.setReportUri("https://example.com/pkp-report");
+		this.writer.setReportOnly(false);
+		this.writer.setReportUri("https://example.com/pkp-report");
 
-		writer.writeHeaders(request, response);
+		this.writer.writeHeaders(this.request, this.response);
 
-		assertThat(response.getHeaderNames()).hasSize(1);
-		assertThat(response.getHeader("Public-Key-Pins")).isEqualTo(
+		assertThat(this.response.getHeaderNames()).hasSize(1);
+		assertThat(this.response.getHeader("Public-Key-Pins")).isEqualTo(
 				"max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\" ; report-uri=\"https://example.com/pkp-report\"");
 	}
 
 	@Test
 	public void writeHeadersAddSha256Pins() {
-		writer.addSha256Pins("d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=",
+		this.writer.addSha256Pins("d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=",
 				"E9CZ9INDbd+2eRQozYqqbQ2yXLVKB9+xcprMF+44U1g=");
-		writer.writeHeaders(request, response);
+		this.writer.writeHeaders(this.request, this.response);
 
-		assertThat(response.getHeaderNames()).hasSize(1);
-		assertThat(response.getHeader("Public-Key-Pins-Report-Only")).isEqualTo(
+		assertThat(this.response.getHeaderNames()).hasSize(1);
+		assertThat(this.response.getHeader("Public-Key-Pins-Report-Only")).isEqualTo(
 				"max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\" ; pin-sha256=\"E9CZ9INDbd+2eRQozYqqbQ2yXLVKB9+xcprMF+44U1g=\"");
 	}
 
 	@Test
 	public void writeHeadersInsecureRequestDoesNotWriteHeader() {
-		request.setSecure(false);
+		this.request.setSecure(false);
 
-		writer.writeHeaders(request, response);
+		this.writer.writeHeaders(this.request, this.response);
 
-		assertThat(response.getHeaderNames()).isEmpty();
+		assertThat(this.response.getHeaderNames()).isEmpty();
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void setMaxAgeInSecondsToNegative() {
-		writer.setMaxAgeInSeconds(-1);
+		this.writer.setMaxAgeInSeconds(-1);
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void addSha256PinsWithNullPin() {
-		writer.addSha256Pins("d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=", null);
+		this.writer.addSha256Pins("d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=", null);
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void setIncorrectReportUri() {
-		writer.setReportUri("some url here...");
+		this.writer.setReportUri("some url here...");
 	}
 
 	@Test
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/HstsHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/HstsHeaderWriterTests.java
index d762e8d46e..0129af05a3 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/HstsHeaderWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/HstsHeaderWriterTests.java
@@ -41,111 +41,114 @@ public class HstsHeaderWriterTests {
 
 	@Before
 	public void setup() {
-		request = new MockHttpServletRequest();
-		request.setSecure(true);
-		response = new MockHttpServletResponse();
+		this.request = new MockHttpServletRequest();
+		this.request.setSecure(true);
+		this.response = new MockHttpServletResponse();
 
-		writer = new HstsHeaderWriter();
+		this.writer = new HstsHeaderWriter();
 	}
 
 	@Test
 	public void allArgsCustomConstructorWriteHeaders() {
-		request.setSecure(false);
-		writer = new HstsHeaderWriter(AnyRequestMatcher.INSTANCE, 15768000, false);
+		this.request.setSecure(false);
+		this.writer = new HstsHeaderWriter(AnyRequestMatcher.INSTANCE, 15768000, false);
 
-		writer.writeHeaders(request, response);
+		this.writer.writeHeaders(this.request, this.response);
 
-		assertThat(response.getHeaderNames()).hasSize(1);
-		assertThat(response.getHeader("Strict-Transport-Security")).isEqualTo("max-age=15768000");
+		assertThat(this.response.getHeaderNames()).hasSize(1);
+		assertThat(this.response.getHeader("Strict-Transport-Security")).isEqualTo("max-age=15768000");
 	}
 
 	@Test
 	public void maxAgeAndIncludeSubdomainsCustomConstructorWriteHeaders() {
-		request.setSecure(false);
-		writer = new HstsHeaderWriter(AnyRequestMatcher.INSTANCE, 15768000, false);
+		this.request.setSecure(false);
+		this.writer = new HstsHeaderWriter(AnyRequestMatcher.INSTANCE, 15768000, false);
 
-		writer.writeHeaders(request, response);
+		this.writer.writeHeaders(this.request, this.response);
 
-		assertThat(response.getHeaderNames()).hasSize(1);
-		assertThat(response.getHeader("Strict-Transport-Security")).isEqualTo("max-age=15768000");
+		assertThat(this.response.getHeaderNames()).hasSize(1);
+		assertThat(this.response.getHeader("Strict-Transport-Security")).isEqualTo("max-age=15768000");
 	}
 
 	@Test
 	public void maxAgeCustomConstructorWriteHeaders() {
-		writer = new HstsHeaderWriter(15768000);
+		this.writer = new HstsHeaderWriter(15768000);
 
-		writer.writeHeaders(request, response);
+		this.writer.writeHeaders(this.request, this.response);
 
-		assertThat(response.getHeaderNames()).hasSize(1);
-		assertThat(response.getHeader("Strict-Transport-Security")).isEqualTo("max-age=15768000 ; includeSubDomains");
+		assertThat(this.response.getHeaderNames()).hasSize(1);
+		assertThat(this.response.getHeader("Strict-Transport-Security"))
+				.isEqualTo("max-age=15768000 ; includeSubDomains");
 	}
 
 	@Test
 	public void includeSubDomainsCustomConstructorWriteHeaders() {
-		writer = new HstsHeaderWriter(false);
+		this.writer = new HstsHeaderWriter(false);
 
-		writer.writeHeaders(request, response);
+		this.writer.writeHeaders(this.request, this.response);
 
-		assertThat(response.getHeaderNames()).hasSize(1);
-		assertThat(response.getHeader("Strict-Transport-Security")).isEqualTo("max-age=31536000");
+		assertThat(this.response.getHeaderNames()).hasSize(1);
+		assertThat(this.response.getHeader("Strict-Transport-Security")).isEqualTo("max-age=31536000");
 	}
 
 	@Test
 	public void writeHeadersDefaultValues() {
-		writer.writeHeaders(request, response);
+		this.writer.writeHeaders(this.request, this.response);
 
-		assertThat(response.getHeaderNames()).hasSize(1);
-		assertThat(response.getHeader("Strict-Transport-Security")).isEqualTo("max-age=31536000 ; includeSubDomains");
+		assertThat(this.response.getHeaderNames()).hasSize(1);
+		assertThat(this.response.getHeader("Strict-Transport-Security"))
+				.isEqualTo("max-age=31536000 ; includeSubDomains");
 	}
 
 	@Test
 	public void writeHeadersIncludeSubDomainsFalse() {
-		writer.setIncludeSubDomains(false);
+		this.writer.setIncludeSubDomains(false);
 
-		writer.writeHeaders(request, response);
+		this.writer.writeHeaders(this.request, this.response);
 
-		assertThat(response.getHeaderNames()).hasSize(1);
-		assertThat(response.getHeader("Strict-Transport-Security")).isEqualTo("max-age=31536000");
+		assertThat(this.response.getHeaderNames()).hasSize(1);
+		assertThat(this.response.getHeader("Strict-Transport-Security")).isEqualTo("max-age=31536000");
 	}
 
 	@Test
 	public void writeHeadersCustomMaxAgeInSeconds() {
-		writer.setMaxAgeInSeconds(1);
+		this.writer.setMaxAgeInSeconds(1);
 
-		writer.writeHeaders(request, response);
+		this.writer.writeHeaders(this.request, this.response);
 
-		assertThat(response.getHeaderNames()).hasSize(1);
-		assertThat(response.getHeader("Strict-Transport-Security")).isEqualTo("max-age=1 ; includeSubDomains");
+		assertThat(this.response.getHeaderNames()).hasSize(1);
+		assertThat(this.response.getHeader("Strict-Transport-Security")).isEqualTo("max-age=1 ; includeSubDomains");
 	}
 
 	@Test
 	public void writeHeadersInsecureRequestDoesNotWriteHeader() {
-		request.setSecure(false);
+		this.request.setSecure(false);
 
-		writer.writeHeaders(request, response);
+		this.writer.writeHeaders(this.request, this.response);
 
-		assertThat(response.getHeaderNames().isEmpty()).isTrue();
+		assertThat(this.response.getHeaderNames().isEmpty()).isTrue();
 	}
 
 	@Test
 	public void writeHeadersAnyRequestMatcher() {
-		writer.setRequestMatcher(AnyRequestMatcher.INSTANCE);
-		request.setSecure(false);
+		this.writer.setRequestMatcher(AnyRequestMatcher.INSTANCE);
+		this.request.setSecure(false);
 
-		writer.writeHeaders(request, response);
+		this.writer.writeHeaders(this.request, this.response);
 
-		assertThat(response.getHeaderNames()).hasSize(1);
-		assertThat(response.getHeader("Strict-Transport-Security")).isEqualTo("max-age=31536000 ; includeSubDomains");
+		assertThat(this.response.getHeaderNames()).hasSize(1);
+		assertThat(this.response.getHeader("Strict-Transport-Security"))
+				.isEqualTo("max-age=31536000 ; includeSubDomains");
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void setMaxAgeInSecondsToNegative() {
-		writer.setMaxAgeInSeconds(-1);
+		this.writer.setMaxAgeInSeconds(-1);
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void setRequestMatcherToNull() {
-		writer.setRequestMatcher(null);
+		this.writer.setRequestMatcher(null);
 	}
 
 	@Test
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/ReferrerPolicyHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/ReferrerPolicyHeaderWriterTests.java
index f51bd14cb2..01eb4b6cec 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/ReferrerPolicyHeaderWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/ReferrerPolicyHeaderWriterTests.java
@@ -53,7 +53,7 @@ public class ReferrerPolicyHeaderWriterTests {
 		this.writer.writeHeaders(this.request, this.response);
 
 		assertThat(this.response.getHeaderNames()).hasSize(1);
-		assertThat(this.response.getHeader("Referrer-Policy")).isEqualTo(DEFAULT_REFERRER_POLICY);
+		assertThat(this.response.getHeader("Referrer-Policy")).isEqualTo(this.DEFAULT_REFERRER_POLICY);
 	}
 
 	@Test
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/StaticHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/StaticHeaderWriterTests.java
index eeb8c1ba9a..1a502e56d6 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/StaticHeaderWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/StaticHeaderWriterTests.java
@@ -43,8 +43,8 @@ public class StaticHeaderWriterTests {
 
 	@Before
 	public void setup() {
-		request = new MockHttpServletRequest();
-		response = new MockHttpServletResponse();
+		this.request = new MockHttpServletRequest();
+		this.response = new MockHttpServletResponse();
 	}
 
 	@Test(expected = IllegalArgumentException.class)
@@ -78,8 +78,8 @@ public class StaticHeaderWriterTests {
 		String headerValue = "foo";
 		StaticHeadersWriter factory = new StaticHeadersWriter(headerName, headerValue);
 
-		factory.writeHeaders(request, response);
-		assertThat(response.getHeaderValues(headerName)).isEqualTo(Arrays.asList(headerValue));
+		factory.writeHeaders(this.request, this.response);
+		assertThat(this.response.getHeaderValues(headerName)).isEqualTo(Arrays.asList(headerValue));
 	}
 
 	@Test
@@ -88,11 +88,11 @@ public class StaticHeaderWriterTests {
 		Header cacheControl = new Header("Cache-Control", "no-cache", "no-store", "must-revalidate");
 		StaticHeadersWriter factory = new StaticHeadersWriter(Arrays.asList(pragma, cacheControl));
 
-		factory.writeHeaders(request, response);
+		factory.writeHeaders(this.request, this.response);
 
-		assertThat(response.getHeaderNames()).hasSize(2);
-		assertThat(response.getHeaderValues(pragma.getName())).isEqualTo(pragma.getValues());
-		assertThat(response.getHeaderValues(cacheControl.getName())).isEqualTo(cacheControl.getValues());
+		assertThat(this.response.getHeaderNames()).hasSize(2);
+		assertThat(this.response.getHeaderValues(pragma.getName())).isEqualTo(pragma.getValues());
+		assertThat(this.response.getHeaderValues(cacheControl.getName())).isEqualTo(cacheControl.getValues());
 	}
 
 	@Test
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/XContentTypeOptionsHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/XContentTypeOptionsHeaderWriterTests.java
index 92141c4e00..41ec5a4d14 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/XContentTypeOptionsHeaderWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/XContentTypeOptionsHeaderWriterTests.java
@@ -37,17 +37,17 @@ public class XContentTypeOptionsHeaderWriterTests {
 
 	@Before
 	public void setup() {
-		request = new MockHttpServletRequest();
-		response = new MockHttpServletResponse();
-		writer = new XContentTypeOptionsHeaderWriter();
+		this.request = new MockHttpServletRequest();
+		this.response = new MockHttpServletResponse();
+		this.writer = new XContentTypeOptionsHeaderWriter();
 	}
 
 	@Test
 	public void writeHeaders() {
-		writer.writeHeaders(request, response);
+		this.writer.writeHeaders(this.request, this.response);
 
-		assertThat(response.getHeaderNames()).hasSize(1);
-		assertThat(response.getHeaderValues("X-Content-Type-Options")).containsExactly("nosniff");
+		assertThat(this.response.getHeaderNames()).hasSize(1);
+		assertThat(this.response.getHeaderValues("X-Content-Type-Options")).containsExactly("nosniff");
 	}
 
 }
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/XXssProtectionHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/XXssProtectionHeaderWriterTests.java
index 98ba297a54..7cfe28314f 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/XXssProtectionHeaderWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/XXssProtectionHeaderWriterTests.java
@@ -40,56 +40,56 @@ public class XXssProtectionHeaderWriterTests {
 
 	@Before
 	public void setup() {
-		request = new MockHttpServletRequest();
-		response = new MockHttpServletResponse();
-		writer = new XXssProtectionHeaderWriter();
+		this.request = new MockHttpServletRequest();
+		this.response = new MockHttpServletResponse();
+		this.writer = new XXssProtectionHeaderWriter();
 	}
 
 	@Test
 	public void writeHeaders() {
-		writer.writeHeaders(request, response);
+		this.writer.writeHeaders(this.request, this.response);
 
-		assertThat(response.getHeaderNames()).hasSize(1);
-		assertThat(response.getHeaderValues("X-XSS-Protection")).containsOnly("1; mode=block");
+		assertThat(this.response.getHeaderNames()).hasSize(1);
+		assertThat(this.response.getHeaderValues("X-XSS-Protection")).containsOnly("1; mode=block");
 	}
 
 	@Test
 	public void writeHeadersNoBlock() {
-		writer.setBlock(false);
+		this.writer.setBlock(false);
 
-		writer.writeHeaders(request, response);
+		this.writer.writeHeaders(this.request, this.response);
 
-		assertThat(response.getHeaderNames()).hasSize(1);
-		assertThat(response.getHeaderValues("X-XSS-Protection")).containsOnly("1");
+		assertThat(this.response.getHeaderNames()).hasSize(1);
+		assertThat(this.response.getHeaderValues("X-XSS-Protection")).containsOnly("1");
 	}
 
 	@Test
 	public void writeHeadersDisabled() {
-		writer.setBlock(false);
-		writer.setEnabled(false);
+		this.writer.setBlock(false);
+		this.writer.setEnabled(false);
 
-		writer.writeHeaders(request, response);
+		this.writer.writeHeaders(this.request, this.response);
 
-		assertThat(response.getHeaderNames()).hasSize(1);
-		assertThat(response.getHeaderValues("X-XSS-Protection")).containsOnly("0");
+		assertThat(this.response.getHeaderNames()).hasSize(1);
+		assertThat(this.response.getHeaderValues("X-XSS-Protection")).containsOnly("0");
 	}
 
 	@Test
 	public void setEnabledFalseWithBlockTrue() {
-		writer.setEnabled(false);
+		this.writer.setEnabled(false);
 
-		writer.writeHeaders(request, response);
+		this.writer.writeHeaders(this.request, this.response);
 
-		assertThat(response.getHeaderNames()).hasSize(1);
-		assertThat(response.getHeaderValues("X-XSS-Protection")).containsOnly("0");
+		assertThat(this.response.getHeaderNames()).hasSize(1);
+		assertThat(this.response.getHeaderValues("X-XSS-Protection")).containsOnly("0");
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void setBlockTrueWithEnabledFalse() {
-		writer.setBlock(false);
-		writer.setEnabled(false);
+		this.writer.setBlock(false);
+		this.writer.setEnabled(false);
 
-		writer.setBlock(true);
+		this.writer.setBlock(true);
 	}
 
 	@Test
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/AbstractRequestParameterAllowFromStrategyTests.java b/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/AbstractRequestParameterAllowFromStrategyTests.java
index f8fa7300a8..c01dba9c8d 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/AbstractRequestParameterAllowFromStrategyTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/AbstractRequestParameterAllowFromStrategyTests.java
@@ -32,50 +32,50 @@ public class AbstractRequestParameterAllowFromStrategyTests {
 
 	@Before
 	public void setup() {
-		request = new MockHttpServletRequest();
+		this.request = new MockHttpServletRequest();
 	}
 
 	@Test
 	public void nullAllowFromParameterValue() {
 		RequestParameterAllowFromStrategyStub strategy = new RequestParameterAllowFromStrategyStub(true);
 
-		assertThat(strategy.getAllowFromValue(request)).isEqualTo("DENY");
+		assertThat(strategy.getAllowFromValue(this.request)).isEqualTo("DENY");
 	}
 
 	@Test
 	public void emptyAllowFromParameterValue() {
-		request.setParameter("x-frames-allow-from", "");
+		this.request.setParameter("x-frames-allow-from", "");
 		RequestParameterAllowFromStrategyStub strategy = new RequestParameterAllowFromStrategyStub(true);
 
-		assertThat(strategy.getAllowFromValue(request)).isEqualTo("DENY");
+		assertThat(strategy.getAllowFromValue(this.request)).isEqualTo("DENY");
 	}
 
 	@Test
 	public void emptyAllowFromCustomParameterValue() {
 		String customParam = "custom";
-		request.setParameter(customParam, "");
+		this.request.setParameter(customParam, "");
 		RequestParameterAllowFromStrategyStub strategy = new RequestParameterAllowFromStrategyStub(true);
 		strategy.setAllowFromParameterName(customParam);
 
-		assertThat(strategy.getAllowFromValue(request)).isEqualTo("DENY");
+		assertThat(strategy.getAllowFromValue(this.request)).isEqualTo("DENY");
 	}
 
 	@Test
 	public void allowFromParameterValueAllowed() {
 		String value = "https://example.com";
-		request.setParameter("x-frames-allow-from", value);
+		this.request.setParameter("x-frames-allow-from", value);
 		RequestParameterAllowFromStrategyStub strategy = new RequestParameterAllowFromStrategyStub(true);
 
-		assertThat(strategy.getAllowFromValue(request)).isEqualTo(value);
+		assertThat(strategy.getAllowFromValue(this.request)).isEqualTo(value);
 	}
 
 	@Test
 	public void allowFromParameterValueDenied() {
 		String value = "https://example.com";
-		request.setParameter("x-frames-allow-from", value);
+		this.request.setParameter("x-frames-allow-from", value);
 		RequestParameterAllowFromStrategyStub strategy = new RequestParameterAllowFromStrategyStub(false);
 
-		assertThat(strategy.getAllowFromValue(request)).isEqualTo("DENY");
+		assertThat(strategy.getAllowFromValue(this.request)).isEqualTo("DENY");
 	}
 
 	private static class RequestParameterAllowFromStrategyStub extends AbstractRequestParameterAllowFromStrategy {
@@ -88,7 +88,7 @@ public class AbstractRequestParameterAllowFromStrategyTests {
 
 		@Override
 		protected boolean allowed(String allowFromOrigin) {
-			return match;
+			return this.match;
 		}
 
 	}
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/FrameOptionsHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/FrameOptionsHeaderWriterTests.java
index deeb9dc7ba..52fc10499f 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/FrameOptionsHeaderWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/FrameOptionsHeaderWriterTests.java
@@ -46,8 +46,8 @@ public class FrameOptionsHeaderWriterTests {
 
 	@Before
 	public void setup() {
-		request = new MockHttpServletRequest();
-		response = new MockHttpServletResponse();
+		this.request = new MockHttpServletRequest();
+		this.response = new MockHttpServletResponse();
 	}
 
 	@Test(expected = IllegalArgumentException.class)
@@ -67,56 +67,56 @@ public class FrameOptionsHeaderWriterTests {
 
 	@Test
 	public void writeHeadersAllowFromReturnsNull() {
-		writer = new XFrameOptionsHeaderWriter(strategy);
+		this.writer = new XFrameOptionsHeaderWriter(this.strategy);
 
-		writer.writeHeaders(request, response);
+		this.writer.writeHeaders(this.request, this.response);
 
-		assertThat(response.getHeaderNames().isEmpty()).isTrue();
+		assertThat(this.response.getHeaderNames().isEmpty()).isTrue();
 	}
 
 	@Test
 	public void writeHeadersAllowFrom() {
 		String allowFromValue = "https://example.com/";
-		when(strategy.getAllowFromValue(request)).thenReturn(allowFromValue);
-		writer = new XFrameOptionsHeaderWriter(strategy);
+		when(this.strategy.getAllowFromValue(this.request)).thenReturn(allowFromValue);
+		this.writer = new XFrameOptionsHeaderWriter(this.strategy);
 
-		writer.writeHeaders(request, response);
+		this.writer.writeHeaders(this.request, this.response);
 
-		assertThat(response.getHeaderNames()).hasSize(1);
-		assertThat(response.getHeader(XFrameOptionsHeaderWriter.XFRAME_OPTIONS_HEADER))
+		assertThat(this.response.getHeaderNames()).hasSize(1);
+		assertThat(this.response.getHeader(XFrameOptionsHeaderWriter.XFRAME_OPTIONS_HEADER))
 				.isEqualTo("ALLOW-FROM " + allowFromValue);
 	}
 
 	@Test
 	public void writeHeadersDeny() {
-		writer = new XFrameOptionsHeaderWriter(XFrameOptionsMode.DENY);
+		this.writer = new XFrameOptionsHeaderWriter(XFrameOptionsMode.DENY);
 
-		writer.writeHeaders(request, response);
+		this.writer.writeHeaders(this.request, this.response);
 
-		assertThat(response.getHeaderNames()).hasSize(1);
-		assertThat(response.getHeader(XFrameOptionsHeaderWriter.XFRAME_OPTIONS_HEADER)).isEqualTo("DENY");
+		assertThat(this.response.getHeaderNames()).hasSize(1);
+		assertThat(this.response.getHeader(XFrameOptionsHeaderWriter.XFRAME_OPTIONS_HEADER)).isEqualTo("DENY");
 	}
 
 	@Test
 	public void writeHeadersSameOrigin() {
-		writer = new XFrameOptionsHeaderWriter(XFrameOptionsMode.SAMEORIGIN);
+		this.writer = new XFrameOptionsHeaderWriter(XFrameOptionsMode.SAMEORIGIN);
 
-		writer.writeHeaders(request, response);
+		this.writer.writeHeaders(this.request, this.response);
 
-		assertThat(response.getHeaderNames()).hasSize(1);
-		assertThat(response.getHeader(XFrameOptionsHeaderWriter.XFRAME_OPTIONS_HEADER)).isEqualTo("SAMEORIGIN");
+		assertThat(this.response.getHeaderNames()).hasSize(1);
+		assertThat(this.response.getHeader(XFrameOptionsHeaderWriter.XFRAME_OPTIONS_HEADER)).isEqualTo("SAMEORIGIN");
 	}
 
 	@Test
 	public void writeHeadersTwiceLastWins() {
-		writer = new XFrameOptionsHeaderWriter(XFrameOptionsMode.SAMEORIGIN);
-		writer.writeHeaders(request, response);
+		this.writer = new XFrameOptionsHeaderWriter(XFrameOptionsMode.SAMEORIGIN);
+		this.writer.writeHeaders(this.request, this.response);
 
-		writer = new XFrameOptionsHeaderWriter(XFrameOptionsMode.DENY);
-		writer.writeHeaders(request, response);
+		this.writer = new XFrameOptionsHeaderWriter(XFrameOptionsMode.DENY);
+		this.writer.writeHeaders(this.request, this.response);
 
-		assertThat(response.getHeaderNames()).hasSize(1);
-		assertThat(response.getHeader(XFrameOptionsHeaderWriter.XFRAME_OPTIONS_HEADER)).isEqualTo("DENY");
+		assertThat(this.response.getHeaderNames()).hasSize(1);
+		assertThat(this.response.getHeader(XFrameOptionsHeaderWriter.XFRAME_OPTIONS_HEADER)).isEqualTo("DENY");
 	}
 
 }
diff --git a/web/src/test/java/org/springframework/security/web/jaasapi/JaasApiIntegrationFilterTests.java b/web/src/test/java/org/springframework/security/web/jaasapi/JaasApiIntegrationFilterTests.java
index d269aa3aa2..67c8b2f39d 100644
--- a/web/src/test/java/org/springframework/security/web/jaasapi/JaasApiIntegrationFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/jaasapi/JaasApiIntegrationFilterTests.java
@@ -78,11 +78,11 @@ public class JaasApiIntegrationFilterTests {
 		this.request = new MockHttpServletRequest();
 		this.response = new MockHttpServletResponse();
 
-		authenticatedSubject = new Subject();
-		authenticatedSubject.getPrincipals().add(() -> "principal");
-		authenticatedSubject.getPrivateCredentials().add("password");
-		authenticatedSubject.getPublicCredentials().add("username");
-		callbackHandler = callbacks -> {
+		this.authenticatedSubject = new Subject();
+		this.authenticatedSubject.getPrincipals().add(() -> "principal");
+		this.authenticatedSubject.getPrivateCredentials().add("password");
+		this.authenticatedSubject.getPublicCredentials().add("username");
+		this.callbackHandler = callbacks -> {
 			for (Callback callback : callbacks) {
 				if (callback instanceof NameCallback) {
 					((NameCallback) callback).setName("user");
@@ -98,7 +98,7 @@ public class JaasApiIntegrationFilterTests {
 				}
 			}
 		};
-		testConfiguration = new Configuration() {
+		this.testConfiguration = new Configuration() {
 
 			public void refresh() {
 			}
@@ -108,11 +108,11 @@ public class JaasApiIntegrationFilterTests {
 						LoginModuleControlFlag.REQUIRED, new HashMap<>()) };
 			}
 		};
-		LoginContext ctx = new LoginContext("SubjectDoAsFilterTest", authenticatedSubject, callbackHandler,
-				testConfiguration);
+		LoginContext ctx = new LoginContext("SubjectDoAsFilterTest", this.authenticatedSubject, this.callbackHandler,
+				this.testConfiguration);
 		ctx.login();
-		token = new JaasAuthenticationToken("username", "password", AuthorityUtils.createAuthorityList("ROLE_ADMIN"),
-				ctx);
+		this.token = new JaasAuthenticationToken("username", "password",
+				AuthorityUtils.createAuthorityList("ROLE_ADMIN"), ctx);
 
 		// just in case someone forgot to clear the context
 		SecurityContextHolder.clearContext();
@@ -133,7 +133,7 @@ public class JaasApiIntegrationFilterTests {
 
 	@Test
 	public void obtainSubjectNullAuthentication() {
-		assertNullSubject(filter.obtainSubject(request));
+		assertNullSubject(this.filter.obtainSubject(this.request));
 	}
 
 	@Test
@@ -141,51 +141,52 @@ public class JaasApiIntegrationFilterTests {
 		Authentication authentication = new TestingAuthenticationToken("un", "pwd");
 		authentication.setAuthenticated(true);
 		SecurityContextHolder.getContext().setAuthentication(authentication);
-		assertNullSubject(filter.obtainSubject(request));
+		assertNullSubject(this.filter.obtainSubject(this.request));
 	}
 
 	@Test
 	public void obtainSubjectNullLoginContext() {
-		token = new JaasAuthenticationToken("un", "pwd", AuthorityUtils.createAuthorityList("ROLE_ADMIN"), null);
-		SecurityContextHolder.getContext().setAuthentication(token);
-		assertNullSubject(filter.obtainSubject(request));
+		this.token = new JaasAuthenticationToken("un", "pwd", AuthorityUtils.createAuthorityList("ROLE_ADMIN"), null);
+		SecurityContextHolder.getContext().setAuthentication(this.token);
+		assertNullSubject(this.filter.obtainSubject(this.request));
 	}
 
 	@Test
 	public void obtainSubjectNullSubject() throws Exception {
-		LoginContext ctx = new LoginContext("obtainSubjectNullSubject", null, callbackHandler, testConfiguration);
+		LoginContext ctx = new LoginContext("obtainSubjectNullSubject", null, this.callbackHandler,
+				this.testConfiguration);
 		assertThat(ctx.getSubject()).isNull();
-		token = new JaasAuthenticationToken("un", "pwd", AuthorityUtils.createAuthorityList("ROLE_ADMIN"), ctx);
-		SecurityContextHolder.getContext().setAuthentication(token);
-		assertNullSubject(filter.obtainSubject(request));
+		this.token = new JaasAuthenticationToken("un", "pwd", AuthorityUtils.createAuthorityList("ROLE_ADMIN"), ctx);
+		SecurityContextHolder.getContext().setAuthentication(this.token);
+		assertNullSubject(this.filter.obtainSubject(this.request));
 	}
 
 	@Test
 	public void obtainSubject() {
-		SecurityContextHolder.getContext().setAuthentication(token);
-		assertThat(filter.obtainSubject(request)).isEqualTo(authenticatedSubject);
+		SecurityContextHolder.getContext().setAuthentication(this.token);
+		assertThat(this.filter.obtainSubject(this.request)).isEqualTo(this.authenticatedSubject);
 	}
 
 	@Test
 	public void doFilterCurrentSubjectPopulated() throws Exception {
-		SecurityContextHolder.getContext().setAuthentication(token);
-		assertJaasSubjectEquals(authenticatedSubject);
+		SecurityContextHolder.getContext().setAuthentication(this.token);
+		assertJaasSubjectEquals(this.authenticatedSubject);
 	}
 
 	@Test
 	public void doFilterAuthenticationNotAuthenticated() throws Exception {
 		// Authentication is null, so no Subject is populated.
-		token.setAuthenticated(false);
-		SecurityContextHolder.getContext().setAuthentication(token);
+		this.token.setAuthenticated(false);
+		SecurityContextHolder.getContext().setAuthentication(this.token);
 		assertJaasSubjectEquals(null);
-		filter.setCreateEmptySubject(true);
+		this.filter.setCreateEmptySubject(true);
 		assertJaasSubjectEquals(new Subject());
 	}
 
 	@Test
 	public void doFilterAuthenticationNull() throws Exception {
 		assertJaasSubjectEquals(null);
-		filter.setCreateEmptySubject(true);
+		this.filter.setCreateEmptySubject(true);
 		assertJaasSubjectEquals(new Subject());
 	}
 
@@ -202,7 +203,7 @@ public class JaasApiIntegrationFilterTests {
 				super.doFilter(request, response);
 			}
 		};
-		filter.doFilter(request, response, chain);
+		this.filter.doFilter(this.request, this.response, chain);
 		// ensure that the chain was actually invoked
 		assertThat(chain.getRequest()).isNotNull();
 	}
diff --git a/web/src/test/java/org/springframework/security/web/jackson2/AbstractMixinTests.java b/web/src/test/java/org/springframework/security/web/jackson2/AbstractMixinTests.java
index 97f6a63711..0b64b22bfb 100644
--- a/web/src/test/java/org/springframework/security/web/jackson2/AbstractMixinTests.java
+++ b/web/src/test/java/org/springframework/security/web/jackson2/AbstractMixinTests.java
@@ -31,9 +31,9 @@ public abstract class AbstractMixinTests {
 
 	@Before
 	public void setup() {
-		mapper = new ObjectMapper();
+		this.mapper = new ObjectMapper();
 		ClassLoader loader = getClass().getClassLoader();
-		mapper.registerModules(SecurityJackson2Modules.getModules(loader));
+		this.mapper.registerModules(SecurityJackson2Modules.getModules(loader));
 	}
 
 }
diff --git a/web/src/test/java/org/springframework/security/web/jackson2/CookieMixinTests.java b/web/src/test/java/org/springframework/security/web/jackson2/CookieMixinTests.java
index 61556153c2..7a6b00d6e3 100644
--- a/web/src/test/java/org/springframework/security/web/jackson2/CookieMixinTests.java
+++ b/web/src/test/java/org/springframework/security/web/jackson2/CookieMixinTests.java
@@ -51,13 +51,13 @@ public class CookieMixinTests extends AbstractMixinTests {
 	@Test
 	public void serializeCookie() throws JsonProcessingException, JSONException {
 		Cookie cookie = new Cookie("demo", "cookie1");
-		String actualString = mapper.writeValueAsString(cookie);
+		String actualString = this.mapper.writeValueAsString(cookie);
 		JSONAssert.assertEquals(COOKIE_JSON, actualString, true);
 	}
 
 	@Test
 	public void deserializeCookie() throws IOException {
-		Cookie cookie = mapper.readValue(COOKIE_JSON, Cookie.class);
+		Cookie cookie = this.mapper.readValue(COOKIE_JSON, Cookie.class);
 		assertThat(cookie).isNotNull();
 		assertThat(cookie.getName()).isEqualTo("demo");
 		assertThat(cookie.getDomain()).isEqualTo("");
diff --git a/web/src/test/java/org/springframework/security/web/jackson2/DefaultCsrfTokenMixinTests.java b/web/src/test/java/org/springframework/security/web/jackson2/DefaultCsrfTokenMixinTests.java
index fdb0e76e6b..0130cc3b9e 100644
--- a/web/src/test/java/org/springframework/security/web/jackson2/DefaultCsrfTokenMixinTests.java
+++ b/web/src/test/java/org/springframework/security/web/jackson2/DefaultCsrfTokenMixinTests.java
@@ -46,13 +46,13 @@ public class DefaultCsrfTokenMixinTests extends AbstractMixinTests {
 	@Test
 	public void defaultCsrfTokenSerializedTest() throws JsonProcessingException, JSONException {
 		DefaultCsrfToken token = new DefaultCsrfToken("csrf-header", "_csrf", "1");
-		String serializedJson = mapper.writeValueAsString(token);
+		String serializedJson = this.mapper.writeValueAsString(token);
 		JSONAssert.assertEquals(CSRF_JSON, serializedJson, true);
 	}
 
 	@Test
 	public void defaultCsrfTokenDeserializeTest() throws IOException {
-		DefaultCsrfToken token = mapper.readValue(CSRF_JSON, DefaultCsrfToken.class);
+		DefaultCsrfToken token = this.mapper.readValue(CSRF_JSON, DefaultCsrfToken.class);
 		assertThat(token).isNotNull();
 		assertThat(token.getHeaderName()).isEqualTo("csrf-header");
 		assertThat(token.getParameterName()).isEqualTo("_csrf");
@@ -62,13 +62,13 @@ public class DefaultCsrfTokenMixinTests extends AbstractMixinTests {
 	@Test(expected = JsonMappingException.class)
 	public void defaultCsrfTokenDeserializeWithoutClassTest() throws IOException {
 		String tokenJson = "{\"headerName\": \"csrf-header\", \"parameterName\": \"_csrf\", \"token\": \"1\"}";
-		mapper.readValue(tokenJson, DefaultCsrfToken.class);
+		this.mapper.readValue(tokenJson, DefaultCsrfToken.class);
 	}
 
 	@Test(expected = JsonMappingException.class)
 	public void defaultCsrfTokenDeserializeNullValuesTest() throws IOException {
 		String tokenJson = "{\"@class\": \"org.springframework.security.web.csrf.DefaultCsrfToken\", \"headerName\": \"\", \"parameterName\": null, \"token\": \"1\"}";
-		mapper.readValue(tokenJson, DefaultCsrfToken.class);
+		this.mapper.readValue(tokenJson, DefaultCsrfToken.class);
 	}
 
 }
diff --git a/web/src/test/java/org/springframework/security/web/jackson2/DefaultSavedRequestMixinTests.java b/web/src/test/java/org/springframework/security/web/jackson2/DefaultSavedRequestMixinTests.java
index cbf4605e49..33da0c0a6d 100644
--- a/web/src/test/java/org/springframework/security/web/jackson2/DefaultSavedRequestMixinTests.java
+++ b/web/src/test/java/org/springframework/security/web/jackson2/DefaultSavedRequestMixinTests.java
@@ -102,7 +102,7 @@ public class DefaultSavedRequestMixinTests extends AbstractMixinTests {
 				return new Cookie[] { new Cookie("SESSION", "123456789") };
 			}
 		};
-		String actualString = mapper.writerWithDefaultPrettyPrinter()
+		String actualString = this.mapper.writerWithDefaultPrettyPrinter()
 				.writeValueAsString(new DefaultSavedRequest(requestToWrite, new PortResolverImpl()));
 		JSONAssert.assertEquals(REQUEST_JSON, actualString, true);
 	}
@@ -115,13 +115,13 @@ public class DefaultSavedRequestMixinTests extends AbstractMixinTests {
 				.setRequestURL("http://localhost").setServerName("localhost").setRequestURI("")
 				.setLocales(Collections.singletonList(new Locale("en"))).setContextPath("").setMethod("")
 				.setServletPath("").build();
-		String actualString = mapper.writerWithDefaultPrettyPrinter().writeValueAsString(request);
+		String actualString = this.mapper.writerWithDefaultPrettyPrinter().writeValueAsString(request);
 		JSONAssert.assertEquals(REQUEST_JSON, actualString, true);
 	}
 
 	@Test
 	public void deserializeDefaultSavedRequest() throws IOException {
-		DefaultSavedRequest request = (DefaultSavedRequest) mapper.readValue(REQUEST_JSON, Object.class);
+		DefaultSavedRequest request = (DefaultSavedRequest) this.mapper.readValue(REQUEST_JSON, Object.class);
 		assertThat(request).isNotNull();
 		assertThat(request.getCookies()).hasSize(1);
 		assertThat(request.getLocales()).hasSize(1).contains(new Locale("en"));
diff --git a/web/src/test/java/org/springframework/security/web/jackson2/PreAuthenticatedAuthenticationTokenMixinTests.java b/web/src/test/java/org/springframework/security/web/jackson2/PreAuthenticatedAuthenticationTokenMixinTests.java
index 602416dfec..acc7f3feda 100644
--- a/web/src/test/java/org/springframework/security/web/jackson2/PreAuthenticatedAuthenticationTokenMixinTests.java
+++ b/web/src/test/java/org/springframework/security/web/jackson2/PreAuthenticatedAuthenticationTokenMixinTests.java
@@ -49,24 +49,24 @@ public class PreAuthenticatedAuthenticationTokenMixinTests extends AbstractMixin
 
 	@Before
 	public void setupExpected() {
-		expected = new PreAuthenticatedAuthenticationToken("principal", "credentials",
+		this.expected = new PreAuthenticatedAuthenticationToken("principal", "credentials",
 				AuthorityUtils.createAuthorityList("ROLE_USER"));
 	}
 
 	@Test
 	public void serializeWhenPrincipalCredentialsAuthoritiesThenSuccess()
 			throws JsonProcessingException, JSONException {
-		String serializedJson = mapper.writeValueAsString(expected);
+		String serializedJson = this.mapper.writeValueAsString(this.expected);
 		JSONAssert.assertEquals(PREAUTH_JSON, serializedJson, true);
 	}
 
 	@Test
 	public void deserializeAuthenticatedUsernamePasswordAuthenticationTokenMixinTest() throws Exception {
-		PreAuthenticatedAuthenticationToken deserialized = mapper.readValue(PREAUTH_JSON,
+		PreAuthenticatedAuthenticationToken deserialized = this.mapper.readValue(PREAUTH_JSON,
 				PreAuthenticatedAuthenticationToken.class);
 		assertThat(deserialized).isNotNull();
 		assertThat(deserialized.isAuthenticated()).isTrue();
-		assertThat(deserialized.getAuthorities()).isEqualTo(expected.getAuthorities());
+		assertThat(deserialized.getAuthorities()).isEqualTo(this.expected.getAuthorities());
 	}
 
 }
diff --git a/web/src/test/java/org/springframework/security/web/jackson2/SavedCookieMixinTests.java b/web/src/test/java/org/springframework/security/web/jackson2/SavedCookieMixinTests.java
index c6d2b8bcd8..597357a8ca 100644
--- a/web/src/test/java/org/springframework/security/web/jackson2/SavedCookieMixinTests.java
+++ b/web/src/test/java/org/springframework/security/web/jackson2/SavedCookieMixinTests.java
@@ -61,16 +61,16 @@ public class SavedCookieMixinTests extends AbstractMixinTests {
 	@Test
 	public void serializeWithDefaultConfigurationTest() throws JsonProcessingException, JSONException {
 		SavedCookie savedCookie = new SavedCookie(new Cookie("SESSION", "123456789"));
-		String actualJson = mapper.writeValueAsString(savedCookie);
+		String actualJson = this.mapper.writeValueAsString(savedCookie);
 		JSONAssert.assertEquals(COOKIE_JSON, actualJson, true);
 	}
 
 	@Test
 	public void serializeWithOverrideConfigurationTest() throws JsonProcessingException, JSONException {
 		SavedCookie savedCookie = new SavedCookie(new Cookie("SESSION", "123456789"));
-		mapper.setVisibility(PropertyAccessor.FIELD, JsonAutoDetect.Visibility.PUBLIC_ONLY)
+		this.mapper.setVisibility(PropertyAccessor.FIELD, JsonAutoDetect.Visibility.PUBLIC_ONLY)
 				.setVisibility(PropertyAccessor.GETTER, JsonAutoDetect.Visibility.ANY);
-		String actualJson = mapper.writeValueAsString(savedCookie);
+		String actualJson = this.mapper.writeValueAsString(savedCookie);
 		JSONAssert.assertEquals(COOKIE_JSON, actualJson, true);
 	}
 
@@ -78,14 +78,14 @@ public class SavedCookieMixinTests extends AbstractMixinTests {
 	public void serializeSavedCookieWithList() throws JsonProcessingException, JSONException {
 		List<SavedCookie> savedCookies = new ArrayList<>();
 		savedCookies.add(new SavedCookie(new Cookie("SESSION", "123456789")));
-		String actualJson = mapper.writeValueAsString(savedCookies);
+		String actualJson = this.mapper.writeValueAsString(savedCookies);
 		JSONAssert.assertEquals(COOKIES_JSON, actualJson, true);
 	}
 
 	@Test
 	@SuppressWarnings("unchecked")
 	public void deserializeSavedCookieWithList() throws IOException {
-		List<SavedCookie> savedCookies = (List<SavedCookie>) mapper.readValue(COOKIES_JSON, Object.class);
+		List<SavedCookie> savedCookies = (List<SavedCookie>) this.mapper.readValue(COOKIES_JSON, Object.class);
 		assertThat(savedCookies).isNotNull().hasSize(1);
 		assertThat(savedCookies.get(0).getName()).isEqualTo("SESSION");
 		assertThat(savedCookies.get(0).getValue()).isEqualTo("123456789");
@@ -93,7 +93,7 @@ public class SavedCookieMixinTests extends AbstractMixinTests {
 
 	@Test
 	public void deserializeSavedCookieJsonTest() throws IOException {
-		SavedCookie savedCookie = (SavedCookie) mapper.readValue(COOKIE_JSON, Object.class);
+		SavedCookie savedCookie = (SavedCookie) this.mapper.readValue(COOKIE_JSON, Object.class);
 		assertThat(savedCookie).isNotNull();
 		assertThat(savedCookie.getName()).isEqualTo("SESSION");
 		assertThat(savedCookie.getValue()).isEqualTo("123456789");
diff --git a/web/src/test/java/org/springframework/security/web/jackson2/WebAuthenticationDetailsMixinTests.java b/web/src/test/java/org/springframework/security/web/jackson2/WebAuthenticationDetailsMixinTests.java
index 35848f3c2c..2a821f308a 100644
--- a/web/src/test/java/org/springframework/security/web/jackson2/WebAuthenticationDetailsMixinTests.java
+++ b/web/src/test/java/org/springframework/security/web/jackson2/WebAuthenticationDetailsMixinTests.java
@@ -52,7 +52,7 @@ public class WebAuthenticationDetailsMixinTests extends AbstractMixinTests {
 
 		WebAuthenticationDetails details = new WebAuthenticationDetails(request);
 
-		WebAuthenticationDetails authenticationDetails = mapper.readValue(AUTHENTICATION_DETAILS_JSON,
+		WebAuthenticationDetails authenticationDetails = this.mapper.readValue(AUTHENTICATION_DETAILS_JSON,
 				WebAuthenticationDetails.class);
 		assertThat(details.equals(authenticationDetails));
 	}
@@ -63,13 +63,13 @@ public class WebAuthenticationDetailsMixinTests extends AbstractMixinTests {
 		request.setRemoteAddr("/localhost");
 		request.setSession(new MockHttpSession(null, "1"));
 		WebAuthenticationDetails details = new WebAuthenticationDetails(request);
-		String actualJson = mapper.writeValueAsString(details);
+		String actualJson = this.mapper.writeValueAsString(details);
 		JSONAssert.assertEquals(AUTHENTICATION_DETAILS_JSON, actualJson, true);
 	}
 
 	@Test
 	public void webAuthenticationDetailsDeserializeTest() throws IOException {
-		WebAuthenticationDetails details = mapper.readValue(AUTHENTICATION_DETAILS_JSON,
+		WebAuthenticationDetails details = this.mapper.readValue(AUTHENTICATION_DETAILS_JSON,
 				WebAuthenticationDetails.class);
 		assertThat(details).isNotNull();
 		assertThat(details.getRemoteAddress()).isEqualTo("/localhost");
diff --git a/web/src/test/java/org/springframework/security/web/method/ResolvableMethod.java b/web/src/test/java/org/springframework/security/web/method/ResolvableMethod.java
index 605a796c27..58c6eccc9b 100644
--- a/web/src/test/java/org/springframework/security/web/method/ResolvableMethod.java
+++ b/web/src/test/java/org/springframework/security/web/method/ResolvableMethod.java
@@ -293,8 +293,8 @@ public final class ResolvableMethod {
 		@SafeVarargs
 		public final Builder<T> annotPresent(Class<? extends Annotation>... annotationTypes) {
 			String message = "annotationPresent=" + Arrays.toString(annotationTypes);
-			addFilter(message, method -> Arrays.stream(annotationTypes)
-					.allMatch(annotType -> AnnotatedElementUtils.findMergedAnnotation(method, annotType) != null));
+			addFilter(message, candidate -> Arrays.stream(annotationTypes)
+					.allMatch(annotType -> AnnotatedElementUtils.findMergedAnnotation(candidate, annotType) != null));
 			return this;
 		}
 
@@ -304,13 +304,13 @@ public final class ResolvableMethod {
 		@SafeVarargs
 		public final Builder<T> annotNotPresent(Class<? extends Annotation>... annotationTypes) {
 			String message = "annotationNotPresent=" + Arrays.toString(annotationTypes);
-			addFilter(message, method -> {
+			addFilter(message, candidate -> {
 				if (annotationTypes.length != 0) {
 					return Arrays.stream(annotationTypes).noneMatch(
-							annotType -> AnnotatedElementUtils.findMergedAnnotation(method, annotType) != null);
+							annotType -> AnnotatedElementUtils.findMergedAnnotation(candidate, annotType) != null);
 				}
 				else {
-					return method.getAnnotations().length == 0;
+					return candidate.getAnnotations().length == 0;
 				}
 			});
 			return this;
@@ -574,8 +574,8 @@ public final class ResolvableMethod {
 
 		private List<MethodParameter> applyFilters() {
 			List<MethodParameter> matches = new ArrayList<>();
-			for (int i = 0; i < method.getParameterCount(); i++) {
-				MethodParameter param = new SynthesizingMethodParameter(method, i);
+			for (int i = 0; i < ResolvableMethod.this.method.getParameterCount(); i++) {
+				MethodParameter param = new SynthesizingMethodParameter(ResolvableMethod.this.method, i);
 				param.initParameterNameDiscovery(nameDiscoverer);
 				if (this.filters.stream().allMatch(p -> p.test(param))) {
 					matches.add(param);
diff --git a/web/src/test/java/org/springframework/security/web/method/annotation/AuthenticationPrincipalArgumentResolverTests.java b/web/src/test/java/org/springframework/security/web/method/annotation/AuthenticationPrincipalArgumentResolverTests.java
index c20f92a6fd..9d5af585de 100644
--- a/web/src/test/java/org/springframework/security/web/method/annotation/AuthenticationPrincipalArgumentResolverTests.java
+++ b/web/src/test/java/org/springframework/security/web/method/annotation/AuthenticationPrincipalArgumentResolverTests.java
@@ -48,7 +48,7 @@ public class AuthenticationPrincipalArgumentResolverTests {
 
 	@Before
 	public void setup() {
-		resolver = new AuthenticationPrincipalArgumentResolver();
+		this.resolver = new AuthenticationPrincipalArgumentResolver();
 	}
 
 	@After
@@ -58,60 +58,63 @@ public class AuthenticationPrincipalArgumentResolverTests {
 
 	@Test
 	public void supportsParameterNoAnnotation() {
-		assertThat(resolver.supportsParameter(showUserNoAnnotation())).isFalse();
+		assertThat(this.resolver.supportsParameter(showUserNoAnnotation())).isFalse();
 	}
 
 	@Test
 	public void supportsParameterAnnotation() {
-		assertThat(resolver.supportsParameter(showUserAnnotationObject())).isTrue();
+		assertThat(this.resolver.supportsParameter(showUserAnnotationObject())).isTrue();
 	}
 
 	@Test
 	public void supportsParameterCustomAnnotation() {
-		assertThat(resolver.supportsParameter(showUserCustomAnnotation())).isTrue();
+		assertThat(this.resolver.supportsParameter(showUserCustomAnnotation())).isTrue();
 	}
 
 	@Test
 	public void resolveArgumentNullAuthentication() throws Exception {
-		assertThat(resolver.resolveArgument(showUserAnnotationString(), null, null, null)).isNull();
+		assertThat(this.resolver.resolveArgument(showUserAnnotationString(), null, null, null)).isNull();
 	}
 
 	@Test
 	public void resolveArgumentNullPrincipal() throws Exception {
 		setAuthenticationPrincipal(null);
-		assertThat(resolver.resolveArgument(showUserAnnotationString(), null, null, null)).isNull();
+		assertThat(this.resolver.resolveArgument(showUserAnnotationString(), null, null, null)).isNull();
 	}
 
 	@Test
 	public void resolveArgumentString() throws Exception {
 		setAuthenticationPrincipal("john");
-		assertThat(resolver.resolveArgument(showUserAnnotationString(), null, null, null)).isEqualTo(expectedPrincipal);
+		assertThat(this.resolver.resolveArgument(showUserAnnotationString(), null, null, null))
+				.isEqualTo(this.expectedPrincipal);
 	}
 
 	@Test
 	public void resolveArgumentPrincipalStringOnObject() throws Exception {
 		setAuthenticationPrincipal("john");
-		assertThat(resolver.resolveArgument(showUserAnnotationObject(), null, null, null)).isEqualTo(expectedPrincipal);
+		assertThat(this.resolver.resolveArgument(showUserAnnotationObject(), null, null, null))
+				.isEqualTo(this.expectedPrincipal);
 	}
 
 	@Test
 	public void resolveArgumentUserDetails() throws Exception {
 		setAuthenticationPrincipal(new User("user", "password", AuthorityUtils.createAuthorityList("ROLE_USER")));
-		assertThat(resolver.resolveArgument(showUserAnnotationUserDetails(), null, null, null))
-				.isEqualTo(expectedPrincipal);
+		assertThat(this.resolver.resolveArgument(showUserAnnotationUserDetails(), null, null, null))
+				.isEqualTo(this.expectedPrincipal);
 	}
 
 	@Test
 	public void resolveArgumentCustomUserPrincipal() throws Exception {
 		setAuthenticationPrincipal(new CustomUserPrincipal());
-		assertThat(resolver.resolveArgument(showUserAnnotationCustomUserPrincipal(), null, null, null))
-				.isEqualTo(expectedPrincipal);
+		assertThat(this.resolver.resolveArgument(showUserAnnotationCustomUserPrincipal(), null, null, null))
+				.isEqualTo(this.expectedPrincipal);
 	}
 
 	@Test
 	public void resolveArgumentCustomAnnotation() throws Exception {
 		setAuthenticationPrincipal(new CustomUserPrincipal());
-		assertThat(resolver.resolveArgument(showUserCustomAnnotation(), null, null, null)).isEqualTo(expectedPrincipal);
+		assertThat(this.resolver.resolveArgument(showUserCustomAnnotation(), null, null, null))
+				.isEqualTo(this.expectedPrincipal);
 	}
 
 	@Test
@@ -134,25 +137,26 @@ public class AuthenticationPrincipalArgumentResolverTests {
 	@Test
 	public void resolveArgumentNullOnInvalidType() throws Exception {
 		setAuthenticationPrincipal(new CustomUserPrincipal());
-		assertThat(resolver.resolveArgument(showUserAnnotationString(), null, null, null)).isNull();
+		assertThat(this.resolver.resolveArgument(showUserAnnotationString(), null, null, null)).isNull();
 	}
 
 	@Test(expected = ClassCastException.class)
 	public void resolveArgumentErrorOnInvalidType() throws Exception {
 		setAuthenticationPrincipal(new CustomUserPrincipal());
-		resolver.resolveArgument(showUserAnnotationErrorOnInvalidType(), null, null, null);
+		this.resolver.resolveArgument(showUserAnnotationErrorOnInvalidType(), null, null, null);
 	}
 
 	@Test(expected = ClassCastException.class)
 	public void resolveArgumentCustomserErrorOnInvalidType() throws Exception {
 		setAuthenticationPrincipal(new CustomUserPrincipal());
-		resolver.resolveArgument(showUserAnnotationCurrentUserErrorOnInvalidType(), null, null, null);
+		this.resolver.resolveArgument(showUserAnnotationCurrentUserErrorOnInvalidType(), null, null, null);
 	}
 
 	@Test
 	public void resolveArgumentObject() throws Exception {
 		setAuthenticationPrincipal(new Object());
-		assertThat(resolver.resolveArgument(showUserAnnotationObject(), null, null, null)).isEqualTo(expectedPrincipal);
+		assertThat(this.resolver.resolveArgument(showUserAnnotationObject(), null, null, null))
+				.isEqualTo(this.expectedPrincipal);
 	}
 
 	private MethodParameter showUserNoAnnotation() {
@@ -304,7 +308,7 @@ public class AuthenticationPrincipalArgumentResolverTests {
 	private void setAuthenticationPrincipal(Object principal) {
 		this.expectedPrincipal = principal;
 		SecurityContextHolder.getContext()
-				.setAuthentication(new TestingAuthenticationToken(expectedPrincipal, "password", "ROLE_USER"));
+				.setAuthentication(new TestingAuthenticationToken(this.expectedPrincipal, "password", "ROLE_USER"));
 	}
 
 }
diff --git a/web/src/test/java/org/springframework/security/web/method/annotation/CsrfTokenArgumentResolverTests.java b/web/src/test/java/org/springframework/security/web/method/annotation/CsrfTokenArgumentResolverTests.java
index 3d8b235342..78a0257842 100644
--- a/web/src/test/java/org/springframework/security/web/method/annotation/CsrfTokenArgumentResolverTests.java
+++ b/web/src/test/java/org/springframework/security/web/method/annotation/CsrfTokenArgumentResolverTests.java
@@ -58,32 +58,34 @@ public class CsrfTokenArgumentResolverTests {
 
 	@Before
 	public void setup() {
-		token = new DefaultCsrfToken("X-CSRF-TOKEN", "_csrf", "secret");
-		resolver = new CsrfTokenArgumentResolver();
-		request = new MockHttpServletRequest();
-		webRequest = new ServletWebRequest(request);
+		this.token = new DefaultCsrfToken("X-CSRF-TOKEN", "_csrf", "secret");
+		this.resolver = new CsrfTokenArgumentResolver();
+		this.request = new MockHttpServletRequest();
+		this.webRequest = new ServletWebRequest(this.request);
 	}
 
 	@Test
 	public void supportsParameterFalse() {
-		assertThat(resolver.supportsParameter(noToken())).isFalse();
+		assertThat(this.resolver.supportsParameter(noToken())).isFalse();
 	}
 
 	@Test
 	public void supportsParameterTrue() {
-		assertThat(resolver.supportsParameter(token())).isTrue();
+		assertThat(this.resolver.supportsParameter(token())).isTrue();
 	}
 
 	@Test
 	public void resolveArgumentNotFound() throws Exception {
-		assertThat(resolver.resolveArgument(token(), mavContainer, webRequest, binderFactory)).isNull();
+		assertThat(this.resolver.resolveArgument(token(), this.mavContainer, this.webRequest, this.binderFactory))
+				.isNull();
 	}
 
 	@Test
 	public void resolveArgumentFound() throws Exception {
-		request.setAttribute(CsrfToken.class.getName(), token);
+		this.request.setAttribute(CsrfToken.class.getName(), this.token);
 
-		assertThat(resolver.resolveArgument(token(), mavContainer, webRequest, binderFactory)).isSameAs(token);
+		assertThat(this.resolver.resolveArgument(token(), this.mavContainer, this.webRequest, this.binderFactory))
+				.isSameAs(this.token);
 	}
 
 	private MethodParameter noToken() {
diff --git a/web/src/test/java/org/springframework/security/web/method/annotation/CurrentSecurityContextArgumentResolverTests.java b/web/src/test/java/org/springframework/security/web/method/annotation/CurrentSecurityContextArgumentResolverTests.java
index b4877f11d5..61d4f06744 100644
--- a/web/src/test/java/org/springframework/security/web/method/annotation/CurrentSecurityContextArgumentResolverTests.java
+++ b/web/src/test/java/org/springframework/security/web/method/annotation/CurrentSecurityContextArgumentResolverTests.java
@@ -334,7 +334,7 @@ public class CurrentSecurityContextArgumentResolverTests {
 
 		@Override
 		public Authentication getAuthentication() {
-			return authentication;
+			return this.authentication;
 		}
 
 		@Override
diff --git a/web/src/test/java/org/springframework/security/web/reactive/result/method/annotation/AuthenticationPrincipalArgumentResolverTests.java b/web/src/test/java/org/springframework/security/web/reactive/result/method/annotation/AuthenticationPrincipalArgumentResolverTests.java
index b61603f66a..ec368956ee 100644
--- a/web/src/test/java/org/springframework/security/web/reactive/result/method/annotation/AuthenticationPrincipalArgumentResolverTests.java
+++ b/web/src/test/java/org/springframework/security/web/reactive/result/method/annotation/AuthenticationPrincipalArgumentResolverTests.java
@@ -76,36 +76,36 @@ public class AuthenticationPrincipalArgumentResolverTests {
 
 	@Before
 	public void setup() {
-		resolver = new AuthenticationPrincipalArgumentResolver(new ReactiveAdapterRegistry());
+		this.resolver = new AuthenticationPrincipalArgumentResolver(new ReactiveAdapterRegistry());
 		this.resolver.setBeanResolver(this.beanResolver);
 	}
 
 	@Test
 	public void supportsParameterAuthenticationPrincipal() {
-		assertThat(resolver.supportsParameter(this.authenticationPrincipal.arg(String.class))).isTrue();
+		assertThat(this.resolver.supportsParameter(this.authenticationPrincipal.arg(String.class))).isTrue();
 	}
 
 	@Test
 	public void supportsParameterCurrentUser() {
-		assertThat(resolver.supportsParameter(this.meta.arg(String.class))).isTrue();
+		assertThat(this.resolver.supportsParameter(this.meta.arg(String.class))).isTrue();
 	}
 
 	@Test
 	public void resolveArgumentWhenIsAuthenticationThenObtainsPrincipal() {
 		MethodParameter parameter = this.authenticationPrincipal.arg(String.class);
-		when(authentication.getPrincipal()).thenReturn("user");
+		when(this.authentication.getPrincipal()).thenReturn("user");
 
-		Mono<Object> argument = resolver.resolveArgument(parameter, bindingContext, exchange)
-				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication));
+		Mono<Object> argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange)
+				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication));
 
-		assertThat(argument.block()).isEqualTo(authentication.getPrincipal());
+		assertThat(argument.block()).isEqualTo(this.authentication.getPrincipal());
 	}
 
 	@Test
 	public void resolveArgumentWhenIsEmptyThenMonoEmpty() {
 		MethodParameter parameter = this.authenticationPrincipal.arg(String.class);
 
-		Mono<Object> argument = resolver.resolveArgument(parameter, bindingContext, exchange);
+		Mono<Object> argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange);
 
 		assertThat(argument).isNotNull();
 		assertThat(argument.block()).isNull();
@@ -114,34 +114,34 @@ public class AuthenticationPrincipalArgumentResolverTests {
 	@Test
 	public void resolveArgumentWhenMonoIsAuthenticationThenObtainsPrincipal() {
 		MethodParameter parameter = this.authenticationPrincipal.arg(Mono.class, String.class);
-		when(authentication.getPrincipal()).thenReturn("user");
+		when(this.authentication.getPrincipal()).thenReturn("user");
 
-		Mono<Object> argument = resolver.resolveArgument(parameter, bindingContext, exchange)
-				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication));
+		Mono<Object> argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange)
+				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication));
 
-		assertThat(argument.cast(Mono.class).block().block()).isEqualTo(authentication.getPrincipal());
+		assertThat(argument.cast(Mono.class).block().block()).isEqualTo(this.authentication.getPrincipal());
 	}
 
 	@Test
 	public void resolveArgumentWhenMonoIsAuthenticationAndNoGenericThenObtainsPrincipal() {
 		MethodParameter parameter = ResolvableMethod.on(getClass()).named("authenticationPrincipalNoGeneric").build()
 				.arg(Mono.class);
-		when(authentication.getPrincipal()).thenReturn("user");
+		when(this.authentication.getPrincipal()).thenReturn("user");
 
-		Mono<Object> argument = resolver.resolveArgument(parameter, bindingContext, exchange)
-				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication));
+		Mono<Object> argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange)
+				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication));
 
-		assertThat(argument.cast(Mono.class).block().block()).isEqualTo(authentication.getPrincipal());
+		assertThat(argument.cast(Mono.class).block().block()).isEqualTo(this.authentication.getPrincipal());
 	}
 
 	@Test
 	public void resolveArgumentWhenSpelThenObtainsPrincipal() {
 		MyUser user = new MyUser(3L);
 		MethodParameter parameter = this.spel.arg(Long.class);
-		when(authentication.getPrincipal()).thenReturn(user);
+		when(this.authentication.getPrincipal()).thenReturn(user);
 
-		Mono<Object> argument = resolver.resolveArgument(parameter, bindingContext, exchange)
-				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication));
+		Mono<Object> argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange)
+				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication));
 
 		assertThat(argument.block()).isEqualTo(user.getId());
 	}
@@ -150,11 +150,11 @@ public class AuthenticationPrincipalArgumentResolverTests {
 	public void resolveArgumentWhenBeanThenObtainsPrincipal() throws Exception {
 		MyUser user = new MyUser(3L);
 		MethodParameter parameter = this.bean.arg(Long.class);
-		when(authentication.getPrincipal()).thenReturn(user);
+		when(this.authentication.getPrincipal()).thenReturn(user);
 		when(this.beanResolver.resolve(any(), eq("beanName"))).thenReturn(new Bean());
 
-		Mono<Object> argument = resolver.resolveArgument(parameter, bindingContext, exchange)
-				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication));
+		Mono<Object> argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange)
+				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication));
 
 		assertThat(argument.block()).isEqualTo(user.getId());
 	}
@@ -162,10 +162,10 @@ public class AuthenticationPrincipalArgumentResolverTests {
 	@Test
 	public void resolveArgumentWhenMetaThenObtainsPrincipal() {
 		MethodParameter parameter = this.meta.arg(String.class);
-		when(authentication.getPrincipal()).thenReturn("user");
+		when(this.authentication.getPrincipal()).thenReturn("user");
 
-		Mono<Object> argument = resolver.resolveArgument(parameter, bindingContext, exchange)
-				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication));
+		Mono<Object> argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange)
+				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication));
 
 		assertThat(argument.block()).isEqualTo("user");
 	}
@@ -174,10 +174,10 @@ public class AuthenticationPrincipalArgumentResolverTests {
 	public void resolveArgumentWhenErrorOnInvalidTypeImplicit() {
 		MethodParameter parameter = ResolvableMethod.on(getClass()).named("errorOnInvalidTypeWhenImplicit").build()
 				.arg(Integer.class);
-		when(authentication.getPrincipal()).thenReturn("user");
+		when(this.authentication.getPrincipal()).thenReturn("user");
 
-		Mono<Object> argument = resolver.resolveArgument(parameter, bindingContext, exchange)
-				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication));
+		Mono<Object> argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange)
+				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication));
 
 		assertThat(argument.block()).isNull();
 	}
@@ -186,10 +186,10 @@ public class AuthenticationPrincipalArgumentResolverTests {
 	public void resolveArgumentWhenErrorOnInvalidTypeExplicitFalse() {
 		MethodParameter parameter = ResolvableMethod.on(getClass()).named("errorOnInvalidTypeWhenExplicitFalse").build()
 				.arg(Integer.class);
-		when(authentication.getPrincipal()).thenReturn("user");
+		when(this.authentication.getPrincipal()).thenReturn("user");
 
-		Mono<Object> argument = resolver.resolveArgument(parameter, bindingContext, exchange)
-				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication));
+		Mono<Object> argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange)
+				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication));
 
 		assertThat(argument.block()).isNull();
 	}
@@ -198,10 +198,10 @@ public class AuthenticationPrincipalArgumentResolverTests {
 	public void resolveArgumentWhenErrorOnInvalidTypeExplicitTrue() {
 		MethodParameter parameter = ResolvableMethod.on(getClass()).named("errorOnInvalidTypeWhenExplicitTrue").build()
 				.arg(Integer.class);
-		when(authentication.getPrincipal()).thenReturn("user");
+		when(this.authentication.getPrincipal()).thenReturn("user");
 
-		Mono<Object> argument = resolver.resolveArgument(parameter, bindingContext, exchange)
-				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication));
+		Mono<Object> argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange)
+				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication));
 
 		assertThatThrownBy(() -> argument.block()).isInstanceOf(ClassCastException.class);
 	}
@@ -248,7 +248,7 @@ public class AuthenticationPrincipalArgumentResolverTests {
 		}
 
 		public Long getId() {
-			return id;
+			return this.id;
 		}
 
 	}
diff --git a/web/src/test/java/org/springframework/security/web/reactive/result/method/annotation/CurrentSecurityContextArgumentResolverTests.java b/web/src/test/java/org/springframework/security/web/reactive/result/method/annotation/CurrentSecurityContextArgumentResolverTests.java
index 69108ad0a9..a6e3c40c26 100644
--- a/web/src/test/java/org/springframework/security/web/reactive/result/method/annotation/CurrentSecurityContextArgumentResolverTests.java
+++ b/web/src/test/java/org/springframework/security/web/reactive/result/method/annotation/CurrentSecurityContextArgumentResolverTests.java
@@ -379,7 +379,7 @@ public class CurrentSecurityContextArgumentResolverTests {
 
 		@Override
 		public Authentication getAuthentication() {
-			return authentication;
+			return this.authentication;
 		}
 
 		@Override
diff --git a/web/src/test/java/org/springframework/security/web/savedrequest/HttpSessionRequestCacheTests.java b/web/src/test/java/org/springframework/security/web/savedrequest/HttpSessionRequestCacheTests.java
index 8222d25dad..b950773887 100644
--- a/web/src/test/java/org/springframework/security/web/savedrequest/HttpSessionRequestCacheTests.java
+++ b/web/src/test/java/org/springframework/security/web/savedrequest/HttpSessionRequestCacheTests.java
@@ -111,35 +111,35 @@ public class HttpSessionRequestCacheTests {
 		}
 
 		public String getRedirectUrl() {
-			return delegate.getRedirectUrl();
+			return this.delegate.getRedirectUrl();
 		}
 
 		public List<Cookie> getCookies() {
-			return delegate.getCookies();
+			return this.delegate.getCookies();
 		}
 
 		public String getMethod() {
-			return delegate.getMethod();
+			return this.delegate.getMethod();
 		}
 
 		public List<String> getHeaderValues(String name) {
-			return delegate.getHeaderValues(name);
+			return this.delegate.getHeaderValues(name);
 		}
 
 		public Collection<String> getHeaderNames() {
-			return delegate.getHeaderNames();
+			return this.delegate.getHeaderNames();
 		}
 
 		public List<Locale> getLocales() {
-			return delegate.getLocales();
+			return this.delegate.getLocales();
 		}
 
 		public String[] getParameterValues(String name) {
-			return delegate.getParameterValues(name);
+			return this.delegate.getParameterValues(name);
 		}
 
 		public Map<String, String[]> getParameterMap() {
-			return delegate.getParameterMap();
+			return this.delegate.getParameterMap();
 		}
 
 		private static final long serialVersionUID = 2426831999233621470L;
diff --git a/web/src/test/java/org/springframework/security/web/savedrequest/SavedCookieTests.java b/web/src/test/java/org/springframework/security/web/savedrequest/SavedCookieTests.java
index d71ca86641..999042e694 100644
--- a/web/src/test/java/org/springframework/security/web/savedrequest/SavedCookieTests.java
+++ b/web/src/test/java/org/springframework/security/web/savedrequest/SavedCookieTests.java
@@ -32,67 +32,67 @@ public class SavedCookieTests {
 
 	@Before
 	public void setUp() {
-		cookie = new Cookie("name", "value");
-		cookie.setComment("comment");
-		cookie.setDomain("domain");
-		cookie.setMaxAge(100);
-		cookie.setPath("path");
-		cookie.setSecure(true);
-		cookie.setVersion(11);
-		savedCookie = new SavedCookie(cookie);
+		this.cookie = new Cookie("name", "value");
+		this.cookie.setComment("comment");
+		this.cookie.setDomain("domain");
+		this.cookie.setMaxAge(100);
+		this.cookie.setPath("path");
+		this.cookie.setSecure(true);
+		this.cookie.setVersion(11);
+		this.savedCookie = new SavedCookie(this.cookie);
 	}
 
 	@Test
 	public void testGetName() {
-		assertThat(savedCookie.getName()).isEqualTo(cookie.getName());
+		assertThat(this.savedCookie.getName()).isEqualTo(this.cookie.getName());
 	}
 
 	@Test
 	public void testGetValue() {
-		assertThat(savedCookie.getValue()).isEqualTo(cookie.getValue());
+		assertThat(this.savedCookie.getValue()).isEqualTo(this.cookie.getValue());
 	}
 
 	@Test
 	public void testGetComment() {
-		assertThat(savedCookie.getComment()).isEqualTo(cookie.getComment());
+		assertThat(this.savedCookie.getComment()).isEqualTo(this.cookie.getComment());
 	}
 
 	@Test
 	public void testGetDomain() {
-		assertThat(savedCookie.getDomain()).isEqualTo(cookie.getDomain());
+		assertThat(this.savedCookie.getDomain()).isEqualTo(this.cookie.getDomain());
 	}
 
 	@Test
 	public void testGetMaxAge() {
-		assertThat(savedCookie.getMaxAge()).isEqualTo(cookie.getMaxAge());
+		assertThat(this.savedCookie.getMaxAge()).isEqualTo(this.cookie.getMaxAge());
 	}
 
 	@Test
 	public void testGetPath() {
-		assertThat(savedCookie.getPath()).isEqualTo(cookie.getPath());
+		assertThat(this.savedCookie.getPath()).isEqualTo(this.cookie.getPath());
 	}
 
 	@Test
 	public void testGetVersion() {
-		assertThat(savedCookie.getVersion()).isEqualTo(cookie.getVersion());
+		assertThat(this.savedCookie.getVersion()).isEqualTo(this.cookie.getVersion());
 	}
 
 	@Test
 	public void testGetCookie() {
-		Cookie other = savedCookie.getCookie();
-		assertThat(other.getComment()).isEqualTo(cookie.getComment());
-		assertThat(other.getDomain()).isEqualTo(cookie.getDomain());
-		assertThat(other.getMaxAge()).isEqualTo(cookie.getMaxAge());
-		assertThat(other.getName()).isEqualTo(cookie.getName());
-		assertThat(other.getPath()).isEqualTo(cookie.getPath());
-		assertThat(other.getSecure()).isEqualTo(cookie.getSecure());
-		assertThat(other.getValue()).isEqualTo(cookie.getValue());
-		assertThat(other.getVersion()).isEqualTo(cookie.getVersion());
+		Cookie other = this.savedCookie.getCookie();
+		assertThat(other.getComment()).isEqualTo(this.cookie.getComment());
+		assertThat(other.getDomain()).isEqualTo(this.cookie.getDomain());
+		assertThat(other.getMaxAge()).isEqualTo(this.cookie.getMaxAge());
+		assertThat(other.getName()).isEqualTo(this.cookie.getName());
+		assertThat(other.getPath()).isEqualTo(this.cookie.getPath());
+		assertThat(other.getSecure()).isEqualTo(this.cookie.getSecure());
+		assertThat(other.getValue()).isEqualTo(this.cookie.getValue());
+		assertThat(other.getVersion()).isEqualTo(this.cookie.getVersion());
 	}
 
 	@Test
 	public void testSerializable() {
-		assertThat(savedCookie instanceof Serializable).isTrue();
+		assertThat(this.savedCookie instanceof Serializable).isTrue();
 	}
 
 }
diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/ReactivePreAuthenticatedAuthenticationManagerTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/ReactivePreAuthenticatedAuthenticationManagerTests.java
index 2c98b364ea..65ccc44332 100644
--- a/web/src/test/java/org/springframework/security/web/server/authentication/ReactivePreAuthenticatedAuthenticationManagerTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authentication/ReactivePreAuthenticatedAuthenticationManagerTests.java
@@ -45,7 +45,7 @@ public class ReactivePreAuthenticatedAuthenticationManagerTests {
 	private ReactiveUserDetailsService mockUserDetailsService = mock(ReactiveUserDetailsService.class);
 
 	private ReactivePreAuthenticatedAuthenticationManager manager = new ReactivePreAuthenticatedAuthenticationManager(
-			mockUserDetailsService);
+			this.mockUserDetailsService);
 
 	private final User validAccount = new User("valid", "", Collections.emptySet());
 
@@ -62,45 +62,47 @@ public class ReactivePreAuthenticatedAuthenticationManagerTests {
 
 	@Test
 	public void returnsAuthenticatedTokenForValidAccount() {
-		when(mockUserDetailsService.findByUsername(anyString())).thenReturn(Mono.just(validAccount));
+		when(this.mockUserDetailsService.findByUsername(anyString())).thenReturn(Mono.just(this.validAccount));
 
-		Authentication authentication = manager.authenticate(tokenForUser(validAccount.getUsername())).block();
+		Authentication authentication = this.manager.authenticate(tokenForUser(this.validAccount.getUsername()))
+				.block();
 		assertThat(authentication.isAuthenticated()).isEqualTo(true);
 	}
 
 	@Test(expected = UsernameNotFoundException.class)
 	public void returnsNullForNonExistingAccount() {
-		when(mockUserDetailsService.findByUsername(anyString())).thenReturn(Mono.empty());
+		when(this.mockUserDetailsService.findByUsername(anyString())).thenReturn(Mono.empty());
 
-		manager.authenticate(tokenForUser(nonExistingAccount.getUsername())).block();
+		this.manager.authenticate(tokenForUser(this.nonExistingAccount.getUsername())).block();
 	}
 
 	@Test(expected = LockedException.class)
 	public void throwsExceptionForLockedAccount() {
-		when(mockUserDetailsService.findByUsername(anyString())).thenReturn(Mono.just(lockedAccount));
+		when(this.mockUserDetailsService.findByUsername(anyString())).thenReturn(Mono.just(this.lockedAccount));
 
-		manager.authenticate(tokenForUser(lockedAccount.getUsername())).block();
+		this.manager.authenticate(tokenForUser(this.lockedAccount.getUsername())).block();
 	}
 
 	@Test(expected = DisabledException.class)
 	public void throwsExceptionForDisabledAccount() {
-		when(mockUserDetailsService.findByUsername(anyString())).thenReturn(Mono.just(disabledAccount));
+		when(this.mockUserDetailsService.findByUsername(anyString())).thenReturn(Mono.just(this.disabledAccount));
 
-		manager.authenticate(tokenForUser(disabledAccount.getUsername())).block();
+		this.manager.authenticate(tokenForUser(this.disabledAccount.getUsername())).block();
 	}
 
 	@Test(expected = AccountExpiredException.class)
 	public void throwsExceptionForExpiredAccount() {
-		when(mockUserDetailsService.findByUsername(anyString())).thenReturn(Mono.just(expiredAccount));
+		when(this.mockUserDetailsService.findByUsername(anyString())).thenReturn(Mono.just(this.expiredAccount));
 
-		manager.authenticate(tokenForUser(expiredAccount.getUsername())).block();
+		this.manager.authenticate(tokenForUser(this.expiredAccount.getUsername())).block();
 	}
 
 	@Test(expected = CredentialsExpiredException.class)
 	public void throwsExceptionForAccountWithExpiredCredentials() {
-		when(mockUserDetailsService.findByUsername(anyString())).thenReturn(Mono.just(accountWithExpiredCredentials));
+		when(this.mockUserDetailsService.findByUsername(anyString()))
+				.thenReturn(Mono.just(this.accountWithExpiredCredentials));
 
-		manager.authenticate(tokenForUser(accountWithExpiredCredentials.getUsername())).block();
+		this.manager.authenticate(tokenForUser(this.accountWithExpiredCredentials.getUsername())).block();
 	}
 
 	private Authentication tokenForUser(String username) {
diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/ServerX509AuthenticationConverterTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/ServerX509AuthenticationConverterTests.java
index 291d164514..02dd8c067f 100644
--- a/web/src/test/java/org/springframework/security/web/server/authentication/ServerX509AuthenticationConverterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authentication/ServerX509AuthenticationConverterTests.java
@@ -51,27 +51,29 @@ public class ServerX509AuthenticationConverterTests {
 
 	@Before
 	public void setUp() throws Exception {
-		request = MockServerHttpRequest.get("/");
+		this.request = MockServerHttpRequest.get("/");
 
-		certificate = X509TestUtils.buildTestCertificate();
-		when(principalExtractor.extractPrincipal(any())).thenReturn("Luke Taylor");
+		this.certificate = X509TestUtils.buildTestCertificate();
+		when(this.principalExtractor.extractPrincipal(any())).thenReturn("Luke Taylor");
 	}
 
 	@Test
 	public void shouldReturnNullForInvalidCertificate() {
-		Authentication authentication = converter.convert(MockServerWebExchange.from(request.build())).block();
+		Authentication authentication = this.converter.convert(MockServerWebExchange.from(this.request.build()))
+				.block();
 
 		assertThat(authentication).isNull();
 	}
 
 	@Test
 	public void shouldReturnAuthenticationForValidCertificate() {
-		request.sslInfo(new MockSslInfo(certificate));
+		this.request.sslInfo(new MockSslInfo(this.certificate));
 
-		Authentication authentication = converter.convert(MockServerWebExchange.from(request.build())).block();
+		Authentication authentication = this.converter.convert(MockServerWebExchange.from(this.request.build()))
+				.block();
 
 		assertThat(authentication.getName()).isEqualTo("Luke Taylor");
-		assertThat(authentication.getCredentials()).isEqualTo(certificate);
+		assertThat(authentication.getCredentials()).isEqualTo(this.certificate);
 	}
 
 	class MockSslInfo implements SslInfo {
diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/SwitchUserWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/SwitchUserWebFilterTests.java
index 8c19a1ba59..26acbd9255 100644
--- a/web/src/test/java/org/springframework/security/web/server/authentication/SwitchUserWebFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authentication/SwitchUserWebFilterTests.java
@@ -92,8 +92,9 @@ public class SwitchUserWebFilterTests {
 
 	@Before
 	public void setUp() {
-		switchUserWebFilter = new SwitchUserWebFilter(userDetailsService, successHandler, failureHandler);
-		switchUserWebFilter.setSecurityContextRepository(serverSecurityContextRepository);
+		this.switchUserWebFilter = new SwitchUserWebFilter(this.userDetailsService, this.successHandler,
+				this.failureHandler);
+		this.switchUserWebFilter.setSecurityContextRepository(this.serverSecurityContextRepository);
 	}
 
 	@Test
@@ -105,12 +106,12 @@ public class SwitchUserWebFilterTests {
 		when(chain.filter(exchange)).thenReturn(Mono.empty());
 
 		// when
-		switchUserWebFilter.filter(exchange, chain).block();
+		this.switchUserWebFilter.filter(exchange, chain).block();
 		// then
-		verifyNoInteractions(userDetailsService);
-		verifyNoInteractions(successHandler);
-		verifyNoInteractions(failureHandler);
-		verifyNoInteractions(serverSecurityContextRepository);
+		verifyNoInteractions(this.userDetailsService);
+		verifyNoInteractions(this.successHandler);
+		verifyNoInteractions(this.failureHandler);
+		verifyNoInteractions(this.serverSecurityContextRepository);
 
 		verify(chain).filter(exchange);
 	}
@@ -130,25 +131,27 @@ public class SwitchUserWebFilterTests {
 				"credentials");
 		final SecurityContextImpl securityContext = new SecurityContextImpl(originalAuthentication);
 
-		when(userDetailsService.findByUsername(targetUsername)).thenReturn(Mono.just(switchUserDetails));
-		when(serverSecurityContextRepository.save(eq(exchange), any(SecurityContext.class))).thenReturn(Mono.empty());
-		when(successHandler.onAuthenticationSuccess(any(WebFilterExchange.class), any(Authentication.class)))
+		when(this.userDetailsService.findByUsername(targetUsername)).thenReturn(Mono.just(switchUserDetails));
+		when(this.serverSecurityContextRepository.save(eq(exchange), any(SecurityContext.class)))
+				.thenReturn(Mono.empty());
+		when(this.successHandler.onAuthenticationSuccess(any(WebFilterExchange.class), any(Authentication.class)))
 				.thenReturn(Mono.empty());
 
 		// when
-		switchUserWebFilter.filter(exchange, chain).subscriberContext(withSecurityContext(Mono.just(securityContext)))
-				.block();
+		this.switchUserWebFilter.filter(exchange, chain)
+				.subscriberContext(withSecurityContext(Mono.just(securityContext))).block();
 
 		// then
 		verifyNoInteractions(chain);
-		verify(userDetailsService).findByUsername(targetUsername);
+		verify(this.userDetailsService).findByUsername(targetUsername);
 
 		final ArgumentCaptor<SecurityContext> securityContextCaptor = ArgumentCaptor.forClass(SecurityContext.class);
-		verify(serverSecurityContextRepository).save(eq(exchange), securityContextCaptor.capture());
+		verify(this.serverSecurityContextRepository).save(eq(exchange), securityContextCaptor.capture());
 		final SecurityContext savedSecurityContext = securityContextCaptor.getValue();
 
 		final ArgumentCaptor<Authentication> authenticationCaptor = ArgumentCaptor.forClass(Authentication.class);
-		verify(successHandler).onAuthenticationSuccess(any(WebFilterExchange.class), authenticationCaptor.capture());
+		verify(this.successHandler).onAuthenticationSuccess(any(WebFilterExchange.class),
+				authenticationCaptor.capture());
 
 		final Authentication switchUserAuthentication = authenticationCaptor.getValue();
 
@@ -185,19 +188,21 @@ public class SwitchUserWebFilterTests {
 
 		final WebFilterChain chain = mock(WebFilterChain.class);
 
-		when(serverSecurityContextRepository.save(eq(exchange), any(SecurityContext.class))).thenReturn(Mono.empty());
-		when(successHandler.onAuthenticationSuccess(any(WebFilterExchange.class), any(Authentication.class)))
+		when(this.serverSecurityContextRepository.save(eq(exchange), any(SecurityContext.class)))
 				.thenReturn(Mono.empty());
-		when(userDetailsService.findByUsername(targetUsername))
+		when(this.successHandler.onAuthenticationSuccess(any(WebFilterExchange.class), any(Authentication.class)))
+				.thenReturn(Mono.empty());
+		when(this.userDetailsService.findByUsername(targetUsername))
 				.thenReturn(Mono.just(switchUserDetails(targetUsername, true)));
 
 		// when
-		switchUserWebFilter.filter(exchange, chain).subscriberContext(withSecurityContext(Mono.just(securityContext)))
-				.block();
+		this.switchUserWebFilter.filter(exchange, chain)
+				.subscriberContext(withSecurityContext(Mono.just(securityContext))).block();
 
 		// then
 		final ArgumentCaptor<Authentication> authenticationCaptor = ArgumentCaptor.forClass(Authentication.class);
-		verify(successHandler).onAuthenticationSuccess(any(WebFilterExchange.class), authenticationCaptor.capture());
+		verify(this.successHandler).onAuthenticationSuccess(any(WebFilterExchange.class),
+				authenticationCaptor.capture());
 
 		final Authentication secondSwitchUserAuthentication = authenticationCaptor.getValue();
 
@@ -220,12 +225,12 @@ public class SwitchUserWebFilterTests {
 		final WebFilterChain chain = mock(WebFilterChain.class);
 		final SecurityContextImpl securityContext = new SecurityContextImpl(mock(Authentication.class));
 
-		exceptionRule.expect(IllegalArgumentException.class);
-		exceptionRule.expectMessage("The userName can not be null.");
+		this.exceptionRule.expect(IllegalArgumentException.class);
+		this.exceptionRule.expectMessage("The userName can not be null.");
 
 		// when
-		switchUserWebFilter.filter(exchange, chain).subscriberContext(withSecurityContext(Mono.just(securityContext)))
-				.block();
+		this.switchUserWebFilter.filter(exchange, chain)
+				.subscriberContext(withSecurityContext(Mono.just(securityContext))).block();
 		verifyNoInteractions(chain);
 	}
 
@@ -239,22 +244,22 @@ public class SwitchUserWebFilterTests {
 		final SecurityContextImpl securityContext = new SecurityContextImpl(mock(Authentication.class));
 
 		final UserDetails switchUserDetails = switchUserDetails(targetUsername, false);
-		when(userDetailsService.findByUsername(any(String.class))).thenReturn(Mono.just(switchUserDetails));
-		when(failureHandler.onAuthenticationFailure(any(WebFilterExchange.class), any(DisabledException.class)))
+		when(this.userDetailsService.findByUsername(any(String.class))).thenReturn(Mono.just(switchUserDetails));
+		when(this.failureHandler.onAuthenticationFailure(any(WebFilterExchange.class), any(DisabledException.class)))
 				.thenReturn(Mono.empty());
 
 		// when
-		switchUserWebFilter.filter(exchange, chain).subscriberContext(withSecurityContext(Mono.just(securityContext)))
-				.block();
+		this.switchUserWebFilter.filter(exchange, chain)
+				.subscriberContext(withSecurityContext(Mono.just(securityContext))).block();
 
-		verify(failureHandler).onAuthenticationFailure(any(WebFilterExchange.class), any(DisabledException.class));
+		verify(this.failureHandler).onAuthenticationFailure(any(WebFilterExchange.class), any(DisabledException.class));
 		verifyNoInteractions(chain);
 	}
 
 	@Test
 	public void switchUserWhenFailureHandlerNotDefinedThenReturnError() {
 		// given
-		switchUserWebFilter = new SwitchUserWebFilter(userDetailsService, successHandler, null);
+		this.switchUserWebFilter = new SwitchUserWebFilter(this.userDetailsService, this.successHandler, null);
 
 		final String targetUsername = "TEST_USERNAME";
 		final MockServerWebExchange exchange = MockServerWebExchange
@@ -264,13 +269,13 @@ public class SwitchUserWebFilterTests {
 		final SecurityContextImpl securityContext = new SecurityContextImpl(mock(Authentication.class));
 
 		final UserDetails switchUserDetails = switchUserDetails(targetUsername, false);
-		when(userDetailsService.findByUsername(any(String.class))).thenReturn(Mono.just(switchUserDetails));
+		when(this.userDetailsService.findByUsername(any(String.class))).thenReturn(Mono.just(switchUserDetails));
 
-		exceptionRule.expect(DisabledException.class);
+		this.exceptionRule.expect(DisabledException.class);
 
 		// when then
-		switchUserWebFilter.filter(exchange, chain).subscriberContext(withSecurityContext(Mono.just(securityContext)))
-				.block();
+		this.switchUserWebFilter.filter(exchange, chain)
+				.subscriberContext(withSecurityContext(Mono.just(securityContext))).block();
 		verifyNoInteractions(chain);
 	}
 
@@ -291,21 +296,23 @@ public class SwitchUserWebFilterTests {
 		final WebFilterChain chain = mock(WebFilterChain.class);
 		final SecurityContextImpl securityContext = new SecurityContextImpl(switchUserAuthentication);
 
-		when(serverSecurityContextRepository.save(eq(exchange), any(SecurityContext.class))).thenReturn(Mono.empty());
-		when(successHandler.onAuthenticationSuccess(any(WebFilterExchange.class), any(Authentication.class)))
+		when(this.serverSecurityContextRepository.save(eq(exchange), any(SecurityContext.class)))
+				.thenReturn(Mono.empty());
+		when(this.successHandler.onAuthenticationSuccess(any(WebFilterExchange.class), any(Authentication.class)))
 				.thenReturn(Mono.empty());
 
 		// when
-		switchUserWebFilter.filter(exchange, chain).subscriberContext(withSecurityContext(Mono.just(securityContext)))
-				.block();
+		this.switchUserWebFilter.filter(exchange, chain)
+				.subscriberContext(withSecurityContext(Mono.just(securityContext))).block();
 
 		// then
 		final ArgumentCaptor<SecurityContext> securityContextCaptor = ArgumentCaptor.forClass(SecurityContext.class);
-		verify(serverSecurityContextRepository).save(eq(exchange), securityContextCaptor.capture());
+		verify(this.serverSecurityContextRepository).save(eq(exchange), securityContextCaptor.capture());
 		final SecurityContext savedSecurityContext = securityContextCaptor.getValue();
 
 		final ArgumentCaptor<Authentication> authenticationCaptor = ArgumentCaptor.forClass(Authentication.class);
-		verify(successHandler).onAuthenticationSuccess(any(WebFilterExchange.class), authenticationCaptor.capture());
+		verify(this.successHandler).onAuthenticationSuccess(any(WebFilterExchange.class),
+				authenticationCaptor.capture());
 
 		final Authentication originalAuthenticationValue = authenticationCaptor.getValue();
 
@@ -326,12 +333,12 @@ public class SwitchUserWebFilterTests {
 		final WebFilterChain chain = mock(WebFilterChain.class);
 		final SecurityContextImpl securityContext = new SecurityContextImpl(originalAuthentication);
 
-		exceptionRule.expect(AuthenticationCredentialsNotFoundException.class);
-		exceptionRule.expectMessage("Could not find original Authentication object");
+		this.exceptionRule.expect(AuthenticationCredentialsNotFoundException.class);
+		this.exceptionRule.expectMessage("Could not find original Authentication object");
 
 		// when then
-		switchUserWebFilter.filter(exchange, chain).subscriberContext(withSecurityContext(Mono.just(securityContext)))
-				.block();
+		this.switchUserWebFilter.filter(exchange, chain)
+				.subscriberContext(withSecurityContext(Mono.just(securityContext))).block();
 		verifyNoInteractions(chain);
 	}
 
@@ -343,11 +350,11 @@ public class SwitchUserWebFilterTests {
 
 		final WebFilterChain chain = mock(WebFilterChain.class);
 
-		exceptionRule.expect(AuthenticationCredentialsNotFoundException.class);
-		exceptionRule.expectMessage("No current user associated with this request");
+		this.exceptionRule.expect(AuthenticationCredentialsNotFoundException.class);
+		this.exceptionRule.expectMessage("No current user associated with this request");
 
 		// when
-		switchUserWebFilter.filter(exchange, chain).block();
+		this.switchUserWebFilter.filter(exchange, chain).block();
 		// then
 		verifyNoInteractions(chain);
 	}
@@ -355,77 +362,77 @@ public class SwitchUserWebFilterTests {
 	@Test
 	public void constructorUserDetailsServiceRequired() {
 		// given
-		exceptionRule.expect(IllegalArgumentException.class);
-		exceptionRule.expectMessage("userDetailsService must be specified");
+		this.exceptionRule.expect(IllegalArgumentException.class);
+		this.exceptionRule.expectMessage("userDetailsService must be specified");
 
 		// when
-		switchUserWebFilter = new SwitchUserWebFilter(null, mock(ServerAuthenticationSuccessHandler.class),
+		this.switchUserWebFilter = new SwitchUserWebFilter(null, mock(ServerAuthenticationSuccessHandler.class),
 				mock(ServerAuthenticationFailureHandler.class));
 	}
 
 	@Test
 	public void constructorServerAuthenticationSuccessHandlerRequired() {
 		// given
-		exceptionRule.expect(IllegalArgumentException.class);
-		exceptionRule.expectMessage("successHandler must be specified");
+		this.exceptionRule.expect(IllegalArgumentException.class);
+		this.exceptionRule.expectMessage("successHandler must be specified");
 		// when
-		switchUserWebFilter = new SwitchUserWebFilter(mock(ReactiveUserDetailsService.class), null,
+		this.switchUserWebFilter = new SwitchUserWebFilter(mock(ReactiveUserDetailsService.class), null,
 				mock(ServerAuthenticationFailureHandler.class));
 	}
 
 	@Test
 	public void constructorSuccessTargetUrlRequired() {
 		// given
-		exceptionRule.expect(IllegalArgumentException.class);
-		exceptionRule.expectMessage("successTargetUrl must be specified");
+		this.exceptionRule.expect(IllegalArgumentException.class);
+		this.exceptionRule.expectMessage("successTargetUrl must be specified");
 		// when
-		switchUserWebFilter = new SwitchUserWebFilter(mock(ReactiveUserDetailsService.class), null,
+		this.switchUserWebFilter = new SwitchUserWebFilter(mock(ReactiveUserDetailsService.class), null,
 				"failure/target/url");
 	}
 
 	@Test
 	public void constructorFirstDefaultValues() {
 		// when
-		switchUserWebFilter = new SwitchUserWebFilter(mock(ReactiveUserDetailsService.class),
+		this.switchUserWebFilter = new SwitchUserWebFilter(mock(ReactiveUserDetailsService.class),
 				mock(ServerAuthenticationSuccessHandler.class), mock(ServerAuthenticationFailureHandler.class));
 
 		// then
-		final Object securityContextRepository = ReflectionTestUtils.getField(switchUserWebFilter,
+		final Object securityContextRepository = ReflectionTestUtils.getField(this.switchUserWebFilter,
 				"securityContextRepository");
 		assertTrue(securityContextRepository instanceof WebSessionServerSecurityContextRepository);
 
-		final Object userDetailsChecker = ReflectionTestUtils.getField(switchUserWebFilter, "userDetailsChecker");
+		final Object userDetailsChecker = ReflectionTestUtils.getField(this.switchUserWebFilter, "userDetailsChecker");
 		assertTrue(userDetailsChecker instanceof AccountStatusUserDetailsChecker);
 	}
 
 	@Test
 	public void constructorSecondDefaultValues() {
 		// when
-		switchUserWebFilter = new SwitchUserWebFilter(mock(ReactiveUserDetailsService.class), "success/target/url",
+		this.switchUserWebFilter = new SwitchUserWebFilter(mock(ReactiveUserDetailsService.class), "success/target/url",
 				"failure/target/url");
 
 		// then
-		final Object successHandler = ReflectionTestUtils.getField(switchUserWebFilter, "successHandler");
+		final Object successHandler = ReflectionTestUtils.getField(this.switchUserWebFilter, "successHandler");
 		assertTrue(successHandler instanceof RedirectServerAuthenticationSuccessHandler);
 
-		final Object failureHandler = ReflectionTestUtils.getField(switchUserWebFilter, "failureHandler");
+		final Object failureHandler = ReflectionTestUtils.getField(this.switchUserWebFilter, "failureHandler");
 		assertTrue(failureHandler instanceof RedirectServerAuthenticationFailureHandler);
 
-		final Object securityContextRepository = ReflectionTestUtils.getField(switchUserWebFilter,
+		final Object securityContextRepository = ReflectionTestUtils.getField(this.switchUserWebFilter,
 				"securityContextRepository");
 		assertTrue(securityContextRepository instanceof WebSessionServerSecurityContextRepository);
 
-		final Object userDetailsChecker = ReflectionTestUtils.getField(switchUserWebFilter, "userDetailsChecker");
+		final Object userDetailsChecker = ReflectionTestUtils.getField(this.switchUserWebFilter, "userDetailsChecker");
 		assertTrue(userDetailsChecker instanceof AccountStatusUserDetailsChecker);
 	}
 
 	@Test
 	public void setSecurityContextRepositoryWhenNullThenThrowException() {
 		// given
-		exceptionRule.expect(IllegalArgumentException.class);
-		exceptionRule.expectMessage("securityContextRepository cannot be null");
+		this.exceptionRule.expect(IllegalArgumentException.class);
+		this.exceptionRule.expectMessage("securityContextRepository cannot be null");
 		// when
-		switchUserWebFilter.setSecurityContextRepository(null);
+		this.switchUserWebFilter.setSecurityContextRepository(null);
 		// then
 		fail("Test should fail with exception");
 	}
@@ -433,16 +440,16 @@ public class SwitchUserWebFilterTests {
 	@Test
 	public void setSecurityContextRepositoryWhenDefinedThenChangeDefaultValue() {
 		// given
-		final Object oldSecurityContextRepository = ReflectionTestUtils.getField(switchUserWebFilter,
+		final Object oldSecurityContextRepository = ReflectionTestUtils.getField(this.switchUserWebFilter,
 				"securityContextRepository");
-		assertSame(serverSecurityContextRepository, oldSecurityContextRepository);
+		assertSame(this.serverSecurityContextRepository, oldSecurityContextRepository);
 
 		final ServerSecurityContextRepository newSecurityContextRepository = mock(
 				ServerSecurityContextRepository.class);
 		// when
-		switchUserWebFilter.setSecurityContextRepository(newSecurityContextRepository);
+		this.switchUserWebFilter.setSecurityContextRepository(newSecurityContextRepository);
 		// then
-		final Object currentSecurityContextRepository = ReflectionTestUtils.getField(switchUserWebFilter,
+		final Object currentSecurityContextRepository = ReflectionTestUtils.getField(this.switchUserWebFilter,
 				"securityContextRepository");
 		assertSame(newSecurityContextRepository, currentSecurityContextRepository);
 	}
@@ -450,10 +457,10 @@ public class SwitchUserWebFilterTests {
 	@Test
 	public void setExitUserUrlWhenNullThenThrowException() {
 		// given
-		exceptionRule.expect(IllegalArgumentException.class);
-		exceptionRule.expectMessage("exitUserUrl cannot be empty and must be a valid redirect URL");
+		this.exceptionRule.expect(IllegalArgumentException.class);
+		this.exceptionRule.expectMessage("exitUserUrl cannot be empty and must be a valid redirect URL");
 		// when
-		switchUserWebFilter.setExitUserUrl(null);
+		this.switchUserWebFilter.setExitUserUrl(null);
 		// then
 		fail("Test should fail with exception");
 	}
@@ -461,10 +468,10 @@ public class SwitchUserWebFilterTests {
 	@Test
 	public void setExitUserUrlWhenInvalidUrlThenThrowException() {
 		// given
-		exceptionRule.expect(IllegalArgumentException.class);
-		exceptionRule.expectMessage("exitUserUrl cannot be empty and must be a valid redirect URL");
+		this.exceptionRule.expect(IllegalArgumentException.class);
+		this.exceptionRule.expectMessage("exitUserUrl cannot be empty and must be a valid redirect URL");
 		// when
-		switchUserWebFilter.setExitUserUrl("wrongUrl");
+		this.switchUserWebFilter.setExitUserUrl("wrongUrl");
 		// then
 		fail("Test should fail with exception");
 	}
@@ -476,18 +483,18 @@ public class SwitchUserWebFilterTests {
 				.from(MockServerHttpRequest.post("/logout/impersonate"));
 
 		final ServerWebExchangeMatcher oldExitUserMatcher = (ServerWebExchangeMatcher) ReflectionTestUtils
-				.getField(switchUserWebFilter, "exitUserMatcher");
+				.getField(this.switchUserWebFilter, "exitUserMatcher");
 
 		assertThat(oldExitUserMatcher.matches(exchange).block().isMatch()).isTrue();
 
 		// when
-		switchUserWebFilter.setExitUserUrl("/exit-url");
+		this.switchUserWebFilter.setExitUserUrl("/exit-url");
 
 		// then
 		final MockServerWebExchange newExchange = MockServerWebExchange.from(MockServerHttpRequest.post("/exit-url"));
 
 		final ServerWebExchangeMatcher newExitUserMatcher = (ServerWebExchangeMatcher) ReflectionTestUtils
-				.getField(switchUserWebFilter, "exitUserMatcher");
+				.getField(this.switchUserWebFilter, "exitUserMatcher");
 
 		assertThat(newExitUserMatcher.matches(newExchange).block().isMatch()).isTrue();
 	}
@@ -495,10 +502,10 @@ public class SwitchUserWebFilterTests {
 	@Test
 	public void setExitUserMatcherWhenNullThenThrowException() {
 		// given
-		exceptionRule.expect(IllegalArgumentException.class);
-		exceptionRule.expectMessage("exitUserMatcher cannot be null");
+		this.exceptionRule.expect(IllegalArgumentException.class);
+		this.exceptionRule.expectMessage("exitUserMatcher cannot be null");
 		// when
-		switchUserWebFilter.setExitUserMatcher(null);
+		this.switchUserWebFilter.setExitUserMatcher(null);
 		// then
 		fail("Test should fail with exception");
 	}
@@ -510,7 +517,7 @@ public class SwitchUserWebFilterTests {
 				.from(MockServerHttpRequest.post("/logout/impersonate"));
 
 		final ServerWebExchangeMatcher oldExitUserMatcher = (ServerWebExchangeMatcher) ReflectionTestUtils
-				.getField(switchUserWebFilter, "exitUserMatcher");
+				.getField(this.switchUserWebFilter, "exitUserMatcher");
 
 		assertThat(oldExitUserMatcher.matches(exchange).block().isMatch()).isTrue();
 
@@ -518,12 +525,12 @@ public class SwitchUserWebFilterTests {
 				"/exit-url");
 
 		// when
-		switchUserWebFilter.setExitUserMatcher(newExitUserMatcher);
+		this.switchUserWebFilter.setExitUserMatcher(newExitUserMatcher);
 
 		// then
 
 		final ServerWebExchangeMatcher currentExitUserMatcher = (ServerWebExchangeMatcher) ReflectionTestUtils
-				.getField(switchUserWebFilter, "exitUserMatcher");
+				.getField(this.switchUserWebFilter, "exitUserMatcher");
 
 		assertSame(newExitUserMatcher, currentExitUserMatcher);
 	}
@@ -531,10 +538,10 @@ public class SwitchUserWebFilterTests {
 	@Test
 	public void setSwitchUserUrlWhenNullThenThrowException() {
 		// given
-		exceptionRule.expect(IllegalArgumentException.class);
-		exceptionRule.expectMessage("switchUserUrl cannot be empty and must be a valid redirect URL");
+		this.exceptionRule.expect(IllegalArgumentException.class);
+		this.exceptionRule.expectMessage("switchUserUrl cannot be empty and must be a valid redirect URL");
 		// when
-		switchUserWebFilter.setSwitchUserUrl(null);
+		this.switchUserWebFilter.setSwitchUserUrl(null);
 		// then
 		fail("Test should fail with exception");
 	}
@@ -542,10 +549,10 @@ public class SwitchUserWebFilterTests {
 	@Test
 	public void setSwitchUserUrlWhenInvalidThenThrowException() {
 		// given
-		exceptionRule.expect(IllegalArgumentException.class);
-		exceptionRule.expectMessage("switchUserUrl cannot be empty and must be a valid redirect URL");
+		this.exceptionRule.expect(IllegalArgumentException.class);
+		this.exceptionRule.expectMessage("switchUserUrl cannot be empty and must be a valid redirect URL");
 		// when
-		switchUserWebFilter.setSwitchUserUrl("wrongUrl");
+		this.switchUserWebFilter.setSwitchUserUrl("wrongUrl");
 		// then
 		fail("Test should fail with exception");
 	}
@@ -557,18 +564,18 @@ public class SwitchUserWebFilterTests {
 				.from(MockServerHttpRequest.post("/login/impersonate"));
 
 		final ServerWebExchangeMatcher oldSwitchUserMatcher = (ServerWebExchangeMatcher) ReflectionTestUtils
-				.getField(switchUserWebFilter, "switchUserMatcher");
+				.getField(this.switchUserWebFilter, "switchUserMatcher");
 
 		assertThat(oldSwitchUserMatcher.matches(exchange).block().isMatch()).isTrue();
 
 		// when
-		switchUserWebFilter.setSwitchUserUrl("/switch-url");
+		this.switchUserWebFilter.setSwitchUserUrl("/switch-url");
 
 		// then
 		final MockServerWebExchange newExchange = MockServerWebExchange.from(MockServerHttpRequest.post("/switch-url"));
 
 		final ServerWebExchangeMatcher newSwitchUserMatcher = (ServerWebExchangeMatcher) ReflectionTestUtils
-				.getField(switchUserWebFilter, "switchUserMatcher");
+				.getField(this.switchUserWebFilter, "switchUserMatcher");
 
 		assertThat(newSwitchUserMatcher.matches(newExchange).block().isMatch()).isTrue();
 	}
@@ -576,10 +583,10 @@ public class SwitchUserWebFilterTests {
 	@Test
 	public void setSwitchUserMatcherWhenNullThenThrowException() {
 		// given
-		exceptionRule.expect(IllegalArgumentException.class);
-		exceptionRule.expectMessage("switchUserMatcher cannot be null");
+		this.exceptionRule.expect(IllegalArgumentException.class);
+		this.exceptionRule.expectMessage("switchUserMatcher cannot be null");
 		// when
-		switchUserWebFilter.setSwitchUserMatcher(null);
+		this.switchUserWebFilter.setSwitchUserMatcher(null);
 		// then
 		fail("Test should fail with exception");
 	}
@@ -591,7 +598,7 @@ public class SwitchUserWebFilterTests {
 				.from(MockServerHttpRequest.post("/login/impersonate"));
 
 		final ServerWebExchangeMatcher oldSwitchUserMatcher = (ServerWebExchangeMatcher) ReflectionTestUtils
-				.getField(switchUserWebFilter, "switchUserMatcher");
+				.getField(this.switchUserWebFilter, "switchUserMatcher");
 
 		assertThat(oldSwitchUserMatcher.matches(exchange).block().isMatch()).isTrue();
 
@@ -599,12 +606,12 @@ public class SwitchUserWebFilterTests {
 				"/switch-url");
 
 		// when
-		switchUserWebFilter.setSwitchUserMatcher(newSwitchUserMatcher);
+		this.switchUserWebFilter.setSwitchUserMatcher(newSwitchUserMatcher);
 
 		// then
 
 		final ServerWebExchangeMatcher currentExitUserMatcher = (ServerWebExchangeMatcher) ReflectionTestUtils
-				.getField(switchUserWebFilter, "switchUserMatcher");
+				.getField(this.switchUserWebFilter, "switchUserMatcher");
 
 		assertSame(newSwitchUserMatcher, currentExitUserMatcher);
 	}
diff --git a/web/src/test/java/org/springframework/security/web/server/authorization/DelegatingReactiveAuthorizationManagerTests.java b/web/src/test/java/org/springframework/security/web/server/authorization/DelegatingReactiveAuthorizationManagerTests.java
index b251073861..fd51b46a10 100644
--- a/web/src/test/java/org/springframework/security/web/server/authorization/DelegatingReactiveAuthorizationManagerTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authorization/DelegatingReactiveAuthorizationManagerTests.java
@@ -68,30 +68,32 @@ public class DelegatingReactiveAuthorizationManagerTests {
 
 	@Before
 	public void setup() {
-		manager = DelegatingReactiveAuthorizationManager.builder()
-				.add(new ServerWebExchangeMatcherEntry<>(match1, delegate1))
-				.add(new ServerWebExchangeMatcherEntry<>(match2, delegate2)).build();
+		this.manager = DelegatingReactiveAuthorizationManager.builder()
+				.add(new ServerWebExchangeMatcherEntry<>(this.match1, this.delegate1))
+				.add(new ServerWebExchangeMatcherEntry<>(this.match2, this.delegate2)).build();
 	}
 
 	@Test
 	public void checkWhenFirstMatchesThenNoMoreMatchersAndNoMoreDelegatesInvoked() {
-		when(match1.matches(any())).thenReturn(ServerWebExchangeMatcher.MatchResult.match());
-		when(delegate1.check(eq(authentication), any(AuthorizationContext.class))).thenReturn(Mono.just(decision));
+		when(this.match1.matches(any())).thenReturn(ServerWebExchangeMatcher.MatchResult.match());
+		when(this.delegate1.check(eq(this.authentication), any(AuthorizationContext.class)))
+				.thenReturn(Mono.just(this.decision));
 
-		assertThat(manager.check(authentication, exchange).block()).isEqualTo(decision);
+		assertThat(this.manager.check(this.authentication, this.exchange).block()).isEqualTo(this.decision);
 
-		verifyZeroInteractions(match2, delegate2);
+		verifyZeroInteractions(this.match2, this.delegate2);
 	}
 
 	@Test
 	public void checkWhenSecondMatchesThenNoMoreMatchersAndNoMoreDelegatesInvoked() {
-		when(match1.matches(any())).thenReturn(ServerWebExchangeMatcher.MatchResult.notMatch());
-		when(match2.matches(any())).thenReturn(ServerWebExchangeMatcher.MatchResult.match());
-		when(delegate2.check(eq(authentication), any(AuthorizationContext.class))).thenReturn(Mono.just(decision));
+		when(this.match1.matches(any())).thenReturn(ServerWebExchangeMatcher.MatchResult.notMatch());
+		when(this.match2.matches(any())).thenReturn(ServerWebExchangeMatcher.MatchResult.match());
+		when(this.delegate2.check(eq(this.authentication), any(AuthorizationContext.class)))
+				.thenReturn(Mono.just(this.decision));
 
-		assertThat(manager.check(authentication, exchange).block()).isEqualTo(decision);
+		assertThat(this.manager.check(this.authentication, this.exchange).block()).isEqualTo(this.decision);
 
-		verifyZeroInteractions(delegate1);
+		verifyZeroInteractions(this.delegate1);
 	}
 
 }
diff --git a/web/src/test/java/org/springframework/security/web/server/context/SecurityContextServerWebExchangeWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/context/SecurityContextServerWebExchangeWebFilterTests.java
index ec72ed3591..c81b62f70c 100644
--- a/web/src/test/java/org/springframework/security/web/server/context/SecurityContextServerWebExchangeWebFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/context/SecurityContextServerWebExchangeWebFilterTests.java
@@ -46,7 +46,7 @@ public class SecurityContextServerWebExchangeWebFilterTests {
 	public void filterWhenExistingContextAndPrincipalNotNullThenContextPopulated() {
 		Mono<Void> result = this.filter
 				.filter(this.exchange, new DefaultWebFilterChain(e -> e.getPrincipal()
-						.doOnSuccess(contextPrincipal -> assertThat(contextPrincipal).isEqualTo(principal))
+						.doOnSuccess(contextPrincipal -> assertThat(contextPrincipal).isEqualTo(this.principal))
 						.flatMap(contextPrincipal -> Mono.subscriberContext())
 						.doOnSuccess(context -> assertThat(context.<String>get("foo")).isEqualTo("bar")).then()))
 				.subscriberContext(context -> context.put("foo", "bar"))
diff --git a/web/src/test/java/org/springframework/security/web/server/header/CacheControlServerHttpHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/server/header/CacheControlServerHttpHeadersWriterTests.java
index e19fcf4a43..2d32dca7f4 100644
--- a/web/src/test/java/org/springframework/security/web/server/header/CacheControlServerHttpHeadersWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/header/CacheControlServerHttpHeadersWriterTests.java
@@ -36,60 +36,61 @@ public class CacheControlServerHttpHeadersWriterTests {
 
 	ServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/").build());
 
-	HttpHeaders headers = exchange.getResponse().getHeaders();
+	HttpHeaders headers = this.exchange.getResponse().getHeaders();
 
 	@Test
 	public void writeHeadersWhenCacheHeadersThenWritesAllCacheControl() {
-		writer.writeHttpHeaders(exchange);
+		this.writer.writeHttpHeaders(this.exchange);
 
-		assertThat(headers).hasSize(3);
-		assertThat(headers.get(HttpHeaders.CACHE_CONTROL))
+		assertThat(this.headers).hasSize(3);
+		assertThat(this.headers.get(HttpHeaders.CACHE_CONTROL))
 				.containsOnly(CacheControlServerHttpHeadersWriter.CACHE_CONTRTOL_VALUE);
-		assertThat(headers.get(HttpHeaders.EXPIRES)).containsOnly(CacheControlServerHttpHeadersWriter.EXPIRES_VALUE);
-		assertThat(headers.get(HttpHeaders.PRAGMA)).containsOnly(CacheControlServerHttpHeadersWriter.PRAGMA_VALUE);
+		assertThat(this.headers.get(HttpHeaders.EXPIRES))
+				.containsOnly(CacheControlServerHttpHeadersWriter.EXPIRES_VALUE);
+		assertThat(this.headers.get(HttpHeaders.PRAGMA)).containsOnly(CacheControlServerHttpHeadersWriter.PRAGMA_VALUE);
 	}
 
 	@Test
 	public void writeHeadersWhenCacheControlThenNoCacheControlHeaders() {
 		String cacheControl = "max-age=1234";
 
-		headers.set(HttpHeaders.CACHE_CONTROL, cacheControl);
+		this.headers.set(HttpHeaders.CACHE_CONTROL, cacheControl);
 
-		writer.writeHttpHeaders(exchange);
+		this.writer.writeHttpHeaders(this.exchange);
 
-		assertThat(headers.get(HttpHeaders.CACHE_CONTROL)).containsOnly(cacheControl);
+		assertThat(this.headers.get(HttpHeaders.CACHE_CONTROL)).containsOnly(cacheControl);
 	}
 
 	@Test
 	public void writeHeadersWhenPragmaThenNoCacheControlHeaders() {
 		String pragma = "1";
-		headers.set(HttpHeaders.PRAGMA, pragma);
+		this.headers.set(HttpHeaders.PRAGMA, pragma);
 
-		writer.writeHttpHeaders(exchange);
+		this.writer.writeHttpHeaders(this.exchange);
 
-		assertThat(headers).hasSize(1);
-		assertThat(headers.get(HttpHeaders.PRAGMA)).containsOnly(pragma);
+		assertThat(this.headers).hasSize(1);
+		assertThat(this.headers.get(HttpHeaders.PRAGMA)).containsOnly(pragma);
 	}
 
 	@Test
 	public void writeHeadersWhenExpiresThenNoCacheControlHeaders() {
 		String expires = "1";
-		headers.set(HttpHeaders.EXPIRES, expires);
+		this.headers.set(HttpHeaders.EXPIRES, expires);
 
-		writer.writeHttpHeaders(exchange);
+		this.writer.writeHttpHeaders(this.exchange);
 
-		assertThat(headers).hasSize(1);
-		assertThat(headers.get(HttpHeaders.EXPIRES)).containsOnly(expires);
+		assertThat(this.headers).hasSize(1);
+		assertThat(this.headers.get(HttpHeaders.EXPIRES)).containsOnly(expires);
 	}
 
 	@Test
 	// gh-5534
 	public void writeHeadersWhenNotModifiedThenNoCacheControlHeaders() {
-		exchange.getResponse().setStatusCode(HttpStatus.NOT_MODIFIED);
+		this.exchange.getResponse().setStatusCode(HttpStatus.NOT_MODIFIED);
 
-		writer.writeHttpHeaders(exchange);
+		this.writer.writeHttpHeaders(this.exchange);
 
-		assertThat(headers).isEmpty();
+		assertThat(this.headers).isEmpty();
 	}
 
 }
diff --git a/web/src/test/java/org/springframework/security/web/server/header/ClearSiteDataServerHttpHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/server/header/ClearSiteDataServerHttpHeadersWriterTests.java
index 9dbadbdd71..faa8b87451 100644
--- a/web/src/test/java/org/springframework/security/web/server/header/ClearSiteDataServerHttpHeadersWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/header/ClearSiteDataServerHttpHeadersWriterTests.java
@@ -107,7 +107,7 @@ public class ClearSiteDataServerHttpHeadersWriterTests {
 		}
 
 		List<String> getHeader() {
-			return actual.getHeaders().get(ClearSiteDataServerHttpHeadersWriter.CLEAR_SITE_DATA_HEADER);
+			return this.actual.getHeaders().get(ClearSiteDataServerHttpHeadersWriter.CLEAR_SITE_DATA_HEADER);
 		}
 
 	}
diff --git a/web/src/test/java/org/springframework/security/web/server/header/CompositeServerHttpHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/server/header/CompositeServerHttpHeadersWriterTests.java
index eecedea166..2c442bde7a 100644
--- a/web/src/test/java/org/springframework/security/web/server/header/CompositeServerHttpHeadersWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/header/CompositeServerHttpHeadersWriterTests.java
@@ -56,42 +56,42 @@ public class CompositeServerHttpHeadersWriterTests {
 
 	@Before
 	public void setup() {
-		writer = new CompositeServerHttpHeadersWriter(Arrays.asList(writer1, writer2));
+		this.writer = new CompositeServerHttpHeadersWriter(Arrays.asList(this.writer1, this.writer2));
 	}
 
 	@Test
 	public void writeHttpHeadersWhenErrorNoErrorThenError() {
-		when(writer1.writeHttpHeaders(exchange)).thenReturn(Mono.error(new RuntimeException()));
+		when(this.writer1.writeHttpHeaders(this.exchange)).thenReturn(Mono.error(new RuntimeException()));
 
-		Mono<Void> result = writer.writeHttpHeaders(exchange);
+		Mono<Void> result = this.writer.writeHttpHeaders(this.exchange);
 
 		StepVerifier.create(result).expectError().verify();
 
-		verify(writer1).writeHttpHeaders(exchange);
+		verify(this.writer1).writeHttpHeaders(this.exchange);
 	}
 
 	@Test
 	public void writeHttpHeadersWhenErrorErrorThenError() {
-		when(writer1.writeHttpHeaders(exchange)).thenReturn(Mono.error(new RuntimeException()));
+		when(this.writer1.writeHttpHeaders(this.exchange)).thenReturn(Mono.error(new RuntimeException()));
 
-		Mono<Void> result = writer.writeHttpHeaders(exchange);
+		Mono<Void> result = this.writer.writeHttpHeaders(this.exchange);
 
 		StepVerifier.create(result).expectError().verify();
 
-		verify(writer1).writeHttpHeaders(exchange);
+		verify(this.writer1).writeHttpHeaders(this.exchange);
 	}
 
 	@Test
 	public void writeHttpHeadersWhenNoErrorThenNoError() {
-		when(writer1.writeHttpHeaders(exchange)).thenReturn(Mono.empty());
-		when(writer2.writeHttpHeaders(exchange)).thenReturn(Mono.empty());
+		when(this.writer1.writeHttpHeaders(this.exchange)).thenReturn(Mono.empty());
+		when(this.writer2.writeHttpHeaders(this.exchange)).thenReturn(Mono.empty());
 
-		Mono<Void> result = writer.writeHttpHeaders(exchange);
+		Mono<Void> result = this.writer.writeHttpHeaders(this.exchange);
 
 		StepVerifier.create(result).expectComplete().verify();
 
-		verify(writer1).writeHttpHeaders(exchange);
-		verify(writer2).writeHttpHeaders(exchange);
+		verify(this.writer1).writeHttpHeaders(this.exchange);
+		verify(this.writer2).writeHttpHeaders(this.exchange);
 	}
 
 	@Test
diff --git a/web/src/test/java/org/springframework/security/web/server/header/HttpHeaderWriterWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/header/HttpHeaderWriterWebFilterTests.java
index 3a0c499179..576dc5c349 100644
--- a/web/src/test/java/org/springframework/security/web/server/header/HttpHeaderWriterWebFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/header/HttpHeaderWriterWebFilterTests.java
@@ -47,30 +47,30 @@ public class HttpHeaderWriterWebFilterTests {
 
 	@Before
 	public void setup() {
-		when(writer.writeHttpHeaders(any())).thenReturn(Mono.empty());
-		filter = new HttpHeaderWriterWebFilter(writer);
+		when(this.writer.writeHttpHeaders(any())).thenReturn(Mono.empty());
+		this.filter = new HttpHeaderWriterWebFilter(this.writer);
 	}
 
 	@Test
 	public void filterWhenCompleteThenWritten() {
-		WebTestClient rest = WebTestClientBuilder.bindToWebFilters(filter).build();
+		WebTestClient rest = WebTestClientBuilder.bindToWebFilters(this.filter).build();
 
 		rest.get().uri("/foo").exchange();
 
-		verify(writer).writeHttpHeaders(any());
+		verify(this.writer).writeHttpHeaders(any());
 	}
 
 	@Test
 	public void filterWhenNotCompleteThenNotWritten() {
-		WebTestHandler handler = WebTestHandler.bindToWebFilters(filter);
+		WebTestHandler handler = WebTestHandler.bindToWebFilters(this.filter);
 
 		WebHandlerResult result = handler.exchange(MockServerHttpRequest.get("/foo"));
 
-		verify(writer, never()).writeHttpHeaders(any());
+		verify(this.writer, never()).writeHttpHeaders(any());
 
 		result.getExchange().getResponse().setComplete().block();
 
-		verify(writer).writeHttpHeaders(any());
+		verify(this.writer).writeHttpHeaders(any());
 	}
 
 }
diff --git a/web/src/test/java/org/springframework/security/web/server/header/StaticServerHttpHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/server/header/StaticServerHttpHeadersWriterTests.java
index ea763b9d3d..f2f850fbf4 100644
--- a/web/src/test/java/org/springframework/security/web/server/header/StaticServerHttpHeadersWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/header/StaticServerHttpHeadersWriterTests.java
@@ -37,55 +37,57 @@ public class StaticServerHttpHeadersWriterTests {
 
 	ServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/").build());
 
-	HttpHeaders headers = exchange.getResponse().getHeaders();
+	HttpHeaders headers = this.exchange.getResponse().getHeaders();
 
 	@Test
 	public void writeHeadersWhenSingleHeaderThenWritesHeader() {
-		writer.writeHttpHeaders(exchange);
+		this.writer.writeHttpHeaders(this.exchange);
 
-		assertThat(headers.get(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS))
+		assertThat(this.headers.get(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS))
 				.containsOnly(ContentTypeOptionsServerHttpHeadersWriter.NOSNIFF);
 	}
 
 	@Test
 	public void writeHeadersWhenSingleHeaderAndHeaderWrittenThenSuccess() {
 		String headerValue = "other";
-		headers.set(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS, headerValue);
+		this.headers.set(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS, headerValue);
 
-		writer.writeHttpHeaders(exchange);
+		this.writer.writeHttpHeaders(this.exchange);
 
-		assertThat(headers.get(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS)).containsOnly(headerValue);
+		assertThat(this.headers.get(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS))
+				.containsOnly(headerValue);
 	}
 
 	@Test
 	public void writeHeadersWhenMultiHeaderThenWritesAllHeaders() {
-		writer = StaticServerHttpHeadersWriter.builder()
+		this.writer = StaticServerHttpHeadersWriter.builder()
 				.header(HttpHeaders.CACHE_CONTROL, CacheControlServerHttpHeadersWriter.CACHE_CONTRTOL_VALUE)
 				.header(HttpHeaders.PRAGMA, CacheControlServerHttpHeadersWriter.PRAGMA_VALUE)
 				.header(HttpHeaders.EXPIRES, CacheControlServerHttpHeadersWriter.EXPIRES_VALUE).build();
 
-		writer.writeHttpHeaders(exchange);
+		this.writer.writeHttpHeaders(this.exchange);
 
-		assertThat(headers.get(HttpHeaders.CACHE_CONTROL))
+		assertThat(this.headers.get(HttpHeaders.CACHE_CONTROL))
 				.containsOnly(CacheControlServerHttpHeadersWriter.CACHE_CONTRTOL_VALUE);
-		assertThat(headers.get(HttpHeaders.PRAGMA)).containsOnly(CacheControlServerHttpHeadersWriter.PRAGMA_VALUE);
-		assertThat(headers.get(HttpHeaders.EXPIRES)).containsOnly(CacheControlServerHttpHeadersWriter.EXPIRES_VALUE);
+		assertThat(this.headers.get(HttpHeaders.PRAGMA)).containsOnly(CacheControlServerHttpHeadersWriter.PRAGMA_VALUE);
+		assertThat(this.headers.get(HttpHeaders.EXPIRES))
+				.containsOnly(CacheControlServerHttpHeadersWriter.EXPIRES_VALUE);
 	}
 
 	@Test
 	public void writeHeadersWhenMultiHeaderAndSingleWrittenThenNoHeadersOverridden() {
 		String headerValue = "other";
-		headers.set(HttpHeaders.CACHE_CONTROL, headerValue);
+		this.headers.set(HttpHeaders.CACHE_CONTROL, headerValue);
 
-		writer = StaticServerHttpHeadersWriter.builder()
+		this.writer = StaticServerHttpHeadersWriter.builder()
 				.header(HttpHeaders.CACHE_CONTROL, CacheControlServerHttpHeadersWriter.CACHE_CONTRTOL_VALUE)
 				.header(HttpHeaders.PRAGMA, CacheControlServerHttpHeadersWriter.PRAGMA_VALUE)
 				.header(HttpHeaders.EXPIRES, CacheControlServerHttpHeadersWriter.EXPIRES_VALUE).build();
 
-		writer.writeHttpHeaders(exchange);
+		this.writer.writeHttpHeaders(this.exchange);
 
-		assertThat(headers).hasSize(1);
-		assertThat(headers.get(HttpHeaders.CACHE_CONTROL)).containsOnly(headerValue);
+		assertThat(this.headers).hasSize(1);
+		assertThat(this.headers.get(HttpHeaders.CACHE_CONTROL)).containsOnly(headerValue);
 	}
 
 }
diff --git a/web/src/test/java/org/springframework/security/web/server/header/StrictTransportSecurityServerHttpHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/server/header/StrictTransportSecurityServerHttpHeadersWriterTests.java
index afab695569..16f6520443 100644
--- a/web/src/test/java/org/springframework/security/web/server/header/StrictTransportSecurityServerHttpHeadersWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/header/StrictTransportSecurityServerHttpHeadersWriterTests.java
@@ -39,11 +39,11 @@ public class StrictTransportSecurityServerHttpHeadersWriterTests {
 
 	@Test
 	public void writeHttpHeadersWhenHttpsThenWrites() {
-		exchange = exchange(MockServerHttpRequest.get("https://example.com/"));
+		this.exchange = exchange(MockServerHttpRequest.get("https://example.com/"));
 
-		hsts.writeHttpHeaders(exchange);
+		this.hsts.writeHttpHeaders(this.exchange);
 
-		HttpHeaders headers = exchange.getResponse().getHeaders();
+		HttpHeaders headers = this.exchange.getResponse().getHeaders();
 		assertThat(headers).hasSize(1);
 		assertThat(headers).containsEntry(StrictTransportSecurityServerHttpHeadersWriter.STRICT_TRANSPORT_SECURITY,
 				Arrays.asList("max-age=31536000 ; includeSubDomains"));
@@ -52,12 +52,12 @@ public class StrictTransportSecurityServerHttpHeadersWriterTests {
 	@Test
 	public void writeHttpHeadersWhenCustomMaxAgeThenWrites() {
 		Duration maxAge = Duration.ofDays(1);
-		hsts.setMaxAge(maxAge);
-		exchange = exchange(MockServerHttpRequest.get("https://example.com/"));
+		this.hsts.setMaxAge(maxAge);
+		this.exchange = exchange(MockServerHttpRequest.get("https://example.com/"));
 
-		hsts.writeHttpHeaders(exchange);
+		this.hsts.writeHttpHeaders(this.exchange);
 
-		HttpHeaders headers = exchange.getResponse().getHeaders();
+		HttpHeaders headers = this.exchange.getResponse().getHeaders();
 		assertThat(headers).hasSize(1);
 		assertThat(headers).containsEntry(StrictTransportSecurityServerHttpHeadersWriter.STRICT_TRANSPORT_SECURITY,
 				Arrays.asList("max-age=" + maxAge.getSeconds() + " ; includeSubDomains"));
@@ -65,12 +65,12 @@ public class StrictTransportSecurityServerHttpHeadersWriterTests {
 
 	@Test
 	public void writeHttpHeadersWhenCustomIncludeSubDomainsThenWrites() {
-		hsts.setIncludeSubDomains(false);
-		exchange = exchange(MockServerHttpRequest.get("https://example.com/"));
+		this.hsts.setIncludeSubDomains(false);
+		this.exchange = exchange(MockServerHttpRequest.get("https://example.com/"));
 
-		hsts.writeHttpHeaders(exchange);
+		this.hsts.writeHttpHeaders(this.exchange);
 
-		HttpHeaders headers = exchange.getResponse().getHeaders();
+		HttpHeaders headers = this.exchange.getResponse().getHeaders();
 		assertThat(headers).hasSize(1);
 		assertThat(headers).containsEntry(StrictTransportSecurityServerHttpHeadersWriter.STRICT_TRANSPORT_SECURITY,
 				Arrays.asList("max-age=31536000"));
@@ -78,21 +78,21 @@ public class StrictTransportSecurityServerHttpHeadersWriterTests {
 
 	@Test
 	public void writeHttpHeadersWhenNullSchemeThenNoHeaders() {
-		exchange = exchange(MockServerHttpRequest.get("/"));
+		this.exchange = exchange(MockServerHttpRequest.get("/"));
 
-		hsts.writeHttpHeaders(exchange);
+		this.hsts.writeHttpHeaders(this.exchange);
 
-		HttpHeaders headers = exchange.getResponse().getHeaders();
+		HttpHeaders headers = this.exchange.getResponse().getHeaders();
 		assertThat(headers).isEmpty();
 	}
 
 	@Test
 	public void writeHttpHeadersWhenHttpThenNoHeaders() {
-		exchange = exchange(MockServerHttpRequest.get("http://localhost/"));
+		this.exchange = exchange(MockServerHttpRequest.get("http://localhost/"));
 
-		hsts.writeHttpHeaders(exchange);
+		this.hsts.writeHttpHeaders(this.exchange);
 
-		HttpHeaders headers = exchange.getResponse().getHeaders();
+		HttpHeaders headers = this.exchange.getResponse().getHeaders();
 		assertThat(headers).isEmpty();
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/server/header/XContentTypeOptionsServerHttpHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/server/header/XContentTypeOptionsServerHttpHeadersWriterTests.java
index 4ad324becf..099ebfac57 100644
--- a/web/src/test/java/org/springframework/security/web/server/header/XContentTypeOptionsServerHttpHeadersWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/header/XContentTypeOptionsServerHttpHeadersWriterTests.java
@@ -34,26 +34,27 @@ public class XContentTypeOptionsServerHttpHeadersWriterTests {
 
 	ServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/").build());
 
-	HttpHeaders headers = exchange.getResponse().getHeaders();
+	HttpHeaders headers = this.exchange.getResponse().getHeaders();
 
 	@Test
 	public void writeHeadersWhenNoHeadersThenWriteHeaders() {
-		writer.writeHttpHeaders(exchange);
+		this.writer.writeHttpHeaders(this.exchange);
 
-		assertThat(headers).hasSize(1);
-		assertThat(headers.get(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS))
+		assertThat(this.headers).hasSize(1);
+		assertThat(this.headers.get(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS))
 				.containsOnly(ContentTypeOptionsServerHttpHeadersWriter.NOSNIFF);
 	}
 
 	@Test
 	public void writeHeadersWhenHeaderWrittenThenDoesNotOverrride() {
 		String headerValue = "value";
-		headers.set(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS, headerValue);
+		this.headers.set(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS, headerValue);
 
-		writer.writeHttpHeaders(exchange);
+		this.writer.writeHttpHeaders(this.exchange);
 
-		assertThat(headers).hasSize(1);
-		assertThat(headers.get(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS)).containsOnly(headerValue);
+		assertThat(this.headers).hasSize(1);
+		assertThat(this.headers.get(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS))
+				.containsOnly(headerValue);
 	}
 
 }
diff --git a/web/src/test/java/org/springframework/security/web/server/header/XFrameOptionsServerHttpHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/server/header/XFrameOptionsServerHttpHeadersWriterTests.java
index 6df82302a2..cef79b2993 100644
--- a/web/src/test/java/org/springframework/security/web/server/header/XFrameOptionsServerHttpHeadersWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/header/XFrameOptionsServerHttpHeadersWriterTests.java
@@ -37,36 +37,36 @@ public class XFrameOptionsServerHttpHeadersWriterTests {
 
 	@Before
 	public void setup() {
-		writer = new XFrameOptionsServerHttpHeadersWriter();
+		this.writer = new XFrameOptionsServerHttpHeadersWriter();
 	}
 
 	@Test
 	public void writeHeadersWhenUsingDefaultsThenWritesDeny() {
-		writer.writeHttpHeaders(exchange);
+		this.writer.writeHttpHeaders(this.exchange);
 
-		HttpHeaders headers = exchange.getResponse().getHeaders();
+		HttpHeaders headers = this.exchange.getResponse().getHeaders();
 		assertThat(headers).hasSize(1);
 		assertThat(headers.get(XFrameOptionsServerHttpHeadersWriter.X_FRAME_OPTIONS)).containsOnly("DENY");
 	}
 
 	@Test
 	public void writeHeadersWhenUsingExplicitDenyThenWritesDeny() {
-		writer.setMode(XFrameOptionsServerHttpHeadersWriter.Mode.DENY);
+		this.writer.setMode(XFrameOptionsServerHttpHeadersWriter.Mode.DENY);
 
-		writer.writeHttpHeaders(exchange);
+		this.writer.writeHttpHeaders(this.exchange);
 
-		HttpHeaders headers = exchange.getResponse().getHeaders();
+		HttpHeaders headers = this.exchange.getResponse().getHeaders();
 		assertThat(headers).hasSize(1);
 		assertThat(headers.get(XFrameOptionsServerHttpHeadersWriter.X_FRAME_OPTIONS)).containsOnly("DENY");
 	}
 
 	@Test
 	public void writeHeadersWhenUsingSameOriginThenWritesSameOrigin() {
-		writer.setMode(XFrameOptionsServerHttpHeadersWriter.Mode.SAMEORIGIN);
+		this.writer.setMode(XFrameOptionsServerHttpHeadersWriter.Mode.SAMEORIGIN);
 
-		writer.writeHttpHeaders(exchange);
+		this.writer.writeHttpHeaders(this.exchange);
 
-		HttpHeaders headers = exchange.getResponse().getHeaders();
+		HttpHeaders headers = this.exchange.getResponse().getHeaders();
 		assertThat(headers).hasSize(1);
 		assertThat(headers.get(XFrameOptionsServerHttpHeadersWriter.X_FRAME_OPTIONS)).containsOnly("SAMEORIGIN");
 	}
@@ -74,11 +74,11 @@ public class XFrameOptionsServerHttpHeadersWriterTests {
 	@Test
 	public void writeHeadersWhenAlreadyWrittenThenWritesHeader() {
 		String headerValue = "other";
-		exchange.getResponse().getHeaders().set(XFrameOptionsServerHttpHeadersWriter.X_FRAME_OPTIONS, headerValue);
+		this.exchange.getResponse().getHeaders().set(XFrameOptionsServerHttpHeadersWriter.X_FRAME_OPTIONS, headerValue);
 
-		writer.writeHttpHeaders(exchange);
+		this.writer.writeHttpHeaders(this.exchange);
 
-		HttpHeaders headers = exchange.getResponse().getHeaders();
+		HttpHeaders headers = this.exchange.getResponse().getHeaders();
 		assertThat(headers).hasSize(1);
 		assertThat(headers.get(XFrameOptionsServerHttpHeadersWriter.X_FRAME_OPTIONS)).containsOnly(headerValue);
 	}
diff --git a/web/src/test/java/org/springframework/security/web/server/header/XXssProtectionServerHttpHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/server/header/XXssProtectionServerHttpHeadersWriterTests.java
index 3ed9201e4b..e735f1b233 100644
--- a/web/src/test/java/org/springframework/security/web/server/header/XXssProtectionServerHttpHeadersWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/header/XXssProtectionServerHttpHeadersWriterTests.java
@@ -32,47 +32,48 @@ public class XXssProtectionServerHttpHeadersWriterTests {
 
 	ServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/").build());
 
-	HttpHeaders headers = exchange.getResponse().getHeaders();
+	HttpHeaders headers = this.exchange.getResponse().getHeaders();
 
 	XXssProtectionServerHttpHeadersWriter writer = new XXssProtectionServerHttpHeadersWriter();
 
 	@Test
 	public void writeHeadersWhenNoHeadersThenWriteHeaders() {
-		writer.writeHttpHeaders(exchange);
+		this.writer.writeHttpHeaders(this.exchange);
 
-		assertThat(headers).hasSize(1);
-		assertThat(headers.get(XXssProtectionServerHttpHeadersWriter.X_XSS_PROTECTION)).containsOnly("1 ; mode=block");
+		assertThat(this.headers).hasSize(1);
+		assertThat(this.headers.get(XXssProtectionServerHttpHeadersWriter.X_XSS_PROTECTION))
+				.containsOnly("1 ; mode=block");
 	}
 
 	@Test
 	public void writeHeadersWhenBlockFalseThenWriteHeaders() {
-		writer.setBlock(false);
+		this.writer.setBlock(false);
 
-		writer.writeHttpHeaders(exchange);
+		this.writer.writeHttpHeaders(this.exchange);
 
-		assertThat(headers).hasSize(1);
-		assertThat(headers.get(XXssProtectionServerHttpHeadersWriter.X_XSS_PROTECTION)).containsOnly("1");
+		assertThat(this.headers).hasSize(1);
+		assertThat(this.headers.get(XXssProtectionServerHttpHeadersWriter.X_XSS_PROTECTION)).containsOnly("1");
 	}
 
 	@Test
 	public void writeHeadersWhenEnabledFalseThenWriteHeaders() {
-		writer.setEnabled(false);
+		this.writer.setEnabled(false);
 
-		writer.writeHttpHeaders(exchange);
+		this.writer.writeHttpHeaders(this.exchange);
 
-		assertThat(headers).hasSize(1);
-		assertThat(headers.get(XXssProtectionServerHttpHeadersWriter.X_XSS_PROTECTION)).containsOnly("0");
+		assertThat(this.headers).hasSize(1);
+		assertThat(this.headers.get(XXssProtectionServerHttpHeadersWriter.X_XSS_PROTECTION)).containsOnly("0");
 	}
 
 	@Test
 	public void writeHeadersWhenHeaderWrittenThenDoesNotOverrride() {
 		String headerValue = "value";
-		headers.set(XXssProtectionServerHttpHeadersWriter.X_XSS_PROTECTION, headerValue);
+		this.headers.set(XXssProtectionServerHttpHeadersWriter.X_XSS_PROTECTION, headerValue);
 
-		writer.writeHttpHeaders(exchange);
+		this.writer.writeHttpHeaders(this.exchange);
 
-		assertThat(headers).hasSize(1);
-		assertThat(headers.get(XXssProtectionServerHttpHeadersWriter.X_XSS_PROTECTION)).containsOnly(headerValue);
+		assertThat(this.headers).hasSize(1);
+		assertThat(this.headers.get(XXssProtectionServerHttpHeadersWriter.X_XSS_PROTECTION)).containsOnly(headerValue);
 	}
 
 }
diff --git a/web/src/test/java/org/springframework/security/web/server/jackson2/DefaultCsrfServerTokenMixinTests.java b/web/src/test/java/org/springframework/security/web/server/jackson2/DefaultCsrfServerTokenMixinTests.java
index 7b6ad834ec..e5aaaa6d70 100644
--- a/web/src/test/java/org/springframework/security/web/server/jackson2/DefaultCsrfServerTokenMixinTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/jackson2/DefaultCsrfServerTokenMixinTests.java
@@ -47,13 +47,13 @@ public class DefaultCsrfServerTokenMixinTests extends AbstractMixinTests {
 	@Test
 	public void defaultCsrfTokenSerializedTest() throws JsonProcessingException, JSONException {
 		DefaultCsrfToken token = new DefaultCsrfToken("csrf-header", "_csrf", "1");
-		String serializedJson = mapper.writeValueAsString(token);
+		String serializedJson = this.mapper.writeValueAsString(token);
 		JSONAssert.assertEquals(CSRF_JSON, serializedJson, true);
 	}
 
 	@Test
 	public void defaultCsrfTokenDeserializeTest() throws IOException {
-		DefaultCsrfToken token = mapper.readValue(CSRF_JSON, DefaultCsrfToken.class);
+		DefaultCsrfToken token = this.mapper.readValue(CSRF_JSON, DefaultCsrfToken.class);
 		assertThat(token).isNotNull();
 		assertThat(token.getHeaderName()).isEqualTo("csrf-header");
 		assertThat(token.getParameterName()).isEqualTo("_csrf");
@@ -63,13 +63,13 @@ public class DefaultCsrfServerTokenMixinTests extends AbstractMixinTests {
 	@Test(expected = JsonMappingException.class)
 	public void defaultCsrfTokenDeserializeWithoutClassTest() throws IOException {
 		String tokenJson = "{\"headerName\": \"csrf-header\", \"parameterName\": \"_csrf\", \"token\": \"1\"}";
-		mapper.readValue(tokenJson, DefaultCsrfToken.class);
+		this.mapper.readValue(tokenJson, DefaultCsrfToken.class);
 	}
 
 	@Test(expected = JsonMappingException.class)
 	public void defaultCsrfTokenDeserializeNullValuesTest() throws IOException {
 		String tokenJson = "{\"@class\": \"org.springframework.security.web.server.csrf.DefaultCsrfToken\", \"headerName\": \"\", \"parameterName\": null, \"token\": \"1\"}";
-		mapper.readValue(tokenJson, DefaultCsrfToken.class);
+		this.mapper.readValue(tokenJson, DefaultCsrfToken.class);
 	}
 
 }
diff --git a/web/src/test/java/org/springframework/security/web/server/savedrequest/ServerRequestCacheWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/savedrequest/ServerRequestCacheWebFilterTests.java
index e8fc9c970e..5ce76f1faa 100644
--- a/web/src/test/java/org/springframework/security/web/server/savedrequest/ServerRequestCacheWebFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/savedrequest/ServerRequestCacheWebFilterTests.java
@@ -60,7 +60,7 @@ public class ServerRequestCacheWebFilterTests {
 	@Before
 	public void setup() {
 		this.requestCacheFilter = new ServerRequestCacheWebFilter();
-		this.requestCacheFilter.setRequestCache(requestCache);
+		this.requestCacheFilter.setRequestCache(this.requestCache);
 		when(this.chain.filter(any(ServerWebExchange.class))).thenReturn(Mono.empty());
 	}
 
@@ -73,8 +73,8 @@ public class ServerRequestCacheWebFilterTests {
 
 		this.requestCacheFilter.filter(exchange, this.chain).block();
 
-		verify(chain).filter(exchangeCaptor.capture());
-		ServerWebExchange updatedExchange = exchangeCaptor.getValue();
+		verify(this.chain).filter(this.exchangeCaptor.capture());
+		ServerWebExchange updatedExchange = this.exchangeCaptor.getValue();
 		assertThat(updatedExchange.getRequest()).isEqualTo(savedRequest);
 	}
 
@@ -86,8 +86,8 @@ public class ServerRequestCacheWebFilterTests {
 
 		this.requestCacheFilter.filter(exchange, this.chain).block();
 
-		verify(chain).filter(exchangeCaptor.capture());
-		ServerWebExchange updatedExchange = exchangeCaptor.getValue();
+		verify(this.chain).filter(this.exchangeCaptor.capture());
+		ServerWebExchange updatedExchange = this.exchangeCaptor.getValue();
 		assertThat(updatedExchange.getRequest()).isEqualTo(initialRequest);
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/server/util/matcher/AndServerWebExchangeMatcherTests.java b/web/src/test/java/org/springframework/security/web/server/util/matcher/AndServerWebExchangeMatcherTests.java
index 329c77e221..9c32a9f027 100644
--- a/web/src/test/java/org/springframework/security/web/server/util/matcher/AndServerWebExchangeMatcherTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/util/matcher/AndServerWebExchangeMatcherTests.java
@@ -52,66 +52,66 @@ public class AndServerWebExchangeMatcherTests {
 
 	@Before
 	public void setUp() {
-		matcher = new AndServerWebExchangeMatcher(matcher1, matcher2);
+		this.matcher = new AndServerWebExchangeMatcher(this.matcher1, this.matcher2);
 	}
 
 	@Test
 	public void matchesWhenTrueTrueThenTrue() {
 		Map<String, Object> params1 = Collections.singletonMap("foo", "bar");
 		Map<String, Object> params2 = Collections.singletonMap("x", "y");
-		when(matcher1.matches(exchange)).thenReturn(ServerWebExchangeMatcher.MatchResult.match(params1));
-		when(matcher2.matches(exchange)).thenReturn(ServerWebExchangeMatcher.MatchResult.match(params2));
+		when(this.matcher1.matches(this.exchange)).thenReturn(ServerWebExchangeMatcher.MatchResult.match(params1));
+		when(this.matcher2.matches(this.exchange)).thenReturn(ServerWebExchangeMatcher.MatchResult.match(params2));
 
-		ServerWebExchangeMatcher.MatchResult matches = matcher.matches(exchange).block();
+		ServerWebExchangeMatcher.MatchResult matches = this.matcher.matches(this.exchange).block();
 
 		assertThat(matches.isMatch()).isTrue();
 		assertThat(matches.getVariables()).hasSize(2);
 		assertThat(matches.getVariables()).containsAllEntriesOf(params1);
 		assertThat(matches.getVariables()).containsAllEntriesOf(params2);
 
-		verify(matcher1).matches(exchange);
-		verify(matcher2).matches(exchange);
+		verify(this.matcher1).matches(this.exchange);
+		verify(this.matcher2).matches(this.exchange);
 	}
 
 	@Test
 	public void matchesWhenFalseFalseThenFalseAndMatcher2NotInvoked() {
-		when(matcher1.matches(exchange)).thenReturn(ServerWebExchangeMatcher.MatchResult.notMatch());
+		when(this.matcher1.matches(this.exchange)).thenReturn(ServerWebExchangeMatcher.MatchResult.notMatch());
 
-		ServerWebExchangeMatcher.MatchResult matches = matcher.matches(exchange).block();
+		ServerWebExchangeMatcher.MatchResult matches = this.matcher.matches(this.exchange).block();
 
 		assertThat(matches.isMatch()).isFalse();
 		assertThat(matches.getVariables()).isEmpty();
 
-		verify(matcher1).matches(exchange);
-		verify(matcher2, never()).matches(exchange);
+		verify(this.matcher1).matches(this.exchange);
+		verify(this.matcher2, never()).matches(this.exchange);
 	}
 
 	@Test
 	public void matchesWhenTrueFalseThenFalse() {
 		Map<String, Object> params = Collections.singletonMap("foo", "bar");
-		when(matcher1.matches(exchange)).thenReturn(ServerWebExchangeMatcher.MatchResult.match(params));
-		when(matcher2.matches(exchange)).thenReturn(ServerWebExchangeMatcher.MatchResult.notMatch());
+		when(this.matcher1.matches(this.exchange)).thenReturn(ServerWebExchangeMatcher.MatchResult.match(params));
+		when(this.matcher2.matches(this.exchange)).thenReturn(ServerWebExchangeMatcher.MatchResult.notMatch());
 
-		ServerWebExchangeMatcher.MatchResult matches = matcher.matches(exchange).block();
+		ServerWebExchangeMatcher.MatchResult matches = this.matcher.matches(this.exchange).block();
 
 		assertThat(matches.isMatch()).isFalse();
 		assertThat(matches.getVariables()).isEmpty();
 
-		verify(matcher1).matches(exchange);
-		verify(matcher2).matches(exchange);
+		verify(this.matcher1).matches(this.exchange);
+		verify(this.matcher2).matches(this.exchange);
 	}
 
 	@Test
 	public void matchesWhenFalseTrueThenFalse() {
-		when(matcher1.matches(exchange)).thenReturn(ServerWebExchangeMatcher.MatchResult.notMatch());
+		when(this.matcher1.matches(this.exchange)).thenReturn(ServerWebExchangeMatcher.MatchResult.notMatch());
 
-		ServerWebExchangeMatcher.MatchResult matches = matcher.matches(exchange).block();
+		ServerWebExchangeMatcher.MatchResult matches = this.matcher.matches(this.exchange).block();
 
 		assertThat(matches.isMatch()).isFalse();
 		assertThat(matches.getVariables()).isEmpty();
 
-		verify(matcher1).matches(exchange);
-		verify(matcher2, never()).matches(exchange);
+		verify(this.matcher1).matches(this.exchange);
+		verify(this.matcher2, never()).matches(this.exchange);
 	}
 
 }
diff --git a/web/src/test/java/org/springframework/security/web/server/util/matcher/NegatedServerWebExchangeMatcherTests.java b/web/src/test/java/org/springframework/security/web/server/util/matcher/NegatedServerWebExchangeMatcherTests.java
index b1a2bc0c06..ae7d339dc3 100644
--- a/web/src/test/java/org/springframework/security/web/server/util/matcher/NegatedServerWebExchangeMatcherTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/util/matcher/NegatedServerWebExchangeMatcherTests.java
@@ -45,31 +45,31 @@ public class NegatedServerWebExchangeMatcherTests {
 
 	@Before
 	public void setUp() {
-		matcher = new NegatedServerWebExchangeMatcher(matcher1);
+		this.matcher = new NegatedServerWebExchangeMatcher(this.matcher1);
 	}
 
 	@Test
 	public void matchesWhenFalseThenTrue() {
-		when(matcher1.matches(exchange)).thenReturn(ServerWebExchangeMatcher.MatchResult.notMatch());
+		when(this.matcher1.matches(this.exchange)).thenReturn(ServerWebExchangeMatcher.MatchResult.notMatch());
 
-		ServerWebExchangeMatcher.MatchResult matches = matcher.matches(exchange).block();
+		ServerWebExchangeMatcher.MatchResult matches = this.matcher.matches(this.exchange).block();
 
 		assertThat(matches.isMatch()).isTrue();
 		assertThat(matches.getVariables()).isEmpty();
 
-		verify(matcher1).matches(exchange);
+		verify(this.matcher1).matches(this.exchange);
 	}
 
 	@Test
 	public void matchesWhenTrueThenFalse() {
-		when(matcher1.matches(exchange)).thenReturn(ServerWebExchangeMatcher.MatchResult.match());
+		when(this.matcher1.matches(this.exchange)).thenReturn(ServerWebExchangeMatcher.MatchResult.match());
 
-		ServerWebExchangeMatcher.MatchResult matches = matcher.matches(exchange).block();
+		ServerWebExchangeMatcher.MatchResult matches = this.matcher.matches(this.exchange).block();
 
 		assertThat(matches.isMatch()).isFalse();
 		assertThat(matches.getVariables()).isEmpty();
 
-		verify(matcher1).matches(exchange);
+		verify(this.matcher1).matches(this.exchange);
 	}
 
 }
diff --git a/web/src/test/java/org/springframework/security/web/server/util/matcher/OrServerWebExchangeMatcherTests.java b/web/src/test/java/org/springframework/security/web/server/util/matcher/OrServerWebExchangeMatcherTests.java
index 3024aa8be9..c46c4f0951 100644
--- a/web/src/test/java/org/springframework/security/web/server/util/matcher/OrServerWebExchangeMatcherTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/util/matcher/OrServerWebExchangeMatcherTests.java
@@ -52,50 +52,50 @@ public class OrServerWebExchangeMatcherTests {
 
 	@Before
 	public void setUp() {
-		matcher = new OrServerWebExchangeMatcher(matcher1, matcher2);
+		this.matcher = new OrServerWebExchangeMatcher(this.matcher1, this.matcher2);
 	}
 
 	@Test
 	public void matchesWhenFalseFalseThenFalse() {
-		when(matcher1.matches(exchange)).thenReturn(ServerWebExchangeMatcher.MatchResult.notMatch());
-		when(matcher2.matches(exchange)).thenReturn(ServerWebExchangeMatcher.MatchResult.notMatch());
+		when(this.matcher1.matches(this.exchange)).thenReturn(ServerWebExchangeMatcher.MatchResult.notMatch());
+		when(this.matcher2.matches(this.exchange)).thenReturn(ServerWebExchangeMatcher.MatchResult.notMatch());
 
-		ServerWebExchangeMatcher.MatchResult matches = matcher.matches(exchange).block();
+		ServerWebExchangeMatcher.MatchResult matches = this.matcher.matches(this.exchange).block();
 
 		assertThat(matches.isMatch()).isFalse();
 		assertThat(matches.getVariables()).isEmpty();
 
-		verify(matcher1).matches(exchange);
-		verify(matcher2).matches(exchange);
+		verify(this.matcher1).matches(this.exchange);
+		verify(this.matcher2).matches(this.exchange);
 	}
 
 	@Test
 	public void matchesWhenTrueFalseThenTrueAndMatcher2NotInvoked() {
 		Map<String, Object> params = Collections.singletonMap("foo", "bar");
-		when(matcher1.matches(exchange)).thenReturn(ServerWebExchangeMatcher.MatchResult.match(params));
+		when(this.matcher1.matches(this.exchange)).thenReturn(ServerWebExchangeMatcher.MatchResult.match(params));
 
-		ServerWebExchangeMatcher.MatchResult matches = matcher.matches(exchange).block();
+		ServerWebExchangeMatcher.MatchResult matches = this.matcher.matches(this.exchange).block();
 
 		assertThat(matches.isMatch()).isTrue();
 		assertThat(matches.getVariables()).isEqualTo(params);
 
-		verify(matcher1).matches(exchange);
-		verify(matcher2, never()).matches(exchange);
+		verify(this.matcher1).matches(this.exchange);
+		verify(this.matcher2, never()).matches(this.exchange);
 	}
 
 	@Test
 	public void matchesWhenFalseTrueThenTrue() {
 		Map<String, Object> params = Collections.singletonMap("foo", "bar");
-		when(matcher1.matches(exchange)).thenReturn(ServerWebExchangeMatcher.MatchResult.notMatch());
-		when(matcher2.matches(exchange)).thenReturn(ServerWebExchangeMatcher.MatchResult.match(params));
+		when(this.matcher1.matches(this.exchange)).thenReturn(ServerWebExchangeMatcher.MatchResult.notMatch());
+		when(this.matcher2.matches(this.exchange)).thenReturn(ServerWebExchangeMatcher.MatchResult.match(params));
 
-		ServerWebExchangeMatcher.MatchResult matches = matcher.matches(exchange).block();
+		ServerWebExchangeMatcher.MatchResult matches = this.matcher.matches(this.exchange).block();
 
 		assertThat(matches.isMatch()).isTrue();
 		assertThat(matches.getVariables()).isEqualTo(params);
 
-		verify(matcher1).matches(exchange);
-		verify(matcher2).matches(exchange);
+		verify(this.matcher1).matches(this.exchange);
+		verify(this.matcher2).matches(this.exchange);
 	}
 
 }
diff --git a/web/src/test/java/org/springframework/security/web/server/util/matcher/PathMatcherServerWebExchangeMatcherTests.java b/web/src/test/java/org/springframework/security/web/server/util/matcher/PathMatcherServerWebExchangeMatcherTests.java
index e953a07c87..870347f26c 100644
--- a/web/src/test/java/org/springframework/security/web/server/util/matcher/PathMatcherServerWebExchangeMatcherTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/util/matcher/PathMatcherServerWebExchangeMatcherTests.java
@@ -59,10 +59,10 @@ public class PathMatcherServerWebExchangeMatcherTests {
 		MockServerHttpRequest request = MockServerHttpRequest.post("/path").build();
 		MockServerHttpResponse response = new MockServerHttpResponse();
 		DefaultWebSessionManager sessionManager = new DefaultWebSessionManager();
-		exchange = MockServerWebExchange.from(request);
-		path = "/path";
+		this.exchange = MockServerWebExchange.from(request);
+		this.path = "/path";
 
-		matcher = new PathPatternParserServerWebExchangeMatcher(pattern);
+		this.matcher = new PathPatternParserServerWebExchangeMatcher(this.pattern);
 	}
 
 	@Test(expected = IllegalArgumentException.class)
@@ -77,39 +77,40 @@ public class PathMatcherServerWebExchangeMatcherTests {
 
 	@Test
 	public void matchesWhenPathMatcherTrueThenReturnTrue() {
-		when(pattern.matches(any())).thenReturn(true);
-		when(pattern.matchAndExtract(any())).thenReturn(pathMatchInfo);
-		when(pathMatchInfo.getUriVariables()).thenReturn(new HashMap<>());
+		when(this.pattern.matches(any())).thenReturn(true);
+		when(this.pattern.matchAndExtract(any())).thenReturn(this.pathMatchInfo);
+		when(this.pathMatchInfo.getUriVariables()).thenReturn(new HashMap<>());
 
-		assertThat(matcher.matches(exchange).block().isMatch()).isTrue();
+		assertThat(this.matcher.matches(this.exchange).block().isMatch()).isTrue();
 	}
 
 	@Test
 	public void matchesWhenPathMatcherFalseThenReturnFalse() {
-		when(pattern.matches(any())).thenReturn(false);
+		when(this.pattern.matches(any())).thenReturn(false);
 
-		assertThat(matcher.matches(exchange).block().isMatch()).isFalse();
+		assertThat(this.matcher.matches(this.exchange).block().isMatch()).isFalse();
 	}
 
 	@Test
 	public void matchesWhenPathMatcherTrueAndMethodTrueThenReturnTrue() {
-		matcher = new PathPatternParserServerWebExchangeMatcher(pattern, exchange.getRequest().getMethod());
-		when(pattern.matches(any())).thenReturn(true);
-		when(pattern.matchAndExtract(any())).thenReturn(pathMatchInfo);
-		when(pathMatchInfo.getUriVariables()).thenReturn(new HashMap<>());
+		this.matcher = new PathPatternParserServerWebExchangeMatcher(this.pattern,
+				this.exchange.getRequest().getMethod());
+		when(this.pattern.matches(any())).thenReturn(true);
+		when(this.pattern.matchAndExtract(any())).thenReturn(this.pathMatchInfo);
+		when(this.pathMatchInfo.getUriVariables()).thenReturn(new HashMap<>());
 
-		assertThat(matcher.matches(exchange).block().isMatch()).isTrue();
+		assertThat(this.matcher.matches(this.exchange).block().isMatch()).isTrue();
 	}
 
 	@Test
 	public void matchesWhenPathMatcherTrueAndMethodFalseThenReturnFalse() {
 		HttpMethod method = HttpMethod.OPTIONS;
-		assertThat(exchange.getRequest().getMethod()).isNotEqualTo(method);
-		matcher = new PathPatternParserServerWebExchangeMatcher(pattern, method);
+		assertThat(this.exchange.getRequest().getMethod()).isNotEqualTo(method);
+		this.matcher = new PathPatternParserServerWebExchangeMatcher(this.pattern, method);
 
-		assertThat(matcher.matches(exchange).block().isMatch()).isFalse();
+		assertThat(this.matcher.matches(this.exchange).block().isMatch()).isFalse();
 
-		verifyZeroInteractions(pattern);
+		verifyZeroInteractions(this.pattern);
 	}
 
 }
diff --git a/web/src/test/java/org/springframework/security/web/server/util/matcher/ServerWebExchangeMatchersTests.java b/web/src/test/java/org/springframework/security/web/server/util/matcher/ServerWebExchangeMatchersTests.java
index 6bc4010405..938af60bfd 100644
--- a/web/src/test/java/org/springframework/security/web/server/util/matcher/ServerWebExchangeMatchersTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/util/matcher/ServerWebExchangeMatchersTests.java
@@ -39,29 +39,30 @@ public class ServerWebExchangeMatchersTests {
 
 	@Test
 	public void pathMatchersWhenSingleAndSamePatternThenMatches() {
-		assertThat(pathMatchers("/").matches(exchange).block().isMatch()).isTrue();
+		assertThat(pathMatchers("/").matches(this.exchange).block().isMatch()).isTrue();
 	}
 
 	@Test
 	public void pathMatchersWhenSingleAndSamePatternAndMethodThenMatches() {
-		assertThat(ServerWebExchangeMatchers.pathMatchers(HttpMethod.GET, "/").matches(exchange).block().isMatch())
+		assertThat(ServerWebExchangeMatchers.pathMatchers(HttpMethod.GET, "/").matches(this.exchange).block().isMatch())
 				.isTrue();
 	}
 
 	@Test
 	public void pathMatchersWhenSingleAndSamePatternAndDiffMethodThenDoesNotMatch() {
-		assertThat(ServerWebExchangeMatchers.pathMatchers(HttpMethod.POST, "/").matches(exchange).block().isMatch())
-				.isFalse();
+		assertThat(
+				ServerWebExchangeMatchers.pathMatchers(HttpMethod.POST, "/").matches(this.exchange).block().isMatch())
+						.isFalse();
 	}
 
 	@Test
 	public void pathMatchersWhenSingleAndDifferentPatternThenDoesNotMatch() {
-		assertThat(pathMatchers("/foobar").matches(exchange).block().isMatch()).isFalse();
+		assertThat(pathMatchers("/foobar").matches(this.exchange).block().isMatch()).isFalse();
 	}
 
 	@Test
 	public void pathMatchersWhenMultiThenMatches() {
-		assertThat(pathMatchers("/foobar", "/").matches(exchange).block().isMatch()).isTrue();
+		assertThat(pathMatchers("/foobar", "/").matches(this.exchange).block().isMatch()).isTrue();
 	}
 
 	@Test
diff --git a/web/src/test/java/org/springframework/security/web/servlet/support/csrf/CsrfRequestDataValueProcessorTests.java b/web/src/test/java/org/springframework/security/web/servlet/support/csrf/CsrfRequestDataValueProcessorTests.java
index 661dae27fa..1b2ef782ac 100644
--- a/web/src/test/java/org/springframework/security/web/servlet/support/csrf/CsrfRequestDataValueProcessorTests.java
+++ b/web/src/test/java/org/springframework/security/web/servlet/support/csrf/CsrfRequestDataValueProcessorTests.java
@@ -46,13 +46,13 @@ public class CsrfRequestDataValueProcessorTests {
 
 	@Before
 	public void setup() {
-		request = new MockHttpServletRequest();
-		processor = new CsrfRequestDataValueProcessor();
+		this.request = new MockHttpServletRequest();
+		this.processor = new CsrfRequestDataValueProcessor();
 
-		token = new DefaultCsrfToken("1", "a", "b");
-		request.setAttribute(CsrfToken.class.getName(), token);
+		this.token = new DefaultCsrfToken("1", "a", "b");
+		this.request.setAttribute(CsrfToken.class.getName(), this.token);
 
-		expected.put(token.getParameterName(), token.getToken());
+		this.expected.put(this.token.getParameterName(), this.token.getToken());
 	}
 
 	@Test
@@ -68,72 +68,72 @@ public class CsrfRequestDataValueProcessorTests {
 
 	@Test
 	public void getExtraHiddenFieldsNoCsrfToken() {
-		request = new MockHttpServletRequest();
-		assertThat(processor.getExtraHiddenFields(request)).isEmpty();
+		this.request = new MockHttpServletRequest();
+		assertThat(this.processor.getExtraHiddenFields(this.request)).isEmpty();
 	}
 
 	@Test
 	public void getExtraHiddenFieldsHasCsrfTokenNoMethodSet() {
-		assertThat(processor.getExtraHiddenFields(request)).isEqualTo(expected);
+		assertThat(this.processor.getExtraHiddenFields(this.request)).isEqualTo(this.expected);
 	}
 
 	@Test
 	public void getExtraHiddenFieldsHasCsrfToken_GET() {
-		processor.processAction(request, "action", "GET");
-		assertThat(processor.getExtraHiddenFields(request)).isEmpty();
+		this.processor.processAction(this.request, "action", "GET");
+		assertThat(this.processor.getExtraHiddenFields(this.request)).isEmpty();
 	}
 
 	@Test
 	public void getExtraHiddenFieldsHasCsrfToken_get() {
-		processor.processAction(request, "action", "get");
-		assertThat(processor.getExtraHiddenFields(request)).isEmpty();
+		this.processor.processAction(this.request, "action", "get");
+		assertThat(this.processor.getExtraHiddenFields(this.request)).isEmpty();
 	}
 
 	@Test
 	public void getExtraHiddenFieldsHasCsrfToken_POST() {
-		processor.processAction(request, "action", "POST");
-		assertThat(processor.getExtraHiddenFields(request)).isEqualTo(expected);
+		this.processor.processAction(this.request, "action", "POST");
+		assertThat(this.processor.getExtraHiddenFields(this.request)).isEqualTo(this.expected);
 	}
 
 	@Test
 	public void getExtraHiddenFieldsHasCsrfToken_post() {
-		processor.processAction(request, "action", "post");
-		assertThat(processor.getExtraHiddenFields(request)).isEqualTo(expected);
+		this.processor.processAction(this.request, "action", "post");
+		assertThat(this.processor.getExtraHiddenFields(this.request)).isEqualTo(this.expected);
 	}
 
 	@Test
 	public void processAction() {
 		String action = "action";
-		assertThat(processor.processAction(request, action)).isEqualTo(action);
+		assertThat(this.processor.processAction(this.request, action)).isEqualTo(action);
 	}
 
 	@Test
 	public void processActionWithMethodArg() {
 		String action = "action";
-		assertThat(processor.processAction(request, action, null)).isEqualTo(action);
+		assertThat(this.processor.processAction(this.request, action, null)).isEqualTo(action);
 	}
 
 	@Test
 	public void processFormFieldValue() {
 		String value = "action";
-		assertThat(processor.processFormFieldValue(request, "name", value, "hidden")).isEqualTo(value);
+		assertThat(this.processor.processFormFieldValue(this.request, "name", value, "hidden")).isEqualTo(value);
 	}
 
 	@Test
 	public void processUrl() {
 		String url = "url";
-		assertThat(processor.processUrl(request, url)).isEqualTo(url);
+		assertThat(this.processor.processUrl(this.request, url)).isEqualTo(url);
 	}
 
 	@Test
 	public void createGetExtraHiddenFieldsHasCsrfToken() {
 		CsrfToken token = new DefaultCsrfToken("1", "a", "b");
-		request.setAttribute(CsrfToken.class.getName(), token);
+		this.request.setAttribute(CsrfToken.class.getName(), token);
 		Map<String, String> expected = new HashMap<>();
 		expected.put(token.getParameterName(), token.getToken());
 
 		RequestDataValueProcessor processor = new CsrfRequestDataValueProcessor();
-		assertThat(processor.getExtraHiddenFields(request)).isEqualTo(expected);
+		assertThat(processor.getExtraHiddenFields(this.request)).isEqualTo(expected);
 	}
 
 }
diff --git a/web/src/test/java/org/springframework/security/web/session/HttpSessionDestroyedEventTests.java b/web/src/test/java/org/springframework/security/web/session/HttpSessionDestroyedEventTests.java
index 091a04db38..400aea182b 100644
--- a/web/src/test/java/org/springframework/security/web/session/HttpSessionDestroyedEventTests.java
+++ b/web/src/test/java/org/springframework/security/web/session/HttpSessionDestroyedEventTests.java
@@ -39,34 +39,34 @@ public class HttpSessionDestroyedEventTests {
 
 	@Before
 	public void setUp() {
-		session = new MockHttpSession();
-		session.setAttribute("notcontext", "notcontext");
-		session.setAttribute("null", null);
-		session.setAttribute("context", new SecurityContextImpl());
-		destroyedEvent = new HttpSessionDestroyedEvent(session);
+		this.session = new MockHttpSession();
+		this.session.setAttribute("notcontext", "notcontext");
+		this.session.setAttribute("null", null);
+		this.session.setAttribute("context", new SecurityContextImpl());
+		this.destroyedEvent = new HttpSessionDestroyedEvent(this.session);
 	}
 
 	// SEC-1870
 	@Test
 	public void getSecurityContexts() {
-		List<SecurityContext> securityContexts = destroyedEvent.getSecurityContexts();
+		List<SecurityContext> securityContexts = this.destroyedEvent.getSecurityContexts();
 		assertThat(securityContexts).hasSize(1);
-		assertThat(securityContexts.get(0)).isSameAs(session.getAttribute("context"));
+		assertThat(securityContexts.get(0)).isSameAs(this.session.getAttribute("context"));
 	}
 
 	@Test
 	public void getSecurityContextsMulti() {
-		session.setAttribute("another", new SecurityContextImpl());
-		List<SecurityContext> securityContexts = destroyedEvent.getSecurityContexts();
+		this.session.setAttribute("another", new SecurityContextImpl());
+		List<SecurityContext> securityContexts = this.destroyedEvent.getSecurityContexts();
 		assertThat(securityContexts).hasSize(2);
 	}
 
 	@Test
 	public void getSecurityContextsDiffImpl() {
-		session.setAttribute("context", mock(SecurityContext.class));
-		List<SecurityContext> securityContexts = destroyedEvent.getSecurityContexts();
+		this.session.setAttribute("context", mock(SecurityContext.class));
+		List<SecurityContext> securityContexts = this.destroyedEvent.getSecurityContexts();
 		assertThat(securityContexts).hasSize(1);
-		assertThat(securityContexts.get(0)).isSameAs(session.getAttribute("context"));
+		assertThat(securityContexts.get(0)).isSameAs(this.session.getAttribute("context"));
 	}
 
 }
diff --git a/web/src/test/java/org/springframework/security/web/session/MockApplicationListener.java b/web/src/test/java/org/springframework/security/web/session/MockApplicationListener.java
index ba7fa20817..115641d974 100644
--- a/web/src/test/java/org/springframework/security/web/session/MockApplicationListener.java
+++ b/web/src/test/java/org/springframework/security/web/session/MockApplicationListener.java
@@ -33,22 +33,22 @@ public class MockApplicationListener implements ApplicationListener<ApplicationE
 	private HttpSessionIdChangedEvent sessionIdChangedEvent;
 
 	public HttpSessionCreatedEvent getCreatedEvent() {
-		return createdEvent;
+		return this.createdEvent;
 	}
 
 	public HttpSessionDestroyedEvent getDestroyedEvent() {
-		return destroyedEvent;
+		return this.destroyedEvent;
 	}
 
 	public void onApplicationEvent(ApplicationEvent event) {
 		if (event instanceof HttpSessionCreatedEvent) {
-			createdEvent = (HttpSessionCreatedEvent) event;
+			this.createdEvent = (HttpSessionCreatedEvent) event;
 		}
 		else if (event instanceof HttpSessionDestroyedEvent) {
-			destroyedEvent = (HttpSessionDestroyedEvent) event;
+			this.destroyedEvent = (HttpSessionDestroyedEvent) event;
 		}
 		else if (event instanceof HttpSessionIdChangedEvent) {
-			sessionIdChangedEvent = (HttpSessionIdChangedEvent) event;
+			this.sessionIdChangedEvent = (HttpSessionIdChangedEvent) event;
 		}
 	}
 
@@ -65,7 +65,7 @@ public class MockApplicationListener implements ApplicationListener<ApplicationE
 	}
 
 	public HttpSessionIdChangedEvent getSessionIdChangedEvent() {
-		return sessionIdChangedEvent;
+		return this.sessionIdChangedEvent;
 	}
 
 }
diff --git a/web/src/test/java/org/springframework/security/web/util/OnCommittedResponseWrapperTests.java b/web/src/test/java/org/springframework/security/web/util/OnCommittedResponseWrapperTests.java
index 1e7ff849b9..52bbca8413 100644
--- a/web/src/test/java/org/springframework/security/web/util/OnCommittedResponseWrapperTests.java
+++ b/web/src/test/java/org/springframework/security/web/util/OnCommittedResponseWrapperTests.java
@@ -52,40 +52,40 @@ public class OnCommittedResponseWrapperTests {
 
 	@Before
 	public void setup() throws Exception {
-		response = new OnCommittedResponseWrapper(delegate) {
+		this.response = new OnCommittedResponseWrapper(this.delegate) {
 			@Override
 			protected void onResponseCommitted() {
-				committed = true;
+				OnCommittedResponseWrapperTests.this.committed = true;
 			}
 		};
-		when(delegate.getWriter()).thenReturn(writer);
-		when(delegate.getOutputStream()).thenReturn(out);
+		when(this.delegate.getWriter()).thenReturn(this.writer);
+		when(this.delegate.getOutputStream()).thenReturn(this.out);
 	}
 
 	// --- printwriter
 
 	@Test
 	public void printWriterHashCode() throws Exception {
-		int expected = writer.hashCode();
+		int expected = this.writer.hashCode();
 
-		assertThat(response.getWriter().hashCode()).isEqualTo(expected);
+		assertThat(this.response.getWriter().hashCode()).isEqualTo(expected);
 	}
 
 	@Test
 	public void printWriterCheckError() throws Exception {
 		boolean expected = true;
-		when(writer.checkError()).thenReturn(expected);
+		when(this.writer.checkError()).thenReturn(expected);
 
-		assertThat(response.getWriter().checkError()).isEqualTo(expected);
+		assertThat(this.response.getWriter().checkError()).isEqualTo(expected);
 	}
 
 	@Test
 	public void printWriterWriteInt() throws Exception {
 		int expected = 1;
 
-		response.getWriter().write(expected);
+		this.response.getWriter().write(expected);
 
-		verify(writer).write(expected);
+		verify(this.writer).write(expected);
 	}
 
 	@Test
@@ -94,18 +94,18 @@ public class OnCommittedResponseWrapperTests {
 		int off = 2;
 		int len = 3;
 
-		response.getWriter().write(buff, off, len);
+		this.response.getWriter().write(buff, off, len);
 
-		verify(writer).write(buff, off, len);
+		verify(this.writer).write(buff, off, len);
 	}
 
 	@Test
 	public void printWriterWriteChar() throws Exception {
 		char[] buff = new char[0];
 
-		response.getWriter().write(buff);
+		this.response.getWriter().write(buff);
 
-		verify(writer).write(buff);
+		verify(this.writer).write(buff);
 	}
 
 	@Test
@@ -114,187 +114,187 @@ public class OnCommittedResponseWrapperTests {
 		int off = 2;
 		int len = 3;
 
-		response.getWriter().write(s, off, len);
+		this.response.getWriter().write(s, off, len);
 
-		verify(writer).write(s, off, len);
+		verify(this.writer).write(s, off, len);
 	}
 
 	@Test
 	public void printWriterWriteString() throws Exception {
 		String s = "";
 
-		response.getWriter().write(s);
+		this.response.getWriter().write(s);
 
-		verify(writer).write(s);
+		verify(this.writer).write(s);
 	}
 
 	@Test
 	public void printWriterPrintBoolean() throws Exception {
 		boolean b = true;
 
-		response.getWriter().print(b);
+		this.response.getWriter().print(b);
 
-		verify(writer).print(b);
+		verify(this.writer).print(b);
 	}
 
 	@Test
 	public void printWriterPrintChar() throws Exception {
 		char c = 1;
 
-		response.getWriter().print(c);
+		this.response.getWriter().print(c);
 
-		verify(writer).print(c);
+		verify(this.writer).print(c);
 	}
 
 	@Test
 	public void printWriterPrintInt() throws Exception {
 		int i = 1;
 
-		response.getWriter().print(i);
+		this.response.getWriter().print(i);
 
-		verify(writer).print(i);
+		verify(this.writer).print(i);
 	}
 
 	@Test
 	public void printWriterPrintLong() throws Exception {
 		long l = 1;
 
-		response.getWriter().print(l);
+		this.response.getWriter().print(l);
 
-		verify(writer).print(l);
+		verify(this.writer).print(l);
 	}
 
 	@Test
 	public void printWriterPrintFloat() throws Exception {
 		float f = 1;
 
-		response.getWriter().print(f);
+		this.response.getWriter().print(f);
 
-		verify(writer).print(f);
+		verify(this.writer).print(f);
 	}
 
 	@Test
 	public void printWriterPrintDouble() throws Exception {
 		double x = 1;
 
-		response.getWriter().print(x);
+		this.response.getWriter().print(x);
 
-		verify(writer).print(x);
+		verify(this.writer).print(x);
 	}
 
 	@Test
 	public void printWriterPrintCharArray() throws Exception {
 		char[] x = new char[0];
 
-		response.getWriter().print(x);
+		this.response.getWriter().print(x);
 
-		verify(writer).print(x);
+		verify(this.writer).print(x);
 	}
 
 	@Test
 	public void printWriterPrintString() throws Exception {
 		String x = "1";
 
-		response.getWriter().print(x);
+		this.response.getWriter().print(x);
 
-		verify(writer).print(x);
+		verify(this.writer).print(x);
 	}
 
 	@Test
 	public void printWriterPrintObject() throws Exception {
 		Object x = "1";
 
-		response.getWriter().print(x);
+		this.response.getWriter().print(x);
 
-		verify(writer).print(x);
+		verify(this.writer).print(x);
 	}
 
 	@Test
 	public void printWriterPrintln() throws Exception {
-		response.getWriter().println();
+		this.response.getWriter().println();
 
-		verify(writer).println();
+		verify(this.writer).println();
 	}
 
 	@Test
 	public void printWriterPrintlnBoolean() throws Exception {
 		boolean b = true;
 
-		response.getWriter().println(b);
+		this.response.getWriter().println(b);
 
-		verify(writer).println(b);
+		verify(this.writer).println(b);
 	}
 
 	@Test
 	public void printWriterPrintlnChar() throws Exception {
 		char c = 1;
 
-		response.getWriter().println(c);
+		this.response.getWriter().println(c);
 
-		verify(writer).println(c);
+		verify(this.writer).println(c);
 	}
 
 	@Test
 	public void printWriterPrintlnInt() throws Exception {
 		int i = 1;
 
-		response.getWriter().println(i);
+		this.response.getWriter().println(i);
 
-		verify(writer).println(i);
+		verify(this.writer).println(i);
 	}
 
 	@Test
 	public void printWriterPrintlnLong() throws Exception {
 		long l = 1;
 
-		response.getWriter().println(l);
+		this.response.getWriter().println(l);
 
-		verify(writer).println(l);
+		verify(this.writer).println(l);
 	}
 
 	@Test
 	public void printWriterPrintlnFloat() throws Exception {
 		float f = 1;
 
-		response.getWriter().println(f);
+		this.response.getWriter().println(f);
 
-		verify(writer).println(f);
+		verify(this.writer).println(f);
 	}
 
 	@Test
 	public void printWriterPrintlnDouble() throws Exception {
 		double x = 1;
 
-		response.getWriter().println(x);
+		this.response.getWriter().println(x);
 
-		verify(writer).println(x);
+		verify(this.writer).println(x);
 	}
 
 	@Test
 	public void printWriterPrintlnCharArray() throws Exception {
 		char[] x = new char[0];
 
-		response.getWriter().println(x);
+		this.response.getWriter().println(x);
 
-		verify(writer).println(x);
+		verify(this.writer).println(x);
 	}
 
 	@Test
 	public void printWriterPrintlnString() throws Exception {
 		String x = "1";
 
-		response.getWriter().println(x);
+		this.response.getWriter().println(x);
 
-		verify(writer).println(x);
+		verify(this.writer).println(x);
 	}
 
 	@Test
 	public void printWriterPrintlnObject() throws Exception {
 		Object x = "1";
 
-		response.getWriter().println(x);
+		this.response.getWriter().println(x);
 
-		verify(writer).println(x);
+		verify(this.writer).println(x);
 	}
 
 	@Test
@@ -302,9 +302,9 @@ public class OnCommittedResponseWrapperTests {
 		String format = "format";
 		Object[] args = new Object[] { "1" };
 
-		response.getWriter().printf(format, args);
+		this.response.getWriter().printf(format, args);
 
-		verify(writer).printf(format, args);
+		verify(this.writer).printf(format, args);
 	}
 
 	@Test
@@ -313,9 +313,9 @@ public class OnCommittedResponseWrapperTests {
 		String format = "format";
 		Object[] args = new Object[] { "1" };
 
-		response.getWriter().printf(l, format, args);
+		this.response.getWriter().printf(l, format, args);
 
-		verify(writer).printf(l, format, args);
+		verify(this.writer).printf(l, format, args);
 	}
 
 	@Test
@@ -323,9 +323,9 @@ public class OnCommittedResponseWrapperTests {
 		String format = "format";
 		Object[] args = new Object[] { "1" };
 
-		response.getWriter().format(format, args);
+		this.response.getWriter().format(format, args);
 
-		verify(writer).format(format, args);
+		verify(this.writer).format(format, args);
 	}
 
 	@Test
@@ -334,18 +334,18 @@ public class OnCommittedResponseWrapperTests {
 		String format = "format";
 		Object[] args = new Object[] { "1" };
 
-		response.getWriter().format(l, format, args);
+		this.response.getWriter().format(l, format, args);
 
-		verify(writer).format(l, format, args);
+		verify(this.writer).format(l, format, args);
 	}
 
 	@Test
 	public void printWriterAppendCharSequence() throws Exception {
 		String x = "a";
 
-		response.getWriter().append(x);
+		this.response.getWriter().append(x);
 
-		verify(writer).append(x);
+		verify(this.writer).append(x);
 	}
 
 	@Test
@@ -354,45 +354,45 @@ public class OnCommittedResponseWrapperTests {
 		int start = 1;
 		int end = 3;
 
-		response.getWriter().append(x, start, end);
+		this.response.getWriter().append(x, start, end);
 
-		verify(writer).append(x, start, end);
+		verify(this.writer).append(x, start, end);
 	}
 
 	@Test
 	public void printWriterAppendChar() throws Exception {
 		char x = 1;
 
-		response.getWriter().append(x);
+		this.response.getWriter().append(x);
 
-		verify(writer).append(x);
+		verify(this.writer).append(x);
 	}
 
 	// servletoutputstream
 
 	@Test
 	public void outputStreamHashCode() throws Exception {
-		int expected = out.hashCode();
+		int expected = this.out.hashCode();
 
-		assertThat(response.getOutputStream().hashCode()).isEqualTo(expected);
+		assertThat(this.response.getOutputStream().hashCode()).isEqualTo(expected);
 	}
 
 	@Test
 	public void outputStreamWriteInt() throws Exception {
 		int expected = 1;
 
-		response.getOutputStream().write(expected);
+		this.response.getOutputStream().write(expected);
 
-		verify(out).write(expected);
+		verify(this.out).write(expected);
 	}
 
 	@Test
 	public void outputStreamWriteByte() throws Exception {
 		byte[] expected = new byte[0];
 
-		response.getOutputStream().write(expected);
+		this.response.getOutputStream().write(expected);
 
-		verify(out).write(expected);
+		verify(this.out).write(expected);
 	}
 
 	@Test
@@ -401,142 +401,142 @@ public class OnCommittedResponseWrapperTests {
 		int end = 2;
 		byte[] expected = new byte[0];
 
-		response.getOutputStream().write(expected, start, end);
+		this.response.getOutputStream().write(expected, start, end);
 
-		verify(out).write(expected, start, end);
+		verify(this.out).write(expected, start, end);
 	}
 
 	@Test
 	public void outputStreamPrintBoolean() throws Exception {
 		boolean b = true;
 
-		response.getOutputStream().print(b);
+		this.response.getOutputStream().print(b);
 
-		verify(out).print(b);
+		verify(this.out).print(b);
 	}
 
 	@Test
 	public void outputStreamPrintChar() throws Exception {
 		char c = 1;
 
-		response.getOutputStream().print(c);
+		this.response.getOutputStream().print(c);
 
-		verify(out).print(c);
+		verify(this.out).print(c);
 	}
 
 	@Test
 	public void outputStreamPrintInt() throws Exception {
 		int i = 1;
 
-		response.getOutputStream().print(i);
+		this.response.getOutputStream().print(i);
 
-		verify(out).print(i);
+		verify(this.out).print(i);
 	}
 
 	@Test
 	public void outputStreamPrintLong() throws Exception {
 		long l = 1;
 
-		response.getOutputStream().print(l);
+		this.response.getOutputStream().print(l);
 
-		verify(out).print(l);
+		verify(this.out).print(l);
 	}
 
 	@Test
 	public void outputStreamPrintFloat() throws Exception {
 		float f = 1;
 
-		response.getOutputStream().print(f);
+		this.response.getOutputStream().print(f);
 
-		verify(out).print(f);
+		verify(this.out).print(f);
 	}
 
 	@Test
 	public void outputStreamPrintDouble() throws Exception {
 		double x = 1;
 
-		response.getOutputStream().print(x);
+		this.response.getOutputStream().print(x);
 
-		verify(out).print(x);
+		verify(this.out).print(x);
 	}
 
 	@Test
 	public void outputStreamPrintString() throws Exception {
 		String x = "1";
 
-		response.getOutputStream().print(x);
+		this.response.getOutputStream().print(x);
 
-		verify(out).print(x);
+		verify(this.out).print(x);
 	}
 
 	@Test
 	public void outputStreamPrintln() throws Exception {
-		response.getOutputStream().println();
+		this.response.getOutputStream().println();
 
-		verify(out).println();
+		verify(this.out).println();
 	}
 
 	@Test
 	public void outputStreamPrintlnBoolean() throws Exception {
 		boolean b = true;
 
-		response.getOutputStream().println(b);
+		this.response.getOutputStream().println(b);
 
-		verify(out).println(b);
+		verify(this.out).println(b);
 	}
 
 	@Test
 	public void outputStreamPrintlnChar() throws Exception {
 		char c = 1;
 
-		response.getOutputStream().println(c);
+		this.response.getOutputStream().println(c);
 
-		verify(out).println(c);
+		verify(this.out).println(c);
 	}
 
 	@Test
 	public void outputStreamPrintlnInt() throws Exception {
 		int i = 1;
 
-		response.getOutputStream().println(i);
+		this.response.getOutputStream().println(i);
 
-		verify(out).println(i);
+		verify(this.out).println(i);
 	}
 
 	@Test
 	public void outputStreamPrintlnLong() throws Exception {
 		long l = 1;
 
-		response.getOutputStream().println(l);
+		this.response.getOutputStream().println(l);
 
-		verify(out).println(l);
+		verify(this.out).println(l);
 	}
 
 	@Test
 	public void outputStreamPrintlnFloat() throws Exception {
 		float f = 1;
 
-		response.getOutputStream().println(f);
+		this.response.getOutputStream().println(f);
 
-		verify(out).println(f);
+		verify(this.out).println(f);
 	}
 
 	@Test
 	public void outputStreamPrintlnDouble() throws Exception {
 		double x = 1;
 
-		response.getOutputStream().println(x);
+		this.response.getOutputStream().println(x);
 
-		verify(out).println(x);
+		verify(this.out).println(x);
 	}
 
 	@Test
 	public void outputStreamPrintlnString() throws Exception {
 		String x = "1";
 
-		response.getOutputStream().println(x);
+		this.response.getOutputStream().println(x);
 
-		verify(out).println(x);
+		verify(this.out).println(x);
 	}
 
 	// The amount of content specified in the setContentLength method of the response
@@ -560,35 +560,35 @@ public class OnCommittedResponseWrapperTests {
 	@Test
 	public void contentLengthPrintWriterWriteIntCommits() throws Exception {
 		int expected = 1;
-		response.setContentLength(String.valueOf(expected).length());
+		this.response.setContentLength(String.valueOf(expected).length());
 
-		response.getWriter().write(expected);
+		this.response.getWriter().write(expected);
 
-		assertThat(committed).isTrue();
+		assertThat(this.committed).isTrue();
 	}
 
 	@Test
 	public void contentLengthPrintWriterWriteIntMultiDigitCommits() throws Exception {
 		int expected = 10000;
-		response.setContentLength(String.valueOf(expected).length());
+		this.response.setContentLength(String.valueOf(expected).length());
 
-		response.getWriter().write(expected);
+		this.response.getWriter().write(expected);
 
-		assertThat(committed).isTrue();
+		assertThat(this.committed).isTrue();
 	}
 
 	@Test
 	public void contentLengthPlus1PrintWriterWriteIntMultiDigitCommits() throws Exception {
 		int expected = 10000;
-		response.setContentLength(String.valueOf(expected).length() + 1);
+		this.response.setContentLength(String.valueOf(expected).length() + 1);
 
-		response.getWriter().write(expected);
+		this.response.getWriter().write(expected);
 
-		assertThat(committed).isFalse();
+		assertThat(this.committed).isFalse();
 
-		response.getWriter().write(1);
+		this.response.getWriter().write(1);
 
-		assertThat(committed).isTrue();
+		assertThat(this.committed).isTrue();
 	}
 
 	@Test
@@ -596,21 +596,21 @@ public class OnCommittedResponseWrapperTests {
 		char[] buff = new char[0];
 		int off = 2;
 		int len = 3;
-		response.setContentLength(3);
+		this.response.setContentLength(3);
 
-		response.getWriter().write(buff, off, len);
+		this.response.getWriter().write(buff, off, len);
 
-		assertThat(committed).isTrue();
+		assertThat(this.committed).isTrue();
 	}
 
 	@Test
 	public void contentLengthPrintWriterWriteCharCommits() throws Exception {
 		char[] buff = new char[4];
-		response.setContentLength(buff.length);
+		this.response.setContentLength(buff.length);
 
-		response.getWriter().write(buff);
+		this.response.getWriter().write(buff);
 
-		assertThat(committed).isTrue();
+		assertThat(this.committed).isTrue();
 	}
 
 	@Test
@@ -618,239 +618,239 @@ public class OnCommittedResponseWrapperTests {
 		String s = "";
 		int off = 2;
 		int len = 3;
-		response.setContentLength(3);
+		this.response.setContentLength(3);
 
-		response.getWriter().write(s, off, len);
+		this.response.getWriter().write(s, off, len);
 
-		assertThat(committed).isTrue();
+		assertThat(this.committed).isTrue();
 	}
 
 	@Test
 	public void contentLengthPrintWriterWriteStringCommits() throws IOException {
 		String body = "something";
-		response.setContentLength(body.length());
+		this.response.setContentLength(body.length());
 
-		response.getWriter().write(body);
+		this.response.getWriter().write(body);
 
-		assertThat(committed).isTrue();
+		assertThat(this.committed).isTrue();
 	}
 
 	@Test
 	public void printWriterWriteStringContentLengthCommits() throws IOException {
 		String body = "something";
-		response.getWriter().write(body);
+		this.response.getWriter().write(body);
 
-		response.setContentLength(body.length());
+		this.response.setContentLength(body.length());
 
-		assertThat(committed).isTrue();
+		assertThat(this.committed).isTrue();
 	}
 
 	@Test
 	public void printWriterWriteStringDoesNotCommit() throws IOException {
 		String body = "something";
 
-		response.getWriter().write(body);
+		this.response.getWriter().write(body);
 
-		assertThat(committed).isFalse();
+		assertThat(this.committed).isFalse();
 	}
 
 	@Test
 	public void contentLengthPrintWriterPrintBooleanCommits() throws Exception {
 		boolean b = true;
-		response.setContentLength(1);
+		this.response.setContentLength(1);
 
-		response.getWriter().print(b);
+		this.response.getWriter().print(b);
 
-		assertThat(committed).isTrue();
+		assertThat(this.committed).isTrue();
 	}
 
 	@Test
 	public void contentLengthPrintWriterPrintCharCommits() throws Exception {
 		char c = 1;
-		response.setContentLength(1);
+		this.response.setContentLength(1);
 
-		response.getWriter().print(c);
+		this.response.getWriter().print(c);
 
-		assertThat(committed).isTrue();
+		assertThat(this.committed).isTrue();
 	}
 
 	@Test
 	public void contentLengthPrintWriterPrintIntCommits() throws Exception {
 		int i = 1234;
-		response.setContentLength(String.valueOf(i).length());
+		this.response.setContentLength(String.valueOf(i).length());
 
-		response.getWriter().print(i);
+		this.response.getWriter().print(i);
 
-		assertThat(committed).isTrue();
+		assertThat(this.committed).isTrue();
 	}
 
 	@Test
 	public void contentLengthPrintWriterPrintLongCommits() throws Exception {
 		long l = 12345;
-		response.setContentLength(String.valueOf(l).length());
+		this.response.setContentLength(String.valueOf(l).length());
 
-		response.getWriter().print(l);
+		this.response.getWriter().print(l);
 
-		assertThat(committed).isTrue();
+		assertThat(this.committed).isTrue();
 	}
 
 	@Test
 	public void contentLengthPrintWriterPrintFloatCommits() throws Exception {
 		float f = 12345;
-		response.setContentLength(String.valueOf(f).length());
+		this.response.setContentLength(String.valueOf(f).length());
 
-		response.getWriter().print(f);
+		this.response.getWriter().print(f);
 
-		assertThat(committed).isTrue();
+		assertThat(this.committed).isTrue();
 	}
 
 	@Test
 	public void contentLengthPrintWriterPrintDoubleCommits() throws Exception {
 		double x = 1.2345;
-		response.setContentLength(String.valueOf(x).length());
+		this.response.setContentLength(String.valueOf(x).length());
 
-		response.getWriter().print(x);
+		this.response.getWriter().print(x);
 
-		assertThat(committed).isTrue();
+		assertThat(this.committed).isTrue();
 	}
 
 	@Test
 	public void contentLengthPrintWriterPrintCharArrayCommits() throws Exception {
 		char[] x = new char[10];
-		response.setContentLength(x.length);
+		this.response.setContentLength(x.length);
 
-		response.getWriter().print(x);
+		this.response.getWriter().print(x);
 
-		assertThat(committed).isTrue();
+		assertThat(this.committed).isTrue();
 	}
 
 	@Test
 	public void contentLengthPrintWriterPrintStringCommits() throws Exception {
 		String x = "12345";
-		response.setContentLength(x.length());
+		this.response.setContentLength(x.length());
 
-		response.getWriter().print(x);
+		this.response.getWriter().print(x);
 
-		assertThat(committed).isTrue();
+		assertThat(this.committed).isTrue();
 	}
 
 	@Test
 	public void contentLengthPrintWriterPrintObjectCommits() throws Exception {
 		Object x = "12345";
-		response.setContentLength(String.valueOf(x).length());
+		this.response.setContentLength(String.valueOf(x).length());
 
-		response.getWriter().print(x);
+		this.response.getWriter().print(x);
 
-		assertThat(committed).isTrue();
+		assertThat(this.committed).isTrue();
 	}
 
 	@Test
 	public void contentLengthPrintWriterPrintlnCommits() throws Exception {
-		response.setContentLength(NL.length());
+		this.response.setContentLength(NL.length());
 
-		response.getWriter().println();
+		this.response.getWriter().println();
 
-		assertThat(committed).isTrue();
+		assertThat(this.committed).isTrue();
 	}
 
 	@Test
 	public void contentLengthPrintWriterPrintlnBooleanCommits() throws Exception {
 		boolean b = true;
-		response.setContentLength(1);
+		this.response.setContentLength(1);
 
-		response.getWriter().println(b);
+		this.response.getWriter().println(b);
 
-		assertThat(committed).isTrue();
+		assertThat(this.committed).isTrue();
 	}
 
 	@Test
 	public void contentLengthPrintWriterPrintlnCharCommits() throws Exception {
 		char c = 1;
-		response.setContentLength(1);
+		this.response.setContentLength(1);
 
-		response.getWriter().println(c);
+		this.response.getWriter().println(c);
 
-		assertThat(committed).isTrue();
+		assertThat(this.committed).isTrue();
 	}
 
 	@Test
 	public void contentLengthPrintWriterPrintlnIntCommits() throws Exception {
 		int i = 12345;
-		response.setContentLength(String.valueOf(i).length());
+		this.response.setContentLength(String.valueOf(i).length());
 
-		response.getWriter().println(i);
+		this.response.getWriter().println(i);
 
-		assertThat(committed).isTrue();
+		assertThat(this.committed).isTrue();
 	}
 
 	@Test
 	public void contentLengthPrintWriterPrintlnLongCommits() throws Exception {
 		long l = 12345678;
-		response.setContentLength(String.valueOf(l).length());
+		this.response.setContentLength(String.valueOf(l).length());
 
-		response.getWriter().println(l);
+		this.response.getWriter().println(l);
 
-		assertThat(committed).isTrue();
+		assertThat(this.committed).isTrue();
 	}
 
 	@Test
 	public void contentLengthPrintWriterPrintlnFloatCommits() throws Exception {
 		float f = 1234;
-		response.setContentLength(String.valueOf(f).length());
+		this.response.setContentLength(String.valueOf(f).length());
 
-		response.getWriter().println(f);
+		this.response.getWriter().println(f);
 
-		assertThat(committed).isTrue();
+		assertThat(this.committed).isTrue();
 	}
 
 	@Test
 	public void contentLengthPrintWriterPrintlnDoubleCommits() throws Exception {
 		double x = 1;
-		response.setContentLength(String.valueOf(x).length());
+		this.response.setContentLength(String.valueOf(x).length());
 
-		response.getWriter().println(x);
+		this.response.getWriter().println(x);
 
-		assertThat(committed).isTrue();
+		assertThat(this.committed).isTrue();
 	}
 
 	@Test
 	public void contentLengthPrintWriterPrintlnCharArrayCommits() throws Exception {
 		char[] x = new char[20];
-		response.setContentLength(x.length);
+		this.response.setContentLength(x.length);
 
-		response.getWriter().println(x);
+		this.response.getWriter().println(x);
 
-		assertThat(committed).isTrue();
+		assertThat(this.committed).isTrue();
 	}
 
 	@Test
 	public void contentLengthPrintWriterPrintlnStringCommits() throws Exception {
 		String x = "1";
-		response.setContentLength(String.valueOf(x).length());
+		this.response.setContentLength(String.valueOf(x).length());
 
-		response.getWriter().println(x);
+		this.response.getWriter().println(x);
 
-		assertThat(committed).isTrue();
+		assertThat(this.committed).isTrue();
 	}
 
 	@Test
 	public void contentLengthPrintWriterPrintlnObjectCommits() throws Exception {
 		Object x = "1";
-		response.setContentLength(String.valueOf(x).length());
+		this.response.setContentLength(String.valueOf(x).length());
 
-		response.getWriter().println(x);
+		this.response.getWriter().println(x);
 
-		assertThat(committed).isTrue();
+		assertThat(this.committed).isTrue();
 	}
 
 	@Test
 	public void contentLengthPrintWriterAppendCharSequenceCommits() throws Exception {
 		String x = "a";
-		response.setContentLength(String.valueOf(x).length());
+		this.response.setContentLength(String.valueOf(x).length());
 
-		response.getWriter().append(x);
+		this.response.getWriter().append(x);
 
-		assertThat(committed).isTrue();
+		assertThat(this.committed).isTrue();
 	}
 
 	@Test
@@ -858,55 +858,55 @@ public class OnCommittedResponseWrapperTests {
 		String x = "abcdef";
 		int start = 1;
 		int end = 3;
-		response.setContentLength(end - start);
+		this.response.setContentLength(end - start);
 
-		response.getWriter().append(x, start, end);
+		this.response.getWriter().append(x, start, end);
 
-		assertThat(committed).isTrue();
+		assertThat(this.committed).isTrue();
 	}
 
 	@Test
 	public void contentLengthPrintWriterAppendCharCommits() throws Exception {
 		char x = 1;
-		response.setContentLength(1);
+		this.response.setContentLength(1);
 
-		response.getWriter().append(x);
+		this.response.getWriter().append(x);
 
-		assertThat(committed).isTrue();
+		assertThat(this.committed).isTrue();
 	}
 
 	@Test
 	public void contentLengthOutputStreamWriteIntCommits() throws Exception {
 		int expected = 1;
-		response.setContentLength(String.valueOf(expected).length());
+		this.response.setContentLength(String.valueOf(expected).length());
 
-		response.getOutputStream().write(expected);
+		this.response.getOutputStream().write(expected);
 
-		assertThat(committed).isTrue();
+		assertThat(this.committed).isTrue();
 	}
 
 	@Test
 	public void contentLengthOutputStreamWriteIntMultiDigitCommits() throws Exception {
 		int expected = 10000;
-		response.setContentLength(String.valueOf(expected).length());
+		this.response.setContentLength(String.valueOf(expected).length());
 
-		response.getOutputStream().write(expected);
+		this.response.getOutputStream().write(expected);
 
-		assertThat(committed).isTrue();
+		assertThat(this.committed).isTrue();
 	}
 
 	@Test
 	public void contentLengthPlus1OutputStreamWriteIntMultiDigitCommits() throws Exception {
 		int expected = 10000;
-		response.setContentLength(String.valueOf(expected).length() + 1);
+		this.response.setContentLength(String.valueOf(expected).length() + 1);
 
-		response.getOutputStream().write(expected);
+		this.response.getOutputStream().write(expected);
 
-		assertThat(committed).isFalse();
+		assertThat(this.committed).isFalse();
 
-		response.getOutputStream().write(1);
+		this.response.getOutputStream().write(1);
 
-		assertThat(committed).isTrue();
+		assertThat(this.committed).isTrue();
 	}
 
 	// gh-171
@@ -915,230 +915,230 @@ public class OnCommittedResponseWrapperTests {
 		String expected = "{\n" + "  \"parameterName\" : \"_csrf\",\n"
 				+ "  \"token\" : \"06300b65-c4aa-4c8f-8cda-39ee17f545a0\",\n" + "  \"headerName\" : \"X-CSRF-TOKEN\"\n"
 				+ "}";
-		response.setContentLength(expected.length() + 1);
+		this.response.setContentLength(expected.length() + 1);
 
-		response.getOutputStream().write(expected.getBytes());
+		this.response.getOutputStream().write(expected.getBytes());
 
-		assertThat(committed).isFalse();
+		assertThat(this.committed).isFalse();
 
-		response.getOutputStream().write("1".getBytes("UTF-8"));
+		this.response.getOutputStream().write("1".getBytes("UTF-8"));
 
-		assertThat(committed).isTrue();
+		assertThat(this.committed).isTrue();
 	}
 
 	@Test
 	public void contentLengthOutputStreamPrintBooleanCommits() throws Exception {
 		boolean b = true;
-		response.setContentLength(1);
+		this.response.setContentLength(1);
 
-		response.getOutputStream().print(b);
+		this.response.getOutputStream().print(b);
 
-		assertThat(committed).isTrue();
+		assertThat(this.committed).isTrue();
 	}
 
 	@Test
 	public void contentLengthOutputStreamPrintCharCommits() throws Exception {
 		char c = 1;
-		response.setContentLength(1);
+		this.response.setContentLength(1);
 
-		response.getOutputStream().print(c);
+		this.response.getOutputStream().print(c);
 
-		assertThat(committed).isTrue();
+		assertThat(this.committed).isTrue();
 	}
 
 	@Test
 	public void contentLengthOutputStreamPrintIntCommits() throws Exception {
 		int i = 1234;
-		response.setContentLength(String.valueOf(i).length());
+		this.response.setContentLength(String.valueOf(i).length());
 
-		response.getOutputStream().print(i);
+		this.response.getOutputStream().print(i);
 
-		assertThat(committed).isTrue();
+		assertThat(this.committed).isTrue();
 	}
 
 	@Test
 	public void contentLengthOutputStreamPrintLongCommits() throws Exception {
 		long l = 12345;
-		response.setContentLength(String.valueOf(l).length());
+		this.response.setContentLength(String.valueOf(l).length());
 
-		response.getOutputStream().print(l);
+		this.response.getOutputStream().print(l);
 
-		assertThat(committed).isTrue();
+		assertThat(this.committed).isTrue();
 	}
 
 	@Test
 	public void contentLengthOutputStreamPrintFloatCommits() throws Exception {
 		float f = 12345;
-		response.setContentLength(String.valueOf(f).length());
+		this.response.setContentLength(String.valueOf(f).length());
 
-		response.getOutputStream().print(f);
+		this.response.getOutputStream().print(f);
 
-		assertThat(committed).isTrue();
+		assertThat(this.committed).isTrue();
 	}
 
 	@Test
 	public void contentLengthOutputStreamPrintDoubleCommits() throws Exception {
 		double x = 1.2345;
-		response.setContentLength(String.valueOf(x).length());
+		this.response.setContentLength(String.valueOf(x).length());
 
-		response.getOutputStream().print(x);
+		this.response.getOutputStream().print(x);
 
-		assertThat(committed).isTrue();
+		assertThat(this.committed).isTrue();
 	}
 
 	@Test
 	public void contentLengthOutputStreamPrintStringCommits() throws Exception {
 		String x = "12345";
-		response.setContentLength(x.length());
+		this.response.setContentLength(x.length());
 
-		response.getOutputStream().print(x);
+		this.response.getOutputStream().print(x);
 
-		assertThat(committed).isTrue();
+		assertThat(this.committed).isTrue();
 	}
 
 	@Test
 	public void contentLengthOutputStreamPrintlnCommits() throws Exception {
-		response.setContentLength(NL.length());
+		this.response.setContentLength(NL.length());
 
-		response.getOutputStream().println();
+		this.response.getOutputStream().println();
 
-		assertThat(committed).isTrue();
+		assertThat(this.committed).isTrue();
 	}
 
 	@Test
 	public void contentLengthOutputStreamPrintlnBooleanCommits() throws Exception {
 		boolean b = true;
-		response.setContentLength(1);
+		this.response.setContentLength(1);
 
-		response.getOutputStream().println(b);
+		this.response.getOutputStream().println(b);
 
-		assertThat(committed).isTrue();
+		assertThat(this.committed).isTrue();
 	}
 
 	@Test
 	public void contentLengthOutputStreamPrintlnCharCommits() throws Exception {
 		char c = 1;
-		response.setContentLength(1);
+		this.response.setContentLength(1);
 
-		response.getOutputStream().println(c);
+		this.response.getOutputStream().println(c);
 
-		assertThat(committed).isTrue();
+		assertThat(this.committed).isTrue();
 	}
 
 	@Test
 	public void contentLengthOutputStreamPrintlnIntCommits() throws Exception {
 		int i = 12345;
-		response.setContentLength(String.valueOf(i).length());
+		this.response.setContentLength(String.valueOf(i).length());
 
-		response.getOutputStream().println(i);
+		this.response.getOutputStream().println(i);
 
-		assertThat(committed).isTrue();
+		assertThat(this.committed).isTrue();
 	}
 
 	@Test
 	public void contentLengthOutputStreamPrintlnLongCommits() throws Exception {
 		long l = 12345678;
-		response.setContentLength(String.valueOf(l).length());
+		this.response.setContentLength(String.valueOf(l).length());
 
-		response.getOutputStream().println(l);
+		this.response.getOutputStream().println(l);
 
-		assertThat(committed).isTrue();
+		assertThat(this.committed).isTrue();
 	}
 
 	@Test
 	public void contentLengthOutputStreamPrintlnFloatCommits() throws Exception {
 		float f = 1234;
-		response.setContentLength(String.valueOf(f).length());
+		this.response.setContentLength(String.valueOf(f).length());
 
-		response.getOutputStream().println(f);
+		this.response.getOutputStream().println(f);
 
-		assertThat(committed).isTrue();
+		assertThat(this.committed).isTrue();
 	}
 
 	@Test
 	public void contentLengthOutputStreamPrintlnDoubleCommits() throws Exception {
 		double x = 1;
-		response.setContentLength(String.valueOf(x).length());
+		this.response.setContentLength(String.valueOf(x).length());
 
-		response.getOutputStream().println(x);
+		this.response.getOutputStream().println(x);
 
-		assertThat(committed).isTrue();
+		assertThat(this.committed).isTrue();
 	}
 
 	@Test
 	public void contentLengthOutputStreamPrintlnStringCommits() throws Exception {
 		String x = "1";
-		response.setContentLength(String.valueOf(x).length());
+		this.response.setContentLength(String.valueOf(x).length());
 
-		response.getOutputStream().println(x);
+		this.response.getOutputStream().println(x);
 
-		assertThat(committed).isTrue();
+		assertThat(this.committed).isTrue();
 	}
 
 	@Test
 	public void contentLengthDoesNotCommit() {
 		String body = "something";
 
-		response.setContentLength(body.length());
+		this.response.setContentLength(body.length());
 
-		assertThat(committed).isFalse();
+		assertThat(this.committed).isFalse();
 	}
 
 	@Test
 	public void contentLengthOutputStreamWriteStringCommits() throws IOException {
 		String body = "something";
-		response.setContentLength(body.length());
+		this.response.setContentLength(body.length());
 
-		response.getOutputStream().print(body);
+		this.response.getOutputStream().print(body);
 
-		assertThat(committed).isTrue();
+		assertThat(this.committed).isTrue();
 	}
 
 	// gh-7261
 	@Test
 	public void contentLengthLongOutputStreamWriteStringCommits() throws IOException {
 		String body = "something";
-		response.setContentLengthLong(body.length());
+		this.response.setContentLengthLong(body.length());
 
-		response.getOutputStream().print(body);
+		this.response.getOutputStream().print(body);
 
-		assertThat(committed).isTrue();
+		assertThat(this.committed).isTrue();
 	}
 
 	@Test
 	public void addHeaderContentLengthPrintWriterWriteStringCommits() throws Exception {
 		int expected = 1234;
-		response.addHeader("Content-Length", String.valueOf(String.valueOf(expected).length()));
+		this.response.addHeader("Content-Length", String.valueOf(String.valueOf(expected).length()));
 
-		response.getWriter().write(expected);
+		this.response.getWriter().write(expected);
 
-		assertThat(committed).isTrue();
+		assertThat(this.committed).isTrue();
 	}
 
 	@Test
 	public void bufferSizePrintWriterWriteCommits() throws Exception {
 		String expected = "1234567890";
-		when(response.getBufferSize()).thenReturn(expected.length());
+		when(this.response.getBufferSize()).thenReturn(expected.length());
 
-		response.getWriter().write(expected);
+		this.response.getWriter().write(expected);
 
-		assertThat(committed).isTrue();
+		assertThat(this.committed).isTrue();
 	}
 
 	@Test
 	public void bufferSizeCommitsOnce() throws Exception {
 		String expected = "1234567890";
-		when(response.getBufferSize()).thenReturn(expected.length());
+		when(this.response.getBufferSize()).thenReturn(expected.length());
 
-		response.getWriter().write(expected);
+		this.response.getWriter().write(expected);
 
-		assertThat(committed).isTrue();
+		assertThat(this.committed).isTrue();
 
-		committed = false;
+		this.committed = false;
 
-		response.getWriter().write(expected);
+		this.response.getWriter().write(expected);
 
-		assertThat(committed).isFalse();
+		assertThat(this.committed).isFalse();
 	}
 
 }
diff --git a/web/src/test/java/org/springframework/security/web/util/matcher/AndRequestMatcherTests.java b/web/src/test/java/org/springframework/security/web/util/matcher/AndRequestMatcherTests.java
index cb4e373b5f..bfb6196e15 100644
--- a/web/src/test/java/org/springframework/security/web/util/matcher/AndRequestMatcherTests.java
+++ b/web/src/test/java/org/springframework/security/web/util/matcher/AndRequestMatcherTests.java
@@ -79,44 +79,44 @@ public class AndRequestMatcherTests {
 
 	@Test
 	public void matchesSingleTrue() {
-		when(delegate.matches(request)).thenReturn(true);
-		matcher = new AndRequestMatcher(delegate);
+		when(this.delegate.matches(this.request)).thenReturn(true);
+		this.matcher = new AndRequestMatcher(this.delegate);
 
-		assertThat(matcher.matches(request)).isTrue();
+		assertThat(this.matcher.matches(this.request)).isTrue();
 	}
 
 	@Test
 	public void matchesMultiTrue() {
-		when(delegate.matches(request)).thenReturn(true);
-		when(delegate2.matches(request)).thenReturn(true);
-		matcher = new AndRequestMatcher(delegate, delegate2);
+		when(this.delegate.matches(this.request)).thenReturn(true);
+		when(this.delegate2.matches(this.request)).thenReturn(true);
+		this.matcher = new AndRequestMatcher(this.delegate, this.delegate2);
 
-		assertThat(matcher.matches(request)).isTrue();
+		assertThat(this.matcher.matches(this.request)).isTrue();
 	}
 
 	@Test
 	public void matchesSingleFalse() {
-		when(delegate.matches(request)).thenReturn(false);
-		matcher = new AndRequestMatcher(delegate);
+		when(this.delegate.matches(this.request)).thenReturn(false);
+		this.matcher = new AndRequestMatcher(this.delegate);
 
-		assertThat(matcher.matches(request)).isFalse();
+		assertThat(this.matcher.matches(this.request)).isFalse();
 	}
 
 	@Test
 	public void matchesMultiBothFalse() {
-		when(delegate.matches(request)).thenReturn(false);
-		matcher = new AndRequestMatcher(delegate, delegate2);
+		when(this.delegate.matches(this.request)).thenReturn(false);
+		this.matcher = new AndRequestMatcher(this.delegate, this.delegate2);
 
-		assertThat(matcher.matches(request)).isFalse();
+		assertThat(this.matcher.matches(this.request)).isFalse();
 	}
 
 	@Test
 	public void matchesMultiSingleFalse() {
-		when(delegate.matches(request)).thenReturn(true);
-		when(delegate2.matches(request)).thenReturn(false);
-		matcher = new AndRequestMatcher(delegate, delegate2);
+		when(this.delegate.matches(this.request)).thenReturn(true);
+		when(this.delegate2.matches(this.request)).thenReturn(false);
+		this.matcher = new AndRequestMatcher(this.delegate, this.delegate2);
 
-		assertThat(matcher.matches(request)).isFalse();
+		assertThat(this.matcher.matches(this.request)).isFalse();
 	}
 
 }
diff --git a/web/src/test/java/org/springframework/security/web/util/matcher/IpAddressMatcherTests.java b/web/src/test/java/org/springframework/security/web/util/matcher/IpAddressMatcherTests.java
index 127e6bd793..f99fb66b7b 100644
--- a/web/src/test/java/org/springframework/security/web/util/matcher/IpAddressMatcherTests.java
+++ b/web/src/test/java/org/springframework/security/web/util/matcher/IpAddressMatcherTests.java
@@ -38,33 +38,33 @@ public class IpAddressMatcherTests {
 
 	@Before
 	public void setup() {
-		ipv6Request.setRemoteAddr("fe80::21f:5bff:fe33:bd68");
-		ipv4Request.setRemoteAddr("192.168.1.104");
+		this.ipv6Request.setRemoteAddr("fe80::21f:5bff:fe33:bd68");
+		this.ipv4Request.setRemoteAddr("192.168.1.104");
 	}
 
 	@Test
 	public void ipv6MatcherMatchesIpv6Address() {
-		assertThat(v6matcher.matches(ipv6Request)).isTrue();
+		assertThat(this.v6matcher.matches(this.ipv6Request)).isTrue();
 	}
 
 	@Test
 	public void ipv6MatcherDoesntMatchIpv4Address() {
-		assertThat(v6matcher.matches(ipv4Request)).isFalse();
+		assertThat(this.v6matcher.matches(this.ipv4Request)).isFalse();
 	}
 
 	@Test
 	public void ipv4MatcherMatchesIpv4Address() {
-		assertThat(v4matcher.matches(ipv4Request)).isTrue();
+		assertThat(this.v4matcher.matches(this.ipv4Request)).isTrue();
 	}
 
 	@Test
 	public void ipv4SubnetMatchesCorrectly() {
 		IpAddressMatcher matcher = new IpAddressMatcher("192.168.1.0/24");
-		assertThat(matcher.matches(ipv4Request)).isTrue();
+		assertThat(matcher.matches(this.ipv4Request)).isTrue();
 		matcher = new IpAddressMatcher("192.168.1.128/25");
-		assertThat(matcher.matches(ipv4Request)).isFalse();
-		ipv4Request.setRemoteAddr("192.168.1.159"); // 159 = 0x9f
-		assertThat(matcher.matches(ipv4Request)).isTrue();
+		assertThat(matcher.matches(this.ipv4Request)).isFalse();
+		this.ipv4Request.setRemoteAddr("192.168.1.159"); // 159 = 0x9f
+		assertThat(matcher.matches(this.ipv4Request)).isTrue();
 	}
 
 	@Test
diff --git a/web/src/test/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcherRequestHCNSTests.java b/web/src/test/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcherRequestHCNSTests.java
index bd4afb7b4c..272203a039 100644
--- a/web/src/test/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcherRequestHCNSTests.java
+++ b/web/src/test/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcherRequestHCNSTests.java
@@ -43,105 +43,113 @@ public class MediaTypeRequestMatcherRequestHCNSTests {
 
 	@Before
 	public void setup() {
-		negotiationStrategy = new HeaderContentNegotiationStrategy();
-		request = new MockHttpServletRequest();
+		this.negotiationStrategy = new HeaderContentNegotiationStrategy();
+		this.request = new MockHttpServletRequest();
 	}
 
 	@Test
 	public void mediaAllMatches() {
-		request.addHeader("Accept", MediaType.ALL_VALUE);
-		matcher = new MediaTypeRequestMatcher(negotiationStrategy, MediaType.TEXT_HTML);
+		this.request.addHeader("Accept", MediaType.ALL_VALUE);
+		this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, MediaType.TEXT_HTML);
 
-		assertThat(matcher.matches(request)).isTrue();
+		assertThat(this.matcher.matches(this.request)).isTrue();
 
-		matcher = new MediaTypeRequestMatcher(negotiationStrategy, MediaType.APPLICATION_XHTML_XML);
-		assertThat(matcher.matches(request)).isTrue();
+		this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, MediaType.APPLICATION_XHTML_XML);
+		assertThat(this.matcher.matches(this.request)).isTrue();
 	}
 
 	// ignoreMediaTypeAll
 
 	@Test
 	public void mediaAllIgnoreMediaTypeAll() {
-		request.addHeader("Accept", MediaType.ALL_VALUE);
-		matcher = new MediaTypeRequestMatcher(negotiationStrategy, MediaType.TEXT_HTML);
-		matcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL));
+		this.request.addHeader("Accept", MediaType.ALL_VALUE);
+		this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, MediaType.TEXT_HTML);
+		this.matcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL));
 
-		assertThat(matcher.matches(request)).isFalse();
+		assertThat(this.matcher.matches(this.request)).isFalse();
 	}
 
 	@Test
 	public void mediaAllAndTextHtmlIgnoreMediaTypeAll() {
-		request.addHeader("Accept", MediaType.ALL_VALUE + "," + MediaType.TEXT_HTML_VALUE);
-		matcher = new MediaTypeRequestMatcher(negotiationStrategy, MediaType.TEXT_HTML);
-		matcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL));
+		this.request.addHeader("Accept", MediaType.ALL_VALUE + "," + MediaType.TEXT_HTML_VALUE);
+		this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, MediaType.TEXT_HTML);
+		this.matcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL));
 
-		assertThat(matcher.matches(request)).isTrue();
+		assertThat(this.matcher.matches(this.request)).isTrue();
 	}
 
 	// JavaDoc
 
 	@Test
 	public void javadocJsonJson() {
-		request.addHeader("Accept", MediaType.APPLICATION_JSON_VALUE);
-		MediaTypeRequestMatcher matcher = new MediaTypeRequestMatcher(negotiationStrategy, MediaType.APPLICATION_JSON);
+		this.request.addHeader("Accept", MediaType.APPLICATION_JSON_VALUE);
+		MediaTypeRequestMatcher matcher = new MediaTypeRequestMatcher(this.negotiationStrategy,
+				MediaType.APPLICATION_JSON);
 
-		assertThat(matcher.matches(request)).isTrue();
+		assertThat(matcher.matches(this.request)).isTrue();
 	}
 
 	@Test
 	public void javadocAllJson() {
-		request.addHeader("Accept", MediaType.ALL_VALUE);
-		MediaTypeRequestMatcher matcher = new MediaTypeRequestMatcher(negotiationStrategy, MediaType.APPLICATION_JSON);
+		this.request.addHeader("Accept", MediaType.ALL_VALUE);
+		MediaTypeRequestMatcher matcher = new MediaTypeRequestMatcher(this.negotiationStrategy,
+				MediaType.APPLICATION_JSON);
 
-		assertThat(matcher.matches(request)).isTrue();
+		assertThat(matcher.matches(this.request)).isTrue();
 	}
 
 	@Test
 	public void javadocAllJsonIgnoreAll() {
-		request.addHeader("Accept", MediaType.ALL_VALUE);
-		MediaTypeRequestMatcher matcher = new MediaTypeRequestMatcher(negotiationStrategy, MediaType.APPLICATION_JSON);
+		this.request.addHeader("Accept", MediaType.ALL_VALUE);
+		MediaTypeRequestMatcher matcher = new MediaTypeRequestMatcher(this.negotiationStrategy,
+				MediaType.APPLICATION_JSON);
 		matcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL));
-		assertThat(matcher.matches(request)).isFalse();
+		assertThat(matcher.matches(this.request)).isFalse();
 	}
 
 	@Test
 	public void javadocJsonJsonIgnoreAll() {
-		request.addHeader("Accept", MediaType.APPLICATION_JSON_VALUE);
-		MediaTypeRequestMatcher matcher = new MediaTypeRequestMatcher(negotiationStrategy, MediaType.APPLICATION_JSON);
+		this.request.addHeader("Accept", MediaType.APPLICATION_JSON_VALUE);
+		MediaTypeRequestMatcher matcher = new MediaTypeRequestMatcher(this.negotiationStrategy,
+				MediaType.APPLICATION_JSON);
 		matcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL));
-		assertThat(matcher.matches(request)).isTrue();
+		assertThat(matcher.matches(this.request)).isTrue();
 	}
 
 	@Test
 	public void javadocJsonJsonUseEquals() {
-		request.addHeader("Accept", MediaType.APPLICATION_JSON_VALUE);
-		MediaTypeRequestMatcher matcher = new MediaTypeRequestMatcher(negotiationStrategy, MediaType.APPLICATION_JSON);
+		this.request.addHeader("Accept", MediaType.APPLICATION_JSON_VALUE);
+		MediaTypeRequestMatcher matcher = new MediaTypeRequestMatcher(this.negotiationStrategy,
+				MediaType.APPLICATION_JSON);
 		matcher.setUseEquals(true);
-		assertThat(matcher.matches(request)).isTrue();
+		assertThat(matcher.matches(this.request)).isTrue();
 	}
 
 	@Test
 	public void javadocAllJsonUseEquals() {
-		request.addHeader("Accept", MediaType.ALL_VALUE);
-		MediaTypeRequestMatcher matcher = new MediaTypeRequestMatcher(negotiationStrategy, MediaType.APPLICATION_JSON);
+		this.request.addHeader("Accept", MediaType.ALL_VALUE);
+		MediaTypeRequestMatcher matcher = new MediaTypeRequestMatcher(this.negotiationStrategy,
+				MediaType.APPLICATION_JSON);
 		matcher.setUseEquals(true);
-		assertThat(matcher.matches(request)).isFalse();
+		assertThat(matcher.matches(this.request)).isFalse();
 	}
 
 	@Test
 	public void javadocApplicationAllJsonUseEquals() {
-		request.addHeader("Accept", new MediaType("application", "*"));
-		MediaTypeRequestMatcher matcher = new MediaTypeRequestMatcher(negotiationStrategy, MediaType.APPLICATION_JSON);
+		this.request.addHeader("Accept", new MediaType("application", "*"));
+		MediaTypeRequestMatcher matcher = new MediaTypeRequestMatcher(this.negotiationStrategy,
+				MediaType.APPLICATION_JSON);
 		matcher.setUseEquals(true);
-		assertThat(matcher.matches(request)).isFalse();
+		assertThat(matcher.matches(this.request)).isFalse();
 	}
 
 	@Test
 	public void javadocAllJsonUseFalse() {
-		request.addHeader("Accept", MediaType.ALL_VALUE);
-		MediaTypeRequestMatcher matcher = new MediaTypeRequestMatcher(negotiationStrategy, MediaType.APPLICATION_JSON);
+		this.request.addHeader("Accept", MediaType.ALL_VALUE);
+		MediaTypeRequestMatcher matcher = new MediaTypeRequestMatcher(this.negotiationStrategy,
+				MediaType.APPLICATION_JSON);
 		matcher.setUseEquals(true);
-		assertThat(matcher.matches(request)).isFalse();
+		assertThat(matcher.matches(this.request)).isFalse();
 	}
 
 }
\ No newline at end of file
diff --git a/web/src/test/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcherTests.java b/web/src/test/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcherTests.java
index 53e59823d2..0f8db758d2 100644
--- a/web/src/test/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcherTests.java
+++ b/web/src/test/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcherTests.java
@@ -51,7 +51,7 @@ public class MediaTypeRequestMatcherTests {
 
 	@Before
 	public void setup() {
-		request = new MockHttpServletRequest();
+		this.request = new MockHttpServletRequest();
 	}
 
 	@Test(expected = IllegalArgumentException.class)
@@ -67,18 +67,18 @@ public class MediaTypeRequestMatcherTests {
 
 	@Test(expected = IllegalArgumentException.class)
 	public void constructorNoVarargs() {
-		new MediaTypeRequestMatcher(negotiationStrategy);
+		new MediaTypeRequestMatcher(this.negotiationStrategy);
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void constructorNullMediaTypes() {
 		Collection<MediaType> mediaTypes = null;
-		new MediaTypeRequestMatcher(negotiationStrategy, mediaTypes);
+		new MediaTypeRequestMatcher(this.negotiationStrategy, mediaTypes);
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void constructorEmtpyMediaTypes() {
-		new MediaTypeRequestMatcher(negotiationStrategy, Collections.<MediaType>emptyList());
+		new MediaTypeRequestMatcher(this.negotiationStrategy, Collections.<MediaType>emptyList());
 	}
 
 	@Test(expected = IllegalArgumentException.class)
@@ -93,284 +93,285 @@ public class MediaTypeRequestMatcherTests {
 
 	@Test
 	public void negotiationStrategyThrowsHMTNAE() throws HttpMediaTypeNotAcceptableException {
-		when(negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class)))
+		when(this.negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class)))
 				.thenThrow(new HttpMediaTypeNotAcceptableException("oops"));
 
-		matcher = new MediaTypeRequestMatcher(negotiationStrategy, MediaType.ALL);
-		assertThat(matcher.matches(request)).isFalse();
+		this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, MediaType.ALL);
+		assertThat(this.matcher.matches(this.request)).isFalse();
 	}
 
 	@Test
 	public void mediaAllMatches() throws Exception {
 
-		when(negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class)))
+		when(this.negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class)))
 				.thenReturn(Arrays.asList(MediaType.ALL));
 
-		matcher = new MediaTypeRequestMatcher(negotiationStrategy, MediaType.TEXT_HTML);
-		assertThat(matcher.matches(request)).isTrue();
+		this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, MediaType.TEXT_HTML);
+		assertThat(this.matcher.matches(this.request)).isTrue();
 
-		matcher = new MediaTypeRequestMatcher(negotiationStrategy, MediaType.APPLICATION_XHTML_XML);
-		assertThat(matcher.matches(request)).isTrue();
+		this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, MediaType.APPLICATION_XHTML_XML);
+		assertThat(this.matcher.matches(this.request)).isTrue();
 	}
 
 	@Test
 	public void matchWhenAcceptHeaderAsteriskThenAll() {
-		request.addHeader("Accept", "*/*");
-		matcher = new MediaTypeRequestMatcher(MediaType.ALL);
-		assertThat(matcher.matches(request)).isTrue();
+		this.request.addHeader("Accept", "*/*");
+		this.matcher = new MediaTypeRequestMatcher(MediaType.ALL);
+		assertThat(this.matcher.matches(this.request)).isTrue();
 	}
 
 	@Test
 	public void matchWhenAcceptHeaderAsteriskThenAnyone() {
-		request.addHeader("Accept", "*/*");
-		matcher = new MediaTypeRequestMatcher(MediaType.TEXT_HTML);
-		assertThat(matcher.matches(request)).isTrue();
+		this.request.addHeader("Accept", "*/*");
+		this.matcher = new MediaTypeRequestMatcher(MediaType.TEXT_HTML);
+		assertThat(this.matcher.matches(this.request)).isTrue();
 	}
 
 	@Test
 	public void matchWhenAcceptHeaderAsteriskThenAllInCollection() {
-		request.addHeader("Accept", "*/*");
-		matcher = new MediaTypeRequestMatcher(Collections.singleton(MediaType.ALL));
-		assertThat(matcher.matches(request)).isTrue();
+		this.request.addHeader("Accept", "*/*");
+		this.matcher = new MediaTypeRequestMatcher(Collections.singleton(MediaType.ALL));
+		assertThat(this.matcher.matches(this.request)).isTrue();
 	}
 
 	@Test
 	public void matchWhenAcceptHeaderAsteriskThenAnyoneInCollection() {
-		request.addHeader("Accept", "*/*");
-		matcher = new MediaTypeRequestMatcher(Collections.singleton(MediaType.TEXT_HTML));
-		assertThat(matcher.matches(request)).isTrue();
+		this.request.addHeader("Accept", "*/*");
+		this.matcher = new MediaTypeRequestMatcher(Collections.singleton(MediaType.TEXT_HTML));
+		assertThat(this.matcher.matches(this.request)).isTrue();
 	}
 
 	@Test
 	public void matchWhenNoAcceptHeaderThenAll() {
-		request.removeHeader("Accept");
+		this.request.removeHeader("Accept");
 		// if not set Accept, it is match all
-		matcher = new MediaTypeRequestMatcher(MediaType.ALL);
-		assertThat(matcher.matches(request)).isTrue();
+		this.matcher = new MediaTypeRequestMatcher(MediaType.ALL);
+		assertThat(this.matcher.matches(this.request)).isTrue();
 	}
 
 	@Test
 	public void matchWhenNoAcceptHeaderThenAnyone() {
-		request.removeHeader("Accept");
-		matcher = new MediaTypeRequestMatcher(MediaType.TEXT_HTML);
-		assertThat(matcher.matches(request)).isTrue();
+		this.request.removeHeader("Accept");
+		this.matcher = new MediaTypeRequestMatcher(MediaType.TEXT_HTML);
+		assertThat(this.matcher.matches(this.request)).isTrue();
 	}
 
 	@Test
 	public void matchWhenSingleAcceptHeaderThenOne() {
-		request.addHeader("Accept", "text/html");
-		matcher = new MediaTypeRequestMatcher(MediaType.TEXT_HTML);
-		assertThat(matcher.matches(request)).isTrue();
+		this.request.addHeader("Accept", "text/html");
+		this.matcher = new MediaTypeRequestMatcher(MediaType.TEXT_HTML);
+		assertThat(this.matcher.matches(this.request)).isTrue();
 	}
 
 	@Test
 	public void matchWhenSingleAcceptHeaderThenOneWithCollection() {
-		request.addHeader("Accept", "text/html");
-		matcher = new MediaTypeRequestMatcher(Collections.singleton(MediaType.TEXT_HTML));
-		assertThat(matcher.matches(request)).isTrue();
+		this.request.addHeader("Accept", "text/html");
+		this.matcher = new MediaTypeRequestMatcher(Collections.singleton(MediaType.TEXT_HTML));
+		assertThat(this.matcher.matches(this.request)).isTrue();
 	}
 
 	@Test
 	public void matchWhenMultipleAcceptHeaderThenMatchMultiple() {
-		request.addHeader("Accept", "text/html, application/xhtml+xml, application/xml;q=0.9");
-		matcher = new MediaTypeRequestMatcher(MediaType.TEXT_HTML, MediaType.APPLICATION_XHTML_XML,
+		this.request.addHeader("Accept", "text/html, application/xhtml+xml, application/xml;q=0.9");
+		this.matcher = new MediaTypeRequestMatcher(MediaType.TEXT_HTML, MediaType.APPLICATION_XHTML_XML,
 				MediaType.APPLICATION_XML);
-		assertThat(matcher.matches(request)).isTrue();
+		assertThat(this.matcher.matches(this.request)).isTrue();
 	}
 
 	@Test
 	public void matchWhenMultipleAcceptHeaderThenAnyoneInCollection() {
-		request.addHeader("Accept", "text/html, application/xhtml+xml, application/xml;q=0.9");
-		matcher = new MediaTypeRequestMatcher(Arrays.asList(MediaType.APPLICATION_XHTML_XML));
-		assertThat(matcher.matches(request)).isTrue();
+		this.request.addHeader("Accept", "text/html, application/xhtml+xml, application/xml;q=0.9");
+		this.matcher = new MediaTypeRequestMatcher(Arrays.asList(MediaType.APPLICATION_XHTML_XML));
+		assertThat(this.matcher.matches(this.request)).isTrue();
 	}
 
 	@Test
 	public void multipleMediaType() throws HttpMediaTypeNotAcceptableException {
-		when(negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class)))
+		when(this.negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class)))
 				.thenReturn(Arrays.asList(MediaType.TEXT_PLAIN, MediaType.APPLICATION_XHTML_XML, MediaType.TEXT_HTML));
 
-		matcher = new MediaTypeRequestMatcher(negotiationStrategy, MediaType.APPLICATION_ATOM_XML, MediaType.TEXT_HTML);
-		assertThat(matcher.matches(request)).isTrue();
+		this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, MediaType.APPLICATION_ATOM_XML,
+				MediaType.TEXT_HTML);
+		assertThat(this.matcher.matches(this.request)).isTrue();
 
-		matcher = new MediaTypeRequestMatcher(negotiationStrategy, MediaType.APPLICATION_XHTML_XML,
+		this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, MediaType.APPLICATION_XHTML_XML,
 				MediaType.APPLICATION_JSON);
-		assertThat(matcher.matches(request)).isTrue();
+		assertThat(this.matcher.matches(this.request)).isTrue();
 
-		matcher = new MediaTypeRequestMatcher(negotiationStrategy, MediaType.APPLICATION_FORM_URLENCODED,
+		this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, MediaType.APPLICATION_FORM_URLENCODED,
 				MediaType.APPLICATION_JSON);
-		assertThat(matcher.matches(request)).isFalse();
+		assertThat(this.matcher.matches(this.request)).isFalse();
 	}
 
 	@Test
 	public void resolveTextPlainMatchesTextAll() throws HttpMediaTypeNotAcceptableException {
-		when(negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class)))
+		when(this.negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class)))
 				.thenReturn(Arrays.asList(MediaType.TEXT_PLAIN));
 
-		matcher = new MediaTypeRequestMatcher(negotiationStrategy, new MediaType("text", "*"));
-		assertThat(matcher.matches(request)).isTrue();
+		this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, new MediaType("text", "*"));
+		assertThat(this.matcher.matches(this.request)).isTrue();
 	}
 
 	@Test
 	public void matchWhenAcceptHeaderIsTextThenMediaTypeAllIsMatched() {
-		request.addHeader("Accept", MediaType.TEXT_PLAIN_VALUE);
+		this.request.addHeader("Accept", MediaType.TEXT_PLAIN_VALUE);
 
-		matcher = new MediaTypeRequestMatcher(new MediaType("text", "*"));
-		assertThat(matcher.matches(request)).isTrue();
+		this.matcher = new MediaTypeRequestMatcher(new MediaType("text", "*"));
+		assertThat(this.matcher.matches(this.request)).isTrue();
 	}
 
 	@Test
 	public void resolveTextAllMatchesTextPlain() throws HttpMediaTypeNotAcceptableException {
-		when(negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class)))
+		when(this.negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class)))
 				.thenReturn(Arrays.asList(new MediaType("text", "*")));
 
-		matcher = new MediaTypeRequestMatcher(negotiationStrategy, MediaType.TEXT_PLAIN);
-		assertThat(matcher.matches(request)).isTrue();
+		this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, MediaType.TEXT_PLAIN);
+		assertThat(this.matcher.matches(this.request)).isTrue();
 	}
 
 	@Test
 	public void matchWhenAcceptHeaderIsTextWildcardThenMediaTypeTextIsMatched() {
-		request.addHeader("Accept", "text/*");
+		this.request.addHeader("Accept", "text/*");
 
-		matcher = new MediaTypeRequestMatcher(MediaType.TEXT_PLAIN);
-		assertThat(matcher.matches(request)).isTrue();
+		this.matcher = new MediaTypeRequestMatcher(MediaType.TEXT_PLAIN);
+		assertThat(this.matcher.matches(this.request)).isTrue();
 	}
 
 	// useEquals
 
 	@Test
 	public void useEqualsResolveTextAllMatchesTextPlain() throws HttpMediaTypeNotAcceptableException {
-		when(negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class)))
+		when(this.negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class)))
 				.thenReturn(Arrays.asList(new MediaType("text", "*")));
 
-		matcher = new MediaTypeRequestMatcher(negotiationStrategy, MediaType.TEXT_PLAIN);
-		matcher.setUseEquals(true);
-		assertThat(matcher.matches(request)).isFalse();
+		this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, MediaType.TEXT_PLAIN);
+		this.matcher.setUseEquals(true);
+		assertThat(this.matcher.matches(this.request)).isFalse();
 	}
 
 	@Test
 	public void useEqualsWhenTrueThenMediaTypeTextIsNotMatched() {
-		request.addHeader("Accept", "text/*");
+		this.request.addHeader("Accept", "text/*");
 
-		matcher = new MediaTypeRequestMatcher(MediaType.TEXT_PLAIN);
-		matcher.setUseEquals(true);
-		assertThat(matcher.matches(request)).isFalse();
+		this.matcher = new MediaTypeRequestMatcher(MediaType.TEXT_PLAIN);
+		this.matcher.setUseEquals(true);
+		assertThat(this.matcher.matches(this.request)).isFalse();
 	}
 
 	@Test
 	public void useEqualsResolveTextPlainMatchesTextAll() throws HttpMediaTypeNotAcceptableException {
-		when(negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class)))
+		when(this.negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class)))
 				.thenReturn(Arrays.asList(MediaType.TEXT_PLAIN));
 
-		matcher = new MediaTypeRequestMatcher(negotiationStrategy, new MediaType("text", "*"));
-		matcher.setUseEquals(true);
-		assertThat(matcher.matches(request)).isFalse();
+		this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, new MediaType("text", "*"));
+		this.matcher.setUseEquals(true);
+		assertThat(this.matcher.matches(this.request)).isFalse();
 	}
 
 	@Test
 	public void useEqualsWhenTrueThenMediaTypeTextAllIsNotMatched() {
-		request.addHeader("Accept", MediaType.TEXT_PLAIN_VALUE);
+		this.request.addHeader("Accept", MediaType.TEXT_PLAIN_VALUE);
 
-		matcher = new MediaTypeRequestMatcher(new MediaType("text", "*"));
-		matcher.setUseEquals(true);
-		assertThat(matcher.matches(request)).isFalse();
+		this.matcher = new MediaTypeRequestMatcher(new MediaType("text", "*"));
+		this.matcher.setUseEquals(true);
+		assertThat(this.matcher.matches(this.request)).isFalse();
 	}
 
 	@Test
 	public void useEqualsSame() throws HttpMediaTypeNotAcceptableException {
-		when(negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class)))
+		when(this.negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class)))
 				.thenReturn(Arrays.asList(MediaType.TEXT_PLAIN));
 
-		matcher = new MediaTypeRequestMatcher(negotiationStrategy, MediaType.TEXT_PLAIN);
-		matcher.setUseEquals(true);
-		assertThat(matcher.matches(request)).isTrue();
+		this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, MediaType.TEXT_PLAIN);
+		this.matcher.setUseEquals(true);
+		assertThat(this.matcher.matches(this.request)).isTrue();
 	}
 
 	@Test
 	public void useEqualsWhenTrueThenMediaTypeIsMatchedWithEqualString() {
-		request.addHeader("Accept", MediaType.TEXT_PLAIN_VALUE);
+		this.request.addHeader("Accept", MediaType.TEXT_PLAIN_VALUE);
 
-		matcher = new MediaTypeRequestMatcher(MediaType.TEXT_PLAIN);
-		matcher.setUseEquals(true);
-		assertThat(matcher.matches(request)).isTrue();
+		this.matcher = new MediaTypeRequestMatcher(MediaType.TEXT_PLAIN);
+		this.matcher.setUseEquals(true);
+		assertThat(this.matcher.matches(this.request)).isTrue();
 	}
 
 	@Test
 	public void useEqualsWithCustomMediaType() throws HttpMediaTypeNotAcceptableException {
-		when(negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class)))
+		when(this.negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class)))
 				.thenReturn(Arrays.asList(new MediaType("text", "unique")));
 
-		matcher = new MediaTypeRequestMatcher(negotiationStrategy, new MediaType("text", "unique"));
-		matcher.setUseEquals(true);
-		assertThat(matcher.matches(request)).isTrue();
+		this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, new MediaType("text", "unique"));
+		this.matcher.setUseEquals(true);
+		assertThat(this.matcher.matches(this.request)).isTrue();
 	}
 
 	@Test
 	public void useEqualsWhenTrueThenCustomMediaTypeIsMatched() {
-		request.addHeader("Accept", "text/unique");
+		this.request.addHeader("Accept", "text/unique");
 
-		matcher = new MediaTypeRequestMatcher(new MediaType("text", "unique"));
-		matcher.setUseEquals(true);
-		assertThat(matcher.matches(request)).isTrue();
+		this.matcher = new MediaTypeRequestMatcher(new MediaType("text", "unique"));
+		this.matcher.setUseEquals(true);
+		assertThat(this.matcher.matches(this.request)).isTrue();
 	}
 
 	// ignoreMediaTypeAll
 
 	@Test
 	public void mediaAllIgnoreMediaTypeAll() throws HttpMediaTypeNotAcceptableException {
-		when(negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class)))
+		when(this.negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class)))
 				.thenReturn(Arrays.asList(MediaType.ALL));
-		matcher = new MediaTypeRequestMatcher(negotiationStrategy, MediaType.TEXT_HTML);
-		matcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL));
+		this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, MediaType.TEXT_HTML);
+		this.matcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL));
 
-		assertThat(matcher.matches(request)).isFalse();
+		assertThat(this.matcher.matches(this.request)).isFalse();
 	}
 
 	@Test
 	public void ignoredMediaTypesWhenAllThenAnyoneIsNotMatched() {
-		request.addHeader("Accept", MediaType.ALL_VALUE);
-		matcher = new MediaTypeRequestMatcher(MediaType.TEXT_HTML);
-		matcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL));
+		this.request.addHeader("Accept", MediaType.ALL_VALUE);
+		this.matcher = new MediaTypeRequestMatcher(MediaType.TEXT_HTML);
+		this.matcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL));
 
-		assertThat(matcher.matches(request)).isFalse();
+		assertThat(this.matcher.matches(this.request)).isFalse();
 	}
 
 	@Test
 	public void mediaAllAndTextHtmlIgnoreMediaTypeAll() throws HttpMediaTypeNotAcceptableException {
-		when(negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class)))
+		when(this.negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class)))
 				.thenReturn(Arrays.asList(MediaType.ALL, MediaType.TEXT_HTML));
-		matcher = new MediaTypeRequestMatcher(negotiationStrategy, MediaType.TEXT_HTML);
-		matcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL));
+		this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, MediaType.TEXT_HTML);
+		this.matcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL));
 
-		assertThat(matcher.matches(request)).isTrue();
+		assertThat(this.matcher.matches(this.request)).isTrue();
 	}
 
 	@Test
 	public void ignoredMediaTypesWhenAllAndTextThenTextCanBeMatched() {
-		request.addHeader("Accept", MediaType.ALL_VALUE + ", " + MediaType.TEXT_HTML_VALUE);
-		matcher = new MediaTypeRequestMatcher(MediaType.TEXT_HTML);
-		matcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL));
+		this.request.addHeader("Accept", MediaType.ALL_VALUE + ", " + MediaType.TEXT_HTML_VALUE);
+		this.matcher = new MediaTypeRequestMatcher(MediaType.TEXT_HTML);
+		this.matcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL));
 
-		assertThat(matcher.matches(request)).isTrue();
+		assertThat(this.matcher.matches(this.request)).isTrue();
 	}
 
 	@Test
 	public void mediaAllQ08AndTextPlainIgnoreMediaTypeAll() throws HttpMediaTypeNotAcceptableException {
-		when(negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class)))
+		when(this.negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class)))
 				.thenReturn(Arrays.asList(MediaType.TEXT_PLAIN, MediaType.parseMediaType("*/*;q=0.8")));
-		matcher = new MediaTypeRequestMatcher(negotiationStrategy, MediaType.TEXT_HTML);
-		matcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL));
+		this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, MediaType.TEXT_HTML);
+		this.matcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL));
 
-		assertThat(matcher.matches(request)).isFalse();
+		assertThat(this.matcher.matches(this.request)).isFalse();
 	}
 
 	@Test
 	public void ignoredMediaTypesWhenAllThenQ08WithTextIsNotMatched() {
-		request.addHeader("Accept", MediaType.TEXT_PLAIN + ", */*;q=0.8");
-		matcher = new MediaTypeRequestMatcher(MediaType.TEXT_HTML);
-		matcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL));
+		this.request.addHeader("Accept", MediaType.TEXT_PLAIN + ", */*;q=0.8");
+		this.matcher = new MediaTypeRequestMatcher(MediaType.TEXT_HTML);
+		this.matcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL));
 
-		assertThat(matcher.matches(request)).isFalse();
+		assertThat(this.matcher.matches(this.request)).isFalse();
 	}
 
 }
diff --git a/web/src/test/java/org/springframework/security/web/util/matcher/NegatedRequestMatcherTests.java b/web/src/test/java/org/springframework/security/web/util/matcher/NegatedRequestMatcherTests.java
index 71e8acd008..c587839f38 100644
--- a/web/src/test/java/org/springframework/security/web/util/matcher/NegatedRequestMatcherTests.java
+++ b/web/src/test/java/org/springframework/security/web/util/matcher/NegatedRequestMatcherTests.java
@@ -47,18 +47,18 @@ public class NegatedRequestMatcherTests {
 
 	@Test
 	public void matchesDelegateFalse() {
-		when(delegate.matches(request)).thenReturn(false);
-		matcher = new NegatedRequestMatcher(delegate);
+		when(this.delegate.matches(this.request)).thenReturn(false);
+		this.matcher = new NegatedRequestMatcher(this.delegate);
 
-		assertThat(matcher.matches(request)).isTrue();
+		assertThat(this.matcher.matches(this.request)).isTrue();
 	}
 
 	@Test
 	public void matchesDelegateTrue() {
-		when(delegate.matches(request)).thenReturn(true);
-		matcher = new NegatedRequestMatcher(delegate);
+		when(this.delegate.matches(this.request)).thenReturn(true);
+		this.matcher = new NegatedRequestMatcher(this.delegate);
 
-		assertThat(matcher.matches(request)).isFalse();
+		assertThat(this.matcher.matches(this.request)).isFalse();
 	}
 
 }
diff --git a/web/src/test/java/org/springframework/security/web/util/matcher/OrRequestMatcherTests.java b/web/src/test/java/org/springframework/security/web/util/matcher/OrRequestMatcherTests.java
index 3284acfd03..0401304aa7 100644
--- a/web/src/test/java/org/springframework/security/web/util/matcher/OrRequestMatcherTests.java
+++ b/web/src/test/java/org/springframework/security/web/util/matcher/OrRequestMatcherTests.java
@@ -79,43 +79,43 @@ public class OrRequestMatcherTests {
 
 	@Test
 	public void matchesSingleTrue() {
-		when(delegate.matches(request)).thenReturn(true);
-		matcher = new OrRequestMatcher(delegate);
+		when(this.delegate.matches(this.request)).thenReturn(true);
+		this.matcher = new OrRequestMatcher(this.delegate);
 
-		assertThat(matcher.matches(request)).isTrue();
+		assertThat(this.matcher.matches(this.request)).isTrue();
 	}
 
 	@Test
 	public void matchesMultiTrue() {
-		when(delegate.matches(request)).thenReturn(true);
-		matcher = new OrRequestMatcher(delegate, delegate2);
+		when(this.delegate.matches(this.request)).thenReturn(true);
+		this.matcher = new OrRequestMatcher(this.delegate, this.delegate2);
 
-		assertThat(matcher.matches(request)).isTrue();
+		assertThat(this.matcher.matches(this.request)).isTrue();
 	}
 
 	@Test
 	public void matchesSingleFalse() {
-		when(delegate.matches(request)).thenReturn(false);
-		matcher = new OrRequestMatcher(delegate);
+		when(this.delegate.matches(this.request)).thenReturn(false);
+		this.matcher = new OrRequestMatcher(this.delegate);
 
-		assertThat(matcher.matches(request)).isFalse();
+		assertThat(this.matcher.matches(this.request)).isFalse();
 	}
 
 	@Test
 	public void matchesMultiBothFalse() {
-		when(delegate.matches(request)).thenReturn(false);
-		when(delegate2.matches(request)).thenReturn(false);
-		matcher = new OrRequestMatcher(delegate, delegate2);
+		when(this.delegate.matches(this.request)).thenReturn(false);
+		when(this.delegate2.matches(this.request)).thenReturn(false);
+		this.matcher = new OrRequestMatcher(this.delegate, this.delegate2);
 
-		assertThat(matcher.matches(request)).isFalse();
+		assertThat(this.matcher.matches(this.request)).isFalse();
 	}
 
 	@Test
 	public void matchesMultiSingleFalse() {
-		when(delegate.matches(request)).thenReturn(true);
-		matcher = new OrRequestMatcher(delegate, delegate2);
+		when(this.delegate.matches(this.request)).thenReturn(true);
+		this.matcher = new OrRequestMatcher(this.delegate, this.delegate2);
 
-		assertThat(matcher.matches(request)).isTrue();
+		assertThat(this.matcher.matches(this.request)).isTrue();
 	}
 
 }
diff --git a/web/src/test/java/org/springframework/security/web/util/matcher/RegexRequestMatcherTests.java b/web/src/test/java/org/springframework/security/web/util/matcher/RegexRequestMatcherTests.java
index 6af02418f9..298629371b 100644
--- a/web/src/test/java/org/springframework/security/web/util/matcher/RegexRequestMatcherTests.java
+++ b/web/src/test/java/org/springframework/security/web/util/matcher/RegexRequestMatcherTests.java
@@ -115,9 +115,9 @@ public class RegexRequestMatcherTests {
 	}
 
 	private HttpServletRequest createRequestWithNullMethod(String path) {
-		when(request.getQueryString()).thenReturn("doesntMatter");
-		when(request.getServletPath()).thenReturn(path);
-		return request;
+		when(this.request.getQueryString()).thenReturn("doesntMatter");
+		when(this.request.getServletPath()).thenReturn(path);
+		return this.request;
 	}
 
 }
diff --git a/web/src/test/java/org/springframework/security/web/util/matcher/RequestHeaderRequestMatcherTests.java b/web/src/test/java/org/springframework/security/web/util/matcher/RequestHeaderRequestMatcherTests.java
index 69e09cca4e..7f9d4b3b77 100644
--- a/web/src/test/java/org/springframework/security/web/util/matcher/RequestHeaderRequestMatcherTests.java
+++ b/web/src/test/java/org/springframework/security/web/util/matcher/RequestHeaderRequestMatcherTests.java
@@ -36,7 +36,7 @@ public class RequestHeaderRequestMatcherTests {
 
 	@Before
 	public void setup() {
-		request = new MockHttpServletRequest();
+		this.request = new MockHttpServletRequest();
 	}
 
 	@Test(expected = IllegalArgumentException.class)
@@ -51,39 +51,39 @@ public class RequestHeaderRequestMatcherTests {
 
 	@Test
 	public void matchesHeaderNameMatches() {
-		request.addHeader(headerName, headerValue);
-		assertThat(new RequestHeaderRequestMatcher(headerName).matches(request)).isTrue();
+		this.request.addHeader(this.headerName, this.headerValue);
+		assertThat(new RequestHeaderRequestMatcher(this.headerName).matches(this.request)).isTrue();
 	}
 
 	@Test
 	public void matchesHeaderNameDoesNotMatch() {
-		request.addHeader(headerName + "notMatch", headerValue);
-		assertThat(new RequestHeaderRequestMatcher(headerName).matches(request)).isFalse();
+		this.request.addHeader(this.headerName + "notMatch", this.headerValue);
+		assertThat(new RequestHeaderRequestMatcher(this.headerName).matches(this.request)).isFalse();
 	}
 
 	@Test
 	public void matchesHeaderNameValueMatches() {
-		request.addHeader(headerName, headerValue);
-		assertThat(new RequestHeaderRequestMatcher(headerName, headerValue).matches(request)).isTrue();
+		this.request.addHeader(this.headerName, this.headerValue);
+		assertThat(new RequestHeaderRequestMatcher(this.headerName, this.headerValue).matches(this.request)).isTrue();
 	}
 
 	@Test
 	public void matchesHeaderNameValueHeaderNameNotMatch() {
-		request.addHeader(headerName + "notMatch", headerValue);
-		assertThat(new RequestHeaderRequestMatcher(headerName, headerValue).matches(request)).isFalse();
+		this.request.addHeader(this.headerName + "notMatch", this.headerValue);
+		assertThat(new RequestHeaderRequestMatcher(this.headerName, this.headerValue).matches(this.request)).isFalse();
 	}
 
 	@Test
 	public void matchesHeaderNameValueHeaderValueNotMatch() {
-		request.addHeader(headerName, headerValue + "notMatch");
-		assertThat(new RequestHeaderRequestMatcher(headerName, headerValue).matches(request)).isFalse();
+		this.request.addHeader(this.headerName, this.headerValue + "notMatch");
+		assertThat(new RequestHeaderRequestMatcher(this.headerName, this.headerValue).matches(this.request)).isFalse();
 	}
 
 	@Test
 	public void matchesHeaderNameValueHeaderValueMultiNotMatch() {
-		request.addHeader(headerName, headerValue + "notMatch");
-		request.addHeader(headerName, headerValue);
-		assertThat(new RequestHeaderRequestMatcher(headerName, headerValue).matches(request)).isFalse();
+		this.request.addHeader(this.headerName, this.headerValue + "notMatch");
+		this.request.addHeader(this.headerName, this.headerValue);
+		assertThat(new RequestHeaderRequestMatcher(this.headerName, this.headerValue).matches(this.request)).isFalse();
 	}
 
 }

From 9e08b51ed351421907ad0131c68ef2e193b96828 Mon Sep 17 00:00:00 2001
From: Phillip Webb <pwebb@vmware.com>
Date: Sun, 26 Jul 2020 12:04:13 -0700
Subject: [PATCH 19/84] Apply code cleanup rules to projects

Apply automated cleanup rules to add `@Override` and `@Deprecated`
annotations and to fix class references used with static methods.

Issue gh-8945
---
 .../security/acls/AclEntryVoter.java          |  2 +
 .../acls/AclPermissionCacheOptimizer.java     |  1 +
 .../security/acls/AclPermissionEvaluator.java |  2 +
 .../afterinvocation/AbstractAclProvider.java  |  2 +
 ...InvocationCollectionFilteringProvider.java |  1 +
 .../AclEntryAfterInvocationProvider.java      |  2 +
 .../acls/afterinvocation/ArrayFilterer.java   |  6 ++
 .../afterinvocation/CollectionFilterer.java   |  3 +
 .../acls/afterinvocation/Filterer.java        |  1 +
 .../acls/domain/AbstractPermission.java       |  5 ++
 .../domain/AclAuthorizationStrategyImpl.java  |  1 +
 .../acls/domain/ConsoleAuditLogger.java       |  1 +
 .../acls/domain/CumulativePermission.java     |  1 +
 .../acls/domain/DefaultPermissionFactory.java |  3 +
 .../DefaultPermissionGrantingStrategy.java    |  1 +
 .../acls/domain/EhCacheBasedAclCache.java     |  6 ++
 .../ObjectIdentityRetrievalStrategyImpl.java  |  2 +
 .../acls/domain/SidRetrievalStrategyImpl.java |  1 +
 .../acls/domain/SpringCacheBasedAclCache.java |  6 ++
 .../acls/jdbc/BasicLookupStrategy.java        |  9 +++
 .../security/acls/jdbc/JdbcAclService.java    |  5 ++
 .../acls/jdbc/JdbcMutableAclService.java      |  5 ++
 .../security/acls/model/ObjectIdentity.java   |  2 +
 .../security/acls/model/OwnershipAcl.java     |  1 +
 .../security/acls/model/Sid.java              |  2 +
 .../security/acls/domain/AclImplTests.java    |  8 +++
 ...icLookupStrategyWithAclClassTypeTests.java |  1 +
 .../acls/jdbc/JdbcMutableAclServiceTests.java |  6 +-
 .../aspect/AnnotationSecurityAspectTests.java |  3 +
 .../security/cas/ServiceProperties.java       |  1 +
 .../CasAssertionAuthenticationToken.java      |  2 +
 .../EhCacheBasedTicketCache.java              |  5 ++
 .../NullStatelessTicketCache.java             |  4 ++
 .../SpringCacheBasedTicketCache.java          |  4 ++
 ...bstractCasAssertionUserDetailsService.java |  1 +
 .../cas/web/CasAuthenticationEntryPoint.java  |  2 +
 .../cas/web/CasAuthenticationFilter.java      |  2 +
 .../DefaultServiceAuthenticationDetails.java  |  1 +
 .../ServiceAuthenticationDetailsSource.java   |  1 +
 .../CasAuthenticationProviderTests.java       |  6 ++
 ...onProviderBuilderSecurityBuilderTests.java |  8 +++
 ...AuthenticationProviderConfigurerTests.java |  3 +
 ...dapAuthenticationProviderTestsConfigs.java |  4 ++
 .../config/DebugBeanDefinitionParser.java     |  1 +
 .../config/SecurityNamespaceHandler.java      |  3 +
 .../annotation/AbstractSecurityBuilder.java   |  1 +
 .../annotation/SecurityConfigurerAdapter.java |  3 +
 .../AuthenticationManagerBuilder.java         |  1 +
 ...GlobalAuthenticationConfigurerAdapter.java |  2 +
 .../AbstractDaoAuthenticationConfigurer.java  |  1 +
 ...utowireBeanFactoryObjectPostProcessor.java |  2 +
 ...thodSecurityAspectJAutoProxyRegistrar.java |  1 +
 .../GlobalMethodSecurityConfiguration.java    |  2 +
 .../GlobalMethodSecuritySelector.java         |  1 +
 ...ecurityMetadataSourceAdvisorRegistrar.java |  1 +
 .../rsocket/PayloadInterceptorOrder.java      |  1 +
 .../web/builders/FilterComparator.java        |  1 +
 .../annotation/web/builders/HttpSecurity.java |  8 +++
 .../SpringWebMvcImportSelector.java           |  1 +
 .../WebSecurityConfiguration.java             |  2 +
 .../WebSecurityConfigurerAdapter.java         |  5 ++
 ...ConfigAttributeRequestMatcherRegistry.java |  1 +
 .../web/configurers/PermitAllSupport.java     |  1 +
 .../UrlAuthorizationConfigurer.java           |  1 +
 .../openid/OpenIDLoginConfigurer.java         |  1 +
 ...MessageSecurityMetadataSourceRegistry.java |  9 +++
 .../WebMvcSecurityConfiguration.java          |  1 +
 ...urityWebSocketMessageBrokerConfigurer.java |  2 +
 ...serDetailsServiceBeanDefinitionParser.java |  1 +
 ...enticationManagerBeanDefinitionParser.java |  3 +
 .../AuthenticationManagerFactoryBean.java     |  4 ++
 ...nticationProviderBeanDefinitionParser.java |  1 +
 .../JdbcUserServiceBeanDefinitionParser.java  |  2 +
 .../UserServiceBeanDefinitionParser.java      |  2 +
 ...SecurityDebugBeanFactoryPostProcessor.java |  2 +
 .../http/AuthenticationConfigBuilder.java     |  1 +
 .../http/DefaultFilterChainValidator.java     |  1 +
 .../http/FilterChainBeanDefinitionParser.java |  1 +
 ...FilterChainMapBeanDefinitionDecorator.java |  1 +
 ...nvocationSecurityMetadataSourceParser.java |  2 +
 ...HandlerMappingIntrospectorFactoryBean.java |  1 +
 .../http/HeadersBeanDefinitionParser.java     |  1 +
 .../config/http/HttpConfigurationBuilder.java |  2 +
 .../HttpFirewallBeanDefinitionParser.java     |  1 +
 .../http/LogoutBeanDefinitionParser.java      |  1 +
 .../PortMappingsBeanDefinitionParser.java     |  1 +
 .../http/RememberMeBeanDefinitionParser.java  |  1 +
 .../http/UserDetailsServiceFactoryBean.java   |  1 +
 .../ContextSourceSettingPostProcessor.java    |  2 +
 .../LdapProviderBeanDefinitionParser.java     |  1 +
 .../ldap/LdapServerBeanDefinitionParser.java  |  1 +
 .../LdapUserServiceBeanDefinitionParser.java  |  2 +
 ...balMethodSecurityBeanDefinitionParser.java |  5 ++
 ...terceptMethodsBeanDefinitionDecorator.java |  5 +-
 ...ityMetadataSourceBeanDefinitionParser.java |  1 +
 .../method/ProtectPointcutPostProcessor.java  |  2 +
 ...ageBrokerSecurityBeanDefinitionParser.java | 10 +++
 .../BeanNameCollectingPostProcessor.java      |  2 +
 .../security/CollectingAppListener.java       |  1 +
 .../security/config/DataSourcePopulator.java  |  1 +
 .../config/MockAfterInvocationProvider.java   |  3 +
 .../security/config/MockEventListener.java    |  1 +
 .../config/MockTransactionManager.java        |  3 +
 .../MockUserServiceBeanPostProcessor.java     |  2 +
 .../PostProcessedMockUserDetailsService.java  |  1 +
 .../security/config/TestBusinessBeanImpl.java |  6 ++
 .../config/TransactionalTestBusinessBean.java |  5 ++
 .../annotation/ObjectPostProcessorTests.java  |  1 +
 ...SecurityConfigurerAdapterClosureTests.java |  2 +-
 .../SecurityConfigurerAdapterTests.java       |  2 +
 .../AuthenticationManagerBuilderTests.java    |  2 +
 .../NamespaceAuthenticationProviderTests.java |  3 +
 .../NamespaceJdbcUserServiceTests.java        |  6 +-
 .../PasswordEncoderConfigurerTests.java       |  2 +
 .../AuthenticationConfigurationTests.java     |  6 ++
 .../AroundMethodInterceptor.java              |  1 +
 .../annotation/issue50/SecurityConfig.java    |  2 +
 ...lMethodSecurityExpressionHandlerTests.java |  2 +
 .../NamespaceGlobalMethodSecurityTests.java   |  8 +++
 ...SampleEnableGlobalMethodSecurityTests.java |  2 +
 .../annotation/sec2758/Sec2758Tests.java      |  3 +-
 ...bstractConfiguredSecurityBuilderTests.java |  1 +
 ...RequestMatcherRegistryAnyMatcherTests.java |  5 ++
 ...mpleWebSecurityConfigurerAdapterTests.java |  1 +
 .../web/builders/HttpConfigurationTests.java  |  3 +
 .../web/builders/NamespaceHttpTests.java      |  1 +
 .../web/configuration/Sec2515Tests.java       |  1 +
 ...gAttributeRequestMatcherRegistryTests.java |  3 +
 .../configurers/AnonymousConfigurerTests.java |  2 +
 .../web/configurers/DefaultFiltersTests.java  |  2 +
 ...essionUrlAuthorizationConfigurerTests.java |  2 +
 .../configurers/HttpBasicConfigurerTests.java |  1 +
 .../HttpSecurityAntMatchersTests.java         |  2 +
 .../configurers/HttpSecurityLogoutTests.java  |  1 +
 .../web/configurers/Issue55Tests.java         |  1 +
 .../NamespaceHttpAnonymousTests.java          |  1 +
 .../configurers/NamespaceHttpBasicTests.java  |  2 +
 .../NamespaceHttpCustomFilterTests.java       |  7 ++
 .../NamespaceHttpFormLoginTests.java          |  2 +
 .../NamespaceHttpInterceptUrlTests.java       |  1 +
 .../configurers/NamespaceHttpLogoutTests.java |  2 +-
 .../NamespaceHttpPortMappingsTests.java       |  1 +
 .../NamespaceHttpRequestCacheTests.java       |  4 ++
 ...aceHttpServerAccessDeniedHandlerTests.java |  4 ++
 .../configurers/NamespaceHttpX509Tests.java   |  2 +
 .../NamespaceSessionManagementTests.java      |  1 +
 .../RememberMeConfigurerTests.java            |  5 ++
 .../OAuth2ResourceServerConfigurerTests.java  |  2 +
 ...SocketMessageBrokerConfigurerDocTests.java |  1 +
 ...WebSocketMessageBrokerConfigurerTests.java | 11 +++
 ...cutorSubscribableChannelPostProcessor.java |  2 +
 ...ationManagerBeanDefinitionParserTests.java |  1 +
 .../config/core/HelloWorldMessageService.java |  2 +
 .../debug/TestAuthenticationProvider.java     |  2 +
 .../security/config/http/CsrfConfigTests.java |  7 +-
 .../config/http/InterceptUrlConfigTests.java  |  2 +-
 .../config/http/MiscHttpConfigTests.java      | 10 +--
 .../http/SessionManagementConfigTests.java    |  2 +-
 ...thodSecurityBeanDefinitionParserTests.java |  3 +
 ...ptMethodsBeanDefinitionDecoratorTests.java |  1 +
 .../method/TestPermissionEvaluator.java       |  2 +
 .../sec2136/JpaPermissionEvaluator.java       |  2 +
 ...egistrationsBeanDefinitionParserTests.java |  3 +-
 .../config/test/SpringTestContext.java        |  1 +
 .../security/config/test/SpringTestRule.java  |  1 +
 .../util/InMemoryXmlApplicationContext.java   |  1 +
 .../config/web/server/OAuth2LoginTests.java   |  2 +-
 .../WebSocketMessageBrokerConfigTests.java    |  4 +-
 .../Jsr250MethodSecurityMetadataSource.java   |  3 +
 .../access/annotation/Jsr250Voter.java        |  3 +
 ...curedAnnotationSecurityMetadataSource.java |  4 ++
 .../security/access/event/LoggerListener.java |  1 +
 .../AbstractSecurityExpressionHandler.java    |  3 +
 .../DenyAllPermissionEvaluator.java           |  2 +
 .../expression/SecurityExpressionRoot.java    | 13 ++++
 ...tExpressionBasedMethodConfigAttribute.java |  1 +
 ...efaultMethodSecurityExpressionHandler.java |  4 ++
 ...essionBasedAnnotationAttributeFactory.java |  2 +
 .../ExpressionBasedPostInvocationAdvice.java  |  1 +
 .../ExpressionBasedPreInvocationAdvice.java   |  1 +
 .../method/MethodSecurityExpressionRoot.java  |  5 ++
 .../hierarchicalroles/NullRoleHierarchy.java  |  1 +
 .../RoleHierarchyAuthoritiesMapper.java       |  1 +
 .../AbstractSecurityInterceptor.java          |  4 ++
 .../AfterInvocationProviderManager.java       |  4 ++
 .../MethodInvocationPrivilegeEvaluator.java   |  1 +
 .../access/intercept/NullRunAsManager.java    |  3 +
 .../RunAsImplAuthenticationProvider.java      |  4 ++
 .../access/intercept/RunAsManagerImpl.java    |  4 ++
 .../MethodSecurityInterceptor.java            |  3 +
 .../MethodSecurityMetadataSourceAdvisor.java  |  4 ++
 .../aspectj/MethodInvocationAdapter.java      |  5 ++
 ...tFallbackMethodSecurityMetadataSource.java |  1 +
 .../AbstractMethodSecurityMetadataSource.java |  2 +
 ...elegatingMethodSecurityMetadataSource.java |  1 +
 .../prepost/PostInvocationAdviceProvider.java |  3 +
 ...PreInvocationAuthorizationAdviceVoter.java |  3 +
 ...rePostAdviceReactiveMethodInterceptor.java |  9 +--
 .../vote/AbstractAccessDecisionManager.java   |  4 ++
 .../access/vote/AbstractAclVoter.java         |  1 +
 .../access/vote/AffirmativeBased.java         |  1 +
 .../access/vote/AuthenticatedVoter.java       |  3 +
 .../security/access/vote/ConsensusBased.java  |  1 +
 .../security/access/vote/RoleVoter.java       |  3 +
 .../security/access/vote/UnanimousBased.java  |  1 +
 .../AbstractAuthenticationToken.java          |  6 ++
 .../AccountStatusUserDetailsChecker.java      |  1 +
 .../AnonymousAuthenticationProvider.java      |  3 +
 .../AuthenticationTrustResolverImpl.java      |  2 +
 .../CachingUserDetailsService.java            |  1 +
 .../DefaultAuthenticationEventPublisher.java  |  3 +
 ...legatingReactiveAuthenticationManager.java |  1 +
 .../authentication/ProviderManager.java       |  5 ++
 .../RememberMeAuthenticationProvider.java     |  4 ++
 .../TestingAuthenticationProvider.java        |  2 +
 .../TestingAuthenticationToken.java           |  2 +
 .../UsernamePasswordAuthenticationToken.java  |  3 +
 ...ractUserDetailsAuthenticationProvider.java |  6 ++
 .../dao/DaoAuthenticationProvider.java        |  3 +
 .../authentication/event/LoggerListener.java  |  1 +
 .../AbstractJaasAuthenticationProvider.java   |  6 ++
 .../jaas/DefaultLoginExceptionResolver.java   |  1 +
 .../jaas/JaasNameCallbackHandler.java         |  1 +
 .../jaas/JaasPasswordCallbackHandler.java     |  1 +
 .../jaas/SecurityContextLoginModule.java      |  5 ++
 .../rcp/RemoteAuthenticationManagerImpl.java  |  2 +
 .../rcp/RemoteAuthenticationProvider.java     |  3 +
 .../DelegatingSecurityContextExecutor.java    |  1 +
 ...egatingSecurityContextExecutorService.java | 12 ++++
 ...curityContextScheduledExecutorService.java |  4 ++
 .../DelegatingApplicationListener.java        |  1 +
 ...edAttributes2GrantedAuthoritiesMapper.java |  3 +
 .../mapping/NullAuthoritiesMapper.java        |  1 +
 ...leAttributes2GrantedAuthoritiesMapper.java |  2 +
 .../mapping/SimpleAuthorityMapper.java        |  2 +
 .../SimpleMappableAttributesRetriever.java    |  1 +
 .../GlobalSecurityContextHolderStrategy.java  |  4 ++
 ...eadLocalSecurityContextHolderStrategy.java |  4 ++
 ...eadLocalSecurityContextHolderStrategy.java |  4 ++
 .../KeyBasedPersistenceTokenService.java      |  3 +
 .../core/token/SecureRandomFactoryBean.java   |  3 +
 .../security/core/userdetails/User.java       |  9 +++
 .../UserDetailsByNameServiceWrapper.java      |  2 +
 .../cache/EhCacheBasedUserCache.java          |  4 ++
 .../core/userdetails/cache/NullUserCache.java |  3 +
 .../cache/SpringCacheBasedUserCache.java      |  3 +
 .../memory/UserAttributeEditor.java           |  1 +
 .../InMemoryUserDetailsManager.java           |  6 ++
 .../provisioning/JdbcUserDetailsManager.java  | 17 +++++
 .../security/provisioning/MutableUser.java    |  8 +++
 ...SecurityContextSchedulingTaskExecutor.java |  1 +
 ...atingSecurityContextAsyncTaskExecutor.java |  3 +
 .../security/util/SimpleMethodInvocation.java |  5 ++
 .../security/OtherTargetObject.java           |  3 +
 .../security/TargetObject.java                |  5 ++
 .../security/TestDataSource.java              |  1 +
 .../security/access/SecurityConfigTests.java  |  1 +
 .../annotation/BusinessServiceImpl.java       | 10 +++
 ...xpressionProtectedBusinessServiceImpl.java | 10 +++
 .../annotation/Jsr250BusinessServiceImpl.java | 10 +++
 ...r250MethodSecurityMetadataSourceTests.java |  1 +
 ...AnnotationSecurityMetadataSourceTests.java |  7 ++
 .../method/MethodExpressionVoterTests.java    |  3 +
 ...AnnotationSecurityMetadataSourceTests.java | 10 +++
 .../AbstractSecurityInterceptorTests.java     |  4 ++
 .../AfterInvocationProviderManagerTests.java  |  3 +
 .../method/MockMethodInvocation.java          |  5 ++
 .../AbstractAccessDecisionManagerTests.java   |  4 ++
 .../access/vote/AbstractAclVoterTests.java    |  2 +
 .../security/access/vote/DenyAgainVoter.java  |  3 +
 .../security/access/vote/DenyVoter.java       |  3 +
 .../access/vote/RoleHierarchyVoterTests.java  |  3 +-
 .../AbstractAuthenticationTokenTests.java     |  2 +
 .../authentication/ProviderManagerTests.java  |  6 ++
 .../dao/DaoAuthenticationProviderTests.java   |  7 ++
 .../authentication/dao/MockUserCache.java     |  3 +
 .../jaas/JaasAuthenticationProviderTests.java |  1 +
 .../authentication/jaas/JaasEventCheck.java   |  1 +
 .../jaas/TestAuthorityGranter.java            |  1 +
 .../jaas/TestCallbackHandler.java             |  1 +
 .../authentication/jaas/TestLoginModule.java  |  5 ++
 .../RemoteAuthenticationProviderTests.java    |  1 +
 ...ngSecurityContextExecutorServiceTests.java |  2 +
 ...nnotationParameterNameDiscovererTests.java |  2 +
 .../userdetails/MockUserDetailsService.java   |  1 +
 .../JdbcUserDetailsManagerTests.java          |  3 +
 ...ityContextSchedulingTaskExecutorTests.java |  2 +
 ...ityContextSchedulingTaskExecutorTests.java |  1 +
 ...ityContextSchedulingTaskExecutorTests.java |  1 +
 ...SecurityContextAsyncTaskExecutorTests.java |  2 +
 ...atingSecurityContextTaskExecutorTests.java |  2 +
 ...atingSecurityContextTaskExecutorTests.java |  2 +
 .../util/MethodInvocationUtilsTests.java      |  1 +
 .../security/crypto/bcrypt/BCrypt.java        | 70 ++++++++++++-------
 .../crypto/bcrypt/BCryptPasswordEncoder.java  |  2 +
 .../crypto/encrypt/AesBytesEncryptor.java     |  4 ++
 .../security/crypto/encrypt/Encryptors.java   |  2 +
 .../encrypt/HexEncodingTextEncryptor.java     |  2 +
 .../keygen/HexEncodingStringKeyGenerator.java |  1 +
 .../keygen/SecureRandomBytesKeyGenerator.java |  2 +
 .../crypto/keygen/SharedKeyGenerator.java     |  2 +
 .../password/LdapShaPasswordEncoder.java      |  2 +
 .../crypto/password/Md4PasswordEncoder.java   |  2 +
 .../MessageDigestPasswordEncoder.java         |  2 +
 .../crypto/password/NoOpPasswordEncoder.java  |  2 +
 .../password/StandardPasswordEncoder.java     |  2 +
 .../crypto/scrypt/SCryptPasswordEncoder.java  |  2 +
 ...stleAesBytesEncryptorEquivalencyTests.java |  2 +
 ...curityEvaluationContextExtensionTests.java |  2 +-
 .../integration/StubUserRepository.java       |  1 +
 .../ProtectPointcutPerformanceTests.java      |  1 +
 .../integration/UserDetailsServiceImpl.java   |  1 +
 .../MultiAnnotationServiceImpl.java           |  4 ++
 .../PreAuthorizeServiceImpl.java              |  1 +
 .../multiannotation/SecuredServiceImpl.java   |  1 +
 ...PythonInterpreterPostInvocationAdvice.java |  1 +
 .../PythonInterpreterPreInvocationAdvice.java |  1 +
 ...thonInterpreterPreInvocationAttribute.java |  1 +
 ...eterPrePostInvocationAttributeFactory.java |  2 +
 .../integration/python/TestServiceImpl.java   |  1 +
 .../ldap/DefaultLdapUsernameToDnMapper.java   |  1 +
 .../ldap/SpringSecurityLdapTemplate.java      |  1 +
 .../AbstractLdapAuthenticationProvider.java   |  3 +
 .../AbstractLdapAuthenticator.java            |  2 +
 .../authentication/BindAuthenticator.java     |  1 +
 .../NullLdapAuthoritiesPopulator.java         |  1 +
 .../PasswordComparisonAuthenticator.java      |  1 +
 .../SpringSecurityAuthenticationSource.java   |  2 +
 ...etailsServiceLdapAuthoritiesPopulator.java |  1 +
 .../ldap/ppolicy/PasswordPolicyControl.java   |  3 +
 .../ppolicy/PasswordPolicyControlFactory.java |  1 +
 .../PasswordPolicyResponseControl.java        |  1 +
 .../ldap/server/ApacheDSContainer.java        |  6 ++
 .../ldap/userdetails/InetOrgPerson.java       |  2 +
 .../InetOrgPersonContextMapper.java           |  2 +
 .../userdetails/LdapUserDetailsManager.java   |  6 ++
 .../userdetails/LdapUserDetailsService.java   |  2 +
 .../security/ldap/userdetails/Person.java     |  2 +
 .../ldap/userdetails/PersonContextMapper.java |  2 +
 .../LdapAuthenticationProviderTests.java      |  2 +
 .../ldap/authentication/MockUserSearch.java   |  1 +
 ...ectoryLdapAuthenticationProviderTests.java |  7 ++
 .../LdapUserDetailsServiceTests.java          |  1 +
 .../MessageExpressionConfigAttribute.java     |  1 +
 .../expression/MessageExpressionVoter.java    |  3 +
 .../intercept/ChannelSecurityInterceptor.java |  6 ++
 .../DefaultMessageSecurityMetadataSource.java |  3 +
 ...thenticationPrincipalArgumentResolver.java |  2 +
 .../SecurityContextChannelInterceptor.java    |  2 +
 ...thenticationPrincipalArgumentResolver.java |  1 +
 ...urrentSecurityContextArgumentResolver.java |  1 +
 .../util/matcher/AndMessageMatcher.java       |  1 +
 .../util/matcher/OrMessageMatcher.java        |  1 +
 .../SimpDestinationMessageMatcher.java        |  1 +
 .../server/CsrfTokenHandshakeInterceptor.java |  2 +
 .../util/matcher/AndMessageMatcherTests.java  |  2 +-
 .../util/matcher/OrMessageMatcherTests.java   |  2 +-
 .../oauth2/client/jackson2/JsonNodeUtils.java |  2 +-
 ...th2AuthorizationRequestRedirectFilter.java |  1 +
 ...oryOAuth2AuthorizedClientServiceTests.java |  4 +-
 ...uth2AuthorizationRequestResolverTests.java |  5 +-
 .../DefaultOAuth2AuthenticatedPrincipal.java  |  1 +
 .../core/oidc/IdTokenClaimAccessor.java       |  1 +
 .../oauth2/core/oidc/user/OidcUser.java       |  1 +
 .../oauth2/jwt/ReactiveRemoteJWKSource.java   |  1 +
 .../oauth2/jwt/JwtClaimValidatorTests.java    |  3 +-
 ...tiveJwtAuthenticationConverterAdapter.java |  1 +
 ...verBearerTokenAuthenticationConverter.java |  1 +
 .../NimbusOpaqueTokenIntrospectorTests.java   |  1 -
 ...rospectionAuthenticatedPrincipalTests.java | 26 ++++---
 .../AuthenticationCancelledException.java     |  1 +
 .../security/openid/AxFetchListFactory.java   |  1 +
 .../openid/NullAxFetchListFactory.java        |  2 +
 .../security/openid/OpenID4JavaConsumer.java  |  3 +
 .../security/openid/OpenIDAttribute.java      |  1 +
 .../openid/OpenIDAuthenticationFilter.java    |  1 +
 .../openid/OpenIDAuthenticationProvider.java  |  4 ++
 .../openid/OpenIDAuthenticationToken.java     |  3 +
 .../security/openid/OpenIDConsumer.java       |  1 +
 .../openid/OpenIDConsumerException.java       |  1 +
 .../openid/RegexBasedAxFetchListFactory.java  |  2 +
 .../security/openid/MockOpenIDConsumer.java   |  3 +
 .../openid/OpenID4JavaConsumerTests.java      |  2 +
 .../OpenIDAuthenticationFilterTests.java      |  2 +
 .../OpenIDAuthenticationProviderTests.java    |  2 +
 .../remoting/dns/JndiDnsResolver.java         |  4 ++
 ...ationSimpleHttpInvokerRequestExecutor.java |  1 +
 .../ContextPropagatingRemoteInvocation.java   |  1 +
 ...extPropagatingRemoteInvocationFactory.java |  1 +
 ...SimpleHttpInvokerRequestExecutorTests.java |  5 ++
 ...uthenticationPayloadExchangeConverter.java |  4 +-
 .../AuthenticationPayloadInterceptor.java     |  1 +
 .../core/ContextPayloadInterceptorChain.java  |  1 +
 .../util/matcher/PayloadExchangeMatchers.java |  3 +
 .../saml2/core/Saml2X509Credential.java       |  6 +-
 .../credentials/Saml2X509Credential.java      |  6 +-
 .../RelyingPartyRegistration.java             |  2 -
 .../taglibs/authz/AccessControlListTag.java   |  1 +
 .../taglibs/authz/AuthenticationTag.java      |  2 +
 .../taglibs/authz/JspAuthorizeTag.java        | 17 +++++
 .../taglibs/authz/AuthenticationTagTests.java |  1 +
 .../taglibs/authz/AuthorizeTagTests.java      |  2 +
 .../taglibs/csrf/AbstractCsrfTagTests.java    |  8 +--
 ...thAnonymousUserSecurityContextFactory.java |  1 +
 .../WithMockUserSecurityContextFactory.java   |  1 +
 ...WithUserDetailsSecurityContextFactory.java |  1 +
 .../server/SecurityMockServerConfigurers.java |  1 +
 .../context/showcase/CustomUserDetails.java   |  7 ++
 ...hMockCustomUserSecurityContextFactory.java |  1 +
 .../showcase/WithUserDetailsTests.java        |  1 +
 .../showcase/service/HelloMessageService.java |  1 +
 .../SecurityMockMvcResultMatchersTests.java   |  1 +
 ...WithAuthoritiesMvcResultMatchersTests.java |  1 +
 .../showcase/login/AuthenticationTests.java   |  1 +
 .../CustomConfigAuthenticationTests.java      |  1 +
 ...oginRequestBuilderAuthenticationTests.java |  1 +
 .../security/web/DefaultRedirectStrategy.java |  1 +
 .../web/DefaultSecurityFilterChain.java       |  2 +
 .../security/web/FilterInvocation.java        |  3 +
 .../security/web/PortMapperImpl.java          |  2 +
 .../security/web/PortResolverImpl.java        |  1 +
 .../web/access/AccessDeniedHandlerImpl.java   |  1 +
 ...efaultWebInvocationPrivilegeEvaluator.java |  2 +
 .../access/DelegatingAccessDeniedHandler.java |  1 +
 .../access/ExceptionTranslationFilter.java    |  2 +
 ...tMatcherDelegatingAccessDeniedHandler.java |  1 +
 .../channel/AbstractRetryEntryPoint.java      |  1 +
 .../channel/ChannelDecisionManagerImpl.java   |  3 +
 .../channel/ChannelProcessingFilter.java      |  1 +
 .../channel/InsecureChannelProcessor.java     |  3 +
 .../channel/RetryWithHttpEntryPoint.java      |  1 +
 .../channel/RetryWithHttpsEntryPoint.java     |  1 +
 .../channel/SecureChannelProcessor.java       |  3 +
 .../access/expression/WebExpressionVoter.java |  3 +
 ...ilterInvocationSecurityMetadataSource.java |  3 +
 .../intercept/FilterSecurityInterceptor.java  |  5 ++
 ...bstractAuthenticationProcessingFilter.java |  3 +
 .../AnonymousAuthenticationFilter.java        |  1 +
 .../DelegatingAuthenticationEntryPoint.java   |  2 +
 .../ForwardAuthenticationFailureHandler.java  |  1 +
 .../ForwardAuthenticationSuccessHandler.java  |  1 +
 .../Http403ForbiddenEntryPoint.java           |  1 +
 .../authentication/HttpStatusEntryPoint.java  |  1 +
 .../LoginUrlAuthenticationEntryPoint.java     |  2 +
 .../NullRememberMeServices.java               |  3 +
 ...SimpleUrlAuthenticationFailureHandler.java |  1 +
 ...SimpleUrlAuthenticationSuccessHandler.java |  1 +
 .../UsernamePasswordAuthenticationFilter.java |  1 +
 .../WebAuthenticationDetailsSource.java       |  1 +
 .../logout/CookieClearingLogoutHandler.java   |  1 +
 ...tpStatusReturningLogoutSuccessHandler.java |  1 +
 .../authentication/logout/LogoutFilter.java   |  1 +
 .../logout/SecurityContextLogoutHandler.java  |  1 +
 .../logout/SimpleUrlLogoutSuccessHandler.java |  1 +
 ...tractPreAuthenticatedProcessingFilter.java |  2 +
 ...reAuthenticatedAuthenticationProvider.java |  4 ++
 .../PreAuthenticatedAuthenticationToken.java  |  2 +
 ...dGrantedAuthoritiesUserDetailsService.java |  1 +
 .../RequestAttributeAuthenticationFilter.java |  2 +
 .../RequestHeaderAuthenticationFilter.java    |  2 +
 ...ticatedWebAuthenticationDetailsSource.java |  2 +
 .../J2eePreAuthenticatedProcessingFilter.java |  2 +
 .../WebXmlMappableAttributesRetriever.java    |  4 ++
 .../DefaultWASUsernameAndGroupsExtractor.java |  2 +
 ...pherePreAuthenticatedProcessingFilter.java |  2 +
 ...ticatedWebAuthenticationDetailsSource.java |  1 +
 .../x509/SubjectDnX509PrincipalExtractor.java |  1 +
 .../x509/X509AuthenticationFilter.java        |  2 +
 .../InMemoryTokenRepositoryImpl.java          |  4 ++
 .../rememberme/JdbcTokenRepositoryImpl.java   |  5 ++
 ...ersistentTokenBasedRememberMeServices.java |  2 +
 .../RememberMeAuthenticationFilter.java       |  2 +
 ...ractSessionFixationProtectionStrategy.java |  4 ++
 ...ompositeSessionAuthenticationStrategy.java |  1 +
 ...tSessionControlAuthenticationStrategy.java |  2 +
 .../NullAuthenticatedSessionStrategy.java     |  1 +
 ...RegisterSessionAuthenticationStrategy.java |  1 +
 .../switchuser/SwitchUserFilter.java          |  3 +
 .../ui/DefaultLoginPageGeneratingFilter.java  |  1 +
 .../www/BasicAuthenticationEntryPoint.java    |  2 +
 .../www/DigestAuthenticationEntryPoint.java   |  3 +
 .../www/DigestAuthenticationFilter.java       |  2 +
 ...thenticationPrincipalArgumentResolver.java |  2 +
 ...ractSecurityWebApplicationInitializer.java |  1 +
 .../HttpSessionSecurityContextRepository.java |  3 +
 .../NullSecurityContextRepository.java        |  3 +
 .../SecurityContextPersistenceFilter.java     |  1 +
 .../security/web/csrf/CsrfLogoutHandler.java  |  1 +
 .../security/web/csrf/DefaultCsrfToken.java   |  3 +
 .../csrf/HttpSessionCsrfTokenRepository.java  |  3 +
 .../security/web/debug/DebugFilter.java       |  3 +
 .../security/web/firewall/RequestWrapper.java |  3 +
 .../writers/ClearSiteDataHeaderWriter.java    |  1 +
 .../DelegatingRequestMatcherHeaderWriter.java |  1 +
 .../web/header/writers/HpkpHeaderWriter.java  |  2 +
 .../web/header/writers/HstsHeaderWriter.java  |  2 +
 .../header/writers/StaticHeadersWriter.java   |  1 +
 .../writers/XXssProtectionHeaderWriter.java   |  1 +
 ...ractRequestParameterAllowFromStrategy.java |  1 +
 .../frameoptions/StaticAllowFromStrategy.java |  1 +
 .../XFrameOptionsHeaderWriter.java            |  1 +
 .../web/jaasapi/JaasApiIntegrationFilter.java |  1 +
 ...thenticationPrincipalArgumentResolver.java |  2 +
 .../annotation/CsrfTokenArgumentResolver.java |  5 +-
 .../web/savedrequest/DefaultSavedRequest.java |  3 +-
 .../security/web/savedrequest/Enumerator.java |  2 +
 .../savedrequest/HttpSessionRequestCache.java |  4 ++
 .../web/savedrequest/NullRequestCache.java    |  4 ++
 .../savedrequest/RequestCacheAwareFilter.java |  1 +
 .../web/savedrequest/SavedCookie.java         |  9 ++-
 .../server/DefaultServerRedirectStrategy.java |  1 +
 ...egatingServerAuthenticationEntryPoint.java |  1 +
 .../NoOpServerSecurityContextRepository.java  |  2 +
 ...essionServerSecurityContextRepository.java |  2 +
 .../web/server/csrf/DefaultCsrfToken.java     | 15 ++--
 .../WebSessionServerCsrfTokenRepository.java  |  3 +-
 .../csrf/CsrfRequestDataValueProcessor.java   |  4 ++
 ...curityContextHolderAwareRequestFilter.java |  1 +
 .../web/session/ConcurrentSessionFilter.java  |  1 +
 .../session/HttpSessionEventPublisher.java    |  2 +
 .../InvalidSessionAccessDeniedHandler.java    |  1 +
 .../web/session/SessionManagementFilter.java  |  1 +
 .../SimpleRedirectInvalidSessionStrategy.java |  1 +
 ...rectSessionInformationExpiredStrategy.java |  1 +
 .../web/util/OnCommittedResponseWrapper.java  |  2 +
 .../web/util/matcher/AndRequestMatcher.java   |  1 +
 .../web/util/matcher/AnyRequestMatcher.java   |  1 +
 .../web/util/matcher/ELRequestMatcher.java    |  1 +
 .../web/util/matcher/IpAddressMatcher.java    |  1 +
 .../util/matcher/MediaTypeRequestMatcher.java |  1 +
 .../util/matcher/NegatedRequestMatcher.java   |  1 +
 .../web/util/matcher/OrRequestMatcher.java    |  1 +
 .../web/util/matcher/RegexRequestMatcher.java |  1 +
 .../matcher/RequestHeaderRequestMatcher.java  |  1 +
 .../matcher/RequestVariablesExtractor.java    |  1 +
 .../security/MockFilterConfig.java            |  4 ++
 .../security/MockPortResolver.java            |  1 +
 .../ChannelDecisionManagerImplTests.java      |  2 +
 .../channel/ChannelProcessingFilterTests.java |  5 ++
 ...ctAuthenticationProcessingFilterTests.java |  2 +
 .../AnonymousAuthenticationFilterTests.java   |  1 +
 ...PreAuthenticatedProcessingFilterTests.java |  4 ++
 ...horitiesWebAuthenticationDetailsTests.java |  1 +
 ...edWebAuthenticationDetailsSourceTests.java |  1 +
 ...PreAuthenticatedProcessingFilterTests.java |  1 +
 .../WebXmlJ2eeDefinedRolesRetrieverTests.java |  4 ++
 .../AbstractRememberMeServicesTests.java      | 10 ++-
 ...tentTokenBasedRememberMeServicesTests.java |  4 ++
 .../RememberMeAuthenticationFilterTests.java  |  4 ++
 .../TokenBasedRememberMeServicesTests.java    |  4 +-
 .../switchuser/SwitchUserFilterTests.java     |  1 +
 ...ecurityWebApplicationInitializerTests.java | 11 +++
 ...WebAsyncManagerIntegrationFilterTests.java |  2 +
 .../JaasApiIntegrationFilterTests.java        |  3 +
 .../HttpSessionRequestCacheTests.java         |  8 +++
 .../HttpSessionEventPublisherTests.java       |  3 +-
 .../web/session/MockApplicationListener.java  |  1 +
 .../web/util/ThrowableAnalyzerTests.java      |  1 +
 558 files changed, 1418 insertions(+), 102 deletions(-)

diff --git a/acl/src/main/java/org/springframework/security/acls/AclEntryVoter.java b/acl/src/main/java/org/springframework/security/acls/AclEntryVoter.java
index c57bf5ec71..73010a0575 100644
--- a/acl/src/main/java/org/springframework/security/acls/AclEntryVoter.java
+++ b/acl/src/main/java/org/springframework/security/acls/AclEntryVoter.java
@@ -156,10 +156,12 @@ public class AclEntryVoter extends AbstractAclVoter {
 		this.sidRetrievalStrategy = sidRetrievalStrategy;
 	}
 
+	@Override
 	public boolean supports(ConfigAttribute attribute) {
 		return (attribute.getAttribute() != null) && attribute.getAttribute().equals(getProcessConfigAttribute());
 	}
 
+	@Override
 	public int vote(Authentication authentication, MethodInvocation object, Collection<ConfigAttribute> attributes) {
 
 		for (ConfigAttribute attr : attributes) {
diff --git a/acl/src/main/java/org/springframework/security/acls/AclPermissionCacheOptimizer.java b/acl/src/main/java/org/springframework/security/acls/AclPermissionCacheOptimizer.java
index 26f327a961..1c92b5b4e3 100644
--- a/acl/src/main/java/org/springframework/security/acls/AclPermissionCacheOptimizer.java
+++ b/acl/src/main/java/org/springframework/security/acls/AclPermissionCacheOptimizer.java
@@ -52,6 +52,7 @@ public class AclPermissionCacheOptimizer implements PermissionCacheOptimizer {
 		this.aclService = aclService;
 	}
 
+	@Override
 	public void cachePermissionsFor(Authentication authentication, Collection<?> objects) {
 		if (objects.isEmpty()) {
 			return;
diff --git a/acl/src/main/java/org/springframework/security/acls/AclPermissionEvaluator.java b/acl/src/main/java/org/springframework/security/acls/AclPermissionEvaluator.java
index 0477f03b88..2bc9b645f9 100644
--- a/acl/src/main/java/org/springframework/security/acls/AclPermissionEvaluator.java
+++ b/acl/src/main/java/org/springframework/security/acls/AclPermissionEvaluator.java
@@ -70,6 +70,7 @@ public class AclPermissionEvaluator implements PermissionEvaluator {
 	 * the ACL configuration. If the domain object is null, returns false (this can always
 	 * be overridden using a null check in the expression itself).
 	 */
+	@Override
 	public boolean hasPermission(Authentication authentication, Object domainObject, Object permission) {
 		if (domainObject == null) {
 			return false;
@@ -80,6 +81,7 @@ public class AclPermissionEvaluator implements PermissionEvaluator {
 		return checkPermission(authentication, objectIdentity, permission);
 	}
 
+	@Override
 	public boolean hasPermission(Authentication authentication, Serializable targetId, String targetType,
 			Object permission) {
 		ObjectIdentity objectIdentity = this.objectIdentityGenerator.createObjectIdentity(targetId, targetType);
diff --git a/acl/src/main/java/org/springframework/security/acls/afterinvocation/AbstractAclProvider.java b/acl/src/main/java/org/springframework/security/acls/afterinvocation/AbstractAclProvider.java
index 743b945c11..9f1f5cd9b4 100644
--- a/acl/src/main/java/org/springframework/security/acls/afterinvocation/AbstractAclProvider.java
+++ b/acl/src/main/java/org/springframework/security/acls/afterinvocation/AbstractAclProvider.java
@@ -109,6 +109,7 @@ public abstract class AbstractAclProvider implements AfterInvocationProvider {
 		this.sidRetrievalStrategy = sidRetrievalStrategy;
 	}
 
+	@Override
 	public boolean supports(ConfigAttribute attribute) {
 		return this.processConfigAttribute.equals(attribute.getAttribute());
 	}
@@ -119,6 +120,7 @@ public abstract class AbstractAclProvider implements AfterInvocationProvider {
 	 * @param clazz the secure object
 	 * @return always <code>true</code>
 	 */
+	@Override
 	public boolean supports(Class<?> clazz) {
 		return true;
 	}
diff --git a/acl/src/main/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationCollectionFilteringProvider.java b/acl/src/main/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationCollectionFilteringProvider.java
index 545e1f0e89..de001d40c8 100644
--- a/acl/src/main/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationCollectionFilteringProvider.java
+++ b/acl/src/main/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationCollectionFilteringProvider.java
@@ -70,6 +70,7 @@ public class AclEntryAfterInvocationCollectionFilteringProvider extends Abstract
 		super(aclService, "AFTER_ACL_COLLECTION_READ", requirePermission);
 	}
 
+	@Override
 	@SuppressWarnings("unchecked")
 	public Object decide(Authentication authentication, Object object, Collection<ConfigAttribute> config,
 			Object returnedObject) throws AccessDeniedException {
diff --git a/acl/src/main/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationProvider.java b/acl/src/main/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationProvider.java
index 5483ccc937..91f69396cc 100644
--- a/acl/src/main/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationProvider.java
+++ b/acl/src/main/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationProvider.java
@@ -74,6 +74,7 @@ public class AclEntryAfterInvocationProvider extends AbstractAclProvider impleme
 		super(aclService, processConfigAttribute, requirePermission);
 	}
 
+	@Override
 	public Object decide(Authentication authentication, Object object, Collection<ConfigAttribute> config,
 			Object returnedObject) throws AccessDeniedException {
 
@@ -111,6 +112,7 @@ public class AclEntryAfterInvocationProvider extends AbstractAclProvider impleme
 		return returnedObject;
 	}
 
+	@Override
 	public void setMessageSource(MessageSource messageSource) {
 		this.messages = new MessageSourceAccessor(messageSource);
 	}
diff --git a/acl/src/main/java/org/springframework/security/acls/afterinvocation/ArrayFilterer.java b/acl/src/main/java/org/springframework/security/acls/afterinvocation/ArrayFilterer.java
index ae5d2d23f2..38ee6610a9 100644
--- a/acl/src/main/java/org/springframework/security/acls/afterinvocation/ArrayFilterer.java
+++ b/acl/src/main/java/org/springframework/security/acls/afterinvocation/ArrayFilterer.java
@@ -52,6 +52,7 @@ class ArrayFilterer<T> implements Filterer<T> {
 	 *
 	 * @see org.springframework.security.acls.afterinvocation.Filterer#getFilteredObject()
 	 */
+	@Override
 	@SuppressWarnings("unchecked")
 	public T[] getFilteredObject() {
 		// Recreate an array of same type and filter the removed objects.
@@ -80,14 +81,17 @@ class ArrayFilterer<T> implements Filterer<T> {
 	 *
 	 * @see org.springframework.security.acls.afterinvocation.Filterer#iterator()
 	 */
+	@Override
 	public Iterator<T> iterator() {
 		return new Iterator<T>() {
 			private int index = 0;
 
+			@Override
 			public boolean hasNext() {
 				return this.index < ArrayFilterer.this.list.length;
 			}
 
+			@Override
 			public T next() {
 				if (!hasNext()) {
 					throw new NoSuchElementException();
@@ -95,6 +99,7 @@ class ArrayFilterer<T> implements Filterer<T> {
 				return ArrayFilterer.this.list[this.index++];
 			}
 
+			@Override
 			public void remove() {
 				throw new UnsupportedOperationException();
 			}
@@ -105,6 +110,7 @@ class ArrayFilterer<T> implements Filterer<T> {
 	 *
 	 * @see org.springframework.security.acls.afterinvocation.Filterer#remove(java.lang.Object)
 	 */
+	@Override
 	public void remove(T object) {
 		this.removeList.add(object);
 	}
diff --git a/acl/src/main/java/org/springframework/security/acls/afterinvocation/CollectionFilterer.java b/acl/src/main/java/org/springframework/security/acls/afterinvocation/CollectionFilterer.java
index 4c68101c09..70a6a0e9cf 100644
--- a/acl/src/main/java/org/springframework/security/acls/afterinvocation/CollectionFilterer.java
+++ b/acl/src/main/java/org/springframework/security/acls/afterinvocation/CollectionFilterer.java
@@ -55,6 +55,7 @@ class CollectionFilterer<T> implements Filterer<T> {
 	 *
 	 * @see org.springframework.security.acls.afterinvocation.Filterer#getFilteredObject()
 	 */
+	@Override
 	public Object getFilteredObject() {
 		// Now the Iterator has ended, remove Objects from Collection
 		Iterator<T> removeIter = this.removeList.iterator();
@@ -77,6 +78,7 @@ class CollectionFilterer<T> implements Filterer<T> {
 	 *
 	 * @see org.springframework.security.acls.afterinvocation.Filterer#iterator()
 	 */
+	@Override
 	public Iterator<T> iterator() {
 		return this.collection.iterator();
 	}
@@ -85,6 +87,7 @@ class CollectionFilterer<T> implements Filterer<T> {
 	 *
 	 * @see org.springframework.security.acls.afterinvocation.Filterer#remove(java.lang.Object)
 	 */
+	@Override
 	public void remove(T object) {
 		this.removeList.add(object);
 	}
diff --git a/acl/src/main/java/org/springframework/security/acls/afterinvocation/Filterer.java b/acl/src/main/java/org/springframework/security/acls/afterinvocation/Filterer.java
index 8632d426a1..f41bfa0bc7 100644
--- a/acl/src/main/java/org/springframework/security/acls/afterinvocation/Filterer.java
+++ b/acl/src/main/java/org/springframework/security/acls/afterinvocation/Filterer.java
@@ -36,6 +36,7 @@ interface Filterer<T> extends Iterable<T> {
 	 * Returns an iterator over the filtered collection or array.
 	 * @return an Iterator
 	 */
+	@Override
 	Iterator<T> iterator();
 
 	/**
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/AbstractPermission.java b/acl/src/main/java/org/springframework/security/acls/domain/AbstractPermission.java
index 9c45624976..efc364acea 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/AbstractPermission.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/AbstractPermission.java
@@ -50,6 +50,7 @@ public abstract class AbstractPermission implements Permission {
 		this.code = code;
 	}
 
+	@Override
 	public final boolean equals(Object arg0) {
 		if (arg0 == null) {
 			return false;
@@ -64,18 +65,22 @@ public abstract class AbstractPermission implements Permission {
 		return (this.mask == rhs.getMask());
 	}
 
+	@Override
 	public final int getMask() {
 		return this.mask;
 	}
 
+	@Override
 	public String getPattern() {
 		return AclFormattingUtils.printBinary(this.mask, this.code);
 	}
 
+	@Override
 	public final String toString() {
 		return this.getClass().getSimpleName() + "[" + getPattern() + "=" + this.mask + "]";
 	}
 
+	@Override
 	public final int hashCode() {
 		return this.mask;
 	}
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/AclAuthorizationStrategyImpl.java b/acl/src/main/java/org/springframework/security/acls/domain/AclAuthorizationStrategyImpl.java
index 5dae15cc60..ea0d831644 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/AclAuthorizationStrategyImpl.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/AclAuthorizationStrategyImpl.java
@@ -77,6 +77,7 @@ public class AclAuthorizationStrategyImpl implements AclAuthorizationStrategy {
 		}
 	}
 
+	@Override
 	public void securityCheck(Acl acl, int changeType) {
 		if ((SecurityContextHolder.getContext() == null)
 				|| (SecurityContextHolder.getContext().getAuthentication() == null)
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/ConsoleAuditLogger.java b/acl/src/main/java/org/springframework/security/acls/domain/ConsoleAuditLogger.java
index 84f2b99e8e..45770cbb0a 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/ConsoleAuditLogger.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/ConsoleAuditLogger.java
@@ -26,6 +26,7 @@ import org.springframework.util.Assert;
  */
 public class ConsoleAuditLogger implements AuditLogger {
 
+	@Override
 	public void logIfNeeded(boolean granted, AccessControlEntry ace) {
 		Assert.notNull(ace, "AccessControlEntry required");
 
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/CumulativePermission.java b/acl/src/main/java/org/springframework/security/acls/domain/CumulativePermission.java
index c120868ea8..2f1ff2d315 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/CumulativePermission.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/CumulativePermission.java
@@ -56,6 +56,7 @@ public class CumulativePermission extends AbstractPermission {
 		return this;
 	}
 
+	@Override
 	public String getPattern() {
 		return this.pattern;
 	}
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/DefaultPermissionFactory.java b/acl/src/main/java/org/springframework/security/acls/domain/DefaultPermissionFactory.java
index 068b786069..0d57a3cde0 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/DefaultPermissionFactory.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/DefaultPermissionFactory.java
@@ -113,6 +113,7 @@ public class DefaultPermissionFactory implements PermissionFactory {
 		this.registeredPermissionsByName.put(permissionName, perm);
 	}
 
+	@Override
 	public Permission buildFromMask(int mask) {
 		if (this.registeredPermissionsByInteger.containsKey(mask)) {
 			// The requested mask has an exact match against a statically-defined
@@ -140,6 +141,7 @@ public class DefaultPermissionFactory implements PermissionFactory {
 		return permission;
 	}
 
+	@Override
 	public Permission buildFromName(String name) {
 		Permission p = this.registeredPermissionsByName.get(name);
 
@@ -150,6 +152,7 @@ public class DefaultPermissionFactory implements PermissionFactory {
 		return p;
 	}
 
+	@Override
 	public List<Permission> buildFromNames(List<String> names) {
 		if ((names == null) || (names.size() == 0)) {
 			return Collections.emptyList();
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/DefaultPermissionGrantingStrategy.java b/acl/src/main/java/org/springframework/security/acls/domain/DefaultPermissionGrantingStrategy.java
index edd3f85a56..af9e44b6d5 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/DefaultPermissionGrantingStrategy.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/DefaultPermissionGrantingStrategy.java
@@ -70,6 +70,7 @@ public class DefaultPermissionGrantingStrategy implements PermissionGrantingStra
 	 * @throws NotFoundException if an exact ACE for one of the permission bit masks and
 	 * SID combination could not be found
 	 */
+	@Override
 	public boolean isGranted(Acl acl, List<Permission> permission, List<Sid> sids, boolean administrativeMode)
 			throws NotFoundException {
 
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/EhCacheBasedAclCache.java b/acl/src/main/java/org/springframework/security/acls/domain/EhCacheBasedAclCache.java
index f9c16a8e96..861b4e3efa 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/EhCacheBasedAclCache.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/EhCacheBasedAclCache.java
@@ -55,6 +55,7 @@ public class EhCacheBasedAclCache implements AclCache {
 		this.aclAuthorizationStrategy = aclAuthorizationStrategy;
 	}
 
+	@Override
 	public void evictFromCache(Serializable pk) {
 		Assert.notNull(pk, "Primary key (identifier) required");
 
@@ -66,6 +67,7 @@ public class EhCacheBasedAclCache implements AclCache {
 		}
 	}
 
+	@Override
 	public void evictFromCache(ObjectIdentity objectIdentity) {
 		Assert.notNull(objectIdentity, "ObjectIdentity required");
 
@@ -77,6 +79,7 @@ public class EhCacheBasedAclCache implements AclCache {
 		}
 	}
 
+	@Override
 	public MutableAcl getFromCache(ObjectIdentity objectIdentity) {
 		Assert.notNull(objectIdentity, "ObjectIdentity required");
 
@@ -95,6 +98,7 @@ public class EhCacheBasedAclCache implements AclCache {
 		return initializeTransientFields((MutableAcl) element.getValue());
 	}
 
+	@Override
 	public MutableAcl getFromCache(Serializable pk) {
 		Assert.notNull(pk, "Primary key (identifier) required");
 
@@ -113,6 +117,7 @@ public class EhCacheBasedAclCache implements AclCache {
 		return initializeTransientFields((MutableAcl) element.getValue());
 	}
 
+	@Override
 	public void putInCache(MutableAcl acl) {
 		Assert.notNull(acl, "Acl required");
 		Assert.notNull(acl.getObjectIdentity(), "ObjectIdentity required");
@@ -147,6 +152,7 @@ public class EhCacheBasedAclCache implements AclCache {
 		return value;
 	}
 
+	@Override
 	public void clearCache() {
 		this.cache.removeAll();
 	}
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/ObjectIdentityRetrievalStrategyImpl.java b/acl/src/main/java/org/springframework/security/acls/domain/ObjectIdentityRetrievalStrategyImpl.java
index 252a9334a9..d08ba91d8c 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/ObjectIdentityRetrievalStrategyImpl.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/ObjectIdentityRetrievalStrategyImpl.java
@@ -31,10 +31,12 @@ import org.springframework.security.acls.model.ObjectIdentityRetrievalStrategy;
  */
 public class ObjectIdentityRetrievalStrategyImpl implements ObjectIdentityRetrievalStrategy, ObjectIdentityGenerator {
 
+	@Override
 	public ObjectIdentity getObjectIdentity(Object domainObject) {
 		return new ObjectIdentityImpl(domainObject);
 	}
 
+	@Override
 	public ObjectIdentity createObjectIdentity(Serializable id, String type) {
 		return new ObjectIdentityImpl(type, id);
 	}
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/SidRetrievalStrategyImpl.java b/acl/src/main/java/org/springframework/security/acls/domain/SidRetrievalStrategyImpl.java
index 2a9619a46a..5a82c3e6ac 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/SidRetrievalStrategyImpl.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/SidRetrievalStrategyImpl.java
@@ -51,6 +51,7 @@ public class SidRetrievalStrategyImpl implements SidRetrievalStrategy {
 		this.roleHierarchy = roleHierarchy;
 	}
 
+	@Override
 	public List<Sid> getSids(Authentication authentication) {
 		Collection<? extends GrantedAuthority> authorities = this.roleHierarchy
 				.getReachableGrantedAuthorities(authentication.getAuthorities());
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/SpringCacheBasedAclCache.java b/acl/src/main/java/org/springframework/security/acls/domain/SpringCacheBasedAclCache.java
index 1d2913602c..24125209a7 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/SpringCacheBasedAclCache.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/SpringCacheBasedAclCache.java
@@ -56,6 +56,7 @@ public class SpringCacheBasedAclCache implements AclCache {
 		this.aclAuthorizationStrategy = aclAuthorizationStrategy;
 	}
 
+	@Override
 	public void evictFromCache(Serializable pk) {
 		Assert.notNull(pk, "Primary key (identifier) required");
 
@@ -67,6 +68,7 @@ public class SpringCacheBasedAclCache implements AclCache {
 		}
 	}
 
+	@Override
 	public void evictFromCache(ObjectIdentity objectIdentity) {
 		Assert.notNull(objectIdentity, "ObjectIdentity required");
 
@@ -78,16 +80,19 @@ public class SpringCacheBasedAclCache implements AclCache {
 		}
 	}
 
+	@Override
 	public MutableAcl getFromCache(ObjectIdentity objectIdentity) {
 		Assert.notNull(objectIdentity, "ObjectIdentity required");
 		return getFromCache((Object) objectIdentity);
 	}
 
+	@Override
 	public MutableAcl getFromCache(Serializable pk) {
 		Assert.notNull(pk, "Primary key (identifier) required");
 		return getFromCache((Object) pk);
 	}
 
+	@Override
 	public void putInCache(MutableAcl acl) {
 		Assert.notNull(acl, "Acl required");
 		Assert.notNull(acl.getObjectIdentity(), "ObjectIdentity required");
@@ -123,6 +128,7 @@ public class SpringCacheBasedAclCache implements AclCache {
 		return value;
 	}
 
+	@Override
 	public void clearCache() {
 		this.cache.clear();
 	}
diff --git a/acl/src/main/java/org/springframework/security/acls/jdbc/BasicLookupStrategy.java b/acl/src/main/java/org/springframework/security/acls/jdbc/BasicLookupStrategy.java
index a8314d2dd7..abef8f3580 100644
--- a/acl/src/main/java/org/springframework/security/acls/jdbc/BasicLookupStrategy.java
+++ b/acl/src/main/java/org/springframework/security/acls/jdbc/BasicLookupStrategy.java
@@ -264,6 +264,7 @@ public class BasicLookupStrategy implements LookupStrategy {
 	 * {@link NotFoundException}, as a chain of {@link LookupStrategy}s may be used to
 	 * automatically create entries if required)
 	 */
+	@Override
 	public final Map<ObjectIdentity, Acl> readAclsById(List<ObjectIdentity> objects, List<Sid> sids) {
 		Assert.isTrue(this.batchSize >= 1, "BatchSize must be >= 1");
 		Assert.notEmpty(objects, "Objects to lookup required");
@@ -543,6 +544,7 @@ public class BasicLookupStrategy implements LookupStrategy {
 		 * <tt>null</tt>)
 		 * @throws SQLException
 		 */
+		@Override
 		public Set<Long> extractData(ResultSet rs) throws SQLException {
 			Set<Long> parentIdsToLookup = new HashSet<>(); // Set of parent_id Longs
 
@@ -652,6 +654,7 @@ public class BasicLookupStrategy implements LookupStrategy {
 			this.id = id;
 		}
 
+		@Override
 		public List<AccessControlEntry> getEntries() {
 			throw new UnsupportedOperationException("Stub only");
 		}
@@ -660,27 +663,33 @@ public class BasicLookupStrategy implements LookupStrategy {
 			return this.id;
 		}
 
+		@Override
 		public ObjectIdentity getObjectIdentity() {
 			throw new UnsupportedOperationException("Stub only");
 		}
 
+		@Override
 		public Sid getOwner() {
 			throw new UnsupportedOperationException("Stub only");
 		}
 
+		@Override
 		public Acl getParentAcl() {
 			throw new UnsupportedOperationException("Stub only");
 		}
 
+		@Override
 		public boolean isEntriesInheriting() {
 			throw new UnsupportedOperationException("Stub only");
 		}
 
+		@Override
 		public boolean isGranted(List<Permission> permission, List<Sid> sids, boolean administrativeMode)
 				throws NotFoundException, UnloadedSidException {
 			throw new UnsupportedOperationException("Stub only");
 		}
 
+		@Override
 		public boolean isSidLoaded(List<Sid> sids) {
 			throw new UnsupportedOperationException("Stub only");
 		}
diff --git a/acl/src/main/java/org/springframework/security/acls/jdbc/JdbcAclService.java b/acl/src/main/java/org/springframework/security/acls/jdbc/JdbcAclService.java
index 4899243c8d..9cdf35873b 100644
--- a/acl/src/main/java/org/springframework/security/acls/jdbc/JdbcAclService.java
+++ b/acl/src/main/java/org/springframework/security/acls/jdbc/JdbcAclService.java
@@ -90,6 +90,7 @@ public class JdbcAclService implements AclService {
 		this.aclClassIdUtils = new AclClassIdUtils();
 	}
 
+	@Override
 	public List<ObjectIdentity> findChildren(ObjectIdentity parentIdentity) {
 		Object[] args = { parentIdentity.getIdentifier().toString(), parentIdentity.getType() };
 		List<ObjectIdentity> objects = this.jdbcOperations.query(this.findChildrenSql, args, (rs, rowNum) -> {
@@ -106,6 +107,7 @@ public class JdbcAclService implements AclService {
 		return objects;
 	}
 
+	@Override
 	public Acl readAclById(ObjectIdentity object, List<Sid> sids) throws NotFoundException {
 		Map<ObjectIdentity, Acl> map = readAclsById(Collections.singletonList(object), sids);
 		Assert.isTrue(map.containsKey(object),
@@ -114,14 +116,17 @@ public class JdbcAclService implements AclService {
 		return map.get(object);
 	}
 
+	@Override
 	public Acl readAclById(ObjectIdentity object) throws NotFoundException {
 		return readAclById(object, null);
 	}
 
+	@Override
 	public Map<ObjectIdentity, Acl> readAclsById(List<ObjectIdentity> objects) throws NotFoundException {
 		return readAclsById(objects, null);
 	}
 
+	@Override
 	public Map<ObjectIdentity, Acl> readAclsById(List<ObjectIdentity> objects, List<Sid> sids)
 			throws NotFoundException {
 		Map<ObjectIdentity, Acl> result = this.lookupStrategy.readAclsById(objects, sids);
diff --git a/acl/src/main/java/org/springframework/security/acls/jdbc/JdbcMutableAclService.java b/acl/src/main/java/org/springframework/security/acls/jdbc/JdbcMutableAclService.java
index 144085607a..b5b5ab5d3b 100644
--- a/acl/src/main/java/org/springframework/security/acls/jdbc/JdbcMutableAclService.java
+++ b/acl/src/main/java/org/springframework/security/acls/jdbc/JdbcMutableAclService.java
@@ -103,6 +103,7 @@ public class JdbcMutableAclService extends JdbcAclService implements MutableAclS
 		this.aclCache = aclCache;
 	}
 
+	@Override
 	public MutableAcl createAcl(ObjectIdentity objectIdentity) throws AlreadyExistsException {
 		Assert.notNull(objectIdentity, "Object Identity required");
 
@@ -137,10 +138,12 @@ public class JdbcMutableAclService extends JdbcAclService implements MutableAclS
 			return;
 		}
 		this.jdbcOperations.batchUpdate(this.insertEntry, new BatchPreparedStatementSetter() {
+			@Override
 			public int getBatchSize() {
 				return acl.getEntries().size();
 			}
 
+			@Override
 			public void setValues(PreparedStatement stmt, int i) throws SQLException {
 				AccessControlEntry entry_ = acl.getEntries().get(i);
 				Assert.isTrue(entry_ instanceof AccessControlEntryImpl, "Unknown ACE class");
@@ -256,6 +259,7 @@ public class JdbcMutableAclService extends JdbcAclService implements MutableAclS
 		return null;
 	}
 
+	@Override
 	public void deleteAcl(ObjectIdentity objectIdentity, boolean deleteChildren) throws ChildrenExistException {
 		Assert.notNull(objectIdentity, "Object Identity required");
 		Assert.notNull(objectIdentity.getIdentifier(), "Object Identity doesn't provide an identifier");
@@ -338,6 +342,7 @@ public class JdbcMutableAclService extends JdbcAclService implements MutableAclS
 	 * dirty state checking, or more likely use ORM capabilities for create, update and
 	 * delete operations of {@link MutableAcl}.
 	 */
+	@Override
 	public MutableAcl updateAcl(MutableAcl acl) throws NotFoundException {
 		Assert.notNull(acl.getId(), "Object Identity doesn't provide an identifier");
 
diff --git a/acl/src/main/java/org/springframework/security/acls/model/ObjectIdentity.java b/acl/src/main/java/org/springframework/security/acls/model/ObjectIdentity.java
index dc940a337a..265989b0a6 100644
--- a/acl/src/main/java/org/springframework/security/acls/model/ObjectIdentity.java
+++ b/acl/src/main/java/org/springframework/security/acls/model/ObjectIdentity.java
@@ -38,6 +38,7 @@ public interface ObjectIdentity extends Serializable {
 	 * @return <tt>true</tt> if the objects are equal, <tt>false</tt> otherwise
 	 * @see Object#equals(Object)
 	 */
+	@Override
 	boolean equals(Object obj);
 
 	/**
@@ -66,6 +67,7 @@ public interface ObjectIdentity extends Serializable {
 	 * @return a hash code representation of the <tt>ObjectIdentity</tt>
 	 * @see Object#hashCode()
 	 */
+	@Override
 	int hashCode();
 
 }
diff --git a/acl/src/main/java/org/springframework/security/acls/model/OwnershipAcl.java b/acl/src/main/java/org/springframework/security/acls/model/OwnershipAcl.java
index 1d6932a110..c3dc78b35a 100644
--- a/acl/src/main/java/org/springframework/security/acls/model/OwnershipAcl.java
+++ b/acl/src/main/java/org/springframework/security/acls/model/OwnershipAcl.java
@@ -26,6 +26,7 @@ package org.springframework.security.acls.model;
  */
 public interface OwnershipAcl extends MutableAcl {
 
+	@Override
 	void setOwner(Sid newOwner);
 
 }
diff --git a/acl/src/main/java/org/springframework/security/acls/model/Sid.java b/acl/src/main/java/org/springframework/security/acls/model/Sid.java
index 6f3e0e3aab..fe9f55f313 100644
--- a/acl/src/main/java/org/springframework/security/acls/model/Sid.java
+++ b/acl/src/main/java/org/springframework/security/acls/model/Sid.java
@@ -38,6 +38,7 @@ public interface Sid extends Serializable {
 	 * @param obj to be compared
 	 * @return <code>true</code> if the objects are equal, <code>false</code> otherwise
 	 */
+	@Override
 	boolean equals(Object obj);
 
 	/**
@@ -45,6 +46,7 @@ public interface Sid extends Serializable {
 	 * contract.
 	 * @return a hash code representation of this object
 	 */
+	@Override
 	int hashCode();
 
 }
diff --git a/acl/src/test/java/org/springframework/security/acls/domain/AclImplTests.java b/acl/src/test/java/org/springframework/security/acls/domain/AclImplTests.java
index e49c990ab1..cb33e618ca 100644
--- a/acl/src/test/java/org/springframework/security/acls/domain/AclImplTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/domain/AclImplTests.java
@@ -592,10 +592,12 @@ public class AclImplTests {
 
 	private class MockAclService implements MutableAclService {
 
+		@Override
 		public MutableAcl createAcl(ObjectIdentity objectIdentity) throws AlreadyExistsException {
 			return null;
 		}
 
+		@Override
 		public void deleteAcl(ObjectIdentity objectIdentity, boolean deleteChildren) throws ChildrenExistException {
 		}
 
@@ -606,6 +608,7 @@ public class AclImplTests {
 		 * @see org.springframework.security.acls.MutableAclService#updateAcl(org.
 		 * springframework .security.acls.MutableAcl)
 		 */
+		@Override
 		@SuppressWarnings("unchecked")
 		public MutableAcl updateAcl(MutableAcl acl) throws NotFoundException {
 			List<AccessControlEntry> oldAces = acl.getEntries();
@@ -632,22 +635,27 @@ public class AclImplTests {
 			return acl;
 		}
 
+		@Override
 		public List<ObjectIdentity> findChildren(ObjectIdentity parentIdentity) {
 			return null;
 		}
 
+		@Override
 		public Acl readAclById(ObjectIdentity object) throws NotFoundException {
 			return null;
 		}
 
+		@Override
 		public Acl readAclById(ObjectIdentity object, List<Sid> sids) throws NotFoundException {
 			return null;
 		}
 
+		@Override
 		public Map<ObjectIdentity, Acl> readAclsById(List<ObjectIdentity> objects) throws NotFoundException {
 			return null;
 		}
 
+		@Override
 		public Map<ObjectIdentity, Acl> readAclsById(List<ObjectIdentity> objects, List<Sid> sids)
 				throws NotFoundException {
 			return null;
diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/BasicLookupStrategyWithAclClassTypeTests.java b/acl/src/test/java/org/springframework/security/acls/jdbc/BasicLookupStrategyWithAclClassTypeTests.java
index f4d80a3e72..2c69fa7ce1 100644
--- a/acl/src/test/java/org/springframework/security/acls/jdbc/BasicLookupStrategyWithAclClassTypeTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/jdbc/BasicLookupStrategyWithAclClassTypeTests.java
@@ -67,6 +67,7 @@ public class BasicLookupStrategyWithAclClassTypeTests extends AbstractBasicLooku
 		DATABASE_HELPER.getDataSource().destroy();
 	}
 
+	@Override
 	@Before
 	public void initializeBeans() {
 		super.initializeBeans();
diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTests.java b/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTests.java
index b4eb501350..dd227be3c0 100644
--- a/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTests.java
@@ -392,8 +392,8 @@ public class JdbcMutableAclServiceTests extends AbstractTransactionalJUnit4Sprin
 
 		try {
 			this.jdbcMutableAclService.setForeignKeysInDatabase(false); // switch on FK
-																	// checking in the
-																	// class, not database
+			// checking in the
+			// class, not database
 			this.jdbcMutableAclService.deleteAcl(getTopParentOid(), false);
 			fail("It should have thrown ChildrenExistException");
 		}
@@ -401,7 +401,7 @@ public class JdbcMutableAclServiceTests extends AbstractTransactionalJUnit4Sprin
 		}
 		finally {
 			this.jdbcMutableAclService.setForeignKeysInDatabase(true); // restore to the
-																	// default
+																		// default
 		}
 	}
 
diff --git a/aspects/src/test/java/org/springframework/security/access/intercept/aspectj/aspect/AnnotationSecurityAspectTests.java b/aspects/src/test/java/org/springframework/security/access/intercept/aspectj/aspect/AnnotationSecurityAspectTests.java
index 6a6422d6c7..c8f8fc9802 100644
--- a/aspects/src/test/java/org/springframework/security/access/intercept/aspectj/aspect/AnnotationSecurityAspectTests.java
+++ b/aspects/src/test/java/org/springframework/security/access/intercept/aspectj/aspect/AnnotationSecurityAspectTests.java
@@ -173,6 +173,7 @@ interface SecuredInterface {
 class SecuredImpl implements SecuredInterface {
 
 	// Not really secured because AspectJ doesn't inherit annotations from interfaces
+	@Override
 	public void securedMethod() {
 	}
 
@@ -197,9 +198,11 @@ class SecuredImpl implements SecuredInterface {
 
 class SecuredImplSubclass extends SecuredImpl {
 
+	@Override
 	protected void protectedMethod() {
 	}
 
+	@Override
 	public void publicCallsPrivate() {
 		super.publicCallsPrivate();
 	}
diff --git a/cas/src/main/java/org/springframework/security/cas/ServiceProperties.java b/cas/src/main/java/org/springframework/security/cas/ServiceProperties.java
index 7a3d40bcfb..caf03dd62a 100644
--- a/cas/src/main/java/org/springframework/security/cas/ServiceProperties.java
+++ b/cas/src/main/java/org/springframework/security/cas/ServiceProperties.java
@@ -44,6 +44,7 @@ public class ServiceProperties implements InitializingBean {
 
 	private String serviceParameter = DEFAULT_CAS_SERVICE_PARAMETER;
 
+	@Override
 	public void afterPropertiesSet() {
 		Assert.hasLength(this.service, "service cannot be empty.");
 		Assert.hasLength(this.artifactParameter, "artifactParameter cannot be empty.");
diff --git a/cas/src/main/java/org/springframework/security/cas/authentication/CasAssertionAuthenticationToken.java b/cas/src/main/java/org/springframework/security/cas/authentication/CasAssertionAuthenticationToken.java
index 0aae08d1c1..8794c2987c 100644
--- a/cas/src/main/java/org/springframework/security/cas/authentication/CasAssertionAuthenticationToken.java
+++ b/cas/src/main/java/org/springframework/security/cas/authentication/CasAssertionAuthenticationToken.java
@@ -43,10 +43,12 @@ public final class CasAssertionAuthenticationToken extends AbstractAuthenticatio
 		this.ticket = ticket;
 	}
 
+	@Override
 	public Object getPrincipal() {
 		return this.assertion.getPrincipal().getName();
 	}
 
+	@Override
 	public Object getCredentials() {
 		return this.ticket;
 	}
diff --git a/cas/src/main/java/org/springframework/security/cas/authentication/EhCacheBasedTicketCache.java b/cas/src/main/java/org/springframework/security/cas/authentication/EhCacheBasedTicketCache.java
index c0bd4cdac0..4d54de1aed 100644
--- a/cas/src/main/java/org/springframework/security/cas/authentication/EhCacheBasedTicketCache.java
+++ b/cas/src/main/java/org/springframework/security/cas/authentication/EhCacheBasedTicketCache.java
@@ -36,10 +36,12 @@ public class EhCacheBasedTicketCache implements StatelessTicketCache, Initializi
 
 	private Ehcache cache;
 
+	@Override
 	public void afterPropertiesSet() {
 		Assert.notNull(this.cache, "cache mandatory");
 	}
 
+	@Override
 	public CasAuthenticationToken getByTicketId(final String serviceTicket) {
 		final Element element = this.cache.get(serviceTicket);
 
@@ -54,6 +56,7 @@ public class EhCacheBasedTicketCache implements StatelessTicketCache, Initializi
 		return this.cache;
 	}
 
+	@Override
 	public void putTicketInCache(final CasAuthenticationToken token) {
 		final Element element = new Element(token.getCredentials().toString(), token);
 
@@ -64,6 +67,7 @@ public class EhCacheBasedTicketCache implements StatelessTicketCache, Initializi
 		this.cache.put(element);
 	}
 
+	@Override
 	public void removeTicketFromCache(final CasAuthenticationToken token) {
 		if (logger.isDebugEnabled()) {
 			logger.debug("Cache remove: " + token.getCredentials().toString());
@@ -72,6 +76,7 @@ public class EhCacheBasedTicketCache implements StatelessTicketCache, Initializi
 		this.removeTicketFromCache(token.getCredentials().toString());
 	}
 
+	@Override
 	public void removeTicketFromCache(final String serviceTicket) {
 		this.cache.remove(serviceTicket);
 	}
diff --git a/cas/src/main/java/org/springframework/security/cas/authentication/NullStatelessTicketCache.java b/cas/src/main/java/org/springframework/security/cas/authentication/NullStatelessTicketCache.java
index e5aafe8235..ee217f7c7b 100644
--- a/cas/src/main/java/org/springframework/security/cas/authentication/NullStatelessTicketCache.java
+++ b/cas/src/main/java/org/springframework/security/cas/authentication/NullStatelessTicketCache.java
@@ -31,6 +31,7 @@ public final class NullStatelessTicketCache implements StatelessTicketCache {
 	/**
 	 * @return null since we are not storing any tickets.
 	 */
+	@Override
 	public CasAuthenticationToken getByTicketId(final String serviceTicket) {
 		return null;
 	}
@@ -38,6 +39,7 @@ public final class NullStatelessTicketCache implements StatelessTicketCache {
 	/**
 	 * This is a no-op since we are not storing tickets.
 	 */
+	@Override
 	public void putTicketInCache(final CasAuthenticationToken token) {
 		// nothing to do
 	}
@@ -45,6 +47,7 @@ public final class NullStatelessTicketCache implements StatelessTicketCache {
 	/**
 	 * This is a no-op since we are not storing tickets.
 	 */
+	@Override
 	public void removeTicketFromCache(final CasAuthenticationToken token) {
 		// nothing to do
 	}
@@ -52,6 +55,7 @@ public final class NullStatelessTicketCache implements StatelessTicketCache {
 	/**
 	 * This is a no-op since we are not storing tickets.
 	 */
+	@Override
 	public void removeTicketFromCache(final String serviceTicket) {
 		// nothing to do
 	}
diff --git a/cas/src/main/java/org/springframework/security/cas/authentication/SpringCacheBasedTicketCache.java b/cas/src/main/java/org/springframework/security/cas/authentication/SpringCacheBasedTicketCache.java
index 28dcd5e291..bdf30ea4b3 100644
--- a/cas/src/main/java/org/springframework/security/cas/authentication/SpringCacheBasedTicketCache.java
+++ b/cas/src/main/java/org/springframework/security/cas/authentication/SpringCacheBasedTicketCache.java
@@ -39,6 +39,7 @@ public class SpringCacheBasedTicketCache implements StatelessTicketCache {
 		this.cache = cache;
 	}
 
+	@Override
 	public CasAuthenticationToken getByTicketId(final String serviceTicket) {
 		final Cache.ValueWrapper element = serviceTicket != null ? this.cache.get(serviceTicket) : null;
 
@@ -49,6 +50,7 @@ public class SpringCacheBasedTicketCache implements StatelessTicketCache {
 		return element == null ? null : (CasAuthenticationToken) element.get();
 	}
 
+	@Override
 	public void putTicketInCache(final CasAuthenticationToken token) {
 		String key = token.getCredentials().toString();
 
@@ -59,6 +61,7 @@ public class SpringCacheBasedTicketCache implements StatelessTicketCache {
 		this.cache.put(key, token);
 	}
 
+	@Override
 	public void removeTicketFromCache(final CasAuthenticationToken token) {
 		if (logger.isDebugEnabled()) {
 			logger.debug("Cache remove: " + token.getCredentials().toString());
@@ -67,6 +70,7 @@ public class SpringCacheBasedTicketCache implements StatelessTicketCache {
 		this.removeTicketFromCache(token.getCredentials().toString());
 	}
 
+	@Override
 	public void removeTicketFromCache(final String serviceTicket) {
 		this.cache.evict(serviceTicket);
 	}
diff --git a/cas/src/main/java/org/springframework/security/cas/userdetails/AbstractCasAssertionUserDetailsService.java b/cas/src/main/java/org/springframework/security/cas/userdetails/AbstractCasAssertionUserDetailsService.java
index 25c0973f11..786f52a717 100644
--- a/cas/src/main/java/org/springframework/security/cas/userdetails/AbstractCasAssertionUserDetailsService.java
+++ b/cas/src/main/java/org/springframework/security/cas/userdetails/AbstractCasAssertionUserDetailsService.java
@@ -32,6 +32,7 @@ import org.springframework.security.core.userdetails.UserDetails;
 public abstract class AbstractCasAssertionUserDetailsService
 		implements AuthenticationUserDetailsService<CasAssertionAuthenticationToken> {
 
+	@Override
 	public final UserDetails loadUserDetails(final CasAssertionAuthenticationToken token) {
 		return loadUserDetails(token.getAssertion());
 	}
diff --git a/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationEntryPoint.java b/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationEntryPoint.java
index e80c101ac5..033a26db9f 100644
--- a/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationEntryPoint.java
+++ b/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationEntryPoint.java
@@ -60,12 +60,14 @@ public class CasAuthenticationEntryPoint implements AuthenticationEntryPoint, In
 	 */
 	private boolean encodeServiceUrlWithSessionId = true;
 
+	@Override
 	public void afterPropertiesSet() {
 		Assert.hasLength(this.loginUrl, "loginUrl must be specified");
 		Assert.notNull(this.serviceProperties, "serviceProperties must be specified");
 		Assert.notNull(this.serviceProperties.getService(), "serviceProperties.getService() cannot be null.");
 	}
 
+	@Override
 	public final void commence(final HttpServletRequest servletRequest, final HttpServletResponse response,
 			final AuthenticationException authenticationException) throws IOException {
 
diff --git a/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationFilter.java b/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationFilter.java
index e7666a1cdd..ee5164c166 100644
--- a/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationFilter.java
+++ b/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationFilter.java
@@ -271,6 +271,7 @@ public class CasAuthenticationFilter extends AbstractAuthenticationProcessingFil
 	/**
 	 * Overridden to provide proxying capabilities.
 	 */
+	@Override
 	protected boolean requiresAuthentication(final HttpServletRequest request, final HttpServletResponse response) {
 		final boolean serviceTicketRequest = serviceTicketRequest(request, response);
 		final boolean result = serviceTicketRequest || proxyReceptorRequest(request)
@@ -398,6 +399,7 @@ public class CasAuthenticationFilter extends AbstractAuthenticationProcessingFil
 			this.serviceTicketFailureHandler = failureHandler;
 		}
 
+		@Override
 		public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
 				AuthenticationException exception) throws IOException, ServletException {
 			if (serviceTicketRequest(request, response)) {
diff --git a/cas/src/main/java/org/springframework/security/cas/web/authentication/DefaultServiceAuthenticationDetails.java b/cas/src/main/java/org/springframework/security/cas/web/authentication/DefaultServiceAuthenticationDetails.java
index 049bc3b8d4..3726df3736 100644
--- a/cas/src/main/java/org/springframework/security/cas/web/authentication/DefaultServiceAuthenticationDetails.java
+++ b/cas/src/main/java/org/springframework/security/cas/web/authentication/DefaultServiceAuthenticationDetails.java
@@ -61,6 +61,7 @@ final class DefaultServiceAuthenticationDetails extends WebAuthenticationDetails
 	 * Returns the current URL minus the artifact parameter and its value, if present.
 	 * @see org.springframework.security.cas.web.authentication.ServiceAuthenticationDetails#getServiceUrl()
 	 */
+	@Override
 	public String getServiceUrl() {
 		return this.serviceUrl;
 	}
diff --git a/cas/src/main/java/org/springframework/security/cas/web/authentication/ServiceAuthenticationDetailsSource.java b/cas/src/main/java/org/springframework/security/cas/web/authentication/ServiceAuthenticationDetailsSource.java
index 4e8a777fa1..5875b587e3 100644
--- a/cas/src/main/java/org/springframework/security/cas/web/authentication/ServiceAuthenticationDetailsSource.java
+++ b/cas/src/main/java/org/springframework/security/cas/web/authentication/ServiceAuthenticationDetailsSource.java
@@ -68,6 +68,7 @@ public class ServiceAuthenticationDetailsSource
 	 * @return the {@code ServiceAuthenticationDetails} containing information about the
 	 * current request
 	 */
+	@Override
 	public ServiceAuthenticationDetails buildDetails(HttpServletRequest context) {
 		try {
 			return new DefaultServiceAuthenticationDetails(this.serviceProperties.getService(), context,
diff --git a/cas/src/test/java/org/springframework/security/cas/authentication/CasAuthenticationProviderTests.java b/cas/src/test/java/org/springframework/security/cas/authentication/CasAuthenticationProviderTests.java
index b85f6baeb7..60313ef8de 100644
--- a/cas/src/test/java/org/springframework/security/cas/authentication/CasAuthenticationProviderTests.java
+++ b/cas/src/test/java/org/springframework/security/cas/authentication/CasAuthenticationProviderTests.java
@@ -378,6 +378,7 @@ public class CasAuthenticationProviderTests {
 
 	private class MockAuthoritiesPopulator implements AuthenticationUserDetailsService {
 
+		@Override
 		public UserDetails loadUserDetails(final Authentication token) throws UsernameNotFoundException {
 			return makeUserDetailsFromAuthoritiesPopulator();
 		}
@@ -388,18 +389,22 @@ public class CasAuthenticationProviderTests {
 
 		private Map<String, CasAuthenticationToken> cache = new HashMap<>();
 
+		@Override
 		public CasAuthenticationToken getByTicketId(String serviceTicket) {
 			return this.cache.get(serviceTicket);
 		}
 
+		@Override
 		public void putTicketInCache(CasAuthenticationToken token) {
 			this.cache.put(token.getCredentials().toString(), token);
 		}
 
+		@Override
 		public void removeTicketFromCache(CasAuthenticationToken token) {
 			throw new UnsupportedOperationException("mock method not implemented");
 		}
 
+		@Override
 		public void removeTicketFromCache(String serviceTicket) {
 			throw new UnsupportedOperationException("mock method not implemented");
 		}
@@ -414,6 +419,7 @@ public class CasAuthenticationProviderTests {
 			this.returnTicket = returnTicket;
 		}
 
+		@Override
 		public Assertion validate(final String ticket, final String service) {
 			if (this.returnTicket) {
 				return new AssertionImpl("rod");
diff --git a/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/LdapAuthenticationProviderBuilderSecurityBuilderTests.java b/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/LdapAuthenticationProviderBuilderSecurityBuilderTests.java
index 915a3187a0..0eefa06350 100644
--- a/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/LdapAuthenticationProviderBuilderSecurityBuilderTests.java
+++ b/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/LdapAuthenticationProviderBuilderSecurityBuilderTests.java
@@ -79,6 +79,7 @@ public class LdapAuthenticationProviderBuilderSecurityBuilderTests {
 	@EnableWebSecurity
 	static class DefaultLdapConfig extends BaseLdapProviderConfig {
 
+		@Override
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
 			// @formatter:off
 			auth
@@ -102,6 +103,7 @@ public class LdapAuthenticationProviderBuilderSecurityBuilderTests {
 	@EnableWebSecurity
 	static class GroupRolesConfig extends BaseLdapProviderConfig {
 
+		@Override
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
 			// @formatter:off
 			auth
@@ -126,6 +128,7 @@ public class LdapAuthenticationProviderBuilderSecurityBuilderTests {
 	@EnableWebSecurity
 	static class GroupSearchConfig extends BaseLdapProviderConfig {
 
+		@Override
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
 			// @formatter:off
 			auth
@@ -150,6 +153,7 @@ public class LdapAuthenticationProviderBuilderSecurityBuilderTests {
 	@EnableWebSecurity
 	static class GroupSubtreeSearchConfig extends BaseLdapProviderConfig {
 
+		@Override
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
 			// @formatter:off
 			auth
@@ -174,6 +178,7 @@ public class LdapAuthenticationProviderBuilderSecurityBuilderTests {
 	@EnableWebSecurity
 	static class RolePrefixConfig extends BaseLdapProviderConfig {
 
+		@Override
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
 			// @formatter:off
 			auth
@@ -197,6 +202,7 @@ public class LdapAuthenticationProviderBuilderSecurityBuilderTests {
 	@EnableWebSecurity
 	static class BindAuthenticationConfig extends BaseLdapServerConfig {
 
+		@Override
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
 			// @formatter:off
 			auth
@@ -222,6 +228,7 @@ public class LdapAuthenticationProviderBuilderSecurityBuilderTests {
 	@EnableWebSecurity
 	static class PasswordEncoderConfig extends BaseLdapServerConfig {
 
+		@Override
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
 			// @formatter:off
 			auth
@@ -283,6 +290,7 @@ public class LdapAuthenticationProviderBuilderSecurityBuilderTests {
 			return auth.build();
 		}
 
+		@Override
 		abstract protected void configure(AuthenticationManagerBuilder auth) throws Exception;
 
 	}
diff --git a/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/LdapAuthenticationProviderConfigurerTests.java b/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/LdapAuthenticationProviderConfigurerTests.java
index d634ac6f85..cf9f64f7c0 100644
--- a/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/LdapAuthenticationProviderConfigurerTests.java
+++ b/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/LdapAuthenticationProviderConfigurerTests.java
@@ -86,6 +86,7 @@ public class LdapAuthenticationProviderConfigurerTests {
 	@EnableWebSecurity
 	static class MultiLdapAuthenticationProvidersConfig extends WebSecurityConfigurerAdapter {
 
+		@Override
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
 			// @formatter:off
 			auth
@@ -106,6 +107,7 @@ public class LdapAuthenticationProviderConfigurerTests {
 	@EnableWebSecurity
 	static class MultiLdapWithCustomRolePrefixAuthenticationProvidersConfig extends WebSecurityConfigurerAdapter {
 
+		@Override
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
 			// @formatter:off
 			auth
@@ -146,6 +148,7 @@ public class LdapAuthenticationProviderConfigurerTests {
 	@EnableWebSecurity
 	static class GroupSubtreeSearchConfig extends BaseLdapProviderConfig {
 
+		@Override
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
 			// @formatter:off
 			auth
diff --git a/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/NamespaceLdapAuthenticationProviderTestsConfigs.java b/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/NamespaceLdapAuthenticationProviderTestsConfigs.java
index 7a1959f23e..6b07c6fa3d 100644
--- a/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/NamespaceLdapAuthenticationProviderTestsConfigs.java
+++ b/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/NamespaceLdapAuthenticationProviderTestsConfigs.java
@@ -31,6 +31,7 @@ public class NamespaceLdapAuthenticationProviderTestsConfigs {
 	@EnableWebSecurity
 	static class LdapAuthenticationProviderConfig extends WebSecurityConfigurerAdapter {
 
+		@Override
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
 			// @formatter:off
 			auth
@@ -45,6 +46,7 @@ public class NamespaceLdapAuthenticationProviderTestsConfigs {
 	@EnableWebSecurity
 	static class CustomLdapAuthenticationProviderConfig extends WebSecurityConfigurerAdapter {
 
+		@Override
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
 			// @formatter:off
 			auth
@@ -76,6 +78,7 @@ public class NamespaceLdapAuthenticationProviderTestsConfigs {
 
 		static LdapAuthoritiesPopulator LAP;
 
+		@Override
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
 			// @formatter:off
 			auth
@@ -90,6 +93,7 @@ public class NamespaceLdapAuthenticationProviderTestsConfigs {
 	@EnableWebSecurity
 	static class PasswordCompareLdapConfig extends WebSecurityConfigurerAdapter {
 
+		@Override
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
 			// @formatter:off
 			auth
diff --git a/config/src/main/java/org/springframework/security/config/DebugBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/DebugBeanDefinitionParser.java
index 3cf8571f40..475c9b275b 100644
--- a/config/src/main/java/org/springframework/security/config/DebugBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/DebugBeanDefinitionParser.java
@@ -28,6 +28,7 @@ import org.springframework.security.config.debug.SecurityDebugBeanFactoryPostPro
  */
 public class DebugBeanDefinitionParser implements BeanDefinitionParser {
 
+	@Override
 	public BeanDefinition parse(Element element, ParserContext parserContext) {
 		RootBeanDefinition debugPP = new RootBeanDefinition(SecurityDebugBeanFactoryPostProcessor.class);
 		parserContext.getReaderContext().registerWithGeneratedName(debugPP);
diff --git a/config/src/main/java/org/springframework/security/config/SecurityNamespaceHandler.java b/config/src/main/java/org/springframework/security/config/SecurityNamespaceHandler.java
index 9de6be2efb..00f06674f3 100644
--- a/config/src/main/java/org/springframework/security/config/SecurityNamespaceHandler.java
+++ b/config/src/main/java/org/springframework/security/config/SecurityNamespaceHandler.java
@@ -91,6 +91,7 @@ public final class SecurityNamespaceHandler implements NamespaceHandler {
 		}
 	}
 
+	@Override
 	public BeanDefinition parse(Element element, ParserContext pc) {
 		if (!namespaceMatchesVersion(element)) {
 			pc.getReaderContext().fatal(
@@ -121,6 +122,7 @@ public final class SecurityNamespaceHandler implements NamespaceHandler {
 		return parser.parse(element, pc);
 	}
 
+	@Override
 	public BeanDefinitionHolder decorate(Node node, BeanDefinitionHolder definition, ParserContext pc) {
 		String name = pc.getDelegate().getLocalName(node);
 
@@ -165,6 +167,7 @@ public final class SecurityNamespaceHandler implements NamespaceHandler {
 		}
 	}
 
+	@Override
 	public void init() {
 		loadParsers();
 	}
diff --git a/config/src/main/java/org/springframework/security/config/annotation/AbstractSecurityBuilder.java b/config/src/main/java/org/springframework/security/config/annotation/AbstractSecurityBuilder.java
index afaeebd92a..bc8aa3d53f 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/AbstractSecurityBuilder.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/AbstractSecurityBuilder.java
@@ -36,6 +36,7 @@ public abstract class AbstractSecurityBuilder<O> implements SecurityBuilder<O> {
 	 *
 	 * @see org.springframework.security.config.annotation.SecurityBuilder#build()
 	 */
+	@Override
 	public final O build() throws Exception {
 		if (this.building.compareAndSet(false, true)) {
 			this.object = doBuild();
diff --git a/config/src/main/java/org/springframework/security/config/annotation/SecurityConfigurerAdapter.java b/config/src/main/java/org/springframework/security/config/annotation/SecurityConfigurerAdapter.java
index befa941eeb..4d690a1324 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/SecurityConfigurerAdapter.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/SecurityConfigurerAdapter.java
@@ -39,9 +39,11 @@ public abstract class SecurityConfigurerAdapter<O, B extends SecurityBuilder<O>>
 
 	private CompositeObjectPostProcessor objectPostProcessor = new CompositeObjectPostProcessor();
 
+	@Override
 	public void init(B builder) throws Exception {
 	}
 
+	@Override
 	public void configure(B builder) throws Exception {
 	}
 
@@ -106,6 +108,7 @@ public abstract class SecurityConfigurerAdapter<O, B extends SecurityBuilder<O>>
 
 		private List<ObjectPostProcessor<?>> postProcessors = new ArrayList<>();
 
+		@Override
 		@SuppressWarnings({ "rawtypes", "unchecked" })
 		public Object postProcess(Object object) {
 			for (ObjectPostProcessor opp : this.postProcessors) {
diff --git a/config/src/main/java/org/springframework/security/config/annotation/authentication/builders/AuthenticationManagerBuilder.java b/config/src/main/java/org/springframework/security/config/annotation/authentication/builders/AuthenticationManagerBuilder.java
index a4080c2f8c..33c65e45fb 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/authentication/builders/AuthenticationManagerBuilder.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/authentication/builders/AuthenticationManagerBuilder.java
@@ -212,6 +212,7 @@ public class AuthenticationManagerBuilder
 	 * @return a {@link AuthenticationManagerBuilder} to allow further authentication to
 	 * be provided to the {@link AuthenticationManagerBuilder}
 	 */
+	@Override
 	public AuthenticationManagerBuilder authenticationProvider(AuthenticationProvider authenticationProvider) {
 		this.authenticationProviders.add(authenticationProvider);
 		return this;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/GlobalAuthenticationConfigurerAdapter.java b/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/GlobalAuthenticationConfigurerAdapter.java
index 4d2ed79e9b..8d28317fe1 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/GlobalAuthenticationConfigurerAdapter.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/GlobalAuthenticationConfigurerAdapter.java
@@ -33,9 +33,11 @@ import org.springframework.security.config.annotation.authentication.builders.Au
 public abstract class GlobalAuthenticationConfigurerAdapter
 		implements SecurityConfigurer<AuthenticationManager, AuthenticationManagerBuilder> {
 
+	@Override
 	public void init(AuthenticationManagerBuilder auth) throws Exception {
 	}
 
+	@Override
 	public void configure(AuthenticationManagerBuilder auth) throws Exception {
 	}
 
diff --git a/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/userdetails/AbstractDaoAuthenticationConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/userdetails/AbstractDaoAuthenticationConfigurer.java
index e0cf9686f1..11f44fa656 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/userdetails/AbstractDaoAuthenticationConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/userdetails/AbstractDaoAuthenticationConfigurer.java
@@ -91,6 +91,7 @@ abstract class AbstractDaoAuthenticationConfigurer<B extends ProviderManagerBuil
 	 * @return the {@link UserDetailsService} that is used with the
 	 * {@link DaoAuthenticationProvider}
 	 */
+	@Override
 	public U getUserDetailsService() {
 		return this.userDetailsService;
 	}
diff --git a/config/src/main/java/org/springframework/security/config/annotation/configuration/AutowireBeanFactoryObjectPostProcessor.java b/config/src/main/java/org/springframework/security/config/annotation/configuration/AutowireBeanFactoryObjectPostProcessor.java
index a7348f28c8..f2187b6872 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/configuration/AutowireBeanFactoryObjectPostProcessor.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/configuration/AutowireBeanFactoryObjectPostProcessor.java
@@ -60,6 +60,7 @@ final class AutowireBeanFactoryObjectPostProcessor
 	 * org.springframework.security.config.annotation.web.Initializer#initialize(java.
 	 * lang.Object)
 	 */
+	@Override
 	@SuppressWarnings("unchecked")
 	public <T> T postProcess(T object) {
 		if (object == null) {
@@ -101,6 +102,7 @@ final class AutowireBeanFactoryObjectPostProcessor
 	 *
 	 * @see org.springframework.beans.factory.DisposableBean#destroy()
 	 */
+	@Override
 	public void destroy() {
 		for (DisposableBean disposable : this.disposableBeans) {
 			try {
diff --git a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityAspectJAutoProxyRegistrar.java b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityAspectJAutoProxyRegistrar.java
index 0d2705d6f5..7ddce8b636 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityAspectJAutoProxyRegistrar.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityAspectJAutoProxyRegistrar.java
@@ -43,6 +43,7 @@ class GlobalMethodSecurityAspectJAutoProxyRegistrar implements ImportBeanDefinit
 	 * of the @{@link EnableGlobalMethodSecurity#proxyTargetClass()} attribute on the
 	 * importing {@code @Configuration} class.
 	 */
+	@Override
 	public void registerBeanDefinitions(AnnotationMetadata importingClassMetadata, BeanDefinitionRegistry registry) {
 
 		BeanDefinition interceptor = registry.getBeanDefinition("methodSecurityInterceptor");
diff --git a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfiguration.java
index d1f447f54d..fea0c10fd5 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfiguration.java
@@ -91,6 +91,7 @@ public class GlobalMethodSecurityConfiguration implements ImportAware, SmartInit
 	private static final Log logger = LogFactory.getLog(GlobalMethodSecurityConfiguration.class);
 
 	private ObjectPostProcessor<Object> objectPostProcessor = new ObjectPostProcessor<Object>() {
+		@Override
 		public <T> T postProcess(T object) {
 			throw new IllegalStateException(ObjectPostProcessor.class.getName()
 					+ " is a required bean. Ensure you have used @" + EnableGlobalMethodSecurity.class.getName());
@@ -402,6 +403,7 @@ public class GlobalMethodSecurityConfiguration implements ImportAware, SmartInit
 	 * Obtains the attributes from {@link EnableGlobalMethodSecurity} if this class was
 	 * imported using the {@link EnableGlobalMethodSecurity} annotation.
 	 */
+	@Override
 	public final void setImportMetadata(AnnotationMetadata importMetadata) {
 		Map<String, Object> annotationAttributes = importMetadata
 				.getAnnotationAttributes(EnableGlobalMethodSecurity.class.getName());
diff --git a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecuritySelector.java b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecuritySelector.java
index da6bf1537f..065e0306e7 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecuritySelector.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecuritySelector.java
@@ -36,6 +36,7 @@ import org.springframework.util.ClassUtils;
  */
 final class GlobalMethodSecuritySelector implements ImportSelector {
 
+	@Override
 	public String[] selectImports(AnnotationMetadata importingClassMetadata) {
 		Class<EnableGlobalMethodSecurity> annoType = EnableGlobalMethodSecurity.class;
 		Map<String, Object> annotationAttributes = importingClassMetadata.getAnnotationAttributes(annoType.getName(),
diff --git a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/MethodSecurityMetadataSourceAdvisorRegistrar.java b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/MethodSecurityMetadataSourceAdvisorRegistrar.java
index a000487b95..8ffdb284b0 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/MethodSecurityMetadataSourceAdvisorRegistrar.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/MethodSecurityMetadataSourceAdvisorRegistrar.java
@@ -39,6 +39,7 @@ class MethodSecurityMetadataSourceAdvisorRegistrar implements ImportBeanDefiniti
 	 * of the @{@link EnableGlobalMethodSecurity#proxyTargetClass()} attribute on the
 	 * importing {@code @Configuration} class.
 	 */
+	@Override
 	public void registerBeanDefinitions(AnnotationMetadata importingClassMetadata, BeanDefinitionRegistry registry) {
 
 		BeanDefinitionBuilder advisor = BeanDefinitionBuilder
diff --git a/config/src/main/java/org/springframework/security/config/annotation/rsocket/PayloadInterceptorOrder.java b/config/src/main/java/org/springframework/security/config/annotation/rsocket/PayloadInterceptorOrder.java
index f21d5b71eb..4577301714 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/rsocket/PayloadInterceptorOrder.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/rsocket/PayloadInterceptorOrder.java
@@ -63,6 +63,7 @@ public enum PayloadInterceptorOrder implements Ordered {
 		this.order = ordinal() * INTERVAL;
 	}
 
+	@Override
 	public int getOrder() {
 		return this.order;
 	}
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/builders/FilterComparator.java b/config/src/main/java/org/springframework/security/config/annotation/web/builders/FilterComparator.java
index 85a5585ebe..bce769dd97 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/builders/FilterComparator.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/builders/FilterComparator.java
@@ -112,6 +112,7 @@ final class FilterComparator implements Comparator<Filter>, Serializable {
 		put(SwitchUserFilter.class, order.next());
 	}
 
+	@Override
 	public int compare(Filter lhs, Filter rhs) {
 		Integer left = getOrder(lhs.getClass());
 		Integer right = getOrder(rhs.getClass());
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java b/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java
index 7c8ceeabc7..2b5825bcb4 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java
@@ -239,6 +239,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * supported by <code>spring-security-oauth2</code>.
 	 * @see OpenIDLoginConfigurer
 	 */
+	@Deprecated
 	public OpenIDLoginConfigurer<HttpSecurity> openidLogin() throws Exception {
 		return getOrApply(new OpenIDLoginConfigurer<>());
 	}
@@ -362,6 +363,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * supported by <code>spring-security-oauth2</code>.
 	 * @see OpenIDLoginConfigurer
 	 */
+	@Deprecated
 	public HttpSecurity openidLogin(Customizer<OpenIDLoginConfigurer<HttpSecurity>> openidLoginCustomizer)
 			throws Exception {
 		openidLoginCustomizer.customize(getOrApply(new OpenIDLoginConfigurer<>()));
@@ -2507,6 +2509,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 		return HttpSecurity.this;
 	}
 
+	@Override
 	public <C> void setSharedObject(Class<C> sharedType, C object) {
 		super.setSharedObject(sharedType, object);
 	}
@@ -2529,6 +2532,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * authenticationProvider
 	 * (org.springframework.security.authentication.AuthenticationProvider)
 	 */
+	@Override
 	public HttpSecurity authenticationProvider(AuthenticationProvider authenticationProvider) {
 		getAuthenticationRegistry().authenticationProvider(authenticationProvider);
 		return this;
@@ -2541,6 +2545,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * userDetailsService
 	 * (org.springframework.security.core.userdetails.UserDetailsService)
 	 */
+	@Override
 	public HttpSecurity userDetailsService(UserDetailsService userDetailsService) throws Exception {
 		getAuthenticationRegistry().userDetailsService(userDetailsService);
 		return this;
@@ -2556,6 +2561,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * @see org.springframework.security.config.annotation.web.HttpSecurityBuilder#
 	 * addFilterAfter(javax .servlet.Filter, java.lang.Class)
 	 */
+	@Override
 	public HttpSecurity addFilterAfter(Filter filter, Class<? extends Filter> afterFilter) {
 		this.comparator.registerAfter(filter.getClass(), afterFilter);
 		return addFilter(filter);
@@ -2567,6 +2573,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * @see org.springframework.security.config.annotation.web.HttpSecurityBuilder#
 	 * addFilterBefore( javax.servlet.Filter, java.lang.Class)
 	 */
+	@Override
 	public HttpSecurity addFilterBefore(Filter filter, Class<? extends Filter> beforeFilter) {
 		this.comparator.registerBefore(filter.getClass(), beforeFilter);
 		return addFilter(filter);
@@ -2579,6 +2586,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * org.springframework.security.config.annotation.web.HttpSecurityBuilder#addFilter(
 	 * javax. servlet.Filter)
 	 */
+	@Override
 	public HttpSecurity addFilter(Filter filter) {
 		Class<? extends Filter> filterClass = filter.getClass();
 		if (!this.comparator.isRegistered(filterClass)) {
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/SpringWebMvcImportSelector.java b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/SpringWebMvcImportSelector.java
index 93aa8279c5..2550cb8cc8 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/SpringWebMvcImportSelector.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/SpringWebMvcImportSelector.java
@@ -35,6 +35,7 @@ class SpringWebMvcImportSelector implements ImportSelector {
 	 * @see org.springframework.context.annotation.ImportSelector#selectImports(org.
 	 * springframework .core.type.AnnotationMetadata)
 	 */
+	@Override
 	public String[] selectImports(AnnotationMetadata importingClassMetadata) {
 		boolean webmvcPresent = ClassUtils.isPresent("org.springframework.web.servlet.DispatcherServlet",
 				getClass().getClassLoader());
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.java
index 73c62f6896..39c0a279bc 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.java
@@ -227,6 +227,7 @@ public class WebSecurityConfiguration implements ImportAware, BeanClassLoaderAwa
 	 * @see org.springframework.context.annotation.ImportAware#setImportMetadata(org.
 	 * springframework.core.type.AnnotationMetadata)
 	 */
+	@Override
 	public void setImportMetadata(AnnotationMetadata importMetadata) {
 		Map<String, Object> enableWebSecurityAttrMap = importMetadata
 				.getAnnotationAttributes(EnableWebSecurity.class.getName());
@@ -244,6 +245,7 @@ public class WebSecurityConfiguration implements ImportAware, BeanClassLoaderAwa
 	 * org.springframework.beans.factory.BeanClassLoaderAware#setBeanClassLoader(java.
 	 * lang.ClassLoader)
 	 */
+	@Override
 	public void setBeanClassLoader(ClassLoader classLoader) {
 		this.beanClassLoader = classLoader;
 	}
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurerAdapter.java b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurerAdapter.java
index 27404b9486..e6948d70fe 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurerAdapter.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurerAdapter.java
@@ -100,6 +100,7 @@ public abstract class WebSecurityConfigurerAdapter implements WebSecurityConfigu
 	private ContentNegotiationStrategy contentNegotiationStrategy = new HeaderContentNegotiationStrategy();
 
 	private ObjectPostProcessor<Object> objectPostProcessor = new ObjectPostProcessor<Object>() {
+		@Override
 		public <T> T postProcess(T object) {
 			throw new IllegalStateException(ObjectPostProcessor.class.getName()
 					+ " is a required bean. Ensure you have used @EnableWebSecurity and @Configuration");
@@ -312,6 +313,7 @@ public abstract class WebSecurityConfigurerAdapter implements WebSecurityConfigu
 		return new UserDetailsServiceDelegator(Arrays.asList(this.localConfigureAuthenticationBldr, globalAuthBuilder));
 	}
 
+	@Override
 	public void init(final WebSecurity web) throws Exception {
 		final HttpSecurity http = getHttp();
 		web.addSecurityFilterChainBuilder(http).postBuildAction(() -> {
@@ -331,6 +333,7 @@ public abstract class WebSecurityConfigurerAdapter implements WebSecurityConfigu
 	 * {@link #configure(HttpSecurity)} and the {@link HttpSecurity#authorizeRequests}
 	 * configuration method.
 	 */
+	@Override
 	public void configure(WebSecurity web) throws Exception {
 	}
 
@@ -461,6 +464,7 @@ public abstract class WebSecurityConfigurerAdapter implements WebSecurityConfigu
 			this.delegateBuilders = delegateBuilders;
 		}
 
+		@Override
 		public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
 			if (this.delegate != null) {
 				return this.delegate.loadUserByUsername(username);
@@ -514,6 +518,7 @@ public abstract class WebSecurityConfigurerAdapter implements WebSecurityConfigu
 			this.delegateBuilder = delegateBuilder;
 		}
 
+		@Override
 		public Authentication authenticate(Authentication authentication) throws AuthenticationException {
 			if (this.delegate != null) {
 				return this.delegate.authenticate(authentication);
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractConfigAttributeRequestMatcherRegistry.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractConfigAttributeRequestMatcherRegistry.java
index cc3d26f1bd..f5e6f52d97 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractConfigAttributeRequestMatcherRegistry.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractConfigAttributeRequestMatcherRegistry.java
@@ -69,6 +69,7 @@ public abstract class AbstractConfigAttributeRequestMatcherRegistry<C> extends A
 	 * @return the chained Object for the subclass which allows association of something
 	 * else to the {@link RequestMatcher}
 	 */
+	@Override
 	protected final C chainRequestMatchers(List<RequestMatcher> requestMatchers) {
 		this.unmappedMatchers = requestMatchers;
 		return chainRequestMatchersInternal(requestMatchers);
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/PermitAllSupport.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/PermitAllSupport.java
index 0d8a6cecf2..81a86a23a3 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/PermitAllSupport.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/PermitAllSupport.java
@@ -64,6 +64,7 @@ final class PermitAllSupport {
 			this.processUrl = processUrl;
 		}
 
+		@Override
 		public boolean matches(HttpServletRequest request) {
 			String uri = request.getRequestURI();
 			String query = request.getQueryString();
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationConfigurer.java
index 3c9458ff72..b9a47da77e 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationConfigurer.java
@@ -108,6 +108,7 @@ public final class UrlAuthorizationConfigurer<H extends HttpSecurityBuilder<H>>
 	 * @param objectPostProcessor
 	 * @return the {@link UrlAuthorizationConfigurer} for further customizations
 	 */
+	@Override
 	public UrlAuthorizationConfigurer<H> withObjectPostProcessor(ObjectPostProcessor<?> objectPostProcessor) {
 		addObjectPostProcessor(objectPostProcessor);
 		return this;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurer.java
index 19f0fd4cdd..7d304bb37e 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurer.java
@@ -124,6 +124,7 @@ import org.springframework.security.web.util.matcher.RequestMatcher;
  * migrate</a> to <a href="https://openid.net/connect/">OpenID Connect</a>, which is
  * supported by <code>spring-security-oauth2</code>.
  */
+@Deprecated
 public final class OpenIDLoginConfigurer<H extends HttpSecurityBuilder<H>>
 		extends AbstractAuthenticationFilterConfigurer<H, OpenIDLoginConfigurer<H>, OpenIDAuthenticationFilter> {
 
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistry.java b/config/src/main/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistry.java
index ecf90a4c93..4507c9d845 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistry.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistry.java
@@ -417,6 +417,7 @@ public class MessageSecurityMetadataSourceRegistry {
 			this.matcher = matcher;
 		}
 
+		@Override
 		public MessageMatcher<?> build() {
 			return this.matcher;
 		}
@@ -434,6 +435,7 @@ public class MessageSecurityMetadataSourceRegistry {
 			this.type = type;
 		}
 
+		@Override
 		public MessageMatcher<?> build() {
 			if (this.type == null) {
 				return new SimpDestinationMessageMatcher(this.pattern,
@@ -462,30 +464,37 @@ public class MessageSecurityMetadataSourceRegistry {
 
 		private PathMatcher delegate = new AntPathMatcher();
 
+		@Override
 		public boolean isPattern(String path) {
 			return this.delegate.isPattern(path);
 		}
 
+		@Override
 		public boolean match(String pattern, String path) {
 			return this.delegate.match(pattern, path);
 		}
 
+		@Override
 		public boolean matchStart(String pattern, String path) {
 			return this.delegate.matchStart(pattern, path);
 		}
 
+		@Override
 		public String extractPathWithinPattern(String pattern, String path) {
 			return this.delegate.extractPathWithinPattern(pattern, path);
 		}
 
+		@Override
 		public Map<String, String> extractUriTemplateVariables(String pattern, String path) {
 			return this.delegate.extractUriTemplateVariables(pattern, path);
 		}
 
+		@Override
 		public Comparator<String> getPatternComparator(String path) {
 			return this.delegate.getPatternComparator(path);
 		}
 
+		@Override
 		public String combine(String pattern1, String pattern2) {
 			return this.delegate.combine(pattern1, pattern2);
 		}
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/servlet/configuration/WebMvcSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/web/servlet/configuration/WebMvcSecurityConfiguration.java
index f8bd8f0d65..aaf439ba77 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/servlet/configuration/WebMvcSecurityConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/servlet/configuration/WebMvcSecurityConfiguration.java
@@ -40,6 +40,7 @@ import org.springframework.web.servlet.support.RequestDataValueProcessor;
  * @author Rob Winch
  * @since 3.2
  */
+@Deprecated
 @Configuration(proxyBeanMethods = false)
 @EnableWebSecurity
 public class WebMvcSecurityConfiguration implements WebMvcConfigurer {
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurer.java
index 1e70040bd7..25bec814d6 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurer.java
@@ -93,6 +93,7 @@ public abstract class AbstractSecurityWebSocketMessageBrokerConfigurer extends A
 
 	private ApplicationContext context;
 
+	@Override
 	public void registerStompEndpoints(StompEndpointRegistry registry) {
 	}
 
@@ -233,6 +234,7 @@ public abstract class AbstractSecurityWebSocketMessageBrokerConfigurer extends A
 		return this.expressionHandler;
 	}
 
+	@Override
 	public void afterSingletonsInstantiated() {
 		if (sameOriginDisabled()) {
 			return;
diff --git a/config/src/main/java/org/springframework/security/config/authentication/AbstractUserDetailsServiceBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/authentication/AbstractUserDetailsServiceBeanDefinitionParser.java
index dd52d00a72..a8ba070ba1 100644
--- a/config/src/main/java/org/springframework/security/config/authentication/AbstractUserDetailsServiceBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/authentication/AbstractUserDetailsServiceBeanDefinitionParser.java
@@ -43,6 +43,7 @@ public abstract class AbstractUserDetailsServiceBeanDefinitionParser implements
 
 	protected abstract void doParse(Element element, ParserContext parserContext, BeanDefinitionBuilder builder);
 
+	@Override
 	public BeanDefinition parse(Element element, ParserContext parserContext) {
 		BeanDefinitionBuilder builder = BeanDefinitionBuilder.rootBeanDefinition(getBeanClassName(element));
 
diff --git a/config/src/main/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParser.java
index ac3ed0c31e..0f0cf34043 100644
--- a/config/src/main/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParser.java
@@ -56,6 +56,7 @@ public class AuthenticationManagerBeanDefinitionParser implements BeanDefinition
 
 	private static final String ATT_ERASE_CREDENTIALS = "erase-credentials";
 
+	@Override
 	public BeanDefinition parse(Element element, ParserContext pc) {
 		String id = element.getAttribute("id");
 
@@ -148,10 +149,12 @@ public class AuthenticationManagerBeanDefinitionParser implements BeanDefinition
 	 */
 	public static final class NullAuthenticationProvider implements AuthenticationProvider {
 
+		@Override
 		public Authentication authenticate(Authentication authentication) throws AuthenticationException {
 			return null;
 		}
 
+		@Override
 		public boolean supports(Class<?> authentication) {
 			return false;
 		}
diff --git a/config/src/main/java/org/springframework/security/config/authentication/AuthenticationManagerFactoryBean.java b/config/src/main/java/org/springframework/security/config/authentication/AuthenticationManagerFactoryBean.java
index 0a64abf68c..6baac6525a 100644
--- a/config/src/main/java/org/springframework/security/config/authentication/AuthenticationManagerFactoryBean.java
+++ b/config/src/main/java/org/springframework/security/config/authentication/AuthenticationManagerFactoryBean.java
@@ -46,6 +46,7 @@ public class AuthenticationManagerFactoryBean implements FactoryBean<Authenticat
 			+ "to your configuration (with child <authentication-provider> elements)? Alternatively you can use the "
 			+ "authentication-manager-ref attribute on your <http> and <global-method-security> elements.";
 
+	@Override
 	public AuthenticationManager getObject() throws Exception {
 		try {
 			return (AuthenticationManager) this.bf.getBean(BeanIds.AUTHENTICATION_MANAGER);
@@ -71,14 +72,17 @@ public class AuthenticationManagerFactoryBean implements FactoryBean<Authenticat
 		}
 	}
 
+	@Override
 	public Class<? extends AuthenticationManager> getObjectType() {
 		return ProviderManager.class;
 	}
 
+	@Override
 	public boolean isSingleton() {
 		return true;
 	}
 
+	@Override
 	public void setBeanFactory(BeanFactory beanFactory) throws BeansException {
 		this.bf = beanFactory;
 	}
diff --git a/config/src/main/java/org/springframework/security/config/authentication/AuthenticationProviderBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/authentication/AuthenticationProviderBeanDefinitionParser.java
index 710d29fb8e..76b9a69fa2 100644
--- a/config/src/main/java/org/springframework/security/config/authentication/AuthenticationProviderBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/authentication/AuthenticationProviderBeanDefinitionParser.java
@@ -38,6 +38,7 @@ public class AuthenticationProviderBeanDefinitionParser implements BeanDefinitio
 
 	private static final String ATT_USER_DETAILS_REF = "user-service-ref";
 
+	@Override
 	public BeanDefinition parse(Element element, ParserContext pc) {
 		RootBeanDefinition authProvider = new RootBeanDefinition(DaoAuthenticationProvider.class);
 		authProvider.setSource(pc.extractSource(element));
diff --git a/config/src/main/java/org/springframework/security/config/authentication/JdbcUserServiceBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/authentication/JdbcUserServiceBeanDefinitionParser.java
index 6d44e2219a..017a6f2d27 100644
--- a/config/src/main/java/org/springframework/security/config/authentication/JdbcUserServiceBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/authentication/JdbcUserServiceBeanDefinitionParser.java
@@ -33,10 +33,12 @@ public class JdbcUserServiceBeanDefinitionParser extends AbstractUserDetailsServ
 	static final String ATT_GROUP_AUTHORITIES_QUERY = "group-authorities-by-username-query";
 	static final String ATT_ROLE_PREFIX = "role-prefix";
 
+	@Override
 	protected String getBeanClassName(Element element) {
 		return "org.springframework.security.provisioning.JdbcUserDetailsManager";
 	}
 
+	@Override
 	protected void doParse(Element element, ParserContext parserContext, BeanDefinitionBuilder builder) {
 		String dataSource = element.getAttribute(ATT_DATA_SOURCE);
 
diff --git a/config/src/main/java/org/springframework/security/config/authentication/UserServiceBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/authentication/UserServiceBeanDefinitionParser.java
index d9b806c360..f6b4a1ca56 100644
--- a/config/src/main/java/org/springframework/security/config/authentication/UserServiceBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/authentication/UserServiceBeanDefinitionParser.java
@@ -51,10 +51,12 @@ public class UserServiceBeanDefinitionParser extends AbstractUserDetailsServiceB
 
 	private SecureRandom random;
 
+	@Override
 	protected String getBeanClassName(Element element) {
 		return InMemoryUserDetailsManager.class.getName();
 	}
 
+	@Override
 	@SuppressWarnings("unchecked")
 	protected void doParse(Element element, ParserContext parserContext, BeanDefinitionBuilder builder) {
 		String userProperties = element.getAttribute(ATT_PROPERTIES);
diff --git a/config/src/main/java/org/springframework/security/config/debug/SecurityDebugBeanFactoryPostProcessor.java b/config/src/main/java/org/springframework/security/config/debug/SecurityDebugBeanFactoryPostProcessor.java
index 23b00c6e45..6f142e4e58 100644
--- a/config/src/main/java/org/springframework/security/config/debug/SecurityDebugBeanFactoryPostProcessor.java
+++ b/config/src/main/java/org/springframework/security/config/debug/SecurityDebugBeanFactoryPostProcessor.java
@@ -35,6 +35,7 @@ public class SecurityDebugBeanFactoryPostProcessor implements BeanDefinitionRegi
 
 	private final Log logger = LogFactory.getLog(getClass());
 
+	@Override
 	public void postProcessBeanDefinitionRegistry(BeanDefinitionRegistry registry) throws BeansException {
 		this.logger.warn("\n\n" + "********************************************************************\n"
 				+ "**********        Security debugging is enabled.       *************\n"
@@ -55,6 +56,7 @@ public class SecurityDebugBeanFactoryPostProcessor implements BeanDefinitionRegi
 		}
 	}
 
+	@Override
 	public void postProcessBeanFactory(ConfigurableListableBeanFactory beanFactory) throws BeansException {
 	}
 
diff --git a/config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java b/config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java
index bf1fc0692d..4063f5ac47 100644
--- a/config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java
+++ b/config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java
@@ -457,6 +457,7 @@ final class AuthenticationConfigBuilder {
 	 * migrate</a> to <a href="https://openid.net/connect/">OpenID Connect</a>, which is
 	 * supported by <code>spring-security-oauth2</code>.
 	 */
+	@Deprecated
 	private RootBeanDefinition parseOpenIDFilter(BeanReference sessionStrategy, Element openIDLoginElt) {
 		RootBeanDefinition openIDFilter;
 		FormLoginBeanDefinitionParser parser = new FormLoginBeanDefinitionParser("/login/openid", null,
diff --git a/config/src/main/java/org/springframework/security/config/http/DefaultFilterChainValidator.java b/config/src/main/java/org/springframework/security/config/http/DefaultFilterChainValidator.java
index 360c1dfd04..2361a5a168 100644
--- a/config/src/main/java/org/springframework/security/config/http/DefaultFilterChainValidator.java
+++ b/config/src/main/java/org/springframework/security/config/http/DefaultFilterChainValidator.java
@@ -51,6 +51,7 @@ public class DefaultFilterChainValidator implements FilterChainProxy.FilterChain
 
 	private final Log logger = LogFactory.getLog(getClass());
 
+	@Override
 	public void validate(FilterChainProxy fcp) {
 		for (SecurityFilterChain filterChain : fcp.getFilterChains()) {
 			checkLoginPageIsntProtected(fcp, filterChain.getFilters());
diff --git a/config/src/main/java/org/springframework/security/config/http/FilterChainBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/FilterChainBeanDefinitionParser.java
index e547ce9b2f..b6919d36c8 100644
--- a/config/src/main/java/org/springframework/security/config/http/FilterChainBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/FilterChainBeanDefinitionParser.java
@@ -36,6 +36,7 @@ public class FilterChainBeanDefinitionParser implements BeanDefinitionParser {
 
 	private static final String ATT_REQUEST_MATCHER_REF = "request-matcher-ref";
 
+	@Override
 	public BeanDefinition parse(Element elt, ParserContext pc) {
 		MatcherType matcherType = MatcherType.fromElement(elt);
 		String path = elt.getAttribute(HttpSecurityBeanDefinitionParser.ATT_PATH_PATTERN);
diff --git a/config/src/main/java/org/springframework/security/config/http/FilterChainMapBeanDefinitionDecorator.java b/config/src/main/java/org/springframework/security/config/http/FilterChainMapBeanDefinitionDecorator.java
index 076117ca8c..9fd10c482f 100644
--- a/config/src/main/java/org/springframework/security/config/http/FilterChainMapBeanDefinitionDecorator.java
+++ b/config/src/main/java/org/springframework/security/config/http/FilterChainMapBeanDefinitionDecorator.java
@@ -40,6 +40,7 @@ import org.springframework.util.xml.DomUtils;
  */
 public class FilterChainMapBeanDefinitionDecorator implements BeanDefinitionDecorator {
 
+	@Override
 	@SuppressWarnings("unchecked")
 	public BeanDefinitionHolder decorate(Node node, BeanDefinitionHolder holder, ParserContext parserContext) {
 		BeanDefinition filterChainProxy = holder.getBeanDefinition();
diff --git a/config/src/main/java/org/springframework/security/config/http/FilterInvocationSecurityMetadataSourceParser.java b/config/src/main/java/org/springframework/security/config/http/FilterInvocationSecurityMetadataSourceParser.java
index d26e26dfb8..440913add9 100644
--- a/config/src/main/java/org/springframework/security/config/http/FilterInvocationSecurityMetadataSourceParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/FilterInvocationSecurityMetadataSourceParser.java
@@ -62,6 +62,7 @@ public class FilterInvocationSecurityMetadataSourceParser implements BeanDefinit
 
 	private static final Log logger = LogFactory.getLog(FilterInvocationSecurityMetadataSourceParser.class);
 
+	@Override
 	public BeanDefinition parse(Element element, ParserContext parserContext) {
 		List<Element> interceptUrls = DomUtils.getChildElementsByTagName(element, Elements.INTERCEPT_URL);
 
@@ -223,6 +224,7 @@ public class FilterInvocationSecurityMetadataSourceParser implements BeanDefinit
 
 		private DefaultWebSecurityExpressionHandler handler = new DefaultWebSecurityExpressionHandler();
 
+		@Override
 		public DefaultWebSecurityExpressionHandler getBean() {
 			this.handler.setDefaultRolePrefix(this.rolePrefix);
 			return this.handler;
diff --git a/config/src/main/java/org/springframework/security/config/http/HandlerMappingIntrospectorFactoryBean.java b/config/src/main/java/org/springframework/security/config/http/HandlerMappingIntrospectorFactoryBean.java
index d8f6a3c98c..20fc6bcedd 100644
--- a/config/src/main/java/org/springframework/security/config/http/HandlerMappingIntrospectorFactoryBean.java
+++ b/config/src/main/java/org/springframework/security/config/http/HandlerMappingIntrospectorFactoryBean.java
@@ -38,6 +38,7 @@ class HandlerMappingIntrospectorFactoryBean
 
 	private ApplicationContext context;
 
+	@Override
 	public HandlerMappingIntrospector getObject() {
 		if (!this.context.containsBean(HANDLER_MAPPING_INTROSPECTOR_BEAN_NAME)) {
 			throw new NoSuchBeanDefinitionException(HANDLER_MAPPING_INTROSPECTOR_BEAN_NAME, "A Bean named "
diff --git a/config/src/main/java/org/springframework/security/config/http/HeadersBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/HeadersBeanDefinitionParser.java
index 332e83199b..d3ff5e4ab1 100644
--- a/config/src/main/java/org/springframework/security/config/http/HeadersBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/HeadersBeanDefinitionParser.java
@@ -123,6 +123,7 @@ public class HeadersBeanDefinitionParser implements BeanDefinitionParser {
 
 	private ManagedList<BeanMetadataElement> headerWriters;
 
+	@Override
 	public BeanDefinition parse(Element element, ParserContext parserContext) {
 
 		this.headerWriters = new ManagedList<>();
diff --git a/config/src/main/java/org/springframework/security/config/http/HttpConfigurationBuilder.java b/config/src/main/java/org/springframework/security/config/http/HttpConfigurationBuilder.java
index babb529960..78a7e50bc1 100644
--- a/config/src/main/java/org/springframework/security/config/http/HttpConfigurationBuilder.java
+++ b/config/src/main/java/org/springframework/security/config/http/HttpConfigurationBuilder.java
@@ -855,6 +855,7 @@ class HttpConfigurationBuilder {
 
 		private RoleVoter voter = new RoleVoter();
 
+		@Override
 		public RoleVoter getBean() {
 			this.voter.setRolePrefix(this.rolePrefix);
 			return this.voter;
@@ -867,6 +868,7 @@ class HttpConfigurationBuilder {
 
 		private SecurityContextHolderAwareRequestFilter filter = new SecurityContextHolderAwareRequestFilter();
 
+		@Override
 		public SecurityContextHolderAwareRequestFilter getBean() {
 			this.filter.setRolePrefix(this.rolePrefix);
 			return this.filter;
diff --git a/config/src/main/java/org/springframework/security/config/http/HttpFirewallBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/HttpFirewallBeanDefinitionParser.java
index eced6f2405..05604572fb 100644
--- a/config/src/main/java/org/springframework/security/config/http/HttpFirewallBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/HttpFirewallBeanDefinitionParser.java
@@ -32,6 +32,7 @@ import org.springframework.util.StringUtils;
  */
 public class HttpFirewallBeanDefinitionParser implements BeanDefinitionParser {
 
+	@Override
 	public BeanDefinition parse(Element element, ParserContext pc) {
 		String ref = element.getAttribute("ref");
 
diff --git a/config/src/main/java/org/springframework/security/config/http/LogoutBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/LogoutBeanDefinitionParser.java
index 55ec0df211..f6fea7df34 100644
--- a/config/src/main/java/org/springframework/security/config/http/LogoutBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/LogoutBeanDefinitionParser.java
@@ -64,6 +64,7 @@ class LogoutBeanDefinitionParser implements BeanDefinitionParser {
 		}
 	}
 
+	@Override
 	public BeanDefinition parse(Element element, ParserContext pc) {
 		String logoutUrl = null;
 		String successHandlerRef = null;
diff --git a/config/src/main/java/org/springframework/security/config/http/PortMappingsBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/PortMappingsBeanDefinitionParser.java
index 8026a9526a..3db5b7b60e 100644
--- a/config/src/main/java/org/springframework/security/config/http/PortMappingsBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/PortMappingsBeanDefinitionParser.java
@@ -42,6 +42,7 @@ class PortMappingsBeanDefinitionParser implements BeanDefinitionParser {
 
 	public static final String ATT_HTTPS_PORT = "https";
 
+	@Override
 	@SuppressWarnings("unchecked")
 	public BeanDefinition parse(Element element, ParserContext parserContext) {
 		RootBeanDefinition portMapper = new RootBeanDefinition(PortMapperImpl.class);
diff --git a/config/src/main/java/org/springframework/security/config/http/RememberMeBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/RememberMeBeanDefinitionParser.java
index 82ae2cf36e..3e17b634d1 100644
--- a/config/src/main/java/org/springframework/security/config/http/RememberMeBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/RememberMeBeanDefinitionParser.java
@@ -67,6 +67,7 @@ class RememberMeBeanDefinitionParser implements BeanDefinitionParser {
 		this.authenticationManager = authenticationManager;
 	}
 
+	@Override
 	public BeanDefinition parse(Element element, ParserContext pc) {
 		CompositeComponentDefinition compositeDef = new CompositeComponentDefinition(element.getTagName(),
 				pc.extractSource(element));
diff --git a/config/src/main/java/org/springframework/security/config/http/UserDetailsServiceFactoryBean.java b/config/src/main/java/org/springframework/security/config/http/UserDetailsServiceFactoryBean.java
index c39b7ba054..9924735ee3 100644
--- a/config/src/main/java/org/springframework/security/config/http/UserDetailsServiceFactoryBean.java
+++ b/config/src/main/java/org/springframework/security/config/http/UserDetailsServiceFactoryBean.java
@@ -126,6 +126,7 @@ public class UserDetailsServiceFactoryBean implements ApplicationContextAware {
 		return (UserDetailsService) beans.values().toArray()[0];
 	}
 
+	@Override
 	public void setApplicationContext(ApplicationContext beanFactory) throws BeansException {
 		this.beanFactory = beanFactory;
 	}
diff --git a/config/src/main/java/org/springframework/security/config/ldap/ContextSourceSettingPostProcessor.java b/config/src/main/java/org/springframework/security/config/ldap/ContextSourceSettingPostProcessor.java
index 06566efae8..33abea6960 100644
--- a/config/src/main/java/org/springframework/security/config/ldap/ContextSourceSettingPostProcessor.java
+++ b/config/src/main/java/org/springframework/security/config/ldap/ContextSourceSettingPostProcessor.java
@@ -44,6 +44,7 @@ class ContextSourceSettingPostProcessor implements BeanFactoryPostProcessor, Ord
 	 */
 	private boolean defaultNameRequired;
 
+	@Override
 	public void postProcessBeanFactory(ConfigurableListableBeanFactory bf) throws BeansException {
 		Class<?> contextSourceClass;
 
@@ -80,6 +81,7 @@ class ContextSourceSettingPostProcessor implements BeanFactoryPostProcessor, Ord
 		this.defaultNameRequired = defaultNameRequired;
 	}
 
+	@Override
 	public int getOrder() {
 		return LOWEST_PRECEDENCE;
 	}
diff --git a/config/src/main/java/org/springframework/security/config/ldap/LdapProviderBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/ldap/LdapProviderBeanDefinitionParser.java
index cce4c06c39..884b239085 100644
--- a/config/src/main/java/org/springframework/security/config/ldap/LdapProviderBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/ldap/LdapProviderBeanDefinitionParser.java
@@ -51,6 +51,7 @@ public class LdapProviderBeanDefinitionParser implements BeanDefinitionParser {
 	static final String BIND_AUTH_CLASS = "org.springframework.security.ldap.authentication.BindAuthenticator";
 	static final String PASSWD_AUTH_CLASS = "org.springframework.security.ldap.authentication.PasswordComparisonAuthenticator";
 
+	@Override
 	public BeanDefinition parse(Element elt, ParserContext parserContext) {
 		RuntimeBeanReference contextSource = LdapUserServiceBeanDefinitionParser.parseServerReference(elt,
 				parserContext);
diff --git a/config/src/main/java/org/springframework/security/config/ldap/LdapServerBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/ldap/LdapServerBeanDefinitionParser.java
index 0ca5bb99ae..3437a1bb5c 100644
--- a/config/src/main/java/org/springframework/security/config/ldap/LdapServerBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/ldap/LdapServerBeanDefinitionParser.java
@@ -85,6 +85,7 @@ public class LdapServerBeanDefinitionParser implements BeanDefinitionParser {
 
 	private static final String UNBOUNDID_CONTAINER_CLASSNAME = "org.springframework.security.ldap.server.UnboundIdContainer";
 
+	@Override
 	public BeanDefinition parse(Element elt, ParserContext parserContext) {
 		String url = elt.getAttribute(ATT_URL);
 
diff --git a/config/src/main/java/org/springframework/security/config/ldap/LdapUserServiceBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/ldap/LdapUserServiceBeanDefinitionParser.java
index 821875164b..d0512dccd5 100644
--- a/config/src/main/java/org/springframework/security/config/ldap/LdapUserServiceBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/ldap/LdapUserServiceBeanDefinitionParser.java
@@ -68,10 +68,12 @@ public class LdapUserServiceBeanDefinitionParser extends AbstractUserDetailsServ
 
 	public static final String LDAP_AUTHORITIES_POPULATOR_CLASS = "org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator";
 
+	@Override
 	protected String getBeanClassName(Element element) {
 		return "org.springframework.security.ldap.userdetails.LdapUserDetailsService";
 	}
 
+	@Override
 	protected void doParse(Element elt, ParserContext parserContext, BeanDefinitionBuilder builder) {
 
 		if (!StringUtils.hasText(elt.getAttribute(ATT_USER_SEARCH_FILTER))) {
diff --git a/config/src/main/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParser.java
index 3fe5515568..45f54e5de7 100644
--- a/config/src/main/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParser.java
@@ -123,6 +123,7 @@ public class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionP
 
 	private static final String ATT_META_DATA_SOURCE_REF = "metadata-source-ref";
 
+	@Override
 	public BeanDefinition parse(Element element, ParserContext pc) {
 		CompositeComponentDefinition compositeDef = new CompositeComponentDefinition(element.getTagName(),
 				pc.extractSource(element));
@@ -485,6 +486,7 @@ public class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionP
 			this.authMgrBean = StringUtils.hasText(authMgrBean) ? authMgrBean : BeanIds.AUTHENTICATION_MANAGER;
 		}
 
+		@Override
 		public Authentication authenticate(Authentication authentication) throws AuthenticationException {
 			synchronized (this.delegateMonitor) {
 				if (this.delegate == null) {
@@ -506,6 +508,7 @@ public class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionP
 			return this.delegate.authenticate(authentication);
 		}
 
+		@Override
 		public void setBeanFactory(BeanFactory beanFactory) throws BeansException {
 			this.beanFactory = beanFactory;
 		}
@@ -567,6 +570,7 @@ public class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionP
 			this.beanName = beanName;
 		}
 
+		@Override
 		public void postProcessBeanDefinitionRegistry(BeanDefinitionRegistry registry) throws BeansException {
 			if (!registry.containsBeanDefinition(this.beanName)) {
 				return;
@@ -575,6 +579,7 @@ public class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionP
 			beanDefinition.setLazyInit(true);
 		}
 
+		@Override
 		public void postProcessBeanFactory(ConfigurableListableBeanFactory beanFactory) throws BeansException {
 		}
 
diff --git a/config/src/main/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecorator.java b/config/src/main/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecorator.java
index 77eade5729..3d7fcb0223 100644
--- a/config/src/main/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecorator.java
+++ b/config/src/main/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecorator.java
@@ -25,6 +25,7 @@ import org.springframework.aop.config.AbstractInterceptorDrivenBeanDefinitionDec
 import org.springframework.beans.factory.config.BeanDefinition;
 import org.springframework.beans.factory.config.BeanDefinitionHolder;
 import org.springframework.beans.factory.config.RuntimeBeanReference;
+import org.springframework.beans.factory.support.AbstractBeanDefinition;
 import org.springframework.beans.factory.support.BeanDefinitionBuilder;
 import org.springframework.beans.factory.support.ManagedMap;
 import org.springframework.beans.factory.support.RootBeanDefinition;
@@ -47,6 +48,7 @@ public class InterceptMethodsBeanDefinitionDecorator implements BeanDefinitionDe
 
 	private final BeanDefinitionDecorator delegate = new InternalInterceptMethodsBeanDefinitionDecorator();
 
+	@Override
 	public BeanDefinitionHolder decorate(Node node, BeanDefinitionHolder definition, ParserContext parserContext) {
 		MethodConfigUtils.registerDefaultMethodAccessManagerIfNecessary(parserContext);
 
@@ -66,12 +68,13 @@ class InternalInterceptMethodsBeanDefinitionDecorator extends AbstractIntercepto
 
 	private static final String ATT_ACCESS_MGR = "access-decision-manager-ref";
 
+	@Override
 	protected BeanDefinition createInterceptorDefinition(Node node) {
 		Element interceptMethodsElt = (Element) node;
 		BeanDefinitionBuilder interceptor = BeanDefinitionBuilder.rootBeanDefinition(MethodSecurityInterceptor.class);
 
 		// Default to autowiring to pick up after invocation mgr
-		interceptor.setAutowireMode(RootBeanDefinition.AUTOWIRE_BY_TYPE);
+		interceptor.setAutowireMode(AbstractBeanDefinition.AUTOWIRE_BY_TYPE);
 
 		String accessManagerId = interceptMethodsElt.getAttribute(ATT_ACCESS_MGR);
 
diff --git a/config/src/main/java/org/springframework/security/config/method/MethodSecurityMetadataSourceBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/method/MethodSecurityMetadataSourceBeanDefinitionParser.java
index 8ae626105d..8cc6322765 100644
--- a/config/src/main/java/org/springframework/security/config/method/MethodSecurityMetadataSourceBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/method/MethodSecurityMetadataSourceBeanDefinitionParser.java
@@ -41,6 +41,7 @@ public class MethodSecurityMetadataSourceBeanDefinitionParser extends AbstractBe
 	static final String ATT_METHOD = "method";
 	static final String ATT_ACCESS = "access";
 
+	@Override
 	public AbstractBeanDefinition parseInternal(Element elt, ParserContext pc) {
 		// Parse the included methods
 		List<Element> methods = DomUtils.getChildElementsByTagName(elt, Elements.PROTECT);
diff --git a/config/src/main/java/org/springframework/security/config/method/ProtectPointcutPostProcessor.java b/config/src/main/java/org/springframework/security/config/method/ProtectPointcutPostProcessor.java
index 59cb2d951b..7d13361387 100644
--- a/config/src/main/java/org/springframework/security/config/method/ProtectPointcutPostProcessor.java
+++ b/config/src/main/java/org/springframework/security/config/method/ProtectPointcutPostProcessor.java
@@ -99,10 +99,12 @@ final class ProtectPointcutPostProcessor implements BeanPostProcessor {
 						supportedPrimitives);
 	}
 
+	@Override
 	public Object postProcessAfterInitialization(Object bean, String beanName) throws BeansException {
 		return bean;
 	}
 
+	@Override
 	public Object postProcessBeforeInitialization(Object bean, String beanName) throws BeansException {
 		if (this.processedBeans.contains(beanName)) {
 			// We already have the metadata for this bean
diff --git a/config/src/main/java/org/springframework/security/config/websocket/WebSocketMessageBrokerSecurityBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/websocket/WebSocketMessageBrokerSecurityBeanDefinitionParser.java
index 17b839be34..234cb459a8 100644
--- a/config/src/main/java/org/springframework/security/config/websocket/WebSocketMessageBrokerSecurityBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/websocket/WebSocketMessageBrokerSecurityBeanDefinitionParser.java
@@ -113,6 +113,7 @@ public final class WebSocketMessageBrokerSecurityBeanDefinitionParser implements
 	 * @param parserContext
 	 * @return the {@link BeanDefinition}
 	 */
+	@Override
 	public BeanDefinition parse(Element element, ParserContext parserContext) {
 		BeanDefinitionRegistry registry = parserContext.getRegistry();
 		XmlReaderContext context = parserContext.getReaderContext();
@@ -234,6 +235,7 @@ public final class WebSocketMessageBrokerSecurityBeanDefinitionParser implements
 			this.sameOriginDisabled = sameOriginDisabled;
 		}
 
+		@Override
 		public void postProcessBeanDefinitionRegistry(BeanDefinitionRegistry registry) throws BeansException {
 			String[] beanNames = registry.getBeanDefinitionNames();
 			for (String beanName : beanNames) {
@@ -307,6 +309,7 @@ public final class WebSocketMessageBrokerSecurityBeanDefinitionParser implements
 			bd.getPropertyValues().add(interceptorPropertyName, interceptors);
 		}
 
+		@Override
 		public void postProcessBeanFactory(ConfigurableListableBeanFactory beanFactory) throws BeansException {
 
 		}
@@ -317,30 +320,37 @@ public final class WebSocketMessageBrokerSecurityBeanDefinitionParser implements
 
 		private PathMatcher delegate = new AntPathMatcher();
 
+		@Override
 		public boolean isPattern(String path) {
 			return this.delegate.isPattern(path);
 		}
 
+		@Override
 		public boolean match(String pattern, String path) {
 			return this.delegate.match(pattern, path);
 		}
 
+		@Override
 		public boolean matchStart(String pattern, String path) {
 			return this.delegate.matchStart(pattern, path);
 		}
 
+		@Override
 		public String extractPathWithinPattern(String pattern, String path) {
 			return this.delegate.extractPathWithinPattern(pattern, path);
 		}
 
+		@Override
 		public Map<String, String> extractUriTemplateVariables(String pattern, String path) {
 			return this.delegate.extractUriTemplateVariables(pattern, path);
 		}
 
+		@Override
 		public Comparator<String> getPatternComparator(String path) {
 			return this.delegate.getPatternComparator(path);
 		}
 
+		@Override
 		public String combine(String pattern1, String pattern2) {
 			return this.delegate.combine(pattern1, pattern2);
 		}
diff --git a/config/src/test/java/org/springframework/security/BeanNameCollectingPostProcessor.java b/config/src/test/java/org/springframework/security/BeanNameCollectingPostProcessor.java
index e3d2d5a466..2393f6de90 100644
--- a/config/src/test/java/org/springframework/security/BeanNameCollectingPostProcessor.java
+++ b/config/src/test/java/org/springframework/security/BeanNameCollectingPostProcessor.java
@@ -30,6 +30,7 @@ public class BeanNameCollectingPostProcessor implements BeanPostProcessor {
 
 	Set<String> afterInitPostProcessedBeans = new HashSet<>();
 
+	@Override
 	public Object postProcessBeforeInitialization(Object bean, String beanName) throws BeansException {
 		if (beanName != null) {
 			this.beforeInitPostProcessedBeans.add(beanName);
@@ -37,6 +38,7 @@ public class BeanNameCollectingPostProcessor implements BeanPostProcessor {
 		return bean;
 	}
 
+	@Override
 	public Object postProcessAfterInitialization(Object bean, String beanName) throws BeansException {
 		if (beanName != null) {
 			this.afterInitPostProcessedBeans.add(beanName);
diff --git a/config/src/test/java/org/springframework/security/CollectingAppListener.java b/config/src/test/java/org/springframework/security/CollectingAppListener.java
index 0a8140af25..951a939913 100644
--- a/config/src/test/java/org/springframework/security/CollectingAppListener.java
+++ b/config/src/test/java/org/springframework/security/CollectingAppListener.java
@@ -40,6 +40,7 @@ public class CollectingAppListener implements ApplicationListener {
 
 	Set<AbstractAuthorizationEvent> authorizationEvents = new HashSet<>();
 
+	@Override
 	public void onApplicationEvent(ApplicationEvent event) {
 		if (event instanceof AbstractAuthenticationEvent) {
 			this.events.add(event);
diff --git a/config/src/test/java/org/springframework/security/config/DataSourcePopulator.java b/config/src/test/java/org/springframework/security/config/DataSourcePopulator.java
index b14c1c37ad..90e34d3b0b 100644
--- a/config/src/test/java/org/springframework/security/config/DataSourcePopulator.java
+++ b/config/src/test/java/org/springframework/security/config/DataSourcePopulator.java
@@ -30,6 +30,7 @@ public class DataSourcePopulator implements InitializingBean {
 
 	JdbcTemplate template;
 
+	@Override
 	public void afterPropertiesSet() {
 		Assert.notNull(this.template, "dataSource required");
 
diff --git a/config/src/test/java/org/springframework/security/config/MockAfterInvocationProvider.java b/config/src/test/java/org/springframework/security/config/MockAfterInvocationProvider.java
index 68f71e579c..605c08e34f 100644
--- a/config/src/test/java/org/springframework/security/config/MockAfterInvocationProvider.java
+++ b/config/src/test/java/org/springframework/security/config/MockAfterInvocationProvider.java
@@ -24,15 +24,18 @@ import org.springframework.security.core.Authentication;
 
 public class MockAfterInvocationProvider implements AfterInvocationProvider {
 
+	@Override
 	public Object decide(Authentication authentication, Object object, Collection<ConfigAttribute> config,
 			Object returnedObject) throws AccessDeniedException {
 		return returnedObject;
 	}
 
+	@Override
 	public boolean supports(ConfigAttribute attribute) {
 		return true;
 	}
 
+	@Override
 	public boolean supports(Class<?> clazz) {
 		return true;
 	}
diff --git a/config/src/test/java/org/springframework/security/config/MockEventListener.java b/config/src/test/java/org/springframework/security/config/MockEventListener.java
index 5cc7709ebb..05a5d5b4f9 100644
--- a/config/src/test/java/org/springframework/security/config/MockEventListener.java
+++ b/config/src/test/java/org/springframework/security/config/MockEventListener.java
@@ -30,6 +30,7 @@ public class MockEventListener<T extends ApplicationEvent> implements Applicatio
 
 	private List<T> events = new ArrayList<>();
 
+	@Override
 	public void onApplicationEvent(T event) {
 		this.events.add(event);
 	}
diff --git a/config/src/test/java/org/springframework/security/config/MockTransactionManager.java b/config/src/test/java/org/springframework/security/config/MockTransactionManager.java
index 811e2bbfb1..50c24bc2ba 100644
--- a/config/src/test/java/org/springframework/security/config/MockTransactionManager.java
+++ b/config/src/test/java/org/springframework/security/config/MockTransactionManager.java
@@ -27,13 +27,16 @@ import static org.mockito.Mockito.mock;
  */
 public class MockTransactionManager implements PlatformTransactionManager {
 
+	@Override
 	public TransactionStatus getTransaction(TransactionDefinition definition) throws TransactionException {
 		return mock(TransactionStatus.class);
 	}
 
+	@Override
 	public void commit(TransactionStatus status) throws TransactionException {
 	}
 
+	@Override
 	public void rollback(TransactionStatus status) throws TransactionException {
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/MockUserServiceBeanPostProcessor.java b/config/src/test/java/org/springframework/security/config/MockUserServiceBeanPostProcessor.java
index d403987473..f847f44162 100644
--- a/config/src/test/java/org/springframework/security/config/MockUserServiceBeanPostProcessor.java
+++ b/config/src/test/java/org/springframework/security/config/MockUserServiceBeanPostProcessor.java
@@ -26,10 +26,12 @@ import org.springframework.beans.factory.config.BeanPostProcessor;
  */
 public class MockUserServiceBeanPostProcessor implements BeanPostProcessor {
 
+	@Override
 	public Object postProcessAfterInitialization(Object bean, String beanName) throws BeansException {
 		return bean;
 	}
 
+	@Override
 	public Object postProcessBeforeInitialization(Object bean, String beanName) throws BeansException {
 		if (bean instanceof PostProcessedMockUserDetailsService) {
 			((PostProcessedMockUserDetailsService) bean).setPostProcessorWasHere("Hello from the post processor!");
diff --git a/config/src/test/java/org/springframework/security/config/PostProcessedMockUserDetailsService.java b/config/src/test/java/org/springframework/security/config/PostProcessedMockUserDetailsService.java
index c2c70116f7..ec4ac7a1f5 100644
--- a/config/src/test/java/org/springframework/security/config/PostProcessedMockUserDetailsService.java
+++ b/config/src/test/java/org/springframework/security/config/PostProcessedMockUserDetailsService.java
@@ -34,6 +34,7 @@ public class PostProcessedMockUserDetailsService implements UserDetailsService {
 		this.postProcessorWasHere = postProcessorWasHere;
 	}
 
+	@Override
 	public UserDetails loadUserByUsername(String username) {
 		throw new UnsupportedOperationException("Not for actual use");
 	}
diff --git a/config/src/test/java/org/springframework/security/config/TestBusinessBeanImpl.java b/config/src/test/java/org/springframework/security/config/TestBusinessBeanImpl.java
index 3630dcd3a8..7a77b359e4 100644
--- a/config/src/test/java/org/springframework/security/config/TestBusinessBeanImpl.java
+++ b/config/src/test/java/org/springframework/security/config/TestBusinessBeanImpl.java
@@ -23,13 +23,16 @@ import org.springframework.security.core.session.SessionCreationEvent;
  */
 public class TestBusinessBeanImpl implements TestBusinessBean, ApplicationListener<SessionCreationEvent> {
 
+	@Override
 	public void setInteger(int i) {
 	}
 
+	@Override
 	public int getInteger() {
 		return 1314;
 	}
 
+	@Override
 	public void setString(String s) {
 	}
 
@@ -37,12 +40,15 @@ public class TestBusinessBeanImpl implements TestBusinessBean, ApplicationListen
 		return "A string.";
 	}
 
+	@Override
 	public void doSomething() {
 	}
 
+	@Override
 	public void unprotected() {
 	}
 
+	@Override
 	public void onApplicationEvent(SessionCreationEvent event) {
 		System.out.println(event);
 	}
diff --git a/config/src/test/java/org/springframework/security/config/TransactionalTestBusinessBean.java b/config/src/test/java/org/springframework/security/config/TransactionalTestBusinessBean.java
index 7b59815a83..74e1354f64 100644
--- a/config/src/test/java/org/springframework/security/config/TransactionalTestBusinessBean.java
+++ b/config/src/test/java/org/springframework/security/config/TransactionalTestBusinessBean.java
@@ -22,20 +22,25 @@ import org.springframework.transaction.annotation.Transactional;
  */
 public class TransactionalTestBusinessBean implements TestBusinessBean {
 
+	@Override
 	public void setInteger(int i) {
 	}
 
+	@Override
 	public int getInteger() {
 		return 0;
 	}
 
+	@Override
 	public void setString(String s) {
 	}
 
+	@Override
 	@Transactional
 	public void doSomething() {
 	}
 
+	@Override
 	public void unprotected() {
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/ObjectPostProcessorTests.java b/config/src/test/java/org/springframework/security/config/annotation/ObjectPostProcessorTests.java
index ee88e3c219..4073ffefec 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/ObjectPostProcessorTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/ObjectPostProcessorTests.java
@@ -37,6 +37,7 @@ public class ObjectPostProcessorTests {
 
 	static class ListToLinkedListObjectPostProcessor implements ObjectPostProcessor<List<?>> {
 
+		@Override
 		public <O extends List<?>> O postProcess(O l) {
 			return (O) new LinkedList(l);
 		}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/SecurityConfigurerAdapterClosureTests.java b/config/src/test/java/org/springframework/security/config/annotation/SecurityConfigurerAdapterClosureTests.java
index 83535e1211..d943554611 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/SecurityConfigurerAdapterClosureTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/SecurityConfigurerAdapterClosureTests.java
@@ -51,7 +51,7 @@ public class SecurityConfigurerAdapterClosureTests {
 
 	static class ConcereteSecurityConfigurerAdapter extends SecurityConfigurerAdapter<Object, SecurityBuilder<Object>> {
 
-		private List<Object> list = new ArrayList<Object>();
+		private List<Object> list = new ArrayList<>();
 
 		@Override
 		public void configure(SecurityBuilder<Object> builder) throws Exception {
diff --git a/config/src/test/java/org/springframework/security/config/annotation/SecurityConfigurerAdapterTests.java b/config/src/test/java/org/springframework/security/config/annotation/SecurityConfigurerAdapterTests.java
index a75c8ed610..d832899c3d 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/SecurityConfigurerAdapterTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/SecurityConfigurerAdapterTests.java
@@ -48,10 +48,12 @@ public class SecurityConfigurerAdapterTests {
 			this.order = order;
 		}
 
+		@Override
 		public int getOrder() {
 			return this.order;
 		}
 
+		@Override
 		@SuppressWarnings("unchecked")
 		public String postProcess(String object) {
 			return object + " " + this.order;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/AuthenticationManagerBuilderTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/AuthenticationManagerBuilderTests.java
index 25288f639a..2f52e4f7b5 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/authentication/AuthenticationManagerBuilderTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/AuthenticationManagerBuilderTests.java
@@ -144,6 +144,7 @@ public class AuthenticationManagerBuilderTests {
 	@EnableWebSecurity
 	static class PasswordEncoderConfig extends WebSecurityConfigurerAdapter {
 
+		@Override
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
 			// @formatter:off
 			auth
@@ -175,6 +176,7 @@ public class AuthenticationManagerBuilderTests {
 	@EnableWebSecurity
 	static class MultiAuthenticationProvidersConfig extends WebSecurityConfigurerAdapter {
 
+		@Override
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
 			auth.inMemoryAuthentication().withUser(PasswordEncodedUser.user()).and().inMemoryAuthentication()
 					.withUser(PasswordEncodedUser.admin());
diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationProviderTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationProviderTests.java
index 66eac99ad6..ed63199915 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationProviderTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationProviderTests.java
@@ -56,6 +56,7 @@ public class NamespaceAuthenticationProviderTests {
 	@EnableWebSecurity
 	static class AuthenticationProviderRefConfig extends WebSecurityConfigurerAdapter {
 
+		@Override
 		protected void configure(AuthenticationManagerBuilder auth) {
 			// @formatter:off
 			auth
@@ -83,6 +84,7 @@ public class NamespaceAuthenticationProviderTests {
 	@EnableWebSecurity
 	static class UserServiceRefConfig extends WebSecurityConfigurerAdapter {
 
+		@Override
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
 			// @formatter:off
 			auth
@@ -90,6 +92,7 @@ public class NamespaceAuthenticationProviderTests {
 			// @formatter:on
 		}
 
+		@Override
 		@Bean
 		public UserDetailsService userDetailsService() {
 			return new InMemoryUserDetailsManager(PasswordEncodedUser.user());
diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceJdbcUserServiceTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceJdbcUserServiceTests.java
index bf623b89ea..bf3c3d4994 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceJdbcUserServiceTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceJdbcUserServiceTests.java
@@ -33,7 +33,7 @@ import org.springframework.security.config.test.SpringTestRule;
 import org.springframework.security.core.userdetails.PasswordEncodedUser;
 import org.springframework.security.core.userdetails.UserCache;
 import org.springframework.security.core.userdetails.UserDetails;
-import org.springframework.security.provisioning.JdbcUserDetailsManager;
+import org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl;
 import org.springframework.test.web.servlet.MockMvc;
 
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.formLogin;
@@ -63,6 +63,7 @@ public class NamespaceJdbcUserServiceTests {
 		@Autowired
 		private DataSource dataSource;
 
+		@Override
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
 			// @formatter:off
 			auth
@@ -99,6 +100,7 @@ public class NamespaceJdbcUserServiceTests {
 		@Autowired
 		private DataSource dataSource;
 
+		@Override
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
 			// @formatter:off
 			auth
@@ -112,7 +114,7 @@ public class NamespaceJdbcUserServiceTests {
 				// jdbc-user-service@authorities-by-username-query
 				.authoritiesByUsernameQuery("select principal,role from roles where principal = ?")
 				// jdbc-user-service@group-authorities-by-username-query
-				.groupAuthoritiesByUsername(JdbcUserDetailsManager.DEF_GROUP_AUTHORITIES_BY_USERNAME_QUERY)
+				.groupAuthoritiesByUsername(JdbcDaoImpl.DEF_GROUP_AUTHORITIES_BY_USERNAME_QUERY)
 				// jdbc-user-service@role-prefix
 				.rolePrefix("ROLE_");
 			// @formatter:on
diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/PasswordEncoderConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/PasswordEncoderConfigurerTests.java
index 39d2d2f335..88c3464ebc 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/authentication/PasswordEncoderConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/PasswordEncoderConfigurerTests.java
@@ -51,6 +51,7 @@ public class PasswordEncoderConfigurerTests {
 	@EnableWebSecurity
 	static class PasswordEncoderConfig extends WebSecurityConfigurerAdapter {
 
+		@Override
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
 			BCryptPasswordEncoder encoder = passwordEncoder();
 			// @formatter:off
@@ -82,6 +83,7 @@ public class PasswordEncoderConfigurerTests {
 	@EnableWebSecurity
 	static class PasswordEncoderNoAuthManagerLoadsConfig extends WebSecurityConfigurerAdapter {
 
+		@Override
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
 			BCryptPasswordEncoder encoder = passwordEncoder();
 			// @formatter:off
diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationTests.java
index 88bd7763af..d42c638cb3 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationTests.java
@@ -165,6 +165,7 @@ public class AuthenticationConfigurationTests {
 	@Configuration
 	static class UserGlobalAuthenticationConfigurerAdapter extends GlobalAuthenticationConfigurerAdapter {
 
+		@Override
 		public void init(AuthenticationManagerBuilder auth) throws Exception {
 			auth.inMemoryAuthentication().withUser(PasswordEncodedUser.user());
 		}
@@ -217,6 +218,7 @@ public class AuthenticationConfigurationTests {
 
 	static class ServiceImpl implements Service {
 
+		@Override
 		@Secured("ROLE_USER")
 		public void run() {
 		}
@@ -238,10 +240,12 @@ public class AuthenticationConfigurationTests {
 		static List<Class<?>> inits = new ArrayList<>();
 		static List<Class<?>> configs = new ArrayList<>();
 
+		@Override
 		public void init(AuthenticationManagerBuilder auth) throws Exception {
 			inits.add(getClass());
 		}
 
+		@Override
 		public void configure(AuthenticationManagerBuilder auth) {
 			configs.add(getClass());
 		}
@@ -288,6 +292,7 @@ public class AuthenticationConfigurationTests {
 
 	static class ConfiguresInMemoryConfigurerAdapter extends GlobalAuthenticationConfigurerAdapter {
 
+		@Override
 		public void init(AuthenticationManagerBuilder auth) throws Exception {
 			// @formatter:off
 			auth
@@ -301,6 +306,7 @@ public class AuthenticationConfigurationTests {
 	@Order(Ordered.LOWEST_PRECEDENCE)
 	static class BootGlobalAuthenticationConfigurerAdapter extends DefaultOrderGlobalAuthenticationConfigurerAdapter {
 
+		@Override
 		public void init(AuthenticationManagerBuilder auth) throws Exception {
 			auth.apply(new DefaultBootGlobalAuthenticationConfigurerAdapter());
 		}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/configuration/AroundMethodInterceptor.java b/config/src/test/java/org/springframework/security/config/annotation/configuration/AroundMethodInterceptor.java
index 354b99247a..d63fee05fe 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/configuration/AroundMethodInterceptor.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/configuration/AroundMethodInterceptor.java
@@ -20,6 +20,7 @@ import org.aopalliance.intercept.MethodInvocation;
 
 public class AroundMethodInterceptor implements MethodInterceptor {
 
+	@Override
 	public Object invoke(MethodInvocation methodInvocation) throws Throwable {
 		return String.valueOf(methodInvocation.proceed());
 	}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/issue50/SecurityConfig.java b/config/src/test/java/org/springframework/security/config/annotation/issue50/SecurityConfig.java
index 10d4e5f8ec..d167cbb711 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/issue50/SecurityConfig.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/issue50/SecurityConfig.java
@@ -73,10 +73,12 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
 	public AuthenticationProvider authenticationProvider() {
 		Assert.notNull(this.myUserRepository);
 		return new AuthenticationProvider() {
+			@Override
 			public boolean supports(Class<?> authentication) {
 				return true;
 			}
 
+			@Override
 			public Authentication authenticate(Authentication authentication) throws AuthenticationException {
 				Object principal = authentication.getPrincipal();
 				String username = String.valueOf(principal);
diff --git a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/NamespaceGlobalMethodSecurityExpressionHandlerTests.java b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/NamespaceGlobalMethodSecurityExpressionHandlerTests.java
index 8f44603aa7..819a083dee 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/NamespaceGlobalMethodSecurityExpressionHandlerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/NamespaceGlobalMethodSecurityExpressionHandlerTests.java
@@ -77,11 +77,13 @@ public class NamespaceGlobalMethodSecurityExpressionHandlerTests {
 			DefaultMethodSecurityExpressionHandler expressionHandler = new DefaultMethodSecurityExpressionHandler();
 
 			expressionHandler.setPermissionEvaluator(new PermissionEvaluator() {
+				@Override
 				public boolean hasPermission(Authentication authentication, Object targetDomainObject,
 						Object permission) {
 					return "granted".equals(targetDomainObject);
 				}
 
+				@Override
 				public boolean hasPermission(Authentication authentication, Serializable targetId, String targetType,
 						Object permission) {
 					throw new UnsupportedOperationException();
diff --git a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/NamespaceGlobalMethodSecurityTests.java b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/NamespaceGlobalMethodSecurityTests.java
index 8ea847e694..ccfc66ac40 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/NamespaceGlobalMethodSecurityTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/NamespaceGlobalMethodSecurityTests.java
@@ -96,15 +96,18 @@ public class NamespaceGlobalMethodSecurityTests {
 
 		public static class DenyAllAccessDecisionManager implements AccessDecisionManager {
 
+			@Override
 			public void decide(Authentication authentication, Object object,
 					Collection<ConfigAttribute> configAttributes) {
 				throw new AccessDeniedException("Always Denied");
 			}
 
+			@Override
 			public boolean supports(ConfigAttribute attribute) {
 				return true;
 			}
 
+			@Override
 			public boolean supports(Class<?> clazz) {
 				return true;
 			}
@@ -133,16 +136,19 @@ public class NamespaceGlobalMethodSecurityTests {
 
 		public static class AfterInvocationManagerStub implements AfterInvocationManager {
 
+			@Override
 			public Object decide(Authentication authentication, Object object, Collection<ConfigAttribute> attributes,
 					Object returnedObject) throws AccessDeniedException {
 
 				throw new AccessDeniedException("custom AfterInvocationManager");
 			}
 
+			@Override
 			public boolean supports(ConfigAttribute attribute) {
 				return true;
 			}
 
+			@Override
 			public boolean supports(Class<?> clazz) {
 				return true;
 			}
@@ -224,6 +230,7 @@ public class NamespaceGlobalMethodSecurityTests {
 		@Override
 		protected MethodSecurityMetadataSource customMethodSecurityMetadataSource() {
 			return new AbstractMethodSecurityMetadataSource() {
+				@Override
 				public Collection<ConfigAttribute> getAttributes(Method method, Class<?> targetClass) {
 					// require ROLE_NOBODY for any method on MethodSecurityService
 					// interface
@@ -231,6 +238,7 @@ public class NamespaceGlobalMethodSecurityTests {
 							? Arrays.asList(new SecurityConfig("ROLE_NOBODY")) : Collections.emptyList();
 				}
 
+				@Override
 				public Collection<ConfigAttribute> getAllConfigAttributes() {
 					return null;
 				}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/SampleEnableGlobalMethodSecurityTests.java b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/SampleEnableGlobalMethodSecurityTests.java
index 0525e851a3..f2c70cb81e 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/SampleEnableGlobalMethodSecurityTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/SampleEnableGlobalMethodSecurityTests.java
@@ -125,10 +125,12 @@ public class SampleEnableGlobalMethodSecurityTests {
 
 	static class CustomPermissionEvaluator implements PermissionEvaluator {
 
+		@Override
 		public boolean hasPermission(Authentication authentication, Object targetDomainObject, Object permission) {
 			return !"denied".equals(targetDomainObject);
 		}
 
+		@Override
 		public boolean hasPermission(Authentication authentication, Serializable targetId, String targetType,
 				Object permission) {
 			return !"denied".equals(targetId);
diff --git a/config/src/test/java/org/springframework/security/config/annotation/sec2758/Sec2758Tests.java b/config/src/test/java/org/springframework/security/config/annotation/sec2758/Sec2758Tests.java
index 9909c8b765..5113be8bf4 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/sec2758/Sec2758Tests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/sec2758/Sec2758Tests.java
@@ -25,6 +25,7 @@ import org.springframework.beans.BeansException;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.config.BeanPostProcessor;
 import org.springframework.context.annotation.Bean;
+import org.springframework.core.Ordered;
 import org.springframework.core.PriorityOrdered;
 import org.springframework.security.access.annotation.Jsr250MethodSecurityMetadataSource;
 import org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler;
@@ -153,7 +154,7 @@ public class Sec2758Tests {
 
 		@Override
 		public int getOrder() {
-			return PriorityOrdered.HIGHEST_PRECEDENCE;
+			return Ordered.HIGHEST_PRECEDENCE;
 		}
 
 	}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/AbstractConfiguredSecurityBuilderTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/AbstractConfiguredSecurityBuilderTests.java
index b7a26da9a7..02b3c40690 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/AbstractConfiguredSecurityBuilderTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/AbstractConfiguredSecurityBuilderTests.java
@@ -156,6 +156,7 @@ public class AbstractConfiguredSecurityBuilderTests {
 			super(objectPostProcessor, allowConfigurersOfSameType);
 		}
 
+		@Override
 		public Object performBuild() {
 			return "success";
 		}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistryAnyMatcherTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistryAnyMatcherTests.java
index bb52d221ec..3d7dd81d84 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistryAnyMatcherTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistryAnyMatcherTests.java
@@ -35,6 +35,7 @@ public class AbstractRequestMatcherRegistryAnyMatcherTests {
 	@EnableWebSecurity
 	static class AntMatchersAfterAnyRequestConfig extends WebSecurityConfigurerAdapter {
 
+		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
@@ -55,6 +56,7 @@ public class AbstractRequestMatcherRegistryAnyMatcherTests {
 	@EnableWebSecurity
 	static class MvcMatchersAfterAnyRequestConfig extends WebSecurityConfigurerAdapter {
 
+		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
@@ -75,6 +77,7 @@ public class AbstractRequestMatcherRegistryAnyMatcherTests {
 	@EnableWebSecurity
 	static class RegexMatchersAfterAnyRequestConfig extends WebSecurityConfigurerAdapter {
 
+		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
@@ -95,6 +98,7 @@ public class AbstractRequestMatcherRegistryAnyMatcherTests {
 	@EnableWebSecurity
 	static class AnyRequestAfterItselfConfig extends WebSecurityConfigurerAdapter {
 
+		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
@@ -115,6 +119,7 @@ public class AbstractRequestMatcherRegistryAnyMatcherTests {
 	@EnableWebSecurity
 	static class RequestMatchersAfterAnyRequestConfig extends WebSecurityConfigurerAdapter {
 
+		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/SampleWebSecurityConfigurerAdapterTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/SampleWebSecurityConfigurerAdapterTests.java
index 9e4bd8763e..978a3e0eed 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/SampleWebSecurityConfigurerAdapterTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/SampleWebSecurityConfigurerAdapterTests.java
@@ -374,6 +374,7 @@ public class SampleWebSecurityConfigurerAdapterTests {
 		@Order(1)
 		public static class ApiWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {
 
+			@Override
 			protected void configure(HttpSecurity http) throws Exception {
 				// @formatter:off
 				http
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/builders/HttpConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/builders/HttpConfigurationTests.java
index 217ebdf6ce..79e610a314 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/builders/HttpConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/builders/HttpConfigurationTests.java
@@ -72,6 +72,7 @@ public class HttpConfigurationTests {
 	@EnableWebSecurity
 	static class UnregisteredFilterConfig extends WebSecurityConfigurerAdapter {
 
+		@Override
 		protected void configure(HttpSecurity http) {
 			// @formatter:off
 			http
@@ -79,6 +80,7 @@ public class HttpConfigurationTests {
 			// @formatter:on
 		}
 
+		@Override
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
 			// @formatter:off
 			auth
@@ -116,6 +118,7 @@ public class HttpConfigurationTests {
 
 		static CasAuthenticationFilter CAS_AUTHENTICATION_FILTER;
 
+		@Override
 		protected void configure(HttpSecurity http) {
 			// @formatter:off
 			http
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/builders/NamespaceHttpTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/builders/NamespaceHttpTests.java
index 6916b82396..d695d5624d 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/builders/NamespaceHttpTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/builders/NamespaceHttpTests.java
@@ -453,6 +453,7 @@ public class NamespaceHttpTests {
 
 		static class MyRequestMatcher implements RequestMatcher {
 
+			@Override
 			public boolean matches(HttpServletRequest request) {
 				return true;
 			}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/Sec2515Tests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/Sec2515Tests.java
index 17d92432a7..744147312b 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/Sec2515Tests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/Sec2515Tests.java
@@ -90,6 +90,7 @@ public class Sec2515Tests {
 
 		static AuthenticationManager AUTHENTICATION_MANAGER;
 
+		@Override
 		@Bean
 		public AuthenticationManager authenticationManager() {
 			return AUTHENTICATION_MANAGER;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AbstractConfigAttributeRequestMatcherRegistryTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AbstractConfigAttributeRequestMatcherRegistryTests.java
index 3af3031559..c585d27f40 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AbstractConfigAttributeRequestMatcherRegistryTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AbstractConfigAttributeRequestMatcherRegistryTests.java
@@ -81,14 +81,17 @@ public class AbstractConfigAttributeRequestMatcherRegistryTests {
 			return null;
 		}
 
+		@Override
 		protected List<RequestMatcher> chainRequestMatchersInternal(List<RequestMatcher> requestMatchers) {
 			return requestMatchers;
 		}
 
+		@Override
 		public List<RequestMatcher> mvcMatchers(String... mvcPatterns) {
 			return null;
 		}
 
+		@Override
 		public List<RequestMatcher> mvcMatchers(HttpMethod method, String... mvcPatterns) {
 			return null;
 		}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AnonymousConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AnonymousConfigurerTests.java
index dc1d573eeb..306fd90162 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AnonymousConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AnonymousConfigurerTests.java
@@ -119,6 +119,7 @@ public class AnonymousConfigurerTests {
 			// @formatter:on
 		}
 
+		@Override
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
 			// @formatter:off
 			auth
@@ -151,6 +152,7 @@ public class AnonymousConfigurerTests {
 			// @formatter:on
 		}
 
+		@Override
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
 			// @formatter:off
 			auth
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/DefaultFiltersTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/DefaultFiltersTests.java
index 11dbcd26a1..716027edf0 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/DefaultFiltersTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/DefaultFiltersTests.java
@@ -122,6 +122,7 @@ public class DefaultFiltersTests {
 			super(true);
 		}
 
+		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			http.formLogin();
 		}
@@ -197,6 +198,7 @@ public class DefaultFiltersTests {
 	@EnableWebSecurity
 	static class DefaultFiltersConfigPermitAll extends WebSecurityConfigurerAdapter {
 
+		@Override
 		protected void configure(HttpSecurity http) {
 		}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurerTests.java
index c7a7a352b9..1ce457ff8b 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurerTests.java
@@ -142,6 +142,7 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 	@EnableWebSecurity
 	static class NoRequestsConfig extends WebSecurityConfigurerAdapter {
 
+		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
@@ -682,6 +683,7 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 				.authorizeRequests()
 					.anyRequest().permitAll()
 					.withObjectPostProcessor(new ObjectPostProcessor<FilterSecurityInterceptor>() {
+						@Override
 						public <O extends FilterSecurityInterceptor> O postProcess(
 								O fsi) {
 							fsi.setPublishAuthorizationSuccess(true);
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpBasicConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpBasicConfigurerTests.java
index bdd59a323d..c3649f7559 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpBasicConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpBasicConfigurerTests.java
@@ -265,6 +265,7 @@ public class HttpBasicConfigurerTests {
 			// @formatter:on
 		}
 
+		@Override
 		@Bean
 		public UserDetailsService userDetailsService() {
 			return new InMemoryUserDetailsManager(
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityAntMatchersTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityAntMatchersTests.java
index 9a68ea4a24..c78091f7dc 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityAntMatchersTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityAntMatchersTests.java
@@ -82,6 +82,7 @@ public class HttpSecurityAntMatchersTests {
 	@Configuration
 	static class AntMatchersNoPatternsConfig extends WebSecurityConfigurerAdapter {
 
+		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
@@ -118,6 +119,7 @@ public class HttpSecurityAntMatchersTests {
 	@Configuration
 	static class AntMatchersEmptyPatternsConfig extends WebSecurityConfigurerAdapter {
 
+		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityLogoutTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityLogoutTests.java
index 6b078b4b95..61989ec37f 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityLogoutTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityLogoutTests.java
@@ -90,6 +90,7 @@ public class HttpSecurityLogoutTests {
 	@Configuration
 	static class ClearAuthenticationFalseConfig extends WebSecurityConfigurerAdapter {
 
+		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/Issue55Tests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/Issue55Tests.java
index f86448bf5d..5097a3d5ef 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/Issue55Tests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/Issue55Tests.java
@@ -153,6 +153,7 @@ public class Issue55Tests {
 
 		static Authentication RESULT = new TestingAuthenticationToken("test", "this", "ROLE_USER");
 
+		@Override
 		public Authentication authenticate(Authentication authentication) throws AuthenticationException {
 			return RESULT;
 		}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpAnonymousTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpAnonymousTests.java
index ab96950277..ccf73dba40 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpAnonymousTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpAnonymousTests.java
@@ -95,6 +95,7 @@ public class NamespaceHttpAnonymousTests {
 			// @formatter:on
 		}
 
+		@Override
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
 			// @formatter:off
 			auth
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpBasicTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpBasicTests.java
index e587019f6c..6cd603b95b 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpBasicTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpBasicTests.java
@@ -94,6 +94,7 @@ public class NamespaceHttpBasicTests {
 	@EnableWebSecurity
 	static class HttpBasicConfig extends WebSecurityConfigurerAdapter {
 
+		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
@@ -121,6 +122,7 @@ public class NamespaceHttpBasicTests {
 	@EnableWebSecurity
 	static class HttpBasicLambdaConfig extends WebSecurityConfigurerAdapter {
 
+		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpCustomFilterTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpCustomFilterTests.java
index 96ef9f0c24..e2bc0970fd 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpCustomFilterTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpCustomFilterTests.java
@@ -68,6 +68,7 @@ public class NamespaceHttpCustomFilterTests {
 	@EnableWebSecurity
 	static class CustomFilterBeforeConfig extends WebSecurityConfigurerAdapter {
 
+		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
@@ -87,6 +88,7 @@ public class NamespaceHttpCustomFilterTests {
 	@EnableWebSecurity
 	static class CustomFilterAfterConfig extends WebSecurityConfigurerAdapter {
 
+		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
@@ -111,6 +113,7 @@ public class NamespaceHttpCustomFilterTests {
 			super(true);
 		}
 
+		@Override
 		protected void configure(HttpSecurity http) {
 			// @formatter:off
 			http
@@ -136,6 +139,7 @@ public class NamespaceHttpCustomFilterTests {
 			super(true);
 		}
 
+		@Override
 		protected void configure(HttpSecurity http) {
 			// @formatter:off
 			http
@@ -158,6 +162,7 @@ public class NamespaceHttpCustomFilterTests {
 			super(true);
 		}
 
+		@Override
 		protected AuthenticationManager authenticationManager() {
 			return new CustomAuthenticationManager();
 		}
@@ -198,6 +203,7 @@ public class NamespaceHttpCustomFilterTests {
 
 	static class OtherCustomFilter extends OncePerRequestFilter {
 
+		@Override
 		protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
 				FilterChain filterChain) throws ServletException, IOException {
 			filterChain.doFilter(request, response);
@@ -207,6 +213,7 @@ public class NamespaceHttpCustomFilterTests {
 
 	static class CustomAuthenticationManager implements AuthenticationManager {
 
+		@Override
 		public Authentication authenticate(Authentication authentication) throws AuthenticationException {
 			return null;
 		}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFormLoginTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFormLoginTests.java
index 0466f4f09a..7dd2827975 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFormLoginTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFormLoginTests.java
@@ -108,6 +108,7 @@ public class NamespaceHttpFormLoginTests {
 	@EnableWebSecurity
 	static class FormLoginCustomConfig extends WebSecurityConfigurerAdapter {
 
+		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			boolean alwaysUseDefaultSuccess = true;
 			// @formatter:off
@@ -143,6 +144,7 @@ public class NamespaceHttpFormLoginTests {
 	@EnableWebSecurity
 	static class FormLoginCustomRefsConfig extends WebSecurityConfigurerAdapter {
 
+		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
 			successHandler.setDefaultTargetUrl("/custom/targetUrl");
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpInterceptUrlTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpInterceptUrlTests.java
index a6e9d805d0..078c69053d 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpInterceptUrlTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpInterceptUrlTests.java
@@ -131,6 +131,7 @@ public class NamespaceHttpInterceptUrlTests {
 			// @formatter:on
 		}
 
+		@Override
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
 			// @formatter:off
 			auth
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpLogoutTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpLogoutTests.java
index b49dcbf949..407499bfb1 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpLogoutTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpLogoutTests.java
@@ -229,7 +229,7 @@ public class NamespaceHttpLogoutTests {
 
 	ResultMatcher session(Predicate<HttpSession> sessionPredicate) {
 		return result -> assertThat(result.getRequest().getSession(false))
-				.is(new Condition<HttpSession>(sessionPredicate, "sessionPredicate failed"));
+				.is(new Condition<>(sessionPredicate, "sessionPredicate failed"));
 	}
 
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpPortMappingsTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpPortMappingsTests.java
index c7e2b79682..a9238613f3 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpPortMappingsTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpPortMappingsTests.java
@@ -76,6 +76,7 @@ public class NamespaceHttpPortMappingsTests {
 			// @formatter:on
 		}
 
+		@Override
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
 			// @formatter:off
 			auth
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpRequestCacheTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpRequestCacheTests.java
index f83c874ce2..dd6f0a250a 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpRequestCacheTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpRequestCacheTests.java
@@ -67,6 +67,7 @@ public class NamespaceHttpRequestCacheTests {
 	@EnableWebSecurity
 	static class RequestCacheRefConfig extends WebSecurityConfigurerAdapter {
 
+		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
@@ -78,6 +79,7 @@ public class NamespaceHttpRequestCacheTests {
 			// @formatter:on
 		}
 
+		@Override
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
 			// @formatter:off
 			auth
@@ -108,6 +110,7 @@ public class NamespaceHttpRequestCacheTests {
 	@EnableWebSecurity
 	static class DefaultRequestCacheRefConfig extends WebSecurityConfigurerAdapter {
 
+		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
@@ -116,6 +119,7 @@ public class NamespaceHttpRequestCacheTests {
 			// @formatter:on
 		}
 
+		@Override
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
 			// @formatter:off
 			auth
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpServerAccessDeniedHandlerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpServerAccessDeniedHandlerTests.java
index cb2523d9e4..d5729357b6 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpServerAccessDeniedHandlerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpServerAccessDeniedHandlerTests.java
@@ -68,6 +68,7 @@ public class NamespaceHttpServerAccessDeniedHandlerTests {
 	@EnableWebSecurity
 	static class AccessDeniedPageConfig extends WebSecurityConfigurerAdapter {
 
+		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
@@ -96,6 +97,7 @@ public class NamespaceHttpServerAccessDeniedHandlerTests {
 	@EnableWebSecurity
 	static class AccessDeniedPageInLambdaConfig extends WebSecurityConfigurerAdapter {
 
+		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
@@ -122,6 +124,7 @@ public class NamespaceHttpServerAccessDeniedHandlerTests {
 	@EnableWebSecurity
 	static class AccessDeniedHandlerRefConfig extends WebSecurityConfigurerAdapter {
 
+		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
@@ -155,6 +158,7 @@ public class NamespaceHttpServerAccessDeniedHandlerTests {
 
 		static AccessDeniedHandler accessDeniedHandler = mock(AccessDeniedHandler.class);
 
+		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpX509Tests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpX509Tests.java
index 118e205906..b6a997ba33 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpX509Tests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpX509Tests.java
@@ -268,10 +268,12 @@ public class NamespaceHttpX509Tests {
 	@EnableWebSecurity
 	public static class AuthenticationUserDetailsServiceConfig extends WebSecurityConfigurerAdapter {
 
+		@Override
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
 			auth.inMemoryAuthentication().withUser("rod").password("password").roles("USER", "ADMIN");
 		}
 
+		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceSessionManagementTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceSessionManagementTests.java
index d3451fee3f..ee6dad15e1 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceSessionManagementTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceSessionManagementTests.java
@@ -392,6 +392,7 @@ public class NamespaceSessionManagementTests {
 
 		List<SessionFixationProtectionEvent> events = new ArrayList<>();
 
+		@Override
 		public void onApplicationEvent(SessionFixationProtectionEvent event) {
 			this.events.add(event);
 		}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurerTests.java
index fe4dcebba8..cb312190c3 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurerTests.java
@@ -89,6 +89,7 @@ public class RememberMeConfigurerTests {
 	@EnableWebSecurity
 	static class NullUserDetailsConfig extends WebSecurityConfigurerAdapter {
 
+		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
@@ -188,6 +189,7 @@ public class RememberMeConfigurerTests {
 			// @formatter:on
 		}
 
+		@Override
 		@Bean
 		public UserDetailsService userDetailsService() {
 			return new InMemoryUserDetailsManager(
@@ -327,6 +329,7 @@ public class RememberMeConfigurerTests {
 	@EnableWebSecurity
 	static class RememberMeCookieDomainConfig extends WebSecurityConfigurerAdapter {
 
+		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
@@ -363,6 +366,7 @@ public class RememberMeConfigurerTests {
 	@EnableWebSecurity
 	static class RememberMeCookieDomainInLambdaConfig extends WebSecurityConfigurerAdapter {
 
+		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
@@ -401,6 +405,7 @@ public class RememberMeConfigurerTests {
 
 		static RememberMeServices REMEMBER_ME = mock(RememberMeServices.class);
 
+		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java
index e275c1c350..4338f5a43c 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java
@@ -1560,6 +1560,7 @@ public class OAuth2ResourceServerConfigurerTests {
 			// @formatter:on
 		}
 
+		@Override
 		@Bean
 		public UserDetailsService userDetailsService() {
 			return new InMemoryUserDetailsManager(
@@ -1640,6 +1641,7 @@ public class OAuth2ResourceServerConfigurerTests {
 			// @formatter:on
 		}
 
+		@Override
 		@Bean
 		public UserDetailsService userDetailsService() {
 			return new InMemoryUserDetailsManager(
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerDocTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerDocTests.java
index 89d07f6259..83ada36fdd 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerDocTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerDocTests.java
@@ -150,6 +150,7 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerDocTests {
 	@EnableWebSocketMessageBroker
 	static class WebSocketConfig extends AbstractWebSocketMessageBrokerConfigurer {
 
+		@Override
 		public void registerStompEndpoints(StompEndpointRegistry registry) {
 			registry.addEndpoint("/chat").withSockJS();
 		}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerTests.java
index e9fac39e07..9d73774461 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerTests.java
@@ -278,6 +278,7 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
 	static class MsmsRegistryCustomPatternMatcherConfig extends AbstractSecurityWebSocketMessageBrokerConfigurer {
 
 		// @formatter:off
+		@Override
 		public void registerStompEndpoints(StompEndpointRegistry registry) {
 			registry
 				.addEndpoint("/other")
@@ -330,6 +331,7 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
 			extends AbstractSecurityWebSocketMessageBrokerConfigurer {
 
 		// @formatter:off
+		@Override
 		public void registerStompEndpoints(StompEndpointRegistry registry) {
 			registry
 				.addEndpoint("/other")
@@ -382,6 +384,7 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
 	static class DefaultPatternMatcherConfig extends AbstractSecurityWebSocketMessageBrokerConfigurer {
 
 		// @formatter:off
+		@Override
 		public void registerStompEndpoints(StompEndpointRegistry registry) {
 			registry
 				.addEndpoint("/other")
@@ -467,6 +470,7 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
 	static class CustomExpressionConfig extends AbstractSecurityWebSocketMessageBrokerConfigurer {
 
 		// @formatter:off
+		@Override
 		public void registerStompEndpoints(StompEndpointRegistry registry) {
 			registry
 				.addEndpoint("/other")
@@ -596,10 +600,12 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
 
 	static class MyCustomArgumentResolver implements HandlerMethodArgumentResolver {
 
+		@Override
 		public boolean supportsParameter(MethodParameter parameter) {
 			return parameter.getParameterType().isAssignableFrom(MyCustomArgument.class);
 		}
 
+		@Override
 		public Object resolveArgument(MethodParameter parameter, Message<?> message) {
 			return new MyCustomArgument("");
 		}
@@ -610,6 +616,7 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
 
 		Map<String, Object> attributes;
 
+		@Override
 		public boolean doHandshake(ServerHttpRequest request, ServerHttpResponse response, WebSocketHandler wsHandler,
 				Map<String, Object> attributes) throws HandshakeFailureException {
 			this.attributes = attributes;
@@ -630,6 +637,7 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
 	@Import(SyncExecutorConfig.class)
 	static class SockJsSecurityConfig extends AbstractSecurityWebSocketMessageBrokerConfigurer {
 
+		@Override
 		public void registerStompEndpoints(StompEndpointRegistry registry) {
 			registry.addEndpoint("/other").setHandshakeHandler(testHandshakeHandler()).withSockJS()
 					.setInterceptors(new HttpSessionHandshakeInterceptor());
@@ -687,6 +695,7 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
 	@Import(SyncExecutorConfig.class)
 	static class NoInboundSecurityConfig extends AbstractSecurityWebSocketMessageBrokerConfigurer {
 
+		@Override
 		public void registerStompEndpoints(StompEndpointRegistry registry) {
 			registry.addEndpoint("/other").withSockJS().setInterceptors(new HttpSessionHandshakeInterceptor());
 
@@ -725,6 +734,7 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
 	@Import(SyncExecutorConfig.class)
 	static class WebSocketSecurityConfig extends AbstractSecurityWebSocketMessageBrokerConfigurer {
 
+		@Override
 		public void registerStompEndpoints(StompEndpointRegistry registry) {
 			registry.addEndpoint("/websocket").setHandshakeHandler(testHandshakeHandler())
 					.addInterceptors(new HttpSessionHandshakeInterceptor());
@@ -754,6 +764,7 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
 
 		private ApplicationContext context;
 
+		@Override
 		public void registerStompEndpoints(StompEndpointRegistry registry) {
 			registry.addEndpoint("/chat").setHandshakeHandler(this.context.getBean(TestHandshakeHandler.class))
 					.withSockJS().setInterceptors(new HttpSessionHandshakeInterceptor());
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/socket/SyncExecutorSubscribableChannelPostProcessor.java b/config/src/test/java/org/springframework/security/config/annotation/web/socket/SyncExecutorSubscribableChannelPostProcessor.java
index 0462d5f74b..ad20a673bb 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/socket/SyncExecutorSubscribableChannelPostProcessor.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/socket/SyncExecutorSubscribableChannelPostProcessor.java
@@ -24,6 +24,7 @@ import org.springframework.messaging.support.ExecutorSubscribableChannel;
  */
 public class SyncExecutorSubscribableChannelPostProcessor implements BeanPostProcessor {
 
+	@Override
 	public Object postProcessBeforeInitialization(Object bean, String beanName) throws BeansException {
 		if (bean instanceof ExecutorSubscribableChannel) {
 			ExecutorSubscribableChannel original = (ExecutorSubscribableChannel) bean;
@@ -34,6 +35,7 @@ public class SyncExecutorSubscribableChannelPostProcessor implements BeanPostPro
 		return bean;
 	}
 
+	@Override
 	public Object postProcessAfterInitialization(Object bean, String beanName) throws BeansException {
 		return bean;
 	}
diff --git a/config/src/test/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParserTests.java
index 70269a4ffb..3af52ce611 100644
--- a/config/src/test/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParserTests.java
@@ -106,6 +106,7 @@ public class AuthenticationManagerBeanDefinitionParserTests {
 
 		List<AbstractAuthenticationEvent> events = new ArrayList<>();
 
+		@Override
 		public void onApplicationEvent(AbstractAuthenticationEvent event) {
 			this.events.add(event);
 		}
diff --git a/config/src/test/java/org/springframework/security/config/core/HelloWorldMessageService.java b/config/src/test/java/org/springframework/security/config/core/HelloWorldMessageService.java
index 6813e2050c..387f0ad006 100755
--- a/config/src/test/java/org/springframework/security/config/core/HelloWorldMessageService.java
+++ b/config/src/test/java/org/springframework/security/config/core/HelloWorldMessageService.java
@@ -24,11 +24,13 @@ import org.springframework.security.access.prepost.PreAuthorize;
  */
 public class HelloWorldMessageService implements MessageService {
 
+	@Override
 	@PreAuthorize("hasRole('USER')")
 	public String getMessage() {
 		return "Hello World";
 	}
 
+	@Override
 	@RolesAllowed("USER")
 	public String getJsrMessage() {
 		return "Hello JSR";
diff --git a/config/src/test/java/org/springframework/security/config/debug/TestAuthenticationProvider.java b/config/src/test/java/org/springframework/security/config/debug/TestAuthenticationProvider.java
index 26488ee356..ee82e44dc0 100644
--- a/config/src/test/java/org/springframework/security/config/debug/TestAuthenticationProvider.java
+++ b/config/src/test/java/org/springframework/security/config/debug/TestAuthenticationProvider.java
@@ -35,10 +35,12 @@ public class TestAuthenticationProvider implements AuthenticationProvider {
 	public TestAuthenticationProvider(AuthProviderDependency authProviderDependency) {
 	}
 
+	@Override
 	public Authentication authenticate(Authentication authentication) throws AuthenticationException {
 		throw new UnsupportedOperationException();
 	}
 
+	@Override
 	public boolean supports(Class<?> authentication) {
 		throw new UnsupportedOperationException();
 	}
diff --git a/config/src/test/java/org/springframework/security/config/http/CsrfConfigTests.java b/config/src/test/java/org/springframework/security/config/http/CsrfConfigTests.java
index 80788f7923..bab0a7e840 100644
--- a/config/src/test/java/org/springframework/security/config/http/CsrfConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/CsrfConfigTests.java
@@ -51,7 +51,6 @@ import org.springframework.test.web.servlet.setup.MockMvcBuilders;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.ResponseBody;
-import org.springframework.web.context.WebApplicationContext;
 import org.springframework.web.servlet.support.RequestDataValueProcessor;
 
 import static org.assertj.core.api.Assertions.assertThat;
@@ -148,8 +147,7 @@ public class CsrfConfigTests {
 	public void traceWhenDefaultConfigurationThenCsrfIsEnabled() throws Exception {
 		this.spring.configLocations(this.xml("shared-controllers"), this.xml("AutoConfig")).autowire();
 
-		MockMvc traceEnabled = MockMvcBuilders.webAppContextSetup((WebApplicationContext) this.spring.getContext())
-				.apply(springSecurity())
+		MockMvc traceEnabled = MockMvcBuilders.webAppContextSetup(this.spring.getContext()).apply(springSecurity())
 				.addDispatcherServletCustomizer(dispatcherServlet -> dispatcherServlet.setDispatchTraceRequest(true))
 				.build();
 
@@ -226,8 +224,7 @@ public class CsrfConfigTests {
 	public void traceWhenCsrfElementEnabledThenOk() throws Exception {
 		this.spring.configLocations(this.xml("shared-controllers"), this.xml("CsrfEnabled")).autowire();
 
-		MockMvc traceEnabled = MockMvcBuilders.webAppContextSetup((WebApplicationContext) this.spring.getContext())
-				.apply(springSecurity())
+		MockMvc traceEnabled = MockMvcBuilders.webAppContextSetup(this.spring.getContext()).apply(springSecurity())
 				.addDispatcherServletCustomizer(dispatcherServlet -> dispatcherServlet.setDispatchTraceRequest(true))
 				.build();
 
diff --git a/config/src/test/java/org/springframework/security/config/http/InterceptUrlConfigTests.java b/config/src/test/java/org/springframework/security/config/http/InterceptUrlConfigTests.java
index 9ebb140022..3c94ae6f00 100644
--- a/config/src/test/java/org/springframework/security/config/http/InterceptUrlConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/InterceptUrlConfigTests.java
@@ -174,7 +174,7 @@ public class InterceptUrlConfigTests {
 		this.spring.configLocations(this.xml("MvcMatchersServletPath")).autowire();
 
 		MockServletContext servletContext = mockServletContext("/spring");
-		ConfigurableWebApplicationContext context = (ConfigurableWebApplicationContext) this.spring.getContext();
+		ConfigurableWebApplicationContext context = this.spring.getContext();
 		context.setServletContext(servletContext);
 
 		this.mvc.perform(get("/spring/path").servletPath("/spring")).andExpect(status().isUnauthorized());
diff --git a/config/src/test/java/org/springframework/security/config/http/MiscHttpConfigTests.java b/config/src/test/java/org/springframework/security/config/http/MiscHttpConfigTests.java
index c8296bec2a..2c59e39123 100644
--- a/config/src/test/java/org/springframework/security/config/http/MiscHttpConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/MiscHttpConfigTests.java
@@ -517,16 +517,17 @@ public class MiscHttpConfigTests {
 
 	@Test
 	public void configureWhenUserDetailsServiceInParentContextThenLocatesSuccessfully() {
-		assertThatCode(() -> this.spring.configLocations(this.xml("MissingUserDetailsService")).autowire())
-				.isInstanceOf(BeansException.class);
+		assertThatCode(
+				() -> this.spring.configLocations(MiscHttpConfigTests.xml("MissingUserDetailsService")).autowire())
+						.isInstanceOf(BeansException.class);
 
 		try (XmlWebApplicationContext parent = new XmlWebApplicationContext()) {
-			parent.setConfigLocations(this.xml("AutoConfig"));
+			parent.setConfigLocations(MiscHttpConfigTests.xml("AutoConfig"));
 			parent.refresh();
 
 			try (XmlWebApplicationContext child = new XmlWebApplicationContext()) {
 				child.setParent(parent);
-				child.setConfigLocation(this.xml("MissingUserDetailsService"));
+				child.setConfigLocation(MiscHttpConfigTests.xml("MissingUserDetailsService"));
 				child.refresh();
 			}
 		}
@@ -810,6 +811,7 @@ public class MiscHttpConfigTests {
 
 	static class MockAuthenticationManager implements AuthenticationManager {
 
+		@Override
 		public Authentication authenticate(Authentication authentication) {
 			return new TestingAuthenticationToken(authentication.getPrincipal(), authentication.getCredentials(),
 					AuthorityUtils.createAuthorityList("ROLE_USER"));
diff --git a/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigTests.java b/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigTests.java
index 9ee76f8302..ded6945508 100644
--- a/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigTests.java
@@ -612,7 +612,7 @@ public class SessionManagementConfigTests {
 	}
 
 	private ServletContext servletContext() {
-		WebApplicationContext context = (WebApplicationContext) this.spring.getContext();
+		WebApplicationContext context = this.spring.getContext();
 		return context.getServletContext();
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParserTests.java
index 3f5a56f46e..25ba7efe8d 100644
--- a/config/src/test/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParserTests.java
@@ -401,6 +401,7 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
 			this.beanName = beanName;
 		}
 
+		@Override
 		public Authentication authenticate(Authentication authentication) throws AuthenticationException {
 			return this.authenticationManager.authenticate(authentication);
 		}
@@ -412,6 +413,7 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
 		 * org.springframework.context.ApplicationContextAware#setApplicationContext(org
 		 * .springframework.context.ApplicationContext)
 		 */
+		@Override
 		public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
 			this.authenticationManager = applicationContext.getBean(this.beanName, AuthenticationManager.class);
 		}
@@ -434,6 +436,7 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
 
 	public static class ConcreteFoo implements Foo<SecurityConfig> {
 
+		@Override
 		@PreAuthorize("#action.attribute == 'A'")
 		public void foo(SecurityConfig action) {
 		}
diff --git a/config/src/test/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecoratorTests.java b/config/src/test/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecoratorTests.java
index 62eca788ef..4b08393bd2 100644
--- a/config/src/test/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecoratorTests.java
+++ b/config/src/test/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecoratorTests.java
@@ -110,6 +110,7 @@ public class InterceptMethodsBeanDefinitionDecoratorTests implements Application
 		this.transactionalTarget.doSomething();
 	}
 
+	@Override
 	public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
 		this.appContext = applicationContext;
 	}
diff --git a/config/src/test/java/org/springframework/security/config/method/TestPermissionEvaluator.java b/config/src/test/java/org/springframework/security/config/method/TestPermissionEvaluator.java
index 9f804f4f15..03bed52407 100644
--- a/config/src/test/java/org/springframework/security/config/method/TestPermissionEvaluator.java
+++ b/config/src/test/java/org/springframework/security/config/method/TestPermissionEvaluator.java
@@ -22,10 +22,12 @@ import org.springframework.security.core.Authentication;
 
 public class TestPermissionEvaluator implements PermissionEvaluator {
 
+	@Override
 	public boolean hasPermission(Authentication authentication, Object targetDomainObject, Object permission) {
 		return false;
 	}
 
+	@Override
 	public boolean hasPermission(Authentication authentication, Serializable targetId, String targetType,
 			Object permission) {
 		return false;
diff --git a/config/src/test/java/org/springframework/security/config/method/sec2136/JpaPermissionEvaluator.java b/config/src/test/java/org/springframework/security/config/method/sec2136/JpaPermissionEvaluator.java
index 275ac42e6f..fe055ade88 100644
--- a/config/src/test/java/org/springframework/security/config/method/sec2136/JpaPermissionEvaluator.java
+++ b/config/src/test/java/org/springframework/security/config/method/sec2136/JpaPermissionEvaluator.java
@@ -36,10 +36,12 @@ public class JpaPermissionEvaluator implements PermissionEvaluator {
 		System.out.println("initializing " + this);
 	}
 
+	@Override
 	public boolean hasPermission(Authentication authentication, Object targetDomainObject, Object permission) {
 		return true;
 	}
 
+	@Override
 	public boolean hasPermission(Authentication authentication, Serializable targetId, String targetType,
 			Object permission) {
 		return true;
diff --git a/config/src/test/java/org/springframework/security/config/oauth2/client/ClientRegistrationsBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/oauth2/client/ClientRegistrationsBeanDefinitionParserTests.java
index 193d8c4a4e..4fa821baf9 100644
--- a/config/src/test/java/org/springframework/security/config/oauth2/client/ClientRegistrationsBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/oauth2/client/ClientRegistrationsBeanDefinitionParserTests.java
@@ -135,7 +135,8 @@ public class ClientRegistrationsBeanDefinitionParserTests {
 
 	@Test
 	public void parseWhenMultipleClientsConfiguredThenAvailableInRepository() {
-		this.spring.configLocations(this.xml("MultiClientRegistration")).autowire();
+		this.spring.configLocations(ClientRegistrationsBeanDefinitionParserTests.xml("MultiClientRegistration"))
+				.autowire();
 
 		assertThat(this.clientRegistrationRepository).isInstanceOf(InMemoryClientRegistrationRepository.class);
 
diff --git a/config/src/test/java/org/springframework/security/config/test/SpringTestContext.java b/config/src/test/java/org/springframework/security/config/test/SpringTestContext.java
index d256e3353d..e604008f56 100644
--- a/config/src/test/java/org/springframework/security/config/test/SpringTestContext.java
+++ b/config/src/test/java/org/springframework/security/config/test/SpringTestContext.java
@@ -142,6 +142,7 @@ public class SpringTestContext implements Closeable {
 
 	private class AddFilter implements MockMvcConfigurer {
 
+		@Override
 		public RequestPostProcessor beforeMockMvcCreated(ConfigurableMockMvcBuilder<?> builder,
 				WebApplicationContext context) {
 			builder.addFilters(SpringTestContext.this.filters.toArray(new Filter[0]));
diff --git a/config/src/test/java/org/springframework/security/config/test/SpringTestRule.java b/config/src/test/java/org/springframework/security/config/test/SpringTestRule.java
index c2bca55650..df0834c895 100644
--- a/config/src/test/java/org/springframework/security/config/test/SpringTestRule.java
+++ b/config/src/test/java/org/springframework/security/config/test/SpringTestRule.java
@@ -31,6 +31,7 @@ public class SpringTestRule extends SpringTestContext implements MethodRule {
 	@Override
 	public Statement apply(Statement base, FrameworkMethod method, Object target) {
 		return new Statement() {
+			@Override
 			public void evaluate() throws Throwable {
 				setTest(target);
 				try {
diff --git a/config/src/test/java/org/springframework/security/config/util/InMemoryXmlApplicationContext.java b/config/src/test/java/org/springframework/security/config/util/InMemoryXmlApplicationContext.java
index dafad7a02f..ac79550ee1 100644
--- a/config/src/test/java/org/springframework/security/config/util/InMemoryXmlApplicationContext.java
+++ b/config/src/test/java/org/springframework/security/config/util/InMemoryXmlApplicationContext.java
@@ -72,6 +72,7 @@ public class InMemoryXmlApplicationContext extends AbstractXmlApplicationContext
 		};
 	}
 
+	@Override
 	protected Resource[] getConfigResources() {
 		return new Resource[] { this.inMemoryXml };
 	}
diff --git a/config/src/test/java/org/springframework/security/config/web/server/OAuth2LoginTests.java b/config/src/test/java/org/springframework/security/config/web/server/OAuth2LoginTests.java
index c6bd79537a..50bda99f27 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/OAuth2LoginTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/OAuth2LoginTests.java
@@ -148,7 +148,7 @@ public class OAuth2LoginTests {
 
 		FormLoginTests.DefaultLoginPage loginPage = FormLoginTests.HomePage
 				.to(driver, FormLoginTests.DefaultLoginPage.class).assertAt().assertLoginFormNotPresent().oauth2Login()
-				.assertClientRegistrationByName(this.github.getClientName()).and();
+				.assertClientRegistrationByName(OAuth2LoginTests.github.getClientName()).and();
 	}
 
 	@EnableWebFluxSecurity
diff --git a/config/src/test/java/org/springframework/security/config/websocket/WebSocketMessageBrokerConfigTests.java b/config/src/test/java/org/springframework/security/config/websocket/WebSocketMessageBrokerConfigTests.java
index 6a9ca15fa3..6374b34664 100644
--- a/config/src/test/java/org/springframework/security/config/websocket/WebSocketMessageBrokerConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/websocket/WebSocketMessageBrokerConfigTests.java
@@ -306,7 +306,7 @@ public class WebSocketMessageBrokerConfigTests {
 	public void requestWhenConnectMessageThenUsesCsrfTokenHandshakeInterceptor() throws Exception {
 		this.spring.configLocations(xml("SyncConfig")).autowire();
 
-		WebApplicationContext context = (WebApplicationContext) this.spring.getContext();
+		WebApplicationContext context = this.spring.getContext();
 		MockMvc mvc = MockMvcBuilders.webAppContextSetup(context).build();
 
 		String csrfAttributeName = CsrfToken.class.getName();
@@ -329,7 +329,7 @@ public class WebSocketMessageBrokerConfigTests {
 	public void requestWhenConnectMessageAndUsingSockJsThenUsesCsrfTokenHandshakeInterceptor() throws Exception {
 		this.spring.configLocations(xml("SyncSockJsConfig")).autowire();
 
-		WebApplicationContext context = (WebApplicationContext) this.spring.getContext();
+		WebApplicationContext context = this.spring.getContext();
 		MockMvc mvc = MockMvcBuilders.webAppContextSetup(context).build();
 
 		String csrfAttributeName = CsrfToken.class.getName();
diff --git a/core/src/main/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSource.java b/core/src/main/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSource.java
index 4ccef31e78..b2c9efa2f6 100644
--- a/core/src/main/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSource.java
+++ b/core/src/main/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSource.java
@@ -56,14 +56,17 @@ public class Jsr250MethodSecurityMetadataSource extends AbstractFallbackMethodSe
 		this.defaultRolePrefix = defaultRolePrefix;
 	}
 
+	@Override
 	protected Collection<ConfigAttribute> findAttributes(Class<?> clazz) {
 		return processAnnotations(clazz.getAnnotations());
 	}
 
+	@Override
 	protected Collection<ConfigAttribute> findAttributes(Method method, Class<?> targetClass) {
 		return processAnnotations(AnnotationUtils.getAnnotations(method));
 	}
 
+	@Override
 	public Collection<ConfigAttribute> getAllConfigAttributes() {
 		return null;
 	}
diff --git a/core/src/main/java/org/springframework/security/access/annotation/Jsr250Voter.java b/core/src/main/java/org/springframework/security/access/annotation/Jsr250Voter.java
index 9a15090653..b9f5d5c369 100644
--- a/core/src/main/java/org/springframework/security/access/annotation/Jsr250Voter.java
+++ b/core/src/main/java/org/springframework/security/access/annotation/Jsr250Voter.java
@@ -36,6 +36,7 @@ public class Jsr250Voter implements AccessDecisionVoter<Object> {
 	 * @param configAttribute The config attribute.
 	 * @return whether the config attribute is supported.
 	 */
+	@Override
 	public boolean supports(ConfigAttribute configAttribute) {
 		return configAttribute instanceof Jsr250SecurityConfig;
 	}
@@ -45,6 +46,7 @@ public class Jsr250Voter implements AccessDecisionVoter<Object> {
 	 * @param clazz the class.
 	 * @return true
 	 */
+	@Override
 	public boolean supports(Class<?> clazz) {
 		return true;
 	}
@@ -59,6 +61,7 @@ public class Jsr250Voter implements AccessDecisionVoter<Object> {
 	 * @param definition The configuration definition.
 	 * @return The vote.
 	 */
+	@Override
 	public int vote(Authentication authentication, Object object, Collection<ConfigAttribute> definition) {
 		boolean jsr250AttributeFound = false;
 
diff --git a/core/src/main/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSource.java b/core/src/main/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSource.java
index 64a51bb038..ab6fc143b7 100644
--- a/core/src/main/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSource.java
+++ b/core/src/main/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSource.java
@@ -59,14 +59,17 @@ public class SecuredAnnotationSecurityMetadataSource extends AbstractFallbackMet
 				+ " must supply a generic parameter for AnnotationMetadataExtractor");
 	}
 
+	@Override
 	protected Collection<ConfigAttribute> findAttributes(Class<?> clazz) {
 		return processAnnotation(AnnotationUtils.findAnnotation(clazz, this.annotationType));
 	}
 
+	@Override
 	protected Collection<ConfigAttribute> findAttributes(Method method, Class<?> targetClass) {
 		return processAnnotation(AnnotationUtils.findAnnotation(method, this.annotationType));
 	}
 
+	@Override
 	public Collection<ConfigAttribute> getAllConfigAttributes() {
 		return null;
 	}
@@ -83,6 +86,7 @@ public class SecuredAnnotationSecurityMetadataSource extends AbstractFallbackMet
 
 class SecuredAnnotationMetadataExtractor implements AnnotationMetadataExtractor<Secured> {
 
+	@Override
 	public Collection<ConfigAttribute> extractAttributes(Secured secured) {
 		String[] attributeTokens = secured.value();
 		List<ConfigAttribute> attributes = new ArrayList<>(attributeTokens.length);
diff --git a/core/src/main/java/org/springframework/security/access/event/LoggerListener.java b/core/src/main/java/org/springframework/security/access/event/LoggerListener.java
index c52acfbf68..57e6d52d17 100644
--- a/core/src/main/java/org/springframework/security/access/event/LoggerListener.java
+++ b/core/src/main/java/org/springframework/security/access/event/LoggerListener.java
@@ -34,6 +34,7 @@ public class LoggerListener implements ApplicationListener<AbstractAuthorization
 
 	private static final Log logger = LogFactory.getLog(LoggerListener.class);
 
+	@Override
 	public void onApplicationEvent(AbstractAuthorizationEvent event) {
 		if (event instanceof AuthenticationCredentialsNotFoundEvent) {
 			AuthenticationCredentialsNotFoundEvent authEvent = (AuthenticationCredentialsNotFoundEvent) event;
diff --git a/core/src/main/java/org/springframework/security/access/expression/AbstractSecurityExpressionHandler.java b/core/src/main/java/org/springframework/security/access/expression/AbstractSecurityExpressionHandler.java
index aa519605aa..dd53320cd7 100644
--- a/core/src/main/java/org/springframework/security/access/expression/AbstractSecurityExpressionHandler.java
+++ b/core/src/main/java/org/springframework/security/access/expression/AbstractSecurityExpressionHandler.java
@@ -47,6 +47,7 @@ public abstract class AbstractSecurityExpressionHandler<T>
 
 	private PermissionEvaluator permissionEvaluator = new DenyAllPermissionEvaluator();
 
+	@Override
 	public final ExpressionParser getExpressionParser() {
 		return this.expressionParser;
 	}
@@ -64,6 +65,7 @@ public abstract class AbstractSecurityExpressionHandler<T>
 	 * @return the context object for use in evaluating the expression, populated with a
 	 * suitable root object.
 	 */
+	@Override
 	public final EvaluationContext createEvaluationContext(Authentication authentication, T invocation) {
 		SecurityExpressionOperations root = createSecurityExpressionRoot(authentication, invocation);
 		StandardEvaluationContext ctx = createEvaluationContextInternal(authentication, invocation);
@@ -114,6 +116,7 @@ public abstract class AbstractSecurityExpressionHandler<T>
 		this.permissionEvaluator = permissionEvaluator;
 	}
 
+	@Override
 	public void setApplicationContext(ApplicationContext applicationContext) {
 		this.br = new BeanFactoryResolver(applicationContext);
 	}
diff --git a/core/src/main/java/org/springframework/security/access/expression/DenyAllPermissionEvaluator.java b/core/src/main/java/org/springframework/security/access/expression/DenyAllPermissionEvaluator.java
index e394b37b80..18ffa8ec8c 100644
--- a/core/src/main/java/org/springframework/security/access/expression/DenyAllPermissionEvaluator.java
+++ b/core/src/main/java/org/springframework/security/access/expression/DenyAllPermissionEvaluator.java
@@ -37,6 +37,7 @@ public class DenyAllPermissionEvaluator implements PermissionEvaluator {
 	/**
 	 * @return false always
 	 */
+	@Override
 	public boolean hasPermission(Authentication authentication, Object target, Object permission) {
 		this.logger.warn(
 				"Denying user " + authentication.getName() + " permission '" + permission + "' on object " + target);
@@ -46,6 +47,7 @@ public class DenyAllPermissionEvaluator implements PermissionEvaluator {
 	/**
 	 * @return false always
 	 */
+	@Override
 	public boolean hasPermission(Authentication authentication, Serializable targetId, String targetType,
 			Object permission) {
 		this.logger.warn("Denying user " + authentication.getName() + " permission '" + permission
diff --git a/core/src/main/java/org/springframework/security/access/expression/SecurityExpressionRoot.java b/core/src/main/java/org/springframework/security/access/expression/SecurityExpressionRoot.java
index c85eda4c92..f48368c952 100644
--- a/core/src/main/java/org/springframework/security/access/expression/SecurityExpressionRoot.java
+++ b/core/src/main/java/org/springframework/security/access/expression/SecurityExpressionRoot.java
@@ -73,18 +73,22 @@ public abstract class SecurityExpressionRoot implements SecurityExpressionOperat
 		this.authentication = authentication;
 	}
 
+	@Override
 	public final boolean hasAuthority(String authority) {
 		return hasAnyAuthority(authority);
 	}
 
+	@Override
 	public final boolean hasAnyAuthority(String... authorities) {
 		return hasAnyAuthorityName(null, authorities);
 	}
 
+	@Override
 	public final boolean hasRole(String role) {
 		return hasAnyRole(role);
 	}
 
+	@Override
 	public final boolean hasAnyRole(String... roles) {
 		return hasAnyAuthorityName(this.defaultRolePrefix, roles);
 	}
@@ -102,30 +106,37 @@ public abstract class SecurityExpressionRoot implements SecurityExpressionOperat
 		return false;
 	}
 
+	@Override
 	public final Authentication getAuthentication() {
 		return this.authentication;
 	}
 
+	@Override
 	public final boolean permitAll() {
 		return true;
 	}
 
+	@Override
 	public final boolean denyAll() {
 		return false;
 	}
 
+	@Override
 	public final boolean isAnonymous() {
 		return this.trustResolver.isAnonymous(this.authentication);
 	}
 
+	@Override
 	public final boolean isAuthenticated() {
 		return !isAnonymous();
 	}
 
+	@Override
 	public final boolean isRememberMe() {
 		return this.trustResolver.isRememberMe(this.authentication);
 	}
 
+	@Override
 	public final boolean isFullyAuthenticated() {
 		return !this.trustResolver.isAnonymous(this.authentication)
 				&& !this.trustResolver.isRememberMe(this.authentication);
@@ -179,10 +190,12 @@ public abstract class SecurityExpressionRoot implements SecurityExpressionOperat
 		return this.roles;
 	}
 
+	@Override
 	public boolean hasPermission(Object target, Object permission) {
 		return this.permissionEvaluator.hasPermission(this.authentication, target, permission);
 	}
 
+	@Override
 	public boolean hasPermission(Object targetId, String targetType, Object permission) {
 		return this.permissionEvaluator.hasPermission(this.authentication, (Serializable) targetId, targetType,
 				permission);
diff --git a/core/src/main/java/org/springframework/security/access/expression/method/AbstractExpressionBasedMethodConfigAttribute.java b/core/src/main/java/org/springframework/security/access/expression/method/AbstractExpressionBasedMethodConfigAttribute.java
index 17d156fbe2..8adeaa9294 100644
--- a/core/src/main/java/org/springframework/security/access/expression/method/AbstractExpressionBasedMethodConfigAttribute.java
+++ b/core/src/main/java/org/springframework/security/access/expression/method/AbstractExpressionBasedMethodConfigAttribute.java
@@ -66,6 +66,7 @@ abstract class AbstractExpressionBasedMethodConfigAttribute implements ConfigAtt
 		return this.authorizeExpression;
 	}
 
+	@Override
 	public String getAttribute() {
 		return null;
 	}
diff --git a/core/src/main/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandler.java b/core/src/main/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandler.java
index e9a2da23ce..81c4230bc0 100644
--- a/core/src/main/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandler.java
+++ b/core/src/main/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandler.java
@@ -70,6 +70,7 @@ public class DefaultMethodSecurityExpressionHandler extends AbstractSecurityExpr
 	 * Uses a {@link MethodSecurityEvaluationContext} as the <tt>EvaluationContext</tt>
 	 * implementation.
 	 */
+	@Override
 	public StandardEvaluationContext createEvaluationContextInternal(Authentication auth, MethodInvocation mi) {
 		return new MethodSecurityEvaluationContext(auth, mi, getParameterNameDiscoverer());
 	}
@@ -77,6 +78,7 @@ public class DefaultMethodSecurityExpressionHandler extends AbstractSecurityExpr
 	/**
 	 * Creates the root object for expression evaluation.
 	 */
+	@Override
 	protected MethodSecurityExpressionOperations createSecurityExpressionRoot(Authentication authentication,
 			MethodInvocation invocation) {
 		MethodSecurityExpressionRoot root = new MethodSecurityExpressionRoot(authentication);
@@ -97,6 +99,7 @@ public class DefaultMethodSecurityExpressionHandler extends AbstractSecurityExpr
 	 * modified to contain the elements for which the permission expression evaluates to
 	 * {@code true}. For an array, a new array instance will be returned.
 	 */
+	@Override
 	@SuppressWarnings("unchecked")
 	public Object filter(Object filterTarget, Expression filterExpression, EvaluationContext ctx) {
 		MethodSecurityExpressionOperations rootObject = (MethodSecurityExpressionOperations) ctx.getRootObject()
@@ -248,6 +251,7 @@ public class DefaultMethodSecurityExpressionHandler extends AbstractSecurityExpr
 		this.permissionCacheOptimizer = permissionCacheOptimizer;
 	}
 
+	@Override
 	public void setReturnObject(Object returnObject, EvaluationContext ctx) {
 		((MethodSecurityExpressionOperations) ctx.getRootObject().getValue()).setReturnObject(returnObject);
 	}
diff --git a/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedAnnotationAttributeFactory.java b/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedAnnotationAttributeFactory.java
index 40e0f0c500..ef49f46259 100644
--- a/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedAnnotationAttributeFactory.java
+++ b/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedAnnotationAttributeFactory.java
@@ -42,6 +42,7 @@ public class ExpressionBasedAnnotationAttributeFactory implements PrePostInvocat
 		this.handler = handler;
 	}
 
+	@Override
 	public PreInvocationAttribute createPreInvocationAttribute(String preFilterAttribute, String filterObject,
 			String preAuthorizeAttribute) {
 		try {
@@ -58,6 +59,7 @@ public class ExpressionBasedAnnotationAttributeFactory implements PrePostInvocat
 		}
 	}
 
+	@Override
 	public PostInvocationAttribute createPostInvocationAttribute(String postFilterAttribute,
 			String postAuthorizeAttribute) {
 		try {
diff --git a/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPostInvocationAdvice.java b/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPostInvocationAdvice.java
index d9f049fcb7..5051258a09 100644
--- a/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPostInvocationAdvice.java
+++ b/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPostInvocationAdvice.java
@@ -41,6 +41,7 @@ public class ExpressionBasedPostInvocationAdvice implements PostInvocationAuthor
 		this.expressionHandler = expressionHandler;
 	}
 
+	@Override
 	public Object after(Authentication authentication, MethodInvocation mi, PostInvocationAttribute postAttr,
 			Object returnedObject) throws AccessDeniedException {
 		PostInvocationExpressionAttribute pia = (PostInvocationExpressionAttribute) postAttr;
diff --git a/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPreInvocationAdvice.java b/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPreInvocationAdvice.java
index 9a1de85b5b..651614e6bf 100644
--- a/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPreInvocationAdvice.java
+++ b/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPreInvocationAdvice.java
@@ -39,6 +39,7 @@ public class ExpressionBasedPreInvocationAdvice implements PreInvocationAuthoriz
 
 	private MethodSecurityExpressionHandler expressionHandler = new DefaultMethodSecurityExpressionHandler();
 
+	@Override
 	public boolean before(Authentication authentication, MethodInvocation mi, PreInvocationAttribute attr) {
 		PreInvocationExpressionAttribute preAttr = (PreInvocationExpressionAttribute) attr;
 		EvaluationContext ctx = this.expressionHandler.createEvaluationContext(authentication, mi);
diff --git a/core/src/main/java/org/springframework/security/access/expression/method/MethodSecurityExpressionRoot.java b/core/src/main/java/org/springframework/security/access/expression/method/MethodSecurityExpressionRoot.java
index 8e78613699..13d0e6ab42 100644
--- a/core/src/main/java/org/springframework/security/access/expression/method/MethodSecurityExpressionRoot.java
+++ b/core/src/main/java/org/springframework/security/access/expression/method/MethodSecurityExpressionRoot.java
@@ -36,18 +36,22 @@ class MethodSecurityExpressionRoot extends SecurityExpressionRoot implements Met
 		super(a);
 	}
 
+	@Override
 	public void setFilterObject(Object filterObject) {
 		this.filterObject = filterObject;
 	}
 
+	@Override
 	public Object getFilterObject() {
 		return this.filterObject;
 	}
 
+	@Override
 	public void setReturnObject(Object returnObject) {
 		this.returnObject = returnObject;
 	}
 
+	@Override
 	public Object getReturnObject() {
 		return this.returnObject;
 	}
@@ -62,6 +66,7 @@ class MethodSecurityExpressionRoot extends SecurityExpressionRoot implements Met
 		this.target = target;
 	}
 
+	@Override
 	public Object getThis() {
 		return this.target;
 	}
diff --git a/core/src/main/java/org/springframework/security/access/hierarchicalroles/NullRoleHierarchy.java b/core/src/main/java/org/springframework/security/access/hierarchicalroles/NullRoleHierarchy.java
index fe2b652571..9942abbc70 100644
--- a/core/src/main/java/org/springframework/security/access/hierarchicalroles/NullRoleHierarchy.java
+++ b/core/src/main/java/org/springframework/security/access/hierarchicalroles/NullRoleHierarchy.java
@@ -25,6 +25,7 @@ import org.springframework.security.core.GrantedAuthority;
  */
 public final class NullRoleHierarchy implements RoleHierarchy {
 
+	@Override
 	public Collection<? extends GrantedAuthority> getReachableGrantedAuthorities(
 			Collection<? extends GrantedAuthority> authorities) {
 		return authorities;
diff --git a/core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyAuthoritiesMapper.java b/core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyAuthoritiesMapper.java
index f78b286041..591a04fc1e 100644
--- a/core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyAuthoritiesMapper.java
+++ b/core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyAuthoritiesMapper.java
@@ -31,6 +31,7 @@ public class RoleHierarchyAuthoritiesMapper implements GrantedAuthoritiesMapper
 		this.roleHierarchy = roleHierarchy;
 	}
 
+	@Override
 	public Collection<? extends GrantedAuthority> mapAuthorities(Collection<? extends GrantedAuthority> authorities) {
 		return this.roleHierarchy.getReachableGrantedAuthorities(authorities);
 	}
diff --git a/core/src/main/java/org/springframework/security/access/intercept/AbstractSecurityInterceptor.java b/core/src/main/java/org/springframework/security/access/intercept/AbstractSecurityInterceptor.java
index c5780221d4..9dc828e31c 100644
--- a/core/src/main/java/org/springframework/security/access/intercept/AbstractSecurityInterceptor.java
+++ b/core/src/main/java/org/springframework/security/access/intercept/AbstractSecurityInterceptor.java
@@ -127,6 +127,7 @@ public abstract class AbstractSecurityInterceptor
 
 	private boolean publishAuthorizationSuccess = false;
 
+	@Override
 	public void afterPropertiesSet() {
 		Assert.notNull(getSecureObjectClass(), "Subclass must provide a non-null response to getSecureObjectClass()");
 		Assert.notNull(this.messages, "A message source must be set");
@@ -419,6 +420,7 @@ public abstract class AbstractSecurityInterceptor
 		this.alwaysReauthenticate = alwaysReauthenticate;
 	}
 
+	@Override
 	public void setApplicationEventPublisher(ApplicationEventPublisher applicationEventPublisher) {
 		this.eventPublisher = applicationEventPublisher;
 	}
@@ -427,6 +429,7 @@ public abstract class AbstractSecurityInterceptor
 		this.authenticationManager = newManager;
 	}
 
+	@Override
 	public void setMessageSource(MessageSource messageSource) {
 		this.messages = new MessageSourceAccessor(messageSource);
 	}
@@ -474,6 +477,7 @@ public abstract class AbstractSecurityInterceptor
 
 	private static class NoOpAuthenticationManager implements AuthenticationManager {
 
+		@Override
 		public Authentication authenticate(Authentication authentication) throws AuthenticationException {
 			throw new AuthenticationServiceException("Cannot authenticate " + authentication);
 		}
diff --git a/core/src/main/java/org/springframework/security/access/intercept/AfterInvocationProviderManager.java b/core/src/main/java/org/springframework/security/access/intercept/AfterInvocationProviderManager.java
index f4311b5ac4..26626f006b 100644
--- a/core/src/main/java/org/springframework/security/access/intercept/AfterInvocationProviderManager.java
+++ b/core/src/main/java/org/springframework/security/access/intercept/AfterInvocationProviderManager.java
@@ -52,6 +52,7 @@ public class AfterInvocationProviderManager implements AfterInvocationManager, I
 
 	private List<AfterInvocationProvider> providers;
 
+	@Override
 	public void afterPropertiesSet() {
 		checkIfValidList(this.providers);
 	}
@@ -62,6 +63,7 @@ public class AfterInvocationProviderManager implements AfterInvocationManager, I
 		}
 	}
 
+	@Override
 	public Object decide(Authentication authentication, Object object, Collection<ConfigAttribute> config,
 			Object returnedObject) throws AccessDeniedException {
 
@@ -89,6 +91,7 @@ public class AfterInvocationProviderManager implements AfterInvocationManager, I
 		}
 	}
 
+	@Override
 	public boolean supports(ConfigAttribute attribute) {
 		for (AfterInvocationProvider provider : this.providers) {
 			if (logger.isDebugEnabled()) {
@@ -114,6 +117,7 @@ public class AfterInvocationProviderManager implements AfterInvocationManager, I
 	 * object class, which requires every one of its <code>AfterInvocationProvider</code>s
 	 * to support the secure object class
 	 */
+	@Override
 	public boolean supports(Class<?> clazz) {
 		for (AfterInvocationProvider provider : this.providers) {
 			if (!provider.supports(clazz)) {
diff --git a/core/src/main/java/org/springframework/security/access/intercept/MethodInvocationPrivilegeEvaluator.java b/core/src/main/java/org/springframework/security/access/intercept/MethodInvocationPrivilegeEvaluator.java
index ed897c3604..131149429d 100644
--- a/core/src/main/java/org/springframework/security/access/intercept/MethodInvocationPrivilegeEvaluator.java
+++ b/core/src/main/java/org/springframework/security/access/intercept/MethodInvocationPrivilegeEvaluator.java
@@ -49,6 +49,7 @@ public class MethodInvocationPrivilegeEvaluator implements InitializingBean {
 
 	private AbstractSecurityInterceptor securityInterceptor;
 
+	@Override
 	public void afterPropertiesSet() {
 		Assert.notNull(this.securityInterceptor, "SecurityInterceptor required");
 	}
diff --git a/core/src/main/java/org/springframework/security/access/intercept/NullRunAsManager.java b/core/src/main/java/org/springframework/security/access/intercept/NullRunAsManager.java
index 71c752f018..1cd0bf85d1 100644
--- a/core/src/main/java/org/springframework/security/access/intercept/NullRunAsManager.java
+++ b/core/src/main/java/org/springframework/security/access/intercept/NullRunAsManager.java
@@ -31,14 +31,17 @@ import org.springframework.security.core.Authentication;
  */
 final class NullRunAsManager implements RunAsManager {
 
+	@Override
 	public Authentication buildRunAs(Authentication authentication, Object object, Collection<ConfigAttribute> config) {
 		return null;
 	}
 
+	@Override
 	public boolean supports(ConfigAttribute attribute) {
 		return false;
 	}
 
+	@Override
 	public boolean supports(Class<?> clazz) {
 		return true;
 	}
diff --git a/core/src/main/java/org/springframework/security/access/intercept/RunAsImplAuthenticationProvider.java b/core/src/main/java/org/springframework/security/access/intercept/RunAsImplAuthenticationProvider.java
index 9c571ae280..274d20b2c3 100644
--- a/core/src/main/java/org/springframework/security/access/intercept/RunAsImplAuthenticationProvider.java
+++ b/core/src/main/java/org/springframework/security/access/intercept/RunAsImplAuthenticationProvider.java
@@ -46,10 +46,12 @@ public class RunAsImplAuthenticationProvider implements InitializingBean, Authen
 
 	private String key;
 
+	@Override
 	public void afterPropertiesSet() {
 		Assert.notNull(this.key, "A Key is required and should match that configured for the RunAsManagerImpl");
 	}
 
+	@Override
 	public Authentication authenticate(Authentication authentication) throws AuthenticationException {
 		RunAsUserToken token = (RunAsUserToken) authentication;
 
@@ -70,10 +72,12 @@ public class RunAsImplAuthenticationProvider implements InitializingBean, Authen
 		this.key = key;
 	}
 
+	@Override
 	public void setMessageSource(MessageSource messageSource) {
 		this.messages = new MessageSourceAccessor(messageSource);
 	}
 
+	@Override
 	public boolean supports(Class<?> authentication) {
 		return RunAsUserToken.class.isAssignableFrom(authentication);
 	}
diff --git a/core/src/main/java/org/springframework/security/access/intercept/RunAsManagerImpl.java b/core/src/main/java/org/springframework/security/access/intercept/RunAsManagerImpl.java
index 22b72fd757..144af06954 100644
--- a/core/src/main/java/org/springframework/security/access/intercept/RunAsManagerImpl.java
+++ b/core/src/main/java/org/springframework/security/access/intercept/RunAsManagerImpl.java
@@ -59,11 +59,13 @@ public class RunAsManagerImpl implements RunAsManager, InitializingBean {
 
 	private String rolePrefix = "ROLE_";
 
+	@Override
 	public void afterPropertiesSet() {
 		Assert.notNull(this.key,
 				"A Key is required and should match that configured for the RunAsImplAuthenticationProvider");
 	}
 
+	@Override
 	public Authentication buildRunAs(Authentication authentication, Object object,
 			Collection<ConfigAttribute> attributes) {
 		List<GrantedAuthority> newAuthorities = new ArrayList<>();
@@ -108,6 +110,7 @@ public class RunAsManagerImpl implements RunAsManager, InitializingBean {
 		this.rolePrefix = rolePrefix;
 	}
 
+	@Override
 	public boolean supports(ConfigAttribute attribute) {
 		return attribute.getAttribute() != null && attribute.getAttribute().startsWith("RUN_AS_");
 	}
@@ -118,6 +121,7 @@ public class RunAsManagerImpl implements RunAsManager, InitializingBean {
 	 * @param clazz the secure object
 	 * @return always <code>true</code>
 	 */
+	@Override
 	public boolean supports(Class<?> clazz) {
 		return true;
 	}
diff --git a/core/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptor.java b/core/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptor.java
index 4ecc133fa6..42e1af08d1 100644
--- a/core/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptor.java
+++ b/core/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptor.java
@@ -41,6 +41,7 @@ public class MethodSecurityInterceptor extends AbstractSecurityInterceptor imple
 
 	private MethodSecurityMetadataSource securityMetadataSource;
 
+	@Override
 	public Class<?> getSecureObjectClass() {
 		return MethodInvocation.class;
 	}
@@ -52,6 +53,7 @@ public class MethodSecurityInterceptor extends AbstractSecurityInterceptor imple
 	 * {@code AfterInvocationManager}).
 	 * @throws Throwable if any error occurs
 	 */
+	@Override
 	public Object invoke(MethodInvocation mi) throws Throwable {
 		InterceptorStatusToken token = super.beforeInvocation(mi);
 
@@ -69,6 +71,7 @@ public class MethodSecurityInterceptor extends AbstractSecurityInterceptor imple
 		return this.securityMetadataSource;
 	}
 
+	@Override
 	public SecurityMetadataSource obtainSecurityMetadataSource() {
 		return this.securityMetadataSource;
 	}
diff --git a/core/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisor.java b/core/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisor.java
index cc0872503a..89d04e208a 100644
--- a/core/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisor.java
+++ b/core/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisor.java
@@ -91,10 +91,12 @@ public class MethodSecurityMetadataSourceAdvisor extends AbstractPointcutAdvisor
 		this.metadataSourceBeanName = attributeSourceBeanName;
 	}
 
+	@Override
 	public Pointcut getPointcut() {
 		return this.pointcut;
 	}
 
+	@Override
 	public Advice getAdvice() {
 		synchronized (this.adviceMonitor) {
 			if (this.interceptor == null) {
@@ -106,6 +108,7 @@ public class MethodSecurityMetadataSourceAdvisor extends AbstractPointcutAdvisor
 		}
 	}
 
+	@Override
 	public void setBeanFactory(BeanFactory beanFactory) throws BeansException {
 		this.beanFactory = beanFactory;
 	}
@@ -119,6 +122,7 @@ public class MethodSecurityMetadataSourceAdvisor extends AbstractPointcutAdvisor
 
 	class MethodSecurityMetadataSourcePointcut extends StaticMethodMatcherPointcut implements Serializable {
 
+		@Override
 		@SuppressWarnings("unchecked")
 		public boolean matches(Method m, Class targetClass) {
 			Collection attributes = MethodSecurityMetadataSourceAdvisor.this.attributeSource.getAttributes(m,
diff --git a/core/src/main/java/org/springframework/security/access/intercept/aspectj/MethodInvocationAdapter.java b/core/src/main/java/org/springframework/security/access/intercept/aspectj/MethodInvocationAdapter.java
index a3a84f48fa..a87df17cc9 100644
--- a/core/src/main/java/org/springframework/security/access/intercept/aspectj/MethodInvocationAdapter.java
+++ b/core/src/main/java/org/springframework/security/access/intercept/aspectj/MethodInvocationAdapter.java
@@ -78,22 +78,27 @@ public final class MethodInvocationAdapter implements MethodInvocation {
 		return method;
 	}
 
+	@Override
 	public Method getMethod() {
 		return this.method;
 	}
 
+	@Override
 	public Object[] getArguments() {
 		return this.jp.getArgs();
 	}
 
+	@Override
 	public AccessibleObject getStaticPart() {
 		return this.method;
 	}
 
+	@Override
 	public Object getThis() {
 		return this.target;
 	}
 
+	@Override
 	public Object proceed() throws Throwable {
 		return this.jp.proceed();
 	}
diff --git a/core/src/main/java/org/springframework/security/access/method/AbstractFallbackMethodSecurityMetadataSource.java b/core/src/main/java/org/springframework/security/access/method/AbstractFallbackMethodSecurityMetadataSource.java
index d82f417a72..e2e8ff8c5e 100644
--- a/core/src/main/java/org/springframework/security/access/method/AbstractFallbackMethodSecurityMetadataSource.java
+++ b/core/src/main/java/org/springframework/security/access/method/AbstractFallbackMethodSecurityMetadataSource.java
@@ -45,6 +45,7 @@ import org.springframework.security.access.ConfigAttribute;
  */
 public abstract class AbstractFallbackMethodSecurityMetadataSource extends AbstractMethodSecurityMetadataSource {
 
+	@Override
 	public Collection<ConfigAttribute> getAttributes(Method method, Class<?> targetClass) {
 		// The method may be on an interface, but we need attributes from the target
 		// class.
diff --git a/core/src/main/java/org/springframework/security/access/method/AbstractMethodSecurityMetadataSource.java b/core/src/main/java/org/springframework/security/access/method/AbstractMethodSecurityMetadataSource.java
index 11a0d0dd50..3b3a9809b4 100644
--- a/core/src/main/java/org/springframework/security/access/method/AbstractMethodSecurityMetadataSource.java
+++ b/core/src/main/java/org/springframework/security/access/method/AbstractMethodSecurityMetadataSource.java
@@ -36,6 +36,7 @@ public abstract class AbstractMethodSecurityMetadataSource implements MethodSecu
 
 	protected final Log logger = LogFactory.getLog(getClass());
 
+	@Override
 	public final Collection<ConfigAttribute> getAttributes(Object object) {
 		if (object instanceof MethodInvocation) {
 			MethodInvocation mi = (MethodInvocation) object;
@@ -59,6 +60,7 @@ public abstract class AbstractMethodSecurityMetadataSource implements MethodSecu
 		throw new IllegalArgumentException("Object must be a non-null MethodInvocation");
 	}
 
+	@Override
 	public final boolean supports(Class<?> clazz) {
 		return (MethodInvocation.class.isAssignableFrom(clazz));
 	}
diff --git a/core/src/main/java/org/springframework/security/access/method/DelegatingMethodSecurityMetadataSource.java b/core/src/main/java/org/springframework/security/access/method/DelegatingMethodSecurityMetadataSource.java
index 11306bd964..69dd3dd75f 100644
--- a/core/src/main/java/org/springframework/security/access/method/DelegatingMethodSecurityMetadataSource.java
+++ b/core/src/main/java/org/springframework/security/access/method/DelegatingMethodSecurityMetadataSource.java
@@ -49,6 +49,7 @@ public final class DelegatingMethodSecurityMetadataSource extends AbstractMethod
 		this.methodSecurityMetadataSources = methodSecurityMetadataSources;
 	}
 
+	@Override
 	public Collection<ConfigAttribute> getAttributes(Method method, Class<?> targetClass) {
 		DefaultCacheKey cacheKey = new DefaultCacheKey(method, targetClass);
 		synchronized (this.attributeCache) {
diff --git a/core/src/main/java/org/springframework/security/access/prepost/PostInvocationAdviceProvider.java b/core/src/main/java/org/springframework/security/access/prepost/PostInvocationAdviceProvider.java
index 00a143dd34..9b5727580f 100644
--- a/core/src/main/java/org/springframework/security/access/prepost/PostInvocationAdviceProvider.java
+++ b/core/src/main/java/org/springframework/security/access/prepost/PostInvocationAdviceProvider.java
@@ -45,6 +45,7 @@ public class PostInvocationAdviceProvider implements AfterInvocationProvider {
 		this.postAdvice = postAdvice;
 	}
 
+	@Override
 	public Object decide(Authentication authentication, Object object, Collection<ConfigAttribute> config,
 			Object returnedObject) throws AccessDeniedException {
 
@@ -67,10 +68,12 @@ public class PostInvocationAdviceProvider implements AfterInvocationProvider {
 		return null;
 	}
 
+	@Override
 	public boolean supports(ConfigAttribute attribute) {
 		return attribute instanceof PostInvocationAttribute;
 	}
 
+	@Override
 	public boolean supports(Class<?> clazz) {
 		return clazz.isAssignableFrom(MethodInvocation.class);
 	}
diff --git a/core/src/main/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdviceVoter.java b/core/src/main/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdviceVoter.java
index cf5d41dee9..cd9b4fd101 100644
--- a/core/src/main/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdviceVoter.java
+++ b/core/src/main/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdviceVoter.java
@@ -48,14 +48,17 @@ public class PreInvocationAuthorizationAdviceVoter implements AccessDecisionVote
 		this.preAdvice = pre;
 	}
 
+	@Override
 	public boolean supports(ConfigAttribute attribute) {
 		return attribute instanceof PreInvocationAttribute;
 	}
 
+	@Override
 	public boolean supports(Class<?> clazz) {
 		return MethodInvocation.class.isAssignableFrom(clazz);
 	}
 
+	@Override
 	public int vote(Authentication authentication, MethodInvocation method, Collection<ConfigAttribute> attributes) {
 
 		// Find prefilter and preauth (or combined) attributes
diff --git a/core/src/main/java/org/springframework/security/access/prepost/PrePostAdviceReactiveMethodInterceptor.java b/core/src/main/java/org/springframework/security/access/prepost/PrePostAdviceReactiveMethodInterceptor.java
index e8c48d155c..f1552942e5 100644
--- a/core/src/main/java/org/springframework/security/access/prepost/PrePostAdviceReactiveMethodInterceptor.java
+++ b/core/src/main/java/org/springframework/security/access/prepost/PrePostAdviceReactiveMethodInterceptor.java
@@ -92,17 +92,18 @@ public class PrePostAdviceReactiveMethodInterceptor implements MethodInterceptor
 		PostInvocationAttribute attr = findPostInvocationAttribute(attributes);
 
 		if (Mono.class.isAssignableFrom(returnType)) {
-			return toInvoke.flatMap(auth -> this.<Mono<?>>proceed(invocation)
+			return toInvoke.flatMap(auth -> PrePostAdviceReactiveMethodInterceptor.<Mono<?>>proceed(invocation)
 					.map(r -> attr == null ? r : this.postAdvice.after(auth, invocation, attr, r)));
 		}
 
 		if (Flux.class.isAssignableFrom(returnType)) {
-			return toInvoke.flatMapMany(auth -> this.<Flux<?>>proceed(invocation)
+			return toInvoke.flatMapMany(auth -> PrePostAdviceReactiveMethodInterceptor.<Flux<?>>proceed(invocation)
 					.map(r -> attr == null ? r : this.postAdvice.after(auth, invocation, attr, r)));
 		}
 
-		return toInvoke.flatMapMany(auth -> Flux.from(this.<Publisher<?>>proceed(invocation))
-				.map(r -> attr == null ? r : this.postAdvice.after(auth, invocation, attr, r)));
+		return toInvoke
+				.flatMapMany(auth -> Flux.from(PrePostAdviceReactiveMethodInterceptor.<Publisher<?>>proceed(invocation))
+						.map(r -> attr == null ? r : this.postAdvice.after(auth, invocation, attr, r)));
 	}
 
 	private static <T extends Publisher<?>> T proceed(final MethodInvocation invocation) {
diff --git a/core/src/main/java/org/springframework/security/access/vote/AbstractAccessDecisionManager.java b/core/src/main/java/org/springframework/security/access/vote/AbstractAccessDecisionManager.java
index 4aafaaeac6..d603c6183e 100644
--- a/core/src/main/java/org/springframework/security/access/vote/AbstractAccessDecisionManager.java
+++ b/core/src/main/java/org/springframework/security/access/vote/AbstractAccessDecisionManager.java
@@ -56,6 +56,7 @@ public abstract class AbstractAccessDecisionManager
 		this.decisionVoters = decisionVoters;
 	}
 
+	@Override
 	public void afterPropertiesSet() {
 		Assert.notEmpty(this.decisionVoters, "A list of AccessDecisionVoters is required");
 		Assert.notNull(this.messages, "A message source must be set");
@@ -80,10 +81,12 @@ public abstract class AbstractAccessDecisionManager
 		this.allowIfAllAbstainDecisions = allowIfAllAbstainDecisions;
 	}
 
+	@Override
 	public void setMessageSource(MessageSource messageSource) {
 		this.messages = new MessageSourceAccessor(messageSource);
 	}
 
+	@Override
 	public boolean supports(ConfigAttribute attribute) {
 		for (AccessDecisionVoter voter : this.decisionVoters) {
 			if (voter.supports(attribute)) {
@@ -103,6 +106,7 @@ public abstract class AbstractAccessDecisionManager
 	 * @param clazz the type of secured object being presented
 	 * @return true if this type is supported
 	 */
+	@Override
 	public boolean supports(Class<?> clazz) {
 		for (AccessDecisionVoter voter : this.decisionVoters) {
 			if (!voter.supports(clazz)) {
diff --git a/core/src/main/java/org/springframework/security/access/vote/AbstractAclVoter.java b/core/src/main/java/org/springframework/security/access/vote/AbstractAclVoter.java
index b5ed99bc61..bc070ade8e 100644
--- a/core/src/main/java/org/springframework/security/access/vote/AbstractAclVoter.java
+++ b/core/src/main/java/org/springframework/security/access/vote/AbstractAclVoter.java
@@ -64,6 +64,7 @@ public abstract class AbstractAclVoter implements AccessDecisionVoter<MethodInvo
 	 * @return <code>true</code> if the secure object is <code>MethodInvocation</code>,
 	 * <code>false</code> otherwise
 	 */
+	@Override
 	public boolean supports(Class<?> clazz) {
 		return (MethodInvocation.class.isAssignableFrom(clazz));
 	}
diff --git a/core/src/main/java/org/springframework/security/access/vote/AffirmativeBased.java b/core/src/main/java/org/springframework/security/access/vote/AffirmativeBased.java
index 7031d4c995..1ddc9157c8 100644
--- a/core/src/main/java/org/springframework/security/access/vote/AffirmativeBased.java
+++ b/core/src/main/java/org/springframework/security/access/vote/AffirmativeBased.java
@@ -51,6 +51,7 @@ public class AffirmativeBased extends AbstractAccessDecisionManager {
 	 * being invoked
 	 * @throws AccessDeniedException if access is denied
 	 */
+	@Override
 	public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes)
 			throws AccessDeniedException {
 		int deny = 0;
diff --git a/core/src/main/java/org/springframework/security/access/vote/AuthenticatedVoter.java b/core/src/main/java/org/springframework/security/access/vote/AuthenticatedVoter.java
index ea30cdc8c6..606f24365b 100644
--- a/core/src/main/java/org/springframework/security/access/vote/AuthenticatedVoter.java
+++ b/core/src/main/java/org/springframework/security/access/vote/AuthenticatedVoter.java
@@ -66,6 +66,7 @@ public class AuthenticatedVoter implements AccessDecisionVoter<Object> {
 		this.authenticationTrustResolver = authenticationTrustResolver;
 	}
 
+	@Override
 	public boolean supports(ConfigAttribute attribute) {
 		if ((attribute.getAttribute() != null) && (IS_AUTHENTICATED_FULLY.equals(attribute.getAttribute())
 				|| IS_AUTHENTICATED_REMEMBERED.equals(attribute.getAttribute())
@@ -83,10 +84,12 @@ public class AuthenticatedVoter implements AccessDecisionVoter<Object> {
 	 * @param clazz the secure object type
 	 * @return always {@code true}
 	 */
+	@Override
 	public boolean supports(Class<?> clazz) {
 		return true;
 	}
 
+	@Override
 	public int vote(Authentication authentication, Object object, Collection<ConfigAttribute> attributes) {
 		int result = ACCESS_ABSTAIN;
 
diff --git a/core/src/main/java/org/springframework/security/access/vote/ConsensusBased.java b/core/src/main/java/org/springframework/security/access/vote/ConsensusBased.java
index 80c0098f25..2bd16b2930 100644
--- a/core/src/main/java/org/springframework/security/access/vote/ConsensusBased.java
+++ b/core/src/main/java/org/springframework/security/access/vote/ConsensusBased.java
@@ -58,6 +58,7 @@ public class ConsensusBased extends AbstractAccessDecisionManager {
 	 * being invoked
 	 * @throws AccessDeniedException if access is denied
 	 */
+	@Override
 	public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes)
 			throws AccessDeniedException {
 		int grant = 0;
diff --git a/core/src/main/java/org/springframework/security/access/vote/RoleVoter.java b/core/src/main/java/org/springframework/security/access/vote/RoleVoter.java
index b087c5784a..1ea83e03c3 100644
--- a/core/src/main/java/org/springframework/security/access/vote/RoleVoter.java
+++ b/core/src/main/java/org/springframework/security/access/vote/RoleVoter.java
@@ -66,6 +66,7 @@ public class RoleVoter implements AccessDecisionVoter<Object> {
 		this.rolePrefix = rolePrefix;
 	}
 
+	@Override
 	public boolean supports(ConfigAttribute attribute) {
 		if ((attribute.getAttribute() != null) && attribute.getAttribute().startsWith(getRolePrefix())) {
 			return true;
@@ -81,10 +82,12 @@ public class RoleVoter implements AccessDecisionVoter<Object> {
 	 * @param clazz the secure object
 	 * @return always <code>true</code>
 	 */
+	@Override
 	public boolean supports(Class<?> clazz) {
 		return true;
 	}
 
+	@Override
 	public int vote(Authentication authentication, Object object, Collection<ConfigAttribute> attributes) {
 		if (authentication == null) {
 			return ACCESS_DENIED;
diff --git a/core/src/main/java/org/springframework/security/access/vote/UnanimousBased.java b/core/src/main/java/org/springframework/security/access/vote/UnanimousBased.java
index ae5a1b0b4a..0dae111017 100644
--- a/core/src/main/java/org/springframework/security/access/vote/UnanimousBased.java
+++ b/core/src/main/java/org/springframework/security/access/vote/UnanimousBased.java
@@ -55,6 +55,7 @@ public class UnanimousBased extends AbstractAccessDecisionManager {
 	 * invoked
 	 * @throws AccessDeniedException if access is denied
 	 */
+	@Override
 	public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> attributes)
 			throws AccessDeniedException {
 
diff --git a/core/src/main/java/org/springframework/security/authentication/AbstractAuthenticationToken.java b/core/src/main/java/org/springframework/security/authentication/AbstractAuthenticationToken.java
index 80146f6b27..dc01274d1f 100644
--- a/core/src/main/java/org/springframework/security/authentication/AbstractAuthenticationToken.java
+++ b/core/src/main/java/org/springframework/security/authentication/AbstractAuthenticationToken.java
@@ -65,10 +65,12 @@ public abstract class AbstractAuthenticationToken implements Authentication, Cre
 		this.authorities = Collections.unmodifiableList(temp);
 	}
 
+	@Override
 	public Collection<GrantedAuthority> getAuthorities() {
 		return this.authorities;
 	}
 
+	@Override
 	public String getName() {
 		if (this.getPrincipal() instanceof UserDetails) {
 			return ((UserDetails) this.getPrincipal()).getUsername();
@@ -83,14 +85,17 @@ public abstract class AbstractAuthenticationToken implements Authentication, Cre
 		return (this.getPrincipal() == null) ? "" : this.getPrincipal().toString();
 	}
 
+	@Override
 	public boolean isAuthenticated() {
 		return this.authenticated;
 	}
 
+	@Override
 	public void setAuthenticated(boolean authenticated) {
 		this.authenticated = authenticated;
 	}
 
+	@Override
 	public Object getDetails() {
 		return this.details;
 	}
@@ -104,6 +109,7 @@ public abstract class AbstractAuthenticationToken implements Authentication, Cre
 	 * invoking the {@code eraseCredentials} method on any which implement
 	 * {@link CredentialsContainer}.
 	 */
+	@Override
 	public void eraseCredentials() {
 		eraseSecret(getCredentials());
 		eraseSecret(getPrincipal());
diff --git a/core/src/main/java/org/springframework/security/authentication/AccountStatusUserDetailsChecker.java b/core/src/main/java/org/springframework/security/authentication/AccountStatusUserDetailsChecker.java
index 1acd873244..fe0d5ef76b 100644
--- a/core/src/main/java/org/springframework/security/authentication/AccountStatusUserDetailsChecker.java
+++ b/core/src/main/java/org/springframework/security/authentication/AccountStatusUserDetailsChecker.java
@@ -30,6 +30,7 @@ public class AccountStatusUserDetailsChecker implements UserDetailsChecker, Mess
 
 	protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
 
+	@Override
 	public void check(UserDetails user) {
 		if (!user.isAccountNonLocked()) {
 			throw new LockedException(
diff --git a/core/src/main/java/org/springframework/security/authentication/AnonymousAuthenticationProvider.java b/core/src/main/java/org/springframework/security/authentication/AnonymousAuthenticationProvider.java
index 098e061f95..74b428b30d 100644
--- a/core/src/main/java/org/springframework/security/authentication/AnonymousAuthenticationProvider.java
+++ b/core/src/main/java/org/springframework/security/authentication/AnonymousAuthenticationProvider.java
@@ -44,6 +44,7 @@ public class AnonymousAuthenticationProvider implements AuthenticationProvider,
 		this.key = key;
 	}
 
+	@Override
 	public Authentication authenticate(Authentication authentication) throws AuthenticationException {
 		if (!supports(authentication.getClass())) {
 			return null;
@@ -61,11 +62,13 @@ public class AnonymousAuthenticationProvider implements AuthenticationProvider,
 		return this.key;
 	}
 
+	@Override
 	public void setMessageSource(MessageSource messageSource) {
 		Assert.notNull(messageSource, "messageSource cannot be null");
 		this.messages = new MessageSourceAccessor(messageSource);
 	}
 
+	@Override
 	public boolean supports(Class<?> authentication) {
 		return (AnonymousAuthenticationToken.class.isAssignableFrom(authentication));
 	}
diff --git a/core/src/main/java/org/springframework/security/authentication/AuthenticationTrustResolverImpl.java b/core/src/main/java/org/springframework/security/authentication/AuthenticationTrustResolverImpl.java
index 019207b4a5..f9b16aea86 100644
--- a/core/src/main/java/org/springframework/security/authentication/AuthenticationTrustResolverImpl.java
+++ b/core/src/main/java/org/springframework/security/authentication/AuthenticationTrustResolverImpl.java
@@ -43,6 +43,7 @@ public class AuthenticationTrustResolverImpl implements AuthenticationTrustResol
 		return this.rememberMeClass;
 	}
 
+	@Override
 	public boolean isAnonymous(Authentication authentication) {
 		if ((this.anonymousClass == null) || (authentication == null)) {
 			return false;
@@ -51,6 +52,7 @@ public class AuthenticationTrustResolverImpl implements AuthenticationTrustResol
 		return this.anonymousClass.isAssignableFrom(authentication.getClass());
 	}
 
+	@Override
 	public boolean isRememberMe(Authentication authentication) {
 		if ((this.rememberMeClass == null) || (authentication == null)) {
 			return false;
diff --git a/core/src/main/java/org/springframework/security/authentication/CachingUserDetailsService.java b/core/src/main/java/org/springframework/security/authentication/CachingUserDetailsService.java
index c87424f900..13405e694b 100644
--- a/core/src/main/java/org/springframework/security/authentication/CachingUserDetailsService.java
+++ b/core/src/main/java/org/springframework/security/authentication/CachingUserDetailsService.java
@@ -43,6 +43,7 @@ public class CachingUserDetailsService implements UserDetailsService {
 		this.userCache = userCache;
 	}
 
+	@Override
 	public UserDetails loadUserByUsername(String username) {
 		UserDetails user = this.userCache.getUserFromCache(username);
 
diff --git a/core/src/main/java/org/springframework/security/authentication/DefaultAuthenticationEventPublisher.java b/core/src/main/java/org/springframework/security/authentication/DefaultAuthenticationEventPublisher.java
index 8871f82af2..50b5ffffea 100644
--- a/core/src/main/java/org/springframework/security/authentication/DefaultAuthenticationEventPublisher.java
+++ b/core/src/main/java/org/springframework/security/authentication/DefaultAuthenticationEventPublisher.java
@@ -93,12 +93,14 @@ public class DefaultAuthenticationEventPublisher
 				AuthenticationFailureBadCredentialsEvent.class);
 	}
 
+	@Override
 	public void publishAuthenticationSuccess(Authentication authentication) {
 		if (this.applicationEventPublisher != null) {
 			this.applicationEventPublisher.publishEvent(new AuthenticationSuccessEvent(authentication));
 		}
 	}
 
+	@Override
 	public void publishAuthenticationFailure(AuthenticationException exception, Authentication authentication) {
 		Constructor<? extends AbstractAuthenticationEvent> constructor = getEventConstructor(exception);
 		AbstractAuthenticationEvent event = null;
@@ -129,6 +131,7 @@ public class DefaultAuthenticationEventPublisher
 		return (eventConstructor == null ? this.defaultAuthenticationFailureEventConstructor : eventConstructor);
 	}
 
+	@Override
 	public void setApplicationEventPublisher(ApplicationEventPublisher applicationEventPublisher) {
 		this.applicationEventPublisher = applicationEventPublisher;
 	}
diff --git a/core/src/main/java/org/springframework/security/authentication/DelegatingReactiveAuthenticationManager.java b/core/src/main/java/org/springframework/security/authentication/DelegatingReactiveAuthenticationManager.java
index 6cbdae5df3..8c1268dc5f 100644
--- a/core/src/main/java/org/springframework/security/authentication/DelegatingReactiveAuthenticationManager.java
+++ b/core/src/main/java/org/springframework/security/authentication/DelegatingReactiveAuthenticationManager.java
@@ -46,6 +46,7 @@ public class DelegatingReactiveAuthenticationManager implements ReactiveAuthenti
 		this.delegates = entryPoints;
 	}
 
+	@Override
 	public Mono<Authentication> authenticate(Authentication authentication) {
 		return Flux.fromIterable(this.delegates).concatMap(m -> m.authenticate(authentication)).next();
 	}
diff --git a/core/src/main/java/org/springframework/security/authentication/ProviderManager.java b/core/src/main/java/org/springframework/security/authentication/ProviderManager.java
index bb0c7192a6..79b07a7d37 100644
--- a/core/src/main/java/org/springframework/security/authentication/ProviderManager.java
+++ b/core/src/main/java/org/springframework/security/authentication/ProviderManager.java
@@ -127,6 +127,7 @@ public class ProviderManager implements AuthenticationManager, MessageSourceAwar
 		checkState();
 	}
 
+	@Override
 	public void afterPropertiesSet() {
 		checkState();
 	}
@@ -161,6 +162,7 @@ public class ProviderManager implements AuthenticationManager, MessageSourceAwar
 	 * @return a fully authenticated object including credentials.
 	 * @throws AuthenticationException if authentication fails.
 	 */
+	@Override
 	public Authentication authenticate(Authentication authentication) throws AuthenticationException {
 		Class<? extends Authentication> toTest = authentication.getClass();
 		AuthenticationException lastException = null;
@@ -271,6 +273,7 @@ public class ProviderManager implements AuthenticationManager, MessageSourceAwar
 		return this.providers;
 	}
 
+	@Override
 	public void setMessageSource(MessageSource messageSource) {
 		this.messages = new MessageSourceAccessor(messageSource);
 	}
@@ -298,9 +301,11 @@ public class ProviderManager implements AuthenticationManager, MessageSourceAwar
 
 	private static final class NullEventPublisher implements AuthenticationEventPublisher {
 
+		@Override
 		public void publishAuthenticationFailure(AuthenticationException exception, Authentication authentication) {
 		}
 
+		@Override
 		public void publishAuthenticationSuccess(Authentication authentication) {
 		}
 
diff --git a/core/src/main/java/org/springframework/security/authentication/RememberMeAuthenticationProvider.java b/core/src/main/java/org/springframework/security/authentication/RememberMeAuthenticationProvider.java
index 5c792ccafd..f15311ab6a 100644
--- a/core/src/main/java/org/springframework/security/authentication/RememberMeAuthenticationProvider.java
+++ b/core/src/main/java/org/springframework/security/authentication/RememberMeAuthenticationProvider.java
@@ -43,10 +43,12 @@ public class RememberMeAuthenticationProvider implements AuthenticationProvider,
 		this.key = key;
 	}
 
+	@Override
 	public void afterPropertiesSet() {
 		Assert.notNull(this.messages, "A message source must be set");
 	}
 
+	@Override
 	public Authentication authenticate(Authentication authentication) throws AuthenticationException {
 		if (!supports(authentication.getClass())) {
 			return null;
@@ -64,10 +66,12 @@ public class RememberMeAuthenticationProvider implements AuthenticationProvider,
 		return this.key;
 	}
 
+	@Override
 	public void setMessageSource(MessageSource messageSource) {
 		this.messages = new MessageSourceAccessor(messageSource);
 	}
 
+	@Override
 	public boolean supports(Class<?> authentication) {
 		return (RememberMeAuthenticationToken.class.isAssignableFrom(authentication));
 	}
diff --git a/core/src/main/java/org/springframework/security/authentication/TestingAuthenticationProvider.java b/core/src/main/java/org/springframework/security/authentication/TestingAuthenticationProvider.java
index d94be00f44..ef22c5d1c2 100644
--- a/core/src/main/java/org/springframework/security/authentication/TestingAuthenticationProvider.java
+++ b/core/src/main/java/org/springframework/security/authentication/TestingAuthenticationProvider.java
@@ -34,10 +34,12 @@ import org.springframework.security.core.AuthenticationException;
  */
 public class TestingAuthenticationProvider implements AuthenticationProvider {
 
+	@Override
 	public Authentication authenticate(Authentication authentication) throws AuthenticationException {
 		return authentication;
 	}
 
+	@Override
 	public boolean supports(Class<?> authentication) {
 		return TestingAuthenticationToken.class.isAssignableFrom(authentication);
 	}
diff --git a/core/src/main/java/org/springframework/security/authentication/TestingAuthenticationToken.java b/core/src/main/java/org/springframework/security/authentication/TestingAuthenticationToken.java
index 634f9f446e..8162b45965 100644
--- a/core/src/main/java/org/springframework/security/authentication/TestingAuthenticationToken.java
+++ b/core/src/main/java/org/springframework/security/authentication/TestingAuthenticationToken.java
@@ -54,10 +54,12 @@ public class TestingAuthenticationToken extends AbstractAuthenticationToken {
 		setAuthenticated(true);
 	}
 
+	@Override
 	public Object getCredentials() {
 		return this.credentials;
 	}
 
+	@Override
 	public Object getPrincipal() {
 		return this.principal;
 	}
diff --git a/core/src/main/java/org/springframework/security/authentication/UsernamePasswordAuthenticationToken.java b/core/src/main/java/org/springframework/security/authentication/UsernamePasswordAuthenticationToken.java
index e293aa67cd..ca28be6eb5 100644
--- a/core/src/main/java/org/springframework/security/authentication/UsernamePasswordAuthenticationToken.java
+++ b/core/src/main/java/org/springframework/security/authentication/UsernamePasswordAuthenticationToken.java
@@ -70,14 +70,17 @@ public class UsernamePasswordAuthenticationToken extends AbstractAuthenticationT
 		super.setAuthenticated(true); // must use super, as we override
 	}
 
+	@Override
 	public Object getCredentials() {
 		return this.credentials;
 	}
 
+	@Override
 	public Object getPrincipal() {
 		return this.principal;
 	}
 
+	@Override
 	public void setAuthenticated(boolean isAuthenticated) throws IllegalArgumentException {
 		if (isAuthenticated) {
 			throw new IllegalArgumentException(
diff --git a/core/src/main/java/org/springframework/security/authentication/dao/AbstractUserDetailsAuthenticationProvider.java b/core/src/main/java/org/springframework/security/authentication/dao/AbstractUserDetailsAuthenticationProvider.java
index 9bbe5a32ef..b9f93d4a7d 100644
--- a/core/src/main/java/org/springframework/security/authentication/dao/AbstractUserDetailsAuthenticationProvider.java
+++ b/core/src/main/java/org/springframework/security/authentication/dao/AbstractUserDetailsAuthenticationProvider.java
@@ -112,12 +112,14 @@ public abstract class AbstractUserDetailsAuthenticationProvider
 	protected abstract void additionalAuthenticationChecks(UserDetails userDetails,
 			UsernamePasswordAuthenticationToken authentication) throws AuthenticationException;
 
+	@Override
 	public final void afterPropertiesSet() throws Exception {
 		Assert.notNull(this.userCache, "A user cache must be set");
 		Assert.notNull(this.messages, "A message source must be set");
 		doAfterPropertiesSet();
 	}
 
+	@Override
 	public Authentication authenticate(Authentication authentication) throws AuthenticationException {
 		Assert.isInstanceOf(UsernamePasswordAuthenticationToken.class, authentication,
 				() -> this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.onlySupports",
@@ -286,6 +288,7 @@ public abstract class AbstractUserDetailsAuthenticationProvider
 		this.hideUserNotFoundExceptions = hideUserNotFoundExceptions;
 	}
 
+	@Override
 	public void setMessageSource(MessageSource messageSource) {
 		this.messages = new MessageSourceAccessor(messageSource);
 	}
@@ -294,6 +297,7 @@ public abstract class AbstractUserDetailsAuthenticationProvider
 		this.userCache = userCache;
 	}
 
+	@Override
 	public boolean supports(Class<?> authentication) {
 		return (UsernamePasswordAuthenticationToken.class.isAssignableFrom(authentication));
 	}
@@ -325,6 +329,7 @@ public abstract class AbstractUserDetailsAuthenticationProvider
 
 	private class DefaultPreAuthenticationChecks implements UserDetailsChecker {
 
+		@Override
 		public void check(UserDetails user) {
 			if (!user.isAccountNonLocked()) {
 				AbstractUserDetailsAuthenticationProvider.this.logger.debug("User account is locked");
@@ -352,6 +357,7 @@ public abstract class AbstractUserDetailsAuthenticationProvider
 
 	private class DefaultPostAuthenticationChecks implements UserDetailsChecker {
 
+		@Override
 		public void check(UserDetails user) {
 			if (!user.isCredentialsNonExpired()) {
 				AbstractUserDetailsAuthenticationProvider.this.logger.debug("User account credentials have expired");
diff --git a/core/src/main/java/org/springframework/security/authentication/dao/DaoAuthenticationProvider.java b/core/src/main/java/org/springframework/security/authentication/dao/DaoAuthenticationProvider.java
index 691050d60f..ecb852cb54 100644
--- a/core/src/main/java/org/springframework/security/authentication/dao/DaoAuthenticationProvider.java
+++ b/core/src/main/java/org/springframework/security/authentication/dao/DaoAuthenticationProvider.java
@@ -63,6 +63,7 @@ public class DaoAuthenticationProvider extends AbstractUserDetailsAuthentication
 		setPasswordEncoder(PasswordEncoderFactories.createDelegatingPasswordEncoder());
 	}
 
+	@Override
 	@SuppressWarnings("deprecation")
 	protected void additionalAuthenticationChecks(UserDetails userDetails,
 			UsernamePasswordAuthenticationToken authentication) throws AuthenticationException {
@@ -83,10 +84,12 @@ public class DaoAuthenticationProvider extends AbstractUserDetailsAuthentication
 		}
 	}
 
+	@Override
 	protected void doAfterPropertiesSet() {
 		Assert.notNull(this.userDetailsService, "A UserDetailsService must be set");
 	}
 
+	@Override
 	protected final UserDetails retrieveUser(String username, UsernamePasswordAuthenticationToken authentication)
 			throws AuthenticationException {
 		prepareTimingAttackProtection();
diff --git a/core/src/main/java/org/springframework/security/authentication/event/LoggerListener.java b/core/src/main/java/org/springframework/security/authentication/event/LoggerListener.java
index 57c69c66fb..71b153c201 100644
--- a/core/src/main/java/org/springframework/security/authentication/event/LoggerListener.java
+++ b/core/src/main/java/org/springframework/security/authentication/event/LoggerListener.java
@@ -39,6 +39,7 @@ public class LoggerListener implements ApplicationListener<AbstractAuthenticatio
 	 */
 	private boolean logInteractiveAuthenticationSuccessEvents = true;
 
+	@Override
 	public void onApplicationEvent(AbstractAuthenticationEvent event) {
 		if (!this.logInteractiveAuthenticationSuccessEvents && event instanceof InteractiveAuthenticationSuccessEvent) {
 			return;
diff --git a/core/src/main/java/org/springframework/security/authentication/jaas/AbstractJaasAuthenticationProvider.java b/core/src/main/java/org/springframework/security/authentication/jaas/AbstractJaasAuthenticationProvider.java
index 52d17ba08e..9d6e36907d 100644
--- a/core/src/main/java/org/springframework/security/authentication/jaas/AbstractJaasAuthenticationProvider.java
+++ b/core/src/main/java/org/springframework/security/authentication/jaas/AbstractJaasAuthenticationProvider.java
@@ -134,6 +134,7 @@ public abstract class AbstractJaasAuthenticationProvider implements Authenticati
 	 * called with valid handlers, initializes to use {@link JaasNameCallbackHandler} and
 	 * {@link JaasPasswordCallbackHandler}.
 	 */
+	@Override
 	public void afterPropertiesSet() throws Exception {
 		Assert.hasLength(this.loginContextName, "loginContextName cannot be null or empty");
 		Assert.notEmpty(this.authorityGranters, "authorityGranters cannot be null or empty");
@@ -154,6 +155,7 @@ public abstract class AbstractJaasAuthenticationProvider implements Authenticati
 	 * the message of the LoginException that will be thrown, should the
 	 * loginContext.login() method fail.
 	 */
+	@Override
 	public Authentication authenticate(Authentication auth) throws AuthenticationException {
 		if (!(auth instanceof UsernamePasswordAuthenticationToken)) {
 			return null;
@@ -261,6 +263,7 @@ public abstract class AbstractJaasAuthenticationProvider implements Authenticati
 		}
 	}
 
+	@Override
 	public void onApplicationEvent(SessionDestroyedEvent event) {
 		handleLogout(event);
 	}
@@ -352,10 +355,12 @@ public abstract class AbstractJaasAuthenticationProvider implements Authenticati
 		this.loginExceptionResolver = loginExceptionResolver;
 	}
 
+	@Override
 	public boolean supports(Class<?> aClass) {
 		return UsernamePasswordAuthenticationToken.class.isAssignableFrom(aClass);
 	}
 
+	@Override
 	public void setApplicationEventPublisher(ApplicationEventPublisher applicationEventPublisher) {
 		this.applicationEventPublisher = applicationEventPublisher;
 	}
@@ -375,6 +380,7 @@ public abstract class AbstractJaasAuthenticationProvider implements Authenticati
 			this.authentication = authentication;
 		}
 
+		@Override
 		public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
 			for (JaasAuthenticationCallbackHandler handler : AbstractJaasAuthenticationProvider.this.callbackHandlers) {
 				for (Callback callback : callbacks) {
diff --git a/core/src/main/java/org/springframework/security/authentication/jaas/DefaultLoginExceptionResolver.java b/core/src/main/java/org/springframework/security/authentication/jaas/DefaultLoginExceptionResolver.java
index f57dccff61..f106e4f6e7 100644
--- a/core/src/main/java/org/springframework/security/authentication/jaas/DefaultLoginExceptionResolver.java
+++ b/core/src/main/java/org/springframework/security/authentication/jaas/DefaultLoginExceptionResolver.java
@@ -29,6 +29,7 @@ import org.springframework.security.core.AuthenticationException;
  */
 public class DefaultLoginExceptionResolver implements LoginExceptionResolver {
 
+	@Override
 	public AuthenticationException resolveException(LoginException e) {
 		return new AuthenticationServiceException(e.getMessage(), e);
 	}
diff --git a/core/src/main/java/org/springframework/security/authentication/jaas/JaasNameCallbackHandler.java b/core/src/main/java/org/springframework/security/authentication/jaas/JaasNameCallbackHandler.java
index 40795ee6f4..d2aba3590d 100644
--- a/core/src/main/java/org/springframework/security/authentication/jaas/JaasNameCallbackHandler.java
+++ b/core/src/main/java/org/springframework/security/authentication/jaas/JaasNameCallbackHandler.java
@@ -43,6 +43,7 @@ public class JaasNameCallbackHandler implements JaasAuthenticationCallbackHandle
 	 * @param authentication
 	 *
 	 */
+	@Override
 	public void handle(Callback callback, Authentication authentication) {
 		if (callback instanceof NameCallback) {
 			NameCallback ncb = (NameCallback) callback;
diff --git a/core/src/main/java/org/springframework/security/authentication/jaas/JaasPasswordCallbackHandler.java b/core/src/main/java/org/springframework/security/authentication/jaas/JaasPasswordCallbackHandler.java
index 5d3bb4e8aa..c558a6ea74 100644
--- a/core/src/main/java/org/springframework/security/authentication/jaas/JaasPasswordCallbackHandler.java
+++ b/core/src/main/java/org/springframework/security/authentication/jaas/JaasPasswordCallbackHandler.java
@@ -44,6 +44,7 @@ public class JaasPasswordCallbackHandler implements JaasAuthenticationCallbackHa
 	 * @param auth
 	 *
 	 */
+	@Override
 	public void handle(Callback callback, Authentication auth) {
 		if (callback instanceof PasswordCallback) {
 			PasswordCallback pc = (PasswordCallback) callback;
diff --git a/core/src/main/java/org/springframework/security/authentication/jaas/SecurityContextLoginModule.java b/core/src/main/java/org/springframework/security/authentication/jaas/SecurityContextLoginModule.java
index 4a629c4323..c74bfcd6c1 100644
--- a/core/src/main/java/org/springframework/security/authentication/jaas/SecurityContextLoginModule.java
+++ b/core/src/main/java/org/springframework/security/authentication/jaas/SecurityContextLoginModule.java
@@ -68,6 +68,7 @@ public class SecurityContextLoginModule implements LoginModule {
 	 * should be ignored.
 	 * @exception LoginException if the abort fails
 	 */
+	@Override
 	public boolean abort() {
 		if (this.authen == null) {
 			return false;
@@ -85,6 +86,7 @@ public class SecurityContextLoginModule implements LoginModule {
 	 * should be ignored.
 	 * @exception LoginException if the commit fails
 	 */
+	@Override
 	public boolean commit() {
 		if (this.authen == null) {
 			return false;
@@ -113,6 +115,7 @@ public class SecurityContextLoginModule implements LoginModule {
 	 * @param sharedState is ignored
 	 * @param options are ignored
 	 */
+	@Override
 	@SuppressWarnings("unchecked")
 	public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) {
 		this.subject = subject;
@@ -129,6 +132,7 @@ public class SecurityContextLoginModule implements LoginModule {
 	 * <code>LoginModule</code> should be ignored.
 	 * @throws LoginException if the authentication fails
 	 */
+	@Override
 	public boolean login() throws LoginException {
 		this.authen = SecurityContextHolder.getContext().getAuthentication();
 
@@ -154,6 +158,7 @@ public class SecurityContextLoginModule implements LoginModule {
 	 * should be ignored.
 	 * @exception LoginException if the logout fails
 	 */
+	@Override
 	public boolean logout() {
 		if (this.authen == null) {
 			return false;
diff --git a/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationManagerImpl.java b/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationManagerImpl.java
index d4a0bbe1a7..5bf95fad72 100644
--- a/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationManagerImpl.java
+++ b/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationManagerImpl.java
@@ -37,10 +37,12 @@ public class RemoteAuthenticationManagerImpl implements RemoteAuthenticationMana
 
 	private AuthenticationManager authenticationManager;
 
+	@Override
 	public void afterPropertiesSet() {
 		Assert.notNull(this.authenticationManager, "authenticationManager is required");
 	}
 
+	@Override
 	public Collection<? extends GrantedAuthority> attemptAuthentication(String username, String password)
 			throws RemoteAuthenticationException {
 		UsernamePasswordAuthenticationToken request = new UsernamePasswordAuthenticationToken(username, password);
diff --git a/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationProvider.java b/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationProvider.java
index f63e34517e..c7ea764196 100644
--- a/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationProvider.java
+++ b/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationProvider.java
@@ -54,10 +54,12 @@ public class RemoteAuthenticationProvider implements AuthenticationProvider, Ini
 
 	private RemoteAuthenticationManager remoteAuthenticationManager;
 
+	@Override
 	public void afterPropertiesSet() {
 		Assert.notNull(this.remoteAuthenticationManager, "remoteAuthenticationManager is mandatory");
 	}
 
+	@Override
 	public Authentication authenticate(Authentication authentication) throws AuthenticationException {
 		String username = authentication.getPrincipal().toString();
 		Object credentials = authentication.getCredentials();
@@ -76,6 +78,7 @@ public class RemoteAuthenticationProvider implements AuthenticationProvider, Ini
 		this.remoteAuthenticationManager = remoteAuthenticationManager;
 	}
 
+	@Override
 	public boolean supports(Class<?> authentication) {
 		return (UsernamePasswordAuthenticationToken.class.isAssignableFrom(authentication));
 	}
diff --git a/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextExecutor.java b/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextExecutor.java
index 967edc6281..fe70a8d289 100644
--- a/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextExecutor.java
+++ b/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextExecutor.java
@@ -56,6 +56,7 @@ public class DelegatingSecurityContextExecutor extends AbstractDelegatingSecurit
 		this(delegate, null);
 	}
 
+	@Override
 	public final void execute(Runnable task) {
 		task = wrap(task);
 		this.delegate.execute(task);
diff --git a/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextExecutorService.java b/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextExecutorService.java
index db4a0b3cee..68dbc2fd15 100644
--- a/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextExecutorService.java
+++ b/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextExecutorService.java
@@ -62,59 +62,71 @@ public class DelegatingSecurityContextExecutorService extends DelegatingSecurity
 		this(delegate, null);
 	}
 
+	@Override
 	public final void shutdown() {
 		getDelegate().shutdown();
 	}
 
+	@Override
 	public final List<Runnable> shutdownNow() {
 		return getDelegate().shutdownNow();
 	}
 
+	@Override
 	public final boolean isShutdown() {
 		return getDelegate().isShutdown();
 	}
 
+	@Override
 	public final boolean isTerminated() {
 		return getDelegate().isTerminated();
 	}
 
+	@Override
 	public final boolean awaitTermination(long timeout, TimeUnit unit) throws InterruptedException {
 		return getDelegate().awaitTermination(timeout, unit);
 	}
 
+	@Override
 	public final <T> Future<T> submit(Callable<T> task) {
 		task = wrap(task);
 		return getDelegate().submit(task);
 	}
 
+	@Override
 	public final <T> Future<T> submit(Runnable task, T result) {
 		task = wrap(task);
 		return getDelegate().submit(task, result);
 	}
 
+	@Override
 	public final Future<?> submit(Runnable task) {
 		task = wrap(task);
 		return getDelegate().submit(task);
 	}
 
+	@Override
 	@SuppressWarnings({ "rawtypes", "unchecked" })
 	public final List invokeAll(Collection tasks) throws InterruptedException {
 		tasks = createTasks(tasks);
 		return getDelegate().invokeAll(tasks);
 	}
 
+	@Override
 	@SuppressWarnings({ "rawtypes", "unchecked" })
 	public final List invokeAll(Collection tasks, long timeout, TimeUnit unit) throws InterruptedException {
 		tasks = createTasks(tasks);
 		return getDelegate().invokeAll(tasks, timeout, unit);
 	}
 
+	@Override
 	@SuppressWarnings({ "rawtypes", "unchecked" })
 	public final Object invokeAny(Collection tasks) throws InterruptedException, ExecutionException {
 		tasks = createTasks(tasks);
 		return getDelegate().invokeAny(tasks);
 	}
 
+	@Override
 	@SuppressWarnings({ "rawtypes", "unchecked" })
 	public final Object invokeAny(Collection tasks, long timeout, TimeUnit unit)
 			throws InterruptedException, ExecutionException, TimeoutException {
diff --git a/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextScheduledExecutorService.java b/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextScheduledExecutorService.java
index b88c4a3b1b..5c959b10b2 100644
--- a/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextScheduledExecutorService.java
+++ b/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextScheduledExecutorService.java
@@ -58,21 +58,25 @@ public final class DelegatingSecurityContextScheduledExecutorService extends Del
 		this(delegate, null);
 	}
 
+	@Override
 	public ScheduledFuture<?> schedule(Runnable command, long delay, TimeUnit unit) {
 		command = wrap(command);
 		return getDelegate().schedule(command, delay, unit);
 	}
 
+	@Override
 	public <V> ScheduledFuture<V> schedule(Callable<V> callable, long delay, TimeUnit unit) {
 		callable = wrap(callable);
 		return getDelegate().schedule(callable, delay, unit);
 	}
 
+	@Override
 	public ScheduledFuture<?> scheduleAtFixedRate(Runnable command, long initialDelay, long period, TimeUnit unit) {
 		command = wrap(command);
 		return getDelegate().scheduleAtFixedRate(command, initialDelay, period, unit);
 	}
 
+	@Override
 	public ScheduledFuture<?> scheduleWithFixedDelay(Runnable command, long initialDelay, long delay, TimeUnit unit) {
 		command = wrap(command);
 		return getDelegate().scheduleWithFixedDelay(command, initialDelay, delay, unit);
diff --git a/core/src/main/java/org/springframework/security/context/DelegatingApplicationListener.java b/core/src/main/java/org/springframework/security/context/DelegatingApplicationListener.java
index 89dd8982bd..61c4a84c99 100644
--- a/core/src/main/java/org/springframework/security/context/DelegatingApplicationListener.java
+++ b/core/src/main/java/org/springframework/security/context/DelegatingApplicationListener.java
@@ -34,6 +34,7 @@ public final class DelegatingApplicationListener implements ApplicationListener<
 
 	private List<SmartApplicationListener> listeners = new CopyOnWriteArrayList<>();
 
+	@Override
 	public void onApplicationEvent(ApplicationEvent event) {
 		if (event == null) {
 			return;
diff --git a/core/src/main/java/org/springframework/security/core/authority/mapping/MapBasedAttributes2GrantedAuthoritiesMapper.java b/core/src/main/java/org/springframework/security/core/authority/mapping/MapBasedAttributes2GrantedAuthoritiesMapper.java
index 1d02d0ad9c..10e39d5c65 100755
--- a/core/src/main/java/org/springframework/security/core/authority/mapping/MapBasedAttributes2GrantedAuthoritiesMapper.java
+++ b/core/src/main/java/org/springframework/security/core/authority/mapping/MapBasedAttributes2GrantedAuthoritiesMapper.java
@@ -47,6 +47,7 @@ public class MapBasedAttributes2GrantedAuthoritiesMapper
 
 	private Set<String> mappableAttributes = null;
 
+	@Override
 	public void afterPropertiesSet() {
 		Assert.notNull(this.attributes2grantedAuthoritiesMap, "attributes2grantedAuthoritiesMap must be set");
 	}
@@ -54,6 +55,7 @@ public class MapBasedAttributes2GrantedAuthoritiesMapper
 	/**
 	 * Map the given array of attributes to Spring Security GrantedAuthorities.
 	 */
+	@Override
 	public List<GrantedAuthority> getGrantedAuthorities(Collection<String> attributes) {
 		ArrayList<GrantedAuthority> gaList = new ArrayList<>();
 		for (String attribute : attributes) {
@@ -166,6 +168,7 @@ public class MapBasedAttributes2GrantedAuthoritiesMapper
 	 *
 	 * @see org.springframework.security.core.authority.mapping.MappableAttributesRetriever#getMappableAttributes()
 	 */
+	@Override
 	public Set<String> getMappableAttributes() {
 		return this.mappableAttributes;
 	}
diff --git a/core/src/main/java/org/springframework/security/core/authority/mapping/NullAuthoritiesMapper.java b/core/src/main/java/org/springframework/security/core/authority/mapping/NullAuthoritiesMapper.java
index fad572a925..a8ade37368 100644
--- a/core/src/main/java/org/springframework/security/core/authority/mapping/NullAuthoritiesMapper.java
+++ b/core/src/main/java/org/springframework/security/core/authority/mapping/NullAuthoritiesMapper.java
@@ -24,6 +24,7 @@ import org.springframework.security.core.GrantedAuthority;
  */
 public class NullAuthoritiesMapper implements GrantedAuthoritiesMapper {
 
+	@Override
 	public Collection<? extends GrantedAuthority> mapAuthorities(Collection<? extends GrantedAuthority> authorities) {
 		return authorities;
 	}
diff --git a/core/src/main/java/org/springframework/security/core/authority/mapping/SimpleAttributes2GrantedAuthoritiesMapper.java b/core/src/main/java/org/springframework/security/core/authority/mapping/SimpleAttributes2GrantedAuthoritiesMapper.java
index 41f9fe7fd7..86ef7dc033 100755
--- a/core/src/main/java/org/springframework/security/core/authority/mapping/SimpleAttributes2GrantedAuthoritiesMapper.java
+++ b/core/src/main/java/org/springframework/security/core/authority/mapping/SimpleAttributes2GrantedAuthoritiesMapper.java
@@ -51,6 +51,7 @@ public class SimpleAttributes2GrantedAuthoritiesMapper
 	/**
 	 * Check whether all properties have been set to correct values.
 	 */
+	@Override
 	public void afterPropertiesSet() {
 		Assert.isTrue(!(isConvertAttributeToUpperCase() && isConvertAttributeToLowerCase()),
 				"Either convertAttributeToUpperCase or convertAttributeToLowerCase can be set to true, but not both");
@@ -60,6 +61,7 @@ public class SimpleAttributes2GrantedAuthoritiesMapper
 	 * Map the given list of string attributes one-to-one to Spring Security
 	 * GrantedAuthorities.
 	 */
+	@Override
 	public List<GrantedAuthority> getGrantedAuthorities(Collection<String> attributes) {
 		List<GrantedAuthority> result = new ArrayList<>(attributes.size());
 		for (String attribute : attributes) {
diff --git a/core/src/main/java/org/springframework/security/core/authority/mapping/SimpleAuthorityMapper.java b/core/src/main/java/org/springframework/security/core/authority/mapping/SimpleAuthorityMapper.java
index 0a061772c3..16174a0991 100644
--- a/core/src/main/java/org/springframework/security/core/authority/mapping/SimpleAuthorityMapper.java
+++ b/core/src/main/java/org/springframework/security/core/authority/mapping/SimpleAuthorityMapper.java
@@ -42,6 +42,7 @@ public final class SimpleAuthorityMapper implements GrantedAuthoritiesMapper, In
 
 	private boolean convertToLowerCase = false;
 
+	@Override
 	public void afterPropertiesSet() {
 		Assert.isTrue(!(this.convertToUpperCase && this.convertToLowerCase),
 				"Either convertToUpperCase or convertToLowerCase can be set to true, but not both");
@@ -55,6 +56,7 @@ public final class SimpleAuthorityMapper implements GrantedAuthoritiesMapper, In
 	 * @param authorities the original authorities
 	 * @return the converted set of authorities
 	 */
+	@Override
 	public Set<GrantedAuthority> mapAuthorities(Collection<? extends GrantedAuthority> authorities) {
 		HashSet<GrantedAuthority> mapped = new HashSet<>(authorities.size());
 		for (GrantedAuthority authority : authorities) {
diff --git a/core/src/main/java/org/springframework/security/core/authority/mapping/SimpleMappableAttributesRetriever.java b/core/src/main/java/org/springframework/security/core/authority/mapping/SimpleMappableAttributesRetriever.java
index d66e484837..0244a701f5 100755
--- a/core/src/main/java/org/springframework/security/core/authority/mapping/SimpleMappableAttributesRetriever.java
+++ b/core/src/main/java/org/springframework/security/core/authority/mapping/SimpleMappableAttributesRetriever.java
@@ -37,6 +37,7 @@ public class SimpleMappableAttributesRetriever implements MappableAttributesRetr
 	 * org.springframework.security.core.authority.mapping.MappableAttributesRetriever
 	 * #getMappableAttributes()
 	 */
+	@Override
 	public Set<String> getMappableAttributes() {
 		return this.mappableAttributes;
 	}
diff --git a/core/src/main/java/org/springframework/security/core/context/GlobalSecurityContextHolderStrategy.java b/core/src/main/java/org/springframework/security/core/context/GlobalSecurityContextHolderStrategy.java
index 284fbdceb9..141c1d6354 100644
--- a/core/src/main/java/org/springframework/security/core/context/GlobalSecurityContextHolderStrategy.java
+++ b/core/src/main/java/org/springframework/security/core/context/GlobalSecurityContextHolderStrategy.java
@@ -31,10 +31,12 @@ final class GlobalSecurityContextHolderStrategy implements SecurityContextHolder
 
 	private static SecurityContext contextHolder;
 
+	@Override
 	public void clearContext() {
 		contextHolder = null;
 	}
 
+	@Override
 	public SecurityContext getContext() {
 		if (contextHolder == null) {
 			contextHolder = new SecurityContextImpl();
@@ -43,11 +45,13 @@ final class GlobalSecurityContextHolderStrategy implements SecurityContextHolder
 		return contextHolder;
 	}
 
+	@Override
 	public void setContext(SecurityContext context) {
 		Assert.notNull(context, "Only non-null SecurityContext instances are permitted");
 		contextHolder = context;
 	}
 
+	@Override
 	public SecurityContext createEmptyContext() {
 		return new SecurityContextImpl();
 	}
diff --git a/core/src/main/java/org/springframework/security/core/context/InheritableThreadLocalSecurityContextHolderStrategy.java b/core/src/main/java/org/springframework/security/core/context/InheritableThreadLocalSecurityContextHolderStrategy.java
index 620a5affcc..fac2ce9875 100644
--- a/core/src/main/java/org/springframework/security/core/context/InheritableThreadLocalSecurityContextHolderStrategy.java
+++ b/core/src/main/java/org/springframework/security/core/context/InheritableThreadLocalSecurityContextHolderStrategy.java
@@ -29,10 +29,12 @@ final class InheritableThreadLocalSecurityContextHolderStrategy implements Secur
 
 	private static final ThreadLocal<SecurityContext> contextHolder = new InheritableThreadLocal<>();
 
+	@Override
 	public void clearContext() {
 		contextHolder.remove();
 	}
 
+	@Override
 	public SecurityContext getContext() {
 		SecurityContext ctx = contextHolder.get();
 
@@ -44,11 +46,13 @@ final class InheritableThreadLocalSecurityContextHolderStrategy implements Secur
 		return ctx;
 	}
 
+	@Override
 	public void setContext(SecurityContext context) {
 		Assert.notNull(context, "Only non-null SecurityContext instances are permitted");
 		contextHolder.set(context);
 	}
 
+	@Override
 	public SecurityContext createEmptyContext() {
 		return new SecurityContextImpl();
 	}
diff --git a/core/src/main/java/org/springframework/security/core/context/ThreadLocalSecurityContextHolderStrategy.java b/core/src/main/java/org/springframework/security/core/context/ThreadLocalSecurityContextHolderStrategy.java
index fa930c7aa6..88506f1a18 100644
--- a/core/src/main/java/org/springframework/security/core/context/ThreadLocalSecurityContextHolderStrategy.java
+++ b/core/src/main/java/org/springframework/security/core/context/ThreadLocalSecurityContextHolderStrategy.java
@@ -30,10 +30,12 @@ final class ThreadLocalSecurityContextHolderStrategy implements SecurityContextH
 
 	private static final ThreadLocal<SecurityContext> contextHolder = new ThreadLocal<>();
 
+	@Override
 	public void clearContext() {
 		contextHolder.remove();
 	}
 
+	@Override
 	public SecurityContext getContext() {
 		SecurityContext ctx = contextHolder.get();
 
@@ -45,11 +47,13 @@ final class ThreadLocalSecurityContextHolderStrategy implements SecurityContextH
 		return ctx;
 	}
 
+	@Override
 	public void setContext(SecurityContext context) {
 		Assert.notNull(context, "Only non-null SecurityContext instances are permitted");
 		contextHolder.set(context);
 	}
 
+	@Override
 	public SecurityContext createEmptyContext() {
 		return new SecurityContextImpl();
 	}
diff --git a/core/src/main/java/org/springframework/security/core/token/KeyBasedPersistenceTokenService.java b/core/src/main/java/org/springframework/security/core/token/KeyBasedPersistenceTokenService.java
index f4a0effa70..fef00a0bc1 100644
--- a/core/src/main/java/org/springframework/security/core/token/KeyBasedPersistenceTokenService.java
+++ b/core/src/main/java/org/springframework/security/core/token/KeyBasedPersistenceTokenService.java
@@ -81,6 +81,7 @@ public class KeyBasedPersistenceTokenService implements TokenService, Initializi
 
 	private SecureRandom secureRandom;
 
+	@Override
 	public Token allocateToken(String extendedInformation) {
 		Assert.notNull(extendedInformation, "Must provided non-null extendedInformation (but it can be empty)");
 		long creationTime = new Date().getTime();
@@ -96,6 +97,7 @@ public class KeyBasedPersistenceTokenService implements TokenService, Initializi
 		return new DefaultToken(key, creationTime, extendedInformation);
 	}
 
+	@Override
 	public Token verifyToken(String key) {
 		if (key == null || "".equals(key)) {
 			return null;
@@ -172,6 +174,7 @@ public class KeyBasedPersistenceTokenService implements TokenService, Initializi
 		this.serverInteger = serverInteger;
 	}
 
+	@Override
 	public void afterPropertiesSet() {
 		Assert.hasText(this.serverSecret, "Server secret required");
 		Assert.notNull(this.serverInteger, "Server integer required");
diff --git a/core/src/main/java/org/springframework/security/core/token/SecureRandomFactoryBean.java b/core/src/main/java/org/springframework/security/core/token/SecureRandomFactoryBean.java
index bf2cbaee39..e7f415b421 100644
--- a/core/src/main/java/org/springframework/security/core/token/SecureRandomFactoryBean.java
+++ b/core/src/main/java/org/springframework/security/core/token/SecureRandomFactoryBean.java
@@ -35,6 +35,7 @@ public class SecureRandomFactoryBean implements FactoryBean<SecureRandom> {
 
 	private Resource seed;
 
+	@Override
 	public SecureRandom getObject() throws Exception {
 		SecureRandom rnd = SecureRandom.getInstance(this.algorithm);
 
@@ -51,10 +52,12 @@ public class SecureRandomFactoryBean implements FactoryBean<SecureRandom> {
 		return rnd;
 	}
 
+	@Override
 	public Class<SecureRandom> getObjectType() {
 		return SecureRandom.class;
 	}
 
+	@Override
 	public boolean isSingleton() {
 		return false;
 	}
diff --git a/core/src/main/java/org/springframework/security/core/userdetails/User.java b/core/src/main/java/org/springframework/security/core/userdetails/User.java
index 408cff8a7a..12bf83f72a 100644
--- a/core/src/main/java/org/springframework/security/core/userdetails/User.java
+++ b/core/src/main/java/org/springframework/security/core/userdetails/User.java
@@ -121,34 +121,42 @@ public class User implements UserDetails, CredentialsContainer {
 		this.authorities = Collections.unmodifiableSet(sortAuthorities(authorities));
 	}
 
+	@Override
 	public Collection<GrantedAuthority> getAuthorities() {
 		return this.authorities;
 	}
 
+	@Override
 	public String getPassword() {
 		return this.password;
 	}
 
+	@Override
 	public String getUsername() {
 		return this.username;
 	}
 
+	@Override
 	public boolean isEnabled() {
 		return this.enabled;
 	}
 
+	@Override
 	public boolean isAccountNonExpired() {
 		return this.accountNonExpired;
 	}
 
+	@Override
 	public boolean isAccountNonLocked() {
 		return this.accountNonLocked;
 	}
 
+	@Override
 	public boolean isCredentialsNonExpired() {
 		return this.credentialsNonExpired;
 	}
 
+	@Override
 	public void eraseCredentials() {
 		this.password = null;
 	}
@@ -171,6 +179,7 @@ public class User implements UserDetails, CredentialsContainer {
 
 		private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
 
+		@Override
 		public int compare(GrantedAuthority g1, GrantedAuthority g2) {
 			// Neither should ever be null as each entry is checked before adding it to
 			// the set.
diff --git a/core/src/main/java/org/springframework/security/core/userdetails/UserDetailsByNameServiceWrapper.java b/core/src/main/java/org/springframework/security/core/userdetails/UserDetailsByNameServiceWrapper.java
index 56ca5f49be..b0fce0bdda 100755
--- a/core/src/main/java/org/springframework/security/core/userdetails/UserDetailsByNameServiceWrapper.java
+++ b/core/src/main/java/org/springframework/security/core/userdetails/UserDetailsByNameServiceWrapper.java
@@ -57,6 +57,7 @@ public class UserDetailsByNameServiceWrapper<T extends Authentication>
 	 *
 	 * @see org.springframework.beans.factory.InitializingBean#afterPropertiesSet()
 	 */
+	@Override
 	public void afterPropertiesSet() {
 		Assert.notNull(this.userDetailsService, "UserDetailsService must be set");
 	}
@@ -64,6 +65,7 @@ public class UserDetailsByNameServiceWrapper<T extends Authentication>
 	/**
 	 * Get the UserDetails object from the wrapped UserDetailsService implementation
 	 */
+	@Override
 	public UserDetails loadUserDetails(T authentication) throws UsernameNotFoundException {
 		return this.userDetailsService.loadUserByUsername(authentication.getName());
 	}
diff --git a/core/src/main/java/org/springframework/security/core/userdetails/cache/EhCacheBasedUserCache.java b/core/src/main/java/org/springframework/security/core/userdetails/cache/EhCacheBasedUserCache.java
index e133cda228..b61e3a135e 100644
--- a/core/src/main/java/org/springframework/security/core/userdetails/cache/EhCacheBasedUserCache.java
+++ b/core/src/main/java/org/springframework/security/core/userdetails/cache/EhCacheBasedUserCache.java
@@ -38,6 +38,7 @@ public class EhCacheBasedUserCache implements UserCache, InitializingBean {
 
 	private Ehcache cache;
 
+	@Override
 	public void afterPropertiesSet() {
 		Assert.notNull(this.cache, "cache mandatory");
 	}
@@ -46,6 +47,7 @@ public class EhCacheBasedUserCache implements UserCache, InitializingBean {
 		return this.cache;
 	}
 
+	@Override
 	public UserDetails getUserFromCache(String username) {
 		Element element = this.cache.get(username);
 
@@ -61,6 +63,7 @@ public class EhCacheBasedUserCache implements UserCache, InitializingBean {
 		}
 	}
 
+	@Override
 	public void putUserInCache(UserDetails user) {
 		Element element = new Element(user.getUsername(), user);
 
@@ -79,6 +82,7 @@ public class EhCacheBasedUserCache implements UserCache, InitializingBean {
 		this.removeUserFromCache(user.getUsername());
 	}
 
+	@Override
 	public void removeUserFromCache(String username) {
 		this.cache.remove(username);
 	}
diff --git a/core/src/main/java/org/springframework/security/core/userdetails/cache/NullUserCache.java b/core/src/main/java/org/springframework/security/core/userdetails/cache/NullUserCache.java
index 5a8a0008d6..d831685bd1 100644
--- a/core/src/main/java/org/springframework/security/core/userdetails/cache/NullUserCache.java
+++ b/core/src/main/java/org/springframework/security/core/userdetails/cache/NullUserCache.java
@@ -26,13 +26,16 @@ import org.springframework.security.core.userdetails.UserDetails;
  */
 public class NullUserCache implements UserCache {
 
+	@Override
 	public UserDetails getUserFromCache(String username) {
 		return null;
 	}
 
+	@Override
 	public void putUserInCache(UserDetails user) {
 	}
 
+	@Override
 	public void removeUserFromCache(String username) {
 	}
 
diff --git a/core/src/main/java/org/springframework/security/core/userdetails/cache/SpringCacheBasedUserCache.java b/core/src/main/java/org/springframework/security/core/userdetails/cache/SpringCacheBasedUserCache.java
index 9cde0fb887..c5a4e23012 100644
--- a/core/src/main/java/org/springframework/security/core/userdetails/cache/SpringCacheBasedUserCache.java
+++ b/core/src/main/java/org/springframework/security/core/userdetails/cache/SpringCacheBasedUserCache.java
@@ -40,6 +40,7 @@ public class SpringCacheBasedUserCache implements UserCache {
 		this.cache = cache;
 	}
 
+	@Override
 	public UserDetails getUserFromCache(String username) {
 		Cache.ValueWrapper element = username != null ? this.cache.get(username) : null;
 
@@ -55,6 +56,7 @@ public class SpringCacheBasedUserCache implements UserCache {
 		}
 	}
 
+	@Override
 	public void putUserInCache(UserDetails user) {
 		if (logger.isDebugEnabled()) {
 			logger.debug("Cache put: " + user.getUsername());
@@ -70,6 +72,7 @@ public class SpringCacheBasedUserCache implements UserCache {
 		this.removeUserFromCache(user.getUsername());
 	}
 
+	@Override
 	public void removeUserFromCache(String username) {
 		this.cache.evict(username);
 	}
diff --git a/core/src/main/java/org/springframework/security/core/userdetails/memory/UserAttributeEditor.java b/core/src/main/java/org/springframework/security/core/userdetails/memory/UserAttributeEditor.java
index 64914495d5..163c502bbb 100644
--- a/core/src/main/java/org/springframework/security/core/userdetails/memory/UserAttributeEditor.java
+++ b/core/src/main/java/org/springframework/security/core/userdetails/memory/UserAttributeEditor.java
@@ -30,6 +30,7 @@ import org.springframework.util.StringUtils;
  */
 public class UserAttributeEditor extends PropertyEditorSupport {
 
+	@Override
 	public void setAsText(String s) throws IllegalArgumentException {
 		if (StringUtils.hasText(s)) {
 			String[] tokens = StringUtils.commaDelimitedListToStringArray(s);
diff --git a/core/src/main/java/org/springframework/security/provisioning/InMemoryUserDetailsManager.java b/core/src/main/java/org/springframework/security/provisioning/InMemoryUserDetailsManager.java
index 256155d9c5..5d07333377 100644
--- a/core/src/main/java/org/springframework/security/provisioning/InMemoryUserDetailsManager.java
+++ b/core/src/main/java/org/springframework/security/provisioning/InMemoryUserDetailsManager.java
@@ -84,26 +84,31 @@ public class InMemoryUserDetailsManager implements UserDetailsManager, UserDetai
 		}
 	}
 
+	@Override
 	public void createUser(UserDetails user) {
 		Assert.isTrue(!userExists(user.getUsername()), "user should not exist");
 
 		this.users.put(user.getUsername().toLowerCase(), new MutableUser(user));
 	}
 
+	@Override
 	public void deleteUser(String username) {
 		this.users.remove(username.toLowerCase());
 	}
 
+	@Override
 	public void updateUser(UserDetails user) {
 		Assert.isTrue(userExists(user.getUsername()), "user should exist");
 
 		this.users.put(user.getUsername().toLowerCase(), new MutableUser(user));
 	}
 
+	@Override
 	public boolean userExists(String username) {
 		return this.users.containsKey(username.toLowerCase());
 	}
 
+	@Override
 	public void changePassword(String oldPassword, String newPassword) {
 		Authentication currentUser = SecurityContextHolder.getContext().getAuthentication();
 
@@ -145,6 +150,7 @@ public class InMemoryUserDetailsManager implements UserDetailsManager, UserDetai
 		return mutableUser;
 	}
 
+	@Override
 	public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
 		UserDetails user = this.users.get(username.toLowerCase());
 
diff --git a/core/src/main/java/org/springframework/security/provisioning/JdbcUserDetailsManager.java b/core/src/main/java/org/springframework/security/provisioning/JdbcUserDetailsManager.java
index a0ff27fe75..d857344c56 100644
--- a/core/src/main/java/org/springframework/security/provisioning/JdbcUserDetailsManager.java
+++ b/core/src/main/java/org/springframework/security/provisioning/JdbcUserDetailsManager.java
@@ -156,6 +156,7 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
 		setDataSource(dataSource);
 	}
 
+	@Override
 	protected void initDao() throws ApplicationContextException {
 		if (this.authenticationManager == null) {
 			this.logger.info("No authentication manager set. Reauthentication of users when changing passwords will "
@@ -169,6 +170,7 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
 	 * Executes the SQL <tt>usersByUsernameQuery</tt> and returns a list of UserDetails
 	 * objects. There should normally only be one matching user.
 	 */
+	@Override
 	protected List<UserDetails> loadUsersByUsername(String username) {
 		return getJdbcTemplate().query(getUsersByUsernameQuery(), new String[] { username }, (rs, rowNum) -> {
 
@@ -191,6 +193,7 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
 		});
 	}
 
+	@Override
 	public void createUser(final UserDetails user) {
 		validateUserDetails(user);
 
@@ -213,6 +216,7 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
 		}
 	}
 
+	@Override
 	public void updateUser(final UserDetails user) {
 		validateUserDetails(user);
 
@@ -249,6 +253,7 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
 		}
 	}
 
+	@Override
 	public void deleteUser(String username) {
 		if (getEnableAuthorities()) {
 			deleteUserAuthorities(username);
@@ -261,6 +266,7 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
 		getJdbcTemplate().update(this.deleteUserAuthoritiesSql, username);
 	}
 
+	@Override
 	public void changePassword(String oldPassword, String newPassword) throws AuthenticationException {
 		Authentication currentUser = SecurityContextHolder.getContext().getAuthentication();
 
@@ -302,6 +308,7 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
 		return newAuthentication;
 	}
 
+	@Override
 	public boolean userExists(String username) {
 		List<String> users = getJdbcTemplate().queryForList(this.userExistsSql, new String[] { username },
 				String.class);
@@ -314,15 +321,18 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
 		return users.size() == 1;
 	}
 
+	@Override
 	public List<String> findAllGroups() {
 		return getJdbcTemplate().queryForList(this.findAllGroupsSql, String.class);
 	}
 
+	@Override
 	public List<String> findUsersInGroup(String groupName) {
 		Assert.hasText(groupName, "groupName should have text");
 		return getJdbcTemplate().queryForList(this.findUsersInGroupSql, new String[] { groupName }, String.class);
 	}
 
+	@Override
 	public void createGroup(final String groupName, final List<GrantedAuthority> authorities) {
 		Assert.hasText(groupName, "groupName should have text");
 		Assert.notNull(authorities, "authorities cannot be null");
@@ -343,6 +353,7 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
 		}
 	}
 
+	@Override
 	public void deleteGroup(String groupName) {
 		this.logger.debug("Deleting group '" + groupName + "'");
 		Assert.hasText(groupName, "groupName should have text");
@@ -354,6 +365,7 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
 		getJdbcTemplate().update(this.deleteGroupSql, groupIdPSS);
 	}
 
+	@Override
 	public void renameGroup(String oldName, String newName) {
 		this.logger.debug("Changing group name from '" + oldName + "' to '" + newName + "'");
 		Assert.hasText(oldName, "oldName should have text");
@@ -362,6 +374,7 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
 		getJdbcTemplate().update(this.renameGroupSql, newName, oldName);
 	}
 
+	@Override
 	public void addUserToGroup(final String username, final String groupName) {
 		this.logger.debug("Adding user '" + username + "' to group '" + groupName + "'");
 		Assert.hasText(username, "username should have text");
@@ -376,6 +389,7 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
 		this.userCache.removeUserFromCache(username);
 	}
 
+	@Override
 	public void removeUserFromGroup(final String username, final String groupName) {
 		this.logger.debug("Removing user '" + username + "' to group '" + groupName + "'");
 		Assert.hasText(username, "username should have text");
@@ -391,6 +405,7 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
 		this.userCache.removeUserFromCache(username);
 	}
 
+	@Override
 	public List<GrantedAuthority> findGroupAuthorities(String groupName) {
 		this.logger.debug("Loading authorities for group '" + groupName + "'");
 		Assert.hasText(groupName, "groupName should have text");
@@ -402,6 +417,7 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
 		});
 	}
 
+	@Override
 	public void removeGroupAuthority(String groupName, final GrantedAuthority authority) {
 		this.logger.debug("Removing authority '" + authority + "' from group '" + groupName + "'");
 		Assert.hasText(groupName, "groupName should have text");
@@ -415,6 +431,7 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
 		});
 	}
 
+	@Override
 	public void addGroupAuthority(final String groupName, final GrantedAuthority authority) {
 		this.logger.debug("Adding authority '" + authority + "' to group '" + groupName + "'");
 		Assert.hasText(groupName, "groupName should have text");
diff --git a/core/src/main/java/org/springframework/security/provisioning/MutableUser.java b/core/src/main/java/org/springframework/security/provisioning/MutableUser.java
index 09af62611b..ee6c5a5d31 100644
--- a/core/src/main/java/org/springframework/security/provisioning/MutableUser.java
+++ b/core/src/main/java/org/springframework/security/provisioning/MutableUser.java
@@ -38,34 +38,42 @@ class MutableUser implements MutableUserDetails {
 		this.password = user.getPassword();
 	}
 
+	@Override
 	public String getPassword() {
 		return this.password;
 	}
 
+	@Override
 	public void setPassword(String password) {
 		this.password = password;
 	}
 
+	@Override
 	public Collection<? extends GrantedAuthority> getAuthorities() {
 		return this.delegate.getAuthorities();
 	}
 
+	@Override
 	public String getUsername() {
 		return this.delegate.getUsername();
 	}
 
+	@Override
 	public boolean isAccountNonExpired() {
 		return this.delegate.isAccountNonExpired();
 	}
 
+	@Override
 	public boolean isAccountNonLocked() {
 		return this.delegate.isAccountNonLocked();
 	}
 
+	@Override
 	public boolean isCredentialsNonExpired() {
 		return this.delegate.isCredentialsNonExpired();
 	}
 
+	@Override
 	public boolean isEnabled() {
 		return this.delegate.isEnabled();
 	}
diff --git a/core/src/main/java/org/springframework/security/scheduling/DelegatingSecurityContextSchedulingTaskExecutor.java b/core/src/main/java/org/springframework/security/scheduling/DelegatingSecurityContextSchedulingTaskExecutor.java
index ef26041454..fc70156153 100644
--- a/core/src/main/java/org/springframework/security/scheduling/DelegatingSecurityContextSchedulingTaskExecutor.java
+++ b/core/src/main/java/org/springframework/security/scheduling/DelegatingSecurityContextSchedulingTaskExecutor.java
@@ -59,6 +59,7 @@ public class DelegatingSecurityContextSchedulingTaskExecutor extends DelegatingS
 		this(delegateAsyncTaskExecutor, null);
 	}
 
+	@Override
 	public boolean prefersShortLivedTasks() {
 		return getDelegate().prefersShortLivedTasks();
 	}
diff --git a/core/src/main/java/org/springframework/security/task/DelegatingSecurityContextAsyncTaskExecutor.java b/core/src/main/java/org/springframework/security/task/DelegatingSecurityContextAsyncTaskExecutor.java
index 6bdcc89ee1..5f5bdba420 100644
--- a/core/src/main/java/org/springframework/security/task/DelegatingSecurityContextAsyncTaskExecutor.java
+++ b/core/src/main/java/org/springframework/security/task/DelegatingSecurityContextAsyncTaskExecutor.java
@@ -58,16 +58,19 @@ public class DelegatingSecurityContextAsyncTaskExecutor extends DelegatingSecuri
 		this(delegateAsyncTaskExecutor, null);
 	}
 
+	@Override
 	public final void execute(Runnable task, long startTimeout) {
 		task = wrap(task);
 		getDelegate().execute(task, startTimeout);
 	}
 
+	@Override
 	public final Future<?> submit(Runnable task) {
 		task = wrap(task);
 		return getDelegate().submit(task);
 	}
 
+	@Override
 	public final <T> Future<T> submit(Callable<T> task) {
 		task = wrap(task);
 		return getDelegate().submit(task);
diff --git a/core/src/main/java/org/springframework/security/util/SimpleMethodInvocation.java b/core/src/main/java/org/springframework/security/util/SimpleMethodInvocation.java
index 8f7bf0d803..5a890f4dd9 100644
--- a/core/src/main/java/org/springframework/security/util/SimpleMethodInvocation.java
+++ b/core/src/main/java/org/springframework/security/util/SimpleMethodInvocation.java
@@ -43,22 +43,27 @@ public class SimpleMethodInvocation implements MethodInvocation {
 	public SimpleMethodInvocation() {
 	}
 
+	@Override
 	public Object[] getArguments() {
 		return this.arguments;
 	}
 
+	@Override
 	public Method getMethod() {
 		return this.method;
 	}
 
+	@Override
 	public AccessibleObject getStaticPart() {
 		throw new UnsupportedOperationException("mock method not implemented");
 	}
 
+	@Override
 	public Object getThis() {
 		return this.targetObject;
 	}
 
+	@Override
 	public Object proceed() {
 		throw new UnsupportedOperationException("mock method not implemented");
 	}
diff --git a/core/src/test/java/org/springframework/security/OtherTargetObject.java b/core/src/test/java/org/springframework/security/OtherTargetObject.java
index f0bf745f41..d57d1f41f4 100644
--- a/core/src/test/java/org/springframework/security/OtherTargetObject.java
+++ b/core/src/test/java/org/springframework/security/OtherTargetObject.java
@@ -35,14 +35,17 @@ package org.springframework.security;
  */
 public class OtherTargetObject extends TargetObject implements ITargetObject {
 
+	@Override
 	public String makeLowerCase(String input) {
 		return super.makeLowerCase(input);
 	}
 
+	@Override
 	public String makeUpperCase(String input) {
 		return super.makeUpperCase(input);
 	}
 
+	@Override
 	public String publicMakeLowerCase(String input) {
 		return super.publicMakeLowerCase(input);
 	}
diff --git a/core/src/test/java/org/springframework/security/TargetObject.java b/core/src/test/java/org/springframework/security/TargetObject.java
index abc72f8849..5f98437350 100644
--- a/core/src/test/java/org/springframework/security/TargetObject.java
+++ b/core/src/test/java/org/springframework/security/TargetObject.java
@@ -26,10 +26,12 @@ import org.springframework.security.core.context.SecurityContextHolder;
  */
 public class TargetObject implements ITargetObject {
 
+	@Override
 	public Integer computeHashCode(String input) {
 		return input.hashCode();
 	}
 
+	@Override
 	public int countLength(String input) {
 		return input.length();
 	}
@@ -42,6 +44,7 @@ public class TargetObject implements ITargetObject {
 	 * boolean indicating if the <code>Authentication</code> object is authenticated or
 	 * not
 	 */
+	@Override
 	public String makeLowerCase(String input) {
 		Authentication auth = SecurityContextHolder.getContext().getAuthentication();
 
@@ -61,6 +64,7 @@ public class TargetObject implements ITargetObject {
 	 * boolean indicating if the <code>Authentication</code> object is authenticated or
 	 * not
 	 */
+	@Override
 	public String makeUpperCase(String input) {
 		Authentication auth = SecurityContextHolder.getContext().getAuthentication();
 
@@ -71,6 +75,7 @@ public class TargetObject implements ITargetObject {
 	 * Delegates through to the {@link #makeLowerCase(String)} method.
 	 * @param input the message to be made lower-case
 	 */
+	@Override
 	public String publicMakeLowerCase(String input) {
 		return this.makeLowerCase(input);
 	}
diff --git a/core/src/test/java/org/springframework/security/TestDataSource.java b/core/src/test/java/org/springframework/security/TestDataSource.java
index 9d79516ce1..24c7a5f5cc 100644
--- a/core/src/test/java/org/springframework/security/TestDataSource.java
+++ b/core/src/test/java/org/springframework/security/TestDataSource.java
@@ -38,6 +38,7 @@ public class TestDataSource extends DriverManagerDataSource implements Disposabl
 		setPassword("");
 	}
 
+	@Override
 	public void destroy() {
 		System.out.println("Shutting down database: " + this.name);
 		new JdbcTemplate(this).execute("SHUTDOWN");
diff --git a/core/src/test/java/org/springframework/security/access/SecurityConfigTests.java b/core/src/test/java/org/springframework/security/access/SecurityConfigTests.java
index d269af80f1..40c2165865 100644
--- a/core/src/test/java/org/springframework/security/access/SecurityConfigTests.java
+++ b/core/src/test/java/org/springframework/security/access/SecurityConfigTests.java
@@ -88,6 +88,7 @@ public class SecurityConfigTests {
 			this.attribute = configuration;
 		}
 
+		@Override
 		public String getAttribute() {
 			return this.attribute;
 		}
diff --git a/core/src/test/java/org/springframework/security/access/annotation/BusinessServiceImpl.java b/core/src/test/java/org/springframework/security/access/annotation/BusinessServiceImpl.java
index 049e74ab3e..482abd97ea 100644
--- a/core/src/test/java/org/springframework/security/access/annotation/BusinessServiceImpl.java
+++ b/core/src/test/java/org/springframework/security/access/annotation/BusinessServiceImpl.java
@@ -23,18 +23,22 @@ import java.util.List;
  */
 public class BusinessServiceImpl<E extends Entity> implements BusinessService {
 
+	@Override
 	@Secured({ "ROLE_USER" })
 	public void someUserMethod1() {
 	}
 
+	@Override
 	@Secured({ "ROLE_USER" })
 	public void someUserMethod2() {
 	}
 
+	@Override
 	@Secured({ "ROLE_USER", "ROLE_ADMIN" })
 	public void someUserAndAdminMethod() {
 	}
 
+	@Override
 	@Secured({ "ROLE_ADMIN" })
 	public void someAdminMethod() {
 	}
@@ -43,26 +47,32 @@ public class BusinessServiceImpl<E extends Entity> implements BusinessService {
 		return entity;
 	}
 
+	@Override
 	public int someOther(String s) {
 		return 0;
 	}
 
+	@Override
 	public int someOther(int input) {
 		return input;
 	}
 
+	@Override
 	public List<?> methodReturningAList(List<?> someList) {
 		return someList;
 	}
 
+	@Override
 	public List<Object> methodReturningAList(String userName, String arg2) {
 		return new ArrayList<>();
 	}
 
+	@Override
 	public Object[] methodReturningAnArray(Object[] someArray) {
 		return null;
 	}
 
+	@Override
 	public void rolesAllowedUser() {
 
 	}
diff --git a/core/src/test/java/org/springframework/security/access/annotation/ExpressionProtectedBusinessServiceImpl.java b/core/src/test/java/org/springframework/security/access/annotation/ExpressionProtectedBusinessServiceImpl.java
index aa786b5f63..4e1289a585 100644
--- a/core/src/test/java/org/springframework/security/access/annotation/ExpressionProtectedBusinessServiceImpl.java
+++ b/core/src/test/java/org/springframework/security/access/annotation/ExpressionProtectedBusinessServiceImpl.java
@@ -24,36 +24,45 @@ import org.springframework.security.access.prepost.PreFilter;
 
 public class ExpressionProtectedBusinessServiceImpl implements BusinessService {
 
+	@Override
 	public void someAdminMethod() {
 	}
 
+	@Override
 	public int someOther(String s) {
 		return 0;
 	}
 
+	@Override
 	public int someOther(int input) {
 		return 0;
 	}
 
+	@Override
 	public void someUserAndAdminMethod() {
 	}
 
+	@Override
 	public void someUserMethod1() {
 	}
 
+	@Override
 	public void someUserMethod2() {
 	}
 
+	@Override
 	@PreFilter(filterTarget = "someList", value = "filterObject == authentication.name or filterObject == 'sam'")
 	@PostFilter("filterObject == 'bob'")
 	public List<?> methodReturningAList(List<?> someList) {
 		return someList;
 	}
 
+	@Override
 	public List<Object> methodReturningAList(String userName, String arg2) {
 		return new ArrayList<>();
 	}
 
+	@Override
 	@PostFilter("filterObject == 'bob'")
 	public Object[] methodReturningAnArray(Object[] someArray) {
 		return someArray;
@@ -64,6 +73,7 @@ public class ExpressionProtectedBusinessServiceImpl implements BusinessService {
 
 	}
 
+	@Override
 	public void rolesAllowedUser() {
 
 	}
diff --git a/core/src/test/java/org/springframework/security/access/annotation/Jsr250BusinessServiceImpl.java b/core/src/test/java/org/springframework/security/access/annotation/Jsr250BusinessServiceImpl.java
index 9033802b0d..8d2500836d 100644
--- a/core/src/test/java/org/springframework/security/access/annotation/Jsr250BusinessServiceImpl.java
+++ b/core/src/test/java/org/springframework/security/access/annotation/Jsr250BusinessServiceImpl.java
@@ -27,42 +27,52 @@ import javax.annotation.security.RolesAllowed;
 @PermitAll
 public class Jsr250BusinessServiceImpl implements BusinessService {
 
+	@Override
 	@RolesAllowed("ROLE_USER")
 	public void someUserMethod1() {
 	}
 
+	@Override
 	@RolesAllowed("ROLE_USER")
 	public void someUserMethod2() {
 	}
 
+	@Override
 	@RolesAllowed({ "ROLE_USER", "ROLE_ADMIN" })
 	public void someUserAndAdminMethod() {
 	}
 
+	@Override
 	@RolesAllowed("ROLE_ADMIN")
 	public void someAdminMethod() {
 	}
 
+	@Override
 	public int someOther(String input) {
 		return 0;
 	}
 
+	@Override
 	public int someOther(int input) {
 		return input;
 	}
 
+	@Override
 	public List<?> methodReturningAList(List<?> someList) {
 		return someList;
 	}
 
+	@Override
 	public List<?> methodReturningAList(String userName, String arg2) {
 		return new ArrayList<>();
 	}
 
+	@Override
 	public Object[] methodReturningAnArray(Object[] someArray) {
 		return null;
 	}
 
+	@Override
 	@RolesAllowed({ "USER" })
 	public void rolesAllowedUser() {
 
diff --git a/core/src/test/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSourceTests.java b/core/src/test/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSourceTests.java
index 4feb54a5ed..e072ee4b4c 100644
--- a/core/src/test/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSourceTests.java
+++ b/core/src/test/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSourceTests.java
@@ -245,6 +245,7 @@ public class Jsr250MethodSecurityMetadataSourceTests {
 
 	static class Parent implements IParent {
 
+		@Override
 		public void interfaceMethod() {
 		}
 
diff --git a/core/src/test/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSourceTests.java b/core/src/test/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSourceTests.java
index 6f306a7cd3..842aa93485 100644
--- a/core/src/test/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSourceTests.java
+++ b/core/src/test/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSourceTests.java
@@ -214,6 +214,7 @@ public class SecuredAnnotationSecurityMetadataSourceTests {
 	@SuppressWarnings("serial")
 	class DepartmentServiceImpl extends BusinessServiceImpl<Department> implements DepartmentService {
 
+		@Override
 		@Secured({ "ROLE_ADMIN" })
 		public Department someUserMethod3(final Department dept) {
 			return super.someUserMethod3(dept);
@@ -236,10 +237,12 @@ public class SecuredAnnotationSecurityMetadataSourceTests {
 
 		ADMIN, USER;
 
+		@Override
 		public String getAttribute() {
 			return toString();
 		}
 
+		@Override
 		public String getAuthority() {
 			return toString();
 		}
@@ -256,6 +259,7 @@ public class SecuredAnnotationSecurityMetadataSourceTests {
 
 	class CustomSecurityAnnotationMetadataExtractor implements AnnotationMetadataExtractor<CustomSecurityAnnotation> {
 
+		@Override
 		public Collection<? extends ConfigAttribute> extractAttributes(CustomSecurityAnnotation securityAnnotation) {
 			SecurityEnum[] values = securityAnnotation.value();
 
@@ -288,6 +292,7 @@ public class SecuredAnnotationSecurityMetadataSourceTests {
 	@AnnotatedAnnotation
 	public static class AnnotatedAnnotationAtClassLevel implements ReturnVoid {
 
+		@Override
 		public void doSomething(List<?> param) {
 		}
 
@@ -295,6 +300,7 @@ public class SecuredAnnotationSecurityMetadataSourceTests {
 
 	public static class AnnotatedAnnotationAtInterfaceLevel implements ReturnVoid2 {
 
+		@Override
 		public void doSomething(List<?> param) {
 		}
 
@@ -302,6 +308,7 @@ public class SecuredAnnotationSecurityMetadataSourceTests {
 
 	public static class AnnotatedAnnotationAtMethodLevel implements ReturnVoid {
 
+		@Override
 		@AnnotatedAnnotation
 		public void doSomething(List<?> param) {
 		}
diff --git a/core/src/test/java/org/springframework/security/access/expression/method/MethodExpressionVoterTests.java b/core/src/test/java/org/springframework/security/access/expression/method/MethodExpressionVoterTests.java
index 79fb22a272..ea735d6a5d 100644
--- a/core/src/test/java/org/springframework/security/access/expression/method/MethodExpressionVoterTests.java
+++ b/core/src/test/java/org/springframework/security/access/expression/method/MethodExpressionVoterTests.java
@@ -159,12 +159,15 @@ public class MethodExpressionVoterTests {
 
 	private static class TargetImpl implements Target {
 
+		@Override
 		public void methodTakingAnArray(Object[] args) {
 		}
 
+		@Override
 		public void methodTakingAString(String argument) {
 		};
 
+		@Override
 		public Collection methodTakingACollection(Collection collection) {
 			return collection;
 		}
diff --git a/core/src/test/java/org/springframework/security/access/expression/method/PrePostAnnotationSecurityMetadataSourceTests.java b/core/src/test/java/org/springframework/security/access/expression/method/PrePostAnnotationSecurityMetadataSourceTests.java
index 2b6deae285..bf5d8b3375 100644
--- a/core/src/test/java/org/springframework/security/access/expression/method/PrePostAnnotationSecurityMetadataSourceTests.java
+++ b/core/src/test/java/org/springframework/security/access/expression/method/PrePostAnnotationSecurityMetadataSourceTests.java
@@ -216,6 +216,7 @@ public class PrePostAnnotationSecurityMetadataSourceTests {
 	@PreAuthorize("someExpression")
 	public static class ReturnVoidImpl1 implements ReturnVoid {
 
+		@Override
 		public void doSomething(List<?> param) {
 		}
 
@@ -224,6 +225,7 @@ public class PrePostAnnotationSecurityMetadataSourceTests {
 	@PreAuthorize("someExpression")
 	public static class ReturnVoidImpl2 implements ReturnVoid {
 
+		@Override
 		@PreFilter(filterTarget = "param", value = "somePreFilterExpression")
 		public void doSomething(List<?> param) {
 		}
@@ -232,6 +234,7 @@ public class PrePostAnnotationSecurityMetadataSourceTests {
 
 	public static class ReturnVoidImpl3 implements ReturnVoid {
 
+		@Override
 		@PreFilter(filterTarget = "param", value = "somePreFilterExpression")
 		public void doSomething(List<?> param) {
 		}
@@ -240,6 +243,7 @@ public class PrePostAnnotationSecurityMetadataSourceTests {
 
 	public static class ReturnAListImpl1 implements ReturnAList {
 
+		@Override
 		@PostFilter("somePostFilterExpression")
 		public List<?> doSomething(List<?> param) {
 			return param;
@@ -249,6 +253,7 @@ public class PrePostAnnotationSecurityMetadataSourceTests {
 
 	public static class ReturnAListImpl2 implements ReturnAList {
 
+		@Override
 		@PreAuthorize("someExpression")
 		@PreFilter(filterTarget = "param", value = "somePreFilterExpression")
 		@PostFilter("somePostFilterExpression")
@@ -261,6 +266,7 @@ public class PrePostAnnotationSecurityMetadataSourceTests {
 
 	public static class ReturnAnotherListImpl1 implements ReturnAnotherList {
 
+		@Override
 		public List<?> doSomething(List<?> param) {
 			return param;
 		}
@@ -269,6 +275,7 @@ public class PrePostAnnotationSecurityMetadataSourceTests {
 
 	public static class ReturnAnotherListImpl2 implements ReturnAnotherList {
 
+		@Override
 		@PreFilter(filterTarget = "param", value = "classMethodPreFilterExpression")
 		public List<?> doSomething(List<?> param) {
 			return param;
@@ -294,6 +301,7 @@ public class PrePostAnnotationSecurityMetadataSourceTests {
 	@CustomAnnotation
 	public static class CustomAnnotationAtClassLevel implements ReturnVoid {
 
+		@Override
 		public void doSomething(List<?> param) {
 		}
 
@@ -301,6 +309,7 @@ public class PrePostAnnotationSecurityMetadataSourceTests {
 
 	public static class CustomAnnotationAtInterfaceLevel implements ReturnVoid2 {
 
+		@Override
 		public void doSomething(List<?> param) {
 		}
 
@@ -308,6 +317,7 @@ public class PrePostAnnotationSecurityMetadataSourceTests {
 
 	public static class CustomAnnotationAtMethodLevel implements ReturnVoid {
 
+		@Override
 		@CustomAnnotation
 		public void doSomething(List<?> param) {
 		}
diff --git a/core/src/test/java/org/springframework/security/access/intercept/AbstractSecurityInterceptorTests.java b/core/src/test/java/org/springframework/security/access/intercept/AbstractSecurityInterceptorTests.java
index 0f97da499c..de5f8cd1d3 100644
--- a/core/src/test/java/org/springframework/security/access/intercept/AbstractSecurityInterceptorTests.java
+++ b/core/src/test/java/org/springframework/security/access/intercept/AbstractSecurityInterceptorTests.java
@@ -60,10 +60,12 @@ public class AbstractSecurityInterceptorTests {
 
 		private SecurityMetadataSource securityMetadataSource;
 
+		@Override
 		public Class<?> getSecureObjectClass() {
 			return null;
 		}
 
+		@Override
 		public SecurityMetadataSource obtainSecurityMetadataSource() {
 			return this.securityMetadataSource;
 		}
@@ -78,10 +80,12 @@ public class AbstractSecurityInterceptorTests {
 
 		private SecurityMetadataSource securityMetadataSource;
 
+		@Override
 		public Class<?> getSecureObjectClass() {
 			return String.class;
 		}
 
+		@Override
 		public SecurityMetadataSource obtainSecurityMetadataSource() {
 			return this.securityMetadataSource;
 		}
diff --git a/core/src/test/java/org/springframework/security/access/intercept/AfterInvocationProviderManagerTests.java b/core/src/test/java/org/springframework/security/access/intercept/AfterInvocationProviderManagerTests.java
index 95c72aee73..6244ad3a4f 100644
--- a/core/src/test/java/org/springframework/security/access/intercept/AfterInvocationProviderManagerTests.java
+++ b/core/src/test/java/org/springframework/security/access/intercept/AfterInvocationProviderManagerTests.java
@@ -165,6 +165,7 @@ public class AfterInvocationProviderManagerTests {
 			this.configAttribute = configAttribute;
 		}
 
+		@Override
 		public Object decide(Authentication authentication, Object object, Collection<ConfigAttribute> config,
 				Object returnedObject) throws AccessDeniedException {
 			if (config.contains(this.configAttribute)) {
@@ -174,10 +175,12 @@ public class AfterInvocationProviderManagerTests {
 			return returnedObject;
 		}
 
+		@Override
 		public boolean supports(Class<?> clazz) {
 			return this.secureObject.isAssignableFrom(clazz);
 		}
 
+		@Override
 		public boolean supports(ConfigAttribute attribute) {
 			return attribute.equals(this.configAttribute);
 		}
diff --git a/core/src/test/java/org/springframework/security/access/intercept/method/MockMethodInvocation.java b/core/src/test/java/org/springframework/security/access/intercept/method/MockMethodInvocation.java
index 75b6009ba3..9fec6e3e8e 100644
--- a/core/src/test/java/org/springframework/security/access/intercept/method/MockMethodInvocation.java
+++ b/core/src/test/java/org/springframework/security/access/intercept/method/MockMethodInvocation.java
@@ -41,22 +41,27 @@ public class MockMethodInvocation implements MethodInvocation {
 		this.targetObject = targetObject;
 	}
 
+	@Override
 	public Object[] getArguments() {
 		return this.arguments;
 	}
 
+	@Override
 	public Method getMethod() {
 		return this.method;
 	}
 
+	@Override
 	public AccessibleObject getStaticPart() {
 		return null;
 	}
 
+	@Override
 	public Object getThis() {
 		return this.targetObject;
 	}
 
+	@Override
 	public Object proceed() {
 		return null;
 	}
diff --git a/core/src/test/java/org/springframework/security/access/vote/AbstractAccessDecisionManagerTests.java b/core/src/test/java/org/springframework/security/access/vote/AbstractAccessDecisionManagerTests.java
index 8445d85607..46e5985dab 100644
--- a/core/src/test/java/org/springframework/security/access/vote/AbstractAccessDecisionManagerTests.java
+++ b/core/src/test/java/org/springframework/security/access/vote/AbstractAccessDecisionManagerTests.java
@@ -136,6 +136,7 @@ public class AbstractAccessDecisionManagerTests {
 			super(decisionVoters);
 		}
 
+		@Override
 		public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes) {
 		}
 
@@ -143,14 +144,17 @@ public class AbstractAccessDecisionManagerTests {
 
 	private class MockStringOnlyVoter implements AccessDecisionVoter<Object> {
 
+		@Override
 		public boolean supports(Class<?> clazz) {
 			return String.class.isAssignableFrom(clazz);
 		}
 
+		@Override
 		public boolean supports(ConfigAttribute attribute) {
 			throw new UnsupportedOperationException("mock method not implemented");
 		}
 
+		@Override
 		public int vote(Authentication authentication, Object object, Collection<ConfigAttribute> attributes) {
 			throw new UnsupportedOperationException("mock method not implemented");
 		}
diff --git a/core/src/test/java/org/springframework/security/access/vote/AbstractAclVoterTests.java b/core/src/test/java/org/springframework/security/access/vote/AbstractAclVoterTests.java
index 036cf30154..f754ef6e0e 100644
--- a/core/src/test/java/org/springframework/security/access/vote/AbstractAclVoterTests.java
+++ b/core/src/test/java/org/springframework/security/access/vote/AbstractAclVoterTests.java
@@ -33,10 +33,12 @@ import static org.assertj.core.api.Assertions.assertThat;
 public class AbstractAclVoterTests {
 
 	private AbstractAclVoter voter = new AbstractAclVoter() {
+		@Override
 		public boolean supports(ConfigAttribute attribute) {
 			return false;
 		}
 
+		@Override
 		public int vote(Authentication authentication, MethodInvocation object,
 				Collection<ConfigAttribute> attributes) {
 			return 0;
diff --git a/core/src/test/java/org/springframework/security/access/vote/DenyAgainVoter.java b/core/src/test/java/org/springframework/security/access/vote/DenyAgainVoter.java
index 9fb9183aa4..758e3059a7 100644
--- a/core/src/test/java/org/springframework/security/access/vote/DenyAgainVoter.java
+++ b/core/src/test/java/org/springframework/security/access/vote/DenyAgainVoter.java
@@ -35,6 +35,7 @@ import org.springframework.security.core.Authentication;
  */
 public class DenyAgainVoter implements AccessDecisionVoter<Object> {
 
+	@Override
 	public boolean supports(ConfigAttribute attribute) {
 		if ("DENY_AGAIN_FOR_SURE".equals(attribute.getAttribute())) {
 			return true;
@@ -44,10 +45,12 @@ public class DenyAgainVoter implements AccessDecisionVoter<Object> {
 		}
 	}
 
+	@Override
 	public boolean supports(Class<?> clazz) {
 		return true;
 	}
 
+	@Override
 	public int vote(Authentication authentication, Object object, Collection<ConfigAttribute> attributes) {
 		Iterator<ConfigAttribute> iter = attributes.iterator();
 
diff --git a/core/src/test/java/org/springframework/security/access/vote/DenyVoter.java b/core/src/test/java/org/springframework/security/access/vote/DenyVoter.java
index d080e4fd70..13bbada456 100644
--- a/core/src/test/java/org/springframework/security/access/vote/DenyVoter.java
+++ b/core/src/test/java/org/springframework/security/access/vote/DenyVoter.java
@@ -37,6 +37,7 @@ import org.springframework.security.core.Authentication;
  */
 public class DenyVoter implements AccessDecisionVoter<Object> {
 
+	@Override
 	public boolean supports(ConfigAttribute attribute) {
 		if ("DENY_FOR_SURE".equals(attribute.getAttribute())) {
 			return true;
@@ -46,10 +47,12 @@ public class DenyVoter implements AccessDecisionVoter<Object> {
 		}
 	}
 
+	@Override
 	public boolean supports(Class<?> clazz) {
 		return true;
 	}
 
+	@Override
 	public int vote(Authentication authentication, Object object, Collection<ConfigAttribute> attributes) {
 		Iterator<ConfigAttribute> iter = attributes.iterator();
 
diff --git a/core/src/test/java/org/springframework/security/access/vote/RoleHierarchyVoterTests.java b/core/src/test/java/org/springframework/security/access/vote/RoleHierarchyVoterTests.java
index 633b92bdbd..63aae83cd1 100644
--- a/core/src/test/java/org/springframework/security/access/vote/RoleHierarchyVoterTests.java
+++ b/core/src/test/java/org/springframework/security/access/vote/RoleHierarchyVoterTests.java
@@ -17,6 +17,7 @@ package org.springframework.security.access.vote;
 
 import org.junit.Test;
 
+import org.springframework.security.access.AccessDecisionVoter;
 import org.springframework.security.access.SecurityConfig;
 import org.springframework.security.access.hierarchicalroles.RoleHierarchyImpl;
 import org.springframework.security.authentication.TestingAuthenticationToken;
@@ -35,7 +36,7 @@ public class RoleHierarchyVoterTests {
 		RoleHierarchyVoter voter = new RoleHierarchyVoter(roleHierarchyImpl);
 
 		assertThat(voter.vote(auth, new Object(), SecurityConfig.createList("ROLE_B")))
-				.isEqualTo(RoleHierarchyVoter.ACCESS_GRANTED);
+				.isEqualTo(AccessDecisionVoter.ACCESS_GRANTED);
 	}
 
 }
diff --git a/core/src/test/java/org/springframework/security/authentication/AbstractAuthenticationTokenTests.java b/core/src/test/java/org/springframework/security/authentication/AbstractAuthenticationTokenTests.java
index e4f324e122..a880b06f0f 100644
--- a/core/src/test/java/org/springframework/security/authentication/AbstractAuthenticationTokenTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/AbstractAuthenticationTokenTests.java
@@ -147,10 +147,12 @@ public class AbstractAuthenticationTokenTests {
 			this.credentials = credentials;
 		}
 
+		@Override
 		public Object getCredentials() {
 			return this.credentials;
 		}
 
+		@Override
 		public Object getPrincipal() {
 			return this.principal;
 		}
diff --git a/core/src/test/java/org/springframework/security/authentication/ProviderManagerTests.java b/core/src/test/java/org/springframework/security/authentication/ProviderManagerTests.java
index b5e3371a65..da36c6221d 100644
--- a/core/src/test/java/org/springframework/security/authentication/ProviderManagerTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/ProviderManagerTests.java
@@ -48,10 +48,12 @@ public class ProviderManagerTests {
 	@Test(expected = ProviderNotFoundException.class)
 	public void authenticationFailsWithUnsupportedToken() {
 		Authentication token = new AbstractAuthenticationToken(null) {
+			@Override
 			public Object getCredentials() {
 				return "";
 			}
 
+			@Override
 			public Object getPrincipal() {
 				return "";
 			}
@@ -131,11 +133,13 @@ public class ProviderManagerTests {
 
 		// A provider which sets the details object
 		AuthenticationProvider provider = new AuthenticationProvider() {
+			@Override
 			public Authentication authenticate(Authentication authentication) throws AuthenticationException {
 				((TestingAuthenticationToken) authentication).setDetails(resultDetails);
 				return authentication;
 			}
 
+			@Override
 			public boolean supports(Class<?> authentication) {
 				return true;
 			}
@@ -360,6 +364,7 @@ public class ProviderManagerTests {
 
 	private static class MockProvider implements AuthenticationProvider {
 
+		@Override
 		public Authentication authenticate(Authentication authentication) throws AuthenticationException {
 			if (supports(authentication.getClass())) {
 				return authentication;
@@ -369,6 +374,7 @@ public class ProviderManagerTests {
 			}
 		}
 
+		@Override
 		public boolean supports(Class<?> authentication) {
 			return TestingAuthenticationToken.class.isAssignableFrom(authentication)
 					|| UsernamePasswordAuthenticationToken.class.isAssignableFrom(authentication);
diff --git a/core/src/test/java/org/springframework/security/authentication/dao/DaoAuthenticationProviderTests.java b/core/src/test/java/org/springframework/security/authentication/dao/DaoAuthenticationProviderTests.java
index 16071648e3..46fe362801 100644
--- a/core/src/test/java/org/springframework/security/authentication/dao/DaoAuthenticationProviderTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/dao/DaoAuthenticationProviderTests.java
@@ -685,6 +685,7 @@ public class DaoAuthenticationProviderTests {
 
 	private class MockUserDetailsServiceReturnsNull implements UserDetailsService {
 
+		@Override
 		public UserDetails loadUserByUsername(String username) {
 			return null;
 		}
@@ -693,6 +694,7 @@ public class DaoAuthenticationProviderTests {
 
 	private class MockUserDetailsServiceSimulateBackendError implements UserDetailsService {
 
+		@Override
 		public UserDetails loadUserByUsername(String username) {
 			throw new DataRetrievalFailureException("This mock simulator is designed to fail");
 		}
@@ -703,6 +705,7 @@ public class DaoAuthenticationProviderTests {
 
 		private String password = "koala";
 
+		@Override
 		public UserDetails loadUserByUsername(String username) {
 			if ("rod".equals(username)) {
 				return new User("rod", this.password, true, true, true, true, ROLES_12);
@@ -718,6 +721,7 @@ public class DaoAuthenticationProviderTests {
 
 	private class MockUserDetailsServiceUserPeter implements UserDetailsService {
 
+		@Override
 		public UserDetails loadUserByUsername(String username) {
 			if ("peter".equals(username)) {
 				return new User("peter", "opal", false, true, true, true, ROLES_12);
@@ -729,6 +733,7 @@ public class DaoAuthenticationProviderTests {
 
 	private class MockUserDetailsServiceUserPeterAccountExpired implements UserDetailsService {
 
+		@Override
 		public UserDetails loadUserByUsername(String username) {
 			if ("peter".equals(username)) {
 				return new User("peter", "opal", true, false, true, true, ROLES_12);
@@ -740,6 +745,7 @@ public class DaoAuthenticationProviderTests {
 
 	private class MockUserDetailsServiceUserPeterAccountLocked implements UserDetailsService {
 
+		@Override
 		public UserDetails loadUserByUsername(String username) {
 			if ("peter".equals(username)) {
 				return new User("peter", "opal", true, true, true, false, ROLES_12);
@@ -751,6 +757,7 @@ public class DaoAuthenticationProviderTests {
 
 	private class MockUserDetailsServiceUserPeterCredentialsExpired implements UserDetailsService {
 
+		@Override
 		public UserDetails loadUserByUsername(String username) {
 			if ("peter".equals(username)) {
 				return new User("peter", "opal", true, true, false, true, ROLES_12);
diff --git a/core/src/test/java/org/springframework/security/authentication/dao/MockUserCache.java b/core/src/test/java/org/springframework/security/authentication/dao/MockUserCache.java
index 939e39a98d..356115b539 100644
--- a/core/src/test/java/org/springframework/security/authentication/dao/MockUserCache.java
+++ b/core/src/test/java/org/springframework/security/authentication/dao/MockUserCache.java
@@ -28,14 +28,17 @@ public class MockUserCache implements UserCache {
 
 	private Map<String, UserDetails> cache = new HashMap<>();
 
+	@Override
 	public UserDetails getUserFromCache(String username) {
 		return this.cache.get(username);
 	}
 
+	@Override
 	public void putUserInCache(UserDetails user) {
 		this.cache.put(user.getUsername(), user);
 	}
 
+	@Override
 	public void removeUserFromCache(String username) {
 		this.cache.remove(username);
 	}
diff --git a/core/src/test/java/org/springframework/security/authentication/jaas/JaasAuthenticationProviderTests.java b/core/src/test/java/org/springframework/security/authentication/jaas/JaasAuthenticationProviderTests.java
index 08cc0d8e73..7a20b359ae 100644
--- a/core/src/test/java/org/springframework/security/authentication/jaas/JaasAuthenticationProviderTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/jaas/JaasAuthenticationProviderTests.java
@@ -290,6 +290,7 @@ public class JaasAuthenticationProviderTests {
 			super(loginModule);
 		}
 
+		@Override
 		public void logout() {
 			this.loggedOut = true;
 		}
diff --git a/core/src/test/java/org/springframework/security/authentication/jaas/JaasEventCheck.java b/core/src/test/java/org/springframework/security/authentication/jaas/JaasEventCheck.java
index f93bc489ea..565ea98356 100644
--- a/core/src/test/java/org/springframework/security/authentication/jaas/JaasEventCheck.java
+++ b/core/src/test/java/org/springframework/security/authentication/jaas/JaasEventCheck.java
@@ -30,6 +30,7 @@ public class JaasEventCheck implements ApplicationListener<JaasAuthenticationEve
 
 	JaasAuthenticationSuccessEvent successEvent;
 
+	@Override
 	public void onApplicationEvent(JaasAuthenticationEvent event) {
 		if (event instanceof JaasAuthenticationFailedEvent) {
 			this.failedEvent = (JaasAuthenticationFailedEvent) event;
diff --git a/core/src/test/java/org/springframework/security/authentication/jaas/TestAuthorityGranter.java b/core/src/test/java/org/springframework/security/authentication/jaas/TestAuthorityGranter.java
index ec98752d45..fbab33f747 100644
--- a/core/src/test/java/org/springframework/security/authentication/jaas/TestAuthorityGranter.java
+++ b/core/src/test/java/org/springframework/security/authentication/jaas/TestAuthorityGranter.java
@@ -25,6 +25,7 @@ import java.util.Set;
  */
 public class TestAuthorityGranter implements AuthorityGranter {
 
+	@Override
 	public Set<String> grant(Principal principal) {
 		Set<String> rtnSet = new HashSet<>();
 
diff --git a/core/src/test/java/org/springframework/security/authentication/jaas/TestCallbackHandler.java b/core/src/test/java/org/springframework/security/authentication/jaas/TestCallbackHandler.java
index d92f8cb5eb..645b684709 100644
--- a/core/src/test/java/org/springframework/security/authentication/jaas/TestCallbackHandler.java
+++ b/core/src/test/java/org/springframework/security/authentication/jaas/TestCallbackHandler.java
@@ -28,6 +28,7 @@ import org.springframework.security.core.Authentication;
  */
 public class TestCallbackHandler implements JaasAuthenticationCallbackHandler {
 
+	@Override
 	public void handle(Callback callback, Authentication auth) {
 		if (callback instanceof TextInputCallback) {
 			TextInputCallback tic = (TextInputCallback) callback;
diff --git a/core/src/test/java/org/springframework/security/authentication/jaas/TestLoginModule.java b/core/src/test/java/org/springframework/security/authentication/jaas/TestLoginModule.java
index 4305ab8b86..c6aaf08ac7 100644
--- a/core/src/test/java/org/springframework/security/authentication/jaas/TestLoginModule.java
+++ b/core/src/test/java/org/springframework/security/authentication/jaas/TestLoginModule.java
@@ -38,14 +38,17 @@ public class TestLoginModule implements LoginModule {
 
 	private Subject subject;
 
+	@Override
 	public boolean abort() {
 		return true;
 	}
 
+	@Override
 	public boolean commit() {
 		return true;
 	}
 
+	@Override
 	@SuppressWarnings("unchecked")
 	public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) {
 		this.subject = subject;
@@ -65,6 +68,7 @@ public class TestLoginModule implements LoginModule {
 		}
 	}
 
+	@Override
 	public boolean login() throws LoginException {
 		if (!this.user.equals("user")) {
 			throw new LoginException("Bad User");
@@ -81,6 +85,7 @@ public class TestLoginModule implements LoginModule {
 		return true;
 	}
 
+	@Override
 	public boolean logout() {
 		return true;
 	}
diff --git a/core/src/test/java/org/springframework/security/authentication/rcp/RemoteAuthenticationProviderTests.java b/core/src/test/java/org/springframework/security/authentication/rcp/RemoteAuthenticationProviderTests.java
index d3c78640da..ed48fbfe87 100644
--- a/core/src/test/java/org/springframework/security/authentication/rcp/RemoteAuthenticationProviderTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/rcp/RemoteAuthenticationProviderTests.java
@@ -112,6 +112,7 @@ public class RemoteAuthenticationProviderTests {
 			this.grantAccess = grantAccess;
 		}
 
+		@Override
 		public Collection<? extends GrantedAuthority> attemptAuthentication(String username, String password)
 				throws RemoteAuthenticationException {
 			if (this.grantAccess) {
diff --git a/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextExecutorServiceTests.java b/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextExecutorServiceTests.java
index c9da178681..e13de8e6c1 100644
--- a/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextExecutorServiceTests.java
+++ b/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextExecutorServiceTests.java
@@ -55,6 +55,7 @@ public abstract class AbstractDelegatingSecurityContextExecutorServiceTests
 		this.executor = create();
 	}
 
+	@Override
 	@Test(expected = IllegalArgumentException.class)
 	public void constructorNullDelegate() {
 		new DelegatingSecurityContextExecutorService(null);
@@ -163,6 +164,7 @@ public abstract class AbstractDelegatingSecurityContextExecutorServiceTests
 		assertThat(result).isEqualTo(exectedResult);
 	}
 
+	@Override
 	protected abstract DelegatingSecurityContextExecutorService create();
 
 }
diff --git a/core/src/test/java/org/springframework/security/core/parameters/AnnotationParameterNameDiscovererTests.java b/core/src/test/java/org/springframework/security/core/parameters/AnnotationParameterNameDiscovererTests.java
index f71ffb8f6e..c1fc3c9b8f 100644
--- a/core/src/test/java/org/springframework/security/core/parameters/AnnotationParameterNameDiscovererTests.java
+++ b/core/src/test/java/org/springframework/security/core/parameters/AnnotationParameterNameDiscovererTests.java
@@ -135,10 +135,12 @@ public class AnnotationParameterNameDiscovererTests {
 
 	static class DaoImpl extends BaseDaoImpl implements Dao {
 
+		@Override
 		public String findMessageByTo(String to) {
 			return null;
 		}
 
+		@Override
 		public String findMessageByToAndFrom(@P("to") String to, @P("from") String from) {
 			return null;
 		}
diff --git a/core/src/test/java/org/springframework/security/core/userdetails/MockUserDetailsService.java b/core/src/test/java/org/springframework/security/core/userdetails/MockUserDetailsService.java
index b342cc6ff3..b08ae39241 100644
--- a/core/src/test/java/org/springframework/security/core/userdetails/MockUserDetailsService.java
+++ b/core/src/test/java/org/springframework/security/core/userdetails/MockUserDetailsService.java
@@ -43,6 +43,7 @@ public class MockUserDetailsService implements UserDetailsService {
 		this.users.put("expired", new User("expired", "", true, false, true, true, this.auths));
 	}
 
+	@Override
 	public UserDetails loadUserByUsername(String username) {
 		if (this.users.get(username) == null) {
 			throw new UsernameNotFoundException("User not found: " + username);
diff --git a/core/src/test/java/org/springframework/security/provisioning/JdbcUserDetailsManagerTests.java b/core/src/test/java/org/springframework/security/provisioning/JdbcUserDetailsManagerTests.java
index 343b04cb9f..7253bbe02e 100644
--- a/core/src/test/java/org/springframework/security/provisioning/JdbcUserDetailsManagerTests.java
+++ b/core/src/test/java/org/springframework/security/provisioning/JdbcUserDetailsManagerTests.java
@@ -403,14 +403,17 @@ public class JdbcUserDetailsManagerTests {
 
 		private Map<String, UserDetails> cache = new HashMap<>();
 
+		@Override
 		public UserDetails getUserFromCache(String username) {
 			return this.cache.get(username);
 		}
 
+		@Override
 		public void putUserInCache(UserDetails user) {
 			this.cache.put(user.getUsername(), user);
 		}
 
+		@Override
 		public void removeUserFromCache(String username) {
 			this.cache.remove(username);
 		}
diff --git a/core/src/test/java/org/springframework/security/scheduling/AbstractSecurityContextSchedulingTaskExecutorTests.java b/core/src/test/java/org/springframework/security/scheduling/AbstractSecurityContextSchedulingTaskExecutorTests.java
index 554f805617..ae98a5d62a 100644
--- a/core/src/test/java/org/springframework/security/scheduling/AbstractSecurityContextSchedulingTaskExecutorTests.java
+++ b/core/src/test/java/org/springframework/security/scheduling/AbstractSecurityContextSchedulingTaskExecutorTests.java
@@ -48,10 +48,12 @@ public abstract class AbstractSecurityContextSchedulingTaskExecutorTests
 		verify(this.taskExecutorDelegate).prefersShortLivedTasks();
 	}
 
+	@Override
 	protected SchedulingTaskExecutor getExecutor() {
 		return this.taskExecutorDelegate;
 	}
 
+	@Override
 	protected abstract DelegatingSecurityContextSchedulingTaskExecutor create();
 
 }
diff --git a/core/src/test/java/org/springframework/security/scheduling/CurrentSecurityContextSchedulingTaskExecutorTests.java b/core/src/test/java/org/springframework/security/scheduling/CurrentSecurityContextSchedulingTaskExecutorTests.java
index 9da5a21301..e93316ce00 100644
--- a/core/src/test/java/org/springframework/security/scheduling/CurrentSecurityContextSchedulingTaskExecutorTests.java
+++ b/core/src/test/java/org/springframework/security/scheduling/CurrentSecurityContextSchedulingTaskExecutorTests.java
@@ -35,6 +35,7 @@ public class CurrentSecurityContextSchedulingTaskExecutorTests
 		currentSecurityContextPowermockSetup();
 	}
 
+	@Override
 	protected DelegatingSecurityContextSchedulingTaskExecutor create() {
 		return new DelegatingSecurityContextSchedulingTaskExecutor(this.taskExecutorDelegate);
 	}
diff --git a/core/src/test/java/org/springframework/security/scheduling/ExplicitSecurityContextSchedulingTaskExecutorTests.java b/core/src/test/java/org/springframework/security/scheduling/ExplicitSecurityContextSchedulingTaskExecutorTests.java
index 4cf8cdd943..1fdf8b9bb5 100644
--- a/core/src/test/java/org/springframework/security/scheduling/ExplicitSecurityContextSchedulingTaskExecutorTests.java
+++ b/core/src/test/java/org/springframework/security/scheduling/ExplicitSecurityContextSchedulingTaskExecutorTests.java
@@ -35,6 +35,7 @@ public class ExplicitSecurityContextSchedulingTaskExecutorTests
 		explicitSecurityContextPowermockSetup();
 	}
 
+	@Override
 	protected DelegatingSecurityContextSchedulingTaskExecutor create() {
 		return new DelegatingSecurityContextSchedulingTaskExecutor(this.taskExecutorDelegate, this.securityContext);
 	}
diff --git a/core/src/test/java/org/springframework/security/task/AbstractDelegatingSecurityContextAsyncTaskExecutorTests.java b/core/src/test/java/org/springframework/security/task/AbstractDelegatingSecurityContextAsyncTaskExecutorTests.java
index 38af77b257..8f3658f5b0 100644
--- a/core/src/test/java/org/springframework/security/task/AbstractDelegatingSecurityContextAsyncTaskExecutorTests.java
+++ b/core/src/test/java/org/springframework/security/task/AbstractDelegatingSecurityContextAsyncTaskExecutorTests.java
@@ -65,10 +65,12 @@ public abstract class AbstractDelegatingSecurityContextAsyncTaskExecutorTests
 		verify(getExecutor()).submit(this.wrappedCallable);
 	}
 
+	@Override
 	protected AsyncTaskExecutor getExecutor() {
 		return this.taskExecutorDelegate;
 	}
 
+	@Override
 	protected abstract DelegatingSecurityContextAsyncTaskExecutor create();
 
 }
diff --git a/core/src/test/java/org/springframework/security/task/CurrentDelegatingSecurityContextTaskExecutorTests.java b/core/src/test/java/org/springframework/security/task/CurrentDelegatingSecurityContextTaskExecutorTests.java
index 5a7aacc4df..7b2fa833c2 100644
--- a/core/src/test/java/org/springframework/security/task/CurrentDelegatingSecurityContextTaskExecutorTests.java
+++ b/core/src/test/java/org/springframework/security/task/CurrentDelegatingSecurityContextTaskExecutorTests.java
@@ -43,10 +43,12 @@ public class CurrentDelegatingSecurityContextTaskExecutorTests extends AbstractD
 		currentSecurityContextPowermockSetup();
 	}
 
+	@Override
 	protected Executor getExecutor() {
 		return this.taskExecutorDelegate;
 	}
 
+	@Override
 	protected DelegatingSecurityContextExecutor create() {
 		return new DelegatingSecurityContextTaskExecutor(this.taskExecutorDelegate);
 	}
diff --git a/core/src/test/java/org/springframework/security/task/ExplicitDelegatingSecurityContextTaskExecutorTests.java b/core/src/test/java/org/springframework/security/task/ExplicitDelegatingSecurityContextTaskExecutorTests.java
index 2d1e5ce8b3..12f4e94798 100644
--- a/core/src/test/java/org/springframework/security/task/ExplicitDelegatingSecurityContextTaskExecutorTests.java
+++ b/core/src/test/java/org/springframework/security/task/ExplicitDelegatingSecurityContextTaskExecutorTests.java
@@ -43,10 +43,12 @@ public class ExplicitDelegatingSecurityContextTaskExecutorTests extends Abstract
 		explicitSecurityContextPowermockSetup();
 	}
 
+	@Override
 	protected Executor getExecutor() {
 		return this.taskExecutorDelegate;
 	}
 
+	@Override
 	protected DelegatingSecurityContextExecutor create() {
 		return new DelegatingSecurityContextTaskExecutor(this.taskExecutorDelegate, this.securityContext);
 	}
diff --git a/core/src/test/java/org/springframework/security/util/MethodInvocationUtilsTests.java b/core/src/test/java/org/springframework/security/util/MethodInvocationUtilsTests.java
index 94b2063b06..eaaefdaefc 100644
--- a/core/src/test/java/org/springframework/security/util/MethodInvocationUtilsTests.java
+++ b/core/src/test/java/org/springframework/security/util/MethodInvocationUtilsTests.java
@@ -81,6 +81,7 @@ public class MethodInvocationUtilsTests {
 
 	class AdvisedTarget extends AdvisedSupport implements Blah {
 
+		@Override
 		public void blah() {
 		}
 
diff --git a/crypto/src/main/java/org/springframework/security/crypto/bcrypt/BCrypt.java b/crypto/src/main/java/org/springframework/security/crypto/bcrypt/BCrypt.java
index d3ee504223..2c0f2257d7 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/bcrypt/BCrypt.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/bcrypt/BCrypt.java
@@ -260,9 +260,10 @@ public class BCrypt {
 	 * @return the decoded value of x
 	 */
 	private static byte char64(char x) {
-		if ((int) x < 0 || (int) x >= index_64.length)
+		if (x < 0 || x >= index_64.length) {
 			return -1;
-		return index_64[(int) x];
+		}
+		return index_64[x];
 	}
 
 	/**
@@ -279,27 +280,32 @@ public class BCrypt {
 		byte ret[];
 		byte c1, c2, c3, c4, o;
 
-		if (maxolen <= 0)
+		if (maxolen <= 0) {
 			throw new IllegalArgumentException("Invalid maxolen");
+		}
 
 		while (off < slen - 1 && olen < maxolen) {
 			c1 = char64(s.charAt(off++));
 			c2 = char64(s.charAt(off++));
-			if (c1 == -1 || c2 == -1)
+			if (c1 == -1 || c2 == -1) {
 				break;
+			}
 			o = (byte) (c1 << 2);
 			o |= (c2 & 0x30) >> 4;
 			rs.append((char) o);
-			if (++olen >= maxolen || off >= slen)
+			if (++olen >= maxolen || off >= slen) {
 				break;
+			}
 			c3 = char64(s.charAt(off++));
-			if (c3 == -1)
+			if (c3 == -1) {
 				break;
+			}
 			o = (byte) ((c2 & 0x0f) << 4);
 			o |= (c3 & 0x3c) >> 2;
 			rs.append((char) o);
-			if (++olen >= maxolen || off >= slen)
+			if (++olen >= maxolen || off >= slen) {
 				break;
+			}
 			c4 = char64(s.charAt(off++));
 			o = (byte) ((c3 & 0x03) << 6);
 			o |= c4;
@@ -308,8 +314,9 @@ public class BCrypt {
 		}
 
 		ret = new byte[olen];
-		for (off = 0; off < olen; off++)
+		for (off = 0; off < olen; off++) {
 			ret[off] = (byte) rs.charAt(off);
+		}
 		return ret;
 	}
 
@@ -357,9 +364,10 @@ public class BCrypt {
 
 		for (i = 0; i < 4; i++) {
 			words[0] = (words[0] << 8) | (data[off] & 0xff);
-			words[1] = (words[1] << 8) | (int) data[off]; // sign extension bug
-			if (i > 0)
+			words[1] = (words[1] << 8) | data[off]; // sign extension bug
+			if (i > 0) {
 				sign |= words[1] & 0x80;
+			}
 			off = (off + 1) % data.length;
 		}
 
@@ -410,11 +418,14 @@ public class BCrypt {
 		int lr[] = { 0, 0 };
 		int plen = this.P.length, slen = this.S.length;
 
-		for (i = 0; i < plen; i++)
-			if (!sign_ext_bug)
+		for (i = 0; i < plen; i++) {
+			if (!sign_ext_bug) {
 				this.P[i] = this.P[i] ^ streamtoword(key, koffp);
-			else
+			}
+			else {
 				this.P[i] = this.P[i] ^ streamtoword_bug(key, koffp);
+			}
+		}
 
 		for (i = 0; i < plen; i += 2) {
 			encipher(lr, 0);
@@ -520,11 +531,13 @@ public class BCrypt {
 		int clen = cdata.length;
 		byte ret[];
 
-		if (log_rounds < 4 || log_rounds > 31)
+		if (log_rounds < 4 || log_rounds > 31) {
 			throw new IllegalArgumentException("Bad number of rounds");
+		}
 		rounds = 1 << log_rounds;
-		if (salt.length != BCRYPT_SALT_LEN)
+		if (salt.length != BCRYPT_SALT_LEN) {
 			throw new IllegalArgumentException("Bad salt length");
+		}
 
 		init_key();
 		ekskey(salt, password, sign_ext_bug, safety);
@@ -534,8 +547,9 @@ public class BCrypt {
 		}
 
 		for (i = 0; i < 64; i++) {
-			for (j = 0; j < (clen >> 1); j++)
+			for (j = 0; j < (clen >> 1); j++) {
 				encipher(cdata, j << 1);
+			}
 		}
 
 		ret = new byte[clen * 4];
@@ -586,20 +600,24 @@ public class BCrypt {
 			throw new IllegalArgumentException("Invalid salt");
 		}
 
-		if (salt.charAt(0) != '$' || salt.charAt(1) != '2')
+		if (salt.charAt(0) != '$' || salt.charAt(1) != '2') {
 			throw new IllegalArgumentException("Invalid salt version");
-		if (salt.charAt(2) == '$')
+		}
+		if (salt.charAt(2) == '$') {
 			off = 3;
+		}
 		else {
 			minor = salt.charAt(2);
-			if ((minor != 'a' && minor != 'x' && minor != 'y' && minor != 'b') || salt.charAt(3) != '$')
+			if ((minor != 'a' && minor != 'x' && minor != 'y' && minor != 'b') || salt.charAt(3) != '$') {
 				throw new IllegalArgumentException("Invalid salt revision");
+			}
 			off = 4;
 		}
 
 		// Extract number of rounds
-		if (salt.charAt(off + 2) > '$')
+		if (salt.charAt(off + 2) > '$') {
 			throw new IllegalArgumentException("Missing salt rounds");
+		}
 
 		if (off == 4 && saltLength < 29) {
 			throw new IllegalArgumentException("Invalid salt");
@@ -609,18 +627,21 @@ public class BCrypt {
 		real_salt = salt.substring(off + 3, off + 25);
 		saltb = decode_base64(real_salt, BCRYPT_SALT_LEN);
 
-		if (minor >= 'a') // add null terminator
+		if (minor >= 'a') {
 			passwordb = Arrays.copyOf(passwordb, passwordb.length + 1);
+		}
 
 		B = new BCrypt();
 		hashed = B.crypt_raw(passwordb, saltb, rounds, minor == 'x', minor == 'a' ? 0x10000 : 0);
 
 		rs.append("$2");
-		if (minor >= 'a')
+		if (minor >= 'a') {
 			rs.append(minor);
+		}
 		rs.append("$");
-		if (rounds < 10)
+		if (rounds < 10) {
 			rs.append("0");
+		}
 		rs.append(rounds);
 		rs.append("$");
 		encode_base64(saltb, saltb.length, rs);
@@ -654,8 +675,9 @@ public class BCrypt {
 		rs.append("$2");
 		rs.append(prefix.charAt(2));
 		rs.append("$");
-		if (log_rounds < 10)
+		if (log_rounds < 10) {
 			rs.append("0");
+		}
 		rs.append(log_rounds);
 		rs.append("$");
 		encode_base64(rnd, rnd.length, rs);
diff --git a/crypto/src/main/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoder.java b/crypto/src/main/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoder.java
index d93d28a72f..63df062bec 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoder.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoder.java
@@ -100,6 +100,7 @@ public class BCryptPasswordEncoder implements PasswordEncoder {
 		this.random = random;
 	}
 
+	@Override
 	public String encode(CharSequence rawPassword) {
 		if (rawPassword == null) {
 			throw new IllegalArgumentException("rawPassword cannot be null");
@@ -115,6 +116,7 @@ public class BCryptPasswordEncoder implements PasswordEncoder {
 		return BCrypt.hashpw(rawPassword.toString(), salt);
 	}
 
+	@Override
 	public boolean matches(CharSequence rawPassword, String encodedPassword) {
 		if (rawPassword == null) {
 			throw new IllegalArgumentException("rawPassword cannot be null");
diff --git a/crypto/src/main/java/org/springframework/security/crypto/encrypt/AesBytesEncryptor.java b/crypto/src/main/java/org/springframework/security/crypto/encrypt/AesBytesEncryptor.java
index 41be9918e8..9a8f517371 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/encrypt/AesBytesEncryptor.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/encrypt/AesBytesEncryptor.java
@@ -118,6 +118,7 @@ public final class AesBytesEncryptor implements BytesEncryptor {
 		this.ivGenerator = ivGenerator != null ? ivGenerator : alg.defaultIvGenerator();
 	}
 
+	@Override
 	public byte[] encrypt(byte[] bytes) {
 		synchronized (this.encryptor) {
 			byte[] iv = this.ivGenerator.generateKey();
@@ -127,6 +128,7 @@ public final class AesBytesEncryptor implements BytesEncryptor {
 		}
 	}
 
+	@Override
 	public byte[] decrypt(byte[] encryptedBytes) {
 		synchronized (this.decryptor) {
 			byte[] iv = iv(encryptedBytes);
@@ -151,10 +153,12 @@ public final class AesBytesEncryptor implements BytesEncryptor {
 
 		private final byte[] VALUE = new byte[16];
 
+		@Override
 		public int getKeyLength() {
 			return this.VALUE.length;
 		}
 
+		@Override
 		public byte[] generateKey() {
 			return this.VALUE;
 		}
diff --git a/crypto/src/main/java/org/springframework/security/crypto/encrypt/Encryptors.java b/crypto/src/main/java/org/springframework/security/crypto/encrypt/Encryptors.java
index 53270a01fa..7d44ab3700 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/encrypt/Encryptors.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/encrypt/Encryptors.java
@@ -119,10 +119,12 @@ public final class Encryptors {
 
 	private static final class NoOpTextEncryptor implements TextEncryptor {
 
+		@Override
 		public String encrypt(String text) {
 			return text;
 		}
 
+		@Override
 		public String decrypt(String encryptedText) {
 			return encryptedText;
 		}
diff --git a/crypto/src/main/java/org/springframework/security/crypto/encrypt/HexEncodingTextEncryptor.java b/crypto/src/main/java/org/springframework/security/crypto/encrypt/HexEncodingTextEncryptor.java
index e8c51d79cd..4bd12b4a53 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/encrypt/HexEncodingTextEncryptor.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/encrypt/HexEncodingTextEncryptor.java
@@ -33,10 +33,12 @@ final class HexEncodingTextEncryptor implements TextEncryptor {
 		this.encryptor = encryptor;
 	}
 
+	@Override
 	public String encrypt(String text) {
 		return new String(Hex.encode(this.encryptor.encrypt(Utf8.encode(text))));
 	}
 
+	@Override
 	public String decrypt(String encryptedText) {
 		return Utf8.decode(this.encryptor.decrypt(Hex.decode(encryptedText)));
 	}
diff --git a/crypto/src/main/java/org/springframework/security/crypto/keygen/HexEncodingStringKeyGenerator.java b/crypto/src/main/java/org/springframework/security/crypto/keygen/HexEncodingStringKeyGenerator.java
index fa00b501ce..82c39a3ed4 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/keygen/HexEncodingStringKeyGenerator.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/keygen/HexEncodingStringKeyGenerator.java
@@ -31,6 +31,7 @@ final class HexEncodingStringKeyGenerator implements StringKeyGenerator {
 		this.keyGenerator = keyGenerator;
 	}
 
+	@Override
 	public String generateKey() {
 		return new String(Hex.encode(this.keyGenerator.generateKey()));
 	}
diff --git a/crypto/src/main/java/org/springframework/security/crypto/keygen/SecureRandomBytesKeyGenerator.java b/crypto/src/main/java/org/springframework/security/crypto/keygen/SecureRandomBytesKeyGenerator.java
index e32cf34aae..d77d0093ae 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/keygen/SecureRandomBytesKeyGenerator.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/keygen/SecureRandomBytesKeyGenerator.java
@@ -46,10 +46,12 @@ final class SecureRandomBytesKeyGenerator implements BytesKeyGenerator {
 		this.keyLength = keyLength;
 	}
 
+	@Override
 	public int getKeyLength() {
 		return this.keyLength;
 	}
 
+	@Override
 	public byte[] generateKey() {
 		byte[] bytes = new byte[this.keyLength];
 		this.random.nextBytes(bytes);
diff --git a/crypto/src/main/java/org/springframework/security/crypto/keygen/SharedKeyGenerator.java b/crypto/src/main/java/org/springframework/security/crypto/keygen/SharedKeyGenerator.java
index 58b5f53645..87b47f180b 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/keygen/SharedKeyGenerator.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/keygen/SharedKeyGenerator.java
@@ -30,10 +30,12 @@ final class SharedKeyGenerator implements BytesKeyGenerator {
 		this.sharedKey = sharedKey;
 	}
 
+	@Override
 	public int getKeyLength() {
 		return this.sharedKey.length;
 	}
 
+	@Override
 	public byte[] generateKey() {
 		return this.sharedKey;
 	}
diff --git a/crypto/src/main/java/org/springframework/security/crypto/password/LdapShaPasswordEncoder.java b/crypto/src/main/java/org/springframework/security/crypto/password/LdapShaPasswordEncoder.java
index d322d36aec..d5f42a92ad 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/password/LdapShaPasswordEncoder.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/password/LdapShaPasswordEncoder.java
@@ -91,6 +91,7 @@ public class LdapShaPasswordEncoder implements PasswordEncoder {
 	 * @return the encoded password in the specified format
 	 *
 	 */
+	@Override
 	public String encode(CharSequence rawPass) {
 		byte[] salt = this.saltGenerator.generateKey();
 		return encode(rawPass, salt);
@@ -143,6 +144,7 @@ public class LdapShaPasswordEncoder implements PasswordEncoder {
 	 * @param encodedPassword the actual SSHA or SHA encoded password
 	 * @return true if they match (independent of the case of the prefix).
 	 */
+	@Override
 	public boolean matches(CharSequence rawPassword, String encodedPassword) {
 		return matches(rawPassword == null ? null : rawPassword.toString(), encodedPassword);
 	}
diff --git a/crypto/src/main/java/org/springframework/security/crypto/password/Md4PasswordEncoder.java b/crypto/src/main/java/org/springframework/security/crypto/password/Md4PasswordEncoder.java
index 77618d4db3..ba8c965bca 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/password/Md4PasswordEncoder.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/password/Md4PasswordEncoder.java
@@ -98,6 +98,7 @@ public class Md4PasswordEncoder implements PasswordEncoder {
 	 * @return Hex string of password digest (or base64 encoded string if
 	 * encodeHashAsBase64 is enabled.
 	 */
+	@Override
 	public String encode(CharSequence rawPassword) {
 		String salt = PREFIX + this.saltGenerator.generateKey() + SUFFIX;
 		return digest(salt, rawPassword);
@@ -134,6 +135,7 @@ public class Md4PasswordEncoder implements PasswordEncoder {
 	 * @param encodedPassword previously encoded password
 	 * @return true or false
 	 */
+	@Override
 	public boolean matches(CharSequence rawPassword, String encodedPassword) {
 		String salt = extractSalt(encodedPassword);
 		String rawPasswordEncoded = digest(salt, rawPassword);
diff --git a/crypto/src/main/java/org/springframework/security/crypto/password/MessageDigestPasswordEncoder.java b/crypto/src/main/java/org/springframework/security/crypto/password/MessageDigestPasswordEncoder.java
index 99a8d11544..9791557505 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/password/MessageDigestPasswordEncoder.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/password/MessageDigestPasswordEncoder.java
@@ -114,6 +114,7 @@ public class MessageDigestPasswordEncoder implements PasswordEncoder {
 	 * @return Hex string of password digest (or base64 encoded string if
 	 * encodeHashAsBase64 is enabled.
 	 */
+	@Override
 	public String encode(CharSequence rawPassword) {
 		String salt = PREFIX + this.saltGenerator.generateKey() + SUFFIX;
 		return digest(salt, rawPassword);
@@ -143,6 +144,7 @@ public class MessageDigestPasswordEncoder implements PasswordEncoder {
 	 * @param encodedPassword previously encoded password
 	 * @return true or false
 	 */
+	@Override
 	public boolean matches(CharSequence rawPassword, String encodedPassword) {
 		String salt = extractSalt(encodedPassword);
 		String rawPasswordEncoded = digest(salt, rawPassword);
diff --git a/crypto/src/main/java/org/springframework/security/crypto/password/NoOpPasswordEncoder.java b/crypto/src/main/java/org/springframework/security/crypto/password/NoOpPasswordEncoder.java
index caffbb3a9d..c154d2c046 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/password/NoOpPasswordEncoder.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/password/NoOpPasswordEncoder.java
@@ -32,10 +32,12 @@ package org.springframework.security.crypto.password;
 @Deprecated
 public final class NoOpPasswordEncoder implements PasswordEncoder {
 
+	@Override
 	public String encode(CharSequence rawPassword) {
 		return rawPassword.toString();
 	}
 
+	@Override
 	public boolean matches(CharSequence rawPassword, String encodedPassword) {
 		return rawPassword.toString().equals(encodedPassword);
 	}
diff --git a/crypto/src/main/java/org/springframework/security/crypto/password/StandardPasswordEncoder.java b/crypto/src/main/java/org/springframework/security/crypto/password/StandardPasswordEncoder.java
index f9160a4af0..016783c24c 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/password/StandardPasswordEncoder.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/password/StandardPasswordEncoder.java
@@ -73,10 +73,12 @@ public final class StandardPasswordEncoder implements PasswordEncoder {
 		this("SHA-256", secret);
 	}
 
+	@Override
 	public String encode(CharSequence rawPassword) {
 		return encode(rawPassword, this.saltGenerator.generateKey());
 	}
 
+	@Override
 	public boolean matches(CharSequence rawPassword, String encodedPassword) {
 		byte[] digested = decode(encodedPassword);
 		byte[] salt = subArray(digested, 0, this.saltGenerator.getKeyLength());
diff --git a/crypto/src/main/java/org/springframework/security/crypto/scrypt/SCryptPasswordEncoder.java b/crypto/src/main/java/org/springframework/security/crypto/scrypt/SCryptPasswordEncoder.java
index c496c6c907..b591794ede 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/scrypt/SCryptPasswordEncoder.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/scrypt/SCryptPasswordEncoder.java
@@ -116,10 +116,12 @@ public class SCryptPasswordEncoder implements PasswordEncoder {
 		this.saltGenerator = KeyGenerators.secureRandom(saltLength);
 	}
 
+	@Override
 	public String encode(CharSequence rawPassword) {
 		return digest(rawPassword, this.saltGenerator.generateKey());
 	}
 
+	@Override
 	public boolean matches(CharSequence rawPassword, String encodedPassword) {
 		if (encodedPassword == null || encodedPassword.length() < this.keyLength) {
 			this.logger.warn("Empty encoded password");
diff --git a/crypto/src/test/java/org/springframework/security/crypto/encrypt/BouncyCastleAesBytesEncryptorEquivalencyTests.java b/crypto/src/test/java/org/springframework/security/crypto/encrypt/BouncyCastleAesBytesEncryptorEquivalencyTests.java
index 199d213d52..828b2d32b0 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/encrypt/BouncyCastleAesBytesEncryptorEquivalencyTests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/encrypt/BouncyCastleAesBytesEncryptorEquivalencyTests.java
@@ -133,10 +133,12 @@ public class BouncyCastleAesBytesEncryptorEquivalencyTests {
 			this.keyLength = keyLength;
 		}
 
+		@Override
 		public int getKeyLength() {
 			return this.keyLength;
 		}
 
+		@Override
 		public byte[] generateKey() {
 			byte[] bytes = new byte[this.keyLength];
 			this.random.nextBytes(bytes);
diff --git a/data/src/test/java/org/springframework/security/data/repository/query/SecurityEvaluationContextExtensionTests.java b/data/src/test/java/org/springframework/security/data/repository/query/SecurityEvaluationContextExtensionTests.java
index a74b296078..cdf1097d70 100644
--- a/data/src/test/java/org/springframework/security/data/repository/query/SecurityEvaluationContextExtensionTests.java
+++ b/data/src/test/java/org/springframework/security/data/repository/query/SecurityEvaluationContextExtensionTests.java
@@ -72,7 +72,7 @@ public class SecurityEvaluationContextExtensionTests {
 	}
 
 	private SecurityExpressionRoot getRoot() {
-		return (SecurityExpressionRoot) this.securityExtension.getRootObject();
+		return this.securityExtension.getRootObject();
 	}
 
 }
\ No newline at end of file
diff --git a/itest/context/src/integration-test/java/org/springframework/security/integration/StubUserRepository.java b/itest/context/src/integration-test/java/org/springframework/security/integration/StubUserRepository.java
index 8d272048b9..80c47c5700 100644
--- a/itest/context/src/integration-test/java/org/springframework/security/integration/StubUserRepository.java
+++ b/itest/context/src/integration-test/java/org/springframework/security/integration/StubUserRepository.java
@@ -17,6 +17,7 @@ package org.springframework.security.integration;
 
 public class StubUserRepository implements UserRepository {
 
+	@Override
 	public void doSomething() {
 	}
 
diff --git a/itest/context/src/integration-test/java/org/springframework/security/performance/ProtectPointcutPerformanceTests.java b/itest/context/src/integration-test/java/org/springframework/security/performance/ProtectPointcutPerformanceTests.java
index 3196c019c9..79b7f90088 100644
--- a/itest/context/src/integration-test/java/org/springframework/security/performance/ProtectPointcutPerformanceTests.java
+++ b/itest/context/src/integration-test/java/org/springframework/security/performance/ProtectPointcutPerformanceTests.java
@@ -64,6 +64,7 @@ public class ProtectPointcutPerformanceTests implements ApplicationContextAware
 
 	}
 
+	@Override
 	public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
 		this.ctx = applicationContext;
 	}
diff --git a/itest/context/src/main/java/org/springframework/security/integration/UserDetailsServiceImpl.java b/itest/context/src/main/java/org/springframework/security/integration/UserDetailsServiceImpl.java
index 7aff3a25ba..d616b95eeb 100755
--- a/itest/context/src/main/java/org/springframework/security/integration/UserDetailsServiceImpl.java
+++ b/itest/context/src/main/java/org/springframework/security/integration/UserDetailsServiceImpl.java
@@ -25,6 +25,7 @@ public class UserDetailsServiceImpl implements UserDetailsService {
 	@SuppressWarnings({ "unused", "FieldCanBeLocal" })
 	private UserRepository userRepository;
 
+	@Override
 	@Transactional(readOnly = true)
 	public UserDetails loadUserByUsername(String username) {
 		return null;
diff --git a/itest/context/src/main/java/org/springframework/security/integration/multiannotation/MultiAnnotationServiceImpl.java b/itest/context/src/main/java/org/springframework/security/integration/multiannotation/MultiAnnotationServiceImpl.java
index 50e8a1c282..0be8aed332 100644
--- a/itest/context/src/main/java/org/springframework/security/integration/multiannotation/MultiAnnotationServiceImpl.java
+++ b/itest/context/src/main/java/org/springframework/security/integration/multiannotation/MultiAnnotationServiceImpl.java
@@ -17,15 +17,19 @@ package org.springframework.security.integration.multiannotation;
 
 public class MultiAnnotationServiceImpl implements MultiAnnotationService {
 
+	@Override
 	public void preAuthorizeDenyAllMethod() {
 	}
 
+	@Override
 	public void preAuthorizeHasRoleAMethod() {
 	}
 
+	@Override
 	public void securedAnonymousMethod() {
 	}
 
+	@Override
 	public void securedRoleAMethod() {
 	}
 
diff --git a/itest/context/src/main/java/org/springframework/security/integration/multiannotation/PreAuthorizeServiceImpl.java b/itest/context/src/main/java/org/springframework/security/integration/multiannotation/PreAuthorizeServiceImpl.java
index ff2b4c50b2..32602d556e 100644
--- a/itest/context/src/main/java/org/springframework/security/integration/multiannotation/PreAuthorizeServiceImpl.java
+++ b/itest/context/src/main/java/org/springframework/security/integration/multiannotation/PreAuthorizeServiceImpl.java
@@ -20,6 +20,7 @@ package org.springframework.security.integration.multiannotation;
  */
 public class PreAuthorizeServiceImpl implements PreAuthorizeService {
 
+	@Override
 	public void preAuthorizedMethod() {
 	}
 
diff --git a/itest/context/src/main/java/org/springframework/security/integration/multiannotation/SecuredServiceImpl.java b/itest/context/src/main/java/org/springframework/security/integration/multiannotation/SecuredServiceImpl.java
index 349f6da5d1..45302b2abe 100644
--- a/itest/context/src/main/java/org/springframework/security/integration/multiannotation/SecuredServiceImpl.java
+++ b/itest/context/src/main/java/org/springframework/security/integration/multiannotation/SecuredServiceImpl.java
@@ -20,6 +20,7 @@ package org.springframework.security.integration.multiannotation;
  */
 public class SecuredServiceImpl implements SecuredService {
 
+	@Override
 	public void securedMethod() {
 	}
 
diff --git a/itest/context/src/main/java/org/springframework/security/integration/python/PythonInterpreterPostInvocationAdvice.java b/itest/context/src/main/java/org/springframework/security/integration/python/PythonInterpreterPostInvocationAdvice.java
index 21cda9c594..7c09ba0e19 100644
--- a/itest/context/src/main/java/org/springframework/security/integration/python/PythonInterpreterPostInvocationAdvice.java
+++ b/itest/context/src/main/java/org/springframework/security/integration/python/PythonInterpreterPostInvocationAdvice.java
@@ -24,6 +24,7 @@ import org.springframework.security.core.Authentication;
 
 public class PythonInterpreterPostInvocationAdvice implements PostInvocationAuthorizationAdvice {
 
+	@Override
 	public Object after(Authentication authentication, MethodInvocation mi, PostInvocationAttribute pia,
 			Object returnedObject) throws AccessDeniedException {
 		return returnedObject;
diff --git a/itest/context/src/main/java/org/springframework/security/integration/python/PythonInterpreterPreInvocationAdvice.java b/itest/context/src/main/java/org/springframework/security/integration/python/PythonInterpreterPreInvocationAdvice.java
index f510e8a613..8ae2b7fbd9 100644
--- a/itest/context/src/main/java/org/springframework/security/integration/python/PythonInterpreterPreInvocationAdvice.java
+++ b/itest/context/src/main/java/org/springframework/security/integration/python/PythonInterpreterPreInvocationAdvice.java
@@ -38,6 +38,7 @@ public class PythonInterpreterPreInvocationAdvice implements PreInvocationAuthor
 
 	private final ParameterNameDiscoverer parameterNameDiscoverer = new LocalVariableTableParameterNameDiscoverer();
 
+	@Override
 	public boolean before(Authentication authentication, MethodInvocation mi, PreInvocationAttribute preAttr) {
 		PythonInterpreterPreInvocationAttribute pythonAttr = (PythonInterpreterPreInvocationAttribute) preAttr;
 		String script = pythonAttr.getScript();
diff --git a/itest/context/src/main/java/org/springframework/security/integration/python/PythonInterpreterPreInvocationAttribute.java b/itest/context/src/main/java/org/springframework/security/integration/python/PythonInterpreterPreInvocationAttribute.java
index 3fb06bd3ef..6fda94603b 100644
--- a/itest/context/src/main/java/org/springframework/security/integration/python/PythonInterpreterPreInvocationAttribute.java
+++ b/itest/context/src/main/java/org/springframework/security/integration/python/PythonInterpreterPreInvocationAttribute.java
@@ -25,6 +25,7 @@ public class PythonInterpreterPreInvocationAttribute implements PreInvocationAtt
 		this.script = script;
 	}
 
+	@Override
 	public String getAttribute() {
 		return null;
 	}
diff --git a/itest/context/src/main/java/org/springframework/security/integration/python/PythonInterpreterPrePostInvocationAttributeFactory.java b/itest/context/src/main/java/org/springframework/security/integration/python/PythonInterpreterPrePostInvocationAttributeFactory.java
index 2b6c4599cb..58c98d813b 100644
--- a/itest/context/src/main/java/org/springframework/security/integration/python/PythonInterpreterPrePostInvocationAttributeFactory.java
+++ b/itest/context/src/main/java/org/springframework/security/integration/python/PythonInterpreterPrePostInvocationAttributeFactory.java
@@ -27,11 +27,13 @@ public class PythonInterpreterPrePostInvocationAttributeFactory implements PrePo
 		PythonInterpreter.initialize(System.getProperties(), null, new String[] {});
 	}
 
+	@Override
 	public PreInvocationAttribute createPreInvocationAttribute(String preFilterAttribute, String filterObject,
 			String preAuthorizeAttribute) {
 		return new PythonInterpreterPreInvocationAttribute(preAuthorizeAttribute);
 	}
 
+	@Override
 	public PostInvocationAttribute createPostInvocationAttribute(String postFilterAttribute,
 			String postAuthorizeAttribute) {
 		return null;
diff --git a/itest/context/src/main/java/org/springframework/security/integration/python/TestServiceImpl.java b/itest/context/src/main/java/org/springframework/security/integration/python/TestServiceImpl.java
index 98081e347e..353cc3cf2e 100644
--- a/itest/context/src/main/java/org/springframework/security/integration/python/TestServiceImpl.java
+++ b/itest/context/src/main/java/org/springframework/security/integration/python/TestServiceImpl.java
@@ -17,6 +17,7 @@ package org.springframework.security.integration.python;
 
 public class TestServiceImpl implements TestService {
 
+	@Override
 	public void someMethod() {
 		System.out.print("Invoked someMethod()");
 	}
diff --git a/ldap/src/main/java/org/springframework/security/ldap/DefaultLdapUsernameToDnMapper.java b/ldap/src/main/java/org/springframework/security/ldap/DefaultLdapUsernameToDnMapper.java
index 8d15870ab6..5c0fe7823f 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/DefaultLdapUsernameToDnMapper.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/DefaultLdapUsernameToDnMapper.java
@@ -43,6 +43,7 @@ public class DefaultLdapUsernameToDnMapper implements LdapUsernameToDnMapper {
 	/**
 	 * Assembles the Distinguished Name that should be used the given username.
 	 */
+	@Override
 	public DistinguishedName buildDn(String username) {
 		DistinguishedName dn = new DistinguishedName(this.userDnBase);
 
diff --git a/ldap/src/main/java/org/springframework/security/ldap/SpringSecurityLdapTemplate.java b/ldap/src/main/java/org/springframework/security/ldap/SpringSecurityLdapTemplate.java
index 8a855cefe8..5a7465437a 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/SpringSecurityLdapTemplate.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/SpringSecurityLdapTemplate.java
@@ -92,6 +92,7 @@ public class SpringSecurityLdapTemplate extends LdapTemplate {
 
 		class LdapCompareCallback implements ContextExecutor {
 
+			@Override
 			public Object executeWithContext(DirContext ctx) throws NamingException {
 				SearchControls ctls = new SearchControls();
 				ctls.setReturningAttributes(NO_ATTRS);
diff --git a/ldap/src/main/java/org/springframework/security/ldap/authentication/AbstractLdapAuthenticationProvider.java b/ldap/src/main/java/org/springframework/security/ldap/authentication/AbstractLdapAuthenticationProvider.java
index 957fd007e9..bb7f494072 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/authentication/AbstractLdapAuthenticationProvider.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/authentication/AbstractLdapAuthenticationProvider.java
@@ -58,6 +58,7 @@ public abstract class AbstractLdapAuthenticationProvider implements Authenticati
 
 	protected UserDetailsContextMapper userDetailsContextMapper = new LdapUserDetailsMapper();
 
+	@Override
 	public Authentication authenticate(Authentication authentication) throws AuthenticationException {
 		Assert.isInstanceOf(UsernamePasswordAuthenticationToken.class, authentication,
 				() -> this.messages.getMessage("LdapAuthenticationProvider.onlySupports",
@@ -117,6 +118,7 @@ public abstract class AbstractLdapAuthenticationProvider implements Authenticati
 		return result;
 	}
 
+	@Override
 	public boolean supports(Class<?> authentication) {
 		return UsernamePasswordAuthenticationToken.class.isAssignableFrom(authentication);
 	}
@@ -133,6 +135,7 @@ public abstract class AbstractLdapAuthenticationProvider implements Authenticati
 		this.useAuthenticationRequestCredentials = useAuthenticationRequestCredentials;
 	}
 
+	@Override
 	public void setMessageSource(MessageSource messageSource) {
 		this.messages = new MessageSourceAccessor(messageSource);
 	}
diff --git a/ldap/src/main/java/org/springframework/security/ldap/authentication/AbstractLdapAuthenticator.java b/ldap/src/main/java/org/springframework/security/ldap/authentication/AbstractLdapAuthenticator.java
index 79890a2022..e3f5148c8b 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/authentication/AbstractLdapAuthenticator.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/authentication/AbstractLdapAuthenticator.java
@@ -66,6 +66,7 @@ public abstract class AbstractLdapAuthenticator implements LdapAuthenticator, In
 		this.contextSource = contextSource;
 	}
 
+	@Override
 	public void afterPropertiesSet() {
 		Assert.isTrue((this.userDnFormat != null) || (this.userSearch != null),
 				"Either an LdapUserSearch or DN pattern (or both) must be supplied.");
@@ -107,6 +108,7 @@ public abstract class AbstractLdapAuthenticator implements LdapAuthenticator, In
 		return this.userSearch;
 	}
 
+	@Override
 	public void setMessageSource(MessageSource messageSource) {
 		Assert.notNull(messageSource, "Message source must not be null");
 		this.messages = new MessageSourceAccessor(messageSource);
diff --git a/ldap/src/main/java/org/springframework/security/ldap/authentication/BindAuthenticator.java b/ldap/src/main/java/org/springframework/security/ldap/authentication/BindAuthenticator.java
index a374b5bf6e..d45b72df7e 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/authentication/BindAuthenticator.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/authentication/BindAuthenticator.java
@@ -57,6 +57,7 @@ public class BindAuthenticator extends AbstractLdapAuthenticator {
 		super(contextSource);
 	}
 
+	@Override
 	public DirContextOperations authenticate(Authentication authentication) {
 		DirContextOperations user = null;
 		Assert.isInstanceOf(UsernamePasswordAuthenticationToken.class, authentication,
diff --git a/ldap/src/main/java/org/springframework/security/ldap/authentication/NullLdapAuthoritiesPopulator.java b/ldap/src/main/java/org/springframework/security/ldap/authentication/NullLdapAuthoritiesPopulator.java
index 8f32bc29e3..21b70d0804 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/authentication/NullLdapAuthoritiesPopulator.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/authentication/NullLdapAuthoritiesPopulator.java
@@ -28,6 +28,7 @@ import org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator;
  */
 public final class NullLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator {
 
+	@Override
 	public Collection<GrantedAuthority> getGrantedAuthorities(DirContextOperations userDetails, String username) {
 		return AuthorityUtils.NO_AUTHORITIES;
 	}
diff --git a/ldap/src/main/java/org/springframework/security/ldap/authentication/PasswordComparisonAuthenticator.java b/ldap/src/main/java/org/springframework/security/ldap/authentication/PasswordComparisonAuthenticator.java
index 6a8eda48ce..790b513f7e 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/authentication/PasswordComparisonAuthenticator.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/authentication/PasswordComparisonAuthenticator.java
@@ -61,6 +61,7 @@ public final class PasswordComparisonAuthenticator extends AbstractLdapAuthentic
 		super(contextSource);
 	}
 
+	@Override
 	public DirContextOperations authenticate(final Authentication authentication) {
 		Assert.isInstanceOf(UsernamePasswordAuthenticationToken.class, authentication,
 				"Can only process UsernamePasswordAuthenticationToken objects");
diff --git a/ldap/src/main/java/org/springframework/security/ldap/authentication/SpringSecurityAuthenticationSource.java b/ldap/src/main/java/org/springframework/security/ldap/authentication/SpringSecurityAuthenticationSource.java
index 08e6a5f297..9a57616525 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/authentication/SpringSecurityAuthenticationSource.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/authentication/SpringSecurityAuthenticationSource.java
@@ -43,6 +43,7 @@ public class SpringSecurityAuthenticationSource implements AuthenticationSource
 	 * Get the principals of the logged in user, in this case the distinguished name.
 	 * @return the distinguished name of the logged in user.
 	 */
+	@Override
 	public String getPrincipal() {
 		Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
 
@@ -72,6 +73,7 @@ public class SpringSecurityAuthenticationSource implements AuthenticationSource
 	/**
 	 * @see org.springframework.ldap.core.AuthenticationSource#getCredentials()
 	 */
+	@Override
 	public String getCredentials() {
 		Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
 
diff --git a/ldap/src/main/java/org/springframework/security/ldap/authentication/UserDetailsServiceLdapAuthoritiesPopulator.java b/ldap/src/main/java/org/springframework/security/ldap/authentication/UserDetailsServiceLdapAuthoritiesPopulator.java
index fbf4682871..ccfbd15c24 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/authentication/UserDetailsServiceLdapAuthoritiesPopulator.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/authentication/UserDetailsServiceLdapAuthoritiesPopulator.java
@@ -39,6 +39,7 @@ public class UserDetailsServiceLdapAuthoritiesPopulator implements LdapAuthoriti
 		this.userDetailsService = userService;
 	}
 
+	@Override
 	public Collection<? extends GrantedAuthority> getGrantedAuthorities(DirContextOperations userData,
 			String username) {
 		return this.userDetailsService.loadUserByUsername(username).getAuthorities();
diff --git a/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControl.java b/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControl.java
index 73a865446e..36b5832c94 100755
--- a/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControl.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControl.java
@@ -57,6 +57,7 @@ public class PasswordPolicyControl implements Control {
 	 * this control is always empty.
 	 * @return always null
 	 */
+	@Override
 	public byte[] getEncodedValue() {
 		return null;
 	}
@@ -64,6 +65,7 @@ public class PasswordPolicyControl implements Control {
 	/**
 	 * Returns the OID of the Password Policy Control ("1.3.6.1.4.1.42.2.27.8.5.1").
 	 */
+	@Override
 	public String getID() {
 		return OID;
 	}
@@ -71,6 +73,7 @@ public class PasswordPolicyControl implements Control {
 	/**
 	 * Returns whether the control is critical for the client.
 	 */
+	@Override
 	public boolean isCritical() {
 		return this.critical;
 	}
diff --git a/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControlFactory.java b/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControlFactory.java
index dba0b67d83..84780ae9f5 100755
--- a/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControlFactory.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControlFactory.java
@@ -34,6 +34,7 @@ public class PasswordPolicyControlFactory extends ControlFactory {
 	 * @param ctl the control the check
 	 * @return a response control of type PasswordPolicyResponseControl, or null
 	 */
+	@Override
 	public Control getControlInstance(Control ctl) {
 		if (ctl.getID().equals(PasswordPolicyControl.OID)) {
 			return new PasswordPolicyResponseControl(ctl.getEncodedValue());
diff --git a/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyResponseControl.java b/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyResponseControl.java
index 6c43c1921b..42cb34e11f 100755
--- a/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyResponseControl.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyResponseControl.java
@@ -193,6 +193,7 @@ public class PasswordPolicyResponseControl extends PasswordPolicyControl {
 	 */
 	private class NetscapeDecoder implements PPolicyDecoder {
 
+		@Override
 		public void decode() throws IOException {
 			int[] bread = { 0 };
 			BERSequence seq = (BERSequence) BERElement.getElement(new SpecificTagDecoder(),
diff --git a/ldap/src/main/java/org/springframework/security/ldap/server/ApacheDSContainer.java b/ldap/src/main/java/org/springframework/security/ldap/server/ApacheDSContainer.java
index d4a0bb628e..9e1ff976f1 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/server/ApacheDSContainer.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/server/ApacheDSContainer.java
@@ -140,6 +140,7 @@ public class ApacheDSContainer implements InitializingBean, DisposableBean, Life
 		this.service.setDenormalizeOpAttrsEnabled(true);
 	}
 
+	@Override
 	public void afterPropertiesSet() throws Exception {
 		if (this.workingDir == null) {
 			String apacheWorkDir = System.getProperty("apacheDSWorkDir");
@@ -168,10 +169,12 @@ public class ApacheDSContainer implements InitializingBean, DisposableBean, Life
 		start();
 	}
 
+	@Override
 	public void destroy() {
 		stop();
 	}
 
+	@Override
 	public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
 		this.ctxt = applicationContext;
 	}
@@ -241,6 +244,7 @@ public class ApacheDSContainer implements InitializingBean, DisposableBean, Life
 		return this.service;
 	}
 
+	@Override
 	public void start() {
 		if (isRunning()) {
 			return;
@@ -294,6 +298,7 @@ public class ApacheDSContainer implements InitializingBean, DisposableBean, Life
 		}
 	}
 
+	@Override
 	public void stop() {
 		if (!isRunning()) {
 			return;
@@ -390,6 +395,7 @@ public class ApacheDSContainer implements InitializingBean, DisposableBean, Life
 		return dir.delete();
 	}
 
+	@Override
 	public boolean isRunning() {
 		return this.running;
 	}
diff --git a/ldap/src/main/java/org/springframework/security/ldap/userdetails/InetOrgPerson.java b/ldap/src/main/java/org/springframework/security/ldap/userdetails/InetOrgPerson.java
index 8aa9e47766..77e674309b 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/userdetails/InetOrgPerson.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/userdetails/InetOrgPerson.java
@@ -144,6 +144,7 @@ public class InetOrgPerson extends Person {
 		return this.street;
 	}
 
+	@Override
 	protected void populateContext(DirContextAdapter adapter) {
 		super.populateContext(adapter);
 		adapter.setAttributeValue("carLicense", this.carLicense);
@@ -216,6 +217,7 @@ public class InetOrgPerson extends Person {
 			setUid(ctx.getStringAttribute("uid"));
 		}
 
+		@Override
 		protected LdapUserDetailsImpl createTarget() {
 			return new InetOrgPerson();
 		}
diff --git a/ldap/src/main/java/org/springframework/security/ldap/userdetails/InetOrgPersonContextMapper.java b/ldap/src/main/java/org/springframework/security/ldap/userdetails/InetOrgPersonContextMapper.java
index 3d11bf884a..ff7824acda 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/userdetails/InetOrgPersonContextMapper.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/userdetails/InetOrgPersonContextMapper.java
@@ -28,6 +28,7 @@ import org.springframework.util.Assert;
  */
 public class InetOrgPersonContextMapper implements UserDetailsContextMapper {
 
+	@Override
 	public UserDetails mapUserFromContext(DirContextOperations ctx, String username,
 			Collection<? extends GrantedAuthority> authorities) {
 		InetOrgPerson.Essence p = new InetOrgPerson.Essence(ctx);
@@ -39,6 +40,7 @@ public class InetOrgPersonContextMapper implements UserDetailsContextMapper {
 
 	}
 
+	@Override
 	public void mapUserToContext(UserDetails user, DirContextAdapter ctx) {
 		Assert.isInstanceOf(InetOrgPerson.class, user, "UserDetails must be an InetOrgPerson instance");
 
diff --git a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsManager.java b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsManager.java
index e44d8df42d..a6beab4808 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsManager.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsManager.java
@@ -132,6 +132,7 @@ public class LdapUserDetailsManager implements UserDetailsManager {
 		this.template = new LdapTemplate(contextSource);
 	}
 
+	@Override
 	public UserDetails loadUserByUsername(String username) {
 		DistinguishedName dn = this.usernameMapper.buildDn(username);
 		List<GrantedAuthority> authorities = getUserAuthorities(dn, username);
@@ -180,6 +181,7 @@ public class LdapUserDetailsManager implements UserDetailsManager {
 	 * @param oldPassword the old password
 	 * @param newPassword the new value of the password.
 	 */
+	@Override
 	public void changePassword(final String oldPassword, final String newPassword) {
 		Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
 		Assert.notNull(authentication,
@@ -222,6 +224,7 @@ public class LdapUserDetailsManager implements UserDetailsManager {
 		return roleCollector.getList();
 	}
 
+	@Override
 	public void createUser(UserDetails user) {
 		DirContextAdapter ctx = new DirContextAdapter();
 		copyToContext(user, ctx);
@@ -242,6 +245,7 @@ public class LdapUserDetailsManager implements UserDetailsManager {
 		addAuthorities(dn, user.getAuthorities());
 	}
 
+	@Override
 	public void updateUser(UserDetails user) {
 		DistinguishedName dn = this.usernameMapper.buildDn(user.getUsername());
 
@@ -273,12 +277,14 @@ public class LdapUserDetailsManager implements UserDetailsManager {
 		addAuthorities(dn, user.getAuthorities());
 	}
 
+	@Override
 	public void deleteUser(String username) {
 		DistinguishedName dn = this.usernameMapper.buildDn(username);
 		removeAuthorities(dn, getUserAuthorities(dn, username));
 		this.template.unbind(dn);
 	}
 
+	@Override
 	public boolean userExists(String username) {
 		DistinguishedName dn = this.usernameMapper.buildDn(username);
 
diff --git a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsService.java b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsService.java
index d40111cbf9..467d781b59 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsService.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsService.java
@@ -53,6 +53,7 @@ public class LdapUserDetailsService implements UserDetailsService {
 		this.authoritiesPopulator = authoritiesPopulator;
 	}
 
+	@Override
 	public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
 		DirContextOperations userData = this.userSearch.searchForUser(username);
 
@@ -67,6 +68,7 @@ public class LdapUserDetailsService implements UserDetailsService {
 
 	private static final class NullLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator {
 
+		@Override
 		public Collection<GrantedAuthority> getGrantedAuthorities(DirContextOperations userDetails, String username) {
 			return AuthorityUtils.NO_AUTHORITIES;
 		}
diff --git a/ldap/src/main/java/org/springframework/security/ldap/userdetails/Person.java b/ldap/src/main/java/org/springframework/security/ldap/userdetails/Person.java
index 4237757c60..21e08f7e99 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/userdetails/Person.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/userdetails/Person.java
@@ -111,6 +111,7 @@ public class Person extends LdapUserDetailsImpl {
 			((Person) this.instance).cn = new ArrayList<>(copyMe.cn);
 		}
 
+		@Override
 		protected LdapUserDetailsImpl createTarget() {
 			return new Person();
 		}
@@ -139,6 +140,7 @@ public class Person extends LdapUserDetailsImpl {
 			((Person) this.instance).description = desc;
 		}
 
+		@Override
 		public LdapUserDetails createUserDetails() {
 			Person p = (Person) super.createUserDetails();
 			Assert.notNull(p.cn, "person.sn cannot be null");
diff --git a/ldap/src/main/java/org/springframework/security/ldap/userdetails/PersonContextMapper.java b/ldap/src/main/java/org/springframework/security/ldap/userdetails/PersonContextMapper.java
index bc4e6438b3..542bfe7548 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/userdetails/PersonContextMapper.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/userdetails/PersonContextMapper.java
@@ -28,6 +28,7 @@ import org.springframework.util.Assert;
  */
 public class PersonContextMapper implements UserDetailsContextMapper {
 
+	@Override
 	public UserDetails mapUserFromContext(DirContextOperations ctx, String username,
 			Collection<? extends GrantedAuthority> authorities) {
 		Person.Essence p = new Person.Essence(ctx);
@@ -39,6 +40,7 @@ public class PersonContextMapper implements UserDetailsContextMapper {
 
 	}
 
+	@Override
 	public void mapUserToContext(UserDetails user, DirContextAdapter ctx) {
 		Assert.isInstanceOf(Person.class, user, "UserDetails must be a Person instance");
 
diff --git a/ldap/src/test/java/org/springframework/security/ldap/authentication/LdapAuthenticationProviderTests.java b/ldap/src/test/java/org/springframework/security/ldap/authentication/LdapAuthenticationProviderTests.java
index 7bf18ee4e2..c2504eb53b 100644
--- a/ldap/src/test/java/org/springframework/security/ldap/authentication/LdapAuthenticationProviderTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/authentication/LdapAuthenticationProviderTests.java
@@ -179,6 +179,7 @@ public class LdapAuthenticationProviderTests {
 
 	class MockAuthenticator implements LdapAuthenticator {
 
+		@Override
 		public DirContextOperations authenticate(Authentication authentication) {
 			DirContextAdapter ctx = new DirContextAdapter();
 			ctx.setAttributeValue("ou", "FROM_ENTRY");
@@ -206,6 +207,7 @@ public class LdapAuthenticationProviderTests {
 
 		String username;
 
+		@Override
 		public Collection<GrantedAuthority> getGrantedAuthorities(DirContextOperations userCtx, String username) {
 			this.username = username;
 			return AuthorityUtils.createAuthorityList("ROLE_FROM_POPULATOR");
diff --git a/ldap/src/test/java/org/springframework/security/ldap/authentication/MockUserSearch.java b/ldap/src/test/java/org/springframework/security/ldap/authentication/MockUserSearch.java
index 3e4cd05135..7d581a1f72 100644
--- a/ldap/src/test/java/org/springframework/security/ldap/authentication/MockUserSearch.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/authentication/MockUserSearch.java
@@ -33,6 +33,7 @@ public class MockUserSearch implements LdapUserSearch {
 		this.user = user;
 	}
 
+	@Override
 	public DirContextOperations searchForUser(String username) {
 		return this.user;
 	}
diff --git a/ldap/src/test/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProviderTests.java b/ldap/src/test/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProviderTests.java
index de9defc321..c1a11c0980 100644
--- a/ldap/src/test/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProviderTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProviderTests.java
@@ -290,12 +290,14 @@ public class ActiveDirectoryLdapAuthenticationProviderTests {
 
 			private Matcher<String> causeDataCode = CoreMatchers.equalTo(dataCode);
 
+			@Override
 			public boolean matches(Object that) {
 				Throwable t = (Throwable) that;
 				ActiveDirectoryAuthenticationException cause = (ActiveDirectoryAuthenticationException) t.getCause();
 				return this.causeInstance.matches(cause) && this.causeDataCode.matches(cause.getDataCode());
 			}
 
+			@Override
 			public void describeTo(Description desc) {
 				desc.appendText("getCause() ");
 				this.causeInstance.describeTo(desc);
@@ -468,23 +470,28 @@ public class ActiveDirectoryLdapAuthenticationProviderTests {
 			this.sr = sr;
 		}
 
+		@Override
 		public SearchResult next() {
 			SearchResult result = this.sr;
 			this.sr = null;
 			return result;
 		}
 
+		@Override
 		public boolean hasMore() {
 			return this.sr != null;
 		}
 
+		@Override
 		public void close() {
 		}
 
+		@Override
 		public boolean hasMoreElements() {
 			return hasMore();
 		}
 
+		@Override
 		public SearchResult nextElement() {
 			return next();
 		}
diff --git a/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsServiceTests.java b/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsServiceTests.java
index a7788003db..5fd8e1a295 100644
--- a/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsServiceTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsServiceTests.java
@@ -74,6 +74,7 @@ public class LdapUserDetailsServiceTests {
 
 	class MockAuthoritiesPopulator implements LdapAuthoritiesPopulator {
 
+		@Override
 		public Collection<GrantedAuthority> getGrantedAuthorities(DirContextOperations userCtx, String username) {
 			return AuthorityUtils.createAuthorityList("ROLE_FROM_POPULATOR");
 		}
diff --git a/messaging/src/main/java/org/springframework/security/messaging/access/expression/MessageExpressionConfigAttribute.java b/messaging/src/main/java/org/springframework/security/messaging/access/expression/MessageExpressionConfigAttribute.java
index 66bbd3e237..a38abb344f 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/access/expression/MessageExpressionConfigAttribute.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/access/expression/MessageExpressionConfigAttribute.java
@@ -55,6 +55,7 @@ class MessageExpressionConfigAttribute implements ConfigAttribute, EvaluationCon
 		return this.authorizeExpression;
 	}
 
+	@Override
 	public String getAttribute() {
 		return null;
 	}
diff --git a/messaging/src/main/java/org/springframework/security/messaging/access/expression/MessageExpressionVoter.java b/messaging/src/main/java/org/springframework/security/messaging/access/expression/MessageExpressionVoter.java
index dc517a42bb..a98e6c341a 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/access/expression/MessageExpressionVoter.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/access/expression/MessageExpressionVoter.java
@@ -41,6 +41,7 @@ public class MessageExpressionVoter<T> implements AccessDecisionVoter<Message<T>
 
 	private SecurityExpressionHandler<Message<T>> expressionHandler = new DefaultMessageSecurityExpressionHandler<>();
 
+	@Override
 	public int vote(Authentication authentication, Message<T> message, Collection<ConfigAttribute> attributes) {
 		assert authentication != null;
 		assert message != null;
@@ -67,10 +68,12 @@ public class MessageExpressionVoter<T> implements AccessDecisionVoter<Message<T>
 		return null;
 	}
 
+	@Override
 	public boolean supports(ConfigAttribute attribute) {
 		return attribute instanceof MessageExpressionConfigAttribute;
 	}
 
+	@Override
 	public boolean supports(Class<?> clazz) {
 		return Message.class.isAssignableFrom(clazz);
 	}
diff --git a/messaging/src/main/java/org/springframework/security/messaging/access/intercept/ChannelSecurityInterceptor.java b/messaging/src/main/java/org/springframework/security/messaging/access/intercept/ChannelSecurityInterceptor.java
index 6f3c9871a9..7e9071478c 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/access/intercept/ChannelSecurityInterceptor.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/access/intercept/ChannelSecurityInterceptor.java
@@ -64,6 +64,7 @@ public final class ChannelSecurityInterceptor extends AbstractSecurityIntercepto
 		return this.metadataSource;
 	}
 
+	@Override
 	public Message<?> preSend(Message<?> message, MessageChannel channel) {
 		InterceptorStatusToken token = beforeInvocation(message);
 		if (token != null) {
@@ -72,24 +73,29 @@ public final class ChannelSecurityInterceptor extends AbstractSecurityIntercepto
 		return message;
 	}
 
+	@Override
 	public void postSend(Message<?> message, MessageChannel channel, boolean sent) {
 		InterceptorStatusToken token = clearToken();
 		afterInvocation(token, null);
 	}
 
+	@Override
 	public void afterSendCompletion(Message<?> message, MessageChannel channel, boolean sent, Exception ex) {
 		InterceptorStatusToken token = clearToken();
 		finallyInvocation(token);
 	}
 
+	@Override
 	public boolean preReceive(MessageChannel channel) {
 		return true;
 	}
 
+	@Override
 	public Message<?> postReceive(Message<?> message, MessageChannel channel) {
 		return message;
 	}
 
+	@Override
 	public void afterReceiveCompletion(Message<?> message, MessageChannel channel, Exception ex) {
 	}
 
diff --git a/messaging/src/main/java/org/springframework/security/messaging/access/intercept/DefaultMessageSecurityMetadataSource.java b/messaging/src/main/java/org/springframework/security/messaging/access/intercept/DefaultMessageSecurityMetadataSource.java
index 98228e56e9..e7d77c0f32 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/access/intercept/DefaultMessageSecurityMetadataSource.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/access/intercept/DefaultMessageSecurityMetadataSource.java
@@ -49,6 +49,7 @@ public final class DefaultMessageSecurityMetadataSource implements MessageSecuri
 		this.messageMap = messageMap;
 	}
 
+	@Override
 	@SuppressWarnings({ "rawtypes", "unchecked" })
 	public Collection<ConfigAttribute> getAttributes(Object object) throws IllegalArgumentException {
 		final Message message = (Message) object;
@@ -60,6 +61,7 @@ public final class DefaultMessageSecurityMetadataSource implements MessageSecuri
 		return null;
 	}
 
+	@Override
 	public Collection<ConfigAttribute> getAllConfigAttributes() {
 		Set<ConfigAttribute> allAttributes = new HashSet<>();
 
@@ -70,6 +72,7 @@ public final class DefaultMessageSecurityMetadataSource implements MessageSecuri
 		return allAttributes;
 	}
 
+	@Override
 	public boolean supports(Class<?> clazz) {
 		return Message.class.isAssignableFrom(clazz);
 	}
diff --git a/messaging/src/main/java/org/springframework/security/messaging/context/AuthenticationPrincipalArgumentResolver.java b/messaging/src/main/java/org/springframework/security/messaging/context/AuthenticationPrincipalArgumentResolver.java
index ea1869a3d2..c9e5373188 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/context/AuthenticationPrincipalArgumentResolver.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/context/AuthenticationPrincipalArgumentResolver.java
@@ -92,6 +92,7 @@ public final class AuthenticationPrincipalArgumentResolver implements HandlerMet
 	 * org.springframework.messaging.handler.invocation.HandlerMethodArgumentResolver#
 	 * supportsParameter(org.springframework.core.MethodParameter)
 	 */
+	@Override
 	public boolean supportsParameter(MethodParameter parameter) {
 		return findMethodAnnotation(AuthenticationPrincipal.class, parameter) != null;
 	}
@@ -104,6 +105,7 @@ public final class AuthenticationPrincipalArgumentResolver implements HandlerMet
 	 * resolveArgument(org.springframework.core.MethodParameter,
 	 * org.springframework.messaging.Message)
 	 */
+	@Override
 	public Object resolveArgument(MethodParameter parameter, Message<?> message) {
 		Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
 		if (authentication == null) {
diff --git a/messaging/src/main/java/org/springframework/security/messaging/context/SecurityContextChannelInterceptor.java b/messaging/src/main/java/org/springframework/security/messaging/context/SecurityContextChannelInterceptor.java
index ab9ea4c9eb..bfff7c659d 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/context/SecurityContextChannelInterceptor.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/context/SecurityContextChannelInterceptor.java
@@ -96,11 +96,13 @@ public final class SecurityContextChannelInterceptor extends ChannelInterceptorA
 		cleanup();
 	}
 
+	@Override
 	public Message<?> beforeHandle(Message<?> message, MessageChannel channel, MessageHandler handler) {
 		setup(message);
 		return message;
 	}
 
+	@Override
 	public void afterMessageHandled(Message<?> message, MessageChannel channel, MessageHandler handler, Exception ex) {
 		cleanup();
 	}
diff --git a/messaging/src/main/java/org/springframework/security/messaging/handler/invocation/reactive/AuthenticationPrincipalArgumentResolver.java b/messaging/src/main/java/org/springframework/security/messaging/handler/invocation/reactive/AuthenticationPrincipalArgumentResolver.java
index 1e3e90eafd..c2d9fb6483 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/handler/invocation/reactive/AuthenticationPrincipalArgumentResolver.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/handler/invocation/reactive/AuthenticationPrincipalArgumentResolver.java
@@ -122,6 +122,7 @@ public class AuthenticationPrincipalArgumentResolver implements HandlerMethodArg
 		return findMethodAnnotation(AuthenticationPrincipal.class, parameter) != null;
 	}
 
+	@Override
 	public Mono<Object> resolveArgument(MethodParameter parameter, Message<?> message) {
 		ReactiveAdapter adapter = this.adapterRegistry.getAdapter(parameter.getParameterType());
 		return ReactiveSecurityContextHolder.getContext().map(SecurityContext::getAuthentication).flatMap(a -> {
diff --git a/messaging/src/main/java/org/springframework/security/messaging/handler/invocation/reactive/CurrentSecurityContextArgumentResolver.java b/messaging/src/main/java/org/springframework/security/messaging/handler/invocation/reactive/CurrentSecurityContextArgumentResolver.java
index f8ea0528de..ed07e9e893 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/handler/invocation/reactive/CurrentSecurityContextArgumentResolver.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/handler/invocation/reactive/CurrentSecurityContextArgumentResolver.java
@@ -121,6 +121,7 @@ public class CurrentSecurityContextArgumentResolver implements HandlerMethodArgu
 		return findMethodAnnotation(CurrentSecurityContext.class, parameter) != null;
 	}
 
+	@Override
 	public Mono<Object> resolveArgument(MethodParameter parameter, Message<?> message) {
 		ReactiveAdapter adapter = this.adapterRegistry.getAdapter(parameter.getParameterType());
 		return ReactiveSecurityContextHolder.getContext().flatMap(securityContext -> {
diff --git a/messaging/src/main/java/org/springframework/security/messaging/util/matcher/AndMessageMatcher.java b/messaging/src/main/java/org/springframework/security/messaging/util/matcher/AndMessageMatcher.java
index 164d799ecf..f6bcc6ba9d 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/util/matcher/AndMessageMatcher.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/util/matcher/AndMessageMatcher.java
@@ -45,6 +45,7 @@ public final class AndMessageMatcher<T> extends AbstractMessageMatcherComposite<
 
 	}
 
+	@Override
 	public boolean matches(Message<? extends T> message) {
 		for (MessageMatcher<T> matcher : getMessageMatchers()) {
 			if (this.LOGGER.isDebugEnabled()) {
diff --git a/messaging/src/main/java/org/springframework/security/messaging/util/matcher/OrMessageMatcher.java b/messaging/src/main/java/org/springframework/security/messaging/util/matcher/OrMessageMatcher.java
index b7f2a6ace9..62c46719f5 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/util/matcher/OrMessageMatcher.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/util/matcher/OrMessageMatcher.java
@@ -45,6 +45,7 @@ public final class OrMessageMatcher<T> extends AbstractMessageMatcherComposite<T
 
 	}
 
+	@Override
 	public boolean matches(Message<? extends T> message) {
 		for (MessageMatcher<T> matcher : getMessageMatchers()) {
 			if (this.LOGGER.isDebugEnabled()) {
diff --git a/messaging/src/main/java/org/springframework/security/messaging/util/matcher/SimpDestinationMessageMatcher.java b/messaging/src/main/java/org/springframework/security/messaging/util/matcher/SimpDestinationMessageMatcher.java
index fe24d4a766..4d7ff037da 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/util/matcher/SimpDestinationMessageMatcher.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/util/matcher/SimpDestinationMessageMatcher.java
@@ -116,6 +116,7 @@ public final class SimpDestinationMessageMatcher implements MessageMatcher<Objec
 		this.pattern = pattern;
 	}
 
+	@Override
 	public boolean matches(Message<?> message) {
 		if (!this.messageTypeMatcher.matches(message)) {
 			return false;
diff --git a/messaging/src/main/java/org/springframework/security/messaging/web/socket/server/CsrfTokenHandshakeInterceptor.java b/messaging/src/main/java/org/springframework/security/messaging/web/socket/server/CsrfTokenHandshakeInterceptor.java
index 0918f6f2bb..d2dfd2cc99 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/web/socket/server/CsrfTokenHandshakeInterceptor.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/web/socket/server/CsrfTokenHandshakeInterceptor.java
@@ -36,6 +36,7 @@ import org.springframework.web.socket.server.HandshakeInterceptor;
  */
 public final class CsrfTokenHandshakeInterceptor implements HandshakeInterceptor {
 
+	@Override
 	public boolean beforeHandshake(ServerHttpRequest request, ServerHttpResponse response, WebSocketHandler wsHandler,
 			Map<String, Object> attributes) {
 		HttpServletRequest httpRequest = ((ServletServerHttpRequest) request).getServletRequest();
@@ -47,6 +48,7 @@ public final class CsrfTokenHandshakeInterceptor implements HandshakeInterceptor
 		return true;
 	}
 
+	@Override
 	public void afterHandshake(ServerHttpRequest request, ServerHttpResponse response, WebSocketHandler wsHandler,
 			Exception exception) {
 	}
diff --git a/messaging/src/test/java/org/springframework/security/messaging/util/matcher/AndMessageMatcherTests.java b/messaging/src/test/java/org/springframework/security/messaging/util/matcher/AndMessageMatcherTests.java
index 9b98cd63ef..68e50f17e5 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/util/matcher/AndMessageMatcherTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/util/matcher/AndMessageMatcherTests.java
@@ -56,7 +56,7 @@ public class AndMessageMatcherTests {
 	@SuppressWarnings("unchecked")
 	@Test(expected = IllegalArgumentException.class)
 	public void constructorEmptyArray() {
-		new AndMessageMatcher<>((MessageMatcher<Object>[]) new MessageMatcher[0]);
+		new AndMessageMatcher<>(new MessageMatcher[0]);
 	}
 
 	@Test(expected = IllegalArgumentException.class)
diff --git a/messaging/src/test/java/org/springframework/security/messaging/util/matcher/OrMessageMatcherTests.java b/messaging/src/test/java/org/springframework/security/messaging/util/matcher/OrMessageMatcherTests.java
index fb35b0cebf..bc1b89e9c2 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/util/matcher/OrMessageMatcherTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/util/matcher/OrMessageMatcherTests.java
@@ -56,7 +56,7 @@ public class OrMessageMatcherTests {
 	@SuppressWarnings("unchecked")
 	@Test(expected = IllegalArgumentException.class)
 	public void constructorEmptyArray() {
-		new OrMessageMatcher<>((MessageMatcher<Object>[]) new MessageMatcher[0]);
+		new OrMessageMatcher<>(new MessageMatcher[0]);
 	}
 
 	@Test(expected = IllegalArgumentException.class)
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/JsonNodeUtils.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/JsonNodeUtils.java
index ce0d7b65d4..6491424e09 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/JsonNodeUtils.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/JsonNodeUtils.java
@@ -53,7 +53,7 @@ abstract class JsonNodeUtils {
 		}
 		JsonNode nodeValue = jsonNode.findValue(fieldName);
 		if (nodeValue != null && nodeValue.isContainerNode()) {
-			return (T) mapper.convertValue(nodeValue, valueTypeReference);
+			return mapper.convertValue(nodeValue, valueTypeReference);
 		}
 		return null;
 	}
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilter.java
index 2688f65c9d..c1a667c91a 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilter.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilter.java
@@ -235,6 +235,7 @@ public class OAuth2AuthorizationRequestRedirectFilter extends OncePerRequestFilt
 
 	private static final class DefaultThrowableAnalyzer extends ThrowableAnalyzer {
 
+		@Override
 		protected void initExtractorMap() {
 			super.initExtractorMap();
 			registerExtractor(ServletException.class, throwable -> {
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryOAuth2AuthorizedClientServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryOAuth2AuthorizedClientServiceTests.java
index 49af3ef323..ff8f9988db 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryOAuth2AuthorizedClientServiceTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryOAuth2AuthorizedClientServiceTests.java
@@ -81,8 +81,8 @@ public class InMemoryOAuth2AuthorizedClientServiceTests {
 
 		InMemoryOAuth2AuthorizedClientService authorizedClientService = new InMemoryOAuth2AuthorizedClientService(
 				clientRegistrationRepository, authorizedClients);
-		assertThat((OAuth2AuthorizedClient) authorizedClientService.loadAuthorizedClient(registrationId,
-				this.principalName1)).isNotNull();
+		assertThat((Object) authorizedClientService.loadAuthorizedClient(registrationId, this.principalName1))
+				.isNotNull();
 	}
 
 	@Test(expected = IllegalArgumentException.class)
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolverTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolverTests.java
index 44ddf1ef28..108e3f1b1d 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolverTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolverTests.java
@@ -22,6 +22,7 @@ import javax.servlet.http.HttpServletRequest;
 
 import org.junit.Before;
 import org.junit.Test;
+import org.mockito.ArgumentMatchers;
 import org.mockito.Mockito;
 
 import org.springframework.mock.web.MockHttpServletRequest;
@@ -123,10 +124,10 @@ public class DefaultOAuth2AuthorizationRequestResolverTests {
 
 		Mockito.verify(spyRequest, Mockito.never()).getReader();
 		Mockito.verify(spyRequest, Mockito.never()).getInputStream();
-		Mockito.verify(spyRequest, Mockito.never()).getParameter(Mockito.anyString());
+		Mockito.verify(spyRequest, Mockito.never()).getParameter(ArgumentMatchers.anyString());
 		Mockito.verify(spyRequest, Mockito.never()).getParameterMap();
 		Mockito.verify(spyRequest, Mockito.never()).getParameterNames();
-		Mockito.verify(spyRequest, Mockito.never()).getParameterValues(Mockito.anyString());
+		Mockito.verify(spyRequest, Mockito.never()).getParameterValues(ArgumentMatchers.anyString());
 	}
 
 	@Test
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/DefaultOAuth2AuthenticatedPrincipal.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/DefaultOAuth2AuthenticatedPrincipal.java
index e32052c943..66aaf058a5 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/DefaultOAuth2AuthenticatedPrincipal.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/DefaultOAuth2AuthenticatedPrincipal.java
@@ -73,6 +73,7 @@ public final class DefaultOAuth2AuthenticatedPrincipal implements OAuth2Authenti
 	 * Gets the attributes of the OAuth 2.0 token in map form.
 	 * @return a {@link Map} of the attribute's objects keyed by the attribute's names
 	 */
+	@Override
 	public Map<String, Object> getAttributes() {
 		return this.attributes;
 	}
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/IdTokenClaimAccessor.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/IdTokenClaimAccessor.java
index e0900300cc..5628e33f9b 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/IdTokenClaimAccessor.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/IdTokenClaimAccessor.java
@@ -53,6 +53,7 @@ public interface IdTokenClaimAccessor extends StandardClaimAccessor {
 	 * Returns the Subject identifier {@code (sub)}.
 	 * @return the Subject identifier
 	 */
+	@Override
 	default String getSubject() {
 		return this.getClaimAsString(IdTokenClaimNames.SUB);
 	}
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/OidcUser.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/OidcUser.java
index 278bb08742..38c6345b88 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/OidcUser.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/OidcUser.java
@@ -60,6 +60,7 @@ public interface OidcUser extends OAuth2User, IdTokenClaimAccessor {
 	 * {@link #getIdToken()} and {@link #getUserInfo()} (if available).
 	 * @return a {@code Map} of claims about the user
 	 */
+	@Override
 	Map<String, Object> getClaims();
 
 	/**
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveRemoteJWKSource.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveRemoteJWKSource.java
index 922a279ee2..b3652ae3be 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveRemoteJWKSource.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveRemoteJWKSource.java
@@ -52,6 +52,7 @@ class ReactiveRemoteJWKSource implements ReactiveJWKSource {
 		this.jwkSetURL = jwkSetURL;
 	}
 
+	@Override
 	public Mono<List<JWK>> get(JWKSelector jwkSelector) {
 		return this.cachedJWKSet.get().switchIfEmpty(Mono.defer(() -> getJWKSet()))
 				.flatMap(jwkSet -> get(jwkSelector, jwkSet))
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtClaimValidatorTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtClaimValidatorTests.java
index 57d1d28c04..609383ff46 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtClaimValidatorTests.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtClaimValidatorTests.java
@@ -51,8 +51,7 @@ public class JwtClaimValidatorTests {
 
 	@Test
 	public void validateWhenClaimIsNullThenThrowsIllegalArgumentException() {
-		assertThatThrownBy(() -> new JwtClaimValidator<String>(null, test))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatThrownBy(() -> new JwtClaimValidator<>(null, test)).isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtAuthenticationConverterAdapter.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtAuthenticationConverterAdapter.java
index c868cacfdb..a55e130815 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtAuthenticationConverterAdapter.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtAuthenticationConverterAdapter.java
@@ -38,6 +38,7 @@ public class ReactiveJwtAuthenticationConverterAdapter implements Converter<Jwt,
 		this.delegate = delegate;
 	}
 
+	@Override
 	public final Mono<AbstractAuthenticationToken> convert(Jwt jwt) {
 		return Mono.just(jwt).map(this.delegate::convert);
 	}
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/server/ServerBearerTokenAuthenticationConverter.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/server/ServerBearerTokenAuthenticationConverter.java
index d2885fcb4f..37edea4e99 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/server/ServerBearerTokenAuthenticationConverter.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/server/ServerBearerTokenAuthenticationConverter.java
@@ -54,6 +54,7 @@ public class ServerBearerTokenAuthenticationConverter implements ServerAuthentic
 
 	private String bearerTokenHeaderName = HttpHeaders.AUTHORIZATION;
 
+	@Override
 	public Mono<Authentication> convert(ServerWebExchange exchange) {
 		return Mono.fromCallable(() -> token(exchange.getRequest())).map(token -> {
 			if (token.isEmpty()) {
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusOpaqueTokenIntrospectorTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusOpaqueTokenIntrospectorTests.java
index b2791a83cc..5e33638382 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusOpaqueTokenIntrospectorTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusOpaqueTokenIntrospectorTests.java
@@ -223,7 +223,6 @@ public class NimbusOpaqueTokenIntrospectorTests {
 
 		OAuth2AuthenticatedPrincipal principal = introspectionClient.introspect("token");
 		assertThat(principal.getAuthorities()).isEmpty();
-		assertThat((Object) principal.getAttribute("scope")).isNotNull().isInstanceOf(JSONArray.class);
 		JSONArray scope = principal.getAttribute("scope");
 		assertThat(scope).containsExactly("read", "write", "dolphin");
 	}
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/OAuth2IntrospectionAuthenticatedPrincipalTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/OAuth2IntrospectionAuthenticatedPrincipalTests.java
index 2ebc828f33..0a49e6691a 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/OAuth2IntrospectionAuthenticatedPrincipalTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/OAuth2IntrospectionAuthenticatedPrincipalTests.java
@@ -189,18 +189,22 @@ public class OAuth2IntrospectionAuthenticatedPrincipalTests {
 	@Test
 	public void getAttributeWhenGivenKeyThenReturnsValue() {
 		OAuth2AuthenticatedPrincipal principal = new OAuth2IntrospectionAuthenticatedPrincipal(CLAIMS, AUTHORITIES);
+		assertHasEqualAttribute(principal, ACTIVE_CLAIM, ACTIVE_VALUE);
+		assertHasEqualAttribute(principal, CLIENT_ID_CLAIM, CLIENT_ID_VALUE);
+		assertHasEqualAttribute(principal, USERNAME_CLAIM, USERNAME_VALUE);
+		assertHasEqualAttribute(principal, TOKEN_TYPE_CLAIM, TOKEN_TYPE_VALUE);
+		assertHasEqualAttribute(principal, EXP_CLAIM, EXP_VALUE);
+		assertHasEqualAttribute(principal, IAT_CLAIM, IAT_VALUE);
+		assertHasEqualAttribute(principal, NBF_CLAIM, NBF_VALUE);
+		assertHasEqualAttribute(principal, SUB_CLAIM, SUB_VALUE);
+		assertHasEqualAttribute(principal, AUD_CLAIM, AUD_VALUE);
+		assertHasEqualAttribute(principal, ISS_CLAIM, ISS_VALUE);
+		assertHasEqualAttribute(principal, JTI_CLAIM, JTI_VALUE);
+	}
 
-		assertThat((Object) principal.getAttribute(ACTIVE_CLAIM)).isEqualTo(ACTIVE_VALUE);
-		assertThat((Object) principal.getAttribute(CLIENT_ID_CLAIM)).isEqualTo(CLIENT_ID_VALUE);
-		assertThat((Object) principal.getAttribute(USERNAME_CLAIM)).isEqualTo(USERNAME_VALUE);
-		assertThat((Object) principal.getAttribute(TOKEN_TYPE_CLAIM)).isEqualTo(TOKEN_TYPE_VALUE);
-		assertThat((Object) principal.getAttribute(EXP_CLAIM)).isEqualTo(EXP_VALUE);
-		assertThat((Object) principal.getAttribute(IAT_CLAIM)).isEqualTo(IAT_VALUE);
-		assertThat((Object) principal.getAttribute(NBF_CLAIM)).isEqualTo(NBF_VALUE);
-		assertThat((Object) principal.getAttribute(SUB_CLAIM)).isEqualTo(SUB_VALUE);
-		assertThat((Object) principal.getAttribute(AUD_CLAIM)).isEqualTo(AUD_VALUE);
-		assertThat((Object) principal.getAttribute(ISS_CLAIM)).isEqualTo(ISS_VALUE);
-		assertThat((Object) principal.getAttribute(JTI_CLAIM)).isEqualTo(JTI_VALUE);
+	private void assertHasEqualAttribute(OAuth2AuthenticatedPrincipal principal, String name, Object expected) {
+		Object value = principal.getAttribute(name);
+		assertThat(value).isEqualTo(expected);
 	}
 
 }
diff --git a/openid/src/main/java/org/springframework/security/openid/AuthenticationCancelledException.java b/openid/src/main/java/org/springframework/security/openid/AuthenticationCancelledException.java
index 01d9f9840f..2e9435ae63 100644
--- a/openid/src/main/java/org/springframework/security/openid/AuthenticationCancelledException.java
+++ b/openid/src/main/java/org/springframework/security/openid/AuthenticationCancelledException.java
@@ -26,6 +26,7 @@ import org.springframework.security.core.AuthenticationException;
  * migrate</a> to <a href="https://openid.net/connect/">OpenID Connect</a>, which is
  * supported by <code>spring-security-oauth2</code>.
  */
+@Deprecated
 public class AuthenticationCancelledException extends AuthenticationException {
 
 	public AuthenticationCancelledException(String msg) {
diff --git a/openid/src/main/java/org/springframework/security/openid/AxFetchListFactory.java b/openid/src/main/java/org/springframework/security/openid/AxFetchListFactory.java
index 57d5287702..1171feb756 100644
--- a/openid/src/main/java/org/springframework/security/openid/AxFetchListFactory.java
+++ b/openid/src/main/java/org/springframework/security/openid/AxFetchListFactory.java
@@ -31,6 +31,7 @@ import java.util.List;
  * migrate</a> to <a href="https://openid.net/connect/">OpenID Connect</a>, which is
  * supported by <code>spring-security-oauth2</code>.
  */
+@Deprecated
 public interface AxFetchListFactory {
 
 	/**
diff --git a/openid/src/main/java/org/springframework/security/openid/NullAxFetchListFactory.java b/openid/src/main/java/org/springframework/security/openid/NullAxFetchListFactory.java
index 152eb442db..ad8ff48033 100644
--- a/openid/src/main/java/org/springframework/security/openid/NullAxFetchListFactory.java
+++ b/openid/src/main/java/org/springframework/security/openid/NullAxFetchListFactory.java
@@ -26,8 +26,10 @@ import java.util.List;
  * migrate</a> to <a href="https://openid.net/connect/">OpenID Connect</a>, which is
  * supported by <code>spring-security-oauth2</code>.
  */
+@Deprecated
 public class NullAxFetchListFactory implements AxFetchListFactory {
 
+	@Override
 	public List<OpenIDAttribute> createAttributeList(String identifier) {
 		return Collections.emptyList();
 	}
diff --git a/openid/src/main/java/org/springframework/security/openid/OpenID4JavaConsumer.java b/openid/src/main/java/org/springframework/security/openid/OpenID4JavaConsumer.java
index 741b81af09..391e8e152e 100644
--- a/openid/src/main/java/org/springframework/security/openid/OpenID4JavaConsumer.java
+++ b/openid/src/main/java/org/springframework/security/openid/OpenID4JavaConsumer.java
@@ -49,6 +49,7 @@ import org.springframework.util.StringUtils;
  * @author Ray Krueger
  * @author Luke Taylor
  */
+@Deprecated
 @SuppressWarnings("unchecked")
 public class OpenID4JavaConsumer implements OpenIDConsumer {
 
@@ -75,6 +76,7 @@ public class OpenID4JavaConsumer implements OpenIDConsumer {
 		this.attributesToFetchFactory = attributesToFetchFactory;
 	}
 
+	@Override
 	public String beginConsumption(HttpServletRequest req, String identityUrl, String returnToUrl, String realm)
 			throws OpenIDConsumerException {
 		List<DiscoveryInformation> discoveries;
@@ -117,6 +119,7 @@ public class OpenID4JavaConsumer implements OpenIDConsumer {
 		return authReq.getDestinationUrl(true);
 	}
 
+	@Override
 	public OpenIDAuthenticationToken endConsumption(HttpServletRequest request) throws OpenIDConsumerException {
 		// extract the parameters from the authentication response
 		// (which comes in as a HTTP request from the OpenID provider)
diff --git a/openid/src/main/java/org/springframework/security/openid/OpenIDAttribute.java b/openid/src/main/java/org/springframework/security/openid/OpenIDAttribute.java
index c60cb995e6..dcb41d697c 100644
--- a/openid/src/main/java/org/springframework/security/openid/OpenIDAttribute.java
+++ b/openid/src/main/java/org/springframework/security/openid/OpenIDAttribute.java
@@ -34,6 +34,7 @@ import org.springframework.util.Assert;
  * migrate</a> to <a href="https://openid.net/connect/">OpenID Connect</a>, which is
  * supported by <code>spring-security-oauth2</code>.
  */
+@Deprecated
 public class OpenIDAttribute implements Serializable {
 
 	private final String name;
diff --git a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationFilter.java b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationFilter.java
index 97c51d27db..36adebf2c8 100644
--- a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationFilter.java
+++ b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationFilter.java
@@ -75,6 +75,7 @@ import org.springframework.util.StringUtils;
  * migrate</a> to <a href="https://openid.net/connect/">OpenID Connect</a>, which is
  * supported by <code>spring-security-oauth2</code>.
  */
+@Deprecated
 public class OpenIDAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
 
 	public static final String DEFAULT_CLAIMED_IDENTITY_FIELD = "openid_identifier";
diff --git a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationProvider.java b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationProvider.java
index bdc9ee62fc..9defb71032 100644
--- a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationProvider.java
+++ b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationProvider.java
@@ -51,12 +51,14 @@ import org.springframework.util.Assert;
  * migrate</a> to <a href="https://openid.net/connect/">OpenID Connect</a>, which is
  * supported by <code>spring-security-oauth2</code>.
  */
+@Deprecated
 public class OpenIDAuthenticationProvider implements AuthenticationProvider, InitializingBean {
 
 	private AuthenticationUserDetailsService<OpenIDAuthenticationToken> userDetailsService;
 
 	private GrantedAuthoritiesMapper authoritiesMapper = new NullAuthoritiesMapper();
 
+	@Override
 	public void afterPropertiesSet() {
 		Assert.notNull(this.userDetailsService, "The userDetailsService must be set");
 	}
@@ -68,6 +70,7 @@ public class OpenIDAuthenticationProvider implements AuthenticationProvider, Ini
 	 * org.springframework.security.authentication.AuthenticationProvider#authenticate
 	 * (org.springframework.security.Authentication)
 	 */
+	@Override
 	public Authentication authenticate(final Authentication authentication) throws AuthenticationException {
 
 		if (!supports(authentication.getClass())) {
@@ -146,6 +149,7 @@ public class OpenIDAuthenticationProvider implements AuthenticationProvider, Ini
 	 * org.springframework.security.authentication.AuthenticationProvider#supports(java
 	 * .lang.Class)
 	 */
+	@Override
 	public boolean supports(Class<?> authentication) {
 		return OpenIDAuthenticationToken.class.isAssignableFrom(authentication);
 	}
diff --git a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationToken.java b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationToken.java
index f8ba9eb443..bb4d831a36 100644
--- a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationToken.java
+++ b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationToken.java
@@ -32,6 +32,7 @@ import org.springframework.security.core.SpringSecurityCoreVersion;
  * migrate</a> to <a href="https://openid.net/connect/">OpenID Connect</a>, which is
  * supported by <code>spring-security-oauth2</code>.
  */
+@Deprecated
 public class OpenIDAuthenticationToken extends AbstractAuthenticationToken {
 
 	private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
@@ -79,6 +80,7 @@ public class OpenIDAuthenticationToken extends AbstractAuthenticationToken {
 	 * Returns 'null' always, as no credentials are processed by the OpenID provider.
 	 * @see org.springframework.security.core.Authentication#getCredentials()
 	 */
+	@Override
 	public Object getCredentials() {
 		return null;
 	}
@@ -96,6 +98,7 @@ public class OpenIDAuthenticationToken extends AbstractAuthenticationToken {
 	 *
 	 * @see org.springframework.security.core.Authentication#getPrincipal()
 	 */
+	@Override
 	public Object getPrincipal() {
 		return this.principal;
 	}
diff --git a/openid/src/main/java/org/springframework/security/openid/OpenIDConsumer.java b/openid/src/main/java/org/springframework/security/openid/OpenIDConsumer.java
index d49143b9f4..5d8711e32c 100644
--- a/openid/src/main/java/org/springframework/security/openid/OpenIDConsumer.java
+++ b/openid/src/main/java/org/springframework/security/openid/OpenIDConsumer.java
@@ -27,6 +27,7 @@ import javax.servlet.http.HttpServletRequest;
  * migrate</a> to <a href="https://openid.net/connect/">OpenID Connect</a>, which is
  * supported by <code>spring-security-oauth2</code>.
  */
+@Deprecated
 public interface OpenIDConsumer {
 
 	/**
diff --git a/openid/src/main/java/org/springframework/security/openid/OpenIDConsumerException.java b/openid/src/main/java/org/springframework/security/openid/OpenIDConsumerException.java
index 1410eb32c0..66f0b7fb4d 100644
--- a/openid/src/main/java/org/springframework/security/openid/OpenIDConsumerException.java
+++ b/openid/src/main/java/org/springframework/security/openid/OpenIDConsumerException.java
@@ -24,6 +24,7 @@ package org.springframework.security.openid;
  * migrate</a> to <a href="https://openid.net/connect/">OpenID Connect</a>, which is
  * supported by <code>spring-security-oauth2</code>.
  */
+@Deprecated
 public class OpenIDConsumerException extends Exception {
 
 	public OpenIDConsumerException(String message) {
diff --git a/openid/src/main/java/org/springframework/security/openid/RegexBasedAxFetchListFactory.java b/openid/src/main/java/org/springframework/security/openid/RegexBasedAxFetchListFactory.java
index dd86fd276d..a18949ab15 100644
--- a/openid/src/main/java/org/springframework/security/openid/RegexBasedAxFetchListFactory.java
+++ b/openid/src/main/java/org/springframework/security/openid/RegexBasedAxFetchListFactory.java
@@ -29,6 +29,7 @@ import java.util.regex.Pattern;
  * migrate</a> to <a href="https://openid.net/connect/">OpenID Connect</a>, which is
  * supported by <code>spring-security-oauth2</code>.
  */
+@Deprecated
 public class RegexBasedAxFetchListFactory implements AxFetchListFactory {
 
 	private final Map<Pattern, List<OpenIDAttribute>> idToAttributes;
@@ -48,6 +49,7 @@ public class RegexBasedAxFetchListFactory implements AxFetchListFactory {
 	 * Iterates through the patterns stored in the map and returns the list of attributes
 	 * defined for the first match. If no match is found, returns an empty list.
 	 */
+	@Override
 	public List<OpenIDAttribute> createAttributeList(String identifier) {
 		for (Map.Entry<Pattern, List<OpenIDAttribute>> entry : this.idToAttributes.entrySet()) {
 			if (entry.getKey().matcher(identifier).matches()) {
diff --git a/openid/src/test/java/org/springframework/security/openid/MockOpenIDConsumer.java b/openid/src/test/java/org/springframework/security/openid/MockOpenIDConsumer.java
index 1b33455e2c..7c5b7a64ca 100644
--- a/openid/src/test/java/org/springframework/security/openid/MockOpenIDConsumer.java
+++ b/openid/src/test/java/org/springframework/security/openid/MockOpenIDConsumer.java
@@ -24,6 +24,7 @@ import javax.servlet.http.HttpServletRequest;
  * migrate</a> to <a href="https://openid.net/connect/">OpenID Connect</a>, which is
  * supported by <code>spring-security-oauth2</code>.
  */
+@Deprecated
 public class MockOpenIDConsumer implements OpenIDConsumer {
 
 	private OpenIDAuthenticationToken token;
@@ -46,10 +47,12 @@ public class MockOpenIDConsumer implements OpenIDConsumer {
 		this.token = token;
 	}
 
+	@Override
 	public String beginConsumption(HttpServletRequest req, String claimedIdentity, String returnToUrl, String realm) {
 		return this.redirectUrl;
 	}
 
+	@Override
 	public OpenIDAuthenticationToken endConsumption(HttpServletRequest req) {
 		return this.token;
 	}
diff --git a/openid/src/test/java/org/springframework/security/openid/OpenID4JavaConsumerTests.java b/openid/src/test/java/org/springframework/security/openid/OpenID4JavaConsumerTests.java
index e22514236a..aa7b8fa459 100644
--- a/openid/src/test/java/org/springframework/security/openid/OpenID4JavaConsumerTests.java
+++ b/openid/src/test/java/org/springframework/security/openid/OpenID4JavaConsumerTests.java
@@ -49,6 +49,7 @@ import static org.mockito.Mockito.when;
  * migrate</a> to <a href="https://openid.net/connect/">OpenID Connect</a>, which is
  * supported by <code>spring-security-oauth2</code>.
  */
+@Deprecated
 public class OpenID4JavaConsumerTests {
 
 	List<OpenIDAttribute> attributes = Arrays.asList(new OpenIDAttribute("a", "b"),
@@ -228,6 +229,7 @@ public class OpenID4JavaConsumerTests {
 
 	private class MockAttributesFactory implements AxFetchListFactory {
 
+		@Override
 		public List<OpenIDAttribute> createAttributeList(String identifier) {
 			return OpenID4JavaConsumerTests.this.attributes;
 		}
diff --git a/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationFilterTests.java b/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationFilterTests.java
index e2883a94a0..eaee4fa19b 100644
--- a/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationFilterTests.java
+++ b/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationFilterTests.java
@@ -41,6 +41,7 @@ import static org.mockito.Mockito.verify;
  * migrate</a> to <a href="https://openid.net/connect/">OpenID Connect</a>, which is
  * supported by <code>spring-security-oauth2</code>.
  */
+@Deprecated
 public class OpenIDAuthenticationFilterTests {
 
 	OpenIDAuthenticationFilter filter;
@@ -78,6 +79,7 @@ public class OpenIDAuthenticationFilterTests {
 		req.setRemoteHost("www.example.com");
 
 		this.filter.setConsumer(new MockOpenIDConsumer() {
+			@Override
 			public String beginConsumption(HttpServletRequest req, String claimedIdentity, String returnToUrl,
 					String realm) {
 				assertThat(claimedIdentity).isEqualTo(CLAIMED_IDENTITY_URL);
diff --git a/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationProviderTests.java b/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationProviderTests.java
index de3e1a6b3d..a25391b8c0 100644
--- a/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationProviderTests.java
+++ b/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationProviderTests.java
@@ -42,6 +42,7 @@ import static org.assertj.core.api.Assertions.fail;
  * migrate</a> to <a href="https://openid.net/connect/">OpenID Connect</a>, which is
  * supported by <code>spring-security-oauth2</code>.
  */
+@Deprecated
 public class OpenIDAuthenticationProviderTests {
 
 	private static final String USERNAME = "user.acegiopenid.com";
@@ -241,6 +242,7 @@ public class OpenIDAuthenticationProviderTests {
 
 	static class MockUserDetailsService implements UserDetailsService {
 
+		@Override
 		public UserDetails loadUserByUsername(String ssoUserId) throws AuthenticationException {
 			return new User(ssoUserId, "password", true, true, true, true,
 					AuthorityUtils.createAuthorityList("ROLE_A", "ROLE_B"));
diff --git a/remoting/src/main/java/org/springframework/security/remoting/dns/JndiDnsResolver.java b/remoting/src/main/java/org/springframework/security/remoting/dns/JndiDnsResolver.java
index ef2c63858c..5bfcb31f9b 100644
--- a/remoting/src/main/java/org/springframework/security/remoting/dns/JndiDnsResolver.java
+++ b/remoting/src/main/java/org/springframework/security/remoting/dns/JndiDnsResolver.java
@@ -61,6 +61,7 @@ public class JndiDnsResolver implements DnsResolver {
 	 * org.springframework.security.remoting.dns.DnsResolver#resolveIpAddress(java.lang
 	 * .String)
 	 */
+	@Override
 	public String resolveIpAddress(String hostname) {
 		return resolveIpAddress(hostname, this.ctxFactory.getCtx());
 	}
@@ -72,6 +73,7 @@ public class JndiDnsResolver implements DnsResolver {
 	 * org.springframework.security.remoting.dns.DnsResolver#resolveServiceEntry(java.
 	 * lang.String, java.lang.String)
 	 */
+	@Override
 	public String resolveServiceEntry(String serviceType, String domain) {
 		return resolveServiceEntry(serviceType, domain, this.ctxFactory.getCtx());
 	}
@@ -83,6 +85,7 @@ public class JndiDnsResolver implements DnsResolver {
 	 * org.springframework.security.remoting.dns.DnsResolver#resolveServiceIpAddress(java
 	 * .lang.String, java.lang.String)
 	 */
+	@Override
 	public String resolveServiceIpAddress(String serviceType, String domain) {
 		DirContext ctx = this.ctxFactory.getCtx();
 		String hostname = resolveServiceEntry(serviceType, domain, ctx);
@@ -165,6 +168,7 @@ public class JndiDnsResolver implements DnsResolver {
 
 	private static class DefaultInitialContextFactory implements InitialContextFactory {
 
+		@Override
 		public DirContext getCtx() {
 			Hashtable<String, String> env = new Hashtable<>();
 			env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.dns.DnsContextFactory");
diff --git a/remoting/src/main/java/org/springframework/security/remoting/httpinvoker/AuthenticationSimpleHttpInvokerRequestExecutor.java b/remoting/src/main/java/org/springframework/security/remoting/httpinvoker/AuthenticationSimpleHttpInvokerRequestExecutor.java
index 789e77ceb4..648c886428 100644
--- a/remoting/src/main/java/org/springframework/security/remoting/httpinvoker/AuthenticationSimpleHttpInvokerRequestExecutor.java
+++ b/remoting/src/main/java/org/springframework/security/remoting/httpinvoker/AuthenticationSimpleHttpInvokerRequestExecutor.java
@@ -66,6 +66,7 @@ public class AuthenticationSimpleHttpInvokerRequestExecutor extends SimpleHttpIn
 	 * @param contentLength the length of the content to send
 	 * @throws IOException if thrown by HttpURLConnection methods
 	 */
+	@Override
 	protected void prepareConnection(HttpURLConnection con, int contentLength) throws IOException {
 		super.prepareConnection(con, contentLength);
 
diff --git a/remoting/src/main/java/org/springframework/security/remoting/rmi/ContextPropagatingRemoteInvocation.java b/remoting/src/main/java/org/springframework/security/remoting/rmi/ContextPropagatingRemoteInvocation.java
index 6967ee7ff2..844fd6ec42 100644
--- a/remoting/src/main/java/org/springframework/security/remoting/rmi/ContextPropagatingRemoteInvocation.java
+++ b/remoting/src/main/java/org/springframework/security/remoting/rmi/ContextPropagatingRemoteInvocation.java
@@ -91,6 +91,7 @@ public class ContextPropagatingRemoteInvocation extends RemoteInvocation {
 	 * @throws IllegalAccessException if the method could not be accessed
 	 * @throws InvocationTargetException if the method invocation resulted in an exception
 	 */
+	@Override
 	public Object invoke(Object targetObject)
 			throws NoSuchMethodException, IllegalAccessException, InvocationTargetException {
 
diff --git a/remoting/src/main/java/org/springframework/security/remoting/rmi/ContextPropagatingRemoteInvocationFactory.java b/remoting/src/main/java/org/springframework/security/remoting/rmi/ContextPropagatingRemoteInvocationFactory.java
index 8436e8efa5..6ea30971a4 100644
--- a/remoting/src/main/java/org/springframework/security/remoting/rmi/ContextPropagatingRemoteInvocationFactory.java
+++ b/remoting/src/main/java/org/springframework/security/remoting/rmi/ContextPropagatingRemoteInvocationFactory.java
@@ -35,6 +35,7 @@ import org.springframework.remoting.support.RemoteInvocationFactory;
  */
 public class ContextPropagatingRemoteInvocationFactory implements RemoteInvocationFactory {
 
+	@Override
 	public RemoteInvocation createRemoteInvocation(MethodInvocation methodInvocation) {
 		return new ContextPropagatingRemoteInvocation(methodInvocation);
 	}
diff --git a/remoting/src/test/java/org/springframework/security/remoting/httpinvoker/AuthenticationSimpleHttpInvokerRequestExecutorTests.java b/remoting/src/test/java/org/springframework/security/remoting/httpinvoker/AuthenticationSimpleHttpInvokerRequestExecutorTests.java
index e6d1ad584a..e6b75ac958 100644
--- a/remoting/src/test/java/org/springframework/security/remoting/httpinvoker/AuthenticationSimpleHttpInvokerRequestExecutorTests.java
+++ b/remoting/src/test/java/org/springframework/security/remoting/httpinvoker/AuthenticationSimpleHttpInvokerRequestExecutorTests.java
@@ -102,22 +102,27 @@ public class AuthenticationSimpleHttpInvokerRequestExecutorTests {
 			super(u);
 		}
 
+		@Override
 		public void connect() {
 			throw new UnsupportedOperationException("mock not implemented");
 		}
 
+		@Override
 		public void disconnect() {
 			throw new UnsupportedOperationException("mock not implemented");
 		}
 
+		@Override
 		public String getRequestProperty(String key) {
 			return this.requestProperties.get(key);
 		}
 
+		@Override
 		public void setRequestProperty(String key, String value) {
 			this.requestProperties.put(key, value);
 		}
 
+		@Override
 		public boolean usingProxy() {
 			throw new UnsupportedOperationException("mock not implemented");
 		}
diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadExchangeConverter.java b/rsocket/src/main/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadExchangeConverter.java
index cc084f6e07..aaf4f1c3ac 100644
--- a/rsocket/src/main/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadExchangeConverter.java
+++ b/rsocket/src/main/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadExchangeConverter.java
@@ -61,8 +61,8 @@ public class AuthenticationPayloadExchangeConverter implements PayloadExchangeAu
 	@Override
 	public Mono<Authentication> convert(PayloadExchange exchange) {
 		return Mono
-				.fromCallable(
-						() -> this.metadataExtractor.extract(exchange.getPayload(), this.COMPOSITE_METADATA_MIME_TYPE))
+				.fromCallable(() -> this.metadataExtractor.extract(exchange.getPayload(),
+						AuthenticationPayloadExchangeConverter.COMPOSITE_METADATA_MIME_TYPE))
 				.flatMap(metadata -> Mono.justOrEmpty(authentication(metadata)));
 	}
 
diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadInterceptor.java b/rsocket/src/main/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadInterceptor.java
index 468ca39add..6a3e94b2a6 100644
--- a/rsocket/src/main/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadInterceptor.java
+++ b/rsocket/src/main/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadInterceptor.java
@@ -70,6 +70,7 @@ public class AuthenticationPayloadInterceptor implements PayloadInterceptor, Ord
 		this.authenticationConverter = authenticationConverter;
 	}
 
+	@Override
 	public Mono<Void> intercept(PayloadExchange exchange, PayloadInterceptorChain chain) {
 		return this.authenticationConverter.convert(exchange).switchIfEmpty(chain.next(exchange).then(Mono.empty()))
 				.flatMap(a -> this.authenticationManager.authenticate(a))
diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/core/ContextPayloadInterceptorChain.java b/rsocket/src/main/java/org/springframework/security/rsocket/core/ContextPayloadInterceptorChain.java
index 319ba043cb..601abccd90 100644
--- a/rsocket/src/main/java/org/springframework/security/rsocket/core/ContextPayloadInterceptorChain.java
+++ b/rsocket/src/main/java/org/springframework/security/rsocket/core/ContextPayloadInterceptorChain.java
@@ -73,6 +73,7 @@ class ContextPayloadInterceptorChain implements PayloadInterceptorChain {
 		this.next = next;
 	}
 
+	@Override
 	public Mono<Void> next(PayloadExchange exchange) {
 		return Mono.defer(() -> shouldIntercept() ? this.currentInterceptor.intercept(exchange, this.next)
 				: Mono.subscriberContext().doOnNext(c -> this.context = c).then());
diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/util/matcher/PayloadExchangeMatchers.java b/rsocket/src/main/java/org/springframework/security/rsocket/util/matcher/PayloadExchangeMatchers.java
index 264715cdb0..4285f158e4 100644
--- a/rsocket/src/main/java/org/springframework/security/rsocket/util/matcher/PayloadExchangeMatchers.java
+++ b/rsocket/src/main/java/org/springframework/security/rsocket/util/matcher/PayloadExchangeMatchers.java
@@ -28,6 +28,7 @@ public abstract class PayloadExchangeMatchers {
 
 	public static PayloadExchangeMatcher setup() {
 		return new PayloadExchangeMatcher() {
+			@Override
 			public Mono<MatchResult> matches(PayloadExchange exchange) {
 				return PayloadExchangeType.SETUP.equals(exchange.getType()) ? MatchResult.match()
 						: MatchResult.notMatch();
@@ -37,6 +38,7 @@ public abstract class PayloadExchangeMatchers {
 
 	public static PayloadExchangeMatcher anyRequest() {
 		return new PayloadExchangeMatcher() {
+			@Override
 			public Mono<MatchResult> matches(PayloadExchange exchange) {
 				return exchange.getType().isRequest() ? MatchResult.match() : MatchResult.notMatch();
 			}
@@ -45,6 +47,7 @@ public abstract class PayloadExchangeMatchers {
 
 	public static PayloadExchangeMatcher anyExchange() {
 		return new PayloadExchangeMatcher() {
+			@Override
 			public Mono<MatchResult> matches(PayloadExchange exchange) {
 				return MatchResult.match();
 			}
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/core/Saml2X509Credential.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/core/Saml2X509Credential.java
index 4ce1cd7530..eada82bdd5 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/core/Saml2X509Credential.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/core/Saml2X509Credential.java
@@ -199,10 +199,12 @@ public final class Saml2X509Credential {
 
 	@Override
 	public boolean equals(Object o) {
-		if (this == o)
+		if (this == o) {
 			return true;
-		if (o == null || getClass() != o.getClass())
+		}
+		if (o == null || getClass() != o.getClass()) {
 			return false;
+		}
 		Saml2X509Credential that = (Saml2X509Credential) o;
 		return Objects.equals(this.privateKey, that.privateKey) && this.certificate.equals(that.certificate)
 				&& this.credentialTypes.equals(that.credentialTypes);
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/credentials/Saml2X509Credential.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/credentials/Saml2X509Credential.java
index 648cb0d715..03a5e5a3cc 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/credentials/Saml2X509Credential.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/credentials/Saml2X509Credential.java
@@ -173,10 +173,12 @@ public class Saml2X509Credential {
 
 	@Override
 	public boolean equals(Object o) {
-		if (this == o)
+		if (this == o) {
 			return true;
-		if (o == null || getClass() != o.getClass())
+		}
+		if (o == null || getClass() != o.getClass()) {
 			return false;
+		}
 		Saml2X509Credential that = (Saml2X509Credential) o;
 		return Objects.equals(this.privateKey, that.privateKey) && this.certificate.equals(that.certificate)
 				&& this.credentialTypes.equals(that.credentialTypes);
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistration.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistration.java
index f739e7e427..7a5db9ed5d 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistration.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistration.java
@@ -28,8 +28,6 @@ import java.util.function.Consumer;
 import java.util.function.Function;
 
 import org.springframework.security.saml2.core.Saml2X509Credential;
-import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails;
-import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.ProviderDetails;
 import org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationFilter;
 import org.springframework.util.Assert;
 
diff --git a/taglibs/src/main/java/org/springframework/security/taglibs/authz/AccessControlListTag.java b/taglibs/src/main/java/org/springframework/security/taglibs/authz/AccessControlListTag.java
index 9da1c52e56..e893bb8d1e 100644
--- a/taglibs/src/main/java/org/springframework/security/taglibs/authz/AccessControlListTag.java
+++ b/taglibs/src/main/java/org/springframework/security/taglibs/authz/AccessControlListTag.java
@@ -66,6 +66,7 @@ public class AccessControlListTag extends TagSupport {
 
 	private String var;
 
+	@Override
 	public int doStartTag() throws JspException {
 		if ((null == this.hasPermission) || "".equals(this.hasPermission)) {
 			return skipBody();
diff --git a/taglibs/src/main/java/org/springframework/security/taglibs/authz/AuthenticationTag.java b/taglibs/src/main/java/org/springframework/security/taglibs/authz/AuthenticationTag.java
index 25eb513c6f..993877a851 100644
--- a/taglibs/src/main/java/org/springframework/security/taglibs/authz/AuthenticationTag.java
+++ b/taglibs/src/main/java/org/springframework/security/taglibs/authz/AuthenticationTag.java
@@ -76,10 +76,12 @@ public class AuthenticationTag extends TagSupport {
 		this.scopeSpecified = true;
 	}
 
+	@Override
 	public int doStartTag() throws JspException {
 		return super.doStartTag();
 	}
 
+	@Override
 	public int doEndTag() throws JspException {
 		Object result = null;
 		// determine the value by...
diff --git a/taglibs/src/main/java/org/springframework/security/taglibs/authz/JspAuthorizeTag.java b/taglibs/src/main/java/org/springframework/security/taglibs/authz/JspAuthorizeTag.java
index 74f3669c49..2cb8acdd86 100644
--- a/taglibs/src/main/java/org/springframework/security/taglibs/authz/JspAuthorizeTag.java
+++ b/taglibs/src/main/java/org/springframework/security/taglibs/authz/JspAuthorizeTag.java
@@ -63,6 +63,7 @@ public class JspAuthorizeTag extends AbstractAuthorizeTag implements Tag {
 	 * the body of the tag should be skipped or not.
 	 * @return {@link Tag#SKIP_BODY} or {@link Tag#EVAL_BODY_INCLUDE}
 	 */
+	@Override
 	public int doStartTag() throws JspException {
 		try {
 			this.authorized = super.authorize();
@@ -93,6 +94,7 @@ public class JspAuthorizeTag extends AbstractAuthorizeTag implements Tag {
 	 * @return EVAL_PAGE
 	 * @see Tag#doEndTag()
 	 */
+	@Override
 	public int doEndTag() throws JspException {
 		try {
 			if (!this.authorized && TagLibConfig.isUiSecurityDisabled()) {
@@ -114,10 +116,12 @@ public class JspAuthorizeTag extends AbstractAuthorizeTag implements Tag {
 		this.id = id;
 	}
 
+	@Override
 	public Tag getParent() {
 		return this.parent;
 	}
 
+	@Override
 	public void setParent(Tag parent) {
 		this.parent = parent;
 	}
@@ -130,11 +134,13 @@ public class JspAuthorizeTag extends AbstractAuthorizeTag implements Tag {
 		this.var = var;
 	}
 
+	@Override
 	public void release() {
 		this.parent = null;
 		this.id = null;
 	}
 
+	@Override
 	public void setPageContext(PageContext pageContext) {
 		this.pageContext = pageContext;
 	}
@@ -162,46 +168,57 @@ public class JspAuthorizeTag extends AbstractAuthorizeTag implements Tag {
 			this.delegate = delegate;
 		}
 
+		@Override
 		public TypedValue getRootObject() {
 			return this.delegate.getRootObject();
 		}
 
+		@Override
 		public List<ConstructorResolver> getConstructorResolvers() {
 			return this.delegate.getConstructorResolvers();
 		}
 
+		@Override
 		public List<MethodResolver> getMethodResolvers() {
 			return this.delegate.getMethodResolvers();
 		}
 
+		@Override
 		public List<PropertyAccessor> getPropertyAccessors() {
 			return this.delegate.getPropertyAccessors();
 		}
 
+		@Override
 		public TypeLocator getTypeLocator() {
 			return this.delegate.getTypeLocator();
 		}
 
+		@Override
 		public TypeConverter getTypeConverter() {
 			return this.delegate.getTypeConverter();
 		}
 
+		@Override
 		public TypeComparator getTypeComparator() {
 			return this.delegate.getTypeComparator();
 		}
 
+		@Override
 		public OperatorOverloader getOperatorOverloader() {
 			return this.delegate.getOperatorOverloader();
 		}
 
+		@Override
 		public BeanResolver getBeanResolver() {
 			return this.delegate.getBeanResolver();
 		}
 
+		@Override
 		public void setVariable(String name, Object value) {
 			this.delegate.setVariable(name, value);
 		}
 
+		@Override
 		public Object lookupVariable(String name) {
 			Object result = this.delegate.lookupVariable(name);
 
diff --git a/taglibs/src/test/java/org/springframework/security/taglibs/authz/AuthenticationTagTests.java b/taglibs/src/test/java/org/springframework/security/taglibs/authz/AuthenticationTagTests.java
index f91977a420..09ee82c7dd 100644
--- a/taglibs/src/test/java/org/springframework/security/taglibs/authz/AuthenticationTagTests.java
+++ b/taglibs/src/test/java/org/springframework/security/taglibs/authz/AuthenticationTagTests.java
@@ -148,6 +148,7 @@ public class AuthenticationTagTests {
 			return this.lastMessage;
 		}
 
+		@Override
 		protected void writeMessage(String msg) {
 			this.lastMessage = msg;
 		}
diff --git a/taglibs/src/test/java/org/springframework/security/taglibs/authz/AuthorizeTagTests.java b/taglibs/src/test/java/org/springframework/security/taglibs/authz/AuthorizeTagTests.java
index 5e78631b89..c89a4f6975 100644
--- a/taglibs/src/test/java/org/springframework/security/taglibs/authz/AuthorizeTagTests.java
+++ b/taglibs/src/test/java/org/springframework/security/taglibs/authz/AuthorizeTagTests.java
@@ -152,10 +152,12 @@ public class AuthorizeTagTests {
 
 	public static class MockWebInvocationPrivilegeEvaluator implements WebInvocationPrivilegeEvaluator {
 
+		@Override
 		public boolean isAllowed(String uri, Authentication authentication) {
 			return "/allowed".equals(uri);
 		}
 
+		@Override
 		public boolean isAllowed(String contextPath, String uri, String method, Authentication authentication) {
 			return "/allowed".equals(uri) && (method == null || "GET".equals(method));
 		}
diff --git a/taglibs/src/test/java/org/springframework/security/taglibs/csrf/AbstractCsrfTagTests.java b/taglibs/src/test/java/org/springframework/security/taglibs/csrf/AbstractCsrfTagTests.java
index eaa680f080..2075eaba4b 100644
--- a/taglibs/src/test/java/org/springframework/security/taglibs/csrf/AbstractCsrfTagTests.java
+++ b/taglibs/src/test/java/org/springframework/security/taglibs/csrf/AbstractCsrfTagTests.java
@@ -18,7 +18,7 @@ package org.springframework.security.taglibs.csrf;
 import java.io.UnsupportedEncodingException;
 
 import javax.servlet.jsp.JspException;
-import javax.servlet.jsp.tagext.TagSupport;
+import javax.servlet.jsp.tagext.Tag;
 
 import org.junit.Before;
 import org.junit.Test;
@@ -60,7 +60,7 @@ public class AbstractCsrfTagTests {
 
 		int returned = this.tag.doEndTag();
 
-		assertThat(returned).as("The returned value is not correct.").isEqualTo(TagSupport.EVAL_PAGE);
+		assertThat(returned).as("The returned value is not correct.").isEqualTo(Tag.EVAL_PAGE);
 		assertThat(this.response.getContentAsString()).withFailMessage("The output value is not correct.")
 				.isEqualTo("");
 	}
@@ -75,7 +75,7 @@ public class AbstractCsrfTagTests {
 
 		int returned = this.tag.doEndTag();
 
-		assertThat(returned).as("The returned value is not correct.").isEqualTo(TagSupport.EVAL_PAGE);
+		assertThat(returned).as("The returned value is not correct.").isEqualTo(Tag.EVAL_PAGE);
 		assertThat(this.response.getContentAsString()).withFailMessage("The output value is not correct.")
 				.isEqualTo("fooBarBazQux");
 		assertThat(this.tag.token).as("The token is not correct.").isSameAs(token);
@@ -91,7 +91,7 @@ public class AbstractCsrfTagTests {
 
 		int returned = this.tag.doEndTag();
 
-		assertThat(returned).as("The returned value is not correct.").isEqualTo(TagSupport.EVAL_PAGE);
+		assertThat(returned).as("The returned value is not correct.").isEqualTo(Tag.EVAL_PAGE);
 		assertThat(this.response.getContentAsString()).withFailMessage("The output value is not correct.")
 				.isEqualTo("<input type=\"hidden\" />");
 		assertThat(this.tag.token).as("The token is not correct.").isSameAs(token);
diff --git a/test/src/main/java/org/springframework/security/test/context/support/WithAnonymousUserSecurityContextFactory.java b/test/src/main/java/org/springframework/security/test/context/support/WithAnonymousUserSecurityContextFactory.java
index b5e35ee06c..8a02e2cca9 100644
--- a/test/src/main/java/org/springframework/security/test/context/support/WithAnonymousUserSecurityContextFactory.java
+++ b/test/src/main/java/org/springframework/security/test/context/support/WithAnonymousUserSecurityContextFactory.java
@@ -34,6 +34,7 @@ import org.springframework.security.core.context.SecurityContextHolder;
  */
 final class WithAnonymousUserSecurityContextFactory implements WithSecurityContextFactory<WithAnonymousUser> {
 
+	@Override
 	public SecurityContext createSecurityContext(WithAnonymousUser withUser) {
 		List<GrantedAuthority> authorities = AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS");
 		Authentication authentication = new AnonymousAuthenticationToken("key", "anonymous", authorities);
diff --git a/test/src/main/java/org/springframework/security/test/context/support/WithMockUserSecurityContextFactory.java b/test/src/main/java/org/springframework/security/test/context/support/WithMockUserSecurityContextFactory.java
index 5de64847e2..9256f535b2 100644
--- a/test/src/main/java/org/springframework/security/test/context/support/WithMockUserSecurityContextFactory.java
+++ b/test/src/main/java/org/springframework/security/test/context/support/WithMockUserSecurityContextFactory.java
@@ -37,6 +37,7 @@ import org.springframework.util.StringUtils;
  */
 final class WithMockUserSecurityContextFactory implements WithSecurityContextFactory<WithMockUser> {
 
+	@Override
 	public SecurityContext createSecurityContext(WithMockUser withUser) {
 		String username = StringUtils.hasLength(withUser.username()) ? withUser.username() : withUser.value();
 		if (username == null) {
diff --git a/test/src/main/java/org/springframework/security/test/context/support/WithUserDetailsSecurityContextFactory.java b/test/src/main/java/org/springframework/security/test/context/support/WithUserDetailsSecurityContextFactory.java
index c1be09f80c..a9405e97c1 100644
--- a/test/src/main/java/org/springframework/security/test/context/support/WithUserDetailsSecurityContextFactory.java
+++ b/test/src/main/java/org/springframework/security/test/context/support/WithUserDetailsSecurityContextFactory.java
@@ -51,6 +51,7 @@ final class WithUserDetailsSecurityContextFactory implements WithSecurityContext
 		this.beans = beans;
 	}
 
+	@Override
 	public SecurityContext createSecurityContext(WithUserDetails withUser) {
 		String beanName = withUser.userDetailsServiceBeanName();
 		UserDetailsService userDetailsService = findUserDetailsService(beanName);
diff --git a/test/src/main/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurers.java b/test/src/main/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurers.java
index 6fc1d68fef..0cb5af1762 100644
--- a/test/src/main/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurers.java
+++ b/test/src/main/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurers.java
@@ -107,6 +107,7 @@ public class SecurityMockServerConfigurers {
 	 */
 	public static MockServerConfigurer springSecurity() {
 		return new MockServerConfigurer() {
+			@Override
 			public void beforeServerCreated(WebHttpHandlerBuilder builder) {
 				builder.filters(filters -> filters.add(0, new MutatorFilter()));
 			}
diff --git a/test/src/test/java/org/springframework/security/test/context/showcase/CustomUserDetails.java b/test/src/test/java/org/springframework/security/test/context/showcase/CustomUserDetails.java
index 5256b9f112..6fa4da4309 100644
--- a/test/src/test/java/org/springframework/security/test/context/showcase/CustomUserDetails.java
+++ b/test/src/test/java/org/springframework/security/test/context/showcase/CustomUserDetails.java
@@ -38,30 +38,37 @@ public class CustomUserDetails implements UserDetails {
 		this.authorities = AuthorityUtils.createAuthorityList("ROLE_USER");
 	}
 
+	@Override
 	public Collection<? extends GrantedAuthority> getAuthorities() {
 		return this.authorities;
 	}
 
+	@Override
 	public String getPassword() {
 		return null;
 	}
 
+	@Override
 	public String getUsername() {
 		return this.username;
 	}
 
+	@Override
 	public boolean isAccountNonExpired() {
 		return true;
 	}
 
+	@Override
 	public boolean isAccountNonLocked() {
 		return true;
 	}
 
+	@Override
 	public boolean isCredentialsNonExpired() {
 		return true;
 	}
 
+	@Override
 	public boolean isEnabled() {
 		return true;
 	}
diff --git a/test/src/test/java/org/springframework/security/test/context/showcase/WithMockCustomUserSecurityContextFactory.java b/test/src/test/java/org/springframework/security/test/context/showcase/WithMockCustomUserSecurityContextFactory.java
index 0a829c8039..a02086265e 100644
--- a/test/src/test/java/org/springframework/security/test/context/showcase/WithMockCustomUserSecurityContextFactory.java
+++ b/test/src/test/java/org/springframework/security/test/context/showcase/WithMockCustomUserSecurityContextFactory.java
@@ -26,6 +26,7 @@ import org.springframework.security.test.context.support.WithSecurityContextFact
  */
 public class WithMockCustomUserSecurityContextFactory implements WithSecurityContextFactory<WithMockCustomUser> {
 
+	@Override
 	public SecurityContext createSecurityContext(WithMockCustomUser customUser) {
 		SecurityContext context = SecurityContextHolder.createEmptyContext();
 
diff --git a/test/src/test/java/org/springframework/security/test/context/showcase/WithUserDetailsTests.java b/test/src/test/java/org/springframework/security/test/context/showcase/WithUserDetailsTests.java
index 19e6a1b5e0..29cbaebbc5 100644
--- a/test/src/test/java/org/springframework/security/test/context/showcase/WithUserDetailsTests.java
+++ b/test/src/test/java/org/springframework/security/test/context/showcase/WithUserDetailsTests.java
@@ -101,6 +101,7 @@ public class WithUserDetailsTests {
 
 	static class CustomUserDetailsService implements UserDetailsService {
 
+		@Override
 		public UserDetails loadUserByUsername(final String username) throws UsernameNotFoundException {
 			return new CustomUserDetails("name", username);
 		}
diff --git a/test/src/test/java/org/springframework/security/test/context/showcase/service/HelloMessageService.java b/test/src/test/java/org/springframework/security/test/context/showcase/service/HelloMessageService.java
index 93fc0048e1..df1e05f8e0 100644
--- a/test/src/test/java/org/springframework/security/test/context/showcase/service/HelloMessageService.java
+++ b/test/src/test/java/org/springframework/security/test/context/showcase/service/HelloMessageService.java
@@ -26,6 +26,7 @@ import org.springframework.stereotype.Component;
 @Component
 public class HelloMessageService implements MessageService {
 
+	@Override
 	@PreAuthorize("authenticated")
 	public String getMessage() {
 		Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/response/SecurityMockMvcResultMatchersTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/response/SecurityMockMvcResultMatchersTests.java
index 30a1c4b004..519e1cda84 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/response/SecurityMockMvcResultMatchersTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/response/SecurityMockMvcResultMatchersTests.java
@@ -99,6 +99,7 @@ public class SecurityMockMvcResultMatchersTests {
 	@EnableWebMvc
 	static class Config extends WebSecurityConfigurerAdapter {
 
+		@Override
 		@Bean
 		public UserDetailsService userDetailsService() {
 			// @formatter:off
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/response/SecurityMockWithAuthoritiesMvcResultMatchersTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/response/SecurityMockWithAuthoritiesMvcResultMatchersTests.java
index 799df7f5cb..962a73c18c 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/response/SecurityMockWithAuthoritiesMvcResultMatchersTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/response/SecurityMockWithAuthoritiesMvcResultMatchersTests.java
@@ -79,6 +79,7 @@ public class SecurityMockWithAuthoritiesMvcResultMatchersTests {
 	@EnableWebMvc
 	static class Config extends WebSecurityConfigurerAdapter {
 
+		@Override
 		@Bean
 		public UserDetailsService userDetailsService() {
 			// @formatter:off
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/AuthenticationTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/AuthenticationTests.java
index e76bcc76c9..a691ae79fa 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/AuthenticationTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/AuthenticationTests.java
@@ -88,6 +88,7 @@ public class AuthenticationTests {
 	@EnableWebMvc
 	static class Config extends WebSecurityConfigurerAdapter {
 
+		@Override
 		@Bean
 		public UserDetailsService userDetailsService() {
 			// @formatter:off
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomConfigAuthenticationTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomConfigAuthenticationTests.java
index 60c13fb06e..2ea703fd48 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomConfigAuthenticationTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomConfigAuthenticationTests.java
@@ -107,6 +107,7 @@ public class CustomConfigAuthenticationTests {
 		}
 
 		// @formatter:off
+		@Override
 		@Bean
 		public UserDetailsService userDetailsService() {
 			UserDetails user = User.withDefaultPasswordEncoder().username("user").password("password").roles("USER").build();
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomLoginRequestBuilderAuthenticationTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomLoginRequestBuilderAuthenticationTests.java
index e5a35f2e59..7e46f5bcc2 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomLoginRequestBuilderAuthenticationTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomLoginRequestBuilderAuthenticationTests.java
@@ -94,6 +94,7 @@ public class CustomLoginRequestBuilderAuthenticationTests {
 		}
 
 		// @formatter:off
+		@Override
 		@Bean
 		public UserDetailsService userDetailsService() {
 			UserDetails user = User.withDefaultPasswordEncoder().username("user").password("password").roles("USER").build();
diff --git a/web/src/main/java/org/springframework/security/web/DefaultRedirectStrategy.java b/web/src/main/java/org/springframework/security/web/DefaultRedirectStrategy.java
index 13bab7101d..32379c2b61 100644
--- a/web/src/main/java/org/springframework/security/web/DefaultRedirectStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/DefaultRedirectStrategy.java
@@ -46,6 +46,7 @@ public class DefaultRedirectStrategy implements RedirectStrategy {
 	 * information (HTTP or HTTPS), so will cause problems if a redirect is being
 	 * performed to change to HTTPS, for example.
 	 */
+	@Override
 	public void sendRedirect(HttpServletRequest request, HttpServletResponse response, String url) throws IOException {
 		String redirectUrl = calculateRedirectUrl(request.getContextPath(), url);
 		redirectUrl = response.encodeRedirectURL(redirectUrl);
diff --git a/web/src/main/java/org/springframework/security/web/DefaultSecurityFilterChain.java b/web/src/main/java/org/springframework/security/web/DefaultSecurityFilterChain.java
index 76eeaa1c8b..fde9261fa7 100644
--- a/web/src/main/java/org/springframework/security/web/DefaultSecurityFilterChain.java
+++ b/web/src/main/java/org/springframework/security/web/DefaultSecurityFilterChain.java
@@ -55,10 +55,12 @@ public final class DefaultSecurityFilterChain implements SecurityFilterChain {
 		return this.requestMatcher;
 	}
 
+	@Override
 	public List<Filter> getFilters() {
 		return this.filters;
 	}
 
+	@Override
 	public boolean matches(HttpServletRequest request) {
 		return this.requestMatcher.matches(request);
 	}
diff --git a/web/src/main/java/org/springframework/security/web/FilterInvocation.java b/web/src/main/java/org/springframework/security/web/FilterInvocation.java
index 3245cf0b69..160884f2fd 100644
--- a/web/src/main/java/org/springframework/security/web/FilterInvocation.java
+++ b/web/src/main/java/org/springframework/security/web/FilterInvocation.java
@@ -168,10 +168,12 @@ class DummyRequest extends HttpServletRequestWrapper {
 		super(UNSUPPORTED_REQUEST);
 	}
 
+	@Override
 	public String getCharacterEncoding() {
 		return "UTF-8";
 	}
 
+	@Override
 	public Object getAttribute(String attributeName) {
 		return null;
 	}
@@ -296,6 +298,7 @@ final class UnsupportedOperationExceptionInvocationHandler implements Invocation
 
 	private static final float JAVA_VERSION = Float.parseFloat(System.getProperty("java.class.version", "52"));
 
+	@Override
 	public Object invoke(Object proxy, Method method, Object[] args) throws Throwable {
 		if (method.isDefault()) {
 			return invokeDefaultMethod(proxy, method, args);
diff --git a/web/src/main/java/org/springframework/security/web/PortMapperImpl.java b/web/src/main/java/org/springframework/security/web/PortMapperImpl.java
index bf734731b3..9b5f416ea5 100644
--- a/web/src/main/java/org/springframework/security/web/PortMapperImpl.java
+++ b/web/src/main/java/org/springframework/security/web/PortMapperImpl.java
@@ -49,6 +49,7 @@ public class PortMapperImpl implements PortMapper {
 		return this.httpsPortMappings;
 	}
 
+	@Override
 	public Integer lookupHttpPort(Integer httpsPort) {
 		for (Integer httpPort : this.httpsPortMappings.keySet()) {
 			if (this.httpsPortMappings.get(httpPort).equals(httpsPort)) {
@@ -59,6 +60,7 @@ public class PortMapperImpl implements PortMapper {
 		return null;
 	}
 
+	@Override
 	public Integer lookupHttpsPort(Integer httpPort) {
 		return this.httpsPortMappings.get(httpPort);
 	}
diff --git a/web/src/main/java/org/springframework/security/web/PortResolverImpl.java b/web/src/main/java/org/springframework/security/web/PortResolverImpl.java
index 0f576789bb..e17edef87b 100644
--- a/web/src/main/java/org/springframework/security/web/PortResolverImpl.java
+++ b/web/src/main/java/org/springframework/security/web/PortResolverImpl.java
@@ -42,6 +42,7 @@ public class PortResolverImpl implements PortResolver {
 		return this.portMapper;
 	}
 
+	@Override
 	public int getServerPort(ServletRequest request) {
 		int serverPort = request.getServerPort();
 		Integer portLookup = null;
diff --git a/web/src/main/java/org/springframework/security/web/access/AccessDeniedHandlerImpl.java b/web/src/main/java/org/springframework/security/web/access/AccessDeniedHandlerImpl.java
index 225debefa8..f129b4d8bc 100644
--- a/web/src/main/java/org/springframework/security/web/access/AccessDeniedHandlerImpl.java
+++ b/web/src/main/java/org/springframework/security/web/access/AccessDeniedHandlerImpl.java
@@ -49,6 +49,7 @@ public class AccessDeniedHandlerImpl implements AccessDeniedHandler {
 
 	private String errorPage;
 
+	@Override
 	public void handle(HttpServletRequest request, HttpServletResponse response,
 			AccessDeniedException accessDeniedException) throws IOException, ServletException {
 		if (!response.isCommitted()) {
diff --git a/web/src/main/java/org/springframework/security/web/access/DefaultWebInvocationPrivilegeEvaluator.java b/web/src/main/java/org/springframework/security/web/access/DefaultWebInvocationPrivilegeEvaluator.java
index 15c54568aa..92ceac2ba7 100644
--- a/web/src/main/java/org/springframework/security/web/access/DefaultWebInvocationPrivilegeEvaluator.java
+++ b/web/src/main/java/org/springframework/security/web/access/DefaultWebInvocationPrivilegeEvaluator.java
@@ -57,6 +57,7 @@ public class DefaultWebInvocationPrivilegeEvaluator implements WebInvocationPriv
 	 * @param uri the URI excluding the context path (a default context path setting will
 	 * be used)
 	 */
+	@Override
 	public boolean isAllowed(String uri, Authentication authentication) {
 		return isAllowed(null, uri, null, authentication);
 	}
@@ -78,6 +79,7 @@ public class DefaultWebInvocationPrivilegeEvaluator implements WebInvocationPriv
 	 * be used in evaluation whether access should be granted.
 	 * @return true if access is allowed, false if denied
 	 */
+	@Override
 	public boolean isAllowed(String contextPath, String uri, String method, Authentication authentication) {
 		Assert.notNull(uri, "uri parameter is required");
 
diff --git a/web/src/main/java/org/springframework/security/web/access/DelegatingAccessDeniedHandler.java b/web/src/main/java/org/springframework/security/web/access/DelegatingAccessDeniedHandler.java
index 438fda55fa..6db0f4cd62 100644
--- a/web/src/main/java/org/springframework/security/web/access/DelegatingAccessDeniedHandler.java
+++ b/web/src/main/java/org/springframework/security/web/access/DelegatingAccessDeniedHandler.java
@@ -58,6 +58,7 @@ public final class DelegatingAccessDeniedHandler implements AccessDeniedHandler
 		this.defaultHandler = defaultHandler;
 	}
 
+	@Override
 	public void handle(HttpServletRequest request, HttpServletResponse response,
 			AccessDeniedException accessDeniedException) throws IOException, ServletException {
 		for (Entry<Class<? extends AccessDeniedException>, AccessDeniedHandler> entry : this.handlers.entrySet()) {
diff --git a/web/src/main/java/org/springframework/security/web/access/ExceptionTranslationFilter.java b/web/src/main/java/org/springframework/security/web/access/ExceptionTranslationFilter.java
index 17460feda6..a33ffb37bb 100644
--- a/web/src/main/java/org/springframework/security/web/access/ExceptionTranslationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/access/ExceptionTranslationFilter.java
@@ -105,6 +105,7 @@ public class ExceptionTranslationFilter extends GenericFilterBean {
 		Assert.notNull(this.authenticationEntryPoint, "authenticationEntryPoint must be specified");
 	}
 
+	@Override
 	public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
 			throws IOException, ServletException {
 		HttpServletRequest request = (HttpServletRequest) req;
@@ -227,6 +228,7 @@ public class ExceptionTranslationFilter extends GenericFilterBean {
 		/**
 		 * @see org.springframework.security.web.util.ThrowableAnalyzer#initExtractorMap()
 		 */
+		@Override
 		protected void initExtractorMap() {
 			super.initExtractorMap();
 
diff --git a/web/src/main/java/org/springframework/security/web/access/RequestMatcherDelegatingAccessDeniedHandler.java b/web/src/main/java/org/springframework/security/web/access/RequestMatcherDelegatingAccessDeniedHandler.java
index a79a0c2aea..fe38540a3e 100644
--- a/web/src/main/java/org/springframework/security/web/access/RequestMatcherDelegatingAccessDeniedHandler.java
+++ b/web/src/main/java/org/springframework/security/web/access/RequestMatcherDelegatingAccessDeniedHandler.java
@@ -58,6 +58,7 @@ public final class RequestMatcherDelegatingAccessDeniedHandler implements Access
 		this.defaultHandler = defaultHandler;
 	}
 
+	@Override
 	public void handle(HttpServletRequest request, HttpServletResponse response,
 			AccessDeniedException accessDeniedException) throws IOException, ServletException {
 		for (Entry<RequestMatcher, AccessDeniedHandler> entry : this.handlers.entrySet()) {
diff --git a/web/src/main/java/org/springframework/security/web/access/channel/AbstractRetryEntryPoint.java b/web/src/main/java/org/springframework/security/web/access/channel/AbstractRetryEntryPoint.java
index 56a21c98f6..4dc16581df 100644
--- a/web/src/main/java/org/springframework/security/web/access/channel/AbstractRetryEntryPoint.java
+++ b/web/src/main/java/org/springframework/security/web/access/channel/AbstractRetryEntryPoint.java
@@ -55,6 +55,7 @@ public abstract class AbstractRetryEntryPoint implements ChannelEntryPoint {
 		this.standardPort = standardPort;
 	}
 
+	@Override
 	public void commence(HttpServletRequest request, HttpServletResponse response) throws IOException {
 		String queryString = request.getQueryString();
 		String redirectUrl = request.getRequestURI() + ((queryString == null) ? "" : ("?" + queryString));
diff --git a/web/src/main/java/org/springframework/security/web/access/channel/ChannelDecisionManagerImpl.java b/web/src/main/java/org/springframework/security/web/access/channel/ChannelDecisionManagerImpl.java
index 18014dfaa9..2266f457ac 100644
--- a/web/src/main/java/org/springframework/security/web/access/channel/ChannelDecisionManagerImpl.java
+++ b/web/src/main/java/org/springframework/security/web/access/channel/ChannelDecisionManagerImpl.java
@@ -51,10 +51,12 @@ public class ChannelDecisionManagerImpl implements ChannelDecisionManager, Initi
 
 	private List<ChannelProcessor> channelProcessors;
 
+	@Override
 	public void afterPropertiesSet() {
 		Assert.notEmpty(this.channelProcessors, "A list of ChannelProcessors is required");
 	}
 
+	@Override
 	public void decide(FilterInvocation invocation, Collection<ConfigAttribute> config)
 			throws IOException, ServletException {
 		for (ConfigAttribute attribute : config) {
@@ -88,6 +90,7 @@ public class ChannelDecisionManagerImpl implements ChannelDecisionManager, Initi
 		}
 	}
 
+	@Override
 	public boolean supports(ConfigAttribute attribute) {
 		if (ANY_CHANNEL.equals(attribute.getAttribute())) {
 			return true;
diff --git a/web/src/main/java/org/springframework/security/web/access/channel/ChannelProcessingFilter.java b/web/src/main/java/org/springframework/security/web/access/channel/ChannelProcessingFilter.java
index ad902951f3..2d7d8c6992 100644
--- a/web/src/main/java/org/springframework/security/web/access/channel/ChannelProcessingFilter.java
+++ b/web/src/main/java/org/springframework/security/web/access/channel/ChannelProcessingFilter.java
@@ -124,6 +124,7 @@ public class ChannelProcessingFilter extends GenericFilterBean {
 		}
 	}
 
+	@Override
 	public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
 			throws IOException, ServletException {
 		HttpServletRequest request = (HttpServletRequest) req;
diff --git a/web/src/main/java/org/springframework/security/web/access/channel/InsecureChannelProcessor.java b/web/src/main/java/org/springframework/security/web/access/channel/InsecureChannelProcessor.java
index 7404b17382..6f4d7b43bc 100644
--- a/web/src/main/java/org/springframework/security/web/access/channel/InsecureChannelProcessor.java
+++ b/web/src/main/java/org/springframework/security/web/access/channel/InsecureChannelProcessor.java
@@ -46,11 +46,13 @@ public class InsecureChannelProcessor implements InitializingBean, ChannelProces
 
 	private String insecureKeyword = "REQUIRES_INSECURE_CHANNEL";
 
+	@Override
 	public void afterPropertiesSet() {
 		Assert.hasLength(this.insecureKeyword, "insecureKeyword required");
 		Assert.notNull(this.entryPoint, "entryPoint required");
 	}
 
+	@Override
 	public void decide(FilterInvocation invocation, Collection<ConfigAttribute> config)
 			throws IOException, ServletException {
 		if ((invocation == null) || (config == null)) {
@@ -82,6 +84,7 @@ public class InsecureChannelProcessor implements InitializingBean, ChannelProces
 		this.insecureKeyword = secureKeyword;
 	}
 
+	@Override
 	public boolean supports(ConfigAttribute attribute) {
 		return (attribute != null) && (attribute.getAttribute() != null)
 				&& attribute.getAttribute().equals(getInsecureKeyword());
diff --git a/web/src/main/java/org/springframework/security/web/access/channel/RetryWithHttpEntryPoint.java b/web/src/main/java/org/springframework/security/web/access/channel/RetryWithHttpEntryPoint.java
index 40736ba17c..27fcf7deb8 100644
--- a/web/src/main/java/org/springframework/security/web/access/channel/RetryWithHttpEntryPoint.java
+++ b/web/src/main/java/org/springframework/security/web/access/channel/RetryWithHttpEntryPoint.java
@@ -31,6 +31,7 @@ public class RetryWithHttpEntryPoint extends AbstractRetryEntryPoint {
 		super("http://", 80);
 	}
 
+	@Override
 	protected Integer getMappedPort(Integer mapFromPort) {
 		return getPortMapper().lookupHttpPort(mapFromPort);
 	}
diff --git a/web/src/main/java/org/springframework/security/web/access/channel/RetryWithHttpsEntryPoint.java b/web/src/main/java/org/springframework/security/web/access/channel/RetryWithHttpsEntryPoint.java
index b24d4ba6e0..7b13ab2fd5 100644
--- a/web/src/main/java/org/springframework/security/web/access/channel/RetryWithHttpsEntryPoint.java
+++ b/web/src/main/java/org/springframework/security/web/access/channel/RetryWithHttpsEntryPoint.java
@@ -32,6 +32,7 @@ public class RetryWithHttpsEntryPoint extends AbstractRetryEntryPoint {
 		super("https://", 443);
 	}
 
+	@Override
 	protected Integer getMappedPort(Integer mapFromPort) {
 		return getPortMapper().lookupHttpsPort(mapFromPort);
 	}
diff --git a/web/src/main/java/org/springframework/security/web/access/channel/SecureChannelProcessor.java b/web/src/main/java/org/springframework/security/web/access/channel/SecureChannelProcessor.java
index 23aac7f8e4..4e0f501208 100644
--- a/web/src/main/java/org/springframework/security/web/access/channel/SecureChannelProcessor.java
+++ b/web/src/main/java/org/springframework/security/web/access/channel/SecureChannelProcessor.java
@@ -46,11 +46,13 @@ public class SecureChannelProcessor implements InitializingBean, ChannelProcesso
 
 	private String secureKeyword = "REQUIRES_SECURE_CHANNEL";
 
+	@Override
 	public void afterPropertiesSet() {
 		Assert.hasLength(this.secureKeyword, "secureKeyword required");
 		Assert.notNull(this.entryPoint, "entryPoint required");
 	}
 
+	@Override
 	public void decide(FilterInvocation invocation, Collection<ConfigAttribute> config)
 			throws IOException, ServletException {
 		Assert.isTrue((invocation != null) && (config != null), "Nulls cannot be provided");
@@ -80,6 +82,7 @@ public class SecureChannelProcessor implements InitializingBean, ChannelProcesso
 		this.secureKeyword = secureKeyword;
 	}
 
+	@Override
 	public boolean supports(ConfigAttribute attribute) {
 		return (attribute != null) && (attribute.getAttribute() != null)
 				&& attribute.getAttribute().equals(getSecureKeyword());
diff --git a/web/src/main/java/org/springframework/security/web/access/expression/WebExpressionVoter.java b/web/src/main/java/org/springframework/security/web/access/expression/WebExpressionVoter.java
index 601f6b91ba..0b363a046a 100644
--- a/web/src/main/java/org/springframework/security/web/access/expression/WebExpressionVoter.java
+++ b/web/src/main/java/org/springframework/security/web/access/expression/WebExpressionVoter.java
@@ -35,6 +35,7 @@ public class WebExpressionVoter implements AccessDecisionVoter<FilterInvocation>
 
 	private SecurityExpressionHandler<FilterInvocation> expressionHandler = new DefaultWebSecurityExpressionHandler();
 
+	@Override
 	public int vote(Authentication authentication, FilterInvocation fi, Collection<ConfigAttribute> attributes) {
 		assert authentication != null;
 		assert fi != null;
@@ -61,10 +62,12 @@ public class WebExpressionVoter implements AccessDecisionVoter<FilterInvocation>
 		return null;
 	}
 
+	@Override
 	public boolean supports(ConfigAttribute attribute) {
 		return attribute instanceof WebExpressionConfigAttribute;
 	}
 
+	@Override
 	public boolean supports(Class<?> clazz) {
 		return FilterInvocation.class.isAssignableFrom(clazz);
 	}
diff --git a/web/src/main/java/org/springframework/security/web/access/intercept/DefaultFilterInvocationSecurityMetadataSource.java b/web/src/main/java/org/springframework/security/web/access/intercept/DefaultFilterInvocationSecurityMetadataSource.java
index 79aeb6f727..91507ec62d 100644
--- a/web/src/main/java/org/springframework/security/web/access/intercept/DefaultFilterInvocationSecurityMetadataSource.java
+++ b/web/src/main/java/org/springframework/security/web/access/intercept/DefaultFilterInvocationSecurityMetadataSource.java
@@ -69,6 +69,7 @@ public class DefaultFilterInvocationSecurityMetadataSource implements FilterInvo
 		this.requestMap = requestMap;
 	}
 
+	@Override
 	public Collection<ConfigAttribute> getAllConfigAttributes() {
 		Set<ConfigAttribute> allAttributes = new HashSet<>();
 
@@ -79,6 +80,7 @@ public class DefaultFilterInvocationSecurityMetadataSource implements FilterInvo
 		return allAttributes;
 	}
 
+	@Override
 	public Collection<ConfigAttribute> getAttributes(Object object) {
 		final HttpServletRequest request = ((FilterInvocation) object).getRequest();
 		for (Map.Entry<RequestMatcher, Collection<ConfigAttribute>> entry : this.requestMap.entrySet()) {
@@ -89,6 +91,7 @@ public class DefaultFilterInvocationSecurityMetadataSource implements FilterInvo
 		return null;
 	}
 
+	@Override
 	public boolean supports(Class<?> clazz) {
 		return FilterInvocation.class.isAssignableFrom(clazz);
 	}
diff --git a/web/src/main/java/org/springframework/security/web/access/intercept/FilterSecurityInterceptor.java b/web/src/main/java/org/springframework/security/web/access/intercept/FilterSecurityInterceptor.java
index e282747327..43d84624cc 100644
--- a/web/src/main/java/org/springframework/security/web/access/intercept/FilterSecurityInterceptor.java
+++ b/web/src/main/java/org/springframework/security/web/access/intercept/FilterSecurityInterceptor.java
@@ -55,12 +55,14 @@ public class FilterSecurityInterceptor extends AbstractSecurityInterceptor imple
 	 * @param arg0 ignored
 	 *
 	 */
+	@Override
 	public void init(FilterConfig arg0) {
 	}
 
 	/**
 	 * Not used (we rely on IoC container lifecycle services instead)
 	 */
+	@Override
 	public void destroy() {
 	}
 
@@ -73,6 +75,7 @@ public class FilterSecurityInterceptor extends AbstractSecurityInterceptor imple
 	 * @throws IOException if the filter chain fails
 	 * @throws ServletException if the filter chain fails
 	 */
+	@Override
 	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
 			throws IOException, ServletException {
 		FilterInvocation fi = new FilterInvocation(request, response, chain);
@@ -83,6 +86,7 @@ public class FilterSecurityInterceptor extends AbstractSecurityInterceptor imple
 		return this.securityMetadataSource;
 	}
 
+	@Override
 	public SecurityMetadataSource obtainSecurityMetadataSource() {
 		return this.securityMetadataSource;
 	}
@@ -91,6 +95,7 @@ public class FilterSecurityInterceptor extends AbstractSecurityInterceptor imple
 		this.securityMetadataSource = newSource;
 	}
 
+	@Override
 	public Class<?> getSecureObjectClass() {
 		return FilterInvocation.class;
 	}
diff --git a/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilter.java b/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilter.java
index ffedf367d7..a0ae2461d1 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilter.java
@@ -205,6 +205,7 @@ public abstract class AbstractAuthenticationProcessingFilter extends GenericFilt
 	 * returned <tt>Authentication</tt> object is not null.
 	 * </ol>
 	 */
+	@Override
 	public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
 			throws IOException, ServletException {
 
@@ -398,6 +399,7 @@ public abstract class AbstractAuthenticationProcessingFilter extends GenericFilt
 		this.continueChainBeforeSuccessfulAuthentication = continueChainBeforeSuccessfulAuthentication;
 	}
 
+	@Override
 	public void setApplicationEventPublisher(ApplicationEventPublisher eventPublisher) {
 		this.eventPublisher = eventPublisher;
 	}
@@ -408,6 +410,7 @@ public abstract class AbstractAuthenticationProcessingFilter extends GenericFilt
 		this.authenticationDetailsSource = authenticationDetailsSource;
 	}
 
+	@Override
 	public void setMessageSource(MessageSource messageSource) {
 		this.messages = new MessageSourceAccessor(messageSource);
 	}
diff --git a/web/src/main/java/org/springframework/security/web/authentication/AnonymousAuthenticationFilter.java b/web/src/main/java/org/springframework/security/web/authentication/AnonymousAuthenticationFilter.java
index 5a26991247..fcd57272fe 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/AnonymousAuthenticationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/AnonymousAuthenticationFilter.java
@@ -82,6 +82,7 @@ public class AnonymousAuthenticationFilter extends GenericFilterBean implements
 		Assert.notNull(this.authorities, "Anonymous authorities must be set");
 	}
 
+	@Override
 	public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
 			throws IOException, ServletException {
 
diff --git a/web/src/main/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPoint.java b/web/src/main/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPoint.java
index fc04df9aa9..1a801c0478 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPoint.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPoint.java
@@ -71,6 +71,7 @@ public class DelegatingAuthenticationEntryPoint implements AuthenticationEntryPo
 		this.entryPoints = entryPoints;
 	}
 
+	@Override
 	public void commence(HttpServletRequest request, HttpServletResponse response,
 			AuthenticationException authException) throws IOException, ServletException {
 
@@ -103,6 +104,7 @@ public class DelegatingAuthenticationEntryPoint implements AuthenticationEntryPo
 		this.defaultEntryPoint = defaultEntryPoint;
 	}
 
+	@Override
 	public void afterPropertiesSet() {
 		Assert.notEmpty(this.entryPoints, "entryPoints must be specified");
 		Assert.notNull(this.defaultEntryPoint, "defaultEntryPoint must be specified");
diff --git a/web/src/main/java/org/springframework/security/web/authentication/ForwardAuthenticationFailureHandler.java b/web/src/main/java/org/springframework/security/web/authentication/ForwardAuthenticationFailureHandler.java
index a7d924b174..465e86d487 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/ForwardAuthenticationFailureHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/ForwardAuthenticationFailureHandler.java
@@ -46,6 +46,7 @@ public class ForwardAuthenticationFailureHandler implements AuthenticationFailur
 		this.forwardUrl = forwardUrl;
 	}
 
+	@Override
 	public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
 			AuthenticationException exception) throws IOException, ServletException {
 		request.setAttribute(WebAttributes.AUTHENTICATION_EXCEPTION, exception);
diff --git a/web/src/main/java/org/springframework/security/web/authentication/ForwardAuthenticationSuccessHandler.java b/web/src/main/java/org/springframework/security/web/authentication/ForwardAuthenticationSuccessHandler.java
index f4c7d30bab..42b46cd694 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/ForwardAuthenticationSuccessHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/ForwardAuthenticationSuccessHandler.java
@@ -46,6 +46,7 @@ public class ForwardAuthenticationSuccessHandler implements AuthenticationSucces
 		this.forwardUrl = forwardUrl;
 	}
 
+	@Override
 	public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
 			Authentication authentication) throws IOException, ServletException {
 		request.getRequestDispatcher(this.forwardUrl).forward(request, response);
diff --git a/web/src/main/java/org/springframework/security/web/authentication/Http403ForbiddenEntryPoint.java b/web/src/main/java/org/springframework/security/web/authentication/Http403ForbiddenEntryPoint.java
index 220cd721fb..3a384222f3 100755
--- a/web/src/main/java/org/springframework/security/web/authentication/Http403ForbiddenEntryPoint.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/Http403ForbiddenEntryPoint.java
@@ -51,6 +51,7 @@ public class Http403ForbiddenEntryPoint implements AuthenticationEntryPoint {
 	/**
 	 * Always returns a 403 error code to the client.
 	 */
+	@Override
 	public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException arg2)
 			throws IOException {
 		if (logger.isDebugEnabled()) {
diff --git a/web/src/main/java/org/springframework/security/web/authentication/HttpStatusEntryPoint.java b/web/src/main/java/org/springframework/security/web/authentication/HttpStatusEntryPoint.java
index 44e36b4e4a..ef1eafb46f 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/HttpStatusEntryPoint.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/HttpStatusEntryPoint.java
@@ -44,6 +44,7 @@ public final class HttpStatusEntryPoint implements AuthenticationEntryPoint {
 		this.httpStatus = httpStatus;
 	}
 
+	@Override
 	public void commence(HttpServletRequest request, HttpServletResponse response,
 			AuthenticationException authException) {
 		response.setStatus(this.httpStatus.value());
diff --git a/web/src/main/java/org/springframework/security/web/authentication/LoginUrlAuthenticationEntryPoint.java b/web/src/main/java/org/springframework/security/web/authentication/LoginUrlAuthenticationEntryPoint.java
index dec3bb4ffe..ca59b6842f 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/LoginUrlAuthenticationEntryPoint.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/LoginUrlAuthenticationEntryPoint.java
@@ -89,6 +89,7 @@ public class LoginUrlAuthenticationEntryPoint implements AuthenticationEntryPoin
 		this.loginFormUrl = loginFormUrl;
 	}
 
+	@Override
 	public void afterPropertiesSet() {
 		Assert.isTrue(StringUtils.hasText(this.loginFormUrl) && UrlUtils.isValidRedirectUrl(this.loginFormUrl),
 				"loginFormUrl must be specified and must be a valid redirect URL");
@@ -116,6 +117,7 @@ public class LoginUrlAuthenticationEntryPoint implements AuthenticationEntryPoin
 	/**
 	 * Performs the redirect (or forward) to the login form URL.
 	 */
+	@Override
 	public void commence(HttpServletRequest request, HttpServletResponse response,
 			AuthenticationException authException) throws IOException, ServletException {
 
diff --git a/web/src/main/java/org/springframework/security/web/authentication/NullRememberMeServices.java b/web/src/main/java/org/springframework/security/web/authentication/NullRememberMeServices.java
index a09937ba20..c6b1189e3d 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/NullRememberMeServices.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/NullRememberMeServices.java
@@ -31,13 +31,16 @@ import org.springframework.security.core.Authentication;
  */
 public class NullRememberMeServices implements RememberMeServices {
 
+	@Override
 	public Authentication autoLogin(HttpServletRequest request, HttpServletResponse response) {
 		return null;
 	}
 
+	@Override
 	public void loginFail(HttpServletRequest request, HttpServletResponse response) {
 	}
 
+	@Override
 	public void loginSuccess(HttpServletRequest request, HttpServletResponse response,
 			Authentication successfulAuthentication) {
 	}
diff --git a/web/src/main/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationFailureHandler.java b/web/src/main/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationFailureHandler.java
index 1cd5312384..ec22d488f1 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationFailureHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationFailureHandler.java
@@ -72,6 +72,7 @@ public class SimpleUrlAuthenticationFailureHandler implements AuthenticationFail
 	 * If redirecting or forwarding, {@code saveException} will be called to cache the
 	 * exception for use in the target view.
 	 */
+	@Override
 	public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
 			AuthenticationException exception) throws IOException, ServletException {
 
diff --git a/web/src/main/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationSuccessHandler.java b/web/src/main/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationSuccessHandler.java
index 49fe41828f..bccc0eaeda 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationSuccessHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationSuccessHandler.java
@@ -55,6 +55,7 @@ public class SimpleUrlAuthenticationSuccessHandler extends AbstractAuthenticatio
 	 * URL, and then calls {@code clearAuthenticationAttributes()} to remove any leftover
 	 * session data.
 	 */
+	@Override
 	public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
 			Authentication authentication) throws IOException, ServletException {
 
diff --git a/web/src/main/java/org/springframework/security/web/authentication/UsernamePasswordAuthenticationFilter.java b/web/src/main/java/org/springframework/security/web/authentication/UsernamePasswordAuthenticationFilter.java
index b640597f5d..b1f94f7e3f 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/UsernamePasswordAuthenticationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/UsernamePasswordAuthenticationFilter.java
@@ -68,6 +68,7 @@ public class UsernamePasswordAuthenticationFilter extends AbstractAuthentication
 		super(DEFAULT_ANT_PATH_REQUEST_MATCHER, authenticationManager);
 	}
 
+	@Override
 	public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
 			throws AuthenticationException {
 		if (this.postOnly && !request.getMethod().equals("POST")) {
diff --git a/web/src/main/java/org/springframework/security/web/authentication/WebAuthenticationDetailsSource.java b/web/src/main/java/org/springframework/security/web/authentication/WebAuthenticationDetailsSource.java
index 3b0ab2014b..96d62c0c0c 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/WebAuthenticationDetailsSource.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/WebAuthenticationDetailsSource.java
@@ -35,6 +35,7 @@ public class WebAuthenticationDetailsSource
 	 * @return the {@code WebAuthenticationDetails} containing information about the
 	 * current request
 	 */
+	@Override
 	public WebAuthenticationDetails buildDetails(HttpServletRequest context) {
 		return new WebAuthenticationDetails(context);
 	}
diff --git a/web/src/main/java/org/springframework/security/web/authentication/logout/CookieClearingLogoutHandler.java b/web/src/main/java/org/springframework/security/web/authentication/logout/CookieClearingLogoutHandler.java
index 5820cb6894..2409a0d16e 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/logout/CookieClearingLogoutHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/logout/CookieClearingLogoutHandler.java
@@ -70,6 +70,7 @@ public final class CookieClearingLogoutHandler implements LogoutHandler {
 		this.cookiesToClear = cookieList;
 	}
 
+	@Override
 	public void logout(HttpServletRequest request, HttpServletResponse response, Authentication authentication) {
 		this.cookiesToClear.forEach(f -> response.addCookie(f.apply(request)));
 	}
diff --git a/web/src/main/java/org/springframework/security/web/authentication/logout/HttpStatusReturningLogoutSuccessHandler.java b/web/src/main/java/org/springframework/security/web/authentication/logout/HttpStatusReturningLogoutSuccessHandler.java
index c30eb056b1..4cc71a856a 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/logout/HttpStatusReturningLogoutSuccessHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/logout/HttpStatusReturningLogoutSuccessHandler.java
@@ -60,6 +60,7 @@ public class HttpStatusReturningLogoutSuccessHandler implements LogoutSuccessHan
 	 * {@link LogoutSuccessHandler#onLogoutSuccess(HttpServletRequest, HttpServletResponse, Authentication)}
 	 * . Sets the status on the {@link HttpServletResponse}.
 	 */
+	@Override
 	public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication)
 			throws IOException {
 		response.setStatus(this.httpStatusToReturn.value());
diff --git a/web/src/main/java/org/springframework/security/web/authentication/logout/LogoutFilter.java b/web/src/main/java/org/springframework/security/web/authentication/logout/LogoutFilter.java
index 110daf321f..ff9ad94f07 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/logout/LogoutFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/logout/LogoutFilter.java
@@ -82,6 +82,7 @@ public class LogoutFilter extends GenericFilterBean {
 		setFilterProcessesUrl("/logout");
 	}
 
+	@Override
 	public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
 			throws IOException, ServletException {
 		HttpServletRequest request = (HttpServletRequest) req;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/logout/SecurityContextLogoutHandler.java b/web/src/main/java/org/springframework/security/web/authentication/logout/SecurityContextLogoutHandler.java
index 8b3858f0ad..de82f99994 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/logout/SecurityContextLogoutHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/logout/SecurityContextLogoutHandler.java
@@ -55,6 +55,7 @@ public class SecurityContextLogoutHandler implements LogoutHandler {
 	 * @param response not used (can be <code>null</code>)
 	 * @param authentication not used (can be <code>null</code>)
 	 */
+	@Override
 	public void logout(HttpServletRequest request, HttpServletResponse response, Authentication authentication) {
 		Assert.notNull(request, "HttpServletRequest required");
 		if (this.invalidateHttpSession) {
diff --git a/web/src/main/java/org/springframework/security/web/authentication/logout/SimpleUrlLogoutSuccessHandler.java b/web/src/main/java/org/springframework/security/web/authentication/logout/SimpleUrlLogoutSuccessHandler.java
index 866670dbeb..85646bf7e2 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/logout/SimpleUrlLogoutSuccessHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/logout/SimpleUrlLogoutSuccessHandler.java
@@ -34,6 +34,7 @@ import org.springframework.security.web.authentication.AbstractAuthenticationTar
 public class SimpleUrlLogoutSuccessHandler extends AbstractAuthenticationTargetUrlRequestHandler
 		implements LogoutSuccessHandler {
 
+	@Override
 	public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication)
 			throws IOException, ServletException {
 		super.handle(request, response, authentication);
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilter.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilter.java
index 867cdf3476..7045596f83 100755
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilter.java
@@ -120,6 +120,7 @@ public abstract class AbstractPreAuthenticatedProcessingFilter extends GenericFi
 	 * Try to authenticate a pre-authenticated user with Spring Security if the user has
 	 * not yet been authenticated.
 	 */
+	@Override
 	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
 			throws IOException, ServletException {
 
@@ -253,6 +254,7 @@ public abstract class AbstractPreAuthenticatedProcessingFilter extends GenericFi
 	/**
 	 * @param anApplicationEventPublisher The ApplicationEventPublisher to use
 	 */
+	@Override
 	public void setApplicationEventPublisher(ApplicationEventPublisher anApplicationEventPublisher) {
 		this.eventPublisher = anApplicationEventPublisher;
 	}
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationProvider.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationProvider.java
index 208fb4a164..dce3ad5fb8 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationProvider.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationProvider.java
@@ -60,6 +60,7 @@ public class PreAuthenticatedAuthenticationProvider implements AuthenticationPro
 	/**
 	 * Check whether all required properties have been set.
 	 */
+	@Override
 	public void afterPropertiesSet() {
 		Assert.notNull(this.preAuthenticatedUserDetailsService, "An AuthenticationUserDetailsService must be set");
 	}
@@ -70,6 +71,7 @@ public class PreAuthenticatedAuthenticationProvider implements AuthenticationPro
 	 * If the principal contained in the authentication object is null, the request will
 	 * be ignored to allow other providers to authenticate it.
 	 */
+	@Override
 	public Authentication authenticate(Authentication authentication) throws AuthenticationException {
 		if (!supports(authentication.getClass())) {
 			return null;
@@ -113,6 +115,7 @@ public class PreAuthenticatedAuthenticationProvider implements AuthenticationPro
 	 * Indicate that this provider only supports PreAuthenticatedAuthenticationToken
 	 * (sub)classes.
 	 */
+	@Override
 	public final boolean supports(Class<?> authentication) {
 		return PreAuthenticatedAuthenticationToken.class.isAssignableFrom(authentication);
 	}
@@ -146,6 +149,7 @@ public class PreAuthenticatedAuthenticationProvider implements AuthenticationPro
 		this.userDetailsChecker = userDetailsChecker;
 	}
 
+	@Override
 	public int getOrder() {
 		return this.order;
 	}
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationToken.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationToken.java
index 31cc829b9f..a99352725c 100755
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationToken.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationToken.java
@@ -67,6 +67,7 @@ public class PreAuthenticatedAuthenticationToken extends AbstractAuthenticationT
 	/**
 	 * Get the credentials
 	 */
+	@Override
 	public Object getCredentials() {
 		return this.credentials;
 	}
@@ -74,6 +75,7 @@ public class PreAuthenticatedAuthenticationToken extends AbstractAuthenticationT
 	/**
 	 * Get the principal
 	 */
+	@Override
 	public Object getPrincipal() {
 		return this.principal;
 	}
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesUserDetailsService.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesUserDetailsService.java
index 9f1e2f4f69..af87ab29c0 100755
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesUserDetailsService.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesUserDetailsService.java
@@ -52,6 +52,7 @@ public class PreAuthenticatedGrantedAuthoritiesUserDetailsService
 	 * the GrantedAuthorities as returned by the GrantedAuthoritiesContainer
 	 * implementation as returned by the token.getDetails() method.
 	 */
+	@Override
 	public final UserDetails loadUserDetails(PreAuthenticatedAuthenticationToken token) throws AuthenticationException {
 		Assert.notNull(token.getDetails(), "token.getDetails() cannot be null");
 		Assert.isInstanceOf(GrantedAuthoritiesContainer.class, token.getDetails());
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/RequestAttributeAuthenticationFilter.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/RequestAttributeAuthenticationFilter.java
index 6102b55d2f..3d9f7b8cf0 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/RequestAttributeAuthenticationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/RequestAttributeAuthenticationFilter.java
@@ -55,6 +55,7 @@ public class RequestAttributeAuthenticationFilter extends AbstractPreAuthenticat
 	 * @throws PreAuthenticatedCredentialsNotFoundException if the environment variable is
 	 * missing and {@code exceptionIfVariableMissing} is set to {@code true}.
 	 */
+	@Override
 	protected Object getPreAuthenticatedPrincipal(HttpServletRequest request) {
 		String principal = (String) request.getAttribute(this.principalEnvironmentVariable);
 
@@ -71,6 +72,7 @@ public class RequestAttributeAuthenticationFilter extends AbstractPreAuthenticat
 	 * {@code credentialsEnvironmentVariable} is set, this will be read and used as the
 	 * credentials value. Otherwise a dummy value will be used.
 	 */
+	@Override
 	protected Object getPreAuthenticatedCredentials(HttpServletRequest request) {
 		if (this.credentialsEnvironmentVariable != null) {
 			return request.getAttribute(this.credentialsEnvironmentVariable);
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/RequestHeaderAuthenticationFilter.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/RequestHeaderAuthenticationFilter.java
index 015567f67d..438a11ce6b 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/RequestHeaderAuthenticationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/RequestHeaderAuthenticationFilter.java
@@ -56,6 +56,7 @@ public class RequestHeaderAuthenticationFilter extends AbstractPreAuthenticatedP
 	 * @throws PreAuthenticatedCredentialsNotFoundException if the header is missing and
 	 * {@code exceptionIfHeaderMissing} is set to {@code true}.
 	 */
+	@Override
 	protected Object getPreAuthenticatedPrincipal(HttpServletRequest request) {
 		String principal = request.getHeader(this.principalRequestHeader);
 
@@ -72,6 +73,7 @@ public class RequestHeaderAuthenticationFilter extends AbstractPreAuthenticatedP
 	 * set, this will be read and used as the credentials value. Otherwise a dummy value
 	 * will be used.
 	 */
+	@Override
 	protected Object getPreAuthenticatedCredentials(HttpServletRequest request) {
 		if (this.credentialsRequestHeader != null) {
 			return request.getHeader(this.credentialsRequestHeader);
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource.java
index e44fd3e8b4..cbf45ff40a 100755
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource.java
@@ -58,6 +58,7 @@ public class J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource implements
 	/**
 	 * Check that all required properties have been set.
 	 */
+	@Override
 	public void afterPropertiesSet() {
 		Assert.notNull(this.j2eeMappableRoles, "No mappable roles available");
 		Assert.notNull(this.j2eeUserRoles2GrantedAuthoritiesMapper, "Roles to granted authorities mapper not set");
@@ -89,6 +90,7 @@ public class J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource implements
 	 *
 	 * @see org.springframework.security.authentication.AuthenticationDetailsSource#buildDetails(Object)
 	 */
+	@Override
 	public PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails buildDetails(HttpServletRequest context) {
 
 		Collection<String> j2eeUserRoles = getUserRoles(context);
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/J2eePreAuthenticatedProcessingFilter.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/J2eePreAuthenticatedProcessingFilter.java
index 14f732dcc8..2fc67dff1c 100755
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/J2eePreAuthenticatedProcessingFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/J2eePreAuthenticatedProcessingFilter.java
@@ -32,6 +32,7 @@ public class J2eePreAuthenticatedProcessingFilter extends AbstractPreAuthenticat
 	/**
 	 * Return the J2EE user name.
 	 */
+	@Override
 	protected Object getPreAuthenticatedPrincipal(HttpServletRequest httpRequest) {
 		Object principal = httpRequest.getUserPrincipal() == null ? null : httpRequest.getUserPrincipal().getName();
 		if (this.logger.isDebugEnabled()) {
@@ -44,6 +45,7 @@ public class J2eePreAuthenticatedProcessingFilter extends AbstractPreAuthenticat
 	 * For J2EE container-based authentication there is no generic way to retrieve the
 	 * credentials, as such this method returns a fixed dummy value.
 	 */
+	@Override
 	protected Object getPreAuthenticatedCredentials(HttpServletRequest httpRequest) {
 		return "N/A";
 	}
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/WebXmlMappableAttributesRetriever.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/WebXmlMappableAttributesRetriever.java
index 2e0cd34d4f..62fc83ba7d 100755
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/WebXmlMappableAttributesRetriever.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/WebXmlMappableAttributesRetriever.java
@@ -61,10 +61,12 @@ public class WebXmlMappableAttributesRetriever
 
 	private Set<String> mappableAttributes;
 
+	@Override
 	public void setResourceLoader(ResourceLoader resourceLoader) {
 		this.resourceLoader = resourceLoader;
 	}
 
+	@Override
 	public Set<String> getMappableAttributes() {
 		return this.mappableAttributes;
 	}
@@ -74,6 +76,7 @@ public class WebXmlMappableAttributesRetriever
 	 * role-name elements from it, using these as the set of <tt>mappableAttributes</tt>.
 	 */
 
+	@Override
 	public void afterPropertiesSet() throws Exception {
 		Resource webXml = this.resourceLoader.getResource("/WEB-INF/web.xml");
 		Document doc = getDocument(webXml.getInputStream());
@@ -133,6 +136,7 @@ public class WebXmlMappableAttributesRetriever
 	 */
 	private static final class MyEntityResolver implements EntityResolver {
 
+		@Override
 		public InputSource resolveEntity(String publicId, String systemId) {
 			return new InputSource(new StringReader(""));
 		}
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/DefaultWASUsernameAndGroupsExtractor.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/DefaultWASUsernameAndGroupsExtractor.java
index 0a6345683e..91df4aab6c 100755
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/DefaultWASUsernameAndGroupsExtractor.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/DefaultWASUsernameAndGroupsExtractor.java
@@ -58,10 +58,12 @@ final class DefaultWASUsernameAndGroupsExtractor implements WASUsernameAndGroups
 	// SEC-803
 	private static Class<?> wsCredentialClass = null;
 
+	@Override
 	public List<String> getGroupsForCurrentUser() {
 		return getWebSphereGroups(getRunAsSubject());
 	}
 
+	@Override
 	public String getCurrentUserName() {
 		return getSecurityName(getRunAsSubject());
 	}
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedProcessingFilter.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedProcessingFilter.java
index ea7a493d7b..7e1c1071e4 100755
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedProcessingFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedProcessingFilter.java
@@ -47,6 +47,7 @@ public class WebSpherePreAuthenticatedProcessingFilter extends AbstractPreAuthen
 	/**
 	 * Return the WebSphere user name.
 	 */
+	@Override
 	protected Object getPreAuthenticatedPrincipal(HttpServletRequest httpRequest) {
 		Object principal = this.wasHelper.getCurrentUserName();
 		if (this.logger.isDebugEnabled()) {
@@ -59,6 +60,7 @@ public class WebSpherePreAuthenticatedProcessingFilter extends AbstractPreAuthen
 	 * For J2EE container-based authentication there is no generic way to retrieve the
 	 * credentials, as such this method returns a fixed dummy value.
 	 */
+	@Override
 	protected Object getPreAuthenticatedCredentials(HttpServletRequest httpRequest) {
 		return "N/A";
 	}
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedWebAuthenticationDetailsSource.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedWebAuthenticationDetailsSource.java
index 84ab9dd7c0..49665325bd 100755
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedWebAuthenticationDetailsSource.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedWebAuthenticationDetailsSource.java
@@ -53,6 +53,7 @@ public class WebSpherePreAuthenticatedWebAuthenticationDetailsSource implements
 		this.wasHelper = wasHelper;
 	}
 
+	@Override
 	public PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails buildDetails(HttpServletRequest context) {
 		return new PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails(context,
 				getWebSphereGroupsBasedGrantedAuthorities());
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/x509/SubjectDnX509PrincipalExtractor.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/x509/SubjectDnX509PrincipalExtractor.java
index 320db86eed..98edc23435 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/x509/SubjectDnX509PrincipalExtractor.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/x509/SubjectDnX509PrincipalExtractor.java
@@ -53,6 +53,7 @@ public class SubjectDnX509PrincipalExtractor implements X509PrincipalExtractor {
 		setSubjectDnRegex("CN=(.*?)(?:,|$)");
 	}
 
+	@Override
 	public Object extractPrincipal(X509Certificate clientCert) {
 		// String subjectDN = clientCert.getSubjectX500Principal().getName();
 		String subjectDN = clientCert.getSubjectDN().getName();
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/x509/X509AuthenticationFilter.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/x509/X509AuthenticationFilter.java
index 6726a9d1c7..f66a3c3dfb 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/x509/X509AuthenticationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/x509/X509AuthenticationFilter.java
@@ -28,6 +28,7 @@ public class X509AuthenticationFilter extends AbstractPreAuthenticatedProcessing
 
 	private X509PrincipalExtractor principalExtractor = new SubjectDnX509PrincipalExtractor();
 
+	@Override
 	protected Object getPreAuthenticatedPrincipal(HttpServletRequest request) {
 		X509Certificate cert = extractClientCertificate(request);
 
@@ -38,6 +39,7 @@ public class X509AuthenticationFilter extends AbstractPreAuthenticatedProcessing
 		return this.principalExtractor.extractPrincipal(cert);
 	}
 
+	@Override
 	protected Object getPreAuthenticatedCredentials(HttpServletRequest request) {
 		return extractClientCertificate(request);
 	}
diff --git a/web/src/main/java/org/springframework/security/web/authentication/rememberme/InMemoryTokenRepositoryImpl.java b/web/src/main/java/org/springframework/security/web/authentication/rememberme/InMemoryTokenRepositoryImpl.java
index 2e0572b30d..6f1f77520a 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/rememberme/InMemoryTokenRepositoryImpl.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/rememberme/InMemoryTokenRepositoryImpl.java
@@ -32,6 +32,7 @@ public class InMemoryTokenRepositoryImpl implements PersistentTokenRepository {
 
 	private final Map<String, PersistentRememberMeToken> seriesTokens = new HashMap<>();
 
+	@Override
 	public synchronized void createNewToken(PersistentRememberMeToken token) {
 		PersistentRememberMeToken current = this.seriesTokens.get(token.getSeries());
 
@@ -42,6 +43,7 @@ public class InMemoryTokenRepositoryImpl implements PersistentTokenRepository {
 		this.seriesTokens.put(token.getSeries(), token);
 	}
 
+	@Override
 	public synchronized void updateToken(String series, String tokenValue, Date lastUsed) {
 		PersistentRememberMeToken token = getTokenForSeries(series);
 
@@ -52,10 +54,12 @@ public class InMemoryTokenRepositoryImpl implements PersistentTokenRepository {
 		this.seriesTokens.put(series, newToken);
 	}
 
+	@Override
 	public synchronized PersistentRememberMeToken getTokenForSeries(String seriesId) {
 		return this.seriesTokens.get(seriesId);
 	}
 
+	@Override
 	public synchronized void removeUserTokens(String username) {
 		Iterator<String> series = this.seriesTokens.keySet().iterator();
 
diff --git a/web/src/main/java/org/springframework/security/web/authentication/rememberme/JdbcTokenRepositoryImpl.java b/web/src/main/java/org/springframework/security/web/authentication/rememberme/JdbcTokenRepositoryImpl.java
index d7a4d8857f..363f9d8aeb 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/rememberme/JdbcTokenRepositoryImpl.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/rememberme/JdbcTokenRepositoryImpl.java
@@ -56,17 +56,20 @@ public class JdbcTokenRepositoryImpl extends JdbcDaoSupport implements Persisten
 
 	private boolean createTableOnStartup;
 
+	@Override
 	protected void initDao() {
 		if (this.createTableOnStartup) {
 			getJdbcTemplate().execute(CREATE_TABLE_SQL);
 		}
 	}
 
+	@Override
 	public void createNewToken(PersistentRememberMeToken token) {
 		getJdbcTemplate().update(this.insertTokenSql, token.getUsername(), token.getSeries(), token.getTokenValue(),
 				token.getDate());
 	}
 
+	@Override
 	public void updateToken(String series, String tokenValue, Date lastUsed) {
 		getJdbcTemplate().update(this.updateTokenSql, tokenValue, lastUsed, series);
 	}
@@ -80,6 +83,7 @@ public class JdbcTokenRepositoryImpl extends JdbcDaoSupport implements Persisten
 	 * @return the token matching the series, or null if no match found or an exception
 	 * occurred.
 	 */
+	@Override
 	public PersistentRememberMeToken getTokenForSeries(String seriesId) {
 		try {
 			return getJdbcTemplate().queryForObject(this.tokensBySeriesSql,
@@ -103,6 +107,7 @@ public class JdbcTokenRepositoryImpl extends JdbcDaoSupport implements Persisten
 		return null;
 	}
 
+	@Override
 	public void removeUserTokens(String username) {
 		getJdbcTemplate().update(this.removeUserTokensSql, username);
 	}
diff --git a/web/src/main/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServices.java b/web/src/main/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServices.java
index 13bb9f6b73..377a3567d1 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServices.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServices.java
@@ -89,6 +89,7 @@ public class PersistentTokenBasedRememberMeServices extends AbstractRememberMeSe
 	 * @throws CookieTheftException if a presented series value is found, but the stored
 	 * token is different from the one presented.
 	 */
+	@Override
 	protected UserDetails processAutoLoginCookie(String[] cookieTokens, HttpServletRequest request,
 			HttpServletResponse response) {
 
@@ -149,6 +150,7 @@ public class PersistentTokenBasedRememberMeServices extends AbstractRememberMeSe
 	 * the persistent token repository and adds the corresponding cookie to the response.
 	 *
 	 */
+	@Override
 	protected void onLoginSuccess(HttpServletRequest request, HttpServletResponse response,
 			Authentication successfulAuthentication) {
 		String username = successfulAuthentication.getName();
diff --git a/web/src/main/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationFilter.java b/web/src/main/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationFilter.java
index be1f7f05e7..8fb4a860d3 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationFilter.java
@@ -85,6 +85,7 @@ public class RememberMeAuthenticationFilter extends GenericFilterBean implements
 		Assert.notNull(this.rememberMeServices, "rememberMeServices must be specified");
 	}
 
+	@Override
 	public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
 			throws IOException, ServletException {
 		HttpServletRequest request = (HttpServletRequest) req;
@@ -170,6 +171,7 @@ public class RememberMeAuthenticationFilter extends GenericFilterBean implements
 		return this.rememberMeServices;
 	}
 
+	@Override
 	public void setApplicationEventPublisher(ApplicationEventPublisher eventPublisher) {
 		this.eventPublisher = eventPublisher;
 	}
diff --git a/web/src/main/java/org/springframework/security/web/authentication/session/AbstractSessionFixationProtectionStrategy.java b/web/src/main/java/org/springframework/security/web/authentication/session/AbstractSessionFixationProtectionStrategy.java
index 69304944f7..6fb1ec0913 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/session/AbstractSessionFixationProtectionStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/session/AbstractSessionFixationProtectionStrategy.java
@@ -65,6 +65,7 @@ abstract class AbstractSessionFixationProtectionStrategy
 	 * property is set, in which case a session will be created if one doesn't already
 	 * exist.
 	 */
+	@Override
 	public void onAuthentication(Authentication authentication, HttpServletRequest request,
 			HttpServletResponse response) {
 		boolean hadSessionAlready = request.getSession(false) != null;
@@ -135,6 +136,7 @@ abstract class AbstractSessionFixationProtectionStrategy
 	 * @param applicationEventPublisher the {@link ApplicationEventPublisher}. Cannot be
 	 * null.
 	 */
+	@Override
 	public void setApplicationEventPublisher(ApplicationEventPublisher applicationEventPublisher) {
 		Assert.notNull(applicationEventPublisher, "applicationEventPublisher cannot be null");
 		this.applicationEventPublisher = applicationEventPublisher;
@@ -146,9 +148,11 @@ abstract class AbstractSessionFixationProtectionStrategy
 
 	protected static final class NullEventPublisher implements ApplicationEventPublisher {
 
+		@Override
 		public void publishEvent(ApplicationEvent event) {
 		}
 
+		@Override
 		public void publishEvent(Object event) {
 		}
 
diff --git a/web/src/main/java/org/springframework/security/web/authentication/session/CompositeSessionAuthenticationStrategy.java b/web/src/main/java/org/springframework/security/web/authentication/session/CompositeSessionAuthenticationStrategy.java
index 4f7bdf1c1d..e37e824848 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/session/CompositeSessionAuthenticationStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/session/CompositeSessionAuthenticationStrategy.java
@@ -78,6 +78,7 @@ public class CompositeSessionAuthenticationStrategy implements SessionAuthentica
 	 * #onAuthentication(org.springframework.security.core.Authentication,
 	 * javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
 	 */
+	@Override
 	public void onAuthentication(Authentication authentication, HttpServletRequest request,
 			HttpServletResponse response) throws SessionAuthenticationException {
 		for (SessionAuthenticationStrategy delegate : this.delegateStrategies) {
diff --git a/web/src/main/java/org/springframework/security/web/authentication/session/ConcurrentSessionControlAuthenticationStrategy.java b/web/src/main/java/org/springframework/security/web/authentication/session/ConcurrentSessionControlAuthenticationStrategy.java
index 0d3e89315c..a2e4383b51 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/session/ConcurrentSessionControlAuthenticationStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/session/ConcurrentSessionControlAuthenticationStrategy.java
@@ -90,6 +90,7 @@ public class ConcurrentSessionControlAuthenticationStrategy
 	 * In addition to the steps from the superclass, the sessionRegistry will be updated
 	 * with the new session information.
 	 */
+	@Override
 	public void onAuthentication(Authentication authentication, HttpServletRequest request,
 			HttpServletResponse response) {
 
@@ -194,6 +195,7 @@ public class ConcurrentSessionControlAuthenticationStrategy
 	 * Sets the {@link MessageSource} used for reporting errors back to the user when the
 	 * user has exceeded the maximum number of authentications.
 	 */
+	@Override
 	public void setMessageSource(MessageSource messageSource) {
 		Assert.notNull(messageSource, "messageSource cannot be null");
 		this.messages = new MessageSourceAccessor(messageSource);
diff --git a/web/src/main/java/org/springframework/security/web/authentication/session/NullAuthenticatedSessionStrategy.java b/web/src/main/java/org/springframework/security/web/authentication/session/NullAuthenticatedSessionStrategy.java
index 0654ae9c60..bae5f27f76 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/session/NullAuthenticatedSessionStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/session/NullAuthenticatedSessionStrategy.java
@@ -26,6 +26,7 @@ import org.springframework.security.core.Authentication;
  */
 public final class NullAuthenticatedSessionStrategy implements SessionAuthenticationStrategy {
 
+	@Override
 	public void onAuthentication(Authentication authentication, HttpServletRequest request,
 			HttpServletResponse response) {
 	}
diff --git a/web/src/main/java/org/springframework/security/web/authentication/session/RegisterSessionAuthenticationStrategy.java b/web/src/main/java/org/springframework/security/web/authentication/session/RegisterSessionAuthenticationStrategy.java
index 0f23d62ee5..0cbe06c900 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/session/RegisterSessionAuthenticationStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/session/RegisterSessionAuthenticationStrategy.java
@@ -60,6 +60,7 @@ public class RegisterSessionAuthenticationStrategy implements SessionAuthenticat
 	 * In addition to the steps from the superclass, the sessionRegistry will be updated
 	 * with the new session information.
 	 */
+	@Override
 	public void onAuthentication(Authentication authentication, HttpServletRequest request,
 			HttpServletResponse response) {
 		this.sessionRegistry.registerNewSession(request.getSession().getId(), authentication.getPrincipal());
diff --git a/web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilter.java b/web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilter.java
index b51ca06d61..d64dd01cc3 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilter.java
@@ -159,6 +159,7 @@ public class SwitchUserFilter extends GenericFilterBean implements ApplicationEv
 		}
 	}
 
+	@Override
 	public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
 			throws IOException, ServletException {
 		HttpServletRequest request = (HttpServletRequest) req;
@@ -386,6 +387,7 @@ public class SwitchUserFilter extends GenericFilterBean implements ApplicationEv
 		return this.switchUserMatcher.matches(request);
 	}
 
+	@Override
 	public void setApplicationEventPublisher(ApplicationEventPublisher eventPublisher) throws BeansException {
 		this.eventPublisher = eventPublisher;
 	}
@@ -396,6 +398,7 @@ public class SwitchUserFilter extends GenericFilterBean implements ApplicationEv
 		this.authenticationDetailsSource = authenticationDetailsSource;
 	}
 
+	@Override
 	public void setMessageSource(MessageSource messageSource) {
 		Assert.notNull(messageSource, "messageSource cannot be null");
 		this.messages = new MessageSourceAccessor(messageSource);
diff --git a/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLoginPageGeneratingFilter.java b/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLoginPageGeneratingFilter.java
index c7378269a3..f12d17c366 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLoginPageGeneratingFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLoginPageGeneratingFilter.java
@@ -212,6 +212,7 @@ public class DefaultLoginPageGeneratingFilter extends GenericFilterBean {
 		this.saml2AuthenticationUrlToProviderName = saml2AuthenticationUrlToProviderName;
 	}
 
+	@Override
 	public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
 			throws IOException, ServletException {
 		HttpServletRequest request = (HttpServletRequest) req;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationEntryPoint.java b/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationEntryPoint.java
index b602b65fe9..e67ecba199 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationEntryPoint.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationEntryPoint.java
@@ -44,10 +44,12 @@ public class BasicAuthenticationEntryPoint implements AuthenticationEntryPoint,
 
 	private String realmName;
 
+	@Override
 	public void afterPropertiesSet() {
 		Assert.hasText(this.realmName, "realmName must be specified");
 	}
 
+	@Override
 	public void commence(HttpServletRequest request, HttpServletResponse response,
 			AuthenticationException authException) throws IOException {
 		response.addHeader("WWW-Authenticate", "Basic realm=\"" + this.realmName + "\"");
diff --git a/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthenticationEntryPoint.java b/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthenticationEntryPoint.java
index 7a464b2d2d..6fe4b6b4e5 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthenticationEntryPoint.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthenticationEntryPoint.java
@@ -57,6 +57,7 @@ public class DigestAuthenticationEntryPoint implements AuthenticationEntryPoint,
 
 	private int order = Integer.MAX_VALUE; // ~ default
 
+	@Override
 	public int getOrder() {
 		return this.order;
 	}
@@ -65,6 +66,7 @@ public class DigestAuthenticationEntryPoint implements AuthenticationEntryPoint,
 		this.order = order;
 	}
 
+	@Override
 	public void afterPropertiesSet() {
 		if ((this.realmName == null) || "".equals(this.realmName)) {
 			throw new IllegalArgumentException("realmName must be specified");
@@ -75,6 +77,7 @@ public class DigestAuthenticationEntryPoint implements AuthenticationEntryPoint,
 		}
 	}
 
+	@Override
 	public void commence(HttpServletRequest request, HttpServletResponse response,
 			AuthenticationException authException) throws IOException {
 		HttpServletResponse httpResponse = response;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilter.java b/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilter.java
index caeb12f489..d3a7ccc406 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilter.java
@@ -111,6 +111,7 @@ public class DigestAuthenticationFilter extends GenericFilterBean implements Mes
 		Assert.notNull(this.authenticationEntryPoint, "A DigestAuthenticationEntryPoint is required");
 	}
 
+	@Override
 	public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
 			throws IOException, ServletException {
 		HttpServletRequest request = (HttpServletRequest) req;
@@ -266,6 +267,7 @@ public class DigestAuthenticationFilter extends GenericFilterBean implements Mes
 		this.authenticationEntryPoint = authenticationEntryPoint;
 	}
 
+	@Override
 	public void setMessageSource(MessageSource messageSource) {
 		this.messages = new MessageSourceAccessor(messageSource);
 	}
diff --git a/web/src/main/java/org/springframework/security/web/bind/support/AuthenticationPrincipalArgumentResolver.java b/web/src/main/java/org/springframework/security/web/bind/support/AuthenticationPrincipalArgumentResolver.java
index 28e7db61d3..d6208ff6a9 100644
--- a/web/src/main/java/org/springframework/security/web/bind/support/AuthenticationPrincipalArgumentResolver.java
+++ b/web/src/main/java/org/springframework/security/web/bind/support/AuthenticationPrincipalArgumentResolver.java
@@ -92,6 +92,7 @@ public final class AuthenticationPrincipalArgumentResolver implements HandlerMet
 	 * @see org.springframework.web.method.support.HandlerMethodArgumentResolver#
 	 * supportsParameter (org.springframework.core.MethodParameter)
 	 */
+	@Override
 	public boolean supportsParameter(MethodParameter parameter) {
 		return findMethodAnnotation(AuthenticationPrincipal.class, parameter) != null;
 	}
@@ -105,6 +106,7 @@ public final class AuthenticationPrincipalArgumentResolver implements HandlerMet
 	 * org.springframework.web.context.request.NativeWebRequest,
 	 * org.springframework.web.bind.support.WebDataBinderFactory)
 	 */
+	@Override
 	public Object resolveArgument(MethodParameter parameter, ModelAndViewContainer mavContainer,
 			NativeWebRequest webRequest, WebDataBinderFactory binderFactory) {
 		Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
diff --git a/web/src/main/java/org/springframework/security/web/context/AbstractSecurityWebApplicationInitializer.java b/web/src/main/java/org/springframework/security/web/context/AbstractSecurityWebApplicationInitializer.java
index 1b3e772d06..34a4fb320c 100644
--- a/web/src/main/java/org/springframework/security/web/context/AbstractSecurityWebApplicationInitializer.java
+++ b/web/src/main/java/org/springframework/security/web/context/AbstractSecurityWebApplicationInitializer.java
@@ -105,6 +105,7 @@ public abstract class AbstractSecurityWebApplicationInitializer implements WebAp
 	 * @see org.springframework.web.WebApplicationInitializer#onStartup(javax.servlet.
 	 * ServletContext)
 	 */
+	@Override
 	public final void onStartup(ServletContext servletContext) {
 		beforeSpringSecurityFilterChain(servletContext);
 		if (this.configurationClasses != null) {
diff --git a/web/src/main/java/org/springframework/security/web/context/HttpSessionSecurityContextRepository.java b/web/src/main/java/org/springframework/security/web/context/HttpSessionSecurityContextRepository.java
index 0d4d0729c8..55d5edf3e3 100644
--- a/web/src/main/java/org/springframework/security/web/context/HttpSessionSecurityContextRepository.java
+++ b/web/src/main/java/org/springframework/security/web/context/HttpSessionSecurityContextRepository.java
@@ -109,6 +109,7 @@ public class HttpSessionSecurityContextRepository implements SecurityContextRepo
 	 * the session is not an instance of {@code SecurityContext}, a new context object
 	 * will be generated and returned.
 	 */
+	@Override
 	public SecurityContext loadContext(HttpRequestResponseHolder requestResponseHolder) {
 		HttpServletRequest request = requestResponseHolder.getRequest();
 		HttpServletResponse response = requestResponseHolder.getResponse();
@@ -134,6 +135,7 @@ public class HttpSessionSecurityContextRepository implements SecurityContextRepo
 		return context;
 	}
 
+	@Override
 	public void saveContext(SecurityContext context, HttpServletRequest request, HttpServletResponse response) {
 		SaveContextOnUpdateOrErrorResponseWrapper responseWrapper = WebUtils.getNativeResponse(response,
 				SaveContextOnUpdateOrErrorResponseWrapper.class);
@@ -150,6 +152,7 @@ public class HttpSessionSecurityContextRepository implements SecurityContextRepo
 		}
 	}
 
+	@Override
 	public boolean containsContext(HttpServletRequest request) {
 		HttpSession session = request.getSession(false);
 
diff --git a/web/src/main/java/org/springframework/security/web/context/NullSecurityContextRepository.java b/web/src/main/java/org/springframework/security/web/context/NullSecurityContextRepository.java
index acedd8369c..1afd4b8832 100644
--- a/web/src/main/java/org/springframework/security/web/context/NullSecurityContextRepository.java
+++ b/web/src/main/java/org/springframework/security/web/context/NullSecurityContextRepository.java
@@ -27,14 +27,17 @@ import org.springframework.security.core.context.SecurityContextHolder;
  */
 public final class NullSecurityContextRepository implements SecurityContextRepository {
 
+	@Override
 	public boolean containsContext(HttpServletRequest request) {
 		return false;
 	}
 
+	@Override
 	public SecurityContext loadContext(HttpRequestResponseHolder requestResponseHolder) {
 		return SecurityContextHolder.createEmptyContext();
 	}
 
+	@Override
 	public void saveContext(SecurityContext context, HttpServletRequest request, HttpServletResponse response) {
 	}
 
diff --git a/web/src/main/java/org/springframework/security/web/context/SecurityContextPersistenceFilter.java b/web/src/main/java/org/springframework/security/web/context/SecurityContextPersistenceFilter.java
index b74b7a1e19..fb9c238052 100644
--- a/web/src/main/java/org/springframework/security/web/context/SecurityContextPersistenceFilter.java
+++ b/web/src/main/java/org/springframework/security/web/context/SecurityContextPersistenceFilter.java
@@ -72,6 +72,7 @@ public class SecurityContextPersistenceFilter extends GenericFilterBean {
 		this.repo = repo;
 	}
 
+	@Override
 	public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
 			throws IOException, ServletException {
 		HttpServletRequest request = (HttpServletRequest) req;
diff --git a/web/src/main/java/org/springframework/security/web/csrf/CsrfLogoutHandler.java b/web/src/main/java/org/springframework/security/web/csrf/CsrfLogoutHandler.java
index 5a5503f677..21c5788457 100644
--- a/web/src/main/java/org/springframework/security/web/csrf/CsrfLogoutHandler.java
+++ b/web/src/main/java/org/springframework/security/web/csrf/CsrfLogoutHandler.java
@@ -49,6 +49,7 @@ public final class CsrfLogoutHandler implements LogoutHandler {
 	 * javax.servlet.http.HttpServletResponse,
 	 * org.springframework.security.core.Authentication)
 	 */
+	@Override
 	public void logout(HttpServletRequest request, HttpServletResponse response, Authentication authentication) {
 		this.csrfTokenRepository.saveToken(null, request, response);
 	}
diff --git a/web/src/main/java/org/springframework/security/web/csrf/DefaultCsrfToken.java b/web/src/main/java/org/springframework/security/web/csrf/DefaultCsrfToken.java
index 91eca28563..4cab384351 100644
--- a/web/src/main/java/org/springframework/security/web/csrf/DefaultCsrfToken.java
+++ b/web/src/main/java/org/springframework/security/web/csrf/DefaultCsrfToken.java
@@ -53,6 +53,7 @@ public final class DefaultCsrfToken implements CsrfToken {
 	 *
 	 * @see org.springframework.security.web.csrf.CsrfToken#getHeaderName()
 	 */
+	@Override
 	public String getHeaderName() {
 		return this.headerName;
 	}
@@ -62,6 +63,7 @@ public final class DefaultCsrfToken implements CsrfToken {
 	 *
 	 * @see org.springframework.security.web.csrf.CsrfToken#getParameterName()
 	 */
+	@Override
 	public String getParameterName() {
 		return this.parameterName;
 	}
@@ -71,6 +73,7 @@ public final class DefaultCsrfToken implements CsrfToken {
 	 *
 	 * @see org.springframework.security.web.csrf.CsrfToken#getToken()
 	 */
+	@Override
 	public String getToken() {
 		return this.token;
 	}
diff --git a/web/src/main/java/org/springframework/security/web/csrf/HttpSessionCsrfTokenRepository.java b/web/src/main/java/org/springframework/security/web/csrf/HttpSessionCsrfTokenRepository.java
index ffb0c144a5..53749dc7c7 100644
--- a/web/src/main/java/org/springframework/security/web/csrf/HttpSessionCsrfTokenRepository.java
+++ b/web/src/main/java/org/springframework/security/web/csrf/HttpSessionCsrfTokenRepository.java
@@ -52,6 +52,7 @@ public final class HttpSessionCsrfTokenRepository implements CsrfTokenRepository
 	 * springframework .security.web.csrf.CsrfToken,
 	 * javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
 	 */
+	@Override
 	public void saveToken(CsrfToken token, HttpServletRequest request, HttpServletResponse response) {
 		if (token == null) {
 			HttpSession session = request.getSession(false);
@@ -72,6 +73,7 @@ public final class HttpSessionCsrfTokenRepository implements CsrfTokenRepository
 	 * org.springframework.security.web.csrf.CsrfTokenRepository#loadToken(javax.servlet
 	 * .http.HttpServletRequest)
 	 */
+	@Override
 	public CsrfToken loadToken(HttpServletRequest request) {
 		HttpSession session = request.getSession(false);
 		if (session == null) {
@@ -86,6 +88,7 @@ public final class HttpSessionCsrfTokenRepository implements CsrfTokenRepository
 	 * @see org.springframework.security.web.csrf.CsrfTokenRepository#generateToken(javax.
 	 * servlet .http.HttpServletRequest)
 	 */
+	@Override
 	public CsrfToken generateToken(HttpServletRequest request) {
 		return new DefaultCsrfToken(this.headerName, this.parameterName, createNewToken());
 	}
diff --git a/web/src/main/java/org/springframework/security/web/debug/DebugFilter.java b/web/src/main/java/org/springframework/security/web/debug/DebugFilter.java
index 4ed1cab388..7f2fbfc872 100644
--- a/web/src/main/java/org/springframework/security/web/debug/DebugFilter.java
+++ b/web/src/main/java/org/springframework/security/web/debug/DebugFilter.java
@@ -57,6 +57,7 @@ public final class DebugFilter implements Filter {
 		this.fcp = fcp;
 	}
 
+	@Override
 	public void doFilter(ServletRequest srvltRequest, ServletResponse srvltResponse, FilterChain filterChain)
 			throws ServletException, IOException {
 
@@ -141,9 +142,11 @@ public final class DebugFilter implements Filter {
 		return null;
 	}
 
+	@Override
 	public void init(FilterConfig filterConfig) {
 	}
 
+	@Override
 	public void destroy() {
 	}
 
diff --git a/web/src/main/java/org/springframework/security/web/firewall/RequestWrapper.java b/web/src/main/java/org/springframework/security/web/firewall/RequestWrapper.java
index 44f623ffe8..2fc56d21fc 100644
--- a/web/src/main/java/org/springframework/security/web/firewall/RequestWrapper.java
+++ b/web/src/main/java/org/springframework/security/web/firewall/RequestWrapper.java
@@ -125,6 +125,7 @@ final class RequestWrapper extends FirewalledRequest {
 		return this.stripPaths ? new FirewalledRequestAwareRequestDispatcher(path) : super.getRequestDispatcher(path);
 	}
 
+	@Override
 	public void reset() {
 		this.stripPaths = false;
 	}
@@ -148,11 +149,13 @@ final class RequestWrapper extends FirewalledRequest {
 			this.path = path;
 		}
 
+		@Override
 		public void forward(ServletRequest request, ServletResponse response) throws ServletException, IOException {
 			reset();
 			getDelegateDispatcher().forward(request, response);
 		}
 
+		@Override
 		public void include(ServletRequest request, ServletResponse response) throws ServletException, IOException {
 			getDelegateDispatcher().include(request, response);
 		}
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/ClearSiteDataHeaderWriter.java b/web/src/main/java/org/springframework/security/web/header/writers/ClearSiteDataHeaderWriter.java
index 82ff0f3ecc..305436fbd1 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/ClearSiteDataHeaderWriter.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/ClearSiteDataHeaderWriter.java
@@ -115,6 +115,7 @@ public final class ClearSiteDataHeaderWriter implements HeaderWriter {
 
 	private static final class SecureRequestMatcher implements RequestMatcher {
 
+		@Override
 		public boolean matches(HttpServletRequest request) {
 			return request.isSecure();
 		}
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/DelegatingRequestMatcherHeaderWriter.java b/web/src/main/java/org/springframework/security/web/header/writers/DelegatingRequestMatcherHeaderWriter.java
index 2f7b4d8933..688877cb32 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/DelegatingRequestMatcherHeaderWriter.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/DelegatingRequestMatcherHeaderWriter.java
@@ -56,6 +56,7 @@ public final class DelegatingRequestMatcherHeaderWriter implements HeaderWriter
 	 * org.springframework.security.web.headers.HeaderWriter#writeHeaders(javax.servlet
 	 * .http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
 	 */
+	@Override
 	public void writeHeaders(HttpServletRequest request, HttpServletResponse response) {
 		if (this.requestMatcher.matches(request)) {
 			this.delegateHeaderWriter.writeHeaders(request, response);
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/HpkpHeaderWriter.java b/web/src/main/java/org/springframework/security/web/header/writers/HpkpHeaderWriter.java
index 120bc46ea5..50cf69cccc 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/HpkpHeaderWriter.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/HpkpHeaderWriter.java
@@ -177,6 +177,7 @@ public final class HpkpHeaderWriter implements HeaderWriter {
 	 * @see org.springframework.security.web.headers.HeaderWriter#writeHeaders(javax
 	 * .servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
 	 */
+	@Override
 	public void writeHeaders(HttpServletRequest request, HttpServletResponse response) {
 		if (this.requestMatcher.matches(request)) {
 			if (!this.pins.isEmpty()) {
@@ -441,6 +442,7 @@ public final class HpkpHeaderWriter implements HeaderWriter {
 
 	private static final class SecureRequestMatcher implements RequestMatcher {
 
+		@Override
 		public boolean matches(HttpServletRequest request) {
 			return request.isSecure();
 		}
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/HstsHeaderWriter.java b/web/src/main/java/org/springframework/security/web/header/writers/HstsHeaderWriter.java
index 5c92074048..b09121536b 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/HstsHeaderWriter.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/HstsHeaderWriter.java
@@ -151,6 +151,7 @@ public final class HstsHeaderWriter implements HeaderWriter {
 	 * @see org.springframework.security.web.headers.HeaderWriter#writeHeaders(javax
 	 * .servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
 	 */
+	@Override
 	public void writeHeaders(HttpServletRequest request, HttpServletResponse response) {
 		if (this.requestMatcher.matches(request)) {
 			if (!response.containsHeader(HSTS_HEADER_NAME)) {
@@ -246,6 +247,7 @@ public final class HstsHeaderWriter implements HeaderWriter {
 
 	private static final class SecureRequestMatcher implements RequestMatcher {
 
+		@Override
 		public boolean matches(HttpServletRequest request) {
 			return request.isSecure();
 		}
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/StaticHeadersWriter.java b/web/src/main/java/org/springframework/security/web/header/writers/StaticHeadersWriter.java
index 5aa05bcad2..1879d7576e 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/StaticHeadersWriter.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/StaticHeadersWriter.java
@@ -55,6 +55,7 @@ public class StaticHeadersWriter implements HeaderWriter {
 		this(Collections.singletonList(new Header(headerName, headerValues)));
 	}
 
+	@Override
 	public void writeHeaders(HttpServletRequest request, HttpServletResponse response) {
 		for (Header header : this.headers) {
 			if (!response.containsHeader(header.getName())) {
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/XXssProtectionHeaderWriter.java b/web/src/main/java/org/springframework/security/web/header/writers/XXssProtectionHeaderWriter.java
index 832d2dac88..7bdba9e97f 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/XXssProtectionHeaderWriter.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/XXssProtectionHeaderWriter.java
@@ -48,6 +48,7 @@ public final class XXssProtectionHeaderWriter implements HeaderWriter {
 		updateHeaderValue();
 	}
 
+	@Override
 	public void writeHeaders(HttpServletRequest request, HttpServletResponse response) {
 		if (!response.containsHeader(XSS_PROTECTION_HEADER)) {
 			response.setHeader(XSS_PROTECTION_HEADER, this.headerValue);
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/AbstractRequestParameterAllowFromStrategy.java b/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/AbstractRequestParameterAllowFromStrategy.java
index d1468e7c27..9daf174e3c 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/AbstractRequestParameterAllowFromStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/AbstractRequestParameterAllowFromStrategy.java
@@ -45,6 +45,7 @@ abstract class AbstractRequestParameterAllowFromStrategy implements AllowFromStr
 	/** Logger for use by subclasses */
 	protected final Log log = LogFactory.getLog(getClass());
 
+	@Override
 	public String getAllowFromValue(HttpServletRequest request) {
 		String allowFromOrigin = request.getParameter(this.allowFromParameterName);
 		if (this.log.isDebugEnabled()) {
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/StaticAllowFromStrategy.java b/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/StaticAllowFromStrategy.java
index fdaffe60ce..9ab95c0d3b 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/StaticAllowFromStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/StaticAllowFromStrategy.java
@@ -36,6 +36,7 @@ public final class StaticAllowFromStrategy implements AllowFromStrategy {
 		this.uri = uri;
 	}
 
+	@Override
 	public String getAllowFromValue(HttpServletRequest request) {
 		return this.uri.toString();
 	}
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/XFrameOptionsHeaderWriter.java b/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/XFrameOptionsHeaderWriter.java
index 13361add5c..25777c8b72 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/XFrameOptionsHeaderWriter.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/XFrameOptionsHeaderWriter.java
@@ -83,6 +83,7 @@ public final class XFrameOptionsHeaderWriter implements HeaderWriter {
 	 * @param request the servlet request
 	 * @param response the servlet response
 	 */
+	@Override
 	public void writeHeaders(HttpServletRequest request, HttpServletResponse response) {
 		if (XFrameOptionsMode.ALLOW_FROM.equals(this.frameOptionsMode)) {
 			String allowFromValue = this.allowFromStrategy.getAllowFromValue(request);
diff --git a/web/src/main/java/org/springframework/security/web/jaasapi/JaasApiIntegrationFilter.java b/web/src/main/java/org/springframework/security/web/jaasapi/JaasApiIntegrationFilter.java
index d288ff7157..8d857382b8 100644
--- a/web/src/main/java/org/springframework/security/web/jaasapi/JaasApiIntegrationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/jaasapi/JaasApiIntegrationFilter.java
@@ -68,6 +68,7 @@ public class JaasApiIntegrationFilter extends GenericFilterBean {
 	 * <code>Subject</code> obtained.
 	 * </p>
 	 */
+	@Override
 	public final void doFilter(final ServletRequest request, final ServletResponse response, final FilterChain chain)
 			throws ServletException, IOException {
 
diff --git a/web/src/main/java/org/springframework/security/web/method/annotation/AuthenticationPrincipalArgumentResolver.java b/web/src/main/java/org/springframework/security/web/method/annotation/AuthenticationPrincipalArgumentResolver.java
index 84b4b5f4a9..4fe44899fd 100644
--- a/web/src/main/java/org/springframework/security/web/method/annotation/AuthenticationPrincipalArgumentResolver.java
+++ b/web/src/main/java/org/springframework/security/web/method/annotation/AuthenticationPrincipalArgumentResolver.java
@@ -96,6 +96,7 @@ public final class AuthenticationPrincipalArgumentResolver implements HandlerMet
 	 * @see org.springframework.web.method.support.HandlerMethodArgumentResolver#
 	 * supportsParameter (org.springframework.core.MethodParameter)
 	 */
+	@Override
 	public boolean supportsParameter(MethodParameter parameter) {
 		return findMethodAnnotation(AuthenticationPrincipal.class, parameter) != null;
 	}
@@ -109,6 +110,7 @@ public final class AuthenticationPrincipalArgumentResolver implements HandlerMet
 	 * org.springframework.web.context.request.NativeWebRequest,
 	 * org.springframework.web.bind.support.WebDataBinderFactory)
 	 */
+	@Override
 	public Object resolveArgument(MethodParameter parameter, ModelAndViewContainer mavContainer,
 			NativeWebRequest webRequest, WebDataBinderFactory binderFactory) {
 		Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
diff --git a/web/src/main/java/org/springframework/security/web/method/annotation/CsrfTokenArgumentResolver.java b/web/src/main/java/org/springframework/security/web/method/annotation/CsrfTokenArgumentResolver.java
index e84b31fa6f..f5f22d8c22 100644
--- a/web/src/main/java/org/springframework/security/web/method/annotation/CsrfTokenArgumentResolver.java
+++ b/web/src/main/java/org/springframework/security/web/method/annotation/CsrfTokenArgumentResolver.java
@@ -20,6 +20,7 @@ import org.springframework.security.web.csrf.CsrfToken;
 import org.springframework.web.bind.annotation.RestController;
 import org.springframework.web.bind.support.WebDataBinderFactory;
 import org.springframework.web.context.request.NativeWebRequest;
+import org.springframework.web.context.request.RequestAttributes;
 import org.springframework.web.method.support.HandlerMethodArgumentResolver;
 import org.springframework.web.method.support.ModelAndViewContainer;
 
@@ -49,6 +50,7 @@ public final class CsrfTokenArgumentResolver implements HandlerMethodArgumentRes
 	 * @see org.springframework.web.method.support.HandlerMethodArgumentResolver#
 	 * supportsParameter (org.springframework.core.MethodParameter)
 	 */
+	@Override
 	public boolean supportsParameter(MethodParameter parameter) {
 		return CsrfToken.class.equals(parameter.getParameterType());
 	}
@@ -62,10 +64,11 @@ public final class CsrfTokenArgumentResolver implements HandlerMethodArgumentRes
 	 * org.springframework.web.context.request.NativeWebRequest,
 	 * org.springframework.web.bind.support.WebDataBinderFactory)
 	 */
+	@Override
 	public Object resolveArgument(MethodParameter parameter, ModelAndViewContainer mavContainer,
 			NativeWebRequest webRequest, WebDataBinderFactory binderFactory) {
 		CsrfToken token = (CsrfToken) webRequest.getAttribute(CsrfToken.class.getName(),
-				NativeWebRequest.SCOPE_REQUEST);
+				RequestAttributes.SCOPE_REQUEST);
 		return token;
 	}
 
diff --git a/web/src/main/java/org/springframework/security/web/savedrequest/DefaultSavedRequest.java b/web/src/main/java/org/springframework/security/web/savedrequest/DefaultSavedRequest.java
index 7dfb04223d..29ab2383a4 100644
--- a/web/src/main/java/org/springframework/security/web/savedrequest/DefaultSavedRequest.java
+++ b/web/src/main/java/org/springframework/security/web/savedrequest/DefaultSavedRequest.java
@@ -510,8 +510,9 @@ public class DefaultSavedRequest implements SavedRequest {
 					savedRequest.addCookie(cookie.getCookie());
 				}
 			}
-			if (!ObjectUtils.isEmpty(this.locales))
+			if (!ObjectUtils.isEmpty(this.locales)) {
 				savedRequest.locales.addAll(this.locales);
+			}
 			savedRequest.addParameters(this.parameters);
 
 			this.headers.remove(HEADER_IF_MODIFIED_SINCE);
diff --git a/web/src/main/java/org/springframework/security/web/savedrequest/Enumerator.java b/web/src/main/java/org/springframework/security/web/savedrequest/Enumerator.java
index 5692f643a3..45e7e69983 100644
--- a/web/src/main/java/org/springframework/security/web/savedrequest/Enumerator.java
+++ b/web/src/main/java/org/springframework/security/web/savedrequest/Enumerator.java
@@ -115,6 +115,7 @@ public class Enumerator<T> implements Enumeration<T> {
 	 * @return <code>true</code> if and only if this enumeration object contains at least
 	 * one more element to provide, <code>false</code> otherwise
 	 */
+	@Override
 	public boolean hasMoreElements() {
 		return (this.iterator.hasNext());
 	}
@@ -125,6 +126,7 @@ public class Enumerator<T> implements Enumeration<T> {
 	 * @return the next element of this enumeration
 	 * @exception NoSuchElementException if no more elements exist
 	 */
+	@Override
 	public T nextElement() throws NoSuchElementException {
 		return (this.iterator.next());
 	}
diff --git a/web/src/main/java/org/springframework/security/web/savedrequest/HttpSessionRequestCache.java b/web/src/main/java/org/springframework/security/web/savedrequest/HttpSessionRequestCache.java
index 4704e2fe0f..21b0f82b6b 100644
--- a/web/src/main/java/org/springframework/security/web/savedrequest/HttpSessionRequestCache.java
+++ b/web/src/main/java/org/springframework/security/web/savedrequest/HttpSessionRequestCache.java
@@ -54,6 +54,7 @@ public class HttpSessionRequestCache implements RequestCache {
 	/**
 	 * Stores the current request, provided the configuration properties allow it.
 	 */
+	@Override
 	public void saveRequest(HttpServletRequest request, HttpServletResponse response) {
 		if (this.requestMatcher.matches(request)) {
 			DefaultSavedRequest savedRequest = new DefaultSavedRequest(request, this.portResolver);
@@ -71,6 +72,7 @@ public class HttpSessionRequestCache implements RequestCache {
 		}
 	}
 
+	@Override
 	public SavedRequest getRequest(HttpServletRequest currentRequest, HttpServletResponse response) {
 		HttpSession session = currentRequest.getSession(false);
 
@@ -81,6 +83,7 @@ public class HttpSessionRequestCache implements RequestCache {
 		return null;
 	}
 
+	@Override
 	public void removeRequest(HttpServletRequest currentRequest, HttpServletResponse response) {
 		HttpSession session = currentRequest.getSession(false);
 
@@ -90,6 +93,7 @@ public class HttpSessionRequestCache implements RequestCache {
 		}
 	}
 
+	@Override
 	public HttpServletRequest getMatchingRequest(HttpServletRequest request, HttpServletResponse response) {
 		SavedRequest saved = getRequest(request, response);
 
diff --git a/web/src/main/java/org/springframework/security/web/savedrequest/NullRequestCache.java b/web/src/main/java/org/springframework/security/web/savedrequest/NullRequestCache.java
index e9e04d7cdf..6ddc40ce11 100644
--- a/web/src/main/java/org/springframework/security/web/savedrequest/NullRequestCache.java
+++ b/web/src/main/java/org/springframework/security/web/savedrequest/NullRequestCache.java
@@ -27,17 +27,21 @@ import javax.servlet.http.HttpServletResponse;
  */
 public class NullRequestCache implements RequestCache {
 
+	@Override
 	public SavedRequest getRequest(HttpServletRequest request, HttpServletResponse response) {
 		return null;
 	}
 
+	@Override
 	public void removeRequest(HttpServletRequest request, HttpServletResponse response) {
 
 	}
 
+	@Override
 	public void saveRequest(HttpServletRequest request, HttpServletResponse response) {
 	}
 
+	@Override
 	public HttpServletRequest getMatchingRequest(HttpServletRequest request, HttpServletResponse response) {
 		return null;
 	}
diff --git a/web/src/main/java/org/springframework/security/web/savedrequest/RequestCacheAwareFilter.java b/web/src/main/java/org/springframework/security/web/savedrequest/RequestCacheAwareFilter.java
index 7aa57e956c..f65ef98b98 100644
--- a/web/src/main/java/org/springframework/security/web/savedrequest/RequestCacheAwareFilter.java
+++ b/web/src/main/java/org/springframework/security/web/savedrequest/RequestCacheAwareFilter.java
@@ -54,6 +54,7 @@ public class RequestCacheAwareFilter extends GenericFilterBean {
 		this.requestCache = requestCache;
 	}
 
+	@Override
 	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
 			throws IOException, ServletException {
 
diff --git a/web/src/main/java/org/springframework/security/web/savedrequest/SavedCookie.java b/web/src/main/java/org/springframework/security/web/savedrequest/SavedCookie.java
index 8db916cbfc..3fb5d77e1c 100644
--- a/web/src/main/java/org/springframework/security/web/savedrequest/SavedCookie.java
+++ b/web/src/main/java/org/springframework/security/web/savedrequest/SavedCookie.java
@@ -94,14 +94,17 @@ public class SavedCookie implements Serializable {
 	public Cookie getCookie() {
 		Cookie c = new Cookie(getName(), getValue());
 
-		if (getComment() != null)
+		if (getComment() != null) {
 			c.setComment(getComment());
+		}
 
-		if (getDomain() != null)
+		if (getDomain() != null) {
 			c.setDomain(getDomain());
+		}
 
-		if (getPath() != null)
+		if (getPath() != null) {
 			c.setPath(getPath());
+		}
 
 		c.setVersion(getVersion());
 		c.setMaxAge(getMaxAge());
diff --git a/web/src/main/java/org/springframework/security/web/server/DefaultServerRedirectStrategy.java b/web/src/main/java/org/springframework/security/web/server/DefaultServerRedirectStrategy.java
index 0ce2e0bba7..36bf02a42b 100644
--- a/web/src/main/java/org/springframework/security/web/server/DefaultServerRedirectStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/server/DefaultServerRedirectStrategy.java
@@ -42,6 +42,7 @@ public class DefaultServerRedirectStrategy implements ServerRedirectStrategy {
 
 	private boolean contextRelative = true;
 
+	@Override
 	public Mono<Void> sendRedirect(ServerWebExchange exchange, URI location) {
 		Assert.notNull(exchange, "exchange cannot be null");
 		Assert.notNull(location, "location cannot be null");
diff --git a/web/src/main/java/org/springframework/security/web/server/DelegatingServerAuthenticationEntryPoint.java b/web/src/main/java/org/springframework/security/web/server/DelegatingServerAuthenticationEntryPoint.java
index 460c875a28..ad85f52306 100644
--- a/web/src/main/java/org/springframework/security/web/server/DelegatingServerAuthenticationEntryPoint.java
+++ b/web/src/main/java/org/springframework/security/web/server/DelegatingServerAuthenticationEntryPoint.java
@@ -58,6 +58,7 @@ public class DelegatingServerAuthenticationEntryPoint implements ServerAuthentic
 		this.entryPoints = entryPoints;
 	}
 
+	@Override
 	public Mono<Void> commence(ServerWebExchange exchange, AuthenticationException e) {
 		return Flux.fromIterable(this.entryPoints).filterWhen(entry -> isMatch(exchange, entry)).next()
 				.map(entry -> entry.getEntryPoint()).doOnNext(it -> {
diff --git a/web/src/main/java/org/springframework/security/web/server/context/NoOpServerSecurityContextRepository.java b/web/src/main/java/org/springframework/security/web/server/context/NoOpServerSecurityContextRepository.java
index 06d7ff0cc8..14b0db4d10 100644
--- a/web/src/main/java/org/springframework/security/web/server/context/NoOpServerSecurityContextRepository.java
+++ b/web/src/main/java/org/springframework/security/web/server/context/NoOpServerSecurityContextRepository.java
@@ -35,10 +35,12 @@ public final class NoOpServerSecurityContextRepository implements ServerSecurity
 	private NoOpServerSecurityContextRepository() {
 	}
 
+	@Override
 	public Mono<Void> save(ServerWebExchange exchange, SecurityContext context) {
 		return Mono.empty();
 	}
 
+	@Override
 	public Mono<SecurityContext> load(ServerWebExchange exchange) {
 		return Mono.empty();
 	}
diff --git a/web/src/main/java/org/springframework/security/web/server/context/WebSessionServerSecurityContextRepository.java b/web/src/main/java/org/springframework/security/web/server/context/WebSessionServerSecurityContextRepository.java
index f6cde328bd..813d3f595d 100644
--- a/web/src/main/java/org/springframework/security/web/server/context/WebSessionServerSecurityContextRepository.java
+++ b/web/src/main/java/org/springframework/security/web/server/context/WebSessionServerSecurityContextRepository.java
@@ -53,6 +53,7 @@ public class WebSessionServerSecurityContextRepository implements ServerSecurity
 		this.springSecurityContextAttrName = springSecurityContextAttrName;
 	}
 
+	@Override
 	public Mono<Void> save(ServerWebExchange exchange, SecurityContext context) {
 		return exchange.getSession().doOnNext(session -> {
 			if (context == null) {
@@ -70,6 +71,7 @@ public class WebSessionServerSecurityContextRepository implements ServerSecurity
 		}).flatMap(session -> session.changeSessionId());
 	}
 
+	@Override
 	public Mono<SecurityContext> load(ServerWebExchange exchange) {
 		return exchange.getSession().flatMap(session -> {
 			SecurityContext context = (SecurityContext) session.getAttribute(this.springSecurityContextAttrName);
diff --git a/web/src/main/java/org/springframework/security/web/server/csrf/DefaultCsrfToken.java b/web/src/main/java/org/springframework/security/web/server/csrf/DefaultCsrfToken.java
index fcacdb11dd..f7173e2fab 100644
--- a/web/src/main/java/org/springframework/security/web/server/csrf/DefaultCsrfToken.java
+++ b/web/src/main/java/org/springframework/security/web/server/csrf/DefaultCsrfToken.java
@@ -53,6 +53,7 @@ public final class DefaultCsrfToken implements CsrfToken {
 	 *
 	 * @see org.springframework.security.web.csrf.CsrfToken#getHeaderName()
 	 */
+	@Override
 	public String getHeaderName() {
 		return this.headerName;
 	}
@@ -62,6 +63,7 @@ public final class DefaultCsrfToken implements CsrfToken {
 	 *
 	 * @see org.springframework.security.web.csrf.CsrfToken#getParameterName()
 	 */
+	@Override
 	public String getParameterName() {
 		return this.parameterName;
 	}
@@ -71,23 +73,28 @@ public final class DefaultCsrfToken implements CsrfToken {
 	 *
 	 * @see org.springframework.security.web.csrf.CsrfToken#getToken()
 	 */
+	@Override
 	public String getToken() {
 		return this.token;
 	}
 
 	@Override
 	public boolean equals(Object o) {
-		if (this == o)
+		if (this == o) {
 			return true;
-		if (o == null || !(o instanceof CsrfToken))
+		}
+		if (o == null || !(o instanceof CsrfToken)) {
 			return false;
+		}
 
 		CsrfToken that = (CsrfToken) o;
 
-		if (!getToken().equals(that.getToken()))
+		if (!getToken().equals(that.getToken())) {
 			return false;
-		if (!getParameterName().equals(that.getParameterName()))
+		}
+		if (!getParameterName().equals(that.getParameterName())) {
 			return false;
+		}
 		return getHeaderName().equals(that.getHeaderName());
 	}
 
diff --git a/web/src/main/java/org/springframework/security/web/server/csrf/WebSessionServerCsrfTokenRepository.java b/web/src/main/java/org/springframework/security/web/server/csrf/WebSessionServerCsrfTokenRepository.java
index ccd785ea61..76953bcc0d 100644
--- a/web/src/main/java/org/springframework/security/web/server/csrf/WebSessionServerCsrfTokenRepository.java
+++ b/web/src/main/java/org/springframework/security/web/server/csrf/WebSessionServerCsrfTokenRepository.java
@@ -51,7 +51,8 @@ public class WebSessionServerCsrfTokenRepository implements ServerCsrfTokenRepos
 
 	@Override
 	public Mono<CsrfToken> generateToken(ServerWebExchange exchange) {
-		return Mono.just(exchange).publishOn(Schedulers.boundedElastic()).fromCallable(() -> createCsrfToken());
+		Mono.just(exchange).publishOn(Schedulers.boundedElastic());
+		return Mono.fromCallable(() -> createCsrfToken());
 	}
 
 	@Override
diff --git a/web/src/main/java/org/springframework/security/web/servlet/support/csrf/CsrfRequestDataValueProcessor.java b/web/src/main/java/org/springframework/security/web/servlet/support/csrf/CsrfRequestDataValueProcessor.java
index d5784ebf73..9d85128d2c 100644
--- a/web/src/main/java/org/springframework/security/web/servlet/support/csrf/CsrfRequestDataValueProcessor.java
+++ b/web/src/main/java/org/springframework/security/web/servlet/support/csrf/CsrfRequestDataValueProcessor.java
@@ -42,6 +42,7 @@ public final class CsrfRequestDataValueProcessor implements RequestDataValueProc
 		return action;
 	}
 
+	@Override
 	public String processAction(HttpServletRequest request, String action, String method) {
 		if (method != null && this.DISABLE_CSRF_TOKEN_PATTERN.matcher(method).matches()) {
 			request.setAttribute(this.DISABLE_CSRF_TOKEN_ATTR, Boolean.TRUE);
@@ -52,10 +53,12 @@ public final class CsrfRequestDataValueProcessor implements RequestDataValueProc
 		return action;
 	}
 
+	@Override
 	public String processFormFieldValue(HttpServletRequest request, String name, String value, String type) {
 		return value;
 	}
 
+	@Override
 	public Map<String, String> getExtraHiddenFields(HttpServletRequest request) {
 		if (Boolean.TRUE.equals(request.getAttribute(this.DISABLE_CSRF_TOKEN_ATTR))) {
 			request.removeAttribute(this.DISABLE_CSRF_TOKEN_ATTR);
@@ -71,6 +74,7 @@ public final class CsrfRequestDataValueProcessor implements RequestDataValueProc
 		return hiddenFields;
 	}
 
+	@Override
 	public String processUrl(HttpServletRequest request, String url) {
 		return url;
 	}
diff --git a/web/src/main/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestFilter.java b/web/src/main/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestFilter.java
index d4742dc9b1..2b6238e139 100644
--- a/web/src/main/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestFilter.java
+++ b/web/src/main/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestFilter.java
@@ -143,6 +143,7 @@ public class SecurityContextHolderAwareRequestFilter extends GenericFilterBean {
 		this.logoutHandlers = logoutHandlers;
 	}
 
+	@Override
 	public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
 			throws IOException, ServletException {
 		chain.doFilter(this.requestFactory.create((HttpServletRequest) req, (HttpServletResponse) res), res);
diff --git a/web/src/main/java/org/springframework/security/web/session/ConcurrentSessionFilter.java b/web/src/main/java/org/springframework/security/web/session/ConcurrentSessionFilter.java
index 585f55288c..2847a4e9ec 100644
--- a/web/src/main/java/org/springframework/security/web/session/ConcurrentSessionFilter.java
+++ b/web/src/main/java/org/springframework/security/web/session/ConcurrentSessionFilter.java
@@ -119,6 +119,7 @@ public class ConcurrentSessionFilter extends GenericFilterBean {
 		Assert.notNull(this.sessionRegistry, "SessionRegistry required");
 	}
 
+	@Override
 	public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
 			throws IOException, ServletException {
 		HttpServletRequest request = (HttpServletRequest) req;
diff --git a/web/src/main/java/org/springframework/security/web/session/HttpSessionEventPublisher.java b/web/src/main/java/org/springframework/security/web/session/HttpSessionEventPublisher.java
index 3ed1eb44f7..6dc5162626 100644
--- a/web/src/main/java/org/springframework/security/web/session/HttpSessionEventPublisher.java
+++ b/web/src/main/java/org/springframework/security/web/session/HttpSessionEventPublisher.java
@@ -57,6 +57,7 @@ public class HttpSessionEventPublisher implements HttpSessionListener, HttpSessi
 	 * application appContext.
 	 * @param event HttpSessionEvent passed in by the container
 	 */
+	@Override
 	public void sessionCreated(HttpSessionEvent event) {
 		HttpSessionCreatedEvent e = new HttpSessionCreatedEvent(event.getSession());
 		Log log = LogFactory.getLog(LOGGER_NAME);
@@ -73,6 +74,7 @@ public class HttpSessionEventPublisher implements HttpSessionListener, HttpSessi
 	 * the application appContext.
 	 * @param event The HttpSessionEvent pass in by the container
 	 */
+	@Override
 	public void sessionDestroyed(HttpSessionEvent event) {
 		HttpSessionDestroyedEvent e = new HttpSessionDestroyedEvent(event.getSession());
 		Log log = LogFactory.getLog(LOGGER_NAME);
diff --git a/web/src/main/java/org/springframework/security/web/session/InvalidSessionAccessDeniedHandler.java b/web/src/main/java/org/springframework/security/web/session/InvalidSessionAccessDeniedHandler.java
index 8a9a467a8e..dab718fdc0 100644
--- a/web/src/main/java/org/springframework/security/web/session/InvalidSessionAccessDeniedHandler.java
+++ b/web/src/main/java/org/springframework/security/web/session/InvalidSessionAccessDeniedHandler.java
@@ -44,6 +44,7 @@ public final class InvalidSessionAccessDeniedHandler implements AccessDeniedHand
 		this.invalidSessionStrategy = invalidSessionStrategy;
 	}
 
+	@Override
 	public void handle(HttpServletRequest request, HttpServletResponse response,
 			AccessDeniedException accessDeniedException) throws IOException, ServletException {
 		this.invalidSessionStrategy.onInvalidSessionDetected(request, response);
diff --git a/web/src/main/java/org/springframework/security/web/session/SessionManagementFilter.java b/web/src/main/java/org/springframework/security/web/session/SessionManagementFilter.java
index ade6b59d4b..710191e2a0 100644
--- a/web/src/main/java/org/springframework/security/web/session/SessionManagementFilter.java
+++ b/web/src/main/java/org/springframework/security/web/session/SessionManagementFilter.java
@@ -73,6 +73,7 @@ public class SessionManagementFilter extends GenericFilterBean {
 		this.sessionAuthenticationStrategy = sessionStrategy;
 	}
 
+	@Override
 	public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
 			throws IOException, ServletException {
 		HttpServletRequest request = (HttpServletRequest) req;
diff --git a/web/src/main/java/org/springframework/security/web/session/SimpleRedirectInvalidSessionStrategy.java b/web/src/main/java/org/springframework/security/web/session/SimpleRedirectInvalidSessionStrategy.java
index 46ef7b6f01..d5c464e33d 100644
--- a/web/src/main/java/org/springframework/security/web/session/SimpleRedirectInvalidSessionStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/session/SimpleRedirectInvalidSessionStrategy.java
@@ -49,6 +49,7 @@ public final class SimpleRedirectInvalidSessionStrategy implements InvalidSessio
 		this.destinationUrl = invalidSessionUrl;
 	}
 
+	@Override
 	public void onInvalidSessionDetected(HttpServletRequest request, HttpServletResponse response) throws IOException {
 		this.logger.debug("Starting new session (if required) and redirecting to '" + this.destinationUrl + "'");
 		if (this.createNewSession) {
diff --git a/web/src/main/java/org/springframework/security/web/session/SimpleRedirectSessionInformationExpiredStrategy.java b/web/src/main/java/org/springframework/security/web/session/SimpleRedirectSessionInformationExpiredStrategy.java
index e83fe3fb08..3467a66491 100644
--- a/web/src/main/java/org/springframework/security/web/session/SimpleRedirectSessionInformationExpiredStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/session/SimpleRedirectSessionInformationExpiredStrategy.java
@@ -51,6 +51,7 @@ public final class SimpleRedirectSessionInformationExpiredStrategy implements Se
 		this.redirectStrategy = redirectStrategy;
 	}
 
+	@Override
 	public void onExpiredSessionDetected(SessionInformationExpiredEvent event) throws IOException {
 		this.logger.debug("Redirecting to '" + this.destinationUrl + "'");
 		this.redirectStrategy.sendRedirect(event.getRequest(), event.getResponse(), this.destinationUrl);
diff --git a/web/src/main/java/org/springframework/security/web/util/OnCommittedResponseWrapper.java b/web/src/main/java/org/springframework/security/web/util/OnCommittedResponseWrapper.java
index 307c1c9190..747c59fda9 100644
--- a/web/src/main/java/org/springframework/security/web/util/OnCommittedResponseWrapper.java
+++ b/web/src/main/java/org/springframework/security/web/util/OnCommittedResponseWrapper.java
@@ -647,10 +647,12 @@ public abstract class OnCommittedResponseWrapper extends HttpServletResponseWrap
 			this.delegate.write(b, off, len);
 		}
 
+		@Override
 		public boolean isReady() {
 			return this.delegate.isReady();
 		}
 
+		@Override
 		public void setWriteListener(WriteListener writeListener) {
 			this.delegate.setWriteListener(writeListener);
 		}
diff --git a/web/src/main/java/org/springframework/security/web/util/matcher/AndRequestMatcher.java b/web/src/main/java/org/springframework/security/web/util/matcher/AndRequestMatcher.java
index 3818db6df7..63e2db7ccf 100644
--- a/web/src/main/java/org/springframework/security/web/util/matcher/AndRequestMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/util/matcher/AndRequestMatcher.java
@@ -58,6 +58,7 @@ public final class AndRequestMatcher implements RequestMatcher {
 		this(Arrays.asList(requestMatchers));
 	}
 
+	@Override
 	public boolean matches(HttpServletRequest request) {
 		for (RequestMatcher matcher : this.requestMatchers) {
 			if (this.logger.isDebugEnabled()) {
diff --git a/web/src/main/java/org/springframework/security/web/util/matcher/AnyRequestMatcher.java b/web/src/main/java/org/springframework/security/web/util/matcher/AnyRequestMatcher.java
index 4ba8b5217c..c2ad877abb 100644
--- a/web/src/main/java/org/springframework/security/web/util/matcher/AnyRequestMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/util/matcher/AnyRequestMatcher.java
@@ -27,6 +27,7 @@ public final class AnyRequestMatcher implements RequestMatcher {
 
 	public static final RequestMatcher INSTANCE = new AnyRequestMatcher();
 
+	@Override
 	public boolean matches(HttpServletRequest request) {
 		return true;
 	}
diff --git a/web/src/main/java/org/springframework/security/web/util/matcher/ELRequestMatcher.java b/web/src/main/java/org/springframework/security/web/util/matcher/ELRequestMatcher.java
index a41ebdf151..f3ce9d70a6 100644
--- a/web/src/main/java/org/springframework/security/web/util/matcher/ELRequestMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/util/matcher/ELRequestMatcher.java
@@ -48,6 +48,7 @@ public class ELRequestMatcher implements RequestMatcher {
 		this.expression = parser.parseExpression(el);
 	}
 
+	@Override
 	public boolean matches(HttpServletRequest request) {
 		EvaluationContext context = createELContext(request);
 		return this.expression.getValue(context, Boolean.class);
diff --git a/web/src/main/java/org/springframework/security/web/util/matcher/IpAddressMatcher.java b/web/src/main/java/org/springframework/security/web/util/matcher/IpAddressMatcher.java
index 6ab47a19f7..08792192b5 100644
--- a/web/src/main/java/org/springframework/security/web/util/matcher/IpAddressMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/util/matcher/IpAddressMatcher.java
@@ -60,6 +60,7 @@ public final class IpAddressMatcher implements RequestMatcher {
 				String.format("IP address %s is too short for bitmask of length %d", ipAddress, this.nMaskBits));
 	}
 
+	@Override
 	public boolean matches(HttpServletRequest request) {
 		return matches(request.getRemoteAddr());
 	}
diff --git a/web/src/main/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcher.java b/web/src/main/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcher.java
index 8e927dab29..a0c91a5333 100644
--- a/web/src/main/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcher.java
@@ -195,6 +195,7 @@ public final class MediaTypeRequestMatcher implements RequestMatcher {
 		this.matchingMediaTypes = matchingMediaTypes;
 	}
 
+	@Override
 	public boolean matches(HttpServletRequest request) {
 		List<MediaType> httpRequestMediaTypes;
 		try {
diff --git a/web/src/main/java/org/springframework/security/web/util/matcher/NegatedRequestMatcher.java b/web/src/main/java/org/springframework/security/web/util/matcher/NegatedRequestMatcher.java
index 1dd2631e41..cfc58f19a2 100644
--- a/web/src/main/java/org/springframework/security/web/util/matcher/NegatedRequestMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/util/matcher/NegatedRequestMatcher.java
@@ -46,6 +46,7 @@ public class NegatedRequestMatcher implements RequestMatcher {
 		this.requestMatcher = requestMatcher;
 	}
 
+	@Override
 	public boolean matches(HttpServletRequest request) {
 		boolean result = !this.requestMatcher.matches(request);
 		if (this.logger.isDebugEnabled()) {
diff --git a/web/src/main/java/org/springframework/security/web/util/matcher/OrRequestMatcher.java b/web/src/main/java/org/springframework/security/web/util/matcher/OrRequestMatcher.java
index 4e38d5c600..11c22c6a2b 100644
--- a/web/src/main/java/org/springframework/security/web/util/matcher/OrRequestMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/util/matcher/OrRequestMatcher.java
@@ -58,6 +58,7 @@ public final class OrRequestMatcher implements RequestMatcher {
 		this(Arrays.asList(requestMatchers));
 	}
 
+	@Override
 	public boolean matches(HttpServletRequest request) {
 		for (RequestMatcher matcher : this.requestMatchers) {
 			if (this.logger.isDebugEnabled()) {
diff --git a/web/src/main/java/org/springframework/security/web/util/matcher/RegexRequestMatcher.java b/web/src/main/java/org/springframework/security/web/util/matcher/RegexRequestMatcher.java
index b6158d30be..a7e23cc6f1 100644
--- a/web/src/main/java/org/springframework/security/web/util/matcher/RegexRequestMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/util/matcher/RegexRequestMatcher.java
@@ -80,6 +80,7 @@ public final class RegexRequestMatcher implements RequestMatcher {
 	 * @param request the request to match
 	 * @return true if the pattern matches the URL, false otherwise.
 	 */
+	@Override
 	public boolean matches(HttpServletRequest request) {
 		if (this.httpMethod != null && request.getMethod() != null && this.httpMethod != valueOf(request.getMethod())) {
 			return false;
diff --git a/web/src/main/java/org/springframework/security/web/util/matcher/RequestHeaderRequestMatcher.java b/web/src/main/java/org/springframework/security/web/util/matcher/RequestHeaderRequestMatcher.java
index 235e001e1d..fcb8efbf6f 100644
--- a/web/src/main/java/org/springframework/security/web/util/matcher/RequestHeaderRequestMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/util/matcher/RequestHeaderRequestMatcher.java
@@ -80,6 +80,7 @@ public final class RequestHeaderRequestMatcher implements RequestMatcher {
 		this.expectedHeaderValue = expectedHeaderValue;
 	}
 
+	@Override
 	public boolean matches(HttpServletRequest request) {
 		String actualHeaderValue = request.getHeader(this.expectedHeaderName);
 		if (this.expectedHeaderValue == null) {
diff --git a/web/src/main/java/org/springframework/security/web/util/matcher/RequestVariablesExtractor.java b/web/src/main/java/org/springframework/security/web/util/matcher/RequestVariablesExtractor.java
index 205345110d..5c9fcb9675 100644
--- a/web/src/main/java/org/springframework/security/web/util/matcher/RequestVariablesExtractor.java
+++ b/web/src/main/java/org/springframework/security/web/util/matcher/RequestVariablesExtractor.java
@@ -28,6 +28,7 @@ import javax.servlet.http.HttpServletRequest;
  * @deprecated use {@link RequestMatcher.MatchResult} from
  * {@link RequestMatcher#matcher(HttpServletRequest)}
  */
+@Deprecated
 public interface RequestVariablesExtractor {
 
 	/**
diff --git a/web/src/test/java/org/springframework/security/MockFilterConfig.java b/web/src/test/java/org/springframework/security/MockFilterConfig.java
index f2ac50619f..c9eedad606 100644
--- a/web/src/test/java/org/springframework/security/MockFilterConfig.java
+++ b/web/src/test/java/org/springframework/security/MockFilterConfig.java
@@ -31,10 +31,12 @@ public class MockFilterConfig implements FilterConfig {
 
 	private Map map = new HashMap();
 
+	@Override
 	public String getFilterName() {
 		throw new UnsupportedOperationException("mock method not implemented");
 	}
 
+	@Override
 	public String getInitParameter(String arg0) {
 		Object result = this.map.get(arg0);
 
@@ -46,10 +48,12 @@ public class MockFilterConfig implements FilterConfig {
 		}
 	}
 
+	@Override
 	public Enumeration getInitParameterNames() {
 		throw new UnsupportedOperationException("mock method not implemented");
 	}
 
+	@Override
 	public ServletContext getServletContext() {
 		throw new UnsupportedOperationException("mock method not implemented");
 	}
diff --git a/web/src/test/java/org/springframework/security/MockPortResolver.java b/web/src/test/java/org/springframework/security/MockPortResolver.java
index 65be621c9b..65e774af01 100644
--- a/web/src/test/java/org/springframework/security/MockPortResolver.java
+++ b/web/src/test/java/org/springframework/security/MockPortResolver.java
@@ -36,6 +36,7 @@ public class MockPortResolver implements PortResolver {
 		this.https = https;
 	}
 
+	@Override
 	public int getServerPort(ServletRequest request) {
 		if ((request.getScheme() != null) && request.getScheme().equals("https")) {
 			return this.https;
diff --git a/web/src/test/java/org/springframework/security/web/access/channel/ChannelDecisionManagerImplTests.java b/web/src/test/java/org/springframework/security/web/access/channel/ChannelDecisionManagerImplTests.java
index 3febacc27e..e2bd4810de 100644
--- a/web/src/test/java/org/springframework/security/web/access/channel/ChannelDecisionManagerImplTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/channel/ChannelDecisionManagerImplTests.java
@@ -199,6 +199,7 @@ public class ChannelDecisionManagerImplTests {
 			this.failIfCalled = failIfCalled;
 		}
 
+		@Override
 		public void decide(FilterInvocation invocation, Collection<ConfigAttribute> config) throws IOException {
 			Iterator iter = config.iterator();
 
@@ -217,6 +218,7 @@ public class ChannelDecisionManagerImplTests {
 			}
 		}
 
+		@Override
 		public boolean supports(ConfigAttribute attribute) {
 			if (attribute.getAttribute().equals(this.configAttribute)) {
 				return true;
diff --git a/web/src/test/java/org/springframework/security/web/access/channel/ChannelProcessingFilterTests.java b/web/src/test/java/org/springframework/security/web/access/channel/ChannelProcessingFilterTests.java
index ba8b7ea096..64ad763950 100644
--- a/web/src/test/java/org/springframework/security/web/access/channel/ChannelProcessingFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/channel/ChannelProcessingFilterTests.java
@@ -161,12 +161,14 @@ public class ChannelProcessingFilterTests {
 			this.supportAttribute = supportAttribute;
 		}
 
+		@Override
 		public void decide(FilterInvocation invocation, Collection<ConfigAttribute> config) throws IOException {
 			if (this.commitAResponse) {
 				invocation.getHttpResponse().sendRedirect("/redirected");
 			}
 		}
 
+		@Override
 		public boolean supports(ConfigAttribute attribute) {
 			if (attribute.getAttribute().equals(this.supportAttribute)) {
 				return true;
@@ -192,6 +194,7 @@ public class ChannelProcessingFilterTests {
 			this.provideIterator = provideIterator;
 		}
 
+		@Override
 		public Collection<ConfigAttribute> getAttributes(Object object) throws IllegalArgumentException {
 			FilterInvocation fi = (FilterInvocation) object;
 
@@ -203,6 +206,7 @@ public class ChannelProcessingFilterTests {
 			}
 		}
 
+		@Override
 		public Collection<ConfigAttribute> getAllConfigAttributes() {
 			if (!this.provideIterator) {
 				return null;
@@ -211,6 +215,7 @@ public class ChannelProcessingFilterTests {
 			return this.toReturn;
 		}
 
+		@Override
 		public boolean supports(Class<?> clazz) {
 			return true;
 		}
diff --git a/web/src/test/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilterTests.java
index aa1d4986fb..d815881514 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilterTests.java
@@ -506,6 +506,7 @@ public class AbstractAuthenticationProcessingFilterTests {
 			this.grantAccess = true;
 		}
 
+		@Override
 		public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
 				throws AuthenticationException {
 			if (this.grantAccess) {
@@ -532,6 +533,7 @@ public class AbstractAuthenticationProcessingFilterTests {
 			this.expectToProceed = expectToProceed;
 		}
 
+		@Override
 		public void doFilter(ServletRequest request, ServletResponse response) {
 			if (!this.expectToProceed) {
 				fail("Did not expect filter chain to proceed");
diff --git a/web/src/test/java/org/springframework/security/web/authentication/AnonymousAuthenticationFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/AnonymousAuthenticationFilterTests.java
index 8fe9848e70..cf5985a017 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/AnonymousAuthenticationFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/AnonymousAuthenticationFilterTests.java
@@ -114,6 +114,7 @@ public class AnonymousAuthenticationFilterTests {
 			this.expectToProceed = expectToProceed;
 		}
 
+		@Override
 		public void doFilter(ServletRequest request, ServletResponse response) {
 			if (!this.expectToProceed) {
 				fail("Did not expect filter chain to proceed");
diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilterTests.java
index 1f2a9cde5f..8a028ba49b 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilterTests.java
@@ -60,10 +60,12 @@ public class AbstractPreAuthenticatedProcessingFilterTests {
 	@Before
 	public void createFilter() {
 		this.filter = new AbstractPreAuthenticatedProcessingFilter() {
+			@Override
 			protected Object getPreAuthenticatedCredentials(HttpServletRequest request) {
 				return "n/a";
 			}
 
+			@Override
 			protected Object getPreAuthenticatedPrincipal(HttpServletRequest request) {
 				return "doesntmatter";
 			}
@@ -434,10 +436,12 @@ public class AbstractPreAuthenticatedProcessingFilterTests {
 
 		private boolean initFilterBeanInvoked;
 
+		@Override
 		protected Object getPreAuthenticatedPrincipal(HttpServletRequest httpRequest) {
 			return this.principal;
 		}
 
+		@Override
 		protected Object getPreAuthenticatedCredentials(HttpServletRequest httpRequest) {
 			return "testCredentials";
 		}
diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetailsTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetailsTests.java
index 897e88532a..a68a9c4bcb 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetailsTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetailsTests.java
@@ -60,6 +60,7 @@ public class PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetailsTests {
 		MockHttpServletRequest req = new MockHttpServletRequest() {
 			private Set<String> roles = new HashSet<>(Arrays.asList(aRoles));
 
+			@Override
 			public boolean isUserInRole(String arg0) {
 				return this.roles.contains(arg0);
 			}
diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/J2eeBasedPreAuthenticatedWebAuthenticationDetailsSourceTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/J2eeBasedPreAuthenticatedWebAuthenticationDetailsSourceTests.java
index d3c1df80fe..83f42dab02 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/J2eeBasedPreAuthenticatedWebAuthenticationDetailsSourceTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/J2eeBasedPreAuthenticatedWebAuthenticationDetailsSourceTests.java
@@ -169,6 +169,7 @@ public class J2eeBasedPreAuthenticatedWebAuthenticationDetailsSourceTests {
 
 			private Set<String> roles = new HashSet<>(Arrays.asList(aRoles));
 
+			@Override
 			public boolean isUserInRole(String arg0) {
 				return this.roles.contains(arg0);
 			}
diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/J2eePreAuthenticatedProcessingFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/J2eePreAuthenticatedProcessingFilterTests.java
index d0677000c0..8f33c8d6a3 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/J2eePreAuthenticatedProcessingFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/J2eePreAuthenticatedProcessingFilterTests.java
@@ -51,6 +51,7 @@ public class J2eePreAuthenticatedProcessingFilterTests {
 
 			private Set<String> roles = new HashSet<>(Arrays.asList(aRoles));
 
+			@Override
 			public boolean isUserInRole(String arg0) {
 				return this.roles.contains(arg0);
 			}
diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/WebXmlJ2eeDefinedRolesRetrieverTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/WebXmlJ2eeDefinedRolesRetrieverTests.java
index 31f1957c9e..9165a69a34 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/WebXmlJ2eeDefinedRolesRetrieverTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/WebXmlJ2eeDefinedRolesRetrieverTests.java
@@ -36,10 +36,12 @@ public class WebXmlJ2eeDefinedRolesRetrieverTests {
 		WebXmlMappableAttributesRetriever rolesRetriever = new WebXmlMappableAttributesRetriever();
 
 		rolesRetriever.setResourceLoader(new ResourceLoader() {
+			@Override
 			public ClassLoader getClassLoader() {
 				return Thread.currentThread().getContextClassLoader();
 			}
 
+			@Override
 			public Resource getResource(String location) {
 				return webXml;
 			}
@@ -55,10 +57,12 @@ public class WebXmlJ2eeDefinedRolesRetrieverTests {
 		final Resource webXml = new ClassPathResource("webxml/NoRoles.web.xml");
 		WebXmlMappableAttributesRetriever rolesRetriever = new WebXmlMappableAttributesRetriever();
 		rolesRetriever.setResourceLoader(new ResourceLoader() {
+			@Override
 			public ClassLoader getClassLoader() {
 				return Thread.currentThread().getContextClassLoader();
 			}
 
+			@Override
 			public Resource getResource(String location) {
 				return webXml;
 			}
diff --git a/web/src/test/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServicesTests.java b/web/src/test/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServicesTests.java
index d6c2569e85..f3a16db337 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServicesTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServicesTests.java
@@ -311,6 +311,7 @@ public class AbstractRememberMeServicesTests {
 	public void cookieTheftExceptionShouldBeRethrown() {
 		MockRememberMeServices services = new MockRememberMeServices(this.uds) {
 
+			@Override
 			protected UserDetails processAutoLoginCookie(String[] cookieTokens, HttpServletRequest request,
 					HttpServletResponse response) {
 				throw new CookieTheftException("Pretending cookie was stolen");
@@ -339,7 +340,7 @@ public class AbstractRememberMeServicesTests {
 
 		// Parameter set to true
 		services = new MockRememberMeServices(this.uds);
-		request.setParameter(MockRememberMeServices.DEFAULT_PARAMETER, "true");
+		request.setParameter(AbstractRememberMeServices.DEFAULT_PARAMETER, "true");
 		services.loginSuccess(request, response, auth);
 		assertThat(services.loginSuccessCalled).isTrue();
 
@@ -352,7 +353,7 @@ public class AbstractRememberMeServicesTests {
 
 		// Parameter set to false
 		services = new MockRememberMeServices(this.uds);
-		request.setParameter(MockRememberMeServices.DEFAULT_PARAMETER, "false");
+		request.setParameter(AbstractRememberMeServices.DEFAULT_PARAMETER, "false");
 		services.loginSuccess(request, response, auth);
 		assertThat(services.loginSuccessCalled).isFalse();
 
@@ -370,6 +371,7 @@ public class AbstractRememberMeServicesTests {
 		request.setContextPath("contextpath");
 		MockRememberMeServices services = new MockRememberMeServices(this.uds) {
 
+			@Override
 			protected String encodeCookie(String[] cookieTokens) {
 				return cookieTokens[0];
 			}
@@ -393,6 +395,7 @@ public class AbstractRememberMeServicesTests {
 
 		MockRememberMeServices services = new MockRememberMeServices(this.uds) {
 
+			@Override
 			protected String encodeCookie(String[] cookieTokens) {
 				return cookieTokens[0];
 			}
@@ -499,11 +502,13 @@ public class AbstractRememberMeServicesTests {
 			this(new MockUserDetailsService(null, false));
 		}
 
+		@Override
 		protected void onLoginSuccess(HttpServletRequest request, HttpServletResponse response,
 				Authentication successfulAuthentication) {
 			this.loginSuccessCalled = true;
 		}
 
+		@Override
 		protected UserDetails processAutoLoginCookie(String[] cookieTokens, HttpServletRequest request,
 				HttpServletResponse response) throws RememberMeAuthenticationException {
 			if (cookieTokens.length != 3) {
@@ -532,6 +537,7 @@ public class AbstractRememberMeServicesTests {
 			this.throwException = throwException;
 		}
 
+		@Override
 		public UserDetails loadUserByUsername(String username) {
 			if (this.throwException) {
 				throw new UsernameNotFoundException("as requested by mock");
diff --git a/web/src/test/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServicesTests.java b/web/src/test/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServicesTests.java
index addb75cb0e..5f21f410e5 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServicesTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServicesTests.java
@@ -147,19 +147,23 @@ public class PersistentTokenBasedRememberMeServicesTests {
 			this.storedToken = token;
 		}
 
+		@Override
 		public void createNewToken(PersistentRememberMeToken token) {
 			this.storedToken = token;
 		}
 
+		@Override
 		public void updateToken(String series, String tokenValue, Date lastUsed) {
 			this.storedToken = new PersistentRememberMeToken(this.storedToken.getUsername(),
 					this.storedToken.getSeries(), tokenValue, lastUsed);
 		}
 
+		@Override
 		public PersistentRememberMeToken getTokenForSeries(String seriesId) {
 			return this.storedToken;
 		}
 
+		@Override
 		public void removeUserTokens(String username) {
 		}
 
diff --git a/web/src/test/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationFilterTests.java
index 8db5ac7cc6..e5892cf3c6 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationFilterTests.java
@@ -122,6 +122,7 @@ public class RememberMeAuthenticationFilterTests {
 
 		RememberMeAuthenticationFilter filter = new RememberMeAuthenticationFilter(am,
 				new MockRememberMeServices(this.remembered)) {
+			@Override
 			protected void onUnsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response,
 					AuthenticationException failed) {
 				super.onUnsuccessfulAuthentication(request, response, failed);
@@ -167,13 +168,16 @@ public class RememberMeAuthenticationFilterTests {
 			this.authToReturn = authToReturn;
 		}
 
+		@Override
 		public Authentication autoLogin(HttpServletRequest request, HttpServletResponse response) {
 			return this.authToReturn;
 		}
 
+		@Override
 		public void loginFail(HttpServletRequest request, HttpServletResponse response) {
 		}
 
+		@Override
 		public void loginSuccess(HttpServletRequest request, HttpServletResponse response,
 				Authentication successfulAuthentication) {
 		}
diff --git a/web/src/test/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServicesTests.java b/web/src/test/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServicesTests.java
index f9e6ed94c4..526b9a0cbe 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServicesTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServicesTests.java
@@ -292,7 +292,7 @@ public class TokenBasedRememberMeServicesTests {
 		// SEC-822
 		this.services.setTokenValiditySeconds(500000000);
 		MockHttpServletRequest request = new MockHttpServletRequest();
-		request.addParameter(TokenBasedRememberMeServices.DEFAULT_PARAMETER, "true");
+		request.addParameter(AbstractRememberMeServices.DEFAULT_PARAMETER, "true");
 
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		this.services.loginSuccess(request, response,
@@ -312,7 +312,7 @@ public class TokenBasedRememberMeServicesTests {
 	@Test
 	public void loginSuccessNormalWithUserDetailsBasedPrincipalSetsExpectedCookie() {
 		MockHttpServletRequest request = new MockHttpServletRequest();
-		request.addParameter(TokenBasedRememberMeServices.DEFAULT_PARAMETER, "true");
+		request.addParameter(AbstractRememberMeServices.DEFAULT_PARAMETER, "true");
 
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		this.services.loginSuccess(request, response,
diff --git a/web/src/test/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilterTests.java
index 3a4b5e401a..5da0d3df2f 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilterTests.java
@@ -553,6 +553,7 @@ public class SwitchUserFilterTests {
 
 		private String password = "hawaii50";
 
+		@Override
 		public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
 			// jacklord, dano (active)
 			// mcgarrett (disabled)
diff --git a/web/src/test/java/org/springframework/security/web/context/AbstractSecurityWebApplicationInitializerTests.java b/web/src/test/java/org/springframework/security/web/context/AbstractSecurityWebApplicationInitializerTests.java
index 89d2238916..dd7f1db152 100644
--- a/web/src/test/java/org/springframework/security/web/context/AbstractSecurityWebApplicationInitializerTests.java
+++ b/web/src/test/java/org/springframework/security/web/context/AbstractSecurityWebApplicationInitializerTests.java
@@ -107,6 +107,7 @@ public class AbstractSecurityWebApplicationInitializerTests {
 		when(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).thenReturn(registration);
 
 		new AbstractSecurityWebApplicationInitializer() {
+			@Override
 			protected boolean enableHttpSessionEventPublisher() {
 				return true;
 			}
@@ -129,6 +130,7 @@ public class AbstractSecurityWebApplicationInitializerTests {
 		when(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).thenReturn(registration);
 
 		new AbstractSecurityWebApplicationInitializer() {
+			@Override
 			protected EnumSet<DispatcherType> getSecurityDispatcherTypes() {
 				return EnumSet.of(DispatcherType.REQUEST, DispatcherType.ERROR, DispatcherType.FORWARD);
 			}
@@ -152,6 +154,7 @@ public class AbstractSecurityWebApplicationInitializerTests {
 		when(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).thenReturn(registration);
 
 		new AbstractSecurityWebApplicationInitializer() {
+			@Override
 			protected String getDispatcherWebApplicationContextSuffix() {
 				return "dispatcher";
 			}
@@ -191,6 +194,7 @@ public class AbstractSecurityWebApplicationInitializerTests {
 		when(context.addFilter(anyString(), eq(filter2))).thenReturn(registration);
 
 		new AbstractSecurityWebApplicationInitializer() {
+			@Override
 			protected void afterSpringSecurityFilterChain(ServletContext servletContext) {
 				insertFilters(context, filter1, filter2);
 			}
@@ -216,6 +220,7 @@ public class AbstractSecurityWebApplicationInitializerTests {
 		when(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).thenReturn(registration);
 
 		assertThatCode(() -> new AbstractSecurityWebApplicationInitializer() {
+			@Override
 			protected void afterSpringSecurityFilterChain(ServletContext servletContext) {
 				insertFilters(context, filter1);
 			}
@@ -238,6 +243,7 @@ public class AbstractSecurityWebApplicationInitializerTests {
 		when(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).thenReturn(registration);
 
 		assertThatCode(() -> new AbstractSecurityWebApplicationInitializer() {
+			@Override
 			protected void afterSpringSecurityFilterChain(ServletContext servletContext) {
 				insertFilters(context);
 			}
@@ -259,6 +265,7 @@ public class AbstractSecurityWebApplicationInitializerTests {
 		when(context.addFilter(anyString(), eq(filter))).thenReturn(registration);
 
 		assertThatCode(() -> new AbstractSecurityWebApplicationInitializer() {
+			@Override
 			protected void afterSpringSecurityFilterChain(ServletContext servletContext) {
 				insertFilters(context, filter, null);
 			}
@@ -282,6 +289,7 @@ public class AbstractSecurityWebApplicationInitializerTests {
 		when(context.addFilter(anyString(), eq(filter2))).thenReturn(registration);
 
 		new AbstractSecurityWebApplicationInitializer() {
+			@Override
 			protected void afterSpringSecurityFilterChain(ServletContext servletContext) {
 				appendFilters(context, filter1, filter2);
 			}
@@ -305,6 +313,7 @@ public class AbstractSecurityWebApplicationInitializerTests {
 		when(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).thenReturn(registration);
 
 		assertThatCode(() -> new AbstractSecurityWebApplicationInitializer() {
+			@Override
 			protected void afterSpringSecurityFilterChain(ServletContext servletContext) {
 				appendFilters(context, filter1);
 			}
@@ -327,6 +336,7 @@ public class AbstractSecurityWebApplicationInitializerTests {
 		when(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).thenReturn(registration);
 
 		assertThatCode(() -> new AbstractSecurityWebApplicationInitializer() {
+			@Override
 			protected void afterSpringSecurityFilterChain(ServletContext servletContext) {
 				appendFilters(context);
 			}
@@ -348,6 +358,7 @@ public class AbstractSecurityWebApplicationInitializerTests {
 		when(context.addFilter(anyString(), eq(filter))).thenReturn(registration);
 
 		assertThatCode(() -> new AbstractSecurityWebApplicationInitializer() {
+			@Override
 			protected void afterSpringSecurityFilterChain(ServletContext servletContext) {
 				appendFilters(context, filter, null);
 			}
diff --git a/web/src/test/java/org/springframework/security/web/context/request/async/WebAsyncManagerIntegrationFilterTests.java b/web/src/test/java/org/springframework/security/web/context/request/async/WebAsyncManagerIntegrationFilterTests.java
index ad49a9e4df..ca1b3b84d6 100644
--- a/web/src/test/java/org/springframework/security/web/context/request/async/WebAsyncManagerIntegrationFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/context/request/async/WebAsyncManagerIntegrationFilterTests.java
@@ -130,6 +130,7 @@ public class WebAsyncManagerIntegrationFilterTests {
 
 		private Thread t;
 
+		@Override
 		public Thread newThread(Runnable r) {
 			this.t = new Thread(r);
 			return this.t;
@@ -143,6 +144,7 @@ public class WebAsyncManagerIntegrationFilterTests {
 
 	private class VerifyingCallable implements Callable<SecurityContext> {
 
+		@Override
 		public SecurityContext call() {
 			return SecurityContextHolder.getContext();
 		}
diff --git a/web/src/test/java/org/springframework/security/web/jaasapi/JaasApiIntegrationFilterTests.java b/web/src/test/java/org/springframework/security/web/jaasapi/JaasApiIntegrationFilterTests.java
index 67c8b2f39d..12027b2e58 100644
--- a/web/src/test/java/org/springframework/security/web/jaasapi/JaasApiIntegrationFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/jaasapi/JaasApiIntegrationFilterTests.java
@@ -100,9 +100,11 @@ public class JaasApiIntegrationFilterTests {
 		};
 		this.testConfiguration = new Configuration() {
 
+			@Override
 			public void refresh() {
 			}
 
+			@Override
 			public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
 				return new AppConfigurationEntry[] { new AppConfigurationEntry(TestLoginModule.class.getName(),
 						LoginModuleControlFlag.REQUIRED, new HashMap<>()) };
@@ -193,6 +195,7 @@ public class JaasApiIntegrationFilterTests {
 	private void assertJaasSubjectEquals(final Subject expectedValue) throws Exception {
 		MockFilterChain chain = new MockFilterChain() {
 
+			@Override
 			public void doFilter(ServletRequest request, ServletResponse response)
 					throws IOException, ServletException {
 				// See if the subject was updated
diff --git a/web/src/test/java/org/springframework/security/web/savedrequest/HttpSessionRequestCacheTests.java b/web/src/test/java/org/springframework/security/web/savedrequest/HttpSessionRequestCacheTests.java
index b950773887..a5f883a2ff 100644
--- a/web/src/test/java/org/springframework/security/web/savedrequest/HttpSessionRequestCacheTests.java
+++ b/web/src/test/java/org/springframework/security/web/savedrequest/HttpSessionRequestCacheTests.java
@@ -110,34 +110,42 @@ public class HttpSessionRequestCacheTests {
 			this.delegate = delegate;
 		}
 
+		@Override
 		public String getRedirectUrl() {
 			return this.delegate.getRedirectUrl();
 		}
 
+		@Override
 		public List<Cookie> getCookies() {
 			return this.delegate.getCookies();
 		}
 
+		@Override
 		public String getMethod() {
 			return this.delegate.getMethod();
 		}
 
+		@Override
 		public List<String> getHeaderValues(String name) {
 			return this.delegate.getHeaderValues(name);
 		}
 
+		@Override
 		public Collection<String> getHeaderNames() {
 			return this.delegate.getHeaderNames();
 		}
 
+		@Override
 		public List<Locale> getLocales() {
 			return this.delegate.getLocales();
 		}
 
+		@Override
 		public String[] getParameterValues(String name) {
 			return this.delegate.getParameterValues(name);
 		}
 
+		@Override
 		public Map<String, String[]> getParameterMap() {
 			return this.delegate.getParameterMap();
 		}
diff --git a/web/src/test/java/org/springframework/security/web/session/HttpSessionEventPublisherTests.java b/web/src/test/java/org/springframework/security/web/session/HttpSessionEventPublisherTests.java
index 09aff5b751..1ddf4f5cec 100644
--- a/web/src/test/java/org/springframework/security/web/session/HttpSessionEventPublisherTests.java
+++ b/web/src/test/java/org/springframework/security/web/session/HttpSessionEventPublisherTests.java
@@ -22,6 +22,7 @@ import org.junit.Test;
 
 import org.springframework.mock.web.MockHttpSession;
 import org.springframework.mock.web.MockServletContext;
+import org.springframework.web.context.WebApplicationContext;
 import org.springframework.web.context.support.StaticWebApplicationContext;
 
 import static org.assertj.core.api.Assertions.assertThat;
@@ -43,7 +44,7 @@ public class HttpSessionEventPublisherTests {
 		StaticWebApplicationContext context = new StaticWebApplicationContext();
 
 		MockServletContext servletContext = new MockServletContext();
-		servletContext.setAttribute(StaticWebApplicationContext.ROOT_WEB_APPLICATION_CONTEXT_ATTRIBUTE, context);
+		servletContext.setAttribute(WebApplicationContext.ROOT_WEB_APPLICATION_CONTEXT_ATTRIBUTE, context);
 
 		context.setServletContext(servletContext);
 		context.registerSingleton("listener", MockApplicationListener.class, null);
diff --git a/web/src/test/java/org/springframework/security/web/session/MockApplicationListener.java b/web/src/test/java/org/springframework/security/web/session/MockApplicationListener.java
index 115641d974..4a4c3cf8d1 100644
--- a/web/src/test/java/org/springframework/security/web/session/MockApplicationListener.java
+++ b/web/src/test/java/org/springframework/security/web/session/MockApplicationListener.java
@@ -40,6 +40,7 @@ public class MockApplicationListener implements ApplicationListener<ApplicationE
 		return this.destroyedEvent;
 	}
 
+	@Override
 	public void onApplicationEvent(ApplicationEvent event) {
 		if (event instanceof HttpSessionCreatedEvent) {
 			this.createdEvent = (HttpSessionCreatedEvent) event;
diff --git a/web/src/test/java/org/springframework/security/web/util/ThrowableAnalyzerTests.java b/web/src/test/java/org/springframework/security/web/util/ThrowableAnalyzerTests.java
index 10aa4a20f3..390aae5c85 100644
--- a/web/src/test/java/org/springframework/security/web/util/ThrowableAnalyzerTests.java
+++ b/web/src/test/java/org/springframework/security/web/util/ThrowableAnalyzerTests.java
@@ -56,6 +56,7 @@ public class ThrowableAnalyzerTests {
 	 */
 	public static final class NonStandardExceptionCauseExtractor implements ThrowableCauseExtractor {
 
+		@Override
 		public Throwable extractCause(Throwable throwable) {
 			ThrowableAnalyzer.verifyThrowableHierarchy(throwable, NonStandardException.class);
 			return ((NonStandardException) throwable).resolveCause();

From 418c3d6808b13e2093d2968e1f07f11cc747bc2d Mon Sep 17 00:00:00 2001
From: Phillip Webb <pwebb@vmware.com>
Date: Wed, 5 Aug 2020 20:56:42 -0700
Subject: [PATCH 20/84] Avoid inner assignments

Replace code of the form `a = b =c` with distinct statements. Although
this results in more lines of code, they are usually easier to
understand.

Issue gh-8945
---
 .../security/acls/domain/AclAuthorizationStrategyImpl.java  | 4 +++-
 .../security/authentication/ProviderManager.java            | 6 ++++--
 etc/checkstyle/checkstyle-suppressions.xml                  | 1 -
 .../client/userinfo/CustomUserTypesOAuth2UserService.java   | 4 ++--
 .../remoting/rmi/ContextPropagatingRemoteInvocation.java    | 3 ++-
 5 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/acl/src/main/java/org/springframework/security/acls/domain/AclAuthorizationStrategyImpl.java b/acl/src/main/java/org/springframework/security/acls/domain/AclAuthorizationStrategyImpl.java
index ea0d831644..92e621bc2d 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/AclAuthorizationStrategyImpl.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/AclAuthorizationStrategyImpl.java
@@ -73,7 +73,9 @@ public class AclAuthorizationStrategyImpl implements AclAuthorizationStrategy {
 			this.gaGeneralChanges = auths[2];
 		}
 		else {
-			this.gaTakeOwnership = this.gaModifyAuditing = this.gaGeneralChanges = auths[0];
+			this.gaTakeOwnership = auths[0];
+			this.gaModifyAuditing = auths[0];
+			this.gaGeneralChanges = auths[0];
 		}
 	}
 
diff --git a/core/src/main/java/org/springframework/security/authentication/ProviderManager.java b/core/src/main/java/org/springframework/security/authentication/ProviderManager.java
index 79b07a7d37..d7054dd37d 100644
--- a/core/src/main/java/org/springframework/security/authentication/ProviderManager.java
+++ b/core/src/main/java/org/springframework/security/authentication/ProviderManager.java
@@ -202,7 +202,8 @@ public class ProviderManager implements AuthenticationManager, MessageSourceAwar
 		if (result == null && this.parent != null) {
 			// Allow the parent to try.
 			try {
-				result = parentResult = this.parent.authenticate(authentication);
+				parentResult = this.parent.authenticate(authentication);
+				result = parentResult;
 			}
 			catch (ProviderNotFoundException e) {
 				// ignore as we will throw below if no other exception occurred prior to
@@ -211,7 +212,8 @@ public class ProviderManager implements AuthenticationManager, MessageSourceAwar
 				// handled the request
 			}
 			catch (AuthenticationException e) {
-				lastException = parentException = e;
+				parentException = e;
+				lastException = e;
 			}
 		}
 
diff --git a/etc/checkstyle/checkstyle-suppressions.xml b/etc/checkstyle/checkstyle-suppressions.xml
index fc3a5e9cc4..839b07e350 100644
--- a/etc/checkstyle/checkstyle-suppressions.xml
+++ b/etc/checkstyle/checkstyle-suppressions.xml
@@ -3,7 +3,6 @@
 		"-//Checkstyle//DTD SuppressionFilter Configuration 1.2//EN"
 		"https://checkstyle.org/dtds/suppressions_1_2.dtd">
 <suppressions>
-	<suppress files=".*" checks="InnerAssignment" />
 	<suppress files=".*" checks="InnerTypeLast" />
 	<suppress files=".*" checks="InterfaceIsType" />
 	<suppress files=".*" checks="JavadocMethod" />
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/CustomUserTypesOAuth2UserService.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/CustomUserTypesOAuth2UserService.java
index b830f6bb6f..a4ec0ba734 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/CustomUserTypesOAuth2UserService.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/CustomUserTypesOAuth2UserService.java
@@ -83,8 +83,8 @@ public class CustomUserTypesOAuth2UserService implements OAuth2UserService<OAuth
 	public OAuth2User loadUser(OAuth2UserRequest userRequest) throws OAuth2AuthenticationException {
 		Assert.notNull(userRequest, "userRequest cannot be null");
 		String registrationId = userRequest.getClientRegistration().getRegistrationId();
-		Class<? extends OAuth2User> customUserType;
-		if ((customUserType = this.customUserTypes.get(registrationId)) == null) {
+		Class<? extends OAuth2User> customUserType = this.customUserTypes.get(registrationId);
+		if (customUserType == null) {
 			return null;
 		}
 
diff --git a/remoting/src/main/java/org/springframework/security/remoting/rmi/ContextPropagatingRemoteInvocation.java b/remoting/src/main/java/org/springframework/security/remoting/rmi/ContextPropagatingRemoteInvocation.java
index 844fd6ec42..a5f37c60c8 100644
--- a/remoting/src/main/java/org/springframework/security/remoting/rmi/ContextPropagatingRemoteInvocation.java
+++ b/remoting/src/main/java/org/springframework/security/remoting/rmi/ContextPropagatingRemoteInvocation.java
@@ -68,7 +68,8 @@ public class ContextPropagatingRemoteInvocation extends RemoteInvocation {
 			this.credentials = userCredentials == null ? null : userCredentials.toString();
 		}
 		else {
-			this.principal = this.credentials = null;
+			this.credentials = null;
+			this.principal = null;
 		}
 
 		if (logger.isDebugEnabled()) {

From a2f2e9ac8db43226376538fbbb18c5927e224b36 Mon Sep 17 00:00:00 2001
From: Phillip Webb <pwebb@vmware.com>
Date: Sun, 26 Jul 2020 13:35:03 -0700
Subject: [PATCH 21/84] Move inner-types so that they are always last

Move all inner-types so that they are consistently the last item
defined. This aligns with the style used by Spring Framework and
the consistency generally makes it easier to scan the source.

Issue gh-8945
---
 .../acls/jdbc/JdbcMutableAclServiceTests.java |   16 +-
 ...onProviderBuilderSecurityBuilderTests.java |  152 +-
 .../LdapAuthenticationProviderConfigurer.java |   30 +-
 .../annotation/rsocket/RSocketSecurity.java   |  250 +-
 .../annotation/web/builders/HttpSecurity.java |   36 +-
 .../annotation/web/builders/WebSecurity.java  |   60 +-
 .../WebSecurityConfiguration.java             |   58 +-
 .../AbstractInterceptUrlConfigurer.java       |   76 +-
 .../ExpressionUrlAuthorizationConfigurer.java |  110 +-
 .../web/configurers/HeadersConfigurer.java    |  702 ++---
 .../SessionManagementConfigurer.java          |  276 +-
 .../UrlAuthorizationConfigurer.java           |   84 +-
 .../oauth2/client/OAuth2ClientConfigurer.java |   20 +-
 .../oauth2/client/OAuth2LoginConfigurer.java  |  422 +--
 .../OAuth2ResourceServerConfigurer.java       |  128 +-
 ...MessageSecurityMetadataSourceRegistry.java |   46 +-
 ...urityWebSocketMessageBrokerConfigurer.java |   38 +-
 .../config/web/server/ServerHttpSecurity.java | 2312 ++++++++---------
 .../AuthenticationManagerBuilderTests.java    |  104 +-
 .../NamespaceAuthenticationManagerTests.java  |   42 +-
 .../NamespaceAuthenticationProviderTests.java |   16 +-
 .../NamespaceJdbcUserServiceTests.java        |   14 +-
 .../NamespacePasswordEncoderTests.java        |   28 +-
 .../PasswordEncoderConfigurerTests.java       |   14 +-
 .../AuthenticationConfigurationTests.java     |  393 ++-
 .../EnableGlobalAuthenticationTests.java      |   40 +-
 ...reBeanFactoryObjectPostProcessorTests.java |   38 +-
 ...lobalMethodSecurityConfigurationTests.java |  431 ++-
 .../NamespaceGlobalMethodSecurityTests.java   |  420 ++-
 ...ctiveMethodSecurityConfigurationTests.java |   22 +-
 ...SampleEnableGlobalMethodSecurityTests.java |   20 +-
 .../annotation/sec2758/Sec2758Tests.java      |   24 +-
 ...RequestMatcherRegistryAnyMatcherTests.java |   66 +-
 ...mpleWebSecurityConfigurerAdapterTests.java |  200 +-
 ...curityConfigurerAdapterPowermockTests.java |   42 +-
 .../WebSecurityConfigurerAdapterTests.java    |  258 +-
 .../web/builders/HttpConfigurationTests.java  |   44 +-
 .../web/builders/NamespaceHttpTests.java      |  412 +--
 .../web/builders/WebSecurityTests.java        |   88 +-
 .../configuration/EnableWebSecurityTests.java |   84 +-
 .../HttpSecurityConfigurationTests.java       |   60 +-
 .../OAuth2ClientConfigurationTests.java       |  166 +-
 .../web/configuration/Sec2515Tests.java       |   55 +-
 .../WebSecurityConfigurationTests.java        |  372 +--
 .../configurers/AnonymousConfigurerTests.java |   42 +-
 .../configurers/AuthorizeRequestsTests.java   |  642 ++---
 .../ChannelSecurityConfigurerTests.java       |   28 +-
 .../web/configurers/CorsConfigurerTests.java  |  236 +-
 ...onfigurerIgnoringRequestMatchersTests.java |   68 +-
 .../CsrfConfigurerNoWebMvcTests.java          |   14 +-
 .../web/configurers/CsrfConfigurerTests.java  |  482 ++--
 .../web/configurers/DefaultFiltersTests.java  |  108 +-
 .../DefaultLoginPageConfigurerTests.java      |  292 +--
 ...ingConfigurerAccessDeniedHandlerTests.java |   40 +-
 .../ExceptionHandlingConfigurerTests.java     |  130 +-
 ...essionUrlAuthorizationConfigurerTests.java |  742 +++---
 .../configurers/FormLoginConfigurerTests.java |  384 +--
 .../HeadersConfigurerEagerHeadersTests.java   |   24 +-
 .../configurers/HeadersConfigurerTests.java   |  816 +++---
 .../configurers/HttpBasicConfigurerTests.java |   92 +-
 .../HttpSecurityAntMatchersTests.java         |   38 +-
 .../configurers/HttpSecurityLogoutTests.java  |   16 +-
 .../HttpSecurityRequestMatchersTests.java     |  226 +-
 .../web/configurers/Issue55Tests.java         |   60 +-
 .../web/configurers/JeeConfigurerTests.java   |  114 +-
 .../configurers/LogoutConfigurerTests.java    |  410 +--
 .../web/configurers/NamespaceDebugTests.java  |   20 +-
 .../NamespaceHttpAnonymousTests.java          |   48 +-
 .../configurers/NamespaceHttpBasicTests.java  |  168 +-
 .../NamespaceHttpCustomFilterTests.java       |   62 +-
 .../NamespaceHttpExpressionHandlerTests.java  |    8 +-
 .../NamespaceHttpFirewallTests.java           |   24 +-
 .../NamespaceHttpFormLoginTests.java          |   60 +-
 .../NamespaceHttpHeadersTests.java            |  327 ++-
 .../NamespaceHttpInterceptUrlTests.java       |    8 +-
 .../configurers/NamespaceHttpJeeTests.java    |   50 +-
 .../configurers/NamespaceHttpLogoutTests.java |  134 +-
 .../NamespaceHttpOpenIDLoginTests.java        |  106 +-
 .../NamespaceHttpRequestCacheTests.java       |   30 +-
 ...aceHttpServerAccessDeniedHandlerTests.java |   68 +-
 .../configurers/NamespaceHttpX509Tests.java   |  104 +-
 .../configurers/NamespaceRememberMeTests.java |  309 ++-
 .../NamespaceSessionManagementTests.java      |  196 +-
 .../configurers/PermitAllSupportTests.java    |   14 +-
 .../PortMapperConfigurerTests.java            |   28 +-
 .../RememberMeConfigurerTests.java            |  292 +--
 .../RequestCacheConfigurerTests.java          |  190 +-
 .../RequestMatcherConfigurerTests.java        |   16 +-
 .../SecurityContextConfigurerTests.java       |   90 +-
 .../ServletApiConfigurerTests.java            |  242 +-
 ...ionManagementConfigurerServlet31Tests.java |   36 +-
 ...tConfigurerSessionCreationPolicyTests.java |   40 +-
 .../SessionManagementConfigurerTests.java     |  432 +--
 .../UrlAuthorizationConfigurerTests.java      |   98 +-
 .../configurers/UrlAuthorizationsTests.java   |   38 +-
 .../web/configurers/X509ConfigurerTests.java  |   68 +-
 .../client/OAuth2LoginConfigurerTests.java    |   62 +-
 .../OAuth2ResourceServerConfigurerTests.java  |  168 +-
 .../openid/OpenIDLoginConfigurerTests.java    |  214 +-
 .../saml2/Saml2LoginConfigurerTests.java      |   76 +-
 .../reactive/EnableWebFluxSecurityTests.java  |  162 +-
 ...WebSocketMessageBrokerConfigurerTests.java |  326 +--
 .../security/config/http/CsrfConfigTests.java |   42 +-
 .../config/http/FormLoginConfigTests.java     |   36 +-
 .../security/config/http/HttpConfigTests.java |    8 +-
 .../config/http/HttpCorsConfigTests.java      |   46 +-
 .../config/http/HttpHeadersConfigTests.java   |   20 +-
 .../config/http/InterceptUrlConfigTests.java  |   28 +-
 .../config/http/MiscHttpConfigTests.java      |  106 +-
 .../http/MultiHttpBlockConfigTests.java       |    8 +-
 ...OAuth2ClientBeanDefinitionParserTests.java |   22 +-
 .../OAuth2LoginBeanDefinitionParserTests.java |    8 +-
 ...sourceServerBeanDefinitionParserTests.java |  152 +-
 .../config/http/OpenIDConfigTests.java        |   20 +-
 .../http/PlaceHolderAndELConfigTests.java     |    8 +-
 .../config/http/RememberMeConfigTests.java    |   20 +-
 ...yContextHolderAwareRequestConfigTests.java |    8 +-
 .../http/SessionManagementConfigTests.java    |  166 +-
 ...entConfigTransientAuthenticationTests.java |    8 +-
 ...thodSecurityBeanDefinitionParserTests.java |   16 +-
 .../config/web/server/FormLoginTests.java     |   12 +-
 .../web/server/OAuth2ClientSpecTests.java     |  152 +-
 .../config/web/server/OAuth2LoginTests.java   |  342 +--
 .../server/OAuth2ResourceServerSpecTests.java |   96 +-
 ...bTestClientHtmlUnitDriverBuilderTests.java |   28 +-
 .../security/core/userdetails/User.java       |   46 +-
 .../dao/DaoAuthenticationProviderTests.java   |   12 +-
 etc/checkstyle/checkstyle-suppressions.xml    |    1 -
 .../server/UnboundIdContainerLdifTests.java   |   80 +-
 ...icationPrincipalArgumentResolverTests.java |   12 +-
 .../handler/invocation/ResolvableMethod.java  |   92 +-
 ...OAuth2AuthorizedClientProviderBuilder.java |  342 +--
 ...OAuth2AuthorizedClientProviderBuilder.java |  250 +-
 ...ientOAuth2AuthorizationFailureHandler.java |   46 +-
 ...tiveOAuth2AuthorizationFailureHandler.java |   52 +-
 .../registration/ClientRegistration.java      |   44 +-
 .../registration/ClientRegistrations.java     |   14 +-
 ...uthorizedClientExchangeFilterFunction.java |   14 +-
 ...uthorizedClientExchangeFilterFunction.java |   14 +-
 .../oauth2/jwt/NimbusReactiveJwtDecoder.java  |   26 +-
 .../OpenSamlAuthenticationProvider.java       |   32 +-
 .../RelyingPartyRegistration.java             |   90 +-
 .../ReactorContextTestExecutionListener.java  |   16 +-
 .../showcase/WithUserDetailsTests.java        |    8 +-
 ...ctorContextTestExecutionListenerTests.java |   40 +-
 .../support/WithAnonymousUserTests.java       |   20 +-
 .../context/support/WithMockUserTests.java    |   20 +-
 .../context/support/WithUserDetailsTests.java |   20 +-
 ...MockMvcRequestPostProcessorsCsrfTests.java |    8 +-
 .../HttpSessionSecurityContextRepository.java |   30 +-
 .../writers/ClearSiteDataHeaderWriter.java    |   28 +-
 .../authentication/SwitchUserWebFilter.java   |   16 +-
 ...geDelegatingServerAccessDeniedHandler.java |   10 +-
 .../web/reactive/server/WebTestHandler.java   |    8 +-
 .../expression/WebExpressionVoterTests.java   |   16 +-
 ...DefaultLoginPageGeneratingFilterTests.java |   39 +-
 ...icationPrincipalArgumentResolverTests.java |   12 +-
 ...ecurityWebApplicationInitializerTests.java |   10 +-
 .../security/web/method/ResolvableMethod.java |   92 +-
 ...icationPrincipalArgumentResolverTests.java |   12 +-
 ...tSecurityContextArgumentResolverTests.java |   34 +-
 ...tSecurityContextArgumentResolverTests.java |    8 +-
 .../web/util/ThrowableAnalyzerTests.java      |   66 +-
 163 files changed, 10287 insertions(+), 10332 deletions(-)

diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTests.java b/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTests.java
index dd227be3c0..61f8388499 100644
--- a/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTests.java
@@ -544,6 +544,14 @@ public class JdbcMutableAclServiceTests extends AbstractTransactionalJUnit4Sprin
 		assertThat(new Long(1L)).isEqualTo(result);
 	}
 
+	protected Authentication getAuth() {
+		return this.auth;
+	}
+
+	protected JdbcMutableAclService getJdbcMutableAclService() {
+		return this.jdbcMutableAclService;
+	}
+
 	/**
 	 * This class needed to show how to extend {@link JdbcMutableAclService} for
 	 * processing custom {@link Sid} implementations
@@ -573,12 +581,4 @@ public class JdbcMutableAclServiceTests extends AbstractTransactionalJUnit4Sprin
 
 	}
 
-	protected Authentication getAuth() {
-		return this.auth;
-	}
-
-	protected JdbcMutableAclService getJdbcMutableAclService() {
-		return this.jdbcMutableAclService;
-	}
-
 }
diff --git a/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/LdapAuthenticationProviderBuilderSecurityBuilderTests.java b/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/LdapAuthenticationProviderBuilderSecurityBuilderTests.java
index 0eefa06350..2e0ab5882d 100644
--- a/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/LdapAuthenticationProviderBuilderSecurityBuilderTests.java
+++ b/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/LdapAuthenticationProviderBuilderSecurityBuilderTests.java
@@ -53,6 +53,8 @@ import static org.springframework.security.test.web.servlet.response.SecurityMoc
 
 public class LdapAuthenticationProviderBuilderSecurityBuilderTests {
 
+	static Integer port;
+
 	@Rule
 	public final SpringTestRule spring = new SpringTestRule();
 
@@ -76,6 +78,80 @@ public class LdapAuthenticationProviderBuilderSecurityBuilderTests {
 		assertThat(ReflectionTestUtils.getField(getAuthoritiesMapper(provider), "prefix")).isEqualTo("ROLE_");
 	}
 
+	@Test
+	public void groupRolesCustom() {
+		this.spring.register(GroupRolesConfig.class).autowire();
+		LdapAuthenticationProvider provider = ldapProvider();
+
+		assertThat(ReflectionTestUtils.getField(getAuthoritiesPopulator(provider), "groupRoleAttribute"))
+				.isEqualTo("group");
+	}
+
+	@Test
+	public void groupSearchCustom() {
+		this.spring.register(GroupSearchConfig.class).autowire();
+		LdapAuthenticationProvider provider = ldapProvider();
+
+		assertThat(ReflectionTestUtils.getField(getAuthoritiesPopulator(provider), "groupSearchFilter"))
+				.isEqualTo("ou=groupName");
+	}
+
+	@Test
+	public void groupSubtreeSearchCustom() {
+		this.spring.register(GroupSubtreeSearchConfig.class).autowire();
+		LdapAuthenticationProvider provider = ldapProvider();
+
+		assertThat(ReflectionTestUtils.getField(getAuthoritiesPopulator(provider), "searchControls"))
+				.extracting("searchScope").isEqualTo(SearchControls.SUBTREE_SCOPE);
+	}
+
+	@Test
+	public void rolePrefixCustom() {
+		this.spring.register(RolePrefixConfig.class).autowire();
+		LdapAuthenticationProvider provider = ldapProvider();
+
+		assertThat(ReflectionTestUtils.getField(getAuthoritiesMapper(provider), "prefix")).isEqualTo("role_");
+	}
+
+	@Test
+	public void bindAuthentication() throws Exception {
+		this.spring.register(BindAuthenticationConfig.class).autowire();
+
+		this.mockMvc.perform(formLogin().user("bob").password("bobspassword")).andExpect(authenticated()
+				.withUsername("bob").withAuthorities(singleton(new SimpleGrantedAuthority("ROLE_DEVELOPERS"))));
+	}
+
+	// SEC-2472
+	@Test
+	public void canUseCryptoPasswordEncoder() throws Exception {
+		this.spring.register(PasswordEncoderConfig.class).autowire();
+
+		this.mockMvc.perform(formLogin().user("bcrypt").password("password")).andExpect(authenticated()
+				.withUsername("bcrypt").withAuthorities(singleton(new SimpleGrantedAuthority("ROLE_DEVELOPERS"))));
+	}
+
+	private LdapAuthenticationProvider ldapProvider() {
+		return ((List<LdapAuthenticationProvider>) ReflectionTestUtils.getField(this.authenticationManager,
+				"providers")).get(0);
+	}
+
+	private LdapAuthoritiesPopulator getAuthoritiesPopulator(LdapAuthenticationProvider provider) {
+		return (LdapAuthoritiesPopulator) ReflectionTestUtils.getField(provider, "authoritiesPopulator");
+	}
+
+	private GrantedAuthoritiesMapper getAuthoritiesMapper(LdapAuthenticationProvider provider) {
+		return (GrantedAuthoritiesMapper) ReflectionTestUtils.getField(provider, "authoritiesMapper");
+	}
+
+	static int getPort() throws IOException {
+		if (port == null) {
+			ServerSocket socket = new ServerSocket(0);
+			port = socket.getLocalPort();
+			socket.close();
+		}
+		return port;
+	}
+
 	@EnableWebSecurity
 	static class DefaultLdapConfig extends BaseLdapProviderConfig {
 
@@ -91,15 +167,6 @@ public class LdapAuthenticationProviderBuilderSecurityBuilderTests {
 
 	}
 
-	@Test
-	public void groupRolesCustom() {
-		this.spring.register(GroupRolesConfig.class).autowire();
-		LdapAuthenticationProvider provider = ldapProvider();
-
-		assertThat(ReflectionTestUtils.getField(getAuthoritiesPopulator(provider), "groupRoleAttribute"))
-				.isEqualTo("group");
-	}
-
 	@EnableWebSecurity
 	static class GroupRolesConfig extends BaseLdapProviderConfig {
 
@@ -116,15 +183,6 @@ public class LdapAuthenticationProviderBuilderSecurityBuilderTests {
 
 	}
 
-	@Test
-	public void groupSearchCustom() {
-		this.spring.register(GroupSearchConfig.class).autowire();
-		LdapAuthenticationProvider provider = ldapProvider();
-
-		assertThat(ReflectionTestUtils.getField(getAuthoritiesPopulator(provider), "groupSearchFilter"))
-				.isEqualTo("ou=groupName");
-	}
-
 	@EnableWebSecurity
 	static class GroupSearchConfig extends BaseLdapProviderConfig {
 
@@ -141,15 +199,6 @@ public class LdapAuthenticationProviderBuilderSecurityBuilderTests {
 
 	}
 
-	@Test
-	public void groupSubtreeSearchCustom() {
-		this.spring.register(GroupSubtreeSearchConfig.class).autowire();
-		LdapAuthenticationProvider provider = ldapProvider();
-
-		assertThat(ReflectionTestUtils.getField(getAuthoritiesPopulator(provider), "searchControls"))
-				.extracting("searchScope").isEqualTo(SearchControls.SUBTREE_SCOPE);
-	}
-
 	@EnableWebSecurity
 	static class GroupSubtreeSearchConfig extends BaseLdapProviderConfig {
 
@@ -167,14 +216,6 @@ public class LdapAuthenticationProviderBuilderSecurityBuilderTests {
 
 	}
 
-	@Test
-	public void rolePrefixCustom() {
-		this.spring.register(RolePrefixConfig.class).autowire();
-		LdapAuthenticationProvider provider = ldapProvider();
-
-		assertThat(ReflectionTestUtils.getField(getAuthoritiesMapper(provider), "prefix")).isEqualTo("role_");
-	}
-
 	@EnableWebSecurity
 	static class RolePrefixConfig extends BaseLdapProviderConfig {
 
@@ -191,14 +232,6 @@ public class LdapAuthenticationProviderBuilderSecurityBuilderTests {
 
 	}
 
-	@Test
-	public void bindAuthentication() throws Exception {
-		this.spring.register(BindAuthenticationConfig.class).autowire();
-
-		this.mockMvc.perform(formLogin().user("bob").password("bobspassword")).andExpect(authenticated()
-				.withUsername("bob").withAuthorities(singleton(new SimpleGrantedAuthority("ROLE_DEVELOPERS"))));
-	}
-
 	@EnableWebSecurity
 	static class BindAuthenticationConfig extends BaseLdapServerConfig {
 
@@ -216,15 +249,6 @@ public class LdapAuthenticationProviderBuilderSecurityBuilderTests {
 
 	}
 
-	// SEC-2472
-	@Test
-	public void canUseCryptoPasswordEncoder() throws Exception {
-		this.spring.register(PasswordEncoderConfig.class).autowire();
-
-		this.mockMvc.perform(formLogin().user("bcrypt").password("password")).andExpect(authenticated()
-				.withUsername("bcrypt").withAuthorities(singleton(new SimpleGrantedAuthority("ROLE_DEVELOPERS"))));
-	}
-
 	@EnableWebSecurity
 	static class PasswordEncoderConfig extends BaseLdapServerConfig {
 
@@ -243,19 +267,6 @@ public class LdapAuthenticationProviderBuilderSecurityBuilderTests {
 
 	}
 
-	private LdapAuthenticationProvider ldapProvider() {
-		return ((List<LdapAuthenticationProvider>) ReflectionTestUtils.getField(this.authenticationManager,
-				"providers")).get(0);
-	}
-
-	private LdapAuthoritiesPopulator getAuthoritiesPopulator(LdapAuthenticationProvider provider) {
-		return (LdapAuthoritiesPopulator) ReflectionTestUtils.getField(provider, "authoritiesPopulator");
-	}
-
-	private GrantedAuthoritiesMapper getAuthoritiesMapper(LdapAuthenticationProvider provider) {
-		return (GrantedAuthoritiesMapper) ReflectionTestUtils.getField(provider, "authoritiesMapper");
-	}
-
 	@EnableWebSecurity
 	static abstract class BaseLdapServerConfig extends BaseLdapProviderConfig {
 
@@ -295,15 +306,4 @@ public class LdapAuthenticationProviderBuilderSecurityBuilderTests {
 
 	}
 
-	static Integer port;
-
-	static int getPort() throws IOException {
-		if (port == null) {
-			ServerSocket socket = new ServerSocket(0);
-			port = socket.getLocalPort();
-			socket.close();
-		}
-		return port;
-	}
-
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/ldap/LdapAuthenticationProviderConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/ldap/LdapAuthenticationProviderConfigurer.java
index 60196d9fc7..0db78b0c52 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/ldap/LdapAuthenticationProviderConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/ldap/LdapAuthenticationProviderConfigurer.java
@@ -379,6 +379,21 @@ public class LdapAuthenticationProviderConfigurer<B extends ProviderManagerBuild
 		builder.authenticationProvider(provider);
 	}
 
+	private BaseLdapPathContextSource getContextSource() throws Exception {
+		if (this.contextSource == null) {
+			this.contextSource = this.contextSourceBuilder.build();
+		}
+		return this.contextSource;
+	}
+
+	/**
+	 * @return the {@link PasswordCompareConfigurer} for further customizations
+	 */
+	public PasswordCompareConfigurer passwordCompare() {
+		return new PasswordCompareConfigurer().passwordAttribute("password")
+				.passwordEncoder(NoOpPasswordEncoder.getInstance());
+	}
+
 	/**
 	 * Sets up Password based comparison
 	 *
@@ -597,19 +612,4 @@ public class LdapAuthenticationProviderConfigurer<B extends ProviderManagerBuild
 
 	}
 
-	private BaseLdapPathContextSource getContextSource() throws Exception {
-		if (this.contextSource == null) {
-			this.contextSource = this.contextSourceBuilder.build();
-		}
-		return this.contextSource;
-	}
-
-	/**
-	 * @return the {@link PasswordCompareConfigurer} for further customizations
-	 */
-	public PasswordCompareConfigurer passwordCompare() {
-		return new PasswordCompareConfigurer().passwordAttribute("password")
-				.passwordEncoder(NoOpPasswordEncoder.getInstance());
-	}
-
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/rsocket/RSocketSecurity.java b/config/src/main/java/org/springframework/security/config/annotation/rsocket/RSocketSecurity.java
index b55fd0e1de..ab47073dab 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/rsocket/RSocketSecurity.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/rsocket/RSocketSecurity.java
@@ -161,38 +161,6 @@ public class RSocketSecurity {
 		return this;
 	}
 
-	/**
-	 * @since 5.3
-	 */
-	public final class SimpleAuthenticationSpec {
-
-		private ReactiveAuthenticationManager authenticationManager;
-
-		public SimpleAuthenticationSpec authenticationManager(ReactiveAuthenticationManager authenticationManager) {
-			this.authenticationManager = authenticationManager;
-			return this;
-		}
-
-		private ReactiveAuthenticationManager getAuthenticationManager() {
-			if (this.authenticationManager == null) {
-				return RSocketSecurity.this.authenticationManager;
-			}
-			return this.authenticationManager;
-		}
-
-		protected AuthenticationPayloadInterceptor build() {
-			ReactiveAuthenticationManager manager = getAuthenticationManager();
-			AuthenticationPayloadInterceptor result = new AuthenticationPayloadInterceptor(manager);
-			result.setAuthenticationConverter(new AuthenticationPayloadExchangeConverter());
-			result.setOrder(PayloadInterceptorOrder.AUTHENTICATION.getOrder());
-			return result;
-		}
-
-		private SimpleAuthenticationSpec() {
-		}
-
-	}
-
 	/**
 	 * Adds authentication with BasicAuthenticationPayloadExchangeConverter.
 	 * @param basic
@@ -208,34 +176,6 @@ public class RSocketSecurity {
 		return this;
 	}
 
-	public final class BasicAuthenticationSpec {
-
-		private ReactiveAuthenticationManager authenticationManager;
-
-		public BasicAuthenticationSpec authenticationManager(ReactiveAuthenticationManager authenticationManager) {
-			this.authenticationManager = authenticationManager;
-			return this;
-		}
-
-		private ReactiveAuthenticationManager getAuthenticationManager() {
-			if (this.authenticationManager == null) {
-				return RSocketSecurity.this.authenticationManager;
-			}
-			return this.authenticationManager;
-		}
-
-		protected AuthenticationPayloadInterceptor build() {
-			ReactiveAuthenticationManager manager = getAuthenticationManager();
-			AuthenticationPayloadInterceptor result = new AuthenticationPayloadInterceptor(manager);
-			result.setOrder(PayloadInterceptorOrder.AUTHENTICATION.getOrder());
-			return result;
-		}
-
-		private BasicAuthenticationSpec() {
-		}
-
-	}
-
 	public RSocketSecurity jwt(Customizer<JwtSpec> jwt) {
 		if (this.jwtSpec == null) {
 			this.jwtSpec = new JwtSpec();
@@ -244,45 +184,6 @@ public class RSocketSecurity {
 		return this;
 	}
 
-	public final class JwtSpec {
-
-		private ReactiveAuthenticationManager authenticationManager;
-
-		public JwtSpec authenticationManager(ReactiveAuthenticationManager authenticationManager) {
-			this.authenticationManager = authenticationManager;
-			return this;
-		}
-
-		private ReactiveAuthenticationManager getAuthenticationManager() {
-			if (this.authenticationManager != null) {
-				return this.authenticationManager;
-			}
-			ReactiveJwtDecoder jwtDecoder = getBeanOrNull(ReactiveJwtDecoder.class);
-			if (jwtDecoder != null) {
-				this.authenticationManager = new JwtReactiveAuthenticationManager(jwtDecoder);
-				return this.authenticationManager;
-			}
-			return RSocketSecurity.this.authenticationManager;
-		}
-
-		protected List<AuthenticationPayloadInterceptor> build() {
-			ReactiveAuthenticationManager manager = getAuthenticationManager();
-			AuthenticationPayloadInterceptor legacy = new AuthenticationPayloadInterceptor(manager);
-			legacy.setAuthenticationConverter(new BearerPayloadExchangeConverter());
-			legacy.setOrder(PayloadInterceptorOrder.AUTHENTICATION.getOrder());
-
-			AuthenticationPayloadInterceptor standard = new AuthenticationPayloadInterceptor(manager);
-			standard.setAuthenticationConverter(new AuthenticationPayloadExchangeConverter());
-			standard.setOrder(PayloadInterceptorOrder.AUTHENTICATION.getOrder());
-
-			return Arrays.asList(standard, legacy);
-		}
-
-		private JwtSpec() {
-		}
-
-	}
-
 	public RSocketSecurity authorizePayload(Customizer<AuthorizePayloadsSpec> authorize) {
 		if (this.authorizePayload == null) {
 			this.authorizePayload = new AuthorizePayloadsSpec();
@@ -326,6 +227,131 @@ public class RSocketSecurity {
 		return result;
 	}
 
+	private <T> T getBean(Class<T> beanClass) {
+		if (this.context == null) {
+			return null;
+		}
+		return this.context.getBean(beanClass);
+	}
+
+	private <T> T getBeanOrNull(Class<T> beanClass) {
+		return getBeanOrNull(ResolvableType.forClass(beanClass));
+	}
+
+	private <T> T getBeanOrNull(ResolvableType type) {
+		if (this.context == null) {
+			return null;
+		}
+		String[] names = this.context.getBeanNamesForType(type);
+		if (names.length == 1) {
+			return (T) this.context.getBean(names[0]);
+		}
+		return null;
+	}
+
+	protected void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
+		this.context = applicationContext;
+	}
+
+	/**
+	 * @since 5.3
+	 */
+	public final class SimpleAuthenticationSpec {
+
+		private ReactiveAuthenticationManager authenticationManager;
+
+		public SimpleAuthenticationSpec authenticationManager(ReactiveAuthenticationManager authenticationManager) {
+			this.authenticationManager = authenticationManager;
+			return this;
+		}
+
+		private ReactiveAuthenticationManager getAuthenticationManager() {
+			if (this.authenticationManager == null) {
+				return RSocketSecurity.this.authenticationManager;
+			}
+			return this.authenticationManager;
+		}
+
+		protected AuthenticationPayloadInterceptor build() {
+			ReactiveAuthenticationManager manager = getAuthenticationManager();
+			AuthenticationPayloadInterceptor result = new AuthenticationPayloadInterceptor(manager);
+			result.setAuthenticationConverter(new AuthenticationPayloadExchangeConverter());
+			result.setOrder(PayloadInterceptorOrder.AUTHENTICATION.getOrder());
+			return result;
+		}
+
+		private SimpleAuthenticationSpec() {
+		}
+
+	}
+
+	public final class BasicAuthenticationSpec {
+
+		private ReactiveAuthenticationManager authenticationManager;
+
+		public BasicAuthenticationSpec authenticationManager(ReactiveAuthenticationManager authenticationManager) {
+			this.authenticationManager = authenticationManager;
+			return this;
+		}
+
+		private ReactiveAuthenticationManager getAuthenticationManager() {
+			if (this.authenticationManager == null) {
+				return RSocketSecurity.this.authenticationManager;
+			}
+			return this.authenticationManager;
+		}
+
+		protected AuthenticationPayloadInterceptor build() {
+			ReactiveAuthenticationManager manager = getAuthenticationManager();
+			AuthenticationPayloadInterceptor result = new AuthenticationPayloadInterceptor(manager);
+			result.setOrder(PayloadInterceptorOrder.AUTHENTICATION.getOrder());
+			return result;
+		}
+
+		private BasicAuthenticationSpec() {
+		}
+
+	}
+
+	public final class JwtSpec {
+
+		private ReactiveAuthenticationManager authenticationManager;
+
+		public JwtSpec authenticationManager(ReactiveAuthenticationManager authenticationManager) {
+			this.authenticationManager = authenticationManager;
+			return this;
+		}
+
+		private ReactiveAuthenticationManager getAuthenticationManager() {
+			if (this.authenticationManager != null) {
+				return this.authenticationManager;
+			}
+			ReactiveJwtDecoder jwtDecoder = getBeanOrNull(ReactiveJwtDecoder.class);
+			if (jwtDecoder != null) {
+				this.authenticationManager = new JwtReactiveAuthenticationManager(jwtDecoder);
+				return this.authenticationManager;
+			}
+			return RSocketSecurity.this.authenticationManager;
+		}
+
+		protected List<AuthenticationPayloadInterceptor> build() {
+			ReactiveAuthenticationManager manager = getAuthenticationManager();
+			AuthenticationPayloadInterceptor legacy = new AuthenticationPayloadInterceptor(manager);
+			legacy.setAuthenticationConverter(new BearerPayloadExchangeConverter());
+			legacy.setOrder(PayloadInterceptorOrder.AUTHENTICATION.getOrder());
+
+			AuthenticationPayloadInterceptor standard = new AuthenticationPayloadInterceptor(manager);
+			standard.setAuthenticationConverter(new AuthenticationPayloadExchangeConverter());
+			standard.setOrder(PayloadInterceptorOrder.AUTHENTICATION.getOrder());
+
+			return Arrays.asList(standard, legacy);
+		}
+
+		private JwtSpec() {
+		}
+
+	}
+
 	public class AuthorizePayloadsSpec {
 
 		private PayloadExchangeMatcherReactiveAuthorizationManager.Builder authzBuilder = PayloadExchangeMatcherReactiveAuthorizationManager
@@ -417,30 +443,4 @@ public class RSocketSecurity {
 
 	}
 
-	private <T> T getBean(Class<T> beanClass) {
-		if (this.context == null) {
-			return null;
-		}
-		return this.context.getBean(beanClass);
-	}
-
-	private <T> T getBeanOrNull(Class<T> beanClass) {
-		return getBeanOrNull(ResolvableType.forClass(beanClass));
-	}
-
-	private <T> T getBeanOrNull(ResolvableType type) {
-		if (this.context == null) {
-			return null;
-		}
-		String[] names = this.context.getBeanNamesForType(type);
-		if (names.length == 1) {
-			return (T) this.context.getBean(names[0]);
-		}
-		return null;
-	}
-
-	protected void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
-		this.context = applicationContext;
-	}
-
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java b/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java
index 2b5825bcb4..89a89f6d1c 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java
@@ -2912,6 +2912,24 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 		return requestMatcher(new RegexRequestMatcher(pattern, null));
 	}
 
+	/**
+	 * If the {@link SecurityConfigurer} has already been specified get the original,
+	 * otherwise apply the new {@link SecurityConfigurerAdapter}.
+	 * @param configurer the {@link SecurityConfigurer} to apply if one is not found for
+	 * this {@link SecurityConfigurer} class.
+	 * @return the current {@link SecurityConfigurer} for the configurer passed in
+	 * @throws Exception
+	 */
+	@SuppressWarnings("unchecked")
+	private <C extends SecurityConfigurerAdapter<DefaultSecurityFilterChain, HttpSecurity>> C getOrApply(C configurer)
+			throws Exception {
+		C existingConfig = (C) getConfigurer(configurer.getClass());
+		if (existingConfig != null) {
+			return existingConfig;
+		}
+		return apply(configurer);
+	}
+
 	/**
 	 * An extension to {@link RequestMatcherConfigurer} that allows optionally configuring
 	 * the servlet path.
@@ -2987,22 +3005,4 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 
 	}
 
-	/**
-	 * If the {@link SecurityConfigurer} has already been specified get the original,
-	 * otherwise apply the new {@link SecurityConfigurerAdapter}.
-	 * @param configurer the {@link SecurityConfigurer} to apply if one is not found for
-	 * this {@link SecurityConfigurer} class.
-	 * @return the current {@link SecurityConfigurer} for the configurer passed in
-	 * @throws Exception
-	 */
-	@SuppressWarnings("unchecked")
-	private <C extends SecurityConfigurerAdapter<DefaultSecurityFilterChain, HttpSecurity>> C getOrApply(C configurer)
-			throws Exception {
-		C existingConfig = (C) getConfigurer(configurer.getClass());
-		if (existingConfig != null) {
-			return existingConfig;
-		}
-		return apply(configurer);
-	}
-
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/builders/WebSecurity.java b/config/src/main/java/org/springframework/security/config/annotation/web/builders/WebSecurity.java
index 9bb3e2183c..1a42d57849 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/builders/WebSecurity.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/builders/WebSecurity.java
@@ -304,6 +304,36 @@ public final class WebSecurity extends AbstractConfiguredSecurityBuilder<Filter,
 		return result;
 	}
 
+	@Override
+	public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
+		this.defaultWebSecurityExpressionHandler.setApplicationContext(applicationContext);
+
+		try {
+			this.defaultWebSecurityExpressionHandler.setRoleHierarchy(applicationContext.getBean(RoleHierarchy.class));
+		}
+		catch (NoSuchBeanDefinitionException e) {
+		}
+
+		try {
+			this.defaultWebSecurityExpressionHandler
+					.setPermissionEvaluator(applicationContext.getBean(PermissionEvaluator.class));
+		}
+		catch (NoSuchBeanDefinitionException e) {
+		}
+
+		this.ignoredRequestRegistry = new IgnoredRequestConfigurer(applicationContext);
+		try {
+			this.httpFirewall = applicationContext.getBean(HttpFirewall.class);
+		}
+		catch (NoSuchBeanDefinitionException e) {
+		}
+		try {
+			this.requestRejectedHandler = applicationContext.getBean(RequestRejectedHandler.class);
+		}
+		catch (NoSuchBeanDefinitionException e) {
+		}
+	}
+
 	/**
 	 * An {@link IgnoredRequestConfigurer} that allows optionally configuring the
 	 * {@link MvcRequestMatcher#setMethod(HttpMethod)}
@@ -368,34 +398,4 @@ public final class WebSecurity extends AbstractConfiguredSecurityBuilder<Filter,
 
 	}
 
-	@Override
-	public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
-		this.defaultWebSecurityExpressionHandler.setApplicationContext(applicationContext);
-
-		try {
-			this.defaultWebSecurityExpressionHandler.setRoleHierarchy(applicationContext.getBean(RoleHierarchy.class));
-		}
-		catch (NoSuchBeanDefinitionException e) {
-		}
-
-		try {
-			this.defaultWebSecurityExpressionHandler
-					.setPermissionEvaluator(applicationContext.getBean(PermissionEvaluator.class));
-		}
-		catch (NoSuchBeanDefinitionException e) {
-		}
-
-		this.ignoredRequestRegistry = new IgnoredRequestConfigurer(applicationContext);
-		try {
-			this.httpFirewall = applicationContext.getBean(HttpFirewall.class);
-		}
-		catch (NoSuchBeanDefinitionException e) {
-		}
-		try {
-			this.requestRejectedHandler = applicationContext.getBean(RequestRejectedHandler.class);
-		}
-		catch (NoSuchBeanDefinitionException e) {
-		}
-	}
-
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.java
index 39c0a279bc..c49fa0bbe9 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.java
@@ -188,6 +188,35 @@ public class WebSecurityConfiguration implements ImportAware, BeanClassLoaderAwa
 		return new AutowiredWebSecurityConfigurersIgnoreParents(beanFactory);
 	}
 
+	/*
+	 * (non-Javadoc)
+	 *
+	 * @see org.springframework.context.annotation.ImportAware#setImportMetadata(org.
+	 * springframework.core.type.AnnotationMetadata)
+	 */
+	@Override
+	public void setImportMetadata(AnnotationMetadata importMetadata) {
+		Map<String, Object> enableWebSecurityAttrMap = importMetadata
+				.getAnnotationAttributes(EnableWebSecurity.class.getName());
+		AnnotationAttributes enableWebSecurityAttrs = AnnotationAttributes.fromMap(enableWebSecurityAttrMap);
+		this.debugEnabled = enableWebSecurityAttrs.getBoolean("debug");
+		if (this.webSecurity != null) {
+			this.webSecurity.debug(this.debugEnabled);
+		}
+	}
+
+	/*
+	 * (non-Javadoc)
+	 *
+	 * @see
+	 * org.springframework.beans.factory.BeanClassLoaderAware#setBeanClassLoader(java.
+	 * lang.ClassLoader)
+	 */
+	@Override
+	public void setBeanClassLoader(ClassLoader classLoader) {
+		this.beanClassLoader = classLoader;
+	}
+
 	/**
 	 * A custom verision of the Spring provided AnnotationAwareOrderComparator that uses
 	 * {@link AnnotationUtils#findAnnotation(Class, Class)} to look on super class
@@ -221,33 +250,4 @@ public class WebSecurityConfiguration implements ImportAware, BeanClassLoaderAwa
 
 	}
 
-	/*
-	 * (non-Javadoc)
-	 *
-	 * @see org.springframework.context.annotation.ImportAware#setImportMetadata(org.
-	 * springframework.core.type.AnnotationMetadata)
-	 */
-	@Override
-	public void setImportMetadata(AnnotationMetadata importMetadata) {
-		Map<String, Object> enableWebSecurityAttrMap = importMetadata
-				.getAnnotationAttributes(EnableWebSecurity.class.getName());
-		AnnotationAttributes enableWebSecurityAttrs = AnnotationAttributes.fromMap(enableWebSecurityAttrMap);
-		this.debugEnabled = enableWebSecurityAttrs.getBoolean("debug");
-		if (this.webSecurity != null) {
-			this.webSecurity.debug(this.debugEnabled);
-		}
-	}
-
-	/*
-	 * (non-Javadoc)
-	 *
-	 * @see
-	 * org.springframework.beans.factory.BeanClassLoaderAware#setBeanClassLoader(java.
-	 * lang.ClassLoader)
-	 */
-	@Override
-	public void setBeanClassLoader(ClassLoader classLoader) {
-		this.beanClassLoader = classLoader;
-	}
-
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractInterceptUrlConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractInterceptUrlConfigurer.java
index dd1d6bc749..5927eb8be6 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractInterceptUrlConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractInterceptUrlConfigurer.java
@@ -102,44 +102,6 @@ abstract class AbstractInterceptUrlConfigurer<C extends AbstractInterceptUrlConf
 	 */
 	abstract List<AccessDecisionVoter<?>> getDecisionVoters(H http);
 
-	abstract class AbstractInterceptUrlRegistry<R extends AbstractInterceptUrlRegistry<R, T>, T>
-			extends AbstractConfigAttributeRequestMatcherRegistry<T> {
-
-		/**
-		 * Allows setting the {@link AccessDecisionManager}. If none is provided, a
-		 * default {@link AccessDecisionManager} is created.
-		 * @param accessDecisionManager the {@link AccessDecisionManager} to use
-		 * @return the {@link AbstractInterceptUrlConfigurer} for further customization
-		 */
-		public R accessDecisionManager(AccessDecisionManager accessDecisionManager) {
-			AbstractInterceptUrlConfigurer.this.accessDecisionManager = accessDecisionManager;
-			return getSelf();
-		}
-
-		/**
-		 * Allows setting if the {@link FilterSecurityInterceptor} should be only applied
-		 * once per request (i.e. if the filter intercepts on a forward, should it be
-		 * applied again).
-		 * @param filterSecurityInterceptorOncePerRequest if the
-		 * {@link FilterSecurityInterceptor} should be only applied once per request
-		 * @return the {@link AbstractInterceptUrlConfigurer} for further customization
-		 */
-		public R filterSecurityInterceptorOncePerRequest(boolean filterSecurityInterceptorOncePerRequest) {
-			AbstractInterceptUrlConfigurer.this.filterSecurityInterceptorOncePerRequest = filterSecurityInterceptorOncePerRequest;
-			return getSelf();
-		}
-
-		/**
-		 * Returns a reference to the current object with a single suppression of the type
-		 * @return a reference to the current object
-		 */
-		@SuppressWarnings("unchecked")
-		private R getSelf() {
-			return (R) this;
-		}
-
-	}
-
 	/**
 	 * Creates the default {@code AccessDecisionManager}
 	 * @return the default {@code AccessDecisionManager}
@@ -182,4 +144,42 @@ abstract class AbstractInterceptUrlConfigurer<C extends AbstractInterceptUrlConf
 		return securityInterceptor;
 	}
 
+	abstract class AbstractInterceptUrlRegistry<R extends AbstractInterceptUrlRegistry<R, T>, T>
+			extends AbstractConfigAttributeRequestMatcherRegistry<T> {
+
+		/**
+		 * Allows setting the {@link AccessDecisionManager}. If none is provided, a
+		 * default {@link AccessDecisionManager} is created.
+		 * @param accessDecisionManager the {@link AccessDecisionManager} to use
+		 * @return the {@link AbstractInterceptUrlConfigurer} for further customization
+		 */
+		public R accessDecisionManager(AccessDecisionManager accessDecisionManager) {
+			AbstractInterceptUrlConfigurer.this.accessDecisionManager = accessDecisionManager;
+			return getSelf();
+		}
+
+		/**
+		 * Allows setting if the {@link FilterSecurityInterceptor} should be only applied
+		 * once per request (i.e. if the filter intercepts on a forward, should it be
+		 * applied again).
+		 * @param filterSecurityInterceptorOncePerRequest if the
+		 * {@link FilterSecurityInterceptor} should be only applied once per request
+		 * @return the {@link AbstractInterceptUrlConfigurer} for further customization
+		 */
+		public R filterSecurityInterceptorOncePerRequest(boolean filterSecurityInterceptorOncePerRequest) {
+			AbstractInterceptUrlConfigurer.this.filterSecurityInterceptorOncePerRequest = filterSecurityInterceptorOncePerRequest;
+			return getSelf();
+		}
+
+		/**
+		 * Returns a reference to the current object with a single suppression of the type
+		 * @return a reference to the current object
+		 */
+		@SuppressWarnings("unchecked")
+		private R getSelf() {
+			return (R) this;
+		}
+
+	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurer.java
index d75c6d44b4..34844a74b2 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurer.java
@@ -109,61 +109,6 @@ public final class ExpressionUrlAuthorizationConfigurer<H extends HttpSecurityBu
 		return this.REGISTRY;
 	}
 
-	public final class ExpressionInterceptUrlRegistry extends
-			ExpressionUrlAuthorizationConfigurer<H>.AbstractInterceptUrlRegistry<ExpressionInterceptUrlRegistry, AuthorizedUrl> {
-
-		/**
-		 * @param context
-		 */
-		private ExpressionInterceptUrlRegistry(ApplicationContext context) {
-			setApplicationContext(context);
-		}
-
-		@Override
-		public MvcMatchersAuthorizedUrl mvcMatchers(HttpMethod method, String... mvcPatterns) {
-			return new MvcMatchersAuthorizedUrl(createMvcMatchers(method, mvcPatterns));
-		}
-
-		@Override
-		public MvcMatchersAuthorizedUrl mvcMatchers(String... patterns) {
-			return mvcMatchers(null, patterns);
-		}
-
-		@Override
-		protected AuthorizedUrl chainRequestMatchersInternal(List<RequestMatcher> requestMatchers) {
-			return new AuthorizedUrl(requestMatchers);
-		}
-
-		/**
-		 * Allows customization of the {@link SecurityExpressionHandler} to be used. The
-		 * default is {@link DefaultWebSecurityExpressionHandler}
-		 * @param expressionHandler the {@link SecurityExpressionHandler} to be used
-		 * @return the {@link ExpressionUrlAuthorizationConfigurer} for further
-		 * customization.
-		 */
-		public ExpressionInterceptUrlRegistry expressionHandler(
-				SecurityExpressionHandler<FilterInvocation> expressionHandler) {
-			ExpressionUrlAuthorizationConfigurer.this.expressionHandler = expressionHandler;
-			return this;
-		}
-
-		/**
-		 * Adds an {@link ObjectPostProcessor} for this class.
-		 * @param objectPostProcessor
-		 * @return the {@link ExpressionUrlAuthorizationConfigurer} for further
-		 * customizations
-		 */
-		public ExpressionInterceptUrlRegistry withObjectPostProcessor(ObjectPostProcessor<?> objectPostProcessor) {
-			addObjectPostProcessor(objectPostProcessor);
-			return this;
-		}
-
-		public H and() {
-			return ExpressionUrlAuthorizationConfigurer.this.and();
-		}
-
-	}
-
 	/**
 	 * Allows registering multiple {@link RequestMatcher} instances to a collection of
 	 * {@link ConfigAttribute} instances
@@ -261,6 +206,61 @@ public final class ExpressionUrlAuthorizationConfigurer<H extends HttpSecurityBu
 		return "hasIpAddress('" + ipAddressExpression + "')";
 	}
 
+	public final class ExpressionInterceptUrlRegistry extends
+			ExpressionUrlAuthorizationConfigurer<H>.AbstractInterceptUrlRegistry<ExpressionInterceptUrlRegistry, AuthorizedUrl> {
+
+		/**
+		 * @param context
+		 */
+		private ExpressionInterceptUrlRegistry(ApplicationContext context) {
+			setApplicationContext(context);
+		}
+
+		@Override
+		public MvcMatchersAuthorizedUrl mvcMatchers(HttpMethod method, String... mvcPatterns) {
+			return new MvcMatchersAuthorizedUrl(createMvcMatchers(method, mvcPatterns));
+		}
+
+		@Override
+		public MvcMatchersAuthorizedUrl mvcMatchers(String... patterns) {
+			return mvcMatchers(null, patterns);
+		}
+
+		@Override
+		protected AuthorizedUrl chainRequestMatchersInternal(List<RequestMatcher> requestMatchers) {
+			return new AuthorizedUrl(requestMatchers);
+		}
+
+		/**
+		 * Allows customization of the {@link SecurityExpressionHandler} to be used. The
+		 * default is {@link DefaultWebSecurityExpressionHandler}
+		 * @param expressionHandler the {@link SecurityExpressionHandler} to be used
+		 * @return the {@link ExpressionUrlAuthorizationConfigurer} for further
+		 * customization.
+		 */
+		public ExpressionInterceptUrlRegistry expressionHandler(
+				SecurityExpressionHandler<FilterInvocation> expressionHandler) {
+			ExpressionUrlAuthorizationConfigurer.this.expressionHandler = expressionHandler;
+			return this;
+		}
+
+		/**
+		 * Adds an {@link ObjectPostProcessor} for this class.
+		 * @param objectPostProcessor
+		 * @return the {@link ExpressionUrlAuthorizationConfigurer} for further
+		 * customizations
+		 */
+		public ExpressionInterceptUrlRegistry withObjectPostProcessor(ObjectPostProcessor<?> objectPostProcessor) {
+			addObjectPostProcessor(objectPostProcessor);
+			return this;
+		}
+
+		public H and() {
+			return ExpressionUrlAuthorizationConfigurer.this.and();
+		}
+
+	}
+
 	/**
 	 * An {@link AuthorizedUrl} that allows optionally configuring the
 	 * {@link MvcRequestMatcher#setMethod(HttpMethod)}
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurer.java
index 5c9e997931..3a88e03e8f 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurer.java
@@ -145,6 +145,357 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 		return HeadersConfigurer.this;
 	}
 
+	/**
+	 * <strong>Note this is not comprehensive XSS protection!</strong>
+	 *
+	 * <p>
+	 * Allows customizing the {@link XXssProtectionHeaderWriter} which adds the <a href=
+	 * "https://blogs.msdn.com/b/ieinternals/archive/2011/01/31/controlling-the-internet-explorer-xss-filter-with-the-x-xss-protection-http-header.aspx"
+	 * >X-XSS-Protection header</a>
+	 * </p>
+	 * @return the {@link XXssConfig} for additional customizations
+	 */
+	public XXssConfig xssProtection() {
+		return this.xssProtection.enable();
+	}
+
+	/**
+	 * <strong>Note this is not comprehensive XSS protection!</strong>
+	 *
+	 * <p>
+	 * Allows customizing the {@link XXssProtectionHeaderWriter} which adds the <a href=
+	 * "https://blogs.msdn.com/b/ieinternals/archive/2011/01/31/controlling-the-internet-explorer-xss-filter-with-the-x-xss-protection-http-header.aspx"
+	 * >X-XSS-Protection header</a>
+	 * </p>
+	 * @param xssCustomizer the {@link Customizer} to provide more options for the
+	 * {@link XXssConfig}
+	 * @return the {@link HeadersConfigurer} for additional customizations
+	 */
+	public HeadersConfigurer<H> xssProtection(Customizer<XXssConfig> xssCustomizer) {
+		xssCustomizer.customize(this.xssProtection.enable());
+		return HeadersConfigurer.this;
+	}
+
+	/**
+	 * Allows customizing the {@link CacheControlHeadersWriter}. Specifically it adds the
+	 * following headers:
+	 * <ul>
+	 * <li>Cache-Control: no-cache, no-store, max-age=0, must-revalidate</li>
+	 * <li>Pragma: no-cache</li>
+	 * <li>Expires: 0</li>
+	 * </ul>
+	 * @return the {@link CacheControlConfig} for additional customizations
+	 */
+	public CacheControlConfig cacheControl() {
+		return this.cacheControl.enable();
+	}
+
+	/**
+	 * Allows customizing the {@link CacheControlHeadersWriter}. Specifically it adds the
+	 * following headers:
+	 * <ul>
+	 * <li>Cache-Control: no-cache, no-store, max-age=0, must-revalidate</li>
+	 * <li>Pragma: no-cache</li>
+	 * <li>Expires: 0</li>
+	 * </ul>
+	 * @param cacheControlCustomizer the {@link Customizer} to provide more options for
+	 * the {@link CacheControlConfig}
+	 * @return the {@link HeadersConfigurer} for additional customizations
+	 */
+	public HeadersConfigurer<H> cacheControl(Customizer<CacheControlConfig> cacheControlCustomizer) {
+		cacheControlCustomizer.customize(this.cacheControl.enable());
+		return HeadersConfigurer.this;
+	}
+
+	/**
+	 * Allows customizing the {@link HstsHeaderWriter} which provides support for
+	 * <a href="https://tools.ietf.org/html/rfc6797">HTTP Strict Transport Security
+	 * (HSTS)</a>.
+	 * @return the {@link HstsConfig} for additional customizations
+	 */
+	public HstsConfig httpStrictTransportSecurity() {
+		return this.hsts.enable();
+	}
+
+	/**
+	 * Allows customizing the {@link HstsHeaderWriter} which provides support for
+	 * <a href="https://tools.ietf.org/html/rfc6797">HTTP Strict Transport Security
+	 * (HSTS)</a>.
+	 * @param hstsCustomizer the {@link Customizer} to provide more options for the
+	 * {@link HstsConfig}
+	 * @return the {@link HeadersConfigurer} for additional customizations
+	 */
+	public HeadersConfigurer<H> httpStrictTransportSecurity(Customizer<HstsConfig> hstsCustomizer) {
+		hstsCustomizer.customize(this.hsts.enable());
+		return HeadersConfigurer.this;
+	}
+
+	/**
+	 * Allows customizing the {@link XFrameOptionsHeaderWriter}.
+	 * @return the {@link FrameOptionsConfig} for additional customizations
+	 */
+	public FrameOptionsConfig frameOptions() {
+		return this.frameOptions.enable();
+	}
+
+	/**
+	 * Allows customizing the {@link XFrameOptionsHeaderWriter}.
+	 * @param frameOptionsCustomizer the {@link Customizer} to provide more options for
+	 * the {@link FrameOptionsConfig}
+	 * @return the {@link HeadersConfigurer} for additional customizations
+	 */
+	public HeadersConfigurer<H> frameOptions(Customizer<FrameOptionsConfig> frameOptionsCustomizer) {
+		frameOptionsCustomizer.customize(this.frameOptions.enable());
+		return HeadersConfigurer.this;
+	}
+
+	/**
+	 * Allows customizing the {@link HpkpHeaderWriter} which provides support for
+	 * <a href="https://tools.ietf.org/html/rfc7469">HTTP Public Key Pinning (HPKP)</a>.
+	 * @return the {@link HpkpConfig} for additional customizations
+	 *
+	 * @since 4.1
+	 */
+	public HpkpConfig httpPublicKeyPinning() {
+		return this.hpkp.enable();
+	}
+
+	/**
+	 * Allows customizing the {@link HpkpHeaderWriter} which provides support for
+	 * <a href="https://tools.ietf.org/html/rfc7469">HTTP Public Key Pinning (HPKP)</a>.
+	 * @param hpkpCustomizer the {@link Customizer} to provide more options for the
+	 * {@link HpkpConfig}
+	 * @return the {@link HeadersConfigurer} for additional customizations
+	 */
+	public HeadersConfigurer<H> httpPublicKeyPinning(Customizer<HpkpConfig> hpkpCustomizer) {
+		hpkpCustomizer.customize(this.hpkp.enable());
+		return HeadersConfigurer.this;
+	}
+
+	/**
+	 * <p>
+	 * Allows configuration for <a href="https://www.w3.org/TR/CSP2/">Content Security
+	 * Policy (CSP) Level 2</a>.
+	 * </p>
+	 *
+	 * <p>
+	 * Calling this method automatically enables (includes) the Content-Security-Policy
+	 * header in the response using the supplied security policy directive(s).
+	 * </p>
+	 *
+	 * <p>
+	 * Configuration is provided to the {@link ContentSecurityPolicyHeaderWriter} which
+	 * supports the writing of the two headers as detailed in the W3C Candidate
+	 * Recommendation:
+	 * </p>
+	 * <ul>
+	 * <li>Content-Security-Policy</li>
+	 * <li>Content-Security-Policy-Report-Only</li>
+	 * </ul>
+	 * @return the {@link ContentSecurityPolicyConfig} for additional configuration
+	 * @throws IllegalArgumentException if policyDirectives is null or empty
+	 * @since 4.1
+	 * @see ContentSecurityPolicyHeaderWriter
+	 */
+	public ContentSecurityPolicyConfig contentSecurityPolicy(String policyDirectives) {
+		this.contentSecurityPolicy.writer = new ContentSecurityPolicyHeaderWriter(policyDirectives);
+		return this.contentSecurityPolicy;
+	}
+
+	/**
+	 * <p>
+	 * Allows configuration for <a href="https://www.w3.org/TR/CSP2/">Content Security
+	 * Policy (CSP) Level 2</a>.
+	 * </p>
+	 *
+	 * <p>
+	 * Calling this method automatically enables (includes) the Content-Security-Policy
+	 * header in the response using the supplied security policy directive(s).
+	 * </p>
+	 *
+	 * <p>
+	 * Configuration is provided to the {@link ContentSecurityPolicyHeaderWriter} which
+	 * supports the writing of the two headers as detailed in the W3C Candidate
+	 * Recommendation:
+	 * </p>
+	 * <ul>
+	 * <li>Content-Security-Policy</li>
+	 * <li>Content-Security-Policy-Report-Only</li>
+	 * </ul>
+	 * @param contentSecurityCustomizer the {@link Customizer} to provide more options for
+	 * the {@link ContentSecurityPolicyConfig}
+	 * @return the {@link HeadersConfigurer} for additional customizations
+	 * @see ContentSecurityPolicyHeaderWriter
+	 */
+	public HeadersConfigurer<H> contentSecurityPolicy(
+			Customizer<ContentSecurityPolicyConfig> contentSecurityCustomizer) {
+		this.contentSecurityPolicy.writer = new ContentSecurityPolicyHeaderWriter();
+		contentSecurityCustomizer.customize(this.contentSecurityPolicy);
+
+		return HeadersConfigurer.this;
+	}
+
+	/**
+	 * Clears all of the default headers from the response. After doing so, one can add
+	 * headers back. For example, if you only want to use Spring Security's cache control
+	 * you can use the following:
+	 *
+	 * <pre>
+	 * http.headers().defaultsDisabled().cacheControl();
+	 * </pre>
+	 * @return the {@link HeadersConfigurer} for additional customization
+	 */
+	public HeadersConfigurer<H> defaultsDisabled() {
+		this.contentTypeOptions.disable();
+		this.xssProtection.disable();
+		this.cacheControl.disable();
+		this.hsts.disable();
+		this.frameOptions.disable();
+		return this;
+	}
+
+	@Override
+	public void configure(H http) {
+		HeaderWriterFilter headersFilter = createHeaderWriterFilter();
+		http.addFilter(headersFilter);
+	}
+
+	/**
+	 * Creates the {@link HeaderWriter}
+	 * @return the {@link HeaderWriter}
+	 */
+	private HeaderWriterFilter createHeaderWriterFilter() {
+		List<HeaderWriter> writers = getHeaderWriters();
+		if (writers.isEmpty()) {
+			throw new IllegalStateException(
+					"Headers security is enabled, but no headers will be added. Either add headers or disable headers security");
+		}
+		HeaderWriterFilter headersFilter = new HeaderWriterFilter(writers);
+		headersFilter = postProcess(headersFilter);
+		return headersFilter;
+	}
+
+	/**
+	 * Gets the {@link HeaderWriter} instances and possibly initializes with the defaults.
+	 * @return
+	 */
+	private List<HeaderWriter> getHeaderWriters() {
+		List<HeaderWriter> writers = new ArrayList<>();
+		addIfNotNull(writers, this.contentTypeOptions.writer);
+		addIfNotNull(writers, this.xssProtection.writer);
+		addIfNotNull(writers, this.cacheControl.writer);
+		addIfNotNull(writers, this.hsts.writer);
+		addIfNotNull(writers, this.frameOptions.writer);
+		addIfNotNull(writers, this.hpkp.writer);
+		addIfNotNull(writers, this.contentSecurityPolicy.writer);
+		addIfNotNull(writers, this.referrerPolicy.writer);
+		addIfNotNull(writers, this.featurePolicy.writer);
+		writers.addAll(this.headerWriters);
+		return writers;
+	}
+
+	private <T> void addIfNotNull(List<T> values, T value) {
+		if (value != null) {
+			values.add(value);
+		}
+	}
+
+	/**
+	 * <p>
+	 * Allows configuration for <a href="https://www.w3.org/TR/referrer-policy/">Referrer
+	 * Policy</a>.
+	 * </p>
+	 *
+	 * <p>
+	 * Configuration is provided to the {@link ReferrerPolicyHeaderWriter} which support
+	 * the writing of the header as detailed in the W3C Technical Report:
+	 * </p>
+	 * <ul>
+	 * <li>Referrer-Policy</li>
+	 * </ul>
+	 *
+	 * <p>
+	 * Default value is:
+	 * </p>
+	 *
+	 * <pre>
+	 * Referrer-Policy: no-referrer
+	 * </pre>
+	 * @return the {@link ReferrerPolicyConfig} for additional configuration
+	 * @since 4.2
+	 * @see ReferrerPolicyHeaderWriter
+	 */
+	public ReferrerPolicyConfig referrerPolicy() {
+		this.referrerPolicy.writer = new ReferrerPolicyHeaderWriter();
+		return this.referrerPolicy;
+	}
+
+	/**
+	 * <p>
+	 * Allows configuration for <a href="https://www.w3.org/TR/referrer-policy/">Referrer
+	 * Policy</a>.
+	 * </p>
+	 *
+	 * <p>
+	 * Configuration is provided to the {@link ReferrerPolicyHeaderWriter} which support
+	 * the writing of the header as detailed in the W3C Technical Report:
+	 * </p>
+	 * <ul>
+	 * <li>Referrer-Policy</li>
+	 * </ul>
+	 * @return the {@link ReferrerPolicyConfig} for additional configuration
+	 * @throws IllegalArgumentException if policy is null or empty
+	 * @since 4.2
+	 * @see ReferrerPolicyHeaderWriter
+	 */
+	public ReferrerPolicyConfig referrerPolicy(ReferrerPolicy policy) {
+		this.referrerPolicy.writer = new ReferrerPolicyHeaderWriter(policy);
+		return this.referrerPolicy;
+	}
+
+	/**
+	 * <p>
+	 * Allows configuration for <a href="https://www.w3.org/TR/referrer-policy/">Referrer
+	 * Policy</a>.
+	 * </p>
+	 *
+	 * <p>
+	 * Configuration is provided to the {@link ReferrerPolicyHeaderWriter} which support
+	 * the writing of the header as detailed in the W3C Technical Report:
+	 * </p>
+	 * <ul>
+	 * <li>Referrer-Policy</li>
+	 * </ul>
+	 * @param referrerPolicyCustomizer the {@link Customizer} to provide more options for
+	 * the {@link ReferrerPolicyConfig}
+	 * @return the {@link HeadersConfigurer} for additional customizations
+	 * @see ReferrerPolicyHeaderWriter
+	 */
+	public HeadersConfigurer<H> referrerPolicy(Customizer<ReferrerPolicyConfig> referrerPolicyCustomizer) {
+		this.referrerPolicy.writer = new ReferrerPolicyHeaderWriter();
+		referrerPolicyCustomizer.customize(this.referrerPolicy);
+		return HeadersConfigurer.this;
+	}
+
+	/**
+	 * Allows configuration for <a href="https://wicg.github.io/feature-policy/">Feature
+	 * Policy</a>.
+	 * <p>
+	 * Calling this method automatically enables (includes) the {@code Feature-Policy}
+	 * header in the response using the supplied policy directive(s).
+	 * <p>
+	 * Configuration is provided to the {@link FeaturePolicyHeaderWriter} which is
+	 * responsible for writing the header.
+	 * @return the {@link FeaturePolicyConfig} for additional configuration
+	 * @throws IllegalArgumentException if policyDirectives is {@code null} or empty
+	 * @since 5.1
+	 * @see FeaturePolicyHeaderWriter
+	 */
+	public FeaturePolicyConfig featurePolicy(String policyDirectives) {
+		this.featurePolicy.writer = new FeaturePolicyHeaderWriter(policyDirectives);
+		return this.featurePolicy;
+	}
+
 	public final class ContentTypeOptionsConfig {
 
 		private XContentTypeOptionsHeaderWriter writer;
@@ -183,37 +534,6 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 
 	}
 
-	/**
-	 * <strong>Note this is not comprehensive XSS protection!</strong>
-	 *
-	 * <p>
-	 * Allows customizing the {@link XXssProtectionHeaderWriter} which adds the <a href=
-	 * "https://blogs.msdn.com/b/ieinternals/archive/2011/01/31/controlling-the-internet-explorer-xss-filter-with-the-x-xss-protection-http-header.aspx"
-	 * >X-XSS-Protection header</a>
-	 * </p>
-	 * @return the {@link XXssConfig} for additional customizations
-	 */
-	public XXssConfig xssProtection() {
-		return this.xssProtection.enable();
-	}
-
-	/**
-	 * <strong>Note this is not comprehensive XSS protection!</strong>
-	 *
-	 * <p>
-	 * Allows customizing the {@link XXssProtectionHeaderWriter} which adds the <a href=
-	 * "https://blogs.msdn.com/b/ieinternals/archive/2011/01/31/controlling-the-internet-explorer-xss-filter-with-the-x-xss-protection-http-header.aspx"
-	 * >X-XSS-Protection header</a>
-	 * </p>
-	 * @param xssCustomizer the {@link Customizer} to provide more options for the
-	 * {@link XXssConfig}
-	 * @return the {@link HeadersConfigurer} for additional customizations
-	 */
-	public HeadersConfigurer<H> xssProtection(Customizer<XXssConfig> xssCustomizer) {
-		xssCustomizer.customize(this.xssProtection.enable());
-		return HeadersConfigurer.this;
-	}
-
 	public final class XXssConfig {
 
 		private XXssProtectionHeaderWriter writer;
@@ -291,37 +611,6 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 
 	}
 
-	/**
-	 * Allows customizing the {@link CacheControlHeadersWriter}. Specifically it adds the
-	 * following headers:
-	 * <ul>
-	 * <li>Cache-Control: no-cache, no-store, max-age=0, must-revalidate</li>
-	 * <li>Pragma: no-cache</li>
-	 * <li>Expires: 0</li>
-	 * </ul>
-	 * @return the {@link CacheControlConfig} for additional customizations
-	 */
-	public CacheControlConfig cacheControl() {
-		return this.cacheControl.enable();
-	}
-
-	/**
-	 * Allows customizing the {@link CacheControlHeadersWriter}. Specifically it adds the
-	 * following headers:
-	 * <ul>
-	 * <li>Cache-Control: no-cache, no-store, max-age=0, must-revalidate</li>
-	 * <li>Pragma: no-cache</li>
-	 * <li>Expires: 0</li>
-	 * </ul>
-	 * @param cacheControlCustomizer the {@link Customizer} to provide more options for
-	 * the {@link CacheControlConfig}
-	 * @return the {@link HeadersConfigurer} for additional customizations
-	 */
-	public HeadersConfigurer<H> cacheControl(Customizer<CacheControlConfig> cacheControlCustomizer) {
-		cacheControlCustomizer.customize(this.cacheControl.enable());
-		return HeadersConfigurer.this;
-	}
-
 	public final class CacheControlConfig {
 
 		private CacheControlHeadersWriter writer;
@@ -361,29 +650,6 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 
 	}
 
-	/**
-	 * Allows customizing the {@link HstsHeaderWriter} which provides support for
-	 * <a href="https://tools.ietf.org/html/rfc6797">HTTP Strict Transport Security
-	 * (HSTS)</a>.
-	 * @return the {@link HstsConfig} for additional customizations
-	 */
-	public HstsConfig httpStrictTransportSecurity() {
-		return this.hsts.enable();
-	}
-
-	/**
-	 * Allows customizing the {@link HstsHeaderWriter} which provides support for
-	 * <a href="https://tools.ietf.org/html/rfc6797">HTTP Strict Transport Security
-	 * (HSTS)</a>.
-	 * @param hstsCustomizer the {@link Customizer} to provide more options for the
-	 * {@link HstsConfig}
-	 * @return the {@link HeadersConfigurer} for additional customizations
-	 */
-	public HeadersConfigurer<H> httpStrictTransportSecurity(Customizer<HstsConfig> hstsCustomizer) {
-		hstsCustomizer.customize(this.hsts.enable());
-		return HeadersConfigurer.this;
-	}
-
 	public final class HstsConfig {
 
 		private HstsHeaderWriter writer;
@@ -491,25 +757,6 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 
 	}
 
-	/**
-	 * Allows customizing the {@link XFrameOptionsHeaderWriter}.
-	 * @return the {@link FrameOptionsConfig} for additional customizations
-	 */
-	public FrameOptionsConfig frameOptions() {
-		return this.frameOptions.enable();
-	}
-
-	/**
-	 * Allows customizing the {@link XFrameOptionsHeaderWriter}.
-	 * @param frameOptionsCustomizer the {@link Customizer} to provide more options for
-	 * the {@link FrameOptionsConfig}
-	 * @return the {@link HeadersConfigurer} for additional customizations
-	 */
-	public HeadersConfigurer<H> frameOptions(Customizer<FrameOptionsConfig> frameOptionsCustomizer) {
-		frameOptionsCustomizer.customize(this.frameOptions.enable());
-		return HeadersConfigurer.this;
-	}
-
 	public final class FrameOptionsConfig {
 
 		private XFrameOptionsHeaderWriter writer;
@@ -571,29 +818,6 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 
 	}
 
-	/**
-	 * Allows customizing the {@link HpkpHeaderWriter} which provides support for
-	 * <a href="https://tools.ietf.org/html/rfc7469">HTTP Public Key Pinning (HPKP)</a>.
-	 * @return the {@link HpkpConfig} for additional customizations
-	 *
-	 * @since 4.1
-	 */
-	public HpkpConfig httpPublicKeyPinning() {
-		return this.hpkp.enable();
-	}
-
-	/**
-	 * Allows customizing the {@link HpkpHeaderWriter} which provides support for
-	 * <a href="https://tools.ietf.org/html/rfc7469">HTTP Public Key Pinning (HPKP)</a>.
-	 * @param hpkpCustomizer the {@link Customizer} to provide more options for the
-	 * {@link HpkpConfig}
-	 * @return the {@link HeadersConfigurer} for additional customizations
-	 */
-	public HeadersConfigurer<H> httpPublicKeyPinning(Customizer<HpkpConfig> hpkpCustomizer) {
-		hpkpCustomizer.customize(this.hpkp.enable());
-		return HeadersConfigurer.this;
-	}
-
 	public final class HpkpConfig {
 
 		private HpkpHeaderWriter writer;
@@ -761,69 +985,6 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 
 	}
 
-	/**
-	 * <p>
-	 * Allows configuration for <a href="https://www.w3.org/TR/CSP2/">Content Security
-	 * Policy (CSP) Level 2</a>.
-	 * </p>
-	 *
-	 * <p>
-	 * Calling this method automatically enables (includes) the Content-Security-Policy
-	 * header in the response using the supplied security policy directive(s).
-	 * </p>
-	 *
-	 * <p>
-	 * Configuration is provided to the {@link ContentSecurityPolicyHeaderWriter} which
-	 * supports the writing of the two headers as detailed in the W3C Candidate
-	 * Recommendation:
-	 * </p>
-	 * <ul>
-	 * <li>Content-Security-Policy</li>
-	 * <li>Content-Security-Policy-Report-Only</li>
-	 * </ul>
-	 * @return the {@link ContentSecurityPolicyConfig} for additional configuration
-	 * @throws IllegalArgumentException if policyDirectives is null or empty
-	 * @since 4.1
-	 * @see ContentSecurityPolicyHeaderWriter
-	 */
-	public ContentSecurityPolicyConfig contentSecurityPolicy(String policyDirectives) {
-		this.contentSecurityPolicy.writer = new ContentSecurityPolicyHeaderWriter(policyDirectives);
-		return this.contentSecurityPolicy;
-	}
-
-	/**
-	 * <p>
-	 * Allows configuration for <a href="https://www.w3.org/TR/CSP2/">Content Security
-	 * Policy (CSP) Level 2</a>.
-	 * </p>
-	 *
-	 * <p>
-	 * Calling this method automatically enables (includes) the Content-Security-Policy
-	 * header in the response using the supplied security policy directive(s).
-	 * </p>
-	 *
-	 * <p>
-	 * Configuration is provided to the {@link ContentSecurityPolicyHeaderWriter} which
-	 * supports the writing of the two headers as detailed in the W3C Candidate
-	 * Recommendation:
-	 * </p>
-	 * <ul>
-	 * <li>Content-Security-Policy</li>
-	 * <li>Content-Security-Policy-Report-Only</li>
-	 * </ul>
-	 * @param contentSecurityCustomizer the {@link Customizer} to provide more options for
-	 * the {@link ContentSecurityPolicyConfig}
-	 * @return the {@link HeadersConfigurer} for additional customizations
-	 * @see ContentSecurityPolicyHeaderWriter
-	 */
-	public HeadersConfigurer<H> contentSecurityPolicy(
-			Customizer<ContentSecurityPolicyConfig> contentSecurityCustomizer) {
-		this.contentSecurityPolicy.writer = new ContentSecurityPolicyHeaderWriter();
-		contentSecurityCustomizer.customize(this.contentSecurityPolicy);
-
-		return HeadersConfigurer.this;
-	}
-
 	public final class ContentSecurityPolicyConfig {
 
 		private ContentSecurityPolicyHeaderWriter writer;
@@ -863,148 +1024,6 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 
 	}
 
-	/**
-	 * Clears all of the default headers from the response. After doing so, one can add
-	 * headers back. For example, if you only want to use Spring Security's cache control
-	 * you can use the following:
-	 *
-	 * <pre>
-	 * http.headers().defaultsDisabled().cacheControl();
-	 * </pre>
-	 * @return the {@link HeadersConfigurer} for additional customization
-	 */
-	public HeadersConfigurer<H> defaultsDisabled() {
-		this.contentTypeOptions.disable();
-		this.xssProtection.disable();
-		this.cacheControl.disable();
-		this.hsts.disable();
-		this.frameOptions.disable();
-		return this;
-	}
-
-	@Override
-	public void configure(H http) {
-		HeaderWriterFilter headersFilter = createHeaderWriterFilter();
-		http.addFilter(headersFilter);
-	}
-
-	/**
-	 * Creates the {@link HeaderWriter}
-	 * @return the {@link HeaderWriter}
-	 */
-	private HeaderWriterFilter createHeaderWriterFilter() {
-		List<HeaderWriter> writers = getHeaderWriters();
-		if (writers.isEmpty()) {
-			throw new IllegalStateException(
-					"Headers security is enabled, but no headers will be added. Either add headers or disable headers security");
-		}
-		HeaderWriterFilter headersFilter = new HeaderWriterFilter(writers);
-		headersFilter = postProcess(headersFilter);
-		return headersFilter;
-	}
-
-	/**
-	 * Gets the {@link HeaderWriter} instances and possibly initializes with the defaults.
-	 * @return
-	 */
-	private List<HeaderWriter> getHeaderWriters() {
-		List<HeaderWriter> writers = new ArrayList<>();
-		addIfNotNull(writers, this.contentTypeOptions.writer);
-		addIfNotNull(writers, this.xssProtection.writer);
-		addIfNotNull(writers, this.cacheControl.writer);
-		addIfNotNull(writers, this.hsts.writer);
-		addIfNotNull(writers, this.frameOptions.writer);
-		addIfNotNull(writers, this.hpkp.writer);
-		addIfNotNull(writers, this.contentSecurityPolicy.writer);
-		addIfNotNull(writers, this.referrerPolicy.writer);
-		addIfNotNull(writers, this.featurePolicy.writer);
-		writers.addAll(this.headerWriters);
-		return writers;
-	}
-
-	private <T> void addIfNotNull(List<T> values, T value) {
-		if (value != null) {
-			values.add(value);
-		}
-	}
-
-	/**
-	 * <p>
-	 * Allows configuration for <a href="https://www.w3.org/TR/referrer-policy/">Referrer
-	 * Policy</a>.
-	 * </p>
-	 *
-	 * <p>
-	 * Configuration is provided to the {@link ReferrerPolicyHeaderWriter} which support
-	 * the writing of the header as detailed in the W3C Technical Report:
-	 * </p>
-	 * <ul>
-	 * <li>Referrer-Policy</li>
-	 * </ul>
-	 *
-	 * <p>
-	 * Default value is:
-	 * </p>
-	 *
-	 * <pre>
-	 * Referrer-Policy: no-referrer
-	 * </pre>
-	 * @return the {@link ReferrerPolicyConfig} for additional configuration
-	 * @since 4.2
-	 * @see ReferrerPolicyHeaderWriter
-	 */
-	public ReferrerPolicyConfig referrerPolicy() {
-		this.referrerPolicy.writer = new ReferrerPolicyHeaderWriter();
-		return this.referrerPolicy;
-	}
-
-	/**
-	 * <p>
-	 * Allows configuration for <a href="https://www.w3.org/TR/referrer-policy/">Referrer
-	 * Policy</a>.
-	 * </p>
-	 *
-	 * <p>
-	 * Configuration is provided to the {@link ReferrerPolicyHeaderWriter} which support
-	 * the writing of the header as detailed in the W3C Technical Report:
-	 * </p>
-	 * <ul>
-	 * <li>Referrer-Policy</li>
-	 * </ul>
-	 * @return the {@link ReferrerPolicyConfig} for additional configuration
-	 * @throws IllegalArgumentException if policy is null or empty
-	 * @since 4.2
-	 * @see ReferrerPolicyHeaderWriter
-	 */
-	public ReferrerPolicyConfig referrerPolicy(ReferrerPolicy policy) {
-		this.referrerPolicy.writer = new ReferrerPolicyHeaderWriter(policy);
-		return this.referrerPolicy;
-	}
-
-	/**
-	 * <p>
-	 * Allows configuration for <a href="https://www.w3.org/TR/referrer-policy/">Referrer
-	 * Policy</a>.
-	 * </p>
-	 *
-	 * <p>
-	 * Configuration is provided to the {@link ReferrerPolicyHeaderWriter} which support
-	 * the writing of the header as detailed in the W3C Technical Report:
-	 * </p>
-	 * <ul>
-	 * <li>Referrer-Policy</li>
-	 * </ul>
-	 * @param referrerPolicyCustomizer the {@link Customizer} to provide more options for
-	 * the {@link ReferrerPolicyConfig}
-	 * @return the {@link HeadersConfigurer} for additional customizations
-	 * @see ReferrerPolicyHeaderWriter
-	 */
-	public HeadersConfigurer<H> referrerPolicy(Customizer<ReferrerPolicyConfig> referrerPolicyCustomizer) {
-		this.referrerPolicy.writer = new ReferrerPolicyHeaderWriter();
-		referrerPolicyCustomizer.customize(this.referrerPolicy);
-		return HeadersConfigurer.this;
-	}
-
 	public final class ReferrerPolicyConfig {
 
 		private ReferrerPolicyHeaderWriter writer;
@@ -1029,25 +1048,6 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 
 	}
 
-	/**
-	 * Allows configuration for <a href="https://wicg.github.io/feature-policy/">Feature
-	 * Policy</a>.
-	 * <p>
-	 * Calling this method automatically enables (includes) the {@code Feature-Policy}
-	 * header in the response using the supplied policy directive(s).
-	 * <p>
-	 * Configuration is provided to the {@link FeaturePolicyHeaderWriter} which is
-	 * responsible for writing the header.
-	 * @return the {@link FeaturePolicyConfig} for additional configuration
-	 * @throws IllegalArgumentException if policyDirectives is {@code null} or empty
-	 * @since 5.1
-	 * @see FeaturePolicyHeaderWriter
-	 */
-	public FeaturePolicyConfig featurePolicy(String policyDirectives) {
-		this.featurePolicy.writer = new FeaturePolicyHeaderWriter(policyDirectives);
-		return this.featurePolicy;
-	}
-
 	public final class FeaturePolicyConfig {
 
 		private FeaturePolicyHeaderWriter writer;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurer.java
index 4cd029d56a..c38d6fbc96 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurer.java
@@ -311,144 +311,6 @@ public final class SessionManagementConfigurer<H extends HttpSecurityBuilder<H>>
 		this.sessionFixationAuthenticationStrategy = postProcess(sessionFixationAuthenticationStrategy);
 	}
 
-	/**
-	 * Allows configuring SessionFixation protection
-	 *
-	 * @author Rob Winch
-	 */
-	public final class SessionFixationConfigurer {
-
-		/**
-		 * Specifies that a new session should be created, but the session attributes from
-		 * the original {@link HttpSession} should not be retained.
-		 * @return the {@link SessionManagementConfigurer} for further customizations
-		 */
-		public SessionManagementConfigurer<H> newSession() {
-			SessionFixationProtectionStrategy sessionFixationProtectionStrategy = new SessionFixationProtectionStrategy();
-			sessionFixationProtectionStrategy.setMigrateSessionAttributes(false);
-			setSessionFixationAuthenticationStrategy(sessionFixationProtectionStrategy);
-			return SessionManagementConfigurer.this;
-		}
-
-		/**
-		 * Specifies that a new session should be created and the session attributes from
-		 * the original {@link HttpSession} should be retained.
-		 * @return the {@link SessionManagementConfigurer} for further customizations
-		 */
-		public SessionManagementConfigurer<H> migrateSession() {
-			setSessionFixationAuthenticationStrategy(new SessionFixationProtectionStrategy());
-			return SessionManagementConfigurer.this;
-		}
-
-		/**
-		 * Specifies that the Servlet container-provided session fixation protection
-		 * should be used. When a session authenticates, the Servlet method
-		 * {@code HttpServletRequest#changeSessionId()} is called to change the session ID
-		 * and retain all session attributes.
-		 * @return the {@link SessionManagementConfigurer} for further customizations
-		 */
-		public SessionManagementConfigurer<H> changeSessionId() {
-			setSessionFixationAuthenticationStrategy(new ChangeSessionIdAuthenticationStrategy());
-			return SessionManagementConfigurer.this;
-		}
-
-		/**
-		 * Specifies that no session fixation protection should be enabled. This may be
-		 * useful when utilizing other mechanisms for protecting against session fixation.
-		 * For example, if application container session fixation protection is already in
-		 * use. Otherwise, this option is not recommended.
-		 * @return the {@link SessionManagementConfigurer} for further customizations
-		 */
-		public SessionManagementConfigurer<H> none() {
-			setSessionFixationAuthenticationStrategy(new NullAuthenticatedSessionStrategy());
-			return SessionManagementConfigurer.this;
-		}
-
-	}
-
-	/**
-	 * Allows configuring controlling of multiple sessions.
-	 *
-	 * @author Rob Winch
-	 */
-	public final class ConcurrencyControlConfigurer {
-
-		/**
-		 * Controls the maximum number of sessions for a user. The default is to allow any
-		 * number of users.
-		 * @param maximumSessions the maximum number of sessions for a user
-		 * @return the {@link ConcurrencyControlConfigurer} for further customizations
-		 */
-		public ConcurrencyControlConfigurer maximumSessions(int maximumSessions) {
-			SessionManagementConfigurer.this.maximumSessions = maximumSessions;
-			return this;
-		}
-
-		/**
-		 * The URL to redirect to if a user tries to access a resource and their session
-		 * has been expired due to too many sessions for the current user. The default is
-		 * to write a simple error message to the response.
-		 * @param expiredUrl the URL to redirect to
-		 * @return the {@link ConcurrencyControlConfigurer} for further customizations
-		 */
-		public ConcurrencyControlConfigurer expiredUrl(String expiredUrl) {
-			SessionManagementConfigurer.this.expiredUrl = expiredUrl;
-			return this;
-		}
-
-		/**
-		 * Determines the behaviour when an expired session is detected.
-		 * @param expiredSessionStrategy the {@link SessionInformationExpiredStrategy} to
-		 * use when an expired session is detected.
-		 * @return the {@link ConcurrencyControlConfigurer} for further customizations
-		 */
-		public ConcurrencyControlConfigurer expiredSessionStrategy(
-				SessionInformationExpiredStrategy expiredSessionStrategy) {
-			SessionManagementConfigurer.this.expiredSessionStrategy = expiredSessionStrategy;
-			return this;
-		}
-
-		/**
-		 * If true, prevents a user from authenticating when the
-		 * {@link #maximumSessions(int)} has been reached. Otherwise (default), the user
-		 * who authenticates is allowed access and an existing user's session is expired.
-		 * The user's who's session is forcibly expired is sent to
-		 * {@link #expiredUrl(String)}. The advantage of this approach is if a user
-		 * accidentally does not log out, there is no need for an administrator to
-		 * intervene or wait till their session expires.
-		 * @param maxSessionsPreventsLogin true to have an error at time of
-		 * authentication, else false (default)
-		 * @return the {@link ConcurrencyControlConfigurer} for further customizations
-		 */
-		public ConcurrencyControlConfigurer maxSessionsPreventsLogin(boolean maxSessionsPreventsLogin) {
-			SessionManagementConfigurer.this.maxSessionsPreventsLogin = maxSessionsPreventsLogin;
-			return this;
-		}
-
-		/**
-		 * Controls the {@link SessionRegistry} implementation used. The default is
-		 * {@link SessionRegistryImpl} which is an in memory implementation.
-		 * @param sessionRegistry the {@link SessionRegistry} to use
-		 * @return the {@link ConcurrencyControlConfigurer} for further customizations
-		 */
-		public ConcurrencyControlConfigurer sessionRegistry(SessionRegistry sessionRegistry) {
-			SessionManagementConfigurer.this.sessionRegistry = sessionRegistry;
-			return this;
-		}
-
-		/**
-		 * Used to chain back to the {@link SessionManagementConfigurer}
-		 * @return the {@link SessionManagementConfigurer} for further customizations
-		 */
-		public SessionManagementConfigurer<H> and() {
-			return SessionManagementConfigurer.this;
-		}
-
-		private ConcurrencyControlConfigurer() {
-		}
-
-	}
-
 	@Override
 	public void init(H http) {
 		SecurityContextRepository securityContextRepository = http.getSharedObject(SecurityContextRepository.class);
@@ -703,4 +565,142 @@ public final class SessionManagementConfigurer<H extends HttpSecurityBuilder<H>>
 		}
 	}
 
+	/**
+	 * Allows configuring SessionFixation protection
+	 *
+	 * @author Rob Winch
+	 */
+	public final class SessionFixationConfigurer {
+
+		/**
+		 * Specifies that a new session should be created, but the session attributes from
+		 * the original {@link HttpSession} should not be retained.
+		 * @return the {@link SessionManagementConfigurer} for further customizations
+		 */
+		public SessionManagementConfigurer<H> newSession() {
+			SessionFixationProtectionStrategy sessionFixationProtectionStrategy = new SessionFixationProtectionStrategy();
+			sessionFixationProtectionStrategy.setMigrateSessionAttributes(false);
+			setSessionFixationAuthenticationStrategy(sessionFixationProtectionStrategy);
+			return SessionManagementConfigurer.this;
+		}
+
+		/**
+		 * Specifies that a new session should be created and the session attributes from
+		 * the original {@link HttpSession} should be retained.
+		 * @return the {@link SessionManagementConfigurer} for further customizations
+		 */
+		public SessionManagementConfigurer<H> migrateSession() {
+			setSessionFixationAuthenticationStrategy(new SessionFixationProtectionStrategy());
+			return SessionManagementConfigurer.this;
+		}
+
+		/**
+		 * Specifies that the Servlet container-provided session fixation protection
+		 * should be used. When a session authenticates, the Servlet method
+		 * {@code HttpServletRequest#changeSessionId()} is called to change the session ID
+		 * and retain all session attributes.
+		 * @return the {@link SessionManagementConfigurer} for further customizations
+		 */
+		public SessionManagementConfigurer<H> changeSessionId() {
+			setSessionFixationAuthenticationStrategy(new ChangeSessionIdAuthenticationStrategy());
+			return SessionManagementConfigurer.this;
+		}
+
+		/**
+		 * Specifies that no session fixation protection should be enabled. This may be
+		 * useful when utilizing other mechanisms for protecting against session fixation.
+		 * For example, if application container session fixation protection is already in
+		 * use. Otherwise, this option is not recommended.
+		 * @return the {@link SessionManagementConfigurer} for further customizations
+		 */
+		public SessionManagementConfigurer<H> none() {
+			setSessionFixationAuthenticationStrategy(new NullAuthenticatedSessionStrategy());
+			return SessionManagementConfigurer.this;
+		}
+
+	}
+
+	/**
+	 * Allows configuring controlling of multiple sessions.
+	 *
+	 * @author Rob Winch
+	 */
+	public final class ConcurrencyControlConfigurer {
+
+		/**
+		 * Controls the maximum number of sessions for a user. The default is to allow any
+		 * number of users.
+		 * @param maximumSessions the maximum number of sessions for a user
+		 * @return the {@link ConcurrencyControlConfigurer} for further customizations
+		 */
+		public ConcurrencyControlConfigurer maximumSessions(int maximumSessions) {
+			SessionManagementConfigurer.this.maximumSessions = maximumSessions;
+			return this;
+		}
+
+		/**
+		 * The URL to redirect to if a user tries to access a resource and their session
+		 * has been expired due to too many sessions for the current user. The default is
+		 * to write a simple error message to the response.
+		 * @param expiredUrl the URL to redirect to
+		 * @return the {@link ConcurrencyControlConfigurer} for further customizations
+		 */
+		public ConcurrencyControlConfigurer expiredUrl(String expiredUrl) {
+			SessionManagementConfigurer.this.expiredUrl = expiredUrl;
+			return this;
+		}
+
+		/**
+		 * Determines the behaviour when an expired session is detected.
+		 * @param expiredSessionStrategy the {@link SessionInformationExpiredStrategy} to
+		 * use when an expired session is detected.
+		 * @return the {@link ConcurrencyControlConfigurer} for further customizations
+		 */
+		public ConcurrencyControlConfigurer expiredSessionStrategy(
+				SessionInformationExpiredStrategy expiredSessionStrategy) {
+			SessionManagementConfigurer.this.expiredSessionStrategy = expiredSessionStrategy;
+			return this;
+		}
+
+		/**
+		 * If true, prevents a user from authenticating when the
+		 * {@link #maximumSessions(int)} has been reached. Otherwise (default), the user
+		 * who authenticates is allowed access and an existing user's session is expired.
+		 * The user's who's session is forcibly expired is sent to
+		 * {@link #expiredUrl(String)}. The advantage of this approach is if a user
+		 * accidentally does not log out, there is no need for an administrator to
+		 * intervene or wait till their session expires.
+		 * @param maxSessionsPreventsLogin true to have an error at time of
+		 * authentication, else false (default)
+		 * @return the {@link ConcurrencyControlConfigurer} for further customizations
+		 */
+		public ConcurrencyControlConfigurer maxSessionsPreventsLogin(boolean maxSessionsPreventsLogin) {
+			SessionManagementConfigurer.this.maxSessionsPreventsLogin = maxSessionsPreventsLogin;
+			return this;
+		}
+
+		/**
+		 * Controls the {@link SessionRegistry} implementation used. The default is
+		 * {@link SessionRegistryImpl} which is an in memory implementation.
+		 * @param sessionRegistry the {@link SessionRegistry} to use
+		 * @return the {@link ConcurrencyControlConfigurer} for further customizations
+		 */
+		public ConcurrencyControlConfigurer sessionRegistry(SessionRegistry sessionRegistry) {
+			SessionManagementConfigurer.this.sessionRegistry = sessionRegistry;
+			return this;
+		}
+
+		/**
+		 * Used to chain back to the {@link SessionManagementConfigurer}
+		 * @return the {@link SessionManagementConfigurer} for further customizations
+		 */
+		public SessionManagementConfigurer<H> and() {
+			return SessionManagementConfigurer.this;
+		}
+
+		private ConcurrencyControlConfigurer() {
+		}
+
+	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationConfigurer.java
index b9a47da77e..149a7e79ac 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationConfigurer.java
@@ -114,48 +114,6 @@ public final class UrlAuthorizationConfigurer<H extends HttpSecurityBuilder<H>>
 		return this;
 	}
 
-	public final class StandardInterceptUrlRegistry extends
-			ExpressionUrlAuthorizationConfigurer<H>.AbstractInterceptUrlRegistry<StandardInterceptUrlRegistry, AuthorizedUrl> {
-
-		/**
-		 * @param context
-		 */
-		private StandardInterceptUrlRegistry(ApplicationContext context) {
-			setApplicationContext(context);
-		}
-
-		@Override
-		public MvcMatchersAuthorizedUrl mvcMatchers(HttpMethod method, String... mvcPatterns) {
-			return new MvcMatchersAuthorizedUrl(createMvcMatchers(method, mvcPatterns));
-		}
-
-		@Override
-		public MvcMatchersAuthorizedUrl mvcMatchers(String... patterns) {
-			return mvcMatchers(null, patterns);
-		}
-
-		@Override
-		protected AuthorizedUrl chainRequestMatchersInternal(List<RequestMatcher> requestMatchers) {
-			return new AuthorizedUrl(requestMatchers);
-		}
-
-		/**
-		 * Adds an {@link ObjectPostProcessor} for this class.
-		 * @param objectPostProcessor
-		 * @return the {@link ExpressionUrlAuthorizationConfigurer} for further
-		 * customizations
-		 */
-		public StandardInterceptUrlRegistry withObjectPostProcessor(ObjectPostProcessor<?> objectPostProcessor) {
-			addObjectPostProcessor(objectPostProcessor);
-			return this;
-		}
-
-		public H and() {
-			return UrlAuthorizationConfigurer.this.and();
-		}
-
-	}
-
 	/**
 	 * Creates the default {@link AccessDecisionVoter} instances used if an
 	 * {@link AccessDecisionManager} was not specified.
@@ -234,6 +192,48 @@ public final class UrlAuthorizationConfigurer<H extends HttpSecurityBuilder<H>>
 		return authorities;
 	}
 
+	public final class StandardInterceptUrlRegistry extends
+			ExpressionUrlAuthorizationConfigurer<H>.AbstractInterceptUrlRegistry<StandardInterceptUrlRegistry, AuthorizedUrl> {
+
+		/**
+		 * @param context
+		 */
+		private StandardInterceptUrlRegistry(ApplicationContext context) {
+			setApplicationContext(context);
+		}
+
+		@Override
+		public MvcMatchersAuthorizedUrl mvcMatchers(HttpMethod method, String... mvcPatterns) {
+			return new MvcMatchersAuthorizedUrl(createMvcMatchers(method, mvcPatterns));
+		}
+
+		@Override
+		public MvcMatchersAuthorizedUrl mvcMatchers(String... patterns) {
+			return mvcMatchers(null, patterns);
+		}
+
+		@Override
+		protected AuthorizedUrl chainRequestMatchersInternal(List<RequestMatcher> requestMatchers) {
+			return new AuthorizedUrl(requestMatchers);
+		}
+
+		/**
+		 * Adds an {@link ObjectPostProcessor} for this class.
+		 * @param objectPostProcessor
+		 * @return the {@link ExpressionUrlAuthorizationConfigurer} for further
+		 * customizations
+		 */
+		public StandardInterceptUrlRegistry withObjectPostProcessor(ObjectPostProcessor<?> objectPostProcessor) {
+			addObjectPostProcessor(objectPostProcessor);
+			return this;
+		}
+
+		public H and() {
+			return UrlAuthorizationConfigurer.this.and();
+		}
+
+	}
+
 	/**
 	 * An {@link AuthorizedUrl} that allows optionally configuring the
 	 * {@link MvcRequestMatcher#setMethod(HttpMethod)}
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurer.java
index 64e9205359..96fe913fc6 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurer.java
@@ -151,6 +151,16 @@ public final class OAuth2ClientConfigurer<B extends HttpSecurityBuilder<B>>
 		return this;
 	}
 
+	@Override
+	public void init(B builder) {
+		this.authorizationCodeGrantConfigurer.init(builder);
+	}
+
+	@Override
+	public void configure(B builder) {
+		this.authorizationCodeGrantConfigurer.configure(builder);
+	}
+
 	/**
 	 * Configuration options for the OAuth 2.0 Authorization Code Grant.
 	 */
@@ -281,14 +291,4 @@ public final class OAuth2ClientConfigurer<B extends HttpSecurityBuilder<B>>
 
 	}
 
-	@Override
-	public void init(B builder) {
-		this.authorizationCodeGrantConfigurer.init(builder);
-	}
-
-	@Override
-	public void configure(B builder) {
-		this.authorizationCodeGrantConfigurer.configure(builder);
-	}
-
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java
index 01c8d1625d..9944dedfa3 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java
@@ -221,69 +221,6 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>
 		return this;
 	}
 
-	/**
-	 * Configuration options for the Authorization Server's Authorization Endpoint.
-	 */
-	public final class AuthorizationEndpointConfig {
-
-		private String authorizationRequestBaseUri;
-
-		private OAuth2AuthorizationRequestResolver authorizationRequestResolver;
-
-		private AuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository;
-
-		private AuthorizationEndpointConfig() {
-		}
-
-		/**
-		 * Sets the base {@code URI} used for authorization requests.
-		 * @param authorizationRequestBaseUri the base {@code URI} used for authorization
-		 * requests
-		 * @return the {@link AuthorizationEndpointConfig} for further configuration
-		 */
-		public AuthorizationEndpointConfig baseUri(String authorizationRequestBaseUri) {
-			Assert.hasText(authorizationRequestBaseUri, "authorizationRequestBaseUri cannot be empty");
-			this.authorizationRequestBaseUri = authorizationRequestBaseUri;
-			return this;
-		}
-
-		/**
-		 * Sets the resolver used for resolving {@link OAuth2AuthorizationRequest}'s.
-		 * @param authorizationRequestResolver the resolver used for resolving
-		 * {@link OAuth2AuthorizationRequest}'s
-		 * @return the {@link AuthorizationEndpointConfig} for further configuration
-		 * @since 5.1
-		 */
-		public AuthorizationEndpointConfig authorizationRequestResolver(
-				OAuth2AuthorizationRequestResolver authorizationRequestResolver) {
-			Assert.notNull(authorizationRequestResolver, "authorizationRequestResolver cannot be null");
-			this.authorizationRequestResolver = authorizationRequestResolver;
-			return this;
-		}
-
-		/**
-		 * Sets the repository used for storing {@link OAuth2AuthorizationRequest}'s.
-		 * @param authorizationRequestRepository the repository used for storing
-		 * {@link OAuth2AuthorizationRequest}'s
-		 * @return the {@link AuthorizationEndpointConfig} for further configuration
-		 */
-		public AuthorizationEndpointConfig authorizationRequestRepository(
-				AuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository) {
-			Assert.notNull(authorizationRequestRepository, "authorizationRequestRepository cannot be null");
-			this.authorizationRequestRepository = authorizationRequestRepository;
-			return this;
-		}
-
-		/**
-		 * Returns the {@link OAuth2LoginConfigurer} for further configuration.
-		 * @return the {@link OAuth2LoginConfigurer}
-		 */
-		public OAuth2LoginConfigurer<B> and() {
-			return OAuth2LoginConfigurer.this;
-		}
-
-	}
-
 	/**
 	 * Returns the {@link TokenEndpointConfig} for configuring the Authorization Server's
 	 * Token Endpoint.
@@ -305,41 +242,6 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>
 		return this;
 	}
 
-	/**
-	 * Configuration options for the Authorization Server's Token Endpoint.
-	 */
-	public final class TokenEndpointConfig {
-
-		private OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient;
-
-		private TokenEndpointConfig() {
-		}
-
-		/**
-		 * Sets the client used for requesting the access token credential from the Token
-		 * Endpoint.
-		 * @param accessTokenResponseClient the client used for requesting the access
-		 * token credential from the Token Endpoint
-		 * @return the {@link TokenEndpointConfig} for further configuration
-		 */
-		public TokenEndpointConfig accessTokenResponseClient(
-				OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient) {
-
-			Assert.notNull(accessTokenResponseClient, "accessTokenResponseClient cannot be null");
-			this.accessTokenResponseClient = accessTokenResponseClient;
-			return this;
-		}
-
-		/**
-		 * Returns the {@link OAuth2LoginConfigurer} for further configuration.
-		 * @return the {@link OAuth2LoginConfigurer}
-		 */
-		public OAuth2LoginConfigurer<B> and() {
-			return OAuth2LoginConfigurer.this;
-		}
-
-	}
-
 	/**
 	 * Returns the {@link RedirectionEndpointConfig} for configuring the Client's
 	 * Redirection Endpoint.
@@ -361,38 +263,6 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>
 		return this;
 	}
 
-	/**
-	 * Configuration options for the Client's Redirection Endpoint.
-	 */
-	public final class RedirectionEndpointConfig {
-
-		private String authorizationResponseBaseUri;
-
-		private RedirectionEndpointConfig() {
-		}
-
-		/**
-		 * Sets the {@code URI} where the authorization response will be processed.
-		 * @param authorizationResponseBaseUri the {@code URI} where the authorization
-		 * response will be processed
-		 * @return the {@link RedirectionEndpointConfig} for further configuration
-		 */
-		public RedirectionEndpointConfig baseUri(String authorizationResponseBaseUri) {
-			Assert.hasText(authorizationResponseBaseUri, "authorizationResponseBaseUri cannot be empty");
-			this.authorizationResponseBaseUri = authorizationResponseBaseUri;
-			return this;
-		}
-
-		/**
-		 * Returns the {@link OAuth2LoginConfigurer} for further configuration.
-		 * @return the {@link OAuth2LoginConfigurer}
-		 */
-		public OAuth2LoginConfigurer<B> and() {
-			return OAuth2LoginConfigurer.this;
-		}
-
-	}
-
 	/**
 	 * Returns the {@link UserInfoEndpointConfig} for configuring the Authorization
 	 * Server's UserInfo Endpoint.
@@ -413,87 +283,6 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>
 		return this;
 	}
 
-	/**
-	 * Configuration options for the Authorization Server's UserInfo Endpoint.
-	 */
-	public final class UserInfoEndpointConfig {
-
-		private OAuth2UserService<OAuth2UserRequest, OAuth2User> userService;
-
-		private OAuth2UserService<OidcUserRequest, OidcUser> oidcUserService;
-
-		private Map<String, Class<? extends OAuth2User>> customUserTypes = new HashMap<>();
-
-		private UserInfoEndpointConfig() {
-		}
-
-		/**
-		 * Sets the OAuth 2.0 service used for obtaining the user attributes of the
-		 * End-User from the UserInfo Endpoint.
-		 * @param userService the OAuth 2.0 service used for obtaining the user attributes
-		 * of the End-User from the UserInfo Endpoint
-		 * @return the {@link UserInfoEndpointConfig} for further configuration
-		 */
-		public UserInfoEndpointConfig userService(OAuth2UserService<OAuth2UserRequest, OAuth2User> userService) {
-			Assert.notNull(userService, "userService cannot be null");
-			this.userService = userService;
-			return this;
-		}
-
-		/**
-		 * Sets the OpenID Connect 1.0 service used for obtaining the user attributes of
-		 * the End-User from the UserInfo Endpoint.
-		 * @param oidcUserService the OpenID Connect 1.0 service used for obtaining the
-		 * user attributes of the End-User from the UserInfo Endpoint
-		 * @return the {@link UserInfoEndpointConfig} for further configuration
-		 */
-		public UserInfoEndpointConfig oidcUserService(OAuth2UserService<OidcUserRequest, OidcUser> oidcUserService) {
-			Assert.notNull(oidcUserService, "oidcUserService cannot be null");
-			this.oidcUserService = oidcUserService;
-			return this;
-		}
-
-		/**
-		 * Sets a custom {@link OAuth2User} type and associates it to the provided client
-		 * {@link ClientRegistration#getRegistrationId() registration identifier}.
-		 * @deprecated See {@link CustomUserTypesOAuth2UserService} for alternative usage.
-		 * @param customUserType a custom {@link OAuth2User} type
-		 * @param clientRegistrationId the client registration identifier
-		 * @return the {@link UserInfoEndpointConfig} for further configuration
-		 */
-		@Deprecated
-		public UserInfoEndpointConfig customUserType(Class<? extends OAuth2User> customUserType,
-				String clientRegistrationId) {
-			Assert.notNull(customUserType, "customUserType cannot be null");
-			Assert.hasText(clientRegistrationId, "clientRegistrationId cannot be empty");
-			this.customUserTypes.put(clientRegistrationId, customUserType);
-			return this;
-		}
-
-		/**
-		 * Sets the {@link GrantedAuthoritiesMapper} used for mapping
-		 * {@link OAuth2User#getAuthorities()}.
-		 * @param userAuthoritiesMapper the {@link GrantedAuthoritiesMapper} used for
-		 * mapping the user's authorities
-		 * @return the {@link UserInfoEndpointConfig} for further configuration
-		 */
-		public UserInfoEndpointConfig userAuthoritiesMapper(GrantedAuthoritiesMapper userAuthoritiesMapper) {
-			Assert.notNull(userAuthoritiesMapper, "userAuthoritiesMapper cannot be null");
-			OAuth2LoginConfigurer.this.getBuilder().setSharedObject(GrantedAuthoritiesMapper.class,
-					userAuthoritiesMapper);
-			return this;
-		}
-
-		/**
-		 * Returns the {@link OAuth2LoginConfigurer} for further configuration.
-		 * @return the {@link OAuth2LoginConfigurer}
-		 */
-		public OAuth2LoginConfigurer<B> and() {
-			return OAuth2LoginConfigurer.this;
-		}
-
-	}
-
 	@Override
 	public void init(B http) throws Exception {
 		OAuth2LoginAuthenticationFilter authenticationFilter = new OAuth2LoginAuthenticationFilter(
@@ -740,6 +529,217 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>
 		return loginEntryPoint;
 	}
 
+	/**
+	 * Configuration options for the Authorization Server's Authorization Endpoint.
+	 */
+	public final class AuthorizationEndpointConfig {
+
+		private String authorizationRequestBaseUri;
+
+		private OAuth2AuthorizationRequestResolver authorizationRequestResolver;
+
+		private AuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository;
+
+		private AuthorizationEndpointConfig() {
+		}
+
+		/**
+		 * Sets the base {@code URI} used for authorization requests.
+		 * @param authorizationRequestBaseUri the base {@code URI} used for authorization
+		 * requests
+		 * @return the {@link AuthorizationEndpointConfig} for further configuration
+		 */
+		public AuthorizationEndpointConfig baseUri(String authorizationRequestBaseUri) {
+			Assert.hasText(authorizationRequestBaseUri, "authorizationRequestBaseUri cannot be empty");
+			this.authorizationRequestBaseUri = authorizationRequestBaseUri;
+			return this;
+		}
+
+		/**
+		 * Sets the resolver used for resolving {@link OAuth2AuthorizationRequest}'s.
+		 * @param authorizationRequestResolver the resolver used for resolving
+		 * {@link OAuth2AuthorizationRequest}'s
+		 * @return the {@link AuthorizationEndpointConfig} for further configuration
+		 * @since 5.1
+		 */
+		public AuthorizationEndpointConfig authorizationRequestResolver(
+				OAuth2AuthorizationRequestResolver authorizationRequestResolver) {
+			Assert.notNull(authorizationRequestResolver, "authorizationRequestResolver cannot be null");
+			this.authorizationRequestResolver = authorizationRequestResolver;
+			return this;
+		}
+
+		/**
+		 * Sets the repository used for storing {@link OAuth2AuthorizationRequest}'s.
+		 * @param authorizationRequestRepository the repository used for storing
+		 * {@link OAuth2AuthorizationRequest}'s
+		 * @return the {@link AuthorizationEndpointConfig} for further configuration
+		 */
+		public AuthorizationEndpointConfig authorizationRequestRepository(
+				AuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository) {
+			Assert.notNull(authorizationRequestRepository, "authorizationRequestRepository cannot be null");
+			this.authorizationRequestRepository = authorizationRequestRepository;
+			return this;
+		}
+
+		/**
+		 * Returns the {@link OAuth2LoginConfigurer} for further configuration.
+		 * @return the {@link OAuth2LoginConfigurer}
+		 */
+		public OAuth2LoginConfigurer<B> and() {
+			return OAuth2LoginConfigurer.this;
+		}
+
+	}
+
+	/**
+	 * Configuration options for the Authorization Server's Token Endpoint.
+	 */
+	public final class TokenEndpointConfig {
+
+		private OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient;
+
+		private TokenEndpointConfig() {
+		}
+
+		/**
+		 * Sets the client used for requesting the access token credential from the Token
+		 * Endpoint.
+		 * @param accessTokenResponseClient the client used for requesting the access
+		 * token credential from the Token Endpoint
+		 * @return the {@link TokenEndpointConfig} for further configuration
+		 */
+		public TokenEndpointConfig accessTokenResponseClient(
+				OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient) {
+
+			Assert.notNull(accessTokenResponseClient, "accessTokenResponseClient cannot be null");
+			this.accessTokenResponseClient = accessTokenResponseClient;
+			return this;
+		}
+
+		/**
+		 * Returns the {@link OAuth2LoginConfigurer} for further configuration.
+		 * @return the {@link OAuth2LoginConfigurer}
+		 */
+		public OAuth2LoginConfigurer<B> and() {
+			return OAuth2LoginConfigurer.this;
+		}
+
+	}
+
+	/**
+	 * Configuration options for the Client's Redirection Endpoint.
+	 */
+	public final class RedirectionEndpointConfig {
+
+		private String authorizationResponseBaseUri;
+
+		private RedirectionEndpointConfig() {
+		}
+
+		/**
+		 * Sets the {@code URI} where the authorization response will be processed.
+		 * @param authorizationResponseBaseUri the {@code URI} where the authorization
+		 * response will be processed
+		 * @return the {@link RedirectionEndpointConfig} for further configuration
+		 */
+		public RedirectionEndpointConfig baseUri(String authorizationResponseBaseUri) {
+			Assert.hasText(authorizationResponseBaseUri, "authorizationResponseBaseUri cannot be empty");
+			this.authorizationResponseBaseUri = authorizationResponseBaseUri;
+			return this;
+		}
+
+		/**
+		 * Returns the {@link OAuth2LoginConfigurer} for further configuration.
+		 * @return the {@link OAuth2LoginConfigurer}
+		 */
+		public OAuth2LoginConfigurer<B> and() {
+			return OAuth2LoginConfigurer.this;
+		}
+
+	}
+
+	/**
+	 * Configuration options for the Authorization Server's UserInfo Endpoint.
+	 */
+	public final class UserInfoEndpointConfig {
+
+		private OAuth2UserService<OAuth2UserRequest, OAuth2User> userService;
+
+		private OAuth2UserService<OidcUserRequest, OidcUser> oidcUserService;
+
+		private Map<String, Class<? extends OAuth2User>> customUserTypes = new HashMap<>();
+
+		private UserInfoEndpointConfig() {
+		}
+
+		/**
+		 * Sets the OAuth 2.0 service used for obtaining the user attributes of the
+		 * End-User from the UserInfo Endpoint.
+		 * @param userService the OAuth 2.0 service used for obtaining the user attributes
+		 * of the End-User from the UserInfo Endpoint
+		 * @return the {@link UserInfoEndpointConfig} for further configuration
+		 */
+		public UserInfoEndpointConfig userService(OAuth2UserService<OAuth2UserRequest, OAuth2User> userService) {
+			Assert.notNull(userService, "userService cannot be null");
+			this.userService = userService;
+			return this;
+		}
+
+		/**
+		 * Sets the OpenID Connect 1.0 service used for obtaining the user attributes of
+		 * the End-User from the UserInfo Endpoint.
+		 * @param oidcUserService the OpenID Connect 1.0 service used for obtaining the
+		 * user attributes of the End-User from the UserInfo Endpoint
+		 * @return the {@link UserInfoEndpointConfig} for further configuration
+		 */
+		public UserInfoEndpointConfig oidcUserService(OAuth2UserService<OidcUserRequest, OidcUser> oidcUserService) {
+			Assert.notNull(oidcUserService, "oidcUserService cannot be null");
+			this.oidcUserService = oidcUserService;
+			return this;
+		}
+
+		/**
+		 * Sets a custom {@link OAuth2User} type and associates it to the provided client
+		 * {@link ClientRegistration#getRegistrationId() registration identifier}.
+		 * @deprecated See {@link CustomUserTypesOAuth2UserService} for alternative usage.
+		 * @param customUserType a custom {@link OAuth2User} type
+		 * @param clientRegistrationId the client registration identifier
+		 * @return the {@link UserInfoEndpointConfig} for further configuration
+		 */
+		@Deprecated
+		public UserInfoEndpointConfig customUserType(Class<? extends OAuth2User> customUserType,
+				String clientRegistrationId) {
+			Assert.notNull(customUserType, "customUserType cannot be null");
+			Assert.hasText(clientRegistrationId, "clientRegistrationId cannot be empty");
+			this.customUserTypes.put(clientRegistrationId, customUserType);
+			return this;
+		}
+
+		/**
+		 * Sets the {@link GrantedAuthoritiesMapper} used for mapping
+		 * {@link OAuth2User#getAuthorities()}.
+		 * @param userAuthoritiesMapper the {@link GrantedAuthoritiesMapper} used for
+		 * mapping the user's authorities
+		 * @return the {@link UserInfoEndpointConfig} for further configuration
+		 */
+		public UserInfoEndpointConfig userAuthoritiesMapper(GrantedAuthoritiesMapper userAuthoritiesMapper) {
+			Assert.notNull(userAuthoritiesMapper, "userAuthoritiesMapper cannot be null");
+			OAuth2LoginConfigurer.this.getBuilder().setSharedObject(GrantedAuthoritiesMapper.class,
+					userAuthoritiesMapper);
+			return this;
+		}
+
+		/**
+		 * Returns the {@link OAuth2LoginConfigurer} for further configuration.
+		 * @return the {@link OAuth2LoginConfigurer}
+		 */
+		public OAuth2LoginConfigurer<B> and() {
+			return OAuth2LoginConfigurer.this;
+		}
+
+	}
+
 	private static class OidcAuthenticationRequestChecker implements AuthenticationProvider {
 
 		@Override
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurer.java
index f22c68ab83..9b45741903 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurer.java
@@ -277,6 +277,70 @@ public final class OAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<
 		}
 	}
 
+	private void registerDefaultAccessDeniedHandler(H http) {
+		ExceptionHandlingConfigurer<H> exceptionHandling = http.getConfigurer(ExceptionHandlingConfigurer.class);
+		if (exceptionHandling == null) {
+			return;
+		}
+
+		exceptionHandling.defaultAccessDeniedHandlerFor(this.accessDeniedHandler, this.requestMatcher);
+	}
+
+	private void registerDefaultEntryPoint(H http) {
+		ExceptionHandlingConfigurer<H> exceptionHandling = http.getConfigurer(ExceptionHandlingConfigurer.class);
+		if (exceptionHandling == null) {
+			return;
+		}
+
+		exceptionHandling.defaultAuthenticationEntryPointFor(this.authenticationEntryPoint, this.requestMatcher);
+	}
+
+	private void registerDefaultCsrfOverride(H http) {
+		CsrfConfigurer<H> csrf = http.getConfigurer(CsrfConfigurer.class);
+		if (csrf == null) {
+			return;
+		}
+
+		csrf.ignoringRequestMatchers(this.requestMatcher);
+	}
+
+	AuthenticationProvider getAuthenticationProvider() {
+		if (this.jwtConfigurer != null) {
+			return this.jwtConfigurer.getAuthenticationProvider();
+		}
+
+		if (this.opaqueTokenConfigurer != null) {
+			return this.opaqueTokenConfigurer.getAuthenticationProvider();
+		}
+
+		return null;
+	}
+
+	AuthenticationManager getAuthenticationManager(H http) {
+		if (this.jwtConfigurer != null) {
+			return this.jwtConfigurer.getAuthenticationManager(http);
+		}
+
+		if (this.opaqueTokenConfigurer != null) {
+			return this.opaqueTokenConfigurer.getAuthenticationManager(http);
+		}
+
+		return http.getSharedObject(AuthenticationManager.class);
+	}
+
+	BearerTokenResolver getBearerTokenResolver() {
+		if (this.bearerTokenResolver == null) {
+			if (this.context.getBeanNamesForType(BearerTokenResolver.class).length > 0) {
+				this.bearerTokenResolver = this.context.getBean(BearerTokenResolver.class);
+			}
+			else {
+				this.bearerTokenResolver = new DefaultBearerTokenResolver();
+			}
+		}
+
+		return this.bearerTokenResolver;
+	}
+
 	public class JwtConfigurer {
 
 		private final ApplicationContext context;
@@ -435,70 +499,6 @@ public final class OAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<
 
 	}
 
-	private void registerDefaultAccessDeniedHandler(H http) {
-		ExceptionHandlingConfigurer<H> exceptionHandling = http.getConfigurer(ExceptionHandlingConfigurer.class);
-		if (exceptionHandling == null) {
-			return;
-		}
-
-		exceptionHandling.defaultAccessDeniedHandlerFor(this.accessDeniedHandler, this.requestMatcher);
-	}
-
-	private void registerDefaultEntryPoint(H http) {
-		ExceptionHandlingConfigurer<H> exceptionHandling = http.getConfigurer(ExceptionHandlingConfigurer.class);
-		if (exceptionHandling == null) {
-			return;
-		}
-
-		exceptionHandling.defaultAuthenticationEntryPointFor(this.authenticationEntryPoint, this.requestMatcher);
-	}
-
-	private void registerDefaultCsrfOverride(H http) {
-		CsrfConfigurer<H> csrf = http.getConfigurer(CsrfConfigurer.class);
-		if (csrf == null) {
-			return;
-		}
-
-		csrf.ignoringRequestMatchers(this.requestMatcher);
-	}
-
-	AuthenticationProvider getAuthenticationProvider() {
-		if (this.jwtConfigurer != null) {
-			return this.jwtConfigurer.getAuthenticationProvider();
-		}
-
-		if (this.opaqueTokenConfigurer != null) {
-			return this.opaqueTokenConfigurer.getAuthenticationProvider();
-		}
-
-		return null;
-	}
-
-	AuthenticationManager getAuthenticationManager(H http) {
-		if (this.jwtConfigurer != null) {
-			return this.jwtConfigurer.getAuthenticationManager(http);
-		}
-
-		if (this.opaqueTokenConfigurer != null) {
-			return this.opaqueTokenConfigurer.getAuthenticationManager(http);
-		}
-
-		return http.getSharedObject(AuthenticationManager.class);
-	}
-
-	BearerTokenResolver getBearerTokenResolver() {
-		if (this.bearerTokenResolver == null) {
-			if (this.context.getBeanNamesForType(BearerTokenResolver.class).length > 0) {
-				this.bearerTokenResolver = this.context.getBean(BearerTokenResolver.class);
-			}
-			else {
-				this.bearerTokenResolver = new DefaultBearerTokenResolver();
-			}
-		}
-
-		return this.bearerTokenResolver;
-	}
-
 	private static final class BearerTokenRequestMatcher implements RequestMatcher {
 
 		private BearerTokenResolver bearerTokenResolver;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistry.java b/config/src/main/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistry.java
index 4507c9d845..ec3a1ba2b6 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistry.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistry.java
@@ -247,6 +247,29 @@ public class MessageSecurityMetadataSourceRegistry {
 		return !this.matcherToExpression.isEmpty();
 	}
 
+	private static String hasAnyRole(String... authorities) {
+		String anyAuthorities = StringUtils.arrayToDelimitedString(authorities, "','ROLE_");
+		return "hasAnyRole('ROLE_" + anyAuthorities + "')";
+	}
+
+	private static String hasRole(String role) {
+		Assert.notNull(role, "role cannot be null");
+		if (role.startsWith("ROLE_")) {
+			throw new IllegalArgumentException(
+					"role should not start with 'ROLE_' since it is automatically inserted. Got '" + role + "'");
+		}
+		return "hasRole('ROLE_" + role + "')";
+	}
+
+	private static String hasAuthority(String authority) {
+		return "hasAuthority('" + authority + "')";
+	}
+
+	private static String hasAnyAuthority(String... authorities) {
+		String anyAuthorities = StringUtils.arrayToDelimitedString(authorities, "','");
+		return "hasAnyAuthority('" + anyAuthorities + "')";
+	}
+
 	/**
 	 * Represents the security constraint to be applied to the {@link MessageMatcher}
 	 * instances.
@@ -386,29 +409,6 @@ public class MessageSecurityMetadataSourceRegistry {
 
 	}
 
-	private static String hasAnyRole(String... authorities) {
-		String anyAuthorities = StringUtils.arrayToDelimitedString(authorities, "','ROLE_");
-		return "hasAnyRole('ROLE_" + anyAuthorities + "')";
-	}
-
-	private static String hasRole(String role) {
-		Assert.notNull(role, "role cannot be null");
-		if (role.startsWith("ROLE_")) {
-			throw new IllegalArgumentException(
-					"role should not start with 'ROLE_' since it is automatically inserted. Got '" + role + "'");
-		}
-		return "hasRole('ROLE_" + role + "')";
-	}
-
-	private static String hasAuthority(String authority) {
-		return "hasAuthority('" + authority + "')";
-	}
-
-	private static String hasAnyAuthority(String... authorities) {
-		String anyAuthorities = StringUtils.arrayToDelimitedString(authorities, "','");
-		return "hasAnyAuthority('" + anyAuthorities + "')";
-	}
-
 	private final static class PreBuiltMatcherBuilder implements MatcherBuilder {
 
 		private MessageMatcher<?> matcher;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurer.java
index 25bec814d6..4e2334e98e 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurer.java
@@ -186,25 +186,6 @@ public abstract class AbstractSecurityWebSocketMessageBrokerConfigurer extends A
 	protected void configureInbound(MessageSecurityMetadataSourceRegistry messages) {
 	}
 
-	private static class WebSocketMessageSecurityMetadataSourceRegistry extends MessageSecurityMetadataSourceRegistry {
-
-		@Override
-		public MessageSecurityMetadataSource createMetadataSource() {
-			return super.createMetadataSource();
-		}
-
-		@Override
-		protected boolean containsMapping() {
-			return super.containsMapping();
-		}
-
-		@Override
-		protected boolean isSimpDestPathMatcherConfigured() {
-			return super.isSimpDestPathMatcherConfigured();
-		}
-
-	}
-
 	@Autowired
 	public void setApplicationContext(ApplicationContext context) {
 		this.context = context;
@@ -283,4 +264,23 @@ public abstract class AbstractSecurityWebSocketMessageBrokerConfigurer extends A
 		}
 	}
 
+	private static class WebSocketMessageSecurityMetadataSourceRegistry extends MessageSecurityMetadataSourceRegistry {
+
+		@Override
+		public MessageSecurityMetadataSource createMetadataSource() {
+			return super.createMetadataSource();
+		}
+
+		@Override
+		protected boolean containsMapping() {
+			return super.containsMapping();
+		}
+
+		@Override
+		protected boolean isSimpDestPathMatcherConfigured() {
+			return super.isSimpDestPathMatcherConfigured();
+		}
+
+	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java b/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java
index 759228c707..5d87cbfa9e 100644
--- a/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java
+++ b/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java
@@ -296,6 +296,9 @@ public class ServerHttpSecurity {
 
 	private AnonymousSpec anonymous;
 
+	protected ServerHttpSecurity() {
+	}
+
 	/**
 	 * The ServerExchangeMatcher that determines which requests apply to this HttpSecurity
 	 * instance.
@@ -624,70 +627,6 @@ public class ServerHttpSecurity {
 		return this;
 	}
 
-	/**
-	 * Configures CORS support within Spring Security. This ensures that the
-	 * {@link CorsWebFilter} is place in the correct order.
-	 */
-	public final class CorsSpec {
-
-		private CorsWebFilter corsFilter;
-
-		private CorsSpec() {
-		}
-
-		/**
-		 * Configures the {@link CorsConfigurationSource} to be used
-		 * @param source the source to use
-		 * @return the {@link CorsSpec} for additional configuration
-		 */
-		public CorsSpec configurationSource(CorsConfigurationSource source) {
-			this.corsFilter = new CorsWebFilter(source);
-			return this;
-		}
-
-		/**
-		 * Disables CORS support within Spring Security.
-		 * @return the {@link ServerHttpSecurity} to continue configuring
-		 */
-		public ServerHttpSecurity disable() {
-			ServerHttpSecurity.this.cors = null;
-			return ServerHttpSecurity.this;
-		}
-
-		/**
-		 * Allows method chaining to continue configuring the {@link ServerHttpSecurity}
-		 * @return the {@link ServerHttpSecurity} to continue configuring
-		 */
-		public ServerHttpSecurity and() {
-			return ServerHttpSecurity.this;
-		}
-
-		protected void configure(ServerHttpSecurity http) {
-			CorsWebFilter corsFilter = getCorsFilter();
-			if (corsFilter != null) {
-				http.addFilterAt(this.corsFilter, SecurityWebFiltersOrder.CORS);
-			}
-		}
-
-		private CorsWebFilter getCorsFilter() {
-			if (this.corsFilter != null) {
-				return this.corsFilter;
-			}
-
-			CorsConfigurationSource source = getBeanOrNull(CorsConfigurationSource.class);
-			if (source == null) {
-				return null;
-			}
-			CorsProcessor processor = getBeanOrNull(CorsProcessor.class);
-			if (processor == null) {
-				processor = new DefaultCorsProcessor();
-			}
-			this.corsFilter = new CorsWebFilter(source, processor);
-			return this.corsFilter;
-		}
-
-	}
-
 	/**
 	 * Configures HTTP Basic authentication. An example configuration is provided below:
 	 *
@@ -867,67 +806,6 @@ public class ServerHttpSecurity {
 		return this;
 	}
 
-	/**
-	 * Configures X509 authentication
-	 *
-	 * @author Alexey Nesterov
-	 * @since 5.2
-	 * @see #x509()
-	 */
-	public final class X509Spec {
-
-		private X509PrincipalExtractor principalExtractor;
-
-		private ReactiveAuthenticationManager authenticationManager;
-
-		private X509Spec() {
-		}
-
-		public X509Spec principalExtractor(X509PrincipalExtractor principalExtractor) {
-			this.principalExtractor = principalExtractor;
-			return this;
-		}
-
-		public X509Spec authenticationManager(ReactiveAuthenticationManager authenticationManager) {
-			this.authenticationManager = authenticationManager;
-			return this;
-		}
-
-		public ServerHttpSecurity and() {
-			return ServerHttpSecurity.this;
-		}
-
-		protected void configure(ServerHttpSecurity http) {
-			ReactiveAuthenticationManager authenticationManager = getAuthenticationManager();
-			X509PrincipalExtractor principalExtractor = getPrincipalExtractor();
-
-			AuthenticationWebFilter filter = new AuthenticationWebFilter(authenticationManager);
-			filter.setServerAuthenticationConverter(new ServerX509AuthenticationConverter(principalExtractor));
-			http.addFilterAt(filter, SecurityWebFiltersOrder.AUTHENTICATION);
-		}
-
-		private X509PrincipalExtractor getPrincipalExtractor() {
-			if (this.principalExtractor != null) {
-				return this.principalExtractor;
-			}
-
-			return new SubjectDnX509PrincipalExtractor();
-		}
-
-		private ReactiveAuthenticationManager getAuthenticationManager() {
-			if (this.authenticationManager != null) {
-				return this.authenticationManager;
-			}
-
-			ReactiveUserDetailsService userDetailsService = getBean(ReactiveUserDetailsService.class);
-			ReactivePreAuthenticatedAuthenticationManager authenticationManager = new ReactivePreAuthenticatedAuthenticationManager(
-					userDetailsService);
-
-			return authenticationManager;
-		}
-
-	}
-
 	/**
 	 * Configures authentication support using an OAuth 2.0 and/or OpenID Connect 1.0
 	 * Provider.
@@ -981,408 +859,6 @@ public class ServerHttpSecurity {
 		return this;
 	}
 
-	public final class OAuth2LoginSpec {
-
-		private ReactiveClientRegistrationRepository clientRegistrationRepository;
-
-		private ServerOAuth2AuthorizedClientRepository authorizedClientRepository;
-
-		private ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository;
-
-		private ReactiveAuthenticationManager authenticationManager;
-
-		private ServerSecurityContextRepository securityContextRepository;
-
-		private ServerAuthenticationConverter authenticationConverter;
-
-		private ServerOAuth2AuthorizationRequestResolver authorizationRequestResolver;
-
-		private ServerWebExchangeMatcher authenticationMatcher;
-
-		private ServerAuthenticationSuccessHandler authenticationSuccessHandler;
-
-		private ServerAuthenticationFailureHandler authenticationFailureHandler;
-
-		private OAuth2LoginSpec() {
-		}
-
-		/**
-		 * Configures the {@link ReactiveAuthenticationManager} to use. The default is
-		 * {@link OAuth2AuthorizationCodeReactiveAuthenticationManager}
-		 * @param authenticationManager the manager to use
-		 * @return the {@link OAuth2LoginSpec} to customize
-		 */
-		public OAuth2LoginSpec authenticationManager(ReactiveAuthenticationManager authenticationManager) {
-			this.authenticationManager = authenticationManager;
-			return this;
-		}
-
-		/**
-		 * The {@link ServerSecurityContextRepository} used to save the
-		 * {@code Authentication}. Defaults to
-		 * {@link WebSessionServerSecurityContextRepository}.
-		 * @param securityContextRepository the repository to use
-		 * @return the {@link OAuth2LoginSpec} to continue configuring
-		 * @since 5.2
-		 */
-		public OAuth2LoginSpec securityContextRepository(ServerSecurityContextRepository securityContextRepository) {
-			this.securityContextRepository = securityContextRepository;
-			return this;
-		}
-
-		/**
-		 * The {@link ServerAuthenticationSuccessHandler} used after authentication
-		 * success. Defaults to {@link RedirectServerAuthenticationSuccessHandler}
-		 * redirecting to "/".
-		 * @param authenticationSuccessHandler the success handler to use
-		 * @return the {@link OAuth2LoginSpec} to customize
-		 * @since 5.2
-		 */
-		public OAuth2LoginSpec authenticationSuccessHandler(
-				ServerAuthenticationSuccessHandler authenticationSuccessHandler) {
-			Assert.notNull(authenticationSuccessHandler, "authenticationSuccessHandler cannot be null");
-			this.authenticationSuccessHandler = authenticationSuccessHandler;
-			return this;
-		}
-
-		/**
-		 * The {@link ServerAuthenticationFailureHandler} used after authentication
-		 * failure. Defaults to {@link RedirectServerAuthenticationFailureHandler}
-		 * redirecting to "/login?error".
-		 * @param authenticationFailureHandler the failure handler to use
-		 * @return the {@link OAuth2LoginSpec} to customize
-		 * @since 5.2
-		 */
-		public OAuth2LoginSpec authenticationFailureHandler(
-				ServerAuthenticationFailureHandler authenticationFailureHandler) {
-			Assert.notNull(authenticationFailureHandler, "authenticationFailureHandler cannot be null");
-			this.authenticationFailureHandler = authenticationFailureHandler;
-			return this;
-		}
-
-		/**
-		 * Gets the {@link ReactiveAuthenticationManager} to use. First tries an
-		 * explicitly configured manager, and defaults to
-		 * {@link OAuth2AuthorizationCodeReactiveAuthenticationManager}
-		 * @return the {@link ReactiveAuthenticationManager} to use
-		 */
-		private ReactiveAuthenticationManager getAuthenticationManager() {
-			if (this.authenticationManager == null) {
-				this.authenticationManager = createDefault();
-			}
-			return this.authenticationManager;
-		}
-
-		private ReactiveAuthenticationManager createDefault() {
-			ReactiveOAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> client = getAccessTokenResponseClient();
-			OAuth2LoginReactiveAuthenticationManager oauth2Manager = new OAuth2LoginReactiveAuthenticationManager(
-					client, getOauth2UserService());
-			GrantedAuthoritiesMapper authoritiesMapper = getBeanOrNull(GrantedAuthoritiesMapper.class);
-			if (authoritiesMapper != null) {
-				oauth2Manager.setAuthoritiesMapper(authoritiesMapper);
-			}
-			boolean oidcAuthenticationProviderEnabled = ClassUtils
-					.isPresent("org.springframework.security.oauth2.jwt.JwtDecoder", this.getClass().getClassLoader());
-			if (oidcAuthenticationProviderEnabled) {
-				OidcAuthorizationCodeReactiveAuthenticationManager oidc = new OidcAuthorizationCodeReactiveAuthenticationManager(
-						client, getOidcUserService());
-				ResolvableType type = ResolvableType.forClassWithGenerics(ReactiveJwtDecoderFactory.class,
-						ClientRegistration.class);
-				ReactiveJwtDecoderFactory<ClientRegistration> jwtDecoderFactory = getBeanOrNull(type);
-				if (jwtDecoderFactory != null) {
-					oidc.setJwtDecoderFactory(jwtDecoderFactory);
-				}
-				if (authoritiesMapper != null) {
-					oidc.setAuthoritiesMapper(authoritiesMapper);
-				}
-				return new DelegatingReactiveAuthenticationManager(oidc, oauth2Manager);
-			}
-			return oauth2Manager;
-		}
-
-		/**
-		 * Sets the converter to use
-		 * @param authenticationConverter the converter to use
-		 * @return the {@link OAuth2LoginSpec} to customize
-		 */
-		public OAuth2LoginSpec authenticationConverter(ServerAuthenticationConverter authenticationConverter) {
-			this.authenticationConverter = authenticationConverter;
-			return this;
-		}
-
-		private ServerAuthenticationConverter getAuthenticationConverter(
-				ReactiveClientRegistrationRepository clientRegistrationRepository) {
-			if (this.authenticationConverter == null) {
-				ServerOAuth2AuthorizationCodeAuthenticationTokenConverter delegate = new ServerOAuth2AuthorizationCodeAuthenticationTokenConverter(
-						clientRegistrationRepository);
-				delegate.setAuthorizationRequestRepository(getAuthorizationRequestRepository());
-				ServerAuthenticationConverter authenticationConverter = exchange -> delegate.convert(exchange)
-						.onErrorMap(OAuth2AuthorizationException.class,
-								e -> new OAuth2AuthenticationException(e.getError(), e.getError().toString()));
-				this.authenticationConverter = authenticationConverter;
-				return authenticationConverter;
-			}
-			return this.authenticationConverter;
-		}
-
-		public OAuth2LoginSpec clientRegistrationRepository(
-				ReactiveClientRegistrationRepository clientRegistrationRepository) {
-			this.clientRegistrationRepository = clientRegistrationRepository;
-			return this;
-		}
-
-		public OAuth2LoginSpec authorizedClientService(ReactiveOAuth2AuthorizedClientService authorizedClientService) {
-			this.authorizedClientRepository = new AuthenticatedPrincipalServerOAuth2AuthorizedClientRepository(
-					authorizedClientService);
-			return this;
-		}
-
-		public OAuth2LoginSpec authorizedClientRepository(
-				ServerOAuth2AuthorizedClientRepository authorizedClientRepository) {
-			this.authorizedClientRepository = authorizedClientRepository;
-			return this;
-		}
-
-		/**
-		 * Sets the repository to use for storing {@link OAuth2AuthorizationRequest}'s.
-		 * @param authorizationRequestRepository the repository to use for storing
-		 * {@link OAuth2AuthorizationRequest}'s
-		 * @return the {@link OAuth2LoginSpec} for further configuration
-		 * @since 5.2
-		 */
-		public OAuth2LoginSpec authorizationRequestRepository(
-				ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository) {
-			this.authorizationRequestRepository = authorizationRequestRepository;
-			return this;
-		}
-
-		/**
-		 * Sets the resolver used for resolving {@link OAuth2AuthorizationRequest}'s.
-		 * @param authorizationRequestResolver the resolver used for resolving
-		 * {@link OAuth2AuthorizationRequest}'s
-		 * @return the {@link OAuth2LoginSpec} for further configuration
-		 * @since 5.2
-		 */
-		public OAuth2LoginSpec authorizationRequestResolver(
-				ServerOAuth2AuthorizationRequestResolver authorizationRequestResolver) {
-			this.authorizationRequestResolver = authorizationRequestResolver;
-			return this;
-		}
-
-		/**
-		 * Sets the {@link ServerWebExchangeMatcher matcher} used for determining if the
-		 * request is an authentication request.
-		 * @param authenticationMatcher the {@link ServerWebExchangeMatcher matcher} used
-		 * for determining if the request is an authentication request
-		 * @return the {@link OAuth2LoginSpec} for further configuration
-		 * @since 5.2
-		 */
-		public OAuth2LoginSpec authenticationMatcher(ServerWebExchangeMatcher authenticationMatcher) {
-			this.authenticationMatcher = authenticationMatcher;
-			return this;
-		}
-
-		private ServerWebExchangeMatcher getAuthenticationMatcher() {
-			if (this.authenticationMatcher == null) {
-				this.authenticationMatcher = createAttemptAuthenticationRequestMatcher();
-			}
-			return this.authenticationMatcher;
-		}
-
-		/**
-		 * Allows method chaining to continue configuring the {@link ServerHttpSecurity}
-		 * @return the {@link ServerHttpSecurity} to continue configuring
-		 */
-		public ServerHttpSecurity and() {
-			return ServerHttpSecurity.this;
-		}
-
-		protected void configure(ServerHttpSecurity http) {
-			ReactiveClientRegistrationRepository clientRegistrationRepository = getClientRegistrationRepository();
-			ServerOAuth2AuthorizedClientRepository authorizedClientRepository = getAuthorizedClientRepository();
-			OAuth2AuthorizationRequestRedirectWebFilter oauthRedirectFilter = getRedirectWebFilter();
-			ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository = getAuthorizationRequestRepository();
-			oauthRedirectFilter.setAuthorizationRequestRepository(authorizationRequestRepository);
-			oauthRedirectFilter.setRequestCache(http.requestCache.requestCache);
-
-			ReactiveAuthenticationManager manager = getAuthenticationManager();
-
-			AuthenticationWebFilter authenticationFilter = new OAuth2LoginAuthenticationWebFilter(manager,
-					authorizedClientRepository);
-			authenticationFilter.setRequiresAuthenticationMatcher(getAuthenticationMatcher());
-			authenticationFilter
-					.setServerAuthenticationConverter(getAuthenticationConverter(clientRegistrationRepository));
-
-			authenticationFilter.setAuthenticationSuccessHandler(getAuthenticationSuccessHandler(http));
-			authenticationFilter.setAuthenticationFailureHandler(getAuthenticationFailureHandler());
-			authenticationFilter.setSecurityContextRepository(this.securityContextRepository);
-
-			setDefaultEntryPoints(http);
-
-			http.addFilterAt(oauthRedirectFilter, SecurityWebFiltersOrder.HTTP_BASIC);
-			http.addFilterAt(authenticationFilter, SecurityWebFiltersOrder.AUTHENTICATION);
-		}
-
-		private void setDefaultEntryPoints(ServerHttpSecurity http) {
-			String defaultLoginPage = "/login";
-			Map<String, String> urlToText = http.oauth2Login.getLinks();
-			String providerLoginPage = null;
-			if (urlToText.size() == 1) {
-				providerLoginPage = urlToText.keySet().iterator().next();
-			}
-
-			MediaTypeServerWebExchangeMatcher htmlMatcher = new MediaTypeServerWebExchangeMatcher(
-					MediaType.APPLICATION_XHTML_XML, new MediaType("image", "*"), MediaType.TEXT_HTML,
-					MediaType.TEXT_PLAIN);
-			htmlMatcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL));
-
-			ServerWebExchangeMatcher xhrMatcher = exchange -> {
-				if (exchange.getRequest().getHeaders().getOrEmpty("X-Requested-With").contains("XMLHttpRequest")) {
-					return ServerWebExchangeMatcher.MatchResult.match();
-				}
-				return ServerWebExchangeMatcher.MatchResult.notMatch();
-			};
-			ServerWebExchangeMatcher notXhrMatcher = new NegatedServerWebExchangeMatcher(xhrMatcher);
-
-			ServerWebExchangeMatcher defaultEntryPointMatcher = new AndServerWebExchangeMatcher(notXhrMatcher,
-					htmlMatcher);
-
-			if (providerLoginPage != null) {
-				ServerWebExchangeMatcher loginPageMatcher = new PathPatternParserServerWebExchangeMatcher(
-						defaultLoginPage);
-				ServerWebExchangeMatcher faviconMatcher = new PathPatternParserServerWebExchangeMatcher("/favicon.ico");
-				ServerWebExchangeMatcher defaultLoginPageMatcher = new AndServerWebExchangeMatcher(
-						new OrServerWebExchangeMatcher(loginPageMatcher, faviconMatcher), defaultEntryPointMatcher);
-
-				ServerWebExchangeMatcher matcher = new AndServerWebExchangeMatcher(notXhrMatcher,
-						new NegatedServerWebExchangeMatcher(defaultLoginPageMatcher));
-				RedirectServerAuthenticationEntryPoint entryPoint = new RedirectServerAuthenticationEntryPoint(
-						providerLoginPage);
-				entryPoint.setRequestCache(http.requestCache.requestCache);
-				http.defaultEntryPoints.add(new DelegateEntry(matcher, entryPoint));
-			}
-
-			RedirectServerAuthenticationEntryPoint defaultEntryPoint = new RedirectServerAuthenticationEntryPoint(
-					defaultLoginPage);
-			defaultEntryPoint.setRequestCache(http.requestCache.requestCache);
-			http.defaultEntryPoints.add(new DelegateEntry(defaultEntryPointMatcher, defaultEntryPoint));
-		}
-
-		private ServerAuthenticationSuccessHandler getAuthenticationSuccessHandler(ServerHttpSecurity http) {
-			if (this.authenticationSuccessHandler == null) {
-				RedirectServerAuthenticationSuccessHandler handler = new RedirectServerAuthenticationSuccessHandler();
-				handler.setRequestCache(http.requestCache.requestCache);
-				this.authenticationSuccessHandler = handler;
-			}
-			return this.authenticationSuccessHandler;
-		}
-
-		private ServerAuthenticationFailureHandler getAuthenticationFailureHandler() {
-			if (this.authenticationFailureHandler == null) {
-				this.authenticationFailureHandler = new RedirectServerAuthenticationFailureHandler("/login?error");
-			}
-			return this.authenticationFailureHandler;
-		}
-
-		private ServerWebExchangeMatcher createAttemptAuthenticationRequestMatcher() {
-			return new PathPatternParserServerWebExchangeMatcher("/login/oauth2/code/{registrationId}");
-		}
-
-		private ReactiveOAuth2UserService<OidcUserRequest, OidcUser> getOidcUserService() {
-			ResolvableType type = ResolvableType.forClassWithGenerics(ReactiveOAuth2UserService.class,
-					OidcUserRequest.class, OidcUser.class);
-			ReactiveOAuth2UserService<OidcUserRequest, OidcUser> bean = getBeanOrNull(type);
-			if (bean == null) {
-				return new OidcReactiveOAuth2UserService();
-			}
-
-			return bean;
-		}
-
-		private ReactiveOAuth2UserService<OAuth2UserRequest, OAuth2User> getOauth2UserService() {
-			ResolvableType type = ResolvableType.forClassWithGenerics(ReactiveOAuth2UserService.class,
-					OAuth2UserRequest.class, OAuth2User.class);
-			ReactiveOAuth2UserService<OAuth2UserRequest, OAuth2User> bean = getBeanOrNull(type);
-			if (bean == null) {
-				return new DefaultReactiveOAuth2UserService();
-			}
-
-			return bean;
-		}
-
-		private Map<String, String> getLinks() {
-			Iterable<ClientRegistration> registrations = getBeanOrNull(
-					ResolvableType.forClassWithGenerics(Iterable.class, ClientRegistration.class));
-			if (registrations == null) {
-				return Collections.emptyMap();
-			}
-			Map<String, String> result = new HashMap<>();
-			registrations.iterator().forEachRemaining(
-					r -> result.put("/oauth2/authorization/" + r.getRegistrationId(), r.getClientName()));
-			return result;
-		}
-
-		private ReactiveOAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> getAccessTokenResponseClient() {
-			ResolvableType type = ResolvableType.forClassWithGenerics(ReactiveOAuth2AccessTokenResponseClient.class,
-					OAuth2AuthorizationCodeGrantRequest.class);
-			ReactiveOAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> bean = getBeanOrNull(type);
-			if (bean == null) {
-				return new WebClientReactiveAuthorizationCodeTokenResponseClient();
-			}
-			return bean;
-		}
-
-		private ReactiveClientRegistrationRepository getClientRegistrationRepository() {
-			if (this.clientRegistrationRepository == null) {
-				this.clientRegistrationRepository = getBeanOrNull(ReactiveClientRegistrationRepository.class);
-			}
-			return this.clientRegistrationRepository;
-		}
-
-		private OAuth2AuthorizationRequestRedirectWebFilter getRedirectWebFilter() {
-			OAuth2AuthorizationRequestRedirectWebFilter oauthRedirectFilter;
-			if (this.authorizationRequestResolver == null) {
-				oauthRedirectFilter = new OAuth2AuthorizationRequestRedirectWebFilter(
-						getClientRegistrationRepository());
-			}
-			else {
-				oauthRedirectFilter = new OAuth2AuthorizationRequestRedirectWebFilter(
-						this.authorizationRequestResolver);
-			}
-			return oauthRedirectFilter;
-		}
-
-		private ServerOAuth2AuthorizedClientRepository getAuthorizedClientRepository() {
-			ServerOAuth2AuthorizedClientRepository result = this.authorizedClientRepository;
-			if (result == null) {
-				result = getBeanOrNull(ServerOAuth2AuthorizedClientRepository.class);
-			}
-			if (result == null) {
-				ReactiveOAuth2AuthorizedClientService authorizedClientService = getAuthorizedClientService();
-				if (authorizedClientService != null) {
-					result = new AuthenticatedPrincipalServerOAuth2AuthorizedClientRepository(authorizedClientService);
-				}
-			}
-			return result;
-		}
-
-		private ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest> getAuthorizationRequestRepository() {
-			if (this.authorizationRequestRepository == null) {
-				this.authorizationRequestRepository = new WebSessionOAuth2ServerAuthorizationRequestRepository();
-			}
-			return this.authorizationRequestRepository;
-		}
-
-		private ReactiveOAuth2AuthorizedClientService getAuthorizedClientService() {
-			ReactiveOAuth2AuthorizedClientService service = getBeanOrNull(ReactiveOAuth2AuthorizedClientService.class);
-			if (service == null) {
-				service = new InMemoryReactiveOAuth2AuthorizedClientService(getClientRegistrationRepository());
-			}
-			return service;
-		}
-
-	}
-
 	/**
 	 * Configures the OAuth2 client.
 	 *
@@ -1434,172 +910,6 @@ public class ServerHttpSecurity {
 		return this;
 	}
 
-	public final class OAuth2ClientSpec {
-
-		private ReactiveClientRegistrationRepository clientRegistrationRepository;
-
-		private ServerAuthenticationConverter authenticationConverter;
-
-		private ServerOAuth2AuthorizedClientRepository authorizedClientRepository;
-
-		private ReactiveAuthenticationManager authenticationManager;
-
-		private ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository;
-
-		private OAuth2ClientSpec() {
-		}
-
-		/**
-		 * Sets the converter to use
-		 * @param authenticationConverter the converter to use
-		 * @return the {@link OAuth2ClientSpec} to customize
-		 */
-		public OAuth2ClientSpec authenticationConverter(ServerAuthenticationConverter authenticationConverter) {
-			this.authenticationConverter = authenticationConverter;
-			return this;
-		}
-
-		private ServerAuthenticationConverter getAuthenticationConverter() {
-			if (this.authenticationConverter == null) {
-				ServerOAuth2AuthorizationCodeAuthenticationTokenConverter authenticationConverter = new ServerOAuth2AuthorizationCodeAuthenticationTokenConverter(
-						getClientRegistrationRepository());
-				authenticationConverter.setAuthorizationRequestRepository(getAuthorizationRequestRepository());
-				this.authenticationConverter = authenticationConverter;
-			}
-			return this.authenticationConverter;
-		}
-
-		/**
-		 * Configures the {@link ReactiveAuthenticationManager} to use. The default is
-		 * {@link OAuth2AuthorizationCodeReactiveAuthenticationManager}
-		 * @param authenticationManager the manager to use
-		 * @return the {@link OAuth2ClientSpec} to customize
-		 */
-		public OAuth2ClientSpec authenticationManager(ReactiveAuthenticationManager authenticationManager) {
-			this.authenticationManager = authenticationManager;
-			return this;
-		}
-
-		/**
-		 * Gets the {@link ReactiveAuthenticationManager} to use. First tries an
-		 * explicitly configured manager, and defaults to
-		 * {@link OAuth2AuthorizationCodeReactiveAuthenticationManager}
-		 * @return the {@link ReactiveAuthenticationManager} to use
-		 */
-		private ReactiveAuthenticationManager getAuthenticationManager() {
-			if (this.authenticationManager == null) {
-				this.authenticationManager = new OAuth2AuthorizationCodeReactiveAuthenticationManager(
-						new WebClientReactiveAuthorizationCodeTokenResponseClient());
-			}
-			return this.authenticationManager;
-		}
-
-		/**
-		 * Configures the {@link ReactiveClientRegistrationRepository}. Default is to look
-		 * the value up as a Bean.
-		 * @param clientRegistrationRepository the repository to use
-		 * @return the {@link OAuth2ClientSpec} to customize
-		 */
-		public OAuth2ClientSpec clientRegistrationRepository(
-				ReactiveClientRegistrationRepository clientRegistrationRepository) {
-			this.clientRegistrationRepository = clientRegistrationRepository;
-			return this;
-		}
-
-		/**
-		 * Configures the {@link ReactiveClientRegistrationRepository}. Default is to look
-		 * the value up as a Bean.
-		 * @param authorizedClientRepository the repository to use
-		 * @return the {@link OAuth2ClientSpec} to customize
-		 */
-		public OAuth2ClientSpec authorizedClientRepository(
-				ServerOAuth2AuthorizedClientRepository authorizedClientRepository) {
-			this.authorizedClientRepository = authorizedClientRepository;
-			return this;
-		}
-
-		/**
-		 * Sets the repository to use for storing {@link OAuth2AuthorizationRequest}'s.
-		 * @param authorizationRequestRepository the repository to use for storing
-		 * {@link OAuth2AuthorizationRequest}'s
-		 * @return the {@link OAuth2ClientSpec} to customize
-		 * @since 5.2
-		 */
-		public OAuth2ClientSpec authorizationRequestRepository(
-				ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository) {
-			this.authorizationRequestRepository = authorizationRequestRepository;
-			return this;
-		}
-
-		private ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest> getAuthorizationRequestRepository() {
-			if (this.authorizationRequestRepository == null) {
-				this.authorizationRequestRepository = new WebSessionOAuth2ServerAuthorizationRequestRepository();
-			}
-			return this.authorizationRequestRepository;
-		}
-
-		/**
-		 * Allows method chaining to continue configuring the {@link ServerHttpSecurity}
-		 * @return the {@link ServerHttpSecurity} to continue configuring
-		 */
-		public ServerHttpSecurity and() {
-			return ServerHttpSecurity.this;
-		}
-
-		protected void configure(ServerHttpSecurity http) {
-			ReactiveClientRegistrationRepository clientRegistrationRepository = getClientRegistrationRepository();
-			ServerOAuth2AuthorizedClientRepository authorizedClientRepository = getAuthorizedClientRepository();
-			ServerAuthenticationConverter authenticationConverter = getAuthenticationConverter();
-			ReactiveAuthenticationManager authenticationManager = getAuthenticationManager();
-			OAuth2AuthorizationCodeGrantWebFilter codeGrantWebFilter = new OAuth2AuthorizationCodeGrantWebFilter(
-					authenticationManager, authenticationConverter, authorizedClientRepository);
-			codeGrantWebFilter.setAuthorizationRequestRepository(getAuthorizationRequestRepository());
-			if (http.requestCache != null) {
-				codeGrantWebFilter.setRequestCache(http.requestCache.requestCache);
-			}
-
-			OAuth2AuthorizationRequestRedirectWebFilter oauthRedirectFilter = new OAuth2AuthorizationRequestRedirectWebFilter(
-					clientRegistrationRepository);
-			oauthRedirectFilter.setAuthorizationRequestRepository(getAuthorizationRequestRepository());
-			if (http.requestCache != null) {
-				oauthRedirectFilter.setRequestCache(http.requestCache.requestCache);
-			}
-
-			http.addFilterAt(codeGrantWebFilter, SecurityWebFiltersOrder.OAUTH2_AUTHORIZATION_CODE);
-			http.addFilterAt(oauthRedirectFilter, SecurityWebFiltersOrder.HTTP_BASIC);
-		}
-
-		private ReactiveClientRegistrationRepository getClientRegistrationRepository() {
-			if (this.clientRegistrationRepository != null) {
-				return this.clientRegistrationRepository;
-			}
-			return getBeanOrNull(ReactiveClientRegistrationRepository.class);
-		}
-
-		private ServerOAuth2AuthorizedClientRepository getAuthorizedClientRepository() {
-			if (this.authorizedClientRepository != null) {
-				return this.authorizedClientRepository;
-			}
-			ServerOAuth2AuthorizedClientRepository result = getBeanOrNull(ServerOAuth2AuthorizedClientRepository.class);
-			if (result == null) {
-				ReactiveOAuth2AuthorizedClientService authorizedClientService = getAuthorizedClientService();
-				if (authorizedClientService != null) {
-					result = new AuthenticatedPrincipalServerOAuth2AuthorizedClientRepository(authorizedClientService);
-				}
-			}
-			return result;
-		}
-
-		private ReactiveOAuth2AuthorizedClientService getAuthorizedClientService() {
-			ReactiveOAuth2AuthorizedClientService service = getBeanOrNull(ReactiveOAuth2AuthorizedClientService.class);
-			if (service == null) {
-				service = new InMemoryReactiveOAuth2AuthorizedClientService(getClientRegistrationRepository());
-			}
-			return service;
-		}
-
-	}
-
 	/**
 	 * Configures OAuth 2.0 Resource Server support.
 	 *
@@ -1654,442 +964,6 @@ public class ServerHttpSecurity {
 		return this;
 	}
 
-	/**
-	 * Configures OAuth2 Resource Server Support
-	 */
-	public class OAuth2ResourceServerSpec {
-
-		private ServerAuthenticationEntryPoint entryPoint = new BearerTokenServerAuthenticationEntryPoint();
-
-		private ServerAccessDeniedHandler accessDeniedHandler = new BearerTokenServerAccessDeniedHandler();
-
-		private ServerAuthenticationConverter bearerTokenConverter = new ServerBearerTokenAuthenticationConverter();
-
-		private AuthenticationConverterServerWebExchangeMatcher authenticationConverterServerWebExchangeMatcher;
-
-		private JwtSpec jwt;
-
-		private OpaqueTokenSpec opaqueToken;
-
-		private ReactiveAuthenticationManagerResolver<ServerWebExchange> authenticationManagerResolver;
-
-		/**
-		 * Configures the {@link ServerAccessDeniedHandler} to use for requests
-		 * authenticating with
-		 * <a href="https://tools.ietf.org/html/rfc6750#section-1.2" target=
-		 * "_blank">Bearer Token</a>s. requests.
-		 * @param accessDeniedHandler the {@link ServerAccessDeniedHandler} to use
-		 * @return the {@link OAuth2ResourceServerSpec} for additional configuration
-		 * @since 5.2
-		 */
-		public OAuth2ResourceServerSpec accessDeniedHandler(ServerAccessDeniedHandler accessDeniedHandler) {
-			Assert.notNull(accessDeniedHandler, "accessDeniedHandler cannot be null");
-			this.accessDeniedHandler = accessDeniedHandler;
-			return this;
-		}
-
-		/**
-		 * Configures the {@link ServerAuthenticationEntryPoint} to use for requests
-		 * authenticating with
-		 * <a href="https://tools.ietf.org/html/rfc6750#section-1.2" target=
-		 * "_blank">Bearer Token</a>s.
-		 * @param entryPoint the {@link ServerAuthenticationEntryPoint} to use
-		 * @return the {@link OAuth2ResourceServerSpec} for additional configuration
-		 * @since 5.2
-		 */
-		public OAuth2ResourceServerSpec authenticationEntryPoint(ServerAuthenticationEntryPoint entryPoint) {
-			Assert.notNull(entryPoint, "entryPoint cannot be null");
-			this.entryPoint = entryPoint;
-			return this;
-		}
-
-		/**
-		 * Configures the {@link ServerAuthenticationConverter} to use for requests
-		 * authenticating with
-		 * <a href="https://tools.ietf.org/html/rfc6750#section-1.2" target=
-		 * "_blank">Bearer Token</a>s.
-		 * @param bearerTokenConverter The {@link ServerAuthenticationConverter} to use
-		 * @return The {@link OAuth2ResourceServerSpec} for additional configuration
-		 * @since 5.2
-		 */
-		public OAuth2ResourceServerSpec bearerTokenConverter(ServerAuthenticationConverter bearerTokenConverter) {
-			Assert.notNull(bearerTokenConverter, "bearerTokenConverter cannot be null");
-			this.bearerTokenConverter = bearerTokenConverter;
-			return this;
-		}
-
-		/**
-		 * Configures the {@link ReactiveAuthenticationManagerResolver}
-		 * @param authenticationManagerResolver the
-		 * {@link ReactiveAuthenticationManagerResolver}
-		 * @return the {@link OAuth2ResourceServerSpec} for additional configuration
-		 * @since 5.3
-		 */
-		public OAuth2ResourceServerSpec authenticationManagerResolver(
-				ReactiveAuthenticationManagerResolver<ServerWebExchange> authenticationManagerResolver) {
-			Assert.notNull(authenticationManagerResolver, "authenticationManagerResolver cannot be null");
-			this.authenticationManagerResolver = authenticationManagerResolver;
-			return this;
-		}
-
-		/**
-		 * Enables JWT Resource Server support.
-		 * @return the {@link JwtSpec} for additional configuration
-		 */
-		public JwtSpec jwt() {
-			if (this.jwt == null) {
-				this.jwt = new JwtSpec();
-			}
-			return this.jwt;
-		}
-
-		/**
-		 * Enables JWT Resource Server support.
-		 * @param jwtCustomizer the {@link Customizer} to provide more options for the
-		 * {@link JwtSpec}
-		 * @return the {@link OAuth2ResourceServerSpec} to customize
-		 */
-		public OAuth2ResourceServerSpec jwt(Customizer<JwtSpec> jwtCustomizer) {
-			if (this.jwt == null) {
-				this.jwt = new JwtSpec();
-			}
-			jwtCustomizer.customize(this.jwt);
-			return this;
-		}
-
-		/**
-		 * Enables Opaque Token Resource Server support.
-		 * @return the {@link OpaqueTokenSpec} for additional configuration
-		 */
-		public OpaqueTokenSpec opaqueToken() {
-			if (this.opaqueToken == null) {
-				this.opaqueToken = new OpaqueTokenSpec();
-			}
-			return this.opaqueToken;
-		}
-
-		/**
-		 * Enables Opaque Token Resource Server support.
-		 * @param opaqueTokenCustomizer the {@link Customizer} to provide more options for
-		 * the {@link OpaqueTokenSpec}
-		 * @return the {@link OAuth2ResourceServerSpec} to customize
-		 */
-		public OAuth2ResourceServerSpec opaqueToken(Customizer<OpaqueTokenSpec> opaqueTokenCustomizer) {
-			if (this.opaqueToken == null) {
-				this.opaqueToken = new OpaqueTokenSpec();
-			}
-			opaqueTokenCustomizer.customize(this.opaqueToken);
-			return this;
-		}
-
-		protected void configure(ServerHttpSecurity http) {
-			this.authenticationConverterServerWebExchangeMatcher = new AuthenticationConverterServerWebExchangeMatcher(
-					this.bearerTokenConverter);
-
-			registerDefaultAccessDeniedHandler(http);
-			registerDefaultAuthenticationEntryPoint(http);
-			registerDefaultCsrfOverride(http);
-
-			validateConfiguration();
-
-			if (this.authenticationManagerResolver != null) {
-				AuthenticationWebFilter oauth2 = new AuthenticationWebFilter(this.authenticationManagerResolver);
-				oauth2.setServerAuthenticationConverter(this.bearerTokenConverter);
-				oauth2.setAuthenticationFailureHandler(
-						new ServerAuthenticationEntryPointFailureHandler(this.entryPoint));
-				http.addFilterAt(oauth2, SecurityWebFiltersOrder.AUTHENTICATION);
-			}
-			else if (this.jwt != null) {
-				this.jwt.configure(http);
-			}
-			else if (this.opaqueToken != null) {
-				this.opaqueToken.configure(http);
-			}
-		}
-
-		private void validateConfiguration() {
-			if (this.authenticationManagerResolver == null) {
-				if (this.jwt == null && this.opaqueToken == null) {
-					throw new IllegalStateException(
-							"Jwt and Opaque Token are the only supported formats for bearer tokens "
-									+ "in Spring Security and neither was found. Make sure to configure JWT "
-									+ "via http.oauth2ResourceServer().jwt() or Opaque Tokens via "
-									+ "http.oauth2ResourceServer().opaqueToken().");
-				}
-
-				if (this.jwt != null && this.opaqueToken != null) {
-					throw new IllegalStateException(
-							"Spring Security only supports JWTs or Opaque Tokens, not both at the " + "same time.");
-				}
-			}
-			else {
-				if (this.jwt != null || this.opaqueToken != null) {
-					throw new IllegalStateException(
-							"If an authenticationManagerResolver() is configured, then it takes "
-									+ "precedence over any jwt() or opaqueToken() configuration.");
-				}
-			}
-		}
-
-		private void registerDefaultAccessDeniedHandler(ServerHttpSecurity http) {
-			if (http.exceptionHandling != null) {
-				http.defaultAccessDeniedHandlers
-						.add(new ServerWebExchangeDelegatingServerAccessDeniedHandler.DelegateEntry(
-								this.authenticationConverterServerWebExchangeMatcher,
-								OAuth2ResourceServerSpec.this.accessDeniedHandler));
-			}
-		}
-
-		private void registerDefaultAuthenticationEntryPoint(ServerHttpSecurity http) {
-			if (http.exceptionHandling != null) {
-				http.defaultEntryPoints.add(new DelegateEntry(this.authenticationConverterServerWebExchangeMatcher,
-						OAuth2ResourceServerSpec.this.entryPoint));
-			}
-		}
-
-		private void registerDefaultCsrfOverride(ServerHttpSecurity http) {
-			if (http.csrf != null && !http.csrf.specifiedRequireCsrfProtectionMatcher) {
-				// @formatter:off
-				http
-					.csrf()
-					.requireCsrfProtectionMatcher(
-							new AndServerWebExchangeMatcher(
-									CsrfWebFilter.DEFAULT_CSRF_MATCHER,
-									new NegatedServerWebExchangeMatcher(
-											this.authenticationConverterServerWebExchangeMatcher)));
-				// @formatter:on
-			}
-		}
-
-		private class BearerTokenAuthenticationWebFilter extends AuthenticationWebFilter {
-
-			private ServerAuthenticationFailureHandler authenticationFailureHandler;
-
-			BearerTokenAuthenticationWebFilter(ReactiveAuthenticationManager authenticationManager) {
-				super(authenticationManager);
-			}
-
-			@Override
-			public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
-				WebFilterExchange webFilterExchange = new WebFilterExchange(exchange, chain);
-				return super.filter(exchange, chain).onErrorResume(AuthenticationException.class,
-						e -> this.authenticationFailureHandler.onAuthenticationFailure(webFilterExchange, e));
-			}
-
-			@Override
-			public void setAuthenticationFailureHandler(
-					ServerAuthenticationFailureHandler authenticationFailureHandler) {
-				super.setAuthenticationFailureHandler(authenticationFailureHandler);
-				this.authenticationFailureHandler = authenticationFailureHandler;
-			}
-
-		}
-
-		/**
-		 * Configures JWT Resource Server Support
-		 */
-		public class JwtSpec {
-
-			private ReactiveAuthenticationManager authenticationManager;
-
-			private ReactiveJwtDecoder jwtDecoder;
-
-			private Converter<Jwt, ? extends Mono<? extends AbstractAuthenticationToken>> jwtAuthenticationConverter = new ReactiveJwtAuthenticationConverterAdapter(
-					new JwtAuthenticationConverter());
-
-			/**
-			 * Configures the {@link ReactiveAuthenticationManager} to use
-			 * @param authenticationManager the authentication manager to use
-			 * @return the {@code JwtSpec} for additional configuration
-			 */
-			public JwtSpec authenticationManager(ReactiveAuthenticationManager authenticationManager) {
-				Assert.notNull(authenticationManager, "authenticationManager cannot be null");
-				this.authenticationManager = authenticationManager;
-				return this;
-			}
-
-			/**
-			 * Configures the {@link Converter} to use for converting a {@link Jwt} into
-			 * an {@link AbstractAuthenticationToken}.
-			 * @param jwtAuthenticationConverter the converter to use
-			 * @return the {@code JwtSpec} for additional configuration
-			 * @since 5.1.1
-			 */
-			public JwtSpec jwtAuthenticationConverter(
-					Converter<Jwt, ? extends Mono<? extends AbstractAuthenticationToken>> jwtAuthenticationConverter) {
-				Assert.notNull(jwtAuthenticationConverter, "jwtAuthenticationConverter cannot be null");
-				this.jwtAuthenticationConverter = jwtAuthenticationConverter;
-				return this;
-			}
-
-			/**
-			 * Configures the {@link ReactiveJwtDecoder} to use
-			 * @param jwtDecoder the decoder to use
-			 * @return the {@code JwtSpec} for additional configuration
-			 */
-			public JwtSpec jwtDecoder(ReactiveJwtDecoder jwtDecoder) {
-				this.jwtDecoder = jwtDecoder;
-				return this;
-			}
-
-			/**
-			 * Configures a {@link ReactiveJwtDecoder} that leverages the provided
-			 * {@link RSAPublicKey}
-			 * @param publicKey the public key to use.
-			 * @return the {@code JwtSpec} for additional configuration
-			 */
-			public JwtSpec publicKey(RSAPublicKey publicKey) {
-				this.jwtDecoder = new NimbusReactiveJwtDecoder(publicKey);
-				return this;
-			}
-
-			/**
-			 * Configures a {@link ReactiveJwtDecoder} using
-			 * <a target="_blank" href="https://tools.ietf.org/html/rfc7517">JSON Web Key
-			 * (JWK)</a> URL
-			 * @param jwkSetUri the URL to use.
-			 * @return the {@code JwtSpec} for additional configuration
-			 */
-			public JwtSpec jwkSetUri(String jwkSetUri) {
-				this.jwtDecoder = new NimbusReactiveJwtDecoder(jwkSetUri);
-				return this;
-			}
-
-			public OAuth2ResourceServerSpec and() {
-				return OAuth2ResourceServerSpec.this;
-			}
-
-			protected void configure(ServerHttpSecurity http) {
-				ReactiveAuthenticationManager authenticationManager = getAuthenticationManager();
-				AuthenticationWebFilter oauth2 = new BearerTokenAuthenticationWebFilter(authenticationManager);
-				oauth2.setServerAuthenticationConverter(OAuth2ResourceServerSpec.this.bearerTokenConverter);
-				oauth2.setAuthenticationFailureHandler(
-						new ServerAuthenticationEntryPointFailureHandler(OAuth2ResourceServerSpec.this.entryPoint));
-				// @formatter:off
-				http
-					.addFilterAt(oauth2, SecurityWebFiltersOrder.AUTHENTICATION);
-				// @formatter:on
-			}
-
-			protected ReactiveJwtDecoder getJwtDecoder() {
-				if (this.jwtDecoder == null) {
-					return getBean(ReactiveJwtDecoder.class);
-				}
-				return this.jwtDecoder;
-			}
-
-			protected Converter<Jwt, ? extends Mono<? extends AbstractAuthenticationToken>> getJwtAuthenticationConverter() {
-
-				return this.jwtAuthenticationConverter;
-			}
-
-			private ReactiveAuthenticationManager getAuthenticationManager() {
-				if (this.authenticationManager != null) {
-					return this.authenticationManager;
-				}
-
-				ReactiveJwtDecoder jwtDecoder = getJwtDecoder();
-				Converter<Jwt, ? extends Mono<? extends AbstractAuthenticationToken>> jwtAuthenticationConverter = getJwtAuthenticationConverter();
-				JwtReactiveAuthenticationManager authenticationManager = new JwtReactiveAuthenticationManager(
-						jwtDecoder);
-				authenticationManager.setJwtAuthenticationConverter(jwtAuthenticationConverter);
-
-				return authenticationManager;
-			}
-
-		}
-
-		/**
-		 * Configures Opaque Token Resource Server support
-		 *
-		 * @author Josh Cummings
-		 * @since 5.2
-		 */
-		public final class OpaqueTokenSpec {
-
-			private String introspectionUri;
-
-			private String clientId;
-
-			private String clientSecret;
-
-			private Supplier<ReactiveOpaqueTokenIntrospector> introspector;
-
-			private OpaqueTokenSpec() {
-			}
-
-			/**
-			 * Configures the URI of the Introspection endpoint
-			 * @param introspectionUri The URI of the Introspection endpoint
-			 * @return the {@code OpaqueTokenSpec} for additional configuration
-			 */
-			public OpaqueTokenSpec introspectionUri(String introspectionUri) {
-				Assert.hasText(introspectionUri, "introspectionUri cannot be empty");
-				this.introspectionUri = introspectionUri;
-				this.introspector = () -> new NimbusReactiveOpaqueTokenIntrospector(this.introspectionUri,
-						this.clientId, this.clientSecret);
-				return this;
-			}
-
-			/**
-			 * Configures the credentials for Introspection endpoint
-			 * @param clientId The clientId part of the credentials
-			 * @param clientSecret The clientSecret part of the credentials
-			 * @return the {@code OpaqueTokenSpec} for additional configuration
-			 */
-			public OpaqueTokenSpec introspectionClientCredentials(String clientId, String clientSecret) {
-				Assert.hasText(clientId, "clientId cannot be empty");
-				Assert.notNull(clientSecret, "clientSecret cannot be null");
-				this.clientId = clientId;
-				this.clientSecret = clientSecret;
-				this.introspector = () -> new NimbusReactiveOpaqueTokenIntrospector(this.introspectionUri,
-						this.clientId, this.clientSecret);
-				return this;
-			}
-
-			public OpaqueTokenSpec introspector(ReactiveOpaqueTokenIntrospector introspector) {
-				Assert.notNull(introspector, "introspector cannot be null");
-				this.introspector = () -> introspector;
-				return this;
-			}
-
-			/**
-			 * Allows method chaining to continue configuring the
-			 * {@link ServerHttpSecurity}
-			 * @return the {@link ServerHttpSecurity} to continue configuring
-			 */
-			public OAuth2ResourceServerSpec and() {
-				return OAuth2ResourceServerSpec.this;
-			}
-
-			protected ReactiveAuthenticationManager getAuthenticationManager() {
-				return new OpaqueTokenReactiveAuthenticationManager(getIntrospector());
-			}
-
-			protected ReactiveOpaqueTokenIntrospector getIntrospector() {
-				if (this.introspector != null) {
-					return this.introspector.get();
-				}
-				return getBean(ReactiveOpaqueTokenIntrospector.class);
-			}
-
-			protected void configure(ServerHttpSecurity http) {
-				ReactiveAuthenticationManager authenticationManager = getAuthenticationManager();
-				AuthenticationWebFilter oauth2 = new BearerTokenAuthenticationWebFilter(authenticationManager);
-				oauth2.setServerAuthenticationConverter(OAuth2ResourceServerSpec.this.bearerTokenConverter);
-				oauth2.setAuthenticationFailureHandler(
-						new ServerAuthenticationEntryPointFailureHandler(OAuth2ResourceServerSpec.this.entryPoint));
-				http.addFilterAt(oauth2, SecurityWebFiltersOrder.AUTHENTICATION);
-			}
-
-		}
-
-		public ServerHttpSecurity and() {
-			return ServerHttpSecurity.this;
-		}
-
-	}
-
 	/**
 	 * Configures HTTP Response Headers. The default headers are:
 	 *
@@ -2599,7 +1473,30 @@ public class ServerHttpSecurity {
 		return new OrderedWebFilter(result, SecurityWebFiltersOrder.REACTOR_CONTEXT.getOrder());
 	}
 
-	protected ServerHttpSecurity() {
+	private <T> T getBean(Class<T> beanClass) {
+		if (this.context == null) {
+			return null;
+		}
+		return this.context.getBean(beanClass);
+	}
+
+	private <T> T getBeanOrNull(Class<T> beanClass) {
+		return getBeanOrNull(ResolvableType.forClass(beanClass));
+	}
+
+	private <T> T getBeanOrNull(ResolvableType type) {
+		if (this.context == null) {
+			return null;
+		}
+		String[] names = this.context.getBeanNamesForType(type);
+		if (names.length == 1) {
+			return (T) this.context.getBean(names[0]);
+		}
+		return null;
+	}
+
+	protected void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
+		this.context = applicationContext;
 	}
 
 	/**
@@ -3931,32 +2828,6 @@ public class ServerHttpSecurity {
 
 	}
 
-	private <T> T getBean(Class<T> beanClass) {
-		if (this.context == null) {
-			return null;
-		}
-		return this.context.getBean(beanClass);
-	}
-
-	private <T> T getBeanOrNull(Class<T> beanClass) {
-		return getBeanOrNull(ResolvableType.forClass(beanClass));
-	}
-
-	private <T> T getBeanOrNull(ResolvableType type) {
-		if (this.context == null) {
-			return null;
-		}
-		String[] names = this.context.getBeanNamesForType(type);
-		if (names.length == 1) {
-			return (T) this.context.getBean(names[0]);
-		}
-		return null;
-	}
-
-	protected void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
-		this.context = applicationContext;
-	}
-
 	private static class OrderedWebFilter implements WebFilter, Ordered {
 
 		private final WebFilter webFilter;
@@ -3997,6 +2868,1135 @@ public class ServerHttpSecurity {
 
 	}
 
+	/**
+	 * Configures CORS support within Spring Security. This ensures that the
+	 * {@link CorsWebFilter} is place in the correct order.
+	 */
+	public final class CorsSpec {
+
+		private CorsWebFilter corsFilter;
+
+		private CorsSpec() {
+		}
+
+		/**
+		 * Configures the {@link CorsConfigurationSource} to be used
+		 * @param source the source to use
+		 * @return the {@link CorsSpec} for additional configuration
+		 */
+		public CorsSpec configurationSource(CorsConfigurationSource source) {
+			this.corsFilter = new CorsWebFilter(source);
+			return this;
+		}
+
+		/**
+		 * Disables CORS support within Spring Security.
+		 * @return the {@link ServerHttpSecurity} to continue configuring
+		 */
+		public ServerHttpSecurity disable() {
+			ServerHttpSecurity.this.cors = null;
+			return ServerHttpSecurity.this;
+		}
+
+		/**
+		 * Allows method chaining to continue configuring the {@link ServerHttpSecurity}
+		 * @return the {@link ServerHttpSecurity} to continue configuring
+		 */
+		public ServerHttpSecurity and() {
+			return ServerHttpSecurity.this;
+		}
+
+		protected void configure(ServerHttpSecurity http) {
+			CorsWebFilter corsFilter = getCorsFilter();
+			if (corsFilter != null) {
+				http.addFilterAt(this.corsFilter, SecurityWebFiltersOrder.CORS);
+			}
+		}
+
+		private CorsWebFilter getCorsFilter() {
+			if (this.corsFilter != null) {
+				return this.corsFilter;
+			}
+
+			CorsConfigurationSource source = getBeanOrNull(CorsConfigurationSource.class);
+			if (source == null) {
+				return null;
+			}
+			CorsProcessor processor = getBeanOrNull(CorsProcessor.class);
+			if (processor == null) {
+				processor = new DefaultCorsProcessor();
+			}
+			this.corsFilter = new CorsWebFilter(source, processor);
+			return this.corsFilter;
+		}
+
+	}
+
+	/**
+	 * Configures X509 authentication
+	 *
+	 * @author Alexey Nesterov
+	 * @since 5.2
+	 * @see #x509()
+	 */
+	public final class X509Spec {
+
+		private X509PrincipalExtractor principalExtractor;
+
+		private ReactiveAuthenticationManager authenticationManager;
+
+		private X509Spec() {
+		}
+
+		public X509Spec principalExtractor(X509PrincipalExtractor principalExtractor) {
+			this.principalExtractor = principalExtractor;
+			return this;
+		}
+
+		public X509Spec authenticationManager(ReactiveAuthenticationManager authenticationManager) {
+			this.authenticationManager = authenticationManager;
+			return this;
+		}
+
+		public ServerHttpSecurity and() {
+			return ServerHttpSecurity.this;
+		}
+
+		protected void configure(ServerHttpSecurity http) {
+			ReactiveAuthenticationManager authenticationManager = getAuthenticationManager();
+			X509PrincipalExtractor principalExtractor = getPrincipalExtractor();
+
+			AuthenticationWebFilter filter = new AuthenticationWebFilter(authenticationManager);
+			filter.setServerAuthenticationConverter(new ServerX509AuthenticationConverter(principalExtractor));
+			http.addFilterAt(filter, SecurityWebFiltersOrder.AUTHENTICATION);
+		}
+
+		private X509PrincipalExtractor getPrincipalExtractor() {
+			if (this.principalExtractor != null) {
+				return this.principalExtractor;
+			}
+
+			return new SubjectDnX509PrincipalExtractor();
+		}
+
+		private ReactiveAuthenticationManager getAuthenticationManager() {
+			if (this.authenticationManager != null) {
+				return this.authenticationManager;
+			}
+
+			ReactiveUserDetailsService userDetailsService = getBean(ReactiveUserDetailsService.class);
+			ReactivePreAuthenticatedAuthenticationManager authenticationManager = new ReactivePreAuthenticatedAuthenticationManager(
+					userDetailsService);
+
+			return authenticationManager;
+		}
+
+	}
+
+	public final class OAuth2LoginSpec {
+
+		private ReactiveClientRegistrationRepository clientRegistrationRepository;
+
+		private ServerOAuth2AuthorizedClientRepository authorizedClientRepository;
+
+		private ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository;
+
+		private ReactiveAuthenticationManager authenticationManager;
+
+		private ServerSecurityContextRepository securityContextRepository;
+
+		private ServerAuthenticationConverter authenticationConverter;
+
+		private ServerOAuth2AuthorizationRequestResolver authorizationRequestResolver;
+
+		private ServerWebExchangeMatcher authenticationMatcher;
+
+		private ServerAuthenticationSuccessHandler authenticationSuccessHandler;
+
+		private ServerAuthenticationFailureHandler authenticationFailureHandler;
+
+		private OAuth2LoginSpec() {
+		}
+
+		/**
+		 * Configures the {@link ReactiveAuthenticationManager} to use. The default is
+		 * {@link OAuth2AuthorizationCodeReactiveAuthenticationManager}
+		 * @param authenticationManager the manager to use
+		 * @return the {@link OAuth2LoginSpec} to customize
+		 */
+		public OAuth2LoginSpec authenticationManager(ReactiveAuthenticationManager authenticationManager) {
+			this.authenticationManager = authenticationManager;
+			return this;
+		}
+
+		/**
+		 * The {@link ServerSecurityContextRepository} used to save the
+		 * {@code Authentication}. Defaults to
+		 * {@link WebSessionServerSecurityContextRepository}.
+		 * @param securityContextRepository the repository to use
+		 * @return the {@link OAuth2LoginSpec} to continue configuring
+		 * @since 5.2
+		 */
+		public OAuth2LoginSpec securityContextRepository(ServerSecurityContextRepository securityContextRepository) {
+			this.securityContextRepository = securityContextRepository;
+			return this;
+		}
+
+		/**
+		 * The {@link ServerAuthenticationSuccessHandler} used after authentication
+		 * success. Defaults to {@link RedirectServerAuthenticationSuccessHandler}
+		 * redirecting to "/".
+		 * @param authenticationSuccessHandler the success handler to use
+		 * @return the {@link OAuth2LoginSpec} to customize
+		 * @since 5.2
+		 */
+		public OAuth2LoginSpec authenticationSuccessHandler(
+				ServerAuthenticationSuccessHandler authenticationSuccessHandler) {
+			Assert.notNull(authenticationSuccessHandler, "authenticationSuccessHandler cannot be null");
+			this.authenticationSuccessHandler = authenticationSuccessHandler;
+			return this;
+		}
+
+		/**
+		 * The {@link ServerAuthenticationFailureHandler} used after authentication
+		 * failure. Defaults to {@link RedirectServerAuthenticationFailureHandler}
+		 * redirecting to "/login?error".
+		 * @param authenticationFailureHandler the failure handler to use
+		 * @return the {@link OAuth2LoginSpec} to customize
+		 * @since 5.2
+		 */
+		public OAuth2LoginSpec authenticationFailureHandler(
+				ServerAuthenticationFailureHandler authenticationFailureHandler) {
+			Assert.notNull(authenticationFailureHandler, "authenticationFailureHandler cannot be null");
+			this.authenticationFailureHandler = authenticationFailureHandler;
+			return this;
+		}
+
+		/**
+		 * Gets the {@link ReactiveAuthenticationManager} to use. First tries an
+		 * explicitly configured manager, and defaults to
+		 * {@link OAuth2AuthorizationCodeReactiveAuthenticationManager}
+		 * @return the {@link ReactiveAuthenticationManager} to use
+		 */
+		private ReactiveAuthenticationManager getAuthenticationManager() {
+			if (this.authenticationManager == null) {
+				this.authenticationManager = createDefault();
+			}
+			return this.authenticationManager;
+		}
+
+		private ReactiveAuthenticationManager createDefault() {
+			ReactiveOAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> client = getAccessTokenResponseClient();
+			OAuth2LoginReactiveAuthenticationManager oauth2Manager = new OAuth2LoginReactiveAuthenticationManager(
+					client, getOauth2UserService());
+			GrantedAuthoritiesMapper authoritiesMapper = getBeanOrNull(GrantedAuthoritiesMapper.class);
+			if (authoritiesMapper != null) {
+				oauth2Manager.setAuthoritiesMapper(authoritiesMapper);
+			}
+			boolean oidcAuthenticationProviderEnabled = ClassUtils
+					.isPresent("org.springframework.security.oauth2.jwt.JwtDecoder", this.getClass().getClassLoader());
+			if (oidcAuthenticationProviderEnabled) {
+				OidcAuthorizationCodeReactiveAuthenticationManager oidc = new OidcAuthorizationCodeReactiveAuthenticationManager(
+						client, getOidcUserService());
+				ResolvableType type = ResolvableType.forClassWithGenerics(ReactiveJwtDecoderFactory.class,
+						ClientRegistration.class);
+				ReactiveJwtDecoderFactory<ClientRegistration> jwtDecoderFactory = getBeanOrNull(type);
+				if (jwtDecoderFactory != null) {
+					oidc.setJwtDecoderFactory(jwtDecoderFactory);
+				}
+				if (authoritiesMapper != null) {
+					oidc.setAuthoritiesMapper(authoritiesMapper);
+				}
+				return new DelegatingReactiveAuthenticationManager(oidc, oauth2Manager);
+			}
+			return oauth2Manager;
+		}
+
+		/**
+		 * Sets the converter to use
+		 * @param authenticationConverter the converter to use
+		 * @return the {@link OAuth2LoginSpec} to customize
+		 */
+		public OAuth2LoginSpec authenticationConverter(ServerAuthenticationConverter authenticationConverter) {
+			this.authenticationConverter = authenticationConverter;
+			return this;
+		}
+
+		private ServerAuthenticationConverter getAuthenticationConverter(
+				ReactiveClientRegistrationRepository clientRegistrationRepository) {
+			if (this.authenticationConverter == null) {
+				ServerOAuth2AuthorizationCodeAuthenticationTokenConverter delegate = new ServerOAuth2AuthorizationCodeAuthenticationTokenConverter(
+						clientRegistrationRepository);
+				delegate.setAuthorizationRequestRepository(getAuthorizationRequestRepository());
+				ServerAuthenticationConverter authenticationConverter = exchange -> delegate.convert(exchange)
+						.onErrorMap(OAuth2AuthorizationException.class,
+								e -> new OAuth2AuthenticationException(e.getError(), e.getError().toString()));
+				this.authenticationConverter = authenticationConverter;
+				return authenticationConverter;
+			}
+			return this.authenticationConverter;
+		}
+
+		public OAuth2LoginSpec clientRegistrationRepository(
+				ReactiveClientRegistrationRepository clientRegistrationRepository) {
+			this.clientRegistrationRepository = clientRegistrationRepository;
+			return this;
+		}
+
+		public OAuth2LoginSpec authorizedClientService(ReactiveOAuth2AuthorizedClientService authorizedClientService) {
+			this.authorizedClientRepository = new AuthenticatedPrincipalServerOAuth2AuthorizedClientRepository(
+					authorizedClientService);
+			return this;
+		}
+
+		public OAuth2LoginSpec authorizedClientRepository(
+				ServerOAuth2AuthorizedClientRepository authorizedClientRepository) {
+			this.authorizedClientRepository = authorizedClientRepository;
+			return this;
+		}
+
+		/**
+		 * Sets the repository to use for storing {@link OAuth2AuthorizationRequest}'s.
+		 * @param authorizationRequestRepository the repository to use for storing
+		 * {@link OAuth2AuthorizationRequest}'s
+		 * @return the {@link OAuth2LoginSpec} for further configuration
+		 * @since 5.2
+		 */
+		public OAuth2LoginSpec authorizationRequestRepository(
+				ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository) {
+			this.authorizationRequestRepository = authorizationRequestRepository;
+			return this;
+		}
+
+		/**
+		 * Sets the resolver used for resolving {@link OAuth2AuthorizationRequest}'s.
+		 * @param authorizationRequestResolver the resolver used for resolving
+		 * {@link OAuth2AuthorizationRequest}'s
+		 * @return the {@link OAuth2LoginSpec} for further configuration
+		 * @since 5.2
+		 */
+		public OAuth2LoginSpec authorizationRequestResolver(
+				ServerOAuth2AuthorizationRequestResolver authorizationRequestResolver) {
+			this.authorizationRequestResolver = authorizationRequestResolver;
+			return this;
+		}
+
+		/**
+		 * Sets the {@link ServerWebExchangeMatcher matcher} used for determining if the
+		 * request is an authentication request.
+		 * @param authenticationMatcher the {@link ServerWebExchangeMatcher matcher} used
+		 * for determining if the request is an authentication request
+		 * @return the {@link OAuth2LoginSpec} for further configuration
+		 * @since 5.2
+		 */
+		public OAuth2LoginSpec authenticationMatcher(ServerWebExchangeMatcher authenticationMatcher) {
+			this.authenticationMatcher = authenticationMatcher;
+			return this;
+		}
+
+		private ServerWebExchangeMatcher getAuthenticationMatcher() {
+			if (this.authenticationMatcher == null) {
+				this.authenticationMatcher = createAttemptAuthenticationRequestMatcher();
+			}
+			return this.authenticationMatcher;
+		}
+
+		/**
+		 * Allows method chaining to continue configuring the {@link ServerHttpSecurity}
+		 * @return the {@link ServerHttpSecurity} to continue configuring
+		 */
+		public ServerHttpSecurity and() {
+			return ServerHttpSecurity.this;
+		}
+
+		protected void configure(ServerHttpSecurity http) {
+			ReactiveClientRegistrationRepository clientRegistrationRepository = getClientRegistrationRepository();
+			ServerOAuth2AuthorizedClientRepository authorizedClientRepository = getAuthorizedClientRepository();
+			OAuth2AuthorizationRequestRedirectWebFilter oauthRedirectFilter = getRedirectWebFilter();
+			ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository = getAuthorizationRequestRepository();
+			oauthRedirectFilter.setAuthorizationRequestRepository(authorizationRequestRepository);
+			oauthRedirectFilter.setRequestCache(http.requestCache.requestCache);
+
+			ReactiveAuthenticationManager manager = getAuthenticationManager();
+
+			AuthenticationWebFilter authenticationFilter = new OAuth2LoginAuthenticationWebFilter(manager,
+					authorizedClientRepository);
+			authenticationFilter.setRequiresAuthenticationMatcher(getAuthenticationMatcher());
+			authenticationFilter
+					.setServerAuthenticationConverter(getAuthenticationConverter(clientRegistrationRepository));
+
+			authenticationFilter.setAuthenticationSuccessHandler(getAuthenticationSuccessHandler(http));
+			authenticationFilter.setAuthenticationFailureHandler(getAuthenticationFailureHandler());
+			authenticationFilter.setSecurityContextRepository(this.securityContextRepository);
+
+			setDefaultEntryPoints(http);
+
+			http.addFilterAt(oauthRedirectFilter, SecurityWebFiltersOrder.HTTP_BASIC);
+			http.addFilterAt(authenticationFilter, SecurityWebFiltersOrder.AUTHENTICATION);
+		}
+
+		private void setDefaultEntryPoints(ServerHttpSecurity http) {
+			String defaultLoginPage = "/login";
+			Map<String, String> urlToText = http.oauth2Login.getLinks();
+			String providerLoginPage = null;
+			if (urlToText.size() == 1) {
+				providerLoginPage = urlToText.keySet().iterator().next();
+			}
+
+			MediaTypeServerWebExchangeMatcher htmlMatcher = new MediaTypeServerWebExchangeMatcher(
+					MediaType.APPLICATION_XHTML_XML, new MediaType("image", "*"), MediaType.TEXT_HTML,
+					MediaType.TEXT_PLAIN);
+			htmlMatcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL));
+
+			ServerWebExchangeMatcher xhrMatcher = exchange -> {
+				if (exchange.getRequest().getHeaders().getOrEmpty("X-Requested-With").contains("XMLHttpRequest")) {
+					return ServerWebExchangeMatcher.MatchResult.match();
+				}
+				return ServerWebExchangeMatcher.MatchResult.notMatch();
+			};
+			ServerWebExchangeMatcher notXhrMatcher = new NegatedServerWebExchangeMatcher(xhrMatcher);
+
+			ServerWebExchangeMatcher defaultEntryPointMatcher = new AndServerWebExchangeMatcher(notXhrMatcher,
+					htmlMatcher);
+
+			if (providerLoginPage != null) {
+				ServerWebExchangeMatcher loginPageMatcher = new PathPatternParserServerWebExchangeMatcher(
+						defaultLoginPage);
+				ServerWebExchangeMatcher faviconMatcher = new PathPatternParserServerWebExchangeMatcher("/favicon.ico");
+				ServerWebExchangeMatcher defaultLoginPageMatcher = new AndServerWebExchangeMatcher(
+						new OrServerWebExchangeMatcher(loginPageMatcher, faviconMatcher), defaultEntryPointMatcher);
+
+				ServerWebExchangeMatcher matcher = new AndServerWebExchangeMatcher(notXhrMatcher,
+						new NegatedServerWebExchangeMatcher(defaultLoginPageMatcher));
+				RedirectServerAuthenticationEntryPoint entryPoint = new RedirectServerAuthenticationEntryPoint(
+						providerLoginPage);
+				entryPoint.setRequestCache(http.requestCache.requestCache);
+				http.defaultEntryPoints.add(new DelegateEntry(matcher, entryPoint));
+			}
+
+			RedirectServerAuthenticationEntryPoint defaultEntryPoint = new RedirectServerAuthenticationEntryPoint(
+					defaultLoginPage);
+			defaultEntryPoint.setRequestCache(http.requestCache.requestCache);
+			http.defaultEntryPoints.add(new DelegateEntry(defaultEntryPointMatcher, defaultEntryPoint));
+		}
+
+		private ServerAuthenticationSuccessHandler getAuthenticationSuccessHandler(ServerHttpSecurity http) {
+			if (this.authenticationSuccessHandler == null) {
+				RedirectServerAuthenticationSuccessHandler handler = new RedirectServerAuthenticationSuccessHandler();
+				handler.setRequestCache(http.requestCache.requestCache);
+				this.authenticationSuccessHandler = handler;
+			}
+			return this.authenticationSuccessHandler;
+		}
+
+		private ServerAuthenticationFailureHandler getAuthenticationFailureHandler() {
+			if (this.authenticationFailureHandler == null) {
+				this.authenticationFailureHandler = new RedirectServerAuthenticationFailureHandler("/login?error");
+			}
+			return this.authenticationFailureHandler;
+		}
+
+		private ServerWebExchangeMatcher createAttemptAuthenticationRequestMatcher() {
+			return new PathPatternParserServerWebExchangeMatcher("/login/oauth2/code/{registrationId}");
+		}
+
+		private ReactiveOAuth2UserService<OidcUserRequest, OidcUser> getOidcUserService() {
+			ResolvableType type = ResolvableType.forClassWithGenerics(ReactiveOAuth2UserService.class,
+					OidcUserRequest.class, OidcUser.class);
+			ReactiveOAuth2UserService<OidcUserRequest, OidcUser> bean = getBeanOrNull(type);
+			if (bean == null) {
+				return new OidcReactiveOAuth2UserService();
+			}
+
+			return bean;
+		}
+
+		private ReactiveOAuth2UserService<OAuth2UserRequest, OAuth2User> getOauth2UserService() {
+			ResolvableType type = ResolvableType.forClassWithGenerics(ReactiveOAuth2UserService.class,
+					OAuth2UserRequest.class, OAuth2User.class);
+			ReactiveOAuth2UserService<OAuth2UserRequest, OAuth2User> bean = getBeanOrNull(type);
+			if (bean == null) {
+				return new DefaultReactiveOAuth2UserService();
+			}
+
+			return bean;
+		}
+
+		private Map<String, String> getLinks() {
+			Iterable<ClientRegistration> registrations = getBeanOrNull(
+					ResolvableType.forClassWithGenerics(Iterable.class, ClientRegistration.class));
+			if (registrations == null) {
+				return Collections.emptyMap();
+			}
+			Map<String, String> result = new HashMap<>();
+			registrations.iterator().forEachRemaining(
+					r -> result.put("/oauth2/authorization/" + r.getRegistrationId(), r.getClientName()));
+			return result;
+		}
+
+		private ReactiveOAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> getAccessTokenResponseClient() {
+			ResolvableType type = ResolvableType.forClassWithGenerics(ReactiveOAuth2AccessTokenResponseClient.class,
+					OAuth2AuthorizationCodeGrantRequest.class);
+			ReactiveOAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> bean = getBeanOrNull(type);
+			if (bean == null) {
+				return new WebClientReactiveAuthorizationCodeTokenResponseClient();
+			}
+			return bean;
+		}
+
+		private ReactiveClientRegistrationRepository getClientRegistrationRepository() {
+			if (this.clientRegistrationRepository == null) {
+				this.clientRegistrationRepository = getBeanOrNull(ReactiveClientRegistrationRepository.class);
+			}
+			return this.clientRegistrationRepository;
+		}
+
+		private OAuth2AuthorizationRequestRedirectWebFilter getRedirectWebFilter() {
+			OAuth2AuthorizationRequestRedirectWebFilter oauthRedirectFilter;
+			if (this.authorizationRequestResolver == null) {
+				oauthRedirectFilter = new OAuth2AuthorizationRequestRedirectWebFilter(
+						getClientRegistrationRepository());
+			}
+			else {
+				oauthRedirectFilter = new OAuth2AuthorizationRequestRedirectWebFilter(
+						this.authorizationRequestResolver);
+			}
+			return oauthRedirectFilter;
+		}
+
+		private ServerOAuth2AuthorizedClientRepository getAuthorizedClientRepository() {
+			ServerOAuth2AuthorizedClientRepository result = this.authorizedClientRepository;
+			if (result == null) {
+				result = getBeanOrNull(ServerOAuth2AuthorizedClientRepository.class);
+			}
+			if (result == null) {
+				ReactiveOAuth2AuthorizedClientService authorizedClientService = getAuthorizedClientService();
+				if (authorizedClientService != null) {
+					result = new AuthenticatedPrincipalServerOAuth2AuthorizedClientRepository(authorizedClientService);
+				}
+			}
+			return result;
+		}
+
+		private ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest> getAuthorizationRequestRepository() {
+			if (this.authorizationRequestRepository == null) {
+				this.authorizationRequestRepository = new WebSessionOAuth2ServerAuthorizationRequestRepository();
+			}
+			return this.authorizationRequestRepository;
+		}
+
+		private ReactiveOAuth2AuthorizedClientService getAuthorizedClientService() {
+			ReactiveOAuth2AuthorizedClientService service = getBeanOrNull(ReactiveOAuth2AuthorizedClientService.class);
+			if (service == null) {
+				service = new InMemoryReactiveOAuth2AuthorizedClientService(getClientRegistrationRepository());
+			}
+			return service;
+		}
+
+	}
+
+	public final class OAuth2ClientSpec {
+
+		private ReactiveClientRegistrationRepository clientRegistrationRepository;
+
+		private ServerAuthenticationConverter authenticationConverter;
+
+		private ServerOAuth2AuthorizedClientRepository authorizedClientRepository;
+
+		private ReactiveAuthenticationManager authenticationManager;
+
+		private ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository;
+
+		private OAuth2ClientSpec() {
+		}
+
+		/**
+		 * Sets the converter to use
+		 * @param authenticationConverter the converter to use
+		 * @return the {@link OAuth2ClientSpec} to customize
+		 */
+		public OAuth2ClientSpec authenticationConverter(ServerAuthenticationConverter authenticationConverter) {
+			this.authenticationConverter = authenticationConverter;
+			return this;
+		}
+
+		private ServerAuthenticationConverter getAuthenticationConverter() {
+			if (this.authenticationConverter == null) {
+				ServerOAuth2AuthorizationCodeAuthenticationTokenConverter authenticationConverter = new ServerOAuth2AuthorizationCodeAuthenticationTokenConverter(
+						getClientRegistrationRepository());
+				authenticationConverter.setAuthorizationRequestRepository(getAuthorizationRequestRepository());
+				this.authenticationConverter = authenticationConverter;
+			}
+			return this.authenticationConverter;
+		}
+
+		/**
+		 * Configures the {@link ReactiveAuthenticationManager} to use. The default is
+		 * {@link OAuth2AuthorizationCodeReactiveAuthenticationManager}
+		 * @param authenticationManager the manager to use
+		 * @return the {@link OAuth2ClientSpec} to customize
+		 */
+		public OAuth2ClientSpec authenticationManager(ReactiveAuthenticationManager authenticationManager) {
+			this.authenticationManager = authenticationManager;
+			return this;
+		}
+
+		/**
+		 * Gets the {@link ReactiveAuthenticationManager} to use. First tries an
+		 * explicitly configured manager, and defaults to
+		 * {@link OAuth2AuthorizationCodeReactiveAuthenticationManager}
+		 * @return the {@link ReactiveAuthenticationManager} to use
+		 */
+		private ReactiveAuthenticationManager getAuthenticationManager() {
+			if (this.authenticationManager == null) {
+				this.authenticationManager = new OAuth2AuthorizationCodeReactiveAuthenticationManager(
+						new WebClientReactiveAuthorizationCodeTokenResponseClient());
+			}
+			return this.authenticationManager;
+		}
+
+		/**
+		 * Configures the {@link ReactiveClientRegistrationRepository}. Default is to look
+		 * the value up as a Bean.
+		 * @param clientRegistrationRepository the repository to use
+		 * @return the {@link OAuth2ClientSpec} to customize
+		 */
+		public OAuth2ClientSpec clientRegistrationRepository(
+				ReactiveClientRegistrationRepository clientRegistrationRepository) {
+			this.clientRegistrationRepository = clientRegistrationRepository;
+			return this;
+		}
+
+		/**
+		 * Configures the {@link ReactiveClientRegistrationRepository}. Default is to look
+		 * the value up as a Bean.
+		 * @param authorizedClientRepository the repository to use
+		 * @return the {@link OAuth2ClientSpec} to customize
+		 */
+		public OAuth2ClientSpec authorizedClientRepository(
+				ServerOAuth2AuthorizedClientRepository authorizedClientRepository) {
+			this.authorizedClientRepository = authorizedClientRepository;
+			return this;
+		}
+
+		/**
+		 * Sets the repository to use for storing {@link OAuth2AuthorizationRequest}'s.
+		 * @param authorizationRequestRepository the repository to use for storing
+		 * {@link OAuth2AuthorizationRequest}'s
+		 * @return the {@link OAuth2ClientSpec} to customize
+		 * @since 5.2
+		 */
+		public OAuth2ClientSpec authorizationRequestRepository(
+				ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository) {
+			this.authorizationRequestRepository = authorizationRequestRepository;
+			return this;
+		}
+
+		private ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest> getAuthorizationRequestRepository() {
+			if (this.authorizationRequestRepository == null) {
+				this.authorizationRequestRepository = new WebSessionOAuth2ServerAuthorizationRequestRepository();
+			}
+			return this.authorizationRequestRepository;
+		}
+
+		/**
+		 * Allows method chaining to continue configuring the {@link ServerHttpSecurity}
+		 * @return the {@link ServerHttpSecurity} to continue configuring
+		 */
+		public ServerHttpSecurity and() {
+			return ServerHttpSecurity.this;
+		}
+
+		protected void configure(ServerHttpSecurity http) {
+			ReactiveClientRegistrationRepository clientRegistrationRepository = getClientRegistrationRepository();
+			ServerOAuth2AuthorizedClientRepository authorizedClientRepository = getAuthorizedClientRepository();
+			ServerAuthenticationConverter authenticationConverter = getAuthenticationConverter();
+			ReactiveAuthenticationManager authenticationManager = getAuthenticationManager();
+			OAuth2AuthorizationCodeGrantWebFilter codeGrantWebFilter = new OAuth2AuthorizationCodeGrantWebFilter(
+					authenticationManager, authenticationConverter, authorizedClientRepository);
+			codeGrantWebFilter.setAuthorizationRequestRepository(getAuthorizationRequestRepository());
+			if (http.requestCache != null) {
+				codeGrantWebFilter.setRequestCache(http.requestCache.requestCache);
+			}
+
+			OAuth2AuthorizationRequestRedirectWebFilter oauthRedirectFilter = new OAuth2AuthorizationRequestRedirectWebFilter(
+					clientRegistrationRepository);
+			oauthRedirectFilter.setAuthorizationRequestRepository(getAuthorizationRequestRepository());
+			if (http.requestCache != null) {
+				oauthRedirectFilter.setRequestCache(http.requestCache.requestCache);
+			}
+
+			http.addFilterAt(codeGrantWebFilter, SecurityWebFiltersOrder.OAUTH2_AUTHORIZATION_CODE);
+			http.addFilterAt(oauthRedirectFilter, SecurityWebFiltersOrder.HTTP_BASIC);
+		}
+
+		private ReactiveClientRegistrationRepository getClientRegistrationRepository() {
+			if (this.clientRegistrationRepository != null) {
+				return this.clientRegistrationRepository;
+			}
+			return getBeanOrNull(ReactiveClientRegistrationRepository.class);
+		}
+
+		private ServerOAuth2AuthorizedClientRepository getAuthorizedClientRepository() {
+			if (this.authorizedClientRepository != null) {
+				return this.authorizedClientRepository;
+			}
+			ServerOAuth2AuthorizedClientRepository result = getBeanOrNull(ServerOAuth2AuthorizedClientRepository.class);
+			if (result == null) {
+				ReactiveOAuth2AuthorizedClientService authorizedClientService = getAuthorizedClientService();
+				if (authorizedClientService != null) {
+					result = new AuthenticatedPrincipalServerOAuth2AuthorizedClientRepository(authorizedClientService);
+				}
+			}
+			return result;
+		}
+
+		private ReactiveOAuth2AuthorizedClientService getAuthorizedClientService() {
+			ReactiveOAuth2AuthorizedClientService service = getBeanOrNull(ReactiveOAuth2AuthorizedClientService.class);
+			if (service == null) {
+				service = new InMemoryReactiveOAuth2AuthorizedClientService(getClientRegistrationRepository());
+			}
+			return service;
+		}
+
+	}
+
+	/**
+	 * Configures OAuth2 Resource Server Support
+	 */
+	public class OAuth2ResourceServerSpec {
+
+		private ServerAuthenticationEntryPoint entryPoint = new BearerTokenServerAuthenticationEntryPoint();
+
+		private ServerAccessDeniedHandler accessDeniedHandler = new BearerTokenServerAccessDeniedHandler();
+
+		private ServerAuthenticationConverter bearerTokenConverter = new ServerBearerTokenAuthenticationConverter();
+
+		private AuthenticationConverterServerWebExchangeMatcher authenticationConverterServerWebExchangeMatcher;
+
+		private JwtSpec jwt;
+
+		private OpaqueTokenSpec opaqueToken;
+
+		private ReactiveAuthenticationManagerResolver<ServerWebExchange> authenticationManagerResolver;
+
+		/**
+		 * Configures the {@link ServerAccessDeniedHandler} to use for requests
+		 * authenticating with
+		 * <a href="https://tools.ietf.org/html/rfc6750#section-1.2" target=
+		 * "_blank">Bearer Token</a>s. requests.
+		 * @param accessDeniedHandler the {@link ServerAccessDeniedHandler} to use
+		 * @return the {@link OAuth2ResourceServerSpec} for additional configuration
+		 * @since 5.2
+		 */
+		public OAuth2ResourceServerSpec accessDeniedHandler(ServerAccessDeniedHandler accessDeniedHandler) {
+			Assert.notNull(accessDeniedHandler, "accessDeniedHandler cannot be null");
+			this.accessDeniedHandler = accessDeniedHandler;
+			return this;
+		}
+
+		/**
+		 * Configures the {@link ServerAuthenticationEntryPoint} to use for requests
+		 * authenticating with
+		 * <a href="https://tools.ietf.org/html/rfc6750#section-1.2" target=
+		 * "_blank">Bearer Token</a>s.
+		 * @param entryPoint the {@link ServerAuthenticationEntryPoint} to use
+		 * @return the {@link OAuth2ResourceServerSpec} for additional configuration
+		 * @since 5.2
+		 */
+		public OAuth2ResourceServerSpec authenticationEntryPoint(ServerAuthenticationEntryPoint entryPoint) {
+			Assert.notNull(entryPoint, "entryPoint cannot be null");
+			this.entryPoint = entryPoint;
+			return this;
+		}
+
+		/**
+		 * Configures the {@link ServerAuthenticationConverter} to use for requests
+		 * authenticating with
+		 * <a href="https://tools.ietf.org/html/rfc6750#section-1.2" target=
+		 * "_blank">Bearer Token</a>s.
+		 * @param bearerTokenConverter The {@link ServerAuthenticationConverter} to use
+		 * @return The {@link OAuth2ResourceServerSpec} for additional configuration
+		 * @since 5.2
+		 */
+		public OAuth2ResourceServerSpec bearerTokenConverter(ServerAuthenticationConverter bearerTokenConverter) {
+			Assert.notNull(bearerTokenConverter, "bearerTokenConverter cannot be null");
+			this.bearerTokenConverter = bearerTokenConverter;
+			return this;
+		}
+
+		/**
+		 * Configures the {@link ReactiveAuthenticationManagerResolver}
+		 * @param authenticationManagerResolver the
+		 * {@link ReactiveAuthenticationManagerResolver}
+		 * @return the {@link OAuth2ResourceServerSpec} for additional configuration
+		 * @since 5.3
+		 */
+		public OAuth2ResourceServerSpec authenticationManagerResolver(
+				ReactiveAuthenticationManagerResolver<ServerWebExchange> authenticationManagerResolver) {
+			Assert.notNull(authenticationManagerResolver, "authenticationManagerResolver cannot be null");
+			this.authenticationManagerResolver = authenticationManagerResolver;
+			return this;
+		}
+
+		/**
+		 * Enables JWT Resource Server support.
+		 * @return the {@link JwtSpec} for additional configuration
+		 */
+		public JwtSpec jwt() {
+			if (this.jwt == null) {
+				this.jwt = new JwtSpec();
+			}
+			return this.jwt;
+		}
+
+		/**
+		 * Enables JWT Resource Server support.
+		 * @param jwtCustomizer the {@link Customizer} to provide more options for the
+		 * {@link JwtSpec}
+		 * @return the {@link OAuth2ResourceServerSpec} to customize
+		 */
+		public OAuth2ResourceServerSpec jwt(Customizer<JwtSpec> jwtCustomizer) {
+			if (this.jwt == null) {
+				this.jwt = new JwtSpec();
+			}
+			jwtCustomizer.customize(this.jwt);
+			return this;
+		}
+
+		/**
+		 * Enables Opaque Token Resource Server support.
+		 * @return the {@link OpaqueTokenSpec} for additional configuration
+		 */
+		public OpaqueTokenSpec opaqueToken() {
+			if (this.opaqueToken == null) {
+				this.opaqueToken = new OpaqueTokenSpec();
+			}
+			return this.opaqueToken;
+		}
+
+		/**
+		 * Enables Opaque Token Resource Server support.
+		 * @param opaqueTokenCustomizer the {@link Customizer} to provide more options for
+		 * the {@link OpaqueTokenSpec}
+		 * @return the {@link OAuth2ResourceServerSpec} to customize
+		 */
+		public OAuth2ResourceServerSpec opaqueToken(Customizer<OpaqueTokenSpec> opaqueTokenCustomizer) {
+			if (this.opaqueToken == null) {
+				this.opaqueToken = new OpaqueTokenSpec();
+			}
+			opaqueTokenCustomizer.customize(this.opaqueToken);
+			return this;
+		}
+
+		protected void configure(ServerHttpSecurity http) {
+			this.authenticationConverterServerWebExchangeMatcher = new AuthenticationConverterServerWebExchangeMatcher(
+					this.bearerTokenConverter);
+
+			registerDefaultAccessDeniedHandler(http);
+			registerDefaultAuthenticationEntryPoint(http);
+			registerDefaultCsrfOverride(http);
+
+			validateConfiguration();
+
+			if (this.authenticationManagerResolver != null) {
+				AuthenticationWebFilter oauth2 = new AuthenticationWebFilter(this.authenticationManagerResolver);
+				oauth2.setServerAuthenticationConverter(this.bearerTokenConverter);
+				oauth2.setAuthenticationFailureHandler(
+						new ServerAuthenticationEntryPointFailureHandler(this.entryPoint));
+				http.addFilterAt(oauth2, SecurityWebFiltersOrder.AUTHENTICATION);
+			}
+			else if (this.jwt != null) {
+				this.jwt.configure(http);
+			}
+			else if (this.opaqueToken != null) {
+				this.opaqueToken.configure(http);
+			}
+		}
+
+		private void validateConfiguration() {
+			if (this.authenticationManagerResolver == null) {
+				if (this.jwt == null && this.opaqueToken == null) {
+					throw new IllegalStateException(
+							"Jwt and Opaque Token are the only supported formats for bearer tokens "
+									+ "in Spring Security and neither was found. Make sure to configure JWT "
+									+ "via http.oauth2ResourceServer().jwt() or Opaque Tokens via "
+									+ "http.oauth2ResourceServer().opaqueToken().");
+				}
+
+				if (this.jwt != null && this.opaqueToken != null) {
+					throw new IllegalStateException(
+							"Spring Security only supports JWTs or Opaque Tokens, not both at the " + "same time.");
+				}
+			}
+			else {
+				if (this.jwt != null || this.opaqueToken != null) {
+					throw new IllegalStateException(
+							"If an authenticationManagerResolver() is configured, then it takes "
+									+ "precedence over any jwt() or opaqueToken() configuration.");
+				}
+			}
+		}
+
+		private void registerDefaultAccessDeniedHandler(ServerHttpSecurity http) {
+			if (http.exceptionHandling != null) {
+				http.defaultAccessDeniedHandlers
+						.add(new ServerWebExchangeDelegatingServerAccessDeniedHandler.DelegateEntry(
+								this.authenticationConverterServerWebExchangeMatcher,
+								OAuth2ResourceServerSpec.this.accessDeniedHandler));
+			}
+		}
+
+		private void registerDefaultAuthenticationEntryPoint(ServerHttpSecurity http) {
+			if (http.exceptionHandling != null) {
+				http.defaultEntryPoints.add(new DelegateEntry(this.authenticationConverterServerWebExchangeMatcher,
+						OAuth2ResourceServerSpec.this.entryPoint));
+			}
+		}
+
+		private void registerDefaultCsrfOverride(ServerHttpSecurity http) {
+			if (http.csrf != null && !http.csrf.specifiedRequireCsrfProtectionMatcher) {
+				// @formatter:off
+				http
+					.csrf()
+					.requireCsrfProtectionMatcher(
+							new AndServerWebExchangeMatcher(
+									CsrfWebFilter.DEFAULT_CSRF_MATCHER,
+									new NegatedServerWebExchangeMatcher(
+											this.authenticationConverterServerWebExchangeMatcher)));
+				// @formatter:on
+			}
+		}
+
+		public ServerHttpSecurity and() {
+			return ServerHttpSecurity.this;
+		}
+
+		private class BearerTokenAuthenticationWebFilter extends AuthenticationWebFilter {
+
+			private ServerAuthenticationFailureHandler authenticationFailureHandler;
+
+			BearerTokenAuthenticationWebFilter(ReactiveAuthenticationManager authenticationManager) {
+				super(authenticationManager);
+			}
+
+			@Override
+			public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
+				WebFilterExchange webFilterExchange = new WebFilterExchange(exchange, chain);
+				return super.filter(exchange, chain).onErrorResume(AuthenticationException.class,
+						e -> this.authenticationFailureHandler.onAuthenticationFailure(webFilterExchange, e));
+			}
+
+			@Override
+			public void setAuthenticationFailureHandler(
+					ServerAuthenticationFailureHandler authenticationFailureHandler) {
+				super.setAuthenticationFailureHandler(authenticationFailureHandler);
+				this.authenticationFailureHandler = authenticationFailureHandler;
+			}
+
+		}
+
+		/**
+		 * Configures JWT Resource Server Support
+		 */
+		public class JwtSpec {
+
+			private ReactiveAuthenticationManager authenticationManager;
+
+			private ReactiveJwtDecoder jwtDecoder;
+
+			private Converter<Jwt, ? extends Mono<? extends AbstractAuthenticationToken>> jwtAuthenticationConverter = new ReactiveJwtAuthenticationConverterAdapter(
+					new JwtAuthenticationConverter());
+
+			/**
+			 * Configures the {@link ReactiveAuthenticationManager} to use
+			 * @param authenticationManager the authentication manager to use
+			 * @return the {@code JwtSpec} for additional configuration
+			 */
+			public JwtSpec authenticationManager(ReactiveAuthenticationManager authenticationManager) {
+				Assert.notNull(authenticationManager, "authenticationManager cannot be null");
+				this.authenticationManager = authenticationManager;
+				return this;
+			}
+
+			/**
+			 * Configures the {@link Converter} to use for converting a {@link Jwt} into
+			 * an {@link AbstractAuthenticationToken}.
+			 * @param jwtAuthenticationConverter the converter to use
+			 * @return the {@code JwtSpec} for additional configuration
+			 * @since 5.1.1
+			 */
+			public JwtSpec jwtAuthenticationConverter(
+					Converter<Jwt, ? extends Mono<? extends AbstractAuthenticationToken>> jwtAuthenticationConverter) {
+				Assert.notNull(jwtAuthenticationConverter, "jwtAuthenticationConverter cannot be null");
+				this.jwtAuthenticationConverter = jwtAuthenticationConverter;
+				return this;
+			}
+
+			/**
+			 * Configures the {@link ReactiveJwtDecoder} to use
+			 * @param jwtDecoder the decoder to use
+			 * @return the {@code JwtSpec} for additional configuration
+			 */
+			public JwtSpec jwtDecoder(ReactiveJwtDecoder jwtDecoder) {
+				this.jwtDecoder = jwtDecoder;
+				return this;
+			}
+
+			/**
+			 * Configures a {@link ReactiveJwtDecoder} that leverages the provided
+			 * {@link RSAPublicKey}
+			 * @param publicKey the public key to use.
+			 * @return the {@code JwtSpec} for additional configuration
+			 */
+			public JwtSpec publicKey(RSAPublicKey publicKey) {
+				this.jwtDecoder = new NimbusReactiveJwtDecoder(publicKey);
+				return this;
+			}
+
+			/**
+			 * Configures a {@link ReactiveJwtDecoder} using
+			 * <a target="_blank" href="https://tools.ietf.org/html/rfc7517">JSON Web Key
+			 * (JWK)</a> URL
+			 * @param jwkSetUri the URL to use.
+			 * @return the {@code JwtSpec} for additional configuration
+			 */
+			public JwtSpec jwkSetUri(String jwkSetUri) {
+				this.jwtDecoder = new NimbusReactiveJwtDecoder(jwkSetUri);
+				return this;
+			}
+
+			public OAuth2ResourceServerSpec and() {
+				return OAuth2ResourceServerSpec.this;
+			}
+
+			protected void configure(ServerHttpSecurity http) {
+				ReactiveAuthenticationManager authenticationManager = getAuthenticationManager();
+				AuthenticationWebFilter oauth2 = new BearerTokenAuthenticationWebFilter(authenticationManager);
+				oauth2.setServerAuthenticationConverter(OAuth2ResourceServerSpec.this.bearerTokenConverter);
+				oauth2.setAuthenticationFailureHandler(
+						new ServerAuthenticationEntryPointFailureHandler(OAuth2ResourceServerSpec.this.entryPoint));
+				// @formatter:off
+				http
+					.addFilterAt(oauth2, SecurityWebFiltersOrder.AUTHENTICATION);
+				// @formatter:on
+			}
+
+			protected ReactiveJwtDecoder getJwtDecoder() {
+				if (this.jwtDecoder == null) {
+					return getBean(ReactiveJwtDecoder.class);
+				}
+				return this.jwtDecoder;
+			}
+
+			protected Converter<Jwt, ? extends Mono<? extends AbstractAuthenticationToken>> getJwtAuthenticationConverter() {
+
+				return this.jwtAuthenticationConverter;
+			}
+
+			private ReactiveAuthenticationManager getAuthenticationManager() {
+				if (this.authenticationManager != null) {
+					return this.authenticationManager;
+				}
+
+				ReactiveJwtDecoder jwtDecoder = getJwtDecoder();
+				Converter<Jwt, ? extends Mono<? extends AbstractAuthenticationToken>> jwtAuthenticationConverter = getJwtAuthenticationConverter();
+				JwtReactiveAuthenticationManager authenticationManager = new JwtReactiveAuthenticationManager(
+						jwtDecoder);
+				authenticationManager.setJwtAuthenticationConverter(jwtAuthenticationConverter);
+
+				return authenticationManager;
+			}
+
+		}
+
+		/**
+		 * Configures Opaque Token Resource Server support
+		 *
+		 * @author Josh Cummings
+		 * @since 5.2
+		 */
+		public final class OpaqueTokenSpec {
+
+			private String introspectionUri;
+
+			private String clientId;
+
+			private String clientSecret;
+
+			private Supplier<ReactiveOpaqueTokenIntrospector> introspector;
+
+			private OpaqueTokenSpec() {
+			}
+
+			/**
+			 * Configures the URI of the Introspection endpoint
+			 * @param introspectionUri The URI of the Introspection endpoint
+			 * @return the {@code OpaqueTokenSpec} for additional configuration
+			 */
+			public OpaqueTokenSpec introspectionUri(String introspectionUri) {
+				Assert.hasText(introspectionUri, "introspectionUri cannot be empty");
+				this.introspectionUri = introspectionUri;
+				this.introspector = () -> new NimbusReactiveOpaqueTokenIntrospector(this.introspectionUri,
+						this.clientId, this.clientSecret);
+				return this;
+			}
+
+			/**
+			 * Configures the credentials for Introspection endpoint
+			 * @param clientId The clientId part of the credentials
+			 * @param clientSecret The clientSecret part of the credentials
+			 * @return the {@code OpaqueTokenSpec} for additional configuration
+			 */
+			public OpaqueTokenSpec introspectionClientCredentials(String clientId, String clientSecret) {
+				Assert.hasText(clientId, "clientId cannot be empty");
+				Assert.notNull(clientSecret, "clientSecret cannot be null");
+				this.clientId = clientId;
+				this.clientSecret = clientSecret;
+				this.introspector = () -> new NimbusReactiveOpaqueTokenIntrospector(this.introspectionUri,
+						this.clientId, this.clientSecret);
+				return this;
+			}
+
+			public OpaqueTokenSpec introspector(ReactiveOpaqueTokenIntrospector introspector) {
+				Assert.notNull(introspector, "introspector cannot be null");
+				this.introspector = () -> introspector;
+				return this;
+			}
+
+			/**
+			 * Allows method chaining to continue configuring the
+			 * {@link ServerHttpSecurity}
+			 * @return the {@link ServerHttpSecurity} to continue configuring
+			 */
+			public OAuth2ResourceServerSpec and() {
+				return OAuth2ResourceServerSpec.this;
+			}
+
+			protected ReactiveAuthenticationManager getAuthenticationManager() {
+				return new OpaqueTokenReactiveAuthenticationManager(getIntrospector());
+			}
+
+			protected ReactiveOpaqueTokenIntrospector getIntrospector() {
+				if (this.introspector != null) {
+					return this.introspector.get();
+				}
+				return getBean(ReactiveOpaqueTokenIntrospector.class);
+			}
+
+			protected void configure(ServerHttpSecurity http) {
+				ReactiveAuthenticationManager authenticationManager = getAuthenticationManager();
+				AuthenticationWebFilter oauth2 = new BearerTokenAuthenticationWebFilter(authenticationManager);
+				oauth2.setServerAuthenticationConverter(OAuth2ResourceServerSpec.this.bearerTokenConverter);
+				oauth2.setAuthenticationFailureHandler(
+						new ServerAuthenticationEntryPointFailureHandler(OAuth2ResourceServerSpec.this.entryPoint));
+				http.addFilterAt(oauth2, SecurityWebFiltersOrder.AUTHENTICATION);
+			}
+
+		}
+
+	}
+
 	/**
 	 * Configures anonymous authentication
 	 *
diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/AuthenticationManagerBuilderTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/AuthenticationManagerBuilderTests.java
index 2f52e4f7b5..fa6bf9e5fa 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/authentication/AuthenticationManagerBuilderTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/AuthenticationManagerBuilderTests.java
@@ -68,6 +68,9 @@ public class AuthenticationManagerBuilderTests {
 	@Rule
 	public final SpringTestRule spring = new SpringTestRule();
 
+	@Autowired(required = false)
+	MockMvc mockMvc;
+
 	@Test
 	public void buildWhenAddAuthenticationProviderThenDoesNotPerformRegistration() throws Exception {
 		ObjectPostProcessor<Object> opp = mock(ObjectPostProcessor.class);
@@ -110,25 +113,6 @@ public class AuthenticationManagerBuilderTests {
 		assertThat(auth.getAuthorities()).extracting(GrantedAuthority::getAuthority).containsOnly("ROLE_USER");
 	}
 
-	@EnableWebSecurity
-	static class PasswordEncoderGlobalConfig extends WebSecurityConfigurerAdapter {
-
-		@Autowired
-		void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
-			// @formatter:off
-			auth
-				.inMemoryAuthentication()
-				.withUser("user").password("password").roles("USER");
-			// @formatter:on
-		}
-
-		@Bean
-		PasswordEncoder passwordEncoder() {
-			return NoOpPasswordEncoder.getInstance();
-		}
-
-	}
-
 	@Test
 	public void getAuthenticationManagerWhenProtectedPasswordEncoderBeanThenUsed() throws Exception {
 		this.spring.register(PasswordEncoderGlobalConfig.class).autowire();
@@ -141,28 +125,6 @@ public class AuthenticationManagerBuilderTests {
 		assertThat(auth.getAuthorities()).extracting(GrantedAuthority::getAuthority).containsOnly("ROLE_USER");
 	}
 
-	@EnableWebSecurity
-	static class PasswordEncoderConfig extends WebSecurityConfigurerAdapter {
-
-		@Override
-		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
-			// @formatter:off
-			auth
-				.inMemoryAuthentication()
-				.withUser("user").password("password").roles("USER");
-			// @formatter:on
-		}
-
-		@Bean
-		PasswordEncoder passwordEncoder() {
-			return NoOpPasswordEncoder.getInstance();
-		}
-
-	}
-
-	@Autowired(required = false)
-	MockMvc mockMvc;
-
 	@Test
 	public void authenticationManagerWhenMultipleProvidersThenWorks() throws Exception {
 		this.spring.register(MultiAuthenticationProvidersConfig.class).autowire();
@@ -173,17 +135,6 @@ public class AuthenticationManagerBuilderTests {
 				.andExpect(authenticated().withUsername("admin").withRoles("USER", "ADMIN"));
 	}
 
-	@EnableWebSecurity
-	static class MultiAuthenticationProvidersConfig extends WebSecurityConfigurerAdapter {
-
-		@Override
-		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
-			auth.inMemoryAuthentication().withUser(PasswordEncodedUser.user()).and().inMemoryAuthentication()
-					.withUser(PasswordEncodedUser.admin());
-		}
-
-	}
-
 	@Test
 	public void buildWhenAuthenticationProviderThenIsConfigured() throws Exception {
 		ObjectPostProcessor<Object> opp = mock(ObjectPostProcessor.class);
@@ -225,6 +176,55 @@ public class AuthenticationManagerBuilderTests {
 				.andExpect(authenticated().withUsername("joe").withRoles("USER"));
 	}
 
+	@EnableWebSecurity
+	static class MultiAuthenticationProvidersConfig extends WebSecurityConfigurerAdapter {
+
+		@Override
+		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+			auth.inMemoryAuthentication().withUser(PasswordEncodedUser.user()).and().inMemoryAuthentication()
+					.withUser(PasswordEncodedUser.admin());
+		}
+
+	}
+
+	@EnableWebSecurity
+	static class PasswordEncoderGlobalConfig extends WebSecurityConfigurerAdapter {
+
+		@Autowired
+		void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
+			auth
+				.inMemoryAuthentication()
+				.withUser("user").password("password").roles("USER");
+			// @formatter:on
+		}
+
+		@Bean
+		PasswordEncoder passwordEncoder() {
+			return NoOpPasswordEncoder.getInstance();
+		}
+
+	}
+
+	@EnableWebSecurity
+	static class PasswordEncoderConfig extends WebSecurityConfigurerAdapter {
+
+		@Override
+		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
+			auth
+				.inMemoryAuthentication()
+				.withUser("user").password("password").roles("USER");
+			// @formatter:on
+		}
+
+		@Bean
+		PasswordEncoder passwordEncoder() {
+			return NoOpPasswordEncoder.getInstance();
+		}
+
+	}
+
 	@Configuration
 	@EnableGlobalAuthentication
 	@Import(ObjectPostProcessorConfiguration.class)
diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationManagerTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationManagerTests.java
index 6aa34abb27..4f924e7878 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationManagerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationManagerTests.java
@@ -53,6 +53,27 @@ public class NamespaceAuthenticationManagerTests {
 		// no exception due to username being cleared out
 	}
 
+	@Test
+	public void authenticationMangerWhenEraseCredentialsIsFalseThenCredentialsNotNull() throws Exception {
+		this.spring.register(EraseCredentialsFalseConfig.class).autowire();
+
+		this.mockMvc.perform(formLogin())
+				.andExpect(authenticated().withAuthentication(a -> assertThat(a.getCredentials()).isNotNull()));
+
+		this.mockMvc.perform(formLogin())
+				.andExpect(authenticated().withAuthentication(a -> assertThat(a.getCredentials()).isNotNull()));
+		// no exception due to username being cleared out
+	}
+
+	@Test
+	// SEC-2533
+	public void authenticationManagerWhenGlobalAndEraseCredentialsIsFalseThenCredentialsNotNull() throws Exception {
+		this.spring.register(GlobalEraseCredentialsFalseConfig.class).autowire();
+
+		this.mockMvc.perform(formLogin())
+				.andExpect(authenticated().withAuthentication(a -> assertThat(a.getCredentials()).isNotNull()));
+	}
+
 	@EnableWebSecurity
 	static class EraseCredentialsTrueDefaultConfig extends WebSecurityConfigurerAdapter {
 
@@ -67,18 +88,6 @@ public class NamespaceAuthenticationManagerTests {
 
 	}
 
-	@Test
-	public void authenticationMangerWhenEraseCredentialsIsFalseThenCredentialsNotNull() throws Exception {
-		this.spring.register(EraseCredentialsFalseConfig.class).autowire();
-
-		this.mockMvc.perform(formLogin())
-				.andExpect(authenticated().withAuthentication(a -> assertThat(a.getCredentials()).isNotNull()));
-
-		this.mockMvc.perform(formLogin())
-				.andExpect(authenticated().withAuthentication(a -> assertThat(a.getCredentials()).isNotNull()));
-		// no exception due to username being cleared out
-	}
-
 	@EnableWebSecurity
 	static class EraseCredentialsFalseConfig extends WebSecurityConfigurerAdapter {
 
@@ -94,15 +103,6 @@ public class NamespaceAuthenticationManagerTests {
 
 	}
 
-	@Test
-	// SEC-2533
-	public void authenticationManagerWhenGlobalAndEraseCredentialsIsFalseThenCredentialsNotNull() throws Exception {
-		this.spring.register(GlobalEraseCredentialsFalseConfig.class).autowire();
-
-		this.mockMvc.perform(formLogin())
-				.andExpect(authenticated().withAuthentication(a -> assertThat(a.getCredentials()).isNotNull()));
-	}
-
 	@EnableWebSecurity
 	static class GlobalEraseCredentialsFalseConfig extends WebSecurityConfigurerAdapter {
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationProviderTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationProviderTests.java
index ed63199915..aa3853f0f6 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationProviderTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationProviderTests.java
@@ -53,6 +53,14 @@ public class NamespaceAuthenticationProviderTests {
 		this.mockMvc.perform(formLogin()).andExpect(authenticated().withUsername("user"));
 	}
 
+	@Test
+	// authentication-provider@user-service-ref
+	public void authenticationProviderUserServiceRef() throws Exception {
+		this.spring.register(AuthenticationProviderRefConfig.class).autowire();
+
+		this.mockMvc.perform(formLogin()).andExpect(authenticated().withUsername("user"));
+	}
+
 	@EnableWebSecurity
 	static class AuthenticationProviderRefConfig extends WebSecurityConfigurerAdapter {
 
@@ -73,14 +81,6 @@ public class NamespaceAuthenticationProviderTests {
 
 	}
 
-	@Test
-	// authentication-provider@user-service-ref
-	public void authenticationProviderUserServiceRef() throws Exception {
-		this.spring.register(AuthenticationProviderRefConfig.class).autowire();
-
-		this.mockMvc.perform(formLogin()).andExpect(authenticated().withUsername("user"));
-	}
-
 	@EnableWebSecurity
 	static class UserServiceRefConfig extends WebSecurityConfigurerAdapter {
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceJdbcUserServiceTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceJdbcUserServiceTests.java
index bf3c3d4994..64c6c455e2 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceJdbcUserServiceTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceJdbcUserServiceTests.java
@@ -57,6 +57,13 @@ public class NamespaceJdbcUserServiceTests {
 		this.mockMvc.perform(formLogin()).andExpect(authenticated().withUsername("user"));
 	}
 
+	@Test
+	public void jdbcUserServiceCustom() throws Exception {
+		this.spring.register(CustomDataSourceConfig.class, CustomJdbcUserServiceSampleConfig.class).autowire();
+
+		this.mockMvc.perform(formLogin()).andExpect(authenticated().withUsername("user").withRoles("DBA", "USER"));
+	}
+
 	@EnableWebSecurity
 	static class JdbcUserServiceConfig extends WebSecurityConfigurerAdapter {
 
@@ -87,13 +94,6 @@ public class NamespaceJdbcUserServiceTests {
 
 	}
 
-	@Test
-	public void jdbcUserServiceCustom() throws Exception {
-		this.spring.register(CustomDataSourceConfig.class, CustomJdbcUserServiceSampleConfig.class).autowire();
-
-		this.mockMvc.perform(formLogin()).andExpect(authenticated().withUsername("user").withRoles("DBA", "USER"));
-	}
-
 	@EnableWebSecurity
 	static class CustomJdbcUserServiceSampleConfig extends WebSecurityConfigurerAdapter {
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespacePasswordEncoderTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespacePasswordEncoderTests.java
index 1288673c9e..a535a1874b 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespacePasswordEncoderTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespacePasswordEncoderTests.java
@@ -56,6 +56,20 @@ public class NamespacePasswordEncoderTests {
 		this.mockMvc.perform(formLogin()).andExpect(authenticated());
 	}
 
+	@Test
+	public void passwordEncoderRefWithJdbc() throws Exception {
+		this.spring.register(PasswordEncoderWithJdbcConfig.class).autowire();
+
+		this.mockMvc.perform(formLogin()).andExpect(authenticated());
+	}
+
+	@Test
+	public void passwordEncoderRefWithUserDetailsService() throws Exception {
+		this.spring.register(PasswordEncoderWithUserDetailsServiceConfig.class).autowire();
+
+		this.mockMvc.perform(formLogin()).andExpect(authenticated());
+	}
+
 	@EnableWebSecurity
 	static class PasswordEncoderWithInMemoryConfig extends WebSecurityConfigurerAdapter {
 
@@ -72,13 +86,6 @@ public class NamespacePasswordEncoderTests {
 
 	}
 
-	@Test
-	public void passwordEncoderRefWithJdbc() throws Exception {
-		this.spring.register(PasswordEncoderWithJdbcConfig.class).autowire();
-
-		this.mockMvc.perform(formLogin()).andExpect(authenticated());
-	}
-
 	@EnableWebSecurity
 	static class PasswordEncoderWithJdbcConfig extends WebSecurityConfigurerAdapter {
 
@@ -104,13 +111,6 @@ public class NamespacePasswordEncoderTests {
 
 	}
 
-	@Test
-	public void passwordEncoderRefWithUserDetailsService() throws Exception {
-		this.spring.register(PasswordEncoderWithUserDetailsServiceConfig.class).autowire();
-
-		this.mockMvc.perform(formLogin()).andExpect(authenticated());
-	}
-
 	@EnableWebSecurity
 	static class PasswordEncoderWithUserDetailsServiceConfig extends WebSecurityConfigurerAdapter {
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/PasswordEncoderConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/PasswordEncoderConfigurerTests.java
index 88c3464ebc..85c46ab747 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/authentication/PasswordEncoderConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/PasswordEncoderConfigurerTests.java
@@ -48,6 +48,13 @@ public class PasswordEncoderConfigurerTests {
 		this.spring.register(PasswordEncoderConfig.class).autowire();
 	}
 
+	@Test
+	public void passwordEncoderRefWhenAuthenticationManagerBuilderThenAuthenticationSuccess() throws Exception {
+		this.spring.register(PasswordEncoderNoAuthManagerLoadsConfig.class).autowire();
+
+		this.mockMvc.perform(formLogin()).andExpect(authenticated());
+	}
+
 	@EnableWebSecurity
 	static class PasswordEncoderConfig extends WebSecurityConfigurerAdapter {
 
@@ -73,13 +80,6 @@ public class PasswordEncoderConfigurerTests {
 
 	}
 
-	@Test
-	public void passwordEncoderRefWhenAuthenticationManagerBuilderThenAuthenticationSuccess() throws Exception {
-		this.spring.register(PasswordEncoderNoAuthManagerLoadsConfig.class).autowire();
-
-		this.mockMvc.perform(formLogin()).andExpect(authenticated());
-	}
-
 	@EnableWebSecurity
 	static class PasswordEncoderNoAuthManagerLoadsConfig extends WebSecurityConfigurerAdapter {
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationTests.java
index d42c638cb3..e091dcecb1 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationTests.java
@@ -93,11 +93,6 @@ public class AuthenticationConfigurationTests {
 		this.service.run();
 	}
 
-	@EnableGlobalMethodSecurity(securedEnabled = true)
-	static class GlobalMethodSecurityAutowiredConfig {
-
-	}
-
 	@Test
 	public void orderingAutowiredOnEnableWebSecurity() {
 		this.spring.register(AuthenticationTestConfiguration.class, WebSecurityConfig.class,
@@ -108,11 +103,6 @@ public class AuthenticationConfigurationTests {
 		this.service.run();
 	}
 
-	@EnableWebSecurity
-	static class WebSecurityConfig {
-
-	}
-
 	@Test
 	public void orderingAutowiredOnEnableWebMvcSecurity() {
 		this.spring.register(AuthenticationTestConfiguration.class, WebMvcSecurityConfig.class,
@@ -123,11 +113,6 @@ public class AuthenticationConfigurationTests {
 		this.service.run();
 	}
 
-	@EnableWebMvcSecurity
-	static class WebMvcSecurityConfig {
-
-	}
-
 	@Test
 	public void getAuthenticationManagerWhenNoAuthenticationThenNull() throws Exception {
 		this.spring.register(AuthenticationConfiguration.class, ObjectPostProcessorConfiguration.class).autowire();
@@ -145,11 +130,6 @@ public class AuthenticationConfigurationTests {
 				.isNull();
 	}
 
-	@Configuration
-	static class NoOpGlobalAuthenticationConfigurerAdapter extends GlobalAuthenticationConfigurerAdapter {
-
-	}
-
 	@Test
 	public void getAuthenticationWhenGlobalAuthenticationConfigurerAdapterThenAuthenticates() throws Exception {
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("user", "password");
@@ -162,16 +142,6 @@ public class AuthenticationConfigurationTests {
 		assertThat(authentication.authenticate(token).getName()).isEqualTo(token.getName());
 	}
 
-	@Configuration
-	static class UserGlobalAuthenticationConfigurerAdapter extends GlobalAuthenticationConfigurerAdapter {
-
-		@Override
-		public void init(AuthenticationManagerBuilder auth) throws Exception {
-			auth.inMemoryAuthentication().withUser(PasswordEncodedUser.user());
-		}
-
-	}
-
 	@Test
 	public void getAuthenticationWhenAuthenticationManagerBeanThenAuthenticates() throws Exception {
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("user", "password");
@@ -185,6 +155,200 @@ public class AuthenticationConfigurationTests {
 		assertThat(authentication.authenticate(token).getName()).isEqualTo(token.getName());
 	}
 
+	@Test
+	public void getAuthenticationWhenMultipleThenOrdered() throws Exception {
+		this.spring.register(AuthenticationConfiguration.class, ObjectPostProcessorConfiguration.class,
+				AuthenticationManagerBeanConfig.class).autowire();
+		AuthenticationConfiguration config = this.spring.getContext().getBean(AuthenticationConfiguration.class);
+		config.setGlobalAuthenticationConfigurers(Arrays.asList(new LowestOrderGlobalAuthenticationConfigurerAdapter(),
+				new HighestOrderGlobalAuthenticationConfigurerAdapter(),
+				new DefaultOrderGlobalAuthenticationConfigurerAdapter()));
+	}
+
+	@Test
+	public void getAuthenticationWhenConfiguredThenBootNotTrigger() throws Exception {
+		this.spring.register(AuthenticationConfiguration.class, ObjectPostProcessorConfiguration.class).autowire();
+		AuthenticationConfiguration config = this.spring.getContext().getBean(AuthenticationConfiguration.class);
+		config.setGlobalAuthenticationConfigurers(Arrays.asList(new ConfiguresInMemoryConfigurerAdapter(),
+				new BootGlobalAuthenticationConfigurerAdapter()));
+		AuthenticationManager authenticationManager = config.getAuthenticationManager();
+
+		authenticationManager.authenticate(new UsernamePasswordAuthenticationToken("user", "password"));
+
+		assertThatThrownBy(
+				() -> authenticationManager.authenticate(new UsernamePasswordAuthenticationToken("boot", "password")))
+						.isInstanceOf(AuthenticationException.class);
+
+	}
+
+	@Test
+	public void getAuthenticationWhenNotConfiguredThenBootTrigger() throws Exception {
+		this.spring.register(AuthenticationConfiguration.class, ObjectPostProcessorConfiguration.class).autowire();
+		AuthenticationConfiguration config = this.spring.getContext().getBean(AuthenticationConfiguration.class);
+		config.setGlobalAuthenticationConfigurers(Arrays.asList(new BootGlobalAuthenticationConfigurerAdapter()));
+		AuthenticationManager authenticationManager = config.getAuthenticationManager();
+
+		authenticationManager.authenticate(new UsernamePasswordAuthenticationToken("boot", "password"));
+	}
+
+	// gh-2531
+	@Test
+	public void getAuthenticationManagerWhenPostProcessThenUsesBeanClassLoaderOnProxyFactoryBean() throws Exception {
+		this.spring.register(Sec2531Config.class).autowire();
+		ObjectPostProcessor<Object> opp = this.spring.getContext().getBean(ObjectPostProcessor.class);
+		when(opp.postProcess(any())).thenAnswer(a -> a.getArgument(0));
+
+		AuthenticationConfiguration config = this.spring.getContext().getBean(AuthenticationConfiguration.class);
+		config.getAuthenticationManager();
+
+		verify(opp).postProcess(any(ProxyFactoryBean.class));
+	}
+
+	@Test
+	public void getAuthenticationManagerWhenSec2822ThenCannotForceAuthenticationAlreadyBuilt() throws Exception {
+		this.spring.register(Sec2822WebSecurity.class, Sec2822UseAuth.class, Sec2822Config.class).autowire();
+
+		this.spring.getContext().getBean(AuthenticationConfiguration.class).getAuthenticationManager();
+		// no exception
+	}
+
+	// sec-2868
+	@Test
+	public void getAuthenticationWhenUserDetailsServiceBeanThenAuthenticationManagerUsesUserDetailsServiceBean()
+			throws Exception {
+		this.spring.register(UserDetailsServiceBeanConfig.class).autowire();
+		UserDetailsService uds = this.spring.getContext().getBean(UserDetailsService.class);
+		AuthenticationManager am = this.spring.getContext().getBean(AuthenticationConfiguration.class)
+				.getAuthenticationManager();
+		when(uds.loadUserByUsername("user")).thenReturn(PasswordEncodedUser.user(), PasswordEncodedUser.user());
+
+		am.authenticate(new UsernamePasswordAuthenticationToken("user", "password"));
+
+		assertThatThrownBy(() -> am.authenticate(new UsernamePasswordAuthenticationToken("user", "invalid")))
+				.isInstanceOf(AuthenticationException.class);
+	}
+
+	@Test
+	public void getAuthenticationWhenUserDetailsServiceAndPasswordEncoderBeanThenEncoderUsed() throws Exception {
+		UserDetails user = new User("user", "$2a$10$FBAKClV1zBIOOC9XMXf3AO8RoGXYVYsfvUdoLxGkd/BnXEn4tqT3u",
+				AuthorityUtils.createAuthorityList("ROLE_USER"));
+		this.spring.register(UserDetailsServiceBeanWithPasswordEncoderConfig.class).autowire();
+		UserDetailsService uds = this.spring.getContext().getBean(UserDetailsService.class);
+		AuthenticationManager am = this.spring.getContext().getBean(AuthenticationConfiguration.class)
+				.getAuthenticationManager();
+		when(uds.loadUserByUsername("user")).thenReturn(User.withUserDetails(user).build(),
+				User.withUserDetails(user).build());
+
+		am.authenticate(new UsernamePasswordAuthenticationToken("user", "password"));
+
+		assertThatThrownBy(() -> am.authenticate(new UsernamePasswordAuthenticationToken("user", "invalid")))
+				.isInstanceOf(AuthenticationException.class);
+	}
+
+	@Test
+	public void getAuthenticationWhenUserDetailsServiceAndPasswordManagerThenManagerUsed() throws Exception {
+		UserDetails user = new User("user", "{noop}password", AuthorityUtils.createAuthorityList("ROLE_USER"));
+		this.spring.register(UserDetailsPasswordManagerBeanConfig.class).autowire();
+		UserDetailsPasswordManagerBeanConfig.Manager manager = this.spring.getContext()
+				.getBean(UserDetailsPasswordManagerBeanConfig.Manager.class);
+		AuthenticationManager am = this.spring.getContext().getBean(AuthenticationConfiguration.class)
+				.getAuthenticationManager();
+		when(manager.loadUserByUsername("user")).thenReturn(User.withUserDetails(user).build(),
+				User.withUserDetails(user).build());
+		when(manager.updatePassword(any(), any())).thenReturn(user);
+
+		am.authenticate(new UsernamePasswordAuthenticationToken("user", "password"));
+
+		verify(manager).updatePassword(eq(user), startsWith("{bcrypt}"));
+	}
+
+	@Test
+	public void getAuthenticationWhenAuthenticationProviderAndUserDetailsBeanThenAuthenticationProviderUsed()
+			throws Exception {
+		this.spring.register(AuthenticationProviderBeanAndUserDetailsServiceConfig.class).autowire();
+		AuthenticationProvider ap = this.spring.getContext().getBean(AuthenticationProvider.class);
+		AuthenticationManager am = this.spring.getContext().getBean(AuthenticationConfiguration.class)
+				.getAuthenticationManager();
+		when(ap.supports(any())).thenReturn(true);
+		when(ap.authenticate(any())).thenReturn(TestAuthentication.authenticatedUser());
+
+		am.authenticate(new UsernamePasswordAuthenticationToken("user", "password"));
+	}
+
+	// gh-3091
+	@Test
+	public void getAuthenticationWhenAuthenticationProviderBeanThenUsed() throws Exception {
+		this.spring.register(AuthenticationProviderBeanConfig.class).autowire();
+		AuthenticationProvider ap = this.spring.getContext().getBean(AuthenticationProvider.class);
+		AuthenticationManager am = this.spring.getContext().getBean(AuthenticationConfiguration.class)
+				.getAuthenticationManager();
+		when(ap.supports(any())).thenReturn(true);
+		when(ap.authenticate(any())).thenReturn(TestAuthentication.authenticatedUser());
+
+		am.authenticate(new UsernamePasswordAuthenticationToken("user", "password"));
+	}
+
+	@Test
+	public void enableGlobalMethodSecurityWhenPreAuthorizeThenNoException() {
+		this.spring.register(UsesPreAuthorizeMethodSecurityConfig.class, AuthenticationManagerBeanConfig.class)
+				.autowire();
+		// no exception
+	}
+
+	@Test
+	public void enableGlobalMethodSecurityWhenPreAuthorizeThenUsesMethodSecurityService() {
+		this.spring.register(ServicesConfig.class, UsesPreAuthorizeMethodSecurityConfig.class,
+				AuthenticationManagerBeanConfig.class).autowire();
+		// no exception
+	}
+
+	@Test
+	public void getAuthenticationManagerBeanWhenMultipleDefinedAndOnePrimaryThenNoException() throws Exception {
+		this.spring.register(MultipleAuthenticationManagerBeanConfig.class).autowire();
+		this.spring.getContext().getBeanFactory().getBean(AuthenticationConfiguration.class).getAuthenticationManager();
+	}
+
+	@Test
+	public void getAuthenticationManagerWhenAuthenticationConfigurationSubclassedThenBuildsUsingBean()
+			throws Exception {
+		this.spring.register(AuthenticationConfigurationSubclass.class).autowire();
+		AuthenticationManagerBuilder ap = this.spring.getContext().getBean(AuthenticationManagerBuilder.class);
+
+		this.spring.getContext().getBean(AuthenticationConfiguration.class).getAuthenticationManager();
+
+		assertThatThrownBy(ap::build).isInstanceOf(AlreadyBuiltException.class);
+	}
+
+	@EnableGlobalMethodSecurity(securedEnabled = true)
+	static class GlobalMethodSecurityAutowiredConfig {
+
+	}
+
+	@EnableWebSecurity
+	static class WebSecurityConfig {
+
+	}
+
+	@EnableWebMvcSecurity
+	static class WebMvcSecurityConfig {
+
+	}
+
+	@Configuration
+	static class NoOpGlobalAuthenticationConfigurerAdapter extends GlobalAuthenticationConfigurerAdapter {
+
+	}
+
+	@Configuration
+	static class UserGlobalAuthenticationConfigurerAdapter extends GlobalAuthenticationConfigurerAdapter {
+
+		@Override
+		public void init(AuthenticationManagerBuilder auth) throws Exception {
+			auth.inMemoryAuthentication().withUser(PasswordEncodedUser.user());
+		}
+
+	}
+
 	@Configuration
 	static class AuthenticationManagerBeanConfig {
 
@@ -197,9 +361,6 @@ public class AuthenticationConfigurationTests {
 
 	}
 
-	//
-	// //
-	//
 	@Configuration
 	static class ServicesConfig {
 
@@ -225,16 +386,6 @@ public class AuthenticationConfigurationTests {
 
 	}
 
-	@Test
-	public void getAuthenticationWhenMultipleThenOrdered() throws Exception {
-		this.spring.register(AuthenticationConfiguration.class, ObjectPostProcessorConfiguration.class,
-				AuthenticationManagerBeanConfig.class).autowire();
-		AuthenticationConfiguration config = this.spring.getContext().getBean(AuthenticationConfiguration.class);
-		config.setGlobalAuthenticationConfigurers(Arrays.asList(new LowestOrderGlobalAuthenticationConfigurerAdapter(),
-				new HighestOrderGlobalAuthenticationConfigurerAdapter(),
-				new DefaultOrderGlobalAuthenticationConfigurerAdapter()));
-	}
-
 	static class DefaultOrderGlobalAuthenticationConfigurerAdapter extends GlobalAuthenticationConfigurerAdapter {
 
 		static List<Class<?>> inits = new ArrayList<>();
@@ -264,32 +415,6 @@ public class AuthenticationConfigurationTests {
 
 	}
 
-	@Test
-	public void getAuthenticationWhenConfiguredThenBootNotTrigger() throws Exception {
-		this.spring.register(AuthenticationConfiguration.class, ObjectPostProcessorConfiguration.class).autowire();
-		AuthenticationConfiguration config = this.spring.getContext().getBean(AuthenticationConfiguration.class);
-		config.setGlobalAuthenticationConfigurers(Arrays.asList(new ConfiguresInMemoryConfigurerAdapter(),
-				new BootGlobalAuthenticationConfigurerAdapter()));
-		AuthenticationManager authenticationManager = config.getAuthenticationManager();
-
-		authenticationManager.authenticate(new UsernamePasswordAuthenticationToken("user", "password"));
-
-		assertThatThrownBy(
-				() -> authenticationManager.authenticate(new UsernamePasswordAuthenticationToken("boot", "password")))
-						.isInstanceOf(AuthenticationException.class);
-
-	}
-
-	@Test
-	public void getAuthenticationWhenNotConfiguredThenBootTrigger() throws Exception {
-		this.spring.register(AuthenticationConfiguration.class, ObjectPostProcessorConfiguration.class).autowire();
-		AuthenticationConfiguration config = this.spring.getContext().getBean(AuthenticationConfiguration.class);
-		config.setGlobalAuthenticationConfigurers(Arrays.asList(new BootGlobalAuthenticationConfigurerAdapter()));
-		AuthenticationManager authenticationManager = config.getAuthenticationManager();
-
-		authenticationManager.authenticate(new UsernamePasswordAuthenticationToken("boot", "password"));
-	}
-
 	static class ConfiguresInMemoryConfigurerAdapter extends GlobalAuthenticationConfigurerAdapter {
 
 		@Override
@@ -335,19 +460,6 @@ public class AuthenticationConfigurationTests {
 
 	}
 
-	// gh-2531
-	@Test
-	public void getAuthenticationManagerWhenPostProcessThenUsesBeanClassLoaderOnProxyFactoryBean() throws Exception {
-		this.spring.register(Sec2531Config.class).autowire();
-		ObjectPostProcessor<Object> opp = this.spring.getContext().getBean(ObjectPostProcessor.class);
-		when(opp.postProcess(any())).thenAnswer(a -> a.getArgument(0));
-
-		AuthenticationConfiguration config = this.spring.getContext().getBean(AuthenticationConfiguration.class);
-		config.getAuthenticationManager();
-
-		verify(opp).postProcess(any(ProxyFactoryBean.class));
-	}
-
 	@Configuration
 	@Import(AuthenticationConfiguration.class)
 	static class Sec2531Config {
@@ -364,14 +476,6 @@ public class AuthenticationConfigurationTests {
 
 	}
 
-	@Test
-	public void getAuthenticationManagerWhenSec2822ThenCannotForceAuthenticationAlreadyBuilt() throws Exception {
-		this.spring.register(Sec2822WebSecurity.class, Sec2822UseAuth.class, Sec2822Config.class).autowire();
-
-		this.spring.getContext().getBean(AuthenticationConfiguration.class).getAuthenticationManager();
-		// no exception
-	}
-
 	@Configuration
 	@Import(AuthenticationConfiguration.class)
 	static class Sec2822Config {
@@ -410,22 +514,6 @@ public class AuthenticationConfigurationTests {
 
 	}
 
-	// sec-2868
-	@Test
-	public void getAuthenticationWhenUserDetailsServiceBeanThenAuthenticationManagerUsesUserDetailsServiceBean()
-			throws Exception {
-		this.spring.register(UserDetailsServiceBeanConfig.class).autowire();
-		UserDetailsService uds = this.spring.getContext().getBean(UserDetailsService.class);
-		AuthenticationManager am = this.spring.getContext().getBean(AuthenticationConfiguration.class)
-				.getAuthenticationManager();
-		when(uds.loadUserByUsername("user")).thenReturn(PasswordEncodedUser.user(), PasswordEncodedUser.user());
-
-		am.authenticate(new UsernamePasswordAuthenticationToken("user", "password"));
-
-		assertThatThrownBy(() -> am.authenticate(new UsernamePasswordAuthenticationToken("user", "invalid")))
-				.isInstanceOf(AuthenticationException.class);
-	}
-
 	@Configuration
 	@Import({ AuthenticationConfiguration.class, ObjectPostProcessorConfiguration.class })
 	static class UserDetailsServiceBeanConfig {
@@ -439,23 +527,6 @@ public class AuthenticationConfigurationTests {
 
 	}
 
-	@Test
-	public void getAuthenticationWhenUserDetailsServiceAndPasswordEncoderBeanThenEncoderUsed() throws Exception {
-		UserDetails user = new User("user", "$2a$10$FBAKClV1zBIOOC9XMXf3AO8RoGXYVYsfvUdoLxGkd/BnXEn4tqT3u",
-				AuthorityUtils.createAuthorityList("ROLE_USER"));
-		this.spring.register(UserDetailsServiceBeanWithPasswordEncoderConfig.class).autowire();
-		UserDetailsService uds = this.spring.getContext().getBean(UserDetailsService.class);
-		AuthenticationManager am = this.spring.getContext().getBean(AuthenticationConfiguration.class)
-				.getAuthenticationManager();
-		when(uds.loadUserByUsername("user")).thenReturn(User.withUserDetails(user).build(),
-				User.withUserDetails(user).build());
-
-		am.authenticate(new UsernamePasswordAuthenticationToken("user", "password"));
-
-		assertThatThrownBy(() -> am.authenticate(new UsernamePasswordAuthenticationToken("user", "invalid")))
-				.isInstanceOf(AuthenticationException.class);
-	}
-
 	@Configuration
 	@Import({ AuthenticationConfiguration.class, ObjectPostProcessorConfiguration.class })
 	static class UserDetailsServiceBeanWithPasswordEncoderConfig {
@@ -474,23 +545,6 @@ public class AuthenticationConfigurationTests {
 
 	}
 
-	@Test
-	public void getAuthenticationWhenUserDetailsServiceAndPasswordManagerThenManagerUsed() throws Exception {
-		UserDetails user = new User("user", "{noop}password", AuthorityUtils.createAuthorityList("ROLE_USER"));
-		this.spring.register(UserDetailsPasswordManagerBeanConfig.class).autowire();
-		UserDetailsPasswordManagerBeanConfig.Manager manager = this.spring.getContext()
-				.getBean(UserDetailsPasswordManagerBeanConfig.Manager.class);
-		AuthenticationManager am = this.spring.getContext().getBean(AuthenticationConfiguration.class)
-				.getAuthenticationManager();
-		when(manager.loadUserByUsername("user")).thenReturn(User.withUserDetails(user).build(),
-				User.withUserDetails(user).build());
-		when(manager.updatePassword(any(), any())).thenReturn(user);
-
-		am.authenticate(new UsernamePasswordAuthenticationToken("user", "password"));
-
-		verify(manager).updatePassword(eq(user), startsWith("{bcrypt}"));
-	}
-
 	@Configuration
 	@Import({ AuthenticationConfiguration.class, ObjectPostProcessorConfiguration.class })
 	static class UserDetailsPasswordManagerBeanConfig {
@@ -508,19 +562,6 @@ public class AuthenticationConfigurationTests {
 
 	}
 
-	// gh-3091
-	@Test
-	public void getAuthenticationWhenAuthenticationProviderBeanThenUsed() throws Exception {
-		this.spring.register(AuthenticationProviderBeanConfig.class).autowire();
-		AuthenticationProvider ap = this.spring.getContext().getBean(AuthenticationProvider.class);
-		AuthenticationManager am = this.spring.getContext().getBean(AuthenticationConfiguration.class)
-				.getAuthenticationManager();
-		when(ap.supports(any())).thenReturn(true);
-		when(ap.authenticate(any())).thenReturn(TestAuthentication.authenticatedUser());
-
-		am.authenticate(new UsernamePasswordAuthenticationToken("user", "password"));
-	}
-
 	@Configuration
 	@Import({ AuthenticationConfiguration.class, ObjectPostProcessorConfiguration.class })
 	static class AuthenticationProviderBeanConfig {
@@ -534,19 +575,6 @@ public class AuthenticationConfigurationTests {
 
 	}
 
-	@Test
-	public void getAuthenticationWhenAuthenticationProviderAndUserDetailsBeanThenAuthenticationProviderUsed()
-			throws Exception {
-		this.spring.register(AuthenticationProviderBeanAndUserDetailsServiceConfig.class).autowire();
-		AuthenticationProvider ap = this.spring.getContext().getBean(AuthenticationProvider.class);
-		AuthenticationManager am = this.spring.getContext().getBean(AuthenticationConfiguration.class)
-				.getAuthenticationManager();
-		when(ap.supports(any())).thenReturn(true);
-		when(ap.authenticate(any())).thenReturn(TestAuthentication.authenticatedUser());
-
-		am.authenticate(new UsernamePasswordAuthenticationToken("user", "password"));
-	}
-
 	@Configuration
 	@Import({ AuthenticationConfiguration.class, ObjectPostProcessorConfiguration.class })
 	static class AuthenticationProviderBeanAndUserDetailsServiceConfig {
@@ -567,14 +595,6 @@ public class AuthenticationConfigurationTests {
 
 	}
 
-	@Test
-	public void enableGlobalMethodSecurityWhenPreAuthorizeThenNoException() {
-		this.spring.register(UsesPreAuthorizeMethodSecurityConfig.class, AuthenticationManagerBeanConfig.class)
-				.autowire();
-
-		// no exception
-	}
-
 	@Configuration
 	@EnableGlobalMethodSecurity(prePostEnabled = true)
 	static class UsesPreAuthorizeMethodSecurityConfig {
@@ -585,14 +605,6 @@ public class AuthenticationConfigurationTests {
 
 	}
 
-	@Test
-	public void enableGlobalMethodSecurityWhenPreAuthorizeThenUsesMethodSecurityService() {
-		this.spring.register(ServicesConfig.class, UsesPreAuthorizeMethodSecurityConfig.class,
-				AuthenticationManagerBeanConfig.class).autowire();
-
-		// no exception
-	}
-
 	@Configuration
 	@EnableGlobalMethodSecurity(securedEnabled = true)
 	static class UsesServiceMethodSecurityConfig {
@@ -602,12 +614,6 @@ public class AuthenticationConfigurationTests {
 
 	}
 
-	@Test
-	public void getAuthenticationManagerBeanWhenMultipleDefinedAndOnePrimaryThenNoException() throws Exception {
-		this.spring.register(MultipleAuthenticationManagerBeanConfig.class).autowire();
-		this.spring.getContext().getBeanFactory().getBean(AuthenticationConfiguration.class).getAuthenticationManager();
-	}
-
 	@Configuration
 	@Import(AuthenticationConfiguration.class)
 	static class MultipleAuthenticationManagerBeanConfig {
@@ -625,17 +631,6 @@ public class AuthenticationConfigurationTests {
 
 	}
 
-	@Test
-	public void getAuthenticationManagerWhenAuthenticationConfigurationSubclassedThenBuildsUsingBean()
-			throws Exception {
-		this.spring.register(AuthenticationConfigurationSubclass.class).autowire();
-		AuthenticationManagerBuilder ap = this.spring.getContext().getBean(AuthenticationManagerBuilder.class);
-
-		this.spring.getContext().getBean(AuthenticationConfiguration.class).getAuthenticationManager();
-
-		assertThatThrownBy(ap::build).isInstanceOf(AlreadyBuiltException.class);
-	}
-
 	@Configuration
 	static class AuthenticationConfigurationSubclass extends AuthenticationConfiguration {
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/EnableGlobalAuthenticationTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/EnableGlobalAuthenticationTests.java
index c36a69936c..b854bd952f 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/EnableGlobalAuthenticationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/EnableGlobalAuthenticationTests.java
@@ -45,6 +45,26 @@ public class EnableGlobalAuthenticationTests {
 		assertThat(auth.getAuthenticationManager()).isNotNull();
 	}
 
+	@Test
+	public void enableGlobalAuthenticationWhenNoConfigurationAnnotationThenBeanProxyingEnabled() {
+		this.spring.register(BeanProxyEnabledByDefaultConfig.class).autowire();
+
+		Child childBean = this.spring.getContext().getBean(Child.class);
+		Parent parentBean = this.spring.getContext().getBean(Parent.class);
+
+		assertThat(parentBean.getChild()).isSameAs(childBean);
+	}
+
+	@Test
+	public void enableGlobalAuthenticationWhenProxyBeanMethodsFalseThenBeanProxyingDisabled() {
+		this.spring.register(BeanProxyDisabledConfig.class).autowire();
+
+		Child childBean = this.spring.getContext().getBean(Child.class);
+		Parent parentBean = this.spring.getContext().getBean(Parent.class);
+
+		assertThat(parentBean.getChild()).isNotSameAs(childBean);
+	}
+
 	@Configuration
 	@EnableGlobalAuthentication
 	static class Config {
@@ -56,16 +76,6 @@ public class EnableGlobalAuthenticationTests {
 
 	}
 
-	@Test
-	public void enableGlobalAuthenticationWhenNoConfigurationAnnotationThenBeanProxyingEnabled() {
-		this.spring.register(BeanProxyEnabledByDefaultConfig.class).autowire();
-
-		Child childBean = this.spring.getContext().getBean(Child.class);
-		Parent parentBean = this.spring.getContext().getBean(Parent.class);
-
-		assertThat(parentBean.getChild()).isSameAs(childBean);
-	}
-
 	@EnableGlobalAuthentication
 	static class BeanProxyEnabledByDefaultConfig {
 
@@ -81,16 +91,6 @@ public class EnableGlobalAuthenticationTests {
 
 	}
 
-	@Test
-	public void enableGlobalAuthenticationWhenProxyBeanMethodsFalseThenBeanProxyingDisabled() {
-		this.spring.register(BeanProxyDisabledConfig.class).autowire();
-
-		Child childBean = this.spring.getContext().getBean(Child.class);
-		Parent parentBean = this.spring.getContext().getBean(Parent.class);
-
-		assertThat(parentBean.getChild()).isNotSameAs(childBean);
-	}
-
 	@Configuration(proxyBeanMethods = false)
 	@EnableGlobalAuthentication
 	static class BeanProxyDisabledConfig {
diff --git a/config/src/test/java/org/springframework/security/config/annotation/configuration/AutowireBeanFactoryObjectPostProcessorTests.java b/config/src/test/java/org/springframework/security/config/annotation/configuration/AutowireBeanFactoryObjectPostProcessorTests.java
index 5c93b35afb..c24f59a092 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/configuration/AutowireBeanFactoryObjectPostProcessorTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/configuration/AutowireBeanFactoryObjectPostProcessorTests.java
@@ -126,6 +126,25 @@ public class AutowireBeanFactoryObjectPostProcessorTests {
 		verify(toPostProcess).destroy();
 	}
 
+	@Test
+	public void postProcessWhenSmartInitializingSingletonThenAwareInvoked() {
+		this.spring.register(Config.class, SmartConfig.class).autowire();
+
+		SmartConfig config = this.spring.getContext().getBean(SmartConfig.class);
+
+		verify(config.toTest).afterSingletonsInstantiated();
+	}
+
+	@Test
+	// SEC-2382
+	public void autowireBeanFactoryWhenBeanNameAutoProxyCreatorThenWorks() {
+		this.spring.testConfigLocations("AutowireBeanFactoryObjectPostProcessorTests-aopconfig.xml").autowire();
+
+		MyAdvisedBean bean = this.spring.getContext().getBean(MyAdvisedBean.class);
+
+		assertThat(bean.doStuff()).isEqualTo("null");
+	}
+
 	@Configuration
 	static class Config {
 
@@ -136,15 +155,6 @@ public class AutowireBeanFactoryObjectPostProcessorTests {
 
 	}
 
-	@Test
-	public void postProcessWhenSmartInitializingSingletonThenAwareInvoked() {
-		this.spring.register(Config.class, SmartConfig.class).autowire();
-
-		SmartConfig config = this.spring.getContext().getBean(SmartConfig.class);
-
-		verify(config.toTest).afterSingletonsInstantiated();
-	}
-
 	@Configuration
 	static class SmartConfig {
 
@@ -157,16 +167,6 @@ public class AutowireBeanFactoryObjectPostProcessorTests {
 
 	}
 
-	@Test
-	// SEC-2382
-	public void autowireBeanFactoryWhenBeanNameAutoProxyCreatorThenWorks() {
-		this.spring.testConfigLocations("AutowireBeanFactoryObjectPostProcessorTests-aopconfig.xml").autowire();
-
-		MyAdvisedBean bean = this.spring.getContext().getBean(MyAdvisedBean.class);
-
-		assertThat(bean.doStuff()).isEqualTo("null");
-	}
-
 	@Configuration
 	static class WithBeanNameAutoProxyCreatorConfig {
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfigurationTests.java
index 93f787f010..697f72734a 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfigurationTests.java
@@ -101,27 +101,11 @@ public class GlobalMethodSecurityConfigurationTests {
 		this.spring.register(IllegalStateGlobalMethodSecurityConfig.class).autowire();
 	}
 
-	@EnableGlobalMethodSecurity
-	public static class IllegalStateGlobalMethodSecurityConfig extends GlobalMethodSecurityConfiguration {
-
-	}
-
 	@Test
 	public void configureWhenGlobalMethodSecurityHasCustomMetadataSourceThenNoEnablingAttributeIsNeeded() {
 		this.spring.register(CustomMetadataSourceConfig.class).autowire();
 	}
 
-	@EnableGlobalMethodSecurity
-	public static class CustomMetadataSourceConfig extends GlobalMethodSecurityConfiguration {
-
-		@Bean
-		@Override
-		protected MethodSecurityMetadataSource customMethodSecurityMetadataSource() {
-			return mock(MethodSecurityMetadataSource.class);
-		}
-
-	}
-
 	@Test
 	public void methodSecurityAuthenticationManagerPublishesEvent() {
 		this.spring.register(InMemoryAuthWithGlobalMethodSecurityConfig.class).autowire();
@@ -136,25 +120,6 @@ public class GlobalMethodSecurityConfigurationTests {
 				.containsOnly((Class) AuthenticationFailureBadCredentialsEvent.class);
 	}
 
-	@EnableGlobalMethodSecurity(prePostEnabled = true)
-	public static class InMemoryAuthWithGlobalMethodSecurityConfig extends GlobalMethodSecurityConfiguration {
-
-		@Override
-		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
-			// @formatter:off
-			auth
-				.inMemoryAuthentication();
-			// @formatter:on
-		}
-
-		@Bean
-		public MockEventListener<AbstractAuthenticationEvent> listener() {
-			return new MockEventListener<AbstractAuthenticationEvent>() {
-			};
-		}
-
-	}
-
 	@Test
 	@WithMockUser
 	public void methodSecurityWhenAuthenticationTrustResolverIsBeanThenAutowires() {
@@ -170,21 +135,6 @@ public class GlobalMethodSecurityConfigurationTests {
 		verify(trustResolver, atLeastOnce()).isAnonymous(any());
 	}
 
-	@EnableGlobalMethodSecurity(prePostEnabled = true)
-	static class CustomTrustResolverConfig {
-
-		@Bean
-		public AuthenticationTrustResolver trustResolver() {
-			return mock(AuthenticationTrustResolver.class);
-		}
-
-		@Bean
-		public MethodSecurityServiceImpl service() {
-			return new MethodSecurityServiceImpl();
-		}
-
-	}
-
 	// SEC-2301
 	@Test
 	@WithMockUser
@@ -197,21 +147,6 @@ public class GlobalMethodSecurityConfigurationTests {
 		this.service.preAuthorizeBean(true);
 	}
 
-	@EnableGlobalMethodSecurity(prePostEnabled = true, proxyTargetClass = true)
-	static class ExpressionHandlerHasBeanResolverSetConfig {
-
-		@Bean
-		public MethodSecurityServiceImpl service() {
-			return new MethodSecurityServiceImpl();
-		}
-
-		@Bean
-		public Authz authz() {
-			return new Authz();
-		}
-
-	}
-
 	@Test
 	@WithMockUser
 	public void methodSecuritySupportsAnnotaitonsOnInterfaceParamerNames() {
@@ -223,16 +158,6 @@ public class GlobalMethodSecurityConfigurationTests {
 		// no exception
 	}
 
-	@EnableGlobalMethodSecurity(prePostEnabled = true)
-	static class MethodSecurityServiceConfig {
-
-		@Bean
-		public MethodSecurityService service() {
-			return new MethodSecurityServiceImpl();
-		}
-
-	}
-
 	@Test
 	@WithMockUser
 	public void globalMethodSecurityConfigurationAutowiresPermissionEvaluator() {
@@ -246,21 +171,6 @@ public class GlobalMethodSecurityConfigurationTests {
 		assertThatThrownBy(() -> this.service.hasPermission("something")).isInstanceOf(AccessDeniedException.class);
 	}
 
-	@EnableGlobalMethodSecurity(prePostEnabled = true)
-	public static class AutowirePermissionEvaluatorConfig {
-
-		@Bean
-		public PermissionEvaluator permissionEvaluator() {
-			return mock(PermissionEvaluator.class);
-		}
-
-		@Bean
-		public MethodSecurityService service() {
-			return new MethodSecurityServiceImpl();
-		}
-
-	}
-
 	@Test
 	public void multiPermissionEvaluatorConfig() {
 		this.spring.register(MultiPermissionEvaluatorConfig.class).autowire();
@@ -268,21 +178,6 @@ public class GlobalMethodSecurityConfigurationTests {
 		// no exception
 	}
 
-	@EnableGlobalMethodSecurity(prePostEnabled = true)
-	public static class MultiPermissionEvaluatorConfig {
-
-		@Bean
-		public PermissionEvaluator permissionEvaluator() {
-			return mock(PermissionEvaluator.class);
-		}
-
-		@Bean
-		public PermissionEvaluator permissionEvaluator2() {
-			return mock(PermissionEvaluator.class);
-		}
-
-	}
-
 	// SEC-2425
 	@Test
 	@WithMockUser
@@ -292,21 +187,6 @@ public class GlobalMethodSecurityConfigurationTests {
 		assertThatThrownBy(() -> this.service.preAuthorize()).isInstanceOf(AccessDeniedException.class);
 	}
 
-	@Configuration
-	static class ChildConfig extends ParentConfig {
-
-	}
-
-	@EnableGlobalMethodSecurity(prePostEnabled = true)
-	static class ParentConfig {
-
-		@Bean
-		public MethodSecurityService service() {
-			return new MethodSecurityServiceImpl();
-		}
-
-	}
-
 	// SEC-2479
 	@Test
 	@WithMockUser
@@ -325,6 +205,221 @@ public class GlobalMethodSecurityConfigurationTests {
 		}
 	}
 
+	@Test
+	public void enableGlobalMethodSecurityDoesNotTriggerEagerInitializationOfBeansInGlobalAuthenticationConfigurer() {
+		this.spring.register(Sec2815Config.class).autowire();
+
+		MockBeanPostProcessor pp = this.spring.getContext().getBean(MockBeanPostProcessor.class);
+
+		assertThat(pp.beforeInit).containsKeys("dataSource");
+		assertThat(pp.afterInit).containsKeys("dataSource");
+	}
+
+	// SEC-3045
+	@Test
+	public void globalSecurityProxiesSecurity() {
+		this.spring.register(Sec3005Config.class).autowire();
+
+		assertThat(this.service.getClass()).matches(c -> !Proxy.isProxyClass(c), "is not proxy class");
+	}
+	//
+	// // gh-3797
+	// def preAuthorizeBeanSpel() {
+	// setup:
+	// SecurityContextHolder.getContext().setAuthentication(
+	// new TestingAuthenticationToken("user", "password","ROLE_USER"))
+	// context = new AnnotationConfigApplicationContext(PreAuthorizeBeanSpelConfig)
+	// BeanSpelService service = context.getBean(BeanSpelService)
+	// when:
+	// service.run(true)
+	// then:
+	// noExceptionThrown()
+	// when:
+	// service.run(false)
+	// then:
+	// thrown(AccessDeniedException)
+	// }
+	//
+
+	@Test
+	@WithMockUser
+	public void preAuthorizeBeanSpel() {
+		this.spring.register(PreAuthorizeBeanSpelConfig.class).autowire();
+
+		assertThatThrownBy(() -> this.service.preAuthorizeBean(false)).isInstanceOf(AccessDeniedException.class);
+
+		this.service.preAuthorizeBean(true);
+	}
+
+	// gh-3394
+	@Test
+	@WithMockUser
+	public void roleHierarchy() {
+		this.spring.register(RoleHierarchyConfig.class).autowire();
+
+		assertThatThrownBy(() -> this.service.preAuthorize()).isInstanceOf(AccessDeniedException.class);
+		this.service.preAuthorizeAdmin();
+	}
+
+	@Test
+	@WithMockUser(authorities = "ROLE:USER")
+	public void grantedAuthorityDefaultsAutowires() {
+		this.spring.register(CustomGrantedAuthorityConfig.class).autowire();
+
+		CustomGrantedAuthorityConfig.CustomAuthorityService customService = this.spring.getContext()
+				.getBean(CustomGrantedAuthorityConfig.CustomAuthorityService.class);
+
+		assertThatThrownBy(() -> this.service.preAuthorize()).isInstanceOf(AccessDeniedException.class);
+
+		customService.customPrefixRoleUser();
+		// no exception
+	}
+
+	@Test
+	@WithMockUser(authorities = "USER")
+	public void grantedAuthorityDefaultsWithEmptyRolePrefix() {
+		this.spring.register(EmptyRolePrefixGrantedAuthorityConfig.class).autowire();
+
+		EmptyRolePrefixGrantedAuthorityConfig.CustomAuthorityService customService = this.spring.getContext()
+				.getBean(EmptyRolePrefixGrantedAuthorityConfig.CustomAuthorityService.class);
+
+		assertThatThrownBy(() -> this.service.securedUser()).isInstanceOf(AccessDeniedException.class);
+
+		customService.emptyPrefixRoleUser();
+		// no exception
+	}
+
+	@Test
+	public void methodSecurityInterceptorUsesMetadataSourceBeanWhenProxyingDisabled() {
+		this.spring.register(CustomMetadataSourceBeanProxyEnabledConfig.class).autowire();
+		MethodSecurityInterceptor methodInterceptor = (MethodSecurityInterceptor) this.spring.getContext()
+				.getBean(MethodInterceptor.class);
+		MethodSecurityMetadataSource methodSecurityMetadataSource = this.spring.getContext()
+				.getBean(MethodSecurityMetadataSource.class);
+
+		assertThat(methodInterceptor.getSecurityMetadataSource()).isSameAs(methodSecurityMetadataSource);
+	}
+
+	@EnableGlobalMethodSecurity
+	public static class IllegalStateGlobalMethodSecurityConfig extends GlobalMethodSecurityConfiguration {
+
+	}
+
+	@EnableGlobalMethodSecurity
+	public static class CustomMetadataSourceConfig extends GlobalMethodSecurityConfiguration {
+
+		@Bean
+		@Override
+		protected MethodSecurityMetadataSource customMethodSecurityMetadataSource() {
+			return mock(MethodSecurityMetadataSource.class);
+		}
+
+	}
+
+	@EnableGlobalMethodSecurity(prePostEnabled = true)
+	public static class InMemoryAuthWithGlobalMethodSecurityConfig extends GlobalMethodSecurityConfiguration {
+
+		@Override
+		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
+			auth
+			.inMemoryAuthentication();
+			// @formatter:on
+		}
+
+		@Bean
+		public MockEventListener<AbstractAuthenticationEvent> listener() {
+			return new MockEventListener<AbstractAuthenticationEvent>() {
+			};
+		}
+
+	}
+
+	@EnableGlobalMethodSecurity(prePostEnabled = true)
+	static class CustomTrustResolverConfig {
+
+		@Bean
+		public AuthenticationTrustResolver trustResolver() {
+			return mock(AuthenticationTrustResolver.class);
+		}
+
+		@Bean
+		public MethodSecurityServiceImpl service() {
+			return new MethodSecurityServiceImpl();
+		}
+
+	}
+
+	@EnableGlobalMethodSecurity(prePostEnabled = true, proxyTargetClass = true)
+	static class ExpressionHandlerHasBeanResolverSetConfig {
+
+		@Bean
+		public MethodSecurityServiceImpl service() {
+			return new MethodSecurityServiceImpl();
+		}
+
+		@Bean
+		public Authz authz() {
+			return new Authz();
+		}
+
+	}
+
+	@EnableGlobalMethodSecurity(prePostEnabled = true)
+	static class MethodSecurityServiceConfig {
+
+		@Bean
+		public MethodSecurityService service() {
+			return new MethodSecurityServiceImpl();
+		}
+
+	}
+
+	@EnableGlobalMethodSecurity(prePostEnabled = true)
+	public static class AutowirePermissionEvaluatorConfig {
+
+		@Bean
+		public PermissionEvaluator permissionEvaluator() {
+			return mock(PermissionEvaluator.class);
+		}
+
+		@Bean
+		public MethodSecurityService service() {
+			return new MethodSecurityServiceImpl();
+		}
+
+	}
+
+	@EnableGlobalMethodSecurity(prePostEnabled = true)
+	public static class MultiPermissionEvaluatorConfig {
+
+		@Bean
+		public PermissionEvaluator permissionEvaluator() {
+			return mock(PermissionEvaluator.class);
+		}
+
+		@Bean
+		public PermissionEvaluator permissionEvaluator2() {
+			return mock(PermissionEvaluator.class);
+		}
+
+	}
+
+	@Configuration
+	static class ChildConfig extends ParentConfig {
+
+	}
+
+	@EnableGlobalMethodSecurity(prePostEnabled = true)
+	static class ParentConfig {
+
+		@Bean
+		public MethodSecurityService service() {
+			return new MethodSecurityServiceImpl();
+		}
+
+	}
+
 	@Configuration
 	static class Sec2479ParentConfig {
 
@@ -345,16 +440,6 @@ public class GlobalMethodSecurityConfigurationTests {
 
 	}
 
-	@Test
-	public void enableGlobalMethodSecurityDoesNotTriggerEagerInitializationOfBeansInGlobalAuthenticationConfigurer() {
-		this.spring.register(Sec2815Config.class).autowire();
-
-		MockBeanPostProcessor pp = this.spring.getContext().getBean(MockBeanPostProcessor.class);
-
-		assertThat(pp.beforeInit).containsKeys("dataSource");
-		assertThat(pp.afterInit).containsKeys("dataSource");
-	}
-
 	@EnableGlobalMethodSecurity(prePostEnabled = true)
 	static class Sec2815Config {
 
@@ -408,14 +493,6 @@ public class GlobalMethodSecurityConfigurationTests {
 
 	}
 
-	// SEC-3045
-	@Test
-	public void globalSecurityProxiesSecurity() {
-		this.spring.register(Sec3005Config.class).autowire();
-
-		assertThat(this.service.getClass()).matches(c -> !Proxy.isProxyClass(c), "is not proxy class");
-	}
-
 	@EnableGlobalMethodSecurity(prePostEnabled = true, mode = AdviceMode.ASPECTJ)
 	@EnableTransactionManagement
 	static class Sec3005Config {
@@ -432,35 +509,6 @@ public class GlobalMethodSecurityConfigurationTests {
 
 	}
 
-	//
-	// // gh-3797
-	// def preAuthorizeBeanSpel() {
-	// setup:
-	// SecurityContextHolder.getContext().setAuthentication(
-	// new TestingAuthenticationToken("user", "password","ROLE_USER"))
-	// context = new AnnotationConfigApplicationContext(PreAuthorizeBeanSpelConfig)
-	// BeanSpelService service = context.getBean(BeanSpelService)
-	// when:
-	// service.run(true)
-	// then:
-	// noExceptionThrown()
-	// when:
-	// service.run(false)
-	// then:
-	// thrown(AccessDeniedException)
-	// }
-	//
-
-	@Test
-	@WithMockUser
-	public void preAuthorizeBeanSpel() {
-		this.spring.register(PreAuthorizeBeanSpelConfig.class).autowire();
-
-		assertThatThrownBy(() -> this.service.preAuthorizeBean(false)).isInstanceOf(AccessDeniedException.class);
-
-		this.service.preAuthorizeBean(true);
-	}
-
 	@Configuration
 	@EnableGlobalMethodSecurity(prePostEnabled = true)
 	public static class PreAuthorizeBeanSpelConfig {
@@ -477,16 +525,6 @@ public class GlobalMethodSecurityConfigurationTests {
 
 	}
 
-	// gh-3394
-	@Test
-	@WithMockUser
-	public void roleHierarchy() {
-		this.spring.register(RoleHierarchyConfig.class).autowire();
-
-		assertThatThrownBy(() -> this.service.preAuthorize()).isInstanceOf(AccessDeniedException.class);
-		this.service.preAuthorizeAdmin();
-	}
-
 	@EnableGlobalMethodSecurity(prePostEnabled = true)
 	@Configuration
 	public static class RoleHierarchyConfig {
@@ -505,20 +543,6 @@ public class GlobalMethodSecurityConfigurationTests {
 
 	}
 
-	@Test
-	@WithMockUser(authorities = "ROLE:USER")
-	public void grantedAuthorityDefaultsAutowires() {
-		this.spring.register(CustomGrantedAuthorityConfig.class).autowire();
-
-		CustomGrantedAuthorityConfig.CustomAuthorityService customService = this.spring.getContext()
-				.getBean(CustomGrantedAuthorityConfig.CustomAuthorityService.class);
-
-		assertThatThrownBy(() -> this.service.preAuthorize()).isInstanceOf(AccessDeniedException.class);
-
-		customService.customPrefixRoleUser();
-		// no exception
-	}
-
 	@EnableGlobalMethodSecurity(prePostEnabled = true)
 	static class CustomGrantedAuthorityConfig {
 
@@ -547,20 +571,6 @@ public class GlobalMethodSecurityConfigurationTests {
 
 	}
 
-	@Test
-	@WithMockUser(authorities = "USER")
-	public void grantedAuthorityDefaultsWithEmptyRolePrefix() {
-		this.spring.register(EmptyRolePrefixGrantedAuthorityConfig.class).autowire();
-
-		EmptyRolePrefixGrantedAuthorityConfig.CustomAuthorityService customService = this.spring.getContext()
-				.getBean(EmptyRolePrefixGrantedAuthorityConfig.CustomAuthorityService.class);
-
-		assertThatThrownBy(() -> this.service.securedUser()).isInstanceOf(AccessDeniedException.class);
-
-		customService.emptyPrefixRoleUser();
-		// no exception
-	}
-
 	@EnableGlobalMethodSecurity(securedEnabled = true)
 	static class EmptyRolePrefixGrantedAuthorityConfig {
 
@@ -589,17 +599,6 @@ public class GlobalMethodSecurityConfigurationTests {
 
 	}
 
-	@Test
-	public void methodSecurityInterceptorUsesMetadataSourceBeanWhenProxyingDisabled() {
-		this.spring.register(CustomMetadataSourceBeanProxyEnabledConfig.class).autowire();
-		MethodSecurityInterceptor methodInterceptor = (MethodSecurityInterceptor) this.spring.getContext()
-				.getBean(MethodInterceptor.class);
-		MethodSecurityMetadataSource methodSecurityMetadataSource = this.spring.getContext()
-				.getBean(MethodSecurityMetadataSource.class);
-
-		assertThat(methodInterceptor.getSecurityMetadataSource()).isSameAs(methodSecurityMetadataSource);
-	}
-
 	@EnableGlobalMethodSecurity(prePostEnabled = true)
 	@Configuration
 	public static class CustomMetadataSourceBeanProxyEnabledConfig extends GlobalMethodSecurityConfiguration {
diff --git a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/NamespaceGlobalMethodSecurityTests.java b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/NamespaceGlobalMethodSecurityTests.java
index ccfc66ac40..49a0b080cb 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/NamespaceGlobalMethodSecurityTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/NamespaceGlobalMethodSecurityTests.java
@@ -73,8 +73,6 @@ public class NamespaceGlobalMethodSecurityTests {
 	@Autowired(required = false)
 	private MethodSecurityService service;
 
-	// --- access-decision-manager-ref ---
-
 	@Test
 	@WithMockUser
 	public void methodSecurityWhenCustomAccessDecisionManagerThenAuthorizes() {
@@ -86,6 +84,198 @@ public class NamespaceGlobalMethodSecurityTests {
 
 	}
 
+	@Test
+	@WithMockUser
+	public void methodSecurityWhenCustomAfterInvocationManagerThenAuthorizes() {
+		this.spring.register(CustomAfterInvocationManagerConfig.class, MethodSecurityServiceConfig.class).autowire();
+
+		assertThatThrownBy(() -> this.service.preAuthorizePermitAll()).isInstanceOf(AccessDeniedException.class);
+	}
+
+	@Test
+	@WithMockUser
+	public void methodSecurityWhenCustomAuthenticationManagerThenAuthorizes() {
+		this.spring.register(CustomAuthenticationConfig.class, MethodSecurityServiceConfig.class).autowire();
+
+		assertThatThrownBy(() -> this.service.preAuthorize()).isInstanceOf(UnsupportedOperationException.class);
+	}
+
+	@Test
+	@WithMockUser
+	public void methodSecurityWhenJsr250EnabledThenAuthorizes() {
+		this.spring.register(Jsr250Config.class, MethodSecurityServiceConfig.class).autowire();
+
+		assertThatCode(() -> this.service.preAuthorize()).doesNotThrowAnyException();
+
+		assertThatCode(() -> this.service.secured()).doesNotThrowAnyException();
+
+		assertThatThrownBy(() -> this.service.jsr250()).isInstanceOf(AccessDeniedException.class);
+
+		assertThatCode(() -> this.service.jsr250PermitAll()).doesNotThrowAnyException();
+
+	}
+
+	@Test
+	@WithMockUser
+	public void methodSecurityWhenCustomMethodSecurityMetadataSourceThenAuthorizes() {
+		this.spring.register(CustomMethodSecurityMetadataSourceConfig.class, MethodSecurityServiceConfig.class)
+				.autowire();
+
+		assertThatThrownBy(() -> this.service.preAuthorize()).isInstanceOf(AccessDeniedException.class);
+
+		assertThatThrownBy(() -> this.service.secured()).isInstanceOf(AccessDeniedException.class);
+
+		assertThatThrownBy(() -> this.service.jsr250()).isInstanceOf(AccessDeniedException.class);
+	}
+
+	@Test
+	@WithMockUser
+	public void contextRefreshWhenUsingAspectJThenAutowire() throws Exception {
+		this.spring.register(AspectJModeConfig.class, MethodSecurityServiceConfig.class).autowire();
+
+		assertThat(this.spring.getContext().getBean(
+				Class.forName("org.springframework.security.access.intercept.aspectj.aspect.AnnotationSecurityAspect")))
+						.isNotNull();
+		assertThat(this.spring.getContext().getBean(AspectJMethodSecurityInterceptor.class)).isNotNull();
+
+		// TODO diagnose why aspectj isn't weaving method security advice around
+		// MethodSecurityServiceImpl
+	}
+
+	@Test
+	public void contextRefreshWhenUsingAspectJAndCustomGlobalMethodSecurityConfigurationThenAutowire()
+			throws Exception {
+
+		this.spring.register(AspectJModeExtendsGMSCConfig.class).autowire();
+
+		assertThat(this.spring.getContext().getBean(
+				Class.forName("org.springframework.security.access.intercept.aspectj.aspect.AnnotationSecurityAspect")))
+						.isNotNull();
+		assertThat(this.spring.getContext().getBean(AspectJMethodSecurityInterceptor.class)).isNotNull();
+
+	}
+
+	@Test
+	@WithMockUser
+	public void methodSecurityWhenOrderSpecifiedThenConfigured() {
+		this.spring.register(CustomOrderConfig.class, MethodSecurityServiceConfig.class).autowire();
+
+		assertThat(this.spring.getContext().getBean("metaDataSourceAdvisor", MethodSecurityMetadataSourceAdvisor.class)
+				.getOrder()).isEqualTo(-135);
+
+		assertThatThrownBy(() -> this.service.jsr250()).isInstanceOf(AccessDeniedException.class);
+	}
+
+	@Test
+	@WithMockUser
+	public void methodSecurityWhenOrderUnspecifiedThenConfiguredToLowestPrecedence() {
+		this.spring.register(DefaultOrderConfig.class, MethodSecurityServiceConfig.class).autowire();
+
+		assertThat(this.spring.getContext().getBean("metaDataSourceAdvisor", MethodSecurityMetadataSourceAdvisor.class)
+				.getOrder()).isEqualTo(Ordered.LOWEST_PRECEDENCE);
+
+		assertThatThrownBy(() -> this.service.jsr250()).isInstanceOf(UnsupportedOperationException.class);
+	}
+
+	@Test
+	@WithMockUser
+	public void methodSecurityWhenOrderUnspecifiedAndCustomGlobalMethodSecurityConfigurationThenConfiguredToLowestPrecedence() {
+		this.spring.register(DefaultOrderExtendsMethodSecurityConfig.class, MethodSecurityServiceConfig.class)
+				.autowire();
+
+		assertThat(this.spring.getContext().getBean("metaDataSourceAdvisor", MethodSecurityMetadataSourceAdvisor.class)
+				.getOrder()).isEqualTo(Ordered.LOWEST_PRECEDENCE);
+
+		assertThatThrownBy(() -> this.service.jsr250()).isInstanceOf(UnsupportedOperationException.class);
+	}
+
+	@Test
+	@WithMockUser
+	public void methodSecurityWhenPrePostEnabledThenPreAuthorizes() {
+		this.spring.register(PreAuthorizeConfig.class, MethodSecurityServiceConfig.class).autowire();
+
+		assertThatCode(() -> this.service.secured()).doesNotThrowAnyException();
+
+		assertThatCode(() -> this.service.jsr250()).doesNotThrowAnyException();
+
+		assertThatThrownBy(() -> this.service.preAuthorize()).isInstanceOf(AccessDeniedException.class);
+	}
+
+	@Test
+	@WithMockUser
+	public void methodSecurityWhenPrePostEnabledAndCustomGlobalMethodSecurityConfigurationThenPreAuthorizes() {
+		this.spring.register(PreAuthorizeExtendsGMSCConfig.class, MethodSecurityServiceConfig.class).autowire();
+
+		assertThatCode(() -> this.service.secured()).doesNotThrowAnyException();
+
+		assertThatCode(() -> this.service.jsr250()).doesNotThrowAnyException();
+
+		assertThatThrownBy(() -> this.service.preAuthorize()).isInstanceOf(AccessDeniedException.class);
+	}
+
+	@Test
+	@WithMockUser
+	public void methodSecurityWhenProxyTargetClassThenDoesNotWireToInterface() {
+		this.spring.register(ProxyTargetClassConfig.class, MethodSecurityServiceConfig.class).autowire();
+
+		// make sure service was actually proxied
+		assertThat(this.service.getClass().getInterfaces()).doesNotContain(MethodSecurityService.class);
+
+		assertThatThrownBy(() -> this.service.preAuthorize()).isInstanceOf(AccessDeniedException.class);
+	}
+
+	@Test
+	@WithMockUser
+	public void methodSecurityWhenDefaultProxyThenWiresToInterface() {
+		this.spring.register(DefaultProxyConfig.class, MethodSecurityServiceConfig.class).autowire();
+
+		assertThat(this.service.getClass().getInterfaces()).contains(MethodSecurityService.class);
+
+		assertThatThrownBy(() -> this.service.preAuthorize()).isInstanceOf(AccessDeniedException.class);
+	}
+
+	@Test
+	@WithMockUser
+	public void methodSecurityWhenCustomRunAsManagerThenRunAsWrapsAuthentication() {
+		this.spring.register(CustomRunAsManagerConfig.class, MethodSecurityServiceConfig.class).autowire();
+
+		assertThat(this.service.runAs().getAuthorities())
+				.anyMatch(authority -> "ROLE_RUN_AS_SUPER".equals(authority.getAuthority()));
+	}
+
+	@Test
+	@WithMockUser
+	public void methodSecurityWhenSecuredEnabledThenSecures() {
+		this.spring.register(SecuredConfig.class, MethodSecurityServiceConfig.class).autowire();
+
+		assertThatThrownBy(() -> this.service.secured()).isInstanceOf(AccessDeniedException.class);
+
+		assertThatCode(() -> this.service.securedUser()).doesNotThrowAnyException();
+
+		assertThatCode(() -> this.service.preAuthorize()).doesNotThrowAnyException();
+
+		assertThatCode(() -> this.service.jsr250()).doesNotThrowAnyException();
+	}
+
+	@Test
+	@WithMockUser
+	public void methodSecurityWhenMissingEnableAnnotationThenShowsHelpfulError() {
+		assertThatThrownBy(() -> this.spring.register(ExtendsNoEnableAnntotationConfig.class).autowire())
+				.hasStackTraceContaining(EnableGlobalMethodSecurity.class.getName() + " is required");
+	}
+
+	@Test
+	@WithMockUser
+	public void methodSecurityWhenImportingGlobalMethodSecurityConfigurationSubclassThenAuthorizes() {
+		this.spring.register(ImportSubclassGMSCConfig.class, MethodSecurityServiceConfig.class).autowire();
+
+		assertThatCode(() -> this.service.secured()).doesNotThrowAnyException();
+
+		assertThatCode(() -> this.service.jsr250()).doesNotThrowAnyException();
+
+		assertThatThrownBy(() -> this.service.preAuthorize()).isInstanceOf(AccessDeniedException.class);
+	}
+
 	@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
 	public static class CustomAccessDecisionManagerConfig extends GlobalMethodSecurityConfiguration {
 
@@ -116,16 +306,6 @@ public class NamespaceGlobalMethodSecurityTests {
 
 	}
 
-	// --- after-invocation-provider
-
-	@Test
-	@WithMockUser
-	public void methodSecurityWhenCustomAfterInvocationManagerThenAuthorizes() {
-		this.spring.register(CustomAfterInvocationManagerConfig.class, MethodSecurityServiceConfig.class).autowire();
-
-		assertThatThrownBy(() -> this.service.preAuthorizePermitAll()).isInstanceOf(AccessDeniedException.class);
-	}
-
 	@EnableGlobalMethodSecurity(prePostEnabled = true)
 	public static class CustomAfterInvocationManagerConfig extends GlobalMethodSecurityConfiguration {
 
@@ -157,16 +337,6 @@ public class NamespaceGlobalMethodSecurityTests {
 
 	}
 
-	// --- authentication-manager-ref ---
-
-	@Test
-	@WithMockUser
-	public void methodSecurityWhenCustomAuthenticationManagerThenAuthorizes() {
-		this.spring.register(CustomAuthenticationConfig.class, MethodSecurityServiceConfig.class).autowire();
-
-		assertThatThrownBy(() -> this.service.preAuthorize()).isInstanceOf(UnsupportedOperationException.class);
-	}
-
 	@EnableGlobalMethodSecurity(prePostEnabled = true)
 	public static class CustomAuthenticationConfig extends GlobalMethodSecurityConfiguration {
 
@@ -186,44 +356,12 @@ public class NamespaceGlobalMethodSecurityTests {
 
 	}
 
-	// --- jsr250-annotations ---
-
-	@Test
-	@WithMockUser
-	public void methodSecurityWhenJsr250EnabledThenAuthorizes() {
-		this.spring.register(Jsr250Config.class, MethodSecurityServiceConfig.class).autowire();
-
-		assertThatCode(() -> this.service.preAuthorize()).doesNotThrowAnyException();
-
-		assertThatCode(() -> this.service.secured()).doesNotThrowAnyException();
-
-		assertThatThrownBy(() -> this.service.jsr250()).isInstanceOf(AccessDeniedException.class);
-
-		assertThatCode(() -> this.service.jsr250PermitAll()).doesNotThrowAnyException();
-
-	}
-
 	@EnableGlobalMethodSecurity(jsr250Enabled = true)
 	@Configuration
 	public static class Jsr250Config {
 
 	}
 
-	// --- metadata-source-ref ---
-
-	@Test
-	@WithMockUser
-	public void methodSecurityWhenCustomMethodSecurityMetadataSourceThenAuthorizes() {
-		this.spring.register(CustomMethodSecurityMetadataSourceConfig.class, MethodSecurityServiceConfig.class)
-				.autowire();
-
-		assertThatThrownBy(() -> this.service.preAuthorize()).isInstanceOf(AccessDeniedException.class);
-
-		assertThatThrownBy(() -> this.service.secured()).isInstanceOf(AccessDeniedException.class);
-
-		assertThatThrownBy(() -> this.service.jsr250()).isInstanceOf(AccessDeniedException.class);
-	}
-
 	@EnableGlobalMethodSecurity
 	public static class CustomMethodSecurityMetadataSourceConfig extends GlobalMethodSecurityConfiguration {
 
@@ -247,58 +385,18 @@ public class NamespaceGlobalMethodSecurityTests {
 
 	}
 
-	// --- mode ---
-
-	@Test
-	@WithMockUser
-	public void contextRefreshWhenUsingAspectJThenAutowire() throws Exception {
-		this.spring.register(AspectJModeConfig.class, MethodSecurityServiceConfig.class).autowire();
-
-		assertThat(this.spring.getContext().getBean(
-				Class.forName("org.springframework.security.access.intercept.aspectj.aspect.AnnotationSecurityAspect")))
-						.isNotNull();
-		assertThat(this.spring.getContext().getBean(AspectJMethodSecurityInterceptor.class)).isNotNull();
-
-		// TODO diagnose why aspectj isn't weaving method security advice around
-		// MethodSecurityServiceImpl
-	}
-
 	@EnableGlobalMethodSecurity(mode = AdviceMode.ASPECTJ, securedEnabled = true)
 	public static class AspectJModeConfig {
 
 	}
 
-	@Test
-	public void contextRefreshWhenUsingAspectJAndCustomGlobalMethodSecurityConfigurationThenAutowire()
-			throws Exception {
-
-		this.spring.register(AspectJModeExtendsGMSCConfig.class).autowire();
-
-		assertThat(this.spring.getContext().getBean(
-				Class.forName("org.springframework.security.access.intercept.aspectj.aspect.AnnotationSecurityAspect")))
-						.isNotNull();
-		assertThat(this.spring.getContext().getBean(AspectJMethodSecurityInterceptor.class)).isNotNull();
-
-	}
-
 	@EnableGlobalMethodSecurity(mode = AdviceMode.ASPECTJ, securedEnabled = true)
 	public static class AspectJModeExtendsGMSCConfig extends GlobalMethodSecurityConfiguration {
 
 	}
 
-	// --- order ---
-
 	private static class AdvisorOrderConfig implements ImportBeanDefinitionRegistrar {
 
-		private static class ExceptingInterceptor implements MethodInterceptor {
-
-			@Override
-			public Object invoke(MethodInvocation invocation) {
-				throw new UnsupportedOperationException("Deny All");
-			}
-
-		}
-
 		@Override
 		public void registerBeanDefinitions(AnnotationMetadata importingClassMetadata,
 				BeanDefinitionRegistry registry) {
@@ -315,17 +413,15 @@ public class NamespaceGlobalMethodSecurityTests {
 			registry.registerBeanDefinition("exceptingAdvisor", advisor.getBeanDefinition());
 		}
 
-	}
+		private static class ExceptingInterceptor implements MethodInterceptor {
 
-	@Test
-	@WithMockUser
-	public void methodSecurityWhenOrderSpecifiedThenConfigured() {
-		this.spring.register(CustomOrderConfig.class, MethodSecurityServiceConfig.class).autowire();
+			@Override
+			public Object invoke(MethodInvocation invocation) {
+				throw new UnsupportedOperationException("Deny All");
+			}
 
-		assertThat(this.spring.getContext().getBean("metaDataSourceAdvisor", MethodSecurityMetadataSourceAdvisor.class)
-				.getOrder()).isEqualTo(-135);
+		}
 
-		assertThatThrownBy(() -> this.service.jsr250()).isInstanceOf(AccessDeniedException.class);
 	}
 
 	@EnableGlobalMethodSecurity(order = -135, jsr250Enabled = true)
@@ -334,121 +430,38 @@ public class NamespaceGlobalMethodSecurityTests {
 
 	}
 
-	@Test
-	@WithMockUser
-	public void methodSecurityWhenOrderUnspecifiedThenConfiguredToLowestPrecedence() {
-		this.spring.register(DefaultOrderConfig.class, MethodSecurityServiceConfig.class).autowire();
-
-		assertThat(this.spring.getContext().getBean("metaDataSourceAdvisor", MethodSecurityMetadataSourceAdvisor.class)
-				.getOrder()).isEqualTo(Ordered.LOWEST_PRECEDENCE);
-
-		assertThatThrownBy(() -> this.service.jsr250()).isInstanceOf(UnsupportedOperationException.class);
-	}
-
 	@EnableGlobalMethodSecurity(jsr250Enabled = true)
 	@Import(AdvisorOrderConfig.class)
 	public static class DefaultOrderConfig {
 
 	}
 
-	@Test
-	@WithMockUser
-	public void methodSecurityWhenOrderUnspecifiedAndCustomGlobalMethodSecurityConfigurationThenConfiguredToLowestPrecedence() {
-		this.spring.register(DefaultOrderExtendsMethodSecurityConfig.class, MethodSecurityServiceConfig.class)
-				.autowire();
-
-		assertThat(this.spring.getContext().getBean("metaDataSourceAdvisor", MethodSecurityMetadataSourceAdvisor.class)
-				.getOrder()).isEqualTo(Ordered.LOWEST_PRECEDENCE);
-
-		assertThatThrownBy(() -> this.service.jsr250()).isInstanceOf(UnsupportedOperationException.class);
-	}
-
 	@EnableGlobalMethodSecurity(jsr250Enabled = true)
 	@Import(AdvisorOrderConfig.class)
 	public static class DefaultOrderExtendsMethodSecurityConfig extends GlobalMethodSecurityConfiguration {
 
 	}
 
-	// --- pre-post-annotations ---
-
-	@Test
-	@WithMockUser
-	public void methodSecurityWhenPrePostEnabledThenPreAuthorizes() {
-		this.spring.register(PreAuthorizeConfig.class, MethodSecurityServiceConfig.class).autowire();
-
-		assertThatCode(() -> this.service.secured()).doesNotThrowAnyException();
-
-		assertThatCode(() -> this.service.jsr250()).doesNotThrowAnyException();
-
-		assertThatThrownBy(() -> this.service.preAuthorize()).isInstanceOf(AccessDeniedException.class);
-	}
-
 	@EnableGlobalMethodSecurity(prePostEnabled = true)
 	public static class PreAuthorizeConfig {
 
 	}
 
-	@Test
-	@WithMockUser
-	public void methodSecurityWhenPrePostEnabledAndCustomGlobalMethodSecurityConfigurationThenPreAuthorizes() {
-		this.spring.register(PreAuthorizeExtendsGMSCConfig.class, MethodSecurityServiceConfig.class).autowire();
-
-		assertThatCode(() -> this.service.secured()).doesNotThrowAnyException();
-
-		assertThatCode(() -> this.service.jsr250()).doesNotThrowAnyException();
-
-		assertThatThrownBy(() -> this.service.preAuthorize()).isInstanceOf(AccessDeniedException.class);
-	}
-
 	@EnableGlobalMethodSecurity(prePostEnabled = true)
 	public static class PreAuthorizeExtendsGMSCConfig extends GlobalMethodSecurityConfiguration {
 
 	}
 
-	// --- proxy-target-class ---
-
-	@Test
-	@WithMockUser
-	public void methodSecurityWhenProxyTargetClassThenDoesNotWireToInterface() {
-		this.spring.register(ProxyTargetClassConfig.class, MethodSecurityServiceConfig.class).autowire();
-
-		// make sure service was actually proxied
-		assertThat(this.service.getClass().getInterfaces()).doesNotContain(MethodSecurityService.class);
-
-		assertThatThrownBy(() -> this.service.preAuthorize()).isInstanceOf(AccessDeniedException.class);
-	}
-
 	@EnableGlobalMethodSecurity(proxyTargetClass = true, prePostEnabled = true)
 	public static class ProxyTargetClassConfig {
 
 	}
 
-	@Test
-	@WithMockUser
-	public void methodSecurityWhenDefaultProxyThenWiresToInterface() {
-		this.spring.register(DefaultProxyConfig.class, MethodSecurityServiceConfig.class).autowire();
-
-		assertThat(this.service.getClass().getInterfaces()).contains(MethodSecurityService.class);
-
-		assertThatThrownBy(() -> this.service.preAuthorize()).isInstanceOf(AccessDeniedException.class);
-	}
-
 	@EnableGlobalMethodSecurity(prePostEnabled = true)
 	public static class DefaultProxyConfig {
 
 	}
 
-	// --- run-as-manager-ref ---
-
-	@Test
-	@WithMockUser
-	public void methodSecurityWhenCustomRunAsManagerThenRunAsWrapsAuthentication() {
-		this.spring.register(CustomRunAsManagerConfig.class, MethodSecurityServiceConfig.class).autowire();
-
-		assertThat(this.service.runAs().getAuthorities())
-				.anyMatch(authority -> "ROLE_RUN_AS_SUPER".equals(authority.getAuthority()));
-	}
-
 	@EnableGlobalMethodSecurity(securedEnabled = true)
 	public static class CustomRunAsManagerConfig extends GlobalMethodSecurityConfiguration {
 
@@ -461,53 +474,16 @@ public class NamespaceGlobalMethodSecurityTests {
 
 	}
 
-	// --- secured-annotation ---
-
-	@Test
-	@WithMockUser
-	public void methodSecurityWhenSecuredEnabledThenSecures() {
-		this.spring.register(SecuredConfig.class, MethodSecurityServiceConfig.class).autowire();
-
-		assertThatThrownBy(() -> this.service.secured()).isInstanceOf(AccessDeniedException.class);
-
-		assertThatCode(() -> this.service.securedUser()).doesNotThrowAnyException();
-
-		assertThatCode(() -> this.service.preAuthorize()).doesNotThrowAnyException();
-
-		assertThatCode(() -> this.service.jsr250()).doesNotThrowAnyException();
-	}
-
 	@EnableGlobalMethodSecurity(securedEnabled = true)
 	public static class SecuredConfig {
 
 	}
 
-	// --- unsorted ---
-
-	@Test
-	@WithMockUser
-	public void methodSecurityWhenMissingEnableAnnotationThenShowsHelpfulError() {
-		assertThatThrownBy(() -> this.spring.register(ExtendsNoEnableAnntotationConfig.class).autowire())
-				.hasStackTraceContaining(EnableGlobalMethodSecurity.class.getName() + " is required");
-	}
-
 	@Configuration
 	public static class ExtendsNoEnableAnntotationConfig extends GlobalMethodSecurityConfiguration {
 
 	}
 
-	@Test
-	@WithMockUser
-	public void methodSecurityWhenImportingGlobalMethodSecurityConfigurationSubclassThenAuthorizes() {
-		this.spring.register(ImportSubclassGMSCConfig.class, MethodSecurityServiceConfig.class).autowire();
-
-		assertThatCode(() -> this.service.secured()).doesNotThrowAnyException();
-
-		assertThatCode(() -> this.service.jsr250()).doesNotThrowAnyException();
-
-		assertThatThrownBy(() -> this.service.preAuthorize()).isInstanceOf(AccessDeniedException.class);
-	}
-
 	@Configuration
 	@Import(PreAuthorizeExtendsGMSCConfig.class)
 	public static class ImportSubclassGMSCConfig {
diff --git a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecurityConfigurationTests.java
index 575df914fa..13f45b1ca8 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecurityConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecurityConfigurationTests.java
@@ -77,17 +77,6 @@ public class ReactiveMethodSecurityConfigurationTests {
 		assertThat(root.hasRole("ABC")).isTrue();
 	}
 
-	@Configuration
-	@EnableReactiveMethodSecurity // this imports ReactiveMethodSecurityConfiguration
-	static class WithRolePrefixConfiguration {
-
-		@Bean
-		GrantedAuthorityDefaults grantedAuthorityDefaults() {
-			return new GrantedAuthorityDefaults("CUSTOM_");
-		}
-
-	}
-
 	@Test
 	public void rolePrefixWithGrantedAuthorityDefaultsAndSubclassWithProxyingEnabled() throws NoSuchMethodException {
 		this.spring.register(SubclassConfig.class).autowire();
@@ -104,6 +93,17 @@ public class ReactiveMethodSecurityConfigurationTests {
 		assertThat(root.hasRole("ABC")).isTrue();
 	}
 
+	@Configuration
+	@EnableReactiveMethodSecurity // this imports ReactiveMethodSecurityConfiguration
+	static class WithRolePrefixConfiguration {
+
+		@Bean
+		GrantedAuthorityDefaults grantedAuthorityDefaults() {
+			return new GrantedAuthorityDefaults("CUSTOM_");
+		}
+
+	}
+
 	@Configuration
 	static class SubclassConfig extends ReactiveMethodSecurityConfiguration {
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/SampleEnableGlobalMethodSecurityTests.java b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/SampleEnableGlobalMethodSecurityTests.java
index f2c70cb81e..f16f3586ec 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/SampleEnableGlobalMethodSecurityTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/SampleEnableGlobalMethodSecurityTests.java
@@ -66,6 +66,16 @@ public class SampleEnableGlobalMethodSecurityTests {
 		assertThatThrownBy(() -> this.methodSecurityService.preAuthorize()).isInstanceOf(AccessDeniedException.class);
 	}
 
+	@Test
+	public void customPermissionHandler() {
+		this.spring.register(CustomPermissionEvaluatorWebSecurityConfig.class).autowire();
+
+		assertThat(this.methodSecurityService.hasPermission("allowed")).isNull();
+
+		assertThatThrownBy(() -> this.methodSecurityService.hasPermission("denied"))
+				.isInstanceOf(AccessDeniedException.class);
+	}
+
 	@EnableGlobalMethodSecurity(prePostEnabled = true)
 	static class SampleWebSecurityConfig {
 
@@ -86,16 +96,6 @@ public class SampleEnableGlobalMethodSecurityTests {
 
 	}
 
-	@Test
-	public void customPermissionHandler() {
-		this.spring.register(CustomPermissionEvaluatorWebSecurityConfig.class).autowire();
-
-		assertThat(this.methodSecurityService.hasPermission("allowed")).isNull();
-
-		assertThatThrownBy(() -> this.methodSecurityService.hasPermission("denied"))
-				.isInstanceOf(AccessDeniedException.class);
-	}
-
 	@EnableGlobalMethodSecurity(prePostEnabled = true)
 	public static class CustomPermissionEvaluatorWebSecurityConfig extends GlobalMethodSecurityConfiguration {
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/sec2758/Sec2758Tests.java b/config/src/test/java/org/springframework/security/config/annotation/sec2758/Sec2758Tests.java
index 5113be8bf4..c550d4045c 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/sec2758/Sec2758Tests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/sec2758/Sec2758Tests.java
@@ -88,22 +88,12 @@ public class Sec2758Tests {
 	@EnableGlobalMethodSecurity(prePostEnabled = true, jsr250Enabled = true)
 	static class SecurityConfig extends WebSecurityConfigurerAdapter {
 
-		@RestController
-		static class RootController {
-
-			@GetMapping("/")
-			public String ok() {
-				return "ok";
-			}
-
-		}
-
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().access("hasAnyRole('CUSTOM')");
+			.authorizeRequests()
+			.anyRequest().access("hasAnyRole('CUSTOM')");
 			// @formatter:on
 		}
 
@@ -117,6 +107,16 @@ public class Sec2758Tests {
 			return new DefaultRolesPrefixPostProcessor();
 		}
 
+		@RestController
+		static class RootController {
+
+			@GetMapping("/")
+			public String ok() {
+				return "ok";
+			}
+
+		}
+
 	}
 
 	static class Service {
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistryAnyMatcherTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistryAnyMatcherTests.java
index 3d7dd81d84..06d405188f 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistryAnyMatcherTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistryAnyMatcherTests.java
@@ -32,6 +32,39 @@ import org.springframework.web.context.support.AnnotationConfigWebApplicationCon
  */
 public class AbstractRequestMatcherRegistryAnyMatcherTests {
 
+	@Test(expected = BeanCreationException.class)
+	public void antMatchersCanNotWorkAfterAnyRequest() {
+		loadConfig(AntMatchersAfterAnyRequestConfig.class);
+	}
+
+	@Test(expected = BeanCreationException.class)
+	public void mvcMatchersCanNotWorkAfterAnyRequest() {
+		loadConfig(MvcMatchersAfterAnyRequestConfig.class);
+	}
+
+	@Test(expected = BeanCreationException.class)
+	public void regexMatchersCanNotWorkAfterAnyRequest() {
+		loadConfig(RegexMatchersAfterAnyRequestConfig.class);
+	}
+
+	@Test(expected = BeanCreationException.class)
+	public void anyRequestCanNotWorkAfterItself() {
+		loadConfig(AnyRequestAfterItselfConfig.class);
+	}
+
+	@Test(expected = BeanCreationException.class)
+	public void requestMatchersCanNotWorkAfterAnyRequest() {
+		loadConfig(RequestMatchersAfterAnyRequestConfig.class);
+	}
+
+	private void loadConfig(Class<?>... configs) {
+		AnnotationConfigWebApplicationContext context = new AnnotationConfigWebApplicationContext();
+		context.setAllowCircularReferences(false);
+		context.register(configs);
+		context.setServletContext(new MockServletContext());
+		context.refresh();
+	}
+
 	@EnableWebSecurity
 	static class AntMatchersAfterAnyRequestConfig extends WebSecurityConfigurerAdapter {
 
@@ -48,11 +81,6 @@ public class AbstractRequestMatcherRegistryAnyMatcherTests {
 
 	}
 
-	@Test(expected = BeanCreationException.class)
-	public void antMatchersCanNotWorkAfterAnyRequest() {
-		loadConfig(AntMatchersAfterAnyRequestConfig.class);
-	}
-
 	@EnableWebSecurity
 	static class MvcMatchersAfterAnyRequestConfig extends WebSecurityConfigurerAdapter {
 
@@ -69,11 +97,6 @@ public class AbstractRequestMatcherRegistryAnyMatcherTests {
 
 	}
 
-	@Test(expected = BeanCreationException.class)
-	public void mvcMatchersCanNotWorkAfterAnyRequest() {
-		loadConfig(MvcMatchersAfterAnyRequestConfig.class);
-	}
-
 	@EnableWebSecurity
 	static class RegexMatchersAfterAnyRequestConfig extends WebSecurityConfigurerAdapter {
 
@@ -90,11 +113,6 @@ public class AbstractRequestMatcherRegistryAnyMatcherTests {
 
 	}
 
-	@Test(expected = BeanCreationException.class)
-	public void regexMatchersCanNotWorkAfterAnyRequest() {
-		loadConfig(RegexMatchersAfterAnyRequestConfig.class);
-	}
-
 	@EnableWebSecurity
 	static class AnyRequestAfterItselfConfig extends WebSecurityConfigurerAdapter {
 
@@ -111,11 +129,6 @@ public class AbstractRequestMatcherRegistryAnyMatcherTests {
 
 	}
 
-	@Test(expected = BeanCreationException.class)
-	public void anyRequestCanNotWorkAfterItself() {
-		loadConfig(AnyRequestAfterItselfConfig.class);
-	}
-
 	@EnableWebSecurity
 	static class RequestMatchersAfterAnyRequestConfig extends WebSecurityConfigurerAdapter {
 
@@ -132,17 +145,4 @@ public class AbstractRequestMatcherRegistryAnyMatcherTests {
 
 	}
 
-	@Test(expected = BeanCreationException.class)
-	public void requestMatchersCanNotWorkAfterAnyRequest() {
-		loadConfig(RequestMatchersAfterAnyRequestConfig.class);
-	}
-
-	private void loadConfig(Class<?>... configs) {
-		AnnotationConfigWebApplicationContext context = new AnnotationConfigWebApplicationContext();
-		context.setAllowCircularReferences(false);
-		context.register(configs);
-		context.setServletContext(new MockServletContext());
-		context.refresh();
-	}
-
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/SampleWebSecurityConfigurerAdapterTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/SampleWebSecurityConfigurerAdapterTests.java
index 978a3e0eed..198c55c3b3 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/SampleWebSecurityConfigurerAdapterTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/SampleWebSecurityConfigurerAdapterTests.java
@@ -110,6 +110,106 @@ public class SampleWebSecurityConfigurerAdapterTests {
 		assertThat(this.response.getRedirectedUrl()).isEqualTo("/");
 	}
 
+	@Test
+	public void readmeSampleWhenRequestSecureResourceThenRedirectToLogin() throws Exception {
+		this.spring.register(SampleWebSecurityConfigurerAdapter.class).autowire();
+
+		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
+
+		assertThat(this.response.getRedirectedUrl()).isEqualTo("http://localhost/login");
+	}
+
+	@Test
+	public void readmeSampleWhenRequestLoginWithoutCredentialsThenRedirectToLogin() throws Exception {
+		this.spring.register(SampleWebSecurityConfigurerAdapter.class).autowire();
+
+		this.request.setServletPath("/login");
+		this.request.setMethod("POST");
+		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
+
+		assertThat(this.response.getRedirectedUrl()).isEqualTo("/login?error");
+	}
+
+	@Test
+	public void readmeSampleWhenRequestLoginWithValidCredentialsThenRedirectToIndex() throws Exception {
+		this.spring.register(SampleWebSecurityConfigurerAdapter.class).autowire();
+
+		this.request.setServletPath("/login");
+		this.request.setMethod("POST");
+		this.request.addParameter("username", "user");
+		this.request.addParameter("password", "password");
+		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
+
+		assertThat(this.response.getRedirectedUrl()).isEqualTo("/");
+	}
+
+	@Test
+	public void multiHttpSampleWhenRequestSecureResourceThenRedirectToLogin() throws Exception {
+		this.spring.register(SampleMultiHttpSecurityConfig.class).autowire();
+
+		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
+
+		assertThat(this.response.getRedirectedUrl()).isEqualTo("http://localhost/login");
+	}
+
+	@Test
+	public void multiHttpSampleWhenRequestLoginWithoutCredentialsThenRedirectToLogin() throws Exception {
+		this.spring.register(SampleMultiHttpSecurityConfig.class).autowire();
+
+		this.request.setServletPath("/login");
+		this.request.setMethod("POST");
+		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
+
+		assertThat(this.response.getRedirectedUrl()).isEqualTo("/login?error");
+	}
+
+	@Test
+	public void multiHttpSampleWhenRequestLoginWithValidCredentialsThenRedirectToIndex() throws Exception {
+		this.spring.register(SampleMultiHttpSecurityConfig.class).autowire();
+
+		this.request.setServletPath("/login");
+		this.request.setMethod("POST");
+		this.request.addParameter("username", "user");
+		this.request.addParameter("password", "password");
+		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
+
+		assertThat(this.response.getRedirectedUrl()).isEqualTo("/");
+	}
+
+	@Test
+	public void multiHttpSampleWhenRequestProtectedResourceThenStatusUnauthorized() throws Exception {
+		this.spring.register(SampleMultiHttpSecurityConfig.class).autowire();
+
+		this.request.setServletPath("/api/admin/test");
+		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
+
+		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
+	}
+
+	@Test
+	public void multiHttpSampleWhenRequestAdminResourceWithRegularUserThenStatusForbidden() throws Exception {
+		this.spring.register(SampleMultiHttpSecurityConfig.class).autowire();
+
+		this.request.setServletPath("/api/admin/test");
+		this.request.addHeader("Authorization",
+				"Basic " + Base64.getEncoder().encodeToString("user:password".getBytes()));
+		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
+
+		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_FORBIDDEN);
+	}
+
+	@Test
+	public void multiHttpSampleWhenRequestAdminResourceWithAdminUserThenStatusOk() throws Exception {
+		this.spring.register(SampleMultiHttpSecurityConfig.class).autowire();
+
+		this.request.setServletPath("/api/admin/test");
+		this.request.addHeader("Authorization",
+				"Basic " + Base64.getEncoder().encodeToString("admin:password".getBytes()));
+		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
+
+		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
+	}
+
 	/**
 	 * <pre>
 	 *   &lt;http&gt;
@@ -151,39 +251,6 @@ public class SampleWebSecurityConfigurerAdapterTests {
 
 	}
 
-	@Test
-	public void readmeSampleWhenRequestSecureResourceThenRedirectToLogin() throws Exception {
-		this.spring.register(SampleWebSecurityConfigurerAdapter.class).autowire();
-
-		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
-		assertThat(this.response.getRedirectedUrl()).isEqualTo("http://localhost/login");
-	}
-
-	@Test
-	public void readmeSampleWhenRequestLoginWithoutCredentialsThenRedirectToLogin() throws Exception {
-		this.spring.register(SampleWebSecurityConfigurerAdapter.class).autowire();
-
-		this.request.setServletPath("/login");
-		this.request.setMethod("POST");
-		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
-		assertThat(this.response.getRedirectedUrl()).isEqualTo("/login?error");
-	}
-
-	@Test
-	public void readmeSampleWhenRequestLoginWithValidCredentialsThenRedirectToIndex() throws Exception {
-		this.spring.register(SampleWebSecurityConfigurerAdapter.class).autowire();
-
-		this.request.setServletPath("/login");
-		this.request.setMethod("POST");
-		this.request.addParameter("username", "user");
-		this.request.addParameter("password", "password");
-		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
-		assertThat(this.response.getRedirectedUrl()).isEqualTo("/");
-	}
-
 	/**
 	 * <pre>
 	 *   &lt;http security="none" pattern="/resources/**"/&gt;
@@ -252,73 +319,6 @@ public class SampleWebSecurityConfigurerAdapterTests {
 
 	}
 
-	@Test
-	public void multiHttpSampleWhenRequestSecureResourceThenRedirectToLogin() throws Exception {
-		this.spring.register(SampleMultiHttpSecurityConfig.class).autowire();
-
-		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
-		assertThat(this.response.getRedirectedUrl()).isEqualTo("http://localhost/login");
-	}
-
-	@Test
-	public void multiHttpSampleWhenRequestLoginWithoutCredentialsThenRedirectToLogin() throws Exception {
-		this.spring.register(SampleMultiHttpSecurityConfig.class).autowire();
-
-		this.request.setServletPath("/login");
-		this.request.setMethod("POST");
-		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
-		assertThat(this.response.getRedirectedUrl()).isEqualTo("/login?error");
-	}
-
-	@Test
-	public void multiHttpSampleWhenRequestLoginWithValidCredentialsThenRedirectToIndex() throws Exception {
-		this.spring.register(SampleMultiHttpSecurityConfig.class).autowire();
-
-		this.request.setServletPath("/login");
-		this.request.setMethod("POST");
-		this.request.addParameter("username", "user");
-		this.request.addParameter("password", "password");
-		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
-		assertThat(this.response.getRedirectedUrl()).isEqualTo("/");
-	}
-
-	@Test
-	public void multiHttpSampleWhenRequestProtectedResourceThenStatusUnauthorized() throws Exception {
-		this.spring.register(SampleMultiHttpSecurityConfig.class).autowire();
-
-		this.request.setServletPath("/api/admin/test");
-		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
-		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
-	}
-
-	@Test
-	public void multiHttpSampleWhenRequestAdminResourceWithRegularUserThenStatusForbidden() throws Exception {
-		this.spring.register(SampleMultiHttpSecurityConfig.class).autowire();
-
-		this.request.setServletPath("/api/admin/test");
-		this.request.addHeader("Authorization",
-				"Basic " + Base64.getEncoder().encodeToString("user:password".getBytes()));
-		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
-		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_FORBIDDEN);
-	}
-
-	@Test
-	public void multiHttpSampleWhenRequestAdminResourceWithAdminUserThenStatusOk() throws Exception {
-		this.spring.register(SampleMultiHttpSecurityConfig.class).autowire();
-
-		this.request.setServletPath("/api/admin/test");
-		this.request.addHeader("Authorization",
-				"Basic " + Base64.getEncoder().encodeToString("admin:password".getBytes()));
-		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
-		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
-	}
-
 	/**
 	 * <code>
 	 *   &lt;http security="none" pattern="/resources/**"/&gt;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterPowermockTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterPowermockTests.java
index a5cf2d3dd9..7c68fabcde 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterPowermockTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterPowermockTests.java
@@ -90,6 +90,27 @@ public class WebSecurityConfigurerAdapterPowermockTests {
 		assertThat(configurer.configure).isTrue();
 	}
 
+	@Test
+	public void loadConfigWhenDefaultConfigThenWebAsyncManagerIntegrationFilterAdded() throws Exception {
+		this.spring.register(WebAsyncPopulatedByDefaultConfig.class).autowire();
+
+		WebAsyncManager webAsyncManager = mock(WebAsyncManager.class);
+
+		this.mockMvc.perform(get("/").requestAttr(WebAsyncUtils.WEB_ASYNC_MANAGER_ATTRIBUTE, webAsyncManager));
+
+		ArgumentCaptor<CallableProcessingInterceptor> callableProcessingInterceptorArgCaptor = ArgumentCaptor
+				.forClass(CallableProcessingInterceptor.class);
+		verify(webAsyncManager, atLeastOnce()).registerCallableInterceptor(any(),
+				callableProcessingInterceptorArgCaptor.capture());
+
+		CallableProcessingInterceptor callableProcessingInterceptor = callableProcessingInterceptorArgCaptor
+				.getAllValues().stream()
+				.filter(e -> SecurityContextCallableProcessingInterceptor.class.isAssignableFrom(e.getClass()))
+				.findFirst().orElse(null);
+
+		assertThat(callableProcessingInterceptor).isNotNull();
+	}
+
 	private void loadConfig(Class<?>... classes) {
 		AnnotationConfigWebApplicationContext context = new AnnotationConfigWebApplicationContext();
 		context.setClassLoader(getClass().getClassLoader());
@@ -125,27 +146,6 @@ public class WebSecurityConfigurerAdapterPowermockTests {
 
 	}
 
-	@Test
-	public void loadConfigWhenDefaultConfigThenWebAsyncManagerIntegrationFilterAdded() throws Exception {
-		this.spring.register(WebAsyncPopulatedByDefaultConfig.class).autowire();
-
-		WebAsyncManager webAsyncManager = mock(WebAsyncManager.class);
-
-		this.mockMvc.perform(get("/").requestAttr(WebAsyncUtils.WEB_ASYNC_MANAGER_ATTRIBUTE, webAsyncManager));
-
-		ArgumentCaptor<CallableProcessingInterceptor> callableProcessingInterceptorArgCaptor = ArgumentCaptor
-				.forClass(CallableProcessingInterceptor.class);
-		verify(webAsyncManager, atLeastOnce()).registerCallableInterceptor(any(),
-				callableProcessingInterceptorArgCaptor.capture());
-
-		CallableProcessingInterceptor callableProcessingInterceptor = callableProcessingInterceptorArgCaptor
-				.getAllValues().stream()
-				.filter(e -> SecurityContextCallableProcessingInterceptor.class.isAssignableFrom(e.getClass()))
-				.findFirst().orElse(null);
-
-		assertThat(callableProcessingInterceptor).isNotNull();
-	}
-
 	@EnableWebSecurity
 	static class WebAsyncPopulatedByDefaultConfig extends WebSecurityConfigurerAdapter {
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterTests.java
index a31287e6b6..dcd06d382d 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterTests.java
@@ -91,6 +91,135 @@ public class WebSecurityConfigurerAdapterTests {
 				.andExpect(header().string("X-XSS-Protection", "1; mode=block"));
 	}
 
+	@Test
+	public void loadConfigWhenRequestAuthenticateThenAuthenticationEventPublished() throws Exception {
+		this.spring.register(InMemoryAuthWithWebSecurityConfigurerAdapter.class).autowire();
+
+		this.mockMvc.perform(formLogin()).andExpect(status().is3xxRedirection());
+
+		assertThat(InMemoryAuthWithWebSecurityConfigurerAdapter.EVENTS).isNotEmpty();
+		assertThat(InMemoryAuthWithWebSecurityConfigurerAdapter.EVENTS).hasSize(1);
+	}
+
+	@Test
+	public void loadConfigWhenInMemoryConfigureProtectedThenPasswordUpgraded() throws Exception {
+		this.spring.register(InMemoryConfigureProtectedConfig.class).autowire();
+
+		this.mockMvc.perform(formLogin()).andExpect(status().is3xxRedirection());
+
+		UserDetailsService uds = this.spring.getContext().getBean(UserDetailsService.class);
+		assertThat(uds.loadUserByUsername("user").getPassword()).startsWith("{bcrypt}");
+	}
+
+	@Test
+	public void loadConfigWhenInMemoryConfigureGlobalThenPasswordUpgraded() throws Exception {
+		this.spring.register(InMemoryConfigureGlobalConfig.class).autowire();
+
+		this.mockMvc.perform(formLogin()).andExpect(status().is3xxRedirection());
+
+		UserDetailsService uds = this.spring.getContext().getBean(UserDetailsService.class);
+		assertThat(uds.loadUserByUsername("user").getPassword()).startsWith("{bcrypt}");
+	}
+
+	@Test
+	public void loadConfigWhenCustomContentNegotiationStrategyBeanThenOverridesDefault() {
+		OverrideContentNegotiationStrategySharedObjectConfig.CONTENT_NEGOTIATION_STRATEGY_BEAN = mock(
+				ContentNegotiationStrategy.class);
+		this.spring.register(OverrideContentNegotiationStrategySharedObjectConfig.class).autowire();
+
+		OverrideContentNegotiationStrategySharedObjectConfig securityConfig = this.spring.getContext()
+				.getBean(OverrideContentNegotiationStrategySharedObjectConfig.class);
+
+		assertThat(securityConfig.contentNegotiationStrategySharedObject).isNotNull();
+		assertThat(securityConfig.contentNegotiationStrategySharedObject)
+				.isSameAs(OverrideContentNegotiationStrategySharedObjectConfig.CONTENT_NEGOTIATION_STRATEGY_BEAN);
+	}
+
+	@Test
+	public void loadConfigWhenDefaultContentNegotiationStrategyThenHeaderContentNegotiationStrategy() {
+		this.spring.register(ContentNegotiationStrategyDefaultSharedObjectConfig.class).autowire();
+
+		ContentNegotiationStrategyDefaultSharedObjectConfig securityConfig = this.spring.getContext()
+				.getBean(ContentNegotiationStrategyDefaultSharedObjectConfig.class);
+
+		assertThat(securityConfig.contentNegotiationStrategySharedObject).isNotNull();
+		assertThat(securityConfig.contentNegotiationStrategySharedObject)
+				.isInstanceOf(HeaderContentNegotiationStrategy.class);
+	}
+
+	@Test
+	public void loadConfigWhenUserDetailsServiceHasCircularReferenceThenStillLoads() {
+		this.spring.register(RequiresUserDetailsServiceConfig.class, UserDetailsServiceConfig.class).autowire();
+
+		MyFilter myFilter = this.spring.getContext().getBean(MyFilter.class);
+
+		Throwable thrown = catchThrowable(() -> myFilter.userDetailsService.loadUserByUsername("user"));
+		assertThat(thrown).isNull();
+
+		thrown = catchThrowable(() -> myFilter.userDetailsService.loadUserByUsername("admin"));
+		assertThat(thrown).isInstanceOf(UsernameNotFoundException.class);
+	}
+
+	// SEC-2274: WebSecurityConfigurer adds ApplicationContext as a shared object
+	@Test
+	public void loadConfigWhenSharedObjectsCreatedThenApplicationContextAdded() {
+		this.spring.register(ApplicationContextSharedObjectConfig.class).autowire();
+
+		ApplicationContextSharedObjectConfig securityConfig = this.spring.getContext()
+				.getBean(ApplicationContextSharedObjectConfig.class);
+
+		assertThat(securityConfig.applicationContextSharedObject).isNotNull();
+		assertThat(securityConfig.applicationContextSharedObject).isSameAs(this.spring.getContext());
+	}
+
+	@Test
+	public void loadConfigWhenCustomAuthenticationTrustResolverBeanThenOverridesDefault() {
+		CustomTrustResolverConfig.AUTHENTICATION_TRUST_RESOLVER_BEAN = mock(AuthenticationTrustResolver.class);
+		this.spring.register(CustomTrustResolverConfig.class).autowire();
+
+		CustomTrustResolverConfig securityConfig = this.spring.getContext().getBean(CustomTrustResolverConfig.class);
+
+		assertThat(securityConfig.authenticationTrustResolverSharedObject).isNotNull();
+		assertThat(securityConfig.authenticationTrustResolverSharedObject)
+				.isSameAs(CustomTrustResolverConfig.AUTHENTICATION_TRUST_RESOLVER_BEAN);
+	}
+
+	@Test
+	public void compareOrderWebSecurityConfigurerAdapterWhenLowestOrderToDefaultOrderThenGreaterThanZero() {
+		AnnotationAwareOrderComparator comparator = new AnnotationAwareOrderComparator();
+		assertThat(comparator.compare(new LowestPriorityWebSecurityConfig(), new DefaultOrderWebSecurityConfig()))
+				.isGreaterThan(0);
+	}
+
+	// gh-7515
+	@Test
+	public void performWhenUsingAuthenticationEventPublisherBeanThenUses() throws Exception {
+		this.spring.register(CustomAuthenticationEventPublisherBean.class).autowire();
+
+		AuthenticationEventPublisher authenticationEventPublisher = this.spring.getContext()
+				.getBean(AuthenticationEventPublisher.class);
+
+		this.mockMvc.perform(get("/").with(httpBasic("user", "password")));
+
+		verify(authenticationEventPublisher).publishAuthenticationSuccess(any(Authentication.class));
+	}
+
+	// gh-4400
+	@Test
+	public void performWhenUsingAuthenticationEventPublisherInDslThenUses() throws Exception {
+		this.spring.register(CustomAuthenticationEventPublisherDsl.class).autowire();
+
+		AuthenticationEventPublisher authenticationEventPublisher = CustomAuthenticationEventPublisherDsl.EVENT_PUBLISHER;
+
+		this.mockMvc.perform(get("/").with(httpBasic("user", "password"))); // fails since
+																			// no
+																			// providers
+																			// configured
+
+		verify(authenticationEventPublisher).publishAuthenticationFailure(any(AuthenticationException.class),
+				any(Authentication.class));
+	}
+
 	@EnableWebSecurity
 	static class HeadersArePopulatedByDefaultConfig extends WebSecurityConfigurerAdapter {
 
@@ -109,16 +238,6 @@ public class WebSecurityConfigurerAdapterTests {
 
 	}
 
-	@Test
-	public void loadConfigWhenRequestAuthenticateThenAuthenticationEventPublished() throws Exception {
-		this.spring.register(InMemoryAuthWithWebSecurityConfigurerAdapter.class).autowire();
-
-		this.mockMvc.perform(formLogin()).andExpect(status().is3xxRedirection());
-
-		assertThat(InMemoryAuthWithWebSecurityConfigurerAdapter.EVENTS).isNotEmpty();
-		assertThat(InMemoryAuthWithWebSecurityConfigurerAdapter.EVENTS).hasSize(1);
-	}
-
 	@EnableWebSecurity
 	static class InMemoryAuthWithWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter
 			implements ApplicationListener<AuthenticationSuccessEvent> {
@@ -141,16 +260,6 @@ public class WebSecurityConfigurerAdapterTests {
 
 	}
 
-	@Test
-	public void loadConfigWhenInMemoryConfigureProtectedThenPasswordUpgraded() throws Exception {
-		this.spring.register(InMemoryConfigureProtectedConfig.class).autowire();
-
-		this.mockMvc.perform(formLogin()).andExpect(status().is3xxRedirection());
-
-		UserDetailsService uds = this.spring.getContext().getBean(UserDetailsService.class);
-		assertThat(uds.loadUserByUsername("user").getPassword()).startsWith("{bcrypt}");
-	}
-
 	@EnableWebSecurity
 	static class InMemoryConfigureProtectedConfig extends WebSecurityConfigurerAdapter {
 
@@ -171,16 +280,6 @@ public class WebSecurityConfigurerAdapterTests {
 
 	}
 
-	@Test
-	public void loadConfigWhenInMemoryConfigureGlobalThenPasswordUpgraded() throws Exception {
-		this.spring.register(InMemoryConfigureGlobalConfig.class).autowire();
-
-		this.mockMvc.perform(formLogin()).andExpect(status().is3xxRedirection());
-
-		UserDetailsService uds = this.spring.getContext().getBean(UserDetailsService.class);
-		assertThat(uds.loadUserByUsername("user").getPassword()).startsWith("{bcrypt}");
-	}
-
 	@EnableWebSecurity
 	static class InMemoryConfigureGlobalConfig extends WebSecurityConfigurerAdapter {
 
@@ -201,20 +300,6 @@ public class WebSecurityConfigurerAdapterTests {
 
 	}
 
-	@Test
-	public void loadConfigWhenCustomContentNegotiationStrategyBeanThenOverridesDefault() {
-		OverrideContentNegotiationStrategySharedObjectConfig.CONTENT_NEGOTIATION_STRATEGY_BEAN = mock(
-				ContentNegotiationStrategy.class);
-		this.spring.register(OverrideContentNegotiationStrategySharedObjectConfig.class).autowire();
-
-		OverrideContentNegotiationStrategySharedObjectConfig securityConfig = this.spring.getContext()
-				.getBean(OverrideContentNegotiationStrategySharedObjectConfig.class);
-
-		assertThat(securityConfig.contentNegotiationStrategySharedObject).isNotNull();
-		assertThat(securityConfig.contentNegotiationStrategySharedObject)
-				.isSameAs(OverrideContentNegotiationStrategySharedObjectConfig.CONTENT_NEGOTIATION_STRATEGY_BEAN);
-	}
-
 	@EnableWebSecurity
 	static class OverrideContentNegotiationStrategySharedObjectConfig extends WebSecurityConfigurerAdapter {
 
@@ -235,18 +320,6 @@ public class WebSecurityConfigurerAdapterTests {
 
 	}
 
-	@Test
-	public void loadConfigWhenDefaultContentNegotiationStrategyThenHeaderContentNegotiationStrategy() {
-		this.spring.register(ContentNegotiationStrategyDefaultSharedObjectConfig.class).autowire();
-
-		ContentNegotiationStrategyDefaultSharedObjectConfig securityConfig = this.spring.getContext()
-				.getBean(ContentNegotiationStrategyDefaultSharedObjectConfig.class);
-
-		assertThat(securityConfig.contentNegotiationStrategySharedObject).isNotNull();
-		assertThat(securityConfig.contentNegotiationStrategySharedObject)
-				.isInstanceOf(HeaderContentNegotiationStrategy.class);
-	}
-
 	@EnableWebSecurity
 	static class ContentNegotiationStrategyDefaultSharedObjectConfig extends WebSecurityConfigurerAdapter {
 
@@ -260,19 +333,6 @@ public class WebSecurityConfigurerAdapterTests {
 
 	}
 
-	@Test
-	public void loadConfigWhenUserDetailsServiceHasCircularReferenceThenStillLoads() {
-		this.spring.register(RequiresUserDetailsServiceConfig.class, UserDetailsServiceConfig.class).autowire();
-
-		MyFilter myFilter = this.spring.getContext().getBean(MyFilter.class);
-
-		Throwable thrown = catchThrowable(() -> myFilter.userDetailsService.loadUserByUsername("user"));
-		assertThat(thrown).isNull();
-
-		thrown = catchThrowable(() -> myFilter.userDetailsService.loadUserByUsername("admin"));
-		assertThat(thrown).isInstanceOf(UsernameNotFoundException.class);
-	}
-
 	@Configuration
 	static class RequiresUserDetailsServiceConfig {
 
@@ -327,18 +387,6 @@ public class WebSecurityConfigurerAdapterTests {
 
 	}
 
-	// SEC-2274: WebSecurityConfigurer adds ApplicationContext as a shared object
-	@Test
-	public void loadConfigWhenSharedObjectsCreatedThenApplicationContextAdded() {
-		this.spring.register(ApplicationContextSharedObjectConfig.class).autowire();
-
-		ApplicationContextSharedObjectConfig securityConfig = this.spring.getContext()
-				.getBean(ApplicationContextSharedObjectConfig.class);
-
-		assertThat(securityConfig.applicationContextSharedObject).isNotNull();
-		assertThat(securityConfig.applicationContextSharedObject).isSameAs(this.spring.getContext());
-	}
-
 	@EnableWebSecurity
 	static class ApplicationContextSharedObjectConfig extends WebSecurityConfigurerAdapter {
 
@@ -352,18 +400,6 @@ public class WebSecurityConfigurerAdapterTests {
 
 	}
 
-	@Test
-	public void loadConfigWhenCustomAuthenticationTrustResolverBeanThenOverridesDefault() {
-		CustomTrustResolverConfig.AUTHENTICATION_TRUST_RESOLVER_BEAN = mock(AuthenticationTrustResolver.class);
-		this.spring.register(CustomTrustResolverConfig.class).autowire();
-
-		CustomTrustResolverConfig securityConfig = this.spring.getContext().getBean(CustomTrustResolverConfig.class);
-
-		assertThat(securityConfig.authenticationTrustResolverSharedObject).isNotNull();
-		assertThat(securityConfig.authenticationTrustResolverSharedObject)
-				.isSameAs(CustomTrustResolverConfig.AUTHENTICATION_TRUST_RESOLVER_BEAN);
-	}
-
 	@EnableWebSecurity
 	static class CustomTrustResolverConfig extends WebSecurityConfigurerAdapter {
 
@@ -384,13 +420,6 @@ public class WebSecurityConfigurerAdapterTests {
 
 	}
 
-	@Test
-	public void compareOrderWebSecurityConfigurerAdapterWhenLowestOrderToDefaultOrderThenGreaterThanZero() {
-		AnnotationAwareOrderComparator comparator = new AnnotationAwareOrderComparator();
-		assertThat(comparator.compare(new LowestPriorityWebSecurityConfig(), new DefaultOrderWebSecurityConfig()))
-				.isGreaterThan(0);
-	}
-
 	static class DefaultOrderWebSecurityConfig extends WebSecurityConfigurerAdapter {
 
 	}
@@ -400,19 +429,6 @@ public class WebSecurityConfigurerAdapterTests {
 
 	}
 
-	// gh-7515
-	@Test
-	public void performWhenUsingAuthenticationEventPublisherBeanThenUses() throws Exception {
-		this.spring.register(CustomAuthenticationEventPublisherBean.class).autowire();
-
-		AuthenticationEventPublisher authenticationEventPublisher = this.spring.getContext()
-				.getBean(AuthenticationEventPublisher.class);
-
-		this.mockMvc.perform(get("/").with(httpBasic("user", "password")));
-
-		verify(authenticationEventPublisher).publishAuthenticationSuccess(any(Authentication.class));
-	}
-
 	@EnableWebSecurity
 	static class CustomAuthenticationEventPublisherBean extends WebSecurityConfigurerAdapter {
 
@@ -429,22 +445,6 @@ public class WebSecurityConfigurerAdapterTests {
 
 	}
 
-	// gh-4400
-	@Test
-	public void performWhenUsingAuthenticationEventPublisherInDslThenUses() throws Exception {
-		this.spring.register(CustomAuthenticationEventPublisherDsl.class).autowire();
-
-		AuthenticationEventPublisher authenticationEventPublisher = CustomAuthenticationEventPublisherDsl.EVENT_PUBLISHER;
-
-		this.mockMvc.perform(get("/").with(httpBasic("user", "password"))); // fails since
-																			// no
-																			// providers
-																			// configured
-
-		verify(authenticationEventPublisher).publishAuthenticationFailure(any(AuthenticationException.class),
-				any(Authentication.class));
-	}
-
 	@EnableWebSecurity
 	static class CustomAuthenticationEventPublisherDsl extends WebSecurityConfigurerAdapter {
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/builders/HttpConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/builders/HttpConfigurationTests.java
index 79e610a314..e84265cfdf 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/builders/HttpConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/builders/HttpConfigurationTests.java
@@ -69,6 +69,28 @@ public class HttpConfigurationTests {
 				+ " Consider using addFilterBefore or addFilterAfter instead.");
 	}
 
+	// https://github.com/spring-projects/spring-security-javaconfig/issues/104
+	@Test
+	public void configureWhenAddFilterCasAuthenticationFilterThenFilterAdded() throws Exception {
+		CasAuthenticationFilterConfig.CAS_AUTHENTICATION_FILTER = spy(new CasAuthenticationFilter());
+		this.spring.register(CasAuthenticationFilterConfig.class).autowire();
+
+		this.mockMvc.perform(get("/"));
+
+		verify(CasAuthenticationFilterConfig.CAS_AUTHENTICATION_FILTER).doFilter(any(ServletRequest.class),
+				any(ServletResponse.class), any(FilterChain.class));
+	}
+
+	@Test
+	public void configureWhenConfigIsRequestMatchersJavadocThenAuthorizationApplied() throws Exception {
+		this.spring.register(RequestMatcherRegistryConfigs.class).autowire();
+
+		this.mockMvc.perform(get("/oauth/a")).andExpect(status().isUnauthorized());
+		this.mockMvc.perform(get("/oauth/b")).andExpect(status().isUnauthorized());
+		this.mockMvc.perform(get("/api/a")).andExpect(status().isUnauthorized());
+		this.mockMvc.perform(get("/api/b")).andExpect(status().isUnauthorized());
+	}
+
 	@EnableWebSecurity
 	static class UnregisteredFilterConfig extends WebSecurityConfigurerAdapter {
 
@@ -101,18 +123,6 @@ public class HttpConfigurationTests {
 
 	}
 
-	// https://github.com/spring-projects/spring-security-javaconfig/issues/104
-	@Test
-	public void configureWhenAddFilterCasAuthenticationFilterThenFilterAdded() throws Exception {
-		CasAuthenticationFilterConfig.CAS_AUTHENTICATION_FILTER = spy(new CasAuthenticationFilter());
-		this.spring.register(CasAuthenticationFilterConfig.class).autowire();
-
-		this.mockMvc.perform(get("/"));
-
-		verify(CasAuthenticationFilterConfig.CAS_AUTHENTICATION_FILTER).doFilter(any(ServletRequest.class),
-				any(ServletResponse.class), any(FilterChain.class));
-	}
-
 	@EnableWebSecurity
 	static class CasAuthenticationFilterConfig extends WebSecurityConfigurerAdapter {
 
@@ -128,16 +138,6 @@ public class HttpConfigurationTests {
 
 	}
 
-	@Test
-	public void configureWhenConfigIsRequestMatchersJavadocThenAuthorizationApplied() throws Exception {
-		this.spring.register(RequestMatcherRegistryConfigs.class).autowire();
-
-		this.mockMvc.perform(get("/oauth/a")).andExpect(status().isUnauthorized());
-		this.mockMvc.perform(get("/oauth/b")).andExpect(status().isUnauthorized());
-		this.mockMvc.perform(get("/api/a")).andExpect(status().isUnauthorized());
-		this.mockMvc.perform(get("/api/b")).andExpect(status().isUnauthorized());
-	}
-
 	@EnableWebSecurity
 	static class RequestMatcherRegistryConfigs extends WebSecurityConfigurerAdapter {
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/builders/NamespaceHttpTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/builders/NamespaceHttpTests.java
index d695d5624d..4744963b5c 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/builders/NamespaceHttpTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/builders/NamespaceHttpTests.java
@@ -101,6 +101,212 @@ public class NamespaceHttpTests {
 				any(), anyCollection());
 	}
 
+	@Test // http@access-denied-page
+	public void configureWhenAccessDeniedPageSetAndRequestForbiddenThenForwardedToAccessDeniedPage() throws Exception {
+		this.spring.register(AccessDeniedPageConfig.class).autowire();
+
+		this.mockMvc.perform(get("/admin").with(user(PasswordEncodedUser.user()))).andExpect(status().isForbidden())
+				.andExpect(forwardedUrl("/AccessDeniedPage"));
+	}
+
+	@Test // http@authentication-manager-ref
+	public void configureWhenAuthenticationManagerProvidedThenVerifyUse() throws Exception {
+		AuthenticationManagerRefConfig.AUTHENTICATION_MANAGER = mock(AuthenticationManager.class);
+		this.spring.register(AuthenticationManagerRefConfig.class).autowire();
+
+		this.mockMvc.perform(formLogin());
+
+		verify(AuthenticationManagerRefConfig.AUTHENTICATION_MANAGER, times(1)).authenticate(any(Authentication.class));
+	}
+
+	@Test // http@create-session=always
+	public void configureWhenSessionCreationPolicyAlwaysThenSessionCreatedOnRequest() throws Exception {
+		this.spring.register(CreateSessionAlwaysConfig.class).autowire();
+
+		MvcResult mvcResult = this.mockMvc.perform(get("/")).andReturn();
+		HttpSession session = mvcResult.getRequest().getSession(false);
+
+		assertThat(session).isNotNull();
+		assertThat(session.isNew()).isTrue();
+	}
+
+	@Test // http@create-session=stateless
+	public void configureWhenSessionCreationPolicyStatelessThenSessionNotCreatedOnRequest() throws Exception {
+		this.spring.register(CreateSessionStatelessConfig.class).autowire();
+
+		MvcResult mvcResult = this.mockMvc.perform(get("/")).andReturn();
+		HttpSession session = mvcResult.getRequest().getSession(false);
+
+		assertThat(session).isNull();
+	}
+
+	@Test // http@create-session=ifRequired
+	public void configureWhenSessionCreationPolicyIfRequiredThenSessionCreatedWhenRequiredOnRequest() throws Exception {
+		this.spring.register(IfRequiredConfig.class).autowire();
+
+		MvcResult mvcResult = this.mockMvc.perform(get("/unsecure")).andReturn();
+		HttpSession session = mvcResult.getRequest().getSession(false);
+
+		assertThat(session).isNull();
+
+		mvcResult = this.mockMvc.perform(formLogin()).andReturn();
+		session = mvcResult.getRequest().getSession(false);
+
+		assertThat(session).isNotNull();
+		assertThat(session.isNew()).isTrue();
+	}
+
+	@Test // http@create-session=never
+	public void configureWhenSessionCreationPolicyNeverThenSessionNotCreatedOnRequest() throws Exception {
+		this.spring.register(CreateSessionNeverConfig.class).autowire();
+
+		MvcResult mvcResult = this.mockMvc.perform(get("/")).andReturn();
+		HttpSession session = mvcResult.getRequest().getSession(false);
+
+		assertThat(session).isNull();
+	}
+
+	@Test // http@entry-point-ref
+	public void configureWhenAuthenticationEntryPointSetAndRequestUnauthorizedThenRedirectedToAuthenticationEntryPoint()
+			throws Exception {
+		this.spring.register(EntryPointRefConfig.class).autowire();
+
+		this.mockMvc.perform(get("/")).andExpect(status().is3xxRedirection())
+				.andExpect(redirectedUrlPattern("**/entry-point"));
+	}
+
+	@Test // http@jaas-api-provision
+	public void configureWhenJaasApiIntegrationFilterAddedThenJaasSubjectObtained() throws Exception {
+		LoginContext loginContext = mock(LoginContext.class);
+		when(loginContext.getSubject()).thenReturn(new Subject());
+
+		JaasAuthenticationToken authenticationToken = mock(JaasAuthenticationToken.class);
+		when(authenticationToken.isAuthenticated()).thenReturn(true);
+		when(authenticationToken.getLoginContext()).thenReturn(loginContext);
+
+		this.spring.register(JaasApiProvisionConfig.class).autowire();
+
+		this.mockMvc.perform(get("/").with(authentication(authenticationToken)));
+
+		verify(loginContext, times(1)).getSubject();
+	}
+
+	@Test // http@realm
+	public void configureWhenHttpBasicAndRequestUnauthorizedThenReturnWWWAuthenticateWithRealm() throws Exception {
+		this.spring.register(RealmConfig.class).autowire();
+
+		this.mockMvc.perform(get("/")).andExpect(status().isUnauthorized())
+				.andExpect(header().string("WWW-Authenticate", "Basic realm=\"RealmConfig\""));
+	}
+
+	@Test // http@request-matcher-ref ant
+	public void configureWhenAntPatternMatchingThenAntPathRequestMatcherUsed() {
+		this.spring.register(RequestMatcherAntConfig.class).autowire();
+
+		FilterChainProxy filterChainProxy = this.spring.getContext().getBean(FilterChainProxy.class);
+
+		assertThat(filterChainProxy.getFilterChains().get(0)).isInstanceOf(DefaultSecurityFilterChain.class);
+		DefaultSecurityFilterChain securityFilterChain = (DefaultSecurityFilterChain) filterChainProxy.getFilterChains()
+				.get(0);
+		assertThat(securityFilterChain.getRequestMatcher()).isInstanceOf(AntPathRequestMatcher.class);
+	}
+
+	@Test // http@request-matcher-ref regex
+	public void configureWhenRegexPatternMatchingThenRegexRequestMatcherUsed() {
+		this.spring.register(RequestMatcherRegexConfig.class).autowire();
+
+		FilterChainProxy filterChainProxy = this.spring.getContext().getBean(FilterChainProxy.class);
+
+		assertThat(filterChainProxy.getFilterChains().get(0)).isInstanceOf(DefaultSecurityFilterChain.class);
+		DefaultSecurityFilterChain securityFilterChain = (DefaultSecurityFilterChain) filterChainProxy.getFilterChains()
+				.get(0);
+		assertThat(securityFilterChain.getRequestMatcher()).isInstanceOf(RegexRequestMatcher.class);
+	}
+
+	@Test // http@request-matcher-ref
+	public void configureWhenRequestMatcherProvidedThenRequestMatcherUsed() {
+		this.spring.register(RequestMatcherRefConfig.class).autowire();
+
+		FilterChainProxy filterChainProxy = this.spring.getContext().getBean(FilterChainProxy.class);
+
+		assertThat(filterChainProxy.getFilterChains().get(0)).isInstanceOf(DefaultSecurityFilterChain.class);
+		DefaultSecurityFilterChain securityFilterChain = (DefaultSecurityFilterChain) filterChainProxy.getFilterChains()
+				.get(0);
+		assertThat(securityFilterChain.getRequestMatcher())
+				.isInstanceOf(RequestMatcherRefConfig.MyRequestMatcher.class);
+	}
+
+	@Test // http@security=none
+	public void configureWhenIgnoredAntPatternsThenAntPathRequestMatcherUsedWithNoFilters() {
+		this.spring.register(SecurityNoneConfig.class).autowire();
+
+		FilterChainProxy filterChainProxy = this.spring.getContext().getBean(FilterChainProxy.class);
+
+		assertThat(filterChainProxy.getFilterChains().get(0)).isInstanceOf(DefaultSecurityFilterChain.class);
+		DefaultSecurityFilterChain securityFilterChain = (DefaultSecurityFilterChain) filterChainProxy.getFilterChains()
+				.get(0);
+		assertThat(securityFilterChain.getRequestMatcher()).isInstanceOf(AntPathRequestMatcher.class);
+		assertThat(((AntPathRequestMatcher) securityFilterChain.getRequestMatcher()).getPattern())
+				.isEqualTo("/resources/**");
+		assertThat(securityFilterChain.getFilters()).isEmpty();
+
+		assertThat(filterChainProxy.getFilterChains().get(1)).isInstanceOf(DefaultSecurityFilterChain.class);
+		securityFilterChain = (DefaultSecurityFilterChain) filterChainProxy.getFilterChains().get(1);
+		assertThat(securityFilterChain.getRequestMatcher()).isInstanceOf(AntPathRequestMatcher.class);
+		assertThat(((AntPathRequestMatcher) securityFilterChain.getRequestMatcher()).getPattern())
+				.isEqualTo("/public/**");
+		assertThat(securityFilterChain.getFilters()).isEmpty();
+	}
+
+	@Test // http@security-context-repository-ref
+	public void configureWhenNullSecurityContextRepositoryThenSecurityContextNotSavedInSession() throws Exception {
+		this.spring.register(SecurityContextRepoConfig.class).autowire();
+
+		MvcResult mvcResult = this.mockMvc.perform(formLogin()).andReturn();
+		HttpSession session = mvcResult.getRequest().getSession(false);
+		assertThat(session).isNull();
+	}
+
+	@Test // http@servlet-api-provision=false
+	public void configureWhenServletApiDisabledThenRequestNotServletApiWrapper() throws Exception {
+		this.spring.register(ServletApiProvisionConfig.class, MainController.class).autowire();
+
+		this.mockMvc.perform(get("/"));
+
+		assertThat(MainController.HTTP_SERVLET_REQUEST_TYPE)
+				.isNotInstanceOf(SecurityContextHolderAwareRequestWrapper.class);
+	}
+
+	@Test // http@servlet-api-provision defaults to true
+	public void configureWhenServletApiDefaultThenRequestIsServletApiWrapper() throws Exception {
+		this.spring.register(ServletApiProvisionDefaultsConfig.class, MainController.class).autowire();
+
+		this.mockMvc.perform(get("/"));
+
+		assertThat(SecurityContextHolderAwareRequestWrapper.class)
+				.isAssignableFrom(MainController.HTTP_SERVLET_REQUEST_TYPE);
+	}
+
+	@Test // http@use-expressions=true
+	public void configureWhenUseExpressionsEnabledThenExpressionBasedSecurityMetadataSource() {
+		this.spring.register(UseExpressionsConfig.class).autowire();
+
+		UseExpressionsConfig config = this.spring.getContext().getBean(UseExpressionsConfig.class);
+
+		assertThat(ExpressionBasedFilterInvocationSecurityMetadataSource.class)
+				.isAssignableFrom(config.filterInvocationSecurityMetadataSourceType);
+	}
+
+	@Test // http@use-expressions=false
+	public void configureWhenUseExpressionsDisabledThenDefaultSecurityMetadataSource() {
+		this.spring.register(DisableUseExpressionsConfig.class).autowire();
+
+		DisableUseExpressionsConfig config = this.spring.getContext().getBean(DisableUseExpressionsConfig.class);
+
+		assertThat(DefaultFilterInvocationSecurityMetadataSource.class)
+				.isAssignableFrom(config.filterInvocationSecurityMetadataSourceType);
+	}
+
 	@EnableWebSecurity
 	static class AccessDecisionManagerRefConfig extends WebSecurityConfigurerAdapter {
 
@@ -118,14 +324,6 @@ public class NamespaceHttpTests {
 
 	}
 
-	@Test // http@access-denied-page
-	public void configureWhenAccessDeniedPageSetAndRequestForbiddenThenForwardedToAccessDeniedPage() throws Exception {
-		this.spring.register(AccessDeniedPageConfig.class).autowire();
-
-		this.mockMvc.perform(get("/admin").with(user(PasswordEncodedUser.user()))).andExpect(status().isForbidden())
-				.andExpect(forwardedUrl("/AccessDeniedPage"));
-	}
-
 	@EnableWebSecurity
 	static class AccessDeniedPageConfig extends WebSecurityConfigurerAdapter {
 
@@ -144,16 +342,6 @@ public class NamespaceHttpTests {
 
 	}
 
-	@Test // http@authentication-manager-ref
-	public void configureWhenAuthenticationManagerProvidedThenVerifyUse() throws Exception {
-		AuthenticationManagerRefConfig.AUTHENTICATION_MANAGER = mock(AuthenticationManager.class);
-		this.spring.register(AuthenticationManagerRefConfig.class).autowire();
-
-		this.mockMvc.perform(formLogin());
-
-		verify(AuthenticationManagerRefConfig.AUTHENTICATION_MANAGER, times(1)).authenticate(any(Authentication.class));
-	}
-
 	@EnableWebSecurity
 	static class AuthenticationManagerRefConfig extends WebSecurityConfigurerAdapter {
 
@@ -177,17 +365,6 @@ public class NamespaceHttpTests {
 
 	}
 
-	@Test // http@create-session=always
-	public void configureWhenSessionCreationPolicyAlwaysThenSessionCreatedOnRequest() throws Exception {
-		this.spring.register(CreateSessionAlwaysConfig.class).autowire();
-
-		MvcResult mvcResult = this.mockMvc.perform(get("/")).andReturn();
-		HttpSession session = mvcResult.getRequest().getSession(false);
-
-		assertThat(session).isNotNull();
-		assertThat(session.isNew()).isTrue();
-	}
-
 	@EnableWebSecurity
 	static class CreateSessionAlwaysConfig extends WebSecurityConfigurerAdapter {
 
@@ -205,16 +382,6 @@ public class NamespaceHttpTests {
 
 	}
 
-	@Test // http@create-session=stateless
-	public void configureWhenSessionCreationPolicyStatelessThenSessionNotCreatedOnRequest() throws Exception {
-		this.spring.register(CreateSessionStatelessConfig.class).autowire();
-
-		MvcResult mvcResult = this.mockMvc.perform(get("/")).andReturn();
-		HttpSession session = mvcResult.getRequest().getSession(false);
-
-		assertThat(session).isNull();
-	}
-
 	@EnableWebSecurity
 	static class CreateSessionStatelessConfig extends WebSecurityConfigurerAdapter {
 
@@ -232,22 +399,6 @@ public class NamespaceHttpTests {
 
 	}
 
-	@Test // http@create-session=ifRequired
-	public void configureWhenSessionCreationPolicyIfRequiredThenSessionCreatedWhenRequiredOnRequest() throws Exception {
-		this.spring.register(IfRequiredConfig.class).autowire();
-
-		MvcResult mvcResult = this.mockMvc.perform(get("/unsecure")).andReturn();
-		HttpSession session = mvcResult.getRequest().getSession(false);
-
-		assertThat(session).isNull();
-
-		mvcResult = this.mockMvc.perform(formLogin()).andReturn();
-		session = mvcResult.getRequest().getSession(false);
-
-		assertThat(session).isNotNull();
-		assertThat(session.isNew()).isTrue();
-	}
-
 	@EnableWebSecurity
 	static class IfRequiredConfig extends WebSecurityConfigurerAdapter {
 
@@ -268,16 +419,6 @@ public class NamespaceHttpTests {
 
 	}
 
-	@Test // http@create-session=never
-	public void configureWhenSessionCreationPolicyNeverThenSessionNotCreatedOnRequest() throws Exception {
-		this.spring.register(CreateSessionNeverConfig.class).autowire();
-
-		MvcResult mvcResult = this.mockMvc.perform(get("/")).andReturn();
-		HttpSession session = mvcResult.getRequest().getSession(false);
-
-		assertThat(session).isNull();
-	}
-
 	@EnableWebSecurity
 	static class CreateSessionNeverConfig extends WebSecurityConfigurerAdapter {
 
@@ -295,15 +436,6 @@ public class NamespaceHttpTests {
 
 	}
 
-	@Test // http@entry-point-ref
-	public void configureWhenAuthenticationEntryPointSetAndRequestUnauthorizedThenRedirectedToAuthenticationEntryPoint()
-			throws Exception {
-		this.spring.register(EntryPointRefConfig.class).autowire();
-
-		this.mockMvc.perform(get("/")).andExpect(status().is3xxRedirection())
-				.andExpect(redirectedUrlPattern("**/entry-point"));
-	}
-
 	@EnableWebSecurity
 	static class EntryPointRefConfig extends WebSecurityConfigurerAdapter {
 
@@ -323,22 +455,6 @@ public class NamespaceHttpTests {
 
 	}
 
-	@Test // http@jaas-api-provision
-	public void configureWhenJaasApiIntegrationFilterAddedThenJaasSubjectObtained() throws Exception {
-		LoginContext loginContext = mock(LoginContext.class);
-		when(loginContext.getSubject()).thenReturn(new Subject());
-
-		JaasAuthenticationToken authenticationToken = mock(JaasAuthenticationToken.class);
-		when(authenticationToken.isAuthenticated()).thenReturn(true);
-		when(authenticationToken.getLoginContext()).thenReturn(loginContext);
-
-		this.spring.register(JaasApiProvisionConfig.class).autowire();
-
-		this.mockMvc.perform(get("/").with(authentication(authenticationToken)));
-
-		verify(loginContext, times(1)).getSubject();
-	}
-
 	@EnableWebSecurity
 	static class JaasApiProvisionConfig extends WebSecurityConfigurerAdapter {
 
@@ -352,14 +468,6 @@ public class NamespaceHttpTests {
 
 	}
 
-	@Test // http@realm
-	public void configureWhenHttpBasicAndRequestUnauthorizedThenReturnWWWAuthenticateWithRealm() throws Exception {
-		this.spring.register(RealmConfig.class).autowire();
-
-		this.mockMvc.perform(get("/")).andExpect(status().isUnauthorized())
-				.andExpect(header().string("WWW-Authenticate", "Basic realm=\"RealmConfig\""));
-	}
-
 	@EnableWebSecurity
 	static class RealmConfig extends WebSecurityConfigurerAdapter {
 
@@ -377,18 +485,6 @@ public class NamespaceHttpTests {
 
 	}
 
-	@Test // http@request-matcher-ref ant
-	public void configureWhenAntPatternMatchingThenAntPathRequestMatcherUsed() {
-		this.spring.register(RequestMatcherAntConfig.class).autowire();
-
-		FilterChainProxy filterChainProxy = this.spring.getContext().getBean(FilterChainProxy.class);
-
-		assertThat(filterChainProxy.getFilterChains().get(0)).isInstanceOf(DefaultSecurityFilterChain.class);
-		DefaultSecurityFilterChain securityFilterChain = (DefaultSecurityFilterChain) filterChainProxy.getFilterChains()
-				.get(0);
-		assertThat(securityFilterChain.getRequestMatcher()).isInstanceOf(AntPathRequestMatcher.class);
-	}
-
 	@EnableWebSecurity
 	static class RequestMatcherAntConfig extends WebSecurityConfigurerAdapter {
 
@@ -402,18 +498,6 @@ public class NamespaceHttpTests {
 
 	}
 
-	@Test // http@request-matcher-ref regex
-	public void configureWhenRegexPatternMatchingThenRegexRequestMatcherUsed() {
-		this.spring.register(RequestMatcherRegexConfig.class).autowire();
-
-		FilterChainProxy filterChainProxy = this.spring.getContext().getBean(FilterChainProxy.class);
-
-		assertThat(filterChainProxy.getFilterChains().get(0)).isInstanceOf(DefaultSecurityFilterChain.class);
-		DefaultSecurityFilterChain securityFilterChain = (DefaultSecurityFilterChain) filterChainProxy.getFilterChains()
-				.get(0);
-		assertThat(securityFilterChain.getRequestMatcher()).isInstanceOf(RegexRequestMatcher.class);
-	}
-
 	@EnableWebSecurity
 	static class RequestMatcherRegexConfig extends WebSecurityConfigurerAdapter {
 
@@ -427,19 +511,6 @@ public class NamespaceHttpTests {
 
 	}
 
-	@Test // http@request-matcher-ref
-	public void configureWhenRequestMatcherProvidedThenRequestMatcherUsed() {
-		this.spring.register(RequestMatcherRefConfig.class).autowire();
-
-		FilterChainProxy filterChainProxy = this.spring.getContext().getBean(FilterChainProxy.class);
-
-		assertThat(filterChainProxy.getFilterChains().get(0)).isInstanceOf(DefaultSecurityFilterChain.class);
-		DefaultSecurityFilterChain securityFilterChain = (DefaultSecurityFilterChain) filterChainProxy.getFilterChains()
-				.get(0);
-		assertThat(securityFilterChain.getRequestMatcher())
-				.isInstanceOf(RequestMatcherRefConfig.MyRequestMatcher.class);
-	}
-
 	@EnableWebSecurity
 	static class RequestMatcherRefConfig extends WebSecurityConfigurerAdapter {
 
@@ -462,28 +533,6 @@ public class NamespaceHttpTests {
 
 	}
 
-	@Test // http@security=none
-	public void configureWhenIgnoredAntPatternsThenAntPathRequestMatcherUsedWithNoFilters() {
-		this.spring.register(SecurityNoneConfig.class).autowire();
-
-		FilterChainProxy filterChainProxy = this.spring.getContext().getBean(FilterChainProxy.class);
-
-		assertThat(filterChainProxy.getFilterChains().get(0)).isInstanceOf(DefaultSecurityFilterChain.class);
-		DefaultSecurityFilterChain securityFilterChain = (DefaultSecurityFilterChain) filterChainProxy.getFilterChains()
-				.get(0);
-		assertThat(securityFilterChain.getRequestMatcher()).isInstanceOf(AntPathRequestMatcher.class);
-		assertThat(((AntPathRequestMatcher) securityFilterChain.getRequestMatcher()).getPattern())
-				.isEqualTo("/resources/**");
-		assertThat(securityFilterChain.getFilters()).isEmpty();
-
-		assertThat(filterChainProxy.getFilterChains().get(1)).isInstanceOf(DefaultSecurityFilterChain.class);
-		securityFilterChain = (DefaultSecurityFilterChain) filterChainProxy.getFilterChains().get(1);
-		assertThat(securityFilterChain.getRequestMatcher()).isInstanceOf(AntPathRequestMatcher.class);
-		assertThat(((AntPathRequestMatcher) securityFilterChain.getRequestMatcher()).getPattern())
-				.isEqualTo("/public/**");
-		assertThat(securityFilterChain.getFilters()).isEmpty();
-	}
-
 	@EnableWebSecurity
 	static class SecurityNoneConfig extends WebSecurityConfigurerAdapter {
 
@@ -498,15 +547,6 @@ public class NamespaceHttpTests {
 
 	}
 
-	@Test // http@security-context-repository-ref
-	public void configureWhenNullSecurityContextRepositoryThenSecurityContextNotSavedInSession() throws Exception {
-		this.spring.register(SecurityContextRepoConfig.class).autowire();
-
-		MvcResult mvcResult = this.mockMvc.perform(formLogin()).andReturn();
-		HttpSession session = mvcResult.getRequest().getSession(false);
-		assertThat(session).isNull();
-	}
-
 	@EnableWebSecurity
 	static class SecurityContextRepoConfig extends WebSecurityConfigurerAdapter {
 
@@ -535,16 +575,6 @@ public class NamespaceHttpTests {
 
 	}
 
-	@Test // http@servlet-api-provision=false
-	public void configureWhenServletApiDisabledThenRequestNotServletApiWrapper() throws Exception {
-		this.spring.register(ServletApiProvisionConfig.class, MainController.class).autowire();
-
-		this.mockMvc.perform(get("/"));
-
-		assertThat(MainController.HTTP_SERVLET_REQUEST_TYPE)
-				.isNotInstanceOf(SecurityContextHolderAwareRequestWrapper.class);
-	}
-
 	@EnableWebSecurity
 	static class ServletApiProvisionConfig extends WebSecurityConfigurerAdapter {
 
@@ -562,16 +592,6 @@ public class NamespaceHttpTests {
 
 	}
 
-	@Test // http@servlet-api-provision defaults to true
-	public void configureWhenServletApiDefaultThenRequestIsServletApiWrapper() throws Exception {
-		this.spring.register(ServletApiProvisionDefaultsConfig.class, MainController.class).autowire();
-
-		this.mockMvc.perform(get("/"));
-
-		assertThat(SecurityContextHolderAwareRequestWrapper.class)
-				.isAssignableFrom(MainController.HTTP_SERVLET_REQUEST_TYPE);
-	}
-
 	@EnableWebSecurity
 	static class ServletApiProvisionDefaultsConfig extends WebSecurityConfigurerAdapter {
 
@@ -599,16 +619,6 @@ public class NamespaceHttpTests {
 
 	}
 
-	@Test // http@use-expressions=true
-	public void configureWhenUseExpressionsEnabledThenExpressionBasedSecurityMetadataSource() {
-		this.spring.register(UseExpressionsConfig.class).autowire();
-
-		UseExpressionsConfig config = this.spring.getContext().getBean(UseExpressionsConfig.class);
-
-		assertThat(ExpressionBasedFilterInvocationSecurityMetadataSource.class)
-				.isAssignableFrom(config.filterInvocationSecurityMetadataSourceType);
-	}
-
 	@EnableWebSecurity
 	static class UseExpressionsConfig extends WebSecurityConfigurerAdapter {
 
@@ -638,16 +648,6 @@ public class NamespaceHttpTests {
 
 	}
 
-	@Test // http@use-expressions=false
-	public void configureWhenUseExpressionsDisabledThenDefaultSecurityMetadataSource() {
-		this.spring.register(DisableUseExpressionsConfig.class).autowire();
-
-		DisableUseExpressionsConfig config = this.spring.getContext().getBean(DisableUseExpressionsConfig.class);
-
-		assertThat(DefaultFilterInvocationSecurityMetadataSource.class)
-				.isAssignableFrom(config.filterInvocationSecurityMetadataSourceType);
-	}
-
 	@EnableWebSecurity
 	static class DisableUseExpressionsConfig extends WebSecurityConfigurerAdapter {
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/builders/WebSecurityTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/builders/WebSecurityTests.java
index b773e244c8..223dabf3b2 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/builders/WebSecurityTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/builders/WebSecurityTests.java
@@ -103,6 +103,50 @@ public class WebSecurityTests {
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
 	}
 
+	@Test
+	public void ignoringMvcMatcherServletPath() throws Exception {
+		loadConfig(MvcMatcherServletPathConfig.class, LegacyMvcMatchingConfig.class);
+
+		this.request.setServletPath("/spring");
+		this.request.setRequestURI("/spring/path");
+		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
+
+		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
+
+		setup();
+
+		this.request.setServletPath("/spring");
+		this.request.setRequestURI("/spring/path.html");
+		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
+
+		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
+
+		setup();
+
+		this.request.setServletPath("/spring");
+		this.request.setRequestURI("/spring/path/");
+		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
+
+		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
+
+		setup();
+
+		this.request.setServletPath("/other");
+		this.request.setRequestURI("/other/path");
+		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
+
+		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
+	}
+
+	public void loadConfig(Class<?>... configs) {
+		this.context = new AnnotationConfigWebApplicationContext();
+		this.context.register(configs);
+		this.context.setServletContext(new MockServletContext());
+		this.context.refresh();
+
+		this.context.getAutowireCapableBeanFactory().autowireBean(this);
+	}
+
 	@EnableWebSecurity
 	@Configuration
 	@EnableWebMvc
@@ -147,41 +191,6 @@ public class WebSecurityTests {
 
 	}
 
-	@Test
-	public void ignoringMvcMatcherServletPath() throws Exception {
-		loadConfig(MvcMatcherServletPathConfig.class, LegacyMvcMatchingConfig.class);
-
-		this.request.setServletPath("/spring");
-		this.request.setRequestURI("/spring/path");
-		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
-		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
-
-		setup();
-
-		this.request.setServletPath("/spring");
-		this.request.setRequestURI("/spring/path.html");
-		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
-		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
-
-		setup();
-
-		this.request.setServletPath("/spring");
-		this.request.setRequestURI("/spring/path/");
-		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
-		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
-
-		setup();
-
-		this.request.setServletPath("/other");
-		this.request.setRequestURI("/other/path");
-		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
-		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
-	}
-
 	@EnableWebSecurity
 	@Configuration
 	@EnableWebMvc
@@ -237,13 +246,4 @@ public class WebSecurityTests {
 
 	}
 
-	public void loadConfig(Class<?>... configs) {
-		this.context = new AnnotationConfigWebApplicationContext();
-		this.context.register(configs);
-		this.context.setServletContext(new MockServletContext());
-		this.context.refresh();
-
-		this.context.getAutowireCapableBeanFactory().autowireBean(this);
-	}
-
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/EnableWebSecurityTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/EnableWebSecurityTests.java
index aaa399372f..962db3234d 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/EnableWebSecurityTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/EnableWebSecurityTests.java
@@ -63,6 +63,48 @@ public class EnableWebSecurityTests {
 		assertThat(authentication.isAuthenticated()).isTrue();
 	}
 
+	@Test
+	public void loadConfigWhenChildConfigExtendsSecurityConfigThenSecurityConfigInherited() {
+		this.spring.register(ChildSecurityConfig.class).autowire();
+		this.spring.getContext().getBean("springSecurityFilterChain", DebugFilter.class);
+	}
+
+	@Test
+	public void configureWhenEnableWebMvcThenAuthenticationPrincipalResolvable() throws Exception {
+		this.spring.register(AuthenticationPrincipalConfig.class).autowire();
+
+		this.mockMvc.perform(get("/").with(authentication(new TestingAuthenticationToken("user1", "password"))))
+				.andExpect(content().string("user1"));
+	}
+
+	@Test
+	public void securityFilterChainWhenEnableWebMvcThenAuthenticationPrincipalResolvable() throws Exception {
+		this.spring.register(SecurityFilterChainAuthenticationPrincipalConfig.class).autowire();
+
+		this.mockMvc.perform(get("/").with(authentication(new TestingAuthenticationToken("user1", "password"))))
+				.andExpect(content().string("user1"));
+	}
+
+	@Test
+	public void enableWebSecurityWhenNoConfigurationAnnotationThenBeanProxyingEnabled() {
+		this.spring.register(BeanProxyEnabledByDefaultConfig.class).autowire();
+
+		Child childBean = this.spring.getContext().getBean(Child.class);
+		Parent parentBean = this.spring.getContext().getBean(Parent.class);
+
+		assertThat(parentBean.getChild()).isSameAs(childBean);
+	}
+
+	@Test
+	public void enableWebSecurityWhenProxyBeanMethodsFalseThenBeanProxyingDisabled() {
+		this.spring.register(BeanProxyDisabledConfig.class).autowire();
+
+		Child childBean = this.spring.getContext().getBean(Child.class);
+		Parent parentBean = this.spring.getContext().getBean(Parent.class);
+
+		assertThat(parentBean.getChild()).isNotSameAs(childBean);
+	}
+
 	@EnableWebSecurity
 	static class SecurityConfig extends WebSecurityConfigurerAdapter {
 
@@ -94,12 +136,6 @@ public class EnableWebSecurityTests {
 
 	}
 
-	@Test
-	public void loadConfigWhenChildConfigExtendsSecurityConfigThenSecurityConfigInherited() {
-		this.spring.register(ChildSecurityConfig.class).autowire();
-		this.spring.getContext().getBean("springSecurityFilterChain", DebugFilter.class);
-	}
-
 	@Configuration
 	static class ChildSecurityConfig extends DebugSecurityConfig {
 
@@ -110,14 +146,6 @@ public class EnableWebSecurityTests {
 
 	}
 
-	@Test
-	public void configureWhenEnableWebMvcThenAuthenticationPrincipalResolvable() throws Exception {
-		this.spring.register(AuthenticationPrincipalConfig.class).autowire();
-
-		this.mockMvc.perform(get("/").with(authentication(new TestingAuthenticationToken("user1", "password"))))
-				.andExpect(content().string("user1"));
-	}
-
 	@EnableWebSecurity
 	@EnableWebMvc
 	static class AuthenticationPrincipalConfig extends WebSecurityConfigurerAdapter {
@@ -138,14 +166,6 @@ public class EnableWebSecurityTests {
 
 	}
 
-	@Test
-	public void securityFilterChainWhenEnableWebMvcThenAuthenticationPrincipalResolvable() throws Exception {
-		this.spring.register(SecurityFilterChainAuthenticationPrincipalConfig.class).autowire();
-
-		this.mockMvc.perform(get("/").with(authentication(new TestingAuthenticationToken("user1", "password"))))
-				.andExpect(content().string("user1"));
-	}
-
 	@EnableWebSecurity
 	@EnableWebMvc
 	static class SecurityFilterChainAuthenticationPrincipalConfig {
@@ -167,16 +187,6 @@ public class EnableWebSecurityTests {
 
 	}
 
-	@Test
-	public void enableWebSecurityWhenNoConfigurationAnnotationThenBeanProxyingEnabled() {
-		this.spring.register(BeanProxyEnabledByDefaultConfig.class).autowire();
-
-		Child childBean = this.spring.getContext().getBean(Child.class);
-		Parent parentBean = this.spring.getContext().getBean(Parent.class);
-
-		assertThat(parentBean.getChild()).isSameAs(childBean);
-	}
-
 	@EnableWebSecurity
 	static class BeanProxyEnabledByDefaultConfig extends WebSecurityConfigurerAdapter {
 
@@ -192,16 +202,6 @@ public class EnableWebSecurityTests {
 
 	}
 
-	@Test
-	public void enableWebSecurityWhenProxyBeanMethodsFalseThenBeanProxyingDisabled() {
-		this.spring.register(BeanProxyDisabledConfig.class).autowire();
-
-		Child childBean = this.spring.getContext().getBean(Child.class);
-		Parent parentBean = this.spring.getContext().getBean(Parent.class);
-
-		assertThat(parentBean.getChild()).isNotSameAs(childBean);
-	}
-
 	@Configuration(proxyBeanMethods = false)
 	@EnableWebSecurity
 	static class BeanProxyDisabledConfig extends WebSecurityConfigurerAdapter {
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfigurationTests.java
index bbe01aaf1d..6e2eb6804c 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfigurationTests.java
@@ -114,26 +114,6 @@ public class HttpSecurityConfigurationTests {
 		this.mockMvc.perform(asyncDispatch(mvcResult)).andExpect(status().isOk()).andExpect(content().string("Bob"));
 	}
 
-	@RestController
-	static class NameController {
-
-		@GetMapping("/name")
-		public Callable<String> name() {
-			return () -> SecurityContextHolder.getContext().getAuthentication().getName();
-		}
-
-	}
-
-	@EnableWebSecurity
-	static class DefaultWithFilterChainConfig {
-
-		@Bean
-		public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
-			return http.build();
-		}
-
-	}
-
 	@Test
 	public void getWhenDefaultFilterChainBeanThenAnonymousPermitted() throws Exception {
 		this.spring.register(AuthorizeRequestsConfig.class, UserDetailsConfig.class, BaseController.class).autowire();
@@ -141,16 +121,6 @@ public class HttpSecurityConfigurationTests {
 		this.mockMvc.perform(get("/")).andExpect(status().isOk());
 	}
 
-	@EnableWebSecurity
-	static class AuthorizeRequestsConfig {
-
-		@Bean
-		public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
-			return http.authorizeRequests(authorize -> authorize.anyRequest().permitAll()).build();
-		}
-
-	}
-
 	@Test
 	public void authenticateWhenDefaultFilterChainBeanThenSessionIdChanges() throws Exception {
 		this.spring.register(SecurityEnabledConfig.class, UserDetailsConfig.class).autowire();
@@ -194,6 +164,36 @@ public class HttpSecurityConfigurationTests {
 		this.mockMvc.perform(get("/login")).andExpect(status().isOk());
 	}
 
+	@RestController
+	static class NameController {
+
+		@GetMapping("/name")
+		public Callable<String> name() {
+			return () -> SecurityContextHolder.getContext().getAuthentication().getName();
+		}
+
+	}
+
+	@EnableWebSecurity
+	static class DefaultWithFilterChainConfig {
+
+		@Bean
+		public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+			return http.build();
+		}
+
+	}
+
+	@EnableWebSecurity
+	static class AuthorizeRequestsConfig {
+
+		@Bean
+		public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+			return http.authorizeRequests(authorize -> authorize.anyRequest().permitAll()).build();
+		}
+
+	}
+
 	@EnableWebSecurity
 	static class SecurityEnabledConfig {
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfigurationTests.java
index 6a1edaec4f..08af641427 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfigurationTests.java
@@ -133,6 +133,68 @@ public class OAuth2ClientConfigurationTests {
 		verify(accessTokenResponseClient, times(1)).getTokenResponse(any(OAuth2ClientCredentialsGrantRequest.class));
 	}
 
+	// gh-5321
+	@Test
+	public void loadContextWhenOAuth2AuthorizedClientRepositoryRegisteredTwiceThenThrowNoUniqueBeanDefinitionException() {
+		assertThatThrownBy(
+				() -> this.spring.register(OAuth2AuthorizedClientRepositoryRegisteredTwiceConfig.class).autowire())
+						.hasRootCauseInstanceOf(NoUniqueBeanDefinitionException.class)
+						.hasMessageContaining("Expected single matching bean of type '"
+								+ OAuth2AuthorizedClientRepository.class.getName()
+								+ "' but found 2: authorizedClientRepository1,authorizedClientRepository2");
+	}
+
+	@Test
+	public void loadContextWhenClientRegistrationRepositoryNotRegisteredThenThrowNoSuchBeanDefinitionException() {
+		assertThatThrownBy(() -> this.spring.register(ClientRegistrationRepositoryNotRegisteredConfig.class).autowire())
+				.hasRootCauseInstanceOf(NoSuchBeanDefinitionException.class).hasMessageContaining(
+						"No qualifying bean of type '" + ClientRegistrationRepository.class.getName() + "' available");
+	}
+
+	@Test
+	public void loadContextWhenClientRegistrationRepositoryRegisteredTwiceThenThrowNoUniqueBeanDefinitionException() {
+		assertThatThrownBy(() -> this.spring.register(ClientRegistrationRepositoryRegisteredTwiceConfig.class)
+				.autowire()).hasRootCauseInstanceOf(NoUniqueBeanDefinitionException.class).hasMessageContaining(
+						"expected single matching bean but found 2: clientRegistrationRepository1,clientRegistrationRepository2");
+	}
+
+	@Test
+	public void loadContextWhenAccessTokenResponseClientRegisteredTwiceThenThrowNoUniqueBeanDefinitionException() {
+		assertThatThrownBy(() -> this.spring.register(AccessTokenResponseClientRegisteredTwiceConfig.class).autowire())
+				.hasRootCauseInstanceOf(NoUniqueBeanDefinitionException.class).hasMessageContaining(
+						"expected single matching bean but found 2: accessTokenResponseClient1,accessTokenResponseClient2");
+	}
+
+	// gh-8700
+	@Test
+	public void requestWhenAuthorizedClientManagerConfiguredThenUsed() throws Exception {
+		String clientRegistrationId = "client1";
+		String principalName = "user1";
+		TestingAuthenticationToken authentication = new TestingAuthenticationToken(principalName, "password");
+
+		ClientRegistrationRepository clientRegistrationRepository = mock(ClientRegistrationRepository.class);
+		OAuth2AuthorizedClientRepository authorizedClientRepository = mock(OAuth2AuthorizedClientRepository.class);
+		OAuth2AuthorizedClientManager authorizedClientManager = mock(OAuth2AuthorizedClientManager.class);
+
+		ClientRegistration clientRegistration = clientRegistration().registrationId(clientRegistrationId).build();
+		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(clientRegistration, principalName,
+				TestOAuth2AccessTokens.noScopes());
+
+		when(authorizedClientManager.authorize(any())).thenReturn(authorizedClient);
+
+		OAuth2AuthorizedClientManagerRegisteredConfig.CLIENT_REGISTRATION_REPOSITORY = clientRegistrationRepository;
+		OAuth2AuthorizedClientManagerRegisteredConfig.AUTHORIZED_CLIENT_REPOSITORY = authorizedClientRepository;
+		OAuth2AuthorizedClientManagerRegisteredConfig.AUTHORIZED_CLIENT_MANAGER = authorizedClientManager;
+		this.spring.register(OAuth2AuthorizedClientManagerRegisteredConfig.class).autowire();
+
+		this.mockMvc.perform(get("/authorized-client").with(authentication(authentication))).andExpect(status().isOk())
+				.andExpect(content().string("resolved"));
+
+		verify(authorizedClientManager).authorize(any());
+		verifyNoInteractions(clientRegistrationRepository);
+		verifyNoInteractions(authorizedClientRepository);
+	}
+
 	@EnableWebMvc
 	@EnableWebSecurity
 	static class OAuth2AuthorizedClientArgumentResolverConfig extends WebSecurityConfigurerAdapter {
@@ -145,17 +207,6 @@ public class OAuth2ClientConfigurationTests {
 		protected void configure(HttpSecurity http) {
 		}
 
-		@RestController
-		public class Controller {
-
-			@GetMapping("/authorized-client")
-			public String authorizedClient(
-					@RegisteredOAuth2AuthorizedClient("client1") OAuth2AuthorizedClient authorizedClient) {
-				return authorizedClient != null ? "resolved" : "not-resolved";
-			}
-
-		}
-
 		@Bean
 		public ClientRegistrationRepository clientRegistrationRepository() {
 			return CLIENT_REGISTRATION_REPOSITORY;
@@ -171,17 +222,17 @@ public class OAuth2ClientConfigurationTests {
 			return ACCESS_TOKEN_RESPONSE_CLIENT;
 		}
 
-	}
+		@RestController
+		public class Controller {
+
+			@GetMapping("/authorized-client")
+			public String authorizedClient(
+					@RegisteredOAuth2AuthorizedClient("client1") OAuth2AuthorizedClient authorizedClient) {
+				return authorizedClient != null ? "resolved" : "not-resolved";
+			}
+
+		}
 
-	// gh-5321
-	@Test
-	public void loadContextWhenOAuth2AuthorizedClientRepositoryRegisteredTwiceThenThrowNoUniqueBeanDefinitionException() {
-		assertThatThrownBy(
-				() -> this.spring.register(OAuth2AuthorizedClientRepositoryRegisteredTwiceConfig.class).autowire())
-						.hasRootCauseInstanceOf(NoUniqueBeanDefinitionException.class)
-						.hasMessageContaining("Expected single matching bean of type '"
-								+ OAuth2AuthorizedClientRepository.class.getName()
-								+ "' but found 2: authorizedClientRepository1,authorizedClientRepository2");
 	}
 
 	@EnableWebMvc
@@ -221,13 +272,6 @@ public class OAuth2ClientConfigurationTests {
 
 	}
 
-	@Test
-	public void loadContextWhenClientRegistrationRepositoryNotRegisteredThenThrowNoSuchBeanDefinitionException() {
-		assertThatThrownBy(() -> this.spring.register(ClientRegistrationRepositoryNotRegisteredConfig.class).autowire())
-				.hasRootCauseInstanceOf(NoSuchBeanDefinitionException.class).hasMessageContaining(
-						"No qualifying bean of type '" + ClientRegistrationRepository.class.getName() + "' available");
-	}
-
 	@EnableWebMvc
 	@EnableWebSecurity
 	static class ClientRegistrationRepositoryNotRegisteredConfig extends WebSecurityConfigurerAdapter {
@@ -245,13 +289,6 @@ public class OAuth2ClientConfigurationTests {
 
 	}
 
-	@Test
-	public void loadContextWhenClientRegistrationRepositoryRegisteredTwiceThenThrowNoUniqueBeanDefinitionException() {
-		assertThatThrownBy(() -> this.spring.register(ClientRegistrationRepositoryRegisteredTwiceConfig.class)
-				.autowire()).hasRootCauseInstanceOf(NoUniqueBeanDefinitionException.class).hasMessageContaining(
-						"expected single matching bean but found 2: clientRegistrationRepository1,clientRegistrationRepository2");
-	}
-
 	@EnableWebMvc
 	@EnableWebSecurity
 	static class ClientRegistrationRepositoryRegisteredTwiceConfig extends WebSecurityConfigurerAdapter {
@@ -289,13 +326,6 @@ public class OAuth2ClientConfigurationTests {
 
 	}
 
-	@Test
-	public void loadContextWhenAccessTokenResponseClientRegisteredTwiceThenThrowNoUniqueBeanDefinitionException() {
-		assertThatThrownBy(() -> this.spring.register(AccessTokenResponseClientRegisteredTwiceConfig.class).autowire())
-				.hasRootCauseInstanceOf(NoUniqueBeanDefinitionException.class).hasMessageContaining(
-						"expected single matching bean but found 2: accessTokenResponseClient1,accessTokenResponseClient2");
-	}
-
 	@EnableWebMvc
 	@EnableWebSecurity
 	static class AccessTokenResponseClientRegisteredTwiceConfig extends WebSecurityConfigurerAdapter {
@@ -333,36 +363,6 @@ public class OAuth2ClientConfigurationTests {
 
 	}
 
-	// gh-8700
-	@Test
-	public void requestWhenAuthorizedClientManagerConfiguredThenUsed() throws Exception {
-		String clientRegistrationId = "client1";
-		String principalName = "user1";
-		TestingAuthenticationToken authentication = new TestingAuthenticationToken(principalName, "password");
-
-		ClientRegistrationRepository clientRegistrationRepository = mock(ClientRegistrationRepository.class);
-		OAuth2AuthorizedClientRepository authorizedClientRepository = mock(OAuth2AuthorizedClientRepository.class);
-		OAuth2AuthorizedClientManager authorizedClientManager = mock(OAuth2AuthorizedClientManager.class);
-
-		ClientRegistration clientRegistration = clientRegistration().registrationId(clientRegistrationId).build();
-		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(clientRegistration, principalName,
-				TestOAuth2AccessTokens.noScopes());
-
-		when(authorizedClientManager.authorize(any())).thenReturn(authorizedClient);
-
-		OAuth2AuthorizedClientManagerRegisteredConfig.CLIENT_REGISTRATION_REPOSITORY = clientRegistrationRepository;
-		OAuth2AuthorizedClientManagerRegisteredConfig.AUTHORIZED_CLIENT_REPOSITORY = authorizedClientRepository;
-		OAuth2AuthorizedClientManagerRegisteredConfig.AUTHORIZED_CLIENT_MANAGER = authorizedClientManager;
-		this.spring.register(OAuth2AuthorizedClientManagerRegisteredConfig.class).autowire();
-
-		this.mockMvc.perform(get("/authorized-client").with(authentication(authentication))).andExpect(status().isOk())
-				.andExpect(content().string("resolved"));
-
-		verify(authorizedClientManager).authorize(any());
-		verifyNoInteractions(clientRegistrationRepository);
-		verifyNoInteractions(authorizedClientRepository);
-	}
-
 	@EnableWebMvc
 	@EnableWebSecurity
 	static class OAuth2AuthorizedClientManagerRegisteredConfig extends WebSecurityConfigurerAdapter {
@@ -375,17 +375,6 @@ public class OAuth2ClientConfigurationTests {
 		protected void configure(HttpSecurity http) {
 		}
 
-		@RestController
-		public class Controller {
-
-			@GetMapping("/authorized-client")
-			public String authorizedClient(
-					@RegisteredOAuth2AuthorizedClient("client1") OAuth2AuthorizedClient authorizedClient) {
-				return authorizedClient != null ? "resolved" : "not-resolved";
-			}
-
-		}
-
 		@Bean
 		public ClientRegistrationRepository clientRegistrationRepository() {
 			return CLIENT_REGISTRATION_REPOSITORY;
@@ -401,6 +390,17 @@ public class OAuth2ClientConfigurationTests {
 			return AUTHORIZED_CLIENT_MANAGER;
 		}
 
+		@RestController
+		public class Controller {
+
+			@GetMapping("/authorized-client")
+			public String authorizedClient(
+					@RegisteredOAuth2AuthorizedClient("client1") OAuth2AuthorizedClient authorizedClient) {
+				return authorizedClient != null ? "resolved" : "not-resolved";
+			}
+
+		}
+
 	}
 
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/Sec2515Tests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/Sec2515Tests.java
index 744147312b..d81ecb80d0 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/Sec2515Tests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/Sec2515Tests.java
@@ -45,33 +45,11 @@ public class Sec2515Tests {
 		this.spring.register(StackOverflowSecurityConfig.class).autowire();
 	}
 
-	@EnableWebSecurity
-	static class StackOverflowSecurityConfig extends WebSecurityConfigurerAdapter {
-
-		@Bean
-		@Override
-		public AuthenticationManager authenticationManagerBean() throws Exception {
-			return super.authenticationManagerBean();
-		}
-
-	}
-
 	@Test(expected = FatalBeanException.class)
 	public void loadConfigWhenAuthenticationManagerNotConfiguredAndRegisterBeanCustomNameThenThrowFatalBeanException() {
 		this.spring.register(CustomBeanNameStackOverflowSecurityConfig.class).autowire();
 	}
 
-	@EnableWebSecurity
-	static class CustomBeanNameStackOverflowSecurityConfig extends WebSecurityConfigurerAdapter {
-
-		@Override
-		@Bean(name = "custom")
-		public AuthenticationManager authenticationManagerBean() throws Exception {
-			return super.authenticationManagerBean();
-		}
-
-	}
-
 	// SEC-2549
 	@Test
 	public void loadConfigWhenChildClassLoaderSetThenContextLoads() {
@@ -83,6 +61,33 @@ public class Sec2515Tests {
 		this.spring.autowire();
 
 		assertThat(this.spring.getContext().getBean(AuthenticationManager.class)).isNotNull();
+	} // SEC-2515
+
+	@Test
+	public void loadConfigWhenAuthenticationManagerConfiguredAndRegisterBeanThenContextLoads() {
+		this.spring.register(SecurityConfig.class).autowire();
+	}
+
+	@EnableWebSecurity
+	static class StackOverflowSecurityConfig extends WebSecurityConfigurerAdapter {
+
+		@Bean
+		@Override
+		public AuthenticationManager authenticationManagerBean() throws Exception {
+			return super.authenticationManagerBean();
+		}
+
+	}
+
+	@EnableWebSecurity
+	static class CustomBeanNameStackOverflowSecurityConfig extends WebSecurityConfigurerAdapter {
+
+		@Override
+		@Bean(name = "custom")
+		public AuthenticationManager authenticationManagerBean() throws Exception {
+			return super.authenticationManagerBean();
+		}
+
 	}
 
 	@EnableWebSecurity
@@ -98,12 +103,6 @@ public class Sec2515Tests {
 
 	}
 
-	// SEC-2515
-	@Test
-	public void loadConfigWhenAuthenticationManagerConfiguredAndRegisterBeanThenContextLoads() {
-		this.spring.register(SecurityConfig.class).autowire();
-	}
-
 	@EnableWebSecurity
 	static class SecurityConfig extends WebSecurityConfigurerAdapter {
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurationTests.java
index 1a86b00a1a..c5eb62cd68 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurationTests.java
@@ -79,6 +79,9 @@ public class WebSecurityConfigurationTests {
 	@Rule
 	public final SpringTestRule spring = new SpringTestRule();
 
+	@Rule
+	public SpringTestRule child = new SpringTestRule();
+
 	@Autowired
 	private MockMvc mockMvc;
 
@@ -113,6 +116,177 @@ public class WebSecurityConfigurationTests {
 		assertThat(filterChains.get(5).matches(request)).isTrue();
 	}
 
+	@Test
+	public void loadConfigWhenSecurityFilterChainsHaveOrderThenFilterChainsOrdered() {
+		this.spring.register(SortedSecurityFilterChainConfig.class).autowire();
+
+		FilterChainProxy filterChainProxy = this.spring.getContext().getBean(FilterChainProxy.class);
+		List<SecurityFilterChain> filterChains = filterChainProxy.getFilterChains();
+		assertThat(filterChains).hasSize(4);
+
+		MockHttpServletRequest request = new MockHttpServletRequest("GET", "");
+
+		request.setServletPath("/role1/**");
+		assertThat(filterChains.get(0).matches(request)).isTrue();
+
+		request.setServletPath("/role2/**");
+		assertThat(filterChains.get(1).matches(request)).isTrue();
+
+		request.setServletPath("/role3/**");
+		assertThat(filterChains.get(2).matches(request)).isTrue();
+
+		request.setServletPath("/**");
+		assertThat(filterChains.get(3).matches(request)).isTrue();
+	}
+
+	@Test
+	public void loadConfigWhenWebSecurityConfigurersHaveSameOrderThenThrowBeanCreationException() {
+		Throwable thrown = catchThrowable(() -> this.spring.register(DuplicateOrderConfig.class).autowire());
+
+		assertThat(thrown).isInstanceOf(BeanCreationException.class)
+				.hasMessageContaining("@Order on WebSecurityConfigurers must be unique")
+				.hasMessageContaining(DuplicateOrderConfig.WebConfigurer1.class.getName())
+				.hasMessageContaining(DuplicateOrderConfig.WebConfigurer2.class.getName());
+	}
+
+	@Test
+	public void loadConfigWhenWebInvocationPrivilegeEvaluatorSetThenIsRegistered() {
+		PrivilegeEvaluatorConfigurerAdapterConfig.PRIVILEGE_EVALUATOR = mock(WebInvocationPrivilegeEvaluator.class);
+
+		this.spring.register(PrivilegeEvaluatorConfigurerAdapterConfig.class).autowire();
+
+		assertThat(this.spring.getContext().getBean(WebInvocationPrivilegeEvaluator.class))
+				.isSameAs(PrivilegeEvaluatorConfigurerAdapterConfig.PRIVILEGE_EVALUATOR);
+	}
+
+	@Test
+	public void loadConfigWhenSecurityExpressionHandlerSetThenIsRegistered() {
+		WebSecurityExpressionHandlerConfig.EXPRESSION_HANDLER = mock(SecurityExpressionHandler.class);
+		when(WebSecurityExpressionHandlerConfig.EXPRESSION_HANDLER.getExpressionParser())
+				.thenReturn(mock(ExpressionParser.class));
+
+		this.spring.register(WebSecurityExpressionHandlerConfig.class).autowire();
+
+		assertThat(this.spring.getContext().getBean(SecurityExpressionHandler.class))
+				.isSameAs(WebSecurityExpressionHandlerConfig.EXPRESSION_HANDLER);
+	}
+
+	@Test
+	public void loadConfigWhenSecurityExpressionHandlerIsNullThenException() {
+		Throwable thrown = catchThrowable(
+				() -> this.spring.register(NullWebSecurityExpressionHandlerConfig.class).autowire());
+
+		assertThat(thrown).isInstanceOf(BeanCreationException.class);
+		assertThat(thrown).hasRootCauseExactlyInstanceOf(IllegalArgumentException.class);
+	}
+
+	@Test
+	public void loadConfigWhenDefaultSecurityExpressionHandlerThenDefaultIsRegistered() {
+		this.spring.register(WebSecurityExpressionHandlerDefaultsConfig.class).autowire();
+
+		assertThat(this.spring.getContext().getBean(SecurityExpressionHandler.class))
+				.isInstanceOf(DefaultWebSecurityExpressionHandler.class);
+	}
+
+	@Test
+	public void securityExpressionHandlerWhenRoleHierarchyBeanThenRoleHierarchyUsed() {
+		this.spring.register(WebSecurityExpressionHandlerRoleHierarchyBeanConfig.class).autowire();
+		TestingAuthenticationToken authentication = new TestingAuthenticationToken("user", "notused", "ROLE_ADMIN");
+		FilterInvocation invocation = new FilterInvocation(new MockHttpServletRequest("GET", ""),
+				new MockHttpServletResponse(), new MockFilterChain());
+
+		AbstractSecurityExpressionHandler handler = this.spring.getContext()
+				.getBean(AbstractSecurityExpressionHandler.class);
+		EvaluationContext evaluationContext = handler.createEvaluationContext(authentication, invocation);
+		Expression expression = handler.getExpressionParser().parseExpression("hasRole('ROLE_USER')");
+		boolean granted = expression.getValue(evaluationContext, Boolean.class);
+		assertThat(granted).isTrue();
+	}
+
+	@Test
+	public void securityExpressionHandlerWhenPermissionEvaluatorBeanThenPermissionEvaluatorUsed() {
+		this.spring.register(WebSecurityExpressionHandlerPermissionEvaluatorBeanConfig.class).autowire();
+		TestingAuthenticationToken authentication = new TestingAuthenticationToken("user", "notused");
+		FilterInvocation invocation = new FilterInvocation(new MockHttpServletRequest("GET", ""),
+				new MockHttpServletResponse(), new MockFilterChain());
+
+		AbstractSecurityExpressionHandler handler = this.spring.getContext()
+				.getBean(AbstractSecurityExpressionHandler.class);
+		EvaluationContext evaluationContext = handler.createEvaluationContext(authentication, invocation);
+		Expression expression = handler.getExpressionParser().parseExpression("hasPermission(#study,'DELETE')");
+		boolean granted = expression.getValue(evaluationContext, Boolean.class);
+		assertThat(granted).isTrue();
+	}
+
+	@Test
+	public void loadConfigWhenDefaultWebInvocationPrivilegeEvaluatorThenDefaultIsRegistered() {
+		this.spring.register(WebInvocationPrivilegeEvaluatorDefaultsConfig.class).autowire();
+
+		assertThat(this.spring.getContext().getBean(WebInvocationPrivilegeEvaluator.class))
+				.isInstanceOf(DefaultWebInvocationPrivilegeEvaluator.class);
+	}
+
+	@Test
+	public void loadConfigWhenSecurityFilterChainBeanThenDefaultWebInvocationPrivilegeEvaluatorIsRegistered() {
+		this.spring.register(AuthorizeRequestsFilterChainConfig.class).autowire();
+
+		assertThat(this.spring.getContext().getBean(WebInvocationPrivilegeEvaluator.class))
+				.isInstanceOf(DefaultWebInvocationPrivilegeEvaluator.class);
+	}
+
+	// SEC-2303
+	@Test
+	public void loadConfigWhenDefaultSecurityExpressionHandlerThenBeanResolverSet() throws Exception {
+		this.spring.register(DefaultExpressionHandlerSetsBeanResolverConfig.class).autowire();
+
+		this.mockMvc.perform(get("/")).andExpect(status().isOk());
+		this.mockMvc.perform(post("/")).andExpect(status().isForbidden());
+	}
+
+	// SEC-2461
+	@Test
+	public void loadConfigWhenMultipleWebSecurityConfigurationThenContextLoads() {
+		this.spring.register(ParentConfig.class).autowire();
+
+		this.child.register(ChildConfig.class);
+		this.child.getContext().setParent(this.spring.getContext());
+		this.child.autowire();
+
+		assertThat(this.spring.getContext().getBean("springSecurityFilterChain")).isNotNull();
+		assertThat(this.child.getContext().getBean("springSecurityFilterChain")).isNotNull();
+
+		assertThat(this.spring.getContext().containsBean("springSecurityFilterChain")).isTrue();
+		assertThat(this.child.getContext().containsBean("springSecurityFilterChain")).isTrue();
+	}
+
+	// SEC-2773
+	@Test
+	public void getMethodDelegatingApplicationListenerWhenWebSecurityConfigurationThenIsStatic() {
+		Method method = ClassUtils.getMethod(WebSecurityConfiguration.class, "delegatingApplicationListener", null);
+		assertThat(Modifier.isStatic(method.getModifiers())).isTrue();
+	}
+
+	@Test
+	public void loadConfigWhenBeanProxyingEnabledAndSubclassThenFilterChainsCreated() {
+		this.spring.register(GlobalAuthenticationWebSecurityConfigurerAdaptersConfig.class, SubclassConfig.class)
+				.autowire();
+
+		FilterChainProxy filterChainProxy = this.spring.getContext().getBean(FilterChainProxy.class);
+		List<SecurityFilterChain> filterChains = filterChainProxy.getFilterChains();
+
+		assertThat(filterChains).hasSize(4);
+	}
+
+	@Test
+	public void loadConfigWhenBothAdapterAndFilterChainConfiguredThenException() {
+		Throwable thrown = catchThrowable(() -> this.spring.register(AdapterAndFilterChainConfig.class).autowire());
+
+		assertThat(thrown).isInstanceOf(BeanCreationException.class)
+				.hasRootCauseExactlyInstanceOf(IllegalStateException.class)
+				.hasMessageContaining("Found WebSecurityConfigurerAdapter as well as SecurityFilterChain.");
+
+	}
+
 	@EnableWebSecurity
 	@Import(AuthenticationTestConfiguration.class)
 	static class SortedWebSecurityConfigurerAdaptersConfig {
@@ -186,29 +360,6 @@ public class WebSecurityConfigurationTests {
 
 	}
 
-	@Test
-	public void loadConfigWhenSecurityFilterChainsHaveOrderThenFilterChainsOrdered() {
-		this.spring.register(SortedSecurityFilterChainConfig.class).autowire();
-
-		FilterChainProxy filterChainProxy = this.spring.getContext().getBean(FilterChainProxy.class);
-		List<SecurityFilterChain> filterChains = filterChainProxy.getFilterChains();
-		assertThat(filterChains).hasSize(4);
-
-		MockHttpServletRequest request = new MockHttpServletRequest("GET", "");
-
-		request.setServletPath("/role1/**");
-		assertThat(filterChains.get(0).matches(request)).isTrue();
-
-		request.setServletPath("/role2/**");
-		assertThat(filterChains.get(1).matches(request)).isTrue();
-
-		request.setServletPath("/role3/**");
-		assertThat(filterChains.get(2).matches(request)).isTrue();
-
-		request.setServletPath("/**");
-		assertThat(filterChains.get(3).matches(request)).isTrue();
-	}
-
 	@EnableWebSecurity
 	@Import(AuthenticationTestConfiguration.class)
 	static class SortedSecurityFilterChainConfig {
@@ -241,16 +392,6 @@ public class WebSecurityConfigurationTests {
 
 	}
 
-	@Test
-	public void loadConfigWhenWebSecurityConfigurersHaveSameOrderThenThrowBeanCreationException() {
-		Throwable thrown = catchThrowable(() -> this.spring.register(DuplicateOrderConfig.class).autowire());
-
-		assertThat(thrown).isInstanceOf(BeanCreationException.class)
-				.hasMessageContaining("@Order on WebSecurityConfigurers must be unique")
-				.hasMessageContaining(DuplicateOrderConfig.WebConfigurer1.class.getName())
-				.hasMessageContaining(DuplicateOrderConfig.WebConfigurer2.class.getName());
-	}
-
 	@EnableWebSecurity
 	@Import(AuthenticationTestConfiguration.class)
 	static class DuplicateOrderConfig {
@@ -287,16 +428,6 @@ public class WebSecurityConfigurationTests {
 
 	}
 
-	@Test
-	public void loadConfigWhenWebInvocationPrivilegeEvaluatorSetThenIsRegistered() {
-		PrivilegeEvaluatorConfigurerAdapterConfig.PRIVILEGE_EVALUATOR = mock(WebInvocationPrivilegeEvaluator.class);
-
-		this.spring.register(PrivilegeEvaluatorConfigurerAdapterConfig.class).autowire();
-
-		assertThat(this.spring.getContext().getBean(WebInvocationPrivilegeEvaluator.class))
-				.isSameAs(PrivilegeEvaluatorConfigurerAdapterConfig.PRIVILEGE_EVALUATOR);
-	}
-
 	@EnableWebSecurity
 	static class PrivilegeEvaluatorConfigurerAdapterConfig extends WebSecurityConfigurerAdapter {
 
@@ -309,18 +440,6 @@ public class WebSecurityConfigurationTests {
 
 	}
 
-	@Test
-	public void loadConfigWhenSecurityExpressionHandlerSetThenIsRegistered() {
-		WebSecurityExpressionHandlerConfig.EXPRESSION_HANDLER = mock(SecurityExpressionHandler.class);
-		when(WebSecurityExpressionHandlerConfig.EXPRESSION_HANDLER.getExpressionParser())
-				.thenReturn(mock(ExpressionParser.class));
-
-		this.spring.register(WebSecurityExpressionHandlerConfig.class).autowire();
-
-		assertThat(this.spring.getContext().getBean(SecurityExpressionHandler.class))
-				.isSameAs(WebSecurityExpressionHandlerConfig.EXPRESSION_HANDLER);
-	}
-
 	@EnableWebSecurity
 	static class WebSecurityExpressionHandlerConfig extends WebSecurityConfigurerAdapter {
 
@@ -343,15 +462,6 @@ public class WebSecurityConfigurationTests {
 
 	}
 
-	@Test
-	public void loadConfigWhenSecurityExpressionHandlerIsNullThenException() {
-		Throwable thrown = catchThrowable(
-				() -> this.spring.register(NullWebSecurityExpressionHandlerConfig.class).autowire());
-
-		assertThat(thrown).isInstanceOf(BeanCreationException.class);
-		assertThat(thrown).hasRootCauseExactlyInstanceOf(IllegalArgumentException.class);
-	}
-
 	@EnableWebSecurity
 	static class NullWebSecurityExpressionHandlerConfig extends WebSecurityConfigurerAdapter {
 
@@ -362,14 +472,6 @@ public class WebSecurityConfigurationTests {
 
 	}
 
-	@Test
-	public void loadConfigWhenDefaultSecurityExpressionHandlerThenDefaultIsRegistered() {
-		this.spring.register(WebSecurityExpressionHandlerDefaultsConfig.class).autowire();
-
-		assertThat(this.spring.getContext().getBean(SecurityExpressionHandler.class))
-				.isInstanceOf(DefaultWebSecurityExpressionHandler.class);
-	}
-
 	@EnableWebSecurity
 	static class WebSecurityExpressionHandlerDefaultsConfig extends WebSecurityConfigurerAdapter {
 
@@ -384,21 +486,6 @@ public class WebSecurityConfigurationTests {
 
 	}
 
-	@Test
-	public void securityExpressionHandlerWhenRoleHierarchyBeanThenRoleHierarchyUsed() {
-		this.spring.register(WebSecurityExpressionHandlerRoleHierarchyBeanConfig.class).autowire();
-		TestingAuthenticationToken authentication = new TestingAuthenticationToken("user", "notused", "ROLE_ADMIN");
-		FilterInvocation invocation = new FilterInvocation(new MockHttpServletRequest("GET", ""),
-				new MockHttpServletResponse(), new MockFilterChain());
-
-		AbstractSecurityExpressionHandler handler = this.spring.getContext()
-				.getBean(AbstractSecurityExpressionHandler.class);
-		EvaluationContext evaluationContext = handler.createEvaluationContext(authentication, invocation);
-		Expression expression = handler.getExpressionParser().parseExpression("hasRole('ROLE_USER')");
-		boolean granted = expression.getValue(evaluationContext, Boolean.class);
-		assertThat(granted).isTrue();
-	}
-
 	@EnableWebSecurity
 	static class WebSecurityExpressionHandlerRoleHierarchyBeanConfig extends WebSecurityConfigurerAdapter {
 
@@ -411,21 +498,6 @@ public class WebSecurityConfigurationTests {
 
 	}
 
-	@Test
-	public void securityExpressionHandlerWhenPermissionEvaluatorBeanThenPermissionEvaluatorUsed() {
-		this.spring.register(WebSecurityExpressionHandlerPermissionEvaluatorBeanConfig.class).autowire();
-		TestingAuthenticationToken authentication = new TestingAuthenticationToken("user", "notused");
-		FilterInvocation invocation = new FilterInvocation(new MockHttpServletRequest("GET", ""),
-				new MockHttpServletResponse(), new MockFilterChain());
-
-		AbstractSecurityExpressionHandler handler = this.spring.getContext()
-				.getBean(AbstractSecurityExpressionHandler.class);
-		EvaluationContext evaluationContext = handler.createEvaluationContext(authentication, invocation);
-		Expression expression = handler.getExpressionParser().parseExpression("hasPermission(#study,'DELETE')");
-		boolean granted = expression.getValue(evaluationContext, Boolean.class);
-		assertThat(granted).isTrue();
-	}
-
 	@EnableWebSecurity
 	static class WebSecurityExpressionHandlerPermissionEvaluatorBeanConfig extends WebSecurityConfigurerAdapter {
 
@@ -449,14 +521,6 @@ public class WebSecurityConfigurationTests {
 
 	}
 
-	@Test
-	public void loadConfigWhenDefaultWebInvocationPrivilegeEvaluatorThenDefaultIsRegistered() {
-		this.spring.register(WebInvocationPrivilegeEvaluatorDefaultsConfig.class).autowire();
-
-		assertThat(this.spring.getContext().getBean(WebInvocationPrivilegeEvaluator.class))
-				.isInstanceOf(DefaultWebInvocationPrivilegeEvaluator.class);
-	}
-
 	@EnableWebSecurity
 	static class WebInvocationPrivilegeEvaluatorDefaultsConfig extends WebSecurityConfigurerAdapter {
 
@@ -471,14 +535,6 @@ public class WebSecurityConfigurationTests {
 
 	}
 
-	@Test
-	public void loadConfigWhenSecurityFilterChainBeanThenDefaultWebInvocationPrivilegeEvaluatorIsRegistered() {
-		this.spring.register(AuthorizeRequestsFilterChainConfig.class).autowire();
-
-		assertThat(this.spring.getContext().getBean(WebInvocationPrivilegeEvaluator.class))
-				.isInstanceOf(DefaultWebInvocationPrivilegeEvaluator.class);
-	}
-
 	@EnableWebSecurity
 	static class AuthorizeRequestsFilterChainConfig {
 
@@ -489,15 +545,6 @@ public class WebSecurityConfigurationTests {
 
 	}
 
-	// SEC-2303
-	@Test
-	public void loadConfigWhenDefaultSecurityExpressionHandlerThenBeanResolverSet() throws Exception {
-		this.spring.register(DefaultExpressionHandlerSetsBeanResolverConfig.class).autowire();
-
-		this.mockMvc.perform(get("/")).andExpect(status().isOk());
-		this.mockMvc.perform(post("/")).andExpect(status().isForbidden());
-	}
-
 	@EnableWebSecurity
 	static class DefaultExpressionHandlerSetsBeanResolverConfig extends WebSecurityConfigurerAdapter {
 
@@ -510,6 +557,11 @@ public class WebSecurityConfigurationTests {
 			// @formatter:on
 		}
 
+		@Bean
+		public MyBean b() {
+			return new MyBean();
+		}
+
 		@RestController
 		public class HomeController {
 
@@ -520,11 +572,6 @@ public class WebSecurityConfigurationTests {
 
 		}
 
-		@Bean
-		public MyBean b() {
-			return new MyBean();
-		}
-
 		static class MyBean {
 
 			public boolean deny() {
@@ -539,25 +586,6 @@ public class WebSecurityConfigurationTests {
 
 	}
 
-	@Rule
-	public SpringTestRule child = new SpringTestRule();
-
-	// SEC-2461
-	@Test
-	public void loadConfigWhenMultipleWebSecurityConfigurationThenContextLoads() {
-		this.spring.register(ParentConfig.class).autowire();
-
-		this.child.register(ChildConfig.class);
-		this.child.getContext().setParent(this.spring.getContext());
-		this.child.autowire();
-
-		assertThat(this.spring.getContext().getBean("springSecurityFilterChain")).isNotNull();
-		assertThat(this.child.getContext().getBean("springSecurityFilterChain")).isNotNull();
-
-		assertThat(this.spring.getContext().containsBean("springSecurityFilterChain")).isTrue();
-		assertThat(this.child.getContext().containsBean("springSecurityFilterChain")).isTrue();
-	}
-
 	@EnableWebSecurity
 	static class ParentConfig extends WebSecurityConfigurerAdapter {
 
@@ -573,24 +601,6 @@ public class WebSecurityConfigurationTests {
 
 	}
 
-	// SEC-2773
-	@Test
-	public void getMethodDelegatingApplicationListenerWhenWebSecurityConfigurationThenIsStatic() {
-		Method method = ClassUtils.getMethod(WebSecurityConfiguration.class, "delegatingApplicationListener", null);
-		assertThat(Modifier.isStatic(method.getModifiers())).isTrue();
-	}
-
-	@Test
-	public void loadConfigWhenBeanProxyingEnabledAndSubclassThenFilterChainsCreated() {
-		this.spring.register(GlobalAuthenticationWebSecurityConfigurerAdaptersConfig.class, SubclassConfig.class)
-				.autowire();
-
-		FilterChainProxy filterChainProxy = this.spring.getContext().getBean(FilterChainProxy.class);
-		List<SecurityFilterChain> filterChains = filterChainProxy.getFilterChains();
-
-		assertThat(filterChains).hasSize(4);
-	}
-
 	@Configuration
 	static class SubclassConfig extends WebSecurityConfiguration {
 
@@ -637,20 +647,17 @@ public class WebSecurityConfigurationTests {
 
 	}
 
-	@Test
-	public void loadConfigWhenBothAdapterAndFilterChainConfiguredThenException() {
-		Throwable thrown = catchThrowable(() -> this.spring.register(AdapterAndFilterChainConfig.class).autowire());
-
-		assertThat(thrown).isInstanceOf(BeanCreationException.class)
-				.hasRootCauseExactlyInstanceOf(IllegalStateException.class)
-				.hasMessageContaining("Found WebSecurityConfigurerAdapter as well as SecurityFilterChain.");
-
-	}
-
 	@EnableWebSecurity
 	@Import(AuthenticationTestConfiguration.class)
 	static class AdapterAndFilterChainConfig {
 
+		@Order(2)
+		@Bean
+		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+			return http.antMatcher("/filter/**").authorizeRequests(authorize -> authorize.anyRequest().authenticated())
+					.build();
+		}
+
 		@Order(1)
 		@Configuration
 		static class WebConfigurer extends WebSecurityConfigurerAdapter {
@@ -662,13 +669,6 @@ public class WebSecurityConfigurationTests {
 
 		}
 
-		@Order(2)
-		@Bean
-		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
-			return http.antMatcher("/filter/**").authorizeRequests(authorize -> authorize.anyRequest().authenticated())
-					.build();
-		}
-
 	}
 
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AnonymousConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AnonymousConfigurerTests.java
index 306fd90162..05d7c530bd 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AnonymousConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AnonymousConfigurerTests.java
@@ -55,6 +55,27 @@ public class AnonymousConfigurerTests {
 		this.mockMvc.perform(get("/")).andExpect(content().string("principal"));
 	}
 
+	@Test
+	public void requestWhenAnonymousPrincipalInLambdaThenPrincipalUsed() throws Exception {
+		this.spring.register(AnonymousPrincipalInLambdaConfig.class, PrincipalController.class).autowire();
+
+		this.mockMvc.perform(get("/")).andExpect(content().string("principal"));
+	}
+
+	@Test
+	public void requestWhenAnonymousDisabledInLambdaThenRespondsWithForbidden() throws Exception {
+		this.spring.register(AnonymousDisabledInLambdaConfig.class, PrincipalController.class).autowire();
+
+		this.mockMvc.perform(get("/")).andExpect(status().isForbidden());
+	}
+
+	@Test
+	public void requestWhenAnonymousWithDefaultsInLambdaThenRespondsWithOk() throws Exception {
+		this.spring.register(AnonymousWithDefaultsInLambdaConfig.class, PrincipalController.class).autowire();
+
+		this.mockMvc.perform(get("/")).andExpect(status().isOk());
+	}
+
 	@EnableWebSecurity
 	@EnableWebMvc
 	static class InvokeTwiceDoesNotOverride extends WebSecurityConfigurerAdapter {
@@ -73,13 +94,6 @@ public class AnonymousConfigurerTests {
 
 	}
 
-	@Test
-	public void requestWhenAnonymousPrincipalInLambdaThenPrincipalUsed() throws Exception {
-		this.spring.register(AnonymousPrincipalInLambdaConfig.class, PrincipalController.class).autowire();
-
-		this.mockMvc.perform(get("/")).andExpect(content().string("principal"));
-	}
-
 	@EnableWebSecurity
 	@EnableWebMvc
 	static class AnonymousPrincipalInLambdaConfig extends WebSecurityConfigurerAdapter {
@@ -97,13 +111,6 @@ public class AnonymousConfigurerTests {
 
 	}
 
-	@Test
-	public void requestWhenAnonymousDisabledInLambdaThenRespondsWithForbidden() throws Exception {
-		this.spring.register(AnonymousDisabledInLambdaConfig.class, PrincipalController.class).autowire();
-
-		this.mockMvc.perform(get("/")).andExpect(status().isForbidden());
-	}
-
 	@EnableWebSecurity
 	static class AnonymousDisabledInLambdaConfig extends WebSecurityConfigurerAdapter {
 
@@ -130,13 +137,6 @@ public class AnonymousConfigurerTests {
 
 	}
 
-	@Test
-	public void requestWhenAnonymousWithDefaultsInLambdaThenRespondsWithOk() throws Exception {
-		this.spring.register(AnonymousWithDefaultsInLambdaConfig.class, PrincipalController.class).autowire();
-
-		this.mockMvc.perform(get("/")).andExpect(status().isOk());
-	}
-
 	@EnableWebSecurity
 	static class AnonymousWithDefaultsInLambdaConfig extends WebSecurityConfigurerAdapter {
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AuthorizeRequestsTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AuthorizeRequestsTests.java
index f2388b2184..fca0698300 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AuthorizeRequestsTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AuthorizeRequestsTests.java
@@ -99,29 +99,6 @@ public class AuthorizeRequestsTests {
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_FORBIDDEN);
 	}
 
-	@EnableWebSecurity
-	@Configuration
-	static class AntMatchersNoPatternsConfig extends WebSecurityConfigurerAdapter {
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.authorizeRequests()
-					.antMatchers(HttpMethod.POST).denyAll();
-			// @formatter:on
-		}
-
-		@Override
-		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
-			// @formatter:off
-			auth
-				.inMemoryAuthentication();
-			// @formatter:on
-		}
-
-	}
-
 	@Test
 	public void postWhenPostDenyAllInLambdaThenRespondsWithForbidden() throws Exception {
 		loadConfig(AntMatchersNoPatternsInLambdaConfig.class);
@@ -132,31 +109,6 @@ public class AuthorizeRequestsTests {
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_FORBIDDEN);
 	}
 
-	@EnableWebSecurity
-	@Configuration
-	static class AntMatchersNoPatternsInLambdaConfig extends WebSecurityConfigurerAdapter {
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.authorizeRequests(authorizeRequests ->
-					authorizeRequests
-						.antMatchers(HttpMethod.POST).denyAll()
-				);
-			// @formatter:on
-		}
-
-		@Override
-		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
-			// @formatter:off
-			auth
-				.inMemoryAuthentication();
-			// @formatter:on
-		}
-
-	}
-
 	// SEC-2256
 	@Test
 	public void antMatchersPathVariables() throws Exception {
@@ -195,30 +147,6 @@ public class AuthorizeRequestsTests {
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_FORBIDDEN);
 	}
 
-	@EnableWebSecurity
-	@Configuration
-	static class AntPatchersPathVariables extends WebSecurityConfigurerAdapter {
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.authorizeRequests()
-				.requestMatchers(new AntPathRequestMatcher("/user/{user}", null, false)).access("#user == 'user'")
-				.anyRequest().denyAll();
-			// @formatter:on
-		}
-
-		@Override
-		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
-			// @formatter:off
-			auth
-				.inMemoryAuthentication();
-			// @formatter:on
-		}
-
-	}
-
 	// gh-3786
 	@Test
 	public void antMatchersPathVariablesCaseInsensitiveCamelCaseVariables() throws Exception {
@@ -238,30 +166,6 @@ public class AuthorizeRequestsTests {
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_FORBIDDEN);
 	}
 
-	@EnableWebSecurity
-	@Configuration
-	static class AntMatchersPathVariablesCamelCaseVariables extends WebSecurityConfigurerAdapter {
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.authorizeRequests()
-				.requestMatchers(new AntPathRequestMatcher("/user/{userName}", null, false)).access("#userName == 'user'")
-				.anyRequest().denyAll();
-			// @formatter:on
-		}
-
-		@Override
-		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
-			// @formatter:off
-			auth
-				.inMemoryAuthentication();
-			// @formatter:on
-		}
-
-	}
-
 	// gh-3394
 	@Test
 	public void roleHiearchy() throws Exception {
@@ -278,36 +182,6 @@ public class AuthorizeRequestsTests {
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
 	}
 
-	@EnableWebSecurity
-	@Configuration
-	static class RoleHiearchyConfig extends WebSecurityConfigurerAdapter {
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.authorizeRequests()
-					.anyRequest().hasRole("ADMIN");
-			// @formatter:on
-		}
-
-		@Override
-		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
-			// @formatter:off
-			auth
-				.inMemoryAuthentication();
-			// @formatter:on
-		}
-
-		@Bean
-		public RoleHierarchy roleHiearchy() {
-			RoleHierarchyImpl result = new RoleHierarchyImpl();
-			result.setHierarchy("ROLE_USER > ROLE_ADMIN");
-			return result;
-		}
-
-	}
-
 	@Test
 	public void mvcMatcher() throws Exception {
 		loadConfig(MvcMatcherConfig.class, LegacyMvcMatchingConfig.class);
@@ -332,41 +206,6 @@ public class AuthorizeRequestsTests {
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
 	}
 
-	@EnableWebSecurity
-	@Configuration
-	@EnableWebMvc
-	static class MvcMatcherConfig extends WebSecurityConfigurerAdapter {
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.httpBasic().and()
-				.authorizeRequests()
-					.mvcMatchers("/path").denyAll();
-			// @formatter:on
-		}
-
-		@Override
-		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
-			// @formatter:off
-			auth
-				.inMemoryAuthentication();
-			// @formatter:on
-		}
-
-		@RestController
-		static class PathController {
-
-			@RequestMapping("/path")
-			public String path() {
-				return "path";
-			}
-
-		}
-
-	}
-
 	@Test
 	public void requestWhenMvcMatcherDenyAllThenRespondsWithUnauthorized() throws Exception {
 		loadConfig(MvcMatcherInLambdaConfig.class, LegacyMvcMatchingConfig.class);
@@ -391,121 +230,6 @@ public class AuthorizeRequestsTests {
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
 	}
 
-	@EnableWebSecurity
-	@Configuration
-	@EnableWebMvc
-	static class MvcMatcherInLambdaConfig extends WebSecurityConfigurerAdapter {
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.httpBasic(withDefaults())
-				.authorizeRequests(authorizeRequests ->
-					authorizeRequests
-						.mvcMatchers("/path").denyAll()
-				);
-			// @formatter:on
-		}
-
-		@Override
-		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
-			// @formatter:off
-			auth
-				.inMemoryAuthentication();
-			// @formatter:on
-		}
-
-		@RestController
-		static class PathController {
-
-			@RequestMapping("/path")
-			public String path() {
-				return "path";
-			}
-
-		}
-
-	}
-
-	@Test
-	public void mvcMatcherServletPath() throws Exception {
-		loadConfig(MvcMatcherServletPathConfig.class, LegacyMvcMatchingConfig.class);
-
-		this.request.setServletPath("/spring");
-		this.request.setRequestURI("/spring/path");
-		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
-		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
-
-		setup();
-
-		this.request.setServletPath("/spring");
-		this.request.setRequestURI("/spring/path.html");
-		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
-		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
-
-		setup();
-
-		this.request.setServletPath("/spring");
-		this.request.setRequestURI("/spring/path/");
-		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
-		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
-
-		setup();
-
-		this.request.setServletPath("/foo");
-		this.request.setRequestURI("/foo/path");
-		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
-		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
-
-		setup();
-
-		this.request.setServletPath("/");
-		this.request.setRequestURI("/path");
-		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
-		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
-	}
-
-	@EnableWebSecurity
-	@Configuration
-	@EnableWebMvc
-	static class MvcMatcherServletPathConfig extends WebSecurityConfigurerAdapter {
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.httpBasic().and()
-				.authorizeRequests()
-					.mvcMatchers("/path").servletPath("/spring").denyAll();
-			// @formatter:on
-		}
-
-		@Override
-		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
-			// @formatter:off
-			auth
-				.inMemoryAuthentication();
-			// @formatter:on
-		}
-
-		@RestController
-		static class PathController {
-
-			@RequestMapping("/path")
-			public String path() {
-				return "path";
-			}
-
-		}
-
-	}
-
 	@Test
 	public void requestWhenMvcMatcherServletPathDenyAllThenMatchesOnServletPath() throws Exception {
 		loadConfig(MvcMatcherServletPathInLambdaConfig.class, LegacyMvcMatchingConfig.class);
@@ -549,6 +273,327 @@ public class AuthorizeRequestsTests {
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
 	}
 
+	@Test
+	public void mvcMatcherPathVariables() throws Exception {
+		loadConfig(MvcMatcherPathVariablesConfig.class);
+
+		this.request.setRequestURI("/user/user");
+
+		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
+
+		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
+
+		this.setup();
+		this.request.setRequestURI("/user/deny");
+
+		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
+
+		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
+	}
+
+	@Test
+	public void requestWhenMvcMatcherPathVariablesThenMatchesOnPathVariables() throws Exception {
+		loadConfig(MvcMatcherPathVariablesInLambdaConfig.class);
+
+		this.request.setRequestURI("/user/user");
+
+		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
+
+		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
+
+		this.setup();
+		this.request.setRequestURI("/user/deny");
+
+		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
+
+		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
+	}
+
+	@Test
+	public void mvcMatcherServletPath() throws Exception {
+		loadConfig(MvcMatcherServletPathConfig.class, LegacyMvcMatchingConfig.class);
+
+		this.request.setServletPath("/spring");
+		this.request.setRequestURI("/spring/path");
+		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
+
+		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
+
+		setup();
+
+		this.request.setServletPath("/spring");
+		this.request.setRequestURI("/spring/path.html");
+		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
+
+		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
+
+		setup();
+
+		this.request.setServletPath("/spring");
+		this.request.setRequestURI("/spring/path/");
+		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
+
+		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
+
+		setup();
+
+		this.request.setServletPath("/foo");
+		this.request.setRequestURI("/foo/path");
+		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
+
+		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
+
+		setup();
+
+		this.request.setServletPath("/");
+		this.request.setRequestURI("/path");
+		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
+
+		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
+	}
+
+	public void loadConfig(Class<?>... configs) {
+		this.context = new AnnotationConfigWebApplicationContext();
+		this.context.register(configs);
+		this.context.setServletContext(this.servletContext);
+		this.context.refresh();
+
+		this.context.getAutowireCapableBeanFactory().autowireBean(this);
+	}
+
+	@EnableWebSecurity
+	@Configuration
+	static class AntMatchersNoPatternsConfig extends WebSecurityConfigurerAdapter {
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.authorizeRequests()
+					.antMatchers(HttpMethod.POST).denyAll();
+			// @formatter:on
+		}
+
+		@Override
+		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
+			auth
+				.inMemoryAuthentication();
+			// @formatter:on
+		}
+
+	}
+
+	@EnableWebSecurity
+	@Configuration
+	static class AntMatchersNoPatternsInLambdaConfig extends WebSecurityConfigurerAdapter {
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.authorizeRequests(authorizeRequests ->
+					authorizeRequests
+						.antMatchers(HttpMethod.POST).denyAll()
+				);
+			// @formatter:on
+		}
+
+		@Override
+		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
+			auth
+				.inMemoryAuthentication();
+			// @formatter:on
+		}
+
+	}
+
+	@EnableWebSecurity
+	@Configuration
+	static class AntPatchersPathVariables extends WebSecurityConfigurerAdapter {
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.authorizeRequests()
+				.requestMatchers(new AntPathRequestMatcher("/user/{user}", null, false)).access("#user == 'user'")
+				.anyRequest().denyAll();
+			// @formatter:on
+		}
+
+		@Override
+		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
+			auth
+				.inMemoryAuthentication();
+			// @formatter:on
+		}
+
+	}
+
+	@EnableWebSecurity
+	@Configuration
+	static class AntMatchersPathVariablesCamelCaseVariables extends WebSecurityConfigurerAdapter {
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.authorizeRequests()
+				.requestMatchers(new AntPathRequestMatcher("/user/{userName}", null, false)).access("#userName == 'user'")
+				.anyRequest().denyAll();
+			// @formatter:on
+		}
+
+		@Override
+		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
+			auth
+				.inMemoryAuthentication();
+			// @formatter:on
+		}
+
+	}
+
+	@EnableWebSecurity
+	@Configuration
+	static class RoleHiearchyConfig extends WebSecurityConfigurerAdapter {
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.authorizeRequests()
+					.anyRequest().hasRole("ADMIN");
+			// @formatter:on
+		}
+
+		@Override
+		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
+			auth
+				.inMemoryAuthentication();
+			// @formatter:on
+		}
+
+		@Bean
+		public RoleHierarchy roleHiearchy() {
+			RoleHierarchyImpl result = new RoleHierarchyImpl();
+			result.setHierarchy("ROLE_USER > ROLE_ADMIN");
+			return result;
+		}
+
+	}
+
+	@EnableWebSecurity
+	@Configuration
+	@EnableWebMvc
+	static class MvcMatcherConfig extends WebSecurityConfigurerAdapter {
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.httpBasic().and()
+				.authorizeRequests()
+					.mvcMatchers("/path").denyAll();
+			// @formatter:on
+		}
+
+		@Override
+		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
+			auth
+				.inMemoryAuthentication();
+			// @formatter:on
+		}
+
+		@RestController
+		static class PathController {
+
+			@RequestMapping("/path")
+			public String path() {
+				return "path";
+			}
+
+		}
+
+	}
+
+	@EnableWebSecurity
+	@Configuration
+	@EnableWebMvc
+	static class MvcMatcherInLambdaConfig extends WebSecurityConfigurerAdapter {
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.httpBasic(withDefaults())
+				.authorizeRequests(authorizeRequests ->
+					authorizeRequests
+						.mvcMatchers("/path").denyAll()
+				);
+			// @formatter:on
+		}
+
+		@Override
+		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
+			auth
+				.inMemoryAuthentication();
+			// @formatter:on
+		}
+
+		@RestController
+		static class PathController {
+
+			@RequestMapping("/path")
+			public String path() {
+				return "path";
+			}
+
+		}
+
+	}
+
+	@EnableWebSecurity
+	@Configuration
+	@EnableWebMvc
+	static class MvcMatcherServletPathConfig extends WebSecurityConfigurerAdapter {
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.httpBasic().and()
+				.authorizeRequests()
+					.mvcMatchers("/path").servletPath("/spring").denyAll();
+			// @formatter:on
+		}
+
+		@Override
+		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
+			auth
+				.inMemoryAuthentication();
+			// @formatter:on
+		}
+
+		@RestController
+		static class PathController {
+
+			@RequestMapping("/path")
+			public String path() {
+				return "path";
+			}
+
+		}
+
+	}
+
 	@EnableWebSecurity
 	@Configuration
 	@EnableWebMvc
@@ -586,24 +631,6 @@ public class AuthorizeRequestsTests {
 
 	}
 
-	@Test
-	public void mvcMatcherPathVariables() throws Exception {
-		loadConfig(MvcMatcherPathVariablesConfig.class);
-
-		this.request.setRequestURI("/user/user");
-
-		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
-		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
-
-		this.setup();
-		this.request.setRequestURI("/user/deny");
-
-		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
-		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
-	}
-
 	@EnableWebSecurity
 	@Configuration
 	@EnableWebMvc
@@ -639,24 +666,6 @@ public class AuthorizeRequestsTests {
 
 	}
 
-	@Test
-	public void requestWhenMvcMatcherPathVariablesThenMatchesOnPathVariables() throws Exception {
-		loadConfig(MvcMatcherPathVariablesInLambdaConfig.class);
-
-		this.request.setRequestURI("/user/user");
-
-		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
-		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
-
-		this.setup();
-		this.request.setRequestURI("/user/deny");
-
-		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
-		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
-	}
-
 	@EnableWebSecurity
 	@Configuration
 	@EnableWebMvc
@@ -739,13 +748,4 @@ public class AuthorizeRequestsTests {
 
 	}
 
-	public void loadConfig(Class<?>... configs) {
-		this.context = new AnnotationConfigWebApplicationContext();
-		this.context.register(configs);
-		this.context.setServletContext(this.servletContext);
-		this.context.refresh();
-
-		this.context.getAutowireCapableBeanFactory().autowireBean(this);
-	}
-
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ChannelSecurityConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ChannelSecurityConfigurerTests.java
index d448f8e3cd..c385a6aacb 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ChannelSecurityConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ChannelSecurityConfigurerTests.java
@@ -84,6 +84,20 @@ public class ChannelSecurityConfigurerTests {
 		verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(ChannelProcessingFilter.class));
 	}
 
+	@Test
+	public void requiresChannelWhenInvokesTwiceThenUsesOriginalRequiresSecure() throws Exception {
+		this.spring.register(DuplicateInvocationsDoesNotOverrideConfig.class).autowire();
+
+		this.mvc.perform(get("/")).andExpect(redirectedUrl("https://localhost/"));
+	}
+
+	@Test
+	public void requestWhenRequiresChannelConfiguredInLambdaThenRedirectsToHttps() throws Exception {
+		this.spring.register(RequiresChannelInLambdaConfig.class).autowire();
+
+		this.mvc.perform(get("/")).andExpect(redirectedUrl("https://localhost/"));
+	}
+
 	@EnableWebSecurity
 	static class ObjectPostProcessorConfig extends WebSecurityConfigurerAdapter {
 
@@ -114,13 +128,6 @@ public class ChannelSecurityConfigurerTests {
 
 	}
 
-	@Test
-	public void requiresChannelWhenInvokesTwiceThenUsesOriginalRequiresSecure() throws Exception {
-		this.spring.register(DuplicateInvocationsDoesNotOverrideConfig.class).autowire();
-
-		this.mvc.perform(get("/")).andExpect(redirectedUrl("https://localhost/"));
-	}
-
 	@EnableWebSecurity
 	static class DuplicateInvocationsDoesNotOverrideConfig extends WebSecurityConfigurerAdapter {
 
@@ -137,13 +144,6 @@ public class ChannelSecurityConfigurerTests {
 
 	}
 
-	@Test
-	public void requestWhenRequiresChannelConfiguredInLambdaThenRedirectsToHttps() throws Exception {
-		this.spring.register(RequiresChannelInLambdaConfig.class).autowire();
-
-		this.mvc.perform(get("/")).andExpect(redirectedUrl("https://localhost/"));
-	}
-
 	@EnableWebSecurity
 	static class RequiresChannelInLambdaConfig extends WebSecurityConfigurerAdapter {
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CorsConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CorsConfigurerTests.java
index 0311831080..c883479ace 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CorsConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CorsConfigurerTests.java
@@ -70,22 +70,6 @@ public class CorsConfigurerTests {
 						"Please ensure Spring Security & Spring MVC are configured in a shared ApplicationContext");
 	}
 
-	@EnableWebSecurity
-	static class DefaultCorsConfig extends WebSecurityConfigurerAdapter {
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.authorizeRequests()
-					.anyRequest().authenticated()
-					.and()
-				.cors();
-			// @formatter:on
-		}
-
-	}
-
 	@Test
 	public void getWhenCrossOriginAnnotationThenRespondsWithCorsHeaders() throws Exception {
 		this.spring.register(MvcCorsConfig.class).autowire();
@@ -106,6 +90,124 @@ public class CorsConfigurerTests {
 				.andExpect(header().exists("X-Content-Type-Options"));
 	}
 
+	@Test
+	public void getWhenDefaultsInLambdaAndCrossOriginAnnotationThenRespondsWithCorsHeaders() throws Exception {
+		this.spring.register(MvcCorsInLambdaConfig.class).autowire();
+
+		this.mvc.perform(get("/").header(HttpHeaders.ORIGIN, "https://example.com"))
+				.andExpect(header().exists("Access-Control-Allow-Origin"))
+				.andExpect(header().exists("X-Content-Type-Options"));
+	}
+
+	@Test
+	public void optionsWhenDefaultsInLambdaAndCrossOriginAnnotationThenRespondsWithCorsHeaders() throws Exception {
+		this.spring.register(MvcCorsInLambdaConfig.class).autowire();
+
+		this.mvc.perform(options("/")
+				.header(org.springframework.http.HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, HttpMethod.POST.name())
+				.header(HttpHeaders.ORIGIN, "https://example.com")).andExpect(status().isOk())
+				.andExpect(header().exists("Access-Control-Allow-Origin"))
+				.andExpect(header().exists("X-Content-Type-Options"));
+	}
+
+	@Test
+	public void getWhenCorsConfigurationSourceBeanThenRespondsWithCorsHeaders() throws Exception {
+		this.spring.register(ConfigSourceConfig.class).autowire();
+
+		this.mvc.perform(get("/").header(HttpHeaders.ORIGIN, "https://example.com"))
+				.andExpect(header().exists("Access-Control-Allow-Origin"))
+				.andExpect(header().exists("X-Content-Type-Options"));
+	}
+
+	@Test
+	public void optionsWhenCorsConfigurationSourceBeanThenRespondsWithCorsHeaders() throws Exception {
+		this.spring.register(ConfigSourceConfig.class).autowire();
+
+		this.mvc.perform(options("/")
+				.header(org.springframework.http.HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, HttpMethod.POST.name())
+				.header(HttpHeaders.ORIGIN, "https://example.com")).andExpect(status().isOk())
+				.andExpect(header().exists("Access-Control-Allow-Origin"))
+				.andExpect(header().exists("X-Content-Type-Options"));
+	}
+
+	@Test
+	public void getWhenMvcCorsInLambdaConfigAndCorsConfigurationSourceBeanThenRespondsWithCorsHeaders()
+			throws Exception {
+		this.spring.register(ConfigSourceInLambdaConfig.class).autowire();
+
+		this.mvc.perform(get("/").header(HttpHeaders.ORIGIN, "https://example.com"))
+				.andExpect(header().exists("Access-Control-Allow-Origin"))
+				.andExpect(header().exists("X-Content-Type-Options"));
+	}
+
+	@Test
+	public void optionsWhenMvcCorsInLambdaConfigAndCorsConfigurationSourceBeanThenRespondsWithCorsHeaders()
+			throws Exception {
+		this.spring.register(ConfigSourceInLambdaConfig.class).autowire();
+
+		this.mvc.perform(options("/")
+				.header(org.springframework.http.HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, HttpMethod.POST.name())
+				.header(HttpHeaders.ORIGIN, "https://example.com")).andExpect(status().isOk())
+				.andExpect(header().exists("Access-Control-Allow-Origin"))
+				.andExpect(header().exists("X-Content-Type-Options"));
+	}
+
+	@Test
+	public void getWhenCorsFilterBeanThenRespondsWithCorsHeaders() throws Exception {
+		this.spring.register(CorsFilterConfig.class).autowire();
+
+		this.mvc.perform(get("/").header(HttpHeaders.ORIGIN, "https://example.com"))
+				.andExpect(header().exists("Access-Control-Allow-Origin"))
+				.andExpect(header().exists("X-Content-Type-Options"));
+	}
+
+	@Test
+	public void optionsWhenCorsFilterBeanThenRespondsWithCorsHeaders() throws Exception {
+		this.spring.register(CorsFilterConfig.class).autowire();
+
+		this.mvc.perform(options("/")
+				.header(org.springframework.http.HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, HttpMethod.POST.name())
+				.header(HttpHeaders.ORIGIN, "https://example.com")).andExpect(status().isOk())
+				.andExpect(header().exists("Access-Control-Allow-Origin"))
+				.andExpect(header().exists("X-Content-Type-Options"));
+	}
+
+	@Test
+	public void getWhenConfigSourceInLambdaConfigAndCorsFilterBeanThenRespondsWithCorsHeaders() throws Exception {
+		this.spring.register(CorsFilterInLambdaConfig.class).autowire();
+
+		this.mvc.perform(get("/").header(HttpHeaders.ORIGIN, "https://example.com"))
+				.andExpect(header().exists("Access-Control-Allow-Origin"))
+				.andExpect(header().exists("X-Content-Type-Options"));
+	}
+
+	@Test
+	public void optionsWhenConfigSourceInLambdaConfigAndCorsFilterBeanThenRespondsWithCorsHeaders() throws Exception {
+		this.spring.register(CorsFilterInLambdaConfig.class).autowire();
+
+		this.mvc.perform(options("/")
+				.header(org.springframework.http.HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, HttpMethod.POST.name())
+				.header(HttpHeaders.ORIGIN, "https://example.com")).andExpect(status().isOk())
+				.andExpect(header().exists("Access-Control-Allow-Origin"))
+				.andExpect(header().exists("X-Content-Type-Options"));
+	}
+
+	@EnableWebSecurity
+	static class DefaultCorsConfig extends WebSecurityConfigurerAdapter {
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.authorizeRequests()
+					.anyRequest().authenticated()
+					.and()
+				.cors();
+			// @formatter:on
+		}
+
+	}
+
 	@EnableWebMvc
 	@EnableWebSecurity
 	static class MvcCorsConfig extends WebSecurityConfigurerAdapter {
@@ -134,26 +236,6 @@ public class CorsConfigurerTests {
 
 	}
 
-	@Test
-	public void getWhenDefaultsInLambdaAndCrossOriginAnnotationThenRespondsWithCorsHeaders() throws Exception {
-		this.spring.register(MvcCorsInLambdaConfig.class).autowire();
-
-		this.mvc.perform(get("/").header(HttpHeaders.ORIGIN, "https://example.com"))
-				.andExpect(header().exists("Access-Control-Allow-Origin"))
-				.andExpect(header().exists("X-Content-Type-Options"));
-	}
-
-	@Test
-	public void optionsWhenDefaultsInLambdaAndCrossOriginAnnotationThenRespondsWithCorsHeaders() throws Exception {
-		this.spring.register(MvcCorsInLambdaConfig.class).autowire();
-
-		this.mvc.perform(options("/")
-				.header(org.springframework.http.HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, HttpMethod.POST.name())
-				.header(HttpHeaders.ORIGIN, "https://example.com")).andExpect(status().isOk())
-				.andExpect(header().exists("Access-Control-Allow-Origin"))
-				.andExpect(header().exists("X-Content-Type-Options"));
-	}
-
 	@EnableWebMvc
 	@EnableWebSecurity
 	static class MvcCorsInLambdaConfig extends WebSecurityConfigurerAdapter {
@@ -183,26 +265,6 @@ public class CorsConfigurerTests {
 
 	}
 
-	@Test
-	public void getWhenCorsConfigurationSourceBeanThenRespondsWithCorsHeaders() throws Exception {
-		this.spring.register(ConfigSourceConfig.class).autowire();
-
-		this.mvc.perform(get("/").header(HttpHeaders.ORIGIN, "https://example.com"))
-				.andExpect(header().exists("Access-Control-Allow-Origin"))
-				.andExpect(header().exists("X-Content-Type-Options"));
-	}
-
-	@Test
-	public void optionsWhenCorsConfigurationSourceBeanThenRespondsWithCorsHeaders() throws Exception {
-		this.spring.register(ConfigSourceConfig.class).autowire();
-
-		this.mvc.perform(options("/")
-				.header(org.springframework.http.HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, HttpMethod.POST.name())
-				.header(HttpHeaders.ORIGIN, "https://example.com")).andExpect(status().isOk())
-				.andExpect(header().exists("Access-Control-Allow-Origin"))
-				.andExpect(header().exists("X-Content-Type-Options"));
-	}
-
 	@EnableWebSecurity
 	static class ConfigSourceConfig extends WebSecurityConfigurerAdapter {
 
@@ -229,28 +291,6 @@ public class CorsConfigurerTests {
 
 	}
 
-	@Test
-	public void getWhenMvcCorsInLambdaConfigAndCorsConfigurationSourceBeanThenRespondsWithCorsHeaders()
-			throws Exception {
-		this.spring.register(ConfigSourceInLambdaConfig.class).autowire();
-
-		this.mvc.perform(get("/").header(HttpHeaders.ORIGIN, "https://example.com"))
-				.andExpect(header().exists("Access-Control-Allow-Origin"))
-				.andExpect(header().exists("X-Content-Type-Options"));
-	}
-
-	@Test
-	public void optionsWhenMvcCorsInLambdaConfigAndCorsConfigurationSourceBeanThenRespondsWithCorsHeaders()
-			throws Exception {
-		this.spring.register(ConfigSourceInLambdaConfig.class).autowire();
-
-		this.mvc.perform(options("/")
-				.header(org.springframework.http.HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, HttpMethod.POST.name())
-				.header(HttpHeaders.ORIGIN, "https://example.com")).andExpect(status().isOk())
-				.andExpect(header().exists("Access-Control-Allow-Origin"))
-				.andExpect(header().exists("X-Content-Type-Options"));
-	}
-
 	@EnableWebSecurity
 	static class ConfigSourceInLambdaConfig extends WebSecurityConfigurerAdapter {
 
@@ -278,26 +318,6 @@ public class CorsConfigurerTests {
 
 	}
 
-	@Test
-	public void getWhenCorsFilterBeanThenRespondsWithCorsHeaders() throws Exception {
-		this.spring.register(CorsFilterConfig.class).autowire();
-
-		this.mvc.perform(get("/").header(HttpHeaders.ORIGIN, "https://example.com"))
-				.andExpect(header().exists("Access-Control-Allow-Origin"))
-				.andExpect(header().exists("X-Content-Type-Options"));
-	}
-
-	@Test
-	public void optionsWhenCorsFilterBeanThenRespondsWithCorsHeaders() throws Exception {
-		this.spring.register(CorsFilterConfig.class).autowire();
-
-		this.mvc.perform(options("/")
-				.header(org.springframework.http.HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, HttpMethod.POST.name())
-				.header(HttpHeaders.ORIGIN, "https://example.com")).andExpect(status().isOk())
-				.andExpect(header().exists("Access-Control-Allow-Origin"))
-				.andExpect(header().exists("X-Content-Type-Options"));
-	}
-
 	@EnableWebSecurity
 	static class CorsFilterConfig extends WebSecurityConfigurerAdapter {
 
@@ -324,26 +344,6 @@ public class CorsConfigurerTests {
 
 	}
 
-	@Test
-	public void getWhenConfigSourceInLambdaConfigAndCorsFilterBeanThenRespondsWithCorsHeaders() throws Exception {
-		this.spring.register(CorsFilterInLambdaConfig.class).autowire();
-
-		this.mvc.perform(get("/").header(HttpHeaders.ORIGIN, "https://example.com"))
-				.andExpect(header().exists("Access-Control-Allow-Origin"))
-				.andExpect(header().exists("X-Content-Type-Options"));
-	}
-
-	@Test
-	public void optionsWhenConfigSourceInLambdaConfigAndCorsFilterBeanThenRespondsWithCorsHeaders() throws Exception {
-		this.spring.register(CorsFilterInLambdaConfig.class).autowire();
-
-		this.mvc.perform(options("/")
-				.header(org.springframework.http.HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, HttpMethod.POST.name())
-				.header(HttpHeaders.ORIGIN, "https://example.com")).andExpect(status().isOk())
-				.andExpect(header().exists("Access-Control-Allow-Origin"))
-				.andExpect(header().exists("X-Content-Type-Options"));
-	}
-
 	@EnableWebSecurity
 	static class CorsFilterInLambdaConfig extends WebSecurityConfigurerAdapter {
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerIgnoringRequestMatchersTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerIgnoringRequestMatchersTests.java
index 9825c8ea99..bba69c31a7 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerIgnoringRequestMatchersTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerIgnoringRequestMatchersTests.java
@@ -56,6 +56,40 @@ public class CsrfConfigurerIgnoringRequestMatchersTests {
 		this.mvc.perform(post("/path")).andExpect(status().isOk());
 	}
 
+	@Test
+	public void requestWhenIgnoringRequestMatchersInLambdaThenAugmentedByConfiguredRequestMatcher() throws Exception {
+		this.spring.register(IgnoringRequestInLambdaMatchers.class, BasicController.class).autowire();
+
+		this.mvc.perform(get("/path")).andExpect(status().isForbidden());
+
+		this.mvc.perform(post("/path")).andExpect(status().isOk());
+	}
+
+	@Test
+	public void requestWhenIgnoringRequestMatcherThenUnionsWithConfiguredIgnoringAntMatchers() throws Exception {
+
+		this.spring.register(IgnoringPathsAndMatchers.class, BasicController.class).autowire();
+
+		this.mvc.perform(put("/csrf")).andExpect(status().isForbidden());
+
+		this.mvc.perform(post("/csrf")).andExpect(status().isOk());
+
+		this.mvc.perform(put("/no-csrf")).andExpect(status().isOk());
+	}
+
+	@Test
+	public void requestWhenIgnoringRequestMatcherInLambdaThenUnionsWithConfiguredIgnoringAntMatchers()
+			throws Exception {
+
+		this.spring.register(IgnoringPathsAndMatchersInLambdaConfig.class, BasicController.class).autowire();
+
+		this.mvc.perform(put("/csrf")).andExpect(status().isForbidden());
+
+		this.mvc.perform(post("/csrf")).andExpect(status().isOk());
+
+		this.mvc.perform(put("/no-csrf")).andExpect(status().isOk());
+	}
+
 	@EnableWebSecurity
 	static class IgnoringRequestMatchers extends WebSecurityConfigurerAdapter {
 
@@ -73,15 +107,6 @@ public class CsrfConfigurerIgnoringRequestMatchersTests {
 
 	}
 
-	@Test
-	public void requestWhenIgnoringRequestMatchersInLambdaThenAugmentedByConfiguredRequestMatcher() throws Exception {
-		this.spring.register(IgnoringRequestInLambdaMatchers.class, BasicController.class).autowire();
-
-		this.mvc.perform(get("/path")).andExpect(status().isForbidden());
-
-		this.mvc.perform(post("/path")).andExpect(status().isOk());
-	}
-
 	@EnableWebSecurity
 	static class IgnoringRequestInLambdaMatchers extends WebSecurityConfigurerAdapter {
 
@@ -101,18 +126,6 @@ public class CsrfConfigurerIgnoringRequestMatchersTests {
 
 	}
 
-	@Test
-	public void requestWhenIgnoringRequestMatcherThenUnionsWithConfiguredIgnoringAntMatchers() throws Exception {
-
-		this.spring.register(IgnoringPathsAndMatchers.class, BasicController.class).autowire();
-
-		this.mvc.perform(put("/csrf")).andExpect(status().isForbidden());
-
-		this.mvc.perform(post("/csrf")).andExpect(status().isOk());
-
-		this.mvc.perform(put("/no-csrf")).andExpect(status().isOk());
-	}
-
 	@EnableWebSecurity
 	static class IgnoringPathsAndMatchers extends WebSecurityConfigurerAdapter {
 
@@ -130,19 +143,6 @@ public class CsrfConfigurerIgnoringRequestMatchersTests {
 
 	}
 
-	@Test
-	public void requestWhenIgnoringRequestMatcherInLambdaThenUnionsWithConfiguredIgnoringAntMatchers()
-			throws Exception {
-
-		this.spring.register(IgnoringPathsAndMatchersInLambdaConfig.class, BasicController.class).autowire();
-
-		this.mvc.perform(put("/csrf")).andExpect(status().isForbidden());
-
-		this.mvc.perform(post("/csrf")).andExpect(status().isOk());
-
-		this.mvc.perform(put("/no-csrf")).andExpect(status().isOk());
-	}
-
 	@EnableWebSecurity
 	static class IgnoringPathsAndMatchersInLambdaConfig extends WebSecurityConfigurerAdapter {
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerNoWebMvcTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerNoWebMvcTests.java
index 74e98391d9..1a5a64cfbb 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerNoWebMvcTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerNoWebMvcTests.java
@@ -68,6 +68,13 @@ public class CsrfConfigurerNoWebMvcTests {
 				.isNotEqualTo(CsrfRequestDataValueProcessor.class);
 	}
 
+	private void loadContext(Class<?> configs) {
+		AnnotationConfigApplicationContext annotationConfigApplicationContext = new AnnotationConfigApplicationContext();
+		annotationConfigApplicationContext.register(configs);
+		annotationConfigApplicationContext.refresh();
+		this.context = annotationConfigApplicationContext;
+	}
+
 	@EnableWebSecurity
 	static class EnableWebConfig extends WebSecurityConfigurerAdapter {
 
@@ -97,11 +104,4 @@ public class CsrfConfigurerNoWebMvcTests {
 
 	}
 
-	private void loadContext(Class<?> configs) {
-		AnnotationConfigApplicationContext annotationConfigApplicationContext = new AnnotationConfigApplicationContext();
-		annotationConfigApplicationContext.register(configs);
-		annotationConfigApplicationContext.refresh();
-		this.context = annotationConfigApplicationContext;
-	}
-
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerTests.java
index 95f4585d44..4aa9547949 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerTests.java
@@ -179,27 +179,6 @@ public class CsrfConfigurerTests {
 		assertThat(this.spring.getContext().getBean(RequestDataValueProcessor.class)).isNotNull();
 	}
 
-	@Configuration
-	static class AllowHttpMethodsFirewallConfig {
-
-		@Bean
-		StrictHttpFirewall strictHttpFirewall() {
-			StrictHttpFirewall result = new StrictHttpFirewall();
-			result.setUnsafeAllowAnyHttpMethod(true);
-			return result;
-		}
-
-	}
-
-	@EnableWebSecurity
-	static class CsrfAppliedDefaultConfig extends WebSecurityConfigurerAdapter {
-
-		@Override
-		protected void configure(HttpSecurity http) {
-		}
-
-	}
-
 	@Test
 	public void postWhenCsrfDisabledThenRespondsWithOk() throws Exception {
 		this.spring.register(DisableCsrfConfig.class, BasicController.class).autowire();
@@ -207,20 +186,6 @@ public class CsrfConfigurerTests {
 		this.mvc.perform(post("/")).andExpect(status().isOk());
 	}
 
-	@EnableWebSecurity
-	static class DisableCsrfConfig extends WebSecurityConfigurerAdapter {
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.csrf()
-					.disable();
-			// @formatter:on
-		}
-
-	}
-
 	@Test
 	public void postWhenCsrfDisabledInLambdaThenRespondsWithOk() throws Exception {
 		this.spring.register(DisableCsrfInLambdaConfig.class, BasicController.class).autowire();
@@ -228,19 +193,6 @@ public class CsrfConfigurerTests {
 		this.mvc.perform(post("/")).andExpect(status().isOk());
 	}
 
-	@EnableWebSecurity
-	static class DisableCsrfInLambdaConfig extends WebSecurityConfigurerAdapter {
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.csrf(AbstractHttpConfigurer::disable);
-			// @formatter:on
-		}
-
-	}
-
 	// SEC-2498
 	@Test
 	public void loginWhenCsrfDisabledThenRedirectsToPreviousPostRequest() throws Exception {
@@ -253,34 +205,6 @@ public class CsrfConfigurerTests {
 				.andExpect(redirectedUrl("http://localhost/to-save"));
 	}
 
-	@EnableWebSecurity
-	static class DisableCsrfEnablesRequestCacheConfig extends WebSecurityConfigurerAdapter {
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.authorizeRequests()
-					.anyRequest().authenticated()
-					.and()
-				.formLogin()
-					.and()
-				.csrf()
-					.disable();
-			// @formatter:on
-		}
-
-		@Override
-		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
-			// @formatter:off
-			auth
-				.inMemoryAuthentication()
-				.withUser(PasswordEncodedUser.user());
-			// @formatter:on
-		}
-
-	}
-
 	@Test
 	public void loginWhenCsrfEnabledThenDoesNotRedirectToPreviousPostRequest() throws Exception {
 		CsrfDisablesPostRequestFromRequestCacheConfig.REPO = mock(CsrfTokenRepository.class);
@@ -315,36 +239,6 @@ public class CsrfConfigurerTests {
 				.loadToken(any(HttpServletRequest.class));
 	}
 
-	@EnableWebSecurity
-	static class CsrfDisablesPostRequestFromRequestCacheConfig extends WebSecurityConfigurerAdapter {
-
-		static CsrfTokenRepository REPO;
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.authorizeRequests()
-					.anyRequest().authenticated()
-					.and()
-				.formLogin()
-					.and()
-				.csrf()
-					.csrfTokenRepository(REPO);
-			// @formatter:on
-		}
-
-		@Override
-		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
-			// @formatter:off
-			auth
-				.inMemoryAuthentication()
-					.withUser(PasswordEncodedUser.user());
-			// @formatter:on
-		}
-
-	}
-
 	// SEC-2422
 	@Test
 	public void postWhenCsrfEnabledAndSessionIsExpiredThenRespondsWithForbidden() throws Exception {
@@ -357,22 +251,6 @@ public class CsrfConfigurerTests {
 				.andExpect(status().isForbidden());
 	}
 
-	@EnableWebSecurity
-	static class InvalidSessionUrlConfig extends WebSecurityConfigurerAdapter {
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.csrf()
-					.and()
-				.sessionManagement()
-					.invalidSessionUrl("/error/sessionError");
-			// @formatter:on
-		}
-
-	}
-
 	@Test
 	public void requireCsrfProtectionMatcherWhenRequestDoesNotMatchThenRespondsWithOk() throws Exception {
 		this.spring.register(RequireCsrfProtectionMatcherConfig.class, BasicController.class).autowire();
@@ -390,22 +268,6 @@ public class CsrfConfigurerTests {
 		this.mvc.perform(get("/")).andExpect(status().isForbidden());
 	}
 
-	@EnableWebSecurity
-	static class RequireCsrfProtectionMatcherConfig extends WebSecurityConfigurerAdapter {
-
-		static RequestMatcher MATCHER;
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.csrf()
-					.requireCsrfProtectionMatcher(MATCHER);
-			// @formatter:on
-		}
-
-	}
-
 	@Test
 	public void requireCsrfProtectionMatcherInLambdaWhenRequestDoesNotMatchThenRespondsWithOk() throws Exception {
 		RequireCsrfProtectionMatcherInLambdaConfig.MATCHER = mock(RequestMatcher.class);
@@ -424,21 +286,6 @@ public class CsrfConfigurerTests {
 		this.mvc.perform(get("/")).andExpect(status().isForbidden());
 	}
 
-	@EnableWebSecurity
-	static class RequireCsrfProtectionMatcherInLambdaConfig extends WebSecurityConfigurerAdapter {
-
-		static RequestMatcher MATCHER;
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.csrf(csrf -> csrf.requireCsrfProtectionMatcher(MATCHER));
-			// @formatter:on
-		}
-
-	}
-
 	@Test
 	public void getWhenCustomCsrfTokenRepositoryThenRepositoryIsUsed() throws Exception {
 		CsrfTokenRepositoryConfig.REPO = mock(CsrfTokenRepository.class);
@@ -476,6 +323,247 @@ public class CsrfConfigurerTests {
 				any(HttpServletResponse.class));
 	}
 
+	@Test
+	public void getWhenCustomCsrfTokenRepositoryInLambdaThenRepositoryIsUsed() throws Exception {
+		CsrfTokenRepositoryInLambdaConfig.REPO = mock(CsrfTokenRepository.class);
+		when(CsrfTokenRepositoryInLambdaConfig.REPO.loadToken(any()))
+				.thenReturn(new DefaultCsrfToken("X-CSRF-TOKEN", "_csrf", "token"));
+		this.spring.register(CsrfTokenRepositoryInLambdaConfig.class, BasicController.class).autowire();
+
+		this.mvc.perform(get("/")).andExpect(status().isOk());
+		verify(CsrfTokenRepositoryInLambdaConfig.REPO).loadToken(any(HttpServletRequest.class));
+	}
+
+	@Test
+	public void getWhenCustomAccessDeniedHandlerThenHandlerIsUsed() throws Exception {
+		AccessDeniedHandlerConfig.DENIED_HANDLER = mock(AccessDeniedHandler.class);
+		this.spring.register(AccessDeniedHandlerConfig.class, BasicController.class).autowire();
+
+		this.mvc.perform(post("/")).andExpect(status().isOk());
+
+		verify(AccessDeniedHandlerConfig.DENIED_HANDLER).handle(any(HttpServletRequest.class),
+				any(HttpServletResponse.class), any());
+	}
+
+	@Test
+	public void loginWhenNoCsrfTokenThenRespondsWithForbidden() throws Exception {
+		this.spring.register(FormLoginConfig.class).autowire();
+
+		this.mvc.perform(post("/login").param("username", "user").param("password", "password"))
+				.andExpect(status().isForbidden()).andExpect(unauthenticated());
+	}
+
+	@Test
+	public void logoutWhenNoCsrfTokenThenRespondsWithForbidden() throws Exception {
+		this.spring.register(FormLoginConfig.class).autowire();
+
+		this.mvc.perform(post("/logout").with(user("username"))).andExpect(status().isForbidden())
+				.andExpect(authenticated());
+	}
+
+	// SEC-2543
+	@Test
+	public void logoutWhenCsrfEnabledAndGetRequestThenDoesNotLogout() throws Exception {
+		this.spring.register(FormLoginConfig.class).autowire();
+
+		this.mvc.perform(get("/logout").with(user("username"))).andExpect(authenticated());
+	}
+
+	@Test
+	public void logoutWhenGetRequestAndGetEnabledForLogoutThenLogsOut() throws Exception {
+		this.spring.register(LogoutAllowsGetConfig.class).autowire();
+
+		this.mvc.perform(get("/logout").with(user("username"))).andExpect(unauthenticated());
+	}
+
+	// SEC-2749
+	@Test
+	public void configureWhenRequireCsrfProtectionMatcherNullThenException() {
+		assertThatThrownBy(() -> this.spring.register(NullRequireCsrfProtectionMatcherConfig.class).autowire())
+				.isInstanceOf(BeanCreationException.class).hasRootCauseInstanceOf(IllegalArgumentException.class);
+	}
+
+	@Test
+	public void getWhenDefaultCsrfTokenRepositoryThenDoesNotCreateSession() throws Exception {
+		this.spring.register(DefaultDoesNotCreateSession.class).autowire();
+
+		MvcResult mvcResult = this.mvc.perform(get("/")).andReturn();
+
+		assertThat(mvcResult.getRequest().getSession(false)).isNull();
+	}
+
+	@Test
+	public void getWhenNullAuthenticationStrategyThenException() {
+		assertThatThrownBy(() -> this.spring.register(NullAuthenticationStrategy.class).autowire())
+				.isInstanceOf(BeanCreationException.class).hasRootCauseInstanceOf(IllegalArgumentException.class);
+	}
+
+	@Test
+	public void csrfAuthenticationStrategyConfiguredThenStrategyUsed() throws Exception {
+		CsrfAuthenticationStrategyConfig.STRATEGY = mock(SessionAuthenticationStrategy.class);
+
+		this.spring.register(CsrfAuthenticationStrategyConfig.class).autowire();
+
+		this.mvc.perform(post("/login").with(csrf()).param("username", "user").param("password", "password"))
+				.andExpect(redirectedUrl("/"));
+
+		verify(CsrfAuthenticationStrategyConfig.STRATEGY, atLeastOnce()).onAuthentication(any(Authentication.class),
+				any(HttpServletRequest.class), any(HttpServletResponse.class));
+	}
+
+	@Configuration
+	static class AllowHttpMethodsFirewallConfig {
+
+		@Bean
+		StrictHttpFirewall strictHttpFirewall() {
+			StrictHttpFirewall result = new StrictHttpFirewall();
+			result.setUnsafeAllowAnyHttpMethod(true);
+			return result;
+		}
+
+	}
+
+	@EnableWebSecurity
+	static class CsrfAppliedDefaultConfig extends WebSecurityConfigurerAdapter {
+
+		@Override
+		protected void configure(HttpSecurity http) {
+		}
+
+	}
+
+	@EnableWebSecurity
+	static class DisableCsrfConfig extends WebSecurityConfigurerAdapter {
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.csrf()
+					.disable();
+			// @formatter:on
+		}
+
+	}
+
+	@EnableWebSecurity
+	static class DisableCsrfInLambdaConfig extends WebSecurityConfigurerAdapter {
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.csrf(AbstractHttpConfigurer::disable);
+			// @formatter:on
+		}
+
+	}
+
+	@EnableWebSecurity
+	static class DisableCsrfEnablesRequestCacheConfig extends WebSecurityConfigurerAdapter {
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.authorizeRequests()
+					.anyRequest().authenticated()
+					.and()
+				.formLogin()
+					.and()
+				.csrf()
+					.disable();
+			// @formatter:on
+		}
+
+		@Override
+		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
+			auth
+				.inMemoryAuthentication()
+				.withUser(PasswordEncodedUser.user());
+			// @formatter:on
+		}
+
+	}
+
+	@EnableWebSecurity
+	static class CsrfDisablesPostRequestFromRequestCacheConfig extends WebSecurityConfigurerAdapter {
+
+		static CsrfTokenRepository REPO;
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.authorizeRequests()
+					.anyRequest().authenticated()
+					.and()
+				.formLogin()
+					.and()
+				.csrf()
+					.csrfTokenRepository(REPO);
+			// @formatter:on
+		}
+
+		@Override
+		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
+			auth
+				.inMemoryAuthentication()
+					.withUser(PasswordEncodedUser.user());
+			// @formatter:on
+		}
+
+	}
+
+	@EnableWebSecurity
+	static class InvalidSessionUrlConfig extends WebSecurityConfigurerAdapter {
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.csrf()
+					.and()
+				.sessionManagement()
+					.invalidSessionUrl("/error/sessionError");
+			// @formatter:on
+		}
+
+	}
+
+	@EnableWebSecurity
+	static class RequireCsrfProtectionMatcherConfig extends WebSecurityConfigurerAdapter {
+
+		static RequestMatcher MATCHER;
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.csrf()
+					.requireCsrfProtectionMatcher(MATCHER);
+			// @formatter:on
+		}
+
+	}
+
+	@EnableWebSecurity
+	static class RequireCsrfProtectionMatcherInLambdaConfig extends WebSecurityConfigurerAdapter {
+
+		static RequestMatcher MATCHER;
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.csrf(csrf -> csrf.requireCsrfProtectionMatcher(MATCHER));
+			// @formatter:on
+		}
+
+	}
+
 	@EnableWebSecurity
 	static class CsrfTokenRepositoryConfig extends WebSecurityConfigurerAdapter {
 
@@ -503,17 +591,6 @@ public class CsrfConfigurerTests {
 
 	}
 
-	@Test
-	public void getWhenCustomCsrfTokenRepositoryInLambdaThenRepositoryIsUsed() throws Exception {
-		CsrfTokenRepositoryInLambdaConfig.REPO = mock(CsrfTokenRepository.class);
-		when(CsrfTokenRepositoryInLambdaConfig.REPO.loadToken(any()))
-				.thenReturn(new DefaultCsrfToken("X-CSRF-TOKEN", "_csrf", "token"));
-		this.spring.register(CsrfTokenRepositoryInLambdaConfig.class, BasicController.class).autowire();
-
-		this.mvc.perform(get("/")).andExpect(status().isOk());
-		verify(CsrfTokenRepositoryInLambdaConfig.REPO).loadToken(any(HttpServletRequest.class));
-	}
-
 	@EnableWebSecurity
 	static class CsrfTokenRepositoryInLambdaConfig extends WebSecurityConfigurerAdapter {
 
@@ -530,17 +607,6 @@ public class CsrfConfigurerTests {
 
 	}
 
-	@Test
-	public void getWhenCustomAccessDeniedHandlerThenHandlerIsUsed() throws Exception {
-		AccessDeniedHandlerConfig.DENIED_HANDLER = mock(AccessDeniedHandler.class);
-		this.spring.register(AccessDeniedHandlerConfig.class, BasicController.class).autowire();
-
-		this.mvc.perform(post("/")).andExpect(status().isOk());
-
-		verify(AccessDeniedHandlerConfig.DENIED_HANDLER).handle(any(HttpServletRequest.class),
-				any(HttpServletResponse.class), any());
-	}
-
 	@EnableWebSecurity
 	static class AccessDeniedHandlerConfig extends WebSecurityConfigurerAdapter {
 
@@ -557,30 +623,6 @@ public class CsrfConfigurerTests {
 
 	}
 
-	@Test
-	public void loginWhenNoCsrfTokenThenRespondsWithForbidden() throws Exception {
-		this.spring.register(FormLoginConfig.class).autowire();
-
-		this.mvc.perform(post("/login").param("username", "user").param("password", "password"))
-				.andExpect(status().isForbidden()).andExpect(unauthenticated());
-	}
-
-	@Test
-	public void logoutWhenNoCsrfTokenThenRespondsWithForbidden() throws Exception {
-		this.spring.register(FormLoginConfig.class).autowire();
-
-		this.mvc.perform(post("/logout").with(user("username"))).andExpect(status().isForbidden())
-				.andExpect(authenticated());
-	}
-
-	// SEC-2543
-	@Test
-	public void logoutWhenCsrfEnabledAndGetRequestThenDoesNotLogout() throws Exception {
-		this.spring.register(FormLoginConfig.class).autowire();
-
-		this.mvc.perform(get("/logout").with(user("username"))).andExpect(authenticated());
-	}
-
 	@EnableWebSecurity
 	static class FormLoginConfig extends WebSecurityConfigurerAdapter {
 
@@ -594,13 +636,6 @@ public class CsrfConfigurerTests {
 
 	}
 
-	@Test
-	public void logoutWhenGetRequestAndGetEnabledForLogoutThenLogsOut() throws Exception {
-		this.spring.register(LogoutAllowsGetConfig.class).autowire();
-
-		this.mvc.perform(get("/logout").with(user("username"))).andExpect(unauthenticated());
-	}
-
 	@EnableWebSecurity
 	static class LogoutAllowsGetConfig extends WebSecurityConfigurerAdapter {
 
@@ -617,13 +652,6 @@ public class CsrfConfigurerTests {
 
 	}
 
-	// SEC-2749
-	@Test
-	public void configureWhenRequireCsrfProtectionMatcherNullThenException() {
-		assertThatThrownBy(() -> this.spring.register(NullRequireCsrfProtectionMatcherConfig.class).autowire())
-				.isInstanceOf(BeanCreationException.class).hasRootCauseInstanceOf(IllegalArgumentException.class);
-	}
-
 	@EnableWebSecurity
 	static class NullRequireCsrfProtectionMatcherConfig extends WebSecurityConfigurerAdapter {
 
@@ -638,15 +666,6 @@ public class CsrfConfigurerTests {
 
 	}
 
-	@Test
-	public void getWhenDefaultCsrfTokenRepositoryThenDoesNotCreateSession() throws Exception {
-		this.spring.register(DefaultDoesNotCreateSession.class).autowire();
-
-		MvcResult mvcResult = this.mvc.perform(get("/")).andReturn();
-
-		assertThat(mvcResult.getRequest().getSession(false)).isNull();
-	}
-
 	@EnableWebSecurity
 	static class DefaultDoesNotCreateSession extends WebSecurityConfigurerAdapter {
 
@@ -688,12 +707,6 @@ public class CsrfConfigurerTests {
 
 	}
 
-	@Test
-	public void getWhenNullAuthenticationStrategyThenException() {
-		assertThatThrownBy(() -> this.spring.register(NullAuthenticationStrategy.class).autowire())
-				.isInstanceOf(BeanCreationException.class).hasRootCauseInstanceOf(IllegalArgumentException.class);
-	}
-
 	@EnableWebSecurity
 	static class CsrfAuthenticationStrategyConfig extends WebSecurityConfigurerAdapter {
 
@@ -721,19 +734,6 @@ public class CsrfConfigurerTests {
 
 	}
 
-	@Test
-	public void csrfAuthenticationStrategyConfiguredThenStrategyUsed() throws Exception {
-		CsrfAuthenticationStrategyConfig.STRATEGY = mock(SessionAuthenticationStrategy.class);
-
-		this.spring.register(CsrfAuthenticationStrategyConfig.class).autowire();
-
-		this.mvc.perform(post("/login").with(csrf()).param("username", "user").param("password", "password"))
-				.andExpect(redirectedUrl("/"));
-
-		verify(CsrfAuthenticationStrategyConfig.STRATEGY, atLeastOnce()).onAuthentication(any(Authentication.class),
-				any(HttpServletRequest.class), any(HttpServletResponse.class));
-	}
-
 	@RestController
 	static class BasicController {
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/DefaultFiltersTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/DefaultFiltersTests.java
index 716027edf0..0de52befb4 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/DefaultFiltersTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/DefaultFiltersTests.java
@@ -77,20 +77,6 @@ public class DefaultFiltersTests {
 		assertThat(this.spring.getContext().getBean(FilterChainProxy.class)).isNotNull();
 	}
 
-	@EnableWebSecurity
-	static class FilterChainProxyBuilderMissingConfig {
-
-		@Autowired
-		public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
-			// @formatter:off
-			auth
-				.inMemoryAuthentication()
-					.withUser("user").password("password").roles("USER");
-			// @formatter:on
-		}
-
-	}
-
 	@Test
 	public void nullWebInvocationPrivilegeEvaluator() {
 		this.spring.register(NullWebInvocationPrivilegeEvaluatorConfig.class, UserDetailsServiceConfig.class);
@@ -105,30 +91,6 @@ public class DefaultFiltersTests {
 		assertThat(filter).isEqualTo(1);
 	}
 
-	@Configuration
-	static class UserDetailsServiceConfig {
-
-		@Bean
-		public UserDetailsService userDetailsService() {
-			return new InMemoryUserDetailsManager(PasswordEncodedUser.user(), PasswordEncodedUser.admin());
-		}
-
-	}
-
-	@EnableWebSecurity
-	static class NullWebInvocationPrivilegeEvaluatorConfig extends WebSecurityConfigurerAdapter {
-
-		NullWebInvocationPrivilegeEvaluatorConfig() {
-			super(true);
-		}
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			http.formLogin();
-		}
-
-	}
-
 	@Test
 	public void filterChainProxyBuilderIgnoringResources() {
 		this.spring.register(FilterChainProxyBuilderIgnoringConfig.class, UserDetailsServiceConfig.class);
@@ -156,6 +118,60 @@ public class DefaultFiltersTests {
 		assertThat(classes.contains(FilterSecurityInterceptor.class)).isTrue();
 	}
 
+	@Test
+	public void defaultFiltersPermitAll() throws IOException, ServletException {
+		this.spring.register(DefaultFiltersConfigPermitAll.class, UserDetailsServiceConfig.class);
+		MockHttpServletResponse response = new MockHttpServletResponse();
+		MockHttpServletRequest request = new MockHttpServletRequest("POST", "");
+		request.setServletPath("/logout");
+
+		CsrfToken csrfToken = new DefaultCsrfToken("X-CSRF-TOKEN", "_csrf", "BaseSpringSpec_CSRFTOKEN");
+		new HttpSessionCsrfTokenRepository().saveToken(csrfToken, request, response);
+		request.setParameter(csrfToken.getParameterName(), csrfToken.getToken());
+
+		this.spring.getContext().getBean("springSecurityFilterChain", Filter.class).doFilter(request, response,
+				new MockFilterChain());
+		assertThat(response.getRedirectedUrl()).isEqualTo("/login?logout");
+	}
+
+	@EnableWebSecurity
+	static class FilterChainProxyBuilderMissingConfig {
+
+		@Autowired
+		public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
+			auth
+				.inMemoryAuthentication()
+					.withUser("user").password("password").roles("USER");
+			// @formatter:on
+		}
+
+	}
+
+	@Configuration
+	static class UserDetailsServiceConfig {
+
+		@Bean
+		public UserDetailsService userDetailsService() {
+			return new InMemoryUserDetailsManager(PasswordEncodedUser.user(), PasswordEncodedUser.admin());
+		}
+
+	}
+
+	@EnableWebSecurity
+	static class NullWebInvocationPrivilegeEvaluatorConfig extends WebSecurityConfigurerAdapter {
+
+		NullWebInvocationPrivilegeEvaluatorConfig() {
+			super(true);
+		}
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			http.formLogin();
+		}
+
+	}
+
 	@EnableWebSecurity
 	static class FilterChainProxyBuilderIgnoringConfig extends WebSecurityConfigurerAdapter {
 
@@ -179,22 +195,6 @@ public class DefaultFiltersTests {
 
 	}
 
-	@Test
-	public void defaultFiltersPermitAll() throws IOException, ServletException {
-		this.spring.register(DefaultFiltersConfigPermitAll.class, UserDetailsServiceConfig.class);
-		MockHttpServletResponse response = new MockHttpServletResponse();
-		MockHttpServletRequest request = new MockHttpServletRequest("POST", "");
-		request.setServletPath("/logout");
-
-		CsrfToken csrfToken = new DefaultCsrfToken("X-CSRF-TOKEN", "_csrf", "BaseSpringSpec_CSRFTOKEN");
-		new HttpSessionCsrfTokenRepository().saveToken(csrfToken, request, response);
-		request.setParameter(csrfToken.getParameterName(), csrfToken.getToken());
-
-		this.spring.getContext().getBean("springSecurityFilterChain", Filter.class).doFilter(request, response,
-				new MockFilterChain());
-		assertThat(response.getRedirectedUrl()).isEqualTo("/login?logout");
-	}
-
 	@EnableWebSecurity
 	static class DefaultFiltersConfigPermitAll extends WebSecurityConfigurerAdapter {
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/DefaultLoginPageConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/DefaultLoginPageConfigurerTests.java
index 43e409ec30..d2110741cf 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/DefaultLoginPageConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/DefaultLoginPageConfigurerTests.java
@@ -176,31 +176,6 @@ public class DefaultLoginPageConfigurerTests {
 						+ "      </form>\n" + "</div>\n" + "</body></html>"));
 	}
 
-	@EnableWebSecurity
-	static class DefaultLoginPageConfig extends WebSecurityConfigurerAdapter {
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.authorizeRequests()
-					.anyRequest().hasRole("USER")
-					.and()
-				.formLogin();
-			// @formatter:on
-		}
-
-		@Override
-		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
-			// @formatter:off
-			auth
-				.inMemoryAuthentication()
-					.withUser(PasswordEncodedUser.user());
-			// @formatter:on
-		}
-
-	}
-
 	@Test
 	public void loginPageWhenLoggedOutAndCustomLogoutSuccessHandlerThenDoesNotRenderLoginPage() throws Exception {
 		this.spring.register(DefaultLoginPageCustomLogoutSuccessHandlerConfig.class).autowire();
@@ -208,25 +183,6 @@ public class DefaultLoginPageConfigurerTests {
 		this.mvc.perform(get("/login?logout")).andExpect(content().string(""));
 	}
 
-	@EnableWebSecurity
-	static class DefaultLoginPageCustomLogoutSuccessHandlerConfig extends WebSecurityConfigurerAdapter {
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.authorizeRequests()
-					.anyRequest().hasRole("USER")
-					.and()
-				.logout()
-					.logoutSuccessHandler(new SimpleUrlLogoutSuccessHandler())
-					.and()
-				.formLogin();
-			// @formatter:on
-		}
-
-	}
-
 	@Test
 	public void loginPageWhenLoggedOutAndCustomLogoutSuccessUrlThenDoesNotRenderLoginPage() throws Exception {
 		this.spring.register(DefaultLoginPageCustomLogoutSuccessUrlConfig.class).autowire();
@@ -234,25 +190,6 @@ public class DefaultLoginPageConfigurerTests {
 		this.mvc.perform(get("/login?logout")).andExpect(content().string(""));
 	}
 
-	@EnableWebSecurity
-	static class DefaultLoginPageCustomLogoutSuccessUrlConfig extends WebSecurityConfigurerAdapter {
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.authorizeRequests()
-					.anyRequest().hasRole("USER")
-					.and()
-				.logout()
-					.logoutSuccessUrl("/login?logout")
-					.and()
-				.formLogin();
-			// @formatter:on
-		}
-
-	}
-
 	@Test
 	public void loginPageWhenRememberConfigureThenDefaultLoginPageWithRememberMeCheckbox() throws Exception {
 		this.spring.register(DefaultLoginPageWithRememberMeConfig.class).autowire();
@@ -283,24 +220,6 @@ public class DefaultLoginPageConfigurerTests {
 						+ "      </form>\n" + "</div>\n" + "</body></html>"));
 	}
 
-	@EnableWebSecurity
-	static class DefaultLoginPageWithRememberMeConfig extends WebSecurityConfigurerAdapter {
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.authorizeRequests()
-					.anyRequest().hasRole("USER")
-					.and()
-				.formLogin()
-					.and()
-				.rememberMe();
-			// @formatter:on
-		}
-
-	}
-
 	@Test
 	public void loginPageWhenOpenIdLoginConfiguredThenOpedIdLoginPage() throws Exception {
 		this.spring.register(DefaultLoginPageWithOpenIDConfig.class).autowire();
@@ -327,22 +246,6 @@ public class DefaultLoginPageConfigurerTests {
 						+ "      </form>\n" + "</div>\n" + "</body></html>"));
 	}
 
-	@EnableWebSecurity
-	static class DefaultLoginPageWithOpenIDConfig extends WebSecurityConfigurerAdapter {
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.authorizeRequests()
-					.anyRequest().hasRole("USER")
-					.and()
-				.openidLogin();
-			// @formatter:on
-		}
-
-	}
-
 	@Test
 	public void loginPageWhenOpenIdLoginAndFormLoginAndRememberMeConfiguredThenOpedIdLoginPage() throws Exception {
 		this.spring.register(DefaultLoginPageWithFormLoginOpenIDRememberMeConfig.class).autowire();
@@ -383,55 +286,6 @@ public class DefaultLoginPageConfigurerTests {
 						+ "      </form>\n" + "</div>\n" + "</body></html>"));
 	}
 
-	@EnableWebSecurity
-	static class DefaultLoginPageWithFormLoginOpenIDRememberMeConfig extends WebSecurityConfigurerAdapter {
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.authorizeRequests()
-					.anyRequest().hasRole("USER")
-					.and()
-				.rememberMe()
-					.and()
-				.formLogin()
-					.and()
-				.openidLogin();
-			// @formatter:on
-		}
-
-	}
-
-	@Test
-	public void configureWhenAuthenticationEntryPointThenNoDefaultLoginPageGeneratingFilter() {
-		this.spring.register(DefaultLoginWithCustomAuthenticationEntryPointConfig.class).autowire();
-
-		FilterChainProxy filterChain = this.spring.getContext().getBean(FilterChainProxy.class);
-		assertThat(filterChain.getFilterChains().get(0).getFilters().stream()
-				.filter(filter -> filter.getClass().isAssignableFrom(DefaultLoginPageGeneratingFilter.class)).count())
-						.isZero();
-	}
-
-	@EnableWebSecurity
-	static class DefaultLoginWithCustomAuthenticationEntryPointConfig extends WebSecurityConfigurerAdapter {
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.exceptionHandling()
-					.authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/login"))
-					.and()
-				.authorizeRequests()
-					.anyRequest().hasRole("USER")
-					.and()
-				.formLogin();
-			// @formatter:on
-		}
-
-	}
-
 	@Test
 	public void configureWhenRegisteringObjectPostProcessorThenInvokedOnDefaultLoginPageGeneratingFilter() {
 		ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class);
@@ -465,6 +319,152 @@ public class DefaultLoginPageConfigurerTests {
 		verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(ExceptionTranslationFilter.class));
 	}
 
+	@Test
+	public void configureWhenAuthenticationEntryPointThenNoDefaultLoginPageGeneratingFilter() {
+		this.spring.register(DefaultLoginWithCustomAuthenticationEntryPointConfig.class).autowire();
+
+		FilterChainProxy filterChain = this.spring.getContext().getBean(FilterChainProxy.class);
+		assertThat(filterChain.getFilterChains().get(0).getFilters().stream()
+				.filter(filter -> filter.getClass().isAssignableFrom(DefaultLoginPageGeneratingFilter.class)).count())
+						.isZero();
+	}
+
+	@EnableWebSecurity
+	static class DefaultLoginPageConfig extends WebSecurityConfigurerAdapter {
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.authorizeRequests()
+					.anyRequest().hasRole("USER")
+					.and()
+				.formLogin();
+			// @formatter:on
+		}
+
+		@Override
+		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
+			auth
+				.inMemoryAuthentication()
+					.withUser(PasswordEncodedUser.user());
+			// @formatter:on
+		}
+
+	}
+
+	@EnableWebSecurity
+	static class DefaultLoginPageCustomLogoutSuccessHandlerConfig extends WebSecurityConfigurerAdapter {
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.authorizeRequests()
+					.anyRequest().hasRole("USER")
+					.and()
+				.logout()
+					.logoutSuccessHandler(new SimpleUrlLogoutSuccessHandler())
+					.and()
+				.formLogin();
+			// @formatter:on
+		}
+
+	}
+
+	@EnableWebSecurity
+	static class DefaultLoginPageCustomLogoutSuccessUrlConfig extends WebSecurityConfigurerAdapter {
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.authorizeRequests()
+					.anyRequest().hasRole("USER")
+					.and()
+				.logout()
+					.logoutSuccessUrl("/login?logout")
+					.and()
+				.formLogin();
+			// @formatter:on
+		}
+
+	}
+
+	@EnableWebSecurity
+	static class DefaultLoginPageWithRememberMeConfig extends WebSecurityConfigurerAdapter {
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.authorizeRequests()
+					.anyRequest().hasRole("USER")
+					.and()
+				.formLogin()
+					.and()
+				.rememberMe();
+			// @formatter:on
+		}
+
+	}
+
+	@EnableWebSecurity
+	static class DefaultLoginPageWithOpenIDConfig extends WebSecurityConfigurerAdapter {
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.authorizeRequests()
+					.anyRequest().hasRole("USER")
+					.and()
+				.openidLogin();
+			// @formatter:on
+		}
+
+	}
+
+	@EnableWebSecurity
+	static class DefaultLoginPageWithFormLoginOpenIDRememberMeConfig extends WebSecurityConfigurerAdapter {
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.authorizeRequests()
+					.anyRequest().hasRole("USER")
+					.and()
+				.rememberMe()
+					.and()
+				.formLogin()
+					.and()
+				.openidLogin();
+			// @formatter:on
+		}
+
+	}
+
+	@EnableWebSecurity
+	static class DefaultLoginWithCustomAuthenticationEntryPointConfig extends WebSecurityConfigurerAdapter {
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.exceptionHandling()
+					.authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/login"))
+					.and()
+				.authorizeRequests()
+					.anyRequest().hasRole("USER")
+					.and()
+				.formLogin();
+			// @formatter:on
+		}
+
+	}
+
 	@EnableWebSecurity
 	static class ObjectPostProcessorConfig extends WebSecurityConfigurerAdapter {
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurerAccessDeniedHandlerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurerAccessDeniedHandlerTests.java
index ab6021c5c0..4bfc897690 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurerAccessDeniedHandlerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurerAccessDeniedHandlerTests.java
@@ -60,6 +60,26 @@ public class ExceptionHandlingConfigurerAccessDeniedHandlerTests {
 		this.mvc.perform(get("/goodbye")).andExpect(status().isForbidden());
 	}
 
+	@Test
+	@WithMockUser(roles = "ANYTHING")
+	public void getWhenAccessDeniedOverriddenInLambdaThenCustomizesResponseByRequest() throws Exception {
+		this.spring.register(RequestMatcherBasedAccessDeniedHandlerInLambdaConfig.class).autowire();
+
+		this.mvc.perform(get("/hello")).andExpect(status().isIAmATeapot());
+
+		this.mvc.perform(get("/goodbye")).andExpect(status().isForbidden());
+	}
+
+	@Test
+	@WithMockUser(roles = "ANYTHING")
+	public void getWhenAccessDeniedOverriddenByOnlyOneHandlerThenAllRequestsUseThatHandler() throws Exception {
+		this.spring.register(SingleRequestMatcherAccessDeniedHandlerConfig.class).autowire();
+
+		this.mvc.perform(get("/hello")).andExpect(status().isIAmATeapot());
+
+		this.mvc.perform(get("/goodbye")).andExpect(status().isIAmATeapot());
+	}
+
 	@EnableWebSecurity
 	static class RequestMatcherBasedAccessDeniedHandlerConfig extends WebSecurityConfigurerAdapter {
 
@@ -85,16 +105,6 @@ public class ExceptionHandlingConfigurerAccessDeniedHandlerTests {
 
 	}
 
-	@Test
-	@WithMockUser(roles = "ANYTHING")
-	public void getWhenAccessDeniedOverriddenInLambdaThenCustomizesResponseByRequest() throws Exception {
-		this.spring.register(RequestMatcherBasedAccessDeniedHandlerInLambdaConfig.class).autowire();
-
-		this.mvc.perform(get("/hello")).andExpect(status().isIAmATeapot());
-
-		this.mvc.perform(get("/goodbye")).andExpect(status().isForbidden());
-	}
-
 	@EnableWebSecurity
 	static class RequestMatcherBasedAccessDeniedHandlerInLambdaConfig extends WebSecurityConfigurerAdapter {
 
@@ -125,16 +135,6 @@ public class ExceptionHandlingConfigurerAccessDeniedHandlerTests {
 
 	}
 
-	@Test
-	@WithMockUser(roles = "ANYTHING")
-	public void getWhenAccessDeniedOverriddenByOnlyOneHandlerThenAllRequestsUseThatHandler() throws Exception {
-		this.spring.register(SingleRequestMatcherAccessDeniedHandlerConfig.class).autowire();
-
-		this.mvc.perform(get("/hello")).andExpect(status().isIAmATeapot());
-
-		this.mvc.perform(get("/goodbye")).andExpect(status().isIAmATeapot());
-	}
-
 	@EnableWebSecurity
 	static class SingleRequestMatcherAccessDeniedHandlerConfig extends WebSecurityConfigurerAdapter {
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurerTests.java
index 54b341f14f..3728529db4 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurerTests.java
@@ -70,35 +70,6 @@ public class ExceptionHandlingConfigurerTests {
 		verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(ExceptionTranslationFilter.class));
 	}
 
-	@EnableWebSecurity
-	static class ObjectPostProcessorConfig extends WebSecurityConfigurerAdapter {
-
-		static ObjectPostProcessor<Object> objectPostProcessor = spy(ReflectingObjectPostProcessor.class);
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.exceptionHandling();
-			// @formatter:on
-		}
-
-		@Bean
-		static ObjectPostProcessor<Object> objectPostProcessor() {
-			return objectPostProcessor;
-		}
-
-	}
-
-	static class ReflectingObjectPostProcessor implements ObjectPostProcessor<Object> {
-
-		@Override
-		public <O> O postProcess(O object) {
-			return object;
-		}
-
-	}
-
 	// SEC-2199
 	@Test
 	public void getWhenAcceptHeaderIsApplicationXhtmlXmlThenRespondsWith302() throws Exception {
@@ -226,6 +197,71 @@ public class ExceptionHandlingConfigurerTests {
 				.andExpect(status().isUnauthorized());
 	}
 
+	@Test
+	public void getWhenCustomContentNegotiationStrategyThenStrategyIsUsed() throws Exception {
+		this.spring.register(OverrideContentNegotiationStrategySharedObjectConfig.class, DefaultSecurityConfig.class)
+				.autowire();
+
+		this.mvc.perform(get("/"));
+
+		verify(OverrideContentNegotiationStrategySharedObjectConfig.CNS, atLeastOnce())
+				.resolveMediaTypes(any(NativeWebRequest.class));
+	}
+
+	@Test
+	public void getWhenUsingDefaultsAndUnauthenticatedThenRedirectsToLogin() throws Exception {
+		this.spring.register(DefaultHttpConfig.class).autowire();
+
+		this.mvc.perform(get("/").header(HttpHeaders.ACCEPT, "bogus/type"))
+				.andExpect(redirectedUrl("http://localhost/login"));
+	}
+
+	@Test
+	public void getWhenDeclaringHttpBasicBeforeFormLoginThenRespondsWith401() throws Exception {
+		this.spring.register(BasicAuthenticationEntryPointBeforeFormLoginConfig.class).autowire();
+
+		this.mvc.perform(get("/").header(HttpHeaders.ACCEPT, "bogus/type")).andExpect(status().isUnauthorized());
+	}
+
+	@Test
+	public void getWhenInvokingExceptionHandlingTwiceThenOriginalEntryPointUsed() throws Exception {
+		this.spring.register(InvokeTwiceDoesNotOverrideConfig.class).autowire();
+
+		this.mvc.perform(get("/"));
+
+		verify(InvokeTwiceDoesNotOverrideConfig.AEP).commence(any(HttpServletRequest.class),
+				any(HttpServletResponse.class), any(AuthenticationException.class));
+	}
+
+	@EnableWebSecurity
+	static class ObjectPostProcessorConfig extends WebSecurityConfigurerAdapter {
+
+		static ObjectPostProcessor<Object> objectPostProcessor = spy(ReflectingObjectPostProcessor.class);
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.exceptionHandling();
+			// @formatter:on
+		}
+
+		@Bean
+		static ObjectPostProcessor<Object> objectPostProcessor() {
+			return objectPostProcessor;
+		}
+
+	}
+
+	static class ReflectingObjectPostProcessor implements ObjectPostProcessor<Object> {
+
+		@Override
+		public <O> O postProcess(O object) {
+			return object;
+		}
+
+	}
+
 	@EnableWebSecurity
 	static class DefaultSecurityConfig {
 
@@ -267,17 +303,6 @@ public class ExceptionHandlingConfigurerTests {
 
 	}
 
-	@Test
-	public void getWhenCustomContentNegotiationStrategyThenStrategyIsUsed() throws Exception {
-		this.spring.register(OverrideContentNegotiationStrategySharedObjectConfig.class, DefaultSecurityConfig.class)
-				.autowire();
-
-		this.mvc.perform(get("/"));
-
-		verify(OverrideContentNegotiationStrategySharedObjectConfig.CNS, atLeastOnce())
-				.resolveMediaTypes(any(NativeWebRequest.class));
-	}
-
 	@EnableWebSecurity
 	static class OverrideContentNegotiationStrategySharedObjectConfig extends WebSecurityConfigurerAdapter {
 
@@ -290,26 +315,11 @@ public class ExceptionHandlingConfigurerTests {
 
 	}
 
-	@Test
-	public void getWhenUsingDefaultsAndUnauthenticatedThenRedirectsToLogin() throws Exception {
-		this.spring.register(DefaultHttpConfig.class).autowire();
-
-		this.mvc.perform(get("/").header(HttpHeaders.ACCEPT, "bogus/type"))
-				.andExpect(redirectedUrl("http://localhost/login"));
-	}
-
 	@EnableWebSecurity
 	static class DefaultHttpConfig extends WebSecurityConfigurerAdapter {
 
 	}
 
-	@Test
-	public void getWhenDeclaringHttpBasicBeforeFormLoginThenRespondsWith401() throws Exception {
-		this.spring.register(BasicAuthenticationEntryPointBeforeFormLoginConfig.class).autowire();
-
-		this.mvc.perform(get("/").header(HttpHeaders.ACCEPT, "bogus/type")).andExpect(status().isUnauthorized());
-	}
-
 	@EnableWebSecurity
 	static class BasicAuthenticationEntryPointBeforeFormLoginConfig extends WebSecurityConfigurerAdapter {
 
@@ -328,16 +338,6 @@ public class ExceptionHandlingConfigurerTests {
 
 	}
 
-	@Test
-	public void getWhenInvokingExceptionHandlingTwiceThenOriginalEntryPointUsed() throws Exception {
-		this.spring.register(InvokeTwiceDoesNotOverrideConfig.class).autowire();
-
-		this.mvc.perform(get("/"));
-
-		verify(InvokeTwiceDoesNotOverrideConfig.AEP).commence(any(HttpServletRequest.class),
-				any(HttpServletResponse.class), any(AuthenticationException.class));
-	}
-
 	@EnableWebSecurity
 	static class InvokeTwiceDoesNotOverrideConfig extends WebSecurityConfigurerAdapter {
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurerTests.java
index 1ce457ff8b..dcb870439c 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurerTests.java
@@ -90,20 +90,6 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 						"role should not start with 'ROLE_' since it is automatically inserted. Got 'ROLE_USER'");
 	}
 
-	@EnableWebSecurity
-	static class HasRoleStartingWithRoleConfig extends WebSecurityConfigurerAdapter {
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.authorizeRequests()
-					.anyRequest().hasRole("ROLE_USER");
-			// @formatter:on
-		}
-
-	}
-
 	@Test
 	public void configureWhenNoCustomAccessDecisionManagerThenUsesAffirmativeBased() {
 		this.spring.register(NoSpecificAccessDecisionManagerConfig.class).autowire();
@@ -111,27 +97,6 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 		verify(NoSpecificAccessDecisionManagerConfig.objectPostProcessor).postProcess(any(AffirmativeBased.class));
 	}
 
-	@EnableWebSecurity
-	static class NoSpecificAccessDecisionManagerConfig extends WebSecurityConfigurerAdapter {
-
-		static ObjectPostProcessor<Object> objectPostProcessor = spy(ReflectingObjectPostProcessor.class);
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.authorizeRequests()
-					.anyRequest().hasRole("USER");
-			// @formatter:on
-		}
-
-		@Bean
-		static ObjectPostProcessor<Object> objectPostProcessor() {
-			return objectPostProcessor;
-		}
-
-	}
-
 	@Test
 	public void configureWhenAuthorizedRequestsAndNoRequestsThenException() {
 		assertThatThrownBy(() -> this.spring.register(NoRequestsConfig.class).autowire())
@@ -139,40 +104,12 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 						"At least one mapping is required (i.e. authorizeRequests().anyRequest().authenticated())");
 	}
 
-	@EnableWebSecurity
-	static class NoRequestsConfig extends WebSecurityConfigurerAdapter {
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.authorizeRequests();
-			// @formatter:on
-		}
-
-	}
-
 	@Test
 	public void configureWhenAnyRequestIncompleteMappingThenException() {
 		assertThatThrownBy(() -> this.spring.register(IncompleteMappingConfig.class).autowire())
 				.isInstanceOf(BeanCreationException.class).hasMessageContaining("An incomplete mapping was found for ");
 	}
 
-	@EnableWebSecurity
-	static class IncompleteMappingConfig extends WebSecurityConfigurerAdapter {
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.authorizeRequests()
-					.antMatchers("/a").authenticated()
-					.anyRequest();
-			// @formatter:on
-		}
-
-	}
-
 	@Test
 	public void getWhenHasAnyAuthorityRoleUserConfiguredAndAuthorityIsRoleUserThenRespondsWithOk() throws Exception {
 		this.spring.register(RoleUserAnyAuthorityConfig.class, BasicController.class).autowire();
@@ -197,22 +134,6 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 		this.mvc.perform(get("/")).andExpect(status().isUnauthorized());
 	}
 
-	@EnableWebSecurity
-	static class RoleUserAnyAuthorityConfig extends WebSecurityConfigurerAdapter {
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.httpBasic()
-					.and()
-				.authorizeRequests()
-					.anyRequest().hasAnyAuthority("ROLE_USER");
-			// @formatter:on
-		}
-
-	}
-
 	@Test
 	public void getWhenHasAuthorityRoleUserConfiguredAndAuthorityIsRoleUserThenRespondsWithOk() throws Exception {
 		this.spring.register(RoleUserAuthorityConfig.class, BasicController.class).autowire();
@@ -237,22 +158,6 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 		this.mvc.perform(get("/")).andExpect(status().isUnauthorized());
 	}
 
-	@EnableWebSecurity
-	static class RoleUserAuthorityConfig extends WebSecurityConfigurerAdapter {
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.httpBasic()
-					.and()
-				.authorizeRequests()
-					.anyRequest().hasAuthority("ROLE_USER");
-			// @formatter:on
-		}
-
-	}
-
 	@Test
 	public void getWhenAuthorityRoleUserOrAdminRequiredAndAuthorityIsRoleUserThenRespondsWithOk() throws Exception {
 		this.spring.register(RoleUserOrRoleAdminAuthorityConfig.class, BasicController.class).autowire();
@@ -285,22 +190,6 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 		this.mvc.perform(get("/")).andExpect(status().isUnauthorized());
 	}
 
-	@EnableWebSecurity
-	static class RoleUserOrRoleAdminAuthorityConfig extends WebSecurityConfigurerAdapter {
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.httpBasic()
-					.and()
-				.authorizeRequests()
-					.anyRequest().hasAnyAuthority("ROLE_USER", "ROLE_ADMIN");
-			// @formatter:on
-		}
-
-	}
-
 	@Test
 	public void getWhenHasAnyRoleUserConfiguredAndRoleIsUserThenRespondsWithOk() throws Exception {
 		this.spring.register(RoleUserConfig.class, BasicController.class).autowire();
@@ -315,20 +204,6 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 		this.mvc.perform(get("/").with(user("user").roles("ADMIN"))).andExpect(status().isForbidden());
 	}
 
-	@EnableWebSecurity
-	static class RoleUserConfig extends WebSecurityConfigurerAdapter {
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.authorizeRequests()
-					.anyRequest().hasAnyRole("USER");
-			// @formatter:on
-		}
-
-	}
-
 	@Test
 	public void getWhenRoleUserOrAdminConfiguredAndRoleIsUserThenRespondsWithOk() throws Exception {
 		this.spring.register(RoleUserOrAdminConfig.class, BasicController.class).autowire();
@@ -350,20 +225,6 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 		this.mvc.perform(get("/").with(user("user").roles("OTHER"))).andExpect(status().isForbidden());
 	}
 
-	@EnableWebSecurity
-	static class RoleUserOrAdminConfig extends WebSecurityConfigurerAdapter {
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.authorizeRequests()
-					.anyRequest().hasAnyRole("USER", "ADMIN");
-			// @formatter:on
-		}
-
-	}
-
 	@Test
 	public void getWhenHasIpAddressConfiguredAndIpAddressMatchesThenRespondsWithOk() throws Exception {
 		this.spring.register(HasIpAddressConfig.class, BasicController.class).autowire();
@@ -384,22 +245,6 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 		})).andExpect(status().isUnauthorized());
 	}
 
-	@EnableWebSecurity
-	static class HasIpAddressConfig extends WebSecurityConfigurerAdapter {
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.httpBasic()
-					.and()
-				.authorizeRequests()
-					.anyRequest().hasIpAddress("192.168.1.0");
-			// @formatter:on
-		}
-
-	}
-
 	@Test
 	public void getWhenAnonymousConfiguredAndAnonymousUserThenRespondsWithOk() throws Exception {
 		this.spring.register(AnonymousConfig.class, BasicController.class).autowire();
@@ -414,22 +259,6 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 		this.mvc.perform(get("/").with(user("user"))).andExpect(status().isForbidden());
 	}
 
-	@EnableWebSecurity
-	static class AnonymousConfig extends WebSecurityConfigurerAdapter {
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.httpBasic()
-					.and()
-				.authorizeRequests()
-					.anyRequest().anonymous();
-			// @formatter:on
-		}
-
-	}
-
 	@Test
 	public void getWhenRememberMeConfiguredAndNoUserThenRespondsWithUnauthorized() throws Exception {
 		this.spring.register(RememberMeConfig.class, BasicController.class).autowire();
@@ -446,6 +275,377 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 				.andExpect(status().isOk());
 	}
 
+	@Test
+	public void getWhenDenyAllConfiguredAndNoUserThenRespondsWithUnauthorized() throws Exception {
+		this.spring.register(DenyAllConfig.class, BasicController.class).autowire();
+
+		this.mvc.perform(get("/")).andExpect(status().isUnauthorized());
+	}
+
+	@Test
+	public void getWheDenyAllConfiguredAndUserLoggedInThenRespondsWithForbidden() throws Exception {
+		this.spring.register(DenyAllConfig.class, BasicController.class).autowire();
+
+		this.mvc.perform(get("/").with(user("user").roles("USER"))).andExpect(status().isForbidden());
+	}
+
+	@Test
+	public void getWhenNotDenyAllConfiguredAndNoUserThenRespondsWithOk() throws Exception {
+		this.spring.register(NotDenyAllConfig.class, BasicController.class).autowire();
+
+		this.mvc.perform(get("/")).andExpect(status().isOk());
+	}
+
+	@Test
+	public void getWhenNotDenyAllConfiguredAndRememberMeTokenThenRespondsWithOk() throws Exception {
+		this.spring.register(NotDenyAllConfig.class, BasicController.class).autowire();
+
+		this.mvc.perform(get("/").with(authentication(
+				new RememberMeAuthenticationToken("key", "user", AuthorityUtils.createAuthorityList("ROLE_USER")))))
+				.andExpect(status().isOk());
+	}
+
+	@Test
+	public void getWhenFullyAuthenticatedConfiguredAndRememberMeTokenThenRespondsWithUnauthorized() throws Exception {
+		this.spring.register(FullyAuthenticatedConfig.class, BasicController.class).autowire();
+
+		this.mvc.perform(get("/").with(authentication(
+				new RememberMeAuthenticationToken("key", "user", AuthorityUtils.createAuthorityList("ROLE_USER")))))
+				.andExpect(status().isUnauthorized());
+	}
+
+	@Test
+	public void getWhenFullyAuthenticatedConfiguredAndUserThenRespondsWithOk() throws Exception {
+		this.spring.register(FullyAuthenticatedConfig.class, BasicController.class).autowire();
+
+		this.mvc.perform(get("/").with(user("user").roles("USER"))).andExpect(status().isOk());
+	}
+
+	@Test
+	public void getWhenAccessRoleUserOrGetRequestConfiguredThenRespondsWithOk() throws Exception {
+		this.spring.register(AccessConfig.class, BasicController.class).autowire();
+
+		this.mvc.perform(get("/")).andExpect(status().isOk());
+	}
+
+	@Test
+	public void postWhenAccessRoleUserOrGetRequestConfiguredAndRoleUserThenRespondsWithOk() throws Exception {
+		this.spring.register(AccessConfig.class, BasicController.class).autowire();
+
+		this.mvc.perform(post("/").with(csrf()).with(user("user").roles("USER"))).andExpect(status().isOk());
+	}
+
+	@Test
+	public void postWhenAccessRoleUserOrGetRequestConfiguredThenRespondsWithUnauthorized() throws Exception {
+		this.spring.register(AccessConfig.class, BasicController.class).autowire();
+
+		this.mvc.perform(post("/").with(csrf())).andExpect(status().isUnauthorized());
+	}
+
+	@Test
+	public void authorizeRequestsWhenInvokedTwiceThenUsesOriginalConfiguration() throws Exception {
+		this.spring.register(InvokeTwiceDoesNotResetConfig.class, BasicController.class).autowire();
+
+		this.mvc.perform(post("/").with(csrf())).andExpect(status().isUnauthorized());
+	}
+
+	@Test
+	public void configureWhenUsingAllAuthorizeRequestPropertiesThenCompiles() {
+		this.spring.register(AllPropertiesWorkConfig.class).autowire();
+	}
+
+	@Test
+	public void configureWhenRegisteringObjectPostProcessorThenApplicationListenerInvokedOnAuthorizedEvent()
+			throws Exception {
+		this.spring.register(AuthorizedRequestsWithPostProcessorConfig.class).autowire();
+
+		this.mvc.perform(get("/"));
+
+		verify(AuthorizedRequestsWithPostProcessorConfig.AL).onApplicationEvent(any(AuthorizedEvent.class));
+	}
+
+	@Test
+	public void getWhenPermissionCheckAndRoleDoesNotMatchThenRespondsWithForbidden() throws Exception {
+		this.spring.register(UseBeansInExpressions.class, WildcardController.class).autowire();
+
+		this.mvc.perform(get("/admin").with(user("user").roles("USER"))).andExpect(status().isForbidden());
+	}
+
+	@Test
+	public void getWhenPermissionCheckAndRoleMatchesThenRespondsWithOk() throws Exception {
+		this.spring.register(UseBeansInExpressions.class, WildcardController.class).autowire();
+
+		this.mvc.perform(get("/user").with(user("user").roles("USER"))).andExpect(status().isOk());
+	}
+
+	@Test
+	public void getWhenPermissionCheckAndAuthenticationNameMatchesThenRespondsWithOk() throws Exception {
+		this.spring.register(UseBeansInExpressions.class, WildcardController.class).autowire();
+
+		this.mvc.perform(get("/allow").with(user("user").roles("USER"))).andExpect(status().isOk());
+	}
+
+	@Test
+	public void getWhenPermissionCheckAndAuthenticationNameDoesNotMatchThenRespondsWithForbidden() throws Exception {
+		this.spring.register(UseBeansInExpressions.class, WildcardController.class).autowire();
+
+		this.mvc.perform(get("/deny").with(user("user").roles("USER"))).andExpect(status().isForbidden());
+	}
+
+	@Test
+	public void getWhenCustomExpressionHandlerAndRoleDoesNotMatchThenRespondsWithForbidden() throws Exception {
+		this.spring.register(CustomExpressionRootConfig.class, WildcardController.class).autowire();
+
+		this.mvc.perform(get("/admin").with(user("user").roles("USER"))).andExpect(status().isForbidden());
+	}
+
+	@Test
+	public void getWhenCustomExpressionHandlerAndRoleMatchesThenRespondsWithOk() throws Exception {
+		this.spring.register(CustomExpressionRootConfig.class, WildcardController.class).autowire();
+
+		this.mvc.perform(get("/user").with(user("user").roles("USER"))).andExpect(status().isOk());
+	}
+
+	@Test
+	public void getWhenCustomExpressionHandlerAndAuthenticationNameMatchesThenRespondsWithOk() throws Exception {
+		this.spring.register(CustomExpressionRootConfig.class, WildcardController.class).autowire();
+
+		this.mvc.perform(get("/allow").with(user("user").roles("USER"))).andExpect(status().isOk());
+	}
+
+	@Test
+	public void getWhenCustomExpressionHandlerAndAuthenticationNameDoesNotMatchThenRespondsWithForbidden()
+			throws Exception {
+		this.spring.register(CustomExpressionRootConfig.class, WildcardController.class).autowire();
+
+		this.mvc.perform(get("/deny").with(user("user").roles("USER"))).andExpect(status().isForbidden());
+	}
+
+	// SEC-3011
+	@Test
+	public void configureWhenRegisteringObjectPostProcessorThenInvokedOnAccessDecisionManager() {
+		this.spring.register(Sec3011Config.class).autowire();
+
+		verify(Sec3011Config.objectPostProcessor).postProcess(any(AccessDecisionManager.class));
+	}
+
+	@Test
+	public void getWhenRegisteringPermissionEvaluatorAndPermissionWithIdAndTypeMatchesThenRespondsWithOk()
+			throws Exception {
+		this.spring.register(PermissionEvaluatorConfig.class, WildcardController.class).autowire();
+
+		this.mvc.perform(get("/allow")).andExpect(status().isOk());
+	}
+
+	@Test
+	public void getWhenRegisteringPermissionEvaluatorAndPermissionWithIdAndTypeDoesNotMatchThenRespondsWithForbidden()
+			throws Exception {
+		this.spring.register(PermissionEvaluatorConfig.class, WildcardController.class).autowire();
+
+		this.mvc.perform(get("/deny")).andExpect(status().isForbidden());
+	}
+
+	@Test
+	public void getWhenRegisteringPermissionEvaluatorAndPermissionWithObjectMatchesThenRespondsWithOk()
+			throws Exception {
+		this.spring.register(PermissionEvaluatorConfig.class, WildcardController.class).autowire();
+
+		this.mvc.perform(get("/allowObject")).andExpect(status().isOk());
+	}
+
+	@Test
+	public void getWhenRegisteringPermissionEvaluatorAndPermissionWithObjectDoesNotMatchThenRespondsWithForbidden()
+			throws Exception {
+		this.spring.register(PermissionEvaluatorConfig.class, WildcardController.class).autowire();
+
+		this.mvc.perform(get("/denyObject")).andExpect(status().isForbidden());
+	}
+
+	@Test
+	public void getWhenRegisteringRoleHierarchyAndRelatedRoleAllowedThenRespondsWithOk() throws Exception {
+		this.spring.register(RoleHierarchyConfig.class, WildcardController.class).autowire();
+
+		this.mvc.perform(get("/allow").with(user("user").roles("USER"))).andExpect(status().isOk());
+	}
+
+	@Test
+	public void getWhenRegisteringRoleHierarchyAndNoRelatedRolesAllowedThenRespondsWithForbidden() throws Exception {
+		this.spring.register(RoleHierarchyConfig.class, WildcardController.class).autowire();
+
+		this.mvc.perform(get("/deny").with(user("user").roles("USER"))).andExpect(status().isForbidden());
+	}
+
+	@EnableWebSecurity
+	static class HasRoleStartingWithRoleConfig extends WebSecurityConfigurerAdapter {
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.authorizeRequests()
+					.anyRequest().hasRole("ROLE_USER");
+			// @formatter:on
+		}
+
+	}
+
+	@EnableWebSecurity
+	static class NoSpecificAccessDecisionManagerConfig extends WebSecurityConfigurerAdapter {
+
+		static ObjectPostProcessor<Object> objectPostProcessor = spy(ReflectingObjectPostProcessor.class);
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.authorizeRequests()
+					.anyRequest().hasRole("USER");
+			// @formatter:on
+		}
+
+		@Bean
+		static ObjectPostProcessor<Object> objectPostProcessor() {
+			return objectPostProcessor;
+		}
+
+	}
+
+	@EnableWebSecurity
+	static class NoRequestsConfig extends WebSecurityConfigurerAdapter {
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.authorizeRequests();
+			// @formatter:on
+		}
+
+	}
+
+	@EnableWebSecurity
+	static class IncompleteMappingConfig extends WebSecurityConfigurerAdapter {
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.authorizeRequests()
+					.antMatchers("/a").authenticated()
+					.anyRequest();
+			// @formatter:on
+		}
+
+	}
+
+	@EnableWebSecurity
+	static class RoleUserAnyAuthorityConfig extends WebSecurityConfigurerAdapter {
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.httpBasic()
+					.and()
+				.authorizeRequests()
+					.anyRequest().hasAnyAuthority("ROLE_USER");
+			// @formatter:on
+		}
+
+	}
+
+	@EnableWebSecurity
+	static class RoleUserAuthorityConfig extends WebSecurityConfigurerAdapter {
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.httpBasic()
+					.and()
+				.authorizeRequests()
+					.anyRequest().hasAuthority("ROLE_USER");
+			// @formatter:on
+		}
+
+	}
+
+	@EnableWebSecurity
+	static class RoleUserOrRoleAdminAuthorityConfig extends WebSecurityConfigurerAdapter {
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.httpBasic()
+					.and()
+				.authorizeRequests()
+					.anyRequest().hasAnyAuthority("ROLE_USER", "ROLE_ADMIN");
+			// @formatter:on
+		}
+
+	}
+
+	@EnableWebSecurity
+	static class RoleUserConfig extends WebSecurityConfigurerAdapter {
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.authorizeRequests()
+					.anyRequest().hasAnyRole("USER");
+			// @formatter:on
+		}
+
+	}
+
+	@EnableWebSecurity
+	static class RoleUserOrAdminConfig extends WebSecurityConfigurerAdapter {
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.authorizeRequests()
+					.anyRequest().hasAnyRole("USER", "ADMIN");
+			// @formatter:on
+		}
+
+	}
+
+	@EnableWebSecurity
+	static class HasIpAddressConfig extends WebSecurityConfigurerAdapter {
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.httpBasic()
+					.and()
+				.authorizeRequests()
+					.anyRequest().hasIpAddress("192.168.1.0");
+			// @formatter:on
+		}
+
+	}
+
+	@EnableWebSecurity
+	static class AnonymousConfig extends WebSecurityConfigurerAdapter {
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.httpBasic()
+					.and()
+				.authorizeRequests()
+					.anyRequest().anonymous();
+			// @formatter:on
+		}
+
+	}
+
 	@EnableWebSecurity
 	static class RememberMeConfig extends WebSecurityConfigurerAdapter {
 
@@ -473,20 +673,6 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 
 	}
 
-	@Test
-	public void getWhenDenyAllConfiguredAndNoUserThenRespondsWithUnauthorized() throws Exception {
-		this.spring.register(DenyAllConfig.class, BasicController.class).autowire();
-
-		this.mvc.perform(get("/")).andExpect(status().isUnauthorized());
-	}
-
-	@Test
-	public void getWheDenyAllConfiguredAndUserLoggedInThenRespondsWithForbidden() throws Exception {
-		this.spring.register(DenyAllConfig.class, BasicController.class).autowire();
-
-		this.mvc.perform(get("/").with(user("user").roles("USER"))).andExpect(status().isForbidden());
-	}
-
 	@EnableWebSecurity
 	static class DenyAllConfig extends WebSecurityConfigurerAdapter {
 
@@ -503,22 +689,6 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 
 	}
 
-	@Test
-	public void getWhenNotDenyAllConfiguredAndNoUserThenRespondsWithOk() throws Exception {
-		this.spring.register(NotDenyAllConfig.class, BasicController.class).autowire();
-
-		this.mvc.perform(get("/")).andExpect(status().isOk());
-	}
-
-	@Test
-	public void getWhenNotDenyAllConfiguredAndRememberMeTokenThenRespondsWithOk() throws Exception {
-		this.spring.register(NotDenyAllConfig.class, BasicController.class).autowire();
-
-		this.mvc.perform(get("/").with(authentication(
-				new RememberMeAuthenticationToken("key", "user", AuthorityUtils.createAuthorityList("ROLE_USER")))))
-				.andExpect(status().isOk());
-	}
-
 	@EnableWebSecurity
 	static class NotDenyAllConfig extends WebSecurityConfigurerAdapter {
 
@@ -535,22 +705,6 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 
 	}
 
-	@Test
-	public void getWhenFullyAuthenticatedConfiguredAndRememberMeTokenThenRespondsWithUnauthorized() throws Exception {
-		this.spring.register(FullyAuthenticatedConfig.class, BasicController.class).autowire();
-
-		this.mvc.perform(get("/").with(authentication(
-				new RememberMeAuthenticationToken("key", "user", AuthorityUtils.createAuthorityList("ROLE_USER")))))
-				.andExpect(status().isUnauthorized());
-	}
-
-	@Test
-	public void getWhenFullyAuthenticatedConfiguredAndUserThenRespondsWithOk() throws Exception {
-		this.spring.register(FullyAuthenticatedConfig.class, BasicController.class).autowire();
-
-		this.mvc.perform(get("/").with(user("user").roles("USER"))).andExpect(status().isOk());
-	}
-
 	@EnableWebSecurity
 	static class FullyAuthenticatedConfig extends WebSecurityConfigurerAdapter {
 
@@ -569,27 +723,6 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 
 	}
 
-	@Test
-	public void getWhenAccessRoleUserOrGetRequestConfiguredThenRespondsWithOk() throws Exception {
-		this.spring.register(AccessConfig.class, BasicController.class).autowire();
-
-		this.mvc.perform(get("/")).andExpect(status().isOk());
-	}
-
-	@Test
-	public void postWhenAccessRoleUserOrGetRequestConfiguredAndRoleUserThenRespondsWithOk() throws Exception {
-		this.spring.register(AccessConfig.class, BasicController.class).autowire();
-
-		this.mvc.perform(post("/").with(csrf()).with(user("user").roles("USER"))).andExpect(status().isOk());
-	}
-
-	@Test
-	public void postWhenAccessRoleUserOrGetRequestConfiguredThenRespondsWithUnauthorized() throws Exception {
-		this.spring.register(AccessConfig.class, BasicController.class).autowire();
-
-		this.mvc.perform(post("/").with(csrf())).andExpect(status().isUnauthorized());
-	}
-
 	@EnableWebSecurity
 	static class AccessConfig extends WebSecurityConfigurerAdapter {
 
@@ -608,13 +741,6 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 
 	}
 
-	@Test
-	public void authorizeRequestsWhenInvokedTwiceThenUsesOriginalConfiguration() throws Exception {
-		this.spring.register(InvokeTwiceDoesNotResetConfig.class, BasicController.class).autowire();
-
-		this.mvc.perform(post("/").with(csrf())).andExpect(status().isUnauthorized());
-	}
-
 	@EnableWebSecurity
 	static class InvokeTwiceDoesNotResetConfig extends WebSecurityConfigurerAdapter {
 
@@ -633,11 +759,6 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 
 	}
 
-	@Test
-	public void configureWhenUsingAllAuthorizeRequestPropertiesThenCompiles() {
-		this.spring.register(AllPropertiesWorkConfig.class).autowire();
-	}
-
 	@EnableWebSecurity
 	static class AllPropertiesWorkConfig extends WebSecurityConfigurerAdapter {
 
@@ -661,16 +782,6 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 
 	}
 
-	@Test
-	public void configureWhenRegisteringObjectPostProcessorThenApplicationListenerInvokedOnAuthorizedEvent()
-			throws Exception {
-		this.spring.register(AuthorizedRequestsWithPostProcessorConfig.class).autowire();
-
-		this.mvc.perform(get("/"));
-
-		verify(AuthorizedRequestsWithPostProcessorConfig.AL).onApplicationEvent(any(AuthorizedEvent.class));
-	}
-
 	@EnableWebSecurity
 	static class AuthorizedRequestsWithPostProcessorConfig extends WebSecurityConfigurerAdapter {
 
@@ -700,34 +811,6 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 
 	}
 
-	@Test
-	public void getWhenPermissionCheckAndRoleDoesNotMatchThenRespondsWithForbidden() throws Exception {
-		this.spring.register(UseBeansInExpressions.class, WildcardController.class).autowire();
-
-		this.mvc.perform(get("/admin").with(user("user").roles("USER"))).andExpect(status().isForbidden());
-	}
-
-	@Test
-	public void getWhenPermissionCheckAndRoleMatchesThenRespondsWithOk() throws Exception {
-		this.spring.register(UseBeansInExpressions.class, WildcardController.class).autowire();
-
-		this.mvc.perform(get("/user").with(user("user").roles("USER"))).andExpect(status().isOk());
-	}
-
-	@Test
-	public void getWhenPermissionCheckAndAuthenticationNameMatchesThenRespondsWithOk() throws Exception {
-		this.spring.register(UseBeansInExpressions.class, WildcardController.class).autowire();
-
-		this.mvc.perform(get("/allow").with(user("user").roles("USER"))).andExpect(status().isOk());
-	}
-
-	@Test
-	public void getWhenPermissionCheckAndAuthenticationNameDoesNotMatchThenRespondsWithForbidden() throws Exception {
-		this.spring.register(UseBeansInExpressions.class, WildcardController.class).autowire();
-
-		this.mvc.perform(get("/deny").with(user("user").roles("USER"))).andExpect(status().isForbidden());
-	}
-
 	@EnableWebSecurity
 	static class UseBeansInExpressions extends WebSecurityConfigurerAdapter {
 
@@ -758,35 +841,6 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 
 	}
 
-	@Test
-	public void getWhenCustomExpressionHandlerAndRoleDoesNotMatchThenRespondsWithForbidden() throws Exception {
-		this.spring.register(CustomExpressionRootConfig.class, WildcardController.class).autowire();
-
-		this.mvc.perform(get("/admin").with(user("user").roles("USER"))).andExpect(status().isForbidden());
-	}
-
-	@Test
-	public void getWhenCustomExpressionHandlerAndRoleMatchesThenRespondsWithOk() throws Exception {
-		this.spring.register(CustomExpressionRootConfig.class, WildcardController.class).autowire();
-
-		this.mvc.perform(get("/user").with(user("user").roles("USER"))).andExpect(status().isOk());
-	}
-
-	@Test
-	public void getWhenCustomExpressionHandlerAndAuthenticationNameMatchesThenRespondsWithOk() throws Exception {
-		this.spring.register(CustomExpressionRootConfig.class, WildcardController.class).autowire();
-
-		this.mvc.perform(get("/allow").with(user("user").roles("USER"))).andExpect(status().isOk());
-	}
-
-	@Test
-	public void getWhenCustomExpressionHandlerAndAuthenticationNameDoesNotMatchThenRespondsWithForbidden()
-			throws Exception {
-		this.spring.register(CustomExpressionRootConfig.class, WildcardController.class).autowire();
-
-		this.mvc.perform(get("/deny").with(user("user").roles("USER"))).andExpect(status().isForbidden());
-	}
-
 	@EnableWebSecurity
 	static class CustomExpressionRootConfig extends WebSecurityConfigurerAdapter {
 
@@ -837,14 +891,6 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 
 	}
 
-	// SEC-3011
-	@Test
-	public void configureWhenRegisteringObjectPostProcessorThenInvokedOnAccessDecisionManager() {
-		this.spring.register(Sec3011Config.class).autowire();
-
-		verify(Sec3011Config.objectPostProcessor).postProcess(any(AccessDecisionManager.class));
-	}
-
 	@EnableWebSecurity
 	static class Sec3011Config extends WebSecurityConfigurerAdapter {
 
@@ -874,38 +920,6 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 
 	}
 
-	@Test
-	public void getWhenRegisteringPermissionEvaluatorAndPermissionWithIdAndTypeMatchesThenRespondsWithOk()
-			throws Exception {
-		this.spring.register(PermissionEvaluatorConfig.class, WildcardController.class).autowire();
-
-		this.mvc.perform(get("/allow")).andExpect(status().isOk());
-	}
-
-	@Test
-	public void getWhenRegisteringPermissionEvaluatorAndPermissionWithIdAndTypeDoesNotMatchThenRespondsWithForbidden()
-			throws Exception {
-		this.spring.register(PermissionEvaluatorConfig.class, WildcardController.class).autowire();
-
-		this.mvc.perform(get("/deny")).andExpect(status().isForbidden());
-	}
-
-	@Test
-	public void getWhenRegisteringPermissionEvaluatorAndPermissionWithObjectMatchesThenRespondsWithOk()
-			throws Exception {
-		this.spring.register(PermissionEvaluatorConfig.class, WildcardController.class).autowire();
-
-		this.mvc.perform(get("/allowObject")).andExpect(status().isOk());
-	}
-
-	@Test
-	public void getWhenRegisteringPermissionEvaluatorAndPermissionWithObjectDoesNotMatchThenRespondsWithForbidden()
-			throws Exception {
-		this.spring.register(PermissionEvaluatorConfig.class, WildcardController.class).autowire();
-
-		this.mvc.perform(get("/denyObject")).andExpect(status().isForbidden());
-	}
-
 	@EnableWebSecurity
 	static class PermissionEvaluatorConfig extends WebSecurityConfigurerAdapter {
 
@@ -941,20 +955,6 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 
 	}
 
-	@Test
-	public void getWhenRegisteringRoleHierarchyAndRelatedRoleAllowedThenRespondsWithOk() throws Exception {
-		this.spring.register(RoleHierarchyConfig.class, WildcardController.class).autowire();
-
-		this.mvc.perform(get("/allow").with(user("user").roles("USER"))).andExpect(status().isOk());
-	}
-
-	@Test
-	public void getWhenRegisteringRoleHierarchyAndNoRelatedRolesAllowedThenRespondsWithForbidden() throws Exception {
-		this.spring.register(RoleHierarchyConfig.class, WildcardController.class).autowire();
-
-		this.mvc.perform(get("/deny").with(user("user").roles("USER"))).andExpect(status().isForbidden());
-	}
-
 	@EnableWebSecurity
 	static class RoleHierarchyConfig extends WebSecurityConfigurerAdapter {
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/FormLoginConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/FormLoginConfigurerTests.java
index 7d3592b5a5..d3aff8f656 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/FormLoginConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/FormLoginConfigurerTests.java
@@ -77,23 +77,6 @@ public class FormLoginConfigurerTests {
 		verify(config.requestCache).getRequest(any(), any());
 	}
 
-	@EnableWebSecurity
-	static class RequestCacheConfig extends WebSecurityConfigurerAdapter {
-
-		private RequestCache requestCache = mock(RequestCache.class);
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.formLogin().and()
-				.requestCache()
-					.requestCache(this.requestCache);
-			// @formatter:on
-		}
-
-	}
-
 	@Test
 	public void requestCacheAsBean() throws Exception {
 		this.spring.register(RequestCacheBeanConfig.class, AuthenticationTestConfiguration.class).autowire();
@@ -105,16 +88,6 @@ public class FormLoginConfigurerTests {
 		verify(requestCache).getRequest(any(), any());
 	}
 
-	@EnableWebSecurity
-	static class RequestCacheBeanConfig {
-
-		@Bean
-		RequestCache requestCache() {
-			return mock(RequestCache.class);
-		}
-
-	}
-
 	@Test
 	public void loginWhenFormLoginConfiguredThenHasDefaultUsernameAndPasswordParameterNames() throws Exception {
 		this.spring.register(FormLoginConfig.class).autowire();
@@ -160,41 +133,6 @@ public class FormLoginConfigurerTests {
 				.andExpect(redirectedUrl("http://localhost/login"));
 	}
 
-	@EnableWebSecurity
-	static class FormLoginConfig extends WebSecurityConfigurerAdapter {
-
-		@Override
-		public void configure(WebSecurity web) {
-			// @formatter:off
-			web
-				.ignoring()
-					.antMatchers("/resources/**");
-			// @formatter:on
-		}
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.authorizeRequests()
-					.anyRequest().hasRole("USER")
-					.and()
-				.formLogin()
-					.loginPage("/login");
-			// @formatter:on
-		}
-
-		@Override
-		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
-			// @formatter:off
-			auth
-				.inMemoryAuthentication()
-					.withUser(PasswordEncodedUser.user());
-			// @formatter:on
-		}
-
-	}
-
 	@Test
 	public void loginWhenFormLoginDefaultsInLambdaThenHasDefaultUsernameAndPasswordParameterNames() throws Exception {
 		this.spring.register(FormLoginInLambdaConfig.class).autowire();
@@ -240,32 +178,6 @@ public class FormLoginConfigurerTests {
 				.andExpect(redirectedUrl("http://localhost/login"));
 	}
 
-	@EnableWebSecurity
-	static class FormLoginInLambdaConfig extends WebSecurityConfigurerAdapter {
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.authorizeRequests(authorizeRequests ->
-					authorizeRequests
-						.anyRequest().hasRole("USER")
-				)
-				.formLogin(withDefaults());
-			// @formatter:on
-		}
-
-		@Override
-		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
-			// @formatter:off
-			auth
-				.inMemoryAuthentication()
-					.withUser(PasswordEncodedUser.user());
-			// @formatter:on
-		}
-
-	}
-
 	@Test
 	public void getLoginPageWhenFormLoginPermitAllThenPermittedAndNoRedirect() throws Exception {
 		this.spring.register(FormLoginConfigPermitAll.class).autowire();
@@ -288,23 +200,6 @@ public class FormLoginConfigurerTests {
 				.andExpect(redirectedUrl("/login?error"));
 	}
 
-	@EnableWebSecurity
-	static class FormLoginConfigPermitAll extends WebSecurityConfigurerAdapter {
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.authorizeRequests()
-					.anyRequest().hasRole("USER")
-					.and()
-				.formLogin()
-					.permitAll();
-			// @formatter:on
-		}
-
-	}
-
 	@Test
 	public void getLoginPageWhenCustomLoginPageThenPermittedAndNoRedirect() throws Exception {
 		this.spring.register(FormLoginDefaultsConfig.class).autowire();
@@ -341,6 +236,198 @@ public class FormLoginConfigurerTests {
 		this.mockMvc.perform(get("/authenticate?logout")).andExpect(redirectedUrl(null));
 	}
 
+	@Test
+	public void getLoginPageWhenCustomLoginPageInLambdaThenPermittedAndNoRedirect() throws Exception {
+		this.spring.register(FormLoginDefaultsInLambdaConfig.class).autowire();
+
+		this.mockMvc.perform(get("/authenticate")).andExpect(redirectedUrl(null));
+	}
+
+	@Test
+	public void loginWhenCustomLoginProcessingUrlThenRedirectsToHome() throws Exception {
+		this.spring.register(FormLoginLoginProcessingUrlConfig.class).autowire();
+
+		this.mockMvc.perform(formLogin("/loginCheck")).andExpect(status().isFound()).andExpect(redirectedUrl("/"));
+	}
+
+	@Test
+	public void loginWhenCustomLoginProcessingUrlInLambdaThenRedirectsToHome() throws Exception {
+		this.spring.register(FormLoginLoginProcessingUrlInLambdaConfig.class).autowire();
+
+		this.mockMvc.perform(formLogin("/loginCheck")).andExpect(status().isFound()).andExpect(redirectedUrl("/"));
+	}
+
+	@Test
+	public void requestWhenCustomPortMapperThenPortMapperUsed() throws Exception {
+		FormLoginUsesPortMapperConfig.PORT_MAPPER = mock(PortMapper.class);
+		when(FormLoginUsesPortMapperConfig.PORT_MAPPER.lookupHttpsPort(any())).thenReturn(9443);
+		this.spring.register(FormLoginUsesPortMapperConfig.class).autowire();
+
+		this.mockMvc.perform(get("http://localhost:9090")).andExpect(status().isFound())
+				.andExpect(redirectedUrl("https://localhost:9443/login"));
+
+		verify(FormLoginUsesPortMapperConfig.PORT_MAPPER).lookupHttpsPort(any());
+	}
+
+	@Test
+	public void failureUrlWhenPermitAllAndFailureHandlerThenSecured() throws Exception {
+		this.spring.register(PermitAllIgnoresFailureHandlerConfig.class).autowire();
+
+		this.mockMvc.perform(get("/login?error")).andExpect(status().isFound())
+				.andExpect(redirectedUrl("http://localhost/login"));
+	}
+
+	@Test
+	public void formLoginWhenInvokedTwiceThenUsesOriginalUsernameParameter() throws Exception {
+		this.spring.register(DuplicateInvocationsDoesNotOverrideConfig.class).autowire();
+
+		this.mockMvc.perform(formLogin().user("custom-username", "user")).andExpect(authenticated());
+	}
+
+	@Test
+	public void loginWhenInvalidLoginAndFailureForwardUrlThenForwardsToFailureForwardUrl() throws Exception {
+		this.spring.register(FormLoginUserForwardAuthenticationSuccessAndFailureConfig.class).autowire();
+
+		this.mockMvc.perform(formLogin().user("invalid")).andExpect(forwardedUrl("/failure_forward_url"));
+	}
+
+	@Test
+	public void loginWhenSuccessForwardUrlThenForwardsToSuccessForwardUrl() throws Exception {
+		this.spring.register(FormLoginUserForwardAuthenticationSuccessAndFailureConfig.class).autowire();
+
+		this.mockMvc.perform(formLogin()).andExpect(forwardedUrl("/success_forward_url"));
+	}
+
+	@Test
+	public void configureWhenRegisteringObjectPostProcessorThenInvokedOnUsernamePasswordAuthenticationFilter() {
+		ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class);
+		this.spring.register(ObjectPostProcessorConfig.class).autowire();
+
+		verify(ObjectPostProcessorConfig.objectPostProcessor)
+				.postProcess(any(UsernamePasswordAuthenticationFilter.class));
+	}
+
+	@Test
+	public void configureWhenRegisteringObjectPostProcessorThenInvokedOnLoginUrlAuthenticationEntryPoint() {
+		ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class);
+		this.spring.register(ObjectPostProcessorConfig.class).autowire();
+
+		verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(LoginUrlAuthenticationEntryPoint.class));
+	}
+
+	@Test
+	public void configureWhenRegisteringObjectPostProcessorThenInvokedOnExceptionTranslationFilter() {
+		ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class);
+		this.spring.register(ObjectPostProcessorConfig.class).autowire();
+
+		verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(ExceptionTranslationFilter.class));
+	}
+
+	@EnableWebSecurity
+	static class RequestCacheConfig extends WebSecurityConfigurerAdapter {
+
+		private RequestCache requestCache = mock(RequestCache.class);
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.formLogin().and()
+				.requestCache()
+					.requestCache(this.requestCache);
+			// @formatter:on
+		}
+
+	}
+
+	@EnableWebSecurity
+	static class RequestCacheBeanConfig {
+
+		@Bean
+		RequestCache requestCache() {
+			return mock(RequestCache.class);
+		}
+
+	}
+
+	@EnableWebSecurity
+	static class FormLoginConfig extends WebSecurityConfigurerAdapter {
+
+		@Override
+		public void configure(WebSecurity web) {
+			// @formatter:off
+			web
+				.ignoring()
+					.antMatchers("/resources/**");
+			// @formatter:on
+		}
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.authorizeRequests()
+					.anyRequest().hasRole("USER")
+					.and()
+				.formLogin()
+					.loginPage("/login");
+			// @formatter:on
+		}
+
+		@Override
+		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
+			auth
+				.inMemoryAuthentication()
+					.withUser(PasswordEncodedUser.user());
+			// @formatter:on
+		}
+
+	}
+
+	@EnableWebSecurity
+	static class FormLoginInLambdaConfig extends WebSecurityConfigurerAdapter {
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.authorizeRequests(authorizeRequests ->
+					authorizeRequests
+						.anyRequest().hasRole("USER")
+				)
+				.formLogin(withDefaults());
+			// @formatter:on
+		}
+
+		@Override
+		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
+			auth
+				.inMemoryAuthentication()
+					.withUser(PasswordEncodedUser.user());
+			// @formatter:on
+		}
+
+	}
+
+	@EnableWebSecurity
+	static class FormLoginConfigPermitAll extends WebSecurityConfigurerAdapter {
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.authorizeRequests()
+					.anyRequest().hasRole("USER")
+					.and()
+				.formLogin()
+					.permitAll();
+			// @formatter:on
+		}
+
+	}
+
 	@EnableWebSecurity
 	static class FormLoginDefaultsConfig extends WebSecurityConfigurerAdapter {
 
@@ -362,13 +449,6 @@ public class FormLoginConfigurerTests {
 
 	}
 
-	@Test
-	public void getLoginPageWhenCustomLoginPageInLambdaThenPermittedAndNoRedirect() throws Exception {
-		this.spring.register(FormLoginDefaultsInLambdaConfig.class).autowire();
-
-		this.mockMvc.perform(get("/authenticate")).andExpect(redirectedUrl(null));
-	}
-
 	@EnableWebSecurity
 	static class FormLoginDefaultsInLambdaConfig extends WebSecurityConfigurerAdapter {
 
@@ -391,13 +471,6 @@ public class FormLoginConfigurerTests {
 
 	}
 
-	@Test
-	public void loginWhenCustomLoginProcessingUrlThenRedirectsToHome() throws Exception {
-		this.spring.register(FormLoginLoginProcessingUrlConfig.class).autowire();
-
-		this.mockMvc.perform(formLogin("/loginCheck")).andExpect(status().isFound()).andExpect(redirectedUrl("/"));
-	}
-
 	@EnableWebSecurity
 	static class FormLoginLoginProcessingUrlConfig extends WebSecurityConfigurerAdapter {
 
@@ -434,13 +507,6 @@ public class FormLoginConfigurerTests {
 
 	}
 
-	@Test
-	public void loginWhenCustomLoginProcessingUrlInLambdaThenRedirectsToHome() throws Exception {
-		this.spring.register(FormLoginLoginProcessingUrlInLambdaConfig.class).autowire();
-
-		this.mockMvc.perform(formLogin("/loginCheck")).andExpect(status().isFound()).andExpect(redirectedUrl("/"));
-	}
-
 	@EnableWebSecurity
 	static class FormLoginLoginProcessingUrlInLambdaConfig extends WebSecurityConfigurerAdapter {
 
@@ -479,18 +545,6 @@ public class FormLoginConfigurerTests {
 
 	}
 
-	@Test
-	public void requestWhenCustomPortMapperThenPortMapperUsed() throws Exception {
-		FormLoginUsesPortMapperConfig.PORT_MAPPER = mock(PortMapper.class);
-		when(FormLoginUsesPortMapperConfig.PORT_MAPPER.lookupHttpsPort(any())).thenReturn(9443);
-		this.spring.register(FormLoginUsesPortMapperConfig.class).autowire();
-
-		this.mockMvc.perform(get("http://localhost:9090")).andExpect(status().isFound())
-				.andExpect(redirectedUrl("https://localhost:9443/login"));
-
-		verify(FormLoginUsesPortMapperConfig.PORT_MAPPER).lookupHttpsPort(any());
-	}
-
 	@EnableWebSecurity
 	static class FormLoginUsesPortMapperConfig extends WebSecurityConfigurerAdapter {
 
@@ -516,14 +570,6 @@ public class FormLoginConfigurerTests {
 
 	}
 
-	@Test
-	public void failureUrlWhenPermitAllAndFailureHandlerThenSecured() throws Exception {
-		this.spring.register(PermitAllIgnoresFailureHandlerConfig.class).autowire();
-
-		this.mockMvc.perform(get("/login?error")).andExpect(status().isFound())
-				.andExpect(redirectedUrl("http://localhost/login"));
-	}
-
 	@EnableWebSecurity
 	static class PermitAllIgnoresFailureHandlerConfig extends WebSecurityConfigurerAdapter {
 
@@ -544,13 +590,6 @@ public class FormLoginConfigurerTests {
 
 	}
 
-	@Test
-	public void formLoginWhenInvokedTwiceThenUsesOriginalUsernameParameter() throws Exception {
-		this.spring.register(DuplicateInvocationsDoesNotOverrideConfig.class).autowire();
-
-		this.mockMvc.perform(formLogin().user("custom-username", "user")).andExpect(authenticated());
-	}
-
 	@EnableWebSecurity
 	static class DuplicateInvocationsDoesNotOverrideConfig extends WebSecurityConfigurerAdapter {
 
@@ -576,20 +615,6 @@ public class FormLoginConfigurerTests {
 
 	}
 
-	@Test
-	public void loginWhenInvalidLoginAndFailureForwardUrlThenForwardsToFailureForwardUrl() throws Exception {
-		this.spring.register(FormLoginUserForwardAuthenticationSuccessAndFailureConfig.class).autowire();
-
-		this.mockMvc.perform(formLogin().user("invalid")).andExpect(forwardedUrl("/failure_forward_url"));
-	}
-
-	@Test
-	public void loginWhenSuccessForwardUrlThenForwardsToSuccessForwardUrl() throws Exception {
-		this.spring.register(FormLoginUserForwardAuthenticationSuccessAndFailureConfig.class).autowire();
-
-		this.mockMvc.perform(formLogin()).andExpect(forwardedUrl("/success_forward_url"));
-	}
-
 	@EnableWebSecurity
 	static class FormLoginUserForwardAuthenticationSuccessAndFailureConfig extends WebSecurityConfigurerAdapter {
 
@@ -620,31 +645,6 @@ public class FormLoginConfigurerTests {
 
 	}
 
-	@Test
-	public void configureWhenRegisteringObjectPostProcessorThenInvokedOnUsernamePasswordAuthenticationFilter() {
-		ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class);
-		this.spring.register(ObjectPostProcessorConfig.class).autowire();
-
-		verify(ObjectPostProcessorConfig.objectPostProcessor)
-				.postProcess(any(UsernamePasswordAuthenticationFilter.class));
-	}
-
-	@Test
-	public void configureWhenRegisteringObjectPostProcessorThenInvokedOnLoginUrlAuthenticationEntryPoint() {
-		ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class);
-		this.spring.register(ObjectPostProcessorConfig.class).autowire();
-
-		verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(LoginUrlAuthenticationEntryPoint.class));
-	}
-
-	@Test
-	public void configureWhenRegisteringObjectPostProcessorThenInvokedOnExceptionTranslationFilter() {
-		ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class);
-		this.spring.register(ObjectPostProcessorConfig.class).autowire();
-
-		verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(ExceptionTranslationFilter.class));
-	}
-
 	@EnableWebSecurity
 	static class ObjectPostProcessorConfig extends WebSecurityConfigurerAdapter {
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerEagerHeadersTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerEagerHeadersTests.java
index 908c61fecd..0586a75bac 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerEagerHeadersTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerEagerHeadersTests.java
@@ -47,6 +47,18 @@ public class HeadersConfigurerEagerHeadersTests {
 	@Autowired
 	MockMvc mvc;
 
+	@Test
+	public void requestWhenHeadersEagerlyConfiguredThenHeadersAreWritten() throws Exception {
+		this.spring.register(HeadersAtTheBeginningOfRequestConfig.class).autowire();
+
+		this.mvc.perform(get("/").secure(true)).andExpect(header().string("X-Content-Type-Options", "nosniff"))
+				.andExpect(header().string("X-Frame-Options", "DENY"))
+				.andExpect(header().string("Strict-Transport-Security", "max-age=31536000 ; includeSubDomains"))
+				.andExpect(header().string(CACHE_CONTROL, "no-cache, no-store, max-age=0, must-revalidate"))
+				.andExpect(header().string(EXPIRES, "0")).andExpect(header().string(PRAGMA, "no-cache"))
+				.andExpect(header().string("X-XSS-Protection", "1; mode=block"));
+	}
+
 	@EnableWebSecurity
 	public static class HeadersAtTheBeginningOfRequestConfig extends WebSecurityConfigurerAdapter {
 
@@ -65,16 +77,4 @@ public class HeadersConfigurerEagerHeadersTests {
 
 	}
 
-	@Test
-	public void requestWhenHeadersEagerlyConfiguredThenHeadersAreWritten() throws Exception {
-		this.spring.register(HeadersAtTheBeginningOfRequestConfig.class).autowire();
-
-		this.mvc.perform(get("/").secure(true)).andExpect(header().string("X-Content-Type-Options", "nosniff"))
-				.andExpect(header().string("X-Frame-Options", "DENY"))
-				.andExpect(header().string("Strict-Transport-Security", "max-age=31536000 ; includeSubDomains"))
-				.andExpect(header().string(CACHE_CONTROL, "no-cache, no-store, max-age=0, must-revalidate"))
-				.andExpect(header().string(EXPIRES, "0")).andExpect(header().string(PRAGMA, "no-cache"))
-				.andExpect(header().string("X-XSS-Protection", "1; mode=block"));
-	}
-
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerTests.java
index b5e0df70fe..275f89c498 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerTests.java
@@ -77,19 +77,6 @@ public class HeadersConfigurerTests {
 				HttpHeaders.CACHE_CONTROL, HttpHeaders.EXPIRES, HttpHeaders.PRAGMA, HttpHeaders.X_XSS_PROTECTION);
 	}
 
-	@EnableWebSecurity
-	static class HeadersConfig extends WebSecurityConfigurerAdapter {
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.headers();
-			// @formatter:on
-		}
-
-	}
-
 	@Test
 	public void getWhenHeadersConfiguredInLambdaThenDefaultHeadersInResponse() throws Exception {
 		this.spring.register(HeadersInLambdaConfig.class).autowire();
@@ -108,19 +95,6 @@ public class HeadersConfigurerTests {
 				HttpHeaders.CACHE_CONTROL, HttpHeaders.EXPIRES, HttpHeaders.PRAGMA, HttpHeaders.X_XSS_PROTECTION);
 	}
 
-	@EnableWebSecurity
-	static class HeadersInLambdaConfig extends WebSecurityConfigurerAdapter {
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.headers(withDefaults());
-			// @formatter:on
-		}
-
-	}
-
 	@Test
 	public void getWhenHeaderDefaultsDisabledAndContentTypeConfiguredThenOnlyContentTypeHeaderInResponse()
 			throws Exception {
@@ -131,21 +105,6 @@ public class HeadersConfigurerTests {
 		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly(HttpHeaders.X_CONTENT_TYPE_OPTIONS);
 	}
 
-	@EnableWebSecurity
-	static class ContentTypeOptionsConfig extends WebSecurityConfigurerAdapter {
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.headers()
-					.defaultsDisabled()
-					.contentTypeOptions();
-			// @formatter:on
-		}
-
-	}
-
 	@Test
 	public void getWhenOnlyContentTypeConfiguredInLambdaThenOnlyContentTypeHeaderInResponse() throws Exception {
 		this.spring.register(ContentTypeOptionsInLambdaConfig.class).autowire();
@@ -155,23 +114,6 @@ public class HeadersConfigurerTests {
 		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly(HttpHeaders.X_CONTENT_TYPE_OPTIONS);
 	}
 
-	@EnableWebSecurity
-	static class ContentTypeOptionsInLambdaConfig extends WebSecurityConfigurerAdapter {
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.headers(headers ->
-					headers
-						.defaultsDisabled()
-						.contentTypeOptions(withDefaults())
-				);
-			// @formatter:on
-		}
-
-	}
-
 	@Test
 	public void getWhenHeaderDefaultsDisabledAndFrameOptionsConfiguredThenOnlyFrameOptionsHeaderInResponse()
 			throws Exception {
@@ -182,21 +124,6 @@ public class HeadersConfigurerTests {
 		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly(HttpHeaders.X_FRAME_OPTIONS);
 	}
 
-	@EnableWebSecurity
-	static class FrameOptionsConfig extends WebSecurityConfigurerAdapter {
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.headers()
-					.defaultsDisabled()
-					.frameOptions();
-			// @formatter:on
-		}
-
-	}
-
 	@Test
 	public void getWhenHeaderDefaultsDisabledAndHstsConfiguredThenOnlyStrictTransportSecurityHeaderInResponse()
 			throws Exception {
@@ -209,21 +136,6 @@ public class HeadersConfigurerTests {
 		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly(HttpHeaders.STRICT_TRANSPORT_SECURITY);
 	}
 
-	@EnableWebSecurity
-	static class HstsConfig extends WebSecurityConfigurerAdapter {
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.headers()
-					.defaultsDisabled()
-					.httpStrictTransportSecurity();
-			// @formatter:on
-		}
-
-	}
-
 	@Test
 	public void getWhenHeaderDefaultsDisabledAndCacheControlConfiguredThenCacheControlAndExpiresAndPragmaHeadersInResponse()
 			throws Exception {
@@ -237,21 +149,6 @@ public class HeadersConfigurerTests {
 				HttpHeaders.EXPIRES, HttpHeaders.PRAGMA);
 	}
 
-	@EnableWebSecurity
-	static class CacheControlConfig extends WebSecurityConfigurerAdapter {
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.headers()
-					.defaultsDisabled()
-					.cacheControl();
-			// @formatter:on
-		}
-
-	}
-
 	@Test
 	public void getWhenOnlyCacheControlConfiguredInLambdaThenCacheControlAndExpiresAndPragmaHeadersInResponse()
 			throws Exception {
@@ -265,23 +162,6 @@ public class HeadersConfigurerTests {
 				HttpHeaders.EXPIRES, HttpHeaders.PRAGMA);
 	}
 
-	@EnableWebSecurity
-	static class CacheControlInLambdaConfig extends WebSecurityConfigurerAdapter {
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.headers(headers ->
-					headers
-						.defaultsDisabled()
-						.cacheControl(withDefaults())
-				);
-			// @formatter:on
-		}
-
-	}
-
 	@Test
 	public void getWhenHeaderDefaultsDisabledAndXssProtectionConfiguredThenOnlyXssProtectionHeaderInResponse()
 			throws Exception {
@@ -292,21 +172,6 @@ public class HeadersConfigurerTests {
 		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly(HttpHeaders.X_XSS_PROTECTION);
 	}
 
-	@EnableWebSecurity
-	static class XssProtectionConfig extends WebSecurityConfigurerAdapter {
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.headers()
-					.defaultsDisabled()
-					.xssProtection();
-			// @formatter:on
-		}
-
-	}
-
 	@Test
 	public void getWhenOnlyXssProtectionConfiguredInLambdaThenOnlyXssProtectionHeaderInResponse() throws Exception {
 		this.spring.register(XssProtectionInLambdaConfig.class).autowire();
@@ -316,23 +181,6 @@ public class HeadersConfigurerTests {
 		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly(HttpHeaders.X_XSS_PROTECTION);
 	}
 
-	@EnableWebSecurity
-	static class XssProtectionInLambdaConfig extends WebSecurityConfigurerAdapter {
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.headers(headers ->
-					headers
-						.defaultsDisabled()
-						.xssProtection(withDefaults())
-				);
-			// @formatter:on
-		}
-
-	}
-
 	@Test
 	public void getWhenFrameOptionsSameOriginConfiguredThenFrameOptionsHeaderHasValueSameOrigin() throws Exception {
 		this.spring.register(HeadersCustomSameOriginConfig.class).autowire();
@@ -342,20 +190,6 @@ public class HeadersConfigurerTests {
 				.andReturn();
 	}
 
-	@EnableWebSecurity
-	static class HeadersCustomSameOriginConfig extends WebSecurityConfigurerAdapter {
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.headers()
-					.frameOptions().sameOrigin();
-			// @formatter:on
-		}
-
-	}
-
 	@Test
 	public void getWhenFrameOptionsSameOriginConfiguredInLambdaThenFrameOptionsHeaderHasValueSameOrigin()
 			throws Exception {
@@ -366,22 +200,6 @@ public class HeadersConfigurerTests {
 				.andReturn();
 	}
 
-	@EnableWebSecurity
-	static class HeadersCustomSameOriginInLambdaConfig extends WebSecurityConfigurerAdapter {
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.headers(headers ->
-					headers
-						.frameOptions(frameOptionsConfig -> frameOptionsConfig.sameOrigin())
-				);
-			// @formatter:on
-		}
-
-	}
-
 	@Test
 	public void getWhenHeaderDefaultsDisabledAndPublicHpkpWithNoPinThenNoHeadersInResponse() throws Exception {
 		this.spring.register(HpkpConfigNoPins.class).autowire();
@@ -390,21 +208,6 @@ public class HeadersConfigurerTests {
 		assertThat(mvcResult.getResponse().getHeaderNames()).isEmpty();
 	}
 
-	@EnableWebSecurity
-	static class HpkpConfigNoPins extends WebSecurityConfigurerAdapter {
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.headers()
-					.defaultsDisabled()
-					.httpPublicKeyPinning();
-			// @formatter:on
-		}
-
-	}
-
 	@Test
 	public void getWhenSecureRequestAndHpkpWithPinThenPublicKeyPinsReportOnlyHeaderInResponse() throws Exception {
 		this.spring.register(HpkpConfig.class).autowire();
@@ -424,6 +227,414 @@ public class HeadersConfigurerTests {
 		assertThat(mvcResult.getResponse().getHeaderNames()).isEmpty();
 	}
 
+	@Test
+	public void getWhenHpkpWithMultiplePinsThenPublicKeyPinsReportOnlyHeaderWithMultiplePinsInResponse()
+			throws Exception {
+		this.spring.register(HpkpConfigWithPins.class).autowire();
+
+		MvcResult mvcResult = this.mvc.perform(get("/").secure(true)).andExpect(header().string(
+				HttpHeaders.PUBLIC_KEY_PINS_REPORT_ONLY,
+				"max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\" ; pin-sha256=\"E9CZ9INDbd+2eRQozYqqbQ2yXLVKB9+xcprMF+44U1g=\""))
+				.andReturn();
+		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly(HttpHeaders.PUBLIC_KEY_PINS_REPORT_ONLY);
+	}
+
+	@Test
+	public void getWhenHpkpWithCustomAgeThenPublicKeyPinsReportOnlyHeaderWithCustomAgeInResponse() throws Exception {
+		this.spring.register(HpkpConfigCustomAge.class).autowire();
+
+		MvcResult mvcResult = this.mvc.perform(get("/").secure(true))
+				.andExpect(header().string(HttpHeaders.PUBLIC_KEY_PINS_REPORT_ONLY,
+						"max-age=604800 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\""))
+				.andReturn();
+		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly(HttpHeaders.PUBLIC_KEY_PINS_REPORT_ONLY);
+	}
+
+	@Test
+	public void getWhenHpkpWithReportOnlyFalseThenPublicKeyPinsHeaderInResponse() throws Exception {
+		this.spring.register(HpkpConfigTerminateConnection.class).autowire();
+
+		MvcResult mvcResult = this.mvc.perform(get("/").secure(true))
+				.andExpect(header().string(HttpHeaders.PUBLIC_KEY_PINS,
+						"max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\""))
+				.andReturn();
+		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly(HttpHeaders.PUBLIC_KEY_PINS);
+	}
+
+	@Test
+	public void getWhenHpkpIncludeSubdomainThenPublicKeyPinsReportOnlyHeaderWithIncludeSubDomainsInResponse()
+			throws Exception {
+		this.spring.register(HpkpConfigIncludeSubDomains.class).autowire();
+
+		MvcResult mvcResult = this.mvc.perform(get("/").secure(true)).andExpect(header().string(
+				HttpHeaders.PUBLIC_KEY_PINS_REPORT_ONLY,
+				"max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\" ; includeSubDomains"))
+				.andReturn();
+		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly(HttpHeaders.PUBLIC_KEY_PINS_REPORT_ONLY);
+	}
+
+	@Test
+	public void getWhenHpkpWithReportUriThenPublicKeyPinsReportOnlyHeaderWithReportUriInResponse() throws Exception {
+		this.spring.register(HpkpConfigWithReportURI.class).autowire();
+
+		MvcResult mvcResult = this.mvc.perform(get("/").secure(true)).andExpect(header().string(
+				HttpHeaders.PUBLIC_KEY_PINS_REPORT_ONLY,
+				"max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\" ; report-uri=\"https://example.net/pkp-report\""))
+				.andReturn();
+		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly(HttpHeaders.PUBLIC_KEY_PINS_REPORT_ONLY);
+	}
+
+	@Test
+	public void getWhenHpkpWithReportUriAsStringThenPublicKeyPinsReportOnlyHeaderWithReportUriInResponse()
+			throws Exception {
+		this.spring.register(HpkpConfigWithReportURIAsString.class).autowire();
+
+		MvcResult mvcResult = this.mvc.perform(get("/").secure(true)).andExpect(header().string(
+				HttpHeaders.PUBLIC_KEY_PINS_REPORT_ONLY,
+				"max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\" ; report-uri=\"https://example.net/pkp-report\""))
+				.andReturn();
+		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly(HttpHeaders.PUBLIC_KEY_PINS_REPORT_ONLY);
+	}
+
+	@Test
+	public void getWhenHpkpWithReportUriInLambdaThenPublicKeyPinsReportOnlyHeaderWithReportUriInResponse()
+			throws Exception {
+		this.spring.register(HpkpWithReportUriInLambdaConfig.class).autowire();
+
+		MvcResult mvcResult = this.mvc.perform(get("/").secure(true)).andExpect(header().string(
+				HttpHeaders.PUBLIC_KEY_PINS_REPORT_ONLY,
+				"max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\" ; report-uri=\"https://example.net/pkp-report\""))
+				.andReturn();
+		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly(HttpHeaders.PUBLIC_KEY_PINS_REPORT_ONLY);
+	}
+
+	@Test
+	public void getWhenContentSecurityPolicyConfiguredThenContentSecurityPolicyHeaderInResponse() throws Exception {
+		this.spring.register(ContentSecurityPolicyDefaultConfig.class).autowire();
+
+		MvcResult mvcResult = this.mvc.perform(get("/").secure(true))
+				.andExpect(header().string(HttpHeaders.CONTENT_SECURITY_POLICY, "default-src 'self'")).andReturn();
+		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly(HttpHeaders.CONTENT_SECURITY_POLICY);
+	}
+
+	@Test
+	public void getWhenContentSecurityPolicyWithReportOnlyThenContentSecurityPolicyReportOnlyHeaderInResponse()
+			throws Exception {
+		this.spring.register(ContentSecurityPolicyReportOnlyConfig.class).autowire();
+
+		MvcResult mvcResult = this.mvc.perform(get("/").secure(true))
+				.andExpect(header().string(HttpHeaders.CONTENT_SECURITY_POLICY_REPORT_ONLY,
+						"default-src 'self'; script-src trustedscripts.example.com"))
+				.andReturn();
+		assertThat(mvcResult.getResponse().getHeaderNames())
+				.containsExactly(HttpHeaders.CONTENT_SECURITY_POLICY_REPORT_ONLY);
+	}
+
+	@Test
+	public void getWhenContentSecurityPolicyWithReportOnlyInLambdaThenContentSecurityPolicyReportOnlyHeaderInResponse()
+			throws Exception {
+		this.spring.register(ContentSecurityPolicyReportOnlyInLambdaConfig.class).autowire();
+
+		MvcResult mvcResult = this.mvc.perform(get("/").secure(true))
+				.andExpect(header().string(HttpHeaders.CONTENT_SECURITY_POLICY_REPORT_ONLY,
+						"default-src 'self'; script-src trustedscripts.example.com"))
+				.andReturn();
+		assertThat(mvcResult.getResponse().getHeaderNames())
+				.containsExactly(HttpHeaders.CONTENT_SECURITY_POLICY_REPORT_ONLY);
+	}
+
+	@Test
+	public void configureWhenContentSecurityPolicyEmptyThenException() {
+		assertThatThrownBy(() -> this.spring.register(ContentSecurityPolicyInvalidConfig.class).autowire())
+				.isInstanceOf(BeanCreationException.class).hasRootCauseInstanceOf(IllegalArgumentException.class);
+	}
+
+	@Test
+	public void configureWhenContentSecurityPolicyEmptyInLambdaThenException() {
+		assertThatThrownBy(() -> this.spring.register(ContentSecurityPolicyInvalidInLambdaConfig.class).autowire())
+				.isInstanceOf(BeanCreationException.class).hasRootCauseInstanceOf(IllegalArgumentException.class);
+	}
+
+	@Test
+	public void configureWhenContentSecurityPolicyNoPolicyDirectivesInLambdaThenDefaultHeaderValue() throws Exception {
+		this.spring.register(ContentSecurityPolicyNoDirectivesInLambdaConfig.class).autowire();
+
+		MvcResult mvcResult = this.mvc.perform(get("/").secure(true))
+				.andExpect(header().string(HttpHeaders.CONTENT_SECURITY_POLICY, "default-src 'self'")).andReturn();
+		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly(HttpHeaders.CONTENT_SECURITY_POLICY);
+	}
+
+	@Test
+	public void getWhenReferrerPolicyConfiguredThenReferrerPolicyHeaderInResponse() throws Exception {
+		this.spring.register(ReferrerPolicyDefaultConfig.class).autowire();
+
+		MvcResult mvcResult = this.mvc.perform(get("/").secure(true))
+				.andExpect(header().string("Referrer-Policy", ReferrerPolicy.NO_REFERRER.getPolicy())).andReturn();
+		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly("Referrer-Policy");
+	}
+
+	@Test
+	public void getWhenReferrerPolicyInLambdaThenReferrerPolicyHeaderInResponse() throws Exception {
+		this.spring.register(ReferrerPolicyDefaultInLambdaConfig.class).autowire();
+
+		MvcResult mvcResult = this.mvc.perform(get("/").secure(true))
+				.andExpect(header().string("Referrer-Policy", ReferrerPolicy.NO_REFERRER.getPolicy())).andReturn();
+		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly("Referrer-Policy");
+	}
+
+	@Test
+	public void getWhenReferrerPolicyConfiguredWithCustomValueThenReferrerPolicyHeaderWithCustomValueInResponse()
+			throws Exception {
+		this.spring.register(ReferrerPolicyCustomConfig.class).autowire();
+
+		MvcResult mvcResult = this.mvc.perform(get("/").secure(true))
+				.andExpect(header().string("Referrer-Policy", ReferrerPolicy.SAME_ORIGIN.getPolicy())).andReturn();
+		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly("Referrer-Policy");
+	}
+
+	@Test
+	public void getWhenReferrerPolicyConfiguredWithCustomValueInLambdaThenCustomValueInResponse() throws Exception {
+		this.spring.register(ReferrerPolicyCustomInLambdaConfig.class).autowire();
+
+		MvcResult mvcResult = this.mvc.perform(get("/").secure(true))
+				.andExpect(header().string("Referrer-Policy", ReferrerPolicy.SAME_ORIGIN.getPolicy())).andReturn();
+		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly("Referrer-Policy");
+	}
+
+	@Test
+	public void getWhenFeaturePolicyConfiguredThenFeaturePolicyHeaderInResponse() throws Exception {
+		this.spring.register(FeaturePolicyConfig.class).autowire();
+
+		MvcResult mvcResult = this.mvc.perform(get("/").secure(true))
+				.andExpect(header().string("Feature-Policy", "geolocation 'self'")).andReturn();
+		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly("Feature-Policy");
+	}
+
+	@Test
+	public void configureWhenFeaturePolicyEmptyThenException() {
+		assertThatThrownBy(() -> this.spring.register(FeaturePolicyInvalidConfig.class).autowire())
+				.isInstanceOf(BeanCreationException.class).hasRootCauseInstanceOf(IllegalArgumentException.class);
+	}
+
+	@Test
+	public void getWhenHstsConfiguredWithPreloadThenStrictTransportSecurityHeaderWithPreloadInResponse()
+			throws Exception {
+		this.spring.register(HstsWithPreloadConfig.class).autowire();
+
+		MvcResult mvcResult = this.mvc.perform(get("/").secure(true)).andExpect(header()
+				.string(HttpHeaders.STRICT_TRANSPORT_SECURITY, "max-age=31536000 ; includeSubDomains ; preload"))
+				.andReturn();
+		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly(HttpHeaders.STRICT_TRANSPORT_SECURITY);
+	}
+
+	@Test
+	public void getWhenHstsConfiguredWithPreloadInLambdaThenStrictTransportSecurityHeaderWithPreloadInResponse()
+			throws Exception {
+		this.spring.register(HstsWithPreloadInLambdaConfig.class).autowire();
+
+		MvcResult mvcResult = this.mvc.perform(get("/").secure(true)).andExpect(header()
+				.string(HttpHeaders.STRICT_TRANSPORT_SECURITY, "max-age=31536000 ; includeSubDomains ; preload"))
+				.andReturn();
+		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly(HttpHeaders.STRICT_TRANSPORT_SECURITY);
+	}
+
+	@EnableWebSecurity
+	static class HeadersConfig extends WebSecurityConfigurerAdapter {
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.headers();
+			// @formatter:on
+		}
+
+	}
+
+	@EnableWebSecurity
+	static class HeadersInLambdaConfig extends WebSecurityConfigurerAdapter {
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.headers(withDefaults());
+			// @formatter:on
+		}
+
+	}
+
+	@EnableWebSecurity
+	static class ContentTypeOptionsConfig extends WebSecurityConfigurerAdapter {
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.headers()
+					.defaultsDisabled()
+					.contentTypeOptions();
+			// @formatter:on
+		}
+
+	}
+
+	@EnableWebSecurity
+	static class ContentTypeOptionsInLambdaConfig extends WebSecurityConfigurerAdapter {
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.headers(headers ->
+					headers
+						.defaultsDisabled()
+						.contentTypeOptions(withDefaults())
+				);
+			// @formatter:on
+		}
+
+	}
+
+	@EnableWebSecurity
+	static class FrameOptionsConfig extends WebSecurityConfigurerAdapter {
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.headers()
+					.defaultsDisabled()
+					.frameOptions();
+			// @formatter:on
+		}
+
+	}
+
+	@EnableWebSecurity
+	static class HstsConfig extends WebSecurityConfigurerAdapter {
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.headers()
+					.defaultsDisabled()
+					.httpStrictTransportSecurity();
+			// @formatter:on
+		}
+
+	}
+
+	@EnableWebSecurity
+	static class CacheControlConfig extends WebSecurityConfigurerAdapter {
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.headers()
+					.defaultsDisabled()
+					.cacheControl();
+			// @formatter:on
+		}
+
+	}
+
+	@EnableWebSecurity
+	static class CacheControlInLambdaConfig extends WebSecurityConfigurerAdapter {
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.headers(headers ->
+					headers
+						.defaultsDisabled()
+						.cacheControl(withDefaults())
+				);
+			// @formatter:on
+		}
+
+	}
+
+	@EnableWebSecurity
+	static class XssProtectionConfig extends WebSecurityConfigurerAdapter {
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.headers()
+					.defaultsDisabled()
+					.xssProtection();
+			// @formatter:on
+		}
+
+	}
+
+	@EnableWebSecurity
+	static class XssProtectionInLambdaConfig extends WebSecurityConfigurerAdapter {
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.headers(headers ->
+					headers
+						.defaultsDisabled()
+						.xssProtection(withDefaults())
+				);
+			// @formatter:on
+		}
+
+	}
+
+	@EnableWebSecurity
+	static class HeadersCustomSameOriginConfig extends WebSecurityConfigurerAdapter {
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.headers()
+					.frameOptions().sameOrigin();
+			// @formatter:on
+		}
+
+	}
+
+	@EnableWebSecurity
+	static class HeadersCustomSameOriginInLambdaConfig extends WebSecurityConfigurerAdapter {
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.headers(headers ->
+					headers
+						.frameOptions(frameOptionsConfig -> frameOptionsConfig.sameOrigin())
+				);
+			// @formatter:on
+		}
+
+	}
+
+	@EnableWebSecurity
+	static class HpkpConfigNoPins extends WebSecurityConfigurerAdapter {
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.headers()
+					.defaultsDisabled()
+					.httpPublicKeyPinning();
+			// @formatter:on
+		}
+
+	}
+
 	@EnableWebSecurity
 	static class HpkpConfig extends WebSecurityConfigurerAdapter {
 
@@ -440,18 +651,6 @@ public class HeadersConfigurerTests {
 
 	}
 
-	@Test
-	public void getWhenHpkpWithMultiplePinsThenPublicKeyPinsReportOnlyHeaderWithMultiplePinsInResponse()
-			throws Exception {
-		this.spring.register(HpkpConfigWithPins.class).autowire();
-
-		MvcResult mvcResult = this.mvc.perform(get("/").secure(true)).andExpect(header().string(
-				HttpHeaders.PUBLIC_KEY_PINS_REPORT_ONLY,
-				"max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\" ; pin-sha256=\"E9CZ9INDbd+2eRQozYqqbQ2yXLVKB9+xcprMF+44U1g=\""))
-				.andReturn();
-		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly(HttpHeaders.PUBLIC_KEY_PINS_REPORT_ONLY);
-	}
-
 	@EnableWebSecurity
 	static class HpkpConfigWithPins extends WebSecurityConfigurerAdapter {
 
@@ -472,17 +671,6 @@ public class HeadersConfigurerTests {
 
 	}
 
-	@Test
-	public void getWhenHpkpWithCustomAgeThenPublicKeyPinsReportOnlyHeaderWithCustomAgeInResponse() throws Exception {
-		this.spring.register(HpkpConfigCustomAge.class).autowire();
-
-		MvcResult mvcResult = this.mvc.perform(get("/").secure(true))
-				.andExpect(header().string(HttpHeaders.PUBLIC_KEY_PINS_REPORT_ONLY,
-						"max-age=604800 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\""))
-				.andReturn();
-		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly(HttpHeaders.PUBLIC_KEY_PINS_REPORT_ONLY);
-	}
-
 	@EnableWebSecurity
 	static class HpkpConfigCustomAge extends WebSecurityConfigurerAdapter {
 
@@ -500,17 +688,6 @@ public class HeadersConfigurerTests {
 
 	}
 
-	@Test
-	public void getWhenHpkpWithReportOnlyFalseThenPublicKeyPinsHeaderInResponse() throws Exception {
-		this.spring.register(HpkpConfigTerminateConnection.class).autowire();
-
-		MvcResult mvcResult = this.mvc.perform(get("/").secure(true))
-				.andExpect(header().string(HttpHeaders.PUBLIC_KEY_PINS,
-						"max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\""))
-				.andReturn();
-		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly(HttpHeaders.PUBLIC_KEY_PINS);
-	}
-
 	@EnableWebSecurity
 	static class HpkpConfigTerminateConnection extends WebSecurityConfigurerAdapter {
 
@@ -528,18 +705,6 @@ public class HeadersConfigurerTests {
 
 	}
 
-	@Test
-	public void getWhenHpkpIncludeSubdomainThenPublicKeyPinsReportOnlyHeaderWithIncludeSubDomainsInResponse()
-			throws Exception {
-		this.spring.register(HpkpConfigIncludeSubDomains.class).autowire();
-
-		MvcResult mvcResult = this.mvc.perform(get("/").secure(true)).andExpect(header().string(
-				HttpHeaders.PUBLIC_KEY_PINS_REPORT_ONLY,
-				"max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\" ; includeSubDomains"))
-				.andReturn();
-		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly(HttpHeaders.PUBLIC_KEY_PINS_REPORT_ONLY);
-	}
-
 	@EnableWebSecurity
 	static class HpkpConfigIncludeSubDomains extends WebSecurityConfigurerAdapter {
 
@@ -557,17 +722,6 @@ public class HeadersConfigurerTests {
 
 	}
 
-	@Test
-	public void getWhenHpkpWithReportUriThenPublicKeyPinsReportOnlyHeaderWithReportUriInResponse() throws Exception {
-		this.spring.register(HpkpConfigWithReportURI.class).autowire();
-
-		MvcResult mvcResult = this.mvc.perform(get("/").secure(true)).andExpect(header().string(
-				HttpHeaders.PUBLIC_KEY_PINS_REPORT_ONLY,
-				"max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\" ; report-uri=\"https://example.net/pkp-report\""))
-				.andReturn();
-		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly(HttpHeaders.PUBLIC_KEY_PINS_REPORT_ONLY);
-	}
-
 	@EnableWebSecurity
 	static class HpkpConfigWithReportURI extends WebSecurityConfigurerAdapter {
 
@@ -585,18 +739,6 @@ public class HeadersConfigurerTests {
 
 	}
 
-	@Test
-	public void getWhenHpkpWithReportUriAsStringThenPublicKeyPinsReportOnlyHeaderWithReportUriInResponse()
-			throws Exception {
-		this.spring.register(HpkpConfigWithReportURIAsString.class).autowire();
-
-		MvcResult mvcResult = this.mvc.perform(get("/").secure(true)).andExpect(header().string(
-				HttpHeaders.PUBLIC_KEY_PINS_REPORT_ONLY,
-				"max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\" ; report-uri=\"https://example.net/pkp-report\""))
-				.andReturn();
-		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly(HttpHeaders.PUBLIC_KEY_PINS_REPORT_ONLY);
-	}
-
 	@EnableWebSecurity
 	static class HpkpConfigWithReportURIAsString extends WebSecurityConfigurerAdapter {
 
@@ -614,18 +756,6 @@ public class HeadersConfigurerTests {
 
 	}
 
-	@Test
-	public void getWhenHpkpWithReportUriInLambdaThenPublicKeyPinsReportOnlyHeaderWithReportUriInResponse()
-			throws Exception {
-		this.spring.register(HpkpWithReportUriInLambdaConfig.class).autowire();
-
-		MvcResult mvcResult = this.mvc.perform(get("/").secure(true)).andExpect(header().string(
-				HttpHeaders.PUBLIC_KEY_PINS_REPORT_ONLY,
-				"max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\" ; report-uri=\"https://example.net/pkp-report\""))
-				.andReturn();
-		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly(HttpHeaders.PUBLIC_KEY_PINS_REPORT_ONLY);
-	}
-
 	@EnableWebSecurity
 	static class HpkpWithReportUriInLambdaConfig extends WebSecurityConfigurerAdapter {
 
@@ -647,15 +777,6 @@ public class HeadersConfigurerTests {
 
 	}
 
-	@Test
-	public void getWhenContentSecurityPolicyConfiguredThenContentSecurityPolicyHeaderInResponse() throws Exception {
-		this.spring.register(ContentSecurityPolicyDefaultConfig.class).autowire();
-
-		MvcResult mvcResult = this.mvc.perform(get("/").secure(true))
-				.andExpect(header().string(HttpHeaders.CONTENT_SECURITY_POLICY, "default-src 'self'")).andReturn();
-		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly(HttpHeaders.CONTENT_SECURITY_POLICY);
-	}
-
 	@EnableWebSecurity
 	static class ContentSecurityPolicyDefaultConfig extends WebSecurityConfigurerAdapter {
 
@@ -671,19 +792,6 @@ public class HeadersConfigurerTests {
 
 	}
 
-	@Test
-	public void getWhenContentSecurityPolicyWithReportOnlyThenContentSecurityPolicyReportOnlyHeaderInResponse()
-			throws Exception {
-		this.spring.register(ContentSecurityPolicyReportOnlyConfig.class).autowire();
-
-		MvcResult mvcResult = this.mvc.perform(get("/").secure(true))
-				.andExpect(header().string(HttpHeaders.CONTENT_SECURITY_POLICY_REPORT_ONLY,
-						"default-src 'self'; script-src trustedscripts.example.com"))
-				.andReturn();
-		assertThat(mvcResult.getResponse().getHeaderNames())
-				.containsExactly(HttpHeaders.CONTENT_SECURITY_POLICY_REPORT_ONLY);
-	}
-
 	@EnableWebSecurity
 	static class ContentSecurityPolicyReportOnlyConfig extends WebSecurityConfigurerAdapter {
 
@@ -700,19 +808,6 @@ public class HeadersConfigurerTests {
 
 	}
 
-	@Test
-	public void getWhenContentSecurityPolicyWithReportOnlyInLambdaThenContentSecurityPolicyReportOnlyHeaderInResponse()
-			throws Exception {
-		this.spring.register(ContentSecurityPolicyReportOnlyInLambdaConfig.class).autowire();
-
-		MvcResult mvcResult = this.mvc.perform(get("/").secure(true))
-				.andExpect(header().string(HttpHeaders.CONTENT_SECURITY_POLICY_REPORT_ONLY,
-						"default-src 'self'; script-src trustedscripts.example.com"))
-				.andReturn();
-		assertThat(mvcResult.getResponse().getHeaderNames())
-				.containsExactly(HttpHeaders.CONTENT_SECURITY_POLICY_REPORT_ONLY);
-	}
-
 	@EnableWebSecurity
 	static class ContentSecurityPolicyReportOnlyInLambdaConfig extends WebSecurityConfigurerAdapter {
 
@@ -734,12 +829,6 @@ public class HeadersConfigurerTests {
 
 	}
 
-	@Test
-	public void configureWhenContentSecurityPolicyEmptyThenException() {
-		assertThatThrownBy(() -> this.spring.register(ContentSecurityPolicyInvalidConfig.class).autowire())
-				.isInstanceOf(BeanCreationException.class).hasRootCauseInstanceOf(IllegalArgumentException.class);
-	}
-
 	@EnableWebSecurity
 	static class ContentSecurityPolicyInvalidConfig extends WebSecurityConfigurerAdapter {
 
@@ -755,12 +844,6 @@ public class HeadersConfigurerTests {
 
 	}
 
-	@Test
-	public void configureWhenContentSecurityPolicyEmptyInLambdaThenException() {
-		assertThatThrownBy(() -> this.spring.register(ContentSecurityPolicyInvalidInLambdaConfig.class).autowire())
-				.isInstanceOf(BeanCreationException.class).hasRootCauseInstanceOf(IllegalArgumentException.class);
-	}
-
 	@EnableWebSecurity
 	static class ContentSecurityPolicyInvalidInLambdaConfig extends WebSecurityConfigurerAdapter {
 
@@ -780,15 +863,6 @@ public class HeadersConfigurerTests {
 
 	}
 
-	@Test
-	public void configureWhenContentSecurityPolicyNoPolicyDirectivesInLambdaThenDefaultHeaderValue() throws Exception {
-		this.spring.register(ContentSecurityPolicyNoDirectivesInLambdaConfig.class).autowire();
-
-		MvcResult mvcResult = this.mvc.perform(get("/").secure(true))
-				.andExpect(header().string(HttpHeaders.CONTENT_SECURITY_POLICY, "default-src 'self'")).andReturn();
-		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly(HttpHeaders.CONTENT_SECURITY_POLICY);
-	}
-
 	@EnableWebSecurity
 	static class ContentSecurityPolicyNoDirectivesInLambdaConfig extends WebSecurityConfigurerAdapter {
 
@@ -806,15 +880,6 @@ public class HeadersConfigurerTests {
 
 	}
 
-	@Test
-	public void getWhenReferrerPolicyConfiguredThenReferrerPolicyHeaderInResponse() throws Exception {
-		this.spring.register(ReferrerPolicyDefaultConfig.class).autowire();
-
-		MvcResult mvcResult = this.mvc.perform(get("/").secure(true))
-				.andExpect(header().string("Referrer-Policy", ReferrerPolicy.NO_REFERRER.getPolicy())).andReturn();
-		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly("Referrer-Policy");
-	}
-
 	@EnableWebSecurity
 	static class ReferrerPolicyDefaultConfig extends WebSecurityConfigurerAdapter {
 
@@ -830,15 +895,6 @@ public class HeadersConfigurerTests {
 
 	}
 
-	@Test
-	public void getWhenReferrerPolicyInLambdaThenReferrerPolicyHeaderInResponse() throws Exception {
-		this.spring.register(ReferrerPolicyDefaultInLambdaConfig.class).autowire();
-
-		MvcResult mvcResult = this.mvc.perform(get("/").secure(true))
-				.andExpect(header().string("Referrer-Policy", ReferrerPolicy.NO_REFERRER.getPolicy())).andReturn();
-		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly("Referrer-Policy");
-	}
-
 	@EnableWebSecurity
 	static class ReferrerPolicyDefaultInLambdaConfig extends WebSecurityConfigurerAdapter {
 
@@ -856,16 +912,6 @@ public class HeadersConfigurerTests {
 
 	}
 
-	@Test
-	public void getWhenReferrerPolicyConfiguredWithCustomValueThenReferrerPolicyHeaderWithCustomValueInResponse()
-			throws Exception {
-		this.spring.register(ReferrerPolicyCustomConfig.class).autowire();
-
-		MvcResult mvcResult = this.mvc.perform(get("/").secure(true))
-				.andExpect(header().string("Referrer-Policy", ReferrerPolicy.SAME_ORIGIN.getPolicy())).andReturn();
-		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly("Referrer-Policy");
-	}
-
 	@EnableWebSecurity
 	static class ReferrerPolicyCustomConfig extends WebSecurityConfigurerAdapter {
 
@@ -881,15 +927,6 @@ public class HeadersConfigurerTests {
 
 	}
 
-	@Test
-	public void getWhenReferrerPolicyConfiguredWithCustomValueInLambdaThenCustomValueInResponse() throws Exception {
-		this.spring.register(ReferrerPolicyCustomInLambdaConfig.class).autowire();
-
-		MvcResult mvcResult = this.mvc.perform(get("/").secure(true))
-				.andExpect(header().string("Referrer-Policy", ReferrerPolicy.SAME_ORIGIN.getPolicy())).andReturn();
-		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly("Referrer-Policy");
-	}
-
 	@EnableWebSecurity
 	static class ReferrerPolicyCustomInLambdaConfig extends WebSecurityConfigurerAdapter {
 
@@ -909,15 +946,6 @@ public class HeadersConfigurerTests {
 
 	}
 
-	@Test
-	public void getWhenFeaturePolicyConfiguredThenFeaturePolicyHeaderInResponse() throws Exception {
-		this.spring.register(FeaturePolicyConfig.class).autowire();
-
-		MvcResult mvcResult = this.mvc.perform(get("/").secure(true))
-				.andExpect(header().string("Feature-Policy", "geolocation 'self'")).andReturn();
-		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly("Feature-Policy");
-	}
-
 	@EnableWebSecurity
 	static class FeaturePolicyConfig extends WebSecurityConfigurerAdapter {
 
@@ -933,12 +961,6 @@ public class HeadersConfigurerTests {
 
 	}
 
-	@Test
-	public void configureWhenFeaturePolicyEmptyThenException() {
-		assertThatThrownBy(() -> this.spring.register(FeaturePolicyInvalidConfig.class).autowire())
-				.isInstanceOf(BeanCreationException.class).hasRootCauseInstanceOf(IllegalArgumentException.class);
-	}
-
 	@EnableWebSecurity
 	static class FeaturePolicyInvalidConfig extends WebSecurityConfigurerAdapter {
 
@@ -954,17 +976,6 @@ public class HeadersConfigurerTests {
 
 	}
 
-	@Test
-	public void getWhenHstsConfiguredWithPreloadThenStrictTransportSecurityHeaderWithPreloadInResponse()
-			throws Exception {
-		this.spring.register(HstsWithPreloadConfig.class).autowire();
-
-		MvcResult mvcResult = this.mvc.perform(get("/").secure(true)).andExpect(header()
-				.string(HttpHeaders.STRICT_TRANSPORT_SECURITY, "max-age=31536000 ; includeSubDomains ; preload"))
-				.andReturn();
-		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly(HttpHeaders.STRICT_TRANSPORT_SECURITY);
-	}
-
 	@EnableWebSecurity
 	static class HstsWithPreloadConfig extends WebSecurityConfigurerAdapter {
 
@@ -981,17 +992,6 @@ public class HeadersConfigurerTests {
 
 	}
 
-	@Test
-	public void getWhenHstsConfiguredWithPreloadInLambdaThenStrictTransportSecurityHeaderWithPreloadInResponse()
-			throws Exception {
-		this.spring.register(HstsWithPreloadInLambdaConfig.class).autowire();
-
-		MvcResult mvcResult = this.mvc.perform(get("/").secure(true)).andExpect(header()
-				.string(HttpHeaders.STRICT_TRANSPORT_SECURITY, "max-age=31536000 ; includeSubDomains ; preload"))
-				.andReturn();
-		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly(HttpHeaders.STRICT_TRANSPORT_SECURITY);
-	}
-
 	@EnableWebSecurity
 	static class HstsWithPreloadInLambdaConfig extends WebSecurityConfigurerAdapter {
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpBasicConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpBasicConfigurerTests.java
index c3649f7559..6353743976 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpBasicConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpBasicConfigurerTests.java
@@ -71,6 +71,52 @@ public class HttpBasicConfigurerTests {
 		verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(BasicAuthenticationFilter.class));
 	}
 
+	@Test
+	public void httpBasicWhenUsingDefaultsInLambdaThenResponseIncludesBasicChallenge() throws Exception {
+		this.spring.register(DefaultsLambdaEntryPointConfig.class).autowire();
+
+		this.mvc.perform(get("/")).andExpect(status().isUnauthorized())
+				.andExpect(header().string("WWW-Authenticate", "Basic realm=\"Realm\""));
+	}
+
+	// SEC-2198
+	@Test
+	public void httpBasicWhenUsingDefaultsThenResponseIncludesBasicChallenge() throws Exception {
+		this.spring.register(DefaultsEntryPointConfig.class).autowire();
+
+		this.mvc.perform(get("/")).andExpect(status().isUnauthorized())
+				.andExpect(header().string("WWW-Authenticate", "Basic realm=\"Realm\""));
+	}
+
+	@Test
+	public void httpBasicWhenUsingCustomAuthenticationEntryPointThenResponseIncludesBasicChallenge() throws Exception {
+		this.spring.register(CustomAuthenticationEntryPointConfig.class).autowire();
+
+		this.mvc.perform(get("/"));
+
+		verify(CustomAuthenticationEntryPointConfig.ENTRY_POINT).commence(any(HttpServletRequest.class),
+				any(HttpServletResponse.class), any(AuthenticationException.class));
+	}
+
+	@Test
+	public void httpBasicWhenInvokedTwiceThenUsesOriginalEntryPoint() throws Exception {
+		this.spring.register(DuplicateDoesNotOverrideConfig.class).autowire();
+
+		this.mvc.perform(get("/"));
+
+		verify(DuplicateDoesNotOverrideConfig.ENTRY_POINT).commence(any(HttpServletRequest.class),
+				any(HttpServletResponse.class), any(AuthenticationException.class));
+	}
+
+	// SEC-3019
+	@Test
+	public void httpBasicWhenRememberMeConfiguredThenSetsRememberMeCookie() throws Exception {
+		this.spring.register(BasicUsesRememberMeConfig.class).autowire();
+
+		this.mvc.perform(get("/").with(httpBasic("user", "password")).param("remember-me", "true"))
+				.andExpect(cookie().exists("remember-me"));
+	}
+
 	@EnableWebSecurity
 	static class ObjectPostProcessorConfig extends WebSecurityConfigurerAdapter {
 
@@ -100,14 +146,6 @@ public class HttpBasicConfigurerTests {
 
 	}
 
-	@Test
-	public void httpBasicWhenUsingDefaultsInLambdaThenResponseIncludesBasicChallenge() throws Exception {
-		this.spring.register(DefaultsLambdaEntryPointConfig.class).autowire();
-
-		this.mvc.perform(get("/")).andExpect(status().isUnauthorized())
-				.andExpect(header().string("WWW-Authenticate", "Basic realm=\"Realm\""));
-	}
-
 	@EnableWebSecurity
 	static class DefaultsLambdaEntryPointConfig extends WebSecurityConfigurerAdapter {
 
@@ -133,15 +171,6 @@ public class HttpBasicConfigurerTests {
 
 	}
 
-	// SEC-2198
-	@Test
-	public void httpBasicWhenUsingDefaultsThenResponseIncludesBasicChallenge() throws Exception {
-		this.spring.register(DefaultsEntryPointConfig.class).autowire();
-
-		this.mvc.perform(get("/")).andExpect(status().isUnauthorized())
-				.andExpect(header().string("WWW-Authenticate", "Basic realm=\"Realm\""));
-	}
-
 	@EnableWebSecurity
 	static class DefaultsEntryPointConfig extends WebSecurityConfigurerAdapter {
 
@@ -166,16 +195,6 @@ public class HttpBasicConfigurerTests {
 
 	}
 
-	@Test
-	public void httpBasicWhenUsingCustomAuthenticationEntryPointThenResponseIncludesBasicChallenge() throws Exception {
-		this.spring.register(CustomAuthenticationEntryPointConfig.class).autowire();
-
-		this.mvc.perform(get("/"));
-
-		verify(CustomAuthenticationEntryPointConfig.ENTRY_POINT).commence(any(HttpServletRequest.class),
-				any(HttpServletResponse.class), any(AuthenticationException.class));
-	}
-
 	@EnableWebSecurity
 	static class CustomAuthenticationEntryPointConfig extends WebSecurityConfigurerAdapter {
 
@@ -203,16 +222,6 @@ public class HttpBasicConfigurerTests {
 
 	}
 
-	@Test
-	public void httpBasicWhenInvokedTwiceThenUsesOriginalEntryPoint() throws Exception {
-		this.spring.register(DuplicateDoesNotOverrideConfig.class).autowire();
-
-		this.mvc.perform(get("/"));
-
-		verify(DuplicateDoesNotOverrideConfig.ENTRY_POINT).commence(any(HttpServletRequest.class),
-				any(HttpServletResponse.class), any(AuthenticationException.class));
-	}
-
 	@EnableWebSecurity
 	static class DuplicateDoesNotOverrideConfig extends WebSecurityConfigurerAdapter {
 
@@ -242,15 +251,6 @@ public class HttpBasicConfigurerTests {
 
 	}
 
-	// SEC-3019
-	@Test
-	public void httpBasicWhenRememberMeConfiguredThenSetsRememberMeCookie() throws Exception {
-		this.spring.register(BasicUsesRememberMeConfig.class).autowire();
-
-		this.mvc.perform(get("/").with(httpBasic("user", "password")).param("remember-me", "true"))
-				.andExpect(cookie().exists("remember-me"));
-	}
-
 	@EnableWebSecurity
 	@Configuration
 	static class BasicUsesRememberMeConfig extends WebSecurityConfigurerAdapter {
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityAntMatchersTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityAntMatchersTests.java
index c78091f7dc..c6449818c2 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityAntMatchersTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityAntMatchersTests.java
@@ -78,6 +78,25 @@ public class HttpSecurityAntMatchersTests {
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_FORBIDDEN);
 	}
 
+	// SEC-3135
+	@Test
+	public void antMatchersMethodAndEmptyPatterns() throws Exception {
+		loadConfig(AntMatchersEmptyPatternsConfig.class);
+		this.request.setMethod("POST");
+
+		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
+
+		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
+	}
+
+	public void loadConfig(Class<?>... configs) {
+		this.context = new AnnotationConfigWebApplicationContext();
+		this.context.register(configs);
+		this.context.refresh();
+
+		this.context.getAutowireCapableBeanFactory().autowireBean(this);
+	}
+
 	@EnableWebSecurity
 	@Configuration
 	static class AntMatchersNoPatternsConfig extends WebSecurityConfigurerAdapter {
@@ -104,17 +123,6 @@ public class HttpSecurityAntMatchersTests {
 
 	}
 
-	// SEC-3135
-	@Test
-	public void antMatchersMethodAndEmptyPatterns() throws Exception {
-		loadConfig(AntMatchersEmptyPatternsConfig.class);
-		this.request.setMethod("POST");
-
-		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
-		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
-	}
-
 	@EnableWebSecurity
 	@Configuration
 	static class AntMatchersEmptyPatternsConfig extends WebSecurityConfigurerAdapter {
@@ -142,12 +150,4 @@ public class HttpSecurityAntMatchersTests {
 
 	}
 
-	public void loadConfig(Class<?>... configs) {
-		this.context = new AnnotationConfigWebApplicationContext();
-		this.context.register(configs);
-		this.context.refresh();
-
-		this.context.getAutowireCapableBeanFactory().autowireBean(this);
-	}
-
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityLogoutTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityLogoutTests.java
index 61989ec37f..6e2fed7cc1 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityLogoutTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityLogoutTests.java
@@ -86,6 +86,14 @@ public class HttpSecurityLogoutTests {
 		assertThat(currentContext.getAuthentication()).isNotNull();
 	}
 
+	public void loadConfig(Class<?>... configs) {
+		this.context = new AnnotationConfigWebApplicationContext();
+		this.context.register(configs);
+		this.context.refresh();
+
+		this.context.getAutowireCapableBeanFactory().autowireBean(this);
+	}
+
 	@EnableWebSecurity
 	@Configuration
 	static class ClearAuthenticationFalseConfig extends WebSecurityConfigurerAdapter {
@@ -110,12 +118,4 @@ public class HttpSecurityLogoutTests {
 
 	}
 
-	public void loadConfig(Class<?>... configs) {
-		this.context = new AnnotationConfigWebApplicationContext();
-		this.context.register(configs);
-		this.context.refresh();
-
-		this.context.getAutowireCapableBeanFactory().autowireBean(this);
-	}
-
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityRequestMatchersTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityRequestMatchersTests.java
index 606c164b8e..eb07fa41bf 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityRequestMatchersTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityRequestMatchersTests.java
@@ -105,6 +105,119 @@ public class HttpSecurityRequestMatchersTests {
 		assertThat(this.springSecurityFilterChain.getFilters("/path")).isNotEmpty();
 	}
 
+	@Test
+	public void requestMatchersMvcMatcher() throws Exception {
+		loadConfig(RequestMatchersMvcMatcherConfig.class, LegacyMvcMatchingConfig.class);
+
+		this.request.setServletPath("/path");
+		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
+
+		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
+
+		setup();
+
+		this.request.setServletPath("/path.html");
+		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
+
+		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
+
+		setup();
+
+		this.request.setServletPath("/path/");
+		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
+
+		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
+	}
+
+	@Test
+	public void requestMatchersWhenMvcMatcherInLambdaThenPathIsSecured() throws Exception {
+		loadConfig(RequestMatchersMvcMatcherInLambdaConfig.class, LegacyMvcMatchingConfig.class);
+
+		this.request.setServletPath("/path");
+		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
+
+		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
+
+		setup();
+
+		this.request.setServletPath("/path.html");
+		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
+
+		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
+
+		setup();
+
+		this.request.setServletPath("/path/");
+		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
+
+		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
+	}
+
+	@Test
+	public void requestMatchersMvcMatcherServletPath() throws Exception {
+		loadConfig(RequestMatchersMvcMatcherServeltPathConfig.class);
+
+		this.request.setServletPath("/spring");
+		this.request.setRequestURI("/spring/path");
+		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
+
+		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
+
+		setup();
+
+		this.request.setServletPath("");
+		this.request.setRequestURI("/path");
+		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
+
+		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
+
+		setup();
+
+		this.request.setServletPath("/other");
+		this.request.setRequestURI("/other/path");
+
+		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
+
+		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
+	}
+
+	@Test
+	public void requestMatcherWhensMvcMatcherServletPathInLambdaThenPathIsSecured() throws Exception {
+		loadConfig(RequestMatchersMvcMatcherServletPathInLambdaConfig.class);
+
+		this.request.setServletPath("/spring");
+		this.request.setRequestURI("/spring/path");
+		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
+
+		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
+
+		setup();
+
+		this.request.setServletPath("");
+		this.request.setRequestURI("/path");
+		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
+
+		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
+
+		setup();
+
+		this.request.setServletPath("/other");
+		this.request.setRequestURI("/other/path");
+
+		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
+
+		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
+	}
+
+	public void loadConfig(Class<?>... configs) {
+		this.context = new AnnotationConfigWebApplicationContext();
+		this.context.register(configs);
+		this.context.setServletContext(new MockServletContext());
+		this.context.refresh();
+
+		this.context.getAutowireCapableBeanFactory().autowireBean(this);
+	}
+
 	@EnableWebSecurity
 	@Configuration
 	@EnableWebMvc
@@ -141,30 +254,6 @@ public class HttpSecurityRequestMatchersTests {
 
 	}
 
-	@Test
-	public void requestMatchersMvcMatcher() throws Exception {
-		loadConfig(RequestMatchersMvcMatcherConfig.class, LegacyMvcMatchingConfig.class);
-
-		this.request.setServletPath("/path");
-		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
-		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
-
-		setup();
-
-		this.request.setServletPath("/path.html");
-		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
-		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
-
-		setup();
-
-		this.request.setServletPath("/path/");
-		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
-		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
-	}
-
 	@EnableWebSecurity
 	@Configuration
 	@EnableWebMvc
@@ -203,30 +292,6 @@ public class HttpSecurityRequestMatchersTests {
 
 	}
 
-	@Test
-	public void requestMatchersWhenMvcMatcherInLambdaThenPathIsSecured() throws Exception {
-		loadConfig(RequestMatchersMvcMatcherInLambdaConfig.class, LegacyMvcMatchingConfig.class);
-
-		this.request.setServletPath("/path");
-		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
-		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
-
-		setup();
-
-		this.request.setServletPath("/path.html");
-		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
-		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
-
-		setup();
-
-		this.request.setServletPath("/path/");
-		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
-		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
-	}
-
 	@EnableWebSecurity
 	@Configuration
 	@EnableWebMvc
@@ -260,34 +325,6 @@ public class HttpSecurityRequestMatchersTests {
 
 	}
 
-	@Test
-	public void requestMatchersMvcMatcherServletPath() throws Exception {
-		loadConfig(RequestMatchersMvcMatcherServeltPathConfig.class);
-
-		this.request.setServletPath("/spring");
-		this.request.setRequestURI("/spring/path");
-		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
-		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
-
-		setup();
-
-		this.request.setServletPath("");
-		this.request.setRequestURI("/path");
-		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
-		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
-
-		setup();
-
-		this.request.setServletPath("/other");
-		this.request.setRequestURI("/other/path");
-
-		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
-		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
-	}
-
 	@EnableWebSecurity
 	@Configuration
 	@EnableWebMvc
@@ -327,34 +364,6 @@ public class HttpSecurityRequestMatchersTests {
 
 	}
 
-	@Test
-	public void requestMatcherWhensMvcMatcherServletPathInLambdaThenPathIsSecured() throws Exception {
-		loadConfig(RequestMatchersMvcMatcherServletPathInLambdaConfig.class);
-
-		this.request.setServletPath("/spring");
-		this.request.setRequestURI("/spring/path");
-		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
-		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
-
-		setup();
-
-		this.request.setServletPath("");
-		this.request.setRequestURI("/path");
-		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
-		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
-
-		setup();
-
-		this.request.setServletPath("/other");
-		this.request.setRequestURI("/other/path");
-
-		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
-		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
-	}
-
 	@EnableWebSecurity
 	@Configuration
 	@EnableWebMvc
@@ -399,13 +408,4 @@ public class HttpSecurityRequestMatchersTests {
 
 	}
 
-	public void loadConfig(Class<?>... configs) {
-		this.context = new AnnotationConfigWebApplicationContext();
-		this.context.register(configs);
-		this.context.setServletContext(new MockServletContext());
-		this.context.refresh();
-
-		this.context.getAutowireCapableBeanFactory().autowireBean(this);
-	}
-
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/Issue55Tests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/Issue55Tests.java
index 5097a3d5ef..b071eadbb0 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/Issue55Tests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/Issue55Tests.java
@@ -60,6 +60,36 @@ public class Issue55Tests {
 		assertThat(filter.getAuthenticationManager().authenticate(token)).isEqualTo(CustomAuthenticationManager.RESULT);
 	}
 
+	@Test
+	public void multiHttpWebSecurityConfigurerAdapterDefaultsToAutowired()
+			throws NoSuchMethodException, InvocationTargetException, IllegalAccessException {
+		TestingAuthenticationToken token = new TestingAuthenticationToken("test", "this");
+		this.spring.register(MultiWebSecurityConfigurerAdapterDefaultsAuthManagerConfig.class);
+		this.spring.getContext().getBean(FilterChainProxy.class);
+
+		FilterSecurityInterceptor filter = (FilterSecurityInterceptor) findFilter(FilterSecurityInterceptor.class, 0);
+		assertThat(filter.getAuthenticationManager().authenticate(token)).isEqualTo(CustomAuthenticationManager.RESULT);
+
+		FilterSecurityInterceptor secondFilter = (FilterSecurityInterceptor) findFilter(FilterSecurityInterceptor.class,
+				1);
+		assertThat(secondFilter.getAuthenticationManager().authenticate(token))
+				.isEqualTo(CustomAuthenticationManager.RESULT);
+	}
+
+	Filter findFilter(Class<?> filter, int index) {
+		List<Filter> filters = filterChain(index).getFilters();
+		for (Filter it : filters) {
+			if (filter.isAssignableFrom(it.getClass())) {
+				return it;
+			}
+		}
+		return null;
+	}
+
+	SecurityFilterChain filterChain(int index) {
+		return this.spring.getContext().getBean(FilterChainProxy.class).getFilterChains().get(index);
+	}
+
 	@EnableWebSecurity
 	static class WebSecurityConfigurerAdapterDefaultsAuthManagerConfig {
 
@@ -89,22 +119,6 @@ public class Issue55Tests {
 
 	}
 
-	@Test
-	public void multiHttpWebSecurityConfigurerAdapterDefaultsToAutowired()
-			throws NoSuchMethodException, InvocationTargetException, IllegalAccessException {
-		TestingAuthenticationToken token = new TestingAuthenticationToken("test", "this");
-		this.spring.register(MultiWebSecurityConfigurerAdapterDefaultsAuthManagerConfig.class);
-		this.spring.getContext().getBean(FilterChainProxy.class);
-
-		FilterSecurityInterceptor filter = (FilterSecurityInterceptor) findFilter(FilterSecurityInterceptor.class, 0);
-		assertThat(filter.getAuthenticationManager().authenticate(token)).isEqualTo(CustomAuthenticationManager.RESULT);
-
-		FilterSecurityInterceptor secondFilter = (FilterSecurityInterceptor) findFilter(FilterSecurityInterceptor.class,
-				1);
-		assertThat(secondFilter.getAuthenticationManager().authenticate(token))
-				.isEqualTo(CustomAuthenticationManager.RESULT);
-	}
-
 	@EnableWebSecurity
 	static class MultiWebSecurityConfigurerAdapterDefaultsAuthManagerConfig {
 
@@ -160,18 +174,4 @@ public class Issue55Tests {
 
 	}
 
-	Filter findFilter(Class<?> filter, int index) {
-		List<Filter> filters = filterChain(index).getFilters();
-		for (Filter it : filters) {
-			if (filter.isAssignableFrom(it.getClass())) {
-				return it;
-			}
-		}
-		return null;
-	}
-
-	SecurityFilterChain filterChain(int index) {
-		return this.spring.getContext().getBean(FilterChainProxy.class).getFilterChains().get(index);
-	}
-
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/JeeConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/JeeConfigurerTests.java
index e70283bb82..46b097a6b9 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/JeeConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/JeeConfigurerTests.java
@@ -75,6 +75,63 @@ public class JeeConfigurerTests {
 				.postProcess(any(J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource.class));
 	}
 
+	@Test
+	public void jeeWhenInvokedTwiceThenUsesOriginalMappableRoles() throws Exception {
+		this.spring.register(InvokeTwiceDoesNotOverride.class).autowire();
+		Principal user = mock(Principal.class);
+		when(user.getName()).thenReturn("user");
+
+		this.mvc.perform(get("/").principal(user).with(request -> {
+			request.addUserRole("ROLE_ADMIN");
+			request.addUserRole("ROLE_USER");
+			return request;
+		})).andExpect(authenticated().withRoles("USER"));
+	}
+
+	@Test
+	public void requestWhenJeeMappableRolesInLambdaThenAuthenticatedWithMappableRoles() throws Exception {
+		this.spring.register(JeeMappableRolesConfig.class).autowire();
+		Principal user = mock(Principal.class);
+		when(user.getName()).thenReturn("user");
+
+		this.mvc.perform(get("/").principal(user).with(request -> {
+			request.addUserRole("ROLE_ADMIN");
+			request.addUserRole("ROLE_USER");
+			return request;
+		})).andExpect(authenticated().withRoles("USER"));
+	}
+
+	@Test
+	public void requestWhenJeeMappableAuthoritiesInLambdaThenAuthenticatedWithMappableAuthorities() throws Exception {
+		this.spring.register(JeeMappableAuthoritiesConfig.class).autowire();
+		Principal user = mock(Principal.class);
+		when(user.getName()).thenReturn("user");
+
+		this.mvc.perform(get("/").principal(user).with(request -> {
+			request.addUserRole("ROLE_ADMIN");
+			request.addUserRole("ROLE_USER");
+			return request;
+		})).andExpect(authenticated().withAuthorities(AuthorityUtils.createAuthorityList("ROLE_USER")));
+	}
+
+	@Test
+	public void requestWhenCustomAuthenticatedUserDetailsServiceInLambdaThenCustomAuthenticatedUserDetailsServiceUsed()
+			throws Exception {
+		this.spring.register(JeeCustomAuthenticatedUserDetailsServiceConfig.class).autowire();
+		Principal user = mock(Principal.class);
+		User userDetails = new User("user", "N/A", true, true, true, true,
+				AuthorityUtils.createAuthorityList("ROLE_USER"));
+		when(user.getName()).thenReturn("user");
+		when(JeeCustomAuthenticatedUserDetailsServiceConfig.authenticationUserDetailsService.loadUserDetails(any()))
+				.thenReturn(userDetails);
+
+		this.mvc.perform(get("/").principal(user).with(request -> {
+			request.addUserRole("ROLE_ADMIN");
+			request.addUserRole("ROLE_USER");
+			return request;
+		})).andExpect(authenticated().withRoles("USER"));
+	}
+
 	@EnableWebSecurity
 	static class ObjectPostProcessorConfig extends WebSecurityConfigurerAdapter {
 
@@ -104,19 +161,6 @@ public class JeeConfigurerTests {
 
 	}
 
-	@Test
-	public void jeeWhenInvokedTwiceThenUsesOriginalMappableRoles() throws Exception {
-		this.spring.register(InvokeTwiceDoesNotOverride.class).autowire();
-		Principal user = mock(Principal.class);
-		when(user.getName()).thenReturn("user");
-
-		this.mvc.perform(get("/").principal(user).with(request -> {
-			request.addUserRole("ROLE_ADMIN");
-			request.addUserRole("ROLE_USER");
-			return request;
-		})).andExpect(authenticated().withRoles("USER"));
-	}
-
 	@EnableWebSecurity
 	static class InvokeTwiceDoesNotOverride extends WebSecurityConfigurerAdapter {
 
@@ -133,19 +177,6 @@ public class JeeConfigurerTests {
 
 	}
 
-	@Test
-	public void requestWhenJeeMappableRolesInLambdaThenAuthenticatedWithMappableRoles() throws Exception {
-		this.spring.register(JeeMappableRolesConfig.class).autowire();
-		Principal user = mock(Principal.class);
-		when(user.getName()).thenReturn("user");
-
-		this.mvc.perform(get("/").principal(user).with(request -> {
-			request.addUserRole("ROLE_ADMIN");
-			request.addUserRole("ROLE_USER");
-			return request;
-		})).andExpect(authenticated().withRoles("USER"));
-	}
-
 	@EnableWebSecurity
 	public static class JeeMappableRolesConfig extends WebSecurityConfigurerAdapter {
 
@@ -166,19 +197,6 @@ public class JeeConfigurerTests {
 
 	}
 
-	@Test
-	public void requestWhenJeeMappableAuthoritiesInLambdaThenAuthenticatedWithMappableAuthorities() throws Exception {
-		this.spring.register(JeeMappableAuthoritiesConfig.class).autowire();
-		Principal user = mock(Principal.class);
-		when(user.getName()).thenReturn("user");
-
-		this.mvc.perform(get("/").principal(user).with(request -> {
-			request.addUserRole("ROLE_ADMIN");
-			request.addUserRole("ROLE_USER");
-			return request;
-		})).andExpect(authenticated().withAuthorities(AuthorityUtils.createAuthorityList("ROLE_USER")));
-	}
-
 	@EnableWebSecurity
 	public static class JeeMappableAuthoritiesConfig extends WebSecurityConfigurerAdapter {
 
@@ -199,24 +217,6 @@ public class JeeConfigurerTests {
 
 	}
 
-	@Test
-	public void requestWhenCustomAuthenticatedUserDetailsServiceInLambdaThenCustomAuthenticatedUserDetailsServiceUsed()
-			throws Exception {
-		this.spring.register(JeeCustomAuthenticatedUserDetailsServiceConfig.class).autowire();
-		Principal user = mock(Principal.class);
-		User userDetails = new User("user", "N/A", true, true, true, true,
-				AuthorityUtils.createAuthorityList("ROLE_USER"));
-		when(user.getName()).thenReturn("user");
-		when(JeeCustomAuthenticatedUserDetailsServiceConfig.authenticationUserDetailsService.loadUserDetails(any()))
-				.thenReturn(userDetails);
-
-		this.mvc.perform(get("/").principal(user).with(request -> {
-			request.addUserRole("ROLE_ADMIN");
-			request.addUserRole("ROLE_USER");
-			return request;
-		})).andExpect(authenticated().withRoles("USER"));
-	}
-
 	@EnableWebSecurity
 	public static class JeeCustomAuthenticatedUserDetailsServiceConfig extends WebSecurityConfigurerAdapter {
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurerTests.java
index 6e1669710b..4d3905976b 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurerTests.java
@@ -70,82 +70,24 @@ public class LogoutConfigurerTests {
 				.isInstanceOf(BeanCreationException.class).hasRootCauseInstanceOf(IllegalArgumentException.class);
 	}
 
-	@EnableWebSecurity
-	static class NullLogoutSuccessHandlerConfig extends WebSecurityConfigurerAdapter {
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.logout()
-					.defaultLogoutSuccessHandlerFor(null, mock(RequestMatcher.class));
-			// @formatter:on
-		}
-
-	}
-
 	@Test
 	public void configureWhenDefaultLogoutSuccessHandlerForHasNullLogoutHandlerInLambdaThenException() {
 		assertThatThrownBy(() -> this.spring.register(NullLogoutSuccessHandlerInLambdaConfig.class).autowire())
 				.isInstanceOf(BeanCreationException.class).hasRootCauseInstanceOf(IllegalArgumentException.class);
 	}
 
-	@EnableWebSecurity
-	static class NullLogoutSuccessHandlerInLambdaConfig extends WebSecurityConfigurerAdapter {
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.logout(logout ->
-					logout.defaultLogoutSuccessHandlerFor(null, mock(RequestMatcher.class))
-				);
-			// @formatter:on
-		}
-
-	}
-
 	@Test
 	public void configureWhenDefaultLogoutSuccessHandlerForHasNullMatcherThenException() {
 		assertThatThrownBy(() -> this.spring.register(NullMatcherConfig.class).autowire())
 				.isInstanceOf(BeanCreationException.class).hasRootCauseInstanceOf(IllegalArgumentException.class);
 	}
 
-	@EnableWebSecurity
-	static class NullMatcherConfig extends WebSecurityConfigurerAdapter {
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.logout()
-					.defaultLogoutSuccessHandlerFor(mock(LogoutSuccessHandler.class), null);
-			// @formatter:on
-		}
-
-	}
-
 	@Test
 	public void configureWhenDefaultLogoutSuccessHandlerForHasNullMatcherInLambdaThenException() {
 		assertThatThrownBy(() -> this.spring.register(NullMatcherInLambdaConfig.class).autowire())
 				.isInstanceOf(BeanCreationException.class).hasRootCauseInstanceOf(IllegalArgumentException.class);
 	}
 
-	@EnableWebSecurity
-	static class NullMatcherInLambdaConfig extends WebSecurityConfigurerAdapter {
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.logout(logout ->
-					logout.defaultLogoutSuccessHandlerFor(mock(LogoutSuccessHandler.class), null)
-				);
-			// @formatter:on
-		}
-
-	}
-
 	@Test
 	public void configureWhenRegisteringObjectPostProcessorThenInvokedOnLogoutFilter() {
 		this.spring.register(ObjectPostProcessorConfig.class).autowire();
@@ -153,35 +95,6 @@ public class LogoutConfigurerTests {
 		verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(LogoutFilter.class));
 	}
 
-	@EnableWebSecurity
-	static class ObjectPostProcessorConfig extends WebSecurityConfigurerAdapter {
-
-		static ObjectPostProcessor<Object> objectPostProcessor = spy(ReflectingObjectPostProcessor.class);
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.logout();
-			// @formatter:on
-		}
-
-		@Bean
-		static ObjectPostProcessor<Object> objectPostProcessor() {
-			return objectPostProcessor;
-		}
-
-	}
-
-	static class ReflectingObjectPostProcessor implements ObjectPostProcessor<Object> {
-
-		@Override
-		public <O> O postProcess(O object) {
-			return object;
-		}
-
-	}
-
 	@Test
 	public void logoutWhenInvokedTwiceThenUsesOriginalLogoutUrl() throws Exception {
 		this.spring.register(DuplicateDoesNotOverrideConfig.class).autowire();
@@ -190,30 +103,6 @@ public class LogoutConfigurerTests {
 				.andExpect(redirectedUrl("/login?logout"));
 	}
 
-	@EnableWebSecurity
-	static class DuplicateDoesNotOverrideConfig extends WebSecurityConfigurerAdapter {
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.logout()
-					.logoutUrl("/custom/logout")
-					.and()
-				.logout();
-			// @formatter:on
-		}
-
-		@Override
-		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
-			// @formatter:off
-			auth
-				.inMemoryAuthentication();
-			// @formatter:on
-		}
-
-	}
-
 	// SEC-2311
 	@Test
 	public void logoutWhenGetRequestAndCsrfDisabledThenRedirectsToLogin() throws Exception {
@@ -243,21 +132,6 @@ public class LogoutConfigurerTests {
 		this.mvc.perform(delete("/logout")).andExpect(status().isFound()).andExpect(redirectedUrl("/login?logout"));
 	}
 
-	@EnableWebSecurity
-	static class CsrfDisabledConfig extends WebSecurityConfigurerAdapter {
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.csrf()
-					.disable()
-				.logout();
-			// @formatter:on
-		}
-
-	}
-
 	@Test
 	public void logoutWhenGetRequestAndCsrfDisabledAndCustomLogoutUrlThenRedirectsToLogin() throws Exception {
 		this.spring.register(CsrfDisabledAndCustomLogoutConfig.class).autowire();
@@ -288,22 +162,6 @@ public class LogoutConfigurerTests {
 				.andExpect(redirectedUrl("/login?logout"));
 	}
 
-	@EnableWebSecurity
-	static class CsrfDisabledAndCustomLogoutConfig extends WebSecurityConfigurerAdapter {
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.csrf()
-					.disable()
-				.logout()
-					.logoutUrl("/custom/logout");
-			// @formatter:on
-		}
-
-	}
-
 	@Test
 	public void logoutWhenCustomLogoutUrlInLambdaThenRedirectsToLogin() throws Exception {
 		this.spring.register(CsrfDisabledAndCustomLogoutInLambdaConfig.class).autowire();
@@ -311,21 +169,6 @@ public class LogoutConfigurerTests {
 		this.mvc.perform(get("/custom/logout")).andExpect(status().isFound()).andExpect(redirectedUrl("/login?logout"));
 	}
 
-	@EnableWebSecurity
-	static class CsrfDisabledAndCustomLogoutInLambdaConfig extends WebSecurityConfigurerAdapter {
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.csrf()
-					.disable()
-				.logout(logout -> logout.logoutUrl("/custom/logout"));
-			// @formatter:on
-		}
-
-	}
-
 	// SEC-3170
 	@Test
 	public void configureWhenLogoutHandlerNullThenException() {
@@ -333,39 +176,12 @@ public class LogoutConfigurerTests {
 				.isInstanceOf(BeanCreationException.class).hasRootCauseInstanceOf(IllegalArgumentException.class);
 	}
 
-	@EnableWebSecurity
-	static class NullLogoutHandlerConfig extends WebSecurityConfigurerAdapter {
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.logout()
-					.addLogoutHandler(null);
-			// @formatter:on
-		}
-
-	}
-
 	@Test
 	public void configureWhenLogoutHandlerNullInLambdaThenException() {
 		assertThatThrownBy(() -> this.spring.register(NullLogoutHandlerInLambdaConfig.class).autowire())
 				.isInstanceOf(BeanCreationException.class).hasRootCauseInstanceOf(IllegalArgumentException.class);
 	}
 
-	@EnableWebSecurity
-	static class NullLogoutHandlerInLambdaConfig extends WebSecurityConfigurerAdapter {
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.logout(logout -> logout.addLogoutHandler(null));
-			// @formatter:on
-		}
-
-	}
-
 	// SEC-3170
 	@Test
 	public void rememberMeWhenRememberMeServicesNotLogoutHandlerThenRedirectsToLogin() throws Exception {
@@ -375,22 +191,6 @@ public class LogoutConfigurerTests {
 				.andExpect(redirectedUrl("/login?logout"));
 	}
 
-	@EnableWebSecurity
-	static class RememberMeNoLogoutHandler extends WebSecurityConfigurerAdapter {
-
-		static RememberMeServices REMEMBER_ME = mock(RememberMeServices.class);
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.rememberMe()
-					.rememberMeServices(REMEMBER_ME);
-			// @formatter:on
-		}
-
-	}
-
 	@Test
 	public void logoutWhenAcceptTextHtmlThenRedirectsToLogin() throws Exception {
 		this.spring.register(BasicSecurityConfig.class).autowire();
@@ -439,11 +239,6 @@ public class LogoutConfigurerTests {
 				.andExpect(status().isNoContent());
 	}
 
-	@EnableWebSecurity
-	static class BasicSecurityConfig extends WebSecurityConfigurerAdapter {
-
-	}
-
 	@Test
 	public void logoutWhenDisabledThenLogoutUrlNotFound() throws Exception {
 		this.spring.register(LogoutDisabledConfig.class).autowire();
@@ -451,6 +246,211 @@ public class LogoutConfigurerTests {
 		this.mvc.perform(post("/logout").with(csrf())).andExpect(status().isNotFound());
 	}
 
+	@EnableWebSecurity
+	static class NullLogoutSuccessHandlerConfig extends WebSecurityConfigurerAdapter {
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.logout()
+					.defaultLogoutSuccessHandlerFor(null, mock(RequestMatcher.class));
+			// @formatter:on
+		}
+
+	}
+
+	@EnableWebSecurity
+	static class NullLogoutSuccessHandlerInLambdaConfig extends WebSecurityConfigurerAdapter {
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.logout(logout ->
+					logout.defaultLogoutSuccessHandlerFor(null, mock(RequestMatcher.class))
+				);
+			// @formatter:on
+		}
+
+	}
+
+	@EnableWebSecurity
+	static class NullMatcherConfig extends WebSecurityConfigurerAdapter {
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.logout()
+					.defaultLogoutSuccessHandlerFor(mock(LogoutSuccessHandler.class), null);
+			// @formatter:on
+		}
+
+	}
+
+	@EnableWebSecurity
+	static class NullMatcherInLambdaConfig extends WebSecurityConfigurerAdapter {
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.logout(logout ->
+					logout.defaultLogoutSuccessHandlerFor(mock(LogoutSuccessHandler.class), null)
+				);
+			// @formatter:on
+		}
+
+	}
+
+	@EnableWebSecurity
+	static class ObjectPostProcessorConfig extends WebSecurityConfigurerAdapter {
+
+		static ObjectPostProcessor<Object> objectPostProcessor = spy(ReflectingObjectPostProcessor.class);
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.logout();
+			// @formatter:on
+		}
+
+		@Bean
+		static ObjectPostProcessor<Object> objectPostProcessor() {
+			return objectPostProcessor;
+		}
+
+	}
+
+	static class ReflectingObjectPostProcessor implements ObjectPostProcessor<Object> {
+
+		@Override
+		public <O> O postProcess(O object) {
+			return object;
+		}
+
+	}
+
+	@EnableWebSecurity
+	static class DuplicateDoesNotOverrideConfig extends WebSecurityConfigurerAdapter {
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.logout()
+					.logoutUrl("/custom/logout")
+					.and()
+				.logout();
+			// @formatter:on
+		}
+
+		@Override
+		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
+			auth
+				.inMemoryAuthentication();
+			// @formatter:on
+		}
+
+	}
+
+	@EnableWebSecurity
+	static class CsrfDisabledConfig extends WebSecurityConfigurerAdapter {
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.csrf()
+					.disable()
+				.logout();
+			// @formatter:on
+		}
+
+	}
+
+	@EnableWebSecurity
+	static class CsrfDisabledAndCustomLogoutConfig extends WebSecurityConfigurerAdapter {
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.csrf()
+					.disable()
+				.logout()
+					.logoutUrl("/custom/logout");
+			// @formatter:on
+		}
+
+	}
+
+	@EnableWebSecurity
+	static class CsrfDisabledAndCustomLogoutInLambdaConfig extends WebSecurityConfigurerAdapter {
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.csrf()
+					.disable()
+				.logout(logout -> logout.logoutUrl("/custom/logout"));
+			// @formatter:on
+		}
+
+	}
+
+	@EnableWebSecurity
+	static class NullLogoutHandlerConfig extends WebSecurityConfigurerAdapter {
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.logout()
+					.addLogoutHandler(null);
+			// @formatter:on
+		}
+
+	}
+
+	@EnableWebSecurity
+	static class NullLogoutHandlerInLambdaConfig extends WebSecurityConfigurerAdapter {
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.logout(logout -> logout.addLogoutHandler(null));
+			// @formatter:on
+		}
+
+	}
+
+	@EnableWebSecurity
+	static class RememberMeNoLogoutHandler extends WebSecurityConfigurerAdapter {
+
+		static RememberMeServices REMEMBER_ME = mock(RememberMeServices.class);
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.rememberMe()
+					.rememberMeServices(REMEMBER_ME);
+			// @formatter:on
+		}
+
+	}
+
+	@EnableWebSecurity
+	static class BasicSecurityConfig extends WebSecurityConfigurerAdapter {
+
+	}
+
 	@EnableWebSecurity
 	static class LogoutDisabledConfig extends WebSecurityConfigurerAdapter {
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceDebugTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceDebugTests.java
index c386e59c80..79c48708c1 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceDebugTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceDebugTests.java
@@ -61,11 +61,6 @@ public class NamespaceDebugTests {
 		verify(appender, atLeastOnce()).doAppend(any(ILoggingEvent.class));
 	}
 
-	@EnableWebSecurity(debug = true)
-	static class DebugWebSecurity extends WebSecurityConfigurerAdapter {
-
-	}
-
 	@Test
 	public void requestWhenDebugSetToFalseThenDoesNotLogDebugInformation() throws Exception {
 		Appender<ILoggingEvent> appender = mockAppenderFor("Spring Security Debugger");
@@ -75,11 +70,6 @@ public class NamespaceDebugTests {
 		verify(appender, never()).doAppend(any(ILoggingEvent.class));
 	}
 
-	@EnableWebSecurity
-	static class NoDebugWebSecurity extends WebSecurityConfigurerAdapter {
-
-	}
-
 	private Appender<ILoggingEvent> mockAppenderFor(String name) {
 		Appender<ILoggingEvent> appender = mock(Appender.class);
 		Logger logger = (Logger) LoggerFactory.getLogger(name);
@@ -92,4 +82,14 @@ public class NamespaceDebugTests {
 		return this.spring.getContext().getBean("springSecurityFilterChain").getClass();
 	}
 
+	@EnableWebSecurity(debug = true)
+	static class DebugWebSecurity extends WebSecurityConfigurerAdapter {
+
+	}
+
+	@EnableWebSecurity
+	static class NoDebugWebSecurity extends WebSecurityConfigurerAdapter {
+
+	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpAnonymousTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpAnonymousTests.java
index ccf73dba40..1ff61c858c 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpAnonymousTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpAnonymousTests.java
@@ -60,6 +60,30 @@ public class NamespaceHttpAnonymousTests {
 		this.mvc.perform(get("/type")).andExpect(content().string(AnonymousAuthenticationToken.class.getSimpleName()));
 	}
 
+	@Test
+	public void anonymousRequestWhenDisablingAnonymousThenDenies() throws Exception {
+		this.spring.register(AnonymousDisabledConfig.class, AnonymousController.class).autowire();
+		this.mvc.perform(get("/type")).andExpect(status().isForbidden());
+	}
+
+	@Test
+	public void requestWhenAnonymousThenSendsAnonymousConfiguredAuthorities() throws Exception {
+		this.spring.register(AnonymousGrantedAuthorityConfig.class, AnonymousController.class).autowire();
+		this.mvc.perform(get("/type")).andExpect(content().string(AnonymousAuthenticationToken.class.getSimpleName()));
+	}
+
+	@Test
+	public void anonymousRequestWhenAnonymousKeyConfiguredThenKeyIsUsed() throws Exception {
+		this.spring.register(AnonymousKeyConfig.class, AnonymousController.class).autowire();
+		this.mvc.perform(get("/key")).andExpect(content().string(String.valueOf("AnonymousKeyConfig".hashCode())));
+	}
+
+	@Test
+	public void anonymousRequestWhenAnonymousUsernameConfiguredThenUsernameIsUsed() throws Exception {
+		this.spring.register(AnonymousUsernameConfig.class, AnonymousController.class).autowire();
+		this.mvc.perform(get("/principal")).andExpect(content().string("AnonymousUsernameConfig"));
+	}
+
 	@EnableWebSecurity
 	static class AnonymousConfig extends WebSecurityConfigurerAdapter {
 
@@ -75,12 +99,6 @@ public class NamespaceHttpAnonymousTests {
 
 	}
 
-	@Test
-	public void anonymousRequestWhenDisablingAnonymousThenDenies() throws Exception {
-		this.spring.register(AnonymousDisabledConfig.class, AnonymousController.class).autowire();
-		this.mvc.perform(get("/type")).andExpect(status().isForbidden());
-	}
-
 	@EnableWebSecurity
 	static class AnonymousDisabledConfig extends WebSecurityConfigurerAdapter {
 
@@ -107,12 +125,6 @@ public class NamespaceHttpAnonymousTests {
 
 	}
 
-	@Test
-	public void requestWhenAnonymousThenSendsAnonymousConfiguredAuthorities() throws Exception {
-		this.spring.register(AnonymousGrantedAuthorityConfig.class, AnonymousController.class).autowire();
-		this.mvc.perform(get("/type")).andExpect(content().string(AnonymousAuthenticationToken.class.getSimpleName()));
-	}
-
 	@EnableWebSecurity
 	static class AnonymousGrantedAuthorityConfig extends WebSecurityConfigurerAdapter {
 
@@ -131,12 +143,6 @@ public class NamespaceHttpAnonymousTests {
 
 	}
 
-	@Test
-	public void anonymousRequestWhenAnonymousKeyConfiguredThenKeyIsUsed() throws Exception {
-		this.spring.register(AnonymousKeyConfig.class, AnonymousController.class).autowire();
-		this.mvc.perform(get("/key")).andExpect(content().string(String.valueOf("AnonymousKeyConfig".hashCode())));
-	}
-
 	@EnableWebSecurity
 	static class AnonymousKeyConfig extends WebSecurityConfigurerAdapter {
 
@@ -154,12 +160,6 @@ public class NamespaceHttpAnonymousTests {
 
 	}
 
-	@Test
-	public void anonymousRequestWhenAnonymousUsernameConfiguredThenUsernameIsUsed() throws Exception {
-		this.spring.register(AnonymousUsernameConfig.class, AnonymousController.class).autowire();
-		this.mvc.perform(get("/principal")).andExpect(content().string("AnonymousUsernameConfig"));
-	}
-
 	@EnableWebSecurity
 	static class AnonymousUsernameConfig extends WebSecurityConfigurerAdapter {
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpBasicTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpBasicTests.java
index 6cd603b95b..153c5e28dd 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpBasicTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpBasicTests.java
@@ -73,6 +73,90 @@ public class NamespaceHttpBasicTests {
 		this.mvc.perform(get("/").with(httpBasic("user", "password"))).andExpect(status().isNotFound());
 	}
 
+	@Test
+	public void basicAuthenticationWhenUsingDefaultsInLambdaThenMatchesNamespace() throws Exception {
+		this.spring.register(HttpBasicLambdaConfig.class, UserConfig.class).autowire();
+
+		this.mvc.perform(get("/")).andExpect(status().isUnauthorized());
+
+		this.mvc.perform(get("/").with(httpBasic("user", "invalid"))).andExpect(status().isUnauthorized())
+				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, "Basic realm=\"Realm\""));
+
+		this.mvc.perform(get("/").with(httpBasic("user", "password"))).andExpect(status().isNotFound());
+	}
+
+	/**
+	 * http@realm equivalent
+	 */
+	@Test
+	public void basicAuthenticationWhenUsingCustomRealmThenMatchesNamespace() throws Exception {
+		this.spring.register(CustomHttpBasicConfig.class, UserConfig.class).autowire();
+
+		this.mvc.perform(get("/").with(httpBasic("user", "invalid"))).andExpect(status().isUnauthorized())
+				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, "Basic realm=\"Custom Realm\""));
+	}
+
+	@Test
+	public void basicAuthenticationWhenUsingCustomRealmInLambdaThenMatchesNamespace() throws Exception {
+		this.spring.register(CustomHttpBasicLambdaConfig.class, UserConfig.class).autowire();
+
+		this.mvc.perform(get("/").with(httpBasic("user", "invalid"))).andExpect(status().isUnauthorized())
+				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, "Basic realm=\"Custom Realm\""));
+	}
+
+	/**
+	 * http/http-basic@authentication-details-source-ref equivalent
+	 */
+	@Test
+	public void basicAuthenticationWhenUsingAuthenticationDetailsSourceRefThenMatchesNamespace() throws Exception {
+		this.spring.register(AuthenticationDetailsSourceHttpBasicConfig.class, UserConfig.class).autowire();
+
+		AuthenticationDetailsSource<HttpServletRequest, ?> source = this.spring.getContext()
+				.getBean(AuthenticationDetailsSource.class);
+
+		this.mvc.perform(get("/").with(httpBasic("user", "password")));
+
+		verify(source).buildDetails(any(HttpServletRequest.class));
+	}
+
+	@Test
+	public void basicAuthenticationWhenUsingAuthenticationDetailsSourceRefInLambdaThenMatchesNamespace()
+			throws Exception {
+		this.spring.register(AuthenticationDetailsSourceHttpBasicLambdaConfig.class, UserConfig.class).autowire();
+
+		AuthenticationDetailsSource<HttpServletRequest, ?> source = this.spring.getContext()
+				.getBean(AuthenticationDetailsSource.class);
+
+		this.mvc.perform(get("/").with(httpBasic("user", "password")));
+
+		verify(source).buildDetails(any(HttpServletRequest.class));
+	}
+
+	/**
+	 * http/http-basic@entry-point-ref
+	 */
+	@Test
+	public void basicAuthenticationWhenUsingEntryPointRefThenMatchesNamespace() throws Exception {
+		this.spring.register(EntryPointRefHttpBasicConfig.class, UserConfig.class).autowire();
+
+		this.mvc.perform(get("/")).andExpect(status().is(999));
+
+		this.mvc.perform(get("/").with(httpBasic("user", "invalid"))).andExpect(status().is(999));
+
+		this.mvc.perform(get("/").with(httpBasic("user", "password"))).andExpect(status().isNotFound());
+	}
+
+	@Test
+	public void basicAuthenticationWhenUsingEntryPointRefInLambdaThenMatchesNamespace() throws Exception {
+		this.spring.register(EntryPointRefHttpBasicLambdaConfig.class, UserConfig.class).autowire();
+
+		this.mvc.perform(get("/")).andExpect(status().is(999));
+
+		this.mvc.perform(get("/").with(httpBasic("user", "invalid"))).andExpect(status().is(999));
+
+		this.mvc.perform(get("/").with(httpBasic("user", "password"))).andExpect(status().isNotFound());
+	}
+
 	@Configuration
 	static class UserConfig {
 
@@ -107,18 +191,6 @@ public class NamespaceHttpBasicTests {
 
 	}
 
-	@Test
-	public void basicAuthenticationWhenUsingDefaultsInLambdaThenMatchesNamespace() throws Exception {
-		this.spring.register(HttpBasicLambdaConfig.class, UserConfig.class).autowire();
-
-		this.mvc.perform(get("/")).andExpect(status().isUnauthorized());
-
-		this.mvc.perform(get("/").with(httpBasic("user", "invalid"))).andExpect(status().isUnauthorized())
-				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, "Basic realm=\"Realm\""));
-
-		this.mvc.perform(get("/").with(httpBasic("user", "password"))).andExpect(status().isNotFound());
-	}
-
 	@EnableWebSecurity
 	static class HttpBasicLambdaConfig extends WebSecurityConfigurerAdapter {
 
@@ -136,17 +208,6 @@ public class NamespaceHttpBasicTests {
 
 	}
 
-	/**
-	 * http@realm equivalent
-	 */
-	@Test
-	public void basicAuthenticationWhenUsingCustomRealmThenMatchesNamespace() throws Exception {
-		this.spring.register(CustomHttpBasicConfig.class, UserConfig.class).autowire();
-
-		this.mvc.perform(get("/").with(httpBasic("user", "invalid"))).andExpect(status().isUnauthorized())
-				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, "Basic realm=\"Custom Realm\""));
-	}
-
 	@EnableWebSecurity
 	static class CustomHttpBasicConfig extends WebSecurityConfigurerAdapter {
 
@@ -163,14 +224,6 @@ public class NamespaceHttpBasicTests {
 
 	}
 
-	@Test
-	public void basicAuthenticationWhenUsingCustomRealmInLambdaThenMatchesNamespace() throws Exception {
-		this.spring.register(CustomHttpBasicLambdaConfig.class, UserConfig.class).autowire();
-
-		this.mvc.perform(get("/").with(httpBasic("user", "invalid"))).andExpect(status().isUnauthorized())
-				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, "Basic realm=\"Custom Realm\""));
-	}
-
 	@EnableWebSecurity
 	static class CustomHttpBasicLambdaConfig extends WebSecurityConfigurerAdapter {
 
@@ -188,21 +241,6 @@ public class NamespaceHttpBasicTests {
 
 	}
 
-	/**
-	 * http/http-basic@authentication-details-source-ref equivalent
-	 */
-	@Test
-	public void basicAuthenticationWhenUsingAuthenticationDetailsSourceRefThenMatchesNamespace() throws Exception {
-		this.spring.register(AuthenticationDetailsSourceHttpBasicConfig.class, UserConfig.class).autowire();
-
-		AuthenticationDetailsSource<HttpServletRequest, ?> source = this.spring.getContext()
-				.getBean(AuthenticationDetailsSource.class);
-
-		this.mvc.perform(get("/").with(httpBasic("user", "password")));
-
-		verify(source).buildDetails(any(HttpServletRequest.class));
-	}
-
 	@EnableWebSecurity
 	static class AuthenticationDetailsSourceHttpBasicConfig extends WebSecurityConfigurerAdapter {
 
@@ -225,19 +263,6 @@ public class NamespaceHttpBasicTests {
 
 	}
 
-	@Test
-	public void basicAuthenticationWhenUsingAuthenticationDetailsSourceRefInLambdaThenMatchesNamespace()
-			throws Exception {
-		this.spring.register(AuthenticationDetailsSourceHttpBasicLambdaConfig.class, UserConfig.class).autowire();
-
-		AuthenticationDetailsSource<HttpServletRequest, ?> source = this.spring.getContext()
-				.getBean(AuthenticationDetailsSource.class);
-
-		this.mvc.perform(get("/").with(httpBasic("user", "password")));
-
-		verify(source).buildDetails(any(HttpServletRequest.class));
-	}
-
 	@EnableWebSecurity
 	static class AuthenticationDetailsSourceHttpBasicLambdaConfig extends WebSecurityConfigurerAdapter {
 
@@ -260,20 +285,6 @@ public class NamespaceHttpBasicTests {
 
 	}
 
-	/**
-	 * http/http-basic@entry-point-ref
-	 */
-	@Test
-	public void basicAuthenticationWhenUsingEntryPointRefThenMatchesNamespace() throws Exception {
-		this.spring.register(EntryPointRefHttpBasicConfig.class, UserConfig.class).autowire();
-
-		this.mvc.perform(get("/")).andExpect(status().is(999));
-
-		this.mvc.perform(get("/").with(httpBasic("user", "invalid"))).andExpect(status().is(999));
-
-		this.mvc.perform(get("/").with(httpBasic("user", "password"))).andExpect(status().isNotFound());
-	}
-
 	@EnableWebSecurity
 	static class EntryPointRefHttpBasicConfig extends WebSecurityConfigurerAdapter {
 
@@ -293,17 +304,6 @@ public class NamespaceHttpBasicTests {
 
 	}
 
-	@Test
-	public void basicAuthenticationWhenUsingEntryPointRefInLambdaThenMatchesNamespace() throws Exception {
-		this.spring.register(EntryPointRefHttpBasicLambdaConfig.class, UserConfig.class).autowire();
-
-		this.mvc.perform(get("/")).andExpect(status().is(999));
-
-		this.mvc.perform(get("/").with(httpBasic("user", "invalid"))).andExpect(status().is(999));
-
-		this.mvc.perform(get("/").with(httpBasic("user", "password"))).andExpect(status().isNotFound());
-	}
-
 	@EnableWebSecurity
 	static class EntryPointRefHttpBasicLambdaConfig extends WebSecurityConfigurerAdapter {
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpCustomFilterTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpCustomFilterTests.java
index e2bc0970fd..4355601aa9 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpCustomFilterTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpCustomFilterTests.java
@@ -65,6 +65,37 @@ public class NamespaceHttpCustomFilterTests {
 		assertThatFilters().containsSubsequence(CustomFilter.class, UsernamePasswordAuthenticationFilter.class);
 	}
 
+	@Test
+	public void getFiltersWhenFilterAddedAfterThenBehaviorMatchesNamespace() {
+		this.spring.register(CustomFilterAfterConfig.class, UserDetailsServiceConfig.class).autowire();
+		assertThatFilters().containsSubsequence(UsernamePasswordAuthenticationFilter.class, CustomFilter.class);
+	}
+
+	@Test
+	public void getFiltersWhenFilterAddedThenBehaviorMatchesNamespace() {
+		this.spring.register(CustomFilterPositionConfig.class, UserDetailsServiceConfig.class).autowire();
+		assertThatFilters().containsExactly(CustomFilter.class);
+	}
+
+	@Test
+	public void getFiltersWhenFilterAddedAtPositionThenBehaviorMatchesNamespace() {
+		this.spring.register(CustomFilterPositionAtConfig.class, UserDetailsServiceConfig.class).autowire();
+		assertThatFilters().containsExactly(OtherCustomFilter.class);
+	}
+
+	@Test
+	public void getFiltersWhenCustomAuthenticationManagerThenBehaviorMatchesNamespace() {
+		this.spring.register(NoAuthenticationManagerInHttpConfigurationConfig.class).autowire();
+		assertThatFilters().startsWith(CustomFilter.class);
+	}
+
+	private ListAssert<Class<?>> assertThatFilters() {
+		FilterChainProxy filterChain = this.spring.getContext().getBean(FilterChainProxy.class);
+		List<Class<?>> filters = filterChain.getFilters("/").stream().map(Object::getClass)
+				.collect(Collectors.toList());
+		return assertThat(filters);
+	}
+
 	@EnableWebSecurity
 	static class CustomFilterBeforeConfig extends WebSecurityConfigurerAdapter {
 
@@ -79,12 +110,6 @@ public class NamespaceHttpCustomFilterTests {
 
 	}
 
-	@Test
-	public void getFiltersWhenFilterAddedAfterThenBehaviorMatchesNamespace() {
-		this.spring.register(CustomFilterAfterConfig.class, UserDetailsServiceConfig.class).autowire();
-		assertThatFilters().containsSubsequence(UsernamePasswordAuthenticationFilter.class, CustomFilter.class);
-	}
-
 	@EnableWebSecurity
 	static class CustomFilterAfterConfig extends WebSecurityConfigurerAdapter {
 
@@ -99,12 +124,6 @@ public class NamespaceHttpCustomFilterTests {
 
 	}
 
-	@Test
-	public void getFiltersWhenFilterAddedThenBehaviorMatchesNamespace() {
-		this.spring.register(CustomFilterPositionConfig.class, UserDetailsServiceConfig.class).autowire();
-		assertThatFilters().containsExactly(CustomFilter.class);
-	}
-
 	@EnableWebSecurity
 	static class CustomFilterPositionConfig extends WebSecurityConfigurerAdapter {
 
@@ -125,12 +144,6 @@ public class NamespaceHttpCustomFilterTests {
 
 	}
 
-	@Test
-	public void getFiltersWhenFilterAddedAtPositionThenBehaviorMatchesNamespace() {
-		this.spring.register(CustomFilterPositionAtConfig.class, UserDetailsServiceConfig.class).autowire();
-		assertThatFilters().containsExactly(OtherCustomFilter.class);
-	}
-
 	@EnableWebSecurity
 	static class CustomFilterPositionAtConfig extends WebSecurityConfigurerAdapter {
 
@@ -149,12 +162,6 @@ public class NamespaceHttpCustomFilterTests {
 
 	}
 
-	@Test
-	public void getFiltersWhenCustomAuthenticationManagerThenBehaviorMatchesNamespace() {
-		this.spring.register(NoAuthenticationManagerInHttpConfigurationConfig.class).autowire();
-		assertThatFilters().startsWith(CustomFilter.class);
-	}
-
 	@EnableWebSecurity
 	static class NoAuthenticationManagerInHttpConfigurationConfig extends WebSecurityConfigurerAdapter {
 
@@ -220,11 +227,4 @@ public class NamespaceHttpCustomFilterTests {
 
 	}
 
-	private ListAssert<Class<?>> assertThatFilters() {
-		FilterChainProxy filterChain = this.spring.getContext().getBean(FilterChainProxy.class);
-		List<Class<?>> filters = filterChain.getFilters("/").stream().map(Object::getClass)
-				.collect(Collectors.toList());
-		return assertThat(filters);
-	}
-
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpExpressionHandlerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpExpressionHandlerTests.java
index eeab7c3e11..ac14a32ba3 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpExpressionHandlerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpExpressionHandlerTests.java
@@ -70,6 +70,10 @@ public class NamespaceHttpExpressionHandlerTests {
 		verifyBean("expressionParser", ExpressionParser.class).parseExpression("hasRole('USER')");
 	}
 
+	private <T> T verifyBean(String beanName, Class<T> beanClass) {
+		return verify(this.spring.getContext().getBean(beanName, beanClass));
+	}
+
 	@EnableWebMvc
 	@EnableWebSecurity
 	private static class ExpressionHandlerConfig extends WebSecurityConfigurerAdapter {
@@ -115,8 +119,4 @@ public class NamespaceHttpExpressionHandlerTests {
 
 	}
 
-	private <T> T verifyBean(String beanName, Class<T> beanClass) {
-		return verify(this.spring.getContext().getBean(beanName, beanClass));
-	}
-
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFirewallTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFirewallTests.java
index 146db2013d..7ddce408dd 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFirewallTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFirewallTests.java
@@ -56,11 +56,6 @@ public class NamespaceHttpFirewallTests {
 		assertThatCode(() -> this.mvc.perform(get("/public/../private/"))).isInstanceOf(RequestRejectedException.class);
 	}
 
-	@EnableWebSecurity
-	static class HttpFirewallConfig {
-
-	}
-
 	@Test
 	public void requestWithCustomFirewallThenBehaviorMatchesNamespace() {
 		this.rule.register(CustomHttpFirewallConfig.class).autowire();
@@ -68,6 +63,18 @@ public class NamespaceHttpFirewallTests {
 				.isInstanceOf(RequestRejectedException.class);
 	}
 
+	@Test
+	public void requestWithCustomFirewallBeanThenBehaviorMatchesNamespace() {
+		this.rule.register(CustomHttpFirewallBeanConfig.class).autowire();
+		assertThatCode(() -> this.mvc.perform(get("/").param("deny", "true")))
+				.isInstanceOf(RequestRejectedException.class);
+	}
+
+	@EnableWebSecurity
+	static class HttpFirewallConfig {
+
+	}
+
 	@EnableWebSecurity
 	static class CustomHttpFirewallConfig extends WebSecurityConfigurerAdapter {
 
@@ -78,13 +85,6 @@ public class NamespaceHttpFirewallTests {
 
 	}
 
-	@Test
-	public void requestWithCustomFirewallBeanThenBehaviorMatchesNamespace() {
-		this.rule.register(CustomHttpFirewallBeanConfig.class).autowire();
-		assertThatCode(() -> this.mvc.perform(get("/").param("deny", "true")))
-				.isInstanceOf(RequestRejectedException.class);
-	}
-
 	@EnableWebSecurity
 	static class CustomHttpFirewallBeanConfig {
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFormLoginTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFormLoginTests.java
index 7dd2827975..6a8b15d8a2 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFormLoginTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFormLoginTests.java
@@ -71,6 +71,36 @@ public class NamespaceHttpFormLoginTests {
 				.andExpect(redirectedUrl("/"));
 	}
 
+	@Test
+	public void formLoginWithCustomEndpointsThenBehaviorMatchesNamespace() throws Exception {
+		this.spring.register(FormLoginCustomConfig.class, UserDetailsServiceConfig.class).autowire();
+
+		this.mvc.perform(get("/")).andExpect(redirectedUrl("http://localhost/authentication/login"));
+
+		this.mvc.perform(post("/authentication/login/process").with(csrf()))
+				.andExpect(redirectedUrl("/authentication/login?failed"));
+
+		this.mvc.perform(post("/authentication/login/process").param("username", "user").param("password", "password")
+				.with(csrf())).andExpect(redirectedUrl("/default"));
+	}
+
+	@Test
+	public void formLoginWithCustomHandlersThenBehaviorMatchesNamespace() throws Exception {
+		this.spring.register(FormLoginCustomRefsConfig.class, UserDetailsServiceConfig.class).autowire();
+
+		this.mvc.perform(get("/")).andExpect(redirectedUrl("http://localhost/login"));
+
+		this.mvc.perform(post("/login").with(csrf())).andExpect(redirectedUrl("/custom/failure"));
+		verifyBean(WebAuthenticationDetailsSource.class).buildDetails(any(HttpServletRequest.class));
+
+		this.mvc.perform(post("/login").param("username", "user").param("password", "password").with(csrf()))
+				.andExpect(redirectedUrl("/custom/targetUrl"));
+	}
+
+	private <T> T verifyBean(Class<T> beanClass) {
+		return verify(this.spring.getContext().getBean(beanClass));
+	}
+
 	@EnableWebSecurity
 	static class FormLoginConfig extends WebSecurityConfigurerAdapter {
 
@@ -92,19 +122,6 @@ public class NamespaceHttpFormLoginTests {
 
 	}
 
-	@Test
-	public void formLoginWithCustomEndpointsThenBehaviorMatchesNamespace() throws Exception {
-		this.spring.register(FormLoginCustomConfig.class, UserDetailsServiceConfig.class).autowire();
-
-		this.mvc.perform(get("/")).andExpect(redirectedUrl("http://localhost/authentication/login"));
-
-		this.mvc.perform(post("/authentication/login/process").with(csrf()))
-				.andExpect(redirectedUrl("/authentication/login?failed"));
-
-		this.mvc.perform(post("/authentication/login/process").param("username", "user").param("password", "password")
-				.with(csrf())).andExpect(redirectedUrl("/default"));
-	}
-
 	@EnableWebSecurity
 	static class FormLoginCustomConfig extends WebSecurityConfigurerAdapter {
 
@@ -128,19 +145,6 @@ public class NamespaceHttpFormLoginTests {
 
 	}
 
-	@Test
-	public void formLoginWithCustomHandlersThenBehaviorMatchesNamespace() throws Exception {
-		this.spring.register(FormLoginCustomRefsConfig.class, UserDetailsServiceConfig.class).autowire();
-
-		this.mvc.perform(get("/")).andExpect(redirectedUrl("http://localhost/login"));
-
-		this.mvc.perform(post("/login").with(csrf())).andExpect(redirectedUrl("/custom/failure"));
-		verifyBean(WebAuthenticationDetailsSource.class).buildDetails(any(HttpServletRequest.class));
-
-		this.mvc.perform(post("/login").param("username", "user").param("password", "password").with(csrf()))
-				.andExpect(redirectedUrl("/custom/targetUrl"));
-	}
-
 	@EnableWebSecurity
 	static class FormLoginCustomRefsConfig extends WebSecurityConfigurerAdapter {
 
@@ -186,8 +190,4 @@ public class NamespaceHttpFormLoginTests {
 
 	}
 
-	private <T> T verifyBean(Class<T> beanClass) {
-		return verify(this.spring.getContext().getBean(beanClass));
-	}
-
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpHeadersTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpHeadersTests.java
index 7ffd4c2dc7..403791c13e 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpHeadersTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpHeadersTests.java
@@ -73,19 +73,6 @@ public class NamespaceHttpHeadersTests {
 		this.mvc.perform(get("/").secure(true)).andExpect(includesDefaults());
 	}
 
-	@EnableWebSecurity
-	static class HeadersDefaultConfig extends WebSecurityConfigurerAdapter {
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.headers();
-			// @formatter:on
-		}
-
-	}
-
 	@Test
 	public void secureRequestWhenCacheControlOnlyThenBehaviorMatchesNamespace() throws Exception {
 		this.spring.register(HeadersCacheControlConfig.class).autowire();
@@ -93,21 +80,6 @@ public class NamespaceHttpHeadersTests {
 		this.mvc.perform(get("/").secure(true)).andExpect(includes("Cache-Control", "Expires", "Pragma"));
 	}
 
-	@EnableWebSecurity
-	static class HeadersCacheControlConfig extends WebSecurityConfigurerAdapter {
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.headers()
-					.defaultsDisabled()
-					.cacheControl();
-			// @formatter:on
-		}
-
-	}
-
 	@Test
 	public void secureRequestWhenHstsOnlyThenBehaviorMatchesNamespace() throws Exception {
 		this.spring.register(HstsConfig.class).autowire();
@@ -115,21 +87,6 @@ public class NamespaceHttpHeadersTests {
 		this.mvc.perform(get("/").secure(true)).andExpect(includes("Strict-Transport-Security"));
 	}
 
-	@EnableWebSecurity
-	static class HstsConfig extends WebSecurityConfigurerAdapter {
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.headers()
-					.defaultsDisabled()
-					.httpStrictTransportSecurity();
-			// @formatter:on
-		}
-
-	}
-
 	@Test
 	public void requestWhenHstsCustomThenBehaviorMatchesNamespace() throws Exception {
 		this.spring.register(HstsCustomConfig.class).autowire();
@@ -138,25 +95,6 @@ public class NamespaceHttpHeadersTests {
 				.andExpect(includes(Collections.singletonMap("Strict-Transport-Security", "max-age=15768000")));
 	}
 
-	@EnableWebSecurity
-	static class HstsCustomConfig extends WebSecurityConfigurerAdapter {
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.headers()
-					// hsts@request-matcher-ref, hsts@max-age-seconds, hsts@include-subdomains
-					.defaultsDisabled()
-					.httpStrictTransportSecurity()
-						.requestMatcher(AnyRequestMatcher.INSTANCE)
-						.maxAgeInSeconds(15768000)
-						.includeSubDomains(false);
-			// @formatter:on
-		}
-
-	}
-
 	@Test
 	public void requestWhenFrameOptionsSameOriginThenBehaviorMatchesNamespace() throws Exception {
 		this.spring.register(FrameOptionsSameOriginConfig.class).autowire();
@@ -164,26 +102,6 @@ public class NamespaceHttpHeadersTests {
 		this.mvc.perform(get("/")).andExpect(includes(Collections.singletonMap("X-Frame-Options", "SAMEORIGIN")));
 	}
 
-	@EnableWebSecurity
-	static class FrameOptionsSameOriginConfig extends WebSecurityConfigurerAdapter {
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.headers()
-					// frame-options@policy=SAMEORIGIN
-					.defaultsDisabled()
-					.frameOptions()
-						.sameOrigin();
-			// @formatter:on
-		}
-
-	}
-
-	// frame-options@strategy, frame-options@value, frame-options@parameter are not
-	// provided instead use frame-options@ref
-
 	@Test
 	public void requestWhenFrameOptionsAllowFromThenBehaviorMatchesNamespace() throws Exception {
 		this.spring.register(FrameOptionsAllowFromConfig.class).autowire();
@@ -192,23 +110,6 @@ public class NamespaceHttpHeadersTests {
 				.andExpect(includes(Collections.singletonMap("X-Frame-Options", "ALLOW-FROM https://example.com")));
 	}
 
-	@EnableWebSecurity
-	static class FrameOptionsAllowFromConfig extends WebSecurityConfigurerAdapter {
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.headers()
-					// frame-options@ref
-					.defaultsDisabled()
-					.addHeaderWriter(new XFrameOptionsHeaderWriter(
-							new StaticAllowFromStrategy(URI.create("https://example.com"))));
-			// @formatter:on
-		}
-
-	}
-
 	@Test
 	public void requestWhenXssOnlyThenBehaviorMatchesNamespace() throws Exception {
 		this.spring.register(XssProtectionConfig.class).autowire();
@@ -216,22 +117,6 @@ public class NamespaceHttpHeadersTests {
 		this.mvc.perform(get("/")).andExpect(includes("X-XSS-Protection"));
 	}
 
-	@EnableWebSecurity
-	static class XssProtectionConfig extends WebSecurityConfigurerAdapter {
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.headers()
-					// xss-protection
-					.defaultsDisabled()
-					.xssProtection();
-			// @formatter:on
-		}
-
-	}
-
 	@Test
 	public void requestWhenXssCustomThenBehaviorMatchesNamespace() throws Exception {
 		this.spring.register(XssProtectionCustomConfig.class).autowire();
@@ -239,24 +124,6 @@ public class NamespaceHttpHeadersTests {
 		this.mvc.perform(get("/")).andExpect(includes(Collections.singletonMap("X-XSS-Protection", "1")));
 	}
 
-	@EnableWebSecurity
-	static class XssProtectionCustomConfig extends WebSecurityConfigurerAdapter {
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.headers()
-					// xss-protection@enabled and xss-protection@block
-					.defaultsDisabled()
-					.xssProtection()
-						.xssProtectionEnabled(true)
-						.block(false);
-			// @formatter:on
-		}
-
-	}
-
 	@Test
 	public void requestWhenXContentTypeOptionsOnlyThenBehaviorMatchesNamespace() throws Exception {
 		this.spring.register(ContentTypeOptionsConfig.class).autowire();
@@ -264,24 +131,6 @@ public class NamespaceHttpHeadersTests {
 		this.mvc.perform(get("/")).andExpect(includes("X-Content-Type-Options"));
 	}
 
-	@EnableWebSecurity
-	static class ContentTypeOptionsConfig extends WebSecurityConfigurerAdapter {
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.headers()
-					// content-type-options
-					.defaultsDisabled()
-					.contentTypeOptions();
-			// @formatter:on
-		}
-
-	}
-
-	// header@name / header@value are not provided instead use header@ref
-
 	@Test
 	public void requestWhenCustomHeaderOnlyThenBehaviorMatchesNamespace() throws Exception {
 		this.spring.register(HeaderRefConfig.class).autowire();
@@ -290,21 +139,6 @@ public class NamespaceHttpHeadersTests {
 				.andExpect(includes(Collections.singletonMap("customHeaderName", "customHeaderValue")));
 	}
 
-	@EnableWebSecurity
-	static class HeaderRefConfig extends WebSecurityConfigurerAdapter {
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.headers()
-					.defaultsDisabled()
-					.addHeaderWriter(new StaticHeadersWriter("customHeaderName", "customHeaderValue"));
-			// @formatter:on
-		}
-
-	}
-
 	private static ResultMatcher includesDefaults() {
 		return includes(defaultHeaders);
 	}
@@ -326,4 +160,165 @@ public class NamespaceHttpHeadersTests {
 		};
 	}
 
+	@EnableWebSecurity
+	static class HeadersDefaultConfig extends WebSecurityConfigurerAdapter {
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.headers();
+			// @formatter:on
+		}
+
+	}
+
+	@EnableWebSecurity
+	static class HeadersCacheControlConfig extends WebSecurityConfigurerAdapter {
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.headers()
+					.defaultsDisabled()
+					.cacheControl();
+			// @formatter:on
+		}
+
+	}
+
+	@EnableWebSecurity
+	static class HstsConfig extends WebSecurityConfigurerAdapter {
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.headers()
+					.defaultsDisabled()
+					.httpStrictTransportSecurity();
+			// @formatter:on
+		}
+
+	}
+
+	@EnableWebSecurity
+	static class HstsCustomConfig extends WebSecurityConfigurerAdapter {
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.headers()
+					// hsts@request-matcher-ref, hsts@max-age-seconds, hsts@include-subdomains
+					.defaultsDisabled()
+					.httpStrictTransportSecurity()
+						.requestMatcher(AnyRequestMatcher.INSTANCE)
+						.maxAgeInSeconds(15768000)
+						.includeSubDomains(false);
+			// @formatter:on
+		}
+
+	}
+
+	@EnableWebSecurity
+	static class FrameOptionsSameOriginConfig extends WebSecurityConfigurerAdapter {
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.headers()
+					// frame-options@policy=SAMEORIGIN
+					.defaultsDisabled()
+					.frameOptions()
+						.sameOrigin();
+			// @formatter:on
+		}
+
+	}
+
+	@EnableWebSecurity
+	static class FrameOptionsAllowFromConfig extends WebSecurityConfigurerAdapter {
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.headers()
+					// frame-options@ref
+					.defaultsDisabled()
+					.addHeaderWriter(new XFrameOptionsHeaderWriter(
+							new StaticAllowFromStrategy(URI.create("https://example.com"))));
+			// @formatter:on
+		}
+
+	}
+
+	@EnableWebSecurity
+	static class XssProtectionConfig extends WebSecurityConfigurerAdapter {
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.headers()
+					// xss-protection
+					.defaultsDisabled()
+					.xssProtection();
+			// @formatter:on
+		}
+
+	}
+
+	@EnableWebSecurity
+	static class XssProtectionCustomConfig extends WebSecurityConfigurerAdapter {
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.headers()
+					// xss-protection@enabled and xss-protection@block
+					.defaultsDisabled()
+					.xssProtection()
+						.xssProtectionEnabled(true)
+						.block(false);
+			// @formatter:on
+		}
+
+	}
+
+	@EnableWebSecurity
+	static class ContentTypeOptionsConfig extends WebSecurityConfigurerAdapter {
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.headers()
+					// content-type-options
+					.defaultsDisabled()
+					.contentTypeOptions();
+			// @formatter:on
+		}
+
+	}
+
+	@EnableWebSecurity
+	static class HeaderRefConfig extends WebSecurityConfigurerAdapter {
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.headers()
+					.defaultsDisabled()
+					.addHeaderWriter(new StaticHeadersWriter("customHeaderName", "customHeaderValue"));
+			// @formatter:on
+		}
+
+	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpInterceptUrlTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpInterceptUrlTests.java
index 078c69053d..08dcf7f70c 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpInterceptUrlTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpInterceptUrlTests.java
@@ -100,6 +100,10 @@ public class NamespaceHttpInterceptUrlTests {
 		this.mvc.perform(get("https://localhost/user")).andExpect(redirectedUrl("http://localhost/user"));
 	}
 
+	private static Authentication user(String role) {
+		return new UsernamePasswordAuthenticationToken("user", null, AuthorityUtils.createAuthorityList(role));
+	}
+
 	@EnableWebSecurity
 	static class HttpInterceptUrlConfig extends WebSecurityConfigurerAdapter {
 
@@ -173,8 +177,4 @@ public class NamespaceHttpInterceptUrlTests {
 
 	}
 
-	private static Authentication user(String role) {
-		return new UsernamePasswordAuthenticationToken("user", null, AuthorityUtils.createAuthorityList(role));
-	}
-
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpJeeTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpJeeTests.java
index d62421f8fc..7cc239f3ab 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpJeeTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpJeeTests.java
@@ -73,23 +73,6 @@ public class NamespaceHttpJeeTests {
 		})).andExpect(status().isOk()).andExpect(content().string("ROLE_admin,ROLE_user"));
 	}
 
-	@EnableWebSecurity
-	public static class JeeMappableRolesConfig extends WebSecurityConfigurerAdapter {
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.authorizeRequests()
-					.anyRequest().hasRole("user")
-					.and()
-				.jee()
-					.mappableRoles("user", "admin");
-			// @formatter:on
-		}
-
-	}
-
 	@Test
 	public void requestWhenCustomAuthenticatedUserDetailsServiceThenBehaviorMatchesNamespace() throws Exception {
 		this.spring.register(JeeUserServiceRefConfig.class, BaseController.class).autowire();
@@ -108,6 +91,31 @@ public class NamespaceHttpJeeTests {
 		verifyBean(AuthenticationUserDetailsService.class).loadUserDetails(any());
 	}
 
+	private <T> T bean(Class<T> beanClass) {
+		return this.spring.getContext().getBean(beanClass);
+	}
+
+	private <T> T verifyBean(Class<T> beanClass) {
+		return verify(this.spring.getContext().getBean(beanClass));
+	}
+
+	@EnableWebSecurity
+	public static class JeeMappableRolesConfig extends WebSecurityConfigurerAdapter {
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.authorizeRequests()
+					.anyRequest().hasRole("user")
+					.and()
+				.jee()
+					.mappableRoles("user", "admin");
+			// @formatter:on
+		}
+
+	}
+
 	@EnableWebSecurity
 	public static class JeeUserServiceRefConfig extends WebSecurityConfigurerAdapter {
 
@@ -149,12 +157,4 @@ public class NamespaceHttpJeeTests {
 
 	}
 
-	private <T> T bean(Class<T> beanClass) {
-		return this.spring.getContext().getBean(beanClass);
-	}
-
-	private <T> T verifyBean(Class<T> beanClass) {
-		return verify(this.spring.getContext().getBean(beanClass));
-	}
-
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpLogoutTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpLogoutTests.java
index 407499bfb1..5d56d6c05c 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpLogoutTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpLogoutTests.java
@@ -76,15 +76,6 @@ public class NamespaceHttpLogoutTests {
 				.andExpect(redirectedUrl("/login?logout")).andExpect(noCookies()).andExpect(session(Objects::isNull));
 	}
 
-	@EnableWebSecurity
-	static class HttpLogoutConfig extends WebSecurityConfigurerAdapter {
-
-		@Override
-		protected void configure(HttpSecurity http) {
-		}
-
-	}
-
 	@Test
 	@WithMockUser
 	public void logoutWhenDisabledInLambdaThenRespondsWithNotFound() throws Exception {
@@ -93,16 +84,6 @@ public class NamespaceHttpLogoutTests {
 		this.mvc.perform(post("/logout").with(csrf()).with(user("user"))).andExpect(status().isNotFound());
 	}
 
-	@EnableWebSecurity
-	static class HttpLogoutDisabledInLambdaConfig extends WebSecurityConfigurerAdapter {
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			http.logout(AbstractHttpConfigurer::disable);
-		}
-
-	}
-
 	/**
 	 * http/logout custom
 	 */
@@ -117,6 +98,73 @@ public class NamespaceHttpLogoutTests {
 				.andExpect(cookie().maxAge("remove", 0)).andExpect(session(Objects::nonNull));
 	}
 
+	@Test
+	@WithMockUser
+	public void logoutWhenUsingVariousCustomizationsInLambdaThenMatchesNamespace() throws Exception {
+		this.spring.register(CustomHttpLogoutInLambdaConfig.class).autowire();
+
+		this.mvc.perform(post("/custom-logout").with(csrf())).andExpect(authenticated(false))
+				.andExpect(redirectedUrl("/logout-success"))
+				.andExpect(result -> assertThat(result.getResponse().getCookies()).hasSize(1))
+				.andExpect(cookie().maxAge("remove", 0)).andExpect(session(Objects::nonNull));
+	}
+
+	/**
+	 * http/logout@success-handler-ref
+	 */
+	@Test
+	@WithMockUser
+	public void logoutWhenUsingSuccessHandlerRefThenMatchesNamespace() throws Exception {
+		this.spring.register(SuccessHandlerRefHttpLogoutConfig.class).autowire();
+
+		this.mvc.perform(post("/logout").with(csrf())).andExpect(authenticated(false))
+				.andExpect(redirectedUrl("/SuccessHandlerRefHttpLogoutConfig")).andExpect(noCookies())
+				.andExpect(session(Objects::isNull));
+	}
+
+	@Test
+	@WithMockUser
+	public void logoutWhenUsingSuccessHandlerRefInLambdaThenMatchesNamespace() throws Exception {
+		this.spring.register(SuccessHandlerRefHttpLogoutInLambdaConfig.class).autowire();
+
+		this.mvc.perform(post("/logout").with(csrf())).andExpect(authenticated(false))
+				.andExpect(redirectedUrl("/SuccessHandlerRefHttpLogoutConfig")).andExpect(noCookies())
+				.andExpect(session(Objects::isNull));
+	}
+
+	ResultMatcher authenticated(boolean authenticated) {
+		return result -> assertThat(Optional.ofNullable(SecurityContextHolder.getContext().getAuthentication())
+				.map(Authentication::isAuthenticated).orElse(false)).isEqualTo(authenticated);
+	}
+
+	ResultMatcher noCookies() {
+		return result -> assertThat(result.getResponse().getCookies()).isEmpty();
+	}
+
+	ResultMatcher session(Predicate<HttpSession> sessionPredicate) {
+		return result -> assertThat(result.getRequest().getSession(false))
+				.is(new Condition<>(sessionPredicate, "sessionPredicate failed"));
+	}
+
+	@EnableWebSecurity
+	static class HttpLogoutConfig extends WebSecurityConfigurerAdapter {
+
+		@Override
+		protected void configure(HttpSecurity http) {
+		}
+
+	}
+
+	@EnableWebSecurity
+	static class HttpLogoutDisabledInLambdaConfig extends WebSecurityConfigurerAdapter {
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			http.logout(AbstractHttpConfigurer::disable);
+		}
+
+	}
+
 	@EnableWebSecurity
 	static class CustomHttpLogoutConfig extends WebSecurityConfigurerAdapter {
 
@@ -134,17 +182,6 @@ public class NamespaceHttpLogoutTests {
 
 	}
 
-	@Test
-	@WithMockUser
-	public void logoutWhenUsingVariousCustomizationsInLambdaThenMatchesNamespace() throws Exception {
-		this.spring.register(CustomHttpLogoutInLambdaConfig.class).autowire();
-
-		this.mvc.perform(post("/custom-logout").with(csrf())).andExpect(authenticated(false))
-				.andExpect(redirectedUrl("/logout-success"))
-				.andExpect(result -> assertThat(result.getResponse().getCookies()).hasSize(1))
-				.andExpect(cookie().maxAge("remove", 0)).andExpect(session(Objects::nonNull));
-	}
-
 	@EnableWebSecurity
 	static class CustomHttpLogoutInLambdaConfig extends WebSecurityConfigurerAdapter {
 
@@ -163,19 +200,6 @@ public class NamespaceHttpLogoutTests {
 
 	}
 
-	/**
-	 * http/logout@success-handler-ref
-	 */
-	@Test
-	@WithMockUser
-	public void logoutWhenUsingSuccessHandlerRefThenMatchesNamespace() throws Exception {
-		this.spring.register(SuccessHandlerRefHttpLogoutConfig.class).autowire();
-
-		this.mvc.perform(post("/logout").with(csrf())).andExpect(authenticated(false))
-				.andExpect(redirectedUrl("/SuccessHandlerRefHttpLogoutConfig")).andExpect(noCookies())
-				.andExpect(session(Objects::isNull));
-	}
-
 	@EnableWebSecurity
 	static class SuccessHandlerRefHttpLogoutConfig extends WebSecurityConfigurerAdapter {
 
@@ -192,16 +216,6 @@ public class NamespaceHttpLogoutTests {
 
 	}
 
-	@Test
-	@WithMockUser
-	public void logoutWhenUsingSuccessHandlerRefInLambdaThenMatchesNamespace() throws Exception {
-		this.spring.register(SuccessHandlerRefHttpLogoutInLambdaConfig.class).autowire();
-
-		this.mvc.perform(post("/logout").with(csrf())).andExpect(authenticated(false))
-				.andExpect(redirectedUrl("/SuccessHandlerRefHttpLogoutConfig")).andExpect(noCookies())
-				.andExpect(session(Objects::isNull));
-	}
-
 	@EnableWebSecurity
 	static class SuccessHandlerRefHttpLogoutInLambdaConfig extends WebSecurityConfigurerAdapter {
 
@@ -218,18 +232,4 @@ public class NamespaceHttpLogoutTests {
 
 	}
 
-	ResultMatcher authenticated(boolean authenticated) {
-		return result -> assertThat(Optional.ofNullable(SecurityContextHolder.getContext().getAuthentication())
-				.map(Authentication::isAuthenticated).orElse(false)).isEqualTo(authenticated);
-	}
-
-	ResultMatcher noCookies() {
-		return result -> assertThat(result.getResponse().getCookies()).isEmpty();
-	}
-
-	ResultMatcher session(Predicate<HttpSession> sessionPredicate) {
-		return result -> assertThat(result.getRequest().getSession(false))
-				.is(new Condition<>(sessionPredicate, "sessionPredicate failed"));
-	}
-
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpOpenIDLoginTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpOpenIDLoginTests.java
index 1142c5d8f5..81133d4084 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpOpenIDLoginTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpOpenIDLoginTests.java
@@ -92,24 +92,6 @@ public class NamespaceHttpOpenIDLoginTests {
 		this.mvc.perform(post("/login/openid").with(csrf())).andExpect(redirectedUrl("/login?error"));
 	}
 
-	@Configuration
-	@EnableWebSecurity
-	static class OpenIDLoginConfig extends WebSecurityConfigurerAdapter {
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.authorizeRequests()
-					.anyRequest().hasRole("USER")
-					.and()
-				.openidLogin()
-					.permitAll();
-			// @formatter:on
-		}
-
-	}
-
 	@Test
 	public void openidLoginWhenAttributeExchangeConfiguredThenFetchAttributesMatchAttributeList() throws Exception {
 		OpenIDLoginAttributeExchangeConfig.CONSUMER_MANAGER = mock(ConsumerManager.class);
@@ -148,6 +130,59 @@ public class NamespaceHttpOpenIDLoginTests {
 		}
 	}
 
+	@Test
+	public void openidLoginWhenUsingCustomEndpointsThenMatchesNamespace() throws Exception {
+		this.spring.register(OpenIDLoginCustomConfig.class).autowire();
+		this.mvc.perform(get("/")).andExpect(redirectedUrl("http://localhost/authentication/login"));
+		this.mvc.perform(post("/authentication/login/process").with(csrf()))
+				.andExpect(redirectedUrl("/authentication/login?failed"));
+	}
+
+	@Test
+	public void openidLoginWithCustomHandlersThenBehaviorMatchesNamespace() throws Exception {
+		OpenIDAuthenticationToken token = new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.SUCCESS,
+				"identityUrl", "message", Arrays.asList(new OpenIDAttribute("name", "type")));
+
+		OpenIDLoginCustomRefsConfig.AUDS = mock(AuthenticationUserDetailsService.class);
+		when(OpenIDLoginCustomRefsConfig.AUDS.loadUserDetails(any(Authentication.class)))
+				.thenReturn(new User("user", "password", AuthorityUtils.createAuthorityList("ROLE_USER")));
+		OpenIDLoginCustomRefsConfig.ADS = spy(new WebAuthenticationDetailsSource());
+		OpenIDLoginCustomRefsConfig.CONSUMER = mock(OpenIDConsumer.class);
+
+		this.spring.register(OpenIDLoginCustomRefsConfig.class, UserDetailsServiceConfig.class).autowire();
+
+		when(OpenIDLoginCustomRefsConfig.CONSUMER.endConsumption(any(HttpServletRequest.class)))
+				.thenThrow(new AuthenticationServiceException("boom"));
+		this.mvc.perform(post("/login/openid").with(csrf()).param("openid.identity", "identity"))
+				.andExpect(redirectedUrl("/custom/failure"));
+		reset(OpenIDLoginCustomRefsConfig.CONSUMER);
+
+		when(OpenIDLoginCustomRefsConfig.CONSUMER.endConsumption(any(HttpServletRequest.class))).thenReturn(token);
+		this.mvc.perform(post("/login/openid").with(csrf()).param("openid.identity", "identity"))
+				.andExpect(redirectedUrl("/custom/targetUrl"));
+
+		verify(OpenIDLoginCustomRefsConfig.AUDS).loadUserDetails(any(Authentication.class));
+		verify(OpenIDLoginCustomRefsConfig.ADS).buildDetails(any(Object.class));
+	}
+
+	@Configuration
+	@EnableWebSecurity
+	static class OpenIDLoginConfig extends WebSecurityConfigurerAdapter {
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.authorizeRequests()
+					.anyRequest().hasRole("USER")
+					.and()
+				.openidLogin()
+					.permitAll();
+			// @formatter:on
+		}
+
+	}
+
 	@Configuration
 	@EnableWebSecurity
 	static class OpenIDLoginAttributeExchangeConfig extends WebSecurityConfigurerAdapter {
@@ -194,14 +229,6 @@ public class NamespaceHttpOpenIDLoginTests {
 
 	}
 
-	@Test
-	public void openidLoginWhenUsingCustomEndpointsThenMatchesNamespace() throws Exception {
-		this.spring.register(OpenIDLoginCustomConfig.class).autowire();
-		this.mvc.perform(get("/")).andExpect(redirectedUrl("http://localhost/authentication/login"));
-		this.mvc.perform(post("/authentication/login/process").with(csrf()))
-				.andExpect(redirectedUrl("/authentication/login?failed"));
-	}
-
 	@Configuration
 	@EnableWebSecurity
 	static class OpenIDLoginCustomConfig extends WebSecurityConfigurerAdapter {
@@ -225,33 +252,6 @@ public class NamespaceHttpOpenIDLoginTests {
 
 	}
 
-	@Test
-	public void openidLoginWithCustomHandlersThenBehaviorMatchesNamespace() throws Exception {
-		OpenIDAuthenticationToken token = new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.SUCCESS,
-				"identityUrl", "message", Arrays.asList(new OpenIDAttribute("name", "type")));
-
-		OpenIDLoginCustomRefsConfig.AUDS = mock(AuthenticationUserDetailsService.class);
-		when(OpenIDLoginCustomRefsConfig.AUDS.loadUserDetails(any(Authentication.class)))
-				.thenReturn(new User("user", "password", AuthorityUtils.createAuthorityList("ROLE_USER")));
-		OpenIDLoginCustomRefsConfig.ADS = spy(new WebAuthenticationDetailsSource());
-		OpenIDLoginCustomRefsConfig.CONSUMER = mock(OpenIDConsumer.class);
-
-		this.spring.register(OpenIDLoginCustomRefsConfig.class, UserDetailsServiceConfig.class).autowire();
-
-		when(OpenIDLoginCustomRefsConfig.CONSUMER.endConsumption(any(HttpServletRequest.class)))
-				.thenThrow(new AuthenticationServiceException("boom"));
-		this.mvc.perform(post("/login/openid").with(csrf()).param("openid.identity", "identity"))
-				.andExpect(redirectedUrl("/custom/failure"));
-		reset(OpenIDLoginCustomRefsConfig.CONSUMER);
-
-		when(OpenIDLoginCustomRefsConfig.CONSUMER.endConsumption(any(HttpServletRequest.class))).thenReturn(token);
-		this.mvc.perform(post("/login/openid").with(csrf()).param("openid.identity", "identity"))
-				.andExpect(redirectedUrl("/custom/targetUrl"));
-
-		verify(OpenIDLoginCustomRefsConfig.AUDS).loadUserDetails(any(Authentication.class));
-		verify(OpenIDLoginCustomRefsConfig.ADS).buildDetails(any(Object.class));
-	}
-
 	@Configuration
 	@EnableWebSecurity
 	static class OpenIDLoginCustomRefsConfig extends WebSecurityConfigurerAdapter {
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpRequestCacheTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpRequestCacheTests.java
index dd6f0a250a..6969c377e1 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpRequestCacheTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpRequestCacheTests.java
@@ -64,6 +64,21 @@ public class NamespaceHttpRequestCacheTests {
 		verifyBean(RequestCache.class).saveRequest(any(HttpServletRequest.class), any(HttpServletResponse.class));
 	}
 
+	@Test
+	public void requestWhenDefaultConfigurationThenUsesHttpSessionRequestCache() throws Exception {
+		this.spring.register(DefaultRequestCacheRefConfig.class).autowire();
+
+		MvcResult result = this.mvc.perform(get("/")).andExpect(status().isForbidden()).andReturn();
+
+		HttpSession session = result.getRequest().getSession(false);
+		assertThat(session).isNotNull();
+		assertThat(session.getAttribute("SPRING_SECURITY_SAVED_REQUEST")).isNotNull();
+	}
+
+	private <T> T verifyBean(Class<T> beanClass) {
+		return verify(this.spring.getContext().getBean(beanClass));
+	}
+
 	@EnableWebSecurity
 	static class RequestCacheRefConfig extends WebSecurityConfigurerAdapter {
 
@@ -96,17 +111,6 @@ public class NamespaceHttpRequestCacheTests {
 
 	}
 
-	@Test
-	public void requestWhenDefaultConfigurationThenUsesHttpSessionRequestCache() throws Exception {
-		this.spring.register(DefaultRequestCacheRefConfig.class).autowire();
-
-		MvcResult result = this.mvc.perform(get("/")).andExpect(status().isForbidden()).andReturn();
-
-		HttpSession session = result.getRequest().getSession(false);
-		assertThat(session).isNotNull();
-		assertThat(session.getAttribute("SPRING_SECURITY_SAVED_REQUEST")).isNotNull();
-	}
-
 	@EnableWebSecurity
 	static class DefaultRequestCacheRefConfig extends WebSecurityConfigurerAdapter {
 
@@ -131,8 +135,4 @@ public class NamespaceHttpRequestCacheTests {
 
 	}
 
-	private <T> T verifyBean(Class<T> beanClass) {
-		return verify(this.spring.getContext().getBean(beanClass));
-	}
-
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpServerAccessDeniedHandlerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpServerAccessDeniedHandlerTests.java
index d5729357b6..76e422ac91 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpServerAccessDeniedHandlerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpServerAccessDeniedHandlerTests.java
@@ -65,6 +65,40 @@ public class NamespaceHttpServerAccessDeniedHandlerTests {
 				.andExpect(forwardedUrl("/AccessDeniedPageConfig"));
 	}
 
+	@Test
+	public void requestWhenCustomAccessDeniedPageInLambdaThenForwardedToCustomPage() throws Exception {
+		this.spring.register(AccessDeniedPageInLambdaConfig.class).autowire();
+
+		this.mvc.perform(get("/").with(authentication(user()))).andExpect(status().isForbidden())
+				.andExpect(forwardedUrl("/AccessDeniedPageConfig"));
+	}
+
+	@Test
+	public void requestWhenCustomAccessDeniedHandlerThenBehaviorMatchesNamespace() throws Exception {
+		this.spring.register(AccessDeniedHandlerRefConfig.class).autowire();
+		this.mvc.perform(get("/").with(authentication(user())));
+		verifyBean(AccessDeniedHandler.class).handle(any(HttpServletRequest.class), any(HttpServletResponse.class),
+				any(AccessDeniedException.class));
+	}
+
+	@Test
+	public void requestWhenCustomAccessDeniedHandlerInLambdaThenBehaviorMatchesNamespace() throws Exception {
+		this.spring.register(AccessDeniedHandlerRefInLambdaConfig.class).autowire();
+
+		this.mvc.perform(get("/").with(authentication(user())));
+
+		verify(AccessDeniedHandlerRefInLambdaConfig.accessDeniedHandler).handle(any(HttpServletRequest.class),
+				any(HttpServletResponse.class), any(AccessDeniedException.class));
+	}
+
+	private static Authentication user() {
+		return new UsernamePasswordAuthenticationToken("user", null, AuthorityUtils.NO_AUTHORITIES);
+	}
+
+	private <T> T verifyBean(Class<T> beanClass) {
+		return verify(this.spring.getContext().getBean(beanClass));
+	}
+
 	@EnableWebSecurity
 	static class AccessDeniedPageConfig extends WebSecurityConfigurerAdapter {
 
@@ -82,18 +116,6 @@ public class NamespaceHttpServerAccessDeniedHandlerTests {
 
 	}
 
-	private static Authentication user() {
-		return new UsernamePasswordAuthenticationToken("user", null, AuthorityUtils.NO_AUTHORITIES);
-	}
-
-	@Test
-	public void requestWhenCustomAccessDeniedPageInLambdaThenForwardedToCustomPage() throws Exception {
-		this.spring.register(AccessDeniedPageInLambdaConfig.class).autowire();
-
-		this.mvc.perform(get("/").with(authentication(user()))).andExpect(status().isForbidden())
-				.andExpect(forwardedUrl("/AccessDeniedPageConfig"));
-	}
-
 	@EnableWebSecurity
 	static class AccessDeniedPageInLambdaConfig extends WebSecurityConfigurerAdapter {
 
@@ -113,14 +135,6 @@ public class NamespaceHttpServerAccessDeniedHandlerTests {
 
 	}
 
-	@Test
-	public void requestWhenCustomAccessDeniedHandlerThenBehaviorMatchesNamespace() throws Exception {
-		this.spring.register(AccessDeniedHandlerRefConfig.class).autowire();
-		this.mvc.perform(get("/").with(authentication(user())));
-		verifyBean(AccessDeniedHandler.class).handle(any(HttpServletRequest.class), any(HttpServletResponse.class),
-				any(AccessDeniedException.class));
-	}
-
 	@EnableWebSecurity
 	static class AccessDeniedHandlerRefConfig extends WebSecurityConfigurerAdapter {
 
@@ -143,16 +157,6 @@ public class NamespaceHttpServerAccessDeniedHandlerTests {
 
 	}
 
-	@Test
-	public void requestWhenCustomAccessDeniedHandlerInLambdaThenBehaviorMatchesNamespace() throws Exception {
-		this.spring.register(AccessDeniedHandlerRefInLambdaConfig.class).autowire();
-
-		this.mvc.perform(get("/").with(authentication(user())));
-
-		verify(AccessDeniedHandlerRefInLambdaConfig.accessDeniedHandler).handle(any(HttpServletRequest.class),
-				any(HttpServletResponse.class), any(AccessDeniedException.class));
-	}
-
 	@EnableWebSecurity
 	static class AccessDeniedHandlerRefInLambdaConfig extends WebSecurityConfigurerAdapter {
 
@@ -179,8 +183,4 @@ public class NamespaceHttpServerAccessDeniedHandlerTests {
 
 	}
 
-	private <T> T verifyBean(Class<T> beanClass) {
-		return verify(this.spring.getContext().getBean(beanClass));
-	}
-
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpX509Tests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpX509Tests.java
index b6a997ba33..74cc76cd4d 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpX509Tests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpX509Tests.java
@@ -77,6 +77,58 @@ public class NamespaceHttpX509Tests {
 		this.mvc.perform(get("/whoami").with(x509(certificate))).andExpect(content().string("rod"));
 	}
 
+	@Test
+	public void x509AuthenticationWhenHasCustomAuthenticationDetailsSourceThenMatchesNamespace() throws Exception {
+		this.spring.register(AuthenticationDetailsSourceRefConfig.class, X509Controller.class).autowire();
+
+		X509Certificate certificate = loadCert("rod.cer");
+		this.mvc.perform(get("/whoami").with(x509(certificate))).andExpect(content().string("rod"));
+
+		verifyBean(AuthenticationDetailsSource.class).buildDetails(any());
+	}
+
+	@Test
+	public void x509AuthenticationWhenHasSubjectPrincipalRegexThenMatchesNamespace() throws Exception {
+		this.spring.register(SubjectPrincipalRegexConfig.class, X509Controller.class).autowire();
+		X509Certificate certificate = loadCert("rodatexampledotcom.cer");
+		this.mvc.perform(get("/whoami").with(x509(certificate))).andExpect(content().string("rod"));
+	}
+
+	@Test
+	public void x509AuthenticationWhenHasCustomPrincipalExtractorThenMatchesNamespace() throws Exception {
+		this.spring.register(CustomPrincipalExtractorConfig.class, X509Controller.class).autowire();
+		X509Certificate certificate = loadCert("rodatexampledotcom.cer");
+		this.mvc.perform(get("/whoami").with(x509(certificate))).andExpect(content().string("rod@example.com"));
+	}
+
+	@Test
+	public void x509AuthenticationWhenHasCustomUserDetailsServiceThenMatchesNamespace() throws Exception {
+		this.spring.register(UserDetailsServiceRefConfig.class, X509Controller.class).autowire();
+		X509Certificate certificate = loadCert("rodatexampledotcom.cer");
+		this.mvc.perform(get("/whoami").with(x509(certificate))).andExpect(content().string("customuser"));
+	}
+
+	@Test
+	public void x509AuthenticationWhenHasCustomAuthenticationUserDetailsServiceThenMatchesNamespace() throws Exception {
+		this.spring.register(AuthenticationUserDetailsServiceConfig.class, X509Controller.class).autowire();
+		X509Certificate certificate = loadCert("rodatexampledotcom.cer");
+		this.mvc.perform(get("/whoami").with(x509(certificate))).andExpect(content().string("customuser"));
+	}
+
+	<T extends Certificate> T loadCert(String location) {
+		try (InputStream is = new ClassPathResource(location).getInputStream()) {
+			CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
+			return (T) certFactory.generateCertificate(is);
+		}
+		catch (Exception e) {
+			throw new IllegalArgumentException(e);
+		}
+	}
+
+	<T> T verifyBean(Class<T> beanClass) {
+		return verify(this.spring.getContext().getBean(beanClass));
+	}
+
 	@EnableWebSecurity
 	@EnableWebMvc
 	public static class X509Config extends WebSecurityConfigurerAdapter {
@@ -103,16 +155,6 @@ public class NamespaceHttpX509Tests {
 
 	}
 
-	@Test
-	public void x509AuthenticationWhenHasCustomAuthenticationDetailsSourceThenMatchesNamespace() throws Exception {
-		this.spring.register(AuthenticationDetailsSourceRefConfig.class, X509Controller.class).autowire();
-
-		X509Certificate certificate = loadCert("rod.cer");
-		this.mvc.perform(get("/whoami").with(x509(certificate))).andExpect(content().string("rod"));
-
-		verifyBean(AuthenticationDetailsSource.class).buildDetails(any());
-	}
-
 	@EnableWebSecurity
 	@EnableWebMvc
 	static class AuthenticationDetailsSourceRefConfig extends WebSecurityConfigurerAdapter {
@@ -146,13 +188,6 @@ public class NamespaceHttpX509Tests {
 
 	}
 
-	@Test
-	public void x509AuthenticationWhenHasSubjectPrincipalRegexThenMatchesNamespace() throws Exception {
-		this.spring.register(SubjectPrincipalRegexConfig.class, X509Controller.class).autowire();
-		X509Certificate certificate = loadCert("rodatexampledotcom.cer");
-		this.mvc.perform(get("/whoami").with(x509(certificate))).andExpect(content().string("rod"));
-	}
-
 	@EnableWebMvc
 	@EnableWebSecurity
 	public static class SubjectPrincipalRegexConfig extends WebSecurityConfigurerAdapter {
@@ -180,13 +215,6 @@ public class NamespaceHttpX509Tests {
 
 	}
 
-	@Test
-	public void x509AuthenticationWhenHasCustomPrincipalExtractorThenMatchesNamespace() throws Exception {
-		this.spring.register(CustomPrincipalExtractorConfig.class, X509Controller.class).autowire();
-		X509Certificate certificate = loadCert("rodatexampledotcom.cer");
-		this.mvc.perform(get("/whoami").with(x509(certificate))).andExpect(content().string("rod@example.com"));
-	}
-
 	@EnableWebMvc
 	@EnableWebSecurity
 	public static class CustomPrincipalExtractorConfig extends WebSecurityConfigurerAdapter {
@@ -223,13 +251,6 @@ public class NamespaceHttpX509Tests {
 
 	}
 
-	@Test
-	public void x509AuthenticationWhenHasCustomUserDetailsServiceThenMatchesNamespace() throws Exception {
-		this.spring.register(UserDetailsServiceRefConfig.class, X509Controller.class).autowire();
-		X509Certificate certificate = loadCert("rodatexampledotcom.cer");
-		this.mvc.perform(get("/whoami").with(x509(certificate))).andExpect(content().string("customuser"));
-	}
-
 	@EnableWebMvc
 	@EnableWebSecurity
 	public static class UserDetailsServiceRefConfig extends WebSecurityConfigurerAdapter {
@@ -257,13 +278,6 @@ public class NamespaceHttpX509Tests {
 
 	}
 
-	@Test
-	public void x509AuthenticationWhenHasCustomAuthenticationUserDetailsServiceThenMatchesNamespace() throws Exception {
-		this.spring.register(AuthenticationUserDetailsServiceConfig.class, X509Controller.class).autowire();
-		X509Certificate certificate = loadCert("rodatexampledotcom.cer");
-		this.mvc.perform(get("/whoami").with(x509(certificate))).andExpect(content().string("customuser"));
-	}
-
 	@EnableWebMvc
 	@EnableWebSecurity
 	public static class AuthenticationUserDetailsServiceConfig extends WebSecurityConfigurerAdapter {
@@ -297,18 +311,4 @@ public class NamespaceHttpX509Tests {
 
 	}
 
-	<T extends Certificate> T loadCert(String location) {
-		try (InputStream is = new ClassPathResource(location).getInputStream()) {
-			CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
-			return (T) certFactory.generateCertificate(is);
-		}
-		catch (Exception e) {
-			throw new IllegalArgumentException(e);
-		}
-	}
-
-	<T> T verifyBean(Class<T> beanClass) {
-		return verify(this.spring.getContext().getBean(beanClass));
-	}
-
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceRememberMeTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceRememberMeTests.java
index aeac564a92..548c700491 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceRememberMeTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceRememberMeTests.java
@@ -98,6 +98,160 @@ public class NamespaceRememberMeTests {
 				.andExpect(redirectedUrl("http://localhost/login")).andReturn();
 	}
 
+	// SEC-3170 - RememberMeService implementations should not have to also implement
+	// LogoutHandler
+	@Test
+	public void logoutWhenCustomRememberMeServicesDeclaredThenUses() throws Exception {
+		RememberMeServicesRefConfig.REMEMBER_ME_SERVICES = mock(RememberMeServicesWithoutLogoutHandler.class);
+		this.spring.register(RememberMeServicesRefConfig.class).autowire();
+
+		this.mvc.perform(get("/"));
+		verify(RememberMeServicesRefConfig.REMEMBER_ME_SERVICES).autoLogin(any(HttpServletRequest.class),
+				any(HttpServletResponse.class));
+
+		this.mvc.perform(post("/login").with(csrf()));
+		verify(RememberMeServicesRefConfig.REMEMBER_ME_SERVICES).loginFail(any(HttpServletRequest.class),
+				any(HttpServletResponse.class));
+	}
+
+	@Test
+	public void rememberMeLoginWhenAuthenticationSuccessHandlerDeclaredThenUses() throws Exception {
+		AuthSuccessConfig.SUCCESS_HANDLER = mock(AuthenticationSuccessHandler.class);
+		this.spring.register(AuthSuccessConfig.class).autowire();
+
+		MvcResult result = this.mvc.perform(post("/login").with(rememberMeLogin())).andReturn();
+
+		verifyZeroInteractions(AuthSuccessConfig.SUCCESS_HANDLER);
+
+		Cookie rememberMe = result.getResponse().getCookie("remember-me");
+		assertThat(rememberMe).isNotNull();
+		this.mvc.perform(get("/somewhere").cookie(rememberMe));
+
+		verify(AuthSuccessConfig.SUCCESS_HANDLER).onAuthenticationSuccess(any(HttpServletRequest.class),
+				any(HttpServletResponse.class), any(Authentication.class));
+	}
+
+	@Test
+	public void rememberMeLoginWhenKeyDeclaredThenMatchesNamespace() throws Exception {
+		this.spring.register(WithoutKeyConfig.class, KeyConfig.class, SecurityController.class).autowire();
+		Cookie withoutKey = this.mvc.perform(post("/without-key/login").with(rememberMeLogin()))
+				.andExpect(redirectedUrl("/")).andReturn().getResponse().getCookie("remember-me");
+
+		this.mvc.perform(get("/somewhere").cookie(withoutKey)).andExpect(status().isFound())
+				.andExpect(redirectedUrl("http://localhost/login"));
+
+		Cookie withKey = this.mvc.perform(post("/login").with(rememberMeLogin())).andReturn().getResponse()
+				.getCookie("remember-me");
+		this.mvc.perform(get("/somewhere").cookie(withKey)).andExpect(status().isNotFound());
+	}
+
+	// http/remember-me@services-alias is not supported use standard aliasing instead
+	// (i.e. @Bean("alias"))
+
+	// http/remember-me@data-source-ref is not supported directly. Instead use
+	// http/remember-me@token-repository-ref example
+	@Test
+	public void rememberMeLoginWhenDeclaredTokenRepositoryThenMatchesNamespace() throws Exception {
+		TokenRepositoryRefConfig.TOKEN_REPOSITORY = mock(PersistentTokenRepository.class);
+		this.spring.register(TokenRepositoryRefConfig.class).autowire();
+
+		this.mvc.perform(post("/login").with(rememberMeLogin()));
+
+		verify(TokenRepositoryRefConfig.TOKEN_REPOSITORY).createNewToken(any(PersistentRememberMeToken.class));
+	}
+
+	@Test
+	public void rememberMeLoginWhenTokenValidityDeclaredThenMatchesNamespace() throws Exception {
+		this.spring.register(TokenValiditySecondsConfig.class).autowire();
+		Cookie expiredRememberMe = this.mvc.perform(post("/login").with(rememberMeLogin())).andReturn().getResponse()
+				.getCookie("remember-me");
+
+		assertThat(expiredRememberMe).extracting(Cookie::getMaxAge).isEqualTo(314);
+	}
+
+	@Test
+	public void rememberMeLoginWhenUsingDefaultsThenCookieMaxAgeMatchesNamespace() throws Exception {
+		this.spring.register(RememberMeConfig.class).autowire();
+		Cookie expiredRememberMe = this.mvc.perform(post("/login").with(rememberMeLogin())).andReturn().getResponse()
+				.getCookie("remember-me");
+
+		assertThat(expiredRememberMe).extracting(Cookie::getMaxAge).isEqualTo(AbstractRememberMeServices.TWO_WEEKS_S);
+	}
+
+	@Test
+	public void rememberMeLoginWhenUsingSecureCookieThenMatchesNamespace() throws Exception {
+		this.spring.register(UseSecureCookieConfig.class).autowire();
+		Cookie secureCookie = this.mvc.perform(post("/login").with(rememberMeLogin())).andReturn().getResponse()
+				.getCookie("remember-me");
+
+		assertThat(secureCookie).extracting(Cookie::getSecure).isEqualTo(true);
+	}
+
+	@Test
+	public void rememberMeLoginWhenUsingDefaultsThenCookieSecurityMatchesNamespace() throws Exception {
+		this.spring.register(RememberMeConfig.class).autowire();
+		Cookie secureCookie = this.mvc.perform(post("/login").with(rememberMeLogin()).secure(true)).andReturn()
+				.getResponse().getCookie("remember-me");
+
+		assertThat(secureCookie).extracting(Cookie::getSecure).isEqualTo(true);
+	}
+
+	@Test
+	public void rememberMeLoginWhenParameterSpecifiedThenMatchesNamespace() throws Exception {
+		this.spring.register(RememberMeParameterConfig.class).autowire();
+		Cookie rememberMe = this.mvc.perform(post("/login").with(rememberMeLogin("rememberMe", true))).andReturn()
+				.getResponse().getCookie("remember-me");
+
+		assertThat(rememberMe).isNotNull();
+	}
+
+	// SEC-2880
+	@Test
+	public void rememberMeLoginWhenCookieNameDeclaredThenMatchesNamespace() throws Exception {
+		this.spring.register(RememberMeCookieNameConfig.class).autowire();
+		Cookie rememberMe = this.mvc.perform(post("/login").with(rememberMeLogin())).andReturn().getResponse()
+				.getCookie("rememberMe");
+
+		assertThat(rememberMe).isNotNull();
+	}
+
+	@Test
+	public void rememberMeLoginWhenGlobalUserDetailsServiceDeclaredThenMatchesNamespace() throws Exception {
+		DefaultsUserDetailsServiceWithDaoConfig.USERDETAILS_SERVICE = mock(UserDetailsService.class);
+		this.spring.register(DefaultsUserDetailsServiceWithDaoConfig.class).autowire();
+
+		this.mvc.perform(post("/login").with(rememberMeLogin()));
+
+		verify(DefaultsUserDetailsServiceWithDaoConfig.USERDETAILS_SERVICE).loadUserByUsername("user");
+	}
+
+	@Test
+	public void rememberMeLoginWhenUserDetailsServiceDeclaredThenMatchesNamespace() throws Exception {
+		UserServiceRefConfig.USERDETAILS_SERVICE = mock(UserDetailsService.class);
+		this.spring.register(UserServiceRefConfig.class).autowire();
+
+		when(UserServiceRefConfig.USERDETAILS_SERVICE.loadUserByUsername("user"))
+				.thenReturn(new User("user", "password", AuthorityUtils.createAuthorityList("ROLE_USER")));
+
+		this.mvc.perform(post("/login").with(rememberMeLogin()));
+
+		verify(UserServiceRefConfig.USERDETAILS_SERVICE).loadUserByUsername("user");
+	}
+
+	static RequestPostProcessor rememberMeLogin() {
+		return rememberMeLogin("remember-me", true);
+	}
+
+	static RequestPostProcessor rememberMeLogin(String parameterName, boolean parameterValue) {
+		return request -> {
+			csrf().postProcessRequest(request);
+			request.setParameter("username", "user");
+			request.setParameter("password", "password");
+			request.setParameter(parameterName, String.valueOf(parameterValue));
+			return request;
+		};
+	}
+
 	@Configuration
 	@EnableWebSecurity
 	static class RememberMeConfig extends UsersConfig {
@@ -117,22 +271,6 @@ public class NamespaceRememberMeTests {
 
 	}
 
-	// SEC-3170 - RememberMeService implementations should not have to also implement
-	// LogoutHandler
-	@Test
-	public void logoutWhenCustomRememberMeServicesDeclaredThenUses() throws Exception {
-		RememberMeServicesRefConfig.REMEMBER_ME_SERVICES = mock(RememberMeServicesWithoutLogoutHandler.class);
-		this.spring.register(RememberMeServicesRefConfig.class).autowire();
-
-		this.mvc.perform(get("/"));
-		verify(RememberMeServicesRefConfig.REMEMBER_ME_SERVICES).autoLogin(any(HttpServletRequest.class),
-				any(HttpServletResponse.class));
-
-		this.mvc.perform(post("/login").with(csrf()));
-		verify(RememberMeServicesRefConfig.REMEMBER_ME_SERVICES).loginFail(any(HttpServletRequest.class),
-				any(HttpServletResponse.class));
-	}
-
 	interface RememberMeServicesWithoutLogoutHandler extends RememberMeServices {
 
 	}
@@ -156,23 +294,6 @@ public class NamespaceRememberMeTests {
 
 	}
 
-	@Test
-	public void rememberMeLoginWhenAuthenticationSuccessHandlerDeclaredThenUses() throws Exception {
-		AuthSuccessConfig.SUCCESS_HANDLER = mock(AuthenticationSuccessHandler.class);
-		this.spring.register(AuthSuccessConfig.class).autowire();
-
-		MvcResult result = this.mvc.perform(post("/login").with(rememberMeLogin())).andReturn();
-
-		verifyZeroInteractions(AuthSuccessConfig.SUCCESS_HANDLER);
-
-		Cookie rememberMe = result.getResponse().getCookie("remember-me");
-		assertThat(rememberMe).isNotNull();
-		this.mvc.perform(get("/somewhere").cookie(rememberMe));
-
-		verify(AuthSuccessConfig.SUCCESS_HANDLER).onAuthenticationSuccess(any(HttpServletRequest.class),
-				any(HttpServletResponse.class), any(Authentication.class));
-	}
-
 	@Configuration
 	@EnableWebSecurity
 	static class AuthSuccessConfig extends UsersConfig {
@@ -192,20 +313,6 @@ public class NamespaceRememberMeTests {
 
 	}
 
-	@Test
-	public void rememberMeLoginWhenKeyDeclaredThenMatchesNamespace() throws Exception {
-		this.spring.register(WithoutKeyConfig.class, KeyConfig.class, SecurityController.class).autowire();
-		Cookie withoutKey = this.mvc.perform(post("/without-key/login").with(rememberMeLogin()))
-				.andExpect(redirectedUrl("/")).andReturn().getResponse().getCookie("remember-me");
-
-		this.mvc.perform(get("/somewhere").cookie(withoutKey)).andExpect(status().isFound())
-				.andExpect(redirectedUrl("http://localhost/login"));
-
-		Cookie withKey = this.mvc.perform(post("/login").with(rememberMeLogin())).andReturn().getResponse()
-				.getCookie("remember-me");
-		this.mvc.perform(get("/somewhere").cookie(withKey)).andExpect(status().isNotFound());
-	}
-
 	@Configuration
 	@EnableWebSecurity
 	@Order(0)
@@ -245,21 +352,6 @@ public class NamespaceRememberMeTests {
 
 	}
 
-	// http/remember-me@services-alias is not supported use standard aliasing instead
-	// (i.e. @Bean("alias"))
-
-	// http/remember-me@data-source-ref is not supported directly. Instead use
-	// http/remember-me@token-repository-ref example
-	@Test
-	public void rememberMeLoginWhenDeclaredTokenRepositoryThenMatchesNamespace() throws Exception {
-		TokenRepositoryRefConfig.TOKEN_REPOSITORY = mock(PersistentTokenRepository.class);
-		this.spring.register(TokenRepositoryRefConfig.class).autowire();
-
-		this.mvc.perform(post("/login").with(rememberMeLogin()));
-
-		verify(TokenRepositoryRefConfig.TOKEN_REPOSITORY).createNewToken(any(PersistentRememberMeToken.class));
-	}
-
 	@Configuration
 	@EnableWebSecurity
 	static class TokenRepositoryRefConfig extends UsersConfig {
@@ -282,15 +374,6 @@ public class NamespaceRememberMeTests {
 
 	}
 
-	@Test
-	public void rememberMeLoginWhenTokenValidityDeclaredThenMatchesNamespace() throws Exception {
-		this.spring.register(TokenValiditySecondsConfig.class).autowire();
-		Cookie expiredRememberMe = this.mvc.perform(post("/login").with(rememberMeLogin())).andReturn().getResponse()
-				.getCookie("remember-me");
-
-		assertThat(expiredRememberMe).extracting(Cookie::getMaxAge).isEqualTo(314);
-	}
-
 	@Configuration
 	@EnableWebSecurity
 	static class TokenValiditySecondsConfig extends UsersConfig {
@@ -311,24 +394,6 @@ public class NamespaceRememberMeTests {
 
 	}
 
-	@Test
-	public void rememberMeLoginWhenUsingDefaultsThenCookieMaxAgeMatchesNamespace() throws Exception {
-		this.spring.register(RememberMeConfig.class).autowire();
-		Cookie expiredRememberMe = this.mvc.perform(post("/login").with(rememberMeLogin())).andReturn().getResponse()
-				.getCookie("remember-me");
-
-		assertThat(expiredRememberMe).extracting(Cookie::getMaxAge).isEqualTo(AbstractRememberMeServices.TWO_WEEKS_S);
-	}
-
-	@Test
-	public void rememberMeLoginWhenUsingSecureCookieThenMatchesNamespace() throws Exception {
-		this.spring.register(UseSecureCookieConfig.class).autowire();
-		Cookie secureCookie = this.mvc.perform(post("/login").with(rememberMeLogin())).andReturn().getResponse()
-				.getCookie("remember-me");
-
-		assertThat(secureCookie).extracting(Cookie::getSecure).isEqualTo(true);
-	}
-
 	@Configuration
 	@EnableWebSecurity
 	static class UseSecureCookieConfig extends UsersConfig {
@@ -346,24 +411,6 @@ public class NamespaceRememberMeTests {
 
 	}
 
-	@Test
-	public void rememberMeLoginWhenUsingDefaultsThenCookieSecurityMatchesNamespace() throws Exception {
-		this.spring.register(RememberMeConfig.class).autowire();
-		Cookie secureCookie = this.mvc.perform(post("/login").with(rememberMeLogin()).secure(true)).andReturn()
-				.getResponse().getCookie("remember-me");
-
-		assertThat(secureCookie).extracting(Cookie::getSecure).isEqualTo(true);
-	}
-
-	@Test
-	public void rememberMeLoginWhenParameterSpecifiedThenMatchesNamespace() throws Exception {
-		this.spring.register(RememberMeParameterConfig.class).autowire();
-		Cookie rememberMe = this.mvc.perform(post("/login").with(rememberMeLogin("rememberMe", true))).andReturn()
-				.getResponse().getCookie("remember-me");
-
-		assertThat(rememberMe).isNotNull();
-	}
-
 	@Configuration
 	@EnableWebSecurity
 	static class RememberMeParameterConfig extends UsersConfig {
@@ -381,17 +428,6 @@ public class NamespaceRememberMeTests {
 
 	}
 
-	// SEC-2880
-
-	@Test
-	public void rememberMeLoginWhenCookieNameDeclaredThenMatchesNamespace() throws Exception {
-		this.spring.register(RememberMeCookieNameConfig.class).autowire();
-		Cookie rememberMe = this.mvc.perform(post("/login").with(rememberMeLogin())).andReturn().getResponse()
-				.getCookie("rememberMe");
-
-		assertThat(rememberMe).isNotNull();
-	}
-
 	@Configuration
 	@EnableWebSecurity
 	static class RememberMeCookieNameConfig extends UsersConfig {
@@ -409,16 +445,6 @@ public class NamespaceRememberMeTests {
 
 	}
 
-	@Test
-	public void rememberMeLoginWhenGlobalUserDetailsServiceDeclaredThenMatchesNamespace() throws Exception {
-		DefaultsUserDetailsServiceWithDaoConfig.USERDETAILS_SERVICE = mock(UserDetailsService.class);
-		this.spring.register(DefaultsUserDetailsServiceWithDaoConfig.class).autowire();
-
-		this.mvc.perform(post("/login").with(rememberMeLogin()));
-
-		verify(DefaultsUserDetailsServiceWithDaoConfig.USERDETAILS_SERVICE).loadUserByUsername("user");
-	}
-
 	@EnableWebSecurity
 	@Configuration
 	static class DefaultsUserDetailsServiceWithDaoConfig extends WebSecurityConfigurerAdapter {
@@ -445,19 +471,6 @@ public class NamespaceRememberMeTests {
 
 	}
 
-	@Test
-	public void rememberMeLoginWhenUserDetailsServiceDeclaredThenMatchesNamespace() throws Exception {
-		UserServiceRefConfig.USERDETAILS_SERVICE = mock(UserDetailsService.class);
-		this.spring.register(UserServiceRefConfig.class).autowire();
-
-		when(UserServiceRefConfig.USERDETAILS_SERVICE.loadUserByUsername("user"))
-				.thenReturn(new User("user", "password", AuthorityUtils.createAuthorityList("ROLE_USER")));
-
-		this.mvc.perform(post("/login").with(rememberMeLogin()));
-
-		verify(UserServiceRefConfig.USERDETAILS_SERVICE).loadUserByUsername("user");
-	}
-
 	@Configuration
 	@EnableWebSecurity
 	static class UserServiceRefConfig extends UsersConfig {
@@ -477,20 +490,6 @@ public class NamespaceRememberMeTests {
 
 	}
 
-	static RequestPostProcessor rememberMeLogin() {
-		return rememberMeLogin("remember-me", true);
-	}
-
-	static RequestPostProcessor rememberMeLogin(String parameterName, boolean parameterValue) {
-		return request -> {
-			csrf().postProcessRequest(request);
-			request.setParameter("username", "user");
-			request.setParameter("password", "password");
-			request.setParameter(parameterName, String.valueOf(parameterValue));
-			return request;
-		};
-	}
-
 	static class UsersConfig extends WebSecurityConfigurerAdapter {
 
 		@Override
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceSessionManagementTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceSessionManagementTests.java
index ee6dad15e1..4cea822c91 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceSessionManagementTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceSessionManagementTests.java
@@ -91,11 +91,6 @@ public class NamespaceSessionManagementTests {
 		assertThat(result.getRequest().getSession(false).getId()).isNotEqualTo(sessionId);
 	}
 
-	@EnableWebSecurity
-	static class SessionManagementConfig extends WebSecurityConfigurerAdapter {
-
-	}
-
 	@Test
 	public void authenticateWhenUsingInvalidSessionUrlThenMatchesNamespace() throws Exception {
 		this.spring.register(CustomSessionManagementConfig.class).autowire();
@@ -157,6 +152,104 @@ public class NamespaceSessionManagementTests {
 		verify(sessionRegistry).registerNewSession(any(String.class), any(Object.class));
 	}
 
+	// gh-3371
+	@Test
+	public void authenticateWhenUsingCustomInvalidSessionStrategyThenMatchesNamespace() throws Exception {
+		this.spring.register(InvalidSessionStrategyConfig.class).autowire();
+
+		this.mvc.perform(get("/auth").with(request -> {
+			request.setRequestedSessionIdValid(false);
+			request.setRequestedSessionId("id");
+			return request;
+		})).andExpect(status().isOk());
+
+		verifyBean(InvalidSessionStrategy.class).onInvalidSessionDetected(any(HttpServletRequest.class),
+				any(HttpServletResponse.class));
+	}
+
+	@Test
+	public void authenticateWhenUsingCustomSessionAuthenticationStrategyThenMatchesNamespace() throws Exception {
+		this.spring.register(RefsSessionManagementConfig.class, BasicController.class, UserDetailsServiceConfig.class)
+				.autowire();
+
+		this.mvc.perform(get("/auth").with(httpBasic("user", "password"))).andExpect(status().isOk());
+
+		verifyBean(SessionAuthenticationStrategy.class).onAuthentication(any(Authentication.class),
+				any(HttpServletRequest.class), any(HttpServletResponse.class));
+	}
+
+	@Test
+	public void authenticateWhenNoSessionFixationProtectionThenMatchesNamespace() throws Exception {
+		this.spring
+				.register(SFPNoneSessionManagementConfig.class, BasicController.class, UserDetailsServiceConfig.class)
+				.autowire();
+
+		MockHttpSession givenSession = new MockHttpSession();
+		String givenSessionId = givenSession.getId();
+		MockHttpSession resultingSession = (MockHttpSession) this.mvc
+				.perform(get("/auth").session(givenSession).with(httpBasic("user", "password")))
+				.andExpect(status().isOk()).andReturn().getRequest().getSession(false);
+
+		assertThat(givenSessionId).isEqualTo(resultingSession.getId());
+	}
+
+	@Test
+	public void authenticateWhenMigrateSessionFixationProtectionThenMatchesNamespace() throws Exception {
+		this.spring.register(SFPMigrateSessionManagementConfig.class, BasicController.class,
+				UserDetailsServiceConfig.class).autowire();
+
+		MockHttpSession givenSession = new MockHttpSession();
+		String givenSessionId = givenSession.getId();
+		givenSession.setAttribute("name", "value");
+
+		MockHttpSession resultingSession = (MockHttpSession) this.mvc
+				.perform(get("/auth").session(givenSession).with(httpBasic("user", "password")))
+				.andExpect(status().isOk()).andReturn().getRequest().getSession(false);
+
+		assertThat(givenSessionId).isNotEqualTo(resultingSession.getId());
+		assertThat(resultingSession.getAttribute("name")).isEqualTo("value");
+	}
+
+	// SEC-2913
+	@Test
+	public void authenticateWhenUsingSessionFixationProtectionThenUsesNonNullEventPublisher() throws Exception {
+		this.spring.register(SFPPostProcessedConfig.class, UserDetailsServiceConfig.class).autowire();
+
+		this.mvc.perform(get("/auth").session(new MockHttpSession()).with(httpBasic("user", "password")))
+				.andExpect(status().isNotFound());
+
+		verifyBean(MockEventListener.class).onApplicationEvent(any(SessionFixationProtectionEvent.class));
+	}
+
+	@Test
+	public void authenticateWhenNewSessionFixationProtectionThenMatchesNamespace() throws Exception {
+		this.spring.register(SFPNewSessionSessionManagementConfig.class, UserDetailsServiceConfig.class).autowire();
+
+		MockHttpSession givenSession = new MockHttpSession();
+		String givenSessionId = givenSession.getId();
+		givenSession.setAttribute("name", "value");
+
+		MockHttpSession resultingSession = (MockHttpSession) this.mvc
+				.perform(get("/auth").session(givenSession).with(httpBasic("user", "password")))
+				.andExpect(status().isNotFound()).andReturn().getRequest().getSession(false);
+
+		assertThat(givenSessionId).isNotEqualTo(resultingSession.getId());
+		assertThat(resultingSession.getAttribute("name")).isNull();
+	}
+
+	private <T> T verifyBean(Class<T> clazz) {
+		return verify(this.spring.getContext().getBean(clazz));
+	}
+
+	private static SessionResultMatcher session() {
+		return new SessionResultMatcher();
+	}
+
+	@EnableWebSecurity
+	static class SessionManagementConfig extends WebSecurityConfigurerAdapter {
+
+	}
+
 	@EnableWebSecurity
 	static class CustomSessionManagementConfig extends WebSecurityConfigurerAdapter {
 
@@ -188,21 +281,6 @@ public class NamespaceSessionManagementTests {
 
 	}
 
-	// gh-3371
-	@Test
-	public void authenticateWhenUsingCustomInvalidSessionStrategyThenMatchesNamespace() throws Exception {
-		this.spring.register(InvalidSessionStrategyConfig.class).autowire();
-
-		this.mvc.perform(get("/auth").with(request -> {
-			request.setRequestedSessionIdValid(false);
-			request.setRequestedSessionId("id");
-			return request;
-		})).andExpect(status().isOk());
-
-		verifyBean(InvalidSessionStrategy.class).onInvalidSessionDetected(any(HttpServletRequest.class),
-				any(HttpServletResponse.class));
-	}
-
 	@EnableWebSecurity
 	static class InvalidSessionStrategyConfig extends WebSecurityConfigurerAdapter {
 
@@ -224,17 +302,6 @@ public class NamespaceSessionManagementTests {
 
 	}
 
-	@Test
-	public void authenticateWhenUsingCustomSessionAuthenticationStrategyThenMatchesNamespace() throws Exception {
-		this.spring.register(RefsSessionManagementConfig.class, BasicController.class, UserDetailsServiceConfig.class)
-				.autowire();
-
-		this.mvc.perform(get("/auth").with(httpBasic("user", "password"))).andExpect(status().isOk());
-
-		verifyBean(SessionAuthenticationStrategy.class).onAuthentication(any(Authentication.class),
-				any(HttpServletRequest.class), any(HttpServletResponse.class));
-	}
-
 	@EnableWebSecurity
 	static class RefsSessionManagementConfig extends WebSecurityConfigurerAdapter {
 
@@ -258,21 +325,6 @@ public class NamespaceSessionManagementTests {
 
 	}
 
-	@Test
-	public void authenticateWhenNoSessionFixationProtectionThenMatchesNamespace() throws Exception {
-		this.spring
-				.register(SFPNoneSessionManagementConfig.class, BasicController.class, UserDetailsServiceConfig.class)
-				.autowire();
-
-		MockHttpSession givenSession = new MockHttpSession();
-		String givenSessionId = givenSession.getId();
-		MockHttpSession resultingSession = (MockHttpSession) this.mvc
-				.perform(get("/auth").session(givenSession).with(httpBasic("user", "password")))
-				.andExpect(status().isOk()).andReturn().getRequest().getSession(false);
-
-		assertThat(givenSessionId).isEqualTo(resultingSession.getId());
-	}
-
 	@EnableWebSecurity
 	static class SFPNoneSessionManagementConfig extends WebSecurityConfigurerAdapter {
 
@@ -289,23 +341,6 @@ public class NamespaceSessionManagementTests {
 
 	}
 
-	@Test
-	public void authenticateWhenMigrateSessionFixationProtectionThenMatchesNamespace() throws Exception {
-		this.spring.register(SFPMigrateSessionManagementConfig.class, BasicController.class,
-				UserDetailsServiceConfig.class).autowire();
-
-		MockHttpSession givenSession = new MockHttpSession();
-		String givenSessionId = givenSession.getId();
-		givenSession.setAttribute("name", "value");
-
-		MockHttpSession resultingSession = (MockHttpSession) this.mvc
-				.perform(get("/auth").session(givenSession).with(httpBasic("user", "password")))
-				.andExpect(status().isOk()).andReturn().getRequest().getSession(false);
-
-		assertThat(givenSessionId).isNotEqualTo(resultingSession.getId());
-		assertThat(resultingSession.getAttribute("name")).isEqualTo("value");
-	}
-
 	@EnableWebSecurity
 	static class SFPMigrateSessionManagementConfig extends WebSecurityConfigurerAdapter {
 
@@ -321,17 +356,6 @@ public class NamespaceSessionManagementTests {
 
 	}
 
-	// SEC-2913
-	@Test
-	public void authenticateWhenUsingSessionFixationProtectionThenUsesNonNullEventPublisher() throws Exception {
-		this.spring.register(SFPPostProcessedConfig.class, UserDetailsServiceConfig.class).autowire();
-
-		this.mvc.perform(get("/auth").session(new MockHttpSession()).with(httpBasic("user", "password")))
-				.andExpect(status().isNotFound());
-
-		verifyBean(MockEventListener.class).onApplicationEvent(any(SessionFixationProtectionEvent.class));
-	}
-
 	@EnableWebSecurity
 	static class SFPPostProcessedConfig extends WebSecurityConfigurerAdapter {
 
@@ -352,22 +376,6 @@ public class NamespaceSessionManagementTests {
 
 	}
 
-	@Test
-	public void authenticateWhenNewSessionFixationProtectionThenMatchesNamespace() throws Exception {
-		this.spring.register(SFPNewSessionSessionManagementConfig.class, UserDetailsServiceConfig.class).autowire();
-
-		MockHttpSession givenSession = new MockHttpSession();
-		String givenSessionId = givenSession.getId();
-		givenSession.setAttribute("name", "value");
-
-		MockHttpSession resultingSession = (MockHttpSession) this.mvc
-				.perform(get("/auth").session(givenSession).with(httpBasic("user", "password")))
-				.andExpect(status().isNotFound()).andReturn().getRequest().getSession(false);
-
-		assertThat(givenSessionId).isNotEqualTo(resultingSession.getId());
-		assertThat(resultingSession.getAttribute("name")).isNull();
-	}
-
 	@EnableWebSecurity
 	static class SFPNewSessionSessionManagementConfig extends WebSecurityConfigurerAdapter {
 
@@ -384,10 +392,6 @@ public class NamespaceSessionManagementTests {
 
 	}
 
-	private <T> T verifyBean(Class<T> clazz) {
-		return verify(this.spring.getContext().getBean(clazz));
-	}
-
 	static class MockEventListener implements ApplicationListener<SessionFixationProtectionEvent> {
 
 		List<SessionFixationProtectionEvent> events = new ArrayList<>();
@@ -431,10 +435,6 @@ public class NamespaceSessionManagementTests {
 
 	}
 
-	private static SessionResultMatcher session() {
-		return new SessionResultMatcher();
-	}
-
 	private static class SessionResultMatcher implements ResultMatcher {
 
 		private String id;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/PermitAllSupportTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/PermitAllSupportTests.java
index 0af8e42362..8d8fd76f3a 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/PermitAllSupportTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/PermitAllSupportTests.java
@@ -55,6 +55,13 @@ public class PermitAllSupportTests {
 		this.mvc.perform(get("/app/abc").with(csrf()).contextPath("/app")).andExpect(status().isFound());
 	}
 
+	@Test
+	public void configureWhenNotAuthorizeRequestsThenException() {
+		assertThatCode(() -> this.spring.register(NoAuthorizedUrlsConfig.class).autowire())
+				.isInstanceOf(BeanCreationException.class)
+				.hasMessageContaining("permitAll only works with HttpSecurity.authorizeRequests");
+	}
+
 	@EnableWebSecurity
 	static class PermitAllConfig extends WebSecurityConfigurerAdapter {
 
@@ -73,13 +80,6 @@ public class PermitAllSupportTests {
 
 	}
 
-	@Test
-	public void configureWhenNotAuthorizeRequestsThenException() {
-		assertThatCode(() -> this.spring.register(NoAuthorizedUrlsConfig.class).autowire())
-				.isInstanceOf(BeanCreationException.class)
-				.hasMessageContaining("permitAll only works with HttpSecurity.authorizeRequests");
-	}
-
 	@EnableWebSecurity
 	static class NoAuthorizedUrlsConfig extends WebSecurityConfigurerAdapter {
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/PortMapperConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/PortMapperConfigurerTests.java
index fadb69cbbe..8fd6a64f0b 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/PortMapperConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/PortMapperConfigurerTests.java
@@ -50,6 +50,20 @@ public class PortMapperConfigurerTests {
 		this.mockMvc.perform(get("http://localhost:543")).andExpect(redirectedUrl("https://localhost:123"));
 	}
 
+	@Test
+	public void requestWhenPortMapperHttpMapsToInLambdaThenRedirectsToHttpsPort() throws Exception {
+		this.spring.register(HttpMapsToInLambdaConfig.class).autowire();
+
+		this.mockMvc.perform(get("http://localhost:543")).andExpect(redirectedUrl("https://localhost:123"));
+	}
+
+	@Test
+	public void requestWhenCustomPortMapperInLambdaThenRedirectsToHttpsPort() throws Exception {
+		this.spring.register(CustomPortMapperInLambdaConfig.class).autowire();
+
+		this.mockMvc.perform(get("http://localhost:543")).andExpect(redirectedUrl("https://localhost:123"));
+	}
+
 	@EnableWebSecurity
 	static class InvokeTwiceDoesNotOverride extends WebSecurityConfigurerAdapter {
 
@@ -69,13 +83,6 @@ public class PortMapperConfigurerTests {
 
 	}
 
-	@Test
-	public void requestWhenPortMapperHttpMapsToInLambdaThenRedirectsToHttpsPort() throws Exception {
-		this.spring.register(HttpMapsToInLambdaConfig.class).autowire();
-
-		this.mockMvc.perform(get("http://localhost:543")).andExpect(redirectedUrl("https://localhost:123"));
-	}
-
 	@EnableWebSecurity
 	static class HttpMapsToInLambdaConfig extends WebSecurityConfigurerAdapter {
 
@@ -96,13 +103,6 @@ public class PortMapperConfigurerTests {
 
 	}
 
-	@Test
-	public void requestWhenCustomPortMapperInLambdaThenRedirectsToHttpsPort() throws Exception {
-		this.spring.register(CustomPortMapperInLambdaConfig.class).autowire();
-
-		this.mockMvc.perform(get("http://localhost:543")).andExpect(redirectedUrl("https://localhost:123"));
-	}
-
 	@EnableWebSecurity
 	static class CustomPortMapperInLambdaConfig extends WebSecurityConfigurerAdapter {
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurerTests.java
index cb312190c3..9de0c521d8 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurerTests.java
@@ -86,35 +86,6 @@ public class RememberMeConfigurerTests {
 				.param("remember-me", "true").with(csrf()))).hasMessageContaining("UserDetailsService is required");
 	}
 
-	@EnableWebSecurity
-	static class NullUserDetailsConfig extends WebSecurityConfigurerAdapter {
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.authorizeRequests()
-					.anyRequest().hasRole("USER")
-					.and()
-				.formLogin()
-					.and()
-				.rememberMe();
-			// @formatter:on
-		}
-
-		@Override
-		protected void configure(AuthenticationManagerBuilder auth) {
-			User user = (User) PasswordEncodedUser.user();
-			DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
-			provider.setUserDetailsService(new InMemoryUserDetailsManager(Collections.singletonList(user)));
-			// @formatter:off
-			auth
-				.authenticationProvider(provider);
-			// @formatter:on
-		}
-
-	}
-
 	@Test
 	public void configureWhenRegisteringObjectPostProcessorThenInvokedOnRememberMeAuthenticationFilter() {
 		this.spring.register(ObjectPostProcessorConfig.class).autowire();
@@ -122,44 +93,6 @@ public class RememberMeConfigurerTests {
 		verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(RememberMeAuthenticationFilter.class));
 	}
 
-	@EnableWebSecurity
-	static class ObjectPostProcessorConfig extends WebSecurityConfigurerAdapter {
-
-		static ObjectPostProcessor<Object> objectPostProcessor = spy(ReflectingObjectPostProcessor.class);
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.rememberMe()
-					.userDetailsService(new AuthenticationManagerBuilder(objectPostProcessor).getDefaultUserDetailsService());
-			// @formatter:on
-		}
-
-		@Override
-		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
-			// @formatter:off
-			auth
-				.inMemoryAuthentication();
-			// @formatter:on
-		}
-
-		@Bean
-		static ObjectPostProcessor<Object> objectPostProcessor() {
-			return objectPostProcessor;
-		}
-
-	}
-
-	static class ReflectingObjectPostProcessor implements ObjectPostProcessor<Object> {
-
-		@Override
-		public <O> O postProcess(O object) {
-			return object;
-		}
-
-	}
-
 	@Test
 	public void rememberMeWhenInvokedTwiceThenUsesOriginalUserDetailsService() throws Exception {
 		when(DuplicateDoesNotOverrideConfig.userDetailsService.loadUserByUsername(anyString()))
@@ -171,40 +104,6 @@ public class RememberMeConfigurerTests {
 		verify(DuplicateDoesNotOverrideConfig.userDetailsService).loadUserByUsername("user");
 	}
 
-	@EnableWebSecurity
-	static class DuplicateDoesNotOverrideConfig extends WebSecurityConfigurerAdapter {
-
-		static UserDetailsService userDetailsService = mock(UserDetailsService.class);
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.httpBasic()
-					.and()
-				.rememberMe()
-					.userDetailsService(userDetailsService)
-					.and()
-				.rememberMe();
-			// @formatter:on
-		}
-
-		@Override
-		@Bean
-		public UserDetailsService userDetailsService() {
-			return new InMemoryUserDetailsManager(
-			// @formatter:off
-					User.withDefaultPasswordEncoder()
-							.username("user")
-							.password("password")
-							.roles("USER")
-							.build()
-					// @formatter:on
-			);
-		}
-
-	}
-
 	@Test
 	public void loginWhenRememberMeTrueThenRespondsWithRememberMeCookie() throws Exception {
 		this.spring.register(RememberMeConfig.class).autowire();
@@ -255,6 +154,152 @@ public class RememberMeConfigurerTests {
 				.andExpect(redirectedUrl("http://localhost/login"));
 	}
 
+	@Test
+	public void loginWhenRememberMeConfiguredInLambdaThenRespondsWithRememberMeCookie() throws Exception {
+		this.spring.register(RememberMeInLambdaConfig.class).autowire();
+
+		this.mvc.perform(post("/login").with(csrf()).param("username", "user").param("password", "password")
+				.param("remember-me", "true")).andExpect(cookie().exists("remember-me"));
+	}
+
+	@Test
+	public void loginWhenRememberMeTrueAndCookieDomainThenRememberMeCookieHasDomain() throws Exception {
+		this.spring.register(RememberMeCookieDomainConfig.class).autowire();
+
+		this.mvc.perform(post("/login").with(csrf()).param("username", "user").param("password", "password")
+				.param("remember-me", "true")).andExpect(cookie().exists("remember-me"))
+				.andExpect(cookie().domain("remember-me", "spring.io"));
+	}
+
+	@Test
+	public void loginWhenRememberMeTrueAndCookieDomainInLambdaThenRememberMeCookieHasDomain() throws Exception {
+		this.spring.register(RememberMeCookieDomainInLambdaConfig.class).autowire();
+
+		this.mvc.perform(post("/login").with(csrf()).param("username", "user").param("password", "password")
+				.param("remember-me", "true")).andExpect(cookie().exists("remember-me"))
+				.andExpect(cookie().domain("remember-me", "spring.io"));
+	}
+
+	@Test
+	public void configureWhenRememberMeCookieNameAndRememberMeServicesThenException() {
+		assertThatThrownBy(() -> this.spring.register(RememberMeCookieNameAndRememberMeServicesConfig.class).autowire())
+				.isInstanceOf(BeanCreationException.class).hasRootCauseInstanceOf(IllegalArgumentException.class)
+				.hasMessageContaining("Can not set rememberMeCookieName and custom rememberMeServices.");
+	}
+
+	@Test
+	public void getWhenRememberMeCookieAndNoKeyConfiguredThenKeyFromRememberMeServicesIsUsed() throws Exception {
+		this.spring.register(FallbackRememberMeKeyConfig.class).autowire();
+
+		MvcResult mvcResult = this.mvc.perform(post("/login").with(csrf()).param("username", "user")
+				.param("password", "password").param("remember-me", "true")).andReturn();
+		Cookie rememberMeCookie = mvcResult.getResponse().getCookie("remember-me");
+
+		this.mvc.perform(get("/abc").cookie(rememberMeCookie)).andExpect(authenticated()
+				.withAuthentication(auth -> assertThat(auth).isInstanceOf(RememberMeAuthenticationToken.class)));
+	}
+
+	@EnableWebSecurity
+	static class NullUserDetailsConfig extends WebSecurityConfigurerAdapter {
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.authorizeRequests()
+					.anyRequest().hasRole("USER")
+					.and()
+				.formLogin()
+					.and()
+				.rememberMe();
+			// @formatter:on
+		}
+
+		@Override
+		protected void configure(AuthenticationManagerBuilder auth) {
+			User user = (User) PasswordEncodedUser.user();
+			DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
+			provider.setUserDetailsService(new InMemoryUserDetailsManager(Collections.singletonList(user)));
+			// @formatter:off
+			auth
+				.authenticationProvider(provider);
+			// @formatter:on
+		}
+
+	}
+
+	@EnableWebSecurity
+	static class ObjectPostProcessorConfig extends WebSecurityConfigurerAdapter {
+
+		static ObjectPostProcessor<Object> objectPostProcessor = spy(ReflectingObjectPostProcessor.class);
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.rememberMe()
+					.userDetailsService(new AuthenticationManagerBuilder(objectPostProcessor).getDefaultUserDetailsService());
+			// @formatter:on
+		}
+
+		@Override
+		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
+			auth
+				.inMemoryAuthentication();
+			// @formatter:on
+		}
+
+		@Bean
+		static ObjectPostProcessor<Object> objectPostProcessor() {
+			return objectPostProcessor;
+		}
+
+	}
+
+	static class ReflectingObjectPostProcessor implements ObjectPostProcessor<Object> {
+
+		@Override
+		public <O> O postProcess(O object) {
+			return object;
+		}
+
+	}
+
+	@EnableWebSecurity
+	static class DuplicateDoesNotOverrideConfig extends WebSecurityConfigurerAdapter {
+
+		static UserDetailsService userDetailsService = mock(UserDetailsService.class);
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.httpBasic()
+					.and()
+				.rememberMe()
+					.userDetailsService(userDetailsService)
+					.and()
+				.rememberMe();
+			// @formatter:on
+		}
+
+		@Override
+		@Bean
+		public UserDetailsService userDetailsService() {
+			return new InMemoryUserDetailsManager(
+			// @formatter:off
+					User.withDefaultPasswordEncoder()
+							.username("user")
+							.password("password")
+							.roles("USER")
+							.build()
+					// @formatter:on
+			);
+		}
+
+	}
+
 	@EnableWebSecurity
 	static class RememberMeConfig extends WebSecurityConfigurerAdapter {
 
@@ -282,14 +327,6 @@ public class RememberMeConfigurerTests {
 
 	}
 
-	@Test
-	public void loginWhenRememberMeConfiguredInLambdaThenRespondsWithRememberMeCookie() throws Exception {
-		this.spring.register(RememberMeInLambdaConfig.class).autowire();
-
-		this.mvc.perform(post("/login").with(csrf()).param("username", "user").param("password", "password")
-				.param("remember-me", "true")).andExpect(cookie().exists("remember-me"));
-	}
-
 	@EnableWebSecurity
 	static class RememberMeInLambdaConfig extends WebSecurityConfigurerAdapter {
 
@@ -317,15 +354,6 @@ public class RememberMeConfigurerTests {
 
 	}
 
-	@Test
-	public void loginWhenRememberMeTrueAndCookieDomainThenRememberMeCookieHasDomain() throws Exception {
-		this.spring.register(RememberMeCookieDomainConfig.class).autowire();
-
-		this.mvc.perform(post("/login").with(csrf()).param("username", "user").param("password", "password")
-				.param("remember-me", "true")).andExpect(cookie().exists("remember-me"))
-				.andExpect(cookie().domain("remember-me", "spring.io"));
-	}
-
 	@EnableWebSecurity
 	static class RememberMeCookieDomainConfig extends WebSecurityConfigurerAdapter {
 
@@ -354,15 +382,6 @@ public class RememberMeConfigurerTests {
 
 	}
 
-	@Test
-	public void loginWhenRememberMeTrueAndCookieDomainInLambdaThenRememberMeCookieHasDomain() throws Exception {
-		this.spring.register(RememberMeCookieDomainInLambdaConfig.class).autowire();
-
-		this.mvc.perform(post("/login").with(csrf()).param("username", "user").param("password", "password")
-				.param("remember-me", "true")).andExpect(cookie().exists("remember-me"))
-				.andExpect(cookie().domain("remember-me", "spring.io"));
-	}
-
 	@EnableWebSecurity
 	static class RememberMeCookieDomainInLambdaConfig extends WebSecurityConfigurerAdapter {
 
@@ -393,13 +412,6 @@ public class RememberMeConfigurerTests {
 
 	}
 
-	@Test
-	public void configureWhenRememberMeCookieNameAndRememberMeServicesThenException() {
-		assertThatThrownBy(() -> this.spring.register(RememberMeCookieNameAndRememberMeServicesConfig.class).autowire())
-				.isInstanceOf(BeanCreationException.class).hasRootCauseInstanceOf(IllegalArgumentException.class)
-				.hasMessageContaining("Can not set rememberMeCookieName and custom rememberMeServices.");
-	}
-
 	@EnableWebSecurity
 	static class RememberMeCookieNameAndRememberMeServicesConfig extends WebSecurityConfigurerAdapter {
 
@@ -432,18 +444,6 @@ public class RememberMeConfigurerTests {
 
 	}
 
-	@Test
-	public void getWhenRememberMeCookieAndNoKeyConfiguredThenKeyFromRememberMeServicesIsUsed() throws Exception {
-		this.spring.register(FallbackRememberMeKeyConfig.class).autowire();
-
-		MvcResult mvcResult = this.mvc.perform(post("/login").with(csrf()).param("username", "user")
-				.param("password", "password").param("remember-me", "true")).andReturn();
-		Cookie rememberMeCookie = mvcResult.getResponse().getCookie("remember-me");
-
-		this.mvc.perform(get("/abc").cookie(rememberMeCookie)).andExpect(authenticated()
-				.withAuthentication(auth -> assertThat(auth).isInstanceOf(RememberMeAuthenticationToken.class)));
-	}
-
 	@EnableWebSecurity
 	static class FallbackRememberMeKeyConfig extends RememberMeConfig {
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestCacheConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestCacheConfigurerTests.java
index 9bb76f55b1..f1c2e15727 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestCacheConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestCacheConfigurerTests.java
@@ -72,35 +72,6 @@ public class RequestCacheConfigurerTests {
 		verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(RequestCacheAwareFilter.class));
 	}
 
-	@EnableWebSecurity
-	static class ObjectPostProcessorConfig extends WebSecurityConfigurerAdapter {
-
-		static ObjectPostProcessor<Object> objectPostProcessor = spy(ReflectingObjectPostProcessor.class);
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.requestCache();
-			// @formatter:on
-		}
-
-		@Bean
-		static ObjectPostProcessor<Object> objectPostProcessor() {
-			return objectPostProcessor;
-		}
-
-	}
-
-	static class ReflectingObjectPostProcessor implements ObjectPostProcessor<Object> {
-
-		@Override
-		public <O> O postProcess(O object) {
-			return object;
-		}
-
-	}
-
 	@Test
 	public void getWhenInvokingExceptionHandlingTwiceThenOriginalEntryPointUsed() throws Exception {
 		this.spring.register(InvokeTwiceDoesNotOverrideConfig.class).autowire();
@@ -111,24 +82,6 @@ public class RequestCacheConfigurerTests {
 				any(HttpServletResponse.class));
 	}
 
-	@EnableWebSecurity
-	static class InvokeTwiceDoesNotOverrideConfig extends WebSecurityConfigurerAdapter {
-
-		static RequestCache requestCache = mock(RequestCache.class);
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.requestCache()
-					.requestCache(requestCache)
-					.and()
-				.requestCache();
-			// @formatter:on
-		}
-
-	}
-
 	@Test
 	public void getWhenBookmarkedUrlIsFaviconIcoThenPostAuthenticationRedirectsToRoot() throws Exception {
 		this.spring.register(RequestCacheDefaultsConfig.class, DefaultSecurityConfig.class).autowire();
@@ -242,22 +195,6 @@ public class RequestCacheConfigurerTests {
 		this.mvc.perform(formLogin(session)).andExpect(redirectedUrl("http://localhost/messages"));
 	}
 
-	@EnableWebSecurity
-	static class RequestCacheDefaultsConfig extends WebSecurityConfigurerAdapter {
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.authorizeRequests()
-					.anyRequest().authenticated()
-					.and()
-				.formLogin();
-			// @formatter:on
-		}
-
-	}
-
 	// gh-6102
 	@Test
 	public void getWhenRequestCacheIsDisabledThenExceptionTranslationFilterDoesNotStoreRequest() throws Exception {
@@ -282,6 +219,101 @@ public class RequestCacheConfigurerTests {
 		this.mvc.perform(formLogin(session)).andExpect(redirectedUrl("/"));
 	}
 
+	@Test
+	public void getWhenRequestCacheIsDisabledInLambdaThenExceptionTranslationFilterDoesNotStoreRequest()
+			throws Exception {
+		this.spring.register(RequestCacheDisabledInLambdaConfig.class, DefaultSecurityConfig.class).autowire();
+
+		MockHttpSession session = (MockHttpSession) this.mvc.perform(get("/bob")).andReturn().getRequest().getSession();
+
+		this.mvc.perform(formLogin(session)).andExpect(redirectedUrl("/"));
+	}
+
+	@Test
+	public void getWhenRequestCacheInLambdaThenRedirectedToCachedPage() throws Exception {
+		this.spring.register(RequestCacheInLambdaConfig.class, DefaultSecurityConfig.class).autowire();
+
+		MockHttpSession session = (MockHttpSession) this.mvc.perform(get("/bob")).andReturn().getRequest().getSession();
+
+		this.mvc.perform(formLogin(session)).andExpect(redirectedUrl("http://localhost/bob"));
+	}
+
+	@Test
+	public void getWhenCustomRequestCacheInLambdaThenCustomRequestCacheUsed() throws Exception {
+		this.spring.register(CustomRequestCacheInLambdaConfig.class, DefaultSecurityConfig.class).autowire();
+
+		MockHttpSession session = (MockHttpSession) this.mvc.perform(get("/bob")).andReturn().getRequest().getSession();
+
+		this.mvc.perform(formLogin(session)).andExpect(redirectedUrl("/"));
+	}
+
+	private static RequestBuilder formLogin(MockHttpSession session) {
+		return post("/login").param("username", "user").param("password", "password").session(session).with(csrf());
+	}
+
+	@EnableWebSecurity
+	static class ObjectPostProcessorConfig extends WebSecurityConfigurerAdapter {
+
+		static ObjectPostProcessor<Object> objectPostProcessor = spy(ReflectingObjectPostProcessor.class);
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.requestCache();
+			// @formatter:on
+		}
+
+		@Bean
+		static ObjectPostProcessor<Object> objectPostProcessor() {
+			return objectPostProcessor;
+		}
+
+	}
+
+	static class ReflectingObjectPostProcessor implements ObjectPostProcessor<Object> {
+
+		@Override
+		public <O> O postProcess(O object) {
+			return object;
+		}
+
+	}
+
+	@EnableWebSecurity
+	static class InvokeTwiceDoesNotOverrideConfig extends WebSecurityConfigurerAdapter {
+
+		static RequestCache requestCache = mock(RequestCache.class);
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.requestCache()
+					.requestCache(requestCache)
+					.and()
+				.requestCache();
+			// @formatter:on
+		}
+
+	}
+
+	@EnableWebSecurity
+	static class RequestCacheDefaultsConfig extends WebSecurityConfigurerAdapter {
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.authorizeRequests()
+					.anyRequest().authenticated()
+					.and()
+				.formLogin();
+			// @formatter:on
+		}
+
+	}
+
 	@EnableWebSecurity
 	static class RequestCacheDisabledConfig extends WebSecurityConfigurerAdapter {
 
@@ -293,16 +325,6 @@ public class RequestCacheConfigurerTests {
 
 	}
 
-	@Test
-	public void getWhenRequestCacheIsDisabledInLambdaThenExceptionTranslationFilterDoesNotStoreRequest()
-			throws Exception {
-		this.spring.register(RequestCacheDisabledInLambdaConfig.class, DefaultSecurityConfig.class).autowire();
-
-		MockHttpSession session = (MockHttpSession) this.mvc.perform(get("/bob")).andReturn().getRequest().getSession();
-
-		this.mvc.perform(formLogin(session)).andExpect(redirectedUrl("/"));
-	}
-
 	@EnableWebSecurity
 	static class RequestCacheDisabledInLambdaConfig extends WebSecurityConfigurerAdapter {
 
@@ -321,15 +343,6 @@ public class RequestCacheConfigurerTests {
 
 	}
 
-	@Test
-	public void getWhenRequestCacheInLambdaThenRedirectedToCachedPage() throws Exception {
-		this.spring.register(RequestCacheInLambdaConfig.class, DefaultSecurityConfig.class).autowire();
-
-		MockHttpSession session = (MockHttpSession) this.mvc.perform(get("/bob")).andReturn().getRequest().getSession();
-
-		this.mvc.perform(formLogin(session)).andExpect(redirectedUrl("http://localhost/bob"));
-	}
-
 	@EnableWebSecurity
 	static class RequestCacheInLambdaConfig extends WebSecurityConfigurerAdapter {
 
@@ -348,15 +361,6 @@ public class RequestCacheConfigurerTests {
 
 	}
 
-	@Test
-	public void getWhenCustomRequestCacheInLambdaThenCustomRequestCacheUsed() throws Exception {
-		this.spring.register(CustomRequestCacheInLambdaConfig.class, DefaultSecurityConfig.class).autowire();
-
-		MockHttpSession session = (MockHttpSession) this.mvc.perform(get("/bob")).andReturn().getRequest().getSession();
-
-		this.mvc.perform(formLogin(session)).andExpect(redirectedUrl("/"));
-	}
-
 	@EnableWebSecurity
 	static class CustomRequestCacheInLambdaConfig extends WebSecurityConfigurerAdapter {
 
@@ -395,8 +399,4 @@ public class RequestCacheConfigurerTests {
 
 	}
 
-	private static RequestBuilder formLogin(MockHttpSession session) {
-		return post("/login").param("username", "user").param("password", "password").session(session).with(csrf());
-	}
-
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestMatcherConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestMatcherConfigurerTests.java
index ae744a06f5..9abd316d03 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestMatcherConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestMatcherConfigurerTests.java
@@ -52,6 +52,14 @@ public class RequestMatcherConfigurerTests {
 		this.mvc.perform(get("/api/abc")).andExpect(status().isForbidden());
 	}
 
+	@Test
+	public void authorizeRequestsWhenInvokedMultipleTimesInLambdaThenChainsPaths() throws Exception {
+		this.spring.register(AuthorizeRequestInLambdaConfig.class).autowire();
+
+		this.mvc.perform(get("/oauth/abc")).andExpect(status().isForbidden());
+		this.mvc.perform(get("/api/abc")).andExpect(status().isForbidden());
+	}
+
 	@EnableWebSecurity
 	static class Sec2908Config extends WebSecurityConfigurerAdapter {
 
@@ -72,14 +80,6 @@ public class RequestMatcherConfigurerTests {
 
 	}
 
-	@Test
-	public void authorizeRequestsWhenInvokedMultipleTimesInLambdaThenChainsPaths() throws Exception {
-		this.spring.register(AuthorizeRequestInLambdaConfig.class).autowire();
-
-		this.mvc.perform(get("/oauth/abc")).andExpect(status().isForbidden());
-		this.mvc.perform(get("/api/abc")).andExpect(status().isForbidden());
-	}
-
 	@EnableWebSecurity
 	static class AuthorizeRequestInLambdaConfig extends WebSecurityConfigurerAdapter {
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SecurityContextConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SecurityContextConfigurerTests.java
index 2bfd5fda47..4d7b7e052d 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SecurityContextConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SecurityContextConfigurerTests.java
@@ -71,6 +71,51 @@ public class SecurityContextConfigurerTests {
 		verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(SecurityContextPersistenceFilter.class));
 	}
 
+	@Test
+	public void securityContextWhenInvokedTwiceThenUsesOriginalSecurityContextRepository() throws Exception {
+		this.spring.register(DuplicateDoesNotOverrideConfig.class).autowire();
+		when(DuplicateDoesNotOverrideConfig.SCR.loadContext(any())).thenReturn(mock(SecurityContext.class));
+
+		this.mvc.perform(get("/"));
+
+		verify(DuplicateDoesNotOverrideConfig.SCR).loadContext(any(HttpRequestResponseHolder.class));
+	}
+
+	// SEC-2932
+	@Test
+	public void securityContextWhenSecurityContextRepositoryNotConfiguredThenDoesNotThrowException() throws Exception {
+		this.spring.register(SecurityContextRepositoryDefaultsSecurityContextRepositoryConfig.class).autowire();
+
+		this.mvc.perform(get("/"));
+	}
+
+	@Test
+	public void requestWhenSecurityContextWithDefaultsInLambdaThenSessionIsCreated() throws Exception {
+		this.spring.register(SecurityContextWithDefaultsInLambdaConfig.class).autowire();
+
+		MvcResult mvcResult = this.mvc.perform(formLogin()).andReturn();
+		HttpSession session = mvcResult.getRequest().getSession(false);
+		assertThat(session).isNotNull();
+	}
+
+	@Test
+	public void requestWhenSecurityContextDisabledInLambdaThenContextNotSavedInSession() throws Exception {
+		this.spring.register(SecurityContextDisabledInLambdaConfig.class).autowire();
+
+		MvcResult mvcResult = this.mvc.perform(formLogin()).andReturn();
+		HttpSession session = mvcResult.getRequest().getSession(false);
+		assertThat(session).isNull();
+	}
+
+	@Test
+	public void requestWhenNullSecurityContextRepositoryInLambdaThenContextNotSavedInSession() throws Exception {
+		this.spring.register(NullSecurityContextRepositoryInLambdaConfig.class).autowire();
+
+		MvcResult mvcResult = this.mvc.perform(formLogin()).andReturn();
+		HttpSession session = mvcResult.getRequest().getSession(false);
+		assertThat(session).isNull();
+	}
+
 	@EnableWebSecurity
 	static class ObjectPostProcessorConfig extends WebSecurityConfigurerAdapter {
 
@@ -100,16 +145,6 @@ public class SecurityContextConfigurerTests {
 
 	}
 
-	@Test
-	public void securityContextWhenInvokedTwiceThenUsesOriginalSecurityContextRepository() throws Exception {
-		this.spring.register(DuplicateDoesNotOverrideConfig.class).autowire();
-		when(DuplicateDoesNotOverrideConfig.SCR.loadContext(any())).thenReturn(mock(SecurityContext.class));
-
-		this.mvc.perform(get("/"));
-
-		verify(DuplicateDoesNotOverrideConfig.SCR).loadContext(any(HttpRequestResponseHolder.class));
-	}
-
 	@EnableWebSecurity
 	static class DuplicateDoesNotOverrideConfig extends WebSecurityConfigurerAdapter {
 
@@ -128,14 +163,6 @@ public class SecurityContextConfigurerTests {
 
 	}
 
-	// SEC-2932
-	@Test
-	public void securityContextWhenSecurityContextRepositoryNotConfiguredThenDoesNotThrowException() throws Exception {
-		this.spring.register(SecurityContextRepositoryDefaultsSecurityContextRepositoryConfig.class).autowire();
-
-		this.mvc.perform(get("/"));
-	}
-
 	@Configuration
 	@EnableWebSecurity
 	static class SecurityContextRepositoryDefaultsSecurityContextRepositoryConfig extends WebSecurityConfigurerAdapter {
@@ -171,15 +198,6 @@ public class SecurityContextConfigurerTests {
 
 	}
 
-	@Test
-	public void requestWhenSecurityContextWithDefaultsInLambdaThenSessionIsCreated() throws Exception {
-		this.spring.register(SecurityContextWithDefaultsInLambdaConfig.class).autowire();
-
-		MvcResult mvcResult = this.mvc.perform(formLogin()).andReturn();
-		HttpSession session = mvcResult.getRequest().getSession(false);
-		assertThat(session).isNotNull();
-	}
-
 	@EnableWebSecurity
 	static class SecurityContextWithDefaultsInLambdaConfig extends WebSecurityConfigurerAdapter {
 
@@ -203,15 +221,6 @@ public class SecurityContextConfigurerTests {
 
 	}
 
-	@Test
-	public void requestWhenSecurityContextDisabledInLambdaThenContextNotSavedInSession() throws Exception {
-		this.spring.register(SecurityContextDisabledInLambdaConfig.class).autowire();
-
-		MvcResult mvcResult = this.mvc.perform(formLogin()).andReturn();
-		HttpSession session = mvcResult.getRequest().getSession(false);
-		assertThat(session).isNull();
-	}
-
 	@EnableWebSecurity
 	static class SecurityContextDisabledInLambdaConfig extends WebSecurityConfigurerAdapter {
 
@@ -235,15 +244,6 @@ public class SecurityContextConfigurerTests {
 
 	}
 
-	@Test
-	public void requestWhenNullSecurityContextRepositoryInLambdaThenContextNotSavedInSession() throws Exception {
-		this.spring.register(NullSecurityContextRepositoryInLambdaConfig.class).autowire();
-
-		MvcResult mvcResult = this.mvc.perform(formLogin()).andReturn();
-		HttpSession session = mvcResult.getRequest().getSession(false);
-		assertThat(session).isNull();
-	}
-
 	@EnableWebSecurity
 	static class NullSecurityContextRepositoryInLambdaConfig extends WebSecurityConfigurerAdapter {
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ServletApiConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ServletApiConfigurerTests.java
index b94cbdf0eb..0850eb24ca 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ServletApiConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ServletApiConfigurerTests.java
@@ -93,6 +93,127 @@ public class ServletApiConfigurerTests {
 				.postProcess(any(SecurityContextHolderAwareRequestFilter.class));
 	}
 
+	// SEC-2215
+	@Test
+	public void configureWhenUsingDefaultsThenAuthenticationManagerIsNotNull() {
+		this.spring.register(ServletApiConfig.class).autowire();
+
+		assertThat(this.spring.getContext().getBean("customAuthenticationManager")).isNotNull();
+	}
+
+	@Test
+	public void configureWhenUsingDefaultsThenAuthenticationEntryPointIsLogin() throws Exception {
+		this.spring.register(ServletApiConfig.class).autowire();
+
+		this.mvc.perform(formLogin()).andExpect(status().isFound());
+	}
+
+	// SEC-2926
+	@Test
+	public void configureWhenUsingDefaultsThenRolePrefixIsSet() throws Exception {
+		this.spring.register(ServletApiConfig.class, AdminController.class).autowire();
+
+		this.mvc.perform(
+				get("/admin").with(authentication(new TestingAuthenticationToken("user", "pass", "ROLE_ADMIN"))))
+				.andExpect(status().isOk());
+	}
+
+	@Test
+	public void requestWhenCustomAuthenticationEntryPointThenEntryPointUsed() throws Exception {
+		this.spring.register(CustomEntryPointConfig.class).autowire();
+
+		this.mvc.perform(get("/"));
+
+		verify(CustomEntryPointConfig.ENTRYPOINT).commence(any(HttpServletRequest.class),
+				any(HttpServletResponse.class), any(AuthenticationException.class));
+	}
+
+	@Test
+	public void servletApiWhenInvokedTwiceThenUsesOriginalRole() throws Exception {
+		this.spring.register(DuplicateInvocationsDoesNotOverrideConfig.class, AdminController.class).autowire();
+
+		this.mvc.perform(
+				get("/admin").with(user("user").authorities(AuthorityUtils.createAuthorityList("PERMISSION_ADMIN"))))
+				.andExpect(status().isOk());
+
+		this.mvc.perform(get("/admin").with(user("user").authorities(AuthorityUtils.createAuthorityList("ROLE_ADMIN"))))
+				.andExpect(status().isForbidden());
+	}
+
+	@Test
+	public void configureWhenSharedObjectTrustResolverThenTrustResolverUsed() throws Exception {
+		this.spring.register(SharedTrustResolverConfig.class).autowire();
+
+		this.mvc.perform(get("/"));
+
+		verify(SharedTrustResolverConfig.TR, atLeastOnce()).isAnonymous(any());
+	}
+
+	@Test
+	public void requestWhenServletApiWithDefaultsInLambdaThenUsesDefaultRolePrefix() throws Exception {
+		this.spring.register(ServletApiWithDefaultsInLambdaConfig.class, AdminController.class).autowire();
+
+		this.mvc.perform(get("/admin").with(user("user").authorities(AuthorityUtils.createAuthorityList("ROLE_ADMIN"))))
+				.andExpect(status().isOk());
+	}
+
+	@Test
+	public void requestWhenRolePrefixInLambdaThenUsesCustomRolePrefix() throws Exception {
+		this.spring.register(RolePrefixInLambdaConfig.class, AdminController.class).autowire();
+
+		this.mvc.perform(
+				get("/admin").with(user("user").authorities(AuthorityUtils.createAuthorityList("PERMISSION_ADMIN"))))
+				.andExpect(status().isOk());
+
+		this.mvc.perform(get("/admin").with(user("user").authorities(AuthorityUtils.createAuthorityList("ROLE_ADMIN"))))
+				.andExpect(status().isForbidden());
+	}
+
+	@Test
+	public void checkSecurityContextAwareAndLogoutFilterHasSameSizeAndHasLogoutSuccessEventPublishingLogoutHandler() {
+		this.spring.register(ServletApiWithLogoutConfig.class);
+
+		SecurityContextHolderAwareRequestFilter scaFilter = getFilter(SecurityContextHolderAwareRequestFilter.class);
+		LogoutFilter logoutFilter = getFilter(LogoutFilter.class);
+
+		LogoutHandler lfLogoutHandler = getFieldValue(logoutFilter, "handler");
+		assertThat(lfLogoutHandler).isInstanceOf(CompositeLogoutHandler.class);
+
+		List<LogoutHandler> scaLogoutHandlers = getFieldValue(scaFilter, "logoutHandlers");
+		List<LogoutHandler> lfLogoutHandlers = getFieldValue(lfLogoutHandler, "logoutHandlers");
+
+		assertThat(scaLogoutHandlers).hasSameSizeAs(lfLogoutHandlers);
+
+		assertThat(scaLogoutHandlers).hasAtLeastOneElementOfType(LogoutSuccessEventPublishingLogoutHandler.class);
+		assertThat(lfLogoutHandlers).hasAtLeastOneElementOfType(LogoutSuccessEventPublishingLogoutHandler.class);
+	}
+
+	@Test
+	public void logoutServletApiWhenCsrfDisabled() throws Exception {
+		ConfigurableWebApplicationContext context = this.spring.register(CsrfDisabledConfig.class).getContext();
+		MockMvc mockMvc = MockMvcBuilders.webAppContextSetup(context).apply(springSecurity()).build();
+		MvcResult mvcResult = mockMvc.perform(get("/")).andReturn();
+		assertThat(mvcResult.getRequest().getSession(false)).isNull();
+	}
+
+	private <T extends Filter> T getFilter(Class<T> filterClass) {
+		return (T) getFilters().stream().filter(filterClass::isInstance).findFirst().orElse(null);
+	}
+
+	private List<Filter> getFilters() {
+		FilterChainProxy proxy = this.spring.getContext().getBean(FilterChainProxy.class);
+		return proxy.getFilters("/");
+	}
+
+	private <T> T getFieldValue(Object target, String fieldName) {
+		try {
+			return (T) FieldUtils.getFieldValue(target, fieldName);
+		}
+		catch (Exception e) {
+			throw new RuntimeException(e);
+		}
+	}
+
 	@EnableWebSecurity
 	static class ObjectPostProcessorConfig extends WebSecurityConfigurerAdapter {
 
@@ -122,31 +243,6 @@ public class ServletApiConfigurerTests {
 
 	}
 
-	// SEC-2215
-	@Test
-	public void configureWhenUsingDefaultsThenAuthenticationManagerIsNotNull() {
-		this.spring.register(ServletApiConfig.class).autowire();
-
-		assertThat(this.spring.getContext().getBean("customAuthenticationManager")).isNotNull();
-	}
-
-	@Test
-	public void configureWhenUsingDefaultsThenAuthenticationEntryPointIsLogin() throws Exception {
-		this.spring.register(ServletApiConfig.class).autowire();
-
-		this.mvc.perform(formLogin()).andExpect(status().isFound());
-	}
-
-	// SEC-2926
-	@Test
-	public void configureWhenUsingDefaultsThenRolePrefixIsSet() throws Exception {
-		this.spring.register(ServletApiConfig.class, AdminController.class).autowire();
-
-		this.mvc.perform(
-				get("/admin").with(authentication(new TestingAuthenticationToken("user", "pass", "ROLE_ADMIN"))))
-				.andExpect(status().isOk());
-	}
-
 	@EnableWebSecurity
 	static class ServletApiConfig extends WebSecurityConfigurerAdapter {
 
@@ -166,16 +262,6 @@ public class ServletApiConfigurerTests {
 
 	}
 
-	@Test
-	public void requestWhenCustomAuthenticationEntryPointThenEntryPointUsed() throws Exception {
-		this.spring.register(CustomEntryPointConfig.class).autowire();
-
-		this.mvc.perform(get("/"));
-
-		verify(CustomEntryPointConfig.ENTRYPOINT).commence(any(HttpServletRequest.class),
-				any(HttpServletResponse.class), any(AuthenticationException.class));
-	}
-
 	@EnableWebSecurity
 	static class CustomEntryPointConfig extends WebSecurityConfigurerAdapter {
 
@@ -206,18 +292,6 @@ public class ServletApiConfigurerTests {
 
 	}
 
-	@Test
-	public void servletApiWhenInvokedTwiceThenUsesOriginalRole() throws Exception {
-		this.spring.register(DuplicateInvocationsDoesNotOverrideConfig.class, AdminController.class).autowire();
-
-		this.mvc.perform(
-				get("/admin").with(user("user").authorities(AuthorityUtils.createAuthorityList("PERMISSION_ADMIN"))))
-				.andExpect(status().isOk());
-
-		this.mvc.perform(get("/admin").with(user("user").authorities(AuthorityUtils.createAuthorityList("ROLE_ADMIN"))))
-				.andExpect(status().isForbidden());
-	}
-
 	@EnableWebSecurity
 	static class DuplicateInvocationsDoesNotOverrideConfig extends WebSecurityConfigurerAdapter {
 
@@ -234,15 +308,6 @@ public class ServletApiConfigurerTests {
 
 	}
 
-	@Test
-	public void configureWhenSharedObjectTrustResolverThenTrustResolverUsed() throws Exception {
-		this.spring.register(SharedTrustResolverConfig.class).autowire();
-
-		this.mvc.perform(get("/"));
-
-		verify(SharedTrustResolverConfig.TR, atLeastOnce()).isAnonymous(any());
-	}
-
 	@EnableWebSecurity
 	static class SharedTrustResolverConfig extends WebSecurityConfigurerAdapter {
 
@@ -258,14 +323,6 @@ public class ServletApiConfigurerTests {
 
 	}
 
-	@Test
-	public void requestWhenServletApiWithDefaultsInLambdaThenUsesDefaultRolePrefix() throws Exception {
-		this.spring.register(ServletApiWithDefaultsInLambdaConfig.class, AdminController.class).autowire();
-
-		this.mvc.perform(get("/admin").with(user("user").authorities(AuthorityUtils.createAuthorityList("ROLE_ADMIN"))))
-				.andExpect(status().isOk());
-	}
-
 	@EnableWebSecurity
 	static class ServletApiWithDefaultsInLambdaConfig extends WebSecurityConfigurerAdapter {
 
@@ -279,18 +336,6 @@ public class ServletApiConfigurerTests {
 
 	}
 
-	@Test
-	public void requestWhenRolePrefixInLambdaThenUsesCustomRolePrefix() throws Exception {
-		this.spring.register(RolePrefixInLambdaConfig.class, AdminController.class).autowire();
-
-		this.mvc.perform(
-				get("/admin").with(user("user").authorities(AuthorityUtils.createAuthorityList("PERMISSION_ADMIN"))))
-				.andExpect(status().isOk());
-
-		this.mvc.perform(get("/admin").with(user("user").authorities(AuthorityUtils.createAuthorityList("ROLE_ADMIN"))))
-				.andExpect(status().isForbidden());
-	}
-
 	@EnableWebSecurity
 	static class RolePrefixInLambdaConfig extends WebSecurityConfigurerAdapter {
 
@@ -319,25 +364,6 @@ public class ServletApiConfigurerTests {
 
 	}
 
-	@Test
-	public void checkSecurityContextAwareAndLogoutFilterHasSameSizeAndHasLogoutSuccessEventPublishingLogoutHandler() {
-		this.spring.register(ServletApiWithLogoutConfig.class);
-
-		SecurityContextHolderAwareRequestFilter scaFilter = getFilter(SecurityContextHolderAwareRequestFilter.class);
-		LogoutFilter logoutFilter = getFilter(LogoutFilter.class);
-
-		LogoutHandler lfLogoutHandler = getFieldValue(logoutFilter, "handler");
-		assertThat(lfLogoutHandler).isInstanceOf(CompositeLogoutHandler.class);
-
-		List<LogoutHandler> scaLogoutHandlers = getFieldValue(scaFilter, "logoutHandlers");
-		List<LogoutHandler> lfLogoutHandlers = getFieldValue(lfLogoutHandler, "logoutHandlers");
-
-		assertThat(scaLogoutHandlers).hasSameSizeAs(lfLogoutHandlers);
-
-		assertThat(scaLogoutHandlers).hasAtLeastOneElementOfType(LogoutSuccessEventPublishingLogoutHandler.class);
-		assertThat(lfLogoutHandlers).hasAtLeastOneElementOfType(LogoutSuccessEventPublishingLogoutHandler.class);
-	}
-
 	@EnableWebSecurity
 	static class ServletApiWithLogoutConfig extends WebSecurityConfigurerAdapter {
 
@@ -352,14 +378,6 @@ public class ServletApiConfigurerTests {
 
 	}
 
-	@Test
-	public void logoutServletApiWhenCsrfDisabled() throws Exception {
-		ConfigurableWebApplicationContext context = this.spring.register(CsrfDisabledConfig.class).getContext();
-		MockMvc mockMvc = MockMvcBuilders.webAppContextSetup(context).apply(springSecurity()).build();
-		MvcResult mvcResult = mockMvc.perform(get("/")).andReturn();
-		assertThat(mvcResult.getRequest().getSession(false)).isNull();
-	}
-
 	@Configuration
 	@EnableWebSecurity
 	static class CsrfDisabledConfig extends WebSecurityConfigurerAdapter {
@@ -386,22 +404,4 @@ public class ServletApiConfigurerTests {
 
 	}
 
-	private <T extends Filter> T getFilter(Class<T> filterClass) {
-		return (T) getFilters().stream().filter(filterClass::isInstance).findFirst().orElse(null);
-	}
-
-	private List<Filter> getFilters() {
-		FilterChainProxy proxy = this.spring.getContext().getBean(FilterChainProxy.class);
-		return proxy.getFilters("/");
-	}
-
-	private <T> T getFieldValue(Object target, String fieldName) {
-		try {
-			return (T) FieldUtils.getFieldValue(target, fieldName);
-		}
-		catch (Exception e) {
-			throw new RuntimeException(e);
-		}
-	}
-
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerServlet31Tests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerServlet31Tests.java
index a200d42087..d2e84b594b 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerServlet31Tests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerServlet31Tests.java
@@ -103,6 +103,24 @@ public class SessionManagementConfigurerServlet31Tests {
 		assertThat(request.getSession().getAttribute("attribute1")).isEqualTo("value1");
 	}
 
+	private void loadConfig(Class<?>... classes) {
+		AnnotationConfigApplicationContext context = new AnnotationConfigApplicationContext();
+		context.register(classes);
+		context.refresh();
+		this.context = context;
+		this.springSecurityFilterChain = this.context.getBean("springSecurityFilterChain", Filter.class);
+	}
+
+	private void login(Authentication auth) {
+		HttpSessionSecurityContextRepository repo = new HttpSessionSecurityContextRepository();
+		HttpRequestResponseHolder requestResponseHolder = new HttpRequestResponseHolder(this.request, this.response);
+		repo.loadContext(requestResponseHolder);
+
+		SecurityContextImpl securityContextImpl = new SecurityContextImpl();
+		securityContextImpl.setAuthentication(auth);
+		repo.saveContext(securityContextImpl, requestResponseHolder.getRequest(), requestResponseHolder.getResponse());
+	}
+
 	@EnableWebSecurity
 	static class SessionManagementDefaultSessionFixationServlet31Config extends WebSecurityConfigurerAdapter {
 
@@ -127,22 +145,4 @@ public class SessionManagementConfigurerServlet31Tests {
 
 	}
 
-	private void loadConfig(Class<?>... classes) {
-		AnnotationConfigApplicationContext context = new AnnotationConfigApplicationContext();
-		context.register(classes);
-		context.refresh();
-		this.context = context;
-		this.springSecurityFilterChain = this.context.getBean("springSecurityFilterChain", Filter.class);
-	}
-
-	private void login(Authentication auth) {
-		HttpSessionSecurityContextRepository repo = new HttpSessionSecurityContextRepository();
-		HttpRequestResponseHolder requestResponseHolder = new HttpRequestResponseHolder(this.request, this.response);
-		repo.loadContext(requestResponseHolder);
-
-		SecurityContextImpl securityContextImpl = new SecurityContextImpl();
-		securityContextImpl.setAuthentication(auth);
-		repo.saveContext(securityContextImpl, requestResponseHolder.getRequest(), requestResponseHolder.getResponse());
-	}
-
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerSessionCreationPolicyTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerSessionCreationPolicyTests.java
index 6cf6576b1b..ff7d81bae3 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerSessionCreationPolicyTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerSessionCreationPolicyTests.java
@@ -55,6 +55,26 @@ public class SessionManagementConfigurerSessionCreationPolicyTests {
 		assertThat(result.getRequest().getSession(false)).isNull();
 	}
 
+	@Test
+	public void getWhenUserSessionCreationPolicyConfigurationThenOverrides() throws Exception {
+
+		this.spring.register(StatelessCreateSessionUserConfig.class).autowire();
+
+		MvcResult result = this.mvc.perform(get("/")).andReturn();
+
+		assertThat(result.getRequest().getSession(false)).isNull();
+	}
+
+	@Test
+	public void getWhenDefaultsThenLoginChallengeCreatesSession() throws Exception {
+
+		this.spring.register(DefaultConfig.class, BasicController.class).autowire();
+
+		MvcResult result = this.mvc.perform(get("/")).andExpect(status().isUnauthorized()).andReturn();
+
+		assertThat(result.getRequest().getSession(false)).isNotNull();
+	}
+
 	@EnableWebSecurity
 	static class StatelessCreateSessionSharedObjectConfig extends WebSecurityConfigurerAdapter {
 
@@ -66,16 +86,6 @@ public class SessionManagementConfigurerSessionCreationPolicyTests {
 
 	}
 
-	@Test
-	public void getWhenUserSessionCreationPolicyConfigurationThenOverrides() throws Exception {
-
-		this.spring.register(StatelessCreateSessionUserConfig.class).autowire();
-
-		MvcResult result = this.mvc.perform(get("/")).andReturn();
-
-		assertThat(result.getRequest().getSession(false)).isNull();
-	}
-
 	@EnableWebSecurity
 	static class StatelessCreateSessionUserConfig extends WebSecurityConfigurerAdapter {
 
@@ -92,16 +102,6 @@ public class SessionManagementConfigurerSessionCreationPolicyTests {
 
 	}
 
-	@Test
-	public void getWhenDefaultsThenLoginChallengeCreatesSession() throws Exception {
-
-		this.spring.register(DefaultConfig.class, BasicController.class).autowire();
-
-		MvcResult result = this.mvc.perform(get("/")).andExpect(status().isUnauthorized()).andReturn();
-
-		assertThat(result.getRequest().getSession(false)).isNotNull();
-	}
-
 	@EnableWebSecurity
 	static class DefaultConfig extends WebSecurityConfigurerAdapter {
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTests.java
index 8ce913f6b3..267135d6cf 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTests.java
@@ -90,25 +90,6 @@ public class SessionManagementConfigurerTests {
 				any(HttpServletResponse.class));
 	}
 
-	@EnableWebSecurity
-	static class SessionManagementRequestCacheConfig extends WebSecurityConfigurerAdapter {
-
-		static RequestCache REQUEST_CACHE;
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.requestCache()
-					.requestCache(REQUEST_CACHE)
-					.and()
-				.sessionManagement()
-					.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
-			// @formatter:on
-		}
-
-	}
-
 	@Test
 	public void sessionManagementWhenConfiguredThenDoesNotOverrideSecurityContextRepository() throws Exception {
 		SessionManagementSecurityContextRepositoryConfig.SECURITY_CONTEXT_REPO = mock(SecurityContextRepository.class);
@@ -122,25 +103,6 @@ public class SessionManagementConfigurerTests {
 				.saveContext(any(SecurityContext.class), any(HttpServletRequest.class), any(HttpServletResponse.class));
 	}
 
-	@EnableWebSecurity
-	static class SessionManagementSecurityContextRepositoryConfig extends WebSecurityConfigurerAdapter {
-
-		static SecurityContextRepository SECURITY_CONTEXT_REPO;
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.securityContext()
-					.securityContextRepository(SECURITY_CONTEXT_REPO)
-					.and()
-				.sessionManagement()
-					.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
-			// @formatter:on
-		}
-
-	}
-
 	@Test
 	public void sessionManagementWhenInvokedTwiceThenUsesOriginalSessionCreationPolicy() throws Exception {
 		this.spring.register(InvokeTwiceDoesNotOverride.class).autowire();
@@ -151,22 +113,6 @@ public class SessionManagementConfigurerTests {
 		assertThat(session).isNull();
 	}
 
-	@EnableWebSecurity
-	static class InvokeTwiceDoesNotOverride extends WebSecurityConfigurerAdapter {
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.sessionManagement()
-					.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
-					.and()
-				.sessionManagement();
-			// @formatter:on
-		}
-
-	}
-
 	// SEC-2137
 	@Test
 	public void getWhenSessionFixationDisabledAndConcurrencyControlEnabledThenSessionIsNotInvalidated()
@@ -181,32 +127,6 @@ public class SessionManagementConfigurerTests {
 		assertThat(mvcResult.getRequest().getSession().getId()).isEqualTo(sessionId);
 	}
 
-	@EnableWebSecurity
-	static class DisableSessionFixationEnableConcurrencyControlConfig extends WebSecurityConfigurerAdapter {
-
-		@Override
-		public void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.httpBasic()
-					.and()
-				.sessionManagement()
-					.sessionFixation().none()
-					.maximumSessions(1);
-			// @formatter:on
-		}
-
-		@Override
-		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
-			// @formatter:off
-			auth
-				.inMemoryAuthentication()
-					.withUser(PasswordEncodedUser.user());
-			// @formatter:on
-		}
-
-	}
-
 	@Test
 	public void authenticateWhenNewSessionFixationProtectionInLambdaThenCreatesNewSession() throws Exception {
 		this.spring.register(SFPNewSessionInLambdaConfig.class).autowire();
@@ -223,34 +143,6 @@ public class SessionManagementConfigurerTests {
 		assertThat(resultingSession.getAttribute("name")).isNull();
 	}
 
-	@EnableWebSecurity
-	static class SFPNewSessionInLambdaConfig extends WebSecurityConfigurerAdapter {
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.sessionManagement(sessionManagement ->
-					sessionManagement
-						.sessionFixation(sessionFixation ->
-							sessionFixation.newSession()
-						)
-				)
-				.httpBasic(withDefaults());
-			// @formatter:on
-		}
-
-		@Override
-		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
-			// @formatter:off
-			auth
-				.inMemoryAuthentication()
-					.withUser(PasswordEncodedUser.user());
-			// @formatter:on
-		}
-
-	}
-
 	@Test
 	public void loginWhenUserLoggedInAndMaxSessionsIsOneThenLoginPrevented() throws Exception {
 		this.spring.register(ConcurrencyControlConfig.class).autowire();
@@ -275,32 +167,6 @@ public class SessionManagementConfigurerTests {
 				.andExpect(status().isFound()).andExpect(redirectedUrl("/"));
 	}
 
-	@EnableWebSecurity
-	static class ConcurrencyControlConfig extends WebSecurityConfigurerAdapter {
-
-		@Override
-		public void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.formLogin()
-					.and()
-				.sessionManagement()
-					.maximumSessions(1)
-					.maxSessionsPreventsLogin(true);
-			// @formatter:on
-		}
-
-		@Override
-		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
-			// @formatter:off
-			auth
-				.inMemoryAuthentication()
-					.withUser(PasswordEncodedUser.user());
-			// @formatter:on
-		}
-
-	}
-
 	@Test
 	public void loginWhenUserLoggedInAndMaxSessionsOneInLambdaThenLoginPrevented() throws Exception {
 		this.spring.register(ConcurrencyControlInLambdaConfig.class).autowire();
@@ -311,36 +177,6 @@ public class SessionManagementConfigurerTests {
 				.andExpect(status().isFound()).andExpect(redirectedUrl("/login?error"));
 	}
 
-	@EnableWebSecurity
-	static class ConcurrencyControlInLambdaConfig extends WebSecurityConfigurerAdapter {
-
-		@Override
-		public void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.formLogin(withDefaults())
-				.sessionManagement(sessionManagement ->
-					sessionManagement
-						.sessionConcurrency(sessionConcurrency ->
-							sessionConcurrency
-								.maximumSessions(1)
-								.maxSessionsPreventsLogin(true)
-						)
-				);
-			// @formatter:on
-		}
-
-		@Override
-		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
-			// @formatter:off
-			auth
-				.inMemoryAuthentication()
-					.withUser(PasswordEncodedUser.user());
-			// @formatter:on
-		}
-
-	}
-
 	@Test
 	public void requestWhenSessionCreationPolicyStateLessInLambdaThenNoSessionCreated() throws Exception {
 		this.spring.register(SessionCreationPolicyStateLessInLambdaConfig.class).autowire();
@@ -351,22 +187,6 @@ public class SessionManagementConfigurerTests {
 		assertThat(session).isNull();
 	}
 
-	@EnableWebSecurity
-	static class SessionCreationPolicyStateLessInLambdaConfig extends WebSecurityConfigurerAdapter {
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.sessionManagement(sessionManagement ->
-					sessionManagement
-						.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
-				);
-			// @formatter:on
-		}
-
-	}
-
 	@Test
 	public void configureWhenRegisteringObjectPostProcessorThenInvokedOnSessionManagementFilter() {
 		ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class);
@@ -419,6 +239,222 @@ public class SessionManagementConfigurerTests {
 				.postProcess(any(ChangeSessionIdAuthenticationStrategy.class));
 	}
 
+	@Test
+	public void getWhenAnonymousRequestAndTrustResolverSharedObjectReturnsAnonymousFalseThenSessionIsSaved()
+			throws Exception {
+		SharedTrustResolverConfig.TR = mock(AuthenticationTrustResolver.class);
+		when(SharedTrustResolverConfig.TR.isAnonymous(any())).thenReturn(false);
+		this.spring.register(SharedTrustResolverConfig.class).autowire();
+
+		MvcResult mvcResult = this.mvc.perform(get("/")).andReturn();
+
+		assertThat(mvcResult.getRequest().getSession(false)).isNotNull();
+	}
+
+	@Test
+	public void whenOneSessionRegistryBeanThenUseIt() throws Exception {
+		SessionRegistryOneBeanConfig.SESSION_REGISTRY = mock(SessionRegistry.class);
+		this.spring.register(SessionRegistryOneBeanConfig.class).autowire();
+
+		MockHttpSession session = new MockHttpSession(this.spring.getContext().getServletContext());
+		this.mvc.perform(get("/").session(session));
+
+		verify(SessionRegistryOneBeanConfig.SESSION_REGISTRY).getSessionInformation(session.getId());
+	}
+
+	@Test
+	public void whenTwoSessionRegistryBeansThenUseNeither() throws Exception {
+		SessionRegistryTwoBeansConfig.SESSION_REGISTRY_ONE = mock(SessionRegistry.class);
+		SessionRegistryTwoBeansConfig.SESSION_REGISTRY_TWO = mock(SessionRegistry.class);
+		this.spring.register(SessionRegistryTwoBeansConfig.class).autowire();
+
+		MockHttpSession session = new MockHttpSession(this.spring.getContext().getServletContext());
+		this.mvc.perform(get("/").session(session));
+
+		verifyNoInteractions(SessionRegistryTwoBeansConfig.SESSION_REGISTRY_ONE);
+		verifyNoInteractions(SessionRegistryTwoBeansConfig.SESSION_REGISTRY_TWO);
+	}
+
+	@EnableWebSecurity
+	static class SessionManagementRequestCacheConfig extends WebSecurityConfigurerAdapter {
+
+		static RequestCache REQUEST_CACHE;
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.requestCache()
+					.requestCache(REQUEST_CACHE)
+					.and()
+				.sessionManagement()
+					.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
+			// @formatter:on
+		}
+
+	}
+
+	@EnableWebSecurity
+	static class SessionManagementSecurityContextRepositoryConfig extends WebSecurityConfigurerAdapter {
+
+		static SecurityContextRepository SECURITY_CONTEXT_REPO;
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.securityContext()
+					.securityContextRepository(SECURITY_CONTEXT_REPO)
+					.and()
+				.sessionManagement()
+					.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
+			// @formatter:on
+		}
+
+	}
+
+	@EnableWebSecurity
+	static class InvokeTwiceDoesNotOverride extends WebSecurityConfigurerAdapter {
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.sessionManagement()
+					.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
+					.and()
+				.sessionManagement();
+			// @formatter:on
+		}
+
+	}
+
+	@EnableWebSecurity
+	static class DisableSessionFixationEnableConcurrencyControlConfig extends WebSecurityConfigurerAdapter {
+
+		@Override
+		public void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.httpBasic()
+					.and()
+				.sessionManagement()
+					.sessionFixation().none()
+					.maximumSessions(1);
+			// @formatter:on
+		}
+
+		@Override
+		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
+			auth
+				.inMemoryAuthentication()
+					.withUser(PasswordEncodedUser.user());
+			// @formatter:on
+		}
+
+	}
+
+	@EnableWebSecurity
+	static class SFPNewSessionInLambdaConfig extends WebSecurityConfigurerAdapter {
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.sessionManagement(sessionManagement ->
+					sessionManagement
+						.sessionFixation(sessionFixation ->
+							sessionFixation.newSession()
+						)
+				)
+				.httpBasic(withDefaults());
+			// @formatter:on
+		}
+
+		@Override
+		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
+			auth
+				.inMemoryAuthentication()
+					.withUser(PasswordEncodedUser.user());
+			// @formatter:on
+		}
+
+	}
+
+	@EnableWebSecurity
+	static class ConcurrencyControlConfig extends WebSecurityConfigurerAdapter {
+
+		@Override
+		public void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.formLogin()
+					.and()
+				.sessionManagement()
+					.maximumSessions(1)
+					.maxSessionsPreventsLogin(true);
+			// @formatter:on
+		}
+
+		@Override
+		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
+			auth
+				.inMemoryAuthentication()
+					.withUser(PasswordEncodedUser.user());
+			// @formatter:on
+		}
+
+	}
+
+	@EnableWebSecurity
+	static class ConcurrencyControlInLambdaConfig extends WebSecurityConfigurerAdapter {
+
+		@Override
+		public void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.formLogin(withDefaults())
+				.sessionManagement(sessionManagement ->
+					sessionManagement
+						.sessionConcurrency(sessionConcurrency ->
+							sessionConcurrency
+								.maximumSessions(1)
+								.maxSessionsPreventsLogin(true)
+						)
+				);
+			// @formatter:on
+		}
+
+		@Override
+		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
+			auth
+				.inMemoryAuthentication()
+					.withUser(PasswordEncodedUser.user());
+			// @formatter:on
+		}
+
+	}
+
+	@EnableWebSecurity
+	static class SessionCreationPolicyStateLessInLambdaConfig extends WebSecurityConfigurerAdapter {
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.sessionManagement(sessionManagement ->
+					sessionManagement
+						.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
+				);
+			// @formatter:on
+		}
+
+	}
+
 	@EnableWebSecurity
 	static class ObjectPostProcessorConfig extends WebSecurityConfigurerAdapter {
 
@@ -449,18 +485,6 @@ public class SessionManagementConfigurerTests {
 
 	}
 
-	@Test
-	public void getWhenAnonymousRequestAndTrustResolverSharedObjectReturnsAnonymousFalseThenSessionIsSaved()
-			throws Exception {
-		SharedTrustResolverConfig.TR = mock(AuthenticationTrustResolver.class);
-		when(SharedTrustResolverConfig.TR.isAnonymous(any())).thenReturn(false);
-		this.spring.register(SharedTrustResolverConfig.class).autowire();
-
-		MvcResult mvcResult = this.mvc.perform(get("/")).andReturn();
-
-		assertThat(mvcResult.getRequest().getSession(false)).isNotNull();
-	}
-
 	@EnableWebSecurity
 	static class SharedTrustResolverConfig extends WebSecurityConfigurerAdapter {
 
@@ -476,30 +500,6 @@ public class SessionManagementConfigurerTests {
 
 	}
 
-	@Test
-	public void whenOneSessionRegistryBeanThenUseIt() throws Exception {
-		SessionRegistryOneBeanConfig.SESSION_REGISTRY = mock(SessionRegistry.class);
-		this.spring.register(SessionRegistryOneBeanConfig.class).autowire();
-
-		MockHttpSession session = new MockHttpSession(this.spring.getContext().getServletContext());
-		this.mvc.perform(get("/").session(session));
-
-		verify(SessionRegistryOneBeanConfig.SESSION_REGISTRY).getSessionInformation(session.getId());
-	}
-
-	@Test
-	public void whenTwoSessionRegistryBeansThenUseNeither() throws Exception {
-		SessionRegistryTwoBeansConfig.SESSION_REGISTRY_ONE = mock(SessionRegistry.class);
-		SessionRegistryTwoBeansConfig.SESSION_REGISTRY_TWO = mock(SessionRegistry.class);
-		this.spring.register(SessionRegistryTwoBeansConfig.class).autowire();
-
-		MockHttpSession session = new MockHttpSession(this.spring.getContext().getServletContext());
-		this.mvc.perform(get("/").session(session));
-
-		verifyNoInteractions(SessionRegistryTwoBeansConfig.SESSION_REGISTRY_ONE);
-		verifyNoInteractions(SessionRegistryTwoBeansConfig.SESSION_REGISTRY_TWO);
-	}
-
 	@EnableWebSecurity
 	static class SessionRegistryOneBeanConfig extends WebSecurityConfigurerAdapter {
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationConfigurerTests.java
index e0ba32d1aa..1604b8e616 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationConfigurerTests.java
@@ -98,41 +98,6 @@ public class UrlAuthorizationConfigurerTests {
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
 	}
 
-	@EnableWebSecurity
-	@Configuration
-	@EnableWebMvc
-	static class MvcMatcherConfig extends WebSecurityConfigurerAdapter {
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.httpBasic().and()
-				.apply(new UrlAuthorizationConfigurer(getApplicationContext())).getRegistry()
-					.mvcMatchers("/path").hasRole("ADMIN");
-			// @formatter:on
-		}
-
-		@Override
-		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
-			// @formatter:off
-			auth
-				.inMemoryAuthentication();
-			// @formatter:on
-		}
-
-		@RestController
-		static class PathController {
-
-			@RequestMapping("/path")
-			public String path() {
-				return "path";
-			}
-
-		}
-
-	}
-
 	@Test
 	public void mvcMatcherServletPath() throws Exception {
 		loadConfig(MvcMatcherServletPathConfig.class, LegacyMvcMatchingConfig.class);
@@ -176,6 +141,55 @@ public class UrlAuthorizationConfigurerTests {
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
 	}
 
+	@Test
+	public void anonymousUrlAuthorization() {
+		loadConfig(AnonymousUrlAuthorizationConfig.class);
+	}
+
+	public void loadConfig(Class<?>... configs) {
+		this.context = new AnnotationConfigWebApplicationContext();
+		this.context.register(configs);
+		this.context.setServletContext(new MockServletContext());
+		this.context.refresh();
+
+		this.context.getAutowireCapableBeanFactory().autowireBean(this);
+	}
+
+	@EnableWebSecurity
+	@Configuration
+	@EnableWebMvc
+	static class MvcMatcherConfig extends WebSecurityConfigurerAdapter {
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.httpBasic().and()
+				.apply(new UrlAuthorizationConfigurer(getApplicationContext())).getRegistry()
+					.mvcMatchers("/path").hasRole("ADMIN");
+			// @formatter:on
+		}
+
+		@Override
+		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
+			auth
+				.inMemoryAuthentication();
+			// @formatter:on
+		}
+
+		@RestController
+		static class PathController {
+
+			@RequestMapping("/path")
+			public String path() {
+				return "path";
+			}
+
+		}
+
+	}
+
 	@EnableWebSecurity
 	@Configuration
 	@EnableWebMvc
@@ -211,11 +225,6 @@ public class UrlAuthorizationConfigurerTests {
 
 	}
 
-	@Test
-	public void anonymousUrlAuthorization() {
-		loadConfig(AnonymousUrlAuthorizationConfig.class);
-	}
-
 	@EnableWebSecurity
 	@Configuration
 	static class AnonymousUrlAuthorizationConfig extends WebSecurityConfigurerAdapter {
@@ -241,13 +250,4 @@ public class UrlAuthorizationConfigurerTests {
 
 	}
 
-	public void loadConfig(Class<?>... configs) {
-		this.context = new AnnotationConfigWebApplicationContext();
-		this.context.register(configs);
-		this.context.setServletContext(new MockServletContext());
-		this.context.refresh();
-
-		this.context.getAutowireCapableBeanFactory().autowireBean(this);
-	}
-
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationsTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationsTests.java
index f0b8d56e78..8497fee4fd 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationsTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationsTests.java
@@ -103,25 +103,6 @@ public class UrlAuthorizationsTests {
 		this.mvc.perform(get("/role-admin")).andExpect(status().isForbidden());
 	}
 
-	@EnableWebSecurity
-	static class RoleConfig extends WebSecurityConfigurerAdapter {
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.authorizeRequests()
-					.antMatchers("/role-user-authority").hasAnyAuthority("ROLE_USER")
-					.antMatchers("/role-admin-authority").hasAnyAuthority("ROLE_ADMIN")
-					.antMatchers("/role-user-admin-authority").hasAnyAuthority("ROLE_USER", "ROLE_ADMIN")
-					.antMatchers("/role-user").hasAnyRole("USER")
-					.antMatchers("/role-admin").hasAnyRole("ADMIN")
-					.antMatchers("/role-user-admin").hasAnyRole("USER", "ADMIN");
-			// @formatter:on
-		}
-
-	}
-
 	@Test
 	public void configureWhenNoAccessDecisionManagerThenDefaultsToAffirmativeBased() {
 		this.spring.register(NoSpecificAccessDecisionManagerConfig.class).autowire();
@@ -142,6 +123,25 @@ public class UrlAuthorizationsTests {
 		return null;
 	}
 
+	@EnableWebSecurity
+	static class RoleConfig extends WebSecurityConfigurerAdapter {
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.authorizeRequests()
+					.antMatchers("/role-user-authority").hasAnyAuthority("ROLE_USER")
+					.antMatchers("/role-admin-authority").hasAnyAuthority("ROLE_ADMIN")
+					.antMatchers("/role-user-admin-authority").hasAnyAuthority("ROLE_USER", "ROLE_ADMIN")
+					.antMatchers("/role-user").hasAnyRole("USER")
+					.antMatchers("/role-admin").hasAnyRole("ADMIN")
+					.antMatchers("/role-user-admin").hasAnyRole("USER", "ADMIN");
+			// @formatter:on
+		}
+
+	}
+
 	@EnableWebSecurity
 	static class NoSpecificAccessDecisionManagerConfig extends WebSecurityConfigurerAdapter {
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/X509ConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/X509ConfigurerTests.java
index 20d4245cd8..e497365b44 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/X509ConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/X509ConfigurerTests.java
@@ -65,6 +65,40 @@ public class X509ConfigurerTests {
 		verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(X509AuthenticationFilter.class));
 	}
 
+	@Test
+	public void x509WhenInvokedTwiceThenUsesOriginalSubjectPrincipalRegex() throws Exception {
+		this.spring.register(DuplicateDoesNotOverrideConfig.class).autowire();
+		X509Certificate certificate = loadCert("rodatexampledotcom.cer");
+
+		this.mvc.perform(get("/").with(x509(certificate))).andExpect(authenticated().withUsername("rod"));
+	}
+
+	@Test
+	public void x509WhenConfiguredInLambdaThenUsesDefaults() throws Exception {
+		this.spring.register(DefaultsInLambdaConfig.class).autowire();
+		X509Certificate certificate = loadCert("rod.cer");
+
+		this.mvc.perform(get("/").with(x509(certificate))).andExpect(authenticated().withUsername("rod"));
+	}
+
+	@Test
+	public void x509WhenSubjectPrincipalRegexInLambdaThenUsesRegexToExtractPrincipal() throws Exception {
+		this.spring.register(SubjectPrincipalRegexInLambdaConfig.class).autowire();
+		X509Certificate certificate = loadCert("rodatexampledotcom.cer");
+
+		this.mvc.perform(get("/").with(x509(certificate))).andExpect(authenticated().withUsername("rod"));
+	}
+
+	private <T extends Certificate> T loadCert(String location) {
+		try (InputStream is = new ClassPathResource(location).getInputStream()) {
+			CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
+			return (T) certFactory.generateCertificate(is);
+		}
+		catch (Exception e) {
+			throw new IllegalArgumentException(e);
+		}
+	}
+
 	@EnableWebSecurity
 	static class ObjectPostProcessorConfig extends WebSecurityConfigurerAdapter {
 
@@ -94,14 +128,6 @@ public class X509ConfigurerTests {
 
 	}
 
-	@Test
-	public void x509WhenInvokedTwiceThenUsesOriginalSubjectPrincipalRegex() throws Exception {
-		this.spring.register(DuplicateDoesNotOverrideConfig.class).autowire();
-		X509Certificate certificate = loadCert("rodatexampledotcom.cer");
-
-		this.mvc.perform(get("/").with(x509(certificate))).andExpect(authenticated().withUsername("rod"));
-	}
-
 	@EnableWebSecurity
 	static class DuplicateDoesNotOverrideConfig extends WebSecurityConfigurerAdapter {
 
@@ -127,14 +153,6 @@ public class X509ConfigurerTests {
 
 	}
 
-	@Test
-	public void x509WhenConfiguredInLambdaThenUsesDefaults() throws Exception {
-		this.spring.register(DefaultsInLambdaConfig.class).autowire();
-		X509Certificate certificate = loadCert("rod.cer");
-
-		this.mvc.perform(get("/").with(x509(certificate))).andExpect(authenticated().withUsername("rod"));
-	}
-
 	@EnableWebSecurity
 	static class DefaultsInLambdaConfig extends WebSecurityConfigurerAdapter {
 
@@ -157,14 +175,6 @@ public class X509ConfigurerTests {
 
 	}
 
-	@Test
-	public void x509WhenSubjectPrincipalRegexInLambdaThenUsesRegexToExtractPrincipal() throws Exception {
-		this.spring.register(SubjectPrincipalRegexInLambdaConfig.class).autowire();
-		X509Certificate certificate = loadCert("rodatexampledotcom.cer");
-
-		this.mvc.perform(get("/").with(x509(certificate))).andExpect(authenticated().withUsername("rod"));
-	}
-
 	@EnableWebSecurity
 	static class SubjectPrincipalRegexInLambdaConfig extends WebSecurityConfigurerAdapter {
 
@@ -190,14 +200,4 @@ public class X509ConfigurerTests {
 
 	}
 
-	private <T extends Certificate> T loadCert(String location) {
-		try (InputStream is = new ClassPathResource(location).getInputStream()) {
-			CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
-			return (T) certFactory.generateCertificate(is);
-		}
-		catch (Exception e) {
-			throw new IllegalArgumentException(e);
-		}
-	}
-
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurerTests.java
index 130fa378bb..edcc2600a5 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurerTests.java
@@ -584,6 +584,37 @@ public class OAuth2LoginConfigurerTests {
 				.scope(scopes).build();
 	}
 
+	private static OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> createOauth2AccessTokenResponseClient() {
+		return request -> {
+			Map<String, Object> additionalParameters = new HashMap<>();
+			if (request.getAuthorizationExchange().getAuthorizationRequest().getScopes().contains("openid")) {
+				additionalParameters.put(OidcParameterNames.ID_TOKEN, "token123");
+			}
+			return OAuth2AccessTokenResponse.withToken("accessToken123").tokenType(OAuth2AccessToken.TokenType.BEARER)
+					.additionalParameters(additionalParameters).build();
+		};
+	}
+
+	private static OAuth2UserService<OAuth2UserRequest, OAuth2User> createOauth2UserService() {
+		Map<String, Object> userAttributes = Collections.singletonMap("name", "spring");
+		return request -> new DefaultOAuth2User(Collections.singleton(new OAuth2UserAuthority(userAttributes)),
+				userAttributes, "name");
+	}
+
+	private static OAuth2UserService<OidcUserRequest, OidcUser> createOidcUserService() {
+		OidcIdToken idToken = idToken().build();
+		return request -> new DefaultOidcUser(Collections.singleton(new OidcUserAuthority(idToken)), idToken);
+	}
+
+	private static GrantedAuthoritiesMapper createGrantedAuthoritiesMapper() {
+		return authorities -> {
+			boolean isOidc = OidcUserAuthority.class.isInstance(authorities.iterator().next());
+			List<GrantedAuthority> mappedAuthorities = new ArrayList<>(authorities);
+			mappedAuthorities.add(new SimpleGrantedAuthority(isOidc ? "ROLE_OIDC_USER" : "ROLE_OAUTH2_USER"));
+			return mappedAuthorities;
+		};
+	}
+
 	@EnableWebSecurity
 	static class OAuth2LoginConfig extends CommonWebSecurityConfigurerAdapter
 			implements ApplicationListener<AuthenticationSuccessEvent> {
@@ -985,35 +1016,4 @@ public class OAuth2LoginConfigurerTests {
 
 	}
 
-	private static OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> createOauth2AccessTokenResponseClient() {
-		return request -> {
-			Map<String, Object> additionalParameters = new HashMap<>();
-			if (request.getAuthorizationExchange().getAuthorizationRequest().getScopes().contains("openid")) {
-				additionalParameters.put(OidcParameterNames.ID_TOKEN, "token123");
-			}
-			return OAuth2AccessTokenResponse.withToken("accessToken123").tokenType(OAuth2AccessToken.TokenType.BEARER)
-					.additionalParameters(additionalParameters).build();
-		};
-	}
-
-	private static OAuth2UserService<OAuth2UserRequest, OAuth2User> createOauth2UserService() {
-		Map<String, Object> userAttributes = Collections.singletonMap("name", "spring");
-		return request -> new DefaultOAuth2User(Collections.singleton(new OAuth2UserAuthority(userAttributes)),
-				userAttributes, "name");
-	}
-
-	private static OAuth2UserService<OidcUserRequest, OidcUser> createOidcUserService() {
-		OidcIdToken idToken = idToken().build();
-		return request -> new DefaultOidcUser(Collections.singleton(new OidcUserAuthority(idToken)), idToken);
-	}
-
-	private static GrantedAuthoritiesMapper createGrantedAuthoritiesMapper() {
-		return authorities -> {
-			boolean isOidc = OidcUserAuthority.class.isInstance(authorities.iterator().next());
-			List<GrantedAuthority> mappedAuthorities = new ArrayList<>(authorities);
-			mappedAuthorities.add(new SimpleGrantedAuthority(isOidc ? "ROLE_OIDC_USER" : "ROLE_OAUTH2_USER"));
-			return mappedAuthorities;
-		};
-	}
-
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java
index 4338f5a43c..04c077fd60 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java
@@ -1327,7 +1327,89 @@ public class OAuth2ResourceServerConfigurerTests {
 				.isInstanceOf(NoUniqueBeanDefinitionException.class);
 	}
 
-	// -- support
+	private static <T> void registerMockBean(GenericApplicationContext context, String name, Class<T> clazz) {
+		context.registerBean(name, clazz, () -> mock(clazz));
+	}
+
+	private static BearerTokenRequestPostProcessor bearerToken(String token) {
+		return new BearerTokenRequestPostProcessor(token);
+	}
+
+	private static ResultMatcher invalidRequestHeader(String message) {
+		return header().string(HttpHeaders.WWW_AUTHENTICATE,
+				AllOf.allOf(new StringStartsWith("Bearer " + "error=\"invalid_request\", " + "error_description=\""),
+						new StringContains(message),
+						new StringEndsWith(", " + "error_uri=\"https://tools.ietf.org/html/rfc6750#section-3.1\"")));
+	}
+
+	private static ResultMatcher invalidTokenHeader(String message) {
+		return header().string(HttpHeaders.WWW_AUTHENTICATE,
+				AllOf.allOf(new StringStartsWith("Bearer " + "error=\"invalid_token\", " + "error_description=\""),
+						new StringContains(message),
+						new StringEndsWith(", " + "error_uri=\"https://tools.ietf.org/html/rfc6750#section-3.1\"")));
+	}
+
+	private static ResultMatcher insufficientScopeHeader() {
+		return header().string(HttpHeaders.WWW_AUTHENTICATE, "Bearer " + "error=\"insufficient_scope\""
+				+ ", error_description=\"The request requires higher privileges than provided by the access token.\""
+				+ ", error_uri=\"https://tools.ietf.org/html/rfc6750#section-3.1\"");
+	}
+
+	private String jwkSet() {
+		return new JWKSet(new RSAKey.Builder(TestKeys.DEFAULT_PUBLIC_KEY).keyID("1").build()).toString();
+	}
+
+	private String jwtFromIssuer(String issuer) throws Exception {
+		Map<String, Object> claims = new HashMap<>();
+		claims.put(ISS, issuer);
+		claims.put(SUB, "test-subject");
+		claims.put("scope", "message:read");
+		JWSObject jws = new JWSObject(new JWSHeader.Builder(JWSAlgorithm.RS256).keyID("1").build(),
+				new Payload(new JSONObject(claims)));
+		jws.sign(new RSASSASigner(TestKeys.DEFAULT_PRIVATE_KEY));
+		return jws.serialize();
+	}
+
+	private void mockWebServer(String response) {
+		this.web.enqueue(new MockResponse().setResponseCode(200)
+				.setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE).setBody(response));
+	}
+
+	private void mockRestOperations(String response) {
+		RestOperations rest = this.spring.getContext().getBean(RestOperations.class);
+		HttpHeaders headers = new HttpHeaders();
+		headers.setContentType(MediaType.APPLICATION_JSON);
+		ResponseEntity<String> entity = new ResponseEntity<>(response, headers, HttpStatus.OK);
+		when(rest.exchange(any(RequestEntity.class), eq(String.class))).thenReturn(entity);
+	}
+
+	private <T> T bean(Class<T> beanClass) {
+		return this.spring.getContext().getBean(beanClass);
+	}
+
+	private <T> T verifyBean(Class<T> beanClass) {
+		return verify(this.spring.getContext().getBean(beanClass));
+	}
+
+	private String json(String name) throws IOException {
+		return resource(name + ".json");
+	}
+
+	private String jwks(String name) throws IOException {
+		return resource(name + ".jwks");
+	}
+
+	private String token(String name) throws IOException {
+		return resource(name + ".token");
+	}
+
+	private String resource(String suffix) throws IOException {
+		String name = this.getClass().getSimpleName() + "-" + suffix;
+		ClassPathResource resource = new ClassPathResource(name, this.getClass());
+		try (BufferedReader reader = new BufferedReader(new FileReader(resource.getFile()))) {
+			return reader.lines().collect(Collectors.joining());
+		}
+	}
 
 	@EnableWebSecurity
 	static class DefaultConfig extends WebSecurityConfigurerAdapter {
@@ -2293,10 +2375,6 @@ public class OAuth2ResourceServerConfigurerTests {
 
 	}
 
-	private static <T> void registerMockBean(GenericApplicationContext context, String name, Class<T> clazz) {
-		context.registerBean(name, clazz, () -> mock(clazz));
-	}
-
 	private static class BearerTokenRequestPostProcessor implements RequestPostProcessor {
 
 		private boolean asRequestParameter;
@@ -2326,84 +2404,4 @@ public class OAuth2ResourceServerConfigurerTests {
 
 	}
 
-	private static BearerTokenRequestPostProcessor bearerToken(String token) {
-		return new BearerTokenRequestPostProcessor(token);
-	}
-
-	private static ResultMatcher invalidRequestHeader(String message) {
-		return header().string(HttpHeaders.WWW_AUTHENTICATE,
-				AllOf.allOf(new StringStartsWith("Bearer " + "error=\"invalid_request\", " + "error_description=\""),
-						new StringContains(message),
-						new StringEndsWith(", " + "error_uri=\"https://tools.ietf.org/html/rfc6750#section-3.1\"")));
-	}
-
-	private static ResultMatcher invalidTokenHeader(String message) {
-		return header().string(HttpHeaders.WWW_AUTHENTICATE,
-				AllOf.allOf(new StringStartsWith("Bearer " + "error=\"invalid_token\", " + "error_description=\""),
-						new StringContains(message),
-						new StringEndsWith(", " + "error_uri=\"https://tools.ietf.org/html/rfc6750#section-3.1\"")));
-	}
-
-	private static ResultMatcher insufficientScopeHeader() {
-		return header().string(HttpHeaders.WWW_AUTHENTICATE, "Bearer " + "error=\"insufficient_scope\""
-				+ ", error_description=\"The request requires higher privileges than provided by the access token.\""
-				+ ", error_uri=\"https://tools.ietf.org/html/rfc6750#section-3.1\"");
-	}
-
-	private String jwkSet() {
-		return new JWKSet(new RSAKey.Builder(TestKeys.DEFAULT_PUBLIC_KEY).keyID("1").build()).toString();
-	}
-
-	private String jwtFromIssuer(String issuer) throws Exception {
-		Map<String, Object> claims = new HashMap<>();
-		claims.put(ISS, issuer);
-		claims.put(SUB, "test-subject");
-		claims.put("scope", "message:read");
-		JWSObject jws = new JWSObject(new JWSHeader.Builder(JWSAlgorithm.RS256).keyID("1").build(),
-				new Payload(new JSONObject(claims)));
-		jws.sign(new RSASSASigner(TestKeys.DEFAULT_PRIVATE_KEY));
-		return jws.serialize();
-	}
-
-	private void mockWebServer(String response) {
-		this.web.enqueue(new MockResponse().setResponseCode(200)
-				.setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE).setBody(response));
-	}
-
-	private void mockRestOperations(String response) {
-		RestOperations rest = this.spring.getContext().getBean(RestOperations.class);
-		HttpHeaders headers = new HttpHeaders();
-		headers.setContentType(MediaType.APPLICATION_JSON);
-		ResponseEntity<String> entity = new ResponseEntity<>(response, headers, HttpStatus.OK);
-		when(rest.exchange(any(RequestEntity.class), eq(String.class))).thenReturn(entity);
-	}
-
-	private <T> T bean(Class<T> beanClass) {
-		return this.spring.getContext().getBean(beanClass);
-	}
-
-	private <T> T verifyBean(Class<T> beanClass) {
-		return verify(this.spring.getContext().getBean(beanClass));
-	}
-
-	private String json(String name) throws IOException {
-		return resource(name + ".json");
-	}
-
-	private String jwks(String name) throws IOException {
-		return resource(name + ".jwks");
-	}
-
-	private String token(String name) throws IOException {
-		return resource(name + ".token");
-	}
-
-	private String resource(String suffix) throws IOException {
-		String name = this.getClass().getSimpleName() + "-" + suffix;
-		ClassPathResource resource = new ClassPathResource(name, this.getClass());
-		try (BufferedReader reader = new BufferedReader(new FileReader(resource.getFile()))) {
-			return reader.lines().collect(Collectors.joining());
-		}
-	}
-
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurerTests.java
index ab6ff70dd8..f2882e78f0 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurerTests.java
@@ -83,35 +83,6 @@ public class OpenIDLoginConfigurerTests {
 		verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(OpenIDAuthenticationProvider.class));
 	}
 
-	@EnableWebSecurity
-	static class ObjectPostProcessorConfig extends WebSecurityConfigurerAdapter {
-
-		static ObjectPostProcessor<Object> objectPostProcessor;
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.openidLogin();
-			// @formatter:on
-		}
-
-		@Bean
-		static ObjectPostProcessor<Object> objectPostProcessor() {
-			return objectPostProcessor;
-		}
-
-	}
-
-	static class ReflectingObjectPostProcessor implements ObjectPostProcessor<Object> {
-
-		@Override
-		public <O> O postProcess(O object) {
-			return object;
-		}
-
-	}
-
 	@Test
 	public void openidLoginWhenInvokedTwiceThenUsesOriginalLoginPage() throws Exception {
 		this.spring.register(InvokeTwiceDoesNotOverrideConfig.class).autowire();
@@ -120,33 +91,6 @@ public class OpenIDLoginConfigurerTests {
 				.andExpect(redirectedUrl("http://localhost/login/custom"));
 	}
 
-	@EnableWebSecurity
-	static class InvokeTwiceDoesNotOverrideConfig extends WebSecurityConfigurerAdapter {
-
-		@Override
-		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
-			// @formatter:off
-			auth
-				.inMemoryAuthentication();
-			// @formatter:on
-		}
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.authorizeRequests()
-					.anyRequest().authenticated()
-					.and()
-				.openidLogin()
-					.loginPage("/login/custom")
-					.and()
-				.openidLogin();
-			// @formatter:on
-		}
-
-	}
-
 	@Test
 	public void requestWhenOpenIdLoginPageInLambdaThenRedirectsToLoginPAge() throws Exception {
 		this.spring.register(OpenIdLoginPageInLambdaConfig.class).autowire();
@@ -155,26 +99,6 @@ public class OpenIDLoginConfigurerTests {
 				.andExpect(redirectedUrl("http://localhost/login/custom"));
 	}
 
-	@EnableWebSecurity
-	static class OpenIdLoginPageInLambdaConfig extends WebSecurityConfigurerAdapter {
-
-		@Override
-		protected void configure(HttpSecurity http) throws Exception {
-			// @formatter:off
-			http
-				.authorizeRequests(authorizeRequests ->
-					authorizeRequests
-						.anyRequest().authenticated()
-				)
-				.openidLogin(openIdLogin ->
-					openIdLogin
-						.loginPage("/login/custom")
-				);
-			// @formatter:on
-		}
-
-	}
-
 	@Test
 	public void requestWhenAttributeExchangeConfiguredThenFetchAttributesMatchAttributeList() throws Exception {
 		OpenIdAttributesInLambdaConfig.CONSUMER_MANAGER = mock(ConsumerManager.class);
@@ -213,6 +137,113 @@ public class OpenIDLoginConfigurerTests {
 		}
 	}
 
+	@Test
+	public void requestWhenAttributeNameNotSpecifiedThenAttributeNameDefaulted() throws Exception {
+		OpenIdAttributesNullNameConfig.CONSUMER_MANAGER = mock(ConsumerManager.class);
+		AuthRequest mockAuthRequest = mock(AuthRequest.class);
+		DiscoveryInformation mockDiscoveryInformation = mock(DiscoveryInformation.class);
+		when(mockAuthRequest.getDestinationUrl(anyBoolean())).thenReturn("mockUrl");
+		when(OpenIdAttributesNullNameConfig.CONSUMER_MANAGER.associate(any())).thenReturn(mockDiscoveryInformation);
+		when(OpenIdAttributesNullNameConfig.CONSUMER_MANAGER.authenticate(any(DiscoveryInformation.class), any(),
+				any())).thenReturn(mockAuthRequest);
+		this.spring.register(OpenIdAttributesNullNameConfig.class).autowire();
+
+		try (MockWebServer server = new MockWebServer()) {
+			String endpoint = server.url("/").toString();
+
+			server.enqueue(new MockResponse().addHeader(YADIS_XRDS_LOCATION, endpoint));
+			server.enqueue(new MockResponse()
+					.setBody(String.format("<XRDS><XRD><Service><URI>%s</URI></Service></XRD></XRDS>", endpoint)));
+
+			MvcResult mvcResult = this.mvc.perform(
+					get("/login/openid").param(OpenIDAuthenticationFilter.DEFAULT_CLAIMED_IDENTITY_FIELD, endpoint))
+					.andExpect(status().isFound()).andReturn();
+
+			Object attributeObject = mvcResult.getRequest().getSession()
+					.getAttribute("SPRING_SECURITY_OPEN_ID_ATTRIBUTES_FETCH_LIST");
+			assertThat(attributeObject).isInstanceOf(List.class);
+			List<OpenIDAttribute> attributeList = (List<OpenIDAttribute>) attributeObject;
+			assertThat(attributeList).hasSize(1);
+			assertThat(attributeList.get(0).getName()).isEqualTo("default-attribute");
+		}
+	}
+
+	@EnableWebSecurity
+	static class ObjectPostProcessorConfig extends WebSecurityConfigurerAdapter {
+
+		static ObjectPostProcessor<Object> objectPostProcessor;
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.openidLogin();
+			// @formatter:on
+		}
+
+		@Bean
+		static ObjectPostProcessor<Object> objectPostProcessor() {
+			return objectPostProcessor;
+		}
+
+	}
+
+	static class ReflectingObjectPostProcessor implements ObjectPostProcessor<Object> {
+
+		@Override
+		public <O> O postProcess(O object) {
+			return object;
+		}
+
+	}
+
+	@EnableWebSecurity
+	static class InvokeTwiceDoesNotOverrideConfig extends WebSecurityConfigurerAdapter {
+
+		@Override
+		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
+			auth
+				.inMemoryAuthentication();
+			// @formatter:on
+		}
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.authorizeRequests()
+					.anyRequest().authenticated()
+					.and()
+				.openidLogin()
+					.loginPage("/login/custom")
+					.and()
+				.openidLogin();
+			// @formatter:on
+		}
+
+	}
+
+	@EnableWebSecurity
+	static class OpenIdLoginPageInLambdaConfig extends WebSecurityConfigurerAdapter {
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.authorizeRequests(authorizeRequests ->
+					authorizeRequests
+						.anyRequest().authenticated()
+				)
+				.openidLogin(openIdLogin ->
+					openIdLogin
+						.loginPage("/login/custom")
+				);
+			// @formatter:on
+		}
+
+	}
+
 	@EnableWebSecurity
 	static class OpenIdAttributesInLambdaConfig extends WebSecurityConfigurerAdapter {
 
@@ -251,37 +282,6 @@ public class OpenIDLoginConfigurerTests {
 
 	}
 
-	@Test
-	public void requestWhenAttributeNameNotSpecifiedThenAttributeNameDefaulted() throws Exception {
-		OpenIdAttributesNullNameConfig.CONSUMER_MANAGER = mock(ConsumerManager.class);
-		AuthRequest mockAuthRequest = mock(AuthRequest.class);
-		DiscoveryInformation mockDiscoveryInformation = mock(DiscoveryInformation.class);
-		when(mockAuthRequest.getDestinationUrl(anyBoolean())).thenReturn("mockUrl");
-		when(OpenIdAttributesNullNameConfig.CONSUMER_MANAGER.associate(any())).thenReturn(mockDiscoveryInformation);
-		when(OpenIdAttributesNullNameConfig.CONSUMER_MANAGER.authenticate(any(DiscoveryInformation.class), any(),
-				any())).thenReturn(mockAuthRequest);
-		this.spring.register(OpenIdAttributesNullNameConfig.class).autowire();
-
-		try (MockWebServer server = new MockWebServer()) {
-			String endpoint = server.url("/").toString();
-
-			server.enqueue(new MockResponse().addHeader(YADIS_XRDS_LOCATION, endpoint));
-			server.enqueue(new MockResponse()
-					.setBody(String.format("<XRDS><XRD><Service><URI>%s</URI></Service></XRD></XRDS>", endpoint)));
-
-			MvcResult mvcResult = this.mvc.perform(
-					get("/login/openid").param(OpenIDAuthenticationFilter.DEFAULT_CLAIMED_IDENTITY_FIELD, endpoint))
-					.andExpect(status().isFound()).andReturn();
-
-			Object attributeObject = mvcResult.getRequest().getSession()
-					.getAttribute("SPRING_SECURITY_OPEN_ID_ATTRIBUTES_FETCH_LIST");
-			assertThat(attributeObject).isInstanceOf(List.class);
-			List<OpenIDAttribute> attributeList = (List<OpenIDAttribute>) attributeObject;
-			assertThat(attributeList).hasSize(1);
-			assertThat(attributeList.get(0).getName()).isEqualTo("default-attribute");
-		}
-	}
-
 	@EnableWebSecurity
 	static class OpenIdAttributesNullNameConfig extends WebSecurityConfigurerAdapter {
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurerTests.java
index de8bd7924c..d387b12037 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurerTests.java
@@ -241,6 +241,44 @@ public class Saml2LoginConfigurerTests {
 				.hasToString(expected);
 	}
 
+	private static org.apache.commons.codec.binary.Base64 BASE64 = new org.apache.commons.codec.binary.Base64(0,
+			new byte[] { '\n' });
+
+	private static byte[] samlDecode(String s) {
+		return BASE64.decode(s);
+	}
+
+	private static String samlInflate(byte[] b) {
+		try {
+			ByteArrayOutputStream out = new ByteArrayOutputStream();
+			InflaterOutputStream iout = new InflaterOutputStream(out, new Inflater(true));
+			iout.write(b);
+			iout.finish();
+			return new String(out.toByteArray(), UTF_8);
+		}
+		catch (IOException e) {
+			throw new Saml2Exception("Unable to inflate string", e);
+		}
+	}
+
+	private static AuthenticationManager getAuthenticationManagerMock(String role) {
+		return new AuthenticationManager() {
+
+			@Override
+			public Authentication authenticate(Authentication authentication) throws AuthenticationException {
+				if (!supports(authentication.getClass())) {
+					throw new AuthenticationServiceException("not supported");
+				}
+				return new Saml2Authentication(() -> "auth principal", "saml2 response",
+						Collections.singletonList(new SimpleGrantedAuthority(role)));
+			}
+
+			public boolean supports(Class<?> authentication) {
+				return authentication.isAssignableFrom(Saml2AuthenticationToken.class);
+			}
+		};
+	}
+
 	@EnableWebSecurity
 	@Import(Saml2LoginConfigBeans.class)
 	static class Saml2LoginConfigWithCustomAuthenticationManager extends WebSecurityConfigurerAdapter {
@@ -339,24 +377,6 @@ public class Saml2LoginConfigurerTests {
 
 	}
 
-	private static AuthenticationManager getAuthenticationManagerMock(String role) {
-		return new AuthenticationManager() {
-
-			@Override
-			public Authentication authenticate(Authentication authentication) throws AuthenticationException {
-				if (!supports(authentication.getClass())) {
-					throw new AuthenticationServiceException("not supported");
-				}
-				return new Saml2Authentication(() -> "auth principal", "saml2 response",
-						Collections.singletonList(new SimpleGrantedAuthority(role)));
-			}
-
-			public boolean supports(Class<?> authentication) {
-				return authentication.isAssignableFrom(Saml2AuthenticationToken.class);
-			}
-		};
-	}
-
 	static class Saml2LoginConfigBeans {
 
 		@Bean
@@ -373,24 +393,4 @@ public class Saml2LoginConfigurerTests {
 
 	}
 
-	private static org.apache.commons.codec.binary.Base64 BASE64 = new org.apache.commons.codec.binary.Base64(0,
-			new byte[] { '\n' });
-
-	private static byte[] samlDecode(String s) {
-		return BASE64.decode(s);
-	}
-
-	private static String samlInflate(byte[] b) {
-		try {
-			ByteArrayOutputStream out = new ByteArrayOutputStream();
-			InflaterOutputStream iout = new InflaterOutputStream(out, new Inflater(true));
-			iout.write(b);
-			iout.finish();
-			return new String(out.toByteArray(), UTF_8);
-		}
-		catch (IOException e) {
-			throw new Saml2Exception("Unable to inflate string", e);
-		}
-	}
-
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurityTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurityTests.java
index 5f01efd285..fdd1461eeb 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurityTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurityTests.java
@@ -164,12 +164,6 @@ public class EnableWebFluxSecurityTests {
 		assertThat(rdvp).isNotNull();
 	}
 
-	@EnableWebFluxSecurity
-	@Import(ReactiveAuthenticationTestConfiguration.class)
-	static class Config {
-
-	}
-
 	@Test
 	public void passwordEncoderBeanIsUsed() {
 		this.spring.register(CustomPasswordEncoderConfig.class).autowire();
@@ -186,22 +180,6 @@ public class EnableWebFluxSecurityTests {
 				.consumeWith(result -> assertThat(result.getResponseBody()).isEqualTo("user"));
 	}
 
-	@EnableWebFluxSecurity
-	static class CustomPasswordEncoderConfig {
-
-		@Bean
-		public ReactiveUserDetailsService userDetailsService(PasswordEncoder encoder) {
-			return new MapReactiveUserDetailsService(
-					User.withUsername("user").password(encoder.encode("password")).roles("USER").build());
-		}
-
-		@Bean
-		public static PasswordEncoder passwordEncoder() {
-			return new BCryptPasswordEncoder();
-		}
-
-	}
-
 	@Test
 	public void passwordUpdateManagerUsed() {
 		this.spring.register(MapReactiveUserDetailsServiceConfig.class).autowire();
@@ -213,22 +191,6 @@ public class EnableWebFluxSecurityTests {
 		assertThat(users.findByUsername("user").block().getPassword()).startsWith("{bcrypt}");
 	}
 
-	@EnableWebFluxSecurity
-	static class MapReactiveUserDetailsServiceConfig {
-
-		@Bean
-		public MapReactiveUserDetailsService userDetailsService() {
-			// @formatter:off
-			return new MapReactiveUserDetailsService(User.withUsername("user")
-					.password("{noop}password")
-					.roles("USER")
-					.build()
-			// @formatter:on
-			);
-		}
-
-	}
-
 	@Test
 	public void formLoginWorks() {
 		this.spring.register(Config.class).autowire();
@@ -254,6 +216,87 @@ public class EnableWebFluxSecurityTests {
 		client.get().uri("/test").exchange().expectStatus().isOk();
 	}
 
+	@Test
+	@WithMockUser
+	public void authenticationPrincipalArgumentResolverWhenSpelThenWorks() {
+		this.spring.register(AuthenticationPrincipalConfig.class).autowire();
+
+		WebTestClient client = WebTestClient.bindToApplicationContext(this.spring.getContext()).build();
+
+		client.get().uri("/spel").exchange().expectStatus().isOk().expectBody(String.class).isEqualTo("user");
+	}
+
+	private static DataBuffer toDataBuffer(String body) {
+		DataBuffer buffer = new DefaultDataBufferFactory().allocateBuffer();
+		buffer.write(body.getBytes(StandardCharsets.UTF_8));
+		return buffer;
+	}
+
+	@Test
+	public void enableWebFluxSecurityWhenNoConfigurationAnnotationThenBeanProxyingEnabled() {
+		this.spring.register(BeanProxyEnabledByDefaultConfig.class).autowire();
+
+		Child childBean = this.spring.getContext().getBean(Child.class);
+		Parent parentBean = this.spring.getContext().getBean(Parent.class);
+
+		assertThat(parentBean.getChild()).isSameAs(childBean);
+	}
+
+	@Test
+	public void enableWebFluxSecurityWhenProxyBeanMethodsFalseThenBeanProxyingDisabled() {
+		this.spring.register(BeanProxyDisabledConfig.class).autowire();
+
+		Child childBean = this.spring.getContext().getBean(Child.class);
+		Parent parentBean = this.spring.getContext().getBean(Parent.class);
+
+		assertThat(parentBean.getChild()).isNotSameAs(childBean);
+	}
+
+	@Test
+	// gh-8596
+	public void resolveAuthenticationPrincipalArgumentResolverFirstDoesNotCauseBeanCurrentlyInCreationException() {
+		this.spring.register(EnableWebFluxSecurityConfiguration.class, ReactiveAuthenticationTestConfiguration.class,
+				DelegatingWebFluxConfiguration.class).autowire();
+	}
+
+	@EnableWebFluxSecurity
+	@Import(ReactiveAuthenticationTestConfiguration.class)
+	static class Config {
+
+	}
+
+	@EnableWebFluxSecurity
+	static class CustomPasswordEncoderConfig {
+
+		@Bean
+		public ReactiveUserDetailsService userDetailsService(PasswordEncoder encoder) {
+			return new MapReactiveUserDetailsService(
+					User.withUsername("user").password(encoder.encode("password")).roles("USER").build());
+		}
+
+		@Bean
+		public static PasswordEncoder passwordEncoder() {
+			return new BCryptPasswordEncoder();
+		}
+
+	}
+
+	@EnableWebFluxSecurity
+	static class MapReactiveUserDetailsServiceConfig {
+
+		@Bean
+		public MapReactiveUserDetailsService userDetailsService() {
+			// @formatter:off
+			return new MapReactiveUserDetailsService(User.withUsername("user")
+					.password("{noop}password")
+					.roles("USER")
+					.build()
+			// @formatter:on
+			);
+		}
+
+	}
+
 	@EnableWebFluxSecurity
 	@Import(ReactiveAuthenticationTestConfiguration.class)
 	static class MultiSecurityHttpConfig {
@@ -273,16 +316,6 @@ public class EnableWebFluxSecurityTests {
 
 	}
 
-	@Test
-	@WithMockUser
-	public void authenticationPrincipalArgumentResolverWhenSpelThenWorks() {
-		this.spring.register(AuthenticationPrincipalConfig.class).autowire();
-
-		WebTestClient client = WebTestClient.bindToApplicationContext(this.spring.getContext()).build();
-
-		client.get().uri("/spel").exchange().expectStatus().isOk().expectBody(String.class).isEqualTo("user");
-	}
-
 	@EnableWebFluxSecurity
 	@EnableWebFlux
 	@Import(ReactiveAuthenticationTestConfiguration.class)
@@ -313,22 +346,6 @@ public class EnableWebFluxSecurityTests {
 
 	}
 
-	private static DataBuffer toDataBuffer(String body) {
-		DataBuffer buffer = new DefaultDataBufferFactory().allocateBuffer();
-		buffer.write(body.getBytes(StandardCharsets.UTF_8));
-		return buffer;
-	}
-
-	@Test
-	public void enableWebFluxSecurityWhenNoConfigurationAnnotationThenBeanProxyingEnabled() {
-		this.spring.register(BeanProxyEnabledByDefaultConfig.class).autowire();
-
-		Child childBean = this.spring.getContext().getBean(Child.class);
-		Parent parentBean = this.spring.getContext().getBean(Parent.class);
-
-		assertThat(parentBean.getChild()).isSameAs(childBean);
-	}
-
 	@EnableWebFluxSecurity
 	@Import(ReactiveAuthenticationTestConfiguration.class)
 	static class BeanProxyEnabledByDefaultConfig {
@@ -345,16 +362,6 @@ public class EnableWebFluxSecurityTests {
 
 	}
 
-	@Test
-	public void enableWebFluxSecurityWhenProxyBeanMethodsFalseThenBeanProxyingDisabled() {
-		this.spring.register(BeanProxyDisabledConfig.class).autowire();
-
-		Child childBean = this.spring.getContext().getBean(Child.class);
-		Parent parentBean = this.spring.getContext().getBean(Parent.class);
-
-		assertThat(parentBean.getChild()).isNotSameAs(childBean);
-	}
-
 	@Configuration(proxyBeanMethods = false)
 	@EnableWebFluxSecurity
 	@Import(ReactiveAuthenticationTestConfiguration.class)
@@ -393,13 +400,6 @@ public class EnableWebFluxSecurityTests {
 
 	}
 
-	@Test
-	// gh-8596
-	public void resolveAuthenticationPrincipalArgumentResolverFirstDoesNotCauseBeanCurrentlyInCreationException() {
-		this.spring.register(EnableWebFluxSecurityConfiguration.class, ReactiveAuthenticationTestConfiguration.class,
-				DelegatingWebFluxConfiguration.class).autowire();
-	}
-
 	@EnableWebFluxSecurity
 	@Configuration(proxyBeanMethods = false)
 	static class EnableWebFluxSecurityConfiguration {
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerTests.java
index 9d73774461..8511a04d73 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerTests.java
@@ -272,43 +272,6 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
 		}
 	}
 
-	@Configuration
-	@EnableWebSocketMessageBroker
-	@Import(SyncExecutorConfig.class)
-	static class MsmsRegistryCustomPatternMatcherConfig extends AbstractSecurityWebSocketMessageBrokerConfigurer {
-
-		// @formatter:off
-		@Override
-		public void registerStompEndpoints(StompEndpointRegistry registry) {
-			registry
-				.addEndpoint("/other")
-				.setHandshakeHandler(testHandshakeHandler());
-		}
-		// @formatter:on
-
-		// @formatter:off
-		@Override
-		protected void configureInbound(MessageSecurityMetadataSourceRegistry messages) {
-			messages
-				.simpDestMatchers("/app/a.*").permitAll()
-				.anyMessage().denyAll();
-		}
-		// @formatter:on
-
-		@Override
-		public void configureMessageBroker(MessageBrokerRegistry registry) {
-			registry.setPathMatcher(new AntPathMatcher("."));
-			registry.enableSimpleBroker("/queue/", "/topic/");
-			registry.setApplicationDestinationPrefixes("/app");
-		}
-
-		@Bean
-		public TestHandshakeHandler testHandshakeHandler() {
-			return new TestHandshakeHandler();
-		}
-
-	}
-
 	@Test
 	public void overrideMsmsRegistryCustomPatternMatcher() {
 		loadConfig(OverrideMsmsRegistryCustomPatternMatcherConfig.class);
@@ -324,45 +287,6 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
 		}
 	}
 
-	@Configuration
-	@EnableWebSocketMessageBroker
-	@Import(SyncExecutorConfig.class)
-	static class OverrideMsmsRegistryCustomPatternMatcherConfig
-			extends AbstractSecurityWebSocketMessageBrokerConfigurer {
-
-		// @formatter:off
-		@Override
-		public void registerStompEndpoints(StompEndpointRegistry registry) {
-			registry
-				.addEndpoint("/other")
-				.setHandshakeHandler(testHandshakeHandler());
-		}
-		// @formatter:on
-
-		// @formatter:off
-		@Override
-		protected void configureInbound(MessageSecurityMetadataSourceRegistry messages) {
-			messages
-				.simpDestPathMatcher(new AntPathMatcher())
-				.simpDestMatchers("/app/a/*").permitAll()
-				.anyMessage().denyAll();
-		}
-		// @formatter:on
-
-		@Override
-		public void configureMessageBroker(MessageBrokerRegistry registry) {
-			registry.setPathMatcher(new AntPathMatcher("."));
-			registry.enableSimpleBroker("/queue/", "/topic/");
-			registry.setApplicationDestinationPrefixes("/app");
-		}
-
-		@Bean
-		public TestHandshakeHandler testHandshakeHandler() {
-			return new TestHandshakeHandler();
-		}
-
-	}
-
 	@Test
 	public void defaultPatternMatcher() {
 		loadConfig(DefaultPatternMatcherConfig.class);
@@ -378,42 +302,6 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
 		}
 	}
 
-	@Configuration
-	@EnableWebSocketMessageBroker
-	@Import(SyncExecutorConfig.class)
-	static class DefaultPatternMatcherConfig extends AbstractSecurityWebSocketMessageBrokerConfigurer {
-
-		// @formatter:off
-		@Override
-		public void registerStompEndpoints(StompEndpointRegistry registry) {
-			registry
-				.addEndpoint("/other")
-				.setHandshakeHandler(testHandshakeHandler());
-		}
-		// @formatter:on
-
-		// @formatter:off
-		@Override
-		protected void configureInbound(MessageSecurityMetadataSourceRegistry messages) {
-			messages
-				.simpDestMatchers("/app/a/*").permitAll()
-				.anyMessage().denyAll();
-		}
-		// @formatter:on
-
-		@Override
-		public void configureMessageBroker(MessageBrokerRegistry registry) {
-			registry.enableSimpleBroker("/queue/", "/topic/");
-			registry.setApplicationDestinationPrefixes("/app");
-		}
-
-		@Bean
-		public TestHandshakeHandler testHandshakeHandler() {
-			return new TestHandshakeHandler();
-		}
-
-	}
-
 	@Test
 	public void customExpression() {
 		loadConfig(CustomExpressionConfig.class);
@@ -464,57 +352,6 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
 		assertThat(((AbstractMessageChannel) messageChannel).getInterceptors()).contains(inboundChannelSecurity);
 	}
 
-	@Configuration
-	@EnableWebSocketMessageBroker
-	@Import(SyncExecutorConfig.class)
-	static class CustomExpressionConfig extends AbstractSecurityWebSocketMessageBrokerConfigurer {
-
-		// @formatter:off
-		@Override
-		public void registerStompEndpoints(StompEndpointRegistry registry) {
-			registry
-				.addEndpoint("/other")
-				.setHandshakeHandler(testHandshakeHandler());
-		}
-		// @formatter:on
-
-		// @formatter:off
-		@Override
-		protected void configureInbound(MessageSecurityMetadataSourceRegistry messages) {
-			messages
-				.anyMessage().access("denyRob()");
-		}
-		// @formatter:on
-
-		@Bean
-		public static SecurityExpressionHandler<Message<Object>> messageSecurityExpressionHandler() {
-			return new DefaultMessageSecurityExpressionHandler<Object>() {
-				@Override
-				protected SecurityExpressionOperations createSecurityExpressionRoot(Authentication authentication,
-						Message<Object> invocation) {
-					return new MessageSecurityExpressionRoot(authentication, invocation) {
-						public boolean denyRob() {
-							Authentication auth = getAuthentication();
-							return auth != null && !"rob".equals(auth.getName());
-						}
-					};
-				}
-			};
-		}
-
-		@Override
-		public void configureMessageBroker(MessageBrokerRegistry registry) {
-			registry.enableSimpleBroker("/queue/", "/topic/");
-			registry.setApplicationDestinationPrefixes("/app");
-		}
-
-		@Bean
-		public TestHandshakeHandler testHandshakeHandler() {
-			return new TestHandshakeHandler();
-		}
-
-	}
-
 	private void assertHandshake(HttpServletRequest request) {
 		TestHandshakeHandler handshakeHandler = this.context.getBean(TestHandshakeHandler.class);
 		assertThat(handshakeHandler.attributes.get(CsrfToken.class.getName())).isSameAs(this.token);
@@ -572,6 +409,169 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
 		this.context.refresh();
 	}
 
+	@Configuration
+	@EnableWebSocketMessageBroker
+	@Import(SyncExecutorConfig.class)
+	static class MsmsRegistryCustomPatternMatcherConfig extends AbstractSecurityWebSocketMessageBrokerConfigurer {
+
+		// @formatter:off
+		@Override
+		public void registerStompEndpoints(StompEndpointRegistry registry) {
+			registry
+				.addEndpoint("/other")
+				.setHandshakeHandler(testHandshakeHandler());
+		}
+		// @formatter:on
+
+		// @formatter:off
+		@Override
+		protected void configureInbound(MessageSecurityMetadataSourceRegistry messages) {
+			messages
+				.simpDestMatchers("/app/a.*").permitAll()
+				.anyMessage().denyAll();
+		}
+		// @formatter:on
+
+		@Override
+		public void configureMessageBroker(MessageBrokerRegistry registry) {
+			registry.setPathMatcher(new AntPathMatcher("."));
+			registry.enableSimpleBroker("/queue/", "/topic/");
+			registry.setApplicationDestinationPrefixes("/app");
+		}
+
+		@Bean
+		public TestHandshakeHandler testHandshakeHandler() {
+			return new TestHandshakeHandler();
+		}
+
+	}
+
+	@Configuration
+	@EnableWebSocketMessageBroker
+	@Import(SyncExecutorConfig.class)
+	static class OverrideMsmsRegistryCustomPatternMatcherConfig
+			extends AbstractSecurityWebSocketMessageBrokerConfigurer {
+
+		// @formatter:off
+		@Override
+		public void registerStompEndpoints(StompEndpointRegistry registry) {
+			registry
+				.addEndpoint("/other")
+				.setHandshakeHandler(testHandshakeHandler());
+		}
+		// @formatter:on
+
+		// @formatter:off
+		@Override
+		protected void configureInbound(MessageSecurityMetadataSourceRegistry messages) {
+			messages
+				.simpDestPathMatcher(new AntPathMatcher())
+				.simpDestMatchers("/app/a/*").permitAll()
+				.anyMessage().denyAll();
+		}
+		// @formatter:on
+
+		@Override
+		public void configureMessageBroker(MessageBrokerRegistry registry) {
+			registry.setPathMatcher(new AntPathMatcher("."));
+			registry.enableSimpleBroker("/queue/", "/topic/");
+			registry.setApplicationDestinationPrefixes("/app");
+		}
+
+		@Bean
+		public TestHandshakeHandler testHandshakeHandler() {
+			return new TestHandshakeHandler();
+		}
+
+	}
+
+	@Configuration
+	@EnableWebSocketMessageBroker
+	@Import(SyncExecutorConfig.class)
+	static class DefaultPatternMatcherConfig extends AbstractSecurityWebSocketMessageBrokerConfigurer {
+
+		// @formatter:off
+		@Override
+		public void registerStompEndpoints(StompEndpointRegistry registry) {
+			registry
+				.addEndpoint("/other")
+				.setHandshakeHandler(testHandshakeHandler());
+		}
+		// @formatter:on
+
+		// @formatter:off
+		@Override
+		protected void configureInbound(MessageSecurityMetadataSourceRegistry messages) {
+			messages
+				.simpDestMatchers("/app/a/*").permitAll()
+				.anyMessage().denyAll();
+		}
+		// @formatter:on
+
+		@Override
+		public void configureMessageBroker(MessageBrokerRegistry registry) {
+			registry.enableSimpleBroker("/queue/", "/topic/");
+			registry.setApplicationDestinationPrefixes("/app");
+		}
+
+		@Bean
+		public TestHandshakeHandler testHandshakeHandler() {
+			return new TestHandshakeHandler();
+		}
+
+	}
+
+	@Configuration
+	@EnableWebSocketMessageBroker
+	@Import(SyncExecutorConfig.class)
+	static class CustomExpressionConfig extends AbstractSecurityWebSocketMessageBrokerConfigurer {
+
+		// @formatter:off
+		@Override
+		public void registerStompEndpoints(StompEndpointRegistry registry) {
+			registry
+				.addEndpoint("/other")
+				.setHandshakeHandler(testHandshakeHandler());
+		}
+		// @formatter:on
+
+		// @formatter:off
+		@Override
+		protected void configureInbound(MessageSecurityMetadataSourceRegistry messages) {
+			messages
+				.anyMessage().access("denyRob()");
+		}
+		// @formatter:on
+
+		@Bean
+		public static SecurityExpressionHandler<Message<Object>> messageSecurityExpressionHandler() {
+			return new DefaultMessageSecurityExpressionHandler<Object>() {
+				@Override
+				protected SecurityExpressionOperations createSecurityExpressionRoot(Authentication authentication,
+						Message<Object> invocation) {
+					return new MessageSecurityExpressionRoot(authentication, invocation) {
+						public boolean denyRob() {
+							Authentication auth = getAuthentication();
+							return auth != null && !"rob".equals(auth.getName());
+						}
+					};
+				}
+			};
+		}
+
+		@Override
+		public void configureMessageBroker(MessageBrokerRegistry registry) {
+			registry.enableSimpleBroker("/queue/", "/topic/");
+			registry.setApplicationDestinationPrefixes("/app");
+		}
+
+		@Bean
+		public TestHandshakeHandler testHandshakeHandler() {
+			return new TestHandshakeHandler();
+		}
+
+	}
+
 	@Controller
 	static class MyController {
 
diff --git a/config/src/test/java/org/springframework/security/config/http/CsrfConfigTests.java b/config/src/test/java/org/springframework/security/config/http/CsrfConfigTests.java
index bab0a7e840..edff3fe164 100644
--- a/config/src/test/java/org/springframework/security/config/http/CsrfConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/CsrfConfigTests.java
@@ -417,6 +417,27 @@ public class CsrfConfigTests {
 		return CONFIG_LOCATION_PREFIX + "-" + configName + ".xml";
 	}
 
+	ResultMatcher csrfChanged(MvcResult first) {
+		return (second) -> {
+			assertThat(first).isNotNull();
+			assertThat(second).isNotNull();
+			assertThat(first.getResponse().getContentAsString())
+					.isNotEqualTo(second.getResponse().getContentAsString());
+		};
+	}
+
+	ResultMatcher csrfCreated() {
+		return new CsrfCreatedResultMatcher();
+	}
+
+	ResultMatcher csrfInHeader() {
+		return new CsrfReturnedResultMatcher(result -> result.getResponse().getHeader("X-CSRF-TOKEN"));
+	}
+
+	ResultMatcher csrfInBody() {
+		return new CsrfReturnedResultMatcher(result -> result.getResponse().getContentAsString());
+	}
+
 	@Controller
 	public static class RootController {
 
@@ -458,27 +479,6 @@ public class CsrfConfigTests {
 
 	}
 
-	ResultMatcher csrfChanged(MvcResult first) {
-		return (second) -> {
-			assertThat(first).isNotNull();
-			assertThat(second).isNotNull();
-			assertThat(first.getResponse().getContentAsString())
-					.isNotEqualTo(second.getResponse().getContentAsString());
-		};
-	}
-
-	ResultMatcher csrfCreated() {
-		return new CsrfCreatedResultMatcher();
-	}
-
-	ResultMatcher csrfInHeader() {
-		return new CsrfReturnedResultMatcher(result -> result.getResponse().getHeader("X-CSRF-TOKEN"));
-	}
-
-	ResultMatcher csrfInBody() {
-		return new CsrfReturnedResultMatcher(result -> result.getResponse().getContentAsString());
-	}
-
 	@FunctionalInterface
 	interface ExceptionalFunction<IN, OUT> {
 
diff --git a/config/src/test/java/org/springframework/security/config/http/FormLoginConfigTests.java b/config/src/test/java/org/springframework/security/config/http/FormLoginConfigTests.java
index 190c0d66d7..4adaebc234 100644
--- a/config/src/test/java/org/springframework/security/config/http/FormLoginConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/FormLoginConfigTests.java
@@ -175,6 +175,24 @@ public class FormLoginConfigTests {
 				.andExpect(redirectedUrl("/login?error"));
 	}
 
+	private Filter getFilter(ApplicationContext context, Class<? extends Filter> filterClass) {
+		FilterChainProxy filterChain = context.getBean(BeanIds.FILTER_CHAIN_PROXY, FilterChainProxy.class);
+
+		List<Filter> filters = filterChain.getFilters("/any");
+
+		for (Filter filter : filters) {
+			if (filter.getClass() == filterClass) {
+				return filter;
+			}
+		}
+
+		return null;
+	}
+
+	private String xml(String configName) {
+		return CONFIG_LOCATION_PREFIX + "-" + configName + ".xml";
+	}
+
 	@RestController
 	public static class LoginController {
 
@@ -204,22 +222,4 @@ public class FormLoginConfigTests {
 
 	}
 
-	private Filter getFilter(ApplicationContext context, Class<? extends Filter> filterClass) {
-		FilterChainProxy filterChain = context.getBean(BeanIds.FILTER_CHAIN_PROXY, FilterChainProxy.class);
-
-		List<Filter> filters = filterChain.getFilters("/any");
-
-		for (Filter filter : filters) {
-			if (filter.getClass() == filterClass) {
-				return filter;
-			}
-		}
-
-		return null;
-	}
-
-	private String xml(String configName) {
-		return CONFIG_LOCATION_PREFIX + "-" + configName + ".xml";
-	}
-
 }
diff --git a/config/src/test/java/org/springframework/security/config/http/HttpConfigTests.java b/config/src/test/java/org/springframework/security/config/http/HttpConfigTests.java
index 2f9fcd22de..3cd2f3be8b 100644
--- a/config/src/test/java/org/springframework/security/config/http/HttpConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/HttpConfigTests.java
@@ -73,6 +73,10 @@ public class HttpConfigTests {
 		assertThat(response.getRedirectedUrl()).isEqualTo("http://localhost/login");
 	}
 
+	private String xml(String configName) {
+		return CONFIG_LOCATION_PREFIX + "-" + configName + ".xml";
+	}
+
 	private static class EncodeUrlDenyingHttpServletResponseWrapper extends HttpServletResponseWrapper {
 
 		EncodeUrlDenyingHttpServletResponseWrapper(HttpServletResponse response) {
@@ -101,8 +105,4 @@ public class HttpConfigTests {
 
 	}
 
-	private String xml(String configName) {
-		return CONFIG_LOCATION_PREFIX + "-" + configName + ".xml";
-	}
-
 }
diff --git a/config/src/test/java/org/springframework/security/config/http/HttpCorsConfigTests.java b/config/src/test/java/org/springframework/security/config/http/HttpCorsConfigTests.java
index 6f0beba0a0..a51ff6d242 100644
--- a/config/src/test/java/org/springframework/security/config/http/HttpCorsConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/HttpCorsConfigTests.java
@@ -99,29 +99,6 @@ public class HttpCorsConfigTests {
 				.andExpect(status().isOk());
 	}
 
-	@RestController
-	@CrossOrigin(methods = { RequestMethod.GET, RequestMethod.POST })
-	static class CorsController {
-
-		@RequestMapping("/")
-		String hello() {
-			return "Hello";
-		}
-
-	}
-
-	static class MyCorsConfigurationSource extends UrlBasedCorsConfigurationSource {
-
-		MyCorsConfigurationSource() {
-			CorsConfiguration configuration = new CorsConfiguration();
-			configuration.setAllowedOrigins(Arrays.asList("*"));
-			configuration.setAllowedMethods(Arrays.asList(RequestMethod.GET.name(), RequestMethod.POST.name()));
-
-			super.registerCorsConfiguration("/**", configuration);
-		}
-
-	}
-
 	private String xml(String configName) {
 		return CONFIG_LOCATION_PREFIX + "-" + configName + ".xml";
 	}
@@ -154,4 +131,27 @@ public class HttpCorsConfigTests {
 		};
 	}
 
+	@RestController
+	@CrossOrigin(methods = { RequestMethod.GET, RequestMethod.POST })
+	static class CorsController {
+
+		@RequestMapping("/")
+		String hello() {
+			return "Hello";
+		}
+
+	}
+
+	static class MyCorsConfigurationSource extends UrlBasedCorsConfigurationSource {
+
+		MyCorsConfigurationSource() {
+			CorsConfiguration configuration = new CorsConfiguration();
+			configuration.setAllowedOrigins(Arrays.asList("*"));
+			configuration.setAllowedMethods(Arrays.asList(RequestMethod.GET.name(), RequestMethod.POST.name()));
+
+			super.registerCorsConfiguration("/**", configuration);
+		}
+
+	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/http/HttpHeadersConfigTests.java b/config/src/test/java/org/springframework/security/config/http/HttpHeadersConfigTests.java
index ad543ee1e3..4bc4ae8846 100644
--- a/config/src/test/java/org/springframework/security/config/http/HttpHeadersConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/HttpHeadersConfigTests.java
@@ -659,16 +659,6 @@ public class HttpHeadersConfigTests {
 				.andExpect(header().string("Referrer-Policy", "same-origin"));
 	}
 
-	@RestController
-	public static class SimpleController {
-
-		@GetMapping("/")
-		public String ok() {
-			return "ok";
-		}
-
-	}
-
 	private static ResultMatcher includesDefaults() {
 		return includes(defaultHeaders);
 	}
@@ -711,4 +701,14 @@ public class HttpHeadersConfigTests {
 		return CONFIG_LOCATION_PREFIX + "-" + configName + ".xml";
 	}
 
+	@RestController
+	public static class SimpleController {
+
+		@GetMapping("/")
+		public String ok() {
+			return "ok";
+		}
+
+	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/http/InterceptUrlConfigTests.java b/config/src/test/java/org/springframework/security/config/http/InterceptUrlConfigTests.java
index 3c94ae6f00..565bea71d1 100644
--- a/config/src/test/java/org/springframework/security/config/http/InterceptUrlConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/InterceptUrlConfigTests.java
@@ -209,6 +209,20 @@ public class InterceptUrlConfigTests {
 				.isInstanceOf(BeanDefinitionParsingException.class);
 	}
 
+	private MockServletContext mockServletContext(String servletPath) {
+		MockServletContext servletContext = spy(new MockServletContext());
+		final ServletRegistration registration = mock(ServletRegistration.class);
+		when(registration.getMappings()).thenReturn(Collections.singleton(servletPath));
+		Answer<Map<String, ? extends ServletRegistration>> answer = invocation -> Collections.singletonMap("spring",
+				registration);
+		when(servletContext.getServletRegistrations()).thenAnswer(answer);
+		return servletContext;
+	}
+
+	private String xml(String configName) {
+		return CONFIG_LOCATION_PREFIX + "-" + configName + ".xml";
+	}
+
 	@RestController
 	static class PathController {
 
@@ -232,18 +246,4 @@ public class InterceptUrlConfigTests {
 
 	}
 
-	private MockServletContext mockServletContext(String servletPath) {
-		MockServletContext servletContext = spy(new MockServletContext());
-		final ServletRegistration registration = mock(ServletRegistration.class);
-		when(registration.getMappings()).thenReturn(Collections.singleton(servletPath));
-		Answer<Map<String, ? extends ServletRegistration>> answer = invocation -> Collections.singletonMap("spring",
-				registration);
-		when(servletContext.getServletRegistrations()).thenAnswer(answer);
-		return servletContext;
-	}
-
-	private String xml(String configName) {
-		return CONFIG_LOCATION_PREFIX + "-" + configName + ".xml";
-	}
-
 }
diff --git a/config/src/test/java/org/springframework/security/config/http/MiscHttpConfigTests.java b/config/src/test/java/org/springframework/security/config/http/MiscHttpConfigTests.java
index 2c59e39123..604880a82a 100644
--- a/config/src/test/java/org/springframework/security/config/http/MiscHttpConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/MiscHttpConfigTests.java
@@ -694,6 +694,59 @@ public class MiscHttpConfigTests {
 				.andExpect(redirectedUrl("https://localhost:9443/protected"));
 	}
 
+	private void redirectLogsTo(OutputStream os, Class<?> clazz) {
+		Logger logger = (Logger) LoggerFactory.getLogger(clazz);
+		Appender<ILoggingEvent> appender = mock(Appender.class);
+		when(appender.isStarted()).thenReturn(true);
+		doAnswer(writeTo(os)).when(appender).doAppend(any(ILoggingEvent.class));
+		logger.addAppender(appender);
+	}
+
+	private Answer<ILoggingEvent> writeTo(OutputStream os) {
+		return invocation -> {
+			os.write(invocation.getArgument(0).toString().getBytes());
+			return null;
+		};
+	}
+
+	private void assertThatFiltersMatchExpectedAutoConfigList() {
+		assertThatFiltersMatchExpectedAutoConfigList("/");
+	}
+
+	private void assertThatFiltersMatchExpectedAutoConfigList(String url) {
+		Iterator<Filter> filters = getFilters(url).iterator();
+
+		assertThat(filters.next()).isInstanceOf(SecurityContextPersistenceFilter.class);
+		assertThat(filters.next()).isInstanceOf(WebAsyncManagerIntegrationFilter.class);
+		assertThat(filters.next()).isInstanceOf(HeaderWriterFilter.class);
+		assertThat(filters.next()).isInstanceOf(CsrfFilter.class);
+		assertThat(filters.next()).isInstanceOf(LogoutFilter.class);
+		assertThat(filters.next()).isInstanceOf(UsernamePasswordAuthenticationFilter.class);
+		assertThat(filters.next()).isInstanceOf(DefaultLoginPageGeneratingFilter.class);
+		assertThat(filters.next()).isInstanceOf(DefaultLogoutPageGeneratingFilter.class);
+		assertThat(filters.next()).isInstanceOf(BasicAuthenticationFilter.class);
+		assertThat(filters.next()).isInstanceOf(RequestCacheAwareFilter.class);
+		assertThat(filters.next()).isInstanceOf(SecurityContextHolderAwareRequestFilter.class);
+		assertThat(filters.next()).isInstanceOf(AnonymousAuthenticationFilter.class);
+		assertThat(filters.next()).isInstanceOf(SessionManagementFilter.class);
+		assertThat(filters.next()).isInstanceOf(ExceptionTranslationFilter.class);
+		assertThat(filters.next()).isInstanceOf(FilterSecurityInterceptor.class)
+				.hasFieldOrPropertyWithValue("observeOncePerRequest", true);
+	}
+
+	private <T extends Filter> T getFilter(Class<T> filterClass) {
+		return (T) getFilters("/").stream().filter(filterClass::isInstance).findFirst().orElse(null);
+	}
+
+	private List<Filter> getFilters(String url) {
+		FilterChainProxy proxy = this.spring.getContext().getBean(FilterChainProxy.class);
+		return proxy.getFilters(url);
+	}
+
+	private static String xml(String configName) {
+		return CONFIG_LOCATION_PREFIX + "-" + configName + ".xml";
+	}
+
 	@RestController
 	static class BasicController {
 
@@ -847,57 +900,4 @@ public class MiscHttpConfigTests {
 
 	}
 
-	private void redirectLogsTo(OutputStream os, Class<?> clazz) {
-		Logger logger = (Logger) LoggerFactory.getLogger(clazz);
-		Appender<ILoggingEvent> appender = mock(Appender.class);
-		when(appender.isStarted()).thenReturn(true);
-		doAnswer(writeTo(os)).when(appender).doAppend(any(ILoggingEvent.class));
-		logger.addAppender(appender);
-	}
-
-	private Answer<ILoggingEvent> writeTo(OutputStream os) {
-		return invocation -> {
-			os.write(invocation.getArgument(0).toString().getBytes());
-			return null;
-		};
-	}
-
-	private void assertThatFiltersMatchExpectedAutoConfigList() {
-		assertThatFiltersMatchExpectedAutoConfigList("/");
-	}
-
-	private void assertThatFiltersMatchExpectedAutoConfigList(String url) {
-		Iterator<Filter> filters = getFilters(url).iterator();
-
-		assertThat(filters.next()).isInstanceOf(SecurityContextPersistenceFilter.class);
-		assertThat(filters.next()).isInstanceOf(WebAsyncManagerIntegrationFilter.class);
-		assertThat(filters.next()).isInstanceOf(HeaderWriterFilter.class);
-		assertThat(filters.next()).isInstanceOf(CsrfFilter.class);
-		assertThat(filters.next()).isInstanceOf(LogoutFilter.class);
-		assertThat(filters.next()).isInstanceOf(UsernamePasswordAuthenticationFilter.class);
-		assertThat(filters.next()).isInstanceOf(DefaultLoginPageGeneratingFilter.class);
-		assertThat(filters.next()).isInstanceOf(DefaultLogoutPageGeneratingFilter.class);
-		assertThat(filters.next()).isInstanceOf(BasicAuthenticationFilter.class);
-		assertThat(filters.next()).isInstanceOf(RequestCacheAwareFilter.class);
-		assertThat(filters.next()).isInstanceOf(SecurityContextHolderAwareRequestFilter.class);
-		assertThat(filters.next()).isInstanceOf(AnonymousAuthenticationFilter.class);
-		assertThat(filters.next()).isInstanceOf(SessionManagementFilter.class);
-		assertThat(filters.next()).isInstanceOf(ExceptionTranslationFilter.class);
-		assertThat(filters.next()).isInstanceOf(FilterSecurityInterceptor.class)
-				.hasFieldOrPropertyWithValue("observeOncePerRequest", true);
-	}
-
-	private <T extends Filter> T getFilter(Class<T> filterClass) {
-		return (T) getFilters("/").stream().filter(filterClass::isInstance).findFirst().orElse(null);
-	}
-
-	private List<Filter> getFilters(String url) {
-		FilterChainProxy proxy = this.spring.getContext().getBean(FilterChainProxy.class);
-		return proxy.getFilters(url);
-	}
-
-	private static String xml(String configName) {
-		return CONFIG_LOCATION_PREFIX + "-" + configName + ".xml";
-	}
-
 }
diff --git a/config/src/test/java/org/springframework/security/config/http/MultiHttpBlockConfigTests.java b/config/src/test/java/org/springframework/security/config/http/MultiHttpBlockConfigTests.java
index d3e8929d0d..267c810076 100644
--- a/config/src/test/java/org/springframework/security/config/http/MultiHttpBlockConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/MultiHttpBlockConfigTests.java
@@ -88,6 +88,10 @@ public class MultiHttpBlockConfigTests {
 				.andExpect(redirectedUrl("/"));
 	}
 
+	private String xml(String configName) {
+		return CONFIG_LOCATION_PREFIX + "-" + configName + ".xml";
+	}
+
 	@Controller
 	static class BasicController {
 
@@ -98,8 +102,4 @@ public class MultiHttpBlockConfigTests {
 
 	}
 
-	private String xml(String configName) {
-		return CONFIG_LOCATION_PREFIX + "-" + configName + ".xml";
-	}
-
 }
diff --git a/config/src/test/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserTests.java
index 46f04f410f..5d9be3a411 100644
--- a/config/src/test/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserTests.java
@@ -209,17 +209,6 @@ public class OAuth2ClientBeanDefinitionParserTests {
 		this.mvc.perform(get("/authorized-client")).andExpect(status().isOk()).andExpect(content().string("resolved"));
 	}
 
-	@RestController
-	static class AuthorizedClientController {
-
-		@GetMapping("/authorized-client")
-		String authorizedClient(Model model,
-				@RegisteredOAuth2AuthorizedClient("google") OAuth2AuthorizedClient authorizedClient) {
-			return authorizedClient != null ? "resolved" : "not-resolved";
-		}
-
-	}
-
 	private static OAuth2AuthorizationRequest createAuthorizationRequest(ClientRegistration clientRegistration) {
 		Map<String, Object> attributes = new HashMap<>();
 		attributes.put(OAuth2ParameterNames.REGISTRATION_ID, clientRegistration.getRegistrationId());
@@ -233,4 +222,15 @@ public class OAuth2ClientBeanDefinitionParserTests {
 		return CONFIG_LOCATION_PREFIX + "-" + configName + ".xml";
 	}
 
+	@RestController
+	static class AuthorizedClientController {
+
+		@GetMapping("/authorized-client")
+		String authorizedClient(Model model,
+				@RegisteredOAuth2AuthorizedClient("google") OAuth2AuthorizedClient authorizedClient) {
+			return authorizedClient != null ? "resolved" : "not-resolved";
+		}
+
+	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/http/OAuth2LoginBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/http/OAuth2LoginBeanDefinitionParserTests.java
index 5d29fc8360..6f5608d751 100644
--- a/config/src/test/java/org/springframework/security/config/http/OAuth2LoginBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/OAuth2LoginBeanDefinitionParserTests.java
@@ -512,6 +512,10 @@ public class OAuth2LoginBeanDefinitionParserTests {
 		this.mvc.perform(get("/authorized-client")).andExpect(status().isOk()).andExpect(content().string("resolved"));
 	}
 
+	private String xml(String configName) {
+		return CONFIG_LOCATION_PREFIX + "-" + configName + ".xml";
+	}
+
 	@RestController
 	static class AuthorizedClientController {
 
@@ -523,8 +527,4 @@ public class OAuth2LoginBeanDefinitionParserTests {
 
 	}
 
-	private String xml(String configName) {
-		return CONFIG_LOCATION_PREFIX + "-" + configName + ".xml";
-	}
-
 }
diff --git a/config/src/test/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParserTests.java
index 2617e5405e..66e957d0a7 100644
--- a/config/src/test/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParserTests.java
@@ -892,6 +892,82 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 		verify(pc.getReaderContext()).error(anyString(), eq(element));
 	}
 
+	private static ResultMatcher invalidRequestHeader(String message) {
+		return header().string(HttpHeaders.WWW_AUTHENTICATE,
+				AllOf.allOf(new StringStartsWith("Bearer " + "error=\"invalid_request\", " + "error_description=\""),
+						new StringContains(message),
+						new StringEndsWith(", " + "error_uri=\"https://tools.ietf.org/html/rfc6750#section-3.1\"")));
+	}
+
+	private static ResultMatcher invalidTokenHeader(String message) {
+		return header().string(HttpHeaders.WWW_AUTHENTICATE,
+				AllOf.allOf(new StringStartsWith("Bearer " + "error=\"invalid_token\", " + "error_description=\""),
+						new StringContains(message),
+						new StringEndsWith(", " + "error_uri=\"https://tools.ietf.org/html/rfc6750#section-3.1\"")));
+	}
+
+	private static ResultMatcher insufficientScopeHeader() {
+		return header().string(HttpHeaders.WWW_AUTHENTICATE, "Bearer " + "error=\"insufficient_scope\""
+				+ ", error_description=\"The request requires higher privileges than provided by the access token.\""
+				+ ", error_uri=\"https://tools.ietf.org/html/rfc6750#section-3.1\"");
+	}
+
+	private String jwkSet() {
+		return new JWKSet(new RSAKey.Builder(TestKeys.DEFAULT_PUBLIC_KEY).keyID("1").build()).toString();
+	}
+
+	private String jwtFromIssuer(String issuer) throws Exception {
+		Map<String, Object> claims = new HashMap<>();
+		claims.put(ISS, issuer);
+		claims.put(SUB, "test-subject");
+		claims.put("scope", "message:read");
+		JWSObject jws = new JWSObject(new JWSHeader.Builder(JWSAlgorithm.RS256).keyID("1").build(),
+				new Payload(new JSONObject(claims)));
+		jws.sign(new RSASSASigner(TestKeys.DEFAULT_PRIVATE_KEY));
+		return jws.serialize();
+	}
+
+	private void mockWebServer(String response) {
+		this.web.enqueue(new MockResponse().setResponseCode(200)
+				.setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE).setBody(response));
+	}
+
+	private void mockRestOperations(String response) {
+		RestOperations rest = this.spring.getContext().getBean(RestOperations.class);
+		HttpHeaders headers = new HttpHeaders();
+		headers.setContentType(MediaType.APPLICATION_JSON);
+		ResponseEntity<String> entity = new ResponseEntity<>(response, headers, HttpStatus.OK);
+		Mockito.when(rest.exchange(any(RequestEntity.class), eq(String.class))).thenReturn(entity);
+	}
+
+	private String json(String name) throws IOException {
+		return resource(name + ".json");
+	}
+
+	private String jwks(String name) throws IOException {
+		return resource(name + ".jwks");
+	}
+
+	private String token(String name) throws IOException {
+		return resource(name + ".token");
+	}
+
+	private String resource(String suffix) throws IOException {
+		String name = this.getClass().getSimpleName() + "-" + suffix;
+		ClassPathResource resource = new ClassPathResource(name, this.getClass());
+		try (BufferedReader reader = new BufferedReader(new FileReader(resource.getFile()))) {
+			return reader.lines().collect(Collectors.joining());
+		}
+	}
+
+	private <T> T bean(Class<T> beanClass) {
+		return this.spring.getContext().getBean(beanClass);
+	}
+
+	private String xml(String configName) {
+		return CONFIG_LOCATION_PREFIX + "-" + configName + ".xml";
+	}
+
 	static class JwtDecoderFactoryBean implements FactoryBean<JwtDecoder> {
 
 		private RestOperations rest;
@@ -1025,80 +1101,4 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 
 	}
 
-	private static ResultMatcher invalidRequestHeader(String message) {
-		return header().string(HttpHeaders.WWW_AUTHENTICATE,
-				AllOf.allOf(new StringStartsWith("Bearer " + "error=\"invalid_request\", " + "error_description=\""),
-						new StringContains(message),
-						new StringEndsWith(", " + "error_uri=\"https://tools.ietf.org/html/rfc6750#section-3.1\"")));
-	}
-
-	private static ResultMatcher invalidTokenHeader(String message) {
-		return header().string(HttpHeaders.WWW_AUTHENTICATE,
-				AllOf.allOf(new StringStartsWith("Bearer " + "error=\"invalid_token\", " + "error_description=\""),
-						new StringContains(message),
-						new StringEndsWith(", " + "error_uri=\"https://tools.ietf.org/html/rfc6750#section-3.1\"")));
-	}
-
-	private static ResultMatcher insufficientScopeHeader() {
-		return header().string(HttpHeaders.WWW_AUTHENTICATE, "Bearer " + "error=\"insufficient_scope\""
-				+ ", error_description=\"The request requires higher privileges than provided by the access token.\""
-				+ ", error_uri=\"https://tools.ietf.org/html/rfc6750#section-3.1\"");
-	}
-
-	private String jwkSet() {
-		return new JWKSet(new RSAKey.Builder(TestKeys.DEFAULT_PUBLIC_KEY).keyID("1").build()).toString();
-	}
-
-	private String jwtFromIssuer(String issuer) throws Exception {
-		Map<String, Object> claims = new HashMap<>();
-		claims.put(ISS, issuer);
-		claims.put(SUB, "test-subject");
-		claims.put("scope", "message:read");
-		JWSObject jws = new JWSObject(new JWSHeader.Builder(JWSAlgorithm.RS256).keyID("1").build(),
-				new Payload(new JSONObject(claims)));
-		jws.sign(new RSASSASigner(TestKeys.DEFAULT_PRIVATE_KEY));
-		return jws.serialize();
-	}
-
-	private void mockWebServer(String response) {
-		this.web.enqueue(new MockResponse().setResponseCode(200)
-				.setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE).setBody(response));
-	}
-
-	private void mockRestOperations(String response) {
-		RestOperations rest = this.spring.getContext().getBean(RestOperations.class);
-		HttpHeaders headers = new HttpHeaders();
-		headers.setContentType(MediaType.APPLICATION_JSON);
-		ResponseEntity<String> entity = new ResponseEntity<>(response, headers, HttpStatus.OK);
-		Mockito.when(rest.exchange(any(RequestEntity.class), eq(String.class))).thenReturn(entity);
-	}
-
-	private String json(String name) throws IOException {
-		return resource(name + ".json");
-	}
-
-	private String jwks(String name) throws IOException {
-		return resource(name + ".jwks");
-	}
-
-	private String token(String name) throws IOException {
-		return resource(name + ".token");
-	}
-
-	private String resource(String suffix) throws IOException {
-		String name = this.getClass().getSimpleName() + "-" + suffix;
-		ClassPathResource resource = new ClassPathResource(name, this.getClass());
-		try (BufferedReader reader = new BufferedReader(new FileReader(resource.getFile()))) {
-			return reader.lines().collect(Collectors.joining());
-		}
-	}
-
-	private <T> T bean(Class<T> beanClass) {
-		return this.spring.getContext().getBean(beanClass);
-	}
-
-	private String xml(String configName) {
-		return CONFIG_LOCATION_PREFIX + "-" + configName + ".xml";
-	}
-
 }
diff --git a/config/src/test/java/org/springframework/security/config/http/OpenIDConfigTests.java b/config/src/test/java/org/springframework/security/config/http/OpenIDConfigTests.java
index f3021d088a..886be53bb5 100644
--- a/config/src/test/java/org/springframework/security/config/http/OpenIDConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/OpenIDConfigTests.java
@@ -176,16 +176,6 @@ public class OpenIDConfigTests {
 		this.mvc.perform(get("/login")).andExpect(status().isOk()).andExpect(content().string("a custom login page"));
 	}
 
-	@RestController
-	static class CustomLoginController {
-
-		@GetMapping("/login")
-		public String custom() {
-			return "a custom login page";
-		}
-
-	}
-
 	private <T extends Filter> T getFilter(Class<T> clazz) {
 		FilterChainProxy filterChain = this.spring.getContext().getBean(FilterChainProxy.class);
 		return (T) filterChain.getFilters("/").stream().filter(clazz::isInstance).findFirst().orElse(null);
@@ -199,4 +189,14 @@ public class OpenIDConfigTests {
 		return (T) FieldUtils.getFieldValue(bean, fieldName);
 	}
 
+	@RestController
+	static class CustomLoginController {
+
+		@GetMapping("/login")
+		public String custom() {
+			return "a custom login page";
+		}
+
+	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/http/PlaceHolderAndELConfigTests.java b/config/src/test/java/org/springframework/security/config/http/PlaceHolderAndELConfigTests.java
index 075b93570c..e78e90f5a4 100644
--- a/config/src/test/java/org/springframework/security/config/http/PlaceHolderAndELConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/PlaceHolderAndELConfigTests.java
@@ -169,6 +169,10 @@ public class PlaceHolderAndELConfigTests {
 		this.mvc.perform(get("/secured")).andExpect(forwardedUrl("/go-away"));
 	}
 
+	private String xml(String configName) {
+		return CONFIG_LOCATION_PREFIX + "-" + configName + ".xml";
+	}
+
 	@RestController
 	static class SimpleController {
 
@@ -184,8 +188,4 @@ public class PlaceHolderAndELConfigTests {
 
 	}
 
-	private String xml(String configName) {
-		return CONFIG_LOCATION_PREFIX + "-" + configName + ".xml";
-	}
-
 }
diff --git a/config/src/test/java/org/springframework/security/config/http/RememberMeConfigTests.java b/config/src/test/java/org/springframework/security/config/http/RememberMeConfigTests.java
index e8ce6a5904..8f8731f10e 100644
--- a/config/src/test/java/org/springframework/security/config/http/RememberMeConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/RememberMeConfigTests.java
@@ -302,16 +302,6 @@ public class RememberMeConfigTests {
 								+ "remember-me-parameter or remember-me-cookie");
 	}
 
-	@RestController
-	static class BasicController {
-
-		@GetMapping("/authenticated")
-		String ok() {
-			return "ok";
-		}
-
-	}
-
 	private ResultActions rememberAuthentication(String username, String password) throws Exception {
 
 		return this.mvc.perform(login(username, password).param(DEFAULT_PARAMETER, "true").with(csrf()))
@@ -330,4 +320,14 @@ public class RememberMeConfigTests {
 		return CONFIG_LOCATION_PREFIX + "-" + configName + ".xml";
 	}
 
+	@RestController
+	static class BasicController {
+
+		@GetMapping("/authenticated")
+		String ok() {
+			return "ok";
+		}
+
+	}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/http/SecurityContextHolderAwareRequestConfigTests.java b/config/src/test/java/org/springframework/security/config/http/SecurityContextHolderAwareRequestConfigTests.java
index 98d431415a..d2f89090fc 100644
--- a/config/src/test/java/org/springframework/security/config/http/SecurityContextHolderAwareRequestConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/SecurityContextHolderAwareRequestConfigTests.java
@@ -206,6 +206,10 @@ public class SecurityContextHolderAwareRequestConfigTests {
 		this.mvc.perform(get("/role")).andExpect(content().string("true"));
 	}
 
+	private String xml(String configName) {
+		return CONFIG_LOCATION_PREFIX + "-" + configName + ".xml";
+	}
+
 	@RestController
 	public static class ServletAuthenticatedController {
 
@@ -267,8 +271,4 @@ public class SecurityContextHolderAwareRequestConfigTests {
 
 	}
 
-	private String xml(String configName) {
-		return CONFIG_LOCATION_PREFIX + "-" + configName + ".xml";
-	}
-
 }
diff --git a/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigTests.java b/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigTests.java
index ded6945508..00445262d6 100644
--- a/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigTests.java
@@ -382,6 +382,49 @@ public class SessionManagementConfigTests {
 		})).andExpect(redirectedUrl("/timeoutUrl"));
 	}
 
+	private void sessionRegistryIsValid() {
+		SessionRegistry sessionRegistry = this.spring.getContext().getBean("sessionRegistry", SessionRegistry.class);
+
+		assertThat(sessionRegistry).isNotNull();
+
+		assertThat(this.getFilter(ConcurrentSessionFilter.class)).returns(sessionRegistry,
+				this::extractSessionRegistry);
+		assertThat(this.getFilter(UsernamePasswordAuthenticationFilter.class)).returns(sessionRegistry,
+				this::extractSessionRegistry);
+		// SEC-1143
+		assertThat(this.getFilter(SessionManagementFilter.class)).returns(sessionRegistry,
+				this::extractSessionRegistry);
+	}
+
+	private SessionRegistry extractSessionRegistry(ConcurrentSessionFilter filter) {
+		return getFieldValue(filter, "sessionRegistry");
+	}
+
+	private SessionRegistry extractSessionRegistry(UsernamePasswordAuthenticationFilter filter) {
+		SessionAuthenticationStrategy strategy = getFieldValue(filter, "sessionStrategy");
+		List<SessionAuthenticationStrategy> strategies = getFieldValue(strategy, "delegateStrategies");
+		return getFieldValue(strategies.get(0), "sessionRegistry");
+	}
+
+	private SessionRegistry extractSessionRegistry(SessionManagementFilter filter) {
+		SessionAuthenticationStrategy strategy = getFieldValue(filter, "sessionAuthenticationStrategy");
+		List<SessionAuthenticationStrategy> strategies = getFieldValue(strategy, "delegateStrategies");
+		return getFieldValue(strategies.get(0), "sessionRegistry");
+	}
+
+	private <T> T getFieldValue(Object target, String fieldName) {
+		try {
+			return (T) FieldUtils.getFieldValue(target, fieldName);
+		}
+		catch (Exception e) {
+			throw new RuntimeException(e);
+		}
+	}
+
+	private static SessionResultMatcher session() {
+		return new SessionResultMatcher();
+	}
+
 	/**
 	 * SEC-2680
 	 */
@@ -408,6 +451,46 @@ public class SessionManagementConfigTests {
 		assertThat(lfLogoutHandlers).hasAtLeastOneElementOfType(LogoutSuccessEventPublishingLogoutHandler.class);
 	}
 
+	private static MockHttpServletResponse request(MockHttpServletRequest request, ApplicationContext context)
+			throws IOException, ServletException {
+
+		MockHttpServletResponse response = new MockHttpServletResponse();
+
+		FilterChainProxy proxy = context.getBean(FilterChainProxy.class);
+
+		proxy.doFilter(request, new EncodeUrlDenyingHttpServletResponseWrapper(response), (req, resp) -> {
+		});
+
+		return response;
+	}
+
+	private MockHttpSession expiredSession() {
+		MockHttpSession session = new MockHttpSession();
+		SessionRegistry sessionRegistry = this.spring.getContext().getBean(SessionRegistry.class);
+		sessionRegistry.registerNewSession(session.getId(), "user");
+		sessionRegistry.getSessionInformation(session.getId()).expireNow();
+		return session;
+	}
+
+	private <T extends Filter> T getFilter(Class<T> filterClass) {
+		return (T) getFilters().stream().filter(filterClass::isInstance).findFirst().orElse(null);
+	}
+
+	private List<Filter> getFilters() {
+		FilterChainProxy proxy = this.spring.getContext().getBean(FilterChainProxy.class);
+
+		return proxy.getFilters("/");
+	}
+
+	private ServletContext servletContext() {
+		WebApplicationContext context = this.spring.getContext();
+		return context.getServletContext();
+	}
+
+	private String xml(String configName) {
+		return CONFIG_LOCATION_PREFIX + "-" + configName + ".xml";
+	}
+
 	static class TeapotSessionAuthenticationStrategy implements SessionAuthenticationStrategy {
 
 		@Override
@@ -459,49 +542,6 @@ public class SessionManagementConfigTests {
 
 	}
 
-	private void sessionRegistryIsValid() {
-		SessionRegistry sessionRegistry = this.spring.getContext().getBean("sessionRegistry", SessionRegistry.class);
-
-		assertThat(sessionRegistry).isNotNull();
-
-		assertThat(this.getFilter(ConcurrentSessionFilter.class)).returns(sessionRegistry,
-				this::extractSessionRegistry);
-		assertThat(this.getFilter(UsernamePasswordAuthenticationFilter.class)).returns(sessionRegistry,
-				this::extractSessionRegistry);
-		// SEC-1143
-		assertThat(this.getFilter(SessionManagementFilter.class)).returns(sessionRegistry,
-				this::extractSessionRegistry);
-	}
-
-	private SessionRegistry extractSessionRegistry(ConcurrentSessionFilter filter) {
-		return getFieldValue(filter, "sessionRegistry");
-	}
-
-	private SessionRegistry extractSessionRegistry(UsernamePasswordAuthenticationFilter filter) {
-		SessionAuthenticationStrategy strategy = getFieldValue(filter, "sessionStrategy");
-		List<SessionAuthenticationStrategy> strategies = getFieldValue(strategy, "delegateStrategies");
-		return getFieldValue(strategies.get(0), "sessionRegistry");
-	}
-
-	private SessionRegistry extractSessionRegistry(SessionManagementFilter filter) {
-		SessionAuthenticationStrategy strategy = getFieldValue(filter, "sessionAuthenticationStrategy");
-		List<SessionAuthenticationStrategy> strategies = getFieldValue(strategy, "delegateStrategies");
-		return getFieldValue(strategies.get(0), "sessionRegistry");
-	}
-
-	private <T> T getFieldValue(Object target, String fieldName) {
-		try {
-			return (T) FieldUtils.getFieldValue(target, fieldName);
-		}
-		catch (Exception e) {
-			throw new RuntimeException(e);
-		}
-	}
-
-	private static SessionResultMatcher session() {
-		return new SessionResultMatcher();
-	}
-
 	private static class SessionResultMatcher implements ResultMatcher {
 
 		private String id;
@@ -552,19 +592,6 @@ public class SessionManagementConfigTests {
 
 	}
 
-	private static MockHttpServletResponse request(MockHttpServletRequest request, ApplicationContext context)
-			throws IOException, ServletException {
-
-		MockHttpServletResponse response = new MockHttpServletResponse();
-
-		FilterChainProxy proxy = context.getBean(FilterChainProxy.class);
-
-		proxy.doFilter(request, new EncodeUrlDenyingHttpServletResponseWrapper(response), (req, resp) -> {
-		});
-
-		return response;
-	}
-
 	private static class EncodeUrlDenyingHttpServletResponseWrapper extends HttpServletResponseWrapper {
 
 		EncodeUrlDenyingHttpServletResponseWrapper(HttpServletResponse response) {
@@ -593,31 +620,4 @@ public class SessionManagementConfigTests {
 
 	}
 
-	private MockHttpSession expiredSession() {
-		MockHttpSession session = new MockHttpSession();
-		SessionRegistry sessionRegistry = this.spring.getContext().getBean(SessionRegistry.class);
-		sessionRegistry.registerNewSession(session.getId(), "user");
-		sessionRegistry.getSessionInformation(session.getId()).expireNow();
-		return session;
-	}
-
-	private <T extends Filter> T getFilter(Class<T> filterClass) {
-		return (T) getFilters().stream().filter(filterClass::isInstance).findFirst().orElse(null);
-	}
-
-	private List<Filter> getFilters() {
-		FilterChainProxy proxy = this.spring.getContext().getBean(FilterChainProxy.class);
-
-		return proxy.getFilters("/");
-	}
-
-	private ServletContext servletContext() {
-		WebApplicationContext context = this.spring.getContext();
-		return context.getServletContext();
-	}
-
-	private String xml(String configName) {
-		return CONFIG_LOCATION_PREFIX + "-" + configName + ".xml";
-	}
-
 }
diff --git a/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigTransientAuthenticationTests.java b/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigTransientAuthenticationTests.java
index fe909288bc..8c1c2af17a 100644
--- a/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigTransientAuthenticationTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigTransientAuthenticationTests.java
@@ -60,6 +60,10 @@ public class SessionManagementConfigTransientAuthenticationTests {
 		assertThat(result.getRequest().getSession(false)).isNotNull();
 	}
 
+	private String xml(String configName) {
+		return CONFIG_LOCATION_PREFIX + "-" + configName + ".xml";
+	}
+
 	static class TransientAuthenticationProvider implements AuthenticationProvider {
 
 		@Override
@@ -93,8 +97,4 @@ public class SessionManagementConfigTransientAuthenticationTests {
 
 	}
 
-	private String xml(String configName) {
-		return CONFIG_LOCATION_PREFIX + "-" + configName + ".xml";
-	}
-
 }
diff --git a/config/src/test/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParserTests.java
index 25ba7efe8d..81a8a3838d 100644
--- a/config/src/test/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParserTests.java
@@ -391,6 +391,14 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
 		foo.foo(new SecurityConfig("A"));
 	}
 
+	private void setContext(String context) {
+		this.appContext = new InMemoryXmlApplicationContext(context);
+	}
+
+	private void setContext(String context, ApplicationContext parent) {
+		this.appContext = new InMemoryXmlApplicationContext(context, parent);
+	}
+
 	static class CustomAuthManager implements AuthenticationManager, ApplicationContextAware {
 
 		private String beanName;
@@ -420,14 +428,6 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
 
 	}
 
-	private void setContext(String context) {
-		this.appContext = new InMemoryXmlApplicationContext(context);
-	}
-
-	private void setContext(String context, ApplicationContext parent) {
-		this.appContext = new InMemoryXmlApplicationContext(context, parent);
-	}
-
 	interface Foo<T extends ConfigAttribute> {
 
 		void foo(T action);
diff --git a/config/src/test/java/org/springframework/security/config/web/server/FormLoginTests.java b/config/src/test/java/org/springframework/security/config/web/server/FormLoginTests.java
index df1e409ac7..cdda790028 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/FormLoginTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/FormLoginTests.java
@@ -256,6 +256,12 @@ public class FormLoginTests {
 		verify(formLoginSecContextRepository).save(any(), any());
 	}
 
+	Mono<SecurityContext> authentication(Authentication authentication) {
+		SecurityContext context = new SecurityContextImpl();
+		context.setAuthentication(authentication);
+		return Mono.just(context);
+	}
+
 	public static class CustomLoginPage {
 
 		private WebDriver driver;
@@ -491,10 +497,4 @@ public class FormLoginTests {
 
 	}
 
-	Mono<SecurityContext> authentication(Authentication authentication) {
-		SecurityContext context = new SecurityContextImpl();
-		context.setAuthentication(authentication);
-		return Mono.just(context);
-	}
-
 }
diff --git a/config/src/test/java/org/springframework/security/config/web/server/OAuth2ClientSpecTests.java b/config/src/test/java/org/springframework/security/config/web/server/OAuth2ClientSpecTests.java
index 8942fc5b21..ea814e54fc 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/OAuth2ClientSpecTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/OAuth2ClientSpecTests.java
@@ -114,41 +114,6 @@ public class OAuth2ClientSpecTests {
 		this.client.get().uri("/").exchange().expectStatus().is3xxRedirection();
 	}
 
-	@EnableWebFlux
-	@EnableWebFluxSecurity
-	static class Config {
-
-		@Bean
-		SecurityWebFilterChain springSecurity(ServerHttpSecurity http) {
-			// @formatter:off
-			http
-				.oauth2Client();
-			// @formatter:on
-			return http.build();
-		}
-
-		@Bean
-		ReactiveClientRegistrationRepository clientRegistrationRepository() {
-			return mock(ReactiveClientRegistrationRepository.class);
-		}
-
-		@Bean
-		ServerOAuth2AuthorizedClientRepository authorizedClientRepository() {
-			return mock(ServerOAuth2AuthorizedClientRepository.class);
-		}
-
-	}
-
-	@RestController
-	static class AuthorizedClientController {
-
-		@GetMapping("/")
-		String home(@RegisteredOAuth2AuthorizedClient("github") OAuth2AuthorizedClient authorizedClient) {
-			return "home";
-		}
-
-	}
-
 	@Test
 	public void oauth2ClientWhenCustomObjectsThenUsed() {
 		this.spring.register(ClientRegistrationConfig.class, OAuth2ClientCustomConfig.class,
@@ -189,47 +154,6 @@ public class OAuth2ClientSpecTests {
 		verify(requestCache).getRedirectUri(any());
 	}
 
-	@EnableWebFlux
-	@EnableWebFluxSecurity
-	static class ClientRegistrationConfig {
-
-		private ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build();
-
-		@Bean
-		InMemoryReactiveClientRegistrationRepository clientRegistrationRepository() {
-			return new InMemoryReactiveClientRegistrationRepository(this.clientRegistration);
-		}
-
-	}
-
-	@Configuration
-	static class OAuth2ClientCustomConfig {
-
-		ReactiveAuthenticationManager manager = mock(ReactiveAuthenticationManager.class);
-
-		ServerAuthenticationConverter authenticationConverter = mock(ServerAuthenticationConverter.class);
-
-		ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository = mock(
-				ServerAuthorizationRequestRepository.class);
-
-		ServerRequestCache requestCache = mock(ServerRequestCache.class);
-
-		@Bean
-		public SecurityWebFilterChain springSecurityFilter(ServerHttpSecurity http) {
-			// @formatter:off
-			http
-				.oauth2Client()
-					.authenticationConverter(this.authenticationConverter)
-					.authenticationManager(this.manager)
-					.authorizationRequestRepository(this.authorizationRequestRepository)
-					.and()
-				.requestCache(c -> c.requestCache(this.requestCache));
-			// @formatter:on
-			return http.build();
-		}
-
-	}
-
 	@Test
 	public void oauth2ClientWhenCustomObjectsInLambdaThenUsed() {
 		this.spring.register(ClientRegistrationConfig.class, OAuth2ClientInLambdaCustomConfig.class,
@@ -271,6 +195,82 @@ public class OAuth2ClientSpecTests {
 		verify(requestCache).getRedirectUri(any());
 	}
 
+	@EnableWebFlux
+	@EnableWebFluxSecurity
+	static class Config {
+
+		@Bean
+		SecurityWebFilterChain springSecurity(ServerHttpSecurity http) {
+			// @formatter:off
+			http
+				.oauth2Client();
+			// @formatter:on
+			return http.build();
+		}
+
+		@Bean
+		ReactiveClientRegistrationRepository clientRegistrationRepository() {
+			return mock(ReactiveClientRegistrationRepository.class);
+		}
+
+		@Bean
+		ServerOAuth2AuthorizedClientRepository authorizedClientRepository() {
+			return mock(ServerOAuth2AuthorizedClientRepository.class);
+		}
+
+	}
+
+	@RestController
+	static class AuthorizedClientController {
+
+		@GetMapping("/")
+		String home(@RegisteredOAuth2AuthorizedClient("github") OAuth2AuthorizedClient authorizedClient) {
+			return "home";
+		}
+
+	}
+
+	@EnableWebFlux
+	@EnableWebFluxSecurity
+	static class ClientRegistrationConfig {
+
+		private ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build();
+
+		@Bean
+		InMemoryReactiveClientRegistrationRepository clientRegistrationRepository() {
+			return new InMemoryReactiveClientRegistrationRepository(this.clientRegistration);
+		}
+
+	}
+
+	@Configuration
+	static class OAuth2ClientCustomConfig {
+
+		ReactiveAuthenticationManager manager = mock(ReactiveAuthenticationManager.class);
+
+		ServerAuthenticationConverter authenticationConverter = mock(ServerAuthenticationConverter.class);
+
+		ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository = mock(
+				ServerAuthorizationRequestRepository.class);
+
+		ServerRequestCache requestCache = mock(ServerRequestCache.class);
+
+		@Bean
+		public SecurityWebFilterChain springSecurityFilter(ServerHttpSecurity http) {
+			// @formatter:off
+			http
+				.oauth2Client()
+					.authenticationConverter(this.authenticationConverter)
+					.authenticationManager(this.manager)
+					.authorizationRequestRepository(this.authorizationRequestRepository)
+					.and()
+				.requestCache(c -> c.requestCache(this.requestCache));
+			// @formatter:on
+			return http.build();
+		}
+
+	}
+
 	@Configuration
 	static class OAuth2ClientInLambdaCustomConfig {
 
diff --git a/config/src/test/java/org/springframework/security/config/web/server/OAuth2LoginTests.java b/config/src/test/java/org/springframework/security/config/web/server/OAuth2LoginTests.java
index 50bda99f27..2bb5aaee8c 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/OAuth2LoginTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/OAuth2LoginTests.java
@@ -151,16 +151,6 @@ public class OAuth2LoginTests {
 				.assertClientRegistrationByName(OAuth2LoginTests.github.getClientName()).and();
 	}
 
-	@EnableWebFluxSecurity
-	static class OAuth2LoginWithMultipleClientRegistrations {
-
-		@Bean
-		InMemoryReactiveClientRegistrationRepository clientRegistrationRepository() {
-			return new InMemoryReactiveClientRegistrationRepository(github, google);
-		}
-
-	}
-
 	@Test
 	public void defaultLoginPageWithSingleClientRegistrationThenRedirect() {
 		this.spring.register(OAuth2LoginWithSingleClientRegistrations.class).autowire();
@@ -184,21 +174,6 @@ public class OAuth2LoginTests {
 				.is3xxRedirection().expectHeader().valueEquals(HttpHeaders.LOCATION, "/login");
 	}
 
-	@EnableWebFlux
-	static class WebFluxConfig {
-
-	}
-
-	@EnableWebFluxSecurity
-	static class OAuth2LoginWithSingleClientRegistrations {
-
-		@Bean
-		InMemoryReactiveClientRegistrationRepository clientRegistrationRepository() {
-			return new InMemoryReactiveClientRegistrationRepository(github);
-		}
-
-	}
-
 	@Test
 	public void oauth2AuthorizeWhenCustomObjectsThenUsed() {
 		this.spring.register(OAuth2LoginWithSingleClientRegistrations.class, OAuth2AuthorizeWithMockObjectsConfig.class,
@@ -223,47 +198,6 @@ public class OAuth2LoginTests {
 		verify(requestCache).saveRequest(any());
 	}
 
-	@EnableWebFlux
-	static class OAuth2AuthorizeWithMockObjectsConfig {
-
-		ServerOAuth2AuthorizedClientRepository authorizedClientRepository = mock(
-				ServerOAuth2AuthorizedClientRepository.class);
-
-		ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository = mock(
-				ServerAuthorizationRequestRepository.class);
-
-		ServerRequestCache requestCache = mock(ServerRequestCache.class);
-
-		@Bean
-		SecurityWebFilterChain springSecurity(ServerHttpSecurity http) {
-			// @formatter:off
-			http
-				.requestCache()
-					.requestCache(this.requestCache)
-					.and()
-				.oauth2Login()
-					.authorizationRequestRepository(this.authorizationRequestRepository);
-			// @formatter:on
-			return http.build();
-		}
-
-		@Bean
-		ServerOAuth2AuthorizedClientRepository authorizedClientRepository() {
-			return this.authorizedClientRepository;
-		}
-
-	}
-
-	@RestController
-	static class AuthorizedClientController {
-
-		@GetMapping("/")
-		String home(@RegisteredOAuth2AuthorizedClient("github") OAuth2AuthorizedClient authorizedClient) {
-			return "home";
-		}
-
-	}
-
 	@Test
 	public void oauth2LoginWhenCustomObjectsThenUsed() {
 		this.spring.register(OAuth2LoginWithSingleClientRegistrations.class,
@@ -359,41 +293,6 @@ public class OAuth2LoginTests {
 		verify(failureHandler).onAuthenticationFailure(any(), any());
 	}
 
-	@Configuration
-	static class OAuth2LoginMockAuthenticationManagerConfig {
-
-		ReactiveAuthenticationManager manager = mock(ReactiveAuthenticationManager.class);
-
-		ServerAuthenticationConverter authenticationConverter = mock(ServerAuthenticationConverter.class);
-
-		ServerWebExchangeMatcher matcher = mock(ServerWebExchangeMatcher.class);
-
-		ServerOAuth2AuthorizationRequestResolver resolver = mock(ServerOAuth2AuthorizationRequestResolver.class);
-
-		ServerAuthenticationSuccessHandler successHandler = mock(ServerAuthenticationSuccessHandler.class);
-
-		ServerAuthenticationFailureHandler failureHandler = mock(ServerAuthenticationFailureHandler.class);
-
-		@Bean
-		public SecurityWebFilterChain springSecurityFilter(ServerHttpSecurity http) {
-			// @formatter:off
-			http
-				.authorizeExchange()
-					.anyExchange().authenticated()
-					.and()
-				.oauth2Login()
-					.authenticationConverter(this.authenticationConverter)
-					.authenticationManager(this.manager)
-					.authenticationMatcher(this.matcher)
-					.authorizationRequestResolver(this.resolver)
-					.authenticationSuccessHandler(this.successHandler)
-					.authenticationFailureHandler(this.failureHandler);
-			// @formatter:on
-			return http.build();
-		}
-
-	}
-
 	@Test
 	public void oauth2LoginWhenCustomObjectsInLambdaThenUsed() {
 		this.spring.register(OAuth2LoginWithSingleClientRegistrations.class,
@@ -440,41 +339,6 @@ public class OAuth2LoginTests {
 		verify(successHandler).onAuthenticationSuccess(any(), any());
 	}
 
-	@Configuration
-	static class OAuth2LoginMockAuthenticationManagerInLambdaConfig {
-
-		ReactiveAuthenticationManager manager = mock(ReactiveAuthenticationManager.class);
-
-		ServerAuthenticationConverter authenticationConverter = mock(ServerAuthenticationConverter.class);
-
-		ServerWebExchangeMatcher matcher = mock(ServerWebExchangeMatcher.class);
-
-		ServerOAuth2AuthorizationRequestResolver resolver = mock(ServerOAuth2AuthorizationRequestResolver.class);
-
-		ServerAuthenticationSuccessHandler successHandler = mock(ServerAuthenticationSuccessHandler.class);
-
-		@Bean
-		public SecurityWebFilterChain springSecurityFilter(ServerHttpSecurity http) {
-			// @formatter:off
-			http
-				.authorizeExchange(exchanges ->
-					exchanges
-						.anyExchange().authenticated()
-				)
-				.oauth2Login(oauth2Login ->
-					oauth2Login
-						.authenticationConverter(this.authenticationConverter)
-						.authenticationManager(this.manager)
-						.authenticationMatcher(this.matcher)
-						.authorizationRequestResolver(this.resolver)
-						.authenticationSuccessHandler(this.successHandler)
-				);
-			// @formatter:on
-			return http.build();
-		}
-
-	}
-
 	@Test
 	public void oauth2LoginWhenCustomBeansThenUsed() {
 		this.spring.register(OAuth2LoginWithMultipleClientRegistrations.class, OAuth2LoginWithCustomBeansConfig.class)
@@ -585,6 +449,177 @@ public class OAuth2LoginTests {
 				.valueEquals("Location", "/login?error");
 	}
 
+	@Test
+	public void logoutWhenUsingOidcLogoutHandlerThenRedirects() {
+		this.spring.register(OAuth2LoginConfigWithOidcLogoutSuccessHandler.class).autowire();
+
+		OAuth2AuthenticationToken token = new OAuth2AuthenticationToken(TestOidcUsers.create(),
+				AuthorityUtils.NO_AUTHORITIES, getBean(ClientRegistration.class).getRegistrationId());
+
+		ServerSecurityContextRepository repository = getBean(ServerSecurityContextRepository.class);
+		when(repository.load(any())).thenReturn(authentication(token));
+
+		this.client.post().uri("/logout").exchange().expectHeader().valueEquals("Location",
+				"https://logout?id_token_hint=id-token");
+	}
+
+	// gh-8609
+	@Test
+	public void oauth2LoginWhenAuthenticationConverterFailsThenDefaultRedirectToLogin() {
+		this.spring.register(OAuth2LoginWithMultipleClientRegistrations.class).autowire();
+
+		WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(this.springSecurity).build();
+
+		webTestClient.get().uri("/login/oauth2/code/google").exchange().expectStatus().is3xxRedirection().expectHeader()
+				.valueEquals("Location", "/login?error");
+	}
+
+	Mono<SecurityContext> authentication(Authentication authentication) {
+		SecurityContext context = new SecurityContextImpl();
+		context.setAuthentication(authentication);
+		return Mono.just(context);
+	}
+
+	<T> T getBean(Class<T> beanClass) {
+		return this.spring.getContext().getBean(beanClass);
+	}
+
+	@EnableWebFluxSecurity
+	static class OAuth2LoginWithMultipleClientRegistrations {
+
+		@Bean
+		InMemoryReactiveClientRegistrationRepository clientRegistrationRepository() {
+			return new InMemoryReactiveClientRegistrationRepository(github, google);
+		}
+
+	}
+
+	@EnableWebFlux
+	static class WebFluxConfig {
+
+	}
+
+	@EnableWebFluxSecurity
+	static class OAuth2LoginWithSingleClientRegistrations {
+
+		@Bean
+		InMemoryReactiveClientRegistrationRepository clientRegistrationRepository() {
+			return new InMemoryReactiveClientRegistrationRepository(github);
+		}
+
+	}
+
+	@EnableWebFlux
+	static class OAuth2AuthorizeWithMockObjectsConfig {
+
+		ServerOAuth2AuthorizedClientRepository authorizedClientRepository = mock(
+				ServerOAuth2AuthorizedClientRepository.class);
+
+		ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository = mock(
+				ServerAuthorizationRequestRepository.class);
+
+		ServerRequestCache requestCache = mock(ServerRequestCache.class);
+
+		@Bean
+		SecurityWebFilterChain springSecurity(ServerHttpSecurity http) {
+			// @formatter:off
+			http
+				.requestCache()
+					.requestCache(this.requestCache)
+					.and()
+				.oauth2Login()
+					.authorizationRequestRepository(this.authorizationRequestRepository);
+			// @formatter:on
+			return http.build();
+		}
+
+		@Bean
+		ServerOAuth2AuthorizedClientRepository authorizedClientRepository() {
+			return this.authorizedClientRepository;
+		}
+
+	}
+
+	@RestController
+	static class AuthorizedClientController {
+
+		@GetMapping("/")
+		String home(@RegisteredOAuth2AuthorizedClient("github") OAuth2AuthorizedClient authorizedClient) {
+			return "home";
+		}
+
+	}
+
+	@Configuration
+	static class OAuth2LoginMockAuthenticationManagerConfig {
+
+		ReactiveAuthenticationManager manager = mock(ReactiveAuthenticationManager.class);
+
+		ServerAuthenticationConverter authenticationConverter = mock(ServerAuthenticationConverter.class);
+
+		ServerWebExchangeMatcher matcher = mock(ServerWebExchangeMatcher.class);
+
+		ServerOAuth2AuthorizationRequestResolver resolver = mock(ServerOAuth2AuthorizationRequestResolver.class);
+
+		ServerAuthenticationSuccessHandler successHandler = mock(ServerAuthenticationSuccessHandler.class);
+
+		ServerAuthenticationFailureHandler failureHandler = mock(ServerAuthenticationFailureHandler.class);
+
+		@Bean
+		public SecurityWebFilterChain springSecurityFilter(ServerHttpSecurity http) {
+			// @formatter:off
+			http
+				.authorizeExchange()
+					.anyExchange().authenticated()
+					.and()
+				.oauth2Login()
+					.authenticationConverter(this.authenticationConverter)
+					.authenticationManager(this.manager)
+					.authenticationMatcher(this.matcher)
+					.authorizationRequestResolver(this.resolver)
+					.authenticationSuccessHandler(this.successHandler)
+					.authenticationFailureHandler(this.failureHandler);
+			// @formatter:on
+			return http.build();
+		}
+
+	}
+
+	@Configuration
+	static class OAuth2LoginMockAuthenticationManagerInLambdaConfig {
+
+		ReactiveAuthenticationManager manager = mock(ReactiveAuthenticationManager.class);
+
+		ServerAuthenticationConverter authenticationConverter = mock(ServerAuthenticationConverter.class);
+
+		ServerWebExchangeMatcher matcher = mock(ServerWebExchangeMatcher.class);
+
+		ServerOAuth2AuthorizationRequestResolver resolver = mock(ServerOAuth2AuthorizationRequestResolver.class);
+
+		ServerAuthenticationSuccessHandler successHandler = mock(ServerAuthenticationSuccessHandler.class);
+
+		@Bean
+		public SecurityWebFilterChain springSecurityFilter(ServerHttpSecurity http) {
+			// @formatter:off
+			http
+				.authorizeExchange(exchanges ->
+					exchanges
+						.anyExchange().authenticated()
+				)
+				.oauth2Login(oauth2Login ->
+					oauth2Login
+						.authenticationConverter(this.authenticationConverter)
+						.authenticationManager(this.manager)
+						.authenticationMatcher(this.matcher)
+						.authorizationRequestResolver(this.resolver)
+						.authenticationSuccessHandler(this.successHandler)
+				);
+			// @formatter:on
+			return http.build();
+		}
+
+	}
+
 	@Configuration
 	static class OAuth2LoginWithCustomBeansConfig {
 
@@ -654,20 +689,6 @@ public class OAuth2LoginTests {
 
 	}
 
-	@Test
-	public void logoutWhenUsingOidcLogoutHandlerThenRedirects() {
-		this.spring.register(OAuth2LoginConfigWithOidcLogoutSuccessHandler.class).autowire();
-
-		OAuth2AuthenticationToken token = new OAuth2AuthenticationToken(TestOidcUsers.create(),
-				AuthorityUtils.NO_AUTHORITIES, getBean(ClientRegistration.class).getRegistrationId());
-
-		ServerSecurityContextRepository repository = getBean(ServerSecurityContextRepository.class);
-		when(repository.load(any())).thenReturn(authentication(token));
-
-		this.client.post().uri("/logout").exchange().expectHeader().valueEquals("Location",
-				"https://logout?id_token_hint=id-token");
-	}
-
 	@EnableWebFlux
 	@EnableWebFluxSecurity
 	static class OAuth2LoginConfigWithOidcLogoutSuccessHandler {
@@ -707,17 +728,6 @@ public class OAuth2LoginTests {
 
 	}
 
-	// gh-8609
-	@Test
-	public void oauth2LoginWhenAuthenticationConverterFailsThenDefaultRedirectToLogin() {
-		this.spring.register(OAuth2LoginWithMultipleClientRegistrations.class).autowire();
-
-		WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(this.springSecurity).build();
-
-		webTestClient.get().uri("/login/oauth2/code/google").exchange().expectStatus().is3xxRedirection().expectHeader()
-				.valueEquals("Location", "/login?error");
-	}
-
 	static class GitHubWebFilter implements WebFilter {
 
 		@Override
@@ -730,14 +740,4 @@ public class OAuth2LoginTests {
 
 	}
 
-	Mono<SecurityContext> authentication(Authentication authentication) {
-		SecurityContext context = new SecurityContextImpl();
-		context.setAuthentication(authentication);
-		return Mono.just(context);
-	}
-
-	<T> T getBean(Class<T> beanClass) {
-		return this.spring.getContext().getBean(beanClass);
-	}
-
 }
diff --git a/config/src/test/java/org/springframework/security/config/web/server/OAuth2ResourceServerSpecTests.java b/config/src/test/java/org/springframework/security/config/web/server/OAuth2ResourceServerSpecTests.java
index 8026f28f4d..5d4962a5fa 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/OAuth2ResourceServerSpecTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/OAuth2ResourceServerSpecTests.java
@@ -412,6 +412,54 @@ public class OAuth2ResourceServerSpecTests {
 				.isInstanceOf(BeanCreationException.class).hasMessageContaining("authenticationManagerResolver");
 	}
 
+	private static Dispatcher requiresAuth(String username, String password, String response) {
+		return new Dispatcher() {
+			@Override
+			public MockResponse dispatch(RecordedRequest request) {
+				String authorization = request.getHeader(org.springframework.http.HttpHeaders.AUTHORIZATION);
+				return Optional.ofNullable(authorization).filter(a -> isAuthorized(authorization, username, password))
+						.map(a -> ok(response)).orElse(unauthorized());
+			}
+		};
+	}
+
+	private static boolean isAuthorized(String authorization, String username, String password) {
+		String[] values = new String(Base64.getDecoder().decode(authorization.substring(6))).split(":");
+		return username.equals(values[0]) && password.equals(values[1]);
+	}
+
+	private static MockResponse ok(String response) {
+		return new MockResponse().setBody(response).setHeader(org.springframework.http.HttpHeaders.CONTENT_TYPE,
+				MediaType.APPLICATION_JSON_VALUE);
+	}
+
+	private static MockResponse unauthorized() {
+		return new MockResponse().setResponseCode(401);
+	}
+
+	private static RSAPublicKey publicKey() {
+		String modulus = "26323220897278656456354815752829448539647589990395639665273015355787577386000316054335559633864476469390247312823732994485311378484154955583861993455004584140858982659817218753831620205191028763754231454775026027780771426040997832758235764611119743390612035457533732596799927628476322029280486807310749948064176545712270582940917249337311592011920620009965129181413510845780806191965771671528886508636605814099711121026468495328702234901200169245493126030184941412539949521815665744267183140084667383643755535107759061065656273783542590997725982989978433493861515415520051342321336460543070448417126615154138673620797";
+		String exponent = "65537";
+
+		RSAPublicKeySpec spec = new RSAPublicKeySpec(new BigInteger(modulus), new BigInteger(exponent));
+		RSAPublicKey rsaPublicKey = null;
+		try {
+			KeyFactory factory = KeyFactory.getInstance("RSA");
+			rsaPublicKey = (RSAPublicKey) factory.generatePublic(spec);
+		}
+		catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
+			e.printStackTrace();
+		}
+		return rsaPublicKey;
+	}
+
+	private GenericWebApplicationContext autowireWebServerGenericWebApplicationContext() {
+		GenericWebApplicationContext context = new GenericWebApplicationContext();
+		context.registerBean("webHandler", DispatcherHandler.class);
+		this.spring.context(context).autowire();
+		return (GenericWebApplicationContext) this.spring.getContext();
+	}
+
 	@EnableWebFlux
 	@EnableWebFluxSecurity
 	static class PublicKeyConfig {
@@ -865,52 +913,4 @@ public class OAuth2ResourceServerSpecTests {
 
 	}
 
-	private static Dispatcher requiresAuth(String username, String password, String response) {
-		return new Dispatcher() {
-			@Override
-			public MockResponse dispatch(RecordedRequest request) {
-				String authorization = request.getHeader(org.springframework.http.HttpHeaders.AUTHORIZATION);
-				return Optional.ofNullable(authorization).filter(a -> isAuthorized(authorization, username, password))
-						.map(a -> ok(response)).orElse(unauthorized());
-			}
-		};
-	}
-
-	private static boolean isAuthorized(String authorization, String username, String password) {
-		String[] values = new String(Base64.getDecoder().decode(authorization.substring(6))).split(":");
-		return username.equals(values[0]) && password.equals(values[1]);
-	}
-
-	private static MockResponse ok(String response) {
-		return new MockResponse().setBody(response).setHeader(org.springframework.http.HttpHeaders.CONTENT_TYPE,
-				MediaType.APPLICATION_JSON_VALUE);
-	}
-
-	private static MockResponse unauthorized() {
-		return new MockResponse().setResponseCode(401);
-	}
-
-	private static RSAPublicKey publicKey() {
-		String modulus = "26323220897278656456354815752829448539647589990395639665273015355787577386000316054335559633864476469390247312823732994485311378484154955583861993455004584140858982659817218753831620205191028763754231454775026027780771426040997832758235764611119743390612035457533732596799927628476322029280486807310749948064176545712270582940917249337311592011920620009965129181413510845780806191965771671528886508636605814099711121026468495328702234901200169245493126030184941412539949521815665744267183140084667383643755535107759061065656273783542590997725982989978433493861515415520051342321336460543070448417126615154138673620797";
-		String exponent = "65537";
-
-		RSAPublicKeySpec spec = new RSAPublicKeySpec(new BigInteger(modulus), new BigInteger(exponent));
-		RSAPublicKey rsaPublicKey = null;
-		try {
-			KeyFactory factory = KeyFactory.getInstance("RSA");
-			rsaPublicKey = (RSAPublicKey) factory.generatePublic(spec);
-		}
-		catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
-			e.printStackTrace();
-		}
-		return rsaPublicKey;
-	}
-
-	private GenericWebApplicationContext autowireWebServerGenericWebApplicationContext() {
-		GenericWebApplicationContext context = new GenericWebApplicationContext();
-		context.registerBean("webHandler", DispatcherHandler.class);
-		this.spring.context(context).autowire();
-		return (GenericWebApplicationContext) this.spring.getContext();
-	}
-
 }
diff --git a/config/src/test/java/org/springframework/security/htmlunit/server/WebTestClientHtmlUnitDriverBuilderTests.java b/config/src/test/java/org/springframework/security/htmlunit/server/WebTestClientHtmlUnitDriverBuilderTests.java
index c1e4aa01d9..c1c02565db 100644
--- a/config/src/test/java/org/springframework/security/htmlunit/server/WebTestClientHtmlUnitDriverBuilderTests.java
+++ b/config/src/test/java/org/springframework/security/htmlunit/server/WebTestClientHtmlUnitDriverBuilderTests.java
@@ -52,22 +52,6 @@ public class WebTestClientHtmlUnitDriverBuilderTests {
 		assertThat(driver.getPageSource()).contains("Hello World");
 	}
 
-	/**
-	 * @author Rob Winch
-	 * @since 5.0
-	 */
-	@Controller
-	class HelloWorldController {
-
-		@ResponseBody
-		@GetMapping(produces = MediaType.TEXT_HTML_VALUE)
-		public String index() {
-			return "<html>\n" + "<head>\n" + "<title>Hello World</title>\n" + "</head>\n" + "<body>\n"
-					+ "<h1>Hello World</h1>\n" + "</body>\n" + "</html>";
-		}
-
-	}
-
 	@Test
 	public void cookies() {
 		WebTestClient webTestClient = WebTestClient.bindToController(new CookieController()).build();
@@ -82,6 +66,18 @@ public class WebTestClientHtmlUnitDriverBuilderTests {
 		assertThat(driver.getPageSource()).contains("null");
 	}
 
+	@Controller
+	class HelloWorldController {
+
+		@ResponseBody
+		@GetMapping(produces = MediaType.TEXT_HTML_VALUE)
+		public String index() {
+			return "<html>\n" + "<head>\n" + "<title>Hello World</title>\n" + "</head>\n" + "<body>\n"
+					+ "<h1>Hello World</h1>\n" + "</body>\n" + "</html>";
+		}
+
+	}
+
 	@Controller
 	@ResponseBody
 	class CookieController {
diff --git a/core/src/main/java/org/springframework/security/core/userdetails/User.java b/core/src/main/java/org/springframework/security/core/userdetails/User.java
index 12bf83f72a..e3c8fe469e 100644
--- a/core/src/main/java/org/springframework/security/core/userdetails/User.java
+++ b/core/src/main/java/org/springframework/security/core/userdetails/User.java
@@ -175,29 +175,6 @@ public class User implements UserDetails, CredentialsContainer {
 		return sortedAuthorities;
 	}
 
-	private static class AuthorityComparator implements Comparator<GrantedAuthority>, Serializable {
-
-		private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
-
-		@Override
-		public int compare(GrantedAuthority g1, GrantedAuthority g2) {
-			// Neither should ever be null as each entry is checked before adding it to
-			// the set.
-			// If the authority is null, it is a custom authority and should precede
-			// others.
-			if (g2.getAuthority() == null) {
-				return -1;
-			}
-
-			if (g1.getAuthority() == null) {
-				return 1;
-			}
-
-			return g1.getAuthority().compareTo(g2.getAuthority());
-		}
-
-	}
-
 	/**
 	 * Returns {@code true} if the supplied object is a {@code User} instance with the
 	 * same {@code username} value.
@@ -339,6 +316,29 @@ public class User implements UserDetails, CredentialsContainer {
 				.disabled(!userDetails.isEnabled());
 	}
 
+	private static class AuthorityComparator implements Comparator<GrantedAuthority>, Serializable {
+
+		private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
+
+		@Override
+		public int compare(GrantedAuthority g1, GrantedAuthority g2) {
+			// Neither should ever be null as each entry is checked before adding it to
+			// the set.
+			// If the authority is null, it is a custom authority and should precede
+			// others.
+			if (g2.getAuthority() == null) {
+				return -1;
+			}
+
+			if (g1.getAuthority() == null) {
+				return 1;
+			}
+
+			return g1.getAuthority().compareTo(g2.getAuthority());
+		}
+
+	}
+
 	/**
 	 * Builds the user to be added. At minimum the username, password, and authorities
 	 * should provided. The remaining attributes have reasonable defaults.
diff --git a/core/src/test/java/org/springframework/security/authentication/dao/DaoAuthenticationProviderTests.java b/core/src/test/java/org/springframework/security/authentication/dao/DaoAuthenticationProviderTests.java
index 46fe362801..b3993f2f5d 100644
--- a/core/src/test/java/org/springframework/security/authentication/dao/DaoAuthenticationProviderTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/dao/DaoAuthenticationProviderTests.java
@@ -683,6 +683,12 @@ public class DaoAuthenticationProviderTests {
 		verify(encoder, times(0)).matches(anyString(), anyString());
 	}
 
+	private DaoAuthenticationProvider createProvider() {
+		DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
+		provider.setPasswordEncoder(NoOpPasswordEncoder.getInstance());
+		return provider;
+	}
+
 	private class MockUserDetailsServiceReturnsNull implements UserDetailsService {
 
 		@Override
@@ -767,10 +773,4 @@ public class DaoAuthenticationProviderTests {
 
 	}
 
-	private DaoAuthenticationProvider createProvider() {
-		DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
-		provider.setPasswordEncoder(NoOpPasswordEncoder.getInstance());
-		return provider;
-	}
-
 }
diff --git a/etc/checkstyle/checkstyle-suppressions.xml b/etc/checkstyle/checkstyle-suppressions.xml
index 839b07e350..07b0071dd4 100644
--- a/etc/checkstyle/checkstyle-suppressions.xml
+++ b/etc/checkstyle/checkstyle-suppressions.xml
@@ -3,7 +3,6 @@
 		"-//Checkstyle//DTD SuppressionFilter Configuration 1.2//EN"
 		"https://checkstyle.org/dtds/suppressions_1_2.dtd">
 <suppressions>
-	<suppress files=".*" checks="InnerTypeLast" />
 	<suppress files=".*" checks="InterfaceIsType" />
 	<suppress files=".*" checks="JavadocMethod" />
 	<suppress files=".*" checks="JavadocStyle" />
diff --git a/ldap/src/integration-test/java/org/springframework/security/ldap/server/UnboundIdContainerLdifTests.java b/ldap/src/integration-test/java/org/springframework/security/ldap/server/UnboundIdContainerLdifTests.java
index a5fb47cd56..ef8c2b440f 100644
--- a/ldap/src/integration-test/java/org/springframework/security/ldap/server/UnboundIdContainerLdifTests.java
+++ b/ldap/src/integration-test/java/org/springframework/security/ldap/server/UnboundIdContainerLdifTests.java
@@ -58,6 +58,46 @@ public class UnboundIdContainerLdifTests {
 		assertThat(template.compare("uid=bob,ou=people", "uid", "bob")).isTrue();
 	}
 
+	@Test
+	public void unboundIdContainerWhenWildcardLdifNameThenLdifLoaded() {
+		this.appCtx = new AnnotationConfigApplicationContext(WildcardLdifConfig.class);
+
+		DefaultSpringSecurityContextSource contextSource = (DefaultSpringSecurityContextSource) this.appCtx
+				.getBean(ContextSource.class);
+
+		SpringSecurityLdapTemplate template = new SpringSecurityLdapTemplate(contextSource);
+		assertThat(template.compare("uid=bob,ou=people", "uid", "bob")).isTrue();
+	}
+
+	@Test
+	public void unboundIdContainerWhenMalformedLdifThenException() {
+		try {
+			this.appCtx = new AnnotationConfigApplicationContext(MalformedLdifConfig.class);
+			failBecauseExceptionWasNotThrown(IllegalStateException.class);
+		}
+		catch (Exception e) {
+			assertThat(e.getCause()).isInstanceOf(IllegalStateException.class);
+			assertThat(e.getMessage()).contains("Unable to load LDIF classpath:test-server-malformed.txt");
+		}
+	}
+
+	@Test
+	public void unboundIdContainerWhenMissingLdifThenException() {
+		try {
+			this.appCtx = new AnnotationConfigApplicationContext(MissingLdifConfig.class);
+			failBecauseExceptionWasNotThrown(IllegalStateException.class);
+		}
+		catch (Exception e) {
+			assertThat(e.getCause()).isInstanceOf(IllegalStateException.class);
+			assertThat(e.getMessage()).contains("Unable to load LDIF classpath:does-not-exist.ldif");
+		}
+	}
+
+	@Test
+	public void unboundIdContainerWhenWildcardLdifNotFoundThenProceeds() {
+		new AnnotationConfigApplicationContext(WildcardNoLdifConfig.class);
+	}
+
 	@Configuration
 	static class CustomLdifConfig {
 
@@ -83,17 +123,6 @@ public class UnboundIdContainerLdifTests {
 
 	}
 
-	@Test
-	public void unboundIdContainerWhenWildcardLdifNameThenLdifLoaded() {
-		this.appCtx = new AnnotationConfigApplicationContext(WildcardLdifConfig.class);
-
-		DefaultSpringSecurityContextSource contextSource = (DefaultSpringSecurityContextSource) this.appCtx
-				.getBean(ContextSource.class);
-
-		SpringSecurityLdapTemplate template = new SpringSecurityLdapTemplate(contextSource);
-		assertThat(template.compare("uid=bob,ou=people", "uid", "bob")).isTrue();
-	}
-
 	@Configuration
 	static class WildcardLdifConfig {
 
@@ -119,18 +148,6 @@ public class UnboundIdContainerLdifTests {
 
 	}
 
-	@Test
-	public void unboundIdContainerWhenMalformedLdifThenException() {
-		try {
-			this.appCtx = new AnnotationConfigApplicationContext(MalformedLdifConfig.class);
-			failBecauseExceptionWasNotThrown(IllegalStateException.class);
-		}
-		catch (Exception e) {
-			assertThat(e.getCause()).isInstanceOf(IllegalStateException.class);
-			assertThat(e.getMessage()).contains("Unable to load LDIF classpath:test-server-malformed.txt");
-		}
-	}
-
 	@Configuration
 	static class MalformedLdifConfig {
 
@@ -150,18 +167,6 @@ public class UnboundIdContainerLdifTests {
 
 	}
 
-	@Test
-	public void unboundIdContainerWhenMissingLdifThenException() {
-		try {
-			this.appCtx = new AnnotationConfigApplicationContext(MissingLdifConfig.class);
-			failBecauseExceptionWasNotThrown(IllegalStateException.class);
-		}
-		catch (Exception e) {
-			assertThat(e.getCause()).isInstanceOf(IllegalStateException.class);
-			assertThat(e.getMessage()).contains("Unable to load LDIF classpath:does-not-exist.ldif");
-		}
-	}
-
 	@Configuration
 	static class MissingLdifConfig {
 
@@ -181,11 +186,6 @@ public class UnboundIdContainerLdifTests {
 
 	}
 
-	@Test
-	public void unboundIdContainerWhenWildcardLdifNotFoundThenProceeds() {
-		new AnnotationConfigApplicationContext(WildcardNoLdifConfig.class);
-	}
-
 	@Configuration
 	static class WildcardNoLdifConfig {
 
diff --git a/messaging/src/test/java/org/springframework/security/messaging/context/AuthenticationPrincipalArgumentResolverTests.java b/messaging/src/test/java/org/springframework/security/messaging/context/AuthenticationPrincipalArgumentResolverTests.java
index a483b5a870..4bcd5168ec 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/context/AuthenticationPrincipalArgumentResolverTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/context/AuthenticationPrincipalArgumentResolverTests.java
@@ -200,6 +200,12 @@ public class AuthenticationPrincipalArgumentResolverTests {
 		return new MethodParameter(method, 0);
 	}
 
+	private void setAuthenticationPrincipal(Object principal) {
+		this.expectedPrincipal = principal;
+		SecurityContextHolder.getContext()
+				.setAuthentication(new TestingAuthenticationToken(this.expectedPrincipal, "password", "ROLE_USER"));
+	}
+
 	@Target({ ElementType.PARAMETER })
 	@Retention(RetentionPolicy.RUNTIME)
 	@AuthenticationPrincipal
@@ -301,10 +307,4 @@ public class AuthenticationPrincipalArgumentResolverTests {
 
 	}
 
-	private void setAuthenticationPrincipal(Object principal) {
-		this.expectedPrincipal = principal;
-		SecurityContextHolder.getContext()
-				.setAuthentication(new TestingAuthenticationToken(this.expectedPrincipal, "password", "ROLE_USER"));
-	}
-
 }
diff --git a/messaging/src/test/java/org/springframework/security/messaging/handler/invocation/ResolvableMethod.java b/messaging/src/test/java/org/springframework/security/messaging/handler/invocation/ResolvableMethod.java
index 78e0e1fcbd..25e1e6af82 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/handler/invocation/ResolvableMethod.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/handler/invocation/ResolvableMethod.java
@@ -255,6 +255,52 @@ public final class ResolvableMethod {
 		return new Builder<>(objectClass);
 	}
 
+	@SuppressWarnings("unchecked")
+	private static <T> T initProxy(Class<?> type, MethodInvocationInterceptor interceptor) {
+		Assert.notNull(type, "'type' must not be null");
+		if (type.isInterface()) {
+			ProxyFactory factory = new ProxyFactory(EmptyTargetSource.INSTANCE);
+			factory.addInterface(type);
+			factory.addInterface(Supplier.class);
+			factory.addAdvice(interceptor);
+			return (T) factory.getProxy();
+		}
+
+		else {
+			Enhancer enhancer = new Enhancer();
+			enhancer.setSuperclass(type);
+			enhancer.setInterfaces(new Class<?>[] { Supplier.class });
+			enhancer.setNamingPolicy(SpringNamingPolicy.INSTANCE);
+			enhancer.setCallbackType(org.springframework.cglib.proxy.MethodInterceptor.class);
+
+			Class<?> proxyClass = enhancer.createClass();
+			Object proxy = null;
+
+			if (objenesis.isWorthTrying()) {
+				try {
+					proxy = objenesis.newInstance(proxyClass, enhancer.getUseCache());
+				}
+				catch (ObjenesisException ex) {
+					logger.debug("Objenesis failed, falling back to default constructor", ex);
+				}
+			}
+
+			if (proxy == null) {
+				try {
+					proxy = ReflectionUtils.accessibleConstructor(proxyClass).newInstance();
+				}
+				catch (Throwable ex) {
+					throw new IllegalStateException(
+							"Unable to instantiate proxy " + "via both Objenesis and default constructor fails as well",
+							ex);
+				}
+			}
+
+			((Factory) proxy).setCallbacks(new Callback[] { interceptor });
+			return (T) proxy;
+		}
+	}
+
 	/**
 	 * Builder for {@code ResolvableMethod}.
 	 */
@@ -629,50 +675,4 @@ public final class ResolvableMethod {
 
 	}
 
-	@SuppressWarnings("unchecked")
-	private static <T> T initProxy(Class<?> type, MethodInvocationInterceptor interceptor) {
-		Assert.notNull(type, "'type' must not be null");
-		if (type.isInterface()) {
-			ProxyFactory factory = new ProxyFactory(EmptyTargetSource.INSTANCE);
-			factory.addInterface(type);
-			factory.addInterface(Supplier.class);
-			factory.addAdvice(interceptor);
-			return (T) factory.getProxy();
-		}
-
-		else {
-			Enhancer enhancer = new Enhancer();
-			enhancer.setSuperclass(type);
-			enhancer.setInterfaces(new Class<?>[] { Supplier.class });
-			enhancer.setNamingPolicy(SpringNamingPolicy.INSTANCE);
-			enhancer.setCallbackType(org.springframework.cglib.proxy.MethodInterceptor.class);
-
-			Class<?> proxyClass = enhancer.createClass();
-			Object proxy = null;
-
-			if (objenesis.isWorthTrying()) {
-				try {
-					proxy = objenesis.newInstance(proxyClass, enhancer.getUseCache());
-				}
-				catch (ObjenesisException ex) {
-					logger.debug("Objenesis failed, falling back to default constructor", ex);
-				}
-			}
-
-			if (proxy == null) {
-				try {
-					proxy = ReflectionUtils.accessibleConstructor(proxyClass).newInstance();
-				}
-				catch (Throwable ex) {
-					throw new IllegalStateException(
-							"Unable to instantiate proxy " + "via both Objenesis and default constructor fails as well",
-							ex);
-				}
-			}
-
-			((Factory) proxy).setCallbacks(new Callback[] { interceptor });
-			return (T) proxy;
-		}
-	}
-
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientProviderBuilder.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientProviderBuilder.java
index 4a510258e8..a0541d8eb7 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientProviderBuilder.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientProviderBuilder.java
@@ -86,25 +86,6 @@ public final class OAuth2AuthorizedClientProviderBuilder {
 		return OAuth2AuthorizedClientProviderBuilder.this;
 	}
 
-	/**
-	 * A builder for the {@code authorization_code} grant.
-	 */
-	public final class AuthorizationCodeGrantBuilder implements Builder {
-
-		private AuthorizationCodeGrantBuilder() {
-		}
-
-		/**
-		 * Builds an instance of {@link AuthorizationCodeOAuth2AuthorizedClientProvider}.
-		 * @return the {@link AuthorizationCodeOAuth2AuthorizedClientProvider}
-		 */
-		@Override
-		public OAuth2AuthorizedClientProvider build() {
-			return new AuthorizationCodeOAuth2AuthorizedClientProvider();
-		}
-
-	}
-
 	/**
 	 * Configures support for the {@code refresh_token} grant.
 	 * @return the {@link OAuth2AuthorizedClientProviderBuilder}
@@ -128,77 +109,6 @@ public final class OAuth2AuthorizedClientProviderBuilder {
 		return OAuth2AuthorizedClientProviderBuilder.this;
 	}
 
-	/**
-	 * A builder for the {@code refresh_token} grant.
-	 */
-	public final class RefreshTokenGrantBuilder implements Builder {
-
-		private OAuth2AccessTokenResponseClient<OAuth2RefreshTokenGrantRequest> accessTokenResponseClient;
-
-		private Duration clockSkew;
-
-		private Clock clock;
-
-		private RefreshTokenGrantBuilder() {
-		}
-
-		/**
-		 * Sets the client used when requesting an access token credential at the Token
-		 * Endpoint.
-		 * @param accessTokenResponseClient the client used when requesting an access
-		 * token credential at the Token Endpoint
-		 * @return the {@link RefreshTokenGrantBuilder}
-		 */
-		public RefreshTokenGrantBuilder accessTokenResponseClient(
-				OAuth2AccessTokenResponseClient<OAuth2RefreshTokenGrantRequest> accessTokenResponseClient) {
-			this.accessTokenResponseClient = accessTokenResponseClient;
-			return this;
-		}
-
-		/**
-		 * Sets the maximum acceptable clock skew, which is used when checking the access
-		 * token expiry. An access token is considered expired if it's before
-		 * {@code Instant.now(this.clock) - clockSkew}.
-		 * @param clockSkew the maximum acceptable clock skew
-		 * @return the {@link RefreshTokenGrantBuilder}
-		 */
-		public RefreshTokenGrantBuilder clockSkew(Duration clockSkew) {
-			this.clockSkew = clockSkew;
-			return this;
-		}
-
-		/**
-		 * Sets the {@link Clock} used in {@link Instant#now(Clock)} when checking the
-		 * access token expiry.
-		 * @param clock the clock
-		 * @return the {@link RefreshTokenGrantBuilder}
-		 */
-		public RefreshTokenGrantBuilder clock(Clock clock) {
-			this.clock = clock;
-			return this;
-		}
-
-		/**
-		 * Builds an instance of {@link RefreshTokenOAuth2AuthorizedClientProvider}.
-		 * @return the {@link RefreshTokenOAuth2AuthorizedClientProvider}
-		 */
-		@Override
-		public OAuth2AuthorizedClientProvider build() {
-			RefreshTokenOAuth2AuthorizedClientProvider authorizedClientProvider = new RefreshTokenOAuth2AuthorizedClientProvider();
-			if (this.accessTokenResponseClient != null) {
-				authorizedClientProvider.setAccessTokenResponseClient(this.accessTokenResponseClient);
-			}
-			if (this.clockSkew != null) {
-				authorizedClientProvider.setClockSkew(this.clockSkew);
-			}
-			if (this.clock != null) {
-				authorizedClientProvider.setClock(this.clock);
-			}
-			return authorizedClientProvider;
-		}
-
-	}
-
 	/**
 	 * Configures support for the {@code client_credentials} grant.
 	 * @return the {@link OAuth2AuthorizedClientProviderBuilder}
@@ -223,77 +133,6 @@ public final class OAuth2AuthorizedClientProviderBuilder {
 		return OAuth2AuthorizedClientProviderBuilder.this;
 	}
 
-	/**
-	 * A builder for the {@code client_credentials} grant.
-	 */
-	public final class ClientCredentialsGrantBuilder implements Builder {
-
-		private OAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest> accessTokenResponseClient;
-
-		private Duration clockSkew;
-
-		private Clock clock;
-
-		private ClientCredentialsGrantBuilder() {
-		}
-
-		/**
-		 * Sets the client used when requesting an access token credential at the Token
-		 * Endpoint.
-		 * @param accessTokenResponseClient the client used when requesting an access
-		 * token credential at the Token Endpoint
-		 * @return the {@link ClientCredentialsGrantBuilder}
-		 */
-		public ClientCredentialsGrantBuilder accessTokenResponseClient(
-				OAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest> accessTokenResponseClient) {
-			this.accessTokenResponseClient = accessTokenResponseClient;
-			return this;
-		}
-
-		/**
-		 * Sets the maximum acceptable clock skew, which is used when checking the access
-		 * token expiry. An access token is considered expired if it's before
-		 * {@code Instant.now(this.clock) - clockSkew}.
-		 * @param clockSkew the maximum acceptable clock skew
-		 * @return the {@link ClientCredentialsGrantBuilder}
-		 */
-		public ClientCredentialsGrantBuilder clockSkew(Duration clockSkew) {
-			this.clockSkew = clockSkew;
-			return this;
-		}
-
-		/**
-		 * Sets the {@link Clock} used in {@link Instant#now(Clock)} when checking the
-		 * access token expiry.
-		 * @param clock the clock
-		 * @return the {@link ClientCredentialsGrantBuilder}
-		 */
-		public ClientCredentialsGrantBuilder clock(Clock clock) {
-			this.clock = clock;
-			return this;
-		}
-
-		/**
-		 * Builds an instance of {@link ClientCredentialsOAuth2AuthorizedClientProvider}.
-		 * @return the {@link ClientCredentialsOAuth2AuthorizedClientProvider}
-		 */
-		@Override
-		public OAuth2AuthorizedClientProvider build() {
-			ClientCredentialsOAuth2AuthorizedClientProvider authorizedClientProvider = new ClientCredentialsOAuth2AuthorizedClientProvider();
-			if (this.accessTokenResponseClient != null) {
-				authorizedClientProvider.setAccessTokenResponseClient(this.accessTokenResponseClient);
-			}
-			if (this.clockSkew != null) {
-				authorizedClientProvider.setClockSkew(this.clockSkew);
-			}
-			if (this.clock != null) {
-				authorizedClientProvider.setClock(this.clock);
-			}
-			return authorizedClientProvider;
-		}
-
-	}
-
 	/**
 	 * Configures support for the {@code password} grant.
 	 * @return the {@link OAuth2AuthorizedClientProviderBuilder}
@@ -316,6 +155,25 @@ public final class OAuth2AuthorizedClientProviderBuilder {
 		return OAuth2AuthorizedClientProviderBuilder.this;
 	}
 
+	/**
+	 * Builds an instance of {@link DelegatingOAuth2AuthorizedClientProvider} composed of
+	 * one or more {@link OAuth2AuthorizedClientProvider}(s).
+	 * @return the {@link DelegatingOAuth2AuthorizedClientProvider}
+	 */
+	public OAuth2AuthorizedClientProvider build() {
+		List<OAuth2AuthorizedClientProvider> authorizedClientProviders = new ArrayList<>();
+		for (Builder builder : this.builders.values()) {
+			authorizedClientProviders.add(builder.build());
+		}
+		return new DelegatingOAuth2AuthorizedClientProvider(authorizedClientProviders);
+	}
+
+	interface Builder {
+
+		OAuth2AuthorizedClientProvider build();
+
+	}
+
 	/**
 	 * A builder for the {@code password} grant.
 	 */
@@ -388,21 +246,163 @@ public final class OAuth2AuthorizedClientProviderBuilder {
 	}
 
 	/**
-	 * Builds an instance of {@link DelegatingOAuth2AuthorizedClientProvider} composed of
-	 * one or more {@link OAuth2AuthorizedClientProvider}(s).
-	 * @return the {@link DelegatingOAuth2AuthorizedClientProvider}
+	 * A builder for the {@code client_credentials} grant.
 	 */
-	public OAuth2AuthorizedClientProvider build() {
-		List<OAuth2AuthorizedClientProvider> authorizedClientProviders = new ArrayList<>();
-		for (Builder builder : this.builders.values()) {
-			authorizedClientProviders.add(builder.build());
+	public final class ClientCredentialsGrantBuilder implements Builder {
+
+		private OAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest> accessTokenResponseClient;
+
+		private Duration clockSkew;
+
+		private Clock clock;
+
+		private ClientCredentialsGrantBuilder() {
 		}
-		return new DelegatingOAuth2AuthorizedClientProvider(authorizedClientProviders);
+
+		/**
+		 * Sets the client used when requesting an access token credential at the Token
+		 * Endpoint.
+		 * @param accessTokenResponseClient the client used when requesting an access
+		 * token credential at the Token Endpoint
+		 * @return the {@link ClientCredentialsGrantBuilder}
+		 */
+		public ClientCredentialsGrantBuilder accessTokenResponseClient(
+				OAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest> accessTokenResponseClient) {
+			this.accessTokenResponseClient = accessTokenResponseClient;
+			return this;
+		}
+
+		/**
+		 * Sets the maximum acceptable clock skew, which is used when checking the access
+		 * token expiry. An access token is considered expired if it's before
+		 * {@code Instant.now(this.clock) - clockSkew}.
+		 * @param clockSkew the maximum acceptable clock skew
+		 * @return the {@link ClientCredentialsGrantBuilder}
+		 */
+		public ClientCredentialsGrantBuilder clockSkew(Duration clockSkew) {
+			this.clockSkew = clockSkew;
+			return this;
+		}
+
+		/**
+		 * Sets the {@link Clock} used in {@link Instant#now(Clock)} when checking the
+		 * access token expiry.
+		 * @param clock the clock
+		 * @return the {@link ClientCredentialsGrantBuilder}
+		 */
+		public ClientCredentialsGrantBuilder clock(Clock clock) {
+			this.clock = clock;
+			return this;
+		}
+
+		/**
+		 * Builds an instance of {@link ClientCredentialsOAuth2AuthorizedClientProvider}.
+		 * @return the {@link ClientCredentialsOAuth2AuthorizedClientProvider}
+		 */
+		@Override
+		public OAuth2AuthorizedClientProvider build() {
+			ClientCredentialsOAuth2AuthorizedClientProvider authorizedClientProvider = new ClientCredentialsOAuth2AuthorizedClientProvider();
+			if (this.accessTokenResponseClient != null) {
+				authorizedClientProvider.setAccessTokenResponseClient(this.accessTokenResponseClient);
+			}
+			if (this.clockSkew != null) {
+				authorizedClientProvider.setClockSkew(this.clockSkew);
+			}
+			if (this.clock != null) {
+				authorizedClientProvider.setClock(this.clock);
+			}
+			return authorizedClientProvider;
+		}
+
 	}
 
-	interface Builder {
+	/**
+	 * A builder for the {@code authorization_code} grant.
+	 */
+	public final class AuthorizationCodeGrantBuilder implements Builder {
 
-		OAuth2AuthorizedClientProvider build();
+		private AuthorizationCodeGrantBuilder() {
+		}
+
+		/**
+		 * Builds an instance of {@link AuthorizationCodeOAuth2AuthorizedClientProvider}.
+		 * @return the {@link AuthorizationCodeOAuth2AuthorizedClientProvider}
+		 */
+		@Override
+		public OAuth2AuthorizedClientProvider build() {
+			return new AuthorizationCodeOAuth2AuthorizedClientProvider();
+		}
+
+	}
+
+	/**
+	 * A builder for the {@code refresh_token} grant.
+	 */
+	public final class RefreshTokenGrantBuilder implements Builder {
+
+		private OAuth2AccessTokenResponseClient<OAuth2RefreshTokenGrantRequest> accessTokenResponseClient;
+
+		private Duration clockSkew;
+
+		private Clock clock;
+
+		private RefreshTokenGrantBuilder() {
+		}
+
+		/**
+		 * Sets the client used when requesting an access token credential at the Token
+		 * Endpoint.
+		 * @param accessTokenResponseClient the client used when requesting an access
+		 * token credential at the Token Endpoint
+		 * @return the {@link RefreshTokenGrantBuilder}
+		 */
+		public RefreshTokenGrantBuilder accessTokenResponseClient(
+				OAuth2AccessTokenResponseClient<OAuth2RefreshTokenGrantRequest> accessTokenResponseClient) {
+			this.accessTokenResponseClient = accessTokenResponseClient;
+			return this;
+		}
+
+		/**
+		 * Sets the maximum acceptable clock skew, which is used when checking the access
+		 * token expiry. An access token is considered expired if it's before
+		 * {@code Instant.now(this.clock) - clockSkew}.
+		 * @param clockSkew the maximum acceptable clock skew
+		 * @return the {@link RefreshTokenGrantBuilder}
+		 */
+		public RefreshTokenGrantBuilder clockSkew(Duration clockSkew) {
+			this.clockSkew = clockSkew;
+			return this;
+		}
+
+		/**
+		 * Sets the {@link Clock} used in {@link Instant#now(Clock)} when checking the
+		 * access token expiry.
+		 * @param clock the clock
+		 * @return the {@link RefreshTokenGrantBuilder}
+		 */
+		public RefreshTokenGrantBuilder clock(Clock clock) {
+			this.clock = clock;
+			return this;
+		}
+
+		/**
+		 * Builds an instance of {@link RefreshTokenOAuth2AuthorizedClientProvider}.
+		 * @return the {@link RefreshTokenOAuth2AuthorizedClientProvider}
+		 */
+		@Override
+		public OAuth2AuthorizedClientProvider build() {
+			RefreshTokenOAuth2AuthorizedClientProvider authorizedClientProvider = new RefreshTokenOAuth2AuthorizedClientProvider();
+			if (this.accessTokenResponseClient != null) {
+				authorizedClientProvider.setAccessTokenResponseClient(this.accessTokenResponseClient);
+			}
+			if (this.clockSkew != null) {
+				authorizedClientProvider.setClockSkew(this.clockSkew);
+			}
+			if (this.clock != null) {
+				authorizedClientProvider.setClock(this.clock);
+			}
+			return authorizedClientProvider;
+		}
 
 	}
 
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientProviderBuilder.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientProviderBuilder.java
index 2e6eb85eb4..c817be8527 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientProviderBuilder.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientProviderBuilder.java
@@ -86,26 +86,6 @@ public final class ReactiveOAuth2AuthorizedClientProviderBuilder {
 		return ReactiveOAuth2AuthorizedClientProviderBuilder.this;
 	}
 
-	/**
-	 * A builder for the {@code authorization_code} grant.
-	 */
-	public final class AuthorizationCodeGrantBuilder implements Builder {
-
-		private AuthorizationCodeGrantBuilder() {
-		}
-
-		/**
-		 * Builds an instance of
-		 * {@link AuthorizationCodeReactiveOAuth2AuthorizedClientProvider}.
-		 * @return the {@link AuthorizationCodeReactiveOAuth2AuthorizedClientProvider}
-		 */
-		@Override
-		public ReactiveOAuth2AuthorizedClientProvider build() {
-			return new AuthorizationCodeReactiveOAuth2AuthorizedClientProvider();
-		}
-
-	}
-
 	/**
 	 * Configures support for the {@code refresh_token} grant.
 	 * @return the {@link ReactiveOAuth2AuthorizedClientProviderBuilder}
@@ -130,78 +110,6 @@ public final class ReactiveOAuth2AuthorizedClientProviderBuilder {
 		return ReactiveOAuth2AuthorizedClientProviderBuilder.this;
 	}
 
-	/**
-	 * A builder for the {@code refresh_token} grant.
-	 */
-	public final class RefreshTokenGrantBuilder implements Builder {
-
-		private ReactiveOAuth2AccessTokenResponseClient<OAuth2RefreshTokenGrantRequest> accessTokenResponseClient;
-
-		private Duration clockSkew;
-
-		private Clock clock;
-
-		private RefreshTokenGrantBuilder() {
-		}
-
-		/**
-		 * Sets the client used when requesting an access token credential at the Token
-		 * Endpoint.
-		 * @param accessTokenResponseClient the client used when requesting an access
-		 * token credential at the Token Endpoint
-		 * @return the {@link RefreshTokenGrantBuilder}
-		 */
-		public RefreshTokenGrantBuilder accessTokenResponseClient(
-				ReactiveOAuth2AccessTokenResponseClient<OAuth2RefreshTokenGrantRequest> accessTokenResponseClient) {
-			this.accessTokenResponseClient = accessTokenResponseClient;
-			return this;
-		}
-
-		/**
-		 * Sets the maximum acceptable clock skew, which is used when checking the access
-		 * token expiry. An access token is considered expired if it's before
-		 * {@code Instant.now(this.clock) - clockSkew}.
-		 * @param clockSkew the maximum acceptable clock skew
-		 * @return the {@link RefreshTokenGrantBuilder}
-		 */
-		public RefreshTokenGrantBuilder clockSkew(Duration clockSkew) {
-			this.clockSkew = clockSkew;
-			return this;
-		}
-
-		/**
-		 * Sets the {@link Clock} used in {@link Instant#now(Clock)} when checking the
-		 * access token expiry.
-		 * @param clock the clock
-		 * @return the {@link RefreshTokenGrantBuilder}
-		 */
-		public RefreshTokenGrantBuilder clock(Clock clock) {
-			this.clock = clock;
-			return this;
-		}
-
-		/**
-		 * Builds an instance of
-		 * {@link RefreshTokenReactiveOAuth2AuthorizedClientProvider}.
-		 * @return the {@link RefreshTokenReactiveOAuth2AuthorizedClientProvider}
-		 */
-		@Override
-		public ReactiveOAuth2AuthorizedClientProvider build() {
-			RefreshTokenReactiveOAuth2AuthorizedClientProvider authorizedClientProvider = new RefreshTokenReactiveOAuth2AuthorizedClientProvider();
-			if (this.accessTokenResponseClient != null) {
-				authorizedClientProvider.setAccessTokenResponseClient(this.accessTokenResponseClient);
-			}
-			if (this.clockSkew != null) {
-				authorizedClientProvider.setClockSkew(this.clockSkew);
-			}
-			if (this.clock != null) {
-				authorizedClientProvider.setClock(this.clock);
-			}
-			return authorizedClientProvider;
-		}
-
-	}
-
 	/**
 	 * Configures support for the {@code client_credentials} grant.
 	 * @return the {@link ReactiveOAuth2AuthorizedClientProviderBuilder}
@@ -227,6 +135,66 @@ public final class ReactiveOAuth2AuthorizedClientProviderBuilder {
 		return ReactiveOAuth2AuthorizedClientProviderBuilder.this;
 	}
 
+	/**
+	 * Configures support for the {@code password} grant.
+	 * @return the {@link ReactiveOAuth2AuthorizedClientProviderBuilder}
+	 */
+	public ReactiveOAuth2AuthorizedClientProviderBuilder password() {
+		this.builders.computeIfAbsent(PasswordReactiveOAuth2AuthorizedClientProvider.class,
+				k -> new PasswordGrantBuilder());
+		return ReactiveOAuth2AuthorizedClientProviderBuilder.this;
+	}
+
+	/**
+	 * Configures support for the {@code password} grant.
+	 * @param builderConsumer a {@code Consumer} of {@link PasswordGrantBuilder} used for
+	 * further configuration
+	 * @return the {@link ReactiveOAuth2AuthorizedClientProviderBuilder}
+	 */
+	public ReactiveOAuth2AuthorizedClientProviderBuilder password(Consumer<PasswordGrantBuilder> builderConsumer) {
+		PasswordGrantBuilder builder = (PasswordGrantBuilder) this.builders
+				.computeIfAbsent(PasswordReactiveOAuth2AuthorizedClientProvider.class, k -> new PasswordGrantBuilder());
+		builderConsumer.accept(builder);
+		return ReactiveOAuth2AuthorizedClientProviderBuilder.this;
+	}
+
+	/**
+	 * Builds an instance of {@link DelegatingReactiveOAuth2AuthorizedClientProvider}
+	 * composed of one or more {@link ReactiveOAuth2AuthorizedClientProvider}(s).
+	 * @return the {@link DelegatingReactiveOAuth2AuthorizedClientProvider}
+	 */
+	public ReactiveOAuth2AuthorizedClientProvider build() {
+		List<ReactiveOAuth2AuthorizedClientProvider> authorizedClientProviders = this.builders.values().stream()
+				.map(Builder::build).collect(Collectors.toList());
+		return new DelegatingReactiveOAuth2AuthorizedClientProvider(authorizedClientProviders);
+	}
+
+	interface Builder {
+
+		ReactiveOAuth2AuthorizedClientProvider build();
+
+	}
+
+	/**
+	 * A builder for the {@code authorization_code} grant.
+	 */
+	public final class AuthorizationCodeGrantBuilder implements Builder {
+
+		private AuthorizationCodeGrantBuilder() {
+		}
+
+		/**
+		 * Builds an instance of
+		 * {@link AuthorizationCodeReactiveOAuth2AuthorizedClientProvider}.
+		 * @return the {@link AuthorizationCodeReactiveOAuth2AuthorizedClientProvider}
+		 */
+		@Override
+		public ReactiveOAuth2AuthorizedClientProvider build() {
+			return new AuthorizationCodeReactiveOAuth2AuthorizedClientProvider();
+		}
+
+	}
+
 	/**
 	 * A builder for the {@code client_credentials} grant.
 	 */
@@ -299,29 +267,6 @@ public final class ReactiveOAuth2AuthorizedClientProviderBuilder {
 
 	}
 
-	/**
-	 * Configures support for the {@code password} grant.
-	 * @return the {@link ReactiveOAuth2AuthorizedClientProviderBuilder}
-	 */
-	public ReactiveOAuth2AuthorizedClientProviderBuilder password() {
-		this.builders.computeIfAbsent(PasswordReactiveOAuth2AuthorizedClientProvider.class,
-				k -> new PasswordGrantBuilder());
-		return ReactiveOAuth2AuthorizedClientProviderBuilder.this;
-	}
-
-	/**
-	 * Configures support for the {@code password} grant.
-	 * @param builderConsumer a {@code Consumer} of {@link PasswordGrantBuilder} used for
-	 * further configuration
-	 * @return the {@link ReactiveOAuth2AuthorizedClientProviderBuilder}
-	 */
-	public ReactiveOAuth2AuthorizedClientProviderBuilder password(Consumer<PasswordGrantBuilder> builderConsumer) {
-		PasswordGrantBuilder builder = (PasswordGrantBuilder) this.builders
-				.computeIfAbsent(PasswordReactiveOAuth2AuthorizedClientProvider.class, k -> new PasswordGrantBuilder());
-		builderConsumer.accept(builder);
-		return ReactiveOAuth2AuthorizedClientProviderBuilder.this;
-	}
-
 	/**
 	 * A builder for the {@code password} grant.
 	 */
@@ -394,19 +339,74 @@ public final class ReactiveOAuth2AuthorizedClientProviderBuilder {
 	}
 
 	/**
-	 * Builds an instance of {@link DelegatingReactiveOAuth2AuthorizedClientProvider}
-	 * composed of one or more {@link ReactiveOAuth2AuthorizedClientProvider}(s).
-	 * @return the {@link DelegatingReactiveOAuth2AuthorizedClientProvider}
+	 * A builder for the {@code refresh_token} grant.
 	 */
-	public ReactiveOAuth2AuthorizedClientProvider build() {
-		List<ReactiveOAuth2AuthorizedClientProvider> authorizedClientProviders = this.builders.values().stream()
-				.map(Builder::build).collect(Collectors.toList());
-		return new DelegatingReactiveOAuth2AuthorizedClientProvider(authorizedClientProviders);
-	}
+	public final class RefreshTokenGrantBuilder implements Builder {
 
-	interface Builder {
+		private ReactiveOAuth2AccessTokenResponseClient<OAuth2RefreshTokenGrantRequest> accessTokenResponseClient;
 
-		ReactiveOAuth2AuthorizedClientProvider build();
+		private Duration clockSkew;
+
+		private Clock clock;
+
+		private RefreshTokenGrantBuilder() {
+		}
+
+		/**
+		 * Sets the client used when requesting an access token credential at the Token
+		 * Endpoint.
+		 * @param accessTokenResponseClient the client used when requesting an access
+		 * token credential at the Token Endpoint
+		 * @return the {@link RefreshTokenGrantBuilder}
+		 */
+		public RefreshTokenGrantBuilder accessTokenResponseClient(
+				ReactiveOAuth2AccessTokenResponseClient<OAuth2RefreshTokenGrantRequest> accessTokenResponseClient) {
+			this.accessTokenResponseClient = accessTokenResponseClient;
+			return this;
+		}
+
+		/**
+		 * Sets the maximum acceptable clock skew, which is used when checking the access
+		 * token expiry. An access token is considered expired if it's before
+		 * {@code Instant.now(this.clock) - clockSkew}.
+		 * @param clockSkew the maximum acceptable clock skew
+		 * @return the {@link RefreshTokenGrantBuilder}
+		 */
+		public RefreshTokenGrantBuilder clockSkew(Duration clockSkew) {
+			this.clockSkew = clockSkew;
+			return this;
+		}
+
+		/**
+		 * Sets the {@link Clock} used in {@link Instant#now(Clock)} when checking the
+		 * access token expiry.
+		 * @param clock the clock
+		 * @return the {@link RefreshTokenGrantBuilder}
+		 */
+		public RefreshTokenGrantBuilder clock(Clock clock) {
+			this.clock = clock;
+			return this;
+		}
+
+		/**
+		 * Builds an instance of
+		 * {@link RefreshTokenReactiveOAuth2AuthorizedClientProvider}.
+		 * @return the {@link RefreshTokenReactiveOAuth2AuthorizedClientProvider}
+		 */
+		@Override
+		public ReactiveOAuth2AuthorizedClientProvider build() {
+			RefreshTokenReactiveOAuth2AuthorizedClientProvider authorizedClientProvider = new RefreshTokenReactiveOAuth2AuthorizedClientProvider();
+			if (this.accessTokenResponseClient != null) {
+				authorizedClientProvider.setAccessTokenResponseClient(this.accessTokenResponseClient);
+			}
+			if (this.clockSkew != null) {
+				authorizedClientProvider.setClockSkew(this.clockSkew);
+			}
+			if (this.clock != null) {
+				authorizedClientProvider.setClock(this.clock);
+			}
+			return authorizedClientProvider;
+		}
 
 	}
 
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RemoveAuthorizedClientOAuth2AuthorizationFailureHandler.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RemoveAuthorizedClientOAuth2AuthorizationFailureHandler.java
index 51df5fb0c7..79a4007f70 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RemoveAuthorizedClientOAuth2AuthorizationFailureHandler.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RemoveAuthorizedClientOAuth2AuthorizationFailureHandler.java
@@ -81,29 +81,6 @@ public class RemoveAuthorizedClientOAuth2AuthorizationFailureHandler implements
 	 */
 	private final OAuth2AuthorizedClientRemover delegate;
 
-	/**
-	 * Removes an {@link OAuth2AuthorizedClient} from an
-	 * {@link OAuth2AuthorizedClientRepository} or {@link OAuth2AuthorizedClientService}.
-	 */
-	@FunctionalInterface
-	public interface OAuth2AuthorizedClientRemover {
-
-		/**
-		 * Removes the {@link OAuth2AuthorizedClient} associated to the provided client
-		 * registration identifier and End-User {@link Authentication} (Resource Owner).
-		 * @param clientRegistrationId the identifier for the client's registration
-		 * @param principal the End-User {@link Authentication} (Resource Owner)
-		 * @param attributes an immutable {@code Map} of (optional) attributes present
-		 * under certain conditions. For example, this might contain a
-		 * {@code javax.servlet.http.HttpServletRequest} and
-		 * {@code javax.servlet.http.HttpServletResponse} if the authorization was
-		 * performed within the context of a {@code javax.servlet.ServletContext}.
-		 */
-		void removeAuthorizedClient(String clientRegistrationId, Authentication principal,
-				Map<String, Object> attributes);
-
-	}
-
 	/**
 	 * Constructs a {@code RemoveAuthorizedClientOAuth2AuthorizationFailureHandler} using
 	 * the provided parameters.
@@ -159,4 +136,27 @@ public class RemoveAuthorizedClientOAuth2AuthorizationFailureHandler implements
 		return this.removeAuthorizedClientErrorCodes.contains(authorizationException.getError().getErrorCode());
 	}
 
+	/**
+	 * Removes an {@link OAuth2AuthorizedClient} from an
+	 * {@link OAuth2AuthorizedClientRepository} or {@link OAuth2AuthorizedClientService}.
+	 */
+	@FunctionalInterface
+	public interface OAuth2AuthorizedClientRemover {
+
+		/**
+		 * Removes the {@link OAuth2AuthorizedClient} associated to the provided client
+		 * registration identifier and End-User {@link Authentication} (Resource Owner).
+		 * @param clientRegistrationId the identifier for the client's registration
+		 * @param principal the End-User {@link Authentication} (Resource Owner)
+		 * @param attributes an immutable {@code Map} of (optional) attributes present
+		 * under certain conditions. For example, this might contain a
+		 * {@code javax.servlet.http.HttpServletRequest} and
+		 * {@code javax.servlet.http.HttpServletResponse} if the authorization was
+		 * performed within the context of a {@code javax.servlet.ServletContext}.
+		 */
+		void removeAuthorizedClient(String clientRegistrationId, Authentication principal,
+				Map<String, Object> attributes);
+
+	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler.java
index 179ce268ec..0e52150bdb 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler.java
@@ -79,32 +79,6 @@ public class RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler
 	 */
 	private final Set<String> removeAuthorizedClientErrorCodes;
 
-	/**
-	 * Removes an {@link OAuth2AuthorizedClient} from a
-	 * {@link ServerOAuth2AuthorizedClientRepository} or
-	 * {@link ReactiveOAuth2AuthorizedClientService}.
-	 */
-	@FunctionalInterface
-	public interface OAuth2AuthorizedClientRemover {
-
-		/**
-		 * Removes the {@link OAuth2AuthorizedClient} associated to the provided client
-		 * registration identifier and End-User {@link Authentication} (Resource Owner).
-		 * @param clientRegistrationId the identifier for the client's registration
-		 * @param principal the End-User {@link Authentication} (Resource Owner)
-		 * @param attributes an immutable {@code Map} of extra optional attributes present
-		 * under certain conditions. For example, this might contain a
-		 * {@link org.springframework.web.server.ServerWebExchange ServerWebExchange} if
-		 * the authorization was performed within the context of a
-		 * {@code ServerWebExchange}.
-		 * @return an empty {@link Mono} that completes after this handler has finished
-		 * handling the event.
-		 */
-		Mono<Void> removeAuthorizedClient(String clientRegistrationId, Authentication principal,
-				Map<String, Object> attributes);
-
-	}
-
 	/**
 	 * Constructs a
 	 * {@code RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler} using the
@@ -165,4 +139,30 @@ public class RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler
 		return this.removeAuthorizedClientErrorCodes.contains(authorizationException.getError().getErrorCode());
 	}
 
+	/**
+	 * Removes an {@link OAuth2AuthorizedClient} from a
+	 * {@link ServerOAuth2AuthorizedClientRepository} or
+	 * {@link ReactiveOAuth2AuthorizedClientService}.
+	 */
+	@FunctionalInterface
+	public interface OAuth2AuthorizedClientRemover {
+
+		/**
+		 * Removes the {@link OAuth2AuthorizedClient} associated to the provided client
+		 * registration identifier and End-User {@link Authentication} (Resource Owner).
+		 * @param clientRegistrationId the identifier for the client's registration
+		 * @param principal the End-User {@link Authentication} (Resource Owner)
+		 * @param attributes an immutable {@code Map} of extra optional attributes present
+		 * under certain conditions. For example, this might contain a
+		 * {@link org.springframework.web.server.ServerWebExchange ServerWebExchange} if
+		 * the authorization was performed within the context of a
+		 * {@code ServerWebExchange}.
+		 * @return an empty {@link Mono} that completes after this handler has finished
+		 * handling the event.
+		 */
+		Mono<Void> removeAuthorizedClient(String clientRegistrationId, Authentication principal,
+				Map<String, Object> attributes);
+
+	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistration.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistration.java
index b4ecb5748d..12050c253a 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistration.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistration.java
@@ -176,6 +176,28 @@ public final class ClientRegistration implements Serializable {
 				+ this.providerDetails + ", clientName='" + this.clientName + '\'' + '}';
 	}
 
+	/**
+	 * Returns a new {@link Builder}, initialized with the provided registration
+	 * identifier.
+	 * @param registrationId the identifier for the registration
+	 * @return the {@link Builder}
+	 */
+	public static Builder withRegistrationId(String registrationId) {
+		Assert.hasText(registrationId, "registrationId cannot be empty");
+		return new Builder(registrationId);
+	}
+
+	/**
+	 * Returns a new {@link Builder}, initialized with the provided
+	 * {@link ClientRegistration}.
+	 * @param clientRegistration the {@link ClientRegistration} to copy from
+	 * @return the {@link Builder}
+	 */
+	public static Builder withClientRegistration(ClientRegistration clientRegistration) {
+		Assert.notNull(clientRegistration, "clientRegistration cannot be null");
+		return new Builder(clientRegistration);
+	}
+
 	/**
 	 * Details of the Provider.
 	 */
@@ -297,28 +319,6 @@ public final class ClientRegistration implements Serializable {
 
 	}
 
-	/**
-	 * Returns a new {@link Builder}, initialized with the provided registration
-	 * identifier.
-	 * @param registrationId the identifier for the registration
-	 * @return the {@link Builder}
-	 */
-	public static Builder withRegistrationId(String registrationId) {
-		Assert.hasText(registrationId, "registrationId cannot be empty");
-		return new Builder(registrationId);
-	}
-
-	/**
-	 * Returns a new {@link Builder}, initialized with the provided
-	 * {@link ClientRegistration}.
-	 * @param clientRegistration the {@link ClientRegistration} to copy from
-	 * @return the {@link Builder}
-	 */
-	public static Builder withClientRegistration(ClientRegistration clientRegistration) {
-		Assert.notNull(clientRegistration, "clientRegistration cannot be null");
-		return new Builder(clientRegistration);
-	}
-
 	/**
 	 * A builder for {@link ClientRegistration}.
 	 */
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistrations.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistrations.java
index aa68f450c1..e244de0e8d 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistrations.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistrations.java
@@ -64,6 +64,9 @@ public final class ClientRegistrations {
 	private static final ParameterizedTypeReference<Map<String, Object>> typeReference = new ParameterizedTypeReference<Map<String, Object>>() {
 	};
 
+	private ClientRegistrations() {
+	}
+
 	/**
 	 * Creates a {@link ClientRegistration.Builder} using the provided <a href=
 	 * "https://openid.net/specs/openid-connect-core-1_0.html#IssuerIdentifier">Issuer</a>
@@ -227,12 +230,6 @@ public final class ClientRegistrations {
 		}
 	}
 
-	private interface ThrowingFunction<S, T, E extends Throwable> {
-
-		T apply(S src) throws E;
-
-	}
-
 	private static ClientRegistration.Builder withProviderConfiguration(AuthorizationServerMetadata metadata,
 			String issuer) {
 		String metadataIssuer = metadata.getIssuer().getValue();
@@ -292,7 +289,10 @@ public final class ClientRegistrations {
 		}
 	}
 
-	private ClientRegistrations() {
+	private interface ThrowingFunction<S, T, E extends Throwable> {
+
+		T apply(S src) throws E;
+
 	}
 
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunction.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunction.java
index 9ea3263d5b..d8b0dfea79 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunction.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunction.java
@@ -154,13 +154,6 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements
 
 	private ClientResponseHandler clientResponseHandler;
 
-	@FunctionalInterface
-	private interface ClientResponseHandler {
-
-		Mono<ClientResponse> handleResponse(ClientRequest request, Mono<ClientResponse> response);
-
-	}
-
 	/**
 	 * Constructs a {@code ServerOAuth2AuthorizedClientExchangeFilterFunction} using the
 	 * provided parameters.
@@ -534,6 +527,13 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements
 		this.clientResponseHandler = new AuthorizationFailureForwarder(authorizationFailureHandler);
 	}
 
+	@FunctionalInterface
+	private interface ClientResponseHandler {
+
+		Mono<ClientResponse> handleResponse(ClientRequest request, Mono<ClientResponse> response);
+
+	}
+
 	private static final class UnAuthenticatedReactiveOAuth2AuthorizedClientManager
 			implements ReactiveOAuth2AuthorizedClientManager {
 
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunction.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunction.java
index 6600151027..311e403766 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunction.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunction.java
@@ -166,13 +166,6 @@ public final class ServletOAuth2AuthorizedClientExchangeFilterFunction implement
 
 	private ClientResponseHandler clientResponseHandler;
 
-	@FunctionalInterface
-	private interface ClientResponseHandler {
-
-		Mono<ClientResponse> handleResponse(ClientRequest request, Mono<ClientResponse> response);
-
-	}
-
 	public ServletOAuth2AuthorizedClientExchangeFilterFunction() {
 	}
 
@@ -631,6 +624,13 @@ public final class ServletOAuth2AuthorizedClientExchangeFilterFunction implement
 		};
 	}
 
+	@FunctionalInterface
+	private interface ClientResponseHandler {
+
+		Mono<ClientResponse> handleResponse(ClientRequest request, Mono<ClientResponse> response);
+
+	}
+
 	/**
 	 * Forwards authentication and authorization failures to an
 	 * {@link OAuth2AuthorizationFailureHandler}.
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoder.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoder.java
index 53a119cdb0..4fa7bac01a 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoder.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoder.java
@@ -245,6 +245,19 @@ public final class NimbusReactiveJwtDecoder implements ReactiveJwtDecoder {
 		return new JwkSourceReactiveJwtDecoderBuilder(source);
 	}
 
+	private static <C extends SecurityContext> JWTClaimsSet createClaimsSet(JWTProcessor<C> jwtProcessor,
+			JWT parsedToken, C context) {
+		try {
+			return jwtProcessor.process(parsedToken, context);
+		}
+		catch (BadJOSEException e) {
+			throw new BadJwtException("Failed to validate the token", e);
+		}
+		catch (JOSEException e) {
+			throw new JwtException("Failed to validate the token", e);
+		}
+	}
+
 	/**
 	 * A builder for creating {@link NimbusReactiveJwtDecoder} instances based on a
 	 * <a target="_blank" href="https://tools.ietf.org/html/rfc7517#section-5">JWK Set</a>
@@ -626,17 +639,4 @@ public final class NimbusReactiveJwtDecoder implements ReactiveJwtDecoder {
 
 	}
 
-	private static <C extends SecurityContext> JWTClaimsSet createClaimsSet(JWTProcessor<C> jwtProcessor,
-			JWT parsedToken, C context) {
-		try {
-			return jwtProcessor.process(parsedToken, context);
-		}
-		catch (BadJOSEException e) {
-			throw new BadJwtException("Failed to validate the token", e);
-		}
-		catch (JOSEException e) {
-			throw new JwtException("Failed to validate the token", e);
-		}
-	}
-
 }
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProvider.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProvider.java
index cf749a5361..842f58df26 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProvider.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProvider.java
@@ -562,6 +562,22 @@ public final class OpenSamlAuthenticationProvider implements AuthenticationProvi
 		return xsAny.getTextContent();
 	}
 
+	private static Saml2Error validationError(String code, String description) {
+		return new Saml2Error(code, description);
+	}
+
+	private static Saml2AuthenticationException authException(String code, String description)
+			throws Saml2AuthenticationException {
+
+		return new Saml2AuthenticationException(validationError(code, description));
+	}
+
+	private static Saml2AuthenticationException authException(String code, String description, Exception cause)
+			throws Saml2AuthenticationException {
+
+		return new Saml2AuthenticationException(validationError(code, description), cause);
+	}
+
 	private static class SignatureTrustEngineConverter
 			implements Converter<Saml2AuthenticationToken, SignatureTrustEngine> {
 
@@ -651,22 +667,6 @@ public final class OpenSamlAuthenticationProvider implements AuthenticationProvi
 
 	}
 
-	private static Saml2Error validationError(String code, String description) {
-		return new Saml2Error(code, description);
-	}
-
-	private static Saml2AuthenticationException authException(String code, String description)
-			throws Saml2AuthenticationException {
-
-		return new Saml2AuthenticationException(validationError(code, description));
-	}
-
-	private static Saml2AuthenticationException authException(String code, String description, Exception cause)
-			throws Saml2AuthenticationException {
-
-		return new Saml2AuthenticationException(validationError(code, description), cause);
-	}
-
 	/**
 	 * A tuple containing the authentication token and the associated OpenSAML
 	 * {@link Response}.
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistration.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistration.java
index 7a5db9ed5d..db1f7d2d57 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistration.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistration.java
@@ -377,6 +377,51 @@ public final class RelyingPartyRegistration {
 								registration.getAssertingPartyDetails().getSingleSignOnServiceBinding()));
 	}
 
+	private static Saml2X509Credential fromDeprecated(
+			org.springframework.security.saml2.credentials.Saml2X509Credential credential) {
+		PrivateKey privateKey = credential.getPrivateKey();
+		X509Certificate certificate = credential.getCertificate();
+		Set<Saml2X509Credential.Saml2X509CredentialType> credentialTypes = new HashSet<>();
+		if (credential.isSigningCredential()) {
+			credentialTypes.add(Saml2X509Credential.Saml2X509CredentialType.SIGNING);
+		}
+		if (credential.isSignatureVerficationCredential()) {
+			credentialTypes.add(Saml2X509Credential.Saml2X509CredentialType.VERIFICATION);
+		}
+		if (credential.isEncryptionCredential()) {
+			credentialTypes.add(Saml2X509Credential.Saml2X509CredentialType.ENCRYPTION);
+		}
+		if (credential.isDecryptionCredential()) {
+			credentialTypes.add(Saml2X509Credential.Saml2X509CredentialType.DECRYPTION);
+		}
+		return new Saml2X509Credential(privateKey, certificate, credentialTypes);
+	}
+
+	private static org.springframework.security.saml2.credentials.Saml2X509Credential toDeprecated(
+			Saml2X509Credential credential) {
+		PrivateKey privateKey = credential.getPrivateKey();
+		X509Certificate certificate = credential.getCertificate();
+		Set<org.springframework.security.saml2.credentials.Saml2X509Credential.Saml2X509CredentialType> credentialTypes = new HashSet<>();
+		if (credential.isSigningCredential()) {
+			credentialTypes.add(
+					org.springframework.security.saml2.credentials.Saml2X509Credential.Saml2X509CredentialType.SIGNING);
+		}
+		if (credential.isVerificationCredential()) {
+			credentialTypes.add(
+					org.springframework.security.saml2.credentials.Saml2X509Credential.Saml2X509CredentialType.VERIFICATION);
+		}
+		if (credential.isEncryptionCredential()) {
+			credentialTypes.add(
+					org.springframework.security.saml2.credentials.Saml2X509Credential.Saml2X509CredentialType.ENCRYPTION);
+		}
+		if (credential.isDecryptionCredential()) {
+			credentialTypes.add(
+					org.springframework.security.saml2.credentials.Saml2X509Credential.Saml2X509CredentialType.DECRYPTION);
+		}
+		return new org.springframework.security.saml2.credentials.Saml2X509Credential(privateKey, certificate,
+				credentialTypes);
+	}
+
 	/**
 	 * The configuration metadata of the Asserting party
 	 *
@@ -1000,49 +1045,4 @@ public final class RelyingPartyRegistration {
 
 	}
 
-	private static Saml2X509Credential fromDeprecated(
-			org.springframework.security.saml2.credentials.Saml2X509Credential credential) {
-		PrivateKey privateKey = credential.getPrivateKey();
-		X509Certificate certificate = credential.getCertificate();
-		Set<Saml2X509Credential.Saml2X509CredentialType> credentialTypes = new HashSet<>();
-		if (credential.isSigningCredential()) {
-			credentialTypes.add(Saml2X509Credential.Saml2X509CredentialType.SIGNING);
-		}
-		if (credential.isSignatureVerficationCredential()) {
-			credentialTypes.add(Saml2X509Credential.Saml2X509CredentialType.VERIFICATION);
-		}
-		if (credential.isEncryptionCredential()) {
-			credentialTypes.add(Saml2X509Credential.Saml2X509CredentialType.ENCRYPTION);
-		}
-		if (credential.isDecryptionCredential()) {
-			credentialTypes.add(Saml2X509Credential.Saml2X509CredentialType.DECRYPTION);
-		}
-		return new Saml2X509Credential(privateKey, certificate, credentialTypes);
-	}
-
-	private static org.springframework.security.saml2.credentials.Saml2X509Credential toDeprecated(
-			Saml2X509Credential credential) {
-		PrivateKey privateKey = credential.getPrivateKey();
-		X509Certificate certificate = credential.getCertificate();
-		Set<org.springframework.security.saml2.credentials.Saml2X509Credential.Saml2X509CredentialType> credentialTypes = new HashSet<>();
-		if (credential.isSigningCredential()) {
-			credentialTypes.add(
-					org.springframework.security.saml2.credentials.Saml2X509Credential.Saml2X509CredentialType.SIGNING);
-		}
-		if (credential.isVerificationCredential()) {
-			credentialTypes.add(
-					org.springframework.security.saml2.credentials.Saml2X509Credential.Saml2X509CredentialType.VERIFICATION);
-		}
-		if (credential.isEncryptionCredential()) {
-			credentialTypes.add(
-					org.springframework.security.saml2.credentials.Saml2X509Credential.Saml2X509CredentialType.ENCRYPTION);
-		}
-		if (credential.isDecryptionCredential()) {
-			credentialTypes.add(
-					org.springframework.security.saml2.credentials.Saml2X509Credential.Saml2X509CredentialType.DECRYPTION);
-		}
-		return new org.springframework.security.saml2.credentials.Saml2X509Credential(privateKey, certificate,
-				credentialTypes);
-	}
-
 }
diff --git a/test/src/main/java/org/springframework/security/test/context/support/ReactorContextTestExecutionListener.java b/test/src/main/java/org/springframework/security/test/context/support/ReactorContextTestExecutionListener.java
index 3c14d2ce20..97572bdf8e 100644
--- a/test/src/main/java/org/springframework/security/test/context/support/ReactorContextTestExecutionListener.java
+++ b/test/src/main/java/org/springframework/security/test/context/support/ReactorContextTestExecutionListener.java
@@ -57,6 +57,14 @@ public class ReactorContextTestExecutionListener extends DelegatingTestExecution
 				};
 	}
 
+	/**
+	 * Returns {@code 11000}.
+	 */
+	@Override
+	public int getOrder() {
+		return 11000;
+	}
+
 	private static class DelegateTestExecutionListener extends AbstractTestExecutionListener {
 
 		@Override
@@ -124,12 +132,4 @@ public class ReactorContextTestExecutionListener extends DelegatingTestExecution
 
 	}
 
-	/**
-	 * Returns {@code 11000}.
-	 */
-	@Override
-	public int getOrder() {
-		return 11000;
-	}
-
 }
diff --git a/test/src/test/java/org/springframework/security/test/context/showcase/WithUserDetailsTests.java b/test/src/test/java/org/springframework/security/test/context/showcase/WithUserDetailsTests.java
index 29cbaebbc5..604dcbfbf9 100644
--- a/test/src/test/java/org/springframework/security/test/context/showcase/WithUserDetailsTests.java
+++ b/test/src/test/java/org/springframework/security/test/context/showcase/WithUserDetailsTests.java
@@ -76,6 +76,10 @@ public class WithUserDetailsTests {
 		assertThat(getPrincipal()).isInstanceOf(CustomUserDetails.class);
 	}
 
+	private Object getPrincipal() {
+		return SecurityContextHolder.getContext().getAuthentication().getPrincipal();
+	}
+
 	@EnableGlobalMethodSecurity(prePostEnabled = true)
 	@ComponentScan(basePackageClasses = HelloMessageService.class)
 	static class Config {
@@ -95,10 +99,6 @@ public class WithUserDetailsTests {
 
 	}
 
-	private Object getPrincipal() {
-		return SecurityContextHolder.getContext().getAuthentication().getPrincipal();
-	}
-
 	static class CustomUserDetailsService implements UserDetailsService {
 
 		@Override
diff --git a/test/src/test/java/org/springframework/security/test/context/support/ReactorContextTestExecutionListenerTests.java b/test/src/test/java/org/springframework/security/test/context/support/ReactorContextTestExecutionListenerTests.java
index 82aa46912e..915f0997fc 100644
--- a/test/src/test/java/org/springframework/security/test/context/support/ReactorContextTestExecutionListenerTests.java
+++ b/test/src/test/java/org/springframework/security/test/context/support/ReactorContextTestExecutionListenerTests.java
@@ -100,26 +100,6 @@ public class ReactorContextTestExecutionListenerTests {
 		assertSecurityContext(context);
 	}
 
-	static class CustomContext implements SecurityContext {
-
-		private Authentication authentication;
-
-		CustomContext(Authentication authentication) {
-			this.authentication = authentication;
-		}
-
-		@Override
-		public Authentication getAuthentication() {
-			return this.authentication;
-		}
-
-		@Override
-		public void setAuthentication(Authentication authentication) {
-			this.authentication = authentication;
-		}
-
-	}
-
 	@Test
 	public void beforeTestMethodWhenExistingAuthenticationThenReactorContextHasOriginalAuthentication()
 			throws Exception {
@@ -215,4 +195,24 @@ public class ReactorContextTestExecutionListenerTests {
 		StepVerifier.create(securityContext).expectNext(expected).verifyComplete();
 	}
 
+	static class CustomContext implements SecurityContext {
+
+		private Authentication authentication;
+
+		CustomContext(Authentication authentication) {
+			this.authentication = authentication;
+		}
+
+		@Override
+		public Authentication getAuthentication() {
+			return this.authentication;
+		}
+
+		@Override
+		public void setAuthentication(Authentication authentication) {
+			this.authentication = authentication;
+		}
+
+	}
+
 }
diff --git a/test/src/test/java/org/springframework/security/test/context/support/WithAnonymousUserTests.java b/test/src/test/java/org/springframework/security/test/context/support/WithAnonymousUserTests.java
index 7922953309..451d0be461 100644
--- a/test/src/test/java/org/springframework/security/test/context/support/WithAnonymousUserTests.java
+++ b/test/src/test/java/org/springframework/security/test/context/support/WithAnonymousUserTests.java
@@ -36,11 +36,6 @@ public class WithAnonymousUserTests {
 		assertThat(context.setupBefore()).isEqualTo(TestExecutionEvent.TEST_METHOD);
 	}
 
-	@WithAnonymousUser
-	private class Annotated {
-
-	}
-
 	@Test
 	public void findMergedAnnotationWhenSetupExplicitThenOverridden() {
 		WithSecurityContext context = AnnotatedElementUtils.findMergedAnnotation(SetupExplicit.class,
@@ -49,11 +44,6 @@ public class WithAnonymousUserTests {
 		assertThat(context.setupBefore()).isEqualTo(TestExecutionEvent.TEST_METHOD);
 	}
 
-	@WithAnonymousUser(setupBefore = TestExecutionEvent.TEST_METHOD)
-	private class SetupExplicit {
-
-	}
-
 	@Test
 	public void findMergedAnnotationWhenSetupOverriddenThenOverridden() {
 		WithSecurityContext context = AnnotatedElementUtils.findMergedAnnotation(SetupOverridden.class,
@@ -62,6 +52,16 @@ public class WithAnonymousUserTests {
 		assertThat(context.setupBefore()).isEqualTo(TestExecutionEvent.TEST_EXECUTION);
 	}
 
+	@WithAnonymousUser
+	private class Annotated {
+
+	}
+
+	@WithAnonymousUser(setupBefore = TestExecutionEvent.TEST_METHOD)
+	private class SetupExplicit {
+
+	}
+
 	@WithAnonymousUser(setupBefore = TestExecutionEvent.TEST_EXECUTION)
 	private class SetupOverridden {
 
diff --git a/test/src/test/java/org/springframework/security/test/context/support/WithMockUserTests.java b/test/src/test/java/org/springframework/security/test/context/support/WithMockUserTests.java
index 50f1cf76ab..b64c85ef7a 100644
--- a/test/src/test/java/org/springframework/security/test/context/support/WithMockUserTests.java
+++ b/test/src/test/java/org/springframework/security/test/context/support/WithMockUserTests.java
@@ -39,11 +39,6 @@ public class WithMockUserTests {
 		assertThat(context.setupBefore()).isEqualTo(TestExecutionEvent.TEST_METHOD);
 	}
 
-	@WithMockUser
-	private class Annotated {
-
-	}
-
 	@Test
 	public void findMergedAnnotationWhenSetupExplicitThenOverridden() {
 		WithSecurityContext context = AnnotatedElementUtils.findMergedAnnotation(SetupExplicit.class,
@@ -52,11 +47,6 @@ public class WithMockUserTests {
 		assertThat(context.setupBefore()).isEqualTo(TestExecutionEvent.TEST_METHOD);
 	}
 
-	@WithMockUser(setupBefore = TestExecutionEvent.TEST_METHOD)
-	private class SetupExplicit {
-
-	}
-
 	@Test
 	public void findMergedAnnotationWhenSetupOverriddenThenOverridden() {
 		WithSecurityContext context = AnnotatedElementUtils.findMergedAnnotation(SetupOverridden.class,
@@ -65,6 +55,16 @@ public class WithMockUserTests {
 		assertThat(context.setupBefore()).isEqualTo(TestExecutionEvent.TEST_EXECUTION);
 	}
 
+	@WithMockUser
+	private class Annotated {
+
+	}
+
+	@WithMockUser(setupBefore = TestExecutionEvent.TEST_METHOD)
+	private class SetupExplicit {
+
+	}
+
 	@WithMockUser(setupBefore = TestExecutionEvent.TEST_EXECUTION)
 	private class SetupOverridden {
 
diff --git a/test/src/test/java/org/springframework/security/test/context/support/WithUserDetailsTests.java b/test/src/test/java/org/springframework/security/test/context/support/WithUserDetailsTests.java
index 886bfc128c..d9b1596a1b 100644
--- a/test/src/test/java/org/springframework/security/test/context/support/WithUserDetailsTests.java
+++ b/test/src/test/java/org/springframework/security/test/context/support/WithUserDetailsTests.java
@@ -35,11 +35,6 @@ public class WithUserDetailsTests {
 		assertThat(context.setupBefore()).isEqualTo(TestExecutionEvent.TEST_METHOD);
 	}
 
-	@WithUserDetails
-	private static class Annotated {
-
-	}
-
 	@Test
 	public void findMergedAnnotationWhenSetupExplicitThenOverridden() {
 		WithSecurityContext context = AnnotatedElementUtils.findMergedAnnotation(SetupExplicit.class,
@@ -48,11 +43,6 @@ public class WithUserDetailsTests {
 		assertThat(context.setupBefore()).isEqualTo(TestExecutionEvent.TEST_METHOD);
 	}
 
-	@WithUserDetails(setupBefore = TestExecutionEvent.TEST_METHOD)
-	private class SetupExplicit {
-
-	}
-
 	@Test
 	public void findMergedAnnotationWhenSetupOverriddenThenOverridden() {
 		WithSecurityContext context = AnnotatedElementUtils.findMergedAnnotation(SetupOverridden.class,
@@ -61,6 +51,16 @@ public class WithUserDetailsTests {
 		assertThat(context.setupBefore()).isEqualTo(TestExecutionEvent.TEST_EXECUTION);
 	}
 
+	@WithUserDetails
+	private static class Annotated {
+
+	}
+
+	@WithUserDetails(setupBefore = TestExecutionEvent.TEST_METHOD)
+	private class SetupExplicit {
+
+	}
+
 	@WithUserDetails(setupBefore = TestExecutionEvent.TEST_EXECUTION)
 	private class SetupOverridden {
 
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCsrfTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCsrfTests.java
index cfdd8d009a..a220845bba 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCsrfTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCsrfTests.java
@@ -172,6 +172,10 @@ public class SecurityMockMvcRequestPostProcessorsCsrfTests {
 		return new CsrfParamResultMatcher();
 	}
 
+	public static ResultMatcher csrfAsHeader() {
+		return new CsrfHeaderResultMatcher();
+	}
+
 	static class CsrfParamResultMatcher implements ResultMatcher {
 
 		@Override
@@ -183,10 +187,6 @@ public class SecurityMockMvcRequestPostProcessorsCsrfTests {
 
 	}
 
-	public static ResultMatcher csrfAsHeader() {
-		return new CsrfHeaderResultMatcher();
-	}
-
 	static class CsrfHeaderResultMatcher implements ResultMatcher {
 
 		@Override
diff --git a/web/src/main/java/org/springframework/security/web/context/HttpSessionSecurityContextRepository.java b/web/src/main/java/org/springframework/security/web/context/HttpSessionSecurityContextRepository.java
index 55d5edf3e3..763d2e7ad2 100644
--- a/web/src/main/java/org/springframework/security/web/context/HttpSessionSecurityContextRepository.java
+++ b/web/src/main/java/org/springframework/security/web/context/HttpSessionSecurityContextRepository.java
@@ -256,6 +256,21 @@ public class HttpSessionSecurityContextRepository implements SecurityContextRepo
 		this.springSecurityContextKey = springSecurityContextKey;
 	}
 
+	private boolean isTransientAuthentication(Authentication authentication) {
+		return AnnotationUtils.getAnnotation(authentication.getClass(), Transient.class) != null;
+	}
+
+	/**
+	 * Sets the {@link AuthenticationTrustResolver} to be used. The default is
+	 * {@link AuthenticationTrustResolverImpl}.
+	 * @param trustResolver the {@link AuthenticationTrustResolver} to use. Cannot be
+	 * null.
+	 */
+	public void setTrustResolver(AuthenticationTrustResolver trustResolver) {
+		Assert.notNull(trustResolver, "trustResolver cannot be null");
+		this.trustResolver = trustResolver;
+	}
+
 	private static class SaveToSessionRequestWrapper extends HttpServletRequestWrapper {
 
 		private final SaveContextOnUpdateOrErrorResponseWrapper response;
@@ -435,19 +450,4 @@ public class HttpSessionSecurityContextRepository implements SecurityContextRepo
 
 	}
 
-	private boolean isTransientAuthentication(Authentication authentication) {
-		return AnnotationUtils.getAnnotation(authentication.getClass(), Transient.class) != null;
-	}
-
-	/**
-	 * Sets the {@link AuthenticationTrustResolver} to be used. The default is
-	 * {@link AuthenticationTrustResolverImpl}.
-	 * @param trustResolver the {@link AuthenticationTrustResolver} to use. Cannot be
-	 * null.
-	 */
-	public void setTrustResolver(AuthenticationTrustResolver trustResolver) {
-		Assert.notNull(trustResolver, "trustResolver cannot be null");
-		this.trustResolver = trustResolver;
-	}
-
 }
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/ClearSiteDataHeaderWriter.java b/web/src/main/java/org/springframework/security/web/header/writers/ClearSiteDataHeaderWriter.java
index 305436fbd1..3ba25039a8 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/ClearSiteDataHeaderWriter.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/ClearSiteDataHeaderWriter.java
@@ -82,6 +82,20 @@ public final class ClearSiteDataHeaderWriter implements HeaderWriter {
 		}
 	}
 
+	private String transformToHeaderValue(Directive... directives) {
+		StringBuilder sb = new StringBuilder();
+		for (int i = 0; i < directives.length - 1; i++) {
+			sb.append(directives[i].headerValue).append(", ");
+		}
+		sb.append(directives[directives.length - 1].headerValue);
+		return sb.toString();
+	}
+
+	@Override
+	public String toString() {
+		return getClass().getName() + " [headerValue=" + this.headerValue + "]";
+	}
+
 	/**
 	 * <p>
 	 * Represents the directive values expected by the {@link ClearSiteDataHeaderWriter}
@@ -104,15 +118,6 @@ public final class ClearSiteDataHeaderWriter implements HeaderWriter {
 
 	}
 
-	private String transformToHeaderValue(Directive... directives) {
-		StringBuilder sb = new StringBuilder();
-		for (int i = 0; i < directives.length - 1; i++) {
-			sb.append(directives[i].headerValue).append(", ");
-		}
-		sb.append(directives[directives.length - 1].headerValue);
-		return sb.toString();
-	}
-
 	private static final class SecureRequestMatcher implements RequestMatcher {
 
 		@Override
@@ -122,9 +127,4 @@ public final class ClearSiteDataHeaderWriter implements HeaderWriter {
 
 	}
 
-	@Override
-	public String toString() {
-		return getClass().getName() + " [headerValue=" + this.headerValue + "]";
-	}
-
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/SwitchUserWebFilter.java b/web/src/main/java/org/springframework/security/web/server/authentication/SwitchUserWebFilter.java
index 82455c1699..e06fbaada5 100644
--- a/web/src/main/java/org/springframework/security/web/server/authentication/SwitchUserWebFilter.java
+++ b/web/src/main/java/org/springframework/security/web/server/authentication/SwitchUserWebFilter.java
@@ -314,14 +314,6 @@ public class SwitchUserWebFilter implements WebFilter {
 		return new AuthenticationCredentialsNotFoundException("No target user for the given username");
 	}
 
-	private static class SwitchUserAuthenticationException extends RuntimeException {
-
-		SwitchUserAuthenticationException(AuthenticationException exception) {
-			super(exception);
-		}
-
-	}
-
 	/**
 	 * Sets the repository for persisting the SecurityContext. Default is
 	 * {@link WebSessionServerSecurityContextRepository}
@@ -372,4 +364,12 @@ public class SwitchUserWebFilter implements WebFilter {
 		this.switchUserMatcher = switchUserMatcher;
 	}
 
+	private static class SwitchUserAuthenticationException extends RuntimeException {
+
+		SwitchUserAuthenticationException(AuthenticationException exception) {
+			super(exception);
+		}
+
+	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/authorization/ServerWebExchangeDelegatingServerAccessDeniedHandler.java b/web/src/main/java/org/springframework/security/web/server/authorization/ServerWebExchangeDelegatingServerAccessDeniedHandler.java
index e2fd9dd5b2..38961c513d 100644
--- a/web/src/main/java/org/springframework/security/web/server/authorization/ServerWebExchangeDelegatingServerAccessDeniedHandler.java
+++ b/web/src/main/java/org/springframework/security/web/server/authorization/ServerWebExchangeDelegatingServerAccessDeniedHandler.java
@@ -84,6 +84,11 @@ public class ServerWebExchangeDelegatingServerAccessDeniedHandler implements Ser
 		this.defaultHandler = accessDeniedHandler;
 	}
 
+	private Mono<Boolean> isMatch(ServerWebExchange exchange, DelegateEntry entry) {
+		ServerWebExchangeMatcher matcher = entry.getMatcher();
+		return matcher.matches(exchange).map(ServerWebExchangeMatcher.MatchResult::isMatch);
+	}
+
 	public static class DelegateEntry {
 
 		private final ServerWebExchangeMatcher matcher;
@@ -105,9 +110,4 @@ public class ServerWebExchangeDelegatingServerAccessDeniedHandler implements Ser
 
 	}
 
-	private Mono<Boolean> isMatch(ServerWebExchange exchange, DelegateEntry entry) {
-		ServerWebExchangeMatcher matcher = entry.getMatcher();
-		return matcher.matches(exchange).map(ServerWebExchangeMatcher.MatchResult::isMatch);
-	}
-
 }
diff --git a/web/src/test/java/org/springframework/security/test/web/reactive/server/WebTestHandler.java b/web/src/test/java/org/springframework/security/test/web/reactive/server/WebTestHandler.java
index 6eb74cd5c4..07d478e0f9 100644
--- a/web/src/test/java/org/springframework/security/test/web/reactive/server/WebTestHandler.java
+++ b/web/src/test/java/org/springframework/security/test/web/reactive/server/WebTestHandler.java
@@ -50,6 +50,10 @@ public final class WebTestHandler {
 		return new WebHandlerResult(this.webHandler.exchange);
 	}
 
+	public static WebTestHandler bindToWebFilters(WebFilter... filters) {
+		return new WebTestHandler(filters);
+	}
+
 	public static final class WebHandlerResult {
 
 		private final ServerWebExchange exchange;
@@ -64,10 +68,6 @@ public final class WebTestHandler {
 
 	}
 
-	public static WebTestHandler bindToWebFilters(WebFilter... filters) {
-		return new WebTestHandler(filters);
-	}
-
 	static class MockWebHandler implements WebHandler {
 
 		private ServerWebExchange exchange;
diff --git a/web/src/test/java/org/springframework/security/web/access/expression/WebExpressionVoterTests.java b/web/src/test/java/org/springframework/security/web/access/expression/WebExpressionVoterTests.java
index f08f177a57..608053c1d7 100644
--- a/web/src/test/java/org/springframework/security/web/access/expression/WebExpressionVoterTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/expression/WebExpressionVoterTests.java
@@ -96,14 +96,6 @@ public class WebExpressionVoterTests {
 		assertThat(voter.supports(FilterInvocationChild.class)).isTrue();
 	}
 
-	private static class FilterInvocationChild extends FilterInvocation {
-
-		FilterInvocationChild(ServletRequest request, ServletResponse response, FilterChain chain) {
-			super(request, response, chain);
-		}
-
-	}
-
 	@Test
 	public void supportFilterInvocation() {
 		WebExpressionVoter voter = new WebExpressionVoter();
@@ -116,4 +108,12 @@ public class WebExpressionVoterTests {
 		assertThat(voter.supports(Object.class)).isFalse();
 	}
 
+	private static class FilterInvocationChild extends FilterInvocation {
+
+		FilterInvocationChild(ServletRequest request, ServletResponse response, FilterChain chain) {
+			super(request, response, chain);
+		}
+
+	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/authentication/DefaultLoginPageGeneratingFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/DefaultLoginPageGeneratingFilterTests.java
index ff8e4b3560..ea179bd770 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/DefaultLoginPageGeneratingFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/DefaultLoginPageGeneratingFilterTests.java
@@ -150,26 +150,6 @@ public class DefaultLoginPageGeneratingFilterTests {
 		filter.doFilter(new MockHttpServletRequest("GET", "/login"), new MockHttpServletResponse(), this.chain);
 	}
 
-	// Fake OpenID filter (since it's not in this module
-	@SuppressWarnings("unused")
-	private static class MockProcessingFilter extends AbstractAuthenticationProcessingFilter {
-
-		MockProcessingFilter() {
-			super("/someurl");
-		}
-
-		@Override
-		public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
-				throws AuthenticationException {
-			return null;
-		}
-
-		public String getClaimedIdentityFieldName() {
-			return "unused";
-		}
-
-	}
-
 	/* SEC-1111 */
 	@Test
 	public void handlesNonIso8859CharsInErrorMessage() throws Exception {
@@ -218,6 +198,25 @@ public class DefaultLoginPageGeneratingFilterTests {
 		assertThat(response.getContentAsString()).contains("Login with SAML 2.0");
 		assertThat(response.getContentAsString())
 				.contains("<a href=\"/saml/sso/google\">Google &lt; &gt; &quot; &#39; &amp;</a>");
+	} // Fake OpenID filter (since it's not in this module
+
+	@SuppressWarnings("unused")
+	private static class MockProcessingFilter extends AbstractAuthenticationProcessingFilter {
+
+		MockProcessingFilter() {
+			super("/someurl");
+		}
+
+		@Override
+		public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
+				throws AuthenticationException {
+			return null;
+		}
+
+		public String getClaimedIdentityFieldName() {
+			return "unused";
+		}
+
 	}
 
 }
diff --git a/web/src/test/java/org/springframework/security/web/bind/support/AuthenticationPrincipalArgumentResolverTests.java b/web/src/test/java/org/springframework/security/web/bind/support/AuthenticationPrincipalArgumentResolverTests.java
index 3a0344cb33..d55357f9ff 100644
--- a/web/src/test/java/org/springframework/security/web/bind/support/AuthenticationPrincipalArgumentResolverTests.java
+++ b/web/src/test/java/org/springframework/security/web/bind/support/AuthenticationPrincipalArgumentResolverTests.java
@@ -180,6 +180,12 @@ public class AuthenticationPrincipalArgumentResolverTests {
 		return new MethodParameter(method, 0);
 	}
 
+	private void setAuthenticationPrincipal(Object principal) {
+		this.expectedPrincipal = principal;
+		SecurityContextHolder.getContext()
+				.setAuthentication(new TestingAuthenticationToken(this.expectedPrincipal, "password", "ROLE_USER"));
+	}
+
 	@Target({ ElementType.PARAMETER })
 	@Retention(RetentionPolicy.RUNTIME)
 	@AuthenticationPrincipal
@@ -227,10 +233,4 @@ public class AuthenticationPrincipalArgumentResolverTests {
 
 	}
 
-	private void setAuthenticationPrincipal(Object principal) {
-		this.expectedPrincipal = principal;
-		SecurityContextHolder.getContext()
-				.setAuthentication(new TestingAuthenticationToken(this.expectedPrincipal, "password", "ROLE_USER"));
-	}
-
 }
diff --git a/web/src/test/java/org/springframework/security/web/context/AbstractSecurityWebApplicationInitializerTests.java b/web/src/test/java/org/springframework/security/web/context/AbstractSecurityWebApplicationInitializerTests.java
index dd7f1db152..fdaa0cca8d 100644
--- a/web/src/test/java/org/springframework/security/web/context/AbstractSecurityWebApplicationInitializerTests.java
+++ b/web/src/test/java/org/springframework/security/web/context/AbstractSecurityWebApplicationInitializerTests.java
@@ -92,11 +92,6 @@ public class AbstractSecurityWebApplicationInitializerTests {
 		verify(context).addListener(any(ContextLoaderListener.class));
 	}
 
-	@Configuration
-	static class MyRootConfiguration {
-
-	}
-
 	@Test
 	public void onStartupWhenEnableHttpSessionEventPublisherIsTrueThenAddsHttpSessionEventPublisher() {
 		ServletContext context = mock(ServletContext.class);
@@ -435,4 +430,9 @@ public class AbstractSecurityWebApplicationInitializerTests {
 		assertThat(proxy).hasFieldOrPropertyWithValue("targetBeanName", "springSecurityFilterChain");
 	}
 
+	@Configuration
+	static class MyRootConfiguration {
+
+	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/method/ResolvableMethod.java b/web/src/test/java/org/springframework/security/web/method/ResolvableMethod.java
index 58c6eccc9b..37fe725548 100644
--- a/web/src/test/java/org/springframework/security/web/method/ResolvableMethod.java
+++ b/web/src/test/java/org/springframework/security/web/method/ResolvableMethod.java
@@ -250,6 +250,52 @@ public final class ResolvableMethod {
 		return new Builder<>(objectClass);
 	}
 
+	@SuppressWarnings("unchecked")
+	private static <T> T initProxy(Class<?> type, MethodInvocationInterceptor interceptor) {
+		Assert.notNull(type, "'type' must not be null");
+		if (type.isInterface()) {
+			ProxyFactory factory = new ProxyFactory(EmptyTargetSource.INSTANCE);
+			factory.addInterface(type);
+			factory.addInterface(Supplier.class);
+			factory.addAdvice(interceptor);
+			return (T) factory.getProxy();
+		}
+
+		else {
+			Enhancer enhancer = new Enhancer();
+			enhancer.setSuperclass(type);
+			enhancer.setInterfaces(new Class<?>[] { Supplier.class });
+			enhancer.setNamingPolicy(SpringNamingPolicy.INSTANCE);
+			enhancer.setCallbackType(org.springframework.cglib.proxy.MethodInterceptor.class);
+
+			Class<?> proxyClass = enhancer.createClass();
+			Object proxy = null;
+
+			if (objenesis.isWorthTrying()) {
+				try {
+					proxy = objenesis.newInstance(proxyClass, enhancer.getUseCache());
+				}
+				catch (ObjenesisException ex) {
+					logger.debug("Objenesis failed, falling back to default constructor", ex);
+				}
+			}
+
+			if (proxy == null) {
+				try {
+					proxy = ReflectionUtils.accessibleConstructor(proxyClass).newInstance();
+				}
+				catch (Throwable ex) {
+					throw new IllegalStateException(
+							"Unable to instantiate proxy " + "via both Objenesis and default constructor fails as well",
+							ex);
+				}
+			}
+
+			((Factory) proxy).setCallbacks(new Callback[] { interceptor });
+			return (T) proxy;
+		}
+	}
+
 	/**
 	 * Builder for {@code ResolvableMethod}.
 	 */
@@ -613,50 +659,4 @@ public final class ResolvableMethod {
 
 	}
 
-	@SuppressWarnings("unchecked")
-	private static <T> T initProxy(Class<?> type, MethodInvocationInterceptor interceptor) {
-		Assert.notNull(type, "'type' must not be null");
-		if (type.isInterface()) {
-			ProxyFactory factory = new ProxyFactory(EmptyTargetSource.INSTANCE);
-			factory.addInterface(type);
-			factory.addInterface(Supplier.class);
-			factory.addAdvice(interceptor);
-			return (T) factory.getProxy();
-		}
-
-		else {
-			Enhancer enhancer = new Enhancer();
-			enhancer.setSuperclass(type);
-			enhancer.setInterfaces(new Class<?>[] { Supplier.class });
-			enhancer.setNamingPolicy(SpringNamingPolicy.INSTANCE);
-			enhancer.setCallbackType(org.springframework.cglib.proxy.MethodInterceptor.class);
-
-			Class<?> proxyClass = enhancer.createClass();
-			Object proxy = null;
-
-			if (objenesis.isWorthTrying()) {
-				try {
-					proxy = objenesis.newInstance(proxyClass, enhancer.getUseCache());
-				}
-				catch (ObjenesisException ex) {
-					logger.debug("Objenesis failed, falling back to default constructor", ex);
-				}
-			}
-
-			if (proxy == null) {
-				try {
-					proxy = ReflectionUtils.accessibleConstructor(proxyClass).newInstance();
-				}
-				catch (Throwable ex) {
-					throw new IllegalStateException(
-							"Unable to instantiate proxy " + "via both Objenesis and default constructor fails as well",
-							ex);
-				}
-			}
-
-			((Factory) proxy).setCallbacks(new Callback[] { interceptor });
-			return (T) proxy;
-		}
-	}
-
 }
diff --git a/web/src/test/java/org/springframework/security/web/method/annotation/AuthenticationPrincipalArgumentResolverTests.java b/web/src/test/java/org/springframework/security/web/method/annotation/AuthenticationPrincipalArgumentResolverTests.java
index 9d5af585de..c4a5545f84 100644
--- a/web/src/test/java/org/springframework/security/web/method/annotation/AuthenticationPrincipalArgumentResolverTests.java
+++ b/web/src/test/java/org/springframework/security/web/method/annotation/AuthenticationPrincipalArgumentResolverTests.java
@@ -204,6 +204,12 @@ public class AuthenticationPrincipalArgumentResolverTests {
 		return new MethodParameter(method, 0);
 	}
 
+	private void setAuthenticationPrincipal(Object principal) {
+		this.expectedPrincipal = principal;
+		SecurityContextHolder.getContext()
+				.setAuthentication(new TestingAuthenticationToken(this.expectedPrincipal, "password", "ROLE_USER"));
+	}
+
 	@Target({ ElementType.PARAMETER })
 	@Retention(RetentionPolicy.RUNTIME)
 	@AuthenticationPrincipal
@@ -305,10 +311,4 @@ public class AuthenticationPrincipalArgumentResolverTests {
 
 	}
 
-	private void setAuthenticationPrincipal(Object principal) {
-		this.expectedPrincipal = principal;
-		SecurityContextHolder.getContext()
-				.setAuthentication(new TestingAuthenticationToken(this.expectedPrincipal, "password", "ROLE_USER"));
-	}
-
 }
diff --git a/web/src/test/java/org/springframework/security/web/method/annotation/CurrentSecurityContextArgumentResolverTests.java b/web/src/test/java/org/springframework/security/web/method/annotation/CurrentSecurityContextArgumentResolverTests.java
index 61d4f06744..e2c94bfa5f 100644
--- a/web/src/test/java/org/springframework/security/web/method/annotation/CurrentSecurityContextArgumentResolverTests.java
+++ b/web/src/test/java/org/springframework/security/web/method/annotation/CurrentSecurityContextArgumentResolverTests.java
@@ -259,6 +259,23 @@ public class CurrentSecurityContextArgumentResolverTests {
 		return new MethodParameter(method, 0);
 	}
 
+	private void setAuthenticationPrincipal(Object principal) {
+		SecurityContextHolder.getContext()
+				.setAuthentication(new TestingAuthenticationToken(principal, "password", "ROLE_USER"));
+	}
+
+	private void setAuthenticationPrincipalWithCustomSecurityContext(Object principal) {
+		CustomSecurityContext csc = new CustomSecurityContext();
+		csc.setAuthentication(new TestingAuthenticationToken(principal, "password", "ROLE_USER"));
+		SecurityContextHolder.setContext(csc);
+	}
+
+	private void setAuthenticationDetail(Object detail) {
+		TestingAuthenticationToken tat = new TestingAuthenticationToken("user", "password", "ROLE_USER");
+		tat.setDetails(detail);
+		SecurityContextHolder.getContext().setAuthentication(tat);
+	}
+
 	public static class TestController {
 
 		public void showSecurityContextNoAnnotation(String user) {
@@ -317,17 +334,6 @@ public class CurrentSecurityContextArgumentResolverTests {
 
 	}
 
-	private void setAuthenticationPrincipal(Object principal) {
-		SecurityContextHolder.getContext()
-				.setAuthentication(new TestingAuthenticationToken(principal, "password", "ROLE_USER"));
-	}
-
-	private void setAuthenticationPrincipalWithCustomSecurityContext(Object principal) {
-		CustomSecurityContext csc = new CustomSecurityContext();
-		csc.setAuthentication(new TestingAuthenticationToken(principal, "password", "ROLE_USER"));
-		SecurityContextHolder.setContext(csc);
-	}
-
 	static class CustomSecurityContext implements SecurityContext {
 
 		private Authentication authentication;
@@ -365,10 +371,4 @@ public class CurrentSecurityContextArgumentResolverTests {
 
 	}
 
-	private void setAuthenticationDetail(Object detail) {
-		TestingAuthenticationToken tat = new TestingAuthenticationToken("user", "password", "ROLE_USER");
-		tat.setDetails(detail);
-		SecurityContextHolder.getContext().setAuthentication(tat);
-	}
-
 }
diff --git a/web/src/test/java/org/springframework/security/web/reactive/result/method/annotation/CurrentSecurityContextArgumentResolverTests.java b/web/src/test/java/org/springframework/security/web/reactive/result/method/annotation/CurrentSecurityContextArgumentResolverTests.java
index a6e3c40c26..f138550b42 100644
--- a/web/src/test/java/org/springframework/security/web/reactive/result/method/annotation/CurrentSecurityContextArgumentResolverTests.java
+++ b/web/src/test/java/org/springframework/security/web/reactive/result/method/annotation/CurrentSecurityContextArgumentResolverTests.java
@@ -348,6 +348,10 @@ public class CurrentSecurityContextArgumentResolverTests {
 			@CurrentSecurityWithErrorOnInvalidType Mono<String> typeMisMatch) {
 	}
 
+	private Authentication buildAuthenticationWithPrincipal(Object principal) {
+		return new TestingAuthenticationToken(principal, "password", "ROLE_USER");
+	}
+
 	@Target({ ElementType.PARAMETER })
 	@Retention(RetentionPolicy.RUNTIME)
 	@CurrentSecurityContext
@@ -389,8 +393,4 @@ public class CurrentSecurityContextArgumentResolverTests {
 
 	}
 
-	private Authentication buildAuthenticationWithPrincipal(Object principal) {
-		return new TestingAuthenticationToken(principal, "password", "ROLE_USER");
-	}
-
 }
diff --git a/web/src/test/java/org/springframework/security/web/util/ThrowableAnalyzerTests.java b/web/src/test/java/org/springframework/security/web/util/ThrowableAnalyzerTests.java
index 390aae5c85..1c6fa7efb6 100644
--- a/web/src/test/java/org/springframework/security/web/util/ThrowableAnalyzerTests.java
+++ b/web/src/test/java/org/springframework/security/web/util/ThrowableAnalyzerTests.java
@@ -31,39 +31,6 @@ import static org.assertj.core.api.Assertions.fail;
 @SuppressWarnings("unchecked")
 public class ThrowableAnalyzerTests {
 
-	/**
-	 * Exception for testing purposes. The cause is not retrievable by {@link #getCause()}
-	 * .
-	 */
-	public static final class NonStandardException extends Exception {
-
-		private Throwable cause;
-
-		public NonStandardException(String message, Throwable cause) {
-			super(message);
-			this.cause = cause;
-		}
-
-		public Throwable resolveCause() {
-			return this.cause;
-		}
-
-	}
-
-	/**
-	 * <code>ThrowableCauseExtractor</code> for handling <code>NonStandardException</code>
-	 * instances.
-	 */
-	public static final class NonStandardExceptionCauseExtractor implements ThrowableCauseExtractor {
-
-		@Override
-		public Throwable extractCause(Throwable throwable) {
-			ThrowableAnalyzer.verifyThrowableHierarchy(throwable, NonStandardException.class);
-			return ((NonStandardException) throwable).resolveCause();
-		}
-
-	}
-
 	/**
 	 * An array of nested throwables for testing. The cause of element 0 is element 1, the
 	 * cause of element 1 is element 2 and so on.
@@ -282,4 +249,37 @@ public class ThrowableAnalyzerTests {
 		}
 	}
 
+	/**
+	 * Exception for testing purposes. The cause is not retrievable by {@link #getCause()}
+	 * .
+	 */
+	public static final class NonStandardException extends Exception {
+
+		private Throwable cause;
+
+		public NonStandardException(String message, Throwable cause) {
+			super(message);
+			this.cause = cause;
+		}
+
+		public Throwable resolveCause() {
+			return this.cause;
+		}
+
+	}
+
+	/**
+	 * <code>ThrowableCauseExtractor</code> for handling <code>NonStandardException</code>
+	 * instances.
+	 */
+	public static final class NonStandardExceptionCauseExtractor implements ThrowableCauseExtractor {
+
+		@Override
+		public Throwable extractCause(Throwable throwable) {
+			ThrowableAnalyzer.verifyThrowableHierarchy(throwable, NonStandardException.class);
+			return ((NonStandardException) throwable).resolveCause();
+		}
+
+	}
+
 }

From 3e700e757128378641057ce0c454e8d48bdc6d0a Mon Sep 17 00:00:00 2001
From: Phillip Webb <pwebb@vmware.com>
Date: Wed, 5 Aug 2020 19:55:36 -0700
Subject: [PATCH 22/84] Remove (non-Javadoc) comments

Search and replace using '(?s)/\*\s*\* \(non-Javadoc\).*?\*/' to remove
all "(non-Javadoc)" comments. These comments used to be added
automatically by Eclipse, but are not really necessary.

Issue gh-8945
---
 .../annotation/AbstractSecurityBuilder.java   |  5 ---
 ...utowireBeanFactoryObjectPostProcessor.java | 18 ----------
 .../GlobalMethodSecurityConfiguration.java    |  6 ----
 .../annotation/web/builders/HttpSecurity.java | 33 -------------------
 .../SpringWebMvcImportSelector.java           |  6 ----
 .../WebSecurityConfiguration.java             | 13 --------
 .../web/configurers/FormLoginConfigurer.java  |  7 ----
 .../openid/OpenIDLoginConfigurer.java         |  7 ----
 .../config/http/CsrfBeanDefinitionParser.java |  7 ----
 ...HandlerMappingIntrospectorFactoryBean.java |  6 ----
 .../customconfigurer/CustomConfigurer.java    |  7 ----
 ...thodSecurityBeanDefinitionParserTests.java |  7 ----
 .../SimpleMappableAttributesRetriever.java    |  7 ----
 .../AnnotationParameterNameDiscoverer.java    | 12 -------
 ...thenticationPrincipalArgumentResolver.java | 15 ---------
 .../openid/OpenIDAuthenticationProvider.java  | 14 --------
 .../remoting/dns/JndiDnsResolver.java         | 21 ------------
 .../SecurityMockMvcRequestPostProcessors.java | 12 -------
 ...ChangeSessionIdAuthenticationStrategy.java |  7 ----
 ...ompositeSessionAuthenticationStrategy.java |  8 -----
 ...thenticationPrincipalArgumentResolver.java | 15 ---------
 ...ractSecurityWebApplicationInitializer.java |  6 ----
 .../web/csrf/CsrfAuthenticationStrategy.java  |  8 -----
 .../security/web/csrf/CsrfFilter.java         | 15 ---------
 .../security/web/csrf/DefaultCsrfToken.java   | 15 ---------
 .../csrf/HttpSessionCsrfTokenRepository.java  | 20 -----------
 .../web/header/HeaderWriterFilter.java        |  6 ----
 .../DelegatingRequestMatcherHeaderWriter.java |  7 ----
 .../web/header/writers/HpkpHeaderWriter.java  |  6 ----
 .../web/header/writers/HstsHeaderWriter.java  |  6 ----
 ...thenticationPrincipalArgumentResolver.java | 15 ---------
 .../annotation/CsrfTokenArgumentResolver.java | 15 ---------
 .../web/server/csrf/DefaultCsrfToken.java     | 15 ---------
 .../header/StaticServerHttpHeadersWriter.java |  7 ----
 ...nsportSecurityServerHttpHeadersWriter.java |  7 ----
 .../XFrameOptionsServerHttpHeadersWriter.java |  6 ----
 ...XXssProtectionServerHttpHeadersWriter.java |  7 ----
 .../matcher/AndServerWebExchangeMatcher.java  |  6 ----
 .../NegatedServerWebExchangeMatcher.java      |  6 ----
 .../matcher/OrServerWebExchangeMatcher.java   |  6 ----
 .../util/matcher/MvcRequestMatcher.java       |  6 ----
 .../ConcurrentSessionFilterTests.java         |  8 +----
 42 files changed, 1 insertion(+), 425 deletions(-)

diff --git a/config/src/main/java/org/springframework/security/config/annotation/AbstractSecurityBuilder.java b/config/src/main/java/org/springframework/security/config/annotation/AbstractSecurityBuilder.java
index bc8aa3d53f..e56eec175e 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/AbstractSecurityBuilder.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/AbstractSecurityBuilder.java
@@ -31,11 +31,6 @@ public abstract class AbstractSecurityBuilder<O> implements SecurityBuilder<O> {
 
 	private O object;
 
-	/*
-	 * (non-Javadoc)
-	 *
-	 * @see org.springframework.security.config.annotation.SecurityBuilder#build()
-	 */
 	@Override
 	public final O build() throws Exception {
 		if (this.building.compareAndSet(false, true)) {
diff --git a/config/src/main/java/org/springframework/security/config/annotation/configuration/AutowireBeanFactoryObjectPostProcessor.java b/config/src/main/java/org/springframework/security/config/annotation/configuration/AutowireBeanFactoryObjectPostProcessor.java
index f2187b6872..458715e894 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/configuration/AutowireBeanFactoryObjectPostProcessor.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/configuration/AutowireBeanFactoryObjectPostProcessor.java
@@ -53,13 +53,6 @@ final class AutowireBeanFactoryObjectPostProcessor
 		this.autowireBeanFactory = autowireBeanFactory;
 	}
 
-	/*
-	 * (non-Javadoc)
-	 *
-	 * @see
-	 * org.springframework.security.config.annotation.web.Initializer#initialize(java.
-	 * lang.Object)
-	 */
 	@Override
 	@SuppressWarnings("unchecked")
 	public <T> T postProcess(T object) {
@@ -84,12 +77,6 @@ final class AutowireBeanFactoryObjectPostProcessor
 		return result;
 	}
 
-	/*
-	 * (non-Javadoc)
-	 *
-	 * @see org.springframework.beans.factory.SmartInitializingSingleton#
-	 * afterSingletonsInstantiated()
-	 */
 	@Override
 	public void afterSingletonsInstantiated() {
 		for (SmartInitializingSingleton singleton : this.smartSingletons) {
@@ -97,11 +84,6 @@ final class AutowireBeanFactoryObjectPostProcessor
 		}
 	}
 
-	/*
-	 * (non-Javadoc)
-	 *
-	 * @see org.springframework.beans.factory.DisposableBean#destroy()
-	 */
 	@Override
 	public void destroy() {
 		for (DisposableBean disposable : this.disposableBeans) {
diff --git a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfiguration.java
index fea0c10fd5..5748ed7773 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfiguration.java
@@ -148,12 +148,6 @@ public class GlobalMethodSecurityConfiguration implements ImportAware, SmartInit
 		return this.methodSecurityInterceptor;
 	}
 
-	/*
-	 * (non-Javadoc)
-	 *
-	 * @see org.springframework.beans.factory.SmartInitializingSingleton#
-	 * afterSingletonsInstantiated()
-	 */
 	@Override
 	public void afterSingletonsInstantiated() {
 		try {
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java b/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java
index 89a89f6d1c..593272e0d1 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java
@@ -2525,26 +2525,12 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 		return new DefaultSecurityFilterChain(this.requestMatcher, this.filters);
 	}
 
-	/*
-	 * (non-Javadoc)
-	 *
-	 * @see org.springframework.security.config.annotation.web.HttpSecurityBuilder#
-	 * authenticationProvider
-	 * (org.springframework.security.authentication.AuthenticationProvider)
-	 */
 	@Override
 	public HttpSecurity authenticationProvider(AuthenticationProvider authenticationProvider) {
 		getAuthenticationRegistry().authenticationProvider(authenticationProvider);
 		return this;
 	}
 
-	/*
-	 * (non-Javadoc)
-	 *
-	 * @see org.springframework.security.config.annotation.web.HttpSecurityBuilder#
-	 * userDetailsService
-	 * (org.springframework.security.core.userdetails.UserDetailsService)
-	 */
 	@Override
 	public HttpSecurity userDetailsService(UserDetailsService userDetailsService) throws Exception {
 		getAuthenticationRegistry().userDetailsService(userDetailsService);
@@ -2555,37 +2541,18 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 		return getSharedObject(AuthenticationManagerBuilder.class);
 	}
 
-	/*
-	 * (non-Javadoc)
-	 *
-	 * @see org.springframework.security.config.annotation.web.HttpSecurityBuilder#
-	 * addFilterAfter(javax .servlet.Filter, java.lang.Class)
-	 */
 	@Override
 	public HttpSecurity addFilterAfter(Filter filter, Class<? extends Filter> afterFilter) {
 		this.comparator.registerAfter(filter.getClass(), afterFilter);
 		return addFilter(filter);
 	}
 
-	/*
-	 * (non-Javadoc)
-	 *
-	 * @see org.springframework.security.config.annotation.web.HttpSecurityBuilder#
-	 * addFilterBefore( javax.servlet.Filter, java.lang.Class)
-	 */
 	@Override
 	public HttpSecurity addFilterBefore(Filter filter, Class<? extends Filter> beforeFilter) {
 		this.comparator.registerBefore(filter.getClass(), beforeFilter);
 		return addFilter(filter);
 	}
 
-	/*
-	 * (non-Javadoc)
-	 *
-	 * @see
-	 * org.springframework.security.config.annotation.web.HttpSecurityBuilder#addFilter(
-	 * javax. servlet.Filter)
-	 */
 	@Override
 	public HttpSecurity addFilter(Filter filter) {
 		Class<? extends Filter> filterClass = filter.getClass();
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/SpringWebMvcImportSelector.java b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/SpringWebMvcImportSelector.java
index 2550cb8cc8..d43c691d5f 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/SpringWebMvcImportSelector.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/SpringWebMvcImportSelector.java
@@ -29,12 +29,6 @@ import org.springframework.util.ClassUtils;
  */
 class SpringWebMvcImportSelector implements ImportSelector {
 
-	/*
-	 * (non-Javadoc)
-	 *
-	 * @see org.springframework.context.annotation.ImportSelector#selectImports(org.
-	 * springframework .core.type.AnnotationMetadata)
-	 */
 	@Override
 	public String[] selectImports(AnnotationMetadata importingClassMetadata) {
 		boolean webmvcPresent = ClassUtils.isPresent("org.springframework.web.servlet.DispatcherServlet",
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.java
index c49fa0bbe9..3efddad82d 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.java
@@ -188,12 +188,6 @@ public class WebSecurityConfiguration implements ImportAware, BeanClassLoaderAwa
 		return new AutowiredWebSecurityConfigurersIgnoreParents(beanFactory);
 	}
 
-	/*
-	 * (non-Javadoc)
-	 *
-	 * @see org.springframework.context.annotation.ImportAware#setImportMetadata(org.
-	 * springframework.core.type.AnnotationMetadata)
-	 */
 	@Override
 	public void setImportMetadata(AnnotationMetadata importMetadata) {
 		Map<String, Object> enableWebSecurityAttrMap = importMetadata
@@ -205,13 +199,6 @@ public class WebSecurityConfiguration implements ImportAware, BeanClassLoaderAwa
 		}
 	}
 
-	/*
-	 * (non-Javadoc)
-	 *
-	 * @see
-	 * org.springframework.beans.factory.BeanClassLoaderAware#setBeanClassLoader(java.
-	 * lang.ClassLoader)
-	 */
 	@Override
 	public void setBeanClassLoader(ClassLoader classLoader) {
 		this.beanClassLoader = classLoader;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/FormLoginConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/FormLoginConfigurer.java
index 840ac4a12f..22044d3b09 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/FormLoginConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/FormLoginConfigurer.java
@@ -231,13 +231,6 @@ public final class FormLoginConfigurer<H extends HttpSecurityBuilder<H>> extends
 		initDefaultLoginFilter(http);
 	}
 
-	/*
-	 * (non-Javadoc)
-	 *
-	 * @see org.springframework.security.config.annotation.web.configurers.
-	 * AbstractAuthenticationFilterConfigurer
-	 * #createLoginProcessingUrlMatcher(java.lang.String)
-	 */
 	@Override
 	protected RequestMatcher createLoginProcessingUrlMatcher(String loginProcessingUrl) {
 		return new AntPathRequestMatcher(loginProcessingUrl, "POST");
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurer.java
index 7d304bb37e..68904ef0d6 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurer.java
@@ -294,13 +294,6 @@ public final class OpenIDLoginConfigurer<H extends HttpSecurityBuilder<H>>
 		super.configure(http);
 	}
 
-	/*
-	 * (non-Javadoc)
-	 *
-	 * @see org.springframework.security.config.annotation.web.configurers.
-	 * AbstractAuthenticationFilterConfigurer
-	 * #createLoginProcessingUrlMatcher(java.lang.String)
-	 */
 	@Override
 	protected RequestMatcher createLoginProcessingUrlMatcher(String loginProcessingUrl) {
 		return new AntPathRequestMatcher(loginProcessingUrl);
diff --git a/config/src/main/java/org/springframework/security/config/http/CsrfBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/CsrfBeanDefinitionParser.java
index 1c2ca21a68..95f2fee856 100644
--- a/config/src/main/java/org/springframework/security/config/http/CsrfBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/CsrfBeanDefinitionParser.java
@@ -203,13 +203,6 @@ public class CsrfBeanDefinitionParser implements BeanDefinitionParser {
 
 		private final HashSet<String> allowedMethods = new HashSet<>(Arrays.asList("GET", "HEAD", "TRACE", "OPTIONS"));
 
-		/*
-		 * (non-Javadoc)
-		 *
-		 * @see
-		 * org.springframework.security.web.util.matcher.RequestMatcher#matches(javax.
-		 * servlet.http.HttpServletRequest)
-		 */
 		@Override
 		public boolean matches(HttpServletRequest request) {
 			return !this.allowedMethods.contains(request.getMethod());
diff --git a/config/src/main/java/org/springframework/security/config/http/HandlerMappingIntrospectorFactoryBean.java b/config/src/main/java/org/springframework/security/config/http/HandlerMappingIntrospectorFactoryBean.java
index 20fc6bcedd..3b991a8d38 100644
--- a/config/src/main/java/org/springframework/security/config/http/HandlerMappingIntrospectorFactoryBean.java
+++ b/config/src/main/java/org/springframework/security/config/http/HandlerMappingIntrospectorFactoryBean.java
@@ -54,12 +54,6 @@ class HandlerMappingIntrospectorFactoryBean
 		return HandlerMappingIntrospector.class;
 	}
 
-	/*
-	 * (non-Javadoc)
-	 *
-	 * @see org.springframework.context.ApplicationContextAware#setApplicationContext(org.
-	 * springframework.context.ApplicationContext)
-	 */
 	@Override
 	public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
 		this.context = applicationContext;
diff --git a/config/src/test/java/org/springframework/security/config/http/customconfigurer/CustomConfigurer.java b/config/src/test/java/org/springframework/security/config/http/customconfigurer/CustomConfigurer.java
index 730e35620a..4978bee95b 100644
--- a/config/src/test/java/org/springframework/security/config/http/customconfigurer/CustomConfigurer.java
+++ b/config/src/test/java/org/springframework/security/config/http/customconfigurer/CustomConfigurer.java
@@ -33,13 +33,6 @@ public class CustomConfigurer extends SecurityConfigurerAdapter<DefaultSecurityF
 
 	private String loginPage = "/login";
 
-	/*
-	 * (non-Javadoc)
-	 *
-	 * @see
-	 * org.springframework.security.config.annotation.SecurityConfigurerAdapter#init(org.
-	 * springframework.security.config.annotation.SecurityBuilder)
-	 */
 	@SuppressWarnings("unchecked")
 	@Override
 	public void init(HttpSecurity http) throws Exception {
diff --git a/config/src/test/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParserTests.java
index 81a8a3838d..880de2e9a7 100644
--- a/config/src/test/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParserTests.java
@@ -414,13 +414,6 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
 			return this.authenticationManager.authenticate(authentication);
 		}
 
-		/*
-		 * (non-Javadoc)
-		 *
-		 * @see
-		 * org.springframework.context.ApplicationContextAware#setApplicationContext(org
-		 * .springframework.context.ApplicationContext)
-		 */
 		@Override
 		public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
 			this.authenticationManager = applicationContext.getBean(this.beanName, AuthenticationManager.class);
diff --git a/core/src/main/java/org/springframework/security/core/authority/mapping/SimpleMappableAttributesRetriever.java b/core/src/main/java/org/springframework/security/core/authority/mapping/SimpleMappableAttributesRetriever.java
index 0244a701f5..72fad62e19 100755
--- a/core/src/main/java/org/springframework/security/core/authority/mapping/SimpleMappableAttributesRetriever.java
+++ b/core/src/main/java/org/springframework/security/core/authority/mapping/SimpleMappableAttributesRetriever.java
@@ -30,13 +30,6 @@ public class SimpleMappableAttributesRetriever implements MappableAttributesRetr
 
 	private Set<String> mappableAttributes = null;
 
-	/*
-	 * (non-Javadoc)
-	 *
-	 * @see
-	 * org.springframework.security.core.authority.mapping.MappableAttributesRetriever
-	 * #getMappableAttributes()
-	 */
 	@Override
 	public Set<String> getMappableAttributes() {
 		return this.mappableAttributes;
diff --git a/core/src/main/java/org/springframework/security/core/parameters/AnnotationParameterNameDiscoverer.java b/core/src/main/java/org/springframework/security/core/parameters/AnnotationParameterNameDiscoverer.java
index 897d8b46c3..dcbf25b4ca 100644
--- a/core/src/main/java/org/springframework/security/core/parameters/AnnotationParameterNameDiscoverer.java
+++ b/core/src/main/java/org/springframework/security/core/parameters/AnnotationParameterNameDiscoverer.java
@@ -98,12 +98,6 @@ public class AnnotationParameterNameDiscoverer implements ParameterNameDiscovere
 		this.annotationClassesToUse = annotationClassesToUse;
 	}
 
-	/*
-	 * (non-Javadoc)
-	 *
-	 * @see org.springframework.core.ParameterNameDiscoverer#getParameterNames(java
-	 * .lang.reflect.Method)
-	 */
 	@Override
 	public String[] getParameterNames(Method method) {
 		Method originalMethod = BridgeMethodResolver.findBridgedMethod(method);
@@ -122,12 +116,6 @@ public class AnnotationParameterNameDiscoverer implements ParameterNameDiscovere
 		return paramNames;
 	}
 
-	/*
-	 * (non-Javadoc)
-	 *
-	 * @see org.springframework.core.ParameterNameDiscoverer#getParameterNames(java
-	 * .lang.reflect.Constructor)
-	 */
 	@Override
 	public String[] getParameterNames(Constructor<?> constructor) {
 		return lookupParameterNames(CONSTRUCTOR_METHODPARAM_FACTORY, constructor);
diff --git a/messaging/src/main/java/org/springframework/security/messaging/context/AuthenticationPrincipalArgumentResolver.java b/messaging/src/main/java/org/springframework/security/messaging/context/AuthenticationPrincipalArgumentResolver.java
index c9e5373188..75df6830d7 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/context/AuthenticationPrincipalArgumentResolver.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/context/AuthenticationPrincipalArgumentResolver.java
@@ -85,26 +85,11 @@ public final class AuthenticationPrincipalArgumentResolver implements HandlerMet
 
 	private ExpressionParser parser = new SpelExpressionParser();
 
-	/*
-	 * (non-Javadoc)
-	 *
-	 * @see
-	 * org.springframework.messaging.handler.invocation.HandlerMethodArgumentResolver#
-	 * supportsParameter(org.springframework.core.MethodParameter)
-	 */
 	@Override
 	public boolean supportsParameter(MethodParameter parameter) {
 		return findMethodAnnotation(AuthenticationPrincipal.class, parameter) != null;
 	}
 
-	/*
-	 * (non-Javadoc)
-	 *
-	 * @see
-	 * org.springframework.messaging.handler.invocation.HandlerMethodArgumentResolver#
-	 * resolveArgument(org.springframework.core.MethodParameter,
-	 * org.springframework.messaging.Message)
-	 */
 	@Override
 	public Object resolveArgument(MethodParameter parameter, Message<?> message) {
 		Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
diff --git a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationProvider.java b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationProvider.java
index 9defb71032..f6d772bc2c 100644
--- a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationProvider.java
+++ b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationProvider.java
@@ -63,13 +63,6 @@ public class OpenIDAuthenticationProvider implements AuthenticationProvider, Ini
 		Assert.notNull(this.userDetailsService, "The userDetailsService must be set");
 	}
 
-	/*
-	 * (non-Javadoc)
-	 *
-	 * @see
-	 * org.springframework.security.authentication.AuthenticationProvider#authenticate
-	 * (org.springframework.security.Authentication)
-	 */
 	@Override
 	public Authentication authenticate(final Authentication authentication) throws AuthenticationException {
 
@@ -142,13 +135,6 @@ public class OpenIDAuthenticationProvider implements AuthenticationProvider, Ini
 		this.userDetailsService = userDetailsService;
 	}
 
-	/*
-	 * (non-Javadoc)
-	 *
-	 * @see
-	 * org.springframework.security.authentication.AuthenticationProvider#supports(java
-	 * .lang.Class)
-	 */
 	@Override
 	public boolean supports(Class<?> authentication) {
 		return OpenIDAuthenticationToken.class.isAssignableFrom(authentication);
diff --git a/remoting/src/main/java/org/springframework/security/remoting/dns/JndiDnsResolver.java b/remoting/src/main/java/org/springframework/security/remoting/dns/JndiDnsResolver.java
index 5bfcb31f9b..e196323ba1 100644
--- a/remoting/src/main/java/org/springframework/security/remoting/dns/JndiDnsResolver.java
+++ b/remoting/src/main/java/org/springframework/security/remoting/dns/JndiDnsResolver.java
@@ -54,37 +54,16 @@ public class JndiDnsResolver implements DnsResolver {
 		this.ctxFactory = ctxFactory;
 	}
 
-	/*
-	 * (non-Javadoc)
-	 *
-	 * @see
-	 * org.springframework.security.remoting.dns.DnsResolver#resolveIpAddress(java.lang
-	 * .String)
-	 */
 	@Override
 	public String resolveIpAddress(String hostname) {
 		return resolveIpAddress(hostname, this.ctxFactory.getCtx());
 	}
 
-	/*
-	 * (non-Javadoc)
-	 *
-	 * @see
-	 * org.springframework.security.remoting.dns.DnsResolver#resolveServiceEntry(java.
-	 * lang.String, java.lang.String)
-	 */
 	@Override
 	public String resolveServiceEntry(String serviceType, String domain) {
 		return resolveServiceEntry(serviceType, domain, this.ctxFactory.getCtx());
 	}
 
-	/*
-	 * (non-Javadoc)
-	 *
-	 * @see
-	 * org.springframework.security.remoting.dns.DnsResolver#resolveServiceIpAddress(java
-	 * .lang.String, java.lang.String)
-	 */
 	@Override
 	public String resolveServiceIpAddress(String serviceType, String domain) {
 		DirContext ctx = this.ctxFactory.getCtx();
diff --git a/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessors.java b/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessors.java
index e40a60659b..36723adf10 100644
--- a/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessors.java
+++ b/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessors.java
@@ -489,12 +489,6 @@ public final class SecurityMockMvcRequestPostProcessors {
 		private CsrfRequestPostProcessor() {
 		}
 
-		/*
-		 * (non-Javadoc)
-		 *
-		 * @see org.springframework.test.web.servlet.request.RequestPostProcessor
-		 * #postProcessRequest (org.springframework.mock.web.MockHttpServletRequest)
-		 */
 		@Override
 		public MockHttpServletRequest postProcessRequest(MockHttpServletRequest request) {
 			CsrfTokenRepository repository = WebTestUtils.getCsrfTokenRepository(request);
@@ -1022,12 +1016,6 @@ public final class SecurityMockMvcRequestPostProcessors {
 				new AnonymousAuthenticationToken("key", "anonymous",
 						AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS")));
 
-		/*
-		 * (non-Javadoc)
-		 *
-		 * @see org.springframework.test.web.servlet.request.RequestPostProcessor#
-		 * postProcessRequest(org.springframework.mock.web.MockHttpServletRequest)
-		 */
 		@Override
 		public MockHttpServletRequest postProcessRequest(MockHttpServletRequest request) {
 			return this.delegate.postProcessRequest(request);
diff --git a/web/src/main/java/org/springframework/security/web/authentication/session/ChangeSessionIdAuthenticationStrategy.java b/web/src/main/java/org/springframework/security/web/authentication/session/ChangeSessionIdAuthenticationStrategy.java
index 1a70662205..88e3500a60 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/session/ChangeSessionIdAuthenticationStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/session/ChangeSessionIdAuthenticationStrategy.java
@@ -27,13 +27,6 @@ import javax.servlet.http.HttpSession;
  */
 public final class ChangeSessionIdAuthenticationStrategy extends AbstractSessionFixationProtectionStrategy {
 
-	/*
-	 * (non-Javadoc)
-	 *
-	 * @see org.springframework.security.web.authentication.session.
-	 * AbstractSessionFixationProtectionStrategy
-	 * #applySessionFixation(javax.servlet.http.HttpServletRequest)
-	 */
 	@Override
 	HttpSession applySessionFixation(HttpServletRequest request) {
 		request.changeSessionId();
diff --git a/web/src/main/java/org/springframework/security/web/authentication/session/CompositeSessionAuthenticationStrategy.java b/web/src/main/java/org/springframework/security/web/authentication/session/CompositeSessionAuthenticationStrategy.java
index e37e824848..177385efd5 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/session/CompositeSessionAuthenticationStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/session/CompositeSessionAuthenticationStrategy.java
@@ -70,14 +70,6 @@ public class CompositeSessionAuthenticationStrategy implements SessionAuthentica
 		this.delegateStrategies = delegateStrategies;
 	}
 
-	/*
-	 * (non-Javadoc)
-	 *
-	 * @see org.springframework.security.web.authentication.session.
-	 * SessionAuthenticationStrategy
-	 * #onAuthentication(org.springframework.security.core.Authentication,
-	 * javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
-	 */
 	@Override
 	public void onAuthentication(Authentication authentication, HttpServletRequest request,
 			HttpServletResponse response) throws SessionAuthenticationException {
diff --git a/web/src/main/java/org/springframework/security/web/bind/support/AuthenticationPrincipalArgumentResolver.java b/web/src/main/java/org/springframework/security/web/bind/support/AuthenticationPrincipalArgumentResolver.java
index d6208ff6a9..dcd3d7e56d 100644
--- a/web/src/main/java/org/springframework/security/web/bind/support/AuthenticationPrincipalArgumentResolver.java
+++ b/web/src/main/java/org/springframework/security/web/bind/support/AuthenticationPrincipalArgumentResolver.java
@@ -86,26 +86,11 @@ import org.springframework.web.method.support.ModelAndViewContainer;
 @Deprecated
 public final class AuthenticationPrincipalArgumentResolver implements HandlerMethodArgumentResolver {
 
-	/*
-	 * (non-Javadoc)
-	 *
-	 * @see org.springframework.web.method.support.HandlerMethodArgumentResolver#
-	 * supportsParameter (org.springframework.core.MethodParameter)
-	 */
 	@Override
 	public boolean supportsParameter(MethodParameter parameter) {
 		return findMethodAnnotation(AuthenticationPrincipal.class, parameter) != null;
 	}
 
-	/*
-	 * (non-Javadoc)
-	 *
-	 * @see org.springframework.web.method.support.HandlerMethodArgumentResolver#
-	 * resolveArgument (org.springframework.core.MethodParameter,
-	 * org.springframework.web.method.support.ModelAndViewContainer,
-	 * org.springframework.web.context.request.NativeWebRequest,
-	 * org.springframework.web.bind.support.WebDataBinderFactory)
-	 */
 	@Override
 	public Object resolveArgument(MethodParameter parameter, ModelAndViewContainer mavContainer,
 			NativeWebRequest webRequest, WebDataBinderFactory binderFactory) {
diff --git a/web/src/main/java/org/springframework/security/web/context/AbstractSecurityWebApplicationInitializer.java b/web/src/main/java/org/springframework/security/web/context/AbstractSecurityWebApplicationInitializer.java
index 34a4fb320c..6edcf65cfa 100644
--- a/web/src/main/java/org/springframework/security/web/context/AbstractSecurityWebApplicationInitializer.java
+++ b/web/src/main/java/org/springframework/security/web/context/AbstractSecurityWebApplicationInitializer.java
@@ -99,12 +99,6 @@ public abstract class AbstractSecurityWebApplicationInitializer implements WebAp
 		this.configurationClasses = configurationClasses;
 	}
 
-	/*
-	 * (non-Javadoc)
-	 *
-	 * @see org.springframework.web.WebApplicationInitializer#onStartup(javax.servlet.
-	 * ServletContext)
-	 */
 	@Override
 	public final void onStartup(ServletContext servletContext) {
 		beforeSpringSecurityFilterChain(servletContext);
diff --git a/web/src/main/java/org/springframework/security/web/csrf/CsrfAuthenticationStrategy.java b/web/src/main/java/org/springframework/security/web/csrf/CsrfAuthenticationStrategy.java
index 27841feeeb..b126c744bd 100644
--- a/web/src/main/java/org/springframework/security/web/csrf/CsrfAuthenticationStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/csrf/CsrfAuthenticationStrategy.java
@@ -44,14 +44,6 @@ public final class CsrfAuthenticationStrategy implements SessionAuthenticationSt
 		this.csrfTokenRepository = csrfTokenRepository;
 	}
 
-	/*
-	 * (non-Javadoc)
-	 *
-	 * @see org.springframework.security.web.authentication.session.
-	 * SessionAuthenticationStrategy
-	 * #onAuthentication(org.springframework.security.core.Authentication,
-	 * javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
-	 */
 	@Override
 	public void onAuthentication(Authentication authentication, HttpServletRequest request,
 			HttpServletResponse response) throws SessionAuthenticationException {
diff --git a/web/src/main/java/org/springframework/security/web/csrf/CsrfFilter.java b/web/src/main/java/org/springframework/security/web/csrf/CsrfFilter.java
index a4d4bd8e3d..a780d56ebd 100644
--- a/web/src/main/java/org/springframework/security/web/csrf/CsrfFilter.java
+++ b/web/src/main/java/org/springframework/security/web/csrf/CsrfFilter.java
@@ -94,14 +94,6 @@ public final class CsrfFilter extends OncePerRequestFilter {
 		return TRUE.equals(request.getAttribute(SHOULD_NOT_FILTER));
 	}
 
-	/*
-	 * (non-Javadoc)
-	 *
-	 * @see
-	 * org.springframework.web.filter.OncePerRequestFilter#doFilterInternal(javax.servlet
-	 * .http.HttpServletRequest, javax.servlet.http.HttpServletResponse,
-	 * javax.servlet.FilterChain)
-	 */
 	@Override
 	protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
 			throws ServletException, IOException {
@@ -181,13 +173,6 @@ public final class CsrfFilter extends OncePerRequestFilter {
 
 		private final HashSet<String> allowedMethods = new HashSet<>(Arrays.asList("GET", "HEAD", "TRACE", "OPTIONS"));
 
-		/*
-		 * (non-Javadoc)
-		 *
-		 * @see
-		 * org.springframework.security.web.util.matcher.RequestMatcher#matches(javax.
-		 * servlet.http.HttpServletRequest)
-		 */
 		@Override
 		public boolean matches(HttpServletRequest request) {
 			return !this.allowedMethods.contains(request.getMethod());
diff --git a/web/src/main/java/org/springframework/security/web/csrf/DefaultCsrfToken.java b/web/src/main/java/org/springframework/security/web/csrf/DefaultCsrfToken.java
index 4cab384351..e186418d2a 100644
--- a/web/src/main/java/org/springframework/security/web/csrf/DefaultCsrfToken.java
+++ b/web/src/main/java/org/springframework/security/web/csrf/DefaultCsrfToken.java
@@ -48,31 +48,16 @@ public final class DefaultCsrfToken implements CsrfToken {
 		this.token = token;
 	}
 
-	/*
-	 * (non-Javadoc)
-	 *
-	 * @see org.springframework.security.web.csrf.CsrfToken#getHeaderName()
-	 */
 	@Override
 	public String getHeaderName() {
 		return this.headerName;
 	}
 
-	/*
-	 * (non-Javadoc)
-	 *
-	 * @see org.springframework.security.web.csrf.CsrfToken#getParameterName()
-	 */
 	@Override
 	public String getParameterName() {
 		return this.parameterName;
 	}
 
-	/*
-	 * (non-Javadoc)
-	 *
-	 * @see org.springframework.security.web.csrf.CsrfToken#getToken()
-	 */
 	@Override
 	public String getToken() {
 		return this.token;
diff --git a/web/src/main/java/org/springframework/security/web/csrf/HttpSessionCsrfTokenRepository.java b/web/src/main/java/org/springframework/security/web/csrf/HttpSessionCsrfTokenRepository.java
index 53749dc7c7..de6e34f2f9 100644
--- a/web/src/main/java/org/springframework/security/web/csrf/HttpSessionCsrfTokenRepository.java
+++ b/web/src/main/java/org/springframework/security/web/csrf/HttpSessionCsrfTokenRepository.java
@@ -45,13 +45,6 @@ public final class HttpSessionCsrfTokenRepository implements CsrfTokenRepository
 
 	private String sessionAttributeName = DEFAULT_CSRF_TOKEN_ATTR_NAME;
 
-	/*
-	 * (non-Javadoc)
-	 *
-	 * @see org.springframework.security.web.csrf.CsrfTokenRepository#saveToken(org.
-	 * springframework .security.web.csrf.CsrfToken,
-	 * javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
-	 */
 	@Override
 	public void saveToken(CsrfToken token, HttpServletRequest request, HttpServletResponse response) {
 		if (token == null) {
@@ -66,13 +59,6 @@ public final class HttpSessionCsrfTokenRepository implements CsrfTokenRepository
 		}
 	}
 
-	/*
-	 * (non-Javadoc)
-	 *
-	 * @see
-	 * org.springframework.security.web.csrf.CsrfTokenRepository#loadToken(javax.servlet
-	 * .http.HttpServletRequest)
-	 */
 	@Override
 	public CsrfToken loadToken(HttpServletRequest request) {
 		HttpSession session = request.getSession(false);
@@ -82,12 +68,6 @@ public final class HttpSessionCsrfTokenRepository implements CsrfTokenRepository
 		return (CsrfToken) session.getAttribute(this.sessionAttributeName);
 	}
 
-	/*
-	 * (non-Javadoc)
-	 *
-	 * @see org.springframework.security.web.csrf.CsrfTokenRepository#generateToken(javax.
-	 * servlet .http.HttpServletRequest)
-	 */
 	@Override
 	public CsrfToken generateToken(HttpServletRequest request) {
 		return new DefaultCsrfToken(this.headerName, this.parameterName, createNewToken());
diff --git a/web/src/main/java/org/springframework/security/web/header/HeaderWriterFilter.java b/web/src/main/java/org/springframework/security/web/header/HeaderWriterFilter.java
index e30979dcc7..8d413a2de1 100644
--- a/web/src/main/java/org/springframework/security/web/header/HeaderWriterFilter.java
+++ b/web/src/main/java/org/springframework/security/web/header/HeaderWriterFilter.java
@@ -120,12 +120,6 @@ public class HeaderWriterFilter extends OncePerRequestFilter {
 			this.request = request;
 		}
 
-		/*
-		 * (non-Javadoc)
-		 *
-		 * @see org.springframework.security.web.util.OnCommittedResponseWrapper#
-		 * onResponseCommitted()
-		 */
 		@Override
 		protected void onResponseCommitted() {
 			writeHeaders();
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/DelegatingRequestMatcherHeaderWriter.java b/web/src/main/java/org/springframework/security/web/header/writers/DelegatingRequestMatcherHeaderWriter.java
index 688877cb32..ca52b24ba9 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/DelegatingRequestMatcherHeaderWriter.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/DelegatingRequestMatcherHeaderWriter.java
@@ -49,13 +49,6 @@ public final class DelegatingRequestMatcherHeaderWriter implements HeaderWriter
 		this.delegateHeaderWriter = delegateHeaderWriter;
 	}
 
-	/*
-	 * (non-Javadoc)
-	 *
-	 * @see
-	 * org.springframework.security.web.headers.HeaderWriter#writeHeaders(javax.servlet
-	 * .http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
-	 */
 	@Override
 	public void writeHeaders(HttpServletRequest request, HttpServletResponse response) {
 		if (this.requestMatcher.matches(request)) {
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/HpkpHeaderWriter.java b/web/src/main/java/org/springframework/security/web/header/writers/HpkpHeaderWriter.java
index 50cf69cccc..52fa0300ff 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/HpkpHeaderWriter.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/HpkpHeaderWriter.java
@@ -171,12 +171,6 @@ public final class HpkpHeaderWriter implements HeaderWriter {
 		this(DEFAULT_MAX_AGE_SECONDS);
 	}
 
-	/*
-	 * (non-Javadoc)
-	 *
-	 * @see org.springframework.security.web.headers.HeaderWriter#writeHeaders(javax
-	 * .servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
-	 */
 	@Override
 	public void writeHeaders(HttpServletRequest request, HttpServletResponse response) {
 		if (this.requestMatcher.matches(request)) {
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/HstsHeaderWriter.java b/web/src/main/java/org/springframework/security/web/header/writers/HstsHeaderWriter.java
index b09121536b..743677b1ea 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/HstsHeaderWriter.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/HstsHeaderWriter.java
@@ -145,12 +145,6 @@ public final class HstsHeaderWriter implements HeaderWriter {
 		this(DEFAULT_MAX_AGE_SECONDS);
 	}
 
-	/*
-	 * (non-Javadoc)
-	 *
-	 * @see org.springframework.security.web.headers.HeaderWriter#writeHeaders(javax
-	 * .servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
-	 */
 	@Override
 	public void writeHeaders(HttpServletRequest request, HttpServletResponse response) {
 		if (this.requestMatcher.matches(request)) {
diff --git a/web/src/main/java/org/springframework/security/web/method/annotation/AuthenticationPrincipalArgumentResolver.java b/web/src/main/java/org/springframework/security/web/method/annotation/AuthenticationPrincipalArgumentResolver.java
index 4fe44899fd..17ba5b44c9 100644
--- a/web/src/main/java/org/springframework/security/web/method/annotation/AuthenticationPrincipalArgumentResolver.java
+++ b/web/src/main/java/org/springframework/security/web/method/annotation/AuthenticationPrincipalArgumentResolver.java
@@ -90,26 +90,11 @@ public final class AuthenticationPrincipalArgumentResolver implements HandlerMet
 
 	private BeanResolver beanResolver;
 
-	/*
-	 * (non-Javadoc)
-	 *
-	 * @see org.springframework.web.method.support.HandlerMethodArgumentResolver#
-	 * supportsParameter (org.springframework.core.MethodParameter)
-	 */
 	@Override
 	public boolean supportsParameter(MethodParameter parameter) {
 		return findMethodAnnotation(AuthenticationPrincipal.class, parameter) != null;
 	}
 
-	/*
-	 * (non-Javadoc)
-	 *
-	 * @see org.springframework.web.method.support.HandlerMethodArgumentResolver#
-	 * resolveArgument (org.springframework.core.MethodParameter,
-	 * org.springframework.web.method.support.ModelAndViewContainer,
-	 * org.springframework.web.context.request.NativeWebRequest,
-	 * org.springframework.web.bind.support.WebDataBinderFactory)
-	 */
 	@Override
 	public Object resolveArgument(MethodParameter parameter, ModelAndViewContainer mavContainer,
 			NativeWebRequest webRequest, WebDataBinderFactory binderFactory) {
diff --git a/web/src/main/java/org/springframework/security/web/method/annotation/CsrfTokenArgumentResolver.java b/web/src/main/java/org/springframework/security/web/method/annotation/CsrfTokenArgumentResolver.java
index f5f22d8c22..cc401de79a 100644
--- a/web/src/main/java/org/springframework/security/web/method/annotation/CsrfTokenArgumentResolver.java
+++ b/web/src/main/java/org/springframework/security/web/method/annotation/CsrfTokenArgumentResolver.java
@@ -44,26 +44,11 @@ import org.springframework.web.method.support.ModelAndViewContainer;
  */
 public final class CsrfTokenArgumentResolver implements HandlerMethodArgumentResolver {
 
-	/*
-	 * (non-Javadoc)
-	 *
-	 * @see org.springframework.web.method.support.HandlerMethodArgumentResolver#
-	 * supportsParameter (org.springframework.core.MethodParameter)
-	 */
 	@Override
 	public boolean supportsParameter(MethodParameter parameter) {
 		return CsrfToken.class.equals(parameter.getParameterType());
 	}
 
-	/*
-	 * (non-Javadoc)
-	 *
-	 * @see org.springframework.web.method.support.HandlerMethodArgumentResolver#
-	 * resolveArgument (org.springframework.core.MethodParameter,
-	 * org.springframework.web.method.support.ModelAndViewContainer,
-	 * org.springframework.web.context.request.NativeWebRequest,
-	 * org.springframework.web.bind.support.WebDataBinderFactory)
-	 */
 	@Override
 	public Object resolveArgument(MethodParameter parameter, ModelAndViewContainer mavContainer,
 			NativeWebRequest webRequest, WebDataBinderFactory binderFactory) {
diff --git a/web/src/main/java/org/springframework/security/web/server/csrf/DefaultCsrfToken.java b/web/src/main/java/org/springframework/security/web/server/csrf/DefaultCsrfToken.java
index f7173e2fab..de0aefd93c 100644
--- a/web/src/main/java/org/springframework/security/web/server/csrf/DefaultCsrfToken.java
+++ b/web/src/main/java/org/springframework/security/web/server/csrf/DefaultCsrfToken.java
@@ -48,31 +48,16 @@ public final class DefaultCsrfToken implements CsrfToken {
 		this.token = token;
 	}
 
-	/*
-	 * (non-Javadoc)
-	 *
-	 * @see org.springframework.security.web.csrf.CsrfToken#getHeaderName()
-	 */
 	@Override
 	public String getHeaderName() {
 		return this.headerName;
 	}
 
-	/*
-	 * (non-Javadoc)
-	 *
-	 * @see org.springframework.security.web.csrf.CsrfToken#getParameterName()
-	 */
 	@Override
 	public String getParameterName() {
 		return this.parameterName;
 	}
 
-	/*
-	 * (non-Javadoc)
-	 *
-	 * @see org.springframework.security.web.csrf.CsrfToken#getToken()
-	 */
 	@Override
 	public String getToken() {
 		return this.token;
diff --git a/web/src/main/java/org/springframework/security/web/server/header/StaticServerHttpHeadersWriter.java b/web/src/main/java/org/springframework/security/web/server/header/StaticServerHttpHeadersWriter.java
index dabfeab63e..f763655171 100644
--- a/web/src/main/java/org/springframework/security/web/server/header/StaticServerHttpHeadersWriter.java
+++ b/web/src/main/java/org/springframework/security/web/server/header/StaticServerHttpHeadersWriter.java
@@ -37,13 +37,6 @@ public class StaticServerHttpHeadersWriter implements ServerHttpHeadersWriter {
 		this.headersToAdd = headersToAdd;
 	}
 
-	/*
-	 * (non-Javadoc)
-	 *
-	 * @see
-	 * org.springframework.security.web.server.HttpHeadersWriter#writeHttpHeaders(org.
-	 * springframework.web.server.ServerWebExchange)
-	 */
 	@Override
 	public Mono<Void> writeHttpHeaders(ServerWebExchange exchange) {
 		HttpHeaders headers = exchange.getResponse().getHeaders();
diff --git a/web/src/main/java/org/springframework/security/web/server/header/StrictTransportSecurityServerHttpHeadersWriter.java b/web/src/main/java/org/springframework/security/web/server/header/StrictTransportSecurityServerHttpHeadersWriter.java
index b1deb3c465..049e870a6c 100644
--- a/web/src/main/java/org/springframework/security/web/server/header/StrictTransportSecurityServerHttpHeadersWriter.java
+++ b/web/src/main/java/org/springframework/security/web/server/header/StrictTransportSecurityServerHttpHeadersWriter.java
@@ -49,13 +49,6 @@ public final class StrictTransportSecurityServerHttpHeadersWriter implements Ser
 		updateDelegate();
 	}
 
-	/*
-	 * (non-Javadoc)
-	 *
-	 * @see
-	 * org.springframework.security.web.server.HttpHeadersWriter#writeHttpHeaders(org.
-	 * springframework.http.HttpHeaders)
-	 */
 	@Override
 	public Mono<Void> writeHttpHeaders(ServerWebExchange exchange) {
 		return isSecure(exchange) ? this.delegate.writeHttpHeaders(exchange) : Mono.empty();
diff --git a/web/src/main/java/org/springframework/security/web/server/header/XFrameOptionsServerHttpHeadersWriter.java b/web/src/main/java/org/springframework/security/web/server/header/XFrameOptionsServerHttpHeadersWriter.java
index 7dcd2a385a..6346f837f5 100644
--- a/web/src/main/java/org/springframework/security/web/server/header/XFrameOptionsServerHttpHeadersWriter.java
+++ b/web/src/main/java/org/springframework/security/web/server/header/XFrameOptionsServerHttpHeadersWriter.java
@@ -31,12 +31,6 @@ public class XFrameOptionsServerHttpHeadersWriter implements ServerHttpHeadersWr
 
 	private ServerHttpHeadersWriter delegate = createDelegate(Mode.DENY);
 
-	/*
-	 * (non-Javadoc)
-	 *
-	 * @see org.springframework.security.web.server.HttpHeadersWriter#
-	 * writeHttpHeaders(org.springframework.web.server.ServerWebExchange)
-	 */
 	@Override
 	public Mono<Void> writeHttpHeaders(ServerWebExchange exchange) {
 		return this.delegate.writeHttpHeaders(exchange);
diff --git a/web/src/main/java/org/springframework/security/web/server/header/XXssProtectionServerHttpHeadersWriter.java b/web/src/main/java/org/springframework/security/web/server/header/XXssProtectionServerHttpHeadersWriter.java
index c3d1fd05f5..c67116354f 100644
--- a/web/src/main/java/org/springframework/security/web/server/header/XXssProtectionServerHttpHeadersWriter.java
+++ b/web/src/main/java/org/springframework/security/web/server/header/XXssProtectionServerHttpHeadersWriter.java
@@ -44,13 +44,6 @@ public class XXssProtectionServerHttpHeadersWriter implements ServerHttpHeadersW
 		updateDelegate();
 	}
 
-	/*
-	 * (non-Javadoc)
-	 *
-	 * @see
-	 * org.springframework.security.web.server.HttpHeadersWriter#writeHttpHeaders(org.
-	 * springframework.web.server.ServerWebExchange)
-	 */
 	@Override
 	public Mono<Void> writeHttpHeaders(ServerWebExchange exchange) {
 		return this.delegate.writeHttpHeaders(exchange);
diff --git a/web/src/main/java/org/springframework/security/web/server/util/matcher/AndServerWebExchangeMatcher.java b/web/src/main/java/org/springframework/security/web/server/util/matcher/AndServerWebExchangeMatcher.java
index 774b5fb569..d16eb934e5 100644
--- a/web/src/main/java/org/springframework/security/web/server/util/matcher/AndServerWebExchangeMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/server/util/matcher/AndServerWebExchangeMatcher.java
@@ -51,12 +51,6 @@ public class AndServerWebExchangeMatcher implements ServerWebExchangeMatcher {
 		this(Arrays.asList(matchers));
 	}
 
-	/*
-	 * (non-Javadoc)
-	 *
-	 * @see org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher#
-	 * matches(org.springframework.web.server.ServerWebExchange)
-	 */
 	@Override
 	public Mono<MatchResult> matches(ServerWebExchange exchange) {
 		return Mono.defer(() -> {
diff --git a/web/src/main/java/org/springframework/security/web/server/util/matcher/NegatedServerWebExchangeMatcher.java b/web/src/main/java/org/springframework/security/web/server/util/matcher/NegatedServerWebExchangeMatcher.java
index 5ac9796f6e..7ffdff8ceb 100644
--- a/web/src/main/java/org/springframework/security/web/server/util/matcher/NegatedServerWebExchangeMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/server/util/matcher/NegatedServerWebExchangeMatcher.java
@@ -41,12 +41,6 @@ public class NegatedServerWebExchangeMatcher implements ServerWebExchangeMatcher
 		this.matcher = matcher;
 	}
 
-	/*
-	 * (non-Javadoc)
-	 *
-	 * @see org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher#
-	 * matches(org.springframework.web.server.ServerWebExchange)
-	 */
 	@Override
 	public Mono<MatchResult> matches(ServerWebExchange exchange) {
 		return this.matcher.matches(exchange).flatMap(m -> m.isMatch() ? MatchResult.notMatch() : MatchResult.match())
diff --git a/web/src/main/java/org/springframework/security/web/server/util/matcher/OrServerWebExchangeMatcher.java b/web/src/main/java/org/springframework/security/web/server/util/matcher/OrServerWebExchangeMatcher.java
index 8675567f9a..302b38b58d 100644
--- a/web/src/main/java/org/springframework/security/web/server/util/matcher/OrServerWebExchangeMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/server/util/matcher/OrServerWebExchangeMatcher.java
@@ -49,12 +49,6 @@ public class OrServerWebExchangeMatcher implements ServerWebExchangeMatcher {
 		this(Arrays.asList(matchers));
 	}
 
-	/*
-	 * (non-Javadoc)
-	 *
-	 * @see org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher#
-	 * matches(org.springframework.web.server.ServerWebExchange)
-	 */
 	@Override
 	public Mono<MatchResult> matches(ServerWebExchange exchange) {
 		return Flux.fromIterable(this.matchers).doOnNext(it -> {
diff --git a/web/src/main/java/org/springframework/security/web/servlet/util/matcher/MvcRequestMatcher.java b/web/src/main/java/org/springframework/security/web/servlet/util/matcher/MvcRequestMatcher.java
index 55f0ecd699..7db8ab5983 100644
--- a/web/src/main/java/org/springframework/security/web/servlet/util/matcher/MvcRequestMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/servlet/util/matcher/MvcRequestMatcher.java
@@ -87,12 +87,6 @@ public class MvcRequestMatcher implements RequestMatcher, RequestVariablesExtrac
 		}
 	}
 
-	/*
-	 * (non-Javadoc)
-	 *
-	 * @see org.springframework.security.web.util.matcher.RequestVariablesExtractor#
-	 * extractUriTemplateVariables(javax.servlet.http.HttpServletRequest)
-	 */
 	@Override
 	@Deprecated
 	public Map<String, String> extractUriTemplateVariables(HttpServletRequest request) {
diff --git a/web/src/test/java/org/springframework/security/web/concurrent/ConcurrentSessionFilterTests.java b/web/src/test/java/org/springframework/security/web/concurrent/ConcurrentSessionFilterTests.java
index 6f9549f975..57c42e4f6b 100644
--- a/web/src/test/java/org/springframework/security/web/concurrent/ConcurrentSessionFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/concurrent/ConcurrentSessionFilterTests.java
@@ -251,13 +251,7 @@ public class ConcurrentSessionFilterTests {
 
 		final String expiredUrl = "/expired";
 		ConcurrentSessionFilter filter = new ConcurrentSessionFilter(registry, expiredUrl + "will-be-overrridden") {
-			/*
-			 * (non-Javadoc)
-			 *
-			 * @see org.springframework.security.web.session.ConcurrentSessionFilter#
-			 * determineExpiredUrl(javax.servlet.http.HttpServletRequest,
-			 * org.springframework.security.core.session.SessionInformation)
-			 */
+
 			@Override
 			protected String determineExpiredUrl(HttpServletRequest request, SessionInformation info) {
 				return expiredUrl;

From 4075595a3ffd9b2092c7cd6cff9c6b5b237b9d81 Mon Sep 17 00:00:00 2001
From: Phillip Webb <pwebb@vmware.com>
Date: Sun, 26 Jul 2020 22:23:37 -0700
Subject: [PATCH 23/84] Ignore existing InterfaceIsType violations

Add suppressions for existing `InterfaceIsType` violations. Ideally
theses should be classes, but we can't easily change them without
breaking binary back compatibility.

Issue gh-8945
---
 etc/checkstyle/checkstyle-suppressions.xml | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/etc/checkstyle/checkstyle-suppressions.xml b/etc/checkstyle/checkstyle-suppressions.xml
index 07b0071dd4..2c72af8d5a 100644
--- a/etc/checkstyle/checkstyle-suppressions.xml
+++ b/etc/checkstyle/checkstyle-suppressions.xml
@@ -3,7 +3,6 @@
 		"-//Checkstyle//DTD SuppressionFilter Configuration 1.2//EN"
 		"https://checkstyle.org/dtds/suppressions_1_2.dtd">
 <suppressions>
-	<suppress files=".*" checks="InterfaceIsType" />
 	<suppress files=".*" checks="JavadocMethod" />
 	<suppress files=".*" checks="JavadocStyle" />
 	<suppress files=".*" checks="JavadocTagContinuationIndentation" />
@@ -38,4 +37,18 @@
 	<!-- Ignore third-party code -->
 	<suppress files="BCrypt\.java|BCryptTests\.java" checks=".*"/>
 	<suppress files="org[\\/]springframework[\\/]security[\\/]core[\\/]ComparableVersion\.java" checks=".*"/>
+
+	<!-- InterfaceIsType rules we can't fix until a major revision due to back compatibility -->
+	<suppress files="JwsAlgorithms\.java" checks="InterfaceIsType"/>
+	<suppress files="JwtClaimNames\.java" checks="InterfaceIsType"/>
+	<suppress files="OAuth2ErrorCodes\.java" checks="InterfaceIsType"/>
+	<suppress files="OAuth2ParameterNames\.java" checks="InterfaceIsType"/>
+	<suppress files="PkceParameterNames\.java" checks="InterfaceIsType"/>
+	<suppress files="IdTokenClaimNames\.java" checks="InterfaceIsType"/>
+	<suppress files="OidcScopes\.java" checks="InterfaceIsType"/>
+	<suppress files="StandardClaimNames\.java" checks="InterfaceIsType"/>
+	<suppress files="OidcParameterNames\.java" checks="InterfaceIsType"/>
+	<suppress files="BearerTokenErrorCodes\.java" checks="InterfaceIsType"/>
+	<suppress files="OAuth2IntrospectionClaimNames\.java" checks="InterfaceIsType"/>
+	<suppress files="Saml2ErrorCodes\.java" checks="InterfaceIsType"/>
 </suppressions>

From a0b9442265a8b614feefb470da8592c0ee2699a5 Mon Sep 17 00:00:00 2001
From: Phillip Webb <pwebb@vmware.com>
Date: Sun, 26 Jul 2020 22:52:28 -0700
Subject: [PATCH 24/84] Use consistent modifier order

Update code to use a consistent modifier order that aligns with that
used in the "Java Language specification".

Issue gh-8945
---
 .../acls/jdbc/BasicLookupStrategy.java        | 16 ++++----
 ...onProviderBuilderSecurityBuilderTests.java |  6 +--
 .../web/configurers/PermitAllSupport.java     |  2 +-
 ...MessageSecurityMetadataSourceRegistry.java |  2 +-
 .../GrantedAuthorityDefaultsParserUtils.java  |  2 +-
 ...balMethodSecurityBeanDefinitionParser.java |  2 +-
 .../client/OAuth2LoginConfigurerTests.java    |  4 +-
 .../config/http/WebConfigUtilsTests.java      |  2 +-
 .../config/web/server/HeaderSpecTests.java    |  4 +-
 ...elegatingMethodSecurityMetadataSource.java |  2 +-
 .../SecurityExpressionRootTests.java          |  2 +-
 .../AnonymousAuthenticationTokenTests.java    |  2 +-
 .../security/crypto/codec/Base64.java         | 38 +++++++++----------
 etc/checkstyle/checkstyle-suppressions.xml    |  1 -
 .../security/ldap/LdapEncoder.java            |  2 +-
 .../ldap/authentication/LdapEncoder.java      |  2 +-
 ...dbcOAuth2AuthorizedClientServiceTests.java |  4 +-
 .../security/oauth2/jwt/Jwt.java              |  2 +-
 .../jwt/MappedJwtClaimSetConverter.java       | 10 ++---
 .../RelyingPartyRegistration.java             | 10 ++---
 .../server/SecurityMockServerConfigurers.java | 12 +++---
 .../SecurityMockMvcRequestPostProcessors.java | 32 ++++++++--------
 .../SecurityMockMvcResultMatchers.java        |  2 +-
 .../security/web/FilterChainProxy.java        |  2 +-
 ...ilterInvocationSecurityMetadataSource.java |  2 +-
 .../web/util/matcher/RegexRequestMatcher.java |  2 +-
 .../switchuser/SwitchUserFilterTests.java     |  2 +-
 27 files changed, 83 insertions(+), 86 deletions(-)

diff --git a/acl/src/main/java/org/springframework/security/acls/jdbc/BasicLookupStrategy.java b/acl/src/main/java/org/springframework/security/acls/jdbc/BasicLookupStrategy.java
index abef8f3580..1b89d89c47 100644
--- a/acl/src/main/java/org/springframework/security/acls/jdbc/BasicLookupStrategy.java
+++ b/acl/src/main/java/org/springframework/security/acls/jdbc/BasicLookupStrategy.java
@@ -78,31 +78,31 @@ import org.springframework.util.Assert;
  */
 public class BasicLookupStrategy implements LookupStrategy {
 
-	private final static String DEFAULT_SELECT_CLAUSE_COLUMNS = "select acl_object_identity.object_id_identity, "
+	private static final String DEFAULT_SELECT_CLAUSE_COLUMNS = "select acl_object_identity.object_id_identity, "
 			+ "acl_entry.ace_order,  " + "acl_object_identity.id as acl_id, " + "acl_object_identity.parent_object, "
 			+ "acl_object_identity.entries_inheriting, " + "acl_entry.id as ace_id, " + "acl_entry.mask,  "
 			+ "acl_entry.granting,  " + "acl_entry.audit_success, " + "acl_entry.audit_failure,  "
 			+ "acl_sid.principal as ace_principal, " + "acl_sid.sid as ace_sid,  "
 			+ "acli_sid.principal as acl_principal, " + "acli_sid.sid as acl_sid, " + "acl_class.class ";
 
-	private final static String DEFAULT_SELECT_CLAUSE_ACL_CLASS_ID_TYPE_COLUMN = ", acl_class.class_id_type  ";
+	private static final String DEFAULT_SELECT_CLAUSE_ACL_CLASS_ID_TYPE_COLUMN = ", acl_class.class_id_type  ";
 
-	private final static String DEFAULT_SELECT_CLAUSE_FROM = "from acl_object_identity "
+	private static final String DEFAULT_SELECT_CLAUSE_FROM = "from acl_object_identity "
 			+ "left join acl_sid acli_sid on acli_sid.id = acl_object_identity.owner_sid "
 			+ "left join acl_class on acl_class.id = acl_object_identity.object_id_class   "
 			+ "left join acl_entry on acl_object_identity.id = acl_entry.acl_object_identity "
 			+ "left join acl_sid on acl_entry.sid = acl_sid.id  " + "where ( ";
 
-	public final static String DEFAULT_SELECT_CLAUSE = DEFAULT_SELECT_CLAUSE_COLUMNS + DEFAULT_SELECT_CLAUSE_FROM;
+	public static final String DEFAULT_SELECT_CLAUSE = DEFAULT_SELECT_CLAUSE_COLUMNS + DEFAULT_SELECT_CLAUSE_FROM;
 
-	public final static String DEFAULT_ACL_CLASS_ID_SELECT_CLAUSE = DEFAULT_SELECT_CLAUSE_COLUMNS
+	public static final String DEFAULT_ACL_CLASS_ID_SELECT_CLAUSE = DEFAULT_SELECT_CLAUSE_COLUMNS
 			+ DEFAULT_SELECT_CLAUSE_ACL_CLASS_ID_TYPE_COLUMN + DEFAULT_SELECT_CLAUSE_FROM;
 
-	private final static String DEFAULT_LOOKUP_KEYS_WHERE_CLAUSE = "(acl_object_identity.id = ?)";
+	private static final String DEFAULT_LOOKUP_KEYS_WHERE_CLAUSE = "(acl_object_identity.id = ?)";
 
-	private final static String DEFAULT_LOOKUP_IDENTITIES_WHERE_CLAUSE = "(acl_object_identity.object_id_identity = ? and acl_class.class = ?)";
+	private static final String DEFAULT_LOOKUP_IDENTITIES_WHERE_CLAUSE = "(acl_object_identity.object_id_identity = ? and acl_class.class = ?)";
 
-	public final static String DEFAULT_ORDER_BY_CLAUSE = ") order by acl_object_identity.object_id_identity"
+	public static final String DEFAULT_ORDER_BY_CLAUSE = ") order by acl_object_identity.object_id_identity"
 			+ " asc, acl_entry.ace_order asc";
 
 	private final AclAuthorizationStrategy aclAuthorizationStrategy;
diff --git a/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/LdapAuthenticationProviderBuilderSecurityBuilderTests.java b/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/LdapAuthenticationProviderBuilderSecurityBuilderTests.java
index 2e0ab5882d..64c72962b9 100644
--- a/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/LdapAuthenticationProviderBuilderSecurityBuilderTests.java
+++ b/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/LdapAuthenticationProviderBuilderSecurityBuilderTests.java
@@ -268,7 +268,7 @@ public class LdapAuthenticationProviderBuilderSecurityBuilderTests {
 	}
 
 	@EnableWebSecurity
-	static abstract class BaseLdapServerConfig extends BaseLdapProviderConfig {
+	abstract static class BaseLdapServerConfig extends BaseLdapProviderConfig {
 
 		@Bean
 		public ApacheDSContainer ldapServer() throws Exception {
@@ -283,7 +283,7 @@ public class LdapAuthenticationProviderBuilderSecurityBuilderTests {
 	@EnableWebSecurity
 	@EnableGlobalAuthentication
 	@Import(ObjectPostProcessorConfiguration.class)
-	static abstract class BaseLdapProviderConfig extends WebSecurityConfigurerAdapter {
+	abstract static class BaseLdapProviderConfig extends WebSecurityConfigurerAdapter {
 
 		@Bean
 		public BaseLdapPathContextSource contextSource() throws Exception {
@@ -302,7 +302,7 @@ public class LdapAuthenticationProviderBuilderSecurityBuilderTests {
 		}
 
 		@Override
-		abstract protected void configure(AuthenticationManagerBuilder auth) throws Exception;
+		protected abstract void configure(AuthenticationManagerBuilder auth) throws Exception;
 
 	}
 
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/PermitAllSupport.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/PermitAllSupport.java
index 81a86a23a3..dda33fed1d 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/PermitAllSupport.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/PermitAllSupport.java
@@ -56,7 +56,7 @@ final class PermitAllSupport {
 		}
 	}
 
-	private final static class ExactUrlRequestMatcher implements RequestMatcher {
+	private static final class ExactUrlRequestMatcher implements RequestMatcher {
 
 		private String processUrl;
 
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistry.java b/config/src/main/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistry.java
index ec3a1ba2b6..13099be811 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistry.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistry.java
@@ -409,7 +409,7 @@ public class MessageSecurityMetadataSourceRegistry {
 
 	}
 
-	private final static class PreBuiltMatcherBuilder implements MatcherBuilder {
+	private static final class PreBuiltMatcherBuilder implements MatcherBuilder {
 
 		private MessageMatcher<?> matcher;
 
diff --git a/config/src/main/java/org/springframework/security/config/http/GrantedAuthorityDefaultsParserUtils.java b/config/src/main/java/org/springframework/security/config/http/GrantedAuthorityDefaultsParserUtils.java
index 3f8e9e89be..ae7a2f8f27 100644
--- a/config/src/main/java/org/springframework/security/config/http/GrantedAuthorityDefaultsParserUtils.java
+++ b/config/src/main/java/org/springframework/security/config/http/GrantedAuthorityDefaultsParserUtils.java
@@ -44,7 +44,7 @@ final class GrantedAuthorityDefaultsParserUtils {
 		return bean;
 	}
 
-	static abstract class AbstractGrantedAuthorityDefaultsBeanFactory implements ApplicationContextAware {
+	abstract static class AbstractGrantedAuthorityDefaultsBeanFactory implements ApplicationContextAware {
 
 		protected String rolePrefix = "ROLE_";
 
diff --git a/config/src/main/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParser.java
index 45f54e5de7..b1674518ba 100644
--- a/config/src/main/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParser.java
@@ -537,7 +537,7 @@ public class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionP
 
 	}
 
-	static abstract class AbstractGrantedAuthorityDefaultsBeanFactory implements ApplicationContextAware {
+	abstract static class AbstractGrantedAuthorityDefaultsBeanFactory implements ApplicationContextAware {
 
 		protected String rolePrefix = "ROLE_";
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurerTests.java
index edcc2600a5..1583f1fa7d 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurerTests.java
@@ -904,7 +904,7 @@ public class OAuth2LoginConfigurerTests {
 
 	}
 
-	private static abstract class CommonWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
+	private abstract static class CommonWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
 
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
@@ -938,7 +938,7 @@ public class OAuth2LoginConfigurerTests {
 
 	}
 
-	private static abstract class CommonLambdaWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
+	private abstract static class CommonLambdaWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
 
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
diff --git a/config/src/test/java/org/springframework/security/config/http/WebConfigUtilsTests.java b/config/src/test/java/org/springframework/security/config/http/WebConfigUtilsTests.java
index 0db59ee857..565045e8ae 100644
--- a/config/src/test/java/org/springframework/security/config/http/WebConfigUtilsTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/WebConfigUtilsTests.java
@@ -29,7 +29,7 @@ import static org.mockito.Mockito.verifyZeroInteractions;
 @PrepareOnlyThisForTest(ParserContext.class)
 public class WebConfigUtilsTests {
 
-	public final static String URL = "/url";
+	public static final String URL = "/url";
 
 	@Mock
 	private ParserContext parserContext;
diff --git a/config/src/test/java/org/springframework/security/config/web/server/HeaderSpecTests.java b/config/src/test/java/org/springframework/security/config/web/server/HeaderSpecTests.java
index 5d113d3af8..20091cc7d8 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/HeaderSpecTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/HeaderSpecTests.java
@@ -52,9 +52,9 @@ import static org.springframework.security.config.Customizer.withDefaults;
  */
 public class HeaderSpecTests {
 
-	private final static String CUSTOM_HEADER = "CUSTOM-HEADER";
+	private static final String CUSTOM_HEADER = "CUSTOM-HEADER";
 
-	private final static String CUSTOM_VALUE = "CUSTOM-VALUE";
+	private static final String CUSTOM_VALUE = "CUSTOM-VALUE";
 
 	private ServerHttpSecurity http = ServerHttpSecurity.http();
 
diff --git a/core/src/main/java/org/springframework/security/access/method/DelegatingMethodSecurityMetadataSource.java b/core/src/main/java/org/springframework/security/access/method/DelegatingMethodSecurityMetadataSource.java
index 69dd3dd75f..dccfbaa6fe 100644
--- a/core/src/main/java/org/springframework/security/access/method/DelegatingMethodSecurityMetadataSource.java
+++ b/core/src/main/java/org/springframework/security/access/method/DelegatingMethodSecurityMetadataSource.java
@@ -38,7 +38,7 @@ import org.springframework.util.ObjectUtils;
  */
 public final class DelegatingMethodSecurityMetadataSource extends AbstractMethodSecurityMetadataSource {
 
-	private final static List<ConfigAttribute> NULL_CONFIG_ATTRIBUTE = Collections.emptyList();
+	private static final List<ConfigAttribute> NULL_CONFIG_ATTRIBUTE = Collections.emptyList();
 
 	private final List<MethodSecurityMetadataSource> methodSecurityMetadataSources;
 
diff --git a/core/src/test/java/org/springframework/security/access/expression/SecurityExpressionRootTests.java b/core/src/test/java/org/springframework/security/access/expression/SecurityExpressionRootTests.java
index 140ac517e3..814dc67422 100644
--- a/core/src/test/java/org/springframework/security/access/expression/SecurityExpressionRootTests.java
+++ b/core/src/test/java/org/springframework/security/access/expression/SecurityExpressionRootTests.java
@@ -33,7 +33,7 @@ import static org.mockito.Mockito.when;
  */
 public class SecurityExpressionRootTests {
 
-	final static Authentication JOE = new TestingAuthenticationToken("joe", "pass", "ROLE_A", "ROLE_B");
+	static final Authentication JOE = new TestingAuthenticationToken("joe", "pass", "ROLE_A", "ROLE_B");
 
 	SecurityExpressionRoot root;
 
diff --git a/core/src/test/java/org/springframework/security/authentication/anonymous/AnonymousAuthenticationTokenTests.java b/core/src/test/java/org/springframework/security/authentication/anonymous/AnonymousAuthenticationTokenTests.java
index ad7b3f14a3..05fd37fb78 100644
--- a/core/src/test/java/org/springframework/security/authentication/anonymous/AnonymousAuthenticationTokenTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/anonymous/AnonymousAuthenticationTokenTests.java
@@ -36,7 +36,7 @@ import static org.assertj.core.api.Assertions.fail;
  */
 public class AnonymousAuthenticationTokenTests {
 
-	private final static List<GrantedAuthority> ROLES_12 = AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO");
+	private static final List<GrantedAuthority> ROLES_12 = AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO");
 
 	@Test
 	public void testConstructorRejectsNulls() {
diff --git a/crypto/src/main/java/org/springframework/security/crypto/codec/Base64.java b/crypto/src/main/java/org/springframework/security/crypto/codec/Base64.java
index 3a1e0c9366..9d41bddf07 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/codec/Base64.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/codec/Base64.java
@@ -31,16 +31,16 @@ package org.springframework.security.crypto.codec;
 public final class Base64 {
 
 	/** No options specified. Value is zero. */
-	public final static int NO_OPTIONS = 0;
+	public static final int NO_OPTIONS = 0;
 
 	/** Specify encoding in first bit. Value is one. */
-	public final static int ENCODE = 1;
+	public static final int ENCODE = 1;
 
 	/** Specify decoding in first bit. Value is zero. */
-	public final static int DECODE = 0;
+	public static final int DECODE = 0;
 
 	/** Do break lines when encoding. Value is 8. */
-	public final static int DO_BREAK_LINES = 8;
+	public static final int DO_BREAK_LINES = 8;
 
 	/**
 	 * Encode using Base64-like encoding that is URL- and Filename-safe as described in
@@ -50,31 +50,31 @@ public final class Base64 {
 	 * Base64, or at the very least should not be called Base64 without also specifying
 	 * that is was encoded using the URL- and Filename-safe dialect.
 	 */
-	public final static int URL_SAFE = 16;
+	public static final int URL_SAFE = 16;
 
 	/**
 	 * Encode using the special "ordered" dialect of Base64.
 	 */
-	public final static int ORDERED = 32;
+	public static final int ORDERED = 32;
 
 	/** Maximum line length (76) of Base64 output. */
-	private final static int MAX_LINE_LENGTH = 76;
+	private static final int MAX_LINE_LENGTH = 76;
 
 	/** The equals sign (=) as a byte. */
-	private final static byte EQUALS_SIGN = (byte) '=';
+	private static final byte EQUALS_SIGN = (byte) '=';
 
 	/** The new line character (\n) as a byte. */
-	private final static byte NEW_LINE = (byte) '\n';
+	private static final byte NEW_LINE = (byte) '\n';
 
-	private final static byte WHITE_SPACE_ENC = -5; // Indicates white space in encoding
+	private static final byte WHITE_SPACE_ENC = -5; // Indicates white space in encoding
 
-	private final static byte EQUALS_SIGN_ENC = -1; // Indicates equals sign in encoding
+	private static final byte EQUALS_SIGN_ENC = -1; // Indicates equals sign in encoding
 
 	/* ******** S T A N D A R D B A S E 6 4 A L P H A B E T ******** */
 
 	/** The 64 valid Base64 values. */
 	/* Host platform me be something funny like EBCDIC, so we hardcode these values. */
-	private final static byte[] _STANDARD_ALPHABET = { (byte) 'A', (byte) 'B', (byte) 'C', (byte) 'D', (byte) 'E',
+	private static final byte[] _STANDARD_ALPHABET = { (byte) 'A', (byte) 'B', (byte) 'C', (byte) 'D', (byte) 'E',
 			(byte) 'F', (byte) 'G', (byte) 'H', (byte) 'I', (byte) 'J', (byte) 'K', (byte) 'L', (byte) 'M', (byte) 'N',
 			(byte) 'O', (byte) 'P', (byte) 'Q', (byte) 'R', (byte) 'S', (byte) 'T', (byte) 'U', (byte) 'V', (byte) 'W',
 			(byte) 'X', (byte) 'Y', (byte) 'Z', (byte) 'a', (byte) 'b', (byte) 'c', (byte) 'd', (byte) 'e', (byte) 'f',
@@ -87,7 +87,7 @@ public final class Base64 {
 	 * Translates a Base64 value to either its 6-bit reconstruction value or a negative
 	 * number indicating some other meaning.
 	 **/
-	private final static byte[] _STANDARD_DECODABET = { -9, -9, -9, -9, -9, -9, -9, -9, -9, // Decimal
+	private static final byte[] _STANDARD_DECODABET = { -9, -9, -9, -9, -9, -9, -9, -9, -9, // Decimal
 																							// 0
 																							// -
 																							// 8
@@ -132,7 +132,7 @@ public final class Base64 {
 	 * Notice that the last two bytes become "hyphen" and "underscore" instead of "plus"
 	 * and "slash."
 	 */
-	private final static byte[] _URL_SAFE_ALPHABET = { (byte) 'A', (byte) 'B', (byte) 'C', (byte) 'D', (byte) 'E',
+	private static final byte[] _URL_SAFE_ALPHABET = { (byte) 'A', (byte) 'B', (byte) 'C', (byte) 'D', (byte) 'E',
 			(byte) 'F', (byte) 'G', (byte) 'H', (byte) 'I', (byte) 'J', (byte) 'K', (byte) 'L', (byte) 'M', (byte) 'N',
 			(byte) 'O', (byte) 'P', (byte) 'Q', (byte) 'R', (byte) 'S', (byte) 'T', (byte) 'U', (byte) 'V', (byte) 'W',
 			(byte) 'X', (byte) 'Y', (byte) 'Z', (byte) 'a', (byte) 'b', (byte) 'c', (byte) 'd', (byte) 'e', (byte) 'f',
@@ -144,7 +144,7 @@ public final class Base64 {
 	/**
 	 * Used in decoding URL- and Filename-safe dialects of Base64.
 	 */
-	private final static byte[] _URL_SAFE_DECODABET = { -9, -9, -9, -9, -9, -9, -9, -9, -9, // Decimal
+	private static final byte[] _URL_SAFE_DECODABET = { -9, -9, -9, -9, -9, -9, -9, -9, -9, // Decimal
 																							// 0
 																							// -
 																							// 8
@@ -186,7 +186,7 @@ public final class Base64 {
 
 	/* ******** O R D E R E D B A S E 6 4 A L P H A B E T ******** */
 
-	private final static byte[] _ORDERED_ALPHABET = { (byte) '-', (byte) '0', (byte) '1', (byte) '2', (byte) '3',
+	private static final byte[] _ORDERED_ALPHABET = { (byte) '-', (byte) '0', (byte) '1', (byte) '2', (byte) '3',
 			(byte) '4', (byte) '5', (byte) '6', (byte) '7', (byte) '8', (byte) '9', (byte) 'A', (byte) 'B', (byte) 'C',
 			(byte) 'D', (byte) 'E', (byte) 'F', (byte) 'G', (byte) 'H', (byte) 'I', (byte) 'J', (byte) 'K', (byte) 'L',
 			(byte) 'M', (byte) 'N', (byte) 'O', (byte) 'P', (byte) 'Q', (byte) 'R', (byte) 'S', (byte) 'T', (byte) 'U',
@@ -198,10 +198,8 @@ public final class Base64 {
 	/**
 	 * Used in decoding the "ordered" dialect of Base64.
 	 */
-	private final static byte[] _ORDERED_DECODABET = { -9, -9, -9, -9, -9, -9, -9, -9, -9, // Decimal
-																							// 0
-																							// -
-																							// 8
+	private static final byte[] _ORDERED_DECODABET = { -9, -9, -9, -9, -9, -9, -9, -9, -9,
+			// Decimal 0 - 8
 			-5, -5, // Whitespace: Tab and Linefeed
 			-9, -9, // Decimal 11 - 12
 			-5, // Whitespace: Carriage Return
diff --git a/etc/checkstyle/checkstyle-suppressions.xml b/etc/checkstyle/checkstyle-suppressions.xml
index 2c72af8d5a..39c2f65c38 100644
--- a/etc/checkstyle/checkstyle-suppressions.xml
+++ b/etc/checkstyle/checkstyle-suppressions.xml
@@ -8,7 +8,6 @@
 	<suppress files=".*" checks="JavadocTagContinuationIndentation" />
 	<suppress files=".*" checks="JavadocType" />
 	<suppress files=".*" checks="JavadocVariable" />
-	<suppress files=".*" checks="ModifierOrder" />
 	<suppress files=".*" checks="MultipleVariableDeclarations" />
 	<suppress files=".*" checks="MutableException" />
 	<suppress files=".*" checks="NeedBraces" />
diff --git a/ldap/src/main/java/org/springframework/security/ldap/LdapEncoder.java b/ldap/src/main/java/org/springframework/security/ldap/LdapEncoder.java
index 4e9b9be1e5..af2f1f1a36 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/LdapEncoder.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/LdapEncoder.java
@@ -187,7 +187,7 @@ final class LdapEncoder {
 	 * @return The decoded value as a string.
 	 * @throws BadLdapGrammarException
 	 */
-	static public String nameDecode(String value) throws BadLdapGrammarException {
+	public static String nameDecode(String value) throws BadLdapGrammarException {
 
 		if (value == null) {
 			return null;
diff --git a/ldap/src/main/java/org/springframework/security/ldap/authentication/LdapEncoder.java b/ldap/src/main/java/org/springframework/security/ldap/authentication/LdapEncoder.java
index f7f4a4ccad..dc439704bf 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/authentication/LdapEncoder.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/authentication/LdapEncoder.java
@@ -187,7 +187,7 @@ final class LdapEncoder {
 	 * @return The decoded value as a string.
 	 * @throws BadLdapGrammarException
 	 */
-	static public String nameDecode(String value) throws BadLdapGrammarException {
+	public static String nameDecode(String value) throws BadLdapGrammarException {
 
 		if (value == null) {
 			return null;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/JdbcOAuth2AuthorizedClientServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/JdbcOAuth2AuthorizedClientServiceTests.java
index fde3807a62..db04ad48c5 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/JdbcOAuth2AuthorizedClientServiceTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/JdbcOAuth2AuthorizedClientServiceTests.java
@@ -398,7 +398,7 @@ public class JdbcOAuth2AuthorizedClientServiceTests {
 		return new OAuth2AuthorizedClient(clientRegistration, principal.getName(), accessToken, refreshToken);
 	}
 
-	private final static class CustomTableDefinitionJdbcOAuth2AuthorizedClientService
+	private static final class CustomTableDefinitionJdbcOAuth2AuthorizedClientService
 			extends JdbcOAuth2AuthorizedClientService {
 
 		private static final String COLUMN_NAMES = "clientRegistrationId, " + "principalName, " + "accessTokenType, "
@@ -453,7 +453,7 @@ public class JdbcOAuth2AuthorizedClientServiceTests {
 			this.jdbcOperations.update(REMOVE_AUTHORIZED_CLIENT_SQL, pss);
 		}
 
-		private final static class OAuth2AuthorizedClientRowMapper implements RowMapper<OAuth2AuthorizedClient> {
+		private static final class OAuth2AuthorizedClientRowMapper implements RowMapper<OAuth2AuthorizedClient> {
 
 			private final ClientRegistrationRepository clientRegistrationRepository;
 
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/Jwt.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/Jwt.java
index 6e3b431e20..89db2fee89 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/Jwt.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/Jwt.java
@@ -110,7 +110,7 @@ public class Jwt extends AbstractOAuth2Token implements JwtClaimAccessor {
 	 * @author Josh Cummings
 	 * @since 5.2
 	 */
-	public final static class Builder {
+	public static final class Builder {
 
 		private String tokenValue;
 
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/MappedJwtClaimSetConverter.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/MappedJwtClaimSetConverter.java
index 796689af8f..b59cdfd2f8 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/MappedJwtClaimSetConverter.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/MappedJwtClaimSetConverter.java
@@ -40,15 +40,15 @@ import org.springframework.util.Assert;
  */
 public final class MappedJwtClaimSetConverter implements Converter<Map<String, Object>, Map<String, Object>> {
 
-	private final static ConversionService CONVERSION_SERVICE = ClaimConversionService.getSharedInstance();
+	private static final ConversionService CONVERSION_SERVICE = ClaimConversionService.getSharedInstance();
 
-	private final static TypeDescriptor OBJECT_TYPE_DESCRIPTOR = TypeDescriptor.valueOf(Object.class);
+	private static final TypeDescriptor OBJECT_TYPE_DESCRIPTOR = TypeDescriptor.valueOf(Object.class);
 
-	private final static TypeDescriptor STRING_TYPE_DESCRIPTOR = TypeDescriptor.valueOf(String.class);
+	private static final TypeDescriptor STRING_TYPE_DESCRIPTOR = TypeDescriptor.valueOf(String.class);
 
-	private final static TypeDescriptor INSTANT_TYPE_DESCRIPTOR = TypeDescriptor.valueOf(Instant.class);
+	private static final TypeDescriptor INSTANT_TYPE_DESCRIPTOR = TypeDescriptor.valueOf(Instant.class);
 
-	private final static TypeDescriptor URL_TYPE_DESCRIPTOR = TypeDescriptor.valueOf(URL.class);
+	private static final TypeDescriptor URL_TYPE_DESCRIPTOR = TypeDescriptor.valueOf(URL.class);
 
 	private final Map<String, Converter<Object, ?>> claimTypeConverters;
 
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistration.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistration.java
index db1f7d2d57..9480471a73 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistration.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistration.java
@@ -427,7 +427,7 @@ public final class RelyingPartyRegistration {
 	 *
 	 * @since 5.4
 	 */
-	public final static class AssertingPartyDetails {
+	public static final class AssertingPartyDetails {
 
 		private final String entityId;
 
@@ -546,7 +546,7 @@ public final class RelyingPartyRegistration {
 			return this.singleSignOnServiceBinding;
 		}
 
-		public final static class Builder {
+		public static final class Builder {
 
 			private String entityId;
 
@@ -665,7 +665,7 @@ public final class RelyingPartyRegistration {
 	 * @deprecated Use {@link AssertingPartyDetails} instead
 	 */
 	@Deprecated
-	public final static class ProviderDetails {
+	public static final class ProviderDetails {
 
 		private final AssertingPartyDetails assertingPartyDetails;
 
@@ -714,7 +714,7 @@ public final class RelyingPartyRegistration {
 		 * @deprecated Use {@link AssertingPartyDetails.Builder} instead
 		 */
 		@Deprecated
-		public final static class Builder {
+		public static final class Builder {
 
 			private final AssertingPartyDetails.Builder assertingPartyDetailsBuilder = new AssertingPartyDetails.Builder();
 
@@ -778,7 +778,7 @@ public final class RelyingPartyRegistration {
 
 	}
 
-	public final static class Builder {
+	public static final class Builder {
 
 		private String registrationId;
 
diff --git a/test/src/main/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurers.java b/test/src/main/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurers.java
index 0cb5af1762..c6de53ae1d 100644
--- a/test/src/main/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurers.java
+++ b/test/src/main/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurers.java
@@ -552,7 +552,7 @@ public class SecurityMockServerConfigurers {
 	 * @author Josh Cummings
 	 * @since 5.3
 	 */
-	public final static class OpaqueTokenMutator implements WebTestClientConfigurer, MockServerConfigurer {
+	public static final class OpaqueTokenMutator implements WebTestClientConfigurer, MockServerConfigurer {
 
 		private Supplier<Map<String, Object>> attributes = this::defaultAttributes;
 
@@ -698,7 +698,7 @@ public class SecurityMockServerConfigurers {
 	 * @author Josh Cummings
 	 * @since 5.3
 	 */
-	public final static class OAuth2LoginMutator implements WebTestClientConfigurer, MockServerConfigurer {
+	public static final class OAuth2LoginMutator implements WebTestClientConfigurer, MockServerConfigurer {
 
 		private final String nameAttributeKey = "sub";
 
@@ -849,7 +849,7 @@ public class SecurityMockServerConfigurers {
 	 * @author Josh Cummings
 	 * @since 5.3
 	 */
-	public final static class OidcLoginMutator implements WebTestClientConfigurer, MockServerConfigurer {
+	public static final class OidcLoginMutator implements WebTestClientConfigurer, MockServerConfigurer {
 
 		private ClientRegistration clientRegistration;
 
@@ -1027,7 +1027,7 @@ public class SecurityMockServerConfigurers {
 	 * @author Josh Cummings
 	 * @since 5.3
 	 */
-	public final static class OAuth2ClientMutator implements WebTestClientConfigurer, MockServerConfigurer {
+	public static final class OAuth2ClientMutator implements WebTestClientConfigurer, MockServerConfigurer {
 
 		private String registrationId = "test";
 
@@ -1153,10 +1153,10 @@ public class SecurityMockServerConfigurers {
 		private static final class TestReactiveOAuth2AuthorizedClientManager
 				implements ReactiveOAuth2AuthorizedClientManager {
 
-			final static String TOKEN_ATTR_NAME = TestReactiveOAuth2AuthorizedClientManager.class.getName()
+			static final String TOKEN_ATTR_NAME = TestReactiveOAuth2AuthorizedClientManager.class.getName()
 					.concat(".TOKEN");
 
-			final static String ENABLED_ATTR_NAME = TestReactiveOAuth2AuthorizedClientManager.class.getName()
+			static final String ENABLED_ATTR_NAME = TestReactiveOAuth2AuthorizedClientManager.class.getName()
 					.concat(".ENABLED");
 
 			private final ReactiveOAuth2AuthorizedClientManager delegate;
diff --git a/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessors.java b/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessors.java
index 36723adf10..6a02265a14 100644
--- a/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessors.java
+++ b/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessors.java
@@ -534,9 +534,9 @@ public final class SecurityMockMvcRequestPostProcessors {
 		 */
 		static class TestCsrfTokenRepository implements CsrfTokenRepository {
 
-			final static String TOKEN_ATTR_NAME = TestCsrfTokenRepository.class.getName().concat(".TOKEN");
+			static final String TOKEN_ATTR_NAME = TestCsrfTokenRepository.class.getName().concat(".TOKEN");
 
-			final static String ENABLED_ATTR_NAME = TestCsrfTokenRepository.class.getName().concat(".ENABLED");
+			static final String ENABLED_ATTR_NAME = TestCsrfTokenRepository.class.getName().concat(".ENABLED");
 
 			private final CsrfTokenRepository delegate;
 
@@ -711,7 +711,7 @@ public final class SecurityMockMvcRequestPostProcessors {
 	 * Support class for {@link RequestPostProcessor}'s that establish a Spring Security
 	 * context
 	 */
-	private static abstract class SecurityContextRequestPostProcessorSupport {
+	private abstract static class SecurityContextRequestPostProcessorSupport {
 
 		/**
 		 * Saves the specified {@link Authentication} into an empty
@@ -755,7 +755,7 @@ public final class SecurityMockMvcRequestPostProcessors {
 		 */
 		static final class TestSecurityContextRepository implements SecurityContextRepository {
 
-			private final static String ATTR_NAME = TestSecurityContextRepository.class.getName().concat(".REPO");
+			private static final String ATTR_NAME = TestSecurityContextRepository.class.getName().concat(".REPO");
 
 			private final SecurityContextRepository delegate;
 
@@ -801,7 +801,7 @@ public final class SecurityMockMvcRequestPostProcessors {
 	 * @author Rob Winch
 	 * @since 4.0
 	 */
-	private final static class TestSecurityContextHolderPostProcessor extends SecurityContextRequestPostProcessorSupport
+	private static final class TestSecurityContextHolderPostProcessor extends SecurityContextRequestPostProcessorSupport
 			implements RequestPostProcessor {
 
 		private SecurityContext EMPTY = SecurityContextHolder.createEmptyContext();
@@ -831,7 +831,7 @@ public final class SecurityMockMvcRequestPostProcessors {
 	 * @author Rob Winch
 	 * @since 4.0
 	 */
-	private final static class SecurityContextRequestPostProcessor extends SecurityContextRequestPostProcessorSupport
+	private static final class SecurityContextRequestPostProcessor extends SecurityContextRequestPostProcessorSupport
 			implements RequestPostProcessor {
 
 		private final SecurityContext securityContext;
@@ -856,7 +856,7 @@ public final class SecurityMockMvcRequestPostProcessors {
 	 * @since 4.0
 	 *
 	 */
-	private final static class AuthenticationRequestPostProcessor extends SecurityContextRequestPostProcessorSupport
+	private static final class AuthenticationRequestPostProcessor extends SecurityContextRequestPostProcessorSupport
 			implements RequestPostProcessor {
 
 		private final Authentication authentication;
@@ -883,7 +883,7 @@ public final class SecurityMockMvcRequestPostProcessors {
 	 * @author Rob Winch
 	 * @since 4.0
 	 */
-	private final static class UserDetailsRequestPostProcessor implements RequestPostProcessor {
+	private static final class UserDetailsRequestPostProcessor implements RequestPostProcessor {
 
 		private final RequestPostProcessor delegate;
 
@@ -908,7 +908,7 @@ public final class SecurityMockMvcRequestPostProcessors {
 	 * @author Rob Winch
 	 * @since 4.0
 	 */
-	public final static class UserRequestPostProcessor extends SecurityContextRequestPostProcessorSupport
+	public static final class UserRequestPostProcessor extends SecurityContextRequestPostProcessorSupport
 			implements RequestPostProcessor {
 
 		private String username;
@@ -1046,7 +1046,7 @@ public final class SecurityMockMvcRequestPostProcessors {
 	 * @author Josh Cummings
 	 * @since 5.2
 	 */
-	public final static class JwtRequestPostProcessor implements RequestPostProcessor {
+	public static final class JwtRequestPostProcessor implements RequestPostProcessor {
 
 		private Jwt jwt;
 
@@ -1137,7 +1137,7 @@ public final class SecurityMockMvcRequestPostProcessors {
 	 * @author Josh Cummings
 	 * @since 5.3
 	 */
-	public final static class OpaqueTokenRequestPostProcessor implements RequestPostProcessor {
+	public static final class OpaqueTokenRequestPostProcessor implements RequestPostProcessor {
 
 		private Supplier<Map<String, Object>> attributes = this::defaultAttributes;
 
@@ -1265,7 +1265,7 @@ public final class SecurityMockMvcRequestPostProcessors {
 	 * @author Josh Cummings
 	 * @since 5.3
 	 */
-	public final static class OAuth2LoginRequestPostProcessor implements RequestPostProcessor {
+	public static final class OAuth2LoginRequestPostProcessor implements RequestPostProcessor {
 
 		private final String nameAttributeKey = "sub";
 
@@ -1393,7 +1393,7 @@ public final class SecurityMockMvcRequestPostProcessors {
 	 * @author Josh Cummings
 	 * @since 5.3
 	 */
-	public final static class OidcLoginRequestPostProcessor implements RequestPostProcessor {
+	public static final class OidcLoginRequestPostProcessor implements RequestPostProcessor {
 
 		private ClientRegistration clientRegistration;
 
@@ -1541,7 +1541,7 @@ public final class SecurityMockMvcRequestPostProcessors {
 	 * @author Josh Cummings
 	 * @since 5.3
 	 */
-	public final static class OAuth2ClientRequestPostProcessor implements RequestPostProcessor {
+	public static final class OAuth2ClientRequestPostProcessor implements RequestPostProcessor {
 
 		private String registrationId = "test";
 
@@ -1638,9 +1638,9 @@ public final class SecurityMockMvcRequestPostProcessors {
 		 */
 		private static final class TestOAuth2AuthorizedClientManager implements OAuth2AuthorizedClientManager {
 
-			final static String TOKEN_ATTR_NAME = TestOAuth2AuthorizedClientManager.class.getName().concat(".TOKEN");
+			static final String TOKEN_ATTR_NAME = TestOAuth2AuthorizedClientManager.class.getName().concat(".TOKEN");
 
-			final static String ENABLED_ATTR_NAME = TestOAuth2AuthorizedClientManager.class.getName()
+			static final String ENABLED_ATTR_NAME = TestOAuth2AuthorizedClientManager.class.getName()
 					.concat(".ENABLED");
 
 			private final OAuth2AuthorizedClientManager delegate;
diff --git a/test/src/main/java/org/springframework/security/test/web/servlet/response/SecurityMockMvcResultMatchers.java b/test/src/main/java/org/springframework/security/test/web/servlet/response/SecurityMockMvcResultMatchers.java
index 6c09322364..a284463c3b 100644
--- a/test/src/main/java/org/springframework/security/test/web/servlet/response/SecurityMockMvcResultMatchers.java
+++ b/test/src/main/java/org/springframework/security/test/web/servlet/response/SecurityMockMvcResultMatchers.java
@@ -60,7 +60,7 @@ public final class SecurityMockMvcResultMatchers {
 		return new UnAuthenticatedMatcher();
 	}
 
-	private static abstract class AuthenticationMatcher<T extends AuthenticationMatcher<T>> implements ResultMatcher {
+	private abstract static class AuthenticationMatcher<T extends AuthenticationMatcher<T>> implements ResultMatcher {
 
 		protected SecurityContext load(MvcResult result) {
 			HttpRequestResponseHolder holder = new HttpRequestResponseHolder(result.getRequest(), result.getResponse());
diff --git a/web/src/main/java/org/springframework/security/web/FilterChainProxy.java b/web/src/main/java/org/springframework/security/web/FilterChainProxy.java
index 4758a34a65..821cd7c8f6 100644
--- a/web/src/main/java/org/springframework/security/web/FilterChainProxy.java
+++ b/web/src/main/java/org/springframework/security/web/FilterChainProxy.java
@@ -143,7 +143,7 @@ public class FilterChainProxy extends GenericFilterBean {
 
 	private static final Log logger = LogFactory.getLog(FilterChainProxy.class);
 
-	private final static String FILTER_APPLIED = FilterChainProxy.class.getName().concat(".APPLIED");
+	private static final String FILTER_APPLIED = FilterChainProxy.class.getName().concat(".APPLIED");
 
 	private List<SecurityFilterChain> filterChains;
 
diff --git a/web/src/main/java/org/springframework/security/web/access/expression/ExpressionBasedFilterInvocationSecurityMetadataSource.java b/web/src/main/java/org/springframework/security/web/access/expression/ExpressionBasedFilterInvocationSecurityMetadataSource.java
index ee4f5cd176..88f83e32ab 100644
--- a/web/src/main/java/org/springframework/security/web/access/expression/ExpressionBasedFilterInvocationSecurityMetadataSource.java
+++ b/web/src/main/java/org/springframework/security/web/access/expression/ExpressionBasedFilterInvocationSecurityMetadataSource.java
@@ -45,7 +45,7 @@ import org.springframework.util.Assert;
 public final class ExpressionBasedFilterInvocationSecurityMetadataSource
 		extends DefaultFilterInvocationSecurityMetadataSource {
 
-	private final static Log logger = LogFactory.getLog(ExpressionBasedFilterInvocationSecurityMetadataSource.class);
+	private static final Log logger = LogFactory.getLog(ExpressionBasedFilterInvocationSecurityMetadataSource.class);
 
 	public ExpressionBasedFilterInvocationSecurityMetadataSource(
 			LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>> requestMap,
diff --git a/web/src/main/java/org/springframework/security/web/util/matcher/RegexRequestMatcher.java b/web/src/main/java/org/springframework/security/web/util/matcher/RegexRequestMatcher.java
index a7e23cc6f1..ed1d25e04f 100644
--- a/web/src/main/java/org/springframework/security/web/util/matcher/RegexRequestMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/util/matcher/RegexRequestMatcher.java
@@ -41,7 +41,7 @@ import org.springframework.util.StringUtils;
  */
 public final class RegexRequestMatcher implements RequestMatcher {
 
-	private final static Log logger = LogFactory.getLog(RegexRequestMatcher.class);
+	private static final Log logger = LogFactory.getLog(RegexRequestMatcher.class);
 
 	private final Pattern pattern;
 
diff --git a/web/src/test/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilterTests.java
index 5da0d3df2f..71401bf5ad 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilterTests.java
@@ -62,7 +62,7 @@ import static org.mockito.Mockito.verify;
  */
 public class SwitchUserFilterTests {
 
-	private final static List<GrantedAuthority> ROLES_12 = AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO");
+	private static final List<GrantedAuthority> ROLES_12 = AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO");
 
 	@Rule
 	public ExpectedException thrown = ExpectedException.none();

From 81fe9fc640a5bc1783d150037a6445f356a7567e Mon Sep 17 00:00:00 2001
From: Phillip Webb <pwebb@vmware.com>
Date: Mon, 27 Jul 2020 10:01:32 -0700
Subject: [PATCH 25/84] Make all exception classes immutable

Update all exception classes so that they are fully immutable and cannot
be changed once they have been thrown.

Issue gh-8945
---
 etc/checkstyle/checkstyle-suppressions.xml    | 12 ++++------
 .../core/OAuth2AuthenticationException.java   | 13 ++++-------
 .../core/OAuth2AuthorizationException.java    |  2 +-
 .../Saml2AuthenticationException.java         | 23 ++++++-------------
 .../web/util/ThrowableAnalyzerTests.java      |  6 ++---
 5 files changed, 20 insertions(+), 36 deletions(-)

diff --git a/etc/checkstyle/checkstyle-suppressions.xml b/etc/checkstyle/checkstyle-suppressions.xml
index 39c2f65c38..cd34ac85a4 100644
--- a/etc/checkstyle/checkstyle-suppressions.xml
+++ b/etc/checkstyle/checkstyle-suppressions.xml
@@ -3,13 +3,6 @@
 		"-//Checkstyle//DTD SuppressionFilter Configuration 1.2//EN"
 		"https://checkstyle.org/dtds/suppressions_1_2.dtd">
 <suppressions>
-	<suppress files=".*" checks="JavadocMethod" />
-	<suppress files=".*" checks="JavadocStyle" />
-	<suppress files=".*" checks="JavadocTagContinuationIndentation" />
-	<suppress files=".*" checks="JavadocType" />
-	<suppress files=".*" checks="JavadocVariable" />
-	<suppress files=".*" checks="MultipleVariableDeclarations" />
-	<suppress files=".*" checks="MutableException" />
 	<suppress files=".*" checks="NeedBraces" />
 	<suppress files=".*" checks="NestedIfDepth" />
 	<suppress files=".*" checks="NewlineAtEndOfFile" />
@@ -32,6 +25,11 @@
 	<suppress files=".*" checks="SpringTernary" />
 	<suppress files=".*" checks="WhitespaceAfter" />
 	<suppress files=".*" checks="WhitespaceAround" />
+	<suppress files=".*" checks="JavadocMethod" />
+	<suppress files=".*" checks="JavadocStyle" />
+	<suppress files=".*" checks="JavadocTagContinuationIndentation" />
+	<suppress files=".*" checks="JavadocType" />
+	<suppress files=".*" checks="JavadocVariable" />
 
 	<!-- Ignore third-party code -->
 	<suppress files="BCrypt\.java|BCryptTests\.java" checks=".*"/>
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2AuthenticationException.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2AuthenticationException.java
index 7feff6c666..11fcc5d7aa 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2AuthenticationException.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2AuthenticationException.java
@@ -40,7 +40,7 @@ import org.springframework.util.Assert;
  */
 public class OAuth2AuthenticationException extends AuthenticationException {
 
-	private OAuth2Error error;
+	private final OAuth2Error error;
 
 	/**
 	 * Constructs an {@code OAuth2AuthenticationException} using the provided parameters.
@@ -65,8 +65,7 @@ public class OAuth2AuthenticationException extends AuthenticationException {
 	 * @param message the detail message
 	 */
 	public OAuth2AuthenticationException(OAuth2Error error, String message) {
-		super(message);
-		this.setError(error);
+		this(error, message, null);
 	}
 
 	/**
@@ -77,7 +76,8 @@ public class OAuth2AuthenticationException extends AuthenticationException {
 	 */
 	public OAuth2AuthenticationException(OAuth2Error error, String message, Throwable cause) {
 		super(message, cause);
-		this.setError(error);
+		Assert.notNull(error, "error cannot be null");
+		this.error = error;
 	}
 
 	/**
@@ -88,9 +88,4 @@ public class OAuth2AuthenticationException extends AuthenticationException {
 		return this.error;
 	}
 
-	private void setError(OAuth2Error error) {
-		Assert.notNull(error, "error cannot be null");
-		this.error = error;
-	}
-
 }
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2AuthorizationException.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2AuthorizationException.java
index 5902a048a4..aba323e7b2 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2AuthorizationException.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2AuthorizationException.java
@@ -25,7 +25,7 @@ import org.springframework.util.Assert;
  */
 public class OAuth2AuthorizationException extends RuntimeException {
 
-	private OAuth2Error error;
+	private final OAuth2Error error;
 
 	/**
 	 * Constructs an {@code OAuth2AuthorizationException} using the provided parameters.
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationException.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationException.java
index a2d5b7deea..64807dbfba 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationException.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationException.java
@@ -40,7 +40,7 @@ import org.springframework.util.Assert;
  */
 public class Saml2AuthenticationException extends AuthenticationException {
 
-	private Saml2Error error;
+	private final Saml2Error error;
 
 	/**
 	 * Constructs a {@code Saml2AuthenticationException} using the provided parameters.
@@ -65,8 +65,7 @@ public class Saml2AuthenticationException extends AuthenticationException {
 	 * @param message the detail message
 	 */
 	public Saml2AuthenticationException(Saml2Error error, String message) {
-		super(message);
-		this.setError(error);
+		this(error, message, null);
 	}
 
 	/**
@@ -77,7 +76,8 @@ public class Saml2AuthenticationException extends AuthenticationException {
 	 */
 	public Saml2AuthenticationException(Saml2Error error, String message, Throwable cause) {
 		super(message, cause);
-		this.setError(error);
+		Assert.notNull(error, "error cannot be null");
+		this.error = error;
 	}
 
 	/**
@@ -120,8 +120,7 @@ public class Saml2AuthenticationException extends AuthenticationException {
 	@Deprecated
 	public Saml2AuthenticationException(
 			org.springframework.security.saml2.provider.service.authentication.Saml2Error error, String message) {
-		super(message);
-		this.setError(error);
+		this(error, message, null);
 	}
 
 	/**
@@ -140,7 +139,8 @@ public class Saml2AuthenticationException extends AuthenticationException {
 			org.springframework.security.saml2.provider.service.authentication.Saml2Error error, String message,
 			Throwable cause) {
 		super(message, cause);
-		this.setError(error);
+		Assert.notNull(error, "error cannot be null");
+		this.error = new Saml2Error(error.getErrorCode(), error.getDescription());
 	}
 
 	/**
@@ -162,15 +162,6 @@ public class Saml2AuthenticationException extends AuthenticationException {
 				this.error.getErrorCode(), this.error.getDescription());
 	}
 
-	private void setError(Saml2Error error) {
-		Assert.notNull(error, "error cannot be null");
-		this.error = error;
-	}
-
-	private void setError(org.springframework.security.saml2.provider.service.authentication.Saml2Error error) {
-		setError(new Saml2Error(error.getErrorCode(), error.getDescription()));
-	}
-
 	@Override
 	public String toString() {
 		final StringBuffer sb = new StringBuffer("Saml2AuthenticationException{");
diff --git a/web/src/test/java/org/springframework/security/web/util/ThrowableAnalyzerTests.java b/web/src/test/java/org/springframework/security/web/util/ThrowableAnalyzerTests.java
index 1c6fa7efb6..82895a0cd0 100644
--- a/web/src/test/java/org/springframework/security/web/util/ThrowableAnalyzerTests.java
+++ b/web/src/test/java/org/springframework/security/web/util/ThrowableAnalyzerTests.java
@@ -250,12 +250,12 @@ public class ThrowableAnalyzerTests {
 	}
 
 	/**
-	 * Exception for testing purposes. The cause is not retrievable by {@link #getCause()}
-	 * .
+	 * Exception for testing purposes. The cause is not retrievable by
+	 * {@link #getCause()}.
 	 */
 	public static final class NonStandardException extends Exception {
 
-		private Throwable cause;
+		private final Throwable cause;
 
 		public NonStandardException(String message, Throwable cause) {
 			super(message);

From 0b4b22f28fc4ba0c7cd178e4cd3704178fbe611e Mon Sep 17 00:00:00 2001
From: Phillip Webb <pwebb@vmware.com>
Date: Mon, 27 Jul 2020 10:02:46 -0700
Subject: [PATCH 26/84] Remove "need braces" checkstyle suppression

Remove the "need braces" checkstyle suppression which does not cause
any violations.

Issue gh-8945
---
 etc/checkstyle/checkstyle-suppressions.xml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/etc/checkstyle/checkstyle-suppressions.xml b/etc/checkstyle/checkstyle-suppressions.xml
index cd34ac85a4..9235077c8b 100644
--- a/etc/checkstyle/checkstyle-suppressions.xml
+++ b/etc/checkstyle/checkstyle-suppressions.xml
@@ -3,7 +3,6 @@
 		"-//Checkstyle//DTD SuppressionFilter Configuration 1.2//EN"
 		"https://checkstyle.org/dtds/suppressions_1_2.dtd">
 <suppressions>
-	<suppress files=".*" checks="NeedBraces" />
 	<suppress files=".*" checks="NestedIfDepth" />
 	<suppress files=".*" checks="NewlineAtEndOfFile" />
 	<suppress files=".*" checks="NonEmptyAtclauseDescription" />

From 218480fb7c07e40b0b141e5201f1e7a6af39f682 Mon Sep 17 00:00:00 2001
From: Phillip Webb <pwebb@vmware.com>
Date: Mon, 27 Jul 2020 10:23:31 -0700
Subject: [PATCH 27/84] Reduce the number of nested if statements

Refactor `HeadersBeanDefinitionParser` and `AclImpl` to reduce the
number of nested if statements. A few extracted methods are now used
to hopefully improve readability.

Issue gh-8945
---
 .../security/acls/domain/AclImpl.java         |  45 ++----
 .../http/HeadersBeanDefinitionParser.java     | 139 +++++++++---------
 etc/checkstyle/checkstyle-suppressions.xml    |   1 -
 3 files changed, 87 insertions(+), 98 deletions(-)

diff --git a/acl/src/main/java/org/springframework/security/acls/domain/AclImpl.java b/acl/src/main/java/org/springframework/security/acls/domain/AclImpl.java
index 01b0303d55..b314b389a9 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/AclImpl.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/AclImpl.java
@@ -31,6 +31,7 @@ import org.springframework.security.acls.model.PermissionGrantingStrategy;
 import org.springframework.security.acls.model.Sid;
 import org.springframework.security.acls.model.UnloadedSidException;
 import org.springframework.util.Assert;
+import org.springframework.util.ObjectUtils;
 
 /**
  * Base implementation of <code>Acl</code>.
@@ -285,36 +286,22 @@ public class AclImpl implements Acl, MutableAcl, AuditableAcl, OwnershipAcl {
 
 	@Override
 	public boolean equals(Object obj) {
-		if (obj instanceof AclImpl) {
-			AclImpl rhs = (AclImpl) obj;
-			if (this.aces.equals(rhs.aces)) {
-				if ((this.parentAcl == null && rhs.parentAcl == null)
-						|| (this.parentAcl != null && this.parentAcl.equals(rhs.parentAcl))) {
-					if ((this.objectIdentity == null && rhs.objectIdentity == null)
-							|| (this.objectIdentity != null && this.objectIdentity.equals(rhs.objectIdentity))) {
-						if ((this.id == null && rhs.id == null) || (this.id != null && this.id.equals(rhs.id))) {
-							if ((this.owner == null && rhs.owner == null)
-									|| (this.owner != null && this.owner.equals(rhs.owner))) {
-								if (this.entriesInheriting == rhs.entriesInheriting) {
-									if ((this.loadedSids == null && rhs.loadedSids == null)) {
-										return true;
-									}
-									if (this.loadedSids != null && (this.loadedSids.size() == rhs.loadedSids.size())) {
-										for (int i = 0; i < this.loadedSids.size(); i++) {
-											if (!this.loadedSids.get(i).equals(rhs.loadedSids.get(i))) {
-												return false;
-											}
-										}
-										return true;
-									}
-								}
-							}
-						}
-					}
-				}
-			}
+		if (obj == this) {
+			return true;
 		}
-		return false;
+		if (obj == null || !(obj instanceof AclImpl)) {
+			return false;
+		}
+		AclImpl other = (AclImpl) obj;
+		boolean result = true;
+		result = result && this.aces.equals(other.aces);
+		result = result && ObjectUtils.nullSafeEquals(this.parentAcl, other.parentAcl);
+		result = result && ObjectUtils.nullSafeEquals(this.objectIdentity, other.objectIdentity);
+		result = result && ObjectUtils.nullSafeEquals(this.id, other.id);
+		result = result && ObjectUtils.nullSafeEquals(this.owner, other.owner);
+		result = result && this.entriesInheriting == other.entriesInheriting;
+		result = result && ObjectUtils.nullSafeEquals(this.loadedSids, other.loadedSids);
+		return result;
 	}
 
 	@Override
diff --git a/config/src/main/java/org/springframework/security/config/http/HeadersBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/HeadersBeanDefinitionParser.java
index d3ff5e4ab1..0d24b203cb 100644
--- a/config/src/main/java/org/springframework/security/config/http/HeadersBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/HeadersBeanDefinitionParser.java
@@ -426,80 +426,83 @@ public class HeadersBeanDefinitionParser implements BeanDefinitionParser {
 
 	private void parseFrameOptionsElement(boolean addIfNotPresent, Element element, ParserContext parserContext) {
 		BeanDefinitionBuilder builder = BeanDefinitionBuilder.genericBeanDefinition(XFrameOptionsHeaderWriter.class);
-
-		Element frameElt = element == null ? null : DomUtils.getChildElementByTagName(element, FRAME_OPTIONS_ELEMENT);
-		if (frameElt != null) {
-			String header = getAttribute(frameElt, ATT_POLICY, null);
-			boolean disabled = "true".equals(getAttribute(frameElt, ATT_DISABLED, "false"));
-
-			if (disabled && header != null) {
-				this.attrNotAllowed(parserContext, ATT_DISABLED, ATT_POLICY, frameElt);
-			}
-			if (!StringUtils.hasText(header)) {
-				header = "DENY";
-			}
-
-			if (ALLOW_FROM.equals(header)) {
-				String strategyRef = getAttribute(frameElt, ATT_REF, null);
-				String strategy = getAttribute(frameElt, ATT_STRATEGY, null);
-
-				if (StringUtils.hasText(strategy) && StringUtils.hasText(strategyRef)) {
-					parserContext.getReaderContext().error("Only one of 'strategy' or 'strategy-ref' can be set.",
-							frameElt);
-				}
-				else if (strategyRef != null) {
-					builder.addConstructorArgReference(strategyRef);
-				}
-				else if (strategy != null) {
-					String value = getAttribute(frameElt, ATT_VALUE, null);
-					if (!StringUtils.hasText(value)) {
-						parserContext.getReaderContext().error("Strategy requires a 'value' to be set.", frameElt);
-					}
-					// static, whitelist, regexp
-					if ("static".equals(strategy)) {
-						try {
-							builder.addConstructorArgValue(new StaticAllowFromStrategy(new URI(value)));
-						}
-						catch (URISyntaxException e) {
-							parserContext.getReaderContext().error("'value' attribute doesn't represent a valid URI.",
-									frameElt, e);
-						}
-					}
-					else {
-						BeanDefinitionBuilder allowFromStrategy;
-						if ("whitelist".equals(strategy)) {
-							allowFromStrategy = BeanDefinitionBuilder
-									.rootBeanDefinition(WhiteListedAllowFromStrategy.class);
-							allowFromStrategy.addConstructorArgValue(StringUtils.commaDelimitedListToSet(value));
-						}
-						else {
-							allowFromStrategy = BeanDefinitionBuilder.rootBeanDefinition(RegExpAllowFromStrategy.class);
-							allowFromStrategy.addConstructorArgValue(value);
-						}
-						String fromParameter = getAttribute(frameElt, ATT_FROM_PARAMETER, "from");
-						allowFromStrategy.addPropertyValue("allowFromParameterName", fromParameter);
-						builder.addConstructorArgValue(allowFromStrategy.getBeanDefinition());
-					}
-				}
-				else {
-					parserContext.getReaderContext().error("One of 'strategy' and 'strategy-ref' must be set.",
-							frameElt);
-				}
-			}
-			else {
-				builder.addConstructorArgValue(header);
-			}
-
-			if (disabled) {
-				return;
+		Element frameElement = (element != null) ? DomUtils.getChildElementByTagName(element, FRAME_OPTIONS_ELEMENT)
+				: null;
+		if (frameElement == null) {
+			if (addIfNotPresent) {
+				this.headerWriters.add(builder.getBeanDefinition());
 			}
+			return;
 		}
-
-		if (addIfNotPresent || frameElt != null) {
+		String header = getAttribute(frameElement, ATT_POLICY, null);
+		boolean disabled = "true".equals(getAttribute(frameElement, ATT_DISABLED, "false"));
+		if (disabled && header != null) {
+			this.attrNotAllowed(parserContext, ATT_DISABLED, ATT_POLICY, frameElement);
+		}
+		header = StringUtils.hasText(header) ? header : "DENY";
+		if (ALLOW_FROM.equals(header)) {
+			parseAllowFromFrameOptionsElement(parserContext, builder, frameElement);
+		}
+		else {
+			builder.addConstructorArgValue(header);
+		}
+		if (!disabled) {
 			this.headerWriters.add(builder.getBeanDefinition());
 		}
 	}
 
+	private void parseAllowFromFrameOptionsElement(ParserContext parserContext, BeanDefinitionBuilder builder,
+			Element frameElement) {
+		String strategyRef = getAttribute(frameElement, ATT_REF, null);
+		String strategy = getAttribute(frameElement, ATT_STRATEGY, null);
+		if (StringUtils.hasText(strategy) && StringUtils.hasText(strategyRef)) {
+			parserContext.getReaderContext().error("Only one of 'strategy' or 'strategy-ref' can be set.",
+					frameElement);
+			return;
+		}
+		if (strategyRef != null) {
+			builder.addConstructorArgReference(strategyRef);
+			return;
+		}
+		if (strategy == null) {
+			parserContext.getReaderContext().error("One of 'strategy' and 'strategy-ref' must be set.", frameElement);
+			return;
+		}
+		String value = getAttribute(frameElement, ATT_VALUE, null);
+		if (!StringUtils.hasText(value)) {
+			parserContext.getReaderContext().error("Strategy requires a 'value' to be set.", frameElement);
+			return;
+		}
+		// static, whitelist, regexp
+		if ("static".equals(strategy)) {
+			try {
+				builder.addConstructorArgValue(new StaticAllowFromStrategy(new URI(value)));
+			}
+			catch (URISyntaxException e) {
+				parserContext.getReaderContext().error("'value' attribute doesn't represent a valid URI.", frameElement,
+						e);
+			}
+			return;
+		}
+		BeanDefinitionBuilder allowFromStrategy = getAllowFromStrategy(strategy, value);
+		String fromParameter = getAttribute(frameElement, ATT_FROM_PARAMETER, "from");
+		allowFromStrategy.addPropertyValue("allowFromParameterName", fromParameter);
+		builder.addConstructorArgValue(allowFromStrategy.getBeanDefinition());
+	}
+
+	private BeanDefinitionBuilder getAllowFromStrategy(String strategy, String value) {
+		if ("whitelist".equals(strategy)) {
+			BeanDefinitionBuilder allowFromStrategy = BeanDefinitionBuilder
+					.rootBeanDefinition(WhiteListedAllowFromStrategy.class);
+			allowFromStrategy.addConstructorArgValue(StringUtils.commaDelimitedListToSet(value));
+			return allowFromStrategy;
+		}
+		BeanDefinitionBuilder allowFromStrategy;
+		allowFromStrategy = BeanDefinitionBuilder.rootBeanDefinition(RegExpAllowFromStrategy.class);
+		allowFromStrategy.addConstructorArgValue(value);
+		return allowFromStrategy;
+	}
+
 	private void parseXssElement(boolean addIfNotPresent, Element element, ParserContext parserContext) {
 		Element xssElt = element == null ? null : DomUtils.getChildElementByTagName(element, XSS_ELEMENT);
 		BeanDefinitionBuilder builder = BeanDefinitionBuilder.genericBeanDefinition(XXssProtectionHeaderWriter.class);
diff --git a/etc/checkstyle/checkstyle-suppressions.xml b/etc/checkstyle/checkstyle-suppressions.xml
index 9235077c8b..667855b99e 100644
--- a/etc/checkstyle/checkstyle-suppressions.xml
+++ b/etc/checkstyle/checkstyle-suppressions.xml
@@ -3,7 +3,6 @@
 		"-//Checkstyle//DTD SuppressionFilter Configuration 1.2//EN"
 		"https://checkstyle.org/dtds/suppressions_1_2.dtd">
 <suppressions>
-	<suppress files=".*" checks="NestedIfDepth" />
 	<suppress files=".*" checks="NewlineAtEndOfFile" />
 	<suppress files=".*" checks="NonEmptyAtclauseDescription" />
 	<suppress files=".*" checks="NoWhitespaceBefore" />

From 4d487e8dc3ba8c18b156e4ce548d94aab73b8915 Mon Sep 17 00:00:00 2001
From: Phillip Webb <pwebb@vmware.com>
Date: Mon, 27 Jul 2020 11:07:14 -0700
Subject: [PATCH 28/84] Ensure all files end with a new line

Update all files to ensure that they always end with a new-line
character.

Issue gh-8945
---
 .../authentication/DefaultServiceAuthenticationDetails.java   | 2 +-
 .../cas/web/authentication/ServiceAuthenticationDetails.java  | 2 +-
 .../authentication/ServiceAuthenticationDetailsSource.java    | 2 +-
 .../security/config/annotation/ObjectPostProcessor.java       | 2 +-
 .../GlobalMethodSecurityAspectJAutoProxyRegistrar.java        | 2 +-
 .../config/annotation/web/configurers/PermitAllSupport.java   | 2 +-
 .../config/debug/SecurityDebugBeanFactoryPostProcessor.java   | 2 +-
 .../config/annotation/issue50/repo/UserRepository.java        | 2 +-
 .../web/configuration/WebMvcSecurityConfigurationTests.java   | 2 +-
 .../security/config/http/WebConfigUtilsTests.java             | 2 +-
 .../security/config/method/PreAuthorizeServiceImpl.java       | 2 +-
 .../security/config/method/PreAuthorizeTests.java             | 2 +-
 .../security/config/method/SecuredAdminRole.java              | 2 +-
 .../springframework/security/config/method/SecuredTests.java  | 2 +-
 .../security/config/method/sec2499/Sec2499Tests.java          | 2 +-
 .../security/access/annotation/Jsr250SecurityConfig.java      | 2 +-
 .../java/org/springframework/security/access/method/P.java    | 2 +-
 .../InternalAuthenticationServiceException.java               | 2 +-
 .../authentication/ReactiveAuthenticationManagerResolver.java | 2 +-
 .../authentication/jaas/memory/InMemoryConfiguration.java     | 2 +-
 .../concurrent/DelegatingSecurityContextExecutor.java         | 2 +-
 .../org/springframework/security/jackson2/package-info.java   | 4 ----
 .../security/task/DelegatingSecurityContextTaskExecutor.java  | 2 +-
 .../security/access/annotation/sec2150/CrudRepository.java    | 2 +-
 .../security/access/annotation/sec2150/PersonRepository.java  | 2 +-
 .../CurrentDelegatingSecurityContextExecutorServiceTests.java | 2 +-
 ...ExplicitDelegatingSecurityContextExecutorServiceTests.java | 2 +-
 ...elegatingSecurityContextScheduledExecutorServiceTests.java | 2 +-
 .../security/crypto/keygen/StringKeyGenerator.java            | 2 +-
 .../query/SecurityEvaluationContextExtensionTests.java        | 2 +-
 etc/checkstyle/checkstyle-suppressions.xml                    | 1 -
 .../security/integration/StubUserRepository.java              | 2 +-
 .../security/messaging/util/matcher/AndMessageMatcher.java    | 2 +-
 .../rsocket/metadata/BasicAuthenticationDecoderTests.java     | 2 +-
 .../support/WithAnonymousUserSecurityContextFactory.java      | 2 +-
 .../test/context/support/WithSecurityContextFactory.java      | 2 +-
 .../security/test/context/showcase/CustomUserDetails.java     | 2 +-
 .../security/test/context/showcase/WithMockUserParent.java    | 2 +-
 .../test/context/showcase/WithMockUserParentTests.java        | 2 +-
 .../security/test/context/showcase/WithMockUserTests.java     | 2 +-
 ...kMvcRequestPostProcessorsAuthenticationStatelessTests.java | 2 +-
 ...equestPostProcessorsTestSecurityContextStatelessTests.java | 2 +-
 .../showcase/secured/DefaultfSecurityRequestsTests.java       | 2 +-
 .../web/servlet/showcase/secured/SecurityRequestsTests.java   | 2 +-
 .../servlet/showcase/secured/WithUserAuthenticationTests.java | 2 +-
 .../secured/WithUserClassLevelAuthenticationTests.java        | 2 +-
 .../web/authentication/logout/CompositeLogoutHandler.java     | 2 +-
 .../session/AbstractSessionFixationProtectionStrategy.java    | 2 +-
 .../session/CompositeSessionAuthenticationStrategy.java       | 2 +-
 .../request/async/WebAsyncManagerIntegrationFilter.java       | 2 +-
 .../org/springframework/security/web/csrf/CsrfException.java  | 2 +-
 .../springframework/security/web/csrf/CsrfLogoutHandler.java  | 2 +-
 .../java/org/springframework/security/web/csrf/CsrfToken.java | 2 +-
 .../security/web/csrf/InvalidCsrfTokenException.java          | 2 +-
 .../security/web/csrf/MissingCsrfTokenException.java          | 2 +-
 .../springframework/security/web/jaasapi/package-info.java    | 2 +-
 .../springframework/security/web/jackson2/package-info.java   | 2 +-
 .../web/session/InvalidSessionAccessDeniedHandler.java        | 2 +-
 .../security/web/util/matcher/AndRequestMatcher.java          | 2 +-
 .../security/web/util/matcher/MediaTypeRequestMatcher.java    | 2 +-
 .../security/web/util/matcher/NegatedRequestMatcher.java      | 2 +-
 .../security/web/util/matcher/OrRequestMatcher.java           | 2 +-
 .../web/authentication/HttpStatusEntryPointTests.java         | 2 +-
 .../util/matcher/MediaTypeRequestMatcherRequestHCNSTests.java | 2 +-
 64 files changed, 62 insertions(+), 67 deletions(-)

diff --git a/cas/src/main/java/org/springframework/security/cas/web/authentication/DefaultServiceAuthenticationDetails.java b/cas/src/main/java/org/springframework/security/cas/web/authentication/DefaultServiceAuthenticationDetails.java
index 3726df3736..5cc9828d16 100644
--- a/cas/src/main/java/org/springframework/security/cas/web/authentication/DefaultServiceAuthenticationDetails.java
+++ b/cas/src/main/java/org/springframework/security/cas/web/authentication/DefaultServiceAuthenticationDetails.java
@@ -142,4 +142,4 @@ final class DefaultServiceAuthenticationDetails extends WebAuthenticationDetails
 		return port;
 	}
 
-}
\ No newline at end of file
+}
diff --git a/cas/src/main/java/org/springframework/security/cas/web/authentication/ServiceAuthenticationDetails.java b/cas/src/main/java/org/springframework/security/cas/web/authentication/ServiceAuthenticationDetails.java
index 5bf790dcc1..2f97f1321c 100644
--- a/cas/src/main/java/org/springframework/security/cas/web/authentication/ServiceAuthenticationDetails.java
+++ b/cas/src/main/java/org/springframework/security/cas/web/authentication/ServiceAuthenticationDetails.java
@@ -38,4 +38,4 @@ public interface ServiceAuthenticationDetails extends Serializable {
 	 */
 	String getServiceUrl();
 
-}
\ No newline at end of file
+}
diff --git a/cas/src/main/java/org/springframework/security/cas/web/authentication/ServiceAuthenticationDetailsSource.java b/cas/src/main/java/org/springframework/security/cas/web/authentication/ServiceAuthenticationDetailsSource.java
index 5875b587e3..336fe142aa 100644
--- a/cas/src/main/java/org/springframework/security/cas/web/authentication/ServiceAuthenticationDetailsSource.java
+++ b/cas/src/main/java/org/springframework/security/cas/web/authentication/ServiceAuthenticationDetailsSource.java
@@ -79,4 +79,4 @@ public class ServiceAuthenticationDetailsSource
 		}
 	}
 
-}
\ No newline at end of file
+}
diff --git a/config/src/main/java/org/springframework/security/config/annotation/ObjectPostProcessor.java b/config/src/main/java/org/springframework/security/config/annotation/ObjectPostProcessor.java
index 4218081cdb..39120f1833 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/ObjectPostProcessor.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/ObjectPostProcessor.java
@@ -38,4 +38,4 @@ public interface ObjectPostProcessor<T> {
 	 */
 	<O extends T> O postProcess(O object);
 
-}
\ No newline at end of file
+}
diff --git a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityAspectJAutoProxyRegistrar.java b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityAspectJAutoProxyRegistrar.java
index 7ddce8b636..196fa89a16 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityAspectJAutoProxyRegistrar.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityAspectJAutoProxyRegistrar.java
@@ -57,4 +57,4 @@ class GlobalMethodSecurityAspectJAutoProxyRegistrar implements ImportBeanDefinit
 		registry.registerBeanDefinition("annotationSecurityAspect$0", aspect.getBeanDefinition());
 	}
 
-}
\ No newline at end of file
+}
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/PermitAllSupport.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/PermitAllSupport.java
index dda33fed1d..c20068b09b 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/PermitAllSupport.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/PermitAllSupport.java
@@ -92,4 +92,4 @@ final class PermitAllSupport {
 	private PermitAllSupport() {
 	}
 
-}
\ No newline at end of file
+}
diff --git a/config/src/main/java/org/springframework/security/config/debug/SecurityDebugBeanFactoryPostProcessor.java b/config/src/main/java/org/springframework/security/config/debug/SecurityDebugBeanFactoryPostProcessor.java
index 6f142e4e58..58821987a8 100644
--- a/config/src/main/java/org/springframework/security/config/debug/SecurityDebugBeanFactoryPostProcessor.java
+++ b/config/src/main/java/org/springframework/security/config/debug/SecurityDebugBeanFactoryPostProcessor.java
@@ -60,4 +60,4 @@ public class SecurityDebugBeanFactoryPostProcessor implements BeanDefinitionRegi
 	public void postProcessBeanFactory(ConfigurableListableBeanFactory beanFactory) throws BeansException {
 	}
 
-}
\ No newline at end of file
+}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/issue50/repo/UserRepository.java b/config/src/test/java/org/springframework/security/config/annotation/issue50/repo/UserRepository.java
index f788d5caca..de8300b056 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/issue50/repo/UserRepository.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/issue50/repo/UserRepository.java
@@ -28,4 +28,4 @@ public interface UserRepository extends CrudRepository<User, String> {
 	@PreAuthorize("hasRole('ROLE_ADMIN')")
 	User findByUsername(String username);
 
-}
\ No newline at end of file
+}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebMvcSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebMvcSecurityConfigurationTests.java
index 227dbc258c..95ee25ae6a 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebMvcSecurityConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebMvcSecurityConfigurationTests.java
@@ -134,4 +134,4 @@ public class WebMvcSecurityConfigurationTests {
 
 	}
 
-}
\ No newline at end of file
+}
diff --git a/config/src/test/java/org/springframework/security/config/http/WebConfigUtilsTests.java b/config/src/test/java/org/springframework/security/config/http/WebConfigUtilsTests.java
index 565045e8ae..df9ce75d2f 100644
--- a/config/src/test/java/org/springframework/security/config/http/WebConfigUtilsTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/WebConfigUtilsTests.java
@@ -42,4 +42,4 @@ public class WebConfigUtilsTests {
 		verifyZeroInteractions(this.parserContext);
 	}
 
-}
\ No newline at end of file
+}
diff --git a/config/src/test/java/org/springframework/security/config/method/PreAuthorizeServiceImpl.java b/config/src/test/java/org/springframework/security/config/method/PreAuthorizeServiceImpl.java
index bac5904bb5..a17f384f43 100644
--- a/config/src/test/java/org/springframework/security/config/method/PreAuthorizeServiceImpl.java
+++ b/config/src/test/java/org/springframework/security/config/method/PreAuthorizeServiceImpl.java
@@ -29,4 +29,4 @@ public class PreAuthorizeServiceImpl {
 	public void contactPermission(Contact contact) {
 	}
 
-}
\ No newline at end of file
+}
diff --git a/config/src/test/java/org/springframework/security/config/method/PreAuthorizeTests.java b/config/src/test/java/org/springframework/security/config/method/PreAuthorizeTests.java
index 459c2a89ec..27333d7172 100644
--- a/config/src/test/java/org/springframework/security/config/method/PreAuthorizeTests.java
+++ b/config/src/test/java/org/springframework/security/config/method/PreAuthorizeTests.java
@@ -70,4 +70,4 @@ public class PreAuthorizeTests {
 		this.service.contactPermission(new Contact("admin"));
 	}
 
-}
\ No newline at end of file
+}
diff --git a/config/src/test/java/org/springframework/security/config/method/SecuredAdminRole.java b/config/src/test/java/org/springframework/security/config/method/SecuredAdminRole.java
index 31c98e9592..d3381b4c24 100644
--- a/config/src/test/java/org/springframework/security/config/method/SecuredAdminRole.java
+++ b/config/src/test/java/org/springframework/security/config/method/SecuredAdminRole.java
@@ -28,4 +28,4 @@ import org.springframework.security.access.annotation.Secured;
 @Secured("ROLE_ADMIN")
 public @interface SecuredAdminRole {
 
-}
\ No newline at end of file
+}
diff --git a/config/src/test/java/org/springframework/security/config/method/SecuredTests.java b/config/src/test/java/org/springframework/security/config/method/SecuredTests.java
index 9c3690a2b4..609ff5bf99 100644
--- a/config/src/test/java/org/springframework/security/config/method/SecuredTests.java
+++ b/config/src/test/java/org/springframework/security/config/method/SecuredTests.java
@@ -56,4 +56,4 @@ public class SecuredTests {
 		this.service.securedAdminRole();
 	}
 
-}
\ No newline at end of file
+}
diff --git a/config/src/test/java/org/springframework/security/config/method/sec2499/Sec2499Tests.java b/config/src/test/java/org/springframework/security/config/method/sec2499/Sec2499Tests.java
index 20a13f9ec0..3d991e1850 100644
--- a/config/src/test/java/org/springframework/security/config/method/sec2499/Sec2499Tests.java
+++ b/config/src/test/java/org/springframework/security/config/method/sec2499/Sec2499Tests.java
@@ -49,4 +49,4 @@ public class Sec2499Tests {
 		this.child.refresh();
 	}
 
-}
\ No newline at end of file
+}
diff --git a/core/src/main/java/org/springframework/security/access/annotation/Jsr250SecurityConfig.java b/core/src/main/java/org/springframework/security/access/annotation/Jsr250SecurityConfig.java
index ae99cd27b8..6f9322e165 100644
--- a/core/src/main/java/org/springframework/security/access/annotation/Jsr250SecurityConfig.java
+++ b/core/src/main/java/org/springframework/security/access/annotation/Jsr250SecurityConfig.java
@@ -36,4 +36,4 @@ public class Jsr250SecurityConfig extends SecurityConfig {
 		super(role);
 	}
 
-}
\ No newline at end of file
+}
diff --git a/core/src/main/java/org/springframework/security/access/method/P.java b/core/src/main/java/org/springframework/security/access/method/P.java
index b164c572ab..74b1894a45 100644
--- a/core/src/main/java/org/springframework/security/access/method/P.java
+++ b/core/src/main/java/org/springframework/security/access/method/P.java
@@ -46,4 +46,4 @@ public @interface P {
 	 */
 	String value();
 
-}
\ No newline at end of file
+}
diff --git a/core/src/main/java/org/springframework/security/authentication/InternalAuthenticationServiceException.java b/core/src/main/java/org/springframework/security/authentication/InternalAuthenticationServiceException.java
index 4e26ddd1a1..05952d3dc9 100644
--- a/core/src/main/java/org/springframework/security/authentication/InternalAuthenticationServiceException.java
+++ b/core/src/main/java/org/springframework/security/authentication/InternalAuthenticationServiceException.java
@@ -44,4 +44,4 @@ public class InternalAuthenticationServiceException extends AuthenticationServic
 		super(message);
 	}
 
-}
\ No newline at end of file
+}
diff --git a/core/src/main/java/org/springframework/security/authentication/ReactiveAuthenticationManagerResolver.java b/core/src/main/java/org/springframework/security/authentication/ReactiveAuthenticationManagerResolver.java
index 6594f896c6..4697c70311 100644
--- a/core/src/main/java/org/springframework/security/authentication/ReactiveAuthenticationManagerResolver.java
+++ b/core/src/main/java/org/springframework/security/authentication/ReactiveAuthenticationManagerResolver.java
@@ -30,4 +30,4 @@ public interface ReactiveAuthenticationManagerResolver<C> {
 
 	Mono<ReactiveAuthenticationManager> resolve(C context);
 
-}
\ No newline at end of file
+}
diff --git a/core/src/main/java/org/springframework/security/authentication/jaas/memory/InMemoryConfiguration.java b/core/src/main/java/org/springframework/security/authentication/jaas/memory/InMemoryConfiguration.java
index eba70cbaf2..cc7640d29d 100644
--- a/core/src/main/java/org/springframework/security/authentication/jaas/memory/InMemoryConfiguration.java
+++ b/core/src/main/java/org/springframework/security/authentication/jaas/memory/InMemoryConfiguration.java
@@ -89,4 +89,4 @@ public class InMemoryConfiguration extends Configuration {
 	public void refresh() {
 	}
 
-}
\ No newline at end of file
+}
diff --git a/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextExecutor.java b/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextExecutor.java
index fe70a8d289..60577d0ba9 100644
--- a/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextExecutor.java
+++ b/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextExecutor.java
@@ -66,4 +66,4 @@ public class DelegatingSecurityContextExecutor extends AbstractDelegatingSecurit
 		return this.delegate;
 	}
 
-}
\ No newline at end of file
+}
diff --git a/core/src/main/java/org/springframework/security/jackson2/package-info.java b/core/src/main/java/org/springframework/security/jackson2/package-info.java
index 9e818414a2..be6b4ff4ae 100644
--- a/core/src/main/java/org/springframework/security/jackson2/package-info.java
+++ b/core/src/main/java/org/springframework/security/jackson2/package-info.java
@@ -20,7 +20,3 @@
  * @since 4.2
  */
 package org.springframework.security.jackson2;
-
-/**
- * Package contains Jackson mixin classes.
- */
\ No newline at end of file
diff --git a/core/src/main/java/org/springframework/security/task/DelegatingSecurityContextTaskExecutor.java b/core/src/main/java/org/springframework/security/task/DelegatingSecurityContextTaskExecutor.java
index 8aa7c58d56..68234d0d56 100644
--- a/core/src/main/java/org/springframework/security/task/DelegatingSecurityContextTaskExecutor.java
+++ b/core/src/main/java/org/springframework/security/task/DelegatingSecurityContextTaskExecutor.java
@@ -51,4 +51,4 @@ public class DelegatingSecurityContextTaskExecutor extends DelegatingSecurityCon
 		this(delegate, null);
 	}
 
-}
\ No newline at end of file
+}
diff --git a/core/src/test/java/org/springframework/security/access/annotation/sec2150/CrudRepository.java b/core/src/test/java/org/springframework/security/access/annotation/sec2150/CrudRepository.java
index 6dbc29e864..060d6d8011 100644
--- a/core/src/test/java/org/springframework/security/access/annotation/sec2150/CrudRepository.java
+++ b/core/src/test/java/org/springframework/security/access/annotation/sec2150/CrudRepository.java
@@ -19,4 +19,4 @@ public interface CrudRepository {
 
 	Iterable<Object> findAll();
 
-}
\ No newline at end of file
+}
diff --git a/core/src/test/java/org/springframework/security/access/annotation/sec2150/PersonRepository.java b/core/src/test/java/org/springframework/security/access/annotation/sec2150/PersonRepository.java
index 221badfa3c..30258f07b0 100644
--- a/core/src/test/java/org/springframework/security/access/annotation/sec2150/PersonRepository.java
+++ b/core/src/test/java/org/springframework/security/access/annotation/sec2150/PersonRepository.java
@@ -29,4 +29,4 @@ import org.springframework.security.access.prepost.PreAuthorize;
 @PreAuthorize("hasRole('ROLE_PERSON')")
 public interface PersonRepository extends CrudRepository {
 
-}
\ No newline at end of file
+}
diff --git a/core/src/test/java/org/springframework/security/concurrent/CurrentDelegatingSecurityContextExecutorServiceTests.java b/core/src/test/java/org/springframework/security/concurrent/CurrentDelegatingSecurityContextExecutorServiceTests.java
index eb4b404ddd..081da79ff8 100644
--- a/core/src/test/java/org/springframework/security/concurrent/CurrentDelegatingSecurityContextExecutorServiceTests.java
+++ b/core/src/test/java/org/springframework/security/concurrent/CurrentDelegatingSecurityContextExecutorServiceTests.java
@@ -40,4 +40,4 @@ public class CurrentDelegatingSecurityContextExecutorServiceTests
 		return new DelegatingSecurityContextExecutorService(this.delegate);
 	}
 
-}
\ No newline at end of file
+}
diff --git a/core/src/test/java/org/springframework/security/concurrent/ExplicitDelegatingSecurityContextExecutorServiceTests.java b/core/src/test/java/org/springframework/security/concurrent/ExplicitDelegatingSecurityContextExecutorServiceTests.java
index f221ba93f8..5d18220b12 100644
--- a/core/src/test/java/org/springframework/security/concurrent/ExplicitDelegatingSecurityContextExecutorServiceTests.java
+++ b/core/src/test/java/org/springframework/security/concurrent/ExplicitDelegatingSecurityContextExecutorServiceTests.java
@@ -40,4 +40,4 @@ public class ExplicitDelegatingSecurityContextExecutorServiceTests
 		return new DelegatingSecurityContextExecutorService(this.delegate, this.securityContext);
 	}
 
-}
\ No newline at end of file
+}
diff --git a/core/src/test/java/org/springframework/security/concurrent/ExplicitDelegatingSecurityContextScheduledExecutorServiceTests.java b/core/src/test/java/org/springframework/security/concurrent/ExplicitDelegatingSecurityContextScheduledExecutorServiceTests.java
index 46d59cf36f..6a2f07f9aa 100644
--- a/core/src/test/java/org/springframework/security/concurrent/ExplicitDelegatingSecurityContextScheduledExecutorServiceTests.java
+++ b/core/src/test/java/org/springframework/security/concurrent/ExplicitDelegatingSecurityContextScheduledExecutorServiceTests.java
@@ -40,4 +40,4 @@ public class ExplicitDelegatingSecurityContextScheduledExecutorServiceTests
 		return new DelegatingSecurityContextScheduledExecutorService(this.delegate, this.securityContext);
 	}
 
-}
\ No newline at end of file
+}
diff --git a/crypto/src/main/java/org/springframework/security/crypto/keygen/StringKeyGenerator.java b/crypto/src/main/java/org/springframework/security/crypto/keygen/StringKeyGenerator.java
index d23a092fc0..81a0a49460 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/keygen/StringKeyGenerator.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/keygen/StringKeyGenerator.java
@@ -24,4 +24,4 @@ public interface StringKeyGenerator {
 
 	String generateKey();
 
-}
\ No newline at end of file
+}
diff --git a/data/src/test/java/org/springframework/security/data/repository/query/SecurityEvaluationContextExtensionTests.java b/data/src/test/java/org/springframework/security/data/repository/query/SecurityEvaluationContextExtensionTests.java
index cdf1097d70..7931e2470d 100644
--- a/data/src/test/java/org/springframework/security/data/repository/query/SecurityEvaluationContextExtensionTests.java
+++ b/data/src/test/java/org/springframework/security/data/repository/query/SecurityEvaluationContextExtensionTests.java
@@ -75,4 +75,4 @@ public class SecurityEvaluationContextExtensionTests {
 		return this.securityExtension.getRootObject();
 	}
 
-}
\ No newline at end of file
+}
diff --git a/etc/checkstyle/checkstyle-suppressions.xml b/etc/checkstyle/checkstyle-suppressions.xml
index 667855b99e..96f0bdc6b3 100644
--- a/etc/checkstyle/checkstyle-suppressions.xml
+++ b/etc/checkstyle/checkstyle-suppressions.xml
@@ -3,7 +3,6 @@
 		"-//Checkstyle//DTD SuppressionFilter Configuration 1.2//EN"
 		"https://checkstyle.org/dtds/suppressions_1_2.dtd">
 <suppressions>
-	<suppress files=".*" checks="NewlineAtEndOfFile" />
 	<suppress files=".*" checks="NonEmptyAtclauseDescription" />
 	<suppress files=".*" checks="NoWhitespaceBefore" />
 	<suppress files=".*" checks="OneTopLevelClass" />
diff --git a/itest/context/src/integration-test/java/org/springframework/security/integration/StubUserRepository.java b/itest/context/src/integration-test/java/org/springframework/security/integration/StubUserRepository.java
index 80c47c5700..88c4070a39 100644
--- a/itest/context/src/integration-test/java/org/springframework/security/integration/StubUserRepository.java
+++ b/itest/context/src/integration-test/java/org/springframework/security/integration/StubUserRepository.java
@@ -21,4 +21,4 @@ public class StubUserRepository implements UserRepository {
 	public void doSomething() {
 	}
 
-}
\ No newline at end of file
+}
diff --git a/messaging/src/main/java/org/springframework/security/messaging/util/matcher/AndMessageMatcher.java b/messaging/src/main/java/org/springframework/security/messaging/util/matcher/AndMessageMatcher.java
index f6bcc6ba9d..303f4dd120 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/util/matcher/AndMessageMatcher.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/util/matcher/AndMessageMatcher.java
@@ -60,4 +60,4 @@ public final class AndMessageMatcher<T> extends AbstractMessageMatcherComposite<
 		return true;
 	}
 
-}
\ No newline at end of file
+}
diff --git a/rsocket/src/test/java/org/springframework/security/rsocket/metadata/BasicAuthenticationDecoderTests.java b/rsocket/src/test/java/org/springframework/security/rsocket/metadata/BasicAuthenticationDecoderTests.java
index 4c088123e4..844747152d 100644
--- a/rsocket/src/test/java/org/springframework/security/rsocket/metadata/BasicAuthenticationDecoderTests.java
+++ b/rsocket/src/test/java/org/springframework/security/rsocket/metadata/BasicAuthenticationDecoderTests.java
@@ -50,4 +50,4 @@ public class BasicAuthenticationDecoderTests {
 		assertThat(actualCredentials).isEqualToComparingFieldByField(expectedCredentials);
 	}
 
-}
\ No newline at end of file
+}
diff --git a/test/src/main/java/org/springframework/security/test/context/support/WithAnonymousUserSecurityContextFactory.java b/test/src/main/java/org/springframework/security/test/context/support/WithAnonymousUserSecurityContextFactory.java
index 8a02e2cca9..044e3f0924 100644
--- a/test/src/main/java/org/springframework/security/test/context/support/WithAnonymousUserSecurityContextFactory.java
+++ b/test/src/main/java/org/springframework/security/test/context/support/WithAnonymousUserSecurityContextFactory.java
@@ -43,4 +43,4 @@ final class WithAnonymousUserSecurityContextFactory implements WithSecurityConte
 		return context;
 	}
 
-}
\ No newline at end of file
+}
diff --git a/test/src/main/java/org/springframework/security/test/context/support/WithSecurityContextFactory.java b/test/src/main/java/org/springframework/security/test/context/support/WithSecurityContextFactory.java
index 72c58cc84d..50c381b37b 100644
--- a/test/src/main/java/org/springframework/security/test/context/support/WithSecurityContextFactory.java
+++ b/test/src/main/java/org/springframework/security/test/context/support/WithSecurityContextFactory.java
@@ -41,4 +41,4 @@ public interface WithSecurityContextFactory<A extends Annotation> {
 	 */
 	SecurityContext createSecurityContext(A annotation);
 
-}
\ No newline at end of file
+}
diff --git a/test/src/test/java/org/springframework/security/test/context/showcase/CustomUserDetails.java b/test/src/test/java/org/springframework/security/test/context/showcase/CustomUserDetails.java
index 6fa4da4309..7b3220941f 100644
--- a/test/src/test/java/org/springframework/security/test/context/showcase/CustomUserDetails.java
+++ b/test/src/test/java/org/springframework/security/test/context/showcase/CustomUserDetails.java
@@ -78,4 +78,4 @@ public class CustomUserDetails implements UserDetails {
 		return "CustomUserDetails{" + "username='" + this.username + '\'' + '}';
 	}
 
-}
\ No newline at end of file
+}
diff --git a/test/src/test/java/org/springframework/security/test/context/showcase/WithMockUserParent.java b/test/src/test/java/org/springframework/security/test/context/showcase/WithMockUserParent.java
index 8085335ea1..25b613f11e 100644
--- a/test/src/test/java/org/springframework/security/test/context/showcase/WithMockUserParent.java
+++ b/test/src/test/java/org/springframework/security/test/context/showcase/WithMockUserParent.java
@@ -23,4 +23,4 @@ import org.springframework.security.test.context.support.WithMockUser;
 @WithMockUser
 public class WithMockUserParent {
 
-}
\ No newline at end of file
+}
diff --git a/test/src/test/java/org/springframework/security/test/context/showcase/WithMockUserParentTests.java b/test/src/test/java/org/springframework/security/test/context/showcase/WithMockUserParentTests.java
index 173829d3b9..299eca846f 100644
--- a/test/src/test/java/org/springframework/security/test/context/showcase/WithMockUserParentTests.java
+++ b/test/src/test/java/org/springframework/security/test/context/showcase/WithMockUserParentTests.java
@@ -60,4 +60,4 @@ public class WithMockUserParentTests extends WithMockUserParent {
 
 	}
 
-}
\ No newline at end of file
+}
diff --git a/test/src/test/java/org/springframework/security/test/context/showcase/WithMockUserTests.java b/test/src/test/java/org/springframework/security/test/context/showcase/WithMockUserTests.java
index 3efd86fcbf..4620a410d3 100644
--- a/test/src/test/java/org/springframework/security/test/context/showcase/WithMockUserTests.java
+++ b/test/src/test/java/org/springframework/security/test/context/showcase/WithMockUserTests.java
@@ -90,4 +90,4 @@ public class WithMockUserTests {
 
 	}
 
-}
\ No newline at end of file
+}
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsAuthenticationStatelessTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsAuthenticationStatelessTests.java
index 61cb427087..d37059a38a 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsAuthenticationStatelessTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsAuthenticationStatelessTests.java
@@ -103,4 +103,4 @@ public class SecurityMockMvcRequestPostProcessorsAuthenticationStatelessTests {
 
 	}
 
-}
\ No newline at end of file
+}
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsTestSecurityContextStatelessTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsTestSecurityContextStatelessTests.java
index 5b7de6735d..451884e0b5 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsTestSecurityContextStatelessTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsTestSecurityContextStatelessTests.java
@@ -101,4 +101,4 @@ public class SecurityMockMvcRequestPostProcessorsTestSecurityContextStatelessTes
 
 	}
 
-}
\ No newline at end of file
+}
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/DefaultfSecurityRequestsTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/DefaultfSecurityRequestsTests.java
index 4cb445cc87..bc985e978d 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/DefaultfSecurityRequestsTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/DefaultfSecurityRequestsTests.java
@@ -110,4 +110,4 @@ public class DefaultfSecurityRequestsTests {
 
 	}
 
-}
\ No newline at end of file
+}
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/SecurityRequestsTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/SecurityRequestsTests.java
index 50bd8bdaff..51a93e9df2 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/SecurityRequestsTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/SecurityRequestsTests.java
@@ -133,4 +133,4 @@ public class SecurityRequestsTests {
 
 	}
 
-}
\ No newline at end of file
+}
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserAuthenticationTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserAuthenticationTests.java
index 528200ca45..16f496e187 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserAuthenticationTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserAuthenticationTests.java
@@ -111,4 +111,4 @@ public class WithUserAuthenticationTests {
 
 	}
 
-}
\ No newline at end of file
+}
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserClassLevelAuthenticationTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserClassLevelAuthenticationTests.java
index 9fd8215748..28573717c6 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserClassLevelAuthenticationTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserClassLevelAuthenticationTests.java
@@ -111,4 +111,4 @@ public class WithUserClassLevelAuthenticationTests {
 
 	}
 
-}
\ No newline at end of file
+}
diff --git a/web/src/main/java/org/springframework/security/web/authentication/logout/CompositeLogoutHandler.java b/web/src/main/java/org/springframework/security/web/authentication/logout/CompositeLogoutHandler.java
index 5150d63ab8..b092d80cf6 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/logout/CompositeLogoutHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/logout/CompositeLogoutHandler.java
@@ -55,4 +55,4 @@ public final class CompositeLogoutHandler implements LogoutHandler {
 		}
 	}
 
-}
\ No newline at end of file
+}
diff --git a/web/src/main/java/org/springframework/security/web/authentication/session/AbstractSessionFixationProtectionStrategy.java b/web/src/main/java/org/springframework/security/web/authentication/session/AbstractSessionFixationProtectionStrategy.java
index 6fb1ec0913..9db1525385 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/session/AbstractSessionFixationProtectionStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/session/AbstractSessionFixationProtectionStrategy.java
@@ -158,4 +158,4 @@ abstract class AbstractSessionFixationProtectionStrategy
 
 	}
 
-}
\ No newline at end of file
+}
diff --git a/web/src/main/java/org/springframework/security/web/authentication/session/CompositeSessionAuthenticationStrategy.java b/web/src/main/java/org/springframework/security/web/authentication/session/CompositeSessionAuthenticationStrategy.java
index 177385efd5..1dd95f714f 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/session/CompositeSessionAuthenticationStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/session/CompositeSessionAuthenticationStrategy.java
@@ -86,4 +86,4 @@ public class CompositeSessionAuthenticationStrategy implements SessionAuthentica
 		return getClass().getName() + " [delegateStrategies = " + this.delegateStrategies + "]";
 	}
 
-}
\ No newline at end of file
+}
diff --git a/web/src/main/java/org/springframework/security/web/context/request/async/WebAsyncManagerIntegrationFilter.java b/web/src/main/java/org/springframework/security/web/context/request/async/WebAsyncManagerIntegrationFilter.java
index 3c6c5fd9c1..bc0694bf9b 100644
--- a/web/src/main/java/org/springframework/security/web/context/request/async/WebAsyncManagerIntegrationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/context/request/async/WebAsyncManagerIntegrationFilter.java
@@ -56,4 +56,4 @@ public final class WebAsyncManagerIntegrationFilter extends OncePerRequestFilter
 		filterChain.doFilter(request, response);
 	}
 
-}
\ No newline at end of file
+}
diff --git a/web/src/main/java/org/springframework/security/web/csrf/CsrfException.java b/web/src/main/java/org/springframework/security/web/csrf/CsrfException.java
index 68f7c0ea1d..4b6fe7f3e6 100644
--- a/web/src/main/java/org/springframework/security/web/csrf/CsrfException.java
+++ b/web/src/main/java/org/springframework/security/web/csrf/CsrfException.java
@@ -30,4 +30,4 @@ public class CsrfException extends AccessDeniedException {
 		super(message);
 	}
 
-}
\ No newline at end of file
+}
diff --git a/web/src/main/java/org/springframework/security/web/csrf/CsrfLogoutHandler.java b/web/src/main/java/org/springframework/security/web/csrf/CsrfLogoutHandler.java
index 21c5788457..73d005a7d2 100644
--- a/web/src/main/java/org/springframework/security/web/csrf/CsrfLogoutHandler.java
+++ b/web/src/main/java/org/springframework/security/web/csrf/CsrfLogoutHandler.java
@@ -54,4 +54,4 @@ public final class CsrfLogoutHandler implements LogoutHandler {
 		this.csrfTokenRepository.saveToken(null, request, response);
 	}
 
-}
\ No newline at end of file
+}
diff --git a/web/src/main/java/org/springframework/security/web/csrf/CsrfToken.java b/web/src/main/java/org/springframework/security/web/csrf/CsrfToken.java
index 4056cda997..f497980dfc 100644
--- a/web/src/main/java/org/springframework/security/web/csrf/CsrfToken.java
+++ b/web/src/main/java/org/springframework/security/web/csrf/CsrfToken.java
@@ -47,4 +47,4 @@ public interface CsrfToken extends Serializable {
 	 */
 	String getToken();
 
-}
\ No newline at end of file
+}
diff --git a/web/src/main/java/org/springframework/security/web/csrf/InvalidCsrfTokenException.java b/web/src/main/java/org/springframework/security/web/csrf/InvalidCsrfTokenException.java
index 4a4c905140..fd371cfa41 100644
--- a/web/src/main/java/org/springframework/security/web/csrf/InvalidCsrfTokenException.java
+++ b/web/src/main/java/org/springframework/security/web/csrf/InvalidCsrfTokenException.java
@@ -37,4 +37,4 @@ public class InvalidCsrfTokenException extends CsrfException {
 				+ "'.");
 	}
 
-}
\ No newline at end of file
+}
diff --git a/web/src/main/java/org/springframework/security/web/csrf/MissingCsrfTokenException.java b/web/src/main/java/org/springframework/security/web/csrf/MissingCsrfTokenException.java
index 2b3503192e..6f50c1adf7 100644
--- a/web/src/main/java/org/springframework/security/web/csrf/MissingCsrfTokenException.java
+++ b/web/src/main/java/org/springframework/security/web/csrf/MissingCsrfTokenException.java
@@ -28,4 +28,4 @@ public class MissingCsrfTokenException extends CsrfException {
 		super("Could not verify the provided CSRF token because your session was not found.");
 	}
 
-}
\ No newline at end of file
+}
diff --git a/web/src/main/java/org/springframework/security/web/jaasapi/package-info.java b/web/src/main/java/org/springframework/security/web/jaasapi/package-info.java
index 18ecee9551..b87e8d14cd 100644
--- a/web/src/main/java/org/springframework/security/web/jaasapi/package-info.java
+++ b/web/src/main/java/org/springframework/security/web/jaasapi/package-info.java
@@ -19,4 +19,4 @@
  * To use, simply add the {@code JaasApiIntegrationFilter} to the Spring Security filter
  * chain.
  */
-package org.springframework.security.web.jaasapi;
\ No newline at end of file
+package org.springframework.security.web.jaasapi;
diff --git a/web/src/main/java/org/springframework/security/web/jackson2/package-info.java b/web/src/main/java/org/springframework/security/web/jackson2/package-info.java
index 4e8160838e..a23c20f153 100644
--- a/web/src/main/java/org/springframework/security/web/jackson2/package-info.java
+++ b/web/src/main/java/org/springframework/security/web/jackson2/package-info.java
@@ -19,4 +19,4 @@
  * @author Jitendra Singh
  * @since 4.2
  */
-package org.springframework.security.web.jackson2;
\ No newline at end of file
+package org.springframework.security.web.jackson2;
diff --git a/web/src/main/java/org/springframework/security/web/session/InvalidSessionAccessDeniedHandler.java b/web/src/main/java/org/springframework/security/web/session/InvalidSessionAccessDeniedHandler.java
index dab718fdc0..0c17383baf 100644
--- a/web/src/main/java/org/springframework/security/web/session/InvalidSessionAccessDeniedHandler.java
+++ b/web/src/main/java/org/springframework/security/web/session/InvalidSessionAccessDeniedHandler.java
@@ -50,4 +50,4 @@ public final class InvalidSessionAccessDeniedHandler implements AccessDeniedHand
 		this.invalidSessionStrategy.onInvalidSessionDetected(request, response);
 	}
 
-}
\ No newline at end of file
+}
diff --git a/web/src/main/java/org/springframework/security/web/util/matcher/AndRequestMatcher.java b/web/src/main/java/org/springframework/security/web/util/matcher/AndRequestMatcher.java
index 63e2db7ccf..39307db8ff 100644
--- a/web/src/main/java/org/springframework/security/web/util/matcher/AndRequestMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/util/matcher/AndRequestMatcher.java
@@ -78,4 +78,4 @@ public final class AndRequestMatcher implements RequestMatcher {
 		return "AndRequestMatcher [requestMatchers=" + this.requestMatchers + "]";
 	}
 
-}
\ No newline at end of file
+}
diff --git a/web/src/main/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcher.java b/web/src/main/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcher.java
index a0c91a5333..e9272c3f5a 100644
--- a/web/src/main/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcher.java
@@ -272,4 +272,4 @@ public final class MediaTypeRequestMatcher implements RequestMatcher {
 				+ ", ignoredMediaTypes=" + this.ignoredMediaTypes + "]";
 	}
 
-}
\ No newline at end of file
+}
diff --git a/web/src/main/java/org/springframework/security/web/util/matcher/NegatedRequestMatcher.java b/web/src/main/java/org/springframework/security/web/util/matcher/NegatedRequestMatcher.java
index cfc58f19a2..7bc8d41689 100644
--- a/web/src/main/java/org/springframework/security/web/util/matcher/NegatedRequestMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/util/matcher/NegatedRequestMatcher.java
@@ -60,4 +60,4 @@ public class NegatedRequestMatcher implements RequestMatcher {
 		return "NegatedRequestMatcher [requestMatcher=" + this.requestMatcher + "]";
 	}
 
-}
\ No newline at end of file
+}
diff --git a/web/src/main/java/org/springframework/security/web/util/matcher/OrRequestMatcher.java b/web/src/main/java/org/springframework/security/web/util/matcher/OrRequestMatcher.java
index 11c22c6a2b..7c0d3022f7 100644
--- a/web/src/main/java/org/springframework/security/web/util/matcher/OrRequestMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/util/matcher/OrRequestMatcher.java
@@ -78,4 +78,4 @@ public final class OrRequestMatcher implements RequestMatcher {
 		return "OrRequestMatcher [requestMatchers=" + this.requestMatchers + "]";
 	}
 
-}
\ No newline at end of file
+}
diff --git a/web/src/test/java/org/springframework/security/web/authentication/HttpStatusEntryPointTests.java b/web/src/test/java/org/springframework/security/web/authentication/HttpStatusEntryPointTests.java
index 2ad510a7ea..ca7ab99c49 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/HttpStatusEntryPointTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/HttpStatusEntryPointTests.java
@@ -61,4 +61,4 @@ public class HttpStatusEntryPointTests {
 		assertThat(this.response.getStatus()).isEqualTo(HttpStatus.UNAUTHORIZED.value());
 	}
 
-}
\ No newline at end of file
+}
diff --git a/web/src/test/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcherRequestHCNSTests.java b/web/src/test/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcherRequestHCNSTests.java
index 272203a039..ec7d9e6e88 100644
--- a/web/src/test/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcherRequestHCNSTests.java
+++ b/web/src/test/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcherRequestHCNSTests.java
@@ -152,4 +152,4 @@ public class MediaTypeRequestMatcherRequestHCNSTests {
 		assertThat(matcher.matches(this.request)).isFalse();
 	}
 
-}
\ No newline at end of file
+}

From 053af720a41c2cda08b0b977d886da127894e0ad Mon Sep 17 00:00:00 2001
From: Phillip Webb <pwebb@vmware.com>
Date: Mon, 27 Jul 2020 11:10:07 -0700
Subject: [PATCH 29/84] Ensure no whitespace before lines

Fix a few issues cause by the automatic formatting that meant additional
leading whitespace was present.

Issue gh-8945
---
 ...espaceLdapAuthenticationProviderTestsConfigs.java |  3 +--
 .../security/crypto/codec/Base64.java                | 12 ++++++------
 etc/checkstyle/checkstyle-suppressions.xml           |  3 +--
 3 files changed, 8 insertions(+), 10 deletions(-)

diff --git a/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/NamespaceLdapAuthenticationProviderTestsConfigs.java b/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/NamespaceLdapAuthenticationProviderTestsConfigs.java
index 6b07c6fa3d..33c7229c91 100644
--- a/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/NamespaceLdapAuthenticationProviderTestsConfigs.java
+++ b/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/NamespaceLdapAuthenticationProviderTestsConfigs.java
@@ -65,9 +65,8 @@ public class NamespaceLdapAuthenticationProviderTestsConfigs {
 						.managerDn("uid=admin,ou=system") // ldap-server@manager-dn
 						.managerPassword("secret") // ldap-server@manager-password
 						.port(33399) // ldap-server@port
-						.root("dc=springframework,dc=org") // ldap-server@root
+						.root("dc=springframework,dc=org"); // ldap-server@root
 						// .url("ldap://localhost:33389/dc-springframework,dc=org") this overrides root and port and is used for external
-						;
 			// @formatter:on
 		}
 
diff --git a/crypto/src/main/java/org/springframework/security/crypto/codec/Base64.java b/crypto/src/main/java/org/springframework/security/crypto/codec/Base64.java
index 9d41bddf07..f03951f696 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/codec/Base64.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/codec/Base64.java
@@ -110,8 +110,8 @@ public final class Base64 {
 			-9, -9, -9, -9, -9, -9, // Decimal 91 - 96
 			26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, // Letters 'a' through 'm'
 			39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, // Letters 'n' through 'z'
-			-9, -9, -9, -9, -9 // Decimal 123 - 127
-			, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, // Decimal 128 - 139
+			-9, -9, -9, -9, -9, // Decimal 123 - 127
+			-9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, // Decimal 128 - 139
 			-9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, // Decimal 140 - 152
 			-9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, // Decimal 153 - 165
 			-9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, // Decimal 166 - 178
@@ -171,8 +171,8 @@ public final class Base64 {
 			-9, // Decimal 96
 			26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, // Letters 'a' through 'm'
 			39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, // Letters 'n' through 'z'
-			-9, -9, -9, -9, -9 // Decimal 123 - 127
-			, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, // Decimal 128 - 139
+			-9, -9, -9, -9, -9, // Decimal 123 - 127
+			-9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, // Decimal 128 - 139
 			-9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, // Decimal 140 - 152
 			-9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, // Decimal 153 - 165
 			-9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, // Decimal 166 - 178
@@ -223,8 +223,8 @@ public final class Base64 {
 			-9, // Decimal 96
 			38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, // Letters 'a' through 'm'
 			51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, // Letters 'n' through 'z'
-			-9, -9, -9, -9, -9 // Decimal 123 - 127
-			, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, // Decimal 128 - 139
+			-9, -9, -9, -9, -9, // Decimal 123 - 127
+			-9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, // Decimal 128 - 139
 			-9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, // Decimal 140 - 152
 			-9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, // Decimal 153 - 165
 			-9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, // Decimal 166 - 178
diff --git a/etc/checkstyle/checkstyle-suppressions.xml b/etc/checkstyle/checkstyle-suppressions.xml
index 96f0bdc6b3..cfa6522e24 100644
--- a/etc/checkstyle/checkstyle-suppressions.xml
+++ b/etc/checkstyle/checkstyle-suppressions.xml
@@ -3,8 +3,6 @@
 		"-//Checkstyle//DTD SuppressionFilter Configuration 1.2//EN"
 		"https://checkstyle.org/dtds/suppressions_1_2.dtd">
 <suppressions>
-	<suppress files=".*" checks="NonEmptyAtclauseDescription" />
-	<suppress files=".*" checks="NoWhitespaceBefore" />
 	<suppress files=".*" checks="OneTopLevelClass" />
 	<suppress files=".*" checks="ParenPad" />
 	<suppress files=".*" checks="RedundantImport" />
@@ -27,6 +25,7 @@
 	<suppress files=".*" checks="JavadocTagContinuationIndentation" />
 	<suppress files=".*" checks="JavadocType" />
 	<suppress files=".*" checks="JavadocVariable" />
+	<suppress files=".*" checks="NonEmptyAtclauseDescription" />
 
 	<!-- Ignore third-party code -->
 	<suppress files="BCrypt\.java|BCryptTests\.java" checks=".*"/>

From f1cee9500f3b22d8b803100f4134bc799b9431c3 Mon Sep 17 00:00:00 2001
From: Phillip Webb <pwebb@vmware.com>
Date: Mon, 27 Jul 2020 11:28:04 -0700
Subject: [PATCH 30/84] Ensure classes are defined in their own files

Ensure that all classes are defined in their own files. Mostly classes
have been changed to inner-types.

Issue gh-8945
---
 .../aspect/AnnotationSecurityAspectTests.java | 100 +++---
 .../HttpSecurityBeanDefinitionParser.java     | 134 +++----
 ...th2ResourceServerBeanDefinitionParser.java | 313 ++++++++--------
 .../security/config/http/OrderDecorator.java  |  53 +++
 ...terceptMethodsBeanDefinitionDecorator.java | 103 +++---
 ...sourceServerBeanDefinitionParserTests.java |  10 +-
 ...curedAnnotationSecurityMetadataSource.java |  18 +-
 ...bstractSecurityExpressionHandlerTests.java |  20 +-
 .../security/util/FieldUtilsTests.java        |  24 +-
 .../security/crypto/codec/Base64.java         |   8 +-
 etc/checkstyle/checkstyle-suppressions.xml    |   1 -
 .../security/web/FilterInvocation.java        | 336 +++++++++---------
 .../security/web/debug/DebugFilter.java       |  44 +--
 .../security/web/FilterInvocationTests.java   |   1 +
 .../security/web/debug/DebugFilterTests.java  |   1 +
 15 files changed, 599 insertions(+), 567 deletions(-)
 create mode 100644 config/src/main/java/org/springframework/security/config/http/OrderDecorator.java

diff --git a/aspects/src/test/java/org/springframework/security/access/intercept/aspectj/aspect/AnnotationSecurityAspectTests.java b/aspects/src/test/java/org/springframework/security/access/intercept/aspectj/aspect/AnnotationSecurityAspectTests.java
index c8f8fc9802..9a6b63ddc8 100644
--- a/aspects/src/test/java/org/springframework/security/access/intercept/aspectj/aspect/AnnotationSecurityAspectTests.java
+++ b/aspects/src/test/java/org/springframework/security/access/intercept/aspectj/aspect/AnnotationSecurityAspectTests.java
@@ -161,65 +161,65 @@ public class AnnotationSecurityAspectTests {
 		this.interceptor.setAfterInvocationManager(aim);
 	}
 
-}
+	interface SecuredInterface {
 
-interface SecuredInterface {
+		@Secured("ROLE_X")
+		void securedMethod();
 
-	@Secured("ROLE_X")
-	void securedMethod();
-
-}
-
-class SecuredImpl implements SecuredInterface {
-
-	// Not really secured because AspectJ doesn't inherit annotations from interfaces
-	@Override
-	public void securedMethod() {
 	}
 
-	@Secured("ROLE_A")
-	public void securedClassMethod() {
+	static class SecuredImpl implements SecuredInterface {
+
+		// Not really secured because AspectJ doesn't inherit annotations from interfaces
+		@Override
+		public void securedMethod() {
+		}
+
+		@Secured("ROLE_A")
+		public void securedClassMethod() {
+		}
+
+		@Secured("ROLE_X")
+		private void privateMethod() {
+		}
+
+		@Secured("ROLE_X")
+		protected void protectedMethod() {
+		}
+
+		@Secured("ROLE_X")
+		public void publicCallsPrivate() {
+			privateMethod();
+		}
+
 	}
 
-	@Secured("ROLE_X")
-	private void privateMethod() {
+	static class SecuredImplSubclass extends SecuredImpl {
+
+		@Override
+		protected void protectedMethod() {
+		}
+
+		@Override
+		public void publicCallsPrivate() {
+			super.publicCallsPrivate();
+		}
+
 	}
 
-	@Secured("ROLE_X")
-	protected void protectedMethod() {
-	}
+	static class PrePostSecured {
+
+		@PreAuthorize("denyAll")
+		public void denyAllMethod() {
+		}
+
+		@PostFilter("filterObject.startsWith('a')")
+		public List<String> postFilterMethod() {
+			ArrayList<String> objects = new ArrayList<>();
+			objects.addAll(Arrays.asList(new String[] { "apple", "banana", "aubergine", "orange" }));
+			return objects;
+		}
 
-	@Secured("ROLE_X")
-	public void publicCallsPrivate() {
-		privateMethod();
-	}
-
-}
-
-class SecuredImplSubclass extends SecuredImpl {
-
-	@Override
-	protected void protectedMethod() {
-	}
-
-	@Override
-	public void publicCallsPrivate() {
-		super.publicCallsPrivate();
-	}
-
-}
-
-class PrePostSecured {
-
-	@PreAuthorize("denyAll")
-	public void denyAllMethod() {
-	}
-
-	@PostFilter("filterObject.startsWith('a')")
-	public List<String> postFilterMethod() {
-		ArrayList<String> objects = new ArrayList<>();
-		objects.addAll(Arrays.asList(new String[] { "apple", "banana", "aubergine", "orange" }));
-		return objects;
 	}
 
 }
diff --git a/config/src/main/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParser.java
index 9ffa600d88..c43d1b3903 100644
--- a/config/src/main/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParser.java
@@ -42,7 +42,6 @@ import org.springframework.beans.factory.support.RootBeanDefinition;
 import org.springframework.beans.factory.xml.BeanDefinitionParser;
 import org.springframework.beans.factory.xml.ParserContext;
 import org.springframework.core.OrderComparator;
-import org.springframework.core.Ordered;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.DefaultAuthenticationEventPublisher;
 import org.springframework.security.authentication.ProviderManager;
@@ -399,97 +398,70 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
 		registry.registerBeanDefinition(requestRejectedPostProcessorName, requestRejectedBean);
 	}
 
-}
+	static class RequestRejectedHandlerPostProcessor implements BeanDefinitionRegistryPostProcessor {
 
-class RequestRejectedHandlerPostProcessor implements BeanDefinitionRegistryPostProcessor {
+		private final String beanName;
 
-	private final String beanName;
+		private final String targetBeanName;
 
-	private final String targetBeanName;
+		private final String targetPropertyName;
 
-	private final String targetPropertyName;
-
-	RequestRejectedHandlerPostProcessor(String beanName, String targetBeanName, String targetPropertyName) {
-		this.beanName = beanName;
-		this.targetBeanName = targetBeanName;
-		this.targetPropertyName = targetPropertyName;
-	}
-
-	@Override
-	public void postProcessBeanDefinitionRegistry(BeanDefinitionRegistry registry) throws BeansException {
-		if (registry.containsBeanDefinition(this.beanName)) {
-			BeanDefinition beanDefinition = registry.getBeanDefinition(this.targetBeanName);
-			beanDefinition.getPropertyValues().add(this.targetPropertyName, new RuntimeBeanReference(this.beanName));
+		RequestRejectedHandlerPostProcessor(String beanName, String targetBeanName, String targetPropertyName) {
+			this.beanName = beanName;
+			this.targetBeanName = targetBeanName;
+			this.targetPropertyName = targetPropertyName;
 		}
-	}
 
-	@Override
-	public void postProcessBeanFactory(ConfigurableListableBeanFactory beanFactory) throws BeansException {
-
-	}
-
-}
-
-class OrderDecorator implements Ordered {
-
-	final BeanMetadataElement bean;
-
-	final int order;
-
-	OrderDecorator(BeanMetadataElement bean, SecurityFilters filterOrder) {
-		this.bean = bean;
-		this.order = filterOrder.getOrder();
-	}
-
-	OrderDecorator(BeanMetadataElement bean, int order) {
-		this.bean = bean;
-		this.order = order;
-	}
-
-	@Override
-	public int getOrder() {
-		return this.order;
-	}
-
-	@Override
-	public String toString() {
-		return this.bean + ", order = " + this.order;
-	}
-
-}
-
-/**
- * Custom {@link MethodInvokingFactoryBean} that is specifically used for looking up the
- * child {@link ProviderManager} value for
- * {@link ProviderManager#setEraseCredentialsAfterAuthentication(boolean)} given the
- * parent {@link AuthenticationManager}. This is necessary because the parent
- * {@link AuthenticationManager} might not be a {@link ProviderManager}.
- *
- * @author Rob Winch
- */
-final class ClearCredentialsMethodInvokingFactoryBean extends MethodInvokingFactoryBean {
-
-	@Override
-	public void afterPropertiesSet() throws Exception {
-		boolean isTargetProviderManager = getTargetObject() instanceof ProviderManager;
-		if (!isTargetProviderManager) {
-			setTargetObject(this);
+		@Override
+		public void postProcessBeanDefinitionRegistry(BeanDefinitionRegistry registry) throws BeansException {
+			if (registry.containsBeanDefinition(this.beanName)) {
+				BeanDefinition beanDefinition = registry.getBeanDefinition(this.targetBeanName);
+				beanDefinition.getPropertyValues().add(this.targetPropertyName,
+						new RuntimeBeanReference(this.beanName));
+			}
 		}
-		super.afterPropertiesSet();
+
+		@Override
+		public void postProcessBeanFactory(ConfigurableListableBeanFactory beanFactory) throws BeansException {
+
+		}
+
 	}
 
 	/**
-	 * The default value if the target object is not a ProviderManager is false. We use
-	 * false because this feature is associated with {@link ProviderManager} not
-	 * {@link AuthenticationManager}. If the user wants to leverage
-	 * {@link ProviderManager#setEraseCredentialsAfterAuthentication(boolean)} their
-	 * original {@link AuthenticationManager} must be a {@link ProviderManager} (we should
-	 * not magically add this functionality to their implementation since we cannot
-	 * determine if it should be on or off).
-	 * @return
+	 * Custom {@link MethodInvokingFactoryBean} that is specifically used for looking up
+	 * the child {@link ProviderManager} value for
+	 * {@link ProviderManager#setEraseCredentialsAfterAuthentication(boolean)} given the
+	 * parent {@link AuthenticationManager}. This is necessary because the parent
+	 * {@link AuthenticationManager} might not be a {@link ProviderManager}.
+	 *
+	 * @author Rob Winch
 	 */
-	public boolean isEraseCredentialsAfterAuthentication() {
-		return false;
+	static final class ClearCredentialsMethodInvokingFactoryBean extends MethodInvokingFactoryBean {
+
+		@Override
+		public void afterPropertiesSet() throws Exception {
+			boolean isTargetProviderManager = getTargetObject() instanceof ProviderManager;
+			if (!isTargetProviderManager) {
+				setTargetObject(this);
+			}
+			super.afterPropertiesSet();
+		}
+
+		/**
+		 * The default value if the target object is not a ProviderManager is false. We
+		 * use false because this feature is associated with {@link ProviderManager} not
+		 * {@link AuthenticationManager}. If the user wants to leverage
+		 * {@link ProviderManager#setEraseCredentialsAfterAuthentication(boolean)} their
+		 * original {@link AuthenticationManager} must be a {@link ProviderManager} (we
+		 * should not magically add this functionality to their implementation since we
+		 * cannot determine if it should be on or off).
+		 * @return
+		 */
+		public boolean isEraseCredentialsAfterAuthentication() {
+			return false;
+		}
+
 	}
 
 }
diff --git a/config/src/main/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParser.java
index ef79bc4c64..5c7358ab73 100644
--- a/config/src/main/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParser.java
@@ -196,177 +196,178 @@ final class OAuth2ResourceServerBeanDefinitionParser implements BeanDefinitionPa
 		}
 	}
 
-}
+	static final class JwtBeanDefinitionParser implements BeanDefinitionParser {
 
-final class JwtBeanDefinitionParser implements BeanDefinitionParser {
+		static final String DECODER_REF = "decoder-ref";
+		static final String JWK_SET_URI = "jwk-set-uri";
+		static final String JWT_AUTHENTICATION_CONVERTER_REF = "jwt-authentication-converter-ref";
+		static final String JWT_AUTHENTICATION_CONVERTER = "jwtAuthenticationConverter";
 
-	static final String DECODER_REF = "decoder-ref";
-	static final String JWK_SET_URI = "jwk-set-uri";
-	static final String JWT_AUTHENTICATION_CONVERTER_REF = "jwt-authentication-converter-ref";
-	static final String JWT_AUTHENTICATION_CONVERTER = "jwtAuthenticationConverter";
+		@Override
+		public BeanDefinition parse(Element element, ParserContext pc) {
+			validateConfiguration(element, pc);
 
-	@Override
-	public BeanDefinition parse(Element element, ParserContext pc) {
-		validateConfiguration(element, pc);
+			BeanDefinitionBuilder jwtProviderBuilder = BeanDefinitionBuilder
+					.rootBeanDefinition(JwtAuthenticationProvider.class);
+			jwtProviderBuilder.addConstructorArgValue(getDecoder(element));
+			jwtProviderBuilder.addPropertyValue(JWT_AUTHENTICATION_CONVERTER, getJwtAuthenticationConverter(element));
 
-		BeanDefinitionBuilder jwtProviderBuilder = BeanDefinitionBuilder
-				.rootBeanDefinition(JwtAuthenticationProvider.class);
-		jwtProviderBuilder.addConstructorArgValue(getDecoder(element));
-		jwtProviderBuilder.addPropertyValue(JWT_AUTHENTICATION_CONVERTER, getJwtAuthenticationConverter(element));
-
-		return jwtProviderBuilder.getBeanDefinition();
-	}
-
-	void validateConfiguration(Element element, ParserContext pc) {
-		boolean usesDecoder = element.hasAttribute(DECODER_REF);
-		boolean usesJwkSetUri = element.hasAttribute(JWK_SET_URI);
-
-		if (usesDecoder == usesJwkSetUri) {
-			pc.getReaderContext().error("Please specify either decoder-ref or jwk-set-uri.", element);
-		}
-	}
-
-	Object getDecoder(Element element) {
-		String decoderRef = element.getAttribute(DECODER_REF);
-		if (!StringUtils.isEmpty(decoderRef)) {
-			return new RuntimeBeanReference(decoderRef);
+			return jwtProviderBuilder.getBeanDefinition();
 		}
 
-		BeanDefinitionBuilder builder = BeanDefinitionBuilder
-				.rootBeanDefinition(NimbusJwtDecoderJwkSetUriFactoryBean.class);
-		builder.addConstructorArgValue(element.getAttribute(JWK_SET_URI));
-		return builder.getBeanDefinition();
-	}
+		void validateConfiguration(Element element, ParserContext pc) {
+			boolean usesDecoder = element.hasAttribute(DECODER_REF);
+			boolean usesJwkSetUri = element.hasAttribute(JWK_SET_URI);
 
-	Object getJwtAuthenticationConverter(Element element) {
-		String jwtDecoderRef = element.getAttribute(JWT_AUTHENTICATION_CONVERTER_REF);
-		if (!StringUtils.isEmpty(jwtDecoderRef)) {
-			return new RuntimeBeanReference(jwtDecoderRef);
-		}
-
-		return new JwtAuthenticationConverter();
-	}
-
-	JwtBeanDefinitionParser() {
-	}
-
-}
-
-final class OpaqueTokenBeanDefinitionParser implements BeanDefinitionParser {
-
-	static final String INTROSPECTOR_REF = "introspector-ref";
-	static final String INTROSPECTION_URI = "introspection-uri";
-	static final String CLIENT_ID = "client-id";
-	static final String CLIENT_SECRET = "client-secret";
-
-	@Override
-	public BeanDefinition parse(Element element, ParserContext pc) {
-		validateConfiguration(element, pc);
-
-		BeanMetadataElement introspector = getIntrospector(element);
-		BeanDefinitionBuilder opaqueTokenProviderBuilder = BeanDefinitionBuilder
-				.rootBeanDefinition(OpaqueTokenAuthenticationProvider.class);
-		opaqueTokenProviderBuilder.addConstructorArgValue(introspector);
-
-		return opaqueTokenProviderBuilder.getBeanDefinition();
-	}
-
-	void validateConfiguration(Element element, ParserContext pc) {
-		boolean usesIntrospector = element.hasAttribute(INTROSPECTOR_REF);
-		boolean usesEndpoint = element.hasAttribute(INTROSPECTION_URI) || element.hasAttribute(CLIENT_ID)
-				|| element.hasAttribute(CLIENT_SECRET);
-
-		if (usesIntrospector == usesEndpoint) {
-			pc.getReaderContext().error("Please specify either introspector-ref or all of "
-					+ "introspection-uri, client-id, and client-secret.", element);
-			return;
-		}
-
-		if (usesEndpoint) {
-			if (!(element.hasAttribute(INTROSPECTION_URI) && element.hasAttribute(CLIENT_ID)
-					&& element.hasAttribute(CLIENT_SECRET))) {
-				pc.getReaderContext().error("Please specify introspection-uri, client-id, and client-secret together",
-						element);
+			if (usesDecoder == usesJwkSetUri) {
+				pc.getReaderContext().error("Please specify either decoder-ref or jwk-set-uri.", element);
 			}
 		}
-	}
 
-	BeanMetadataElement getIntrospector(Element element) {
-		String introspectorRef = element.getAttribute(INTROSPECTOR_REF);
-		if (!StringUtils.isEmpty(introspectorRef)) {
-			return new RuntimeBeanReference(introspectorRef);
+		Object getDecoder(Element element) {
+			String decoderRef = element.getAttribute(DECODER_REF);
+			if (!StringUtils.isEmpty(decoderRef)) {
+				return new RuntimeBeanReference(decoderRef);
+			}
+
+			BeanDefinitionBuilder builder = BeanDefinitionBuilder
+					.rootBeanDefinition(NimbusJwtDecoderJwkSetUriFactoryBean.class);
+			builder.addConstructorArgValue(element.getAttribute(JWK_SET_URI));
+			return builder.getBeanDefinition();
 		}
 
-		String introspectionUri = element.getAttribute(INTROSPECTION_URI);
-		String clientId = element.getAttribute(CLIENT_ID);
-		String clientSecret = element.getAttribute(CLIENT_SECRET);
+		Object getJwtAuthenticationConverter(Element element) {
+			String jwtDecoderRef = element.getAttribute(JWT_AUTHENTICATION_CONVERTER_REF);
+			if (!StringUtils.isEmpty(jwtDecoderRef)) {
+				return new RuntimeBeanReference(jwtDecoderRef);
+			}
 
-		BeanDefinitionBuilder introspectorBuilder = BeanDefinitionBuilder
-				.rootBeanDefinition(NimbusOpaqueTokenIntrospector.class);
-		introspectorBuilder.addConstructorArgValue(introspectionUri);
-		introspectorBuilder.addConstructorArgValue(clientId);
-		introspectorBuilder.addConstructorArgValue(clientSecret);
-
-		return introspectorBuilder.getBeanDefinition();
-	}
-
-	OpaqueTokenBeanDefinitionParser() {
-	}
-
-}
-
-final class StaticAuthenticationManagerResolver implements AuthenticationManagerResolver<HttpServletRequest> {
-
-	private final AuthenticationManager authenticationManager;
-
-	StaticAuthenticationManagerResolver(AuthenticationManager authenticationManager) {
-		this.authenticationManager = authenticationManager;
-	}
-
-	@Override
-	public AuthenticationManager resolve(HttpServletRequest context) {
-		return this.authenticationManager;
-	}
-
-}
-
-final class NimbusJwtDecoderJwkSetUriFactoryBean implements FactoryBean<JwtDecoder> {
-
-	private final String jwkSetUri;
-
-	NimbusJwtDecoderJwkSetUriFactoryBean(String jwkSetUri) {
-		this.jwkSetUri = jwkSetUri;
-	}
-
-	@Override
-	public JwtDecoder getObject() {
-		return NimbusJwtDecoder.withJwkSetUri(this.jwkSetUri).build();
-	}
-
-	@Override
-	public Class<?> getObjectType() {
-		return JwtDecoder.class;
-	}
-
-}
-
-final class BearerTokenRequestMatcher implements RequestMatcher {
-
-	private final BearerTokenResolver bearerTokenResolver;
-
-	BearerTokenRequestMatcher(BearerTokenResolver bearerTokenResolver) {
-		Assert.notNull(bearerTokenResolver, "bearerTokenResolver cannot be null");
-		this.bearerTokenResolver = bearerTokenResolver;
-	}
-
-	@Override
-	public boolean matches(HttpServletRequest request) {
-		try {
-			return this.bearerTokenResolver.resolve(request) != null;
+			return new JwtAuthenticationConverter();
 		}
-		catch (OAuth2AuthenticationException e) {
-			return false;
+
+		JwtBeanDefinitionParser() {
 		}
+
+	}
+
+	static final class OpaqueTokenBeanDefinitionParser implements BeanDefinitionParser {
+
+		static final String INTROSPECTOR_REF = "introspector-ref";
+		static final String INTROSPECTION_URI = "introspection-uri";
+		static final String CLIENT_ID = "client-id";
+		static final String CLIENT_SECRET = "client-secret";
+
+		@Override
+		public BeanDefinition parse(Element element, ParserContext pc) {
+			validateConfiguration(element, pc);
+
+			BeanMetadataElement introspector = getIntrospector(element);
+			BeanDefinitionBuilder opaqueTokenProviderBuilder = BeanDefinitionBuilder
+					.rootBeanDefinition(OpaqueTokenAuthenticationProvider.class);
+			opaqueTokenProviderBuilder.addConstructorArgValue(introspector);
+
+			return opaqueTokenProviderBuilder.getBeanDefinition();
+		}
+
+		void validateConfiguration(Element element, ParserContext pc) {
+			boolean usesIntrospector = element.hasAttribute(INTROSPECTOR_REF);
+			boolean usesEndpoint = element.hasAttribute(INTROSPECTION_URI) || element.hasAttribute(CLIENT_ID)
+					|| element.hasAttribute(CLIENT_SECRET);
+
+			if (usesIntrospector == usesEndpoint) {
+				pc.getReaderContext().error("Please specify either introspector-ref or all of "
+						+ "introspection-uri, client-id, and client-secret.", element);
+				return;
+			}
+
+			if (usesEndpoint) {
+				if (!(element.hasAttribute(INTROSPECTION_URI) && element.hasAttribute(CLIENT_ID)
+						&& element.hasAttribute(CLIENT_SECRET))) {
+					pc.getReaderContext()
+							.error("Please specify introspection-uri, client-id, and client-secret together", element);
+				}
+			}
+		}
+
+		BeanMetadataElement getIntrospector(Element element) {
+			String introspectorRef = element.getAttribute(INTROSPECTOR_REF);
+			if (!StringUtils.isEmpty(introspectorRef)) {
+				return new RuntimeBeanReference(introspectorRef);
+			}
+
+			String introspectionUri = element.getAttribute(INTROSPECTION_URI);
+			String clientId = element.getAttribute(CLIENT_ID);
+			String clientSecret = element.getAttribute(CLIENT_SECRET);
+
+			BeanDefinitionBuilder introspectorBuilder = BeanDefinitionBuilder
+					.rootBeanDefinition(NimbusOpaqueTokenIntrospector.class);
+			introspectorBuilder.addConstructorArgValue(introspectionUri);
+			introspectorBuilder.addConstructorArgValue(clientId);
+			introspectorBuilder.addConstructorArgValue(clientSecret);
+
+			return introspectorBuilder.getBeanDefinition();
+		}
+
+		OpaqueTokenBeanDefinitionParser() {
+		}
+
+	}
+
+	static final class StaticAuthenticationManagerResolver
+			implements AuthenticationManagerResolver<HttpServletRequest> {
+
+		private final AuthenticationManager authenticationManager;
+
+		StaticAuthenticationManagerResolver(AuthenticationManager authenticationManager) {
+			this.authenticationManager = authenticationManager;
+		}
+
+		@Override
+		public AuthenticationManager resolve(HttpServletRequest context) {
+			return this.authenticationManager;
+		}
+
+	}
+
+	static final class NimbusJwtDecoderJwkSetUriFactoryBean implements FactoryBean<JwtDecoder> {
+
+		private final String jwkSetUri;
+
+		NimbusJwtDecoderJwkSetUriFactoryBean(String jwkSetUri) {
+			this.jwkSetUri = jwkSetUri;
+		}
+
+		@Override
+		public JwtDecoder getObject() {
+			return NimbusJwtDecoder.withJwkSetUri(this.jwkSetUri).build();
+		}
+
+		@Override
+		public Class<?> getObjectType() {
+			return JwtDecoder.class;
+		}
+
+	}
+
+	static final class BearerTokenRequestMatcher implements RequestMatcher {
+
+		private final BearerTokenResolver bearerTokenResolver;
+
+		BearerTokenRequestMatcher(BearerTokenResolver bearerTokenResolver) {
+			Assert.notNull(bearerTokenResolver, "bearerTokenResolver cannot be null");
+			this.bearerTokenResolver = bearerTokenResolver;
+		}
+
+		@Override
+		public boolean matches(HttpServletRequest request) {
+			try {
+				return this.bearerTokenResolver.resolve(request) != null;
+			}
+			catch (OAuth2AuthenticationException e) {
+				return false;
+			}
+		}
+
 	}
 
 }
diff --git a/config/src/main/java/org/springframework/security/config/http/OrderDecorator.java b/config/src/main/java/org/springframework/security/config/http/OrderDecorator.java
new file mode 100644
index 0000000000..3b14abaf8d
--- /dev/null
+++ b/config/src/main/java/org/springframework/security/config/http/OrderDecorator.java
@@ -0,0 +1,53 @@
+/*
+ * Copyright 2020 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.security.config.http;
+
+import org.springframework.beans.BeanMetadataElement;
+import org.springframework.core.Ordered;
+
+/**
+ * Wrapper to provide ordering to a {@link BeanMetadataElement}.
+ *
+ * @author Rob Winch
+ */
+class OrderDecorator implements Ordered {
+
+	final BeanMetadataElement bean;
+
+	final int order;
+
+	OrderDecorator(BeanMetadataElement bean, SecurityFilters filterOrder) {
+		this.bean = bean;
+		this.order = filterOrder.getOrder();
+	}
+
+	OrderDecorator(BeanMetadataElement bean, int order) {
+		this.bean = bean;
+		this.order = order;
+	}
+
+	@Override
+	public int getOrder() {
+		return this.order;
+	}
+
+	@Override
+	public String toString() {
+		return this.bean + ", order = " + this.order;
+	}
+
+}
diff --git a/config/src/main/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecorator.java b/config/src/main/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecorator.java
index 3d7fcb0223..9c24b37c15 100644
--- a/config/src/main/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecorator.java
+++ b/config/src/main/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecorator.java
@@ -55,66 +55,69 @@ public class InterceptMethodsBeanDefinitionDecorator implements BeanDefinitionDe
 		return this.delegate.decorate(node, definition, parserContext);
 	}
 
-}
+	/**
+	 * This is the real class which does the work. We need access to the ParserContext in
+	 * order to do bean registration.
+	 */
+	static class InternalInterceptMethodsBeanDefinitionDecorator
+			extends AbstractInterceptorDrivenBeanDefinitionDecorator {
 
-/**
- * This is the real class which does the work. We need access to the ParserContext in
- * order to do bean registration.
- */
-class InternalInterceptMethodsBeanDefinitionDecorator extends AbstractInterceptorDrivenBeanDefinitionDecorator {
+		static final String ATT_METHOD = "method";
+		static final String ATT_ACCESS = "access";
 
-	static final String ATT_METHOD = "method";
-	static final String ATT_ACCESS = "access";
+		private static final String ATT_ACCESS_MGR = "access-decision-manager-ref";
 
-	private static final String ATT_ACCESS_MGR = "access-decision-manager-ref";
+		@Override
+		protected BeanDefinition createInterceptorDefinition(Node node) {
+			Element interceptMethodsElt = (Element) node;
+			BeanDefinitionBuilder interceptor = BeanDefinitionBuilder
+					.rootBeanDefinition(MethodSecurityInterceptor.class);
 
-	@Override
-	protected BeanDefinition createInterceptorDefinition(Node node) {
-		Element interceptMethodsElt = (Element) node;
-		BeanDefinitionBuilder interceptor = BeanDefinitionBuilder.rootBeanDefinition(MethodSecurityInterceptor.class);
+			// Default to autowiring to pick up after invocation mgr
+			interceptor.setAutowireMode(AbstractBeanDefinition.AUTOWIRE_BY_TYPE);
 
-		// Default to autowiring to pick up after invocation mgr
-		interceptor.setAutowireMode(AbstractBeanDefinition.AUTOWIRE_BY_TYPE);
+			String accessManagerId = interceptMethodsElt.getAttribute(ATT_ACCESS_MGR);
 
-		String accessManagerId = interceptMethodsElt.getAttribute(ATT_ACCESS_MGR);
-
-		if (!StringUtils.hasText(accessManagerId)) {
-			accessManagerId = BeanIds.METHOD_ACCESS_MANAGER;
-		}
-
-		interceptor.addPropertyValue("accessDecisionManager", new RuntimeBeanReference(accessManagerId));
-		interceptor.addPropertyValue("authenticationManager", new RuntimeBeanReference(BeanIds.AUTHENTICATION_MANAGER));
-
-		// Lookup parent bean information
-
-		String parentBeanClass = ((Element) node.getParentNode()).getAttribute("class");
-
-		// Parse the included methods
-		List<Element> methods = DomUtils.getChildElementsByTagName(interceptMethodsElt, Elements.PROTECT);
-		Map<String, BeanDefinition> mappings = new ManagedMap<>();
-
-		for (Element protectmethodElt : methods) {
-			BeanDefinitionBuilder attributeBuilder = BeanDefinitionBuilder.rootBeanDefinition(SecurityConfig.class);
-			attributeBuilder.setFactoryMethod("createListFromCommaDelimitedString");
-			attributeBuilder.addConstructorArgValue(protectmethodElt.getAttribute(ATT_ACCESS));
-
-			// Support inference of class names
-			String methodName = protectmethodElt.getAttribute(ATT_METHOD);
-
-			if (methodName.lastIndexOf(".") == -1) {
-				if (parentBeanClass != null && !"".equals(parentBeanClass)) {
-					methodName = parentBeanClass + "." + methodName;
-				}
+			if (!StringUtils.hasText(accessManagerId)) {
+				accessManagerId = BeanIds.METHOD_ACCESS_MANAGER;
 			}
 
-			mappings.put(methodName, attributeBuilder.getBeanDefinition());
+			interceptor.addPropertyValue("accessDecisionManager", new RuntimeBeanReference(accessManagerId));
+			interceptor.addPropertyValue("authenticationManager",
+					new RuntimeBeanReference(BeanIds.AUTHENTICATION_MANAGER));
+
+			// Lookup parent bean information
+
+			String parentBeanClass = ((Element) node.getParentNode()).getAttribute("class");
+
+			// Parse the included methods
+			List<Element> methods = DomUtils.getChildElementsByTagName(interceptMethodsElt, Elements.PROTECT);
+			Map<String, BeanDefinition> mappings = new ManagedMap<>();
+
+			for (Element protectmethodElt : methods) {
+				BeanDefinitionBuilder attributeBuilder = BeanDefinitionBuilder.rootBeanDefinition(SecurityConfig.class);
+				attributeBuilder.setFactoryMethod("createListFromCommaDelimitedString");
+				attributeBuilder.addConstructorArgValue(protectmethodElt.getAttribute(ATT_ACCESS));
+
+				// Support inference of class names
+				String methodName = protectmethodElt.getAttribute(ATT_METHOD);
+
+				if (methodName.lastIndexOf(".") == -1) {
+					if (parentBeanClass != null && !"".equals(parentBeanClass)) {
+						methodName = parentBeanClass + "." + methodName;
+					}
+				}
+
+				mappings.put(methodName, attributeBuilder.getBeanDefinition());
+			}
+
+			BeanDefinition metadataSource = new RootBeanDefinition(MapBasedMethodSecurityMetadataSource.class);
+			metadataSource.getConstructorArgumentValues().addGenericArgumentValue(mappings);
+			interceptor.addPropertyValue("securityMetadataSource", metadataSource);
+
+			return interceptor.getBeanDefinition();
 		}
 
-		BeanDefinition metadataSource = new RootBeanDefinition(MapBasedMethodSecurityMetadataSource.class);
-		metadataSource.getConstructorArgumentValues().addGenericArgumentValue(mappings);
-		interceptor.addPropertyValue("securityMetadataSource", metadataSource);
-
-		return interceptor.getBeanDefinition();
 	}
 
 }
diff --git a/config/src/test/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParserTests.java
index 66e957d0a7..c753c8d1a6 100644
--- a/config/src/test/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParserTests.java
@@ -68,6 +68,8 @@ import org.springframework.http.MediaType;
 import org.springframework.http.RequestEntity;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.authentication.AuthenticationManagerResolver;
+import org.springframework.security.config.http.OAuth2ResourceServerBeanDefinitionParser.JwtBeanDefinitionParser;
+import org.springframework.security.config.http.OAuth2ResourceServerBeanDefinitionParser.OpaqueTokenBeanDefinitionParser;
 import org.springframework.security.config.test.SpringTestRule;
 import org.springframework.security.oauth2.core.OAuth2Error;
 import org.springframework.security.oauth2.core.OAuth2TokenValidator;
@@ -103,11 +105,11 @@ import static org.mockito.Mockito.reset;
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
 import static org.powermock.api.mockito.PowerMockito.when;
-import static org.springframework.security.config.http.JwtBeanDefinitionParser.DECODER_REF;
-import static org.springframework.security.config.http.JwtBeanDefinitionParser.JWK_SET_URI;
 import static org.springframework.security.config.http.OAuth2ResourceServerBeanDefinitionParser.AUTHENTICATION_MANAGER_RESOLVER_REF;
-import static org.springframework.security.config.http.OpaqueTokenBeanDefinitionParser.INTROSPECTION_URI;
-import static org.springframework.security.config.http.OpaqueTokenBeanDefinitionParser.INTROSPECTOR_REF;
+import static org.springframework.security.config.http.OAuth2ResourceServerBeanDefinitionParser.JwtBeanDefinitionParser.DECODER_REF;
+import static org.springframework.security.config.http.OAuth2ResourceServerBeanDefinitionParser.JwtBeanDefinitionParser.JWK_SET_URI;
+import static org.springframework.security.config.http.OAuth2ResourceServerBeanDefinitionParser.OpaqueTokenBeanDefinitionParser.INTROSPECTION_URI;
+import static org.springframework.security.config.http.OAuth2ResourceServerBeanDefinitionParser.OpaqueTokenBeanDefinitionParser.INTROSPECTOR_REF;
 import static org.springframework.security.oauth2.jwt.JwtClaimNames.ISS;
 import static org.springframework.security.oauth2.jwt.JwtClaimNames.SUB;
 import static org.springframework.security.oauth2.jwt.TestJwts.jwt;
diff --git a/core/src/main/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSource.java b/core/src/main/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSource.java
index ab6fc143b7..903e91b4a2 100644
--- a/core/src/main/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSource.java
+++ b/core/src/main/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSource.java
@@ -82,20 +82,20 @@ public class SecuredAnnotationSecurityMetadataSource extends AbstractFallbackMet
 		return this.annotationExtractor.extractAttributes(a);
 	}
 
-}
+	static class SecuredAnnotationMetadataExtractor implements AnnotationMetadataExtractor<Secured> {
 
-class SecuredAnnotationMetadataExtractor implements AnnotationMetadataExtractor<Secured> {
+		@Override
+		public Collection<ConfigAttribute> extractAttributes(Secured secured) {
+			String[] attributeTokens = secured.value();
+			List<ConfigAttribute> attributes = new ArrayList<>(attributeTokens.length);
 
-	@Override
-	public Collection<ConfigAttribute> extractAttributes(Secured secured) {
-		String[] attributeTokens = secured.value();
-		List<ConfigAttribute> attributes = new ArrayList<>(attributeTokens.length);
+			for (String token : attributeTokens) {
+				attributes.add(new SecurityConfig(token));
+			}
 
-		for (String token : attributeTokens) {
-			attributes.add(new SecurityConfig(token));
+			return attributes;
 		}
 
-		return attributes;
 	}
 
 }
diff --git a/core/src/test/java/org/springframework/security/access/expression/AbstractSecurityExpressionHandlerTests.java b/core/src/test/java/org/springframework/security/access/expression/AbstractSecurityExpressionHandlerTests.java
index 259474e668..9d20cc5efa 100644
--- a/core/src/test/java/org/springframework/security/access/expression/AbstractSecurityExpressionHandlerTests.java
+++ b/core/src/test/java/org/springframework/security/access/expression/AbstractSecurityExpressionHandlerTests.java
@@ -69,19 +69,19 @@ public class AbstractSecurityExpressionHandlerTests {
 		assertThat(parser == this.handler.getExpressionParser()).isTrue();
 	}
 
-}
+	@Configuration
+	static class TestConfiguration {
 
-@Configuration
-class TestConfiguration {
+		@Bean
+		Integer number10() {
+			return 10;
+		}
 
-	@Bean
-	Integer number10() {
-		return 10;
-	}
+		@Bean
+		Integer number20() {
+			return 20;
+		}
 
-	@Bean
-	Integer number20() {
-		return 20;
 	}
 
 }
diff --git a/core/src/test/java/org/springframework/security/util/FieldUtilsTests.java b/core/src/test/java/org/springframework/security/util/FieldUtilsTests.java
index bf5fe9e788..c2b84381ae 100644
--- a/core/src/test/java/org/springframework/security/util/FieldUtilsTests.java
+++ b/core/src/test/java/org/springframework/security/util/FieldUtilsTests.java
@@ -42,20 +42,20 @@ public class FieldUtilsTests {
 		}
 	}
 
-}
+	@SuppressWarnings("unused")
+	static class TestClass {
 
-@SuppressWarnings("unused")
-class TestClass {
+		private String protectedField = "x";
 
-	private String protectedField = "x";
+		private Nested nested = new Nested();
 
-	private Nested nested = new Nested();
-
-}
-
-@SuppressWarnings("unused")
-class Nested {
-
-	private String protectedField = "z";
+	}
+
+	@SuppressWarnings("unused")
+	static class Nested {
+
+		private String protectedField = "z";
+
+	}
 
 }
diff --git a/crypto/src/main/java/org/springframework/security/crypto/codec/Base64.java b/crypto/src/main/java/org/springframework/security/crypto/codec/Base64.java
index f03951f696..b29021dc07 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/codec/Base64.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/codec/Base64.java
@@ -611,12 +611,12 @@ public final class Base64 {
 		return out;
 	}
 
-}
+	static class InvalidBase64CharacterException extends IllegalArgumentException {
 
-class InvalidBase64CharacterException extends IllegalArgumentException {
+		InvalidBase64CharacterException(String message) {
+			super(message);
+		}
 
-	InvalidBase64CharacterException(String message) {
-		super(message);
 	}
 
 }
diff --git a/etc/checkstyle/checkstyle-suppressions.xml b/etc/checkstyle/checkstyle-suppressions.xml
index cfa6522e24..0f0f43aa9d 100644
--- a/etc/checkstyle/checkstyle-suppressions.xml
+++ b/etc/checkstyle/checkstyle-suppressions.xml
@@ -3,7 +3,6 @@
 		"-//Checkstyle//DTD SuppressionFilter Configuration 1.2//EN"
 		"https://checkstyle.org/dtds/suppressions_1_2.dtd">
 <suppressions>
-	<suppress files=".*" checks="OneTopLevelClass" />
 	<suppress files=".*" checks="ParenPad" />
 	<suppress files=".*" checks="RedundantImport" />
 	<suppress files=".*" checks="RegexpSinglelineJava" />
diff --git a/web/src/main/java/org/springframework/security/web/FilterInvocation.java b/web/src/main/java/org/springframework/security/web/FilterInvocation.java
index 160884f2fd..56037c47ac 100644
--- a/web/src/main/java/org/springframework/security/web/FilterInvocation.java
+++ b/web/src/main/java/org/springframework/security/web/FilterInvocation.java
@@ -140,193 +140,193 @@ public class FilterInvocation {
 		return "FilterInvocation: URL: " + getRequestUrl();
 	}
 
-}
+	static class DummyRequest extends HttpServletRequestWrapper {
 
-class DummyRequest extends HttpServletRequestWrapper {
+		private static final HttpServletRequest UNSUPPORTED_REQUEST = (HttpServletRequest) Proxy.newProxyInstance(
+				DummyRequest.class.getClassLoader(), new Class[] { HttpServletRequest.class },
+				new UnsupportedOperationExceptionInvocationHandler());
 
-	private static final HttpServletRequest UNSUPPORTED_REQUEST = (HttpServletRequest) Proxy.newProxyInstance(
-			DummyRequest.class.getClassLoader(), new Class[] { HttpServletRequest.class },
-			new UnsupportedOperationExceptionInvocationHandler());
+		private String requestURI;
 
-	private String requestURI;
+		private String contextPath = "";
 
-	private String contextPath = "";
+		private String servletPath;
 
-	private String servletPath;
+		private String pathInfo;
 
-	private String pathInfo;
+		private String queryString;
 
-	private String queryString;
+		private String method;
 
-	private String method;
+		private final HttpHeaders headers = new HttpHeaders();
 
-	private final HttpHeaders headers = new HttpHeaders();
+		private final Map<String, String[]> parameters = new LinkedHashMap<>();
 
-	private final Map<String, String[]> parameters = new LinkedHashMap<>();
-
-	DummyRequest() {
-		super(UNSUPPORTED_REQUEST);
-	}
-
-	@Override
-	public String getCharacterEncoding() {
-		return "UTF-8";
-	}
-
-	@Override
-	public Object getAttribute(String attributeName) {
-		return null;
-	}
-
-	public void setRequestURI(String requestURI) {
-		this.requestURI = requestURI;
-	}
-
-	public void setPathInfo(String pathInfo) {
-		this.pathInfo = pathInfo;
-	}
-
-	@Override
-	public String getRequestURI() {
-		return this.requestURI;
-	}
-
-	public void setContextPath(String contextPath) {
-		this.contextPath = contextPath;
-	}
-
-	@Override
-	public String getContextPath() {
-		return this.contextPath;
-	}
-
-	public void setServletPath(String servletPath) {
-		this.servletPath = servletPath;
-	}
-
-	@Override
-	public String getServletPath() {
-		return this.servletPath;
-	}
-
-	public void setMethod(String method) {
-		this.method = method;
-	}
-
-	@Override
-	public String getMethod() {
-		return this.method;
-	}
-
-	@Override
-	public String getPathInfo() {
-		return this.pathInfo;
-	}
-
-	@Override
-	public String getQueryString() {
-		return this.queryString;
-	}
-
-	public void setQueryString(String queryString) {
-		this.queryString = queryString;
-	}
-
-	@Override
-	public String getServerName() {
-		return null;
-	}
-
-	@Override
-	public String getHeader(String name) {
-		return this.headers.getFirst(name);
-	}
-
-	@Override
-	public Enumeration<String> getHeaders(String name) {
-		return Collections.enumeration(this.headers.get(name));
-	}
-
-	@Override
-	public Enumeration<String> getHeaderNames() {
-		return Collections.enumeration(this.headers.keySet());
-	}
-
-	@Override
-	public int getIntHeader(String name) {
-		String value = this.headers.getFirst(name);
-		if (value == null) {
-			return -1;
+		DummyRequest() {
+			super(UNSUPPORTED_REQUEST);
 		}
-		else {
-			return Integer.parseInt(value);
+
+		@Override
+		public String getCharacterEncoding() {
+			return "UTF-8";
 		}
+
+		@Override
+		public Object getAttribute(String attributeName) {
+			return null;
+		}
+
+		public void setRequestURI(String requestURI) {
+			this.requestURI = requestURI;
+		}
+
+		public void setPathInfo(String pathInfo) {
+			this.pathInfo = pathInfo;
+		}
+
+		@Override
+		public String getRequestURI() {
+			return this.requestURI;
+		}
+
+		public void setContextPath(String contextPath) {
+			this.contextPath = contextPath;
+		}
+
+		@Override
+		public String getContextPath() {
+			return this.contextPath;
+		}
+
+		public void setServletPath(String servletPath) {
+			this.servletPath = servletPath;
+		}
+
+		@Override
+		public String getServletPath() {
+			return this.servletPath;
+		}
+
+		public void setMethod(String method) {
+			this.method = method;
+		}
+
+		@Override
+		public String getMethod() {
+			return this.method;
+		}
+
+		@Override
+		public String getPathInfo() {
+			return this.pathInfo;
+		}
+
+		@Override
+		public String getQueryString() {
+			return this.queryString;
+		}
+
+		public void setQueryString(String queryString) {
+			this.queryString = queryString;
+		}
+
+		@Override
+		public String getServerName() {
+			return null;
+		}
+
+		@Override
+		public String getHeader(String name) {
+			return this.headers.getFirst(name);
+		}
+
+		@Override
+		public Enumeration<String> getHeaders(String name) {
+			return Collections.enumeration(this.headers.get(name));
+		}
+
+		@Override
+		public Enumeration<String> getHeaderNames() {
+			return Collections.enumeration(this.headers.keySet());
+		}
+
+		@Override
+		public int getIntHeader(String name) {
+			String value = this.headers.getFirst(name);
+			if (value == null) {
+				return -1;
+			}
+			else {
+				return Integer.parseInt(value);
+			}
+		}
+
+		public void addHeader(String name, String value) {
+			this.headers.add(name, value);
+		}
+
+		@Override
+		public String getParameter(String name) {
+			String[] arr = this.parameters.get(name);
+			return (arr != null && arr.length > 0 ? arr[0] : null);
+		}
+
+		@Override
+		public Map<String, String[]> getParameterMap() {
+			return Collections.unmodifiableMap(this.parameters);
+		}
+
+		@Override
+		public Enumeration<String> getParameterNames() {
+			return Collections.enumeration(this.parameters.keySet());
+		}
+
+		@Override
+		public String[] getParameterValues(String name) {
+			return this.parameters.get(name);
+		}
+
+		public void setParameter(String name, String... values) {
+			this.parameters.put(name, values);
+		}
+
 	}
 
-	public void addHeader(String name, String value) {
-		this.headers.add(name, value);
-	}
+	static final class UnsupportedOperationExceptionInvocationHandler implements InvocationHandler {
 
-	@Override
-	public String getParameter(String name) {
-		String[] arr = this.parameters.get(name);
-		return (arr != null && arr.length > 0 ? arr[0] : null);
-	}
+		private static final float JAVA_VERSION = Float.parseFloat(System.getProperty("java.class.version", "52"));
 
-	@Override
-	public Map<String, String[]> getParameterMap() {
-		return Collections.unmodifiableMap(this.parameters);
-	}
+		@Override
+		public Object invoke(Object proxy, Method method, Object[] args) throws Throwable {
+			if (method.isDefault()) {
+				return invokeDefaultMethod(proxy, method, args);
+			}
+			throw new UnsupportedOperationException(method + " is not supported");
+		}
 
-	@Override
-	public Enumeration<String> getParameterNames() {
-		return Collections.enumeration(this.parameters.keySet());
-	}
+		private Object invokeDefaultMethod(Object proxy, Method method, Object[] args) throws Throwable {
+			if (isJdk8OrEarlier()) {
+				return invokeDefaultMethodForJdk8(proxy, method, args);
+			}
+			return MethodHandles.lookup()
+					.findSpecial(method.getDeclaringClass(), method.getName(),
+							MethodType.methodType(method.getReturnType(), new Class[0]), method.getDeclaringClass())
+					.bindTo(proxy).invokeWithArguments(args);
+		}
 
-	@Override
-	public String[] getParameterValues(String name) {
-		return this.parameters.get(name);
-	}
+		private Object invokeDefaultMethodForJdk8(Object proxy, Method method, Object[] args) throws Throwable {
+			Constructor<Lookup> constructor = Lookup.class.getDeclaredConstructor(Class.class);
+			constructor.setAccessible(true);
+
+			Class<?> clazz = method.getDeclaringClass();
+			return constructor.newInstance(clazz).in(clazz).unreflectSpecial(method, clazz).bindTo(proxy)
+					.invokeWithArguments(args);
+		}
+
+		private boolean isJdk8OrEarlier() {
+			return JAVA_VERSION <= 52;
+		}
 
-	public void setParameter(String name, String... values) {
-		this.parameters.put(name, values);
-	}
-
-}
-
-final class UnsupportedOperationExceptionInvocationHandler implements InvocationHandler {
-
-	private static final float JAVA_VERSION = Float.parseFloat(System.getProperty("java.class.version", "52"));
-
-	@Override
-	public Object invoke(Object proxy, Method method, Object[] args) throws Throwable {
-		if (method.isDefault()) {
-			return invokeDefaultMethod(proxy, method, args);
-		}
-		throw new UnsupportedOperationException(method + " is not supported");
-	}
-
-	private Object invokeDefaultMethod(Object proxy, Method method, Object[] args) throws Throwable {
-		if (isJdk8OrEarlier()) {
-			return invokeDefaultMethodForJdk8(proxy, method, args);
-		}
-		return MethodHandles.lookup()
-				.findSpecial(method.getDeclaringClass(), method.getName(),
-						MethodType.methodType(method.getReturnType(), new Class[0]), method.getDeclaringClass())
-				.bindTo(proxy).invokeWithArguments(args);
-	}
-
-	private Object invokeDefaultMethodForJdk8(Object proxy, Method method, Object[] args) throws Throwable {
-		Constructor<Lookup> constructor = Lookup.class.getDeclaredConstructor(Class.class);
-		constructor.setAccessible(true);
-
-		Class<?> clazz = method.getDeclaringClass();
-		return constructor.newInstance(clazz).in(clazz).unreflectSpecial(method, clazz).bindTo(proxy)
-				.invokeWithArguments(args);
-	}
-
-	private boolean isJdk8OrEarlier() {
-		return JAVA_VERSION <= 52;
 	}
 
 }
diff --git a/web/src/main/java/org/springframework/security/web/debug/DebugFilter.java b/web/src/main/java/org/springframework/security/web/debug/DebugFilter.java
index 7f2fbfc872..174b66a175 100644
--- a/web/src/main/java/org/springframework/security/web/debug/DebugFilter.java
+++ b/web/src/main/java/org/springframework/security/web/debug/DebugFilter.java
@@ -150,34 +150,34 @@ public final class DebugFilter implements Filter {
 	public void destroy() {
 	}
 
-}
+	static class DebugRequestWrapper extends HttpServletRequestWrapper {
 
-class DebugRequestWrapper extends HttpServletRequestWrapper {
+		private static final Logger logger = new Logger();
 
-	private static final Logger logger = new Logger();
-
-	DebugRequestWrapper(HttpServletRequest request) {
-		super(request);
-	}
-
-	@Override
-	public HttpSession getSession() {
-		boolean sessionExists = super.getSession(false) != null;
-		HttpSession session = super.getSession();
-
-		if (!sessionExists) {
-			logger.info("New HTTP session created: " + session.getId(), true);
+		DebugRequestWrapper(HttpServletRequest request) {
+			super(request);
 		}
 
-		return session;
-	}
+		@Override
+		public HttpSession getSession() {
+			boolean sessionExists = super.getSession(false) != null;
+			HttpSession session = super.getSession();
 
-	@Override
-	public HttpSession getSession(boolean create) {
-		if (!create) {
-			return super.getSession(create);
+			if (!sessionExists) {
+				DebugRequestWrapper.logger.info("New HTTP session created: " + session.getId(), true);
+			}
+
+			return session;
 		}
-		return getSession();
+
+		@Override
+		public HttpSession getSession(boolean create) {
+			if (!create) {
+				return super.getSession(create);
+			}
+			return getSession();
+		}
+
 	}
 
 }
diff --git a/web/src/test/java/org/springframework/security/web/FilterInvocationTests.java b/web/src/test/java/org/springframework/security/web/FilterInvocationTests.java
index 1a01b9ddf6..046d52fb7b 100644
--- a/web/src/test/java/org/springframework/security/web/FilterInvocationTests.java
+++ b/web/src/test/java/org/springframework/security/web/FilterInvocationTests.java
@@ -24,6 +24,7 @@ import org.junit.Test;
 
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
+import org.springframework.security.web.FilterInvocation.DummyRequest;
 import org.springframework.security.web.util.UrlUtils;
 
 import static org.assertj.core.api.Assertions.assertThat;
diff --git a/web/src/test/java/org/springframework/security/web/debug/DebugFilterTests.java b/web/src/test/java/org/springframework/security/web/debug/DebugFilterTests.java
index f75efc8e0e..2d0cf0248e 100644
--- a/web/src/test/java/org/springframework/security/web/debug/DebugFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/debug/DebugFilterTests.java
@@ -33,6 +33,7 @@ import org.powermock.modules.junit4.PowerMockRunner;
 
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.security.web.FilterChainProxy;
+import org.springframework.security.web.debug.DebugFilter.DebugRequestWrapper;
 import org.springframework.test.util.ReflectionTestUtils;
 
 import static org.assertj.core.api.Assertions.assertThat;

From 18f3d13363a3f74ef75ee3e7b80e2546ba5d8b5f Mon Sep 17 00:00:00 2001
From: Phillip Webb <pwebb@vmware.com>
Date: Mon, 27 Jul 2020 12:17:41 -0700
Subject: [PATCH 31/84] Fix parenthesis padding issues

Fix a few parenthesis padding issues caused by the formatter.

Issue gh-8945
---
 ...PasswordAuthenticationTokenMixinTests.java | 56 ++++++-------------
 etc/checkstyle/checkstyle-suppressions.xml    |  1 -
 ...h2AuthorizationRequestRepositoryTests.java | 12 +---
 3 files changed, 19 insertions(+), 50 deletions(-)

diff --git a/core/src/test/java/org/springframework/security/jackson2/UsernamePasswordAuthenticationTokenMixinTests.java b/core/src/test/java/org/springframework/security/jackson2/UsernamePasswordAuthenticationTokenMixinTests.java
index 18905cf639..0741c926be 100644
--- a/core/src/test/java/org/springframework/security/jackson2/UsernamePasswordAuthenticationTokenMixinTests.java
+++ b/core/src/test/java/org/springframework/security/jackson2/UsernamePasswordAuthenticationTokenMixinTests.java
@@ -43,44 +43,32 @@ import static org.assertj.core.api.Assertions.assertThat;
  */
 public class UsernamePasswordAuthenticationTokenMixinTests extends AbstractMixinTests {
 
-	// @formatter:off
 	private static final String AUTHENTICATED_JSON = "{"
-		+ "\"@class\": \"org.springframework.security.authentication.UsernamePasswordAuthenticationToken\","
-		+ "\"principal\": "+ UserDeserializerTests.USER_JSON + ", "
-		+ "\"credentials\": \"1234\", "
-		+ "\"authenticated\": true, "
-		+ "\"details\": null, "
-		+ "\"authorities\": "+ SimpleGrantedAuthorityMixinTests.AUTHORITIES_ARRAYLIST_JSON
-	+ "}";
-	// @formatter:on
+			+ "\"@class\": \"org.springframework.security.authentication.UsernamePasswordAuthenticationToken\","
+			+ "\"principal\": " + UserDeserializerTests.USER_JSON + ", " + "\"credentials\": \"1234\", "
+			+ "\"authenticated\": true, " + "\"details\": null, " + "\"authorities\": "
+			+ SimpleGrantedAuthorityMixinTests.AUTHORITIES_ARRAYLIST_JSON + "}";
 
-	// @formatter:off
-	public static final String AUTHENTICATED_STRINGPRINCIPAL_JSON = AUTHENTICATED_JSON.replace( UserDeserializerTests.USER_JSON, "\"admin\"");
-	// @formatter:on
+	public static final String AUTHENTICATED_STRINGPRINCIPAL_JSON = AUTHENTICATED_JSON
+			.replace(UserDeserializerTests.USER_JSON, "\"admin\"");
 
-	// @formatter:off
 	private static final String NON_USER_PRINCIPAL_JSON = "{"
-		+ "\"@class\": \"org.springframework.security.jackson2.UsernamePasswordAuthenticationTokenMixinTests$NonUserPrincipal\", "
-		+ "\"username\": \"admin\""
-		+ "}";
-	// @formatter:on
+			+ "\"@class\": \"org.springframework.security.jackson2.UsernamePasswordAuthenticationTokenMixinTests$NonUserPrincipal\", "
+			+ "\"username\": \"admin\"" + "}";
 
-	// @formatter:off
-	private static final String AUTHENTICATED_STRINGDETAILS_JSON = AUTHENTICATED_JSON.replace("\"details\": null, ", "\"details\": \"details\", ");
-	// @formatter:on
+	private static final String AUTHENTICATED_STRINGDETAILS_JSON = AUTHENTICATED_JSON.replace("\"details\": null, ",
+			"\"details\": \"details\", ");
 
-	// @formatter:off
 	private static final String AUTHENTICATED_NON_USER_PRINCIPAL_JSON = AUTHENTICATED_JSON
-		.replace(UserDeserializerTests.USER_JSON, NON_USER_PRINCIPAL_JSON)
-		.replaceAll(UserDeserializerTests.USER_PASSWORD, "null")
-		.replace(SimpleGrantedAuthorityMixinTests.AUTHORITIES_ARRAYLIST_JSON, SimpleGrantedAuthorityMixinTests.NO_AUTHORITIES_ARRAYLIST_JSON);
-	// @formatter:on
+			.replace(UserDeserializerTests.USER_JSON, NON_USER_PRINCIPAL_JSON)
+			.replaceAll(UserDeserializerTests.USER_PASSWORD, "null")
+			.replace(SimpleGrantedAuthorityMixinTests.AUTHORITIES_ARRAYLIST_JSON,
+					SimpleGrantedAuthorityMixinTests.NO_AUTHORITIES_ARRAYLIST_JSON);
 
-	// @formatter:off
 	private static final String UNAUTHENTICATED_STRINGPRINCIPAL_JSON = AUTHENTICATED_STRINGPRINCIPAL_JSON
-		.replace("\"authenticated\": true, ", "\"authenticated\": false, ")
-		.replace(SimpleGrantedAuthorityMixinTests.AUTHORITIES_ARRAYLIST_JSON, SimpleGrantedAuthorityMixinTests.EMPTY_AUTHORITIES_ARRAYLIST_JSON);
-	// @formatter:on
+			.replace("\"authenticated\": true, ", "\"authenticated\": false, ")
+			.replace(SimpleGrantedAuthorityMixinTests.AUTHORITIES_ARRAYLIST_JSON,
+					SimpleGrantedAuthorityMixinTests.EMPTY_AUTHORITIES_ARRAYLIST_JSON);
 
 	@Test
 	public void serializeUnauthenticatedUsernamePasswordAuthenticationTokenMixinTest()
@@ -184,30 +172,20 @@ public class UsernamePasswordAuthenticationTokenMixinTests extends AbstractMixin
 
 	@Test
 	public void serializingThenDeserializingWithNoCredentialsOrDetailsShouldWork() throws IOException {
-		// given
 		UsernamePasswordAuthenticationToken original = new UsernamePasswordAuthenticationToken("Frodo", null);
-
-		// when
 		String serialized = this.mapper.writeValueAsString(original);
 		UsernamePasswordAuthenticationToken deserialized = this.mapper.readValue(serialized,
 				UsernamePasswordAuthenticationToken.class);
-
-		// then
 		assertThat(deserialized).isEqualTo(original);
 	}
 
 	@Test
 	public void serializingThenDeserializingWithConfiguredObjectMapperShouldWork() throws IOException {
-		// given
 		this.mapper.setDefaultPropertyInclusion(construct(ALWAYS, NON_NULL)).setSerializationInclusion(NON_ABSENT);
 		UsernamePasswordAuthenticationToken original = new UsernamePasswordAuthenticationToken("Frodo", null);
-
-		// when
 		String serialized = this.mapper.writeValueAsString(original);
 		UsernamePasswordAuthenticationToken deserialized = this.mapper.readValue(serialized,
 				UsernamePasswordAuthenticationToken.class);
-
-		// then
 		assertThat(deserialized).isEqualTo(original);
 	}
 
diff --git a/etc/checkstyle/checkstyle-suppressions.xml b/etc/checkstyle/checkstyle-suppressions.xml
index 0f0f43aa9d..bf9e471928 100644
--- a/etc/checkstyle/checkstyle-suppressions.xml
+++ b/etc/checkstyle/checkstyle-suppressions.xml
@@ -3,7 +3,6 @@
 		"-//Checkstyle//DTD SuppressionFilter Configuration 1.2//EN"
 		"https://checkstyle.org/dtds/suppressions_1_2.dtd">
 <suppressions>
-	<suppress files=".*" checks="ParenPad" />
 	<suppress files=".*" checks="RedundantImport" />
 	<suppress files=".*" checks="RegexpSinglelineJava" />
 	<suppress files=".*" checks="SimplifyBooleanExpression" />
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizationRequestRepositoryTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizationRequestRepositoryTests.java
index 2f7863e238..3a0115e192 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizationRequestRepositoryTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizationRequestRepositoryTests.java
@@ -197,20 +197,12 @@ public class HttpSessionOAuth2AuthorizationRequestRepositoryTests {
 	public void saveAuthorizationRequestWhenNullThenRemoved() {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		OAuth2AuthorizationRequest authorizationRequest = createAuthorizationRequest().build();
-
-		this.authorizationRequestRepository.saveAuthorizationRequest( // Save
-				authorizationRequest, request, response);
-
+		this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, request, response);
 		request.addParameter(OAuth2ParameterNames.STATE, authorizationRequest.getState());
-		this.authorizationRequestRepository.saveAuthorizationRequest( // Null value
-																		// removes
-				null, request, response);
-
+		this.authorizationRequestRepository.saveAuthorizationRequest(null, request, response);
 		OAuth2AuthorizationRequest loadedAuthorizationRequest = this.authorizationRequestRepository
 				.loadAuthorizationRequest(request);
-
 		assertThat(loadedAuthorizationRequest).isNull();
 	}
 

From b33cb1074fdfad9b4e4645ffbd02d355bf006e03 Mon Sep 17 00:00:00 2001
From: Phillip Webb <pwebb@vmware.com>
Date: Mon, 27 Jul 2020 12:18:47 -0700
Subject: [PATCH 32/84] Remove "redundant import" checkstyle suppression

Remove the "redundant import" checkstyle suppression since running
"organize imports" has fixed any violations.

Issue gh-8945
---
 etc/checkstyle/checkstyle-suppressions.xml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/etc/checkstyle/checkstyle-suppressions.xml b/etc/checkstyle/checkstyle-suppressions.xml
index bf9e471928..99a5d4b17a 100644
--- a/etc/checkstyle/checkstyle-suppressions.xml
+++ b/etc/checkstyle/checkstyle-suppressions.xml
@@ -3,7 +3,6 @@
 		"-//Checkstyle//DTD SuppressionFilter Configuration 1.2//EN"
 		"https://checkstyle.org/dtds/suppressions_1_2.dtd">
 <suppressions>
-	<suppress files=".*" checks="RedundantImport" />
 	<suppress files=".*" checks="RegexpSinglelineJava" />
 	<suppress files=".*" checks="SimplifyBooleanExpression" />
 	<suppress files=".*" checks="SimplifyBooleanReturn" />

From c12ced6aaac0e66989748395ad36b577e505e647 Mon Sep 17 00:00:00 2001
From: Phillip Webb <pwebb@vmware.com>
Date: Mon, 27 Jul 2020 13:45:07 -0700
Subject: [PATCH 33/84] Migrate SwitchUserWebFilterTests AssertJ

Replace the JUnit Assertions used in `SwitchUserWebFilterTests` with
AssertJ. This test appears to have been missed during the original
AssertJ migration.

Issue gh-8945
---
 .../SwitchUserWebFilterTests.java             | 61 ++++++++-----------
 1 file changed, 26 insertions(+), 35 deletions(-)

diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/SwitchUserWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/SwitchUserWebFilterTests.java
index 26acbd9255..0787ccf4fa 100644
--- a/web/src/test/java/org/springframework/security/web/server/authentication/SwitchUserWebFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authentication/SwitchUserWebFilterTests.java
@@ -54,10 +54,7 @@ import org.springframework.test.util.ReflectionTestUtils;
 import org.springframework.web.server.WebFilterChain;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertSame;
-import static org.junit.Assert.assertTrue;
-import static org.junit.Assert.fail;
+import static org.assertj.core.api.Assertions.fail;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.Mockito.mock;
@@ -155,18 +152,15 @@ public class SwitchUserWebFilterTests {
 
 		final Authentication switchUserAuthentication = authenticationCaptor.getValue();
 
-		assertSame(savedSecurityContext.getAuthentication(), switchUserAuthentication);
-
-		assertEquals("username should point to the switched user", targetUsername, switchUserAuthentication.getName());
-		assertTrue("switchAuthentication should contain SwitchUserGrantedAuthority", switchUserAuthentication
-				.getAuthorities().stream().anyMatch(a -> a instanceof SwitchUserGrantedAuthority));
-		assertTrue("new authentication should get new role ", switchUserAuthentication.getAuthorities().stream()
-				.map(GrantedAuthority::getAuthority).anyMatch(a -> a.equals(ROLE_PREVIOUS_ADMINISTRATOR)));
-		assertEquals("SwitchUserGrantedAuthority should contain the original authentication",
-				originalAuthentication.getName(),
+		assertThat(switchUserAuthentication).isSameAs(savedSecurityContext.getAuthentication());
+		assertThat(switchUserAuthentication.getName()).isEqualTo(targetUsername);
+		assertThat(switchUserAuthentication.getAuthorities()).anyMatch(SwitchUserGrantedAuthority.class::isInstance);
+		assertThat(switchUserAuthentication.getAuthorities())
+				.anyMatch((a) -> a.getAuthority().contains(ROLE_PREVIOUS_ADMINISTRATOR));
+		assertThat(
 				switchUserAuthentication.getAuthorities().stream().filter(a -> a instanceof SwitchUserGrantedAuthority)
-						.map(a -> ((SwitchUserGrantedAuthority) a).getSource()).map(Principal::getName).findFirst()
-						.orElse(null));
+						.map(a -> ((SwitchUserGrantedAuthority) a).getSource()).map(Principal::getName))
+								.contains(originalAuthentication.getName());
 	}
 
 	@Test
@@ -206,14 +200,11 @@ public class SwitchUserWebFilterTests {
 
 		final Authentication secondSwitchUserAuthentication = authenticationCaptor.getValue();
 
-		assertEquals("username should point to the switched user", targetUsername,
-				secondSwitchUserAuthentication.getName());
-		assertEquals("SwitchUserGrantedAuthority should contain the original authentication",
-				originalAuthentication.getName(),
-				secondSwitchUserAuthentication.getAuthorities().stream()
-						.filter(a -> a instanceof SwitchUserGrantedAuthority)
-						.map(a -> ((SwitchUserGrantedAuthority) a).getSource()).map(Principal::getName).findFirst()
-						.orElse(null));
+		assertThat(secondSwitchUserAuthentication.getName()).isEqualTo(targetUsername);
+		assertThat(secondSwitchUserAuthentication.getAuthorities().stream()
+				.filter(a -> a instanceof SwitchUserGrantedAuthority)
+				.map(a -> ((SwitchUserGrantedAuthority) a).getSource()).map(Principal::getName).findFirst()
+				.orElse(null)).isEqualTo(originalAuthentication.getName());
 	}
 
 	@Test
@@ -316,8 +307,8 @@ public class SwitchUserWebFilterTests {
 
 		final Authentication originalAuthenticationValue = authenticationCaptor.getValue();
 
-		assertSame(originalAuthentication, savedSecurityContext.getAuthentication());
-		assertSame(originalAuthentication, originalAuthenticationValue);
+		assertThat(savedSecurityContext.getAuthentication()).isSameAs(originalAuthentication);
+		assertThat(originalAuthenticationValue).isSameAs(originalAuthentication);
 		verifyNoInteractions(chain);
 	}
 
@@ -399,10 +390,10 @@ public class SwitchUserWebFilterTests {
 		// then
 		final Object securityContextRepository = ReflectionTestUtils.getField(this.switchUserWebFilter,
 				"securityContextRepository");
-		assertTrue(securityContextRepository instanceof WebSessionServerSecurityContextRepository);
+		assertThat(securityContextRepository).isInstanceOf(WebSessionServerSecurityContextRepository.class);
 
 		final Object userDetailsChecker = ReflectionTestUtils.getField(this.switchUserWebFilter, "userDetailsChecker");
-		assertTrue(userDetailsChecker instanceof AccountStatusUserDetailsChecker);
+		assertThat(userDetailsChecker).isInstanceOf(AccountStatusUserDetailsChecker.class);
 	}
 
 	@Test
@@ -413,17 +404,17 @@ public class SwitchUserWebFilterTests {
 
 		// then
 		final Object successHandler = ReflectionTestUtils.getField(this.switchUserWebFilter, "successHandler");
-		assertTrue(successHandler instanceof RedirectServerAuthenticationSuccessHandler);
+		assertThat(successHandler).isInstanceOf(RedirectServerAuthenticationSuccessHandler.class);
 
 		final Object failureHandler = ReflectionTestUtils.getField(this.switchUserWebFilter, "failureHandler");
-		assertTrue(failureHandler instanceof RedirectServerAuthenticationFailureHandler);
+		assertThat(failureHandler).isInstanceOf(RedirectServerAuthenticationFailureHandler.class);
 
 		final Object securityContextRepository = ReflectionTestUtils.getField(this.switchUserWebFilter,
 				"securityContextRepository");
-		assertTrue(securityContextRepository instanceof WebSessionServerSecurityContextRepository);
+		assertThat(securityContextRepository).isInstanceOf(WebSessionServerSecurityContextRepository.class);
 
 		final Object userDetailsChecker = ReflectionTestUtils.getField(this.switchUserWebFilter, "userDetailsChecker");
-		assertTrue(userDetailsChecker instanceof AccountStatusUserDetailsChecker);
+		assertThat(userDetailsChecker instanceof AccountStatusUserDetailsChecker).isTrue();
 	}
 
 	@Test
@@ -442,7 +433,7 @@ public class SwitchUserWebFilterTests {
 		// given
 		final Object oldSecurityContextRepository = ReflectionTestUtils.getField(this.switchUserWebFilter,
 				"securityContextRepository");
-		assertSame(this.serverSecurityContextRepository, oldSecurityContextRepository);
+		assertThat(oldSecurityContextRepository).isSameAs(this.serverSecurityContextRepository);
 
 		final ServerSecurityContextRepository newSecurityContextRepository = mock(
 				ServerSecurityContextRepository.class);
@@ -451,7 +442,7 @@ public class SwitchUserWebFilterTests {
 		// then
 		final Object currentSecurityContextRepository = ReflectionTestUtils.getField(this.switchUserWebFilter,
 				"securityContextRepository");
-		assertSame(newSecurityContextRepository, currentSecurityContextRepository);
+		assertThat(currentSecurityContextRepository).isSameAs(newSecurityContextRepository);
 	}
 
 	@Test
@@ -532,7 +523,7 @@ public class SwitchUserWebFilterTests {
 		final ServerWebExchangeMatcher currentExitUserMatcher = (ServerWebExchangeMatcher) ReflectionTestUtils
 				.getField(this.switchUserWebFilter, "exitUserMatcher");
 
-		assertSame(newExitUserMatcher, currentExitUserMatcher);
+		assertThat(currentExitUserMatcher).isSameAs(newExitUserMatcher);
 	}
 
 	@Test
@@ -613,7 +604,7 @@ public class SwitchUserWebFilterTests {
 		final ServerWebExchangeMatcher currentExitUserMatcher = (ServerWebExchangeMatcher) ReflectionTestUtils
 				.getField(this.switchUserWebFilter, "switchUserMatcher");
 
-		assertSame(newSwitchUserMatcher, currentExitUserMatcher);
+		assertThat(currentExitUserMatcher).isSameAs(newSwitchUserMatcher);
 	}
 
 	private UserDetails switchUserDetails(String username, boolean enabled) {

From db55ef4b3b88a455b0661f63f5c3adf75efaa9f8 Mon Sep 17 00:00:00 2001
From: Phillip Webb <pwebb@vmware.com>
Date: Mon, 27 Jul 2020 12:53:19 -0700
Subject: [PATCH 34/84] Migrate to BDD Mockito

Migrate Mockito imports to use the BDD variant. This aligns better with
the "given" / "when" / "then" style used in most tests since the "given"
block now uses Mockito `given(...)` calls.

The commit also updates a few tests that were accidentally using
Power Mockito when regular Mockito could be used.

Issue gh-8945
---
 .../AclPermissionCacheOptimizerTests.java     |   6 +-
 .../acls/AclPermissionEvaluatorTests.java     |  14 +--
 ...ationCollectionFilteringProviderTests.java |   6 +-
 .../AclEntryAfterInvocationProviderTests.java |  12 +-
 .../domain/AccessControlImplEntryTests.java   |   4 +-
 .../acls/domain/AuditLoggerTests.java         |  10 +-
 .../acls/jdbc/EhCacheBasedAclCacheTests.java  |  14 +--
 .../acls/jdbc/JdbcAclServiceTests.java        |   6 +-
 .../acls/jdbc/JdbcMutableAclServiceTests.java |   4 +-
 .../acls/sid/SidRetrievalStrategyTests.java   |   4 +-
 .../CasAuthenticationProviderTests.java       |  10 +-
 ...tionAttributesUserDetailsServiceTests.java |   8 +-
 .../cas/web/CasAuthenticationFilterTests.java |   4 +-
 .../config/annotation/rsocket/JwtITests.java  |   6 +-
 .../AuthenticationManagerBuilderTests.java    |   4 +-
 .../AuthenticationConfigurationTests.java     |  22 ++--
 .../EnableReactiveMethodSecurityTests.java    |  86 ++++++-------
 ...lobalMethodSecurityConfigurationTests.java |   6 +-
 .../web/builders/NamespaceHttpTests.java      |  14 +--
 .../OAuth2ClientConfigurationTests.java       |  22 ++--
 .../WebSecurityConfigurationTests.java        |   6 +-
 .../web/configurers/CsrfConfigurerTests.java  |  30 ++---
 .../configurers/FormLoginConfigurerTests.java |   4 +-
 .../web/configurers/JeeConfigurerTests.java   |  14 +--
 .../configurers/NamespaceHttpJeeTests.java    |   8 +-
 .../NamespaceHttpOpenIDLoginTests.java        |  21 ++--
 .../configurers/NamespaceRememberMeTests.java |   6 +-
 .../NamespaceSessionManagementTests.java      |   6 +-
 .../RememberMeConfigurerTests.java            |   6 +-
 .../SecurityContextConfigurerTests.java       |   4 +-
 .../SessionManagementConfigurerTests.java     |   8 +-
 .../client/OAuth2ClientConfigurerTests.java   |  10 +-
 .../client/OAuth2LoginConfigurerTests.java    |   8 +-
 .../OAuth2ResourceServerConfigurerTests.java  |  54 ++++-----
 .../openid/OpenIDLoginConfigurerTests.java    |  18 +--
 .../saml2/Saml2LoginConfigurerTests.java      |  10 +-
 ...geSecurityMetadataSourceRegistryTests.java |   4 +-
 ...uthenticationConfigurationGh3935Tests.java |   4 +-
 .../security/config/http/CsrfConfigTests.java |   6 +-
 .../DefaultFilterChainValidatorTests.java     |   4 +-
 .../config/http/InterceptUrlConfigTests.java  |   6 +-
 .../config/http/MiscHttpConfigTests.java      |  26 ++--
 ...OAuth2ClientBeanDefinitionParserTests.java |  24 ++--
 .../OAuth2LoginBeanDefinitionParserTests.java |  90 +++++++-------
 .../config/http/OpenIDConfigTests.java        |   6 +-
 .../config/http/RememberMeConfigTests.java    |   6 +-
 .../config/web/server/CorsSpecTests.java      |  10 +-
 .../web/server/HttpsRedirectSpecTests.java    |   6 +-
 .../web/server/OAuth2ClientSpecTests.java     |  34 +++---
 .../config/web/server/OAuth2LoginTests.java   |  66 +++++-----
 .../server/OAuth2ResourceServerSpecTests.java |  20 +--
 .../web/server/ServerHttpSecurityTests.java   |   9 +-
 .../SecurityExpressionRootTests.java          |   4 +-
 ...tMethodSecurityExpressionHandlerTests.java |   6 +-
 .../MethodSecurityExpressionRootTests.java    |  17 ++-
 .../MethodSecurityInterceptorTests.java       |  44 +++----
 ...hodSecurityMetadataSourceAdvisorTests.java |   6 +-
 ...AspectJMethodSecurityInterceptorTests.java |  38 +++---
 ...thodInvocationPrivilegeEvaluatorTests.java |  16 +--
 ...tingMethodSecurityMetadataSourceTests.java |   8 +-
 .../access/vote/AffirmativeBasedTests.java    |  14 +--
 .../AbstractAuthenticationTokenTests.java     |   4 +-
 ...ingReactiveAuthenticationManagerTests.java |  12 +-
 .../authentication/ProviderManagerTests.java  |  18 +--
 ...tiveAuthenticationManagerAdapterTests.java |  10 +-
 ...ailsServiceAuthenticationManagerTests.java |  16 +--
 ...oryReactiveAuthenticationManagerTests.java |  46 +++----
 .../dao/DaoAuthenticationProviderTests.java   |  24 ++--
 ...efaultJaasAuthenticationProviderTests.java |  30 ++---
 .../jaas/JaasAuthenticationProviderTests.java |   4 +-
 .../RemoteAuthenticationManagerImplTests.java |   6 +-
 ...atedReactiveAuthorizationManagerTests.java |   4 +-
 ...rityReactiveAuthorizationManagerTests.java |   6 +-
 ...ngSecurityContextExecutorServiceTests.java |  16 +--
 ...yContextScheduledExecutorServiceTests.java |  16 +--
 ...elegatingSecurityContextCallableTests.java |   4 +-
 ...elegatingSecurityContextRunnableTests.java |   6 +-
 .../DelegatingApplicationListenerTests.java   |   8 +-
 .../JdbcUserDetailsManagerTests.java          |   6 +-
 .../encrypt/AesBytesEncryptorTests.java       |   6 +-
 .../DelegatingPasswordEncoderTests.java       |  12 +-
 etc/checkstyle/checkstyle-suppressions.xml    |   1 -
 .../security/ldap/LdapUtilsTests.java         |  12 +-
 .../ldap/SpringSecurityLdapTemplateTests.java |  12 +-
 .../LdapAuthenticationProviderTests.java      |   8 +-
 ...swordComparisonAuthenticatorMockTests.java |  12 +-
 ...ectoryLdapAuthenticationProviderTests.java |  56 ++++-----
 ...PasswordPolicyAwareContextSourceTests.java |  10 +-
 .../PasswordPolicyControlFactoryTests.java    |   8 +-
 ...sServiceLdapAuthoritiesPopulatorTests.java |   6 +-
 ...MessageSecurityExpressionHandlerTests.java |   6 +-
 ...MessageExpressionConfigAttributeTests.java |   4 +-
 .../MessageExpressionVoterTests.java          |  22 ++--
 .../ChannelSecurityInterceptorTests.java      |  22 ++--
 .../util/matcher/AndMessageMatcherTests.java  |  16 +--
 .../util/matcher/OrMessageMatcherTests.java   |  14 +--
 ...iceOAuth2AuthorizedClientManagerTests.java |  42 +++----
 ...iveOAuth2AuthorizedClientManagerTests.java | 114 +++++++++---------
 ...lsOAuth2AuthorizedClientProviderTests.java |   8 +-
 ...veOAuth2AuthorizedClientProviderTests.java |   8 +-
 ...ngOAuth2AuthorizedClientProviderTests.java |   4 +-
 ...veOAuth2AuthorizedClientProviderTests.java |  12 +-
 ...oryOAuth2AuthorizedClientServiceTests.java |  10 +-
 ...iveOAuth2AuthorizedClientServiceTests.java |  22 ++--
 ...dbcOAuth2AuthorizedClientServiceTests.java |   6 +-
 ...2AuthorizedClientProviderBuilderTests.java |   6 +-
 ...rdOAuth2AuthorizedClientProviderTests.java |   8 +-
 ...veOAuth2AuthorizedClientProviderTests.java |   8 +-
 ...2AuthorizedClientProviderBuilderTests.java |   4 +-
 ...enOAuth2AuthorizedClientProviderTests.java |   8 +-
 ...veOAuth2AuthorizedClientProviderTests.java |   8 +-
 ...zationCodeAuthenticationProviderTests.java |   6 +-
 ...odeReactiveAuthenticationManagerTests.java |  10 +-
 ...Auth2LoginAuthenticationProviderTests.java |  24 ++--
 ...ginReactiveAuthenticationManagerTests.java |  22 ++--
 ...orizationCodeTokenResponseClientTests.java |   4 +-
 ...ntCredentialsTokenResponseClientTests.java |   4 +-
 ...zationCodeAuthenticationProviderTests.java |  26 ++--
 ...odeReactiveAuthenticationManagerTests.java |  44 +++----
 .../OidcIdTokenDecoderFactoryTests.java       |  12 +-
 ...eactiveOidcIdTokenDecoderFactoryTests.java |  12 +-
 .../OidcReactiveOAuth2UserServiceTests.java   |  18 +--
 .../oidc/userinfo/OidcUserServiceTests.java   |   6 +-
 ...tiatedServerLogoutSuccessHandlerTests.java |  20 +--
 .../DefaultOAuth2UserServiceTests.java        |   6 +-
 ...DefaultReactiveOAuth2UserServiceTests.java |  10 +-
 .../DelegatingOAuth2UserServiceTests.java     |   4 +-
 ...ultOAuth2AuthorizedClientManagerTests.java |  50 ++++----
 ...iveOAuth2AuthorizedClientManagerTests.java | 108 ++++++++---------
 ...uth2AuthorizationCodeGrantFilterTests.java |   8 +-
 ...thorizationRequestRedirectFilterTests.java |  12 +-
 .../OAuth2LoginAuthenticationFilterTests.java |  24 ++--
 ...AuthorizedClientArgumentResolverTests.java |  28 ++---
 ...zedClientExchangeFilterFunctionITests.java |  22 ++--
 ...izedClientExchangeFilterFunctionTests.java |  84 ++++++-------
 ...zedClientExchangeFilterFunctionITests.java |  18 +--
 ...izedClientExchangeFilterFunctionTests.java |  36 +++---
 ...AuthorizedClientArgumentResolverTests.java |  16 +--
 ...OAuth2AuthorizedClientRepositoryTests.java |  20 +--
 ...uth2AuthorizationRequestResolverTests.java |  28 ++---
 ...2AuthorizationCodeGrantWebFilterTests.java |  82 ++++++-------
 ...rizationRequestRedirectWebFilterTests.java |  10 +-
 ...CodeAuthenticationTokenConverterTests.java |  30 ++---
 ...erAuthorizationRequestRepositoryTests.java |   4 +-
 ...uth2LoginAuthenticationWebFilterTests.java |   4 +-
 .../DelegatingOAuth2TokenValidatorTests.java  |  22 ++--
 ...okenResponseHttpMessageConverterTests.java |   6 +-
 .../OAuth2ErrorHttpMessageConverterTests.java |   6 +-
 .../jwt/MappedJwtClaimSetConverterTests.java  |  10 +-
 .../jwt/NimbusJwtDecoderJwkSupportTests.java  |  12 +-
 .../oauth2/jwt/NimbusJwtDecoderTests.java     |  34 +++---
 .../jwt/NimbusReactiveJwtDecoderTests.java    |  16 +--
 .../jwt/ReactiveRemoteJWKSourceTests.java     |  22 ++--
 .../JwtAuthenticationProviderTests.java       |  16 +--
 ...JwtReactiveAuthenticationManagerTests.java |  14 +--
 ...paqueTokenAuthenticationProviderTests.java |   8 +-
 ...kenReactiveAuthenticationManagerTests.java |  10 +-
 .../NimbusOpaqueTokenIntrospectorTests.java   |  24 ++--
 ...sReactiveOpaqueTokenIntrospectorTests.java |  20 +--
 .../BearerTokenAuthenticationFilterTests.java |  20 +--
 ...erTokenServerAccessDeniedHandlerTests.java |  14 +--
 .../openid/OpenID4JavaConsumerTests.java      |  37 +++---
 .../remoting/dns/JndiDnsResolverTests.java    |  24 ++--
 ...AuthenticationPayloadInterceptorTests.java |   8 +-
 .../AuthorizationPayloadInterceptorTests.java |  12 +-
 ...cherReactiveAuthorizationManagerTests.java |  10 +-
 .../core/PayloadInterceptorRSocketTests.java  |  70 +++++------
 ...PayloadSocketAcceptorInterceptorTests.java |  12 +-
 .../core/PayloadSocketAcceptorTests.java      |  20 +--
 .../RoutePayloadExchangeMatcherTests.java     |  24 ++--
 .../RelyingPartyRegistration.java             |   2 +
 .../OpenSamlAuthenticationProviderTests.java  |  12 +-
 ...SamlAuthenticationRequestFactoryTests.java |   6 +-
 .../Saml2WebSsoAuthenticationFilterTests.java |   4 +-
 ...ebSsoAuthenticationRequestFilterTests.java |  40 +++---
 ...aml2AuthenticationTokenConverterTests.java |  20 +--
 .../service/web/Saml2MetadataFilterTests.java |   6 +-
 .../authz/AbstractAuthorizeTagTests.java      |  10 +-
 .../authz/AccessControlListTagTests.java      |  22 ++--
 .../taglibs/authz/AuthorizeTagTests.java      |   4 +-
 ...thMockUserSecurityContextFactoryTests.java |  46 +++----
 ...ityContextTestExcecutionListenerTests.java |  14 +--
 ...rityContextTestExecutionListenerTests.java |  26 ++--
 ...serDetailsSecurityContextFactoryTests.java |  38 +++---
 ...ockServerConfigurersOAuth2ClientTests.java |   6 +-
 ...equestPostProcessorsOAuth2ClientTests.java |   6 +-
 .../setup/SecurityMockMvcConfigurerTests.java |   8 +-
 .../security/web/FilterChainProxyTests.java   |  68 +++++------
 ...tWebInvocationPrivilegeEvaluatorTests.java |  11 +-
 .../ExceptionTranslationFilterTests.java      |  16 +--
 ...herDelegatingAccessDeniedHandlerTests.java |  10 +-
 .../DelegatingEvaluationContextTests.java     |  22 ++--
 .../expression/WebExpressionVoterTests.java   |  10 +-
 .../FilterSecurityInterceptorTests.java       |  22 ++--
 .../AuthenticationFilterTests.java            |  36 +++---
 ...legatingAuthenticationEntryPointTests.java |  10 +-
 ...wareAuthenticationSuccessHandlerTests.java |   6 +-
 ...namePasswordAuthenticationFilterTests.java |   8 +-
 .../logout/CompositeLogoutHandlerTests.java   |   4 +-
 .../DelegatingLogoutSuccessHandlerTests.java  |   6 +-
 ...PreAuthenticatedProcessingFilterTests.java |  16 +--
 ...estAttributeAuthenticationFilterTests.java |   6 +-
 ...equestHeaderAuthenticationFilterTests.java |   6 +-
 ...PreAuthenticatedProcessingFilterTests.java |   8 +-
 .../JdbcTokenRepositoryImplTests.java         |   4 +-
 .../RememberMeAuthenticationFilterTests.java  |   8 +-
 .../TokenBasedRememberMeServicesTests.java    |   8 +-
 ...iteSessionAuthenticationStrategyTests.java |   6 +-
 ...ionControlAuthenticationStrategyTests.java |  24 ++--
 .../www/BasicAuthenticationFilterTests.java   |  18 +--
 .../ConcurrentSessionFilterTests.java         |  12 +-
 ...SecurityContextPersistenceFilterTests.java |   8 +-
 ...WebAsyncManagerIntegrationFilterTests.java |   4 +-
 .../csrf/CsrfAuthenticationStrategyTests.java |  10 +-
 .../security/web/csrf/CsrfFilterTests.java    |  56 ++++-----
 .../csrf/LazyCsrfTokenRepositoryTests.java    |   8 +-
 .../security/web/debug/DebugFilterTests.java  |  10 +-
 .../web/firewall/RequestWrapperTests.java     |  10 +-
 ...gatingRequestMatcherHeaderWriterTests.java |   6 +-
 .../FrameOptionsHeaderWriterTests.java        |   4 +-
 ...icationPrincipalArgumentResolverTests.java |  22 ++--
 ...ngServerAuthenticationEntryPointTests.java |  10 +-
 ...onverterServerWebExchangeMatcherTests.java |  12 +-
 .../AuthenticationWebFilterTests.java         |  50 ++++----
 ...rverAuthenticationSuccessHandlerTests.java |   6 +-
 ...thenticatedAuthenticationManagerTests.java |  16 +--
 ...ctServerAuthenticationEntryPointTests.java |   4 +-
 ...rverAuthenticationFailureHandlerTests.java |   4 +-
 ...rverAuthenticationSuccessHandlerTests.java |   4 +-
 ...ticationEntryPointFailureHandlerTests.java |   4 +-
 ...FormLoginAuthenticationConverterTests.java |   4 +-
 ...erverX509AuthenticationConverterTests.java |   4 +-
 .../SwitchUserWebFilterTests.java             |  42 +++----
 .../DelegatingServerLogoutHandlerTests.java   |  10 +-
 .../HeaderWriterServerLogoutHandlerTests.java |   4 +-
 .../AuthorizationWebFilterTests.java          |  14 +--
 ...tingReactiveAuthorizationManagerTests.java |  16 +--
 .../ExceptionTranslationWebFilterTests.java   |  28 ++---
 ...egatingServerAccessDeniedHandlerTests.java |  22 ++--
 .../context/ReactorContextWebFilterTests.java |   6 +-
 .../csrf/CsrfServerLogoutHandlerTests.java    |   4 +-
 .../web/server/csrf/CsrfWebFilterTests.java   |  36 +++---
 ...CompositeServerHttpHeadersWriterTests.java |  10 +-
 .../HttpHeaderWriterWebFilterTests.java       |   4 +-
 .../ServerRequestCacheWebFilterTests.java     |   8 +-
 .../HttpsRedirectWebFilterTests.java          |  11 +-
 .../AndServerWebExchangeMatcherTests.java     |  14 +--
 .../NegatedServerWebExchangeMatcherTests.java |   6 +-
 .../OrServerWebExchangeMatcherTests.java      |  12 +-
 ...hMatcherServerWebExchangeMatcherTests.java |  16 +--
 .../util/matcher/MvcRequestMatcherTests.java  |  38 +++---
 .../session/SessionManagementFilterTests.java |   8 +-
 .../util/OnCommittedResponseWrapperTests.java |  12 +-
 .../util/matcher/AndRequestMatcherTests.java  |  16 +--
 .../matcher/AntPathRequestMatcherTests.java   |   4 +-
 .../matcher/MediaTypeRequestMatcherTests.java |  50 ++++----
 .../matcher/NegatedRequestMatcherTests.java   |   6 +-
 .../util/matcher/OrRequestMatcherTests.java   |  14 +--
 .../matcher/RegexRequestMatcherTests.java     |   6 +-
 259 files changed, 2126 insertions(+), 2125 deletions(-)

diff --git a/acl/src/test/java/org/springframework/security/acls/AclPermissionCacheOptimizerTests.java b/acl/src/test/java/org/springframework/security/acls/AclPermissionCacheOptimizerTests.java
index 482508791c..221e1b0cac 100644
--- a/acl/src/test/java/org/springframework/security/acls/AclPermissionCacheOptimizerTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/AclPermissionCacheOptimizerTests.java
@@ -30,10 +30,10 @@ import org.springframework.security.core.Authentication;
 
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.verifyZeroInteractions;
-import static org.mockito.Mockito.when;
 
 /**
  * @author Luke Taylor
@@ -51,8 +51,8 @@ public class AclPermissionCacheOptimizerTests {
 		pco.setSidRetrievalStrategy(sidStrat);
 		Object[] dos = { new Object(), null, new Object() };
 		ObjectIdentity[] oids = { new ObjectIdentityImpl("A", "1"), new ObjectIdentityImpl("A", "2") };
-		when(oidStrat.getObjectIdentity(dos[0])).thenReturn(oids[0]);
-		when(oidStrat.getObjectIdentity(dos[2])).thenReturn(oids[1]);
+		given(oidStrat.getObjectIdentity(dos[0])).willReturn(oids[0]);
+		given(oidStrat.getObjectIdentity(dos[2])).willReturn(oids[1]);
 
 		pco.cachePermissionsFor(mock(Authentication.class), Arrays.asList(dos));
 
diff --git a/acl/src/test/java/org/springframework/security/acls/AclPermissionEvaluatorTests.java b/acl/src/test/java/org/springframework/security/acls/AclPermissionEvaluatorTests.java
index be86bd47a3..c0100858b9 100644
--- a/acl/src/test/java/org/springframework/security/acls/AclPermissionEvaluatorTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/AclPermissionEvaluatorTests.java
@@ -30,8 +30,8 @@ import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyList;
 import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
 
 /**
  * @author Luke Taylor
@@ -45,13 +45,13 @@ public class AclPermissionEvaluatorTests {
 		AclPermissionEvaluator pe = new AclPermissionEvaluator(service);
 		ObjectIdentity oid = mock(ObjectIdentity.class);
 		ObjectIdentityRetrievalStrategy oidStrategy = mock(ObjectIdentityRetrievalStrategy.class);
-		when(oidStrategy.getObjectIdentity(any(Object.class))).thenReturn(oid);
+		given(oidStrategy.getObjectIdentity(any(Object.class))).willReturn(oid);
 		pe.setObjectIdentityRetrievalStrategy(oidStrategy);
 		pe.setSidRetrievalStrategy(mock(SidRetrievalStrategy.class));
 		Acl acl = mock(Acl.class);
 
-		when(service.readAclById(any(ObjectIdentity.class), anyList())).thenReturn(acl);
-		when(acl.isGranted(anyList(), anyList(), eq(false))).thenReturn(true);
+		given(service.readAclById(any(ObjectIdentity.class), anyList())).willReturn(acl);
+		given(acl.isGranted(anyList(), anyList(), eq(false))).willReturn(true);
 
 		assertThat(pe.hasPermission(mock(Authentication.class), new Object(), "READ")).isTrue();
 	}
@@ -65,13 +65,13 @@ public class AclPermissionEvaluatorTests {
 		AclPermissionEvaluator pe = new AclPermissionEvaluator(service);
 		ObjectIdentity oid = mock(ObjectIdentity.class);
 		ObjectIdentityRetrievalStrategy oidStrategy = mock(ObjectIdentityRetrievalStrategy.class);
-		when(oidStrategy.getObjectIdentity(any(Object.class))).thenReturn(oid);
+		given(oidStrategy.getObjectIdentity(any(Object.class))).willReturn(oid);
 		pe.setObjectIdentityRetrievalStrategy(oidStrategy);
 		pe.setSidRetrievalStrategy(mock(SidRetrievalStrategy.class));
 		Acl acl = mock(Acl.class);
 
-		when(service.readAclById(any(ObjectIdentity.class), anyList())).thenReturn(acl);
-		when(acl.isGranted(anyList(), anyList(), eq(false))).thenReturn(true);
+		given(service.readAclById(any(ObjectIdentity.class), anyList())).willReturn(acl);
+		given(acl.isGranted(anyList(), anyList(), eq(false))).willReturn(true);
 
 		assertThat(pe.hasPermission(mock(Authentication.class), new Object(), "write")).isTrue();
 
diff --git a/acl/src/test/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationCollectionFilteringProviderTests.java b/acl/src/test/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationCollectionFilteringProviderTests.java
index b3be3ab76f..dae0fd62c2 100644
--- a/acl/src/test/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationCollectionFilteringProviderTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationCollectionFilteringProviderTests.java
@@ -35,10 +35,10 @@ import org.springframework.security.core.Authentication;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyBoolean;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.never;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 
 /**
  * @author Luke Taylor
@@ -50,8 +50,8 @@ public class AclEntryAfterInvocationCollectionFilteringProviderTests {
 	public void objectsAreRemovedIfPermissionDenied() {
 		AclService service = mock(AclService.class);
 		Acl acl = mock(Acl.class);
-		when(acl.isGranted(any(), any(), anyBoolean())).thenReturn(false);
-		when(service.readAclById(any(), any())).thenReturn(acl);
+		given(acl.isGranted(any(), any(), anyBoolean())).willReturn(false);
+		given(service.readAclById(any(), any())).willReturn(acl);
 		AclEntryAfterInvocationCollectionFilteringProvider provider = new AclEntryAfterInvocationCollectionFilteringProvider(
 				service, Arrays.asList(mock(Permission.class)));
 		provider.setObjectIdentityRetrievalStrategy(mock(ObjectIdentityRetrievalStrategy.class));
diff --git a/acl/src/test/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationProviderTests.java b/acl/src/test/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationProviderTests.java
index 25bd9eb591..8a7787577c 100644
--- a/acl/src/test/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationProviderTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationProviderTests.java
@@ -38,10 +38,10 @@ import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.fail;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyBoolean;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.never;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 
 /**
  * @author Luke Taylor
@@ -64,8 +64,8 @@ public class AclEntryAfterInvocationProviderTests {
 	public void accessIsAllowedIfPermissionIsGranted() {
 		AclService service = mock(AclService.class);
 		Acl acl = mock(Acl.class);
-		when(acl.isGranted(any(List.class), any(List.class), anyBoolean())).thenReturn(true);
-		when(service.readAclById(any(), any())).thenReturn(acl);
+		given(acl.isGranted(any(List.class), any(List.class), anyBoolean())).willReturn(true);
+		given(service.readAclById(any(), any())).willReturn(acl);
 		AclEntryAfterInvocationProvider provider = new AclEntryAfterInvocationProvider(service,
 				Arrays.asList(mock(Permission.class)));
 		provider.setMessageSource(new SpringSecurityMessageSource());
@@ -104,10 +104,10 @@ public class AclEntryAfterInvocationProviderTests {
 	public void accessIsDeniedIfPermissionIsNotGranted() {
 		AclService service = mock(AclService.class);
 		Acl acl = mock(Acl.class);
-		when(acl.isGranted(any(List.class), any(List.class), anyBoolean())).thenReturn(false);
+		given(acl.isGranted(any(List.class), any(List.class), anyBoolean())).willReturn(false);
 		// Try a second time with no permissions found
-		when(acl.isGranted(any(), any(List.class), anyBoolean())).thenThrow(new NotFoundException(""));
-		when(service.readAclById(any(), any())).thenReturn(acl);
+		given(acl.isGranted(any(), any(List.class), anyBoolean())).willThrow(new NotFoundException(""));
+		given(service.readAclById(any(), any())).willReturn(acl);
 		AclEntryAfterInvocationProvider provider = new AclEntryAfterInvocationProvider(service,
 				Arrays.asList(mock(Permission.class)));
 		provider.setProcessConfigAttribute("MY_ATTRIBUTE");
diff --git a/acl/src/test/java/org/springframework/security/acls/domain/AccessControlImplEntryTests.java b/acl/src/test/java/org/springframework/security/acls/domain/AccessControlImplEntryTests.java
index fcff571629..11b01e2c56 100644
--- a/acl/src/test/java/org/springframework/security/acls/domain/AccessControlImplEntryTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/domain/AccessControlImplEntryTests.java
@@ -25,8 +25,8 @@ import org.springframework.security.acls.model.Sid;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.fail;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
 
 /**
  * Tests for {@link AccessControlEntryImpl}.
@@ -87,7 +87,7 @@ public class AccessControlImplEntryTests {
 		final Acl mockAcl = mock(Acl.class);
 		final ObjectIdentity oid = mock(ObjectIdentity.class);
 
-		when(mockAcl.getObjectIdentity()).thenReturn(oid);
+		given(mockAcl.getObjectIdentity()).willReturn(oid);
 		Sid sid = new PrincipalSid("johndoe");
 
 		AccessControlEntry ace = new AccessControlEntryImpl(1L, mockAcl, sid, BasePermission.ADMINISTRATION, true, true,
diff --git a/acl/src/test/java/org/springframework/security/acls/domain/AuditLoggerTests.java b/acl/src/test/java/org/springframework/security/acls/domain/AuditLoggerTests.java
index 095983b49c..7e087b54d1 100644
--- a/acl/src/test/java/org/springframework/security/acls/domain/AuditLoggerTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/domain/AuditLoggerTests.java
@@ -26,8 +26,8 @@ import org.springframework.security.acls.model.AccessControlEntry;
 import org.springframework.security.acls.model.AuditableAccessControlEntry;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
 
 /**
  * Test class for {@link ConsoleAuditLogger}.
@@ -67,14 +67,14 @@ public class AuditLoggerTests {
 
 	@Test
 	public void successIsNotLoggedIfAceDoesntRequireSuccessAudit() {
-		when(this.ace.isAuditSuccess()).thenReturn(false);
+		given(this.ace.isAuditSuccess()).willReturn(false);
 		this.logger.logIfNeeded(true, this.ace);
 		assertThat(this.bytes.size()).isZero();
 	}
 
 	@Test
 	public void successIsLoggedIfAceRequiresSuccessAudit() {
-		when(this.ace.isAuditSuccess()).thenReturn(true);
+		given(this.ace.isAuditSuccess()).willReturn(true);
 
 		this.logger.logIfNeeded(true, this.ace);
 		assertThat(this.bytes.toString()).startsWith("GRANTED due to ACE");
@@ -82,14 +82,14 @@ public class AuditLoggerTests {
 
 	@Test
 	public void failureIsntLoggedIfAceDoesntRequireFailureAudit() {
-		when(this.ace.isAuditFailure()).thenReturn(false);
+		given(this.ace.isAuditFailure()).willReturn(false);
 		this.logger.logIfNeeded(false, this.ace);
 		assertThat(this.bytes.size()).isZero();
 	}
 
 	@Test
 	public void failureIsLoggedIfAceRequiresFailureAudit() {
-		when(this.ace.isAuditFailure()).thenReturn(true);
+		given(this.ace.isAuditFailure()).willReturn(true);
 		this.logger.logIfNeeded(false, this.ace);
 		assertThat(this.bytes.toString()).startsWith("DENIED due to ACE");
 	}
diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/EhCacheBasedAclCacheTests.java b/acl/src/test/java/org/springframework/security/acls/jdbc/EhCacheBasedAclCacheTests.java
index d8a48ccf8b..edadf05442 100644
--- a/acl/src/test/java/org/springframework/security/acls/jdbc/EhCacheBasedAclCacheTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/jdbc/EhCacheBasedAclCacheTests.java
@@ -52,9 +52,9 @@ import org.springframework.test.util.ReflectionTestUtils;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.fail;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 
 /**
  * Tests {@link EhCacheBasedAclCache}
@@ -220,14 +220,14 @@ public class EhCacheBasedAclCacheTests {
 
 	@Test
 	public void getFromCacheSerializable() {
-		when(this.cache.get(this.acl.getId())).thenReturn(new Element(this.acl.getId(), this.acl));
+		given(this.cache.get(this.acl.getId())).willReturn(new Element(this.acl.getId(), this.acl));
 
 		assertThat(this.myCache.getFromCache(this.acl.getId())).isEqualTo(this.acl);
 	}
 
 	@Test
 	public void getFromCacheSerializablePopulatesTransient() {
-		when(this.cache.get(this.acl.getId())).thenReturn(new Element(this.acl.getId(), this.acl));
+		given(this.cache.get(this.acl.getId())).willReturn(new Element(this.acl.getId(), this.acl));
 
 		this.myCache.putInCache(this.acl);
 
@@ -242,14 +242,14 @@ public class EhCacheBasedAclCacheTests {
 
 	@Test
 	public void getFromCacheObjectIdentity() {
-		when(this.cache.get(this.acl.getId())).thenReturn(new Element(this.acl.getId(), this.acl));
+		given(this.cache.get(this.acl.getId())).willReturn(new Element(this.acl.getId(), this.acl));
 
 		assertThat(this.myCache.getFromCache(this.acl.getId())).isEqualTo(this.acl);
 	}
 
 	@Test
 	public void getFromCacheObjectIdentityPopulatesTransient() {
-		when(this.cache.get(this.acl.getObjectIdentity())).thenReturn(new Element(this.acl.getId(), this.acl));
+		given(this.cache.get(this.acl.getObjectIdentity())).willReturn(new Element(this.acl.getId(), this.acl));
 
 		this.myCache.putInCache(this.acl);
 
@@ -264,7 +264,7 @@ public class EhCacheBasedAclCacheTests {
 
 	@Test
 	public void evictCacheSerializable() {
-		when(this.cache.get(this.acl.getObjectIdentity())).thenReturn(new Element(this.acl.getId(), this.acl));
+		given(this.cache.get(this.acl.getObjectIdentity())).willReturn(new Element(this.acl.getId(), this.acl));
 
 		this.myCache.evictFromCache(this.acl.getObjectIdentity());
 
@@ -274,7 +274,7 @@ public class EhCacheBasedAclCacheTests {
 
 	@Test
 	public void evictCacheObjectIdentity() {
-		when(this.cache.get(this.acl.getId())).thenReturn(new Element(this.acl.getId(), this.acl));
+		given(this.cache.get(this.acl.getId())).willReturn(new Element(this.acl.getId(), this.acl));
 
 		this.myCache.evictFromCache(this.acl.getId());
 
diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcAclServiceTests.java b/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcAclServiceTests.java
index a6e7ac36ce..373a270587 100644
--- a/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcAclServiceTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcAclServiceTests.java
@@ -47,7 +47,7 @@ import static org.mockito.AdditionalMatchers.aryEq;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyList;
 import static org.mockito.ArgumentMatchers.anyString;
-import static org.mockito.Mockito.when;
+import static org.mockito.BDDMockito.given;
 
 /**
  * Unit and Integration tests the ACL JdbcAclService using an in-memory database.
@@ -93,7 +93,7 @@ public class JdbcAclServiceTests {
 	@Test(expected = NotFoundException.class)
 	public void readAclByIdMissingAcl() {
 		Map<ObjectIdentity, Acl> result = new HashMap<>();
-		when(this.lookupStrategy.readAclsById(anyList(), anyList())).thenReturn(result);
+		given(this.lookupStrategy.readAclsById(anyList(), anyList())).willReturn(result);
 		ObjectIdentity objectIdentity = new ObjectIdentityImpl(Object.class, 1);
 		List<Sid> sids = Arrays.<Sid>asList(new PrincipalSid("user"));
 
@@ -105,7 +105,7 @@ public class JdbcAclServiceTests {
 		List<ObjectIdentity> result = new ArrayList<>();
 		result.add(new ObjectIdentityImpl(Object.class, "5577"));
 		Object[] args = { "1", "org.springframework.security.acls.jdbc.JdbcAclServiceTests$MockLongIdDomainObject" };
-		when(this.jdbcOperations.query(anyString(), aryEq(args), any(RowMapper.class))).thenReturn(result);
+		given(this.jdbcOperations.query(anyString(), aryEq(args), any(RowMapper.class))).willReturn(result);
 		ObjectIdentity objectIdentity = new ObjectIdentityImpl(MockLongIdDomainObject.class, 1L);
 
 		List<ObjectIdentity> objectIdentities = this.aclService.findChildren(objectIdentity);
diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTests.java b/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTests.java
index 61f8388499..d0f964ec0d 100644
--- a/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTests.java
@@ -55,8 +55,8 @@ import org.springframework.transaction.annotation.Transactional;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.fail;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.spy;
-import static org.mockito.Mockito.when;
 
 /**
  * Integration tests the ACL system using an in-memory database.
@@ -537,7 +537,7 @@ public class JdbcMutableAclServiceTests extends AbstractTransactionalJUnit4Sprin
 		CustomJdbcMutableAclService customJdbcMutableAclService = spy(
 				new CustomJdbcMutableAclService(this.dataSource, this.lookupStrategy, this.aclCache));
 		CustomSid customSid = new CustomSid("Custom sid");
-		when(customJdbcMutableAclService.createOrRetrieveSidPrimaryKey("Custom sid", false, false)).thenReturn(1L);
+		given(customJdbcMutableAclService.createOrRetrieveSidPrimaryKey("Custom sid", false, false)).willReturn(1L);
 
 		Long result = customJdbcMutableAclService.createOrRetrieveSidPrimaryKey(customSid, false);
 
diff --git a/acl/src/test/java/org/springframework/security/acls/sid/SidRetrievalStrategyTests.java b/acl/src/test/java/org/springframework/security/acls/sid/SidRetrievalStrategyTests.java
index 2202be86ea..b25bf3c50a 100644
--- a/acl/src/test/java/org/springframework/security/acls/sid/SidRetrievalStrategyTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/sid/SidRetrievalStrategyTests.java
@@ -31,8 +31,8 @@ import org.springframework.security.core.authority.AuthorityUtils;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.anyCollection;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
 
 /**
  * Tests for {@link SidRetrievalStrategyImpl}
@@ -69,7 +69,7 @@ public class SidRetrievalStrategyTests {
 	public void roleHierarchyIsUsedWhenSet() {
 		RoleHierarchy rh = mock(RoleHierarchy.class);
 		List rhAuthorities = AuthorityUtils.createAuthorityList("D");
-		when(rh.getReachableGrantedAuthorities(anyCollection())).thenReturn(rhAuthorities);
+		given(rh.getReachableGrantedAuthorities(anyCollection())).willReturn(rhAuthorities);
 		SidRetrievalStrategy strat = new SidRetrievalStrategyImpl(rh);
 
 		List<Sid> sids = strat.getSids(this.authentication);
diff --git a/cas/src/test/java/org/springframework/security/cas/authentication/CasAuthenticationProviderTests.java b/cas/src/test/java/org/springframework/security/cas/authentication/CasAuthenticationProviderTests.java
index 60313ef8de..1d680d1683 100644
--- a/cas/src/test/java/org/springframework/security/cas/authentication/CasAuthenticationProviderTests.java
+++ b/cas/src/test/java/org/springframework/security/cas/authentication/CasAuthenticationProviderTests.java
@@ -43,10 +43,10 @@ import org.springframework.security.web.authentication.WebAuthenticationDetails;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.fail;
 import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 
 /**
  * Tests {@link CasAuthenticationProvider}.
@@ -160,9 +160,9 @@ public class CasAuthenticationProviderTests {
 	public void authenticateAllNullService() throws Exception {
 		String serviceUrl = "https://service/context";
 		ServiceAuthenticationDetails details = mock(ServiceAuthenticationDetails.class);
-		when(details.getServiceUrl()).thenReturn(serviceUrl);
+		given(details.getServiceUrl()).willReturn(serviceUrl);
 		TicketValidator validator = mock(TicketValidator.class);
-		when(validator.validate(any(String.class), any(String.class))).thenReturn(new AssertionImpl("rod"));
+		given(validator.validate(any(String.class), any(String.class))).willReturn(new AssertionImpl("rod"));
 
 		ServiceProperties serviceProperties = makeServiceProperties();
 		serviceProperties.setAuthenticateAllArtifacts(true);
@@ -186,9 +186,9 @@ public class CasAuthenticationProviderTests {
 	public void authenticateAllAuthenticationIsSuccessful() throws Exception {
 		String serviceUrl = "https://service/context";
 		ServiceAuthenticationDetails details = mock(ServiceAuthenticationDetails.class);
-		when(details.getServiceUrl()).thenReturn(serviceUrl);
+		given(details.getServiceUrl()).willReturn(serviceUrl);
 		TicketValidator validator = mock(TicketValidator.class);
-		when(validator.validate(any(String.class), any(String.class))).thenReturn(new AssertionImpl("rod"));
+		given(validator.validate(any(String.class), any(String.class))).willReturn(new AssertionImpl("rod"));
 
 		ServiceProperties serviceProperties = makeServiceProperties();
 		serviceProperties.setAuthenticateAllArtifacts(true);
diff --git a/cas/src/test/java/org/springframework/security/cas/userdetails/GrantedAuthorityFromAssertionAttributesUserDetailsServiceTests.java b/cas/src/test/java/org/springframework/security/cas/userdetails/GrantedAuthorityFromAssertionAttributesUserDetailsServiceTests.java
index 32cf90adec..c140dfad92 100644
--- a/cas/src/test/java/org/springframework/security/cas/userdetails/GrantedAuthorityFromAssertionAttributesUserDetailsServiceTests.java
+++ b/cas/src/test/java/org/springframework/security/cas/userdetails/GrantedAuthorityFromAssertionAttributesUserDetailsServiceTests.java
@@ -29,8 +29,8 @@ import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.core.userdetails.UserDetails;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
 
 /**
  * @author Luke Taylor
@@ -50,9 +50,9 @@ public class GrantedAuthorityFromAssertionAttributesUserDetailsServiceTests {
 		attributes.put("c", "role_c");
 		attributes.put("d", null);
 		attributes.put("someother", "unused");
-		when(assertion.getPrincipal()).thenReturn(principal);
-		when(principal.getAttributes()).thenReturn(attributes);
-		when(principal.getName()).thenReturn("somebody");
+		given(assertion.getPrincipal()).willReturn(principal);
+		given(principal.getAttributes()).willReturn(attributes);
+		given(principal.getName()).willReturn("somebody");
 		CasAssertionAuthenticationToken token = new CasAssertionAuthenticationToken(assertion, "ticket");
 		UserDetails user = uds.loadUserDetails(token);
 		Set<String> roles = AuthorityUtils.authorityListToSet(user.getAuthorities());
diff --git a/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationFilterTests.java b/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationFilterTests.java
index c48d102ee8..f8c141f7b4 100644
--- a/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationFilterTests.java
+++ b/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationFilterTests.java
@@ -37,11 +37,11 @@ import org.springframework.security.web.authentication.AuthenticationSuccessHand
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.verifyNoMoreInteractions;
 import static org.mockito.Mockito.verifyZeroInteractions;
-import static org.mockito.Mockito.when;
 
 /**
  * Tests {@link CasAuthenticationFilter}.
@@ -163,7 +163,7 @@ public class CasAuthenticationFilterTests {
 		AuthenticationSuccessHandler successHandler = mock(AuthenticationSuccessHandler.class);
 		AuthenticationManager manager = mock(AuthenticationManager.class);
 		Authentication authentication = new TestingAuthenticationToken("un", "pwd", "ROLE_USER");
-		when(manager.authenticate(any(Authentication.class))).thenReturn(authentication);
+		given(manager.authenticate(any(Authentication.class))).willReturn(authentication);
 		ServiceProperties serviceProperties = new ServiceProperties();
 		serviceProperties.setAuthenticateAllArtifacts(true);
 		MockHttpServletRequest request = new MockHttpServletRequest();
diff --git a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/JwtITests.java b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/JwtITests.java
index 7e0bfc0ba5..36008b73b1 100644
--- a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/JwtITests.java
+++ b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/JwtITests.java
@@ -54,8 +54,8 @@ import org.springframework.util.MimeTypeUtils;
 import static io.rsocket.metadata.WellKnownMimeType.MESSAGE_RSOCKET_AUTHENTICATION;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
 
 /**
  * @author Rob Winch
@@ -97,7 +97,7 @@ public class JwtITests {
 	@Test
 	public void routeWhenBearerThenAuthorized() {
 		BearerTokenMetadata credentials = new BearerTokenMetadata("token");
-		when(this.decoder.decode(any())).thenReturn(Mono.just(jwt()));
+		given(this.decoder.decode(any())).willReturn(Mono.just(jwt()));
 		this.requester = requester()
 				.setupMetadata(credentials.getToken(), BearerTokenMetadata.BEARER_AUTHENTICATION_MIME_TYPE)
 				.connectTcp(this.server.address().getHostName(), this.server.address().getPort()).block();
@@ -112,7 +112,7 @@ public class JwtITests {
 		MimeType authenticationMimeType = MimeTypeUtils.parseMimeType(MESSAGE_RSOCKET_AUTHENTICATION.getString());
 
 		BearerTokenMetadata credentials = new BearerTokenMetadata("token");
-		when(this.decoder.decode(any())).thenReturn(Mono.just(jwt()));
+		given(this.decoder.decode(any())).willReturn(Mono.just(jwt()));
 		this.requester = requester().setupMetadata(credentials, authenticationMimeType)
 				.connectTcp(this.server.address().getHostName(), this.server.address().getPort()).block();
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/AuthenticationManagerBuilderTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/AuthenticationManagerBuilderTests.java
index fa6bf9e5fa..d311138de0 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/authentication/AuthenticationManagerBuilderTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/AuthenticationManagerBuilderTests.java
@@ -53,10 +53,10 @@ import org.springframework.test.web.servlet.MockMvc;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.never;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.formLogin;
 import static org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.authenticated;
 
@@ -88,7 +88,7 @@ public class AuthenticationManagerBuilderTests {
 	public void customAuthenticationEventPublisherWithWeb() throws Exception {
 		ObjectPostProcessor<Object> opp = mock(ObjectPostProcessor.class);
 		AuthenticationEventPublisher aep = mock(AuthenticationEventPublisher.class);
-		when(opp.postProcess(any())).thenAnswer(a -> a.getArgument(0));
+		given(opp.postProcess(any())).willAnswer(a -> a.getArgument(0));
 		AuthenticationManager am = new AuthenticationManagerBuilder(opp).authenticationEventPublisher(aep)
 				.inMemoryAuthentication().and().build();
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationTests.java
index e091dcecb1..3112f51221 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationTests.java
@@ -66,9 +66,9 @@ import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.ArgumentMatchers.startsWith;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 
 public class AuthenticationConfigurationTests {
 
@@ -150,7 +150,7 @@ public class AuthenticationConfigurationTests {
 
 		AuthenticationManager authentication = this.spring.getContext().getBean(AuthenticationConfiguration.class)
 				.getAuthenticationManager();
-		when(authentication.authenticate(token)).thenReturn(TestAuthentication.authenticatedUser());
+		given(authentication.authenticate(token)).willReturn(TestAuthentication.authenticatedUser());
 
 		assertThat(authentication.authenticate(token).getName()).isEqualTo(token.getName());
 	}
@@ -196,7 +196,7 @@ public class AuthenticationConfigurationTests {
 	public void getAuthenticationManagerWhenPostProcessThenUsesBeanClassLoaderOnProxyFactoryBean() throws Exception {
 		this.spring.register(Sec2531Config.class).autowire();
 		ObjectPostProcessor<Object> opp = this.spring.getContext().getBean(ObjectPostProcessor.class);
-		when(opp.postProcess(any())).thenAnswer(a -> a.getArgument(0));
+		given(opp.postProcess(any())).willAnswer(a -> a.getArgument(0));
 
 		AuthenticationConfiguration config = this.spring.getContext().getBean(AuthenticationConfiguration.class);
 		config.getAuthenticationManager();
@@ -220,7 +220,7 @@ public class AuthenticationConfigurationTests {
 		UserDetailsService uds = this.spring.getContext().getBean(UserDetailsService.class);
 		AuthenticationManager am = this.spring.getContext().getBean(AuthenticationConfiguration.class)
 				.getAuthenticationManager();
-		when(uds.loadUserByUsername("user")).thenReturn(PasswordEncodedUser.user(), PasswordEncodedUser.user());
+		given(uds.loadUserByUsername("user")).willReturn(PasswordEncodedUser.user(), PasswordEncodedUser.user());
 
 		am.authenticate(new UsernamePasswordAuthenticationToken("user", "password"));
 
@@ -236,7 +236,7 @@ public class AuthenticationConfigurationTests {
 		UserDetailsService uds = this.spring.getContext().getBean(UserDetailsService.class);
 		AuthenticationManager am = this.spring.getContext().getBean(AuthenticationConfiguration.class)
 				.getAuthenticationManager();
-		when(uds.loadUserByUsername("user")).thenReturn(User.withUserDetails(user).build(),
+		given(uds.loadUserByUsername("user")).willReturn(User.withUserDetails(user).build(),
 				User.withUserDetails(user).build());
 
 		am.authenticate(new UsernamePasswordAuthenticationToken("user", "password"));
@@ -253,9 +253,9 @@ public class AuthenticationConfigurationTests {
 				.getBean(UserDetailsPasswordManagerBeanConfig.Manager.class);
 		AuthenticationManager am = this.spring.getContext().getBean(AuthenticationConfiguration.class)
 				.getAuthenticationManager();
-		when(manager.loadUserByUsername("user")).thenReturn(User.withUserDetails(user).build(),
+		given(manager.loadUserByUsername("user")).willReturn(User.withUserDetails(user).build(),
 				User.withUserDetails(user).build());
-		when(manager.updatePassword(any(), any())).thenReturn(user);
+		given(manager.updatePassword(any(), any())).willReturn(user);
 
 		am.authenticate(new UsernamePasswordAuthenticationToken("user", "password"));
 
@@ -269,8 +269,8 @@ public class AuthenticationConfigurationTests {
 		AuthenticationProvider ap = this.spring.getContext().getBean(AuthenticationProvider.class);
 		AuthenticationManager am = this.spring.getContext().getBean(AuthenticationConfiguration.class)
 				.getAuthenticationManager();
-		when(ap.supports(any())).thenReturn(true);
-		when(ap.authenticate(any())).thenReturn(TestAuthentication.authenticatedUser());
+		given(ap.supports(any())).willReturn(true);
+		given(ap.authenticate(any())).willReturn(TestAuthentication.authenticatedUser());
 
 		am.authenticate(new UsernamePasswordAuthenticationToken("user", "password"));
 	}
@@ -282,8 +282,8 @@ public class AuthenticationConfigurationTests {
 		AuthenticationProvider ap = this.spring.getContext().getBean(AuthenticationProvider.class);
 		AuthenticationManager am = this.spring.getContext().getBean(AuthenticationConfiguration.class)
 				.getAuthenticationManager();
-		when(ap.supports(any())).thenReturn(true);
-		when(ap.authenticate(any())).thenReturn(TestAuthentication.authenticatedUser());
+		given(ap.supports(any())).willReturn(true);
+		given(ap.authenticate(any())).willReturn(TestAuthentication.authenticatedUser());
 
 		am.authenticate(new UsernamePasswordAuthenticationToken("user", "password"));
 	}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/EnableReactiveMethodSecurityTests.java b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/EnableReactiveMethodSecurityTests.java
index 96ec318fb6..474713b393 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/EnableReactiveMethodSecurityTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/EnableReactiveMethodSecurityTests.java
@@ -36,9 +36,9 @@ import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.junit4.SpringRunner;
 
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.reset;
-import static org.mockito.Mockito.when;
 
 /**
  * @author Rob Winch
@@ -80,7 +80,7 @@ public class EnableReactiveMethodSecurityTests {
 
 	@Test
 	public void monoWhenPermitAllThenAopDoesNotSubscribe() {
-		when(this.delegate.monoFindById(1L)).thenReturn(Mono.from(this.result));
+		given(this.delegate.monoFindById(1L)).willReturn(Mono.from(this.result));
 
 		this.delegate.monoFindById(1L);
 
@@ -89,14 +89,14 @@ public class EnableReactiveMethodSecurityTests {
 
 	@Test
 	public void monoWhenPermitAllThenSuccess() {
-		when(this.delegate.monoFindById(1L)).thenReturn(Mono.just("success"));
+		given(this.delegate.monoFindById(1L)).willReturn(Mono.just("success"));
 
 		StepVerifier.create(this.delegate.monoFindById(1L)).expectNext("success").verifyComplete();
 	}
 
 	@Test
 	public void monoPreAuthorizeHasRoleWhenGrantedThenSuccess() {
-		when(this.delegate.monoPreAuthorizeHasRoleFindById(1L)).thenReturn(Mono.just("result"));
+		given(this.delegate.monoPreAuthorizeHasRoleFindById(1L)).willReturn(Mono.just("result"));
 
 		Mono<String> findById = this.messageService.monoPreAuthorizeHasRoleFindById(1L)
 				.subscriberContext(this.withAdmin);
@@ -105,7 +105,7 @@ public class EnableReactiveMethodSecurityTests {
 
 	@Test
 	public void monoPreAuthorizeHasRoleWhenNoAuthenticationThenDenied() {
-		when(this.delegate.monoPreAuthorizeHasRoleFindById(1L)).thenReturn(Mono.from(this.result));
+		given(this.delegate.monoPreAuthorizeHasRoleFindById(1L)).willReturn(Mono.from(this.result));
 
 		Mono<String> findById = this.messageService.monoPreAuthorizeHasRoleFindById(1L);
 		StepVerifier.create(findById).expectError(AccessDeniedException.class).verify();
@@ -115,7 +115,7 @@ public class EnableReactiveMethodSecurityTests {
 
 	@Test
 	public void monoPreAuthorizeHasRoleWhenNotAuthorizedThenDenied() {
-		when(this.delegate.monoPreAuthorizeHasRoleFindById(1L)).thenReturn(Mono.from(this.result));
+		given(this.delegate.monoPreAuthorizeHasRoleFindById(1L)).willReturn(Mono.from(this.result));
 
 		Mono<String> findById = this.messageService.monoPreAuthorizeHasRoleFindById(1L)
 				.subscriberContext(this.withUser);
@@ -126,7 +126,7 @@ public class EnableReactiveMethodSecurityTests {
 
 	@Test
 	public void monoPreAuthorizeBeanWhenGrantedThenSuccess() {
-		when(this.delegate.monoPreAuthorizeBeanFindById(2L)).thenReturn(Mono.just("result"));
+		given(this.delegate.monoPreAuthorizeBeanFindById(2L)).willReturn(Mono.just("result"));
 
 		Mono<String> findById = this.messageService.monoPreAuthorizeBeanFindById(2L).subscriberContext(this.withAdmin);
 		StepVerifier.create(findById).expectNext("result").verifyComplete();
@@ -134,7 +134,7 @@ public class EnableReactiveMethodSecurityTests {
 
 	@Test
 	public void monoPreAuthorizeBeanWhenNotAuthenticatedAndGrantedThenSuccess() {
-		when(this.delegate.monoPreAuthorizeBeanFindById(2L)).thenReturn(Mono.just("result"));
+		given(this.delegate.monoPreAuthorizeBeanFindById(2L)).willReturn(Mono.just("result"));
 
 		Mono<String> findById = this.messageService.monoPreAuthorizeBeanFindById(2L);
 		StepVerifier.create(findById).expectNext("result").verifyComplete();
@@ -142,7 +142,7 @@ public class EnableReactiveMethodSecurityTests {
 
 	@Test
 	public void monoPreAuthorizeBeanWhenNoAuthenticationThenDenied() {
-		when(this.delegate.monoPreAuthorizeBeanFindById(1L)).thenReturn(Mono.from(this.result));
+		given(this.delegate.monoPreAuthorizeBeanFindById(1L)).willReturn(Mono.from(this.result));
 
 		Mono<String> findById = this.messageService.monoPreAuthorizeBeanFindById(1L);
 		StepVerifier.create(findById).expectError(AccessDeniedException.class).verify();
@@ -152,7 +152,7 @@ public class EnableReactiveMethodSecurityTests {
 
 	@Test
 	public void monoPreAuthorizeBeanWhenNotAuthorizedThenDenied() {
-		when(this.delegate.monoPreAuthorizeBeanFindById(1L)).thenReturn(Mono.from(this.result));
+		given(this.delegate.monoPreAuthorizeBeanFindById(1L)).willReturn(Mono.from(this.result));
 
 		Mono<String> findById = this.messageService.monoPreAuthorizeBeanFindById(1L).subscriberContext(this.withUser);
 		StepVerifier.create(findById).expectError(AccessDeniedException.class).verify();
@@ -162,7 +162,7 @@ public class EnableReactiveMethodSecurityTests {
 
 	@Test
 	public void monoPostAuthorizeWhenAuthorizedThenSuccess() {
-		when(this.delegate.monoPostAuthorizeFindById(1L)).thenReturn(Mono.just("user"));
+		given(this.delegate.monoPostAuthorizeFindById(1L)).willReturn(Mono.just("user"));
 
 		Mono<String> findById = this.messageService.monoPostAuthorizeFindById(1L).subscriberContext(this.withUser);
 		StepVerifier.create(findById).expectNext("user").verifyComplete();
@@ -170,7 +170,7 @@ public class EnableReactiveMethodSecurityTests {
 
 	@Test
 	public void monoPostAuthorizeWhenNotAuthorizedThenDenied() {
-		when(this.delegate.monoPostAuthorizeBeanFindById(1L)).thenReturn(Mono.just("not-authorized"));
+		given(this.delegate.monoPostAuthorizeBeanFindById(1L)).willReturn(Mono.just("not-authorized"));
 
 		Mono<String> findById = this.messageService.monoPostAuthorizeBeanFindById(1L).subscriberContext(this.withUser);
 		StepVerifier.create(findById).expectError(AccessDeniedException.class).verify();
@@ -178,7 +178,7 @@ public class EnableReactiveMethodSecurityTests {
 
 	@Test
 	public void monoPostAuthorizeWhenBeanAndAuthorizedThenSuccess() {
-		when(this.delegate.monoPostAuthorizeBeanFindById(2L)).thenReturn(Mono.just("user"));
+		given(this.delegate.monoPostAuthorizeBeanFindById(2L)).willReturn(Mono.just("user"));
 
 		Mono<String> findById = this.messageService.monoPostAuthorizeBeanFindById(2L).subscriberContext(this.withUser);
 		StepVerifier.create(findById).expectNext("user").verifyComplete();
@@ -186,7 +186,7 @@ public class EnableReactiveMethodSecurityTests {
 
 	@Test
 	public void monoPostAuthorizeWhenBeanAndNotAuthenticatedAndAuthorizedThenSuccess() {
-		when(this.delegate.monoPostAuthorizeBeanFindById(2L)).thenReturn(Mono.just("anonymous"));
+		given(this.delegate.monoPostAuthorizeBeanFindById(2L)).willReturn(Mono.just("anonymous"));
 
 		Mono<String> findById = this.messageService.monoPostAuthorizeBeanFindById(2L);
 		StepVerifier.create(findById).expectNext("anonymous").verifyComplete();
@@ -194,7 +194,7 @@ public class EnableReactiveMethodSecurityTests {
 
 	@Test
 	public void monoPostAuthorizeWhenBeanAndNotAuthorizedThenDenied() {
-		when(this.delegate.monoPostAuthorizeBeanFindById(1L)).thenReturn(Mono.just("not-authorized"));
+		given(this.delegate.monoPostAuthorizeBeanFindById(1L)).willReturn(Mono.just("not-authorized"));
 
 		Mono<String> findById = this.messageService.monoPostAuthorizeBeanFindById(1L).subscriberContext(this.withUser);
 		StepVerifier.create(findById).expectError(AccessDeniedException.class).verify();
@@ -204,7 +204,7 @@ public class EnableReactiveMethodSecurityTests {
 
 	@Test
 	public void fluxWhenPermitAllThenAopDoesNotSubscribe() {
-		when(this.delegate.fluxFindById(1L)).thenReturn(Flux.from(this.result));
+		given(this.delegate.fluxFindById(1L)).willReturn(Flux.from(this.result));
 
 		this.delegate.fluxFindById(1L);
 
@@ -213,14 +213,14 @@ public class EnableReactiveMethodSecurityTests {
 
 	@Test
 	public void fluxWhenPermitAllThenSuccess() {
-		when(this.delegate.fluxFindById(1L)).thenReturn(Flux.just("success"));
+		given(this.delegate.fluxFindById(1L)).willReturn(Flux.just("success"));
 
 		StepVerifier.create(this.delegate.fluxFindById(1L)).expectNext("success").verifyComplete();
 	}
 
 	@Test
 	public void fluxPreAuthorizeHasRoleWhenGrantedThenSuccess() {
-		when(this.delegate.fluxPreAuthorizeHasRoleFindById(1L)).thenReturn(Flux.just("result"));
+		given(this.delegate.fluxPreAuthorizeHasRoleFindById(1L)).willReturn(Flux.just("result"));
 
 		Flux<String> findById = this.messageService.fluxPreAuthorizeHasRoleFindById(1L)
 				.subscriberContext(this.withAdmin);
@@ -230,7 +230,7 @@ public class EnableReactiveMethodSecurityTests {
 
 	@Test
 	public void fluxPreAuthorizeHasRoleWhenNoAuthenticationThenDenied() {
-		when(this.delegate.fluxPreAuthorizeHasRoleFindById(1L)).thenReturn(Flux.from(this.result));
+		given(this.delegate.fluxPreAuthorizeHasRoleFindById(1L)).willReturn(Flux.from(this.result));
 
 		Flux<String> findById = this.messageService.fluxPreAuthorizeHasRoleFindById(1L);
 		StepVerifier.create(findById).expectError(AccessDeniedException.class).verify();
@@ -240,7 +240,7 @@ public class EnableReactiveMethodSecurityTests {
 
 	@Test
 	public void fluxPreAuthorizeHasRoleWhenNotAuthorizedThenDenied() {
-		when(this.delegate.fluxPreAuthorizeHasRoleFindById(1L)).thenReturn(Flux.from(this.result));
+		given(this.delegate.fluxPreAuthorizeHasRoleFindById(1L)).willReturn(Flux.from(this.result));
 
 		Flux<String> findById = this.messageService.fluxPreAuthorizeHasRoleFindById(1L)
 				.subscriberContext(this.withUser);
@@ -251,7 +251,7 @@ public class EnableReactiveMethodSecurityTests {
 
 	@Test
 	public void fluxPreAuthorizeBeanWhenGrantedThenSuccess() {
-		when(this.delegate.fluxPreAuthorizeBeanFindById(2L)).thenReturn(Flux.just("result"));
+		given(this.delegate.fluxPreAuthorizeBeanFindById(2L)).willReturn(Flux.just("result"));
 
 		Flux<String> findById = this.messageService.fluxPreAuthorizeBeanFindById(2L).subscriberContext(this.withAdmin);
 		StepVerifier.create(findById).expectNext("result").verifyComplete();
@@ -259,7 +259,7 @@ public class EnableReactiveMethodSecurityTests {
 
 	@Test
 	public void fluxPreAuthorizeBeanWhenNotAuthenticatedAndGrantedThenSuccess() {
-		when(this.delegate.fluxPreAuthorizeBeanFindById(2L)).thenReturn(Flux.just("result"));
+		given(this.delegate.fluxPreAuthorizeBeanFindById(2L)).willReturn(Flux.just("result"));
 
 		Flux<String> findById = this.messageService.fluxPreAuthorizeBeanFindById(2L);
 		StepVerifier.create(findById).expectNext("result").verifyComplete();
@@ -267,7 +267,7 @@ public class EnableReactiveMethodSecurityTests {
 
 	@Test
 	public void fluxPreAuthorizeBeanWhenNoAuthenticationThenDenied() {
-		when(this.delegate.fluxPreAuthorizeBeanFindById(1L)).thenReturn(Flux.from(this.result));
+		given(this.delegate.fluxPreAuthorizeBeanFindById(1L)).willReturn(Flux.from(this.result));
 
 		Flux<String> findById = this.messageService.fluxPreAuthorizeBeanFindById(1L);
 		StepVerifier.create(findById).expectError(AccessDeniedException.class).verify();
@@ -277,7 +277,7 @@ public class EnableReactiveMethodSecurityTests {
 
 	@Test
 	public void fluxPreAuthorizeBeanWhenNotAuthorizedThenDenied() {
-		when(this.delegate.fluxPreAuthorizeBeanFindById(1L)).thenReturn(Flux.from(this.result));
+		given(this.delegate.fluxPreAuthorizeBeanFindById(1L)).willReturn(Flux.from(this.result));
 
 		Flux<String> findById = this.messageService.fluxPreAuthorizeBeanFindById(1L).subscriberContext(this.withUser);
 		StepVerifier.create(findById).expectError(AccessDeniedException.class).verify();
@@ -287,7 +287,7 @@ public class EnableReactiveMethodSecurityTests {
 
 	@Test
 	public void fluxPostAuthorizeWhenAuthorizedThenSuccess() {
-		when(this.delegate.fluxPostAuthorizeFindById(1L)).thenReturn(Flux.just("user"));
+		given(this.delegate.fluxPostAuthorizeFindById(1L)).willReturn(Flux.just("user"));
 
 		Flux<String> findById = this.messageService.fluxPostAuthorizeFindById(1L).subscriberContext(this.withUser);
 		StepVerifier.create(findById).expectNext("user").verifyComplete();
@@ -295,7 +295,7 @@ public class EnableReactiveMethodSecurityTests {
 
 	@Test
 	public void fluxPostAuthorizeWhenNotAuthorizedThenDenied() {
-		when(this.delegate.fluxPostAuthorizeBeanFindById(1L)).thenReturn(Flux.just("not-authorized"));
+		given(this.delegate.fluxPostAuthorizeBeanFindById(1L)).willReturn(Flux.just("not-authorized"));
 
 		Flux<String> findById = this.messageService.fluxPostAuthorizeBeanFindById(1L).subscriberContext(this.withUser);
 		StepVerifier.create(findById).expectError(AccessDeniedException.class).verify();
@@ -303,7 +303,7 @@ public class EnableReactiveMethodSecurityTests {
 
 	@Test
 	public void fluxPostAuthorizeWhenBeanAndAuthorizedThenSuccess() {
-		when(this.delegate.fluxPostAuthorizeBeanFindById(2L)).thenReturn(Flux.just("user"));
+		given(this.delegate.fluxPostAuthorizeBeanFindById(2L)).willReturn(Flux.just("user"));
 
 		Flux<String> findById = this.messageService.fluxPostAuthorizeBeanFindById(2L).subscriberContext(this.withUser);
 		StepVerifier.create(findById).expectNext("user").verifyComplete();
@@ -311,7 +311,7 @@ public class EnableReactiveMethodSecurityTests {
 
 	@Test
 	public void fluxPostAuthorizeWhenBeanAndNotAuthenticatedAndAuthorizedThenSuccess() {
-		when(this.delegate.fluxPostAuthorizeBeanFindById(2L)).thenReturn(Flux.just("anonymous"));
+		given(this.delegate.fluxPostAuthorizeBeanFindById(2L)).willReturn(Flux.just("anonymous"));
 
 		Flux<String> findById = this.messageService.fluxPostAuthorizeBeanFindById(2L);
 		StepVerifier.create(findById).expectNext("anonymous").verifyComplete();
@@ -319,7 +319,7 @@ public class EnableReactiveMethodSecurityTests {
 
 	@Test
 	public void fluxPostAuthorizeWhenBeanAndNotAuthorizedThenDenied() {
-		when(this.delegate.fluxPostAuthorizeBeanFindById(1L)).thenReturn(Flux.just("not-authorized"));
+		given(this.delegate.fluxPostAuthorizeBeanFindById(1L)).willReturn(Flux.just("not-authorized"));
 
 		Flux<String> findById = this.messageService.fluxPostAuthorizeBeanFindById(1L).subscriberContext(this.withUser);
 		StepVerifier.create(findById).expectError(AccessDeniedException.class).verify();
@@ -329,7 +329,7 @@ public class EnableReactiveMethodSecurityTests {
 
 	@Test
 	public void publisherWhenPermitAllThenAopDoesNotSubscribe() {
-		when(this.delegate.publisherFindById(1L)).thenReturn(this.result);
+		given(this.delegate.publisherFindById(1L)).willReturn(this.result);
 
 		this.delegate.publisherFindById(1L);
 
@@ -338,14 +338,14 @@ public class EnableReactiveMethodSecurityTests {
 
 	@Test
 	public void publisherWhenPermitAllThenSuccess() {
-		when(this.delegate.publisherFindById(1L)).thenReturn(publisherJust("success"));
+		given(this.delegate.publisherFindById(1L)).willReturn(publisherJust("success"));
 
 		StepVerifier.create(this.delegate.publisherFindById(1L)).expectNext("success").verifyComplete();
 	}
 
 	@Test
 	public void publisherPreAuthorizeHasRoleWhenGrantedThenSuccess() {
-		when(this.delegate.publisherPreAuthorizeHasRoleFindById(1L)).thenReturn(publisherJust("result"));
+		given(this.delegate.publisherPreAuthorizeHasRoleFindById(1L)).willReturn(publisherJust("result"));
 
 		Publisher<String> findById = Flux.from(this.messageService.publisherPreAuthorizeHasRoleFindById(1L))
 				.subscriberContext(this.withAdmin);
@@ -355,7 +355,7 @@ public class EnableReactiveMethodSecurityTests {
 
 	@Test
 	public void publisherPreAuthorizeHasRoleWhenNoAuthenticationThenDenied() {
-		when(this.delegate.publisherPreAuthorizeHasRoleFindById(1L)).thenReturn(this.result);
+		given(this.delegate.publisherPreAuthorizeHasRoleFindById(1L)).willReturn(this.result);
 
 		Publisher<String> findById = this.messageService.publisherPreAuthorizeHasRoleFindById(1L);
 		StepVerifier.create(findById).expectError(AccessDeniedException.class).verify();
@@ -365,7 +365,7 @@ public class EnableReactiveMethodSecurityTests {
 
 	@Test
 	public void publisherPreAuthorizeHasRoleWhenNotAuthorizedThenDenied() {
-		when(this.delegate.publisherPreAuthorizeHasRoleFindById(1L)).thenReturn(this.result);
+		given(this.delegate.publisherPreAuthorizeHasRoleFindById(1L)).willReturn(this.result);
 
 		Publisher<String> findById = Flux.from(this.messageService.publisherPreAuthorizeHasRoleFindById(1L))
 				.subscriberContext(this.withUser);
@@ -376,7 +376,7 @@ public class EnableReactiveMethodSecurityTests {
 
 	@Test
 	public void publisherPreAuthorizeBeanWhenGrantedThenSuccess() {
-		when(this.delegate.publisherPreAuthorizeBeanFindById(2L)).thenReturn(publisherJust("result"));
+		given(this.delegate.publisherPreAuthorizeBeanFindById(2L)).willReturn(publisherJust("result"));
 
 		Publisher<String> findById = Flux.from(this.messageService.publisherPreAuthorizeBeanFindById(2L))
 				.subscriberContext(this.withAdmin);
@@ -385,7 +385,7 @@ public class EnableReactiveMethodSecurityTests {
 
 	@Test
 	public void publisherPreAuthorizeBeanWhenNotAuthenticatedAndGrantedThenSuccess() {
-		when(this.delegate.publisherPreAuthorizeBeanFindById(2L)).thenReturn(publisherJust("result"));
+		given(this.delegate.publisherPreAuthorizeBeanFindById(2L)).willReturn(publisherJust("result"));
 
 		Publisher<String> findById = this.messageService.publisherPreAuthorizeBeanFindById(2L);
 		StepVerifier.create(findById).expectNext("result").verifyComplete();
@@ -393,7 +393,7 @@ public class EnableReactiveMethodSecurityTests {
 
 	@Test
 	public void publisherPreAuthorizeBeanWhenNoAuthenticationThenDenied() {
-		when(this.delegate.publisherPreAuthorizeBeanFindById(1L)).thenReturn(this.result);
+		given(this.delegate.publisherPreAuthorizeBeanFindById(1L)).willReturn(this.result);
 
 		Publisher<String> findById = this.messageService.publisherPreAuthorizeBeanFindById(1L);
 		StepVerifier.create(findById).expectError(AccessDeniedException.class).verify();
@@ -403,7 +403,7 @@ public class EnableReactiveMethodSecurityTests {
 
 	@Test
 	public void publisherPreAuthorizeBeanWhenNotAuthorizedThenDenied() {
-		when(this.delegate.publisherPreAuthorizeBeanFindById(1L)).thenReturn(this.result);
+		given(this.delegate.publisherPreAuthorizeBeanFindById(1L)).willReturn(this.result);
 
 		Publisher<String> findById = Flux.from(this.messageService.publisherPreAuthorizeBeanFindById(1L))
 				.subscriberContext(this.withUser);
@@ -414,7 +414,7 @@ public class EnableReactiveMethodSecurityTests {
 
 	@Test
 	public void publisherPostAuthorizeWhenAuthorizedThenSuccess() {
-		when(this.delegate.publisherPostAuthorizeFindById(1L)).thenReturn(publisherJust("user"));
+		given(this.delegate.publisherPostAuthorizeFindById(1L)).willReturn(publisherJust("user"));
 
 		Publisher<String> findById = Flux.from(this.messageService.publisherPostAuthorizeFindById(1L))
 				.subscriberContext(this.withUser);
@@ -423,7 +423,7 @@ public class EnableReactiveMethodSecurityTests {
 
 	@Test
 	public void publisherPostAuthorizeWhenNotAuthorizedThenDenied() {
-		when(this.delegate.publisherPostAuthorizeBeanFindById(1L)).thenReturn(publisherJust("not-authorized"));
+		given(this.delegate.publisherPostAuthorizeBeanFindById(1L)).willReturn(publisherJust("not-authorized"));
 
 		Publisher<String> findById = Flux.from(this.messageService.publisherPostAuthorizeBeanFindById(1L))
 				.subscriberContext(this.withUser);
@@ -432,7 +432,7 @@ public class EnableReactiveMethodSecurityTests {
 
 	@Test
 	public void publisherPostAuthorizeWhenBeanAndAuthorizedThenSuccess() {
-		when(this.delegate.publisherPostAuthorizeBeanFindById(2L)).thenReturn(publisherJust("user"));
+		given(this.delegate.publisherPostAuthorizeBeanFindById(2L)).willReturn(publisherJust("user"));
 
 		Publisher<String> findById = Flux.from(this.messageService.publisherPostAuthorizeBeanFindById(2L))
 				.subscriberContext(this.withUser);
@@ -441,7 +441,7 @@ public class EnableReactiveMethodSecurityTests {
 
 	@Test
 	public void publisherPostAuthorizeWhenBeanAndNotAuthenticatedAndAuthorizedThenSuccess() {
-		when(this.delegate.publisherPostAuthorizeBeanFindById(2L)).thenReturn(publisherJust("anonymous"));
+		given(this.delegate.publisherPostAuthorizeBeanFindById(2L)).willReturn(publisherJust("anonymous"));
 
 		Publisher<String> findById = this.messageService.publisherPostAuthorizeBeanFindById(2L);
 		StepVerifier.create(findById).expectNext("anonymous").verifyComplete();
@@ -449,7 +449,7 @@ public class EnableReactiveMethodSecurityTests {
 
 	@Test
 	public void publisherPostAuthorizeWhenBeanAndNotAuthorizedThenDenied() {
-		when(this.delegate.publisherPostAuthorizeBeanFindById(1L)).thenReturn(publisherJust("not-authorized"));
+		given(this.delegate.publisherPostAuthorizeBeanFindById(1L)).willReturn(publisherJust("not-authorized"));
 
 		Publisher<String> findById = Flux.from(this.messageService.publisherPostAuthorizeBeanFindById(1L))
 				.subscriberContext(this.withUser);
diff --git a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfigurationTests.java
index 697f72734a..e2dc8e56bf 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfigurationTests.java
@@ -63,10 +63,10 @@ import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.atLeastOnce;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 
 /**
  * @author Rob Winch
@@ -126,7 +126,7 @@ public class GlobalMethodSecurityConfigurationTests {
 		this.spring.register(CustomTrustResolverConfig.class).autowire();
 
 		AuthenticationTrustResolver trustResolver = this.spring.getContext().getBean(AuthenticationTrustResolver.class);
-		when(trustResolver.isAnonymous(any())).thenReturn(true, false);
+		given(trustResolver.isAnonymous(any())).willReturn(true, false);
 
 		assertThatThrownBy(() -> this.service.preAuthorizeNotAnonymous()).isInstanceOf(AccessDeniedException.class);
 
@@ -163,7 +163,7 @@ public class GlobalMethodSecurityConfigurationTests {
 	public void globalMethodSecurityConfigurationAutowiresPermissionEvaluator() {
 		this.spring.register(AutowirePermissionEvaluatorConfig.class).autowire();
 		PermissionEvaluator permission = this.spring.getContext().getBean(PermissionEvaluator.class);
-		when(permission.hasPermission(any(), eq("something"), eq("read"))).thenReturn(true, false);
+		given(permission.hasPermission(any(), eq("something"), eq("read"))).willReturn(true, false);
 
 		this.service.hasPermission("something");
 		// no exception
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/builders/NamespaceHttpTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/builders/NamespaceHttpTests.java
index 4744963b5c..f630566f8d 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/builders/NamespaceHttpTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/builders/NamespaceHttpTests.java
@@ -58,10 +58,10 @@ import org.springframework.web.bind.annotation.GetMapping;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyCollection;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.formLogin;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.authentication;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.user;
@@ -89,9 +89,9 @@ public class NamespaceHttpTests {
 	@Test // http@access-decision-manager-ref
 	public void configureWhenAccessDecisionManagerSetThenVerifyUse() throws Exception {
 		AccessDecisionManagerRefConfig.ACCESS_DECISION_MANAGER = mock(AccessDecisionManager.class);
-		when(AccessDecisionManagerRefConfig.ACCESS_DECISION_MANAGER.supports(FilterInvocation.class)).thenReturn(true);
-		when(AccessDecisionManagerRefConfig.ACCESS_DECISION_MANAGER.supports(any(ConfigAttribute.class)))
-				.thenReturn(true);
+		given(AccessDecisionManagerRefConfig.ACCESS_DECISION_MANAGER.supports(FilterInvocation.class)).willReturn(true);
+		given(AccessDecisionManagerRefConfig.ACCESS_DECISION_MANAGER.supports(any(ConfigAttribute.class)))
+				.willReturn(true);
 
 		this.spring.register(AccessDecisionManagerRefConfig.class).autowire();
 
@@ -178,11 +178,11 @@ public class NamespaceHttpTests {
 	@Test // http@jaas-api-provision
 	public void configureWhenJaasApiIntegrationFilterAddedThenJaasSubjectObtained() throws Exception {
 		LoginContext loginContext = mock(LoginContext.class);
-		when(loginContext.getSubject()).thenReturn(new Subject());
+		given(loginContext.getSubject()).willReturn(new Subject());
 
 		JaasAuthenticationToken authenticationToken = mock(JaasAuthenticationToken.class);
-		when(authenticationToken.isAuthenticated()).thenReturn(true);
-		when(authenticationToken.getLoginContext()).thenReturn(loginContext);
+		given(authenticationToken.isAuthenticated()).willReturn(true);
+		given(authenticationToken.getLoginContext()).willReturn(loginContext);
 
 		this.spring.register(JaasApiProvisionConfig.class).autowire();
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfigurationTests.java
index 08af641427..3824048542 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfigurationTests.java
@@ -46,12 +46,12 @@ import org.springframework.web.servlet.config.annotation.EnableWebMvc;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.verifyNoInteractions;
 import static org.mockito.Mockito.verifyZeroInteractions;
-import static org.mockito.Mockito.when;
 import static org.springframework.security.oauth2.client.registration.TestClientRegistrations.clientCredentials;
 import static org.springframework.security.oauth2.client.registration.TestClientRegistrations.clientRegistration;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.authentication;
@@ -80,17 +80,17 @@ public class OAuth2ClientConfigurationTests {
 
 		ClientRegistrationRepository clientRegistrationRepository = mock(ClientRegistrationRepository.class);
 		ClientRegistration clientRegistration = clientRegistration().registrationId(clientRegistrationId).build();
-		when(clientRegistrationRepository.findByRegistrationId(eq(clientRegistrationId)))
-				.thenReturn(clientRegistration);
+		given(clientRegistrationRepository.findByRegistrationId(eq(clientRegistrationId)))
+				.willReturn(clientRegistration);
 
 		OAuth2AuthorizedClientRepository authorizedClientRepository = mock(OAuth2AuthorizedClientRepository.class);
 		OAuth2AuthorizedClient authorizedClient = mock(OAuth2AuthorizedClient.class);
-		when(authorizedClient.getClientRegistration()).thenReturn(clientRegistration);
-		when(authorizedClientRepository.loadAuthorizedClient(eq(clientRegistrationId), eq(authentication),
-				any(HttpServletRequest.class))).thenReturn(authorizedClient);
+		given(authorizedClient.getClientRegistration()).willReturn(clientRegistration);
+		given(authorizedClientRepository.loadAuthorizedClient(eq(clientRegistrationId), eq(authentication),
+				any(HttpServletRequest.class))).willReturn(authorizedClient);
 
 		OAuth2AccessToken accessToken = mock(OAuth2AccessToken.class);
-		when(authorizedClient.getAccessToken()).thenReturn(accessToken);
+		given(authorizedClient.getAccessToken()).willReturn(accessToken);
 
 		OAuth2AccessTokenResponseClient accessTokenResponseClient = mock(OAuth2AccessTokenResponseClient.class);
 
@@ -116,12 +116,12 @@ public class OAuth2ClientConfigurationTests {
 		OAuth2AccessTokenResponseClient accessTokenResponseClient = mock(OAuth2AccessTokenResponseClient.class);
 
 		ClientRegistration clientRegistration = clientCredentials().registrationId(clientRegistrationId).build();
-		when(clientRegistrationRepository.findByRegistrationId(clientRegistrationId)).thenReturn(clientRegistration);
+		given(clientRegistrationRepository.findByRegistrationId(clientRegistrationId)).willReturn(clientRegistration);
 
 		OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("access-token-1234")
 				.tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(300).build();
-		when(accessTokenResponseClient.getTokenResponse(any(OAuth2ClientCredentialsGrantRequest.class)))
-				.thenReturn(accessTokenResponse);
+		given(accessTokenResponseClient.getTokenResponse(any(OAuth2ClientCredentialsGrantRequest.class)))
+				.willReturn(accessTokenResponse);
 
 		OAuth2AuthorizedClientArgumentResolverConfig.CLIENT_REGISTRATION_REPOSITORY = clientRegistrationRepository;
 		OAuth2AuthorizedClientArgumentResolverConfig.AUTHORIZED_CLIENT_REPOSITORY = authorizedClientRepository;
@@ -180,7 +180,7 @@ public class OAuth2ClientConfigurationTests {
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(clientRegistration, principalName,
 				TestOAuth2AccessTokens.noScopes());
 
-		when(authorizedClientManager.authorize(any())).thenReturn(authorizedClient);
+		given(authorizedClientManager.authorize(any())).willReturn(authorizedClient);
 
 		OAuth2AuthorizedClientManagerRegisteredConfig.CLIENT_REGISTRATION_REPOSITORY = clientRegistrationRepository;
 		OAuth2AuthorizedClientManagerRegisteredConfig.AUTHORIZED_CLIENT_REPOSITORY = authorizedClientRepository;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurationTests.java
index c5eb62cd68..af7ad3ab0d 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurationTests.java
@@ -61,8 +61,8 @@ import org.springframework.web.bind.annotation.RestController;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.catchThrowable;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
@@ -162,8 +162,8 @@ public class WebSecurityConfigurationTests {
 	@Test
 	public void loadConfigWhenSecurityExpressionHandlerSetThenIsRegistered() {
 		WebSecurityExpressionHandlerConfig.EXPRESSION_HANDLER = mock(SecurityExpressionHandler.class);
-		when(WebSecurityExpressionHandlerConfig.EXPRESSION_HANDLER.getExpressionParser())
-				.thenReturn(mock(ExpressionParser.class));
+		given(WebSecurityExpressionHandlerConfig.EXPRESSION_HANDLER.getExpressionParser())
+				.willReturn(mock(ExpressionParser.class));
 
 		this.spring.register(WebSecurityExpressionHandlerConfig.class).autowire();
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerTests.java
index 4aa9547949..eace9809e5 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerTests.java
@@ -55,10 +55,10 @@ import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.isNull;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.atLeastOnce;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 import static org.springframework.security.config.Customizer.withDefaults;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.user;
@@ -209,8 +209,8 @@ public class CsrfConfigurerTests {
 	public void loginWhenCsrfEnabledThenDoesNotRedirectToPreviousPostRequest() throws Exception {
 		CsrfDisablesPostRequestFromRequestCacheConfig.REPO = mock(CsrfTokenRepository.class);
 		DefaultCsrfToken csrfToken = new DefaultCsrfToken("X-CSRF-TOKEN", "_csrf", "token");
-		when(CsrfDisablesPostRequestFromRequestCacheConfig.REPO.loadToken(any())).thenReturn(csrfToken);
-		when(CsrfDisablesPostRequestFromRequestCacheConfig.REPO.generateToken(any())).thenReturn(csrfToken);
+		given(CsrfDisablesPostRequestFromRequestCacheConfig.REPO.loadToken(any())).willReturn(csrfToken);
+		given(CsrfDisablesPostRequestFromRequestCacheConfig.REPO.generateToken(any())).willReturn(csrfToken);
 		this.spring.register(CsrfDisablesPostRequestFromRequestCacheConfig.class).autowire();
 
 		MvcResult mvcResult = this.mvc.perform(post("/some-url")).andReturn();
@@ -226,8 +226,8 @@ public class CsrfConfigurerTests {
 	public void loginWhenCsrfEnabledThenRedirectsToPreviousGetRequest() throws Exception {
 		CsrfDisablesPostRequestFromRequestCacheConfig.REPO = mock(CsrfTokenRepository.class);
 		DefaultCsrfToken csrfToken = new DefaultCsrfToken("X-CSRF-TOKEN", "_csrf", "token");
-		when(CsrfDisablesPostRequestFromRequestCacheConfig.REPO.loadToken(any())).thenReturn(csrfToken);
-		when(CsrfDisablesPostRequestFromRequestCacheConfig.REPO.generateToken(any())).thenReturn(csrfToken);
+		given(CsrfDisablesPostRequestFromRequestCacheConfig.REPO.loadToken(any())).willReturn(csrfToken);
+		given(CsrfDisablesPostRequestFromRequestCacheConfig.REPO.generateToken(any())).willReturn(csrfToken);
 		this.spring.register(CsrfDisablesPostRequestFromRequestCacheConfig.class).autowire();
 
 		MvcResult mvcResult = this.mvc.perform(get("/some-url")).andReturn();
@@ -254,7 +254,7 @@ public class CsrfConfigurerTests {
 	@Test
 	public void requireCsrfProtectionMatcherWhenRequestDoesNotMatchThenRespondsWithOk() throws Exception {
 		this.spring.register(RequireCsrfProtectionMatcherConfig.class, BasicController.class).autowire();
-		when(RequireCsrfProtectionMatcherConfig.MATCHER.matches(any())).thenReturn(false);
+		given(RequireCsrfProtectionMatcherConfig.MATCHER.matches(any())).willReturn(false);
 
 		this.mvc.perform(get("/")).andExpect(status().isOk());
 	}
@@ -262,7 +262,7 @@ public class CsrfConfigurerTests {
 	@Test
 	public void requireCsrfProtectionMatcherWhenRequestMatchesThenRespondsWithForbidden() throws Exception {
 		RequireCsrfProtectionMatcherConfig.MATCHER = mock(RequestMatcher.class);
-		when(RequireCsrfProtectionMatcherConfig.MATCHER.matches(any())).thenReturn(true);
+		given(RequireCsrfProtectionMatcherConfig.MATCHER.matches(any())).willReturn(true);
 		this.spring.register(RequireCsrfProtectionMatcherConfig.class, BasicController.class).autowire();
 
 		this.mvc.perform(get("/")).andExpect(status().isForbidden());
@@ -272,7 +272,7 @@ public class CsrfConfigurerTests {
 	public void requireCsrfProtectionMatcherInLambdaWhenRequestDoesNotMatchThenRespondsWithOk() throws Exception {
 		RequireCsrfProtectionMatcherInLambdaConfig.MATCHER = mock(RequestMatcher.class);
 		this.spring.register(RequireCsrfProtectionMatcherInLambdaConfig.class, BasicController.class).autowire();
-		when(RequireCsrfProtectionMatcherInLambdaConfig.MATCHER.matches(any())).thenReturn(false);
+		given(RequireCsrfProtectionMatcherInLambdaConfig.MATCHER.matches(any())).willReturn(false);
 
 		this.mvc.perform(get("/")).andExpect(status().isOk());
 	}
@@ -280,7 +280,7 @@ public class CsrfConfigurerTests {
 	@Test
 	public void requireCsrfProtectionMatcherInLambdaWhenRequestMatchesThenRespondsWithForbidden() throws Exception {
 		RequireCsrfProtectionMatcherInLambdaConfig.MATCHER = mock(RequestMatcher.class);
-		when(RequireCsrfProtectionMatcherInLambdaConfig.MATCHER.matches(any())).thenReturn(true);
+		given(RequireCsrfProtectionMatcherInLambdaConfig.MATCHER.matches(any())).willReturn(true);
 		this.spring.register(RequireCsrfProtectionMatcherInLambdaConfig.class, BasicController.class).autowire();
 
 		this.mvc.perform(get("/")).andExpect(status().isForbidden());
@@ -289,8 +289,8 @@ public class CsrfConfigurerTests {
 	@Test
 	public void getWhenCustomCsrfTokenRepositoryThenRepositoryIsUsed() throws Exception {
 		CsrfTokenRepositoryConfig.REPO = mock(CsrfTokenRepository.class);
-		when(CsrfTokenRepositoryConfig.REPO.loadToken(any()))
-				.thenReturn(new DefaultCsrfToken("X-CSRF-TOKEN", "_csrf", "token"));
+		given(CsrfTokenRepositoryConfig.REPO.loadToken(any()))
+				.willReturn(new DefaultCsrfToken("X-CSRF-TOKEN", "_csrf", "token"));
 		this.spring.register(CsrfTokenRepositoryConfig.class, BasicController.class).autowire();
 
 		this.mvc.perform(get("/")).andExpect(status().isOk());
@@ -312,8 +312,8 @@ public class CsrfConfigurerTests {
 	public void loginWhenCustomCsrfTokenRepositoryThenCsrfTokenIsCleared() throws Exception {
 		CsrfTokenRepositoryConfig.REPO = mock(CsrfTokenRepository.class);
 		DefaultCsrfToken csrfToken = new DefaultCsrfToken("X-CSRF-TOKEN", "_csrf", "token");
-		when(CsrfTokenRepositoryConfig.REPO.loadToken(any())).thenReturn(csrfToken);
-		when(CsrfTokenRepositoryConfig.REPO.generateToken(any())).thenReturn(csrfToken);
+		given(CsrfTokenRepositoryConfig.REPO.loadToken(any())).willReturn(csrfToken);
+		given(CsrfTokenRepositoryConfig.REPO.generateToken(any())).willReturn(csrfToken);
 		this.spring.register(CsrfTokenRepositoryConfig.class, BasicController.class).autowire();
 
 		this.mvc.perform(post("/login").with(csrf()).param("username", "user").param("password", "password"))
@@ -326,8 +326,8 @@ public class CsrfConfigurerTests {
 	@Test
 	public void getWhenCustomCsrfTokenRepositoryInLambdaThenRepositoryIsUsed() throws Exception {
 		CsrfTokenRepositoryInLambdaConfig.REPO = mock(CsrfTokenRepository.class);
-		when(CsrfTokenRepositoryInLambdaConfig.REPO.loadToken(any()))
-				.thenReturn(new DefaultCsrfToken("X-CSRF-TOKEN", "_csrf", "token"));
+		given(CsrfTokenRepositoryInLambdaConfig.REPO.loadToken(any()))
+				.willReturn(new DefaultCsrfToken("X-CSRF-TOKEN", "_csrf", "token"));
 		this.spring.register(CsrfTokenRepositoryInLambdaConfig.class, BasicController.class).autowire();
 
 		this.mvc.perform(get("/")).andExpect(status().isOk());
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/FormLoginConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/FormLoginConfigurerTests.java
index d3aff8f656..0ed4745f88 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/FormLoginConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/FormLoginConfigurerTests.java
@@ -39,10 +39,10 @@ import org.springframework.security.web.savedrequest.RequestCache;
 import org.springframework.test.web.servlet.MockMvc;
 
 import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.spy;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 import static org.springframework.security.config.Customizer.withDefaults;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.formLogin;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.logout;
@@ -260,7 +260,7 @@ public class FormLoginConfigurerTests {
 	@Test
 	public void requestWhenCustomPortMapperThenPortMapperUsed() throws Exception {
 		FormLoginUsesPortMapperConfig.PORT_MAPPER = mock(PortMapper.class);
-		when(FormLoginUsesPortMapperConfig.PORT_MAPPER.lookupHttpsPort(any())).thenReturn(9443);
+		given(FormLoginUsesPortMapperConfig.PORT_MAPPER.lookupHttpsPort(any())).willReturn(9443);
 		this.spring.register(FormLoginUsesPortMapperConfig.class).autowire();
 
 		this.mockMvc.perform(get("http://localhost:9090")).andExpect(status().isFound())
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/JeeConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/JeeConfigurerTests.java
index 46b097a6b9..3ce299689d 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/JeeConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/JeeConfigurerTests.java
@@ -36,10 +36,10 @@ import org.springframework.security.web.authentication.preauth.j2ee.J2eePreAuthe
 import org.springframework.test.web.servlet.MockMvc;
 
 import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.spy;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 import static org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.authenticated;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 
@@ -79,7 +79,7 @@ public class JeeConfigurerTests {
 	public void jeeWhenInvokedTwiceThenUsesOriginalMappableRoles() throws Exception {
 		this.spring.register(InvokeTwiceDoesNotOverride.class).autowire();
 		Principal user = mock(Principal.class);
-		when(user.getName()).thenReturn("user");
+		given(user.getName()).willReturn("user");
 
 		this.mvc.perform(get("/").principal(user).with(request -> {
 			request.addUserRole("ROLE_ADMIN");
@@ -92,7 +92,7 @@ public class JeeConfigurerTests {
 	public void requestWhenJeeMappableRolesInLambdaThenAuthenticatedWithMappableRoles() throws Exception {
 		this.spring.register(JeeMappableRolesConfig.class).autowire();
 		Principal user = mock(Principal.class);
-		when(user.getName()).thenReturn("user");
+		given(user.getName()).willReturn("user");
 
 		this.mvc.perform(get("/").principal(user).with(request -> {
 			request.addUserRole("ROLE_ADMIN");
@@ -105,7 +105,7 @@ public class JeeConfigurerTests {
 	public void requestWhenJeeMappableAuthoritiesInLambdaThenAuthenticatedWithMappableAuthorities() throws Exception {
 		this.spring.register(JeeMappableAuthoritiesConfig.class).autowire();
 		Principal user = mock(Principal.class);
-		when(user.getName()).thenReturn("user");
+		given(user.getName()).willReturn("user");
 
 		this.mvc.perform(get("/").principal(user).with(request -> {
 			request.addUserRole("ROLE_ADMIN");
@@ -121,9 +121,9 @@ public class JeeConfigurerTests {
 		Principal user = mock(Principal.class);
 		User userDetails = new User("user", "N/A", true, true, true, true,
 				AuthorityUtils.createAuthorityList("ROLE_USER"));
-		when(user.getName()).thenReturn("user");
-		when(JeeCustomAuthenticatedUserDetailsServiceConfig.authenticationUserDetailsService.loadUserDetails(any()))
-				.thenReturn(userDetails);
+		given(user.getName()).willReturn("user");
+		given(JeeCustomAuthenticatedUserDetailsServiceConfig.authenticationUserDetailsService.loadUserDetails(any()))
+				.willReturn(userDetails);
 
 		this.mvc.perform(get("/").principal(user).with(request -> {
 			request.addUserRole("ROLE_ADMIN");
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpJeeTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpJeeTests.java
index 7cc239f3ab..61e103645f 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpJeeTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpJeeTests.java
@@ -36,9 +36,9 @@ import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RestController;
 
 import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
@@ -63,7 +63,7 @@ public class NamespaceHttpJeeTests {
 		this.spring.register(JeeMappableRolesConfig.class, BaseController.class).autowire();
 
 		Principal user = mock(Principal.class);
-		when(user.getName()).thenReturn("joe");
+		given(user.getName()).willReturn("joe");
 
 		this.mvc.perform(get("/roles").principal(user).with(request -> {
 			request.addUserRole("ROLE_admin");
@@ -78,12 +78,12 @@ public class NamespaceHttpJeeTests {
 		this.spring.register(JeeUserServiceRefConfig.class, BaseController.class).autowire();
 
 		Principal user = mock(Principal.class);
-		when(user.getName()).thenReturn("joe");
+		given(user.getName()).willReturn("joe");
 
 		User result = new User(user.getName(), "N/A", true, true, true, true,
 				AuthorityUtils.createAuthorityList("ROLE_user"));
 
-		when(bean(AuthenticationUserDetailsService.class).loadUserDetails(any())).thenReturn(result);
+		given(bean(AuthenticationUserDetailsService.class).loadUserDetails(any())).willReturn(result);
 
 		this.mvc.perform(get("/roles").principal(user)).andExpect(status().isOk())
 				.andExpect(content().string("ROLE_user"));
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpOpenIDLoginTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpOpenIDLoginTests.java
index 81133d4084..f06590f03c 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpOpenIDLoginTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpOpenIDLoginTests.java
@@ -58,11 +58,11 @@ import org.springframework.test.web.servlet.MvcResult;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyBoolean;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.reset;
 import static org.mockito.Mockito.spy;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 import static org.openid4java.discovery.yadis.YadisResolver.YADIS_XRDS_LOCATION;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
@@ -97,10 +97,11 @@ public class NamespaceHttpOpenIDLoginTests {
 		OpenIDLoginAttributeExchangeConfig.CONSUMER_MANAGER = mock(ConsumerManager.class);
 		AuthRequest mockAuthRequest = mock(AuthRequest.class);
 		DiscoveryInformation mockDiscoveryInformation = mock(DiscoveryInformation.class);
-		when(mockAuthRequest.getDestinationUrl(anyBoolean())).thenReturn("mockUrl");
-		when(OpenIDLoginAttributeExchangeConfig.CONSUMER_MANAGER.associate(any())).thenReturn(mockDiscoveryInformation);
-		when(OpenIDLoginAttributeExchangeConfig.CONSUMER_MANAGER.authenticate(any(DiscoveryInformation.class), any(),
-				any())).thenReturn(mockAuthRequest);
+		given(mockAuthRequest.getDestinationUrl(anyBoolean())).willReturn("mockUrl");
+		given(OpenIDLoginAttributeExchangeConfig.CONSUMER_MANAGER.associate(any()))
+				.willReturn(mockDiscoveryInformation);
+		given(OpenIDLoginAttributeExchangeConfig.CONSUMER_MANAGER.authenticate(any(DiscoveryInformation.class), any(),
+				any())).willReturn(mockAuthRequest);
 		this.spring.register(OpenIDLoginAttributeExchangeConfig.class).autowire();
 
 		try (MockWebServer server = new MockWebServer()) {
@@ -144,20 +145,20 @@ public class NamespaceHttpOpenIDLoginTests {
 				"identityUrl", "message", Arrays.asList(new OpenIDAttribute("name", "type")));
 
 		OpenIDLoginCustomRefsConfig.AUDS = mock(AuthenticationUserDetailsService.class);
-		when(OpenIDLoginCustomRefsConfig.AUDS.loadUserDetails(any(Authentication.class)))
-				.thenReturn(new User("user", "password", AuthorityUtils.createAuthorityList("ROLE_USER")));
+		given(OpenIDLoginCustomRefsConfig.AUDS.loadUserDetails(any(Authentication.class)))
+				.willReturn(new User("user", "password", AuthorityUtils.createAuthorityList("ROLE_USER")));
 		OpenIDLoginCustomRefsConfig.ADS = spy(new WebAuthenticationDetailsSource());
 		OpenIDLoginCustomRefsConfig.CONSUMER = mock(OpenIDConsumer.class);
 
 		this.spring.register(OpenIDLoginCustomRefsConfig.class, UserDetailsServiceConfig.class).autowire();
 
-		when(OpenIDLoginCustomRefsConfig.CONSUMER.endConsumption(any(HttpServletRequest.class)))
-				.thenThrow(new AuthenticationServiceException("boom"));
+		given(OpenIDLoginCustomRefsConfig.CONSUMER.endConsumption(any(HttpServletRequest.class)))
+				.willThrow(new AuthenticationServiceException("boom"));
 		this.mvc.perform(post("/login/openid").with(csrf()).param("openid.identity", "identity"))
 				.andExpect(redirectedUrl("/custom/failure"));
 		reset(OpenIDLoginCustomRefsConfig.CONSUMER);
 
-		when(OpenIDLoginCustomRefsConfig.CONSUMER.endConsumption(any(HttpServletRequest.class))).thenReturn(token);
+		given(OpenIDLoginCustomRefsConfig.CONSUMER.endConsumption(any(HttpServletRequest.class))).willReturn(token);
 		this.mvc.perform(post("/login/openid").with(csrf()).param("openid.identity", "identity"))
 				.andExpect(redirectedUrl("/custom/targetUrl"));
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceRememberMeTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceRememberMeTests.java
index 548c700491..241cdf5bac 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceRememberMeTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceRememberMeTests.java
@@ -51,10 +51,10 @@ import org.springframework.web.bind.annotation.RestController;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.verifyZeroInteractions;
-import static org.mockito.Mockito.when;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
@@ -230,8 +230,8 @@ public class NamespaceRememberMeTests {
 		UserServiceRefConfig.USERDETAILS_SERVICE = mock(UserDetailsService.class);
 		this.spring.register(UserServiceRefConfig.class).autowire();
 
-		when(UserServiceRefConfig.USERDETAILS_SERVICE.loadUserByUsername("user"))
-				.thenReturn(new User("user", "password", AuthorityUtils.createAuthorityList("ROLE_USER")));
+		given(UserServiceRefConfig.USERDETAILS_SERVICE.loadUserByUsername("user"))
+				.willReturn(new User("user", "password", AuthorityUtils.createAuthorityList("ROLE_USER")));
 
 		this.mvc.perform(post("/login").with(rememberMeLogin()));
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceSessionManagementTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceSessionManagementTests.java
index 4cea822c91..d15f595e64 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceSessionManagementTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceSessionManagementTests.java
@@ -56,10 +56,10 @@ import org.springframework.web.bind.annotation.RestController;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.spy;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.httpBasic;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.redirectedUrl;
@@ -110,7 +110,7 @@ public class NamespaceSessionManagementTests {
 		SessionInformation sessionInformation = new SessionInformation(new Object(), session.getId(), new Date(0));
 		sessionInformation.expireNow();
 		SessionRegistry sessionRegistry = this.spring.getContext().getBean(SessionRegistry.class);
-		when(sessionRegistry.getSessionInformation(session.getId())).thenReturn(sessionInformation);
+		given(sessionRegistry.getSessionInformation(session.getId())).willReturn(sessionInformation);
 
 		this.mvc.perform(get("/auth").session(session)).andExpect(redirectedUrl("/expired-session"));
 	}
@@ -133,7 +133,7 @@ public class NamespaceSessionManagementTests {
 
 		MockHttpServletRequest mock = spy(MockHttpServletRequest.class);
 		mock.setSession(new MockHttpSession());
-		when(mock.changeSessionId()).thenThrow(SessionAuthenticationException.class);
+		given(mock.changeSessionId()).willThrow(SessionAuthenticationException.class);
 		mock.setMethod("GET");
 
 		this.mvc.perform(get("/auth").with(request -> mock).with(httpBasic("user", "password")))
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurerTests.java
index 9de0c521d8..a0030c867e 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurerTests.java
@@ -50,10 +50,10 @@ import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyString;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.spy;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 import static org.springframework.security.config.Customizer.withDefaults;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.httpBasic;
@@ -95,8 +95,8 @@ public class RememberMeConfigurerTests {
 
 	@Test
 	public void rememberMeWhenInvokedTwiceThenUsesOriginalUserDetailsService() throws Exception {
-		when(DuplicateDoesNotOverrideConfig.userDetailsService.loadUserByUsername(anyString()))
-				.thenReturn(new User("user", "password", Collections.emptyList()));
+		given(DuplicateDoesNotOverrideConfig.userDetailsService.loadUserByUsername(anyString()))
+				.willReturn(new User("user", "password", Collections.emptyList()));
 		this.spring.register(DuplicateDoesNotOverrideConfig.class).autowire();
 
 		this.mvc.perform(get("/").with(httpBasic("user", "password")).param("remember-me", "true"));
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SecurityContextConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SecurityContextConfigurerTests.java
index 4d7b7e052d..4d232ac77f 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SecurityContextConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SecurityContextConfigurerTests.java
@@ -42,10 +42,10 @@ import org.springframework.test.web.servlet.MvcResult;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.spy;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 import static org.springframework.security.config.Customizer.withDefaults;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.formLogin;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
@@ -74,7 +74,7 @@ public class SecurityContextConfigurerTests {
 	@Test
 	public void securityContextWhenInvokedTwiceThenUsesOriginalSecurityContextRepository() throws Exception {
 		this.spring.register(DuplicateDoesNotOverrideConfig.class).autowire();
-		when(DuplicateDoesNotOverrideConfig.SCR.loadContext(any())).thenReturn(mock(SecurityContext.class));
+		given(DuplicateDoesNotOverrideConfig.SCR.loadContext(any())).willReturn(mock(SecurityContext.class));
 
 		this.mvc.perform(get("/"));
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTests.java
index 267135d6cf..4022a9d2d0 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTests.java
@@ -52,11 +52,11 @@ import org.springframework.test.web.servlet.MvcResult;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.spy;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.verifyNoInteractions;
-import static org.mockito.Mockito.when;
 import static org.springframework.security.config.Customizer.withDefaults;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.httpBasic;
@@ -93,8 +93,8 @@ public class SessionManagementConfigurerTests {
 	@Test
 	public void sessionManagementWhenConfiguredThenDoesNotOverrideSecurityContextRepository() throws Exception {
 		SessionManagementSecurityContextRepositoryConfig.SECURITY_CONTEXT_REPO = mock(SecurityContextRepository.class);
-		when(SessionManagementSecurityContextRepositoryConfig.SECURITY_CONTEXT_REPO
-				.loadContext(any(HttpRequestResponseHolder.class))).thenReturn(mock(SecurityContext.class));
+		given(SessionManagementSecurityContextRepositoryConfig.SECURITY_CONTEXT_REPO
+				.loadContext(any(HttpRequestResponseHolder.class))).willReturn(mock(SecurityContext.class));
 		this.spring.register(SessionManagementSecurityContextRepositoryConfig.class).autowire();
 
 		this.mvc.perform(get("/"));
@@ -243,7 +243,7 @@ public class SessionManagementConfigurerTests {
 	public void getWhenAnonymousRequestAndTrustResolverSharedObjectReturnsAnonymousFalseThenSessionIsSaved()
 			throws Exception {
 		SharedTrustResolverConfig.TR = mock(AuthenticationTrustResolver.class);
-		when(SharedTrustResolverConfig.TR.isAnonymous(any())).thenReturn(false);
+		given(SharedTrustResolverConfig.TR.isAnonymous(any())).willReturn(false);
 		this.spring.register(SharedTrustResolverConfig.class).autowire();
 
 		MvcResult mvcResult = this.mvc.perform(get("/")).andReturn();
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerTests.java
index f7e3689a68..a82fc9bbca 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerTests.java
@@ -66,9 +66,9 @@ import org.springframework.web.servlet.config.annotation.EnableWebMvc;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 import static org.springframework.security.config.Customizer.withDefaults;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.authentication;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.user;
@@ -123,8 +123,8 @@ public class OAuth2ClientConfigurerTests {
 		OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("access-token-1234")
 				.tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(300).build();
 		accessTokenResponseClient = mock(OAuth2AccessTokenResponseClient.class);
-		when(accessTokenResponseClient.getTokenResponse(any(OAuth2AuthorizationCodeGrantRequest.class)))
-				.thenReturn(accessTokenResponse);
+		given(accessTokenResponseClient.getTokenResponse(any(OAuth2AuthorizationCodeGrantRequest.class)))
+				.willReturn(accessTokenResponse);
 		requestCache = mock(RequestCache.class);
 	}
 
@@ -231,8 +231,8 @@ public class OAuth2ClientConfigurerTests {
 		// Override default resolver
 		OAuth2AuthorizationRequestResolver defaultAuthorizationRequestResolver = authorizationRequestResolver;
 		authorizationRequestResolver = mock(OAuth2AuthorizationRequestResolver.class);
-		when(authorizationRequestResolver.resolve(any()))
-				.thenAnswer(invocation -> defaultAuthorizationRequestResolver.resolve(invocation.getArgument(0)));
+		given(authorizationRequestResolver.resolve(any()))
+				.willAnswer(invocation -> defaultAuthorizationRequestResolver.resolve(invocation.getArgument(0)));
 
 		this.spring.register(OAuth2ClientConfig.class).autowire();
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurerTests.java
index 1583f1fa7d..81f12e07cf 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurerTests.java
@@ -90,8 +90,8 @@ import org.springframework.web.context.support.AnnotationConfigWebApplicationCon
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
 import static org.springframework.security.oauth2.core.oidc.TestOidcIdTokens.idToken;
 import static org.springframework.security.oauth2.jwt.TestJwts.jwt;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.authentication;
@@ -325,7 +325,7 @@ public class OAuth2LoginConfigurerTests {
 				.authorizationRequestUri(
 						"https://accounts.google.com/o/oauth2/v2/auth?response_type=code&client_id=clientId&scope=openid+profile+email&state=state&redirect_uri=http%3A%2F%2Flocalhost%2Flogin%2Foauth2%2Fcode%2Fgoogle&custom-param1=custom-value1")
 				.build();
-		when(resolver.resolve(any())).thenReturn(result);
+		given(resolver.resolve(any())).willReturn(result);
 
 		String requestUri = "/oauth2/authorization/google";
 		this.request = new MockHttpServletRequest("GET", requestUri);
@@ -348,7 +348,7 @@ public class OAuth2LoginConfigurerTests {
 				.authorizationRequestUri(
 						"https://accounts.google.com/o/oauth2/v2/auth?response_type=code&client_id=clientId&scope=openid+profile+email&state=state&redirect_uri=http%3A%2F%2Flocalhost%2Flogin%2Foauth2%2Fcode%2Fgoogle&custom-param1=custom-value1")
 				.build();
-		when(resolver.resolve(any())).thenReturn(result);
+		given(resolver.resolve(any())).willReturn(result);
 
 		String requestUri = "/oauth2/authorization/google";
 		this.request = new MockHttpServletRequest("GET", requestUri);
@@ -995,7 +995,7 @@ public class OAuth2LoginConfigurerTests {
 			claims.put(IdTokenClaimNames.AZP, "clientId");
 			Jwt jwt = jwt().claims(c -> c.putAll(claims)).build();
 			JwtDecoder jwtDecoder = mock(JwtDecoder.class);
-			when(jwtDecoder.decode(any())).thenReturn(jwt);
+			given(jwtDecoder.decode(any())).willReturn(jwt);
 			return jwtDecoder;
 		}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java
index 04c077fd60..d48878e014 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java
@@ -135,10 +135,10 @@ import static org.hamcrest.core.StringStartsWith.startsWith;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyString;
 import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.never;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 import static org.springframework.security.config.Customizer.withDefaults;
 import static org.springframework.security.oauth2.core.TestOAuth2AccessTokens.noScopes;
 import static org.springframework.security.oauth2.jwt.JwtClaimNames.ISS;
@@ -590,7 +590,7 @@ public class OAuth2ResourceServerConfigurerTests {
 				.autowire();
 
 		JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class);
-		when(decoder.decode(anyString())).thenReturn(JWT);
+		given(decoder.decode(anyString())).willReturn(JWT);
 
 		this.mvc.perform(get("/authenticated").with(bearerToken(JWT_TOKEN))).andExpect(status().isOk())
 				.andExpect(content().string(JWT_SUBJECT));
@@ -608,7 +608,7 @@ public class OAuth2ResourceServerConfigurerTests {
 				.autowire();
 
 		JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class);
-		when(decoder.decode(anyString())).thenReturn(JWT);
+		given(decoder.decode(anyString())).willReturn(JWT);
 
 		this.mvc.perform(get("/authenticated").with(bearerToken(JWT_TOKEN))).andExpect(status().isOk())
 				.andExpect(content().string(JWT_SUBJECT));
@@ -625,7 +625,7 @@ public class OAuth2ResourceServerConfigurerTests {
 				.autowire();
 
 		JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class);
-		when(decoder.decode(anyString())).thenReturn(JWT);
+		given(decoder.decode(anyString())).willReturn(JWT);
 
 		this.mvc.perform(
 				post("/authenticated").param("access_token", JWT_TOKEN).with(bearerToken(JWT_TOKEN)).with(csrf()))
@@ -642,7 +642,7 @@ public class OAuth2ResourceServerConfigurerTests {
 				.autowire();
 
 		JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class);
-		when(decoder.decode(anyString())).thenReturn(JWT);
+		given(decoder.decode(anyString())).willReturn(JWT);
 
 		this.mvc.perform(get("/authenticated").with(bearerToken(JWT_TOKEN)).param("access_token", JWT_TOKEN))
 				.andExpect(status().isBadRequest())
@@ -707,7 +707,7 @@ public class OAuth2ResourceServerConfigurerTests {
 		CustomJwtDecoderOnDsl config = this.spring.getContext().getBean(CustomJwtDecoderOnDsl.class);
 		JwtDecoder decoder = config.decoder();
 
-		when(decoder.decode(anyString())).thenReturn(JWT);
+		given(decoder.decode(anyString())).willReturn(JWT);
 
 		this.mvc.perform(get("/authenticated").with(bearerToken(JWT_TOKEN))).andExpect(status().isOk())
 				.andExpect(content().string(JWT_SUBJECT));
@@ -721,7 +721,7 @@ public class OAuth2ResourceServerConfigurerTests {
 		CustomJwtDecoderInLambdaOnDsl config = this.spring.getContext().getBean(CustomJwtDecoderInLambdaOnDsl.class);
 		JwtDecoder decoder = config.decoder();
 
-		when(decoder.decode(anyString())).thenReturn(JWT);
+		given(decoder.decode(anyString())).willReturn(JWT);
 
 		this.mvc.perform(get("/authenticated").with(bearerToken(JWT_TOKEN))).andExpect(status().isOk())
 				.andExpect(content().string(JWT_SUBJECT));
@@ -734,7 +734,7 @@ public class OAuth2ResourceServerConfigurerTests {
 
 		JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class);
 
-		when(decoder.decode(anyString())).thenReturn(JWT);
+		given(decoder.decode(anyString())).willReturn(JWT);
 
 		this.mvc.perform(get("/authenticated").with(bearerToken(JWT_TOKEN))).andExpect(status().isOk())
 				.andExpect(content().string(JWT_SUBJECT));
@@ -769,7 +769,7 @@ public class OAuth2ResourceServerConfigurerTests {
 		JwtDecoder decoder = mock(JwtDecoder.class);
 
 		ApplicationContext context = mock(ApplicationContext.class);
-		when(context.getBean(JwtDecoder.class)).thenReturn(decoderBean);
+		given(context.getBean(JwtDecoder.class)).willReturn(decoderBean);
 
 		OAuth2ResourceServerConfigurer.JwtConfigurer jwtConfigurer = new OAuth2ResourceServerConfigurer(context).jwt();
 		jwtConfigurer.decoder(decoder);
@@ -782,7 +782,7 @@ public class OAuth2ResourceServerConfigurerTests {
 
 		JwtDecoder decoder = mock(JwtDecoder.class);
 		ApplicationContext context = mock(ApplicationContext.class);
-		when(context.getBean(JwtDecoder.class)).thenReturn(decoder);
+		given(context.getBean(JwtDecoder.class)).willReturn(decoder);
 
 		OAuth2ResourceServerConfigurer.JwtConfigurer jwtConfigurer = new OAuth2ResourceServerConfigurer(context).jwt();
 
@@ -832,7 +832,7 @@ public class OAuth2ResourceServerConfigurerTests {
 		this.spring.register(RealmNameConfiguredOnEntryPoint.class, JwtDecoderConfig.class).autowire();
 
 		JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class);
-		when(decoder.decode(anyString())).thenThrow(JwtException.class);
+		given(decoder.decode(anyString())).willThrow(JwtException.class);
 
 		this.mvc.perform(get("/authenticated").with(bearerToken("invalid_token"))).andExpect(status().isUnauthorized())
 				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer realm=\"myRealm\"")));
@@ -844,7 +844,7 @@ public class OAuth2ResourceServerConfigurerTests {
 		this.spring.register(RealmNameConfiguredOnAccessDeniedHandler.class, JwtDecoderConfig.class).autowire();
 
 		JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class);
-		when(decoder.decode(anyString())).thenReturn(JWT);
+		given(decoder.decode(anyString())).willReturn(JWT);
 
 		this.mvc.perform(get("/authenticated").with(bearerToken("insufficiently_scoped")))
 				.andExpect(status().isForbidden())
@@ -879,7 +879,7 @@ public class OAuth2ResourceServerConfigurerTests {
 
 		OAuth2Error error = new OAuth2Error("custom-error", "custom-description", "custom-uri");
 
-		when(jwtValidator.validate(any(Jwt.class))).thenReturn(OAuth2TokenValidatorResult.failure(error));
+		given(jwtValidator.validate(any(Jwt.class))).willReturn(OAuth2TokenValidatorResult.failure(error));
 
 		this.mvc.perform(get("/").with(bearerToken(token))).andExpect(status().isUnauthorized())
 				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, containsString("custom-description")));
@@ -918,10 +918,10 @@ public class OAuth2ResourceServerConfigurerTests {
 
 		Converter<Jwt, JwtAuthenticationToken> jwtAuthenticationConverter = this.spring.getContext()
 				.getBean(JwtAuthenticationConverterConfiguredOnDsl.class).getJwtAuthenticationConverter();
-		when(jwtAuthenticationConverter.convert(JWT)).thenReturn(JWT_AUTHENTICATION_TOKEN);
+		given(jwtAuthenticationConverter.convert(JWT)).willReturn(JWT_AUTHENTICATION_TOKEN);
 
 		JwtDecoder jwtDecoder = this.spring.getContext().getBean(JwtDecoder.class);
-		when(jwtDecoder.decode(anyString())).thenReturn(JWT);
+		given(jwtDecoder.decode(anyString())).willReturn(JWT);
 
 		this.mvc.perform(get("/").with(bearerToken(JWT_TOKEN))).andExpect(status().isOk());
 
@@ -936,7 +936,7 @@ public class OAuth2ResourceServerConfigurerTests {
 				.autowire();
 
 		JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class);
-		when(decoder.decode(JWT_TOKEN)).thenReturn(JWT);
+		given(decoder.decode(JWT_TOKEN)).willReturn(JWT);
 
 		this.mvc.perform(get("/requires-read-scope").with(bearerToken(JWT_TOKEN))).andExpect(status().isOk());
 	}
@@ -975,7 +975,7 @@ public class OAuth2ResourceServerConfigurerTests {
 	public void requestWhenUsingCustomAuthenticationEventPublisherThenUses() throws Exception {
 		this.spring.register(CustomAuthenticationEventPublisher.class).autowire();
 
-		when(bean(JwtDecoder.class).decode(anyString())).thenThrow(new BadJwtException("problem"));
+		given(bean(JwtDecoder.class).decode(anyString())).willThrow(new BadJwtException("problem"));
 
 		this.mvc.perform(get("/").with(bearerToken("token")));
 
@@ -987,8 +987,8 @@ public class OAuth2ResourceServerConfigurerTests {
 	public void getWhenCustomJwtAuthenticationManagerThenUsed() throws Exception {
 		this.spring.register(JwtAuthenticationManagerConfig.class, BasicController.class).autowire();
 
-		when(bean(AuthenticationProvider.class).authenticate(any(Authentication.class)))
-				.thenReturn(JWT_AUTHENTICATION_TOKEN);
+		given(bean(AuthenticationProvider.class).authenticate(any(Authentication.class)))
+				.willReturn(JWT_AUTHENTICATION_TOKEN);
 		this.mvc.perform(get("/authenticated").with(bearerToken("token"))).andExpect(status().isOk())
 				.andExpect(content().string("mock-test-subject"));
 
@@ -1038,8 +1038,8 @@ public class OAuth2ResourceServerConfigurerTests {
 	public void getWhenCustomIntrospectionAuthenticationManagerThenUsed() throws Exception {
 		this.spring.register(OpaqueTokenAuthenticationManagerConfig.class, BasicController.class).autowire();
 
-		when(bean(AuthenticationProvider.class).authenticate(any(Authentication.class)))
-				.thenReturn(INTROSPECTION_AUTHENTICATION_TOKEN);
+		given(bean(AuthenticationProvider.class).authenticate(any(Authentication.class)))
+				.willReturn(INTROSPECTION_AUTHENTICATION_TOKEN);
 		this.mvc.perform(get("/authenticated").with(bearerToken("token"))).andExpect(status().isOk())
 				.andExpect(content().string("mock-test-subject"));
 
@@ -1050,8 +1050,8 @@ public class OAuth2ResourceServerConfigurerTests {
 	public void getWhenCustomIntrospectionAuthenticationManagerInLambdaThenUsed() throws Exception {
 		this.spring.register(OpaqueTokenAuthenticationManagerInLambdaConfig.class, BasicController.class).autowire();
 
-		when(bean(AuthenticationProvider.class).authenticate(any(Authentication.class)))
-				.thenReturn(INTROSPECTION_AUTHENTICATION_TOKEN);
+		given(bean(AuthenticationProvider.class).authenticate(any(Authentication.class)))
+				.willReturn(INTROSPECTION_AUTHENTICATION_TOKEN);
 		this.mvc.perform(get("/authenticated").with(bearerToken("token"))).andExpect(status().isOk())
 				.andExpect(content().string("mock-test-subject"));
 
@@ -1111,7 +1111,7 @@ public class OAuth2ResourceServerConfigurerTests {
 		this.spring.register(BasicAndResourceServerConfig.class, JwtDecoderConfig.class).autowire();
 
 		JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class);
-		when(decoder.decode(anyString())).thenThrow(JwtException.class);
+		given(decoder.decode(anyString())).willThrow(JwtException.class);
 
 		this.mvc.perform(get("/authenticated").with(httpBasic("some", "user"))).andExpect(status().isUnauthorized())
 				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, startsWith("Basic")));
@@ -1129,7 +1129,7 @@ public class OAuth2ResourceServerConfigurerTests {
 		this.spring.register(FormAndResourceServerConfig.class, JwtDecoderConfig.class).autowire();
 
 		JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class);
-		when(decoder.decode(anyString())).thenThrow(JwtException.class);
+		given(decoder.decode(anyString())).willThrow(JwtException.class);
 
 		MvcResult result = this.mvc.perform(get("/authenticated")).andExpect(status().isFound())
 				.andExpect(redirectedUrl("http://localhost/login")).andReturn();
@@ -1150,7 +1150,7 @@ public class OAuth2ResourceServerConfigurerTests {
 				.autowire();
 
 		JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class);
-		when(decoder.decode(anyString())).thenReturn(JWT);
+		given(decoder.decode(anyString())).willReturn(JWT);
 
 		this.mvc.perform(get("/authenticated").with(httpBasic("basic-user", "basic-password")))
 				.andExpect(status().isForbidden()).andExpect(header().doesNotExist(HttpHeaders.WWW_AUTHENTICATE));
@@ -1380,7 +1380,7 @@ public class OAuth2ResourceServerConfigurerTests {
 		HttpHeaders headers = new HttpHeaders();
 		headers.setContentType(MediaType.APPLICATION_JSON);
 		ResponseEntity<String> entity = new ResponseEntity<>(response, headers, HttpStatus.OK);
-		when(rest.exchange(any(RequestEntity.class), eq(String.class))).thenReturn(entity);
+		given(rest.exchange(any(RequestEntity.class), eq(String.class))).willReturn(entity);
 	}
 
 	private <T> T bean(Class<T> beanClass) {
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurerTests.java
index f2882e78f0..f546583a5d 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurerTests.java
@@ -43,10 +43,10 @@ import org.springframework.test.web.servlet.MvcResult;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyBoolean;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.spy;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 import static org.openid4java.discovery.yadis.YadisResolver.YADIS_XRDS_LOCATION;
 import static org.springframework.security.config.Customizer.withDefaults;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
@@ -104,10 +104,10 @@ public class OpenIDLoginConfigurerTests {
 		OpenIdAttributesInLambdaConfig.CONSUMER_MANAGER = mock(ConsumerManager.class);
 		AuthRequest mockAuthRequest = mock(AuthRequest.class);
 		DiscoveryInformation mockDiscoveryInformation = mock(DiscoveryInformation.class);
-		when(mockAuthRequest.getDestinationUrl(anyBoolean())).thenReturn("mockUrl");
-		when(OpenIdAttributesInLambdaConfig.CONSUMER_MANAGER.associate(any())).thenReturn(mockDiscoveryInformation);
-		when(OpenIdAttributesInLambdaConfig.CONSUMER_MANAGER.authenticate(any(DiscoveryInformation.class), any(),
-				any())).thenReturn(mockAuthRequest);
+		given(mockAuthRequest.getDestinationUrl(anyBoolean())).willReturn("mockUrl");
+		given(OpenIdAttributesInLambdaConfig.CONSUMER_MANAGER.associate(any())).willReturn(mockDiscoveryInformation);
+		given(OpenIdAttributesInLambdaConfig.CONSUMER_MANAGER.authenticate(any(DiscoveryInformation.class), any(),
+				any())).willReturn(mockAuthRequest);
 		this.spring.register(OpenIdAttributesInLambdaConfig.class).autowire();
 
 		try (MockWebServer server = new MockWebServer()) {
@@ -142,10 +142,10 @@ public class OpenIDLoginConfigurerTests {
 		OpenIdAttributesNullNameConfig.CONSUMER_MANAGER = mock(ConsumerManager.class);
 		AuthRequest mockAuthRequest = mock(AuthRequest.class);
 		DiscoveryInformation mockDiscoveryInformation = mock(DiscoveryInformation.class);
-		when(mockAuthRequest.getDestinationUrl(anyBoolean())).thenReturn("mockUrl");
-		when(OpenIdAttributesNullNameConfig.CONSUMER_MANAGER.associate(any())).thenReturn(mockDiscoveryInformation);
-		when(OpenIdAttributesNullNameConfig.CONSUMER_MANAGER.authenticate(any(DiscoveryInformation.class), any(),
-				any())).thenReturn(mockAuthRequest);
+		given(mockAuthRequest.getDestinationUrl(anyBoolean())).willReturn("mockUrl");
+		given(OpenIdAttributesNullNameConfig.CONSUMER_MANAGER.associate(any())).willReturn(mockDiscoveryInformation);
+		given(OpenIdAttributesNullNameConfig.CONSUMER_MANAGER.authenticate(any(DiscoveryInformation.class), any(),
+				any())).willReturn(mockAuthRequest);
 		this.spring.register(OpenIdAttributesNullNameConfig.class).autowire();
 
 		try (MockWebServer server = new MockWebServer()) {
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurerTests.java
index d387b12037..b70773de04 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurerTests.java
@@ -85,9 +85,9 @@ import static java.nio.charset.StandardCharsets.UTF_8;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyString;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 import static org.springframework.security.config.Customizer.withDefaults;
 import static org.springframework.security.saml2.core.TestSaml2X509Credentials.relyingPartyVerifyingCredential;
 import static org.springframework.security.saml2.provider.service.authentication.TestSaml2AuthenticationRequestContexts.authenticationRequestContext;
@@ -173,7 +173,7 @@ public class Saml2LoginConfigurerTests {
 
 		Saml2AuthenticationRequestContext context = authenticationRequestContext().build();
 		Saml2AuthenticationRequestContextResolver resolver = CustomAuthenticationRequestContextResolver.resolver;
-		when(resolver.resolve(any(HttpServletRequest.class))).thenReturn(context);
+		given(resolver.resolve(any(HttpServletRequest.class))).willReturn(context);
 		this.mvc.perform(get("/saml2/authenticate/registration-id")).andExpect(status().isFound());
 		verify(resolver).resolve(any(HttpServletRequest.class));
 	}
@@ -198,8 +198,8 @@ public class Saml2LoginConfigurerTests {
 						party -> party.verificationX509Credentials(c -> c.add(relyingPartyVerifyingCredential())))
 				.build();
 		String response = new String(samlDecode(SIGNED_RESPONSE));
-		when(CustomAuthenticationConverter.authenticationConverter.convert(any(HttpServletRequest.class)))
-				.thenReturn(new Saml2AuthenticationToken(relyingPartyRegistration, response));
+		given(CustomAuthenticationConverter.authenticationConverter.convert(any(HttpServletRequest.class)))
+				.willReturn(new Saml2AuthenticationToken(relyingPartyRegistration, response));
 		this.mvc.perform(post("/login/saml2/sso/" + relyingPartyRegistration.getRegistrationId()).param("SAMLResponse",
 				SIGNED_RESPONSE)).andExpect(redirectedUrl("/"));
 		verify(CustomAuthenticationConverter.authenticationConverter).convert(any(HttpServletRequest.class));
@@ -387,7 +387,7 @@ public class Saml2LoginConfigurerTests {
 		@Bean
 		RelyingPartyRegistrationRepository relyingPartyRegistrationRepository() {
 			RelyingPartyRegistrationRepository repository = mock(RelyingPartyRegistrationRepository.class);
-			when(repository.findByRegistrationId(anyString())).thenReturn(relyingPartyRegistration().build());
+			given(repository.findByRegistrationId(anyString())).willReturn(relyingPartyRegistration().build());
 			return repository;
 		}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistryTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistryTests.java
index 76fd74d14b..06208c6364 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistryTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistryTests.java
@@ -33,7 +33,7 @@ import org.springframework.security.messaging.util.matcher.MessageMatcher;
 import org.springframework.util.AntPathMatcher;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.Mockito.when;
+import static org.mockito.BDDMockito.given;
 
 @RunWith(MockitoJUnitRunner.class)
 public class MessageSecurityMetadataSourceRegistryTests {
@@ -100,7 +100,7 @@ public class MessageSecurityMetadataSourceRegistryTests {
 
 	@Test
 	public void matchersTrue() {
-		when(this.matcher.matches(this.message)).thenReturn(true);
+		given(this.matcher.matches(this.message)).willReturn(true);
 		this.messages.matchers(this.matcher).permitAll();
 
 		assertThat(getAttribute()).isEqualTo("permitAll");
diff --git a/config/src/test/java/org/springframework/security/config/authentication/AuthenticationConfigurationGh3935Tests.java b/config/src/test/java/org/springframework/security/config/authentication/AuthenticationConfigurationGh3935Tests.java
index 95006401b7..c1a5d9125e 100644
--- a/config/src/test/java/org/springframework/security/config/authentication/AuthenticationConfigurationGh3935Tests.java
+++ b/config/src/test/java/org/springframework/security/config/authentication/AuthenticationConfigurationGh3935Tests.java
@@ -38,9 +38,9 @@ import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 
 /**
  * @author Rob Winch
@@ -68,7 +68,7 @@ public class AuthenticationConfigurationGh3935Tests {
 	public void delegateUsesExisitingAuthentication() {
 		String username = "user";
 		String password = "password";
-		when(this.uds.loadUserByUsername(username)).thenReturn(PasswordEncodedUser.user());
+		given(this.uds.loadUserByUsername(username)).willReturn(PasswordEncodedUser.user());
 
 		AuthenticationManager authenticationManager = this.adapter.authenticationManager;
 		assertThat(authenticationManager).isNotNull();
diff --git a/config/src/test/java/org/springframework/security/config/http/CsrfConfigTests.java b/config/src/test/java/org/springframework/security/config/http/CsrfConfigTests.java
index edff3fe164..2801c4e593 100644
--- a/config/src/test/java/org/springframework/security/config/http/CsrfConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/CsrfConfigTests.java
@@ -55,7 +55,7 @@ import org.springframework.web.servlet.support.RequestDataValueProcessor;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.Mockito.when;
+import static org.mockito.BDDMockito.given;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf;
 import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.springSecurity;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.delete;
@@ -318,11 +318,11 @@ public class CsrfConfigTests {
 		context.autowire();
 
 		RequestMatcher matcher = context.getContext().getBean(RequestMatcher.class);
-		when(matcher.matches(any(HttpServletRequest.class))).thenReturn(false);
+		given(matcher.matches(any(HttpServletRequest.class))).willReturn(false);
 
 		this.mvc.perform(post("/ok")).andExpect(status().isOk());
 
-		when(matcher.matches(any(HttpServletRequest.class))).thenReturn(true);
+		given(matcher.matches(any(HttpServletRequest.class))).willReturn(true);
 
 		this.mvc.perform(get("/ok")).andExpect(status().isForbidden());
 	}
diff --git a/config/src/test/java/org/springframework/security/config/http/DefaultFilterChainValidatorTests.java b/config/src/test/java/org/springframework/security/config/http/DefaultFilterChainValidatorTests.java
index c2795425e7..016c20c74a 100644
--- a/config/src/test/java/org/springframework/security/config/http/DefaultFilterChainValidatorTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/DefaultFilterChainValidatorTests.java
@@ -40,7 +40,7 @@ import org.springframework.test.util.ReflectionTestUtils;
 
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyObject;
-import static org.mockito.Mockito.doThrow;
+import static org.mockito.BDDMockito.willThrow;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
 
@@ -86,7 +86,7 @@ public class DefaultFilterChainValidatorTests {
 	@Test
 	public void validateCheckLoginPageIsntProtectedThrowsIllegalArgumentException() {
 		IllegalArgumentException toBeThrown = new IllegalArgumentException("failed to eval expression");
-		doThrow(toBeThrown).when(this.accessDecisionManager).decide(any(Authentication.class), anyObject(),
+		willThrow(toBeThrown).given(this.accessDecisionManager).decide(any(Authentication.class), anyObject(),
 				any(Collection.class));
 		this.validator.validate(this.fcp);
 		verify(this.logger).info(
diff --git a/config/src/test/java/org/springframework/security/config/http/InterceptUrlConfigTests.java b/config/src/test/java/org/springframework/security/config/http/InterceptUrlConfigTests.java
index 565bea71d1..e21bf32cab 100644
--- a/config/src/test/java/org/springframework/security/config/http/InterceptUrlConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/InterceptUrlConfigTests.java
@@ -35,9 +35,9 @@ import org.springframework.web.bind.annotation.RestController;
 import org.springframework.web.context.ConfigurableWebApplicationContext;
 
 import static org.assertj.core.api.Assertions.assertThatCode;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.spy;
-import static org.mockito.Mockito.when;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.httpBasic;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.patch;
@@ -212,10 +212,10 @@ public class InterceptUrlConfigTests {
 	private MockServletContext mockServletContext(String servletPath) {
 		MockServletContext servletContext = spy(new MockServletContext());
 		final ServletRegistration registration = mock(ServletRegistration.class);
-		when(registration.getMappings()).thenReturn(Collections.singleton(servletPath));
+		given(registration.getMappings()).willReturn(Collections.singleton(servletPath));
 		Answer<Map<String, ? extends ServletRegistration>> answer = invocation -> Collections.singletonMap("spring",
 				registration);
-		when(servletContext.getServletRegistrations()).thenAnswer(answer);
+		given(servletContext.getServletRegistrations()).willAnswer(answer);
 		return servletContext;
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/http/MiscHttpConfigTests.java b/config/src/test/java/org/springframework/security/config/http/MiscHttpConfigTests.java
index 604880a82a..c3b59f29fc 100644
--- a/config/src/test/java/org/springframework/security/config/http/MiscHttpConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/MiscHttpConfigTests.java
@@ -112,11 +112,11 @@ import org.springframework.web.context.support.XmlWebApplicationContext;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatCode;
 import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.BDDMockito.given;
+import static org.mockito.BDDMockito.willAnswer;
 import static org.mockito.Mockito.atLeastOnce;
-import static org.mockito.Mockito.doAnswer;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.httpBasic;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.x509;
@@ -451,7 +451,7 @@ public class MiscHttpConfigTests {
 
 		SecurityContextRepository repository = this.spring.getContext().getBean(SecurityContextRepository.class);
 		SecurityContext context = new SecurityContextImpl(new TestingAuthenticationToken("user", "password"));
-		when(repository.loadContext(any(HttpRequestResponseHolder.class))).thenReturn(context);
+		given(repository.loadContext(any(HttpRequestResponseHolder.class))).willReturn(context);
 
 		MvcResult result = this.mvc.perform(get("/protected").with(httpBasic("user", "password")))
 				.andExpect(status().isOk()).andReturn();
@@ -479,8 +479,8 @@ public class MiscHttpConfigTests {
 		this.spring.configLocations(xml("ExpressionHandler")).autowire();
 
 		PermissionEvaluator permissionEvaluator = this.spring.getContext().getBean(PermissionEvaluator.class);
-		when(permissionEvaluator.hasPermission(any(Authentication.class), any(Object.class), any(Object.class)))
-				.thenReturn(false);
+		given(permissionEvaluator.hasPermission(any(Authentication.class), any(Object.class), any(Object.class)))
+				.willReturn(false);
 
 		this.mvc.perform(get("/").with(httpBasic("user", "password"))).andExpect(status().isForbidden());
 
@@ -585,7 +585,7 @@ public class MiscHttpConfigTests {
 		this.spring.configLocations(xml("JeeFilter")).autowire();
 
 		Principal user = mock(Principal.class);
-		when(user.getName()).thenReturn("joe");
+		given(user.getName()).willReturn("joe");
 
 		this.mvc.perform(get("/roles").principal(user).with(request -> {
 			request.addUserRole("admin");
@@ -603,7 +603,7 @@ public class MiscHttpConfigTests {
 
 		Object details = mock(Object.class);
 		AuthenticationDetailsSource source = this.spring.getContext().getBean(AuthenticationDetailsSource.class);
-		when(source.buildDetails(any(Object.class))).thenReturn(details);
+		given(source.buildDetails(any(Object.class))).willReturn(details);
 
 		this.mvc.perform(get("/details").with(httpBasic("user", "password")))
 				.andExpect(content().string(details.getClass().getName()));
@@ -627,7 +627,7 @@ public class MiscHttpConfigTests {
 		this.spring.configLocations(xml("Jaas")).autowire();
 
 		AuthorityGranter granter = this.spring.getContext().getBean(AuthorityGranter.class);
-		when(granter.grant(any(Principal.class))).thenReturn(new HashSet<>(Arrays.asList("USER")));
+		given(granter.grant(any(Principal.class))).willReturn(new HashSet<>(Arrays.asList("USER")));
 
 		this.mvc.perform(get("/username").with(httpBasic("user", "password"))).andExpect(content().string("user"));
 	}
@@ -644,8 +644,8 @@ public class MiscHttpConfigTests {
 		HttpServletResponse response = new MockHttpServletResponse();
 
 		HttpFirewall firewall = this.spring.getContext().getBean(HttpFirewall.class);
-		when(firewall.getFirewalledRequest(any(HttpServletRequest.class))).thenReturn(request);
-		when(firewall.getFirewalledResponse(any(HttpServletResponse.class))).thenReturn(response);
+		given(firewall.getFirewalledRequest(any(HttpServletRequest.class))).willReturn(request);
+		given(firewall.getFirewalledResponse(any(HttpServletResponse.class))).willReturn(response);
 		this.mvc.perform(get("/unprotected"));
 
 		verify(firewall).getFirewalledRequest(any(HttpServletRequest.class));
@@ -661,7 +661,7 @@ public class MiscHttpConfigTests {
 		RequestRejectedException rejected = new RequestRejectedException("failed");
 		HttpFirewall firewall = this.spring.getContext().getBean(HttpFirewall.class);
 		RequestRejectedHandler requestRejectedHandler = this.spring.getContext().getBean(RequestRejectedHandler.class);
-		when(firewall.getFirewalledRequest(any(HttpServletRequest.class))).thenThrow(rejected);
+		given(firewall.getFirewalledRequest(any(HttpServletRequest.class))).willThrow(rejected);
 		this.mvc.perform(get("/unprotected"));
 
 		verify(requestRejectedHandler).handle(any(), any(), any());
@@ -697,8 +697,8 @@ public class MiscHttpConfigTests {
 	private void redirectLogsTo(OutputStream os, Class<?> clazz) {
 		Logger logger = (Logger) LoggerFactory.getLogger(clazz);
 		Appender<ILoggingEvent> appender = mock(Appender.class);
-		when(appender.isStarted()).thenReturn(true);
-		doAnswer(writeTo(os)).when(appender).doAppend(any(ILoggingEvent.class));
+		given(appender.isStarted()).willReturn(true);
+		willAnswer(writeTo(os)).given(appender).doAppend(any(ILoggingEvent.class));
 		logger.addAppender(appender);
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserTests.java
index 5d9be3a411..7b86dd796a 100644
--- a/config/src/test/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserTests.java
@@ -53,8 +53,8 @@ import org.springframework.web.bind.annotation.RestController;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 import static org.springframework.security.oauth2.core.endpoint.TestOAuth2AccessTokenResponses.accessTokenResponse;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content;
@@ -114,7 +114,7 @@ public class OAuth2ClientBeanDefinitionParserTests {
 		ClientRegistration clientRegistration = CommonOAuth2Provider.GOOGLE.getBuilder("google")
 				.clientId("google-client-id").clientSecret("google-client-secret")
 				.redirectUri("http://localhost/callback/google").scope("scope1", "scope2").build();
-		when(this.clientRegistrationRepository.findByRegistrationId(any())).thenReturn(clientRegistration);
+		given(this.clientRegistrationRepository.findByRegistrationId(any())).willReturn(clientRegistration);
 
 		MvcResult result = this.mvc.perform(get("/oauth2/authorization/google")).andExpect(status().is3xxRedirection())
 				.andReturn();
@@ -132,7 +132,7 @@ public class OAuth2ClientBeanDefinitionParserTests {
 		ClientRegistration clientRegistration = this.clientRegistrationRepository.findByRegistrationId("google");
 
 		OAuth2AuthorizationRequest authorizationRequest = createAuthorizationRequest(clientRegistration);
-		when(this.authorizationRequestResolver.resolve(any())).thenReturn(authorizationRequest);
+		given(this.authorizationRequestResolver.resolve(any())).willReturn(authorizationRequest);
 
 		this.mvc.perform(get("/oauth2/authorization/google")).andExpect(status().is3xxRedirection())
 				.andExpect(redirectedUrl("https://accounts.google.com/o/oauth2/v2/auth?"
@@ -149,12 +149,12 @@ public class OAuth2ClientBeanDefinitionParserTests {
 		ClientRegistration clientRegistration = this.clientRegistrationRepository.findByRegistrationId("google");
 
 		OAuth2AuthorizationRequest authorizationRequest = createAuthorizationRequest(clientRegistration);
-		when(this.authorizationRequestRepository.loadAuthorizationRequest(any())).thenReturn(authorizationRequest);
-		when(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any()))
-				.thenReturn(authorizationRequest);
+		given(this.authorizationRequestRepository.loadAuthorizationRequest(any())).willReturn(authorizationRequest);
+		given(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any()))
+				.willReturn(authorizationRequest);
 
 		OAuth2AccessTokenResponse accessTokenResponse = accessTokenResponse().build();
-		when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(accessTokenResponse);
+		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse);
 
 		MultiValueMap<String, String> params = new LinkedMultiValueMap<>();
 		params.add("code", "code123");
@@ -179,12 +179,12 @@ public class OAuth2ClientBeanDefinitionParserTests {
 		ClientRegistration clientRegistration = this.clientRegistrationRepository.findByRegistrationId("google");
 
 		OAuth2AuthorizationRequest authorizationRequest = createAuthorizationRequest(clientRegistration);
-		when(this.authorizationRequestRepository.loadAuthorizationRequest(any())).thenReturn(authorizationRequest);
-		when(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any()))
-				.thenReturn(authorizationRequest);
+		given(this.authorizationRequestRepository.loadAuthorizationRequest(any())).willReturn(authorizationRequest);
+		given(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any()))
+				.willReturn(authorizationRequest);
 
 		OAuth2AccessTokenResponse accessTokenResponse = accessTokenResponse().build();
-		when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(accessTokenResponse);
+		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse);
 
 		MultiValueMap<String, String> params = new LinkedMultiValueMap<>();
 		params.add("code", "code123");
@@ -204,7 +204,7 @@ public class OAuth2ClientBeanDefinitionParserTests {
 
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(clientRegistration, "user",
 				TestOAuth2AccessTokens.noScopes());
-		when(this.authorizedClientRepository.loadAuthorizedClient(any(), any(), any())).thenReturn(authorizedClient);
+		given(this.authorizedClientRepository.loadAuthorizedClient(any(), any(), any())).willReturn(authorizedClient);
 
 		this.mvc.perform(get("/authorized-client")).andExpect(status().isOk()).andExpect(content().string("resolved"));
 	}
diff --git a/config/src/test/java/org/springframework/security/config/http/OAuth2LoginBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/http/OAuth2LoginBeanDefinitionParserTests.java
index 6f5608d751..b2162505f5 100644
--- a/config/src/test/java/org/springframework/security/config/http/OAuth2LoginBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/OAuth2LoginBeanDefinitionParserTests.java
@@ -75,9 +75,9 @@ import org.springframework.web.bind.annotation.RestController;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 import static org.springframework.security.oauth2.core.endpoint.TestOAuth2AccessTokenResponses.accessTokenResponse;
 import static org.springframework.security.oauth2.core.endpoint.TestOAuth2AccessTokenResponses.oidcAccessTokenResponse;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
@@ -211,14 +211,14 @@ public class OAuth2LoginBeanDefinitionParserTests {
 		attributes.put(OAuth2ParameterNames.REGISTRATION_ID, "github-login");
 		OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request()
 				.attributes(attributes).build();
-		when(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any()))
-				.thenReturn(authorizationRequest);
+		given(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any()))
+				.willReturn(authorizationRequest);
 
 		OAuth2AccessTokenResponse accessTokenResponse = accessTokenResponse().build();
-		when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(accessTokenResponse);
+		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse);
 
 		OAuth2User oauth2User = TestOAuth2Users.create();
-		when(this.oauth2UserService.loadUser(any())).thenReturn(oauth2User);
+		given(this.oauth2UserService.loadUser(any())).willReturn(oauth2User);
 
 		MultiValueMap<String, String> params = new LinkedMultiValueMap<>();
 		params.add("code", "code123");
@@ -240,14 +240,14 @@ public class OAuth2LoginBeanDefinitionParserTests {
 		attributes.put(OAuth2ParameterNames.REGISTRATION_ID, "github-login");
 		OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request()
 				.attributes(attributes).build();
-		when(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any()))
-				.thenReturn(authorizationRequest);
+		given(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any()))
+				.willReturn(authorizationRequest);
 
 		OAuth2AccessTokenResponse accessTokenResponse = accessTokenResponse().build();
-		when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(accessTokenResponse);
+		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse);
 
 		OAuth2User oauth2User = TestOAuth2Users.create();
-		when(this.oauth2UserService.loadUser(any())).thenReturn(oauth2User);
+		given(this.oauth2UserService.loadUser(any())).willReturn(oauth2User);
 
 		MultiValueMap<String, String> params = new LinkedMultiValueMap<>();
 		params.add("code", "code123");
@@ -266,14 +266,14 @@ public class OAuth2LoginBeanDefinitionParserTests {
 		attributes.put(OAuth2ParameterNames.REGISTRATION_ID, "google-login");
 		OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.oidcRequest()
 				.attributes(attributes).build();
-		when(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any()))
-				.thenReturn(authorizationRequest);
+		given(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any()))
+				.willReturn(authorizationRequest);
 
 		OAuth2AccessTokenResponse accessTokenResponse = oidcAccessTokenResponse().build();
-		when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(accessTokenResponse);
+		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse);
 
 		Jwt jwt = TestJwts.user();
-		when(this.jwtDecoderFactory.createDecoder(any())).thenReturn(token -> jwt);
+		given(this.jwtDecoderFactory.createDecoder(any())).willReturn(token -> jwt);
 
 		MultiValueMap<String, String> params = new LinkedMultiValueMap<>();
 		params.add("code", "code123");
@@ -294,17 +294,17 @@ public class OAuth2LoginBeanDefinitionParserTests {
 		attributes.put(OAuth2ParameterNames.REGISTRATION_ID, "github-login");
 		OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request()
 				.attributes(attributes).build();
-		when(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any()))
-				.thenReturn(authorizationRequest);
+		given(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any()))
+				.willReturn(authorizationRequest);
 
 		OAuth2AccessTokenResponse accessTokenResponse = accessTokenResponse().build();
-		when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(accessTokenResponse);
+		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse);
 
 		OAuth2User oauth2User = TestOAuth2Users.create();
-		when(this.oauth2UserService.loadUser(any())).thenReturn(oauth2User);
+		given(this.oauth2UserService.loadUser(any())).willReturn(oauth2User);
 
-		when(this.userAuthoritiesMapper.mapAuthorities(any()))
-				.thenReturn((Collection) AuthorityUtils.createAuthorityList("ROLE_OAUTH2_USER"));
+		given(this.userAuthoritiesMapper.mapAuthorities(any()))
+				.willReturn((Collection) AuthorityUtils.createAuthorityList("ROLE_OAUTH2_USER"));
 
 		MultiValueMap<String, String> params = new LinkedMultiValueMap<>();
 		params.add("code", "code123");
@@ -323,17 +323,17 @@ public class OAuth2LoginBeanDefinitionParserTests {
 		attributes = new HashMap<>();
 		attributes.put(OAuth2ParameterNames.REGISTRATION_ID, "google-login");
 		authorizationRequest = TestOAuth2AuthorizationRequests.oidcRequest().attributes(attributes).build();
-		when(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any()))
-				.thenReturn(authorizationRequest);
+		given(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any()))
+				.willReturn(authorizationRequest);
 
 		accessTokenResponse = oidcAccessTokenResponse().build();
-		when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(accessTokenResponse);
+		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse);
 
 		Jwt jwt = TestJwts.user();
-		when(this.jwtDecoderFactory.createDecoder(any())).thenReturn(token -> jwt);
+		given(this.jwtDecoderFactory.createDecoder(any())).willReturn(token -> jwt);
 
-		when(this.userAuthoritiesMapper.mapAuthorities(any()))
-				.thenReturn((Collection) AuthorityUtils.createAuthorityList("ROLE_OIDC_USER"));
+		given(this.userAuthoritiesMapper.mapAuthorities(any()))
+				.willReturn((Collection) AuthorityUtils.createAuthorityList("ROLE_OIDC_USER"));
 
 		this.mvc.perform(get("/login/oauth2/code/google-login").params(params)).andExpect(status().is2xxSuccessful());
 
@@ -356,14 +356,14 @@ public class OAuth2LoginBeanDefinitionParserTests {
 		attributes.put(OAuth2ParameterNames.REGISTRATION_ID, "github-login");
 		OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request()
 				.attributes(attributes).build();
-		when(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any()))
-				.thenReturn(authorizationRequest);
+		given(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any()))
+				.willReturn(authorizationRequest);
 
 		OAuth2AccessTokenResponse accessTokenResponse = accessTokenResponse().build();
-		when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(accessTokenResponse);
+		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse);
 
 		OAuth2User oauth2User = TestOAuth2Users.create();
-		when(this.oauth2UserService.loadUser(any())).thenReturn(oauth2User);
+		given(this.oauth2UserService.loadUser(any())).willReturn(oauth2User);
 
 		MultiValueMap<String, String> params = new LinkedMultiValueMap<>();
 		params.add("code", "code123");
@@ -419,20 +419,20 @@ public class OAuth2LoginBeanDefinitionParserTests {
 		this.spring.configLocations(this.xml("WithCustomClientRegistrationRepository")).autowire();
 
 		ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build();
-		when(this.clientRegistrationRepository.findByRegistrationId(any())).thenReturn(clientRegistration);
+		given(this.clientRegistrationRepository.findByRegistrationId(any())).willReturn(clientRegistration);
 
 		Map<String, Object> attributes = new HashMap<>();
 		attributes.put(OAuth2ParameterNames.REGISTRATION_ID, clientRegistration.getRegistrationId());
 		OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request()
 				.attributes(attributes).build();
-		when(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any()))
-				.thenReturn(authorizationRequest);
+		given(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any()))
+				.willReturn(authorizationRequest);
 
 		OAuth2AccessTokenResponse accessTokenResponse = accessTokenResponse().build();
-		when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(accessTokenResponse);
+		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse);
 
 		OAuth2User oauth2User = TestOAuth2Users.create();
-		when(this.oauth2UserService.loadUser(any())).thenReturn(oauth2User);
+		given(this.oauth2UserService.loadUser(any())).willReturn(oauth2User);
 
 		MultiValueMap<String, String> params = new LinkedMultiValueMap<>();
 		params.add("code", "code123");
@@ -447,20 +447,20 @@ public class OAuth2LoginBeanDefinitionParserTests {
 		this.spring.configLocations(this.xml("WithCustomAuthorizedClientRepository")).autowire();
 
 		ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build();
-		when(this.clientRegistrationRepository.findByRegistrationId(any())).thenReturn(clientRegistration);
+		given(this.clientRegistrationRepository.findByRegistrationId(any())).willReturn(clientRegistration);
 
 		Map<String, Object> attributes = new HashMap<>();
 		attributes.put(OAuth2ParameterNames.REGISTRATION_ID, clientRegistration.getRegistrationId());
 		OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request()
 				.attributes(attributes).build();
-		when(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any()))
-				.thenReturn(authorizationRequest);
+		given(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any()))
+				.willReturn(authorizationRequest);
 
 		OAuth2AccessTokenResponse accessTokenResponse = accessTokenResponse().build();
-		when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(accessTokenResponse);
+		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse);
 
 		OAuth2User oauth2User = TestOAuth2Users.create();
-		when(this.oauth2UserService.loadUser(any())).thenReturn(oauth2User);
+		given(this.oauth2UserService.loadUser(any())).willReturn(oauth2User);
 
 		MultiValueMap<String, String> params = new LinkedMultiValueMap<>();
 		params.add("code", "code123");
@@ -475,20 +475,20 @@ public class OAuth2LoginBeanDefinitionParserTests {
 		this.spring.configLocations(this.xml("WithCustomAuthorizedClientService")).autowire();
 
 		ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build();
-		when(this.clientRegistrationRepository.findByRegistrationId(any())).thenReturn(clientRegistration);
+		given(this.clientRegistrationRepository.findByRegistrationId(any())).willReturn(clientRegistration);
 
 		Map<String, Object> attributes = new HashMap<>();
 		attributes.put(OAuth2ParameterNames.REGISTRATION_ID, clientRegistration.getRegistrationId());
 		OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request()
 				.attributes(attributes).build();
-		when(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any()))
-				.thenReturn(authorizationRequest);
+		given(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any()))
+				.willReturn(authorizationRequest);
 
 		OAuth2AccessTokenResponse accessTokenResponse = accessTokenResponse().build();
-		when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(accessTokenResponse);
+		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse);
 
 		OAuth2User oauth2User = TestOAuth2Users.create();
-		when(this.oauth2UserService.loadUser(any())).thenReturn(oauth2User);
+		given(this.oauth2UserService.loadUser(any())).willReturn(oauth2User);
 
 		MultiValueMap<String, String> params = new LinkedMultiValueMap<>();
 		params.add("code", "code123");
@@ -507,7 +507,7 @@ public class OAuth2LoginBeanDefinitionParserTests {
 
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(clientRegistration, "user",
 				TestOAuth2AccessTokens.noScopes());
-		when(this.authorizedClientRepository.loadAuthorizedClient(any(), any(), any())).thenReturn(authorizedClient);
+		given(this.authorizedClientRepository.loadAuthorizedClient(any(), any(), any())).willReturn(authorizedClient);
 
 		this.mvc.perform(get("/authorized-client")).andExpect(status().isOk()).andExpect(content().string("resolved"));
 	}
diff --git a/config/src/test/java/org/springframework/security/config/http/OpenIDConfigTests.java b/config/src/test/java/org/springframework/security/config/http/OpenIDConfigTests.java
index 886be53bb5..04e92bdc43 100644
--- a/config/src/test/java/org/springframework/security/config/http/OpenIDConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/OpenIDConfigTests.java
@@ -46,8 +46,8 @@ import static org.assertj.core.api.Assertions.assertThatCode;
 import static org.hamcrest.CoreMatchers.containsString;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyString;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
 import static org.openid4java.discovery.yadis.YadisResolver.YADIS_XRDS_LOCATION;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content;
@@ -116,8 +116,8 @@ public class OpenIDConfigTests {
 		openIDFilter.setReturnToUrlParameters(returnToUrlParameters);
 
 		OpenIDConsumer consumer = mock(OpenIDConsumer.class);
-		when(consumer.beginConsumption(any(HttpServletRequest.class), anyString(), anyString(), anyString()))
-				.then(invocation -> openIdEndpointUrl + invocation.getArgument(2));
+		given(consumer.beginConsumption(any(HttpServletRequest.class), anyString(), anyString(), anyString()))
+				.will(invocation -> openIdEndpointUrl + invocation.getArgument(2));
 		openIDFilter.setConsumer(consumer);
 
 		String expectedReturnTo = new StringBuilder("http://localhost/login/openid").append("?")
diff --git a/config/src/test/java/org/springframework/security/config/http/RememberMeConfigTests.java b/config/src/test/java/org/springframework/security/config/http/RememberMeConfigTests.java
index 8f8731f10e..ea8243372a 100644
--- a/config/src/test/java/org/springframework/security/config/http/RememberMeConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/RememberMeConfigTests.java
@@ -39,9 +39,9 @@ import org.springframework.web.bind.annotation.RestController;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatCode;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.atLeastOnce;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf;
 import static org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices.DEFAULT_PARAMETER;
 import static org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY;
@@ -228,8 +228,8 @@ public class RememberMeConfigTests {
 		this.spring.configLocations(this.xml("WithUserDetailsService")).autowire();
 
 		UserDetailsService userDetailsService = this.spring.getContext().getBean(UserDetailsService.class);
-		when(userDetailsService.loadUserByUsername("user"))
-				.thenAnswer((invocation) -> new User("user", "{noop}password", Collections.emptyList()));
+		given(userDetailsService.loadUserByUsername("user"))
+				.willAnswer((invocation) -> new User("user", "{noop}password", Collections.emptyList()));
 
 		MvcResult result = this.rememberAuthentication("user", "password").andReturn();
 
diff --git a/config/src/test/java/org/springframework/security/config/web/server/CorsSpecTests.java b/config/src/test/java/org/springframework/security/config/web/server/CorsSpecTests.java
index df1cd46980..6407d13d9a 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/CorsSpecTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/CorsSpecTests.java
@@ -39,7 +39,7 @@ import org.springframework.web.cors.reactive.CorsConfigurationSource;
 
 import static org.assertj.core.api.AssertionsForInterfaceTypes.assertThat;
 import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.Mockito.when;
+import static org.mockito.BDDMockito.given;
 
 /**
  * @author Rob Winch
@@ -65,7 +65,7 @@ public class CorsSpecTests {
 		this.http = new TestingServerHttpSecurity().applicationContext(this.context);
 		CorsConfiguration value = new CorsConfiguration();
 		value.setAllowedOrigins(Arrays.asList("*"));
-		when(this.source.getCorsConfiguration(any())).thenReturn(value);
+		given(this.source.getCorsConfiguration(any())).willReturn(value);
 	}
 
 	@Test
@@ -86,9 +86,9 @@ public class CorsSpecTests {
 
 	@Test
 	public void corsWhenCorsConfigurationSourceBeanThenAccessControlAllowOriginAndSecurityHeaders() {
-		when(this.context.getBeanNamesForType(any(ResolvableType.class))).thenReturn(new String[] { "source" },
+		given(this.context.getBeanNamesForType(any(ResolvableType.class))).willReturn(new String[] { "source" },
 				new String[0]);
-		when(this.context.getBean("source")).thenReturn(this.source);
+		given(this.context.getBean("source")).willReturn(this.source);
 		this.expectedHeaders.set("Access-Control-Allow-Origin", "*");
 		this.expectedHeaders.set("X-Frame-Options", "DENY");
 		assertHeaders();
@@ -96,7 +96,7 @@ public class CorsSpecTests {
 
 	@Test
 	public void corsWhenNoConfigurationSourceThenNoCorsHeaders() {
-		when(this.context.getBeanNamesForType(any(ResolvableType.class))).thenReturn(new String[0]);
+		given(this.context.getBeanNamesForType(any(ResolvableType.class))).willReturn(new String[0]);
 		this.headerNamesNotPresent.add("Access-Control-Allow-Origin");
 		assertHeaders();
 	}
diff --git a/config/src/test/java/org/springframework/security/config/web/server/HttpsRedirectSpecTests.java b/config/src/test/java/org/springframework/security/config/web/server/HttpsRedirectSpecTests.java
index f935125a03..71583b5a6c 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/HttpsRedirectSpecTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/HttpsRedirectSpecTests.java
@@ -31,8 +31,8 @@ import org.springframework.security.web.server.util.matcher.PathPatternParserSer
 import org.springframework.test.web.reactive.server.WebTestClient;
 import org.springframework.web.reactive.config.EnableWebFlux;
 
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
 import static org.springframework.security.config.Customizer.withDefaults;
 
 /**
@@ -100,7 +100,7 @@ public class HttpsRedirectSpecTests {
 		this.spring.register(RedirectToHttpsViaCustomPortsConfig.class).autowire();
 
 		PortMapper portMapper = this.spring.getContext().getBean(PortMapper.class);
-		when(portMapper.lookupHttpsPort(4080)).thenReturn(4443);
+		given(portMapper.lookupHttpsPort(4080)).willReturn(4443);
 
 		this.client.get().uri("http://localhost:4080").exchange().expectStatus().isFound().expectHeader()
 				.valueEquals(HttpHeaders.LOCATION, "https://localhost:4443");
@@ -111,7 +111,7 @@ public class HttpsRedirectSpecTests {
 		this.spring.register(RedirectToHttpsViaCustomPortsInLambdaConfig.class).autowire();
 
 		PortMapper portMapper = this.spring.getContext().getBean(PortMapper.class);
-		when(portMapper.lookupHttpsPort(4080)).thenReturn(4443);
+		given(portMapper.lookupHttpsPort(4080)).willReturn(4443);
 
 		this.client.get().uri("http://localhost:4080").exchange().expectStatus().isFound().expectHeader()
 				.valueEquals(HttpHeaders.LOCATION, "https://localhost:4443");
diff --git a/config/src/test/java/org/springframework/security/config/web/server/OAuth2ClientSpecTests.java b/config/src/test/java/org/springframework/security/config/web/server/OAuth2ClientSpecTests.java
index ea814e54fc..cf7ef9d962 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/OAuth2ClientSpecTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/OAuth2ClientSpecTests.java
@@ -60,9 +60,9 @@ import org.springframework.web.bind.annotation.RestController;
 import org.springframework.web.reactive.config.EnableWebFlux;
 
 import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 
 /**
  * @author Rob Winch
@@ -93,9 +93,9 @@ public class OAuth2ClientSpecTests {
 				.getBean(ReactiveClientRegistrationRepository.class);
 		ServerOAuth2AuthorizedClientRepository authorizedClientRepository = this.spring.getContext()
 				.getBean(ServerOAuth2AuthorizedClientRepository.class);
-		when(repository.findByRegistrationId(any()))
-				.thenReturn(Mono.just(TestClientRegistrations.clientRegistration().build()));
-		when(authorizedClientRepository.loadAuthorizedClient(any(), any(), any())).thenReturn(Mono.empty());
+		given(repository.findByRegistrationId(any()))
+				.willReturn(Mono.just(TestClientRegistrations.clientRegistration().build()));
+		given(authorizedClientRepository.loadAuthorizedClient(any(), any(), any())).willReturn(Mono.empty());
 
 		this.client.get().uri("/").exchange().expectStatus().is3xxRedirection();
 	}
@@ -107,9 +107,9 @@ public class OAuth2ClientSpecTests {
 				.getBean(ReactiveClientRegistrationRepository.class);
 		ServerOAuth2AuthorizedClientRepository authorizedClientRepository = this.spring.getContext()
 				.getBean(ServerOAuth2AuthorizedClientRepository.class);
-		when(repository.findByRegistrationId(any()))
-				.thenReturn(Mono.just(TestClientRegistrations.clientRegistration().build()));
-		when(authorizedClientRepository.loadAuthorizedClient(any(), any(), any())).thenReturn(Mono.empty());
+		given(repository.findByRegistrationId(any()))
+				.willReturn(Mono.just(TestClientRegistrations.clientRegistration().build()));
+		given(authorizedClientRepository.loadAuthorizedClient(any(), any(), any())).willReturn(Mono.empty());
 
 		this.client.get().uri("/").exchange().expectStatus().is3xxRedirection();
 	}
@@ -137,11 +137,11 @@ public class OAuth2ClientSpecTests {
 		OAuth2AuthorizationCodeAuthenticationToken result = new OAuth2AuthorizationCodeAuthenticationToken(
 				this.registration, authorizationExchange, accessToken);
 
-		when(authorizationRequestRepository.loadAuthorizationRequest(any()))
-				.thenReturn(Mono.just(authorizationRequest));
-		when(converter.convert(any())).thenReturn(Mono.just(new TestingAuthenticationToken("a", "b", "c")));
-		when(manager.authenticate(any())).thenReturn(Mono.just(result));
-		when(requestCache.getRedirectUri(any())).thenReturn(Mono.just(URI.create("/saved-request")));
+		given(authorizationRequestRepository.loadAuthorizationRequest(any()))
+				.willReturn(Mono.just(authorizationRequest));
+		given(converter.convert(any())).willReturn(Mono.just(new TestingAuthenticationToken("a", "b", "c")));
+		given(manager.authenticate(any())).willReturn(Mono.just(result));
+		given(requestCache.getRedirectUri(any())).willReturn(Mono.just(URI.create("/saved-request")));
 
 		this.client.get()
 				.uri(uriBuilder -> uriBuilder.path("/authorize/oauth2/code/registration-id")
@@ -178,11 +178,11 @@ public class OAuth2ClientSpecTests {
 		OAuth2AuthorizationCodeAuthenticationToken result = new OAuth2AuthorizationCodeAuthenticationToken(
 				this.registration, authorizationExchange, accessToken);
 
-		when(authorizationRequestRepository.loadAuthorizationRequest(any()))
-				.thenReturn(Mono.just(authorizationRequest));
-		when(converter.convert(any())).thenReturn(Mono.just(new TestingAuthenticationToken("a", "b", "c")));
-		when(manager.authenticate(any())).thenReturn(Mono.just(result));
-		when(requestCache.getRedirectUri(any())).thenReturn(Mono.just(URI.create("/saved-request")));
+		given(authorizationRequestRepository.loadAuthorizationRequest(any()))
+				.willReturn(Mono.just(authorizationRequest));
+		given(converter.convert(any())).willReturn(Mono.just(new TestingAuthenticationToken("a", "b", "c")));
+		given(manager.authenticate(any())).willReturn(Mono.just(result));
+		given(requestCache.getRedirectUri(any())).willReturn(Mono.just(URI.create("/saved-request")));
 
 		this.client.get()
 				.uri(uriBuilder -> uriBuilder.path("/authorize/oauth2/code/registration-id")
diff --git a/config/src/test/java/org/springframework/security/config/web/server/OAuth2LoginTests.java b/config/src/test/java/org/springframework/security/config/web/server/OAuth2LoginTests.java
index 2bb5aaee8c..71703fa63d 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/OAuth2LoginTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/OAuth2LoginTests.java
@@ -104,10 +104,10 @@ import org.springframework.web.server.WebHandler;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.spy;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 import static org.springframework.security.oauth2.jwt.TestJwts.jwt;
 
 /**
@@ -186,10 +186,10 @@ public class OAuth2LoginTests {
 		ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository = config.authorizationRequestRepository;
 		ServerRequestCache requestCache = config.requestCache;
 
-		when(authorizedClientRepository.loadAuthorizedClient(any(), any(), any())).thenReturn(Mono.empty());
-		when(authorizationRequestRepository.saveAuthorizationRequest(any(), any())).thenReturn(Mono.empty());
-		when(requestCache.removeMatchingRequest(any())).thenReturn(Mono.empty());
-		when(requestCache.saveRequest(any())).thenReturn(Mono.empty());
+		given(authorizedClientRepository.loadAuthorizedClient(any(), any(), any())).willReturn(Mono.empty());
+		given(authorizationRequestRepository.saveAuthorizationRequest(any(), any())).willReturn(Mono.empty());
+		given(requestCache.removeMatchingRequest(any())).willReturn(Mono.empty());
+		given(requestCache.saveRequest(any())).willReturn(Mono.empty());
 
 		this.client.get().uri("/").exchange().expectStatus().is3xxRedirection();
 
@@ -222,11 +222,11 @@ public class OAuth2LoginTests {
 		OAuth2LoginAuthenticationToken result = new OAuth2LoginAuthenticationToken(github, exchange, user,
 				user.getAuthorities(), accessToken);
 
-		when(converter.convert(any())).thenReturn(Mono.just(new TestingAuthenticationToken("a", "b", "c")));
-		when(manager.authenticate(any())).thenReturn(Mono.just(result));
-		when(matcher.matches(any())).thenReturn(ServerWebExchangeMatcher.MatchResult.match());
-		when(resolver.resolve(any())).thenReturn(Mono.empty());
-		when(successHandler.onAuthenticationSuccess(any(), any())).thenAnswer((Answer<Mono<Void>>) invocation -> {
+		given(converter.convert(any())).willReturn(Mono.just(new TestingAuthenticationToken("a", "b", "c")));
+		given(manager.authenticate(any())).willReturn(Mono.just(result));
+		given(matcher.matches(any())).willReturn(ServerWebExchangeMatcher.MatchResult.match());
+		given(resolver.resolve(any())).willReturn(Mono.empty());
+		given(successHandler.onAuthenticationSuccess(any(), any())).willAnswer((Answer<Mono<Void>>) invocation -> {
 			WebFilterExchange webFilterExchange = invocation.getArgument(0);
 			Authentication authentication = invocation.getArgument(1);
 
@@ -263,19 +263,19 @@ public class OAuth2LoginTests {
 		ServerAuthenticationSuccessHandler successHandler = config.successHandler;
 		ServerAuthenticationFailureHandler failureHandler = config.failureHandler;
 
-		when(converter.convert(any())).thenReturn(Mono.just(new TestingAuthenticationToken("a", "b", "c")));
-		when(manager.authenticate(any()))
-				.thenReturn(Mono.error(new OAuth2AuthenticationException(new OAuth2Error("error"), "message")));
-		when(matcher.matches(any())).thenReturn(ServerWebExchangeMatcher.MatchResult.match());
-		when(resolver.resolve(any())).thenReturn(Mono.empty());
-		when(successHandler.onAuthenticationSuccess(any(), any())).thenAnswer((Answer<Mono<Void>>) invocation -> {
+		given(converter.convert(any())).willReturn(Mono.just(new TestingAuthenticationToken("a", "b", "c")));
+		given(manager.authenticate(any()))
+				.willReturn(Mono.error(new OAuth2AuthenticationException(new OAuth2Error("error"), "message")));
+		given(matcher.matches(any())).willReturn(ServerWebExchangeMatcher.MatchResult.match());
+		given(resolver.resolve(any())).willReturn(Mono.empty());
+		given(successHandler.onAuthenticationSuccess(any(), any())).willAnswer((Answer<Mono<Void>>) invocation -> {
 			WebFilterExchange webFilterExchange = invocation.getArgument(0);
 			Authentication authentication = invocation.getArgument(1);
 
 			return new RedirectServerAuthenticationSuccessHandler(redirectLocation)
 					.onAuthenticationSuccess(webFilterExchange, authentication);
 		});
-		when(failureHandler.onAuthenticationFailure(any(), any())).thenAnswer((Answer<Mono<Void>>) invocation -> {
+		given(failureHandler.onAuthenticationFailure(any(), any())).willAnswer((Answer<Mono<Void>>) invocation -> {
 			WebFilterExchange webFilterExchange = invocation.getArgument(0);
 			AuthenticationException authenticationException = invocation.getArgument(1);
 
@@ -317,11 +317,11 @@ public class OAuth2LoginTests {
 		OAuth2LoginAuthenticationToken result = new OAuth2LoginAuthenticationToken(github, exchange, user,
 				user.getAuthorities(), accessToken);
 
-		when(converter.convert(any())).thenReturn(Mono.just(new TestingAuthenticationToken("a", "b", "c")));
-		when(manager.authenticate(any())).thenReturn(Mono.just(result));
-		when(matcher.matches(any())).thenReturn(ServerWebExchangeMatcher.MatchResult.match());
-		when(resolver.resolve(any())).thenReturn(Mono.empty());
-		when(successHandler.onAuthenticationSuccess(any(), any())).thenAnswer((Answer<Mono<Void>>) invocation -> {
+		given(converter.convert(any())).willReturn(Mono.just(new TestingAuthenticationToken("a", "b", "c")));
+		given(manager.authenticate(any())).willReturn(Mono.just(result));
+		given(matcher.matches(any())).willReturn(ServerWebExchangeMatcher.MatchResult.match());
+		given(resolver.resolve(any())).willReturn(Mono.empty());
+		given(successHandler.onAuthenticationSuccess(any(), any())).willAnswer((Answer<Mono<Void>>) invocation -> {
 			WebFilterExchange webFilterExchange = invocation.getArgument(0);
 			Authentication authentication = invocation.getArgument(1);
 
@@ -357,11 +357,11 @@ public class OAuth2LoginTests {
 				exchange, accessToken);
 
 		ServerAuthenticationConverter converter = config.authenticationConverter;
-		when(converter.convert(any())).thenReturn(Mono.just(token));
+		given(converter.convert(any())).willReturn(Mono.just(token));
 
 		ServerSecurityContextRepository securityContextRepository = config.securityContextRepository;
-		when(securityContextRepository.save(any(), any())).thenReturn(Mono.empty());
-		when(securityContextRepository.load(any())).thenReturn(authentication(token));
+		given(securityContextRepository.save(any(), any())).willReturn(Mono.empty());
+		given(securityContextRepository.load(any())).willReturn(authentication(token));
 
 		Map<String, Object> additionalParameters = new HashMap<>();
 		additionalParameters.put(OidcParameterNames.ID_TOKEN, "id-token");
@@ -369,11 +369,11 @@ public class OAuth2LoginTests {
 				.tokenType(accessToken.getTokenType()).scopes(accessToken.getScopes())
 				.additionalParameters(additionalParameters).build();
 		ReactiveOAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> tokenResponseClient = config.tokenResponseClient;
-		when(tokenResponseClient.getTokenResponse(any())).thenReturn(Mono.just(accessTokenResponse));
+		given(tokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse));
 
 		OidcUser user = TestOidcUsers.create();
 		ReactiveOAuth2UserService<OidcUserRequest, OidcUser> userService = config.userService;
-		when(userService.loadUser(any())).thenReturn(Mono.just(user));
+		given(userService.loadUser(any())).willReturn(Mono.just(user));
 
 		webTestClient.get().uri("/login/oauth2/code/google").exchange().expectStatus().is3xxRedirection();
 
@@ -401,11 +401,11 @@ public class OAuth2LoginTests {
 				.getBean(OAuth2LoginWithCustomBeansConfig.class);
 
 		ServerAuthenticationConverter converter = config.authenticationConverter;
-		when(converter.convert(any())).thenReturn(Mono.just(authenticationToken));
+		given(converter.convert(any())).willReturn(Mono.just(authenticationToken));
 
 		ReactiveOAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> tokenResponseClient = config.tokenResponseClient;
 		OAuth2Error oauth2Error = new OAuth2Error("invalid_request", "Invalid request", null);
-		when(tokenResponseClient.getTokenResponse(any())).thenThrow(new OAuth2AuthenticationException(oauth2Error));
+		given(tokenResponseClient.getTokenResponse(any())).willThrow(new OAuth2AuthenticationException(oauth2Error));
 
 		webTestClient.get().uri("/login/oauth2/code/google").exchange().expectStatus().is3xxRedirection().expectHeader()
 				.valueEquals("Location", "/login?error");
@@ -430,7 +430,7 @@ public class OAuth2LoginTests {
 				google, exchange, accessToken);
 
 		ServerAuthenticationConverter converter = config.authenticationConverter;
-		when(converter.convert(any())).thenReturn(Mono.just(authenticationToken));
+		given(converter.convert(any())).willReturn(Mono.just(authenticationToken));
 
 		Map<String, Object> additionalParameters = new HashMap<>();
 		additionalParameters.put(OidcParameterNames.ID_TOKEN, "id-token");
@@ -438,11 +438,11 @@ public class OAuth2LoginTests {
 				.tokenType(accessToken.getTokenType()).scopes(accessToken.getScopes())
 				.additionalParameters(additionalParameters).build();
 		ReactiveOAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> tokenResponseClient = config.tokenResponseClient;
-		when(tokenResponseClient.getTokenResponse(any())).thenReturn(Mono.just(accessTokenResponse));
+		given(tokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse));
 
 		ReactiveJwtDecoderFactory<ClientRegistration> jwtDecoderFactory = config.jwtDecoderFactory;
 		OAuth2Error oauth2Error = new OAuth2Error("invalid_id_token", "Invalid ID Token", null);
-		when(jwtDecoderFactory.createDecoder(any())).thenReturn(token -> Mono
+		given(jwtDecoderFactory.createDecoder(any())).willReturn(token -> Mono
 				.error(new JwtValidationException("ID Token validation failed", Collections.singleton(oauth2Error))));
 
 		webTestClient.get().uri("/login/oauth2/code/google").exchange().expectStatus().is3xxRedirection().expectHeader()
@@ -457,7 +457,7 @@ public class OAuth2LoginTests {
 				AuthorityUtils.NO_AUTHORITIES, getBean(ClientRegistration.class).getRegistrationId());
 
 		ServerSecurityContextRepository repository = getBean(ServerSecurityContextRepository.class);
-		when(repository.load(any())).thenReturn(authentication(token));
+		given(repository.load(any())).willReturn(authentication(token));
 
 		this.client.post().uri("/logout").exchange().expectHeader().valueEquals("Location",
 				"https://logout?id_token_hint=id-token");
diff --git a/config/src/test/java/org/springframework/security/config/web/server/OAuth2ResourceServerSpecTests.java b/config/src/test/java/org/springframework/security/config/web/server/OAuth2ResourceServerSpecTests.java
index 5d4962a5fa..2367e23eb8 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/OAuth2ResourceServerSpecTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/OAuth2ResourceServerSpecTests.java
@@ -83,9 +83,9 @@ import static org.assertj.core.api.Assertions.assertThatCode;
 import static org.hamcrest.core.StringStartsWith.startsWith;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyString;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 import static org.springframework.security.oauth2.jwt.TestJwts.jwt;
 
 /**
@@ -196,7 +196,7 @@ public class OAuth2ResourceServerSpecTests {
 		this.spring.register(CustomDecoderConfig.class, RootController.class).autowire();
 
 		ReactiveJwtDecoder jwtDecoder = this.spring.getContext().getBean(ReactiveJwtDecoder.class);
-		when(jwtDecoder.decode(anyString())).thenReturn(Mono.just(this.jwt));
+		given(jwtDecoder.decode(anyString())).willReturn(Mono.just(this.jwt));
 
 		this.client.get().headers(headers -> headers.setBearerAuth("token")).exchange().expectStatus().isOk();
 
@@ -231,8 +231,8 @@ public class OAuth2ResourceServerSpecTests {
 
 		ReactiveAuthenticationManager authenticationManager = this.spring.getContext()
 				.getBean(ReactiveAuthenticationManager.class);
-		when(authenticationManager.authenticate(any(Authentication.class)))
-				.thenReturn(Mono.error(new OAuth2AuthenticationException(new OAuth2Error("mock-failure"))));
+		given(authenticationManager.authenticate(any(Authentication.class)))
+				.willReturn(Mono.error(new OAuth2AuthenticationException(new OAuth2Error("mock-failure"))));
 
 		this.client.get().headers(headers -> headers.setBearerAuth(this.messageReadToken)).exchange().expectStatus()
 				.isUnauthorized().expectHeader()
@@ -245,8 +245,8 @@ public class OAuth2ResourceServerSpecTests {
 
 		ReactiveAuthenticationManager authenticationManager = this.spring.getContext()
 				.getBean(ReactiveAuthenticationManager.class);
-		when(authenticationManager.authenticate(any(Authentication.class)))
-				.thenReturn(Mono.error(new OAuth2AuthenticationException(new OAuth2Error("mock-failure"))));
+		given(authenticationManager.authenticate(any(Authentication.class)))
+				.willReturn(Mono.error(new OAuth2AuthenticationException(new OAuth2Error("mock-failure"))));
 
 		this.client.get().headers(headers -> headers.setBearerAuth(this.messageReadToken)).exchange().expectStatus()
 				.isUnauthorized().expectHeader()
@@ -263,10 +263,10 @@ public class OAuth2ResourceServerSpecTests {
 		ReactiveAuthenticationManager authenticationManager = this.spring.getContext()
 				.getBean(ReactiveAuthenticationManager.class);
 
-		when(authenticationManagerResolver.resolve(any(ServerWebExchange.class)))
-				.thenReturn(Mono.just(authenticationManager));
-		when(authenticationManager.authenticate(any(Authentication.class)))
-				.thenReturn(Mono.error(new OAuth2AuthenticationException(new OAuth2Error("mock-failure"))));
+		given(authenticationManagerResolver.resolve(any(ServerWebExchange.class)))
+				.willReturn(Mono.just(authenticationManager));
+		given(authenticationManager.authenticate(any(Authentication.class)))
+				.willReturn(Mono.error(new OAuth2AuthenticationException(new OAuth2Error("mock-failure"))));
 
 		this.client.get().headers(headers -> headers.setBearerAuth(this.messageReadToken)).exchange().expectStatus()
 				.isUnauthorized().expectHeader()
diff --git a/config/src/test/java/org/springframework/security/config/web/server/ServerHttpSecurityTests.java b/config/src/test/java/org/springframework/security/config/web/server/ServerHttpSecurityTests.java
index 014e2d689f..425c8b7c84 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/ServerHttpSecurityTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/ServerHttpSecurityTests.java
@@ -77,7 +77,6 @@ import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.spy;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.verifyZeroInteractions;
-import static org.mockito.Mockito.when;
 import static org.springframework.security.config.Customizer.withDefaults;
 import static org.springframework.test.util.ReflectionTestUtils.getField;
 
@@ -108,7 +107,7 @@ public class ServerHttpSecurityTests {
 	@Test
 	public void defaults() {
 		TestPublisher<SecurityContext> securityContext = TestPublisher.create();
-		when(this.contextRepository.load(any())).thenReturn(securityContext.mono());
+		given(this.contextRepository.load(any())).willReturn(securityContext.mono());
 		this.http.securityContextRepository(this.contextRepository);
 
 		WebTestClient client = buildClient();
@@ -411,7 +410,7 @@ public class ServerHttpSecurityTests {
 	@Test
 	public void postWhenCustomCsrfTokenRepositoryThenUsed() {
 		ServerCsrfTokenRepository customServerCsrfTokenRepository = mock(ServerCsrfTokenRepository.class);
-		when(customServerCsrfTokenRepository.loadToken(any(ServerWebExchange.class))).thenReturn(Mono.empty());
+		given(customServerCsrfTokenRepository.loadToken(any(ServerWebExchange.class))).willReturn(Mono.empty());
 		SecurityWebFilterChain securityFilterChain = this.http
 				.csrf(csrf -> csrf.csrfTokenRepository(customServerCsrfTokenRepository)).build();
 		WebFilterChainProxy springSecurityFilterChain = new WebFilterChainProxy(securityFilterChain);
@@ -453,8 +452,8 @@ public class ServerHttpSecurityTests {
 
 		OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request().build();
 
-		when(authorizationRequestRepository.removeAuthorizationRequest(any()))
-				.thenReturn(Mono.just(authorizationRequest));
+		given(authorizationRequestRepository.removeAuthorizationRequest(any()))
+				.willReturn(Mono.just(authorizationRequest));
 
 		SecurityWebFilterChain securityFilterChain = this.http.oauth2Login()
 				.clientRegistrationRepository(clientRegistrationRepository)
diff --git a/core/src/test/java/org/springframework/security/access/expression/SecurityExpressionRootTests.java b/core/src/test/java/org/springframework/security/access/expression/SecurityExpressionRootTests.java
index 814dc67422..28d28fd39f 100644
--- a/core/src/test/java/org/springframework/security/access/expression/SecurityExpressionRootTests.java
+++ b/core/src/test/java/org/springframework/security/access/expression/SecurityExpressionRootTests.java
@@ -24,8 +24,8 @@ import org.springframework.security.core.Authentication;
 import org.springframework.security.core.authority.AuthorityUtils;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
 
 /**
  * @author Luke Taylor
@@ -55,7 +55,7 @@ public class SecurityExpressionRootTests {
 	public void rememberMeIsCorrectlyDetected() {
 		AuthenticationTrustResolver atr = mock(AuthenticationTrustResolver.class);
 		this.root.setTrustResolver(atr);
-		when(atr.isRememberMe(JOE)).thenReturn(true);
+		given(atr.isRememberMe(JOE)).willReturn(true);
 		assertThat(this.root.isRememberMe()).isTrue();
 		assertThat(this.root.isFullyAuthenticated()).isFalse();
 	}
diff --git a/core/src/test/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandlerTests.java b/core/src/test/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandlerTests.java
index 443a3c4ed7..9201f6f56e 100644
--- a/core/src/test/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandlerTests.java
+++ b/core/src/test/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandlerTests.java
@@ -37,10 +37,10 @@ import org.springframework.security.core.context.SecurityContextHolder;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.doReturn;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 
 @RunWith(MockitoJUnitRunner.class)
 public class DefaultMethodSecurityExpressionHandlerTests {
@@ -59,8 +59,8 @@ public class DefaultMethodSecurityExpressionHandlerTests {
 	@Before
 	public void setup() {
 		this.handler = new DefaultMethodSecurityExpressionHandler();
-		when(this.methodInvocation.getThis()).thenReturn(new Foo());
-		when(this.methodInvocation.getMethod()).thenReturn(Foo.class.getMethods()[0]);
+		given(this.methodInvocation.getThis()).willReturn(new Foo());
+		given(this.methodInvocation.getMethod()).willReturn(Foo.class.getMethods()[0]);
 	}
 
 	@After
diff --git a/core/src/test/java/org/springframework/security/access/expression/method/MethodSecurityExpressionRootTests.java b/core/src/test/java/org/springframework/security/access/expression/method/MethodSecurityExpressionRootTests.java
index 4867824140..cba5c7c8bc 100644
--- a/core/src/test/java/org/springframework/security/access/expression/method/MethodSecurityExpressionRootTests.java
+++ b/core/src/test/java/org/springframework/security/access/expression/method/MethodSecurityExpressionRootTests.java
@@ -29,8 +29,8 @@ import org.springframework.security.core.Authentication;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
 
 /**
  * Tests for {@link MethodSecurityExpressionRoot}
@@ -69,13 +69,13 @@ public class MethodSecurityExpressionRootTests {
 
 	@Test
 	public void isAnonymousReturnsTrueIfTrustResolverReportsAnonymous() {
-		when(this.trustResolver.isAnonymous(this.user)).thenReturn(true);
+		given(this.trustResolver.isAnonymous(this.user)).willReturn(true);
 		assertThat(this.root.isAnonymous()).isTrue();
 	}
 
 	@Test
 	public void isAnonymousReturnsFalseIfTrustResolverReportsNonAnonymous() {
-		when(this.trustResolver.isAnonymous(this.user)).thenReturn(false);
+		given(this.trustResolver.isAnonymous(this.user)).willReturn(false);
 		assertThat(this.root.isAnonymous()).isFalse();
 	}
 
@@ -85,7 +85,7 @@ public class MethodSecurityExpressionRootTests {
 		final PermissionEvaluator pe = mock(PermissionEvaluator.class);
 		this.ctx.setVariable("domainObject", dummyDomainObject);
 		this.root.setPermissionEvaluator(pe);
-		when(pe.hasPermission(this.user, dummyDomainObject, "ignored")).thenReturn(false);
+		given(pe.hasPermission(this.user, dummyDomainObject, "ignored")).willReturn(false);
 
 		assertThat(this.root.hasPermission(dummyDomainObject, "ignored")).isFalse();
 
@@ -97,7 +97,7 @@ public class MethodSecurityExpressionRootTests {
 		final PermissionEvaluator pe = mock(PermissionEvaluator.class);
 		this.ctx.setVariable("domainObject", dummyDomainObject);
 		this.root.setPermissionEvaluator(pe);
-		when(pe.hasPermission(this.user, dummyDomainObject, "ignored")).thenReturn(true);
+		given(pe.hasPermission(this.user, dummyDomainObject, "ignored")).willReturn(true);
 
 		assertThat(this.root.hasPermission(dummyDomainObject, "ignored")).isTrue();
 	}
@@ -108,8 +108,7 @@ public class MethodSecurityExpressionRootTests {
 		this.ctx.setVariable("domainObject", dummyDomainObject);
 		final PermissionEvaluator pe = mock(PermissionEvaluator.class);
 		this.root.setPermissionEvaluator(pe);
-		when(pe.hasPermission(eq(this.user), eq(dummyDomainObject), any(Integer.class))).thenReturn(true)
-				.thenReturn(true).thenReturn(false);
+		given(pe.hasPermission(eq(this.user), eq(dummyDomainObject), any(Integer.class))).willReturn(true, true, false);
 
 		Expression e = this.parser.parseExpression("hasPermission(#domainObject, 0xA)");
 		// evaluator returns true
@@ -133,8 +132,8 @@ public class MethodSecurityExpressionRootTests {
 		Integer i = 2;
 		PermissionEvaluator pe = mock(PermissionEvaluator.class);
 		this.root.setPermissionEvaluator(pe);
-		when(pe.hasPermission(this.user, targetObject, i)).thenReturn(true).thenReturn(false);
-		when(pe.hasPermission(this.user, "x", i)).thenReturn(true);
+		given(pe.hasPermission(this.user, targetObject, i)).willReturn(true, false);
+		given(pe.hasPermission(this.user, "x", i)).willReturn(true);
 
 		Expression e = this.parser.parseExpression("hasPermission(this, 2)");
 		assertThat(ExpressionUtils.evaluateAsBoolean(e, this.ctx)).isTrue();
diff --git a/core/src/test/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptorTests.java b/core/src/test/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptorTests.java
index 87293e45be..b510aeb697 100644
--- a/core/src/test/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptorTests.java
+++ b/core/src/test/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptorTests.java
@@ -51,12 +51,12 @@ import static org.assertj.core.api.Assertions.fail;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyString;
 import static org.mockito.ArgumentMatchers.eq;
-import static org.mockito.Mockito.doThrow;
+import static org.mockito.BDDMockito.given;
+import static org.mockito.BDDMockito.willThrow;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.never;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.verifyZeroInteractions;
-import static org.mockito.Mockito.when;
 
 /**
  * Tests {@link MethodSecurityInterceptor}.
@@ -150,21 +150,21 @@ public class MethodSecurityInterceptorTests {
 
 	@Test(expected = IllegalArgumentException.class)
 	public void initializationRejectsSecurityMetadataSourceThatDoesNotSupportMethodInvocation() throws Throwable {
-		when(this.mds.supports(MethodInvocation.class)).thenReturn(false);
+		given(this.mds.supports(MethodInvocation.class)).willReturn(false);
 		this.interceptor.afterPropertiesSet();
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void initializationRejectsAccessDecisionManagerThatDoesNotSupportMethodInvocation() throws Exception {
-		when(this.mds.supports(MethodInvocation.class)).thenReturn(true);
-		when(this.adm.supports(MethodInvocation.class)).thenReturn(false);
+		given(this.mds.supports(MethodInvocation.class)).willReturn(true);
+		given(this.adm.supports(MethodInvocation.class)).willReturn(false);
 		this.interceptor.afterPropertiesSet();
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void intitalizationRejectsRunAsManagerThatDoesNotSupportMethodInvocation() throws Exception {
 		final RunAsManager ram = mock(RunAsManager.class);
-		when(ram.supports(MethodInvocation.class)).thenReturn(false);
+		given(ram.supports(MethodInvocation.class)).willReturn(false);
 		this.interceptor.setRunAsManager(ram);
 		this.interceptor.afterPropertiesSet();
 	}
@@ -172,21 +172,21 @@ public class MethodSecurityInterceptorTests {
 	@Test(expected = IllegalArgumentException.class)
 	public void intitalizationRejectsAfterInvocationManagerThatDoesNotSupportMethodInvocation() throws Exception {
 		final AfterInvocationManager aim = mock(AfterInvocationManager.class);
-		when(aim.supports(MethodInvocation.class)).thenReturn(false);
+		given(aim.supports(MethodInvocation.class)).willReturn(false);
 		this.interceptor.setAfterInvocationManager(aim);
 		this.interceptor.afterPropertiesSet();
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void initializationFailsIfAccessDecisionManagerRejectsConfigAttributes() throws Exception {
-		when(this.adm.supports(any(ConfigAttribute.class))).thenReturn(false);
+		given(this.adm.supports(any(ConfigAttribute.class))).willReturn(false);
 		this.interceptor.afterPropertiesSet();
 	}
 
 	@Test
 	public void validationNotAttemptedIfIsValidateConfigAttributesSetToFalse() throws Exception {
-		when(this.adm.supports(MethodInvocation.class)).thenReturn(true);
-		when(this.mds.supports(MethodInvocation.class)).thenReturn(true);
+		given(this.adm.supports(MethodInvocation.class)).willReturn(true);
+		given(this.mds.supports(MethodInvocation.class)).willReturn(true);
 		this.interceptor.setValidateConfigAttributes(false);
 		this.interceptor.afterPropertiesSet();
 		verify(this.mds, never()).getAllConfigAttributes();
@@ -195,9 +195,9 @@ public class MethodSecurityInterceptorTests {
 
 	@Test
 	public void validationNotAttemptedIfMethodSecurityMetadataSourceReturnsNullForAttributes() throws Exception {
-		when(this.adm.supports(MethodInvocation.class)).thenReturn(true);
-		when(this.mds.supports(MethodInvocation.class)).thenReturn(true);
-		when(this.mds.getAllConfigAttributes()).thenReturn(null);
+		given(this.adm.supports(MethodInvocation.class)).willReturn(true);
+		given(this.mds.supports(MethodInvocation.class)).willReturn(true);
+		given(this.mds.getAllConfigAttributes()).willReturn(null);
 
 		this.interceptor.setValidateConfigAttributes(true);
 		this.interceptor.afterPropertiesSet();
@@ -226,7 +226,7 @@ public class MethodSecurityInterceptorTests {
 		SecurityContextHolder.getContext().setAuthentication(token);
 
 		mdsReturnsUserRole();
-		when(this.authman.authenticate(token)).thenThrow(new BadCredentialsException("rejected"));
+		given(this.authman.authenticate(token)).willThrow(new BadCredentialsException("rejected"));
 
 		this.advisedTarget.makeLowerCase("HELLO");
 	}
@@ -253,8 +253,8 @@ public class MethodSecurityInterceptorTests {
 		// so test would fail)
 		createTarget(true);
 		mdsReturnsUserRole();
-		when(this.authman.authenticate(this.token)).thenReturn(this.token);
-		doThrow(new AccessDeniedException("rejected")).when(this.adm).decide(any(Authentication.class),
+		given(this.authman.authenticate(this.token)).willReturn(this.token);
+		willThrow(new AccessDeniedException("rejected")).given(this.adm).decide(any(Authentication.class),
 				any(MethodInvocation.class), any(List.class));
 
 		try {
@@ -281,7 +281,7 @@ public class MethodSecurityInterceptorTests {
 				TestingAuthenticationToken.class);
 		this.interceptor.setRunAsManager(runAs);
 		mdsReturnsUserRole();
-		when(runAs.buildRunAs(eq(this.token), any(MethodInvocation.class), any(List.class))).thenReturn(runAsToken);
+		given(runAs.buildRunAs(eq(this.token), any(MethodInvocation.class), any(List.class))).willReturn(runAsToken);
 
 		String result = this.advisedTarget.makeUpperCase("hello");
 		assertThat(result).isEqualTo("HELLO org.springframework.security.access.intercept.RunAsUserToken true");
@@ -294,7 +294,7 @@ public class MethodSecurityInterceptorTests {
 	@Test
 	public void runAsReplacementCleansAfterException() {
 		createTarget(true);
-		when(this.realTarget.makeUpperCase(anyString())).thenThrow(new RuntimeException());
+		given(this.realTarget.makeUpperCase(anyString())).willThrow(new RuntimeException());
 		SecurityContext ctx = SecurityContextHolder.getContext();
 		ctx.setAuthentication(this.token);
 		this.token.setAuthenticated(true);
@@ -303,7 +303,7 @@ public class MethodSecurityInterceptorTests {
 				TestingAuthenticationToken.class);
 		this.interceptor.setRunAsManager(runAs);
 		mdsReturnsUserRole();
-		when(runAs.buildRunAs(eq(this.token), any(MethodInvocation.class), any(List.class))).thenReturn(runAsToken);
+		given(runAs.buildRunAs(eq(this.token), any(MethodInvocation.class), any(List.class))).willReturn(runAsToken);
 
 		try {
 			this.advisedTarget.makeUpperCase("hello");
@@ -333,7 +333,7 @@ public class MethodSecurityInterceptorTests {
 		AfterInvocationManager aim = mock(AfterInvocationManager.class);
 		this.interceptor.setAfterInvocationManager(aim);
 
-		when(mi.proceed()).thenThrow(new Throwable());
+		given(mi.proceed()).willThrow(new Throwable());
 
 		try {
 			this.interceptor.invoke(mi);
@@ -346,11 +346,11 @@ public class MethodSecurityInterceptorTests {
 	}
 
 	void mdsReturnsNull() {
-		when(this.mds.getAttributes(any(MethodInvocation.class))).thenReturn(null);
+		given(this.mds.getAttributes(any(MethodInvocation.class))).willReturn(null);
 	}
 
 	void mdsReturnsUserRole() {
-		when(this.mds.getAttributes(any(MethodInvocation.class))).thenReturn(SecurityConfig.createList("ROLE_USER"));
+		given(this.mds.getAttributes(any(MethodInvocation.class))).willReturn(SecurityConfig.createList("ROLE_USER"));
 	}
 
 }
diff --git a/core/src/test/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisorTests.java b/core/src/test/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisorTests.java
index 7e5b953fdf..d9ea3b8857 100644
--- a/core/src/test/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisorTests.java
+++ b/core/src/test/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisorTests.java
@@ -25,8 +25,8 @@ import org.springframework.security.access.SecurityConfig;
 import org.springframework.security.access.method.MethodSecurityMetadataSource;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
 
 /**
  * Tests {@link MethodSecurityMetadataSourceAdvisor}.
@@ -41,7 +41,7 @@ public class MethodSecurityMetadataSourceAdvisorTests {
 		Method method = clazz.getMethod("makeLowerCase", new Class[] { String.class });
 
 		MethodSecurityMetadataSource mds = mock(MethodSecurityMetadataSource.class);
-		when(mds.getAttributes(method, clazz)).thenReturn(null);
+		given(mds.getAttributes(method, clazz)).willReturn(null);
 		MethodSecurityMetadataSourceAdvisor advisor = new MethodSecurityMetadataSourceAdvisor("", mds, "");
 		assertThat(advisor.getPointcut().getMethodMatcher().matches(method, clazz)).isFalse();
 	}
@@ -52,7 +52,7 @@ public class MethodSecurityMetadataSourceAdvisorTests {
 		Method method = clazz.getMethod("countLength", new Class[] { String.class });
 
 		MethodSecurityMetadataSource mds = mock(MethodSecurityMetadataSource.class);
-		when(mds.getAttributes(method, clazz)).thenReturn(SecurityConfig.createList("ROLE_A"));
+		given(mds.getAttributes(method, clazz)).willReturn(SecurityConfig.createList("ROLE_A"));
 		MethodSecurityMetadataSourceAdvisor advisor = new MethodSecurityMetadataSourceAdvisor("", mds, "");
 		assertThat(advisor.getPointcut().getMethodMatcher().matches(method, clazz)).isTrue();
 	}
diff --git a/core/src/test/java/org/springframework/security/access/intercept/aspectj/AspectJMethodSecurityInterceptorTests.java b/core/src/test/java/org/springframework/security/access/intercept/aspectj/AspectJMethodSecurityInterceptorTests.java
index 7eb19045b9..f156277895 100644
--- a/core/src/test/java/org/springframework/security/access/intercept/aspectj/AspectJMethodSecurityInterceptorTests.java
+++ b/core/src/test/java/org/springframework/security/access/intercept/aspectj/AspectJMethodSecurityInterceptorTests.java
@@ -48,12 +48,12 @@ import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.fail;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
-import static org.mockito.Mockito.doThrow;
+import static org.mockito.BDDMockito.given;
+import static org.mockito.BDDMockito.willThrow;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.never;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.verifyZeroInteractions;
-import static org.mockito.Mockito.when;
 
 /**
  * Tests {@link AspectJMethodSecurityInterceptor}.
@@ -91,17 +91,17 @@ public class AspectJMethodSecurityInterceptorTests {
 		this.joinPoint = mock(ProceedingJoinPoint.class); // new MockJoinPoint(new
 															// TargetObject(), method);
 		Signature sig = mock(Signature.class);
-		when(sig.getDeclaringType()).thenReturn(TargetObject.class);
+		given(sig.getDeclaringType()).willReturn(TargetObject.class);
 		JoinPoint.StaticPart staticPart = mock(JoinPoint.StaticPart.class);
-		when(this.joinPoint.getSignature()).thenReturn(sig);
-		when(this.joinPoint.getStaticPart()).thenReturn(staticPart);
+		given(this.joinPoint.getSignature()).willReturn(sig);
+		given(this.joinPoint.getStaticPart()).willReturn(staticPart);
 		CodeSignature codeSig = mock(CodeSignature.class);
-		when(codeSig.getName()).thenReturn("countLength");
-		when(codeSig.getDeclaringType()).thenReturn(TargetObject.class);
-		when(codeSig.getParameterTypes()).thenReturn(new Class[] { String.class });
-		when(staticPart.getSignature()).thenReturn(codeSig);
-		when(this.mds.getAttributes(any())).thenReturn(SecurityConfig.createList("ROLE_USER"));
-		when(this.authman.authenticate(this.token)).thenReturn(this.token);
+		given(codeSig.getName()).willReturn("countLength");
+		given(codeSig.getDeclaringType()).willReturn(TargetObject.class);
+		given(codeSig.getParameterTypes()).willReturn(new Class[] { String.class });
+		given(staticPart.getSignature()).willReturn(codeSig);
+		given(this.mds.getAttributes(any())).willReturn(SecurityConfig.createList("ROLE_USER"));
+		given(this.authman.authenticate(this.token)).willReturn(this.token);
 	}
 
 	@After
@@ -122,7 +122,7 @@ public class AspectJMethodSecurityInterceptorTests {
 	@SuppressWarnings("unchecked")
 	@Test
 	public void callbackIsNotInvokedWhenPermissionDenied() {
-		doThrow(new AccessDeniedException("denied")).when(this.adm).decide(any(), any(), any());
+		willThrow(new AccessDeniedException("denied")).given(this.adm).decide(any(), any(), any());
 
 		SecurityContextHolder.getContext().setAuthentication(this.token);
 		try {
@@ -139,8 +139,8 @@ public class AspectJMethodSecurityInterceptorTests {
 		TargetObject to = new TargetObject();
 		Method m = ClassUtils.getMethodIfAvailable(TargetObject.class, "countLength", new Class[] { String.class });
 
-		when(this.joinPoint.getTarget()).thenReturn(to);
-		when(this.joinPoint.getArgs()).thenReturn(new Object[] { "Hi" });
+		given(this.joinPoint.getTarget()).willReturn(to);
+		given(this.joinPoint.getArgs()).willReturn(new Object[] { "Hi" });
 		MethodInvocationAdapter mia = new MethodInvocationAdapter(this.joinPoint);
 		assertThat(mia.getArguments()[0]).isEqualTo("Hi");
 		assertThat(mia.getStaticPart()).isEqualTo(m);
@@ -156,7 +156,7 @@ public class AspectJMethodSecurityInterceptorTests {
 		AfterInvocationManager aim = mock(AfterInvocationManager.class);
 		this.interceptor.setAfterInvocationManager(aim);
 
-		when(this.aspectJCallback.proceedWithObject()).thenThrow(new RuntimeException());
+		given(this.aspectJCallback.proceedWithObject()).willThrow(new RuntimeException());
 
 		try {
 			this.interceptor.invoke(this.joinPoint, this.aspectJCallback);
@@ -179,8 +179,8 @@ public class AspectJMethodSecurityInterceptorTests {
 		final RunAsUserToken runAsToken = new RunAsUserToken("key", "someone", "creds", this.token.getAuthorities(),
 				TestingAuthenticationToken.class);
 		this.interceptor.setRunAsManager(runAs);
-		when(runAs.buildRunAs(eq(this.token), any(MethodInvocation.class), any(List.class))).thenReturn(runAsToken);
-		when(this.aspectJCallback.proceedWithObject()).thenThrow(new RuntimeException());
+		given(runAs.buildRunAs(eq(this.token), any(MethodInvocation.class), any(List.class))).willReturn(runAsToken);
+		given(this.aspectJCallback.proceedWithObject()).willThrow(new RuntimeException());
 
 		try {
 			this.interceptor.invoke(this.joinPoint, this.aspectJCallback);
@@ -205,8 +205,8 @@ public class AspectJMethodSecurityInterceptorTests {
 		final RunAsUserToken runAsToken = new RunAsUserToken("key", "someone", "creds", this.token.getAuthorities(),
 				TestingAuthenticationToken.class);
 		this.interceptor.setRunAsManager(runAs);
-		when(runAs.buildRunAs(eq(this.token), any(MethodInvocation.class), any(List.class))).thenReturn(runAsToken);
-		when(this.joinPoint.proceed()).thenThrow(new RuntimeException());
+		given(runAs.buildRunAs(eq(this.token), any(MethodInvocation.class), any(List.class))).willReturn(runAsToken);
+		given(this.joinPoint.proceed()).willThrow(new RuntimeException());
 
 		try {
 			this.interceptor.invoke(this.joinPoint);
diff --git a/core/src/test/java/org/springframework/security/access/intercept/method/MethodInvocationPrivilegeEvaluatorTests.java b/core/src/test/java/org/springframework/security/access/intercept/method/MethodInvocationPrivilegeEvaluatorTests.java
index b98b4c3487..bd0a55037d 100644
--- a/core/src/test/java/org/springframework/security/access/intercept/method/MethodInvocationPrivilegeEvaluatorTests.java
+++ b/core/src/test/java/org/springframework/security/access/intercept/method/MethodInvocationPrivilegeEvaluatorTests.java
@@ -38,9 +38,9 @@ import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.util.MethodInvocationUtils;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.Mockito.doThrow;
+import static org.mockito.BDDMockito.given;
+import static org.mockito.BDDMockito.willThrow;
 import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
 
 /**
  * Tests
@@ -80,7 +80,7 @@ public class MethodInvocationPrivilegeEvaluatorTests {
 		final MethodInvocation mi = MethodInvocationUtils.create(object, "makeLowerCase", "foobar");
 
 		MethodInvocationPrivilegeEvaluator mipe = new MethodInvocationPrivilegeEvaluator();
-		when(this.mds.getAttributes(mi)).thenReturn(this.role);
+		given(this.mds.getAttributes(mi)).willReturn(this.role);
 
 		mipe.setSecurityInterceptor(this.interceptor);
 		mipe.afterPropertiesSet();
@@ -94,7 +94,7 @@ public class MethodInvocationPrivilegeEvaluatorTests {
 				"makeLowerCase", new Class[] { String.class }, new Object[] { "Hello world" });
 		MethodInvocationPrivilegeEvaluator mipe = new MethodInvocationPrivilegeEvaluator();
 		mipe.setSecurityInterceptor(this.interceptor);
-		when(this.mds.getAttributes(mi)).thenReturn(this.role);
+		given(this.mds.getAttributes(mi)).willReturn(this.role);
 
 		assertThat(mipe.isAllowed(mi, this.token)).isTrue();
 	}
@@ -105,8 +105,8 @@ public class MethodInvocationPrivilegeEvaluatorTests {
 		final MethodInvocation mi = MethodInvocationUtils.create(object, "makeLowerCase", "foobar");
 		MethodInvocationPrivilegeEvaluator mipe = new MethodInvocationPrivilegeEvaluator();
 		mipe.setSecurityInterceptor(this.interceptor);
-		when(this.mds.getAttributes(mi)).thenReturn(this.role);
-		doThrow(new AccessDeniedException("rejected")).when(this.adm).decide(this.token, mi, this.role);
+		given(this.mds.getAttributes(mi)).willReturn(this.role);
+		willThrow(new AccessDeniedException("rejected")).given(this.adm).decide(this.token, mi, this.role);
 
 		assertThat(mipe.isAllowed(mi, this.token)).isFalse();
 	}
@@ -118,8 +118,8 @@ public class MethodInvocationPrivilegeEvaluatorTests {
 
 		MethodInvocationPrivilegeEvaluator mipe = new MethodInvocationPrivilegeEvaluator();
 		mipe.setSecurityInterceptor(this.interceptor);
-		when(this.mds.getAttributes(mi)).thenReturn(this.role);
-		doThrow(new AccessDeniedException("rejected")).when(this.adm).decide(this.token, mi, this.role);
+		given(this.mds.getAttributes(mi)).willReturn(this.role);
+		willThrow(new AccessDeniedException("rejected")).given(this.adm).decide(this.token, mi, this.role);
 
 		assertThat(mipe.isAllowed(mi, this.token)).isFalse();
 	}
diff --git a/core/src/test/java/org/springframework/security/access/method/DelegatingMethodSecurityMetadataSourceTests.java b/core/src/test/java/org/springframework/security/access/method/DelegatingMethodSecurityMetadataSourceTests.java
index 9cb4449776..ac07025682 100644
--- a/core/src/test/java/org/springframework/security/access/method/DelegatingMethodSecurityMetadataSourceTests.java
+++ b/core/src/test/java/org/springframework/security/access/method/DelegatingMethodSecurityMetadataSourceTests.java
@@ -29,8 +29,8 @@ import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.util.SimpleMethodInvocation;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
 
 /**
  * @author Luke Taylor
@@ -44,8 +44,8 @@ public class DelegatingMethodSecurityMetadataSourceTests {
 	public void returnsEmptyListIfDelegateReturnsNull() throws Exception {
 		List sources = new ArrayList();
 		MethodSecurityMetadataSource delegate = mock(MethodSecurityMetadataSource.class);
-		when(delegate.getAttributes(ArgumentMatchers.<Method>any(), ArgumentMatchers.any(Class.class)))
-				.thenReturn(null);
+		given(delegate.getAttributes(ArgumentMatchers.<Method>any(), ArgumentMatchers.any(Class.class)))
+				.willReturn(null);
 		sources.add(delegate);
 		this.mds = new DelegatingMethodSecurityMetadataSource(sources);
 		assertThat(this.mds.getMethodSecurityMetadataSources()).isSameAs(sources);
@@ -63,7 +63,7 @@ public class DelegatingMethodSecurityMetadataSourceTests {
 		ConfigAttribute ca = mock(ConfigAttribute.class);
 		List attributes = Arrays.asList(ca);
 		Method toString = String.class.getMethod("toString");
-		when(delegate.getAttributes(toString, String.class)).thenReturn(attributes);
+		given(delegate.getAttributes(toString, String.class)).willReturn(attributes);
 		sources.add(delegate);
 		this.mds = new DelegatingMethodSecurityMetadataSource(sources);
 		assertThat(this.mds.getMethodSecurityMetadataSources()).isSameAs(sources);
diff --git a/core/src/test/java/org/springframework/security/access/vote/AffirmativeBasedTests.java b/core/src/test/java/org/springframework/security/access/vote/AffirmativeBasedTests.java
index 78cb5f1e62..e03cbc3cb9 100644
--- a/core/src/test/java/org/springframework/security/access/vote/AffirmativeBasedTests.java
+++ b/core/src/test/java/org/springframework/security/access/vote/AffirmativeBasedTests.java
@@ -31,8 +31,8 @@ import org.springframework.security.core.Authentication;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
 
 /**
  * Tests {@link AffirmativeBased}.
@@ -61,12 +61,12 @@ public class AffirmativeBasedTests {
 		this.abstain = mock(AccessDecisionVoter.class);
 		this.deny = mock(AccessDecisionVoter.class);
 
-		when(this.grant.vote(any(Authentication.class), any(Object.class), any(List.class)))
-				.thenReturn(AccessDecisionVoter.ACCESS_GRANTED);
-		when(this.abstain.vote(any(Authentication.class), any(Object.class), any(List.class)))
-				.thenReturn(AccessDecisionVoter.ACCESS_ABSTAIN);
-		when(this.deny.vote(any(Authentication.class), any(Object.class), any(List.class)))
-				.thenReturn(AccessDecisionVoter.ACCESS_DENIED);
+		given(this.grant.vote(any(Authentication.class), any(Object.class), any(List.class)))
+				.willReturn(AccessDecisionVoter.ACCESS_GRANTED);
+		given(this.abstain.vote(any(Authentication.class), any(Object.class), any(List.class)))
+				.willReturn(AccessDecisionVoter.ACCESS_ABSTAIN);
+		given(this.deny.vote(any(Authentication.class), any(Object.class), any(List.class)))
+				.willReturn(AccessDecisionVoter.ACCESS_DENIED);
 	}
 
 	@Test
diff --git a/core/src/test/java/org/springframework/security/authentication/AbstractAuthenticationTokenTests.java b/core/src/test/java/org/springframework/security/authentication/AbstractAuthenticationTokenTests.java
index a880b06f0f..fa7219294a 100644
--- a/core/src/test/java/org/springframework/security/authentication/AbstractAuthenticationTokenTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/AbstractAuthenticationTokenTests.java
@@ -27,10 +27,10 @@ import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 
 /**
  * Tests {@link AbstractAuthenticationToken}.
@@ -128,7 +128,7 @@ public class AbstractAuthenticationTokenTests {
 		String principalName = "test";
 
 		AuthenticatedPrincipal principal = mock(AuthenticatedPrincipal.class);
-		when(principal.getName()).thenReturn(principalName);
+		given(principal.getName()).willReturn(principalName);
 
 		MockAuthenticationImpl token = new MockAuthenticationImpl(principal, "Password", this.authorities);
 		assertThat(token.getName()).isEqualTo(principalName);
diff --git a/core/src/test/java/org/springframework/security/authentication/DelegatingReactiveAuthenticationManagerTests.java b/core/src/test/java/org/springframework/security/authentication/DelegatingReactiveAuthenticationManagerTests.java
index 0a7dd80588..23394aef94 100644
--- a/core/src/test/java/org/springframework/security/authentication/DelegatingReactiveAuthenticationManagerTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/DelegatingReactiveAuthenticationManagerTests.java
@@ -29,7 +29,7 @@ import org.springframework.security.core.Authentication;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.Mockito.when;
+import static org.mockito.BDDMockito.given;
 
 /**
  * @author Rob Winch
@@ -49,8 +49,8 @@ public class DelegatingReactiveAuthenticationManagerTests {
 
 	@Test
 	public void authenticateWhenEmptyAndNotThenReturnsNotEmpty() {
-		when(this.delegate1.authenticate(any())).thenReturn(Mono.empty());
-		when(this.delegate2.authenticate(any())).thenReturn(Mono.just(this.authentication));
+		given(this.delegate1.authenticate(any())).willReturn(Mono.empty());
+		given(this.delegate2.authenticate(any())).willReturn(Mono.just(this.authentication));
 
 		DelegatingReactiveAuthenticationManager manager = new DelegatingReactiveAuthenticationManager(this.delegate1,
 				this.delegate2);
@@ -62,8 +62,8 @@ public class DelegatingReactiveAuthenticationManagerTests {
 	public void authenticateWhenNotEmptyThenOtherDelegatesNotSubscribed() {
 		// delay to try and force delegate2 to finish (i.e. make sure we didn't use
 		// flatMap)
-		when(this.delegate1.authenticate(any()))
-				.thenReturn(Mono.just(this.authentication).delayElement(Duration.ofMillis(100)));
+		given(this.delegate1.authenticate(any()))
+				.willReturn(Mono.just(this.authentication).delayElement(Duration.ofMillis(100)));
 
 		DelegatingReactiveAuthenticationManager manager = new DelegatingReactiveAuthenticationManager(this.delegate1,
 				this.delegate2);
@@ -73,7 +73,7 @@ public class DelegatingReactiveAuthenticationManagerTests {
 
 	@Test
 	public void authenticateWhenBadCredentialsThenDelegate2NotInvokedAndError() {
-		when(this.delegate1.authenticate(any())).thenReturn(Mono.error(new BadCredentialsException("Test")));
+		given(this.delegate1.authenticate(any())).willReturn(Mono.error(new BadCredentialsException("Test")));
 
 		DelegatingReactiveAuthenticationManager manager = new DelegatingReactiveAuthenticationManager(this.delegate1,
 				this.delegate2);
diff --git a/core/src/test/java/org/springframework/security/authentication/ProviderManagerTests.java b/core/src/test/java/org/springframework/security/authentication/ProviderManagerTests.java
index da36c6221d..f8616313af 100644
--- a/core/src/test/java/org/springframework/security/authentication/ProviderManagerTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/ProviderManagerTests.java
@@ -31,12 +31,12 @@ import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.fail;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.spy;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.verifyNoInteractions;
 import static org.mockito.Mockito.verifyNoMoreInteractions;
-import static org.mockito.Mockito.when;
 
 /**
  * Tests {@link ProviderManager}.
@@ -121,7 +121,7 @@ public class ProviderManagerTests {
 	public void constructorWhenUsingListOfThenNoException() {
 		List<AuthenticationProvider> providers = spy(ArrayList.class);
 		// List.of(null) in JDK 9 throws a NullPointerException
-		when(providers.contains(eq(null))).thenThrow(NullPointerException.class);
+		given(providers.contains(eq(null))).willThrow(NullPointerException.class);
 		providers.add(mock(AuthenticationProvider.class));
 		new ProviderManager(providers);
 	}
@@ -211,7 +211,7 @@ public class ProviderManagerTests {
 	public void parentAuthenticationIsUsedIfProvidersDontAuthenticate() {
 		AuthenticationManager parent = mock(AuthenticationManager.class);
 		Authentication authReq = mock(Authentication.class);
-		when(parent.authenticate(authReq)).thenReturn(authReq);
+		given(parent.authenticate(authReq)).willReturn(authReq);
 		ProviderManager mgr = new ProviderManager(Collections.singletonList(mock(AuthenticationProvider.class)),
 				parent);
 		assertThat(mgr.authenticate(authReq)).isSameAs(authReq);
@@ -238,7 +238,7 @@ public class ProviderManagerTests {
 		final Authentication authReq = mock(Authentication.class);
 		AuthenticationEventPublisher publisher = mock(AuthenticationEventPublisher.class);
 		AuthenticationManager parent = mock(AuthenticationManager.class);
-		when(parent.authenticate(authReq)).thenThrow(new ProviderNotFoundException(""));
+		given(parent.authenticate(authReq)).willThrow(new ProviderNotFoundException(""));
 
 		// Set a provider that throws an exception - this is the exception we expect to be
 		// propagated
@@ -266,7 +266,7 @@ public class ProviderManagerTests {
 		// Set a provider that throws an exception - this is the exception we expect to be
 		// propagated
 		final BadCredentialsException expected = new BadCredentialsException("I'm the one from the parent");
-		when(parent.authenticate(authReq)).thenThrow(expected);
+		given(parent.authenticate(authReq)).willThrow(expected);
 		try {
 			mgr.authenticate(authReq);
 			fail("Expected exception");
@@ -339,16 +339,16 @@ public class ProviderManagerTests {
 
 	private AuthenticationProvider createProviderWhichThrows(final AuthenticationException e) {
 		AuthenticationProvider provider = mock(AuthenticationProvider.class);
-		when(provider.supports(any(Class.class))).thenReturn(true);
-		when(provider.authenticate(any(Authentication.class))).thenThrow(e);
+		given(provider.supports(any(Class.class))).willReturn(true);
+		given(provider.authenticate(any(Authentication.class))).willThrow(e);
 
 		return provider;
 	}
 
 	private AuthenticationProvider createProviderWhichReturns(final Authentication a) {
 		AuthenticationProvider provider = mock(AuthenticationProvider.class);
-		when(provider.supports(any(Class.class))).thenReturn(true);
-		when(provider.authenticate(any(Authentication.class))).thenReturn(a);
+		given(provider.supports(any(Class.class))).willReturn(true);
+		given(provider.authenticate(any(Authentication.class))).willReturn(a);
 
 		return provider;
 	}
diff --git a/core/src/test/java/org/springframework/security/authentication/ReactiveAuthenticationManagerAdapterTests.java b/core/src/test/java/org/springframework/security/authentication/ReactiveAuthenticationManagerAdapterTests.java
index 93621f82df..99cb38c3d3 100644
--- a/core/src/test/java/org/springframework/security/authentication/ReactiveAuthenticationManagerAdapterTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/ReactiveAuthenticationManagerAdapterTests.java
@@ -28,7 +28,7 @@ import org.springframework.security.core.Authentication;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.Mockito.when;
+import static org.mockito.BDDMockito.given;
 
 /**
  * @author Rob Winch
@@ -62,8 +62,8 @@ public class ReactiveAuthenticationManagerAdapterTests {
 
 	@Test
 	public void authenticateWhenSuccessThenSuccess() {
-		when(this.delegate.authenticate(any())).thenReturn(this.authentication);
-		when(this.authentication.isAuthenticated()).thenReturn(true);
+		given(this.delegate.authenticate(any())).willReturn(this.authentication);
+		given(this.authentication.isAuthenticated()).willReturn(true);
 
 		Authentication result = this.manager.authenticate(this.authentication).block();
 
@@ -72,7 +72,7 @@ public class ReactiveAuthenticationManagerAdapterTests {
 
 	@Test
 	public void authenticateWhenReturnNotAuthenticatedThenError() {
-		when(this.delegate.authenticate(any())).thenReturn(this.authentication);
+		given(this.delegate.authenticate(any())).willReturn(this.authentication);
 
 		Authentication result = this.manager.authenticate(this.authentication).block();
 
@@ -81,7 +81,7 @@ public class ReactiveAuthenticationManagerAdapterTests {
 
 	@Test
 	public void authenticateWhenBadCredentialsThenError() {
-		when(this.delegate.authenticate(any())).thenThrow(new BadCredentialsException("Failed"));
+		given(this.delegate.authenticate(any())).willThrow(new BadCredentialsException("Failed"));
 
 		Mono<Authentication> result = this.manager.authenticate(this.authentication);
 
diff --git a/core/src/test/java/org/springframework/security/authentication/ReactiveUserDetailsServiceAuthenticationManagerTests.java b/core/src/test/java/org/springframework/security/authentication/ReactiveUserDetailsServiceAuthenticationManagerTests.java
index 55c85a7954..69ff1b9aad 100644
--- a/core/src/test/java/org/springframework/security/authentication/ReactiveUserDetailsServiceAuthenticationManagerTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/ReactiveUserDetailsServiceAuthenticationManagerTests.java
@@ -33,7 +33,7 @@ import org.springframework.security.crypto.password.PasswordEncoder;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.Mockito.when;
+import static org.mockito.BDDMockito.given;
 
 /**
  * @author Rob Winch
@@ -69,7 +69,7 @@ public class ReactiveUserDetailsServiceAuthenticationManagerTests {
 
 	@Test
 	public void authenticateWhenUserNotFoundThenBadCredentials() {
-		when(this.repository.findByUsername(this.username)).thenReturn(Mono.empty());
+		given(this.repository.findByUsername(this.username)).willReturn(Mono.empty());
 
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(this.username,
 				this.password);
@@ -86,7 +86,7 @@ public class ReactiveUserDetailsServiceAuthenticationManagerTests {
 			.roles("USER")
 			.build();
 		// @formatter:on
-		when(this.repository.findByUsername(user.getUsername())).thenReturn(Mono.just(user));
+		given(this.repository.findByUsername(user.getUsername())).willReturn(Mono.just(user));
 
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(this.username,
 				this.password + "INVALID");
@@ -103,7 +103,7 @@ public class ReactiveUserDetailsServiceAuthenticationManagerTests {
 			.roles("USER")
 			.build();
 		// @formatter:on
-		when(this.repository.findByUsername(user.getUsername())).thenReturn(Mono.just(user));
+		given(this.repository.findByUsername(user.getUsername())).willReturn(Mono.just(user));
 
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(this.username,
 				this.password);
@@ -115,9 +115,9 @@ public class ReactiveUserDetailsServiceAuthenticationManagerTests {
 	@Test
 	public void authenticateWhenPasswordEncoderAndSuccessThenSuccess() {
 		this.manager.setPasswordEncoder(this.passwordEncoder);
-		when(this.passwordEncoder.matches(any(), any())).thenReturn(true);
+		given(this.passwordEncoder.matches(any(), any())).willReturn(true);
 		User user = new User(this.username, this.password, AuthorityUtils.createAuthorityList("ROLE_USER"));
-		when(this.repository.findByUsername(user.getUsername())).thenReturn(Mono.just(user));
+		given(this.repository.findByUsername(user.getUsername())).willReturn(Mono.just(user));
 
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(this.username,
 				this.password);
@@ -129,9 +129,9 @@ public class ReactiveUserDetailsServiceAuthenticationManagerTests {
 	@Test
 	public void authenticateWhenPasswordEncoderAndFailThenFail() {
 		this.manager.setPasswordEncoder(this.passwordEncoder);
-		when(this.passwordEncoder.matches(any(), any())).thenReturn(false);
+		given(this.passwordEncoder.matches(any(), any())).willReturn(false);
 		User user = new User(this.username, this.password, AuthorityUtils.createAuthorityList("ROLE_USER"));
-		when(this.repository.findByUsername(user.getUsername())).thenReturn(Mono.just(user));
+		given(this.repository.findByUsername(user.getUsername())).willReturn(Mono.just(user));
 
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(this.username,
 				this.password);
diff --git a/core/src/test/java/org/springframework/security/authentication/UserDetailsRepositoryReactiveAuthenticationManagerTests.java b/core/src/test/java/org/springframework/security/authentication/UserDetailsRepositoryReactiveAuthenticationManagerTests.java
index 6cd9900f1f..a551d8fcb8 100644
--- a/core/src/test/java/org/springframework/security/authentication/UserDetailsRepositoryReactiveAuthenticationManagerTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/UserDetailsRepositoryReactiveAuthenticationManagerTests.java
@@ -38,10 +38,10 @@ import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
-import static org.mockito.Mockito.doThrow;
+import static org.mockito.BDDMockito.given;
+import static org.mockito.BDDMockito.willThrow;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.verifyZeroInteractions;
-import static org.mockito.Mockito.when;
 
 /**
  * @author Rob Winch
@@ -78,7 +78,7 @@ public class UserDetailsRepositoryReactiveAuthenticationManagerTests {
 	@Before
 	public void setup() {
 		this.manager = new UserDetailsRepositoryReactiveAuthenticationManager(this.userDetailsService);
-		when(this.scheduler.schedule(any())).thenAnswer(a -> {
+		given(this.scheduler.schedule(any())).willAnswer(a -> {
 			Runnable r = a.getArgument(0);
 			return Schedulers.immediate().schedule(r);
 		});
@@ -91,8 +91,8 @@ public class UserDetailsRepositoryReactiveAuthenticationManagerTests {
 
 	@Test
 	public void authentiateWhenCustomSchedulerThenUsed() {
-		when(this.userDetailsService.findByUsername(any())).thenReturn(Mono.just(this.user));
-		when(this.encoder.matches(any(), any())).thenReturn(true);
+		given(this.userDetailsService.findByUsername(any())).willReturn(Mono.just(this.user));
+		given(this.encoder.matches(any(), any())).willReturn(true);
 		this.manager.setScheduler(this.scheduler);
 		this.manager.setPasswordEncoder(this.encoder);
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(this.user,
@@ -106,11 +106,11 @@ public class UserDetailsRepositoryReactiveAuthenticationManagerTests {
 	@Test
 	public void authenticateWhenPasswordServiceThenUpdated() {
 		String encodedPassword = "encoded";
-		when(this.userDetailsService.findByUsername(any())).thenReturn(Mono.just(this.user));
-		when(this.encoder.matches(any(), any())).thenReturn(true);
-		when(this.encoder.upgradeEncoding(any())).thenReturn(true);
-		when(this.encoder.encode(any())).thenReturn(encodedPassword);
-		when(this.userDetailsPasswordService.updatePassword(any(), any())).thenReturn(Mono.just(this.user));
+		given(this.userDetailsService.findByUsername(any())).willReturn(Mono.just(this.user));
+		given(this.encoder.matches(any(), any())).willReturn(true);
+		given(this.encoder.upgradeEncoding(any())).willReturn(true);
+		given(this.encoder.encode(any())).willReturn(encodedPassword);
+		given(this.userDetailsPasswordService.updatePassword(any(), any())).willReturn(Mono.just(this.user));
 		this.manager.setPasswordEncoder(this.encoder);
 		this.manager.setUserDetailsPasswordService(this.userDetailsPasswordService);
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(this.user,
@@ -124,8 +124,8 @@ public class UserDetailsRepositoryReactiveAuthenticationManagerTests {
 
 	@Test
 	public void authenticateWhenPasswordServiceAndBadCredentialsThenNotUpdated() {
-		when(this.userDetailsService.findByUsername(any())).thenReturn(Mono.just(this.user));
-		when(this.encoder.matches(any(), any())).thenReturn(false);
+		given(this.userDetailsService.findByUsername(any())).willReturn(Mono.just(this.user));
+		given(this.encoder.matches(any(), any())).willReturn(false);
 		this.manager.setPasswordEncoder(this.encoder);
 		this.manager.setUserDetailsPasswordService(this.userDetailsPasswordService);
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(this.user,
@@ -138,9 +138,9 @@ public class UserDetailsRepositoryReactiveAuthenticationManagerTests {
 
 	@Test
 	public void authenticateWhenPasswordServiceAndUpgradeFalseThenNotUpdated() {
-		when(this.userDetailsService.findByUsername(any())).thenReturn(Mono.just(this.user));
-		when(this.encoder.matches(any(), any())).thenReturn(true);
-		when(this.encoder.upgradeEncoding(any())).thenReturn(false);
+		given(this.userDetailsService.findByUsername(any())).willReturn(Mono.just(this.user));
+		given(this.encoder.matches(any(), any())).willReturn(true);
+		given(this.encoder.upgradeEncoding(any())).willReturn(false);
 		this.manager.setPasswordEncoder(this.encoder);
 		this.manager.setUserDetailsPasswordService(this.userDetailsPasswordService);
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(this.user,
@@ -153,9 +153,9 @@ public class UserDetailsRepositoryReactiveAuthenticationManagerTests {
 
 	@Test
 	public void authenticateWhenPostAuthenticationChecksFail() {
-		when(this.userDetailsService.findByUsername(any())).thenReturn(Mono.just(this.user));
-		doThrow(new LockedException("account is locked")).when(this.postAuthenticationChecks).check(any());
-		when(this.encoder.matches(any(), any())).thenReturn(true);
+		given(this.userDetailsService.findByUsername(any())).willReturn(Mono.just(this.user));
+		willThrow(new LockedException("account is locked")).given(this.postAuthenticationChecks).check(any());
+		given(this.encoder.matches(any(), any())).willReturn(true);
 		this.manager.setPasswordEncoder(this.encoder);
 		this.manager.setPostAuthenticationChecks(this.postAuthenticationChecks);
 
@@ -168,8 +168,8 @@ public class UserDetailsRepositoryReactiveAuthenticationManagerTests {
 
 	@Test
 	public void authenticateWhenPostAuthenticationChecksNotSet() {
-		when(this.userDetailsService.findByUsername(any())).thenReturn(Mono.just(this.user));
-		when(this.encoder.matches(any(), any())).thenReturn(true);
+		given(this.userDetailsService.findByUsername(any())).willReturn(Mono.just(this.user));
+		given(this.encoder.matches(any(), any())).willReturn(true);
 		this.manager.setPasswordEncoder(this.encoder);
 
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(this.user,
@@ -190,7 +190,7 @@ public class UserDetailsRepositoryReactiveAuthenticationManagerTests {
 				.accountExpired(true)
 				.build();
 		// @formatter:on
-		when(this.userDetailsService.findByUsername(any())).thenReturn(Mono.just(expiredUser));
+		given(this.userDetailsService.findByUsername(any())).willReturn(Mono.just(expiredUser));
 
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(expiredUser,
 				expiredUser.getPassword());
@@ -208,7 +208,7 @@ public class UserDetailsRepositoryReactiveAuthenticationManagerTests {
 				.accountLocked(true)
 				.build();
 		// @formatter:on
-		when(this.userDetailsService.findByUsername(any())).thenReturn(Mono.just(lockedUser));
+		given(this.userDetailsService.findByUsername(any())).willReturn(Mono.just(lockedUser));
 
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(lockedUser,
 				lockedUser.getPassword());
@@ -227,7 +227,7 @@ public class UserDetailsRepositoryReactiveAuthenticationManagerTests {
 				.disabled(true)
 				.build();
 		// @formatter:on
-		when(this.userDetailsService.findByUsername(any())).thenReturn(Mono.just(disabledUser));
+		given(this.userDetailsService.findByUsername(any())).willReturn(Mono.just(disabledUser));
 
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(disabledUser,
 				disabledUser.getPassword());
diff --git a/core/src/test/java/org/springframework/security/authentication/dao/DaoAuthenticationProviderTests.java b/core/src/test/java/org/springframework/security/authentication/dao/DaoAuthenticationProviderTests.java
index b3993f2f5d..90bbd2336f 100644
--- a/core/src/test/java/org/springframework/security/authentication/dao/DaoAuthenticationProviderTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/dao/DaoAuthenticationProviderTests.java
@@ -55,11 +55,11 @@ import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyString;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.ArgumentMatchers.isA;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.verifyZeroInteractions;
-import static org.mockito.Mockito.when;
 
 /**
  * Tests {@link DaoAuthenticationProvider}.
@@ -398,11 +398,11 @@ public class DaoAuthenticationProviderTests {
 		provider.setUserDetailsPasswordService(passwordManager);
 
 		UserDetails user = PasswordEncodedUser.user();
-		when(encoder.matches(any(), any())).thenReturn(true);
-		when(encoder.upgradeEncoding(any())).thenReturn(true);
-		when(encoder.encode(any())).thenReturn(encodedPassword);
-		when(userDetailsService.loadUserByUsername(any())).thenReturn(user);
-		when(passwordManager.updatePassword(any(), any())).thenReturn(user);
+		given(encoder.matches(any(), any())).willReturn(true);
+		given(encoder.upgradeEncoding(any())).willReturn(true);
+		given(encoder.encode(any())).willReturn(encodedPassword);
+		given(userDetailsService.loadUserByUsername(any())).willReturn(user);
+		given(passwordManager.updatePassword(any(), any())).willReturn(user);
 
 		Authentication result = provider.authenticate(token);
 
@@ -423,8 +423,8 @@ public class DaoAuthenticationProviderTests {
 		provider.setUserDetailsPasswordService(passwordManager);
 
 		UserDetails user = PasswordEncodedUser.user();
-		when(encoder.matches(any(), any())).thenReturn(false);
-		when(userDetailsService.loadUserByUsername(any())).thenReturn(user);
+		given(encoder.matches(any(), any())).willReturn(false);
+		given(userDetailsService.loadUserByUsername(any())).willReturn(user);
 
 		assertThatThrownBy(() -> provider.authenticate(token)).isInstanceOf(BadCredentialsException.class);
 
@@ -444,9 +444,9 @@ public class DaoAuthenticationProviderTests {
 		provider.setUserDetailsPasswordService(passwordManager);
 
 		UserDetails user = PasswordEncodedUser.user();
-		when(encoder.matches(any(), any())).thenReturn(true);
-		when(encoder.upgradeEncoding(any())).thenReturn(false);
-		when(userDetailsService.loadUserByUsername(any())).thenReturn(user);
+		given(encoder.matches(any(), any())).willReturn(true);
+		given(encoder.upgradeEncoding(any())).willReturn(false);
+		given(userDetailsService.loadUserByUsername(any())).willReturn(user);
 
 		Authentication result = provider.authenticate(token);
 
@@ -564,7 +564,7 @@ public class DaoAuthenticationProviderTests {
 	public void testUserNotFoundEncodesPassword() throws Exception {
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("missing", "koala");
 		PasswordEncoder encoder = mock(PasswordEncoder.class);
-		when(encoder.encode(anyString())).thenReturn("koala");
+		given(encoder.encode(anyString())).willReturn("koala");
 		DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
 		provider.setHideUserNotFoundExceptions(false);
 		provider.setPasswordEncoder(encoder);
diff --git a/core/src/test/java/org/springframework/security/authentication/jaas/DefaultJaasAuthenticationProviderTests.java b/core/src/test/java/org/springframework/security/authentication/jaas/DefaultJaasAuthenticationProviderTests.java
index 190e116a80..7951b5cc61 100644
--- a/core/src/test/java/org/springframework/security/authentication/jaas/DefaultJaasAuthenticationProviderTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/jaas/DefaultJaasAuthenticationProviderTests.java
@@ -47,11 +47,11 @@ import static org.assertj.core.api.Assertions.fail;
 import static org.mockito.ArgumentMatchers.anyString;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.ArgumentMatchers.isA;
-import static org.mockito.Mockito.doThrow;
+import static org.mockito.BDDMockito.given;
+import static org.mockito.BDDMockito.willThrow;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.verifyNoMoreInteractions;
-import static org.mockito.Mockito.when;
 
 public class DefaultJaasAuthenticationProviderTests {
 
@@ -76,7 +76,7 @@ public class DefaultJaasAuthenticationProviderTests {
 		AppConfigurationEntry[] aces = new AppConfigurationEntry[] {
 				new AppConfigurationEntry(TestLoginModule.class.getName(), LoginModuleControlFlag.REQUIRED,
 						Collections.<String, Object>emptyMap()) };
-		when(configuration.getAppConfigurationEntry(this.provider.getLoginContextName())).thenReturn(aces);
+		given(configuration.getAppConfigurationEntry(this.provider.getLoginContextName())).willReturn(aces);
 		this.token = new UsernamePasswordAuthenticationToken("user", "password");
 		ReflectionTestUtils.setField(this.provider, "log", this.log);
 
@@ -141,9 +141,9 @@ public class DefaultJaasAuthenticationProviderTests {
 		JaasAuthenticationToken token = mock(JaasAuthenticationToken.class);
 		LoginContext context = mock(LoginContext.class);
 
-		when(event.getSecurityContexts()).thenReturn(Arrays.asList(securityContext));
-		when(securityContext.getAuthentication()).thenReturn(token);
-		when(token.getLoginContext()).thenReturn(context);
+		given(event.getSecurityContexts()).willReturn(Arrays.asList(securityContext));
+		given(securityContext.getAuthentication()).willReturn(token);
+		given(token.getLoginContext()).willReturn(context);
 
 		this.provider.onApplicationEvent(event);
 
@@ -170,7 +170,7 @@ public class DefaultJaasAuthenticationProviderTests {
 		SessionDestroyedEvent event = mock(SessionDestroyedEvent.class);
 		SecurityContext securityContext = mock(SecurityContext.class);
 
-		when(event.getSecurityContexts()).thenReturn(Arrays.asList(securityContext));
+		given(event.getSecurityContexts()).willReturn(Arrays.asList(securityContext));
 
 		this.provider.handleLogout(event);
 
@@ -185,8 +185,8 @@ public class DefaultJaasAuthenticationProviderTests {
 		SessionDestroyedEvent event = mock(SessionDestroyedEvent.class);
 		SecurityContext securityContext = mock(SecurityContext.class);
 
-		when(event.getSecurityContexts()).thenReturn(Arrays.asList(securityContext));
-		when(securityContext.getAuthentication()).thenReturn(this.token);
+		given(event.getSecurityContexts()).willReturn(Arrays.asList(securityContext));
+		given(securityContext.getAuthentication()).willReturn(this.token);
 
 		this.provider.handleLogout(event);
 
@@ -202,8 +202,8 @@ public class DefaultJaasAuthenticationProviderTests {
 		SecurityContext securityContext = mock(SecurityContext.class);
 		JaasAuthenticationToken token = mock(JaasAuthenticationToken.class);
 
-		when(event.getSecurityContexts()).thenReturn(Arrays.asList(securityContext));
-		when(securityContext.getAuthentication()).thenReturn(token);
+		given(event.getSecurityContexts()).willReturn(Arrays.asList(securityContext));
+		given(securityContext.getAuthentication()).willReturn(token);
 
 		this.provider.onApplicationEvent(event);
 		verify(event).getSecurityContexts();
@@ -221,10 +221,10 @@ public class DefaultJaasAuthenticationProviderTests {
 		LoginContext context = mock(LoginContext.class);
 		LoginException loginException = new LoginException("Failed Login");
 
-		when(event.getSecurityContexts()).thenReturn(Arrays.asList(securityContext));
-		when(securityContext.getAuthentication()).thenReturn(token);
-		when(token.getLoginContext()).thenReturn(context);
-		doThrow(loginException).when(context).logout();
+		given(event.getSecurityContexts()).willReturn(Arrays.asList(securityContext));
+		given(securityContext.getAuthentication()).willReturn(token);
+		given(token.getLoginContext()).willReturn(context);
+		willThrow(loginException).given(context).logout();
 
 		this.provider.onApplicationEvent(event);
 
diff --git a/core/src/test/java/org/springframework/security/authentication/jaas/JaasAuthenticationProviderTests.java b/core/src/test/java/org/springframework/security/authentication/jaas/JaasAuthenticationProviderTests.java
index 7a20b359ae..4fd27e898b 100644
--- a/core/src/test/java/org/springframework/security/authentication/jaas/JaasAuthenticationProviderTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/jaas/JaasAuthenticationProviderTests.java
@@ -47,8 +47,8 @@ import org.springframework.security.core.session.SessionDestroyedEvent;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.fail;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
 
 /**
  * Tests for the JaasAuthenticationProvider
@@ -258,7 +258,7 @@ public class JaasAuthenticationProviderTests {
 		context.setAuthentication(token);
 
 		SessionDestroyedEvent event = mock(SessionDestroyedEvent.class);
-		when(event.getSecurityContexts()).thenReturn(Arrays.asList(context));
+		given(event.getSecurityContexts()).willReturn(Arrays.asList(context));
 
 		this.jaasProvider.handleLogout(event);
 
diff --git a/core/src/test/java/org/springframework/security/authentication/rcp/RemoteAuthenticationManagerImplTests.java b/core/src/test/java/org/springframework/security/authentication/rcp/RemoteAuthenticationManagerImplTests.java
index 06327a9b68..3602d38288 100644
--- a/core/src/test/java/org/springframework/security/authentication/rcp/RemoteAuthenticationManagerImplTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/rcp/RemoteAuthenticationManagerImplTests.java
@@ -25,8 +25,8 @@ import org.springframework.security.core.Authentication;
 
 import static org.assertj.core.api.Assertions.fail;
 import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
 
 /**
  * Tests {@link RemoteAuthenticationManagerImpl}.
@@ -39,7 +39,7 @@ public class RemoteAuthenticationManagerImplTests {
 	public void testFailedAuthenticationReturnsRemoteAuthenticationException() {
 		RemoteAuthenticationManagerImpl manager = new RemoteAuthenticationManagerImpl();
 		AuthenticationManager am = mock(AuthenticationManager.class);
-		when(am.authenticate(any(Authentication.class))).thenThrow(new BadCredentialsException(""));
+		given(am.authenticate(any(Authentication.class))).willThrow(new BadCredentialsException(""));
 		manager.setAuthenticationManager(am);
 
 		manager.attemptAuthentication("rod", "password");
@@ -65,7 +65,7 @@ public class RemoteAuthenticationManagerImplTests {
 	public void testSuccessfulAuthentication() {
 		RemoteAuthenticationManagerImpl manager = new RemoteAuthenticationManagerImpl();
 		AuthenticationManager am = mock(AuthenticationManager.class);
-		when(am.authenticate(any(Authentication.class))).thenReturn(new TestingAuthenticationToken("u", "p", "A"));
+		given(am.authenticate(any(Authentication.class))).willReturn(new TestingAuthenticationToken("u", "p", "A"));
 		manager.setAuthenticationManager(am);
 
 		manager.attemptAuthentication("rod", "password");
diff --git a/core/src/test/java/org/springframework/security/authorization/AuthenticatedReactiveAuthorizationManagerTests.java b/core/src/test/java/org/springframework/security/authorization/AuthenticatedReactiveAuthorizationManagerTests.java
index fb8f606b39..788fb05eb1 100644
--- a/core/src/test/java/org/springframework/security/authorization/AuthenticatedReactiveAuthorizationManagerTests.java
+++ b/core/src/test/java/org/springframework/security/authorization/AuthenticatedReactiveAuthorizationManagerTests.java
@@ -27,8 +27,8 @@ import org.springframework.security.authentication.AnonymousAuthenticationToken;
 import org.springframework.security.core.Authentication;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
 
 /**
  * @author Rob Winch
@@ -45,7 +45,7 @@ public class AuthenticatedReactiveAuthorizationManagerTests {
 
 	@Test
 	public void checkWhenAuthenticatedThenReturnTrue() {
-		when(this.authentication.isAuthenticated()).thenReturn(true);
+		given(this.authentication.isAuthenticated()).willReturn(true);
 
 		boolean granted = this.manager.check(Mono.just(this.authentication), null).block().isGranted();
 
diff --git a/core/src/test/java/org/springframework/security/authorization/AuthorityReactiveAuthorizationManagerTests.java b/core/src/test/java/org/springframework/security/authorization/AuthorityReactiveAuthorizationManagerTests.java
index 0a97cec9df..eeb5fe479d 100644
--- a/core/src/test/java/org/springframework/security/authorization/AuthorityReactiveAuthorizationManagerTests.java
+++ b/core/src/test/java/org/springframework/security/authorization/AuthorityReactiveAuthorizationManagerTests.java
@@ -29,7 +29,7 @@ import org.springframework.security.authentication.TestingAuthenticationToken;
 import org.springframework.security.core.Authentication;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.Mockito.when;
+import static org.mockito.BDDMockito.given;
 
 /**
  * @author Rob Winch
@@ -66,8 +66,8 @@ public class AuthorityReactiveAuthorizationManagerTests {
 
 	@Test
 	public void checkWhenHasAuthorityAndAuthenticatedAndNoAuthoritiesThenReturnFalse() {
-		when(this.authentication.isAuthenticated()).thenReturn(true);
-		when(this.authentication.getAuthorities()).thenReturn(Collections.emptyList());
+		given(this.authentication.isAuthenticated()).willReturn(true);
+		given(this.authentication.getAuthorities()).willReturn(Collections.emptyList());
 
 		boolean granted = this.manager.check(Mono.just(this.authentication), null).block().isGranted();
 
diff --git a/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextExecutorServiceTests.java b/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextExecutorServiceTests.java
index e13de8e6c1..effd99686a 100644
--- a/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextExecutorServiceTests.java
+++ b/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextExecutorServiceTests.java
@@ -26,8 +26,8 @@ import org.junit.Test;
 import org.mockito.Mock;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 
 /**
  * Abstract class for testing {@link DelegatingSecurityContextExecutorService} which
@@ -97,7 +97,7 @@ public abstract class AbstractDelegatingSecurityContextExecutorServiceTests
 
 	@Test
 	public void submitCallable() {
-		when(this.delegate.submit(this.wrappedCallable)).thenReturn(this.expectedFutureObject);
+		given(this.delegate.submit(this.wrappedCallable)).willReturn(this.expectedFutureObject);
 		Future<Object> result = this.executor.submit(this.callable);
 		verify(this.delegate).submit(this.wrappedCallable);
 		assertThat(result).isEqualTo(this.expectedFutureObject);
@@ -105,7 +105,7 @@ public abstract class AbstractDelegatingSecurityContextExecutorServiceTests
 
 	@Test
 	public void submitRunnableWithResult() {
-		when(this.delegate.submit(this.wrappedRunnable, this.resultArg)).thenReturn(this.expectedFutureObject);
+		given(this.delegate.submit(this.wrappedRunnable, this.resultArg)).willReturn(this.expectedFutureObject);
 		Future<Object> result = this.executor.submit(this.runnable, this.resultArg);
 		verify(this.delegate).submit(this.wrappedRunnable, this.resultArg);
 		assertThat(result).isEqualTo(this.expectedFutureObject);
@@ -114,7 +114,7 @@ public abstract class AbstractDelegatingSecurityContextExecutorServiceTests
 	@Test
 	@SuppressWarnings("unchecked")
 	public void submitRunnable() {
-		when((Future<Object>) this.delegate.submit(this.wrappedRunnable)).thenReturn(this.expectedFutureObject);
+		given((Future<Object>) this.delegate.submit(this.wrappedRunnable)).willReturn(this.expectedFutureObject);
 		Future<?> result = this.executor.submit(this.runnable);
 		verify(this.delegate).submit(this.wrappedRunnable);
 		assertThat(result).isEqualTo(this.expectedFutureObject);
@@ -125,7 +125,7 @@ public abstract class AbstractDelegatingSecurityContextExecutorServiceTests
 	public void invokeAll() throws Exception {
 		List<Future<Object>> exectedResult = Arrays.asList(this.expectedFutureObject);
 		List<Callable<Object>> wrappedCallables = Arrays.asList(this.wrappedCallable);
-		when(this.delegate.invokeAll(wrappedCallables)).thenReturn(exectedResult);
+		given(this.delegate.invokeAll(wrappedCallables)).willReturn(exectedResult);
 		List<Future<Object>> result = this.executor.invokeAll(Arrays.asList(this.callable));
 		verify(this.delegate).invokeAll(wrappedCallables);
 		assertThat(result).isEqualTo(exectedResult);
@@ -136,7 +136,7 @@ public abstract class AbstractDelegatingSecurityContextExecutorServiceTests
 	public void invokeAllTimeout() throws Exception {
 		List<Future<Object>> exectedResult = Arrays.asList(this.expectedFutureObject);
 		List<Callable<Object>> wrappedCallables = Arrays.asList(this.wrappedCallable);
-		when(this.delegate.invokeAll(wrappedCallables, 1, TimeUnit.SECONDS)).thenReturn(exectedResult);
+		given(this.delegate.invokeAll(wrappedCallables, 1, TimeUnit.SECONDS)).willReturn(exectedResult);
 		List<Future<Object>> result = this.executor.invokeAll(Arrays.asList(this.callable), 1, TimeUnit.SECONDS);
 		verify(this.delegate).invokeAll(wrappedCallables, 1, TimeUnit.SECONDS);
 		assertThat(result).isEqualTo(exectedResult);
@@ -147,7 +147,7 @@ public abstract class AbstractDelegatingSecurityContextExecutorServiceTests
 	public void invokeAny() throws Exception {
 		List<Future<Object>> exectedResult = Arrays.asList(this.expectedFutureObject);
 		List<Callable<Object>> wrappedCallables = Arrays.asList(this.wrappedCallable);
-		when(this.delegate.invokeAny(wrappedCallables)).thenReturn(exectedResult);
+		given(this.delegate.invokeAny(wrappedCallables)).willReturn(exectedResult);
 		Object result = this.executor.invokeAny(Arrays.asList(this.callable));
 		verify(this.delegate).invokeAny(wrappedCallables);
 		assertThat(result).isEqualTo(exectedResult);
@@ -158,7 +158,7 @@ public abstract class AbstractDelegatingSecurityContextExecutorServiceTests
 	public void invokeAnyTimeout() throws Exception {
 		List<Future<Object>> exectedResult = Arrays.asList(this.expectedFutureObject);
 		List<Callable<Object>> wrappedCallables = Arrays.asList(this.wrappedCallable);
-		when(this.delegate.invokeAny(wrappedCallables, 1, TimeUnit.SECONDS)).thenReturn(exectedResult);
+		given(this.delegate.invokeAny(wrappedCallables, 1, TimeUnit.SECONDS)).willReturn(exectedResult);
 		Object result = this.executor.invokeAny(Arrays.asList(this.callable), 1, TimeUnit.SECONDS);
 		verify(this.delegate).invokeAny(wrappedCallables, 1, TimeUnit.SECONDS);
 		assertThat(result).isEqualTo(exectedResult);
diff --git a/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextScheduledExecutorServiceTests.java b/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextScheduledExecutorServiceTests.java
index d46f018dcf..62de21e806 100644
--- a/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextScheduledExecutorServiceTests.java
+++ b/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextScheduledExecutorServiceTests.java
@@ -23,8 +23,8 @@ import org.junit.Test;
 import org.mockito.Mock;
 
 import static org.assertj.core.api.AssertionsForClassTypes.assertThat;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 
 /**
  * Abstract class for testing {@link DelegatingSecurityContextScheduledExecutorService}
@@ -52,8 +52,8 @@ public abstract class AbstractDelegatingSecurityContextScheduledExecutorServiceT
 	@Test
 	@SuppressWarnings("unchecked")
 	public void scheduleRunnable() {
-		when((ScheduledFuture<Object>) this.delegate.schedule(this.wrappedRunnable, 1, TimeUnit.SECONDS))
-				.thenReturn(this.expectedResult);
+		given((ScheduledFuture<Object>) this.delegate.schedule(this.wrappedRunnable, 1, TimeUnit.SECONDS))
+				.willReturn(this.expectedResult);
 		ScheduledFuture<?> result = this.executor.schedule(this.runnable, 1, TimeUnit.SECONDS);
 		assertThat(result).isEqualTo(this.expectedResult);
 		verify(this.delegate).schedule(this.wrappedRunnable, 1, TimeUnit.SECONDS);
@@ -61,7 +61,7 @@ public abstract class AbstractDelegatingSecurityContextScheduledExecutorServiceT
 
 	@Test
 	public void scheduleCallable() {
-		when(this.delegate.schedule(this.wrappedCallable, 1, TimeUnit.SECONDS)).thenReturn(this.expectedResult);
+		given(this.delegate.schedule(this.wrappedCallable, 1, TimeUnit.SECONDS)).willReturn(this.expectedResult);
 		ScheduledFuture<Object> result = this.executor.schedule(this.callable, 1, TimeUnit.SECONDS);
 		assertThat(result).isEqualTo(this.expectedResult);
 		verify(this.delegate).schedule(this.wrappedCallable, 1, TimeUnit.SECONDS);
@@ -70,8 +70,8 @@ public abstract class AbstractDelegatingSecurityContextScheduledExecutorServiceT
 	@Test
 	@SuppressWarnings("unchecked")
 	public void scheduleAtFixedRate() {
-		when((ScheduledFuture<Object>) this.delegate.scheduleAtFixedRate(this.wrappedRunnable, 1, 2, TimeUnit.SECONDS))
-				.thenReturn(this.expectedResult);
+		given((ScheduledFuture<Object>) this.delegate.scheduleAtFixedRate(this.wrappedRunnable, 1, 2, TimeUnit.SECONDS))
+				.willReturn(this.expectedResult);
 		ScheduledFuture<?> result = this.executor.scheduleAtFixedRate(this.runnable, 1, 2, TimeUnit.SECONDS);
 		assertThat(result).isEqualTo(this.expectedResult);
 		verify(this.delegate).scheduleAtFixedRate(this.wrappedRunnable, 1, 2, TimeUnit.SECONDS);
@@ -80,8 +80,8 @@ public abstract class AbstractDelegatingSecurityContextScheduledExecutorServiceT
 	@Test
 	@SuppressWarnings("unchecked")
 	public void scheduleWithFixedDelay() {
-		when((ScheduledFuture<Object>) this.delegate.scheduleWithFixedDelay(this.wrappedRunnable, 1, 2,
-				TimeUnit.SECONDS)).thenReturn(this.expectedResult);
+		given((ScheduledFuture<Object>) this.delegate.scheduleWithFixedDelay(this.wrappedRunnable, 1, 2,
+				TimeUnit.SECONDS)).willReturn(this.expectedResult);
 		ScheduledFuture<?> result = this.executor.scheduleWithFixedDelay(this.runnable, 1, 2, TimeUnit.SECONDS);
 		assertThat(result).isEqualTo(this.expectedResult);
 		verify(this.delegate).scheduleWithFixedDelay(this.wrappedRunnable, 1, 2, TimeUnit.SECONDS);
diff --git a/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextCallableTests.java b/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextCallableTests.java
index dd47ea392b..0d386424f6 100644
--- a/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextCallableTests.java
+++ b/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextCallableTests.java
@@ -33,8 +33,8 @@ import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.core.context.SecurityContextHolder;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 
 /**
  * @author Rob Winch
@@ -62,7 +62,7 @@ public class DelegatingSecurityContextCallableTests {
 	@SuppressWarnings("serial")
 	public void setUp() throws Exception {
 		this.originalSecurityContext = SecurityContextHolder.createEmptyContext();
-		when(this.delegate.call()).thenAnswer(new Returns(this.callableResult) {
+		given(this.delegate.call()).willAnswer(new Returns(this.callableResult) {
 			@Override
 			public Object answer(InvocationOnMock invocation) throws Throwable {
 				assertThat(SecurityContextHolder.getContext())
diff --git a/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextRunnableTests.java b/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextRunnableTests.java
index a444ff0dc0..12365b4fc1 100644
--- a/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextRunnableTests.java
+++ b/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextRunnableTests.java
@@ -33,7 +33,7 @@ import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.core.context.SecurityContextHolder;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.Mockito.doAnswer;
+import static org.mockito.BDDMockito.willAnswer;
 import static org.mockito.Mockito.verify;
 
 /**
@@ -61,10 +61,10 @@ public class DelegatingSecurityContextRunnableTests {
 	@Before
 	public void setUp() {
 		this.originalSecurityContext = SecurityContextHolder.createEmptyContext();
-		doAnswer((Answer<Object>) invocation -> {
+		willAnswer((Answer<Object>) invocation -> {
 			assertThat(SecurityContextHolder.getContext()).isEqualTo(this.securityContext);
 			return null;
-		}).when(this.delegate).run();
+		}).given(this.delegate).run();
 
 		this.executor = Executors.newFixedThreadPool(1);
 	}
diff --git a/core/src/test/java/org/springframework/security/context/DelegatingApplicationListenerTests.java b/core/src/test/java/org/springframework/security/context/DelegatingApplicationListenerTests.java
index 3c4a7c50bf..2fcd276cc2 100644
--- a/core/src/test/java/org/springframework/security/context/DelegatingApplicationListenerTests.java
+++ b/core/src/test/java/org/springframework/security/context/DelegatingApplicationListenerTests.java
@@ -25,9 +25,9 @@ import org.springframework.context.ApplicationEvent;
 import org.springframework.context.event.SmartApplicationListener;
 
 import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.never;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 
 @RunWith(MockitoJUnitRunner.class)
 public class DelegatingApplicationListenerTests {
@@ -56,8 +56,8 @@ public class DelegatingApplicationListenerTests {
 
 	@Test
 	public void processEventSuccess() {
-		when(this.delegate.supportsEventType(this.event.getClass())).thenReturn(true);
-		when(this.delegate.supportsSourceType(this.event.getSource().getClass())).thenReturn(true);
+		given(this.delegate.supportsEventType(this.event.getClass())).willReturn(true);
+		given(this.delegate.supportsSourceType(this.event.getSource().getClass())).willReturn(true);
 		this.listener.onApplicationEvent(this.event);
 
 		verify(this.delegate).onApplicationEvent(this.event);
@@ -72,7 +72,7 @@ public class DelegatingApplicationListenerTests {
 
 	@Test
 	public void processEventSourceTypeNotSupported() {
-		when(this.delegate.supportsEventType(this.event.getClass())).thenReturn(true);
+		given(this.delegate.supportsEventType(this.event.getClass())).willReturn(true);
 		this.listener.onApplicationEvent(this.event);
 
 		verify(this.delegate, never()).onApplicationEvent(any(ApplicationEvent.class));
diff --git a/core/src/test/java/org/springframework/security/provisioning/JdbcUserDetailsManagerTests.java b/core/src/test/java/org/springframework/security/provisioning/JdbcUserDetailsManagerTests.java
index 7253bbe02e..424a344aa0 100644
--- a/core/src/test/java/org/springframework/security/provisioning/JdbcUserDetailsManagerTests.java
+++ b/core/src/test/java/org/springframework/security/provisioning/JdbcUserDetailsManagerTests.java
@@ -45,8 +45,8 @@ import org.springframework.security.core.userdetails.UserDetails;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.fail;
 import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
 
 /**
  * Tests for {@link JdbcUserDetailsManager}
@@ -225,7 +225,7 @@ public class JdbcUserDetailsManagerTests {
 		insertJoe();
 		Authentication currentAuth = authenticateJoe();
 		AuthenticationManager am = mock(AuthenticationManager.class);
-		when(am.authenticate(currentAuth)).thenReturn(currentAuth);
+		given(am.authenticate(currentAuth)).willReturn(currentAuth);
 
 		this.manager.setAuthenticationManager(am);
 		this.manager.changePassword("password", "newPassword");
@@ -245,7 +245,7 @@ public class JdbcUserDetailsManagerTests {
 		insertJoe();
 		authenticateJoe();
 		AuthenticationManager am = mock(AuthenticationManager.class);
-		when(am.authenticate(any(Authentication.class))).thenThrow(new BadCredentialsException(""));
+		given(am.authenticate(any(Authentication.class))).willThrow(new BadCredentialsException(""));
 
 		this.manager.setAuthenticationManager(am);
 
diff --git a/crypto/src/test/java/org/springframework/security/crypto/encrypt/AesBytesEncryptorTests.java b/crypto/src/test/java/org/springframework/security/crypto/encrypt/AesBytesEncryptorTests.java
index f977ae835b..124889e337 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/encrypt/AesBytesEncryptorTests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/encrypt/AesBytesEncryptorTests.java
@@ -26,8 +26,8 @@ import org.springframework.security.crypto.codec.Hex;
 import org.springframework.security.crypto.keygen.BytesKeyGenerator;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
 import static org.springframework.security.crypto.encrypt.AesBytesEncryptor.CipherAlgorithm.GCM;
 import static org.springframework.security.crypto.encrypt.CipherUtils.newSecretKey;
 import static org.springframework.security.crypto.password.Pbkdf2PasswordEncoder.SecretKeyFactoryAlgorithm.PBKDF2WithHmacSHA1;
@@ -48,8 +48,8 @@ public class AesBytesEncryptorTests {
 	@Before
 	public void setUp() {
 		this.generator = mock(BytesKeyGenerator.class);
-		when(this.generator.generateKey()).thenReturn(Hex.decode("4b0febebd439db7ca77153cb254520c3"));
-		when(this.generator.getKeyLength()).thenReturn(16);
+		given(this.generator.generateKey()).willReturn(Hex.decode("4b0febebd439db7ca77153cb254520c3"));
+		given(this.generator.getKeyLength()).willReturn(16);
 	}
 
 	@Test
diff --git a/crypto/src/test/java/org/springframework/security/crypto/password/DelegatingPasswordEncoderTests.java b/crypto/src/test/java/org/springframework/security/crypto/password/DelegatingPasswordEncoderTests.java
index b9ab13312c..e53288afcc 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/password/DelegatingPasswordEncoderTests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/password/DelegatingPasswordEncoderTests.java
@@ -29,9 +29,9 @@ import org.mockito.junit.MockitoJUnitRunner;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.verifyZeroInteractions;
-import static org.mockito.Mockito.when;
 
 /**
  * @author Rob Winch
@@ -101,14 +101,14 @@ public class DelegatingPasswordEncoderTests {
 
 	@Test
 	public void encodeWhenValidThenUsesIdForEncode() {
-		when(this.bcrypt.encode(this.rawPassword)).thenReturn(this.encodedPassword);
+		given(this.bcrypt.encode(this.rawPassword)).willReturn(this.encodedPassword);
 
 		assertThat(this.passwordEncoder.encode(this.rawPassword)).isEqualTo(this.bcryptEncodedPassword);
 	}
 
 	@Test
 	public void matchesWhenBCryptThenDelegatesToBCrypt() {
-		when(this.bcrypt.matches(this.rawPassword, this.encodedPassword)).thenReturn(true);
+		given(this.bcrypt.matches(this.rawPassword, this.encodedPassword)).willReturn(true);
 
 		assertThat(this.passwordEncoder.matches(this.rawPassword, this.bcryptEncodedPassword)).isTrue();
 
@@ -118,7 +118,7 @@ public class DelegatingPasswordEncoderTests {
 
 	@Test
 	public void matchesWhenNoopThenDelegatesToNoop() {
-		when(this.noop.matches(this.rawPassword, this.encodedPassword)).thenReturn(true);
+		given(this.noop.matches(this.rawPassword, this.encodedPassword)).willReturn(true);
 
 		assertThat(this.passwordEncoder.matches(this.rawPassword, this.noopEncodedPassword)).isTrue();
 
@@ -188,7 +188,7 @@ public class DelegatingPasswordEncoderTests {
 	public void matchesWhenNullIdThenDelegatesToInvalidId() {
 		this.delegates.put(null, this.invalidId);
 		this.passwordEncoder = new DelegatingPasswordEncoder(this.bcryptId, this.delegates);
-		when(this.invalidId.matches(this.rawPassword, this.encodedPassword)).thenReturn(true);
+		given(this.invalidId.matches(this.rawPassword, this.encodedPassword)).willReturn(true);
 
 		assertThat(this.passwordEncoder.matches(this.rawPassword, this.encodedPassword)).isTrue();
 
@@ -225,7 +225,7 @@ public class DelegatingPasswordEncoderTests {
 
 	@Test
 	public void upgradeEncodingWhenSameIdAndEncoderTrueThenEncoderDecidesTrue() {
-		when(this.bcrypt.upgradeEncoding(any())).thenReturn(true);
+		given(this.bcrypt.upgradeEncoding(any())).willReturn(true);
 
 		assertThat(this.passwordEncoder.upgradeEncoding(this.bcryptEncodedPassword)).isTrue();
 
diff --git a/etc/checkstyle/checkstyle-suppressions.xml b/etc/checkstyle/checkstyle-suppressions.xml
index 99a5d4b17a..92888c1f7f 100644
--- a/etc/checkstyle/checkstyle-suppressions.xml
+++ b/etc/checkstyle/checkstyle-suppressions.xml
@@ -3,7 +3,6 @@
 		"-//Checkstyle//DTD SuppressionFilter Configuration 1.2//EN"
 		"https://checkstyle.org/dtds/suppressions_1_2.dtd">
 <suppressions>
-	<suppress files=".*" checks="RegexpSinglelineJava" />
 	<suppress files=".*" checks="SimplifyBooleanExpression" />
 	<suppress files=".*" checks="SimplifyBooleanReturn" />
 	<suppress files=".*" checks="SpringAvoidStaticImport" />
diff --git a/ldap/src/test/java/org/springframework/security/ldap/LdapUtilsTests.java b/ldap/src/test/java/org/springframework/security/ldap/LdapUtilsTests.java
index 69f8ff8c68..7978c18b4b 100644
--- a/ldap/src/test/java/org/springframework/security/ldap/LdapUtilsTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/LdapUtilsTests.java
@@ -22,9 +22,9 @@ import javax.naming.directory.DirContext;
 import org.junit.Test;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.Mockito.doThrow;
+import static org.mockito.BDDMockito.given;
+import static org.mockito.BDDMockito.willThrow;
 import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
 
 /**
  * Tests {@link LdapUtils}
@@ -36,7 +36,7 @@ public class LdapUtilsTests {
 	@Test
 	public void testCloseContextSwallowsNamingException() throws Exception {
 		final DirContext dirCtx = mock(DirContext.class);
-		doThrow(new NamingException()).when(dirCtx).close();
+		willThrow(new NamingException()).given(dirCtx).close();
 
 		LdapUtils.closeContext(dirCtx);
 	}
@@ -45,7 +45,7 @@ public class LdapUtilsTests {
 	public void testGetRelativeNameReturnsEmptyStringForDnEqualToBaseName() throws Exception {
 		final DirContext mockCtx = mock(DirContext.class);
 
-		when(mockCtx.getNameInNamespace()).thenReturn("dc=springframework,dc=org");
+		given(mockCtx.getNameInNamespace()).willReturn("dc=springframework,dc=org");
 
 		assertThat(LdapUtils.getRelativeName("dc=springframework,dc=org", mockCtx)).isEqualTo("");
 	}
@@ -53,7 +53,7 @@ public class LdapUtilsTests {
 	@Test
 	public void testGetRelativeNameReturnsFullDnWithEmptyBaseName() throws Exception {
 		final DirContext mockCtx = mock(DirContext.class);
-		when(mockCtx.getNameInNamespace()).thenReturn("");
+		given(mockCtx.getNameInNamespace()).willReturn("");
 
 		assertThat(LdapUtils.getRelativeName("cn=jane,dc=springframework,dc=org", mockCtx))
 				.isEqualTo("cn=jane,dc=springframework,dc=org");
@@ -62,7 +62,7 @@ public class LdapUtilsTests {
 	@Test
 	public void testGetRelativeNameWorksWithArbitrarySpaces() throws Exception {
 		final DirContext mockCtx = mock(DirContext.class);
-		when(mockCtx.getNameInNamespace()).thenReturn("dc=springsecurity,dc = org");
+		given(mockCtx.getNameInNamespace()).willReturn("dc=springsecurity,dc = org");
 
 		assertThat(LdapUtils.getRelativeName("cn=jane smith, dc = springsecurity , dc=org", mockCtx))
 				.isEqualTo("cn=jane smith");
diff --git a/ldap/src/test/java/org/springframework/security/ldap/SpringSecurityLdapTemplateTests.java b/ldap/src/test/java/org/springframework/security/ldap/SpringSecurityLdapTemplateTests.java
index 069a4561db..2eb15fbbcd 100644
--- a/ldap/src/test/java/org/springframework/security/ldap/SpringSecurityLdapTemplateTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/SpringSecurityLdapTemplateTests.java
@@ -33,8 +33,8 @@ import org.springframework.ldap.core.DistinguishedName;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
 
 @RunWith(MockitoJUnitRunner.class)
 public class SpringSecurityLdapTemplateTests {
@@ -60,11 +60,11 @@ public class SpringSecurityLdapTemplateTests {
 		Object[] params = new Object[] {};
 		DirContextAdapter searchResultObject = mock(DirContextAdapter.class);
 
-		when(this.ctx.search(any(DistinguishedName.class), eq(filter), eq(params), this.searchControls.capture()))
-				.thenReturn(this.resultsEnum);
-		when(this.resultsEnum.hasMore()).thenReturn(true, false);
-		when(this.resultsEnum.next()).thenReturn(this.searchResult);
-		when(this.searchResult.getObject()).thenReturn(searchResultObject);
+		given(this.ctx.search(any(DistinguishedName.class), eq(filter), eq(params), this.searchControls.capture()))
+				.willReturn(this.resultsEnum);
+		given(this.resultsEnum.hasMore()).willReturn(true, false);
+		given(this.resultsEnum.next()).willReturn(this.searchResult);
+		given(this.searchResult.getObject()).willReturn(searchResultObject);
 
 		SpringSecurityLdapTemplate.searchForSingleEntryInternal(this.ctx, mock(SearchControls.class), base, filter,
 				params);
diff --git a/ldap/src/test/java/org/springframework/security/ldap/authentication/LdapAuthenticationProviderTests.java b/ldap/src/test/java/org/springframework/security/ldap/authentication/LdapAuthenticationProviderTests.java
index c2504eb53b..fc090ac0a7 100644
--- a/ldap/src/test/java/org/springframework/security/ldap/authentication/LdapAuthenticationProviderTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/authentication/LdapAuthenticationProviderTests.java
@@ -37,8 +37,8 @@ import org.springframework.security.ldap.userdetails.LdapUserDetailsMapper;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.fail;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
 
 /**
  * Tests {@link LdapAuthenticationProvider}.
@@ -89,7 +89,7 @@ public class LdapAuthenticationProviderTests {
 	public void usernameNotFoundExceptionIsHiddenByDefault() {
 		final LdapAuthenticator authenticator = mock(LdapAuthenticator.class);
 		final UsernamePasswordAuthenticationToken joe = new UsernamePasswordAuthenticationToken("joe", "password");
-		when(authenticator.authenticate(joe)).thenThrow(new UsernameNotFoundException("nobody"));
+		given(authenticator.authenticate(joe)).willThrow(new UsernameNotFoundException("nobody"));
 
 		LdapAuthenticationProvider provider = new LdapAuthenticationProvider(authenticator);
 		provider.authenticate(joe);
@@ -99,7 +99,7 @@ public class LdapAuthenticationProviderTests {
 	public void usernameNotFoundExceptionIsNotHiddenIfConfigured() {
 		final LdapAuthenticator authenticator = mock(LdapAuthenticator.class);
 		final UsernamePasswordAuthenticationToken joe = new UsernamePasswordAuthenticationToken("joe", "password");
-		when(authenticator.authenticate(joe)).thenThrow(new UsernameNotFoundException("nobody"));
+		given(authenticator.authenticate(joe)).willThrow(new UsernameNotFoundException("nobody"));
 
 		LdapAuthenticationProvider provider = new LdapAuthenticationProvider(authenticator);
 		provider.setHideUserNotFoundExceptions(false);
@@ -165,7 +165,7 @@ public class LdapAuthenticationProviderTests {
 				"benspassword");
 		LdapAuthenticator mockAuthenticator = mock(LdapAuthenticator.class);
 		CommunicationException expectedCause = new CommunicationException(new javax.naming.CommunicationException());
-		when(mockAuthenticator.authenticate(authRequest)).thenThrow(expectedCause);
+		given(mockAuthenticator.authenticate(authRequest)).willThrow(expectedCause);
 
 		LdapAuthenticationProvider ldapProvider = new LdapAuthenticationProvider(mockAuthenticator);
 		try {
diff --git a/ldap/src/test/java/org/springframework/security/ldap/authentication/PasswordComparisonAuthenticatorMockTests.java b/ldap/src/test/java/org/springframework/security/ldap/authentication/PasswordComparisonAuthenticatorMockTests.java
index e81d8f5db8..e5c10d8798 100644
--- a/ldap/src/test/java/org/springframework/security/ldap/authentication/PasswordComparisonAuthenticatorMockTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/authentication/PasswordComparisonAuthenticatorMockTests.java
@@ -29,8 +29,8 @@ import org.springframework.security.authentication.UsernamePasswordAuthenticatio
 
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
 
 /**
  * @author Luke Taylor
@@ -49,15 +49,15 @@ public class PasswordComparisonAuthenticatorMockTests {
 		authenticator.setUserDnPatterns(new String[] { "cn={0},ou=people" });
 
 		// Get the mock to return an empty attribute set
-		when(source.getReadOnlyContext()).thenReturn(dirCtx);
-		when(dirCtx.getAttributes(eq("cn=Bob,ou=people"), any(String[].class))).thenReturn(attrs);
-		when(dirCtx.getNameInNamespace()).thenReturn("dc=springframework,dc=org");
+		given(source.getReadOnlyContext()).willReturn(dirCtx);
+		given(dirCtx.getAttributes(eq("cn=Bob,ou=people"), any(String[].class))).willReturn(attrs);
+		given(dirCtx.getNameInNamespace()).willReturn("dc=springframework,dc=org");
 
 		// Setup a single return value (i.e. success)
 		final NamingEnumeration searchResults = new BasicAttributes("", null).getAll();
 
-		when(dirCtx.search(eq("cn=Bob,ou=people"), eq("(userPassword={0})"), any(Object[].class),
-				any(SearchControls.class))).thenReturn(searchResults);
+		given(dirCtx.search(eq("cn=Bob,ou=people"), eq("(userPassword={0})"), any(Object[].class),
+				any(SearchControls.class))).willReturn(searchResults);
 
 		authenticator.authenticate(new UsernamePasswordAuthenticationToken("Bob", "bobspassword"));
 	}
diff --git a/ldap/src/test/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProviderTests.java b/ldap/src/test/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProviderTests.java
index c1a11c0980..17436f2945 100644
--- a/ldap/src/test/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProviderTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProviderTests.java
@@ -56,9 +56,9 @@ import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.fail;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 
 /**
  * @author Luke Taylor
@@ -100,12 +100,12 @@ public class ActiveDirectoryLdapAuthenticationProviderTests {
 		String customSearchFilter = "(&(objectClass=user)(sAMAccountName={0}))";
 
 		DirContext ctx = mock(DirContext.class);
-		when(ctx.getNameInNamespace()).thenReturn("");
+		given(ctx.getNameInNamespace()).willReturn("");
 
 		DirContextAdapter dca = new DirContextAdapter();
 		SearchResult sr = new SearchResult("CN=Joe Jannsen,CN=Users", dca, dca.getAttributes());
-		when(ctx.search(any(Name.class), eq(customSearchFilter), any(Object[].class), any(SearchControls.class)))
-				.thenReturn(new MockNamingEnumeration(sr));
+		given(ctx.search(any(Name.class), eq(customSearchFilter), any(Object[].class), any(SearchControls.class)))
+				.willReturn(new MockNamingEnumeration(sr));
 
 		ActiveDirectoryLdapAuthenticationProvider customProvider = new ActiveDirectoryLdapAuthenticationProvider(
 				"mydomain.eu", "ldap://192.168.1.200/");
@@ -125,12 +125,12 @@ public class ActiveDirectoryLdapAuthenticationProviderTests {
 		final String defaultSearchFilter = "(&(objectClass=user)(userPrincipalName={0}))";
 
 		DirContext ctx = mock(DirContext.class);
-		when(ctx.getNameInNamespace()).thenReturn("");
+		given(ctx.getNameInNamespace()).willReturn("");
 
 		DirContextAdapter dca = new DirContextAdapter();
 		SearchResult sr = new SearchResult("CN=Joe Jannsen,CN=Users", dca, dca.getAttributes());
-		when(ctx.search(any(Name.class), eq(defaultSearchFilter), any(Object[].class), any(SearchControls.class)))
-				.thenReturn(new MockNamingEnumeration(sr));
+		given(ctx.search(any(Name.class), eq(defaultSearchFilter), any(Object[].class), any(SearchControls.class)))
+				.willReturn(new MockNamingEnumeration(sr));
 
 		ActiveDirectoryLdapAuthenticationProvider customProvider = new ActiveDirectoryLdapAuthenticationProvider(
 				"mydomain.eu", "ldap://192.168.1.200/");
@@ -153,12 +153,12 @@ public class ActiveDirectoryLdapAuthenticationProviderTests {
 		ArgumentCaptor<Object[]> captor = ArgumentCaptor.forClass(Object[].class);
 
 		DirContext ctx = mock(DirContext.class);
-		when(ctx.getNameInNamespace()).thenReturn("");
+		given(ctx.getNameInNamespace()).willReturn("");
 
 		DirContextAdapter dca = new DirContextAdapter();
 		SearchResult sr = new SearchResult("CN=Joe Jannsen,CN=Users", dca, dca.getAttributes());
-		when(ctx.search(any(Name.class), eq(defaultSearchFilter), captor.capture(), any(SearchControls.class)))
-				.thenReturn(new MockNamingEnumeration(sr));
+		given(ctx.search(any(Name.class), eq(defaultSearchFilter), captor.capture(), any(SearchControls.class)))
+				.willReturn(new MockNamingEnumeration(sr));
 
 		ActiveDirectoryLdapAuthenticationProvider customProvider = new ActiveDirectoryLdapAuthenticationProvider(
 				"mydomain.eu", "ldap://192.168.1.200/");
@@ -186,12 +186,12 @@ public class ActiveDirectoryLdapAuthenticationProviderTests {
 	public void nullDomainIsSupportedIfAuthenticatingWithFullUserPrincipal() throws Exception {
 		this.provider = new ActiveDirectoryLdapAuthenticationProvider(null, "ldap://192.168.1.200/");
 		DirContext ctx = mock(DirContext.class);
-		when(ctx.getNameInNamespace()).thenReturn("");
+		given(ctx.getNameInNamespace()).willReturn("");
 
 		DirContextAdapter dca = new DirContextAdapter();
 		SearchResult sr = new SearchResult("CN=Joe Jannsen,CN=Users", dca, dca.getAttributes());
-		when(ctx.search(eq(new DistinguishedName("DC=mydomain,DC=eu")), any(String.class), any(Object[].class),
-				any(SearchControls.class))).thenReturn(new MockNamingEnumeration(sr));
+		given(ctx.search(eq(new DistinguishedName("DC=mydomain,DC=eu")), any(String.class), any(Object[].class),
+				any(SearchControls.class))).willReturn(new MockNamingEnumeration(sr));
 		this.provider.contextFactory = createContextFactoryReturning(ctx);
 
 		try {
@@ -207,9 +207,9 @@ public class ActiveDirectoryLdapAuthenticationProviderTests {
 	@Test(expected = BadCredentialsException.class)
 	public void failedUserSearchCausesBadCredentials() throws Exception {
 		DirContext ctx = mock(DirContext.class);
-		when(ctx.getNameInNamespace()).thenReturn("");
-		when(ctx.search(any(Name.class), any(String.class), any(Object[].class), any(SearchControls.class)))
-				.thenThrow(new NameNotFoundException());
+		given(ctx.getNameInNamespace()).willReturn("");
+		given(ctx.search(any(Name.class), any(String.class), any(Object[].class), any(SearchControls.class)))
+				.willThrow(new NameNotFoundException());
 
 		this.provider.contextFactory = createContextFactoryReturning(ctx);
 
@@ -220,9 +220,9 @@ public class ActiveDirectoryLdapAuthenticationProviderTests {
 	@Test(expected = BadCredentialsException.class)
 	public void noUserSearchCausesUsernameNotFound() throws Exception {
 		DirContext ctx = mock(DirContext.class);
-		when(ctx.getNameInNamespace()).thenReturn("");
-		when(ctx.search(any(Name.class), any(String.class), any(Object[].class), any(SearchControls.class)))
-				.thenReturn(new EmptyEnumeration<>());
+		given(ctx.getNameInNamespace()).willReturn("");
+		given(ctx.search(any(Name.class), any(String.class), any(Object[].class), any(SearchControls.class)))
+				.willReturn(new EmptyEnumeration<>());
 
 		this.provider.contextFactory = createContextFactoryReturning(ctx);
 
@@ -239,14 +239,14 @@ public class ActiveDirectoryLdapAuthenticationProviderTests {
 	@Test(expected = IncorrectResultSizeDataAccessException.class)
 	public void duplicateUserSearchCausesError() throws Exception {
 		DirContext ctx = mock(DirContext.class);
-		when(ctx.getNameInNamespace()).thenReturn("");
+		given(ctx.getNameInNamespace()).willReturn("");
 		NamingEnumeration<SearchResult> searchResults = mock(NamingEnumeration.class);
-		when(searchResults.hasMore()).thenReturn(true, true, false);
+		given(searchResults.hasMore()).willReturn(true, true, false);
 		SearchResult searchResult = mock(SearchResult.class);
-		when(searchResult.getObject()).thenReturn(new DirContextAdapter("ou=1"), new DirContextAdapter("ou=2"));
-		when(searchResults.next()).thenReturn(searchResult);
-		when(ctx.search(any(Name.class), any(String.class), any(Object[].class), any(SearchControls.class)))
-				.thenReturn(searchResults);
+		given(searchResult.getObject()).willReturn(new DirContextAdapter("ou=1"), new DirContextAdapter("ou=2"));
+		given(searchResults.next()).willReturn(searchResult);
+		given(ctx.search(any(Name.class), any(String.class), any(Object[].class), any(SearchControls.class)))
+				.willReturn(searchResults);
 
 		this.provider.contextFactory = createContextFactoryReturning(ctx);
 
@@ -440,14 +440,14 @@ public class ActiveDirectoryLdapAuthenticationProviderTests {
 	private void checkAuthentication(String rootDn, ActiveDirectoryLdapAuthenticationProvider provider)
 			throws NamingException {
 		DirContext ctx = mock(DirContext.class);
-		when(ctx.getNameInNamespace()).thenReturn("");
+		given(ctx.getNameInNamespace()).willReturn("");
 
 		DirContextAdapter dca = new DirContextAdapter();
 		SearchResult sr = new SearchResult("CN=Joe Jannsen,CN=Users", dca, dca.getAttributes());
 		@SuppressWarnings("deprecation")
 		DistinguishedName searchBaseDn = new DistinguishedName(rootDn);
-		when(ctx.search(eq(searchBaseDn), any(String.class), any(Object[].class), any(SearchControls.class)))
-				.thenReturn(new MockNamingEnumeration(sr)).thenReturn(new MockNamingEnumeration(sr));
+		given(ctx.search(eq(searchBaseDn), any(String.class), any(Object[].class), any(SearchControls.class)))
+				.willReturn(new MockNamingEnumeration(sr)).willReturn(new MockNamingEnumeration(sr));
 
 		provider.contextFactory = createContextFactoryReturning(ctx);
 
diff --git a/ldap/src/test/java/org/springframework/security/ldap/ppolicy/PasswordPolicyAwareContextSourceTests.java b/ldap/src/test/java/org/springframework/security/ldap/ppolicy/PasswordPolicyAwareContextSourceTests.java
index d215282ad5..45681bb1d6 100644
--- a/ldap/src/test/java/org/springframework/security/ldap/ppolicy/PasswordPolicyAwareContextSourceTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/ppolicy/PasswordPolicyAwareContextSourceTests.java
@@ -30,10 +30,10 @@ import org.springframework.ldap.UncategorizedLdapException;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.Mockito.doThrow;
+import static org.mockito.BDDMockito.given;
+import static org.mockito.BDDMockito.willThrow;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.reset;
-import static org.mockito.Mockito.when;
 
 /**
  * @author Luke Taylor
@@ -69,17 +69,17 @@ public class PasswordPolicyAwareContextSourceTests {
 
 	@Test(expected = UncategorizedLdapException.class)
 	public void standardExceptionIsPropagatedWhenExceptionRaisedAndNoControlsAreSet() throws Exception {
-		doThrow(new NamingException("some LDAP exception")).when(this.ctx).reconnect(any(Control[].class));
+		willThrow(new NamingException("some LDAP exception")).given(this.ctx).reconnect(any(Control[].class));
 
 		this.ctxSource.getContext("user", "ignored");
 	}
 
 	@Test(expected = PasswordPolicyException.class)
 	public void lockedPasswordPolicyControlRaisesPasswordPolicyException() throws Exception {
-		when(this.ctx.getResponseControls()).thenReturn(new Control[] {
+		given(this.ctx.getResponseControls()).willReturn(new Control[] {
 				new PasswordPolicyResponseControl(PasswordPolicyResponseControlTests.OPENLDAP_LOCKED_CTRL) });
 
-		doThrow(new NamingException("locked message")).when(this.ctx).reconnect(any(Control[].class));
+		willThrow(new NamingException("locked message")).given(this.ctx).reconnect(any(Control[].class));
 
 		this.ctxSource.getContext("user", "ignored");
 	}
diff --git a/ldap/src/test/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControlFactoryTests.java b/ldap/src/test/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControlFactoryTests.java
index 41ff2a17f7..54c1bd06b5 100644
--- a/ldap/src/test/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControlFactoryTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControlFactoryTests.java
@@ -20,8 +20,8 @@ import javax.naming.ldap.Control;
 import org.junit.Test;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
 
 /**
  * @author Luke Taylor
@@ -33,7 +33,7 @@ public class PasswordPolicyControlFactoryTests {
 		PasswordPolicyControlFactory ctrlFactory = new PasswordPolicyControlFactory();
 		Control wrongCtrl = mock(Control.class);
 
-		when(wrongCtrl.getID()).thenReturn("wrongId");
+		given(wrongCtrl.getID()).willReturn("wrongId");
 		assertThat(ctrlFactory.getControlInstance(wrongCtrl)).isNull();
 	}
 
@@ -42,8 +42,8 @@ public class PasswordPolicyControlFactoryTests {
 		PasswordPolicyControlFactory ctrlFactory = new PasswordPolicyControlFactory();
 		Control control = mock(Control.class);
 
-		when(control.getID()).thenReturn(PasswordPolicyControl.OID);
-		when(control.getEncodedValue()).thenReturn(PasswordPolicyResponseControlTests.OPENLDAP_LOCKED_CTRL);
+		given(control.getID()).willReturn(PasswordPolicyControl.OID);
+		given(control.getEncodedValue()).willReturn(PasswordPolicyResponseControlTests.OPENLDAP_LOCKED_CTRL);
 		Control result = ctrlFactory.getControlInstance(control);
 		assertThat(result).isNotNull();
 		assertThat(PasswordPolicyResponseControlTests.OPENLDAP_LOCKED_CTRL).isEqualTo(result.getEncodedValue());
diff --git a/ldap/src/test/java/org/springframework/security/ldap/userdetails/UserDetailsServiceLdapAuthoritiesPopulatorTests.java b/ldap/src/test/java/org/springframework/security/ldap/userdetails/UserDetailsServiceLdapAuthoritiesPopulatorTests.java
index c93f66885f..0909c65191 100644
--- a/ldap/src/test/java/org/springframework/security/ldap/userdetails/UserDetailsServiceLdapAuthoritiesPopulatorTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/userdetails/UserDetailsServiceLdapAuthoritiesPopulatorTests.java
@@ -28,8 +28,8 @@ import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.ldap.authentication.UserDetailsServiceLdapAuthoritiesPopulator;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
 
 /**
  * @author Luke Taylor
@@ -40,9 +40,9 @@ public class UserDetailsServiceLdapAuthoritiesPopulatorTests {
 	public void delegationToUserDetailsServiceReturnsCorrectRoles() {
 		UserDetailsService uds = mock(UserDetailsService.class);
 		UserDetails user = mock(UserDetails.class);
-		when(uds.loadUserByUsername("joe")).thenReturn(user);
+		given(uds.loadUserByUsername("joe")).willReturn(user);
 		List authorities = AuthorityUtils.createAuthorityList("ROLE_USER");
-		when(user.getAuthorities()).thenReturn(authorities);
+		given(user.getAuthorities()).willReturn(authorities);
 
 		UserDetailsServiceLdapAuthoritiesPopulator populator = new UserDetailsServiceLdapAuthoritiesPopulator(uds);
 		Collection<? extends GrantedAuthority> auths = populator.getGrantedAuthorities(new DirContextAdapter(), "joe");
diff --git a/messaging/src/test/java/org/springframework/security/messaging/access/expression/DefaultMessageSecurityExpressionHandlerTests.java b/messaging/src/test/java/org/springframework/security/messaging/access/expression/DefaultMessageSecurityExpressionHandlerTests.java
index 6501d44e9a..ce7350fe4a 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/access/expression/DefaultMessageSecurityExpressionHandlerTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/access/expression/DefaultMessageSecurityExpressionHandlerTests.java
@@ -35,7 +35,7 @@ import org.springframework.security.core.Authentication;
 import org.springframework.security.core.authority.AuthorityUtils;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.Mockito.when;
+import static org.mockito.BDDMockito.given;
 
 @RunWith(MockitoJUnitRunner.class)
 public class DefaultMessageSecurityExpressionHandlerTests {
@@ -80,7 +80,7 @@ public class DefaultMessageSecurityExpressionHandlerTests {
 		this.handler.setTrustResolver(this.trustResolver);
 		EvaluationContext context = this.handler.createEvaluationContext(this.authentication, this.message);
 		Expression expression = this.handler.getExpressionParser().parseExpression("authenticated");
-		when(this.trustResolver.isAnonymous(this.authentication)).thenReturn(false);
+		given(this.trustResolver.isAnonymous(this.authentication)).willReturn(false);
 
 		assertThat(ExpressionUtils.evaluateAsBoolean(expression, context)).isTrue();
 	}
@@ -102,7 +102,7 @@ public class DefaultMessageSecurityExpressionHandlerTests {
 		this.handler.setPermissionEvaluator(this.permissionEvaluator);
 		EvaluationContext context = this.handler.createEvaluationContext(this.authentication, this.message);
 		Expression expression = this.handler.getExpressionParser().parseExpression("hasPermission(message, 'read')");
-		when(this.permissionEvaluator.hasPermission(this.authentication, this.message, "read")).thenReturn(true);
+		given(this.permissionEvaluator.hasPermission(this.authentication, this.message, "read")).willReturn(true);
 
 		assertThat(ExpressionUtils.evaluateAsBoolean(expression, context)).isTrue();
 	}
diff --git a/messaging/src/test/java/org/springframework/security/messaging/access/expression/MessageExpressionConfigAttributeTests.java b/messaging/src/test/java/org/springframework/security/messaging/access/expression/MessageExpressionConfigAttributeTests.java
index df89b68aef..f75956e8e6 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/access/expression/MessageExpressionConfigAttributeTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/access/expression/MessageExpressionConfigAttributeTests.java
@@ -30,9 +30,9 @@ import org.springframework.security.messaging.util.matcher.MessageMatcher;
 import org.springframework.security.messaging.util.matcher.SimpDestinationMessageMatcher;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 
 @RunWith(MockitoJUnitRunner.class)
 public class MessageExpressionConfigAttributeTests {
@@ -72,7 +72,7 @@ public class MessageExpressionConfigAttributeTests {
 
 	@Test
 	public void toStringUsesExpressionString() {
-		when(this.expression.getExpressionString()).thenReturn("toString");
+		given(this.expression.getExpressionString()).willReturn("toString");
 
 		assertThat(this.attribute.toString()).isEqualTo(this.expression.getExpressionString());
 	}
diff --git a/messaging/src/test/java/org/springframework/security/messaging/access/expression/MessageExpressionVoterTests.java b/messaging/src/test/java/org/springframework/security/messaging/access/expression/MessageExpressionVoterTests.java
index e30e730fee..1462d8fecd 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/access/expression/MessageExpressionVoterTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/access/expression/MessageExpressionVoterTests.java
@@ -36,9 +36,9 @@ import org.springframework.security.messaging.util.matcher.MessageMatcher;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 import static org.springframework.security.access.AccessDecisionVoter.ACCESS_ABSTAIN;
 import static org.springframework.security.access.AccessDecisionVoter.ACCESS_DENIED;
 import static org.springframework.security.access.AccessDecisionVoter.ACCESS_GRANTED;
@@ -78,13 +78,13 @@ public class MessageExpressionVoterTests {
 
 	@Test
 	public void voteGranted() {
-		when(this.expression.getValue(any(EvaluationContext.class), eq(Boolean.class))).thenReturn(true);
+		given(this.expression.getValue(any(EvaluationContext.class), eq(Boolean.class))).willReturn(true);
 		assertThat(this.voter.vote(this.authentication, this.message, this.attributes)).isEqualTo(ACCESS_GRANTED);
 	}
 
 	@Test
 	public void voteDenied() {
-		when(this.expression.getValue(any(EvaluationContext.class), eq(Boolean.class))).thenReturn(false);
+		given(this.expression.getValue(any(EvaluationContext.class), eq(Boolean.class))).willReturn(false);
 		assertThat(this.voter.vote(this.authentication, this.message, this.attributes)).isEqualTo(ACCESS_DENIED);
 	}
 
@@ -122,9 +122,9 @@ public class MessageExpressionVoterTests {
 	@Test
 	public void customExpressionHandler() {
 		this.voter.setExpressionHandler(this.expressionHandler);
-		when(this.expressionHandler.createEvaluationContext(this.authentication, this.message))
-				.thenReturn(this.evaluationContext);
-		when(this.expression.getValue(this.evaluationContext, Boolean.class)).thenReturn(true);
+		given(this.expressionHandler.createEvaluationContext(this.authentication, this.message))
+				.willReturn(this.evaluationContext);
+		given(this.expression.getValue(this.evaluationContext, Boolean.class)).willReturn(true);
 
 		assertThat(this.voter.vote(this.authentication, this.message, this.attributes)).isEqualTo(ACCESS_GRANTED);
 
@@ -135,12 +135,12 @@ public class MessageExpressionVoterTests {
 	public void postProcessEvaluationContext() {
 		final MessageExpressionConfigAttribute configAttribute = mock(MessageExpressionConfigAttribute.class);
 		this.voter.setExpressionHandler(this.expressionHandler);
-		when(this.expressionHandler.createEvaluationContext(this.authentication, this.message))
-				.thenReturn(this.evaluationContext);
-		when(configAttribute.getAuthorizeExpression()).thenReturn(this.expression);
+		given(this.expressionHandler.createEvaluationContext(this.authentication, this.message))
+				.willReturn(this.evaluationContext);
+		given(configAttribute.getAuthorizeExpression()).willReturn(this.expression);
 		this.attributes = Arrays.<ConfigAttribute>asList(configAttribute);
-		when(configAttribute.postProcess(this.evaluationContext, this.message)).thenReturn(this.evaluationContext);
-		when(this.expression.getValue(any(EvaluationContext.class), eq(Boolean.class))).thenReturn(true);
+		given(configAttribute.postProcess(this.evaluationContext, this.message)).willReturn(this.evaluationContext);
+		given(this.expression.getValue(any(EvaluationContext.class), eq(Boolean.class))).willReturn(true);
 
 		assertThat(this.voter.vote(this.authentication, this.message, this.attributes)).isEqualTo(ACCESS_GRANTED);
 		verify(configAttribute).postProcess(this.evaluationContext, this.message);
diff --git a/messaging/src/test/java/org/springframework/security/messaging/access/intercept/ChannelSecurityInterceptorTests.java b/messaging/src/test/java/org/springframework/security/messaging/access/intercept/ChannelSecurityInterceptorTests.java
index 6743902f11..fd24be8296 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/access/intercept/ChannelSecurityInterceptorTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/access/intercept/ChannelSecurityInterceptorTests.java
@@ -40,8 +40,8 @@ import org.springframework.security.core.context.SecurityContextHolder;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
-import static org.mockito.Mockito.doThrow;
-import static org.mockito.Mockito.when;
+import static org.mockito.BDDMockito.given;
+import static org.mockito.BDDMockito.willThrow;
 
 @RunWith(MockitoJUnitRunner.class)
 public class ChannelSecurityInterceptorTests {
@@ -108,7 +108,7 @@ public class ChannelSecurityInterceptorTests {
 
 	@Test
 	public void preSendGrant() {
-		when(this.source.getAttributes(this.message)).thenReturn(this.attrs);
+		given(this.source.getAttributes(this.message)).willReturn(this.attrs);
 
 		Message<?> result = this.interceptor.preSend(this.message, this.channel);
 
@@ -117,8 +117,8 @@ public class ChannelSecurityInterceptorTests {
 
 	@Test(expected = AccessDeniedException.class)
 	public void preSendDeny() {
-		when(this.source.getAttributes(this.message)).thenReturn(this.attrs);
-		doThrow(new AccessDeniedException("")).when(this.accessDecisionManager).decide(any(Authentication.class),
+		given(this.source.getAttributes(this.message)).willReturn(this.attrs);
+		willThrow(new AccessDeniedException("")).given(this.accessDecisionManager).decide(any(Authentication.class),
 				eq(this.message), eq(this.attrs));
 
 		this.interceptor.preSend(this.message, this.channel);
@@ -127,9 +127,9 @@ public class ChannelSecurityInterceptorTests {
 	@SuppressWarnings("unchecked")
 	@Test
 	public void preSendPostSendRunAs() {
-		when(this.source.getAttributes(this.message)).thenReturn(this.attrs);
-		when(this.runAsManager.buildRunAs(any(Authentication.class), any(), any(Collection.class)))
-				.thenReturn(this.runAs);
+		given(this.source.getAttributes(this.message)).willReturn(this.attrs);
+		given(this.runAsManager.buildRunAs(any(Authentication.class), any(), any(Collection.class)))
+				.willReturn(this.runAs);
 
 		Message<?> preSend = this.interceptor.preSend(this.message, this.channel);
 
@@ -148,9 +148,9 @@ public class ChannelSecurityInterceptorTests {
 	@SuppressWarnings("unchecked")
 	@Test
 	public void preSendFinallySendRunAs() {
-		when(this.source.getAttributes(this.message)).thenReturn(this.attrs);
-		when(this.runAsManager.buildRunAs(any(Authentication.class), any(), any(Collection.class)))
-				.thenReturn(this.runAs);
+		given(this.source.getAttributes(this.message)).willReturn(this.attrs);
+		given(this.runAsManager.buildRunAs(any(Authentication.class), any(), any(Collection.class)))
+				.willReturn(this.runAs);
 
 		Message<?> preSend = this.interceptor.preSend(this.message, this.channel);
 
diff --git a/messaging/src/test/java/org/springframework/security/messaging/util/matcher/AndMessageMatcherTests.java b/messaging/src/test/java/org/springframework/security/messaging/util/matcher/AndMessageMatcherTests.java
index 68e50f17e5..68f654ad1e 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/util/matcher/AndMessageMatcherTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/util/matcher/AndMessageMatcherTests.java
@@ -27,7 +27,7 @@ import org.mockito.junit.MockitoJUnitRunner;
 import org.springframework.messaging.Message;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.Mockito.when;
+import static org.mockito.BDDMockito.given;
 
 @RunWith(MockitoJUnitRunner.class)
 public class AndMessageMatcherTests {
@@ -76,7 +76,7 @@ public class AndMessageMatcherTests {
 
 	@Test
 	public void matchesSingleTrue() {
-		when(this.delegate.matches(this.message)).thenReturn(true);
+		given(this.delegate.matches(this.message)).willReturn(true);
 		this.matcher = new AndMessageMatcher<>(this.delegate);
 
 		assertThat(this.matcher.matches(this.message)).isTrue();
@@ -84,8 +84,8 @@ public class AndMessageMatcherTests {
 
 	@Test
 	public void matchesMultiTrue() {
-		when(this.delegate.matches(this.message)).thenReturn(true);
-		when(this.delegate2.matches(this.message)).thenReturn(true);
+		given(this.delegate.matches(this.message)).willReturn(true);
+		given(this.delegate2.matches(this.message)).willReturn(true);
 		this.matcher = new AndMessageMatcher<>(this.delegate, this.delegate2);
 
 		assertThat(this.matcher.matches(this.message)).isTrue();
@@ -93,7 +93,7 @@ public class AndMessageMatcherTests {
 
 	@Test
 	public void matchesSingleFalse() {
-		when(this.delegate.matches(this.message)).thenReturn(false);
+		given(this.delegate.matches(this.message)).willReturn(false);
 		this.matcher = new AndMessageMatcher<>(this.delegate);
 
 		assertThat(this.matcher.matches(this.message)).isFalse();
@@ -101,7 +101,7 @@ public class AndMessageMatcherTests {
 
 	@Test
 	public void matchesMultiBothFalse() {
-		when(this.delegate.matches(this.message)).thenReturn(false);
+		given(this.delegate.matches(this.message)).willReturn(false);
 		this.matcher = new AndMessageMatcher<>(this.delegate, this.delegate2);
 
 		assertThat(this.matcher.matches(this.message)).isFalse();
@@ -109,8 +109,8 @@ public class AndMessageMatcherTests {
 
 	@Test
 	public void matchesMultiSingleFalse() {
-		when(this.delegate.matches(this.message)).thenReturn(true);
-		when(this.delegate2.matches(this.message)).thenReturn(false);
+		given(this.delegate.matches(this.message)).willReturn(true);
+		given(this.delegate2.matches(this.message)).willReturn(false);
 		this.matcher = new AndMessageMatcher<>(this.delegate, this.delegate2);
 
 		assertThat(this.matcher.matches(this.message)).isFalse();
diff --git a/messaging/src/test/java/org/springframework/security/messaging/util/matcher/OrMessageMatcherTests.java b/messaging/src/test/java/org/springframework/security/messaging/util/matcher/OrMessageMatcherTests.java
index bc1b89e9c2..8eef7e11e9 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/util/matcher/OrMessageMatcherTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/util/matcher/OrMessageMatcherTests.java
@@ -27,7 +27,7 @@ import org.mockito.junit.MockitoJUnitRunner;
 import org.springframework.messaging.Message;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.Mockito.when;
+import static org.mockito.BDDMockito.given;
 
 @RunWith(MockitoJUnitRunner.class)
 public class OrMessageMatcherTests {
@@ -76,7 +76,7 @@ public class OrMessageMatcherTests {
 
 	@Test
 	public void matchesSingleTrue() {
-		when(this.delegate.matches(this.message)).thenReturn(true);
+		given(this.delegate.matches(this.message)).willReturn(true);
 		this.matcher = new OrMessageMatcher<>(this.delegate);
 
 		assertThat(this.matcher.matches(this.message)).isTrue();
@@ -84,7 +84,7 @@ public class OrMessageMatcherTests {
 
 	@Test
 	public void matchesMultiTrue() {
-		when(this.delegate.matches(this.message)).thenReturn(true);
+		given(this.delegate.matches(this.message)).willReturn(true);
 		this.matcher = new OrMessageMatcher<>(this.delegate, this.delegate2);
 
 		assertThat(this.matcher.matches(this.message)).isTrue();
@@ -92,7 +92,7 @@ public class OrMessageMatcherTests {
 
 	@Test
 	public void matchesSingleFalse() {
-		when(this.delegate.matches(this.message)).thenReturn(false);
+		given(this.delegate.matches(this.message)).willReturn(false);
 		this.matcher = new OrMessageMatcher<>(this.delegate);
 
 		assertThat(this.matcher.matches(this.message)).isFalse();
@@ -100,8 +100,8 @@ public class OrMessageMatcherTests {
 
 	@Test
 	public void matchesMultiBothFalse() {
-		when(this.delegate.matches(this.message)).thenReturn(false);
-		when(this.delegate2.matches(this.message)).thenReturn(false);
+		given(this.delegate.matches(this.message)).willReturn(false);
+		given(this.delegate2.matches(this.message)).willReturn(false);
 		this.matcher = new OrMessageMatcher<>(this.delegate, this.delegate2);
 
 		assertThat(this.matcher.matches(this.message)).isFalse();
@@ -109,7 +109,7 @@ public class OrMessageMatcherTests {
 
 	@Test
 	public void matchesMultiSingleFalse() {
-		when(this.delegate.matches(this.message)).thenReturn(true);
+		given(this.delegate.matches(this.message)).willReturn(true);
 		this.matcher = new OrMessageMatcher<>(this.delegate, this.delegate2);
 
 		assertThat(this.matcher.matches(this.message)).isTrue();
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceOAuth2AuthorizedClientManagerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceOAuth2AuthorizedClientManagerTests.java
index dd11f065b4..67191de80c 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceOAuth2AuthorizedClientManagerTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceOAuth2AuthorizedClientManagerTests.java
@@ -38,12 +38,12 @@ import static org.assertj.core.api.Assertions.assertThatCode;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.never;
 import static org.mockito.Mockito.spy;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.verifyNoInteractions;
-import static org.mockito.Mockito.when;
 
 /**
  * Tests for {@link AuthorizedClientServiceOAuth2AuthorizedClientManager}.
@@ -163,8 +163,8 @@ public class AuthorizedClientServiceOAuth2AuthorizedClientManagerTests {
 	@SuppressWarnings("unchecked")
 	@Test
 	public void authorizeWhenNotAuthorizedAndUnsupportedProviderThenNotAuthorized() {
-		when(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
-				.thenReturn(this.clientRegistration);
+		given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
+				.willReturn(this.clientRegistration);
 
 		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
 				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
@@ -187,11 +187,11 @@ public class AuthorizedClientServiceOAuth2AuthorizedClientManagerTests {
 	@SuppressWarnings("unchecked")
 	@Test
 	public void authorizeWhenNotAuthorizedAndSupportedProviderThenAuthorized() {
-		when(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
-				.thenReturn(this.clientRegistration);
+		given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
+				.willReturn(this.clientRegistration);
 
-		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
-				.thenReturn(this.authorizedClient);
+		given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
+				.willReturn(this.authorizedClient);
 
 		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
 				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
@@ -215,16 +215,16 @@ public class AuthorizedClientServiceOAuth2AuthorizedClientManagerTests {
 	@SuppressWarnings("unchecked")
 	@Test
 	public void authorizeWhenAuthorizedAndSupportedProviderThenReauthorized() {
-		when(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
-				.thenReturn(this.clientRegistration);
-		when(this.authorizedClientService.loadAuthorizedClient(eq(this.clientRegistration.getRegistrationId()),
-				eq(this.principal.getName()))).thenReturn(this.authorizedClient);
+		given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
+				.willReturn(this.clientRegistration);
+		given(this.authorizedClientService.loadAuthorizedClient(eq(this.clientRegistration.getRegistrationId()),
+				eq(this.principal.getName()))).willReturn(this.authorizedClient);
 
 		OAuth2AuthorizedClient reauthorizedClient = new OAuth2AuthorizedClient(this.clientRegistration,
 				this.principal.getName(), TestOAuth2AccessTokens.noScopes(), TestOAuth2RefreshTokens.refreshToken());
 
-		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
-				.thenReturn(reauthorizedClient);
+		given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
+				.willReturn(reauthorizedClient);
 
 		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
 				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
@@ -271,8 +271,8 @@ public class AuthorizedClientServiceOAuth2AuthorizedClientManagerTests {
 		OAuth2AuthorizedClient reauthorizedClient = new OAuth2AuthorizedClient(this.clientRegistration,
 				this.principal.getName(), TestOAuth2AccessTokens.noScopes(), TestOAuth2RefreshTokens.refreshToken());
 
-		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
-				.thenReturn(reauthorizedClient);
+		given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
+				.willReturn(reauthorizedClient);
 
 		OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient)
 				.principal(this.principal).build();
@@ -298,8 +298,8 @@ public class AuthorizedClientServiceOAuth2AuthorizedClientManagerTests {
 		OAuth2AuthorizedClient reauthorizedClient = new OAuth2AuthorizedClient(this.clientRegistration,
 				this.principal.getName(), TestOAuth2AccessTokens.noScopes(), TestOAuth2RefreshTokens.refreshToken());
 
-		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
-				.thenReturn(reauthorizedClient);
+		given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
+				.willReturn(reauthorizedClient);
 
 		// Override the mock with the default
 		this.authorizedClientManager.setContextAttributesMapper(
@@ -333,8 +333,8 @@ public class AuthorizedClientServiceOAuth2AuthorizedClientManagerTests {
 				new OAuth2Error(OAuth2ErrorCodes.INVALID_GRANT, null, null),
 				this.clientRegistration.getRegistrationId());
 
-		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
-				.thenThrow(authorizationException);
+		given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
+				.willThrow(authorizationException);
 
 		OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient)
 				.principal(this.principal).build();
@@ -353,8 +353,8 @@ public class AuthorizedClientServiceOAuth2AuthorizedClientManagerTests {
 		ClientAuthorizationException authorizationException = new ClientAuthorizationException(
 				new OAuth2Error("non-matching-error-code", null, null), this.clientRegistration.getRegistrationId());
 
-		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
-				.thenThrow(authorizationException);
+		given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
+				.willThrow(authorizationException);
 
 		OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient)
 				.principal(this.principal).build();
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests.java
index 3d308eef94..365560202b 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests.java
@@ -42,10 +42,10 @@ import static org.assertj.core.api.Assertions.assertThatCode;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.never;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 
 /**
  * Tests for {@link AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager}.
@@ -83,14 +83,14 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests {
 		this.clientRegistrationRepository = mock(ReactiveClientRegistrationRepository.class);
 		this.authorizedClientService = mock(ReactiveOAuth2AuthorizedClientService.class);
 		this.saveAuthorizedClientProbe = PublisherProbe.empty();
-		when(this.authorizedClientService.saveAuthorizedClient(any(), any()))
-				.thenReturn(this.saveAuthorizedClientProbe.mono());
+		given(this.authorizedClientService.saveAuthorizedClient(any(), any()))
+				.willReturn(this.saveAuthorizedClientProbe.mono());
 		this.removeAuthorizedClientProbe = PublisherProbe.empty();
-		when(this.authorizedClientService.removeAuthorizedClient(any(), any()))
-				.thenReturn(this.removeAuthorizedClientProbe.mono());
+		given(this.authorizedClientService.removeAuthorizedClient(any(), any()))
+				.willReturn(this.removeAuthorizedClientProbe.mono());
 		this.authorizedClientProvider = mock(ReactiveOAuth2AuthorizedClientProvider.class);
 		this.contextAttributesMapper = mock(Function.class);
-		when(this.contextAttributesMapper.apply(any())).thenReturn(Mono.empty());
+		given(this.contextAttributesMapper.apply(any())).willReturn(Mono.empty());
 		this.authorizedClientManager = new AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager(
 				this.clientRegistrationRepository, this.authorizedClientService);
 		this.authorizedClientManager.setAuthorizedClientProvider(this.authorizedClientProvider);
@@ -151,7 +151,7 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests {
 		String clientRegistrationId = "invalid-registration-id";
 		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest.withClientRegistrationId(clientRegistrationId)
 				.principal(this.principal).build();
-		when(this.clientRegistrationRepository.findByRegistrationId(clientRegistrationId)).thenReturn(Mono.empty());
+		given(this.clientRegistrationRepository.findByRegistrationId(clientRegistrationId)).willReturn(Mono.empty());
 		StepVerifier.create(this.authorizedClientManager.authorize(authorizeRequest))
 				.verifyError(IllegalArgumentException.class);
 
@@ -160,11 +160,11 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests {
 	@SuppressWarnings("unchecked")
 	@Test
 	public void authorizeWhenNotAuthorizedAndUnsupportedProviderThenNotAuthorized() {
-		when(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
-				.thenReturn(Mono.just(this.clientRegistration));
-		when(this.authorizedClientService.loadAuthorizedClient(any(), any())).thenReturn(Mono.empty());
+		given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
+				.willReturn(Mono.just(this.clientRegistration));
+		given(this.authorizedClientService.loadAuthorizedClient(any(), any())).willReturn(Mono.empty());
 
-		when(this.authorizedClientProvider.authorize(any())).thenReturn(Mono.empty());
+		given(this.authorizedClientProvider.authorize(any())).willReturn(Mono.empty());
 		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
 				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
 				.build();
@@ -187,13 +187,13 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests {
 	@SuppressWarnings("unchecked")
 	@Test
 	public void authorizeWhenNotAuthorizedAndSupportedProviderThenAuthorized() {
-		when(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
-				.thenReturn(Mono.just(this.clientRegistration));
+		given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
+				.willReturn(Mono.just(this.clientRegistration));
 
-		when(this.authorizedClientService.loadAuthorizedClient(any(), any())).thenReturn(Mono.empty());
+		given(this.authorizedClientService.loadAuthorizedClient(any(), any())).willReturn(Mono.empty());
 
-		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
-				.thenReturn(Mono.just(this.authorizedClient));
+		given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
+				.willReturn(Mono.just(this.authorizedClient));
 
 		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
 				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
@@ -218,13 +218,13 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests {
 	@SuppressWarnings("unchecked")
 	@Test
 	public void authorizeWhenNotAuthorizedAndSupportedProviderAndCustomSuccessHandlerThenInvokeCustomSuccessHandler() {
-		when(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
-				.thenReturn(Mono.just(this.clientRegistration));
+		given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
+				.willReturn(Mono.just(this.clientRegistration));
 
-		when(this.authorizedClientService.loadAuthorizedClient(any(), any())).thenReturn(Mono.empty());
+		given(this.authorizedClientService.loadAuthorizedClient(any(), any())).willReturn(Mono.empty());
 
-		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
-				.thenReturn(Mono.just(this.authorizedClient));
+		given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
+				.willReturn(Mono.just(this.authorizedClient));
 
 		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
 				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
@@ -252,10 +252,10 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests {
 
 	@Test
 	public void authorizeWhenInvalidTokenThenRemoveAuthorizedClient() {
-		when(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
-				.thenReturn(Mono.just(this.clientRegistration));
+		given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
+				.willReturn(Mono.just(this.clientRegistration));
 
-		when(this.authorizedClientService.loadAuthorizedClient(any(), any())).thenReturn(Mono.empty());
+		given(this.authorizedClientService.loadAuthorizedClient(any(), any())).willReturn(Mono.empty());
 
 		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
 				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
@@ -265,8 +265,8 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests {
 				new OAuth2Error(OAuth2ErrorCodes.INVALID_TOKEN, null, null),
 				this.clientRegistration.getRegistrationId());
 
-		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
-				.thenReturn(Mono.error(exception));
+		given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
+				.willReturn(Mono.error(exception));
 
 		assertThatCode(() -> this.authorizedClientManager.authorize(authorizeRequest).block()).isEqualTo(exception);
 
@@ -286,10 +286,10 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests {
 
 	@Test
 	public void authorizeWhenInvalidGrantThenRemoveAuthorizedClient() {
-		when(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
-				.thenReturn(Mono.just(this.clientRegistration));
+		given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
+				.willReturn(Mono.just(this.clientRegistration));
 
-		when(this.authorizedClientService.loadAuthorizedClient(any(), any())).thenReturn(Mono.empty());
+		given(this.authorizedClientService.loadAuthorizedClient(any(), any())).willReturn(Mono.empty());
 
 		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
 				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
@@ -299,8 +299,8 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests {
 				new OAuth2Error(OAuth2ErrorCodes.INVALID_GRANT, null, null),
 				this.clientRegistration.getRegistrationId());
 
-		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
-				.thenReturn(Mono.error(exception));
+		given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
+				.willReturn(Mono.error(exception));
 
 		assertThatCode(() -> this.authorizedClientManager.authorize(authorizeRequest).block()).isEqualTo(exception);
 
@@ -320,10 +320,10 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests {
 
 	@Test
 	public void authorizeWhenServerErrorThenDoNotRemoveAuthorizedClient() {
-		when(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
-				.thenReturn(Mono.just(this.clientRegistration));
+		given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
+				.willReturn(Mono.just(this.clientRegistration));
 
-		when(this.authorizedClientService.loadAuthorizedClient(any(), any())).thenReturn(Mono.empty());
+		given(this.authorizedClientService.loadAuthorizedClient(any(), any())).willReturn(Mono.empty());
 
 		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
 				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
@@ -333,8 +333,8 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests {
 				new OAuth2Error(OAuth2ErrorCodes.SERVER_ERROR, null, null),
 				this.clientRegistration.getRegistrationId());
 
-		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
-				.thenReturn(Mono.error(exception));
+		given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
+				.willReturn(Mono.error(exception));
 
 		assertThatCode(() -> this.authorizedClientManager.authorize(authorizeRequest).block()).isEqualTo(exception);
 
@@ -352,10 +352,10 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests {
 
 	@Test
 	public void authorizeWhenOAuth2AuthorizationExceptionThenDoNotRemoveAuthorizedClient() {
-		when(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
-				.thenReturn(Mono.just(this.clientRegistration));
+		given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
+				.willReturn(Mono.just(this.clientRegistration));
 
-		when(this.authorizedClientService.loadAuthorizedClient(any(), any())).thenReturn(Mono.empty());
+		given(this.authorizedClientService.loadAuthorizedClient(any(), any())).willReturn(Mono.empty());
 
 		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
 				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
@@ -364,8 +364,8 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests {
 		OAuth2AuthorizationException exception = new OAuth2AuthorizationException(
 				new OAuth2Error(OAuth2ErrorCodes.INVALID_GRANT, null, null));
 
-		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
-				.thenReturn(Mono.error(exception));
+		given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
+				.willReturn(Mono.error(exception));
 
 		assertThatCode(() -> this.authorizedClientManager.authorize(authorizeRequest).block()).isEqualTo(exception);
 
@@ -383,10 +383,10 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests {
 
 	@Test
 	public void authorizeWhenOAuth2AuthorizationExceptionAndCustomFailureHandlerThenInvokeCustomFailureHandler() {
-		when(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
-				.thenReturn(Mono.just(this.clientRegistration));
+		given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
+				.willReturn(Mono.just(this.clientRegistration));
 
-		when(this.authorizedClientService.loadAuthorizedClient(any(), any())).thenReturn(Mono.empty());
+		given(this.authorizedClientService.loadAuthorizedClient(any(), any())).willReturn(Mono.empty());
 
 		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
 				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
@@ -395,8 +395,8 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests {
 		OAuth2AuthorizationException exception = new OAuth2AuthorizationException(
 				new OAuth2Error(OAuth2ErrorCodes.INVALID_GRANT, null, null));
 
-		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
-				.thenReturn(Mono.error(exception));
+		given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
+				.willReturn(Mono.error(exception));
 
 		PublisherProbe<Void> authorizationFailureHandlerProbe = PublisherProbe.empty();
 		this.authorizedClientManager.setAuthorizationFailureHandler(
@@ -420,16 +420,16 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests {
 	@SuppressWarnings("unchecked")
 	@Test
 	public void authorizeWhenAuthorizedAndSupportedProviderThenReauthorized() {
-		when(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
-				.thenReturn(Mono.just(this.clientRegistration));
-		when(this.authorizedClientService.loadAuthorizedClient(eq(this.clientRegistration.getRegistrationId()),
-				eq(this.principal.getName()))).thenReturn(Mono.just(this.authorizedClient));
+		given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
+				.willReturn(Mono.just(this.clientRegistration));
+		given(this.authorizedClientService.loadAuthorizedClient(eq(this.clientRegistration.getRegistrationId()),
+				eq(this.principal.getName()))).willReturn(Mono.just(this.authorizedClient));
 
 		OAuth2AuthorizedClient reauthorizedClient = new OAuth2AuthorizedClient(this.clientRegistration,
 				this.principal.getName(), TestOAuth2AccessTokens.noScopes(), TestOAuth2RefreshTokens.refreshToken());
 
-		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
-				.thenReturn(Mono.just(reauthorizedClient));
+		given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
+				.willReturn(Mono.just(reauthorizedClient));
 
 		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
 				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
@@ -453,7 +453,7 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests {
 	@SuppressWarnings("unchecked")
 	@Test
 	public void reauthorizeWhenUnsupportedProviderThenNotReauthorized() {
-		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))).thenReturn(Mono.empty());
+		given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))).willReturn(Mono.empty());
 		OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient)
 				.principal(this.principal).build();
 		Mono<OAuth2AuthorizedClient> authorizedClient = this.authorizedClientManager.authorize(reauthorizeRequest);
@@ -477,8 +477,8 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests {
 		OAuth2AuthorizedClient reauthorizedClient = new OAuth2AuthorizedClient(this.clientRegistration,
 				this.principal.getName(), TestOAuth2AccessTokens.noScopes(), TestOAuth2RefreshTokens.refreshToken());
 
-		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
-				.thenReturn(Mono.just(reauthorizedClient));
+		given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
+				.willReturn(Mono.just(reauthorizedClient));
 
 		OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient)
 				.principal(this.principal).build();
@@ -505,8 +505,8 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests {
 		OAuth2AuthorizedClient reauthorizedClient = new OAuth2AuthorizedClient(this.clientRegistration,
 				this.principal.getName(), TestOAuth2AccessTokens.noScopes(), TestOAuth2RefreshTokens.refreshToken());
 
-		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
-				.thenReturn(Mono.just(reauthorizedClient));
+		given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
+				.willReturn(Mono.just(reauthorizedClient));
 
 		OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient)
 				.principal(this.principal).attribute(OAuth2ParameterNames.SCOPE, "read write").build();
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ClientCredentialsOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ClientCredentialsOAuth2AuthorizedClientProviderTests.java
index a73b3fe666..b14f9ca94c 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ClientCredentialsOAuth2AuthorizedClientProviderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ClientCredentialsOAuth2AuthorizedClientProviderTests.java
@@ -35,8 +35,8 @@ import org.springframework.security.oauth2.core.endpoint.TestOAuth2AccessTokenRe
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
 
 /**
  * Tests for {@link ClientCredentialsOAuth2AuthorizedClientProvider}.
@@ -104,7 +104,7 @@ public class ClientCredentialsOAuth2AuthorizedClientProviderTests {
 	@Test
 	public void authorizeWhenClientCredentialsAndNotAuthorizedThenAuthorize() {
 		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build();
-		when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(accessTokenResponse);
+		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse);
 
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
 				.withClientRegistration(this.clientRegistration).principal(this.principal).build();
@@ -125,7 +125,7 @@ public class ClientCredentialsOAuth2AuthorizedClientProviderTests {
 				this.principal.getName(), accessToken);
 
 		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build();
-		when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(accessTokenResponse);
+		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse);
 
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
 				.withAuthorizedClient(authorizedClient).principal(this.principal).build();
@@ -162,7 +162,7 @@ public class ClientCredentialsOAuth2AuthorizedClientProviderTests {
 		this.authorizedClientProvider.setClockSkew(Duration.ofSeconds(90));
 
 		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build();
-		when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(accessTokenResponse);
+		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse);
 
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
 				.withAuthorizedClient(authorizedClient).principal(this.principal).build();
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ClientCredentialsReactiveOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ClientCredentialsReactiveOAuth2AuthorizedClientProviderTests.java
index e6c0fff247..422da2aab9 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ClientCredentialsReactiveOAuth2AuthorizedClientProviderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ClientCredentialsReactiveOAuth2AuthorizedClientProviderTests.java
@@ -36,8 +36,8 @@ import org.springframework.security.oauth2.core.endpoint.TestOAuth2AccessTokenRe
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
 
 /**
  * Tests for {@link ClientCredentialsReactiveOAuth2AuthorizedClientProvider}.
@@ -105,7 +105,7 @@ public class ClientCredentialsReactiveOAuth2AuthorizedClientProviderTests {
 	@Test
 	public void authorizeWhenClientCredentialsAndNotAuthorizedThenAuthorize() {
 		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build();
-		when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(Mono.just(accessTokenResponse));
+		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse));
 
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
 				.withClientRegistration(this.clientRegistration).principal(this.principal).build();
@@ -126,7 +126,7 @@ public class ClientCredentialsReactiveOAuth2AuthorizedClientProviderTests {
 				this.principal.getName(), accessToken);
 
 		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build();
-		when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(Mono.just(accessTokenResponse));
+		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse));
 
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
 				.withAuthorizedClient(authorizedClient).principal(this.principal).build();
@@ -163,7 +163,7 @@ public class ClientCredentialsReactiveOAuth2AuthorizedClientProviderTests {
 		this.authorizedClientProvider.setClockSkew(Duration.ofSeconds(90));
 
 		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build();
-		when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(Mono.just(accessTokenResponse));
+		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse));
 
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
 				.withAuthorizedClient(authorizedClient).principal(this.principal).build();
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/DelegatingOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/DelegatingOAuth2AuthorizedClientProviderTests.java
index 9e8f49d452..821fda1717 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/DelegatingOAuth2AuthorizedClientProviderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/DelegatingOAuth2AuthorizedClientProviderTests.java
@@ -28,8 +28,8 @@ import org.springframework.security.oauth2.core.TestOAuth2AccessTokens;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
 
 /**
  * Tests for {@link DelegatingOAuth2AuthorizedClientProvider}.
@@ -62,7 +62,7 @@ public class DelegatingOAuth2AuthorizedClientProviderTests {
 				TestOAuth2AccessTokens.noScopes());
 
 		OAuth2AuthorizedClientProvider authorizedClientProvider = mock(OAuth2AuthorizedClientProvider.class);
-		when(authorizedClientProvider.authorize(any())).thenReturn(authorizedClient);
+		given(authorizedClientProvider.authorize(any())).willReturn(authorizedClient);
 
 		DelegatingOAuth2AuthorizedClientProvider delegate = new DelegatingOAuth2AuthorizedClientProvider(
 				mock(OAuth2AuthorizedClientProvider.class), mock(OAuth2AuthorizedClientProvider.class),
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/DelegatingReactiveOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/DelegatingReactiveOAuth2AuthorizedClientProviderTests.java
index 9ceebf12af..04225c7cf1 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/DelegatingReactiveOAuth2AuthorizedClientProviderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/DelegatingReactiveOAuth2AuthorizedClientProviderTests.java
@@ -29,8 +29,8 @@ import org.springframework.security.oauth2.core.TestOAuth2AccessTokens;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
 
 /**
  * Tests for {@link DelegatingReactiveOAuth2AuthorizedClientProvider}.
@@ -64,13 +64,13 @@ public class DelegatingReactiveOAuth2AuthorizedClientProviderTests {
 
 		ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider1 = mock(
 				ReactiveOAuth2AuthorizedClientProvider.class);
-		when(authorizedClientProvider1.authorize(any())).thenReturn(Mono.empty());
+		given(authorizedClientProvider1.authorize(any())).willReturn(Mono.empty());
 		ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider2 = mock(
 				ReactiveOAuth2AuthorizedClientProvider.class);
-		when(authorizedClientProvider2.authorize(any())).thenReturn(Mono.empty());
+		given(authorizedClientProvider2.authorize(any())).willReturn(Mono.empty());
 		ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider3 = mock(
 				ReactiveOAuth2AuthorizedClientProvider.class);
-		when(authorizedClientProvider3.authorize(any())).thenReturn(Mono.just(authorizedClient));
+		given(authorizedClientProvider3.authorize(any())).willReturn(Mono.just(authorizedClient));
 
 		DelegatingReactiveOAuth2AuthorizedClientProvider delegate = new DelegatingReactiveOAuth2AuthorizedClientProvider(
 				authorizedClientProvider1, authorizedClientProvider2, authorizedClientProvider3);
@@ -88,10 +88,10 @@ public class DelegatingReactiveOAuth2AuthorizedClientProviderTests {
 
 		ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider1 = mock(
 				ReactiveOAuth2AuthorizedClientProvider.class);
-		when(authorizedClientProvider1.authorize(any())).thenReturn(Mono.empty());
+		given(authorizedClientProvider1.authorize(any())).willReturn(Mono.empty());
 		ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider2 = mock(
 				ReactiveOAuth2AuthorizedClientProvider.class);
-		when(authorizedClientProvider2.authorize(any())).thenReturn(Mono.empty());
+		given(authorizedClientProvider2.authorize(any())).willReturn(Mono.empty());
 
 		DelegatingReactiveOAuth2AuthorizedClientProvider delegate = new DelegatingReactiveOAuth2AuthorizedClientProvider(
 				authorizedClientProvider1, authorizedClientProvider2);
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryOAuth2AuthorizedClientServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryOAuth2AuthorizedClientServiceTests.java
index ff8f9988db..bf04958ad3 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryOAuth2AuthorizedClientServiceTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryOAuth2AuthorizedClientServiceTests.java
@@ -30,8 +30,8 @@ import org.springframework.security.oauth2.core.OAuth2AccessToken;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
 
 /**
  * Tests for {@link InMemoryOAuth2AuthorizedClientService}.
@@ -77,7 +77,7 @@ public class InMemoryOAuth2AuthorizedClientServiceTests {
 				new OAuth2AuthorizedClientId(this.registration3.getRegistrationId(), this.principalName1),
 				mock(OAuth2AuthorizedClient.class));
 		ClientRegistrationRepository clientRegistrationRepository = mock(ClientRegistrationRepository.class);
-		when(clientRegistrationRepository.findByRegistrationId(eq(registrationId))).thenReturn(this.registration3);
+		given(clientRegistrationRepository.findByRegistrationId(eq(registrationId))).willReturn(this.registration3);
 
 		InMemoryOAuth2AuthorizedClientService authorizedClientService = new InMemoryOAuth2AuthorizedClientService(
 				clientRegistrationRepository, authorizedClients);
@@ -112,7 +112,7 @@ public class InMemoryOAuth2AuthorizedClientServiceTests {
 	@Test
 	public void loadAuthorizedClientWhenClientRegistrationFoundAndAssociatedToPrincipalThenReturnAuthorizedClient() {
 		Authentication authentication = mock(Authentication.class);
-		when(authentication.getName()).thenReturn(this.principalName1);
+		given(authentication.getName()).willReturn(this.principalName1);
 
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration1, this.principalName1,
 				mock(OAuth2AccessToken.class));
@@ -136,7 +136,7 @@ public class InMemoryOAuth2AuthorizedClientServiceTests {
 	@Test
 	public void saveAuthorizedClientWhenSavedThenCanLoad() {
 		Authentication authentication = mock(Authentication.class);
-		when(authentication.getName()).thenReturn(this.principalName2);
+		given(authentication.getName()).willReturn(this.principalName2);
 
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration3, this.principalName2,
 				mock(OAuth2AccessToken.class));
@@ -160,7 +160,7 @@ public class InMemoryOAuth2AuthorizedClientServiceTests {
 	@Test
 	public void removeAuthorizedClientWhenSavedThenRemoved() {
 		Authentication authentication = mock(Authentication.class);
-		when(authentication.getName()).thenReturn(this.principalName2);
+		given(authentication.getName()).willReturn(this.principalName2);
 
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration2, this.principalName2,
 				mock(OAuth2AccessToken.class));
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryReactiveOAuth2AuthorizedClientServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryReactiveOAuth2AuthorizedClientServiceTests.java
index a2a7702fa9..d782405489 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryReactiveOAuth2AuthorizedClientServiceTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryReactiveOAuth2AuthorizedClientServiceTests.java
@@ -36,7 +36,7 @@ import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
 import org.springframework.security.oauth2.core.OAuth2AccessToken;
 
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
-import static org.mockito.Mockito.when;
+import static org.mockito.BDDMockito.given;
 
 /**
  * @author Rob Winch
@@ -114,8 +114,8 @@ public class InMemoryReactiveOAuth2AuthorizedClientServiceTests {
 
 	@Test
 	public void loadAuthorizedClientWhenClientRegistrationIdNotFoundThenEmpty() {
-		when(this.clientRegistrationRepository.findByRegistrationId(this.clientRegistrationId))
-				.thenReturn(Mono.empty());
+		given(this.clientRegistrationRepository.findByRegistrationId(this.clientRegistrationId))
+				.willReturn(Mono.empty());
 		StepVerifier.create(
 				this.authorizedClientService.loadAuthorizedClient(this.clientRegistrationId, this.principalName))
 				.verifyComplete();
@@ -123,8 +123,8 @@ public class InMemoryReactiveOAuth2AuthorizedClientServiceTests {
 
 	@Test
 	public void loadAuthorizedClientWhenClientRegistrationFoundAndNotAuthorizedClientThenEmpty() {
-		when(this.clientRegistrationRepository.findByRegistrationId(this.clientRegistrationId))
-				.thenReturn(Mono.just(this.clientRegistration));
+		given(this.clientRegistrationRepository.findByRegistrationId(this.clientRegistrationId))
+				.willReturn(Mono.just(this.clientRegistration));
 		StepVerifier.create(
 				this.authorizedClientService.loadAuthorizedClient(this.clientRegistrationId, this.principalName))
 				.verifyComplete();
@@ -132,8 +132,8 @@ public class InMemoryReactiveOAuth2AuthorizedClientServiceTests {
 
 	@Test
 	public void loadAuthorizedClientWhenClientRegistrationFoundThenFound() {
-		when(this.clientRegistrationRepository.findByRegistrationId(this.clientRegistrationId))
-				.thenReturn(Mono.just(this.clientRegistration));
+		given(this.clientRegistrationRepository.findByRegistrationId(this.clientRegistrationId))
+				.willReturn(Mono.just(this.clientRegistration));
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration,
 				this.principalName, this.accessToken);
 		Mono<OAuth2AuthorizedClient> saveAndLoad = this.authorizedClientService
@@ -191,8 +191,8 @@ public class InMemoryReactiveOAuth2AuthorizedClientServiceTests {
 
 	@Test
 	public void removeAuthorizedClientWhenClientIdThenNoException() {
-		when(this.clientRegistrationRepository.findByRegistrationId(this.clientRegistrationId))
-				.thenReturn(Mono.empty());
+		given(this.clientRegistrationRepository.findByRegistrationId(this.clientRegistrationId))
+				.willReturn(Mono.empty());
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration,
 				this.principalName, this.accessToken);
 		Mono<Void> saveAndDeleteAndLoad = this.authorizedClientService
@@ -204,8 +204,8 @@ public class InMemoryReactiveOAuth2AuthorizedClientServiceTests {
 
 	@Test
 	public void removeAuthorizedClientWhenClientRegistrationFoundRemovedThenNotFound() {
-		when(this.clientRegistrationRepository.findByRegistrationId(this.clientRegistrationId))
-				.thenReturn(Mono.just(this.clientRegistration));
+		given(this.clientRegistrationRepository.findByRegistrationId(this.clientRegistrationId))
+				.willReturn(Mono.just(this.clientRegistration));
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration,
 				this.principalName, this.accessToken);
 		Mono<OAuth2AuthorizedClient> saveAndDeleteAndLoad = this.authorizedClientService
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/JdbcOAuth2AuthorizedClientServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/JdbcOAuth2AuthorizedClientServiceTests.java
index db04ad48c5..0d77243605 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/JdbcOAuth2AuthorizedClientServiceTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/JdbcOAuth2AuthorizedClientServiceTests.java
@@ -57,10 +57,10 @@ import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.assertj.core.api.Assertions.within;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyInt;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.spy;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 
 /**
  * Tests for {@link JdbcOAuth2AuthorizedClientService}.
@@ -88,7 +88,7 @@ public class JdbcOAuth2AuthorizedClientServiceTests {
 	public void setUp() {
 		this.clientRegistration = TestClientRegistrations.clientRegistration().build();
 		this.clientRegistrationRepository = mock(ClientRegistrationRepository.class);
-		when(this.clientRegistrationRepository.findByRegistrationId(any())).thenReturn(this.clientRegistration);
+		given(this.clientRegistrationRepository.findByRegistrationId(any())).willReturn(this.clientRegistration);
 		this.db = createDb();
 		this.jdbcOperations = new JdbcTemplate(this.db);
 		this.authorizedClientService = new JdbcOAuth2AuthorizedClientService(this.jdbcOperations,
@@ -175,7 +175,7 @@ public class JdbcOAuth2AuthorizedClientServiceTests {
 
 	@Test
 	public void loadAuthorizedClientWhenExistsButNotFoundInClientRegistrationRepositoryThenThrowDataRetrievalFailureException() {
-		when(this.clientRegistrationRepository.findByRegistrationId(any())).thenReturn(null);
+		given(this.clientRegistrationRepository.findByRegistrationId(any())).willReturn(null);
 		Authentication principal = createPrincipal();
 		OAuth2AuthorizedClient expected = createAuthorizedClient(principal, this.clientRegistration);
 
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientProviderBuilderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientProviderBuilderTests.java
index 03b266b3dd..7a1aac6beb 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientProviderBuilderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientProviderBuilderTests.java
@@ -41,10 +41,10 @@ import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 
 /**
  * Tests for {@link OAuth2AuthorizedClientProviderBuilder}.
@@ -68,8 +68,8 @@ public class OAuth2AuthorizedClientProviderBuilderTests {
 	public void setup() {
 		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build();
 		this.accessTokenClient = mock(RestOperations.class);
-		when(this.accessTokenClient.exchange(any(RequestEntity.class), eq(OAuth2AccessTokenResponse.class)))
-				.thenReturn(new ResponseEntity(accessTokenResponse, HttpStatus.OK));
+		given(this.accessTokenClient.exchange(any(RequestEntity.class), eq(OAuth2AccessTokenResponse.class)))
+				.willReturn(new ResponseEntity(accessTokenResponse, HttpStatus.OK));
 		this.refreshTokenTokenResponseClient = new DefaultRefreshTokenTokenResponseClient();
 		this.refreshTokenTokenResponseClient.setRestOperations(this.accessTokenClient);
 		this.clientCredentialsTokenResponseClient = new DefaultClientCredentialsTokenResponseClient();
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/PasswordOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/PasswordOAuth2AuthorizedClientProviderTests.java
index 51bac59ef9..4ff28da3a6 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/PasswordOAuth2AuthorizedClientProviderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/PasswordOAuth2AuthorizedClientProviderTests.java
@@ -35,8 +35,8 @@ import org.springframework.security.oauth2.core.endpoint.TestOAuth2AccessTokenRe
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
 
 /**
  * Tests for {@link PasswordOAuth2AuthorizedClientProvider}.
@@ -122,7 +122,7 @@ public class PasswordOAuth2AuthorizedClientProviderTests {
 	@Test
 	public void authorizeWhenPasswordAndNotAuthorizedThenAuthorize() {
 		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build();
-		when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(accessTokenResponse);
+		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse);
 
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
 				.withClientRegistration(this.clientRegistration).principal(this.principal)
@@ -145,7 +145,7 @@ public class PasswordOAuth2AuthorizedClientProviderTests {
 				this.principal.getName(), accessToken); // without refresh token
 
 		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build();
-		when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(accessTokenResponse);
+		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse);
 
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
 				.withAuthorizedClient(authorizedClient)
@@ -196,7 +196,7 @@ public class PasswordOAuth2AuthorizedClientProviderTests {
 		this.authorizedClientProvider.setClockSkew(Duration.ofSeconds(90));
 
 		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build();
-		when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(accessTokenResponse);
+		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse);
 
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
 				.withAuthorizedClient(authorizedClient)
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/PasswordReactiveOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/PasswordReactiveOAuth2AuthorizedClientProviderTests.java
index 78762ffe16..d6525a74ac 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/PasswordReactiveOAuth2AuthorizedClientProviderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/PasswordReactiveOAuth2AuthorizedClientProviderTests.java
@@ -36,8 +36,8 @@ import org.springframework.security.oauth2.core.endpoint.TestOAuth2AccessTokenRe
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
 
 /**
  * Tests for {@link PasswordReactiveOAuth2AuthorizedClientProvider}.
@@ -123,7 +123,7 @@ public class PasswordReactiveOAuth2AuthorizedClientProviderTests {
 	@Test
 	public void authorizeWhenPasswordAndNotAuthorizedThenAuthorize() {
 		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build();
-		when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(Mono.just(accessTokenResponse));
+		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse));
 
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
 				.withClientRegistration(this.clientRegistration).principal(this.principal)
@@ -146,7 +146,7 @@ public class PasswordReactiveOAuth2AuthorizedClientProviderTests {
 				this.principal.getName(), accessToken); // without refresh token
 
 		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build();
-		when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(Mono.just(accessTokenResponse));
+		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse));
 
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
 				.withAuthorizedClient(authorizedClient)
@@ -197,7 +197,7 @@ public class PasswordReactiveOAuth2AuthorizedClientProviderTests {
 		this.authorizedClientProvider.setClockSkew(Duration.ofSeconds(90));
 
 		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build();
-		when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(Mono.just(accessTokenResponse));
+		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse));
 
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
 				.withAuthorizedClient(authorizedClient)
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientProviderBuilderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientProviderBuilderTests.java
index 6bec75a33c..c182d271a2 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientProviderBuilderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientProviderBuilderTests.java
@@ -39,9 +39,9 @@ import org.springframework.security.oauth2.core.TestOAuth2RefreshTokens;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 
 /**
  * Tests for {@link ReactiveOAuth2AuthorizedClientProviderBuilder}.
@@ -229,7 +229,7 @@ public class ReactiveOAuth2AuthorizedClientProviderBuilderTests {
 	@Test
 	public void buildWhenCustomProviderThenProviderCalled() {
 		ReactiveOAuth2AuthorizedClientProvider customProvider = mock(ReactiveOAuth2AuthorizedClientProvider.class);
-		when(customProvider.authorize(any())).thenReturn(Mono.empty());
+		given(customProvider.authorize(any())).willReturn(Mono.empty());
 
 		ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider = ReactiveOAuth2AuthorizedClientProviderBuilder
 				.builder().provider(customProvider).build();
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/RefreshTokenOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/RefreshTokenOAuth2AuthorizedClientProviderTests.java
index 0eaa623124..137a0968ab 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/RefreshTokenOAuth2AuthorizedClientProviderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/RefreshTokenOAuth2AuthorizedClientProviderTests.java
@@ -39,9 +39,9 @@ import org.springframework.security.oauth2.core.endpoint.TestOAuth2AccessTokenRe
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 
 /**
  * Tests for {@link RefreshTokenOAuth2AuthorizedClientProvider}.
@@ -137,7 +137,7 @@ public class RefreshTokenOAuth2AuthorizedClientProviderTests {
 	public void authorizeWhenAuthorizedAndAccessTokenNotExpiredButClockSkewForcesExpiryThenReauthorize() {
 		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse()
 				.refreshToken("new-refresh-token").build();
-		when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(accessTokenResponse);
+		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse);
 
 		Instant now = Instant.now();
 		Instant issuedAt = now.minus(Duration.ofMinutes(60));
@@ -166,7 +166,7 @@ public class RefreshTokenOAuth2AuthorizedClientProviderTests {
 	public void authorizeWhenAuthorizedAndAccessTokenExpiredThenReauthorize() {
 		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse()
 				.refreshToken("new-refresh-token").build();
-		when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(accessTokenResponse);
+		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse);
 
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
 				.withAuthorizedClient(this.authorizedClient).principal(this.principal).build();
@@ -183,7 +183,7 @@ public class RefreshTokenOAuth2AuthorizedClientProviderTests {
 	public void authorizeWhenAuthorizedAndRequestScopeProvidedThenScopeRequested() {
 		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse()
 				.refreshToken("new-refresh-token").build();
-		when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(accessTokenResponse);
+		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse);
 
 		String[] requestScope = new String[] { "read", "write" };
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/RefreshTokenReactiveOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/RefreshTokenReactiveOAuth2AuthorizedClientProviderTests.java
index 350bb39254..0e2867d660 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/RefreshTokenReactiveOAuth2AuthorizedClientProviderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/RefreshTokenReactiveOAuth2AuthorizedClientProviderTests.java
@@ -40,9 +40,9 @@ import org.springframework.security.oauth2.core.endpoint.TestOAuth2AccessTokenRe
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 
 /**
  * Tests for {@link RefreshTokenReactiveOAuth2AuthorizedClientProvider}.
@@ -138,7 +138,7 @@ public class RefreshTokenReactiveOAuth2AuthorizedClientProviderTests {
 	public void authorizeWhenAuthorizedAndAccessTokenNotExpiredButClockSkewForcesExpiryThenReauthorize() {
 		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse()
 				.refreshToken("new-refresh-token").build();
-		when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(Mono.just(accessTokenResponse));
+		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse));
 
 		Instant now = Instant.now();
 		Instant issuedAt = now.minus(Duration.ofMinutes(60));
@@ -168,7 +168,7 @@ public class RefreshTokenReactiveOAuth2AuthorizedClientProviderTests {
 	public void authorizeWhenAuthorizedAndAccessTokenExpiredThenReauthorize() {
 		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse()
 				.refreshToken("new-refresh-token").build();
-		when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(Mono.just(accessTokenResponse));
+		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse));
 
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
 				.withAuthorizedClient(this.authorizedClient).principal(this.principal).build();
@@ -186,7 +186,7 @@ public class RefreshTokenReactiveOAuth2AuthorizedClientProviderTests {
 	public void authorizeWhenAuthorizedAndRequestScopeProvidedThenScopeRequested() {
 		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse()
 				.refreshToken("new-refresh-token").build();
-		when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(Mono.just(accessTokenResponse));
+		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse));
 
 		String[] requestScope = new String[] { "read", "write" };
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationProviderTests.java
index 46e79722d2..c745de44fd 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationProviderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationProviderTests.java
@@ -35,8 +35,8 @@ import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResp
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
 import static org.springframework.security.oauth2.client.registration.TestClientRegistrations.clientRegistration;
 import static org.springframework.security.oauth2.core.endpoint.TestOAuth2AccessTokenResponses.accessTokenResponse;
 import static org.springframework.security.oauth2.core.endpoint.TestOAuth2AuthorizationRequests.request;
@@ -105,7 +105,7 @@ public class OAuth2AuthorizationCodeAuthenticationProviderTests {
 	@Test
 	public void authenticateWhenAuthorizationSuccessResponseThenExchangedForAccessToken() {
 		OAuth2AccessTokenResponse accessTokenResponse = accessTokenResponse().refreshToken("refresh").build();
-		when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(accessTokenResponse);
+		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse);
 
 		OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(this.authorizationRequest,
 				success().build());
@@ -133,7 +133,7 @@ public class OAuth2AuthorizationCodeAuthenticationProviderTests {
 
 		OAuth2AccessTokenResponse accessTokenResponse = accessTokenResponse().additionalParameters(additionalParameters)
 				.build();
-		when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(accessTokenResponse);
+		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse);
 
 		OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(this.authorizationRequest,
 				success().build());
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeReactiveAuthenticationManagerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeReactiveAuthenticationManagerTests.java
index 101adcf47b..1e956bd75d 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeReactiveAuthenticationManagerTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeReactiveAuthenticationManagerTests.java
@@ -40,7 +40,7 @@ import org.springframework.security.oauth2.core.endpoint.TestOAuth2Authorization
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatCode;
 import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.Mockito.when;
+import static org.mockito.BDDMockito.given;
 
 /**
  * @author Rob Winch
@@ -81,7 +81,7 @@ public class OAuth2AuthorizationCodeReactiveAuthenticationManagerTests {
 
 	@Test
 	public void authenticateWhenValidThenSuccess() {
-		when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(Mono.just(this.tokenResponse.build()));
+		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(this.tokenResponse.build()));
 
 		OAuth2AuthorizationCodeAuthenticationToken result = authenticate();
 
@@ -90,7 +90,7 @@ public class OAuth2AuthorizationCodeReactiveAuthenticationManagerTests {
 
 	@Test
 	public void authenticateWhenEmptyThenEmpty() {
-		when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(Mono.empty());
+		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.empty());
 
 		OAuth2AuthorizationCodeAuthenticationToken result = authenticate();
 
@@ -99,8 +99,8 @@ public class OAuth2AuthorizationCodeReactiveAuthenticationManagerTests {
 
 	@Test
 	public void authenticateWhenOAuth2AuthorizationExceptionThenOAuth2AuthorizationException() {
-		when(this.accessTokenResponseClient.getTokenResponse(any()))
-				.thenReturn(Mono.error(() -> new OAuth2AuthorizationException(new OAuth2Error("error"))));
+		given(this.accessTokenResponseClient.getTokenResponse(any()))
+				.willReturn(Mono.error(() -> new OAuth2AuthorizationException(new OAuth2Error("error"))));
 
 		assertThatCode(() -> authenticate()).isInstanceOf(OAuth2AuthorizationException.class);
 	}
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProviderTests.java
index c60f2ce919..e62a2724f4 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProviderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProviderTests.java
@@ -51,8 +51,8 @@ import static org.assertj.core.api.Assertions.assertThat;
 import static org.hamcrest.CoreMatchers.containsString;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyCollection;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
 import static org.springframework.security.oauth2.client.registration.TestClientRegistrations.clientRegistration;
 import static org.springframework.security.oauth2.core.endpoint.TestOAuth2AuthorizationRequests.request;
 import static org.springframework.security.oauth2.core.endpoint.TestOAuth2AuthorizationResponses.error;
@@ -160,12 +160,12 @@ public class OAuth2LoginAuthenticationProviderTests {
 	@Test
 	public void authenticateWhenLoginSuccessThenReturnAuthentication() {
 		OAuth2AccessTokenResponse accessTokenResponse = this.accessTokenSuccessResponse();
-		when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(accessTokenResponse);
+		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse);
 
 		OAuth2User principal = mock(OAuth2User.class);
 		List<GrantedAuthority> authorities = AuthorityUtils.createAuthorityList("ROLE_USER");
-		when(principal.getAuthorities()).thenAnswer((Answer<List<GrantedAuthority>>) invocation -> authorities);
-		when(this.userService.loadUser(any())).thenReturn(principal);
+		given(principal.getAuthorities()).willAnswer((Answer<List<GrantedAuthority>>) invocation -> authorities);
+		given(this.userService.loadUser(any())).willReturn(principal);
 
 		OAuth2LoginAuthenticationToken authentication = (OAuth2LoginAuthenticationToken) this.authenticationProvider
 				.authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, this.authorizationExchange));
@@ -183,17 +183,17 @@ public class OAuth2LoginAuthenticationProviderTests {
 	@Test
 	public void authenticateWhenAuthoritiesMapperSetThenReturnMappedAuthorities() {
 		OAuth2AccessTokenResponse accessTokenResponse = this.accessTokenSuccessResponse();
-		when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(accessTokenResponse);
+		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse);
 
 		OAuth2User principal = mock(OAuth2User.class);
 		List<GrantedAuthority> authorities = AuthorityUtils.createAuthorityList("ROLE_USER");
-		when(principal.getAuthorities()).thenAnswer((Answer<List<GrantedAuthority>>) invocation -> authorities);
-		when(this.userService.loadUser(any())).thenReturn(principal);
+		given(principal.getAuthorities()).willAnswer((Answer<List<GrantedAuthority>>) invocation -> authorities);
+		given(this.userService.loadUser(any())).willReturn(principal);
 
 		List<GrantedAuthority> mappedAuthorities = AuthorityUtils.createAuthorityList("ROLE_OAUTH2_USER");
 		GrantedAuthoritiesMapper authoritiesMapper = mock(GrantedAuthoritiesMapper.class);
-		when(authoritiesMapper.mapAuthorities(anyCollection()))
-				.thenAnswer((Answer<List<GrantedAuthority>>) invocation -> mappedAuthorities);
+		given(authoritiesMapper.mapAuthorities(anyCollection()))
+				.willAnswer((Answer<List<GrantedAuthority>>) invocation -> mappedAuthorities);
 		this.authenticationProvider.setAuthoritiesMapper(authoritiesMapper);
 
 		OAuth2LoginAuthenticationToken authentication = (OAuth2LoginAuthenticationToken) this.authenticationProvider
@@ -206,13 +206,13 @@ public class OAuth2LoginAuthenticationProviderTests {
 	@Test
 	public void authenticateWhenTokenSuccessResponseThenAdditionalParametersAddedToUserRequest() {
 		OAuth2AccessTokenResponse accessTokenResponse = this.accessTokenSuccessResponse();
-		when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(accessTokenResponse);
+		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse);
 
 		OAuth2User principal = mock(OAuth2User.class);
 		List<GrantedAuthority> authorities = AuthorityUtils.createAuthorityList("ROLE_USER");
-		when(principal.getAuthorities()).thenAnswer((Answer<List<GrantedAuthority>>) invocation -> authorities);
+		given(principal.getAuthorities()).willAnswer((Answer<List<GrantedAuthority>>) invocation -> authorities);
 		ArgumentCaptor<OAuth2UserRequest> userRequestArgCaptor = ArgumentCaptor.forClass(OAuth2UserRequest.class);
-		when(this.userService.loadUser(userRequestArgCaptor.capture())).thenReturn(principal);
+		given(this.userService.loadUser(userRequestArgCaptor.capture())).willReturn(principal);
 
 		this.authenticationProvider
 				.authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, this.authorizationExchange));
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginReactiveAuthenticationManagerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginReactiveAuthenticationManagerTests.java
index 45ef576d48..f16c1db8c6 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginReactiveAuthenticationManagerTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginReactiveAuthenticationManagerTests.java
@@ -56,8 +56,8 @@ import static org.assertj.core.api.Assertions.assertThatCode;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyCollection;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
 
 /**
  * @author Rob Winch
@@ -144,8 +144,8 @@ public class OAuth2LoginReactiveAuthenticationManagerTests {
 	public void authenticationWhenOAuth2UserNotFoundThenEmpty() {
 		OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("foo")
 				.tokenType(OAuth2AccessToken.TokenType.BEARER).build();
-		when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(Mono.just(accessTokenResponse));
-		when(this.userService.loadUser(any())).thenReturn(Mono.empty());
+		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse));
+		given(this.userService.loadUser(any())).willReturn(Mono.empty());
 		assertThat(this.manager.authenticate(loginToken()).block()).isNull();
 	}
 
@@ -153,10 +153,10 @@ public class OAuth2LoginReactiveAuthenticationManagerTests {
 	public void authenticationWhenOAuth2UserFoundThenSuccess() {
 		OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("foo")
 				.tokenType(OAuth2AccessToken.TokenType.BEARER).build();
-		when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(Mono.just(accessTokenResponse));
+		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse));
 		DefaultOAuth2User user = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("ROLE_USER"),
 				Collections.singletonMap("user", "rob"), "user");
-		when(this.userService.loadUser(any())).thenReturn(Mono.just(user));
+		given(this.userService.loadUser(any())).willReturn(Mono.just(user));
 
 		OAuth2LoginAuthenticationToken result = (OAuth2LoginAuthenticationToken) this.manager.authenticate(loginToken())
 				.block();
@@ -174,11 +174,11 @@ public class OAuth2LoginReactiveAuthenticationManagerTests {
 		additionalParameters.put("param2", "value2");
 		OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("foo")
 				.tokenType(OAuth2AccessToken.TokenType.BEARER).additionalParameters(additionalParameters).build();
-		when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(Mono.just(accessTokenResponse));
+		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse));
 		DefaultOAuth2User user = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("ROLE_USER"),
 				Collections.singletonMap("user", "rob"), "user");
 		ArgumentCaptor<OAuth2UserRequest> userRequestArgCaptor = ArgumentCaptor.forClass(OAuth2UserRequest.class);
-		when(this.userService.loadUser(userRequestArgCaptor.capture())).thenReturn(Mono.just(user));
+		given(this.userService.loadUser(userRequestArgCaptor.capture())).willReturn(Mono.just(user));
 
 		this.manager.authenticate(loginToken()).block();
 
@@ -190,14 +190,14 @@ public class OAuth2LoginReactiveAuthenticationManagerTests {
 	public void authenticateWhenAuthoritiesMapperSetThenReturnMappedAuthorities() {
 		OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("foo")
 				.tokenType(OAuth2AccessToken.TokenType.BEARER).build();
-		when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(Mono.just(accessTokenResponse));
+		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse));
 		DefaultOAuth2User user = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("ROLE_USER"),
 				Collections.singletonMap("user", "rob"), "user");
-		when(this.userService.loadUser(any())).thenReturn(Mono.just(user));
+		given(this.userService.loadUser(any())).willReturn(Mono.just(user));
 		List<GrantedAuthority> mappedAuthorities = AuthorityUtils.createAuthorityList("ROLE_OAUTH_USER");
 		GrantedAuthoritiesMapper authoritiesMapper = mock(GrantedAuthoritiesMapper.class);
-		when(authoritiesMapper.mapAuthorities(anyCollection()))
-				.thenAnswer((Answer<List<GrantedAuthority>>) invocation -> mappedAuthorities);
+		given(authoritiesMapper.mapAuthorities(anyCollection()))
+				.willAnswer((Answer<List<GrantedAuthority>>) invocation -> mappedAuthorities);
 		this.manager.setAuthoritiesMapper(authoritiesMapper);
 
 		OAuth2LoginAuthenticationToken result = (OAuth2LoginAuthenticationToken) this.manager.authenticate(loginToken())
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveAuthorizationCodeTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveAuthorizationCodeTokenResponseClientTests.java
index d95f458da6..16f7d1c589 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveAuthorizationCodeTokenResponseClientTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveAuthorizationCodeTokenResponseClientTests.java
@@ -42,10 +42,10 @@ import org.springframework.web.reactive.function.client.WebClient;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.atLeastOnce;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 
 /**
  * @author Rob Winch
@@ -271,7 +271,7 @@ public class WebClientReactiveAuthorizationCodeTokenResponseClientTests {
 	@Test
 	public void setCustomWebClientThenCustomWebClientIsUsed() {
 		WebClient customClient = mock(WebClient.class);
-		when(customClient.post()).thenReturn(WebClient.builder().build().post());
+		given(customClient.post()).willReturn(WebClient.builder().build().post());
 
 		this.tokenResponseClient.setWebClient(customClient);
 
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveClientCredentialsTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveClientCredentialsTokenResponseClientTests.java
index 5a38145e56..b28b286f59 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveClientCredentialsTokenResponseClientTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveClientCredentialsTokenResponseClientTests.java
@@ -35,11 +35,11 @@ import org.springframework.web.reactive.function.client.WebClientResponseExcepti
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.atLeastOnce;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.validateMockitoUsage;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 
 /**
  * @author Rob Winch
@@ -126,7 +126,7 @@ public class WebClientReactiveClientCredentialsTokenResponseClientTests {
 	@Test
 	public void setWebClientCustomThenCustomClientIsUsed() {
 		WebClient customClient = mock(WebClient.class);
-		when(customClient.post()).thenReturn(WebClient.builder().build().post());
+		given(customClient.post()).willReturn(WebClient.builder().build().post());
 
 		this.client.setWebClient(customClient);
 		ClientRegistration registration = this.clientRegistration.build();
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProviderTests.java
index fff4999dc1..6cad3746f6 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProviderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProviderTests.java
@@ -63,8 +63,8 @@ import static org.hamcrest.CoreMatchers.containsString;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyCollection;
 import static org.mockito.ArgumentMatchers.anyString;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
 import static org.springframework.security.oauth2.client.oidc.authentication.OidcAuthorizationCodeAuthenticationProvider.createHash;
 import static org.springframework.security.oauth2.client.registration.TestClientRegistrations.clientRegistration;
 import static org.springframework.security.oauth2.core.endpoint.TestOAuth2AuthorizationRequests.request;
@@ -129,7 +129,7 @@ public class OidcAuthorizationCodeAuthenticationProviderTests {
 		this.authenticationProvider = new OidcAuthorizationCodeAuthenticationProvider(this.accessTokenResponseClient,
 				this.userService);
 
-		when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(this.accessTokenResponse);
+		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(this.accessTokenResponse);
 	}
 
 	@Test
@@ -206,7 +206,7 @@ public class OidcAuthorizationCodeAuthenticationProviderTests {
 
 		OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse
 				.withResponse(this.accessTokenSuccessResponse()).additionalParameters(Collections.emptyMap()).build();
-		when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(accessTokenResponse);
+		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse);
 
 		this.authenticationProvider
 				.authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, this.authorizationExchange));
@@ -229,7 +229,7 @@ public class OidcAuthorizationCodeAuthenticationProviderTests {
 		this.exception.expectMessage(containsString("[invalid_id_token] ID Token Validation Error"));
 
 		JwtDecoder jwtDecoder = mock(JwtDecoder.class);
-		when(jwtDecoder.decode(anyString())).thenThrow(new JwtException("ID Token Validation Error"));
+		given(jwtDecoder.decode(anyString())).willThrow(new JwtException("ID Token Validation Error"));
 		this.authenticationProvider.setJwtDecoderFactory(registration -> jwtDecoder);
 
 		this.authenticationProvider
@@ -265,8 +265,8 @@ public class OidcAuthorizationCodeAuthenticationProviderTests {
 
 		OidcUser principal = mock(OidcUser.class);
 		List<GrantedAuthority> authorities = AuthorityUtils.createAuthorityList("ROLE_USER");
-		when(principal.getAuthorities()).thenAnswer((Answer<List<GrantedAuthority>>) invocation -> authorities);
-		when(this.userService.loadUser(any())).thenReturn(principal);
+		given(principal.getAuthorities()).willAnswer((Answer<List<GrantedAuthority>>) invocation -> authorities);
+		given(this.userService.loadUser(any())).willReturn(principal);
 
 		OAuth2LoginAuthenticationToken authentication = (OAuth2LoginAuthenticationToken) this.authenticationProvider
 				.authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, this.authorizationExchange));
@@ -293,13 +293,13 @@ public class OidcAuthorizationCodeAuthenticationProviderTests {
 
 		OidcUser principal = mock(OidcUser.class);
 		List<GrantedAuthority> authorities = AuthorityUtils.createAuthorityList("ROLE_USER");
-		when(principal.getAuthorities()).thenAnswer((Answer<List<GrantedAuthority>>) invocation -> authorities);
-		when(this.userService.loadUser(any())).thenReturn(principal);
+		given(principal.getAuthorities()).willAnswer((Answer<List<GrantedAuthority>>) invocation -> authorities);
+		given(this.userService.loadUser(any())).willReturn(principal);
 
 		List<GrantedAuthority> mappedAuthorities = AuthorityUtils.createAuthorityList("ROLE_OIDC_USER");
 		GrantedAuthoritiesMapper authoritiesMapper = mock(GrantedAuthoritiesMapper.class);
-		when(authoritiesMapper.mapAuthorities(anyCollection()))
-				.thenAnswer((Answer<List<GrantedAuthority>>) invocation -> mappedAuthorities);
+		given(authoritiesMapper.mapAuthorities(anyCollection()))
+				.willAnswer((Answer<List<GrantedAuthority>>) invocation -> mappedAuthorities);
 		this.authenticationProvider.setAuthoritiesMapper(authoritiesMapper);
 
 		OAuth2LoginAuthenticationToken authentication = (OAuth2LoginAuthenticationToken) this.authenticationProvider
@@ -321,9 +321,9 @@ public class OidcAuthorizationCodeAuthenticationProviderTests {
 
 		OidcUser principal = mock(OidcUser.class);
 		List<GrantedAuthority> authorities = AuthorityUtils.createAuthorityList("ROLE_USER");
-		when(principal.getAuthorities()).thenAnswer((Answer<List<GrantedAuthority>>) invocation -> authorities);
+		given(principal.getAuthorities()).willAnswer((Answer<List<GrantedAuthority>>) invocation -> authorities);
 		ArgumentCaptor<OidcUserRequest> userRequestArgCaptor = ArgumentCaptor.forClass(OidcUserRequest.class);
-		when(this.userService.loadUser(userRequestArgCaptor.capture())).thenReturn(principal);
+		given(this.userService.loadUser(userRequestArgCaptor.capture())).willReturn(principal);
 
 		this.authenticationProvider
 				.authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, this.authorizationExchange));
@@ -335,7 +335,7 @@ public class OidcAuthorizationCodeAuthenticationProviderTests {
 	private void setUpIdToken(Map<String, Object> claims) {
 		Jwt idToken = jwt().claims(c -> c.putAll(claims)).build();
 		JwtDecoder jwtDecoder = mock(JwtDecoder.class);
-		when(jwtDecoder.decode(anyString())).thenReturn(idToken);
+		given(jwtDecoder.decode(anyString())).willReturn(idToken);
 		this.authenticationProvider.setJwtDecoderFactory(registration -> jwtDecoder);
 	}
 
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManagerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManagerTests.java
index 3e5c059c68..74bbe392bd 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManagerTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManagerTests.java
@@ -69,8 +69,8 @@ import static org.assertj.core.api.Assertions.assertThatCode;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyCollection;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
 import static org.springframework.security.oauth2.client.oidc.authentication.OidcAuthorizationCodeReactiveAuthenticationManager.createHash;
 import static org.springframework.security.oauth2.jwt.TestJwts.jwt;
 
@@ -172,9 +172,9 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests {
 				.tokenType(OAuth2AccessToken.TokenType.BEARER).additionalParameters(
 						Collections.singletonMap(OidcParameterNames.ID_TOKEN, this.idToken.getTokenValue()))
 				.build();
-		when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(Mono.just(accessTokenResponse));
+		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse));
 
-		when(this.jwtDecoder.decode(any())).thenThrow(new JwtException("ID Token Validation Error"));
+		given(this.jwtDecoder.decode(any())).willThrow(new JwtException("ID Token Validation Error"));
 		this.manager.setJwtDecoderFactory(c -> this.jwtDecoder);
 
 		assertThatThrownBy(() -> this.manager.authenticate(loginToken()).block())
@@ -198,8 +198,8 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests {
 		claims.put(IdTokenClaimNames.NONCE, "invalid-nonce-hash");
 		Jwt idToken = jwt().claims(c -> c.putAll(claims)).build();
 
-		when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(Mono.just(accessTokenResponse));
-		when(this.jwtDecoder.decode(any())).thenReturn(Mono.just(idToken));
+		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse));
+		given(this.jwtDecoder.decode(any())).willReturn(Mono.just(idToken));
 		this.manager.setJwtDecoderFactory(c -> this.jwtDecoder);
 
 		assertThatThrownBy(() -> this.manager.authenticate(authorizationCodeAuthentication).block())
@@ -223,9 +223,9 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests {
 		claims.put(IdTokenClaimNames.NONCE, this.nonceHash);
 		Jwt idToken = jwt().claims(c -> c.putAll(claims)).build();
 
-		when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(Mono.just(accessTokenResponse));
-		when(this.userService.loadUser(any())).thenReturn(Mono.empty());
-		when(this.jwtDecoder.decode(any())).thenReturn(Mono.just(idToken));
+		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse));
+		given(this.userService.loadUser(any())).willReturn(Mono.empty());
+		given(this.jwtDecoder.decode(any())).willReturn(Mono.just(idToken));
 		this.manager.setJwtDecoderFactory(c -> this.jwtDecoder);
 		assertThat(this.manager.authenticate(authorizationCodeAuthentication).block()).isNull();
 	}
@@ -246,10 +246,10 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests {
 		claims.put(IdTokenClaimNames.NONCE, this.nonceHash);
 		Jwt idToken = jwt().claims(c -> c.putAll(claims)).build();
 
-		when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(Mono.just(accessTokenResponse));
+		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse));
 		DefaultOidcUser user = new DefaultOidcUser(AuthorityUtils.createAuthorityList("ROLE_USER"), this.idToken);
-		when(this.userService.loadUser(any())).thenReturn(Mono.just(user));
-		when(this.jwtDecoder.decode(any())).thenReturn(Mono.just(idToken));
+		given(this.userService.loadUser(any())).willReturn(Mono.just(user));
+		given(this.jwtDecoder.decode(any())).willReturn(Mono.just(idToken));
 		this.manager.setJwtDecoderFactory(c -> this.jwtDecoder);
 
 		OAuth2LoginAuthenticationToken result = (OAuth2LoginAuthenticationToken) this.manager
@@ -277,10 +277,10 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests {
 		claims.put(IdTokenClaimNames.NONCE, this.nonceHash);
 		Jwt idToken = jwt().claims(c -> c.putAll(claims)).build();
 
-		when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(Mono.just(accessTokenResponse));
+		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse));
 		DefaultOidcUser user = new DefaultOidcUser(AuthorityUtils.createAuthorityList("ROLE_USER"), this.idToken);
-		when(this.userService.loadUser(any())).thenReturn(Mono.just(user));
-		when(this.jwtDecoder.decode(any())).thenReturn(Mono.just(idToken));
+		given(this.userService.loadUser(any())).willReturn(Mono.just(user));
+		given(this.jwtDecoder.decode(any())).willReturn(Mono.just(idToken));
 		this.manager.setJwtDecoderFactory(c -> this.jwtDecoder);
 
 		OAuth2LoginAuthenticationToken result = (OAuth2LoginAuthenticationToken) this.manager
@@ -312,11 +312,11 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests {
 		claims.put(IdTokenClaimNames.NONCE, this.nonceHash);
 		Jwt idToken = jwt().claims(c -> c.putAll(claims)).build();
 
-		when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(Mono.just(accessTokenResponse));
+		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse));
 		DefaultOidcUser user = new DefaultOidcUser(AuthorityUtils.createAuthorityList("ROLE_USER"), this.idToken);
 		ArgumentCaptor<OidcUserRequest> userRequestArgCaptor = ArgumentCaptor.forClass(OidcUserRequest.class);
-		when(this.userService.loadUser(userRequestArgCaptor.capture())).thenReturn(Mono.just(user));
-		when(this.jwtDecoder.decode(any())).thenReturn(Mono.just(idToken));
+		given(this.userService.loadUser(userRequestArgCaptor.capture())).willReturn(Mono.just(user));
+		given(this.jwtDecoder.decode(any())).willReturn(Mono.just(idToken));
 		this.manager.setJwtDecoderFactory(c -> this.jwtDecoder);
 
 		this.manager.authenticate(authorizationCodeAuthentication).block();
@@ -342,16 +342,16 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests {
 		claims.put(IdTokenClaimNames.NONCE, this.nonceHash);
 		Jwt idToken = jwt().claims(c -> c.putAll(claims)).build();
 
-		when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(Mono.just(accessTokenResponse));
+		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse));
 		DefaultOidcUser user = new DefaultOidcUser(AuthorityUtils.createAuthorityList("ROLE_USER"), this.idToken);
 		ArgumentCaptor<OidcUserRequest> userRequestArgCaptor = ArgumentCaptor.forClass(OidcUserRequest.class);
-		when(this.userService.loadUser(userRequestArgCaptor.capture())).thenReturn(Mono.just(user));
+		given(this.userService.loadUser(userRequestArgCaptor.capture())).willReturn(Mono.just(user));
 
 		List<GrantedAuthority> mappedAuthorities = AuthorityUtils.createAuthorityList("ROLE_OIDC_USER");
 		GrantedAuthoritiesMapper authoritiesMapper = mock(GrantedAuthoritiesMapper.class);
-		when(authoritiesMapper.mapAuthorities(anyCollection()))
-				.thenAnswer((Answer<List<GrantedAuthority>>) invocation -> mappedAuthorities);
-		when(this.jwtDecoder.decode(any())).thenReturn(Mono.just(idToken));
+		given(authoritiesMapper.mapAuthorities(anyCollection()))
+				.willAnswer((Answer<List<GrantedAuthority>>) invocation -> mappedAuthorities);
+		given(this.jwtDecoder.decode(any())).willReturn(Mono.just(idToken));
 		this.manager.setJwtDecoderFactory(c -> this.jwtDecoder);
 		this.manager.setAuthoritiesMapper(authoritiesMapper);
 
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenDecoderFactoryTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenDecoderFactoryTests.java
index 3267549be6..c9275d69c1 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenDecoderFactoryTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenDecoderFactoryTests.java
@@ -37,9 +37,9 @@ import org.springframework.security.oauth2.jwt.Jwt;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.mockito.ArgumentMatchers.same;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 
 /**
  * @author Joe Grandja
@@ -148,8 +148,8 @@ public class OidcIdTokenDecoderFactoryTests {
 
 		ClientRegistration clientRegistration = this.registration.build();
 
-		when(customJwtValidatorFactory.apply(same(clientRegistration)))
-				.thenReturn(new OidcIdTokenValidator(clientRegistration));
+		given(customJwtValidatorFactory.apply(same(clientRegistration)))
+				.willReturn(new OidcIdTokenValidator(clientRegistration));
 
 		this.idTokenDecoderFactory.createDecoder(clientRegistration);
 
@@ -163,7 +163,7 @@ public class OidcIdTokenDecoderFactoryTests {
 
 		ClientRegistration clientRegistration = this.registration.build();
 
-		when(customJwsAlgorithmResolver.apply(same(clientRegistration))).thenReturn(MacAlgorithm.HS256);
+		given(customJwsAlgorithmResolver.apply(same(clientRegistration))).willReturn(MacAlgorithm.HS256);
 
 		this.idTokenDecoderFactory.createDecoder(clientRegistration);
 
@@ -178,8 +178,8 @@ public class OidcIdTokenDecoderFactoryTests {
 
 		ClientRegistration clientRegistration = this.registration.build();
 
-		when(customClaimTypeConverterFactory.apply(same(clientRegistration)))
-				.thenReturn(new ClaimTypeConverter(OidcIdTokenDecoderFactory.createDefaultClaimTypeConverters()));
+		given(customClaimTypeConverterFactory.apply(same(clientRegistration)))
+				.willReturn(new ClaimTypeConverter(OidcIdTokenDecoderFactory.createDefaultClaimTypeConverters()));
 
 		this.idTokenDecoderFactory.createDecoder(clientRegistration);
 
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/ReactiveOidcIdTokenDecoderFactoryTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/ReactiveOidcIdTokenDecoderFactoryTests.java
index 5cbeefeeb4..f9158a160d 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/ReactiveOidcIdTokenDecoderFactoryTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/ReactiveOidcIdTokenDecoderFactoryTests.java
@@ -37,9 +37,9 @@ import org.springframework.security.oauth2.jwt.Jwt;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.mockito.ArgumentMatchers.same;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 
 /**
  * @author Joe Grandja
@@ -148,8 +148,8 @@ public class ReactiveOidcIdTokenDecoderFactoryTests {
 
 		ClientRegistration clientRegistration = this.registration.build();
 
-		when(customJwtValidatorFactory.apply(same(clientRegistration)))
-				.thenReturn(new OidcIdTokenValidator(clientRegistration));
+		given(customJwtValidatorFactory.apply(same(clientRegistration)))
+				.willReturn(new OidcIdTokenValidator(clientRegistration));
 
 		this.idTokenDecoderFactory.createDecoder(clientRegistration);
 
@@ -163,7 +163,7 @@ public class ReactiveOidcIdTokenDecoderFactoryTests {
 
 		ClientRegistration clientRegistration = this.registration.build();
 
-		when(customJwsAlgorithmResolver.apply(same(clientRegistration))).thenReturn(MacAlgorithm.HS256);
+		given(customJwsAlgorithmResolver.apply(same(clientRegistration))).willReturn(MacAlgorithm.HS256);
 
 		this.idTokenDecoderFactory.createDecoder(clientRegistration);
 
@@ -178,8 +178,8 @@ public class ReactiveOidcIdTokenDecoderFactoryTests {
 
 		ClientRegistration clientRegistration = this.registration.build();
 
-		when(customClaimTypeConverterFactory.apply(same(clientRegistration)))
-				.thenReturn(new ClaimTypeConverter(OidcIdTokenDecoderFactory.createDefaultClaimTypeConverters()));
+		given(customClaimTypeConverterFactory.apply(same(clientRegistration)))
+				.willReturn(new ClaimTypeConverter(OidcIdTokenDecoderFactory.createDefaultClaimTypeConverters()));
 
 		this.idTokenDecoderFactory.createDecoder(clientRegistration);
 
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcReactiveOAuth2UserServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcReactiveOAuth2UserServiceTests.java
index eb334875a6..04a51b5d20 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcReactiveOAuth2UserServiceTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcReactiveOAuth2UserServiceTests.java
@@ -55,9 +55,9 @@ import static org.assertj.core.api.Assertions.assertThatCode;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.same;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 import static org.springframework.security.oauth2.client.registration.TestClientRegistrations.clientRegistration;
 import static org.springframework.security.oauth2.core.TestOAuth2AccessTokens.noScopes;
 import static org.springframework.security.oauth2.core.TestOAuth2AccessTokens.scopes;
@@ -114,7 +114,7 @@ public class OidcReactiveOAuth2UserServiceTests {
 
 	@Test
 	public void loadUserWhenOAuth2UserEmptyThenNullUserInfo() {
-		when(this.oauth2UserService.loadUser(any())).thenReturn(Mono.empty());
+		given(this.oauth2UserService.loadUser(any())).willReturn(Mono.empty());
 
 		OidcUser user = this.userService.loadUser(userRequest()).block();
 
@@ -125,7 +125,7 @@ public class OidcReactiveOAuth2UserServiceTests {
 	public void loadUserWhenOAuth2UserSubjectNullThenOAuth2AuthenticationException() {
 		OAuth2User oauth2User = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("ROLE_USER"),
 				Collections.singletonMap("user", "rob"), "user");
-		when(this.oauth2UserService.loadUser(any())).thenReturn(Mono.just(oauth2User));
+		given(this.oauth2UserService.loadUser(any())).willReturn(Mono.just(oauth2User));
 
 		assertThatCode(() -> this.userService.loadUser(userRequest()).block())
 				.isInstanceOf(OAuth2AuthenticationException.class);
@@ -138,7 +138,7 @@ public class OidcReactiveOAuth2UserServiceTests {
 		attributes.put("user", "rob");
 		OAuth2User oauth2User = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("ROLE_USER"), attributes,
 				"user");
-		when(this.oauth2UserService.loadUser(any())).thenReturn(Mono.just(oauth2User));
+		given(this.oauth2UserService.loadUser(any())).willReturn(Mono.just(oauth2User));
 
 		assertThatCode(() -> this.userService.loadUser(userRequest()).block())
 				.isInstanceOf(OAuth2AuthenticationException.class);
@@ -151,7 +151,7 @@ public class OidcReactiveOAuth2UserServiceTests {
 		attributes.put("user", "rob");
 		OAuth2User oauth2User = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("ROLE_USER"), attributes,
 				"user");
-		when(this.oauth2UserService.loadUser(any())).thenReturn(Mono.just(oauth2User));
+		given(this.oauth2UserService.loadUser(any())).willReturn(Mono.just(oauth2User));
 
 		assertThat(this.userService.loadUser(userRequest()).block().getUserInfo()).isNotNull();
 	}
@@ -164,7 +164,7 @@ public class OidcReactiveOAuth2UserServiceTests {
 		attributes.put("user", "rob");
 		OAuth2User oauth2User = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("ROLE_USER"), attributes,
 				"user");
-		when(this.oauth2UserService.loadUser(any())).thenReturn(Mono.just(oauth2User));
+		given(this.oauth2UserService.loadUser(any())).willReturn(Mono.just(oauth2User));
 
 		assertThat(this.userService.loadUser(userRequest()).block().getName()).isEqualTo("rob");
 	}
@@ -176,7 +176,7 @@ public class OidcReactiveOAuth2UserServiceTests {
 		attributes.put("user", "rob");
 		OAuth2User oauth2User = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("ROLE_USER"), attributes,
 				"user");
-		when(this.oauth2UserService.loadUser(any())).thenReturn(Mono.just(oauth2User));
+		given(this.oauth2UserService.loadUser(any())).willReturn(Mono.just(oauth2User));
 
 		OidcUserRequest userRequest = userRequest();
 
@@ -184,8 +184,8 @@ public class OidcReactiveOAuth2UserServiceTests {
 				Function.class);
 		this.userService.setClaimTypeConverterFactory(customClaimTypeConverterFactory);
 
-		when(customClaimTypeConverterFactory.apply(same(userRequest.getClientRegistration())))
-				.thenReturn(new ClaimTypeConverter(OidcReactiveOAuth2UserService.createDefaultClaimTypeConverters()));
+		given(customClaimTypeConverterFactory.apply(same(userRequest.getClientRegistration())))
+				.willReturn(new ClaimTypeConverter(OidcReactiveOAuth2UserService.createDefaultClaimTypeConverters()));
 
 		this.userService.loadUser(userRequest).block().getUserInfo();
 
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserServiceTests.java
index 0be3918606..229e38c64f 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserServiceTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserServiceTests.java
@@ -55,9 +55,9 @@ import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.hamcrest.CoreMatchers.containsString;
 import static org.mockito.ArgumentMatchers.same;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 import static org.springframework.security.oauth2.client.registration.TestClientRegistrations.clientRegistration;
 import static org.springframework.security.oauth2.core.TestOAuth2AccessTokens.noScopes;
 import static org.springframework.security.oauth2.core.TestOAuth2AccessTokens.scopes;
@@ -423,8 +423,8 @@ public class OidcUserServiceTests {
 				Function.class);
 		this.userService.setClaimTypeConverterFactory(customClaimTypeConverterFactory);
 
-		when(customClaimTypeConverterFactory.apply(same(clientRegistration)))
-				.thenReturn(new ClaimTypeConverter(OidcUserService.createDefaultClaimTypeConverters()));
+		given(customClaimTypeConverterFactory.apply(same(clientRegistration)))
+				.willReturn(new ClaimTypeConverter(OidcUserService.createDefaultClaimTypeConverters()));
 
 		this.userService.loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken));
 
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/server/logout/OidcClientInitiatedServerLogoutSuccessHandlerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/server/logout/OidcClientInitiatedServerLogoutSuccessHandlerTests.java
index f78af6725e..21103b9cde 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/server/logout/OidcClientInitiatedServerLogoutSuccessHandlerTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/server/logout/OidcClientInitiatedServerLogoutSuccessHandlerTests.java
@@ -43,8 +43,8 @@ import org.springframework.web.server.WebFilterChain;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
 
 /**
  * Tests for {@link OidcClientInitiatedServerLogoutSuccessHandler}
@@ -67,8 +67,8 @@ public class OidcClientInitiatedServerLogoutSuccessHandlerTests {
 	@Before
 	public void setup() {
 		this.exchange = mock(ServerWebExchange.class);
-		when(this.exchange.getResponse()).thenReturn(new MockServerHttpResponse());
-		when(this.exchange.getRequest()).thenReturn(MockServerHttpRequest.get("/").build());
+		given(this.exchange.getResponse()).willReturn(new MockServerHttpResponse());
+		given(this.exchange.getRequest()).willReturn(MockServerHttpRequest.get("/").build());
 		this.chain = mock(WebFilterChain.class);
 		this.handler = new OidcClientInitiatedServerLogoutSuccessHandler(this.repository);
 	}
@@ -78,7 +78,7 @@ public class OidcClientInitiatedServerLogoutSuccessHandlerTests {
 		OAuth2AuthenticationToken token = new OAuth2AuthenticationToken(TestOidcUsers.create(),
 				AuthorityUtils.NO_AUTHORITIES, this.registration.getRegistrationId());
 
-		when(this.exchange.getPrincipal()).thenReturn(Mono.just(token));
+		given(this.exchange.getPrincipal()).willReturn(Mono.just(token));
 		WebFilterExchange f = new WebFilterExchange(this.exchange, this.chain);
 		this.handler.onLogoutSuccess(f, token).block();
 
@@ -89,7 +89,7 @@ public class OidcClientInitiatedServerLogoutSuccessHandlerTests {
 	public void logoutWhenNotOAuth2AuthenticationThenDefaults() {
 		Authentication token = mock(Authentication.class);
 
-		when(this.exchange.getPrincipal()).thenReturn(Mono.just(token));
+		given(this.exchange.getPrincipal()).willReturn(Mono.just(token));
 		WebFilterExchange f = new WebFilterExchange(this.exchange, this.chain);
 
 		this.handler.setLogoutSuccessUrl(URI.create("https://default"));
@@ -103,7 +103,7 @@ public class OidcClientInitiatedServerLogoutSuccessHandlerTests {
 		OAuth2AuthenticationToken token = new OAuth2AuthenticationToken(TestOAuth2Users.create(),
 				AuthorityUtils.NO_AUTHORITIES, this.registration.getRegistrationId());
 
-		when(this.exchange.getPrincipal()).thenReturn(Mono.just(token));
+		given(this.exchange.getPrincipal()).willReturn(Mono.just(token));
 		WebFilterExchange f = new WebFilterExchange(this.exchange, this.chain);
 
 		this.handler.setLogoutSuccessUrl(URI.create("https://default"));
@@ -124,7 +124,7 @@ public class OidcClientInitiatedServerLogoutSuccessHandlerTests {
 		OAuth2AuthenticationToken token = new OAuth2AuthenticationToken(TestOidcUsers.create(),
 				AuthorityUtils.NO_AUTHORITIES, registration.getRegistrationId());
 
-		when(this.exchange.getPrincipal()).thenReturn(Mono.just(token));
+		given(this.exchange.getPrincipal()).willReturn(Mono.just(token));
 		WebFilterExchange f = new WebFilterExchange(this.exchange, this.chain);
 
 		handler.setLogoutSuccessUrl(URI.create("https://default"));
@@ -139,7 +139,7 @@ public class OidcClientInitiatedServerLogoutSuccessHandlerTests {
 		OAuth2AuthenticationToken token = new OAuth2AuthenticationToken(TestOidcUsers.create(),
 				AuthorityUtils.NO_AUTHORITIES, this.registration.getRegistrationId());
 
-		when(this.exchange.getPrincipal()).thenReturn(Mono.just(token));
+		given(this.exchange.getPrincipal()).willReturn(Mono.just(token));
 		WebFilterExchange f = new WebFilterExchange(this.exchange, this.chain);
 
 		this.handler.setPostLogoutRedirectUri(URI.create("https://postlogout?encodedparam=value"));
@@ -155,9 +155,9 @@ public class OidcClientInitiatedServerLogoutSuccessHandlerTests {
 
 		OAuth2AuthenticationToken token = new OAuth2AuthenticationToken(TestOidcUsers.create(),
 				AuthorityUtils.NO_AUTHORITIES, this.registration.getRegistrationId());
-		when(this.exchange.getPrincipal()).thenReturn(Mono.just(token));
+		given(this.exchange.getPrincipal()).willReturn(Mono.just(token));
 		MockServerHttpRequest request = MockServerHttpRequest.get("https://rp.example.org/").build();
-		when(this.exchange.getRequest()).thenReturn(request);
+		given(this.exchange.getRequest()).willReturn(request);
 		WebFilterExchange f = new WebFilterExchange(this.exchange, this.chain);
 
 		this.handler.setPostLogoutRedirectUri("{baseUrl}");
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultOAuth2UserServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultOAuth2UserServiceTests.java
index 2343e07b14..b4256a3b0b 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultOAuth2UserServiceTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultOAuth2UserServiceTests.java
@@ -51,8 +51,8 @@ import static org.assertj.core.api.Assertions.assertThat;
 import static org.hamcrest.CoreMatchers.containsString;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.nullable;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
 import static org.springframework.security.oauth2.client.registration.TestClientRegistrations.clientRegistration;
 import static org.springframework.security.oauth2.core.TestOAuth2AccessTokens.noScopes;
 import static org.springframework.security.oauth2.core.TestOAuth2AccessTokens.scopes;
@@ -361,8 +361,8 @@ public class DefaultOAuth2UserServiceTests {
 		ResponseEntity<Map<String, Object>> responseEntity = new ResponseEntity<>(response, HttpStatus.OK);
 		Converter<OAuth2UserRequest, RequestEntity<?>> requestEntityConverter = mock(Converter.class);
 		RestOperations rest = mock(RestOperations.class);
-		when(rest.exchange(nullable(RequestEntity.class), any(ParameterizedTypeReference.class)))
-				.thenReturn(responseEntity);
+		given(rest.exchange(nullable(RequestEntity.class), any(ParameterizedTypeReference.class)))
+				.willReturn(responseEntity);
 		DefaultOAuth2UserService userService = new DefaultOAuth2UserService();
 		userService.setRequestEntityConverter(requestEntityConverter);
 		userService.setRestOperations(rest);
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserServiceTests.java
index c4bbe2b1e2..2e98a22fe2 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserServiceTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserServiceTests.java
@@ -52,9 +52,9 @@ import org.springframework.web.reactive.function.client.WebClient;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.spy;
-import static org.mockito.Mockito.when;
 import static org.springframework.security.oauth2.client.registration.TestClientRegistrations.clientRegistration;
 import static org.springframework.security.oauth2.core.TestOAuth2AccessTokens.noScopes;
 import static org.springframework.security.oauth2.core.TestOAuth2AccessTokens.scopes;
@@ -255,10 +255,10 @@ public class DefaultReactiveOAuth2UserServiceTests {
 		WebClient.RequestHeadersUriSpec spec = spy(real.post());
 		WebClient rest = spy(WebClient.class);
 		WebClient.ResponseSpec clientResponse = mock(WebClient.ResponseSpec.class);
-		when(rest.get()).thenReturn(spec);
-		when(spec.retrieve()).thenReturn(clientResponse);
-		when(clientResponse.onStatus(any(Predicate.class), any(Function.class))).thenReturn(clientResponse);
-		when(clientResponse.bodyToMono(any(ParameterizedTypeReference.class))).thenReturn(Mono.just(body));
+		given(rest.get()).willReturn(spec);
+		given(spec.retrieve()).willReturn(clientResponse);
+		given(clientResponse.onStatus(any(Predicate.class), any(Function.class))).willReturn(clientResponse);
+		given(clientResponse.bodyToMono(any(ParameterizedTypeReference.class))).willReturn(Mono.just(body));
 
 		DefaultReactiveOAuth2UserService userService = new DefaultReactiveOAuth2UserService();
 		userService.setWebClient(rest);
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DelegatingOAuth2UserServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DelegatingOAuth2UserServiceTests.java
index 6038e10130..91040781e3 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DelegatingOAuth2UserServiceTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DelegatingOAuth2UserServiceTests.java
@@ -24,8 +24,8 @@ import org.springframework.security.oauth2.core.user.OAuth2User;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
 
 /**
  * Tests for {@link DelegatingOAuth2UserService}.
@@ -60,7 +60,7 @@ public class DelegatingOAuth2UserServiceTests {
 		OAuth2UserService<OAuth2UserRequest, OAuth2User> userService2 = mock(OAuth2UserService.class);
 		OAuth2UserService<OAuth2UserRequest, OAuth2User> userService3 = mock(OAuth2UserService.class);
 		OAuth2User mockUser = mock(OAuth2User.class);
-		when(userService3.loadUser(any(OAuth2UserRequest.class))).thenReturn(mockUser);
+		given(userService3.loadUser(any(OAuth2UserRequest.class))).willReturn(mockUser);
 
 		DelegatingOAuth2UserService<OAuth2UserRequest, OAuth2User> delegatingUserService = new DelegatingOAuth2UserService<>(
 				Arrays.asList(userService1, userService2, userService3));
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManagerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManagerTests.java
index 9595ff01fc..2746905e9a 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManagerTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManagerTests.java
@@ -53,12 +53,12 @@ import static org.assertj.core.api.Assertions.assertThatCode;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.never;
 import static org.mockito.Mockito.spy;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.verifyNoInteractions;
-import static org.mockito.Mockito.when;
 
 /**
  * Tests for {@link DefaultOAuth2AuthorizedClientManager}.
@@ -205,8 +205,8 @@ public class DefaultOAuth2AuthorizedClientManagerTests {
 	@SuppressWarnings("unchecked")
 	@Test
 	public void authorizeWhenNotAuthorizedAndUnsupportedProviderThenNotAuthorized() {
-		when(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
-				.thenReturn(this.clientRegistration);
+		given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
+				.willReturn(this.clientRegistration);
 
 		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
 				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
@@ -232,11 +232,11 @@ public class DefaultOAuth2AuthorizedClientManagerTests {
 	@SuppressWarnings("unchecked")
 	@Test
 	public void authorizeWhenNotAuthorizedAndSupportedProviderThenAuthorized() {
-		when(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
-				.thenReturn(this.clientRegistration);
+		given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
+				.willReturn(this.clientRegistration);
 
-		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
-				.thenReturn(this.authorizedClient);
+		given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
+				.willReturn(this.authorizedClient);
 
 		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
 				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
@@ -264,16 +264,16 @@ public class DefaultOAuth2AuthorizedClientManagerTests {
 	@SuppressWarnings("unchecked")
 	@Test
 	public void authorizeWhenAuthorizedAndSupportedProviderThenReauthorized() {
-		when(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
-				.thenReturn(this.clientRegistration);
-		when(this.authorizedClientRepository.loadAuthorizedClient(eq(this.clientRegistration.getRegistrationId()),
-				eq(this.principal), eq(this.request))).thenReturn(this.authorizedClient);
+		given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
+				.willReturn(this.clientRegistration);
+		given(this.authorizedClientRepository.loadAuthorizedClient(eq(this.clientRegistration.getRegistrationId()),
+				eq(this.principal), eq(this.request))).willReturn(this.authorizedClient);
 
 		OAuth2AuthorizedClient reauthorizedClient = new OAuth2AuthorizedClient(this.clientRegistration,
 				this.principal.getName(), TestOAuth2AccessTokens.noScopes(), TestOAuth2RefreshTokens.refreshToken());
 
-		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
-				.thenReturn(reauthorizedClient);
+		given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
+				.willReturn(reauthorizedClient);
 
 		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
 				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
@@ -300,11 +300,11 @@ public class DefaultOAuth2AuthorizedClientManagerTests {
 
 	@Test
 	public void authorizeWhenRequestParameterUsernamePasswordThenMappedToContext() {
-		when(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
-				.thenReturn(this.clientRegistration);
+		given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
+				.willReturn(this.clientRegistration);
 
-		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
-				.thenReturn(this.authorizedClient);
+		given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
+				.willReturn(this.authorizedClient);
 
 		// Set custom contextAttributesMapper
 		this.authorizedClientManager.setContextAttributesMapper(authorizeRequest -> {
@@ -369,8 +369,8 @@ public class DefaultOAuth2AuthorizedClientManagerTests {
 		OAuth2AuthorizedClient reauthorizedClient = new OAuth2AuthorizedClient(this.clientRegistration,
 				this.principal.getName(), TestOAuth2AccessTokens.noScopes(), TestOAuth2RefreshTokens.refreshToken());
 
-		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
-				.thenReturn(reauthorizedClient);
+		given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
+				.willReturn(reauthorizedClient);
 
 		OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient)
 				.principal(this.principal).attributes(attrs -> {
@@ -399,8 +399,8 @@ public class DefaultOAuth2AuthorizedClientManagerTests {
 		OAuth2AuthorizedClient reauthorizedClient = new OAuth2AuthorizedClient(this.clientRegistration,
 				this.principal.getName(), TestOAuth2AccessTokens.noScopes(), TestOAuth2RefreshTokens.refreshToken());
 
-		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
-				.thenReturn(reauthorizedClient);
+		given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
+				.willReturn(reauthorizedClient);
 
 		// Override the mock with the default
 		this.authorizedClientManager
@@ -429,8 +429,8 @@ public class DefaultOAuth2AuthorizedClientManagerTests {
 				new OAuth2Error(OAuth2ErrorCodes.INVALID_GRANT, null, null),
 				this.clientRegistration.getRegistrationId());
 
-		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
-				.thenThrow(authorizationException);
+		given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
+				.willThrow(authorizationException);
 
 		OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient)
 				.principal(this.principal).attributes(attrs -> {
@@ -452,8 +452,8 @@ public class DefaultOAuth2AuthorizedClientManagerTests {
 		ClientAuthorizationException authorizationException = new ClientAuthorizationException(
 				new OAuth2Error("non-matching-error-code", null, null), this.clientRegistration.getRegistrationId());
 
-		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
-				.thenThrow(authorizationException);
+		given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
+				.willThrow(authorizationException);
 
 		OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient)
 				.principal(this.principal).attributes(attrs -> {
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultReactiveOAuth2AuthorizedClientManagerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultReactiveOAuth2AuthorizedClientManagerTests.java
index 8987e12067..94929d5c33 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultReactiveOAuth2AuthorizedClientManagerTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultReactiveOAuth2AuthorizedClientManagerTests.java
@@ -55,10 +55,10 @@ import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyString;
 import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.never;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 
 /**
  * Tests for {@link DefaultReactiveOAuth2AuthorizedClientManager}.
@@ -99,22 +99,22 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests {
 	@Before
 	public void setup() {
 		this.clientRegistrationRepository = mock(ReactiveClientRegistrationRepository.class);
-		when(this.clientRegistrationRepository.findByRegistrationId(anyString())).thenReturn(Mono.empty());
+		given(this.clientRegistrationRepository.findByRegistrationId(anyString())).willReturn(Mono.empty());
 		this.authorizedClientRepository = mock(ServerOAuth2AuthorizedClientRepository.class);
 		this.loadAuthorizedClientProbe = PublisherProbe.empty();
-		when(this.authorizedClientRepository.loadAuthorizedClient(anyString(), any(Authentication.class),
-				any(ServerWebExchange.class))).thenReturn(this.loadAuthorizedClientProbe.mono());
+		given(this.authorizedClientRepository.loadAuthorizedClient(anyString(), any(Authentication.class),
+				any(ServerWebExchange.class))).willReturn(this.loadAuthorizedClientProbe.mono());
 		this.saveAuthorizedClientProbe = PublisherProbe.empty();
-		when(this.authorizedClientRepository.saveAuthorizedClient(any(OAuth2AuthorizedClient.class),
+		given(this.authorizedClientRepository.saveAuthorizedClient(any(OAuth2AuthorizedClient.class),
 				any(Authentication.class), any(ServerWebExchange.class)))
-						.thenReturn(this.saveAuthorizedClientProbe.mono());
+						.willReturn(this.saveAuthorizedClientProbe.mono());
 		this.removeAuthorizedClientProbe = PublisherProbe.empty();
-		when(this.authorizedClientRepository.removeAuthorizedClient(any(String.class), any(Authentication.class),
-				any(ServerWebExchange.class))).thenReturn(this.removeAuthorizedClientProbe.mono());
+		given(this.authorizedClientRepository.removeAuthorizedClient(any(String.class), any(Authentication.class),
+				any(ServerWebExchange.class))).willReturn(this.removeAuthorizedClientProbe.mono());
 		this.authorizedClientProvider = mock(ReactiveOAuth2AuthorizedClientProvider.class);
-		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))).thenReturn(Mono.empty());
+		given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))).willReturn(Mono.empty());
 		this.contextAttributesMapper = mock(Function.class);
-		when(this.contextAttributesMapper.apply(any())).thenReturn(Mono.just(Collections.emptyMap()));
+		given(this.contextAttributesMapper.apply(any())).willReturn(Mono.just(Collections.emptyMap()));
 		this.authorizedClientManager = new DefaultReactiveOAuth2AuthorizedClientManager(
 				this.clientRegistrationRepository, this.authorizedClientRepository);
 		this.authorizedClientManager.setAuthorizedClientProvider(this.authorizedClientProvider);
@@ -196,8 +196,8 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests {
 	@SuppressWarnings("unchecked")
 	@Test
 	public void authorizeWhenNotAuthorizedAndUnsupportedProviderThenNotAuthorized() {
-		when(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
-				.thenReturn(Mono.just(this.clientRegistration));
+		given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
+				.willReturn(Mono.just(this.clientRegistration));
 
 		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
 				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
@@ -221,10 +221,10 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests {
 	@SuppressWarnings("unchecked")
 	@Test
 	public void authorizeWhenNotAuthorizedAndSupportedProviderThenAuthorized() {
-		when(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
-				.thenReturn(Mono.just(this.clientRegistration));
-		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
-				.thenReturn(Mono.just(this.authorizedClient));
+		given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
+				.willReturn(Mono.just(this.clientRegistration));
+		given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
+				.willReturn(Mono.just(this.authorizedClient));
 
 		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
 				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
@@ -250,10 +250,10 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests {
 	@SuppressWarnings("unchecked")
 	@Test
 	public void authorizeWhenNotAuthorizedAndSupportedProviderAndCustomSuccessHandlerThenInvokeCustomSuccessHandler() {
-		when(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
-				.thenReturn(Mono.just(this.clientRegistration));
-		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
-				.thenReturn(Mono.just(this.authorizedClient));
+		given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
+				.willReturn(Mono.just(this.clientRegistration));
+		given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
+				.willReturn(Mono.just(this.authorizedClient));
 
 		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
 				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
@@ -283,8 +283,8 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests {
 	@SuppressWarnings("unchecked")
 	@Test
 	public void authorizeWhenInvalidTokenThenRemoveAuthorizedClient() {
-		when(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
-				.thenReturn(Mono.just(this.clientRegistration));
+		given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
+				.willReturn(Mono.just(this.clientRegistration));
 
 		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
 				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
@@ -294,8 +294,8 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests {
 				new OAuth2Error(OAuth2ErrorCodes.INVALID_TOKEN, null, null),
 				this.clientRegistration.getRegistrationId());
 
-		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
-				.thenReturn(Mono.error(exception));
+		given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
+				.willReturn(Mono.error(exception));
 
 		assertThatCode(
 				() -> this.authorizedClientManager.authorize(authorizeRequest).subscriberContext(this.context).block())
@@ -318,8 +318,8 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests {
 	@SuppressWarnings("unchecked")
 	@Test
 	public void authorizeWhenInvalidGrantThenRemoveAuthorizedClient() {
-		when(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
-				.thenReturn(Mono.just(this.clientRegistration));
+		given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
+				.willReturn(Mono.just(this.clientRegistration));
 
 		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
 				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
@@ -329,8 +329,8 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests {
 				new OAuth2Error(OAuth2ErrorCodes.INVALID_GRANT, null, null),
 				this.clientRegistration.getRegistrationId());
 
-		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
-				.thenReturn(Mono.error(exception));
+		given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
+				.willReturn(Mono.error(exception));
 
 		assertThatCode(
 				() -> this.authorizedClientManager.authorize(authorizeRequest).subscriberContext(this.context).block())
@@ -353,8 +353,8 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests {
 	@SuppressWarnings("unchecked")
 	@Test
 	public void authorizeWhenServerErrorThenDoNotRemoveAuthorizedClient() {
-		when(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
-				.thenReturn(Mono.just(this.clientRegistration));
+		given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
+				.willReturn(Mono.just(this.clientRegistration));
 
 		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
 				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
@@ -364,8 +364,8 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests {
 				new OAuth2Error(OAuth2ErrorCodes.SERVER_ERROR, null, null),
 				this.clientRegistration.getRegistrationId());
 
-		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
-				.thenReturn(Mono.error(exception));
+		given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
+				.willReturn(Mono.error(exception));
 
 		assertThatCode(
 				() -> this.authorizedClientManager.authorize(authorizeRequest).subscriberContext(this.context).block())
@@ -386,8 +386,8 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests {
 	@SuppressWarnings("unchecked")
 	@Test
 	public void authorizeWhenOAuth2AuthorizationExceptionThenDoNotRemoveAuthorizedClient() {
-		when(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
-				.thenReturn(Mono.just(this.clientRegistration));
+		given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
+				.willReturn(Mono.just(this.clientRegistration));
 
 		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
 				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
@@ -396,8 +396,8 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests {
 		OAuth2AuthorizationException exception = new OAuth2AuthorizationException(
 				new OAuth2Error(OAuth2ErrorCodes.INVALID_GRANT, null, null));
 
-		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
-				.thenReturn(Mono.error(exception));
+		given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
+				.willReturn(Mono.error(exception));
 
 		assertThatCode(
 				() -> this.authorizedClientManager.authorize(authorizeRequest).subscriberContext(this.context).block())
@@ -418,8 +418,8 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests {
 	@SuppressWarnings("unchecked")
 	@Test
 	public void authorizeWhenOAuth2AuthorizationExceptionAndCustomFailureHandlerThenInvokeCustomFailureHandler() {
-		when(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
-				.thenReturn(Mono.just(this.clientRegistration));
+		given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
+				.willReturn(Mono.just(this.clientRegistration));
 
 		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
 				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
@@ -428,8 +428,8 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests {
 		OAuth2AuthorizationException exception = new OAuth2AuthorizationException(
 				new OAuth2Error(OAuth2ErrorCodes.INVALID_GRANT, null, null));
 
-		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
-				.thenReturn(Mono.error(exception));
+		given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
+				.willReturn(Mono.error(exception));
 
 		PublisherProbe<Void> authorizationFailureHandlerProbe = PublisherProbe.empty();
 		this.authorizedClientManager.setAuthorizationFailureHandler(
@@ -455,17 +455,17 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests {
 	@SuppressWarnings("unchecked")
 	@Test
 	public void authorizeWhenAuthorizedAndSupportedProviderThenReauthorized() {
-		when(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
-				.thenReturn(Mono.just(this.clientRegistration));
+		given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
+				.willReturn(Mono.just(this.clientRegistration));
 		this.loadAuthorizedClientProbe = PublisherProbe.of(Mono.just(this.authorizedClient));
-		when(this.authorizedClientRepository.loadAuthorizedClient(eq(this.clientRegistration.getRegistrationId()),
-				eq(this.principal), eq(this.serverWebExchange))).thenReturn(this.loadAuthorizedClientProbe.mono());
+		given(this.authorizedClientRepository.loadAuthorizedClient(eq(this.clientRegistration.getRegistrationId()),
+				eq(this.principal), eq(this.serverWebExchange))).willReturn(this.loadAuthorizedClientProbe.mono());
 
 		OAuth2AuthorizedClient reauthorizedClient = new OAuth2AuthorizedClient(this.clientRegistration,
 				this.principal.getName(), TestOAuth2AccessTokens.noScopes(), TestOAuth2RefreshTokens.refreshToken());
 
-		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
-				.thenReturn(Mono.just(reauthorizedClient));
+		given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
+				.willReturn(Mono.just(reauthorizedClient));
 
 		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
 				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
@@ -490,11 +490,11 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests {
 
 	@Test
 	public void authorizeWhenRequestFormParameterUsernamePasswordThenMappedToContext() {
-		when(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
-				.thenReturn(Mono.just(this.clientRegistration));
+		given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
+				.willReturn(Mono.just(this.clientRegistration));
 
-		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
-				.thenReturn(Mono.just(this.authorizedClient));
+		given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
+				.willReturn(Mono.just(this.authorizedClient));
 
 		// Set custom contextAttributesMapper capable of mapping the form parameters
 		this.authorizedClientManager.setContextAttributesMapper(
@@ -552,8 +552,8 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests {
 		OAuth2AuthorizedClient reauthorizedClient = new OAuth2AuthorizedClient(this.clientRegistration,
 				this.principal.getName(), TestOAuth2AccessTokens.noScopes(), TestOAuth2RefreshTokens.refreshToken());
 
-		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
-				.thenReturn(Mono.just(reauthorizedClient));
+		given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
+				.willReturn(Mono.just(reauthorizedClient));
 
 		OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient)
 				.principal(this.principal).build();
@@ -580,8 +580,8 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests {
 		OAuth2AuthorizedClient reauthorizedClient = new OAuth2AuthorizedClient(this.clientRegistration,
 				this.principal.getName(), TestOAuth2AccessTokens.noScopes(), TestOAuth2RefreshTokens.refreshToken());
 
-		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
-				.thenReturn(Mono.just(reauthorizedClient));
+		given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
+				.willReturn(Mono.just(reauthorizedClient));
 
 		// Override the mock with the default
 		this.authorizedClientManager.setContextAttributesMapper(
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilterTests.java
index 50c850d9d7..13eb23d8f5 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilterTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilterTests.java
@@ -59,12 +59,12 @@ import org.springframework.util.CollectionUtils;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.spy;
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.verifyNoInteractions;
-import static org.mockito.Mockito.when;
 import static org.springframework.security.oauth2.core.TestOAuth2AccessTokens.noScopes;
 import static org.springframework.security.oauth2.core.TestOAuth2RefreshTokens.refreshToken;
 import static org.springframework.security.oauth2.core.endpoint.TestOAuth2AuthorizationExchanges.success;
@@ -281,8 +281,8 @@ public class OAuth2AuthorizationCodeGrantFilterTests {
 		this.setUpAuthorizationRequest(authorizationRequest, response, this.registration1);
 
 		OAuth2Error error = new OAuth2Error(OAuth2ErrorCodes.INVALID_GRANT);
-		when(this.authenticationManager.authenticate(any(Authentication.class)))
-				.thenThrow(new OAuth2AuthorizationException(error));
+		given(this.authenticationManager.authenticate(any(Authentication.class)))
+				.willThrow(new OAuth2AuthorizationException(error));
 
 		this.filter.doFilter(authorizationResponse, response, filterChain);
 
@@ -481,7 +481,7 @@ public class OAuth2AuthorizationCodeGrantFilterTests {
 	private void setUpAuthenticationResult(ClientRegistration registration) {
 		OAuth2AuthorizationCodeAuthenticationToken authentication = new OAuth2AuthorizationCodeAuthenticationToken(
 				registration, success(), noScopes(), refreshToken());
-		when(this.authenticationManager.authenticate(any(Authentication.class))).thenReturn(authentication);
+		given(this.authenticationManager.authenticate(any(Authentication.class))).willReturn(authentication);
 	}
 
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilterTests.java
index 3523691a71..fac30550f6 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilterTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilterTests.java
@@ -46,12 +46,12 @@ import org.springframework.web.util.UriComponentsBuilder;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.Mockito.doThrow;
+import static org.mockito.BDDMockito.given;
+import static org.mockito.BDDMockito.willThrow;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.verifyZeroInteractions;
-import static org.mockito.Mockito.when;
 
 /**
  * Tests for {@link OAuth2AuthorizationRequestRedirectFilter}.
@@ -253,7 +253,7 @@ public class OAuth2AuthorizationRequestRedirectFilterTests {
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		FilterChain filterChain = mock(FilterChain.class);
 
-		doThrow(new ClientAuthorizationRequiredException(this.registration1.getRegistrationId())).when(filterChain)
+		willThrow(new ClientAuthorizationRequiredException(this.registration1.getRegistrationId())).given(filterChain)
 				.doFilter(any(ServletRequest.class), any(ServletResponse.class));
 
 		this.filter.doFilter(request, response, filterChain);
@@ -275,7 +275,7 @@ public class OAuth2AuthorizationRequestRedirectFilterTests {
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		FilterChain filterChain = mock(FilterChain.class);
 
-		doThrow(new ClientAuthorizationRequiredException(this.registration1.getRegistrationId())).when(filterChain)
+		willThrow(new ClientAuthorizationRequiredException(this.registration1.getRegistrationId())).given(filterChain)
 				.doFilter(any(ServletRequest.class), any(ServletResponse.class));
 
 		OAuth2AuthorizationRequestResolver resolver = mock(OAuth2AuthorizationRequestResolver.class);
@@ -311,7 +311,7 @@ public class OAuth2AuthorizationRequestRedirectFilterTests {
 		OAuth2AuthorizationRequest result = OAuth2AuthorizationRequest
 				.from(defaultAuthorizationRequestResolver.resolve(request))
 				.additionalParameters(Collections.singletonMap("idp", request.getParameter("idp"))).build();
-		when(resolver.resolve(any())).thenReturn(result);
+		given(resolver.resolve(any())).willReturn(result);
 		OAuth2AuthorizationRequestRedirectFilter filter = new OAuth2AuthorizationRequestRedirectFilter(resolver);
 
 		filter.doFilter(request, response, filterChain);
@@ -353,7 +353,7 @@ public class OAuth2AuthorizationRequestRedirectFilterTests {
 				.from(defaultAuthorizationRequestResolver.resolve(request))
 				.additionalParameters(Collections.singletonMap("idp", request.getParameter("idp")))
 				.authorizationRequestUri(customAuthorizationRequestUri).build();
-		when(resolver.resolve(any())).thenReturn(result);
+		given(resolver.resolve(any())).willReturn(result);
 
 		OAuth2AuthorizationRequestRedirectFilter filter = new OAuth2AuthorizationRequestRedirectFilter(resolver);
 
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilterTests.java
index 25e3b6171d..c632f1b81e 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilterTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilterTests.java
@@ -59,12 +59,12 @@ import org.springframework.web.util.UriComponentsBuilder;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.never;
 import static org.mockito.Mockito.spy;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.verifyZeroInteractions;
-import static org.mockito.Mockito.when;
 import static org.springframework.security.oauth2.core.endpoint.TestOAuth2AuthorizationExchanges.success;
 
 /**
@@ -446,7 +446,7 @@ public class OAuth2LoginAuthenticationFilterTests {
 		request.addParameter(OAuth2ParameterNames.STATE, state);
 
 		WebAuthenticationDetails webAuthenticationDetails = mock(WebAuthenticationDetails.class);
-		when(this.authenticationDetailsSource.buildDetails(any())).thenReturn(webAuthenticationDetails);
+		given(this.authenticationDetailsSource.buildDetails(any())).willReturn(webAuthenticationDetails);
 
 		MockHttpServletResponse response = new MockHttpServletResponse();
 
@@ -484,17 +484,17 @@ public class OAuth2LoginAuthenticationFilterTests {
 
 	private void setUpAuthenticationResult(ClientRegistration registration) {
 		OAuth2User user = mock(OAuth2User.class);
-		when(user.getName()).thenReturn(this.principalName1);
+		given(user.getName()).willReturn(this.principalName1);
 		this.loginAuthentication = mock(OAuth2LoginAuthenticationToken.class);
-		when(this.loginAuthentication.getPrincipal()).thenReturn(user);
-		when(this.loginAuthentication.getName()).thenReturn(this.principalName1);
-		when(this.loginAuthentication.getAuthorities()).thenReturn(AuthorityUtils.createAuthorityList("ROLE_USER"));
-		when(this.loginAuthentication.getClientRegistration()).thenReturn(registration);
-		when(this.loginAuthentication.getAuthorizationExchange()).thenReturn(success());
-		when(this.loginAuthentication.getAccessToken()).thenReturn(mock(OAuth2AccessToken.class));
-		when(this.loginAuthentication.getRefreshToken()).thenReturn(mock(OAuth2RefreshToken.class));
-		when(this.loginAuthentication.isAuthenticated()).thenReturn(true);
-		when(this.authenticationManager.authenticate(any(Authentication.class))).thenReturn(this.loginAuthentication);
+		given(this.loginAuthentication.getPrincipal()).willReturn(user);
+		given(this.loginAuthentication.getName()).willReturn(this.principalName1);
+		given(this.loginAuthentication.getAuthorities()).willReturn(AuthorityUtils.createAuthorityList("ROLE_USER"));
+		given(this.loginAuthentication.getClientRegistration()).willReturn(registration);
+		given(this.loginAuthentication.getAuthorizationExchange()).willReturn(success());
+		given(this.loginAuthentication.getAccessToken()).willReturn(mock(OAuth2AccessToken.class));
+		given(this.loginAuthentication.getRefreshToken()).willReturn(mock(OAuth2RefreshToken.class));
+		given(this.loginAuthentication.isAuthenticated()).willReturn(true);
+		given(this.authenticationManager.authenticate(any(Authentication.class))).willReturn(this.loginAuthentication);
 	}
 
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolverTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolverTests.java
index 6942c53c7d..e3564117d4 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolverTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolverTests.java
@@ -66,9 +66,9 @@ import static org.assertj.core.api.AssertionsForClassTypes.assertThatThrownBy;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyString;
 import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 
 /**
  * Tests for {@link OAuth2AuthorizedClientArgumentResolver}.
@@ -131,12 +131,12 @@ public class OAuth2AuthorizedClientArgumentResolverTests {
 		this.argumentResolver = new OAuth2AuthorizedClientArgumentResolver(authorizedClientManager);
 		this.authorizedClient1 = new OAuth2AuthorizedClient(this.registration1, this.principalName,
 				mock(OAuth2AccessToken.class));
-		when(this.authorizedClientRepository.loadAuthorizedClient(eq(this.registration1.getRegistrationId()),
-				any(Authentication.class), any(HttpServletRequest.class))).thenReturn(this.authorizedClient1);
+		given(this.authorizedClientRepository.loadAuthorizedClient(eq(this.registration1.getRegistrationId()),
+				any(Authentication.class), any(HttpServletRequest.class))).willReturn(this.authorizedClient1);
 		this.authorizedClient2 = new OAuth2AuthorizedClient(this.registration2, this.principalName,
 				mock(OAuth2AccessToken.class));
-		when(this.authorizedClientRepository.loadAuthorizedClient(eq(this.registration2.getRegistrationId()),
-				any(Authentication.class), any(HttpServletRequest.class))).thenReturn(this.authorizedClient2);
+		given(this.authorizedClientRepository.loadAuthorizedClient(eq(this.registration2.getRegistrationId()),
+				any(Authentication.class), any(HttpServletRequest.class))).willReturn(this.authorizedClient2);
 		this.request = new MockHttpServletRequest();
 		this.response = new MockHttpServletResponse();
 	}
@@ -218,7 +218,7 @@ public class OAuth2AuthorizedClientArgumentResolverTests {
 	@Test
 	public void resolveArgumentWhenRegistrationIdEmptyAndOAuth2AuthenticationThenResolves() throws Exception {
 		OAuth2AuthenticationToken authentication = mock(OAuth2AuthenticationToken.class);
-		when(authentication.getAuthorizedClientRegistrationId()).thenReturn("client1");
+		given(authentication.getAuthorizedClientRegistrationId()).willReturn("client1");
 		SecurityContext securityContext = SecurityContextHolder.createEmptyContext();
 		securityContext.setAuthentication(authentication);
 		SecurityContextHolder.setContext(securityContext);
@@ -246,8 +246,8 @@ public class OAuth2AuthorizedClientArgumentResolverTests {
 
 	@Test
 	public void resolveArgumentWhenAuthorizedClientNotFoundForAuthorizationCodeClientThenThrowClientAuthorizationRequiredException() {
-		when(this.authorizedClientRepository.loadAuthorizedClient(anyString(), any(), any(HttpServletRequest.class)))
-				.thenReturn(null);
+		given(this.authorizedClientRepository.loadAuthorizedClient(anyString(), any(), any(HttpServletRequest.class)))
+				.willReturn(null);
 		MethodParameter methodParameter = this.getMethodParameter("paramTypeAuthorizedClient",
 				OAuth2AuthorizedClient.class);
 		assertThatThrownBy(() -> this.argumentResolver.resolveArgument(methodParameter, null,
@@ -270,10 +270,10 @@ public class OAuth2AuthorizedClientArgumentResolverTests {
 
 		OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("access-token-1234")
 				.tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(3600).build();
-		when(clientCredentialsTokenResponseClient.getTokenResponse(any())).thenReturn(accessTokenResponse);
+		given(clientCredentialsTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse);
 
-		when(this.authorizedClientRepository.loadAuthorizedClient(anyString(), any(), any(HttpServletRequest.class)))
-				.thenReturn(null);
+		given(this.authorizedClientRepository.loadAuthorizedClient(anyString(), any(), any(HttpServletRequest.class)))
+				.willReturn(null);
 		MethodParameter methodParameter = this.getMethodParameter("clientCredentialsClient",
 				OAuth2AuthorizedClient.class);
 
@@ -318,10 +318,10 @@ public class OAuth2AuthorizedClientArgumentResolverTests {
 
 		OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("access-token-1234")
 				.tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(3600).build();
-		when(passwordTokenResponseClient.getTokenResponse(any())).thenReturn(accessTokenResponse);
+		given(passwordTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse);
 
-		when(this.authorizedClientRepository.loadAuthorizedClient(anyString(), any(), any(HttpServletRequest.class)))
-				.thenReturn(null);
+		given(this.authorizedClientRepository.loadAuthorizedClient(anyString(), any(), any(HttpServletRequest.class)))
+				.willReturn(null);
 		MethodParameter methodParameter = this.getMethodParameter("passwordClient", OAuth2AuthorizedClient.class);
 
 		this.request.setParameter(OAuth2ParameterNames.USERNAME, "username");
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionITests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionITests.java
index 589600730a..8007fad1bc 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionITests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionITests.java
@@ -56,13 +56,13 @@ import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatCode;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.doReturn;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.never;
 import static org.mockito.Mockito.spy;
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 import static org.springframework.security.oauth2.client.web.reactive.function.client.ServletOAuth2AuthorizedClientExchangeFilterFunction.clientRegistrationId;
 
 /**
@@ -138,8 +138,8 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionITests {
 
 		ClientRegistration clientRegistration = TestClientRegistrations.clientCredentials().tokenUri(this.serverUrl)
 				.build();
-		when(this.clientRegistrationRepository.findByRegistrationId(eq(clientRegistration.getRegistrationId())))
-				.thenReturn(Mono.just(clientRegistration));
+		given(this.clientRegistrationRepository.findByRegistrationId(eq(clientRegistration.getRegistrationId())))
+				.willReturn(Mono.just(clientRegistration));
 
 		this.webClient.get().uri(this.serverUrl)
 				.attributes(clientRegistrationId(clientRegistration.getRegistrationId())).retrieve()
@@ -166,8 +166,8 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionITests {
 
 		ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().tokenUri(this.serverUrl)
 				.build();
-		when(this.clientRegistrationRepository.findByRegistrationId(eq(clientRegistration.getRegistrationId())))
-				.thenReturn(Mono.just(clientRegistration));
+		given(this.clientRegistrationRepository.findByRegistrationId(eq(clientRegistration.getRegistrationId())))
+				.willReturn(Mono.just(clientRegistration));
 
 		Instant issuedAt = Instant.now().minus(Duration.ofDays(1));
 		Instant expiresAt = issuedAt.plus(Duration.ofHours(1));
@@ -208,8 +208,8 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionITests {
 
 		ClientRegistration clientRegistration1 = TestClientRegistrations.clientCredentials().registrationId("client-1")
 				.tokenUri(this.serverUrl).build();
-		when(this.clientRegistrationRepository.findByRegistrationId(eq(clientRegistration1.getRegistrationId())))
-				.thenReturn(Mono.just(clientRegistration1));
+		given(this.clientRegistrationRepository.findByRegistrationId(eq(clientRegistration1.getRegistrationId())))
+				.willReturn(Mono.just(clientRegistration1));
 
 		// Client 2
 		this.server.enqueue(jsonResponse(accessTokenResponse));
@@ -217,8 +217,8 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionITests {
 
 		ClientRegistration clientRegistration2 = TestClientRegistrations.clientCredentials().registrationId("client-2")
 				.tokenUri(this.serverUrl).build();
-		when(this.clientRegistrationRepository.findByRegistrationId(eq(clientRegistration2.getRegistrationId())))
-				.thenReturn(Mono.just(clientRegistration2));
+		given(this.clientRegistrationRepository.findByRegistrationId(eq(clientRegistration2.getRegistrationId())))
+				.willReturn(Mono.just(clientRegistration2));
 
 		this.webClient.get().uri(this.serverUrl)
 				.attributes(clientRegistrationId(clientRegistration1.getRegistrationId())).retrieve()
@@ -255,8 +255,8 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionITests {
 
 		ClientRegistration clientRegistration = TestClientRegistrations.clientCredentials().tokenUri(this.serverUrl)
 				.build();
-		when(this.clientRegistrationRepository.findByRegistrationId(eq(clientRegistration.getRegistrationId())))
-				.thenReturn(Mono.just(clientRegistration));
+		given(this.clientRegistrationRepository.findByRegistrationId(eq(clientRegistration.getRegistrationId())))
+				.willReturn(Mono.just(clientRegistration));
 
 		OAuth2AccessToken accessToken = TestOAuth2AccessTokens.scopes("read", "write");
 		OAuth2RefreshToken refreshToken = TestOAuth2RefreshTokens.refreshToken();
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionTests.java
index 110026c1f2..950f145c4e 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionTests.java
@@ -100,12 +100,12 @@ import static org.assertj.core.api.Assertions.entry;
 import static org.assertj.core.api.AssertionsForClassTypes.assertThatThrownBy;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.never;
 import static org.mockito.Mockito.spy;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.verifyZeroInteractions;
-import static org.mockito.Mockito.when;
 import static org.springframework.http.HttpMethod.GET;
 import static org.springframework.security.oauth2.client.web.reactive.function.client.ServerOAuth2AuthorizedClientExchangeFilterFunction.clientRegistrationId;
 import static org.springframework.security.oauth2.client.web.reactive.function.client.ServerOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient;
@@ -172,8 +172,8 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 				this.clientRegistrationRepository, this.authorizedClientRepository);
 		this.authorizedClientManager.setAuthorizedClientProvider(authorizedClientProvider);
 		this.function = new ServerOAuth2AuthorizedClientExchangeFilterFunction(this.authorizedClientManager);
-		when(this.authorizedClientRepository.saveAuthorizedClient(any(), any(), any())).thenReturn(Mono.empty());
-		when(this.exchange.getResponse().headers()).thenReturn(mock(ClientResponse.Headers.class));
+		given(this.authorizedClientRepository.saveAuthorizedClient(any(), any(), any())).willReturn(Mono.empty());
+		given(this.exchange.getResponse().headers()).willReturn(mock(ClientResponse.Headers.class));
 	}
 
 	@Test
@@ -246,8 +246,8 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 	public void filterWhenClientCredentialsTokenExpiredThenGetNewToken() {
 		OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("new-token")
 				.tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(360).build();
-		when(this.clientCredentialsTokenResponseClient.getTokenResponse(any()))
-				.thenReturn(Mono.just(accessTokenResponse));
+		given(this.clientCredentialsTokenResponseClient.getTokenResponse(any()))
+				.willReturn(Mono.just(accessTokenResponse));
 
 		ClientRegistration registration = TestClientRegistrations.clientCredentials().build();
 		Instant issuedAt = Instant.now().minus(Duration.ofDays(1));
@@ -307,7 +307,7 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 	public void filterWhenRefreshRequiredThenRefresh() {
 		OAuth2AccessTokenResponse response = OAuth2AccessTokenResponse.withToken("token-1")
 				.tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(3600).refreshToken("refresh-1").build();
-		when(this.refreshTokenTokenResponseClient.getTokenResponse(any())).thenReturn(Mono.just(response));
+		given(this.refreshTokenTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(response));
 
 		Instant issuedAt = Instant.now().minus(Duration.ofDays(1));
 		Instant accessTokenExpiresAt = issuedAt.plus(Duration.ofHours(1));
@@ -347,7 +347,7 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 	public void filterWhenRefreshRequiredAndEmptyReactiveSecurityContextThenSaved() {
 		OAuth2AccessTokenResponse response = OAuth2AccessTokenResponse.withToken("token-1")
 				.tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(3600).refreshToken("refresh-1").build();
-		when(this.refreshTokenTokenResponseClient.getTokenResponse(any())).thenReturn(Mono.just(response));
+		given(this.refreshTokenTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(response));
 		Instant issuedAt = Instant.now().minus(Duration.ofDays(1));
 
 		Instant accessTokenExpiresAt = issuedAt.plus(Duration.ofHours(1));
@@ -419,8 +419,8 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		this.function.setAuthorizationFailureHandler(this.authorizationFailureHandler);
 
 		PublisherProbe<Void> publisherProbe = PublisherProbe.empty();
-		when(this.authorizationFailureHandler.onAuthorizationFailure(any(), any(), any()))
-				.thenReturn(publisherProbe.mono());
+		given(this.authorizationFailureHandler.onAuthorizationFailure(any(), any(), any()))
+				.willReturn(publisherProbe.mono());
 
 		OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", this.accessToken.getIssuedAt());
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
@@ -428,7 +428,7 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
 				.attributes(oauth2AuthorizedClient(authorizedClient)).build();
 
-		when(this.exchange.getResponse().rawStatusCode()).thenReturn(HttpStatus.UNAUTHORIZED.value());
+		given(this.exchange.getResponse().rawStatusCode()).willReturn(HttpStatus.UNAUTHORIZED.value());
 
 		this.function.filter(request, this.exchange).subscriberContext(serverWebExchange()).block();
 
@@ -454,8 +454,8 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		this.function.setAuthorizationFailureHandler(this.authorizationFailureHandler);
 
 		PublisherProbe<Void> publisherProbe = PublisherProbe.empty();
-		when(this.authorizationFailureHandler.onAuthorizationFailure(any(), any(), any()))
-				.thenReturn(publisherProbe.mono());
+		given(this.authorizationFailureHandler.onAuthorizationFailure(any(), any(), any()))
+				.willReturn(publisherProbe.mono());
 
 		OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", this.accessToken.getIssuedAt());
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
@@ -493,8 +493,8 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		this.function.setAuthorizationFailureHandler(this.authorizationFailureHandler);
 
 		PublisherProbe<Void> publisherProbe = PublisherProbe.empty();
-		when(this.authorizationFailureHandler.onAuthorizationFailure(any(), any(), any()))
-				.thenReturn(publisherProbe.mono());
+		given(this.authorizationFailureHandler.onAuthorizationFailure(any(), any(), any()))
+				.willReturn(publisherProbe.mono());
 
 		OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", this.accessToken.getIssuedAt());
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
@@ -502,7 +502,7 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
 				.attributes(oauth2AuthorizedClient(authorizedClient)).build();
 
-		when(this.exchange.getResponse().rawStatusCode()).thenReturn(HttpStatus.FORBIDDEN.value());
+		given(this.exchange.getResponse().rawStatusCode()).willReturn(HttpStatus.FORBIDDEN.value());
 
 		this.function.filter(request, this.exchange).subscriberContext(serverWebExchange()).block();
 
@@ -528,8 +528,8 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		this.function.setAuthorizationFailureHandler(this.authorizationFailureHandler);
 
 		PublisherProbe<Void> publisherProbe = PublisherProbe.empty();
-		when(this.authorizationFailureHandler.onAuthorizationFailure(any(), any(), any()))
-				.thenReturn(publisherProbe.mono());
+		given(this.authorizationFailureHandler.onAuthorizationFailure(any(), any(), any()))
+				.willReturn(publisherProbe.mono());
 
 		OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", this.accessToken.getIssuedAt());
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
@@ -567,8 +567,8 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		this.function.setAuthorizationFailureHandler(this.authorizationFailureHandler);
 
 		PublisherProbe<Void> publisherProbe = PublisherProbe.empty();
-		when(this.authorizationFailureHandler.onAuthorizationFailure(any(), any(), any()))
-				.thenReturn(publisherProbe.mono());
+		given(this.authorizationFailureHandler.onAuthorizationFailure(any(), any(), any()))
+				.willReturn(publisherProbe.mono());
 
 		OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", this.accessToken.getIssuedAt());
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
@@ -580,9 +580,9 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 				+ "error_description=\"The request requires higher privileges than provided by the access token.\", "
 				+ "error_uri=\"https://tools.ietf.org/html/rfc6750#section-3.1\"";
 		ClientResponse.Headers headers = mock(ClientResponse.Headers.class);
-		when(headers.header(eq(HttpHeaders.WWW_AUTHENTICATE)))
-				.thenReturn(Collections.singletonList(wwwAuthenticateHeader));
-		when(this.exchange.getResponse().headers()).thenReturn(headers);
+		given(headers.header(eq(HttpHeaders.WWW_AUTHENTICATE)))
+				.willReturn(Collections.singletonList(wwwAuthenticateHeader));
+		given(this.exchange.getResponse().headers()).willReturn(headers);
 
 		this.function.filter(request, this.exchange).subscriberContext(serverWebExchange()).block();
 
@@ -611,8 +611,8 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		this.function.setAuthorizationFailureHandler(this.authorizationFailureHandler);
 
 		PublisherProbe<Void> publisherProbe = PublisherProbe.empty();
-		when(this.authorizationFailureHandler.onAuthorizationFailure(any(), any(), any()))
-				.thenReturn(publisherProbe.mono());
+		given(this.authorizationFailureHandler.onAuthorizationFailure(any(), any(), any()))
+				.willReturn(publisherProbe.mono());
 
 		OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", this.accessToken.getIssuedAt());
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
@@ -649,7 +649,7 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
 				.attributes(oauth2AuthorizedClient(authorizedClient)).build();
 
-		when(this.exchange.getResponse().rawStatusCode()).thenReturn(HttpStatus.BAD_REQUEST.value());
+		given(this.exchange.getResponse().rawStatusCode()).willReturn(HttpStatus.BAD_REQUEST.value());
 
 		this.function.filter(request, this.exchange).subscriberContext(serverWebExchange()).block();
 
@@ -663,12 +663,12 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 
 		OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("new-token")
 				.tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(360).build();
-		when(this.passwordTokenResponseClient.getTokenResponse(any())).thenReturn(Mono.just(accessTokenResponse));
+		given(this.passwordTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse));
 
-		when(this.clientRegistrationRepository.findByRegistrationId(eq(registration.getRegistrationId())))
-				.thenReturn(Mono.just(registration));
-		when(this.authorizedClientRepository.loadAuthorizedClient(eq(registration.getRegistrationId()),
-				eq(authentication), any())).thenReturn(Mono.empty());
+		given(this.clientRegistrationRepository.findByRegistrationId(eq(registration.getRegistrationId())))
+				.willReturn(Mono.just(registration));
+		given(this.authorizedClientRepository.loadAuthorizedClient(eq(registration.getRegistrationId()),
+				eq(authentication), any())).willReturn(Mono.empty());
 
 		// Set custom contextAttributesMapper capable of mapping the form parameters
 		this.authorizedClientManager.setContextAttributesMapper(authorizeRequest -> {
@@ -713,8 +713,8 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", this.accessToken.getIssuedAt());
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
 				this.accessToken, refreshToken);
-		when(this.authorizedClientRepository.loadAuthorizedClient(any(), any(), any()))
-				.thenReturn(Mono.just(authorizedClient));
+		given(this.authorizedClientRepository.loadAuthorizedClient(any(), any(), any()))
+				.willReturn(Mono.just(authorizedClient));
 		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
 				.attributes(clientRegistrationId(this.registration.getRegistrationId())).build();
 
@@ -736,8 +736,8 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", this.accessToken.getIssuedAt());
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
 				this.accessToken, refreshToken);
-		when(this.authorizedClientRepository.loadAuthorizedClient(any(), any(), any()))
-				.thenReturn(Mono.just(authorizedClient));
+		given(this.authorizedClientRepository.loadAuthorizedClient(any(), any(), any()))
+				.willReturn(Mono.just(authorizedClient));
 		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com")).build();
 
 		this.function.filter(request, this.exchange).subscriberContext(serverWebExchange()).block();
@@ -759,8 +759,8 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", this.accessToken.getIssuedAt());
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
 				this.accessToken, refreshToken);
-		when(this.authorizedClientRepository.loadAuthorizedClient(any(), any(), any()))
-				.thenReturn(Mono.just(authorizedClient));
+		given(this.authorizedClientRepository.loadAuthorizedClient(any(), any(), any()))
+				.willReturn(Mono.just(authorizedClient));
 		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com")).build();
 
 		OAuth2User user = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("ROLE_USER"),
@@ -804,8 +804,8 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", this.accessToken.getIssuedAt());
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
 				this.accessToken, refreshToken);
-		when(this.authorizedClientRepository.loadAuthorizedClient(any(), any(), any()))
-				.thenReturn(Mono.just(authorizedClient));
+		given(this.authorizedClientRepository.loadAuthorizedClient(any(), any(), any()))
+				.willReturn(Mono.just(authorizedClient));
 		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
 				.attributes(clientRegistrationId(this.registration.getRegistrationId())).build();
 
@@ -828,12 +828,12 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 
 		OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("new-token")
 				.tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(360).build();
-		when(this.clientCredentialsTokenResponseClient.getTokenResponse(any()))
-				.thenReturn(Mono.just(accessTokenResponse));
+		given(this.clientCredentialsTokenResponseClient.getTokenResponse(any()))
+				.willReturn(Mono.just(accessTokenResponse));
 
 		ClientRegistration registration = TestClientRegistrations.clientCredentials().build();
-		when(this.clientRegistrationRepository.findByRegistrationId(eq(registration.getRegistrationId())))
-				.thenReturn(Mono.just(registration));
+		given(this.clientRegistrationRepository.findByRegistrationId(eq(registration.getRegistrationId())))
+				.willReturn(Mono.just(registration));
 
 		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
 				.attributes(clientRegistrationId(registration.getRegistrationId())).build();
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionITests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionITests.java
index cd2fbb3438..7e8ca01a23 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionITests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionITests.java
@@ -58,12 +58,12 @@ import org.springframework.web.reactive.function.client.WebClient;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.doReturn;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.spy;
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 import static org.springframework.security.oauth2.client.web.reactive.function.client.ServletOAuth2AuthorizedClientExchangeFilterFunction.SECURITY_REACTOR_CONTEXT_ATTRIBUTES_KEY;
 import static org.springframework.security.oauth2.client.web.reactive.function.client.ServletOAuth2AuthorizedClientExchangeFilterFunction.clientRegistrationId;
 
@@ -159,8 +159,8 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionITests {
 
 		ClientRegistration clientRegistration = TestClientRegistrations.clientCredentials().tokenUri(this.serverUrl)
 				.build();
-		when(this.clientRegistrationRepository.findByRegistrationId(eq(clientRegistration.getRegistrationId())))
-				.thenReturn(clientRegistration);
+		given(this.clientRegistrationRepository.findByRegistrationId(eq(clientRegistration.getRegistrationId())))
+				.willReturn(clientRegistration);
 
 		this.webClient.get().uri(this.serverUrl)
 				.attributes(clientRegistrationId(clientRegistration.getRegistrationId())).retrieve()
@@ -186,8 +186,8 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionITests {
 
 		ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().tokenUri(this.serverUrl)
 				.build();
-		when(this.clientRegistrationRepository.findByRegistrationId(eq(clientRegistration.getRegistrationId())))
-				.thenReturn(clientRegistration);
+		given(this.clientRegistrationRepository.findByRegistrationId(eq(clientRegistration.getRegistrationId())))
+				.willReturn(clientRegistration);
 
 		Instant issuedAt = Instant.now().minus(Duration.ofDays(1));
 		Instant expiresAt = issuedAt.plus(Duration.ofHours(1));
@@ -227,8 +227,8 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionITests {
 
 		ClientRegistration clientRegistration1 = TestClientRegistrations.clientCredentials().registrationId("client-1")
 				.tokenUri(this.serverUrl).build();
-		when(this.clientRegistrationRepository.findByRegistrationId(eq(clientRegistration1.getRegistrationId())))
-				.thenReturn(clientRegistration1);
+		given(this.clientRegistrationRepository.findByRegistrationId(eq(clientRegistration1.getRegistrationId())))
+				.willReturn(clientRegistration1);
 
 		// Client 2
 		this.server.enqueue(jsonResponse(accessTokenResponse));
@@ -236,8 +236,8 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionITests {
 
 		ClientRegistration clientRegistration2 = TestClientRegistrations.clientCredentials().registrationId("client-2")
 				.tokenUri(this.serverUrl).build();
-		when(this.clientRegistrationRepository.findByRegistrationId(eq(clientRegistration2.getRegistrationId())))
-				.thenReturn(clientRegistration2);
+		given(this.clientRegistrationRepository.findByRegistrationId(eq(clientRegistration2.getRegistrationId())))
+				.willReturn(clientRegistration2);
 
 		this.webClient.get().uri(this.serverUrl)
 				.attributes(clientRegistrationId(clientRegistration1.getRegistrationId())).retrieve()
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionTests.java
index 2728dce197..edc3d712b8 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionTests.java
@@ -109,11 +109,11 @@ import static org.assertj.core.api.Assertions.entry;
 import static org.assertj.core.api.AssertionsForClassTypes.assertThatThrownBy;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.never;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.verifyNoInteractions;
-import static org.mockito.Mockito.when;
 import static org.springframework.http.HttpMethod.GET;
 import static org.springframework.security.oauth2.client.web.reactive.function.client.ServerOAuth2AuthorizedClientExchangeFilterFunction.clientRegistrationId;
 import static org.springframework.security.oauth2.client.web.reactive.function.client.ServletOAuth2AuthorizedClientExchangeFilterFunction.SECURITY_REACTOR_CONTEXT_ATTRIBUTES_KEY;
@@ -322,7 +322,7 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 	public void filterWhenRefreshRequiredThenRefresh() {
 		OAuth2AccessTokenResponse response = OAuth2AccessTokenResponse.withToken("token-1")
 				.tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(3600).refreshToken("refresh-1").build();
-		when(this.refreshTokenTokenResponseClient.getTokenResponse(any())).thenReturn(response);
+		given(this.refreshTokenTokenResponseClient.getTokenResponse(any())).willReturn(response);
 
 		Instant issuedAt = Instant.now().minus(Duration.ofDays(1));
 		Instant accessTokenExpiresAt = issuedAt.plus(Duration.ofHours(1));
@@ -365,8 +365,8 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 				.build();
 
 		RestOperations refreshTokenClient = mock(RestOperations.class);
-		when(refreshTokenClient.exchange(any(RequestEntity.class), eq(OAuth2AccessTokenResponse.class)))
-				.thenReturn(new ResponseEntity(response, HttpStatus.OK));
+		given(refreshTokenClient.exchange(any(RequestEntity.class), eq(OAuth2AccessTokenResponse.class)))
+				.willReturn(new ResponseEntity(response, HttpStatus.OK));
 		DefaultRefreshTokenTokenResponseClient refreshTokenTokenResponseClient = new DefaultRefreshTokenTokenResponseClient();
 		refreshTokenTokenResponseClient.setRestOperations(refreshTokenClient);
 
@@ -443,7 +443,7 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		this.registration = TestClientRegistrations.clientCredentials().build();
 
 		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build();
-		when(this.clientCredentialsTokenResponseClient.getTokenResponse(any())).thenReturn(accessTokenResponse);
+		given(this.clientCredentialsTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse);
 
 		Instant issuedAt = Instant.now().minus(Duration.ofDays(1));
 		Instant accessTokenExpiresAt = issuedAt.plus(Duration.ofHours(1));
@@ -478,11 +478,11 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 	public void filterWhenPasswordClientNotAuthorizedThenGetNewToken() {
 		OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("new-token")
 				.tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(360).build();
-		when(this.passwordTokenResponseClient.getTokenResponse(any())).thenReturn(accessTokenResponse);
+		given(this.passwordTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse);
 
 		ClientRegistration registration = TestClientRegistrations.password().build();
-		when(this.clientRegistrationRepository.findByRegistrationId(eq(registration.getRegistrationId())))
-				.thenReturn(registration);
+		given(this.clientRegistrationRepository.findByRegistrationId(eq(registration.getRegistrationId())))
+				.willReturn(registration);
 
 		// Set custom contextAttributesMapper
 		this.authorizedClientManager.setContextAttributesMapper(authorizeRequest -> {
@@ -525,7 +525,7 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 	public void filterWhenRefreshRequiredAndEmptyReactiveSecurityContextThenSaved() {
 		OAuth2AccessTokenResponse response = OAuth2AccessTokenResponse.withToken("token-1")
 				.tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(3600).refreshToken("refresh-1").build();
-		when(this.refreshTokenTokenResponseClient.getTokenResponse(any())).thenReturn(response);
+		given(this.refreshTokenTokenResponseClient.getTokenResponse(any())).willReturn(response);
 
 		Instant issuedAt = Instant.now().minus(Duration.ofDays(1));
 		Instant accessTokenExpiresAt = issuedAt.plus(Duration.ofHours(1));
@@ -616,9 +616,9 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
 				this.accessToken);
 
-		when(this.authorizedClientRepository.loadAuthorizedClient(
+		given(this.authorizedClientRepository.loadAuthorizedClient(
 				eq(authentication.getAuthorizedClientRegistrationId()), eq(authentication), eq(servletRequest)))
-						.thenReturn(authorizedClient);
+						.willReturn(authorizedClient);
 
 		// Default request attributes set
 		final ClientRequest request1 = ClientRequest.create(GET, URI.create("https://example1.com"))
@@ -667,8 +667,8 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 				.attributes(oauth2AuthorizedClient(authorizedClient)).attributes(httpServletRequest(servletRequest))
 				.attributes(httpServletResponse(servletResponse)).build();
 
-		when(this.exchange.getResponse().rawStatusCode()).thenReturn(httpStatus.value());
-		when(this.exchange.getResponse().headers()).thenReturn(mock(ClientResponse.Headers.class));
+		given(this.exchange.getResponse().rawStatusCode()).willReturn(httpStatus.value());
+		given(this.exchange.getResponse().headers()).willReturn(mock(ClientResponse.Headers.class));
 		this.function.setAuthorizationFailureHandler(this.authorizationFailureHandler);
 
 		this.function.filter(request, this.exchange).block();
@@ -703,9 +703,9 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 				+ "error_description=\"The request requires higher privileges than provided by the access token.\", "
 				+ "error_uri=\"https://tools.ietf.org/html/rfc6750#section-3.1\"";
 		ClientResponse.Headers headers = mock(ClientResponse.Headers.class);
-		when(headers.header(eq(HttpHeaders.WWW_AUTHENTICATE)))
-				.thenReturn(Collections.singletonList(wwwAuthenticateHeader));
-		when(this.exchange.getResponse().headers()).thenReturn(headers);
+		given(headers.header(eq(HttpHeaders.WWW_AUTHENTICATE)))
+				.willReturn(Collections.singletonList(wwwAuthenticateHeader));
+		given(this.exchange.getResponse().headers()).willReturn(headers);
 		this.function.setAuthorizationFailureHandler(this.authorizationFailureHandler);
 
 		this.function.filter(request, this.exchange).block();
@@ -818,8 +818,8 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 				.attributes(oauth2AuthorizedClient(authorizedClient)).attributes(httpServletRequest(servletRequest))
 				.attributes(httpServletResponse(servletResponse)).build();
 
-		when(this.exchange.getResponse().rawStatusCode()).thenReturn(HttpStatus.BAD_REQUEST.value());
-		when(this.exchange.getResponse().headers()).thenReturn(mock(ClientResponse.Headers.class));
+		given(this.exchange.getResponse().rawStatusCode()).willReturn(HttpStatus.BAD_REQUEST.value());
+		given(this.exchange.getResponse().headers()).willReturn(mock(ClientResponse.Headers.class));
 		this.function.setAuthorizationFailureHandler(this.authorizationFailureHandler);
 
 		this.function.filter(request, this.exchange).block();
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/result/method/annotation/OAuth2AuthorizedClientArgumentResolverTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/result/method/annotation/OAuth2AuthorizedClientArgumentResolverTests.java
index eb3f47b240..577aca3bb7 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/result/method/annotation/OAuth2AuthorizedClientArgumentResolverTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/result/method/annotation/OAuth2AuthorizedClientArgumentResolverTests.java
@@ -51,8 +51,8 @@ import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyString;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
 
 /**
  * @author Rob Winch
@@ -88,8 +88,8 @@ public class OAuth2AuthorizedClientArgumentResolverTests {
 		this.clientRegistration = TestClientRegistrations.clientRegistration().build();
 		this.authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, this.authentication.getName(),
 				TestOAuth2AccessTokens.noScopes());
-		when(this.authorizedClientRepository.loadAuthorizedClient(anyString(), any(), any()))
-				.thenReturn(Mono.just(this.authorizedClient));
+		given(this.authorizedClientRepository.loadAuthorizedClient(anyString(), any(), any()))
+				.willReturn(Mono.just(this.authorizedClient));
 	}
 
 	@Test
@@ -141,8 +141,8 @@ public class OAuth2AuthorizedClientArgumentResolverTests {
 	@Test
 	public void resolveArgumentWhenRegistrationIdEmptyAndOAuth2AuthenticationThenResolves() {
 		this.authentication = mock(OAuth2AuthenticationToken.class);
-		when(((OAuth2AuthenticationToken) this.authentication).getAuthorizedClientRegistrationId())
-				.thenReturn("client1");
+		given(((OAuth2AuthenticationToken) this.authentication).getAuthorizedClientRegistrationId())
+				.willReturn("client1");
 		MethodParameter methodParameter = this.getMethodParameter("registrationIdEmpty", OAuth2AuthorizedClient.class);
 		resolveArgument(methodParameter);
 	}
@@ -164,9 +164,9 @@ public class OAuth2AuthorizedClientArgumentResolverTests {
 
 	@Test
 	public void resolveArgumentWhenOAuth2AuthorizedClientNotFoundThenThrowClientAuthorizationRequiredException() {
-		when(this.clientRegistrationRepository.findByRegistrationId(any()))
-				.thenReturn(Mono.just(this.clientRegistration));
-		when(this.authorizedClientRepository.loadAuthorizedClient(anyString(), any(), any())).thenReturn(Mono.empty());
+		given(this.clientRegistrationRepository.findByRegistrationId(any()))
+				.willReturn(Mono.just(this.clientRegistration));
+		given(this.authorizedClientRepository.loadAuthorizedClient(anyString(), any(), any())).willReturn(Mono.empty());
 		MethodParameter methodParameter = this.getMethodParameter("paramTypeAuthorizedClient",
 				OAuth2AuthorizedClient.class);
 		assertThatThrownBy(() -> resolveArgument(methodParameter))
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/AuthenticatedPrincipalServerOAuth2AuthorizedClientRepositoryTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/AuthenticatedPrincipalServerOAuth2AuthorizedClientRepositoryTests.java
index 119eaa1f3e..18763ef55c 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/AuthenticatedPrincipalServerOAuth2AuthorizedClientRepositoryTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/AuthenticatedPrincipalServerOAuth2AuthorizedClientRepositoryTests.java
@@ -31,9 +31,9 @@ import org.springframework.security.oauth2.client.web.AuthenticatedPrincipalOAut
 
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 
 /**
  * @author Rob Winch
@@ -76,7 +76,7 @@ public class AuthenticatedPrincipalServerOAuth2AuthorizedClientRepositoryTests {
 
 	@Test
 	public void loadAuthorizedClientWhenAuthenticatedPrincipalThenLoadFromService() {
-		when(this.authorizedClientService.loadAuthorizedClient(any(), any())).thenReturn(Mono.empty());
+		given(this.authorizedClientService.loadAuthorizedClient(any(), any())).willReturn(Mono.empty());
 		Authentication authentication = this.createAuthenticatedPrincipal();
 		this.authorizedClientRepository.loadAuthorizedClient(this.registrationId, authentication, this.exchange)
 				.block();
@@ -85,8 +85,8 @@ public class AuthenticatedPrincipalServerOAuth2AuthorizedClientRepositoryTests {
 
 	@Test
 	public void loadAuthorizedClientWhenAnonymousPrincipalThenLoadFromAnonymousRepository() {
-		when(this.anonymousAuthorizedClientRepository.loadAuthorizedClient(any(), any(), any()))
-				.thenReturn(Mono.empty());
+		given(this.anonymousAuthorizedClientRepository.loadAuthorizedClient(any(), any(), any()))
+				.willReturn(Mono.empty());
 		Authentication authentication = this.createAnonymousPrincipal();
 		this.authorizedClientRepository.loadAuthorizedClient(this.registrationId, authentication, this.exchange)
 				.block();
@@ -96,7 +96,7 @@ public class AuthenticatedPrincipalServerOAuth2AuthorizedClientRepositoryTests {
 
 	@Test
 	public void saveAuthorizedClientWhenAuthenticatedPrincipalThenSaveToService() {
-		when(this.authorizedClientService.saveAuthorizedClient(any(), any())).thenReturn(Mono.empty());
+		given(this.authorizedClientService.saveAuthorizedClient(any(), any())).willReturn(Mono.empty());
 		Authentication authentication = this.createAuthenticatedPrincipal();
 		OAuth2AuthorizedClient authorizedClient = mock(OAuth2AuthorizedClient.class);
 		this.authorizedClientRepository.saveAuthorizedClient(authorizedClient, authentication, this.exchange).block();
@@ -105,8 +105,8 @@ public class AuthenticatedPrincipalServerOAuth2AuthorizedClientRepositoryTests {
 
 	@Test
 	public void saveAuthorizedClientWhenAnonymousPrincipalThenSaveToAnonymousRepository() {
-		when(this.anonymousAuthorizedClientRepository.saveAuthorizedClient(any(), any(), any()))
-				.thenReturn(Mono.empty());
+		given(this.anonymousAuthorizedClientRepository.saveAuthorizedClient(any(), any(), any()))
+				.willReturn(Mono.empty());
 		Authentication authentication = this.createAnonymousPrincipal();
 		OAuth2AuthorizedClient authorizedClient = mock(OAuth2AuthorizedClient.class);
 		this.authorizedClientRepository.saveAuthorizedClient(authorizedClient, authentication, this.exchange).block();
@@ -116,7 +116,7 @@ public class AuthenticatedPrincipalServerOAuth2AuthorizedClientRepositoryTests {
 
 	@Test
 	public void removeAuthorizedClientWhenAuthenticatedPrincipalThenRemoveFromService() {
-		when(this.authorizedClientService.removeAuthorizedClient(any(), any())).thenReturn(Mono.empty());
+		given(this.authorizedClientService.removeAuthorizedClient(any(), any())).willReturn(Mono.empty());
 		Authentication authentication = this.createAuthenticatedPrincipal();
 		this.authorizedClientRepository.removeAuthorizedClient(this.registrationId, authentication, this.exchange)
 				.block();
@@ -125,8 +125,8 @@ public class AuthenticatedPrincipalServerOAuth2AuthorizedClientRepositoryTests {
 
 	@Test
 	public void removeAuthorizedClientWhenAnonymousPrincipalThenRemoveFromAnonymousRepository() {
-		when(this.anonymousAuthorizedClientRepository.removeAuthorizedClient(any(), any(), any()))
-				.thenReturn(Mono.empty());
+		given(this.anonymousAuthorizedClientRepository.removeAuthorizedClient(any(), any(), any()))
+				.willReturn(Mono.empty());
 		Authentication authentication = this.createAnonymousPrincipal();
 		this.authorizedClientRepository.removeAuthorizedClient(this.registrationId, authentication, this.exchange)
 				.block();
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolverTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolverTests.java
index cd11c7910f..5307448290 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolverTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolverTests.java
@@ -42,7 +42,7 @@ import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.assertj.core.api.Assertions.catchThrowableOfType;
 import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.Mockito.when;
+import static org.mockito.BDDMockito.given;
 
 /**
  * @author Rob Winch
@@ -76,7 +76,7 @@ public class DefaultServerOAuth2AuthorizationRequestResolverTests {
 
 	@Test
 	public void resolveWhenClientRegistrationNotFoundMatchThenBadRequest() {
-		when(this.clientRegistrationRepository.findByRegistrationId(any())).thenReturn(Mono.empty());
+		given(this.clientRegistrationRepository.findByRegistrationId(any())).willReturn(Mono.empty());
 
 		ResponseStatusException expected = catchThrowableOfType(() -> resolve("/oauth2/authorization/not-found-id"),
 				ResponseStatusException.class);
@@ -86,7 +86,7 @@ public class DefaultServerOAuth2AuthorizationRequestResolverTests {
 
 	@Test
 	public void resolveWhenClientRegistrationFoundThenWorks() {
-		when(this.clientRegistrationRepository.findByRegistrationId(any())).thenReturn(Mono.just(this.registration));
+		given(this.clientRegistrationRepository.findByRegistrationId(any())).willReturn(Mono.just(this.registration));
 
 		OAuth2AuthorizationRequest request = resolve("/oauth2/authorization/not-found-id");
 
@@ -97,7 +97,7 @@ public class DefaultServerOAuth2AuthorizationRequestResolverTests {
 
 	@Test
 	public void resolveWhenForwardedHeadersClientRegistrationFoundThenWorks() {
-		when(this.clientRegistrationRepository.findByRegistrationId(any())).thenReturn(Mono.just(this.registration));
+		given(this.clientRegistrationRepository.findByRegistrationId(any())).willReturn(Mono.just(this.registration));
 		ServerWebExchange exchange = MockServerWebExchange
 				.from(MockServerHttpRequest.get("/oauth2/authorization/id").header("X-Forwarded-Host", "evil.com"));
 
@@ -110,8 +110,8 @@ public class DefaultServerOAuth2AuthorizationRequestResolverTests {
 
 	@Test
 	public void resolveWhenAuthorizationRequestWithValidPkceClientThenResolves() {
-		when(this.clientRegistrationRepository.findByRegistrationId(any()))
-				.thenReturn(Mono.just(TestClientRegistrations.clientRegistration()
+		given(this.clientRegistrationRepository.findByRegistrationId(any()))
+				.willReturn(Mono.just(TestClientRegistrations.clientRegistration()
 						.clientAuthenticationMethod(ClientAuthenticationMethod.NONE).clientSecret(null).build()));
 
 		OAuth2AuthorizationRequest request = resolve("/oauth2/authorization/registration-id");
@@ -127,8 +127,8 @@ public class DefaultServerOAuth2AuthorizationRequestResolverTests {
 
 	@Test
 	public void resolveWhenAuthenticationRequestWithValidOidcClientThenResolves() {
-		when(this.clientRegistrationRepository.findByRegistrationId(any()))
-				.thenReturn(Mono.just(TestClientRegistrations.clientRegistration().scope(OidcScopes.OPENID).build()));
+		given(this.clientRegistrationRepository.findByRegistrationId(any()))
+				.willReturn(Mono.just(TestClientRegistrations.clientRegistration().scope(OidcScopes.OPENID).build()));
 
 		OAuth2AuthorizationRequest request = resolve("/oauth2/authorization/registration-id");
 
@@ -142,8 +142,8 @@ public class DefaultServerOAuth2AuthorizationRequestResolverTests {
 	// gh-7696
 	@Test
 	public void resolveWhenAuthorizationRequestCustomizerRemovesNonceThenQueryExcludesNonce() {
-		when(this.clientRegistrationRepository.findByRegistrationId(any()))
-				.thenReturn(Mono.just(TestClientRegistrations.clientRegistration().scope(OidcScopes.OPENID).build()));
+		given(this.clientRegistrationRepository.findByRegistrationId(any()))
+				.willReturn(Mono.just(TestClientRegistrations.clientRegistration().scope(OidcScopes.OPENID).build()));
 
 		this.resolver.setAuthorizationRequestCustomizer(
 				customizer -> customizer.additionalParameters(params -> params.remove(OidcParameterNames.NONCE))
@@ -161,8 +161,8 @@ public class DefaultServerOAuth2AuthorizationRequestResolverTests {
 
 	@Test
 	public void resolveWhenAuthorizationRequestCustomizerAddsParameterThenQueryIncludesParameter() {
-		when(this.clientRegistrationRepository.findByRegistrationId(any()))
-				.thenReturn(Mono.just(TestClientRegistrations.clientRegistration().scope(OidcScopes.OPENID).build()));
+		given(this.clientRegistrationRepository.findByRegistrationId(any()))
+				.willReturn(Mono.just(TestClientRegistrations.clientRegistration().scope(OidcScopes.OPENID).build()));
 
 		this.resolver.setAuthorizationRequestCustomizer(customizer -> customizer.authorizationRequestUri(uriBuilder -> {
 			uriBuilder.queryParam("param1", "value1");
@@ -179,8 +179,8 @@ public class DefaultServerOAuth2AuthorizationRequestResolverTests {
 
 	@Test
 	public void resolveWhenAuthorizationRequestCustomizerOverridesParameterThenQueryIncludesParameter() {
-		when(this.clientRegistrationRepository.findByRegistrationId(any()))
-				.thenReturn(Mono.just(TestClientRegistrations.clientRegistration().scope(OidcScopes.OPENID).build()));
+		given(this.clientRegistrationRepository.findByRegistrationId(any()))
+				.willReturn(Mono.just(TestClientRegistrations.clientRegistration().scope(OidcScopes.OPENID).build()));
 
 		this.resolver.setAuthorizationRequestCustomizer(customizer -> customizer.parameters(params -> {
 			params.put("appid", params.get("client_id"));
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationCodeGrantWebFilterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationCodeGrantWebFilterTests.java
index afaf4dd12f..1757e3778c 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationCodeGrantWebFilterTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationCodeGrantWebFilterTests.java
@@ -51,11 +51,11 @@ import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatCode;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.verifyNoInteractions;
-import static org.mockito.Mockito.when;
 import static org.springframework.security.oauth2.core.endpoint.TestOAuth2AuthorizationRequests.request;
 
 /**
@@ -130,19 +130,19 @@ public class OAuth2AuthorizationCodeGrantWebFilterTests {
 	@Test
 	public void filterWhenMatchThenAuthorizedClientSaved() {
 		ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build();
-		when(this.clientRegistrationRepository.findByRegistrationId(any())).thenReturn(Mono.just(clientRegistration));
+		given(this.clientRegistrationRepository.findByRegistrationId(any())).willReturn(Mono.just(clientRegistration));
 
 		MockServerHttpRequest authorizationRequest = createAuthorizationRequest("/authorization/callback");
 		OAuth2AuthorizationRequest oauth2AuthorizationRequest = createOAuth2AuthorizationRequest(authorizationRequest,
 				clientRegistration);
-		when(this.authorizationRequestRepository.loadAuthorizationRequest(any()))
-				.thenReturn(Mono.just(oauth2AuthorizationRequest));
-		when(this.authorizationRequestRepository.removeAuthorizationRequest(any()))
-				.thenReturn(Mono.just(oauth2AuthorizationRequest));
+		given(this.authorizationRequestRepository.loadAuthorizationRequest(any()))
+				.willReturn(Mono.just(oauth2AuthorizationRequest));
+		given(this.authorizationRequestRepository.removeAuthorizationRequest(any()))
+				.willReturn(Mono.just(oauth2AuthorizationRequest));
 
-		when(this.authorizedClientRepository.saveAuthorizedClient(any(), any(), any())).thenReturn(Mono.empty());
-		when(this.authenticationManager.authenticate(any()))
-				.thenReturn(Mono.just(TestOAuth2AuthorizationCodeAuthenticationTokens.authenticated()));
+		given(this.authorizedClientRepository.saveAuthorizedClient(any(), any(), any())).willReturn(Mono.empty());
+		given(this.authenticationManager.authenticate(any()))
+				.willReturn(Mono.just(TestOAuth2AuthorizationCodeAuthenticationTokens.authenticated()));
 
 		MockServerHttpRequest authorizationResponse = createAuthorizationResponse(authorizationRequest);
 		MockServerWebExchange exchange = MockServerWebExchange.from(authorizationResponse);
@@ -159,10 +159,10 @@ public class OAuth2AuthorizationCodeGrantWebFilterTests {
 	@Test
 	public void filterWhenAuthorizationRequestRedirectUriParametersMatchThenProcessed() {
 		ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build();
-		when(this.clientRegistrationRepository.findByRegistrationId(any())).thenReturn(Mono.just(clientRegistration));
-		when(this.authorizedClientRepository.saveAuthorizedClient(any(), any(), any())).thenReturn(Mono.empty());
-		when(this.authenticationManager.authenticate(any()))
-				.thenReturn(Mono.just(TestOAuth2AuthorizationCodeAuthenticationTokens.authenticated()));
+		given(this.clientRegistrationRepository.findByRegistrationId(any())).willReturn(Mono.just(clientRegistration));
+		given(this.authorizedClientRepository.saveAuthorizedClient(any(), any(), any())).willReturn(Mono.empty());
+		given(this.authenticationManager.authenticate(any()))
+				.willReturn(Mono.just(TestOAuth2AuthorizationCodeAuthenticationTokens.authenticated()));
 
 		// 1) redirect_uri with query parameters
 		Map<String, String> parameters = new LinkedHashMap<>();
@@ -171,10 +171,10 @@ public class OAuth2AuthorizationCodeGrantWebFilterTests {
 		MockServerHttpRequest authorizationRequest = createAuthorizationRequest("/authorization/callback", parameters);
 		OAuth2AuthorizationRequest oauth2AuthorizationRequest = createOAuth2AuthorizationRequest(authorizationRequest,
 				clientRegistration);
-		when(this.authorizationRequestRepository.loadAuthorizationRequest(any()))
-				.thenReturn(Mono.just(oauth2AuthorizationRequest));
-		when(this.authorizationRequestRepository.removeAuthorizationRequest(any()))
-				.thenReturn(Mono.just(oauth2AuthorizationRequest));
+		given(this.authorizationRequestRepository.loadAuthorizationRequest(any()))
+				.willReturn(Mono.just(oauth2AuthorizationRequest));
+		given(this.authorizationRequestRepository.removeAuthorizationRequest(any()))
+				.willReturn(Mono.just(oauth2AuthorizationRequest));
 
 		MockServerHttpRequest authorizationResponse = createAuthorizationResponse(authorizationRequest);
 		MockServerWebExchange exchange = MockServerWebExchange.from(authorizationResponse);
@@ -207,8 +207,8 @@ public class OAuth2AuthorizationCodeGrantWebFilterTests {
 		ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build();
 		OAuth2AuthorizationRequest oauth2AuthorizationRequest = createOAuth2AuthorizationRequest(authorizationRequest,
 				clientRegistration);
-		when(this.authorizationRequestRepository.loadAuthorizationRequest(any()))
-				.thenReturn(Mono.just(oauth2AuthorizationRequest));
+		given(this.authorizationRequestRepository.loadAuthorizationRequest(any()))
+				.willReturn(Mono.just(oauth2AuthorizationRequest));
 
 		// 1) Parameter value
 		Map<String, String> parametersNotMatch = new LinkedHashMap<>(parameters);
@@ -245,18 +245,18 @@ public class OAuth2AuthorizationCodeGrantWebFilterTests {
 	@Test
 	public void filterWhenAuthorizationSucceedsAndRequestCacheConfiguredThenRequestCacheUsed() {
 		ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build();
-		when(this.clientRegistrationRepository.findByRegistrationId(any())).thenReturn(Mono.just(clientRegistration));
-		when(this.authorizedClientRepository.saveAuthorizedClient(any(), any(), any())).thenReturn(Mono.empty());
-		when(this.authenticationManager.authenticate(any()))
-				.thenReturn(Mono.just(TestOAuth2AuthorizationCodeAuthenticationTokens.authenticated()));
+		given(this.clientRegistrationRepository.findByRegistrationId(any())).willReturn(Mono.just(clientRegistration));
+		given(this.authorizedClientRepository.saveAuthorizedClient(any(), any(), any())).willReturn(Mono.empty());
+		given(this.authenticationManager.authenticate(any()))
+				.willReturn(Mono.just(TestOAuth2AuthorizationCodeAuthenticationTokens.authenticated()));
 
 		MockServerHttpRequest authorizationRequest = createAuthorizationRequest("/authorization/callback");
 		OAuth2AuthorizationRequest oauth2AuthorizationRequest = createOAuth2AuthorizationRequest(authorizationRequest,
 				clientRegistration);
-		when(this.authorizationRequestRepository.loadAuthorizationRequest(any()))
-				.thenReturn(Mono.just(oauth2AuthorizationRequest));
-		when(this.authorizationRequestRepository.removeAuthorizationRequest(any()))
-				.thenReturn(Mono.just(oauth2AuthorizationRequest));
+		given(this.authorizationRequestRepository.loadAuthorizationRequest(any()))
+				.willReturn(Mono.just(oauth2AuthorizationRequest));
+		given(this.authorizationRequestRepository.removeAuthorizationRequest(any()))
+				.willReturn(Mono.just(oauth2AuthorizationRequest));
 
 		MockServerHttpRequest authorizationResponse = createAuthorizationResponse(authorizationRequest);
 		MockServerWebExchange exchange = MockServerWebExchange.from(authorizationResponse);
@@ -264,8 +264,8 @@ public class OAuth2AuthorizationCodeGrantWebFilterTests {
 				Collections.emptyList());
 
 		ServerRequestCache requestCache = mock(ServerRequestCache.class);
-		when(requestCache.getRedirectUri(any(ServerWebExchange.class)))
-				.thenReturn(Mono.just(URI.create("/saved-request")));
+		given(requestCache.getRedirectUri(any(ServerWebExchange.class)))
+				.willReturn(Mono.just(URI.create("/saved-request")));
 
 		this.filter.setRequestCache(requestCache);
 
@@ -279,15 +279,15 @@ public class OAuth2AuthorizationCodeGrantWebFilterTests {
 	@Test
 	public void filterWhenAuthenticationConverterThrowsOAuth2AuthorizationExceptionThenMappedToOAuth2AuthenticationException() {
 		ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build();
-		when(this.clientRegistrationRepository.findByRegistrationId(any())).thenReturn(Mono.empty());
+		given(this.clientRegistrationRepository.findByRegistrationId(any())).willReturn(Mono.empty());
 
 		MockServerHttpRequest authorizationRequest = createAuthorizationRequest("/authorization/callback");
 		OAuth2AuthorizationRequest oauth2AuthorizationRequest = createOAuth2AuthorizationRequest(authorizationRequest,
 				clientRegistration);
-		when(this.authorizationRequestRepository.loadAuthorizationRequest(any()))
-				.thenReturn(Mono.just(oauth2AuthorizationRequest));
-		when(this.authorizationRequestRepository.removeAuthorizationRequest(any()))
-				.thenReturn(Mono.just(oauth2AuthorizationRequest));
+		given(this.authorizationRequestRepository.loadAuthorizationRequest(any()))
+				.willReturn(Mono.just(oauth2AuthorizationRequest));
+		given(this.authorizationRequestRepository.removeAuthorizationRequest(any()))
+				.willReturn(Mono.just(oauth2AuthorizationRequest));
 
 		MockServerHttpRequest authorizationResponse = createAuthorizationResponse(authorizationRequest);
 		MockServerWebExchange exchange = MockServerWebExchange.from(authorizationResponse);
@@ -305,18 +305,18 @@ public class OAuth2AuthorizationCodeGrantWebFilterTests {
 	@Test
 	public void filterWhenAuthenticationManagerThrowsOAuth2AuthorizationExceptionThenMappedToOAuth2AuthenticationException() {
 		ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build();
-		when(this.clientRegistrationRepository.findByRegistrationId(any())).thenReturn(Mono.just(clientRegistration));
+		given(this.clientRegistrationRepository.findByRegistrationId(any())).willReturn(Mono.just(clientRegistration));
 
 		MockServerHttpRequest authorizationRequest = createAuthorizationRequest("/authorization/callback");
 		OAuth2AuthorizationRequest oauth2AuthorizationRequest = createOAuth2AuthorizationRequest(authorizationRequest,
 				clientRegistration);
-		when(this.authorizationRequestRepository.loadAuthorizationRequest(any()))
-				.thenReturn(Mono.just(oauth2AuthorizationRequest));
-		when(this.authorizationRequestRepository.removeAuthorizationRequest(any()))
-				.thenReturn(Mono.just(oauth2AuthorizationRequest));
+		given(this.authorizationRequestRepository.loadAuthorizationRequest(any()))
+				.willReturn(Mono.just(oauth2AuthorizationRequest));
+		given(this.authorizationRequestRepository.removeAuthorizationRequest(any()))
+				.willReturn(Mono.just(oauth2AuthorizationRequest));
 
-		when(this.authenticationManager.authenticate(any()))
-				.thenReturn(Mono.error(new OAuth2AuthorizationException(new OAuth2Error("authorization_error"))));
+		given(this.authenticationManager.authenticate(any()))
+				.willReturn(Mono.error(new OAuth2AuthorizationException(new OAuth2Error("authorization_error"))));
 
 		MockServerHttpRequest authorizationResponse = createAuthorizationResponse(authorizationRequest);
 		MockServerWebExchange exchange = MockServerWebExchange.from(authorizationResponse);
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationRequestRedirectWebFilterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationRequestRedirectWebFilterTests.java
index c978fa1296..1675240178 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationRequestRedirectWebFilterTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationRequestRedirectWebFilterTests.java
@@ -39,9 +39,9 @@ import org.springframework.web.server.handler.FilteringWebHandler;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.AssertionsForClassTypes.assertThatThrownBy;
 import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.verifyZeroInteractions;
-import static org.mockito.Mockito.when;
 
 /**
  * @author Rob Winch
@@ -73,9 +73,9 @@ public class OAuth2AuthorizationRequestRedirectWebFilterTests {
 				Arrays.asList(this.filter));
 
 		this.client = WebTestClient.bindToWebHandler(webHandler).build();
-		when(this.clientRepository.findByRegistrationId(this.registration.getRegistrationId()))
-				.thenReturn(Mono.just(this.registration));
-		when(this.authzRequestRepository.saveAuthorizationRequest(any(), any())).thenReturn(Mono.empty());
+		given(this.clientRepository.findByRegistrationId(this.registration.getRegistrationId()))
+				.willReturn(Mono.just(this.registration));
+		given(this.authzRequestRepository.saveAuthorizationRequest(any(), any())).willReturn(Mono.empty());
 	}
 
 	@Test
@@ -135,7 +135,7 @@ public class OAuth2AuthorizationRequestRedirectWebFilterTests {
 	@Test
 	public void filterWhenExceptionThenSaveRequestSessionAttribute() {
 		this.filter.setRequestCache(this.requestCache);
-		when(this.requestCache.saveRequest(any())).thenReturn(Mono.empty());
+		given(this.requestCache.saveRequest(any())).willReturn(Mono.empty());
 		FilteringWebHandler webHandler = new FilteringWebHandler(
 				e -> Mono.error(new ClientAuthorizationRequiredException(this.registration.getRegistrationId())),
 				Arrays.asList(this.filter));
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizationCodeAuthenticationTokenConverterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizationCodeAuthenticationTokenConverterTests.java
index 9b139c4a22..b08e068cfa 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizationCodeAuthenticationTokenConverterTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizationCodeAuthenticationTokenConverterTests.java
@@ -41,7 +41,7 @@ import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.Mockito.when;
+import static org.mockito.BDDMockito.given;
 
 /**
  * @author Rob Winch
@@ -84,7 +84,7 @@ public class ServerOAuth2AuthorizationCodeAuthenticationTokenConverterTests {
 
 	@Test
 	public void applyWhenAuthorizationRequestEmptyThenOAuth2AuthorizationException() {
-		when(this.authorizationRequestRepository.removeAuthorizationRequest(any())).thenReturn(Mono.empty());
+		given(this.authorizationRequestRepository.removeAuthorizationRequest(any())).willReturn(Mono.empty());
 
 		assertThatThrownBy(() -> applyConverter()).isInstanceOf(OAuth2AuthorizationException.class);
 	}
@@ -92,8 +92,8 @@ public class ServerOAuth2AuthorizationCodeAuthenticationTokenConverterTests {
 	@Test
 	public void applyWhenAttributesMissingThenOAuth2AuthorizationException() {
 		this.authorizationRequest.attributes(Map::clear);
-		when(this.authorizationRequestRepository.removeAuthorizationRequest(any()))
-				.thenReturn(Mono.just(this.authorizationRequest.build()));
+		given(this.authorizationRequestRepository.removeAuthorizationRequest(any()))
+				.willReturn(Mono.just(this.authorizationRequest.build()));
 
 		assertThatThrownBy(() -> applyConverter()).isInstanceOf(OAuth2AuthorizationException.class)
 				.hasMessageContaining(
@@ -102,9 +102,9 @@ public class ServerOAuth2AuthorizationCodeAuthenticationTokenConverterTests {
 
 	@Test
 	public void applyWhenClientRegistrationMissingThenOAuth2AuthorizationException() {
-		when(this.authorizationRequestRepository.removeAuthorizationRequest(any()))
-				.thenReturn(Mono.just(this.authorizationRequest.build()));
-		when(this.clientRegistrationRepository.findByRegistrationId(any())).thenReturn(Mono.empty());
+		given(this.authorizationRequestRepository.removeAuthorizationRequest(any()))
+				.willReturn(Mono.just(this.authorizationRequest.build()));
+		given(this.clientRegistrationRepository.findByRegistrationId(any())).willReturn(Mono.empty());
 
 		assertThatThrownBy(() -> applyConverter()).isInstanceOf(OAuth2AuthorizationException.class)
 				.hasMessageContaining(
@@ -114,10 +114,10 @@ public class ServerOAuth2AuthorizationCodeAuthenticationTokenConverterTests {
 	@Test
 	public void applyWhenCodeParameterNotFoundThenErrorCode() {
 		this.request.queryParam(OAuth2ParameterNames.ERROR, "error");
-		when(this.authorizationRequestRepository.removeAuthorizationRequest(any()))
-				.thenReturn(Mono.just(this.authorizationRequest.build()));
-		when(this.clientRegistrationRepository.findByRegistrationId(any()))
-				.thenReturn(Mono.just(this.clientRegistration));
+		given(this.authorizationRequestRepository.removeAuthorizationRequest(any()))
+				.willReturn(Mono.just(this.authorizationRequest.build()));
+		given(this.clientRegistrationRepository.findByRegistrationId(any()))
+				.willReturn(Mono.just(this.clientRegistration));
 
 		assertThat(applyConverter().getAuthorizationExchange().getAuthorizationResponse().getError().getErrorCode())
 				.isEqualTo("error");
@@ -126,10 +126,10 @@ public class ServerOAuth2AuthorizationCodeAuthenticationTokenConverterTests {
 	@Test
 	public void applyWhenCodeParameterFoundThenCode() {
 		this.request.queryParam(OAuth2ParameterNames.CODE, "code");
-		when(this.authorizationRequestRepository.removeAuthorizationRequest(any()))
-				.thenReturn(Mono.just(this.authorizationRequest.build()));
-		when(this.clientRegistrationRepository.findByRegistrationId(any()))
-				.thenReturn(Mono.just(this.clientRegistration));
+		given(this.authorizationRequestRepository.removeAuthorizationRequest(any()))
+				.willReturn(Mono.just(this.authorizationRequest.build()));
+		given(this.clientRegistrationRepository.findByRegistrationId(any()))
+				.willReturn(Mono.just(this.clientRegistration));
 
 		OAuth2AuthorizationCodeAuthenticationToken result = applyConverter();
 
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/WebSessionOAuth2ServerAuthorizationRequestRepositoryTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/WebSessionOAuth2ServerAuthorizationRequestRepositoryTests.java
index 9ca8a5302d..ddb447c74c 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/WebSessionOAuth2ServerAuthorizationRequestRepositoryTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/WebSessionOAuth2ServerAuthorizationRequestRepositoryTests.java
@@ -37,11 +37,11 @@ import org.springframework.web.server.session.WebSessionManager;
 
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.spy;
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 
 /**
  * @author Rob Winch
@@ -225,7 +225,7 @@ public class WebSessionOAuth2ServerAuthorizationRequestRepositoryTests {
 
 		Map<String, Object> sessionAttrs = spy(new HashMap<>());
 		WebSession session = mock(WebSession.class);
-		when(session.getAttributes()).thenReturn(sessionAttrs);
+		given(session.getAttributes()).willReturn(sessionAttrs);
 		WebSessionManager sessionManager = e -> Mono.just(session);
 
 		this.exchange = new DefaultServerWebExchange(this.exchange.getRequest(), new MockServerHttpResponse(),
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/authentication/OAuth2LoginAuthenticationWebFilterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/authentication/OAuth2LoginAuthenticationWebFilterTests.java
index f151ed3285..64dfebf040 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/authentication/OAuth2LoginAuthenticationWebFilterTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/authentication/OAuth2LoginAuthenticationWebFilterTests.java
@@ -44,8 +44,8 @@ import org.springframework.security.web.server.WebFilterExchange;
 import org.springframework.web.server.handler.DefaultWebFilterChain;
 
 import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 
 /**
  * @author Rob Winch
@@ -75,7 +75,7 @@ public class OAuth2LoginAuthenticationWebFilterTests {
 				this.authorizedClientRepository);
 		this.webFilterExchange = new WebFilterExchange(MockServerWebExchange.from(MockServerHttpRequest.get("/")),
 				new DefaultWebFilterChain(exchange -> exchange.getResponse().setComplete()));
-		when(this.authorizedClientRepository.saveAuthorizedClient(any(), any(), any())).thenReturn(Mono.empty());
+		given(this.authorizedClientRepository.saveAuthorizedClient(any(), any(), any())).willReturn(Mono.empty());
 	}
 
 	@Test
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/DelegatingOAuth2TokenValidatorTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/DelegatingOAuth2TokenValidatorTests.java
index 621318f6a6..539a370999 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/DelegatingOAuth2TokenValidatorTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/DelegatingOAuth2TokenValidatorTests.java
@@ -23,10 +23,10 @@ import org.junit.Test;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatCode;
 import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 
 /**
  * Tests for verifying {@link DelegatingOAuth2TokenValidator}
@@ -50,8 +50,8 @@ public class DelegatingOAuth2TokenValidatorTests {
 		OAuth2TokenValidator<AbstractOAuth2Token> success = mock(OAuth2TokenValidator.class);
 		OAuth2TokenValidator<AbstractOAuth2Token> failure = mock(OAuth2TokenValidator.class);
 
-		when(success.validate(any(AbstractOAuth2Token.class))).thenReturn(OAuth2TokenValidatorResult.success());
-		when(failure.validate(any(AbstractOAuth2Token.class))).thenReturn(OAuth2TokenValidatorResult.failure(DETAIL));
+		given(success.validate(any(AbstractOAuth2Token.class))).willReturn(OAuth2TokenValidatorResult.success());
+		given(failure.validate(any(AbstractOAuth2Token.class))).willReturn(OAuth2TokenValidatorResult.failure(DETAIL));
 
 		DelegatingOAuth2TokenValidator<AbstractOAuth2Token> tokenValidator = new DelegatingOAuth2TokenValidator<>(
 				Arrays.asList(success, failure));
@@ -70,10 +70,10 @@ public class DelegatingOAuth2TokenValidatorTests {
 
 		OAuth2Error otherDetail = new OAuth2Error("another-error");
 
-		when(firstFailure.validate(any(AbstractOAuth2Token.class)))
-				.thenReturn(OAuth2TokenValidatorResult.failure(DETAIL));
-		when(secondFailure.validate(any(AbstractOAuth2Token.class)))
-				.thenReturn(OAuth2TokenValidatorResult.failure(otherDetail));
+		given(firstFailure.validate(any(AbstractOAuth2Token.class)))
+				.willReturn(OAuth2TokenValidatorResult.failure(DETAIL));
+		given(secondFailure.validate(any(AbstractOAuth2Token.class)))
+				.willReturn(OAuth2TokenValidatorResult.failure(otherDetail));
 
 		DelegatingOAuth2TokenValidator<AbstractOAuth2Token> tokenValidator = new DelegatingOAuth2TokenValidator<>(
 				firstFailure, secondFailure);
@@ -90,8 +90,8 @@ public class DelegatingOAuth2TokenValidatorTests {
 		OAuth2TokenValidator<AbstractOAuth2Token> firstSuccess = mock(OAuth2TokenValidator.class);
 		OAuth2TokenValidator<AbstractOAuth2Token> secondSuccess = mock(OAuth2TokenValidator.class);
 
-		when(firstSuccess.validate(any(AbstractOAuth2Token.class))).thenReturn(OAuth2TokenValidatorResult.success());
-		when(secondSuccess.validate(any(AbstractOAuth2Token.class))).thenReturn(OAuth2TokenValidatorResult.success());
+		given(firstSuccess.validate(any(AbstractOAuth2Token.class))).willReturn(OAuth2TokenValidatorResult.success());
+		given(secondSuccess.validate(any(AbstractOAuth2Token.class))).willReturn(OAuth2TokenValidatorResult.success());
 
 		DelegatingOAuth2TokenValidator<AbstractOAuth2Token> tokenValidator = new DelegatingOAuth2TokenValidator<>(
 				Arrays.asList(firstSuccess, secondSuccess));
@@ -115,8 +115,8 @@ public class DelegatingOAuth2TokenValidatorTests {
 		OAuth2TokenValidator<AbstractOAuth2Token> firstSuccess = mock(OAuth2TokenValidator.class);
 		OAuth2TokenValidator<AbstractOAuth2Token> secondSuccess = mock(OAuth2TokenValidator.class);
 
-		when(firstSuccess.validate(any(AbstractOAuth2Token.class))).thenReturn(OAuth2TokenValidatorResult.success());
-		when(secondSuccess.validate(any(AbstractOAuth2Token.class))).thenReturn(OAuth2TokenValidatorResult.success());
+		given(firstSuccess.validate(any(AbstractOAuth2Token.class))).willReturn(OAuth2TokenValidatorResult.success());
+		given(secondSuccess.validate(any(AbstractOAuth2Token.class))).willReturn(OAuth2TokenValidatorResult.success());
 
 		DelegatingOAuth2TokenValidator<AbstractOAuth2Token> firstValidator = new DelegatingOAuth2TokenValidator<>(
 				Arrays.asList(firstSuccess, secondSuccess));
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/http/converter/OAuth2AccessTokenResponseHttpMessageConverterTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/http/converter/OAuth2AccessTokenResponseHttpMessageConverterTests.java
index 85d88e928b..83141c1313 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/http/converter/OAuth2AccessTokenResponseHttpMessageConverterTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/http/converter/OAuth2AccessTokenResponseHttpMessageConverterTests.java
@@ -38,8 +38,8 @@ import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.assertj.core.api.Assertions.entry;
 import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
 
 /**
  * Tests for {@link OAuth2AccessTokenResponseHttpMessageConverter}.
@@ -146,7 +146,7 @@ public class OAuth2AccessTokenResponseHttpMessageConverterTests {
 	@Test
 	public void readInternalWhenConversionFailsThenThrowHttpMessageNotReadableException() {
 		Converter tokenResponseConverter = mock(Converter.class);
-		when(tokenResponseConverter.convert(any())).thenThrow(RuntimeException.class);
+		given(tokenResponseConverter.convert(any())).willThrow(RuntimeException.class);
 		this.messageConverter.setTokenResponseConverter(tokenResponseConverter);
 
 		String tokenResponse = "{}";
@@ -186,7 +186,7 @@ public class OAuth2AccessTokenResponseHttpMessageConverterTests {
 	@Test
 	public void writeInternalWhenConversionFailsThenThrowHttpMessageNotWritableException() {
 		Converter tokenResponseParametersConverter = mock(Converter.class);
-		when(tokenResponseParametersConverter.convert(any())).thenThrow(RuntimeException.class);
+		given(tokenResponseParametersConverter.convert(any())).willThrow(RuntimeException.class);
 		this.messageConverter.setTokenResponseParametersConverter(tokenResponseParametersConverter);
 
 		OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("access-token-1234")
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/http/converter/OAuth2ErrorHttpMessageConverterTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/http/converter/OAuth2ErrorHttpMessageConverterTests.java
index c2d4d952ad..6e916691dd 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/http/converter/OAuth2ErrorHttpMessageConverterTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/http/converter/OAuth2ErrorHttpMessageConverterTests.java
@@ -29,8 +29,8 @@ import org.springframework.security.oauth2.core.OAuth2Error;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
 
 /**
  * Tests for {@link OAuth2ErrorHttpMessageConverter}.
@@ -95,7 +95,7 @@ public class OAuth2ErrorHttpMessageConverterTests {
 	@Test
 	public void readInternalWhenConversionFailsThenThrowHttpMessageNotReadableException() {
 		Converter errorConverter = mock(Converter.class);
-		when(errorConverter.convert(any())).thenThrow(RuntimeException.class);
+		given(errorConverter.convert(any())).willThrow(RuntimeException.class);
 		this.messageConverter.setErrorConverter(errorConverter);
 
 		String errorResponse = "{}";
@@ -124,7 +124,7 @@ public class OAuth2ErrorHttpMessageConverterTests {
 	@Test
 	public void writeInternalWhenConversionFailsThenThrowHttpMessageNotWritableException() {
 		Converter errorParametersConverter = mock(Converter.class);
-		when(errorParametersConverter.convert(any())).thenThrow(RuntimeException.class);
+		given(errorParametersConverter.convert(any())).willThrow(RuntimeException.class);
 		this.messageConverter.setErrorParametersConverter(errorParametersConverter);
 
 		OAuth2Error oauth2Error = new OAuth2Error("unauthorized_client", "The client is not authorized",
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/MappedJwtClaimSetConverterTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/MappedJwtClaimSetConverterTests.java
index 49bf8f04ee..540f668e5e 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/MappedJwtClaimSetConverterTests.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/MappedJwtClaimSetConverterTests.java
@@ -33,8 +33,8 @@ import org.springframework.core.convert.converter.Converter;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatCode;
 import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
 
 /**
  * Tests for {@link MappedJwtClaimSetConverter}
@@ -47,7 +47,7 @@ public class MappedJwtClaimSetConverterTests {
 	public void convertWhenUsingCustomExpiresAtConverterThenIssuedAtConverterStillConsultsIt() {
 		Instant at = Instant.ofEpochMilli(1000000000000L);
 		Converter<Object, Instant> expiresAtConverter = mock(Converter.class);
-		when(expiresAtConverter.convert(any())).thenReturn(at);
+		given(expiresAtConverter.convert(any())).willReturn(at);
 
 		MappedJwtClaimSetConverter converter = MappedJwtClaimSetConverter
 				.withDefaults(Collections.singletonMap(JwtClaimNames.EXP, expiresAtConverter));
@@ -115,7 +115,7 @@ public class MappedJwtClaimSetConverterTests {
 		Converter<Object, String> claimConverter = mock(Converter.class);
 		MappedJwtClaimSetConverter converter = MappedJwtClaimSetConverter
 				.withDefaults(Collections.singletonMap(JwtClaimNames.SUB, claimConverter));
-		when(claimConverter.convert(any(Object.class))).thenReturn("1234");
+		given(claimConverter.convert(any(Object.class))).willReturn("1234");
 
 		Map<String, Object> source = new HashMap<>();
 		source.put(JwtClaimNames.JTI, 1);
@@ -152,7 +152,7 @@ public class MappedJwtClaimSetConverterTests {
 		Converter<Object, String> claimConverter = mock(Converter.class);
 		MappedJwtClaimSetConverter converter = MappedJwtClaimSetConverter
 				.withDefaults(Collections.singletonMap("custom-claim", claimConverter));
-		when(claimConverter.convert(any())).thenReturn("custom-value");
+		given(claimConverter.convert(any())).willReturn("custom-value");
 
 		Map<String, Object> source = new HashMap<>();
 		Map<String, Object> target = converter.convert(source);
@@ -165,7 +165,7 @@ public class MappedJwtClaimSetConverterTests {
 		Converter<Object, String> claimConverter = mock(Converter.class);
 		MappedJwtClaimSetConverter converter = new MappedJwtClaimSetConverter(
 				Collections.singletonMap(JwtClaimNames.SUB, claimConverter));
-		when(claimConverter.convert(any(Object.class))).thenReturn("1234");
+		given(claimConverter.convert(any(Object.class))).willReturn("1234");
 
 		Map<String, Object> source = new HashMap<>();
 		source.put(JwtClaimNames.JTI, new Object());
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderJwkSupportTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderJwkSupportTests.java
index acf9a911ac..358f8bc99d 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderJwkSupportTests.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderJwkSupportTests.java
@@ -41,10 +41,10 @@ import static org.assertj.core.api.AssertionsForClassTypes.assertThatCode;
 import static org.assertj.core.api.AssertionsForClassTypes.assertThatThrownBy;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.spy;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 
 /**
  * Tests for {@link NimbusJwtDecoderJwkSupport}.
@@ -180,7 +180,7 @@ public class NimbusJwtDecoderJwkSupportTests {
 			OAuth2Error failure = new OAuth2Error("mock-error", "mock-description", "mock-uri");
 
 			OAuth2TokenValidator<Jwt> jwtValidator = mock(OAuth2TokenValidator.class);
-			when(jwtValidator.validate(any(Jwt.class))).thenReturn(OAuth2TokenValidatorResult.failure(failure));
+			given(jwtValidator.validate(any(Jwt.class))).willReturn(OAuth2TokenValidatorResult.failure(failure));
 			decoder.setJwtValidator(jwtValidator);
 
 			assertThatCode(() -> decoder.decode(SIGNED_JWT)).isInstanceOf(JwtValidationException.class)
@@ -201,7 +201,7 @@ public class NimbusJwtDecoderJwkSupportTests {
 			OAuth2TokenValidatorResult result = OAuth2TokenValidatorResult.failure(firstFailure, secondFailure);
 
 			OAuth2TokenValidator<Jwt> jwtValidator = mock(OAuth2TokenValidator.class);
-			when(jwtValidator.validate(any(Jwt.class))).thenReturn(result);
+			given(jwtValidator.validate(any(Jwt.class))).willReturn(result);
 			decoder.setJwtValidator(jwtValidator);
 
 			assertThatCode(() -> decoder.decode(SIGNED_JWT)).isInstanceOf(JwtValidationException.class)
@@ -219,7 +219,7 @@ public class NimbusJwtDecoderJwkSupportTests {
 			NimbusJwtDecoderJwkSupport decoder = new NimbusJwtDecoderJwkSupport(jwkSetUrl);
 
 			Converter<Map<String, Object>, Map<String, Object>> claimSetConverter = mock(Converter.class);
-			when(claimSetConverter.convert(any(Map.class))).thenReturn(Collections.singletonMap("custom", "value"));
+			given(claimSetConverter.convert(any(Map.class))).willReturn(Collections.singletonMap("custom", "value"));
 			decoder.setClaimSetConverter(claimSetConverter);
 
 			Jwt jwt = decoder.decode(SIGNED_JWT);
@@ -235,8 +235,8 @@ public class NimbusJwtDecoderJwkSupportTests {
 
 	private static RestOperations mockJwkSetResponse(String response) {
 		RestOperations restOperations = mock(RestOperations.class);
-		when(restOperations.exchange(any(RequestEntity.class), eq(String.class)))
-				.thenReturn(new ResponseEntity<>(response, HttpStatus.OK));
+		given(restOperations.exchange(any(RequestEntity.class), eq(String.class)))
+				.willReturn(new ResponseEntity<>(response, HttpStatus.OK));
 		return restOperations;
 	}
 
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderTests.java
index 946c822d95..25a07fc930 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderTests.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderTests.java
@@ -80,11 +80,11 @@ import static org.assertj.core.api.AssertionsForClassTypes.assertThatCode;
 import static org.assertj.core.api.AssertionsForClassTypes.assertThatThrownBy;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.verifyNoInteractions;
 import static org.mockito.Mockito.verifyNoMoreInteractions;
-import static org.mockito.Mockito.when;
 import static org.springframework.security.oauth2.jwt.NimbusJwtDecoder.withJwkSetUri;
 import static org.springframework.security.oauth2.jwt.NimbusJwtDecoder.withPublicKey;
 import static org.springframework.security.oauth2.jwt.NimbusJwtDecoder.withSecretKey;
@@ -179,7 +179,7 @@ public class NimbusJwtDecoderTests {
 		OAuth2Error failure = new OAuth2Error("mock-error", "mock-description", "mock-uri");
 
 		OAuth2TokenValidator<Jwt> jwtValidator = mock(OAuth2TokenValidator.class);
-		when(jwtValidator.validate(any(Jwt.class))).thenReturn(OAuth2TokenValidatorResult.failure(failure));
+		given(jwtValidator.validate(any(Jwt.class))).willReturn(OAuth2TokenValidatorResult.failure(failure));
 		this.jwtDecoder.setJwtValidator(jwtValidator);
 
 		assertThatCode(() -> this.jwtDecoder.decode(SIGNED_JWT)).isInstanceOf(JwtValidationException.class)
@@ -193,7 +193,7 @@ public class NimbusJwtDecoderTests {
 		OAuth2TokenValidatorResult result = OAuth2TokenValidatorResult.failure(firstFailure, secondFailure);
 
 		OAuth2TokenValidator<Jwt> jwtValidator = mock(OAuth2TokenValidator.class);
-		when(jwtValidator.validate(any(Jwt.class))).thenReturn(result);
+		given(jwtValidator.validate(any(Jwt.class))).willReturn(result);
 		this.jwtDecoder.setJwtValidator(jwtValidator);
 
 		assertThatCode(() -> this.jwtDecoder.decode(SIGNED_JWT)).isInstanceOf(JwtValidationException.class)
@@ -210,7 +210,7 @@ public class NimbusJwtDecoderTests {
 		OAuth2Error error = new OAuth2Error("mock-error", "mock-description", "mock-uri");
 		OAuth2Error error2 = new OAuth2Error("mock-error-second", "mock-description-second", "mock-uri-second");
 		OAuth2TokenValidatorResult result = OAuth2TokenValidatorResult.failure(errorEmpty, error, error2);
-		when(jwtValidator.validate(any(Jwt.class))).thenReturn(result);
+		given(jwtValidator.validate(any(Jwt.class))).willReturn(result);
 
 		Assertions.assertThatCode(() -> this.jwtDecoder.decode(SIGNED_JWT)).isInstanceOf(JwtValidationException.class)
 				.hasMessageContaining("mock-description");
@@ -219,7 +219,7 @@ public class NimbusJwtDecoderTests {
 	@Test
 	public void decodeWhenUsingSignedJwtThenReturnsClaimsGivenByClaimSetConverter() {
 		Converter<Map<String, Object>, Map<String, Object>> claimSetConverter = mock(Converter.class);
-		when(claimSetConverter.convert(any(Map.class))).thenReturn(Collections.singletonMap("custom", "value"));
+		given(claimSetConverter.convert(any(Map.class))).willReturn(Collections.singletonMap("custom", "value"));
 		this.jwtDecoder.setClaimSetConverter(claimSetConverter);
 
 		Jwt jwt = this.jwtDecoder.decode(SIGNED_JWT);
@@ -233,7 +233,7 @@ public class NimbusJwtDecoderTests {
 		Converter<Map<String, Object>, Map<String, Object>> claimSetConverter = mock(Converter.class);
 		this.jwtDecoder.setClaimSetConverter(claimSetConverter);
 
-		when(claimSetConverter.convert(any(Map.class))).thenThrow(new IllegalArgumentException("bad conversion"));
+		given(claimSetConverter.convert(any(Map.class))).willThrow(new IllegalArgumentException("bad conversion"));
 
 		assertThatCode(() -> this.jwtDecoder.decode(SIGNED_JWT)).isInstanceOf(BadJwtException.class);
 	}
@@ -472,8 +472,8 @@ public class NimbusJwtDecoderTests {
 	@Test
 	public void decodeWhenJwkSetRequestedThenAcceptHeaderJsonAndJwkSetJson() {
 		RestOperations restOperations = mock(RestOperations.class);
-		when(restOperations.exchange(any(RequestEntity.class), eq(String.class)))
-				.thenReturn(new ResponseEntity<>(JWK_SET, HttpStatus.OK));
+		given(restOperations.exchange(any(RequestEntity.class), eq(String.class)))
+				.willReturn(new ResponseEntity<>(JWK_SET, HttpStatus.OK));
 		JWTProcessor<SecurityContext> processor = withJwkSetUri(JWK_SET_URI).restOperations(restOperations).processor();
 		NimbusJwtDecoder jwtDecoder = new NimbusJwtDecoder(processor);
 		jwtDecoder.decode(SIGNED_JWT);
@@ -488,8 +488,8 @@ public class NimbusJwtDecoderTests {
 		// given
 		Cache cache = new ConcurrentMapCache("test-jwk-set-cache");
 		RestOperations restOperations = mock(RestOperations.class);
-		when(restOperations.exchange(any(RequestEntity.class), eq(String.class)))
-				.thenReturn(new ResponseEntity<>(JWK_SET, HttpStatus.OK));
+		given(restOperations.exchange(any(RequestEntity.class), eq(String.class)))
+				.willReturn(new ResponseEntity<>(JWK_SET, HttpStatus.OK));
 		NimbusJwtDecoder jwtDecoder = withJwkSetUri(JWK_SET_URI).restOperations(restOperations).cache(cache).build();
 		// when
 		jwtDecoder.decode(SIGNED_JWT);
@@ -507,7 +507,7 @@ public class NimbusJwtDecoderTests {
 		// given
 		RestOperations restOperations = mock(RestOperations.class);
 		Cache cache = mock(Cache.class);
-		when(cache.get(eq(JWK_SET_URI), any(Callable.class))).thenReturn(JWK_SET);
+		given(cache.get(eq(JWK_SET_URI), any(Callable.class))).willReturn(JWK_SET);
 		NimbusJwtDecoder jwtDecoder = withJwkSetUri(JWK_SET_URI).cache(cache).restOperations(restOperations).build();
 		// when
 		jwtDecoder.decode(SIGNED_JWT);
@@ -522,8 +522,8 @@ public class NimbusJwtDecoderTests {
 		// given
 		Cache cache = new ConcurrentMapCache("test-jwk-set-cache");
 		RestOperations restOperations = mock(RestOperations.class);
-		when(restOperations.exchange(any(RequestEntity.class), eq(String.class)))
-				.thenThrow(new RestClientException("Cannot retrieve JWK Set"));
+		given(restOperations.exchange(any(RequestEntity.class), eq(String.class)))
+				.willThrow(new RestClientException("Cannot retrieve JWK Set"));
 		NimbusJwtDecoder jwtDecoder = withJwkSetUri(JWK_SET_URI).restOperations(restOperations).cache(cache).build();
 		// then
 		assertThatCode(() -> jwtDecoder.decode(SIGNED_JWT)).isInstanceOf(JwtException.class)
@@ -535,8 +535,8 @@ public class NimbusJwtDecoderTests {
 	@Test
 	public void withJwkSetUriWhenUsingCustomTypeHeaderThenRefuseOmittedType() throws Exception {
 		RestOperations restOperations = mock(RestOperations.class);
-		when(restOperations.exchange(any(RequestEntity.class), eq(String.class)))
-				.thenReturn(new ResponseEntity<>(JWK_SET, HttpStatus.OK));
+		given(restOperations.exchange(any(RequestEntity.class), eq(String.class)))
+				.willReturn(new ResponseEntity<>(JWK_SET, HttpStatus.OK));
 		NimbusJwtDecoder jwtDecoder = withJwkSetUri(JWK_SET_URI).restOperations(restOperations)
 				.jwtProcessorCustomizer(
 						p -> p.setJWSTypeVerifier(new DefaultJOSEObjectTypeVerifier<>(new JOSEObjectType("JWS"))))
@@ -580,8 +580,8 @@ public class NimbusJwtDecoderTests {
 
 	private static JWTProcessor<SecurityContext> withSigning(String jwkResponse) {
 		RestOperations restOperations = mock(RestOperations.class);
-		when(restOperations.exchange(any(RequestEntity.class), eq(String.class)))
-				.thenReturn(new ResponseEntity<>(jwkResponse, HttpStatus.OK));
+		given(restOperations.exchange(any(RequestEntity.class), eq(String.class)))
+				.willReturn(new ResponseEntity<>(jwkResponse, HttpStatus.OK));
 		return withJwkSetUri(JWK_SET_URI).restOperations(restOperations).processor();
 	}
 
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoderTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoderTests.java
index 28839446b8..99c4d04829 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoderTests.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoderTests.java
@@ -68,10 +68,10 @@ import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatCode;
 import static org.assertj.core.api.AssertionsForClassTypes.assertThatThrownBy;
 import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.spy;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 import static org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder.withJwkSetUri;
 import static org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder.withJwkSource;
 import static org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder.withPublicKey;
@@ -214,7 +214,7 @@ public class NimbusReactiveJwtDecoderTests {
 
 		OAuth2Error error = new OAuth2Error("mock-error", "mock-description", "mock-uri");
 		OAuth2TokenValidatorResult result = OAuth2TokenValidatorResult.failure(error);
-		when(jwtValidator.validate(any(Jwt.class))).thenReturn(result);
+		given(jwtValidator.validate(any(Jwt.class))).willReturn(result);
 
 		assertThatCode(() -> this.decoder.decode(this.messageReadToken).block())
 				.isInstanceOf(JwtValidationException.class).hasMessageContaining("mock-description");
@@ -229,7 +229,7 @@ public class NimbusReactiveJwtDecoderTests {
 		OAuth2Error error = new OAuth2Error("mock-error", "mock-description", "mock-uri");
 		OAuth2Error error2 = new OAuth2Error("mock-error-second", "mock-description-second", "mock-uri-second");
 		OAuth2TokenValidatorResult result = OAuth2TokenValidatorResult.failure(errorEmpty, error, error2);
-		when(jwtValidator.validate(any(Jwt.class))).thenReturn(result);
+		given(jwtValidator.validate(any(Jwt.class))).willReturn(result);
 
 		assertThatCode(() -> this.decoder.decode(this.messageReadToken).block())
 				.isInstanceOf(JwtValidationException.class).hasMessageContaining("mock-description");
@@ -240,7 +240,7 @@ public class NimbusReactiveJwtDecoderTests {
 		Converter<Map<String, Object>, Map<String, Object>> claimSetConverter = mock(Converter.class);
 		this.decoder.setClaimSetConverter(claimSetConverter);
 
-		when(claimSetConverter.convert(any(Map.class))).thenReturn(Collections.singletonMap("custom", "value"));
+		given(claimSetConverter.convert(any(Map.class))).willReturn(Collections.singletonMap("custom", "value"));
 
 		Jwt jwt = this.decoder.decode(this.messageReadToken).block();
 		assertThat(jwt.getClaims().size()).isEqualTo(1);
@@ -254,7 +254,7 @@ public class NimbusReactiveJwtDecoderTests {
 		Converter<Map<String, Object>, Map<String, Object>> claimSetConverter = mock(Converter.class);
 		this.decoder.setClaimSetConverter(claimSetConverter);
 
-		when(claimSetConverter.convert(any(Map.class))).thenThrow(new IllegalArgumentException("bad conversion"));
+		given(claimSetConverter.convert(any(Map.class))).willThrow(new IllegalArgumentException("bad conversion"));
 
 		assertThatCode(() -> this.decoder.decode(this.messageReadToken).block()).isInstanceOf(BadJwtException.class);
 	}
@@ -508,10 +508,10 @@ public class NimbusReactiveJwtDecoderTests {
 		WebClient real = WebClient.builder().build();
 		WebClient.RequestHeadersUriSpec spec = spy(real.get());
 		WebClient webClient = spy(WebClient.class);
-		when(webClient.get()).thenReturn(spec);
+		given(webClient.get()).willReturn(spec);
 		WebClient.ResponseSpec responseSpec = mock(WebClient.ResponseSpec.class);
-		when(responseSpec.bodyToMono(String.class)).thenReturn(Mono.just(response));
-		when(spec.retrieve()).thenReturn(responseSpec);
+		given(responseSpec.bodyToMono(String.class)).willReturn(Mono.just(response));
+		given(spec.retrieve()).willReturn(responseSpec);
 		return webClient;
 	}
 
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/ReactiveRemoteJWKSourceTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/ReactiveRemoteJWKSourceTests.java
index e995feaef2..6a2960afee 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/ReactiveRemoteJWKSourceTests.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/ReactiveRemoteJWKSourceTests.java
@@ -34,7 +34,7 @@ import org.mockito.junit.MockitoJUnitRunner;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.Mockito.when;
+import static org.mockito.BDDMockito.given;
 
 /**
  * @author Rob Winch
@@ -81,7 +81,7 @@ public class ReactiveRemoteJWKSourceTests {
 
 	@Test
 	public void getWhenMultipleRequestThenCached() {
-		when(this.matcher.matches(any())).thenReturn(true);
+		given(this.matcher.matches(any())).willReturn(true);
 
 		this.source.get(this.selector).block();
 		this.source.get(this.selector).block();
@@ -91,7 +91,7 @@ public class ReactiveRemoteJWKSourceTests {
 
 	@Test
 	public void getWhenMatchThenCreatesKeys() {
-		when(this.matcher.matches(any())).thenReturn(true);
+		given(this.matcher.matches(any())).willReturn(true);
 
 		List<JWK> keys = this.source.get(this.selector).block();
 		assertThat(keys).hasSize(2);
@@ -110,8 +110,8 @@ public class ReactiveRemoteJWKSourceTests {
 
 	@Test
 	public void getWhenNoMatchAndNoKeyIdThenEmpty() {
-		when(this.matcher.matches(any())).thenReturn(false);
-		when(this.matcher.getKeyIDs()).thenReturn(Collections.emptySet());
+		given(this.matcher.matches(any())).willReturn(false);
+		given(this.matcher.getKeyIDs()).willReturn(Collections.emptySet());
 
 		assertThat(this.source.get(this.selector).block()).isEmpty();
 	}
@@ -119,8 +119,8 @@ public class ReactiveRemoteJWKSourceTests {
 	@Test
 	public void getWhenNoMatchAndKeyIdNotMatchThenRefreshAndFoundThenFound() {
 		this.server.enqueue(new MockResponse().setBody(this.keys2));
-		when(this.matcher.matches(any())).thenReturn(false, false, true);
-		when(this.matcher.getKeyIDs()).thenReturn(Collections.singleton("rotated"));
+		given(this.matcher.matches(any())).willReturn(false, false, true);
+		given(this.matcher.getKeyIDs()).willReturn(Collections.singleton("rotated"));
 
 		List<JWK> keys = this.source.get(this.selector).block();
 
@@ -131,8 +131,8 @@ public class ReactiveRemoteJWKSourceTests {
 	@Test
 	public void getWhenNoMatchAndKeyIdNotMatchThenRefreshAndNotFoundThenEmpty() {
 		this.server.enqueue(new MockResponse().setBody(this.keys2));
-		when(this.matcher.matches(any())).thenReturn(false, false, false);
-		when(this.matcher.getKeyIDs()).thenReturn(Collections.singleton("rotated"));
+		given(this.matcher.matches(any())).willReturn(false, false, false);
+		given(this.matcher.getKeyIDs()).willReturn(Collections.singleton("rotated"));
 
 		List<JWK> keys = this.source.get(this.selector).block();
 
@@ -141,8 +141,8 @@ public class ReactiveRemoteJWKSourceTests {
 
 	@Test
 	public void getWhenNoMatchAndKeyIdMatchThenEmpty() {
-		when(this.matcher.matches(any())).thenReturn(false);
-		when(this.matcher.getKeyIDs()).thenReturn(Collections.singleton("7ddf54d3032d1f0d48c3618892ca74c1ac30ad77"));
+		given(this.matcher.matches(any())).willReturn(false);
+		given(this.matcher.getKeyIDs()).willReturn(Collections.singleton("7ddf54d3032d1f0d48c3618892ca74c1ac30ad77"));
 
 		assertThat(this.source.get(this.selector).block()).isEmpty();
 	}
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationProviderTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationProviderTests.java
index 3fa0a85ff9..ca33f35c69 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationProviderTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationProviderTests.java
@@ -35,8 +35,8 @@ import org.springframework.security.oauth2.server.resource.BearerTokenErrorCodes
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatCode;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
 import static org.springframework.security.oauth2.jwt.TestJwts.jwt;
 
 /**
@@ -67,8 +67,8 @@ public class JwtAuthenticationProviderTests {
 
 		Jwt jwt = jwt().claim("name", "value").build();
 
-		when(this.jwtDecoder.decode("token")).thenReturn(jwt);
-		when(this.jwtAuthenticationConverter.convert(jwt)).thenReturn(new JwtAuthenticationToken(jwt));
+		given(this.jwtDecoder.decode("token")).willReturn(jwt);
+		given(this.jwtAuthenticationConverter.convert(jwt)).willReturn(new JwtAuthenticationToken(jwt));
 
 		JwtAuthenticationToken authentication = (JwtAuthenticationToken) this.provider.authenticate(token);
 
@@ -79,7 +79,7 @@ public class JwtAuthenticationProviderTests {
 	public void authenticateWhenJwtDecodeFailsThenRespondsWithInvalidToken() {
 		BearerTokenAuthenticationToken token = this.authentication();
 
-		when(this.jwtDecoder.decode("token")).thenThrow(BadJwtException.class);
+		given(this.jwtDecoder.decode("token")).willThrow(BadJwtException.class);
 
 		assertThatCode(() -> this.provider.authenticate(token))
 				.matches(failed -> failed instanceof OAuth2AuthenticationException)
@@ -90,7 +90,7 @@ public class JwtAuthenticationProviderTests {
 	public void authenticateWhenDecoderThrowsIncompatibleErrorMessageThenWrapsWithGenericOne() {
 		BearerTokenAuthenticationToken token = this.authentication();
 
-		when(this.jwtDecoder.decode(token.getToken())).thenThrow(new BadJwtException("with \"invalid\" chars"));
+		given(this.jwtDecoder.decode(token.getToken())).willThrow(new BadJwtException("with \"invalid\" chars"));
 
 		assertThatCode(() -> this.provider.authenticate(token)).isInstanceOf(OAuth2AuthenticationException.class)
 				.hasFieldOrPropertyWithValue("error.description", "Invalid token");
@@ -101,7 +101,7 @@ public class JwtAuthenticationProviderTests {
 	public void authenticateWhenDecoderFailsGenericallyThenThrowsGenericException() {
 		BearerTokenAuthenticationToken token = this.authentication();
 
-		when(this.jwtDecoder.decode(token.getToken())).thenThrow(new JwtException("no jwk set"));
+		given(this.jwtDecoder.decode(token.getToken())).willThrow(new JwtException("no jwk set"));
 
 		assertThatCode(() -> this.provider.authenticate(token)).isInstanceOf(AuthenticationException.class)
 				.isNotInstanceOf(OAuth2AuthenticationException.class);
@@ -116,8 +116,8 @@ public class JwtAuthenticationProviderTests {
 		Jwt jwt = jwt().build();
 		JwtAuthenticationToken authentication = new JwtAuthenticationToken(jwt);
 
-		when(this.jwtDecoder.decode(token.getToken())).thenReturn(jwt);
-		when(this.jwtAuthenticationConverter.convert(jwt)).thenReturn(authentication);
+		given(this.jwtDecoder.decode(token.getToken())).willReturn(jwt);
+		given(this.jwtAuthenticationConverter.convert(jwt)).willReturn(authentication);
 
 		assertThat(this.provider.authenticate(token)).isEqualTo(authentication).hasFieldOrPropertyWithValue("details",
 				details);
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtReactiveAuthenticationManagerTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtReactiveAuthenticationManagerTests.java
index 5764da170f..1289ad57b8 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtReactiveAuthenticationManagerTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtReactiveAuthenticationManagerTests.java
@@ -37,7 +37,7 @@ import org.springframework.security.oauth2.server.resource.BearerTokenAuthentica
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatCode;
 import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.Mockito.when;
+import static org.mockito.BDDMockito.given;
 import static org.springframework.security.oauth2.jwt.TestJwts.jwt;
 
 /**
@@ -77,7 +77,7 @@ public class JwtReactiveAuthenticationManagerTests {
 	@Test
 	public void authenticateWhenEmptyJwtThenEmpty() {
 		BearerTokenAuthenticationToken token = new BearerTokenAuthenticationToken("token-1");
-		when(this.jwtDecoder.decode(token.getToken())).thenReturn(Mono.empty());
+		given(this.jwtDecoder.decode(token.getToken())).willReturn(Mono.empty());
 
 		assertThat(this.manager.authenticate(token).block()).isNull();
 	}
@@ -85,7 +85,7 @@ public class JwtReactiveAuthenticationManagerTests {
 	@Test
 	public void authenticateWhenJwtExceptionThenOAuth2AuthenticationException() {
 		BearerTokenAuthenticationToken token = new BearerTokenAuthenticationToken("token-1");
-		when(this.jwtDecoder.decode(any())).thenReturn(Mono.error(new BadJwtException("Oops")));
+		given(this.jwtDecoder.decode(any())).willReturn(Mono.error(new BadJwtException("Oops")));
 
 		assertThatCode(() -> this.manager.authenticate(token).block())
 				.isInstanceOf(OAuth2AuthenticationException.class);
@@ -95,7 +95,7 @@ public class JwtReactiveAuthenticationManagerTests {
 	@Test
 	public void authenticateWhenDecoderThrowsIncompatibleErrorMessageThenWrapsWithGenericOne() {
 		BearerTokenAuthenticationToken token = new BearerTokenAuthenticationToken("token-1");
-		when(this.jwtDecoder.decode(token.getToken())).thenThrow(new BadJwtException("with \"invalid\" chars"));
+		given(this.jwtDecoder.decode(token.getToken())).willThrow(new BadJwtException("with \"invalid\" chars"));
 
 		assertThatCode(() -> this.manager.authenticate(token).block()).isInstanceOf(OAuth2AuthenticationException.class)
 				.hasFieldOrPropertyWithValue("error.description", "Invalid token");
@@ -105,7 +105,7 @@ public class JwtReactiveAuthenticationManagerTests {
 	@Test
 	public void authenticateWhenDecoderFailsGenericallyThenThrowsGenericException() {
 		BearerTokenAuthenticationToken token = new BearerTokenAuthenticationToken("token-1");
-		when(this.jwtDecoder.decode(token.getToken())).thenThrow(new JwtException("no jwk set"));
+		given(this.jwtDecoder.decode(token.getToken())).willThrow(new JwtException("no jwk set"));
 
 		assertThatCode(() -> this.manager.authenticate(token).block()).isInstanceOf(AuthenticationException.class)
 				.isNotInstanceOf(OAuth2AuthenticationException.class);
@@ -114,7 +114,7 @@ public class JwtReactiveAuthenticationManagerTests {
 	@Test
 	public void authenticateWhenNotJwtExceptionThenPropagates() {
 		BearerTokenAuthenticationToken token = new BearerTokenAuthenticationToken("token-1");
-		when(this.jwtDecoder.decode(any())).thenReturn(Mono.error(new RuntimeException("Oops")));
+		given(this.jwtDecoder.decode(any())).willReturn(Mono.error(new RuntimeException("Oops")));
 
 		assertThatCode(() -> this.manager.authenticate(token).block()).isInstanceOf(RuntimeException.class);
 	}
@@ -122,7 +122,7 @@ public class JwtReactiveAuthenticationManagerTests {
 	@Test
 	public void authenticateWhenJwtThenSuccess() {
 		BearerTokenAuthenticationToken token = new BearerTokenAuthenticationToken("token-1");
-		when(this.jwtDecoder.decode(token.getToken())).thenReturn(Mono.just(this.jwt));
+		given(this.jwtDecoder.decode(token.getToken())).willReturn(Mono.just(this.jwt));
 
 		Authentication authentication = this.manager.authenticate(token).block();
 
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenAuthenticationProviderTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenAuthenticationProviderTests.java
index 0609e5bba3..1f27b57b5e 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenAuthenticationProviderTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenAuthenticationProviderTests.java
@@ -35,8 +35,8 @@ import org.springframework.security.oauth2.server.resource.introspection.OpaqueT
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatCode;
 import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
 import static org.springframework.security.oauth2.core.TestOAuth2AuthenticatedPrincipals.active;
 import static org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionClaimNames.ACTIVE;
 import static org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionClaimNames.AUDIENCE;
@@ -59,7 +59,7 @@ public class OpaqueTokenAuthenticationProviderTests {
 		OAuth2AuthenticatedPrincipal principal = active(
 				attributes -> attributes.put("extension_field", "twenty-seven"));
 		OpaqueTokenIntrospector introspector = mock(OpaqueTokenIntrospector.class);
-		when(introspector.introspect(any())).thenReturn(principal);
+		given(introspector.introspect(any())).willReturn(principal);
 		OpaqueTokenAuthenticationProvider provider = new OpaqueTokenAuthenticationProvider(introspector);
 
 		Authentication result = provider.authenticate(new BearerTokenAuthenticationToken("token"));
@@ -86,7 +86,7 @@ public class OpaqueTokenAuthenticationProviderTests {
 		OAuth2AuthenticatedPrincipal principal = new OAuth2IntrospectionAuthenticatedPrincipal(
 				Collections.singletonMap("claim", "value"), null);
 		OpaqueTokenIntrospector introspector = mock(OpaqueTokenIntrospector.class);
-		when(introspector.introspect(any())).thenReturn(principal);
+		given(introspector.introspect(any())).willReturn(principal);
 		OpaqueTokenAuthenticationProvider provider = new OpaqueTokenAuthenticationProvider(introspector);
 
 		Authentication result = provider.authenticate(new BearerTokenAuthenticationToken("token"));
@@ -101,7 +101,7 @@ public class OpaqueTokenAuthenticationProviderTests {
 	@Test
 	public void authenticateWhenIntrospectionEndpointThrowsExceptionThenInvalidToken() {
 		OpaqueTokenIntrospector introspector = mock(OpaqueTokenIntrospector.class);
-		when(introspector.introspect(any())).thenThrow(new OAuth2IntrospectionException("with \"invalid\" chars"));
+		given(introspector.introspect(any())).willThrow(new OAuth2IntrospectionException("with \"invalid\" chars"));
 		OpaqueTokenAuthenticationProvider provider = new OpaqueTokenAuthenticationProvider(introspector);
 
 		assertThatCode(() -> provider.authenticate(new BearerTokenAuthenticationToken("token")))
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenReactiveAuthenticationManagerTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenReactiveAuthenticationManagerTests.java
index c6d6297c72..8a498b3ec9 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenReactiveAuthenticationManagerTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenReactiveAuthenticationManagerTests.java
@@ -37,8 +37,8 @@ import org.springframework.security.oauth2.server.resource.introspection.Reactiv
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatCode;
 import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
 import static org.springframework.security.oauth2.core.TestOAuth2AuthenticatedPrincipals.active;
 import static org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionClaimNames.ACTIVE;
 import static org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionClaimNames.AUDIENCE;
@@ -61,7 +61,7 @@ public class OpaqueTokenReactiveAuthenticationManagerTests {
 		OAuth2AuthenticatedPrincipal authority = active(
 				attributes -> attributes.put("extension_field", "twenty-seven"));
 		ReactiveOpaqueTokenIntrospector introspector = mock(ReactiveOpaqueTokenIntrospector.class);
-		when(introspector.introspect(any())).thenReturn(Mono.just(authority));
+		given(introspector.introspect(any())).willReturn(Mono.just(authority));
 		OpaqueTokenReactiveAuthenticationManager provider = new OpaqueTokenReactiveAuthenticationManager(introspector);
 
 		Authentication result = provider.authenticate(new BearerTokenAuthenticationToken("token")).block();
@@ -88,7 +88,7 @@ public class OpaqueTokenReactiveAuthenticationManagerTests {
 		OAuth2AuthenticatedPrincipal authority = new OAuth2IntrospectionAuthenticatedPrincipal(
 				Collections.singletonMap("claim", "value"), null);
 		ReactiveOpaqueTokenIntrospector introspector = mock(ReactiveOpaqueTokenIntrospector.class);
-		when(introspector.introspect(any())).thenReturn(Mono.just(authority));
+		given(introspector.introspect(any())).willReturn(Mono.just(authority));
 		OpaqueTokenReactiveAuthenticationManager provider = new OpaqueTokenReactiveAuthenticationManager(introspector);
 
 		Authentication result = provider.authenticate(new BearerTokenAuthenticationToken("token")).block();
@@ -103,8 +103,8 @@ public class OpaqueTokenReactiveAuthenticationManagerTests {
 	@Test
 	public void authenticateWhenIntrospectionEndpointThrowsExceptionThenInvalidToken() {
 		ReactiveOpaqueTokenIntrospector introspector = mock(ReactiveOpaqueTokenIntrospector.class);
-		when(introspector.introspect(any()))
-				.thenReturn(Mono.error(new OAuth2IntrospectionException("with \"invalid\" chars")));
+		given(introspector.introspect(any()))
+				.willReturn(Mono.error(new OAuth2IntrospectionException("with \"invalid\" chars")));
 		OpaqueTokenReactiveAuthenticationManager provider = new OpaqueTokenReactiveAuthenticationManager(introspector);
 
 		assertThatCode(() -> provider.authenticate(new BearerTokenAuthenticationToken("token")).block())
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusOpaqueTokenIntrospectorTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusOpaqueTokenIntrospectorTests.java
index 5e33638382..7539acf13d 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusOpaqueTokenIntrospectorTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusOpaqueTokenIntrospectorTests.java
@@ -47,9 +47,9 @@ import static org.assertj.core.api.Assertions.assertThatCode;
 import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 import static org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionClaimNames.AUDIENCE;
 import static org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionClaimNames.EXPIRES_AT;
 import static org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionClaimNames.ISSUER;
@@ -145,7 +145,7 @@ public class NimbusOpaqueTokenIntrospectorTests {
 		RestOperations restOperations = mock(RestOperations.class);
 		OpaqueTokenIntrospector introspectionClient = new NimbusOpaqueTokenIntrospector(INTROSPECTION_URL,
 				restOperations);
-		when(restOperations.exchange(any(RequestEntity.class), eq(String.class))).thenReturn(INACTIVE);
+		given(restOperations.exchange(any(RequestEntity.class), eq(String.class))).willReturn(INACTIVE);
 
 		assertThatCode(() -> introspectionClient.introspect("token")).isInstanceOf(OAuth2IntrospectionException.class)
 				.extracting("message").isEqualTo("Provided token isn't active");
@@ -161,8 +161,8 @@ public class NimbusOpaqueTokenIntrospectorTests {
 		RestOperations restOperations = mock(RestOperations.class);
 		OpaqueTokenIntrospector introspectionClient = new NimbusOpaqueTokenIntrospector(INTROSPECTION_URL,
 				restOperations);
-		when(restOperations.exchange(any(RequestEntity.class), eq(String.class)))
-				.thenReturn(response(new JSONObject(introspectedValues).toJSONString()));
+		given(restOperations.exchange(any(RequestEntity.class), eq(String.class)))
+				.willReturn(response(new JSONObject(introspectedValues).toJSONString()));
 
 		OAuth2AuthenticatedPrincipal authority = introspectionClient.introspect("token");
 		assertThat(authority.getAttributes()).isNotNull().containsEntry(OAuth2IntrospectionClaimNames.ACTIVE, true)
@@ -176,8 +176,8 @@ public class NimbusOpaqueTokenIntrospectorTests {
 		RestOperations restOperations = mock(RestOperations.class);
 		OpaqueTokenIntrospector introspectionClient = new NimbusOpaqueTokenIntrospector(INTROSPECTION_URL,
 				restOperations);
-		when(restOperations.exchange(any(RequestEntity.class), eq(String.class)))
-				.thenThrow(new IllegalStateException("server was unresponsive"));
+		given(restOperations.exchange(any(RequestEntity.class), eq(String.class)))
+				.willThrow(new IllegalStateException("server was unresponsive"));
 
 		assertThatCode(() -> introspectionClient.introspect("token")).isInstanceOf(OAuth2IntrospectionException.class)
 				.extracting("message").isEqualTo("server was unresponsive");
@@ -188,7 +188,7 @@ public class NimbusOpaqueTokenIntrospectorTests {
 		RestOperations restOperations = mock(RestOperations.class);
 		OpaqueTokenIntrospector introspectionClient = new NimbusOpaqueTokenIntrospector(INTROSPECTION_URL,
 				restOperations);
-		when(restOperations.exchange(any(RequestEntity.class), eq(String.class))).thenReturn(response("malformed"));
+		given(restOperations.exchange(any(RequestEntity.class), eq(String.class))).willReturn(response("malformed"));
 
 		assertThatCode(() -> introspectionClient.introspect("token")).isInstanceOf(OAuth2IntrospectionException.class);
 	}
@@ -198,7 +198,7 @@ public class NimbusOpaqueTokenIntrospectorTests {
 		RestOperations restOperations = mock(RestOperations.class);
 		OpaqueTokenIntrospector introspectionClient = new NimbusOpaqueTokenIntrospector(INTROSPECTION_URL,
 				restOperations);
-		when(restOperations.exchange(any(RequestEntity.class), eq(String.class))).thenReturn(INVALID);
+		given(restOperations.exchange(any(RequestEntity.class), eq(String.class))).willReturn(INVALID);
 
 		assertThatCode(() -> introspectionClient.introspect("token")).isInstanceOf(OAuth2IntrospectionException.class);
 	}
@@ -208,7 +208,7 @@ public class NimbusOpaqueTokenIntrospectorTests {
 		RestOperations restOperations = mock(RestOperations.class);
 		OpaqueTokenIntrospector introspectionClient = new NimbusOpaqueTokenIntrospector(INTROSPECTION_URL,
 				restOperations);
-		when(restOperations.exchange(any(RequestEntity.class), eq(String.class))).thenReturn(MALFORMED_ISSUER);
+		given(restOperations.exchange(any(RequestEntity.class), eq(String.class))).willReturn(MALFORMED_ISSUER);
 
 		assertThatCode(() -> introspectionClient.introspect("token")).isInstanceOf(OAuth2IntrospectionException.class);
 	}
@@ -219,7 +219,7 @@ public class NimbusOpaqueTokenIntrospectorTests {
 		RestOperations restOperations = mock(RestOperations.class);
 		OpaqueTokenIntrospector introspectionClient = new NimbusOpaqueTokenIntrospector(INTROSPECTION_URL,
 				restOperations);
-		when(restOperations.exchange(any(RequestEntity.class), eq(String.class))).thenReturn(MALFORMED_SCOPE);
+		given(restOperations.exchange(any(RequestEntity.class), eq(String.class))).willReturn(MALFORMED_SCOPE);
 
 		OAuth2AuthenticatedPrincipal principal = introspectionClient.introspect("token");
 		assertThat(principal.getAuthorities()).isEmpty();
@@ -269,8 +269,8 @@ public class NimbusOpaqueTokenIntrospectorTests {
 		Converter<String, RequestEntity<?>> requestEntityConverter = mock(Converter.class);
 		RequestEntity requestEntity = mock(RequestEntity.class);
 		String tokenToIntrospect = "some token";
-		when(requestEntityConverter.convert(tokenToIntrospect)).thenReturn(requestEntity);
-		when(restOperations.exchange(requestEntity, String.class)).thenReturn(ACTIVE);
+		given(requestEntityConverter.convert(tokenToIntrospect)).willReturn(requestEntity);
+		given(restOperations.exchange(requestEntity, String.class)).willReturn(ACTIVE);
 		NimbusOpaqueTokenIntrospector introspectionClient = new NimbusOpaqueTokenIntrospector(INTROSPECTION_URL,
 				restOperations);
 		introspectionClient.setRequestEntityConverter(requestEntityConverter);
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusReactiveOpaqueTokenIntrospectorTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusReactiveOpaqueTokenIntrospectorTests.java
index 691d25454b..befa3bef92 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusReactiveOpaqueTokenIntrospectorTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusReactiveOpaqueTokenIntrospectorTests.java
@@ -42,9 +42,9 @@ import org.springframework.web.reactive.function.client.WebClient;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatCode;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.spy;
-import static org.mockito.Mockito.when;
 import static org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionClaimNames.AUDIENCE;
 import static org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionClaimNames.EXPIRES_AT;
 import static org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionClaimNames.ISSUER;
@@ -216,15 +216,15 @@ public class NimbusReactiveOpaqueTokenIntrospectorTests {
 		WebClient real = WebClient.builder().build();
 		WebClient.RequestBodyUriSpec spec = spy(real.post());
 		WebClient webClient = spy(WebClient.class);
-		when(webClient.post()).thenReturn(spec);
+		given(webClient.post()).willReturn(spec);
 		ClientResponse clientResponse = mock(ClientResponse.class);
-		when(clientResponse.rawStatusCode()).thenReturn(200);
-		when(clientResponse.statusCode()).thenReturn(HttpStatus.OK);
-		when(clientResponse.bodyToMono(String.class)).thenReturn(Mono.just(response));
+		given(clientResponse.rawStatusCode()).willReturn(200);
+		given(clientResponse.statusCode()).willReturn(HttpStatus.OK);
+		given(clientResponse.bodyToMono(String.class)).willReturn(Mono.just(response));
 		ClientResponse.Headers headers = mock(ClientResponse.Headers.class);
-		when(headers.contentType()).thenReturn(Optional.of(MediaType.APPLICATION_JSON_UTF8));
-		when(clientResponse.headers()).thenReturn(headers);
-		when(spec.exchange()).thenReturn(Mono.just(clientResponse));
+		given(headers.contentType()).willReturn(Optional.of(MediaType.APPLICATION_JSON_UTF8));
+		given(clientResponse.headers()).willReturn(headers);
+		given(spec.exchange()).willReturn(Mono.just(clientResponse));
 		return webClient;
 	}
 
@@ -232,8 +232,8 @@ public class NimbusReactiveOpaqueTokenIntrospectorTests {
 		WebClient real = WebClient.builder().build();
 		WebClient.RequestBodyUriSpec spec = spy(real.post());
 		WebClient webClient = spy(WebClient.class);
-		when(webClient.post()).thenReturn(spec);
-		when(spec.exchange()).thenThrow(t);
+		given(webClient.post()).willReturn(spec);
+		given(spec.exchange()).willThrow(t);
 		return webClient;
 	}
 
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationFilterTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationFilterTests.java
index 0525260526..1427bde865 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationFilterTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationFilterTests.java
@@ -43,9 +43,9 @@ import org.springframework.security.web.authentication.AuthenticationFailureHand
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatCode;
 import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.verifyNoMoreInteractions;
-import static org.mockito.Mockito.when;
 
 /**
  * Tests {@link BearerTokenAuthenticationFilterTests}
@@ -85,7 +85,7 @@ public class BearerTokenAuthenticationFilterTests {
 
 	@Test
 	public void doFilterWhenBearerTokenPresentThenAuthenticates() throws ServletException, IOException {
-		when(this.bearerTokenResolver.resolve(this.request)).thenReturn("token");
+		given(this.bearerTokenResolver.resolve(this.request)).willReturn("token");
 
 		BearerTokenAuthenticationFilter filter = addMocks(
 				new BearerTokenAuthenticationFilter(this.authenticationManager));
@@ -104,8 +104,8 @@ public class BearerTokenAuthenticationFilterTests {
 		BearerTokenAuthenticationFilter filter = addMocks(
 				new BearerTokenAuthenticationFilter(this.authenticationManagerResolver));
 
-		when(this.bearerTokenResolver.resolve(this.request)).thenReturn("token");
-		when(this.authenticationManagerResolver.resolve(any())).thenReturn(this.authenticationManager);
+		given(this.bearerTokenResolver.resolve(this.request)).willReturn("token");
+		given(this.authenticationManagerResolver.resolve(any())).willReturn(this.authenticationManager);
 
 		filter.doFilter(this.request, this.response, this.filterChain);
 
@@ -120,7 +120,7 @@ public class BearerTokenAuthenticationFilterTests {
 	@Test
 	public void doFilterWhenNoBearerTokenPresentThenDoesNotAuthenticate() throws ServletException, IOException {
 
-		when(this.bearerTokenResolver.resolve(this.request)).thenReturn(null);
+		given(this.bearerTokenResolver.resolve(this.request)).willReturn(null);
 
 		dontAuthenticate();
 	}
@@ -132,7 +132,7 @@ public class BearerTokenAuthenticationFilterTests {
 
 		OAuth2AuthenticationException exception = new OAuth2AuthenticationException(error);
 
-		when(this.bearerTokenResolver.resolve(this.request)).thenThrow(exception);
+		given(this.bearerTokenResolver.resolve(this.request)).willThrow(exception);
 
 		dontAuthenticate();
 
@@ -147,8 +147,8 @@ public class BearerTokenAuthenticationFilterTests {
 
 		OAuth2AuthenticationException exception = new OAuth2AuthenticationException(error);
 
-		when(this.bearerTokenResolver.resolve(this.request)).thenReturn("token");
-		when(this.authenticationManager.authenticate(any(BearerTokenAuthenticationToken.class))).thenThrow(exception);
+		given(this.bearerTokenResolver.resolve(this.request)).willReturn("token");
+		given(this.authenticationManager.authenticate(any(BearerTokenAuthenticationToken.class))).willThrow(exception);
 
 		BearerTokenAuthenticationFilter filter = addMocks(
 				new BearerTokenAuthenticationFilter(this.authenticationManager));
@@ -165,8 +165,8 @@ public class BearerTokenAuthenticationFilterTests {
 
 		OAuth2AuthenticationException exception = new OAuth2AuthenticationException(error);
 
-		when(this.bearerTokenResolver.resolve(this.request)).thenReturn("token");
-		when(this.authenticationManager.authenticate(any(BearerTokenAuthenticationToken.class))).thenThrow(exception);
+		given(this.bearerTokenResolver.resolve(this.request)).willReturn("token");
+		given(this.authenticationManager.authenticate(any(BearerTokenAuthenticationToken.class))).willThrow(exception);
 
 		BearerTokenAuthenticationFilter filter = addMocks(
 				new BearerTokenAuthenticationFilter(this.authenticationManager));
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/access/server/BearerTokenServerAccessDeniedHandlerTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/access/server/BearerTokenServerAccessDeniedHandlerTests.java
index 856028a968..272d7b9bbc 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/access/server/BearerTokenServerAccessDeniedHandlerTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/access/server/BearerTokenServerAccessDeniedHandlerTests.java
@@ -34,8 +34,8 @@ import org.springframework.web.server.ServerWebExchange;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatCode;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
 
 public class BearerTokenServerAccessDeniedHandlerTests {
 
@@ -51,8 +51,8 @@ public class BearerTokenServerAccessDeniedHandlerTests {
 
 		Authentication token = new TestingAuthenticationToken("user", "pass");
 		ServerWebExchange exchange = mock(ServerWebExchange.class);
-		when(exchange.getPrincipal()).thenReturn(Mono.just(token));
-		when(exchange.getResponse()).thenReturn(new MockServerHttpResponse());
+		given(exchange.getPrincipal()).willReturn(Mono.just(token));
+		given(exchange.getResponse()).willReturn(new MockServerHttpResponse());
 
 		this.accessDeniedHandler.handle(exchange, null).block();
 
@@ -65,8 +65,8 @@ public class BearerTokenServerAccessDeniedHandlerTests {
 
 		Authentication token = new TestingAuthenticationToken("user", "pass");
 		ServerWebExchange exchange = mock(ServerWebExchange.class);
-		when(exchange.getPrincipal()).thenReturn(Mono.just(token));
-		when(exchange.getResponse()).thenReturn(new MockServerHttpResponse());
+		given(exchange.getPrincipal()).willReturn(Mono.just(token));
+		given(exchange.getResponse()).willReturn(new MockServerHttpResponse());
 
 		this.accessDeniedHandler.setRealmName("test");
 		this.accessDeniedHandler.handle(exchange, null).block();
@@ -81,8 +81,8 @@ public class BearerTokenServerAccessDeniedHandlerTests {
 
 		Authentication token = new TestingOAuth2TokenAuthenticationToken(Collections.emptyMap());
 		ServerWebExchange exchange = mock(ServerWebExchange.class);
-		when(exchange.getPrincipal()).thenReturn(Mono.just(token));
-		when(exchange.getResponse()).thenReturn(new MockServerHttpResponse());
+		given(exchange.getPrincipal()).willReturn(Mono.just(token));
+		given(exchange.getResponse()).willReturn(new MockServerHttpResponse());
 
 		this.accessDeniedHandler.handle(exchange, null).block();
 
diff --git a/openid/src/test/java/org/springframework/security/openid/OpenID4JavaConsumerTests.java b/openid/src/test/java/org/springframework/security/openid/OpenID4JavaConsumerTests.java
index aa7b8fa459..1bee6cb0cf 100644
--- a/openid/src/test/java/org/springframework/security/openid/OpenID4JavaConsumerTests.java
+++ b/openid/src/test/java/org/springframework/security/openid/OpenID4JavaConsumerTests.java
@@ -39,8 +39,8 @@ import org.springframework.mock.web.MockHttpServletRequest;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.fail;
 import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
 
 /**
  * @author Luke Taylor
@@ -62,8 +62,8 @@ public class OpenID4JavaConsumerTests {
 		AuthRequest authReq = mock(AuthRequest.class);
 		DiscoveryInformation di = mock(DiscoveryInformation.class);
 
-		when(mgr.authenticate(any(DiscoveryInformation.class), any(), any())).thenReturn(authReq);
-		when(mgr.associate(any())).thenReturn(di);
+		given(mgr.authenticate(any(DiscoveryInformation.class), any(), any())).willReturn(authReq);
+		given(mgr.associate(any())).willReturn(di);
 
 		OpenID4JavaConsumer consumer = new OpenID4JavaConsumer(mgr, new MockAttributesFactory());
 
@@ -85,7 +85,7 @@ public class OpenID4JavaConsumerTests {
 	public void discoveryExceptionRaisesOpenIDException() throws Exception {
 		ConsumerManager mgr = mock(ConsumerManager.class);
 		OpenID4JavaConsumer consumer = new OpenID4JavaConsumer(mgr, new NullAxFetchListFactory());
-		when(mgr.discover(any())).thenThrow(new DiscoveryException("msg"));
+		given(mgr.discover(any())).willThrow(new DiscoveryException("msg"));
 		consumer.beginConsumption(new MockHttpServletRequest(), "", "", "");
 	}
 
@@ -94,8 +94,8 @@ public class OpenID4JavaConsumerTests {
 		ConsumerManager mgr = mock(ConsumerManager.class);
 		OpenID4JavaConsumer consumer = new OpenID4JavaConsumer(mgr, new NullAxFetchListFactory());
 
-		when(mgr.authenticate(ArgumentMatchers.<DiscoveryInformation>any(), any(), any()))
-				.thenThrow(new MessageException("msg"), new ConsumerException("msg"));
+		given(mgr.authenticate(ArgumentMatchers.<DiscoveryInformation>any(), any(), any()))
+				.willThrow(new MessageException("msg"), new ConsumerException("msg"));
 		try {
 			consumer.beginConsumption(new MockHttpServletRequest(), "", "", "");
 			fail("OpenIDConsumerException was not thrown");
@@ -118,7 +118,7 @@ public class OpenID4JavaConsumerTests {
 		VerificationResult vr = mock(VerificationResult.class);
 		DiscoveryInformation di = mock(DiscoveryInformation.class);
 
-		when(mgr.verify(any(), any(ParameterList.class), any(DiscoveryInformation.class))).thenReturn(vr);
+		given(mgr.verify(any(), any(ParameterList.class), any(DiscoveryInformation.class))).willReturn(vr);
 
 		MockHttpServletRequest request = new MockHttpServletRequest();
 
@@ -134,9 +134,8 @@ public class OpenID4JavaConsumerTests {
 		ConsumerManager mgr = mock(ConsumerManager.class);
 		OpenID4JavaConsumer consumer = new OpenID4JavaConsumer(mgr, new NullAxFetchListFactory());
 
-		when(mgr.verify(any(), any(ParameterList.class), any(DiscoveryInformation.class)))
-				.thenThrow(new MessageException("")).thenThrow(new AssociationException(""))
-				.thenThrow(new DiscoveryException(""));
+		given(mgr.verify(any(), any(ParameterList.class), any(DiscoveryInformation.class)))
+				.willThrow(new MessageException(""), new AssociationException(""), new DiscoveryException(""));
 
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setQueryString("x=5");
@@ -174,9 +173,9 @@ public class OpenID4JavaConsumerTests {
 		Identifier id = (Identifier) () -> "id";
 		Message msg = mock(Message.class);
 
-		when(mgr.verify(any(), any(ParameterList.class), any(DiscoveryInformation.class))).thenReturn(vr);
-		when(vr.getVerifiedId()).thenReturn(id);
-		when(vr.getAuthResponse()).thenReturn(msg);
+		given(mgr.verify(any(), any(ParameterList.class), any(DiscoveryInformation.class))).willReturn(vr);
+		given(vr.getVerifiedId()).willReturn(id);
+		given(vr.getAuthResponse()).willReturn(msg);
 
 		MockHttpServletRequest request = new MockHttpServletRequest();
 
@@ -193,9 +192,9 @@ public class OpenID4JavaConsumerTests {
 		OpenID4JavaConsumer consumer = new OpenID4JavaConsumer(new NullAxFetchListFactory());
 		Message msg = mock(Message.class);
 		FetchResponse fr = mock(FetchResponse.class);
-		when(msg.hasExtension(AxMessage.OPENID_NS_AX)).thenReturn(true);
-		when(msg.getExtension(AxMessage.OPENID_NS_AX)).thenReturn(fr);
-		when(fr.getAttributeValues("a")).thenReturn(Arrays.asList("x", "y"));
+		given(msg.hasExtension(AxMessage.OPENID_NS_AX)).willReturn(true);
+		given(msg.getExtension(AxMessage.OPENID_NS_AX)).willReturn(fr);
+		given(fr.getAttributeValues("a")).willReturn(Arrays.asList("x", "y"));
 
 		List<OpenIDAttribute> fetched = consumer.fetchAxAttributes(msg, this.attributes);
 
@@ -208,9 +207,9 @@ public class OpenID4JavaConsumerTests {
 		OpenID4JavaConsumer consumer = new OpenID4JavaConsumer(new NullAxFetchListFactory());
 		Message msg = mock(Message.class);
 		FetchResponse fr = mock(FetchResponse.class);
-		when(msg.hasExtension(AxMessage.OPENID_NS_AX)).thenReturn(true);
-		when(msg.getExtension(AxMessage.OPENID_NS_AX)).thenThrow(new MessageException(""));
-		when(fr.getAttributeValues("a")).thenReturn(Arrays.asList("x", "y"));
+		given(msg.hasExtension(AxMessage.OPENID_NS_AX)).willReturn(true);
+		given(msg.getExtension(AxMessage.OPENID_NS_AX)).willThrow(new MessageException(""));
+		given(fr.getAttributeValues("a")).willReturn(Arrays.asList("x", "y"));
 
 		consumer.fetchAxAttributes(msg, this.attributes);
 	}
diff --git a/remoting/src/test/java/org/springframework/security/remoting/dns/JndiDnsResolverTests.java b/remoting/src/test/java/org/springframework/security/remoting/dns/JndiDnsResolverTests.java
index 38659f0f57..470429ec38 100644
--- a/remoting/src/test/java/org/springframework/security/remoting/dns/JndiDnsResolverTests.java
+++ b/remoting/src/test/java/org/springframework/security/remoting/dns/JndiDnsResolverTests.java
@@ -28,8 +28,8 @@ import org.junit.Test;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
 
 /**
  * @author Mike Wiesner
@@ -49,14 +49,14 @@ public class JndiDnsResolverTests {
 		this.context = mock(DirContext.class);
 		this.dnsResolver = new JndiDnsResolver();
 		this.dnsResolver.setCtxFactory(this.contextFactory);
-		when(this.contextFactory.getCtx()).thenReturn(this.context);
+		given(this.contextFactory.getCtx()).willReturn(this.context);
 	}
 
 	@Test
 	public void testResolveIpAddress() throws Exception {
 		Attributes records = new BasicAttributes("A", "63.246.7.80");
 
-		when(this.context.getAttributes("www.springsource.com", new String[] { "A" })).thenReturn(records);
+		given(this.context.getAttributes("www.springsource.com", new String[] { "A" })).willReturn(records);
 
 		String ipAddress = this.dnsResolver.resolveIpAddress("www.springsource.com");
 		assertThat(ipAddress).isEqualTo("63.246.7.80");
@@ -64,8 +64,8 @@ public class JndiDnsResolverTests {
 
 	@Test(expected = DnsEntryNotFoundException.class)
 	public void testResolveIpAddressNotExisting() throws Exception {
-		when(this.context.getAttributes(any(String.class), any(String[].class)))
-				.thenThrow(new NameNotFoundException("not found"));
+		given(this.context.getAttributes(any(String.class), any(String[].class)))
+				.willThrow(new NameNotFoundException("not found"));
 
 		this.dnsResolver.resolveIpAddress("notexisting.ansdansdugiuzgguzgioansdiandwq.foo");
 	}
@@ -74,7 +74,7 @@ public class JndiDnsResolverTests {
 	public void testResolveServiceEntry() throws Exception {
 		BasicAttributes records = createSrvRecords();
 
-		when(this.context.getAttributes("_ldap._tcp.springsource.com", new String[] { "SRV" })).thenReturn(records);
+		given(this.context.getAttributes("_ldap._tcp.springsource.com", new String[] { "SRV" })).willReturn(records);
 
 		String hostname = this.dnsResolver.resolveServiceEntry("ldap", "springsource.com");
 		assertThat(hostname).isEqualTo("kdc.springsource.com");
@@ -82,8 +82,8 @@ public class JndiDnsResolverTests {
 
 	@Test(expected = DnsEntryNotFoundException.class)
 	public void testResolveServiceEntryNotExisting() throws Exception {
-		when(this.context.getAttributes(any(String.class), any(String[].class)))
-				.thenThrow(new NameNotFoundException("not found"));
+		given(this.context.getAttributes(any(String.class), any(String[].class)))
+				.willThrow(new NameNotFoundException("not found"));
 
 		this.dnsResolver.resolveServiceEntry("wrong", "secpod.de");
 	}
@@ -92,8 +92,8 @@ public class JndiDnsResolverTests {
 	public void testResolveServiceIpAddress() throws Exception {
 		BasicAttributes srvRecords = createSrvRecords();
 		BasicAttributes aRecords = new BasicAttributes("A", "63.246.7.80");
-		when(this.context.getAttributes("_ldap._tcp.springsource.com", new String[] { "SRV" })).thenReturn(srvRecords);
-		when(this.context.getAttributes("kdc.springsource.com", new String[] { "A" })).thenReturn(aRecords);
+		given(this.context.getAttributes("_ldap._tcp.springsource.com", new String[] { "SRV" })).willReturn(srvRecords);
+		given(this.context.getAttributes("kdc.springsource.com", new String[] { "A" })).willReturn(aRecords);
 
 		String ipAddress = this.dnsResolver.resolveServiceIpAddress("ldap", "springsource.com");
 		assertThat(ipAddress).isEqualTo("63.246.7.80");
@@ -101,8 +101,8 @@ public class JndiDnsResolverTests {
 
 	@Test(expected = DnsLookupException.class)
 	public void testUnknowError() throws Exception {
-		when(this.context.getAttributes(any(String.class), any(String[].class)))
-				.thenThrow(new NamingException("error"));
+		given(this.context.getAttributes(any(String.class), any(String[].class)))
+				.willThrow(new NamingException("error"));
 		this.dnsResolver.resolveIpAddress("");
 	}
 
diff --git a/rsocket/src/test/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadInterceptorTests.java b/rsocket/src/test/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadInterceptorTests.java
index f360bf1b2e..061d590faf 100644
--- a/rsocket/src/test/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadInterceptorTests.java
+++ b/rsocket/src/test/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadInterceptorTests.java
@@ -55,9 +55,9 @@ import org.springframework.util.MimeTypeUtils;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatCode;
 import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 
 /**
  * @author Rob Winch
@@ -84,7 +84,7 @@ public class AuthenticationPayloadInterceptorTests {
 		AuthenticationPayloadInterceptor interceptor = new AuthenticationPayloadInterceptor(this.authenticationManager);
 		PayloadExchange exchange = createExchange();
 		TestingAuthenticationToken expectedAuthentication = new TestingAuthenticationToken("user", "password");
-		when(this.authenticationManager.authenticate(any())).thenReturn(Mono.just(expectedAuthentication));
+		given(this.authenticationManager.authenticate(any())).willReturn(Mono.just(expectedAuthentication));
 
 		AuthenticationPayloadInterceptorChain authenticationPayloadChain = new AuthenticationPayloadInterceptorChain();
 		interceptor.intercept(exchange, authenticationPayloadChain).block();
@@ -103,11 +103,11 @@ public class AuthenticationPayloadInterceptorTests {
 
 		PayloadExchange exchange = createExchange();
 		TestingAuthenticationToken expectedAuthentication = new TestingAuthenticationToken("user", "password");
-		when(this.authenticationManager.authenticate(any())).thenReturn(Mono.just(expectedAuthentication));
+		given(this.authenticationManager.authenticate(any())).willReturn(Mono.just(expectedAuthentication));
 
 		PublisherProbe<Void> voidResult = PublisherProbe.empty();
 		PayloadInterceptorChain chain = mock(PayloadInterceptorChain.class);
-		when(chain.next(any())).thenReturn(voidResult.mono());
+		given(chain.next(any())).willReturn(voidResult.mono());
 
 		StepVerifier.create(interceptor.intercept(exchange, chain))
 				.then(() -> assertThat(voidResult.subscribeCount()).isEqualTo(1)).verifyComplete();
diff --git a/rsocket/src/test/java/org/springframework/security/rsocket/authorization/AuthorizationPayloadInterceptorTests.java b/rsocket/src/test/java/org/springframework/security/rsocket/authorization/AuthorizationPayloadInterceptorTests.java
index 99f7de80f1..36f98b2189 100644
--- a/rsocket/src/test/java/org/springframework/security/rsocket/authorization/AuthorizationPayloadInterceptorTests.java
+++ b/rsocket/src/test/java/org/springframework/security/rsocket/authorization/AuthorizationPayloadInterceptorTests.java
@@ -34,7 +34,7 @@ import org.springframework.security.rsocket.api.PayloadExchange;
 import org.springframework.security.rsocket.api.PayloadInterceptorChain;
 
 import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.Mockito.when;
+import static org.mockito.BDDMockito.given;
 import static org.springframework.security.authorization.AuthenticatedReactiveAuthorizationManager.authenticated;
 import static org.springframework.security.authorization.AuthorityReactiveAuthorizationManager.hasRole;
 
@@ -59,7 +59,7 @@ public class AuthorizationPayloadInterceptorTests {
 
 	@Test
 	public void interceptWhenAuthenticationEmptyAndSubscribedThenException() {
-		when(this.chain.next(any())).thenReturn(this.chainResult.mono());
+		given(this.chain.next(any())).willReturn(this.chainResult.mono());
 
 		AuthorizationPayloadInterceptor interceptor = new AuthorizationPayloadInterceptor(authenticated());
 
@@ -70,8 +70,8 @@ public class AuthorizationPayloadInterceptorTests {
 
 	@Test
 	public void interceptWhenAuthenticationNotSubscribedAndEmptyThenCompletes() {
-		when(this.chain.next(any())).thenReturn(this.chainResult.mono());
-		when(this.authorizationManager.verify(any(), any())).thenReturn(this.managerResult.mono());
+		given(this.chain.next(any())).willReturn(this.chainResult.mono());
+		given(this.authorizationManager.verify(any(), any())).willReturn(this.managerResult.mono());
 
 		AuthorizationPayloadInterceptor interceptor = new AuthorizationPayloadInterceptor(this.authorizationManager);
 
@@ -81,7 +81,7 @@ public class AuthorizationPayloadInterceptorTests {
 
 	@Test
 	public void interceptWhenNotAuthorizedThenException() {
-		when(this.chain.next(any())).thenReturn(this.chainResult.mono());
+		given(this.chain.next(any())).willReturn(this.chainResult.mono());
 
 		AuthorizationPayloadInterceptor interceptor = new AuthorizationPayloadInterceptor(hasRole("USER"));
 		Context userContext = ReactiveSecurityContextHolder
@@ -95,7 +95,7 @@ public class AuthorizationPayloadInterceptorTests {
 
 	@Test
 	public void interceptWhenAuthorizedThenContinues() {
-		when(this.chain.next(any())).thenReturn(this.chainResult.mono());
+		given(this.chain.next(any())).willReturn(this.chainResult.mono());
 
 		AuthorizationPayloadInterceptor interceptor = new AuthorizationPayloadInterceptor(authenticated());
 		Context userContext = ReactiveSecurityContextHolder
diff --git a/rsocket/src/test/java/org/springframework/security/rsocket/authorization/PayloadExchangeMatcherReactiveAuthorizationManagerTests.java b/rsocket/src/test/java/org/springframework/security/rsocket/authorization/PayloadExchangeMatcherReactiveAuthorizationManagerTests.java
index 709ddfbf37..835a50c02b 100644
--- a/rsocket/src/test/java/org/springframework/security/rsocket/authorization/PayloadExchangeMatcherReactiveAuthorizationManagerTests.java
+++ b/rsocket/src/test/java/org/springframework/security/rsocket/authorization/PayloadExchangeMatcherReactiveAuthorizationManagerTests.java
@@ -32,7 +32,7 @@ import org.springframework.security.rsocket.util.matcher.PayloadExchangeMatchers
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.Mockito.when;
+import static org.mockito.BDDMockito.given;
 
 /**
  * @author Rob Winch
@@ -52,7 +52,7 @@ public class PayloadExchangeMatcherReactiveAuthorizationManagerTests {
 	@Test
 	public void checkWhenGrantedThenGranted() {
 		AuthorizationDecision expected = new AuthorizationDecision(true);
-		when(this.authz.check(any(), any())).thenReturn(Mono.just(expected));
+		given(this.authz.check(any(), any())).willReturn(Mono.just(expected));
 		PayloadExchangeMatcherReactiveAuthorizationManager manager = PayloadExchangeMatcherReactiveAuthorizationManager
 				.builder().add(new PayloadExchangeMatcherEntry<>(PayloadExchangeMatchers.anyExchange(), this.authz))
 				.build();
@@ -63,7 +63,7 @@ public class PayloadExchangeMatcherReactiveAuthorizationManagerTests {
 	@Test
 	public void checkWhenDeniedThenDenied() {
 		AuthorizationDecision expected = new AuthorizationDecision(false);
-		when(this.authz.check(any(), any())).thenReturn(Mono.just(expected));
+		given(this.authz.check(any(), any())).willReturn(Mono.just(expected));
 		PayloadExchangeMatcherReactiveAuthorizationManager manager = PayloadExchangeMatcherReactiveAuthorizationManager
 				.builder().add(new PayloadExchangeMatcherEntry<>(PayloadExchangeMatchers.anyExchange(), this.authz))
 				.build();
@@ -74,7 +74,7 @@ public class PayloadExchangeMatcherReactiveAuthorizationManagerTests {
 	@Test
 	public void checkWhenFirstMatchThenSecondUsed() {
 		AuthorizationDecision expected = new AuthorizationDecision(true);
-		when(this.authz.check(any(), any())).thenReturn(Mono.just(expected));
+		given(this.authz.check(any(), any())).willReturn(Mono.just(expected));
 		PayloadExchangeMatcherReactiveAuthorizationManager manager = PayloadExchangeMatcherReactiveAuthorizationManager
 				.builder().add(new PayloadExchangeMatcherEntry<>(PayloadExchangeMatchers.anyExchange(), this.authz))
 				.add(new PayloadExchangeMatcherEntry<>(e -> PayloadExchangeMatcher.MatchResult.notMatch(), this.authz2))
@@ -86,7 +86,7 @@ public class PayloadExchangeMatcherReactiveAuthorizationManagerTests {
 	@Test
 	public void checkWhenSecondMatchThenSecondUsed() {
 		AuthorizationDecision expected = new AuthorizationDecision(true);
-		when(this.authz2.check(any(), any())).thenReturn(Mono.just(expected));
+		given(this.authz2.check(any(), any())).willReturn(Mono.just(expected));
 		PayloadExchangeMatcherReactiveAuthorizationManager manager = PayloadExchangeMatcherReactiveAuthorizationManager
 				.builder()
 				.add(new PayloadExchangeMatcherEntry<>(e -> PayloadExchangeMatcher.MatchResult.notMatch(), this.authz))
diff --git a/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadInterceptorRSocketTests.java b/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadInterceptorRSocketTests.java
index 95ae4f08f7..f5aa79ab3b 100644
--- a/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadInterceptorRSocketTests.java
+++ b/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadInterceptorRSocketTests.java
@@ -54,9 +54,9 @@ import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatCode;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.verifyZeroInteractions;
-import static org.mockito.Mockito.when;
 
 /**
  * @author Rob Winch
@@ -117,8 +117,8 @@ public class PayloadInterceptorRSocketTests {
 
 	@Test
 	public void fireAndForgetWhenInterceptorCompletesThenDelegateSubscribed() {
-		when(this.interceptor.intercept(any(), any())).thenAnswer(withChainNext());
-		when(this.delegate.fireAndForget(any())).thenReturn(this.voidResult.mono());
+		given(this.interceptor.intercept(any(), any())).willAnswer(withChainNext());
+		given(this.delegate.fireAndForget(any())).willReturn(this.voidResult.mono());
 
 		PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(this.delegate,
 				Arrays.asList(this.interceptor), this.metadataMimeType, this.dataMimeType);
@@ -133,7 +133,7 @@ public class PayloadInterceptorRSocketTests {
 	@Test
 	public void fireAndForgetWhenInterceptorErrorsThenDelegateNotSubscribed() {
 		RuntimeException expected = new RuntimeException("Oops");
-		when(this.interceptor.intercept(any(), any())).thenReturn(Mono.error(expected));
+		given(this.interceptor.intercept(any(), any())).willReturn(Mono.error(expected));
 
 		PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(this.delegate,
 				Arrays.asList(this.interceptor), this.metadataMimeType, this.dataMimeType);
@@ -149,8 +149,8 @@ public class PayloadInterceptorRSocketTests {
 	@Test
 	public void fireAndForgetWhenSecurityContextThenDelegateContext() {
 		TestingAuthenticationToken authentication = new TestingAuthenticationToken("user", "password");
-		when(this.interceptor.intercept(any(), any())).thenAnswer(withAuthenticated(authentication));
-		when(this.delegate.fireAndForget(any())).thenReturn(Mono.empty());
+		given(this.interceptor.intercept(any(), any())).willAnswer(withAuthenticated(authentication));
+		given(this.delegate.fireAndForget(any())).willReturn(Mono.empty());
 
 		RSocket assertAuthentication = new RSocketProxy(this.delegate) {
 			@Override
@@ -170,8 +170,8 @@ public class PayloadInterceptorRSocketTests {
 
 	@Test
 	public void requestResponseWhenInterceptorCompletesThenDelegateSubscribed() {
-		when(this.interceptor.intercept(any(), any())).thenReturn(Mono.empty());
-		when(this.delegate.requestResponse(any())).thenReturn(this.payloadResult.mono());
+		given(this.interceptor.intercept(any(), any())).willReturn(Mono.empty());
+		given(this.delegate.requestResponse(any())).willReturn(this.payloadResult.mono());
 
 		PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(this.delegate,
 				Arrays.asList(this.interceptor), this.metadataMimeType, this.dataMimeType);
@@ -188,7 +188,7 @@ public class PayloadInterceptorRSocketTests {
 	@Test
 	public void requestResponseWhenInterceptorErrorsThenDelegateNotInvoked() {
 		RuntimeException expected = new RuntimeException("Oops");
-		when(this.interceptor.intercept(any(), any())).thenReturn(Mono.error(expected));
+		given(this.interceptor.intercept(any(), any())).willReturn(Mono.error(expected));
 
 		PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(this.delegate,
 				Arrays.asList(this.interceptor), this.metadataMimeType, this.dataMimeType);
@@ -203,8 +203,8 @@ public class PayloadInterceptorRSocketTests {
 	@Test
 	public void requestResponseWhenSecurityContextThenDelegateContext() {
 		TestingAuthenticationToken authentication = new TestingAuthenticationToken("user", "password");
-		when(this.interceptor.intercept(any(), any())).thenAnswer(withAuthenticated(authentication));
-		when(this.delegate.requestResponse(any())).thenReturn(this.payloadResult.mono());
+		given(this.interceptor.intercept(any(), any())).willAnswer(withAuthenticated(authentication));
+		given(this.delegate.requestResponse(any())).willReturn(this.payloadResult.mono());
 
 		RSocket assertAuthentication = new RSocketProxy(this.delegate) {
 			@Override
@@ -226,8 +226,8 @@ public class PayloadInterceptorRSocketTests {
 
 	@Test
 	public void requestStreamWhenInterceptorCompletesThenDelegateSubscribed() {
-		when(this.interceptor.intercept(any(), any())).thenReturn(Mono.empty());
-		when(this.delegate.requestStream(any())).thenReturn(this.payloadResult.flux());
+		given(this.interceptor.intercept(any(), any())).willReturn(Mono.empty());
+		given(this.delegate.requestStream(any())).willReturn(this.payloadResult.flux());
 
 		PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(this.delegate,
 				Arrays.asList(this.interceptor), this.metadataMimeType, this.dataMimeType);
@@ -242,7 +242,7 @@ public class PayloadInterceptorRSocketTests {
 	@Test
 	public void requestStreamWhenInterceptorErrorsThenDelegateNotSubscribed() {
 		RuntimeException expected = new RuntimeException("Oops");
-		when(this.interceptor.intercept(any(), any())).thenReturn(Mono.error(expected));
+		given(this.interceptor.intercept(any(), any())).willReturn(Mono.error(expected));
 
 		PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(this.delegate,
 				Arrays.asList(this.interceptor), this.metadataMimeType, this.dataMimeType);
@@ -258,8 +258,8 @@ public class PayloadInterceptorRSocketTests {
 	@Test
 	public void requestStreamWhenSecurityContextThenDelegateContext() {
 		TestingAuthenticationToken authentication = new TestingAuthenticationToken("user", "password");
-		when(this.interceptor.intercept(any(), any())).thenAnswer(withAuthenticated(authentication));
-		when(this.delegate.requestStream(any())).thenReturn(this.payloadResult.flux());
+		given(this.interceptor.intercept(any(), any())).willAnswer(withAuthenticated(authentication));
+		given(this.delegate.requestStream(any())).willReturn(this.payloadResult.flux());
 
 		RSocket assertAuthentication = new RSocketProxy(this.delegate) {
 			@Override
@@ -280,8 +280,8 @@ public class PayloadInterceptorRSocketTests {
 
 	@Test
 	public void requestChannelWhenInterceptorCompletesThenDelegateSubscribed() {
-		when(this.interceptor.intercept(any(), any())).thenReturn(Mono.empty());
-		when(this.delegate.requestChannel(any())).thenReturn(this.payloadResult.flux());
+		given(this.interceptor.intercept(any(), any())).willReturn(Mono.empty());
+		given(this.delegate.requestChannel(any())).willReturn(this.payloadResult.flux());
 
 		PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(this.delegate,
 				Arrays.asList(this.interceptor), this.metadataMimeType, this.dataMimeType);
@@ -298,7 +298,7 @@ public class PayloadInterceptorRSocketTests {
 	@Test
 	public void requestChannelWhenInterceptorErrorsThenDelegateNotSubscribed() {
 		RuntimeException expected = new RuntimeException("Oops");
-		when(this.interceptor.intercept(any(), any())).thenReturn(Mono.error(expected));
+		given(this.interceptor.intercept(any(), any())).willReturn(Mono.error(expected));
 
 		PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(this.delegate,
 				Arrays.asList(this.interceptor), this.metadataMimeType, this.dataMimeType);
@@ -315,8 +315,8 @@ public class PayloadInterceptorRSocketTests {
 	public void requestChannelWhenSecurityContextThenDelegateContext() {
 		Mono<Payload> payload = Mono.just(this.payload);
 		TestingAuthenticationToken authentication = new TestingAuthenticationToken("user", "password");
-		when(this.interceptor.intercept(any(), any())).thenAnswer(withAuthenticated(authentication));
-		when(this.delegate.requestChannel(any())).thenReturn(this.payloadResult.flux());
+		given(this.interceptor.intercept(any(), any())).willAnswer(withAuthenticated(authentication));
+		given(this.delegate.requestChannel(any())).willReturn(this.payloadResult.flux());
 
 		RSocket assertAuthentication = new RSocketProxy(this.delegate) {
 			@Override
@@ -337,8 +337,8 @@ public class PayloadInterceptorRSocketTests {
 
 	@Test
 	public void metadataPushWhenInterceptorCompletesThenDelegateSubscribed() {
-		when(this.interceptor.intercept(any(), any())).thenReturn(Mono.empty());
-		when(this.delegate.metadataPush(any())).thenReturn(this.voidResult.mono());
+		given(this.interceptor.intercept(any(), any())).willReturn(Mono.empty());
+		given(this.delegate.metadataPush(any())).willReturn(this.voidResult.mono());
 
 		PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(this.delegate,
 				Arrays.asList(this.interceptor), this.metadataMimeType, this.dataMimeType);
@@ -353,7 +353,7 @@ public class PayloadInterceptorRSocketTests {
 	@Test
 	public void metadataPushWhenInterceptorErrorsThenDelegateNotSubscribed() {
 		RuntimeException expected = new RuntimeException("Oops");
-		when(this.interceptor.intercept(any(), any())).thenReturn(Mono.error(expected));
+		given(this.interceptor.intercept(any(), any())).willReturn(Mono.error(expected));
 
 		PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(this.delegate,
 				Arrays.asList(this.interceptor), this.metadataMimeType, this.dataMimeType);
@@ -368,8 +368,8 @@ public class PayloadInterceptorRSocketTests {
 	@Test
 	public void metadataPushWhenSecurityContextThenDelegateContext() {
 		TestingAuthenticationToken authentication = new TestingAuthenticationToken("user", "password");
-		when(this.interceptor.intercept(any(), any())).thenAnswer(withAuthenticated(authentication));
-		when(this.delegate.metadataPush(any())).thenReturn(this.voidResult.mono());
+		given(this.interceptor.intercept(any(), any())).willAnswer(withAuthenticated(authentication));
+		given(this.delegate.metadataPush(any())).willReturn(this.voidResult.mono());
 
 		RSocket assertAuthentication = new RSocketProxy(this.delegate) {
 			@Override
@@ -392,9 +392,9 @@ public class PayloadInterceptorRSocketTests {
 
 	@Test
 	public void fireAndForgetWhenInterceptorsCompleteThenDelegateInvoked() {
-		when(this.interceptor.intercept(any(), any())).thenAnswer(withChainNext());
-		when(this.interceptor2.intercept(any(), any())).thenAnswer(withChainNext());
-		when(this.delegate.fireAndForget(any())).thenReturn(this.voidResult.mono());
+		given(this.interceptor.intercept(any(), any())).willAnswer(withChainNext());
+		given(this.interceptor2.intercept(any(), any())).willAnswer(withChainNext());
+		given(this.delegate.fireAndForget(any())).willReturn(this.voidResult.mono());
 
 		PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(this.delegate,
 				Arrays.asList(this.interceptor, this.interceptor2), this.metadataMimeType, this.dataMimeType);
@@ -408,9 +408,9 @@ public class PayloadInterceptorRSocketTests {
 
 	@Test
 	public void fireAndForgetWhenInterceptorsMutatesPayloadThenDelegateInvoked() {
-		when(this.interceptor.intercept(any(), any())).thenAnswer(withChainNext());
-		when(this.interceptor2.intercept(any(), any())).thenAnswer(withChainNext());
-		when(this.delegate.fireAndForget(any())).thenReturn(this.voidResult.mono());
+		given(this.interceptor.intercept(any(), any())).willAnswer(withChainNext());
+		given(this.interceptor2.intercept(any(), any())).willAnswer(withChainNext());
+		given(this.delegate.fireAndForget(any())).willReturn(this.voidResult.mono());
 
 		PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(this.delegate,
 				Arrays.asList(this.interceptor, this.interceptor2), this.metadataMimeType, this.dataMimeType);
@@ -427,7 +427,7 @@ public class PayloadInterceptorRSocketTests {
 	@Test
 	public void fireAndForgetWhenInterceptor1ErrorsThenInterceptor2AndDelegateNotInvoked() {
 		RuntimeException expected = new RuntimeException("Oops");
-		when(this.interceptor.intercept(any(), any())).thenReturn(Mono.error(expected));
+		given(this.interceptor.intercept(any(), any())).willReturn(Mono.error(expected));
 
 		PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(this.delegate,
 				Arrays.asList(this.interceptor, this.interceptor2), this.metadataMimeType, this.dataMimeType);
@@ -443,8 +443,8 @@ public class PayloadInterceptorRSocketTests {
 	@Test
 	public void fireAndForgetWhenInterceptor2ErrorsThenInterceptor2AndDelegateNotInvoked() {
 		RuntimeException expected = new RuntimeException("Oops");
-		when(this.interceptor.intercept(any(), any())).thenAnswer(withChainNext());
-		when(this.interceptor2.intercept(any(), any())).thenReturn(Mono.error(expected));
+		given(this.interceptor.intercept(any(), any())).willAnswer(withChainNext());
+		given(this.interceptor2.intercept(any(), any())).willReturn(Mono.error(expected));
 
 		PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(this.delegate,
 				Arrays.asList(this.interceptor, this.interceptor2), this.metadataMimeType, this.dataMimeType);
diff --git a/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadSocketAcceptorInterceptorTests.java b/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadSocketAcceptorInterceptorTests.java
index 3212bd1ae8..a20686ba3e 100644
--- a/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadSocketAcceptorInterceptorTests.java
+++ b/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadSocketAcceptorInterceptorTests.java
@@ -38,9 +38,9 @@ import org.springframework.security.rsocket.api.PayloadInterceptor;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 
 /**
  * @author Rob Winch
@@ -75,7 +75,7 @@ public class PayloadSocketAcceptorInterceptorTests {
 
 	@Test
 	public void applyWhenDefaultMetadataMimeTypeThenDefaulted() {
-		when(this.setupPayload.dataMimeType()).thenReturn(MediaType.APPLICATION_JSON_VALUE);
+		given(this.setupPayload.dataMimeType()).willReturn(MediaType.APPLICATION_JSON_VALUE);
 
 		PayloadExchange exchange = captureExchange();
 
@@ -87,7 +87,7 @@ public class PayloadSocketAcceptorInterceptorTests {
 	@Test
 	public void acceptWhenDefaultMetadataMimeTypeOverrideThenDefaulted() {
 		this.acceptorInterceptor.setDefaultMetadataMimeType(MediaType.APPLICATION_JSON);
-		when(this.setupPayload.dataMimeType()).thenReturn(MediaType.APPLICATION_JSON_VALUE);
+		given(this.setupPayload.dataMimeType()).willReturn(MediaType.APPLICATION_JSON_VALUE);
 
 		PayloadExchange exchange = captureExchange();
 
@@ -107,15 +107,15 @@ public class PayloadSocketAcceptorInterceptorTests {
 	}
 
 	private PayloadExchange captureExchange() {
-		when(this.socketAcceptor.accept(any(), any())).thenReturn(Mono.just(this.rSocket));
-		when(this.interceptor.intercept(any(), any())).thenReturn(Mono.empty());
+		given(this.socketAcceptor.accept(any(), any())).willReturn(Mono.just(this.rSocket));
+		given(this.interceptor.intercept(any(), any())).willReturn(Mono.empty());
 
 		SocketAcceptor wrappedAcceptor = this.acceptorInterceptor.apply(this.socketAcceptor);
 		RSocket result = wrappedAcceptor.accept(this.setupPayload, this.rSocket).block();
 
 		assertThat(result).isInstanceOf(PayloadInterceptorRSocket.class);
 
-		when(this.rSocket.fireAndForget(any())).thenReturn(Mono.empty());
+		given(this.rSocket.fireAndForget(any())).willReturn(Mono.empty());
 
 		result.fireAndForget(this.payload).block();
 
diff --git a/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadSocketAcceptorTests.java b/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadSocketAcceptorTests.java
index 0c695fef6d..0f61bf4853 100644
--- a/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadSocketAcceptorTests.java
+++ b/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadSocketAcceptorTests.java
@@ -45,9 +45,9 @@ import org.springframework.security.rsocket.api.PayloadInterceptor;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatCode;
 import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 
 /**
  * @author Rob Winch
@@ -106,7 +106,7 @@ public class PayloadSocketAcceptorTests {
 
 	@Test
 	public void acceptWhenDefaultMetadataMimeTypeThenDefaulted() {
-		when(this.setupPayload.dataMimeType()).thenReturn(MediaType.APPLICATION_JSON_VALUE);
+		given(this.setupPayload.dataMimeType()).willReturn(MediaType.APPLICATION_JSON_VALUE);
 
 		PayloadExchange exchange = captureExchange();
 
@@ -118,7 +118,7 @@ public class PayloadSocketAcceptorTests {
 	@Test
 	public void acceptWhenDefaultMetadataMimeTypeOverrideThenDefaulted() {
 		this.acceptor.setDefaultMetadataMimeType(MediaType.APPLICATION_JSON);
-		when(this.setupPayload.dataMimeType()).thenReturn(MediaType.APPLICATION_JSON_VALUE);
+		given(this.setupPayload.dataMimeType()).willReturn(MediaType.APPLICATION_JSON_VALUE);
 
 		PayloadExchange exchange = captureExchange();
 
@@ -139,8 +139,8 @@ public class PayloadSocketAcceptorTests {
 
 	@Test
 	public void acceptWhenExplicitMimeTypeThenThenOverrideDefault() {
-		when(this.setupPayload.metadataMimeType()).thenReturn(MediaType.TEXT_PLAIN_VALUE);
-		when(this.setupPayload.dataMimeType()).thenReturn(MediaType.APPLICATION_JSON_VALUE);
+		given(this.setupPayload.metadataMimeType()).willReturn(MediaType.TEXT_PLAIN_VALUE);
+		given(this.setupPayload.dataMimeType()).willReturn(MediaType.APPLICATION_JSON_VALUE);
 
 		PayloadExchange exchange = captureExchange();
 
@@ -151,8 +151,8 @@ public class PayloadSocketAcceptorTests {
 	@Test
 	// gh-8654
 	public void acceptWhenDelegateAcceptRequiresReactiveSecurityContext() {
-		when(this.setupPayload.metadataMimeType()).thenReturn(MediaType.TEXT_PLAIN_VALUE);
-		when(this.setupPayload.dataMimeType()).thenReturn(MediaType.APPLICATION_JSON_VALUE);
+		given(this.setupPayload.metadataMimeType()).willReturn(MediaType.TEXT_PLAIN_VALUE);
+		given(this.setupPayload.dataMimeType()).willReturn(MediaType.APPLICATION_JSON_VALUE);
 		SecurityContext expectedSecurityContext = new SecurityContextImpl(
 				new TestingAuthenticationToken("user", "password", "ROLE_USER"));
 		CaptureSecurityContextSocketAcceptor captureSecurityContext = new CaptureSecurityContextSocketAcceptor(
@@ -171,14 +171,14 @@ public class PayloadSocketAcceptorTests {
 	}
 
 	private PayloadExchange captureExchange() {
-		when(this.delegate.accept(any(), any())).thenReturn(Mono.just(this.rSocket));
-		when(this.interceptor.intercept(any(), any())).thenReturn(Mono.empty());
+		given(this.delegate.accept(any(), any())).willReturn(Mono.just(this.rSocket));
+		given(this.interceptor.intercept(any(), any())).willReturn(Mono.empty());
 
 		RSocket result = this.acceptor.accept(this.setupPayload, this.rSocket).block();
 
 		assertThat(result).isInstanceOf(PayloadInterceptorRSocket.class);
 
-		when(this.rSocket.fireAndForget(any())).thenReturn(Mono.empty());
+		given(this.rSocket.fireAndForget(any())).willReturn(Mono.empty());
 
 		result.fireAndForget(this.payload).block();
 
diff --git a/rsocket/src/test/java/org/springframework/security/rsocket/util/matcher/RoutePayloadExchangeMatcherTests.java b/rsocket/src/test/java/org/springframework/security/rsocket/util/matcher/RoutePayloadExchangeMatcherTests.java
index 6ecd661eb0..747e6e2c8a 100644
--- a/rsocket/src/test/java/org/springframework/security/rsocket/util/matcher/RoutePayloadExchangeMatcherTests.java
+++ b/rsocket/src/test/java/org/springframework/security/rsocket/util/matcher/RoutePayloadExchangeMatcherTests.java
@@ -38,7 +38,7 @@ import org.springframework.util.RouteMatcher;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.Mockito.when;
+import static org.mockito.BDDMockito.given;
 
 /**
  * @author Rob Winch
@@ -77,7 +77,7 @@ public class RoutePayloadExchangeMatcherTests {
 
 	@Test
 	public void matchesWhenNoRouteThenNotMatch() {
-		when(this.metadataExtractor.extract(any(), any())).thenReturn(Collections.emptyMap());
+		given(this.metadataExtractor.extract(any(), any())).willReturn(Collections.emptyMap());
 		PayloadExchangeMatcher.MatchResult result = this.matcher.matches(this.exchange).block();
 		assertThat(result.isMatch()).isFalse();
 	}
@@ -85,8 +85,8 @@ public class RoutePayloadExchangeMatcherTests {
 	@Test
 	public void matchesWhenNotMatchThenNotMatch() {
 		String route = "route";
-		when(this.metadataExtractor.extract(any(), any()))
-				.thenReturn(Collections.singletonMap(MetadataExtractor.ROUTE_KEY, route));
+		given(this.metadataExtractor.extract(any(), any()))
+				.willReturn(Collections.singletonMap(MetadataExtractor.ROUTE_KEY, route));
 		PayloadExchangeMatcher.MatchResult result = this.matcher.matches(this.exchange).block();
 		assertThat(result.isMatch()).isFalse();
 	}
@@ -94,10 +94,10 @@ public class RoutePayloadExchangeMatcherTests {
 	@Test
 	public void matchesWhenMatchAndNoVariablesThenMatch() {
 		String route = "route";
-		when(this.metadataExtractor.extract(any(), any()))
-				.thenReturn(Collections.singletonMap(MetadataExtractor.ROUTE_KEY, route));
-		when(this.routeMatcher.parseRoute(any())).thenReturn(this.route);
-		when(this.routeMatcher.matchAndExtract(any(), any())).thenReturn(Collections.emptyMap());
+		given(this.metadataExtractor.extract(any(), any()))
+				.willReturn(Collections.singletonMap(MetadataExtractor.ROUTE_KEY, route));
+		given(this.routeMatcher.parseRoute(any())).willReturn(this.route);
+		given(this.routeMatcher.matchAndExtract(any(), any())).willReturn(Collections.emptyMap());
 		PayloadExchangeMatcher.MatchResult result = this.matcher.matches(this.exchange).block();
 		assertThat(result.isMatch()).isTrue();
 	}
@@ -106,10 +106,10 @@ public class RoutePayloadExchangeMatcherTests {
 	public void matchesWhenMatchAndVariablesThenMatchAndVariables() {
 		String route = "route";
 		Map<String, String> variables = Collections.singletonMap("a", "b");
-		when(this.metadataExtractor.extract(any(), any()))
-				.thenReturn(Collections.singletonMap(MetadataExtractor.ROUTE_KEY, route));
-		when(this.routeMatcher.parseRoute(any())).thenReturn(this.route);
-		when(this.routeMatcher.matchAndExtract(any(), any())).thenReturn(variables);
+		given(this.metadataExtractor.extract(any(), any()))
+				.willReturn(Collections.singletonMap(MetadataExtractor.ROUTE_KEY, route));
+		given(this.routeMatcher.parseRoute(any())).willReturn(this.route);
+		given(this.routeMatcher.matchAndExtract(any(), any())).willReturn(variables);
 		PayloadExchangeMatcher.MatchResult result = this.matcher.matches(this.exchange).block();
 		assertThat(result.isMatch()).isTrue();
 		assertThat(result.getVariables()).containsAllEntriesOf(variables);
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistration.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistration.java
index 9480471a73..3927cd2c6b 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistration.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistration.java
@@ -28,6 +28,8 @@ import java.util.function.Consumer;
 import java.util.function.Function;
 
 import org.springframework.security.saml2.core.Saml2X509Credential;
+import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails;
+import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.ProviderDetails;
 import org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationFilter;
 import org.springframework.util.Assert;
 
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProviderTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProviderTests.java
index c9356536a7..b6081da1c3 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProviderTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProviderTests.java
@@ -69,10 +69,10 @@ import static java.util.Collections.singleton;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatCode;
 import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.atLeastOnce;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 import static org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport.getBuilderFactory;
 import static org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport.getMarshallerFactory;
 import static org.opensaml.saml.saml2.assertion.SAML2AssertionValidationParameters.SC_VALID_RECIPIENTS;
@@ -260,7 +260,7 @@ public class OpenSamlAuthenticationProviderTests {
 
 		Element attributeElement = element("<element>value</element>");
 		Marshaller marshaller = mock(Marshaller.class);
-		when(marshaller.marshall(any(XMLObject.class))).thenReturn(attributeElement);
+		given(marshaller.marshall(any(XMLObject.class))).willReturn(attributeElement);
 
 		try {
 			XMLObjectProviderRegistrySupport.getMarshallerFactory()
@@ -375,9 +375,9 @@ public class OpenSamlAuthenticationProviderTests {
 		response.getAssertions().add(assertion);
 		signed(response, assertingPartySigningCredential(), ASSERTING_PARTY_ENTITY_ID);
 		Saml2AuthenticationToken token = token(response, relyingPartyVerifyingCredential());
-		when(validator.getServicedCondition()).thenReturn(OneTimeUse.DEFAULT_ELEMENT_NAME);
-		when(validator.validate(any(Condition.class), any(Assertion.class), any(ValidationContext.class)))
-				.thenReturn(ValidationResult.VALID);
+		given(validator.getServicedCondition()).willReturn(OneTimeUse.DEFAULT_ELEMENT_NAME);
+		given(validator.validate(any(Condition.class), any(Assertion.class), any(ValidationContext.class)))
+				.willReturn(ValidationResult.VALID);
 		provider.authenticate(token);
 		verify(validator).validate(any(Condition.class), any(Assertion.class), any(ValidationContext.class));
 	}
@@ -388,7 +388,7 @@ public class OpenSamlAuthenticationProviderTests {
 		parameters.put(SC_VALID_RECIPIENTS, singleton(DESTINATION));
 		parameters.put(SIGNATURE_REQUIRED, false);
 		ValidationContext context = mock(ValidationContext.class);
-		when(context.getStaticParameters()).thenReturn(parameters);
+		given(context.getStaticParameters()).willReturn(parameters);
 		OpenSamlAuthenticationProvider provider = new OpenSamlAuthenticationProvider();
 		provider.setValidationContextConverter(tuple -> context);
 		Response response = response();
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationRequestFactoryTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationRequestFactoryTests.java
index a3962b07ee..1ec40b8fd2 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationRequestFactoryTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationRequestFactoryTests.java
@@ -39,9 +39,9 @@ import static java.nio.charset.StandardCharsets.UTF_8;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatCode;
 import static org.hamcrest.CoreMatchers.containsString;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 import static org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport.getParserPool;
 import static org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport.getUnmarshallerFactory;
 import static org.springframework.security.saml2.credentials.TestSaml2X509Credentials.relyingPartySigningCredential;
@@ -170,7 +170,7 @@ public class OpenSamlAuthenticationRequestFactoryTests {
 	public void createPostAuthenticationRequestWhenAuthnRequestConsumerThenUses() {
 		Function<Saml2AuthenticationRequestContext, Consumer<AuthnRequest>> authnRequestConsumerResolver = mock(
 				Function.class);
-		when(authnRequestConsumerResolver.apply(this.context)).thenReturn(authnRequest -> {
+		given(authnRequestConsumerResolver.apply(this.context)).willReturn(authnRequest -> {
 		});
 		this.factory.setAuthnRequestConsumerResolver(authnRequestConsumerResolver);
 
@@ -182,7 +182,7 @@ public class OpenSamlAuthenticationRequestFactoryTests {
 	public void createRedirectAuthenticationRequestWhenAuthnRequestConsumerThenUses() {
 		Function<Saml2AuthenticationRequestContext, Consumer<AuthnRequest>> authnRequestConsumerResolver = mock(
 				Function.class);
-		when(authnRequestConsumerResolver.apply(this.context)).thenReturn(authnRequest -> {
+		given(authnRequestConsumerResolver.apply(this.context)).willReturn(authnRequest -> {
 		});
 		this.factory.setAuthnRequestConsumerResolver(authnRequestConsumerResolver);
 
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationFilterTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationFilterTests.java
index 2127ca11a4..25d7f416aa 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationFilterTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationFilterTests.java
@@ -31,8 +31,8 @@ import org.springframework.security.saml2.provider.service.registration.RelyingP
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.failBecauseExceptionWasNotThrown;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
 
 public class Saml2WebSsoAuthenticationFilterTests {
 
@@ -81,7 +81,7 @@ public class Saml2WebSsoAuthenticationFilterTests {
 
 	@Test
 	public void attemptAuthenticationWhenRegistrationIdDoesNotExistThenThrowsException() {
-		when(this.repository.findByRegistrationId("non-existent-id")).thenReturn(null);
+		given(this.repository.findByRegistrationId("non-existent-id")).willReturn(null);
 
 		this.filter = new Saml2WebSsoAuthenticationFilter(this.repository, "/some/other/path/{registrationId}");
 
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationRequestFilterTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationRequestFilterTests.java
index 6526829196..69368eec00 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationRequestFilterTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationRequestFilterTests.java
@@ -38,10 +38,10 @@ import org.springframework.web.util.UriUtils;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatCode;
 import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.verifyNoInteractions;
-import static org.mockito.Mockito.when;
 import static org.springframework.security.saml2.credentials.TestSaml2X509Credentials.assertingPartyPrivateCredential;
 import static org.springframework.security.saml2.provider.service.authentication.TestSaml2AuthenticationRequestContexts.authenticationRequestContext;
 import static org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding.POST;
@@ -83,14 +83,14 @@ public class Saml2WebSsoAuthenticationRequestFilterTests {
 
 	@Test
 	public void doFilterWhenNoRelayStateThenRedirectDoesNotContainParameter() throws ServletException, IOException {
-		when(this.repository.findByRegistrationId("registration-id")).thenReturn(this.rpBuilder.build());
+		given(this.repository.findByRegistrationId("registration-id")).willReturn(this.rpBuilder.build());
 		this.filter.doFilterInternal(this.request, this.response, this.filterChain);
 		assertThat(this.response.getHeader("Location")).doesNotContain("RelayState=").startsWith(IDP_SSO_URL);
 	}
 
 	@Test
 	public void doFilterWhenRelayStateThenRedirectDoesContainParameter() throws ServletException, IOException {
-		when(this.repository.findByRegistrationId("registration-id")).thenReturn(this.rpBuilder.build());
+		given(this.repository.findByRegistrationId("registration-id")).willReturn(this.rpBuilder.build());
 		this.request.setParameter("RelayState", "my-relay-state");
 		this.filter.doFilterInternal(this.request, this.response, this.filterChain);
 		assertThat(this.response.getHeader("Location")).contains("RelayState=my-relay-state").startsWith(IDP_SSO_URL);
@@ -98,7 +98,7 @@ public class Saml2WebSsoAuthenticationRequestFilterTests {
 
 	@Test
 	public void doFilterWhenRelayStateThatRequiresEncodingThenRedirectDoesContainsEncodedParameter() throws Exception {
-		when(this.repository.findByRegistrationId("registration-id")).thenReturn(this.rpBuilder.build());
+		given(this.repository.findByRegistrationId("registration-id")).willReturn(this.rpBuilder.build());
 		final String relayStateValue = "https://my-relay-state.example.com?with=param&other=param";
 		final String relayStateEncoded = UriUtils.encode(relayStateValue, StandardCharsets.ISO_8859_1);
 		this.request.setParameter("RelayState", relayStateValue);
@@ -109,7 +109,7 @@ public class Saml2WebSsoAuthenticationRequestFilterTests {
 
 	@Test
 	public void doFilterWhenSimpleSignatureSpecifiedThenSignatureParametersAreInTheRedirectURL() throws Exception {
-		when(this.repository.findByRegistrationId("registration-id")).thenReturn(this.rpBuilder.build());
+		given(this.repository.findByRegistrationId("registration-id")).willReturn(this.rpBuilder.build());
 		final String relayStateValue = "https://my-relay-state.example.com?with=param&other=param";
 		final String relayStateEncoded = UriUtils.encode(relayStateValue, StandardCharsets.ISO_8859_1);
 		this.request.setParameter("RelayState", relayStateValue);
@@ -120,8 +120,8 @@ public class Saml2WebSsoAuthenticationRequestFilterTests {
 
 	@Test
 	public void doFilterWhenSignatureIsDisabledThenSignatureParametersAreNotInTheRedirectURL() throws Exception {
-		when(this.repository.findByRegistrationId("registration-id"))
-				.thenReturn(this.rpBuilder.providerDetails(c -> c.signAuthNRequest(false)).build());
+		given(this.repository.findByRegistrationId("registration-id"))
+				.willReturn(this.rpBuilder.providerDetails(c -> c.signAuthNRequest(false)).build());
 		final String relayStateValue = "https://my-relay-state.example.com?with=param&other=param";
 		final String relayStateEncoded = UriUtils.encode(relayStateValue, StandardCharsets.ISO_8859_1);
 		this.request.setParameter("RelayState", relayStateValue);
@@ -132,8 +132,8 @@ public class Saml2WebSsoAuthenticationRequestFilterTests {
 
 	@Test
 	public void doFilterWhenPostFormDataIsPresent() throws Exception {
-		when(this.repository.findByRegistrationId("registration-id"))
-				.thenReturn(this.rpBuilder.providerDetails(c -> c.binding(POST)).build());
+		given(this.repository.findByRegistrationId("registration-id"))
+				.willReturn(this.rpBuilder.providerDetails(c -> c.binding(POST)).build());
 		final String relayStateValue = "https://my-relay-state.example.com?with=param&other=param&javascript{alert('1');}";
 		final String relayStateEncoded = HtmlUtils.htmlEscape(relayStateValue);
 		this.request.setParameter("RelayState", relayStateValue);
@@ -149,11 +149,11 @@ public class Saml2WebSsoAuthenticationRequestFilterTests {
 	public void doFilterWhenSetAuthenticationRequestFactoryThenUses() throws Exception {
 		RelyingPartyRegistration relyingParty = this.rpBuilder.providerDetails(c -> c.binding(POST)).build();
 		Saml2PostAuthenticationRequest authenticationRequest = mock(Saml2PostAuthenticationRequest.class);
-		when(authenticationRequest.getAuthenticationRequestUri()).thenReturn("uri");
-		when(authenticationRequest.getRelayState()).thenReturn("relay");
-		when(authenticationRequest.getSamlRequest()).thenReturn("saml");
-		when(this.repository.findByRegistrationId("registration-id")).thenReturn(relyingParty);
-		when(this.factory.createPostAuthenticationRequest(any())).thenReturn(authenticationRequest);
+		given(authenticationRequest.getAuthenticationRequestUri()).willReturn("uri");
+		given(authenticationRequest.getRelayState()).willReturn("relay");
+		given(authenticationRequest.getSamlRequest()).willReturn("saml");
+		given(this.repository.findByRegistrationId("registration-id")).willReturn(relyingParty);
+		given(this.factory.createPostAuthenticationRequest(any())).willReturn(authenticationRequest);
 
 		Saml2WebSsoAuthenticationRequestFilter filter = new Saml2WebSsoAuthenticationRequestFilter(this.repository);
 		filter.setAuthenticationRequestFactory(this.factory);
@@ -168,12 +168,12 @@ public class Saml2WebSsoAuthenticationRequestFilterTests {
 	public void doFilterWhenCustomAuthenticationRequestFactoryThenUses() throws Exception {
 		RelyingPartyRegistration relyingParty = this.rpBuilder.providerDetails(c -> c.binding(POST)).build();
 		Saml2PostAuthenticationRequest authenticationRequest = mock(Saml2PostAuthenticationRequest.class);
-		when(authenticationRequest.getAuthenticationRequestUri()).thenReturn("uri");
-		when(authenticationRequest.getRelayState()).thenReturn("relay");
-		when(authenticationRequest.getSamlRequest()).thenReturn("saml");
-		when(this.resolver.resolve(this.request))
-				.thenReturn(authenticationRequestContext().relyingPartyRegistration(relyingParty).build());
-		when(this.factory.createPostAuthenticationRequest(any())).thenReturn(authenticationRequest);
+		given(authenticationRequest.getAuthenticationRequestUri()).willReturn("uri");
+		given(authenticationRequest.getRelayState()).willReturn("relay");
+		given(authenticationRequest.getSamlRequest()).willReturn("saml");
+		given(this.resolver.resolve(this.request))
+				.willReturn(authenticationRequestContext().relyingPartyRegistration(relyingParty).build());
+		given(this.factory.createPostAuthenticationRequest(any())).willReturn(authenticationRequest);
 
 		Saml2WebSsoAuthenticationRequestFilter filter = new Saml2WebSsoAuthenticationRequestFilter(this.resolver,
 				this.factory);
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationTokenConverterTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationTokenConverterTests.java
index 1de923bed4..a653845697 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationTokenConverterTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationTokenConverterTests.java
@@ -39,7 +39,7 @@ import static java.nio.charset.StandardCharsets.UTF_8;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatCode;
 import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.Mockito.when;
+import static org.mockito.BDDMockito.given;
 import static org.springframework.security.saml2.provider.service.registration.TestRelyingPartyRegistrations.relyingPartyRegistration;
 
 @RunWith(MockitoJUnitRunner.class)
@@ -54,8 +54,8 @@ public class Saml2AuthenticationTokenConverterTests {
 	public void convertWhenSamlResponseThenToken() {
 		Saml2AuthenticationTokenConverter converter = new Saml2AuthenticationTokenConverter(
 				this.relyingPartyRegistrationResolver);
-		when(this.relyingPartyRegistrationResolver.convert(any(HttpServletRequest.class)))
-				.thenReturn(this.relyingPartyRegistration);
+		given(this.relyingPartyRegistrationResolver.convert(any(HttpServletRequest.class)))
+				.willReturn(this.relyingPartyRegistration);
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setParameter("SAMLResponse", Saml2Utils.samlEncode("response".getBytes(UTF_8)));
 		Saml2AuthenticationToken token = converter.convert(request);
@@ -68,8 +68,8 @@ public class Saml2AuthenticationTokenConverterTests {
 	public void convertWhenNoSamlResponseThenNull() {
 		Saml2AuthenticationTokenConverter converter = new Saml2AuthenticationTokenConverter(
 				this.relyingPartyRegistrationResolver);
-		when(this.relyingPartyRegistrationResolver.convert(any(HttpServletRequest.class)))
-				.thenReturn(this.relyingPartyRegistration);
+		given(this.relyingPartyRegistrationResolver.convert(any(HttpServletRequest.class)))
+				.willReturn(this.relyingPartyRegistration);
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		assertThat(converter.convert(request)).isNull();
 	}
@@ -78,7 +78,7 @@ public class Saml2AuthenticationTokenConverterTests {
 	public void convertWhenNoRelyingPartyRegistrationThenNull() {
 		Saml2AuthenticationTokenConverter converter = new Saml2AuthenticationTokenConverter(
 				this.relyingPartyRegistrationResolver);
-		when(this.relyingPartyRegistrationResolver.convert(any(HttpServletRequest.class))).thenReturn(null);
+		given(this.relyingPartyRegistrationResolver.convert(any(HttpServletRequest.class))).willReturn(null);
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		assertThat(converter.convert(request)).isNull();
 	}
@@ -87,8 +87,8 @@ public class Saml2AuthenticationTokenConverterTests {
 	public void convertWhenGetRequestThenInflates() {
 		Saml2AuthenticationTokenConverter converter = new Saml2AuthenticationTokenConverter(
 				this.relyingPartyRegistrationResolver);
-		when(this.relyingPartyRegistrationResolver.convert(any(HttpServletRequest.class)))
-				.thenReturn(this.relyingPartyRegistration);
+		given(this.relyingPartyRegistrationResolver.convert(any(HttpServletRequest.class)))
+				.willReturn(this.relyingPartyRegistration);
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setMethod("GET");
 		byte[] deflated = Saml2Utils.samlDeflate("response");
@@ -109,8 +109,8 @@ public class Saml2AuthenticationTokenConverterTests {
 	public void convertWhenUsingSamlUtilsBase64ThenXmlIsValid() throws Exception {
 		Saml2AuthenticationTokenConverter converter = new Saml2AuthenticationTokenConverter(
 				this.relyingPartyRegistrationResolver);
-		when(this.relyingPartyRegistrationResolver.convert(any(HttpServletRequest.class)))
-				.thenReturn(this.relyingPartyRegistration);
+		given(this.relyingPartyRegistrationResolver.convert(any(HttpServletRequest.class)))
+				.willReturn(this.relyingPartyRegistration);
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setParameter("SAMLResponse", getSsoCircleEncodedXml());
 		Saml2AuthenticationToken token = converter.convert(request);
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilterTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilterTests.java
index 6d1b0455e9..3e4fe4d575 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilterTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilterTests.java
@@ -30,10 +30,10 @@ import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatCode;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.verifyNoInteractions;
-import static org.mockito.Mockito.when;
 import static org.springframework.security.saml2.core.TestSaml2X509Credentials.relyingPartyVerifyingCredential;
 import static org.springframework.security.saml2.provider.service.registration.TestRelyingPartyRegistrations.noCredentials;
 
@@ -94,7 +94,7 @@ public class Saml2MetadataFilterTests {
 	public void doFilterWhenNoRelyingPartyRegistrationThenUnauthorized() throws Exception {
 		// given
 		this.request.setPathInfo("/saml2/service-provider-metadata/invalidRegistration");
-		when(this.repository.findByRegistrationId("invalidRegistration")).thenReturn(null);
+		given(this.repository.findByRegistrationId("invalidRegistration")).willReturn(null);
 
 		// when
 		this.filter.doFilter(this.request, this.response, this.chain);
@@ -114,7 +114,7 @@ public class Saml2MetadataFilterTests {
 				.build();
 
 		String generatedMetadata = "<xml>test</xml>";
-		when(this.resolver.resolve(validRegistration)).thenReturn(generatedMetadata);
+		given(this.resolver.resolve(validRegistration)).willReturn(generatedMetadata);
 
 		this.filter = new Saml2MetadataFilter(request -> validRegistration, this.resolver);
 
diff --git a/taglibs/src/test/java/org/springframework/security/taglibs/authz/AbstractAuthorizeTagTests.java b/taglibs/src/test/java/org/springframework/security/taglibs/authz/AbstractAuthorizeTagTests.java
index 5d009dde41..ca81cb9b85 100644
--- a/taglibs/src/test/java/org/springframework/security/taglibs/authz/AbstractAuthorizeTagTests.java
+++ b/taglibs/src/test/java/org/springframework/security/taglibs/authz/AbstractAuthorizeTagTests.java
@@ -40,9 +40,9 @@ import org.springframework.web.context.WebApplicationContext;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 
 /**
  * @author Rob Winch
@@ -89,8 +89,8 @@ public class AbstractAuthorizeTagTests {
 		WebInvocationPrivilegeEvaluator expected = mock(WebInvocationPrivilegeEvaluator.class);
 		this.tag.setUrl(uri);
 		WebApplicationContext wac = mock(WebApplicationContext.class);
-		when(wac.getBeansOfType(WebInvocationPrivilegeEvaluator.class))
-				.thenReturn(Collections.singletonMap("wipe", expected));
+		given(wac.getBeansOfType(WebInvocationPrivilegeEvaluator.class))
+				.willReturn(Collections.singletonMap("wipe", expected));
 		this.servletContext.setAttribute("org.springframework.web.servlet.FrameworkServlet.CONTEXT.dispatcher", wac);
 
 		this.tag.authorizeUsingUrlCheck();
@@ -105,8 +105,8 @@ public class AbstractAuthorizeTagTests {
 		DefaultWebSecurityExpressionHandler expected = new DefaultWebSecurityExpressionHandler();
 		this.tag.setAccess("permitAll");
 		WebApplicationContext wac = mock(WebApplicationContext.class);
-		when(wac.getBeansOfType(SecurityExpressionHandler.class))
-				.thenReturn(Collections.<String, SecurityExpressionHandler>singletonMap("wipe", expected));
+		given(wac.getBeansOfType(SecurityExpressionHandler.class))
+				.willReturn(Collections.<String, SecurityExpressionHandler>singletonMap("wipe", expected));
 		this.servletContext.setAttribute("org.springframework.web.servlet.FrameworkServlet.CONTEXT.dispatcher", wac);
 
 		assertThat(this.tag.authorize()).isTrue();
diff --git a/taglibs/src/test/java/org/springframework/security/taglibs/authz/AccessControlListTagTests.java b/taglibs/src/test/java/org/springframework/security/taglibs/authz/AccessControlListTagTests.java
index 05f54a0ae8..67d6718f2e 100644
--- a/taglibs/src/test/java/org/springframework/security/taglibs/authz/AccessControlListTagTests.java
+++ b/taglibs/src/test/java/org/springframework/security/taglibs/authz/AccessControlListTagTests.java
@@ -36,10 +36,10 @@ import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.web.context.WebApplicationContext;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.verifyNoMoreInteractions;
-import static org.mockito.Mockito.when;
 
 /**
  * @author Luke Taylor
@@ -68,7 +68,7 @@ public class AccessControlListTagTests {
 
 		Map beanMap = new HashMap();
 		beanMap.put("pe", this.pe);
-		when(ctx.getBeansOfType(PermissionEvaluator.class)).thenReturn(beanMap);
+		given(ctx.getBeansOfType(PermissionEvaluator.class)).willReturn(beanMap);
 
 		MockServletContext servletCtx = new MockServletContext();
 		servletCtx.setAttribute(WebApplicationContext.ROOT_WEB_APPLICATION_CONTEXT_ATTRIBUTE, ctx);
@@ -84,7 +84,7 @@ public class AccessControlListTagTests {
 	@Test
 	public void bodyIsEvaluatedIfAclGrantsAccess() throws Exception {
 		Object domainObject = new Object();
-		when(this.pe.hasPermission(this.bob, domainObject, "READ")).thenReturn(true);
+		given(this.pe.hasPermission(this.bob, domainObject, "READ")).willReturn(true);
 
 		this.tag.setDomainObject(domainObject);
 		this.tag.setHasPermission("READ");
@@ -105,7 +105,7 @@ public class AccessControlListTagTests {
 		servletContext.setAttribute("org.springframework.web.servlet.FrameworkServlet.CONTEXT.dispatcher", wac);
 
 		Object domainObject = new Object();
-		when(this.pe.hasPermission(this.bob, domainObject, "READ")).thenReturn(true);
+		given(this.pe.hasPermission(this.bob, domainObject, "READ")).willReturn(true);
 
 		this.tag.setDomainObject(domainObject);
 		this.tag.setHasPermission("READ");
@@ -121,8 +121,8 @@ public class AccessControlListTagTests {
 	@Test
 	public void multiHasPermissionsAreSplit() throws Exception {
 		Object domainObject = new Object();
-		when(this.pe.hasPermission(this.bob, domainObject, "READ")).thenReturn(true);
-		when(this.pe.hasPermission(this.bob, domainObject, "WRITE")).thenReturn(true);
+		given(this.pe.hasPermission(this.bob, domainObject, "READ")).willReturn(true);
+		given(this.pe.hasPermission(this.bob, domainObject, "WRITE")).willReturn(true);
 
 		this.tag.setDomainObject(domainObject);
 		this.tag.setHasPermission("READ,WRITE");
@@ -141,8 +141,8 @@ public class AccessControlListTagTests {
 	@Test
 	public void hasPermissionsBitMaskSupported() throws Exception {
 		Object domainObject = new Object();
-		when(this.pe.hasPermission(this.bob, domainObject, 1)).thenReturn(true);
-		when(this.pe.hasPermission(this.bob, domainObject, 2)).thenReturn(true);
+		given(this.pe.hasPermission(this.bob, domainObject, 1)).willReturn(true);
+		given(this.pe.hasPermission(this.bob, domainObject, 2)).willReturn(true);
 
 		this.tag.setDomainObject(domainObject);
 		this.tag.setHasPermission("1,2");
@@ -160,8 +160,8 @@ public class AccessControlListTagTests {
 	@Test
 	public void hasPermissionsMixedBitMaskSupported() throws Exception {
 		Object domainObject = new Object();
-		when(this.pe.hasPermission(this.bob, domainObject, 1)).thenReturn(true);
-		when(this.pe.hasPermission(this.bob, domainObject, "WRITE")).thenReturn(true);
+		given(this.pe.hasPermission(this.bob, domainObject, 1)).willReturn(true);
+		given(this.pe.hasPermission(this.bob, domainObject, "WRITE")).willReturn(true);
 
 		this.tag.setDomainObject(domainObject);
 		this.tag.setHasPermission("1,WRITE");
@@ -179,7 +179,7 @@ public class AccessControlListTagTests {
 	@Test
 	public void bodyIsSkippedIfAclDeniesAccess() throws Exception {
 		Object domainObject = new Object();
-		when(this.pe.hasPermission(this.bob, domainObject, "READ")).thenReturn(false);
+		given(this.pe.hasPermission(this.bob, domainObject, "READ")).willReturn(false);
 
 		this.tag.setDomainObject(domainObject);
 		this.tag.setHasPermission("READ");
diff --git a/taglibs/src/test/java/org/springframework/security/taglibs/authz/AuthorizeTagTests.java b/taglibs/src/test/java/org/springframework/security/taglibs/authz/AuthorizeTagTests.java
index c89a4f6975..7f7f54ee36 100644
--- a/taglibs/src/test/java/org/springframework/security/taglibs/authz/AuthorizeTagTests.java
+++ b/taglibs/src/test/java/org/springframework/security/taglibs/authz/AuthorizeTagTests.java
@@ -43,7 +43,7 @@ import org.springframework.web.context.support.StaticWebApplicationContext;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.anyString;
 import static org.mockito.ArgumentMatchers.eq;
-import static org.mockito.Mockito.when;
+import static org.mockito.BDDMockito.given;
 
 /**
  * @author Francois Beausoleil
@@ -91,7 +91,7 @@ public class AuthorizeTagTests {
 		Object domain = new Object();
 		this.request.setAttribute("domain", domain);
 		this.authorizeTag.setAccess("hasPermission(#domain,'read') or hasPermission(#domain,'write')");
-		when(this.permissionEvaluator.hasPermission(eq(this.currentUser), eq(domain), anyString())).thenReturn(true);
+		given(this.permissionEvaluator.hasPermission(eq(this.currentUser), eq(domain), anyString())).willReturn(true);
 
 		assertThat(this.authorizeTag.doStartTag()).isEqualTo(Tag.EVAL_BODY_INCLUDE);
 	}
diff --git a/test/src/test/java/org/springframework/security/test/context/support/WithMockUserSecurityContextFactoryTests.java b/test/src/test/java/org/springframework/security/test/context/support/WithMockUserSecurityContextFactoryTests.java
index 1edb96de79..790b1498ec 100644
--- a/test/src/test/java/org/springframework/security/test/context/support/WithMockUserSecurityContextFactoryTests.java
+++ b/test/src/test/java/org/springframework/security/test/context/support/WithMockUserSecurityContextFactoryTests.java
@@ -22,7 +22,7 @@ import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.Mockito.when;
+import static org.mockito.BDDMockito.given;
 
 @RunWith(MockitoJUnitRunner.class)
 public class WithMockUserSecurityContextFactoryTests {
@@ -44,10 +44,10 @@ public class WithMockUserSecurityContextFactoryTests {
 
 	@Test
 	public void valueDefaultsUsername() {
-		when(this.withUser.value()).thenReturn("valueUser");
-		when(this.withUser.password()).thenReturn("password");
-		when(this.withUser.roles()).thenReturn(new String[] { "USER" });
-		when(this.withUser.authorities()).thenReturn(new String[] {});
+		given(this.withUser.value()).willReturn("valueUser");
+		given(this.withUser.password()).willReturn("password");
+		given(this.withUser.roles()).willReturn(new String[] { "USER" });
+		given(this.withUser.authorities()).willReturn(new String[] {});
 
 		assertThat(this.factory.createSecurityContext(this.withUser).getAuthentication().getName())
 				.isEqualTo(this.withUser.value());
@@ -55,10 +55,10 @@ public class WithMockUserSecurityContextFactoryTests {
 
 	@Test
 	public void usernamePrioritizedOverValue() {
-		when(this.withUser.username()).thenReturn("customUser");
-		when(this.withUser.password()).thenReturn("password");
-		when(this.withUser.roles()).thenReturn(new String[] { "USER" });
-		when(this.withUser.authorities()).thenReturn(new String[] {});
+		given(this.withUser.username()).willReturn("customUser");
+		given(this.withUser.password()).willReturn("password");
+		given(this.withUser.roles()).willReturn(new String[] { "USER" });
+		given(this.withUser.authorities()).willReturn(new String[] {});
 
 		assertThat(this.factory.createSecurityContext(this.withUser).getAuthentication().getName())
 				.isEqualTo(this.withUser.username());
@@ -66,10 +66,10 @@ public class WithMockUserSecurityContextFactoryTests {
 
 	@Test
 	public void rolesWorks() {
-		when(this.withUser.value()).thenReturn("valueUser");
-		when(this.withUser.password()).thenReturn("password");
-		when(this.withUser.roles()).thenReturn(new String[] { "USER", "CUSTOM" });
-		when(this.withUser.authorities()).thenReturn(new String[] {});
+		given(this.withUser.value()).willReturn("valueUser");
+		given(this.withUser.password()).willReturn("password");
+		given(this.withUser.roles()).willReturn(new String[] { "USER", "CUSTOM" });
+		given(this.withUser.authorities()).willReturn(new String[] {});
 
 		assertThat(this.factory.createSecurityContext(this.withUser).getAuthentication().getAuthorities())
 				.extracting("authority").containsOnly("ROLE_USER", "ROLE_CUSTOM");
@@ -77,10 +77,10 @@ public class WithMockUserSecurityContextFactoryTests {
 
 	@Test
 	public void authoritiesWorks() {
-		when(this.withUser.value()).thenReturn("valueUser");
-		when(this.withUser.password()).thenReturn("password");
-		when(this.withUser.roles()).thenReturn(new String[] { "USER" });
-		when(this.withUser.authorities()).thenReturn(new String[] { "USER", "CUSTOM" });
+		given(this.withUser.value()).willReturn("valueUser");
+		given(this.withUser.password()).willReturn("password");
+		given(this.withUser.roles()).willReturn(new String[] { "USER" });
+		given(this.withUser.authorities()).willReturn(new String[] { "USER", "CUSTOM" });
 
 		assertThat(this.factory.createSecurityContext(this.withUser).getAuthentication().getAuthorities())
 				.extracting("authority").containsOnly("USER", "CUSTOM");
@@ -88,18 +88,18 @@ public class WithMockUserSecurityContextFactoryTests {
 
 	@Test(expected = IllegalStateException.class)
 	public void authoritiesAndRolesInvalid() {
-		when(this.withUser.value()).thenReturn("valueUser");
-		when(this.withUser.roles()).thenReturn(new String[] { "CUSTOM" });
-		when(this.withUser.authorities()).thenReturn(new String[] { "USER", "CUSTOM" });
+		given(this.withUser.value()).willReturn("valueUser");
+		given(this.withUser.roles()).willReturn(new String[] { "CUSTOM" });
+		given(this.withUser.authorities()).willReturn(new String[] { "USER", "CUSTOM" });
 
 		this.factory.createSecurityContext(this.withUser);
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void rolesWithRolePrefixFails() {
-		when(this.withUser.value()).thenReturn("valueUser");
-		when(this.withUser.roles()).thenReturn(new String[] { "ROLE_FAIL" });
-		when(this.withUser.authorities()).thenReturn(new String[] {});
+		given(this.withUser.value()).willReturn("valueUser");
+		given(this.withUser.roles()).willReturn(new String[] { "ROLE_FAIL" });
+		given(this.withUser.authorities()).willReturn(new String[] {});
 
 		this.factory.createSecurityContext(this.withUser);
 	}
diff --git a/test/src/test/java/org/springframework/security/test/context/support/WithSecurityContextTestExcecutionListenerTests.java b/test/src/test/java/org/springframework/security/test/context/support/WithSecurityContextTestExcecutionListenerTests.java
index dec5e7b65e..3bacb905d9 100644
--- a/test/src/test/java/org/springframework/security/test/context/support/WithSecurityContextTestExcecutionListenerTests.java
+++ b/test/src/test/java/org/springframework/security/test/context/support/WithSecurityContextTestExcecutionListenerTests.java
@@ -45,8 +45,8 @@ import org.springframework.test.context.support.AbstractTestExecutionListener;
 import org.springframework.util.ReflectionUtils;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
 
 @RunWith(MockitoJUnitRunner.class)
 public class WithSecurityContextTestExcecutionListenerTests {
@@ -76,8 +76,8 @@ public class WithSecurityContextTestExcecutionListenerTests {
 	@SuppressWarnings({ "rawtypes", "unchecked" })
 	public void beforeTestMethodNullSecurityContextNoError() throws Exception {
 		Class testClass = FakeTest.class;
-		when(this.testContext.getTestClass()).thenReturn(testClass);
-		when(this.testContext.getTestMethod()).thenReturn(ReflectionUtils.findMethod(testClass, "testNoAnnotation"));
+		given(this.testContext.getTestClass()).willReturn(testClass);
+		given(this.testContext.getTestMethod()).willReturn(ReflectionUtils.findMethod(testClass, "testNoAnnotation"));
 
 		this.listener.beforeTestMethod(this.testContext);
 	}
@@ -86,8 +86,8 @@ public class WithSecurityContextTestExcecutionListenerTests {
 	@SuppressWarnings({ "rawtypes", "unchecked" })
 	public void beforeTestMethodNoApplicationContext() throws Exception {
 		Class testClass = FakeTest.class;
-		when(this.testContext.getApplicationContext()).thenThrow(new IllegalStateException());
-		when(this.testContext.getTestMethod()).thenReturn(ReflectionUtils.findMethod(testClass, "testWithMockUser"));
+		given(this.testContext.getApplicationContext()).willThrow(new IllegalStateException());
+		given(this.testContext.getTestMethod()).willReturn(ReflectionUtils.findMethod(testClass, "testWithMockUser"));
 
 		this.listener.beforeTestMethod(this.testContext);
 
@@ -128,8 +128,8 @@ public class WithSecurityContextTestExcecutionListenerTests {
 		Method method = ReflectionUtils.findMethod(WithSecurityContextTestExcecutionListenerTests.class,
 				"handlesGenericAnnotationTestMethod");
 		TestContext testContext = mock(TestContext.class);
-		when(testContext.getTestMethod()).thenReturn(method);
-		when(testContext.getApplicationContext()).thenThrow(new IllegalStateException(""));
+		given(testContext.getTestMethod()).willReturn(method);
+		given(testContext.getApplicationContext()).willThrow(new IllegalStateException(""));
 
 		this.listener.beforeTestMethod(testContext);
 
diff --git a/test/src/test/java/org/springframework/security/test/context/support/WithSecurityContextTestExecutionListenerTests.java b/test/src/test/java/org/springframework/security/test/context/support/WithSecurityContextTestExecutionListenerTests.java
index 3fd1c645c6..10bc6fd566 100644
--- a/test/src/test/java/org/springframework/security/test/context/support/WithSecurityContextTestExecutionListenerTests.java
+++ b/test/src/test/java/org/springframework/security/test/context/support/WithSecurityContextTestExecutionListenerTests.java
@@ -44,9 +44,9 @@ import org.springframework.test.context.junit4.rules.SpringMethodRule;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.never;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 
 /**
  * @author Rob Winch
@@ -78,8 +78,8 @@ public class WithSecurityContextTestExecutionListenerTests {
 	@Test
 	public void beforeTestMethodWhenWithMockUserTestExecutionDefaultThenSecurityContextSet() throws Exception {
 		Method testMethod = TheTest.class.getMethod("withMockUserDefault");
-		when(this.testContext.getApplicationContext()).thenReturn(this.applicationContext);
-		when(this.testContext.getTestMethod()).thenReturn(testMethod);
+		given(this.testContext.getApplicationContext()).willReturn(this.applicationContext);
+		given(this.testContext.getTestMethod()).willReturn(testMethod);
 
 		this.listener.beforeTestMethod(this.testContext);
 
@@ -91,8 +91,8 @@ public class WithSecurityContextTestExecutionListenerTests {
 	@Test
 	public void beforeTestMethodWhenWithMockUserTestMethodThenSecurityContextSet() throws Exception {
 		Method testMethod = TheTest.class.getMethod("withMockUserTestMethod");
-		when(this.testContext.getApplicationContext()).thenReturn(this.applicationContext);
-		when(this.testContext.getTestMethod()).thenReturn(testMethod);
+		given(this.testContext.getApplicationContext()).willReturn(this.applicationContext);
+		given(this.testContext.getTestMethod()).willReturn(testMethod);
 
 		this.listener.beforeTestMethod(this.testContext);
 
@@ -104,8 +104,8 @@ public class WithSecurityContextTestExecutionListenerTests {
 	@Test
 	public void beforeTestMethodWhenWithMockUserTestExecutionThenTestContextSet() throws Exception {
 		Method testMethod = TheTest.class.getMethod("withMockUserTestExecution");
-		when(this.testContext.getApplicationContext()).thenReturn(this.applicationContext);
-		when(this.testContext.getTestMethod()).thenReturn(testMethod);
+		given(this.testContext.getApplicationContext()).willReturn(this.applicationContext);
+		given(this.testContext.getTestMethod()).willReturn(testMethod);
 
 		this.listener.beforeTestMethod(this.testContext);
 
@@ -118,8 +118,8 @@ public class WithSecurityContextTestExecutionListenerTests {
 	@SuppressWarnings("unchecked")
 	public void beforeTestMethodWhenWithMockUserTestExecutionThenTestContextSupplierOk() throws Exception {
 		Method testMethod = TheTest.class.getMethod("withMockUserTestExecution");
-		when(this.testContext.getApplicationContext()).thenReturn(this.applicationContext);
-		when(this.testContext.getTestMethod()).thenReturn(testMethod);
+		given(this.testContext.getApplicationContext()).willReturn(this.applicationContext);
+		given(this.testContext.getTestMethod()).willReturn(testMethod);
 
 		this.listener.beforeTestMethod(this.testContext);
 
@@ -133,9 +133,9 @@ public class WithSecurityContextTestExecutionListenerTests {
 	// gh-6591
 	public void beforeTestMethodWhenTestExecutionThenDelayFactoryCreate() throws Exception {
 		Method testMethod = TheTest.class.getMethod("withUserDetails");
-		when(this.testContext.getApplicationContext()).thenReturn(this.applicationContext);
+		given(this.testContext.getApplicationContext()).willReturn(this.applicationContext);
 		// do not set a UserDetailsService Bean so it would fail if looked up
-		when(this.testContext.getTestMethod()).thenReturn(testMethod);
+		given(this.testContext.getTestMethod()).willReturn(testMethod);
 
 		this.listener.beforeTestMethod(this.testContext);
 		// bean lookup of UserDetailsService would fail if it has already been looked up
@@ -153,8 +153,8 @@ public class WithSecurityContextTestExecutionListenerTests {
 		SecurityContextImpl securityContext = new SecurityContextImpl();
 		securityContext.setAuthentication(new TestingAuthenticationToken("user", "passsword", "ROLE_USER"));
 		Supplier<SecurityContext> supplier = () -> securityContext;
-		when(this.testContext.removeAttribute(WithSecurityContextTestExecutionListener.SECURITY_CONTEXT_ATTR_NAME))
-				.thenReturn(supplier);
+		given(this.testContext.removeAttribute(WithSecurityContextTestExecutionListener.SECURITY_CONTEXT_ATTR_NAME))
+				.willReturn(supplier);
 
 		this.listener.beforeTestExecution(this.testContext);
 
diff --git a/test/src/test/java/org/springframework/security/test/context/support/WithUserDetailsSecurityContextFactoryTests.java b/test/src/test/java/org/springframework/security/test/context/support/WithUserDetailsSecurityContextFactoryTests.java
index 873ce590e2..ce3c9f7d90 100644
--- a/test/src/test/java/org/springframework/security/test/context/support/WithUserDetailsSecurityContextFactoryTests.java
+++ b/test/src/test/java/org/springframework/security/test/context/support/WithUserDetailsSecurityContextFactoryTests.java
@@ -32,8 +32,8 @@ import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 
 @RunWith(MockitoJUnitRunner.class)
 public class WithUserDetailsSecurityContextFactoryTests {
@@ -68,17 +68,17 @@ public class WithUserDetailsSecurityContextFactoryTests {
 	@Test(expected = IllegalArgumentException.class)
 	public void createSecurityContextEmptyValue() {
 
-		when(this.withUserDetails.value()).thenReturn("");
+		given(this.withUserDetails.value()).willReturn("");
 		this.factory.createSecurityContext(this.withUserDetails);
 	}
 
 	@Test
 	public void createSecurityContextWithExistingUser() {
 		String username = "user";
-		when(this.beans.getBean(ReactiveUserDetailsService.class)).thenThrow(new NoSuchBeanDefinitionException(""));
-		when(this.beans.getBean(UserDetailsService.class)).thenReturn(this.userDetailsService);
-		when(this.withUserDetails.value()).thenReturn(username);
-		when(this.userDetailsService.loadUserByUsername(username)).thenReturn(this.userDetails);
+		given(this.beans.getBean(ReactiveUserDetailsService.class)).willThrow(new NoSuchBeanDefinitionException(""));
+		given(this.beans.getBean(UserDetailsService.class)).willReturn(this.userDetailsService);
+		given(this.withUserDetails.value()).willReturn(username);
+		given(this.userDetailsService.loadUserByUsername(username)).willReturn(this.userDetails);
 
 		SecurityContext context = this.factory.createSecurityContext(this.withUserDetails);
 		assertThat(context.getAuthentication()).isInstanceOf(UsernamePasswordAuthenticationToken.class);
@@ -91,12 +91,12 @@ public class WithUserDetailsSecurityContextFactoryTests {
 	public void createSecurityContextWithUserDetailsServiceName() {
 		String beanName = "secondUserDetailsServiceBean";
 		String username = "user";
-		when(this.beans.getBean(beanName, ReactiveUserDetailsService.class)).thenThrow(
+		given(this.beans.getBean(beanName, ReactiveUserDetailsService.class)).willThrow(
 				new BeanNotOfRequiredTypeException("", ReactiveUserDetailsService.class, UserDetailsService.class));
-		when(this.withUserDetails.value()).thenReturn(username);
-		when(this.withUserDetails.userDetailsServiceBeanName()).thenReturn(beanName);
-		when(this.userDetailsService.loadUserByUsername(username)).thenReturn(this.userDetails);
-		when(this.beans.getBean(beanName, UserDetailsService.class)).thenReturn(this.userDetailsService);
+		given(this.withUserDetails.value()).willReturn(username);
+		given(this.withUserDetails.userDetailsServiceBeanName()).willReturn(beanName);
+		given(this.userDetailsService.loadUserByUsername(username)).willReturn(this.userDetails);
+		given(this.beans.getBean(beanName, UserDetailsService.class)).willReturn(this.userDetailsService);
 
 		SecurityContext context = this.factory.createSecurityContext(this.withUserDetails);
 		assertThat(context.getAuthentication()).isInstanceOf(UsernamePasswordAuthenticationToken.class);
@@ -107,9 +107,9 @@ public class WithUserDetailsSecurityContextFactoryTests {
 	@Test
 	public void createSecurityContextWithReactiveUserDetailsService() {
 		String username = "user";
-		when(this.withUserDetails.value()).thenReturn(username);
-		when(this.beans.getBean(ReactiveUserDetailsService.class)).thenReturn(this.reactiveUserDetailsService);
-		when(this.reactiveUserDetailsService.findByUsername(username)).thenReturn(Mono.just(this.userDetails));
+		given(this.withUserDetails.value()).willReturn(username);
+		given(this.beans.getBean(ReactiveUserDetailsService.class)).willReturn(this.reactiveUserDetailsService);
+		given(this.reactiveUserDetailsService.findByUsername(username)).willReturn(Mono.just(this.userDetails));
 
 		SecurityContext context = this.factory.createSecurityContext(this.withUserDetails);
 		assertThat(context.getAuthentication()).isInstanceOf(UsernamePasswordAuthenticationToken.class);
@@ -121,11 +121,11 @@ public class WithUserDetailsSecurityContextFactoryTests {
 	public void createSecurityContextWithReactiveUserDetailsServiceAndBeanName() {
 		String beanName = "secondUserDetailsServiceBean";
 		String username = "user";
-		when(this.withUserDetails.value()).thenReturn(username);
-		when(this.withUserDetails.userDetailsServiceBeanName()).thenReturn(beanName);
-		when(this.beans.getBean(beanName, ReactiveUserDetailsService.class))
-				.thenReturn(this.reactiveUserDetailsService);
-		when(this.reactiveUserDetailsService.findByUsername(username)).thenReturn(Mono.just(this.userDetails));
+		given(this.withUserDetails.value()).willReturn(username);
+		given(this.withUserDetails.userDetailsServiceBeanName()).willReturn(beanName);
+		given(this.beans.getBean(beanName, ReactiveUserDetailsService.class))
+				.willReturn(this.reactiveUserDetailsService);
+		given(this.reactiveUserDetailsService.findByUsername(username)).willReturn(Mono.just(this.userDetails));
 
 		SecurityContext context = this.factory.createSecurityContext(this.withUserDetails);
 		assertThat(context.getAuthentication()).isInstanceOf(UsernamePasswordAuthenticationToken.class);
diff --git a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersOAuth2ClientTests.java b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersOAuth2ClientTests.java
index 242f0a4327..0183ef8aaa 100644
--- a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersOAuth2ClientTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersOAuth2ClientTests.java
@@ -45,8 +45,8 @@ import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatCode;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 import static org.springframework.security.oauth2.client.registration.TestClientRegistrations.clientRegistration;
 import static org.springframework.security.oauth2.core.TestOAuth2AccessTokens.noScopes;
 import static org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.mockOAuth2Client;
@@ -154,8 +154,8 @@ public class SecurityMockServerConfigurersOAuth2ClientTests extends AbstractMock
 		assertThat(client.getClientRegistration().getClientId()).isEqualTo("test-client");
 
 		client = new OAuth2AuthorizedClient(clientRegistration().build(), "sub", noScopes());
-		when(this.authorizedClientRepository.loadAuthorizedClient(eq("registration-id"), any(Authentication.class),
-				any(ServerWebExchange.class))).thenReturn(Mono.just(client));
+		given(this.authorizedClientRepository.loadAuthorizedClient(eq("registration-id"), any(Authentication.class),
+				any(ServerWebExchange.class))).willReturn(Mono.just(client));
 		this.client.get().uri("/client").exchange().expectStatus().isOk();
 		client = this.controller.authorizedClient;
 		assertThat(client).isNotNull();
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOAuth2ClientTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOAuth2ClientTests.java
index 4814f4b0f8..814f1340ad 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOAuth2ClientTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOAuth2ClientTests.java
@@ -49,9 +49,9 @@ import org.springframework.web.servlet.config.annotation.EnableWebMvc;
 import static org.assertj.core.api.Assertions.assertThatCode;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 import static org.springframework.security.oauth2.client.registration.TestClientRegistrations.clientRegistration;
 import static org.springframework.security.oauth2.core.TestOAuth2AccessTokens.noScopes;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.oauth2Client;
@@ -143,8 +143,8 @@ public class SecurityMockMvcRequestPostProcessorsOAuth2ClientTests {
 
 		OAuth2AuthorizedClient client = new OAuth2AuthorizedClient(clientRegistration().build(), "sub", noScopes());
 		OAuth2AuthorizedClientRepository repository = this.context.getBean(OAuth2AuthorizedClientRepository.class);
-		when(repository.loadAuthorizedClient(eq("registration-id"), any(Authentication.class),
-				any(HttpServletRequest.class))).thenReturn(client);
+		given(repository.loadAuthorizedClient(eq("registration-id"), any(Authentication.class),
+				any(HttpServletRequest.class))).willReturn(client);
 		this.mvc.perform(get("/client-id")).andExpect(content().string("client-id"));
 		verify(repository).loadAuthorizedClient(eq("registration-id"), any(Authentication.class),
 				any(HttpServletRequest.class));
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurerTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurerTests.java
index 1e0ce9e7ad..a64e06ecb7 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurerTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurerTests.java
@@ -32,8 +32,8 @@ import org.springframework.web.context.WebApplicationContext;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.anyString;
 import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 
 @RunWith(MockitoJUnitRunner.class)
 public class SecurityMockMvcConfigurerTests {
@@ -55,7 +55,7 @@ public class SecurityMockMvcConfigurerTests {
 
 	@Before
 	public void setup() {
-		when(this.context.getServletContext()).thenReturn(this.servletContext);
+		given(this.context.getServletContext()).willReturn(this.servletContext);
 	}
 
 	@Test
@@ -107,8 +107,8 @@ public class SecurityMockMvcConfigurerTests {
 	}
 
 	private void returnFilterBean() {
-		when(this.context.containsBean(anyString())).thenReturn(true);
-		when(this.context.getBean(anyString(), eq(Filter.class))).thenReturn(this.beanFilter);
+		given(this.context.containsBean(anyString())).willReturn(true);
+		given(this.context.getBean(anyString(), eq(Filter.class))).willReturn(this.beanFilter);
 	}
 
 }
diff --git a/web/src/test/java/org/springframework/security/web/FilterChainProxyTests.java b/web/src/test/java/org/springframework/security/web/FilterChainProxyTests.java
index 2c11daeee9..2017452c98 100644
--- a/web/src/test/java/org/springframework/security/web/FilterChainProxyTests.java
+++ b/web/src/test/java/org/springframework/security/web/FilterChainProxyTests.java
@@ -45,11 +45,11 @@ import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.fail;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
-import static org.mockito.Mockito.doAnswer;
+import static org.mockito.BDDMockito.given;
+import static org.mockito.BDDMockito.willAnswer;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.verifyZeroInteractions;
-import static org.mockito.Mockito.when;
 
 /**
  * @author Luke Taylor
@@ -73,13 +73,13 @@ public class FilterChainProxyTests {
 	public void setup() throws Exception {
 		this.matcher = mock(RequestMatcher.class);
 		this.filter = mock(Filter.class);
-		doAnswer((Answer<Object>) inv -> {
+		willAnswer((Answer<Object>) inv -> {
 			Object[] args = inv.getArguments();
 			FilterChain fc = (FilterChain) args[2];
 			HttpServletRequestWrapper extraWrapper = new HttpServletRequestWrapper((HttpServletRequest) args[0]);
 			fc.doFilter(extraWrapper, (HttpServletResponse) args[1]);
 			return null;
-		}).when(this.filter).doFilter(any(), any(), any());
+		}).given(this.filter).doFilter(any(), any(), any());
 		this.fcp = new FilterChainProxy(new DefaultSecurityFilterChain(this.matcher, Arrays.asList(this.filter)));
 		this.fcp.setFilterChainValidator(mock(FilterChainProxy.FilterChainValidator.class));
 		this.request = new MockHttpServletRequest("GET", "");
@@ -101,7 +101,7 @@ public class FilterChainProxyTests {
 
 	@Test
 	public void securityFilterChainIsNotInvokedIfMatchFails() throws Exception {
-		when(this.matcher.matches(any(HttpServletRequest.class))).thenReturn(false);
+		given(this.matcher.matches(any(HttpServletRequest.class))).willReturn(false);
 		this.fcp.doFilter(this.request, this.response, this.chain);
 		assertThat(this.fcp.getFilterChains()).hasSize(1);
 		assertThat(this.fcp.getFilterChains().get(0).getFilters().get(0)).isSameAs(this.filter);
@@ -113,7 +113,7 @@ public class FilterChainProxyTests {
 
 	@Test
 	public void originalChainIsInvokedAfterSecurityChainIfMatchSucceeds() throws Exception {
-		when(this.matcher.matches(any(HttpServletRequest.class))).thenReturn(true);
+		given(this.matcher.matches(any(HttpServletRequest.class))).willReturn(true);
 		this.fcp.doFilter(this.request, this.response, this.chain);
 
 		verify(this.filter).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class),
@@ -126,7 +126,7 @@ public class FilterChainProxyTests {
 		List<Filter> noFilters = Collections.emptyList();
 		this.fcp = new FilterChainProxy(new DefaultSecurityFilterChain(this.matcher, noFilters));
 
-		when(this.matcher.matches(any(HttpServletRequest.class))).thenReturn(true);
+		given(this.matcher.matches(any(HttpServletRequest.class))).willReturn(true);
 		this.fcp.doFilter(this.request, this.response, this.chain);
 
 		verify(this.chain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
@@ -134,7 +134,7 @@ public class FilterChainProxyTests {
 
 	@Test
 	public void requestIsWrappedForMatchingAndFilteringWhenMatchIsFound() throws Exception {
-		when(this.matcher.matches(any())).thenReturn(true);
+		given(this.matcher.matches(any())).willReturn(true);
 		this.fcp.doFilter(this.request, this.response, this.chain);
 		verify(this.matcher).matches(any(FirewalledRequest.class));
 		verify(this.filter).doFilter(any(FirewalledRequest.class), any(HttpServletResponse.class),
@@ -144,7 +144,7 @@ public class FilterChainProxyTests {
 
 	@Test
 	public void requestIsWrappedForMatchingAndFilteringWhenMatchIsNotFound() throws Exception {
-		when(this.matcher.matches(any(HttpServletRequest.class))).thenReturn(false);
+		given(this.matcher.matches(any(HttpServletRequest.class))).willReturn(false);
 		this.fcp.doFilter(this.request, this.response, this.chain);
 		verify(this.matcher).matches(any(FirewalledRequest.class));
 		verifyZeroInteractions(this.filter);
@@ -155,11 +155,11 @@ public class FilterChainProxyTests {
 	public void wrapperIsResetWhenNoMatchingFilters() throws Exception {
 		HttpFirewall fw = mock(HttpFirewall.class);
 		FirewalledRequest fwr = mock(FirewalledRequest.class);
-		when(fwr.getRequestURI()).thenReturn("/");
-		when(fwr.getContextPath()).thenReturn("");
+		given(fwr.getRequestURI()).willReturn("/");
+		given(fwr.getContextPath()).willReturn("");
 		this.fcp.setFirewall(fw);
-		when(fw.getFirewalledRequest(this.request)).thenReturn(fwr);
-		when(this.matcher.matches(any(HttpServletRequest.class))).thenReturn(false);
+		given(fw.getFirewalledRequest(this.request)).willReturn(fwr);
+		given(this.matcher.matches(any(HttpServletRequest.class))).willReturn(false);
 		this.fcp.doFilter(this.request, this.response, this.chain);
 		verify(fwr).reset();
 	}
@@ -172,16 +172,16 @@ public class FilterChainProxyTests {
 		firstFcp.setFirewall(fw);
 		this.fcp.setFirewall(fw);
 		FirewalledRequest firstFwr = mock(FirewalledRequest.class, "firstFwr");
-		when(firstFwr.getRequestURI()).thenReturn("/");
-		when(firstFwr.getContextPath()).thenReturn("");
+		given(firstFwr.getRequestURI()).willReturn("/");
+		given(firstFwr.getContextPath()).willReturn("");
 		FirewalledRequest fwr = mock(FirewalledRequest.class, "fwr");
-		when(fwr.getRequestURI()).thenReturn("/");
-		when(fwr.getContextPath()).thenReturn("");
-		when(fw.getFirewalledRequest(this.request)).thenReturn(firstFwr);
-		when(fw.getFirewalledRequest(firstFwr)).thenReturn(fwr);
-		when(fwr.getRequest()).thenReturn(firstFwr);
-		when(firstFwr.getRequest()).thenReturn(this.request);
-		when(this.matcher.matches(any())).thenReturn(true);
+		given(fwr.getRequestURI()).willReturn("/");
+		given(fwr.getContextPath()).willReturn("");
+		given(fw.getFirewalledRequest(this.request)).willReturn(firstFwr);
+		given(fw.getFirewalledRequest(firstFwr)).willReturn(fwr);
+		given(fwr.getRequest()).willReturn(firstFwr);
+		given(firstFwr.getRequest()).willReturn(this.request);
+		given(this.matcher.matches(any())).willReturn(true);
 		firstFcp.doFilter(this.request, this.response, this.chain);
 		verify(firstFwr).reset();
 		verify(fwr).reset();
@@ -189,12 +189,12 @@ public class FilterChainProxyTests {
 
 	@Test
 	public void doFilterClearsSecurityContextHolder() throws Exception {
-		when(this.matcher.matches(any(HttpServletRequest.class))).thenReturn(true);
-		doAnswer((Answer<Object>) inv -> {
+		given(this.matcher.matches(any(HttpServletRequest.class))).willReturn(true);
+		willAnswer((Answer<Object>) inv -> {
 			SecurityContextHolder.getContext()
 					.setAuthentication(new TestingAuthenticationToken("username", "password"));
 			return null;
-		}).when(this.filter).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class),
+		}).given(this.filter).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class),
 				any(FilterChain.class));
 
 		this.fcp.doFilter(this.request, this.response, this.chain);
@@ -204,12 +204,12 @@ public class FilterChainProxyTests {
 
 	@Test
 	public void doFilterClearsSecurityContextHolderWithException() throws Exception {
-		when(this.matcher.matches(any(HttpServletRequest.class))).thenReturn(true);
-		doAnswer((Answer<Object>) inv -> {
+		given(this.matcher.matches(any(HttpServletRequest.class))).willReturn(true);
+		willAnswer((Answer<Object>) inv -> {
 			SecurityContextHolder.getContext()
 					.setAuthentication(new TestingAuthenticationToken("username", "password"));
 			throw new ServletException("oops");
-		}).when(this.filter).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class),
+		}).given(this.filter).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class),
 				any(FilterChain.class));
 
 		try {
@@ -226,20 +226,20 @@ public class FilterChainProxyTests {
 	@Test
 	public void doFilterClearsSecurityContextHolderOnceOnForwards() throws Exception {
 		final FilterChain innerChain = mock(FilterChain.class);
-		when(this.matcher.matches(any(HttpServletRequest.class))).thenReturn(true);
-		doAnswer((Answer<Object>) inv -> {
+		given(this.matcher.matches(any(HttpServletRequest.class))).willReturn(true);
+		willAnswer((Answer<Object>) inv -> {
 			TestingAuthenticationToken expected = new TestingAuthenticationToken("username", "password");
 			SecurityContextHolder.getContext().setAuthentication(expected);
-			doAnswer((Answer<Object>) inv1 -> {
+			willAnswer((Answer<Object>) inv1 -> {
 				innerChain.doFilter(this.request, this.response);
 				return null;
-			}).when(this.filter).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class),
+			}).given(this.filter).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class),
 					any(FilterChain.class));
 
 			this.fcp.doFilter(this.request, this.response, innerChain);
 			assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(expected);
 			return null;
-		}).when(this.filter).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class),
+		}).given(this.filter).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class),
 				any(FilterChain.class));
 
 		this.fcp.doFilter(this.request, this.response, this.chain);
@@ -260,7 +260,7 @@ public class FilterChainProxyTests {
 		this.fcp.setFirewall(fw);
 		this.fcp.setRequestRejectedHandler(rjh);
 		RequestRejectedException requestRejectedException = new RequestRejectedException("Contains illegal chars");
-		when(fw.getFirewalledRequest(this.request)).thenThrow(requestRejectedException);
+		given(fw.getFirewalledRequest(this.request)).willThrow(requestRejectedException);
 		this.fcp.doFilter(this.request, this.response, this.chain);
 		verify(rjh).handle(eq(this.request), eq(this.response), eq((requestRejectedException)));
 	}
diff --git a/web/src/test/java/org/springframework/security/web/access/DefaultWebInvocationPrivilegeEvaluatorTests.java b/web/src/test/java/org/springframework/security/web/access/DefaultWebInvocationPrivilegeEvaluatorTests.java
index f5e98a599f..438ece3d85 100644
--- a/web/src/test/java/org/springframework/security/web/access/DefaultWebInvocationPrivilegeEvaluatorTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/DefaultWebInvocationPrivilegeEvaluatorTests.java
@@ -34,9 +34,9 @@ import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyList;
 import static org.mockito.ArgumentMatchers.anyObject;
-import static org.mockito.Mockito.doThrow;
+import static org.mockito.BDDMockito.given;
+import static org.mockito.BDDMockito.willThrow;
 import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
 
 /**
  * Tests
@@ -71,14 +71,14 @@ public class DefaultWebInvocationPrivilegeEvaluatorTests {
 	@Test
 	public void permitsAccessIfNoMatchingAttributesAndPublicInvocationsAllowed() {
 		DefaultWebInvocationPrivilegeEvaluator wipe = new DefaultWebInvocationPrivilegeEvaluator(this.interceptor);
-		when(this.ods.getAttributes(anyObject())).thenReturn(null);
+		given(this.ods.getAttributes(anyObject())).willReturn(null);
 		assertThat(wipe.isAllowed("/context", "/foo/index.jsp", "GET", mock(Authentication.class))).isTrue();
 	}
 
 	@Test
 	public void deniesAccessIfNoMatchingAttributesAndPublicInvocationsNotAllowed() {
 		DefaultWebInvocationPrivilegeEvaluator wipe = new DefaultWebInvocationPrivilegeEvaluator(this.interceptor);
-		when(this.ods.getAttributes(anyObject())).thenReturn(null);
+		given(this.ods.getAttributes(anyObject())).willReturn(null);
 		this.interceptor.setRejectPublicInvocations(true);
 		assertThat(wipe.isAllowed("/context", "/foo/index.jsp", "GET", mock(Authentication.class))).isFalse();
 	}
@@ -102,7 +102,8 @@ public class DefaultWebInvocationPrivilegeEvaluatorTests {
 		Authentication token = new TestingAuthenticationToken("test", "Password", "MOCK_INDEX");
 		DefaultWebInvocationPrivilegeEvaluator wipe = new DefaultWebInvocationPrivilegeEvaluator(this.interceptor);
 
-		doThrow(new AccessDeniedException("")).when(this.adm).decide(any(Authentication.class), anyObject(), anyList());
+		willThrow(new AccessDeniedException("")).given(this.adm).decide(any(Authentication.class), anyObject(),
+				anyList());
 
 		assertThat(wipe.isAllowed("/foo/index.jsp", token)).isFalse();
 	}
diff --git a/web/src/test/java/org/springframework/security/web/access/ExceptionTranslationFilterTests.java b/web/src/test/java/org/springframework/security/web/access/ExceptionTranslationFilterTests.java
index 884035c0e6..4976f8a3e3 100644
--- a/web/src/test/java/org/springframework/security/web/access/ExceptionTranslationFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/ExceptionTranslationFilterTests.java
@@ -49,7 +49,7 @@ import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.assertj.core.api.Assertions.fail;
 import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.Mockito.doThrow;
+import static org.mockito.BDDMockito.willThrow;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verifyZeroInteractions;
 
@@ -92,7 +92,7 @@ public class ExceptionTranslationFilterTests {
 
 		// Setup the FilterChain to thrown an access denied exception
 		FilterChain fc = mock(FilterChain.class);
-		doThrow(new AccessDeniedException("")).when(fc).doFilter(any(HttpServletRequest.class),
+		willThrow(new AccessDeniedException("")).given(fc).doFilter(any(HttpServletRequest.class),
 				any(HttpServletResponse.class));
 
 		// Setup SecurityContextHolder, as filter needs to check if user is
@@ -124,7 +124,7 @@ public class ExceptionTranslationFilterTests {
 
 		// Setup the FilterChain to thrown an access denied exception
 		FilterChain fc = mock(FilterChain.class);
-		doThrow(new AccessDeniedException("")).when(fc).doFilter(any(HttpServletRequest.class),
+		willThrow(new AccessDeniedException("")).given(fc).doFilter(any(HttpServletRequest.class),
 				any(HttpServletResponse.class));
 
 		// Setup SecurityContextHolder, as filter needs to check if user is remembered
@@ -149,7 +149,7 @@ public class ExceptionTranslationFilterTests {
 
 		// Setup the FilterChain to thrown an access denied exception
 		FilterChain fc = mock(FilterChain.class);
-		doThrow(new AccessDeniedException("")).when(fc).doFilter(any(HttpServletRequest.class),
+		willThrow(new AccessDeniedException("")).given(fc).doFilter(any(HttpServletRequest.class),
 				any(HttpServletResponse.class));
 
 		// Setup SecurityContextHolder, as filter needs to check if user is
@@ -179,7 +179,7 @@ public class ExceptionTranslationFilterTests {
 
 		// Setup the FilterChain to thrown an access denied exception
 		FilterChain fc = mock(FilterChain.class);
-		doThrow(new AccessDeniedException("")).when(fc).doFilter(any(HttpServletRequest.class),
+		willThrow(new AccessDeniedException("")).given(fc).doFilter(any(HttpServletRequest.class),
 				any(HttpServletResponse.class));
 
 		// Setup SecurityContextHolder, as filter needs to check if user is
@@ -213,7 +213,7 @@ public class ExceptionTranslationFilterTests {
 
 		// Setup the FilterChain to thrown an authentication failure exception
 		FilterChain fc = mock(FilterChain.class);
-		doThrow(new BadCredentialsException("")).when(fc).doFilter(any(HttpServletRequest.class),
+		willThrow(new BadCredentialsException("")).given(fc).doFilter(any(HttpServletRequest.class),
 				any(HttpServletResponse.class));
 
 		// Test
@@ -239,7 +239,7 @@ public class ExceptionTranslationFilterTests {
 
 		// Setup the FilterChain to thrown an authentication failure exception
 		FilterChain fc = mock(FilterChain.class);
-		doThrow(new BadCredentialsException("")).when(fc).doFilter(any(HttpServletRequest.class),
+		willThrow(new BadCredentialsException("")).given(fc).doFilter(any(HttpServletRequest.class),
 				any(HttpServletResponse.class));
 
 		// Test
@@ -286,7 +286,7 @@ public class ExceptionTranslationFilterTests {
 		for (Exception e : exceptions) {
 			FilterChain fc = mock(FilterChain.class);
 
-			doThrow(e).when(fc).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
+			willThrow(e).given(fc).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
 			try {
 				filter.doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(), fc);
 				fail("Should have thrown Exception");
diff --git a/web/src/test/java/org/springframework/security/web/access/RequestMatcherDelegatingAccessDeniedHandlerTests.java b/web/src/test/java/org/springframework/security/web/access/RequestMatcherDelegatingAccessDeniedHandlerTests.java
index add9ce044f..f5e160c855 100644
--- a/web/src/test/java/org/springframework/security/web/access/RequestMatcherDelegatingAccessDeniedHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/RequestMatcherDelegatingAccessDeniedHandlerTests.java
@@ -26,10 +26,10 @@ import org.junit.Test;
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.security.web.util.matcher.RequestMatcher;
 
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.never;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 
 /**
  * @author Josh Cummings
@@ -55,7 +55,7 @@ public class RequestMatcherDelegatingAccessDeniedHandlerTests {
 	public void handleWhenNothingMatchesThenOnlyDefaultHandlerInvoked() throws Exception {
 		AccessDeniedHandler handler = mock(AccessDeniedHandler.class);
 		RequestMatcher matcher = mock(RequestMatcher.class);
-		when(matcher.matches(this.request)).thenReturn(false);
+		given(matcher.matches(this.request)).willReturn(false);
 		this.deniedHandlers.put(matcher, handler);
 		this.delegator = new RequestMatcherDelegatingAccessDeniedHandler(this.deniedHandlers, this.accessDeniedHandler);
 
@@ -71,7 +71,7 @@ public class RequestMatcherDelegatingAccessDeniedHandlerTests {
 		RequestMatcher firstMatcher = mock(RequestMatcher.class);
 		AccessDeniedHandler secondHandler = mock(AccessDeniedHandler.class);
 		RequestMatcher secondMatcher = mock(RequestMatcher.class);
-		when(firstMatcher.matches(this.request)).thenReturn(true);
+		given(firstMatcher.matches(this.request)).willReturn(true);
 		this.deniedHandlers.put(firstMatcher, firstHandler);
 		this.deniedHandlers.put(secondMatcher, secondHandler);
 		this.delegator = new RequestMatcherDelegatingAccessDeniedHandler(this.deniedHandlers, this.accessDeniedHandler);
@@ -90,8 +90,8 @@ public class RequestMatcherDelegatingAccessDeniedHandlerTests {
 		RequestMatcher firstMatcher = mock(RequestMatcher.class);
 		AccessDeniedHandler secondHandler = mock(AccessDeniedHandler.class);
 		RequestMatcher secondMatcher = mock(RequestMatcher.class);
-		when(firstMatcher.matches(this.request)).thenReturn(false);
-		when(secondMatcher.matches(this.request)).thenReturn(true);
+		given(firstMatcher.matches(this.request)).willReturn(false);
+		given(secondMatcher.matches(this.request)).willReturn(true);
 		this.deniedHandlers.put(firstMatcher, firstHandler);
 		this.deniedHandlers.put(secondMatcher, secondHandler);
 		this.delegator = new RequestMatcherDelegatingAccessDeniedHandler(this.deniedHandlers, this.accessDeniedHandler);
diff --git a/web/src/test/java/org/springframework/security/web/access/expression/DelegatingEvaluationContextTests.java b/web/src/test/java/org/springframework/security/web/access/expression/DelegatingEvaluationContextTests.java
index abbc789a97..bb9a8e6734 100644
--- a/web/src/test/java/org/springframework/security/web/access/expression/DelegatingEvaluationContextTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/expression/DelegatingEvaluationContextTests.java
@@ -36,9 +36,9 @@ import org.springframework.expression.TypeLocator;
 import org.springframework.expression.TypedValue;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 
 /**
  * @author Rob Winch
@@ -55,7 +55,7 @@ public class DelegatingEvaluationContextTests {
 	@Test
 	public void getRootObject() {
 		TypedValue expected = mock(TypedValue.class);
-		when(this.delegate.getRootObject()).thenReturn(expected);
+		given(this.delegate.getRootObject()).willReturn(expected);
 
 		assertThat(this.context.getRootObject()).isEqualTo(expected);
 	}
@@ -63,7 +63,7 @@ public class DelegatingEvaluationContextTests {
 	@Test
 	public void getConstructorResolvers() {
 		List<ConstructorResolver> expected = new ArrayList<>();
-		when(this.delegate.getConstructorResolvers()).thenReturn(expected);
+		given(this.delegate.getConstructorResolvers()).willReturn(expected);
 
 		assertThat(this.context.getConstructorResolvers()).isEqualTo(expected);
 	}
@@ -71,7 +71,7 @@ public class DelegatingEvaluationContextTests {
 	@Test
 	public void getMethodResolvers() {
 		List<MethodResolver> expected = new ArrayList<>();
-		when(this.delegate.getMethodResolvers()).thenReturn(expected);
+		given(this.delegate.getMethodResolvers()).willReturn(expected);
 
 		assertThat(this.context.getMethodResolvers()).isEqualTo(expected);
 	}
@@ -79,7 +79,7 @@ public class DelegatingEvaluationContextTests {
 	@Test
 	public void getPropertyAccessors() {
 		List<PropertyAccessor> expected = new ArrayList<>();
-		when(this.delegate.getPropertyAccessors()).thenReturn(expected);
+		given(this.delegate.getPropertyAccessors()).willReturn(expected);
 
 		assertThat(this.context.getPropertyAccessors()).isEqualTo(expected);
 	}
@@ -88,7 +88,7 @@ public class DelegatingEvaluationContextTests {
 	public void getTypeLocator() {
 
 		TypeLocator expected = mock(TypeLocator.class);
-		when(this.delegate.getTypeLocator()).thenReturn(expected);
+		given(this.delegate.getTypeLocator()).willReturn(expected);
 
 		assertThat(this.context.getTypeLocator()).isEqualTo(expected);
 	}
@@ -96,7 +96,7 @@ public class DelegatingEvaluationContextTests {
 	@Test
 	public void getTypeConverter() {
 		TypeConverter expected = mock(TypeConverter.class);
-		when(this.delegate.getTypeConverter()).thenReturn(expected);
+		given(this.delegate.getTypeConverter()).willReturn(expected);
 
 		assertThat(this.context.getTypeConverter()).isEqualTo(expected);
 	}
@@ -104,7 +104,7 @@ public class DelegatingEvaluationContextTests {
 	@Test
 	public void getTypeComparator() {
 		TypeComparator expected = mock(TypeComparator.class);
-		when(this.delegate.getTypeComparator()).thenReturn(expected);
+		given(this.delegate.getTypeComparator()).willReturn(expected);
 
 		assertThat(this.context.getTypeComparator()).isEqualTo(expected);
 	}
@@ -112,7 +112,7 @@ public class DelegatingEvaluationContextTests {
 	@Test
 	public void getOperatorOverloader() {
 		OperatorOverloader expected = mock(OperatorOverloader.class);
-		when(this.delegate.getOperatorOverloader()).thenReturn(expected);
+		given(this.delegate.getOperatorOverloader()).willReturn(expected);
 
 		assertThat(this.context.getOperatorOverloader()).isEqualTo(expected);
 	}
@@ -120,7 +120,7 @@ public class DelegatingEvaluationContextTests {
 	@Test
 	public void getBeanResolver() {
 		BeanResolver expected = mock(BeanResolver.class);
-		when(this.delegate.getBeanResolver()).thenReturn(expected);
+		given(this.delegate.getBeanResolver()).willReturn(expected);
 
 		assertThat(this.context.getBeanResolver()).isEqualTo(expected);
 	}
@@ -139,7 +139,7 @@ public class DelegatingEvaluationContextTests {
 	public void lookupVariable() {
 		String name = "name";
 		String expected = "expected";
-		when(this.delegate.lookupVariable(name)).thenReturn(expected);
+		given(this.delegate.lookupVariable(name)).willReturn(expected);
 
 		assertThat(this.context.lookupVariable(name)).isEqualTo(expected);
 	}
diff --git a/web/src/test/java/org/springframework/security/web/access/expression/WebExpressionVoterTests.java b/web/src/test/java/org/springframework/security/web/access/expression/WebExpressionVoterTests.java
index 608053c1d7..4e709ba6c7 100644
--- a/web/src/test/java/org/springframework/security/web/access/expression/WebExpressionVoterTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/expression/WebExpressionVoterTests.java
@@ -35,8 +35,8 @@ import org.springframework.security.web.FilterInvocation;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
 
 /**
  * @author Luke Taylor
@@ -70,15 +70,15 @@ public class WebExpressionVoterTests {
 		WebExpressionVoter voter = new WebExpressionVoter();
 		Expression ex = mock(Expression.class);
 		EvaluationContextPostProcessor postProcessor = mock(EvaluationContextPostProcessor.class);
-		when(postProcessor.postProcess(any(EvaluationContext.class), any(FilterInvocation.class)))
-				.thenAnswer(invocation -> invocation.getArgument(0));
+		given(postProcessor.postProcess(any(EvaluationContext.class), any(FilterInvocation.class)))
+				.willAnswer(invocation -> invocation.getArgument(0));
 		WebExpressionConfigAttribute weca = new WebExpressionConfigAttribute(ex, postProcessor);
 		EvaluationContext ctx = mock(EvaluationContext.class);
 		SecurityExpressionHandler eh = mock(SecurityExpressionHandler.class);
 		FilterInvocation fi = new FilterInvocation("/path", "GET");
 		voter.setExpressionHandler(eh);
-		when(eh.createEvaluationContext(this.user, fi)).thenReturn(ctx);
-		when(ex.getValue(ctx, Boolean.class)).thenReturn(Boolean.TRUE).thenReturn(Boolean.FALSE);
+		given(eh.createEvaluationContext(this.user, fi)).willReturn(ctx);
+		given(ex.getValue(ctx, Boolean.class)).willReturn(Boolean.TRUE, Boolean.FALSE);
 		ArrayList attributes = new ArrayList();
 		attributes.addAll(SecurityConfig.createList("A", "B", "C"));
 		attributes.add(weca);
diff --git a/web/src/test/java/org/springframework/security/web/access/intercept/FilterSecurityInterceptorTests.java b/web/src/test/java/org/springframework/security/web/access/intercept/FilterSecurityInterceptorTests.java
index d56a4de170..37199a0c8f 100644
--- a/web/src/test/java/org/springframework/security/web/access/intercept/FilterSecurityInterceptorTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/intercept/FilterSecurityInterceptorTests.java
@@ -46,12 +46,12 @@ import static org.assertj.core.api.Assertions.fail;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyCollection;
 import static org.mockito.ArgumentMatchers.eq;
-import static org.mockito.Mockito.doThrow;
+import static org.mockito.BDDMockito.given;
+import static org.mockito.BDDMockito.willThrow;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.never;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.verifyZeroInteractions;
-import static org.mockito.Mockito.when;
 
 /**
  * Tests {@link FilterSecurityInterceptor}.
@@ -97,13 +97,13 @@ public class FilterSecurityInterceptorTests {
 
 	@Test(expected = IllegalArgumentException.class)
 	public void testEnsuresAccessDecisionManagerSupportsFilterInvocationClass() throws Exception {
-		when(this.adm.supports(FilterInvocation.class)).thenReturn(true);
+		given(this.adm.supports(FilterInvocation.class)).willReturn(true);
 		this.interceptor.afterPropertiesSet();
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void testEnsuresRunAsManagerSupportsFilterInvocationClass() throws Exception {
-		when(this.adm.supports(FilterInvocation.class)).thenReturn(false);
+		given(this.adm.supports(FilterInvocation.class)).willReturn(false);
 		this.interceptor.afterPropertiesSet();
 	}
 
@@ -120,7 +120,7 @@ public class FilterSecurityInterceptorTests {
 
 		FilterInvocation fi = createinvocation();
 
-		when(this.ods.getAttributes(fi)).thenReturn(SecurityConfig.createList("MOCK_OK"));
+		given(this.ods.getAttributes(fi)).willReturn(SecurityConfig.createList("MOCK_OK"));
 
 		this.interceptor.invoke(fi);
 
@@ -136,9 +136,9 @@ public class FilterSecurityInterceptorTests {
 		FilterInvocation fi = createinvocation();
 		FilterChain chain = fi.getChain();
 
-		doThrow(new RuntimeException()).when(chain).doFilter(any(HttpServletRequest.class),
+		willThrow(new RuntimeException()).given(chain).doFilter(any(HttpServletRequest.class),
 				any(HttpServletResponse.class));
-		when(this.ods.getAttributes(fi)).thenReturn(SecurityConfig.createList("MOCK_OK"));
+		given(this.ods.getAttributes(fi)).willReturn(SecurityConfig.createList("MOCK_OK"));
 
 		AfterInvocationManager aim = mock(AfterInvocationManager.class);
 		this.interceptor.setAfterInvocationManager(aim);
@@ -163,16 +163,16 @@ public class FilterSecurityInterceptorTests {
 		ctx.setAuthentication(token);
 
 		RunAsManager runAsManager = mock(RunAsManager.class);
-		when(runAsManager.buildRunAs(eq(token), any(), anyCollection()))
-				.thenReturn(new RunAsUserToken("key", "someone", "creds", token.getAuthorities(), token.getClass()));
+		given(runAsManager.buildRunAs(eq(token), any(), anyCollection()))
+				.willReturn(new RunAsUserToken("key", "someone", "creds", token.getAuthorities(), token.getClass()));
 		this.interceptor.setRunAsManager(runAsManager);
 
 		FilterInvocation fi = createinvocation();
 		FilterChain chain = fi.getChain();
 
-		doThrow(new RuntimeException()).when(chain).doFilter(any(HttpServletRequest.class),
+		willThrow(new RuntimeException()).given(chain).doFilter(any(HttpServletRequest.class),
 				any(HttpServletResponse.class));
-		when(this.ods.getAttributes(fi)).thenReturn(SecurityConfig.createList("MOCK_OK"));
+		given(this.ods.getAttributes(fi)).willReturn(SecurityConfig.createList("MOCK_OK"));
 
 		AfterInvocationManager aim = mock(AfterInvocationManager.class);
 		this.interceptor.setAfterInvocationManager(aim);
diff --git a/web/src/test/java/org/springframework/security/web/authentication/AuthenticationFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/AuthenticationFilterTests.java
index 53e60f8f62..50d37da710 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/AuthenticationFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/AuthenticationFilterTests.java
@@ -44,10 +44,10 @@ import org.springframework.security.web.util.matcher.RequestMatcher;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.verifyZeroInteractions;
-import static org.mockito.Mockito.when;
 
 /**
  * @author Sergey Bespalov
@@ -76,7 +76,7 @@ public class AuthenticationFilterTests {
 
 	@Before
 	public void setup() {
-		when(this.authenticationManagerResolver.resolve(any())).thenReturn(this.authenticationManager);
+		given(this.authenticationManagerResolver.resolve(any())).willReturn(this.authenticationManager);
 	}
 
 	@After
@@ -117,8 +117,8 @@ public class AuthenticationFilterTests {
 	@Test
 	public void filterWhenDefaultsAndAuthenticationSuccessThenContinues() throws Exception {
 		Authentication authentication = new TestingAuthenticationToken("test", "this", "ROLE");
-		when(this.authenticationConverter.convert(any())).thenReturn(authentication);
-		when(this.authenticationManager.authenticate(any())).thenReturn(authentication);
+		given(this.authenticationConverter.convert(any())).willReturn(authentication);
+		given(this.authenticationManager.authenticate(any())).willReturn(authentication);
 		AuthenticationFilter filter = new AuthenticationFilter(this.authenticationManager,
 				this.authenticationConverter);
 
@@ -136,8 +136,8 @@ public class AuthenticationFilterTests {
 	public void filterWhenAuthenticationManagerResolverDefaultsAndAuthenticationSuccessThenContinues()
 			throws Exception {
 		Authentication authentication = new TestingAuthenticationToken("test", "this", "ROLE");
-		when(this.authenticationConverter.convert(any())).thenReturn(authentication);
-		when(this.authenticationManager.authenticate(any())).thenReturn(authentication);
+		given(this.authenticationConverter.convert(any())).willReturn(authentication);
+		given(this.authenticationManager.authenticate(any())).willReturn(authentication);
 
 		AuthenticationFilter filter = new AuthenticationFilter(this.authenticationManagerResolver,
 				this.authenticationConverter);
@@ -155,8 +155,8 @@ public class AuthenticationFilterTests {
 	@Test
 	public void filterWhenDefaultsAndAuthenticationFailThenUnauthorized() throws Exception {
 		Authentication authentication = new TestingAuthenticationToken("test", "this", "ROLE");
-		when(this.authenticationConverter.convert(any())).thenReturn(authentication);
-		when(this.authenticationManager.authenticate(any())).thenThrow(new BadCredentialsException("failed"));
+		given(this.authenticationConverter.convert(any())).willReturn(authentication);
+		given(this.authenticationManager.authenticate(any())).willThrow(new BadCredentialsException("failed"));
 
 		AuthenticationFilter filter = new AuthenticationFilter(this.authenticationManager,
 				this.authenticationConverter);
@@ -174,8 +174,8 @@ public class AuthenticationFilterTests {
 	public void filterWhenAuthenticationManagerResolverDefaultsAndAuthenticationFailThenUnauthorized()
 			throws Exception {
 		Authentication authentication = new TestingAuthenticationToken("test", "this", "ROLE");
-		when(this.authenticationConverter.convert(any())).thenReturn(authentication);
-		when(this.authenticationManager.authenticate(any())).thenThrow(new BadCredentialsException("failed"));
+		given(this.authenticationConverter.convert(any())).willReturn(authentication);
+		given(this.authenticationManager.authenticate(any())).willThrow(new BadCredentialsException("failed"));
 
 		AuthenticationFilter filter = new AuthenticationFilter(this.authenticationManagerResolver,
 				this.authenticationConverter);
@@ -191,7 +191,7 @@ public class AuthenticationFilterTests {
 
 	@Test
 	public void filterWhenConvertEmptyThenOk() throws Exception {
-		when(this.authenticationConverter.convert(any())).thenReturn(null);
+		given(this.authenticationConverter.convert(any())).willReturn(null);
 		AuthenticationFilter filter = new AuthenticationFilter(this.authenticationManagerResolver,
 				this.authenticationConverter);
 
@@ -207,8 +207,8 @@ public class AuthenticationFilterTests {
 	@Test
 	public void filterWhenConvertAndAuthenticationSuccessThenSuccess() throws Exception {
 		Authentication authentication = new TestingAuthenticationToken("test", "this", "ROLE_USER");
-		when(this.authenticationConverter.convert(any())).thenReturn(authentication);
-		when(this.authenticationManager.authenticate(any())).thenReturn(authentication);
+		given(this.authenticationConverter.convert(any())).willReturn(authentication);
+		given(this.authenticationManager.authenticate(any())).willReturn(authentication);
 
 		AuthenticationFilter filter = new AuthenticationFilter(this.authenticationManagerResolver,
 				this.authenticationConverter);
@@ -227,8 +227,8 @@ public class AuthenticationFilterTests {
 	@Test(expected = ServletException.class)
 	public void filterWhenConvertAndAuthenticationEmptyThenServerError() throws Exception {
 		Authentication authentication = new TestingAuthenticationToken("test", "this", "ROLE_USER");
-		when(this.authenticationConverter.convert(any())).thenReturn(authentication);
-		when(this.authenticationManager.authenticate(any())).thenReturn(null);
+		given(this.authenticationConverter.convert(any())).willReturn(authentication);
+		given(this.authenticationManager.authenticate(any())).willReturn(null);
 
 		AuthenticationFilter filter = new AuthenticationFilter(this.authenticationManagerResolver,
 				this.authenticationConverter);
@@ -250,7 +250,7 @@ public class AuthenticationFilterTests {
 
 	@Test
 	public void filterWhenNotMatchAndConvertAndAuthenticationSuccessThenContinues() throws Exception {
-		when(this.requestMatcher.matches(any())).thenReturn(false);
+		given(this.requestMatcher.matches(any())).willReturn(false);
 
 		AuthenticationFilter filter = new AuthenticationFilter(this.authenticationManagerResolver,
 				this.authenticationConverter);
@@ -269,8 +269,8 @@ public class AuthenticationFilterTests {
 	@Test
 	public void filterWhenSuccessfulAuthenticationThenSessionIdChanges() throws Exception {
 		Authentication authentication = new TestingAuthenticationToken("test", "this", "ROLE_USER");
-		when(this.authenticationConverter.convert(any())).thenReturn(authentication);
-		when(this.authenticationManager.authenticate(any())).thenReturn(authentication);
+		given(this.authenticationConverter.convert(any())).willReturn(authentication);
+		given(this.authenticationManager.authenticate(any())).willReturn(authentication);
 
 		MockHttpSession session = new MockHttpSession();
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", "/");
diff --git a/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPointTests.java b/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPointTests.java
index 767f6ce5ac..9cb163cdc9 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPointTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPointTests.java
@@ -26,10 +26,10 @@ import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.security.web.AuthenticationEntryPoint;
 import org.springframework.security.web.util.matcher.RequestMatcher;
 
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.never;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 
 /**
  * Test class for {@link DelegatingAuthenticationEntryPoint}
@@ -60,7 +60,7 @@ public class DelegatingAuthenticationEntryPointTests {
 	public void testDefaultEntryPoint() throws Exception {
 		AuthenticationEntryPoint firstAEP = mock(AuthenticationEntryPoint.class);
 		RequestMatcher firstRM = mock(RequestMatcher.class);
-		when(firstRM.matches(this.request)).thenReturn(false);
+		given(firstRM.matches(this.request)).willReturn(false);
 		this.entryPoints.put(firstRM, firstAEP);
 
 		this.daep.commence(this.request, null, null);
@@ -75,7 +75,7 @@ public class DelegatingAuthenticationEntryPointTests {
 		RequestMatcher firstRM = mock(RequestMatcher.class);
 		AuthenticationEntryPoint secondAEP = mock(AuthenticationEntryPoint.class);
 		RequestMatcher secondRM = mock(RequestMatcher.class);
-		when(firstRM.matches(this.request)).thenReturn(true);
+		given(firstRM.matches(this.request)).willReturn(true);
 		this.entryPoints.put(firstRM, firstAEP);
 		this.entryPoints.put(secondRM, secondAEP);
 
@@ -93,8 +93,8 @@ public class DelegatingAuthenticationEntryPointTests {
 		RequestMatcher firstRM = mock(RequestMatcher.class);
 		AuthenticationEntryPoint secondAEP = mock(AuthenticationEntryPoint.class);
 		RequestMatcher secondRM = mock(RequestMatcher.class);
-		when(firstRM.matches(this.request)).thenReturn(false);
-		when(secondRM.matches(this.request)).thenReturn(true);
+		given(firstRM.matches(this.request)).willReturn(false);
+		given(secondRM.matches(this.request)).willReturn(true);
 		this.entryPoints.put(firstRM, firstAEP);
 		this.entryPoints.put(secondRM, secondAEP);
 
diff --git a/web/src/test/java/org/springframework/security/web/authentication/SavedRequestAwareAuthenticationSuccessHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/SavedRequestAwareAuthenticationSuccessHandlerTests.java
index d836bc701b..af5c0e2a9a 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/SavedRequestAwareAuthenticationSuccessHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/SavedRequestAwareAuthenticationSuccessHandlerTests.java
@@ -25,9 +25,9 @@ import org.springframework.security.web.savedrequest.RequestCache;
 import org.springframework.security.web.savedrequest.SavedRequest;
 
 import static org.assertj.core.api.Assertions.fail;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 
 public class SavedRequestAwareAuthenticationSuccessHandlerTests {
 
@@ -55,8 +55,8 @@ public class SavedRequestAwareAuthenticationSuccessHandlerTests {
 		SavedRequest savedRequest = mock(SavedRequest.class);
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
-		when(savedRequest.getRedirectUrl()).thenReturn(redirectUrl);
-		when(requestCache.getRequest(request, response)).thenReturn(savedRequest);
+		given(savedRequest.getRedirectUrl()).willReturn(redirectUrl);
+		given(requestCache.getRequest(request, response)).willReturn(savedRequest);
 
 		SavedRequestAwareAuthenticationSuccessHandler handler = new SavedRequestAwareAuthenticationSuccessHandler();
 		handler.setRequestCache(requestCache);
diff --git a/web/src/test/java/org/springframework/security/web/authentication/UsernamePasswordAuthenticationFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/UsernamePasswordAuthenticationFilterTests.java
index f1417f9121..5c00f97145 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/UsernamePasswordAuthenticationFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/UsernamePasswordAuthenticationFilterTests.java
@@ -29,8 +29,8 @@ import org.springframework.security.core.AuthenticationException;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.fail;
 import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
 
 /**
  * Tests {@link UsernamePasswordAuthenticationFilter}.
@@ -122,7 +122,7 @@ public class UsernamePasswordAuthenticationFilterTests {
 		request.addParameter(UsernamePasswordAuthenticationFilter.SPRING_SECURITY_FORM_USERNAME_KEY, "rod");
 		UsernamePasswordAuthenticationFilter filter = new UsernamePasswordAuthenticationFilter();
 		AuthenticationManager am = mock(AuthenticationManager.class);
-		when(am.authenticate(any(Authentication.class))).thenThrow(new BadCredentialsException(""));
+		given(am.authenticate(any(Authentication.class))).willThrow(new BadCredentialsException(""));
 		filter.setAuthenticationManager(am);
 
 		try {
@@ -152,8 +152,8 @@ public class UsernamePasswordAuthenticationFilterTests {
 
 	private AuthenticationManager createAuthenticationManager() {
 		AuthenticationManager am = mock(AuthenticationManager.class);
-		when(am.authenticate(any(Authentication.class)))
-				.thenAnswer((Answer<Authentication>) invocation -> (Authentication) invocation.getArguments()[0]);
+		given(am.authenticate(any(Authentication.class)))
+				.willAnswer((Answer<Authentication>) invocation -> (Authentication) invocation.getArguments()[0]);
 
 		return am;
 	}
diff --git a/web/src/test/java/org/springframework/security/web/authentication/logout/CompositeLogoutHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/logout/CompositeLogoutHandlerTests.java
index bfacd8d55f..5db6228a6d 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/logout/CompositeLogoutHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/logout/CompositeLogoutHandlerTests.java
@@ -31,7 +31,7 @@ import org.springframework.security.core.Authentication;
 
 import static org.assertj.core.api.Assertions.fail;
 import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.Mockito.doThrow;
+import static org.mockito.BDDMockito.willThrow;
 import static org.mockito.Mockito.inOrder;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.never;
@@ -91,7 +91,7 @@ public class CompositeLogoutHandlerTests {
 		LogoutHandler firstLogoutHandler = mock(LogoutHandler.class);
 		LogoutHandler secondLogoutHandler = mock(LogoutHandler.class);
 
-		doThrow(new IllegalArgumentException()).when(firstLogoutHandler).logout(any(HttpServletRequest.class),
+		willThrow(new IllegalArgumentException()).given(firstLogoutHandler).logout(any(HttpServletRequest.class),
 				any(HttpServletResponse.class), any(Authentication.class));
 
 		List<LogoutHandler> logoutHandlers = Arrays.asList(firstLogoutHandler, secondLogoutHandler);
diff --git a/web/src/test/java/org/springframework/security/web/authentication/logout/DelegatingLogoutSuccessHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/logout/DelegatingLogoutSuccessHandlerTests.java
index 66ef5e52ef..ff92fb9536 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/logout/DelegatingLogoutSuccessHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/logout/DelegatingLogoutSuccessHandlerTests.java
@@ -29,9 +29,9 @@ import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.web.util.matcher.RequestMatcher;
 
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.verifyZeroInteractions;
-import static org.mockito.Mockito.when;
 
 /**
  * DelegatingLogoutSuccessHandlerTests Tests
@@ -79,7 +79,7 @@ public class DelegatingLogoutSuccessHandlerTests {
 	@Test
 	public void onLogoutSuccessFirstMatches() throws Exception {
 		this.delegatingHandler.setDefaultLogoutSuccessHandler(this.defaultHandler);
-		when(this.matcher.matches(this.request)).thenReturn(true);
+		given(this.matcher.matches(this.request)).willReturn(true);
 
 		this.delegatingHandler.onLogoutSuccess(this.request, this.response, this.authentication);
 
@@ -90,7 +90,7 @@ public class DelegatingLogoutSuccessHandlerTests {
 	@Test
 	public void onLogoutSuccessSecondMatches() throws Exception {
 		this.delegatingHandler.setDefaultLogoutSuccessHandler(this.defaultHandler);
-		when(this.matcher2.matches(this.request)).thenReturn(true);
+		given(this.matcher2.matches(this.request)).willReturn(true);
 
 		this.delegatingHandler.onLogoutSuccess(this.request, this.response, this.authentication);
 
diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilterTests.java
index 8a028ba49b..2a39eea38a 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilterTests.java
@@ -43,10 +43,10 @@ import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.fail;
 import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.verifyZeroInteractions;
-import static org.mockito.Mockito.when;
 
 /**
  * @author Rob Winch
@@ -81,7 +81,7 @@ public class AbstractPreAuthenticatedProcessingFilterTests {
 	@Test
 	public void filterChainProceedsOnFailedAuthenticationByDefault() throws Exception {
 		AuthenticationManager am = mock(AuthenticationManager.class);
-		when(am.authenticate(any(Authentication.class))).thenThrow(new BadCredentialsException(""));
+		given(am.authenticate(any(Authentication.class))).willThrow(new BadCredentialsException(""));
 		this.filter.setAuthenticationManager(am);
 		this.filter.afterPropertiesSet();
 		this.filter.doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(), mock(FilterChain.class));
@@ -93,7 +93,7 @@ public class AbstractPreAuthenticatedProcessingFilterTests {
 	public void exceptionIsThrownOnFailedAuthenticationIfContinueFilterChainOnUnsuccessfulAuthenticationSetToFalse()
 			throws Exception {
 		AuthenticationManager am = mock(AuthenticationManager.class);
-		when(am.authenticate(any(Authentication.class))).thenThrow(new BadCredentialsException(""));
+		given(am.authenticate(any(Authentication.class))).willThrow(new BadCredentialsException(""));
 		this.filter.setContinueFilterChainOnUnsuccessfulAuthentication(false);
 		this.filter.setAuthenticationManager(am);
 		this.filter.afterPropertiesSet();
@@ -238,8 +238,8 @@ public class AbstractPreAuthenticatedProcessingFilterTests {
 		filter.setAuthenticationFailureHandler(new ForwardAuthenticationFailureHandler("/forwardUrl"));
 		filter.setCheckForPrincipalChanges(true);
 		AuthenticationManager am = mock(AuthenticationManager.class);
-		when(am.authenticate(any(PreAuthenticatedAuthenticationToken.class)))
-				.thenThrow(new PreAuthenticatedCredentialsNotFoundException("invalid"));
+		given(am.authenticate(any(PreAuthenticatedAuthenticationToken.class)))
+				.willThrow(new PreAuthenticatedCredentialsNotFoundException("invalid"));
 		filter.setAuthenticationManager(am);
 		filter.afterPropertiesSet();
 
@@ -418,11 +418,11 @@ public class AbstractPreAuthenticatedProcessingFilterTests {
 		AuthenticationManager am = mock(AuthenticationManager.class);
 
 		if (!grantAccess) {
-			when(am.authenticate(any(Authentication.class))).thenThrow(new BadCredentialsException(""));
+			given(am.authenticate(any(Authentication.class))).willThrow(new BadCredentialsException(""));
 		}
 		else {
-			when(am.authenticate(any(Authentication.class)))
-					.thenAnswer((Answer<Authentication>) invocation -> (Authentication) invocation.getArguments()[0]);
+			given(am.authenticate(any(Authentication.class)))
+					.willAnswer((Answer<Authentication>) invocation -> (Authentication) invocation.getArguments()[0]);
 		}
 
 		filter.setAuthenticationManager(am);
diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/RequestAttributeAuthenticationFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/RequestAttributeAuthenticationFilterTests.java
index 73bdc2b076..5f1ef577d4 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/preauth/RequestAttributeAuthenticationFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/RequestAttributeAuthenticationFilterTests.java
@@ -29,8 +29,8 @@ import org.springframework.security.core.context.SecurityContextHolder;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
 
 /**
  * @author Milan Sevcik
@@ -149,8 +149,8 @@ public class RequestAttributeAuthenticationFilterTests {
 	 */
 	private AuthenticationManager createAuthenticationManager() {
 		AuthenticationManager am = mock(AuthenticationManager.class);
-		when(am.authenticate(any(Authentication.class)))
-				.thenAnswer((Answer<Authentication>) invocation -> (Authentication) invocation.getArguments()[0]);
+		given(am.authenticate(any(Authentication.class)))
+				.willAnswer((Answer<Authentication>) invocation -> (Authentication) invocation.getArguments()[0]);
 
 		return am;
 	}
diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/header/RequestHeaderAuthenticationFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/header/RequestHeaderAuthenticationFilterTests.java
index 11b36ed7bf..41d857c928 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/preauth/header/RequestHeaderAuthenticationFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/header/RequestHeaderAuthenticationFilterTests.java
@@ -31,8 +31,8 @@ import org.springframework.security.web.authentication.preauth.RequestHeaderAuth
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
 
 /**
  * @author Luke Taylor
@@ -150,8 +150,8 @@ public class RequestHeaderAuthenticationFilterTests {
 	 */
 	private AuthenticationManager createAuthenticationManager() {
 		AuthenticationManager am = mock(AuthenticationManager.class);
-		when(am.authenticate(any(Authentication.class)))
-				.thenAnswer((Answer<Authentication>) invocation -> (Authentication) invocation.getArguments()[0]);
+		given(am.authenticate(any(Authentication.class)))
+				.willAnswer((Answer<Authentication>) invocation -> (Authentication) invocation.getArguments()[0]);
 
 		return am;
 	}
diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedProcessingFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedProcessingFilterTests.java
index e4c818d23c..d5edb037d5 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedProcessingFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedProcessingFilterTests.java
@@ -30,8 +30,8 @@ import org.springframework.security.core.context.SecurityContextHolder;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
 
 /**
  * @author Luke Taylor
@@ -47,14 +47,14 @@ public class WebSpherePreAuthenticatedProcessingFilterTests {
 	public void principalsAndCredentialsAreExtractedCorrectly() throws Exception {
 		new WebSpherePreAuthenticatedProcessingFilter();
 		WASUsernameAndGroupsExtractor helper = mock(WASUsernameAndGroupsExtractor.class);
-		when(helper.getCurrentUserName()).thenReturn("jerry");
+		given(helper.getCurrentUserName()).willReturn("jerry");
 		WebSpherePreAuthenticatedProcessingFilter filter = new WebSpherePreAuthenticatedProcessingFilter(helper);
 		assertThat(filter.getPreAuthenticatedPrincipal(new MockHttpServletRequest())).isEqualTo("jerry");
 		assertThat(filter.getPreAuthenticatedCredentials(new MockHttpServletRequest())).isEqualTo("N/A");
 
 		AuthenticationManager am = mock(AuthenticationManager.class);
-		when(am.authenticate(any(Authentication.class)))
-				.thenAnswer((Answer<Authentication>) invocation -> (Authentication) invocation.getArguments()[0]);
+		given(am.authenticate(any(Authentication.class)))
+				.willAnswer((Answer<Authentication>) invocation -> (Authentication) invocation.getArguments()[0]);
 
 		filter.setAuthenticationManager(am);
 		WebSpherePreAuthenticatedWebAuthenticationDetailsSource ads = new WebSpherePreAuthenticatedWebAuthenticationDetailsSource(
diff --git a/web/src/test/java/org/springframework/security/web/authentication/rememberme/JdbcTokenRepositoryImplTests.java b/web/src/test/java/org/springframework/security/web/authentication/rememberme/JdbcTokenRepositoryImplTests.java
index 0f2b2c693b..0835c51e80 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/rememberme/JdbcTokenRepositoryImplTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/rememberme/JdbcTokenRepositoryImplTests.java
@@ -41,10 +41,10 @@ import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyString;
 import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.verifyNoMoreInteractions;
-import static org.mockito.Mockito.when;
 
 /**
  * @author Luke Taylor
@@ -133,7 +133,7 @@ public class JdbcTokenRepositoryImplTests {
 	// SEC-1964
 	@Test
 	public void retrievingTokenWithNoSeriesReturnsNull() {
-		when(this.logger.isDebugEnabled()).thenReturn(true);
+		given(this.logger.isDebugEnabled()).willReturn(true);
 
 		assertThat(this.repo.getTokenForSeries("missingSeries")).isNull();
 
diff --git a/web/src/test/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationFilterTests.java
index e5892cf3c6..595a5c8353 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationFilterTests.java
@@ -39,10 +39,10 @@ import org.springframework.security.web.authentication.SimpleUrlAuthenticationSu
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.verifyZeroInteractions;
-import static org.mockito.Mockito.when;
 
 /**
  * Tests {@link RememberMeAuthenticationFilter}.
@@ -98,7 +98,7 @@ public class RememberMeAuthenticationFilterTests {
 	@Test
 	public void testOperationWhenNoAuthenticationInContextHolder() throws Exception {
 		AuthenticationManager am = mock(AuthenticationManager.class);
-		when(am.authenticate(this.remembered)).thenReturn(this.remembered);
+		given(am.authenticate(this.remembered)).willReturn(this.remembered);
 
 		RememberMeAuthenticationFilter filter = new RememberMeAuthenticationFilter(am,
 				new MockRememberMeServices(this.remembered));
@@ -118,7 +118,7 @@ public class RememberMeAuthenticationFilterTests {
 	public void onUnsuccessfulLoginIsCalledWhenProviderRejectsAuth() throws Exception {
 		final Authentication failedAuth = new TestingAuthenticationToken("failed", "");
 		AuthenticationManager am = mock(AuthenticationManager.class);
-		when(am.authenticate(any(Authentication.class))).thenThrow(new BadCredentialsException(""));
+		given(am.authenticate(any(Authentication.class))).willThrow(new BadCredentialsException(""));
 
 		RememberMeAuthenticationFilter filter = new RememberMeAuthenticationFilter(am,
 				new MockRememberMeServices(this.remembered)) {
@@ -144,7 +144,7 @@ public class RememberMeAuthenticationFilterTests {
 	@Test
 	public void authenticationSuccessHandlerIsInvokedOnSuccessfulAuthenticationIfSet() throws Exception {
 		AuthenticationManager am = mock(AuthenticationManager.class);
-		when(am.authenticate(this.remembered)).thenReturn(this.remembered);
+		given(am.authenticate(this.remembered)).willReturn(this.remembered);
 		RememberMeAuthenticationFilter filter = new RememberMeAuthenticationFilter(am,
 				new MockRememberMeServices(this.remembered));
 		filter.setAuthenticationSuccessHandler(new SimpleUrlAuthenticationSuccessHandler("/target"));
diff --git a/web/src/test/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServicesTests.java b/web/src/test/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServicesTests.java
index 526b9a0cbe..0f4608bee7 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServicesTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServicesTests.java
@@ -38,8 +38,8 @@ import org.springframework.util.StringUtils;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
 import static org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices.DEFAULT_PARAMETER;
 import static org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY;
 import static org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices.TWO_WEEKS_S;
@@ -67,15 +67,15 @@ public class TokenBasedRememberMeServicesTests {
 	}
 
 	void udsWillReturnUser() {
-		when(this.uds.loadUserByUsername(any(String.class))).thenReturn(this.user);
+		given(this.uds.loadUserByUsername(any(String.class))).willReturn(this.user);
 	}
 
 	void udsWillThrowNotFound() {
-		when(this.uds.loadUserByUsername(any(String.class))).thenThrow(new UsernameNotFoundException(""));
+		given(this.uds.loadUserByUsername(any(String.class))).willThrow(new UsernameNotFoundException(""));
 	}
 
 	void udsWillReturnNull() {
-		when(this.uds.loadUserByUsername(any(String.class))).thenReturn(null);
+		given(this.uds.loadUserByUsername(any(String.class))).willReturn(null);
 	}
 
 	private long determineExpiryTimeFromBased64EncodedToken(String validToken) {
diff --git a/web/src/test/java/org/springframework/security/web/authentication/session/CompositeSessionAuthenticationStrategyTests.java b/web/src/test/java/org/springframework/security/web/authentication/session/CompositeSessionAuthenticationStrategyTests.java
index c840dd570b..087c6bc578 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/session/CompositeSessionAuthenticationStrategyTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/session/CompositeSessionAuthenticationStrategyTests.java
@@ -30,7 +30,7 @@ import org.mockito.junit.MockitoJUnitRunner;
 import org.springframework.security.core.Authentication;
 
 import static org.assertj.core.api.Assertions.fail;
-import static org.mockito.Mockito.doThrow;
+import static org.mockito.BDDMockito.willThrow;
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
 
@@ -83,8 +83,8 @@ public class CompositeSessionAuthenticationStrategyTests {
 
 	@Test
 	public void delegateShortCircuits() {
-		doThrow(new SessionAuthenticationException("oops")).when(this.strategy1).onAuthentication(this.authentication,
-				this.request, this.response);
+		willThrow(new SessionAuthenticationException("oops")).given(this.strategy1)
+				.onAuthentication(this.authentication, this.request, this.response);
 
 		CompositeSessionAuthenticationStrategy strategy = new CompositeSessionAuthenticationStrategy(
 				Arrays.asList(this.strategy1, this.strategy2));
diff --git a/web/src/test/java/org/springframework/security/web/authentication/session/ConcurrentSessionControlAuthenticationStrategyTests.java b/web/src/test/java/org/springframework/security/web/authentication/session/ConcurrentSessionControlAuthenticationStrategyTests.java
index 9bcfc4b7dd..0f10d0e19c 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/session/ConcurrentSessionControlAuthenticationStrategyTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/session/ConcurrentSessionControlAuthenticationStrategyTests.java
@@ -38,7 +38,7 @@ import org.springframework.security.core.session.SessionRegistry;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyBoolean;
-import static org.mockito.Mockito.when;
+import static org.mockito.BDDMockito.given;
 
 /**
  * @author Rob Winch
@@ -78,8 +78,8 @@ public class ConcurrentSessionControlAuthenticationStrategyTests {
 
 	@Test
 	public void noRegisteredSession() {
-		when(this.sessionRegistry.getAllSessions(any(), anyBoolean()))
-				.thenReturn(Collections.<SessionInformation>emptyList());
+		given(this.sessionRegistry.getAllSessions(any(), anyBoolean()))
+				.willReturn(Collections.<SessionInformation>emptyList());
 		this.strategy.setMaximumSessions(1);
 		this.strategy.setExceptionIfMaximumExceeded(true);
 
@@ -92,8 +92,8 @@ public class ConcurrentSessionControlAuthenticationStrategyTests {
 	public void maxSessionsSameSessionId() {
 		MockHttpSession session = new MockHttpSession(new MockServletContext(), this.sessionInformation.getSessionId());
 		this.request.setSession(session);
-		when(this.sessionRegistry.getAllSessions(any(), anyBoolean()))
-				.thenReturn(Collections.<SessionInformation>singletonList(this.sessionInformation));
+		given(this.sessionRegistry.getAllSessions(any(), anyBoolean()))
+				.willReturn(Collections.<SessionInformation>singletonList(this.sessionInformation));
 		this.strategy.setMaximumSessions(1);
 		this.strategy.setExceptionIfMaximumExceeded(true);
 
@@ -104,8 +104,8 @@ public class ConcurrentSessionControlAuthenticationStrategyTests {
 
 	@Test(expected = SessionAuthenticationException.class)
 	public void maxSessionsWithException() {
-		when(this.sessionRegistry.getAllSessions(any(), anyBoolean()))
-				.thenReturn(Collections.<SessionInformation>singletonList(this.sessionInformation));
+		given(this.sessionRegistry.getAllSessions(any(), anyBoolean()))
+				.willReturn(Collections.<SessionInformation>singletonList(this.sessionInformation));
 		this.strategy.setMaximumSessions(1);
 		this.strategy.setExceptionIfMaximumExceeded(true);
 
@@ -114,8 +114,8 @@ public class ConcurrentSessionControlAuthenticationStrategyTests {
 
 	@Test
 	public void maxSessionsExpireExistingUser() {
-		when(this.sessionRegistry.getAllSessions(any(), anyBoolean()))
-				.thenReturn(Collections.<SessionInformation>singletonList(this.sessionInformation));
+		given(this.sessionRegistry.getAllSessions(any(), anyBoolean()))
+				.willReturn(Collections.<SessionInformation>singletonList(this.sessionInformation));
 		this.strategy.setMaximumSessions(1);
 
 		this.strategy.onAuthentication(this.authentication, this.request, this.response);
@@ -127,8 +127,8 @@ public class ConcurrentSessionControlAuthenticationStrategyTests {
 	public void maxSessionsExpireLeastRecentExistingUser() {
 		SessionInformation moreRecentSessionInfo = new SessionInformation(this.authentication.getPrincipal(), "unique",
 				new Date(1374766999999L));
-		when(this.sessionRegistry.getAllSessions(any(), anyBoolean()))
-				.thenReturn(Arrays.<SessionInformation>asList(moreRecentSessionInfo, this.sessionInformation));
+		given(this.sessionRegistry.getAllSessions(any(), anyBoolean()))
+				.willReturn(Arrays.<SessionInformation>asList(moreRecentSessionInfo, this.sessionInformation));
 		this.strategy.setMaximumSessions(2);
 
 		this.strategy.onAuthentication(this.authentication, this.request, this.response);
@@ -142,7 +142,7 @@ public class ConcurrentSessionControlAuthenticationStrategyTests {
 				new Date(1374766134214L));
 		SessionInformation secondOldestSessionInfo = new SessionInformation(this.authentication.getPrincipal(),
 				"unique2", new Date(1374766134215L));
-		when(this.sessionRegistry.getAllSessions(any(), anyBoolean())).thenReturn(
+		given(this.sessionRegistry.getAllSessions(any(), anyBoolean())).willReturn(
 				Arrays.<SessionInformation>asList(oldestSessionInfo, secondOldestSessionInfo, this.sessionInformation));
 		this.strategy.setMaximumSessions(2);
 
diff --git a/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilterTests.java
index 9367eac111..39a7ac7655 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilterTests.java
@@ -44,10 +44,10 @@ import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.AdditionalMatchers.not;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.never;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 
 /**
  * Tests {@link BasicAuthenticationFilter}.
@@ -69,8 +69,8 @@ public class BasicAuthenticationFilterTests {
 				AuthorityUtils.createAuthorityList("ROLE_1"));
 
 		this.manager = mock(AuthenticationManager.class);
-		when(this.manager.authenticate(rodRequest)).thenReturn(rod);
-		when(this.manager.authenticate(not(eq(rodRequest)))).thenThrow(new BadCredentialsException(""));
+		given(this.manager.authenticate(rodRequest)).willReturn(rod);
+		given(this.manager.authenticate(not(eq(rodRequest)))).willThrow(new BadCredentialsException(""));
 
 		this.filter = new BasicAuthenticationFilter(this.manager, new BasicAuthenticationEntryPoint());
 	}
@@ -312,8 +312,8 @@ public class BasicAuthenticationFilterTests {
 				AuthorityUtils.createAuthorityList("ROLE_1"));
 
 		this.manager = mock(AuthenticationManager.class);
-		when(this.manager.authenticate(rodRequest)).thenReturn(rod);
-		when(this.manager.authenticate(not(eq(rodRequest)))).thenThrow(new BadCredentialsException(""));
+		given(this.manager.authenticate(rodRequest)).willReturn(rod);
+		given(this.manager.authenticate(not(eq(rodRequest)))).willThrow(new BadCredentialsException(""));
 
 		this.filter = new BasicAuthenticationFilter(this.manager, new BasicAuthenticationEntryPoint());
 
@@ -347,8 +347,8 @@ public class BasicAuthenticationFilterTests {
 				AuthorityUtils.createAuthorityList("ROLE_1"));
 
 		this.manager = mock(AuthenticationManager.class);
-		when(this.manager.authenticate(rodRequest)).thenReturn(rod);
-		when(this.manager.authenticate(not(eq(rodRequest)))).thenThrow(new BadCredentialsException(""));
+		given(this.manager.authenticate(rodRequest)).willReturn(rod);
+		given(this.manager.authenticate(not(eq(rodRequest)))).willThrow(new BadCredentialsException(""));
 
 		this.filter = new BasicAuthenticationFilter(this.manager, new BasicAuthenticationEntryPoint());
 		this.filter.setCredentialsCharset("ISO-8859-1");
@@ -383,8 +383,8 @@ public class BasicAuthenticationFilterTests {
 				AuthorityUtils.createAuthorityList("ROLE_1"));
 
 		this.manager = mock(AuthenticationManager.class);
-		when(this.manager.authenticate(rodRequest)).thenReturn(rod);
-		when(this.manager.authenticate(not(eq(rodRequest)))).thenThrow(new BadCredentialsException(""));
+		given(this.manager.authenticate(rodRequest)).willReturn(rod);
+		given(this.manager.authenticate(not(eq(rodRequest)))).willThrow(new BadCredentialsException(""));
 
 		this.filter = new BasicAuthenticationFilter(this.manager, new BasicAuthenticationEntryPoint());
 		this.filter.setCredentialsCharset("ISO-8859-1");
diff --git a/web/src/test/java/org/springframework/security/web/concurrent/ConcurrentSessionFilterTests.java b/web/src/test/java/org/springframework/security/web/concurrent/ConcurrentSessionFilterTests.java
index 57c42e4f6b..e6bd2892d6 100644
--- a/web/src/test/java/org/springframework/security/web/concurrent/ConcurrentSessionFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/concurrent/ConcurrentSessionFilterTests.java
@@ -44,10 +44,10 @@ import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyString;
 import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.verifyZeroInteractions;
-import static org.mockito.Mockito.when;
 
 /**
  * Tests {@link ConcurrentSessionFilter}.
@@ -179,7 +179,7 @@ public class ConcurrentSessionFilterTests {
 		SessionInformation information = new SessionInformation("user", "sessionId",
 				new Date(System.currentTimeMillis() - 1000));
 		information.expireNow();
-		when(registry.getSessionInformation(anyString())).thenReturn(information);
+		given(registry.getSessionInformation(anyString())).willReturn(information);
 
 		String expiredUrl = "/expired";
 		ConcurrentSessionFilter filter = new ConcurrentSessionFilter(registry, expiredUrl);
@@ -224,7 +224,7 @@ public class ConcurrentSessionFilterTests {
 		SessionInformation information = new SessionInformation("user", "sessionId",
 				new Date(System.currentTimeMillis() - 1000));
 		information.expireNow();
-		when(registry.getSessionInformation(anyString())).thenReturn(information);
+		given(registry.getSessionInformation(anyString())).willReturn(information);
 
 		String expiredUrl = "/expired";
 		ConcurrentSessionFilter filter = new ConcurrentSessionFilter(registry, expiredUrl);
@@ -247,7 +247,7 @@ public class ConcurrentSessionFilterTests {
 		SessionInformation information = new SessionInformation("user", "sessionId",
 				new Date(System.currentTimeMillis() - 1000));
 		information.expireNow();
-		when(registry.getSessionInformation(anyString())).thenReturn(information);
+		given(registry.getSessionInformation(anyString())).willReturn(information);
 
 		final String expiredUrl = "/expired";
 		ConcurrentSessionFilter filter = new ConcurrentSessionFilter(registry, expiredUrl + "will-be-overrridden") {
@@ -276,7 +276,7 @@ public class ConcurrentSessionFilterTests {
 		SessionInformation information = new SessionInformation("user", "sessionId",
 				new Date(System.currentTimeMillis() - 1000));
 		information.expireNow();
-		when(registry.getSessionInformation(anyString())).thenReturn(information);
+		given(registry.getSessionInformation(anyString())).willReturn(information);
 
 		ConcurrentSessionFilter filter = new ConcurrentSessionFilter(registry);
 
@@ -298,7 +298,7 @@ public class ConcurrentSessionFilterTests {
 		SessionInformation information = new SessionInformation("user", "sessionId",
 				new Date(System.currentTimeMillis() - 1000));
 		information.expireNow();
-		when(registry.getSessionInformation(anyString())).thenReturn(information);
+		given(registry.getSessionInformation(anyString())).willReturn(information);
 
 		ConcurrentSessionFilter filter = new ConcurrentSessionFilter(registry);
 		filter.setLogoutHandlers(new LogoutHandler[] { handler });
diff --git a/web/src/test/java/org/springframework/security/web/context/SecurityContextPersistenceFilterTests.java b/web/src/test/java/org/springframework/security/web/context/SecurityContextPersistenceFilterTests.java
index 8bd39186b2..b4c15c2db7 100644
--- a/web/src/test/java/org/springframework/security/web/context/SecurityContextPersistenceFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/context/SecurityContextPersistenceFilterTests.java
@@ -34,10 +34,10 @@ import org.springframework.security.core.context.SecurityContextImpl;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.fail;
 import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.Mockito.doThrow;
+import static org.mockito.BDDMockito.given;
+import static org.mockito.BDDMockito.willThrow;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 
 public class SecurityContextPersistenceFilterTests {
 
@@ -68,7 +68,7 @@ public class SecurityContextPersistenceFilterTests {
 		final MockHttpServletResponse response = new MockHttpServletResponse();
 		SecurityContextPersistenceFilter filter = new SecurityContextPersistenceFilter();
 		SecurityContextHolder.getContext().setAuthentication(this.testToken);
-		doThrow(new IOException()).when(chain).doFilter(any(ServletRequest.class), any(ServletResponse.class));
+		willThrow(new IOException()).given(chain).doFilter(any(ServletRequest.class), any(ServletResponse.class));
 		try {
 			filter.doFilter(request, response, chain);
 			fail("IOException should have been thrown");
@@ -91,7 +91,7 @@ public class SecurityContextPersistenceFilterTests {
 		final SecurityContextRepository repo = mock(SecurityContextRepository.class);
 		SecurityContextPersistenceFilter filter = new SecurityContextPersistenceFilter(repo);
 
-		when(repo.loadContext(any(HttpRequestResponseHolder.class))).thenReturn(scBefore);
+		given(repo.loadContext(any(HttpRequestResponseHolder.class))).willReturn(scBefore);
 
 		final FilterChain chain = (request1, response1) -> {
 			assertThat(SecurityContextHolder.getContext().getAuthentication()).isEqualTo(beforeAuth);
diff --git a/web/src/test/java/org/springframework/security/web/context/request/async/WebAsyncManagerIntegrationFilterTests.java b/web/src/test/java/org/springframework/security/web/context/request/async/WebAsyncManagerIntegrationFilterTests.java
index ca1b3b84d6..2242f64dd1 100644
--- a/web/src/test/java/org/springframework/security/web/context/request/async/WebAsyncManagerIntegrationFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/context/request/async/WebAsyncManagerIntegrationFilterTests.java
@@ -39,7 +39,7 @@ import org.springframework.web.context.request.async.WebAsyncManager;
 import org.springframework.web.context.request.async.WebAsyncUtils;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.Mockito.when;
+import static org.mockito.BDDMockito.given;
 
 /**
  * @author Rob Winch
@@ -79,7 +79,7 @@ public class WebAsyncManagerIntegrationFilterTests {
 		this.asyncManager = WebAsyncUtils.getAsyncManager(this.request);
 		this.asyncManager.setAsyncWebRequest(this.asyncWebRequest);
 		this.asyncManager.setTaskExecutor(executor);
-		when(this.request.getAttribute(WebAsyncUtils.WEB_ASYNC_MANAGER_ATTRIBUTE)).thenReturn(this.asyncManager);
+		given(this.request.getAttribute(WebAsyncUtils.WEB_ASYNC_MANAGER_ATTRIBUTE)).willReturn(this.asyncManager);
 
 		this.filter = new WebAsyncManagerIntegrationFilter();
 	}
diff --git a/web/src/test/java/org/springframework/security/web/csrf/CsrfAuthenticationStrategyTests.java b/web/src/test/java/org/springframework/security/web/csrf/CsrfAuthenticationStrategyTests.java
index 56d3606318..3ea7571f82 100644
--- a/web/src/test/java/org/springframework/security/web/csrf/CsrfAuthenticationStrategyTests.java
+++ b/web/src/test/java/org/springframework/security/web/csrf/CsrfAuthenticationStrategyTests.java
@@ -31,9 +31,9 @@ import org.springframework.security.authentication.TestingAuthenticationToken;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.never;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 
 /**
  * @author Rob Winch
@@ -72,8 +72,8 @@ public class CsrfAuthenticationStrategyTests {
 
 	@Test
 	public void logoutRemovesCsrfTokenAndSavesNew() {
-		when(this.csrfTokenRepository.loadToken(this.request)).thenReturn(this.existingToken);
-		when(this.csrfTokenRepository.generateToken(this.request)).thenReturn(this.generatedToken);
+		given(this.csrfTokenRepository.loadToken(this.request)).willReturn(this.existingToken);
+		given(this.csrfTokenRepository.generateToken(this.request)).willReturn(this.generatedToken);
 		this.strategy.onAuthentication(new TestingAuthenticationToken("user", "password", "ROLE_USER"), this.request,
 				this.response);
 
@@ -93,8 +93,8 @@ public class CsrfAuthenticationStrategyTests {
 	public void delaySavingCsrf() {
 		this.strategy = new CsrfAuthenticationStrategy(new LazyCsrfTokenRepository(this.csrfTokenRepository));
 
-		when(this.csrfTokenRepository.loadToken(this.request)).thenReturn(this.existingToken);
-		when(this.csrfTokenRepository.generateToken(this.request)).thenReturn(this.generatedToken);
+		given(this.csrfTokenRepository.loadToken(this.request)).willReturn(this.existingToken);
+		given(this.csrfTokenRepository.generateToken(this.request)).willReturn(this.generatedToken);
 		this.strategy.onAuthentication(new TestingAuthenticationToken("user", "password", "ROLE_USER"), this.request,
 				this.response);
 
diff --git a/web/src/test/java/org/springframework/security/web/csrf/CsrfFilterTests.java b/web/src/test/java/org/springframework/security/web/csrf/CsrfFilterTests.java
index 412a63f81e..df217454e2 100644
--- a/web/src/test/java/org/springframework/security/web/csrf/CsrfFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/csrf/CsrfFilterTests.java
@@ -40,13 +40,13 @@ import org.springframework.security.web.util.matcher.RequestMatcher;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.lenient;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.never;
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.verifyZeroInteractions;
-import static org.mockito.Mockito.when;
 
 /**
  * @author Rob Winch
@@ -103,8 +103,8 @@ public class CsrfFilterTests {
 	@Test
 	public void doFilterDoesNotSaveCsrfTokenUntilAccessed() throws ServletException, IOException {
 		this.filter = createCsrfFilter(new LazyCsrfTokenRepository(this.tokenRepository));
-		when(this.requestMatcher.matches(this.request)).thenReturn(false);
-		when(this.tokenRepository.generateToken(this.request)).thenReturn(this.token);
+		given(this.requestMatcher.matches(this.request)).willReturn(false);
+		given(this.tokenRepository.generateToken(this.request)).willReturn(this.token);
 
 		this.filter.doFilter(this.request, this.response, this.filterChain);
 		CsrfToken attrToken = (CsrfToken) this.request.getAttribute(this.token.getParameterName());
@@ -124,8 +124,8 @@ public class CsrfFilterTests {
 
 	@Test
 	public void doFilterAccessDeniedNoTokenPresent() throws ServletException, IOException {
-		when(this.requestMatcher.matches(this.request)).thenReturn(true);
-		when(this.tokenRepository.loadToken(this.request)).thenReturn(this.token);
+		given(this.requestMatcher.matches(this.request)).willReturn(true);
+		given(this.tokenRepository.loadToken(this.request)).willReturn(this.token);
 
 		this.filter.doFilter(this.request, this.response, this.filterChain);
 
@@ -138,8 +138,8 @@ public class CsrfFilterTests {
 
 	@Test
 	public void doFilterAccessDeniedIncorrectTokenPresent() throws ServletException, IOException {
-		when(this.requestMatcher.matches(this.request)).thenReturn(true);
-		when(this.tokenRepository.loadToken(this.request)).thenReturn(this.token);
+		given(this.requestMatcher.matches(this.request)).willReturn(true);
+		given(this.tokenRepository.loadToken(this.request)).willReturn(this.token);
 		this.request.setParameter(this.token.getParameterName(), this.token.getToken() + " INVALID");
 
 		this.filter.doFilter(this.request, this.response, this.filterChain);
@@ -153,8 +153,8 @@ public class CsrfFilterTests {
 
 	@Test
 	public void doFilterAccessDeniedIncorrectTokenPresentHeader() throws ServletException, IOException {
-		when(this.requestMatcher.matches(this.request)).thenReturn(true);
-		when(this.tokenRepository.loadToken(this.request)).thenReturn(this.token);
+		given(this.requestMatcher.matches(this.request)).willReturn(true);
+		given(this.tokenRepository.loadToken(this.request)).willReturn(this.token);
 		this.request.addHeader(this.token.getHeaderName(), this.token.getToken() + " INVALID");
 
 		this.filter.doFilter(this.request, this.response, this.filterChain);
@@ -169,8 +169,8 @@ public class CsrfFilterTests {
 	@Test
 	public void doFilterAccessDeniedIncorrectTokenPresentHeaderPreferredOverParameter()
 			throws ServletException, IOException {
-		when(this.requestMatcher.matches(this.request)).thenReturn(true);
-		when(this.tokenRepository.loadToken(this.request)).thenReturn(this.token);
+		given(this.requestMatcher.matches(this.request)).willReturn(true);
+		given(this.tokenRepository.loadToken(this.request)).willReturn(this.token);
 		this.request.setParameter(this.token.getParameterName(), this.token.getToken());
 		this.request.addHeader(this.token.getHeaderName(), this.token.getToken() + " INVALID");
 
@@ -185,8 +185,8 @@ public class CsrfFilterTests {
 
 	@Test
 	public void doFilterNotCsrfRequestExistingToken() throws ServletException, IOException {
-		when(this.requestMatcher.matches(this.request)).thenReturn(false);
-		when(this.tokenRepository.loadToken(this.request)).thenReturn(this.token);
+		given(this.requestMatcher.matches(this.request)).willReturn(false);
+		given(this.tokenRepository.loadToken(this.request)).willReturn(this.token);
 
 		this.filter.doFilter(this.request, this.response, this.filterChain);
 
@@ -199,8 +199,8 @@ public class CsrfFilterTests {
 
 	@Test
 	public void doFilterNotCsrfRequestGenerateToken() throws ServletException, IOException {
-		when(this.requestMatcher.matches(this.request)).thenReturn(false);
-		when(this.tokenRepository.generateToken(this.request)).thenReturn(this.token);
+		given(this.requestMatcher.matches(this.request)).willReturn(false);
+		given(this.tokenRepository.generateToken(this.request)).willReturn(this.token);
 
 		this.filter.doFilter(this.request, this.response, this.filterChain);
 
@@ -213,8 +213,8 @@ public class CsrfFilterTests {
 
 	@Test
 	public void doFilterIsCsrfRequestExistingTokenHeader() throws ServletException, IOException {
-		when(this.requestMatcher.matches(this.request)).thenReturn(true);
-		when(this.tokenRepository.loadToken(this.request)).thenReturn(this.token);
+		given(this.requestMatcher.matches(this.request)).willReturn(true);
+		given(this.tokenRepository.loadToken(this.request)).willReturn(this.token);
 		this.request.addHeader(this.token.getHeaderName(), this.token.getToken());
 
 		this.filter.doFilter(this.request, this.response, this.filterChain);
@@ -229,8 +229,8 @@ public class CsrfFilterTests {
 	@Test
 	public void doFilterIsCsrfRequestExistingTokenHeaderPreferredOverInvalidParam()
 			throws ServletException, IOException {
-		when(this.requestMatcher.matches(this.request)).thenReturn(true);
-		when(this.tokenRepository.loadToken(this.request)).thenReturn(this.token);
+		given(this.requestMatcher.matches(this.request)).willReturn(true);
+		given(this.tokenRepository.loadToken(this.request)).willReturn(this.token);
 		this.request.setParameter(this.token.getParameterName(), this.token.getToken() + " INVALID");
 		this.request.addHeader(this.token.getHeaderName(), this.token.getToken());
 
@@ -245,8 +245,8 @@ public class CsrfFilterTests {
 
 	@Test
 	public void doFilterIsCsrfRequestExistingToken() throws ServletException, IOException {
-		when(this.requestMatcher.matches(this.request)).thenReturn(true);
-		when(this.tokenRepository.loadToken(this.request)).thenReturn(this.token);
+		given(this.requestMatcher.matches(this.request)).willReturn(true);
+		given(this.tokenRepository.loadToken(this.request)).willReturn(this.token);
 		this.request.setParameter(this.token.getParameterName(), this.token.getToken());
 
 		this.filter.doFilter(this.request, this.response, this.filterChain);
@@ -262,8 +262,8 @@ public class CsrfFilterTests {
 
 	@Test
 	public void doFilterIsCsrfRequestGenerateToken() throws ServletException, IOException {
-		when(this.requestMatcher.matches(this.request)).thenReturn(true);
-		when(this.tokenRepository.generateToken(this.request)).thenReturn(this.token);
+		given(this.requestMatcher.matches(this.request)).willReturn(true);
+		given(this.tokenRepository.generateToken(this.request)).willReturn(this.token);
 		this.request.setParameter(this.token.getParameterName(), this.token.getToken());
 
 		this.filter.doFilter(this.request, this.response, this.filterChain);
@@ -286,7 +286,7 @@ public class CsrfFilterTests {
 
 		for (String method : Arrays.asList("GET", "TRACE", "OPTIONS", "HEAD")) {
 			resetRequestResponse();
-			when(this.tokenRepository.loadToken(this.request)).thenReturn(this.token);
+			given(this.tokenRepository.loadToken(this.request)).willReturn(this.token);
 			this.request.setMethod(method);
 
 			this.filter.doFilter(this.request, this.response, this.filterChain);
@@ -309,7 +309,7 @@ public class CsrfFilterTests {
 
 		for (String method : Arrays.asList("get", "TrAcE", "oPTIOnS", "hEaD")) {
 			resetRequestResponse();
-			when(this.tokenRepository.loadToken(this.request)).thenReturn(this.token);
+			given(this.tokenRepository.loadToken(this.request)).willReturn(this.token);
 			this.request.setMethod(method);
 
 			this.filter.doFilter(this.request, this.response, this.filterChain);
@@ -327,7 +327,7 @@ public class CsrfFilterTests {
 
 		for (String method : Arrays.asList("POST", "PUT", "PATCH", "DELETE", "INVALID")) {
 			resetRequestResponse();
-			when(this.tokenRepository.loadToken(this.request)).thenReturn(this.token);
+			given(this.tokenRepository.loadToken(this.request)).willReturn(this.token);
 			this.request.setMethod(method);
 
 			this.filter.doFilter(this.request, this.response, this.filterChain);
@@ -342,8 +342,8 @@ public class CsrfFilterTests {
 	public void doFilterDefaultAccessDenied() throws ServletException, IOException {
 		this.filter = new CsrfFilter(this.tokenRepository);
 		this.filter.setRequireCsrfProtectionMatcher(this.requestMatcher);
-		when(this.requestMatcher.matches(this.request)).thenReturn(true);
-		when(this.tokenRepository.loadToken(this.request)).thenReturn(this.token);
+		given(this.requestMatcher.matches(this.request)).willReturn(true);
+		given(this.tokenRepository.loadToken(this.request)).willReturn(this.token);
 
 		this.filter.doFilter(this.request, this.response, this.filterChain);
 
diff --git a/web/src/test/java/org/springframework/security/web/csrf/LazyCsrfTokenRepositoryTests.java b/web/src/test/java/org/springframework/security/web/csrf/LazyCsrfTokenRepositoryTests.java
index ffbb94f2a5..36bc4b0284 100644
--- a/web/src/test/java/org/springframework/security/web/csrf/LazyCsrfTokenRepositoryTests.java
+++ b/web/src/test/java/org/springframework/security/web/csrf/LazyCsrfTokenRepositoryTests.java
@@ -27,10 +27,10 @@ import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.verifyZeroInteractions;
-import static org.mockito.Mockito.when;
 
 /**
  * @author Rob Winch
@@ -55,8 +55,8 @@ public class LazyCsrfTokenRepositoryTests {
 	@Before
 	public void setup() {
 		this.token = new DefaultCsrfToken("header", "param", "token");
-		when(this.delegate.generateToken(this.request)).thenReturn(this.token);
-		when(this.request.getAttribute(HttpServletResponse.class.getName())).thenReturn(this.response);
+		given(this.delegate.generateToken(this.request)).willReturn(this.token);
+		given(this.request.getAttribute(HttpServletResponse.class.getName())).willReturn(this.response);
 	}
 
 	@Test(expected = IllegalArgumentException.class)
@@ -94,7 +94,7 @@ public class LazyCsrfTokenRepositoryTests {
 
 	@Test
 	public void loadTokenDelegates() {
-		when(this.delegate.loadToken(this.request)).thenReturn(this.token);
+		given(this.delegate.loadToken(this.request)).willReturn(this.token);
 
 		CsrfToken loadToken = this.repository.loadToken(this.request);
 		assertThat(loadToken).isSameAs(this.token);
diff --git a/web/src/test/java/org/springframework/security/web/debug/DebugFilterTests.java b/web/src/test/java/org/springframework/security/web/debug/DebugFilterTests.java
index 2d0cf0248e..c9d76279df 100644
--- a/web/src/test/java/org/springframework/security/web/debug/DebugFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/debug/DebugFilterTests.java
@@ -39,9 +39,9 @@ import org.springframework.test.util.ReflectionTestUtils;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.anyString;
 import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.never;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 
 /**
  * @author Rob Winch
@@ -78,8 +78,8 @@ public class DebugFilterTests {
 
 	@Before
 	public void setUp() {
-		when(this.request.getHeaderNames()).thenReturn(Collections.enumeration(Collections.<String>emptyList()));
-		when(this.request.getServletPath()).thenReturn("/login");
+		given(this.request.getHeaderNames()).willReturn(Collections.enumeration(Collections.<String>emptyList()));
+		given(this.request.getServletPath()).willReturn("/login");
 		this.filter = new DebugFilter(this.fcp);
 		ReflectionTestUtils.setField(this.filter, "logger", this.logger);
 		this.requestAttr = DebugFilter.ALREADY_FILTERED_ATTR_NAME;
@@ -99,7 +99,7 @@ public class DebugFilterTests {
 	// SEC-1901
 	@Test
 	public void doFilterProcessesForwardedRequests() throws Exception {
-		when(this.request.getAttribute(this.requestAttr)).thenReturn(Boolean.TRUE);
+		given(this.request.getAttribute(this.requestAttr)).willReturn(Boolean.TRUE);
 		HttpServletRequest request = new DebugRequestWrapper(this.request);
 
 		this.filter.doFilter(request, this.response, this.filterChain);
@@ -111,7 +111,7 @@ public class DebugFilterTests {
 
 	@Test
 	public void doFilterDoesNotWrapWithDebugRequestWrapperAgain() throws Exception {
-		when(this.request.getAttribute(this.requestAttr)).thenReturn(Boolean.TRUE);
+		given(this.request.getAttribute(this.requestAttr)).willReturn(Boolean.TRUE);
 		HttpServletRequest fireWalledRequest = new HttpServletRequestWrapper(new DebugRequestWrapper(this.request));
 
 		this.filter.doFilter(fireWalledRequest, this.response, this.filterChain);
diff --git a/web/src/test/java/org/springframework/security/web/firewall/RequestWrapperTests.java b/web/src/test/java/org/springframework/security/web/firewall/RequestWrapperTests.java
index b4e92e8c64..378122d10e 100644
--- a/web/src/test/java/org/springframework/security/web/firewall/RequestWrapperTests.java
+++ b/web/src/test/java/org/springframework/security/web/firewall/RequestWrapperTests.java
@@ -28,11 +28,11 @@ import org.junit.Test;
 import org.springframework.mock.web.MockHttpServletRequest;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.verifyNoMoreInteractions;
-import static org.mockito.Mockito.when;
 
 /**
  * @author Luke Taylor
@@ -93,9 +93,9 @@ public class RequestWrapperTests {
 		HttpServletRequest mockRequest = mock(HttpServletRequest.class);
 		HttpServletResponse mockResponse = mock(HttpServletResponse.class);
 		RequestDispatcher mockDispatcher = mock(RequestDispatcher.class);
-		when(mockRequest.getServletPath()).thenReturn("");
-		when(mockRequest.getPathInfo()).thenReturn(denormalizedPath);
-		when(mockRequest.getRequestDispatcher(forwardPath)).thenReturn(mockDispatcher);
+		given(mockRequest.getServletPath()).willReturn("");
+		given(mockRequest.getPathInfo()).willReturn(denormalizedPath);
+		given(mockRequest.getRequestDispatcher(forwardPath)).willReturn(mockDispatcher);
 
 		RequestWrapper wrapper = new RequestWrapper(mockRequest);
 		RequestDispatcher dispatcher = wrapper.getRequestDispatcher(forwardPath);
@@ -116,7 +116,7 @@ public class RequestWrapperTests {
 		String path = "/forward/path";
 		HttpServletRequest request = mock(HttpServletRequest.class);
 		RequestDispatcher dispatcher = mock(RequestDispatcher.class);
-		when(request.getRequestDispatcher(path)).thenReturn(dispatcher);
+		given(request.getRequestDispatcher(path)).willReturn(dispatcher);
 		RequestWrapper wrapper = new RequestWrapper(request);
 		wrapper.reset();
 		assertThat(wrapper.getRequestDispatcher(path)).isSameAs(dispatcher);
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/DelegatingRequestMatcherHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/DelegatingRequestMatcherHeaderWriterTests.java
index f80b2cafef..2c5469247d 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/DelegatingRequestMatcherHeaderWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/DelegatingRequestMatcherHeaderWriterTests.java
@@ -26,9 +26,9 @@ import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.security.web.header.HeaderWriter;
 import org.springframework.security.web.util.matcher.RequestMatcher;
 
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 
 /**
  * @author Rob Winch
@@ -68,7 +68,7 @@ public class DelegatingRequestMatcherHeaderWriterTests {
 
 	@Test
 	public void writeHeadersOnMatch() {
-		when(this.matcher.matches(this.request)).thenReturn(true);
+		given(this.matcher.matches(this.request)).willReturn(true);
 
 		this.headerWriter.writeHeaders(this.request, this.response);
 
@@ -77,7 +77,7 @@ public class DelegatingRequestMatcherHeaderWriterTests {
 
 	@Test
 	public void writeHeadersOnNoMatch() {
-		when(this.matcher.matches(this.request)).thenReturn(false);
+		given(this.matcher.matches(this.request)).willReturn(false);
 
 		this.headerWriter.writeHeaders(this.request, this.response);
 
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/FrameOptionsHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/FrameOptionsHeaderWriterTests.java
index 52fc10499f..e3a2af46df 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/FrameOptionsHeaderWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/FrameOptionsHeaderWriterTests.java
@@ -26,7 +26,7 @@ import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter.XFrameOptionsMode;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.Mockito.when;
+import static org.mockito.BDDMockito.given;
 
 /**
  * @author Rob Winch
@@ -77,7 +77,7 @@ public class FrameOptionsHeaderWriterTests {
 	@Test
 	public void writeHeadersAllowFrom() {
 		String allowFromValue = "https://example.com/";
-		when(this.strategy.getAllowFromValue(this.request)).thenReturn(allowFromValue);
+		given(this.strategy.getAllowFromValue(this.request)).willReturn(allowFromValue);
 		this.writer = new XFrameOptionsHeaderWriter(this.strategy);
 
 		this.writer.writeHeaders(this.request, this.response);
diff --git a/web/src/test/java/org/springframework/security/web/reactive/result/method/annotation/AuthenticationPrincipalArgumentResolverTests.java b/web/src/test/java/org/springframework/security/web/reactive/result/method/annotation/AuthenticationPrincipalArgumentResolverTests.java
index ec368956ee..6bfabe3794 100644
--- a/web/src/test/java/org/springframework/security/web/reactive/result/method/annotation/AuthenticationPrincipalArgumentResolverTests.java
+++ b/web/src/test/java/org/springframework/security/web/reactive/result/method/annotation/AuthenticationPrincipalArgumentResolverTests.java
@@ -43,7 +43,7 @@ import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
-import static org.mockito.Mockito.when;
+import static org.mockito.BDDMockito.given;
 
 /**
  * @author Rob Winch
@@ -93,7 +93,7 @@ public class AuthenticationPrincipalArgumentResolverTests {
 	@Test
 	public void resolveArgumentWhenIsAuthenticationThenObtainsPrincipal() {
 		MethodParameter parameter = this.authenticationPrincipal.arg(String.class);
-		when(this.authentication.getPrincipal()).thenReturn("user");
+		given(this.authentication.getPrincipal()).willReturn("user");
 
 		Mono<Object> argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange)
 				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication));
@@ -114,7 +114,7 @@ public class AuthenticationPrincipalArgumentResolverTests {
 	@Test
 	public void resolveArgumentWhenMonoIsAuthenticationThenObtainsPrincipal() {
 		MethodParameter parameter = this.authenticationPrincipal.arg(Mono.class, String.class);
-		when(this.authentication.getPrincipal()).thenReturn("user");
+		given(this.authentication.getPrincipal()).willReturn("user");
 
 		Mono<Object> argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange)
 				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication));
@@ -126,7 +126,7 @@ public class AuthenticationPrincipalArgumentResolverTests {
 	public void resolveArgumentWhenMonoIsAuthenticationAndNoGenericThenObtainsPrincipal() {
 		MethodParameter parameter = ResolvableMethod.on(getClass()).named("authenticationPrincipalNoGeneric").build()
 				.arg(Mono.class);
-		when(this.authentication.getPrincipal()).thenReturn("user");
+		given(this.authentication.getPrincipal()).willReturn("user");
 
 		Mono<Object> argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange)
 				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication));
@@ -138,7 +138,7 @@ public class AuthenticationPrincipalArgumentResolverTests {
 	public void resolveArgumentWhenSpelThenObtainsPrincipal() {
 		MyUser user = new MyUser(3L);
 		MethodParameter parameter = this.spel.arg(Long.class);
-		when(this.authentication.getPrincipal()).thenReturn(user);
+		given(this.authentication.getPrincipal()).willReturn(user);
 
 		Mono<Object> argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange)
 				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication));
@@ -150,8 +150,8 @@ public class AuthenticationPrincipalArgumentResolverTests {
 	public void resolveArgumentWhenBeanThenObtainsPrincipal() throws Exception {
 		MyUser user = new MyUser(3L);
 		MethodParameter parameter = this.bean.arg(Long.class);
-		when(this.authentication.getPrincipal()).thenReturn(user);
-		when(this.beanResolver.resolve(any(), eq("beanName"))).thenReturn(new Bean());
+		given(this.authentication.getPrincipal()).willReturn(user);
+		given(this.beanResolver.resolve(any(), eq("beanName"))).willReturn(new Bean());
 
 		Mono<Object> argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange)
 				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication));
@@ -162,7 +162,7 @@ public class AuthenticationPrincipalArgumentResolverTests {
 	@Test
 	public void resolveArgumentWhenMetaThenObtainsPrincipal() {
 		MethodParameter parameter = this.meta.arg(String.class);
-		when(this.authentication.getPrincipal()).thenReturn("user");
+		given(this.authentication.getPrincipal()).willReturn("user");
 
 		Mono<Object> argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange)
 				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication));
@@ -174,7 +174,7 @@ public class AuthenticationPrincipalArgumentResolverTests {
 	public void resolveArgumentWhenErrorOnInvalidTypeImplicit() {
 		MethodParameter parameter = ResolvableMethod.on(getClass()).named("errorOnInvalidTypeWhenImplicit").build()
 				.arg(Integer.class);
-		when(this.authentication.getPrincipal()).thenReturn("user");
+		given(this.authentication.getPrincipal()).willReturn("user");
 
 		Mono<Object> argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange)
 				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication));
@@ -186,7 +186,7 @@ public class AuthenticationPrincipalArgumentResolverTests {
 	public void resolveArgumentWhenErrorOnInvalidTypeExplicitFalse() {
 		MethodParameter parameter = ResolvableMethod.on(getClass()).named("errorOnInvalidTypeWhenExplicitFalse").build()
 				.arg(Integer.class);
-		when(this.authentication.getPrincipal()).thenReturn("user");
+		given(this.authentication.getPrincipal()).willReturn("user");
 
 		Mono<Object> argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange)
 				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication));
@@ -198,7 +198,7 @@ public class AuthenticationPrincipalArgumentResolverTests {
 	public void resolveArgumentWhenErrorOnInvalidTypeExplicitTrue() {
 		MethodParameter parameter = ResolvableMethod.on(getClass()).named("errorOnInvalidTypeWhenExplicitTrue").build()
 				.arg(Integer.class);
-		when(this.authentication.getPrincipal()).thenReturn("user");
+		given(this.authentication.getPrincipal()).willReturn("user");
 
 		Mono<Object> argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange)
 				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication));
diff --git a/web/src/test/java/org/springframework/security/web/server/DelegatingServerAuthenticationEntryPointTests.java b/web/src/test/java/org/springframework/security/web/server/DelegatingServerAuthenticationEntryPointTests.java
index ccd315867f..924a940fd4 100644
--- a/web/src/test/java/org/springframework/security/web/server/DelegatingServerAuthenticationEntryPointTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/DelegatingServerAuthenticationEntryPointTests.java
@@ -32,9 +32,9 @@ import org.springframework.security.web.server.util.matcher.ServerWebExchangeMat
 import org.springframework.web.server.ServerWebExchange;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.verifyZeroInteractions;
-import static org.mockito.Mockito.when;
 
 /**
  * @author Rob Winch
@@ -64,9 +64,9 @@ public class DelegatingServerAuthenticationEntryPointTests {
 	@Test
 	public void commenceWhenNotMatchThenMatchThenOnlySecondDelegateInvoked() {
 		Mono<Void> expectedResult = Mono.empty();
-		when(this.matcher1.matches(this.exchange)).thenReturn(ServerWebExchangeMatcher.MatchResult.notMatch());
-		when(this.matcher2.matches(this.exchange)).thenReturn(ServerWebExchangeMatcher.MatchResult.match());
-		when(this.delegate2.commence(this.exchange, this.e)).thenReturn(expectedResult);
+		given(this.matcher1.matches(this.exchange)).willReturn(ServerWebExchangeMatcher.MatchResult.notMatch());
+		given(this.matcher2.matches(this.exchange)).willReturn(ServerWebExchangeMatcher.MatchResult.match());
+		given(this.delegate2.commence(this.exchange, this.e)).willReturn(expectedResult);
 		this.entryPoint = new DelegatingServerAuthenticationEntryPoint(new DelegateEntry(this.matcher1, this.delegate1),
 				new DelegateEntry(this.matcher2, this.delegate2));
 
@@ -79,7 +79,7 @@ public class DelegatingServerAuthenticationEntryPointTests {
 
 	@Test
 	public void commenceWhenNotMatchThenDefault() {
-		when(this.matcher1.matches(this.exchange)).thenReturn(ServerWebExchangeMatcher.MatchResult.notMatch());
+		given(this.matcher1.matches(this.exchange)).willReturn(ServerWebExchangeMatcher.MatchResult.notMatch());
 		this.entryPoint = new DelegatingServerAuthenticationEntryPoint(
 				new DelegateEntry(this.matcher1, this.delegate1));
 
diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/AuthenticationConverterServerWebExchangeMatcherTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/AuthenticationConverterServerWebExchangeMatcherTests.java
index 92c76b25e3..9cee39d0d9 100644
--- a/web/src/test/java/org/springframework/security/web/server/authentication/AuthenticationConverterServerWebExchangeMatcherTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authentication/AuthenticationConverterServerWebExchangeMatcherTests.java
@@ -31,7 +31,7 @@ import org.springframework.security.core.Authentication;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatCode;
 import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.Mockito.when;
+import static org.mockito.BDDMockito.given;
 
 /**
  * @author David Kovac
@@ -63,35 +63,35 @@ public class AuthenticationConverterServerWebExchangeMatcherTests {
 
 	@Test
 	public void matchesWhenNotEmptyThenReturnTrue() {
-		when(this.converter.convert(any())).thenReturn(Mono.just(this.authentication));
+		given(this.converter.convert(any())).willReturn(Mono.just(this.authentication));
 
 		assertThat(this.matcher.matches(this.exchange).block().isMatch()).isTrue();
 	}
 
 	@Test
 	public void matchesWhenEmptyThenReturnFalse() {
-		when(this.converter.convert(any())).thenReturn(Mono.empty());
+		given(this.converter.convert(any())).willReturn(Mono.empty());
 
 		assertThat(this.matcher.matches(this.exchange).block().isMatch()).isFalse();
 	}
 
 	@Test
 	public void matchesWhenErrorThenReturnFalse() {
-		when(this.converter.convert(any())).thenReturn(Mono.error(new RuntimeException()));
+		given(this.converter.convert(any())).willReturn(Mono.error(new RuntimeException()));
 
 		assertThat(this.matcher.matches(this.exchange).block().isMatch()).isFalse();
 	}
 
 	@Test
 	public void matchesWhenNullThenThrowsException() {
-		when(this.converter.convert(any())).thenReturn(null);
+		given(this.converter.convert(any())).willReturn(null);
 
 		assertThatCode(() -> this.matcher.matches(this.exchange).block()).isInstanceOf(NullPointerException.class);
 	}
 
 	@Test
 	public void matchesWhenExceptionThenPropagates() {
-		when(this.converter.convert(any())).thenThrow(RuntimeException.class);
+		given(this.converter.convert(any())).willThrow(RuntimeException.class);
 
 		assertThatCode(() -> this.matcher.matches(this.exchange).block()).isInstanceOf(RuntimeException.class);
 	}
diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/AuthenticationWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/AuthenticationWebFilterTests.java
index 0850d3cdff..6e381d1220 100644
--- a/web/src/test/java/org/springframework/security/web/server/authentication/AuthenticationWebFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authentication/AuthenticationWebFilterTests.java
@@ -38,10 +38,10 @@ import org.springframework.web.server.ServerWebExchange;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.never;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.verifyZeroInteractions;
-import static org.mockito.Mockito.when;
 
 /**
  * @author Rob Winch
@@ -110,8 +110,8 @@ public class AuthenticationWebFilterTests {
 
 	@Test
 	public void filterWhenDefaultsAndAuthenticationSuccessThenContinues() {
-		when(this.authenticationManager.authenticate(any()))
-				.thenReturn(Mono.just(new TestingAuthenticationToken("test", "this", "ROLE")));
+		given(this.authenticationManager.authenticate(any()))
+				.willReturn(Mono.just(new TestingAuthenticationToken("test", "this", "ROLE")));
 		this.filter = new AuthenticationWebFilter(this.authenticationManager);
 
 		WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.filter).build();
@@ -126,9 +126,9 @@ public class AuthenticationWebFilterTests {
 
 	@Test
 	public void filterWhenAuthenticationManagerResolverDefaultsAndAuthenticationSuccessThenContinues() {
-		when(this.authenticationManager.authenticate(any()))
-				.thenReturn(Mono.just(new TestingAuthenticationToken("test", "this", "ROLE")));
-		when(this.authenticationManagerResolver.resolve(any())).thenReturn(Mono.just(this.authenticationManager));
+		given(this.authenticationManager.authenticate(any()))
+				.willReturn(Mono.just(new TestingAuthenticationToken("test", "this", "ROLE")));
+		given(this.authenticationManagerResolver.resolve(any())).willReturn(Mono.just(this.authenticationManager));
 
 		this.filter = new AuthenticationWebFilter(this.authenticationManagerResolver);
 
@@ -144,8 +144,8 @@ public class AuthenticationWebFilterTests {
 
 	@Test
 	public void filterWhenDefaultsAndAuthenticationFailThenUnauthorized() {
-		when(this.authenticationManager.authenticate(any()))
-				.thenReturn(Mono.error(new BadCredentialsException("failed")));
+		given(this.authenticationManager.authenticate(any()))
+				.willReturn(Mono.error(new BadCredentialsException("failed")));
 		this.filter = new AuthenticationWebFilter(this.authenticationManager);
 
 		WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.filter).build();
@@ -159,9 +159,9 @@ public class AuthenticationWebFilterTests {
 
 	@Test
 	public void filterWhenAuthenticationManagerResolverDefaultsAndAuthenticationFailThenUnauthorized() {
-		when(this.authenticationManager.authenticate(any()))
-				.thenReturn(Mono.error(new BadCredentialsException("failed")));
-		when(this.authenticationManagerResolver.resolve(any())).thenReturn(Mono.just(this.authenticationManager));
+		given(this.authenticationManager.authenticate(any()))
+				.willReturn(Mono.error(new BadCredentialsException("failed")));
+		given(this.authenticationManagerResolver.resolve(any())).willReturn(Mono.just(this.authenticationManager));
 
 		this.filter = new AuthenticationWebFilter(this.authenticationManagerResolver);
 
@@ -176,7 +176,7 @@ public class AuthenticationWebFilterTests {
 
 	@Test
 	public void filterWhenConvertEmptyThenOk() {
-		when(this.authenticationConverter.convert(any())).thenReturn(Mono.empty());
+		given(this.authenticationConverter.convert(any())).willReturn(Mono.empty());
 
 		WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.filter).build();
 
@@ -189,7 +189,7 @@ public class AuthenticationWebFilterTests {
 
 	@Test
 	public void filterWhenConvertErrorThenServerError() {
-		when(this.authenticationConverter.convert(any())).thenReturn(Mono.error(new RuntimeException("Unexpected")));
+		given(this.authenticationConverter.convert(any())).willReturn(Mono.error(new RuntimeException("Unexpected")));
 
 		WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.filter).build();
 
@@ -202,10 +202,10 @@ public class AuthenticationWebFilterTests {
 	@Test
 	public void filterWhenConvertAndAuthenticationSuccessThenSuccess() {
 		Mono<Authentication> authentication = Mono.just(new TestingAuthenticationToken("test", "this", "ROLE_USER"));
-		when(this.authenticationConverter.convert(any())).thenReturn(authentication);
-		when(this.authenticationManager.authenticate(any())).thenReturn(authentication);
-		when(this.successHandler.onAuthenticationSuccess(any(), any())).thenReturn(Mono.empty());
-		when(this.securityContextRepository.save(any(), any())).thenAnswer(a -> Mono.just(a.getArguments()[0]));
+		given(this.authenticationConverter.convert(any())).willReturn(authentication);
+		given(this.authenticationManager.authenticate(any())).willReturn(authentication);
+		given(this.successHandler.onAuthenticationSuccess(any(), any())).willReturn(Mono.empty());
+		given(this.securityContextRepository.save(any(), any())).willAnswer(a -> Mono.just(a.getArguments()[0]));
 
 		WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.filter).build();
 
@@ -219,8 +219,8 @@ public class AuthenticationWebFilterTests {
 	@Test
 	public void filterWhenConvertAndAuthenticationEmptyThenServerError() {
 		Mono<Authentication> authentication = Mono.just(new TestingAuthenticationToken("test", "this", "ROLE_USER"));
-		when(this.authenticationConverter.convert(any())).thenReturn(authentication);
-		when(this.authenticationManager.authenticate(any())).thenReturn(Mono.empty());
+		given(this.authenticationConverter.convert(any())).willReturn(authentication);
+		given(this.authenticationManager.authenticate(any())).willReturn(Mono.empty());
 
 		WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.filter).build();
 
@@ -248,10 +248,10 @@ public class AuthenticationWebFilterTests {
 	@Test
 	public void filterWhenConvertAndAuthenticationFailThenEntryPoint() {
 		Mono<Authentication> authentication = Mono.just(new TestingAuthenticationToken("test", "this", "ROLE_USER"));
-		when(this.authenticationConverter.convert(any())).thenReturn(authentication);
-		when(this.authenticationManager.authenticate(any()))
-				.thenReturn(Mono.error(new BadCredentialsException("Failed")));
-		when(this.failureHandler.onAuthenticationFailure(any(), any())).thenReturn(Mono.empty());
+		given(this.authenticationConverter.convert(any())).willReturn(authentication);
+		given(this.authenticationManager.authenticate(any()))
+				.willReturn(Mono.error(new BadCredentialsException("Failed")));
+		given(this.failureHandler.onAuthenticationFailure(any(), any())).willReturn(Mono.empty());
 
 		WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.filter).build();
 
@@ -265,8 +265,8 @@ public class AuthenticationWebFilterTests {
 	@Test
 	public void filterWhenConvertAndAuthenticationExceptionThenServerError() {
 		Mono<Authentication> authentication = Mono.just(new TestingAuthenticationToken("test", "this", "ROLE_USER"));
-		when(this.authenticationConverter.convert(any())).thenReturn(authentication);
-		when(this.authenticationManager.authenticate(any())).thenReturn(Mono.error(new RuntimeException("Failed")));
+		given(this.authenticationConverter.convert(any())).willReturn(authentication);
+		given(this.authenticationManager.authenticate(any())).willReturn(Mono.error(new RuntimeException("Failed")));
 
 		WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.filter).build();
 
diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/DelegatingServerAuthenticationSuccessHandlerTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/DelegatingServerAuthenticationSuccessHandlerTests.java
index fabf198d03..4ced5bd408 100644
--- a/web/src/test/java/org/springframework/security/web/server/authentication/DelegatingServerAuthenticationSuccessHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authentication/DelegatingServerAuthenticationSuccessHandlerTests.java
@@ -35,7 +35,7 @@ import org.springframework.security.web.server.WebFilterExchange;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.Mockito.when;
+import static org.mockito.BDDMockito.given;
 
 /**
  * @author Rob Winch
@@ -62,8 +62,8 @@ public class DelegatingServerAuthenticationSuccessHandlerTests {
 
 	@Before
 	public void setup() {
-		when(this.delegate1.onAuthenticationSuccess(any(), any())).thenReturn(this.delegate1Result.mono());
-		when(this.delegate2.onAuthenticationSuccess(any(), any())).thenReturn(this.delegate2Result.mono());
+		given(this.delegate1.onAuthenticationSuccess(any(), any())).willReturn(this.delegate1Result.mono());
+		given(this.delegate2.onAuthenticationSuccess(any(), any())).willReturn(this.delegate2Result.mono());
 	}
 
 	@Test
diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/ReactivePreAuthenticatedAuthenticationManagerTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/ReactivePreAuthenticatedAuthenticationManagerTests.java
index 65ccc44332..f5e40368dd 100644
--- a/web/src/test/java/org/springframework/security/web/server/authentication/ReactivePreAuthenticatedAuthenticationManagerTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authentication/ReactivePreAuthenticatedAuthenticationManagerTests.java
@@ -33,8 +33,8 @@ import org.springframework.security.web.authentication.preauth.PreAuthenticatedA
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.anyString;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
 
 /**
  * @author Alexey Nesterov
@@ -62,7 +62,7 @@ public class ReactivePreAuthenticatedAuthenticationManagerTests {
 
 	@Test
 	public void returnsAuthenticatedTokenForValidAccount() {
-		when(this.mockUserDetailsService.findByUsername(anyString())).thenReturn(Mono.just(this.validAccount));
+		given(this.mockUserDetailsService.findByUsername(anyString())).willReturn(Mono.just(this.validAccount));
 
 		Authentication authentication = this.manager.authenticate(tokenForUser(this.validAccount.getUsername()))
 				.block();
@@ -71,36 +71,36 @@ public class ReactivePreAuthenticatedAuthenticationManagerTests {
 
 	@Test(expected = UsernameNotFoundException.class)
 	public void returnsNullForNonExistingAccount() {
-		when(this.mockUserDetailsService.findByUsername(anyString())).thenReturn(Mono.empty());
+		given(this.mockUserDetailsService.findByUsername(anyString())).willReturn(Mono.empty());
 
 		this.manager.authenticate(tokenForUser(this.nonExistingAccount.getUsername())).block();
 	}
 
 	@Test(expected = LockedException.class)
 	public void throwsExceptionForLockedAccount() {
-		when(this.mockUserDetailsService.findByUsername(anyString())).thenReturn(Mono.just(this.lockedAccount));
+		given(this.mockUserDetailsService.findByUsername(anyString())).willReturn(Mono.just(this.lockedAccount));
 
 		this.manager.authenticate(tokenForUser(this.lockedAccount.getUsername())).block();
 	}
 
 	@Test(expected = DisabledException.class)
 	public void throwsExceptionForDisabledAccount() {
-		when(this.mockUserDetailsService.findByUsername(anyString())).thenReturn(Mono.just(this.disabledAccount));
+		given(this.mockUserDetailsService.findByUsername(anyString())).willReturn(Mono.just(this.disabledAccount));
 
 		this.manager.authenticate(tokenForUser(this.disabledAccount.getUsername())).block();
 	}
 
 	@Test(expected = AccountExpiredException.class)
 	public void throwsExceptionForExpiredAccount() {
-		when(this.mockUserDetailsService.findByUsername(anyString())).thenReturn(Mono.just(this.expiredAccount));
+		given(this.mockUserDetailsService.findByUsername(anyString())).willReturn(Mono.just(this.expiredAccount));
 
 		this.manager.authenticate(tokenForUser(this.expiredAccount.getUsername())).block();
 	}
 
 	@Test(expected = CredentialsExpiredException.class)
 	public void throwsExceptionForAccountWithExpiredCredentials() {
-		when(this.mockUserDetailsService.findByUsername(anyString()))
-				.thenReturn(Mono.just(this.accountWithExpiredCredentials));
+		given(this.mockUserDetailsService.findByUsername(anyString()))
+				.willReturn(Mono.just(this.accountWithExpiredCredentials));
 
 		this.manager.authenticate(tokenForUser(this.accountWithExpiredCredentials.getUsername())).block();
 	}
diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationEntryPointTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationEntryPointTests.java
index 6630efac28..e6b075f2ad 100644
--- a/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationEntryPointTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationEntryPointTests.java
@@ -32,7 +32,7 @@ import org.springframework.web.server.ServerWebExchange;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.Mockito.when;
+import static org.mockito.BDDMockito.given;
 
 /**
  * @author Rob Winch
@@ -82,7 +82,7 @@ public class RedirectServerAuthenticationEntryPointTests {
 	@Test
 	public void commenceWhenCustomServerRedirectStrategyThenCustomServerRedirectStrategyUsed() {
 		PublisherProbe<Void> redirectResult = PublisherProbe.empty();
-		when(this.redirectStrategy.sendRedirect(any(), any())).thenReturn(redirectResult.mono());
+		given(this.redirectStrategy.sendRedirect(any(), any())).willReturn(redirectResult.mono());
 		this.entryPoint.setRedirectStrategy(this.redirectStrategy);
 		this.exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/").build());
 
diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationFailureHandlerTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationFailureHandlerTests.java
index 9f884fb884..84b295f9ad 100644
--- a/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationFailureHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationFailureHandlerTests.java
@@ -34,7 +34,7 @@ import org.springframework.web.server.handler.DefaultWebFilterChain;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.Mockito.when;
+import static org.mockito.BDDMockito.given;
 
 /**
  * @author Rob Winch
@@ -83,7 +83,7 @@ public class RedirectServerAuthenticationFailureHandlerTests {
 	@Test
 	public void commenceWhenCustomServerRedirectStrategyThenCustomServerRedirectStrategyUsed() {
 		PublisherProbe<Void> redirectResult = PublisherProbe.empty();
-		when(this.redirectStrategy.sendRedirect(any(), any())).thenReturn(redirectResult.mono());
+		given(this.redirectStrategy.sendRedirect(any(), any())).willReturn(redirectResult.mono());
 		this.handler.setRedirectStrategy(this.redirectStrategy);
 		this.exchange = createExchange();
 
diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationSuccessHandlerTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationSuccessHandlerTests.java
index 178a18eae8..8fe06ccb91 100644
--- a/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationSuccessHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationSuccessHandlerTests.java
@@ -36,8 +36,8 @@ import org.springframework.web.server.WebFilterChain;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 
 /**
  * @author Rob Winch
@@ -91,7 +91,7 @@ public class RedirectServerAuthenticationSuccessHandlerTests {
 	@Test
 	public void successWhenCustomLocationThenCustomLocationUsed() {
 		PublisherProbe<Void> redirectResult = PublisherProbe.empty();
-		when(this.redirectStrategy.sendRedirect(any(), any())).thenReturn(redirectResult.mono());
+		given(this.redirectStrategy.sendRedirect(any(), any())).willReturn(redirectResult.mono());
 		this.handler.setRedirectStrategy(this.redirectStrategy);
 		this.exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/").build());
 
diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/ServerAuthenticationEntryPointFailureHandlerTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/ServerAuthenticationEntryPointFailureHandlerTests.java
index e7490bc5d7..23d0288917 100644
--- a/web/src/test/java/org/springframework/security/web/server/authentication/ServerAuthenticationEntryPointFailureHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authentication/ServerAuthenticationEntryPointFailureHandlerTests.java
@@ -30,7 +30,7 @@ import org.springframework.web.server.ServerWebExchange;
 import org.springframework.web.server.WebFilterChain;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.Mockito.when;
+import static org.mockito.BDDMockito.given;
 
 /**
  * @author Rob Winch
@@ -64,7 +64,7 @@ public class ServerAuthenticationEntryPointFailureHandlerTests {
 	public void onAuthenticationFailureWhenInvokedThenDelegatesToEntryPoint() {
 		Mono<Void> result = Mono.empty();
 		BadCredentialsException e = new BadCredentialsException("Failed");
-		when(this.authenticationEntryPoint.commence(this.exchange, e)).thenReturn(result);
+		given(this.authenticationEntryPoint.commence(this.exchange, e)).willReturn(result);
 
 		assertThat(this.handler.onAuthenticationFailure(this.filterExchange, e)).isEqualTo(result);
 	}
diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/ServerFormLoginAuthenticationConverterTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/ServerFormLoginAuthenticationConverterTests.java
index 623d772621..0088aa89b8 100644
--- a/web/src/test/java/org/springframework/security/web/server/authentication/ServerFormLoginAuthenticationConverterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authentication/ServerFormLoginAuthenticationConverterTests.java
@@ -29,7 +29,7 @@ import org.springframework.util.MultiValueMap;
 import org.springframework.web.server.ServerWebExchange;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.Mockito.when;
+import static org.mockito.BDDMockito.given;
 
 /**
  * @author Rob Winch
@@ -47,7 +47,7 @@ public class ServerFormLoginAuthenticationConverterTests {
 
 	@Before
 	public void setup() {
-		when(this.exchange.getFormData()).thenReturn(Mono.just(this.data));
+		given(this.exchange.getFormData()).willReturn(Mono.just(this.data));
 	}
 
 	@Test
diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/ServerX509AuthenticationConverterTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/ServerX509AuthenticationConverterTests.java
index 02dd8c067f..6e5d2e83db 100644
--- a/web/src/test/java/org/springframework/security/web/server/authentication/ServerX509AuthenticationConverterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authentication/ServerX509AuthenticationConverterTests.java
@@ -34,7 +34,7 @@ import org.springframework.security.web.authentication.preauth.x509.X509TestUtil
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.Mockito.when;
+import static org.mockito.BDDMockito.given;
 
 @RunWith(MockitoJUnitRunner.class)
 public class ServerX509AuthenticationConverterTests {
@@ -54,7 +54,7 @@ public class ServerX509AuthenticationConverterTests {
 		this.request = MockServerHttpRequest.get("/");
 
 		this.certificate = X509TestUtils.buildTestCertificate();
-		when(this.principalExtractor.extractPrincipal(any())).thenReturn("Luke Taylor");
+		given(this.principalExtractor.extractPrincipal(any())).willReturn("Luke Taylor");
 	}
 
 	@Test
diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/SwitchUserWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/SwitchUserWebFilterTests.java
index 0787ccf4fa..aad5b64049 100644
--- a/web/src/test/java/org/springframework/security/web/server/authentication/SwitchUserWebFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authentication/SwitchUserWebFilterTests.java
@@ -57,10 +57,10 @@ import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.fail;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.verifyNoInteractions;
-import static org.mockito.Mockito.when;
 import static org.springframework.security.core.context.ReactiveSecurityContextHolder.withSecurityContext;
 import static org.springframework.security.web.server.authentication.SwitchUserWebFilter.ROLE_PREVIOUS_ADMINISTRATOR;
 
@@ -100,7 +100,7 @@ public class SwitchUserWebFilterTests {
 		MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.post("/not/existing"));
 
 		WebFilterChain chain = mock(WebFilterChain.class);
-		when(chain.filter(exchange)).thenReturn(Mono.empty());
+		given(chain.filter(exchange)).willReturn(Mono.empty());
 
 		// when
 		this.switchUserWebFilter.filter(exchange, chain).block();
@@ -128,11 +128,11 @@ public class SwitchUserWebFilterTests {
 				"credentials");
 		final SecurityContextImpl securityContext = new SecurityContextImpl(originalAuthentication);
 
-		when(this.userDetailsService.findByUsername(targetUsername)).thenReturn(Mono.just(switchUserDetails));
-		when(this.serverSecurityContextRepository.save(eq(exchange), any(SecurityContext.class)))
-				.thenReturn(Mono.empty());
-		when(this.successHandler.onAuthenticationSuccess(any(WebFilterExchange.class), any(Authentication.class)))
-				.thenReturn(Mono.empty());
+		given(this.userDetailsService.findByUsername(targetUsername)).willReturn(Mono.just(switchUserDetails));
+		given(this.serverSecurityContextRepository.save(eq(exchange), any(SecurityContext.class)))
+				.willReturn(Mono.empty());
+		given(this.successHandler.onAuthenticationSuccess(any(WebFilterExchange.class), any(Authentication.class)))
+				.willReturn(Mono.empty());
 
 		// when
 		this.switchUserWebFilter.filter(exchange, chain)
@@ -182,12 +182,12 @@ public class SwitchUserWebFilterTests {
 
 		final WebFilterChain chain = mock(WebFilterChain.class);
 
-		when(this.serverSecurityContextRepository.save(eq(exchange), any(SecurityContext.class)))
-				.thenReturn(Mono.empty());
-		when(this.successHandler.onAuthenticationSuccess(any(WebFilterExchange.class), any(Authentication.class)))
-				.thenReturn(Mono.empty());
-		when(this.userDetailsService.findByUsername(targetUsername))
-				.thenReturn(Mono.just(switchUserDetails(targetUsername, true)));
+		given(this.serverSecurityContextRepository.save(eq(exchange), any(SecurityContext.class)))
+				.willReturn(Mono.empty());
+		given(this.successHandler.onAuthenticationSuccess(any(WebFilterExchange.class), any(Authentication.class)))
+				.willReturn(Mono.empty());
+		given(this.userDetailsService.findByUsername(targetUsername))
+				.willReturn(Mono.just(switchUserDetails(targetUsername, true)));
 
 		// when
 		this.switchUserWebFilter.filter(exchange, chain)
@@ -235,9 +235,9 @@ public class SwitchUserWebFilterTests {
 		final SecurityContextImpl securityContext = new SecurityContextImpl(mock(Authentication.class));
 
 		final UserDetails switchUserDetails = switchUserDetails(targetUsername, false);
-		when(this.userDetailsService.findByUsername(any(String.class))).thenReturn(Mono.just(switchUserDetails));
-		when(this.failureHandler.onAuthenticationFailure(any(WebFilterExchange.class), any(DisabledException.class)))
-				.thenReturn(Mono.empty());
+		given(this.userDetailsService.findByUsername(any(String.class))).willReturn(Mono.just(switchUserDetails));
+		given(this.failureHandler.onAuthenticationFailure(any(WebFilterExchange.class), any(DisabledException.class)))
+				.willReturn(Mono.empty());
 
 		// when
 		this.switchUserWebFilter.filter(exchange, chain)
@@ -260,7 +260,7 @@ public class SwitchUserWebFilterTests {
 		final SecurityContextImpl securityContext = new SecurityContextImpl(mock(Authentication.class));
 
 		final UserDetails switchUserDetails = switchUserDetails(targetUsername, false);
-		when(this.userDetailsService.findByUsername(any(String.class))).thenReturn(Mono.just(switchUserDetails));
+		given(this.userDetailsService.findByUsername(any(String.class))).willReturn(Mono.just(switchUserDetails));
 
 		this.exceptionRule.expect(DisabledException.class);
 
@@ -287,10 +287,10 @@ public class SwitchUserWebFilterTests {
 		final WebFilterChain chain = mock(WebFilterChain.class);
 		final SecurityContextImpl securityContext = new SecurityContextImpl(switchUserAuthentication);
 
-		when(this.serverSecurityContextRepository.save(eq(exchange), any(SecurityContext.class)))
-				.thenReturn(Mono.empty());
-		when(this.successHandler.onAuthenticationSuccess(any(WebFilterExchange.class), any(Authentication.class)))
-				.thenReturn(Mono.empty());
+		given(this.serverSecurityContextRepository.save(eq(exchange), any(SecurityContext.class)))
+				.willReturn(Mono.empty());
+		given(this.successHandler.onAuthenticationSuccess(any(WebFilterExchange.class), any(Authentication.class)))
+				.willReturn(Mono.empty());
 
 		// when
 		this.switchUserWebFilter.filter(exchange, chain)
diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/logout/DelegatingServerLogoutHandlerTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/logout/DelegatingServerLogoutHandlerTests.java
index 1d0b697926..e531624c8e 100644
--- a/web/src/test/java/org/springframework/security/web/server/authentication/logout/DelegatingServerLogoutHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authentication/logout/DelegatingServerLogoutHandlerTests.java
@@ -36,7 +36,7 @@ import org.springframework.security.web.server.WebFilterExchange;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.Mockito.when;
+import static org.mockito.BDDMockito.given;
 
 /**
  * @author Eric Deandrea
@@ -63,10 +63,10 @@ public class DelegatingServerLogoutHandlerTests {
 
 	@Before
 	public void setup() {
-		when(this.delegate1.logout(any(WebFilterExchange.class), any(Authentication.class)))
-				.thenReturn(this.delegate1Result.mono());
-		when(this.delegate2.logout(any(WebFilterExchange.class), any(Authentication.class)))
-				.thenReturn(this.delegate2Result.mono());
+		given(this.delegate1.logout(any(WebFilterExchange.class), any(Authentication.class)))
+				.willReturn(this.delegate1Result.mono());
+		given(this.delegate2.logout(any(WebFilterExchange.class), any(Authentication.class)))
+				.willReturn(this.delegate2Result.mono());
 	}
 
 	@Test
diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/logout/HeaderWriterServerLogoutHandlerTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/logout/HeaderWriterServerLogoutHandlerTests.java
index 0989750a2f..083bc7f105 100644
--- a/web/src/test/java/org/springframework/security/web/server/authentication/logout/HeaderWriterServerLogoutHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authentication/logout/HeaderWriterServerLogoutHandlerTests.java
@@ -23,9 +23,9 @@ import org.springframework.security.web.server.header.ServerHttpHeadersWriter;
 import org.springframework.web.server.ServerWebExchange;
 
 import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 
 /**
  * @author MD Sayem Ahmed
@@ -45,7 +45,7 @@ public class HeaderWriterServerLogoutHandlerTests {
 		HeaderWriterServerLogoutHandler handler = new HeaderWriterServerLogoutHandler(headersWriter);
 		ServerWebExchange serverWebExchange = mock(ServerWebExchange.class);
 		WebFilterExchange filterExchange = mock(WebFilterExchange.class);
-		when(filterExchange.getExchange()).thenReturn(serverWebExchange);
+		given(filterExchange.getExchange()).willReturn(serverWebExchange);
 		Authentication authentication = mock(Authentication.class);
 
 		handler.logout(filterExchange, authentication);
diff --git a/web/src/test/java/org/springframework/security/web/server/authorization/AuthorizationWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/authorization/AuthorizationWebFilterTests.java
index 1b4771e78f..a35a1d5215 100644
--- a/web/src/test/java/org/springframework/security/web/server/authorization/AuthorizationWebFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authorization/AuthorizationWebFilterTests.java
@@ -33,7 +33,7 @@ import org.springframework.security.core.context.SecurityContextImpl;
 import org.springframework.web.server.ServerWebExchange;
 import org.springframework.web.server.WebFilterChain;
 
-import static org.mockito.Mockito.when;
+import static org.mockito.BDDMockito.given;
 
 /**
  * @author Rob Winch
@@ -52,7 +52,7 @@ public class AuthorizationWebFilterTests {
 
 	@Test
 	public void filterWhenNoSecurityContextThenThrowsAccessDenied() {
-		when(this.chain.filter(this.exchange)).thenReturn(this.chainResult.mono());
+		given(this.chain.filter(this.exchange)).willReturn(this.chainResult.mono());
 		AuthorizationWebFilter filter = new AuthorizationWebFilter(
 				(a, e) -> Mono.error(new AccessDeniedException("Denied")));
 
@@ -64,7 +64,7 @@ public class AuthorizationWebFilterTests {
 
 	@Test
 	public void filterWhenNoAuthenticationThenThrowsAccessDenied() {
-		when(this.chain.filter(this.exchange)).thenReturn(this.chainResult.mono());
+		given(this.chain.filter(this.exchange)).willReturn(this.chainResult.mono());
 		AuthorizationWebFilter filter = new AuthorizationWebFilter(
 				(a, e) -> a.flatMap(auth -> Mono.error(new AccessDeniedException("Denied"))));
 
@@ -77,7 +77,7 @@ public class AuthorizationWebFilterTests {
 
 	@Test
 	public void filterWhenAuthenticationThenThrowsAccessDenied() {
-		when(this.chain.filter(this.exchange)).thenReturn(this.chainResult.mono());
+		given(this.chain.filter(this.exchange)).willReturn(this.chainResult.mono());
 		AuthorizationWebFilter filter = new AuthorizationWebFilter(
 				(a, e) -> Mono.error(new AccessDeniedException("Denied")));
 
@@ -91,7 +91,7 @@ public class AuthorizationWebFilterTests {
 	@Test
 	public void filterWhenDoesNotAccessAuthenticationThenSecurityContextNotSubscribed() {
 		PublisherProbe<SecurityContext> context = PublisherProbe.empty();
-		when(this.chain.filter(this.exchange)).thenReturn(this.chainResult.mono());
+		given(this.chain.filter(this.exchange)).willReturn(this.chainResult.mono());
 		AuthorizationWebFilter filter = new AuthorizationWebFilter(
 				(a, e) -> Mono.error(new AccessDeniedException("Denied")));
 
@@ -106,7 +106,7 @@ public class AuthorizationWebFilterTests {
 	@Test
 	public void filterWhenGrantedAndDoesNotAccessAuthenticationThenChainSubscribedAndSecurityContextNotSubscribed() {
 		PublisherProbe<SecurityContext> context = PublisherProbe.empty();
-		when(this.chain.filter(this.exchange)).thenReturn(this.chainResult.mono());
+		given(this.chain.filter(this.exchange)).willReturn(this.chainResult.mono());
 		AuthorizationWebFilter filter = new AuthorizationWebFilter(
 				(a, e) -> Mono.just(new AuthorizationDecision(true)));
 
@@ -121,7 +121,7 @@ public class AuthorizationWebFilterTests {
 	@Test
 	public void filterWhenGrantedAndDoeAccessAuthenticationThenChainSubscribedAndSecurityContextSubscribed() {
 		PublisherProbe<SecurityContext> context = PublisherProbe.empty();
-		when(this.chain.filter(this.exchange)).thenReturn(this.chainResult.mono());
+		given(this.chain.filter(this.exchange)).willReturn(this.chainResult.mono());
 		AuthorizationWebFilter filter = new AuthorizationWebFilter((a, e) -> a
 				.map(auth -> new AuthorizationDecision(true)).defaultIfEmpty(new AuthorizationDecision(true)));
 
diff --git a/web/src/test/java/org/springframework/security/web/server/authorization/DelegatingReactiveAuthorizationManagerTests.java b/web/src/test/java/org/springframework/security/web/server/authorization/DelegatingReactiveAuthorizationManagerTests.java
index fd51b46a10..ec9056cd2f 100644
--- a/web/src/test/java/org/springframework/security/web/server/authorization/DelegatingReactiveAuthorizationManagerTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authorization/DelegatingReactiveAuthorizationManagerTests.java
@@ -33,8 +33,8 @@ import org.springframework.web.server.ServerWebExchange;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.verifyZeroInteractions;
-import static org.mockito.Mockito.when;
 
 /**
  * @author Rob Winch
@@ -75,9 +75,9 @@ public class DelegatingReactiveAuthorizationManagerTests {
 
 	@Test
 	public void checkWhenFirstMatchesThenNoMoreMatchersAndNoMoreDelegatesInvoked() {
-		when(this.match1.matches(any())).thenReturn(ServerWebExchangeMatcher.MatchResult.match());
-		when(this.delegate1.check(eq(this.authentication), any(AuthorizationContext.class)))
-				.thenReturn(Mono.just(this.decision));
+		given(this.match1.matches(any())).willReturn(ServerWebExchangeMatcher.MatchResult.match());
+		given(this.delegate1.check(eq(this.authentication), any(AuthorizationContext.class)))
+				.willReturn(Mono.just(this.decision));
 
 		assertThat(this.manager.check(this.authentication, this.exchange).block()).isEqualTo(this.decision);
 
@@ -86,10 +86,10 @@ public class DelegatingReactiveAuthorizationManagerTests {
 
 	@Test
 	public void checkWhenSecondMatchesThenNoMoreMatchersAndNoMoreDelegatesInvoked() {
-		when(this.match1.matches(any())).thenReturn(ServerWebExchangeMatcher.MatchResult.notMatch());
-		when(this.match2.matches(any())).thenReturn(ServerWebExchangeMatcher.MatchResult.match());
-		when(this.delegate2.check(eq(this.authentication), any(AuthorizationContext.class)))
-				.thenReturn(Mono.just(this.decision));
+		given(this.match1.matches(any())).willReturn(ServerWebExchangeMatcher.MatchResult.notMatch());
+		given(this.match2.matches(any())).willReturn(ServerWebExchangeMatcher.MatchResult.match());
+		given(this.delegate2.check(eq(this.authentication), any(AuthorizationContext.class)))
+				.willReturn(Mono.just(this.decision));
 
 		assertThat(this.manager.check(this.authentication, this.exchange).block()).isEqualTo(this.decision);
 
diff --git a/web/src/test/java/org/springframework/security/web/server/authorization/ExceptionTranslationWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/authorization/ExceptionTranslationWebFilterTests.java
index 8995ae1a4e..79ae02cbc2 100644
--- a/web/src/test/java/org/springframework/security/web/server/authorization/ExceptionTranslationWebFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authorization/ExceptionTranslationWebFilterTests.java
@@ -36,7 +36,7 @@ import org.springframework.web.server.WebFilterChain;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.Mockito.when;
+import static org.mockito.BDDMockito.given;
 
 /**
  * @author Rob Winch
@@ -68,9 +68,9 @@ public class ExceptionTranslationWebFilterTests {
 
 	@Before
 	public void setup() {
-		when(this.exchange.getResponse()).thenReturn(new MockServerHttpResponse());
-		when(this.deniedHandler.handle(any(), any())).thenReturn(this.deniedPublisher.mono());
-		when(this.entryPoint.commence(any(), any())).thenReturn(this.entryPointPublisher.mono());
+		given(this.exchange.getResponse()).willReturn(new MockServerHttpResponse());
+		given(this.deniedHandler.handle(any(), any())).willReturn(this.deniedPublisher.mono());
+		given(this.entryPoint.commence(any(), any())).willReturn(this.entryPointPublisher.mono());
 
 		this.filter.setAuthenticationEntryPoint(this.entryPoint);
 		this.filter.setAccessDeniedHandler(this.deniedHandler);
@@ -78,7 +78,7 @@ public class ExceptionTranslationWebFilterTests {
 
 	@Test
 	public void filterWhenNoExceptionThenNotHandled() {
-		when(this.chain.filter(this.exchange)).thenReturn(Mono.empty());
+		given(this.chain.filter(this.exchange)).willReturn(Mono.empty());
 
 		StepVerifier.create(this.filter.filter(this.exchange, this.chain)).expectComplete().verify();
 
@@ -88,7 +88,7 @@ public class ExceptionTranslationWebFilterTests {
 
 	@Test
 	public void filterWhenNotAccessDeniedExceptionThenNotHandled() {
-		when(this.chain.filter(this.exchange)).thenReturn(Mono.error(new IllegalArgumentException("oops")));
+		given(this.chain.filter(this.exchange)).willReturn(Mono.error(new IllegalArgumentException("oops")));
 
 		StepVerifier.create(this.filter.filter(this.exchange, this.chain)).expectError(IllegalArgumentException.class)
 				.verify();
@@ -99,8 +99,8 @@ public class ExceptionTranslationWebFilterTests {
 
 	@Test
 	public void filterWhenAccessDeniedExceptionAndNotAuthenticatedThenHandled() {
-		when(this.exchange.getPrincipal()).thenReturn(Mono.empty());
-		when(this.chain.filter(this.exchange)).thenReturn(Mono.error(new AccessDeniedException("Not Authorized")));
+		given(this.exchange.getPrincipal()).willReturn(Mono.empty());
+		given(this.chain.filter(this.exchange)).willReturn(Mono.error(new AccessDeniedException("Not Authorized")));
 
 		StepVerifier.create(this.filter.filter(this.exchange, this.chain)).verifyComplete();
 
@@ -111,8 +111,8 @@ public class ExceptionTranslationWebFilterTests {
 	@Test
 	public void filterWhenDefaultsAndAccessDeniedExceptionAndAuthenticatedThenForbidden() {
 		this.filter = new ExceptionTranslationWebFilter();
-		when(this.exchange.getPrincipal()).thenReturn(Mono.just(this.principal));
-		when(this.chain.filter(this.exchange)).thenReturn(Mono.error(new AccessDeniedException("Not Authorized")));
+		given(this.exchange.getPrincipal()).willReturn(Mono.just(this.principal));
+		given(this.chain.filter(this.exchange)).willReturn(Mono.error(new AccessDeniedException("Not Authorized")));
 
 		StepVerifier.create(this.filter.filter(this.exchange, this.chain)).expectComplete().verify();
 
@@ -122,8 +122,8 @@ public class ExceptionTranslationWebFilterTests {
 	@Test
 	public void filterWhenDefaultsAndAccessDeniedExceptionAndNotAuthenticatedThenUnauthorized() {
 		this.filter = new ExceptionTranslationWebFilter();
-		when(this.exchange.getPrincipal()).thenReturn(Mono.empty());
-		when(this.chain.filter(this.exchange)).thenReturn(Mono.error(new AccessDeniedException("Not Authorized")));
+		given(this.exchange.getPrincipal()).willReturn(Mono.empty());
+		given(this.chain.filter(this.exchange)).willReturn(Mono.error(new AccessDeniedException("Not Authorized")));
 
 		StepVerifier.create(this.filter.filter(this.exchange, this.chain)).expectComplete().verify();
 
@@ -132,8 +132,8 @@ public class ExceptionTranslationWebFilterTests {
 
 	@Test
 	public void filterWhenAccessDeniedExceptionAndAuthenticatedThenHandled() {
-		when(this.exchange.getPrincipal()).thenReturn(Mono.just(this.principal));
-		when(this.chain.filter(this.exchange)).thenReturn(Mono.error(new AccessDeniedException("Not Authorized")));
+		given(this.exchange.getPrincipal()).willReturn(Mono.just(this.principal));
+		given(this.chain.filter(this.exchange)).willReturn(Mono.error(new AccessDeniedException("Not Authorized")));
 
 		StepVerifier.create(this.filter.filter(this.exchange, this.chain)).expectComplete().verify();
 
diff --git a/web/src/test/java/org/springframework/security/web/server/authorization/ServerWebExchangeDelegatingServerAccessDeniedHandlerTests.java b/web/src/test/java/org/springframework/security/web/server/authorization/ServerWebExchangeDelegatingServerAccessDeniedHandlerTests.java
index 4d5ae38707..da71f648a6 100644
--- a/web/src/test/java/org/springframework/security/web/server/authorization/ServerWebExchangeDelegatingServerAccessDeniedHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authorization/ServerWebExchangeDelegatingServerAccessDeniedHandlerTests.java
@@ -27,10 +27,10 @@ import org.springframework.security.web.server.authorization.ServerWebExchangeDe
 import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher;
 import org.springframework.web.server.ServerWebExchange;
 
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.never;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 import static org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher.MatchResult.match;
 import static org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher.MatchResult.notMatch;
 
@@ -55,9 +55,9 @@ public class ServerWebExchangeDelegatingServerAccessDeniedHandlerTests {
 	public void handleWhenNothingMatchesThenOnlyDefaultHandlerInvoked() {
 		ServerAccessDeniedHandler handler = mock(ServerAccessDeniedHandler.class);
 		ServerWebExchangeMatcher matcher = mock(ServerWebExchangeMatcher.class);
-		when(matcher.matches(this.exchange)).thenReturn(notMatch());
-		when(handler.handle(this.exchange, null)).thenReturn(Mono.empty());
-		when(this.accessDeniedHandler.handle(this.exchange, null)).thenReturn(Mono.empty());
+		given(matcher.matches(this.exchange)).willReturn(notMatch());
+		given(handler.handle(this.exchange, null)).willReturn(Mono.empty());
+		given(this.accessDeniedHandler.handle(this.exchange, null)).willReturn(Mono.empty());
 
 		this.entries.add(new DelegateEntry(matcher, handler));
 		this.delegator = new ServerWebExchangeDelegatingServerAccessDeniedHandler(this.entries);
@@ -75,9 +75,9 @@ public class ServerWebExchangeDelegatingServerAccessDeniedHandlerTests {
 		ServerWebExchangeMatcher firstMatcher = mock(ServerWebExchangeMatcher.class);
 		ServerAccessDeniedHandler secondHandler = mock(ServerAccessDeniedHandler.class);
 		ServerWebExchangeMatcher secondMatcher = mock(ServerWebExchangeMatcher.class);
-		when(firstMatcher.matches(this.exchange)).thenReturn(match());
-		when(firstHandler.handle(this.exchange, null)).thenReturn(Mono.empty());
-		when(secondHandler.handle(this.exchange, null)).thenReturn(Mono.empty());
+		given(firstMatcher.matches(this.exchange)).willReturn(match());
+		given(firstHandler.handle(this.exchange, null)).willReturn(Mono.empty());
+		given(secondHandler.handle(this.exchange, null)).willReturn(Mono.empty());
 
 		this.entries.add(new DelegateEntry(firstMatcher, firstHandler));
 		this.entries.add(new DelegateEntry(secondMatcher, secondHandler));
@@ -98,10 +98,10 @@ public class ServerWebExchangeDelegatingServerAccessDeniedHandlerTests {
 		ServerWebExchangeMatcher firstMatcher = mock(ServerWebExchangeMatcher.class);
 		ServerAccessDeniedHandler secondHandler = mock(ServerAccessDeniedHandler.class);
 		ServerWebExchangeMatcher secondMatcher = mock(ServerWebExchangeMatcher.class);
-		when(firstMatcher.matches(this.exchange)).thenReturn(notMatch());
-		when(secondMatcher.matches(this.exchange)).thenReturn(match());
-		when(firstHandler.handle(this.exchange, null)).thenReturn(Mono.empty());
-		when(secondHandler.handle(this.exchange, null)).thenReturn(Mono.empty());
+		given(firstMatcher.matches(this.exchange)).willReturn(notMatch());
+		given(secondMatcher.matches(this.exchange)).willReturn(match());
+		given(firstHandler.handle(this.exchange, null)).willReturn(Mono.empty());
+		given(secondHandler.handle(this.exchange, null)).willReturn(Mono.empty());
 
 		this.entries.add(new DelegateEntry(firstMatcher, firstHandler));
 		this.entries.add(new DelegateEntry(secondMatcher, secondHandler));
diff --git a/web/src/test/java/org/springframework/security/web/server/context/ReactorContextWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/context/ReactorContextWebFilterTests.java
index 29b19d2654..0f3024dd7f 100644
--- a/web/src/test/java/org/springframework/security/web/server/context/ReactorContextWebFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/context/ReactorContextWebFilterTests.java
@@ -39,7 +39,7 @@ import org.springframework.web.server.handler.DefaultWebFilterChain;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.Mockito.when;
+import static org.mockito.BDDMockito.given;
 
 /**
  * @author Rob Winch
@@ -66,7 +66,7 @@ public class ReactorContextWebFilterTests {
 	public void setup() {
 		this.filter = new ReactorContextWebFilter(this.repository);
 		this.handler = WebTestHandler.bindToWebFilters(this.filter);
-		when(this.repository.load(any())).thenReturn(this.securityContext.mono());
+		given(this.repository.load(any())).willReturn(this.securityContext.mono());
 	}
 
 	@Test(expected = IllegalArgumentException.class)
@@ -97,7 +97,7 @@ public class ReactorContextWebFilterTests {
 	@Test
 	public void filterWhenPrincipalAndGetPrincipalThenInteractAndUseOriginalPrincipal() {
 		SecurityContextImpl context = new SecurityContextImpl(this.principal);
-		when(this.repository.load(any())).thenReturn(Mono.just(context));
+		given(this.repository.load(any())).willReturn(Mono.just(context));
 		this.handler = WebTestHandler.bindToWebFilters(this.filter,
 				(e, c) -> ReactiveSecurityContextHolder.getContext().map(SecurityContext::getAuthentication)
 						.doOnSuccess(p -> assertThat(p).isSameAs(this.principal)).flatMap(p -> c.filter(e)));
diff --git a/web/src/test/java/org/springframework/security/web/server/csrf/CsrfServerLogoutHandlerTests.java b/web/src/test/java/org/springframework/security/web/server/csrf/CsrfServerLogoutHandlerTests.java
index 0c7a38378e..f48c29295e 100644
--- a/web/src/test/java/org/springframework/security/web/server/csrf/CsrfServerLogoutHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/csrf/CsrfServerLogoutHandlerTests.java
@@ -29,8 +29,8 @@ import org.springframework.security.web.server.WebFilterExchange;
 import org.springframework.web.server.WebFilterChain;
 
 import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 
 /**
  * @author Eric Deandrea
@@ -56,7 +56,7 @@ public class CsrfServerLogoutHandlerTests {
 		this.exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/").build());
 		this.filterExchange = new WebFilterExchange(this.exchange, this.filterChain);
 		this.handler = new CsrfServerLogoutHandler(this.csrfTokenRepository);
-		when(this.csrfTokenRepository.saveToken(this.exchange, null)).thenReturn(Mono.empty());
+		given(this.csrfTokenRepository.saveToken(this.exchange, null)).willReturn(Mono.empty());
 	}
 
 	@Test
diff --git a/web/src/test/java/org/springframework/security/web/server/csrf/CsrfWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/csrf/CsrfWebFilterTests.java
index 4f440ff8bc..d301f227e2 100644
--- a/web/src/test/java/org/springframework/security/web/server/csrf/CsrfWebFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/csrf/CsrfWebFilterTests.java
@@ -40,9 +40,9 @@ import org.springframework.web.server.WebSession;
 import static org.assertj.core.api.AssertionsForClassTypes.assertThat;
 import static org.assertj.core.api.AssertionsForInterfaceTypes.assertThat;
 import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verifyZeroInteractions;
-import static org.mockito.Mockito.when;
 import static org.springframework.mock.web.server.MockServerWebExchange.from;
 import static org.springframework.web.reactive.function.BodyInserters.fromMultipartData;
 
@@ -71,7 +71,7 @@ public class CsrfWebFilterTests {
 	@Test
 	public void filterWhenGetThenSessionNotCreatedAndChainContinues() {
 		PublisherProbe<Void> chainResult = PublisherProbe.empty();
-		when(this.chain.filter(this.get)).thenReturn(chainResult.mono());
+		given(this.chain.filter(this.get)).willReturn(chainResult.mono());
 
 		Mono<Void> result = this.csrfFilter.filter(this.get, this.chain);
 
@@ -95,7 +95,7 @@ public class CsrfWebFilterTests {
 	@Test
 	public void filterWhenPostAndEstablishedCsrfTokenAndRequestMissingTokenThenCsrfException() {
 		this.csrfFilter.setCsrfTokenRepository(this.repository);
-		when(this.repository.loadToken(any())).thenReturn(Mono.just(this.token));
+		given(this.repository.loadToken(any())).willReturn(Mono.just(this.token));
 
 		Mono<Void> result = this.csrfFilter.filter(this.post, this.chain);
 
@@ -107,7 +107,7 @@ public class CsrfWebFilterTests {
 	@Test
 	public void filterWhenPostAndEstablishedCsrfTokenAndRequestParamInvalidTokenThenCsrfException() {
 		this.csrfFilter.setCsrfTokenRepository(this.repository);
-		when(this.repository.loadToken(any())).thenReturn(Mono.just(this.token));
+		given(this.repository.loadToken(any())).willReturn(Mono.just(this.token));
 		this.post = from(MockServerHttpRequest.post("/")
 				.body(this.token.getParameterName() + "=" + this.token.getToken() + "INVALID"));
 
@@ -121,11 +121,11 @@ public class CsrfWebFilterTests {
 	@Test
 	public void filterWhenPostAndEstablishedCsrfTokenAndRequestParamValidTokenThenContinues() {
 		PublisherProbe<Void> chainResult = PublisherProbe.empty();
-		when(this.chain.filter(any())).thenReturn(chainResult.mono());
+		given(this.chain.filter(any())).willReturn(chainResult.mono());
 
 		this.csrfFilter.setCsrfTokenRepository(this.repository);
-		when(this.repository.loadToken(any())).thenReturn(Mono.just(this.token));
-		when(this.repository.generateToken(any())).thenReturn(Mono.just(this.token));
+		given(this.repository.loadToken(any())).willReturn(Mono.just(this.token));
+		given(this.repository.generateToken(any())).willReturn(Mono.just(this.token));
 		this.post = from(MockServerHttpRequest.post("/").contentType(MediaType.APPLICATION_FORM_URLENCODED)
 				.body(this.token.getParameterName() + "=" + this.token.getToken()));
 
@@ -139,7 +139,7 @@ public class CsrfWebFilterTests {
 	@Test
 	public void filterWhenPostAndEstablishedCsrfTokenAndHeaderInvalidTokenThenCsrfException() {
 		this.csrfFilter.setCsrfTokenRepository(this.repository);
-		when(this.repository.loadToken(any())).thenReturn(Mono.just(this.token));
+		given(this.repository.loadToken(any())).willReturn(Mono.just(this.token));
 		this.post = from(
 				MockServerHttpRequest.post("/").header(this.token.getHeaderName(), this.token.getToken() + "INVALID"));
 
@@ -153,11 +153,11 @@ public class CsrfWebFilterTests {
 	@Test
 	public void filterWhenPostAndEstablishedCsrfTokenAndHeaderValidTokenThenContinues() {
 		PublisherProbe<Void> chainResult = PublisherProbe.empty();
-		when(this.chain.filter(any())).thenReturn(chainResult.mono());
+		given(this.chain.filter(any())).willReturn(chainResult.mono());
 
 		this.csrfFilter.setCsrfTokenRepository(this.repository);
-		when(this.repository.loadToken(any())).thenReturn(Mono.just(this.token));
-		when(this.repository.generateToken(any())).thenReturn(Mono.just(this.token));
+		given(this.repository.loadToken(any())).willReturn(Mono.just(this.token));
+		given(this.repository.generateToken(any())).willReturn(Mono.just(this.token));
 		this.post = from(MockServerHttpRequest.post("/").header(this.token.getHeaderName(), this.token.getToken()));
 
 		Mono<Void> result = this.csrfFilter.filter(this.post, this.chain);
@@ -181,7 +181,7 @@ public class CsrfWebFilterTests {
 	@Test
 	public void doFilterWhenSkipExchangeInvokedThenSkips() {
 		PublisherProbe<Void> chainResult = PublisherProbe.empty();
-		when(this.chain.filter(any())).thenReturn(chainResult.mono());
+		given(this.chain.filter(any())).willReturn(chainResult.mono());
 
 		ServerWebExchangeMatcher matcher = mock(ServerWebExchangeMatcher.class);
 		this.csrfFilter.setRequireCsrfProtectionMatcher(matcher);
@@ -196,7 +196,7 @@ public class CsrfWebFilterTests {
 	@Test
 	public void filterWhenMultipartFormDataAndNotEnabledThenDenied() {
 		this.csrfFilter.setCsrfTokenRepository(this.repository);
-		when(this.repository.loadToken(any())).thenReturn(Mono.just(this.token));
+		given(this.repository.loadToken(any())).willReturn(Mono.just(this.token));
 
 		WebTestClient client = WebTestClient.bindToController(new OkController()).webFilter(this.csrfFilter).build();
 
@@ -209,8 +209,8 @@ public class CsrfWebFilterTests {
 	public void filterWhenMultipartFormDataAndEnabledThenGranted() {
 		this.csrfFilter.setCsrfTokenRepository(this.repository);
 		this.csrfFilter.setTokenFromMultipartDataEnabled(true);
-		when(this.repository.loadToken(any())).thenReturn(Mono.just(this.token));
-		when(this.repository.generateToken(any())).thenReturn(Mono.just(this.token));
+		given(this.repository.loadToken(any())).willReturn(Mono.just(this.token));
+		given(this.repository.generateToken(any())).willReturn(Mono.just(this.token));
 
 		WebTestClient client = WebTestClient.bindToController(new OkController()).webFilter(this.csrfFilter).build();
 
@@ -223,8 +223,8 @@ public class CsrfWebFilterTests {
 	public void filterWhenFormDataAndEnabledThenGranted() {
 		this.csrfFilter.setCsrfTokenRepository(this.repository);
 		this.csrfFilter.setTokenFromMultipartDataEnabled(true);
-		when(this.repository.loadToken(any())).thenReturn(Mono.just(this.token));
-		when(this.repository.generateToken(any())).thenReturn(Mono.just(this.token));
+		given(this.repository.loadToken(any())).willReturn(Mono.just(this.token));
+		given(this.repository.generateToken(any())).willReturn(Mono.just(this.token));
 
 		WebTestClient client = WebTestClient.bindToController(new OkController()).webFilter(this.csrfFilter).build();
 
@@ -237,7 +237,7 @@ public class CsrfWebFilterTests {
 	public void filterWhenMultipartMixedAndEnabledThenNotRead() {
 		this.csrfFilter.setCsrfTokenRepository(this.repository);
 		this.csrfFilter.setTokenFromMultipartDataEnabled(true);
-		when(this.repository.loadToken(any())).thenReturn(Mono.just(this.token));
+		given(this.repository.loadToken(any())).willReturn(Mono.just(this.token));
 
 		WebTestClient client = WebTestClient.bindToController(new OkController()).webFilter(this.csrfFilter).build();
 
diff --git a/web/src/test/java/org/springframework/security/web/server/header/CompositeServerHttpHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/server/header/CompositeServerHttpHeadersWriterTests.java
index 2c442bde7a..b49441fa89 100644
--- a/web/src/test/java/org/springframework/security/web/server/header/CompositeServerHttpHeadersWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/header/CompositeServerHttpHeadersWriterTests.java
@@ -34,8 +34,8 @@ import org.springframework.mock.web.server.MockServerWebExchange;
 import org.springframework.web.server.ServerWebExchange;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 
 /**
  * @author Rob Winch
@@ -61,7 +61,7 @@ public class CompositeServerHttpHeadersWriterTests {
 
 	@Test
 	public void writeHttpHeadersWhenErrorNoErrorThenError() {
-		when(this.writer1.writeHttpHeaders(this.exchange)).thenReturn(Mono.error(new RuntimeException()));
+		given(this.writer1.writeHttpHeaders(this.exchange)).willReturn(Mono.error(new RuntimeException()));
 
 		Mono<Void> result = this.writer.writeHttpHeaders(this.exchange);
 
@@ -72,7 +72,7 @@ public class CompositeServerHttpHeadersWriterTests {
 
 	@Test
 	public void writeHttpHeadersWhenErrorErrorThenError() {
-		when(this.writer1.writeHttpHeaders(this.exchange)).thenReturn(Mono.error(new RuntimeException()));
+		given(this.writer1.writeHttpHeaders(this.exchange)).willReturn(Mono.error(new RuntimeException()));
 
 		Mono<Void> result = this.writer.writeHttpHeaders(this.exchange);
 
@@ -83,8 +83,8 @@ public class CompositeServerHttpHeadersWriterTests {
 
 	@Test
 	public void writeHttpHeadersWhenNoErrorThenNoError() {
-		when(this.writer1.writeHttpHeaders(this.exchange)).thenReturn(Mono.empty());
-		when(this.writer2.writeHttpHeaders(this.exchange)).thenReturn(Mono.empty());
+		given(this.writer1.writeHttpHeaders(this.exchange)).willReturn(Mono.empty());
+		given(this.writer2.writeHttpHeaders(this.exchange)).willReturn(Mono.empty());
 
 		Mono<Void> result = this.writer.writeHttpHeaders(this.exchange);
 
diff --git a/web/src/test/java/org/springframework/security/web/server/header/HttpHeaderWriterWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/header/HttpHeaderWriterWebFilterTests.java
index 576dc5c349..293e85b8a5 100644
--- a/web/src/test/java/org/springframework/security/web/server/header/HttpHeaderWriterWebFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/header/HttpHeaderWriterWebFilterTests.java
@@ -29,9 +29,9 @@ import org.springframework.security.test.web.reactive.server.WebTestHandler.WebH
 import org.springframework.test.web.reactive.server.WebTestClient;
 
 import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.never;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 
 /**
  * @author Rob Winch
@@ -47,7 +47,7 @@ public class HttpHeaderWriterWebFilterTests {
 
 	@Before
 	public void setup() {
-		when(this.writer.writeHttpHeaders(any())).thenReturn(Mono.empty());
+		given(this.writer.writeHttpHeaders(any())).willReturn(Mono.empty());
 		this.filter = new HttpHeaderWriterWebFilter(this.writer);
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/server/savedrequest/ServerRequestCacheWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/savedrequest/ServerRequestCacheWebFilterTests.java
index 5ce76f1faa..5652b680f0 100644
--- a/web/src/test/java/org/springframework/security/web/server/savedrequest/ServerRequestCacheWebFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/savedrequest/ServerRequestCacheWebFilterTests.java
@@ -35,8 +35,8 @@ import org.springframework.web.server.WebFilterChain;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 
 /**
  * Tests for {@link ServerRequestCacheWebFilter}
@@ -61,7 +61,7 @@ public class ServerRequestCacheWebFilterTests {
 	public void setup() {
 		this.requestCacheFilter = new ServerRequestCacheWebFilter();
 		this.requestCacheFilter.setRequestCache(this.requestCache);
-		when(this.chain.filter(any(ServerWebExchange.class))).thenReturn(Mono.empty());
+		given(this.chain.filter(any(ServerWebExchange.class))).willReturn(Mono.empty());
 	}
 
 	@Test
@@ -69,7 +69,7 @@ public class ServerRequestCacheWebFilterTests {
 		ServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/"));
 		ServerHttpRequest savedRequest = MockServerHttpRequest.get("/")
 				.header(HttpHeaders.ACCEPT, MediaType.TEXT_HTML.getType()).build();
-		when(this.requestCache.removeMatchingRequest(any())).thenReturn(Mono.just(savedRequest));
+		given(this.requestCache.removeMatchingRequest(any())).willReturn(Mono.just(savedRequest));
 
 		this.requestCacheFilter.filter(exchange, this.chain).block();
 
@@ -82,7 +82,7 @@ public class ServerRequestCacheWebFilterTests {
 	public void filterWhenRequestDoesNotMatchThenRequestDoesNotChange() {
 		MockServerHttpRequest initialRequest = MockServerHttpRequest.get("/").build();
 		ServerWebExchange exchange = MockServerWebExchange.from(initialRequest);
-		when(this.requestCache.removeMatchingRequest(any())).thenReturn(Mono.empty());
+		given(this.requestCache.removeMatchingRequest(any())).willReturn(Mono.empty());
 
 		this.requestCacheFilter.filter(exchange, this.chain).block();
 
diff --git a/web/src/test/java/org/springframework/security/web/server/transport/HttpsRedirectWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/transport/HttpsRedirectWebFilterTests.java
index 0601e3c8d7..dfff77d0a2 100644
--- a/web/src/test/java/org/springframework/security/web/server/transport/HttpsRedirectWebFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/transport/HttpsRedirectWebFilterTests.java
@@ -34,9 +34,9 @@ import org.springframework.web.server.WebFilterChain;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatCode;
 import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 
 /**
  * Tests for {@link HttpsRedirectWebFilter}
@@ -54,7 +54,7 @@ public class HttpsRedirectWebFilterTests {
 	@Before
 	public void configureFilter() {
 		this.filter = new HttpsRedirectWebFilter();
-		when(this.chain.filter(any(ServerWebExchange.class))).thenReturn(Mono.empty());
+		given(this.chain.filter(any(ServerWebExchange.class))).willReturn(Mono.empty());
 	}
 
 	@Test
@@ -75,7 +75,8 @@ public class HttpsRedirectWebFilterTests {
 	@Test
 	public void filterWhenExchangeMismatchesThenNoRedirect() {
 		ServerWebExchangeMatcher matcher = mock(ServerWebExchangeMatcher.class);
-		when(matcher.matches(any(ServerWebExchange.class))).thenReturn(ServerWebExchangeMatcher.MatchResult.notMatch());
+		given(matcher.matches(any(ServerWebExchange.class)))
+				.willReturn(ServerWebExchangeMatcher.MatchResult.notMatch());
 		this.filter.setRequiresHttpsRedirectMatcher(matcher);
 
 		ServerWebExchange exchange = get("http://localhost:8080");
@@ -86,7 +87,7 @@ public class HttpsRedirectWebFilterTests {
 	@Test
 	public void filterWhenExchangeMatchesAndRequestIsInsecureThenRedirects() {
 		ServerWebExchangeMatcher matcher = mock(ServerWebExchangeMatcher.class);
-		when(matcher.matches(any(ServerWebExchange.class))).thenReturn(ServerWebExchangeMatcher.MatchResult.match());
+		given(matcher.matches(any(ServerWebExchange.class))).willReturn(ServerWebExchangeMatcher.MatchResult.match());
 		this.filter.setRequiresHttpsRedirectMatcher(matcher);
 
 		ServerWebExchange exchange = get("http://localhost:8080");
@@ -100,7 +101,7 @@ public class HttpsRedirectWebFilterTests {
 	@Test
 	public void filterWhenRequestIsInsecureThenPortMapperRemapsPort() {
 		PortMapper portMapper = mock(PortMapper.class);
-		when(portMapper.lookupHttpsPort(314)).thenReturn(159);
+		given(portMapper.lookupHttpsPort(314)).willReturn(159);
 		this.filter.setPortMapper(portMapper);
 
 		ServerWebExchange exchange = get("http://localhost:314");
diff --git a/web/src/test/java/org/springframework/security/web/server/util/matcher/AndServerWebExchangeMatcherTests.java b/web/src/test/java/org/springframework/security/web/server/util/matcher/AndServerWebExchangeMatcherTests.java
index 9c32a9f027..4c94122877 100644
--- a/web/src/test/java/org/springframework/security/web/server/util/matcher/AndServerWebExchangeMatcherTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/util/matcher/AndServerWebExchangeMatcherTests.java
@@ -28,9 +28,9 @@ import org.mockito.junit.MockitoJUnitRunner;
 import org.springframework.web.server.ServerWebExchange;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.never;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 
 /**
  * @author Rob Winch
@@ -59,8 +59,8 @@ public class AndServerWebExchangeMatcherTests {
 	public void matchesWhenTrueTrueThenTrue() {
 		Map<String, Object> params1 = Collections.singletonMap("foo", "bar");
 		Map<String, Object> params2 = Collections.singletonMap("x", "y");
-		when(this.matcher1.matches(this.exchange)).thenReturn(ServerWebExchangeMatcher.MatchResult.match(params1));
-		when(this.matcher2.matches(this.exchange)).thenReturn(ServerWebExchangeMatcher.MatchResult.match(params2));
+		given(this.matcher1.matches(this.exchange)).willReturn(ServerWebExchangeMatcher.MatchResult.match(params1));
+		given(this.matcher2.matches(this.exchange)).willReturn(ServerWebExchangeMatcher.MatchResult.match(params2));
 
 		ServerWebExchangeMatcher.MatchResult matches = this.matcher.matches(this.exchange).block();
 
@@ -75,7 +75,7 @@ public class AndServerWebExchangeMatcherTests {
 
 	@Test
 	public void matchesWhenFalseFalseThenFalseAndMatcher2NotInvoked() {
-		when(this.matcher1.matches(this.exchange)).thenReturn(ServerWebExchangeMatcher.MatchResult.notMatch());
+		given(this.matcher1.matches(this.exchange)).willReturn(ServerWebExchangeMatcher.MatchResult.notMatch());
 
 		ServerWebExchangeMatcher.MatchResult matches = this.matcher.matches(this.exchange).block();
 
@@ -89,8 +89,8 @@ public class AndServerWebExchangeMatcherTests {
 	@Test
 	public void matchesWhenTrueFalseThenFalse() {
 		Map<String, Object> params = Collections.singletonMap("foo", "bar");
-		when(this.matcher1.matches(this.exchange)).thenReturn(ServerWebExchangeMatcher.MatchResult.match(params));
-		when(this.matcher2.matches(this.exchange)).thenReturn(ServerWebExchangeMatcher.MatchResult.notMatch());
+		given(this.matcher1.matches(this.exchange)).willReturn(ServerWebExchangeMatcher.MatchResult.match(params));
+		given(this.matcher2.matches(this.exchange)).willReturn(ServerWebExchangeMatcher.MatchResult.notMatch());
 
 		ServerWebExchangeMatcher.MatchResult matches = this.matcher.matches(this.exchange).block();
 
@@ -103,7 +103,7 @@ public class AndServerWebExchangeMatcherTests {
 
 	@Test
 	public void matchesWhenFalseTrueThenFalse() {
-		when(this.matcher1.matches(this.exchange)).thenReturn(ServerWebExchangeMatcher.MatchResult.notMatch());
+		given(this.matcher1.matches(this.exchange)).willReturn(ServerWebExchangeMatcher.MatchResult.notMatch());
 
 		ServerWebExchangeMatcher.MatchResult matches = this.matcher.matches(this.exchange).block();
 
diff --git a/web/src/test/java/org/springframework/security/web/server/util/matcher/NegatedServerWebExchangeMatcherTests.java b/web/src/test/java/org/springframework/security/web/server/util/matcher/NegatedServerWebExchangeMatcherTests.java
index ae7d339dc3..56684e0e01 100644
--- a/web/src/test/java/org/springframework/security/web/server/util/matcher/NegatedServerWebExchangeMatcherTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/util/matcher/NegatedServerWebExchangeMatcherTests.java
@@ -25,8 +25,8 @@ import org.mockito.junit.MockitoJUnitRunner;
 import org.springframework.web.server.ServerWebExchange;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 
 /**
  * @author Tao Qian
@@ -50,7 +50,7 @@ public class NegatedServerWebExchangeMatcherTests {
 
 	@Test
 	public void matchesWhenFalseThenTrue() {
-		when(this.matcher1.matches(this.exchange)).thenReturn(ServerWebExchangeMatcher.MatchResult.notMatch());
+		given(this.matcher1.matches(this.exchange)).willReturn(ServerWebExchangeMatcher.MatchResult.notMatch());
 
 		ServerWebExchangeMatcher.MatchResult matches = this.matcher.matches(this.exchange).block();
 
@@ -62,7 +62,7 @@ public class NegatedServerWebExchangeMatcherTests {
 
 	@Test
 	public void matchesWhenTrueThenFalse() {
-		when(this.matcher1.matches(this.exchange)).thenReturn(ServerWebExchangeMatcher.MatchResult.match());
+		given(this.matcher1.matches(this.exchange)).willReturn(ServerWebExchangeMatcher.MatchResult.match());
 
 		ServerWebExchangeMatcher.MatchResult matches = this.matcher.matches(this.exchange).block();
 
diff --git a/web/src/test/java/org/springframework/security/web/server/util/matcher/OrServerWebExchangeMatcherTests.java b/web/src/test/java/org/springframework/security/web/server/util/matcher/OrServerWebExchangeMatcherTests.java
index c46c4f0951..2bdc51806a 100644
--- a/web/src/test/java/org/springframework/security/web/server/util/matcher/OrServerWebExchangeMatcherTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/util/matcher/OrServerWebExchangeMatcherTests.java
@@ -28,9 +28,9 @@ import org.mockito.junit.MockitoJUnitRunner;
 import org.springframework.web.server.ServerWebExchange;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.never;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 
 /**
  * @author Rob Winch
@@ -57,8 +57,8 @@ public class OrServerWebExchangeMatcherTests {
 
 	@Test
 	public void matchesWhenFalseFalseThenFalse() {
-		when(this.matcher1.matches(this.exchange)).thenReturn(ServerWebExchangeMatcher.MatchResult.notMatch());
-		when(this.matcher2.matches(this.exchange)).thenReturn(ServerWebExchangeMatcher.MatchResult.notMatch());
+		given(this.matcher1.matches(this.exchange)).willReturn(ServerWebExchangeMatcher.MatchResult.notMatch());
+		given(this.matcher2.matches(this.exchange)).willReturn(ServerWebExchangeMatcher.MatchResult.notMatch());
 
 		ServerWebExchangeMatcher.MatchResult matches = this.matcher.matches(this.exchange).block();
 
@@ -72,7 +72,7 @@ public class OrServerWebExchangeMatcherTests {
 	@Test
 	public void matchesWhenTrueFalseThenTrueAndMatcher2NotInvoked() {
 		Map<String, Object> params = Collections.singletonMap("foo", "bar");
-		when(this.matcher1.matches(this.exchange)).thenReturn(ServerWebExchangeMatcher.MatchResult.match(params));
+		given(this.matcher1.matches(this.exchange)).willReturn(ServerWebExchangeMatcher.MatchResult.match(params));
 
 		ServerWebExchangeMatcher.MatchResult matches = this.matcher.matches(this.exchange).block();
 
@@ -86,8 +86,8 @@ public class OrServerWebExchangeMatcherTests {
 	@Test
 	public void matchesWhenFalseTrueThenTrue() {
 		Map<String, Object> params = Collections.singletonMap("foo", "bar");
-		when(this.matcher1.matches(this.exchange)).thenReturn(ServerWebExchangeMatcher.MatchResult.notMatch());
-		when(this.matcher2.matches(this.exchange)).thenReturn(ServerWebExchangeMatcher.MatchResult.match(params));
+		given(this.matcher1.matches(this.exchange)).willReturn(ServerWebExchangeMatcher.MatchResult.notMatch());
+		given(this.matcher2.matches(this.exchange)).willReturn(ServerWebExchangeMatcher.MatchResult.match(params));
 
 		ServerWebExchangeMatcher.MatchResult matches = this.matcher.matches(this.exchange).block();
 
diff --git a/web/src/test/java/org/springframework/security/web/server/util/matcher/PathMatcherServerWebExchangeMatcherTests.java b/web/src/test/java/org/springframework/security/web/server/util/matcher/PathMatcherServerWebExchangeMatcherTests.java
index 870347f26c..0f12d95dd0 100644
--- a/web/src/test/java/org/springframework/security/web/server/util/matcher/PathMatcherServerWebExchangeMatcherTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/util/matcher/PathMatcherServerWebExchangeMatcherTests.java
@@ -32,8 +32,8 @@ import org.springframework.web.util.pattern.PathPattern;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.verifyZeroInteractions;
-import static org.mockito.Mockito.when;
 
 /**
  * @author Rob Winch
@@ -77,16 +77,16 @@ public class PathMatcherServerWebExchangeMatcherTests {
 
 	@Test
 	public void matchesWhenPathMatcherTrueThenReturnTrue() {
-		when(this.pattern.matches(any())).thenReturn(true);
-		when(this.pattern.matchAndExtract(any())).thenReturn(this.pathMatchInfo);
-		when(this.pathMatchInfo.getUriVariables()).thenReturn(new HashMap<>());
+		given(this.pattern.matches(any())).willReturn(true);
+		given(this.pattern.matchAndExtract(any())).willReturn(this.pathMatchInfo);
+		given(this.pathMatchInfo.getUriVariables()).willReturn(new HashMap<>());
 
 		assertThat(this.matcher.matches(this.exchange).block().isMatch()).isTrue();
 	}
 
 	@Test
 	public void matchesWhenPathMatcherFalseThenReturnFalse() {
-		when(this.pattern.matches(any())).thenReturn(false);
+		given(this.pattern.matches(any())).willReturn(false);
 
 		assertThat(this.matcher.matches(this.exchange).block().isMatch()).isFalse();
 	}
@@ -95,9 +95,9 @@ public class PathMatcherServerWebExchangeMatcherTests {
 	public void matchesWhenPathMatcherTrueAndMethodTrueThenReturnTrue() {
 		this.matcher = new PathPatternParserServerWebExchangeMatcher(this.pattern,
 				this.exchange.getRequest().getMethod());
-		when(this.pattern.matches(any())).thenReturn(true);
-		when(this.pattern.matchAndExtract(any())).thenReturn(this.pathMatchInfo);
-		when(this.pathMatchInfo.getUriVariables()).thenReturn(new HashMap<>());
+		given(this.pattern.matches(any())).willReturn(true);
+		given(this.pattern.matchAndExtract(any())).willReturn(this.pathMatchInfo);
+		given(this.pathMatchInfo.getUriVariables()).willReturn(new HashMap<>());
 
 		assertThat(this.matcher.matches(this.exchange).block().isMatch()).isTrue();
 	}
diff --git a/web/src/test/java/org/springframework/security/web/servlet/util/matcher/MvcRequestMatcherTests.java b/web/src/test/java/org/springframework/security/web/servlet/util/matcher/MvcRequestMatcherTests.java
index 09d9eec0ca..867d3ff476 100644
--- a/web/src/test/java/org/springframework/security/web/servlet/util/matcher/MvcRequestMatcherTests.java
+++ b/web/src/test/java/org/springframework/security/web/servlet/util/matcher/MvcRequestMatcherTests.java
@@ -35,8 +35,8 @@ import org.springframework.web.servlet.handler.RequestMatchResult;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.verifyZeroInteractions;
-import static org.mockito.Mockito.when;
 
 /**
  * @author Rob Winch
@@ -72,7 +72,7 @@ public class MvcRequestMatcherTests {
 	@Test
 	public void extractUriTemplateVariablesSuccess() throws Exception {
 		this.matcher = new MvcRequestMatcher(this.introspector, "/{p}");
-		when(this.introspector.getMatchableHandlerMapping(this.request)).thenReturn(null);
+		given(this.introspector.getMatchableHandlerMapping(this.request)).willReturn(null);
 
 		assertThat(this.matcher.extractUriTemplateVariables(this.request)).containsEntry("p", "path");
 		assertThat(this.matcher.matcher(this.request).getVariables()).containsEntry("p", "path");
@@ -80,9 +80,9 @@ public class MvcRequestMatcherTests {
 
 	@Test
 	public void extractUriTemplateVariablesFail() throws Exception {
-		when(this.result.extractUriTemplateVariables()).thenReturn(Collections.<String, String>emptyMap());
-		when(this.introspector.getMatchableHandlerMapping(this.request)).thenReturn(this.mapping);
-		when(this.mapping.match(eq(this.request), this.pattern.capture())).thenReturn(this.result);
+		given(this.result.extractUriTemplateVariables()).willReturn(Collections.<String, String>emptyMap());
+		given(this.introspector.getMatchableHandlerMapping(this.request)).willReturn(this.mapping);
+		given(this.mapping.match(eq(this.request), this.pattern.capture())).willReturn(this.result);
 
 		assertThat(this.matcher.extractUriTemplateVariables(this.request)).isEmpty();
 		assertThat(this.matcher.matcher(this.request).getVariables()).isEmpty();
@@ -91,7 +91,7 @@ public class MvcRequestMatcherTests {
 	@Test
 	public void extractUriTemplateVariablesDefaultSuccess() throws Exception {
 		this.matcher = new MvcRequestMatcher(this.introspector, "/{p}");
-		when(this.introspector.getMatchableHandlerMapping(this.request)).thenReturn(null);
+		given(this.introspector.getMatchableHandlerMapping(this.request)).willReturn(null);
 
 		assertThat(this.matcher.extractUriTemplateVariables(this.request)).containsEntry("p", "path");
 		assertThat(this.matcher.matcher(this.request).getVariables()).containsEntry("p", "path");
@@ -100,7 +100,7 @@ public class MvcRequestMatcherTests {
 	@Test
 	public void extractUriTemplateVariablesDefaultFail() throws Exception {
 		this.matcher = new MvcRequestMatcher(this.introspector, "/nomatch/{p}");
-		when(this.introspector.getMatchableHandlerMapping(this.request)).thenReturn(null);
+		given(this.introspector.getMatchableHandlerMapping(this.request)).willReturn(null);
 
 		assertThat(this.matcher.extractUriTemplateVariables(this.request)).isEmpty();
 		assertThat(this.matcher.matcher(this.request).getVariables()).isEmpty();
@@ -108,8 +108,8 @@ public class MvcRequestMatcherTests {
 
 	@Test
 	public void matchesServletPathTrue() throws Exception {
-		when(this.introspector.getMatchableHandlerMapping(this.request)).thenReturn(this.mapping);
-		when(this.mapping.match(eq(this.request), this.pattern.capture())).thenReturn(this.result);
+		given(this.introspector.getMatchableHandlerMapping(this.request)).willReturn(this.mapping);
+		given(this.mapping.match(eq(this.request), this.pattern.capture())).willReturn(this.result);
 		this.matcher.setServletPath("/spring");
 		this.request.setServletPath("/spring");
 
@@ -127,8 +127,8 @@ public class MvcRequestMatcherTests {
 
 	@Test
 	public void matchesPathOnlyTrue() throws Exception {
-		when(this.introspector.getMatchableHandlerMapping(this.request)).thenReturn(this.mapping);
-		when(this.mapping.match(eq(this.request), this.pattern.capture())).thenReturn(this.result);
+		given(this.introspector.getMatchableHandlerMapping(this.request)).willReturn(this.mapping);
+		given(this.mapping.match(eq(this.request), this.pattern.capture())).willReturn(this.result);
 
 		assertThat(this.matcher.matches(this.request)).isTrue();
 		assertThat(this.pattern.getValue()).isEqualTo("/path");
@@ -136,7 +136,7 @@ public class MvcRequestMatcherTests {
 
 	@Test
 	public void matchesDefaultMatches() throws Exception {
-		when(this.introspector.getMatchableHandlerMapping(this.request)).thenReturn(null);
+		given(this.introspector.getMatchableHandlerMapping(this.request)).willReturn(null);
 
 		assertThat(this.matcher.matches(this.request)).isTrue();
 	}
@@ -144,14 +144,14 @@ public class MvcRequestMatcherTests {
 	@Test
 	public void matchesDefaultDoesNotMatch() throws Exception {
 		this.request.setServletPath("/other");
-		when(this.introspector.getMatchableHandlerMapping(this.request)).thenReturn(null);
+		given(this.introspector.getMatchableHandlerMapping(this.request)).willReturn(null);
 
 		assertThat(this.matcher.matches(this.request)).isFalse();
 	}
 
 	@Test
 	public void matchesPathOnlyFalse() throws Exception {
-		when(this.introspector.getMatchableHandlerMapping(this.request)).thenReturn(this.mapping);
+		given(this.introspector.getMatchableHandlerMapping(this.request)).willReturn(this.mapping);
 
 		assertThat(this.matcher.matches(this.request)).isFalse();
 	}
@@ -159,8 +159,8 @@ public class MvcRequestMatcherTests {
 	@Test
 	public void matchesMethodAndPathTrue() throws Exception {
 		this.matcher.setMethod(HttpMethod.GET);
-		when(this.introspector.getMatchableHandlerMapping(this.request)).thenReturn(this.mapping);
-		when(this.mapping.match(eq(this.request), this.pattern.capture())).thenReturn(this.result);
+		given(this.introspector.getMatchableHandlerMapping(this.request)).willReturn(this.mapping);
+		given(this.mapping.match(eq(this.request), this.pattern.capture())).willReturn(this.result);
 
 		assertThat(this.matcher.matches(this.request)).isTrue();
 		assertThat(this.pattern.getValue()).isEqualTo("/path");
@@ -193,7 +193,7 @@ public class MvcRequestMatcherTests {
 	@Test
 	public void matchesMethodAndPathFalsePath() throws Exception {
 		this.matcher.setMethod(HttpMethod.GET);
-		when(this.introspector.getMatchableHandlerMapping(this.request)).thenReturn(this.mapping);
+		given(this.introspector.getMatchableHandlerMapping(this.request)).willReturn(this.mapping);
 
 		assertThat(this.matcher.matches(this.request)).isFalse();
 	}
@@ -205,8 +205,8 @@ public class MvcRequestMatcherTests {
 
 	@Test
 	public void matchesGetMatchableHandlerMappingThrows() throws Exception {
-		when(this.introspector.getMatchableHandlerMapping(this.request))
-				.thenThrow(new HttpRequestMethodNotSupportedException(this.request.getMethod()));
+		given(this.introspector.getMatchableHandlerMapping(this.request))
+				.willThrow(new HttpRequestMethodNotSupportedException(this.request.getMethod()));
 		assertThat(this.matcher.matches(this.request)).isTrue();
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/session/SessionManagementFilterTests.java b/web/src/test/java/org/springframework/security/web/session/SessionManagementFilterTests.java
index aaca1c9f64..f973fe6331 100644
--- a/web/src/test/java/org/springframework/security/web/session/SessionManagementFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/session/SessionManagementFilterTests.java
@@ -36,12 +36,12 @@ import org.springframework.security.web.context.SecurityContextRepository;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.Mockito.doThrow;
+import static org.mockito.BDDMockito.given;
+import static org.mockito.BDDMockito.willThrow;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.verifyNoMoreInteractions;
 import static org.mockito.Mockito.verifyZeroInteractions;
-import static org.mockito.Mockito.when;
 
 /**
  * @author Luke Taylor
@@ -71,7 +71,7 @@ public class SessionManagementFilterTests {
 		SecurityContextRepository repo = mock(SecurityContextRepository.class);
 		SessionAuthenticationStrategy strategy = mock(SessionAuthenticationStrategy.class);
 		// mock that repo contains a security context
-		when(repo.containsContext(any(HttpServletRequest.class))).thenReturn(true);
+		given(repo.containsContext(any(HttpServletRequest.class))).willReturn(true);
 		SessionManagementFilter filter = new SessionManagementFilter(repo, strategy);
 		HttpServletRequest request = new MockHttpServletRequest();
 		authenticateUser();
@@ -125,7 +125,7 @@ public class SessionManagementFilterTests {
 		FilterChain fc = mock(FilterChain.class);
 		authenticateUser();
 		SessionAuthenticationException exception = new SessionAuthenticationException("Failure");
-		doThrow(exception).when(strategy).onAuthentication(SecurityContextHolder.getContext().getAuthentication(),
+		willThrow(exception).given(strategy).onAuthentication(SecurityContextHolder.getContext().getAuthentication(),
 				request, response);
 
 		filter.doFilter(request, response, fc);
diff --git a/web/src/test/java/org/springframework/security/web/util/OnCommittedResponseWrapperTests.java b/web/src/test/java/org/springframework/security/web/util/OnCommittedResponseWrapperTests.java
index 52bbca8413..d22541e9da 100644
--- a/web/src/test/java/org/springframework/security/web/util/OnCommittedResponseWrapperTests.java
+++ b/web/src/test/java/org/springframework/security/web/util/OnCommittedResponseWrapperTests.java
@@ -29,8 +29,8 @@ import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 
 @RunWith(MockitoJUnitRunner.class)
 public class OnCommittedResponseWrapperTests {
@@ -58,8 +58,8 @@ public class OnCommittedResponseWrapperTests {
 				OnCommittedResponseWrapperTests.this.committed = true;
 			}
 		};
-		when(this.delegate.getWriter()).thenReturn(this.writer);
-		when(this.delegate.getOutputStream()).thenReturn(this.out);
+		given(this.delegate.getWriter()).willReturn(this.writer);
+		given(this.delegate.getOutputStream()).willReturn(this.out);
 	}
 
 	// --- printwriter
@@ -74,7 +74,7 @@ public class OnCommittedResponseWrapperTests {
 	@Test
 	public void printWriterCheckError() throws Exception {
 		boolean expected = true;
-		when(this.writer.checkError()).thenReturn(expected);
+		given(this.writer.checkError()).willReturn(expected);
 
 		assertThat(this.response.getWriter().checkError()).isEqualTo(expected);
 	}
@@ -1118,7 +1118,7 @@ public class OnCommittedResponseWrapperTests {
 	@Test
 	public void bufferSizePrintWriterWriteCommits() throws Exception {
 		String expected = "1234567890";
-		when(this.response.getBufferSize()).thenReturn(expected.length());
+		given(this.response.getBufferSize()).willReturn(expected.length());
 
 		this.response.getWriter().write(expected);
 
@@ -1128,7 +1128,7 @@ public class OnCommittedResponseWrapperTests {
 	@Test
 	public void bufferSizeCommitsOnce() throws Exception {
 		String expected = "1234567890";
-		when(this.response.getBufferSize()).thenReturn(expected.length());
+		given(this.response.getBufferSize()).willReturn(expected.length());
 
 		this.response.getWriter().write(expected);
 
diff --git a/web/src/test/java/org/springframework/security/web/util/matcher/AndRequestMatcherTests.java b/web/src/test/java/org/springframework/security/web/util/matcher/AndRequestMatcherTests.java
index bfb6196e15..cd83fe120d 100644
--- a/web/src/test/java/org/springframework/security/web/util/matcher/AndRequestMatcherTests.java
+++ b/web/src/test/java/org/springframework/security/web/util/matcher/AndRequestMatcherTests.java
@@ -27,7 +27,7 @@ import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.Mockito.when;
+import static org.mockito.BDDMockito.given;
 
 /**
  * @author Rob Winch
@@ -79,7 +79,7 @@ public class AndRequestMatcherTests {
 
 	@Test
 	public void matchesSingleTrue() {
-		when(this.delegate.matches(this.request)).thenReturn(true);
+		given(this.delegate.matches(this.request)).willReturn(true);
 		this.matcher = new AndRequestMatcher(this.delegate);
 
 		assertThat(this.matcher.matches(this.request)).isTrue();
@@ -87,8 +87,8 @@ public class AndRequestMatcherTests {
 
 	@Test
 	public void matchesMultiTrue() {
-		when(this.delegate.matches(this.request)).thenReturn(true);
-		when(this.delegate2.matches(this.request)).thenReturn(true);
+		given(this.delegate.matches(this.request)).willReturn(true);
+		given(this.delegate2.matches(this.request)).willReturn(true);
 		this.matcher = new AndRequestMatcher(this.delegate, this.delegate2);
 
 		assertThat(this.matcher.matches(this.request)).isTrue();
@@ -96,7 +96,7 @@ public class AndRequestMatcherTests {
 
 	@Test
 	public void matchesSingleFalse() {
-		when(this.delegate.matches(this.request)).thenReturn(false);
+		given(this.delegate.matches(this.request)).willReturn(false);
 		this.matcher = new AndRequestMatcher(this.delegate);
 
 		assertThat(this.matcher.matches(this.request)).isFalse();
@@ -104,7 +104,7 @@ public class AndRequestMatcherTests {
 
 	@Test
 	public void matchesMultiBothFalse() {
-		when(this.delegate.matches(this.request)).thenReturn(false);
+		given(this.delegate.matches(this.request)).willReturn(false);
 		this.matcher = new AndRequestMatcher(this.delegate, this.delegate2);
 
 		assertThat(this.matcher.matches(this.request)).isFalse();
@@ -112,8 +112,8 @@ public class AndRequestMatcherTests {
 
 	@Test
 	public void matchesMultiSingleFalse() {
-		when(this.delegate.matches(this.request)).thenReturn(true);
-		when(this.delegate2.matches(this.request)).thenReturn(false);
+		given(this.delegate.matches(this.request)).willReturn(true);
+		given(this.delegate2.matches(this.request)).willReturn(false);
 		this.matcher = new AndRequestMatcher(this.delegate, this.delegate2);
 
 		assertThat(this.matcher.matches(this.request)).isFalse();
diff --git a/web/src/test/java/org/springframework/security/web/util/matcher/AntPathRequestMatcherTests.java b/web/src/test/java/org/springframework/security/web/util/matcher/AntPathRequestMatcherTests.java
index 600792426e..80696a0735 100644
--- a/web/src/test/java/org/springframework/security/web/util/matcher/AntPathRequestMatcherTests.java
+++ b/web/src/test/java/org/springframework/security/web/util/matcher/AntPathRequestMatcherTests.java
@@ -27,7 +27,7 @@ import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.web.util.UrlPathHelper;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.Mockito.when;
+import static org.mockito.BDDMockito.given;
 
 /**
  * @author Luke Taylor
@@ -206,7 +206,7 @@ public class AntPathRequestMatcherTests {
 	}
 
 	private HttpServletRequest createRequestWithNullMethod(String path) {
-		when(this.request.getServletPath()).thenReturn(path);
+		given(this.request.getServletPath()).willReturn(path);
 		return this.request;
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcherTests.java b/web/src/test/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcherTests.java
index 0f8db758d2..558ea6d6a5 100644
--- a/web/src/test/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcherTests.java
+++ b/web/src/test/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcherTests.java
@@ -33,7 +33,7 @@ import org.springframework.web.context.request.NativeWebRequest;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.Mockito.when;
+import static org.mockito.BDDMockito.given;
 
 /**
  * @author Rob Winch
@@ -93,8 +93,8 @@ public class MediaTypeRequestMatcherTests {
 
 	@Test
 	public void negotiationStrategyThrowsHMTNAE() throws HttpMediaTypeNotAcceptableException {
-		when(this.negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class)))
-				.thenThrow(new HttpMediaTypeNotAcceptableException("oops"));
+		given(this.negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class)))
+				.willThrow(new HttpMediaTypeNotAcceptableException("oops"));
 
 		this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, MediaType.ALL);
 		assertThat(this.matcher.matches(this.request)).isFalse();
@@ -103,8 +103,8 @@ public class MediaTypeRequestMatcherTests {
 	@Test
 	public void mediaAllMatches() throws Exception {
 
-		when(this.negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class)))
-				.thenReturn(Arrays.asList(MediaType.ALL));
+		given(this.negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class)))
+				.willReturn(Arrays.asList(MediaType.ALL));
 
 		this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, MediaType.TEXT_HTML);
 		assertThat(this.matcher.matches(this.request)).isTrue();
@@ -187,8 +187,8 @@ public class MediaTypeRequestMatcherTests {
 
 	@Test
 	public void multipleMediaType() throws HttpMediaTypeNotAcceptableException {
-		when(this.negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class)))
-				.thenReturn(Arrays.asList(MediaType.TEXT_PLAIN, MediaType.APPLICATION_XHTML_XML, MediaType.TEXT_HTML));
+		given(this.negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class)))
+				.willReturn(Arrays.asList(MediaType.TEXT_PLAIN, MediaType.APPLICATION_XHTML_XML, MediaType.TEXT_HTML));
 
 		this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, MediaType.APPLICATION_ATOM_XML,
 				MediaType.TEXT_HTML);
@@ -205,8 +205,8 @@ public class MediaTypeRequestMatcherTests {
 
 	@Test
 	public void resolveTextPlainMatchesTextAll() throws HttpMediaTypeNotAcceptableException {
-		when(this.negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class)))
-				.thenReturn(Arrays.asList(MediaType.TEXT_PLAIN));
+		given(this.negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class)))
+				.willReturn(Arrays.asList(MediaType.TEXT_PLAIN));
 
 		this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, new MediaType("text", "*"));
 		assertThat(this.matcher.matches(this.request)).isTrue();
@@ -222,8 +222,8 @@ public class MediaTypeRequestMatcherTests {
 
 	@Test
 	public void resolveTextAllMatchesTextPlain() throws HttpMediaTypeNotAcceptableException {
-		when(this.negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class)))
-				.thenReturn(Arrays.asList(new MediaType("text", "*")));
+		given(this.negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class)))
+				.willReturn(Arrays.asList(new MediaType("text", "*")));
 
 		this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, MediaType.TEXT_PLAIN);
 		assertThat(this.matcher.matches(this.request)).isTrue();
@@ -241,8 +241,8 @@ public class MediaTypeRequestMatcherTests {
 
 	@Test
 	public void useEqualsResolveTextAllMatchesTextPlain() throws HttpMediaTypeNotAcceptableException {
-		when(this.negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class)))
-				.thenReturn(Arrays.asList(new MediaType("text", "*")));
+		given(this.negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class)))
+				.willReturn(Arrays.asList(new MediaType("text", "*")));
 
 		this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, MediaType.TEXT_PLAIN);
 		this.matcher.setUseEquals(true);
@@ -260,8 +260,8 @@ public class MediaTypeRequestMatcherTests {
 
 	@Test
 	public void useEqualsResolveTextPlainMatchesTextAll() throws HttpMediaTypeNotAcceptableException {
-		when(this.negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class)))
-				.thenReturn(Arrays.asList(MediaType.TEXT_PLAIN));
+		given(this.negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class)))
+				.willReturn(Arrays.asList(MediaType.TEXT_PLAIN));
 
 		this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, new MediaType("text", "*"));
 		this.matcher.setUseEquals(true);
@@ -279,8 +279,8 @@ public class MediaTypeRequestMatcherTests {
 
 	@Test
 	public void useEqualsSame() throws HttpMediaTypeNotAcceptableException {
-		when(this.negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class)))
-				.thenReturn(Arrays.asList(MediaType.TEXT_PLAIN));
+		given(this.negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class)))
+				.willReturn(Arrays.asList(MediaType.TEXT_PLAIN));
 
 		this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, MediaType.TEXT_PLAIN);
 		this.matcher.setUseEquals(true);
@@ -298,8 +298,8 @@ public class MediaTypeRequestMatcherTests {
 
 	@Test
 	public void useEqualsWithCustomMediaType() throws HttpMediaTypeNotAcceptableException {
-		when(this.negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class)))
-				.thenReturn(Arrays.asList(new MediaType("text", "unique")));
+		given(this.negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class)))
+				.willReturn(Arrays.asList(new MediaType("text", "unique")));
 
 		this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, new MediaType("text", "unique"));
 		this.matcher.setUseEquals(true);
@@ -319,8 +319,8 @@ public class MediaTypeRequestMatcherTests {
 
 	@Test
 	public void mediaAllIgnoreMediaTypeAll() throws HttpMediaTypeNotAcceptableException {
-		when(this.negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class)))
-				.thenReturn(Arrays.asList(MediaType.ALL));
+		given(this.negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class)))
+				.willReturn(Arrays.asList(MediaType.ALL));
 		this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, MediaType.TEXT_HTML);
 		this.matcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL));
 
@@ -338,8 +338,8 @@ public class MediaTypeRequestMatcherTests {
 
 	@Test
 	public void mediaAllAndTextHtmlIgnoreMediaTypeAll() throws HttpMediaTypeNotAcceptableException {
-		when(this.negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class)))
-				.thenReturn(Arrays.asList(MediaType.ALL, MediaType.TEXT_HTML));
+		given(this.negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class)))
+				.willReturn(Arrays.asList(MediaType.ALL, MediaType.TEXT_HTML));
 		this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, MediaType.TEXT_HTML);
 		this.matcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL));
 
@@ -357,8 +357,8 @@ public class MediaTypeRequestMatcherTests {
 
 	@Test
 	public void mediaAllQ08AndTextPlainIgnoreMediaTypeAll() throws HttpMediaTypeNotAcceptableException {
-		when(this.negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class)))
-				.thenReturn(Arrays.asList(MediaType.TEXT_PLAIN, MediaType.parseMediaType("*/*;q=0.8")));
+		given(this.negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class)))
+				.willReturn(Arrays.asList(MediaType.TEXT_PLAIN, MediaType.parseMediaType("*/*;q=0.8")));
 		this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, MediaType.TEXT_HTML);
 		this.matcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL));
 
diff --git a/web/src/test/java/org/springframework/security/web/util/matcher/NegatedRequestMatcherTests.java b/web/src/test/java/org/springframework/security/web/util/matcher/NegatedRequestMatcherTests.java
index c587839f38..64ecf24e69 100644
--- a/web/src/test/java/org/springframework/security/web/util/matcher/NegatedRequestMatcherTests.java
+++ b/web/src/test/java/org/springframework/security/web/util/matcher/NegatedRequestMatcherTests.java
@@ -23,7 +23,7 @@ import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.Mockito.when;
+import static org.mockito.BDDMockito.given;
 
 /**
  * @author Rob Winch
@@ -47,7 +47,7 @@ public class NegatedRequestMatcherTests {
 
 	@Test
 	public void matchesDelegateFalse() {
-		when(this.delegate.matches(this.request)).thenReturn(false);
+		given(this.delegate.matches(this.request)).willReturn(false);
 		this.matcher = new NegatedRequestMatcher(this.delegate);
 
 		assertThat(this.matcher.matches(this.request)).isTrue();
@@ -55,7 +55,7 @@ public class NegatedRequestMatcherTests {
 
 	@Test
 	public void matchesDelegateTrue() {
-		when(this.delegate.matches(this.request)).thenReturn(true);
+		given(this.delegate.matches(this.request)).willReturn(true);
 		this.matcher = new NegatedRequestMatcher(this.delegate);
 
 		assertThat(this.matcher.matches(this.request)).isFalse();
diff --git a/web/src/test/java/org/springframework/security/web/util/matcher/OrRequestMatcherTests.java b/web/src/test/java/org/springframework/security/web/util/matcher/OrRequestMatcherTests.java
index 0401304aa7..8da438fb84 100644
--- a/web/src/test/java/org/springframework/security/web/util/matcher/OrRequestMatcherTests.java
+++ b/web/src/test/java/org/springframework/security/web/util/matcher/OrRequestMatcherTests.java
@@ -27,7 +27,7 @@ import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.Mockito.when;
+import static org.mockito.BDDMockito.given;
 
 /**
  * @author Rob Winch
@@ -79,7 +79,7 @@ public class OrRequestMatcherTests {
 
 	@Test
 	public void matchesSingleTrue() {
-		when(this.delegate.matches(this.request)).thenReturn(true);
+		given(this.delegate.matches(this.request)).willReturn(true);
 		this.matcher = new OrRequestMatcher(this.delegate);
 
 		assertThat(this.matcher.matches(this.request)).isTrue();
@@ -87,7 +87,7 @@ public class OrRequestMatcherTests {
 
 	@Test
 	public void matchesMultiTrue() {
-		when(this.delegate.matches(this.request)).thenReturn(true);
+		given(this.delegate.matches(this.request)).willReturn(true);
 		this.matcher = new OrRequestMatcher(this.delegate, this.delegate2);
 
 		assertThat(this.matcher.matches(this.request)).isTrue();
@@ -95,7 +95,7 @@ public class OrRequestMatcherTests {
 
 	@Test
 	public void matchesSingleFalse() {
-		when(this.delegate.matches(this.request)).thenReturn(false);
+		given(this.delegate.matches(this.request)).willReturn(false);
 		this.matcher = new OrRequestMatcher(this.delegate);
 
 		assertThat(this.matcher.matches(this.request)).isFalse();
@@ -103,8 +103,8 @@ public class OrRequestMatcherTests {
 
 	@Test
 	public void matchesMultiBothFalse() {
-		when(this.delegate.matches(this.request)).thenReturn(false);
-		when(this.delegate2.matches(this.request)).thenReturn(false);
+		given(this.delegate.matches(this.request)).willReturn(false);
+		given(this.delegate2.matches(this.request)).willReturn(false);
 		this.matcher = new OrRequestMatcher(this.delegate, this.delegate2);
 
 		assertThat(this.matcher.matches(this.request)).isFalse();
@@ -112,7 +112,7 @@ public class OrRequestMatcherTests {
 
 	@Test
 	public void matchesMultiSingleFalse() {
-		when(this.delegate.matches(this.request)).thenReturn(true);
+		given(this.delegate.matches(this.request)).willReturn(true);
 		this.matcher = new OrRequestMatcher(this.delegate, this.delegate2);
 
 		assertThat(this.matcher.matches(this.request)).isTrue();
diff --git a/web/src/test/java/org/springframework/security/web/util/matcher/RegexRequestMatcherTests.java b/web/src/test/java/org/springframework/security/web/util/matcher/RegexRequestMatcherTests.java
index 298629371b..37d2b2fca4 100644
--- a/web/src/test/java/org/springframework/security/web/util/matcher/RegexRequestMatcherTests.java
+++ b/web/src/test/java/org/springframework/security/web/util/matcher/RegexRequestMatcherTests.java
@@ -26,7 +26,7 @@ import org.mockito.junit.MockitoJUnitRunner;
 import org.springframework.mock.web.MockHttpServletRequest;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.Mockito.when;
+import static org.mockito.BDDMockito.given;
 
 /**
  * @author Luke Taylor
@@ -115,8 +115,8 @@ public class RegexRequestMatcherTests {
 	}
 
 	private HttpServletRequest createRequestWithNullMethod(String path) {
-		when(this.request.getQueryString()).thenReturn("doesntMatter");
-		when(this.request.getServletPath()).thenReturn(path);
+		given(this.request.getQueryString()).willReturn("doesntMatter");
+		given(this.request.getServletPath()).willReturn(path);
 		return this.request;
 	}
 

From b69825d9257497078b3f2ec9db88163b7d48ad04 Mon Sep 17 00:00:00 2001
From: Phillip Webb <pwebb@vmware.com>
Date: Mon, 27 Jul 2020 20:16:05 -0700
Subject: [PATCH 35/84] Simplify boolean expression

Simplify boolean expression of the form `if (b == true)` to instead
just use the form `if (b)`.

Issue gh-8945
---
 .../security/config/http/HeadersBeanDefinitionParser.java       | 2 +-
 etc/checkstyle/checkstyle-suppressions.xml                      | 1 -
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/config/src/main/java/org/springframework/security/config/http/HeadersBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/HeadersBeanDefinitionParser.java
index 0d24b203cb..1116d171db 100644
--- a/config/src/main/java/org/springframework/security/config/http/HeadersBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/HeadersBeanDefinitionParser.java
@@ -234,7 +234,7 @@ public class HeadersBeanDefinitionParser implements BeanDefinitionParser {
 				headersWriter.addPropertyValue("preload", preload);
 			}
 
-			if (disabled == true) {
+			if (disabled) {
 				return;
 			}
 		}
diff --git a/etc/checkstyle/checkstyle-suppressions.xml b/etc/checkstyle/checkstyle-suppressions.xml
index 92888c1f7f..7f80bd3ecc 100644
--- a/etc/checkstyle/checkstyle-suppressions.xml
+++ b/etc/checkstyle/checkstyle-suppressions.xml
@@ -3,7 +3,6 @@
 		"-//Checkstyle//DTD SuppressionFilter Configuration 1.2//EN"
 		"https://checkstyle.org/dtds/suppressions_1_2.dtd">
 <suppressions>
-	<suppress files=".*" checks="SimplifyBooleanExpression" />
 	<suppress files=".*" checks="SimplifyBooleanReturn" />
 	<suppress files=".*" checks="SpringAvoidStaticImport" />
 	<suppress files=".*" checks="SpringCatch" />

From 9a3fa6e812414f4e64dfef55549eec2251b98680 Mon Sep 17 00:00:00 2001
From: Phillip Webb <pwebb@vmware.com>
Date: Mon, 27 Jul 2020 20:22:28 -0700
Subject: [PATCH 36/84] Simplify boolean returns

Simplify boolean returns of the form:

	if (b) {
		return true;
	} else {
		return false;
	}

to:

	return b;

Issue gh-8945
---
 .../security/access/vote/AuthenticatedVoter.java         | 9 ++-------
 .../springframework/security/access/vote/RoleVoter.java  | 7 +------
 .../security/core/userdetails/memory/UserAttribute.java  | 7 +------
 .../security/access/vote/DenyAgainVoter.java             | 7 +------
 .../springframework/security/access/vote/DenyVoter.java  | 7 +------
 etc/checkstyle/checkstyle-suppressions.xml               | 1 -
 .../access/channel/ChannelDecisionManagerImplTests.java  | 7 +------
 .../web/access/channel/ChannelProcessingFilterTests.java | 7 +------
 8 files changed, 8 insertions(+), 44 deletions(-)

diff --git a/core/src/main/java/org/springframework/security/access/vote/AuthenticatedVoter.java b/core/src/main/java/org/springframework/security/access/vote/AuthenticatedVoter.java
index 606f24365b..364485b8ec 100644
--- a/core/src/main/java/org/springframework/security/access/vote/AuthenticatedVoter.java
+++ b/core/src/main/java/org/springframework/security/access/vote/AuthenticatedVoter.java
@@ -68,14 +68,9 @@ public class AuthenticatedVoter implements AccessDecisionVoter<Object> {
 
 	@Override
 	public boolean supports(ConfigAttribute attribute) {
-		if ((attribute.getAttribute() != null) && (IS_AUTHENTICATED_FULLY.equals(attribute.getAttribute())
+		return (attribute.getAttribute() != null) && (IS_AUTHENTICATED_FULLY.equals(attribute.getAttribute())
 				|| IS_AUTHENTICATED_REMEMBERED.equals(attribute.getAttribute())
-				|| IS_AUTHENTICATED_ANONYMOUSLY.equals(attribute.getAttribute()))) {
-			return true;
-		}
-		else {
-			return false;
-		}
+				|| IS_AUTHENTICATED_ANONYMOUSLY.equals(attribute.getAttribute()));
 	}
 
 	/**
diff --git a/core/src/main/java/org/springframework/security/access/vote/RoleVoter.java b/core/src/main/java/org/springframework/security/access/vote/RoleVoter.java
index 1ea83e03c3..e20808eb73 100644
--- a/core/src/main/java/org/springframework/security/access/vote/RoleVoter.java
+++ b/core/src/main/java/org/springframework/security/access/vote/RoleVoter.java
@@ -68,12 +68,7 @@ public class RoleVoter implements AccessDecisionVoter<Object> {
 
 	@Override
 	public boolean supports(ConfigAttribute attribute) {
-		if ((attribute.getAttribute() != null) && attribute.getAttribute().startsWith(getRolePrefix())) {
-			return true;
-		}
-		else {
-			return false;
-		}
+		return (attribute.getAttribute() != null) && attribute.getAttribute().startsWith(getRolePrefix());
 	}
 
 	/**
diff --git a/core/src/main/java/org/springframework/security/core/userdetails/memory/UserAttribute.java b/core/src/main/java/org/springframework/security/core/userdetails/memory/UserAttribute.java
index 309b16e72d..8e3643a223 100644
--- a/core/src/main/java/org/springframework/security/core/userdetails/memory/UserAttribute.java
+++ b/core/src/main/java/org/springframework/security/core/userdetails/memory/UserAttribute.java
@@ -76,12 +76,7 @@ public class UserAttribute {
 	}
 
 	public boolean isValid() {
-		if ((this.password != null) && (this.authorities.size() > 0)) {
-			return true;
-		}
-		else {
-			return false;
-		}
+		return (this.password != null) && (this.authorities.size() > 0);
 	}
 
 	public void setEnabled(boolean enabled) {
diff --git a/core/src/test/java/org/springframework/security/access/vote/DenyAgainVoter.java b/core/src/test/java/org/springframework/security/access/vote/DenyAgainVoter.java
index 758e3059a7..f6e2977982 100644
--- a/core/src/test/java/org/springframework/security/access/vote/DenyAgainVoter.java
+++ b/core/src/test/java/org/springframework/security/access/vote/DenyAgainVoter.java
@@ -37,12 +37,7 @@ public class DenyAgainVoter implements AccessDecisionVoter<Object> {
 
 	@Override
 	public boolean supports(ConfigAttribute attribute) {
-		if ("DENY_AGAIN_FOR_SURE".equals(attribute.getAttribute())) {
-			return true;
-		}
-		else {
-			return false;
-		}
+		return "DENY_AGAIN_FOR_SURE".equals(attribute.getAttribute());
 	}
 
 	@Override
diff --git a/core/src/test/java/org/springframework/security/access/vote/DenyVoter.java b/core/src/test/java/org/springframework/security/access/vote/DenyVoter.java
index 13bbada456..ae548752f1 100644
--- a/core/src/test/java/org/springframework/security/access/vote/DenyVoter.java
+++ b/core/src/test/java/org/springframework/security/access/vote/DenyVoter.java
@@ -39,12 +39,7 @@ public class DenyVoter implements AccessDecisionVoter<Object> {
 
 	@Override
 	public boolean supports(ConfigAttribute attribute) {
-		if ("DENY_FOR_SURE".equals(attribute.getAttribute())) {
-			return true;
-		}
-		else {
-			return false;
-		}
+		return "DENY_FOR_SURE".equals(attribute.getAttribute());
 	}
 
 	@Override
diff --git a/etc/checkstyle/checkstyle-suppressions.xml b/etc/checkstyle/checkstyle-suppressions.xml
index 7f80bd3ecc..a0d4fa92c7 100644
--- a/etc/checkstyle/checkstyle-suppressions.xml
+++ b/etc/checkstyle/checkstyle-suppressions.xml
@@ -3,7 +3,6 @@
 		"-//Checkstyle//DTD SuppressionFilter Configuration 1.2//EN"
 		"https://checkstyle.org/dtds/suppressions_1_2.dtd">
 <suppressions>
-	<suppress files=".*" checks="SimplifyBooleanReturn" />
 	<suppress files=".*" checks="SpringAvoidStaticImport" />
 	<suppress files=".*" checks="SpringCatch" />
 	<suppress files=".*" checks="SpringHeader" />
diff --git a/web/src/test/java/org/springframework/security/web/access/channel/ChannelDecisionManagerImplTests.java b/web/src/test/java/org/springframework/security/web/access/channel/ChannelDecisionManagerImplTests.java
index e2bd4810de..41d60e69c7 100644
--- a/web/src/test/java/org/springframework/security/web/access/channel/ChannelDecisionManagerImplTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/channel/ChannelDecisionManagerImplTests.java
@@ -220,12 +220,7 @@ public class ChannelDecisionManagerImplTests {
 
 		@Override
 		public boolean supports(ConfigAttribute attribute) {
-			if (attribute.getAttribute().equals(this.configAttribute)) {
-				return true;
-			}
-			else {
-				return false;
-			}
+			return attribute.getAttribute().equals(this.configAttribute);
 		}
 
 	}
diff --git a/web/src/test/java/org/springframework/security/web/access/channel/ChannelProcessingFilterTests.java b/web/src/test/java/org/springframework/security/web/access/channel/ChannelProcessingFilterTests.java
index 64ad763950..f539e6eafe 100644
--- a/web/src/test/java/org/springframework/security/web/access/channel/ChannelProcessingFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/channel/ChannelProcessingFilterTests.java
@@ -170,12 +170,7 @@ public class ChannelProcessingFilterTests {
 
 		@Override
 		public boolean supports(ConfigAttribute attribute) {
-			if (attribute.getAttribute().equals(this.supportAttribute)) {
-				return true;
-			}
-			else {
-				return false;
-			}
+			return attribute.getAttribute().equals(this.supportAttribute);
 		}
 
 	}

From e9130489a6428bdc0f05e75276e02391facfe1b3 Mon Sep 17 00:00:00 2001
From: Phillip Webb <pwebb@vmware.com>
Date: Mon, 27 Jul 2020 21:34:26 -0700
Subject: [PATCH 37/84] Remove restricted static imports

Replace static imports with class referenced methods. With the exception
of a few well known static imports, checkstyle restricts the static
imports that a class can use. For example, `asList(...)` would be
replaced with `Arrays.asList(...)`.

Issue gh-8945
---
 .../acls/jdbc/JdbcAclServiceTests.java        |   4 +-
 ...onProviderBuilderSecurityBuilderTests.java |  12 +-
 ...AuthenticationProviderConfigurerTests.java |  13 +-
 .../config/annotation/rsocket/JwtITests.java  |   5 +-
 .../rsocket/SimpleAuthenticationITests.java   |   5 +-
 ...pUserServiceBeanDefinitionParserTests.java |  20 +-
 .../SecurityReactorContextConfiguration.java  |   4 +-
 .../OAuth2ResourceServerConfigurer.java       |   4 +-
 .../saml2/Saml2LoginConfigurer.java           |   5 +-
 .../http/AuthenticationConfigBuilder.java     |  53 ++---
 ...nvocationSecurityMetadataSourceParser.java |   4 +-
 .../config/http/HttpConfigurationBuilder.java |  52 ++---
 .../OAuth2ClientBeanDefinitionParser.java     |  18 +-
 .../http/OAuth2LoginBeanDefinitionParser.java |  18 +-
 ...balMethodSecurityBeanDefinitionParser.java |  24 +-
 ...ageBrokerSecurityBeanDefinitionParser.java |   4 +-
 .../config/SecurityNamespaceHandlerTests.java |  42 ++--
 .../NamespaceAuthenticationManagerTests.java  |   6 +-
 ...reBeanFactoryObjectPostProcessorTests.java |   2 +-
 ...curityConfigurerAdapterPowermockTests.java |   8 +-
 .../WebSecurityConfigurerAdapterTests.java    |  11 +-
 .../web/builders/HttpConfigurationTests.java  |  13 +-
 .../OAuth2ClientConfigurationTests.java       |  32 ++-
 ...ntextConfigurationResourceServerTests.java |  16 +-
 ...urityReactorContextConfigurationTests.java |  23 +-
 .../HeadersConfigurerEagerHeadersTests.java   |   9 +-
 .../web/configurers/Issue55Tests.java         |   2 +-
 .../LogoutConfigurerClearSiteDataTests.java   |  17 +-
 .../NamespaceHttpOpenIDLoginTests.java        |   4 +-
 ...ionManagementConfigurerServlet31Tests.java |   2 +-
 .../client/OAuth2LoginConfigurerTests.java    |   8 +-
 .../OAuth2ResourceServerConfigurerTests.java  |  33 ++-
 .../openid/OpenIDLoginConfigurerTests.java    |   6 +-
 .../saml2/Saml2LoginConfigurerTests.java      |  23 +-
 .../saml2/TestSaml2Credentials.java           |   9 +-
 .../reactive/EnableWebFluxSecurityTests.java  |   7 +-
 ...SocketMessageBrokerConfigurerDocTests.java |   4 +-
 ...ceFactoryBeanPropertiesResourceITests.java |   2 +-
 ...yBeanPropertiesResourceLocationITests.java |   2 +-
 ...erviceResourceFactoryBeanStringITests.java |   2 +-
 .../UserDetailsResourceFactoryBeanTests.java  |   2 +-
 ...ityDebugBeanFactoryPostProcessorTests.java |   8 +-
 .../security/config/http/CsrfConfigTests.java |  17 +-
 .../FormLoginBeanDefinitionParserTests.java   |   4 +-
 .../config/http/MiscHttpConfigTests.java      |   6 +-
 ...OAuth2ClientBeanDefinitionParserTests.java |   6 +-
 .../OAuth2LoginBeanDefinitionParserTests.java |  22 +-
 ...sourceServerBeanDefinitionParserTests.java |  70 +++---
 .../config/http/OpenIDConfigTests.java        |   4 +-
 .../config/http/RememberMeConfigTests.java    |  42 ++--
 ...yContextHolderAwareRequestConfigTests.java |   2 +-
 ...SessionManagementConfigServlet31Tests.java |   2 +-
 .../http/SessionManagementConfigTests.java    |   8 +-
 .../CustomHttpSecurityConfigurerTests.java    |   5 +-
 ...thodSecurityBeanDefinitionParserTests.java |  29 +--
 ...ceFactoryBeanPropertiesResourceITests.java |   2 +-
 ...yBeanPropertiesResourceLocationITests.java |   2 +-
 ...anagerResourceFactoryBeanStringITests.java |   2 +-
 .../config/test/SpringTestContext.java        |   4 +-
 .../InMemoryXmlWebApplicationContext.java     |  11 +-
 .../config/web/server/CorsSpecTests.java      |   2 +-
 .../config/web/server/HeaderSpecTests.java    |   2 +-
 .../config/web/server/OAuth2LoginTests.java   |   4 +-
 .../server/OAuth2ResourceServerSpecTests.java |   6 +-
 .../web/server/ServerHttpSecurityTests.java   |  24 +-
 .../RoleHierarchyUtilsTests.java              |  12 +-
 ...yContextScheduledExecutorServiceTests.java |  10 +-
 ...tDelegatingSecurityContextTestSupport.java |  25 ++-
 .../core/SpringSecurityCoreVersionTests.java  |  51 +++--
 ...PasswordAuthenticationTokenMixinTests.java |   9 +-
 .../crypto/encrypt/AesBytesEncryptor.java     |  29 +--
 .../BouncyCastleAesCbcBytesEncryptor.java     |  10 +-
 .../BouncyCastleAesGcmBytesEncryptor.java     |  10 +-
 .../password/AbstractPasswordEncoder.java     |   8 +-
 .../password/Pbkdf2PasswordEncoder.java       |  12 +-
 .../password/StandardPasswordEncoder.java     |  10 +-
 .../encrypt/AesBytesEncryptorTests.java       |  12 +-
 etc/checkstyle/checkstyle-suppressions.xml    |   1 -
 .../AbstractMessageMatcherComposite.java      |  12 +-
 ...ageSecurityMetadataSourceFactoryTests.java |  10 +-
 .../MessageExpressionVoterTests.java          |  19 +-
 ...ultMessageSecurityMetadataSourceTests.java |   6 +-
 ...ecurityContextChannelInterceptorTests.java |   3 +-
 .../handler/invocation/ResolvableMethod.java  |  15 +-
 ...activeOAuth2AccessTokenResponseClient.java |   5 +-
 ...2AuthorizationGrantRequestEntityUtils.java |   4 +-
 .../ClientRegistrationDeserializer.java       |  45 ++--
 ...Auth2AuthorizationRequestDeserializer.java |  30 ++-
 .../oauth2/client/jackson2/StdConverters.java |  10 +-
 .../OidcIdTokenDecoderFactory.java            |   7 +-
 .../ReactiveOidcIdTokenDecoderFactory.java    |   9 +-
 .../registration/ClientRegistration.java      |   4 +-
 .../OAuth2UserRequestEntityConverter.java     |   4 +-
 .../client/OAuth2AuthorizedClientTests.java   |   8 +-
 ...zationCodeAuthenticationProviderTests.java |  30 +--
 ...orizationCodeAuthenticationTokenTests.java |  15 +-
 ...Auth2LoginAuthenticationProviderTests.java |  22 +-
 .../OAuth2LoginAuthenticationTokenTests.java  |  15 +-
 ...orizationCodeTokenResponseClientTests.java |  23 +-
 ...nCodeGrantRequestEntityConverterTests.java |   5 +-
 ...th2AuthorizationCodeGrantRequestTests.java |   8 +-
 ...tialsGrantRequestEntityConverterTests.java |   3 +-
 ...th2ClientCredentialsGrantRequestTests.java |   2 +-
 ...swordGrantRequestEntityConverterTests.java |   3 +-
 ...TokenGrantRequestEntityConverterTests.java |   3 +-
 .../OAuth2AuthenticationTokenMixinTests.java  |   4 +-
 ...zationCodeAuthenticationProviderTests.java |  33 +--
 ...odeReactiveAuthenticationManagerTests.java |  17 +-
 .../OidcReactiveOAuth2UserServiceTests.java   |  15 +-
 .../oidc/userinfo/OidcUserRequestTests.java   |   8 +-
 .../oidc/userinfo/OidcUserServiceTests.java   |  24 +-
 .../registration/ClientRegistrationTests.java |  16 +-
 ...CustomUserTypesOAuth2UserServiceTests.java |  12 +-
 .../DefaultOAuth2UserServiceTests.java        |  17 +-
 ...DefaultReactiveOAuth2UserServiceTests.java |  11 +-
 ...OAuth2UserRequestEntityConverterTests.java |   3 +-
 ...uth2AuthorizationCodeGrantFilterTests.java |  15 +-
 .../OAuth2LoginAuthenticationFilterTests.java |   5 +-
 ...AuthorizedClientArgumentResolverTests.java |   4 +-
 ...zedClientExchangeFilterFunctionITests.java |  29 ++-
 ...izedClientExchangeFilterFunctionTests.java | 112 ++++++----
 ...zedClientExchangeFilterFunctionITests.java |  25 ++-
 ...izedClientExchangeFilterFunctionTests.java | 203 ++++++++++-------
 ...2AuthorizationCodeGrantWebFilterTests.java |   5 +-
 ...rizationRequestRedirectWebFilterTests.java |   2 +-
 .../DefaultOAuth2AuthenticatedPrincipal.java  |   6 +-
 .../oauth2/core/oidc/OidcIdToken.java         |  41 ++--
 .../oauth2/core/oidc/OidcUserInfo.java        |  61 ++----
 .../OAuth2AuthorizationExchangeTests.java     |  10 +-
 .../core/oidc/OidcIdTokenBuilderTests.java    |  14 +-
 .../core/oidc/OidcUserInfoBuilderTests.java   |   8 +-
 .../oauth2/core/oidc/OidcUserInfoTests.java   |  29 +--
 .../oauth2/core/oidc/TestOidcIdTokens.java    |   6 +-
 .../security/oauth2/jwt/Jwt.java              |  26 +--
 .../security/oauth2/jwt/JwtDecoders.java      |   4 +-
 .../oauth2/jwt/JwtIssuerValidator.java        |   4 +-
 .../jwt/NimbusJwtDecoderJwkSupport.java       |   5 +-
 .../oauth2/jwt/ReactiveJwtDecoders.java       |   5 +-
 .../security/oauth2/jwt/JwtBuilderTests.java  |  13 +-
 .../oauth2/jwt/JwtClaimValidatorTests.java    |  11 +-
 .../oauth2/jwt/JwtIssuerValidatorTests.java   |   9 +-
 .../jwt/JwtTimestampValidatorTests.java       |  24 +-
 .../jwt/NimbusJwtDecoderJwkSupportTests.java  |   4 +-
 .../oauth2/jwt/NimbusJwtDecoderTests.java     |  82 ++++---
 .../jwt/NimbusReactiveJwtDecoderTests.java    |  79 ++++---
 .../server/resource/BearerTokenErrors.java    |  13 +-
 .../resource/InvalidBearerTokenException.java |   6 +-
 .../OpaqueTokenAuthenticationProvider.java    |   8 +-
 ...queTokenReactiveAuthenticationManager.java |   8 +-
 .../NimbusOpaqueTokenIntrospector.java        |  25 +--
 ...NimbusReactiveOpaqueTokenIntrospector.java |  25 +--
 .../web/DefaultBearerTokenResolver.java       |  11 +-
 ...verBearerTokenAuthenticationConverter.java |   9 +-
 .../resource/BearerTokenErrorsTests.java      |  32 ++-
 ...icationEventPublisherBearerTokenTests.java |   4 +-
 .../BearerTokenAuthenticationTests.java       |  13 +-
 .../JwtAuthenticationConverterTests.java      |   8 +-
 .../JwtAuthenticationProviderTests.java       |   6 +-
 .../JwtAuthenticationTokenTests.java          |   4 +-
 .../JwtGrantedAuthoritiesConverterTests.java  |  36 +--
 ...uerAuthenticationManagerResolverTests.java |   4 +-
 ...iveAuthenticationManagerResolverTests.java |   4 +-
 ...JwtReactiveAuthenticationManagerTests.java |   4 +-
 ...paqueTokenAuthenticationProviderTests.java |  32 ++-
 ...kenReactiveAuthenticationManagerTests.java |  32 ++-
 ...wtAuthenticationConverterAdapterTests.java |  15 +-
 ...activeJwtAuthenticationConverterTests.java |   6 +-
 ...antedAuthoritiesConverterAdapterTests.java |   4 +-
 .../NimbusOpaqueTokenIntrospectorTests.java   |  30 ++-
 ...sReactiveOpaqueTokenIntrospectorTests.java |  30 ++-
 ...rverBearerExchangeFilterFunctionTests.java |  10 +-
 ...vletBearerExchangeFilterFunctionTests.java |  14 +-
 .../AuthorizationPayloadInterceptorTests.java |  13 +-
 .../core/OpenSamlInitializationService.java   |  20 +-
 .../saml2/core/Saml2X509Credential.java       |  16 +-
 .../credentials/Saml2X509Credential.java      |  16 +-
 .../OpenSamlAuthenticationProvider.java       |  86 ++++----
 .../OpenSamlAuthenticationRequestFactory.java |  14 +-
 .../Saml2AuthenticationRequestFactory.java    |  14 +-
 .../Saml2AuthenticationToken.java             |   7 +-
 .../Saml2PostAuthenticationRequest.java       |   4 +-
 .../Saml2RedirectAuthenticationRequest.java   |   4 +-
 .../service/authentication/Saml2Utils.java    |  10 +-
 .../metadata/OpenSamlMetadataResolver.java    |  10 +-
 ...oryRelyingPartyRegistrationRepository.java |  13 +-
 ...gistrationBuilderHttpMessageConverter.java |  21 +-
 .../servlet/filter/Saml2ServletUtils.java     |  74 +++++++
 .../Saml2WebSsoAuthenticationFilter.java      |  10 +-
 ...aml2WebSsoAuthenticationRequestFilter.java |   6 +-
 ...faultRelyingPartyRegistrationResolver.java |  14 +-
 .../Saml2AuthenticationTokenConverter.java    |   7 +-
 .../security/saml2/core/Saml2Utils.java       |  10 +-
 .../saml2/core/Saml2X509CredentialTests.java  |  42 ++--
 .../saml2/core/TestSaml2X509Credentials.java  |  23 +-
 .../credentials/Saml2X509CredentialTests.java |  42 ++--
 .../credentials/TestSaml2X509Credentials.java |  23 +-
 .../OpenSamlAuthenticationProviderTests.java  | 206 +++++++++---------
 ...SamlAuthenticationRequestFactoryTests.java |  65 +++---
 ...aml2AuthenticationRequestFactoryTests.java |  12 +-
 .../authentication/TestOpenSamlObjects.java   |   5 +-
 ...estSaml2AuthenticationRequestContexts.java |   4 +-
 .../OpenSamlMetadataResolverTests.java        |  16 +-
 ...ationBuilderHttpMessageConverterTests.java |  12 +-
 .../RelyingPartyRegistrationTests.java        |  19 +-
 .../RelyingPartyRegistrationsTests.java       |   2 +-
 .../TestRelyingPartyRegistrations.java        |  18 +-
 ...ebSsoAuthenticationRequestFilterTests.java |  20 +-
 ...RelyingPartyRegistrationResolverTests.java |   5 +-
 ...enticationRequestContextResolverTests.java |   4 +-
 ...aml2AuthenticationTokenConverterTests.java |  10 +-
 .../service/web/Saml2MetadataFilterTests.java |  10 +-
 .../server/SecurityMockServerConfigurers.java |  12 +-
 .../SecurityMockMvcRequestPostProcessors.java |  16 +-
 .../SecurityMockMvcResultMatchers.java        |  30 +--
 ...yMockServerConfigurerOpaqueTokenTests.java |  54 +++--
 ...tyMockServerConfigurersAnnotatedTests.java |  22 +-
 ...kServerConfigurersClassAnnotatedTests.java |  10 +-
 ...SecurityMockServerConfigurersJwtTests.java |  30 ++-
 ...ockServerConfigurersOAuth2ClientTests.java |  48 ++--
 ...MockServerConfigurersOAuth2LoginTests.java |  39 ++--
 ...tyMockServerConfigurersOidcLoginTests.java |  53 +++--
 .../SecurityMockServerConfigurersTests.java   |  38 ++--
 ...yMockMvcRequestBuildersFormLoginTests.java |   4 +-
 ...MockMvcRequestBuildersFormLogoutTests.java |   4 +-
 ...uestPostProcessorsAuthenticationTests.java |   7 +-
 ...equestPostProcessorsOAuth2ClientTests.java |  13 +-
 ...RequestPostProcessorsOAuth2LoginTests.java |   5 +-
 ...vcRequestPostProcessorsOidcLoginTests.java |   5 +-
 ...RequestPostProcessorsOpaqueTokenTests.java |  10 +-
 ...estPostProcessorsSecurityContextTests.java |   7 +-
 ...ostProcessorsTestSecurityContextTests.java |   7 +-
 ...RequestPostProcessorsUserDetailsTests.java |   7 +-
 ...MockMvcRequestPostProcessorsUserTests.java |   7 +-
 ...oginRequestBuilderAuthenticationTests.java |   4 +-
 .../test/web/support/WebTestUtilsTests.java   |  24 +-
 .../www/BasicAuthenticationConverter.java     |   5 +-
 .../security/web/csrf/CsrfFilter.java         |   6 +-
 ...tionConverterServerWebExchangeMatcher.java |   7 +-
 .../web/server/csrf/CsrfWebFilter.java        |   6 +-
 .../transport/HttpsRedirectWebFilter.java     |   5 +-
 .../TokenBasedRememberMeServicesTests.java    |  69 +++---
 ...efaultLogoutPageGeneratingFilterTests.java |   2 +-
 ...ecurityWebApplicationInitializerTests.java |  50 ++---
 ...SessionSecurityContextRepositoryTests.java |  40 ++--
 .../ClearSiteDataHeaderWriterTests.java       |  13 +-
 .../security/web/method/ResolvableMethod.java |  15 +-
 .../CsrfRequestDataValueProcessorTests.java   |   5 +-
 .../SwitchUserWebFilterTests.java             |  34 +--
 ...egatingServerAccessDeniedHandlerTests.java |  11 +-
 .../web/server/csrf/CsrfWebFilterTests.java   |  36 +--
 .../ServerWebExchangeMatchersTests.java       |  14 +-
 ...yContextHolderAwareRequestFilterTests.java |  30 +--
 252 files changed, 2216 insertions(+), 2222 deletions(-)
 create mode 100644 saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2ServletUtils.java

diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcAclServiceTests.java b/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcAclServiceTests.java
index 373a270587..6d7e6a8f70 100644
--- a/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcAclServiceTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcAclServiceTests.java
@@ -43,10 +43,10 @@ import org.springframework.security.acls.model.ObjectIdentity;
 import org.springframework.security.acls.model.Sid;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.AdditionalMatchers.aryEq;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyList;
 import static org.mockito.ArgumentMatchers.anyString;
+import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.BDDMockito.given;
 
 /**
@@ -105,7 +105,7 @@ public class JdbcAclServiceTests {
 		List<ObjectIdentity> result = new ArrayList<>();
 		result.add(new ObjectIdentityImpl(Object.class, "5577"));
 		Object[] args = { "1", "org.springframework.security.acls.jdbc.JdbcAclServiceTests$MockLongIdDomainObject" };
-		given(this.jdbcOperations.query(anyString(), aryEq(args), any(RowMapper.class))).willReturn(result);
+		given(this.jdbcOperations.query(anyString(), eq(args), any(RowMapper.class))).willReturn(result);
 		ObjectIdentity objectIdentity = new ObjectIdentityImpl(MockLongIdDomainObject.class, 1L);
 
 		List<ObjectIdentity> objectIdentities = this.aclService.findChildren(objectIdentity);
diff --git a/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/LdapAuthenticationProviderBuilderSecurityBuilderTests.java b/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/LdapAuthenticationProviderBuilderSecurityBuilderTests.java
index 64c72962b9..b51a4128b9 100644
--- a/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/LdapAuthenticationProviderBuilderSecurityBuilderTests.java
+++ b/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/LdapAuthenticationProviderBuilderSecurityBuilderTests.java
@@ -18,6 +18,7 @@ package org.springframework.security.config.annotation.authentication.ldap;
 
 import java.io.IOException;
 import java.net.ServerSocket;
+import java.util.Collections;
 import java.util.List;
 
 import javax.naming.directory.SearchControls;
@@ -46,7 +47,6 @@ import org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator;
 import org.springframework.test.util.ReflectionTestUtils;
 import org.springframework.test.web.servlet.MockMvc;
 
-import static java.util.Collections.singleton;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.formLogin;
 import static org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.authenticated;
@@ -117,8 +117,9 @@ public class LdapAuthenticationProviderBuilderSecurityBuilderTests {
 	public void bindAuthentication() throws Exception {
 		this.spring.register(BindAuthenticationConfig.class).autowire();
 
-		this.mockMvc.perform(formLogin().user("bob").password("bobspassword")).andExpect(authenticated()
-				.withUsername("bob").withAuthorities(singleton(new SimpleGrantedAuthority("ROLE_DEVELOPERS"))));
+		this.mockMvc.perform(formLogin().user("bob").password("bobspassword"))
+				.andExpect(authenticated().withUsername("bob")
+						.withAuthorities(Collections.singleton(new SimpleGrantedAuthority("ROLE_DEVELOPERS"))));
 	}
 
 	// SEC-2472
@@ -126,8 +127,9 @@ public class LdapAuthenticationProviderBuilderSecurityBuilderTests {
 	public void canUseCryptoPasswordEncoder() throws Exception {
 		this.spring.register(PasswordEncoderConfig.class).autowire();
 
-		this.mockMvc.perform(formLogin().user("bcrypt").password("password")).andExpect(authenticated()
-				.withUsername("bcrypt").withAuthorities(singleton(new SimpleGrantedAuthority("ROLE_DEVELOPERS"))));
+		this.mockMvc.perform(formLogin().user("bcrypt").password("password"))
+				.andExpect(authenticated().withUsername("bcrypt")
+						.withAuthorities(Collections.singleton(new SimpleGrantedAuthority("ROLE_DEVELOPERS"))));
 	}
 
 	private LdapAuthenticationProvider ldapProvider() {
diff --git a/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/LdapAuthenticationProviderConfigurerTests.java b/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/LdapAuthenticationProviderConfigurerTests.java
index cf9f64f7c0..328dbc4a3b 100644
--- a/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/LdapAuthenticationProviderConfigurerTests.java
+++ b/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/LdapAuthenticationProviderConfigurerTests.java
@@ -16,6 +16,8 @@
 
 package org.springframework.security.config.annotation.authentication.ldap;
 
+import java.util.Collections;
+
 import org.junit.Rule;
 import org.junit.Test;
 
@@ -29,7 +31,6 @@ import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.test.web.servlet.MockMvc;
 
-import static java.util.Collections.singleton;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.formLogin;
 import static org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.authenticated;
 
@@ -54,16 +55,18 @@ public class LdapAuthenticationProviderConfigurerTests {
 	public void authenticationManagerSupportMultipleLdapContextWithDefaultRolePrefix() throws Exception {
 		this.spring.register(MultiLdapAuthenticationProvidersConfig.class).autowire();
 
-		this.mockMvc.perform(formLogin().user("bob").password("bobspassword")).andExpect(authenticated()
-				.withUsername("bob").withAuthorities(singleton(new SimpleGrantedAuthority("ROLE_DEVELOPERS"))));
+		this.mockMvc.perform(formLogin().user("bob").password("bobspassword"))
+				.andExpect(authenticated().withUsername("bob")
+						.withAuthorities(Collections.singleton(new SimpleGrantedAuthority("ROLE_DEVELOPERS"))));
 	}
 
 	@Test
 	public void authenticationManagerSupportMultipleLdapContextWithCustomRolePrefix() throws Exception {
 		this.spring.register(MultiLdapWithCustomRolePrefixAuthenticationProvidersConfig.class).autowire();
 
-		this.mockMvc.perform(formLogin().user("bob").password("bobspassword")).andExpect(authenticated()
-				.withUsername("bob").withAuthorities(singleton(new SimpleGrantedAuthority("ROL_DEVELOPERS"))));
+		this.mockMvc.perform(formLogin().user("bob").password("bobspassword"))
+				.andExpect(authenticated().withUsername("bob")
+						.withAuthorities(Collections.singleton(new SimpleGrantedAuthority("ROL_DEVELOPERS"))));
 	}
 
 	@Test
diff --git a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/JwtITests.java b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/JwtITests.java
index 36008b73b1..7fa45e111f 100644
--- a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/JwtITests.java
+++ b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/JwtITests.java
@@ -21,6 +21,7 @@ import java.util.List;
 
 import io.rsocket.RSocketFactory;
 import io.rsocket.frame.decoder.PayloadDecoder;
+import io.rsocket.metadata.WellKnownMimeType;
 import io.rsocket.transport.netty.server.CloseableChannel;
 import io.rsocket.transport.netty.server.TcpServerTransport;
 import org.junit.After;
@@ -51,7 +52,6 @@ import org.springframework.test.context.junit4.SpringRunner;
 import org.springframework.util.MimeType;
 import org.springframework.util.MimeTypeUtils;
 
-import static io.rsocket.metadata.WellKnownMimeType.MESSAGE_RSOCKET_AUTHENTICATION;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.BDDMockito.given;
@@ -109,7 +109,8 @@ public class JwtITests {
 
 	@Test
 	public void routeWhenAuthenticationBearerThenAuthorized() {
-		MimeType authenticationMimeType = MimeTypeUtils.parseMimeType(MESSAGE_RSOCKET_AUTHENTICATION.getString());
+		MimeType authenticationMimeType = MimeTypeUtils
+				.parseMimeType(WellKnownMimeType.MESSAGE_RSOCKET_AUTHENTICATION.getString());
 
 		BearerTokenMetadata credentials = new BearerTokenMetadata("token");
 		given(this.decoder.decode(any())).willReturn(Mono.just(jwt()));
diff --git a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/SimpleAuthenticationITests.java b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/SimpleAuthenticationITests.java
index edbc18ca77..6dc34ec2dd 100644
--- a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/SimpleAuthenticationITests.java
+++ b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/SimpleAuthenticationITests.java
@@ -22,6 +22,7 @@ import java.util.List;
 import io.rsocket.RSocketFactory;
 import io.rsocket.exceptions.ApplicationErrorException;
 import io.rsocket.frame.decoder.PayloadDecoder;
+import io.rsocket.metadata.WellKnownMimeType;
 import io.rsocket.transport.netty.server.CloseableChannel;
 import io.rsocket.transport.netty.server.TcpServerTransport;
 import org.junit.After;
@@ -50,7 +51,6 @@ import org.springframework.test.context.junit4.SpringRunner;
 import org.springframework.util.MimeType;
 import org.springframework.util.MimeTypeUtils;
 
-import static io.rsocket.metadata.WellKnownMimeType.MESSAGE_RSOCKET_AUTHENTICATION;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatCode;
 
@@ -101,7 +101,8 @@ public class SimpleAuthenticationITests {
 
 	@Test
 	public void retrieveMonoWhenAuthorizedThenGranted() {
-		MimeType authenticationMimeType = MimeTypeUtils.parseMimeType(MESSAGE_RSOCKET_AUTHENTICATION.getString());
+		MimeType authenticationMimeType = MimeTypeUtils
+				.parseMimeType(WellKnownMimeType.MESSAGE_RSOCKET_AUTHENTICATION.getString());
 
 		UsernamePasswordMetadata credentials = new UsernamePasswordMetadata("rob", "password");
 		this.requester = RSocketRequester.builder().setupMetadata(credentials, authenticationMimeType)
diff --git a/config/src/integration-test/java/org/springframework/security/config/ldap/LdapUserServiceBeanDefinitionParserTests.java b/config/src/integration-test/java/org/springframework/security/config/ldap/LdapUserServiceBeanDefinitionParserTests.java
index 219c11db0b..42a798290a 100644
--- a/config/src/integration-test/java/org/springframework/security/config/ldap/LdapUserServiceBeanDefinitionParserTests.java
+++ b/config/src/integration-test/java/org/springframework/security/config/ldap/LdapUserServiceBeanDefinitionParserTests.java
@@ -36,11 +36,6 @@ import org.springframework.security.ldap.userdetails.PersonContextMapper;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.Mockito.mock;
-import static org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser.INET_ORG_PERSON_MAPPER_CLASS;
-import static org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser.LDAP_AUTHORITIES_POPULATOR_CLASS;
-import static org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser.LDAP_SEARCH_CLASS;
-import static org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser.LDAP_USER_MAPPER_CLASS;
-import static org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser.PERSON_MAPPER_CLASS;
 
 /**
  * @author Luke Taylor
@@ -61,11 +56,16 @@ public class LdapUserServiceBeanDefinitionParserTests {
 
 	@Test
 	public void beanClassNamesAreCorrect() {
-		assertThat(FilterBasedLdapUserSearch.class.getName()).isEqualTo(LDAP_SEARCH_CLASS);
-		assertThat(PersonContextMapper.class.getName()).isEqualTo(PERSON_MAPPER_CLASS);
-		assertThat(InetOrgPersonContextMapper.class.getName()).isEqualTo(INET_ORG_PERSON_MAPPER_CLASS);
-		assertThat(LdapUserDetailsMapper.class.getName()).isEqualTo(LDAP_USER_MAPPER_CLASS);
-		assertThat(DefaultLdapAuthoritiesPopulator.class.getName()).isEqualTo(LDAP_AUTHORITIES_POPULATOR_CLASS);
+		assertThat(FilterBasedLdapUserSearch.class.getName())
+				.isEqualTo(LdapUserServiceBeanDefinitionParser.LDAP_SEARCH_CLASS);
+		assertThat(PersonContextMapper.class.getName())
+				.isEqualTo(LdapUserServiceBeanDefinitionParser.PERSON_MAPPER_CLASS);
+		assertThat(InetOrgPersonContextMapper.class.getName())
+				.isEqualTo(LdapUserServiceBeanDefinitionParser.INET_ORG_PERSON_MAPPER_CLASS);
+		assertThat(LdapUserDetailsMapper.class.getName())
+				.isEqualTo(LdapUserServiceBeanDefinitionParser.LDAP_USER_MAPPER_CLASS);
+		assertThat(DefaultLdapAuthoritiesPopulator.class.getName())
+				.isEqualTo(LdapUserServiceBeanDefinitionParser.LDAP_AUTHORITIES_POPULATOR_CLASS);
 		assertThat(new LdapUserServiceBeanDefinitionParser().getBeanClassName(mock(Element.class)))
 				.isEqualTo(LdapUserDetailsService.class.getName());
 	}
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfiguration.java
index efdb706234..71f00115b3 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfiguration.java
@@ -40,8 +40,6 @@ import org.springframework.web.context.request.RequestAttributes;
 import org.springframework.web.context.request.RequestContextHolder;
 import org.springframework.web.context.request.ServletRequestAttributes;
 
-import static org.springframework.security.config.annotation.web.configuration.SecurityReactorContextConfiguration.SecurityReactorContextSubscriber.SECURITY_CONTEXT_ATTRIBUTES;
-
 /**
  * {@link Configuration} that (potentially) adds a "decorating" {@code Publisher} for the
  * last operator created in every {@code Mono} or {@code Flux}.
@@ -88,7 +86,7 @@ class SecurityReactorContextConfiguration {
 		}
 
 		<T> CoreSubscriber<T> createSubscriberIfNecessary(CoreSubscriber<T> delegate) {
-			if (delegate.currentContext().hasKey(SECURITY_CONTEXT_ATTRIBUTES)) {
+			if (delegate.currentContext().hasKey(SecurityReactorContextSubscriber.SECURITY_CONTEXT_ATTRIBUTES)) {
 				// Already enriched. No need to create Subscriber so return original
 				return delegate;
 			}
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurer.java
index 9b45741903..e73875032d 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurer.java
@@ -51,8 +51,6 @@ import org.springframework.security.web.access.AccessDeniedHandler;
 import org.springframework.security.web.util.matcher.RequestMatcher;
 import org.springframework.util.Assert;
 
-import static org.springframework.security.oauth2.jwt.NimbusJwtDecoder.withJwkSetUri;
-
 /**
  *
  * An {@link AbstractHttpConfigurer} for OAuth 2.0 Resource Server Support.
@@ -367,7 +365,7 @@ public final class OAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<
 		}
 
 		public JwtConfigurer jwkSetUri(String uri) {
-			this.decoder = withJwkSetUri(uri).build();
+			this.decoder = NimbusJwtDecoder.withJwkSetUri(uri).build();
 			return this;
 		}
 
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurer.java
index 7e5ab127bb..afdc1d3909 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurer.java
@@ -47,8 +47,7 @@ import org.springframework.security.web.authentication.ui.DefaultLoginPageGenera
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 import org.springframework.security.web.util.matcher.RequestMatcher;
 import org.springframework.util.Assert;
-
-import static org.springframework.util.StringUtils.hasText;
+import org.springframework.util.StringUtils;
 
 /**
  * An {@link AbstractHttpConfigurer} for SAML 2.0 Login, which leverages the SAML 2.0 Web
@@ -215,7 +214,7 @@ public final class Saml2LoginConfigurer<B extends HttpSecurityBuilder<B>>
 		setAuthenticationFilter(this.saml2WebSsoAuthenticationFilter);
 		super.loginProcessingUrl(this.loginProcessingUrl);
 
-		if (hasText(this.loginPage)) {
+		if (StringUtils.hasText(this.loginPage)) {
 			// Set custom login page
 			super.loginPage(this.loginPage);
 			super.init(http);
diff --git a/config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java b/config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java
index 4063f5ac47..67dd4572c4 100644
--- a/config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java
+++ b/config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java
@@ -68,22 +68,6 @@ import org.springframework.util.ClassUtils;
 import org.springframework.util.StringUtils;
 import org.springframework.util.xml.DomUtils;
 
-import static org.springframework.security.config.http.SecurityFilters.ANONYMOUS_FILTER;
-import static org.springframework.security.config.http.SecurityFilters.BASIC_AUTH_FILTER;
-import static org.springframework.security.config.http.SecurityFilters.BEARER_TOKEN_AUTH_FILTER;
-import static org.springframework.security.config.http.SecurityFilters.EXCEPTION_TRANSLATION_FILTER;
-import static org.springframework.security.config.http.SecurityFilters.FORM_LOGIN_FILTER;
-import static org.springframework.security.config.http.SecurityFilters.LOGIN_PAGE_FILTER;
-import static org.springframework.security.config.http.SecurityFilters.LOGOUT_FILTER;
-import static org.springframework.security.config.http.SecurityFilters.LOGOUT_PAGE_FILTER;
-import static org.springframework.security.config.http.SecurityFilters.OAUTH2_AUTHORIZATION_CODE_GRANT_FILTER;
-import static org.springframework.security.config.http.SecurityFilters.OAUTH2_AUTHORIZATION_REQUEST_FILTER;
-import static org.springframework.security.config.http.SecurityFilters.OAUTH2_LOGIN_FILTER;
-import static org.springframework.security.config.http.SecurityFilters.OPENID_FILTER;
-import static org.springframework.security.config.http.SecurityFilters.PRE_AUTH_FILTER;
-import static org.springframework.security.config.http.SecurityFilters.REMEMBER_ME_FILTER;
-import static org.springframework.security.config.http.SecurityFilters.X509_FILTER;
-
 /**
  * Handles creation of authentication mechanism filters and related beans for &lt;http&gt;
  * parsing.
@@ -993,59 +977,64 @@ final class AuthenticationConfigBuilder {
 		List<OrderDecorator> filters = new ArrayList<>();
 
 		if (this.anonymousFilter != null) {
-			filters.add(new OrderDecorator(this.anonymousFilter, ANONYMOUS_FILTER));
+			filters.add(new OrderDecorator(this.anonymousFilter, SecurityFilters.ANONYMOUS_FILTER));
 		}
 
 		if (this.rememberMeFilter != null) {
-			filters.add(new OrderDecorator(this.rememberMeFilter, REMEMBER_ME_FILTER));
+			filters.add(new OrderDecorator(this.rememberMeFilter, SecurityFilters.REMEMBER_ME_FILTER));
 		}
 
 		if (this.logoutFilter != null) {
-			filters.add(new OrderDecorator(this.logoutFilter, LOGOUT_FILTER));
+			filters.add(new OrderDecorator(this.logoutFilter, SecurityFilters.LOGOUT_FILTER));
 		}
 
 		if (this.x509Filter != null) {
-			filters.add(new OrderDecorator(this.x509Filter, X509_FILTER));
+			filters.add(new OrderDecorator(this.x509Filter, SecurityFilters.X509_FILTER));
 		}
 
 		if (this.jeeFilter != null) {
-			filters.add(new OrderDecorator(this.jeeFilter, PRE_AUTH_FILTER));
+			filters.add(new OrderDecorator(this.jeeFilter, SecurityFilters.PRE_AUTH_FILTER));
 		}
 
 		if (this.formFilterId != null) {
-			filters.add(new OrderDecorator(new RuntimeBeanReference(this.formFilterId), FORM_LOGIN_FILTER));
+			filters.add(
+					new OrderDecorator(new RuntimeBeanReference(this.formFilterId), SecurityFilters.FORM_LOGIN_FILTER));
 		}
 
 		if (this.oauth2LoginFilterId != null) {
-			filters.add(new OrderDecorator(new RuntimeBeanReference(this.oauth2LoginFilterId), OAUTH2_LOGIN_FILTER));
+			filters.add(new OrderDecorator(new RuntimeBeanReference(this.oauth2LoginFilterId),
+					SecurityFilters.OAUTH2_LOGIN_FILTER));
 			filters.add(new OrderDecorator(this.oauth2AuthorizationRequestRedirectFilter,
-					OAUTH2_AUTHORIZATION_REQUEST_FILTER));
+					SecurityFilters.OAUTH2_AUTHORIZATION_REQUEST_FILTER));
 		}
 
 		if (this.openIDFilterId != null) {
-			filters.add(new OrderDecorator(new RuntimeBeanReference(this.openIDFilterId), OPENID_FILTER));
+			filters.add(
+					new OrderDecorator(new RuntimeBeanReference(this.openIDFilterId), SecurityFilters.OPENID_FILTER));
 		}
 
 		if (this.loginPageGenerationFilter != null) {
-			filters.add(new OrderDecorator(this.loginPageGenerationFilter, LOGIN_PAGE_FILTER));
-			filters.add(new OrderDecorator(this.logoutPageGenerationFilter, LOGOUT_PAGE_FILTER));
+			filters.add(new OrderDecorator(this.loginPageGenerationFilter, SecurityFilters.LOGIN_PAGE_FILTER));
+			filters.add(new OrderDecorator(this.logoutPageGenerationFilter, SecurityFilters.LOGOUT_PAGE_FILTER));
 		}
 
 		if (this.basicFilter != null) {
-			filters.add(new OrderDecorator(this.basicFilter, BASIC_AUTH_FILTER));
+			filters.add(new OrderDecorator(this.basicFilter, SecurityFilters.BASIC_AUTH_FILTER));
 		}
 
 		if (this.bearerTokenAuthenticationFilter != null) {
-			filters.add(new OrderDecorator(this.bearerTokenAuthenticationFilter, BEARER_TOKEN_AUTH_FILTER));
+			filters.add(
+					new OrderDecorator(this.bearerTokenAuthenticationFilter, SecurityFilters.BEARER_TOKEN_AUTH_FILTER));
 		}
 
 		if (this.authorizationCodeGrantFilter != null) {
 			filters.add(new OrderDecorator(this.authorizationRequestRedirectFilter,
-					OAUTH2_AUTHORIZATION_REQUEST_FILTER.getOrder() + 1));
-			filters.add(new OrderDecorator(this.authorizationCodeGrantFilter, OAUTH2_AUTHORIZATION_CODE_GRANT_FILTER));
+					SecurityFilters.OAUTH2_AUTHORIZATION_REQUEST_FILTER.getOrder() + 1));
+			filters.add(new OrderDecorator(this.authorizationCodeGrantFilter,
+					SecurityFilters.OAUTH2_AUTHORIZATION_CODE_GRANT_FILTER));
 		}
 
-		filters.add(new OrderDecorator(this.etf, EXCEPTION_TRANSLATION_FILTER));
+		filters.add(new OrderDecorator(this.etf, SecurityFilters.EXCEPTION_TRANSLATION_FILTER));
 
 		return filters;
 	}
diff --git a/config/src/main/java/org/springframework/security/config/http/FilterInvocationSecurityMetadataSourceParser.java b/config/src/main/java/org/springframework/security/config/http/FilterInvocationSecurityMetadataSourceParser.java
index 440913add9..78452dc7f3 100644
--- a/config/src/main/java/org/springframework/security/config/http/FilterInvocationSecurityMetadataSourceParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/FilterInvocationSecurityMetadataSourceParser.java
@@ -40,8 +40,6 @@ import org.springframework.security.web.access.intercept.FilterInvocationSecurit
 import org.springframework.util.StringUtils;
 import org.springframework.util.xml.DomUtils;
 
-import static org.springframework.security.config.http.HttpSecurityBeanDefinitionParser.ATT_REQUEST_MATCHER_REF;
-
 /**
  * Allows for convenient creation of a {@link FilterInvocationSecurityMetadataSource} bean
  * for use with a FilterSecurityInterceptor.
@@ -161,7 +159,7 @@ public class FilterInvocationSecurityMetadataSourceParser implements BeanDefinit
 			}
 
 			String path = urlElt.getAttribute(ATT_PATTERN);
-			String matcherRef = urlElt.getAttribute(ATT_REQUEST_MATCHER_REF);
+			String matcherRef = urlElt.getAttribute(HttpSecurityBeanDefinitionParser.ATT_REQUEST_MATCHER_REF);
 			boolean hasMatcherRef = StringUtils.hasText(matcherRef);
 
 			if (!hasMatcherRef && !StringUtils.hasText(path)) {
diff --git a/config/src/main/java/org/springframework/security/config/http/HttpConfigurationBuilder.java b/config/src/main/java/org/springframework/security/config/http/HttpConfigurationBuilder.java
index 78a7e50bc1..9d570fe4c2 100644
--- a/config/src/main/java/org/springframework/security/config/http/HttpConfigurationBuilder.java
+++ b/config/src/main/java/org/springframework/security/config/http/HttpConfigurationBuilder.java
@@ -74,24 +74,6 @@ import org.springframework.util.ClassUtils;
 import org.springframework.util.StringUtils;
 import org.springframework.util.xml.DomUtils;
 
-import static org.springframework.security.config.http.HttpSecurityBeanDefinitionParser.ATT_FILTERS;
-import static org.springframework.security.config.http.HttpSecurityBeanDefinitionParser.ATT_HTTP_METHOD;
-import static org.springframework.security.config.http.HttpSecurityBeanDefinitionParser.ATT_PATH_PATTERN;
-import static org.springframework.security.config.http.HttpSecurityBeanDefinitionParser.ATT_REQUEST_MATCHER_REF;
-import static org.springframework.security.config.http.HttpSecurityBeanDefinitionParser.ATT_REQUIRES_CHANNEL;
-import static org.springframework.security.config.http.SecurityFilters.CHANNEL_FILTER;
-import static org.springframework.security.config.http.SecurityFilters.CONCURRENT_SESSION_FILTER;
-import static org.springframework.security.config.http.SecurityFilters.CORS_FILTER;
-import static org.springframework.security.config.http.SecurityFilters.CSRF_FILTER;
-import static org.springframework.security.config.http.SecurityFilters.FILTER_SECURITY_INTERCEPTOR;
-import static org.springframework.security.config.http.SecurityFilters.HEADERS_FILTER;
-import static org.springframework.security.config.http.SecurityFilters.JAAS_API_SUPPORT_FILTER;
-import static org.springframework.security.config.http.SecurityFilters.REQUEST_CACHE_FILTER;
-import static org.springframework.security.config.http.SecurityFilters.SECURITY_CONTEXT_FILTER;
-import static org.springframework.security.config.http.SecurityFilters.SERVLET_API_SUPPORT_FILTER;
-import static org.springframework.security.config.http.SecurityFilters.SESSION_MANAGEMENT_FILTER;
-import static org.springframework.security.config.http.SecurityFilters.WEB_ASYNC_MANAGER_FILTER;
-
 /**
  * Stateful class which helps HttpSecurityBDP to create the configuration for the
  * &lt;http&gt; element.
@@ -197,7 +179,7 @@ class HttpConfigurationBuilder {
 		this.interceptUrls = DomUtils.getChildElementsByTagName(element, Elements.INTERCEPT_URL);
 
 		for (Element urlElt : this.interceptUrls) {
-			if (StringUtils.hasText(urlElt.getAttribute(ATT_FILTERS))) {
+			if (StringUtils.hasText(urlElt.getAttribute(HttpSecurityBeanDefinitionParser.ATT_FILTERS))) {
 				pc.getReaderContext()
 						.error("The use of \"filters='none'\" is no longer supported. Please define a"
 								+ " separate <http> element for the pattern you want to exclude and use the attribute"
@@ -637,16 +619,16 @@ class HttpConfigurationBuilder {
 		ManagedMap<BeanMetadataElement, BeanDefinition> channelRequestMap = new ManagedMap<>();
 
 		for (Element urlElt : this.interceptUrls) {
-			String path = urlElt.getAttribute(ATT_PATH_PATTERN);
-			String method = urlElt.getAttribute(ATT_HTTP_METHOD);
-			String matcherRef = urlElt.getAttribute(ATT_REQUEST_MATCHER_REF);
+			String path = urlElt.getAttribute(HttpSecurityBeanDefinitionParser.ATT_PATH_PATTERN);
+			String method = urlElt.getAttribute(HttpSecurityBeanDefinitionParser.ATT_HTTP_METHOD);
+			String matcherRef = urlElt.getAttribute(HttpSecurityBeanDefinitionParser.ATT_REQUEST_MATCHER_REF);
 			boolean hasMatcherRef = StringUtils.hasText(matcherRef);
 
 			if (!hasMatcherRef && !StringUtils.hasText(path)) {
 				this.pc.getReaderContext().error("pattern attribute cannot be empty or null", urlElt);
 			}
 
-			String requiredChannel = urlElt.getAttribute(ATT_REQUIRES_CHANNEL);
+			String requiredChannel = urlElt.getAttribute(HttpSecurityBeanDefinitionParser.ATT_REQUIRES_CHANNEL);
 
 			if (StringUtils.hasText(requiredChannel)) {
 				BeanMetadataElement matcher = hasMatcherRef ? new RuntimeBeanReference(matcherRef)
@@ -805,47 +787,47 @@ class HttpConfigurationBuilder {
 		List<OrderDecorator> filters = new ArrayList<>();
 
 		if (this.cpf != null) {
-			filters.add(new OrderDecorator(this.cpf, CHANNEL_FILTER));
+			filters.add(new OrderDecorator(this.cpf, SecurityFilters.CHANNEL_FILTER));
 		}
 
 		if (this.concurrentSessionFilter != null) {
-			filters.add(new OrderDecorator(this.concurrentSessionFilter, CONCURRENT_SESSION_FILTER));
+			filters.add(new OrderDecorator(this.concurrentSessionFilter, SecurityFilters.CONCURRENT_SESSION_FILTER));
 		}
 
 		if (this.webAsyncManagerFilter != null) {
-			filters.add(new OrderDecorator(this.webAsyncManagerFilter, WEB_ASYNC_MANAGER_FILTER));
+			filters.add(new OrderDecorator(this.webAsyncManagerFilter, SecurityFilters.WEB_ASYNC_MANAGER_FILTER));
 		}
 
-		filters.add(new OrderDecorator(this.securityContextPersistenceFilter, SECURITY_CONTEXT_FILTER));
+		filters.add(new OrderDecorator(this.securityContextPersistenceFilter, SecurityFilters.SECURITY_CONTEXT_FILTER));
 
 		if (this.servApiFilter != null) {
-			filters.add(new OrderDecorator(this.servApiFilter, SERVLET_API_SUPPORT_FILTER));
+			filters.add(new OrderDecorator(this.servApiFilter, SecurityFilters.SERVLET_API_SUPPORT_FILTER));
 		}
 
 		if (this.jaasApiFilter != null) {
-			filters.add(new OrderDecorator(this.jaasApiFilter, JAAS_API_SUPPORT_FILTER));
+			filters.add(new OrderDecorator(this.jaasApiFilter, SecurityFilters.JAAS_API_SUPPORT_FILTER));
 		}
 
 		if (this.sfpf != null) {
-			filters.add(new OrderDecorator(this.sfpf, SESSION_MANAGEMENT_FILTER));
+			filters.add(new OrderDecorator(this.sfpf, SecurityFilters.SESSION_MANAGEMENT_FILTER));
 		}
 
-		filters.add(new OrderDecorator(this.fsi, FILTER_SECURITY_INTERCEPTOR));
+		filters.add(new OrderDecorator(this.fsi, SecurityFilters.FILTER_SECURITY_INTERCEPTOR));
 
 		if (this.sessionPolicy != SessionCreationPolicy.STATELESS) {
-			filters.add(new OrderDecorator(this.requestCacheAwareFilter, REQUEST_CACHE_FILTER));
+			filters.add(new OrderDecorator(this.requestCacheAwareFilter, SecurityFilters.REQUEST_CACHE_FILTER));
 		}
 
 		if (this.corsFilter != null) {
-			filters.add(new OrderDecorator(this.corsFilter, CORS_FILTER));
+			filters.add(new OrderDecorator(this.corsFilter, SecurityFilters.CORS_FILTER));
 		}
 
 		if (this.addHeadersFilter != null) {
-			filters.add(new OrderDecorator(this.addHeadersFilter, HEADERS_FILTER));
+			filters.add(new OrderDecorator(this.addHeadersFilter, SecurityFilters.HEADERS_FILTER));
 		}
 
 		if (this.csrfFilter != null) {
-			filters.add(new OrderDecorator(this.csrfFilter, CSRF_FILTER));
+			filters.add(new OrderDecorator(this.csrfFilter, SecurityFilters.CSRF_FILTER));
 		}
 
 		return filters;
diff --git a/config/src/main/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParser.java
index 129a09233c..04ca9fc919 100644
--- a/config/src/main/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParser.java
@@ -31,11 +31,6 @@ import org.springframework.security.oauth2.client.web.OAuth2AuthorizedClientRepo
 import org.springframework.util.StringUtils;
 import org.springframework.util.xml.DomUtils;
 
-import static org.springframework.security.config.http.OAuth2ClientBeanDefinitionParserUtils.createDefaultAuthorizedClientRepository;
-import static org.springframework.security.config.http.OAuth2ClientBeanDefinitionParserUtils.getAuthorizedClientRepository;
-import static org.springframework.security.config.http.OAuth2ClientBeanDefinitionParserUtils.getAuthorizedClientService;
-import static org.springframework.security.config.http.OAuth2ClientBeanDefinitionParserUtils.getClientRegistrationRepository;
-
 /**
  * @author Joe Grandja
  * @since 5.3
@@ -71,12 +66,15 @@ final class OAuth2ClientBeanDefinitionParser implements BeanDefinitionParser {
 	public BeanDefinition parse(Element element, ParserContext parserContext) {
 		Element authorizationCodeGrantElt = DomUtils.getChildElementByTagName(element, ELT_AUTHORIZATION_CODE_GRANT);
 
-		BeanMetadataElement clientRegistrationRepository = getClientRegistrationRepository(element);
-		BeanMetadataElement authorizedClientRepository = getAuthorizedClientRepository(element);
+		BeanMetadataElement clientRegistrationRepository = OAuth2ClientBeanDefinitionParserUtils
+				.getClientRegistrationRepository(element);
+		BeanMetadataElement authorizedClientRepository = OAuth2ClientBeanDefinitionParserUtils
+				.getAuthorizedClientRepository(element);
 		if (authorizedClientRepository == null) {
-			BeanMetadataElement authorizedClientService = getAuthorizedClientService(element);
-			this.defaultAuthorizedClientRepository = createDefaultAuthorizedClientRepository(
-					clientRegistrationRepository, authorizedClientService);
+			BeanMetadataElement authorizedClientService = OAuth2ClientBeanDefinitionParserUtils
+					.getAuthorizedClientService(element);
+			this.defaultAuthorizedClientRepository = OAuth2ClientBeanDefinitionParserUtils
+					.createDefaultAuthorizedClientRepository(clientRegistrationRepository, authorizedClientService);
 			authorizedClientRepository = new RuntimeBeanReference(OAuth2AuthorizedClientRepository.class);
 		}
 		BeanMetadataElement authorizationRequestRepository = getAuthorizationRequestRepository(
diff --git a/config/src/main/java/org/springframework/security/config/http/OAuth2LoginBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/OAuth2LoginBeanDefinitionParser.java
index c99d48c0a1..1a6a07305c 100644
--- a/config/src/main/java/org/springframework/security/config/http/OAuth2LoginBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/OAuth2LoginBeanDefinitionParser.java
@@ -68,11 +68,6 @@ import org.springframework.util.xml.DomUtils;
 import org.springframework.web.accept.ContentNegotiationStrategy;
 import org.springframework.web.accept.HeaderContentNegotiationStrategy;
 
-import static org.springframework.security.config.http.OAuth2ClientBeanDefinitionParserUtils.createDefaultAuthorizedClientRepository;
-import static org.springframework.security.config.http.OAuth2ClientBeanDefinitionParserUtils.getAuthorizedClientRepository;
-import static org.springframework.security.config.http.OAuth2ClientBeanDefinitionParserUtils.getAuthorizedClientService;
-import static org.springframework.security.config.http.OAuth2ClientBeanDefinitionParserUtils.getClientRegistrationRepository;
-
 /**
  * @author Ruby Hartono
  * @since 5.3
@@ -150,12 +145,15 @@ final class OAuth2LoginBeanDefinitionParser implements BeanDefinitionParser {
 				.registerBeanComponent(new BeanComponentDefinition(oauth2LoginBeanConfig, oauth2LoginBeanConfigId));
 
 		// configure filter
-		BeanMetadataElement clientRegistrationRepository = getClientRegistrationRepository(element);
-		BeanMetadataElement authorizedClientRepository = getAuthorizedClientRepository(element);
+		BeanMetadataElement clientRegistrationRepository = OAuth2ClientBeanDefinitionParserUtils
+				.getClientRegistrationRepository(element);
+		BeanMetadataElement authorizedClientRepository = OAuth2ClientBeanDefinitionParserUtils
+				.getAuthorizedClientRepository(element);
 		if (authorizedClientRepository == null) {
-			BeanMetadataElement authorizedClientService = getAuthorizedClientService(element);
-			this.defaultAuthorizedClientRepository = createDefaultAuthorizedClientRepository(
-					clientRegistrationRepository, authorizedClientService);
+			BeanMetadataElement authorizedClientService = OAuth2ClientBeanDefinitionParserUtils
+					.getAuthorizedClientService(element);
+			this.defaultAuthorizedClientRepository = OAuth2ClientBeanDefinitionParserUtils
+					.createDefaultAuthorizedClientRepository(clientRegistrationRepository, authorizedClientService);
 			authorizedClientRepository = new RuntimeBeanReference(OAuth2AuthorizedClientRepository.class);
 		}
 		BeanMetadataElement accessTokenResponseClient = getAccessTokenResponseClient(element);
diff --git a/config/src/main/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParser.java
index b1674518ba..91439f2d35 100644
--- a/config/src/main/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParser.java
@@ -80,13 +80,6 @@ import org.springframework.util.Assert;
 import org.springframework.util.StringUtils;
 import org.springframework.util.xml.DomUtils;
 
-import static org.springframework.security.config.Elements.EXPRESSION_HANDLER;
-import static org.springframework.security.config.Elements.INVOCATION_ATTRIBUTE_FACTORY;
-import static org.springframework.security.config.Elements.INVOCATION_HANDLING;
-import static org.springframework.security.config.Elements.POST_INVOCATION_ADVICE;
-import static org.springframework.security.config.Elements.PRE_INVOCATION_ADVICE;
-import static org.springframework.security.config.Elements.PROTECT_POINTCUT;
-
 /**
  * Processes the top-level "global-method-security" element.
  *
@@ -150,12 +143,12 @@ public class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionP
 		}
 
 		if (prePostAnnotationsEnabled) {
-			Element prePostElt = DomUtils.getChildElementByTagName(element, INVOCATION_HANDLING);
-			Element expressionHandlerElt = DomUtils.getChildElementByTagName(element, EXPRESSION_HANDLER);
+			Element prePostElt = DomUtils.getChildElementByTagName(element, Elements.INVOCATION_HANDLING);
+			Element expressionHandlerElt = DomUtils.getChildElementByTagName(element, Elements.EXPRESSION_HANDLER);
 
 			if (prePostElt != null && expressionHandlerElt != null) {
-				pc.getReaderContext().error(
-						INVOCATION_HANDLING + " and " + EXPRESSION_HANDLER + " cannot be used together ", source);
+				pc.getReaderContext().error(Elements.INVOCATION_HANDLING + " and " + Elements.EXPRESSION_HANDLER
+						+ " cannot be used together ", source);
 			}
 
 			BeanDefinitionBuilder preInvocationVoterBldr = BeanDefinitionBuilder
@@ -170,11 +163,12 @@ public class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionP
 
 			if (prePostElt != null) {
 				// Customized override of expression handling system
-				String attributeFactoryRef = DomUtils.getChildElementByTagName(prePostElt, INVOCATION_ATTRIBUTE_FACTORY)
+				String attributeFactoryRef = DomUtils
+						.getChildElementByTagName(prePostElt, Elements.INVOCATION_ATTRIBUTE_FACTORY)
 						.getAttribute("ref");
-				String preAdviceRef = DomUtils.getChildElementByTagName(prePostElt, PRE_INVOCATION_ADVICE)
+				String preAdviceRef = DomUtils.getChildElementByTagName(prePostElt, Elements.PRE_INVOCATION_ADVICE)
 						.getAttribute("ref");
-				String postAdviceRef = DomUtils.getChildElementByTagName(prePostElt, POST_INVOCATION_ADVICE)
+				String postAdviceRef = DomUtils.getChildElementByTagName(prePostElt, Elements.POST_INVOCATION_ADVICE)
 						.getAttribute("ref");
 
 				mds.addConstructorArgReference(attributeFactoryRef);
@@ -257,7 +251,7 @@ public class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionP
 		// Now create a Map<String, ConfigAttribute> for each <protect-pointcut>
 		// sub-element
 		Map<String, List<ConfigAttribute>> pointcutMap = parseProtectPointcuts(pc,
-				DomUtils.getChildElementsByTagName(element, PROTECT_POINTCUT));
+				DomUtils.getChildElementsByTagName(element, Elements.PROTECT_POINTCUT));
 
 		if (pointcutMap.size() > 0) {
 			if (useAspectJ) {
diff --git a/config/src/main/java/org/springframework/security/config/websocket/WebSocketMessageBrokerSecurityBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/websocket/WebSocketMessageBrokerSecurityBeanDefinitionParser.java
index 234cb459a8..e72a81ebb7 100644
--- a/config/src/main/java/org/springframework/security/config/websocket/WebSocketMessageBrokerSecurityBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/websocket/WebSocketMessageBrokerSecurityBeanDefinitionParser.java
@@ -54,8 +54,6 @@ import org.springframework.util.PathMatcher;
 import org.springframework.util.StringUtils;
 import org.springframework.util.xml.DomUtils;
 
-import static org.springframework.security.config.Elements.EXPRESSION_HANDLER;
-
 /**
  * Parses Spring Security's websocket namespace support. A simple example is:
  *
@@ -121,7 +119,7 @@ public final class WebSocketMessageBrokerSecurityBeanDefinitionParser implements
 		ManagedMap<BeanDefinition, String> matcherToExpression = new ManagedMap<>();
 
 		String id = element.getAttribute(ID_ATTR);
-		Element expressionHandlerElt = DomUtils.getChildElementByTagName(element, EXPRESSION_HANDLER);
+		Element expressionHandlerElt = DomUtils.getChildElementByTagName(element, Elements.EXPRESSION_HANDLER);
 		String expressionHandlerRef = expressionHandlerElt == null ? null : expressionHandlerElt.getAttribute("ref");
 		boolean expressionHandlerDefined = StringUtils.hasText(expressionHandlerRef);
 
diff --git a/config/src/test/java/org/springframework/security/config/SecurityNamespaceHandlerTests.java b/config/src/test/java/org/springframework/security/config/SecurityNamespaceHandlerTests.java
index 3623491195..7d1522b9ac 100644
--- a/config/src/test/java/org/springframework/security/config/SecurityNamespaceHandlerTests.java
+++ b/config/src/test/java/org/springframework/security/config/SecurityNamespaceHandlerTests.java
@@ -20,6 +20,7 @@ import org.junit.Rule;
 import org.junit.Test;
 import org.junit.rules.ExpectedException;
 import org.junit.runner.RunWith;
+import org.powermock.api.mockito.PowerMockito;
 import org.powermock.core.classloader.annotations.PowerMockIgnore;
 import org.powermock.core.classloader.annotations.PrepareForTest;
 import org.powermock.modules.junit4.PowerMockRunner;
@@ -34,11 +35,8 @@ import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.fail;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
-import static org.powermock.api.mockito.PowerMockito.doThrow;
-import static org.powermock.api.mockito.PowerMockito.mock;
-import static org.powermock.api.mockito.PowerMockito.spy;
-import static org.powermock.api.mockito.PowerMockito.verifyStatic;
-import static org.powermock.api.mockito.PowerMockito.verifyZeroInteractions;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verifyZeroInteractions;
 
 /**
  * @author Luke Taylor
@@ -88,9 +86,9 @@ public class SecurityNamespaceHandlerTests {
 	@Test
 	public void initDoesNotLogErrorWhenFilterChainProxyFailsToLoad() throws Exception {
 		String className = "javax.servlet.Filter";
-		spy(ClassUtils.class);
-		doThrow(new NoClassDefFoundError(className)).when(ClassUtils.class, "forName", eq(FILTER_CHAIN_PROXY_CLASSNAME),
-				any(ClassLoader.class));
+		PowerMockito.spy(ClassUtils.class);
+		PowerMockito.doThrow(new NoClassDefFoundError(className)).when(ClassUtils.class, "forName",
+				eq(FILTER_CHAIN_PROXY_CLASSNAME), any(ClassLoader.class));
 
 		Log logger = mock(Log.class);
 		SecurityNamespaceHandler handler = new SecurityNamespaceHandler();
@@ -98,7 +96,7 @@ public class SecurityNamespaceHandlerTests {
 
 		handler.init();
 
-		verifyStatic(ClassUtils.class);
+		PowerMockito.verifyStatic(ClassUtils.class);
 		ClassUtils.forName(eq(FILTER_CHAIN_PROXY_CLASSNAME), any(ClassLoader.class));
 		verifyZeroInteractions(logger);
 	}
@@ -108,18 +106,18 @@ public class SecurityNamespaceHandlerTests {
 		String className = "javax.servlet.Filter";
 		this.thrown.expect(BeanDefinitionParsingException.class);
 		this.thrown.expectMessage("NoClassDefFoundError: " + className);
-		spy(ClassUtils.class);
-		doThrow(new NoClassDefFoundError(className)).when(ClassUtils.class, "forName", eq(FILTER_CHAIN_PROXY_CLASSNAME),
-				any(ClassLoader.class));
+		PowerMockito.spy(ClassUtils.class);
+		PowerMockito.doThrow(new NoClassDefFoundError(className)).when(ClassUtils.class, "forName",
+				eq(FILTER_CHAIN_PROXY_CLASSNAME), any(ClassLoader.class));
 		new InMemoryXmlApplicationContext(XML_AUTHENTICATION_MANAGER + XML_HTTP_BLOCK);
 	}
 
 	@Test
 	public void filterNoClassDefFoundErrorNoHttpBlock() throws Exception {
 		String className = "javax.servlet.Filter";
-		spy(ClassUtils.class);
-		doThrow(new NoClassDefFoundError(className)).when(ClassUtils.class, "forName", eq(FILTER_CHAIN_PROXY_CLASSNAME),
-				any(ClassLoader.class));
+		PowerMockito.spy(ClassUtils.class);
+		PowerMockito.doThrow(new NoClassDefFoundError(className)).when(ClassUtils.class, "forName",
+				eq(FILTER_CHAIN_PROXY_CLASSNAME), any(ClassLoader.class));
 		new InMemoryXmlApplicationContext(XML_AUTHENTICATION_MANAGER);
 		// should load just fine since no http block
 	}
@@ -129,8 +127,8 @@ public class SecurityNamespaceHandlerTests {
 		String className = FILTER_CHAIN_PROXY_CLASSNAME;
 		this.thrown.expect(BeanDefinitionParsingException.class);
 		this.thrown.expectMessage("ClassNotFoundException: " + className);
-		spy(ClassUtils.class);
-		doThrow(new ClassNotFoundException(className)).when(ClassUtils.class, "forName",
+		PowerMockito.spy(ClassUtils.class);
+		PowerMockito.doThrow(new ClassNotFoundException(className)).when(ClassUtils.class, "forName",
 				eq(FILTER_CHAIN_PROXY_CLASSNAME), any(ClassLoader.class));
 		new InMemoryXmlApplicationContext(XML_AUTHENTICATION_MANAGER + XML_HTTP_BLOCK);
 	}
@@ -138,8 +136,8 @@ public class SecurityNamespaceHandlerTests {
 	@Test
 	public void filterChainProxyClassNotFoundExceptionNoHttpBlock() throws Exception {
 		String className = FILTER_CHAIN_PROXY_CLASSNAME;
-		spy(ClassUtils.class);
-		doThrow(new ClassNotFoundException(className)).when(ClassUtils.class, "forName",
+		PowerMockito.spy(ClassUtils.class);
+		PowerMockito.doThrow(new ClassNotFoundException(className)).when(ClassUtils.class, "forName",
 				eq(FILTER_CHAIN_PROXY_CLASSNAME), any(ClassLoader.class));
 		new InMemoryXmlApplicationContext(XML_AUTHENTICATION_MANAGER);
 		// should load just fine since no http block
@@ -148,9 +146,9 @@ public class SecurityNamespaceHandlerTests {
 	@Test
 	public void websocketNotFoundExceptionNoMessageBlock() throws Exception {
 		String className = FILTER_CHAIN_PROXY_CLASSNAME;
-		spy(ClassUtils.class);
-		doThrow(new ClassNotFoundException(className)).when(ClassUtils.class, "forName", eq(Message.class.getName()),
-				any(ClassLoader.class));
+		PowerMockito.spy(ClassUtils.class);
+		PowerMockito.doThrow(new ClassNotFoundException(className)).when(ClassUtils.class, "forName",
+				eq(Message.class.getName()), any(ClassLoader.class));
 		new InMemoryXmlApplicationContext(XML_AUTHENTICATION_MANAGER);
 		// should load just fine since no websocket block
 	}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationManagerTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationManagerTests.java
index 4f924e7878..01ae058853 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationManagerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationManagerTests.java
@@ -24,6 +24,8 @@ import org.springframework.security.config.annotation.web.configuration.EnableWe
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.test.SpringTestRule;
 import org.springframework.security.core.userdetails.PasswordEncodedUser;
+import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders;
+import org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers;
 import org.springframework.test.web.servlet.MockMvc;
 
 import static org.assertj.core.api.Assertions.assertThat;
@@ -70,8 +72,8 @@ public class NamespaceAuthenticationManagerTests {
 	public void authenticationManagerWhenGlobalAndEraseCredentialsIsFalseThenCredentialsNotNull() throws Exception {
 		this.spring.register(GlobalEraseCredentialsFalseConfig.class).autowire();
 
-		this.mockMvc.perform(formLogin())
-				.andExpect(authenticated().withAuthentication(a -> assertThat(a.getCredentials()).isNotNull()));
+		this.mockMvc.perform(SecurityMockMvcRequestBuilders.formLogin()).andExpect(SecurityMockMvcResultMatchers
+				.authenticated().withAuthentication(a -> assertThat(a.getCredentials()).isNotNull()));
 	}
 
 	@EnableWebSecurity
diff --git a/config/src/test/java/org/springframework/security/config/annotation/configuration/AutowireBeanFactoryObjectPostProcessorTests.java b/config/src/test/java/org/springframework/security/config/annotation/configuration/AutowireBeanFactoryObjectPostProcessorTests.java
index c24f59a092..bea9e42276 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/configuration/AutowireBeanFactoryObjectPostProcessorTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/configuration/AutowireBeanFactoryObjectPostProcessorTests.java
@@ -34,7 +34,7 @@ import org.springframework.security.config.annotation.ObjectPostProcessor;
 import org.springframework.security.config.test.SpringTestRule;
 import org.springframework.web.context.ServletContextAware;
 
-import static org.assertj.core.api.AssertionsForClassTypes.assertThat;
+import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.isNotNull;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterPowermockTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterPowermockTests.java
index 7c68fabcde..72db1d8064 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterPowermockTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterPowermockTests.java
@@ -22,6 +22,7 @@ import org.junit.Rule;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.ArgumentCaptor;
+import org.powermock.api.mockito.PowerMockito;
 import org.powermock.core.classloader.annotations.PowerMockIgnore;
 import org.powermock.core.classloader.annotations.PrepareForTest;
 import org.powermock.modules.junit4.PowerMockRunner;
@@ -48,8 +49,6 @@ import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.atLeastOnce;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
-import static org.powermock.api.mockito.PowerMockito.spy;
-import static org.powermock.api.mockito.PowerMockito.when;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 
 /**
@@ -79,9 +78,10 @@ public class WebSecurityConfigurerAdapterPowermockTests {
 
 	@Test
 	public void loadConfigWhenDefaultConfigurerAsSpringFactoryhenDefaultConfigurerApplied() {
-		spy(SpringFactoriesLoader.class);
+		PowerMockito.spy(SpringFactoriesLoader.class);
 		DefaultConfigurer configurer = new DefaultConfigurer();
-		when(SpringFactoriesLoader.loadFactories(AbstractHttpConfigurer.class, getClass().getClassLoader()))
+		PowerMockito
+				.when(SpringFactoriesLoader.loadFactories(AbstractHttpConfigurer.class, getClass().getClassLoader()))
 				.thenReturn(Arrays.<AbstractHttpConfigurer>asList(configurer));
 
 		loadConfig(Config.class);
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterTests.java
index dcd06d382d..af3accc65a 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterTests.java
@@ -55,7 +55,8 @@ import org.springframework.web.accept.HeaderContentNegotiationStrategy;
 import org.springframework.web.filter.OncePerRequestFilter;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.ThrowableAssert.catchThrowable;
+import static org.assertj.core.api.Assertions.assertThatCode;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
@@ -153,11 +154,9 @@ public class WebSecurityConfigurerAdapterTests {
 
 		MyFilter myFilter = this.spring.getContext().getBean(MyFilter.class);
 
-		Throwable thrown = catchThrowable(() -> myFilter.userDetailsService.loadUserByUsername("user"));
-		assertThat(thrown).isNull();
-
-		thrown = catchThrowable(() -> myFilter.userDetailsService.loadUserByUsername("admin"));
-		assertThat(thrown).isInstanceOf(UsernameNotFoundException.class);
+		assertThatCode(() -> myFilter.userDetailsService.loadUserByUsername("user")).doesNotThrowAnyException();
+		assertThatExceptionOfType(UsernameNotFoundException.class)
+				.isThrownBy(() -> myFilter.userDetailsService.loadUserByUsername("admin"));
 	}
 
 	// SEC-2274: WebSecurityConfigurer adds ApplicationContext as a shared object
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/builders/HttpConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/builders/HttpConfigurationTests.java
index e84265cfdf..890de93c1f 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/builders/HttpConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/builders/HttpConfigurationTests.java
@@ -38,8 +38,7 @@ import org.springframework.security.core.userdetails.PasswordEncodedUser;
 import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.web.filter.OncePerRequestFilter;
 
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.ThrowableAssert.catchThrowable;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.spy;
 import static org.mockito.Mockito.verify;
@@ -62,11 +61,11 @@ public class HttpConfigurationTests {
 
 	@Test
 	public void configureWhenAddFilterUnregisteredThenThrowsBeanCreationException() {
-		Throwable thrown = catchThrowable(() -> this.spring.register(UnregisteredFilterConfig.class).autowire());
-		assertThat(thrown).isInstanceOf(BeanCreationException.class);
-		assertThat(thrown.getMessage()).contains("The Filter class " + UnregisteredFilter.class.getName()
-				+ " does not have a registered order and cannot be added without a specified order."
-				+ " Consider using addFilterBefore or addFilterAfter instead.");
+		assertThatExceptionOfType(BeanCreationException.class)
+				.isThrownBy(() -> this.spring.register(UnregisteredFilterConfig.class).autowire())
+				.withMessageContaining("The Filter class " + UnregisteredFilter.class.getName()
+						+ " does not have a registered order and cannot be added without a specified order."
+						+ " Consider using addFilterBefore or addFilterAfter instead.");
 	}
 
 	// https://github.com/spring-projects/spring-security-javaconfig/issues/104
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfigurationTests.java
index 3824048542..80f6c0666f 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfigurationTests.java
@@ -34,10 +34,12 @@ import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResp
 import org.springframework.security.oauth2.client.endpoint.OAuth2ClientCredentialsGrantRequest;
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
 import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
+import org.springframework.security.oauth2.client.registration.TestClientRegistrations;
 import org.springframework.security.oauth2.client.web.OAuth2AuthorizedClientRepository;
 import org.springframework.security.oauth2.core.OAuth2AccessToken;
 import org.springframework.security.oauth2.core.TestOAuth2AccessTokens;
 import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
+import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors;
 import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RestController;
@@ -52,9 +54,6 @@ import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.verifyNoInteractions;
 import static org.mockito.Mockito.verifyZeroInteractions;
-import static org.springframework.security.oauth2.client.registration.TestClientRegistrations.clientCredentials;
-import static org.springframework.security.oauth2.client.registration.TestClientRegistrations.clientRegistration;
-import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.authentication;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
@@ -79,7 +78,8 @@ public class OAuth2ClientConfigurationTests {
 		TestingAuthenticationToken authentication = new TestingAuthenticationToken(principalName, "password");
 
 		ClientRegistrationRepository clientRegistrationRepository = mock(ClientRegistrationRepository.class);
-		ClientRegistration clientRegistration = clientRegistration().registrationId(clientRegistrationId).build();
+		ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration()
+				.registrationId(clientRegistrationId).build();
 		given(clientRegistrationRepository.findByRegistrationId(eq(clientRegistrationId)))
 				.willReturn(clientRegistration);
 
@@ -99,8 +99,10 @@ public class OAuth2ClientConfigurationTests {
 		OAuth2AuthorizedClientArgumentResolverConfig.ACCESS_TOKEN_RESPONSE_CLIENT = accessTokenResponseClient;
 		this.spring.register(OAuth2AuthorizedClientArgumentResolverConfig.class).autowire();
 
-		this.mockMvc.perform(get("/authorized-client").with(authentication(authentication))).andExpect(status().isOk())
-				.andExpect(content().string("resolved"));
+		this.mockMvc
+				.perform(get("/authorized-client")
+						.with(SecurityMockMvcRequestPostProcessors.authentication(authentication)))
+				.andExpect(status().isOk()).andExpect(content().string("resolved"));
 		verifyZeroInteractions(accessTokenResponseClient);
 	}
 
@@ -115,7 +117,8 @@ public class OAuth2ClientConfigurationTests {
 		OAuth2AuthorizedClientRepository authorizedClientRepository = mock(OAuth2AuthorizedClientRepository.class);
 		OAuth2AccessTokenResponseClient accessTokenResponseClient = mock(OAuth2AccessTokenResponseClient.class);
 
-		ClientRegistration clientRegistration = clientCredentials().registrationId(clientRegistrationId).build();
+		ClientRegistration clientRegistration = TestClientRegistrations.clientCredentials()
+				.registrationId(clientRegistrationId).build();
 		given(clientRegistrationRepository.findByRegistrationId(clientRegistrationId)).willReturn(clientRegistration);
 
 		OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("access-token-1234")
@@ -128,8 +131,10 @@ public class OAuth2ClientConfigurationTests {
 		OAuth2AuthorizedClientArgumentResolverConfig.ACCESS_TOKEN_RESPONSE_CLIENT = accessTokenResponseClient;
 		this.spring.register(OAuth2AuthorizedClientArgumentResolverConfig.class).autowire();
 
-		this.mockMvc.perform(get("/authorized-client").with(authentication(authentication))).andExpect(status().isOk())
-				.andExpect(content().string("resolved"));
+		this.mockMvc
+				.perform(get("/authorized-client")
+						.with(SecurityMockMvcRequestPostProcessors.authentication(authentication)))
+				.andExpect(status().isOk()).andExpect(content().string("resolved"));
 		verify(accessTokenResponseClient, times(1)).getTokenResponse(any(OAuth2ClientCredentialsGrantRequest.class));
 	}
 
@@ -176,7 +181,8 @@ public class OAuth2ClientConfigurationTests {
 		OAuth2AuthorizedClientRepository authorizedClientRepository = mock(OAuth2AuthorizedClientRepository.class);
 		OAuth2AuthorizedClientManager authorizedClientManager = mock(OAuth2AuthorizedClientManager.class);
 
-		ClientRegistration clientRegistration = clientRegistration().registrationId(clientRegistrationId).build();
+		ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration()
+				.registrationId(clientRegistrationId).build();
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(clientRegistration, principalName,
 				TestOAuth2AccessTokens.noScopes());
 
@@ -187,8 +193,10 @@ public class OAuth2ClientConfigurationTests {
 		OAuth2AuthorizedClientManagerRegisteredConfig.AUTHORIZED_CLIENT_MANAGER = authorizedClientManager;
 		this.spring.register(OAuth2AuthorizedClientManagerRegisteredConfig.class).autowire();
 
-		this.mockMvc.perform(get("/authorized-client").with(authentication(authentication))).andExpect(status().isOk())
-				.andExpect(content().string("resolved"));
+		this.mockMvc
+				.perform(get("/authorized-client")
+						.with(SecurityMockMvcRequestPostProcessors.authentication(authentication)))
+				.andExpect(status().isOk()).andExpect(content().string("resolved"));
 
 		verify(authorizedClientManager).authorize(any());
 		verifyNoInteractions(clientRegistrationRepository);
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfigurationResourceServerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfigurationResourceServerTests.java
index 6b4d806e1e..457fa6185d 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfigurationResourceServerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfigurationResourceServerTests.java
@@ -31,14 +31,14 @@ import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.test.SpringTestRule;
 import org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthentication;
+import org.springframework.security.oauth2.server.resource.authentication.TestBearerTokenAuthentications;
 import org.springframework.security.oauth2.server.resource.web.reactive.function.client.ServletBearerExchangeFilterFunction;
+import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors;
 import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RestController;
 import org.springframework.web.reactive.function.client.WebClient;
 
-import static org.springframework.security.oauth2.server.resource.authentication.TestBearerTokenAuthentications.bearer;
-import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.authentication;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
@@ -60,21 +60,21 @@ public class SecurityReactorContextConfigurationResourceServerTests {
 	// gh-7418
 	@Test
 	public void requestWhenUsingFilterThenBearerTokenPropagated() throws Exception {
-		BearerTokenAuthentication authentication = bearer();
+		BearerTokenAuthentication authentication = TestBearerTokenAuthentications.bearer();
 		this.spring.register(BearerFilterConfig.class, WebServerConfig.class, Controller.class).autowire();
 
-		this.mockMvc.perform(get("/token").with(authentication(authentication))).andExpect(status().isOk())
-				.andExpect(content().string("Bearer token"));
+		this.mockMvc.perform(get("/token").with(SecurityMockMvcRequestPostProcessors.authentication(authentication)))
+				.andExpect(status().isOk()).andExpect(content().string("Bearer token"));
 	}
 
 	// gh-7418
 	@Test
 	public void requestWhenNotUsingFilterThenBearerTokenNotPropagated() throws Exception {
-		BearerTokenAuthentication authentication = bearer();
+		BearerTokenAuthentication authentication = TestBearerTokenAuthentications.bearer();
 		this.spring.register(BearerFilterlessConfig.class, WebServerConfig.class, Controller.class).autowire();
 
-		this.mockMvc.perform(get("/token").with(authentication(authentication))).andExpect(status().isOk())
-				.andExpect(content().string(""));
+		this.mockMvc.perform(get("/token").with(SecurityMockMvcRequestPostProcessors.authentication(authentication)))
+				.andExpect(status().isOk()).andExpect(content().string(""));
 	}
 
 	@EnableWebSecurity
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfigurationTests.java
index 0f632bdb27..23c82f730e 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfigurationTests.java
@@ -33,11 +33,13 @@ import reactor.core.publisher.Operators;
 import reactor.test.StepVerifier;
 import reactor.util.context.Context;
 
+import org.springframework.http.HttpMethod;
 import org.springframework.http.HttpStatus;
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.security.authentication.TestingAuthenticationToken;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.SecurityReactorContextConfiguration.SecurityReactorContextSubscriber;
 import org.springframework.security.config.test.SpringTestRule;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
@@ -51,8 +53,6 @@ import org.springframework.web.reactive.function.client.ExchangeFilterFunction;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.entry;
-import static org.springframework.http.HttpMethod.GET;
-import static org.springframework.security.config.annotation.web.configuration.SecurityReactorContextConfiguration.SecurityReactorContextSubscriber.SECURITY_CONTEXT_ATTRIBUTES;
 
 /**
  * Tests for {@link SecurityReactorContextConfiguration}.
@@ -88,7 +88,7 @@ public class SecurityReactorContextConfigurationTests {
 
 	@Test
 	public void createSubscriberIfNecessaryWhenSubscriberContextContainsSecurityContextAttributesThenReturnOriginalSubscriber() {
-		Context context = Context.of(SECURITY_CONTEXT_ATTRIBUTES, new HashMap<>());
+		Context context = Context.of(SecurityReactorContextSubscriber.SECURITY_CONTEXT_ATTRIBUTES, new HashMap<>());
 		BaseSubscriber<Object> originalSubscriber = new BaseSubscriber<Object>() {
 			@Override
 			public Context currentContext() {
@@ -120,7 +120,8 @@ public class SecurityReactorContextConfigurationTests {
 		Context resultContext = subscriber.currentContext();
 
 		assertThat(resultContext.getOrEmpty(testKey)).hasValue(testValue);
-		Map<Object, Object> securityContextAttributes = resultContext.getOrDefault(SECURITY_CONTEXT_ATTRIBUTES, null);
+		Map<Object, Object> securityContextAttributes = resultContext
+				.getOrDefault(SecurityReactorContextSubscriber.SECURITY_CONTEXT_ATTRIBUTES, null);
 		assertThat(securityContextAttributes).hasSize(3);
 		assertThat(securityContextAttributes).contains(entry(HttpServletRequest.class, this.servletRequest),
 				entry(HttpServletResponse.class, this.servletResponse),
@@ -133,7 +134,8 @@ public class SecurityReactorContextConfigurationTests {
 				.setRequestAttributes(new ServletRequestAttributes(this.servletRequest, this.servletResponse));
 		SecurityContextHolder.getContext().setAuthentication(this.authentication);
 
-		Context parentContext = Context.of(SECURITY_CONTEXT_ATTRIBUTES, new HashMap<>());
+		Context parentContext = Context.of(SecurityReactorContextSubscriber.SECURITY_CONTEXT_ATTRIBUTES,
+				new HashMap<>());
 		BaseSubscriber<Object> parent = new BaseSubscriber<Object>() {
 			@Override
 			public Context currentContext() {
@@ -206,8 +208,9 @@ public class SecurityReactorContextConfigurationTests {
 		ClientResponse clientResponseOk = ClientResponse.create(HttpStatus.OK).build();
 
 		ExchangeFilterFunction filter = (req, next) -> Mono.subscriberContext()
-				.filter(ctx -> ctx.hasKey(SECURITY_CONTEXT_ATTRIBUTES)).map(ctx -> ctx.get(SECURITY_CONTEXT_ATTRIBUTES))
-				.cast(Map.class).map(attributes -> {
+				.filter(ctx -> ctx.hasKey(SecurityReactorContextSubscriber.SECURITY_CONTEXT_ATTRIBUTES))
+				.map(ctx -> ctx.get(SecurityReactorContextSubscriber.SECURITY_CONTEXT_ATTRIBUTES)).cast(Map.class)
+				.map(attributes -> {
 					if (attributes.containsKey(HttpServletRequest.class)
 							&& attributes.containsKey(HttpServletResponse.class)
 							&& attributes.containsKey(Authentication.class)) {
@@ -218,7 +221,7 @@ public class SecurityReactorContextConfigurationTests {
 					}
 				});
 
-		ClientRequest clientRequest = ClientRequest.create(GET, URI.create("https://example.com")).build();
+		ClientRequest clientRequest = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")).build();
 		MockExchangeFunction exchange = new MockExchangeFunction();
 
 		Map<Object, Object> expectedContextAttributes = new HashMap<>();
@@ -230,8 +233,8 @@ public class SecurityReactorContextConfigurationTests {
 				.flatMap(response -> filter.filter(clientRequest, exchange));
 
 		StepVerifier.create(clientResponseMono).expectAccessibleContext()
-				.contains(SECURITY_CONTEXT_ATTRIBUTES, expectedContextAttributes).then().expectNext(clientResponseOk)
-				.verifyComplete();
+				.contains(SecurityReactorContextSubscriber.SECURITY_CONTEXT_ATTRIBUTES, expectedContextAttributes)
+				.then().expectNext(clientResponseOk).verifyComplete();
 	}
 
 	@EnableWebSecurity
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerEagerHeadersTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerEagerHeadersTests.java
index 0586a75bac..12d4c472cb 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerEagerHeadersTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerEagerHeadersTests.java
@@ -20,6 +20,7 @@ import org.junit.Rule;
 import org.junit.Test;
 
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.HttpHeaders;
 import org.springframework.security.config.annotation.ObjectPostProcessor;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
@@ -28,9 +29,6 @@ import org.springframework.security.config.test.SpringTestRule;
 import org.springframework.security.web.header.HeaderWriterFilter;
 import org.springframework.test.web.servlet.MockMvc;
 
-import static org.springframework.http.HttpHeaders.CACHE_CONTROL;
-import static org.springframework.http.HttpHeaders.EXPIRES;
-import static org.springframework.http.HttpHeaders.PRAGMA;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.header;
 
@@ -54,8 +52,9 @@ public class HeadersConfigurerEagerHeadersTests {
 		this.mvc.perform(get("/").secure(true)).andExpect(header().string("X-Content-Type-Options", "nosniff"))
 				.andExpect(header().string("X-Frame-Options", "DENY"))
 				.andExpect(header().string("Strict-Transport-Security", "max-age=31536000 ; includeSubDomains"))
-				.andExpect(header().string(CACHE_CONTROL, "no-cache, no-store, max-age=0, must-revalidate"))
-				.andExpect(header().string(EXPIRES, "0")).andExpect(header().string(PRAGMA, "no-cache"))
+				.andExpect(header().string(HttpHeaders.CACHE_CONTROL, "no-cache, no-store, max-age=0, must-revalidate"))
+				.andExpect(header().string(HttpHeaders.EXPIRES, "0"))
+				.andExpect(header().string(HttpHeaders.PRAGMA, "no-cache"))
 				.andExpect(header().string("X-XSS-Protection", "1; mode=block"));
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/Issue55Tests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/Issue55Tests.java
index b071eadbb0..4191869ae3 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/Issue55Tests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/Issue55Tests.java
@@ -39,7 +39,7 @@ import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
 import org.springframework.stereotype.Component;
 
-import static org.assertj.core.api.Java6Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThat;
 
 /**
  * @author Rob Winch
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurerClearSiteDataTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurerClearSiteDataTests.java
index 8b8a8ac9e8..ac8ed76df9 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurerClearSiteDataTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurerClearSiteDataTests.java
@@ -27,16 +27,13 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
 import org.springframework.security.config.test.SpringTestRule;
 import org.springframework.security.test.context.annotation.SecurityTestExecutionListeners;
 import org.springframework.security.test.context.support.WithMockUser;
+import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors;
 import org.springframework.security.web.authentication.logout.HeaderWriterLogoutHandler;
 import org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter;
+import org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter.Directive;
 import org.springframework.test.context.junit4.SpringRunner;
 import org.springframework.test.web.servlet.MockMvc;
 
-import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf;
-import static org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter.Directive.CACHE;
-import static org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter.Directive.COOKIES;
-import static org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter.Directive.EXECUTION_CONTEXTS;
-import static org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter.Directive.STORAGE;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.header;
@@ -55,7 +52,8 @@ public class LogoutConfigurerClearSiteDataTests {
 
 	private static final String CLEAR_SITE_DATA_HEADER = "Clear-Site-Data";
 
-	private static final ClearSiteDataHeaderWriter.Directive[] SOURCE = { CACHE, COOKIES, STORAGE, EXECUTION_CONTEXTS };
+	private static final Directive[] SOURCE = { Directive.CACHE, Directive.COOKIES, Directive.STORAGE,
+			Directive.EXECUTION_CONTEXTS };
 
 	private static final String HEADER_VALUE = "\"cache\", \"cookies\", \"storage\", \"executionContexts\"";
 
@@ -70,7 +68,7 @@ public class LogoutConfigurerClearSiteDataTests {
 	public void logoutWhenRequestTypeGetThenHeaderNotPresentt() throws Exception {
 		this.spring.register(HttpLogoutConfig.class).autowire();
 
-		this.mvc.perform(get("/logout").secure(true).with(csrf()))
+		this.mvc.perform(get("/logout").secure(true).with(SecurityMockMvcRequestPostProcessors.csrf()))
 				.andExpect(header().doesNotExist(CLEAR_SITE_DATA_HEADER));
 	}
 
@@ -79,7 +77,8 @@ public class LogoutConfigurerClearSiteDataTests {
 	public void logoutWhenRequestTypePostAndNotSecureThenHeaderNotPresent() throws Exception {
 		this.spring.register(HttpLogoutConfig.class).autowire();
 
-		this.mvc.perform(post("/logout").with(csrf())).andExpect(header().doesNotExist(CLEAR_SITE_DATA_HEADER));
+		this.mvc.perform(post("/logout").with(SecurityMockMvcRequestPostProcessors.csrf()))
+				.andExpect(header().doesNotExist(CLEAR_SITE_DATA_HEADER));
 	}
 
 	@Test
@@ -87,7 +86,7 @@ public class LogoutConfigurerClearSiteDataTests {
 	public void logoutWhenRequestTypePostAndSecureThenHeaderIsPresent() throws Exception {
 		this.spring.register(HttpLogoutConfig.class).autowire();
 
-		this.mvc.perform(post("/logout").secure(true).with(csrf()))
+		this.mvc.perform(post("/logout").secure(true).with(SecurityMockMvcRequestPostProcessors.csrf()))
 				.andExpect(header().stringValues(CLEAR_SITE_DATA_HEADER, HEADER_VALUE));
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpOpenIDLoginTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpOpenIDLoginTests.java
index f06590f03c..780a2eee08 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpOpenIDLoginTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpOpenIDLoginTests.java
@@ -26,6 +26,7 @@ import org.junit.Rule;
 import org.junit.Test;
 import org.openid4java.consumer.ConsumerManager;
 import org.openid4java.discovery.DiscoveryInformation;
+import org.openid4java.discovery.yadis.YadisResolver;
 import org.openid4java.message.AuthRequest;
 
 import org.springframework.beans.factory.annotation.Autowired;
@@ -63,7 +64,6 @@ import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.reset;
 import static org.mockito.Mockito.spy;
 import static org.mockito.Mockito.verify;
-import static org.openid4java.discovery.yadis.YadisResolver.YADIS_XRDS_LOCATION;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
@@ -107,7 +107,7 @@ public class NamespaceHttpOpenIDLoginTests {
 		try (MockWebServer server = new MockWebServer()) {
 			String endpoint = server.url("/").toString();
 
-			server.enqueue(new MockResponse().addHeader(YADIS_XRDS_LOCATION, endpoint));
+			server.enqueue(new MockResponse().addHeader(YadisResolver.YADIS_XRDS_LOCATION, endpoint));
 			server.enqueue(new MockResponse()
 					.setBody(String.format("<XRDS><XRD><Service><URI>%s</URI></Service></XRD></XRDS>", endpoint)));
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerServlet31Tests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerServlet31Tests.java
index d2e84b594b..1dd734d486 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerServlet31Tests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerServlet31Tests.java
@@ -44,7 +44,7 @@ import org.springframework.security.web.context.HttpSessionSecurityContextReposi
 import org.springframework.security.web.csrf.CsrfToken;
 import org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository;
 
-import static org.assertj.core.api.AssertionsForClassTypes.assertThat;
+import static org.assertj.core.api.Assertions.assertThat;
 
 /**
  * @author Rob Winch
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurerTests.java
index 81f12e07cf..1b9aaeb670 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurerTests.java
@@ -69,6 +69,7 @@ import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequ
 import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
 import org.springframework.security.oauth2.core.oidc.IdTokenClaimNames;
 import org.springframework.security.oauth2.core.oidc.OidcIdToken;
+import org.springframework.security.oauth2.core.oidc.TestOidcIdTokens;
 import org.springframework.security.oauth2.core.oidc.endpoint.OidcParameterNames;
 import org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser;
 import org.springframework.security.oauth2.core.oidc.user.OidcUser;
@@ -80,6 +81,7 @@ import org.springframework.security.oauth2.core.user.OAuth2UserAuthority;
 import org.springframework.security.oauth2.jwt.Jwt;
 import org.springframework.security.oauth2.jwt.JwtDecoder;
 import org.springframework.security.oauth2.jwt.JwtDecoderFactory;
+import org.springframework.security.oauth2.jwt.TestJwts;
 import org.springframework.security.web.FilterChainProxy;
 import org.springframework.security.web.context.HttpRequestResponseHolder;
 import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
@@ -92,8 +94,6 @@ import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
-import static org.springframework.security.oauth2.core.oidc.TestOidcIdTokens.idToken;
-import static org.springframework.security.oauth2.jwt.TestJwts.jwt;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.authentication;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
@@ -602,7 +602,7 @@ public class OAuth2LoginConfigurerTests {
 	}
 
 	private static OAuth2UserService<OidcUserRequest, OidcUser> createOidcUserService() {
-		OidcIdToken idToken = idToken().build();
+		OidcIdToken idToken = TestOidcIdTokens.idToken().build();
 		return request -> new DefaultOidcUser(Collections.singleton(new OidcUserAuthority(idToken)), idToken);
 	}
 
@@ -993,7 +993,7 @@ public class OAuth2LoginConfigurerTests {
 			claims.put(IdTokenClaimNames.ISS, "http://localhost/iss");
 			claims.put(IdTokenClaimNames.AUD, Arrays.asList("clientId", "a", "u", "d"));
 			claims.put(IdTokenClaimNames.AZP, "clientId");
-			Jwt jwt = jwt().claims(c -> c.putAll(claims)).build();
+			Jwt jwt = TestJwts.jwt().claims(c -> c.putAll(claims)).build();
 			JwtDecoder jwtDecoder = mock(JwtDecoder.class);
 			given(jwtDecoder.decode(any())).willReturn(jwt);
 			return jwtDecoder;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java
index d48878e014..8351a52ce5 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java
@@ -94,13 +94,16 @@ import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
 import org.springframework.security.oauth2.core.OAuth2Error;
 import org.springframework.security.oauth2.core.OAuth2TokenValidator;
 import org.springframework.security.oauth2.core.OAuth2TokenValidatorResult;
+import org.springframework.security.oauth2.core.TestOAuth2AccessTokens;
 import org.springframework.security.oauth2.jose.TestKeys;
 import org.springframework.security.oauth2.jwt.BadJwtException;
 import org.springframework.security.oauth2.jwt.Jwt;
+import org.springframework.security.oauth2.jwt.JwtClaimNames;
 import org.springframework.security.oauth2.jwt.JwtDecoder;
 import org.springframework.security.oauth2.jwt.JwtException;
 import org.springframework.security.oauth2.jwt.JwtTimestampValidator;
 import org.springframework.security.oauth2.jwt.NimbusJwtDecoder;
+import org.springframework.security.oauth2.jwt.TestJwts;
 import org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthentication;
 import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter;
 import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
@@ -124,6 +127,7 @@ import org.springframework.util.MultiValueMap;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.bind.annotation.RestController;
 import org.springframework.web.client.RestOperations;
 import org.springframework.web.context.support.GenericWebApplicationContext;
@@ -131,7 +135,7 @@ import org.springframework.web.context.support.GenericWebApplicationContext;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatCode;
 import static org.hamcrest.CoreMatchers.containsString;
-import static org.hamcrest.core.StringStartsWith.startsWith;
+import static org.hamcrest.CoreMatchers.startsWith;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyString;
 import static org.mockito.ArgumentMatchers.eq;
@@ -140,12 +144,6 @@ import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.never;
 import static org.mockito.Mockito.verify;
 import static org.springframework.security.config.Customizer.withDefaults;
-import static org.springframework.security.oauth2.core.TestOAuth2AccessTokens.noScopes;
-import static org.springframework.security.oauth2.jwt.JwtClaimNames.ISS;
-import static org.springframework.security.oauth2.jwt.JwtClaimNames.SUB;
-import static org.springframework.security.oauth2.jwt.NimbusJwtDecoder.withJwkSetUri;
-import static org.springframework.security.oauth2.jwt.NimbusJwtDecoder.withPublicKey;
-import static org.springframework.security.oauth2.jwt.TestJwts.jwt;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.httpBasic;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
@@ -154,8 +152,6 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.header;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.redirectedUrl;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
-import static org.springframework.web.bind.annotation.RequestMethod.GET;
-import static org.springframework.web.bind.annotation.RequestMethod.POST;
 
 /**
  * Tests for {@link OAuth2ResourceServerConfigurer}
@@ -169,9 +165,9 @@ public class OAuth2ResourceServerConfigurerTests {
 
 	private static final String JWT_SUBJECT = "mock-test-subject";
 
-	private static final Map<String, Object> JWT_CLAIMS = Collections.singletonMap(SUB, JWT_SUBJECT);
+	private static final Map<String, Object> JWT_CLAIMS = Collections.singletonMap(JwtClaimNames.SUB, JWT_SUBJECT);
 
-	private static final Jwt JWT = jwt().build();
+	private static final Jwt JWT = TestJwts.jwt().build();
 
 	private static final String JWK_SET_URI = "https://mock.org";
 
@@ -185,8 +181,8 @@ public class OAuth2ResourceServerConfigurerTests {
 	private static final String CLIENT_SECRET = "client-secret";
 
 	private static final BearerTokenAuthentication INTROSPECTION_AUTHENTICATION_TOKEN = new BearerTokenAuthentication(
-			new DefaultOAuth2AuthenticatedPrincipal(JWT_CLAIMS, Collections.emptyList()), noScopes(),
-			Collections.emptyList());
+			new DefaultOAuth2AuthenticatedPrincipal(JWT_CLAIMS, Collections.emptyList()),
+			TestOAuth2AccessTokens.noScopes(), Collections.emptyList());
 
 	@Autowired(required = false)
 	MockMvc mvc;
@@ -1361,8 +1357,8 @@ public class OAuth2ResourceServerConfigurerTests {
 
 	private String jwtFromIssuer(String issuer) throws Exception {
 		Map<String, Object> claims = new HashMap<>();
-		claims.put(ISS, issuer);
-		claims.put(SUB, "test-subject");
+		claims.put(JwtClaimNames.ISS, issuer);
+		claims.put(JwtClaimNames.SUB, "test-subject");
 		claims.put("scope", "message:read");
 		JWSObject jws = new JWSObject(new JWSHeader.Builder(JWSAlgorithm.RS256).keyID("1").build(),
 				new Payload(new JSONObject(claims)));
@@ -2066,7 +2062,7 @@ public class OAuth2ResourceServerConfigurerTests {
 		JwtDecoder decoder() throws Exception {
 			RSAPublicKey publicKey = (RSAPublicKey) KeyFactory.getInstance("RSA")
 					.generatePublic(new X509EncodedKeySpec(this.spec));
-			return withPublicKey(publicKey).build();
+			return NimbusJwtDecoder.withPublicKey(publicKey).build();
 		}
 
 	}
@@ -2285,7 +2281,7 @@ public class OAuth2ResourceServerConfigurerTests {
 			return "post";
 		}
 
-		@RequestMapping(value = "/authenticated", method = { GET, POST })
+		@RequestMapping(value = "/authenticated", method = { RequestMethod.GET, RequestMethod.POST })
 		public String authenticated(Authentication authentication) {
 			return authentication.getName();
 		}
@@ -2365,7 +2361,8 @@ public class OAuth2ResourceServerConfigurerTests {
 
 		@Bean
 		NimbusJwtDecoder jwtDecoder() {
-			return withJwkSetUri("https://example.org/.well-known/jwks.json").restOperations(this.rest).build();
+			return NimbusJwtDecoder.withJwkSetUri("https://example.org/.well-known/jwks.json").restOperations(this.rest)
+					.build();
 		}
 
 		@Bean
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurerTests.java
index f546583a5d..e5cb902773 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurerTests.java
@@ -24,6 +24,7 @@ import org.junit.Rule;
 import org.junit.Test;
 import org.openid4java.consumer.ConsumerManager;
 import org.openid4java.discovery.DiscoveryInformation;
+import org.openid4java.discovery.yadis.YadisResolver;
 import org.openid4java.message.AuthRequest;
 
 import org.springframework.beans.factory.annotation.Autowired;
@@ -47,7 +48,6 @@ import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.spy;
 import static org.mockito.Mockito.verify;
-import static org.openid4java.discovery.yadis.YadisResolver.YADIS_XRDS_LOCATION;
 import static org.springframework.security.config.Customizer.withDefaults;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.redirectedUrl;
@@ -113,7 +113,7 @@ public class OpenIDLoginConfigurerTests {
 		try (MockWebServer server = new MockWebServer()) {
 			String endpoint = server.url("/").toString();
 
-			server.enqueue(new MockResponse().addHeader(YADIS_XRDS_LOCATION, endpoint));
+			server.enqueue(new MockResponse().addHeader(YadisResolver.YADIS_XRDS_LOCATION, endpoint));
 			server.enqueue(new MockResponse()
 					.setBody(String.format("<XRDS><XRD><Service><URI>%s</URI></Service></XRD></XRDS>", endpoint)));
 
@@ -151,7 +151,7 @@ public class OpenIDLoginConfigurerTests {
 		try (MockWebServer server = new MockWebServer()) {
 			String endpoint = server.url("/").toString();
 
-			server.enqueue(new MockResponse().addHeader(YADIS_XRDS_LOCATION, endpoint));
+			server.enqueue(new MockResponse().addHeader(YadisResolver.YADIS_XRDS_LOCATION, endpoint));
 			server.enqueue(new MockResponse()
 					.setBody(String.format("<XRDS><XRD><Service><URI>%s</URI></Service></XRD></XRDS>", endpoint)));
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurerTests.java
index b70773de04..4a6223ef00 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurerTests.java
@@ -19,6 +19,7 @@ package org.springframework.security.config.annotation.web.configurers.saml2;
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 import java.net.URLDecoder;
+import java.nio.charset.StandardCharsets;
 import java.time.Duration;
 import java.util.Arrays;
 import java.util.Base64;
@@ -60,14 +61,17 @@ import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
 import org.springframework.security.saml2.Saml2Exception;
+import org.springframework.security.saml2.core.TestSaml2X509Credentials;
 import org.springframework.security.saml2.provider.service.authentication.OpenSamlAuthenticationProvider;
 import org.springframework.security.saml2.provider.service.authentication.OpenSamlAuthenticationRequestFactory;
 import org.springframework.security.saml2.provider.service.authentication.Saml2Authentication;
 import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationRequestContext;
 import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationRequestFactory;
 import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationToken;
+import org.springframework.security.saml2.provider.service.authentication.TestSaml2AuthenticationRequestContexts;
 import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
 import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository;
+import org.springframework.security.saml2.provider.service.registration.TestRelyingPartyRegistrations;
 import org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationFilter;
 import org.springframework.security.saml2.provider.service.web.Saml2AuthenticationRequestContextResolver;
 import org.springframework.security.web.FilterChainProxy;
@@ -81,7 +85,6 @@ import org.springframework.test.web.servlet.MvcResult;
 import org.springframework.web.util.UriComponents;
 import org.springframework.web.util.UriComponentsBuilder;
 
-import static java.nio.charset.StandardCharsets.UTF_8;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyString;
@@ -89,10 +92,6 @@ import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
 import static org.springframework.security.config.Customizer.withDefaults;
-import static org.springframework.security.saml2.core.TestSaml2X509Credentials.relyingPartyVerifyingCredential;
-import static org.springframework.security.saml2.provider.service.authentication.TestSaml2AuthenticationRequestContexts.authenticationRequestContext;
-import static org.springframework.security.saml2.provider.service.registration.TestRelyingPartyRegistrations.noCredentials;
-import static org.springframework.security.saml2.provider.service.registration.TestRelyingPartyRegistrations.relyingPartyRegistration;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.redirectedUrl;
@@ -171,7 +170,8 @@ public class Saml2LoginConfigurerTests {
 	public void saml2LoginWhenCustomAuthenticationRequestContextResolverThenUses() throws Exception {
 		this.spring.register(CustomAuthenticationRequestContextResolver.class).autowire();
 
-		Saml2AuthenticationRequestContext context = authenticationRequestContext().build();
+		Saml2AuthenticationRequestContext context = TestSaml2AuthenticationRequestContexts
+				.authenticationRequestContext().build();
 		Saml2AuthenticationRequestContextResolver resolver = CustomAuthenticationRequestContextResolver.resolver;
 		given(resolver.resolve(any(HttpServletRequest.class))).willReturn(context);
 		this.mvc.perform(get("/saml2/authenticate/registration-id")).andExpect(status().isFound());
@@ -193,9 +193,9 @@ public class Saml2LoginConfigurerTests {
 	@Test
 	public void authenticateWhenCustomAuthenticationConverterThenUses() throws Exception {
 		this.spring.register(CustomAuthenticationConverter.class).autowire();
-		RelyingPartyRegistration relyingPartyRegistration = noCredentials()
-				.assertingPartyDetails(
-						party -> party.verificationX509Credentials(c -> c.add(relyingPartyVerifyingCredential())))
+		RelyingPartyRegistration relyingPartyRegistration = TestRelyingPartyRegistrations.noCredentials()
+				.assertingPartyDetails(party -> party.verificationX509Credentials(
+						c -> c.add(TestSaml2X509Credentials.relyingPartyVerifyingCredential())))
 				.build();
 		String response = new String(samlDecode(SIGNED_RESPONSE));
 		given(CustomAuthenticationConverter.authenticationConverter.convert(any(HttpServletRequest.class)))
@@ -254,7 +254,7 @@ public class Saml2LoginConfigurerTests {
 			InflaterOutputStream iout = new InflaterOutputStream(out, new Inflater(true));
 			iout.write(b);
 			iout.finish();
-			return new String(out.toByteArray(), UTF_8);
+			return new String(out.toByteArray(), StandardCharsets.UTF_8);
 		}
 		catch (IOException e) {
 			throw new Saml2Exception("Unable to inflate string", e);
@@ -387,7 +387,8 @@ public class Saml2LoginConfigurerTests {
 		@Bean
 		RelyingPartyRegistrationRepository relyingPartyRegistrationRepository() {
 			RelyingPartyRegistrationRepository repository = mock(RelyingPartyRegistrationRepository.class);
-			given(repository.findByRegistrationId(anyString())).willReturn(relyingPartyRegistration().build());
+			given(repository.findByRegistrationId(anyString()))
+					.willReturn(TestRelyingPartyRegistrations.relyingPartyRegistration().build());
 			return repository;
 		}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/TestSaml2Credentials.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/TestSaml2Credentials.java
index 22ff7efd72..ddccf53692 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/TestSaml2Credentials.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/TestSaml2Credentials.java
@@ -24,10 +24,7 @@ import java.security.cert.X509Certificate;
 
 import org.springframework.security.converter.RsaKeyConverters;
 import org.springframework.security.saml2.credentials.Saml2X509Credential;
-
-import static org.springframework.security.saml2.credentials.Saml2X509Credential.Saml2X509CredentialType.DECRYPTION;
-import static org.springframework.security.saml2.credentials.Saml2X509Credential.Saml2X509CredentialType.SIGNING;
-import static org.springframework.security.saml2.credentials.Saml2X509Credential.Saml2X509CredentialType.VERIFICATION;
+import org.springframework.security.saml2.credentials.Saml2X509Credential.Saml2X509CredentialType;
 
 /**
  * Preconfigured SAML credentials for SAML integration tests.
@@ -58,7 +55,7 @@ public class TestSaml2Credentials {
 				+ "xbzb7ykxVr7EVFXwltPxzE9TmL9OACNNyF5eJHWMRMllarUvkcXlh4pux4ks9e6z\n"
 				+ "V9DQBy2zds9f1I3qxg0eX6JnGrXi/ZiCT+lJgVe3ZFXiejiLAiKB04sXW3ti0LW3\n"
 				+ "lx13Y1YlQ4/tlpgTgfIJxKV6nyPiLoK0nywbMd+vpAirDt2Oc+hk\n" + "-----END CERTIFICATE-----";
-		return new Saml2X509Credential(x509Certificate(certificate), VERIFICATION);
+		return new Saml2X509Credential(x509Certificate(certificate), Saml2X509CredentialType.VERIFICATION);
 	}
 
 	static X509Certificate x509Certificate(String source) {
@@ -105,7 +102,7 @@ public class TestSaml2Credentials {
 				+ "RZ/nbTJ7VTeZOSyRoVn5XHhpuJ0B\n" + "-----END CERTIFICATE-----";
 		PrivateKey pk = RsaKeyConverters.pkcs8().convert(new ByteArrayInputStream(key.getBytes()));
 		X509Certificate cert = x509Certificate(certificate);
-		return new Saml2X509Credential(pk, cert, SIGNING, DECRYPTION);
+		return new Saml2X509Credential(pk, cert, Saml2X509CredentialType.SIGNING, Saml2X509CredentialType.DECRYPTION);
 	}
 
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurityTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurityTests.java
index fdd1461eeb..036618be7b 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurityTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurityTests.java
@@ -51,6 +51,7 @@ import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.test.context.annotation.SecurityTestExecutionListeners;
 import org.springframework.security.test.context.support.WithMockUser;
+import org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers;
 import org.springframework.security.test.web.reactive.server.WebTestClientBuilder;
 import org.springframework.security.web.reactive.result.method.annotation.AuthenticationPrincipalArgumentResolver;
 import org.springframework.security.web.reactive.result.view.CsrfRequestDataValueProcessor;
@@ -71,7 +72,6 @@ import org.springframework.web.reactive.function.BodyInserters;
 import org.springframework.web.reactive.result.view.AbstractView;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.csrf;
 
 /**
  * @author Rob Winch
@@ -202,8 +202,9 @@ public class EnableWebFluxSecurityTests {
 		MultiValueMap<String, String> data = new LinkedMultiValueMap<>();
 		data.add("username", "user");
 		data.add("password", "password");
-		client.mutateWith(csrf()).post().uri("/login").body(BodyInserters.fromFormData(data)).exchange().expectStatus()
-				.is3xxRedirection().expectHeader().valueMatches("Location", "/");
+		client.mutateWith(SecurityMockServerConfigurers.csrf()).post().uri("/login")
+				.body(BodyInserters.fromFormData(data)).exchange().expectStatus().is3xxRedirection().expectHeader()
+				.valueMatches("Location", "/");
 	}
 
 	@Test
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerDocTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerDocTests.java
index 83ada36fdd..76333746ad 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerDocTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerDocTests.java
@@ -46,8 +46,6 @@ import org.springframework.web.socket.config.annotation.StompEndpointRegistry;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.fail;
-import static org.springframework.messaging.simp.SimpMessageType.MESSAGE;
-import static org.springframework.messaging.simp.SimpMessageType.SUBSCRIBE;
 
 public class AbstractSecurityWebSocketMessageBrokerConfigurerDocTests {
 
@@ -139,7 +137,7 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerDocTests {
 					.simpDestMatchers("/app/**").hasRole("USER")
 					// <3>
 					.simpSubscribeDestMatchers("/user/**", "/topic/friends/*").hasRole("USER") // <4>
-					.simpTypeMatchers(MESSAGE, SUBSCRIBE).denyAll() // <5>
+					.simpTypeMatchers(SimpMessageType.MESSAGE, SimpMessageType.SUBSCRIBE).denyAll() // <5>
 					.anyMessage().denyAll(); // <6>
 
 		}
diff --git a/config/src/test/java/org/springframework/security/config/core/userdetails/ReactiveUserDetailsServiceResourceFactoryBeanPropertiesResourceITests.java b/config/src/test/java/org/springframework/security/config/core/userdetails/ReactiveUserDetailsServiceResourceFactoryBeanPropertiesResourceITests.java
index 58c4e09397..1cbe52e40d 100644
--- a/config/src/test/java/org/springframework/security/config/core/userdetails/ReactiveUserDetailsServiceResourceFactoryBeanPropertiesResourceITests.java
+++ b/config/src/test/java/org/springframework/security/config/core/userdetails/ReactiveUserDetailsServiceResourceFactoryBeanPropertiesResourceITests.java
@@ -26,7 +26,7 @@ import org.springframework.security.core.userdetails.ReactiveUserDetailsService;
 import org.springframework.security.util.InMemoryResource;
 import org.springframework.test.context.junit4.SpringRunner;
 
-import static org.assertj.core.api.AssertionsForClassTypes.assertThat;
+import static org.assertj.core.api.Assertions.assertThat;
 
 /**
  * @author Rob Winch
diff --git a/config/src/test/java/org/springframework/security/config/core/userdetails/ReactiveUserDetailsServiceResourceFactoryBeanPropertiesResourceLocationITests.java b/config/src/test/java/org/springframework/security/config/core/userdetails/ReactiveUserDetailsServiceResourceFactoryBeanPropertiesResourceLocationITests.java
index 28908297f8..effd00c71e 100644
--- a/config/src/test/java/org/springframework/security/config/core/userdetails/ReactiveUserDetailsServiceResourceFactoryBeanPropertiesResourceLocationITests.java
+++ b/config/src/test/java/org/springframework/security/config/core/userdetails/ReactiveUserDetailsServiceResourceFactoryBeanPropertiesResourceLocationITests.java
@@ -25,7 +25,7 @@ import org.springframework.context.annotation.Configuration;
 import org.springframework.security.core.userdetails.ReactiveUserDetailsService;
 import org.springframework.test.context.junit4.SpringRunner;
 
-import static org.assertj.core.api.AssertionsForClassTypes.assertThat;
+import static org.assertj.core.api.Assertions.assertThat;
 
 /**
  * @author Rob Winch
diff --git a/config/src/test/java/org/springframework/security/config/core/userdetails/ReactiveUserDetailsServiceResourceFactoryBeanStringITests.java b/config/src/test/java/org/springframework/security/config/core/userdetails/ReactiveUserDetailsServiceResourceFactoryBeanStringITests.java
index ff4eac53f2..76bccac1ba 100644
--- a/config/src/test/java/org/springframework/security/config/core/userdetails/ReactiveUserDetailsServiceResourceFactoryBeanStringITests.java
+++ b/config/src/test/java/org/springframework/security/config/core/userdetails/ReactiveUserDetailsServiceResourceFactoryBeanStringITests.java
@@ -25,7 +25,7 @@ import org.springframework.context.annotation.Configuration;
 import org.springframework.security.core.userdetails.ReactiveUserDetailsService;
 import org.springframework.test.context.junit4.SpringRunner;
 
-import static org.assertj.core.api.AssertionsForClassTypes.assertThat;
+import static org.assertj.core.api.Assertions.assertThat;
 
 /**
  * @author Rob Winch
diff --git a/config/src/test/java/org/springframework/security/config/core/userdetails/UserDetailsResourceFactoryBeanTests.java b/config/src/test/java/org/springframework/security/config/core/userdetails/UserDetailsResourceFactoryBeanTests.java
index 6a366f7fcc..5e476818cb 100644
--- a/config/src/test/java/org/springframework/security/config/core/userdetails/UserDetailsResourceFactoryBeanTests.java
+++ b/config/src/test/java/org/springframework/security/config/core/userdetails/UserDetailsResourceFactoryBeanTests.java
@@ -29,7 +29,7 @@ import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.util.InMemoryResource;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.AssertionsForClassTypes.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
 
 /**
  * @author Rob Winch
diff --git a/config/src/test/java/org/springframework/security/config/debug/SecurityDebugBeanFactoryPostProcessorTests.java b/config/src/test/java/org/springframework/security/config/debug/SecurityDebugBeanFactoryPostProcessorTests.java
index d3bd58daaa..6d065fce3a 100644
--- a/config/src/test/java/org/springframework/security/config/debug/SecurityDebugBeanFactoryPostProcessorTests.java
+++ b/config/src/test/java/org/springframework/security/config/debug/SecurityDebugBeanFactoryPostProcessorTests.java
@@ -18,13 +18,12 @@ package org.springframework.security.config.debug;
 import org.junit.Rule;
 import org.junit.Test;
 
+import org.springframework.security.config.BeanIds;
 import org.springframework.security.config.test.SpringTestRule;
 import org.springframework.security.web.FilterChainProxy;
 import org.springframework.security.web.debug.DebugFilter;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.springframework.security.config.BeanIds.FILTER_CHAIN_PROXY;
-import static org.springframework.security.config.BeanIds.SPRING_SECURITY_FILTER_CHAIN;
 
 /**
  * @author Rob Winch
@@ -42,8 +41,9 @@ public class SecurityDebugBeanFactoryPostProcessorTests {
 				"classpath:org/springframework/security/config/debug/SecurityDebugBeanFactoryPostProcessorTests-context.xml")
 				.autowire();
 
-		assertThat(this.spring.getContext().getBean(SPRING_SECURITY_FILTER_CHAIN)).isInstanceOf(DebugFilter.class);
-		assertThat(this.spring.getContext().getBean(FILTER_CHAIN_PROXY)).isInstanceOf(FilterChainProxy.class);
+		assertThat(this.spring.getContext().getBean(BeanIds.SPRING_SECURITY_FILTER_CHAIN))
+				.isInstanceOf(DebugFilter.class);
+		assertThat(this.spring.getContext().getBean(BeanIds.FILTER_CHAIN_PROXY)).isInstanceOf(FilterChainProxy.class);
 	}
 
 }
diff --git a/config/src/test/java/org/springframework/security/config/http/CsrfConfigTests.java b/config/src/test/java/org/springframework/security/config/http/CsrfConfigTests.java
index 2801c4e593..ea4938b57b 100644
--- a/config/src/test/java/org/springframework/security/config/http/CsrfConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/CsrfConfigTests.java
@@ -50,6 +50,7 @@ import org.springframework.test.web.servlet.ResultMatcher;
 import org.springframework.test.web.servlet.setup.MockMvcBuilders;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.bind.annotation.ResponseBody;
 import org.springframework.web.servlet.support.RequestDataValueProcessor;
 
@@ -68,14 +69,6 @@ import static org.springframework.test.web.servlet.request.MockMvcRequestBuilder
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.request;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.redirectedUrl;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
-import static org.springframework.web.bind.annotation.RequestMethod.DELETE;
-import static org.springframework.web.bind.annotation.RequestMethod.GET;
-import static org.springframework.web.bind.annotation.RequestMethod.HEAD;
-import static org.springframework.web.bind.annotation.RequestMethod.OPTIONS;
-import static org.springframework.web.bind.annotation.RequestMethod.PATCH;
-import static org.springframework.web.bind.annotation.RequestMethod.POST;
-import static org.springframework.web.bind.annotation.RequestMethod.PUT;
-import static org.springframework.web.bind.annotation.RequestMethod.TRACE;
 
 /**
  * @author Rob Winch
@@ -441,20 +434,22 @@ public class CsrfConfigTests {
 	@Controller
 	public static class RootController {
 
-		@RequestMapping(value = "/csrf-in-header", method = { HEAD, TRACE, OPTIONS })
+		@RequestMapping(value = "/csrf-in-header",
+				method = { RequestMethod.HEAD, RequestMethod.TRACE, RequestMethod.OPTIONS })
 		@ResponseBody
 		String csrfInHeaderAndBody(CsrfToken token, HttpServletResponse response) {
 			response.setHeader(token.getHeaderName(), token.getToken());
 			return csrfInBody(token);
 		}
 
-		@RequestMapping(value = "/csrf", method = { POST, PUT, PATCH, DELETE, GET })
+		@RequestMapping(value = "/csrf", method = { RequestMethod.POST, RequestMethod.PUT, RequestMethod.PATCH,
+				RequestMethod.DELETE, RequestMethod.GET })
 		@ResponseBody
 		String csrfInBody(CsrfToken token) {
 			return token.getToken();
 		}
 
-		@RequestMapping(value = "/ok", method = { POST, GET })
+		@RequestMapping(value = "/ok", method = { RequestMethod.POST, RequestMethod.GET })
 		@ResponseBody
 		String ok() {
 			return "ok";
diff --git a/config/src/test/java/org/springframework/security/config/http/FormLoginBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/http/FormLoginBeanDefinitionParserTests.java
index d36570f88e..2bdb457036 100644
--- a/config/src/test/java/org/springframework/security/config/http/FormLoginBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/FormLoginBeanDefinitionParserTests.java
@@ -24,8 +24,8 @@ import org.springframework.security.web.WebAttributes;
 import org.springframework.test.web.servlet.MockMvc;
 
 import static org.hamcrest.CoreMatchers.containsString;
-import static org.hamcrest.core.IsNot.not;
-import static org.hamcrest.core.IsNull.nullValue;
+import static org.hamcrest.CoreMatchers.not;
+import static org.hamcrest.CoreMatchers.nullValue;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content;
diff --git a/config/src/test/java/org/springframework/security/config/http/MiscHttpConfigTests.java b/config/src/test/java/org/springframework/security/config/http/MiscHttpConfigTests.java
index c3b59f29fc..a1f99f4d41 100644
--- a/config/src/test/java/org/springframework/security/config/http/MiscHttpConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/MiscHttpConfigTests.java
@@ -102,6 +102,7 @@ import org.springframework.security.web.savedrequest.RequestCache;
 import org.springframework.security.web.savedrequest.RequestCacheAwareFilter;
 import org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter;
 import org.springframework.security.web.session.SessionManagementFilter;
+import org.springframework.test.util.ReflectionTestUtils;
 import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.test.web.servlet.MvcResult;
 import org.springframework.web.bind.annotation.GetMapping;
@@ -120,7 +121,6 @@ import static org.mockito.Mockito.verify;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.httpBasic;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.x509;
-import static org.springframework.test.util.ReflectionTestUtils.getField;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.delete;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
@@ -618,8 +618,8 @@ public class MiscHttpConfigTests {
 
 		this.mvc.perform(get("/details").session(session)).andExpect(content().string(details.getClass().getName()));
 
-		assertThat(getField(getFilter(OpenIDAuthenticationFilter.class), "authenticationDetailsSource"))
-				.isEqualTo(source);
+		assertThat(ReflectionTestUtils.getField(getFilter(OpenIDAuthenticationFilter.class),
+				"authenticationDetailsSource")).isEqualTo(source);
 	}
 
 	@Test
diff --git a/config/src/test/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserTests.java
index 7b86dd796a..859e549a86 100644
--- a/config/src/test/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserTests.java
@@ -40,6 +40,7 @@ import org.springframework.security.oauth2.core.TestOAuth2AccessTokens;
 import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
 import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
 import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
+import org.springframework.security.oauth2.core.endpoint.TestOAuth2AccessTokenResponses;
 import org.springframework.security.test.context.annotation.SecurityTestExecutionListeners;
 import org.springframework.security.test.context.support.WithMockUser;
 import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
@@ -55,7 +56,6 @@ import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.verify;
-import static org.springframework.security.oauth2.core.endpoint.TestOAuth2AccessTokenResponses.accessTokenResponse;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.redirectedUrl;
@@ -153,7 +153,7 @@ public class OAuth2ClientBeanDefinitionParserTests {
 		given(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any()))
 				.willReturn(authorizationRequest);
 
-		OAuth2AccessTokenResponse accessTokenResponse = accessTokenResponse().build();
+		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build();
 		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse);
 
 		MultiValueMap<String, String> params = new LinkedMultiValueMap<>();
@@ -183,7 +183,7 @@ public class OAuth2ClientBeanDefinitionParserTests {
 		given(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any()))
 				.willReturn(authorizationRequest);
 
-		OAuth2AccessTokenResponse accessTokenResponse = accessTokenResponse().build();
+		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build();
 		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse);
 
 		MultiValueMap<String, String> params = new LinkedMultiValueMap<>();
diff --git a/config/src/test/java/org/springframework/security/config/http/OAuth2LoginBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/http/OAuth2LoginBeanDefinitionParserTests.java
index b2162505f5..5b98d0cdc0 100644
--- a/config/src/test/java/org/springframework/security/config/http/OAuth2LoginBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/OAuth2LoginBeanDefinitionParserTests.java
@@ -52,6 +52,7 @@ import org.springframework.security.oauth2.core.TestOAuth2AccessTokens;
 import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
 import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
 import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
+import org.springframework.security.oauth2.core.endpoint.TestOAuth2AccessTokenResponses;
 import org.springframework.security.oauth2.core.endpoint.TestOAuth2AuthorizationRequests;
 import org.springframework.security.oauth2.core.oidc.user.OidcUser;
 import org.springframework.security.oauth2.core.user.OAuth2User;
@@ -78,8 +79,6 @@ import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
-import static org.springframework.security.oauth2.core.endpoint.TestOAuth2AccessTokenResponses.accessTokenResponse;
-import static org.springframework.security.oauth2.core.endpoint.TestOAuth2AccessTokenResponses.oidcAccessTokenResponse;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.redirectedUrl;
@@ -214,7 +213,7 @@ public class OAuth2LoginBeanDefinitionParserTests {
 		given(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any()))
 				.willReturn(authorizationRequest);
 
-		OAuth2AccessTokenResponse accessTokenResponse = accessTokenResponse().build();
+		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build();
 		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse);
 
 		OAuth2User oauth2User = TestOAuth2Users.create();
@@ -243,7 +242,7 @@ public class OAuth2LoginBeanDefinitionParserTests {
 		given(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any()))
 				.willReturn(authorizationRequest);
 
-		OAuth2AccessTokenResponse accessTokenResponse = accessTokenResponse().build();
+		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build();
 		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse);
 
 		OAuth2User oauth2User = TestOAuth2Users.create();
@@ -269,7 +268,8 @@ public class OAuth2LoginBeanDefinitionParserTests {
 		given(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any()))
 				.willReturn(authorizationRequest);
 
-		OAuth2AccessTokenResponse accessTokenResponse = oidcAccessTokenResponse().build();
+		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.oidcAccessTokenResponse()
+				.build();
 		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse);
 
 		Jwt jwt = TestJwts.user();
@@ -297,7 +297,7 @@ public class OAuth2LoginBeanDefinitionParserTests {
 		given(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any()))
 				.willReturn(authorizationRequest);
 
-		OAuth2AccessTokenResponse accessTokenResponse = accessTokenResponse().build();
+		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build();
 		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse);
 
 		OAuth2User oauth2User = TestOAuth2Users.create();
@@ -326,7 +326,7 @@ public class OAuth2LoginBeanDefinitionParserTests {
 		given(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any()))
 				.willReturn(authorizationRequest);
 
-		accessTokenResponse = oidcAccessTokenResponse().build();
+		accessTokenResponse = TestOAuth2AccessTokenResponses.oidcAccessTokenResponse().build();
 		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse);
 
 		Jwt jwt = TestJwts.user();
@@ -359,7 +359,7 @@ public class OAuth2LoginBeanDefinitionParserTests {
 		given(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any()))
 				.willReturn(authorizationRequest);
 
-		OAuth2AccessTokenResponse accessTokenResponse = accessTokenResponse().build();
+		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build();
 		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse);
 
 		OAuth2User oauth2User = TestOAuth2Users.create();
@@ -428,7 +428,7 @@ public class OAuth2LoginBeanDefinitionParserTests {
 		given(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any()))
 				.willReturn(authorizationRequest);
 
-		OAuth2AccessTokenResponse accessTokenResponse = accessTokenResponse().build();
+		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build();
 		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse);
 
 		OAuth2User oauth2User = TestOAuth2Users.create();
@@ -456,7 +456,7 @@ public class OAuth2LoginBeanDefinitionParserTests {
 		given(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any()))
 				.willReturn(authorizationRequest);
 
-		OAuth2AccessTokenResponse accessTokenResponse = accessTokenResponse().build();
+		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build();
 		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse);
 
 		OAuth2User oauth2User = TestOAuth2Users.create();
@@ -484,7 +484,7 @@ public class OAuth2LoginBeanDefinitionParserTests {
 		given(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any()))
 				.willReturn(authorizationRequest);
 
-		OAuth2AccessTokenResponse accessTokenResponse = accessTokenResponse().build();
+		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build();
 		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse);
 
 		OAuth2User oauth2User = TestOAuth2Users.create();
diff --git a/config/src/test/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParserTests.java
index c753c8d1a6..53b1dc8715 100644
--- a/config/src/test/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParserTests.java
@@ -76,9 +76,11 @@ import org.springframework.security.oauth2.core.OAuth2TokenValidator;
 import org.springframework.security.oauth2.core.OAuth2TokenValidatorResult;
 import org.springframework.security.oauth2.jose.TestKeys;
 import org.springframework.security.oauth2.jwt.Jwt;
+import org.springframework.security.oauth2.jwt.JwtClaimNames;
 import org.springframework.security.oauth2.jwt.JwtDecoder;
 import org.springframework.security.oauth2.jwt.JwtException;
 import org.springframework.security.oauth2.jwt.NimbusJwtDecoder;
+import org.springframework.security.oauth2.jwt.TestJwts;
 import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
 import org.springframework.security.oauth2.server.resource.introspection.NimbusOpaqueTokenIntrospector;
 import org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenIntrospector;
@@ -96,23 +98,15 @@ import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatCode;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.hamcrest.CoreMatchers.containsString;
-import static org.hamcrest.core.StringStartsWith.startsWith;
+import static org.hamcrest.CoreMatchers.startsWith;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyString;
 import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.reset;
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
-import static org.powermock.api.mockito.PowerMockito.when;
-import static org.springframework.security.config.http.OAuth2ResourceServerBeanDefinitionParser.AUTHENTICATION_MANAGER_RESOLVER_REF;
-import static org.springframework.security.config.http.OAuth2ResourceServerBeanDefinitionParser.JwtBeanDefinitionParser.DECODER_REF;
-import static org.springframework.security.config.http.OAuth2ResourceServerBeanDefinitionParser.JwtBeanDefinitionParser.JWK_SET_URI;
-import static org.springframework.security.config.http.OAuth2ResourceServerBeanDefinitionParser.OpaqueTokenBeanDefinitionParser.INTROSPECTION_URI;
-import static org.springframework.security.config.http.OAuth2ResourceServerBeanDefinitionParser.OpaqueTokenBeanDefinitionParser.INTROSPECTOR_REF;
-import static org.springframework.security.oauth2.jwt.JwtClaimNames.ISS;
-import static org.springframework.security.oauth2.jwt.JwtClaimNames.SUB;
-import static org.springframework.security.oauth2.jwt.TestJwts.jwt;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.httpBasic;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
@@ -435,10 +429,10 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 				.autowire();
 
 		JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class);
-		when(decoder.decode("token")).thenReturn(jwt().build());
+		given(decoder.decode("token")).willReturn(TestJwts.jwt().build());
 
 		BearerTokenResolver bearerTokenResolver = this.spring.getContext().getBean(BearerTokenResolver.class);
-		when(bearerTokenResolver.resolve(any(HttpServletRequest.class))).thenReturn("token");
+		given(bearerTokenResolver.resolve(any(HttpServletRequest.class))).willReturn("token");
 
 		this.mvc.perform(get("/")).andExpect(status().isNotFound());
 
@@ -453,7 +447,7 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 		this.spring.configLocations(xml("MockJwtDecoder"), xml("AllowBearerTokenInBody")).autowire();
 
 		JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class);
-		when(decoder.decode(anyString())).thenReturn(jwt().build());
+		given(decoder.decode(anyString())).willReturn(TestJwts.jwt().build());
 
 		this.mvc.perform(get("/authenticated").header("Authorization", "Bearer token"))
 				.andExpect(status().isNotFound());
@@ -468,7 +462,7 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 		this.spring.configLocations(xml("MockJwtDecoder"), xml("AllowBearerTokenInQuery")).autowire();
 
 		JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class);
-		Mockito.when(decoder.decode(anyString())).thenReturn(jwt().build());
+		given(decoder.decode(anyString())).willReturn(TestJwts.jwt().build());
 
 		this.mvc.perform(get("/authenticated").header("Authorization", "Bearer token"))
 				.andExpect(status().isNotFound());
@@ -517,7 +511,7 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 
 		JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class);
 
-		when(decoder.decode(anyString())).thenReturn(jwt().build());
+		given(decoder.decode(anyString())).willReturn(TestJwts.jwt().build());
 
 		this.mvc.perform(get("/authenticated").header("Authorization", "Bearer token"))
 				.andExpect(status().isNotFound());
@@ -552,7 +546,7 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 		this.spring.configLocations(xml("MockJwtDecoder"), xml("AccessDeniedHandler")).autowire();
 
 		JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class);
-		Mockito.when(decoder.decode(anyString())).thenReturn(jwt().build());
+		given(decoder.decode(anyString())).willReturn(TestJwts.jwt().build());
 
 		this.mvc.perform(get("/authenticated").header("Authorization", "Bearer insufficiently_scoped"))
 				.andExpect(status().isForbidden())
@@ -572,7 +566,7 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 
 		OAuth2Error error = new OAuth2Error("custom-error", "custom-description", "custom-uri");
 
-		when(jwtValidator.validate(any(Jwt.class))).thenReturn(OAuth2TokenValidatorResult.failure(error));
+		given(jwtValidator.validate(any(Jwt.class))).willReturn(OAuth2TokenValidatorResult.failure(error));
 
 		this.mvc.perform(get("/").header("Authorization", "Bearer " + token)).andExpect(status().isUnauthorized())
 				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, containsString("custom-description")));
@@ -609,11 +603,11 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 
 		Converter<Jwt, JwtAuthenticationToken> jwtAuthenticationConverter = (Converter<Jwt, JwtAuthenticationToken>) this.spring
 				.getContext().getBean("jwtAuthenticationConverter");
-		when(jwtAuthenticationConverter.convert(any(Jwt.class)))
-				.thenReturn(new JwtAuthenticationToken(jwt().build(), Collections.emptyList()));
+		given(jwtAuthenticationConverter.convert(any(Jwt.class)))
+				.willReturn(new JwtAuthenticationToken(TestJwts.jwt().build(), Collections.emptyList()));
 
 		JwtDecoder jwtDecoder = this.spring.getContext().getBean(JwtDecoder.class);
-		Mockito.when(jwtDecoder.decode(anyString())).thenReturn(jwt().build());
+		given(jwtDecoder.decode(anyString())).willReturn(TestJwts.jwt().build());
 
 		this.mvc.perform(get("/").header("Authorization", "Bearer token")).andExpect(status().isNotFound());
 
@@ -702,8 +696,8 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 
 		AuthenticationManagerResolver<HttpServletRequest> authenticationManagerResolver = this.spring.getContext()
 				.getBean(AuthenticationManagerResolver.class);
-		when(authenticationManagerResolver.resolve(any(HttpServletRequest.class)))
-				.thenReturn(authentication -> new JwtAuthenticationToken(jwt().build(), Collections.emptyList()));
+		given(authenticationManagerResolver.resolve(any(HttpServletRequest.class))).willReturn(
+				authentication -> new JwtAuthenticationToken(TestJwts.jwt().build(), Collections.emptyList()));
 
 		this.mvc.perform(get("/").header("Authorization", "Bearer token")).andExpect(status().isNotFound());
 
@@ -754,7 +748,7 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 		this.spring.configLocations(xml("MockJwtDecoder"), xml("BasicAndResourceServer")).autowire();
 
 		JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class);
-		when(decoder.decode(anyString())).thenThrow(JwtException.class);
+		given(decoder.decode(anyString())).willThrow(JwtException.class);
 
 		this.mvc.perform(get("/authenticated").with(httpBasic("some", "user"))).andExpect(status().isUnauthorized())
 				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, startsWith("Basic")));
@@ -775,7 +769,7 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 		this.spring.configLocations(xml("MockJwtDecoder"), xml("FormAndResourceServer")).autowire();
 
 		JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class);
-		when(decoder.decode(anyString())).thenThrow(JwtException.class);
+		given(decoder.decode(anyString())).willThrow(JwtException.class);
 
 		MvcResult result = this.mvc.perform(get("/authenticated")).andExpect(status().isUnauthorized()).andReturn();
 
@@ -827,7 +821,8 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 		OAuth2ResourceServerBeanDefinitionParser parser = new OAuth2ResourceServerBeanDefinitionParser(null, null, null,
 				null, null);
 		Element element = mock(Element.class);
-		when(element.hasAttribute(AUTHENTICATION_MANAGER_RESOLVER_REF)).thenReturn(true);
+		given(element.hasAttribute(OAuth2ResourceServerBeanDefinitionParser.AUTHENTICATION_MANAGER_RESOLVER_REF))
+				.willReturn(true);
 		Element child = mock(Element.class);
 		ParserContext pc = new ParserContext(mock(XmlReaderContext.class), mock(BeanDefinitionParserDelegate.class));
 
@@ -844,7 +839,8 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 		OAuth2ResourceServerBeanDefinitionParser parser = new OAuth2ResourceServerBeanDefinitionParser(null, null, null,
 				null, null);
 		Element element = mock(Element.class);
-		when(element.hasAttribute(AUTHENTICATION_MANAGER_RESOLVER_REF)).thenReturn(false);
+		given(element.hasAttribute(OAuth2ResourceServerBeanDefinitionParser.AUTHENTICATION_MANAGER_RESOLVER_REF))
+				.willReturn(false);
 		ParserContext pc = new ParserContext(mock(XmlReaderContext.class), mock(BeanDefinitionParserDelegate.class));
 		parser.validateConfiguration(element, null, null, pc);
 		verify(pc.getReaderContext()).error(anyString(), eq(element));
@@ -854,8 +850,8 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 	public void validateConfigurationWhenBothJwtAttributesThenError() {
 		JwtBeanDefinitionParser parser = new JwtBeanDefinitionParser();
 		Element element = mock(Element.class);
-		when(element.hasAttribute(JWK_SET_URI)).thenReturn(true);
-		when(element.hasAttribute(DECODER_REF)).thenReturn(true);
+		given(element.hasAttribute(JwtBeanDefinitionParser.JWK_SET_URI)).willReturn(true);
+		given(element.hasAttribute(JwtBeanDefinitionParser.DECODER_REF)).willReturn(true);
 		ParserContext pc = new ParserContext(mock(XmlReaderContext.class), mock(BeanDefinitionParserDelegate.class));
 		parser.validateConfiguration(element, pc);
 		verify(pc.getReaderContext()).error(anyString(), eq(element));
@@ -865,8 +861,8 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 	public void validateConfigurationWhenNoJwtAttributesThenError() {
 		JwtBeanDefinitionParser parser = new JwtBeanDefinitionParser();
 		Element element = mock(Element.class);
-		when(element.hasAttribute(JWK_SET_URI)).thenReturn(false);
-		when(element.hasAttribute(DECODER_REF)).thenReturn(false);
+		given(element.hasAttribute(JwtBeanDefinitionParser.JWK_SET_URI)).willReturn(false);
+		given(element.hasAttribute(JwtBeanDefinitionParser.DECODER_REF)).willReturn(false);
 		ParserContext pc = new ParserContext(mock(XmlReaderContext.class), mock(BeanDefinitionParserDelegate.class));
 		parser.validateConfiguration(element, pc);
 		verify(pc.getReaderContext()).error(anyString(), eq(element));
@@ -876,8 +872,8 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 	public void validateConfigurationWhenBothOpaqueTokenModesThenError() {
 		OpaqueTokenBeanDefinitionParser parser = new OpaqueTokenBeanDefinitionParser();
 		Element element = mock(Element.class);
-		when(element.hasAttribute(INTROSPECTION_URI)).thenReturn(true);
-		when(element.hasAttribute(INTROSPECTOR_REF)).thenReturn(true);
+		given(element.hasAttribute(OpaqueTokenBeanDefinitionParser.INTROSPECTION_URI)).willReturn(true);
+		given(element.hasAttribute(OpaqueTokenBeanDefinitionParser.INTROSPECTOR_REF)).willReturn(true);
 		ParserContext pc = new ParserContext(mock(XmlReaderContext.class), mock(BeanDefinitionParserDelegate.class));
 		parser.validateConfiguration(element, pc);
 		verify(pc.getReaderContext()).error(anyString(), eq(element));
@@ -887,8 +883,8 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 	public void validateConfigurationWhenNoOpaqueTokenModeThenError() {
 		OpaqueTokenBeanDefinitionParser parser = new OpaqueTokenBeanDefinitionParser();
 		Element element = mock(Element.class);
-		when(element.hasAttribute(INTROSPECTION_URI)).thenReturn(false);
-		when(element.hasAttribute(INTROSPECTOR_REF)).thenReturn(false);
+		given(element.hasAttribute(OpaqueTokenBeanDefinitionParser.INTROSPECTION_URI)).willReturn(false);
+		given(element.hasAttribute(OpaqueTokenBeanDefinitionParser.INTROSPECTOR_REF)).willReturn(false);
 		ParserContext pc = new ParserContext(mock(XmlReaderContext.class), mock(BeanDefinitionParserDelegate.class));
 		parser.validateConfiguration(element, pc);
 		verify(pc.getReaderContext()).error(anyString(), eq(element));
@@ -920,8 +916,8 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 
 	private String jwtFromIssuer(String issuer) throws Exception {
 		Map<String, Object> claims = new HashMap<>();
-		claims.put(ISS, issuer);
-		claims.put(SUB, "test-subject");
+		claims.put(JwtClaimNames.ISS, issuer);
+		claims.put(JwtClaimNames.SUB, "test-subject");
 		claims.put("scope", "message:read");
 		JWSObject jws = new JWSObject(new JWSHeader.Builder(JWSAlgorithm.RS256).keyID("1").build(),
 				new Payload(new JSONObject(claims)));
@@ -939,7 +935,7 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 		HttpHeaders headers = new HttpHeaders();
 		headers.setContentType(MediaType.APPLICATION_JSON);
 		ResponseEntity<String> entity = new ResponseEntity<>(response, headers, HttpStatus.OK);
-		Mockito.when(rest.exchange(any(RequestEntity.class), eq(String.class))).thenReturn(entity);
+		given(rest.exchange(any(RequestEntity.class), eq(String.class))).willReturn(entity);
 	}
 
 	private String json(String name) throws IOException {
diff --git a/config/src/test/java/org/springframework/security/config/http/OpenIDConfigTests.java b/config/src/test/java/org/springframework/security/config/http/OpenIDConfigTests.java
index 04e92bdc43..f260d2efc6 100644
--- a/config/src/test/java/org/springframework/security/config/http/OpenIDConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/OpenIDConfigTests.java
@@ -26,6 +26,7 @@ import okhttp3.mockwebserver.MockWebServer;
 import org.junit.Rule;
 import org.junit.Test;
 import org.openid4java.consumer.ConsumerManager;
+import org.openid4java.discovery.yadis.YadisResolver;
 
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.parsing.BeanDefinitionParsingException;
@@ -48,7 +49,6 @@ import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyString;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
-import static org.openid4java.discovery.yadis.YadisResolver.YADIS_XRDS_LOCATION;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.redirectedUrl;
@@ -147,7 +147,7 @@ public class OpenIDConfigTests {
 		try (MockWebServer server = new MockWebServer()) {
 			String endpoint = server.url("/").toString();
 
-			server.enqueue(new MockResponse().addHeader(YADIS_XRDS_LOCATION, endpoint));
+			server.enqueue(new MockResponse().addHeader(YadisResolver.YADIS_XRDS_LOCATION, endpoint));
 			server.enqueue(new MockResponse()
 					.setBody(String.format("<XRDS><XRD><Service><URI>%s</URI></Service></XRD></XRDS>", endpoint)));
 
diff --git a/config/src/test/java/org/springframework/security/config/http/RememberMeConfigTests.java b/config/src/test/java/org/springframework/security/config/http/RememberMeConfigTests.java
index ea8243372a..97203086dc 100644
--- a/config/src/test/java/org/springframework/security/config/http/RememberMeConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/RememberMeConfigTests.java
@@ -30,6 +30,8 @@ import org.springframework.security.TestDataSource;
 import org.springframework.security.config.test.SpringTestRule;
 import org.springframework.security.core.userdetails.User;
 import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices;
+import org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl;
 import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.test.web.servlet.MvcResult;
 import org.springframework.test.web.servlet.ResultActions;
@@ -43,9 +45,6 @@ import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.atLeastOnce;
 import static org.mockito.Mockito.verify;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf;
-import static org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices.DEFAULT_PARAMETER;
-import static org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY;
-import static org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl.CREATE_TABLE_SQL;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.cookie;
@@ -73,7 +72,8 @@ public class RememberMeConfigTests {
 		this.spring.configLocations(this.xml("WithTokenRepository")).autowire();
 
 		MvcResult result = this.rememberAuthentication("user", "password")
-				.andExpect(cookie().secure(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, false)).andReturn();
+				.andExpect(cookie().secure(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, false))
+				.andReturn();
 
 		Cookie cookie = rememberMeCookie(result);
 
@@ -91,10 +91,11 @@ public class RememberMeConfigTests {
 
 		TestDataSource dataSource = this.spring.getContext().getBean(TestDataSource.class);
 		JdbcTemplate template = new JdbcTemplate(dataSource);
-		template.execute(CREATE_TABLE_SQL);
+		template.execute(JdbcTokenRepositoryImpl.CREATE_TABLE_SQL);
 
 		MvcResult result = this.rememberAuthentication("user", "password")
-				.andExpect(cookie().secure(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, false)).andReturn();
+				.andExpect(cookie().secure(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, false))
+				.andReturn();
 
 		Cookie cookie = rememberMeCookie(result);
 
@@ -111,10 +112,11 @@ public class RememberMeConfigTests {
 
 		TestDataSource dataSource = this.spring.getContext().getBean(TestDataSource.class);
 		JdbcTemplate template = new JdbcTemplate(dataSource);
-		template.execute(CREATE_TABLE_SQL);
+		template.execute(JdbcTokenRepositoryImpl.CREATE_TABLE_SQL);
 
 		MvcResult result = this.rememberAuthentication("user", "password")
-				.andExpect(cookie().secure(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, false)).andReturn();
+				.andExpect(cookie().secure(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, false))
+				.andReturn();
 
 		Cookie cookie = rememberMeCookie(result);
 
@@ -130,8 +132,9 @@ public class RememberMeConfigTests {
 		this.spring.configLocations(this.xml("WithServicesRef")).autowire();
 
 		MvcResult result = this.rememberAuthentication("user", "password")
-				.andExpect(cookie().secure(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, false))
-				.andExpect(cookie().maxAge(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, 5000)).andReturn();
+				.andExpect(cookie().secure(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, false))
+				.andExpect(cookie().maxAge(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, 5000))
+				.andReturn();
 
 		Cookie cookie = rememberMeCookie(result);
 
@@ -139,7 +142,8 @@ public class RememberMeConfigTests {
 
 		// SEC-909
 		this.mvc.perform(post("/logout").cookie(cookie).with(csrf()))
-				.andExpect(cookie().maxAge(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, 0)).andReturn();
+				.andExpect(cookie().maxAge(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, 0))
+				.andReturn();
 	}
 
 	@Test
@@ -152,7 +156,7 @@ public class RememberMeConfigTests {
 		Cookie cookie = rememberMeCookie(result);
 
 		this.mvc.perform(post("/logout").cookie(cookie).with(csrf()))
-				.andExpect(cookie().maxAge(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, 0));
+				.andExpect(cookie().maxAge(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, 0));
 	}
 
 	@Test
@@ -162,7 +166,8 @@ public class RememberMeConfigTests {
 		this.spring.configLocations(this.xml("TokenValidity")).autowire();
 
 		MvcResult result = this.rememberAuthentication("user", "password")
-				.andExpect(cookie().maxAge(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, 10000)).andReturn();
+				.andExpect(cookie().maxAge(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, 10000))
+				.andReturn();
 
 		Cookie cookie = rememberMeCookie(result);
 
@@ -175,7 +180,7 @@ public class RememberMeConfigTests {
 		this.spring.configLocations(this.xml("NegativeTokenValidity")).autowire();
 
 		this.rememberAuthentication("user", "password")
-				.andExpect(cookie().maxAge(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, -1));
+				.andExpect(cookie().maxAge(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, -1));
 	}
 
 	@Test
@@ -191,7 +196,7 @@ public class RememberMeConfigTests {
 		this.spring.configLocations(this.xml("Sec2165")).autowire();
 
 		this.rememberAuthentication("user", "password")
-				.andExpect(cookie().maxAge(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, 30));
+				.andExpect(cookie().maxAge(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, 30));
 	}
 
 	@Test
@@ -200,7 +205,7 @@ public class RememberMeConfigTests {
 		this.spring.configLocations(this.xml("SecureCookie")).autowire();
 
 		this.rememberAuthentication("user", "password")
-				.andExpect(cookie().secure(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, true));
+				.andExpect(cookie().secure(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, true));
 	}
 
 	/**
@@ -212,7 +217,7 @@ public class RememberMeConfigTests {
 		this.spring.configLocations(this.xml("Sec1827")).autowire();
 
 		this.rememberAuthentication("user", "password")
-				.andExpect(cookie().secure(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, false));
+				.andExpect(cookie().secure(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, false));
 	}
 
 	@Test
@@ -304,7 +309,8 @@ public class RememberMeConfigTests {
 
 	private ResultActions rememberAuthentication(String username, String password) throws Exception {
 
-		return this.mvc.perform(login(username, password).param(DEFAULT_PARAMETER, "true").with(csrf()))
+		return this.mvc.perform(
+				login(username, password).param(AbstractRememberMeServices.DEFAULT_PARAMETER, "true").with(csrf()))
 				.andExpect(redirectedUrl("/"));
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/http/SecurityContextHolderAwareRequestConfigTests.java b/config/src/test/java/org/springframework/security/config/http/SecurityContextHolderAwareRequestConfigTests.java
index d2f89090fc..20df7178b3 100644
--- a/config/src/test/java/org/springframework/security/config/http/SecurityContextHolderAwareRequestConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/SecurityContextHolderAwareRequestConfigTests.java
@@ -39,7 +39,7 @@ import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RestController;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.hamcrest.core.StringContains.containsString;
+import static org.hamcrest.CoreMatchers.containsString;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.cookie;
diff --git a/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigServlet31Tests.java b/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigServlet31Tests.java
index 6fe90928bb..f7a43ff8a2 100644
--- a/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigServlet31Tests.java
+++ b/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigServlet31Tests.java
@@ -39,7 +39,7 @@ import org.springframework.security.web.context.HttpRequestResponseHolder;
 import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
 import org.springframework.util.ReflectionUtils;
 
-import static org.assertj.core.api.AssertionsForClassTypes.assertThat;
+import static org.assertj.core.api.Assertions.assertThat;
 
 /**
  * @author Rob Winch
diff --git a/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigTests.java b/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigTests.java
index 00445262d6..1abb75a816 100644
--- a/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigTests.java
@@ -48,6 +48,7 @@ import org.springframework.security.web.authentication.logout.LogoutHandler;
 import org.springframework.security.web.authentication.logout.LogoutSuccessEventPublishingLogoutHandler;
 import org.springframework.security.web.authentication.session.SessionAuthenticationException;
 import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
+import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
 import org.springframework.security.web.session.ConcurrentSessionFilter;
 import org.springframework.security.web.session.SessionManagementFilter;
 import org.springframework.test.web.servlet.MockMvc;
@@ -60,7 +61,6 @@ import org.springframework.web.context.WebApplicationContext;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.httpBasic;
-import static org.springframework.security.web.context.HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content;
@@ -139,7 +139,8 @@ public class SessionManagementConfigTests {
 
 		assertThat(response.getStatus()).isEqualTo(HttpStatus.SC_MOVED_TEMPORARILY);
 		assertThat(request.getSession(false)).isNotNull();
-		assertThat(request.getSession(false).getAttribute(SPRING_SECURITY_CONTEXT_KEY)).isNotNull();
+		assertThat(request.getSession(false)
+				.getAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY)).isNotNull();
 	}
 
 	@Test
@@ -169,7 +170,8 @@ public class SessionManagementConfigTests {
 						.session(new MockHttpSession()).with(csrf()))
 				.andExpect(status().isFound()).andExpect(session()).andReturn();
 
-		assertThat(result.getRequest().getSession(false).getAttribute(SPRING_SECURITY_CONTEXT_KEY)).isNull();
+		assertThat(result.getRequest().getSession(false)
+				.getAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY)).isNull();
 	}
 
 	@Test
diff --git a/config/src/test/java/org/springframework/security/config/http/customconfigurer/CustomHttpSecurityConfigurerTests.java b/config/src/test/java/org/springframework/security/config/http/customconfigurer/CustomHttpSecurityConfigurerTests.java
index 8826baff99..9cf4508d7d 100644
--- a/config/src/test/java/org/springframework/security/config/http/customconfigurer/CustomHttpSecurityConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/customconfigurer/CustomHttpSecurityConfigurerTests.java
@@ -37,7 +37,6 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
 import org.springframework.security.web.FilterChainProxy;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.springframework.security.config.http.customconfigurer.CustomConfigurer.customConfigurer;
 
 /**
  * @author Rob Winch
@@ -126,7 +125,7 @@ public class CustomHttpSecurityConfigurerTests {
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.apply(customConfigurer())
+				.apply(CustomConfigurer.customConfigurer())
 					.loginPage("/custom");
 			// @formatter:on
 		}
@@ -151,7 +150,7 @@ public class CustomHttpSecurityConfigurerTests {
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.apply(customConfigurer())
+				.apply(CustomConfigurer.customConfigurer())
 					.and()
 				.csrf().disable()
 				.formLogin()
diff --git a/config/src/test/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParserTests.java
index 880de2e9a7..579d47cb87 100644
--- a/config/src/test/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParserTests.java
@@ -59,7 +59,6 @@ import org.springframework.security.util.FieldUtils;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.fail;
-import static org.springframework.security.config.ConfigTestUtils.AUTH_PROVIDER_XML;
 
 /**
  * @author Ben Alex
@@ -185,7 +184,8 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
 				+ "<global-method-security>" + "   <protect-pointcut expression="
 				+ "     'execution(* org.springframework.security.access.annotation.BusinessService.*(..)) "
 				+ "       and not execution(* org.springframework.security.access.annotation.BusinessService.someOther(String)))' "
-				+ "               access='ROLE_USER'/>" + "</global-method-security>" + AUTH_PROVIDER_XML);
+				+ "               access='ROLE_USER'/>" + "</global-method-security>"
+				+ ConfigTestUtils.AUTH_PROVIDER_XML);
 		this.target = (BusinessService) this.appContext.getBean("target");
 		// String method should not be protected
 		this.target.someOther("somestring");
@@ -215,7 +215,7 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
 				+ "<b:bean id='businessService' class='org.springframework.remoting.httpinvoker.HttpInvokerProxyFactoryBean'>"
 				+ "    <b:property name='serviceUrl' value='http://localhost:8080/SomeService'/>"
 				+ "    <b:property name='serviceInterface' value='org.springframework.security.access.annotation.BusinessService'/>"
-				+ "</b:bean>" + AUTH_PROVIDER_XML);
+				+ "</b:bean>" + ConfigTestUtils.AUTH_PROVIDER_XML);
 
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password",
 				AuthorityUtils.createAuthorityList("ROLE_SOMEOTHERROLE"));
@@ -229,7 +229,7 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
 	@SuppressWarnings("unchecked")
 	@Test
 	public void expressionVoterAndAfterInvocationProviderUseSameExpressionHandlerInstance() throws Exception {
-		setContext("<global-method-security pre-post-annotations='enabled'/>" + AUTH_PROVIDER_XML);
+		setContext("<global-method-security pre-post-annotations='enabled'/>" + ConfigTestUtils.AUTH_PROVIDER_XML);
 		AffirmativeBased adm = (AffirmativeBased) this.appContext.getBeansOfType(AffirmativeBased.class).values()
 				.toArray()[0];
 		List voters = (List) FieldUtils.getFieldValue(adm, "decisionVoters");
@@ -247,7 +247,7 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
 	public void accessIsDeniedForHasRoleExpression() {
 		setContext("<global-method-security pre-post-annotations='enabled'/>"
 				+ "<b:bean id='target' class='org.springframework.security.access.annotation.ExpressionProtectedBusinessServiceImpl'/>"
-				+ AUTH_PROVIDER_XML);
+				+ ConfigTestUtils.AUTH_PROVIDER_XML);
 		SecurityContextHolder.getContext().setAuthentication(this.bob);
 		this.target = (BusinessService) this.appContext.getBean("target");
 		this.target.someAdminMethod();
@@ -259,7 +259,7 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
 				+ "<b:bean id='number' class='java.lang.Integer'>" + "    <b:constructor-arg value='1294'/>"
 				+ "</b:bean>"
 				+ "<b:bean id='target' class='org.springframework.security.access.annotation.ExpressionProtectedBusinessServiceImpl'/>"
-				+ AUTH_PROVIDER_XML);
+				+ ConfigTestUtils.AUTH_PROVIDER_XML);
 		SecurityContextHolder.getContext().setAuthentication(this.bob);
 		ExpressionProtectedBusinessServiceImpl target = (ExpressionProtectedBusinessServiceImpl) this.appContext
 				.getBean("target");
@@ -270,7 +270,7 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
 	public void preAndPostFilterAnnotationsWorkWithLists() {
 		setContext("<global-method-security pre-post-annotations='enabled'/>"
 				+ "<b:bean id='target' class='org.springframework.security.access.annotation.ExpressionProtectedBusinessServiceImpl'/>"
-				+ AUTH_PROVIDER_XML);
+				+ ConfigTestUtils.AUTH_PROVIDER_XML);
 		SecurityContextHolder.getContext().setAuthentication(this.bob);
 		this.target = (BusinessService) this.appContext.getBean("target");
 		List<String> arg = new ArrayList<>();
@@ -289,7 +289,7 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
 	public void prePostFilterAnnotationWorksWithArrays() {
 		setContext("<global-method-security pre-post-annotations='enabled'/>"
 				+ "<b:bean id='target' class='org.springframework.security.access.annotation.ExpressionProtectedBusinessServiceImpl'/>"
-				+ AUTH_PROVIDER_XML);
+				+ ConfigTestUtils.AUTH_PROVIDER_XML);
 		SecurityContextHolder.getContext().setAuthentication(this.bob);
 		this.target = (BusinessService) this.appContext.getBean("target");
 		Object[] arg = new String[] { "joe", "bob", "sam" };
@@ -306,7 +306,7 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
 				+ "<b:bean id='expressionHandler' class='org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler'>"
 				+ "   <b:property name='permissionEvaluator' ref='myPermissionEvaluator'/>" + "</b:bean>"
 				+ "<b:bean id='myPermissionEvaluator' class='org.springframework.security.config.method.TestPermissionEvaluator'/>"
-				+ AUTH_PROVIDER_XML);
+				+ ConfigTestUtils.AUTH_PROVIDER_XML);
 	}
 
 	// SEC-1450
@@ -317,7 +317,7 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
 				"<b:bean id='target' class='org.springframework.security.config.method.GlobalMethodSecurityBeanDefinitionParserTests$ConcreteFoo'/>"
 						+ "<global-method-security>"
 						+ "   <protect-pointcut expression='execution(* org..*Foo.foo(..))' access='ROLE_USER'/>"
-						+ "</global-method-security>" + AUTH_PROVIDER_XML);
+						+ "</global-method-security>" + ConfigTestUtils.AUTH_PROVIDER_XML);
 		Foo foo = (Foo) this.appContext.getBean("target");
 		foo.foo(new SecurityConfig("A"));
 	}
@@ -327,7 +327,7 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
 	@SuppressWarnings("unchecked")
 	public void genericsMethodArgumentNamesAreResolved() {
 		setContext("<b:bean id='target' class='" + ConcreteFoo.class.getName() + "'/>"
-				+ "<global-method-security pre-post-annotations='enabled'/>" + AUTH_PROVIDER_XML);
+				+ "<global-method-security pre-post-annotations='enabled'/>" + ConfigTestUtils.AUTH_PROVIDER_XML);
 		SecurityContextHolder.getContext().setAuthentication(this.bob);
 		Foo foo = (Foo) this.appContext.getBean("target");
 		foo.foo(new SecurityConfig("A"));
@@ -341,7 +341,8 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
 		parent.registerSingleton("runAsMgr", RunAsManagerImpl.class, props);
 		parent.refresh();
 
-		setContext("<global-method-security run-as-manager-ref='runAsMgr'/>" + AUTH_PROVIDER_XML, parent);
+		setContext("<global-method-security run-as-manager-ref='runAsMgr'/>" + ConfigTestUtils.AUTH_PROVIDER_XML,
+				parent);
 		RunAsManagerImpl ram = (RunAsManagerImpl) this.appContext.getBean("runAsMgr");
 		MethodSecurityMetadataSourceAdvisor msi = (MethodSecurityMetadataSourceAdvisor) this.appContext
 				.getBeansOfType(MethodSecurityMetadataSourceAdvisor.class).values().toArray()[0];
@@ -355,7 +356,7 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
 				+ "<method-security-metadata-source id='mds'>" + "      <protect method='" + Foo.class.getName()
 				+ ".foo' access='ROLE_ADMIN'/>" + "</method-security-metadata-source>"
 				+ "<global-method-security pre-post-annotations='enabled' metadata-source-ref='mds'/>"
-				+ AUTH_PROVIDER_XML);
+				+ ConfigTestUtils.AUTH_PROVIDER_XML);
 		// External MDS should take precedence over PreAuthorize
 		SecurityContextHolder.getContext().setAuthentication(this.bob);
 		Foo foo = (Foo) this.appContext.getBean("target");
@@ -377,7 +378,7 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
 				+ ".foo' access='ROLE_ADMIN'/>" + "</method-security-metadata-source>"
 				+ "<global-method-security pre-post-annotations='enabled' metadata-source-ref='mds' authentication-manager-ref='customAuthMgr'/>"
 				+ "<b:bean id='customAuthMgr' class='org.springframework.security.config.method.GlobalMethodSecurityBeanDefinitionParserTests$CustomAuthManager'>"
-				+ "      <b:constructor-arg value='authManager'/>" + "</b:bean>" + AUTH_PROVIDER_XML);
+				+ "      <b:constructor-arg value='authManager'/>" + "</b:bean>" + ConfigTestUtils.AUTH_PROVIDER_XML);
 		SecurityContextHolder.getContext().setAuthentication(this.bob);
 		Foo foo = (Foo) this.appContext.getBean("target");
 		try {
diff --git a/config/src/test/java/org/springframework/security/config/provisioning/UserDetailsManagerResourceFactoryBeanPropertiesResourceITests.java b/config/src/test/java/org/springframework/security/config/provisioning/UserDetailsManagerResourceFactoryBeanPropertiesResourceITests.java
index b873becd89..4baab7a972 100644
--- a/config/src/test/java/org/springframework/security/config/provisioning/UserDetailsManagerResourceFactoryBeanPropertiesResourceITests.java
+++ b/config/src/test/java/org/springframework/security/config/provisioning/UserDetailsManagerResourceFactoryBeanPropertiesResourceITests.java
@@ -26,7 +26,7 @@ import org.springframework.security.provisioning.UserDetailsManager;
 import org.springframework.security.util.InMemoryResource;
 import org.springframework.test.context.junit4.SpringRunner;
 
-import static org.assertj.core.api.AssertionsForClassTypes.assertThat;
+import static org.assertj.core.api.Assertions.assertThat;
 
 /**
  * @author Rob Winch
diff --git a/config/src/test/java/org/springframework/security/config/provisioning/UserDetailsManagerResourceFactoryBeanPropertiesResourceLocationITests.java b/config/src/test/java/org/springframework/security/config/provisioning/UserDetailsManagerResourceFactoryBeanPropertiesResourceLocationITests.java
index 086a067fdf..d02a00723c 100644
--- a/config/src/test/java/org/springframework/security/config/provisioning/UserDetailsManagerResourceFactoryBeanPropertiesResourceLocationITests.java
+++ b/config/src/test/java/org/springframework/security/config/provisioning/UserDetailsManagerResourceFactoryBeanPropertiesResourceLocationITests.java
@@ -25,7 +25,7 @@ import org.springframework.context.annotation.Configuration;
 import org.springframework.security.provisioning.UserDetailsManager;
 import org.springframework.test.context.junit4.SpringRunner;
 
-import static org.assertj.core.api.AssertionsForClassTypes.assertThat;
+import static org.assertj.core.api.Assertions.assertThat;
 
 /**
  * @author Rob Winch
diff --git a/config/src/test/java/org/springframework/security/config/provisioning/UserDetailsManagerResourceFactoryBeanStringITests.java b/config/src/test/java/org/springframework/security/config/provisioning/UserDetailsManagerResourceFactoryBeanStringITests.java
index f42c35ff9e..cf85689257 100644
--- a/config/src/test/java/org/springframework/security/config/provisioning/UserDetailsManagerResourceFactoryBeanStringITests.java
+++ b/config/src/test/java/org/springframework/security/config/provisioning/UserDetailsManagerResourceFactoryBeanStringITests.java
@@ -25,7 +25,7 @@ import org.springframework.context.annotation.Configuration;
 import org.springframework.security.provisioning.UserDetailsManager;
 import org.springframework.test.context.junit4.SpringRunner;
 
-import static org.assertj.core.api.AssertionsForClassTypes.assertThat;
+import static org.assertj.core.api.Assertions.assertThat;
 
 /**
  * @author Rob Winch
diff --git a/config/src/test/java/org/springframework/security/config/test/SpringTestContext.java b/config/src/test/java/org/springframework/security/config/test/SpringTestContext.java
index e604008f56..d4f477eb25 100644
--- a/config/src/test/java/org/springframework/security/config/test/SpringTestContext.java
+++ b/config/src/test/java/org/springframework/security/config/test/SpringTestContext.java
@@ -28,6 +28,7 @@ import javax.servlet.http.HttpServletResponse;
 import org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor;
 import org.springframework.mock.web.MockServletConfig;
 import org.springframework.mock.web.MockServletContext;
+import org.springframework.security.config.BeanIds;
 import org.springframework.security.config.util.InMemoryXmlWebApplicationContext;
 import org.springframework.test.context.web.GenericXmlWebContextLoader;
 import org.springframework.test.web.servlet.MockMvc;
@@ -41,7 +42,6 @@ import org.springframework.web.context.support.AnnotationConfigWebApplicationCon
 import org.springframework.web.context.support.XmlWebApplicationContext;
 import org.springframework.web.filter.OncePerRequestFilter;
 
-import static org.springframework.security.config.BeanIds.SPRING_SECURITY_FILTER_CHAIN;
 import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.springSecurity;
 
 /**
@@ -129,7 +129,7 @@ public class SpringTestContext implements Closeable {
 		this.context.setServletConfig(new MockServletConfig());
 		this.context.refresh();
 
-		if (this.context.containsBean(SPRING_SECURITY_FILTER_CHAIN)) {
+		if (this.context.containsBean(BeanIds.SPRING_SECURITY_FILTER_CHAIN)) {
 			MockMvc mockMvc = MockMvcBuilders.webAppContextSetup(this.context).apply(springSecurity())
 					.apply(new AddFilter()).build();
 			this.context.getBeanFactory().registerResolvableDependency(MockMvc.class, mockMvc);
diff --git a/config/src/test/java/org/springframework/security/config/util/InMemoryXmlWebApplicationContext.java b/config/src/test/java/org/springframework/security/config/util/InMemoryXmlWebApplicationContext.java
index 5ffae5ac04..8bcb27565a 100644
--- a/config/src/test/java/org/springframework/security/config/util/InMemoryXmlWebApplicationContext.java
+++ b/config/src/test/java/org/springframework/security/config/util/InMemoryXmlWebApplicationContext.java
@@ -23,10 +23,6 @@ import org.springframework.core.io.Resource;
 import org.springframework.security.util.InMemoryResource;
 import org.springframework.web.context.support.AbstractRefreshableWebApplicationContext;
 
-import static org.springframework.security.config.util.InMemoryXmlApplicationContext.BEANS_CLOSE;
-import static org.springframework.security.config.util.InMemoryXmlApplicationContext.BEANS_OPENING;
-import static org.springframework.security.config.util.InMemoryXmlApplicationContext.SPRING_SECURITY_VERSION;
-
 /**
  * @author Joe Grandja
  */
@@ -35,15 +31,16 @@ public class InMemoryXmlWebApplicationContext extends AbstractRefreshableWebAppl
 	private Resource inMemoryXml;
 
 	public InMemoryXmlWebApplicationContext(String xml) {
-		this(xml, SPRING_SECURITY_VERSION, null);
+		this(xml, InMemoryXmlApplicationContext.SPRING_SECURITY_VERSION, null);
 	}
 
 	public InMemoryXmlWebApplicationContext(String xml, ApplicationContext parent) {
-		this(xml, SPRING_SECURITY_VERSION, parent);
+		this(xml, InMemoryXmlApplicationContext.SPRING_SECURITY_VERSION, parent);
 	}
 
 	public InMemoryXmlWebApplicationContext(String xml, String secVersion, ApplicationContext parent) {
-		String fullXml = BEANS_OPENING + secVersion + ".xsd'>\n" + xml + BEANS_CLOSE;
+		String fullXml = InMemoryXmlApplicationContext.BEANS_OPENING + secVersion + ".xsd'>\n" + xml
+				+ InMemoryXmlApplicationContext.BEANS_CLOSE;
 		this.inMemoryXml = new InMemoryResource(fullXml);
 		setAllowBeanDefinitionOverriding(true);
 		setParent(parent);
diff --git a/config/src/test/java/org/springframework/security/config/web/server/CorsSpecTests.java b/config/src/test/java/org/springframework/security/config/web/server/CorsSpecTests.java
index 6407d13d9a..9bec73e8bd 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/CorsSpecTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/CorsSpecTests.java
@@ -37,7 +37,7 @@ import org.springframework.test.web.reactive.server.WebTestClient;
 import org.springframework.web.cors.CorsConfiguration;
 import org.springframework.web.cors.reactive.CorsConfigurationSource;
 
-import static org.assertj.core.api.AssertionsForInterfaceTypes.assertThat;
+import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.BDDMockito.given;
 
diff --git a/config/src/test/java/org/springframework/security/config/web/server/HeaderSpecTests.java b/config/src/test/java/org/springframework/security/config/web/server/HeaderSpecTests.java
index 20091cc7d8..5608941875 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/HeaderSpecTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/HeaderSpecTests.java
@@ -39,7 +39,7 @@ import org.springframework.security.web.server.header.XXssProtectionServerHttpHe
 import org.springframework.test.web.reactive.server.FluxExchangeResult;
 import org.springframework.test.web.reactive.server.WebTestClient;
 
-import static org.assertj.core.api.AssertionsForInterfaceTypes.assertThat;
+import static org.assertj.core.api.Assertions.assertThat;
 import static org.springframework.security.config.Customizer.withDefaults;
 
 /**
diff --git a/config/src/test/java/org/springframework/security/config/web/server/OAuth2LoginTests.java b/config/src/test/java/org/springframework/security/config/web/server/OAuth2LoginTests.java
index 71703fa63d..428739a1af 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/OAuth2LoginTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/OAuth2LoginTests.java
@@ -80,6 +80,7 @@ import org.springframework.security.oauth2.jwt.Jwt;
 import org.springframework.security.oauth2.jwt.JwtValidationException;
 import org.springframework.security.oauth2.jwt.ReactiveJwtDecoder;
 import org.springframework.security.oauth2.jwt.ReactiveJwtDecoderFactory;
+import org.springframework.security.oauth2.jwt.TestJwts;
 import org.springframework.security.test.web.reactive.server.WebTestClientBuilder;
 import org.springframework.security.web.server.SecurityWebFilterChain;
 import org.springframework.security.web.server.WebFilterChainProxy;
@@ -108,7 +109,6 @@ import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.spy;
 import static org.mockito.Mockito.verify;
-import static org.springframework.security.oauth2.jwt.TestJwts.jwt;
 
 /**
  * @author Rob Winch
@@ -680,7 +680,7 @@ public class OAuth2LoginTests {
 					claims.put(IdTokenClaimNames.ISS, "http://localhost/issuer");
 					claims.put(IdTokenClaimNames.AUD, Collections.singletonList("client"));
 					claims.put(IdTokenClaimNames.AZP, "client");
-					Jwt jwt = jwt().claims(c -> c.putAll(claims)).build();
+					Jwt jwt = TestJwts.jwt().claims(c -> c.putAll(claims)).build();
 					return Mono.just(jwt);
 				};
 			}
diff --git a/config/src/test/java/org/springframework/security/config/web/server/OAuth2ResourceServerSpecTests.java b/config/src/test/java/org/springframework/security/config/web/server/OAuth2ResourceServerSpecTests.java
index 2367e23eb8..eb4940ca2d 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/OAuth2ResourceServerSpecTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/OAuth2ResourceServerSpecTests.java
@@ -61,6 +61,7 @@ import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
 import org.springframework.security.oauth2.core.OAuth2Error;
 import org.springframework.security.oauth2.jwt.Jwt;
 import org.springframework.security.oauth2.jwt.ReactiveJwtDecoder;
+import org.springframework.security.oauth2.jwt.TestJwts;
 import org.springframework.security.oauth2.server.resource.BearerTokenAuthenticationToken;
 import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter;
 import org.springframework.security.oauth2.server.resource.authentication.ReactiveJwtAuthenticationConverterAdapter;
@@ -80,13 +81,12 @@ import org.springframework.web.server.ServerWebExchange;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatCode;
-import static org.hamcrest.core.StringStartsWith.startsWith;
+import static org.hamcrest.CoreMatchers.startsWith;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyString;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
-import static org.springframework.security.oauth2.jwt.TestJwts.jwt;
 
 /**
  * Tests for
@@ -108,7 +108,7 @@ public class OAuth2ResourceServerSpecTests {
 			+ "      \"n\":\"0IUjrPZDz-3z0UE4ppcKU36v7hnh8FJjhu3lbJYj0qj9eZiwEJxi9HHUfSK1DhUQG7mJBbYTK1tPYCgre5EkfKh-64VhYUa-vz17zYCmuB8fFj4XHE3MLkWIG-AUn8hNbPzYYmiBTjfGnMKxLHjsbdTiF4mtn-85w366916R6midnAuiPD4HjZaZ1PAsuY60gr8bhMEDtJ8unz81hoQrozpBZJ6r8aR1PrsWb1OqPMloK9kAIutJNvWYKacp8WYAp2WWy72PxQ7Fb0eIA1br3A5dnp-Cln6JROJcZUIRJ-QvS6QONWeS2407uQmS-i-lybsqaH0ldYC7NBEBA5inPQ\"\n"
 			+ "    }\n" + "  ]\n" + "}\n";
 
-	private Jwt jwt = jwt().build();
+	private Jwt jwt = TestJwts.jwt().build();
 
 	private String clientId = "client";
 
diff --git a/config/src/test/java/org/springframework/security/config/web/server/ServerHttpSecurityTests.java b/config/src/test/java/org/springframework/security/config/web/server/ServerHttpSecurityTests.java
index 425c8b7c84..44fe067da9 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/ServerHttpSecurityTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/ServerHttpSecurityTests.java
@@ -61,6 +61,7 @@ import org.springframework.security.web.server.csrf.CsrfWebFilter;
 import org.springframework.security.web.server.csrf.ServerCsrfTokenRepository;
 import org.springframework.security.web.server.savedrequest.ServerRequestCache;
 import org.springframework.security.web.server.savedrequest.WebSessionServerRequestCache;
+import org.springframework.test.util.ReflectionTestUtils;
 import org.springframework.test.web.reactive.server.EntityExchangeResult;
 import org.springframework.test.web.reactive.server.FluxExchangeResult;
 import org.springframework.test.web.reactive.server.WebTestClient;
@@ -78,7 +79,6 @@ import static org.mockito.Mockito.spy;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.verifyZeroInteractions;
 import static org.springframework.security.config.Customizer.withDefaults;
-import static org.springframework.test.util.ReflectionTestUtils.getField;
 
 /**
  * @author Rob Winch
@@ -187,8 +187,8 @@ public class ServerHttpSecurityTests {
 		assertThat(getWebFilter(securityWebFilterChain, CsrfWebFilter.class)).isNotPresent();
 
 		Optional<ServerLogoutHandler> logoutHandler = getWebFilter(securityWebFilterChain, LogoutWebFilter.class)
-				.map(logoutWebFilter -> (ServerLogoutHandler) getField(logoutWebFilter, LogoutWebFilter.class,
-						"logoutHandler"));
+				.map(logoutWebFilter -> (ServerLogoutHandler) ReflectionTestUtils.getField(logoutWebFilter,
+						LogoutWebFilter.class, "logoutHandler"));
 
 		assertThat(logoutHandler).get().isExactlyInstanceOf(SecurityContextServerLogoutHandler.class);
 	}
@@ -199,17 +199,17 @@ public class ServerHttpSecurityTests {
 				.and().build();
 
 		assertThat(getWebFilter(securityWebFilterChain, CsrfWebFilter.class)).get()
-				.extracting(csrfWebFilter -> getField(csrfWebFilter, "csrfTokenRepository"))
+				.extracting(csrfWebFilter -> ReflectionTestUtils.getField(csrfWebFilter, "csrfTokenRepository"))
 				.isEqualTo(this.csrfTokenRepository);
 
 		Optional<ServerLogoutHandler> logoutHandler = getWebFilter(securityWebFilterChain, LogoutWebFilter.class)
-				.map(logoutWebFilter -> (ServerLogoutHandler) getField(logoutWebFilter, LogoutWebFilter.class,
-						"logoutHandler"));
+				.map(logoutWebFilter -> (ServerLogoutHandler) ReflectionTestUtils.getField(logoutWebFilter,
+						LogoutWebFilter.class, "logoutHandler"));
 
 		assertThat(logoutHandler).get().isExactlyInstanceOf(DelegatingServerLogoutHandler.class)
-				.extracting(delegatingLogoutHandler -> ((List<ServerLogoutHandler>) getField(delegatingLogoutHandler,
-						DelegatingServerLogoutHandler.class, "delegates")).stream().map(ServerLogoutHandler::getClass)
-								.collect(Collectors.toList()))
+				.extracting(delegatingLogoutHandler -> ((List<ServerLogoutHandler>) ReflectionTestUtils
+						.getField(delegatingLogoutHandler, DelegatingServerLogoutHandler.class, "delegates")).stream()
+								.map(ServerLogoutHandler::getClass).collect(Collectors.toList()))
 				.isEqualTo(Arrays.asList(SecurityContextServerLogoutHandler.class, CsrfServerLogoutHandler.class));
 	}
 
@@ -439,8 +439,8 @@ public class ServerHttpSecurityTests {
 
 		OAuth2LoginAuthenticationWebFilter authenticationWebFilter = getWebFilter(securityFilterChain,
 				OAuth2LoginAuthenticationWebFilter.class).get();
-		Object handler = getField(authenticationWebFilter, "authenticationSuccessHandler");
-		assertThat(getField(handler, "requestCache")).isSameAs(requestCache);
+		Object handler = ReflectionTestUtils.getField(authenticationWebFilter, "authenticationSuccessHandler");
+		assertThat(ReflectionTestUtils.getField(handler, "requestCache")).isSameAs(requestCache);
 	}
 
 	@Test
@@ -467,7 +467,7 @@ public class ServerHttpSecurityTests {
 
 	private boolean isX509Filter(WebFilter filter) {
 		try {
-			Object converter = getField(filter, "authenticationConverter");
+			Object converter = ReflectionTestUtils.getField(filter, "authenticationConverter");
 			return converter.getClass().isAssignableFrom(ServerX509AuthenticationConverter.class);
 		}
 		catch (IllegalArgumentException e) {
diff --git a/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyUtilsTests.java b/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyUtilsTests.java
index 64543a3242..d9d7a9e6b3 100644
--- a/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyUtilsTests.java
+++ b/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyUtilsTests.java
@@ -15,6 +15,7 @@
  */
 package org.springframework.security.access.hierarchicalroles;
 
+import java.util.Arrays;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.List;
@@ -23,7 +24,6 @@ import java.util.TreeMap;
 
 import org.junit.Test;
 
-import static java.util.Arrays.asList;
 import static org.assertj.core.api.Assertions.assertThat;
 
 /**
@@ -45,9 +45,9 @@ public class RoleHierarchyUtilsTests {
 		// @formatter:on
 
 		Map<String, List<String>> roleHierarchyMap = new TreeMap<>();
-		roleHierarchyMap.put("ROLE_A", asList("ROLE_B", "ROLE_C"));
-		roleHierarchyMap.put("ROLE_B", asList("ROLE_D"));
-		roleHierarchyMap.put("ROLE_C", asList("ROLE_D"));
+		roleHierarchyMap.put("ROLE_A", Arrays.asList("ROLE_B", "ROLE_C"));
+		roleHierarchyMap.put("ROLE_B", Arrays.asList("ROLE_D"));
+		roleHierarchyMap.put("ROLE_C", Arrays.asList("ROLE_D"));
 
 		String roleHierarchy = RoleHierarchyUtils.roleHierarchyFromMap(roleHierarchyMap);
 
@@ -67,7 +67,7 @@ public class RoleHierarchyUtilsTests {
 	@Test(expected = IllegalArgumentException.class)
 	public void roleHierarchyFromMapWhenRoleNullThenThrowsIllegalArgumentException() {
 		Map<String, List<String>> roleHierarchyMap = new HashMap<>();
-		roleHierarchyMap.put(null, asList("ROLE_B", "ROLE_C"));
+		roleHierarchyMap.put(null, Arrays.asList("ROLE_B", "ROLE_C"));
 
 		RoleHierarchyUtils.roleHierarchyFromMap(roleHierarchyMap);
 	}
@@ -75,7 +75,7 @@ public class RoleHierarchyUtilsTests {
 	@Test(expected = IllegalArgumentException.class)
 	public void roleHierarchyFromMapWhenRoleEmptyThenThrowsIllegalArgumentException() {
 		Map<String, List<String>> roleHierarchyMap = new HashMap<>();
-		roleHierarchyMap.put("", asList("ROLE_B", "ROLE_C"));
+		roleHierarchyMap.put("", Arrays.asList("ROLE_B", "ROLE_C"));
 
 		RoleHierarchyUtils.roleHierarchyFromMap(roleHierarchyMap);
 	}
diff --git a/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextScheduledExecutorServiceTests.java b/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextScheduledExecutorServiceTests.java
index 62de21e806..166a021508 100644
--- a/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextScheduledExecutorServiceTests.java
+++ b/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextScheduledExecutorServiceTests.java
@@ -22,7 +22,7 @@ import org.junit.Before;
 import org.junit.Test;
 import org.mockito.Mock;
 
-import static org.assertj.core.api.AssertionsForClassTypes.assertThat;
+import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.verify;
 
@@ -55,7 +55,7 @@ public abstract class AbstractDelegatingSecurityContextScheduledExecutorServiceT
 		given((ScheduledFuture<Object>) this.delegate.schedule(this.wrappedRunnable, 1, TimeUnit.SECONDS))
 				.willReturn(this.expectedResult);
 		ScheduledFuture<?> result = this.executor.schedule(this.runnable, 1, TimeUnit.SECONDS);
-		assertThat(result).isEqualTo(this.expectedResult);
+		assertThat((Object) result).isEqualTo(this.expectedResult);
 		verify(this.delegate).schedule(this.wrappedRunnable, 1, TimeUnit.SECONDS);
 	}
 
@@ -63,7 +63,7 @@ public abstract class AbstractDelegatingSecurityContextScheduledExecutorServiceT
 	public void scheduleCallable() {
 		given(this.delegate.schedule(this.wrappedCallable, 1, TimeUnit.SECONDS)).willReturn(this.expectedResult);
 		ScheduledFuture<Object> result = this.executor.schedule(this.callable, 1, TimeUnit.SECONDS);
-		assertThat(result).isEqualTo(this.expectedResult);
+		assertThat((Object) result).isEqualTo(this.expectedResult);
 		verify(this.delegate).schedule(this.wrappedCallable, 1, TimeUnit.SECONDS);
 	}
 
@@ -73,7 +73,7 @@ public abstract class AbstractDelegatingSecurityContextScheduledExecutorServiceT
 		given((ScheduledFuture<Object>) this.delegate.scheduleAtFixedRate(this.wrappedRunnable, 1, 2, TimeUnit.SECONDS))
 				.willReturn(this.expectedResult);
 		ScheduledFuture<?> result = this.executor.scheduleAtFixedRate(this.runnable, 1, 2, TimeUnit.SECONDS);
-		assertThat(result).isEqualTo(this.expectedResult);
+		assertThat((Object) result).isEqualTo(this.expectedResult);
 		verify(this.delegate).scheduleAtFixedRate(this.wrappedRunnable, 1, 2, TimeUnit.SECONDS);
 	}
 
@@ -83,7 +83,7 @@ public abstract class AbstractDelegatingSecurityContextScheduledExecutorServiceT
 		given((ScheduledFuture<Object>) this.delegate.scheduleWithFixedDelay(this.wrappedRunnable, 1, 2,
 				TimeUnit.SECONDS)).willReturn(this.expectedResult);
 		ScheduledFuture<?> result = this.executor.scheduleWithFixedDelay(this.runnable, 1, 2, TimeUnit.SECONDS);
-		assertThat(result).isEqualTo(this.expectedResult);
+		assertThat((Object) result).isEqualTo(this.expectedResult);
 		verify(this.delegate).scheduleWithFixedDelay(this.wrappedRunnable, 1, 2, TimeUnit.SECONDS);
 	}
 
diff --git a/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextTestSupport.java b/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextTestSupport.java
index c5bf4e56cc..1ab51e3220 100644
--- a/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextTestSupport.java
+++ b/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextTestSupport.java
@@ -23,6 +23,7 @@ import org.junit.runner.RunWith;
 import org.mockito.ArgumentCaptor;
 import org.mockito.Captor;
 import org.mockito.Mock;
+import org.powermock.api.mockito.PowerMockito;
 import org.powermock.core.classloader.annotations.PrepareForTest;
 import org.powermock.modules.junit4.PowerMockRunner;
 
@@ -30,8 +31,6 @@ import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.core.context.SecurityContextHolder;
 
 import static org.mockito.ArgumentMatchers.eq;
-import static org.powermock.api.mockito.PowerMockito.doReturn;
-import static org.powermock.api.mockito.PowerMockito.spy;
 
 /**
  * Abstract base class for testing classes that extend
@@ -67,19 +66,21 @@ public abstract class AbstractDelegatingSecurityContextTestSupport {
 	protected Runnable wrappedRunnable;
 
 	public final void explicitSecurityContextPowermockSetup() throws Exception {
-		spy(DelegatingSecurityContextCallable.class);
-		doReturn(this.wrappedCallable).when(DelegatingSecurityContextCallable.class, "create", eq(this.callable),
-				this.securityContextCaptor.capture());
-		spy(DelegatingSecurityContextRunnable.class);
-		doReturn(this.wrappedRunnable).when(DelegatingSecurityContextRunnable.class, "create", eq(this.runnable),
-				this.securityContextCaptor.capture());
+		PowerMockito.spy(DelegatingSecurityContextCallable.class);
+		PowerMockito.doReturn(this.wrappedCallable).when(DelegatingSecurityContextCallable.class, "create",
+				eq(this.callable), this.securityContextCaptor.capture());
+		PowerMockito.spy(DelegatingSecurityContextRunnable.class);
+		PowerMockito.doReturn(this.wrappedRunnable).when(DelegatingSecurityContextRunnable.class, "create",
+				eq(this.runnable), this.securityContextCaptor.capture());
 	}
 
 	public final void currentSecurityContextPowermockSetup() throws Exception {
-		spy(DelegatingSecurityContextCallable.class);
-		doReturn(this.wrappedCallable).when(DelegatingSecurityContextCallable.class, "create", this.callable, null);
-		spy(DelegatingSecurityContextRunnable.class);
-		doReturn(this.wrappedRunnable).when(DelegatingSecurityContextRunnable.class, "create", this.runnable, null);
+		PowerMockito.spy(DelegatingSecurityContextCallable.class);
+		PowerMockito.doReturn(this.wrappedCallable).when(DelegatingSecurityContextCallable.class, "create",
+				this.callable, null);
+		PowerMockito.spy(DelegatingSecurityContextRunnable.class);
+		PowerMockito.doReturn(this.wrappedRunnable).when(DelegatingSecurityContextRunnable.class, "create",
+				this.runnable, null);
 	}
 
 	@Before
diff --git a/core/src/test/java/org/springframework/security/core/SpringSecurityCoreVersionTests.java b/core/src/test/java/org/springframework/security/core/SpringSecurityCoreVersionTests.java
index e743fb1212..7b77032d7f 100644
--- a/core/src/test/java/org/springframework/security/core/SpringSecurityCoreVersionTests.java
+++ b/core/src/test/java/org/springframework/security/core/SpringSecurityCoreVersionTests.java
@@ -21,6 +21,7 @@ import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
+import org.powermock.api.mockito.PowerMockito;
 import org.powermock.core.classloader.annotations.PrepareForTest;
 import org.powermock.modules.junit4.PowerMockRunner;
 import org.powermock.reflect.Whitebox;
@@ -33,8 +34,6 @@ import static org.mockito.Mockito.never;
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.verifyZeroInteractions;
-import static org.powermock.api.mockito.PowerMockito.doReturn;
-import static org.powermock.api.mockito.PowerMockito.spy;
 
 /**
  * Checks that the embedded version information is up to date.
@@ -83,10 +82,10 @@ public class SpringSecurityCoreVersionTests {
 	@Test
 	public void noLoggingIfVersionsAreEqual() throws Exception {
 		String version = "1";
-		spy(SpringSecurityCoreVersion.class);
-		spy(SpringVersion.class);
-		doReturn(version).when(SpringSecurityCoreVersion.class, "getVersion");
-		doReturn(version).when(SpringVersion.class, "getVersion");
+		PowerMockito.spy(SpringSecurityCoreVersion.class);
+		PowerMockito.spy(SpringVersion.class);
+		PowerMockito.doReturn(version).when(SpringSecurityCoreVersion.class, "getVersion");
+		PowerMockito.doReturn(version).when(SpringVersion.class, "getVersion");
 
 		performChecks();
 
@@ -95,10 +94,10 @@ public class SpringSecurityCoreVersionTests {
 
 	@Test
 	public void noLoggingIfSpringVersionNull() throws Exception {
-		spy(SpringSecurityCoreVersion.class);
-		spy(SpringVersion.class);
-		doReturn("1").when(SpringSecurityCoreVersion.class, "getVersion");
-		doReturn(null).when(SpringVersion.class, "getVersion");
+		PowerMockito.spy(SpringSecurityCoreVersion.class);
+		PowerMockito.spy(SpringVersion.class);
+		PowerMockito.doReturn("1").when(SpringSecurityCoreVersion.class, "getVersion");
+		PowerMockito.doReturn(null).when(SpringVersion.class, "getVersion");
 
 		performChecks();
 
@@ -107,10 +106,10 @@ public class SpringSecurityCoreVersionTests {
 
 	@Test
 	public void warnIfSpringVersionTooSmall() throws Exception {
-		spy(SpringSecurityCoreVersion.class);
-		spy(SpringVersion.class);
-		doReturn("3").when(SpringSecurityCoreVersion.class, "getVersion");
-		doReturn("2").when(SpringVersion.class, "getVersion");
+		PowerMockito.spy(SpringSecurityCoreVersion.class);
+		PowerMockito.spy(SpringVersion.class);
+		PowerMockito.doReturn("3").when(SpringSecurityCoreVersion.class, "getVersion");
+		PowerMockito.doReturn("2").when(SpringVersion.class, "getVersion");
 
 		performChecks();
 
@@ -119,10 +118,10 @@ public class SpringSecurityCoreVersionTests {
 
 	@Test
 	public void noWarnIfSpringVersionLarger() throws Exception {
-		spy(SpringSecurityCoreVersion.class);
-		spy(SpringVersion.class);
-		doReturn("4.0.0.RELEASE").when(SpringSecurityCoreVersion.class, "getVersion");
-		doReturn("4.0.0.RELEASE").when(SpringVersion.class, "getVersion");
+		PowerMockito.spy(SpringSecurityCoreVersion.class);
+		PowerMockito.spy(SpringVersion.class);
+		PowerMockito.doReturn("4.0.0.RELEASE").when(SpringSecurityCoreVersion.class, "getVersion");
+		PowerMockito.doReturn("4.0.0.RELEASE").when(SpringVersion.class, "getVersion");
 
 		performChecks();
 
@@ -133,10 +132,10 @@ public class SpringSecurityCoreVersionTests {
 	@Test
 	public void noWarnIfSpringPatchVersionDoubleDigits() throws Exception {
 		String minSpringVersion = "3.2.8.RELEASE";
-		spy(SpringSecurityCoreVersion.class);
-		spy(SpringVersion.class);
-		doReturn("3.2.0.RELEASE").when(SpringSecurityCoreVersion.class, "getVersion");
-		doReturn("3.2.10.RELEASE").when(SpringVersion.class, "getVersion");
+		PowerMockito.spy(SpringSecurityCoreVersion.class);
+		PowerMockito.spy(SpringVersion.class);
+		PowerMockito.doReturn("3.2.0.RELEASE").when(SpringSecurityCoreVersion.class, "getVersion");
+		PowerMockito.doReturn("3.2.10.RELEASE").when(SpringVersion.class, "getVersion");
 
 		performChecks(minSpringVersion);
 
@@ -145,10 +144,10 @@ public class SpringSecurityCoreVersionTests {
 
 	@Test
 	public void noLoggingIfPropertySet() throws Exception {
-		spy(SpringSecurityCoreVersion.class);
-		spy(SpringVersion.class);
-		doReturn("3").when(SpringSecurityCoreVersion.class, "getVersion");
-		doReturn("2").when(SpringVersion.class, "getVersion");
+		PowerMockito.spy(SpringSecurityCoreVersion.class);
+		PowerMockito.spy(SpringVersion.class);
+		PowerMockito.doReturn("3").when(SpringSecurityCoreVersion.class, "getVersion");
+		PowerMockito.doReturn("2").when(SpringVersion.class, "getVersion");
 		System.setProperty(getDisableChecksProperty(), Boolean.TRUE.toString());
 
 		performChecks();
diff --git a/core/src/test/java/org/springframework/security/jackson2/UsernamePasswordAuthenticationTokenMixinTests.java b/core/src/test/java/org/springframework/security/jackson2/UsernamePasswordAuthenticationTokenMixinTests.java
index 0741c926be..130c9ea0ab 100644
--- a/core/src/test/java/org/springframework/security/jackson2/UsernamePasswordAuthenticationTokenMixinTests.java
+++ b/core/src/test/java/org/springframework/security/jackson2/UsernamePasswordAuthenticationTokenMixinTests.java
@@ -20,6 +20,8 @@ import java.io.IOException;
 import java.util.ArrayList;
 
 import com.fasterxml.jackson.annotation.JsonClassDescription;
+import com.fasterxml.jackson.annotation.JsonInclude.Include;
+import com.fasterxml.jackson.annotation.JsonInclude.Value;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import org.json.JSONException;
 import org.junit.Test;
@@ -29,10 +31,6 @@ import org.springframework.security.authentication.UsernamePasswordAuthenticatio
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.userdetails.User;
 
-import static com.fasterxml.jackson.annotation.JsonInclude.Include.ALWAYS;
-import static com.fasterxml.jackson.annotation.JsonInclude.Include.NON_ABSENT;
-import static com.fasterxml.jackson.annotation.JsonInclude.Include.NON_NULL;
-import static com.fasterxml.jackson.annotation.JsonInclude.Value.construct;
 import static org.assertj.core.api.Assertions.assertThat;
 
 /**
@@ -181,7 +179,8 @@ public class UsernamePasswordAuthenticationTokenMixinTests extends AbstractMixin
 
 	@Test
 	public void serializingThenDeserializingWithConfiguredObjectMapperShouldWork() throws IOException {
-		this.mapper.setDefaultPropertyInclusion(construct(ALWAYS, NON_NULL)).setSerializationInclusion(NON_ABSENT);
+		this.mapper.setDefaultPropertyInclusion(Value.construct(Include.ALWAYS, Include.NON_NULL))
+				.setSerializationInclusion(Include.NON_ABSENT);
 		UsernamePasswordAuthenticationToken original = new UsernamePasswordAuthenticationToken("Frodo", null);
 		String serialized = this.mapper.writeValueAsString(original);
 		UsernamePasswordAuthenticationToken deserialized = this.mapper.readValue(serialized,
diff --git a/crypto/src/main/java/org/springframework/security/crypto/encrypt/AesBytesEncryptor.java b/crypto/src/main/java/org/springframework/security/crypto/encrypt/AesBytesEncryptor.java
index 9a8f517371..85e5478814 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/encrypt/AesBytesEncryptor.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/encrypt/AesBytesEncryptor.java
@@ -27,13 +27,7 @@ import javax.crypto.spec.SecretKeySpec;
 import org.springframework.security.crypto.codec.Hex;
 import org.springframework.security.crypto.keygen.BytesKeyGenerator;
 import org.springframework.security.crypto.keygen.KeyGenerators;
-
-import static org.springframework.security.crypto.encrypt.CipherUtils.doFinal;
-import static org.springframework.security.crypto.encrypt.CipherUtils.initCipher;
-import static org.springframework.security.crypto.encrypt.CipherUtils.newCipher;
-import static org.springframework.security.crypto.encrypt.CipherUtils.newSecretKey;
-import static org.springframework.security.crypto.util.EncodingUtils.concatenate;
-import static org.springframework.security.crypto.util.EncodingUtils.subArray;
+import org.springframework.security.crypto.util.EncodingUtils;
 
 /**
  * Encryptor that uses AES encryption.
@@ -80,7 +74,7 @@ public final class AesBytesEncryptor implements BytesEncryptor {
 		}
 
 		public Cipher createCipher() {
-			return newCipher(this.toString());
+			return CipherUtils.newCipher(this.toString());
 		}
 
 		public BytesKeyGenerator defaultIvGenerator() {
@@ -98,8 +92,8 @@ public final class AesBytesEncryptor implements BytesEncryptor {
 	}
 
 	public AesBytesEncryptor(String password, CharSequence salt, BytesKeyGenerator ivGenerator, CipherAlgorithm alg) {
-		this(newSecretKey("PBKDF2WithHmacSHA1", new PBEKeySpec(password.toCharArray(), Hex.decode(salt), 1024, 256)),
-				ivGenerator, alg);
+		this(CipherUtils.newSecretKey("PBKDF2WithHmacSHA1",
+				new PBEKeySpec(password.toCharArray(), Hex.decode(salt), 1024, 256)), ivGenerator, alg);
 	}
 
 	/**
@@ -122,9 +116,9 @@ public final class AesBytesEncryptor implements BytesEncryptor {
 	public byte[] encrypt(byte[] bytes) {
 		synchronized (this.encryptor) {
 			byte[] iv = this.ivGenerator.generateKey();
-			initCipher(this.encryptor, Cipher.ENCRYPT_MODE, this.secretKey, this.alg.getParameterSpec(iv));
-			byte[] encrypted = doFinal(this.encryptor, bytes);
-			return this.ivGenerator != NULL_IV_GENERATOR ? concatenate(iv, encrypted) : encrypted;
+			CipherUtils.initCipher(this.encryptor, Cipher.ENCRYPT_MODE, this.secretKey, this.alg.getParameterSpec(iv));
+			byte[] encrypted = CipherUtils.doFinal(this.encryptor, bytes);
+			return this.ivGenerator != NULL_IV_GENERATOR ? EncodingUtils.concatenate(iv, encrypted) : encrypted;
 		}
 	}
 
@@ -132,8 +126,8 @@ public final class AesBytesEncryptor implements BytesEncryptor {
 	public byte[] decrypt(byte[] encryptedBytes) {
 		synchronized (this.decryptor) {
 			byte[] iv = iv(encryptedBytes);
-			initCipher(this.decryptor, Cipher.DECRYPT_MODE, this.secretKey, this.alg.getParameterSpec(iv));
-			return doFinal(this.decryptor,
+			CipherUtils.initCipher(this.decryptor, Cipher.DECRYPT_MODE, this.secretKey, this.alg.getParameterSpec(iv));
+			return CipherUtils.doFinal(this.decryptor,
 					this.ivGenerator != NULL_IV_GENERATOR ? encrypted(encryptedBytes, iv.length) : encryptedBytes);
 		}
 	}
@@ -141,12 +135,13 @@ public final class AesBytesEncryptor implements BytesEncryptor {
 	// internal helpers
 
 	private byte[] iv(byte[] encrypted) {
-		return this.ivGenerator != NULL_IV_GENERATOR ? subArray(encrypted, 0, this.ivGenerator.getKeyLength())
+		return this.ivGenerator != NULL_IV_GENERATOR
+				? EncodingUtils.subArray(encrypted, 0, this.ivGenerator.getKeyLength())
 				: NULL_IV_GENERATOR.generateKey();
 	}
 
 	private byte[] encrypted(byte[] encryptedBytes, int ivLength) {
-		return subArray(encryptedBytes, ivLength, encryptedBytes.length);
+		return EncodingUtils.subArray(encryptedBytes, ivLength, encryptedBytes.length);
 	}
 
 	private static final BytesKeyGenerator NULL_IV_GENERATOR = new BytesKeyGenerator() {
diff --git a/crypto/src/main/java/org/springframework/security/crypto/encrypt/BouncyCastleAesCbcBytesEncryptor.java b/crypto/src/main/java/org/springframework/security/crypto/encrypt/BouncyCastleAesCbcBytesEncryptor.java
index 4ddcd5684a..62b51b2afe 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/encrypt/BouncyCastleAesCbcBytesEncryptor.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/encrypt/BouncyCastleAesCbcBytesEncryptor.java
@@ -24,9 +24,7 @@ import org.bouncycastle.crypto.params.ParametersWithIV;
 
 import org.springframework.security.crypto.encrypt.AesBytesEncryptor.CipherAlgorithm;
 import org.springframework.security.crypto.keygen.BytesKeyGenerator;
-
-import static org.springframework.security.crypto.util.EncodingUtils.concatenate;
-import static org.springframework.security.crypto.util.EncodingUtils.subArray;
+import org.springframework.security.crypto.util.EncodingUtils;
 
 /**
  * An Encryptor equivalent to {@link AesBytesEncryptor} using {@link CipherAlgorithm#CBC}
@@ -55,13 +53,13 @@ public class BouncyCastleAesCbcBytesEncryptor extends BouncyCastleAesBytesEncryp
 				new CBCBlockCipher(new org.bouncycastle.crypto.engines.AESFastEngine()), new PKCS7Padding());
 		blockCipher.init(true, new ParametersWithIV(this.secretKey, iv));
 		byte[] encrypted = process(blockCipher, bytes);
-		return iv != null ? concatenate(iv, encrypted) : encrypted;
+		return iv != null ? EncodingUtils.concatenate(iv, encrypted) : encrypted;
 	}
 
 	@Override
 	public byte[] decrypt(byte[] encryptedBytes) {
-		byte[] iv = subArray(encryptedBytes, 0, this.ivGenerator.getKeyLength());
-		encryptedBytes = subArray(encryptedBytes, this.ivGenerator.getKeyLength(), encryptedBytes.length);
+		byte[] iv = EncodingUtils.subArray(encryptedBytes, 0, this.ivGenerator.getKeyLength());
+		encryptedBytes = EncodingUtils.subArray(encryptedBytes, this.ivGenerator.getKeyLength(), encryptedBytes.length);
 
 		@SuppressWarnings("deprecation")
 		PaddedBufferedBlockCipher blockCipher = new PaddedBufferedBlockCipher(
diff --git a/crypto/src/main/java/org/springframework/security/crypto/encrypt/BouncyCastleAesGcmBytesEncryptor.java b/crypto/src/main/java/org/springframework/security/crypto/encrypt/BouncyCastleAesGcmBytesEncryptor.java
index d017530c0a..46fcc569a1 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/encrypt/BouncyCastleAesGcmBytesEncryptor.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/encrypt/BouncyCastleAesGcmBytesEncryptor.java
@@ -22,9 +22,7 @@ import org.bouncycastle.crypto.params.AEADParameters;
 
 import org.springframework.security.crypto.encrypt.AesBytesEncryptor.CipherAlgorithm;
 import org.springframework.security.crypto.keygen.BytesKeyGenerator;
-
-import static org.springframework.security.crypto.util.EncodingUtils.concatenate;
-import static org.springframework.security.crypto.util.EncodingUtils.subArray;
+import org.springframework.security.crypto.util.EncodingUtils;
 
 /**
  * An Encryptor equivalent to {@link AesBytesEncryptor} using {@link CipherAlgorithm#GCM}
@@ -53,13 +51,13 @@ public class BouncyCastleAesGcmBytesEncryptor extends BouncyCastleAesBytesEncryp
 		blockCipher.init(true, new AEADParameters(this.secretKey, 128, iv, null));
 
 		byte[] encrypted = process(blockCipher, bytes);
-		return iv != null ? concatenate(iv, encrypted) : encrypted;
+		return iv != null ? EncodingUtils.concatenate(iv, encrypted) : encrypted;
 	}
 
 	@Override
 	public byte[] decrypt(byte[] encryptedBytes) {
-		byte[] iv = subArray(encryptedBytes, 0, this.ivGenerator.getKeyLength());
-		encryptedBytes = subArray(encryptedBytes, this.ivGenerator.getKeyLength(), encryptedBytes.length);
+		byte[] iv = EncodingUtils.subArray(encryptedBytes, 0, this.ivGenerator.getKeyLength());
+		encryptedBytes = EncodingUtils.subArray(encryptedBytes, this.ivGenerator.getKeyLength(), encryptedBytes.length);
 
 		@SuppressWarnings("deprecation")
 		GCMBlockCipher blockCipher = new GCMBlockCipher(new org.bouncycastle.crypto.engines.AESFastEngine());
diff --git a/crypto/src/main/java/org/springframework/security/crypto/password/AbstractPasswordEncoder.java b/crypto/src/main/java/org/springframework/security/crypto/password/AbstractPasswordEncoder.java
index db43f51292..7f5e22ed60 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/password/AbstractPasswordEncoder.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/password/AbstractPasswordEncoder.java
@@ -20,9 +20,7 @@ import java.security.MessageDigest;
 import org.springframework.security.crypto.codec.Hex;
 import org.springframework.security.crypto.keygen.BytesKeyGenerator;
 import org.springframework.security.crypto.keygen.KeyGenerators;
-
-import static org.springframework.security.crypto.util.EncodingUtils.concatenate;
-import static org.springframework.security.crypto.util.EncodingUtils.subArray;
+import org.springframework.security.crypto.util.EncodingUtils;
 
 /**
  * Abstract base class for password encoders
@@ -47,14 +45,14 @@ public abstract class AbstractPasswordEncoder implements PasswordEncoder {
 	@Override
 	public boolean matches(CharSequence rawPassword, String encodedPassword) {
 		byte[] digested = Hex.decode(encodedPassword);
-		byte[] salt = subArray(digested, 0, this.saltGenerator.getKeyLength());
+		byte[] salt = EncodingUtils.subArray(digested, 0, this.saltGenerator.getKeyLength());
 		return matches(digested, encodeAndConcatenate(rawPassword, salt));
 	}
 
 	protected abstract byte[] encode(CharSequence rawPassword, byte[] salt);
 
 	protected byte[] encodeAndConcatenate(CharSequence rawPassword, byte[] salt) {
-		return concatenate(salt, encode(rawPassword, salt));
+		return EncodingUtils.concatenate(salt, encode(rawPassword, salt));
 	}
 
 	/**
diff --git a/crypto/src/main/java/org/springframework/security/crypto/password/Pbkdf2PasswordEncoder.java b/crypto/src/main/java/org/springframework/security/crypto/password/Pbkdf2PasswordEncoder.java
index 53e56a1de8..2b4f5465fe 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/password/Pbkdf2PasswordEncoder.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/password/Pbkdf2PasswordEncoder.java
@@ -27,9 +27,7 @@ import org.springframework.security.crypto.codec.Hex;
 import org.springframework.security.crypto.codec.Utf8;
 import org.springframework.security.crypto.keygen.BytesKeyGenerator;
 import org.springframework.security.crypto.keygen.KeyGenerators;
-
-import static org.springframework.security.crypto.util.EncodingUtils.concatenate;
-import static org.springframework.security.crypto.util.EncodingUtils.subArray;
+import org.springframework.security.crypto.util.EncodingUtils;
 
 /**
  * A {@code PasswordEncoder} implementation that uses PBKDF2 with a configurable number of
@@ -147,7 +145,7 @@ public class Pbkdf2PasswordEncoder implements PasswordEncoder {
 	@Override
 	public boolean matches(CharSequence rawPassword, String encodedPassword) {
 		byte[] digested = decode(encodedPassword);
-		byte[] salt = subArray(digested, 0, this.saltGenerator.getKeyLength());
+		byte[] salt = EncodingUtils.subArray(digested, 0, this.saltGenerator.getKeyLength());
 		return MessageDigest.isEqual(digested, encode(rawPassword, salt));
 	}
 
@@ -160,10 +158,10 @@ public class Pbkdf2PasswordEncoder implements PasswordEncoder {
 
 	private byte[] encode(CharSequence rawPassword, byte[] salt) {
 		try {
-			PBEKeySpec spec = new PBEKeySpec(rawPassword.toString().toCharArray(), concatenate(salt, this.secret),
-					this.iterations, this.hashWidth);
+			PBEKeySpec spec = new PBEKeySpec(rawPassword.toString().toCharArray(),
+					EncodingUtils.concatenate(salt, this.secret), this.iterations, this.hashWidth);
 			SecretKeyFactory skf = SecretKeyFactory.getInstance(this.algorithm);
-			return concatenate(salt, skf.generateSecret(spec).getEncoded());
+			return EncodingUtils.concatenate(salt, skf.generateSecret(spec).getEncoded());
 		}
 		catch (GeneralSecurityException e) {
 			throw new IllegalStateException("Could not create hash", e);
diff --git a/crypto/src/main/java/org/springframework/security/crypto/password/StandardPasswordEncoder.java b/crypto/src/main/java/org/springframework/security/crypto/password/StandardPasswordEncoder.java
index 016783c24c..bca1380bfd 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/password/StandardPasswordEncoder.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/password/StandardPasswordEncoder.java
@@ -21,9 +21,7 @@ import org.springframework.security.crypto.codec.Hex;
 import org.springframework.security.crypto.codec.Utf8;
 import org.springframework.security.crypto.keygen.BytesKeyGenerator;
 import org.springframework.security.crypto.keygen.KeyGenerators;
-
-import static org.springframework.security.crypto.util.EncodingUtils.concatenate;
-import static org.springframework.security.crypto.util.EncodingUtils.subArray;
+import org.springframework.security.crypto.util.EncodingUtils;
 
 /**
  * This {@link PasswordEncoder} is provided for legacy purposes only and is not considered
@@ -81,7 +79,7 @@ public final class StandardPasswordEncoder implements PasswordEncoder {
 	@Override
 	public boolean matches(CharSequence rawPassword, String encodedPassword) {
 		byte[] digested = decode(encodedPassword);
-		byte[] salt = subArray(digested, 0, this.saltGenerator.getKeyLength());
+		byte[] salt = EncodingUtils.subArray(digested, 0, this.saltGenerator.getKeyLength());
 		return MessageDigest.isEqual(digested, digest(rawPassword, salt));
 	}
 
@@ -99,8 +97,8 @@ public final class StandardPasswordEncoder implements PasswordEncoder {
 	}
 
 	private byte[] digest(CharSequence rawPassword, byte[] salt) {
-		byte[] digest = this.digester.digest(concatenate(salt, this.secret, Utf8.encode(rawPassword)));
-		return concatenate(salt, digest);
+		byte[] digest = this.digester.digest(EncodingUtils.concatenate(salt, this.secret, Utf8.encode(rawPassword)));
+		return EncodingUtils.concatenate(salt, digest);
 	}
 
 	private byte[] decode(CharSequence encodedPassword) {
diff --git a/crypto/src/test/java/org/springframework/security/crypto/encrypt/AesBytesEncryptorTests.java b/crypto/src/test/java/org/springframework/security/crypto/encrypt/AesBytesEncryptorTests.java
index 124889e337..0d1a9b678b 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/encrypt/AesBytesEncryptorTests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/encrypt/AesBytesEncryptorTests.java
@@ -23,14 +23,13 @@ import org.junit.Before;
 import org.junit.Test;
 
 import org.springframework.security.crypto.codec.Hex;
+import org.springframework.security.crypto.encrypt.AesBytesEncryptor.CipherAlgorithm;
 import org.springframework.security.crypto.keygen.BytesKeyGenerator;
+import org.springframework.security.crypto.password.Pbkdf2PasswordEncoder.SecretKeyFactoryAlgorithm;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
-import static org.springframework.security.crypto.encrypt.AesBytesEncryptor.CipherAlgorithm.GCM;
-import static org.springframework.security.crypto.encrypt.CipherUtils.newSecretKey;
-import static org.springframework.security.crypto.password.Pbkdf2PasswordEncoder.SecretKeyFactoryAlgorithm.PBKDF2WithHmacSHA1;
 
 /**
  * Tests for {@link AesBytesEncryptor}
@@ -76,7 +75,8 @@ public class AesBytesEncryptorTests {
 	@Test
 	public void roundtripWhenUsingGcmThenEncryptsAndDecrypts() {
 		CryptoAssumptions.assumeGCMJCE();
-		AesBytesEncryptor encryptor = new AesBytesEncryptor(this.password, this.hexSalt, this.generator, GCM);
+		AesBytesEncryptor encryptor = new AesBytesEncryptor(this.password, this.hexSalt, this.generator,
+				CipherAlgorithm.GCM);
 
 		byte[] encryption = encryptor.encrypt(this.secret.getBytes());
 		assertThat(new String(Hex.encode(encryption)))
@@ -90,8 +90,8 @@ public class AesBytesEncryptorTests {
 	public void roundtripWhenUsingSecretKeyThenEncryptsAndDecrypts() {
 		CryptoAssumptions.assumeGCMJCE();
 		PBEKeySpec keySpec = new PBEKeySpec(this.password.toCharArray(), Hex.decode(this.hexSalt), 1024, 256);
-		SecretKey secretKey = newSecretKey(PBKDF2WithHmacSHA1.name(), keySpec);
-		AesBytesEncryptor encryptor = new AesBytesEncryptor(secretKey, this.generator, GCM);
+		SecretKey secretKey = CipherUtils.newSecretKey(SecretKeyFactoryAlgorithm.PBKDF2WithHmacSHA1.name(), keySpec);
+		AesBytesEncryptor encryptor = new AesBytesEncryptor(secretKey, this.generator, CipherAlgorithm.GCM);
 
 		byte[] encryption = encryptor.encrypt(this.secret.getBytes());
 		assertThat(new String(Hex.encode(encryption)))
diff --git a/etc/checkstyle/checkstyle-suppressions.xml b/etc/checkstyle/checkstyle-suppressions.xml
index a0d4fa92c7..8a54814b09 100644
--- a/etc/checkstyle/checkstyle-suppressions.xml
+++ b/etc/checkstyle/checkstyle-suppressions.xml
@@ -3,7 +3,6 @@
 		"-//Checkstyle//DTD SuppressionFilter Configuration 1.2//EN"
 		"https://checkstyle.org/dtds/suppressions_1_2.dtd">
 <suppressions>
-	<suppress files=".*" checks="SpringAvoidStaticImport" />
 	<suppress files=".*" checks="SpringCatch" />
 	<suppress files=".*" checks="SpringHeader" />
 	<suppress files=".*" checks="SpringHideUtilityClassConstructor" />
diff --git a/messaging/src/main/java/org/springframework/security/messaging/util/matcher/AbstractMessageMatcherComposite.java b/messaging/src/main/java/org/springframework/security/messaging/util/matcher/AbstractMessageMatcherComposite.java
index 6bb2b627e8..e5a4ef2c3a 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/util/matcher/AbstractMessageMatcherComposite.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/util/matcher/AbstractMessageMatcherComposite.java
@@ -15,13 +15,13 @@
  */
 package org.springframework.security.messaging.util.matcher;
 
+import java.util.Arrays;
 import java.util.List;
 
 import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
 
-import static java.util.Arrays.asList;
-import static org.apache.commons.logging.LogFactory.getLog;
-import static org.springframework.util.Assert.notEmpty;
+import org.springframework.util.Assert;
 
 /**
  * Abstract {@link MessageMatcher} containing multiple {@link MessageMatcher}
@@ -30,7 +30,7 @@ import static org.springframework.util.Assert.notEmpty;
  */
 abstract class AbstractMessageMatcherComposite<T> implements MessageMatcher<T> {
 
-	protected final Log LOGGER = getLog(getClass());
+	protected final Log LOGGER = LogFactory.getLog(getClass());
 
 	private final List<MessageMatcher<T>> messageMatchers;
 
@@ -39,7 +39,7 @@ abstract class AbstractMessageMatcherComposite<T> implements MessageMatcher<T> {
 	 * @param messageMatchers the {@link MessageMatcher} instances to try
 	 */
 	AbstractMessageMatcherComposite(List<MessageMatcher<T>> messageMatchers) {
-		notEmpty(messageMatchers, "messageMatchers must contain a value");
+		Assert.notEmpty(messageMatchers, "messageMatchers must contain a value");
 		if (messageMatchers.contains(null)) {
 			throw new IllegalArgumentException("messageMatchers cannot contain null values");
 		}
@@ -53,7 +53,7 @@ abstract class AbstractMessageMatcherComposite<T> implements MessageMatcher<T> {
 	 */
 	@SafeVarargs
 	AbstractMessageMatcherComposite(MessageMatcher<T>... messageMatchers) {
-		this(asList(messageMatchers));
+		this(Arrays.asList(messageMatchers));
 	}
 
 	public List<MessageMatcher<T>> getMessageMatchers() {
diff --git a/messaging/src/test/java/org/springframework/security/messaging/access/expression/ExpressionBasedMessageSecurityMetadataSourceFactoryTests.java b/messaging/src/test/java/org/springframework/security/messaging/access/expression/ExpressionBasedMessageSecurityMetadataSourceFactoryTests.java
index 12b93ce5e3..e905aff96c 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/access/expression/ExpressionBasedMessageSecurityMetadataSourceFactoryTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/access/expression/ExpressionBasedMessageSecurityMetadataSourceFactoryTests.java
@@ -31,8 +31,7 @@ import org.springframework.security.messaging.access.intercept.MessageSecurityMe
 import org.springframework.security.messaging.util.matcher.MessageMatcher;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.powermock.api.mockito.PowerMockito.when;
-import static org.springframework.security.messaging.access.expression.ExpressionBasedMessageSecurityMetadataSourceFactory.createExpressionMessageMetadataSource;
+import static org.mockito.BDDMockito.given;
 
 @RunWith(MockitoJUnitRunner.class)
 public class ExpressionBasedMessageSecurityMetadataSourceFactoryTests {
@@ -67,7 +66,8 @@ public class ExpressionBasedMessageSecurityMetadataSourceFactoryTests {
 		this.matcherToExpression.put(this.matcher1, this.expression1);
 		this.matcherToExpression.put(this.matcher2, this.expression2);
 
-		this.source = createExpressionMessageMetadataSource(this.matcherToExpression);
+		this.source = ExpressionBasedMessageSecurityMetadataSourceFactory
+				.createExpressionMessageMetadataSource(this.matcherToExpression);
 		this.rootObject = new MessageSecurityExpressionRoot(this.authentication, this.message);
 	}
 
@@ -81,7 +81,7 @@ public class ExpressionBasedMessageSecurityMetadataSourceFactoryTests {
 
 	@Test
 	public void createExpressionMessageMetadataSourceMatchFirst() {
-		when(this.matcher1.matches(this.message)).thenReturn(true);
+		given(this.matcher1.matches(this.message)).willReturn(true);
 
 		Collection<ConfigAttribute> attrs = this.source.getAttributes(this.message);
 
@@ -94,7 +94,7 @@ public class ExpressionBasedMessageSecurityMetadataSourceFactoryTests {
 
 	@Test
 	public void createExpressionMessageMetadataSourceMatchSecond() {
-		when(this.matcher2.matches(this.message)).thenReturn(true);
+		given(this.matcher2.matches(this.message)).willReturn(true);
 
 		Collection<ConfigAttribute> attrs = this.source.getAttributes(this.message);
 
diff --git a/messaging/src/test/java/org/springframework/security/messaging/access/expression/MessageExpressionVoterTests.java b/messaging/src/test/java/org/springframework/security/messaging/access/expression/MessageExpressionVoterTests.java
index 1462d8fecd..0af2476af3 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/access/expression/MessageExpressionVoterTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/access/expression/MessageExpressionVoterTests.java
@@ -27,6 +27,7 @@ import org.mockito.junit.MockitoJUnitRunner;
 import org.springframework.expression.EvaluationContext;
 import org.springframework.expression.Expression;
 import org.springframework.messaging.Message;
+import org.springframework.security.access.AccessDecisionVoter;
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.access.SecurityConfig;
 import org.springframework.security.access.expression.SecurityExpressionHandler;
@@ -39,9 +40,6 @@ import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
-import static org.springframework.security.access.AccessDecisionVoter.ACCESS_ABSTAIN;
-import static org.springframework.security.access.AccessDecisionVoter.ACCESS_DENIED;
-import static org.springframework.security.access.AccessDecisionVoter.ACCESS_GRANTED;
 
 @RunWith(MockitoJUnitRunner.class)
 public class MessageExpressionVoterTests {
@@ -79,19 +77,22 @@ public class MessageExpressionVoterTests {
 	@Test
 	public void voteGranted() {
 		given(this.expression.getValue(any(EvaluationContext.class), eq(Boolean.class))).willReturn(true);
-		assertThat(this.voter.vote(this.authentication, this.message, this.attributes)).isEqualTo(ACCESS_GRANTED);
+		assertThat(this.voter.vote(this.authentication, this.message, this.attributes))
+				.isEqualTo(AccessDecisionVoter.ACCESS_GRANTED);
 	}
 
 	@Test
 	public void voteDenied() {
 		given(this.expression.getValue(any(EvaluationContext.class), eq(Boolean.class))).willReturn(false);
-		assertThat(this.voter.vote(this.authentication, this.message, this.attributes)).isEqualTo(ACCESS_DENIED);
+		assertThat(this.voter.vote(this.authentication, this.message, this.attributes))
+				.isEqualTo(AccessDecisionVoter.ACCESS_DENIED);
 	}
 
 	@Test
 	public void voteAbstain() {
 		this.attributes = Arrays.<ConfigAttribute>asList(new SecurityConfig("ROLE_USER"));
-		assertThat(this.voter.vote(this.authentication, this.message, this.attributes)).isEqualTo(ACCESS_ABSTAIN);
+		assertThat(this.voter.vote(this.authentication, this.message, this.attributes))
+				.isEqualTo(AccessDecisionVoter.ACCESS_ABSTAIN);
 	}
 
 	@Test
@@ -126,7 +127,8 @@ public class MessageExpressionVoterTests {
 				.willReturn(this.evaluationContext);
 		given(this.expression.getValue(this.evaluationContext, Boolean.class)).willReturn(true);
 
-		assertThat(this.voter.vote(this.authentication, this.message, this.attributes)).isEqualTo(ACCESS_GRANTED);
+		assertThat(this.voter.vote(this.authentication, this.message, this.attributes))
+				.isEqualTo(AccessDecisionVoter.ACCESS_GRANTED);
 
 		verify(this.expressionHandler).createEvaluationContext(this.authentication, this.message);
 	}
@@ -142,7 +144,8 @@ public class MessageExpressionVoterTests {
 		given(configAttribute.postProcess(this.evaluationContext, this.message)).willReturn(this.evaluationContext);
 		given(this.expression.getValue(any(EvaluationContext.class), eq(Boolean.class))).willReturn(true);
 
-		assertThat(this.voter.vote(this.authentication, this.message, this.attributes)).isEqualTo(ACCESS_GRANTED);
+		assertThat(this.voter.vote(this.authentication, this.message, this.attributes))
+				.isEqualTo(AccessDecisionVoter.ACCESS_GRANTED);
 		verify(configAttribute).postProcess(this.evaluationContext, this.message);
 	}
 
diff --git a/messaging/src/test/java/org/springframework/security/messaging/access/intercept/DefaultMessageSecurityMetadataSourceTests.java b/messaging/src/test/java/org/springframework/security/messaging/access/intercept/DefaultMessageSecurityMetadataSourceTests.java
index 3feaa06ec9..83e53d9057 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/access/intercept/DefaultMessageSecurityMetadataSourceTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/access/intercept/DefaultMessageSecurityMetadataSourceTests.java
@@ -32,7 +32,7 @@ import org.springframework.security.core.Authentication;
 import org.springframework.security.messaging.util.matcher.MessageMatcher;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.powermock.api.mockito.PowerMockito.when;
+import static org.mockito.BDDMockito.given;
 
 @RunWith(MockitoJUnitRunner.class)
 public class DefaultMessageSecurityMetadataSourceTests {
@@ -73,14 +73,14 @@ public class DefaultMessageSecurityMetadataSourceTests {
 
 	@Test
 	public void getAttributesFirst() {
-		when(this.matcher1.matches(this.message)).thenReturn(true);
+		given(this.matcher1.matches(this.message)).willReturn(true);
 
 		assertThat(this.source.getAttributes(this.message)).containsOnly(this.config1);
 	}
 
 	@Test
 	public void getAttributesSecond() {
-		when(this.matcher1.matches(this.message)).thenReturn(true);
+		given(this.matcher1.matches(this.message)).willReturn(true);
 
 		assertThat(this.source.getAttributes(this.message)).containsOnly(this.config2);
 	}
diff --git a/messaging/src/test/java/org/springframework/security/messaging/context/SecurityContextChannelInterceptorTests.java b/messaging/src/test/java/org/springframework/security/messaging/context/SecurityContextChannelInterceptorTests.java
index 8b19f08fa5..7295ef0b2a 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/context/SecurityContextChannelInterceptorTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/context/SecurityContextChannelInterceptorTests.java
@@ -35,7 +35,6 @@ import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.core.context.SecurityContextHolder;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.springframework.security.core.context.SecurityContextHolder.clearContext;
 
 @RunWith(MockitoJUnitRunner.class)
 public class SecurityContextChannelInterceptorTests {
@@ -69,7 +68,7 @@ public class SecurityContextChannelInterceptorTests {
 
 	@After
 	public void cleanup() {
-		clearContext();
+		SecurityContextHolder.clearContext();
 	}
 
 	@Test(expected = IllegalArgumentException.class)
diff --git a/messaging/src/test/java/org/springframework/security/messaging/handler/invocation/ResolvableMethod.java b/messaging/src/test/java/org/springframework/security/messaging/handler/invocation/ResolvableMethod.java
index 25e1e6af82..653b3a2c66 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/handler/invocation/ResolvableMethod.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/handler/invocation/ResolvableMethod.java
@@ -27,6 +27,7 @@ import java.util.Set;
 import java.util.function.Consumer;
 import java.util.function.Predicate;
 import java.util.function.Supplier;
+import java.util.stream.Collectors;
 
 import org.aopalliance.intercept.MethodInterceptor;
 import org.apache.commons.logging.Log;
@@ -54,8 +55,6 @@ import org.springframework.util.Assert;
 import org.springframework.util.ObjectUtils;
 import org.springframework.util.ReflectionUtils;
 
-import static java.util.stream.Collectors.joining;
-
 /**
  * NOTE: This class is a replica of the same class in spring-web so it can be used for
  * tests in spring-messaging.
@@ -216,13 +215,14 @@ public final class ResolvableMethod {
 
 	private String formatMethod() {
 		return (method().getName() + Arrays.stream(this.method.getParameters()).map(this::formatParameter)
-				.collect(joining(",\n\t", "(\n\t", "\n)")));
+				.collect(Collectors.joining(",\n\t", "(\n\t", "\n)")));
 	}
 
 	private String formatParameter(Parameter param) {
 		Annotation[] anns = param.getAnnotations();
 		return (anns.length > 0
-				? Arrays.stream(anns).map(this::formatAnnotation).collect(joining(",", "[", "]")) + " " + param
+				? Arrays.stream(anns).map(this::formatAnnotation).collect(Collectors.joining(",", "[", "]")) + " "
+						+ param
 				: param.toString());
 	}
 
@@ -427,8 +427,8 @@ public final class ResolvableMethod {
 		}
 
 		private String formatMethods(Set<Method> methods) {
-			return "\nMatched:\n"
-					+ methods.stream().map(Method::toGenericString).collect(joining(",\n\t", "[\n\t", "\n]"));
+			return "\nMatched:\n" + methods.stream().map(Method::toGenericString)
+					.collect(Collectors.joining(",\n\t", "[\n\t", "\n]"));
 		}
 
 		public ResolvableMethod mockCall(Consumer<T> invoker) {
@@ -504,7 +504,8 @@ public final class ResolvableMethod {
 		}
 
 		private String formatFilters() {
-			return this.filters.stream().map(Object::toString).collect(joining(",\n\t\t", "[\n\t\t", "\n\t]"));
+			return this.filters.stream().map(Object::toString)
+					.collect(Collectors.joining(",\n\t\t", "[\n\t\t", "\n\t]"));
 		}
 
 	}
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/AbstractWebClientReactiveOAuth2AccessTokenResponseClient.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/AbstractWebClientReactiveOAuth2AccessTokenResponseClient.java
index 67a489046e..81329fb5ad 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/AbstractWebClientReactiveOAuth2AccessTokenResponseClient.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/AbstractWebClientReactiveOAuth2AccessTokenResponseClient.java
@@ -26,6 +26,7 @@ import org.springframework.security.oauth2.client.registration.ClientRegistratio
 import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
 import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
 import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
+import org.springframework.security.oauth2.core.web.reactive.function.OAuth2BodyExtractors;
 import org.springframework.util.Assert;
 import org.springframework.util.CollectionUtils;
 import org.springframework.util.StringUtils;
@@ -33,8 +34,6 @@ import org.springframework.web.reactive.function.BodyInserters;
 import org.springframework.web.reactive.function.client.ClientResponse;
 import org.springframework.web.reactive.function.client.WebClient;
 
-import static org.springframework.security.oauth2.core.web.reactive.function.OAuth2BodyExtractors.oauth2AccessTokenResponse;
-
 /**
  * Abstract base class for all of the {@code WebClientReactive*TokenResponseClient}s that
  * communicate to the Authorization Server's Token Endpoint.
@@ -169,7 +168,7 @@ abstract class AbstractWebClientReactiveOAuth2AccessTokenResponseClient<T extend
 	 * @return the token response from the response body.
 	 */
 	private Mono<OAuth2AccessTokenResponse> readTokenResponse(T grantRequest, ClientResponse response) {
-		return response.body(oauth2AccessTokenResponse())
+		return response.body(OAuth2BodyExtractors.oauth2AccessTokenResponse())
 				.map(tokenResponse -> populateTokenResponse(grantRequest, tokenResponse));
 	}
 
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationGrantRequestEntityUtils.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationGrantRequestEntityUtils.java
index af7b288ac2..20079b80c0 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationGrantRequestEntityUtils.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationGrantRequestEntityUtils.java
@@ -24,8 +24,6 @@ import org.springframework.http.RequestEntity;
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
 import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
 
-import static org.springframework.http.MediaType.APPLICATION_FORM_URLENCODED_VALUE;
-
 /**
  * Utility methods used by the {@link Converter}'s that convert from an implementation of
  * an {@link AbstractOAuth2AuthorizationGrantRequest} to a {@link RequestEntity}
@@ -53,7 +51,7 @@ final class OAuth2AuthorizationGrantRequestEntityUtils {
 	private static HttpHeaders getDefaultTokenRequestHeaders() {
 		HttpHeaders headers = new HttpHeaders();
 		headers.setAccept(Collections.singletonList(MediaType.APPLICATION_JSON_UTF8));
-		final MediaType contentType = MediaType.valueOf(APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8");
+		final MediaType contentType = MediaType.valueOf(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8");
 		headers.setContentType(contentType);
 		return headers;
 	}
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/ClientRegistrationDeserializer.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/ClientRegistrationDeserializer.java
index 58482899c1..f299bdc242 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/ClientRegistrationDeserializer.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/ClientRegistrationDeserializer.java
@@ -29,12 +29,6 @@ import org.springframework.security.oauth2.core.AuthenticationMethod;
 import org.springframework.security.oauth2.core.AuthorizationGrantType;
 import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
 
-import static org.springframework.security.oauth2.client.jackson2.JsonNodeUtils.MAP_TYPE_REFERENCE;
-import static org.springframework.security.oauth2.client.jackson2.JsonNodeUtils.SET_TYPE_REFERENCE;
-import static org.springframework.security.oauth2.client.jackson2.JsonNodeUtils.findObjectNode;
-import static org.springframework.security.oauth2.client.jackson2.JsonNodeUtils.findStringValue;
-import static org.springframework.security.oauth2.client.jackson2.JsonNodeUtils.findValue;
-
 /**
  * A {@code JsonDeserializer} for {@link ClientRegistration}.
  *
@@ -55,28 +49,31 @@ final class ClientRegistrationDeserializer extends JsonDeserializer<ClientRegist
 	public ClientRegistration deserialize(JsonParser parser, DeserializationContext context) throws IOException {
 		ObjectMapper mapper = (ObjectMapper) parser.getCodec();
 		JsonNode clientRegistrationNode = mapper.readTree(parser);
-		JsonNode providerDetailsNode = findObjectNode(clientRegistrationNode, "providerDetails");
-		JsonNode userInfoEndpointNode = findObjectNode(providerDetailsNode, "userInfoEndpoint");
+		JsonNode providerDetailsNode = JsonNodeUtils.findObjectNode(clientRegistrationNode, "providerDetails");
+		JsonNode userInfoEndpointNode = JsonNodeUtils.findObjectNode(providerDetailsNode, "userInfoEndpoint");
 
-		return ClientRegistration.withRegistrationId(findStringValue(clientRegistrationNode, "registrationId"))
-				.clientId(findStringValue(clientRegistrationNode, "clientId"))
-				.clientSecret(findStringValue(clientRegistrationNode, "clientSecret"))
+		return ClientRegistration
+				.withRegistrationId(JsonNodeUtils.findStringValue(clientRegistrationNode, "registrationId"))
+				.clientId(JsonNodeUtils.findStringValue(clientRegistrationNode, "clientId"))
+				.clientSecret(JsonNodeUtils.findStringValue(clientRegistrationNode, "clientSecret"))
 				.clientAuthenticationMethod(CLIENT_AUTHENTICATION_METHOD_CONVERTER
-						.convert(findObjectNode(clientRegistrationNode, "clientAuthenticationMethod")))
+						.convert(JsonNodeUtils.findObjectNode(clientRegistrationNode, "clientAuthenticationMethod")))
 				.authorizationGrantType(AUTHORIZATION_GRANT_TYPE_CONVERTER
-						.convert(findObjectNode(clientRegistrationNode, "authorizationGrantType")))
-				.redirectUri(findStringValue(clientRegistrationNode, "redirectUri"))
-				.scope(findValue(clientRegistrationNode, "scopes", SET_TYPE_REFERENCE, mapper))
-				.clientName(findStringValue(clientRegistrationNode, "clientName"))
-				.authorizationUri(findStringValue(providerDetailsNode, "authorizationUri"))
-				.tokenUri(findStringValue(providerDetailsNode, "tokenUri"))
-				.userInfoUri(findStringValue(userInfoEndpointNode, "uri"))
+						.convert(JsonNodeUtils.findObjectNode(clientRegistrationNode, "authorizationGrantType")))
+				.redirectUri(JsonNodeUtils.findStringValue(clientRegistrationNode, "redirectUri"))
+				.scope(JsonNodeUtils.findValue(clientRegistrationNode, "scopes", JsonNodeUtils.SET_TYPE_REFERENCE,
+						mapper))
+				.clientName(JsonNodeUtils.findStringValue(clientRegistrationNode, "clientName"))
+				.authorizationUri(JsonNodeUtils.findStringValue(providerDetailsNode, "authorizationUri"))
+				.tokenUri(JsonNodeUtils.findStringValue(providerDetailsNode, "tokenUri"))
+				.userInfoUri(JsonNodeUtils.findStringValue(userInfoEndpointNode, "uri"))
 				.userInfoAuthenticationMethod(AUTHENTICATION_METHOD_CONVERTER
-						.convert(findObjectNode(userInfoEndpointNode, "authenticationMethod")))
-				.userNameAttributeName(findStringValue(userInfoEndpointNode, "userNameAttributeName"))
-				.jwkSetUri(findStringValue(providerDetailsNode, "jwkSetUri"))
-				.issuerUri(findStringValue(providerDetailsNode, "issuerUri")).providerConfigurationMetadata(
-						findValue(providerDetailsNode, "configurationMetadata", MAP_TYPE_REFERENCE, mapper))
+						.convert(JsonNodeUtils.findObjectNode(userInfoEndpointNode, "authenticationMethod")))
+				.userNameAttributeName(JsonNodeUtils.findStringValue(userInfoEndpointNode, "userNameAttributeName"))
+				.jwkSetUri(JsonNodeUtils.findStringValue(providerDetailsNode, "jwkSetUri"))
+				.issuerUri(JsonNodeUtils.findStringValue(providerDetailsNode, "issuerUri"))
+				.providerConfigurationMetadata(JsonNodeUtils.findValue(providerDetailsNode, "configurationMetadata",
+						JsonNodeUtils.MAP_TYPE_REFERENCE, mapper))
 				.build();
 	}
 
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizationRequestDeserializer.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizationRequestDeserializer.java
index 33b33b9d46..5c514b86e2 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizationRequestDeserializer.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizationRequestDeserializer.java
@@ -28,12 +28,6 @@ import com.fasterxml.jackson.databind.util.StdConverter;
 import org.springframework.security.oauth2.core.AuthorizationGrantType;
 import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
 
-import static org.springframework.security.oauth2.client.jackson2.JsonNodeUtils.MAP_TYPE_REFERENCE;
-import static org.springframework.security.oauth2.client.jackson2.JsonNodeUtils.SET_TYPE_REFERENCE;
-import static org.springframework.security.oauth2.client.jackson2.JsonNodeUtils.findObjectNode;
-import static org.springframework.security.oauth2.client.jackson2.JsonNodeUtils.findStringValue;
-import static org.springframework.security.oauth2.client.jackson2.JsonNodeUtils.findValue;
-
 /**
  * A {@code JsonDeserializer} for {@link OAuth2AuthorizationRequest}.
  *
@@ -53,7 +47,7 @@ final class OAuth2AuthorizationRequestDeserializer extends JsonDeserializer<OAut
 		JsonNode authorizationRequestNode = mapper.readTree(parser);
 
 		AuthorizationGrantType authorizationGrantType = AUTHORIZATION_GRANT_TYPE_CONVERTER
-				.convert(findObjectNode(authorizationRequestNode, "authorizationGrantType"));
+				.convert(JsonNodeUtils.findObjectNode(authorizationRequestNode, "authorizationGrantType"));
 
 		OAuth2AuthorizationRequest.Builder builder;
 		if (AuthorizationGrantType.AUTHORIZATION_CODE.equals(authorizationGrantType)) {
@@ -66,15 +60,19 @@ final class OAuth2AuthorizationRequestDeserializer extends JsonDeserializer<OAut
 			throw new JsonParseException(parser, "Invalid authorizationGrantType");
 		}
 
-		return builder.authorizationUri(findStringValue(authorizationRequestNode, "authorizationUri"))
-				.clientId(findStringValue(authorizationRequestNode, "clientId"))
-				.redirectUri(findStringValue(authorizationRequestNode, "redirectUri"))
-				.scopes(findValue(authorizationRequestNode, "scopes", SET_TYPE_REFERENCE, mapper))
-				.state(findStringValue(authorizationRequestNode, "state"))
-				.additionalParameters(
-						findValue(authorizationRequestNode, "additionalParameters", MAP_TYPE_REFERENCE, mapper))
-				.authorizationRequestUri(findStringValue(authorizationRequestNode, "authorizationRequestUri"))
-				.attributes(findValue(authorizationRequestNode, "attributes", MAP_TYPE_REFERENCE, mapper)).build();
+		return builder.authorizationUri(JsonNodeUtils.findStringValue(authorizationRequestNode, "authorizationUri"))
+				.clientId(JsonNodeUtils.findStringValue(authorizationRequestNode, "clientId"))
+				.redirectUri(JsonNodeUtils.findStringValue(authorizationRequestNode, "redirectUri"))
+				.scopes(JsonNodeUtils
+						.findValue(authorizationRequestNode, "scopes", JsonNodeUtils.SET_TYPE_REFERENCE, mapper))
+				.state(JsonNodeUtils.findStringValue(authorizationRequestNode, "state"))
+				.additionalParameters(JsonNodeUtils.findValue(authorizationRequestNode, "additionalParameters",
+						JsonNodeUtils.MAP_TYPE_REFERENCE, mapper))
+				.authorizationRequestUri(
+						JsonNodeUtils.findStringValue(authorizationRequestNode, "authorizationRequestUri"))
+				.attributes(JsonNodeUtils.findValue(authorizationRequestNode, "attributes",
+						JsonNodeUtils.MAP_TYPE_REFERENCE, mapper))
+				.build();
 	}
 
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/StdConverters.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/StdConverters.java
index adf21d9759..cab0af678f 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/StdConverters.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/StdConverters.java
@@ -23,8 +23,6 @@ import org.springframework.security.oauth2.core.AuthorizationGrantType;
 import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
 import org.springframework.security.oauth2.core.OAuth2AccessToken;
 
-import static org.springframework.security.oauth2.client.jackson2.JsonNodeUtils.findStringValue;
-
 /**
  * {@code StdConverter} implementations.
  *
@@ -37,7 +35,7 @@ abstract class StdConverters {
 
 		@Override
 		public OAuth2AccessToken.TokenType convert(JsonNode jsonNode) {
-			String value = findStringValue(jsonNode, "value");
+			String value = JsonNodeUtils.findStringValue(jsonNode, "value");
 			if (OAuth2AccessToken.TokenType.BEARER.getValue().equalsIgnoreCase(value)) {
 				return OAuth2AccessToken.TokenType.BEARER;
 			}
@@ -50,7 +48,7 @@ abstract class StdConverters {
 
 		@Override
 		public ClientAuthenticationMethod convert(JsonNode jsonNode) {
-			String value = findStringValue(jsonNode, "value");
+			String value = JsonNodeUtils.findStringValue(jsonNode, "value");
 			if (ClientAuthenticationMethod.BASIC.getValue().equalsIgnoreCase(value)) {
 				return ClientAuthenticationMethod.BASIC;
 			}
@@ -69,7 +67,7 @@ abstract class StdConverters {
 
 		@Override
 		public AuthorizationGrantType convert(JsonNode jsonNode) {
-			String value = findStringValue(jsonNode, "value");
+			String value = JsonNodeUtils.findStringValue(jsonNode, "value");
 			if (AuthorizationGrantType.AUTHORIZATION_CODE.getValue().equalsIgnoreCase(value)) {
 				return AuthorizationGrantType.AUTHORIZATION_CODE;
 			}
@@ -91,7 +89,7 @@ abstract class StdConverters {
 
 		@Override
 		public AuthenticationMethod convert(JsonNode jsonNode) {
-			String value = findStringValue(jsonNode, "value");
+			String value = JsonNodeUtils.findStringValue(jsonNode, "value");
 			if (AuthenticationMethod.HEADER.getValue().equalsIgnoreCase(value)) {
 				return AuthenticationMethod.HEADER;
 			}
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenDecoderFactory.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenDecoderFactory.java
index dfd55548ec..183082ba52 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenDecoderFactory.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenDecoderFactory.java
@@ -48,9 +48,6 @@ import org.springframework.security.oauth2.jwt.NimbusJwtDecoder;
 import org.springframework.util.Assert;
 import org.springframework.util.StringUtils;
 
-import static org.springframework.security.oauth2.jwt.NimbusJwtDecoder.withJwkSetUri;
-import static org.springframework.security.oauth2.jwt.NimbusJwtDecoder.withSecretKey;
-
 /**
  * A {@link JwtDecoderFactory factory} that provides a {@link JwtDecoder} used for
  * {@link OidcIdToken} signature verification. The provided {@link JwtDecoder} is
@@ -162,7 +159,7 @@ public final class OidcIdTokenDecoderFactory implements JwtDecoderFactory<Client
 						null);
 				throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
 			}
-			return withJwkSetUri(jwkSetUri).jwsAlgorithm((SignatureAlgorithm) jwsAlgorithm).build();
+			return NimbusJwtDecoder.withJwkSetUri(jwkSetUri).jwsAlgorithm((SignatureAlgorithm) jwsAlgorithm).build();
 		}
 		else if (jwsAlgorithm != null && MacAlgorithm.class.isAssignableFrom(jwsAlgorithm.getClass())) {
 			// https://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation
@@ -187,7 +184,7 @@ public final class OidcIdTokenDecoderFactory implements JwtDecoderFactory<Client
 			}
 			SecretKeySpec secretKeySpec = new SecretKeySpec(clientSecret.getBytes(StandardCharsets.UTF_8),
 					jcaAlgorithmMappings.get(jwsAlgorithm));
-			return withSecretKey(secretKeySpec).macAlgorithm((MacAlgorithm) jwsAlgorithm).build();
+			return NimbusJwtDecoder.withSecretKey(secretKeySpec).macAlgorithm((MacAlgorithm) jwsAlgorithm).build();
 		}
 
 		OAuth2Error oauth2Error = new OAuth2Error(MISSING_SIGNATURE_VERIFIER_ERROR_CODE,
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/ReactiveOidcIdTokenDecoderFactory.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/ReactiveOidcIdTokenDecoderFactory.java
index d5f07724b0..8d816d30c9 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/ReactiveOidcIdTokenDecoderFactory.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/ReactiveOidcIdTokenDecoderFactory.java
@@ -48,9 +48,6 @@ import org.springframework.security.oauth2.jwt.ReactiveJwtDecoderFactory;
 import org.springframework.util.Assert;
 import org.springframework.util.StringUtils;
 
-import static org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder.withJwkSetUri;
-import static org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder.withSecretKey;
-
 /**
  * A {@link ReactiveJwtDecoderFactory factory} that provides a {@link ReactiveJwtDecoder}
  * used for {@link OidcIdToken} signature verification. The provided
@@ -162,7 +159,8 @@ public final class ReactiveOidcIdTokenDecoderFactory implements ReactiveJwtDecod
 						null);
 				throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
 			}
-			return withJwkSetUri(jwkSetUri).jwsAlgorithm((SignatureAlgorithm) jwsAlgorithm).build();
+			return NimbusReactiveJwtDecoder.withJwkSetUri(jwkSetUri).jwsAlgorithm((SignatureAlgorithm) jwsAlgorithm)
+					.build();
 		}
 		else if (jwsAlgorithm != null && MacAlgorithm.class.isAssignableFrom(jwsAlgorithm.getClass())) {
 			// https://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation
@@ -187,7 +185,8 @@ public final class ReactiveOidcIdTokenDecoderFactory implements ReactiveJwtDecod
 			}
 			SecretKeySpec secretKeySpec = new SecretKeySpec(clientSecret.getBytes(StandardCharsets.UTF_8),
 					jcaAlgorithmMappings.get(jwsAlgorithm));
-			return withSecretKey(secretKeySpec).macAlgorithm((MacAlgorithm) jwsAlgorithm).build();
+			return NimbusReactiveJwtDecoder.withSecretKey(secretKeySpec).macAlgorithm((MacAlgorithm) jwsAlgorithm)
+					.build();
 		}
 
 		OAuth2Error oauth2Error = new OAuth2Error(MISSING_SIGNATURE_VERIFIER_ERROR_CODE,
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistration.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistration.java
index 12050c253a..acf1e3848b 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistration.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistration.java
@@ -33,8 +33,6 @@ import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
 import org.springframework.util.Assert;
 import org.springframework.util.StringUtils;
 
-import static java.util.Collections.EMPTY_MAP;
-
 /**
  * A representation of a client registration with an OAuth 2.0 or OpenID Connect 1.0
  * Provider.
@@ -378,7 +376,7 @@ public final class ClientRegistration implements Serializable {
 			this.jwkSetUri = clientRegistration.providerDetails.jwkSetUri;
 			this.issuerUri = clientRegistration.providerDetails.issuerUri;
 			Map<String, Object> configurationMetadata = clientRegistration.providerDetails.configurationMetadata;
-			if (configurationMetadata != EMPTY_MAP) {
+			if (configurationMetadata != Collections.EMPTY_MAP) {
 				this.configurationMetadata = new HashMap<>(configurationMetadata);
 			}
 			this.clientName = clientRegistration.clientName;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequestEntityConverter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequestEntityConverter.java
index e0213ca9b4..7267d1862c 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequestEntityConverter.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequestEntityConverter.java
@@ -30,8 +30,6 @@ import org.springframework.util.LinkedMultiValueMap;
 import org.springframework.util.MultiValueMap;
 import org.springframework.web.util.UriComponentsBuilder;
 
-import static org.springframework.http.MediaType.APPLICATION_FORM_URLENCODED_VALUE;
-
 /**
  * A {@link Converter} that converts the provided {@link OAuth2UserRequest} to a
  * {@link RequestEntity} representation of a request for the UserInfo Endpoint.
@@ -45,7 +43,7 @@ import static org.springframework.http.MediaType.APPLICATION_FORM_URLENCODED_VAL
 public class OAuth2UserRequestEntityConverter implements Converter<OAuth2UserRequest, RequestEntity<?>> {
 
 	private static final MediaType DEFAULT_CONTENT_TYPE = MediaType
-			.valueOf(APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8");
+			.valueOf(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8");
 
 	/**
 	 * Returns the {@link RequestEntity} used for the UserInfo Request.
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientTests.java
index 942c460ea2..4aa7b77f76 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientTests.java
@@ -19,11 +19,11 @@ import org.junit.Before;
 import org.junit.Test;
 
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
+import org.springframework.security.oauth2.client.registration.TestClientRegistrations;
 import org.springframework.security.oauth2.core.OAuth2AccessToken;
+import org.springframework.security.oauth2.core.TestOAuth2AccessTokens;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.springframework.security.oauth2.client.registration.TestClientRegistrations.clientRegistration;
-import static org.springframework.security.oauth2.core.TestOAuth2AccessTokens.noScopes;
 
 /**
  * Tests for {@link OAuth2AuthorizedClient}.
@@ -40,9 +40,9 @@ public class OAuth2AuthorizedClientTests {
 
 	@Before
 	public void setUp() {
-		this.clientRegistration = clientRegistration().build();
+		this.clientRegistration = TestClientRegistrations.clientRegistration().build();
 		this.principalName = "principal";
-		this.accessToken = noScopes();
+		this.accessToken = TestOAuth2AccessTokens.noScopes();
 	}
 
 	@Test(expected = IllegalArgumentException.class)
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationProviderTests.java
index c745de44fd..2b724c2e20 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationProviderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationProviderTests.java
@@ -25,23 +25,22 @@ import org.junit.Test;
 import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient;
 import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest;
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
+import org.springframework.security.oauth2.client.registration.TestClientRegistrations;
 import org.springframework.security.oauth2.core.OAuth2AuthorizationException;
 import org.springframework.security.oauth2.core.OAuth2ErrorCodes;
 import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
 import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange;
 import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
 import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse;
+import org.springframework.security.oauth2.core.endpoint.TestOAuth2AccessTokenResponses;
+import org.springframework.security.oauth2.core.endpoint.TestOAuth2AuthorizationRequests;
+import org.springframework.security.oauth2.core.endpoint.TestOAuth2AuthorizationResponses;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
-import static org.springframework.security.oauth2.client.registration.TestClientRegistrations.clientRegistration;
-import static org.springframework.security.oauth2.core.endpoint.TestOAuth2AccessTokenResponses.accessTokenResponse;
-import static org.springframework.security.oauth2.core.endpoint.TestOAuth2AuthorizationRequests.request;
-import static org.springframework.security.oauth2.core.endpoint.TestOAuth2AuthorizationResponses.error;
-import static org.springframework.security.oauth2.core.endpoint.TestOAuth2AuthorizationResponses.success;
 
 /**
  * Tests for {@link OAuth2AuthorizationCodeAuthenticationProvider}.
@@ -61,8 +60,8 @@ public class OAuth2AuthorizationCodeAuthenticationProviderTests {
 	@Before
 	@SuppressWarnings("unchecked")
 	public void setUp() {
-		this.clientRegistration = clientRegistration().build();
-		this.authorizationRequest = request().build();
+		this.clientRegistration = TestClientRegistrations.clientRegistration().build();
+		this.authorizationRequest = TestOAuth2AuthorizationRequests.request().build();
 		this.accessTokenResponseClient = mock(OAuth2AccessTokenResponseClient.class);
 		this.authenticationProvider = new OAuth2AuthorizationCodeAuthenticationProvider(this.accessTokenResponseClient);
 	}
@@ -80,7 +79,8 @@ public class OAuth2AuthorizationCodeAuthenticationProviderTests {
 
 	@Test
 	public void authenticateWhenAuthorizationErrorResponseThenThrowOAuth2AuthorizationException() {
-		OAuth2AuthorizationResponse authorizationResponse = error().errorCode(OAuth2ErrorCodes.INVALID_REQUEST).build();
+		OAuth2AuthorizationResponse authorizationResponse = TestOAuth2AuthorizationResponses.error()
+				.errorCode(OAuth2ErrorCodes.INVALID_REQUEST).build();
 		OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(this.authorizationRequest,
 				authorizationResponse);
 
@@ -92,7 +92,8 @@ public class OAuth2AuthorizationCodeAuthenticationProviderTests {
 
 	@Test
 	public void authenticateWhenAuthorizationResponseStateNotEqualAuthorizationRequestStateThenThrowOAuth2AuthorizationException() {
-		OAuth2AuthorizationResponse authorizationResponse = success().state("67890").build();
+		OAuth2AuthorizationResponse authorizationResponse = TestOAuth2AuthorizationResponses.success().state("67890")
+				.build();
 		OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(this.authorizationRequest,
 				authorizationResponse);
 
@@ -104,11 +105,12 @@ public class OAuth2AuthorizationCodeAuthenticationProviderTests {
 
 	@Test
 	public void authenticateWhenAuthorizationSuccessResponseThenExchangedForAccessToken() {
-		OAuth2AccessTokenResponse accessTokenResponse = accessTokenResponse().refreshToken("refresh").build();
+		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse()
+				.refreshToken("refresh").build();
 		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse);
 
 		OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(this.authorizationRequest,
-				success().build());
+				TestOAuth2AuthorizationResponses.success().build());
 		OAuth2AuthorizationCodeAuthenticationToken authenticationResult = (OAuth2AuthorizationCodeAuthenticationToken) this.authenticationProvider
 				.authenticate(
 						new OAuth2AuthorizationCodeAuthenticationToken(this.clientRegistration, authorizationExchange));
@@ -131,12 +133,12 @@ public class OAuth2AuthorizationCodeAuthenticationProviderTests {
 		additionalParameters.put("param1", "value1");
 		additionalParameters.put("param2", "value2");
 
-		OAuth2AccessTokenResponse accessTokenResponse = accessTokenResponse().additionalParameters(additionalParameters)
-				.build();
+		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse()
+				.additionalParameters(additionalParameters).build();
 		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse);
 
 		OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(this.authorizationRequest,
-				success().build());
+				TestOAuth2AuthorizationResponses.success().build());
 
 		OAuth2AuthorizationCodeAuthenticationToken authentication = (OAuth2AuthorizationCodeAuthenticationToken) this.authenticationProvider
 				.authenticate(
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationTokenTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationTokenTests.java
index 33d2e8a7e8..0498058917 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationTokenTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationTokenTests.java
@@ -21,15 +21,15 @@ import org.junit.Before;
 import org.junit.Test;
 
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
+import org.springframework.security.oauth2.client.registration.TestClientRegistrations;
 import org.springframework.security.oauth2.core.OAuth2AccessToken;
+import org.springframework.security.oauth2.core.TestOAuth2AccessTokens;
 import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange;
+import org.springframework.security.oauth2.core.endpoint.TestOAuth2AuthorizationRequests;
+import org.springframework.security.oauth2.core.endpoint.TestOAuth2AuthorizationResponses;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
-import static org.springframework.security.oauth2.client.registration.TestClientRegistrations.clientRegistration;
-import static org.springframework.security.oauth2.core.TestOAuth2AccessTokens.noScopes;
-import static org.springframework.security.oauth2.core.endpoint.TestOAuth2AuthorizationRequests.request;
-import static org.springframework.security.oauth2.core.endpoint.TestOAuth2AuthorizationResponses.success;
 
 /**
  * Tests for {@link OAuth2AuthorizationCodeAuthenticationToken}.
@@ -46,9 +46,10 @@ public class OAuth2AuthorizationCodeAuthenticationTokenTests {
 
 	@Before
 	public void setUp() {
-		this.clientRegistration = clientRegistration().build();
-		this.authorizationExchange = new OAuth2AuthorizationExchange(request().build(), success().code("code").build());
-		this.accessToken = noScopes();
+		this.clientRegistration = TestClientRegistrations.clientRegistration().build();
+		this.authorizationExchange = new OAuth2AuthorizationExchange(TestOAuth2AuthorizationRequests.request().build(),
+				TestOAuth2AuthorizationResponses.success().code("code").build());
+		this.accessToken = TestOAuth2AccessTokens.noScopes();
 	}
 
 	@Test
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProviderTests.java
index e62a2724f4..1be451737a 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProviderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProviderTests.java
@@ -36,6 +36,7 @@ import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMap
 import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient;
 import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest;
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
+import org.springframework.security.oauth2.client.registration.TestClientRegistrations;
 import org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest;
 import org.springframework.security.oauth2.client.userinfo.OAuth2UserService;
 import org.springframework.security.oauth2.core.OAuth2AccessToken;
@@ -45,6 +46,8 @@ import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenRespon
 import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange;
 import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
 import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse;
+import org.springframework.security.oauth2.core.endpoint.TestOAuth2AuthorizationRequests;
+import org.springframework.security.oauth2.core.endpoint.TestOAuth2AuthorizationResponses;
 import org.springframework.security.oauth2.core.user.OAuth2User;
 
 import static org.assertj.core.api.Assertions.assertThat;
@@ -53,10 +56,6 @@ import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyCollection;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
-import static org.springframework.security.oauth2.client.registration.TestClientRegistrations.clientRegistration;
-import static org.springframework.security.oauth2.core.endpoint.TestOAuth2AuthorizationRequests.request;
-import static org.springframework.security.oauth2.core.endpoint.TestOAuth2AuthorizationResponses.error;
-import static org.springframework.security.oauth2.core.endpoint.TestOAuth2AuthorizationResponses.success;
 
 /**
  * Tests for {@link OAuth2LoginAuthenticationProvider}.
@@ -85,9 +84,9 @@ public class OAuth2LoginAuthenticationProviderTests {
 	@Before
 	@SuppressWarnings("unchecked")
 	public void setUp() {
-		this.clientRegistration = clientRegistration().build();
-		this.authorizationRequest = request().scope("scope1", "scope2").build();
-		this.authorizationResponse = success().build();
+		this.clientRegistration = TestClientRegistrations.clientRegistration().build();
+		this.authorizationRequest = TestOAuth2AuthorizationRequests.request().scope("scope1", "scope2").build();
+		this.authorizationResponse = TestOAuth2AuthorizationResponses.success().build();
 		this.authorizationExchange = new OAuth2AuthorizationExchange(this.authorizationRequest,
 				this.authorizationResponse);
 		this.accessTokenResponseClient = mock(OAuth2AccessTokenResponseClient.class);
@@ -121,7 +120,8 @@ public class OAuth2LoginAuthenticationProviderTests {
 
 	@Test
 	public void authenticateWhenAuthorizationRequestContainsOpenidScopeThenReturnNull() {
-		OAuth2AuthorizationRequest authorizationRequest = request().scope("openid").build();
+		OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request().scope("openid")
+				.build();
 		OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(authorizationRequest,
 				this.authorizationResponse);
 
@@ -136,7 +136,8 @@ public class OAuth2LoginAuthenticationProviderTests {
 		this.exception.expect(OAuth2AuthenticationException.class);
 		this.exception.expectMessage(containsString(OAuth2ErrorCodes.INVALID_REQUEST));
 
-		OAuth2AuthorizationResponse authorizationResponse = error().errorCode(OAuth2ErrorCodes.INVALID_REQUEST).build();
+		OAuth2AuthorizationResponse authorizationResponse = TestOAuth2AuthorizationResponses.error()
+				.errorCode(OAuth2ErrorCodes.INVALID_REQUEST).build();
 		OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(this.authorizationRequest,
 				authorizationResponse);
 
@@ -149,7 +150,8 @@ public class OAuth2LoginAuthenticationProviderTests {
 		this.exception.expect(OAuth2AuthenticationException.class);
 		this.exception.expectMessage(containsString("invalid_state_parameter"));
 
-		OAuth2AuthorizationResponse authorizationResponse = success().state("67890").build();
+		OAuth2AuthorizationResponse authorizationResponse = TestOAuth2AuthorizationResponses.success().state("67890")
+				.build();
 		OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(this.authorizationRequest,
 				authorizationResponse);
 
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationTokenTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationTokenTests.java
index c2c3c312e0..0fd7bc89b3 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationTokenTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationTokenTests.java
@@ -23,16 +23,16 @@ import org.junit.Test;
 
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
+import org.springframework.security.oauth2.client.registration.TestClientRegistrations;
 import org.springframework.security.oauth2.core.OAuth2AccessToken;
+import org.springframework.security.oauth2.core.TestOAuth2AccessTokens;
 import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange;
+import org.springframework.security.oauth2.core.endpoint.TestOAuth2AuthorizationRequests;
+import org.springframework.security.oauth2.core.endpoint.TestOAuth2AuthorizationResponses;
 import org.springframework.security.oauth2.core.user.OAuth2User;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.Mockito.mock;
-import static org.springframework.security.oauth2.client.registration.TestClientRegistrations.clientRegistration;
-import static org.springframework.security.oauth2.core.TestOAuth2AccessTokens.noScopes;
-import static org.springframework.security.oauth2.core.endpoint.TestOAuth2AuthorizationRequests.request;
-import static org.springframework.security.oauth2.core.endpoint.TestOAuth2AuthorizationResponses.success;
 
 /**
  * Tests for {@link OAuth2LoginAuthenticationToken}.
@@ -55,9 +55,10 @@ public class OAuth2LoginAuthenticationTokenTests {
 	public void setUp() {
 		this.principal = mock(OAuth2User.class);
 		this.authorities = Collections.emptyList();
-		this.clientRegistration = clientRegistration().build();
-		this.authorizationExchange = new OAuth2AuthorizationExchange(request().build(), success().code("code").build());
-		this.accessToken = noScopes();
+		this.clientRegistration = TestClientRegistrations.clientRegistration().build();
+		this.authorizationExchange = new OAuth2AuthorizationExchange(TestOAuth2AuthorizationRequests.request().build(),
+				TestOAuth2AuthorizationResponses.success().code("code").build());
+		this.accessToken = TestOAuth2AccessTokens.noScopes();
 	}
 
 	@Test(expected = IllegalArgumentException.class)
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/NimbusAuthorizationCodeTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/NimbusAuthorizationCodeTokenResponseClientTests.java
index 27f5322891..6928ec433a 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/NimbusAuthorizationCodeTokenResponseClientTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/NimbusAuthorizationCodeTokenResponseClientTests.java
@@ -27,6 +27,7 @@ import org.junit.rules.ExpectedException;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.MediaType;
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
+import org.springframework.security.oauth2.client.registration.TestClientRegistrations;
 import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
 import org.springframework.security.oauth2.core.OAuth2AccessToken;
 import org.springframework.security.oauth2.core.OAuth2AuthorizationException;
@@ -34,12 +35,11 @@ import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenRespon
 import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange;
 import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
 import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse;
+import org.springframework.security.oauth2.core.endpoint.TestOAuth2AuthorizationRequests;
+import org.springframework.security.oauth2.core.endpoint.TestOAuth2AuthorizationResponses;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.hamcrest.CoreMatchers.containsString;
-import static org.springframework.security.oauth2.client.registration.TestClientRegistrations.clientRegistration;
-import static org.springframework.security.oauth2.core.endpoint.TestOAuth2AuthorizationRequests.request;
-import static org.springframework.security.oauth2.core.endpoint.TestOAuth2AuthorizationResponses.success;
 
 /**
  * Tests for {@link NimbusAuthorizationCodeTokenResponseClient}.
@@ -63,10 +63,10 @@ public class NimbusAuthorizationCodeTokenResponseClientTests {
 
 	@Before
 	public void setUp() {
-		this.clientRegistrationBuilder = clientRegistration()
+		this.clientRegistrationBuilder = TestClientRegistrations.clientRegistration()
 				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC);
-		this.authorizationRequest = request().build();
-		this.authorizationResponse = success().build();
+		this.authorizationRequest = TestOAuth2AuthorizationRequests.request().build();
+		this.authorizationResponse = TestOAuth2AuthorizationResponses.success().build();
 		this.authorizationExchange = new OAuth2AuthorizationExchange(this.authorizationRequest,
 				this.authorizationResponse);
 	}
@@ -112,7 +112,8 @@ public class NimbusAuthorizationCodeTokenResponseClientTests {
 		this.exception.expect(IllegalArgumentException.class);
 
 		String redirectUri = "http:\\example.com";
-		OAuth2AuthorizationRequest authorizationRequest = request().redirectUri(redirectUri).build();
+		OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request()
+				.redirectUri(redirectUri).build();
 		OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(authorizationRequest,
 				this.authorizationResponse);
 
@@ -260,8 +261,8 @@ public class NimbusAuthorizationCodeTokenResponseClientTests {
 		String tokenUri = server.url("/oauth2/token").toString();
 		this.clientRegistrationBuilder.tokenUri(tokenUri);
 
-		OAuth2AuthorizationRequest authorizationRequest = request().scope("openid", "profile", "email", "address")
-				.build();
+		OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request()
+				.scope("openid", "profile", "email", "address").build();
 		OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(authorizationRequest,
 				this.authorizationResponse);
 
@@ -287,8 +288,8 @@ public class NimbusAuthorizationCodeTokenResponseClientTests {
 		String tokenUri = server.url("/oauth2/token").toString();
 		this.clientRegistrationBuilder.tokenUri(tokenUri);
 
-		OAuth2AuthorizationRequest authorizationRequest = request().scope("openid", "profile", "email", "address")
-				.build();
+		OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request()
+				.scope("openid", "profile", "email", "address").build();
 		OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(authorizationRequest,
 				this.authorizationResponse);
 
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestEntityConverterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestEntityConverterTests.java
index 6060fc316e..c366481e19 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestEntityConverterTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestEntityConverterTests.java
@@ -37,7 +37,6 @@ import org.springframework.security.oauth2.core.endpoint.PkceParameterNames;
 import org.springframework.util.MultiValueMap;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.springframework.http.MediaType.APPLICATION_FORM_URLENCODED_VALUE;
 
 /**
  * Tests for {@link OAuth2AuthorizationCodeGrantRequestEntityConverter}.
@@ -84,7 +83,7 @@ public class OAuth2AuthorizationCodeGrantRequestEntityConverterTests {
 		HttpHeaders headers = requestEntity.getHeaders();
 		assertThat(headers.getAccept()).contains(MediaType.APPLICATION_JSON_UTF8);
 		assertThat(headers.getContentType())
-				.isEqualTo(MediaType.valueOf(APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8"));
+				.isEqualTo(MediaType.valueOf(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8"));
 		assertThat(headers.getFirst(HttpHeaders.AUTHORIZATION)).startsWith("Basic ");
 
 		MultiValueMap<String, String> formParameters = (MultiValueMap<String, String>) requestEntity.getBody();
@@ -127,7 +126,7 @@ public class OAuth2AuthorizationCodeGrantRequestEntityConverterTests {
 		HttpHeaders headers = requestEntity.getHeaders();
 		assertThat(headers.getAccept()).contains(MediaType.APPLICATION_JSON_UTF8);
 		assertThat(headers.getContentType())
-				.isEqualTo(MediaType.valueOf(APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8"));
+				.isEqualTo(MediaType.valueOf(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8"));
 		assertThat(headers.getFirst(HttpHeaders.AUTHORIZATION)).isNull();
 
 		MultiValueMap<String, String> formParameters = (MultiValueMap<String, String>) requestEntity.getBody();
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestTests.java
index 2a70175ca1..53b1c25372 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestTests.java
@@ -19,12 +19,12 @@ import org.junit.Before;
 import org.junit.Test;
 
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
+import org.springframework.security.oauth2.client.registration.TestClientRegistrations;
 import org.springframework.security.oauth2.core.AuthorizationGrantType;
 import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange;
+import org.springframework.security.oauth2.core.endpoint.TestOAuth2AuthorizationExchanges;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.springframework.security.oauth2.client.registration.TestClientRegistrations.clientRegistration;
-import static org.springframework.security.oauth2.core.endpoint.TestOAuth2AuthorizationExchanges.success;
 
 /**
  * Tests for {@link OAuth2AuthorizationCodeGrantRequest}.
@@ -39,8 +39,8 @@ public class OAuth2AuthorizationCodeGrantRequestTests {
 
 	@Before
 	public void setUp() {
-		this.clientRegistration = clientRegistration().build();
-		this.authorizationExchange = success();
+		this.clientRegistration = TestClientRegistrations.clientRegistration().build();
+		this.authorizationExchange = TestOAuth2AuthorizationExchanges.success();
 	}
 
 	@Test(expected = IllegalArgumentException.class)
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestEntityConverterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestEntityConverterTests.java
index dcc6e6cc64..2e4a53c849 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestEntityConverterTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestEntityConverterTests.java
@@ -29,7 +29,6 @@ import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
 import org.springframework.util.MultiValueMap;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.springframework.http.MediaType.APPLICATION_FORM_URLENCODED_VALUE;
 
 /**
  * Tests for {@link OAuth2ClientCredentialsGrantRequestEntityConverter}.
@@ -66,7 +65,7 @@ public class OAuth2ClientCredentialsGrantRequestEntityConverterTests {
 		HttpHeaders headers = requestEntity.getHeaders();
 		assertThat(headers.getAccept()).contains(MediaType.APPLICATION_JSON_UTF8);
 		assertThat(headers.getContentType())
-				.isEqualTo(MediaType.valueOf(APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8"));
+				.isEqualTo(MediaType.valueOf(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8"));
 		assertThat(headers.getFirst(HttpHeaders.AUTHORIZATION)).startsWith("Basic ");
 
 		MultiValueMap<String, String> formParameters = (MultiValueMap<String, String>) requestEntity.getBody();
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestTests.java
index 35bb1b74dd..60a8f12d0d 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestTests.java
@@ -23,7 +23,7 @@ import org.springframework.security.oauth2.core.AuthorizationGrantType;
 import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Java6Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
 
 /**
  * Tests for {@link OAuth2ClientCredentialsGrantRequest}.
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2PasswordGrantRequestEntityConverterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2PasswordGrantRequestEntityConverterTests.java
index 127adf35fd..add7b3eba4 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2PasswordGrantRequestEntityConverterTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2PasswordGrantRequestEntityConverterTests.java
@@ -29,7 +29,6 @@ import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
 import org.springframework.util.MultiValueMap;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.springframework.http.MediaType.APPLICATION_FORM_URLENCODED_VALUE;
 
 /**
  * Tests for {@link OAuth2PasswordGrantRequestEntityConverter}.
@@ -63,7 +62,7 @@ public class OAuth2PasswordGrantRequestEntityConverterTests {
 		HttpHeaders headers = requestEntity.getHeaders();
 		assertThat(headers.getAccept()).contains(MediaType.APPLICATION_JSON_UTF8);
 		assertThat(headers.getContentType())
-				.isEqualTo(MediaType.valueOf(APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8"));
+				.isEqualTo(MediaType.valueOf(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8"));
 		assertThat(headers.getFirst(HttpHeaders.AUTHORIZATION)).startsWith("Basic ");
 
 		MultiValueMap<String, String> formParameters = (MultiValueMap<String, String>) requestEntity.getBody();
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2RefreshTokenGrantRequestEntityConverterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2RefreshTokenGrantRequestEntityConverterTests.java
index 02b7bf6ff3..c696b34592 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2RefreshTokenGrantRequestEntityConverterTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2RefreshTokenGrantRequestEntityConverterTests.java
@@ -34,7 +34,6 @@ import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
 import org.springframework.util.MultiValueMap;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.springframework.http.MediaType.APPLICATION_FORM_URLENCODED_VALUE;
 
 /**
  * Tests for {@link OAuth2RefreshTokenGrantRequestEntityConverter}.
@@ -69,7 +68,7 @@ public class OAuth2RefreshTokenGrantRequestEntityConverterTests {
 		HttpHeaders headers = requestEntity.getHeaders();
 		assertThat(headers.getAccept()).contains(MediaType.APPLICATION_JSON_UTF8);
 		assertThat(headers.getContentType())
-				.isEqualTo(MediaType.valueOf(APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8"));
+				.isEqualTo(MediaType.valueOf(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8"));
 		assertThat(headers.getFirst(HttpHeaders.AUTHORIZATION)).startsWith("Basic ");
 
 		MultiValueMap<String, String> formParameters = (MultiValueMap<String, String>) requestEntity.getBody();
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationTokenMixinTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationTokenMixinTests.java
index db8b48d968..eeca9168d6 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationTokenMixinTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationTokenMixinTests.java
@@ -37,6 +37,7 @@ import org.springframework.security.oauth2.client.authentication.TestOAuth2Authe
 import org.springframework.security.oauth2.core.oidc.IdTokenClaimNames;
 import org.springframework.security.oauth2.core.oidc.OidcIdToken;
 import org.springframework.security.oauth2.core.oidc.OidcUserInfo;
+import org.springframework.security.oauth2.core.oidc.StandardClaimNames;
 import org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser;
 import org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority;
 import org.springframework.security.oauth2.core.oidc.user.TestOidcUsers;
@@ -47,7 +48,6 @@ import org.springframework.util.StringUtils;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
-import static org.springframework.security.oauth2.core.oidc.StandardClaimNames.NAME;
 
 /**
  * Tests for {@link OAuth2AuthenticationTokenMixin}.
@@ -317,7 +317,7 @@ public class OAuth2AuthenticationTokenMixinTests {
 				"      \"claims\": {\n" +
 				"        \"@class\": \"java.util.Collections$UnmodifiableMap\",\n" +
 				"        \"sub\": \"" + userInfo.getSubject() + "\",\n" +
-				"        \"name\": \"" + userInfo.getClaim(NAME) + "\"\n" +
+				"        \"name\": \"" + userInfo.getClaim(StandardClaimNames.NAME) + "\"\n" +
 				"      }\n" +
 				"    }";
 		// @formatter:on
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProviderTests.java
index 6cad3746f6..2be0abc377 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProviderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProviderTests.java
@@ -43,6 +43,7 @@ import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResp
 import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest;
 import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest;
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
+import org.springframework.security.oauth2.client.registration.TestClientRegistrations;
 import org.springframework.security.oauth2.client.userinfo.OAuth2UserService;
 import org.springframework.security.oauth2.core.OAuth2AccessToken;
 import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
@@ -51,12 +52,15 @@ import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenRespon
 import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange;
 import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
 import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse;
+import org.springframework.security.oauth2.core.endpoint.TestOAuth2AuthorizationRequests;
+import org.springframework.security.oauth2.core.endpoint.TestOAuth2AuthorizationResponses;
 import org.springframework.security.oauth2.core.oidc.IdTokenClaimNames;
 import org.springframework.security.oauth2.core.oidc.endpoint.OidcParameterNames;
 import org.springframework.security.oauth2.core.oidc.user.OidcUser;
 import org.springframework.security.oauth2.jwt.Jwt;
 import org.springframework.security.oauth2.jwt.JwtDecoder;
 import org.springframework.security.oauth2.jwt.JwtException;
+import org.springframework.security.oauth2.jwt.TestJwts;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.hamcrest.CoreMatchers.containsString;
@@ -65,12 +69,6 @@ import static org.mockito.ArgumentMatchers.anyCollection;
 import static org.mockito.ArgumentMatchers.anyString;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
-import static org.springframework.security.oauth2.client.oidc.authentication.OidcAuthorizationCodeAuthenticationProvider.createHash;
-import static org.springframework.security.oauth2.client.registration.TestClientRegistrations.clientRegistration;
-import static org.springframework.security.oauth2.core.endpoint.TestOAuth2AuthorizationRequests.request;
-import static org.springframework.security.oauth2.core.endpoint.TestOAuth2AuthorizationResponses.error;
-import static org.springframework.security.oauth2.core.endpoint.TestOAuth2AuthorizationResponses.success;
-import static org.springframework.security.oauth2.jwt.TestJwts.jwt;
 
 /**
  * Tests for {@link OidcAuthorizationCodeAuthenticationProvider}.
@@ -107,20 +105,20 @@ public class OidcAuthorizationCodeAuthenticationProviderTests {
 	@Before
 	@SuppressWarnings("unchecked")
 	public void setUp() {
-		this.clientRegistration = clientRegistration().clientId("client1").build();
+		this.clientRegistration = TestClientRegistrations.clientRegistration().clientId("client1").build();
 		Map<String, Object> attributes = new HashMap<>();
 		Map<String, Object> additionalParameters = new HashMap<>();
 		try {
 			String nonce = this.secureKeyGenerator.generateKey();
-			this.nonceHash = createHash(nonce);
+			this.nonceHash = OidcAuthorizationCodeAuthenticationProvider.createHash(nonce);
 			attributes.put(OidcParameterNames.NONCE, nonce);
 			additionalParameters.put(OidcParameterNames.NONCE, this.nonceHash);
 		}
 		catch (NoSuchAlgorithmException e) {
 		}
-		this.authorizationRequest = request().scope("openid", "profile", "email").attributes(attributes)
-				.additionalParameters(additionalParameters).build();
-		this.authorizationResponse = success().build();
+		this.authorizationRequest = TestOAuth2AuthorizationRequests.request().scope("openid", "profile", "email")
+				.attributes(attributes).additionalParameters(additionalParameters).build();
+		this.authorizationResponse = TestOAuth2AuthorizationResponses.success().build();
 		this.authorizationExchange = new OAuth2AuthorizationExchange(this.authorizationRequest,
 				this.authorizationResponse);
 		this.accessTokenResponseClient = mock(OAuth2AccessTokenResponseClient.class);
@@ -163,7 +161,8 @@ public class OidcAuthorizationCodeAuthenticationProviderTests {
 
 	@Test
 	public void authenticateWhenAuthorizationRequestDoesNotContainOpenidScopeThenReturnNull() {
-		OAuth2AuthorizationRequest authorizationRequest = request().scope("scope1").build();
+		OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request().scope("scope1")
+				.build();
 		OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(authorizationRequest,
 				this.authorizationResponse);
 
@@ -178,7 +177,8 @@ public class OidcAuthorizationCodeAuthenticationProviderTests {
 		this.exception.expect(OAuth2AuthenticationException.class);
 		this.exception.expectMessage(containsString(OAuth2ErrorCodes.INVALID_SCOPE));
 
-		OAuth2AuthorizationResponse authorizationResponse = error().errorCode(OAuth2ErrorCodes.INVALID_SCOPE).build();
+		OAuth2AuthorizationResponse authorizationResponse = TestOAuth2AuthorizationResponses.error()
+				.errorCode(OAuth2ErrorCodes.INVALID_SCOPE).build();
 		OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(this.authorizationRequest,
 				authorizationResponse);
 
@@ -191,7 +191,8 @@ public class OidcAuthorizationCodeAuthenticationProviderTests {
 		this.exception.expect(OAuth2AuthenticationException.class);
 		this.exception.expectMessage(containsString("invalid_state_parameter"));
 
-		OAuth2AuthorizationResponse authorizationResponse = success().state("89012").build();
+		OAuth2AuthorizationResponse authorizationResponse = TestOAuth2AuthorizationResponses.success().state("89012")
+				.build();
 		OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(this.authorizationRequest,
 				authorizationResponse);
 
@@ -217,7 +218,7 @@ public class OidcAuthorizationCodeAuthenticationProviderTests {
 		this.exception.expect(OAuth2AuthenticationException.class);
 		this.exception.expectMessage(containsString("missing_signature_verifier"));
 
-		ClientRegistration clientRegistration = clientRegistration().jwkSetUri(null).build();
+		ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().jwkSetUri(null).build();
 
 		this.authenticationProvider
 				.authenticate(new OAuth2LoginAuthenticationToken(clientRegistration, this.authorizationExchange));
@@ -333,7 +334,7 @@ public class OidcAuthorizationCodeAuthenticationProviderTests {
 	}
 
 	private void setUpIdToken(Map<String, Object> claims) {
-		Jwt idToken = jwt().claims(c -> c.putAll(claims)).build();
+		Jwt idToken = TestJwts.jwt().claims(c -> c.putAll(claims)).build();
 		JwtDecoder jwtDecoder = mock(JwtDecoder.class);
 		given(jwtDecoder.decode(anyString())).willReturn(idToken);
 		this.authenticationProvider.setJwtDecoderFactory(registration -> jwtDecoder);
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManagerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManagerTests.java
index 74bbe392bd..86935d9027 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManagerTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManagerTests.java
@@ -63,6 +63,7 @@ import org.springframework.security.oauth2.core.oidc.user.OidcUser;
 import org.springframework.security.oauth2.jwt.Jwt;
 import org.springframework.security.oauth2.jwt.JwtException;
 import org.springframework.security.oauth2.jwt.ReactiveJwtDecoder;
+import org.springframework.security.oauth2.jwt.TestJwts;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatCode;
@@ -71,8 +72,6 @@ import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyCollection;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
-import static org.springframework.security.oauth2.client.oidc.authentication.OidcAuthorizationCodeReactiveAuthenticationManager.createHash;
-import static org.springframework.security.oauth2.jwt.TestJwts.jwt;
 
 /**
  * @author Rob Winch
@@ -196,7 +195,7 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests {
 		claims.put(IdTokenClaimNames.SUB, "sub");
 		claims.put(IdTokenClaimNames.AUD, Arrays.asList("client-id"));
 		claims.put(IdTokenClaimNames.NONCE, "invalid-nonce-hash");
-		Jwt idToken = jwt().claims(c -> c.putAll(claims)).build();
+		Jwt idToken = TestJwts.jwt().claims(c -> c.putAll(claims)).build();
 
 		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse));
 		given(this.jwtDecoder.decode(any())).willReturn(Mono.just(idToken));
@@ -221,7 +220,7 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests {
 		claims.put(IdTokenClaimNames.SUB, "rob");
 		claims.put(IdTokenClaimNames.AUD, Arrays.asList("client-id"));
 		claims.put(IdTokenClaimNames.NONCE, this.nonceHash);
-		Jwt idToken = jwt().claims(c -> c.putAll(claims)).build();
+		Jwt idToken = TestJwts.jwt().claims(c -> c.putAll(claims)).build();
 
 		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse));
 		given(this.userService.loadUser(any())).willReturn(Mono.empty());
@@ -244,7 +243,7 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests {
 		claims.put(IdTokenClaimNames.SUB, "rob");
 		claims.put(IdTokenClaimNames.AUD, Arrays.asList("client-id"));
 		claims.put(IdTokenClaimNames.NONCE, this.nonceHash);
-		Jwt idToken = jwt().claims(c -> c.putAll(claims)).build();
+		Jwt idToken = TestJwts.jwt().claims(c -> c.putAll(claims)).build();
 
 		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse));
 		DefaultOidcUser user = new DefaultOidcUser(AuthorityUtils.createAuthorityList("ROLE_USER"), this.idToken);
@@ -275,7 +274,7 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests {
 		claims.put(IdTokenClaimNames.SUB, "rob");
 		claims.put(IdTokenClaimNames.AUD, Arrays.asList("client-id"));
 		claims.put(IdTokenClaimNames.NONCE, this.nonceHash);
-		Jwt idToken = jwt().claims(c -> c.putAll(claims)).build();
+		Jwt idToken = TestJwts.jwt().claims(c -> c.putAll(claims)).build();
 
 		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse));
 		DefaultOidcUser user = new DefaultOidcUser(AuthorityUtils.createAuthorityList("ROLE_USER"), this.idToken);
@@ -310,7 +309,7 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests {
 		claims.put(IdTokenClaimNames.SUB, "rob");
 		claims.put(IdTokenClaimNames.AUD, Arrays.asList(clientRegistration.getClientId()));
 		claims.put(IdTokenClaimNames.NONCE, this.nonceHash);
-		Jwt idToken = jwt().claims(c -> c.putAll(claims)).build();
+		Jwt idToken = TestJwts.jwt().claims(c -> c.putAll(claims)).build();
 
 		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse));
 		DefaultOidcUser user = new DefaultOidcUser(AuthorityUtils.createAuthorityList("ROLE_USER"), this.idToken);
@@ -340,7 +339,7 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests {
 		claims.put(IdTokenClaimNames.SUB, "rob");
 		claims.put(IdTokenClaimNames.AUD, Collections.singletonList(clientRegistration.getClientId()));
 		claims.put(IdTokenClaimNames.NONCE, this.nonceHash);
-		Jwt idToken = jwt().claims(c -> c.putAll(claims)).build();
+		Jwt idToken = TestJwts.jwt().claims(c -> c.putAll(claims)).build();
 
 		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse));
 		DefaultOidcUser user = new DefaultOidcUser(AuthorityUtils.createAuthorityList("ROLE_USER"), this.idToken);
@@ -366,7 +365,7 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests {
 		Map<String, Object> additionalParameters = new HashMap<>();
 		try {
 			String nonce = this.secureKeyGenerator.generateKey();
-			this.nonceHash = createHash(nonce);
+			this.nonceHash = OidcAuthorizationCodeReactiveAuthenticationManager.createHash(nonce);
 			attributes.put(OidcParameterNames.NONCE, nonce);
 			additionalParameters.put(OidcParameterNames.NONCE, this.nonceHash);
 		}
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcReactiveOAuth2UserServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcReactiveOAuth2UserServiceTests.java
index 04a51b5d20..1d9af0f825 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcReactiveOAuth2UserServiceTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcReactiveOAuth2UserServiceTests.java
@@ -41,10 +41,12 @@ import org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest;
 import org.springframework.security.oauth2.client.userinfo.ReactiveOAuth2UserService;
 import org.springframework.security.oauth2.core.OAuth2AccessToken;
 import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
+import org.springframework.security.oauth2.core.TestOAuth2AccessTokens;
 import org.springframework.security.oauth2.core.converter.ClaimTypeConverter;
 import org.springframework.security.oauth2.core.oidc.IdTokenClaimNames;
 import org.springframework.security.oauth2.core.oidc.OidcIdToken;
 import org.springframework.security.oauth2.core.oidc.StandardClaimNames;
+import org.springframework.security.oauth2.core.oidc.TestOidcIdTokens;
 import org.springframework.security.oauth2.core.oidc.user.OidcUser;
 import org.springframework.security.oauth2.core.user.DefaultOAuth2User;
 import org.springframework.security.oauth2.core.user.OAuth2User;
@@ -58,10 +60,6 @@ import static org.mockito.ArgumentMatchers.same;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
-import static org.springframework.security.oauth2.client.registration.TestClientRegistrations.clientRegistration;
-import static org.springframework.security.oauth2.core.TestOAuth2AccessTokens.noScopes;
-import static org.springframework.security.oauth2.core.TestOAuth2AccessTokens.scopes;
-import static org.springframework.security.oauth2.core.oidc.TestOidcIdTokens.idToken;
 
 /**
  * @author Rob Winch
@@ -76,7 +74,7 @@ public class OidcReactiveOAuth2UserServiceTests {
 	private ClientRegistration.Builder registration = TestClientRegistrations.clientRegistration()
 			.userNameAttributeName(IdTokenClaimNames.SUB);
 
-	private OidcIdToken idToken = idToken().build();
+	private OidcIdToken idToken = TestOidcIdTokens.idToken().build();
 
 	private OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, "token",
 			Instant.now(), Instant.now().plus(Duration.ofDays(1)), Collections.singleton("read:user"));
@@ -195,8 +193,8 @@ public class OidcReactiveOAuth2UserServiceTests {
 	@Test
 	public void loadUserWhenTokenContainsScopesThenIndividualScopeAuthorities() {
 		OidcReactiveOAuth2UserService userService = new OidcReactiveOAuth2UserService();
-		OidcUserRequest request = new OidcUserRequest(clientRegistration().build(),
-				scopes("message:read", "message:write"), idToken().build());
+		OidcUserRequest request = new OidcUserRequest(TestClientRegistrations.clientRegistration().build(),
+				TestOAuth2AccessTokens.scopes("message:read", "message:write"), TestOidcIdTokens.idToken().build());
 		OidcUser user = userService.loadUser(request).block();
 
 		assertThat(user.getAuthorities()).hasSize(3);
@@ -209,7 +207,8 @@ public class OidcReactiveOAuth2UserServiceTests {
 	@Test
 	public void loadUserWhenTokenDoesNotContainScopesThenNoScopeAuthorities() {
 		OidcReactiveOAuth2UserService userService = new OidcReactiveOAuth2UserService();
-		OidcUserRequest request = new OidcUserRequest(clientRegistration().build(), noScopes(), idToken().build());
+		OidcUserRequest request = new OidcUserRequest(TestClientRegistrations.clientRegistration().build(),
+				TestOAuth2AccessTokens.noScopes(), TestOidcIdTokens.idToken().build());
 		OidcUser user = userService.loadUser(request).block();
 
 		assertThat(user.getAuthorities()).hasSize(1);
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestTests.java
index 88f668af69..a5ac5ebdc3 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestTests.java
@@ -25,13 +25,13 @@ import org.junit.Before;
 import org.junit.Test;
 
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
+import org.springframework.security.oauth2.client.registration.TestClientRegistrations;
 import org.springframework.security.oauth2.core.OAuth2AccessToken;
 import org.springframework.security.oauth2.core.oidc.OidcIdToken;
+import org.springframework.security.oauth2.core.oidc.TestOidcIdTokens;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
-import static org.springframework.security.oauth2.client.registration.TestClientRegistrations.clientRegistration;
-import static org.springframework.security.oauth2.core.oidc.TestOidcIdTokens.idToken;
 
 /**
  * Tests for {@link OidcUserRequest}.
@@ -50,10 +50,10 @@ public class OidcUserRequestTests {
 
 	@Before
 	public void setUp() {
-		this.clientRegistration = clientRegistration().build();
+		this.clientRegistration = TestClientRegistrations.clientRegistration().build();
 		this.accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, "access-token-1234", Instant.now(),
 				Instant.now().plusSeconds(60), new LinkedHashSet<>(Arrays.asList("scope1", "scope2")));
-		this.idToken = idToken().authorizedParty(this.clientRegistration.getClientId()).build();
+		this.idToken = TestOidcIdTokens.idToken().authorizedParty(this.clientRegistration.getClientId()).build();
 		this.additionalParameters = new HashMap<>();
 		this.additionalParameters.put("param1", "value1");
 		this.additionalParameters.put("param2", "value2");
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserServiceTests.java
index 229e38c64f..017b77408a 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserServiceTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserServiceTests.java
@@ -39,15 +39,18 @@ import org.springframework.http.MediaType;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
+import org.springframework.security.oauth2.client.registration.TestClientRegistrations;
 import org.springframework.security.oauth2.client.userinfo.DefaultOAuth2UserService;
 import org.springframework.security.oauth2.core.AuthenticationMethod;
 import org.springframework.security.oauth2.core.OAuth2AccessToken;
 import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
+import org.springframework.security.oauth2.core.TestOAuth2AccessTokens;
 import org.springframework.security.oauth2.core.converter.ClaimTypeConverter;
 import org.springframework.security.oauth2.core.oidc.IdTokenClaimNames;
 import org.springframework.security.oauth2.core.oidc.OidcIdToken;
 import org.springframework.security.oauth2.core.oidc.OidcScopes;
 import org.springframework.security.oauth2.core.oidc.StandardClaimNames;
+import org.springframework.security.oauth2.core.oidc.TestOidcIdTokens;
 import org.springframework.security.oauth2.core.oidc.user.OidcUser;
 import org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority;
 
@@ -58,10 +61,6 @@ import static org.mockito.ArgumentMatchers.same;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
-import static org.springframework.security.oauth2.client.registration.TestClientRegistrations.clientRegistration;
-import static org.springframework.security.oauth2.core.TestOAuth2AccessTokens.noScopes;
-import static org.springframework.security.oauth2.core.TestOAuth2AccessTokens.scopes;
-import static org.springframework.security.oauth2.core.oidc.TestOidcIdTokens.idToken;
 
 /**
  * Tests for {@link OidcUserService}.
@@ -87,11 +86,11 @@ public class OidcUserServiceTests {
 	public void setup() throws Exception {
 		this.server = new MockWebServer();
 		this.server.start();
-		this.clientRegistrationBuilder = clientRegistration().userInfoUri(null)
+		this.clientRegistrationBuilder = TestClientRegistrations.clientRegistration().userInfoUri(null)
 				.userInfoAuthenticationMethod(AuthenticationMethod.HEADER)
 				.userNameAttributeName(StandardClaimNames.SUB);
 
-		this.accessToken = scopes(OidcScopes.OPENID, OidcScopes.PROFILE);
+		this.accessToken = TestOAuth2AccessTokens.scopes(OidcScopes.OPENID, OidcScopes.PROFILE);
 
 		Map<String, Object> idTokenClaims = new HashMap<>();
 		idTokenClaims.put(IdTokenClaimNames.ISS, "https://provider.com");
@@ -154,7 +153,7 @@ public class OidcUserServiceTests {
 	public void loadUserWhenNonStandardScopesAuthorizedThenUserInfoEndpointNotRequested() {
 		ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri("https://provider.com/user")
 				.build();
-		this.accessToken = scopes("scope1", "scope2");
+		this.accessToken = TestOAuth2AccessTokens.scopes("scope1", "scope2");
 
 		OidcUser user = this.userService
 				.loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken));
@@ -173,7 +172,7 @@ public class OidcUserServiceTests {
 
 		ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).build();
 
-		this.accessToken = scopes("scope1", "scope2");
+		this.accessToken = TestOAuth2AccessTokens.scopes("scope1", "scope2");
 		this.userService.setAccessibleScopes(Collections.singleton("scope2"));
 
 		OidcUser user = this.userService
@@ -193,7 +192,7 @@ public class OidcUserServiceTests {
 
 		ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).build();
 
-		this.accessToken = scopes("scope1", "scope2");
+		this.accessToken = TestOAuth2AccessTokens.scopes("scope1", "scope2");
 		this.userService.setAccessibleScopes(Collections.emptySet());
 
 		OidcUser user = this.userService
@@ -434,8 +433,8 @@ public class OidcUserServiceTests {
 	@Test
 	public void loadUserWhenTokenContainsScopesThenIndividualScopeAuthorities() {
 		OidcUserService userService = new OidcUserService();
-		OidcUserRequest request = new OidcUserRequest(clientRegistration().build(),
-				scopes("message:read", "message:write"), idToken().build());
+		OidcUserRequest request = new OidcUserRequest(TestClientRegistrations.clientRegistration().build(),
+				TestOAuth2AccessTokens.scopes("message:read", "message:write"), TestOidcIdTokens.idToken().build());
 		OidcUser user = userService.loadUser(request);
 
 		assertThat(user.getAuthorities()).hasSize(3);
@@ -448,7 +447,8 @@ public class OidcUserServiceTests {
 	@Test
 	public void loadUserWhenTokenDoesNotContainScopesThenNoScopeAuthorities() {
 		OidcUserService userService = new OidcUserService();
-		OidcUserRequest request = new OidcUserRequest(clientRegistration().build(), noScopes(), idToken().build());
+		OidcUserRequest request = new OidcUserRequest(TestClientRegistrations.clientRegistration().build(),
+				TestOAuth2AccessTokens.noScopes(), TestOidcIdTokens.idToken().build());
 		OidcUser user = userService.loadUser(request);
 
 		assertThat(user.getAuthorities()).hasSize(1);
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationTests.java
index b841824ae5..33bea2962b 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationTests.java
@@ -30,8 +30,6 @@ import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
-import static org.springframework.security.oauth2.client.registration.ClientRegistration.withClientRegistration;
-import static org.springframework.security.oauth2.client.registration.TestClientRegistrations.clientRegistration;
 
 /**
  * Tests for {@link ClientRegistration}.
@@ -497,8 +495,8 @@ public class ClientRegistrationTests {
 
 	@Test
 	public void buildWhenClientRegistrationProvidedThenMakesACopy() {
-		ClientRegistration clientRegistration = clientRegistration().build();
-		ClientRegistration updated = withClientRegistration(clientRegistration).build();
+		ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build();
+		ClientRegistration updated = ClientRegistration.withClientRegistration(clientRegistration).build();
 		assertThat(clientRegistration.getScopes()).isEqualTo(updated.getScopes());
 		assertThat(clientRegistration.getScopes()).isNotSameAs(updated.getScopes());
 		assertThat(clientRegistration.getProviderDetails().getConfigurationMetadata())
@@ -509,8 +507,8 @@ public class ClientRegistrationTests {
 
 	@Test
 	public void buildWhenClientRegistrationProvidedThenEachPropertyMatches() {
-		ClientRegistration clientRegistration = clientRegistration().build();
-		ClientRegistration updated = withClientRegistration(clientRegistration).build();
+		ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build();
+		ClientRegistration updated = ClientRegistration.withClientRegistration(clientRegistration).build();
 		assertThat(clientRegistration.getRegistrationId()).isEqualTo(updated.getRegistrationId());
 		assertThat(clientRegistration.getClientId()).isEqualTo(updated.getClientId());
 		assertThat(clientRegistration.getClientSecret()).isEqualTo(updated.getClientSecret());
@@ -544,9 +542,9 @@ public class ClientRegistrationTests {
 
 	@Test
 	public void buildWhenClientRegistrationValuesOverriddenThenPropagated() {
-		ClientRegistration clientRegistration = clientRegistration().build();
-		ClientRegistration updated = withClientRegistration(clientRegistration).clientSecret("a-new-secret")
-				.scope("a-new-scope")
+		ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build();
+		ClientRegistration updated = ClientRegistration.withClientRegistration(clientRegistration)
+				.clientSecret("a-new-secret").scope("a-new-scope")
 				.providerConfigurationMetadata(Collections.singletonMap("a-new-config", "a-new-value")).build();
 
 		assertThat(clientRegistration.getClientSecret()).isNotEqualTo(updated.getClientSecret());
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/CustomUserTypesOAuth2UserServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/CustomUserTypesOAuth2UserServiceTests.java
index 1fde0671fd..5fa6eab627 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/CustomUserTypesOAuth2UserServiceTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/CustomUserTypesOAuth2UserServiceTests.java
@@ -34,15 +34,15 @@ import org.springframework.http.MediaType;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
+import org.springframework.security.oauth2.client.registration.TestClientRegistrations;
 import org.springframework.security.oauth2.core.AuthorizationGrantType;
 import org.springframework.security.oauth2.core.OAuth2AccessToken;
 import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
+import org.springframework.security.oauth2.core.TestOAuth2AccessTokens;
 import org.springframework.security.oauth2.core.user.OAuth2User;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.hamcrest.CoreMatchers.containsString;
-import static org.springframework.security.oauth2.client.registration.TestClientRegistrations.clientRegistration;
-import static org.springframework.security.oauth2.core.TestOAuth2AccessTokens.noScopes;
 
 /**
  * Tests for {@link CustomUserTypesOAuth2UserService}.
@@ -68,8 +68,8 @@ public class CustomUserTypesOAuth2UserServiceTests {
 		this.server = new MockWebServer();
 		this.server.start();
 		String registrationId = "client-registration-id-1";
-		this.clientRegistrationBuilder = clientRegistration().registrationId(registrationId);
-		this.accessToken = noScopes();
+		this.clientRegistrationBuilder = TestClientRegistrations.clientRegistration().registrationId(registrationId);
+		this.accessToken = TestOAuth2AccessTokens.noScopes();
 
 		Map<String, Class<? extends OAuth2User>> customUserTypes = new HashMap<>();
 		customUserTypes.put(registrationId, CustomOAuth2User.class);
@@ -113,8 +113,8 @@ public class CustomUserTypesOAuth2UserServiceTests {
 
 	@Test
 	public void loadUserWhenCustomUserTypeNotFoundThenReturnNull() {
-		ClientRegistration clientRegistration = clientRegistration().registrationId("other-client-registration-id-1")
-				.build();
+		ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration()
+				.registrationId("other-client-registration-id-1").build();
 
 		OAuth2User user = this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken));
 		assertThat(user).isNull();
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultOAuth2UserServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultOAuth2UserServiceTests.java
index b4256a3b0b..97db1f4eeb 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultOAuth2UserServiceTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultOAuth2UserServiceTests.java
@@ -40,9 +40,11 @@ import org.springframework.http.ResponseEntity;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
+import org.springframework.security.oauth2.client.registration.TestClientRegistrations;
 import org.springframework.security.oauth2.core.AuthenticationMethod;
 import org.springframework.security.oauth2.core.OAuth2AccessToken;
 import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
+import org.springframework.security.oauth2.core.TestOAuth2AccessTokens;
 import org.springframework.security.oauth2.core.user.OAuth2User;
 import org.springframework.security.oauth2.core.user.OAuth2UserAuthority;
 import org.springframework.web.client.RestOperations;
@@ -53,9 +55,6 @@ import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.nullable;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
-import static org.springframework.security.oauth2.client.registration.TestClientRegistrations.clientRegistration;
-import static org.springframework.security.oauth2.core.TestOAuth2AccessTokens.noScopes;
-import static org.springframework.security.oauth2.core.TestOAuth2AccessTokens.scopes;
 
 /**
  * Tests for {@link DefaultOAuth2UserService}.
@@ -80,8 +79,9 @@ public class DefaultOAuth2UserServiceTests {
 	public void setup() throws Exception {
 		this.server = new MockWebServer();
 		this.server.start();
-		this.clientRegistrationBuilder = clientRegistration().userInfoUri(null).userNameAttributeName(null);
-		this.accessToken = noScopes();
+		this.clientRegistrationBuilder = TestClientRegistrations.clientRegistration().userInfoUri(null)
+				.userNameAttributeName(null);
+		this.accessToken = TestOAuth2AccessTokens.noScopes();
 	}
 
 	@After
@@ -312,8 +312,8 @@ public class DefaultOAuth2UserServiceTests {
 		Map<String, Object> body = new HashMap<>();
 		body.put("id", "id");
 		DefaultOAuth2UserService userService = withMockResponse(body);
-		OAuth2UserRequest request = new OAuth2UserRequest(clientRegistration().build(),
-				scopes("message:read", "message:write"));
+		OAuth2UserRequest request = new OAuth2UserRequest(TestClientRegistrations.clientRegistration().build(),
+				TestOAuth2AccessTokens.scopes("message:read", "message:write"));
 		OAuth2User user = userService.loadUser(request);
 
 		assertThat(user.getAuthorities()).hasSize(3);
@@ -328,7 +328,8 @@ public class DefaultOAuth2UserServiceTests {
 		Map<String, Object> body = new HashMap<>();
 		body.put("id", "id");
 		DefaultOAuth2UserService userService = withMockResponse(body);
-		OAuth2UserRequest request = new OAuth2UserRequest(clientRegistration().build(), noScopes());
+		OAuth2UserRequest request = new OAuth2UserRequest(TestClientRegistrations.clientRegistration().build(),
+				TestOAuth2AccessTokens.noScopes());
 		OAuth2User user = userService.loadUser(request);
 
 		assertThat(user.getAuthorities()).hasSize(1);
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserServiceTests.java
index 2e98a22fe2..2ac7888a57 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserServiceTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserServiceTests.java
@@ -45,6 +45,7 @@ import org.springframework.security.oauth2.client.registration.TestClientRegistr
 import org.springframework.security.oauth2.core.AuthenticationMethod;
 import org.springframework.security.oauth2.core.OAuth2AccessToken;
 import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
+import org.springframework.security.oauth2.core.TestOAuth2AccessTokens;
 import org.springframework.security.oauth2.core.user.OAuth2User;
 import org.springframework.security.oauth2.core.user.OAuth2UserAuthority;
 import org.springframework.web.reactive.function.client.WebClient;
@@ -55,9 +56,6 @@ import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.spy;
-import static org.springframework.security.oauth2.client.registration.TestClientRegistrations.clientRegistration;
-import static org.springframework.security.oauth2.core.TestOAuth2AccessTokens.noScopes;
-import static org.springframework.security.oauth2.core.TestOAuth2AccessTokens.scopes;
 
 /**
  * @author Rob Winch
@@ -208,8 +206,8 @@ public class DefaultReactiveOAuth2UserServiceTests {
 		Map<String, Object> body = new HashMap<>();
 		body.put("id", "id");
 		DefaultReactiveOAuth2UserService userService = withMockResponse(body);
-		OAuth2UserRequest request = new OAuth2UserRequest(clientRegistration().build(),
-				scopes("message:read", "message:write"));
+		OAuth2UserRequest request = new OAuth2UserRequest(TestClientRegistrations.clientRegistration().build(),
+				TestOAuth2AccessTokens.scopes("message:read", "message:write"));
 		OAuth2User user = userService.loadUser(request).block();
 
 		assertThat(user.getAuthorities()).hasSize(3);
@@ -224,7 +222,8 @@ public class DefaultReactiveOAuth2UserServiceTests {
 		Map<String, Object> body = new HashMap<>();
 		body.put("id", "id");
 		DefaultReactiveOAuth2UserService userService = withMockResponse(body);
-		OAuth2UserRequest request = new OAuth2UserRequest(clientRegistration().build(), noScopes());
+		OAuth2UserRequest request = new OAuth2UserRequest(TestClientRegistrations.clientRegistration().build(),
+				TestOAuth2AccessTokens.noScopes());
 		OAuth2User user = userService.loadUser(request).block();
 
 		assertThat(user.getAuthorities()).hasSize(1);
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequestEntityConverterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequestEntityConverterTests.java
index 7516095a72..a48c7531dd 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequestEntityConverterTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequestEntityConverterTests.java
@@ -33,7 +33,6 @@ import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
 import org.springframework.util.MultiValueMap;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.springframework.http.MediaType.APPLICATION_FORM_URLENCODED_VALUE;
 
 /**
  * Tests for {@link OAuth2UserRequestEntityConverter}.
@@ -78,7 +77,7 @@ public class OAuth2UserRequestEntityConverterTests {
 		HttpHeaders headers = requestEntity.getHeaders();
 		assertThat(headers.getAccept()).contains(MediaType.APPLICATION_JSON);
 		assertThat(headers.getContentType())
-				.isEqualTo(MediaType.valueOf(APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8"));
+				.isEqualTo(MediaType.valueOf(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8"));
 
 		MultiValueMap<String, String> formParameters = (MultiValueMap<String, String>) requestEntity.getBody();
 		assertThat(formParameters.getFirst(OAuth2ParameterNames.ACCESS_TOKEN))
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilterTests.java
index 13eb23d8f5..99c8f21033 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilterTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilterTests.java
@@ -49,8 +49,12 @@ import org.springframework.security.oauth2.client.registration.TestClientRegistr
 import org.springframework.security.oauth2.core.OAuth2AuthorizationException;
 import org.springframework.security.oauth2.core.OAuth2Error;
 import org.springframework.security.oauth2.core.OAuth2ErrorCodes;
+import org.springframework.security.oauth2.core.TestOAuth2AccessTokens;
+import org.springframework.security.oauth2.core.TestOAuth2RefreshTokens;
 import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
 import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
+import org.springframework.security.oauth2.core.endpoint.TestOAuth2AuthorizationExchanges;
+import org.springframework.security.oauth2.core.endpoint.TestOAuth2AuthorizationRequests;
 import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
 import org.springframework.security.web.savedrequest.RequestCache;
 import org.springframework.security.web.util.UrlUtils;
@@ -65,10 +69,6 @@ import static org.mockito.Mockito.spy;
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.verifyNoInteractions;
-import static org.springframework.security.oauth2.core.TestOAuth2AccessTokens.noScopes;
-import static org.springframework.security.oauth2.core.TestOAuth2RefreshTokens.refreshToken;
-import static org.springframework.security.oauth2.core.endpoint.TestOAuth2AuthorizationExchanges.success;
-import static org.springframework.security.oauth2.core.endpoint.TestOAuth2AuthorizationRequests.request;
 
 /**
  * Tests for {@link OAuth2AuthorizationCodeGrantFilter}.
@@ -473,14 +473,15 @@ public class OAuth2AuthorizationCodeGrantFilterTests {
 			ClientRegistration registration) {
 		Map<String, Object> attributes = new HashMap<>();
 		attributes.put(OAuth2ParameterNames.REGISTRATION_ID, registration.getRegistrationId());
-		OAuth2AuthorizationRequest authorizationRequest = request().attributes(attributes)
-				.redirectUri(UrlUtils.buildFullRequestUrl(request)).build();
+		OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request()
+				.attributes(attributes).redirectUri(UrlUtils.buildFullRequestUrl(request)).build();
 		this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, request, response);
 	}
 
 	private void setUpAuthenticationResult(ClientRegistration registration) {
 		OAuth2AuthorizationCodeAuthenticationToken authentication = new OAuth2AuthorizationCodeAuthenticationToken(
-				registration, success(), noScopes(), refreshToken());
+				registration, TestOAuth2AuthorizationExchanges.success(), TestOAuth2AccessTokens.noScopes(),
+				TestOAuth2RefreshTokens.refreshToken());
 		given(this.authenticationManager.authenticate(any(Authentication.class))).willReturn(authentication);
 	}
 
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilterTests.java
index c632f1b81e..73b5cd3b0b 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilterTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilterTests.java
@@ -50,6 +50,7 @@ import org.springframework.security.oauth2.core.OAuth2RefreshToken;
 import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
 import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse;
 import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
+import org.springframework.security.oauth2.core.endpoint.TestOAuth2AuthorizationExchanges;
 import org.springframework.security.oauth2.core.user.OAuth2User;
 import org.springframework.security.web.authentication.AuthenticationFailureHandler;
 import org.springframework.security.web.authentication.WebAuthenticationDetails;
@@ -65,7 +66,6 @@ import static org.mockito.Mockito.never;
 import static org.mockito.Mockito.spy;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.verifyZeroInteractions;
-import static org.springframework.security.oauth2.core.endpoint.TestOAuth2AuthorizationExchanges.success;
 
 /**
  * Tests for {@link OAuth2LoginAuthenticationFilter}.
@@ -490,7 +490,8 @@ public class OAuth2LoginAuthenticationFilterTests {
 		given(this.loginAuthentication.getName()).willReturn(this.principalName1);
 		given(this.loginAuthentication.getAuthorities()).willReturn(AuthorityUtils.createAuthorityList("ROLE_USER"));
 		given(this.loginAuthentication.getClientRegistration()).willReturn(registration);
-		given(this.loginAuthentication.getAuthorizationExchange()).willReturn(success());
+		given(this.loginAuthentication.getAuthorizationExchange())
+				.willReturn(TestOAuth2AuthorizationExchanges.success());
 		given(this.loginAuthentication.getAccessToken()).willReturn(mock(OAuth2AccessToken.class));
 		given(this.loginAuthentication.getRefreshToken()).willReturn(mock(OAuth2RefreshToken.class));
 		given(this.loginAuthentication.isAuthenticated()).willReturn(true);
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolverTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolverTests.java
index e3564117d4..fcef072043 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolverTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolverTests.java
@@ -61,8 +61,8 @@ import org.springframework.util.ReflectionUtils;
 import org.springframework.util.StringUtils;
 import org.springframework.web.context.request.ServletWebRequest;
 
-import static org.assertj.core.api.AssertionsForClassTypes.assertThat;
-import static org.assertj.core.api.AssertionsForClassTypes.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyString;
 import static org.mockito.ArgumentMatchers.eq;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionITests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionITests.java
index 8007fad1bc..faefc4d01c 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionITests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionITests.java
@@ -63,7 +63,6 @@ import static org.mockito.Mockito.never;
 import static org.mockito.Mockito.spy;
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
-import static org.springframework.security.oauth2.client.web.reactive.function.client.ServletOAuth2AuthorizedClientExchangeFilterFunction.clientRegistrationId;
 
 /**
  * @author Phil Clay
@@ -142,8 +141,10 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionITests {
 				.willReturn(Mono.just(clientRegistration));
 
 		this.webClient.get().uri(this.serverUrl)
-				.attributes(clientRegistrationId(clientRegistration.getRegistrationId())).retrieve()
-				.bodyToMono(String.class).subscriberContext(Context.of(ServerWebExchange.class, this.exchange))
+				.attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction
+						.clientRegistrationId(clientRegistration.getRegistrationId()))
+				.retrieve().bodyToMono(String.class)
+				.subscriberContext(Context.of(ServerWebExchange.class, this.exchange))
 				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication)).block();
 
 		assertThat(this.server.getRequestCount()).isEqualTo(2);
@@ -180,8 +181,10 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionITests {
 				eq(clientRegistration.getRegistrationId()), eq(this.authentication), eq(this.exchange));
 
 		this.webClient.get().uri(this.serverUrl)
-				.attributes(clientRegistrationId(clientRegistration.getRegistrationId())).retrieve()
-				.bodyToMono(String.class).subscriberContext(Context.of(ServerWebExchange.class, this.exchange))
+				.attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction
+						.clientRegistrationId(clientRegistration.getRegistrationId()))
+				.retrieve().bodyToMono(String.class)
+				.subscriberContext(Context.of(ServerWebExchange.class, this.exchange))
 				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication)).block();
 
 		assertThat(this.server.getRequestCount()).isEqualTo(2);
@@ -221,11 +224,13 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionITests {
 				.willReturn(Mono.just(clientRegistration2));
 
 		this.webClient.get().uri(this.serverUrl)
-				.attributes(clientRegistrationId(clientRegistration1.getRegistrationId())).retrieve()
-				.bodyToMono(String.class)
+				.attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction
+						.clientRegistrationId(clientRegistration1.getRegistrationId()))
+				.retrieve().bodyToMono(String.class)
 				.flatMap(response -> this.webClient.get().uri(this.serverUrl)
-						.attributes(clientRegistrationId(clientRegistration2.getRegistrationId())).retrieve()
-						.bodyToMono(String.class))
+						.attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction
+								.clientRegistrationId(clientRegistration2.getRegistrationId()))
+						.retrieve().bodyToMono(String.class))
 				.subscriberContext(Context.of(ServerWebExchange.class, this.exchange))
 				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication)).block();
 
@@ -267,8 +272,10 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionITests {
 						eq(this.exchange));
 
 		Mono<String> requestMono = this.webClient.get().uri(this.serverUrl)
-				.attributes(clientRegistrationId(clientRegistration.getRegistrationId())).retrieve()
-				.bodyToMono(String.class).subscriberContext(Context.of(ServerWebExchange.class, this.exchange))
+				.attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction
+						.clientRegistrationId(clientRegistration.getRegistrationId()))
+				.retrieve().bodyToMono(String.class)
+				.subscriberContext(Context.of(ServerWebExchange.class, this.exchange))
 				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication));
 
 		// first try should fail, and remove the cached authorized client
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionTests.java
index 950f145c4e..7c0d9b8dd7 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionTests.java
@@ -96,8 +96,8 @@ import org.springframework.web.server.ServerWebExchange;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatCode;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.assertj.core.api.Assertions.entry;
-import static org.assertj.core.api.AssertionsForClassTypes.assertThatThrownBy;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.BDDMockito.given;
@@ -106,9 +106,6 @@ import static org.mockito.Mockito.never;
 import static org.mockito.Mockito.spy;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.verifyZeroInteractions;
-import static org.springframework.http.HttpMethod.GET;
-import static org.springframework.security.oauth2.client.web.reactive.function.client.ServerOAuth2AuthorizedClientExchangeFilterFunction.clientRegistrationId;
-import static org.springframework.security.oauth2.client.web.reactive.function.client.ServerOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient;
 
 /**
  * @author Rob Winch
@@ -208,7 +205,7 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 
 	@Test
 	public void filterWhenAuthorizedClientNullThenAuthorizationHeaderNull() {
-		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com")).build();
+		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")).build();
 
 		this.function.filter(request, this.exchange).block();
 
@@ -219,8 +216,9 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 	public void filterWhenAuthorizedClientThenAuthorizationHeader() {
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
 				this.accessToken);
-		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
-				.attributes(oauth2AuthorizedClient(authorizedClient)).build();
+		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com"))
+				.attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient))
+				.build();
 
 		this.function.filter(request, this.exchange).subscriberContext(serverWebExchange()).block();
 
@@ -232,8 +230,9 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 	public void filterWhenExistingAuthorizationThenSingleAuthorizationHeader() {
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
 				this.accessToken);
-		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
-				.header(HttpHeaders.AUTHORIZATION, "Existing").attributes(oauth2AuthorizedClient(authorizedClient))
+		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com"))
+				.header(HttpHeaders.AUTHORIZATION, "Existing")
+				.attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient))
 				.build();
 
 		this.function.filter(request, this.exchange).subscriberContext(serverWebExchange()).block();
@@ -259,8 +258,9 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 
 		TestingAuthenticationToken authentication = new TestingAuthenticationToken("test", "this");
 
-		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
-				.attributes(oauth2AuthorizedClient(authorizedClient)).build();
+		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com"))
+				.attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient))
+				.build();
 
 		this.function.filter(request, this.exchange)
 				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication))
@@ -285,8 +285,9 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(registration, "principalName",
 				this.accessToken, null);
-		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
-				.attributes(oauth2AuthorizedClient(authorizedClient)).build();
+		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com"))
+				.attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient))
+				.build();
 
 		this.function.filter(request, this.exchange)
 				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication))
@@ -317,8 +318,9 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
 				this.accessToken, refreshToken);
 
-		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
-				.attributes(oauth2AuthorizedClient(authorizedClient)).build();
+		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com"))
+				.attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient))
+				.build();
 
 		TestingAuthenticationToken authentication = new TestingAuthenticationToken("test", "this");
 		this.function.filter(request, this.exchange)
@@ -357,8 +359,9 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", issuedAt);
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
 				this.accessToken, refreshToken);
-		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
-				.attributes(oauth2AuthorizedClient(authorizedClient)).build();
+		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com"))
+				.attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient))
+				.build();
 
 		this.function.filter(request, this.exchange).subscriberContext(serverWebExchange()).block();
 
@@ -379,8 +382,9 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 	public void filterWhenRefreshTokenNullThenShouldRefreshFalse() {
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
 				this.accessToken);
-		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
-				.attributes(oauth2AuthorizedClient(authorizedClient)).build();
+		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com"))
+				.attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient))
+				.build();
 
 		this.function.filter(request, this.exchange).subscriberContext(serverWebExchange()).block();
 
@@ -399,8 +403,9 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", this.accessToken.getIssuedAt());
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
 				this.accessToken, refreshToken);
-		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
-				.attributes(oauth2AuthorizedClient(authorizedClient)).build();
+		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com"))
+				.attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient))
+				.build();
 
 		this.function.filter(request, this.exchange).subscriberContext(serverWebExchange()).block();
 
@@ -425,8 +430,9 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", this.accessToken.getIssuedAt());
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
 				this.accessToken, refreshToken);
-		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
-				.attributes(oauth2AuthorizedClient(authorizedClient)).build();
+		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com"))
+				.attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient))
+				.build();
 
 		given(this.exchange.getResponse().rawStatusCode()).willReturn(HttpStatus.UNAUTHORIZED.value());
 
@@ -460,8 +466,9 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", this.accessToken.getIssuedAt());
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
 				this.accessToken, refreshToken);
-		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
-				.attributes(oauth2AuthorizedClient(authorizedClient)).build();
+		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com"))
+				.attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient))
+				.build();
 
 		WebClientResponseException exception = WebClientResponseException.create(HttpStatus.UNAUTHORIZED.value(),
 				HttpStatus.UNAUTHORIZED.getReasonPhrase(), HttpHeaders.EMPTY, new byte[0], StandardCharsets.UTF_8);
@@ -499,8 +506,9 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", this.accessToken.getIssuedAt());
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
 				this.accessToken, refreshToken);
-		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
-				.attributes(oauth2AuthorizedClient(authorizedClient)).build();
+		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com"))
+				.attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient))
+				.build();
 
 		given(this.exchange.getResponse().rawStatusCode()).willReturn(HttpStatus.FORBIDDEN.value());
 
@@ -534,8 +542,9 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", this.accessToken.getIssuedAt());
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
 				this.accessToken, refreshToken);
-		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
-				.attributes(oauth2AuthorizedClient(authorizedClient)).build();
+		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com"))
+				.attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient))
+				.build();
 
 		WebClientResponseException exception = WebClientResponseException.create(HttpStatus.FORBIDDEN.value(),
 				HttpStatus.FORBIDDEN.getReasonPhrase(), HttpHeaders.EMPTY, new byte[0], StandardCharsets.UTF_8);
@@ -573,8 +582,9 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", this.accessToken.getIssuedAt());
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
 				this.accessToken, refreshToken);
-		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
-				.attributes(oauth2AuthorizedClient(authorizedClient)).build();
+		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com"))
+				.attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient))
+				.build();
 
 		String wwwAuthenticateHeader = "Bearer error=\"insufficient_scope\", "
 				+ "error_description=\"The request requires higher privileges than provided by the access token.\", "
@@ -617,8 +627,9 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", this.accessToken.getIssuedAt());
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
 				this.accessToken, refreshToken);
-		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
-				.attributes(oauth2AuthorizedClient(authorizedClient)).build();
+		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com"))
+				.attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient))
+				.build();
 
 		OAuth2AuthorizationException exception = new OAuth2AuthorizationException(
 				new OAuth2Error(OAuth2ErrorCodes.INVALID_TOKEN, null, null));
@@ -646,8 +657,9 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", this.accessToken.getIssuedAt());
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
 				this.accessToken, refreshToken);
-		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
-				.attributes(oauth2AuthorizedClient(authorizedClient)).build();
+		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com"))
+				.attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient))
+				.build();
 
 		given(this.exchange.getResponse().rawStatusCode()).willReturn(HttpStatus.BAD_REQUEST.value());
 
@@ -689,8 +701,10 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 				.contentType(MediaType.APPLICATION_FORM_URLENCODED).body("username=username&password=password"))
 				.build();
 
-		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
-				.attributes(clientRegistrationId(registration.getRegistrationId())).build();
+		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com"))
+				.attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction
+						.clientRegistrationId(registration.getRegistrationId()))
+				.build();
 
 		this.function.filter(request, this.exchange)
 				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication))
@@ -715,8 +729,10 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 				this.accessToken, refreshToken);
 		given(this.authorizedClientRepository.loadAuthorizedClient(any(), any(), any()))
 				.willReturn(Mono.just(authorizedClient));
-		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
-				.attributes(clientRegistrationId(this.registration.getRegistrationId())).build();
+		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com"))
+				.attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction
+						.clientRegistrationId(this.registration.getRegistrationId()))
+				.build();
 
 		this.function.filter(request, this.exchange).subscriberContext(serverWebExchange()).block();
 
@@ -738,7 +754,7 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 				this.accessToken, refreshToken);
 		given(this.authorizedClientRepository.loadAuthorizedClient(any(), any(), any()))
 				.willReturn(Mono.just(authorizedClient));
-		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com")).build();
+		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")).build();
 
 		this.function.filter(request, this.exchange).subscriberContext(serverWebExchange()).block();
 
@@ -761,7 +777,7 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 				this.accessToken, refreshToken);
 		given(this.authorizedClientRepository.loadAuthorizedClient(any(), any(), any()))
 				.willReturn(Mono.just(authorizedClient));
-		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com")).build();
+		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")).build();
 
 		OAuth2User user = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("ROLE_USER"),
 				Collections.singletonMap("user", "rob"), "user");
@@ -783,7 +799,7 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 
 	@Test
 	public void filterWhenDefaultOAuth2AuthorizedClientFalseThenEmpty() {
-		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com")).build();
+		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")).build();
 
 		OAuth2User user = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("ROLE_USER"),
 				Collections.singletonMap("user", "rob"), "user");
@@ -806,8 +822,10 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 				this.accessToken, refreshToken);
 		given(this.authorizedClientRepository.loadAuthorizedClient(any(), any(), any()))
 				.willReturn(Mono.just(authorizedClient));
-		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
-				.attributes(clientRegistrationId(this.registration.getRegistrationId())).build();
+		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com"))
+				.attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction
+						.clientRegistrationId(this.registration.getRegistrationId()))
+				.build();
 
 		this.function.filter(request, this.exchange).subscriberContext(serverWebExchange()).block();
 
@@ -835,8 +853,10 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		given(this.clientRegistrationRepository.findByRegistrationId(eq(registration.getRegistrationId())))
 				.willReturn(Mono.just(registration));
 
-		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
-				.attributes(clientRegistrationId(registration.getRegistrationId())).build();
+		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com"))
+				.attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction
+						.clientRegistrationId(registration.getRegistrationId()))
+				.build();
 
 		this.function.filter(request, this.exchange).block();
 
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionITests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionITests.java
index 7e8ca01a23..deccb25a89 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionITests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionITests.java
@@ -64,8 +64,6 @@ import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.spy;
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
-import static org.springframework.security.oauth2.client.web.reactive.function.client.ServletOAuth2AuthorizedClientExchangeFilterFunction.SECURITY_REACTOR_CONTEXT_ATTRIBUTES_KEY;
-import static org.springframework.security.oauth2.client.web.reactive.function.client.ServletOAuth2AuthorizedClientExchangeFilterFunction.clientRegistrationId;
 
 /**
  * @author Joe Grandja
@@ -163,8 +161,9 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionITests {
 				.willReturn(clientRegistration);
 
 		this.webClient.get().uri(this.serverUrl)
-				.attributes(clientRegistrationId(clientRegistration.getRegistrationId())).retrieve()
-				.bodyToMono(String.class).block();
+				.attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction
+						.clientRegistrationId(clientRegistration.getRegistrationId()))
+				.retrieve().bodyToMono(String.class).block();
 
 		assertThat(this.server.getRequestCount()).isEqualTo(2);
 
@@ -200,8 +199,9 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionITests {
 				eq(clientRegistration.getRegistrationId()), eq(this.authentication), eq(this.request));
 
 		this.webClient.get().uri(this.serverUrl)
-				.attributes(clientRegistrationId(clientRegistration.getRegistrationId())).retrieve()
-				.bodyToMono(String.class).block();
+				.attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction
+						.clientRegistrationId(clientRegistration.getRegistrationId()))
+				.retrieve().bodyToMono(String.class).block();
 
 		assertThat(this.server.getRequestCount()).isEqualTo(2);
 
@@ -240,11 +240,13 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionITests {
 				.willReturn(clientRegistration2);
 
 		this.webClient.get().uri(this.serverUrl)
-				.attributes(clientRegistrationId(clientRegistration1.getRegistrationId())).retrieve()
-				.bodyToMono(String.class)
+				.attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction
+						.clientRegistrationId(clientRegistration1.getRegistrationId()))
+				.retrieve().bodyToMono(String.class)
 				.flatMap(response -> this.webClient.get().uri(this.serverUrl)
-						.attributes(clientRegistrationId(clientRegistration2.getRegistrationId())).retrieve()
-						.bodyToMono(String.class))
+						.attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction
+								.clientRegistrationId(clientRegistration2.getRegistrationId()))
+						.retrieve().bodyToMono(String.class))
 				.subscriberContext(context()).block();
 
 		assertThat(this.server.getRequestCount()).isEqualTo(4);
@@ -262,7 +264,8 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionITests {
 		contextAttributes.put(HttpServletRequest.class, this.request);
 		contextAttributes.put(HttpServletResponse.class, this.response);
 		contextAttributes.put(Authentication.class, this.authentication);
-		return Context.of(SECURITY_REACTOR_CONTEXT_ATTRIBUTES_KEY, contextAttributes);
+		return Context.of(ServletOAuth2AuthorizedClientExchangeFilterFunction.SECURITY_REACTOR_CONTEXT_ATTRIBUTES_KEY,
+				contextAttributes);
 	}
 
 	private MockResponse jsonResponse(String json) {
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionTests.java
index edc3d712b8..d50ba79be8 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionTests.java
@@ -105,8 +105,8 @@ import org.springframework.web.reactive.function.client.WebClientResponseExcepti
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatCode;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.assertj.core.api.Assertions.entry;
-import static org.assertj.core.api.AssertionsForClassTypes.assertThatThrownBy;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.BDDMockito.given;
@@ -114,16 +114,6 @@ import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.never;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.verifyNoInteractions;
-import static org.springframework.http.HttpMethod.GET;
-import static org.springframework.security.oauth2.client.web.reactive.function.client.ServerOAuth2AuthorizedClientExchangeFilterFunction.clientRegistrationId;
-import static org.springframework.security.oauth2.client.web.reactive.function.client.ServletOAuth2AuthorizedClientExchangeFilterFunction.SECURITY_REACTOR_CONTEXT_ATTRIBUTES_KEY;
-import static org.springframework.security.oauth2.client.web.reactive.function.client.ServletOAuth2AuthorizedClientExchangeFilterFunction.authentication;
-import static org.springframework.security.oauth2.client.web.reactive.function.client.ServletOAuth2AuthorizedClientExchangeFilterFunction.getAuthentication;
-import static org.springframework.security.oauth2.client.web.reactive.function.client.ServletOAuth2AuthorizedClientExchangeFilterFunction.getRequest;
-import static org.springframework.security.oauth2.client.web.reactive.function.client.ServletOAuth2AuthorizedClientExchangeFilterFunction.getResponse;
-import static org.springframework.security.oauth2.client.web.reactive.function.client.ServletOAuth2AuthorizedClientExchangeFilterFunction.httpServletRequest;
-import static org.springframework.security.oauth2.client.web.reactive.function.client.ServletOAuth2AuthorizedClientExchangeFilterFunction.httpServletResponse;
-import static org.springframework.security.oauth2.client.web.reactive.function.client.ServletOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient;
 
 /**
  * @author Rob Winch
@@ -240,8 +230,8 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 	@Test
 	public void defaultRequestRequestResponseWhenNullRequestContextThenRequestAndResponseNull() {
 		Map<String, Object> attrs = getDefaultRequestAttributes();
-		assertThat(getRequest(attrs)).isNull();
-		assertThat(getResponse(attrs)).isNull();
+		assertThat(ServletOAuth2AuthorizedClientExchangeFilterFunction.getRequest(attrs)).isNull();
+		assertThat(ServletOAuth2AuthorizedClientExchangeFilterFunction.getResponse(attrs)).isNull();
 	}
 
 	@Test
@@ -250,21 +240,22 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(request, response));
 		Map<String, Object> attrs = getDefaultRequestAttributes();
-		assertThat(getRequest(attrs)).isEqualTo(request);
-		assertThat(getResponse(attrs)).isEqualTo(response);
+		assertThat(ServletOAuth2AuthorizedClientExchangeFilterFunction.getRequest(attrs)).isEqualTo(request);
+		assertThat(ServletOAuth2AuthorizedClientExchangeFilterFunction.getResponse(attrs)).isEqualTo(response);
 	}
 
 	@Test
 	public void defaultRequestAuthenticationWhenSecurityContextEmptyThenAuthenticationNull() {
 		Map<String, Object> attrs = getDefaultRequestAttributes();
-		assertThat(getAuthentication(attrs)).isNull();
+		assertThat(ServletOAuth2AuthorizedClientExchangeFilterFunction.getAuthentication(attrs)).isNull();
 	}
 
 	@Test
 	public void defaultRequestAuthenticationWhenAuthenticationSetThenAuthenticationSet() {
 		SecurityContextHolder.getContext().setAuthentication(this.authentication);
 		Map<String, Object> attrs = getDefaultRequestAttributes();
-		assertThat(getAuthentication(attrs)).isEqualTo(this.authentication);
+		assertThat(ServletOAuth2AuthorizedClientExchangeFilterFunction.getAuthentication(attrs))
+				.isEqualTo(this.authentication);
 		verifyNoInteractions(this.authorizedClientRepository);
 	}
 
@@ -279,7 +270,7 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 
 	@Test
 	public void filterWhenAuthorizedClientNullThenAuthorizationHeaderNull() {
-		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com")).build();
+		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")).build();
 
 		this.function.filter(request, this.exchange).block();
 
@@ -291,10 +282,14 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
 				this.accessToken);
 
-		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
-				.attributes(oauth2AuthorizedClient(authorizedClient))
-				.attributes(httpServletRequest(new MockHttpServletRequest()))
-				.attributes(httpServletResponse(new MockHttpServletResponse())).build();
+		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com"))
+				.attributes(
+						ServletOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient))
+				.attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction
+						.httpServletRequest(new MockHttpServletRequest()))
+				.attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction
+						.httpServletResponse(new MockHttpServletResponse()))
+				.build();
 
 		this.function.filter(request, this.exchange).block();
 
@@ -307,10 +302,15 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
 				this.accessToken);
 
-		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
-				.header(HttpHeaders.AUTHORIZATION, "Existing").attributes(oauth2AuthorizedClient(authorizedClient))
-				.attributes(httpServletRequest(new MockHttpServletRequest()))
-				.attributes(httpServletResponse(new MockHttpServletResponse())).build();
+		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com"))
+				.header(HttpHeaders.AUTHORIZATION, "Existing")
+				.attributes(
+						ServletOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient))
+				.attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction
+						.httpServletRequest(new MockHttpServletRequest()))
+				.attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction
+						.httpServletResponse(new MockHttpServletResponse()))
+				.build();
 
 		this.function.filter(request, this.exchange).block();
 
@@ -332,10 +332,15 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
 				this.accessToken, refreshToken);
 
-		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
-				.attributes(oauth2AuthorizedClient(authorizedClient)).attributes(authentication(this.authentication))
-				.attributes(httpServletRequest(new MockHttpServletRequest()))
-				.attributes(httpServletResponse(new MockHttpServletResponse())).build();
+		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com"))
+				.attributes(
+						ServletOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient))
+				.attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.authentication(this.authentication))
+				.attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction
+						.httpServletRequest(new MockHttpServletRequest()))
+				.attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction
+						.httpServletResponse(new MockHttpServletResponse()))
+				.build();
 
 		this.function.filter(request, this.exchange).block();
 
@@ -385,10 +390,15 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
 				this.accessToken, refreshToken);
 
-		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
-				.attributes(oauth2AuthorizedClient(authorizedClient)).attributes(authentication(this.authentication))
-				.attributes(httpServletRequest(new MockHttpServletRequest()))
-				.attributes(httpServletResponse(new MockHttpServletResponse())).build();
+		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com"))
+				.attributes(
+						ServletOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient))
+				.attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.authentication(this.authentication))
+				.attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction
+						.httpServletRequest(new MockHttpServletRequest()))
+				.attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction
+						.httpServletResponse(new MockHttpServletResponse()))
+				.build();
 
 		this.function.filter(request, this.exchange).block();
 
@@ -416,10 +426,15 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
 				this.accessToken, null);
 
-		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
-				.attributes(oauth2AuthorizedClient(authorizedClient)).attributes(authentication(this.authentication))
-				.attributes(httpServletRequest(new MockHttpServletRequest()))
-				.attributes(httpServletResponse(new MockHttpServletResponse())).build();
+		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com"))
+				.attributes(
+						ServletOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient))
+				.attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.authentication(this.authentication))
+				.attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction
+						.httpServletRequest(new MockHttpServletRequest()))
+				.attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction
+						.httpServletResponse(new MockHttpServletResponse()))
+				.build();
 
 		this.function.filter(request, this.exchange).block();
 
@@ -453,10 +468,15 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
 				this.accessToken, null);
 
-		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
-				.attributes(oauth2AuthorizedClient(authorizedClient)).attributes(authentication(this.authentication))
-				.attributes(httpServletRequest(new MockHttpServletRequest()))
-				.attributes(httpServletResponse(new MockHttpServletResponse())).build();
+		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com"))
+				.attributes(
+						ServletOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient))
+				.attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.authentication(this.authentication))
+				.attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction
+						.httpServletRequest(new MockHttpServletRequest()))
+				.attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction
+						.httpServletResponse(new MockHttpServletResponse()))
+				.build();
 
 		this.function.filter(request, this.exchange).block();
 
@@ -502,10 +522,13 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		servletRequest.setParameter(OAuth2ParameterNames.PASSWORD, "password");
 		MockHttpServletResponse servletResponse = new MockHttpServletResponse();
 
-		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
-				.attributes(clientRegistrationId(registration.getRegistrationId()))
-				.attributes(authentication(this.authentication)).attributes(httpServletRequest(servletRequest))
-				.attributes(httpServletResponse(servletResponse)).build();
+		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com"))
+				.attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction
+						.clientRegistrationId(registration.getRegistrationId()))
+				.attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.authentication(this.authentication))
+				.attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.httpServletRequest(servletRequest))
+				.attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.httpServletResponse(servletResponse))
+				.build();
 
 		this.function.filter(request, this.exchange).block();
 
@@ -535,10 +558,14 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
 				this.accessToken, refreshToken);
 
-		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
-				.attributes(oauth2AuthorizedClient(authorizedClient))
-				.attributes(httpServletRequest(new MockHttpServletRequest()))
-				.attributes(httpServletResponse(new MockHttpServletResponse())).build();
+		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com"))
+				.attributes(
+						ServletOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient))
+				.attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction
+						.httpServletRequest(new MockHttpServletRequest()))
+				.attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction
+						.httpServletResponse(new MockHttpServletResponse()))
+				.build();
 
 		this.function.filter(request, this.exchange).block();
 
@@ -560,10 +587,14 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
 				this.accessToken);
 
-		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
-				.attributes(oauth2AuthorizedClient(authorizedClient))
-				.attributes(httpServletRequest(new MockHttpServletRequest()))
-				.attributes(httpServletResponse(new MockHttpServletResponse())).build();
+		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com"))
+				.attributes(
+						ServletOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient))
+				.attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction
+						.httpServletRequest(new MockHttpServletRequest()))
+				.attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction
+						.httpServletResponse(new MockHttpServletResponse()))
+				.build();
 
 		this.function.filter(request, this.exchange).block();
 
@@ -583,10 +614,14 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
 				this.accessToken, refreshToken);
 
-		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
-				.attributes(oauth2AuthorizedClient(authorizedClient))
-				.attributes(httpServletRequest(new MockHttpServletRequest()))
-				.attributes(httpServletResponse(new MockHttpServletResponse())).build();
+		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com"))
+				.attributes(
+						ServletOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient))
+				.attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction
+						.httpServletRequest(new MockHttpServletRequest()))
+				.attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction
+						.httpServletResponse(new MockHttpServletResponse()))
+				.build();
 
 		this.function.filter(request, this.exchange).block();
 
@@ -621,11 +656,11 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 						.willReturn(authorizedClient);
 
 		// Default request attributes set
-		final ClientRequest request1 = ClientRequest.create(GET, URI.create("https://example1.com"))
+		final ClientRequest request1 = ClientRequest.create(HttpMethod.GET, URI.create("https://example1.com"))
 				.attributes(attrs -> attrs.putAll(getDefaultRequestAttributes())).build();
 
 		// Default request attributes NOT set
-		final ClientRequest request2 = ClientRequest.create(GET, URI.create("https://example2.com")).build();
+		final ClientRequest request2 = ClientRequest.create(HttpMethod.GET, URI.create("https://example2.com")).build();
 
 		Context context = context(servletRequest, servletResponse, authentication);
 
@@ -663,9 +698,12 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 				this.accessToken);
 		MockHttpServletRequest servletRequest = new MockHttpServletRequest();
 		MockHttpServletResponse servletResponse = new MockHttpServletResponse();
-		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
-				.attributes(oauth2AuthorizedClient(authorizedClient)).attributes(httpServletRequest(servletRequest))
-				.attributes(httpServletResponse(servletResponse)).build();
+		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com"))
+				.attributes(
+						ServletOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient))
+				.attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.httpServletRequest(servletRequest))
+				.attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.httpServletResponse(servletResponse))
+				.build();
 
 		given(this.exchange.getResponse().rawStatusCode()).willReturn(httpStatus.value());
 		given(this.exchange.getResponse().headers()).willReturn(mock(ClientResponse.Headers.class));
@@ -695,9 +733,12 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 				this.accessToken);
 		MockHttpServletRequest servletRequest = new MockHttpServletRequest();
 		MockHttpServletResponse servletResponse = new MockHttpServletResponse();
-		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
-				.attributes(oauth2AuthorizedClient(authorizedClient)).attributes(httpServletRequest(servletRequest))
-				.attributes(httpServletResponse(servletResponse)).build();
+		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com"))
+				.attributes(
+						ServletOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient))
+				.attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.httpServletRequest(servletRequest))
+				.attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.httpServletResponse(servletResponse))
+				.build();
 
 		String wwwAuthenticateHeader = "Bearer error=\"insufficient_scope\", "
 				+ "error_description=\"The request requires higher privileges than provided by the access token.\", "
@@ -748,9 +789,12 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 				this.accessToken);
 		MockHttpServletRequest servletRequest = new MockHttpServletRequest();
 		MockHttpServletResponse servletResponse = new MockHttpServletResponse();
-		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
-				.attributes(oauth2AuthorizedClient(authorizedClient)).attributes(httpServletRequest(servletRequest))
-				.attributes(httpServletResponse(servletResponse)).build();
+		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com"))
+				.attributes(
+						ServletOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient))
+				.attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.httpServletRequest(servletRequest))
+				.attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.httpServletResponse(servletResponse))
+				.build();
 
 		WebClientResponseException exception = WebClientResponseException.create(httpStatus.value(),
 				httpStatus.getReasonPhrase(), HttpHeaders.EMPTY, new byte[0], StandardCharsets.UTF_8);
@@ -781,9 +825,12 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 				this.accessToken);
 		MockHttpServletRequest servletRequest = new MockHttpServletRequest();
 		MockHttpServletResponse servletResponse = new MockHttpServletResponse();
-		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
-				.attributes(oauth2AuthorizedClient(authorizedClient)).attributes(httpServletRequest(servletRequest))
-				.attributes(httpServletResponse(servletResponse)).build();
+		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com"))
+				.attributes(
+						ServletOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient))
+				.attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.httpServletRequest(servletRequest))
+				.attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.httpServletResponse(servletResponse))
+				.build();
 
 		OAuth2AuthorizationException authorizationException = new OAuth2AuthorizationException(
 				new OAuth2Error(OAuth2ErrorCodes.INVALID_TOKEN));
@@ -814,9 +861,12 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 				this.accessToken);
 		MockHttpServletRequest servletRequest = new MockHttpServletRequest();
 		MockHttpServletResponse servletResponse = new MockHttpServletResponse();
-		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
-				.attributes(oauth2AuthorizedClient(authorizedClient)).attributes(httpServletRequest(servletRequest))
-				.attributes(httpServletResponse(servletResponse)).build();
+		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com"))
+				.attributes(
+						ServletOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient))
+				.attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.httpServletRequest(servletRequest))
+				.attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.httpServletResponse(servletResponse))
+				.build();
 
 		given(this.exchange.getResponse().rawStatusCode()).willReturn(HttpStatus.BAD_REQUEST.value());
 		given(this.exchange.getResponse().headers()).willReturn(mock(ClientResponse.Headers.class));
@@ -833,7 +883,8 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		contextAttributes.put(HttpServletRequest.class, servletRequest);
 		contextAttributes.put(HttpServletResponse.class, servletResponse);
 		contextAttributes.put(Authentication.class, authentication);
-		return Context.of(SECURITY_REACTOR_CONTEXT_ATTRIBUTES_KEY, contextAttributes);
+		return Context.of(ServletOAuth2AuthorizedClientExchangeFilterFunction.SECURITY_REACTOR_CONTEXT_ATTRIBUTES_KEY,
+				contextAttributes);
 	}
 
 	private static String getBody(ClientRequest request) {
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationCodeGrantWebFilterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationCodeGrantWebFilterTests.java
index 1757e3778c..41d9d22b97 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationCodeGrantWebFilterTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationCodeGrantWebFilterTests.java
@@ -42,6 +42,7 @@ import org.springframework.security.oauth2.core.OAuth2AuthorizationException;
 import org.springframework.security.oauth2.core.OAuth2Error;
 import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
 import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
+import org.springframework.security.oauth2.core.endpoint.TestOAuth2AuthorizationRequests;
 import org.springframework.security.web.server.savedrequest.ServerRequestCache;
 import org.springframework.util.CollectionUtils;
 import org.springframework.web.server.ServerWebExchange;
@@ -56,7 +57,6 @@ import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.verifyNoInteractions;
-import static org.springframework.security.oauth2.core.endpoint.TestOAuth2AuthorizationRequests.request;
 
 /**
  * @author Rob Winch
@@ -333,7 +333,8 @@ public class OAuth2AuthorizationCodeGrantWebFilterTests {
 			MockServerHttpRequest authorizationRequest, ClientRegistration registration) {
 		Map<String, Object> attributes = new HashMap<>();
 		attributes.put(OAuth2ParameterNames.REGISTRATION_ID, registration.getRegistrationId());
-		return request().attributes(attributes).redirectUri(authorizationRequest.getURI().toString()).build();
+		return TestOAuth2AuthorizationRequests.request().attributes(attributes)
+				.redirectUri(authorizationRequest.getURI().toString()).build();
 	}
 
 	private static MockServerHttpRequest createAuthorizationRequest(String requestUri) {
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationRequestRedirectWebFilterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationRequestRedirectWebFilterTests.java
index 1675240178..41852e6ff3 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationRequestRedirectWebFilterTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationRequestRedirectWebFilterTests.java
@@ -37,7 +37,7 @@ import org.springframework.test.web.reactive.server.WebTestClient;
 import org.springframework.web.server.handler.FilteringWebHandler;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.AssertionsForClassTypes.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.verify;
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/DefaultOAuth2AuthenticatedPrincipal.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/DefaultOAuth2AuthenticatedPrincipal.java
index 66aaf058a5..7107109323 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/DefaultOAuth2AuthenticatedPrincipal.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/DefaultOAuth2AuthenticatedPrincipal.java
@@ -22,10 +22,9 @@ import java.util.Collections;
 import java.util.Map;
 
 import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.util.Assert;
 
-import static org.springframework.security.core.authority.AuthorityUtils.NO_AUTHORITIES;
-
 /**
  * A domain object that wraps the attributes of an OAuth 2.0 token.
  *
@@ -65,7 +64,8 @@ public final class DefaultOAuth2AuthenticatedPrincipal implements OAuth2Authenti
 
 		Assert.notEmpty(attributes, "attributes cannot be empty");
 		this.attributes = Collections.unmodifiableMap(attributes);
-		this.authorities = authorities == null ? NO_AUTHORITIES : Collections.unmodifiableCollection(authorities);
+		this.authorities = authorities == null ? AuthorityUtils.NO_AUTHORITIES
+				: Collections.unmodifiableCollection(authorities);
 		this.name = name == null ? (String) this.attributes.get("sub") : name;
 	}
 
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/OidcIdToken.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/OidcIdToken.java
index 4738c784b5..1e7d1d3d6a 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/OidcIdToken.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/OidcIdToken.java
@@ -26,19 +26,6 @@ import java.util.function.Consumer;
 import org.springframework.security.oauth2.core.AbstractOAuth2Token;
 import org.springframework.util.Assert;
 
-import static org.springframework.security.oauth2.core.oidc.IdTokenClaimNames.ACR;
-import static org.springframework.security.oauth2.core.oidc.IdTokenClaimNames.AMR;
-import static org.springframework.security.oauth2.core.oidc.IdTokenClaimNames.AT_HASH;
-import static org.springframework.security.oauth2.core.oidc.IdTokenClaimNames.AUD;
-import static org.springframework.security.oauth2.core.oidc.IdTokenClaimNames.AUTH_TIME;
-import static org.springframework.security.oauth2.core.oidc.IdTokenClaimNames.AZP;
-import static org.springframework.security.oauth2.core.oidc.IdTokenClaimNames.C_HASH;
-import static org.springframework.security.oauth2.core.oidc.IdTokenClaimNames.EXP;
-import static org.springframework.security.oauth2.core.oidc.IdTokenClaimNames.IAT;
-import static org.springframework.security.oauth2.core.oidc.IdTokenClaimNames.ISS;
-import static org.springframework.security.oauth2.core.oidc.IdTokenClaimNames.NONCE;
-import static org.springframework.security.oauth2.core.oidc.IdTokenClaimNames.SUB;
-
 /**
  * An implementation of an {@link AbstractOAuth2Token} representing an OpenID Connect Core
  * 1.0 ID Token.
@@ -145,7 +132,7 @@ public class OidcIdToken extends AbstractOAuth2Token implements IdTokenClaimAcce
 		 * @return the {@link Builder} for further configurations
 		 */
 		public Builder accessTokenHash(String accessTokenHash) {
-			return claim(AT_HASH, accessTokenHash);
+			return claim(IdTokenClaimNames.AT_HASH, accessTokenHash);
 		}
 
 		/**
@@ -154,7 +141,7 @@ public class OidcIdToken extends AbstractOAuth2Token implements IdTokenClaimAcce
 		 * @return the {@link Builder} for further configurations
 		 */
 		public Builder audience(Collection<String> audience) {
-			return claim(AUD, audience);
+			return claim(IdTokenClaimNames.AUD, audience);
 		}
 
 		/**
@@ -163,7 +150,7 @@ public class OidcIdToken extends AbstractOAuth2Token implements IdTokenClaimAcce
 		 * @return the {@link Builder} for further configurations
 		 */
 		public Builder authTime(Instant authenticatedAt) {
-			return claim(AUTH_TIME, authenticatedAt);
+			return claim(IdTokenClaimNames.AUTH_TIME, authenticatedAt);
 		}
 
 		/**
@@ -174,7 +161,7 @@ public class OidcIdToken extends AbstractOAuth2Token implements IdTokenClaimAcce
 		 * @return the {@link Builder} for further configurations
 		 */
 		public Builder authenticationContextClass(String authenticationContextClass) {
-			return claim(ACR, authenticationContextClass);
+			return claim(IdTokenClaimNames.ACR, authenticationContextClass);
 		}
 
 		/**
@@ -183,7 +170,7 @@ public class OidcIdToken extends AbstractOAuth2Token implements IdTokenClaimAcce
 		 * @return the {@link Builder} for further configurations
 		 */
 		public Builder authenticationMethods(List<String> authenticationMethods) {
-			return claim(AMR, authenticationMethods);
+			return claim(IdTokenClaimNames.AMR, authenticationMethods);
 		}
 
 		/**
@@ -192,7 +179,7 @@ public class OidcIdToken extends AbstractOAuth2Token implements IdTokenClaimAcce
 		 * @return the {@link Builder} for further configurations
 		 */
 		public Builder authorizationCodeHash(String authorizationCodeHash) {
-			return claim(C_HASH, authorizationCodeHash);
+			return claim(IdTokenClaimNames.C_HASH, authorizationCodeHash);
 		}
 
 		/**
@@ -201,7 +188,7 @@ public class OidcIdToken extends AbstractOAuth2Token implements IdTokenClaimAcce
 		 * @return the {@link Builder} for further configurations
 		 */
 		public Builder authorizedParty(String authorizedParty) {
-			return claim(AZP, authorizedParty);
+			return claim(IdTokenClaimNames.AZP, authorizedParty);
 		}
 
 		/**
@@ -210,7 +197,7 @@ public class OidcIdToken extends AbstractOAuth2Token implements IdTokenClaimAcce
 		 * @return the {@link Builder} for further configurations
 		 */
 		public Builder expiresAt(Instant expiresAt) {
-			return this.claim(EXP, expiresAt);
+			return this.claim(IdTokenClaimNames.EXP, expiresAt);
 		}
 
 		/**
@@ -219,7 +206,7 @@ public class OidcIdToken extends AbstractOAuth2Token implements IdTokenClaimAcce
 		 * @return the {@link Builder} for further configurations
 		 */
 		public Builder issuedAt(Instant issuedAt) {
-			return this.claim(IAT, issuedAt);
+			return this.claim(IdTokenClaimNames.IAT, issuedAt);
 		}
 
 		/**
@@ -228,7 +215,7 @@ public class OidcIdToken extends AbstractOAuth2Token implements IdTokenClaimAcce
 		 * @return the {@link Builder} for further configurations
 		 */
 		public Builder issuer(String issuer) {
-			return this.claim(ISS, issuer);
+			return this.claim(IdTokenClaimNames.ISS, issuer);
 		}
 
 		/**
@@ -237,7 +224,7 @@ public class OidcIdToken extends AbstractOAuth2Token implements IdTokenClaimAcce
 		 * @return the {@link Builder} for further configurations
 		 */
 		public Builder nonce(String nonce) {
-			return this.claim(NONCE, nonce);
+			return this.claim(IdTokenClaimNames.NONCE, nonce);
 		}
 
 		/**
@@ -246,7 +233,7 @@ public class OidcIdToken extends AbstractOAuth2Token implements IdTokenClaimAcce
 		 * @return the {@link Builder} for further configurations
 		 */
 		public Builder subject(String subject) {
-			return this.claim(SUB, subject);
+			return this.claim(IdTokenClaimNames.SUB, subject);
 		}
 
 		/**
@@ -254,8 +241,8 @@ public class OidcIdToken extends AbstractOAuth2Token implements IdTokenClaimAcce
 		 * @return The constructed {@link OidcIdToken}
 		 */
 		public OidcIdToken build() {
-			Instant iat = toInstant(this.claims.get(IAT));
-			Instant exp = toInstant(this.claims.get(EXP));
+			Instant iat = toInstant(this.claims.get(IdTokenClaimNames.IAT));
+			Instant exp = toInstant(this.claims.get(IdTokenClaimNames.EXP));
 			return new OidcIdToken(this.tokenValue, iat, exp, this.claims);
 		}
 
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/OidcUserInfo.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/OidcUserInfo.java
index 1269de2164..70d6290fae 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/OidcUserInfo.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/OidcUserInfo.java
@@ -25,27 +25,6 @@ import java.util.function.Consumer;
 import org.springframework.security.core.SpringSecurityCoreVersion;
 import org.springframework.util.Assert;
 
-import static org.springframework.security.oauth2.core.oidc.StandardClaimNames.ADDRESS;
-import static org.springframework.security.oauth2.core.oidc.StandardClaimNames.BIRTHDATE;
-import static org.springframework.security.oauth2.core.oidc.StandardClaimNames.EMAIL;
-import static org.springframework.security.oauth2.core.oidc.StandardClaimNames.EMAIL_VERIFIED;
-import static org.springframework.security.oauth2.core.oidc.StandardClaimNames.FAMILY_NAME;
-import static org.springframework.security.oauth2.core.oidc.StandardClaimNames.GENDER;
-import static org.springframework.security.oauth2.core.oidc.StandardClaimNames.GIVEN_NAME;
-import static org.springframework.security.oauth2.core.oidc.StandardClaimNames.LOCALE;
-import static org.springframework.security.oauth2.core.oidc.StandardClaimNames.MIDDLE_NAME;
-import static org.springframework.security.oauth2.core.oidc.StandardClaimNames.NAME;
-import static org.springframework.security.oauth2.core.oidc.StandardClaimNames.NICKNAME;
-import static org.springframework.security.oauth2.core.oidc.StandardClaimNames.PHONE_NUMBER;
-import static org.springframework.security.oauth2.core.oidc.StandardClaimNames.PHONE_NUMBER_VERIFIED;
-import static org.springframework.security.oauth2.core.oidc.StandardClaimNames.PICTURE;
-import static org.springframework.security.oauth2.core.oidc.StandardClaimNames.PREFERRED_USERNAME;
-import static org.springframework.security.oauth2.core.oidc.StandardClaimNames.PROFILE;
-import static org.springframework.security.oauth2.core.oidc.StandardClaimNames.SUB;
-import static org.springframework.security.oauth2.core.oidc.StandardClaimNames.UPDATED_AT;
-import static org.springframework.security.oauth2.core.oidc.StandardClaimNames.WEBSITE;
-import static org.springframework.security.oauth2.core.oidc.StandardClaimNames.ZONEINFO;
-
 /**
  * A representation of a UserInfo Response that is returned from the OAuth 2.0 Protected
  * Resource UserInfo Endpoint.
@@ -155,7 +134,7 @@ public class OidcUserInfo implements StandardClaimAccessor, Serializable {
 		 * @return the {@link Builder} for further configurations
 		 */
 		public Builder address(String address) {
-			return this.claim(ADDRESS, address);
+			return this.claim(StandardClaimNames.ADDRESS, address);
 		}
 
 		/**
@@ -164,7 +143,7 @@ public class OidcUserInfo implements StandardClaimAccessor, Serializable {
 		 * @return the {@link Builder} for further configurations
 		 */
 		public Builder birthdate(String birthdate) {
-			return this.claim(BIRTHDATE, birthdate);
+			return this.claim(StandardClaimNames.BIRTHDATE, birthdate);
 		}
 
 		/**
@@ -173,7 +152,7 @@ public class OidcUserInfo implements StandardClaimAccessor, Serializable {
 		 * @return the {@link Builder} for further configurations
 		 */
 		public Builder email(String email) {
-			return this.claim(EMAIL, email);
+			return this.claim(StandardClaimNames.EMAIL, email);
 		}
 
 		/**
@@ -182,7 +161,7 @@ public class OidcUserInfo implements StandardClaimAccessor, Serializable {
 		 * @return the {@link Builder} for further configurations
 		 */
 		public Builder emailVerified(Boolean emailVerified) {
-			return this.claim(EMAIL_VERIFIED, emailVerified);
+			return this.claim(StandardClaimNames.EMAIL_VERIFIED, emailVerified);
 		}
 
 		/**
@@ -191,7 +170,7 @@ public class OidcUserInfo implements StandardClaimAccessor, Serializable {
 		 * @return the {@link Builder} for further configurations
 		 */
 		public Builder familyName(String familyName) {
-			return claim(FAMILY_NAME, familyName);
+			return claim(StandardClaimNames.FAMILY_NAME, familyName);
 		}
 
 		/**
@@ -200,7 +179,7 @@ public class OidcUserInfo implements StandardClaimAccessor, Serializable {
 		 * @return the {@link Builder} for further configurations
 		 */
 		public Builder gender(String gender) {
-			return this.claim(GENDER, gender);
+			return this.claim(StandardClaimNames.GENDER, gender);
 		}
 
 		/**
@@ -209,7 +188,7 @@ public class OidcUserInfo implements StandardClaimAccessor, Serializable {
 		 * @return the {@link Builder} for further configurations
 		 */
 		public Builder givenName(String givenName) {
-			return claim(GIVEN_NAME, givenName);
+			return claim(StandardClaimNames.GIVEN_NAME, givenName);
 		}
 
 		/**
@@ -218,7 +197,7 @@ public class OidcUserInfo implements StandardClaimAccessor, Serializable {
 		 * @return the {@link Builder} for further configurations
 		 */
 		public Builder locale(String locale) {
-			return this.claim(LOCALE, locale);
+			return this.claim(StandardClaimNames.LOCALE, locale);
 		}
 
 		/**
@@ -227,7 +206,7 @@ public class OidcUserInfo implements StandardClaimAccessor, Serializable {
 		 * @return the {@link Builder} for further configurations
 		 */
 		public Builder middleName(String middleName) {
-			return claim(MIDDLE_NAME, middleName);
+			return claim(StandardClaimNames.MIDDLE_NAME, middleName);
 		}
 
 		/**
@@ -236,7 +215,7 @@ public class OidcUserInfo implements StandardClaimAccessor, Serializable {
 		 * @return the {@link Builder} for further configurations
 		 */
 		public Builder name(String name) {
-			return claim(NAME, name);
+			return claim(StandardClaimNames.NAME, name);
 		}
 
 		/**
@@ -245,7 +224,7 @@ public class OidcUserInfo implements StandardClaimAccessor, Serializable {
 		 * @return the {@link Builder} for further configurations
 		 */
 		public Builder nickname(String nickname) {
-			return claim(NICKNAME, nickname);
+			return claim(StandardClaimNames.NICKNAME, nickname);
 		}
 
 		/**
@@ -254,7 +233,7 @@ public class OidcUserInfo implements StandardClaimAccessor, Serializable {
 		 * @return the {@link Builder} for further configurations
 		 */
 		public Builder picture(String picture) {
-			return this.claim(PICTURE, picture);
+			return this.claim(StandardClaimNames.PICTURE, picture);
 		}
 
 		/**
@@ -263,7 +242,7 @@ public class OidcUserInfo implements StandardClaimAccessor, Serializable {
 		 * @return the {@link Builder} for further configurations
 		 */
 		public Builder phoneNumber(String phoneNumber) {
-			return this.claim(PHONE_NUMBER, phoneNumber);
+			return this.claim(StandardClaimNames.PHONE_NUMBER, phoneNumber);
 		}
 
 		/**
@@ -272,7 +251,7 @@ public class OidcUserInfo implements StandardClaimAccessor, Serializable {
 		 * @return the {@link Builder} for further configurations
 		 */
 		public Builder phoneNumberVerified(String phoneNumberVerified) {
-			return this.claim(PHONE_NUMBER_VERIFIED, phoneNumberVerified);
+			return this.claim(StandardClaimNames.PHONE_NUMBER_VERIFIED, phoneNumberVerified);
 		}
 
 		/**
@@ -281,7 +260,7 @@ public class OidcUserInfo implements StandardClaimAccessor, Serializable {
 		 * @return the {@link Builder} for further configurations
 		 */
 		public Builder preferredUsername(String preferredUsername) {
-			return claim(PREFERRED_USERNAME, preferredUsername);
+			return claim(StandardClaimNames.PREFERRED_USERNAME, preferredUsername);
 		}
 
 		/**
@@ -290,7 +269,7 @@ public class OidcUserInfo implements StandardClaimAccessor, Serializable {
 		 * @return the {@link Builder} for further configurations
 		 */
 		public Builder profile(String profile) {
-			return claim(PROFILE, profile);
+			return claim(StandardClaimNames.PROFILE, profile);
 		}
 
 		/**
@@ -299,7 +278,7 @@ public class OidcUserInfo implements StandardClaimAccessor, Serializable {
 		 * @return the {@link Builder} for further configurations
 		 */
 		public Builder subject(String subject) {
-			return this.claim(SUB, subject);
+			return this.claim(StandardClaimNames.SUB, subject);
 		}
 
 		/**
@@ -308,7 +287,7 @@ public class OidcUserInfo implements StandardClaimAccessor, Serializable {
 		 * @return the {@link Builder} for further configurations
 		 */
 		public Builder updatedAt(String updatedAt) {
-			return this.claim(UPDATED_AT, updatedAt);
+			return this.claim(StandardClaimNames.UPDATED_AT, updatedAt);
 		}
 
 		/**
@@ -317,7 +296,7 @@ public class OidcUserInfo implements StandardClaimAccessor, Serializable {
 		 * @return the {@link Builder} for further configurations
 		 */
 		public Builder website(String website) {
-			return this.claim(WEBSITE, website);
+			return this.claim(StandardClaimNames.WEBSITE, website);
 		}
 
 		/**
@@ -326,7 +305,7 @@ public class OidcUserInfo implements StandardClaimAccessor, Serializable {
 		 * @return the {@link Builder} for further configurations
 		 */
 		public Builder zoneinfo(String zoneinfo) {
-			return this.claim(ZONEINFO, zoneinfo);
+			return this.claim(StandardClaimNames.ZONEINFO, zoneinfo);
 		}
 
 		/**
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationExchangeTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationExchangeTests.java
index 7c8cb0bc0e..3f765768b9 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationExchangeTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationExchangeTests.java
@@ -18,8 +18,6 @@ package org.springframework.security.oauth2.core.endpoint;
 import org.junit.Test;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.springframework.security.oauth2.core.endpoint.TestOAuth2AuthorizationRequests.request;
-import static org.springframework.security.oauth2.core.endpoint.TestOAuth2AuthorizationResponses.success;
 
 /**
  * Tests for {@link OAuth2AuthorizationExchange}.
@@ -30,18 +28,18 @@ public class OAuth2AuthorizationExchangeTests {
 
 	@Test(expected = IllegalArgumentException.class)
 	public void constructorWhenAuthorizationRequestIsNullThenThrowIllegalArgumentException() {
-		new OAuth2AuthorizationExchange(null, success().build());
+		new OAuth2AuthorizationExchange(null, TestOAuth2AuthorizationResponses.success().build());
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void constructorWhenAuthorizationResponseIsNullThenThrowIllegalArgumentException() {
-		new OAuth2AuthorizationExchange(request().build(), null);
+		new OAuth2AuthorizationExchange(TestOAuth2AuthorizationRequests.request().build(), null);
 	}
 
 	@Test
 	public void constructorWhenRequiredArgsProvidedThenCreated() {
-		OAuth2AuthorizationRequest authorizationRequest = request().build();
-		OAuth2AuthorizationResponse authorizationResponse = success().build();
+		OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request().build();
+		OAuth2AuthorizationResponse authorizationResponse = TestOAuth2AuthorizationResponses.success().build();
 		OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(authorizationRequest,
 				authorizationResponse);
 		assertThat(authorizationExchange.getAuthorizationRequest()).isEqualTo(authorizationRequest);
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcIdTokenBuilderTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcIdTokenBuilderTests.java
index 50d4bb5223..07ba4d5834 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcIdTokenBuilderTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcIdTokenBuilderTests.java
@@ -22,9 +22,6 @@ import org.junit.Test;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatCode;
-import static org.springframework.security.oauth2.core.oidc.IdTokenClaimNames.EXP;
-import static org.springframework.security.oauth2.core.oidc.IdTokenClaimNames.IAT;
-import static org.springframework.security.oauth2.core.oidc.IdTokenClaimNames.SUB;
 
 /**
  * Tests for {@link OidcUserInfo}
@@ -62,7 +59,7 @@ public class OidcIdTokenBuilderTests {
 		idToken = idTokenBuilder.expiresAt(now).build();
 		assertThat(idToken.getExpiresAt()).isSameAs(now);
 
-		assertThatCode(() -> idTokenBuilder.claim(EXP, "not an instant").build())
+		assertThatCode(() -> idTokenBuilder.claim(IdTokenClaimNames.EXP, "not an instant").build())
 				.isInstanceOf(IllegalArgumentException.class);
 	}
 
@@ -78,7 +75,7 @@ public class OidcIdTokenBuilderTests {
 		idToken = idTokenBuilder.issuedAt(now).build();
 		assertThat(idToken.getIssuedAt()).isSameAs(now);
 
-		assertThatCode(() -> idTokenBuilder.claim(IAT, "not an instant").build())
+		assertThatCode(() -> idTokenBuilder.claim(IdTokenClaimNames.IAT, "not an instant").build())
 				.isInstanceOf(IllegalArgumentException.class);
 	}
 
@@ -89,10 +86,10 @@ public class OidcIdTokenBuilderTests {
 		String generic = new String("sub");
 		String named = new String("sub");
 
-		OidcIdToken idToken = idTokenBuilder.subject(named).claim(SUB, generic).build();
+		OidcIdToken idToken = idTokenBuilder.subject(named).claim(IdTokenClaimNames.SUB, generic).build();
 		assertThat(idToken.getSubject()).isSameAs(generic);
 
-		idToken = idTokenBuilder.claim(SUB, generic).subject(named).build();
+		idToken = idTokenBuilder.claim(IdTokenClaimNames.SUB, generic).subject(named).build();
 		assertThat(idToken.getSubject()).isSameAs(named);
 	}
 
@@ -100,7 +97,8 @@ public class OidcIdTokenBuilderTests {
 	public void claimsWhenRemovingAClaimThenIsNotPresent() {
 		OidcIdToken.Builder idTokenBuilder = OidcIdToken.withTokenValue("token").claim("needs", "a claim");
 
-		OidcIdToken idToken = idTokenBuilder.subject("sub").claims(claims -> claims.remove(SUB)).build();
+		OidcIdToken idToken = idTokenBuilder.subject("sub").claims(claims -> claims.remove(IdTokenClaimNames.SUB))
+				.build();
 		assertThat(idToken.getSubject()).isNull();
 	}
 
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcUserInfoBuilderTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcUserInfoBuilderTests.java
index ce6fddf320..84bdf7f5e9 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcUserInfoBuilderTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcUserInfoBuilderTests.java
@@ -19,7 +19,6 @@ package org.springframework.security.oauth2.core.oidc;
 import org.junit.Test;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.springframework.security.oauth2.core.oidc.IdTokenClaimNames.SUB;
 
 /**
  * Tests for {@link OidcUserInfo}
@@ -49,10 +48,10 @@ public class OidcUserInfoBuilderTests {
 		String generic = new String("sub");
 		String named = new String("sub");
 
-		OidcUserInfo userInfo = userInfoBuilder.subject(named).claim(SUB, generic).build();
+		OidcUserInfo userInfo = userInfoBuilder.subject(named).claim(IdTokenClaimNames.SUB, generic).build();
 		assertThat(userInfo.getSubject()).isSameAs(generic);
 
-		userInfo = userInfoBuilder.claim(SUB, generic).subject(named).build();
+		userInfo = userInfoBuilder.claim(IdTokenClaimNames.SUB, generic).subject(named).build();
 		assertThat(userInfo.getSubject()).isSameAs(named);
 	}
 
@@ -60,7 +59,8 @@ public class OidcUserInfoBuilderTests {
 	public void claimsWhenRemovingAClaimThenIsNotPresent() {
 		OidcUserInfo.Builder userInfoBuilder = OidcUserInfo.builder().claim("needs", "a claim");
 
-		OidcUserInfo userInfo = userInfoBuilder.subject("sub").claims(claims -> claims.remove(SUB)).build();
+		OidcUserInfo userInfo = userInfoBuilder.subject("sub").claims(claims -> claims.remove(IdTokenClaimNames.SUB))
+				.build();
 		assertThat(userInfo.getSubject()).isNull();
 	}
 
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcUserInfoTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcUserInfoTests.java
index da3cd4a489..247e4f8b45 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcUserInfoTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcUserInfoTests.java
@@ -23,18 +23,6 @@ import java.util.Map;
 import org.junit.Test;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.springframework.security.oauth2.core.oidc.DefaultAddressStandardClaimTests.COUNTRY;
-import static org.springframework.security.oauth2.core.oidc.DefaultAddressStandardClaimTests.COUNTRY_FIELD_NAME;
-import static org.springframework.security.oauth2.core.oidc.DefaultAddressStandardClaimTests.FORMATTED;
-import static org.springframework.security.oauth2.core.oidc.DefaultAddressStandardClaimTests.FORMATTED_FIELD_NAME;
-import static org.springframework.security.oauth2.core.oidc.DefaultAddressStandardClaimTests.LOCALITY;
-import static org.springframework.security.oauth2.core.oidc.DefaultAddressStandardClaimTests.LOCALITY_FIELD_NAME;
-import static org.springframework.security.oauth2.core.oidc.DefaultAddressStandardClaimTests.POSTAL_CODE;
-import static org.springframework.security.oauth2.core.oidc.DefaultAddressStandardClaimTests.POSTAL_CODE_FIELD_NAME;
-import static org.springframework.security.oauth2.core.oidc.DefaultAddressStandardClaimTests.REGION;
-import static org.springframework.security.oauth2.core.oidc.DefaultAddressStandardClaimTests.REGION_FIELD_NAME;
-import static org.springframework.security.oauth2.core.oidc.DefaultAddressStandardClaimTests.STREET_ADDRESS;
-import static org.springframework.security.oauth2.core.oidc.DefaultAddressStandardClaimTests.STREET_ADDRESS_FIELD_NAME;
 
 /**
  * Tests for {@link OidcUserInfo}.
@@ -147,12 +135,17 @@ public class OidcUserInfoTests {
 		CLAIMS.put(PHONE_NUMBER_VERIFIED_CLAIM, PHONE_NUMBER_VERIFIED_VALUE);
 
 		ADDRESS_VALUE = new HashMap<>();
-		ADDRESS_VALUE.put(FORMATTED_FIELD_NAME, FORMATTED);
-		ADDRESS_VALUE.put(STREET_ADDRESS_FIELD_NAME, STREET_ADDRESS);
-		ADDRESS_VALUE.put(LOCALITY_FIELD_NAME, LOCALITY);
-		ADDRESS_VALUE.put(REGION_FIELD_NAME, REGION);
-		ADDRESS_VALUE.put(POSTAL_CODE_FIELD_NAME, POSTAL_CODE);
-		ADDRESS_VALUE.put(COUNTRY_FIELD_NAME, COUNTRY);
+		ADDRESS_VALUE.put(DefaultAddressStandardClaimTests.FORMATTED_FIELD_NAME,
+				DefaultAddressStandardClaimTests.FORMATTED);
+		ADDRESS_VALUE.put(DefaultAddressStandardClaimTests.STREET_ADDRESS_FIELD_NAME,
+				DefaultAddressStandardClaimTests.STREET_ADDRESS);
+		ADDRESS_VALUE.put(DefaultAddressStandardClaimTests.LOCALITY_FIELD_NAME,
+				DefaultAddressStandardClaimTests.LOCALITY);
+		ADDRESS_VALUE.put(DefaultAddressStandardClaimTests.REGION_FIELD_NAME, DefaultAddressStandardClaimTests.REGION);
+		ADDRESS_VALUE.put(DefaultAddressStandardClaimTests.POSTAL_CODE_FIELD_NAME,
+				DefaultAddressStandardClaimTests.POSTAL_CODE);
+		ADDRESS_VALUE.put(DefaultAddressStandardClaimTests.COUNTRY_FIELD_NAME,
+				DefaultAddressStandardClaimTests.COUNTRY);
 		CLAIMS.put(ADDRESS_CLAIM, ADDRESS_VALUE);
 
 		CLAIMS.put(UPDATED_AT_CLAIM, UPDATED_AT_VALUE);
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/TestOidcIdTokens.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/TestOidcIdTokens.java
index a97d9c94b6..1f5935bb80 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/TestOidcIdTokens.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/TestOidcIdTokens.java
@@ -18,8 +18,6 @@ package org.springframework.security.oauth2.core.oidc;
 
 import java.time.Instant;
 
-import static org.springframework.security.oauth2.core.oidc.OidcIdToken.withTokenValue;
-
 /**
  * Test {@link OidcIdToken}s
  *
@@ -28,8 +26,8 @@ import static org.springframework.security.oauth2.core.oidc.OidcIdToken.withToke
 public class TestOidcIdTokens {
 
 	public static OidcIdToken.Builder idToken() {
-		return withTokenValue("id-token").issuer("https://example.com").subject("subject").issuedAt(Instant.now())
-				.expiresAt(Instant.now().plusSeconds(86400)).claim("id", "id");
+		return OidcIdToken.withTokenValue("id-token").issuer("https://example.com").subject("subject")
+				.issuedAt(Instant.now()).expiresAt(Instant.now().plusSeconds(86400)).claim("id", "id");
 	}
 
 }
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/Jwt.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/Jwt.java
index 89db2fee89..a01c905704 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/Jwt.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/Jwt.java
@@ -25,14 +25,6 @@ import java.util.function.Consumer;
 import org.springframework.security.oauth2.core.AbstractOAuth2Token;
 import org.springframework.util.Assert;
 
-import static org.springframework.security.oauth2.jwt.JwtClaimNames.AUD;
-import static org.springframework.security.oauth2.jwt.JwtClaimNames.EXP;
-import static org.springframework.security.oauth2.jwt.JwtClaimNames.IAT;
-import static org.springframework.security.oauth2.jwt.JwtClaimNames.ISS;
-import static org.springframework.security.oauth2.jwt.JwtClaimNames.JTI;
-import static org.springframework.security.oauth2.jwt.JwtClaimNames.NBF;
-import static org.springframework.security.oauth2.jwt.JwtClaimNames.SUB;
-
 /**
  * An implementation of an {@link AbstractOAuth2Token} representing a JSON Web Token
  * (JWT).
@@ -182,7 +174,7 @@ public class Jwt extends AbstractOAuth2Token implements JwtClaimAccessor {
 		 * @return the {@link Builder} for further configurations
 		 */
 		public Builder audience(Collection<String> audience) {
-			return claim(AUD, audience);
+			return claim(JwtClaimNames.AUD, audience);
 		}
 
 		/**
@@ -191,7 +183,7 @@ public class Jwt extends AbstractOAuth2Token implements JwtClaimAccessor {
 		 * @return the {@link Builder} for further configurations
 		 */
 		public Builder expiresAt(Instant expiresAt) {
-			this.claim(EXP, expiresAt);
+			this.claim(JwtClaimNames.EXP, expiresAt);
 			return this;
 		}
 
@@ -201,7 +193,7 @@ public class Jwt extends AbstractOAuth2Token implements JwtClaimAccessor {
 		 * @return the {@link Builder} for further configurations
 		 */
 		public Builder jti(String jti) {
-			this.claim(JTI, jti);
+			this.claim(JwtClaimNames.JTI, jti);
 			return this;
 		}
 
@@ -211,7 +203,7 @@ public class Jwt extends AbstractOAuth2Token implements JwtClaimAccessor {
 		 * @return the {@link Builder} for further configurations
 		 */
 		public Builder issuedAt(Instant issuedAt) {
-			this.claim(IAT, issuedAt);
+			this.claim(JwtClaimNames.IAT, issuedAt);
 			return this;
 		}
 
@@ -221,7 +213,7 @@ public class Jwt extends AbstractOAuth2Token implements JwtClaimAccessor {
 		 * @return the {@link Builder} for further configurations
 		 */
 		public Builder issuer(String issuer) {
-			this.claim(ISS, issuer);
+			this.claim(JwtClaimNames.ISS, issuer);
 			return this;
 		}
 
@@ -231,7 +223,7 @@ public class Jwt extends AbstractOAuth2Token implements JwtClaimAccessor {
 		 * @return the {@link Builder} for further configurations
 		 */
 		public Builder notBefore(Instant notBefore) {
-			this.claim(NBF, notBefore);
+			this.claim(JwtClaimNames.NBF, notBefore);
 			return this;
 		}
 
@@ -241,7 +233,7 @@ public class Jwt extends AbstractOAuth2Token implements JwtClaimAccessor {
 		 * @return the {@link Builder} for further configurations
 		 */
 		public Builder subject(String subject) {
-			this.claim(SUB, subject);
+			this.claim(JwtClaimNames.SUB, subject);
 			return this;
 		}
 
@@ -250,8 +242,8 @@ public class Jwt extends AbstractOAuth2Token implements JwtClaimAccessor {
 		 * @return The constructed {@link Jwt}
 		 */
 		public Jwt build() {
-			Instant iat = toInstant(this.claims.get(IAT));
-			Instant exp = toInstant(this.claims.get(EXP));
+			Instant iat = toInstant(this.claims.get(JwtClaimNames.IAT));
+			Instant exp = toInstant(this.claims.get(JwtClaimNames.EXP));
 			return new Jwt(this.tokenValue, iat, exp, this.headers, this.claims);
 		}
 
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtDecoders.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtDecoders.java
index b4acb42b9b..ca8b4d2955 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtDecoders.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtDecoders.java
@@ -20,8 +20,6 @@ import java.util.Map;
 import org.springframework.security.oauth2.core.OAuth2TokenValidator;
 import org.springframework.util.Assert;
 
-import static org.springframework.security.oauth2.jwt.NimbusJwtDecoder.withJwkSetUri;
-
 /**
  * Allows creating a {@link JwtDecoder} from an <a href=
  * "https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig">OpenID
@@ -104,7 +102,7 @@ public final class JwtDecoders {
 	private static JwtDecoder withProviderConfiguration(Map<String, Object> configuration, String issuer) {
 		JwtDecoderProviderConfigurationUtils.validateIssuer(configuration, issuer);
 		OAuth2TokenValidator<Jwt> jwtValidator = JwtValidators.createDefaultWithIssuer(issuer);
-		NimbusJwtDecoder jwtDecoder = withJwkSetUri(configuration.get("jwks_uri").toString()).build();
+		NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder.withJwkSetUri(configuration.get("jwks_uri").toString()).build();
 		jwtDecoder.setJwtValidator(jwtValidator);
 
 		return jwtDecoder;
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtIssuerValidator.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtIssuerValidator.java
index 6f0c085621..87917a3b95 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtIssuerValidator.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtIssuerValidator.java
@@ -19,8 +19,6 @@ import org.springframework.security.oauth2.core.OAuth2TokenValidator;
 import org.springframework.security.oauth2.core.OAuth2TokenValidatorResult;
 import org.springframework.util.Assert;
 
-import static org.springframework.security.oauth2.jwt.JwtClaimNames.ISS;
-
 /**
  * Validates the "iss" claim in a {@link Jwt}, that is matches a configured value
  *
@@ -37,7 +35,7 @@ public final class JwtIssuerValidator implements OAuth2TokenValidator<Jwt> {
 	 */
 	public JwtIssuerValidator(String issuer) {
 		Assert.notNull(issuer, "issuer cannot be null");
-		this.validator = new JwtClaimValidator(ISS, issuer::equals);
+		this.validator = new JwtClaimValidator(JwtClaimNames.ISS, issuer::equals);
 	}
 
 	/**
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderJwkSupport.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderJwkSupport.java
index 2e381ab758..7997154f66 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderJwkSupport.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderJwkSupport.java
@@ -25,8 +25,6 @@ import org.springframework.security.oauth2.jose.jws.SignatureAlgorithm;
 import org.springframework.util.Assert;
 import org.springframework.web.client.RestOperations;
 
-import static org.springframework.security.oauth2.jwt.NimbusJwtDecoder.withJwkSetUri;
-
 /**
  * An implementation of a {@link JwtDecoder} that "decodes" a JSON Web Token (JWT) and
  * additionally verifies it's digital signature if the JWT is a JSON Web Signature (JWS).
@@ -81,7 +79,8 @@ public final class NimbusJwtDecoderJwkSupport implements JwtDecoder {
 		Assert.hasText(jwkSetUrl, "jwkSetUrl cannot be empty");
 		Assert.hasText(jwsAlgorithm, "jwsAlgorithm cannot be empty");
 
-		this.jwtDecoderBuilder = withJwkSetUri(jwkSetUrl).jwsAlgorithm(SignatureAlgorithm.from(jwsAlgorithm));
+		this.jwtDecoderBuilder = NimbusJwtDecoder.withJwkSetUri(jwkSetUrl)
+				.jwsAlgorithm(SignatureAlgorithm.from(jwsAlgorithm));
 		this.delegate = makeDelegate();
 	}
 
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveJwtDecoders.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveJwtDecoders.java
index 702ca0eaef..3f5da085ac 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveJwtDecoders.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveJwtDecoders.java
@@ -20,8 +20,6 @@ import java.util.Map;
 import org.springframework.security.oauth2.core.OAuth2TokenValidator;
 import org.springframework.util.Assert;
 
-import static org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder.withJwkSetUri;
-
 /**
  * Allows creating a {@link ReactiveJwtDecoder} from an <a href=
  * "https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig">OpenID
@@ -104,7 +102,8 @@ public final class ReactiveJwtDecoders {
 	private static ReactiveJwtDecoder withProviderConfiguration(Map<String, Object> configuration, String issuer) {
 		JwtDecoderProviderConfigurationUtils.validateIssuer(configuration, issuer);
 		OAuth2TokenValidator<Jwt> jwtValidator = JwtValidators.createDefaultWithIssuer(issuer);
-		NimbusReactiveJwtDecoder jwtDecoder = withJwkSetUri(configuration.get("jwks_uri").toString()).build();
+		NimbusReactiveJwtDecoder jwtDecoder = NimbusReactiveJwtDecoder
+				.withJwkSetUri(configuration.get("jwks_uri").toString()).build();
 		jwtDecoder.setJwtValidator(jwtValidator);
 
 		return jwtDecoder;
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtBuilderTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtBuilderTests.java
index c0941bb83e..d21ab8723e 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtBuilderTests.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtBuilderTests.java
@@ -21,9 +21,6 @@ import org.junit.Test;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatCode;
-import static org.springframework.security.oauth2.jwt.JwtClaimNames.EXP;
-import static org.springframework.security.oauth2.jwt.JwtClaimNames.IAT;
-import static org.springframework.security.oauth2.jwt.JwtClaimNames.SUB;
 
 /**
  * Tests for {@link Jwt.Builder}.
@@ -69,7 +66,7 @@ public class JwtBuilderTests {
 		jwt = jwtBuilder.expiresAt(now).build();
 		assertThat(jwt.getExpiresAt()).isSameAs(now);
 
-		assertThatCode(() -> jwtBuilder.claim(EXP, "not an instant").build())
+		assertThatCode(() -> jwtBuilder.claim(JwtClaimNames.EXP, "not an instant").build())
 				.isInstanceOf(IllegalArgumentException.class);
 	}
 
@@ -85,7 +82,7 @@ public class JwtBuilderTests {
 		jwt = jwtBuilder.issuedAt(now).build();
 		assertThat(jwt.getIssuedAt()).isSameAs(now);
 
-		assertThatCode(() -> jwtBuilder.claim(IAT, "not an instant").build())
+		assertThatCode(() -> jwtBuilder.claim(JwtClaimNames.IAT, "not an instant").build())
 				.isInstanceOf(IllegalArgumentException.class);
 	}
 
@@ -96,10 +93,10 @@ public class JwtBuilderTests {
 		String generic = new String("sub");
 		String named = new String("sub");
 
-		Jwt jwt = jwtBuilder.subject(named).claim(SUB, generic).build();
+		Jwt jwt = jwtBuilder.subject(named).claim(JwtClaimNames.SUB, generic).build();
 		assertThat(jwt.getSubject()).isSameAs(generic);
 
-		jwt = jwtBuilder.claim(SUB, generic).subject(named).build();
+		jwt = jwtBuilder.claim(JwtClaimNames.SUB, generic).subject(named).build();
 		assertThat(jwt.getSubject()).isSameAs(named);
 	}
 
@@ -107,7 +104,7 @@ public class JwtBuilderTests {
 	public void claimsWhenRemovingAClaimThenIsNotPresent() {
 		Jwt.Builder jwtBuilder = Jwt.withTokenValue("token").claim("needs", "a claim").header("needs", "a header");
 
-		Jwt jwt = jwtBuilder.subject("sub").claims(claims -> claims.remove(SUB)).build();
+		Jwt jwt = jwtBuilder.subject("sub").claims(claims -> claims.remove(JwtClaimNames.SUB)).build();
 		assertThat(jwt.getSubject()).isNull();
 	}
 
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtClaimValidatorTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtClaimValidatorTests.java
index 609383ff46..a2db9b38a2 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtClaimValidatorTests.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtClaimValidatorTests.java
@@ -23,8 +23,6 @@ import org.springframework.security.oauth2.core.OAuth2TokenValidatorResult;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
-import static org.springframework.security.oauth2.jwt.JwtClaimNames.ISS;
-import static org.springframework.security.oauth2.jwt.TestJwts.jwt;
 
 /**
  * Tests for {@link JwtClaimValidator}.
@@ -35,17 +33,17 @@ public class JwtClaimValidatorTests {
 
 	private static final Predicate<String> test = claim -> claim.equals("http://test");
 
-	private final JwtClaimValidator<String> validator = new JwtClaimValidator<>(ISS, test);
+	private final JwtClaimValidator<String> validator = new JwtClaimValidator<>(JwtClaimNames.ISS, test);
 
 	@Test
 	public void validateWhenClaimPassesTheTestThenReturnsSuccess() {
-		Jwt jwt = jwt().claim(ISS, "http://test").build();
+		Jwt jwt = TestJwts.jwt().claim(JwtClaimNames.ISS, "http://test").build();
 		assertThat(this.validator.validate(jwt)).isEqualTo(OAuth2TokenValidatorResult.success());
 	}
 
 	@Test
 	public void validateWhenClaimFailsTheTestThenReturnsFailure() {
-		Jwt jwt = jwt().claim(ISS, "http://abc").build();
+		Jwt jwt = TestJwts.jwt().claim(JwtClaimNames.ISS, "http://abc").build();
 		assertThat(this.validator.validate(jwt).getErrors().isEmpty()).isFalse();
 	}
 
@@ -56,7 +54,8 @@ public class JwtClaimValidatorTests {
 
 	@Test
 	public void validateWhenTestIsNullThenThrowsIllegalArgumentException() {
-		assertThatThrownBy(() -> new JwtClaimValidator<>(ISS, null)).isInstanceOf(IllegalArgumentException.class);
+		assertThatThrownBy(() -> new JwtClaimValidator<>(JwtClaimNames.ISS, null))
+				.isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtIssuerValidatorTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtIssuerValidatorTests.java
index 688ef5ef65..62c50ef705 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtIssuerValidatorTests.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtIssuerValidatorTests.java
@@ -21,7 +21,6 @@ import org.springframework.security.oauth2.core.OAuth2TokenValidatorResult;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatCode;
-import static org.springframework.security.oauth2.jwt.TestJwts.jwt;
 
 /**
  * @author Josh Cummings
@@ -35,14 +34,14 @@ public class JwtIssuerValidatorTests {
 
 	@Test
 	public void validateWhenIssuerMatchesThenReturnsSuccess() {
-		Jwt jwt = jwt().claim("iss", ISSUER).build();
+		Jwt jwt = TestJwts.jwt().claim("iss", ISSUER).build();
 
 		assertThat(this.validator.validate(jwt)).isEqualTo(OAuth2TokenValidatorResult.success());
 	}
 
 	@Test
 	public void validateWhenIssuerMismatchesThenReturnsError() {
-		Jwt jwt = jwt().claim(JwtClaimNames.ISS, "https://other").build();
+		Jwt jwt = TestJwts.jwt().claim(JwtClaimNames.ISS, "https://other").build();
 
 		OAuth2TokenValidatorResult result = this.validator.validate(jwt);
 
@@ -51,7 +50,7 @@ public class JwtIssuerValidatorTests {
 
 	@Test
 	public void validateWhenJwtHasNoIssuerThenReturnsError() {
-		Jwt jwt = jwt().claim(JwtClaimNames.AUD, "https://aud").build();
+		Jwt jwt = TestJwts.jwt().claim(JwtClaimNames.AUD, "https://aud").build();
 
 		OAuth2TokenValidatorResult result = this.validator.validate(jwt);
 		assertThat(result.getErrors()).isNotEmpty();
@@ -60,7 +59,7 @@ public class JwtIssuerValidatorTests {
 	// gh-6073
 	@Test
 	public void validateWhenIssuerMatchesAndIsNotAUriThenReturnsSuccess() {
-		Jwt jwt = jwt().claim(JwtClaimNames.ISS, "issuer").build();
+		Jwt jwt = TestJwts.jwt().claim(JwtClaimNames.ISS, "issuer").build();
 		JwtIssuerValidator validator = new JwtIssuerValidator("issuer");
 
 		assertThat(validator.validate(jwt)).isEqualTo(OAuth2TokenValidatorResult.success());
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtTimestampValidatorTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtTimestampValidatorTests.java
index 34b7bf0915..04f10f3074 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtTimestampValidatorTests.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtTimestampValidatorTests.java
@@ -32,8 +32,6 @@ import org.springframework.security.oauth2.jose.jws.JwsAlgorithms;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatCode;
-import static org.springframework.security.oauth2.jwt.JwtClaimNames.EXP;
-import static org.springframework.security.oauth2.jwt.TestJwts.jwt;
 
 /**
  * Tests verifying {@link JwtTimestampValidator}
@@ -56,7 +54,7 @@ public class JwtTimestampValidatorTests {
 	public void validateWhenJwtIsExpiredThenErrorMessageIndicatesExpirationTime() {
 		Instant oneHourAgo = Instant.now().minusSeconds(3600);
 
-		Jwt jwt = jwt().expiresAt(oneHourAgo).build();
+		Jwt jwt = TestJwts.jwt().expiresAt(oneHourAgo).build();
 
 		JwtTimestampValidator jwtValidator = new JwtTimestampValidator();
 
@@ -70,7 +68,7 @@ public class JwtTimestampValidatorTests {
 	public void validateWhenJwtIsTooEarlyThenErrorMessageIndicatesNotBeforeTime() {
 		Instant oneHourFromNow = Instant.now().plusSeconds(3600);
 
-		Jwt jwt = jwt().notBefore(oneHourFromNow).build();
+		Jwt jwt = TestJwts.jwt().notBefore(oneHourFromNow).build();
 
 		JwtTimestampValidator jwtValidator = new JwtTimestampValidator();
 
@@ -91,11 +89,11 @@ public class JwtTimestampValidatorTests {
 		Instant justOverOneDayAgo = now.minus(oneDayOff).minusSeconds(10);
 		Instant justOverOneDayFromNow = now.plus(oneDayOff).plusSeconds(10);
 
-		Jwt jwt = jwt().expiresAt(almostOneDayAgo).notBefore(almostOneDayFromNow).build();
+		Jwt jwt = TestJwts.jwt().expiresAt(almostOneDayAgo).notBefore(almostOneDayFromNow).build();
 
 		assertThat(jwtValidator.validate(jwt).hasErrors()).isFalse();
 
-		jwt = jwt().expiresAt(justOverOneDayAgo).build();
+		jwt = TestJwts.jwt().expiresAt(justOverOneDayAgo).build();
 
 		OAuth2TokenValidatorResult result = jwtValidator.validate(jwt);
 		Collection<String> messages = result.getErrors().stream().map(OAuth2Error::getDescription)
@@ -104,7 +102,7 @@ public class JwtTimestampValidatorTests {
 		assertThat(result.hasErrors()).isTrue();
 		assertThat(messages).contains("Jwt expired at " + justOverOneDayAgo);
 
-		jwt = jwt().notBefore(justOverOneDayFromNow).build();
+		jwt = TestJwts.jwt().notBefore(justOverOneDayFromNow).build();
 
 		result = jwtValidator.validate(jwt);
 		messages = result.getErrors().stream().map(OAuth2Error::getDescription).collect(Collectors.toList());
@@ -116,21 +114,21 @@ public class JwtTimestampValidatorTests {
 
 	@Test
 	public void validateWhenConfiguredWithFixedClockThenValidatesUsingFixedTime() {
-		Jwt jwt = jwt().expiresAt(Instant.now(MOCK_NOW)).build();
+		Jwt jwt = TestJwts.jwt().expiresAt(Instant.now(MOCK_NOW)).build();
 
 		JwtTimestampValidator jwtValidator = new JwtTimestampValidator(Duration.ofNanos(0));
 		jwtValidator.setClock(MOCK_NOW);
 
 		assertThat(jwtValidator.validate(jwt).hasErrors()).isFalse();
 
-		jwt = jwt().notBefore(Instant.now(MOCK_NOW)).build();
+		jwt = TestJwts.jwt().notBefore(Instant.now(MOCK_NOW)).build();
 
 		assertThat(jwtValidator.validate(jwt).hasErrors()).isFalse();
 	}
 
 	@Test
 	public void validateWhenNeitherExpiryNorNotBeforeIsSpecifiedThenReturnsSuccessfulResult() {
-		Jwt jwt = jwt().claims(c -> c.remove(EXP)).build();
+		Jwt jwt = TestJwts.jwt().claims(c -> c.remove(JwtClaimNames.EXP)).build();
 
 		JwtTimestampValidator jwtValidator = new JwtTimestampValidator();
 		assertThat(jwtValidator.validate(jwt).hasErrors()).isFalse();
@@ -138,7 +136,7 @@ public class JwtTimestampValidatorTests {
 
 	@Test
 	public void validateWhenNotBeforeIsValidAndExpiryIsNotSpecifiedThenReturnsSuccessfulResult() {
-		Jwt jwt = jwt().claims(c -> c.remove(EXP)).notBefore(Instant.MIN).build();
+		Jwt jwt = TestJwts.jwt().claims(c -> c.remove(JwtClaimNames.EXP)).notBefore(Instant.MIN).build();
 
 		JwtTimestampValidator jwtValidator = new JwtTimestampValidator();
 		assertThat(jwtValidator.validate(jwt).hasErrors()).isFalse();
@@ -146,7 +144,7 @@ public class JwtTimestampValidatorTests {
 
 	@Test
 	public void validateWhenExpiryIsValidAndNotBeforeIsNotSpecifiedThenReturnsSuccessfulResult() {
-		Jwt jwt = jwt().build();
+		Jwt jwt = TestJwts.jwt().build();
 
 		JwtTimestampValidator jwtValidator = new JwtTimestampValidator();
 		assertThat(jwtValidator.validate(jwt).hasErrors()).isFalse();
@@ -154,7 +152,7 @@ public class JwtTimestampValidatorTests {
 
 	@Test
 	public void validateWhenBothExpiryAndNotBeforeAreValidThenReturnsSuccessfulResult() {
-		Jwt jwt = jwt().expiresAt(Instant.now(MOCK_NOW)).notBefore(Instant.now(MOCK_NOW)).build();
+		Jwt jwt = TestJwts.jwt().expiresAt(Instant.now(MOCK_NOW)).notBefore(Instant.now(MOCK_NOW)).build();
 
 		JwtTimestampValidator jwtValidator = new JwtTimestampValidator(Duration.ofNanos(0));
 		jwtValidator.setClock(MOCK_NOW);
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderJwkSupportTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderJwkSupportTests.java
index 358f8bc99d..215d4ecd34 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderJwkSupportTests.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderJwkSupportTests.java
@@ -37,8 +37,8 @@ import org.springframework.web.client.RestOperations;
 import org.springframework.web.client.RestTemplate;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.AssertionsForClassTypes.assertThatCode;
-import static org.assertj.core.api.AssertionsForClassTypes.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatCode;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.BDDMockito.given;
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderTests.java
index 25a07fc930..eeecac5df6 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderTests.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderTests.java
@@ -76,8 +76,8 @@ import org.springframework.web.client.RestClientException;
 import org.springframework.web.client.RestOperations;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.AssertionsForClassTypes.assertThatCode;
-import static org.assertj.core.api.AssertionsForClassTypes.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatCode;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.BDDMockito.given;
@@ -85,9 +85,6 @@ import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.verifyNoInteractions;
 import static org.mockito.Mockito.verifyNoMoreInteractions;
-import static org.springframework.security.oauth2.jwt.NimbusJwtDecoder.withJwkSetUri;
-import static org.springframework.security.oauth2.jwt.NimbusJwtDecoder.withPublicKey;
-import static org.springframework.security.oauth2.jwt.NimbusJwtDecoder.withSecretKey;
 
 /**
  * Tests for {@link NimbusJwtDecoder}
@@ -257,7 +254,7 @@ public class NimbusJwtDecoderTests {
 	public void decodeWhenJwkEndpointIsUnresponsiveThenReturnsJwtException() throws Exception {
 		try (MockWebServer server = new MockWebServer()) {
 			String jwkSetUri = server.url("/.well-known/jwks.json").toString();
-			NimbusJwtDecoder jwtDecoder = withJwkSetUri(jwkSetUri).build();
+			NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder.withJwkSetUri(jwkSetUri).build();
 
 			server.shutdown();
 			assertThatCode(() -> jwtDecoder.decode(SIGNED_JWT)).isInstanceOf(JwtException.class)
@@ -271,58 +268,62 @@ public class NimbusJwtDecoderTests {
 		try (MockWebServer server = new MockWebServer()) {
 			Cache cache = new ConcurrentMapCache("test-jwk-set-cache");
 			String jwkSetUri = server.url("/.well-known/jwks.json").toString();
-			NimbusJwtDecoder jwtDecoder = withJwkSetUri(jwkSetUri).cache(cache).build();
+			NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder.withJwkSetUri(jwkSetUri).cache(cache).build();
 
 			server.shutdown();
 			assertThatCode(() -> jwtDecoder.decode(SIGNED_JWT)).isInstanceOf(JwtException.class)
 					.isNotInstanceOf(BadJwtException.class)
 					.hasMessageContaining("An error occurred while attempting to decode the Jwt");
+
 		}
 	}
 
 	@Test
 	public void withJwkSetUriWhenNullOrEmptyThenThrowsException() {
-		Assertions.assertThatCode(() -> withJwkSetUri(null)).isInstanceOf(IllegalArgumentException.class);
+		Assertions.assertThatCode(() -> NimbusJwtDecoder.withJwkSetUri(null))
+				.isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
 	public void jwsAlgorithmWhenNullThenThrowsException() {
-		NimbusJwtDecoder.JwkSetUriJwtDecoderBuilder builder = withJwkSetUri(JWK_SET_URI);
+		NimbusJwtDecoder.JwkSetUriJwtDecoderBuilder builder = NimbusJwtDecoder.withJwkSetUri(JWK_SET_URI);
 		Assertions.assertThatCode(() -> builder.jwsAlgorithm(null)).isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
 	public void restOperationsWhenNullThenThrowsException() {
-		NimbusJwtDecoder.JwkSetUriJwtDecoderBuilder builder = withJwkSetUri(JWK_SET_URI);
+		NimbusJwtDecoder.JwkSetUriJwtDecoderBuilder builder = NimbusJwtDecoder.withJwkSetUri(JWK_SET_URI);
 		Assertions.assertThatCode(() -> builder.restOperations(null)).isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
 	public void cacheWhenNullThenThrowsException() {
-		NimbusJwtDecoder.JwkSetUriJwtDecoderBuilder builder = withJwkSetUri(JWK_SET_URI);
+		NimbusJwtDecoder.JwkSetUriJwtDecoderBuilder builder = NimbusJwtDecoder.withJwkSetUri(JWK_SET_URI);
 		Assertions.assertThatCode(() -> builder.cache(null)).isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
 	public void withPublicKeyWhenNullThenThrowsException() {
-		assertThatThrownBy(() -> withPublicKey(null)).isInstanceOf(IllegalArgumentException.class);
+		assertThatThrownBy(() -> NimbusJwtDecoder.withPublicKey(null)).isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
 	public void buildWhenSignatureAlgorithmMismatchesKeyTypeThenThrowsException() {
-		Assertions.assertThatCode(() -> withPublicKey(key()).signatureAlgorithm(SignatureAlgorithm.ES256).build())
+		Assertions.assertThatCode(
+				() -> NimbusJwtDecoder.withPublicKey(key()).signatureAlgorithm(SignatureAlgorithm.ES256).build())
 				.isInstanceOf(IllegalStateException.class);
 	}
 
 	@Test
 	public void decodeWhenUsingPublicKeyThenSuccessfullyDecodes() throws Exception {
-		NimbusJwtDecoder decoder = withPublicKey(key()).build();
+		NimbusJwtDecoder decoder = NimbusJwtDecoder.withPublicKey(key()).build();
 		assertThat(decoder.decode(RS256_SIGNED_JWT)).extracting(Jwt::getSubject).isEqualTo("test-subject");
 	}
 
 	@Test
 	public void decodeWhenUsingPublicKeyWithRs512ThenSuccessfullyDecodes() throws Exception {
-		NimbusJwtDecoder decoder = withPublicKey(key()).signatureAlgorithm(SignatureAlgorithm.RS512).build();
+		NimbusJwtDecoder decoder = NimbusJwtDecoder.withPublicKey(key()).signatureAlgorithm(SignatureAlgorithm.RS512)
+				.build();
 		assertThat(decoder.decode(RS512_SIGNED_JWT)).extracting(Jwt::getSubject).isEqualTo("test-subject");
 	}
 
@@ -335,13 +336,15 @@ public class NimbusJwtDecoderTests {
 		JWTClaimsSet claimsSet = new JWTClaimsSet.Builder().subject("test-subject")
 				.expirationTime(Date.from(Instant.now().plusSeconds(60))).build();
 		SignedJWT signedJwt = signedJwt(privateKey, header, claimsSet);
-		NimbusJwtDecoder decoder = withPublicKey(publicKey).signatureAlgorithm(SignatureAlgorithm.RS256).build();
+		NimbusJwtDecoder decoder = NimbusJwtDecoder.withPublicKey(publicKey)
+				.signatureAlgorithm(SignatureAlgorithm.RS256).build();
 		assertThat(decoder.decode(signedJwt.serialize())).extracting(Jwt::getSubject).isEqualTo("test-subject");
 	}
 
 	@Test
 	public void decodeWhenSignatureMismatchesAlgorithmThenThrowsException() throws Exception {
-		NimbusJwtDecoder decoder = withPublicKey(key()).signatureAlgorithm(SignatureAlgorithm.RS512).build();
+		NimbusJwtDecoder decoder = NimbusJwtDecoder.withPublicKey(key()).signatureAlgorithm(SignatureAlgorithm.RS512)
+				.build();
 		Assertions.assertThatCode(() -> decoder.decode(RS256_SIGNED_JWT)).isInstanceOf(BadJwtException.class);
 	}
 
@@ -354,7 +357,8 @@ public class NimbusJwtDecoderTests {
 		JWTClaimsSet claimsSet = new JWTClaimsSet.Builder().expirationTime(Date.from(Instant.now().plusSeconds(60)))
 				.build();
 		SignedJWT signedJwt = signedJwt(privateKey, header, claimsSet);
-		NimbusJwtDecoder decoder = withPublicKey(publicKey).signatureAlgorithm(SignatureAlgorithm.RS256)
+		NimbusJwtDecoder decoder = NimbusJwtDecoder.withPublicKey(publicKey)
+				.signatureAlgorithm(SignatureAlgorithm.RS256)
 				.jwtProcessorCustomizer(
 						p -> p.setJWSTypeVerifier(new DefaultJOSEObjectTypeVerifier<>(new JOSEObjectType("JWS"))))
 				.build();
@@ -363,20 +367,20 @@ public class NimbusJwtDecoderTests {
 
 	@Test
 	public void withPublicKeyWhenJwtProcessorCustomizerNullThenThrowsIllegalArgumentException() {
-		assertThatThrownBy(() -> withPublicKey(key()).jwtProcessorCustomizer(null))
+		assertThatThrownBy(() -> NimbusJwtDecoder.withPublicKey(key()).jwtProcessorCustomizer(null))
 				.isInstanceOf(IllegalArgumentException.class).hasMessage("jwtProcessorCustomizer cannot be null");
 	}
 
 	@Test
 	public void withSecretKeyWhenNullThenThrowsIllegalArgumentException() {
-		assertThatThrownBy(() -> withSecretKey(null)).isInstanceOf(IllegalArgumentException.class)
+		assertThatThrownBy(() -> NimbusJwtDecoder.withSecretKey(null)).isInstanceOf(IllegalArgumentException.class)
 				.hasMessage("secretKey cannot be null");
 	}
 
 	@Test
 	public void withSecretKeyWhenMacAlgorithmNullThenThrowsIllegalArgumentException() {
 		SecretKey secretKey = TestKeys.DEFAULT_SECRET_KEY;
-		assertThatThrownBy(() -> withSecretKey(secretKey).macAlgorithm(null))
+		assertThatThrownBy(() -> NimbusJwtDecoder.withSecretKey(secretKey).macAlgorithm(null))
 				.isInstanceOf(IllegalArgumentException.class).hasMessage("macAlgorithm cannot be null");
 	}
 
@@ -387,7 +391,7 @@ public class NimbusJwtDecoderTests {
 		JWTClaimsSet claimsSet = new JWTClaimsSet.Builder().subject("test-subject")
 				.expirationTime(Date.from(Instant.now().plusSeconds(60))).build();
 		SignedJWT signedJWT = signedJwt(secretKey, macAlgorithm, claimsSet);
-		NimbusJwtDecoder decoder = withSecretKey(secretKey).macAlgorithm(macAlgorithm).build();
+		NimbusJwtDecoder decoder = NimbusJwtDecoder.withSecretKey(secretKey).macAlgorithm(macAlgorithm).build();
 		assertThat(decoder.decode(signedJWT.serialize())).extracting(Jwt::getSubject).isEqualTo("test-subject");
 	}
 
@@ -398,7 +402,7 @@ public class NimbusJwtDecoderTests {
 		JWTClaimsSet claimsSet = new JWTClaimsSet.Builder().subject("test-subject")
 				.expirationTime(Date.from(Instant.now().plusSeconds(60))).build();
 		SignedJWT signedJWT = signedJwt(secretKey, macAlgorithm, claimsSet);
-		NimbusJwtDecoder decoder = withSecretKey(secretKey).macAlgorithm(MacAlgorithm.HS512).build();
+		NimbusJwtDecoder decoder = NimbusJwtDecoder.withSecretKey(secretKey).macAlgorithm(MacAlgorithm.HS512).build();
 		assertThatThrownBy(() -> decoder.decode(signedJWT.serialize())).isInstanceOf(BadJwtException.class)
 				.hasMessageContaining("Unsupported algorithm of HS256");
 	}
@@ -411,7 +415,7 @@ public class NimbusJwtDecoderTests {
 		JWTClaimsSet claimsSet = new JWTClaimsSet.Builder().subject("test-subject")
 				.expirationTime(Date.from(Instant.now().plusSeconds(60))).build();
 		SignedJWT signedJwt = signedJwt(secretKey, header, claimsSet);
-		NimbusJwtDecoder decoder = withSecretKey(secretKey).macAlgorithm(MacAlgorithm.HS256).build();
+		NimbusJwtDecoder decoder = NimbusJwtDecoder.withSecretKey(secretKey).macAlgorithm(MacAlgorithm.HS256).build();
 		assertThat(decoder.decode(signedJwt.serialize())).extracting(Jwt::getSubject).isEqualTo("test-subject");
 	}
 
@@ -423,7 +427,7 @@ public class NimbusJwtDecoderTests {
 		JWTClaimsSet claimsSet = new JWTClaimsSet.Builder().expirationTime(Date.from(Instant.now().plusSeconds(60)))
 				.build();
 		SignedJWT signedJwt = signedJwt(secretKey, header, claimsSet);
-		NimbusJwtDecoder decoder = withSecretKey(secretKey).macAlgorithm(MacAlgorithm.HS256)
+		NimbusJwtDecoder decoder = NimbusJwtDecoder.withSecretKey(secretKey).macAlgorithm(MacAlgorithm.HS256)
 				.jwtProcessorCustomizer(
 						p -> p.setJWSTypeVerifier(new DefaultJOSEObjectTypeVerifier<>(new JOSEObjectType("JWS"))))
 				.build();
@@ -433,14 +437,15 @@ public class NimbusJwtDecoderTests {
 	@Test
 	public void withSecretKeyWhenJwtProcessorCustomizerNullThenThrowsIllegalArgumentException() {
 		SecretKey secretKey = TestKeys.DEFAULT_SECRET_KEY;
-		assertThatThrownBy(() -> withSecretKey(secretKey).jwtProcessorCustomizer(null))
+		assertThatThrownBy(() -> NimbusJwtDecoder.withSecretKey(secretKey).jwtProcessorCustomizer(null))
 				.isInstanceOf(IllegalArgumentException.class).hasMessage("jwtProcessorCustomizer cannot be null");
 	}
 
 	@Test
 	public void jwsKeySelectorWhenNoAlgorithmThenReturnsRS256Selector() {
 		JWKSource<SecurityContext> jwkSource = mock(JWKSource.class);
-		JWSKeySelector<SecurityContext> jwsKeySelector = withJwkSetUri(JWK_SET_URI).jwsKeySelector(jwkSource);
+		JWSKeySelector<SecurityContext> jwsKeySelector = NimbusJwtDecoder.withJwkSetUri(JWK_SET_URI)
+				.jwsKeySelector(jwkSource);
 		assertThat(jwsKeySelector instanceof JWSVerificationKeySelector);
 		JWSVerificationKeySelector<?> jwsVerificationKeySelector = (JWSVerificationKeySelector<?>) jwsKeySelector;
 		assertThat(jwsVerificationKeySelector.isAllowed(JWSAlgorithm.RS256)).isTrue();
@@ -449,7 +454,7 @@ public class NimbusJwtDecoderTests {
 	@Test
 	public void jwsKeySelectorWhenOneAlgorithmThenReturnsSingleSelector() {
 		JWKSource<SecurityContext> jwkSource = mock(JWKSource.class);
-		JWSKeySelector<SecurityContext> jwsKeySelector = withJwkSetUri(JWK_SET_URI)
+		JWSKeySelector<SecurityContext> jwsKeySelector = NimbusJwtDecoder.withJwkSetUri(JWK_SET_URI)
 				.jwsAlgorithm(SignatureAlgorithm.RS512).jwsKeySelector(jwkSource);
 		assertThat(jwsKeySelector instanceof JWSVerificationKeySelector);
 		JWSVerificationKeySelector<?> jwsVerificationKeySelector = (JWSVerificationKeySelector<?>) jwsKeySelector;
@@ -459,7 +464,7 @@ public class NimbusJwtDecoderTests {
 	@Test
 	public void jwsKeySelectorWhenMultipleAlgorithmThenReturnsCompositeSelector() {
 		JWKSource<SecurityContext> jwkSource = mock(JWKSource.class);
-		JWSKeySelector<SecurityContext> jwsKeySelector = withJwkSetUri(JWK_SET_URI)
+		JWSKeySelector<SecurityContext> jwsKeySelector = NimbusJwtDecoder.withJwkSetUri(JWK_SET_URI)
 				.jwsAlgorithm(SignatureAlgorithm.RS256).jwsAlgorithm(SignatureAlgorithm.RS512)
 				.jwsKeySelector(jwkSource);
 		assertThat(jwsKeySelector instanceof JWSVerificationKeySelector);
@@ -474,7 +479,8 @@ public class NimbusJwtDecoderTests {
 		RestOperations restOperations = mock(RestOperations.class);
 		given(restOperations.exchange(any(RequestEntity.class), eq(String.class)))
 				.willReturn(new ResponseEntity<>(JWK_SET, HttpStatus.OK));
-		JWTProcessor<SecurityContext> processor = withJwkSetUri(JWK_SET_URI).restOperations(restOperations).processor();
+		JWTProcessor<SecurityContext> processor = NimbusJwtDecoder.withJwkSetUri(JWK_SET_URI)
+				.restOperations(restOperations).processor();
 		NimbusJwtDecoder jwtDecoder = new NimbusJwtDecoder(processor);
 		jwtDecoder.decode(SIGNED_JWT);
 		ArgumentCaptor<RequestEntity> requestEntityCaptor = ArgumentCaptor.forClass(RequestEntity.class);
@@ -490,7 +496,8 @@ public class NimbusJwtDecoderTests {
 		RestOperations restOperations = mock(RestOperations.class);
 		given(restOperations.exchange(any(RequestEntity.class), eq(String.class)))
 				.willReturn(new ResponseEntity<>(JWK_SET, HttpStatus.OK));
-		NimbusJwtDecoder jwtDecoder = withJwkSetUri(JWK_SET_URI).restOperations(restOperations).cache(cache).build();
+		NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder.withJwkSetUri(JWK_SET_URI).restOperations(restOperations)
+				.cache(cache).build();
 		// when
 		jwtDecoder.decode(SIGNED_JWT);
 		// then
@@ -508,7 +515,8 @@ public class NimbusJwtDecoderTests {
 		RestOperations restOperations = mock(RestOperations.class);
 		Cache cache = mock(Cache.class);
 		given(cache.get(eq(JWK_SET_URI), any(Callable.class))).willReturn(JWK_SET);
-		NimbusJwtDecoder jwtDecoder = withJwkSetUri(JWK_SET_URI).cache(cache).restOperations(restOperations).build();
+		NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder.withJwkSetUri(JWK_SET_URI).cache(cache)
+				.restOperations(restOperations).build();
 		// when
 		jwtDecoder.decode(SIGNED_JWT);
 		// then
@@ -524,11 +532,13 @@ public class NimbusJwtDecoderTests {
 		RestOperations restOperations = mock(RestOperations.class);
 		given(restOperations.exchange(any(RequestEntity.class), eq(String.class)))
 				.willThrow(new RestClientException("Cannot retrieve JWK Set"));
-		NimbusJwtDecoder jwtDecoder = withJwkSetUri(JWK_SET_URI).restOperations(restOperations).cache(cache).build();
+		NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder.withJwkSetUri(JWK_SET_URI).restOperations(restOperations)
+				.cache(cache).build();
 		// then
 		assertThatCode(() -> jwtDecoder.decode(SIGNED_JWT)).isInstanceOf(JwtException.class)
 				.isNotInstanceOf(BadJwtException.class)
 				.hasMessageContaining("An error occurred while attempting to decode the Jwt");
+
 	}
 
 	// gh-8730
@@ -537,7 +547,7 @@ public class NimbusJwtDecoderTests {
 		RestOperations restOperations = mock(RestOperations.class);
 		given(restOperations.exchange(any(RequestEntity.class), eq(String.class)))
 				.willReturn(new ResponseEntity<>(JWK_SET, HttpStatus.OK));
-		NimbusJwtDecoder jwtDecoder = withJwkSetUri(JWK_SET_URI).restOperations(restOperations)
+		NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder.withJwkSetUri(JWK_SET_URI).restOperations(restOperations)
 				.jwtProcessorCustomizer(
 						p -> p.setJWSTypeVerifier(new DefaultJOSEObjectTypeVerifier<>(new JOSEObjectType("JWS"))))
 				.build();
@@ -547,7 +557,7 @@ public class NimbusJwtDecoderTests {
 
 	@Test
 	public void withJwkSetUriWhenJwtProcessorCustomizerNullThenThrowsIllegalArgumentException() {
-		assertThatThrownBy(() -> withJwkSetUri(JWK_SET_URI).jwtProcessorCustomizer(null))
+		assertThatThrownBy(() -> NimbusJwtDecoder.withJwkSetUri(JWK_SET_URI).jwtProcessorCustomizer(null))
 				.isInstanceOf(IllegalArgumentException.class).hasMessage("jwtProcessorCustomizer cannot be null");
 	}
 
@@ -582,7 +592,7 @@ public class NimbusJwtDecoderTests {
 		RestOperations restOperations = mock(RestOperations.class);
 		given(restOperations.exchange(any(RequestEntity.class), eq(String.class)))
 				.willReturn(new ResponseEntity<>(jwkResponse, HttpStatus.OK));
-		return withJwkSetUri(JWK_SET_URI).restOperations(restOperations).processor();
+		return NimbusJwtDecoder.withJwkSetUri(JWK_SET_URI).restOperations(restOperations).processor();
 	}
 
 	private static JWTProcessor<SecurityContext> withoutSigning() {
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoderTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoderTests.java
index 99c4d04829..e6ab652181 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoderTests.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoderTests.java
@@ -66,16 +66,12 @@ import org.springframework.web.reactive.function.client.WebClient;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatCode;
-import static org.assertj.core.api.AssertionsForClassTypes.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.spy;
 import static org.mockito.Mockito.verify;
-import static org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder.withJwkSetUri;
-import static org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder.withJwkSource;
-import static org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder.withPublicKey;
-import static org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder.withSecretKey;
 
 /**
  * @author Rob Winch
@@ -271,24 +267,28 @@ public class NimbusReactiveJwtDecoderTests {
 
 	@Test
 	public void withJwkSetUriWhenNullOrEmptyThenThrowsException() {
-		assertThatCode(() -> withJwkSetUri(null)).isInstanceOf(IllegalArgumentException.class);
+		assertThatCode(() -> NimbusReactiveJwtDecoder.withJwkSetUri(null)).isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
 	public void jwsAlgorithmWhenNullThenThrowsException() {
-		NimbusReactiveJwtDecoder.JwkSetUriReactiveJwtDecoderBuilder builder = withJwkSetUri(this.jwkSetUri);
+		NimbusReactiveJwtDecoder.JwkSetUriReactiveJwtDecoderBuilder builder = NimbusReactiveJwtDecoder
+				.withJwkSetUri(this.jwkSetUri);
 		assertThatCode(() -> builder.jwsAlgorithm(null)).isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
 	public void withJwkSetUriWhenJwtProcessorCustomizerNullThenThrowsIllegalArgumentException() {
-		assertThatCode(() -> withJwkSetUri(this.jwkSetUri).jwtProcessorCustomizer(null).build())
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("jwtProcessorCustomizer cannot be null");
+		assertThatCode(
+				() -> NimbusReactiveJwtDecoder.withJwkSetUri(this.jwkSetUri).jwtProcessorCustomizer(null).build())
+						.isInstanceOf(IllegalArgumentException.class)
+						.hasMessage("jwtProcessorCustomizer cannot be null");
 	}
 
 	@Test
 	public void restOperationsWhenNullThenThrowsException() {
-		NimbusReactiveJwtDecoder.JwkSetUriReactiveJwtDecoderBuilder builder = withJwkSetUri(this.jwkSetUri);
+		NimbusReactiveJwtDecoder.JwkSetUriReactiveJwtDecoderBuilder builder = NimbusReactiveJwtDecoder
+				.withJwkSetUri(this.jwkSetUri);
 		assertThatCode(() -> builder.webClient(null)).isInstanceOf(IllegalArgumentException.class);
 	}
 
@@ -296,7 +296,8 @@ public class NimbusReactiveJwtDecoderTests {
 	@Test
 	public void decodeWhenSignedThenOk() {
 		WebClient webClient = mockJwkSetResponse(this.jwkSet);
-		NimbusReactiveJwtDecoder decoder = withJwkSetUri(this.jwkSetUri).webClient(webClient).build();
+		NimbusReactiveJwtDecoder decoder = NimbusReactiveJwtDecoder.withJwkSetUri(this.jwkSetUri).webClient(webClient)
+				.build();
 		assertThat(decoder.decode(this.messageReadToken).block()).extracting(Jwt::getExpiresAt).isNotNull();
 		verify(webClient).get();
 	}
@@ -305,7 +306,7 @@ public class NimbusReactiveJwtDecoderTests {
 	@Test
 	public void withJwkSetUriWhenUsingCustomTypeHeaderThenRefuseOmittedType() {
 		WebClient webClient = mockJwkSetResponse(this.jwkSet);
-		NimbusReactiveJwtDecoder decoder = withJwkSetUri(this.jwkSetUri).webClient(webClient)
+		NimbusReactiveJwtDecoder decoder = NimbusReactiveJwtDecoder.withJwkSetUri(this.jwkSetUri).webClient(webClient)
 				.jwtProcessorCustomizer(
 						p -> p.setJWSTypeVerifier(new DefaultJOSEObjectTypeVerifier<>(new JOSEObjectType("JWS"))))
 				.build();
@@ -315,43 +316,46 @@ public class NimbusReactiveJwtDecoderTests {
 
 	@Test
 	public void withPublicKeyWhenNullThenThrowsException() {
-		assertThatThrownBy(() -> withPublicKey(null)).isInstanceOf(IllegalArgumentException.class);
+		assertThatThrownBy(() -> NimbusReactiveJwtDecoder.withPublicKey(null))
+				.isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
 	public void buildWhenSignatureAlgorithmMismatchesKeyTypeThenThrowsException() {
-		assertThatCode(() -> withPublicKey(key()).signatureAlgorithm(SignatureAlgorithm.ES256).build())
-				.isInstanceOf(IllegalStateException.class);
+		assertThatCode(() -> NimbusReactiveJwtDecoder.withPublicKey(key()).signatureAlgorithm(SignatureAlgorithm.ES256)
+				.build()).isInstanceOf(IllegalStateException.class);
 	}
 
 	@Test
 	public void buildWhenJwtProcessorCustomizerNullThenThrowsIllegalArgumentException() {
-		assertThatCode(() -> withPublicKey(key()).jwtProcessorCustomizer(null).build())
+		assertThatCode(() -> NimbusReactiveJwtDecoder.withPublicKey(key()).jwtProcessorCustomizer(null).build())
 				.isInstanceOf(IllegalArgumentException.class).hasMessage("jwtProcessorCustomizer cannot be null");
 	}
 
 	@Test
 	public void decodeWhenUsingPublicKeyThenSuccessfullyDecodes() throws Exception {
-		NimbusReactiveJwtDecoder decoder = withPublicKey(key()).build();
+		NimbusReactiveJwtDecoder decoder = NimbusReactiveJwtDecoder.withPublicKey(key()).build();
 		assertThat(decoder.decode(this.rsa256).block()).extracting(Jwt::getSubject).isEqualTo("test-subject");
 	}
 
 	@Test
 	public void decodeWhenUsingPublicKeyWithRs512ThenSuccessfullyDecodes() throws Exception {
-		NimbusReactiveJwtDecoder decoder = withPublicKey(key()).signatureAlgorithm(SignatureAlgorithm.RS512).build();
+		NimbusReactiveJwtDecoder decoder = NimbusReactiveJwtDecoder.withPublicKey(key())
+				.signatureAlgorithm(SignatureAlgorithm.RS512).build();
 		assertThat(decoder.decode(this.rsa512).block()).extracting(Jwt::getSubject).isEqualTo("test-subject");
 	}
 
 	@Test
 	public void decodeWhenSignatureMismatchesAlgorithmThenThrowsException() throws Exception {
-		NimbusReactiveJwtDecoder decoder = withPublicKey(key()).signatureAlgorithm(SignatureAlgorithm.RS512).build();
+		NimbusReactiveJwtDecoder decoder = NimbusReactiveJwtDecoder.withPublicKey(key())
+				.signatureAlgorithm(SignatureAlgorithm.RS512).build();
 		assertThatCode(() -> decoder.decode(this.rsa256).block()).isInstanceOf(BadJwtException.class);
 	}
 
 	// gh-8730
 	@Test
 	public void withPublicKeyWhenUsingCustomTypeHeaderThenRefuseOmittedType() throws Exception {
-		NimbusReactiveJwtDecoder decoder = withPublicKey(key())
+		NimbusReactiveJwtDecoder decoder = NimbusReactiveJwtDecoder.withPublicKey(key())
 				.jwtProcessorCustomizer(
 						p -> p.setJWSTypeVerifier(new DefaultJOSEObjectTypeVerifier<>(new JOSEObjectType("JWS"))))
 				.build();
@@ -363,19 +367,21 @@ public class NimbusReactiveJwtDecoderTests {
 
 	@Test
 	public void withJwkSourceWhenNullThenThrowsException() {
-		assertThatCode(() -> withJwkSource(null)).isInstanceOf(IllegalArgumentException.class);
+		assertThatCode(() -> NimbusReactiveJwtDecoder.withJwkSource(null)).isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
 	public void withJwkSourceWhenJwtProcessorCustomizerNullThenThrowsIllegalArgumentException() {
-		assertThatCode(() -> withJwkSource(jwt -> Flux.empty()).jwtProcessorCustomizer(null).build())
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("jwtProcessorCustomizer cannot be null");
+		assertThatCode(
+				() -> NimbusReactiveJwtDecoder.withJwkSource(jwt -> Flux.empty()).jwtProcessorCustomizer(null).build())
+						.isInstanceOf(IllegalArgumentException.class)
+						.hasMessage("jwtProcessorCustomizer cannot be null");
 	}
 
 	@Test
 	public void decodeWhenCustomJwkSourceResolutionThenDecodes() {
-		NimbusReactiveJwtDecoder decoder = withJwkSource(jwt -> Flux.fromIterable(parseJWKSet(this.jwkSet).getKeys()))
-				.build();
+		NimbusReactiveJwtDecoder decoder = NimbusReactiveJwtDecoder
+				.withJwkSource(jwt -> Flux.fromIterable(parseJWKSet(this.jwkSet).getKeys())).build();
 
 		assertThat(decoder.decode(this.messageReadToken).block()).extracting(Jwt::getExpiresAt).isNotNull();
 	}
@@ -383,7 +389,7 @@ public class NimbusReactiveJwtDecoderTests {
 	// gh-8730
 	@Test
 	public void withJwkSourceWhenUsingCustomTypeHeaderThenRefuseOmittedType() {
-		NimbusReactiveJwtDecoder decoder = withJwkSource(jwt -> Flux.empty())
+		NimbusReactiveJwtDecoder decoder = NimbusReactiveJwtDecoder.withJwkSource(jwt -> Flux.empty())
 				.jwtProcessorCustomizer(
 						p -> p.setJWSTypeVerifier(new DefaultJOSEObjectTypeVerifier<>(new JOSEObjectType("JWS"))))
 				.build();
@@ -394,21 +400,21 @@ public class NimbusReactiveJwtDecoderTests {
 
 	@Test
 	public void withSecretKeyWhenSecretKeyNullThenThrowsIllegalArgumentException() {
-		assertThatThrownBy(() -> withSecretKey(null)).isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("secretKey cannot be null");
+		assertThatThrownBy(() -> NimbusReactiveJwtDecoder.withSecretKey(null))
+				.isInstanceOf(IllegalArgumentException.class).hasMessage("secretKey cannot be null");
 	}
 
 	@Test
 	public void withSecretKeyWhenJwtProcessorCustomizerNullThenThrowsIllegalArgumentException() {
 		SecretKey secretKey = TestKeys.DEFAULT_SECRET_KEY;
-		assertThatThrownBy(() -> withSecretKey(secretKey).jwtProcessorCustomizer(null).build())
+		assertThatThrownBy(() -> NimbusReactiveJwtDecoder.withSecretKey(secretKey).jwtProcessorCustomizer(null).build())
 				.isInstanceOf(IllegalArgumentException.class).hasMessage("jwtProcessorCustomizer cannot be null");
 	}
 
 	@Test
 	public void withSecretKeyWhenMacAlgorithmNullThenThrowsIllegalArgumentException() {
 		SecretKey secretKey = TestKeys.DEFAULT_SECRET_KEY;
-		assertThatThrownBy(() -> withSecretKey(secretKey).macAlgorithm(null))
+		assertThatThrownBy(() -> NimbusReactiveJwtDecoder.withSecretKey(secretKey).macAlgorithm(null))
 				.isInstanceOf(IllegalArgumentException.class).hasMessage("macAlgorithm cannot be null");
 	}
 
@@ -420,7 +426,7 @@ public class NimbusReactiveJwtDecoderTests {
 				.expirationTime(Date.from(Instant.now().plusSeconds(60))).build();
 		SignedJWT signedJWT = signedJwt(secretKey, macAlgorithm, claimsSet);
 
-		this.decoder = withSecretKey(secretKey).macAlgorithm(macAlgorithm).build();
+		this.decoder = NimbusReactiveJwtDecoder.withSecretKey(secretKey).macAlgorithm(macAlgorithm).build();
 		Jwt jwt = this.decoder.decode(signedJWT.serialize()).block();
 		assertThat(jwt.getSubject()).isEqualTo("test-subject");
 	}
@@ -429,7 +435,7 @@ public class NimbusReactiveJwtDecoderTests {
 	@Test
 	public void withSecretKeyWhenUsingCustomTypeHeaderThenRefuseOmittedType() {
 		SecretKey secretKey = TestKeys.DEFAULT_SECRET_KEY;
-		NimbusReactiveJwtDecoder decoder = withSecretKey(secretKey)
+		NimbusReactiveJwtDecoder decoder = NimbusReactiveJwtDecoder.withSecretKey(secretKey)
 				.jwtProcessorCustomizer(
 						p -> p.setJWSTypeVerifier(new DefaultJOSEObjectTypeVerifier<>(new JOSEObjectType("JWS"))))
 				.build();
@@ -445,7 +451,7 @@ public class NimbusReactiveJwtDecoderTests {
 				.expirationTime(Date.from(Instant.now().plusSeconds(60))).build();
 		SignedJWT signedJWT = signedJwt(secretKey, macAlgorithm, claimsSet);
 
-		this.decoder = withSecretKey(secretKey).macAlgorithm(MacAlgorithm.HS512).build();
+		this.decoder = NimbusReactiveJwtDecoder.withSecretKey(secretKey).macAlgorithm(MacAlgorithm.HS512).build();
 		assertThatThrownBy(() -> this.decoder.decode(signedJWT.serialize()).block())
 				.isInstanceOf(BadJwtException.class);
 	}
@@ -453,7 +459,8 @@ public class NimbusReactiveJwtDecoderTests {
 	@Test
 	public void jwsKeySelectorWhenNoAlgorithmThenReturnsRS256Selector() {
 		JWKSource<JWKSecurityContext> jwkSource = mock(JWKSource.class);
-		JWSKeySelector<JWKSecurityContext> jwsKeySelector = withJwkSetUri(this.jwkSetUri).jwsKeySelector(jwkSource);
+		JWSKeySelector<JWKSecurityContext> jwsKeySelector = NimbusReactiveJwtDecoder.withJwkSetUri(this.jwkSetUri)
+				.jwsKeySelector(jwkSource);
 		assertThat(jwsKeySelector instanceof JWSVerificationKeySelector);
 		JWSVerificationKeySelector<JWKSecurityContext> jwsVerificationKeySelector = (JWSVerificationKeySelector<JWKSecurityContext>) jwsKeySelector;
 		assertThat(jwsVerificationKeySelector.isAllowed(JWSAlgorithm.RS256)).isTrue();
@@ -462,7 +469,7 @@ public class NimbusReactiveJwtDecoderTests {
 	@Test
 	public void jwsKeySelectorWhenOneAlgorithmThenReturnsSingleSelector() {
 		JWKSource<JWKSecurityContext> jwkSource = mock(JWKSource.class);
-		JWSKeySelector<JWKSecurityContext> jwsKeySelector = withJwkSetUri(this.jwkSetUri)
+		JWSKeySelector<JWKSecurityContext> jwsKeySelector = NimbusReactiveJwtDecoder.withJwkSetUri(this.jwkSetUri)
 				.jwsAlgorithm(SignatureAlgorithm.RS512).jwsKeySelector(jwkSource);
 		assertThat(jwsKeySelector instanceof JWSVerificationKeySelector);
 		JWSVerificationKeySelector<JWKSecurityContext> jwsVerificationKeySelector = (JWSVerificationKeySelector<JWKSecurityContext>) jwsKeySelector;
@@ -472,7 +479,7 @@ public class NimbusReactiveJwtDecoderTests {
 	@Test
 	public void jwsKeySelectorWhenMultipleAlgorithmThenReturnsCompositeSelector() {
 		JWKSource<JWKSecurityContext> jwkSource = mock(JWKSource.class);
-		JWSKeySelector<JWKSecurityContext> jwsKeySelector = withJwkSetUri(this.jwkSetUri)
+		JWSKeySelector<JWKSecurityContext> jwsKeySelector = NimbusReactiveJwtDecoder.withJwkSetUri(this.jwkSetUri)
 				.jwsAlgorithm(SignatureAlgorithm.RS256).jwsAlgorithm(SignatureAlgorithm.RS512)
 				.jwsKeySelector(jwkSource);
 		assertThat(jwsKeySelector instanceof JWSVerificationKeySelector);
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/BearerTokenErrors.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/BearerTokenErrors.java
index 5a2b50cfbb..357cefe7dd 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/BearerTokenErrors.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/BearerTokenErrors.java
@@ -18,10 +18,6 @@ package org.springframework.security.oauth2.server.resource;
 
 import org.springframework.http.HttpStatus;
 
-import static org.springframework.security.oauth2.server.resource.BearerTokenErrorCodes.INSUFFICIENT_SCOPE;
-import static org.springframework.security.oauth2.server.resource.BearerTokenErrorCodes.INVALID_REQUEST;
-import static org.springframework.security.oauth2.server.resource.BearerTokenErrorCodes.INVALID_TOKEN;
-
 /**
  * A factory for creating {@link BearerTokenError} instances that correspond to the
  * registered <a href="https://tools.ietf.org/html/rfc6750#section-3.1">Bearer Token Error
@@ -47,7 +43,8 @@ public final class BearerTokenErrors {
 	 */
 	public static BearerTokenError invalidRequest(String message) {
 		try {
-			return new BearerTokenError(INVALID_REQUEST, HttpStatus.BAD_REQUEST, message, DEFAULT_URI);
+			return new BearerTokenError(BearerTokenErrorCodes.INVALID_REQUEST, HttpStatus.BAD_REQUEST, message,
+					DEFAULT_URI);
 		}
 		catch (IllegalArgumentException malformed) {
 			// some third-party library error messages are not suitable for RFC 6750's
@@ -63,7 +60,8 @@ public final class BearerTokenErrors {
 	 */
 	public static BearerTokenError invalidToken(String message) {
 		try {
-			return new BearerTokenError(INVALID_TOKEN, HttpStatus.UNAUTHORIZED, message, DEFAULT_URI);
+			return new BearerTokenError(BearerTokenErrorCodes.INVALID_TOKEN, HttpStatus.UNAUTHORIZED, message,
+					DEFAULT_URI);
 		}
 		catch (IllegalArgumentException malformed) {
 			// some third-party library error messages are not suitable for RFC 6750's
@@ -79,7 +77,8 @@ public final class BearerTokenErrors {
 	 */
 	public static BearerTokenError insufficientScope(String message, String scope) {
 		try {
-			return new BearerTokenError(INSUFFICIENT_SCOPE, HttpStatus.FORBIDDEN, message, DEFAULT_URI, scope);
+			return new BearerTokenError(BearerTokenErrorCodes.INSUFFICIENT_SCOPE, HttpStatus.FORBIDDEN, message,
+					DEFAULT_URI, scope);
 		}
 		catch (IllegalArgumentException malformed) {
 			// some third-party library error messages are not suitable for RFC 6750's
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/InvalidBearerTokenException.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/InvalidBearerTokenException.java
index e3ba596dab..0ba62813da 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/InvalidBearerTokenException.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/InvalidBearerTokenException.java
@@ -18,8 +18,6 @@ package org.springframework.security.oauth2.server.resource;
 
 import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
 
-import static org.springframework.security.oauth2.server.resource.BearerTokenErrors.invalidToken;
-
 /**
  * An {@link OAuth2AuthenticationException} that indicates an invalid bearer token.
  *
@@ -38,7 +36,7 @@ public class InvalidBearerTokenException extends OAuth2AuthenticationException {
 	 * @param description the description
 	 */
 	public InvalidBearerTokenException(String description) {
-		super(invalidToken(description));
+		super(BearerTokenErrors.invalidToken(description));
 	}
 
 	/**
@@ -52,7 +50,7 @@ public class InvalidBearerTokenException extends OAuth2AuthenticationException {
 	 * @param cause the causing exception
 	 */
 	public InvalidBearerTokenException(String description, Throwable cause) {
-		super(invalidToken(description), cause);
+		super(BearerTokenErrors.invalidToken(description), cause);
 	}
 
 }
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenAuthenticationProvider.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenAuthenticationProvider.java
index 698062b743..23513a9d1f 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenAuthenticationProvider.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenAuthenticationProvider.java
@@ -29,13 +29,11 @@ import org.springframework.security.oauth2.core.OAuth2AuthenticatedPrincipal;
 import org.springframework.security.oauth2.server.resource.BearerTokenAuthenticationToken;
 import org.springframework.security.oauth2.server.resource.InvalidBearerTokenException;
 import org.springframework.security.oauth2.server.resource.introspection.BadOpaqueTokenException;
+import org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionClaimNames;
 import org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionException;
 import org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenIntrospector;
 import org.springframework.util.Assert;
 
-import static org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionClaimNames.EXPIRES_AT;
-import static org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionClaimNames.ISSUED_AT;
-
 /**
  * An {@link AuthenticationProvider} implementation for opaque
  * <a href="https://tools.ietf.org/html/rfc6750#section-1.2" target="_blank">Bearer
@@ -113,8 +111,8 @@ public final class OpaqueTokenAuthenticationProvider implements AuthenticationPr
 	}
 
 	private AbstractAuthenticationToken convert(OAuth2AuthenticatedPrincipal principal, String token) {
-		Instant iat = principal.getAttribute(ISSUED_AT);
-		Instant exp = principal.getAttribute(EXPIRES_AT);
+		Instant iat = principal.getAttribute(OAuth2IntrospectionClaimNames.ISSUED_AT);
+		Instant exp = principal.getAttribute(OAuth2IntrospectionClaimNames.EXPIRES_AT);
 		OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, token, iat, exp);
 		return new BearerTokenAuthentication(principal, accessToken, principal.getAuthorities());
 	}
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenReactiveAuthenticationManager.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenReactiveAuthenticationManager.java
index 95e763bd9a..8745906907 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenReactiveAuthenticationManager.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenReactiveAuthenticationManager.java
@@ -30,13 +30,11 @@ import org.springframework.security.oauth2.core.OAuth2AccessToken;
 import org.springframework.security.oauth2.server.resource.BearerTokenAuthenticationToken;
 import org.springframework.security.oauth2.server.resource.InvalidBearerTokenException;
 import org.springframework.security.oauth2.server.resource.introspection.BadOpaqueTokenException;
+import org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionClaimNames;
 import org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionException;
 import org.springframework.security.oauth2.server.resource.introspection.ReactiveOpaqueTokenIntrospector;
 import org.springframework.util.Assert;
 
-import static org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionClaimNames.EXPIRES_AT;
-import static org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionClaimNames.ISSUED_AT;
-
 /**
  * An {@link ReactiveAuthenticationManager} implementation for opaque
  * <a href="https://tools.ietf.org/html/rfc6750#section-1.2" target="_blank">Bearer
@@ -84,8 +82,8 @@ public class OpaqueTokenReactiveAuthenticationManager implements ReactiveAuthent
 
 	private Mono<BearerTokenAuthentication> authenticate(String token) {
 		return this.introspector.introspect(token).map(principal -> {
-			Instant iat = principal.getAttribute(ISSUED_AT);
-			Instant exp = principal.getAttribute(EXPIRES_AT);
+			Instant iat = principal.getAttribute(OAuth2IntrospectionClaimNames.ISSUED_AT);
+			Instant exp = principal.getAttribute(OAuth2IntrospectionClaimNames.EXPIRES_AT);
 
 			// construct token
 			OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, token, iat, exp);
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/NimbusOpaqueTokenIntrospector.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/NimbusOpaqueTokenIntrospector.java
index a6b1ff2521..992a58ad58 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/NimbusOpaqueTokenIntrospector.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/NimbusOpaqueTokenIntrospector.java
@@ -46,14 +46,6 @@ import org.springframework.util.MultiValueMap;
 import org.springframework.web.client.RestOperations;
 import org.springframework.web.client.RestTemplate;
 
-import static org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionClaimNames.AUDIENCE;
-import static org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionClaimNames.CLIENT_ID;
-import static org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionClaimNames.EXPIRES_AT;
-import static org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionClaimNames.ISSUED_AT;
-import static org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionClaimNames.ISSUER;
-import static org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionClaimNames.NOT_BEFORE;
-import static org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionClaimNames.SCOPE;
-
 /**
  * A Nimbus implementation of {@link OpaqueTokenIntrospector} that verifies and
  * introspects a token using the configured
@@ -205,28 +197,28 @@ public class NimbusOpaqueTokenIntrospector implements OpaqueTokenIntrospector {
 			for (Audience audience : response.getAudience()) {
 				audiences.add(audience.getValue());
 			}
-			claims.put(AUDIENCE, Collections.unmodifiableList(audiences));
+			claims.put(OAuth2IntrospectionClaimNames.AUDIENCE, Collections.unmodifiableList(audiences));
 		}
 		if (response.getClientID() != null) {
-			claims.put(CLIENT_ID, response.getClientID().getValue());
+			claims.put(OAuth2IntrospectionClaimNames.CLIENT_ID, response.getClientID().getValue());
 		}
 		if (response.getExpirationTime() != null) {
 			Instant exp = response.getExpirationTime().toInstant();
-			claims.put(EXPIRES_AT, exp);
+			claims.put(OAuth2IntrospectionClaimNames.EXPIRES_AT, exp);
 		}
 		if (response.getIssueTime() != null) {
 			Instant iat = response.getIssueTime().toInstant();
-			claims.put(ISSUED_AT, iat);
+			claims.put(OAuth2IntrospectionClaimNames.ISSUED_AT, iat);
 		}
 		if (response.getIssuer() != null) {
-			claims.put(ISSUER, issuer(response.getIssuer().getValue()));
+			claims.put(OAuth2IntrospectionClaimNames.ISSUER, issuer(response.getIssuer().getValue()));
 		}
 		if (response.getNotBeforeTime() != null) {
-			claims.put(NOT_BEFORE, response.getNotBeforeTime().toInstant());
+			claims.put(OAuth2IntrospectionClaimNames.NOT_BEFORE, response.getNotBeforeTime().toInstant());
 		}
 		if (response.getScope() != null) {
 			List<String> scopes = Collections.unmodifiableList(response.getScope().toStringList());
-			claims.put(SCOPE, scopes);
+			claims.put(OAuth2IntrospectionClaimNames.SCOPE, scopes);
 
 			for (String scope : scopes) {
 				authorities.add(new SimpleGrantedAuthority(this.authorityPrefix + scope));
@@ -241,7 +233,8 @@ public class NimbusOpaqueTokenIntrospector implements OpaqueTokenIntrospector {
 			return new URL(uri);
 		}
 		catch (Exception ex) {
-			throw new OAuth2IntrospectionException("Invalid " + ISSUER + " value: " + uri);
+			throw new OAuth2IntrospectionException(
+					"Invalid " + OAuth2IntrospectionClaimNames.ISSUER + " value: " + uri);
 		}
 	}
 
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/NimbusReactiveOpaqueTokenIntrospector.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/NimbusReactiveOpaqueTokenIntrospector.java
index 81b27931ca..5c7ccf0b04 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/NimbusReactiveOpaqueTokenIntrospector.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/NimbusReactiveOpaqueTokenIntrospector.java
@@ -43,14 +43,6 @@ import org.springframework.web.reactive.function.BodyInserters;
 import org.springframework.web.reactive.function.client.ClientResponse;
 import org.springframework.web.reactive.function.client.WebClient;
 
-import static org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionClaimNames.AUDIENCE;
-import static org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionClaimNames.CLIENT_ID;
-import static org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionClaimNames.EXPIRES_AT;
-import static org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionClaimNames.ISSUED_AT;
-import static org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionClaimNames.ISSUER;
-import static org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionClaimNames.NOT_BEFORE;
-import static org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionClaimNames.SCOPE;
-
 /**
  * A Nimbus implementation of {@link ReactiveOpaqueTokenIntrospector} that verifies and
  * introspects a token using the configured
@@ -158,28 +150,28 @@ public class NimbusReactiveOpaqueTokenIntrospector implements ReactiveOpaqueToke
 			for (Audience audience : response.getAudience()) {
 				audiences.add(audience.getValue());
 			}
-			claims.put(AUDIENCE, Collections.unmodifiableList(audiences));
+			claims.put(OAuth2IntrospectionClaimNames.AUDIENCE, Collections.unmodifiableList(audiences));
 		}
 		if (response.getClientID() != null) {
-			claims.put(CLIENT_ID, response.getClientID().getValue());
+			claims.put(OAuth2IntrospectionClaimNames.CLIENT_ID, response.getClientID().getValue());
 		}
 		if (response.getExpirationTime() != null) {
 			Instant exp = response.getExpirationTime().toInstant();
-			claims.put(EXPIRES_AT, exp);
+			claims.put(OAuth2IntrospectionClaimNames.EXPIRES_AT, exp);
 		}
 		if (response.getIssueTime() != null) {
 			Instant iat = response.getIssueTime().toInstant();
-			claims.put(ISSUED_AT, iat);
+			claims.put(OAuth2IntrospectionClaimNames.ISSUED_AT, iat);
 		}
 		if (response.getIssuer() != null) {
-			claims.put(ISSUER, issuer(response.getIssuer().getValue()));
+			claims.put(OAuth2IntrospectionClaimNames.ISSUER, issuer(response.getIssuer().getValue()));
 		}
 		if (response.getNotBeforeTime() != null) {
-			claims.put(NOT_BEFORE, response.getNotBeforeTime().toInstant());
+			claims.put(OAuth2IntrospectionClaimNames.NOT_BEFORE, response.getNotBeforeTime().toInstant());
 		}
 		if (response.getScope() != null) {
 			List<String> scopes = Collections.unmodifiableList(response.getScope().toStringList());
-			claims.put(SCOPE, scopes);
+			claims.put(OAuth2IntrospectionClaimNames.SCOPE, scopes);
 
 			for (String scope : scopes) {
 				authorities.add(new SimpleGrantedAuthority(this.authorityPrefix + scope));
@@ -194,7 +186,8 @@ public class NimbusReactiveOpaqueTokenIntrospector implements ReactiveOpaqueToke
 			return new URL(uri);
 		}
 		catch (Exception ex) {
-			throw new OAuth2IntrospectionException("Invalid " + ISSUER + " value: " + uri);
+			throw new OAuth2IntrospectionException(
+					"Invalid " + OAuth2IntrospectionClaimNames.ISSUER + " value: " + uri);
 		}
 	}
 
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/DefaultBearerTokenResolver.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/DefaultBearerTokenResolver.java
index f83cbbd90e..aea2208569 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/DefaultBearerTokenResolver.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/DefaultBearerTokenResolver.java
@@ -24,11 +24,9 @@ import javax.servlet.http.HttpServletRequest;
 import org.springframework.http.HttpHeaders;
 import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
 import org.springframework.security.oauth2.server.resource.BearerTokenError;
+import org.springframework.security.oauth2.server.resource.BearerTokenErrors;
 import org.springframework.util.StringUtils;
 
-import static org.springframework.security.oauth2.server.resource.BearerTokenErrors.invalidRequest;
-import static org.springframework.security.oauth2.server.resource.BearerTokenErrors.invalidToken;
-
 /**
  * The default {@link BearerTokenResolver} implementation based on RFC 6750.
  *
@@ -57,7 +55,8 @@ public final class DefaultBearerTokenResolver implements BearerTokenResolver {
 		String parameterToken = resolveFromRequestParameters(request);
 		if (authorizationHeaderToken != null) {
 			if (parameterToken != null) {
-				BearerTokenError error = invalidRequest("Found multiple bearer tokens in the request");
+				BearerTokenError error = BearerTokenErrors
+						.invalidRequest("Found multiple bearer tokens in the request");
 				throw new OAuth2AuthenticationException(error);
 			}
 			return authorizationHeaderToken;
@@ -109,7 +108,7 @@ public final class DefaultBearerTokenResolver implements BearerTokenResolver {
 			Matcher matcher = authorizationPattern.matcher(authorization);
 
 			if (!matcher.matches()) {
-				BearerTokenError error = invalidToken("Bearer token is malformed");
+				BearerTokenError error = BearerTokenErrors.invalidToken("Bearer token is malformed");
 				throw new OAuth2AuthenticationException(error);
 			}
 
@@ -128,7 +127,7 @@ public final class DefaultBearerTokenResolver implements BearerTokenResolver {
 			return values[0];
 		}
 
-		BearerTokenError error = invalidRequest("Found multiple bearer tokens in the request");
+		BearerTokenError error = BearerTokenErrors.invalidRequest("Found multiple bearer tokens in the request");
 		throw new OAuth2AuthenticationException(error);
 	}
 
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/server/ServerBearerTokenAuthenticationConverter.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/server/ServerBearerTokenAuthenticationConverter.java
index 37edea4e99..be467f65a4 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/server/ServerBearerTokenAuthenticationConverter.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/server/ServerBearerTokenAuthenticationConverter.java
@@ -28,13 +28,11 @@ import org.springframework.security.core.Authentication;
 import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
 import org.springframework.security.oauth2.server.resource.BearerTokenAuthenticationToken;
 import org.springframework.security.oauth2.server.resource.BearerTokenError;
+import org.springframework.security.oauth2.server.resource.BearerTokenErrors;
 import org.springframework.security.web.server.authentication.ServerAuthenticationConverter;
 import org.springframework.util.StringUtils;
 import org.springframework.web.server.ServerWebExchange;
 
-import static org.springframework.security.oauth2.server.resource.BearerTokenErrors.invalidRequest;
-import static org.springframework.security.oauth2.server.resource.BearerTokenErrors.invalidToken;
-
 /**
  * A strategy for resolving
  * <a href="https://tools.ietf.org/html/rfc6750#section-1.2" target="_blank">Bearer
@@ -70,7 +68,8 @@ public class ServerBearerTokenAuthenticationConverter implements ServerAuthentic
 		String parameterToken = request.getQueryParams().getFirst("access_token");
 		if (authorizationHeaderToken != null) {
 			if (parameterToken != null) {
-				BearerTokenError error = invalidRequest("Found multiple bearer tokens in the request");
+				BearerTokenError error = BearerTokenErrors
+						.invalidRequest("Found multiple bearer tokens in the request");
 				throw new OAuth2AuthenticationException(error);
 			}
 			return authorizationHeaderToken;
@@ -122,7 +121,7 @@ public class ServerBearerTokenAuthenticationConverter implements ServerAuthentic
 	}
 
 	private static BearerTokenError invalidTokenError() {
-		return invalidToken("Bearer token is malformed");
+		return BearerTokenErrors.invalidToken("Bearer token is malformed");
 	}
 
 	private boolean isParameterTokenSupportedForRequest(ServerHttpRequest request) {
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/BearerTokenErrorsTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/BearerTokenErrorsTests.java
index f84778f545..e8baca0464 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/BearerTokenErrorsTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/BearerTokenErrorsTests.java
@@ -18,13 +18,9 @@ package org.springframework.security.oauth2.server.resource;
 
 import org.junit.Test;
 
+import org.springframework.http.HttpStatus;
+
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.springframework.http.HttpStatus.BAD_REQUEST;
-import static org.springframework.http.HttpStatus.FORBIDDEN;
-import static org.springframework.http.HttpStatus.UNAUTHORIZED;
-import static org.springframework.security.oauth2.server.resource.BearerTokenErrorCodes.INSUFFICIENT_SCOPE;
-import static org.springframework.security.oauth2.server.resource.BearerTokenErrorCodes.INVALID_REQUEST;
-import static org.springframework.security.oauth2.server.resource.BearerTokenErrorCodes.INVALID_TOKEN;
 
 public class BearerTokenErrorsTests {
 
@@ -32,9 +28,9 @@ public class BearerTokenErrorsTests {
 	public void invalidRequestWhenMessageGivenThenBearerTokenErrorReturned() {
 		String message = "message";
 		BearerTokenError error = BearerTokenErrors.invalidRequest(message);
-		assertThat(error.getErrorCode()).isSameAs(INVALID_REQUEST);
+		assertThat(error.getErrorCode()).isSameAs(BearerTokenErrorCodes.INVALID_REQUEST);
 		assertThat(error.getDescription()).isSameAs(message);
-		assertThat(error.getHttpStatus()).isSameAs(BAD_REQUEST);
+		assertThat(error.getHttpStatus()).isSameAs(HttpStatus.BAD_REQUEST);
 		assertThat(error.getUri()).isEqualTo("https://tools.ietf.org/html/rfc6750#section-3.1");
 	}
 
@@ -42,9 +38,9 @@ public class BearerTokenErrorsTests {
 	public void invalidRequestWhenInvalidMessageGivenThenDefaultBearerTokenErrorReturned() {
 		String message = "has \"invalid\" chars";
 		BearerTokenError error = BearerTokenErrors.invalidRequest(message);
-		assertThat(error.getErrorCode()).isSameAs(INVALID_REQUEST);
+		assertThat(error.getErrorCode()).isSameAs(BearerTokenErrorCodes.INVALID_REQUEST);
 		assertThat(error.getDescription()).isEqualTo("Invalid request");
-		assertThat(error.getHttpStatus()).isSameAs(BAD_REQUEST);
+		assertThat(error.getHttpStatus()).isSameAs(HttpStatus.BAD_REQUEST);
 		assertThat(error.getUri()).isEqualTo("https://tools.ietf.org/html/rfc6750#section-3.1");
 	}
 
@@ -52,9 +48,9 @@ public class BearerTokenErrorsTests {
 	public void invalidTokenWhenMessageGivenThenBearerTokenErrorReturned() {
 		String message = "message";
 		BearerTokenError error = BearerTokenErrors.invalidToken(message);
-		assertThat(error.getErrorCode()).isSameAs(INVALID_TOKEN);
+		assertThat(error.getErrorCode()).isSameAs(BearerTokenErrorCodes.INVALID_TOKEN);
 		assertThat(error.getDescription()).isSameAs(message);
-		assertThat(error.getHttpStatus()).isSameAs(UNAUTHORIZED);
+		assertThat(error.getHttpStatus()).isSameAs(HttpStatus.UNAUTHORIZED);
 		assertThat(error.getUri()).isEqualTo("https://tools.ietf.org/html/rfc6750#section-3.1");
 	}
 
@@ -62,9 +58,9 @@ public class BearerTokenErrorsTests {
 	public void invalidTokenWhenInvalidMessageGivenThenDefaultBearerTokenErrorReturned() {
 		String message = "has \"invalid\" chars";
 		BearerTokenError error = BearerTokenErrors.invalidToken(message);
-		assertThat(error.getErrorCode()).isSameAs(INVALID_TOKEN);
+		assertThat(error.getErrorCode()).isSameAs(BearerTokenErrorCodes.INVALID_TOKEN);
 		assertThat(error.getDescription()).isEqualTo("Invalid token");
-		assertThat(error.getHttpStatus()).isSameAs(UNAUTHORIZED);
+		assertThat(error.getHttpStatus()).isSameAs(HttpStatus.UNAUTHORIZED);
 		assertThat(error.getUri()).isEqualTo("https://tools.ietf.org/html/rfc6750#section-3.1");
 	}
 
@@ -73,9 +69,9 @@ public class BearerTokenErrorsTests {
 		String message = "message";
 		String scope = "scope";
 		BearerTokenError error = BearerTokenErrors.insufficientScope(message, scope);
-		assertThat(error.getErrorCode()).isSameAs(INSUFFICIENT_SCOPE);
+		assertThat(error.getErrorCode()).isSameAs(BearerTokenErrorCodes.INSUFFICIENT_SCOPE);
 		assertThat(error.getDescription()).isSameAs(message);
-		assertThat(error.getHttpStatus()).isSameAs(FORBIDDEN);
+		assertThat(error.getHttpStatus()).isSameAs(HttpStatus.FORBIDDEN);
 		assertThat(error.getScope()).isSameAs(scope);
 		assertThat(error.getUri()).isEqualTo("https://tools.ietf.org/html/rfc6750#section-3.1");
 	}
@@ -84,9 +80,9 @@ public class BearerTokenErrorsTests {
 	public void insufficientScopeWhenInvalidMessageGivenThenDefaultBearerTokenErrorReturned() {
 		String message = "has \"invalid\" chars";
 		BearerTokenError error = BearerTokenErrors.insufficientScope(message, "scope");
-		assertThat(error.getErrorCode()).isSameAs(INSUFFICIENT_SCOPE);
+		assertThat(error.getErrorCode()).isSameAs(BearerTokenErrorCodes.INSUFFICIENT_SCOPE);
 		assertThat(error.getDescription()).isSameAs("Insufficient scope");
-		assertThat(error.getHttpStatus()).isSameAs(FORBIDDEN);
+		assertThat(error.getHttpStatus()).isSameAs(HttpStatus.FORBIDDEN);
 		assertThat(error.getScope()).isNull();
 		assertThat(error.getUri()).isEqualTo("https://tools.ietf.org/html/rfc6750#section-3.1");
 	}
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/DefaultAuthenticationEventPublisherBearerTokenTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/DefaultAuthenticationEventPublisherBearerTokenTests.java
index 84456f738b..10fdb5fe57 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/DefaultAuthenticationEventPublisherBearerTokenTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/DefaultAuthenticationEventPublisherBearerTokenTests.java
@@ -22,13 +22,13 @@ import org.springframework.context.ApplicationEventPublisher;
 import org.springframework.security.authentication.DefaultAuthenticationEventPublisher;
 import org.springframework.security.authentication.event.AuthenticationFailureBadCredentialsEvent;
 import org.springframework.security.core.Authentication;
+import org.springframework.security.oauth2.jwt.TestJwts;
 import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
 
 import static org.mockito.ArgumentMatchers.isA;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
-import static org.springframework.security.oauth2.jwt.TestJwts.jwt;
 
 /**
  * Tests for {@link DefaultAuthenticationEventPublisher}'s bearer token use cases
@@ -42,7 +42,7 @@ public class DefaultAuthenticationEventPublisherBearerTokenTests {
 	@Test
 	public void publishAuthenticationFailureWhenInvalidBearerTokenExceptionThenMaps() {
 		ApplicationEventPublisher appPublisher = mock(ApplicationEventPublisher.class);
-		Authentication authentication = new JwtAuthenticationToken(jwt().build());
+		Authentication authentication = new JwtAuthenticationToken(TestJwts.jwt().build());
 		Exception cause = new Exception();
 		this.publisher = new DefaultAuthenticationEventPublisher(appPublisher);
 		this.publisher.publishAuthenticationFailure(new InvalidBearerTokenException("invalid"), authentication);
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/BearerTokenAuthenticationTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/BearerTokenAuthenticationTests.java
index e8c7b3eb44..3a77bbb899 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/BearerTokenAuthenticationTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/BearerTokenAuthenticationTests.java
@@ -33,12 +33,10 @@ import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.oauth2.core.DefaultOAuth2AuthenticatedPrincipal;
 import org.springframework.security.oauth2.core.OAuth2AccessToken;
 import org.springframework.security.oauth2.core.OAuth2AuthenticatedPrincipal;
+import org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionClaimNames;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatCode;
-import static org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionClaimNames.CLIENT_ID;
-import static org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionClaimNames.SUBJECT;
-import static org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionClaimNames.USERNAME;
 
 /**
  * Tests for {@link BearerTokenAuthentication}
@@ -60,9 +58,9 @@ public class BearerTokenAuthenticationTests {
 
 	@Before
 	public void setUp() {
-		this.attributesMap.put(SUBJECT, this.name);
-		this.attributesMap.put(CLIENT_ID, "client_id");
-		this.attributesMap.put(USERNAME, "username");
+		this.attributesMap.put(OAuth2IntrospectionClaimNames.SUBJECT, this.name);
+		this.attributesMap.put(OAuth2IntrospectionClaimNames.CLIENT_ID, "client_id");
+		this.attributesMap.put(OAuth2IntrospectionClaimNames.USERNAME, "username");
 		this.principal = new DefaultOAuth2AuthenticatedPrincipal(this.attributesMap, null);
 	}
 
@@ -86,7 +84,8 @@ public class BearerTokenAuthenticationTests {
 	@Test
 	public void getNameWhenTokenHasUsernameThenReturnsUsernameAttribute() {
 		BearerTokenAuthentication authenticated = new BearerTokenAuthentication(this.principal, this.token, null);
-		assertThat(authenticated.getName()).isEqualTo(this.principal.getAttribute(SUBJECT));
+		assertThat(authenticated.getName())
+				.isEqualTo(this.principal.getAttribute(OAuth2IntrospectionClaimNames.SUBJECT));
 	}
 
 	@Test
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationConverterTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationConverterTests.java
index ad14ba287a..e51eeba4c5 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationConverterTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationConverterTests.java
@@ -26,10 +26,10 @@ import org.springframework.security.authentication.AbstractAuthenticationToken;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.oauth2.jwt.Jwt;
+import org.springframework.security.oauth2.jwt.TestJwts;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
-import static org.springframework.security.oauth2.jwt.TestJwts.jwt;
 
 /**
  * Tests for {@link JwtAuthenticationConverter}
@@ -43,7 +43,7 @@ public class JwtAuthenticationConverterTests {
 
 	@Test
 	public void convertWhenDefaultGrantedAuthoritiesConverterSet() {
-		Jwt jwt = jwt().claim("scope", "message:read message:write").build();
+		Jwt jwt = TestJwts.jwt().claim("scope", "message:read message:write").build();
 
 		AbstractAuthenticationToken authentication = this.jwtAuthenticationConverter.convert(jwt);
 		Collection<GrantedAuthority> authorities = authentication.getAuthorities();
@@ -61,7 +61,7 @@ public class JwtAuthenticationConverterTests {
 
 	@Test
 	public void convertWithOverriddenGrantedAuthoritiesConverter() {
-		Jwt jwt = jwt().claim("scope", "message:read message:write").build();
+		Jwt jwt = TestJwts.jwt().claim("scope", "message:read message:write").build();
 
 		Converter<Jwt, Collection<GrantedAuthority>> grantedAuthoritiesConverter = token -> Arrays
 				.asList(new SimpleGrantedAuthority("blah"));
@@ -98,7 +98,7 @@ public class JwtAuthenticationConverterTests {
 	public void convertWhenPrincipalClaimNameSet() {
 		this.jwtAuthenticationConverter.setPrincipalClaimName("user_id");
 
-		Jwt jwt = jwt().claim("user_id", "100").build();
+		Jwt jwt = TestJwts.jwt().claim("user_id", "100").build();
 		AbstractAuthenticationToken authentication = this.jwtAuthenticationConverter.convert(jwt);
 
 		assertThat(authentication.getName()).isEqualTo("100");
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationProviderTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationProviderTests.java
index ca33f35c69..b74050f296 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationProviderTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationProviderTests.java
@@ -30,6 +30,7 @@ import org.springframework.security.oauth2.jwt.BadJwtException;
 import org.springframework.security.oauth2.jwt.Jwt;
 import org.springframework.security.oauth2.jwt.JwtDecoder;
 import org.springframework.security.oauth2.jwt.JwtException;
+import org.springframework.security.oauth2.jwt.TestJwts;
 import org.springframework.security.oauth2.server.resource.BearerTokenAuthenticationToken;
 import org.springframework.security.oauth2.server.resource.BearerTokenErrorCodes;
 
@@ -37,7 +38,6 @@ import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatCode;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
-import static org.springframework.security.oauth2.jwt.TestJwts.jwt;
 
 /**
  * Tests for {@link JwtAuthenticationProvider}
@@ -65,7 +65,7 @@ public class JwtAuthenticationProviderTests {
 	public void authenticateWhenJwtDecodesThenAuthenticationHasAttributesContainedInJwt() {
 		BearerTokenAuthenticationToken token = this.authentication();
 
-		Jwt jwt = jwt().claim("name", "value").build();
+		Jwt jwt = TestJwts.jwt().claim("name", "value").build();
 
 		given(this.jwtDecoder.decode("token")).willReturn(jwt);
 		given(this.jwtAuthenticationConverter.convert(jwt)).willReturn(new JwtAuthenticationToken(jwt));
@@ -113,7 +113,7 @@ public class JwtAuthenticationProviderTests {
 		Object details = mock(Object.class);
 		token.setDetails(details);
 
-		Jwt jwt = jwt().build();
+		Jwt jwt = TestJwts.jwt().build();
 		JwtAuthenticationToken authentication = new JwtAuthenticationToken(jwt);
 
 		given(this.jwtDecoder.decode(token.getToken())).willReturn(jwt);
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationTokenTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationTokenTests.java
index 5fc65eb8bf..b47ae58732 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationTokenTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationTokenTests.java
@@ -24,11 +24,11 @@ import org.mockito.junit.MockitoJUnitRunner;
 
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.AuthorityUtils;
+import org.springframework.security.oauth2.jose.jws.JwsAlgorithms;
 import org.springframework.security.oauth2.jwt.Jwt;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatCode;
-import static org.springframework.security.oauth2.jose.jws.JwsAlgorithms.RS256;
 
 /**
  * Tests for {@link JwtAuthenticationToken}
@@ -124,7 +124,7 @@ public class JwtAuthenticationTokenTests {
 	}
 
 	private Jwt.Builder builder() {
-		return Jwt.withTokenValue("token").header("alg", RS256);
+		return Jwt.withTokenValue("token").header("alg", JwsAlgorithms.RS256);
 	}
 
 }
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtGrantedAuthoritiesConverterTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtGrantedAuthoritiesConverterTests.java
index 32d1ef773a..f304c0dc67 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtGrantedAuthoritiesConverterTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtGrantedAuthoritiesConverterTests.java
@@ -25,9 +25,9 @@ import org.junit.Test;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.oauth2.jwt.Jwt;
+import org.springframework.security.oauth2.jwt.TestJwts;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.springframework.security.oauth2.jwt.TestJwts.jwt;
 
 /**
  * Tests for {@link JwtGrantedAuthoritiesConverter}
@@ -45,7 +45,7 @@ public class JwtGrantedAuthoritiesConverterTests {
 
 	@Test
 	public void convertWhenTokenHasScopeAttributeThenTranslatedToAuthorities() {
-		Jwt jwt = jwt().claim("scope", "message:read message:write").build();
+		Jwt jwt = TestJwts.jwt().claim("scope", "message:read message:write").build();
 
 		JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
 		Collection<GrantedAuthority> authorities = jwtGrantedAuthoritiesConverter.convert(jwt);
@@ -56,7 +56,7 @@ public class JwtGrantedAuthoritiesConverterTests {
 
 	@Test
 	public void convertWithCustomAuthorityPrefixWhenTokenHasScopeAttributeThenTranslatedToAuthorities() {
-		Jwt jwt = jwt().claim("scope", "message:read message:write").build();
+		Jwt jwt = TestJwts.jwt().claim("scope", "message:read message:write").build();
 
 		JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
 		jwtGrantedAuthoritiesConverter.setAuthorityPrefix("ROLE_");
@@ -68,7 +68,7 @@ public class JwtGrantedAuthoritiesConverterTests {
 
 	@Test
 	public void convertWithBlankAsCustomAuthorityPrefixWhenTokenHasScopeAttributeThenTranslatedToAuthorities() {
-		Jwt jwt = jwt().claim("scope", "message:read message:write").build();
+		Jwt jwt = TestJwts.jwt().claim("scope", "message:read message:write").build();
 
 		JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
 		jwtGrantedAuthoritiesConverter.setAuthorityPrefix("");
@@ -80,7 +80,7 @@ public class JwtGrantedAuthoritiesConverterTests {
 
 	@Test
 	public void convertWhenTokenHasEmptyScopeAttributeThenTranslatedToNoAuthorities() {
-		Jwt jwt = jwt().claim("scope", "").build();
+		Jwt jwt = TestJwts.jwt().claim("scope", "").build();
 
 		JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
 		Collection<GrantedAuthority> authorities = jwtGrantedAuthoritiesConverter.convert(jwt);
@@ -90,7 +90,7 @@ public class JwtGrantedAuthoritiesConverterTests {
 
 	@Test
 	public void convertWhenTokenHasScpAttributeThenTranslatedToAuthorities() {
-		Jwt jwt = jwt().claim("scp", Arrays.asList("message:read", "message:write")).build();
+		Jwt jwt = TestJwts.jwt().claim("scp", Arrays.asList("message:read", "message:write")).build();
 
 		JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
 		Collection<GrantedAuthority> authorities = jwtGrantedAuthoritiesConverter.convert(jwt);
@@ -101,7 +101,7 @@ public class JwtGrantedAuthoritiesConverterTests {
 
 	@Test
 	public void convertWithCustomAuthorityPrefixWhenTokenHasScpAttributeThenTranslatedToAuthorities() {
-		Jwt jwt = jwt().claim("scp", Arrays.asList("message:read", "message:write")).build();
+		Jwt jwt = TestJwts.jwt().claim("scp", Arrays.asList("message:read", "message:write")).build();
 
 		JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
 		jwtGrantedAuthoritiesConverter.setAuthorityPrefix("ROLE_");
@@ -113,7 +113,7 @@ public class JwtGrantedAuthoritiesConverterTests {
 
 	@Test
 	public void convertWithBlankAsCustomAuthorityPrefixWhenTokenHasScpAttributeThenTranslatedToAuthorities() {
-		Jwt jwt = jwt().claim("scp", "message:read message:write").build();
+		Jwt jwt = TestJwts.jwt().claim("scp", "message:read message:write").build();
 
 		JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
 		jwtGrantedAuthoritiesConverter.setAuthorityPrefix("");
@@ -125,7 +125,7 @@ public class JwtGrantedAuthoritiesConverterTests {
 
 	@Test
 	public void convertWhenTokenHasEmptyScpAttributeThenTranslatedToNoAuthorities() {
-		Jwt jwt = jwt().claim("scp", Collections.emptyList()).build();
+		Jwt jwt = TestJwts.jwt().claim("scp", Collections.emptyList()).build();
 
 		JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
 		Collection<GrantedAuthority> authorities = jwtGrantedAuthoritiesConverter.convert(jwt);
@@ -135,7 +135,7 @@ public class JwtGrantedAuthoritiesConverterTests {
 
 	@Test
 	public void convertWhenTokenHasBothScopeAndScpThenScopeAttributeIsTranslatedToAuthorities() {
-		Jwt jwt = jwt().claim("scp", Arrays.asList("message:read", "message:write"))
+		Jwt jwt = TestJwts.jwt().claim("scp", Arrays.asList("message:read", "message:write"))
 				.claim("scope", "missive:read missive:write").build();
 
 		JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
@@ -147,7 +147,8 @@ public class JwtGrantedAuthoritiesConverterTests {
 
 	@Test
 	public void convertWhenTokenHasEmptyScopeAndNonEmptyScpThenScopeAttributeIsTranslatedToNoAuthorities() {
-		Jwt jwt = jwt().claim("scp", Arrays.asList("message:read", "message:write")).claim("scope", "").build();
+		Jwt jwt = TestJwts.jwt().claim("scp", Arrays.asList("message:read", "message:write")).claim("scope", "")
+				.build();
 
 		JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
 		Collection<GrantedAuthority> authorities = jwtGrantedAuthoritiesConverter.convert(jwt);
@@ -157,7 +158,7 @@ public class JwtGrantedAuthoritiesConverterTests {
 
 	@Test
 	public void convertWhenTokenHasEmptyScopeAndEmptyScpAttributeThenTranslatesToNoAuthorities() {
-		Jwt jwt = jwt().claim("scp", Collections.emptyList()).claim("scope", Collections.emptyList()).build();
+		Jwt jwt = TestJwts.jwt().claim("scp", Collections.emptyList()).claim("scope", Collections.emptyList()).build();
 
 		JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
 		Collection<GrantedAuthority> authorities = jwtGrantedAuthoritiesConverter.convert(jwt);
@@ -167,7 +168,7 @@ public class JwtGrantedAuthoritiesConverterTests {
 
 	@Test
 	public void convertWhenTokenHasNoScopeAndNoScpAttributeThenTranslatesToNoAuthorities() {
-		Jwt jwt = jwt().claim("roles", Arrays.asList("message:read", "message:write")).build();
+		Jwt jwt = TestJwts.jwt().claim("roles", Arrays.asList("message:read", "message:write")).build();
 
 		JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
 		Collection<GrantedAuthority> authorities = jwtGrantedAuthoritiesConverter.convert(jwt);
@@ -177,7 +178,7 @@ public class JwtGrantedAuthoritiesConverterTests {
 
 	@Test
 	public void convertWhenTokenHasUnsupportedTypeForScopeThenTranslatesToNoAuthorities() {
-		Jwt jwt = jwt().claim("scope", new String[] { "message:read", "message:write" }).build();
+		Jwt jwt = TestJwts.jwt().claim("scope", new String[] { "message:read", "message:write" }).build();
 
 		JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
 		Collection<GrantedAuthority> authorities = jwtGrantedAuthoritiesConverter.convert(jwt);
@@ -187,7 +188,7 @@ public class JwtGrantedAuthoritiesConverterTests {
 
 	@Test
 	public void convertWhenTokenHasCustomClaimNameThenCustomClaimNameAttributeIsTranslatedToAuthorities() {
-		Jwt jwt = jwt().claim("roles", Arrays.asList("message:read", "message:write"))
+		Jwt jwt = TestJwts.jwt().claim("roles", Arrays.asList("message:read", "message:write"))
 				.claim("scope", "missive:read missive:write").build();
 
 		JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
@@ -200,7 +201,8 @@ public class JwtGrantedAuthoritiesConverterTests {
 
 	@Test
 	public void convertWhenTokenHasEmptyCustomClaimNameThenCustomClaimNameAttributeIsTranslatedToNoAuthorities() {
-		Jwt jwt = jwt().claim("roles", Collections.emptyList()).claim("scope", "missive:read missive:write").build();
+		Jwt jwt = TestJwts.jwt().claim("roles", Collections.emptyList()).claim("scope", "missive:read missive:write")
+				.build();
 
 		JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
 		jwtGrantedAuthoritiesConverter.setAuthoritiesClaimName("roles");
@@ -211,7 +213,7 @@ public class JwtGrantedAuthoritiesConverterTests {
 
 	@Test
 	public void convertWhenTokenHasNoCustomClaimNameThenCustomClaimNameAttributeIsTranslatedToNoAuthorities() {
-		Jwt jwt = jwt().claim("scope", "missive:read missive:write").build();
+		Jwt jwt = TestJwts.jwt().claim("scope", "missive:read missive:write").build();
 
 		JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
 		jwtGrantedAuthoritiesConverter.setAuthoritiesClaimName("roles");
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerAuthenticationManagerResolverTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerAuthenticationManagerResolverTests.java
index 1cab4a21c5..041c0a4f5a 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerAuthenticationManagerResolverTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerAuthenticationManagerResolverTests.java
@@ -38,11 +38,11 @@ import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.AuthenticationManagerResolver;
 import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
 import org.springframework.security.oauth2.jose.TestKeys;
+import org.springframework.security.oauth2.jwt.JwtClaimNames;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatCode;
 import static org.mockito.Mockito.mock;
-import static org.springframework.security.oauth2.jwt.JwtClaimNames.ISS;
 
 /**
  * Tests for {@link JwtIssuerAuthenticationManagerResolver}
@@ -66,7 +66,7 @@ public class JwtIssuerAuthenticationManagerResolverTests {
 			server.enqueue(new MockResponse().setResponseCode(200).setHeader("Content-Type", "application/json")
 					.setBody(String.format(DEFAULT_RESPONSE_TEMPLATE, issuer, issuer)));
 			JWSObject jws = new JWSObject(new JWSHeader(JWSAlgorithm.RS256),
-					new Payload(new JSONObject(Collections.singletonMap(ISS, issuer))));
+					new Payload(new JSONObject(Collections.singletonMap(JwtClaimNames.ISS, issuer))));
 			jws.sign(new RSASSASigner(TestKeys.DEFAULT_PRIVATE_KEY));
 
 			JwtIssuerAuthenticationManagerResolver authenticationManagerResolver = new JwtIssuerAuthenticationManagerResolver(
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerReactiveAuthenticationManagerResolverTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerReactiveAuthenticationManagerResolverTests.java
index 58e545ff03..1c3ffd4c09 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerReactiveAuthenticationManagerResolverTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerReactiveAuthenticationManagerResolverTests.java
@@ -40,11 +40,11 @@ import org.springframework.security.authentication.ReactiveAuthenticationManager
 import org.springframework.security.authentication.ReactiveAuthenticationManagerResolver;
 import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
 import org.springframework.security.oauth2.jose.TestKeys;
+import org.springframework.security.oauth2.jwt.JwtClaimNames;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatCode;
 import static org.mockito.Mockito.mock;
-import static org.springframework.security.oauth2.jwt.JwtClaimNames.ISS;
 
 /**
  * Tests for {@link JwtIssuerReactiveAuthenticationManagerResolver}
@@ -67,7 +67,7 @@ public class JwtIssuerReactiveAuthenticationManagerResolverTests {
 			server.enqueue(new MockResponse().setResponseCode(200).setHeader("Content-Type", "application/json")
 					.setBody(String.format(DEFAULT_RESPONSE_TEMPLATE, issuer, issuer)));
 			JWSObject jws = new JWSObject(new JWSHeader(JWSAlgorithm.RS256),
-					new Payload(new JSONObject(Collections.singletonMap(ISS, issuer))));
+					new Payload(new JSONObject(Collections.singletonMap(JwtClaimNames.ISS, issuer))));
 			jws.sign(new RSASSASigner(TestKeys.DEFAULT_PRIVATE_KEY));
 
 			JwtIssuerReactiveAuthenticationManagerResolver authenticationManagerResolver = new JwtIssuerReactiveAuthenticationManagerResolver(
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtReactiveAuthenticationManagerTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtReactiveAuthenticationManagerTests.java
index 1289ad57b8..e0e34f1cc3 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtReactiveAuthenticationManagerTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtReactiveAuthenticationManagerTests.java
@@ -32,13 +32,13 @@ import org.springframework.security.oauth2.jwt.BadJwtException;
 import org.springframework.security.oauth2.jwt.Jwt;
 import org.springframework.security.oauth2.jwt.JwtException;
 import org.springframework.security.oauth2.jwt.ReactiveJwtDecoder;
+import org.springframework.security.oauth2.jwt.TestJwts;
 import org.springframework.security.oauth2.server.resource.BearerTokenAuthenticationToken;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatCode;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.BDDMockito.given;
-import static org.springframework.security.oauth2.jwt.TestJwts.jwt;
 
 /**
  * @author Rob Winch
@@ -57,7 +57,7 @@ public class JwtReactiveAuthenticationManagerTests {
 	@Before
 	public void setup() {
 		this.manager = new JwtReactiveAuthenticationManager(this.jwtDecoder);
-		this.jwt = jwt().claim("scope", "message:read message:write").build();
+		this.jwt = TestJwts.jwt().claim("scope", "message:read message:write").build();
 	}
 
 	@Test
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenAuthenticationProviderTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenAuthenticationProviderTests.java
index 1f27b57b5e..3d69c5c690 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenAuthenticationProviderTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenAuthenticationProviderTests.java
@@ -26,6 +26,7 @@ import org.junit.Test;
 import org.springframework.security.authentication.AuthenticationServiceException;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.oauth2.core.OAuth2AuthenticatedPrincipal;
+import org.springframework.security.oauth2.core.TestOAuth2AuthenticatedPrincipals;
 import org.springframework.security.oauth2.server.resource.BearerTokenAuthenticationToken;
 import org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionAuthenticatedPrincipal;
 import org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionClaimNames;
@@ -37,15 +38,6 @@ import static org.assertj.core.api.Assertions.assertThatCode;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
-import static org.springframework.security.oauth2.core.TestOAuth2AuthenticatedPrincipals.active;
-import static org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionClaimNames.ACTIVE;
-import static org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionClaimNames.AUDIENCE;
-import static org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionClaimNames.EXPIRES_AT;
-import static org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionClaimNames.ISSUER;
-import static org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionClaimNames.NOT_BEFORE;
-import static org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionClaimNames.SCOPE;
-import static org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionClaimNames.SUBJECT;
-import static org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionClaimNames.USERNAME;
 
 /**
  * Tests for {@link OpaqueTokenAuthenticationProvider}
@@ -56,8 +48,8 @@ public class OpaqueTokenAuthenticationProviderTests {
 
 	@Test
 	public void authenticateWhenActiveTokenThenOk() throws Exception {
-		OAuth2AuthenticatedPrincipal principal = active(
-				attributes -> attributes.put("extension_field", "twenty-seven"));
+		OAuth2AuthenticatedPrincipal principal = TestOAuth2AuthenticatedPrincipals
+				.active(attributes -> attributes.put("extension_field", "twenty-seven"));
 		OpaqueTokenIntrospector introspector = mock(OpaqueTokenIntrospector.class);
 		given(introspector.introspect(any())).willReturn(principal);
 		OpaqueTokenAuthenticationProvider provider = new OpaqueTokenAuthenticationProvider(introspector);
@@ -67,14 +59,16 @@ public class OpaqueTokenAuthenticationProviderTests {
 		assertThat(result.getPrincipal()).isInstanceOf(OAuth2IntrospectionAuthenticatedPrincipal.class);
 
 		Map<String, Object> attributes = ((OAuth2AuthenticatedPrincipal) result.getPrincipal()).getAttributes();
-		assertThat(attributes).isNotNull().containsEntry(ACTIVE, true)
-				.containsEntry(AUDIENCE, Arrays.asList("https://protected.example.net/resource"))
+		assertThat(attributes).isNotNull().containsEntry(OAuth2IntrospectionClaimNames.ACTIVE, true)
+				.containsEntry(OAuth2IntrospectionClaimNames.AUDIENCE,
+						Arrays.asList("https://protected.example.net/resource"))
 				.containsEntry(OAuth2IntrospectionClaimNames.CLIENT_ID, "l238j323ds-23ij4")
-				.containsEntry(EXPIRES_AT, Instant.ofEpochSecond(1419356238))
-				.containsEntry(ISSUER, new URL("https://server.example.com/"))
-				.containsEntry(NOT_BEFORE, Instant.ofEpochSecond(29348723984L))
-				.containsEntry(SCOPE, Arrays.asList("read", "write", "dolphin"))
-				.containsEntry(SUBJECT, "Z5O3upPC88QrAjx00dis").containsEntry(USERNAME, "jdoe")
+				.containsEntry(OAuth2IntrospectionClaimNames.EXPIRES_AT, Instant.ofEpochSecond(1419356238))
+				.containsEntry(OAuth2IntrospectionClaimNames.ISSUER, new URL("https://server.example.com/"))
+				.containsEntry(OAuth2IntrospectionClaimNames.NOT_BEFORE, Instant.ofEpochSecond(29348723984L))
+				.containsEntry(OAuth2IntrospectionClaimNames.SCOPE, Arrays.asList("read", "write", "dolphin"))
+				.containsEntry(OAuth2IntrospectionClaimNames.SUBJECT, "Z5O3upPC88QrAjx00dis")
+				.containsEntry(OAuth2IntrospectionClaimNames.USERNAME, "jdoe")
 				.containsEntry("extension_field", "twenty-seven");
 
 		assertThat(result.getAuthorities()).extracting("authority").containsExactly("SCOPE_read", "SCOPE_write",
@@ -93,7 +87,7 @@ public class OpaqueTokenAuthenticationProviderTests {
 		assertThat(result.getPrincipal()).isInstanceOf(OAuth2AuthenticatedPrincipal.class);
 
 		Map<String, Object> attributes = ((OAuth2AuthenticatedPrincipal) result.getPrincipal()).getAttributes();
-		assertThat(attributes).isNotNull().doesNotContainKey(SCOPE);
+		assertThat(attributes).isNotNull().doesNotContainKey(OAuth2IntrospectionClaimNames.SCOPE);
 
 		assertThat(result.getAuthorities()).isEmpty();
 	}
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenReactiveAuthenticationManagerTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenReactiveAuthenticationManagerTests.java
index 8a498b3ec9..d71c354e38 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenReactiveAuthenticationManagerTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenReactiveAuthenticationManagerTests.java
@@ -28,6 +28,7 @@ import reactor.core.publisher.Mono;
 import org.springframework.security.authentication.AuthenticationServiceException;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.oauth2.core.OAuth2AuthenticatedPrincipal;
+import org.springframework.security.oauth2.core.TestOAuth2AuthenticatedPrincipals;
 import org.springframework.security.oauth2.server.resource.BearerTokenAuthenticationToken;
 import org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionAuthenticatedPrincipal;
 import org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionClaimNames;
@@ -39,15 +40,6 @@ import static org.assertj.core.api.Assertions.assertThatCode;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
-import static org.springframework.security.oauth2.core.TestOAuth2AuthenticatedPrincipals.active;
-import static org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionClaimNames.ACTIVE;
-import static org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionClaimNames.AUDIENCE;
-import static org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionClaimNames.EXPIRES_AT;
-import static org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionClaimNames.ISSUER;
-import static org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionClaimNames.NOT_BEFORE;
-import static org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionClaimNames.SCOPE;
-import static org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionClaimNames.SUBJECT;
-import static org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionClaimNames.USERNAME;
 
 /**
  * Tests for {@link OpaqueTokenReactiveAuthenticationManager}
@@ -58,8 +50,8 @@ public class OpaqueTokenReactiveAuthenticationManagerTests {
 
 	@Test
 	public void authenticateWhenActiveTokenThenOk() throws Exception {
-		OAuth2AuthenticatedPrincipal authority = active(
-				attributes -> attributes.put("extension_field", "twenty-seven"));
+		OAuth2AuthenticatedPrincipal authority = TestOAuth2AuthenticatedPrincipals
+				.active(attributes -> attributes.put("extension_field", "twenty-seven"));
 		ReactiveOpaqueTokenIntrospector introspector = mock(ReactiveOpaqueTokenIntrospector.class);
 		given(introspector.introspect(any())).willReturn(Mono.just(authority));
 		OpaqueTokenReactiveAuthenticationManager provider = new OpaqueTokenReactiveAuthenticationManager(introspector);
@@ -69,14 +61,16 @@ public class OpaqueTokenReactiveAuthenticationManagerTests {
 		assertThat(result.getPrincipal()).isInstanceOf(OAuth2IntrospectionAuthenticatedPrincipal.class);
 
 		Map<String, Object> attributes = ((OAuth2AuthenticatedPrincipal) result.getPrincipal()).getAttributes();
-		assertThat(attributes).isNotNull().containsEntry(ACTIVE, true)
-				.containsEntry(AUDIENCE, Arrays.asList("https://protected.example.net/resource"))
+		assertThat(attributes).isNotNull().containsEntry(OAuth2IntrospectionClaimNames.ACTIVE, true)
+				.containsEntry(OAuth2IntrospectionClaimNames.AUDIENCE,
+						Arrays.asList("https://protected.example.net/resource"))
 				.containsEntry(OAuth2IntrospectionClaimNames.CLIENT_ID, "l238j323ds-23ij4")
-				.containsEntry(EXPIRES_AT, Instant.ofEpochSecond(1419356238))
-				.containsEntry(ISSUER, new URL("https://server.example.com/"))
-				.containsEntry(NOT_BEFORE, Instant.ofEpochSecond(29348723984L))
-				.containsEntry(SCOPE, Arrays.asList("read", "write", "dolphin"))
-				.containsEntry(SUBJECT, "Z5O3upPC88QrAjx00dis").containsEntry(USERNAME, "jdoe")
+				.containsEntry(OAuth2IntrospectionClaimNames.EXPIRES_AT, Instant.ofEpochSecond(1419356238))
+				.containsEntry(OAuth2IntrospectionClaimNames.ISSUER, new URL("https://server.example.com/"))
+				.containsEntry(OAuth2IntrospectionClaimNames.NOT_BEFORE, Instant.ofEpochSecond(29348723984L))
+				.containsEntry(OAuth2IntrospectionClaimNames.SCOPE, Arrays.asList("read", "write", "dolphin"))
+				.containsEntry(OAuth2IntrospectionClaimNames.SUBJECT, "Z5O3upPC88QrAjx00dis")
+				.containsEntry(OAuth2IntrospectionClaimNames.USERNAME, "jdoe")
 				.containsEntry("extension_field", "twenty-seven");
 
 		assertThat(result.getAuthorities()).extracting("authority").containsExactly("SCOPE_read", "SCOPE_write",
@@ -95,7 +89,7 @@ public class OpaqueTokenReactiveAuthenticationManagerTests {
 		assertThat(result.getPrincipal()).isInstanceOf(OAuth2IntrospectionAuthenticatedPrincipal.class);
 
 		Map<String, Object> attributes = ((OAuth2AuthenticatedPrincipal) result.getPrincipal()).getAttributes();
-		assertThat(attributes).isNotNull().doesNotContainKey(SCOPE);
+		assertThat(attributes).isNotNull().doesNotContainKey(OAuth2IntrospectionClaimNames.SCOPE);
 
 		assertThat(result.getAuthorities()).isEmpty();
 	}
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtAuthenticationConverterAdapterTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtAuthenticationConverterAdapterTests.java
index d15161fd07..fdb39984ca 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtAuthenticationConverterAdapterTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtAuthenticationConverterAdapterTests.java
@@ -26,9 +26,9 @@ import org.springframework.security.authentication.AbstractAuthenticationToken;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.oauth2.jwt.Jwt;
+import org.springframework.security.oauth2.jwt.TestJwts;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.springframework.security.oauth2.jwt.TestJwts.jwt;
 
 /**
  * Tests for {@link ReactiveJwtAuthenticationConverterAdapter}
@@ -44,7 +44,7 @@ public class ReactiveJwtAuthenticationConverterAdapterTests {
 
 	@Test
 	public void convertWhenTokenHasScopeAttributeThenTranslatedToAuthorities() {
-		Jwt jwt = jwt().claim("scope", "message:read message:write").build();
+		Jwt jwt = TestJwts.jwt().claim("scope", "message:read message:write").build();
 
 		AbstractAuthenticationToken authentication = this.jwtAuthenticationConverter.convert(jwt).block();
 		Collection<GrantedAuthority> authorities = authentication.getAuthorities();
@@ -55,7 +55,7 @@ public class ReactiveJwtAuthenticationConverterAdapterTests {
 
 	@Test
 	public void convertWhenTokenHasEmptyScopeAttributeThenTranslatedToNoAuthorities() {
-		Jwt jwt = jwt().claim("scope", "").build();
+		Jwt jwt = TestJwts.jwt().claim("scope", "").build();
 
 		AbstractAuthenticationToken authentication = this.jwtAuthenticationConverter.convert(jwt).block();
 
@@ -66,7 +66,7 @@ public class ReactiveJwtAuthenticationConverterAdapterTests {
 
 	@Test
 	public void convertWhenTokenHasScpAttributeThenTranslatedToAuthorities() {
-		Jwt jwt = jwt().claim("scp", Arrays.asList("message:read", "message:write")).build();
+		Jwt jwt = TestJwts.jwt().claim("scp", Arrays.asList("message:read", "message:write")).build();
 
 		AbstractAuthenticationToken authentication = this.jwtAuthenticationConverter.convert(jwt).block();
 
@@ -78,7 +78,7 @@ public class ReactiveJwtAuthenticationConverterAdapterTests {
 
 	@Test
 	public void convertWhenTokenHasEmptyScpAttributeThenTranslatedToNoAuthorities() {
-		Jwt jwt = jwt().claim("scp", Arrays.asList()).build();
+		Jwt jwt = TestJwts.jwt().claim("scp", Arrays.asList()).build();
 
 		AbstractAuthenticationToken authentication = this.jwtAuthenticationConverter.convert(jwt).block();
 
@@ -89,7 +89,7 @@ public class ReactiveJwtAuthenticationConverterAdapterTests {
 
 	@Test
 	public void convertWhenTokenHasBothScopeAndScpThenScopeAttributeIsTranslatedToAuthorities() {
-		Jwt jwt = jwt().claim("scp", Arrays.asList("message:read", "message:write"))
+		Jwt jwt = TestJwts.jwt().claim("scp", Arrays.asList("message:read", "message:write"))
 				.claim("scope", "missive:read missive:write").build();
 
 		AbstractAuthenticationToken authentication = this.jwtAuthenticationConverter.convert(jwt).block();
@@ -102,7 +102,8 @@ public class ReactiveJwtAuthenticationConverterAdapterTests {
 
 	@Test
 	public void convertWhenTokenHasEmptyScopeAndNonEmptyScpThenScopeAttributeIsTranslatedToNoAuthorities() {
-		Jwt jwt = jwt().claim("scp", Arrays.asList("message:read", "message:write")).claim("scope", "").build();
+		Jwt jwt = TestJwts.jwt().claim("scp", Arrays.asList("message:read", "message:write")).claim("scope", "")
+				.build();
 
 		AbstractAuthenticationToken authentication = this.jwtAuthenticationConverter.convert(jwt).block();
 
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtAuthenticationConverterTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtAuthenticationConverterTests.java
index 2eb01d4dfd..d80b9f7800 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtAuthenticationConverterTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtAuthenticationConverterTests.java
@@ -26,10 +26,10 @@ import org.springframework.security.authentication.AbstractAuthenticationToken;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.oauth2.jwt.Jwt;
+import org.springframework.security.oauth2.jwt.TestJwts;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
-import static org.springframework.security.oauth2.jwt.TestJwts.jwt;
 
 /**
  * Tests for {@link ReactiveJwtAuthenticationConverter}
@@ -43,7 +43,7 @@ public class ReactiveJwtAuthenticationConverterTests {
 
 	@Test
 	public void convertWhenDefaultGrantedAuthoritiesConverterSet() {
-		Jwt jwt = jwt().claim("scope", "message:read message:write").build();
+		Jwt jwt = TestJwts.jwt().claim("scope", "message:read message:write").build();
 
 		AbstractAuthenticationToken authentication = this.jwtAuthenticationConverter.convert(jwt).block();
 		Collection<GrantedAuthority> authorities = authentication.getAuthorities();
@@ -61,7 +61,7 @@ public class ReactiveJwtAuthenticationConverterTests {
 
 	@Test
 	public void convertWithOverriddenGrantedAuthoritiesConverter() {
-		Jwt jwt = jwt().claim("scope", "message:read message:write").build();
+		Jwt jwt = TestJwts.jwt().claim("scope", "message:read message:write").build();
 
 		Converter<Jwt, Flux<GrantedAuthority>> grantedAuthoritiesConverter = token -> Flux
 				.just(new SimpleGrantedAuthority("blah"));
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtGrantedAuthoritiesConverterAdapterTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtGrantedAuthoritiesConverterAdapterTests.java
index 3966b0b4f0..66c550fcfd 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtGrantedAuthoritiesConverterAdapterTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtGrantedAuthoritiesConverterAdapterTests.java
@@ -26,10 +26,10 @@ import org.springframework.core.convert.converter.Converter;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.oauth2.jwt.Jwt;
+import org.springframework.security.oauth2.jwt.TestJwts;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
-import static org.springframework.security.oauth2.jwt.TestJwts.jwt;
 
 /**
  * Tests for {@link ReactiveJwtGrantedAuthoritiesConverterAdapter}
@@ -41,7 +41,7 @@ public class ReactiveJwtGrantedAuthoritiesConverterAdapterTests {
 
 	@Test
 	public void convertWithGrantedAuthoritiesConverter() {
-		Jwt jwt = jwt().claim("scope", "message:read message:write").build();
+		Jwt jwt = TestJwts.jwt().claim("scope", "message:read message:write").build();
 
 		Converter<Jwt, Collection<GrantedAuthority>> grantedAuthoritiesConverter = token -> Arrays
 				.asList(new SimpleGrantedAuthority("blah"));
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusOpaqueTokenIntrospectorTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusOpaqueTokenIntrospectorTests.java
index 7539acf13d..8eaa70a584 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusOpaqueTokenIntrospectorTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusOpaqueTokenIntrospectorTests.java
@@ -50,13 +50,6 @@ import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
-import static org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionClaimNames.AUDIENCE;
-import static org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionClaimNames.EXPIRES_AT;
-import static org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionClaimNames.ISSUER;
-import static org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionClaimNames.NOT_BEFORE;
-import static org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionClaimNames.SCOPE;
-import static org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionClaimNames.SUBJECT;
-import static org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionClaimNames.USERNAME;
 
 /**
  * Tests for {@link NimbusOpaqueTokenIntrospector}
@@ -116,12 +109,14 @@ public class NimbusOpaqueTokenIntrospectorTests {
 
 			OAuth2AuthenticatedPrincipal authority = introspectionClient.introspect("token");
 			assertThat(authority.getAttributes()).isNotNull().containsEntry(OAuth2IntrospectionClaimNames.ACTIVE, true)
-					.containsEntry(AUDIENCE, Arrays.asList("https://protected.example.net/resource"))
+					.containsEntry(OAuth2IntrospectionClaimNames.AUDIENCE,
+							Arrays.asList("https://protected.example.net/resource"))
 					.containsEntry(OAuth2IntrospectionClaimNames.CLIENT_ID, "l238j323ds-23ij4")
-					.containsEntry(EXPIRES_AT, Instant.ofEpochSecond(1419356238))
-					.containsEntry(ISSUER, new URL("https://server.example.com/"))
-					.containsEntry(SCOPE, Arrays.asList("read", "write", "dolphin"))
-					.containsEntry(SUBJECT, "Z5O3upPC88QrAjx00dis").containsEntry(USERNAME, "jdoe")
+					.containsEntry(OAuth2IntrospectionClaimNames.EXPIRES_AT, Instant.ofEpochSecond(1419356238))
+					.containsEntry(OAuth2IntrospectionClaimNames.ISSUER, new URL("https://server.example.com/"))
+					.containsEntry(OAuth2IntrospectionClaimNames.SCOPE, Arrays.asList("read", "write", "dolphin"))
+					.containsEntry(OAuth2IntrospectionClaimNames.SUBJECT, "Z5O3upPC88QrAjx00dis")
+					.containsEntry(OAuth2IntrospectionClaimNames.USERNAME, "jdoe")
 					.containsEntry("extension_field", "twenty-seven");
 		}
 	}
@@ -155,8 +150,8 @@ public class NimbusOpaqueTokenIntrospectorTests {
 	public void introspectWhenActiveTokenThenParsesValuesInResponse() {
 		Map<String, Object> introspectedValues = new HashMap<>();
 		introspectedValues.put(OAuth2IntrospectionClaimNames.ACTIVE, true);
-		introspectedValues.put(AUDIENCE, Arrays.asList("aud"));
-		introspectedValues.put(NOT_BEFORE, 29348723984L);
+		introspectedValues.put(OAuth2IntrospectionClaimNames.AUDIENCE, Arrays.asList("aud"));
+		introspectedValues.put(OAuth2IntrospectionClaimNames.NOT_BEFORE, 29348723984L);
 
 		RestOperations restOperations = mock(RestOperations.class);
 		OpaqueTokenIntrospector introspectionClient = new NimbusOpaqueTokenIntrospector(INTROSPECTION_URL,
@@ -166,9 +161,10 @@ public class NimbusOpaqueTokenIntrospectorTests {
 
 		OAuth2AuthenticatedPrincipal authority = introspectionClient.introspect("token");
 		assertThat(authority.getAttributes()).isNotNull().containsEntry(OAuth2IntrospectionClaimNames.ACTIVE, true)
-				.containsEntry(AUDIENCE, Arrays.asList("aud"))
-				.containsEntry(NOT_BEFORE, Instant.ofEpochSecond(29348723984L))
-				.doesNotContainKey(OAuth2IntrospectionClaimNames.CLIENT_ID).doesNotContainKey(SCOPE);
+				.containsEntry(OAuth2IntrospectionClaimNames.AUDIENCE, Arrays.asList("aud"))
+				.containsEntry(OAuth2IntrospectionClaimNames.NOT_BEFORE, Instant.ofEpochSecond(29348723984L))
+				.doesNotContainKey(OAuth2IntrospectionClaimNames.CLIENT_ID)
+				.doesNotContainKey(OAuth2IntrospectionClaimNames.SCOPE);
 	}
 
 	@Test
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusReactiveOpaqueTokenIntrospectorTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusReactiveOpaqueTokenIntrospectorTests.java
index befa3bef92..69a96f5cba 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusReactiveOpaqueTokenIntrospectorTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusReactiveOpaqueTokenIntrospectorTests.java
@@ -45,13 +45,6 @@ import static org.assertj.core.api.Assertions.assertThatCode;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.spy;
-import static org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionClaimNames.AUDIENCE;
-import static org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionClaimNames.EXPIRES_AT;
-import static org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionClaimNames.ISSUER;
-import static org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionClaimNames.NOT_BEFORE;
-import static org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionClaimNames.SCOPE;
-import static org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionClaimNames.SUBJECT;
-import static org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionClaimNames.USERNAME;
 
 /**
  * Tests for {@link NimbusReactiveOpaqueTokenIntrospector}
@@ -94,12 +87,14 @@ public class NimbusReactiveOpaqueTokenIntrospectorTests {
 
 			OAuth2AuthenticatedPrincipal authority = introspectionClient.introspect("token").block();
 			assertThat(authority.getAttributes()).isNotNull().containsEntry(OAuth2IntrospectionClaimNames.ACTIVE, true)
-					.containsEntry(AUDIENCE, Arrays.asList("https://protected.example.net/resource"))
+					.containsEntry(OAuth2IntrospectionClaimNames.AUDIENCE,
+							Arrays.asList("https://protected.example.net/resource"))
 					.containsEntry(OAuth2IntrospectionClaimNames.CLIENT_ID, "l238j323ds-23ij4")
-					.containsEntry(EXPIRES_AT, Instant.ofEpochSecond(1419356238))
-					.containsEntry(ISSUER, new URL("https://server.example.com/"))
-					.containsEntry(SCOPE, Arrays.asList("read", "write", "dolphin"))
-					.containsEntry(SUBJECT, "Z5O3upPC88QrAjx00dis").containsEntry(USERNAME, "jdoe")
+					.containsEntry(OAuth2IntrospectionClaimNames.EXPIRES_AT, Instant.ofEpochSecond(1419356238))
+					.containsEntry(OAuth2IntrospectionClaimNames.ISSUER, new URL("https://server.example.com/"))
+					.containsEntry(OAuth2IntrospectionClaimNames.SCOPE, Arrays.asList("read", "write", "dolphin"))
+					.containsEntry(OAuth2IntrospectionClaimNames.SUBJECT, "Z5O3upPC88QrAjx00dis")
+					.containsEntry(OAuth2IntrospectionClaimNames.USERNAME, "jdoe")
 					.containsEntry("extension_field", "twenty-seven");
 		}
 	}
@@ -133,8 +128,8 @@ public class NimbusReactiveOpaqueTokenIntrospectorTests {
 	public void authenticateWhenActiveTokenThenParsesValuesInResponse() {
 		Map<String, Object> introspectedValues = new HashMap<>();
 		introspectedValues.put(OAuth2IntrospectionClaimNames.ACTIVE, true);
-		introspectedValues.put(AUDIENCE, Arrays.asList("aud"));
-		introspectedValues.put(NOT_BEFORE, 29348723984L);
+		introspectedValues.put(OAuth2IntrospectionClaimNames.AUDIENCE, Arrays.asList("aud"));
+		introspectedValues.put(OAuth2IntrospectionClaimNames.NOT_BEFORE, 29348723984L);
 
 		WebClient webClient = mockResponse(new JSONObject(introspectedValues).toJSONString());
 		NimbusReactiveOpaqueTokenIntrospector introspectionClient = new NimbusReactiveOpaqueTokenIntrospector(
@@ -142,9 +137,10 @@ public class NimbusReactiveOpaqueTokenIntrospectorTests {
 
 		OAuth2AuthenticatedPrincipal authority = introspectionClient.introspect("token").block();
 		assertThat(authority.getAttributes()).isNotNull().containsEntry(OAuth2IntrospectionClaimNames.ACTIVE, true)
-				.containsEntry(AUDIENCE, Arrays.asList("aud"))
-				.containsEntry(NOT_BEFORE, Instant.ofEpochSecond(29348723984L))
-				.doesNotContainKey(OAuth2IntrospectionClaimNames.CLIENT_ID).doesNotContainKey(SCOPE);
+				.containsEntry(OAuth2IntrospectionClaimNames.AUDIENCE, Arrays.asList("aud"))
+				.containsEntry(OAuth2IntrospectionClaimNames.NOT_BEFORE, Instant.ofEpochSecond(29348723984L))
+				.doesNotContainKey(OAuth2IntrospectionClaimNames.CLIENT_ID)
+				.doesNotContainKey(OAuth2IntrospectionClaimNames.SCOPE);
 	}
 
 	@Test
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServerBearerExchangeFilterFunctionTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServerBearerExchangeFilterFunctionTests.java
index 9d85454580..788598a31f 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServerBearerExchangeFilterFunctionTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServerBearerExchangeFilterFunctionTests.java
@@ -25,6 +25,7 @@ import java.util.Map;
 import org.junit.Test;
 
 import org.springframework.http.HttpHeaders;
+import org.springframework.http.HttpMethod;
 import org.springframework.security.authentication.TestingAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.ReactiveSecurityContextHolder;
@@ -34,7 +35,6 @@ import org.springframework.security.oauth2.server.resource.web.MockExchangeFunct
 import org.springframework.web.reactive.function.client.ClientRequest;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.springframework.http.HttpMethod.GET;
 
 /**
  * Tests for {@link ServerBearerExchangeFilterFunction}
@@ -60,7 +60,7 @@ public class ServerBearerExchangeFilterFunctionTests {
 
 	@Test
 	public void filterWhenUnauthenticatedThenAuthorizationHeaderNull() {
-		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com")).build();
+		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")).build();
 
 		this.function.filter(request, this.exchange).block();
 
@@ -69,7 +69,7 @@ public class ServerBearerExchangeFilterFunctionTests {
 
 	@Test
 	public void filterWhenAuthenticatedThenAuthorizationHeaderNull() throws Exception {
-		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com")).build();
+		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")).build();
 
 		this.function.filter(request, this.exchange)
 				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication)).block();
@@ -81,7 +81,7 @@ public class ServerBearerExchangeFilterFunctionTests {
 	// gh-7353
 	@Test
 	public void filterWhenAuthenticatedWithOtherTokenThenAuthorizationHeaderNull() throws Exception {
-		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com")).build();
+		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")).build();
 
 		TestingAuthenticationToken token = new TestingAuthenticationToken("user", "pass");
 		this.function.filter(request, this.exchange)
@@ -92,7 +92,7 @@ public class ServerBearerExchangeFilterFunctionTests {
 
 	@Test
 	public void filterWhenExistingAuthorizationThenSingleAuthorizationHeader() {
-		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
+		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com"))
 				.header(HttpHeaders.AUTHORIZATION, "Existing").build();
 
 		this.function.filter(request, this.exchange)
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServletBearerExchangeFilterFunctionTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServletBearerExchangeFilterFunctionTests.java
index 9868ebfc2c..645173d860 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServletBearerExchangeFilterFunctionTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServletBearerExchangeFilterFunctionTests.java
@@ -29,6 +29,7 @@ import org.mockito.junit.MockitoJUnitRunner;
 import reactor.util.context.Context;
 
 import org.springframework.http.HttpHeaders;
+import org.springframework.http.HttpMethod;
 import org.springframework.security.authentication.TestingAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.oauth2.core.OAuth2AccessToken;
@@ -37,8 +38,6 @@ import org.springframework.security.oauth2.server.resource.web.MockExchangeFunct
 import org.springframework.web.reactive.function.client.ClientRequest;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.springframework.http.HttpMethod.GET;
-import static org.springframework.security.oauth2.server.resource.web.reactive.function.client.ServletBearerExchangeFilterFunction.SECURITY_REACTOR_CONTEXT_ATTRIBUTES_KEY;
 
 /**
  * Tests for {@link ServletBearerExchangeFilterFunction}
@@ -65,7 +64,7 @@ public class ServletBearerExchangeFilterFunctionTests {
 
 	@Test
 	public void filterWhenUnauthenticatedThenAuthorizationHeaderNull() {
-		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com")).build();
+		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")).build();
 
 		this.function.filter(request, this.exchange).block();
 
@@ -76,7 +75,7 @@ public class ServletBearerExchangeFilterFunctionTests {
 	@Test
 	public void filterWhenAuthenticatedWithOtherTokenThenAuthorizationHeaderNull() {
 		TestingAuthenticationToken token = new TestingAuthenticationToken("user", "pass");
-		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com")).build();
+		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")).build();
 
 		this.function.filter(request, this.exchange).subscriberContext(context(token)).block();
 
@@ -85,7 +84,7 @@ public class ServletBearerExchangeFilterFunctionTests {
 
 	@Test
 	public void filterWhenAuthenticatedThenAuthorizationHeader() {
-		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com")).build();
+		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")).build();
 
 		this.function.filter(request, this.exchange).subscriberContext(context(this.authentication)).block();
 
@@ -95,7 +94,7 @@ public class ServletBearerExchangeFilterFunctionTests {
 
 	@Test
 	public void filterWhenExistingAuthorizationThenSingleAuthorizationHeader() {
-		ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
+		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com"))
 				.header(HttpHeaders.AUTHORIZATION, "Existing").build();
 
 		this.function.filter(request, this.exchange).subscriberContext(context(this.authentication)).block();
@@ -107,7 +106,8 @@ public class ServletBearerExchangeFilterFunctionTests {
 	private Context context(Authentication authentication) {
 		Map<Class<?>, Object> contextAttributes = new HashMap<>();
 		contextAttributes.put(Authentication.class, authentication);
-		return Context.of(SECURITY_REACTOR_CONTEXT_ATTRIBUTES_KEY, contextAttributes);
+		return Context.of(ServletBearerExchangeFilterFunction.SECURITY_REACTOR_CONTEXT_ATTRIBUTES_KEY,
+				contextAttributes);
 	}
 
 }
diff --git a/rsocket/src/test/java/org/springframework/security/rsocket/authorization/AuthorizationPayloadInterceptorTests.java b/rsocket/src/test/java/org/springframework/security/rsocket/authorization/AuthorizationPayloadInterceptorTests.java
index 36f98b2189..edaac04759 100644
--- a/rsocket/src/test/java/org/springframework/security/rsocket/authorization/AuthorizationPayloadInterceptorTests.java
+++ b/rsocket/src/test/java/org/springframework/security/rsocket/authorization/AuthorizationPayloadInterceptorTests.java
@@ -28,6 +28,8 @@ import reactor.util.context.Context;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
 import org.springframework.security.authentication.TestingAuthenticationToken;
+import org.springframework.security.authorization.AuthenticatedReactiveAuthorizationManager;
+import org.springframework.security.authorization.AuthorityReactiveAuthorizationManager;
 import org.springframework.security.authorization.ReactiveAuthorizationManager;
 import org.springframework.security.core.context.ReactiveSecurityContextHolder;
 import org.springframework.security.rsocket.api.PayloadExchange;
@@ -35,8 +37,6 @@ import org.springframework.security.rsocket.api.PayloadInterceptorChain;
 
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.BDDMockito.given;
-import static org.springframework.security.authorization.AuthenticatedReactiveAuthorizationManager.authenticated;
-import static org.springframework.security.authorization.AuthorityReactiveAuthorizationManager.hasRole;
 
 /**
  * @author Rob Winch
@@ -61,7 +61,8 @@ public class AuthorizationPayloadInterceptorTests {
 	public void interceptWhenAuthenticationEmptyAndSubscribedThenException() {
 		given(this.chain.next(any())).willReturn(this.chainResult.mono());
 
-		AuthorizationPayloadInterceptor interceptor = new AuthorizationPayloadInterceptor(authenticated());
+		AuthorizationPayloadInterceptor interceptor = new AuthorizationPayloadInterceptor(
+				AuthenticatedReactiveAuthorizationManager.authenticated());
 
 		StepVerifier.create(interceptor.intercept(this.exchange, this.chain))
 				.then(() -> this.chainResult.assertWasNotSubscribed())
@@ -83,7 +84,8 @@ public class AuthorizationPayloadInterceptorTests {
 	public void interceptWhenNotAuthorizedThenException() {
 		given(this.chain.next(any())).willReturn(this.chainResult.mono());
 
-		AuthorizationPayloadInterceptor interceptor = new AuthorizationPayloadInterceptor(hasRole("USER"));
+		AuthorizationPayloadInterceptor interceptor = new AuthorizationPayloadInterceptor(
+				AuthorityReactiveAuthorizationManager.hasRole("USER"));
 		Context userContext = ReactiveSecurityContextHolder
 				.withAuthentication(new TestingAuthenticationToken("user", "password"));
 
@@ -97,7 +99,8 @@ public class AuthorizationPayloadInterceptorTests {
 	public void interceptWhenAuthorizedThenContinues() {
 		given(this.chain.next(any())).willReturn(this.chainResult.mono());
 
-		AuthorizationPayloadInterceptor interceptor = new AuthorizationPayloadInterceptor(authenticated());
+		AuthorizationPayloadInterceptor interceptor = new AuthorizationPayloadInterceptor(
+				AuthenticatedReactiveAuthorizationManager.authenticated());
 		Context userContext = ReactiveSecurityContextHolder
 				.withAuthentication(new TestingAuthenticationToken("user", "password", "ROLE_USER"));
 
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/core/OpenSamlInitializationService.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/core/OpenSamlInitializationService.java
index 25cf7269f2..ba98b28ad8 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/core/OpenSamlInitializationService.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/core/OpenSamlInitializationService.java
@@ -29,13 +29,10 @@ import org.apache.commons.logging.LogFactory;
 import org.opensaml.core.config.ConfigurationService;
 import org.opensaml.core.config.InitializationService;
 import org.opensaml.core.xml.config.XMLObjectProviderRegistry;
+import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
 
 import org.springframework.security.saml2.Saml2Exception;
 
-import static java.lang.Boolean.FALSE;
-import static java.lang.Boolean.TRUE;
-import static org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport.setParserPool;
-
 /**
  * An initialization service for initializing OpenSAML. Each Spring Security
  * OpenSAML-based component invokes the {@link #initialize()} method at static
@@ -130,12 +127,13 @@ public class OpenSamlInitializationService {
 			parserPool.setMaxPoolSize(50);
 
 			Map<String, Boolean> parserBuilderFeatures = new HashMap<>();
-			parserBuilderFeatures.put("http://apache.org/xml/features/disallow-doctype-decl", TRUE);
-			parserBuilderFeatures.put(XMLConstants.FEATURE_SECURE_PROCESSING, TRUE);
-			parserBuilderFeatures.put("http://xml.org/sax/features/external-general-entities", FALSE);
-			parserBuilderFeatures.put("http://apache.org/xml/features/validation/schema/normalized-value", FALSE);
-			parserBuilderFeatures.put("http://xml.org/sax/features/external-parameter-entities", FALSE);
-			parserBuilderFeatures.put("http://apache.org/xml/features/dom/defer-node-expansion", FALSE);
+			parserBuilderFeatures.put("http://apache.org/xml/features/disallow-doctype-decl", Boolean.TRUE);
+			parserBuilderFeatures.put(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
+			parserBuilderFeatures.put("http://xml.org/sax/features/external-general-entities", Boolean.FALSE);
+			parserBuilderFeatures.put("http://apache.org/xml/features/validation/schema/normalized-value",
+					Boolean.FALSE);
+			parserBuilderFeatures.put("http://xml.org/sax/features/external-parameter-entities", Boolean.FALSE);
+			parserBuilderFeatures.put("http://apache.org/xml/features/dom/defer-node-expansion", Boolean.FALSE);
 			parserPool.setBuilderFeatures(parserBuilderFeatures);
 
 			try {
@@ -144,7 +142,7 @@ public class OpenSamlInitializationService {
 			catch (Exception e) {
 				throw new Saml2Exception(e);
 			}
-			setParserPool(parserPool);
+			XMLObjectProviderRegistrySupport.setParserPool(parserPool);
 
 			registryConsumer.accept(ConfigurationService.get(XMLObjectProviderRegistry.class));
 
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/core/Saml2X509Credential.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/core/Saml2X509Credential.java
index eada82bdd5..d8031880f0 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/core/Saml2X509Credential.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/core/Saml2X509Credential.java
@@ -17,17 +17,13 @@ package org.springframework.security.saml2.core;
 
 import java.security.PrivateKey;
 import java.security.cert.X509Certificate;
+import java.util.Arrays;
 import java.util.LinkedHashSet;
 import java.util.Objects;
 import java.util.Set;
 
 import org.springframework.util.Assert;
 
-import static java.util.Arrays.asList;
-import static org.springframework.util.Assert.notEmpty;
-import static org.springframework.util.Assert.notNull;
-import static org.springframework.util.Assert.state;
-
 /**
  * An object for holding a public certificate, any associated private key, and its
  * intended <a href=
@@ -127,14 +123,14 @@ public final class Saml2X509Credential {
 
 	private Saml2X509Credential(PrivateKey privateKey, boolean keyRequired, X509Certificate certificate,
 			Saml2X509CredentialType... types) {
-		notNull(certificate, "certificate cannot be null");
-		notEmpty(types, "credentials types cannot be empty");
+		Assert.notNull(certificate, "certificate cannot be null");
+		Assert.notEmpty(types, "credentials types cannot be empty");
 		if (keyRequired) {
-			notNull(privateKey, "privateKey cannot be null");
+			Assert.notNull(privateKey, "privateKey cannot be null");
 		}
 		this.privateKey = privateKey;
 		this.certificate = certificate;
-		this.credentialTypes = new LinkedHashSet<>(asList(types));
+		this.credentialTypes = new LinkedHashSet<>(Arrays.asList(types));
 	}
 
 	/**
@@ -224,7 +220,7 @@ public final class Saml2X509Credential {
 					break;
 				}
 			}
-			state(valid, () -> usage + " is not a valid usage for this credential");
+			Assert.state(valid, () -> usage + " is not a valid usage for this credential");
 		}
 	}
 
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/credentials/Saml2X509Credential.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/credentials/Saml2X509Credential.java
index 03a5e5a3cc..9d07140b68 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/credentials/Saml2X509Credential.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/credentials/Saml2X509Credential.java
@@ -17,17 +17,13 @@ package org.springframework.security.saml2.credentials;
 
 import java.security.PrivateKey;
 import java.security.cert.X509Certificate;
+import java.util.Arrays;
 import java.util.LinkedHashSet;
 import java.util.Objects;
 import java.util.Set;
 
 import org.springframework.util.Assert;
 
-import static java.util.Arrays.asList;
-import static org.springframework.util.Assert.notEmpty;
-import static org.springframework.util.Assert.notNull;
-import static org.springframework.util.Assert.state;
-
 /**
  * Saml2X509Credential is meant to hold an X509 certificate, or an X509 certificate and a
  * private key. Per:
@@ -98,14 +94,14 @@ public class Saml2X509Credential {
 
 	private Saml2X509Credential(PrivateKey privateKey, boolean keyRequired, X509Certificate certificate,
 			Saml2X509CredentialType... types) {
-		notNull(certificate, "certificate cannot be null");
-		notEmpty(types, "credentials types cannot be empty");
+		Assert.notNull(certificate, "certificate cannot be null");
+		Assert.notEmpty(types, "credentials types cannot be empty");
 		if (keyRequired) {
-			notNull(privateKey, "privateKey cannot be null");
+			Assert.notNull(privateKey, "privateKey cannot be null");
 		}
 		this.privateKey = privateKey;
 		this.certificate = certificate;
-		this.credentialTypes = new LinkedHashSet<>(asList(types));
+		this.credentialTypes = new LinkedHashSet<>(Arrays.asList(types));
 	}
 
 	/**
@@ -198,7 +194,7 @@ public class Saml2X509Credential {
 					break;
 				}
 			}
-			state(valid, () -> usage + " is not a valid usage for this credential");
+			Assert.state(valid, () -> usage + " is not a valid usage for this credential");
 		}
 	}
 
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProvider.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProvider.java
index 842f58df26..6c5be4d1bb 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProvider.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProvider.java
@@ -20,6 +20,7 @@ import java.nio.charset.StandardCharsets;
 import java.time.Duration;
 import java.time.Instant;
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.HashMap;
@@ -58,6 +59,7 @@ import org.opensaml.saml.criterion.ProtocolCriterion;
 import org.opensaml.saml.metadata.criteria.role.impl.EvaluableProtocolRoleDescriptorCriterion;
 import org.opensaml.saml.saml2.assertion.ConditionValidator;
 import org.opensaml.saml.saml2.assertion.SAML20AssertionValidator;
+import org.opensaml.saml.saml2.assertion.SAML2AssertionValidationParameters;
 import org.opensaml.saml.saml2.assertion.StatementValidator;
 import org.opensaml.saml.saml2.assertion.SubjectConfirmationValidator;
 import org.opensaml.saml.saml2.assertion.impl.AudienceRestrictionConditionValidator;
@@ -107,28 +109,12 @@ import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMap
 import org.springframework.security.saml2.Saml2Exception;
 import org.springframework.security.saml2.core.OpenSamlInitializationService;
 import org.springframework.security.saml2.core.Saml2Error;
+import org.springframework.security.saml2.core.Saml2ErrorCodes;
 import org.springframework.security.saml2.core.Saml2X509Credential;
 import org.springframework.util.Assert;
 import org.springframework.util.CollectionUtils;
 import org.springframework.util.StringUtils;
 
-import static java.util.Arrays.asList;
-import static java.util.Collections.singleton;
-import static java.util.Collections.singletonList;
-import static org.opensaml.saml.saml2.assertion.SAML2AssertionValidationParameters.CLOCK_SKEW;
-import static org.opensaml.saml.saml2.assertion.SAML2AssertionValidationParameters.COND_VALID_AUDIENCES;
-import static org.opensaml.saml.saml2.assertion.SAML2AssertionValidationParameters.SC_VALID_RECIPIENTS;
-import static org.opensaml.saml.saml2.assertion.SAML2AssertionValidationParameters.SIGNATURE_REQUIRED;
-import static org.springframework.security.saml2.core.Saml2ErrorCodes.DECRYPTION_ERROR;
-import static org.springframework.security.saml2.core.Saml2ErrorCodes.INTERNAL_VALIDATION_ERROR;
-import static org.springframework.security.saml2.core.Saml2ErrorCodes.INVALID_ASSERTION;
-import static org.springframework.security.saml2.core.Saml2ErrorCodes.INVALID_DESTINATION;
-import static org.springframework.security.saml2.core.Saml2ErrorCodes.INVALID_ISSUER;
-import static org.springframework.security.saml2.core.Saml2ErrorCodes.INVALID_SIGNATURE;
-import static org.springframework.security.saml2.core.Saml2ErrorCodes.MALFORMED_RESPONSE_DATA;
-import static org.springframework.security.saml2.core.Saml2ErrorCodes.SUBJECT_NOT_FOUND;
-import static org.springframework.util.Assert.notNull;
-
 /**
  * Implementation of {@link AuthenticationProvider} for SAML authentications when
  * receiving a {@code Response} object containing an {@code Assertion}. This
@@ -188,8 +174,8 @@ public final class OpenSamlAuthenticationProvider implements AuthenticationProvi
 
 	private final ParserPool parserPool;
 
-	private Converter<Assertion, Collection<? extends GrantedAuthority>> authoritiesExtractor = (a -> singletonList(
-			new SimpleGrantedAuthority("ROLE_USER")));
+	private Converter<Assertion, Collection<? extends GrantedAuthority>> authoritiesExtractor = (a -> Collections
+			.singletonList(new SimpleGrantedAuthority("ROLE_USER")));
 
 	private GrantedAuthoritiesMapper authoritiesMapper = (a -> a);
 
@@ -268,7 +254,7 @@ public final class OpenSamlAuthenticationProvider implements AuthenticationProvi
 	 * user's authorities
 	 */
 	public void setAuthoritiesMapper(GrantedAuthoritiesMapper authoritiesMapper) {
-		notNull(authoritiesMapper, "authoritiesMapper cannot be null");
+		Assert.notNull(authoritiesMapper, "authoritiesMapper cannot be null");
 		this.authoritiesMapper = authoritiesMapper;
 	}
 
@@ -300,7 +286,7 @@ public final class OpenSamlAuthenticationProvider implements AuthenticationProvi
 			throw e;
 		}
 		catch (Exception e) {
-			throw authException(INTERNAL_VALIDATION_ERROR, e.getMessage(), e);
+			throw authException(Saml2ErrorCodes.INTERNAL_VALIDATION_ERROR, e.getMessage(), e);
 		}
 	}
 
@@ -324,7 +310,7 @@ public final class OpenSamlAuthenticationProvider implements AuthenticationProvi
 			return (Response) this.responseUnmarshaller.unmarshall(element);
 		}
 		catch (Exception e) {
-			throw authException(MALFORMED_RESPONSE_DATA, e.getMessage(), e);
+			throw authException(Saml2ErrorCodes.MALFORMED_RESPONSE_DATA, e.getMessage(), e);
 		}
 	}
 
@@ -340,15 +326,16 @@ public final class OpenSamlAuthenticationProvider implements AuthenticationProvi
 		Decrypter decrypter = this.decrypterConverter.convert(token);
 		List<Assertion> assertions = decryptAssertions(decrypter, response);
 		if (!isSigned(responseSigned, assertions)) {
-			throw authException(INVALID_SIGNATURE, "Either the response or one of the assertions is unsigned. "
-					+ "Please either sign the response or all of the assertions.");
+			throw authException(Saml2ErrorCodes.INVALID_SIGNATURE,
+					"Either the response or one of the assertions is unsigned. "
+							+ "Please either sign the response or all of the assertions.");
 		}
 		validationExceptions.putAll(validateAssertions(token, response));
 
 		Assertion firstAssertion = CollectionUtils.firstElement(response.getAssertions());
 		NameID nameId = decryptPrincipal(decrypter, firstAssertion);
 		if (nameId == null || nameId.getValue() == null) {
-			validationExceptions.put(SUBJECT_NOT_FOUND, authException(SUBJECT_NOT_FOUND,
+			validationExceptions.put(Saml2ErrorCodes.SUBJECT_NOT_FOUND, authException(Saml2ErrorCodes.SUBJECT_NOT_FOUND,
 					"Assertion [" + firstAssertion.getID() + "] is missing a subject"));
 		}
 
@@ -385,8 +372,9 @@ public final class OpenSamlAuthenticationProvider implements AuthenticationProvi
 				profileValidator.validate(response.getSignature());
 			}
 			catch (Exception e) {
-				validationExceptions.put(INVALID_SIGNATURE, authException(INVALID_SIGNATURE,
-						"Invalid signature for SAML Response [" + response.getID() + "]: ", e));
+				validationExceptions.put(Saml2ErrorCodes.INVALID_SIGNATURE,
+						authException(Saml2ErrorCodes.INVALID_SIGNATURE,
+								"Invalid signature for SAML Response [" + response.getID() + "]: ", e));
 			}
 
 			try {
@@ -396,13 +384,15 @@ public final class OpenSamlAuthenticationProvider implements AuthenticationProvi
 						new EvaluableProtocolRoleDescriptorCriterion(new ProtocolCriterion(SAMLConstants.SAML20P_NS)));
 				criteriaSet.add(new EvaluableUsageCredentialCriterion(new UsageCriterion(UsageType.SIGNING)));
 				if (!this.signatureTrustEngineConverter.convert(token).validate(response.getSignature(), criteriaSet)) {
-					validationExceptions.put(INVALID_SIGNATURE, authException(INVALID_SIGNATURE,
-							"Invalid signature for SAML Response [" + response.getID() + "]"));
+					validationExceptions.put(Saml2ErrorCodes.INVALID_SIGNATURE,
+							authException(Saml2ErrorCodes.INVALID_SIGNATURE,
+									"Invalid signature for SAML Response [" + response.getID() + "]"));
 				}
 			}
 			catch (Exception e) {
-				validationExceptions.put(INVALID_SIGNATURE, authException(INVALID_SIGNATURE,
-						"Invalid signature for SAML Response [" + response.getID() + "]: ", e));
+				validationExceptions.put(Saml2ErrorCodes.INVALID_SIGNATURE,
+						authException(Saml2ErrorCodes.INVALID_SIGNATURE,
+								"Invalid signature for SAML Response [" + response.getID() + "]: ", e));
 			}
 		}
 
@@ -410,13 +400,15 @@ public final class OpenSamlAuthenticationProvider implements AuthenticationProvi
 		String location = token.getRelyingPartyRegistration().getAssertionConsumerServiceLocation();
 		if (StringUtils.hasText(destination) && !destination.equals(location)) {
 			String message = "Invalid destination [" + destination + "] for SAML response [" + response.getID() + "]";
-			validationExceptions.put(INVALID_DESTINATION, authException(INVALID_DESTINATION, message));
+			validationExceptions.put(Saml2ErrorCodes.INVALID_DESTINATION,
+					authException(Saml2ErrorCodes.INVALID_DESTINATION, message));
 		}
 
 		String assertingPartyEntityId = token.getRelyingPartyRegistration().getAssertingPartyDetails().getEntityId();
 		if (!StringUtils.hasText(issuer) || !issuer.equals(assertingPartyEntityId)) {
 			String message = String.format("Invalid issuer [%s] for SAML response [%s]", issuer, response.getID());
-			validationExceptions.put(INVALID_ISSUER, authException(INVALID_ISSUER, message));
+			validationExceptions.put(Saml2ErrorCodes.INVALID_ISSUER,
+					authException(Saml2ErrorCodes.INVALID_ISSUER, message));
 		}
 
 		return validationExceptions;
@@ -430,7 +422,7 @@ public final class OpenSamlAuthenticationProvider implements AuthenticationProvi
 				assertions.add(assertion);
 			}
 			catch (DecryptionException e) {
-				throw authException(DECRYPTION_ERROR, e.getMessage(), e);
+				throw authException(Saml2ErrorCodes.DECRYPTION_ERROR, e.getMessage(), e);
 			}
 		}
 		response.getAssertions().addAll(assertions);
@@ -441,7 +433,7 @@ public final class OpenSamlAuthenticationProvider implements AuthenticationProvi
 			Response response) {
 		List<Assertion> assertions = response.getAssertions();
 		if (assertions.isEmpty()) {
-			throw authException(MALFORMED_RESPONSE_DATA, "No assertions found in response.");
+			throw authException(Saml2ErrorCodes.MALFORMED_RESPONSE_DATA, "No assertions found in response.");
 		}
 
 		Map<String, Saml2AuthenticationException> validationExceptions = new LinkedHashMap<>();
@@ -461,13 +453,15 @@ public final class OpenSamlAuthenticationProvider implements AuthenticationProvi
 					String message = String.format("Invalid assertion [%s] for SAML response [%s]: %s",
 							assertion.getID(), ((Response) assertion.getParent()).getID(),
 							context.getValidationFailureMessage());
-					validationExceptions.put(INVALID_ASSERTION, authException(INVALID_ASSERTION, message));
+					validationExceptions.put(Saml2ErrorCodes.INVALID_ASSERTION,
+							authException(Saml2ErrorCodes.INVALID_ASSERTION, message));
 				}
 			}
 			catch (Exception e) {
 				String message = String.format("Invalid assertion [%s] for SAML response [%s]: %s", assertion.getID(),
 						((Response) assertion.getParent()).getID(), e.getMessage());
-				validationExceptions.put(INVALID_ASSERTION, authException(INVALID_ASSERTION, message, e));
+				validationExceptions.put(Saml2ErrorCodes.INVALID_ASSERTION,
+						authException(Saml2ErrorCodes.INVALID_ASSERTION, message, e));
 			}
 		}
 
@@ -501,7 +495,7 @@ public final class OpenSamlAuthenticationProvider implements AuthenticationProvi
 			return nameId;
 		}
 		catch (DecryptionException e) {
-			throw authException(DECRYPTION_ERROR, e.getMessage(), e);
+			throw authException(Saml2ErrorCodes.DECRYPTION_ERROR, e.getMessage(), e);
 		}
 	}
 
@@ -606,11 +600,15 @@ public final class OpenSamlAuthenticationProvider implements AuthenticationProvi
 			String audience = tuple.authentication.getRelyingPartyRegistration().getEntityId();
 			String recipient = tuple.authentication.getRelyingPartyRegistration().getAssertionConsumerServiceLocation();
 			Map<String, Object> params = new HashMap<>();
-			params.put(CLOCK_SKEW, OpenSamlAuthenticationProvider.this.responseTimeValidationSkew.toMillis());
-			params.put(COND_VALID_AUDIENCES, singleton(audience));
-			params.put(SC_VALID_RECIPIENTS, singleton(recipient));
-			params.put(SIGNATURE_REQUIRED, false); // this verification is performed
-													// earlier
+			params.put(SAML2AssertionValidationParameters.CLOCK_SKEW,
+					OpenSamlAuthenticationProvider.this.responseTimeValidationSkew.toMillis());
+			params.put(SAML2AssertionValidationParameters.COND_VALID_AUDIENCES, Collections.singleton(audience));
+			params.put(SAML2AssertionValidationParameters.SC_VALID_RECIPIENTS, Collections.singleton(recipient));
+			params.put(SAML2AssertionValidationParameters.SIGNATURE_REQUIRED, false); // this
+																						// verification
+																						// is
+																						// performed
+			// earlier
 			return new ValidationContext(params);
 		}
 
@@ -649,7 +647,7 @@ public final class OpenSamlAuthenticationProvider implements AuthenticationProvi
 	private static class DecrypterConverter implements Converter<Saml2AuthenticationToken, Decrypter> {
 
 		private final EncryptedKeyResolver encryptedKeyResolver = new ChainingEncryptedKeyResolver(
-				asList(new InlineEncryptedKeyResolver(), new EncryptedElementTypeEncryptedKeyResolver(),
+				Arrays.asList(new InlineEncryptedKeyResolver(), new EncryptedElementTypeEncryptedKeyResolver(),
 						new SimpleRetrievalMethodEncryptedKeyResolver()));
 
 		@Override
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationRequestFactory.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationRequestFactory.java
index 9b23d8e37e..b92852e308 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationRequestFactory.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationRequestFactory.java
@@ -59,13 +59,9 @@ import org.springframework.security.saml2.provider.service.authentication.Saml2R
 import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
 import org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding;
 import org.springframework.util.Assert;
+import org.springframework.util.StringUtils;
 import org.springframework.web.util.UriUtils;
 
-import static java.nio.charset.StandardCharsets.UTF_8;
-import static org.springframework.security.saml2.provider.service.authentication.Saml2Utils.samlDeflate;
-import static org.springframework.security.saml2.provider.service.authentication.Saml2Utils.samlEncode;
-import static org.springframework.util.StringUtils.hasText;
-
 /**
  * @since 5.2
  */
@@ -130,7 +126,7 @@ public class OpenSamlAuthenticationRequestFactory implements Saml2Authentication
 				? serialize(sign(authnRequest, context.getRelyingPartyRegistration())) : serialize(authnRequest);
 
 		return Saml2PostAuthenticationRequest.withAuthenticationRequestContext(context)
-				.samlRequest(samlEncode(xml.getBytes(UTF_8))).build();
+				.samlRequest(Saml2Utils.samlEncode(xml.getBytes(StandardCharsets.UTF_8))).build();
 	}
 
 	/**
@@ -142,7 +138,7 @@ public class OpenSamlAuthenticationRequestFactory implements Saml2Authentication
 		AuthnRequest authnRequest = createAuthnRequest(context);
 		String xml = serialize(authnRequest);
 		Builder result = Saml2RedirectAuthenticationRequest.withAuthenticationRequestContext(context);
-		String deflatedAndEncoded = samlEncode(samlDeflate(xml));
+		String deflatedAndEncoded = Saml2Utils.samlEncode(Saml2Utils.samlDeflate(xml));
 		result.samlRequest(deflatedAndEncoded).relayState(context.getRelayState());
 
 		if (context.getRelyingPartyRegistration().getAssertingPartyDetails().getWantAuthnRequestsSigned()) {
@@ -264,7 +260,7 @@ public class OpenSamlAuthenticationRequestFactory implements Saml2Authentication
 		StringBuilder queryString = new StringBuilder();
 		queryString.append("SAMLRequest").append("=").append(UriUtils.encode(samlRequest, StandardCharsets.ISO_8859_1))
 				.append("&");
-		if (hasText(relayState)) {
+		if (StringUtils.hasText(relayState)) {
 			queryString.append("RelayState").append("=")
 					.append(UriUtils.encode(relayState, StandardCharsets.ISO_8859_1)).append("&");
 		}
@@ -277,7 +273,7 @@ public class OpenSamlAuthenticationRequestFactory implements Saml2Authentication
 
 			Map<String, String> result = new LinkedHashMap<>();
 			result.put("SAMLRequest", samlRequest);
-			if (hasText(relayState)) {
+			if (StringUtils.hasText(relayState)) {
 				result.put("RelayState", relayState);
 			}
 			result.put("SigAlg", algorithmUri);
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationRequestFactory.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationRequestFactory.java
index a57a113c0d..db2b13585b 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationRequestFactory.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationRequestFactory.java
@@ -22,10 +22,6 @@ import org.springframework.security.saml2.Saml2Exception;
 import org.springframework.security.saml2.core.Saml2X509Credential.Saml2X509CredentialType;
 import org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding;
 
-import static org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationRequest.withAuthenticationRequestContext;
-import static org.springframework.security.saml2.provider.service.authentication.Saml2Utils.samlDeflate;
-import static org.springframework.security.saml2.provider.service.authentication.Saml2Utils.samlEncode;
-
 /**
  * Component that generates AuthenticationRequest, <code>samlp:AuthnRequestType</code>
  * XML, and accompanying signature data. as defined by
@@ -81,9 +77,10 @@ public interface Saml2AuthenticationRequestFactory {
 	default Saml2RedirectAuthenticationRequest createRedirectAuthenticationRequest(
 			Saml2AuthenticationRequestContext context) {
 		// backwards compatible with 5.2.x settings
-		Saml2AuthenticationRequest.Builder resultBuilder = withAuthenticationRequestContext(context);
+		Saml2AuthenticationRequest.Builder resultBuilder = Saml2AuthenticationRequest
+				.withAuthenticationRequestContext(context);
 		String samlRequest = createAuthenticationRequest(resultBuilder.build());
-		samlRequest = samlEncode(samlDeflate(samlRequest));
+		samlRequest = Saml2Utils.samlEncode(Saml2Utils.samlDeflate(samlRequest));
 		return Saml2RedirectAuthenticationRequest.withAuthenticationRequestContext(context).samlRequest(samlRequest)
 				.build();
 	}
@@ -108,9 +105,10 @@ public interface Saml2AuthenticationRequestFactory {
 	 */
 	default Saml2PostAuthenticationRequest createPostAuthenticationRequest(Saml2AuthenticationRequestContext context) {
 		// backwards compatible with 5.2.x settings
-		Saml2AuthenticationRequest.Builder resultBuilder = withAuthenticationRequestContext(context);
+		Saml2AuthenticationRequest.Builder resultBuilder = Saml2AuthenticationRequest
+				.withAuthenticationRequestContext(context);
 		String samlRequest = createAuthenticationRequest(resultBuilder.build());
-		samlRequest = samlEncode(samlRequest.getBytes(StandardCharsets.UTF_8));
+		samlRequest = Saml2Utils.samlEncode(samlRequest.getBytes(StandardCharsets.UTF_8));
 		return Saml2PostAuthenticationRequest.withAuthenticationRequestContext(context).samlRequest(samlRequest)
 				.build();
 	}
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationToken.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationToken.java
index 22f042c328..8e32c57a7f 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationToken.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationToken.java
@@ -24,8 +24,6 @@ import org.springframework.security.saml2.credentials.Saml2X509Credential;
 import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
 import org.springframework.util.Assert;
 
-import static org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.withRegistrationId;
-
 /**
  * Represents an incoming SAML 2.0 response containing an assertion that has not been
  * validated. {@link Saml2AuthenticationToken#isAuthenticated()} will always return false.
@@ -78,8 +76,9 @@ public class Saml2AuthenticationToken extends AbstractAuthenticationToken {
 	public Saml2AuthenticationToken(String saml2Response, String recipientUri, String idpEntityId,
 			String localSpEntityId, List<Saml2X509Credential> credentials) {
 		super(null);
-		this.relyingPartyRegistration = withRegistrationId(idpEntityId).entityId(localSpEntityId)
-				.assertionConsumerServiceLocation(recipientUri).credentials(c -> c.addAll(credentials))
+		this.relyingPartyRegistration = RelyingPartyRegistration.withRegistrationId(idpEntityId)
+				.entityId(localSpEntityId).assertionConsumerServiceLocation(recipientUri)
+				.credentials(c -> c.addAll(credentials))
 				.assertingPartyDetails(
 						assertingParty -> assertingParty.entityId(idpEntityId).singleSignOnServiceLocation(idpEntityId))
 				.build();
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2PostAuthenticationRequest.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2PostAuthenticationRequest.java
index 99503faf40..bfaff2db48 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2PostAuthenticationRequest.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2PostAuthenticationRequest.java
@@ -18,8 +18,6 @@ package org.springframework.security.saml2.provider.service.authentication;
 
 import org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding;
 
-import static org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding.POST;
-
 /**
  * Data holder for information required to send an {@code AuthNRequest} over a POST
  * binding from the service provider to the identity provider
@@ -40,7 +38,7 @@ public class Saml2PostAuthenticationRequest extends AbstractSaml2AuthenticationR
 	 */
 	@Override
 	public Saml2MessageBinding getBinding() {
-		return POST;
+		return Saml2MessageBinding.POST;
 	}
 
 	/**
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2RedirectAuthenticationRequest.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2RedirectAuthenticationRequest.java
index c9d2909156..b74518a459 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2RedirectAuthenticationRequest.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2RedirectAuthenticationRequest.java
@@ -18,8 +18,6 @@ package org.springframework.security.saml2.provider.service.authentication;
 
 import org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding;
 
-import static org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding.REDIRECT;
-
 /**
  * Data holder for information required to send an {@code AuthNRequest} over a REDIRECT
  * binding from the service provider to the identity provider
@@ -63,7 +61,7 @@ public final class Saml2RedirectAuthenticationRequest extends AbstractSaml2Authe
 	 */
 	@Override
 	public Saml2MessageBinding getBinding() {
-		return REDIRECT;
+		return Saml2MessageBinding.REDIRECT;
 	}
 
 	/**
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2Utils.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2Utils.java
index 9bf270edeb..df0779d9ed 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2Utils.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2Utils.java
@@ -18,6 +18,7 @@ package org.springframework.security.saml2.provider.service.authentication;
 
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
+import java.nio.charset.StandardCharsets;
 import java.util.zip.Deflater;
 import java.util.zip.DeflaterOutputStream;
 import java.util.zip.Inflater;
@@ -27,9 +28,6 @@ import org.apache.commons.codec.binary.Base64;
 
 import org.springframework.security.saml2.Saml2Exception;
 
-import static java.nio.charset.StandardCharsets.UTF_8;
-import static java.util.zip.Deflater.DEFLATED;
-
 /**
  * @since 5.3
  */
@@ -48,8 +46,8 @@ final class Saml2Utils {
 	static byte[] samlDeflate(String s) {
 		try {
 			ByteArrayOutputStream b = new ByteArrayOutputStream();
-			DeflaterOutputStream deflater = new DeflaterOutputStream(b, new Deflater(DEFLATED, true));
-			deflater.write(s.getBytes(UTF_8));
+			DeflaterOutputStream deflater = new DeflaterOutputStream(b, new Deflater(Deflater.DEFLATED, true));
+			deflater.write(s.getBytes(StandardCharsets.UTF_8));
 			deflater.finish();
 			return b.toByteArray();
 		}
@@ -64,7 +62,7 @@ final class Saml2Utils {
 			InflaterOutputStream iout = new InflaterOutputStream(out, new Inflater(true));
 			iout.write(b);
 			iout.finish();
-			return new String(out.toByteArray(), UTF_8);
+			return new String(out.toByteArray(), StandardCharsets.UTF_8);
 		}
 		catch (IOException e) {
 			throw new Saml2Exception("Unable to inflate string", e);
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/metadata/OpenSamlMetadataResolver.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/metadata/OpenSamlMetadataResolver.java
index d30439d3ee..aa85c3bf82 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/metadata/OpenSamlMetadataResolver.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/metadata/OpenSamlMetadataResolver.java
@@ -26,6 +26,7 @@ import javax.xml.namespace.QName;
 
 import net.shibboleth.utilities.java.support.xml.SerializeSupport;
 import org.opensaml.core.xml.XMLObjectBuilder;
+import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
 import org.opensaml.saml.common.xml.SAMLConstants;
 import org.opensaml.saml.saml2.metadata.AssertionConsumerService;
 import org.opensaml.saml.saml2.metadata.EntityDescriptor;
@@ -44,9 +45,6 @@ import org.springframework.security.saml2.core.Saml2X509Credential;
 import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
 import org.springframework.util.Assert;
 
-import static org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport.getBuilderFactory;
-import static org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport.getMarshallerFactory;
-
 /**
  * Resolves the SAML 2.0 Relying Party Metadata for a given
  * {@link RelyingPartyRegistration} using the OpenSAML API.
@@ -64,8 +62,8 @@ public final class OpenSamlMetadataResolver implements Saml2MetadataResolver {
 	private final EntityDescriptorMarshaller entityDescriptorMarshaller;
 
 	public OpenSamlMetadataResolver() {
-		this.entityDescriptorMarshaller = (EntityDescriptorMarshaller) getMarshallerFactory()
-				.getMarshaller(EntityDescriptor.DEFAULT_ELEMENT_NAME);
+		this.entityDescriptorMarshaller = (EntityDescriptorMarshaller) XMLObjectProviderRegistrySupport
+				.getMarshallerFactory().getMarshaller(EntityDescriptor.DEFAULT_ELEMENT_NAME);
 		Assert.notNull(this.entityDescriptorMarshaller, "entityDescriptorMarshaller cannot be null");
 	}
 
@@ -135,7 +133,7 @@ public final class OpenSamlMetadataResolver implements Saml2MetadataResolver {
 
 	@SuppressWarnings("unchecked")
 	private <T> T build(QName elementName) {
-		XMLObjectBuilder<?> builder = getBuilderFactory().getBuilder(elementName);
+		XMLObjectBuilder<?> builder = XMLObjectProviderRegistrySupport.getBuilderFactory().getBuilder(elementName);
 		if (builder == null) {
 			throw new Saml2Exception("Unable to resolve Builder for " + elementName);
 		}
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/InMemoryRelyingPartyRegistrationRepository.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/InMemoryRelyingPartyRegistrationRepository.java
index e8b199652a..495c86123b 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/InMemoryRelyingPartyRegistrationRepository.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/InMemoryRelyingPartyRegistrationRepository.java
@@ -16,6 +16,7 @@
 
 package org.springframework.security.saml2.provider.service.registration;
 
+import java.util.Arrays;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.Iterator;
@@ -24,10 +25,6 @@ import java.util.Map;
 
 import org.springframework.util.Assert;
 
-import static java.util.Arrays.asList;
-import static org.springframework.util.Assert.notEmpty;
-import static org.springframework.util.Assert.notNull;
-
 /**
  * @since 5.2
  */
@@ -37,11 +34,11 @@ public class InMemoryRelyingPartyRegistrationRepository
 	private final Map<String, RelyingPartyRegistration> byRegistrationId;
 
 	public InMemoryRelyingPartyRegistrationRepository(RelyingPartyRegistration... registrations) {
-		this(asList(registrations));
+		this(Arrays.asList(registrations));
 	}
 
 	public InMemoryRelyingPartyRegistrationRepository(Collection<RelyingPartyRegistration> registrations) {
-		notEmpty(registrations, "registrations cannot be empty");
+		Assert.notEmpty(registrations, "registrations cannot be empty");
 		this.byRegistrationId = createMappingToIdentityProvider(registrations);
 	}
 
@@ -49,9 +46,9 @@ public class InMemoryRelyingPartyRegistrationRepository
 			Collection<RelyingPartyRegistration> rps) {
 		LinkedHashMap<String, RelyingPartyRegistration> result = new LinkedHashMap<>();
 		for (RelyingPartyRegistration rp : rps) {
-			notNull(rp, "relying party collection cannot contain null values");
+			Assert.notNull(rp, "relying party collection cannot contain null values");
 			String key = rp.getRegistrationId();
-			notNull(rp, "relying party identifier cannot be null");
+			Assert.notNull(rp, "relying party identifier cannot be null");
 			Assert.isNull(result.get(key), () -> "relying party duplicate identifier '" + key + "' detected.");
 			result.put(key, rp);
 		}
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverter.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverter.java
index c62e7bbb50..c7919aec63 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverter.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverter.java
@@ -27,6 +27,7 @@ import java.util.List;
 import net.shibboleth.utilities.java.support.xml.ParserPool;
 import org.opensaml.core.config.ConfigurationService;
 import org.opensaml.core.xml.config.XMLObjectProviderRegistry;
+import org.opensaml.saml.common.xml.SAMLConstants;
 import org.opensaml.saml.saml2.metadata.EntityDescriptor;
 import org.opensaml.saml.saml2.metadata.IDPSSODescriptor;
 import org.opensaml.saml.saml2.metadata.KeyDescriptor;
@@ -47,12 +48,6 @@ import org.springframework.security.saml2.Saml2Exception;
 import org.springframework.security.saml2.core.OpenSamlInitializationService;
 import org.springframework.security.saml2.core.Saml2X509Credential;
 
-import static java.lang.Boolean.TRUE;
-import static org.opensaml.saml.common.xml.SAMLConstants.SAML20P_NS;
-import static org.springframework.security.saml2.core.Saml2X509Credential.encryption;
-import static org.springframework.security.saml2.core.Saml2X509Credential.verification;
-import static org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.withRegistrationId;
-
 /**
  * An {@link HttpMessageConverter} that takes an {@code IDPSSODescriptor} in an HTTP
  * response and converts it into a {@link RelyingPartyRegistration.Builder}.
@@ -133,7 +128,7 @@ public class OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverter
 			HttpInputMessage inputMessage) throws IOException, HttpMessageNotReadableException {
 
 		EntityDescriptor descriptor = entityDescriptor(inputMessage.getBody());
-		IDPSSODescriptor idpssoDescriptor = descriptor.getIDPSSODescriptor(SAML20P_NS);
+		IDPSSODescriptor idpssoDescriptor = descriptor.getIDPSSODescriptor(SAMLConstants.SAML20P_NS);
 		if (idpssoDescriptor == null) {
 			throw new Saml2Exception("Metadata response is missing the necessary IDPSSODescriptor element");
 		}
@@ -143,20 +138,20 @@ public class OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverter
 			if (keyDescriptor.getUse().equals(UsageType.SIGNING)) {
 				List<X509Certificate> certificates = certificates(keyDescriptor);
 				for (X509Certificate certificate : certificates) {
-					verification.add(verification(certificate));
+					verification.add(Saml2X509Credential.verification(certificate));
 				}
 			}
 			if (keyDescriptor.getUse().equals(UsageType.ENCRYPTION)) {
 				List<X509Certificate> certificates = certificates(keyDescriptor);
 				for (X509Certificate certificate : certificates) {
-					encryption.add(encryption(certificate));
+					encryption.add(Saml2X509Credential.encryption(certificate));
 				}
 			}
 			if (keyDescriptor.getUse().equals(UsageType.UNSPECIFIED)) {
 				List<X509Certificate> certificates = certificates(keyDescriptor);
 				for (X509Certificate certificate : certificates) {
-					verification.add(verification(certificate));
-					encryption.add(encryption(certificate));
+					verification.add(Saml2X509Credential.verification(certificate));
+					encryption.add(Saml2X509Credential.encryption(certificate));
 				}
 			}
 		}
@@ -164,9 +159,9 @@ public class OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverter
 			throw new Saml2Exception(
 					"Metadata response is missing verification certificates, necessary for verifying SAML assertions");
 		}
-		RelyingPartyRegistration.Builder builder = withRegistrationId(descriptor.getEntityID())
+		RelyingPartyRegistration.Builder builder = RelyingPartyRegistration.withRegistrationId(descriptor.getEntityID())
 				.assertingPartyDetails(party -> party.entityId(descriptor.getEntityID())
-						.wantAuthnRequestsSigned(TRUE.equals(idpssoDescriptor.getWantAuthnRequestsSigned()))
+						.wantAuthnRequestsSigned(Boolean.TRUE.equals(idpssoDescriptor.getWantAuthnRequestsSigned()))
 						.verificationX509Credentials(c -> c.addAll(verification))
 						.encryptionX509Credentials(c -> c.addAll(encryption)));
 		for (SingleSignOnService singleSignOnService : idpssoDescriptor.getSingleSignOnServices()) {
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2ServletUtils.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2ServletUtils.java
new file mode 100644
index 0000000000..5b58d68fec
--- /dev/null
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2ServletUtils.java
@@ -0,0 +1,74 @@
+/*
+ * Copyright 2002-2020 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.security.saml2.provider.service.servlet.filter;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
+import org.springframework.security.web.util.UrlUtils;
+import org.springframework.util.StringUtils;
+import org.springframework.web.util.UriComponents;
+import org.springframework.web.util.UriComponentsBuilder;
+
+/**
+ * @since 5.3
+ */
+final class Saml2ServletUtils {
+
+	private static final char PATH_DELIMITER = '/';
+
+	static String resolveUrlTemplate(String template, String baseUrl, RelyingPartyRegistration relyingParty) {
+		if (!StringUtils.hasText(template)) {
+			return baseUrl;
+		}
+
+		String entityId = relyingParty.getAssertingPartyDetails().getEntityId();
+		String registrationId = relyingParty.getRegistrationId();
+		Map<String, String> uriVariables = new HashMap<>();
+		UriComponents uriComponents = UriComponentsBuilder.fromHttpUrl(baseUrl).replaceQuery(null).fragment(null)
+				.build();
+		String scheme = uriComponents.getScheme();
+		uriVariables.put("baseScheme", scheme == null ? "" : scheme);
+		String host = uriComponents.getHost();
+		uriVariables.put("baseHost", host == null ? "" : host);
+		// following logic is based on HierarchicalUriComponents#toUriString()
+		int port = uriComponents.getPort();
+		uriVariables.put("basePort", port == -1 ? "" : ":" + port);
+		String path = uriComponents.getPath();
+		if (StringUtils.hasLength(path)) {
+			if (path.charAt(0) != PATH_DELIMITER) {
+				path = PATH_DELIMITER + path;
+			}
+		}
+		uriVariables.put("basePath", path == null ? "" : path);
+		uriVariables.put("baseUrl", uriComponents.toUriString());
+		uriVariables.put("entityId", StringUtils.hasText(entityId) ? entityId : "");
+		uriVariables.put("registrationId", StringUtils.hasText(registrationId) ? registrationId : "");
+
+		return UriComponentsBuilder.fromUriString(template).buildAndExpand(uriVariables).toUriString();
+	}
+
+	static String getApplicationUri(HttpServletRequest request) {
+		UriComponents uriComponents = UriComponentsBuilder.fromHttpUrl(UrlUtils.buildFullRequestUrl(request))
+				.replacePath(request.getContextPath()).replaceQuery(null).fragment(null).build();
+		return uriComponents.toUriString();
+	}
+
+}
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationFilter.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationFilter.java
index afea906f24..2c2f833c83 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationFilter.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationFilter.java
@@ -22,6 +22,7 @@ import javax.servlet.http.HttpServletResponse;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.saml2.core.Saml2Error;
+import org.springframework.security.saml2.core.Saml2ErrorCodes;
 import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationException;
 import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository;
 import org.springframework.security.saml2.provider.service.web.DefaultRelyingPartyRegistrationResolver;
@@ -30,9 +31,7 @@ import org.springframework.security.web.authentication.AbstractAuthenticationPro
 import org.springframework.security.web.authentication.AuthenticationConverter;
 import org.springframework.security.web.authentication.session.ChangeSessionIdAuthenticationStrategy;
 import org.springframework.util.Assert;
-
-import static org.springframework.security.saml2.core.Saml2ErrorCodes.RELYING_PARTY_REGISTRATION_NOT_FOUND;
-import static org.springframework.util.StringUtils.hasText;
+import org.springframework.util.StringUtils;
 
 /**
  * @since 5.2
@@ -88,7 +87,8 @@ public class Saml2WebSsoAuthenticationFilter extends AbstractAuthenticationProce
 
 	@Override
 	protected boolean requiresAuthentication(HttpServletRequest request, HttpServletResponse response) {
-		return (super.requiresAuthentication(request, response) && hasText(request.getParameter("SAMLResponse")));
+		return (super.requiresAuthentication(request, response)
+				&& StringUtils.hasText(request.getParameter("SAMLResponse")));
 	}
 
 	@Override
@@ -96,7 +96,7 @@ public class Saml2WebSsoAuthenticationFilter extends AbstractAuthenticationProce
 			throws AuthenticationException {
 		Authentication authentication = this.authenticationConverter.convert(request);
 		if (authentication == null) {
-			Saml2Error saml2Error = new Saml2Error(RELYING_PARTY_REGISTRATION_NOT_FOUND,
+			Saml2Error saml2Error = new Saml2Error(Saml2ErrorCodes.RELYING_PARTY_REGISTRATION_NOT_FOUND,
 					"No relying party registration found");
 			throw new Saml2AuthenticationException(saml2Error);
 		}
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationRequestFilter.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationRequestFilter.java
index 96e5d072a9..14b4e1396b 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationRequestFilter.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationRequestFilter.java
@@ -17,6 +17,7 @@
 package org.springframework.security.saml2.provider.service.servlet.filter;
 
 import java.io.IOException;
+import java.nio.charset.StandardCharsets;
 
 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
@@ -44,8 +45,6 @@ import org.springframework.web.util.HtmlUtils;
 import org.springframework.web.util.UriComponentsBuilder;
 import org.springframework.web.util.UriUtils;
 
-import static java.nio.charset.StandardCharsets.ISO_8859_1;
-
 /**
  * This {@code Filter} formulates a
  * <a href="https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf">SAML 2.0
@@ -176,7 +175,8 @@ public class Saml2WebSsoAuthenticationRequestFilter extends OncePerRequestFilter
 	private void addParameter(String name, String value, UriComponentsBuilder builder) {
 		Assert.hasText(name, "name cannot be empty or null");
 		if (StringUtils.hasText(value)) {
-			builder.queryParam(UriUtils.encode(name, ISO_8859_1), UriUtils.encode(value, ISO_8859_1));
+			builder.queryParam(UriUtils.encode(name, StandardCharsets.ISO_8859_1),
+					UriUtils.encode(value, StandardCharsets.ISO_8859_1));
 		}
 	}
 
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/DefaultRelyingPartyRegistrationResolver.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/DefaultRelyingPartyRegistrationResolver.java
index e1b770f1cd..d5fa8df8b5 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/DefaultRelyingPartyRegistrationResolver.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/DefaultRelyingPartyRegistrationResolver.java
@@ -25,6 +25,7 @@ import javax.servlet.http.HttpServletRequest;
 import org.springframework.core.convert.converter.Converter;
 import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
 import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository;
+import org.springframework.security.web.util.UrlUtils;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 import org.springframework.security.web.util.matcher.RequestMatcher;
 import org.springframework.util.Assert;
@@ -32,10 +33,6 @@ import org.springframework.util.StringUtils;
 import org.springframework.web.util.UriComponents;
 import org.springframework.web.util.UriComponentsBuilder;
 
-import static org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.withRelyingPartyRegistration;
-import static org.springframework.security.web.util.UrlUtils.buildFullRequestUrl;
-import static org.springframework.web.util.UriComponentsBuilder.fromHttpUrl;
-
 /**
  * A {@link Converter} that resolves a {@link RelyingPartyRegistration} by extracting the
  * registration id from the request, querying a
@@ -77,8 +74,9 @@ public final class DefaultRelyingPartyRegistrationResolver
 		String relyingPartyEntityId = templateResolver.apply(relyingPartyRegistration.getEntityId());
 		String assertionConsumerServiceLocation = templateResolver
 				.apply(relyingPartyRegistration.getAssertionConsumerServiceLocation());
-		return withRelyingPartyRegistration(relyingPartyRegistration).entityId(relyingPartyEntityId)
-				.assertionConsumerServiceLocation(assertionConsumerServiceLocation).build();
+		return RelyingPartyRegistration.withRelyingPartyRegistration(relyingPartyRegistration)
+				.entityId(relyingPartyEntityId).assertionConsumerServiceLocation(assertionConsumerServiceLocation)
+				.build();
 	}
 
 	private Function<String, String> templateResolver(String applicationUri, RelyingPartyRegistration relyingParty) {
@@ -111,8 +109,8 @@ public final class DefaultRelyingPartyRegistrationResolver
 	}
 
 	private static String getApplicationUri(HttpServletRequest request) {
-		UriComponents uriComponents = fromHttpUrl(buildFullRequestUrl(request)).replacePath(request.getContextPath())
-				.replaceQuery(null).fragment(null).build();
+		UriComponents uriComponents = UriComponentsBuilder.fromHttpUrl(UrlUtils.buildFullRequestUrl(request))
+				.replacePath(request.getContextPath()).replaceQuery(null).fragment(null).build();
 		return uriComponents.toUriString();
 	}
 
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationTokenConverter.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationTokenConverter.java
index 5e6e1d7816..5c13e0e61e 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationTokenConverter.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationTokenConverter.java
@@ -18,6 +18,7 @@ package org.springframework.security.saml2.provider.service.web;
 
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
+import java.nio.charset.StandardCharsets;
 import java.util.zip.Inflater;
 import java.util.zip.InflaterOutputStream;
 
@@ -33,8 +34,6 @@ import org.springframework.security.saml2.provider.service.registration.RelyingP
 import org.springframework.security.web.authentication.AuthenticationConverter;
 import org.springframework.util.Assert;
 
-import static java.nio.charset.StandardCharsets.UTF_8;
-
 /**
  * An {@link AuthenticationConverter} that generates a {@link Saml2AuthenticationToken}
  * appropriate for authenticated a SAML 2.0 Assertion against an
@@ -84,7 +83,7 @@ public final class Saml2AuthenticationTokenConverter implements AuthenticationCo
 			return samlInflate(b);
 		}
 		else {
-			return new String(b, UTF_8);
+			return new String(b, StandardCharsets.UTF_8);
 		}
 	}
 
@@ -98,7 +97,7 @@ public final class Saml2AuthenticationTokenConverter implements AuthenticationCo
 			InflaterOutputStream iout = new InflaterOutputStream(out, new Inflater(true));
 			iout.write(b);
 			iout.finish();
-			return new String(out.toByteArray(), UTF_8);
+			return new String(out.toByteArray(), StandardCharsets.UTF_8);
 		}
 		catch (IOException e) {
 			throw new Saml2Exception("Unable to inflate string", e);
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/core/Saml2Utils.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/core/Saml2Utils.java
index 7e0c1773ad..fd412e4183 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/core/Saml2Utils.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/core/Saml2Utils.java
@@ -18,6 +18,7 @@ package org.springframework.security.saml2.core;
 
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
+import java.nio.charset.StandardCharsets;
 import java.util.zip.Deflater;
 import java.util.zip.DeflaterOutputStream;
 import java.util.zip.Inflater;
@@ -27,9 +28,6 @@ import org.apache.commons.codec.binary.Base64;
 
 import org.springframework.security.saml2.Saml2Exception;
 
-import static java.nio.charset.StandardCharsets.UTF_8;
-import static java.util.zip.Deflater.DEFLATED;
-
 public final class Saml2Utils {
 
 	private static Base64 BASE64 = new Base64(0, new byte[] { '\n' });
@@ -45,8 +43,8 @@ public final class Saml2Utils {
 	public static byte[] samlDeflate(String s) {
 		try {
 			ByteArrayOutputStream b = new ByteArrayOutputStream();
-			DeflaterOutputStream deflater = new DeflaterOutputStream(b, new Deflater(DEFLATED, true));
-			deflater.write(s.getBytes(UTF_8));
+			DeflaterOutputStream deflater = new DeflaterOutputStream(b, new Deflater(Deflater.DEFLATED, true));
+			deflater.write(s.getBytes(StandardCharsets.UTF_8));
 			deflater.finish();
 			return b.toByteArray();
 		}
@@ -61,7 +59,7 @@ public final class Saml2Utils {
 			InflaterOutputStream iout = new InflaterOutputStream(out, new Inflater(true));
 			iout.write(b);
 			iout.finish();
-			return new String(out.toByteArray(), UTF_8);
+			return new String(out.toByteArray(), StandardCharsets.UTF_8);
 		}
 		catch (IOException e) {
 			throw new Saml2Exception("Unable to inflate string", e);
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/core/Saml2X509CredentialTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/core/Saml2X509CredentialTests.java
index feb48316bc..5f41ee0e08 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/core/Saml2X509CredentialTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/core/Saml2X509CredentialTests.java
@@ -17,6 +17,7 @@
 package org.springframework.security.saml2.core;
 
 import java.io.ByteArrayInputStream;
+import java.nio.charset.StandardCharsets;
 import java.security.PrivateKey;
 import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
@@ -27,12 +28,7 @@ import org.junit.Test;
 import org.junit.rules.ExpectedException;
 
 import org.springframework.security.converter.RsaKeyConverters;
-
-import static java.nio.charset.StandardCharsets.UTF_8;
-import static org.springframework.security.saml2.core.Saml2X509Credential.Saml2X509CredentialType.DECRYPTION;
-import static org.springframework.security.saml2.core.Saml2X509Credential.Saml2X509CredentialType.ENCRYPTION;
-import static org.springframework.security.saml2.core.Saml2X509Credential.Saml2X509CredentialType.SIGNING;
-import static org.springframework.security.saml2.core.Saml2X509Credential.Saml2X509CredentialType.VERIFICATION;
+import org.springframework.security.saml2.core.Saml2X509Credential.Saml2X509CredentialType;
 
 public class Saml2X509CredentialTests {
 
@@ -60,7 +56,7 @@ public class Saml2X509CredentialTests {
 				+ "YX/sDTE2AdVBVGaMj1Cb51bPHnNC6Q5kXKQnj/YrLqRQND09Q7ParX0CQQC5NxZr\n"
 				+ "9jKqhHj8yQD6PlXTsY4Occ7DH6/IoDenfdEVD5qlet0zmd50HatN2Jiqm5ubN7CM\n" + "INrtuLp4YHbgk1mi\n"
 				+ "-----END PRIVATE KEY-----";
-		this.key = RsaKeyConverters.pkcs8().convert(new ByteArrayInputStream(keyData.getBytes(UTF_8)));
+		this.key = RsaKeyConverters.pkcs8().convert(new ByteArrayInputStream(keyData.getBytes(StandardCharsets.UTF_8)));
 		final CertificateFactory factory = CertificateFactory.getInstance("X.509");
 		String certificateData = "-----BEGIN CERTIFICATE-----\n"
 				+ "MIICgTCCAeoCCQCuVzyqFgMSyDANBgkqhkiG9w0BAQsFADCBhDELMAkGA1UEBhMC\n"
@@ -78,23 +74,25 @@ public class Saml2X509CredentialTests {
 				+ "qK7UFgP1bRl5qksrYX5S0z2iGJh0GvonLUt3e20Ssfl5tTEDDnAEUMLfBkyaxEHD\n"
 				+ "RZ/nbTJ7VTeZOSyRoVn5XHhpuJ0B\n" + "-----END CERTIFICATE-----";
 		this.certificate = (X509Certificate) factory
-				.generateCertificate(new ByteArrayInputStream(certificateData.getBytes(UTF_8)));
+				.generateCertificate(new ByteArrayInputStream(certificateData.getBytes(StandardCharsets.UTF_8)));
 	}
 
 	@Test
 	public void constructorWhenRelyingPartyWithCredentialsThenItSucceeds() {
-		new Saml2X509Credential(this.key, this.certificate, SIGNING);
-		new Saml2X509Credential(this.key, this.certificate, SIGNING, DECRYPTION);
-		new Saml2X509Credential(this.key, this.certificate, DECRYPTION);
+		new Saml2X509Credential(this.key, this.certificate, Saml2X509CredentialType.SIGNING);
+		new Saml2X509Credential(this.key, this.certificate, Saml2X509CredentialType.SIGNING,
+				Saml2X509CredentialType.DECRYPTION);
+		new Saml2X509Credential(this.key, this.certificate, Saml2X509CredentialType.DECRYPTION);
 		Saml2X509Credential.signing(this.key, this.certificate);
 		Saml2X509Credential.decryption(this.key, this.certificate);
 	}
 
 	@Test
 	public void constructorWhenAssertingPartyWithCredentialsThenItSucceeds() {
-		new Saml2X509Credential(this.certificate, VERIFICATION);
-		new Saml2X509Credential(this.certificate, VERIFICATION, ENCRYPTION);
-		new Saml2X509Credential(this.certificate, ENCRYPTION);
+		new Saml2X509Credential(this.certificate, Saml2X509CredentialType.VERIFICATION);
+		new Saml2X509Credential(this.certificate, Saml2X509CredentialType.VERIFICATION,
+				Saml2X509CredentialType.ENCRYPTION);
+		new Saml2X509Credential(this.certificate, Saml2X509CredentialType.ENCRYPTION);
 		Saml2X509Credential.verification(this.certificate);
 		Saml2X509Credential.encryption(this.certificate);
 	}
@@ -102,49 +100,49 @@ public class Saml2X509CredentialTests {
 	@Test
 	public void constructorWhenRelyingPartyWithoutCredentialsThenItFails() {
 		this.exception.expect(IllegalArgumentException.class);
-		new Saml2X509Credential(null, (X509Certificate) null, SIGNING);
+		new Saml2X509Credential(null, (X509Certificate) null, Saml2X509CredentialType.SIGNING);
 	}
 
 	@Test
 	public void constructorWhenRelyingPartyWithoutPrivateKeyThenItFails() {
 		this.exception.expect(IllegalArgumentException.class);
-		new Saml2X509Credential(null, this.certificate, SIGNING);
+		new Saml2X509Credential(null, this.certificate, Saml2X509CredentialType.SIGNING);
 	}
 
 	@Test
 	public void constructorWhenRelyingPartyWithoutCertificateThenItFails() {
 		this.exception.expect(IllegalArgumentException.class);
-		new Saml2X509Credential(this.key, null, SIGNING);
+		new Saml2X509Credential(this.key, null, Saml2X509CredentialType.SIGNING);
 	}
 
 	@Test
 	public void constructorWhenAssertingPartyWithoutCertificateThenItFails() {
 		this.exception.expect(IllegalArgumentException.class);
-		new Saml2X509Credential(null, SIGNING);
+		new Saml2X509Credential(null, Saml2X509CredentialType.SIGNING);
 	}
 
 	@Test
 	public void constructorWhenRelyingPartyWithEncryptionUsageThenItFails() {
 		this.exception.expect(IllegalStateException.class);
-		new Saml2X509Credential(this.key, this.certificate, ENCRYPTION);
+		new Saml2X509Credential(this.key, this.certificate, Saml2X509CredentialType.ENCRYPTION);
 	}
 
 	@Test
 	public void constructorWhenRelyingPartyWithVerificationUsageThenItFails() {
 		this.exception.expect(IllegalStateException.class);
-		new Saml2X509Credential(this.key, this.certificate, VERIFICATION);
+		new Saml2X509Credential(this.key, this.certificate, Saml2X509CredentialType.VERIFICATION);
 	}
 
 	@Test
 	public void constructorWhenAssertingPartyWithSigningUsageThenItFails() {
 		this.exception.expect(IllegalStateException.class);
-		new Saml2X509Credential(this.certificate, SIGNING);
+		new Saml2X509Credential(this.certificate, Saml2X509CredentialType.SIGNING);
 	}
 
 	@Test
 	public void constructorWhenAssertingPartyWithDecryptionUsageThenItFails() {
 		this.exception.expect(IllegalStateException.class);
-		new Saml2X509Credential(this.certificate, DECRYPTION);
+		new Saml2X509Credential(this.certificate, Saml2X509CredentialType.DECRYPTION);
 	}
 
 	@Test
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/core/TestSaml2X509Credentials.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/core/TestSaml2X509Credentials.java
index 2df52901cd..b6b67df762 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/core/TestSaml2X509Credentials.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/core/TestSaml2X509Credentials.java
@@ -17,6 +17,7 @@
 package org.springframework.security.saml2.core;
 
 import java.io.ByteArrayInputStream;
+import java.nio.charset.StandardCharsets;
 import java.security.KeyException;
 import java.security.PrivateKey;
 import java.security.cert.CertificateException;
@@ -26,37 +27,33 @@ import java.security.cert.X509Certificate;
 import org.opensaml.security.crypto.KeySupport;
 
 import org.springframework.security.saml2.Saml2Exception;
-
-import static java.nio.charset.StandardCharsets.UTF_8;
-import static org.springframework.security.saml2.core.Saml2X509Credential.Saml2X509CredentialType.DECRYPTION;
-import static org.springframework.security.saml2.core.Saml2X509Credential.Saml2X509CredentialType.ENCRYPTION;
-import static org.springframework.security.saml2.core.Saml2X509Credential.Saml2X509CredentialType.SIGNING;
-import static org.springframework.security.saml2.core.Saml2X509Credential.Saml2X509CredentialType.VERIFICATION;
+import org.springframework.security.saml2.core.Saml2X509Credential.Saml2X509CredentialType;
 
 public final class TestSaml2X509Credentials {
 
 	public static Saml2X509Credential assertingPartySigningCredential() {
-		return new Saml2X509Credential(idpPrivateKey(), idpCertificate(), SIGNING);
+		return new Saml2X509Credential(idpPrivateKey(), idpCertificate(), Saml2X509CredentialType.SIGNING);
 	}
 
 	public static Saml2X509Credential assertingPartyEncryptingCredential() {
-		return new Saml2X509Credential(spCertificate(), ENCRYPTION);
+		return new Saml2X509Credential(spCertificate(), Saml2X509CredentialType.ENCRYPTION);
 	}
 
 	public static Saml2X509Credential assertingPartyPrivateCredential() {
-		return new Saml2X509Credential(idpPrivateKey(), idpCertificate(), SIGNING, DECRYPTION);
+		return new Saml2X509Credential(idpPrivateKey(), idpCertificate(), Saml2X509CredentialType.SIGNING,
+				Saml2X509CredentialType.DECRYPTION);
 	}
 
 	public static Saml2X509Credential relyingPartyVerifyingCredential() {
-		return new Saml2X509Credential(idpCertificate(), VERIFICATION);
+		return new Saml2X509Credential(idpCertificate(), Saml2X509CredentialType.VERIFICATION);
 	}
 
 	public static Saml2X509Credential relyingPartySigningCredential() {
-		return new Saml2X509Credential(spPrivateKey(), spCertificate(), SIGNING);
+		return new Saml2X509Credential(spPrivateKey(), spCertificate(), Saml2X509CredentialType.SIGNING);
 	}
 
 	public static Saml2X509Credential relyingPartyDecryptingCredential() {
-		return new Saml2X509Credential(spPrivateKey(), spCertificate(), DECRYPTION);
+		return new Saml2X509Credential(spPrivateKey(), spCertificate(), Saml2X509CredentialType.DECRYPTION);
 	}
 
 	private static X509Certificate certificate(String cert) {
@@ -71,7 +68,7 @@ public final class TestSaml2X509Credentials {
 
 	private static PrivateKey privateKey(String key) {
 		try {
-			return KeySupport.decodePrivateKey(key.getBytes(UTF_8), new char[0]);
+			return KeySupport.decodePrivateKey(key.getBytes(StandardCharsets.UTF_8), new char[0]);
 		}
 		catch (KeyException e) {
 			throw new Saml2Exception(e);
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/credentials/Saml2X509CredentialTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/credentials/Saml2X509CredentialTests.java
index 7742ae3f40..dd9d9ba715 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/credentials/Saml2X509CredentialTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/credentials/Saml2X509CredentialTests.java
@@ -17,6 +17,7 @@
 package org.springframework.security.saml2.credentials;
 
 import java.io.ByteArrayInputStream;
+import java.nio.charset.StandardCharsets;
 import java.security.PrivateKey;
 import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
@@ -27,12 +28,7 @@ import org.junit.Test;
 import org.junit.rules.ExpectedException;
 
 import org.springframework.security.converter.RsaKeyConverters;
-
-import static java.nio.charset.StandardCharsets.UTF_8;
-import static org.springframework.security.saml2.credentials.Saml2X509Credential.Saml2X509CredentialType.DECRYPTION;
-import static org.springframework.security.saml2.credentials.Saml2X509Credential.Saml2X509CredentialType.ENCRYPTION;
-import static org.springframework.security.saml2.credentials.Saml2X509Credential.Saml2X509CredentialType.SIGNING;
-import static org.springframework.security.saml2.credentials.Saml2X509Credential.Saml2X509CredentialType.VERIFICATION;
+import org.springframework.security.saml2.credentials.Saml2X509Credential.Saml2X509CredentialType;
 
 public class Saml2X509CredentialTests {
 
@@ -62,7 +58,7 @@ public class Saml2X509CredentialTests {
 				+ "YX/sDTE2AdVBVGaMj1Cb51bPHnNC6Q5kXKQnj/YrLqRQND09Q7ParX0CQQC5NxZr\n"
 				+ "9jKqhHj8yQD6PlXTsY4Occ7DH6/IoDenfdEVD5qlet0zmd50HatN2Jiqm5ubN7CM\n" + "INrtuLp4YHbgk1mi\n"
 				+ "-----END PRIVATE KEY-----";
-		this.key = RsaKeyConverters.pkcs8().convert(new ByteArrayInputStream(keyData.getBytes(UTF_8)));
+		this.key = RsaKeyConverters.pkcs8().convert(new ByteArrayInputStream(keyData.getBytes(StandardCharsets.UTF_8)));
 		final CertificateFactory factory = CertificateFactory.getInstance("X.509");
 		String certificateData = "-----BEGIN CERTIFICATE-----\n"
 				+ "MIICgTCCAeoCCQCuVzyqFgMSyDANBgkqhkiG9w0BAQsFADCBhDELMAkGA1UEBhMC\n"
@@ -80,69 +76,71 @@ public class Saml2X509CredentialTests {
 				+ "qK7UFgP1bRl5qksrYX5S0z2iGJh0GvonLUt3e20Ssfl5tTEDDnAEUMLfBkyaxEHD\n"
 				+ "RZ/nbTJ7VTeZOSyRoVn5XHhpuJ0B\n" + "-----END CERTIFICATE-----";
 		this.certificate = (X509Certificate) factory
-				.generateCertificate(new ByteArrayInputStream(certificateData.getBytes(UTF_8)));
+				.generateCertificate(new ByteArrayInputStream(certificateData.getBytes(StandardCharsets.UTF_8)));
 	}
 
 	@Test
 	public void constructorWhenRelyingPartyWithCredentialsThenItSucceeds() {
-		new Saml2X509Credential(this.key, this.certificate, SIGNING);
-		new Saml2X509Credential(this.key, this.certificate, SIGNING, DECRYPTION);
-		new Saml2X509Credential(this.key, this.certificate, DECRYPTION);
+		new Saml2X509Credential(this.key, this.certificate, Saml2X509CredentialType.SIGNING);
+		new Saml2X509Credential(this.key, this.certificate, Saml2X509CredentialType.SIGNING,
+				Saml2X509CredentialType.DECRYPTION);
+		new Saml2X509Credential(this.key, this.certificate, Saml2X509CredentialType.DECRYPTION);
 	}
 
 	@Test
 	public void constructorWhenAssertingPartyWithCredentialsThenItSucceeds() {
-		new Saml2X509Credential(this.certificate, VERIFICATION);
-		new Saml2X509Credential(this.certificate, VERIFICATION, ENCRYPTION);
-		new Saml2X509Credential(this.certificate, ENCRYPTION);
+		new Saml2X509Credential(this.certificate, Saml2X509CredentialType.VERIFICATION);
+		new Saml2X509Credential(this.certificate, Saml2X509CredentialType.VERIFICATION,
+				Saml2X509CredentialType.ENCRYPTION);
+		new Saml2X509Credential(this.certificate, Saml2X509CredentialType.ENCRYPTION);
 	}
 
 	@Test
 	public void constructorWhenRelyingPartyWithoutCredentialsThenItFails() {
 		this.exception.expect(IllegalArgumentException.class);
-		new Saml2X509Credential(null, (X509Certificate) null, SIGNING);
+		new Saml2X509Credential(null, (X509Certificate) null, Saml2X509CredentialType.SIGNING);
 	}
 
 	@Test
 	public void constructorWhenRelyingPartyWithoutPrivateKeyThenItFails() {
 		this.exception.expect(IllegalArgumentException.class);
-		new Saml2X509Credential(null, this.certificate, SIGNING);
+		new Saml2X509Credential(null, this.certificate, Saml2X509CredentialType.SIGNING);
 	}
 
 	@Test
 	public void constructorWhenRelyingPartyWithoutCertificateThenItFails() {
 		this.exception.expect(IllegalArgumentException.class);
-		new Saml2X509Credential(this.key, null, SIGNING);
+		new Saml2X509Credential(this.key, null, Saml2X509CredentialType.SIGNING);
 	}
 
 	@Test
 	public void constructorWhenAssertingPartyWithoutCertificateThenItFails() {
 		this.exception.expect(IllegalArgumentException.class);
-		new Saml2X509Credential(null, SIGNING);
+		new Saml2X509Credential(null, Saml2X509CredentialType.SIGNING);
 	}
 
 	@Test
 	public void constructorWhenRelyingPartyWithEncryptionUsageThenItFails() {
 		this.exception.expect(IllegalStateException.class);
-		new Saml2X509Credential(this.key, this.certificate, ENCRYPTION);
+		new Saml2X509Credential(this.key, this.certificate, Saml2X509CredentialType.ENCRYPTION);
 	}
 
 	@Test
 	public void constructorWhenRelyingPartyWithVerificationUsageThenItFails() {
 		this.exception.expect(IllegalStateException.class);
-		new Saml2X509Credential(this.key, this.certificate, VERIFICATION);
+		new Saml2X509Credential(this.key, this.certificate, Saml2X509CredentialType.VERIFICATION);
 	}
 
 	@Test
 	public void constructorWhenAssertingPartyWithSigningUsageThenItFails() {
 		this.exception.expect(IllegalStateException.class);
-		new Saml2X509Credential(this.certificate, SIGNING);
+		new Saml2X509Credential(this.certificate, Saml2X509CredentialType.SIGNING);
 	}
 
 	@Test
 	public void constructorWhenAssertingPartyWithDecryptionUsageThenItFails() {
 		this.exception.expect(IllegalStateException.class);
-		new Saml2X509Credential(this.certificate, DECRYPTION);
+		new Saml2X509Credential(this.certificate, Saml2X509CredentialType.DECRYPTION);
 	}
 
 }
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/credentials/TestSaml2X509Credentials.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/credentials/TestSaml2X509Credentials.java
index 90fdd0fae5..5f57547185 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/credentials/TestSaml2X509Credentials.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/credentials/TestSaml2X509Credentials.java
@@ -17,6 +17,7 @@
 package org.springframework.security.saml2.credentials;
 
 import java.io.ByteArrayInputStream;
+import java.nio.charset.StandardCharsets;
 import java.security.KeyException;
 import java.security.PrivateKey;
 import java.security.cert.CertificateException;
@@ -26,37 +27,33 @@ import java.security.cert.X509Certificate;
 import org.opensaml.security.crypto.KeySupport;
 
 import org.springframework.security.saml2.Saml2Exception;
-
-import static java.nio.charset.StandardCharsets.UTF_8;
-import static org.springframework.security.saml2.credentials.Saml2X509Credential.Saml2X509CredentialType.DECRYPTION;
-import static org.springframework.security.saml2.credentials.Saml2X509Credential.Saml2X509CredentialType.ENCRYPTION;
-import static org.springframework.security.saml2.credentials.Saml2X509Credential.Saml2X509CredentialType.SIGNING;
-import static org.springframework.security.saml2.credentials.Saml2X509Credential.Saml2X509CredentialType.VERIFICATION;
+import org.springframework.security.saml2.credentials.Saml2X509Credential.Saml2X509CredentialType;
 
 public final class TestSaml2X509Credentials {
 
 	public static Saml2X509Credential assertingPartySigningCredential() {
-		return new Saml2X509Credential(idpPrivateKey(), idpCertificate(), SIGNING);
+		return new Saml2X509Credential(idpPrivateKey(), idpCertificate(), Saml2X509CredentialType.SIGNING);
 	}
 
 	public static Saml2X509Credential assertingPartyEncryptingCredential() {
-		return new Saml2X509Credential(spCertificate(), ENCRYPTION);
+		return new Saml2X509Credential(spCertificate(), Saml2X509CredentialType.ENCRYPTION);
 	}
 
 	public static Saml2X509Credential assertingPartyPrivateCredential() {
-		return new Saml2X509Credential(idpPrivateKey(), idpCertificate(), SIGNING, DECRYPTION);
+		return new Saml2X509Credential(idpPrivateKey(), idpCertificate(), Saml2X509CredentialType.SIGNING,
+				Saml2X509CredentialType.DECRYPTION);
 	}
 
 	public static Saml2X509Credential relyingPartyVerifyingCredential() {
-		return new Saml2X509Credential(idpCertificate(), VERIFICATION);
+		return new Saml2X509Credential(idpCertificate(), Saml2X509CredentialType.VERIFICATION);
 	}
 
 	public static Saml2X509Credential relyingPartySigningCredential() {
-		return new Saml2X509Credential(spPrivateKey(), spCertificate(), SIGNING);
+		return new Saml2X509Credential(spPrivateKey(), spCertificate(), Saml2X509CredentialType.SIGNING);
 	}
 
 	public static Saml2X509Credential relyingPartyDecryptingCredential() {
-		return new Saml2X509Credential(spPrivateKey(), spCertificate(), DECRYPTION);
+		return new Saml2X509Credential(spPrivateKey(), spCertificate(), Saml2X509CredentialType.DECRYPTION);
 	}
 
 	private static X509Certificate certificate(String cert) {
@@ -71,7 +68,7 @@ public final class TestSaml2X509Credentials {
 
 	private static PrivateKey privateKey(String key) {
 		try {
-			return KeySupport.decodePrivateKey(key.getBytes(UTF_8), new char[0]);
+			return KeySupport.decodePrivateKey(key.getBytes(StandardCharsets.UTF_8), new char[0]);
 		}
 		catch (KeyException e) {
 			throw new Saml2Exception(e);
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProviderTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProviderTests.java
index b6081da1c3..04adbb8968 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProviderTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProviderTests.java
@@ -47,6 +47,7 @@ import org.opensaml.core.xml.io.Marshaller;
 import org.opensaml.core.xml.io.MarshallingException;
 import org.opensaml.saml.common.assertion.ValidationContext;
 import org.opensaml.saml.common.assertion.ValidationResult;
+import org.opensaml.saml.saml2.assertion.SAML2AssertionValidationParameters;
 import org.opensaml.saml.saml2.assertion.impl.OneTimeUseConditionValidator;
 import org.opensaml.saml.saml2.core.Assertion;
 import org.opensaml.saml.saml2.core.AttributeStatement;
@@ -64,8 +65,9 @@ import org.xml.sax.InputSource;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.saml2.Saml2Exception;
 import org.springframework.security.saml2.credentials.Saml2X509Credential;
+import org.springframework.security.saml2.credentials.TestSaml2X509Credentials;
+import org.springframework.util.StringUtils;
 
-import static java.util.Collections.singleton;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatCode;
 import static org.mockito.ArgumentMatchers.any;
@@ -73,21 +75,6 @@ import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.atLeastOnce;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
-import static org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport.getBuilderFactory;
-import static org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport.getMarshallerFactory;
-import static org.opensaml.saml.saml2.assertion.SAML2AssertionValidationParameters.SC_VALID_RECIPIENTS;
-import static org.opensaml.saml.saml2.assertion.SAML2AssertionValidationParameters.SIGNATURE_REQUIRED;
-import static org.springframework.security.saml2.credentials.TestSaml2X509Credentials.assertingPartyEncryptingCredential;
-import static org.springframework.security.saml2.credentials.TestSaml2X509Credentials.assertingPartyPrivateCredential;
-import static org.springframework.security.saml2.credentials.TestSaml2X509Credentials.assertingPartySigningCredential;
-import static org.springframework.security.saml2.credentials.TestSaml2X509Credentials.relyingPartyDecryptingCredential;
-import static org.springframework.security.saml2.credentials.TestSaml2X509Credentials.relyingPartyVerifyingCredential;
-import static org.springframework.security.saml2.provider.service.authentication.TestOpenSamlObjects.assertion;
-import static org.springframework.security.saml2.provider.service.authentication.TestOpenSamlObjects.attributeStatements;
-import static org.springframework.security.saml2.provider.service.authentication.TestOpenSamlObjects.encrypted;
-import static org.springframework.security.saml2.provider.service.authentication.TestOpenSamlObjects.response;
-import static org.springframework.security.saml2.provider.service.authentication.TestOpenSamlObjects.signed;
-import static org.springframework.util.StringUtils.hasText;
 
 /**
  * Tests for {@link OpenSamlAuthenticationProvider}
@@ -128,16 +115,18 @@ public class OpenSamlAuthenticationProviderTests {
 	public void authenticateWhenUnknownDataClassThenThrowAuthenticationException() {
 		this.exception.expect(authenticationMatcher(Saml2ErrorCodes.MALFORMED_RESPONSE_DATA));
 
-		Assertion assertion = (Assertion) getBuilderFactory().getBuilder(Assertion.DEFAULT_ELEMENT_NAME)
-				.buildObject(Assertion.DEFAULT_ELEMENT_NAME);
-		this.provider.authenticate(token(serialize(assertion), relyingPartyVerifyingCredential()));
+		Assertion assertion = (Assertion) XMLObjectProviderRegistrySupport.getBuilderFactory()
+				.getBuilder(Assertion.DEFAULT_ELEMENT_NAME).buildObject(Assertion.DEFAULT_ELEMENT_NAME);
+		this.provider
+				.authenticate(token(serialize(assertion), TestSaml2X509Credentials.relyingPartyVerifyingCredential()));
 	}
 
 	@Test
 	public void authenticateWhenXmlErrorThenThrowAuthenticationException() {
 		this.exception.expect(authenticationMatcher(Saml2ErrorCodes.MALFORMED_RESPONSE_DATA));
 
-		Saml2AuthenticationToken token = token("invalid xml", relyingPartyVerifyingCredential());
+		Saml2AuthenticationToken token = token("invalid xml",
+				TestSaml2X509Credentials.relyingPartyVerifyingCredential());
 		this.provider.authenticate(token);
 	}
 
@@ -145,10 +134,11 @@ public class OpenSamlAuthenticationProviderTests {
 	public void authenticateWhenInvalidDestinationThenThrowAuthenticationException() {
 		this.exception.expect(authenticationMatcher(Saml2ErrorCodes.INVALID_DESTINATION));
 
-		Response response = response(DESTINATION + "invalid", ASSERTING_PARTY_ENTITY_ID);
-		response.getAssertions().add(assertion());
-		signed(response, assertingPartySigningCredential(), RELYING_PARTY_ENTITY_ID);
-		Saml2AuthenticationToken token = token(response, relyingPartyVerifyingCredential());
+		Response response = TestOpenSamlObjects.response(DESTINATION + "invalid", ASSERTING_PARTY_ENTITY_ID);
+		response.getAssertions().add(TestOpenSamlObjects.assertion());
+		TestOpenSamlObjects.signed(response, TestSaml2X509Credentials.assertingPartySigningCredential(),
+				RELYING_PARTY_ENTITY_ID);
+		Saml2AuthenticationToken token = token(response, TestSaml2X509Credentials.relyingPartyVerifyingCredential());
 		this.provider.authenticate(token);
 	}
 
@@ -157,7 +147,8 @@ public class OpenSamlAuthenticationProviderTests {
 		this.exception.expect(
 				authenticationMatcher(Saml2ErrorCodes.MALFORMED_RESPONSE_DATA, "No assertions found in response."));
 
-		Saml2AuthenticationToken token = token(response(), assertingPartySigningCredential());
+		Saml2AuthenticationToken token = token(TestOpenSamlObjects.response(),
+				TestSaml2X509Credentials.assertingPartySigningCredential());
 		this.provider.authenticate(token);
 	}
 
@@ -165,9 +156,9 @@ public class OpenSamlAuthenticationProviderTests {
 	public void authenticateWhenInvalidSignatureOnAssertionThenThrowAuthenticationException() {
 		this.exception.expect(authenticationMatcher(Saml2ErrorCodes.INVALID_SIGNATURE));
 
-		Response response = response();
-		response.getAssertions().add(assertion());
-		Saml2AuthenticationToken token = token(response, relyingPartyVerifyingCredential());
+		Response response = TestOpenSamlObjects.response();
+		response.getAssertions().add(TestOpenSamlObjects.assertion());
+		Saml2AuthenticationToken token = token(response, TestSaml2X509Credentials.relyingPartyVerifyingCredential());
 		this.provider.authenticate(token);
 	}
 
@@ -175,13 +166,14 @@ public class OpenSamlAuthenticationProviderTests {
 	public void authenticateWhenOpenSAMLValidationErrorThenThrowAuthenticationException() throws Exception {
 		this.exception.expect(authenticationMatcher(Saml2ErrorCodes.INVALID_ASSERTION));
 
-		Response response = response();
-		Assertion assertion = assertion();
+		Response response = TestOpenSamlObjects.response();
+		Assertion assertion = TestOpenSamlObjects.assertion();
 		assertion.getSubject().getSubjectConfirmations().get(0).getSubjectConfirmationData()
 				.setNotOnOrAfter(DateTime.now().minus(Duration.standardDays(3)));
-		signed(assertion, assertingPartySigningCredential(), RELYING_PARTY_ENTITY_ID);
+		TestOpenSamlObjects.signed(assertion, TestSaml2X509Credentials.assertingPartySigningCredential(),
+				RELYING_PARTY_ENTITY_ID);
 		response.getAssertions().add(assertion);
-		Saml2AuthenticationToken token = token(response, relyingPartyVerifyingCredential());
+		Saml2AuthenticationToken token = token(response, TestSaml2X509Credentials.relyingPartyVerifyingCredential());
 		this.provider.authenticate(token);
 	}
 
@@ -189,12 +181,13 @@ public class OpenSamlAuthenticationProviderTests {
 	public void authenticateWhenMissingSubjectThenThrowAuthenticationException() {
 		this.exception.expect(authenticationMatcher(Saml2ErrorCodes.SUBJECT_NOT_FOUND));
 
-		Response response = response();
-		Assertion assertion = assertion();
+		Response response = TestOpenSamlObjects.response();
+		Assertion assertion = TestOpenSamlObjects.assertion();
 		assertion.setSubject(null);
-		signed(assertion, assertingPartySigningCredential(), RELYING_PARTY_ENTITY_ID);
+		TestOpenSamlObjects.signed(assertion, TestSaml2X509Credentials.assertingPartySigningCredential(),
+				RELYING_PARTY_ENTITY_ID);
 		response.getAssertions().add(assertion);
-		Saml2AuthenticationToken token = token(response, relyingPartyVerifyingCredential());
+		Saml2AuthenticationToken token = token(response, TestSaml2X509Credentials.relyingPartyVerifyingCredential());
 		this.provider.authenticate(token);
 	}
 
@@ -202,36 +195,39 @@ public class OpenSamlAuthenticationProviderTests {
 	public void authenticateWhenUsernameMissingThenThrowAuthenticationException() throws Exception {
 		this.exception.expect(authenticationMatcher(Saml2ErrorCodes.SUBJECT_NOT_FOUND));
 
-		Response response = response();
-		Assertion assertion = assertion();
+		Response response = TestOpenSamlObjects.response();
+		Assertion assertion = TestOpenSamlObjects.assertion();
 		assertion.getSubject().getNameID().setValue(null);
-		signed(assertion, assertingPartySigningCredential(), RELYING_PARTY_ENTITY_ID);
+		TestOpenSamlObjects.signed(assertion, TestSaml2X509Credentials.assertingPartySigningCredential(),
+				RELYING_PARTY_ENTITY_ID);
 		response.getAssertions().add(assertion);
-		Saml2AuthenticationToken token = token(response, relyingPartyVerifyingCredential());
+		Saml2AuthenticationToken token = token(response, TestSaml2X509Credentials.relyingPartyVerifyingCredential());
 		this.provider.authenticate(token);
 	}
 
 	@Test
 	public void authenticateWhenAssertionContainsValidationAddressThenItSucceeds() throws Exception {
-		Response response = response();
-		Assertion assertion = assertion();
+		Response response = TestOpenSamlObjects.response();
+		Assertion assertion = TestOpenSamlObjects.assertion();
 		assertion.getSubject().getSubjectConfirmations()
 				.forEach(sc -> sc.getSubjectConfirmationData().setAddress("10.10.10.10"));
-		signed(assertion, assertingPartySigningCredential(), RELYING_PARTY_ENTITY_ID);
+		TestOpenSamlObjects.signed(assertion, TestSaml2X509Credentials.assertingPartySigningCredential(),
+				RELYING_PARTY_ENTITY_ID);
 		response.getAssertions().add(assertion);
-		Saml2AuthenticationToken token = token(response, relyingPartyVerifyingCredential());
+		Saml2AuthenticationToken token = token(response, TestSaml2X509Credentials.relyingPartyVerifyingCredential());
 		this.provider.authenticate(token);
 	}
 
 	@Test
 	public void authenticateWhenAssertionContainsAttributesThenItSucceeds() {
-		Response response = response();
-		Assertion assertion = assertion();
-		List<AttributeStatement> attributes = attributeStatements();
+		Response response = TestOpenSamlObjects.response();
+		Assertion assertion = TestOpenSamlObjects.assertion();
+		List<AttributeStatement> attributes = TestOpenSamlObjects.attributeStatements();
 		assertion.getAttributeStatements().addAll(attributes);
-		signed(assertion, assertingPartySigningCredential(), RELYING_PARTY_ENTITY_ID);
+		TestOpenSamlObjects.signed(assertion, TestSaml2X509Credentials.assertingPartySigningCredential(),
+				RELYING_PARTY_ENTITY_ID);
 		response.getAssertions().add(assertion);
-		Saml2AuthenticationToken token = token(response, relyingPartyVerifyingCredential());
+		Saml2AuthenticationToken token = token(response, TestSaml2X509Credentials.relyingPartyVerifyingCredential());
 		Authentication authentication = this.provider.authenticate(token);
 		Saml2AuthenticatedPrincipal principal = (Saml2AuthenticatedPrincipal) authentication.getPrincipal();
 
@@ -250,13 +246,14 @@ public class OpenSamlAuthenticationProviderTests {
 
 	@Test
 	public void authenticateWhenAttributeValueMarshallerConfiguredThenUses() throws Exception {
-		Response response = response();
-		Assertion assertion = assertion();
-		List<AttributeStatement> attributes = attributeStatements();
+		Response response = TestOpenSamlObjects.response();
+		Assertion assertion = TestOpenSamlObjects.assertion();
+		List<AttributeStatement> attributes = TestOpenSamlObjects.attributeStatements();
 		assertion.getAttributeStatements().addAll(attributes);
-		signed(assertion, assertingPartySigningCredential(), RELYING_PARTY_ENTITY_ID);
+		TestOpenSamlObjects.signed(assertion, TestSaml2X509Credentials.assertingPartySigningCredential(),
+				RELYING_PARTY_ENTITY_ID);
 		response.getAssertions().add(assertion);
-		Saml2AuthenticationToken token = token(response, relyingPartyVerifyingCredential());
+		Saml2AuthenticationToken token = token(response, TestSaml2X509Credentials.relyingPartyVerifyingCredential());
 
 		Element attributeElement = element("<element>value</element>");
 		Marshaller marshaller = mock(Marshaller.class);
@@ -278,47 +275,54 @@ public class OpenSamlAuthenticationProviderTests {
 	public void authenticateWhenEncryptedAssertionWithoutSignatureThenItFails() throws Exception {
 		this.exception.expect(authenticationMatcher(Saml2ErrorCodes.INVALID_SIGNATURE));
 
-		Response response = response();
-		EncryptedAssertion encryptedAssertion = encrypted(assertion(), assertingPartyEncryptingCredential());
+		Response response = TestOpenSamlObjects.response();
+		EncryptedAssertion encryptedAssertion = TestOpenSamlObjects.encrypted(TestOpenSamlObjects.assertion(),
+				TestSaml2X509Credentials.assertingPartyEncryptingCredential());
 		response.getEncryptedAssertions().add(encryptedAssertion);
-		Saml2AuthenticationToken token = token(response, relyingPartyDecryptingCredential());
+		Saml2AuthenticationToken token = token(response, TestSaml2X509Credentials.relyingPartyDecryptingCredential());
 		this.provider.authenticate(token);
 	}
 
 	@Test
 	public void authenticateWhenEncryptedAssertionWithSignatureThenItSucceeds() throws Exception {
-		Response response = response();
-		Assertion assertion = signed(assertion(), assertingPartySigningCredential(), RELYING_PARTY_ENTITY_ID);
-		EncryptedAssertion encryptedAssertion = encrypted(assertion, assertingPartyEncryptingCredential());
+		Response response = TestOpenSamlObjects.response();
+		Assertion assertion = TestOpenSamlObjects.signed(TestOpenSamlObjects.assertion(),
+				TestSaml2X509Credentials.assertingPartySigningCredential(), RELYING_PARTY_ENTITY_ID);
+		EncryptedAssertion encryptedAssertion = TestOpenSamlObjects.encrypted(assertion,
+				TestSaml2X509Credentials.assertingPartyEncryptingCredential());
 		response.getEncryptedAssertions().add(encryptedAssertion);
-		Saml2AuthenticationToken token = token(response, relyingPartyVerifyingCredential(),
-				relyingPartyDecryptingCredential());
+		Saml2AuthenticationToken token = token(response, TestSaml2X509Credentials.relyingPartyVerifyingCredential(),
+				TestSaml2X509Credentials.relyingPartyDecryptingCredential());
 		this.provider.authenticate(token);
 	}
 
 	@Test
 	public void authenticateWhenEncryptedAssertionWithResponseSignatureThenItSucceeds() throws Exception {
-		Response response = response();
-		EncryptedAssertion encryptedAssertion = encrypted(assertion(), assertingPartyEncryptingCredential());
+		Response response = TestOpenSamlObjects.response();
+		EncryptedAssertion encryptedAssertion = TestOpenSamlObjects.encrypted(TestOpenSamlObjects.assertion(),
+				TestSaml2X509Credentials.assertingPartyEncryptingCredential());
 		response.getEncryptedAssertions().add(encryptedAssertion);
-		signed(response, assertingPartySigningCredential(), RELYING_PARTY_ENTITY_ID);
-		Saml2AuthenticationToken token = token(response, relyingPartyVerifyingCredential(),
-				relyingPartyDecryptingCredential());
+		TestOpenSamlObjects.signed(response, TestSaml2X509Credentials.assertingPartySigningCredential(),
+				RELYING_PARTY_ENTITY_ID);
+		Saml2AuthenticationToken token = token(response, TestSaml2X509Credentials.relyingPartyVerifyingCredential(),
+				TestSaml2X509Credentials.relyingPartyDecryptingCredential());
 		this.provider.authenticate(token);
 	}
 
 	@Test
 	public void authenticateWhenEncryptedNameIdWithSignatureThenItSucceeds() throws Exception {
-		Response response = response();
-		Assertion assertion = assertion();
+		Response response = TestOpenSamlObjects.response();
+		Assertion assertion = TestOpenSamlObjects.assertion();
 		NameID nameId = assertion.getSubject().getNameID();
-		EncryptedID encryptedID = encrypted(nameId, assertingPartyEncryptingCredential());
+		EncryptedID encryptedID = TestOpenSamlObjects.encrypted(nameId,
+				TestSaml2X509Credentials.assertingPartyEncryptingCredential());
 		assertion.getSubject().setNameID(null);
 		assertion.getSubject().setEncryptedID(encryptedID);
 		response.getAssertions().add(assertion);
-		signed(assertion, assertingPartySigningCredential(), RELYING_PARTY_ENTITY_ID);
-		Saml2AuthenticationToken token = token(response, relyingPartyVerifyingCredential(),
-				relyingPartyDecryptingCredential());
+		TestOpenSamlObjects.signed(assertion, TestSaml2X509Credentials.assertingPartySigningCredential(),
+				RELYING_PARTY_ENTITY_ID);
+		Saml2AuthenticationToken token = token(response, TestSaml2X509Credentials.relyingPartyVerifyingCredential(),
+				TestSaml2X509Credentials.relyingPartyDecryptingCredential());
 		this.provider.authenticate(token);
 	}
 
@@ -327,10 +331,12 @@ public class OpenSamlAuthenticationProviderTests {
 		this.exception
 				.expect(authenticationMatcher(Saml2ErrorCodes.DECRYPTION_ERROR, "Failed to decrypt EncryptedData"));
 
-		Response response = response();
-		EncryptedAssertion encryptedAssertion = encrypted(assertion(), assertingPartyEncryptingCredential());
+		Response response = TestOpenSamlObjects.response();
+		EncryptedAssertion encryptedAssertion = TestOpenSamlObjects.encrypted(TestOpenSamlObjects.assertion(),
+				TestSaml2X509Credentials.assertingPartyEncryptingCredential());
 		response.getEncryptedAssertions().add(encryptedAssertion);
-		Saml2AuthenticationToken token = token(serialize(response), relyingPartyVerifyingCredential());
+		Saml2AuthenticationToken token = token(serialize(response),
+				TestSaml2X509Credentials.relyingPartyVerifyingCredential());
 		this.provider.authenticate(token);
 	}
 
@@ -339,21 +345,25 @@ public class OpenSamlAuthenticationProviderTests {
 		this.exception
 				.expect(authenticationMatcher(Saml2ErrorCodes.DECRYPTION_ERROR, "Failed to decrypt EncryptedData"));
 
-		Response response = response();
-		EncryptedAssertion encryptedAssertion = encrypted(assertion(), assertingPartyEncryptingCredential());
+		Response response = TestOpenSamlObjects.response();
+		EncryptedAssertion encryptedAssertion = TestOpenSamlObjects.encrypted(TestOpenSamlObjects.assertion(),
+				TestSaml2X509Credentials.assertingPartyEncryptingCredential());
 		response.getEncryptedAssertions().add(encryptedAssertion);
-		Saml2AuthenticationToken token = token(serialize(response), assertingPartyPrivateCredential());
+		Saml2AuthenticationToken token = token(serialize(response),
+				TestSaml2X509Credentials.assertingPartyPrivateCredential());
 		this.provider.authenticate(token);
 	}
 
 	@Test
 	public void writeObjectWhenTypeIsSaml2AuthenticationThenNoException() throws IOException {
-		Response response = response();
-		Assertion assertion = signed(assertion(), assertingPartySigningCredential(), RELYING_PARTY_ENTITY_ID);
-		EncryptedAssertion encryptedAssertion = encrypted(assertion, assertingPartyEncryptingCredential());
+		Response response = TestOpenSamlObjects.response();
+		Assertion assertion = TestOpenSamlObjects.signed(TestOpenSamlObjects.assertion(),
+				TestSaml2X509Credentials.assertingPartySigningCredential(), RELYING_PARTY_ENTITY_ID);
+		EncryptedAssertion encryptedAssertion = TestOpenSamlObjects.encrypted(assertion,
+				TestSaml2X509Credentials.assertingPartyEncryptingCredential());
 		response.getEncryptedAssertions().add(encryptedAssertion);
-		Saml2AuthenticationToken token = token(response, relyingPartyVerifyingCredential(),
-				relyingPartyDecryptingCredential());
+		Saml2AuthenticationToken token = token(response, TestSaml2X509Credentials.relyingPartyVerifyingCredential(),
+				TestSaml2X509Credentials.relyingPartyDecryptingCredential());
 		Saml2Authentication authentication = (Saml2Authentication) this.provider.authenticate(token);
 
 		// the following code will throw an exception if authentication isn't serializable
@@ -368,13 +378,14 @@ public class OpenSamlAuthenticationProviderTests {
 		OneTimeUseConditionValidator validator = mock(OneTimeUseConditionValidator.class);
 		OpenSamlAuthenticationProvider provider = new OpenSamlAuthenticationProvider();
 		provider.setConditionValidators(Collections.singleton(validator));
-		Response response = response();
-		Assertion assertion = assertion();
+		Response response = TestOpenSamlObjects.response();
+		Assertion assertion = TestOpenSamlObjects.assertion();
 		OneTimeUse oneTimeUse = build(OneTimeUse.DEFAULT_ELEMENT_NAME);
 		assertion.getConditions().getConditions().add(oneTimeUse);
 		response.getAssertions().add(assertion);
-		signed(response, assertingPartySigningCredential(), ASSERTING_PARTY_ENTITY_ID);
-		Saml2AuthenticationToken token = token(response, relyingPartyVerifyingCredential());
+		TestOpenSamlObjects.signed(response, TestSaml2X509Credentials.assertingPartySigningCredential(),
+				ASSERTING_PARTY_ENTITY_ID);
+		Saml2AuthenticationToken token = token(response, TestSaml2X509Credentials.relyingPartyVerifyingCredential());
 		given(validator.getServicedCondition()).willReturn(OneTimeUse.DEFAULT_ELEMENT_NAME);
 		given(validator.validate(any(Condition.class), any(Assertion.class), any(ValidationContext.class)))
 				.willReturn(ValidationResult.VALID);
@@ -385,17 +396,18 @@ public class OpenSamlAuthenticationProviderTests {
 	@Test
 	public void authenticateWhenValidationContextCustomizedThenUsers() {
 		Map<String, Object> parameters = new HashMap<>();
-		parameters.put(SC_VALID_RECIPIENTS, singleton(DESTINATION));
-		parameters.put(SIGNATURE_REQUIRED, false);
+		parameters.put(SAML2AssertionValidationParameters.SC_VALID_RECIPIENTS, Collections.singleton(DESTINATION));
+		parameters.put(SAML2AssertionValidationParameters.SIGNATURE_REQUIRED, false);
 		ValidationContext context = mock(ValidationContext.class);
 		given(context.getStaticParameters()).willReturn(parameters);
 		OpenSamlAuthenticationProvider provider = new OpenSamlAuthenticationProvider();
 		provider.setValidationContextConverter(tuple -> context);
-		Response response = response();
-		Assertion assertion = assertion();
+		Response response = TestOpenSamlObjects.response();
+		Assertion assertion = TestOpenSamlObjects.assertion();
 		response.getAssertions().add(assertion);
-		signed(response, assertingPartySigningCredential(), ASSERTING_PARTY_ENTITY_ID);
-		Saml2AuthenticationToken token = token(response, relyingPartyVerifyingCredential());
+		TestOpenSamlObjects.signed(response, TestSaml2X509Credentials.assertingPartySigningCredential(),
+				ASSERTING_PARTY_ENTITY_ID);
+		Saml2AuthenticationToken token = token(response, TestSaml2X509Credentials.relyingPartyVerifyingCredential());
 		provider.authenticate(token);
 		verify(context, atLeastOnce()).getStaticParameters();
 	}
@@ -415,12 +427,12 @@ public class OpenSamlAuthenticationProviderTests {
 	}
 
 	private <T extends XMLObject> T build(QName qName) {
-		return (T) getBuilderFactory().getBuilder(qName).buildObject(qName);
+		return (T) XMLObjectProviderRegistrySupport.getBuilderFactory().getBuilder(qName).buildObject(qName);
 	}
 
 	private String serialize(XMLObject object) {
 		try {
-			Marshaller marshaller = getMarshallerFactory().getMarshaller(object);
+			Marshaller marshaller = XMLObjectProviderRegistrySupport.getMarshallerFactory().getMarshaller(object);
 			Element element = marshaller.marshall(object);
 			return SerializeSupport.nodeToString(element);
 		}
@@ -444,7 +456,7 @@ public class OpenSamlAuthenticationProviderTests {
 				if (!code.equals(ex.getError().getErrorCode())) {
 					return false;
 				}
-				if (hasText(description)) {
+				if (StringUtils.hasText(description)) {
 					if (!description.equals(ex.getError().getDescription())) {
 						return false;
 					}
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationRequestFactoryTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationRequestFactoryTests.java
index 1ec40b8fd2..d8715a4f5c 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationRequestFactoryTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationRequestFactoryTests.java
@@ -17,6 +17,7 @@
 package org.springframework.security.saml2.provider.service.authentication;
 
 import java.io.ByteArrayInputStream;
+import java.nio.charset.StandardCharsets;
 import java.util.function.Consumer;
 import java.util.function.Function;
 
@@ -25,6 +26,7 @@ import org.junit.Before;
 import org.junit.Rule;
 import org.junit.Test;
 import org.junit.rules.ExpectedException;
+import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
 import org.opensaml.saml.common.xml.SAMLConstants;
 import org.opensaml.saml.saml2.core.AuthnRequest;
 import org.opensaml.saml.saml2.core.impl.AuthnRequestUnmarshaller;
@@ -32,24 +34,16 @@ import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 
 import org.springframework.security.saml2.Saml2Exception;
+import org.springframework.security.saml2.credentials.TestSaml2X509Credentials;
 import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
 import org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding;
 
-import static java.nio.charset.StandardCharsets.UTF_8;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatCode;
 import static org.hamcrest.CoreMatchers.containsString;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
-import static org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport.getParserPool;
-import static org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport.getUnmarshallerFactory;
-import static org.springframework.security.saml2.credentials.TestSaml2X509Credentials.relyingPartySigningCredential;
-import static org.springframework.security.saml2.provider.service.authentication.Saml2Utils.samlDecode;
-import static org.springframework.security.saml2.provider.service.authentication.Saml2Utils.samlInflate;
-import static org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.withRelyingPartyRegistration;
-import static org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding.POST;
-import static org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding.REDIRECT;
 
 /**
  * Tests for {@link OpenSamlAuthenticationRequestFactory}
@@ -66,8 +60,8 @@ public class OpenSamlAuthenticationRequestFactoryTests {
 
 	private RelyingPartyRegistration relyingPartyRegistration;
 
-	private AuthnRequestUnmarshaller unmarshaller = (AuthnRequestUnmarshaller) getUnmarshallerFactory()
-			.getUnmarshaller(AuthnRequest.DEFAULT_ELEMENT_NAME);
+	private AuthnRequestUnmarshaller unmarshaller = (AuthnRequestUnmarshaller) XMLObjectProviderRegistrySupport
+			.getUnmarshallerFactory().getUnmarshaller(AuthnRequest.DEFAULT_ELEMENT_NAME);
 
 	@Rule
 	public ExpectedException exception = ExpectedException.none();
@@ -78,7 +72,7 @@ public class OpenSamlAuthenticationRequestFactoryTests {
 				.assertionConsumerServiceLocation("template")
 				.providerDetails(c -> c.webSsoUrl("https://destination/sso"))
 				.providerDetails(c -> c.entityId("remote-entity-id")).localEntityIdTemplate("local-entity-id")
-				.credentials(c -> c.add(relyingPartySigningCredential()));
+				.credentials(c -> c.add(TestSaml2X509Credentials.relyingPartySigningCredential()));
 		this.relyingPartyRegistration = this.relyingPartyRegistrationBuilder.build();
 		this.contextBuilder = Saml2AuthenticationRequestContext.builder().issuer("https://issuer")
 				.relyingPartyRegistration(this.relyingPartyRegistration)
@@ -104,58 +98,64 @@ public class OpenSamlAuthenticationRequestFactoryTests {
 		assertThat(result.getRelayState()).isEqualTo("Relay State Value");
 		assertThat(result.getSigAlg()).isNotEmpty();
 		assertThat(result.getSignature()).isNotEmpty();
-		assertThat(result.getBinding()).isEqualTo(REDIRECT);
+		assertThat(result.getBinding()).isEqualTo(Saml2MessageBinding.REDIRECT);
 	}
 
 	@Test
 	public void createRedirectAuthenticationRequestWhenNotSignRequestThenNoSignatureIsPresent() {
 
 		this.context = this.contextBuilder.relayState("Relay State Value")
-				.relyingPartyRegistration(withRelyingPartyRegistration(this.relyingPartyRegistration)
-						.providerDetails(c -> c.signAuthNRequest(false)).build())
+				.relyingPartyRegistration(
+						RelyingPartyRegistration.withRelyingPartyRegistration(this.relyingPartyRegistration)
+								.providerDetails(c -> c.signAuthNRequest(false)).build())
 				.build();
 		Saml2RedirectAuthenticationRequest result = this.factory.createRedirectAuthenticationRequest(this.context);
 		assertThat(result.getSamlRequest()).isNotEmpty();
 		assertThat(result.getRelayState()).isEqualTo("Relay State Value");
 		assertThat(result.getSigAlg()).isNull();
 		assertThat(result.getSignature()).isNull();
-		assertThat(result.getBinding()).isEqualTo(REDIRECT);
+		assertThat(result.getBinding()).isEqualTo(Saml2MessageBinding.REDIRECT);
 	}
 
 	@Test
 	public void createPostAuthenticationRequestWhenNotSignRequestThenNoSignatureIsPresent() {
 		this.context = this.contextBuilder.relayState("Relay State Value")
-				.relyingPartyRegistration(withRelyingPartyRegistration(this.relyingPartyRegistration)
-						.providerDetails(c -> c.signAuthNRequest(false)).build())
+				.relyingPartyRegistration(
+						RelyingPartyRegistration.withRelyingPartyRegistration(this.relyingPartyRegistration)
+								.providerDetails(c -> c.signAuthNRequest(false)).build())
 				.build();
 		Saml2PostAuthenticationRequest result = this.factory.createPostAuthenticationRequest(this.context);
 		assertThat(result.getSamlRequest()).isNotEmpty();
 		assertThat(result.getRelayState()).isEqualTo("Relay State Value");
-		assertThat(result.getBinding()).isEqualTo(POST);
-		assertThat(new String(samlDecode(result.getSamlRequest()), UTF_8)).doesNotContain("ds:Signature");
+		assertThat(result.getBinding()).isEqualTo(Saml2MessageBinding.POST);
+		assertThat(new String(Saml2Utils.samlDecode(result.getSamlRequest()), StandardCharsets.UTF_8))
+				.doesNotContain("ds:Signature");
 	}
 
 	@Test
 	public void createPostAuthenticationRequestWhenSignRequestThenSignatureIsPresent() {
 		this.context = this.contextBuilder.relayState("Relay State Value")
-				.relyingPartyRegistration(withRelyingPartyRegistration(this.relyingPartyRegistration).build()).build();
+				.relyingPartyRegistration(
+						RelyingPartyRegistration.withRelyingPartyRegistration(this.relyingPartyRegistration).build())
+				.build();
 		Saml2PostAuthenticationRequest result = this.factory.createPostAuthenticationRequest(this.context);
 		assertThat(result.getSamlRequest()).isNotEmpty();
 		assertThat(result.getRelayState()).isEqualTo("Relay State Value");
-		assertThat(result.getBinding()).isEqualTo(POST);
-		assertThat(new String(samlDecode(result.getSamlRequest()), UTF_8)).contains("ds:Signature");
+		assertThat(result.getBinding()).isEqualTo(Saml2MessageBinding.POST);
+		assertThat(new String(Saml2Utils.samlDecode(result.getSamlRequest()), StandardCharsets.UTF_8))
+				.contains("ds:Signature");
 	}
 
 	@Test
 	public void createAuthenticationRequestWhenDefaultThenReturnsPostBinding() {
-		AuthnRequest authn = getAuthNRequest(POST);
+		AuthnRequest authn = getAuthNRequest(Saml2MessageBinding.POST);
 		Assert.assertEquals(SAMLConstants.SAML2_POST_BINDING_URI, authn.getProtocolBinding());
 	}
 
 	@Test
 	public void createAuthenticationRequestWhenSetUriThenReturnsCorrectBinding() {
 		this.factory.setProtocolBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
-		AuthnRequest authn = getAuthNRequest(POST);
+		AuthnRequest authn = getAuthNRequest(Saml2MessageBinding.POST);
 		Assert.assertEquals(SAMLConstants.SAML2_REDIRECT_BINDING_URI, authn.getProtocolBinding());
 	}
 
@@ -199,29 +199,30 @@ public class OpenSamlAuthenticationRequestFactoryTests {
 	@Test
 	public void createPostAuthenticationRequestWhenAssertionConsumerServiceBindingThenUses() {
 		RelyingPartyRegistration relyingPartyRegistration = this.relyingPartyRegistrationBuilder
-				.assertionConsumerServiceBinding(REDIRECT).build();
+				.assertionConsumerServiceBinding(Saml2MessageBinding.REDIRECT).build();
 		Saml2AuthenticationRequestContext context = this.contextBuilder
 				.relyingPartyRegistration(relyingPartyRegistration).build();
 		Saml2PostAuthenticationRequest request = this.factory.createPostAuthenticationRequest(context);
 		String samlRequest = request.getSamlRequest();
-		String inflated = new String(samlDecode(samlRequest));
+		String inflated = new String(Saml2Utils.samlDecode(samlRequest));
 		assertThat(inflated).contains("ProtocolBinding=\"" + SAMLConstants.SAML2_REDIRECT_BINDING_URI + "\"");
 	}
 
 	private AuthnRequest getAuthNRequest(Saml2MessageBinding binding) {
-		AbstractSaml2AuthenticationRequest result = (binding == REDIRECT)
+		AbstractSaml2AuthenticationRequest result = (binding == Saml2MessageBinding.REDIRECT)
 				? this.factory.createRedirectAuthenticationRequest(this.context)
 				: this.factory.createPostAuthenticationRequest(this.context);
 		String samlRequest = result.getSamlRequest();
 		assertThat(samlRequest).isNotEmpty();
-		if (result.getBinding() == REDIRECT) {
-			samlRequest = samlInflate(samlDecode(samlRequest));
+		if (result.getBinding() == Saml2MessageBinding.REDIRECT) {
+			samlRequest = Saml2Utils.samlInflate(Saml2Utils.samlDecode(samlRequest));
 		}
 		else {
-			samlRequest = new String(samlDecode(samlRequest), UTF_8);
+			samlRequest = new String(Saml2Utils.samlDecode(samlRequest), StandardCharsets.UTF_8);
 		}
 		try {
-			Document document = getParserPool().parse(new ByteArrayInputStream(samlRequest.getBytes(UTF_8)));
+			Document document = XMLObjectProviderRegistrySupport.getParserPool()
+					.parse(new ByteArrayInputStream(samlRequest.getBytes(StandardCharsets.UTF_8)));
 			Element element = document.getDocumentElement();
 			return (AuthnRequest) this.unmarshaller.unmarshall(element);
 		}
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationRequestFactoryTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationRequestFactoryTests.java
index 2a13ed2220..383b0ed5f9 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationRequestFactoryTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationRequestFactoryTests.java
@@ -20,12 +20,10 @@ import java.util.UUID;
 
 import org.junit.Test;
 
+import org.springframework.security.saml2.credentials.TestSaml2X509Credentials;
 import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.springframework.security.saml2.credentials.TestSaml2X509Credentials.relyingPartySigningCredential;
-import static org.springframework.security.saml2.provider.service.authentication.Saml2Utils.samlDecode;
-import static org.springframework.security.saml2.provider.service.authentication.Saml2Utils.samlInflate;
 
 /**
  * Tests for {@link Saml2AuthenticationRequestFactory} default interface methods
@@ -36,7 +34,7 @@ public class Saml2AuthenticationRequestFactoryTests {
 			.assertionConsumerServiceUrlTemplate("template")
 			.providerDetails(c -> c.webSsoUrl("https://example.com/destination"))
 			.providerDetails(c -> c.entityId("remote-entity-id")).localEntityIdTemplate("local-entity-id")
-			.credentials(c -> c.add(relyingPartySigningCredential())).build();
+			.credentials(c -> c.add(TestSaml2X509Credentials.relyingPartySigningCredential())).build();
 
 	@Test
 	public void createAuthenticationRequestParametersWhenRedirectDefaultIsUsedMessageIsDeflatedAndEncoded() {
@@ -47,8 +45,8 @@ public class Saml2AuthenticationRequestFactoryTests {
 				.assertionConsumerServiceUrl("https://example.com/acs-url").build();
 		Saml2RedirectAuthenticationRequest response = factory.createRedirectAuthenticationRequest(request);
 		String resultValue = response.getSamlRequest();
-		byte[] decoded = samlDecode(resultValue);
-		String inflated = samlInflate(decoded);
+		byte[] decoded = Saml2Utils.samlDecode(resultValue);
+		String inflated = Saml2Utils.samlInflate(decoded);
 		assertThat(inflated).isEqualTo(value);
 	}
 
@@ -61,7 +59,7 @@ public class Saml2AuthenticationRequestFactoryTests {
 				.assertionConsumerServiceUrl("https://example.com/acs-url").build();
 		Saml2PostAuthenticationRequest response = factory.createPostAuthenticationRequest(request);
 		String resultValue = response.getSamlRequest();
-		byte[] decoded = samlDecode(resultValue);
+		byte[] decoded = Saml2Utils.samlDecode(resultValue);
 		assertThat(new String(decoded)).isEqualTo(value);
 	}
 
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/TestOpenSamlObjects.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/TestOpenSamlObjects.java
index c5356f4cea..6cb77f7558 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/TestOpenSamlObjects.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/TestOpenSamlObjects.java
@@ -30,6 +30,7 @@ import org.apache.xml.security.encryption.XMLCipherParameters;
 import org.joda.time.DateTime;
 import org.joda.time.Duration;
 import org.opensaml.core.xml.XMLObject;
+import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
 import org.opensaml.core.xml.io.MarshallingException;
 import org.opensaml.core.xml.schema.XSAny;
 import org.opensaml.core.xml.schema.XSBoolean;
@@ -79,8 +80,6 @@ import org.springframework.security.saml2.Saml2Exception;
 import org.springframework.security.saml2.core.OpenSamlInitializationService;
 import org.springframework.security.saml2.core.Saml2X509Credential;
 
-import static org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport.getBuilderFactory;
-
 final class TestOpenSamlObjects {
 
 	static {
@@ -368,7 +367,7 @@ final class TestOpenSamlObjects {
 	}
 
 	static <T extends XMLObject> T build(QName qName) {
-		return (T) getBuilderFactory().getBuilder(qName).buildObject(qName);
+		return (T) XMLObjectProviderRegistrySupport.getBuilderFactory().getBuilder(qName).buildObject(qName);
 	}
 
 }
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/TestSaml2AuthenticationRequestContexts.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/TestSaml2AuthenticationRequestContexts.java
index d5f784373a..451ef004eb 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/TestSaml2AuthenticationRequestContexts.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/TestSaml2AuthenticationRequestContexts.java
@@ -16,7 +16,7 @@
 
 package org.springframework.security.saml2.provider.service.authentication;
 
-import static org.springframework.security.saml2.provider.service.registration.TestRelyingPartyRegistrations.relyingPartyRegistration;
+import org.springframework.security.saml2.provider.service.registration.TestRelyingPartyRegistrations;
 
 /**
  * Test {@link Saml2AuthenticationRequestContext}s
@@ -25,7 +25,7 @@ public class TestSaml2AuthenticationRequestContexts {
 
 	public static Saml2AuthenticationRequestContext.Builder authenticationRequestContext() {
 		return Saml2AuthenticationRequestContext.builder().relayState("relayState").issuer("issuer")
-				.relyingPartyRegistration(relyingPartyRegistration().build())
+				.relyingPartyRegistration(TestRelyingPartyRegistrations.relyingPartyRegistration().build())
 				.assertionConsumerServiceUrl("assertionConsumerServiceUrl");
 	}
 
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/metadata/OpenSamlMetadataResolverTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/metadata/OpenSamlMetadataResolverTests.java
index f062d23502..4d66195f89 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/metadata/OpenSamlMetadataResolverTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/metadata/OpenSamlMetadataResolverTests.java
@@ -18,13 +18,12 @@ package org.springframework.security.saml2.provider.service.metadata;
 
 import org.junit.Test;
 
+import org.springframework.security.saml2.core.TestSaml2X509Credentials;
 import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
+import org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding;
+import org.springframework.security.saml2.provider.service.registration.TestRelyingPartyRegistrations;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.springframework.security.saml2.core.TestSaml2X509Credentials.relyingPartyVerifyingCredential;
-import static org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding.REDIRECT;
-import static org.springframework.security.saml2.provider.service.registration.TestRelyingPartyRegistrations.full;
-import static org.springframework.security.saml2.provider.service.registration.TestRelyingPartyRegistrations.noCredentials;
 
 /**
  * Tests for {@link OpenSamlMetadataResolver}
@@ -34,7 +33,8 @@ public class OpenSamlMetadataResolverTests {
 	@Test
 	public void resolveWhenRelyingPartyThenMetadataMatches() {
 		// given
-		RelyingPartyRegistration relyingPartyRegistration = full().assertionConsumerServiceBinding(REDIRECT).build();
+		RelyingPartyRegistration relyingPartyRegistration = TestRelyingPartyRegistrations.full()
+				.assertionConsumerServiceBinding(Saml2MessageBinding.REDIRECT).build();
 		OpenSamlMetadataResolver openSamlMetadataResolver = new OpenSamlMetadataResolver();
 
 		// when
@@ -52,9 +52,9 @@ public class OpenSamlMetadataResolverTests {
 	@Test
 	public void resolveWhenRelyingPartyNoCredentialsThenMetadataMatches() {
 		// given
-		RelyingPartyRegistration relyingPartyRegistration = noCredentials()
-				.assertingPartyDetails(
-						party -> party.verificationX509Credentials(c -> c.add(relyingPartyVerifyingCredential())))
+		RelyingPartyRegistration relyingPartyRegistration = TestRelyingPartyRegistrations.noCredentials()
+				.assertingPartyDetails(party -> party.verificationX509Credentials(
+						c -> c.add(TestSaml2X509Credentials.relyingPartyVerifyingCredential())))
 				.build();
 		OpenSamlMetadataResolver openSamlMetadataResolver = new OpenSamlMetadataResolver();
 
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverterTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverterTests.java
index 7241cfc1a9..0d5733b82e 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverterTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverterTests.java
@@ -25,12 +25,12 @@ import java.util.Base64;
 import org.junit.Before;
 import org.junit.Test;
 
+import org.springframework.http.HttpStatus;
 import org.springframework.mock.http.client.MockClientHttpResponse;
 import org.springframework.security.saml2.Saml2Exception;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatCode;
-import static org.springframework.http.HttpStatus.OK;
 
 public class OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverterTests {
 
@@ -62,7 +62,7 @@ public class OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverterTests {
 	@Test
 	public void readWhenMissingIDPSSODescriptorThenException() {
 		MockClientHttpResponse response = new MockClientHttpResponse(
-				(String.format(ENTITY_DESCRIPTOR_TEMPLATE, "")).getBytes(), OK);
+				(String.format(ENTITY_DESCRIPTOR_TEMPLATE, "")).getBytes(), HttpStatus.OK);
 		assertThatCode(() -> this.converter.read(RelyingPartyRegistration.Builder.class, response))
 				.isInstanceOf(Saml2Exception.class)
 				.hasMessageContaining("Metadata response is missing the necessary IDPSSODescriptor element");
@@ -71,7 +71,7 @@ public class OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverterTests {
 	@Test
 	public void readWhenMissingVerificationKeyThenException() {
 		String payload = String.format(ENTITY_DESCRIPTOR_TEMPLATE, String.format(IDP_SSO_DESCRIPTOR_TEMPLATE, ""));
-		MockClientHttpResponse response = new MockClientHttpResponse(payload.getBytes(), OK);
+		MockClientHttpResponse response = new MockClientHttpResponse(payload.getBytes(), HttpStatus.OK);
 		assertThatCode(() -> this.converter.read(RelyingPartyRegistration.Builder.class, response))
 				.isInstanceOf(Saml2Exception.class).hasMessageContaining(
 						"Metadata response is missing verification certificates, necessary for verifying SAML assertions");
@@ -81,7 +81,7 @@ public class OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverterTests {
 	public void readWhenMissingSingleSignOnServiceThenException() {
 		String payload = String.format(ENTITY_DESCRIPTOR_TEMPLATE,
 				String.format(IDP_SSO_DESCRIPTOR_TEMPLATE, String.format(KEY_DESCRIPTOR_TEMPLATE, "use=\"signing\"")));
-		MockClientHttpResponse response = new MockClientHttpResponse(payload.getBytes(), OK);
+		MockClientHttpResponse response = new MockClientHttpResponse(payload.getBytes(), HttpStatus.OK);
 		assertThatCode(() -> this.converter.read(RelyingPartyRegistration.Builder.class, response))
 				.isInstanceOf(Saml2Exception.class).hasMessageContaining(
 						"Metadata response is missing a SingleSignOnService, necessary for sending AuthnRequests");
@@ -94,7 +94,7 @@ public class OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverterTests {
 						String.format(KEY_DESCRIPTOR_TEMPLATE, "use=\"signing\"")
 								+ String.format(KEY_DESCRIPTOR_TEMPLATE, "use=\"encryption\"")
 								+ String.format(SINGLE_SIGN_ON_SERVICE_TEMPLATE)));
-		MockClientHttpResponse response = new MockClientHttpResponse(payload.getBytes(), OK);
+		MockClientHttpResponse response = new MockClientHttpResponse(payload.getBytes(), HttpStatus.OK);
 		RelyingPartyRegistration registration = this.converter.read(RelyingPartyRegistration.Builder.class, response)
 				.registrationId("one").build();
 		RelyingPartyRegistration.AssertingPartyDetails details = registration.getAssertingPartyDetails();
@@ -114,7 +114,7 @@ public class OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverterTests {
 	public void readWhenKeyDescriptorHasNoUseThenConfiguresBothKeyTypes() throws Exception {
 		String payload = String.format(ENTITY_DESCRIPTOR_TEMPLATE, String.format(IDP_SSO_DESCRIPTOR_TEMPLATE,
 				String.format(KEY_DESCRIPTOR_TEMPLATE, "") + String.format(SINGLE_SIGN_ON_SERVICE_TEMPLATE)));
-		MockClientHttpResponse response = new MockClientHttpResponse(payload.getBytes(), OK);
+		MockClientHttpResponse response = new MockClientHttpResponse(payload.getBytes(), HttpStatus.OK);
 		RelyingPartyRegistration registration = this.converter.read(RelyingPartyRegistration.Builder.class, response)
 				.registrationId("one").build();
 		RelyingPartyRegistration.AssertingPartyDetails details = registration.getAssertingPartyDetails();
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistrationTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistrationTests.java
index cad36be5d4..cc85cac289 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistrationTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistrationTests.java
@@ -18,19 +18,17 @@ package org.springframework.security.saml2.provider.service.registration;
 
 import org.junit.Test;
 
+import org.springframework.security.saml2.credentials.TestSaml2X509Credentials;
 import org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationFilter;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.springframework.security.saml2.credentials.TestSaml2X509Credentials.relyingPartyVerifyingCredential;
-import static org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.withRegistrationId;
-import static org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding.POST;
-import static org.springframework.security.saml2.provider.service.registration.TestRelyingPartyRegistrations.relyingPartyRegistration;
 
 public class RelyingPartyRegistrationTests {
 
 	@Test
 	public void withRelyingPartyRegistrationWorks() {
-		RelyingPartyRegistration registration = relyingPartyRegistration().providerDetails(p -> p.binding(POST))
+		RelyingPartyRegistration registration = TestRelyingPartyRegistrations.relyingPartyRegistration()
+				.providerDetails(p -> p.binding(Saml2MessageBinding.POST))
 				.providerDetails(p -> p.signAuthNRequest(false))
 				.assertionConsumerServiceBinding(Saml2MessageBinding.REDIRECT).build();
 		RelyingPartyRegistration copy = RelyingPartyRegistration.withRelyingPartyRegistration(registration).build();
@@ -59,7 +57,8 @@ public class RelyingPartyRegistrationTests {
 				.isEqualTo("https://simplesaml-for-spring-saml.cfapps.io/saml2/idp/SSOService.php");
 		assertThat(copy.getProviderDetails().getBinding()).isEqualTo(registration.getProviderDetails().getBinding())
 				.isEqualTo(copy.getAssertingPartyDetails().getSingleSignOnServiceBinding())
-				.isEqualTo(registration.getAssertingPartyDetails().getSingleSignOnServiceBinding()).isEqualTo(POST);
+				.isEqualTo(registration.getAssertingPartyDetails().getSingleSignOnServiceBinding())
+				.isEqualTo(Saml2MessageBinding.POST);
 		assertThat(copy.getProviderDetails().isSignAuthNRequest())
 				.isEqualTo(registration.getProviderDetails().isSignAuthNRequest())
 				.isEqualTo(copy.getAssertingPartyDetails().getWantAuthnRequestsSigned())
@@ -76,13 +75,13 @@ public class RelyingPartyRegistrationTests {
 
 	@Test
 	public void buildWhenUsingDefaultsThenAssertionConsumerServiceBindingDefaultsToPost() {
-		RelyingPartyRegistration relyingPartyRegistration = withRegistrationId("id").entityId("entity-id")
-				.assertionConsumerServiceLocation("location")
+		RelyingPartyRegistration relyingPartyRegistration = RelyingPartyRegistration.withRegistrationId("id")
+				.entityId("entity-id").assertionConsumerServiceLocation("location")
 				.assertingPartyDetails(
 						assertingParty -> assertingParty.entityId("entity-id").singleSignOnServiceLocation("location"))
-				.credentials(c -> c.add(relyingPartyVerifyingCredential())).build();
+				.credentials(c -> c.add(TestSaml2X509Credentials.relyingPartyVerifyingCredential())).build();
 
-		assertThat(relyingPartyRegistration.getAssertionConsumerServiceBinding()).isEqualTo(POST);
+		assertThat(relyingPartyRegistration.getAssertionConsumerServiceBinding()).isEqualTo(Saml2MessageBinding.POST);
 	}
 
 }
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistrationsTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistrationsTests.java
index 1af5ede3b7..52c08c80ae 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistrationsTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistrationsTests.java
@@ -23,7 +23,7 @@ import org.junit.Test;
 import org.springframework.security.saml2.Saml2Exception;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.AssertionsForClassTypes.assertThatCode;
+import static org.assertj.core.api.Assertions.assertThatCode;
 
 /**
  * Tests for {@link RelyingPartyRegistration}
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/TestRelyingPartyRegistrations.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/TestRelyingPartyRegistrations.java
index dd0f502553..62b3e4f2a2 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/TestRelyingPartyRegistrations.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/TestRelyingPartyRegistrations.java
@@ -16,13 +16,10 @@
 
 package org.springframework.security.saml2.provider.service.registration;
 
-import org.springframework.security.saml2.core.TestSaml2X509Credentials;
 import org.springframework.security.saml2.credentials.Saml2X509Credential;
+import org.springframework.security.saml2.credentials.TestSaml2X509Credentials;
 import org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationFilter;
 
-import static org.springframework.security.saml2.credentials.TestSaml2X509Credentials.relyingPartySigningCredential;
-import static org.springframework.security.saml2.credentials.TestSaml2X509Credentials.relyingPartyVerifyingCredential;
-
 /**
  * Preconfigured test data for {@link RelyingPartyRegistration} objects
  */
@@ -32,12 +29,12 @@ public class TestRelyingPartyRegistrations {
 		String registrationId = "simplesamlphp";
 
 		String rpEntityId = "{baseUrl}/saml2/service-provider-metadata/{registrationId}";
-		Saml2X509Credential signingCredential = relyingPartySigningCredential();
+		Saml2X509Credential signingCredential = TestSaml2X509Credentials.relyingPartySigningCredential();
 		String assertionConsumerServiceLocation = "{baseUrl}"
 				+ Saml2WebSsoAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI;
 
 		String apEntityId = "https://simplesaml-for-spring-saml.cfapps.io/saml2/idp/metadata.php";
-		Saml2X509Credential verificationCertificate = relyingPartyVerifyingCredential();
+		Saml2X509Credential verificationCertificate = TestSaml2X509Credentials.relyingPartyVerifyingCredential();
 		String singleSignOnServiceLocation = "https://simplesaml-for-spring-saml.cfapps.io/saml2/idp/SSOService.php";
 
 		return RelyingPartyRegistration.withRegistrationId(registrationId).entityId(rpEntityId)
@@ -55,10 +52,13 @@ public class TestRelyingPartyRegistrations {
 
 	public static RelyingPartyRegistration.Builder full() {
 		return noCredentials()
-				.signingX509Credentials(c -> c.add(TestSaml2X509Credentials.relyingPartySigningCredential()))
-				.decryptionX509Credentials(c -> c.add(TestSaml2X509Credentials.relyingPartyDecryptingCredential()))
+				.signingX509Credentials(c -> c.add(org.springframework.security.saml2.core.TestSaml2X509Credentials
+						.relyingPartySigningCredential()))
+				.decryptionX509Credentials(c -> c.add(org.springframework.security.saml2.core.TestSaml2X509Credentials
+						.relyingPartyDecryptingCredential()))
 				.assertingPartyDetails(party -> party.verificationX509Credentials(
-						c -> c.add(TestSaml2X509Credentials.relyingPartyVerifyingCredential())));
+						c -> c.add(org.springframework.security.saml2.core.TestSaml2X509Credentials
+								.relyingPartyVerifyingCredential())));
 	}
 
 }
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationRequestFilterTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationRequestFilterTests.java
index 69368eec00..78a1e50025 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationRequestFilterTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationRequestFilterTests.java
@@ -27,10 +27,13 @@ import org.junit.Test;
 import org.springframework.mock.web.MockFilterChain;
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
+import org.springframework.security.saml2.credentials.TestSaml2X509Credentials;
 import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationRequestFactory;
 import org.springframework.security.saml2.provider.service.authentication.Saml2PostAuthenticationRequest;
+import org.springframework.security.saml2.provider.service.authentication.TestSaml2AuthenticationRequestContexts;
 import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
 import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository;
+import org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding;
 import org.springframework.security.saml2.provider.service.web.Saml2AuthenticationRequestContextResolver;
 import org.springframework.web.util.HtmlUtils;
 import org.springframework.web.util.UriUtils;
@@ -42,9 +45,6 @@ import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.verifyNoInteractions;
-import static org.springframework.security.saml2.credentials.TestSaml2X509Credentials.assertingPartyPrivateCredential;
-import static org.springframework.security.saml2.provider.service.authentication.TestSaml2AuthenticationRequestContexts.authenticationRequestContext;
-import static org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding.POST;
 
 public class Saml2WebSsoAuthenticationRequestFilterTests {
 
@@ -78,7 +78,7 @@ public class Saml2WebSsoAuthenticationRequestFilterTests {
 		this.rpBuilder = RelyingPartyRegistration.withRegistrationId("registration-id")
 				.providerDetails(c -> c.entityId("idp-entity-id")).providerDetails(c -> c.webSsoUrl(IDP_SSO_URL))
 				.assertionConsumerServiceUrlTemplate("template")
-				.credentials(c -> c.add(assertingPartyPrivateCredential()));
+				.credentials(c -> c.add(TestSaml2X509Credentials.assertingPartyPrivateCredential()));
 	}
 
 	@Test
@@ -133,7 +133,7 @@ public class Saml2WebSsoAuthenticationRequestFilterTests {
 	@Test
 	public void doFilterWhenPostFormDataIsPresent() throws Exception {
 		given(this.repository.findByRegistrationId("registration-id"))
-				.willReturn(this.rpBuilder.providerDetails(c -> c.binding(POST)).build());
+				.willReturn(this.rpBuilder.providerDetails(c -> c.binding(Saml2MessageBinding.POST)).build());
 		final String relayStateValue = "https://my-relay-state.example.com?with=param&other=param&javascript{alert('1');}";
 		final String relayStateEncoded = HtmlUtils.htmlEscape(relayStateValue);
 		this.request.setParameter("RelayState", relayStateValue);
@@ -147,7 +147,8 @@ public class Saml2WebSsoAuthenticationRequestFilterTests {
 
 	@Test
 	public void doFilterWhenSetAuthenticationRequestFactoryThenUses() throws Exception {
-		RelyingPartyRegistration relyingParty = this.rpBuilder.providerDetails(c -> c.binding(POST)).build();
+		RelyingPartyRegistration relyingParty = this.rpBuilder.providerDetails(c -> c.binding(Saml2MessageBinding.POST))
+				.build();
 		Saml2PostAuthenticationRequest authenticationRequest = mock(Saml2PostAuthenticationRequest.class);
 		given(authenticationRequest.getAuthenticationRequestUri()).willReturn("uri");
 		given(authenticationRequest.getRelayState()).willReturn("relay");
@@ -166,13 +167,14 @@ public class Saml2WebSsoAuthenticationRequestFilterTests {
 
 	@Test
 	public void doFilterWhenCustomAuthenticationRequestFactoryThenUses() throws Exception {
-		RelyingPartyRegistration relyingParty = this.rpBuilder.providerDetails(c -> c.binding(POST)).build();
+		RelyingPartyRegistration relyingParty = this.rpBuilder.providerDetails(c -> c.binding(Saml2MessageBinding.POST))
+				.build();
 		Saml2PostAuthenticationRequest authenticationRequest = mock(Saml2PostAuthenticationRequest.class);
 		given(authenticationRequest.getAuthenticationRequestUri()).willReturn("uri");
 		given(authenticationRequest.getRelayState()).willReturn("relay");
 		given(authenticationRequest.getSamlRequest()).willReturn("saml");
-		given(this.resolver.resolve(this.request))
-				.willReturn(authenticationRequestContext().relyingPartyRegistration(relyingParty).build());
+		given(this.resolver.resolve(this.request)).willReturn(TestSaml2AuthenticationRequestContexts
+				.authenticationRequestContext().relyingPartyRegistration(relyingParty).build());
 		given(this.factory.createPostAuthenticationRequest(any())).willReturn(authenticationRequest);
 
 		Saml2WebSsoAuthenticationRequestFilter filter = new Saml2WebSsoAuthenticationRequestFilter(this.resolver,
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/DefaultRelyingPartyRegistrationResolverTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/DefaultRelyingPartyRegistrationResolverTests.java
index 99f5e261a0..9f916f5974 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/DefaultRelyingPartyRegistrationResolverTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/DefaultRelyingPartyRegistrationResolverTests.java
@@ -22,17 +22,18 @@ import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.security.saml2.provider.service.registration.InMemoryRelyingPartyRegistrationRepository;
 import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
 import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository;
+import org.springframework.security.saml2.provider.service.registration.TestRelyingPartyRegistrations;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatCode;
-import static org.springframework.security.saml2.provider.service.registration.TestRelyingPartyRegistrations.relyingPartyRegistration;
 
 /**
  * Tests for {@link DefaultRelyingPartyRegistrationResolver}
  */
 public class DefaultRelyingPartyRegistrationResolverTests {
 
-	private final RelyingPartyRegistration registration = relyingPartyRegistration().build();
+	private final RelyingPartyRegistration registration = TestRelyingPartyRegistrations.relyingPartyRegistration()
+			.build();
 
 	private final RelyingPartyRegistrationRepository repository = new InMemoryRelyingPartyRegistrationRepository(
 			this.registration);
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/DefaultSaml2AuthenticationRequestContextResolverTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/DefaultSaml2AuthenticationRequestContextResolverTests.java
index 8b70331dcd..e12618d650 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/DefaultSaml2AuthenticationRequestContextResolverTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/DefaultSaml2AuthenticationRequestContextResolverTests.java
@@ -20,12 +20,12 @@ import org.junit.Before;
 import org.junit.Test;
 
 import org.springframework.mock.web.MockHttpServletRequest;
+import org.springframework.security.saml2.credentials.TestSaml2X509Credentials;
 import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationRequestContext;
 import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatCode;
-import static org.springframework.security.saml2.credentials.TestSaml2X509Credentials.relyingPartyVerifyingCredential;
 
 /**
  * Tests for {@link DefaultSaml2AuthenticationRequestContextResolver}
@@ -61,7 +61,7 @@ public class DefaultSaml2AuthenticationRequestContextResolverTests {
 				.providerDetails(c -> c.entityId(ASSERTING_PARTY_ENTITY_ID))
 				.providerDetails(c -> c.webSsoUrl(ASSERTING_PARTY_SSO_URL))
 				.assertionConsumerServiceUrlTemplate(RELYING_PARTY_SSO_URL)
-				.credentials(c -> c.add(relyingPartyVerifyingCredential()));
+				.credentials(c -> c.add(TestSaml2X509Credentials.relyingPartyVerifyingCredential()));
 	}
 
 	@Test
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationTokenConverterTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationTokenConverterTests.java
index a653845697..a3a969b2f7 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationTokenConverterTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationTokenConverterTests.java
@@ -32,15 +32,14 @@ import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.security.saml2.core.Saml2Utils;
 import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationToken;
 import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
+import org.springframework.security.saml2.provider.service.registration.TestRelyingPartyRegistrations;
 import org.springframework.util.StreamUtils;
 import org.springframework.web.util.UriUtils;
 
-import static java.nio.charset.StandardCharsets.UTF_8;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatCode;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.BDDMockito.given;
-import static org.springframework.security.saml2.provider.service.registration.TestRelyingPartyRegistrations.relyingPartyRegistration;
 
 @RunWith(MockitoJUnitRunner.class)
 public class Saml2AuthenticationTokenConverterTests {
@@ -48,7 +47,8 @@ public class Saml2AuthenticationTokenConverterTests {
 	@Mock
 	Converter<HttpServletRequest, RelyingPartyRegistration> relyingPartyRegistrationResolver;
 
-	RelyingPartyRegistration relyingPartyRegistration = relyingPartyRegistration().build();
+	RelyingPartyRegistration relyingPartyRegistration = TestRelyingPartyRegistrations.relyingPartyRegistration()
+			.build();
 
 	@Test
 	public void convertWhenSamlResponseThenToken() {
@@ -57,7 +57,7 @@ public class Saml2AuthenticationTokenConverterTests {
 		given(this.relyingPartyRegistrationResolver.convert(any(HttpServletRequest.class)))
 				.willReturn(this.relyingPartyRegistration);
 		MockHttpServletRequest request = new MockHttpServletRequest();
-		request.setParameter("SAMLResponse", Saml2Utils.samlEncode("response".getBytes(UTF_8)));
+		request.setParameter("SAMLResponse", Saml2Utils.samlEncode("response".getBytes(StandardCharsets.UTF_8)));
 		Saml2AuthenticationToken token = converter.convert(request);
 		assertThat(token.getSaml2Response()).isEqualTo("response");
 		assertThat(token.getRelyingPartyRegistration().getRegistrationId())
@@ -126,7 +126,7 @@ public class Saml2AuthenticationTokenConverterTests {
 	private String getSsoCircleEncodedXml() throws IOException {
 		ClassPathResource resource = new ClassPathResource("saml2-response-sso-circle.encoded");
 		String response = StreamUtils.copyToString(resource.getInputStream(), StandardCharsets.UTF_8);
-		return UriUtils.decode(response, UTF_8);
+		return UriUtils.decode(response, StandardCharsets.UTF_8);
 	}
 
 }
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilterTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilterTests.java
index 3e4fe4d575..672b53f6f7 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilterTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilterTests.java
@@ -23,9 +23,11 @@ import org.junit.Test;
 
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
+import org.springframework.security.saml2.core.TestSaml2X509Credentials;
 import org.springframework.security.saml2.provider.service.metadata.Saml2MetadataResolver;
 import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
 import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository;
+import org.springframework.security.saml2.provider.service.registration.TestRelyingPartyRegistrations;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 
 import static org.assertj.core.api.Assertions.assertThat;
@@ -34,8 +36,6 @@ import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.verifyNoInteractions;
-import static org.springframework.security.saml2.core.TestSaml2X509Credentials.relyingPartyVerifyingCredential;
-import static org.springframework.security.saml2.provider.service.registration.TestRelyingPartyRegistrations.noCredentials;
 
 /**
  * Tests for {@link Saml2MetadataFilter}
@@ -108,9 +108,9 @@ public class Saml2MetadataFilterTests {
 	public void doFilterWhenRelyingPartyRegistrationFoundThenInvokesMetadataResolver() throws Exception {
 		// given
 		this.request.setPathInfo("/saml2/service-provider-metadata/validRegistration");
-		RelyingPartyRegistration validRegistration = noCredentials()
-				.assertingPartyDetails(
-						party -> party.verificationX509Credentials(c -> c.add(relyingPartyVerifyingCredential())))
+		RelyingPartyRegistration validRegistration = TestRelyingPartyRegistrations.noCredentials()
+				.assertingPartyDetails(party -> party.verificationX509Credentials(
+						c -> c.add(TestSaml2X509Credentials.relyingPartyVerifyingCredential())))
 				.build();
 
 		String generatedMetadata = "<xml>test</xml>";
diff --git a/test/src/main/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurers.java b/test/src/main/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurers.java
index c6de53ae1d..33c7cd330f 100644
--- a/test/src/main/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurers.java
+++ b/test/src/main/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurers.java
@@ -67,6 +67,7 @@ import org.springframework.security.oauth2.core.user.DefaultOAuth2User;
 import org.springframework.security.oauth2.core.user.OAuth2User;
 import org.springframework.security.oauth2.core.user.OAuth2UserAuthority;
 import org.springframework.security.oauth2.jwt.Jwt;
+import org.springframework.security.oauth2.jwt.JwtClaimNames;
 import org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthentication;
 import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
 import org.springframework.security.oauth2.server.resource.authentication.JwtGrantedAuthoritiesConverter;
@@ -89,9 +90,6 @@ import org.springframework.web.server.WebFilter;
 import org.springframework.web.server.WebFilterChain;
 import org.springframework.web.server.adapter.WebHttpHandlerBuilder;
 
-import static java.lang.Boolean.TRUE;
-import static org.springframework.security.oauth2.jwt.JwtClaimNames.SUB;
-
 /**
  * Test utilities for working with Spring Security and
  * {@link org.springframework.test.web.reactive.server.WebTestClient.Builder#apply(WebTestClientConfigurer)}.
@@ -469,8 +467,8 @@ public class SecurityMockServerConfigurers {
 		 * @return the {@link JwtMutator} for further configuration
 		 */
 		public JwtMutator jwt(Consumer<Jwt.Builder> jwtBuilderConsumer) {
-			Jwt.Builder jwtBuilder = Jwt.withTokenValue("token").header("alg", "none").claim(SUB, "user").claim("scope",
-					"read");
+			Jwt.Builder jwtBuilder = Jwt.withTokenValue("token").header("alg", "none").claim(JwtClaimNames.SUB, "user")
+					.claim("scope", "read");
 			jwtBuilderConsumer.accept(jwtBuilder);
 			this.jwt = jwtBuilder.build();
 			return this;
@@ -1178,11 +1176,11 @@ public class SecurityMockServerConfigurers {
 			}
 
 			public static void enable(ServerWebExchange exchange) {
-				exchange.getAttributes().put(ENABLED_ATTR_NAME, TRUE);
+				exchange.getAttributes().put(ENABLED_ATTR_NAME, Boolean.TRUE);
 			}
 
 			public boolean isEnabled(ServerWebExchange exchange) {
-				return TRUE.equals(exchange.getAttribute(ENABLED_ATTR_NAME));
+				return Boolean.TRUE.equals(exchange.getAttribute(ENABLED_ATTR_NAME));
 			}
 
 		}
diff --git a/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessors.java b/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessors.java
index 6a02265a14..ee790115e2 100644
--- a/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessors.java
+++ b/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessors.java
@@ -79,6 +79,7 @@ import org.springframework.security.oauth2.core.user.DefaultOAuth2User;
 import org.springframework.security.oauth2.core.user.OAuth2User;
 import org.springframework.security.oauth2.core.user.OAuth2UserAuthority;
 import org.springframework.security.oauth2.jwt.Jwt;
+import org.springframework.security.oauth2.jwt.JwtClaimNames;
 import org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthentication;
 import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
 import org.springframework.security.oauth2.server.resource.authentication.JwtGrantedAuthoritiesConverter;
@@ -105,9 +106,6 @@ import org.springframework.web.context.support.WebApplicationContextUtils;
 import org.springframework.web.method.support.HandlerMethodArgumentResolver;
 import org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter;
 
-import static java.lang.Boolean.TRUE;
-import static org.springframework.security.oauth2.jwt.JwtClaimNames.SUB;
-
 /**
  * Contains {@link MockMvc} {@link RequestPostProcessor} implementations for Spring
  * Security.
@@ -570,11 +568,11 @@ public final class SecurityMockMvcRequestPostProcessors {
 			}
 
 			public static void enable(HttpServletRequest request) {
-				request.setAttribute(ENABLED_ATTR_NAME, TRUE);
+				request.setAttribute(ENABLED_ATTR_NAME, Boolean.TRUE);
 			}
 
 			public boolean isEnabled(HttpServletRequest request) {
-				return TRUE.equals(request.getAttribute(ENABLED_ATTR_NAME));
+				return Boolean.TRUE.equals(request.getAttribute(ENABLED_ATTR_NAME));
 			}
 
 		}
@@ -1071,8 +1069,8 @@ public final class SecurityMockMvcRequestPostProcessors {
 		 * @return the {@link JwtRequestPostProcessor} for additional customization
 		 */
 		public JwtRequestPostProcessor jwt(Consumer<Jwt.Builder> jwtBuilderConsumer) {
-			Jwt.Builder jwtBuilder = Jwt.withTokenValue("token").header("alg", "none").claim(SUB, "user").claim("scope",
-					"read");
+			Jwt.Builder jwtBuilder = Jwt.withTokenValue("token").header("alg", "none").claim(JwtClaimNames.SUB, "user")
+					.claim("scope", "read");
 			jwtBuilderConsumer.accept(jwtBuilder);
 			this.jwt = jwtBuilder.build();
 			return this;
@@ -1661,11 +1659,11 @@ public final class SecurityMockMvcRequestPostProcessors {
 			}
 
 			public static void enable(HttpServletRequest request) {
-				request.setAttribute(ENABLED_ATTR_NAME, TRUE);
+				request.setAttribute(ENABLED_ATTR_NAME, Boolean.TRUE);
 			}
 
 			public boolean isEnabled(HttpServletRequest request) {
-				return TRUE.equals(request.getAttribute(ENABLED_ATTR_NAME));
+				return Boolean.TRUE.equals(request.getAttribute(ENABLED_ATTR_NAME));
 			}
 
 		}
diff --git a/test/src/main/java/org/springframework/security/test/web/servlet/response/SecurityMockMvcResultMatchers.java b/test/src/main/java/org/springframework/security/test/web/servlet/response/SecurityMockMvcResultMatchers.java
index a284463c3b..a767f23604 100644
--- a/test/src/main/java/org/springframework/security/test/web/servlet/response/SecurityMockMvcResultMatchers.java
+++ b/test/src/main/java/org/springframework/security/test/web/servlet/response/SecurityMockMvcResultMatchers.java
@@ -28,13 +28,11 @@ import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.test.web.support.WebTestUtils;
 import org.springframework.security.web.context.HttpRequestResponseHolder;
 import org.springframework.security.web.context.SecurityContextRepository;
+import org.springframework.test.util.AssertionErrors;
 import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.test.web.servlet.MvcResult;
 import org.springframework.test.web.servlet.ResultMatcher;
 
-import static org.springframework.test.util.AssertionErrors.assertEquals;
-import static org.springframework.test.util.AssertionErrors.assertTrue;
-
 /**
  * Security related {@link MockMvc} {@link ResultMatcher}s.
  *
@@ -97,42 +95,46 @@ public final class SecurityMockMvcResultMatchers {
 
 			Authentication auth = context.getAuthentication();
 
-			assertTrue("Authentication should not be null", auth != null);
+			AssertionErrors.assertTrue("Authentication should not be null", auth != null);
 
 			if (this.assertAuthentication != null) {
 				this.assertAuthentication.accept(auth);
 			}
 
 			if (this.expectedContext != null) {
-				assertEquals(this.expectedContext + " does not equal " + context, this.expectedContext, context);
+				AssertionErrors.assertEquals(this.expectedContext + " does not equal " + context, this.expectedContext,
+						context);
 			}
 
 			if (this.expectedAuthentication != null) {
-				assertEquals(this.expectedAuthentication + " does not equal " + context.getAuthentication(),
+				AssertionErrors.assertEquals(
+						this.expectedAuthentication + " does not equal " + context.getAuthentication(),
 						this.expectedAuthentication, context.getAuthentication());
 			}
 
 			if (this.expectedAuthenticationPrincipal != null) {
-				assertTrue("Authentication cannot be null", context.getAuthentication() != null);
-				assertEquals(
+				AssertionErrors.assertTrue("Authentication cannot be null", context.getAuthentication() != null);
+				AssertionErrors.assertEquals(
 						this.expectedAuthenticationPrincipal + " does not equal "
 								+ context.getAuthentication().getPrincipal(),
 						this.expectedAuthenticationPrincipal, context.getAuthentication().getPrincipal());
 			}
 
 			if (this.expectedAuthenticationName != null) {
-				assertTrue("Authentication cannot be null", auth != null);
+				AssertionErrors.assertTrue("Authentication cannot be null", auth != null);
 				String name = auth.getName();
-				assertEquals(this.expectedAuthenticationName + " does not equal " + name,
+				AssertionErrors.assertEquals(this.expectedAuthenticationName + " does not equal " + name,
 						this.expectedAuthenticationName, name);
 			}
 
 			if (this.expectedGrantedAuthorities != null) {
-				assertTrue("Authentication cannot be null", auth != null);
+				AssertionErrors.assertTrue("Authentication cannot be null", auth != null);
 				Collection<? extends GrantedAuthority> authorities = auth.getAuthorities();
-				assertTrue(authorities + " does not contain the same authorities as " + this.expectedGrantedAuthorities,
+				AssertionErrors.assertTrue(
+						authorities + " does not contain the same authorities as " + this.expectedGrantedAuthorities,
 						authorities.containsAll(this.expectedGrantedAuthorities));
-				assertTrue(this.expectedGrantedAuthorities + " does not contain the same authorities as " + authorities,
+				AssertionErrors.assertTrue(
+						this.expectedGrantedAuthorities + " does not contain the same authorities as " + authorities,
 						this.expectedGrantedAuthorities.containsAll(authorities));
 			}
 		}
@@ -240,7 +242,7 @@ public final class SecurityMockMvcResultMatchers {
 			SecurityContext context = load(result);
 
 			Authentication authentication = context.getAuthentication();
-			assertTrue("Expected anonymous Authentication got " + context,
+			AssertionErrors.assertTrue("Expected anonymous Authentication got " + context,
 					authentication == null || this.trustResolver.isAnonymous(authentication));
 		}
 
diff --git a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurerOpaqueTokenTests.java b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurerOpaqueTokenTests.java
index a976d14356..46db6349b0 100644
--- a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurerOpaqueTokenTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurerOpaqueTokenTests.java
@@ -28,16 +28,14 @@ import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.oauth2.core.OAuth2AuthenticatedPrincipal;
+import org.springframework.security.oauth2.core.TestOAuth2AuthenticatedPrincipals;
 import org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthentication;
+import org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionClaimNames;
 import org.springframework.security.web.reactive.result.method.annotation.CurrentSecurityContextArgumentResolver;
 import org.springframework.security.web.server.context.SecurityContextServerWebExchangeWebFilter;
 import org.springframework.test.web.reactive.server.WebTestClient;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.springframework.security.oauth2.core.TestOAuth2AuthenticatedPrincipals.active;
-import static org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionClaimNames.SUBJECT;
-import static org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.mockOpaqueToken;
-import static org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.springSecurity;
 
 /**
  * @author Josh Cummings
@@ -54,25 +52,27 @@ public class SecurityMockServerConfigurerOpaqueTokenTests extends AbstractMockSe
 			.webFilter(new SecurityContextServerWebExchangeWebFilter())
 			.argumentResolvers(resolvers -> resolvers
 					.addCustomResolver(new CurrentSecurityContextArgumentResolver(new ReactiveAdapterRegistry())))
-			.apply(springSecurity()).configureClient()
+			.apply(SecurityMockServerConfigurers.springSecurity()).configureClient()
 			.defaultHeader(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_VALUE).build();
 
 	@Test
 	public void mockOpaqueTokenWhenUsingDefaultsThenBearerTokenAuthentication() {
-		this.client.mutateWith(mockOpaqueToken()).get().exchange().expectStatus().isOk();
+		this.client.mutateWith(SecurityMockServerConfigurers.mockOpaqueToken()).get().exchange().expectStatus().isOk();
 
 		SecurityContext context = this.securityContextController.removeSecurityContext();
 		assertThat(context.getAuthentication()).isInstanceOf(BearerTokenAuthentication.class);
 		BearerTokenAuthentication token = (BearerTokenAuthentication) context.getAuthentication();
 		assertThat(token.getAuthorities()).isNotEmpty();
 		assertThat(token.getToken()).isNotNull();
-		assertThat(token.getTokenAttributes().get(SUBJECT)).isEqualTo("user");
+		assertThat(token.getTokenAttributes().get(OAuth2IntrospectionClaimNames.SUBJECT)).isEqualTo("user");
 	}
 
 	@Test
 	public void mockOpaqueTokenWhenAuthoritiesThenBearerTokenAuthentication() {
-		this.client.mutateWith(mockOpaqueToken().authorities(this.authority1, this.authority2)).get().exchange()
-				.expectStatus().isOk();
+		this.client
+				.mutateWith(
+						SecurityMockServerConfigurers.mockOpaqueToken().authorities(this.authority1, this.authority2))
+				.get().exchange().expectStatus().isOk();
 
 		SecurityContext context = this.securityContextController.removeSecurityContext();
 		assertThat((List<GrantedAuthority>) context.getAuthentication().getAuthorities()).containsOnly(this.authority1,
@@ -82,19 +82,22 @@ public class SecurityMockServerConfigurerOpaqueTokenTests extends AbstractMockSe
 	@Test
 	public void mockOpaqueTokenWhenAttributesThenBearerTokenAuthentication() {
 		String sub = new String("my-subject");
-		this.client.mutateWith(mockOpaqueToken().attributes(attributes -> attributes.put(SUBJECT, sub))).get()
-				.exchange().expectStatus().isOk();
+		this.client
+				.mutateWith(SecurityMockServerConfigurers.mockOpaqueToken()
+						.attributes(attributes -> attributes.put(OAuth2IntrospectionClaimNames.SUBJECT, sub)))
+				.get().exchange().expectStatus().isOk();
 
 		SecurityContext context = this.securityContextController.removeSecurityContext();
 		assertThat(context.getAuthentication()).isInstanceOf(BearerTokenAuthentication.class);
 		BearerTokenAuthentication token = (BearerTokenAuthentication) context.getAuthentication();
-		assertThat(token.getTokenAttributes().get(SUBJECT)).isSameAs(sub);
+		assertThat(token.getTokenAttributes().get(OAuth2IntrospectionClaimNames.SUBJECT)).isSameAs(sub);
 	}
 
 	@Test
 	public void mockOpaqueTokenWhenPrincipalThenBearerTokenAuthentication() {
-		OAuth2AuthenticatedPrincipal principal = active();
-		this.client.mutateWith(mockOpaqueToken().principal(principal)).get().exchange().expectStatus().isOk();
+		OAuth2AuthenticatedPrincipal principal = TestOAuth2AuthenticatedPrincipals.active();
+		this.client.mutateWith(SecurityMockServerConfigurers.mockOpaqueToken().principal(principal)).get().exchange()
+				.expectStatus().isOk();
 
 		SecurityContext context = this.securityContextController.removeSecurityContext();
 		assertThat(context.getAuthentication()).isInstanceOf(BearerTokenAuthentication.class);
@@ -104,25 +107,30 @@ public class SecurityMockServerConfigurerOpaqueTokenTests extends AbstractMockSe
 
 	@Test
 	public void mockOpaqueTokenWhenPrincipalSpecifiedThenLastCalledTakesPrecedence() {
-		OAuth2AuthenticatedPrincipal principal = active(a -> a.put("scope", "user"));
+		OAuth2AuthenticatedPrincipal principal = TestOAuth2AuthenticatedPrincipals.active(a -> a.put("scope", "user"));
 
-		this.client.mutateWith(mockOpaqueToken().attributes(a -> a.put(SUBJECT, "foo")).principal(principal)).get()
-				.exchange().expectStatus().isOk();
+		this.client
+				.mutateWith(SecurityMockServerConfigurers.mockOpaqueToken()
+						.attributes(a -> a.put(OAuth2IntrospectionClaimNames.SUBJECT, "foo")).principal(principal))
+				.get().exchange().expectStatus().isOk();
 
 		SecurityContext context = this.securityContextController.removeSecurityContext();
 		assertThat(context.getAuthentication()).isInstanceOf(BearerTokenAuthentication.class);
 		BearerTokenAuthentication token = (BearerTokenAuthentication) context.getAuthentication();
-		assertThat((String) ((OAuth2AuthenticatedPrincipal) token.getPrincipal()).getAttribute(SUBJECT))
-				.isEqualTo(principal.getAttribute(SUBJECT));
+		assertThat((String) ((OAuth2AuthenticatedPrincipal) token.getPrincipal())
+				.getAttribute(OAuth2IntrospectionClaimNames.SUBJECT))
+						.isEqualTo(principal.getAttribute(OAuth2IntrospectionClaimNames.SUBJECT));
 
-		this.client.mutateWith(mockOpaqueToken().principal(principal).attributes(a -> a.put(SUBJECT, "bar"))).get()
-				.exchange().expectStatus().isOk();
+		this.client
+				.mutateWith(SecurityMockServerConfigurers.mockOpaqueToken().principal(principal)
+						.attributes(a -> a.put(OAuth2IntrospectionClaimNames.SUBJECT, "bar")))
+				.get().exchange().expectStatus().isOk();
 
 		context = this.securityContextController.removeSecurityContext();
 		assertThat(context.getAuthentication()).isInstanceOf(BearerTokenAuthentication.class);
 		token = (BearerTokenAuthentication) context.getAuthentication();
-		assertThat((String) ((OAuth2AuthenticatedPrincipal) token.getPrincipal()).getAttribute(SUBJECT))
-				.isEqualTo("bar");
+		assertThat((String) ((OAuth2AuthenticatedPrincipal) token.getPrincipal())
+				.getAttribute(OAuth2IntrospectionClaimNames.SUBJECT)).isEqualTo("bar");
 	}
 
 }
diff --git a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersAnnotatedTests.java b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersAnnotatedTests.java
index 480cf1ed63..f5e4425ec6 100644
--- a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersAnnotatedTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersAnnotatedTests.java
@@ -32,9 +32,6 @@ import org.springframework.security.web.server.context.SecurityContextServerWebE
 import org.springframework.test.context.junit4.SpringRunner;
 import org.springframework.test.web.reactive.server.WebTestClient;
 
-import static org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.mockAuthentication;
-import static org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.springSecurity;
-
 /**
  * @author Rob Winch
  * @since 5.0
@@ -44,7 +41,8 @@ import static org.springframework.security.test.web.reactive.server.SecurityMock
 public class SecurityMockServerConfigurersAnnotatedTests extends AbstractMockServerConfigurersTests {
 
 	WebTestClient client = WebTestClient.bindToController(this.controller)
-			.webFilter(new SecurityContextServerWebExchangeWebFilter()).apply(springSecurity()).configureClient()
+			.webFilter(new SecurityContextServerWebExchangeWebFilter())
+			.apply(SecurityMockServerConfigurers.springSecurity()).configureClient()
 			.defaultHeader(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_VALUE).build();
 
 	@Test
@@ -62,8 +60,9 @@ public class SecurityMockServerConfigurersAnnotatedTests extends AbstractMockSer
 		TestingAuthenticationToken authentication = new TestingAuthenticationToken("authentication", "secret",
 				"ROLE_USER");
 		this.client = WebTestClient.bindToController(this.controller)
-				.webFilter(new SecurityContextServerWebExchangeWebFilter()).apply(springSecurity())
-				.apply(mockAuthentication(authentication)).configureClient()
+				.webFilter(new SecurityContextServerWebExchangeWebFilter())
+				.apply(SecurityMockServerConfigurers.springSecurity())
+				.apply(SecurityMockServerConfigurers.mockAuthentication(authentication)).configureClient()
 				.defaultHeader(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_VALUE).build();
 
 		this.client.get().exchange().expectStatus().isOk();
@@ -76,7 +75,8 @@ public class SecurityMockServerConfigurersAnnotatedTests extends AbstractMockSer
 	public void withMockUserWhenMutateWithMockPrincipalThenOverridesAnnotation() {
 		TestingAuthenticationToken authentication = new TestingAuthenticationToken("authentication", "secret",
 				"ROLE_USER");
-		this.client.mutateWith(mockAuthentication(authentication)).get().exchange().expectStatus().isOk();
+		this.client.mutateWith(SecurityMockServerConfigurers.mockAuthentication(authentication)).get().exchange()
+				.expectStatus().isOk();
 
 		this.controller.assertPrincipalIsEqualTo(authentication);
 	}
@@ -86,7 +86,8 @@ public class SecurityMockServerConfigurersAnnotatedTests extends AbstractMockSer
 	public void withMockUserWhenMutateWithMockPrincipalAndNoMutateThenOverridesAnnotationAndUsesAnnotation() {
 		TestingAuthenticationToken authentication = new TestingAuthenticationToken("authentication", "secret",
 				"ROLE_USER");
-		this.client.mutateWith(mockAuthentication(authentication)).get().exchange().expectStatus().isOk();
+		this.client.mutateWith(SecurityMockServerConfigurers.mockAuthentication(authentication)).get().exchange()
+				.expectStatus().isOk();
 
 		this.controller.assertPrincipalIsEqualTo(authentication);
 
@@ -110,8 +111,9 @@ public class SecurityMockServerConfigurersAnnotatedTests extends AbstractMockSer
 		TestingAuthenticationToken authentication = new TestingAuthenticationToken("authentication", "secret",
 				"ROLE_USER");
 
-		ForkJoinPool.commonPool().submit(
-				() -> this.client.mutateWith(mockAuthentication(authentication)).get().exchange().expectStatus().isOk())
+		ForkJoinPool.commonPool()
+				.submit(() -> this.client.mutateWith(SecurityMockServerConfigurers.mockAuthentication(authentication))
+						.get().exchange().expectStatus().isOk())
 				.join();
 
 		this.controller.assertPrincipalIsEqualTo(authentication);
diff --git a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersClassAnnotatedTests.java b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersClassAnnotatedTests.java
index 68857affa6..8699062b6f 100644
--- a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersClassAnnotatedTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersClassAnnotatedTests.java
@@ -32,8 +32,6 @@ import org.springframework.test.context.junit4.SpringRunner;
 import org.springframework.test.web.reactive.server.WebTestClient;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.mockUser;
-import static org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.springSecurity;
 
 /**
  * @author Rob Winch
@@ -45,7 +43,8 @@ import static org.springframework.security.test.web.reactive.server.SecurityMock
 public class SecurityMockServerConfigurersClassAnnotatedTests extends AbstractMockServerConfigurersTests {
 
 	WebTestClient client = WebTestClient.bindToController(this.controller)
-			.webFilter(new SecurityContextServerWebExchangeWebFilter()).apply(springSecurity()).configureClient()
+			.webFilter(new SecurityContextServerWebExchangeWebFilter())
+			.apply(SecurityMockServerConfigurers.springSecurity()).configureClient()
 			.defaultHeader(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_VALUE).build();
 
 	@Test
@@ -69,8 +68,9 @@ public class SecurityMockServerConfigurersClassAnnotatedTests extends AbstractMo
 
 	@Test
 	public void withMockUserWhenMutateWithThenMustateWithOverrides() {
-		this.client.mutateWith(mockUser("mutateWith-mockUser")).get().exchange().expectStatus().isOk()
-				.expectBody(String.class).consumeWith(response -> assertThat(response.getResponseBody())
+		this.client.mutateWith(SecurityMockServerConfigurers.mockUser("mutateWith-mockUser")).get().exchange()
+				.expectStatus().isOk().expectBody(String.class)
+				.consumeWith(response -> assertThat(response.getResponseBody())
 						.contains("\"username\":\"mutateWith-mockUser\""));
 
 		Principal principal = this.controller.removePrincipal();
diff --git a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersJwtTests.java b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersJwtTests.java
index 7c64ffeda4..6ae453a237 100644
--- a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersJwtTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersJwtTests.java
@@ -37,8 +37,6 @@ import org.springframework.security.web.server.context.SecurityContextServerWebE
 import org.springframework.test.web.reactive.server.WebTestClient;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.mockJwt;
-import static org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.springSecurity;
 
 /**
  * @author Jérôme Wacongne &lt;ch4mp&#64;c4-soft.com&gt;
@@ -58,12 +56,12 @@ public class SecurityMockServerConfigurersJwtTests extends AbstractMockServerCon
 			.webFilter(new SecurityContextServerWebExchangeWebFilter())
 			.argumentResolvers(resolvers -> resolvers
 					.addCustomResolver(new CurrentSecurityContextArgumentResolver(new ReactiveAdapterRegistry())))
-			.apply(springSecurity()).configureClient()
+			.apply(SecurityMockServerConfigurers.springSecurity()).configureClient()
 			.defaultHeader(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_VALUE).build();
 
 	@Test
 	public void mockJwtWhenUsingDefaultsTheCreatesJwtAuthentication() {
-		this.client.mutateWith(mockJwt()).get().exchange().expectStatus().isOk();
+		this.client.mutateWith(SecurityMockServerConfigurers.mockJwt()).get().exchange().expectStatus().isOk();
 
 		SecurityContext context = this.securityContextController.removeSecurityContext();
 		assertThat(context.getAuthentication()).isInstanceOf(JwtAuthenticationToken.class);
@@ -77,7 +75,8 @@ public class SecurityMockServerConfigurersJwtTests extends AbstractMockServerCon
 	@Test
 	public void mockJwtWhenProvidingBuilderConsumerThenProducesJwtAuthentication() {
 		String name = new String("user");
-		this.client.mutateWith(mockJwt().jwt(jwt -> jwt.subject(name))).get().exchange().expectStatus().isOk();
+		this.client.mutateWith(SecurityMockServerConfigurers.mockJwt().jwt(jwt -> jwt.subject(name))).get().exchange()
+				.expectStatus().isOk();
 
 		SecurityContext context = this.securityContextController.removeSecurityContext();
 		assertThat(context.getAuthentication()).isInstanceOf(JwtAuthenticationToken.class);
@@ -87,8 +86,9 @@ public class SecurityMockServerConfigurersJwtTests extends AbstractMockServerCon
 
 	@Test
 	public void mockJwtWhenProvidingCustomAuthoritiesThenProducesJwtAuthentication() {
-		this.client.mutateWith(mockJwt().jwt(jwt -> jwt.claim("scope", "ignored authorities"))
-				.authorities(this.authority1, this.authority2)).get().exchange().expectStatus().isOk();
+		this.client.mutateWith(SecurityMockServerConfigurers.mockJwt()
+				.jwt(jwt -> jwt.claim("scope", "ignored authorities")).authorities(this.authority1, this.authority2))
+				.get().exchange().expectStatus().isOk();
 
 		SecurityContext context = this.securityContextController.removeSecurityContext();
 		assertThat((List<GrantedAuthority>) context.getAuthentication().getAuthorities()).containsOnly(this.authority1,
@@ -97,8 +97,10 @@ public class SecurityMockServerConfigurersJwtTests extends AbstractMockServerCon
 
 	@Test
 	public void mockJwtWhenProvidingScopedAuthoritiesThenProducesJwtAuthentication() {
-		this.client.mutateWith(mockJwt().jwt(jwt -> jwt.claim("scope", "scoped authorities"))).get().exchange()
-				.expectStatus().isOk();
+		this.client
+				.mutateWith(
+						SecurityMockServerConfigurers.mockJwt().jwt(jwt -> jwt.claim("scope", "scoped authorities")))
+				.get().exchange().expectStatus().isOk();
 
 		SecurityContext context = this.securityContextController.removeSecurityContext();
 		assertThat((List<GrantedAuthority>) context.getAuthentication().getAuthorities()).containsOnly(
@@ -107,8 +109,11 @@ public class SecurityMockServerConfigurersJwtTests extends AbstractMockServerCon
 
 	@Test
 	public void mockJwtWhenProvidingGrantedAuthoritiesThenProducesJwtAuthentication() {
-		this.client.mutateWith(mockJwt().jwt(jwt -> jwt.claim("scope", "ignored authorities"))
-				.authorities(jwt -> Arrays.asList(this.authority1))).get().exchange().expectStatus().isOk();
+		this.client
+				.mutateWith(
+						SecurityMockServerConfigurers.mockJwt().jwt(jwt -> jwt.claim("scope", "ignored authorities"))
+								.authorities(jwt -> Arrays.asList(this.authority1)))
+				.get().exchange().expectStatus().isOk();
 
 		SecurityContext context = this.securityContextController.removeSecurityContext();
 		assertThat((List<GrantedAuthority>) context.getAuthentication().getAuthorities()).containsOnly(this.authority1);
@@ -117,7 +122,8 @@ public class SecurityMockServerConfigurersJwtTests extends AbstractMockServerCon
 	@Test
 	public void mockJwtWhenProvidingPreparedJwtThenProducesJwtAuthentication() {
 		Jwt originalToken = TestJwts.jwt().header("header1", "value1").subject("some_user").build();
-		this.client.mutateWith(mockJwt().jwt(originalToken)).get().exchange().expectStatus().isOk();
+		this.client.mutateWith(SecurityMockServerConfigurers.mockJwt().jwt(originalToken)).get().exchange()
+				.expectStatus().isOk();
 
 		SecurityContext context = this.securityContextController.removeSecurityContext();
 		assertThat(context.getAuthentication()).isInstanceOf(JwtAuthenticationToken.class);
diff --git a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersOAuth2ClientTests.java b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersOAuth2ClientTests.java
index 0183ef8aaa..ae7b45cd82 100644
--- a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersOAuth2ClientTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersOAuth2ClientTests.java
@@ -30,9 +30,11 @@ import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
 import org.springframework.security.oauth2.client.annotation.RegisteredOAuth2AuthorizedClient;
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
 import org.springframework.security.oauth2.client.registration.ReactiveClientRegistrationRepository;
+import org.springframework.security.oauth2.client.registration.TestClientRegistrations;
 import org.springframework.security.oauth2.client.web.reactive.result.method.annotation.OAuth2AuthorizedClientArgumentResolver;
 import org.springframework.security.oauth2.client.web.server.ServerOAuth2AuthorizedClientRepository;
 import org.springframework.security.oauth2.core.OAuth2AccessToken;
+import org.springframework.security.oauth2.core.TestOAuth2AccessTokens;
 import org.springframework.security.web.server.context.SecurityContextServerWebExchangeWebFilter;
 import org.springframework.test.web.reactive.server.WebTestClient;
 import org.springframework.web.bind.annotation.GetMapping;
@@ -47,10 +49,6 @@ import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.verify;
-import static org.springframework.security.oauth2.client.registration.TestClientRegistrations.clientRegistration;
-import static org.springframework.security.oauth2.core.TestOAuth2AccessTokens.noScopes;
-import static org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.mockOAuth2Client;
-import static org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.springSecurity;
 
 @RunWith(MockitoJUnitRunner.class)
 public class SecurityMockServerConfigurersOAuth2ClientTests extends AbstractMockServerConfigurersTests {
@@ -70,7 +68,8 @@ public class SecurityMockServerConfigurersOAuth2ClientTests extends AbstractMock
 		this.client = WebTestClient.bindToController(this.controller)
 				.argumentResolvers(c -> c.addCustomResolver(new OAuth2AuthorizedClientArgumentResolver(
 						this.clientRegistrationRepository, this.authorizedClientRepository)))
-				.webFilter(new SecurityContextServerWebExchangeWebFilter()).apply(springSecurity()).configureClient()
+				.webFilter(new SecurityContextServerWebExchangeWebFilter())
+				.apply(SecurityMockServerConfigurers.springSecurity()).configureClient()
 				.defaultHeader(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_VALUE).build();
 	}
 
@@ -78,15 +77,15 @@ public class SecurityMockServerConfigurersOAuth2ClientTests extends AbstractMock
 	public void oauth2ClientWhenUsingDefaultsThenException() throws Exception {
 
 		WebHttpHandlerBuilder builder = WebHttpHandlerBuilder.webHandler(new DispatcherHandler());
-		assertThatCode(() -> mockOAuth2Client().beforeServerCreated(builder))
+		assertThatCode(() -> SecurityMockServerConfigurers.mockOAuth2Client().beforeServerCreated(builder))
 				.isInstanceOf(IllegalArgumentException.class).hasMessageContaining("ClientRegistration");
 	}
 
 	@Test
 	public void oauth2ClientWhenUsingRegistrationIdThenProducesAuthorizedClient() throws Exception {
 
-		this.client.mutateWith(mockOAuth2Client("registration-id")).get().uri("/client").exchange().expectStatus()
-				.isOk();
+		this.client.mutateWith(SecurityMockServerConfigurers.mockOAuth2Client("registration-id")).get().uri("/client")
+				.exchange().expectStatus().isOk();
 
 		OAuth2AuthorizedClient client = this.controller.authorizedClient;
 		assertThat(client).isNotNull();
@@ -98,10 +97,10 @@ public class SecurityMockServerConfigurersOAuth2ClientTests extends AbstractMock
 	@Test
 	public void oauth2ClientWhenClientRegistrationThenUses() throws Exception {
 
-		ClientRegistration clientRegistration = clientRegistration().registrationId("registration-id")
-				.clientId("client-id").build();
-		this.client.mutateWith(mockOAuth2Client().clientRegistration(clientRegistration)).get().uri("/client")
-				.exchange().expectStatus().isOk();
+		ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration()
+				.registrationId("registration-id").clientId("client-id").build();
+		this.client.mutateWith(SecurityMockServerConfigurers.mockOAuth2Client().clientRegistration(clientRegistration))
+				.get().uri("/client").exchange().expectStatus().isOk();
 
 		OAuth2AuthorizedClient client = this.controller.authorizedClient;
 		assertThat(client).isNotNull();
@@ -113,7 +112,9 @@ public class SecurityMockServerConfigurersOAuth2ClientTests extends AbstractMock
 	@Test
 	public void oauth2ClientWhenClientRegistrationConsumerThenUses() throws Exception {
 
-		this.client.mutateWith(mockOAuth2Client("registration-id").clientRegistration(c -> c.clientId("client-id")))
+		this.client
+				.mutateWith(SecurityMockServerConfigurers.mockOAuth2Client("registration-id")
+						.clientRegistration(c -> c.clientId("client-id")))
 				.get().uri("/client").exchange().expectStatus().isOk();
 
 		OAuth2AuthorizedClient client = this.controller.authorizedClient;
@@ -126,16 +127,20 @@ public class SecurityMockServerConfigurersOAuth2ClientTests extends AbstractMock
 
 	@Test
 	public void oauth2ClientWhenPrincipalNameThenUses() throws Exception {
-		this.client.mutateWith(mockOAuth2Client("registration-id").principalName("test-subject")).get().uri("/client")
-				.exchange().expectStatus().isOk().expectBody(String.class).isEqualTo("test-subject");
+		this.client
+				.mutateWith(
+						SecurityMockServerConfigurers.mockOAuth2Client("registration-id").principalName("test-subject"))
+				.get().uri("/client").exchange().expectStatus().isOk().expectBody(String.class)
+				.isEqualTo("test-subject");
 	}
 
 	@Test
 	public void oauth2ClientWhenAccessTokenThenUses() throws Exception {
 
-		OAuth2AccessToken accessToken = noScopes();
-		this.client.mutateWith(mockOAuth2Client("registration-id").accessToken(accessToken)).get().uri("/client")
-				.exchange().expectStatus().isOk();
+		OAuth2AccessToken accessToken = TestOAuth2AccessTokens.noScopes();
+		this.client
+				.mutateWith(SecurityMockServerConfigurers.mockOAuth2Client("registration-id").accessToken(accessToken))
+				.get().uri("/client").exchange().expectStatus().isOk();
 
 		OAuth2AuthorizedClient client = this.controller.authorizedClient;
 		assertThat(client).isNotNull();
@@ -146,14 +151,15 @@ public class SecurityMockServerConfigurersOAuth2ClientTests extends AbstractMock
 
 	@Test
 	public void oauth2ClientWhenUsedOnceThenDoesNotAffectRemainingTests() throws Exception {
-		this.client.mutateWith(mockOAuth2Client("registration-id")).get().uri("/client").exchange().expectStatus()
-				.isOk();
+		this.client.mutateWith(SecurityMockServerConfigurers.mockOAuth2Client("registration-id")).get().uri("/client")
+				.exchange().expectStatus().isOk();
 
 		OAuth2AuthorizedClient client = this.controller.authorizedClient;
 		assertThat(client).isNotNull();
 		assertThat(client.getClientRegistration().getClientId()).isEqualTo("test-client");
 
-		client = new OAuth2AuthorizedClient(clientRegistration().build(), "sub", noScopes());
+		client = new OAuth2AuthorizedClient(TestClientRegistrations.clientRegistration().build(), "sub",
+				TestOAuth2AccessTokens.noScopes());
 		given(this.authorizedClientRepository.loadAuthorizedClient(eq("registration-id"), any(Authentication.class),
 				any(ServerWebExchange.class))).willReturn(Mono.just(client));
 		this.client.get().uri("/client").exchange().expectStatus().isOk();
diff --git a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersOAuth2LoginTests.java b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersOAuth2LoginTests.java
index a07af62850..d967c49cbf 100644
--- a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersOAuth2LoginTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersOAuth2LoginTests.java
@@ -44,8 +44,6 @@ import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RestController;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.mockOAuth2Login;
-import static org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.springSecurity;
 
 @RunWith(MockitoJUnitRunner.class)
 public class SecurityMockServerConfigurersOAuth2LoginTests extends AbstractMockServerConfigurersTests {
@@ -65,13 +63,15 @@ public class SecurityMockServerConfigurersOAuth2LoginTests extends AbstractMockS
 		this.client = WebTestClient.bindToController(this.controller)
 				.argumentResolvers(c -> c.addCustomResolver(new OAuth2AuthorizedClientArgumentResolver(
 						this.clientRegistrationRepository, this.authorizedClientRepository)))
-				.webFilter(new SecurityContextServerWebExchangeWebFilter()).apply(springSecurity()).configureClient()
+				.webFilter(new SecurityContextServerWebExchangeWebFilter())
+				.apply(SecurityMockServerConfigurers.springSecurity()).configureClient()
 				.defaultHeader(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_VALUE).build();
 	}
 
 	@Test
 	public void oauth2LoginWhenUsingDefaultsThenProducesDefaultAuthentication() {
-		this.client.mutateWith(mockOAuth2Login()).get().uri("/token").exchange().expectStatus().isOk();
+		this.client.mutateWith(SecurityMockServerConfigurers.mockOAuth2Login()).get().uri("/token").exchange()
+				.expectStatus().isOk();
 
 		OAuth2AuthenticationToken token = this.controller.token;
 		assertThat(token).isNotNull();
@@ -84,7 +84,8 @@ public class SecurityMockServerConfigurersOAuth2LoginTests extends AbstractMockS
 
 	@Test
 	public void oauth2LoginWhenUsingDefaultsThenProducesDefaultAuthorizedClient() {
-		this.client.mutateWith(mockOAuth2Login()).get().uri("/client").exchange().expectStatus().isOk();
+		this.client.mutateWith(SecurityMockServerConfigurers.mockOAuth2Login()).get().uri("/client").exchange()
+				.expectStatus().isOk();
 
 		OAuth2AuthorizedClient client = this.controller.authorizedClient;
 		assertThat(client).isNotNull();
@@ -95,8 +96,10 @@ public class SecurityMockServerConfigurersOAuth2LoginTests extends AbstractMockS
 
 	@Test
 	public void oauth2LoginWhenAuthoritiesSpecifiedThenGrantsAccess() {
-		this.client.mutateWith(mockOAuth2Login().authorities(new SimpleGrantedAuthority("SCOPE_admin"))).get()
-				.uri("/token").exchange().expectStatus().isOk();
+		this.client
+				.mutateWith(SecurityMockServerConfigurers.mockOAuth2Login()
+						.authorities(new SimpleGrantedAuthority("SCOPE_admin")))
+				.get().uri("/token").exchange().expectStatus().isOk();
 
 		OAuth2AuthenticationToken token = this.controller.token;
 		assertThat((Collection<GrantedAuthority>) token.getPrincipal().getAuthorities())
@@ -105,8 +108,10 @@ public class SecurityMockServerConfigurersOAuth2LoginTests extends AbstractMockS
 
 	@Test
 	public void oauth2LoginWhenAttributeSpecifiedThenUserHasAttribute() {
-		this.client.mutateWith(mockOAuth2Login().attributes(a -> a.put("iss", "https://idp.example.org"))).get()
-				.uri("/token").exchange().expectStatus().isOk();
+		this.client
+				.mutateWith(SecurityMockServerConfigurers.mockOAuth2Login()
+						.attributes(a -> a.put("iss", "https://idp.example.org")))
+				.get().uri("/token").exchange().expectStatus().isOk();
 
 		OAuth2AuthenticationToken token = this.controller.token;
 		assertThat(token.getPrincipal().getAttributes()).containsEntry("iss", "https://idp.example.org");
@@ -117,14 +122,14 @@ public class SecurityMockServerConfigurersOAuth2LoginTests extends AbstractMockS
 		OAuth2User oauth2User = new DefaultOAuth2User(AuthorityUtils.commaSeparatedStringToAuthorityList("SCOPE_read"),
 				Collections.singletonMap("custom-attribute", "test-subject"), "custom-attribute");
 
-		this.client.mutateWith(mockOAuth2Login().oauth2User(oauth2User)).get().uri("/token").exchange().expectStatus()
-				.isOk();
+		this.client.mutateWith(SecurityMockServerConfigurers.mockOAuth2Login().oauth2User(oauth2User)).get()
+				.uri("/token").exchange().expectStatus().isOk();
 
 		OAuth2AuthenticationToken token = this.controller.token;
 		assertThat(token.getPrincipal().getName()).isEqualTo("test-subject");
 
-		this.client.mutateWith(mockOAuth2Login().oauth2User(oauth2User)).get().uri("/client").exchange().expectStatus()
-				.isOk();
+		this.client.mutateWith(SecurityMockServerConfigurers.mockOAuth2Login().oauth2User(oauth2User)).get()
+				.uri("/client").exchange().expectStatus().isOk();
 
 		OAuth2AuthorizedClient client = this.controller.authorizedClient;
 		assertThat(client.getPrincipalName()).isEqualTo("test-subject");
@@ -135,14 +140,14 @@ public class SecurityMockServerConfigurersOAuth2LoginTests extends AbstractMockS
 		OAuth2User oauth2User = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("SCOPE_read"),
 				Collections.singletonMap("sub", "subject"), "sub");
 
-		this.client.mutateWith(mockOAuth2Login().attributes(a -> a.put("subject", "foo")).oauth2User(oauth2User)).get()
-				.uri("/token").exchange().expectStatus().isOk();
+		this.client.mutateWith(SecurityMockServerConfigurers.mockOAuth2Login().attributes(a -> a.put("subject", "foo"))
+				.oauth2User(oauth2User)).get().uri("/token").exchange().expectStatus().isOk();
 
 		OAuth2AuthenticationToken token = this.controller.token;
 		assertThat(token.getPrincipal().getAttributes()).containsEntry("sub", "subject");
 
-		this.client.mutateWith(mockOAuth2Login().oauth2User(oauth2User).attributes(a -> a.put("sub", "bar"))).get()
-				.uri("/token").exchange().expectStatus().isOk();
+		this.client.mutateWith(SecurityMockServerConfigurers.mockOAuth2Login().oauth2User(oauth2User)
+				.attributes(a -> a.put("sub", "bar"))).get().uri("/token").exchange().expectStatus().isOk();
 
 		token = this.controller.token;
 		assertThat(token.getPrincipal().getAttributes()).containsEntry("sub", "bar");
diff --git a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersOidcLoginTests.java b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersOidcLoginTests.java
index 3758384d10..8c6c9c5cce 100644
--- a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersOidcLoginTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersOidcLoginTests.java
@@ -36,6 +36,7 @@ import org.springframework.security.oauth2.client.registration.ReactiveClientReg
 import org.springframework.security.oauth2.client.web.reactive.result.method.annotation.OAuth2AuthorizedClientArgumentResolver;
 import org.springframework.security.oauth2.client.web.server.ServerOAuth2AuthorizedClientRepository;
 import org.springframework.security.oauth2.core.oidc.OidcIdToken;
+import org.springframework.security.oauth2.core.oidc.TestOidcIdTokens;
 import org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser;
 import org.springframework.security.oauth2.core.oidc.user.OidcUser;
 import org.springframework.security.web.server.context.SecurityContextServerWebExchangeWebFilter;
@@ -44,10 +45,6 @@ import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RestController;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.springframework.security.oauth2.core.oidc.TestOidcIdTokens.idToken;
-import static org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.mockOAuth2Login;
-import static org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.mockOidcLogin;
-import static org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.springSecurity;
 
 @RunWith(MockitoJUnitRunner.class)
 public class SecurityMockServerConfigurersOidcLoginTests extends AbstractMockServerConfigurersTests {
@@ -67,13 +64,15 @@ public class SecurityMockServerConfigurersOidcLoginTests extends AbstractMockSer
 		this.client = WebTestClient.bindToController(this.controller)
 				.argumentResolvers(c -> c.addCustomResolver(new OAuth2AuthorizedClientArgumentResolver(
 						this.clientRegistrationRepository, this.authorizedClientRepository)))
-				.webFilter(new SecurityContextServerWebExchangeWebFilter()).apply(springSecurity()).configureClient()
+				.webFilter(new SecurityContextServerWebExchangeWebFilter())
+				.apply(SecurityMockServerConfigurers.springSecurity()).configureClient()
 				.defaultHeader(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_VALUE).build();
 	}
 
 	@Test
 	public void oidcLoginWhenUsingDefaultsThenProducesDefaultAuthentication() {
-		this.client.mutateWith(mockOidcLogin()).get().uri("/token").exchange().expectStatus().isOk();
+		this.client.mutateWith(SecurityMockServerConfigurers.mockOidcLogin()).get().uri("/token").exchange()
+				.expectStatus().isOk();
 
 		OAuth2AuthenticationToken token = this.controller.token;
 		assertThat(token).isNotNull();
@@ -87,7 +86,8 @@ public class SecurityMockServerConfigurersOidcLoginTests extends AbstractMockSer
 
 	@Test
 	public void oidcLoginWhenUsingDefaultsThenProducesDefaultAuthorizedClient() {
-		this.client.mutateWith(mockOidcLogin()).get().uri("/client").exchange().expectStatus().isOk();
+		this.client.mutateWith(SecurityMockServerConfigurers.mockOidcLogin()).get().uri("/client").exchange()
+				.expectStatus().isOk();
 
 		OAuth2AuthorizedClient client = this.controller.authorizedClient;
 		assertThat(client).isNotNull();
@@ -98,8 +98,10 @@ public class SecurityMockServerConfigurersOidcLoginTests extends AbstractMockSer
 
 	@Test
 	public void oidcLoginWhenAuthoritiesSpecifiedThenGrantsAccess() {
-		this.client.mutateWith(mockOidcLogin().authorities(new SimpleGrantedAuthority("SCOPE_admin"))).get()
-				.uri("/token").exchange().expectStatus().isOk();
+		this.client
+				.mutateWith(SecurityMockServerConfigurers.mockOidcLogin()
+						.authorities(new SimpleGrantedAuthority("SCOPE_admin")))
+				.get().uri("/token").exchange().expectStatus().isOk();
 
 		OAuth2AuthenticationToken token = this.controller.token;
 		assertThat((Collection<GrantedAuthority>) token.getPrincipal().getAuthorities())
@@ -108,8 +110,10 @@ public class SecurityMockServerConfigurersOidcLoginTests extends AbstractMockSer
 
 	@Test
 	public void oidcLoginWhenIdTokenSpecifiedThenUserHasClaims() {
-		this.client.mutateWith(mockOidcLogin().idToken(i -> i.issuer("https://idp.example.org"))).get().uri("/token")
-				.exchange().expectStatus().isOk();
+		this.client
+				.mutateWith(
+						SecurityMockServerConfigurers.mockOidcLogin().idToken(i -> i.issuer("https://idp.example.org")))
+				.get().uri("/token").exchange().expectStatus().isOk();
 
 		OAuth2AuthenticationToken token = this.controller.token;
 		assertThat(token.getPrincipal().getAttributes()).containsEntry("iss", "https://idp.example.org");
@@ -117,8 +121,8 @@ public class SecurityMockServerConfigurersOidcLoginTests extends AbstractMockSer
 
 	@Test
 	public void oidcLoginWhenUserInfoSpecifiedThenUserHasClaims() throws Exception {
-		this.client.mutateWith(mockOidcLogin().userInfoToken(u -> u.email("email@email"))).get().uri("/token")
-				.exchange().expectStatus().isOk();
+		this.client.mutateWith(SecurityMockServerConfigurers.mockOidcLogin().userInfoToken(u -> u.email("email@email")))
+				.get().uri("/token").exchange().expectStatus().isOk();
 
 		OAuth2AuthenticationToken token = this.controller.token;
 		assertThat(token.getPrincipal().getAttributes()).containsEntry("email", "email@email");
@@ -130,14 +134,14 @@ public class SecurityMockServerConfigurersOidcLoginTests extends AbstractMockSer
 				OidcIdToken.withTokenValue("id-token").claim("custom-attribute", "test-subject").build(),
 				"custom-attribute");
 
-		this.client.mutateWith(mockOAuth2Login().oauth2User(oidcUser)).get().uri("/token").exchange().expectStatus()
-				.isOk();
+		this.client.mutateWith(SecurityMockServerConfigurers.mockOAuth2Login().oauth2User(oidcUser)).get().uri("/token")
+				.exchange().expectStatus().isOk();
 
 		OAuth2AuthenticationToken token = this.controller.token;
 		assertThat(token.getPrincipal().getName()).isEqualTo("test-subject");
 
-		this.client.mutateWith(mockOAuth2Login().oauth2User(oidcUser)).get().uri("/client").exchange().expectStatus()
-				.isOk();
+		this.client.mutateWith(SecurityMockServerConfigurers.mockOAuth2Login().oauth2User(oidcUser)).get()
+				.uri("/client").exchange().expectStatus().isOk();
 
 		OAuth2AuthorizedClient client = this.controller.authorizedClient;
 		assertThat(client.getPrincipalName()).isEqualTo("test-subject");
@@ -146,16 +150,21 @@ public class SecurityMockServerConfigurersOidcLoginTests extends AbstractMockSer
 	// gh-7794
 	@Test
 	public void oidcLoginWhenOidcUserSpecifiedThenLastCalledTakesPrecedence() throws Exception {
-		OidcUser oidcUser = new DefaultOidcUser(AuthorityUtils.createAuthorityList("SCOPE_read"), idToken().build());
+		OidcUser oidcUser = new DefaultOidcUser(AuthorityUtils.createAuthorityList("SCOPE_read"),
+				TestOidcIdTokens.idToken().build());
 
-		this.client.mutateWith(mockOidcLogin().idToken(i -> i.subject("foo")).oidcUser(oidcUser)).get().uri("/token")
-				.exchange().expectStatus().isOk();
+		this.client
+				.mutateWith(
+						SecurityMockServerConfigurers.mockOidcLogin().idToken(i -> i.subject("foo")).oidcUser(oidcUser))
+				.get().uri("/token").exchange().expectStatus().isOk();
 
 		OAuth2AuthenticationToken token = this.controller.token;
 		assertThat(token.getPrincipal().getAttributes()).containsEntry("sub", "subject");
 
-		this.client.mutateWith(mockOidcLogin().oidcUser(oidcUser).idToken(i -> i.subject("bar"))).get().uri("/token")
-				.exchange().expectStatus().isOk();
+		this.client
+				.mutateWith(
+						SecurityMockServerConfigurers.mockOidcLogin().oidcUser(oidcUser).idToken(i -> i.subject("bar")))
+				.get().uri("/token").exchange().expectStatus().isOk();
 
 		token = this.controller.token;
 		assertThat(token.getPrincipal().getAttributes()).containsEntry("sub", "bar");
diff --git a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersTests.java b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersTests.java
index 68354f6021..555d96f2f6 100644
--- a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersTests.java
@@ -31,10 +31,6 @@ import org.springframework.security.web.server.csrf.CsrfWebFilter;
 import org.springframework.test.web.reactive.server.WebTestClient;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.csrf;
-import static org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.mockAuthentication;
-import static org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.mockUser;
-import static org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.springSecurity;
 
 /**
  * @author Rob Winch
@@ -43,14 +39,16 @@ import static org.springframework.security.test.web.reactive.server.SecurityMock
 public class SecurityMockServerConfigurersTests extends AbstractMockServerConfigurersTests {
 
 	WebTestClient client = WebTestClient.bindToController(this.controller)
-			.webFilter(new CsrfWebFilter(), new SecurityContextServerWebExchangeWebFilter()).apply(springSecurity())
-			.configureClient().defaultHeader(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_VALUE).build();
+			.webFilter(new CsrfWebFilter(), new SecurityContextServerWebExchangeWebFilter())
+			.apply(SecurityMockServerConfigurers.springSecurity()).configureClient()
+			.defaultHeader(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_VALUE).build();
 
 	@Test
 	public void mockAuthenticationWhenLocalThenSuccess() {
 		TestingAuthenticationToken authentication = new TestingAuthenticationToken("authentication", "secret",
 				"ROLE_USER");
-		this.client.mutateWith(mockAuthentication(authentication)).get().exchange().expectStatus().isOk();
+		this.client.mutateWith(SecurityMockServerConfigurers.mockAuthentication(authentication)).get().exchange()
+				.expectStatus().isOk();
 		this.controller.assertPrincipalIsEqualTo(authentication);
 	}
 
@@ -59,8 +57,9 @@ public class SecurityMockServerConfigurersTests extends AbstractMockServerConfig
 		TestingAuthenticationToken authentication = new TestingAuthenticationToken("authentication", "secret",
 				"ROLE_USER");
 		this.client = WebTestClient.bindToController(this.controller)
-				.webFilter(new SecurityContextServerWebExchangeWebFilter()).apply(springSecurity())
-				.apply(mockAuthentication(authentication)).configureClient()
+				.webFilter(new SecurityContextServerWebExchangeWebFilter())
+				.apply(SecurityMockServerConfigurers.springSecurity())
+				.apply(SecurityMockServerConfigurers.mockAuthentication(authentication)).configureClient()
 				.defaultHeader(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_VALUE).build();
 		this.client.get().exchange().expectStatus().isOk();
 		this.controller.assertPrincipalIsEqualTo(authentication);
@@ -68,7 +67,7 @@ public class SecurityMockServerConfigurersTests extends AbstractMockServerConfig
 
 	@Test
 	public void mockUserWhenDefaultsThenSuccess() {
-		this.client.mutateWith(mockUser()).get().exchange().expectStatus().isOk();
+		this.client.mutateWith(SecurityMockServerConfigurers.mockUser()).get().exchange().expectStatus().isOk();
 
 		Principal actual = this.controller.removePrincipal();
 
@@ -78,7 +77,8 @@ public class SecurityMockServerConfigurersTests extends AbstractMockServerConfig
 	@Test
 	public void mockUserWhenGlobalThenSuccess() {
 		this.client = WebTestClient.bindToController(this.controller)
-				.webFilter(new SecurityContextServerWebExchangeWebFilter()).apply(springSecurity()).apply(mockUser())
+				.webFilter(new SecurityContextServerWebExchangeWebFilter())
+				.apply(SecurityMockServerConfigurers.springSecurity()).apply(SecurityMockServerConfigurers.mockUser())
 				.configureClient().defaultHeader(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_VALUE).build();
 		this.client.get().exchange().expectStatus().isOk();
 
@@ -89,7 +89,8 @@ public class SecurityMockServerConfigurersTests extends AbstractMockServerConfig
 
 	@Test
 	public void mockUserStringWhenLocalThenSuccess() {
-		this.client.mutateWith(mockUser(this.userBuilder.build().getUsername())).get().exchange().expectStatus().isOk();
+		this.client.mutateWith(SecurityMockServerConfigurers.mockUser(this.userBuilder.build().getUsername())).get()
+				.exchange().expectStatus().isOk();
 
 		Principal actual = this.controller.removePrincipal();
 
@@ -99,8 +100,9 @@ public class SecurityMockServerConfigurersTests extends AbstractMockServerConfig
 	@Test
 	public void mockUserStringWhenCustomThenSuccess() {
 		this.userBuilder = User.withUsername("admin").password("secret").roles("USER", "ADMIN");
-		this.client.mutateWith(mockUser("admin").password("secret").roles("USER", "ADMIN")).get().exchange()
-				.expectStatus().isOk();
+		this.client
+				.mutateWith(SecurityMockServerConfigurers.mockUser("admin").password("secret").roles("USER", "ADMIN"))
+				.get().exchange().expectStatus().isOk();
 
 		Principal actual = this.controller.removePrincipal();
 
@@ -110,7 +112,8 @@ public class SecurityMockServerConfigurersTests extends AbstractMockServerConfig
 	@Test
 	public void mockUserUserDetailsLocalThenSuccess() {
 		UserDetails userDetails = this.userBuilder.build();
-		this.client.mutateWith(mockUser(userDetails)).get().exchange().expectStatus().isOk();
+		this.client.mutateWith(SecurityMockServerConfigurers.mockUser(userDetails)).get().exchange().expectStatus()
+				.isOk();
 
 		Principal actual = this.controller.removePrincipal();
 
@@ -122,14 +125,15 @@ public class SecurityMockServerConfigurersTests extends AbstractMockServerConfig
 		this.client.post().exchange().expectStatus().isEqualTo(HttpStatus.FORBIDDEN).expectBody()
 				.consumeWith(b -> assertThat(new String(b.getResponseBody())).contains("CSRF"));
 
-		this.client.mutateWith(csrf()).post().exchange().expectStatus().isOk();
+		this.client.mutateWith(SecurityMockServerConfigurers.csrf()).post().exchange().expectStatus().isOk();
 
 	}
 
 	@Test
 	public void csrfWhenGlobalThenDisablesCsrf() {
 		this.client = WebTestClient.bindToController(this.controller).webFilter(new CsrfWebFilter())
-				.apply(springSecurity()).apply(csrf()).configureClient().build();
+				.apply(SecurityMockServerConfigurers.springSecurity()).apply(SecurityMockServerConfigurers.csrf())
+				.configureClient().build();
 
 		this.client.get().exchange().expectStatus().isOk();
 
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestBuildersFormLoginTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestBuildersFormLoginTests.java
index 24b64f990a..fb6ba5b68b 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestBuildersFormLoginTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestBuildersFormLoginTests.java
@@ -34,9 +34,9 @@ import org.springframework.test.web.servlet.setup.MockMvcBuilders;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
-import static org.powermock.api.mockito.PowerMockito.when;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.formLogin;
 
 public class SecurityMockMvcRequestBuildersFormLoginTests {
@@ -100,7 +100,7 @@ public class SecurityMockMvcRequestBuildersFormLoginTests {
 	@Test
 	public void postProcessorsAreMergedDuringMockMvcPerform() throws Exception {
 		RequestPostProcessor postProcessor = mock(RequestPostProcessor.class);
-		when(postProcessor.postProcessRequest(any())).thenAnswer(i -> i.getArgument(0));
+		given(postProcessor.postProcessRequest(any())).willAnswer(i -> i.getArgument(0));
 		MockMvc mockMvc = MockMvcBuilders.standaloneSetup(new Object())
 				.defaultRequest(MockMvcRequestBuilders.get("/").with(postProcessor)).build();
 
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestBuildersFormLogoutTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestBuildersFormLogoutTests.java
index 5739ef9dc4..b339e2a254 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestBuildersFormLogoutTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestBuildersFormLogoutTests.java
@@ -34,9 +34,9 @@ import org.springframework.test.web.servlet.setup.MockMvcBuilders;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
-import static org.powermock.api.mockito.PowerMockito.when;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.logout;
 
 public class SecurityMockMvcRequestBuildersFormLogoutTests {
@@ -93,7 +93,7 @@ public class SecurityMockMvcRequestBuildersFormLogoutTests {
 	@Test
 	public void postProcessorsAreMergedDuringMockMvcPerform() throws Exception {
 		RequestPostProcessor postProcessor = mock(RequestPostProcessor.class);
-		when(postProcessor.postProcessRequest(any())).thenAnswer(i -> i.getArgument(0));
+		given(postProcessor.postProcessRequest(any())).willAnswer(i -> i.getArgument(0));
 		MockMvc mockMvc = MockMvcBuilders.standaloneSetup(new Object())
 				.defaultRequest(MockMvcRequestBuilders.get("/").with(postProcessor)).build();
 
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsAuthenticationTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsAuthenticationTests.java
index 73c8dc0544..8481800535 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsAuthenticationTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsAuthenticationTests.java
@@ -24,6 +24,7 @@ import org.junit.runner.RunWith;
 import org.mockito.ArgumentCaptor;
 import org.mockito.Captor;
 import org.mockito.Mock;
+import org.powermock.api.mockito.PowerMockito;
 import org.powermock.core.classloader.annotations.PowerMockIgnore;
 import org.powermock.core.classloader.annotations.PrepareOnlyThisForTest;
 import org.powermock.modules.junit4.PowerMockRunner;
@@ -39,8 +40,6 @@ import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.Mockito.verify;
-import static org.powermock.api.mockito.PowerMockito.spy;
-import static org.powermock.api.mockito.PowerMockito.when;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.authentication;
 
 @RunWith(PowerMockRunner.class)
@@ -82,8 +81,8 @@ public class SecurityMockMvcRequestPostProcessorsAuthenticationTests {
 	}
 
 	private void mockWebTestUtils() {
-		spy(WebTestUtils.class);
-		when(WebTestUtils.getSecurityContextRepository(this.request)).thenReturn(this.repository);
+		PowerMockito.spy(WebTestUtils.class);
+		PowerMockito.when(WebTestUtils.getSecurityContextRepository(this.request)).thenReturn(this.repository);
 	}
 
 }
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOAuth2ClientTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOAuth2ClientTests.java
index 814f1340ad..8b4444036c 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOAuth2ClientTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOAuth2ClientTests.java
@@ -33,8 +33,10 @@ import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
 import org.springframework.security.oauth2.client.annotation.RegisteredOAuth2AuthorizedClient;
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
 import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
+import org.springframework.security.oauth2.client.registration.TestClientRegistrations;
 import org.springframework.security.oauth2.client.web.OAuth2AuthorizedClientRepository;
 import org.springframework.security.oauth2.core.OAuth2AccessToken;
+import org.springframework.security.oauth2.core.TestOAuth2AccessTokens;
 import org.springframework.security.test.context.TestSecurityContextHolder;
 import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
@@ -52,8 +54,6 @@ import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
-import static org.springframework.security.oauth2.client.registration.TestClientRegistrations.clientRegistration;
-import static org.springframework.security.oauth2.core.TestOAuth2AccessTokens.noScopes;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.oauth2Client;
 import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.springSecurity;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
@@ -109,8 +109,8 @@ public class SecurityMockMvcRequestPostProcessorsOAuth2ClientTests {
 	@Test
 	public void oauth2ClientWhenClientRegistrationThenUses() throws Exception {
 
-		ClientRegistration clientRegistration = clientRegistration().registrationId("registration-id")
-				.clientId("client-id").build();
+		ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration()
+				.registrationId("registration-id").clientId("client-id").build();
 		this.mvc.perform(get("/client-id").with(oauth2Client().clientRegistration(clientRegistration)))
 				.andExpect(content().string("client-id"));
 	}
@@ -131,7 +131,7 @@ public class SecurityMockMvcRequestPostProcessorsOAuth2ClientTests {
 
 	@Test
 	public void oauth2ClientWhenAccessTokenThenUses() throws Exception {
-		OAuth2AccessToken accessToken = noScopes();
+		OAuth2AccessToken accessToken = TestOAuth2AccessTokens.noScopes();
 		this.mvc.perform(get("/access-token").with(oauth2Client("registration-id").accessToken(accessToken)))
 				.andExpect(content().string("no-scopes"));
 	}
@@ -141,7 +141,8 @@ public class SecurityMockMvcRequestPostProcessorsOAuth2ClientTests {
 		this.mvc.perform(get("/client-id").with(oauth2Client("registration-id")))
 				.andExpect(content().string("test-client"));
 
-		OAuth2AuthorizedClient client = new OAuth2AuthorizedClient(clientRegistration().build(), "sub", noScopes());
+		OAuth2AuthorizedClient client = new OAuth2AuthorizedClient(TestClientRegistrations.clientRegistration().build(),
+				"sub", TestOAuth2AccessTokens.noScopes());
 		OAuth2AuthorizedClientRepository repository = this.context.getBean(OAuth2AuthorizedClientRepository.class);
 		given(repository.loadAuthorizedClient(eq("registration-id"), any(Authentication.class),
 				any(HttpServletRequest.class))).willReturn(client);
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOAuth2LoginTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOAuth2LoginTests.java
index d01a9809c6..e6dd8ea861 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOAuth2LoginTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOAuth2LoginTests.java
@@ -37,6 +37,7 @@ import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
 import org.springframework.security.oauth2.client.annotation.RegisteredOAuth2AuthorizedClient;
 import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
+import org.springframework.security.oauth2.client.registration.TestClientRegistrations;
 import org.springframework.security.oauth2.client.web.OAuth2AuthorizedClientRepository;
 import org.springframework.security.oauth2.core.user.DefaultOAuth2User;
 import org.springframework.security.oauth2.core.user.OAuth2User;
@@ -52,7 +53,6 @@ import org.springframework.web.context.WebApplicationContext;
 import org.springframework.web.servlet.config.annotation.EnableWebMvc;
 
 import static org.mockito.Mockito.mock;
-import static org.springframework.security.oauth2.client.registration.TestClientRegistrations.clientRegistration;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.oauth2Login;
 import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.springSecurity;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
@@ -128,7 +128,8 @@ public class SecurityMockMvcRequestPostProcessorsOAuth2LoginTests {
 
 	@Test
 	public void oauth2LoginWhenClientRegistrationSpecifiedThenUses() throws Exception {
-		this.mvc.perform(get("/client-id").with(oauth2Login().clientRegistration(clientRegistration().build())))
+		this.mvc.perform(get("/client-id")
+				.with(oauth2Login().clientRegistration(TestClientRegistrations.clientRegistration().build())))
 				.andExpect(content().string("client-id"));
 	}
 
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOidcLoginTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOidcLoginTests.java
index efecfc0395..fefe3b5ab3 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOidcLoginTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOidcLoginTests.java
@@ -38,6 +38,7 @@ import org.springframework.security.oauth2.client.annotation.RegisteredOAuth2Aut
 import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
 import org.springframework.security.oauth2.client.web.OAuth2AuthorizedClientRepository;
 import org.springframework.security.oauth2.core.oidc.OidcIdToken;
+import org.springframework.security.oauth2.core.oidc.TestOidcIdTokens;
 import org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser;
 import org.springframework.security.oauth2.core.oidc.user.OidcUser;
 import org.springframework.security.test.context.TestSecurityContextHolder;
@@ -53,7 +54,6 @@ import org.springframework.web.context.WebApplicationContext;
 import org.springframework.web.servlet.config.annotation.EnableWebMvc;
 
 import static org.mockito.Mockito.mock;
-import static org.springframework.security.oauth2.core.oidc.TestOidcIdTokens.idToken;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.oidcLogin;
 import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.springSecurity;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
@@ -140,7 +140,8 @@ public class SecurityMockMvcRequestPostProcessorsOidcLoginTests {
 	// gh-7794
 	@Test
 	public void oidcLoginWhenOidcUserSpecifiedThenLastCalledTakesPrecedence() throws Exception {
-		OidcUser oidcUser = new DefaultOidcUser(AuthorityUtils.createAuthorityList("SCOPE_read"), idToken().build());
+		OidcUser oidcUser = new DefaultOidcUser(AuthorityUtils.createAuthorityList("SCOPE_read"),
+				TestOidcIdTokens.idToken().build());
 
 		this.mvc.perform(get("/id-token/sub").with(oidcLogin().idToken(i -> i.subject("foo")).oidcUser(oidcUser)))
 				.andExpect(status().isOk()).andExpect(content().string("subject"));
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOpaqueTokenTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOpaqueTokenTests.java
index 53dd72627f..4acdb63396 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOpaqueTokenTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOpaqueTokenTests.java
@@ -33,6 +33,7 @@ import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.annotation.AuthenticationPrincipal;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.oauth2.core.OAuth2AuthenticatedPrincipal;
+import org.springframework.security.oauth2.core.TestOAuth2AuthenticatedPrincipals;
 import org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenIntrospector;
 import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
@@ -45,9 +46,8 @@ import org.springframework.web.bind.annotation.RestController;
 import org.springframework.web.context.WebApplicationContext;
 import org.springframework.web.servlet.config.annotation.EnableWebMvc;
 
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
-import static org.powermock.api.mockito.PowerMockito.when;
-import static org.springframework.security.oauth2.core.TestOAuth2AuthenticatedPrincipals.active;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.opaqueToken;
 import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.springSecurity;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
@@ -98,8 +98,8 @@ public class SecurityMockMvcRequestPostProcessorsOpaqueTokenTests {
 	public void opaqueTokenWhenPrincipalSpecifiedThenAuthenticationHasPrincipal() throws Exception {
 		Collection authorities = Collections.singleton(new SimpleGrantedAuthority("SCOPE_read"));
 		OAuth2AuthenticatedPrincipal principal = mock(OAuth2AuthenticatedPrincipal.class);
-		when(principal.getName()).thenReturn("ben");
-		when(principal.getAuthorities()).thenReturn(authorities);
+		given(principal.getName()).willReturn("ben");
+		given(principal.getAuthorities()).willReturn(authorities);
 
 		this.mvc.perform(get("/name").with(opaqueToken().principal(principal))).andExpect(content().string("ben"));
 	}
@@ -107,7 +107,7 @@ public class SecurityMockMvcRequestPostProcessorsOpaqueTokenTests {
 	// gh-7800
 	@Test
 	public void opaqueTokenWhenPrincipalSpecifiedThenLastCalledTakesPrecedence() throws Exception {
-		OAuth2AuthenticatedPrincipal principal = active(a -> a.put("scope", "user"));
+		OAuth2AuthenticatedPrincipal principal = TestOAuth2AuthenticatedPrincipals.active(a -> a.put("scope", "user"));
 
 		this.mvc.perform(
 				get("/opaque-token/sub").with(opaqueToken().attributes(a -> a.put("sub", "foo")).principal(principal)))
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsSecurityContextTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsSecurityContextTests.java
index 5a71745175..376287a2a6 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsSecurityContextTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsSecurityContextTests.java
@@ -24,6 +24,7 @@ import org.junit.runner.RunWith;
 import org.mockito.ArgumentCaptor;
 import org.mockito.Captor;
 import org.mockito.Mock;
+import org.powermock.api.mockito.PowerMockito;
 import org.powermock.core.classloader.annotations.PowerMockIgnore;
 import org.powermock.core.classloader.annotations.PrepareOnlyThisForTest;
 import org.powermock.modules.junit4.PowerMockRunner;
@@ -38,8 +39,6 @@ import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.Mockito.verify;
-import static org.powermock.api.mockito.PowerMockito.spy;
-import static org.powermock.api.mockito.PowerMockito.when;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.securityContext;
 
 @RunWith(PowerMockRunner.class)
@@ -81,8 +80,8 @@ public class SecurityMockMvcRequestPostProcessorsSecurityContextTests {
 	}
 
 	private void mockWebTestUtils() {
-		spy(WebTestUtils.class);
-		when(WebTestUtils.getSecurityContextRepository(this.request)).thenReturn(this.repository);
+		PowerMockito.spy(WebTestUtils.class);
+		PowerMockito.when(WebTestUtils.getSecurityContextRepository(this.request)).thenReturn(this.repository);
 	}
 
 }
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsTestSecurityContextTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsTestSecurityContextTests.java
index 08f76801c5..68fda69b26 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsTestSecurityContextTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsTestSecurityContextTests.java
@@ -22,6 +22,7 @@ import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
+import org.powermock.api.mockito.PowerMockito;
 import org.powermock.core.classloader.annotations.PowerMockIgnore;
 import org.powermock.core.classloader.annotations.PrepareOnlyThisForTest;
 import org.powermock.modules.junit4.PowerMockRunner;
@@ -36,8 +37,6 @@ import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.Mockito.never;
 import static org.mockito.Mockito.verify;
-import static org.powermock.api.mockito.PowerMockito.spy;
-import static org.powermock.api.mockito.PowerMockito.when;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.testSecurityContext;
 
 @RunWith(PowerMockRunner.class)
@@ -84,8 +83,8 @@ public class SecurityMockMvcRequestPostProcessorsTestSecurityContextTests {
 	}
 
 	private void mockWebTestUtils() {
-		spy(WebTestUtils.class);
-		when(WebTestUtils.getSecurityContextRepository(this.request)).thenReturn(this.repository);
+		PowerMockito.spy(WebTestUtils.class);
+		PowerMockito.when(WebTestUtils.getSecurityContextRepository(this.request)).thenReturn(this.repository);
 	}
 
 }
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsUserDetailsTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsUserDetailsTests.java
index b3e27f1c96..4f23b5284e 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsUserDetailsTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsUserDetailsTests.java
@@ -24,6 +24,7 @@ import org.junit.runner.RunWith;
 import org.mockito.ArgumentCaptor;
 import org.mockito.Captor;
 import org.mockito.Mock;
+import org.powermock.api.mockito.PowerMockito;
 import org.powermock.core.classloader.annotations.PowerMockIgnore;
 import org.powermock.core.classloader.annotations.PrepareOnlyThisForTest;
 import org.powermock.modules.junit4.PowerMockRunner;
@@ -40,8 +41,6 @@ import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.Mockito.verify;
-import static org.powermock.api.mockito.PowerMockito.spy;
-import static org.powermock.api.mockito.PowerMockito.when;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.user;
 
 @RunWith(PowerMockRunner.class)
@@ -84,8 +83,8 @@ public class SecurityMockMvcRequestPostProcessorsUserDetailsTests {
 	}
 
 	private void mockWebTestUtils() {
-		spy(WebTestUtils.class);
-		when(WebTestUtils.getSecurityContextRepository(this.request)).thenReturn(this.repository);
+		PowerMockito.spy(WebTestUtils.class);
+		PowerMockito.when(WebTestUtils.getSecurityContextRepository(this.request)).thenReturn(this.repository);
 	}
 
 }
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsUserTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsUserTests.java
index 3d3b4266ae..7e3b0c1eab 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsUserTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsUserTests.java
@@ -27,6 +27,7 @@ import org.junit.runner.RunWith;
 import org.mockito.ArgumentCaptor;
 import org.mockito.Captor;
 import org.mockito.Mock;
+import org.powermock.api.mockito.PowerMockito;
 import org.powermock.core.classloader.annotations.PowerMockIgnore;
 import org.powermock.core.classloader.annotations.PrepareOnlyThisForTest;
 import org.powermock.modules.junit4.PowerMockRunner;
@@ -43,8 +44,6 @@ import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.Mockito.verify;
-import static org.powermock.api.mockito.PowerMockito.spy;
-import static org.powermock.api.mockito.PowerMockito.when;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.user;
 
 @RunWith(PowerMockRunner.class)
@@ -141,8 +140,8 @@ public class SecurityMockMvcRequestPostProcessorsUserTests {
 	}
 
 	private void mockWebTestUtils() {
-		spy(WebTestUtils.class);
-		when(WebTestUtils.getSecurityContextRepository(this.request)).thenReturn(this.repository);
+		PowerMockito.spy(WebTestUtils.class);
+		PowerMockito.when(WebTestUtils.getSecurityContextRepository(this.request)).thenReturn(this.repository);
 	}
 
 }
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomLoginRequestBuilderAuthenticationTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomLoginRequestBuilderAuthenticationTests.java
index 7e46f5bcc2..48043ce380 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomLoginRequestBuilderAuthenticationTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomLoginRequestBuilderAuthenticationTests.java
@@ -28,7 +28,6 @@ import org.springframework.security.core.userdetails.User;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.provisioning.InMemoryUserDetailsManager;
-import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders;
 import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.FormLoginRequestBuilder;
 import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
@@ -38,6 +37,7 @@ import org.springframework.test.web.servlet.setup.MockMvcBuilders;
 import org.springframework.web.context.WebApplicationContext;
 import org.springframework.web.servlet.config.annotation.EnableWebMvc;
 
+import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.formLogin;
 import static org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.authenticated;
 import static org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.unauthenticated;
 import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.springSecurity;
@@ -72,7 +72,7 @@ public class CustomLoginRequestBuilderAuthenticationTests {
 	}
 
 	static FormLoginRequestBuilder login() {
-		return SecurityMockMvcRequestBuilders.formLogin("/authenticate").userParameter("user").passwordParam("pass");
+		return formLogin("/authenticate").userParameter("user").passwordParam("pass");
 	}
 
 	@EnableWebSecurity
diff --git a/test/src/test/java/org/springframework/security/test/web/support/WebTestUtilsTests.java b/test/src/test/java/org/springframework/security/test/web/support/WebTestUtilsTests.java
index bed3c0dc20..9e483e0b9d 100644
--- a/test/src/test/java/org/springframework/security/test/web/support/WebTestUtilsTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/support/WebTestUtilsTests.java
@@ -42,8 +42,6 @@ import org.springframework.web.context.WebApplicationContext;
 import org.springframework.web.context.support.AnnotationConfigWebApplicationContext;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.springframework.security.test.web.support.WebTestUtils.getCsrfTokenRepository;
-import static org.springframework.security.test.web.support.WebTestUtils.getSecurityContextRepository;
 
 @RunWith(MockitoJUnitRunner.class)
 public class WebTestUtilsTests {
@@ -72,19 +70,22 @@ public class WebTestUtilsTests {
 
 	@Test
 	public void getCsrfTokenRepositorytNoWac() {
-		assertThat(getCsrfTokenRepository(this.request)).isInstanceOf(HttpSessionCsrfTokenRepository.class);
+		assertThat(WebTestUtils.getCsrfTokenRepository(this.request))
+				.isInstanceOf(HttpSessionCsrfTokenRepository.class);
 	}
 
 	@Test
 	public void getCsrfTokenRepositorytNoSecurity() {
 		loadConfig(Config.class);
-		assertThat(getCsrfTokenRepository(this.request)).isInstanceOf(HttpSessionCsrfTokenRepository.class);
+		assertThat(WebTestUtils.getCsrfTokenRepository(this.request))
+				.isInstanceOf(HttpSessionCsrfTokenRepository.class);
 	}
 
 	@Test
 	public void getCsrfTokenRepositorytSecurityNoCsrf() {
 		loadConfig(SecurityNoCsrfConfig.class);
-		assertThat(getCsrfTokenRepository(this.request)).isInstanceOf(HttpSessionCsrfTokenRepository.class);
+		assertThat(WebTestUtils.getCsrfTokenRepository(this.request))
+				.isInstanceOf(HttpSessionCsrfTokenRepository.class);
 	}
 
 	@Test
@@ -92,26 +93,29 @@ public class WebTestUtilsTests {
 		CustomSecurityConfig.CONTEXT_REPO = this.contextRepo;
 		CustomSecurityConfig.CSRF_REPO = this.csrfRepo;
 		loadConfig(CustomSecurityConfig.class);
-		assertThat(getCsrfTokenRepository(this.request)).isSameAs(this.csrfRepo);
+		assertThat(WebTestUtils.getCsrfTokenRepository(this.request)).isSameAs(this.csrfRepo);
 	}
 
 	// getSecurityContextRepository
 
 	@Test
 	public void getSecurityContextRepositoryNoWac() {
-		assertThat(getSecurityContextRepository(this.request)).isInstanceOf(HttpSessionSecurityContextRepository.class);
+		assertThat(WebTestUtils.getSecurityContextRepository(this.request))
+				.isInstanceOf(HttpSessionSecurityContextRepository.class);
 	}
 
 	@Test
 	public void getSecurityContextRepositoryNoSecurity() {
 		loadConfig(Config.class);
-		assertThat(getSecurityContextRepository(this.request)).isInstanceOf(HttpSessionSecurityContextRepository.class);
+		assertThat(WebTestUtils.getSecurityContextRepository(this.request))
+				.isInstanceOf(HttpSessionSecurityContextRepository.class);
 	}
 
 	@Test
 	public void getSecurityContextRepositorySecurityNoCsrf() {
 		loadConfig(SecurityNoCsrfConfig.class);
-		assertThat(getSecurityContextRepository(this.request)).isInstanceOf(HttpSessionSecurityContextRepository.class);
+		assertThat(WebTestUtils.getSecurityContextRepository(this.request))
+				.isInstanceOf(HttpSessionSecurityContextRepository.class);
 	}
 
 	@Test
@@ -119,7 +123,7 @@ public class WebTestUtilsTests {
 		CustomSecurityConfig.CONTEXT_REPO = this.contextRepo;
 		CustomSecurityConfig.CSRF_REPO = this.csrfRepo;
 		loadConfig(CustomSecurityConfig.class);
-		assertThat(getSecurityContextRepository(this.request)).isSameAs(this.contextRepo);
+		assertThat(WebTestUtils.getSecurityContextRepository(this.request)).isSameAs(this.contextRepo);
 	}
 
 	// gh-3343
diff --git a/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationConverter.java b/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationConverter.java
index 4ed29678c3..09281ac742 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationConverter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationConverter.java
@@ -21,6 +21,7 @@ import java.util.Base64;
 
 import javax.servlet.http.HttpServletRequest;
 
+import org.springframework.http.HttpHeaders;
 import org.springframework.security.authentication.AuthenticationDetailsSource;
 import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
@@ -29,8 +30,6 @@ import org.springframework.security.web.authentication.WebAuthenticationDetailsS
 import org.springframework.util.Assert;
 import org.springframework.util.StringUtils;
 
-import static org.springframework.http.HttpHeaders.AUTHORIZATION;
-
 /**
  * Converts from a HttpServletRequest to {@link UsernamePasswordAuthenticationToken} that
  * can be authenticated. Null authentication possible if there was no Authorization header
@@ -76,7 +75,7 @@ public class BasicAuthenticationConverter implements AuthenticationConverter {
 
 	@Override
 	public UsernamePasswordAuthenticationToken convert(HttpServletRequest request) {
-		String header = request.getHeader(AUTHORIZATION);
+		String header = request.getHeader(HttpHeaders.AUTHORIZATION);
 		if (header == null) {
 			return null;
 		}
diff --git a/web/src/main/java/org/springframework/security/web/csrf/CsrfFilter.java b/web/src/main/java/org/springframework/security/web/csrf/CsrfFilter.java
index a780d56ebd..280535b38e 100644
--- a/web/src/main/java/org/springframework/security/web/csrf/CsrfFilter.java
+++ b/web/src/main/java/org/springframework/security/web/csrf/CsrfFilter.java
@@ -35,8 +35,6 @@ import org.springframework.security.web.util.matcher.RequestMatcher;
 import org.springframework.util.Assert;
 import org.springframework.web.filter.OncePerRequestFilter;
 
-import static java.lang.Boolean.TRUE;
-
 /**
  * <p>
  * Applies
@@ -91,7 +89,7 @@ public final class CsrfFilter extends OncePerRequestFilter {
 
 	@Override
 	protected boolean shouldNotFilter(HttpServletRequest request) throws ServletException {
-		return TRUE.equals(request.getAttribute(SHOULD_NOT_FILTER));
+		return Boolean.TRUE.equals(request.getAttribute(SHOULD_NOT_FILTER));
 	}
 
 	@Override
@@ -135,7 +133,7 @@ public final class CsrfFilter extends OncePerRequestFilter {
 	}
 
 	public static void skipRequest(HttpServletRequest request) {
-		request.setAttribute(SHOULD_NOT_FILTER, TRUE);
+		request.setAttribute(SHOULD_NOT_FILTER, Boolean.TRUE);
 	}
 
 	/**
diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/AuthenticationConverterServerWebExchangeMatcher.java b/web/src/main/java/org/springframework/security/web/server/authentication/AuthenticationConverterServerWebExchangeMatcher.java
index 47f7eb3fdf..951eb75b69 100644
--- a/web/src/main/java/org/springframework/security/web/server/authentication/AuthenticationConverterServerWebExchangeMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/server/authentication/AuthenticationConverterServerWebExchangeMatcher.java
@@ -23,9 +23,6 @@ import org.springframework.security.web.server.util.matcher.ServerWebExchangeMat
 import org.springframework.util.Assert;
 import org.springframework.web.server.ServerWebExchange;
 
-import static org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher.MatchResult.match;
-import static org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher.MatchResult.notMatch;
-
 /**
  * Matches if the {@link ServerAuthenticationConverter} can convert a
  * {@link ServerWebExchange} to an {@link Authentication}.
@@ -46,8 +43,8 @@ public final class AuthenticationConverterServerWebExchangeMatcher implements Se
 
 	@Override
 	public Mono<MatchResult> matches(ServerWebExchange exchange) {
-		return this.serverAuthenticationConverter.convert(exchange).flatMap(a -> match()).onErrorResume(e -> notMatch())
-				.switchIfEmpty(notMatch());
+		return this.serverAuthenticationConverter.convert(exchange).flatMap(a -> MatchResult.match())
+				.onErrorResume(e -> MatchResult.notMatch()).switchIfEmpty(MatchResult.notMatch());
 	}
 
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/csrf/CsrfWebFilter.java b/web/src/main/java/org/springframework/security/web/server/csrf/CsrfWebFilter.java
index 007b205128..8bdab6fa1f 100644
--- a/web/src/main/java/org/springframework/security/web/server/csrf/CsrfWebFilter.java
+++ b/web/src/main/java/org/springframework/security/web/server/csrf/CsrfWebFilter.java
@@ -36,8 +36,6 @@ import org.springframework.web.server.ServerWebExchange;
 import org.springframework.web.server.WebFilter;
 import org.springframework.web.server.WebFilterChain;
 
-import static java.lang.Boolean.TRUE;
-
 /**
  * <p>
  * Applies
@@ -114,7 +112,7 @@ public class CsrfWebFilter implements WebFilter {
 
 	@Override
 	public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
-		if (TRUE.equals(exchange.getAttribute(SHOULD_NOT_FILTER))) {
+		if (Boolean.TRUE.equals(exchange.getAttribute(SHOULD_NOT_FILTER))) {
 			return chain.filter(exchange).then(Mono.empty());
 		}
 
@@ -126,7 +124,7 @@ public class CsrfWebFilter implements WebFilter {
 	}
 
 	public static void skipExchange(ServerWebExchange exchange) {
-		exchange.getAttributes().put(SHOULD_NOT_FILTER, TRUE);
+		exchange.getAttributes().put(SHOULD_NOT_FILTER, Boolean.TRUE);
 	}
 
 	private Mono<Void> validateToken(ServerWebExchange exchange) {
diff --git a/web/src/main/java/org/springframework/security/web/server/transport/HttpsRedirectWebFilter.java b/web/src/main/java/org/springframework/security/web/server/transport/HttpsRedirectWebFilter.java
index 57c88ae447..94ba6af9f6 100644
--- a/web/src/main/java/org/springframework/security/web/server/transport/HttpsRedirectWebFilter.java
+++ b/web/src/main/java/org/springframework/security/web/server/transport/HttpsRedirectWebFilter.java
@@ -25,14 +25,13 @@ import org.springframework.security.web.PortMapperImpl;
 import org.springframework.security.web.server.DefaultServerRedirectStrategy;
 import org.springframework.security.web.server.ServerRedirectStrategy;
 import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher;
+import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers;
 import org.springframework.util.Assert;
 import org.springframework.web.server.ServerWebExchange;
 import org.springframework.web.server.WebFilter;
 import org.springframework.web.server.WebFilterChain;
 import org.springframework.web.util.UriComponentsBuilder;
 
-import static org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers.anyExchange;
-
 /**
  * Redirects any non-HTTPS request to its HTTPS equivalent.
  *
@@ -48,7 +47,7 @@ public final class HttpsRedirectWebFilter implements WebFilter {
 
 	private PortMapper portMapper = new PortMapperImpl();
 
-	private ServerWebExchangeMatcher requiresHttpsRedirectMatcher = anyExchange();
+	private ServerWebExchangeMatcher requiresHttpsRedirectMatcher = ServerWebExchangeMatchers.anyExchange();
 
 	private final ServerRedirectStrategy redirectStrategy = new DefaultServerRedirectStrategy();
 
diff --git a/web/src/test/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServicesTests.java b/web/src/test/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServicesTests.java
index 0f4608bee7..516dba5a08 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServicesTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServicesTests.java
@@ -40,9 +40,6 @@ import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
-import static org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices.DEFAULT_PARAMETER;
-import static org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY;
-import static org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices.TWO_WEEKS_S;
 
 /**
  * Tests
@@ -110,7 +107,7 @@ public class TokenBasedRememberMeServicesTests {
 		Authentication result = this.services.autoLogin(new MockHttpServletRequest(), response);
 		assertThat(result).isNull();
 		// No cookie set
-		assertThat(response.getCookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY)).isNull();
+		assertThat(response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY)).isNull();
 	}
 
 	@Test
@@ -123,27 +120,28 @@ public class TokenBasedRememberMeServicesTests {
 		Authentication result = this.services.autoLogin(request, response);
 
 		assertThat(result).isNull();
-		assertThat(response.getCookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY)).isNull();
+		assertThat(response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY)).isNull();
 	}
 
 	@Test
 	public void autoLoginReturnsNullForExpiredCookieAndClearsCookie() {
-		Cookie cookie = new Cookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, generateCorrectCookieContentForToken(
-				System.currentTimeMillis() - 1000000, "someone", "password", "key"));
+		Cookie cookie = new Cookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY,
+				generateCorrectCookieContentForToken(System.currentTimeMillis() - 1000000, "someone", "password",
+						"key"));
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setCookies(cookie);
 
 		MockHttpServletResponse response = new MockHttpServletResponse();
 
 		assertThat(this.services.autoLogin(request, response)).isNull();
-		Cookie returnedCookie = response.getCookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
+		Cookie returnedCookie = response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
 		assertThat(returnedCookie).isNotNull();
 		assertThat(returnedCookie.getMaxAge()).isZero();
 	}
 
 	@Test
 	public void autoLoginReturnsNullAndClearsCookieIfMissingThreeTokensInCookieValue() {
-		Cookie cookie = new Cookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY,
+		Cookie cookie = new Cookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY,
 				new String(Base64.encodeBase64("x".getBytes())));
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setCookies(cookie);
@@ -151,21 +149,22 @@ public class TokenBasedRememberMeServicesTests {
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		assertThat(this.services.autoLogin(request, response)).isNull();
 
-		Cookie returnedCookie = response.getCookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
+		Cookie returnedCookie = response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
 		assertThat(returnedCookie).isNotNull();
 		assertThat(returnedCookie.getMaxAge()).isZero();
 	}
 
 	@Test
 	public void autoLoginClearsNonBase64EncodedCookie() {
-		Cookie cookie = new Cookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, "NOT_BASE_64_ENCODED");
+		Cookie cookie = new Cookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY,
+				"NOT_BASE_64_ENCODED");
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setCookies(cookie);
 
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		assertThat(this.services.autoLogin(request, response)).isNull();
 
-		Cookie returnedCookie = response.getCookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
+		Cookie returnedCookie = response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
 		assertThat(returnedCookie).isNotNull();
 		assertThat(returnedCookie.getMaxAge()).isZero();
 	}
@@ -173,8 +172,9 @@ public class TokenBasedRememberMeServicesTests {
 	@Test
 	public void autoLoginClearsCookieIfSignatureBlocksDoesNotMatchExpectedValue() {
 		udsWillReturnUser();
-		Cookie cookie = new Cookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, generateCorrectCookieContentForToken(
-				System.currentTimeMillis() + 1000000, "someone", "password", "WRONG_KEY"));
+		Cookie cookie = new Cookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY,
+				generateCorrectCookieContentForToken(System.currentTimeMillis() + 1000000, "someone", "password",
+						"WRONG_KEY"));
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setCookies(cookie);
 
@@ -182,14 +182,14 @@ public class TokenBasedRememberMeServicesTests {
 
 		assertThat(this.services.autoLogin(request, response)).isNull();
 
-		Cookie returnedCookie = response.getCookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
+		Cookie returnedCookie = response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
 		assertThat(returnedCookie).isNotNull();
 		assertThat(returnedCookie.getMaxAge()).isZero();
 	}
 
 	@Test
 	public void autoLoginClearsCookieIfTokenDoesNotContainANumberInCookieValue() {
-		Cookie cookie = new Cookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY,
+		Cookie cookie = new Cookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY,
 				new String(Base64.encodeBase64("username:NOT_A_NUMBER:signature".getBytes())));
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setCookies(cookie);
@@ -197,7 +197,7 @@ public class TokenBasedRememberMeServicesTests {
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		assertThat(this.services.autoLogin(request, response)).isNull();
 
-		Cookie returnedCookie = response.getCookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
+		Cookie returnedCookie = response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
 		assertThat(returnedCookie).isNotNull();
 		assertThat(returnedCookie.getMaxAge()).isZero();
 	}
@@ -205,8 +205,9 @@ public class TokenBasedRememberMeServicesTests {
 	@Test
 	public void autoLoginClearsCookieIfUserNotFound() {
 		udsWillThrowNotFound();
-		Cookie cookie = new Cookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, generateCorrectCookieContentForToken(
-				System.currentTimeMillis() + 1000000, "someone", "password", "key"));
+		Cookie cookie = new Cookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY,
+				generateCorrectCookieContentForToken(System.currentTimeMillis() + 1000000, "someone", "password",
+						"key"));
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setCookies(cookie);
 
@@ -214,7 +215,7 @@ public class TokenBasedRememberMeServicesTests {
 
 		assertThat(this.services.autoLogin(request, response)).isNull();
 
-		Cookie returnedCookie = response.getCookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
+		Cookie returnedCookie = response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
 		assertThat(returnedCookie).isNotNull();
 		assertThat(returnedCookie.getMaxAge()).isZero();
 	}
@@ -222,8 +223,9 @@ public class TokenBasedRememberMeServicesTests {
 	@Test(expected = IllegalArgumentException.class)
 	public void autoLoginClearsCookieIfUserServiceMisconfigured() {
 		udsWillReturnNull();
-		Cookie cookie = new Cookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, generateCorrectCookieContentForToken(
-				System.currentTimeMillis() + 1000000, "someone", "password", "key"));
+		Cookie cookie = new Cookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY,
+				generateCorrectCookieContentForToken(System.currentTimeMillis() + 1000000, "someone", "password",
+						"key"));
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setCookies(cookie);
 
@@ -235,8 +237,9 @@ public class TokenBasedRememberMeServicesTests {
 	@Test
 	public void autoLoginWithValidTokenAndUserSucceeds() {
 		udsWillReturnUser();
-		Cookie cookie = new Cookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, generateCorrectCookieContentForToken(
-				System.currentTimeMillis() + 1000000, "someone", "password", "key"));
+		Cookie cookie = new Cookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY,
+				generateCorrectCookieContentForToken(System.currentTimeMillis() + 1000000, "someone", "password",
+						"key"));
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setCookies(cookie);
 
@@ -254,7 +257,7 @@ public class TokenBasedRememberMeServicesTests {
 
 		assertThat(this.services.getKey()).isEqualTo("key");
 
-		assertThat(this.services.getParameter()).isEqualTo(DEFAULT_PARAMETER);
+		assertThat(this.services.getParameter()).isEqualTo(AbstractRememberMeServices.DEFAULT_PARAMETER);
 		this.services.setParameter("some_param");
 		assertThat(this.services.getParameter()).isEqualTo("some_param");
 
@@ -268,7 +271,7 @@ public class TokenBasedRememberMeServicesTests {
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		this.services.loginFail(request, response);
 
-		Cookie cookie = response.getCookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
+		Cookie cookie = response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
 		assertThat(cookie).isNotNull();
 		assertThat(cookie.getMaxAge()).isZero();
 	}
@@ -278,12 +281,12 @@ public class TokenBasedRememberMeServicesTests {
 		TokenBasedRememberMeServices services = new TokenBasedRememberMeServices("key",
 				new AbstractRememberMeServicesTests.MockUserDetailsService(null, false));
 		MockHttpServletRequest request = new MockHttpServletRequest();
-		request.addParameter(DEFAULT_PARAMETER, "false");
+		request.addParameter(AbstractRememberMeServices.DEFAULT_PARAMETER, "false");
 
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		services.loginSuccess(request, response, new TestingAuthenticationToken("someone", "password", "ROLE_ABC"));
 
-		Cookie cookie = response.getCookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
+		Cookie cookie = response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
 		assertThat(cookie).isNull();
 	}
 
@@ -298,7 +301,7 @@ public class TokenBasedRememberMeServicesTests {
 		this.services.loginSuccess(request, response,
 				new TestingAuthenticationToken("someone", "password", "ROLE_ABC"));
 
-		Cookie cookie = response.getCookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
+		Cookie cookie = response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
 		String expiryTime = this.services.decodeCookie(cookie.getValue())[1];
 		long expectedExpiryTime = 1000L * 500000000;
 		expectedExpiryTime += System.currentTimeMillis();
@@ -318,7 +321,7 @@ public class TokenBasedRememberMeServicesTests {
 		this.services.loginSuccess(request, response,
 				new TestingAuthenticationToken("someone", "password", "ROLE_ABC"));
 
-		Cookie cookie = response.getCookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
+		Cookie cookie = response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
 		assertThat(cookie).isNotNull();
 		assertThat(cookie.getMaxAge()).isEqualTo(this.services.getTokenValiditySeconds());
 		assertThat(Base64.isArrayByteBase64(cookie.getValue().getBytes())).isTrue();
@@ -336,18 +339,18 @@ public class TokenBasedRememberMeServicesTests {
 	@Test
 	public void negativeValidityPeriodIsSetOnCookieButExpiryTimeRemainsAtTwoWeeks() {
 		MockHttpServletRequest request = new MockHttpServletRequest();
-		request.addParameter(DEFAULT_PARAMETER, "true");
+		request.addParameter(AbstractRememberMeServices.DEFAULT_PARAMETER, "true");
 
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		this.services.setTokenValiditySeconds(-1);
 		this.services.loginSuccess(request, response,
 				new TestingAuthenticationToken("someone", "password", "ROLE_ABC"));
 
-		Cookie cookie = response.getCookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
+		Cookie cookie = response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
 		assertThat(cookie).isNotNull();
 		// Check the expiry time is within 50ms of two weeks from current time
 		assertThat(determineExpiryTimeFromBased64EncodedToken(cookie.getValue())
-				- System.currentTimeMillis() > TWO_WEEKS_S - 50).isTrue();
+				- System.currentTimeMillis() > AbstractRememberMeServices.TWO_WEEKS_S - 50).isTrue();
 		assertThat(cookie.getMaxAge()).isEqualTo(-1);
 		assertThat(Base64.isArrayByteBase64(cookie.getValue().getBytes())).isTrue();
 	}
diff --git a/web/src/test/java/org/springframework/security/web/authentication/ui/DefaultLogoutPageGeneratingFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/ui/DefaultLogoutPageGeneratingFilterTests.java
index 0036813bd4..ea25312591 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/ui/DefaultLogoutPageGeneratingFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/ui/DefaultLogoutPageGeneratingFilterTests.java
@@ -23,7 +23,7 @@ import org.junit.Test;
 import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.test.web.servlet.setup.MockMvcBuilders;
 
-import static org.hamcrest.core.StringContains.containsString;
+import static org.hamcrest.CoreMatchers.containsString;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content;
 
diff --git a/web/src/test/java/org/springframework/security/web/context/AbstractSecurityWebApplicationInitializerTests.java b/web/src/test/java/org/springframework/security/web/context/AbstractSecurityWebApplicationInitializerTests.java
index fdaa0cca8d..087653ce2e 100644
--- a/web/src/test/java/org/springframework/security/web/context/AbstractSecurityWebApplicationInitializerTests.java
+++ b/web/src/test/java/org/springframework/security/web/context/AbstractSecurityWebApplicationInitializerTests.java
@@ -40,11 +40,11 @@ import static org.assertj.core.api.Assertions.assertThatCode;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyString;
 import static org.mockito.ArgumentMatchers.eq;
-import static org.mockito.Mockito.doNothing;
+import static org.mockito.BDDMockito.given;
+import static org.mockito.BDDMockito.willDoNothing;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
-import static org.powermock.api.mockito.PowerMockito.when;
 
 /**
  * @author Rob Winch
@@ -61,7 +61,7 @@ public class AbstractSecurityWebApplicationInitializerTests {
 		FilterRegistration.Dynamic registration = mock(FilterRegistration.Dynamic.class);
 
 		ArgumentCaptor<DelegatingFilterProxy> proxyCaptor = ArgumentCaptor.forClass(DelegatingFilterProxy.class);
-		when(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).thenReturn(registration);
+		given(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).willReturn(registration);
 
 		new AbstractSecurityWebApplicationInitializer() {
 		}.onStartup(context);
@@ -80,7 +80,7 @@ public class AbstractSecurityWebApplicationInitializerTests {
 
 		ArgumentCaptor<DelegatingFilterProxy> proxyCaptor = ArgumentCaptor.forClass(DelegatingFilterProxy.class);
 
-		when(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).thenReturn(registration);
+		given(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).willReturn(registration);
 
 		new AbstractSecurityWebApplicationInitializer(MyRootConfiguration.class) {
 		}.onStartup(context);
@@ -99,7 +99,7 @@ public class AbstractSecurityWebApplicationInitializerTests {
 
 		ArgumentCaptor<DelegatingFilterProxy> proxyCaptor = ArgumentCaptor.forClass(DelegatingFilterProxy.class);
 
-		when(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).thenReturn(registration);
+		given(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).willReturn(registration);
 
 		new AbstractSecurityWebApplicationInitializer() {
 			@Override
@@ -122,7 +122,7 @@ public class AbstractSecurityWebApplicationInitializerTests {
 
 		ArgumentCaptor<DelegatingFilterProxy> proxyCaptor = ArgumentCaptor.forClass(DelegatingFilterProxy.class);
 
-		when(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).thenReturn(registration);
+		given(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).willReturn(registration);
 
 		new AbstractSecurityWebApplicationInitializer() {
 			@Override
@@ -146,7 +146,7 @@ public class AbstractSecurityWebApplicationInitializerTests {
 
 		ArgumentCaptor<DelegatingFilterProxy> proxyCaptor = ArgumentCaptor.forClass(DelegatingFilterProxy.class);
 
-		when(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).thenReturn(registration);
+		given(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).willReturn(registration);
 
 		new AbstractSecurityWebApplicationInitializer() {
 			@Override
@@ -184,9 +184,9 @@ public class AbstractSecurityWebApplicationInitializerTests {
 
 		ArgumentCaptor<DelegatingFilterProxy> proxyCaptor = ArgumentCaptor.forClass(DelegatingFilterProxy.class);
 
-		when(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).thenReturn(registration);
-		when(context.addFilter(anyString(), eq(filter1))).thenReturn(registration);
-		when(context.addFilter(anyString(), eq(filter2))).thenReturn(registration);
+		given(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).willReturn(registration);
+		given(context.addFilter(anyString(), eq(filter1))).willReturn(registration);
+		given(context.addFilter(anyString(), eq(filter2))).willReturn(registration);
 
 		new AbstractSecurityWebApplicationInitializer() {
 			@Override
@@ -212,7 +212,7 @@ public class AbstractSecurityWebApplicationInitializerTests {
 
 		ArgumentCaptor<DelegatingFilterProxy> proxyCaptor = ArgumentCaptor.forClass(DelegatingFilterProxy.class);
 
-		when(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).thenReturn(registration);
+		given(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).willReturn(registration);
 
 		assertThatCode(() -> new AbstractSecurityWebApplicationInitializer() {
 			@Override
@@ -235,7 +235,7 @@ public class AbstractSecurityWebApplicationInitializerTests {
 
 		ArgumentCaptor<DelegatingFilterProxy> proxyCaptor = ArgumentCaptor.forClass(DelegatingFilterProxy.class);
 
-		when(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).thenReturn(registration);
+		given(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).willReturn(registration);
 
 		assertThatCode(() -> new AbstractSecurityWebApplicationInitializer() {
 			@Override
@@ -256,8 +256,8 @@ public class AbstractSecurityWebApplicationInitializerTests {
 
 		ArgumentCaptor<DelegatingFilterProxy> proxyCaptor = ArgumentCaptor.forClass(DelegatingFilterProxy.class);
 
-		when(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).thenReturn(registration);
-		when(context.addFilter(anyString(), eq(filter))).thenReturn(registration);
+		given(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).willReturn(registration);
+		given(context.addFilter(anyString(), eq(filter))).willReturn(registration);
 
 		assertThatCode(() -> new AbstractSecurityWebApplicationInitializer() {
 			@Override
@@ -279,9 +279,9 @@ public class AbstractSecurityWebApplicationInitializerTests {
 
 		ArgumentCaptor<DelegatingFilterProxy> proxyCaptor = ArgumentCaptor.forClass(DelegatingFilterProxy.class);
 
-		when(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).thenReturn(registration);
-		when(context.addFilter(anyString(), eq(filter1))).thenReturn(registration);
-		when(context.addFilter(anyString(), eq(filter2))).thenReturn(registration);
+		given(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).willReturn(registration);
+		given(context.addFilter(anyString(), eq(filter1))).willReturn(registration);
+		given(context.addFilter(anyString(), eq(filter2))).willReturn(registration);
 
 		new AbstractSecurityWebApplicationInitializer() {
 			@Override
@@ -305,7 +305,7 @@ public class AbstractSecurityWebApplicationInitializerTests {
 
 		ArgumentCaptor<DelegatingFilterProxy> proxyCaptor = ArgumentCaptor.forClass(DelegatingFilterProxy.class);
 
-		when(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).thenReturn(registration);
+		given(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).willReturn(registration);
 
 		assertThatCode(() -> new AbstractSecurityWebApplicationInitializer() {
 			@Override
@@ -328,7 +328,7 @@ public class AbstractSecurityWebApplicationInitializerTests {
 
 		ArgumentCaptor<DelegatingFilterProxy> proxyCaptor = ArgumentCaptor.forClass(DelegatingFilterProxy.class);
 
-		when(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).thenReturn(registration);
+		given(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).willReturn(registration);
 
 		assertThatCode(() -> new AbstractSecurityWebApplicationInitializer() {
 			@Override
@@ -349,8 +349,8 @@ public class AbstractSecurityWebApplicationInitializerTests {
 
 		ArgumentCaptor<DelegatingFilterProxy> proxyCaptor = ArgumentCaptor.forClass(DelegatingFilterProxy.class);
 
-		when(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).thenReturn(registration);
-		when(context.addFilter(anyString(), eq(filter))).thenReturn(registration);
+		given(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).willReturn(registration);
+		given(context.addFilter(anyString(), eq(filter))).willReturn(registration);
 
 		assertThatCode(() -> new AbstractSecurityWebApplicationInitializer() {
 			@Override
@@ -369,12 +369,12 @@ public class AbstractSecurityWebApplicationInitializerTests {
 		FilterRegistration.Dynamic registration = mock(FilterRegistration.Dynamic.class);
 
 		ArgumentCaptor<DelegatingFilterProxy> proxyCaptor = ArgumentCaptor.forClass(DelegatingFilterProxy.class);
-		when(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).thenReturn(registration);
+		given(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).willReturn(registration);
 
 		ArgumentCaptor<Set<SessionTrackingMode>> modesCaptor = ArgumentCaptor
 				.forClass(new HashSet<SessionTrackingMode>() {
 				}.getClass());
-		doNothing().when(context).setSessionTrackingModes(modesCaptor.capture());
+		willDoNothing().given(context).setSessionTrackingModes(modesCaptor.capture());
 
 		new AbstractSecurityWebApplicationInitializer() {
 		}.onStartup(context);
@@ -392,12 +392,12 @@ public class AbstractSecurityWebApplicationInitializerTests {
 		FilterRegistration.Dynamic registration = mock(FilterRegistration.Dynamic.class);
 
 		ArgumentCaptor<DelegatingFilterProxy> proxyCaptor = ArgumentCaptor.forClass(DelegatingFilterProxy.class);
-		when(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).thenReturn(registration);
+		given(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).willReturn(registration);
 
 		ArgumentCaptor<Set<SessionTrackingMode>> modesCaptor = ArgumentCaptor
 				.forClass(new HashSet<SessionTrackingMode>() {
 				}.getClass());
-		doNothing().when(context).setSessionTrackingModes(modesCaptor.capture());
+		willDoNothing().given(context).setSessionTrackingModes(modesCaptor.capture());
 
 		new AbstractSecurityWebApplicationInitializer() {
 			@Override
diff --git a/web/src/test/java/org/springframework/security/web/context/HttpSessionSecurityContextRepositoryTests.java b/web/src/test/java/org/springframework/security/web/context/HttpSessionSecurityContextRepositoryTests.java
index 4d0927b4e2..f8e06e9c5e 100644
--- a/web/src/test/java/org/springframework/security/web/context/HttpSessionSecurityContextRepositoryTests.java
+++ b/web/src/test/java/org/springframework/security/web/context/HttpSessionSecurityContextRepositoryTests.java
@@ -45,12 +45,11 @@ import org.springframework.security.core.context.SecurityContextHolder;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.anyBoolean;
+import static org.mockito.BDDMockito.given;
+import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.never;
 import static org.mockito.Mockito.reset;
 import static org.mockito.Mockito.verify;
-import static org.powermock.api.mockito.PowerMockito.mock;
-import static org.powermock.api.mockito.PowerMockito.when;
-import static org.springframework.security.web.context.HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY;
 
 /**
  * @author Luke Taylor
@@ -153,7 +152,7 @@ public class HttpSessionSecurityContextRepositoryTests {
 		SecurityContext ctx = SecurityContextHolder.getContext();
 		ctx.setAuthentication(this.testToken);
 		HttpSession session = mock(HttpSession.class);
-		when(session.getAttribute(SPRING_SECURITY_CONTEXT_KEY)).thenReturn(ctx);
+		given(session.getAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY)).willReturn(ctx);
 		request.setSession(session);
 		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, new MockHttpServletResponse());
 		assertThat(repo.loadContext(holder)).isSameAs(ctx);
@@ -164,7 +163,7 @@ public class HttpSessionSecurityContextRepositoryTests {
 		repo.saveContext(ctx, holder.getRequest(), holder.getResponse());
 
 		// Must be called even though the value in the local VM is already the same
-		verify(session).setAttribute(SPRING_SECURITY_CONTEXT_KEY, ctx);
+		verify(session).setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, ctx);
 	}
 
 	@Test
@@ -172,7 +171,8 @@ public class HttpSessionSecurityContextRepositoryTests {
 		HttpSessionSecurityContextRepository repo = new HttpSessionSecurityContextRepository();
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		SecurityContextHolder.getContext().setAuthentication(this.testToken);
-		request.getSession().setAttribute(SPRING_SECURITY_CONTEXT_KEY, "NotASecurityContextInstance");
+		request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY,
+				"NotASecurityContextInstance");
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, response);
 		SecurityContext context = repo.loadContext(holder);
@@ -192,7 +192,8 @@ public class HttpSessionSecurityContextRepositoryTests {
 		context.setAuthentication(this.testToken);
 		repo.saveContext(context, holder.getRequest(), holder.getResponse());
 		assertThat(request.getSession(false)).isNotNull();
-		assertThat(request.getSession().getAttribute(SPRING_SECURITY_CONTEXT_KEY)).isEqualTo(context);
+		assertThat(request.getSession().getAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY))
+				.isEqualTo(context);
 	}
 
 	@Test
@@ -328,7 +329,7 @@ public class HttpSessionSecurityContextRepositoryTests {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		HttpServletResponse response = mock(HttpServletResponse.class);
 		ServletOutputStream outputstream = mock(ServletOutputStream.class);
-		when(response.getOutputStream()).thenReturn(outputstream);
+		given(response.getOutputStream()).willReturn(outputstream);
 		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, response);
 		SecurityContextHolder.setContext(repo.loadContext(holder));
 		SecurityContextHolder.getContext().setAuthentication(this.testToken);
@@ -344,7 +345,7 @@ public class HttpSessionSecurityContextRepositoryTests {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		HttpServletResponse response = mock(HttpServletResponse.class);
 		ServletOutputStream outputstream = mock(ServletOutputStream.class);
-		when(response.getOutputStream()).thenReturn(outputstream);
+		given(response.getOutputStream()).willReturn(outputstream);
 		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, response);
 		SecurityContextHolder.setContext(repo.loadContext(holder));
 		SecurityContextHolder.getContext().setAuthentication(this.testToken);
@@ -387,13 +388,15 @@ public class HttpSessionSecurityContextRepositoryTests {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		SecurityContext ctxInSession = SecurityContextHolder.createEmptyContext();
 		ctxInSession.setAuthentication(this.testToken);
-		request.getSession().setAttribute(SPRING_SECURITY_CONTEXT_KEY, ctxInSession);
+		request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY,
+				ctxInSession);
 		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, new MockHttpServletResponse());
 		repo.loadContext(holder);
 		SecurityContextHolder.getContext()
 				.setAuthentication(new AnonymousAuthenticationToken("x", "x", this.testToken.getAuthorities()));
 		repo.saveContext(SecurityContextHolder.getContext(), holder.getRequest(), holder.getResponse());
-		assertThat(request.getSession().getAttribute(SPRING_SECURITY_CONTEXT_KEY)).isNull();
+		assertThat(request.getSession().getAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY))
+				.isNull();
 	}
 
 	@Test
@@ -420,11 +423,13 @@ public class HttpSessionSecurityContextRepositoryTests {
 		repo.loadContext(holder);
 		SecurityContext ctxInSession = SecurityContextHolder.createEmptyContext();
 		ctxInSession.setAuthentication(this.testToken);
-		request.getSession().setAttribute(SPRING_SECURITY_CONTEXT_KEY, ctxInSession);
+		request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY,
+				ctxInSession);
 		SecurityContextHolder.getContext().setAuthentication(
 				new AnonymousAuthenticationToken("x", "x", AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS")));
 		repo.saveContext(SecurityContextHolder.getContext(), holder.getRequest(), holder.getResponse());
-		assertThat(ctxInSession).isSameAs(request.getSession().getAttribute(SPRING_SECURITY_CONTEXT_KEY));
+		assertThat(ctxInSession).isSameAs(
+				request.getSession().getAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY));
 	}
 
 	// SEC-3070
@@ -434,7 +439,8 @@ public class HttpSessionSecurityContextRepositoryTests {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		SecurityContext ctxInSession = SecurityContextHolder.createEmptyContext();
 		ctxInSession.setAuthentication(this.testToken);
-		request.getSession().setAttribute(SPRING_SECURITY_CONTEXT_KEY, ctxInSession);
+		request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY,
+				ctxInSession);
 
 		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, new MockHttpServletResponse());
 		repo.loadContext(holder);
@@ -442,7 +448,8 @@ public class HttpSessionSecurityContextRepositoryTests {
 		ctxInSession.setAuthentication(null);
 		repo.saveContext(ctxInSession, holder.getRequest(), holder.getResponse());
 
-		assertThat(request.getSession().getAttribute(SPRING_SECURITY_CONTEXT_KEY)).isNull();
+		assertThat(request.getSession().getAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY))
+				.isNull();
 	}
 
 	@Test
@@ -527,7 +534,8 @@ public class HttpSessionSecurityContextRepositoryTests {
 				new HttpServletResponseWrapper(holder.getResponse()));
 
 		assertThat(request.getSession(false)).isNotNull();
-		assertThat(request.getSession().getAttribute(SPRING_SECURITY_CONTEXT_KEY)).isEqualTo(context);
+		assertThat(request.getSession().getAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY))
+				.isEqualTo(context);
 	}
 
 	@Test(expected = IllegalStateException.class)
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/ClearSiteDataHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/ClearSiteDataHeaderWriterTests.java
index 46be30a595..4b9b83589b 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/ClearSiteDataHeaderWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/ClearSiteDataHeaderWriterTests.java
@@ -23,12 +23,9 @@ import org.junit.rules.ExpectedException;
 
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
+import org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter.Directive;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter.Directive.CACHE;
-import static org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter.Directive.COOKIES;
-import static org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter.Directive.EXECUTION_CONTEXTS;
-import static org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter.Directive.STORAGE;
 
 /**
  * @author Rafiullah Hamedy
@@ -64,7 +61,7 @@ public class ClearSiteDataHeaderWriterTests {
 	@Test
 	public void writeHeaderWhenRequestNotSecureThenHeaderIsNotPresent() {
 		this.request.setSecure(false);
-		ClearSiteDataHeaderWriter headerWriter = new ClearSiteDataHeaderWriter(CACHE);
+		ClearSiteDataHeaderWriter headerWriter = new ClearSiteDataHeaderWriter(Directive.CACHE);
 		headerWriter.writeHeaders(this.request, this.response);
 
 		assertThat(this.response.getHeader(HEADER_NAME)).isNull();
@@ -72,7 +69,7 @@ public class ClearSiteDataHeaderWriterTests {
 
 	@Test
 	public void writeHeaderWhenRequestIsSecureThenHeaderValueMatchesPassedSource() {
-		ClearSiteDataHeaderWriter headerWriter = new ClearSiteDataHeaderWriter(STORAGE);
+		ClearSiteDataHeaderWriter headerWriter = new ClearSiteDataHeaderWriter(Directive.STORAGE);
 		headerWriter.writeHeaders(this.request, this.response);
 
 		assertThat(this.response.getHeader(HEADER_NAME)).isEqualTo("\"storage\"");
@@ -80,8 +77,8 @@ public class ClearSiteDataHeaderWriterTests {
 
 	@Test
 	public void writeHeaderWhenRequestIsSecureThenHeaderValueMatchesPassedSources() {
-		ClearSiteDataHeaderWriter headerWriter = new ClearSiteDataHeaderWriter(CACHE, COOKIES, STORAGE,
-				EXECUTION_CONTEXTS);
+		ClearSiteDataHeaderWriter headerWriter = new ClearSiteDataHeaderWriter(Directive.CACHE, Directive.COOKIES,
+				Directive.STORAGE, Directive.EXECUTION_CONTEXTS);
 		headerWriter.writeHeaders(this.request, this.response);
 
 		assertThat(this.response.getHeader(HEADER_NAME))
diff --git a/web/src/test/java/org/springframework/security/web/method/ResolvableMethod.java b/web/src/test/java/org/springframework/security/web/method/ResolvableMethod.java
index 37fe725548..eebbc02be4 100644
--- a/web/src/test/java/org/springframework/security/web/method/ResolvableMethod.java
+++ b/web/src/test/java/org/springframework/security/web/method/ResolvableMethod.java
@@ -27,6 +27,7 @@ import java.util.Set;
 import java.util.function.Consumer;
 import java.util.function.Predicate;
 import java.util.function.Supplier;
+import java.util.stream.Collectors;
 
 import org.aopalliance.intercept.MethodInterceptor;
 import org.apache.commons.logging.Log;
@@ -54,8 +55,6 @@ import org.springframework.util.ObjectUtils;
 import org.springframework.util.ReflectionUtils;
 import org.springframework.web.bind.annotation.ValueConstants;
 
-import static java.util.stream.Collectors.joining;
-
 /**
  * Convenience class to resolve method parameters from hints.
  *
@@ -211,13 +210,14 @@ public final class ResolvableMethod {
 
 	private String formatMethod() {
 		return this.method().getName() + Arrays.stream(this.method.getParameters()).map(this::formatParameter)
-				.collect(joining(",\n\t", "(\n\t", "\n)"));
+				.collect(Collectors.joining(",\n\t", "(\n\t", "\n)"));
 	}
 
 	private String formatParameter(Parameter param) {
 		Annotation[] annot = param.getAnnotations();
 		return annot.length > 0
-				? Arrays.stream(annot).map(this::formatAnnotation).collect(joining(",", "[", "]")) + " " + param
+				? Arrays.stream(annot).map(this::formatAnnotation).collect(Collectors.joining(",", "[", "]")) + " "
+						+ param
 				: param.toString();
 	}
 
@@ -413,8 +413,8 @@ public final class ResolvableMethod {
 		}
 
 		private String formatMethods(Set<Method> methods) {
-			return "\nMatched:\n"
-					+ methods.stream().map(Method::toGenericString).collect(joining(",\n\t", "[\n\t", "\n]"));
+			return "\nMatched:\n" + methods.stream().map(Method::toGenericString)
+					.collect(Collectors.joining(",\n\t", "[\n\t", "\n]"));
 		}
 
 		public ResolvableMethod mockCall(Consumer<T> invoker) {
@@ -490,7 +490,8 @@ public final class ResolvableMethod {
 		}
 
 		private String formatFilters() {
-			return this.filters.stream().map(Object::toString).collect(joining(",\n\t\t", "[\n\t\t", "\n\t]"));
+			return this.filters.stream().map(Object::toString)
+					.collect(Collectors.joining(",\n\t\t", "[\n\t\t", "\n\t]"));
 		}
 
 	}
diff --git a/web/src/test/java/org/springframework/security/web/reactive/result/view/CsrfRequestDataValueProcessorTests.java b/web/src/test/java/org/springframework/security/web/reactive/result/view/CsrfRequestDataValueProcessorTests.java
index 439292d034..fbaf87fa7f 100644
--- a/web/src/test/java/org/springframework/security/web/reactive/result/view/CsrfRequestDataValueProcessorTests.java
+++ b/web/src/test/java/org/springframework/security/web/reactive/result/view/CsrfRequestDataValueProcessorTests.java
@@ -31,7 +31,6 @@ import org.springframework.security.web.server.csrf.DefaultCsrfToken;
 import org.springframework.util.ReflectionUtils;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.springframework.security.web.reactive.result.view.CsrfRequestDataValueProcessor.DEFAULT_CSRF_ATTR_NAME;
 
 /**
  * @author Rob Winch
@@ -50,7 +49,7 @@ public class CsrfRequestDataValueProcessorTests {
 	@Before
 	public void setup() {
 		this.expected.put(this.token.getParameterName(), this.token.getToken());
-		this.exchange.getAttributes().put(DEFAULT_CSRF_ATTR_NAME, this.token);
+		this.exchange.getAttributes().put(CsrfRequestDataValueProcessor.DEFAULT_CSRF_ATTR_NAME, this.token);
 	}
 
 	@Test
@@ -120,7 +119,7 @@ public class CsrfRequestDataValueProcessorTests {
 	@Test
 	public void createGetExtraHiddenFieldsHasCsrfToken() {
 		CsrfToken token = new DefaultCsrfToken("1", "a", "b");
-		this.exchange.getAttributes().put(DEFAULT_CSRF_ATTR_NAME, token);
+		this.exchange.getAttributes().put(CsrfRequestDataValueProcessor.DEFAULT_CSRF_ATTR_NAME, token);
 		Map<String, String> expected = new HashMap<>();
 		expected.put(token.getParameterName(), token.getToken());
 
diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/SwitchUserWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/SwitchUserWebFilterTests.java
index aad5b64049..7a4325920d 100644
--- a/web/src/test/java/org/springframework/security/web/server/authentication/SwitchUserWebFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authentication/SwitchUserWebFilterTests.java
@@ -39,6 +39,7 @@ import org.springframework.security.authentication.UsernamePasswordAuthenticatio
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.context.ReactiveSecurityContextHolder;
 import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.core.context.SecurityContextImpl;
 import org.springframework.security.core.userdetails.ReactiveUserDetailsService;
@@ -61,8 +62,6 @@ import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.verifyNoInteractions;
-import static org.springframework.security.core.context.ReactiveSecurityContextHolder.withSecurityContext;
-import static org.springframework.security.web.server.authentication.SwitchUserWebFilter.ROLE_PREVIOUS_ADMINISTRATOR;
 
 /**
  * @author Artur Otrzonsek
@@ -136,7 +135,8 @@ public class SwitchUserWebFilterTests {
 
 		// when
 		this.switchUserWebFilter.filter(exchange, chain)
-				.subscriberContext(withSecurityContext(Mono.just(securityContext))).block();
+				.subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(securityContext)))
+				.block();
 
 		// then
 		verifyNoInteractions(chain);
@@ -156,7 +156,7 @@ public class SwitchUserWebFilterTests {
 		assertThat(switchUserAuthentication.getName()).isEqualTo(targetUsername);
 		assertThat(switchUserAuthentication.getAuthorities()).anyMatch(SwitchUserGrantedAuthority.class::isInstance);
 		assertThat(switchUserAuthentication.getAuthorities())
-				.anyMatch((a) -> a.getAuthority().contains(ROLE_PREVIOUS_ADMINISTRATOR));
+				.anyMatch((a) -> a.getAuthority().contains(SwitchUserWebFilter.ROLE_PREVIOUS_ADMINISTRATOR));
 		assertThat(
 				switchUserAuthentication.getAuthorities().stream().filter(a -> a instanceof SwitchUserGrantedAuthority)
 						.map(a -> ((SwitchUserGrantedAuthority) a).getSource()).map(Principal::getName))
@@ -169,8 +169,8 @@ public class SwitchUserWebFilterTests {
 		final Authentication originalAuthentication = new UsernamePasswordAuthenticationToken("origPrincipal",
 				"origCredentials");
 
-		final GrantedAuthority switchAuthority = new SwitchUserGrantedAuthority(ROLE_PREVIOUS_ADMINISTRATOR,
-				originalAuthentication);
+		final GrantedAuthority switchAuthority = new SwitchUserGrantedAuthority(
+				SwitchUserWebFilter.ROLE_PREVIOUS_ADMINISTRATOR, originalAuthentication);
 		final Authentication switchUserAuthentication = new UsernamePasswordAuthenticationToken("switchPrincipal",
 				"switchCredentials", Collections.singleton(switchAuthority));
 
@@ -191,7 +191,8 @@ public class SwitchUserWebFilterTests {
 
 		// when
 		this.switchUserWebFilter.filter(exchange, chain)
-				.subscriberContext(withSecurityContext(Mono.just(securityContext))).block();
+				.subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(securityContext)))
+				.block();
 
 		// then
 		final ArgumentCaptor<Authentication> authenticationCaptor = ArgumentCaptor.forClass(Authentication.class);
@@ -221,7 +222,8 @@ public class SwitchUserWebFilterTests {
 
 		// when
 		this.switchUserWebFilter.filter(exchange, chain)
-				.subscriberContext(withSecurityContext(Mono.just(securityContext))).block();
+				.subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(securityContext)))
+				.block();
 		verifyNoInteractions(chain);
 	}
 
@@ -241,7 +243,8 @@ public class SwitchUserWebFilterTests {
 
 		// when
 		this.switchUserWebFilter.filter(exchange, chain)
-				.subscriberContext(withSecurityContext(Mono.just(securityContext))).block();
+				.subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(securityContext)))
+				.block();
 
 		verify(this.failureHandler).onAuthenticationFailure(any(WebFilterExchange.class), any(DisabledException.class));
 		verifyNoInteractions(chain);
@@ -266,7 +269,8 @@ public class SwitchUserWebFilterTests {
 
 		// when then
 		this.switchUserWebFilter.filter(exchange, chain)
-				.subscriberContext(withSecurityContext(Mono.just(securityContext))).block();
+				.subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(securityContext)))
+				.block();
 		verifyNoInteractions(chain);
 	}
 
@@ -279,8 +283,8 @@ public class SwitchUserWebFilterTests {
 		final Authentication originalAuthentication = new UsernamePasswordAuthenticationToken("origPrincipal",
 				"origCredentials");
 
-		final GrantedAuthority switchAuthority = new SwitchUserGrantedAuthority(ROLE_PREVIOUS_ADMINISTRATOR,
-				originalAuthentication);
+		final GrantedAuthority switchAuthority = new SwitchUserGrantedAuthority(
+				SwitchUserWebFilter.ROLE_PREVIOUS_ADMINISTRATOR, originalAuthentication);
 		final Authentication switchUserAuthentication = new UsernamePasswordAuthenticationToken("switchPrincipal",
 				"switchCredentials", Collections.singleton(switchAuthority));
 
@@ -294,7 +298,8 @@ public class SwitchUserWebFilterTests {
 
 		// when
 		this.switchUserWebFilter.filter(exchange, chain)
-				.subscriberContext(withSecurityContext(Mono.just(securityContext))).block();
+				.subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(securityContext)))
+				.block();
 
 		// then
 		final ArgumentCaptor<SecurityContext> securityContextCaptor = ArgumentCaptor.forClass(SecurityContext.class);
@@ -329,7 +334,8 @@ public class SwitchUserWebFilterTests {
 
 		// when then
 		this.switchUserWebFilter.filter(exchange, chain)
-				.subscriberContext(withSecurityContext(Mono.just(securityContext))).block();
+				.subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(securityContext)))
+				.block();
 		verifyNoInteractions(chain);
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/server/authorization/ServerWebExchangeDelegatingServerAccessDeniedHandlerTests.java b/web/src/test/java/org/springframework/security/web/server/authorization/ServerWebExchangeDelegatingServerAccessDeniedHandlerTests.java
index da71f648a6..0467943bf2 100644
--- a/web/src/test/java/org/springframework/security/web/server/authorization/ServerWebExchangeDelegatingServerAccessDeniedHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authorization/ServerWebExchangeDelegatingServerAccessDeniedHandlerTests.java
@@ -25,14 +25,13 @@ import reactor.core.publisher.Mono;
 
 import org.springframework.security.web.server.authorization.ServerWebExchangeDelegatingServerAccessDeniedHandler.DelegateEntry;
 import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher;
+import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher.MatchResult;
 import org.springframework.web.server.ServerWebExchange;
 
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.never;
 import static org.mockito.Mockito.verify;
-import static org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher.MatchResult.match;
-import static org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher.MatchResult.notMatch;
 
 public class ServerWebExchangeDelegatingServerAccessDeniedHandlerTests {
 
@@ -55,7 +54,7 @@ public class ServerWebExchangeDelegatingServerAccessDeniedHandlerTests {
 	public void handleWhenNothingMatchesThenOnlyDefaultHandlerInvoked() {
 		ServerAccessDeniedHandler handler = mock(ServerAccessDeniedHandler.class);
 		ServerWebExchangeMatcher matcher = mock(ServerWebExchangeMatcher.class);
-		given(matcher.matches(this.exchange)).willReturn(notMatch());
+		given(matcher.matches(this.exchange)).willReturn(MatchResult.notMatch());
 		given(handler.handle(this.exchange, null)).willReturn(Mono.empty());
 		given(this.accessDeniedHandler.handle(this.exchange, null)).willReturn(Mono.empty());
 
@@ -75,7 +74,7 @@ public class ServerWebExchangeDelegatingServerAccessDeniedHandlerTests {
 		ServerWebExchangeMatcher firstMatcher = mock(ServerWebExchangeMatcher.class);
 		ServerAccessDeniedHandler secondHandler = mock(ServerAccessDeniedHandler.class);
 		ServerWebExchangeMatcher secondMatcher = mock(ServerWebExchangeMatcher.class);
-		given(firstMatcher.matches(this.exchange)).willReturn(match());
+		given(firstMatcher.matches(this.exchange)).willReturn(MatchResult.match());
 		given(firstHandler.handle(this.exchange, null)).willReturn(Mono.empty());
 		given(secondHandler.handle(this.exchange, null)).willReturn(Mono.empty());
 
@@ -98,8 +97,8 @@ public class ServerWebExchangeDelegatingServerAccessDeniedHandlerTests {
 		ServerWebExchangeMatcher firstMatcher = mock(ServerWebExchangeMatcher.class);
 		ServerAccessDeniedHandler secondHandler = mock(ServerAccessDeniedHandler.class);
 		ServerWebExchangeMatcher secondMatcher = mock(ServerWebExchangeMatcher.class);
-		given(firstMatcher.matches(this.exchange)).willReturn(notMatch());
-		given(secondMatcher.matches(this.exchange)).willReturn(match());
+		given(firstMatcher.matches(this.exchange)).willReturn(MatchResult.notMatch());
+		given(secondMatcher.matches(this.exchange)).willReturn(MatchResult.match());
 		given(firstHandler.handle(this.exchange, null)).willReturn(Mono.empty());
 		given(secondHandler.handle(this.exchange, null)).willReturn(Mono.empty());
 
diff --git a/web/src/test/java/org/springframework/security/web/server/csrf/CsrfWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/csrf/CsrfWebFilterTests.java
index d301f227e2..564a3d2e62 100644
--- a/web/src/test/java/org/springframework/security/web/server/csrf/CsrfWebFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/csrf/CsrfWebFilterTests.java
@@ -33,18 +33,16 @@ import org.springframework.security.web.server.util.matcher.ServerWebExchangeMat
 import org.springframework.test.web.reactive.server.WebTestClient;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.reactive.function.BodyInserters;
 import org.springframework.web.server.ServerWebExchange;
 import org.springframework.web.server.WebFilterChain;
 import org.springframework.web.server.WebSession;
 
-import static org.assertj.core.api.AssertionsForClassTypes.assertThat;
-import static org.assertj.core.api.AssertionsForInterfaceTypes.assertThat;
+import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verifyZeroInteractions;
-import static org.springframework.mock.web.server.MockServerWebExchange.from;
-import static org.springframework.web.reactive.function.BodyInserters.fromMultipartData;
 
 /**
  * @author Rob Winch
@@ -64,9 +62,9 @@ public class CsrfWebFilterTests {
 
 	private CsrfWebFilter csrfFilter = new CsrfWebFilter();
 
-	private MockServerWebExchange get = from(MockServerHttpRequest.get("/"));
+	private MockServerWebExchange get = MockServerWebExchange.from(MockServerHttpRequest.get("/"));
 
-	private ServerWebExchange post = from(MockServerHttpRequest.post("/"));
+	private ServerWebExchange post = MockServerWebExchange.from(MockServerHttpRequest.post("/"));
 
 	@Test
 	public void filterWhenGetThenSessionNotCreatedAndChainContinues() {
@@ -108,7 +106,7 @@ public class CsrfWebFilterTests {
 	public void filterWhenPostAndEstablishedCsrfTokenAndRequestParamInvalidTokenThenCsrfException() {
 		this.csrfFilter.setCsrfTokenRepository(this.repository);
 		given(this.repository.loadToken(any())).willReturn(Mono.just(this.token));
-		this.post = from(MockServerHttpRequest.post("/")
+		this.post = MockServerWebExchange.from(MockServerHttpRequest.post("/")
 				.body(this.token.getParameterName() + "=" + this.token.getToken() + "INVALID"));
 
 		Mono<Void> result = this.csrfFilter.filter(this.post, this.chain);
@@ -126,8 +124,9 @@ public class CsrfWebFilterTests {
 		this.csrfFilter.setCsrfTokenRepository(this.repository);
 		given(this.repository.loadToken(any())).willReturn(Mono.just(this.token));
 		given(this.repository.generateToken(any())).willReturn(Mono.just(this.token));
-		this.post = from(MockServerHttpRequest.post("/").contentType(MediaType.APPLICATION_FORM_URLENCODED)
-				.body(this.token.getParameterName() + "=" + this.token.getToken()));
+		this.post = MockServerWebExchange
+				.from(MockServerHttpRequest.post("/").contentType(MediaType.APPLICATION_FORM_URLENCODED)
+						.body(this.token.getParameterName() + "=" + this.token.getToken()));
 
 		Mono<Void> result = this.csrfFilter.filter(this.post, this.chain);
 
@@ -140,7 +139,7 @@ public class CsrfWebFilterTests {
 	public void filterWhenPostAndEstablishedCsrfTokenAndHeaderInvalidTokenThenCsrfException() {
 		this.csrfFilter.setCsrfTokenRepository(this.repository);
 		given(this.repository.loadToken(any())).willReturn(Mono.just(this.token));
-		this.post = from(
+		this.post = MockServerWebExchange.from(
 				MockServerHttpRequest.post("/").header(this.token.getHeaderName(), this.token.getToken() + "INVALID"));
 
 		Mono<Void> result = this.csrfFilter.filter(this.post, this.chain);
@@ -158,7 +157,8 @@ public class CsrfWebFilterTests {
 		this.csrfFilter.setCsrfTokenRepository(this.repository);
 		given(this.repository.loadToken(any())).willReturn(Mono.just(this.token));
 		given(this.repository.generateToken(any())).willReturn(Mono.just(this.token));
-		this.post = from(MockServerHttpRequest.post("/").header(this.token.getHeaderName(), this.token.getToken()));
+		this.post = MockServerWebExchange
+				.from(MockServerHttpRequest.post("/").header(this.token.getHeaderName(), this.token.getToken()));
 
 		Mono<Void> result = this.csrfFilter.filter(this.post, this.chain);
 
@@ -170,8 +170,8 @@ public class CsrfWebFilterTests {
 	@Test
 	// gh-8452
 	public void matchesRequireCsrfProtectionWhenNonStandardHTTPMethodIsUsed() {
-		MockServerWebExchange nonStandardHttpExchange = from(
-				MockServerHttpRequest.method("non-standard-http-method", "/"));
+		MockServerWebExchange nonStandardHttpExchange = MockServerWebExchange
+				.from(MockServerHttpRequest.method("non-standard-http-method", "/"));
 
 		ServerWebExchangeMatcher serverWebExchangeMatcher = CsrfWebFilter.DEFAULT_CSRF_MATCHER;
 		assertThat(serverWebExchangeMatcher.matches(nonStandardHttpExchange).map(MatchResult::isMatch).block())
@@ -186,7 +186,7 @@ public class CsrfWebFilterTests {
 		ServerWebExchangeMatcher matcher = mock(ServerWebExchangeMatcher.class);
 		this.csrfFilter.setRequireCsrfProtectionMatcher(matcher);
 
-		MockServerWebExchange exchange = from(MockServerHttpRequest.post("/post").build());
+		MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.post("/post").build());
 		CsrfWebFilter.skipExchange(exchange);
 		this.csrfFilter.filter(exchange, this.chain).block();
 
@@ -201,8 +201,8 @@ public class CsrfWebFilterTests {
 		WebTestClient client = WebTestClient.bindToController(new OkController()).webFilter(this.csrfFilter).build();
 
 		client.post().uri("/").contentType(MediaType.MULTIPART_FORM_DATA)
-				.body(fromMultipartData(this.token.getParameterName(), this.token.getToken())).exchange().expectStatus()
-				.isForbidden();
+				.body(BodyInserters.fromMultipartData(this.token.getParameterName(), this.token.getToken())).exchange()
+				.expectStatus().isForbidden();
 	}
 
 	@Test
@@ -215,8 +215,8 @@ public class CsrfWebFilterTests {
 		WebTestClient client = WebTestClient.bindToController(new OkController()).webFilter(this.csrfFilter).build();
 
 		client.post().uri("/").contentType(MediaType.MULTIPART_FORM_DATA)
-				.body(fromMultipartData(this.token.getParameterName(), this.token.getToken())).exchange().expectStatus()
-				.is2xxSuccessful();
+				.body(BodyInserters.fromMultipartData(this.token.getParameterName(), this.token.getToken())).exchange()
+				.expectStatus().is2xxSuccessful();
 	}
 
 	@Test
diff --git a/web/src/test/java/org/springframework/security/web/server/util/matcher/ServerWebExchangeMatchersTests.java b/web/src/test/java/org/springframework/security/web/server/util/matcher/ServerWebExchangeMatchersTests.java
index 938af60bfd..80f9430b94 100644
--- a/web/src/test/java/org/springframework/security/web/server/util/matcher/ServerWebExchangeMatchersTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/util/matcher/ServerWebExchangeMatchersTests.java
@@ -26,8 +26,6 @@ import org.springframework.web.server.ServerWebExchange;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verifyZeroInteractions;
-import static org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers.anyExchange;
-import static org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers.pathMatchers;
 
 /**
  * @author Rob Winch
@@ -39,7 +37,7 @@ public class ServerWebExchangeMatchersTests {
 
 	@Test
 	public void pathMatchersWhenSingleAndSamePatternThenMatches() {
-		assertThat(pathMatchers("/").matches(this.exchange).block().isMatch()).isTrue();
+		assertThat(ServerWebExchangeMatchers.pathMatchers("/").matches(this.exchange).block().isMatch()).isTrue();
 	}
 
 	@Test
@@ -57,19 +55,21 @@ public class ServerWebExchangeMatchersTests {
 
 	@Test
 	public void pathMatchersWhenSingleAndDifferentPatternThenDoesNotMatch() {
-		assertThat(pathMatchers("/foobar").matches(this.exchange).block().isMatch()).isFalse();
+		assertThat(ServerWebExchangeMatchers.pathMatchers("/foobar").matches(this.exchange).block().isMatch())
+				.isFalse();
 	}
 
 	@Test
 	public void pathMatchersWhenMultiThenMatches() {
-		assertThat(pathMatchers("/foobar", "/").matches(this.exchange).block().isMatch()).isTrue();
+		assertThat(ServerWebExchangeMatchers.pathMatchers("/foobar", "/").matches(this.exchange).block().isMatch())
+				.isTrue();
 	}
 
 	@Test
 	public void anyExchangeWhenMockThenMatches() {
 		ServerWebExchange mockExchange = mock(ServerWebExchange.class);
 
-		assertThat(anyExchange().matches(mockExchange).block().isMatch()).isTrue();
+		assertThat(ServerWebExchangeMatchers.anyExchange().matches(mockExchange).block().isMatch()).isTrue();
 
 		verifyZeroInteractions(mockExchange);
 	}
@@ -83,7 +83,7 @@ public class ServerWebExchangeMatchersTests {
 	 */
 	@Test
 	public void anyExchangeWhenTwoCreatedThenDifferentToPreventIssuesInMap() {
-		assertThat(anyExchange()).isNotEqualTo(anyExchange());
+		assertThat(ServerWebExchangeMatchers.anyExchange()).isNotEqualTo(ServerWebExchangeMatchers.anyExchange());
 	}
 
 }
diff --git a/web/src/test/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestFilterTests.java b/web/src/test/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestFilterTests.java
index c491112085..8721b35d2e 100644
--- a/web/src/test/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestFilterTests.java
@@ -55,12 +55,12 @@ import static org.assertj.core.api.Assertions.fail;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyString;
 import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.BDDMockito.given;
+import static org.mockito.BDDMockito.willThrow;
+import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
-import static org.powermock.api.mockito.PowerMockito.doThrow;
-import static org.powermock.api.mockito.PowerMockito.mock;
-import static org.powermock.api.mockito.PowerMockito.verifyZeroInteractions;
-import static org.powermock.api.mockito.PowerMockito.when;
+import static org.mockito.Mockito.verifyZeroInteractions;
 
 /**
  * Tests {@link SecurityContextHolderAwareRequestFilter}.
@@ -159,7 +159,7 @@ public class SecurityContextHolderAwareRequestFilterTests {
 
 	@Test
 	public void authenticateNullEntryPointTrue() throws Exception {
-		when(this.request.authenticate(this.response)).thenReturn(true);
+		given(this.request.authenticate(this.response)).willReturn(true);
 		this.filter.setAuthenticationEntryPoint(null);
 		this.filter.afterPropertiesSet();
 
@@ -171,8 +171,8 @@ public class SecurityContextHolderAwareRequestFilterTests {
 	@Test
 	public void login() throws Exception {
 		TestingAuthenticationToken expectedAuth = new TestingAuthenticationToken("user", "password", "ROLE_USER");
-		when(this.authenticationManager.authenticate(any(UsernamePasswordAuthenticationToken.class)))
-				.thenReturn(expectedAuth);
+		given(this.authenticationManager.authenticate(any(UsernamePasswordAuthenticationToken.class)))
+				.willReturn(expectedAuth);
 
 		wrappedRequest().login(expectedAuth.getName(), String.valueOf(expectedAuth.getCredentials()));
 
@@ -185,8 +185,8 @@ public class SecurityContextHolderAwareRequestFilterTests {
 	@Test
 	public void loginWithExistingUser() throws Exception {
 		TestingAuthenticationToken expectedAuth = new TestingAuthenticationToken("user", "password", "ROLE_USER");
-		when(this.authenticationManager.authenticate(any(UsernamePasswordAuthenticationToken.class)))
-				.thenReturn(new TestingAuthenticationToken("newuser", "not be found", "ROLE_USER"));
+		given(this.authenticationManager.authenticate(any(UsernamePasswordAuthenticationToken.class)))
+				.willReturn(new TestingAuthenticationToken("newuser", "not be found", "ROLE_USER"));
 		SecurityContextHolder.getContext().setAuthentication(expectedAuth);
 
 		try {
@@ -203,8 +203,8 @@ public class SecurityContextHolderAwareRequestFilterTests {
 	@Test
 	public void loginFail() throws Exception {
 		AuthenticationException authException = new BadCredentialsException("Invalid");
-		when(this.authenticationManager.authenticate(any(UsernamePasswordAuthenticationToken.class)))
-				.thenThrow(authException);
+		given(this.authenticationManager.authenticate(any(UsernamePasswordAuthenticationToken.class)))
+				.willThrow(authException);
 
 		try {
 			wrappedRequest().login("invalid", "credentials");
@@ -241,7 +241,7 @@ public class SecurityContextHolderAwareRequestFilterTests {
 		String username = "username";
 		String password = "password";
 		ServletException authException = new ServletException("Failed Login");
-		doThrow(authException).when(this.request).login(username, password);
+		willThrow(authException).given(this.request).login(username, password);
 
 		try {
 			wrappedRequest().login(username, password);
@@ -292,7 +292,7 @@ public class SecurityContextHolderAwareRequestFilterTests {
 		context.setAuthentication(expectedAuth);
 		SecurityContextHolder.setContext(context);
 		AsyncContext asyncContext = mock(AsyncContext.class);
-		when(this.request.getAsyncContext()).thenReturn(asyncContext);
+		given(this.request.getAsyncContext()).willReturn(asyncContext);
 		Runnable runnable = () -> {
 		};
 
@@ -314,7 +314,7 @@ public class SecurityContextHolderAwareRequestFilterTests {
 		context.setAuthentication(expectedAuth);
 		SecurityContextHolder.setContext(context);
 		AsyncContext asyncContext = mock(AsyncContext.class);
-		when(this.request.startAsync()).thenReturn(asyncContext);
+		given(this.request.startAsync()).willReturn(asyncContext);
 		Runnable runnable = () -> {
 		};
 
@@ -336,7 +336,7 @@ public class SecurityContextHolderAwareRequestFilterTests {
 		context.setAuthentication(expectedAuth);
 		SecurityContextHolder.setContext(context);
 		AsyncContext asyncContext = mock(AsyncContext.class);
-		when(this.request.startAsync(this.request, this.response)).thenReturn(asyncContext);
+		given(this.request.startAsync(this.request, this.response)).willReturn(asyncContext);
 		Runnable runnable = () -> {
 		};
 

From 8d80166aaf0c4cf0ee43ef3e9e226c585aa52d49 Mon Sep 17 00:00:00 2001
From: Phillip Webb <pwebb@vmware.com>
Date: Tue, 28 Jul 2020 23:53:30 -0700
Subject: [PATCH 38/84] Update exception variable names

Consistently use `ex` for caught exception and `cause` for Exception
constructor arguments.

Issue gh-8945
---
 .../domain/IdentityUnavailableException.java  |  6 +--
 .../acls/domain/ObjectIdentityImpl.java       |  4 +-
 .../security/acls/jdbc/AclClassIdUtils.java   |  8 ++--
 .../acls/jdbc/BasicLookupStrategy.java        | 12 ++---
 .../acls/model/AlreadyExistsException.java    |  6 +--
 .../acls/model/ChildrenExistException.java    |  6 +--
 .../acls/model/NotFoundException.java         |  6 +--
 .../acls/model/UnloadedSidException.java      |  6 +--
 .../security/acls/domain/AclImplTests.java    |  4 +-
 .../acls/jdbc/JdbcMutableAclServiceTests.java |  6 +--
 .../CasAuthenticationProvider.java            |  4 +-
 .../ServiceAuthenticationDetailsSource.java   |  4 +-
 .../AbstractConfiguredSecurityBuilder.java    |  4 +-
 .../LdapAuthenticationProviderConfigurer.java |  2 +-
 ...utowireBeanFactoryObjectPostProcessor.java |  4 +-
 .../GlobalMethodSecurityConfiguration.java    |  6 +--
 .../annotation/web/builders/WebSecurity.java  |  8 ++--
 .../SecurityReactorContextConfiguration.java  |  4 +-
 .../configurers/RequestCacheConfigurer.java   |  2 +-
 .../SessionManagementConfigurer.java          |  2 +-
 .../OAuth2ResourceServerConfigurer.java       |  2 +-
 .../saml2/Saml2LoginConfigurer.java           |  2 +-
 ...urityWebSocketMessageBrokerConfigurer.java |  2 +-
 .../AuthenticationManagerFactoryBean.java     |  6 +--
 .../UserServiceBeanDefinitionParser.java      |  2 +-
 .../RsaKeyConversionServicePostProcessor.java |  8 ++--
 .../http/DefaultFilterChainValidator.java     | 10 ++--
 .../http/HeadersBeanDefinitionParser.java     |  4 +-
 ...th2ResourceServerBeanDefinitionParser.java |  2 +-
 .../ContextSourceSettingPostProcessor.java    |  4 +-
 .../ldap/LdapServerBeanDefinitionParser.java  |  2 +-
 ...balMethodSecurityBeanDefinitionParser.java |  6 +--
 .../method/ProtectPointcutPostProcessor.java  |  4 +-
 .../config/web/server/ServerHttpSecurity.java |  4 +-
 .../config/InvalidConfigurationTests.java     | 12 ++---
 ...lobalMethodSecurityConfigurationTests.java |  2 +-
 .../configurers/NamespaceHttpX509Tests.java   |  8 ++--
 .../ServletApiConfigurerTests.java            |  4 +-
 .../web/configurers/X509ConfigurerTests.java  |  4 +-
 .../saml2/Saml2LoginConfigurerTests.java      |  4 +-
 .../saml2/TestSaml2Credentials.java           |  4 +-
 .../security/config/doc/XmlParser.java        |  4 +-
 .../http/SessionManagementConfigTests.java    |  4 +-
 .../config/test/SpringTestContext.java        |  2 +-
 .../server/OAuth2ResourceServerSpecTests.java |  4 +-
 .../web/server/ServerHttpSecurityTests.java   |  2 +-
 .../access/AccessDeniedException.java         |  6 +--
 .../access/AuthorizationServiceException.java |  6 +--
 .../access/expression/ExpressionUtils.java    |  5 +-
 ...essionBasedAnnotationAttributeFactory.java |  8 ++--
 .../AccountExpiredException.java              |  6 +--
 .../AccountStatusException.java               |  4 +-
 ...nticationCredentialsNotFoundException.java |  6 +--
 .../AuthenticationServiceException.java       |  6 +--
 .../BadCredentialsException.java              |  6 +--
 .../CredentialsExpiredException.java          |  6 +--
 .../DefaultAuthenticationEventPublisher.java  |  6 +--
 .../authentication/DisabledException.java     |  6 +--
 .../InsufficientAuthenticationException.java  |  6 +--
 .../authentication/LockedException.java       |  6 +--
 .../authentication/ProviderManager.java       | 18 +++----
 .../AbstractJaasAuthenticationProvider.java   |  4 +-
 .../jaas/DefaultLoginExceptionResolver.java   |  4 +-
 .../jaas/JaasAuthenticationProvider.java      |  2 +-
 .../jaas/LoginExceptionResolver.java          |  4 +-
 .../security/converter/RsaKeyConverters.java  | 12 ++---
 .../core/AuthenticationException.java         |  6 +--
 .../core/SpringSecurityCoreVersion.java       |  2 +-
 .../core/token/Sha512DigestUtils.java         |  4 +-
 .../UsernameNotFoundException.java            |  6 +--
 .../jackson2/SecurityJackson2Modules.java     |  4 +-
 .../security/util/MethodInvocationUtils.java  |  2 +-
 .../RoleHierarchyImplTests.java               | 12 ++---
 .../authentication/ProviderManagerTests.java  | 16 +++----
 .../jaas/JaasAuthenticationProviderTests.java |  8 ++--
 .../jaas/SecurityContextLoginModuleTests.java |  4 +-
 .../authentication/jaas/TestLoginModule.java  |  4 +-
 .../KeyBasedPersistenceTokenServiceTests.java |  4 +-
 .../crypto/argon2/Argon2PasswordEncoder.java  |  4 +-
 .../security/crypto/codec/Base64.java         |  2 +-
 .../security/crypto/codec/Utf8.java           |  8 ++--
 .../BouncyCastleAesCbcBytesEncryptor.java     |  4 +-
 .../BouncyCastleAesGcmBytesEncryptor.java     |  4 +-
 .../security/crypto/encrypt/CipherUtils.java  | 36 +++++++-------
 .../security/crypto/password/Digester.java    |  4 +-
 .../password/LdapShaPasswordEncoder.java      |  2 +-
 .../password/Pbkdf2PasswordEncoder.java       |  8 ++--
 .../crypto/encrypt/CryptoAssumptions.java     |  8 ++--
 .../reactive/oauth2/resource-server.adoc      | 10 ++--
 .../exception-translation-filter.adoc         |  4 +-
 .../servlet/integrations/servlet-api.adoc     | 10 ++--
 .../servlet/oauth2/oauth2-resourceserver.adoc | 14 +++---
 etc/checkstyle/checkstyle-suppressions.xml    |  1 -
 .../PythonInterpreterPreInvocationAdvice.java |  4 +-
 ...faultSpringSecurityContextSourceTests.java |  2 +-
 .../ldap/server/ApacheDSContainerTests.java   | 20 ++++----
 .../server/UnboundIdContainerLdifTests.java   | 12 ++---
 .../security/ldap/LdapUtils.java              | 12 ++---
 .../ldap/SpringSecurityLdapTemplate.java      |  6 +--
 .../authentication/BindAuthenticator.java     | 14 +++---
 ...veDirectoryLdapAuthenticationProvider.java | 20 ++++----
 .../PasswordPolicyControlExtractor.java       |  4 +-
 .../PasswordPolicyResponseControl.java        |  8 ++--
 .../ldap/server/ApacheDSContainer.java        | 48 ++++++++++---------
 .../userdetails/LdapUserDetailsManager.java   |  8 ++--
 ...ectoryLdapAuthenticationProviderTests.java |  8 ++--
 .../SecurityContextChannelInterceptor.java    |  2 +-
 .../JdbcOAuth2AuthorizedClientService.java    |  2 +-
 ...thorizationCodeAuthenticationProvider.java |  2 +-
 ...tionCodeReactiveAuthenticationManager.java |  2 +-
 .../registration/ClientRegistrations.java     | 18 +++----
 ...ultOAuth2AuthorizationRequestResolver.java |  4 +-
 ...verOAuth2AuthorizationRequestResolver.java |  4 +-
 ...zationCodeAuthenticationProviderTests.java |  2 +-
 ...odeReactiveAuthenticationManagerTests.java |  2 +-
 .../JwtDecoderProviderConfigurationUtils.java | 12 ++---
 .../oauth2/jwt/NimbusReactiveJwtDecoder.java  |  8 ++--
 .../oauth2/jwt/ReactiveRemoteJWKSource.java   |  4 +-
 .../security/oauth2/jose/TestKeys.java        | 12 ++---
 .../oauth2/jwt/NimbusJwtDecoderTests.java     |  4 +-
 .../jwt/NimbusReactiveJwtDecoderTests.java    |  4 +-
 ...wtIssuerAuthenticationManagerResolver.java |  4 +-
 ...ReactiveAuthenticationManagerResolver.java |  4 +-
 .../JwtReactiveAuthenticationManager.java     |  8 ++--
 ...queTokenReactiveAuthenticationManager.java |  8 ++--
 ...NimbusReactiveOpaqueTokenIntrospector.java |  4 +-
 .../TestOAuth2AuthenticatedPrincipals.java    |  4 +-
 ...sReactiveOpaqueTokenIntrospectorTests.java |  4 +-
 .../AuthenticationCancelledException.java     |  4 +-
 .../security/openid/OpenID4JavaConsumer.java  | 16 +++----
 .../openid/OpenIDAuthenticationFilter.java    | 16 +++----
 .../openid/OpenIDConsumerException.java       |  4 +-
 .../OpenIDAuthenticationProviderTests.java    |  2 +-
 .../remoting/dns/JndiDnsResolver.java         | 20 ++++----
 ...ntextPropagatingRemoteInvocationTests.java |  2 +-
 .../core/OpenSamlInitializationService.java   |  8 ++--
 .../OpenSamlAuthenticationProvider.java       | 38 +++++++--------
 .../OpenSamlAuthenticationRequestFactory.java | 12 ++---
 .../service/authentication/Saml2Utils.java    |  8 ++--
 .../metadata/OpenSamlMetadataResolver.java    |  6 +--
 ...gistrationBuilderHttpMessageConverter.java |  8 ++--
 .../RelyingPartyRegistrations.java            |  8 ++--
 .../Saml2AuthenticationTokenConverter.java    |  4 +-
 .../security/saml2/core/Saml2Utils.java       |  8 ++--
 .../saml2/core/TestSaml2X509Credentials.java  |  8 ++--
 .../credentials/TestSaml2X509Credentials.java |  8 ++--
 .../OpenSamlAuthenticationProviderTests.java  |  4 +-
 ...SamlAuthenticationRequestFactoryTests.java |  4 +-
 .../authentication/TestOpenSamlObjects.java   | 24 +++++-----
 ...ationBuilderHttpMessageConverterTests.java |  4 +-
 .../Saml2WebSsoAuthenticationFilterTests.java |  6 +--
 .../taglibs/authz/AbstractAuthorizeTag.java   |  6 +--
 .../taglibs/authz/AuthenticationTag.java      |  4 +-
 .../taglibs/authz/JspAuthorizeTag.java        |  8 ++--
 .../taglibs/csrf/AbstractCsrfTag.java         |  4 +-
 .../ReactorContextTestExecutionListener.java  |  4 +-
 ...hSecurityContextTestExecutionListener.java | 10 ++--
 .../security/web/FilterChainProxy.java        |  4 +-
 ...ilterInvocationSecurityMetadataSource.java |  2 +-
 .../authentication/AuthenticationFilter.java  |  4 +-
 ...tractPreAuthenticatedProcessingFilter.java |  4 +-
 .../WebXmlMappableAttributesRetriever.java    |  8 ++--
 .../DefaultWASUsernameAndGroupsExtractor.java | 40 ++++++++--------
 .../AbstractRememberMeServices.java           | 14 +++---
 .../rememberme/JdbcTokenRepositoryImpl.java   |  4 +-
 ...ersistentTokenBasedRememberMeServices.java |  8 ++--
 .../RememberMeAuthenticationException.java    |  6 +--
 .../TokenBasedRememberMeServices.java         |  2 +-
 .../switchuser/SwitchUserFilter.java          |  8 ++--
 .../www/BasicAuthenticationConverter.java     |  2 +-
 .../authentication/www/DigestAuthUtils.java   |  2 +-
 .../www/DigestAuthenticationFilter.java       |  6 +--
 .../www/NonceExpiredException.java            |  6 +--
 .../HttpSessionSecurityContextRepository.java |  2 +-
 .../web/header/writers/HpkpHeaderWriter.java  |  4 +-
 .../web/jaasapi/JaasApiIntegrationFilter.java |  4 +-
 ...egatingServerAuthenticationEntryPoint.java |  4 +-
 .../ServerAuthenticationEntryPoint.java       |  4 +-
 ...erverHttpBasicAuthenticationConverter.java |  2 +-
 ...tpBasicServerAuthenticationEntryPoint.java |  2 +-
 ...edirectServerAuthenticationEntryPoint.java |  2 +-
 .../HttpStatusServerAccessDeniedHandler.java  |  4 +-
 .../MediaTypeServerWebExchangeMatcher.java    |  4 +-
 .../util/matcher/MvcRequestMatcher.java       |  2 +-
 .../web/session/SessionManagementFilter.java  |  6 +--
 .../util/matcher/AntPathRequestMatcher.java   |  2 +-
 .../web/util/matcher/IpAddressMatcher.java    |  4 +-
 .../util/matcher/MediaTypeRequestMatcher.java |  4 +-
 .../web/util/matcher/RegexRequestMatcher.java |  2 +-
 .../AuthenticationFilterTests.java            |  4 +-
 ...namePasswordAuthenticationFilterTests.java |  2 +-
 ...tusReturningLogoutSuccessHandlerTests.java |  4 +-
 .../Http403ForbiddenEntryPointTests.java      |  4 +-
 .../web/util/ThrowableAnalyzerTests.java      |  6 +--
 194 files changed, 635 insertions(+), 633 deletions(-)

diff --git a/acl/src/main/java/org/springframework/security/acls/domain/IdentityUnavailableException.java b/acl/src/main/java/org/springframework/security/acls/domain/IdentityUnavailableException.java
index 872b36bbf1..ab53988f52 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/IdentityUnavailableException.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/IdentityUnavailableException.java
@@ -34,10 +34,10 @@ public class IdentityUnavailableException extends RuntimeException {
 	 * Constructs an <code>IdentityUnavailableException</code> with the specified message
 	 * and root cause.
 	 * @param msg the detail message
-	 * @param t root cause
+	 * @param cause root cause
 	 */
-	public IdentityUnavailableException(String msg, Throwable t) {
-		super(msg, t);
+	public IdentityUnavailableException(String msg, Throwable cause) {
+		super(msg, cause);
 	}
 
 }
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/ObjectIdentityImpl.java b/acl/src/main/java/org/springframework/security/acls/domain/ObjectIdentityImpl.java
index 727e81ee77..4c64e995e4 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/ObjectIdentityImpl.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/ObjectIdentityImpl.java
@@ -77,8 +77,8 @@ public class ObjectIdentityImpl implements ObjectIdentity {
 			Method method = typeClass.getMethod("getId", new Class[] {});
 			result = method.invoke(object);
 		}
-		catch (Exception e) {
-			throw new IdentityUnavailableException("Could not extract identity from object " + object, e);
+		catch (Exception ex) {
+			throw new IdentityUnavailableException("Could not extract identity from object " + object, ex);
 		}
 
 		Assert.notNull(result, "getId() is required to return a non-null value");
diff --git a/acl/src/main/java/org/springframework/security/acls/jdbc/AclClassIdUtils.java b/acl/src/main/java/org/springframework/security/acls/jdbc/AclClassIdUtils.java
index d8b4ca7555..fc311910cd 100644
--- a/acl/src/main/java/org/springframework/security/acls/jdbc/AclClassIdUtils.java
+++ b/acl/src/main/java/org/springframework/security/acls/jdbc/AclClassIdUtils.java
@@ -85,8 +85,8 @@ class AclClassIdUtils {
 		try {
 			hasClassIdType = classIdTypeFrom(resultSet) != null;
 		}
-		catch (SQLException e) {
-			log.debug("Unable to obtain the class id type", e);
+		catch (SQLException ex) {
+			log.debug("Unable to obtain the class id type", ex);
 		}
 		return hasClassIdType;
 	}
@@ -101,8 +101,8 @@ class AclClassIdUtils {
 			try {
 				targetType = Class.forName(className);
 			}
-			catch (ClassNotFoundException e) {
-				log.debug("Unable to find class id type on classpath", e);
+			catch (ClassNotFoundException ex) {
+				log.debug("Unable to find class id type on classpath", ex);
 			}
 		}
 		return targetType;
diff --git a/acl/src/main/java/org/springframework/security/acls/jdbc/BasicLookupStrategy.java b/acl/src/main/java/org/springframework/security/acls/jdbc/BasicLookupStrategy.java
index 1b89d89c47..2faaeb2ac0 100644
--- a/acl/src/main/java/org/springframework/security/acls/jdbc/BasicLookupStrategy.java
+++ b/acl/src/main/java/org/springframework/security/acls/jdbc/BasicLookupStrategy.java
@@ -194,8 +194,8 @@ public class BasicLookupStrategy implements LookupStrategy {
 		try {
 			return (List<AccessControlEntryImpl>) this.fieldAces.get(acl);
 		}
-		catch (IllegalAccessException e) {
-			throw new IllegalStateException("Could not obtain AclImpl.aces field", e);
+		catch (IllegalAccessException ex) {
+			throw new IllegalStateException("Could not obtain AclImpl.aces field", ex);
 		}
 	}
 
@@ -203,8 +203,8 @@ public class BasicLookupStrategy implements LookupStrategy {
 		try {
 			this.fieldAcl.set(ace, acl);
 		}
-		catch (IllegalAccessException e) {
-			throw new IllegalStateException("Could not or set AclImpl on AccessControlEntryImpl fields", e);
+		catch (IllegalAccessException ex) {
+			throw new IllegalStateException("Could not or set AclImpl on AccessControlEntryImpl fields", ex);
 		}
 	}
 
@@ -212,8 +212,8 @@ public class BasicLookupStrategy implements LookupStrategy {
 		try {
 			this.fieldAces.set(acl, aces);
 		}
-		catch (IllegalAccessException e) {
-			throw new IllegalStateException("Could not set AclImpl entries", e);
+		catch (IllegalAccessException ex) {
+			throw new IllegalStateException("Could not set AclImpl entries", ex);
 		}
 	}
 
diff --git a/acl/src/main/java/org/springframework/security/acls/model/AlreadyExistsException.java b/acl/src/main/java/org/springframework/security/acls/model/AlreadyExistsException.java
index 1646f53e0b..a8b3130f46 100644
--- a/acl/src/main/java/org/springframework/security/acls/model/AlreadyExistsException.java
+++ b/acl/src/main/java/org/springframework/security/acls/model/AlreadyExistsException.java
@@ -34,10 +34,10 @@ public class AlreadyExistsException extends AclDataAccessException {
 	 * Constructs an <code>AlreadyExistsException</code> with the specified message and
 	 * root cause.
 	 * @param msg the detail message
-	 * @param t root cause
+	 * @param cause root cause
 	 */
-	public AlreadyExistsException(String msg, Throwable t) {
-		super(msg, t);
+	public AlreadyExistsException(String msg, Throwable cause) {
+		super(msg, cause);
 	}
 
 }
diff --git a/acl/src/main/java/org/springframework/security/acls/model/ChildrenExistException.java b/acl/src/main/java/org/springframework/security/acls/model/ChildrenExistException.java
index 679112393c..fca77474ff 100644
--- a/acl/src/main/java/org/springframework/security/acls/model/ChildrenExistException.java
+++ b/acl/src/main/java/org/springframework/security/acls/model/ChildrenExistException.java
@@ -34,10 +34,10 @@ public class ChildrenExistException extends AclDataAccessException {
 	 * Constructs an <code>ChildrenExistException</code> with the specified message and
 	 * root cause.
 	 * @param msg the detail message
-	 * @param t root cause
+	 * @param cause root cause
 	 */
-	public ChildrenExistException(String msg, Throwable t) {
-		super(msg, t);
+	public ChildrenExistException(String msg, Throwable cause) {
+		super(msg, cause);
 	}
 
 }
diff --git a/acl/src/main/java/org/springframework/security/acls/model/NotFoundException.java b/acl/src/main/java/org/springframework/security/acls/model/NotFoundException.java
index a77e252126..9f738f7cc2 100644
--- a/acl/src/main/java/org/springframework/security/acls/model/NotFoundException.java
+++ b/acl/src/main/java/org/springframework/security/acls/model/NotFoundException.java
@@ -34,10 +34,10 @@ public class NotFoundException extends AclDataAccessException {
 	 * Constructs an <code>NotFoundException</code> with the specified message and root
 	 * cause.
 	 * @param msg the detail message
-	 * @param t root cause
+	 * @param cause root cause
 	 */
-	public NotFoundException(String msg, Throwable t) {
-		super(msg, t);
+	public NotFoundException(String msg, Throwable cause) {
+		super(msg, cause);
 	}
 
 }
diff --git a/acl/src/main/java/org/springframework/security/acls/model/UnloadedSidException.java b/acl/src/main/java/org/springframework/security/acls/model/UnloadedSidException.java
index 68f68b6c42..fd95557ab2 100644
--- a/acl/src/main/java/org/springframework/security/acls/model/UnloadedSidException.java
+++ b/acl/src/main/java/org/springframework/security/acls/model/UnloadedSidException.java
@@ -36,10 +36,10 @@ public class UnloadedSidException extends AclDataAccessException {
 	 * Constructs an <code>NotFoundException</code> with the specified message and root
 	 * cause.
 	 * @param msg the detail message
-	 * @param t root cause
+	 * @param cause root cause
 	 */
-	public UnloadedSidException(String msg, Throwable t) {
-		super(msg, t);
+	public UnloadedSidException(String msg, Throwable cause) {
+		super(msg, cause);
 	}
 
 }
diff --git a/acl/src/test/java/org/springframework/security/acls/domain/AclImplTests.java b/acl/src/test/java/org/springframework/security/acls/domain/AclImplTests.java
index cb33e618ca..b4647f3ded 100644
--- a/acl/src/test/java/org/springframework/security/acls/domain/AclImplTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/domain/AclImplTests.java
@@ -628,8 +628,8 @@ public class AclImplTests {
 							((AuditableAccessControlEntry) ac).isAuditFailure()));
 				}
 			}
-			catch (IllegalAccessException e) {
-				e.printStackTrace();
+			catch (IllegalAccessException ex) {
+				ex.printStackTrace();
 			}
 
 			return acl;
diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTests.java b/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTests.java
index d0f964ec0d..5a43cd8d54 100644
--- a/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTests.java
@@ -121,9 +121,9 @@ public class JdbcMutableAclServiceTests extends AbstractTransactionalJUnit4Sprin
 			// new DatabaseSeeder(dataSource, new
 			// ClassPathResource("createAclSchemaPostgres.sql"));
 		}
-		catch (Exception e) {
-			e.printStackTrace();
-			throw e;
+		catch (Exception ex) {
+			ex.printStackTrace();
+			throw ex;
 		}
 	}
 
diff --git a/cas/src/main/java/org/springframework/security/cas/authentication/CasAuthenticationProvider.java b/cas/src/main/java/org/springframework/security/cas/authentication/CasAuthenticationProvider.java
index 48eaaeeca6..17ff6d98ec 100644
--- a/cas/src/main/java/org/springframework/security/cas/authentication/CasAuthenticationProvider.java
+++ b/cas/src/main/java/org/springframework/security/cas/authentication/CasAuthenticationProvider.java
@@ -156,8 +156,8 @@ public class CasAuthenticationProvider implements AuthenticationProvider, Initia
 			return new CasAuthenticationToken(this.key, userDetails, authentication.getCredentials(),
 					this.authoritiesMapper.mapAuthorities(userDetails.getAuthorities()), userDetails, assertion);
 		}
-		catch (final TicketValidationException e) {
-			throw new BadCredentialsException(e.getMessage(), e);
+		catch (TicketValidationException ex) {
+			throw new BadCredentialsException(ex.getMessage(), ex);
 		}
 	}
 
diff --git a/cas/src/main/java/org/springframework/security/cas/web/authentication/ServiceAuthenticationDetailsSource.java b/cas/src/main/java/org/springframework/security/cas/web/authentication/ServiceAuthenticationDetailsSource.java
index 336fe142aa..530fae36c3 100644
--- a/cas/src/main/java/org/springframework/security/cas/web/authentication/ServiceAuthenticationDetailsSource.java
+++ b/cas/src/main/java/org/springframework/security/cas/web/authentication/ServiceAuthenticationDetailsSource.java
@@ -74,8 +74,8 @@ public class ServiceAuthenticationDetailsSource
 			return new DefaultServiceAuthenticationDetails(this.serviceProperties.getService(), context,
 					this.artifactPattern);
 		}
-		catch (MalformedURLException e) {
-			throw new RuntimeException(e);
+		catch (MalformedURLException ex) {
+			throw new RuntimeException(ex);
 		}
 	}
 
diff --git a/config/src/main/java/org/springframework/security/config/annotation/AbstractConfiguredSecurityBuilder.java b/config/src/main/java/org/springframework/security/config/annotation/AbstractConfiguredSecurityBuilder.java
index 76f47b51cb..d240639492 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/AbstractConfiguredSecurityBuilder.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/AbstractConfiguredSecurityBuilder.java
@@ -102,8 +102,8 @@ public abstract class AbstractConfiguredSecurityBuilder<O, B extends SecurityBui
 			try {
 				return build();
 			}
-			catch (Exception e) {
-				this.logger.debug("Failed to perform build. Returning null", e);
+			catch (Exception ex) {
+				this.logger.debug("Failed to perform build. Returning null", ex);
 				return null;
 			}
 		}
diff --git a/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/ldap/LdapAuthenticationProviderConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/ldap/LdapAuthenticationProviderConfigurer.java
index 0db78b0c52..69161becf0 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/ldap/LdapAuthenticationProviderConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/ldap/LdapAuthenticationProviderConfigurer.java
@@ -595,7 +595,7 @@ public class LdapAuthenticationProviderConfigurer<B extends ProviderManagerBuild
 			try (ServerSocket serverSocket = new ServerSocket(DEFAULT_PORT)) {
 				return serverSocket.getLocalPort();
 			}
-			catch (IOException e) {
+			catch (IOException ex) {
 				return RANDOM_PORT;
 			}
 		}
diff --git a/config/src/main/java/org/springframework/security/config/annotation/configuration/AutowireBeanFactoryObjectPostProcessor.java b/config/src/main/java/org/springframework/security/config/annotation/configuration/AutowireBeanFactoryObjectPostProcessor.java
index 458715e894..6799a7113f 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/configuration/AutowireBeanFactoryObjectPostProcessor.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/configuration/AutowireBeanFactoryObjectPostProcessor.java
@@ -63,9 +63,9 @@ final class AutowireBeanFactoryObjectPostProcessor
 		try {
 			result = (T) this.autowireBeanFactory.initializeBean(object, object.toString());
 		}
-		catch (RuntimeException e) {
+		catch (RuntimeException ex) {
 			Class<?> type = object.getClass();
-			throw new RuntimeException("Could not postProcess " + object + " of type " + type, e);
+			throw new RuntimeException("Could not postProcess " + object + " of type " + type, ex);
 		}
 		this.autowireBeanFactory.autowireBean(object);
 		if (result instanceof DisposableBean) {
diff --git a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfiguration.java
index 5748ed7773..4b4bf3c503 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfiguration.java
@@ -153,8 +153,8 @@ public class GlobalMethodSecurityConfiguration implements ImportAware, SmartInit
 		try {
 			initializeMethodSecurityInterceptor();
 		}
-		catch (Exception e) {
-			throw new RuntimeException(e);
+		catch (Exception ex) {
+			throw new RuntimeException(ex);
 		}
 
 		PermissionEvaluator permissionEvaluator = getSingleBeanOrNull(PermissionEvaluator.class);
@@ -182,7 +182,7 @@ public class GlobalMethodSecurityConfiguration implements ImportAware, SmartInit
 		try {
 			return this.context.getBean(type);
 		}
-		catch (NoSuchBeanDefinitionException e) {
+		catch (NoSuchBeanDefinitionException ex) {
 		}
 		return null;
 	}
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/builders/WebSecurity.java b/config/src/main/java/org/springframework/security/config/annotation/web/builders/WebSecurity.java
index 1a42d57849..e35182977b 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/builders/WebSecurity.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/builders/WebSecurity.java
@@ -311,26 +311,26 @@ public final class WebSecurity extends AbstractConfiguredSecurityBuilder<Filter,
 		try {
 			this.defaultWebSecurityExpressionHandler.setRoleHierarchy(applicationContext.getBean(RoleHierarchy.class));
 		}
-		catch (NoSuchBeanDefinitionException e) {
+		catch (NoSuchBeanDefinitionException ex) {
 		}
 
 		try {
 			this.defaultWebSecurityExpressionHandler
 					.setPermissionEvaluator(applicationContext.getBean(PermissionEvaluator.class));
 		}
-		catch (NoSuchBeanDefinitionException e) {
+		catch (NoSuchBeanDefinitionException ex) {
 		}
 
 		this.ignoredRequestRegistry = new IgnoredRequestConfigurer(applicationContext);
 		try {
 			this.httpFirewall = applicationContext.getBean(HttpFirewall.class);
 		}
-		catch (NoSuchBeanDefinitionException e) {
+		catch (NoSuchBeanDefinitionException ex) {
 		}
 		try {
 			this.requestRejectedHandler = applicationContext.getBean(RequestRejectedHandler.class);
 		}
-		catch (NoSuchBeanDefinitionException e) {
+		catch (NoSuchBeanDefinitionException ex) {
 		}
 	}
 
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfiguration.java
index 71f00115b3..3de9f90ccb 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfiguration.java
@@ -165,8 +165,8 @@ class SecurityReactorContextConfiguration {
 		}
 
 		@Override
-		public void onError(Throwable t) {
-			this.delegate.onError(t);
+		public void onError(Throwable ex) {
+			this.delegate.onError(ex);
 		}
 
 		@Override
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/RequestCacheConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/RequestCacheConfigurer.java
index b74c57c3ba..71965d88c4 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/RequestCacheConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/RequestCacheConfigurer.java
@@ -136,7 +136,7 @@ public final class RequestCacheConfigurer<H extends HttpSecurityBuilder<H>>
 		try {
 			return context.getBean(type);
 		}
-		catch (NoSuchBeanDefinitionException e) {
+		catch (NoSuchBeanDefinitionException ex) {
 			return null;
 		}
 	}
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurer.java
index c38d6fbc96..12a0fccc89 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurer.java
@@ -560,7 +560,7 @@ public final class SessionManagementConfigurer<H extends HttpSecurityBuilder<H>>
 		try {
 			return context.getBean(type);
 		}
-		catch (NoSuchBeanDefinitionException e) {
+		catch (NoSuchBeanDefinitionException ex) {
 			return null;
 		}
 	}
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurer.java
index e73875032d..2ae3b43bce 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurer.java
@@ -506,7 +506,7 @@ public final class OAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<
 			try {
 				return this.bearerTokenResolver.resolve(request) != null;
 			}
-			catch (OAuth2AuthenticationException e) {
+			catch (OAuth2AuthenticationException ex) {
 				return false;
 			}
 		}
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurer.java
index afdc1d3909..7811cb40e4 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurer.java
@@ -325,7 +325,7 @@ public final class Saml2LoginConfigurer<B extends HttpSecurityBuilder<B>>
 		try {
 			return context.getBean(clazz);
 		}
-		catch (NoSuchBeanDefinitionException e) {
+		catch (NoSuchBeanDefinitionException ex) {
 		}
 		return null;
 	}
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurer.java
index 4e2334e98e..243b26b52a 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurer.java
@@ -119,7 +119,7 @@ public abstract class AbstractSecurityWebSocketMessageBrokerConfigurer extends A
 		try {
 			return this.context.getBean(SimpAnnotationMethodMessageHandler.class).getPathMatcher();
 		}
-		catch (NoSuchBeanDefinitionException e) {
+		catch (NoSuchBeanDefinitionException ex) {
 			return new AntPathMatcher();
 		}
 	}
diff --git a/config/src/main/java/org/springframework/security/config/authentication/AuthenticationManagerFactoryBean.java b/config/src/main/java/org/springframework/security/config/authentication/AuthenticationManagerFactoryBean.java
index 6baac6525a..188ead0fb3 100644
--- a/config/src/main/java/org/springframework/security/config/authentication/AuthenticationManagerFactoryBean.java
+++ b/config/src/main/java/org/springframework/security/config/authentication/AuthenticationManagerFactoryBean.java
@@ -51,9 +51,9 @@ public class AuthenticationManagerFactoryBean implements FactoryBean<Authenticat
 		try {
 			return (AuthenticationManager) this.bf.getBean(BeanIds.AUTHENTICATION_MANAGER);
 		}
-		catch (NoSuchBeanDefinitionException e) {
-			if (!BeanIds.AUTHENTICATION_MANAGER.equals(e.getBeanName())) {
-				throw e;
+		catch (NoSuchBeanDefinitionException ex) {
+			if (!BeanIds.AUTHENTICATION_MANAGER.equals(ex.getBeanName())) {
+				throw ex;
 			}
 
 			UserDetailsService uds = getBeanOrNull(UserDetailsService.class);
diff --git a/config/src/main/java/org/springframework/security/config/authentication/UserServiceBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/authentication/UserServiceBeanDefinitionParser.java
index f6b4a1ca56..4a6bca2951 100644
--- a/config/src/main/java/org/springframework/security/config/authentication/UserServiceBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/authentication/UserServiceBeanDefinitionParser.java
@@ -118,7 +118,7 @@ public class UserServiceBeanDefinitionParser extends AbstractUserDetailsServiceB
 			try {
 				this.random = SecureRandom.getInstance("SHA1PRNG");
 			}
-			catch (NoSuchAlgorithmException e) {
+			catch (NoSuchAlgorithmException ex) {
 				// Shouldn't happen...
 				throw new RuntimeException("Failed find SHA1PRNG algorithm!");
 			}
diff --git a/config/src/main/java/org/springframework/security/config/crypto/RsaKeyConversionServicePostProcessor.java b/config/src/main/java/org/springframework/security/config/crypto/RsaKeyConversionServicePostProcessor.java
index 6b41064c46..1d7892a626 100644
--- a/config/src/main/java/org/springframework/security/config/crypto/RsaKeyConversionServicePostProcessor.java
+++ b/config/src/main/java/org/springframework/security/config/crypto/RsaKeyConversionServicePostProcessor.java
@@ -113,8 +113,8 @@ public class RsaKeyConversionServicePostProcessor implements BeanFactoryPostProc
 		try {
 			return resource.getInputStream();
 		}
-		catch (IOException e) {
-			throw new UncheckedIOException(e);
+		catch (IOException ex) {
+			throw new UncheckedIOException(ex);
 		}
 	}
 
@@ -123,8 +123,8 @@ public class RsaKeyConversionServicePostProcessor implements BeanFactoryPostProc
 			try (InputStream is = inputStream) {
 				return inputStreamKeyConverter.convert(is);
 			}
-			catch (IOException e) {
-				throw new UncheckedIOException(e);
+			catch (IOException ex) {
+				throw new UncheckedIOException(ex);
 			}
 		};
 	}
diff --git a/config/src/main/java/org/springframework/security/config/http/DefaultFilterChainValidator.java b/config/src/main/java/org/springframework/security/config/http/DefaultFilterChainValidator.java
index 2361a5a168..1b587aca6e 100644
--- a/config/src/main/java/org/springframework/security/config/http/DefaultFilterChainValidator.java
+++ b/config/src/main/java/org/springframework/security/config/http/DefaultFilterChainValidator.java
@@ -152,7 +152,7 @@ public class DefaultFilterChainValidator implements FilterChainProxy.FilterChain
 		try {
 			filters = fcp.getFilters(loginPage);
 		}
-		catch (Exception e) {
+		catch (Exception ex) {
 			// May happen legitimately if a filter-chain request matcher requires more
 			// request data than that provided
 			// by the dummy request used when creating the filter invocation.
@@ -196,19 +196,19 @@ public class DefaultFilterChainValidator implements FilterChainProxy.FilterChain
 		try {
 			fsi.getAccessDecisionManager().decide(token, loginRequest, attributes);
 		}
-		catch (AccessDeniedException e) {
+		catch (AccessDeniedException ex) {
 			this.logger
 					.warn("Anonymous access to the login page doesn't appear to be enabled. This is almost certainly "
 							+ "an error. Please check your configuration allows unauthenticated access to the configured "
-							+ "login page. (Simulated access was rejected: " + e + ")");
+							+ "login page. (Simulated access was rejected: " + ex + ")");
 		}
-		catch (Exception e) {
+		catch (Exception ex) {
 			// May happen legitimately if a filter-chain request matcher requires more
 			// request data than that provided
 			// by the dummy request used when creating the filter invocation. See SEC-1878
 			this.logger.info(
 					"Unable to check access to the login page to determine if anonymous access is allowed. This might be an error, but can happen under normal circumstances.",
-					e);
+					ex);
 		}
 	}
 
diff --git a/config/src/main/java/org/springframework/security/config/http/HeadersBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/HeadersBeanDefinitionParser.java
index 1116d171db..d1a4d4c552 100644
--- a/config/src/main/java/org/springframework/security/config/http/HeadersBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/HeadersBeanDefinitionParser.java
@@ -478,9 +478,9 @@ public class HeadersBeanDefinitionParser implements BeanDefinitionParser {
 			try {
 				builder.addConstructorArgValue(new StaticAllowFromStrategy(new URI(value)));
 			}
-			catch (URISyntaxException e) {
+			catch (URISyntaxException ex) {
 				parserContext.getReaderContext().error("'value' attribute doesn't represent a valid URI.", frameElement,
-						e);
+						ex);
 			}
 			return;
 		}
diff --git a/config/src/main/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParser.java
index 5c7358ab73..7d5d9ba6f0 100644
--- a/config/src/main/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParser.java
@@ -363,7 +363,7 @@ final class OAuth2ResourceServerBeanDefinitionParser implements BeanDefinitionPa
 			try {
 				return this.bearerTokenResolver.resolve(request) != null;
 			}
-			catch (OAuth2AuthenticationException e) {
+			catch (OAuth2AuthenticationException ex) {
 				return false;
 			}
 		}
diff --git a/config/src/main/java/org/springframework/security/config/ldap/ContextSourceSettingPostProcessor.java b/config/src/main/java/org/springframework/security/config/ldap/ContextSourceSettingPostProcessor.java
index 33abea6960..08b485ce90 100644
--- a/config/src/main/java/org/springframework/security/config/ldap/ContextSourceSettingPostProcessor.java
+++ b/config/src/main/java/org/springframework/security/config/ldap/ContextSourceSettingPostProcessor.java
@@ -52,10 +52,10 @@ class ContextSourceSettingPostProcessor implements BeanFactoryPostProcessor, Ord
 			contextSourceClass = ClassUtils.forName(REQUIRED_CONTEXT_SOURCE_CLASS_NAME,
 					ClassUtils.getDefaultClassLoader());
 		}
-		catch (ClassNotFoundException e) {
+		catch (ClassNotFoundException ex) {
 			throw new ApplicationContextException("Couldn't locate: " + REQUIRED_CONTEXT_SOURCE_CLASS_NAME + ". "
 					+ " If you are using LDAP with Spring Security, please ensure that you include the spring-ldap "
-					+ "jar file in your application", e);
+					+ "jar file in your application", ex);
 		}
 
 		String[] sources = bf.getBeanNamesForType(contextSourceClass, false, false);
diff --git a/config/src/main/java/org/springframework/security/config/ldap/LdapServerBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/ldap/LdapServerBeanDefinitionParser.java
index 3437a1bb5c..1fa72e1210 100644
--- a/config/src/main/java/org/springframework/security/config/ldap/LdapServerBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/ldap/LdapServerBeanDefinitionParser.java
@@ -221,7 +221,7 @@ public class LdapServerBeanDefinitionParser implements BeanDefinitionParser {
 		try (ServerSocket serverSocket = new ServerSocket(DEFAULT_PORT)) {
 			return String.valueOf(serverSocket.getLocalPort());
 		}
-		catch (IOException e) {
+		catch (IOException ex) {
 			return RANDOM_PORT;
 		}
 	}
diff --git a/config/src/main/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParser.java
index 91439f2d35..e9a1f7c102 100644
--- a/config/src/main/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParser.java
@@ -489,12 +489,12 @@ public class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionP
 					try {
 						this.delegate = this.beanFactory.getBean(this.authMgrBean, AuthenticationManager.class);
 					}
-					catch (NoSuchBeanDefinitionException e) {
-						if (BeanIds.AUTHENTICATION_MANAGER.equals(e.getBeanName())) {
+					catch (NoSuchBeanDefinitionException ex) {
+						if (BeanIds.AUTHENTICATION_MANAGER.equals(ex.getBeanName())) {
 							throw new NoSuchBeanDefinitionException(BeanIds.AUTHENTICATION_MANAGER,
 									AuthenticationManagerFactoryBean.MISSING_BEAN_ERROR_MESSAGE);
 						}
-						throw e;
+						throw ex;
 					}
 				}
 			}
diff --git a/config/src/main/java/org/springframework/security/config/method/ProtectPointcutPostProcessor.java b/config/src/main/java/org/springframework/security/config/method/ProtectPointcutPostProcessor.java
index 7d13361387..add166d3e5 100644
--- a/config/src/main/java/org/springframework/security/config/method/ProtectPointcutPostProcessor.java
+++ b/config/src/main/java/org/springframework/security/config/method/ProtectPointcutPostProcessor.java
@@ -122,8 +122,8 @@ final class ProtectPointcutPostProcessor implements BeanPostProcessor {
 			try {
 				methods = bean.getClass().getMethods();
 			}
-			catch (Exception e) {
-				throw new IllegalStateException(e.getMessage());
+			catch (Exception ex) {
+				throw new IllegalStateException(ex.getMessage());
 			}
 
 			// Check to see if any of those methods are compatible with our pointcut
diff --git a/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java b/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java
index 5d87cbfa9e..8d55920d15 100644
--- a/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java
+++ b/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java
@@ -1426,8 +1426,8 @@ public class ServerHttpSecurity {
 				return writer.toString();
 			}
 		}
-		catch (IOException e) {
-			throw new RuntimeException(e);
+		catch (IOException ex) {
+			throw new RuntimeException(ex);
 		}
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/InvalidConfigurationTests.java b/config/src/test/java/org/springframework/security/config/InvalidConfigurationTests.java
index 7870b89cac..d06229151a 100644
--- a/config/src/test/java/org/springframework/security/config/InvalidConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/InvalidConfigurationTests.java
@@ -62,8 +62,8 @@ public class InvalidConfigurationTests {
 			setContext("<http auto-config='true' />");
 			fail();
 		}
-		catch (BeanCreationException e) {
-			Throwable cause = ultimateCause(e);
+		catch (BeanCreationException ex) {
+			Throwable cause = ultimateCause(ex);
 			assertThat(cause instanceof NoSuchBeanDefinitionException).isTrue();
 			NoSuchBeanDefinitionException nsbe = (NoSuchBeanDefinitionException) cause;
 			assertThat(nsbe.getBeanName()).isEqualTo(BeanIds.AUTHENTICATION_MANAGER);
@@ -71,11 +71,11 @@ public class InvalidConfigurationTests {
 		}
 	}
 
-	private Throwable ultimateCause(Throwable e) {
-		if (e.getCause() == null) {
-			return e;
+	private Throwable ultimateCause(Throwable ex) {
+		if (ex.getCause() == null) {
+			return ex;
 		}
-		return ultimateCause(e.getCause());
+		return ultimateCause(ex.getCause());
 	}
 
 	private void setContext(String context) {
diff --git a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfigurationTests.java
index e2dc8e56bf..22eaa2005a 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfigurationTests.java
@@ -113,7 +113,7 @@ public class GlobalMethodSecurityConfigurationTests {
 		try {
 			this.authenticationManager.authenticate(new UsernamePasswordAuthenticationToken("foo", "bar"));
 		}
-		catch (AuthenticationException e) {
+		catch (AuthenticationException ex) {
 		}
 
 		assertThat(this.events.getEvents()).extracting(Object::getClass)
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpX509Tests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpX509Tests.java
index 74cc76cd4d..f179ec95c5 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpX509Tests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpX509Tests.java
@@ -120,8 +120,8 @@ public class NamespaceHttpX509Tests {
 			CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
 			return (T) certFactory.generateCertificate(is);
 		}
-		catch (Exception e) {
-			throw new IllegalArgumentException(e);
+		catch (Exception ex) {
+			throw new IllegalArgumentException(ex);
 		}
 	}
 
@@ -244,8 +244,8 @@ public class NamespaceHttpX509Tests {
 			try {
 				return ((X500Name) certificate.getSubjectDN()).getCommonName();
 			}
-			catch (Exception e) {
-				throw new IllegalArgumentException(e);
+			catch (Exception ex) {
+				throw new IllegalArgumentException(ex);
 			}
 		}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ServletApiConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ServletApiConfigurerTests.java
index 0850eb24ca..ae3318db30 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ServletApiConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ServletApiConfigurerTests.java
@@ -209,8 +209,8 @@ public class ServletApiConfigurerTests {
 		try {
 			return (T) FieldUtils.getFieldValue(target, fieldName);
 		}
-		catch (Exception e) {
-			throw new RuntimeException(e);
+		catch (Exception ex) {
+			throw new RuntimeException(ex);
 		}
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/X509ConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/X509ConfigurerTests.java
index e497365b44..0de22b0bb0 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/X509ConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/X509ConfigurerTests.java
@@ -94,8 +94,8 @@ public class X509ConfigurerTests {
 			CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
 			return (T) certFactory.generateCertificate(is);
 		}
-		catch (Exception e) {
-			throw new IllegalArgumentException(e);
+		catch (Exception ex) {
+			throw new IllegalArgumentException(ex);
 		}
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurerTests.java
index 4a6223ef00..0205de29b3 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurerTests.java
@@ -256,8 +256,8 @@ public class Saml2LoginConfigurerTests {
 			iout.finish();
 			return new String(out.toByteArray(), StandardCharsets.UTF_8);
 		}
-		catch (IOException e) {
-			throw new Saml2Exception("Unable to inflate string", e);
+		catch (IOException ex) {
+			throw new Saml2Exception("Unable to inflate string", ex);
 		}
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/TestSaml2Credentials.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/TestSaml2Credentials.java
index ddccf53692..fc99869575 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/TestSaml2Credentials.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/TestSaml2Credentials.java
@@ -64,8 +64,8 @@ public class TestSaml2Credentials {
 			return (X509Certificate) factory
 					.generateCertificate(new ByteArrayInputStream(source.getBytes(StandardCharsets.UTF_8)));
 		}
-		catch (Exception e) {
-			throw new IllegalArgumentException(e);
+		catch (Exception ex) {
+			throw new IllegalArgumentException(ex);
 		}
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/doc/XmlParser.java b/config/src/test/java/org/springframework/security/config/doc/XmlParser.java
index bcc90a63b9..263ee0451f 100644
--- a/config/src/test/java/org/springframework/security/config/doc/XmlParser.java
+++ b/config/src/test/java/org/springframework/security/config/doc/XmlParser.java
@@ -42,8 +42,8 @@ public class XmlParser implements AutoCloseable {
 
 			return new XmlNode(dBuilder.parse(this.xml));
 		}
-		catch (IOException | ParserConfigurationException | SAXException e) {
-			throw new IllegalStateException(e);
+		catch (IOException | ParserConfigurationException | SAXException ex) {
+			throw new IllegalStateException(ex);
 		}
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigTests.java b/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigTests.java
index 1abb75a816..b4a7bdc8c7 100644
--- a/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigTests.java
@@ -418,8 +418,8 @@ public class SessionManagementConfigTests {
 		try {
 			return (T) FieldUtils.getFieldValue(target, fieldName);
 		}
-		catch (Exception e) {
-			throw new RuntimeException(e);
+		catch (Exception ex) {
+			throw new RuntimeException(ex);
 		}
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/test/SpringTestContext.java b/config/src/test/java/org/springframework/security/config/test/SpringTestContext.java
index d4f477eb25..9da52a47c7 100644
--- a/config/src/test/java/org/springframework/security/config/test/SpringTestContext.java
+++ b/config/src/test/java/org/springframework/security/config/test/SpringTestContext.java
@@ -65,7 +65,7 @@ public class SpringTestContext implements Closeable {
 		try {
 			this.context.close();
 		}
-		catch (Exception e) {
+		catch (Exception ex) {
 		}
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/web/server/OAuth2ResourceServerSpecTests.java b/config/src/test/java/org/springframework/security/config/web/server/OAuth2ResourceServerSpecTests.java
index eb4940ca2d..3f01bf9d14 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/OAuth2ResourceServerSpecTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/OAuth2ResourceServerSpecTests.java
@@ -447,8 +447,8 @@ public class OAuth2ResourceServerSpecTests {
 			KeyFactory factory = KeyFactory.getInstance("RSA");
 			rsaPublicKey = (RSAPublicKey) factory.generatePublic(spec);
 		}
-		catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
-			e.printStackTrace();
+		catch (NoSuchAlgorithmException | InvalidKeySpecException ex) {
+			ex.printStackTrace();
 		}
 		return rsaPublicKey;
 	}
diff --git a/config/src/test/java/org/springframework/security/config/web/server/ServerHttpSecurityTests.java b/config/src/test/java/org/springframework/security/config/web/server/ServerHttpSecurityTests.java
index 44fe067da9..0769425fd7 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/ServerHttpSecurityTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/ServerHttpSecurityTests.java
@@ -470,7 +470,7 @@ public class ServerHttpSecurityTests {
 			Object converter = ReflectionTestUtils.getField(filter, "authenticationConverter");
 			return converter.getClass().isAssignableFrom(ServerX509AuthenticationConverter.class);
 		}
-		catch (IllegalArgumentException e) {
+		catch (IllegalArgumentException ex) {
 			// field doesn't exist
 			return false;
 		}
diff --git a/core/src/main/java/org/springframework/security/access/AccessDeniedException.java b/core/src/main/java/org/springframework/security/access/AccessDeniedException.java
index 4d703b30c7..3bf6ceac5a 100644
--- a/core/src/main/java/org/springframework/security/access/AccessDeniedException.java
+++ b/core/src/main/java/org/springframework/security/access/AccessDeniedException.java
@@ -36,10 +36,10 @@ public class AccessDeniedException extends RuntimeException {
 	 * Constructs an <code>AccessDeniedException</code> with the specified message and
 	 * root cause.
 	 * @param msg the detail message
-	 * @param t root cause
+	 * @param cause root cause
 	 */
-	public AccessDeniedException(String msg, Throwable t) {
-		super(msg, t);
+	public AccessDeniedException(String msg, Throwable cause) {
+		super(msg, cause);
 	}
 
 }
diff --git a/core/src/main/java/org/springframework/security/access/AuthorizationServiceException.java b/core/src/main/java/org/springframework/security/access/AuthorizationServiceException.java
index 7fe3affa79..6952be563a 100644
--- a/core/src/main/java/org/springframework/security/access/AuthorizationServiceException.java
+++ b/core/src/main/java/org/springframework/security/access/AuthorizationServiceException.java
@@ -39,10 +39,10 @@ public class AuthorizationServiceException extends AccessDeniedException {
 	 * Constructs an <code>AuthorizationServiceException</code> with the specified message
 	 * and root cause.
 	 * @param msg the detail message
-	 * @param t root cause
+	 * @param cause root cause
 	 */
-	public AuthorizationServiceException(String msg, Throwable t) {
-		super(msg, t);
+	public AuthorizationServiceException(String msg, Throwable cause) {
+		super(msg, cause);
 	}
 
 }
diff --git a/core/src/main/java/org/springframework/security/access/expression/ExpressionUtils.java b/core/src/main/java/org/springframework/security/access/expression/ExpressionUtils.java
index 8a3a272eca..235ca28e9a 100644
--- a/core/src/main/java/org/springframework/security/access/expression/ExpressionUtils.java
+++ b/core/src/main/java/org/springframework/security/access/expression/ExpressionUtils.java
@@ -25,8 +25,9 @@ public final class ExpressionUtils {
 		try {
 			return expr.getValue(ctx, Boolean.class);
 		}
-		catch (EvaluationException e) {
-			throw new IllegalArgumentException("Failed to evaluate expression '" + expr.getExpressionString() + "'", e);
+		catch (EvaluationException ex) {
+			throw new IllegalArgumentException("Failed to evaluate expression '" + expr.getExpressionString() + "'",
+					ex);
 		}
 	}
 
diff --git a/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedAnnotationAttributeFactory.java b/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedAnnotationAttributeFactory.java
index ef49f46259..8cef2cec59 100644
--- a/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedAnnotationAttributeFactory.java
+++ b/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedAnnotationAttributeFactory.java
@@ -54,8 +54,8 @@ public class ExpressionBasedAnnotationAttributeFactory implements PrePostInvocat
 					: parser.parseExpression(preFilterAttribute);
 			return new PreInvocationExpressionAttribute(preFilterExpression, filterObject, preAuthorizeExpression);
 		}
-		catch (ParseException e) {
-			throw new IllegalArgumentException("Failed to parse expression '" + e.getExpressionString() + "'", e);
+		catch (ParseException ex) {
+			throw new IllegalArgumentException("Failed to parse expression '" + ex.getExpressionString() + "'", ex);
 		}
 	}
 
@@ -73,8 +73,8 @@ public class ExpressionBasedAnnotationAttributeFactory implements PrePostInvocat
 				return new PostInvocationExpressionAttribute(postFilterExpression, postAuthorizeExpression);
 			}
 		}
-		catch (ParseException e) {
-			throw new IllegalArgumentException("Failed to parse expression '" + e.getExpressionString() + "'", e);
+		catch (ParseException ex) {
+			throw new IllegalArgumentException("Failed to parse expression '" + ex.getExpressionString() + "'", ex);
 		}
 
 		return null;
diff --git a/core/src/main/java/org/springframework/security/authentication/AccountExpiredException.java b/core/src/main/java/org/springframework/security/authentication/AccountExpiredException.java
index b5a3c17062..e8ef659882 100644
--- a/core/src/main/java/org/springframework/security/authentication/AccountExpiredException.java
+++ b/core/src/main/java/org/springframework/security/authentication/AccountExpiredException.java
@@ -36,10 +36,10 @@ public class AccountExpiredException extends AccountStatusException {
 	 * Constructs a <code>AccountExpiredException</code> with the specified message and
 	 * root cause.
 	 * @param msg the detail message
-	 * @param t root cause
+	 * @param cause root cause
 	 */
-	public AccountExpiredException(String msg, Throwable t) {
-		super(msg, t);
+	public AccountExpiredException(String msg, Throwable cause) {
+		super(msg, cause);
 	}
 
 }
diff --git a/core/src/main/java/org/springframework/security/authentication/AccountStatusException.java b/core/src/main/java/org/springframework/security/authentication/AccountStatusException.java
index 56e6daa30b..59c68fe553 100644
--- a/core/src/main/java/org/springframework/security/authentication/AccountStatusException.java
+++ b/core/src/main/java/org/springframework/security/authentication/AccountStatusException.java
@@ -29,8 +29,8 @@ public abstract class AccountStatusException extends AuthenticationException {
 		super(msg);
 	}
 
-	public AccountStatusException(String msg, Throwable t) {
-		super(msg, t);
+	public AccountStatusException(String msg, Throwable cause) {
+		super(msg, cause);
 	}
 
 }
diff --git a/core/src/main/java/org/springframework/security/authentication/AuthenticationCredentialsNotFoundException.java b/core/src/main/java/org/springframework/security/authentication/AuthenticationCredentialsNotFoundException.java
index 7224110fb0..91b5d616d8 100644
--- a/core/src/main/java/org/springframework/security/authentication/AuthenticationCredentialsNotFoundException.java
+++ b/core/src/main/java/org/springframework/security/authentication/AuthenticationCredentialsNotFoundException.java
@@ -41,10 +41,10 @@ public class AuthenticationCredentialsNotFoundException extends AuthenticationEx
 	 * Constructs an <code>AuthenticationCredentialsNotFoundException</code> with the
 	 * specified message and root cause.
 	 * @param msg the detail message
-	 * @param t root cause
+	 * @param cause root cause
 	 */
-	public AuthenticationCredentialsNotFoundException(String msg, Throwable t) {
-		super(msg, t);
+	public AuthenticationCredentialsNotFoundException(String msg, Throwable cause) {
+		super(msg, cause);
 	}
 
 }
diff --git a/core/src/main/java/org/springframework/security/authentication/AuthenticationServiceException.java b/core/src/main/java/org/springframework/security/authentication/AuthenticationServiceException.java
index b87f01d647..69d7233bdf 100644
--- a/core/src/main/java/org/springframework/security/authentication/AuthenticationServiceException.java
+++ b/core/src/main/java/org/springframework/security/authentication/AuthenticationServiceException.java
@@ -42,10 +42,10 @@ public class AuthenticationServiceException extends AuthenticationException {
 	 * Constructs an <code>AuthenticationServiceException</code> with the specified
 	 * message and root cause.
 	 * @param msg the detail message
-	 * @param t root cause
+	 * @param cause root cause
 	 */
-	public AuthenticationServiceException(String msg, Throwable t) {
-		super(msg, t);
+	public AuthenticationServiceException(String msg, Throwable cause) {
+		super(msg, cause);
 	}
 
 }
diff --git a/core/src/main/java/org/springframework/security/authentication/BadCredentialsException.java b/core/src/main/java/org/springframework/security/authentication/BadCredentialsException.java
index 6f8dc3d485..e202ef7b5a 100644
--- a/core/src/main/java/org/springframework/security/authentication/BadCredentialsException.java
+++ b/core/src/main/java/org/springframework/security/authentication/BadCredentialsException.java
@@ -38,10 +38,10 @@ public class BadCredentialsException extends AuthenticationException {
 	 * Constructs a <code>BadCredentialsException</code> with the specified message and
 	 * root cause.
 	 * @param msg the detail message
-	 * @param t root cause
+	 * @param cause root cause
 	 */
-	public BadCredentialsException(String msg, Throwable t) {
-		super(msg, t);
+	public BadCredentialsException(String msg, Throwable cause) {
+		super(msg, cause);
 	}
 
 }
diff --git a/core/src/main/java/org/springframework/security/authentication/CredentialsExpiredException.java b/core/src/main/java/org/springframework/security/authentication/CredentialsExpiredException.java
index 0387996518..8e532169ae 100644
--- a/core/src/main/java/org/springframework/security/authentication/CredentialsExpiredException.java
+++ b/core/src/main/java/org/springframework/security/authentication/CredentialsExpiredException.java
@@ -36,10 +36,10 @@ public class CredentialsExpiredException extends AccountStatusException {
 	 * Constructs a <code>CredentialsExpiredException</code> with the specified message
 	 * and root cause.
 	 * @param msg the detail message
-	 * @param t root cause
+	 * @param cause root cause
 	 */
-	public CredentialsExpiredException(String msg, Throwable t) {
-		super(msg, t);
+	public CredentialsExpiredException(String msg, Throwable cause) {
+		super(msg, cause);
 	}
 
 }
diff --git a/core/src/main/java/org/springframework/security/authentication/DefaultAuthenticationEventPublisher.java b/core/src/main/java/org/springframework/security/authentication/DefaultAuthenticationEventPublisher.java
index 50b5ffffea..6b4a344daa 100644
--- a/core/src/main/java/org/springframework/security/authentication/DefaultAuthenticationEventPublisher.java
+++ b/core/src/main/java/org/springframework/security/authentication/DefaultAuthenticationEventPublisher.java
@@ -155,7 +155,7 @@ public class DefaultAuthenticationEventPublisher
 				Assert.isAssignable(AbstractAuthenticationFailureEvent.class, clazz);
 				addMapping((String) exceptionClass, (Class<? extends AbstractAuthenticationFailureEvent>) clazz);
 			}
-			catch (ClassNotFoundException e) {
+			catch (ClassNotFoundException ex) {
 				throw new RuntimeException("Failed to load authentication event class " + eventClass);
 			}
 		}
@@ -194,7 +194,7 @@ public class DefaultAuthenticationEventPublisher
 			this.defaultAuthenticationFailureEventConstructor = defaultAuthenticationFailureEventClass
 					.getConstructor(Authentication.class, AuthenticationException.class);
 		}
-		catch (NoSuchMethodException e) {
+		catch (NoSuchMethodException ex) {
 			throw new RuntimeException("Default Authentication Failure event class "
 					+ defaultAuthenticationFailureEventClass.getName() + " has no suitable constructor");
 		}
@@ -206,7 +206,7 @@ public class DefaultAuthenticationEventPublisher
 					.getConstructor(Authentication.class, AuthenticationException.class);
 			this.exceptionMappings.put(exceptionClass, constructor);
 		}
-		catch (NoSuchMethodException e) {
+		catch (NoSuchMethodException ex) {
 			throw new RuntimeException(
 					"Authentication event class " + eventClass.getName() + " has no suitable constructor");
 		}
diff --git a/core/src/main/java/org/springframework/security/authentication/DisabledException.java b/core/src/main/java/org/springframework/security/authentication/DisabledException.java
index bb87e72f6f..31a75ce0cc 100644
--- a/core/src/main/java/org/springframework/security/authentication/DisabledException.java
+++ b/core/src/main/java/org/springframework/security/authentication/DisabledException.java
@@ -36,10 +36,10 @@ public class DisabledException extends AccountStatusException {
 	 * Constructs a <code>DisabledException</code> with the specified message and root
 	 * cause.
 	 * @param msg the detail message
-	 * @param t root cause
+	 * @param cause root cause
 	 */
-	public DisabledException(String msg, Throwable t) {
-		super(msg, t);
+	public DisabledException(String msg, Throwable cause) {
+		super(msg, cause);
 	}
 
 }
diff --git a/core/src/main/java/org/springframework/security/authentication/InsufficientAuthenticationException.java b/core/src/main/java/org/springframework/security/authentication/InsufficientAuthenticationException.java
index 34f84ca351..0e072b527a 100644
--- a/core/src/main/java/org/springframework/security/authentication/InsufficientAuthenticationException.java
+++ b/core/src/main/java/org/springframework/security/authentication/InsufficientAuthenticationException.java
@@ -46,10 +46,10 @@ public class InsufficientAuthenticationException extends AuthenticationException
 	 * Constructs an <code>InsufficientAuthenticationException</code> with the specified
 	 * message and root cause.
 	 * @param msg the detail message
-	 * @param t root cause
+	 * @param cause root cause
 	 */
-	public InsufficientAuthenticationException(String msg, Throwable t) {
-		super(msg, t);
+	public InsufficientAuthenticationException(String msg, Throwable cause) {
+		super(msg, cause);
 	}
 
 }
diff --git a/core/src/main/java/org/springframework/security/authentication/LockedException.java b/core/src/main/java/org/springframework/security/authentication/LockedException.java
index f0aa3b5231..9b2272b08f 100644
--- a/core/src/main/java/org/springframework/security/authentication/LockedException.java
+++ b/core/src/main/java/org/springframework/security/authentication/LockedException.java
@@ -36,10 +36,10 @@ public class LockedException extends AccountStatusException {
 	 * Constructs a <code>LockedException</code> with the specified message and root
 	 * cause.
 	 * @param msg the detail message.
-	 * @param t root cause
+	 * @param cause root cause
 	 */
-	public LockedException(String msg, Throwable t) {
-		super(msg, t);
+	public LockedException(String msg, Throwable cause) {
+		super(msg, cause);
 	}
 
 }
diff --git a/core/src/main/java/org/springframework/security/authentication/ProviderManager.java b/core/src/main/java/org/springframework/security/authentication/ProviderManager.java
index d7054dd37d..8d6bcce375 100644
--- a/core/src/main/java/org/springframework/security/authentication/ProviderManager.java
+++ b/core/src/main/java/org/springframework/security/authentication/ProviderManager.java
@@ -188,14 +188,14 @@ public class ProviderManager implements AuthenticationManager, MessageSourceAwar
 					break;
 				}
 			}
-			catch (AccountStatusException | InternalAuthenticationServiceException e) {
-				prepareException(e, authentication);
+			catch (AccountStatusException | InternalAuthenticationServiceException ex) {
+				prepareException(ex, authentication);
 				// SEC-546: Avoid polling additional providers if auth failure is due to
 				// invalid account status
-				throw e;
+				throw ex;
 			}
-			catch (AuthenticationException e) {
-				lastException = e;
+			catch (AuthenticationException ex) {
+				lastException = ex;
 			}
 		}
 
@@ -205,15 +205,15 @@ public class ProviderManager implements AuthenticationManager, MessageSourceAwar
 				parentResult = this.parent.authenticate(authentication);
 				result = parentResult;
 			}
-			catch (ProviderNotFoundException e) {
+			catch (ProviderNotFoundException ex) {
 				// ignore as we will throw below if no other exception occurred prior to
 				// calling parent and the parent
 				// may throw ProviderNotFound even though a provider in the child already
 				// handled the request
 			}
-			catch (AuthenticationException e) {
-				parentException = e;
-				lastException = e;
+			catch (AuthenticationException ex) {
+				parentException = ex;
+				lastException = ex;
 			}
 		}
 
diff --git a/core/src/main/java/org/springframework/security/authentication/jaas/AbstractJaasAuthenticationProvider.java b/core/src/main/java/org/springframework/security/authentication/jaas/AbstractJaasAuthenticationProvider.java
index 9d6e36907d..1b801f22b7 100644
--- a/core/src/main/java/org/springframework/security/authentication/jaas/AbstractJaasAuthenticationProvider.java
+++ b/core/src/main/java/org/springframework/security/authentication/jaas/AbstractJaasAuthenticationProvider.java
@@ -256,8 +256,8 @@ public abstract class AbstractJaasAuthenticationProvider implements Authenticati
 								+ "The LoginContext is unavailable");
 					}
 				}
-				catch (LoginException e) {
-					this.log.warn("Error error logging out of LoginContext", e);
+				catch (LoginException ex) {
+					this.log.warn("Error error logging out of LoginContext", ex);
 				}
 			}
 		}
diff --git a/core/src/main/java/org/springframework/security/authentication/jaas/DefaultLoginExceptionResolver.java b/core/src/main/java/org/springframework/security/authentication/jaas/DefaultLoginExceptionResolver.java
index f106e4f6e7..5b5a261a44 100644
--- a/core/src/main/java/org/springframework/security/authentication/jaas/DefaultLoginExceptionResolver.java
+++ b/core/src/main/java/org/springframework/security/authentication/jaas/DefaultLoginExceptionResolver.java
@@ -30,8 +30,8 @@ import org.springframework.security.core.AuthenticationException;
 public class DefaultLoginExceptionResolver implements LoginExceptionResolver {
 
 	@Override
-	public AuthenticationException resolveException(LoginException e) {
-		return new AuthenticationServiceException(e.getMessage(), e);
+	public AuthenticationException resolveException(LoginException ex) {
+		return new AuthenticationServiceException(ex.getMessage(), ex);
 	}
 
 }
diff --git a/core/src/main/java/org/springframework/security/authentication/jaas/JaasAuthenticationProvider.java b/core/src/main/java/org/springframework/security/authentication/jaas/JaasAuthenticationProvider.java
index b458ddefd4..f5b20e8653 100644
--- a/core/src/main/java/org/springframework/security/authentication/jaas/JaasAuthenticationProvider.java
+++ b/core/src/main/java/org/springframework/security/authentication/jaas/JaasAuthenticationProvider.java
@@ -223,7 +223,7 @@ public class JaasAuthenticationProvider extends AbstractJaasAuthenticationProvid
 
 			return new URL("file", "", loginConfigPath).toString();
 		}
-		catch (IOException e) {
+		catch (IOException ex) {
 			// SEC-1700: May be inside a jar
 			return this.loginConfig.getURL().toString();
 		}
diff --git a/core/src/main/java/org/springframework/security/authentication/jaas/LoginExceptionResolver.java b/core/src/main/java/org/springframework/security/authentication/jaas/LoginExceptionResolver.java
index e086ef35a0..cdaaed8dfa 100644
--- a/core/src/main/java/org/springframework/security/authentication/jaas/LoginExceptionResolver.java
+++ b/core/src/main/java/org/springframework/security/authentication/jaas/LoginExceptionResolver.java
@@ -34,10 +34,10 @@ public interface LoginExceptionResolver {
 
 	/**
 	 * Translates a Jaas LoginException to an SpringSecurityException.
-	 * @param e The LoginException thrown by the configured LoginModule.
+	 * @param ex The LoginException thrown by the configured LoginModule.
 	 * @return The AuthenticationException that the JaasAuthenticationProvider should
 	 * throw.
 	 */
-	AuthenticationException resolveException(LoginException e);
+	AuthenticationException resolveException(LoginException ex);
 
 }
diff --git a/core/src/main/java/org/springframework/security/converter/RsaKeyConverters.java b/core/src/main/java/org/springframework/security/converter/RsaKeyConverters.java
index 94526af4f3..bf63a85819 100644
--- a/core/src/main/java/org/springframework/security/converter/RsaKeyConverters.java
+++ b/core/src/main/java/org/springframework/security/converter/RsaKeyConverters.java
@@ -82,8 +82,8 @@ public class RsaKeyConverters {
 			try {
 				return (RSAPrivateKey) keyFactory.generatePrivate(new PKCS8EncodedKeySpec(pkcs8));
 			}
-			catch (Exception e) {
-				throw new IllegalArgumentException(e);
+			catch (Exception ex) {
+				throw new IllegalArgumentException(ex);
 			}
 		};
 	}
@@ -115,8 +115,8 @@ public class RsaKeyConverters {
 			try {
 				return (RSAPublicKey) keyFactory.generatePublic(new X509EncodedKeySpec(x509));
 			}
-			catch (Exception e) {
-				throw new IllegalArgumentException(e);
+			catch (Exception ex) {
+				throw new IllegalArgumentException(ex);
 			}
 		};
 	}
@@ -130,8 +130,8 @@ public class RsaKeyConverters {
 		try {
 			return KeyFactory.getInstance("RSA");
 		}
-		catch (NoSuchAlgorithmException e) {
-			throw new IllegalStateException(e);
+		catch (NoSuchAlgorithmException ex) {
+			throw new IllegalStateException(ex);
 		}
 	}
 
diff --git a/core/src/main/java/org/springframework/security/core/AuthenticationException.java b/core/src/main/java/org/springframework/security/core/AuthenticationException.java
index 4826756b39..e634738b69 100644
--- a/core/src/main/java/org/springframework/security/core/AuthenticationException.java
+++ b/core/src/main/java/org/springframework/security/core/AuthenticationException.java
@@ -28,10 +28,10 @@ public abstract class AuthenticationException extends RuntimeException {
 	 * Constructs an {@code AuthenticationException} with the specified message and root
 	 * cause.
 	 * @param msg the detail message
-	 * @param t the root cause
+	 * @param cause the root cause
 	 */
-	public AuthenticationException(String msg, Throwable t) {
-		super(msg, t);
+	public AuthenticationException(String msg, Throwable cause) {
+		super(msg, cause);
 	}
 
 	/**
diff --git a/core/src/main/java/org/springframework/security/core/SpringSecurityCoreVersion.java b/core/src/main/java/org/springframework/security/core/SpringSecurityCoreVersion.java
index 775298ce1f..fbe5526e5c 100644
--- a/core/src/main/java/org/springframework/security/core/SpringSecurityCoreVersion.java
+++ b/core/src/main/java/org/springframework/security/core/SpringSecurityCoreVersion.java
@@ -108,7 +108,7 @@ public class SpringSecurityCoreVersion {
 			properties.load(SpringSecurityCoreVersion.class.getClassLoader()
 					.getResourceAsStream("META-INF/spring-security.versions"));
 		}
-		catch (IOException | NullPointerException e) {
+		catch (IOException | NullPointerException ex) {
 			return null;
 		}
 		return properties.getProperty("org.springframework:spring-core");
diff --git a/core/src/main/java/org/springframework/security/core/token/Sha512DigestUtils.java b/core/src/main/java/org/springframework/security/core/token/Sha512DigestUtils.java
index a2c16a14fa..a34998f6b9 100644
--- a/core/src/main/java/org/springframework/security/core/token/Sha512DigestUtils.java
+++ b/core/src/main/java/org/springframework/security/core/token/Sha512DigestUtils.java
@@ -43,8 +43,8 @@ public abstract class Sha512DigestUtils {
 		try {
 			return MessageDigest.getInstance("SHA-512");
 		}
-		catch (NoSuchAlgorithmException e) {
-			throw new RuntimeException(e.getMessage());
+		catch (NoSuchAlgorithmException ex) {
+			throw new RuntimeException(ex.getMessage());
 		}
 	}
 
diff --git a/core/src/main/java/org/springframework/security/core/userdetails/UsernameNotFoundException.java b/core/src/main/java/org/springframework/security/core/userdetails/UsernameNotFoundException.java
index 2894852d33..22c3c1d8e5 100644
--- a/core/src/main/java/org/springframework/security/core/userdetails/UsernameNotFoundException.java
+++ b/core/src/main/java/org/springframework/security/core/userdetails/UsernameNotFoundException.java
@@ -38,10 +38,10 @@ public class UsernameNotFoundException extends AuthenticationException {
 	 * Constructs a {@code UsernameNotFoundException} with the specified message and root
 	 * cause.
 	 * @param msg the detail message.
-	 * @param t root cause
+	 * @param cause root cause
 	 */
-	public UsernameNotFoundException(String msg, Throwable t) {
-		super(msg, t);
+	public UsernameNotFoundException(String msg, Throwable cause) {
+		super(msg, cause);
 	}
 
 }
diff --git a/core/src/main/java/org/springframework/security/jackson2/SecurityJackson2Modules.java b/core/src/main/java/org/springframework/security/jackson2/SecurityJackson2Modules.java
index a4b4c9cf3c..03e24ae4a7 100644
--- a/core/src/main/java/org/springframework/security/jackson2/SecurityJackson2Modules.java
+++ b/core/src/main/java/org/springframework/security/jackson2/SecurityJackson2Modules.java
@@ -107,9 +107,9 @@ public final class SecurityJackson2Modules {
 				instance = securityModule.newInstance();
 			}
 		}
-		catch (Exception e) {
+		catch (Exception ex) {
 			if (logger.isDebugEnabled()) {
-				logger.debug("Cannot load module " + className, e);
+				logger.debug("Cannot load module " + className, ex);
 			}
 		}
 		return instance;
diff --git a/core/src/main/java/org/springframework/security/util/MethodInvocationUtils.java b/core/src/main/java/org/springframework/security/util/MethodInvocationUtils.java
index 01fd674677..ef05c2d84f 100644
--- a/core/src/main/java/org/springframework/security/util/MethodInvocationUtils.java
+++ b/core/src/main/java/org/springframework/security/util/MethodInvocationUtils.java
@@ -137,7 +137,7 @@ public final class MethodInvocationUtils {
 		try {
 			method = clazz.getMethod(methodName, classArgs);
 		}
-		catch (NoSuchMethodException e) {
+		catch (NoSuchMethodException ex) {
 			return null;
 		}
 
diff --git a/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyImplTests.java b/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyImplTests.java
index 9182ec5214..986d1dc92c 100644
--- a/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyImplTests.java
+++ b/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyImplTests.java
@@ -117,21 +117,21 @@ public class RoleHierarchyImplTests {
 			roleHierarchyImpl.setHierarchy("ROLE_A > ROLE_A");
 			fail("Cycle in role hierarchy was not detected!");
 		}
-		catch (CycleInRoleHierarchyException e) {
+		catch (CycleInRoleHierarchyException ex) {
 		}
 
 		try {
 			roleHierarchyImpl.setHierarchy("ROLE_A > ROLE_B\nROLE_B > ROLE_A");
 			fail("Cycle in role hierarchy was not detected!");
 		}
-		catch (CycleInRoleHierarchyException e) {
+		catch (CycleInRoleHierarchyException ex) {
 		}
 
 		try {
 			roleHierarchyImpl.setHierarchy("ROLE_A > ROLE_B\nROLE_B > ROLE_C\nROLE_C > ROLE_A");
 			fail("Cycle in role hierarchy was not detected!");
 		}
-		catch (CycleInRoleHierarchyException e) {
+		catch (CycleInRoleHierarchyException ex) {
 		}
 
 		try {
@@ -139,14 +139,14 @@ public class RoleHierarchyImplTests {
 					"ROLE_A > ROLE_B\nROLE_B > ROLE_C\nROLE_C > ROLE_E\nROLE_E > ROLE_D\nROLE_D > ROLE_B");
 			fail("Cycle in role hierarchy was not detected!");
 		}
-		catch (CycleInRoleHierarchyException e) {
+		catch (CycleInRoleHierarchyException ex) {
 		}
 
 		try {
 			roleHierarchyImpl.setHierarchy("ROLE_C > ROLE_B\nROLE_B > ROLE_A\nROLE_A > ROLE_B");
 			fail("Cycle in role hierarchy was not detected!");
 		}
-		catch (CycleInRoleHierarchyException e) {
+		catch (CycleInRoleHierarchyException ex) {
 		}
 	}
 
@@ -157,7 +157,7 @@ public class RoleHierarchyImplTests {
 		try {
 			roleHierarchyImpl.setHierarchy("ROLE_A > ROLE_B\nROLE_A > ROLE_C\nROLE_C > ROLE_D\nROLE_B > ROLE_D");
 		}
-		catch (CycleInRoleHierarchyException e) {
+		catch (CycleInRoleHierarchyException ex) {
 			fail("A cycle in role hierarchy was incorrectly detected!");
 		}
 	}
diff --git a/core/src/test/java/org/springframework/security/authentication/ProviderManagerTests.java b/core/src/test/java/org/springframework/security/authentication/ProviderManagerTests.java
index f8616313af..711ffccfac 100644
--- a/core/src/test/java/org/springframework/security/authentication/ProviderManagerTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/ProviderManagerTests.java
@@ -271,8 +271,8 @@ public class ProviderManagerTests {
 			mgr.authenticate(authReq);
 			fail("Expected exception");
 		}
-		catch (BadCredentialsException e) {
-			assertThat(e).isSameAs(expected);
+		catch (BadCredentialsException ex) {
+			assertThat(ex).isSameAs(expected);
 		}
 	}
 
@@ -289,8 +289,8 @@ public class ProviderManagerTests {
 			mgr.authenticate(authReq);
 			fail("Expected exception");
 		}
-		catch (LockedException e) {
-			assertThat(e).isSameAs(expected);
+		catch (LockedException ex) {
+			assertThat(ex).isSameAs(expected);
 		}
 		verify(publisher).publishAuthenticationFailure(expected, authReq);
 	}
@@ -329,18 +329,18 @@ public class ProviderManagerTests {
 			childMgr.authenticate(authReq);
 			fail("Expected exception");
 		}
-		catch (BadCredentialsException e) {
-			assertThat(e).isSameAs(badCredentialsExParent);
+		catch (BadCredentialsException ex) {
+			assertThat(ex).isSameAs(badCredentialsExParent);
 		}
 		verify(publisher).publishAuthenticationFailure(badCredentialsExParent, authReq); // Parent
 																							// publishes
 		verifyNoMoreInteractions(publisher); // Child should not publish (duplicate event)
 	}
 
-	private AuthenticationProvider createProviderWhichThrows(final AuthenticationException e) {
+	private AuthenticationProvider createProviderWhichThrows(final AuthenticationException ex) {
 		AuthenticationProvider provider = mock(AuthenticationProvider.class);
 		given(provider.supports(any(Class.class))).willReturn(true);
-		given(provider.authenticate(any(Authentication.class))).willThrow(e);
+		given(provider.authenticate(any(Authentication.class))).willThrow(ex);
 
 		return provider;
 	}
diff --git a/core/src/test/java/org/springframework/security/authentication/jaas/JaasAuthenticationProviderTests.java b/core/src/test/java/org/springframework/security/authentication/jaas/JaasAuthenticationProviderTests.java
index 4fd27e898b..cf7f5681e4 100644
--- a/core/src/test/java/org/springframework/security/authentication/jaas/JaasAuthenticationProviderTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/jaas/JaasAuthenticationProviderTests.java
@@ -77,7 +77,7 @@ public class JaasAuthenticationProviderTests {
 			this.jaasProvider.authenticate(new UsernamePasswordAuthenticationToken("user", "asdf"));
 			fail("LoginException should have been thrown for the bad password");
 		}
-		catch (AuthenticationException e) {
+		catch (AuthenticationException ex) {
 		}
 
 		assertThat(this.eventCheck.failedEvent).as("Failure event not fired").isNotNull();
@@ -92,7 +92,7 @@ public class JaasAuthenticationProviderTests {
 			this.jaasProvider.authenticate(new UsernamePasswordAuthenticationToken("asdf", "password"));
 			fail("LoginException should have been thrown for the bad user");
 		}
-		catch (AuthenticationException e) {
+		catch (AuthenticationException ex) {
 		}
 
 		assertThat(this.eventCheck.failedEvent).as("Failure event not fired").isNotNull();
@@ -241,9 +241,9 @@ public class JaasAuthenticationProviderTests {
 		try {
 			this.jaasProvider.authenticate(new UsernamePasswordAuthenticationToken("user", "password"));
 		}
-		catch (LockedException e) {
+		catch (LockedException ex) {
 		}
-		catch (Exception e) {
+		catch (Exception ex) {
 			fail("LockedException should have been thrown and caught");
 		}
 	}
diff --git a/core/src/test/java/org/springframework/security/authentication/jaas/SecurityContextLoginModuleTests.java b/core/src/test/java/org/springframework/security/authentication/jaas/SecurityContextLoginModuleTests.java
index dd992af4b0..3f27e71d85 100644
--- a/core/src/test/java/org/springframework/security/authentication/jaas/SecurityContextLoginModuleTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/jaas/SecurityContextLoginModuleTests.java
@@ -75,7 +75,7 @@ public class SecurityContextLoginModuleTests {
 			this.module.login();
 			fail("LoginException expected, there is no Authentication in the SecurityContext");
 		}
-		catch (LoginException e) {
+		catch (LoginException ex) {
 		}
 	}
 
@@ -107,7 +107,7 @@ public class SecurityContextLoginModuleTests {
 			this.module.login();
 			fail("LoginException expected, the authentication is null in the SecurityContext");
 		}
-		catch (Exception e) {
+		catch (Exception ex) {
 		}
 	}
 
diff --git a/core/src/test/java/org/springframework/security/authentication/jaas/TestLoginModule.java b/core/src/test/java/org/springframework/security/authentication/jaas/TestLoginModule.java
index c6aaf08ac7..ab0d94fe90 100644
--- a/core/src/test/java/org/springframework/security/authentication/jaas/TestLoginModule.java
+++ b/core/src/test/java/org/springframework/security/authentication/jaas/TestLoginModule.java
@@ -63,8 +63,8 @@ public class TestLoginModule implements LoginModule {
 			this.password = new String(passwordCallback.getPassword());
 			this.user = nameCallback.getName();
 		}
-		catch (Exception e) {
-			throw new RuntimeException(e);
+		catch (Exception ex) {
+			throw new RuntimeException(ex);
 		}
 	}
 
diff --git a/core/src/test/java/org/springframework/security/core/token/KeyBasedPersistenceTokenServiceTests.java b/core/src/test/java/org/springframework/security/core/token/KeyBasedPersistenceTokenServiceTests.java
index 90fb209572..dacc3678c5 100644
--- a/core/src/test/java/org/springframework/security/core/token/KeyBasedPersistenceTokenServiceTests.java
+++ b/core/src/test/java/org/springframework/security/core/token/KeyBasedPersistenceTokenServiceTests.java
@@ -40,8 +40,8 @@ public class KeyBasedPersistenceTokenServiceTests {
 			service.setSecureRandom(rnd);
 			service.afterPropertiesSet();
 		}
-		catch (Exception e) {
-			throw new RuntimeException(e);
+		catch (Exception ex) {
+			throw new RuntimeException(ex);
 		}
 		return service;
 	}
diff --git a/crypto/src/main/java/org/springframework/security/crypto/argon2/Argon2PasswordEncoder.java b/crypto/src/main/java/org/springframework/security/crypto/argon2/Argon2PasswordEncoder.java
index 75cf6b3202..cca1800628 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/argon2/Argon2PasswordEncoder.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/argon2/Argon2PasswordEncoder.java
@@ -107,8 +107,8 @@ public class Argon2PasswordEncoder implements PasswordEncoder {
 		try {
 			decoded = Argon2EncodingUtils.decode(encodedPassword);
 		}
-		catch (IllegalArgumentException e) {
-			this.logger.warn("Malformed password hash", e);
+		catch (IllegalArgumentException ex) {
+			this.logger.warn("Malformed password hash", ex);
 			return false;
 		}
 
diff --git a/crypto/src/main/java/org/springframework/security/crypto/codec/Base64.java b/crypto/src/main/java/org/springframework/security/crypto/codec/Base64.java
index b29021dc07..366b380a96 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/codec/Base64.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/codec/Base64.java
@@ -248,7 +248,7 @@ public final class Base64 {
 		try {
 			decode(bytes);
 		}
-		catch (InvalidBase64CharacterException e) {
+		catch (InvalidBase64CharacterException ex) {
 			return false;
 		}
 		return true;
diff --git a/crypto/src/main/java/org/springframework/security/crypto/codec/Utf8.java b/crypto/src/main/java/org/springframework/security/crypto/codec/Utf8.java
index b82bcdce66..1a926e3985 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/codec/Utf8.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/codec/Utf8.java
@@ -43,8 +43,8 @@ public final class Utf8 {
 
 			return bytesCopy;
 		}
-		catch (CharacterCodingException e) {
-			throw new IllegalArgumentException("Encoding failed", e);
+		catch (CharacterCodingException ex) {
+			throw new IllegalArgumentException("Encoding failed", ex);
 		}
 	}
 
@@ -55,8 +55,8 @@ public final class Utf8 {
 		try {
 			return CHARSET.newDecoder().decode(ByteBuffer.wrap(bytes)).toString();
 		}
-		catch (CharacterCodingException e) {
-			throw new IllegalArgumentException("Decoding failed", e);
+		catch (CharacterCodingException ex) {
+			throw new IllegalArgumentException("Decoding failed", ex);
 		}
 	}
 
diff --git a/crypto/src/main/java/org/springframework/security/crypto/encrypt/BouncyCastleAesCbcBytesEncryptor.java b/crypto/src/main/java/org/springframework/security/crypto/encrypt/BouncyCastleAesCbcBytesEncryptor.java
index 62b51b2afe..24896cc71e 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/encrypt/BouncyCastleAesCbcBytesEncryptor.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/encrypt/BouncyCastleAesCbcBytesEncryptor.java
@@ -74,8 +74,8 @@ public class BouncyCastleAesCbcBytesEncryptor extends BouncyCastleAesBytesEncryp
 		try {
 			bytesWritten += blockCipher.doFinal(buf, bytesWritten);
 		}
-		catch (InvalidCipherTextException e) {
-			throw new IllegalStateException("unable to encrypt/decrypt", e);
+		catch (InvalidCipherTextException ex) {
+			throw new IllegalStateException("unable to encrypt/decrypt", ex);
 		}
 		if (bytesWritten == buf.length) {
 			return buf;
diff --git a/crypto/src/main/java/org/springframework/security/crypto/encrypt/BouncyCastleAesGcmBytesEncryptor.java b/crypto/src/main/java/org/springframework/security/crypto/encrypt/BouncyCastleAesGcmBytesEncryptor.java
index 46fcc569a1..cef2d1f977 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/encrypt/BouncyCastleAesGcmBytesEncryptor.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/encrypt/BouncyCastleAesGcmBytesEncryptor.java
@@ -71,8 +71,8 @@ public class BouncyCastleAesGcmBytesEncryptor extends BouncyCastleAesBytesEncryp
 		try {
 			bytesWritten += blockCipher.doFinal(buf, bytesWritten);
 		}
-		catch (InvalidCipherTextException e) {
-			throw new IllegalStateException("unable to encrypt/decrypt", e);
+		catch (InvalidCipherTextException ex) {
+			throw new IllegalStateException("unable to encrypt/decrypt", ex);
 		}
 		if (bytesWritten == buf.length) {
 			return buf;
diff --git a/crypto/src/main/java/org/springframework/security/crypto/encrypt/CipherUtils.java b/crypto/src/main/java/org/springframework/security/crypto/encrypt/CipherUtils.java
index 753a7b535f..e1a3666115 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/encrypt/CipherUtils.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/encrypt/CipherUtils.java
@@ -56,11 +56,11 @@ final class CipherUtils {
 			SecretKeyFactory factory = SecretKeyFactory.getInstance(algorithm);
 			return factory.generateSecret(keySpec);
 		}
-		catch (NoSuchAlgorithmException e) {
-			throw new IllegalArgumentException("Not a valid encryption algorithm", e);
+		catch (NoSuchAlgorithmException ex) {
+			throw new IllegalArgumentException("Not a valid encryption algorithm", ex);
 		}
-		catch (InvalidKeySpecException e) {
-			throw new IllegalArgumentException("Not a valid secret key", e);
+		catch (InvalidKeySpecException ex) {
+			throw new IllegalArgumentException("Not a valid secret key", ex);
 		}
 	}
 
@@ -71,11 +71,11 @@ final class CipherUtils {
 		try {
 			return Cipher.getInstance(algorithm);
 		}
-		catch (NoSuchAlgorithmException e) {
-			throw new IllegalArgumentException("Not a valid encryption algorithm", e);
+		catch (NoSuchAlgorithmException ex) {
+			throw new IllegalArgumentException("Not a valid encryption algorithm", ex);
 		}
-		catch (NoSuchPaddingException e) {
-			throw new IllegalStateException("Should not happen", e);
+		catch (NoSuchPaddingException ex) {
+			throw new IllegalStateException("Should not happen", ex);
 		}
 	}
 
@@ -86,8 +86,8 @@ final class CipherUtils {
 		try {
 			return cipher.getParameters().getParameterSpec(parameterSpecClass);
 		}
-		catch (InvalidParameterSpecException e) {
-			throw new IllegalArgumentException("Unable to access parameter", e);
+		catch (InvalidParameterSpecException ex) {
+			throw new IllegalArgumentException("Unable to access parameter", ex);
 		}
 	}
 
@@ -117,11 +117,11 @@ final class CipherUtils {
 				cipher.init(mode, secretKey);
 			}
 		}
-		catch (InvalidKeyException e) {
-			throw new IllegalArgumentException("Unable to initialize due to invalid secret key", e);
+		catch (InvalidKeyException ex) {
+			throw new IllegalArgumentException("Unable to initialize due to invalid secret key", ex);
 		}
-		catch (InvalidAlgorithmParameterException e) {
-			throw new IllegalStateException("Unable to initialize due to invalid decryption parameter spec", e);
+		catch (InvalidAlgorithmParameterException ex) {
+			throw new IllegalStateException("Unable to initialize due to invalid decryption parameter spec", ex);
 		}
 	}
 
@@ -133,11 +133,11 @@ final class CipherUtils {
 		try {
 			return cipher.doFinal(input);
 		}
-		catch (IllegalBlockSizeException e) {
-			throw new IllegalStateException("Unable to invoke Cipher due to illegal block size", e);
+		catch (IllegalBlockSizeException ex) {
+			throw new IllegalStateException("Unable to invoke Cipher due to illegal block size", ex);
 		}
-		catch (BadPaddingException e) {
-			throw new IllegalStateException("Unable to invoke Cipher due to bad padding", e);
+		catch (BadPaddingException ex) {
+			throw new IllegalStateException("Unable to invoke Cipher due to bad padding", ex);
 		}
 	}
 
diff --git a/crypto/src/main/java/org/springframework/security/crypto/password/Digester.java b/crypto/src/main/java/org/springframework/security/crypto/password/Digester.java
index 7e4755512c..5add570e41 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/password/Digester.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/password/Digester.java
@@ -64,8 +64,8 @@ final class Digester {
 		try {
 			return MessageDigest.getInstance(algorithm);
 		}
-		catch (NoSuchAlgorithmException e) {
-			throw new IllegalStateException("No such hashing algorithm", e);
+		catch (NoSuchAlgorithmException ex) {
+			throw new IllegalStateException("No such hashing algorithm", ex);
 		}
 	}
 
diff --git a/crypto/src/main/java/org/springframework/security/crypto/password/LdapShaPasswordEncoder.java b/crypto/src/main/java/org/springframework/security/crypto/password/LdapShaPasswordEncoder.java
index d5f42a92ad..8e0a7ec7de 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/password/LdapShaPasswordEncoder.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/password/LdapShaPasswordEncoder.java
@@ -104,7 +104,7 @@ public class LdapShaPasswordEncoder implements PasswordEncoder {
 			sha = MessageDigest.getInstance("SHA");
 			sha.update(Utf8.encode(rawPassword));
 		}
-		catch (java.security.NoSuchAlgorithmException e) {
+		catch (java.security.NoSuchAlgorithmException ex) {
 			throw new IllegalStateException("No SHA implementation available!");
 		}
 
diff --git a/crypto/src/main/java/org/springframework/security/crypto/password/Pbkdf2PasswordEncoder.java b/crypto/src/main/java/org/springframework/security/crypto/password/Pbkdf2PasswordEncoder.java
index 2b4f5465fe..f777424072 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/password/Pbkdf2PasswordEncoder.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/password/Pbkdf2PasswordEncoder.java
@@ -112,8 +112,8 @@ public class Pbkdf2PasswordEncoder implements PasswordEncoder {
 		try {
 			SecretKeyFactory.getInstance(algorithmName);
 		}
-		catch (NoSuchAlgorithmException e) {
-			throw new IllegalArgumentException("Invalid algorithm '" + algorithmName + "'.", e);
+		catch (NoSuchAlgorithmException ex) {
+			throw new IllegalArgumentException("Invalid algorithm '" + algorithmName + "'.", ex);
 		}
 		this.algorithm = algorithmName;
 	}
@@ -163,8 +163,8 @@ public class Pbkdf2PasswordEncoder implements PasswordEncoder {
 			SecretKeyFactory skf = SecretKeyFactory.getInstance(this.algorithm);
 			return EncodingUtils.concatenate(salt, skf.generateSecret(spec).getEncoded());
 		}
-		catch (GeneralSecurityException e) {
-			throw new IllegalStateException("Could not create hash", e);
+		catch (GeneralSecurityException ex) {
+			throw new IllegalStateException("Could not create hash", ex);
 		}
 	}
 
diff --git a/crypto/src/test/java/org/springframework/security/crypto/encrypt/CryptoAssumptions.java b/crypto/src/test/java/org/springframework/security/crypto/encrypt/CryptoAssumptions.java
index 4c238552fd..fc77e011de 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/encrypt/CryptoAssumptions.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/encrypt/CryptoAssumptions.java
@@ -41,11 +41,11 @@ public class CryptoAssumptions {
 			Cipher.getInstance(cipherAlgorithm.toString());
 			aes256Available = Cipher.getMaxAllowedKeyLength("AES") >= 256;
 		}
-		catch (NoSuchAlgorithmException e) {
-			throw new AssumptionViolatedException(cipherAlgorithm + " not available, skipping test", e);
+		catch (NoSuchAlgorithmException ex) {
+			throw new AssumptionViolatedException(cipherAlgorithm + " not available, skipping test", ex);
 		}
-		catch (NoSuchPaddingException e) {
-			throw new AssumptionViolatedException(cipherAlgorithm + " padding not available, skipping test", e);
+		catch (NoSuchPaddingException ex) {
+			throw new AssumptionViolatedException(cipherAlgorithm + " padding not available, skipping test", ex);
 		}
 		Assume.assumeTrue("AES key length of 256 not allowed, skipping test", aes256Available);
 
diff --git a/docs/manual/src/docs/asciidoc/_includes/reactive/oauth2/resource-server.adoc b/docs/manual/src/docs/asciidoc/_includes/reactive/oauth2/resource-server.adoc
index d4c0f5f441..1c774d33f5 100644
--- a/docs/manual/src/docs/asciidoc/_includes/reactive/oauth2/resource-server.adoc
+++ b/docs/manual/src/docs/asciidoc/_includes/reactive/oauth2/resource-server.adoc
@@ -552,9 +552,9 @@ ReactiveJwtDecoder jwtDecoder() {
 ----
 [[webflux-oauth2resourceserver-opaque-minimaldependencies]]
 === Minimal Dependencies for Introspection
-As described in <<oauth2resourceserver-jwt-minimaldependencies,Minimal Dependencies for JWT>> most of Resource Server support is collected in `spring-security-oauth2-resource-server`. 
-However unless a custom <<webflux-oauth2resourceserver-opaque-introspector-bean,`ReactiveOpaqueTokenIntrospector`>> is provided, the Resource Server will fallback to ReactiveOpaqueTokenIntrospector. 
-Meaning that both `spring-security-oauth2-resource-server` and `oauth2-oidc-sdk` are necessary in order to have a working minimal Resource Server that supports opaque Bearer Tokens. 
+As described in <<oauth2resourceserver-jwt-minimaldependencies,Minimal Dependencies for JWT>> most of Resource Server support is collected in `spring-security-oauth2-resource-server`.
+However unless a custom <<webflux-oauth2resourceserver-opaque-introspector-bean,`ReactiveOpaqueTokenIntrospector`>> is provided, the Resource Server will fallback to ReactiveOpaqueTokenIntrospector.
+Meaning that both `spring-security-oauth2-resource-server` and `oauth2-oidc-sdk` are necessary in order to have a working minimal Resource Server that supports opaque Bearer Tokens.
 Please refer to `spring-security-oauth2-resource-server` in order to determin the correct version for `oauth2-oidc-sdk`.
 
 [[webflux-oauth2resourceserver-opaque-minimalconfiguration]]
@@ -925,8 +925,8 @@ public class JwtOpaqueTokenIntrospector implements ReactiveOpaqueTokenIntrospect
 		public Mono<JWTClaimsSet> convert(JWT jwt) {
 			try {
 				return Mono.just(jwt.getJWTClaimsSet());
-			} catch (Exception e) {
-				return Mono.error(e);
+			} catch (Exception ex) {
+				return Mono.error(ex);
 			}
 		}
 	}
diff --git a/docs/manual/src/docs/asciidoc/_includes/servlet/architecture/exception-translation-filter.adoc b/docs/manual/src/docs/asciidoc/_includes/servlet/architecture/exception-translation-filter.adoc
index 5fa7ecc452..67cad58ddf 100644
--- a/docs/manual/src/docs/asciidoc/_includes/servlet/architecture/exception-translation-filter.adoc
+++ b/docs/manual/src/docs/asciidoc/_includes/servlet/architecture/exception-translation-filter.adoc
@@ -36,8 +36,8 @@ The pseudocode for `ExceptionTranslationFilter` looks something like this:
 ----
 try {
 	filterChain.doFilter(request, response); // <1>
-} catch (AccessDeniedException | AuthenticationException e) {
-	if (!authenticated || e instanceof AuthenticationException) {
+} catch (AccessDeniedException | AuthenticationException ex) {
+	if (!authenticated || ex instanceof AuthenticationException) {
 		startAuthentication(); // <2>
 	} else {
 		accessDenied(); // <3>
diff --git a/docs/manual/src/docs/asciidoc/_includes/servlet/integrations/servlet-api.adoc b/docs/manual/src/docs/asciidoc/_includes/servlet/integrations/servlet-api.adoc
index 9e957f39a0..e57d545c15 100644
--- a/docs/manual/src/docs/asciidoc/_includes/servlet/integrations/servlet-api.adoc
+++ b/docs/manual/src/docs/asciidoc/_includes/servlet/integrations/servlet-api.adoc
@@ -75,7 +75,7 @@ For example, the following would attempt to authenticate with the username "user
 ----
 try {
 httpServletRequest.login("user","password");
-} catch(ServletException e) {
+} catch(ServletException ex) {
 // fail to authenticate
 }
 ----
@@ -111,8 +111,8 @@ async.start(new Runnable() {
 			asyncResponse.setStatus(HttpServletResponse.SC_OK);
 			asyncResponse.getWriter().write(String.valueOf(authentication));
 			async.complete();
-		} catch(Exception e) {
-			throw new RuntimeException(e);
+		} catch(Exception ex) {
+			throw new RuntimeException(ex);
 		}
 	}
 });
@@ -174,8 +174,8 @@ new Thread("AsyncThread") {
 
 			// Write to and commit the httpServletResponse
 			httpServletResponse.getOutputStream().flush();
-		} catch (Exception e) {
-			e.printStackTrace();
+		} catch (Exception ex) {
+			ex.printStackTrace();
 		}
 	}
 }.start();
diff --git a/docs/manual/src/docs/asciidoc/_includes/servlet/oauth2/oauth2-resourceserver.adoc b/docs/manual/src/docs/asciidoc/_includes/servlet/oauth2/oauth2-resourceserver.adoc
index f3844ed84a..42d71a85fc 100644
--- a/docs/manual/src/docs/asciidoc/_includes/servlet/oauth2/oauth2-resourceserver.adoc
+++ b/docs/manual/src/docs/asciidoc/_includes/servlet/oauth2/oauth2-resourceserver.adoc
@@ -1055,9 +1055,9 @@ To do so, remember that `NimbusJwtDecoder` ships with a constructor that takes N
 
 [[oauth2resourceserver-opaque-minimaldependencies]]
 === Minimal Dependencies for Introspection
-As described in <<oauth2resourceserver-jwt-minimaldependencies,Minimal Dependencies for JWT>> most of Resource Server support is collected in `spring-security-oauth2-resource-server`. 
-However unless a custom <<oauth2resourceserver-opaque-introspector,`OpaqueTokenIntrospector`>> is provided, the Resource Server will fallback to NimbusOpaqueTokenIntrospector. 
-Meaning that both `spring-security-oauth2-resource-server` and `oauth2-oidc-sdk` are necessary in order to have a working minimal Resource Server that supports opaque Bearer Tokens. 
+As described in <<oauth2resourceserver-jwt-minimaldependencies,Minimal Dependencies for JWT>> most of Resource Server support is collected in `spring-security-oauth2-resource-server`.
+However unless a custom <<oauth2resourceserver-opaque-introspector,`OpaqueTokenIntrospector`>> is provided, the Resource Server will fallback to NimbusOpaqueTokenIntrospector.
+Meaning that both `spring-security-oauth2-resource-server` and `oauth2-oidc-sdk` are necessary in order to have a working minimal Resource Server that supports opaque Bearer Tokens.
 Please refer to `spring-security-oauth2-resource-server` in order to determin the correct version for `oauth2-oidc-sdk`.
 
 [[oauth2resourceserver-opaque-minimalconfiguration]]
@@ -1626,8 +1626,8 @@ public class JwtOpaqueTokenIntrospector implements OpaqueTokenIntrospector {
         try {
             Jwt jwt = this.jwtDecoder.decode(token);
             return new DefaultOAuth2AuthenticatedPrincipal(jwt.getClaims(), NO_AUTHORITIES);
-        } catch (JwtException e) {
-            throw new OAuth2IntrospectionException(e);
+        } catch (JwtException ex) {
+            throw new OAuth2IntrospectionException(ex);
         }
     }
 
@@ -1899,8 +1899,8 @@ public class TenantJWSKeySelector
 	private JWSKeySelector<SecurityContext> fromUri(String uri) {
 		try {
 			return JWSAlgorithmFamilyJWSKeySelector.fromJWKSetURL(new URL(uri)); <4>
-		} catch (Exception e) {
-			throw new IllegalArgumentException(e);
+		} catch (Exception ex) {
+			throw new IllegalArgumentException(ex);
 		}
 	}
 }
diff --git a/etc/checkstyle/checkstyle-suppressions.xml b/etc/checkstyle/checkstyle-suppressions.xml
index 8a54814b09..3ec4e39adc 100644
--- a/etc/checkstyle/checkstyle-suppressions.xml
+++ b/etc/checkstyle/checkstyle-suppressions.xml
@@ -3,7 +3,6 @@
 		"-//Checkstyle//DTD SuppressionFilter Configuration 1.2//EN"
 		"https://checkstyle.org/dtds/suppressions_1_2.dtd">
 <suppressions>
-	<suppress files=".*" checks="SpringCatch" />
 	<suppress files=".*" checks="SpringHeader" />
 	<suppress files=".*" checks="SpringHideUtilityClassConstructor" />
 	<suppress files=".*" checks="SpringJavadoc" />
diff --git a/itest/context/src/main/java/org/springframework/security/integration/python/PythonInterpreterPreInvocationAdvice.java b/itest/context/src/main/java/org/springframework/security/integration/python/PythonInterpreterPreInvocationAdvice.java
index 8ae2b7fbd9..69bcb94e8d 100644
--- a/itest/context/src/main/java/org/springframework/security/integration/python/PythonInterpreterPreInvocationAdvice.java
+++ b/itest/context/src/main/java/org/springframework/security/integration/python/PythonInterpreterPreInvocationAdvice.java
@@ -52,8 +52,8 @@ public class PythonInterpreterPreInvocationAdvice implements PreInvocationAuthor
 		try {
 			python.execfile(scriptResource.getInputStream());
 		}
-		catch (IOException e) {
-			throw new IllegalArgumentException("Couldn't run python script, " + script, e);
+		catch (IOException ex) {
+			throw new IllegalArgumentException("Couldn't run python script, " + script, ex);
 		}
 
 		PyObject allowed = python.get("allow");
diff --git a/ldap/src/integration-test/java/org/springframework/security/ldap/DefaultSpringSecurityContextSourceTests.java b/ldap/src/integration-test/java/org/springframework/security/ldap/DefaultSpringSecurityContextSourceTests.java
index 7465a78637..31844b4587 100644
--- a/ldap/src/integration-test/java/org/springframework/security/ldap/DefaultSpringSecurityContextSourceTests.java
+++ b/ldap/src/integration-test/java/org/springframework/security/ldap/DefaultSpringSecurityContextSourceTests.java
@@ -85,7 +85,7 @@ public class DefaultSpringSecurityContextSourceTests {
 		try {
 			ctx = this.contextSource.getContext("uid=Bob,ou=people,dc=springframework,dc=org", "bobspassword");
 		}
-		catch (Exception e) {
+		catch (Exception ex) {
 		}
 		assertThat(ctx).isNotNull();
 		// com.sun.jndi.ldap.LdapPoolManager.showStats(System.out);
diff --git a/ldap/src/integration-test/java/org/springframework/security/ldap/server/ApacheDSContainerTests.java b/ldap/src/integration-test/java/org/springframework/security/ldap/server/ApacheDSContainerTests.java
index eebf38e583..b297fe66cd 100644
--- a/ldap/src/integration-test/java/org/springframework/security/ldap/server/ApacheDSContainerTests.java
+++ b/ldap/src/integration-test/java/org/springframework/security/ldap/server/ApacheDSContainerTests.java
@@ -69,12 +69,12 @@ public class ApacheDSContainerTests {
 			try {
 				server1.destroy();
 			}
-			catch (Throwable t) {
+			catch (Throwable ex) {
 			}
 			try {
 				server2.destroy();
 			}
-			catch (Throwable t) {
+			catch (Throwable ex) {
 			}
 		}
 	}
@@ -95,12 +95,12 @@ public class ApacheDSContainerTests {
 			try {
 				server1.destroy();
 			}
-			catch (Throwable t) {
+			catch (Throwable ex) {
 			}
 			try {
 				server2.destroy();
 			}
-			catch (Throwable t) {
+			catch (Throwable ex) {
 			}
 		}
 	}
@@ -116,8 +116,8 @@ public class ApacheDSContainerTests {
 			server.afterPropertiesSet();
 			fail("Expected an IllegalArgumentException to be thrown.");
 		}
-		catch (IllegalArgumentException e) {
-			assertThat(e).hasMessage("When LdapOverSsl is enabled, the keyStoreFile property must be set.");
+		catch (IllegalArgumentException ex) {
+			assertThat(ex).hasMessage("When LdapOverSsl is enabled, the keyStoreFile property must be set.");
 		}
 	}
 
@@ -143,9 +143,9 @@ public class ApacheDSContainerTests {
 			server.afterPropertiesSet();
 			fail("Expected a RuntimeException to be thrown.");
 		}
-		catch (RuntimeException e) {
-			assertThat(e).hasMessage("Server startup failed");
-			assertThat(e).hasRootCauseInstanceOf(UnrecoverableKeyException.class);
+		catch (RuntimeException ex) {
+			assertThat(ex).hasMessage("Server startup failed");
+			assertThat(ex).hasRootCauseInstanceOf(UnrecoverableKeyException.class);
 		}
 	}
 
@@ -187,7 +187,7 @@ public class ApacheDSContainerTests {
 			try {
 				server.destroy();
 			}
-			catch (Throwable t) {
+			catch (Throwable ex) {
 			}
 		}
 	}
diff --git a/ldap/src/integration-test/java/org/springframework/security/ldap/server/UnboundIdContainerLdifTests.java b/ldap/src/integration-test/java/org/springframework/security/ldap/server/UnboundIdContainerLdifTests.java
index ef8c2b440f..f9f9ed4441 100644
--- a/ldap/src/integration-test/java/org/springframework/security/ldap/server/UnboundIdContainerLdifTests.java
+++ b/ldap/src/integration-test/java/org/springframework/security/ldap/server/UnboundIdContainerLdifTests.java
@@ -75,9 +75,9 @@ public class UnboundIdContainerLdifTests {
 			this.appCtx = new AnnotationConfigApplicationContext(MalformedLdifConfig.class);
 			failBecauseExceptionWasNotThrown(IllegalStateException.class);
 		}
-		catch (Exception e) {
-			assertThat(e.getCause()).isInstanceOf(IllegalStateException.class);
-			assertThat(e.getMessage()).contains("Unable to load LDIF classpath:test-server-malformed.txt");
+		catch (Exception ex) {
+			assertThat(ex.getCause()).isInstanceOf(IllegalStateException.class);
+			assertThat(ex.getMessage()).contains("Unable to load LDIF classpath:test-server-malformed.txt");
 		}
 	}
 
@@ -87,9 +87,9 @@ public class UnboundIdContainerLdifTests {
 			this.appCtx = new AnnotationConfigApplicationContext(MissingLdifConfig.class);
 			failBecauseExceptionWasNotThrown(IllegalStateException.class);
 		}
-		catch (Exception e) {
-			assertThat(e.getCause()).isInstanceOf(IllegalStateException.class);
-			assertThat(e.getMessage()).contains("Unable to load LDIF classpath:does-not-exist.ldif");
+		catch (Exception ex) {
+			assertThat(ex.getCause()).isInstanceOf(IllegalStateException.class);
+			assertThat(ex.getMessage()).contains("Unable to load LDIF classpath:does-not-exist.ldif");
 		}
 	}
 
diff --git a/ldap/src/main/java/org/springframework/security/ldap/LdapUtils.java b/ldap/src/main/java/org/springframework/security/ldap/LdapUtils.java
index 0f24974075..6bcb430b03 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/LdapUtils.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/LdapUtils.java
@@ -53,8 +53,8 @@ public final class LdapUtils {
 				ctx.close();
 			}
 		}
-		catch (NamingException e) {
-			logger.error("Failed to close context.", e);
+		catch (NamingException ex) {
+			logger.error("Failed to close context.", ex);
 		}
 	}
 
@@ -64,8 +64,8 @@ public final class LdapUtils {
 				ne.close();
 			}
 		}
-		catch (NamingException e) {
-			logger.error("Failed to close enumeration.", e);
+		catch (NamingException ex) {
+			logger.error("Failed to close enumeration.", ex);
 		}
 	}
 
@@ -177,9 +177,9 @@ public final class LdapUtils {
 		try {
 			return new URI(url);
 		}
-		catch (URISyntaxException e) {
+		catch (URISyntaxException ex) {
 			IllegalArgumentException iae = new IllegalArgumentException("Unable to parse url: " + url);
-			iae.initCause(e);
+			iae.initCause(ex);
 			throw iae;
 		}
 	}
diff --git a/ldap/src/main/java/org/springframework/security/ldap/SpringSecurityLdapTemplate.java b/ldap/src/main/java/org/springframework/security/ldap/SpringSecurityLdapTemplate.java
index 5a7465437a..6dcb0ba823 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/SpringSecurityLdapTemplate.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/SpringSecurityLdapTemplate.java
@@ -197,8 +197,8 @@ public class SpringSecurityLdapTemplate extends LdapTemplate {
 						extractStringAttributeValues(adapter, record, attr.getID());
 					}
 				}
-				catch (NamingException x) {
-					org.springframework.ldap.support.LdapUtils.convertLdapException(x);
+				catch (NamingException ex) {
+					org.springframework.ldap.support.LdapUtils.convertLdapException(ex);
 				}
 			}
 			else {
@@ -316,7 +316,7 @@ public class SpringSecurityLdapTemplate extends LdapTemplate {
 				results.add(dca);
 			}
 		}
-		catch (PartialResultException e) {
+		catch (PartialResultException ex) {
 			LdapUtils.closeEnumeration(resultsEnum);
 			logger.info("Ignoring PartialResultException");
 		}
diff --git a/ldap/src/main/java/org/springframework/security/ldap/authentication/BindAuthenticator.java b/ldap/src/main/java/org/springframework/security/ldap/authentication/BindAuthenticator.java
index d45b72df7e..ccac1f3822 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/authentication/BindAuthenticator.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/authentication/BindAuthenticator.java
@@ -127,20 +127,20 @@ public class BindAuthenticator extends AbstractLdapAuthenticator {
 
 			return result;
 		}
-		catch (NamingException e) {
+		catch (NamingException ex) {
 			// This will be thrown if an invalid user name is used and the method may
 			// be called multiple times to try different names, so we trap the exception
 			// unless a subclass wishes to implement more specialized behaviour.
-			if ((e instanceof org.springframework.ldap.AuthenticationException)
-					|| (e instanceof org.springframework.ldap.OperationNotSupportedException)) {
-				handleBindException(userDnStr, username, e);
+			if ((ex instanceof org.springframework.ldap.AuthenticationException)
+					|| (ex instanceof org.springframework.ldap.OperationNotSupportedException)) {
+				handleBindException(userDnStr, username, ex);
 			}
 			else {
-				throw e;
+				throw ex;
 			}
 		}
-		catch (javax.naming.NamingException e) {
-			throw LdapUtils.convertLdapException(e);
+		catch (javax.naming.NamingException ex) {
+			throw LdapUtils.convertLdapException(ex);
 		}
 		finally {
 			LdapUtils.closeContext(ctx);
diff --git a/ldap/src/main/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProvider.java b/ldap/src/main/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProvider.java
index baafbe38fd..73a90b0315 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProvider.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProvider.java
@@ -165,12 +165,12 @@ public final class ActiveDirectoryLdapAuthenticationProvider extends AbstractLda
 			ctx = bindAsUser(username, password);
 			return searchForUser(ctx, username);
 		}
-		catch (CommunicationException e) {
-			throw badLdapConnection(e);
+		catch (CommunicationException ex) {
+			throw badLdapConnection(ex);
 		}
-		catch (NamingException e) {
-			this.logger.error("Failed to locate directory entry for authenticated user: " + username, e);
-			throw badCredentials(e);
+		catch (NamingException ex) {
+			this.logger.error("Failed to locate directory entry for authenticated user: " + username, ex);
+			throw badCredentials(ex);
 		}
 		finally {
 			LdapUtils.closeContext(ctx);
@@ -222,13 +222,13 @@ public final class ActiveDirectoryLdapAuthenticationProvider extends AbstractLda
 		try {
 			return this.contextFactory.createContext(env);
 		}
-		catch (NamingException e) {
-			if ((e instanceof AuthenticationException) || (e instanceof OperationNotSupportedException)) {
-				handleBindException(bindPrincipal, e);
-				throw badCredentials(e);
+		catch (NamingException ex) {
+			if ((ex instanceof AuthenticationException) || (ex instanceof OperationNotSupportedException)) {
+				handleBindException(bindPrincipal, ex);
+				throw badCredentials(ex);
 			}
 			else {
-				throw LdapUtils.convertLdapException(e);
+				throw LdapUtils.convertLdapException(ex);
 			}
 		}
 	}
diff --git a/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControlExtractor.java b/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControlExtractor.java
index b69802d368..4cf3364ca9 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControlExtractor.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControlExtractor.java
@@ -38,8 +38,8 @@ public class PasswordPolicyControlExtractor {
 		try {
 			ctrls = ctx.getResponseControls();
 		}
-		catch (javax.naming.NamingException e) {
-			logger.error("Failed to obtain response controls", e);
+		catch (javax.naming.NamingException ex) {
+			logger.error("Failed to obtain response controls", ex);
 		}
 
 		for (int i = 0; ctrls != null && i < ctrls.length; i++) {
diff --git a/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyResponseControl.java b/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyResponseControl.java
index 42cb34e11f..da45f0db7f 100755
--- a/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyResponseControl.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyResponseControl.java
@@ -84,8 +84,8 @@ public class PasswordPolicyResponseControl extends PasswordPolicyControl {
 		try {
 			decoder.decode();
 		}
-		catch (IOException e) {
-			throw new DataRetrievalFailureException("Failed to parse control value", e);
+		catch (IOException ex) {
+			throw new DataRetrievalFailureException("Failed to parse control value", ex);
 		}
 	}
 
@@ -340,8 +340,8 @@ public class PasswordPolicyResponseControl extends PasswordPolicyControl {
 	// try {
 	// number = ((Long)decoder.decodeNumeric(new ByteArrayInputStream(content),
 	// content.length)).intValue();
-	// } catch(IOException e) {
-	// throw new LdapDataAccessException("Failed to parse number ", e);
+	// } catch(IOException ex) {
+	// throw new LdapDataAccessException("Failed to parse number ", ex);
 	// }
 	//
 	// if(contentTag == 0) {
diff --git a/ldap/src/main/java/org/springframework/security/ldap/server/ApacheDSContainer.java b/ldap/src/main/java/org/springframework/security/ldap/server/ApacheDSContainer.java
index 9e1ff976f1..50bec4a81c 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/server/ApacheDSContainer.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/server/ApacheDSContainer.java
@@ -259,29 +259,18 @@ public class ApacheDSContainer implements InitializingBean, DisposableBean, Life
 			this.service.startup();
 			this.server.start();
 		}
-		catch (Exception e) {
-			throw new RuntimeException("Server startup failed", e);
+		catch (Exception ex) {
+			throw new RuntimeException("Server startup failed", ex);
 		}
 
 		try {
 			this.service.getAdminSession().lookup(this.partition.getSuffixDn());
 		}
-		catch (LdapNameNotFoundException e) {
-			try {
-				LdapDN dn = new LdapDN(this.root);
-				Assert.isTrue(this.root.startsWith("dc="), "root must start with dc=");
-				String dc = this.root.substring(3, this.root.indexOf(','));
-				ServerEntry entry = this.service.newEntry(dn);
-				entry.add("objectClass", "top", "domain", "extensibleObject");
-				entry.add("dc", dc);
-				this.service.getAdminSession().add(entry);
-			}
-			catch (Exception e1) {
-				this.logger.error("Failed to create dc entry", e1);
-			}
+		catch (LdapNameNotFoundException ex) {
+			handleLdapNameNotFoundException();
 		}
-		catch (Exception e) {
-			this.logger.error("Lookup failed", e);
+		catch (Exception ex) {
+			this.logger.error("Lookup failed", ex);
 		}
 
 		SocketAcceptor socketAcceptor = this.server.getSocketAcceptor(this.transport);
@@ -293,8 +282,23 @@ public class ApacheDSContainer implements InitializingBean, DisposableBean, Life
 		try {
 			importLdifs();
 		}
-		catch (Exception e) {
-			throw new RuntimeException("Failed to import LDIF file(s)", e);
+		catch (Exception ex) {
+			throw new RuntimeException("Failed to import LDIF file(s)", ex);
+		}
+	}
+
+	private void handleLdapNameNotFoundException() {
+		try {
+			LdapDN dn = new LdapDN(this.root);
+			Assert.isTrue(this.root.startsWith("dc="), "root must start with dc=");
+			String dc = this.root.substring(3, this.root.indexOf(','));
+			ServerEntry entry = this.service.newEntry(dn);
+			entry.add("objectClass", "top", "domain", "extensibleObject");
+			entry.add("dc", dc);
+			this.service.getAdminSession().add(entry);
+		}
+		catch (Exception ex) {
+			this.logger.error("Failed to create dc entry", ex);
 		}
 	}
 
@@ -309,8 +313,8 @@ public class ApacheDSContainer implements InitializingBean, DisposableBean, Life
 			this.server.stop();
 			this.service.shutdown();
 		}
-		catch (Exception e) {
-			this.logger.error("Shutdown failed", e);
+		catch (Exception ex) {
+			this.logger.error("Shutdown failed", ex);
 			return;
 		}
 
@@ -350,7 +354,7 @@ public class ApacheDSContainer implements InitializingBean, DisposableBean, Life
 			try {
 				ldifFile = ldifs[0].getFile().getAbsolutePath();
 			}
-			catch (IOException e) {
+			catch (IOException ex) {
 				ldifFile = ldifs[0].getURI().toString();
 			}
 			this.logger.info("Loading LDIF file: " + ldifFile);
diff --git a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsManager.java b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsManager.java
index a6beab4808..c8c04669bd 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsManager.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsManager.java
@@ -295,7 +295,7 @@ public class LdapUserDetailsManager implements UserDetailsManager {
 			}
 			return true;
 		}
-		catch (org.springframework.ldap.NameNotFoundException e) {
+		catch (org.springframework.ldap.NameNotFoundException ex) {
 			return false;
 		}
 	}
@@ -436,7 +436,7 @@ public class LdapUserDetailsManager implements UserDetailsManager {
 			try {
 				ctx.reconnect(null);
 			}
-			catch (javax.naming.AuthenticationException e) {
+			catch (javax.naming.AuthenticationException ex) {
 				throw new BadCredentialsException("Authentication for password change failed.");
 			}
 
@@ -459,7 +459,7 @@ public class LdapUserDetailsManager implements UserDetailsManager {
 			try {
 				return ctx.extendedOperation(request);
 			}
-			catch (javax.naming.AuthenticationException e) {
+			catch (javax.naming.AuthenticationException ex) {
 				throw new BadCredentialsException("Authentication for password change failed.");
 			}
 		});
@@ -563,7 +563,7 @@ public class LdapUserDetailsManager implements UserDetailsManager {
 			try {
 				dest.write(src);
 			}
-			catch (IOException e) {
+			catch (IOException ex) {
 				throw new IllegalArgumentException("Failed to BER encode provided value of type: " + type);
 			}
 		}
diff --git a/ldap/src/test/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProviderTests.java b/ldap/src/test/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProviderTests.java
index 17436f2945..c80407f9af 100644
--- a/ldap/src/test/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProviderTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProviderTests.java
@@ -365,11 +365,11 @@ public class ActiveDirectoryLdapAuthenticationProviderTests {
 			this.provider.contextFactory = createContextFactoryThrowing(new CommunicationException(msg));
 			this.provider.authenticate(this.joe);
 		}
-		catch (InternalAuthenticationServiceException e) {
+		catch (InternalAuthenticationServiceException ex) {
 			// Since GH-8418 ldap communication exception is wrapped into
 			// InternalAuthenticationServiceException.
 			// This test is about the wrapped exception, so we throw it.
-			throw e.getCause();
+			throw ex.getCause();
 		}
 	}
 
@@ -419,11 +419,11 @@ public class ActiveDirectoryLdapAuthenticationProviderTests {
 		}
 	}
 
-	ContextFactory createContextFactoryThrowing(final NamingException e) {
+	ContextFactory createContextFactoryThrowing(final NamingException ex) {
 		return new ContextFactory() {
 			@Override
 			DirContext createContext(Hashtable<?, ?> env) throws NamingException {
-				throw e;
+				throw ex;
 			}
 		};
 	}
diff --git a/messaging/src/main/java/org/springframework/security/messaging/context/SecurityContextChannelInterceptor.java b/messaging/src/main/java/org/springframework/security/messaging/context/SecurityContextChannelInterceptor.java
index bfff7c659d..e30c1809c4 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/context/SecurityContextChannelInterceptor.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/context/SecurityContextChannelInterceptor.java
@@ -151,7 +151,7 @@ public final class SecurityContextChannelInterceptor extends ChannelInterceptorA
 				SecurityContextHolder.setContext(originalContext);
 			}
 		}
-		catch (Throwable t) {
+		catch (Throwable ex) {
 			SecurityContextHolder.clearContext();
 		}
 	}
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/JdbcOAuth2AuthorizedClientService.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/JdbcOAuth2AuthorizedClientService.java
index 82977f5b43..6b456e9589 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/JdbcOAuth2AuthorizedClientService.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/JdbcOAuth2AuthorizedClientService.java
@@ -139,7 +139,7 @@ public class JdbcOAuth2AuthorizedClientService implements OAuth2AuthorizedClient
 			try {
 				insertAuthorizedClient(authorizedClient, principal);
 			}
-			catch (DuplicateKeyException e) {
+			catch (DuplicateKeyException ex) {
 				updateAuthorizedClient(authorizedClient, principal);
 			}
 		}
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProvider.java
index 5e0b4764e2..2981891b44 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProvider.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProvider.java
@@ -176,7 +176,7 @@ public class OidcAuthorizationCodeAuthenticationProvider implements Authenticati
 			try {
 				nonceHash = createHash(requestNonce);
 			}
-			catch (NoSuchAlgorithmException e) {
+			catch (NoSuchAlgorithmException ex) {
 				OAuth2Error oauth2Error = new OAuth2Error(INVALID_NONCE_ERROR_CODE);
 				throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
 			}
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManager.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManager.java
index b91a27f38e..c924a77504 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManager.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManager.java
@@ -228,7 +228,7 @@ public class OidcAuthorizationCodeReactiveAuthenticationManager implements React
 			try {
 				nonceHash = createHash(requestNonce);
 			}
-			catch (NoSuchAlgorithmException e) {
+			catch (NoSuchAlgorithmException ex) {
 				OAuth2Error oauth2Error = new OAuth2Error(INVALID_NONCE_ERROR_CODE);
 				throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
 			}
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistrations.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistrations.java
index e244de0e8d..875c7ca257 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistrations.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistrations.java
@@ -204,17 +204,17 @@ public final class ClientRegistrations {
 			try {
 				return supplier.get();
 			}
-			catch (HttpClientErrorException e) {
-				if (!e.getStatusCode().is4xxClientError()) {
-					throw e;
+			catch (HttpClientErrorException ex) {
+				if (!ex.getStatusCode().is4xxClientError()) {
+					throw ex;
 				}
 				// else try another endpoint
 			}
-			catch (IllegalArgumentException | IllegalStateException e) {
-				throw e;
+			catch (IllegalArgumentException | IllegalStateException ex) {
+				throw ex;
 			}
-			catch (RuntimeException e) {
-				throw new IllegalArgumentException(errorMessage, e);
+			catch (RuntimeException ex) {
+				throw new IllegalArgumentException(errorMessage, ex);
 			}
 		}
 		throw new IllegalArgumentException(errorMessage);
@@ -225,8 +225,8 @@ public final class ClientRegistrations {
 		try {
 			return parser.apply(new JSONObject(body));
 		}
-		catch (ParseException e) {
-			throw new RuntimeException(e);
+		catch (ParseException ex) {
+			throw new RuntimeException(ex);
 		}
 	}
 
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolver.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolver.java
index 2a959215e2..bd32fe322b 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolver.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolver.java
@@ -263,7 +263,7 @@ public final class DefaultOAuth2AuthorizationRequestResolver implements OAuth2Au
 			attributes.put(OidcParameterNames.NONCE, nonce);
 			additionalParameters.put(OidcParameterNames.NONCE, nonceHash);
 		}
-		catch (NoSuchAlgorithmException e) {
+		catch (NoSuchAlgorithmException ex) {
 		}
 	}
 
@@ -292,7 +292,7 @@ public final class DefaultOAuth2AuthorizationRequestResolver implements OAuth2Au
 			additionalParameters.put(PkceParameterNames.CODE_CHALLENGE, codeChallenge);
 			additionalParameters.put(PkceParameterNames.CODE_CHALLENGE_METHOD, "S256");
 		}
-		catch (NoSuchAlgorithmException e) {
+		catch (NoSuchAlgorithmException ex) {
 			additionalParameters.put(PkceParameterNames.CODE_CHALLENGE, codeVerifier);
 		}
 	}
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolver.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolver.java
index 09cb3603dc..a30ce7849b 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolver.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolver.java
@@ -261,7 +261,7 @@ public class DefaultServerOAuth2AuthorizationRequestResolver implements ServerOA
 			attributes.put(OidcParameterNames.NONCE, nonce);
 			additionalParameters.put(OidcParameterNames.NONCE, nonceHash);
 		}
-		catch (NoSuchAlgorithmException e) {
+		catch (NoSuchAlgorithmException ex) {
 		}
 	}
 
@@ -290,7 +290,7 @@ public class DefaultServerOAuth2AuthorizationRequestResolver implements ServerOA
 			additionalParameters.put(PkceParameterNames.CODE_CHALLENGE, codeChallenge);
 			additionalParameters.put(PkceParameterNames.CODE_CHALLENGE_METHOD, "S256");
 		}
-		catch (NoSuchAlgorithmException e) {
+		catch (NoSuchAlgorithmException ex) {
 			additionalParameters.put(PkceParameterNames.CODE_CHALLENGE, codeVerifier);
 		}
 	}
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProviderTests.java
index 2be0abc377..1d4e471c55 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProviderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProviderTests.java
@@ -114,7 +114,7 @@ public class OidcAuthorizationCodeAuthenticationProviderTests {
 			attributes.put(OidcParameterNames.NONCE, nonce);
 			additionalParameters.put(OidcParameterNames.NONCE, this.nonceHash);
 		}
-		catch (NoSuchAlgorithmException e) {
+		catch (NoSuchAlgorithmException ex) {
 		}
 		this.authorizationRequest = TestOAuth2AuthorizationRequests.request().scope("openid", "profile", "email")
 				.attributes(attributes).additionalParameters(additionalParameters).build();
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManagerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManagerTests.java
index 86935d9027..eb87575457 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManagerTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManagerTests.java
@@ -369,7 +369,7 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests {
 			attributes.put(OidcParameterNames.NONCE, nonce);
 			additionalParameters.put(OidcParameterNames.NONCE, this.nonceHash);
 		}
-		catch (NoSuchAlgorithmException e) {
+		catch (NoSuchAlgorithmException ex) {
 		}
 		OAuth2AuthorizationRequest authorizationRequest = OAuth2AuthorizationRequest.authorizationCode().state("state")
 				.clientId(clientRegistration.getClientId())
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtDecoderProviderConfigurationUtils.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtDecoderProviderConfigurationUtils.java
index 9565b95a3a..bdb52efd06 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtDecoderProviderConfigurationUtils.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtDecoderProviderConfigurationUtils.java
@@ -82,13 +82,13 @@ class JwtDecoderProviderConfigurationUtils {
 
 				return configuration;
 			}
-			catch (IllegalArgumentException e) {
-				throw e;
+			catch (IllegalArgumentException ex) {
+				throw ex;
 			}
-			catch (RuntimeException e) {
-				if (!(e instanceof HttpClientErrorException
-						&& ((HttpClientErrorException) e).getStatusCode().is4xxClientError())) {
-					throw new IllegalArgumentException(errorMessage, e);
+			catch (RuntimeException ex) {
+				if (!(ex instanceof HttpClientErrorException
+						&& ((HttpClientErrorException) ex).getStatusCode().is4xxClientError())) {
+					throw new IllegalArgumentException(errorMessage, ex);
 				}
 				// else try another endpoint
 			}
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoder.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoder.java
index 4fa7bac01a..a6d7e383ca 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoder.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoder.java
@@ -250,11 +250,11 @@ public final class NimbusReactiveJwtDecoder implements ReactiveJwtDecoder {
 		try {
 			return jwtProcessor.process(parsedToken, context);
 		}
-		catch (BadJOSEException e) {
-			throw new BadJwtException("Failed to validate the token", e);
+		catch (BadJOSEException ex) {
+			throw new BadJwtException("Failed to validate the token", ex);
 		}
-		catch (JOSEException e) {
-			throw new JwtException("Failed to validate the token", e);
+		catch (JOSEException ex) {
+			throw new JwtException("Failed to validate the token", ex);
 		}
 	}
 
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveRemoteJWKSource.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveRemoteJWKSource.java
index b3652ae3be..bb2e249598 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveRemoteJWKSource.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveRemoteJWKSource.java
@@ -103,8 +103,8 @@ class ReactiveRemoteJWKSource implements ReactiveJWKSource {
 		try {
 			return JWKSet.parse(body);
 		}
-		catch (ParseException e) {
-			throw new RuntimeException(e);
+		catch (ParseException ex) {
+			throw new RuntimeException(ex);
 		}
 	}
 
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jose/TestKeys.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jose/TestKeys.java
index 23e9bb5d1f..e980ba4ca5 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jose/TestKeys.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jose/TestKeys.java
@@ -39,8 +39,8 @@ public class TestKeys {
 		try {
 			kf = KeyFactory.getInstance("RSA");
 		}
-		catch (NoSuchAlgorithmException e) {
-			throw new IllegalStateException(e);
+		catch (NoSuchAlgorithmException ex) {
+			throw new IllegalStateException(ex);
 		}
 	}
 
@@ -63,8 +63,8 @@ public class TestKeys {
 		try {
 			return (RSAPublicKey) kf.generatePublic(spec);
 		}
-		catch (InvalidKeySpecException e) {
-			throw new IllegalArgumentException(e);
+		catch (InvalidKeySpecException ex) {
+			throw new IllegalArgumentException(ex);
 		}
 	}
 
@@ -101,8 +101,8 @@ public class TestKeys {
 		try {
 			return (RSAPrivateKey) kf.generatePrivate(spec);
 		}
-		catch (InvalidKeySpecException e) {
-			throw new IllegalArgumentException(e);
+		catch (InvalidKeySpecException ex) {
+			throw new IllegalArgumentException(ex);
 		}
 	}
 
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderTests.java
index eeecac5df6..b554ab2669 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderTests.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderTests.java
@@ -607,9 +607,9 @@ public class NimbusJwtDecoderTests {
 			try {
 				return signedJWT.getJWTClaimsSet();
 			}
-			catch (ParseException e) {
+			catch (ParseException ex) {
 				// Payload not a JSON object
-				throw new BadJWTException(e.getMessage(), e);
+				throw new BadJWTException(ex.getMessage(), ex);
 			}
 		}
 
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoderTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoderTests.java
index e6ab652181..7449f4381f 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoderTests.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoderTests.java
@@ -500,8 +500,8 @@ public class NimbusReactiveJwtDecoderTests {
 		try {
 			return JWKSet.parse(jwkSet);
 		}
-		catch (ParseException e) {
-			throw new IllegalArgumentException(e);
+		catch (ParseException ex) {
+			throw new IllegalArgumentException(ex);
 		}
 	}
 
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerAuthenticationManagerResolver.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerAuthenticationManagerResolver.java
index fe230c6605..9ae5945975 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerAuthenticationManagerResolver.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerAuthenticationManagerResolver.java
@@ -140,8 +140,8 @@ public final class JwtIssuerAuthenticationManagerResolver implements Authenticat
 					return issuer;
 				}
 			}
-			catch (Exception e) {
-				throw new InvalidBearerTokenException(e.getMessage(), e);
+			catch (Exception ex) {
+				throw new InvalidBearerTokenException(ex.getMessage(), ex);
 			}
 			throw new InvalidBearerTokenException("Missing issuer");
 		}
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerReactiveAuthenticationManagerResolver.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerReactiveAuthenticationManagerResolver.java
index aa72fcd8c5..422f70c0b3 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerReactiveAuthenticationManagerResolver.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerReactiveAuthenticationManagerResolver.java
@@ -145,8 +145,8 @@ public final class JwtIssuerReactiveAuthenticationManagerResolver
 						return issuer;
 					}
 				}
-				catch (Exception e) {
-					throw new InvalidBearerTokenException(e.getMessage(), e);
+				catch (Exception ex) {
+					throw new InvalidBearerTokenException(ex.getMessage(), ex);
 				}
 			});
 		}
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtReactiveAuthenticationManager.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtReactiveAuthenticationManager.java
index a246841a66..81018df14e 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtReactiveAuthenticationManager.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtReactiveAuthenticationManager.java
@@ -70,12 +70,12 @@ public final class JwtReactiveAuthenticationManager implements ReactiveAuthentic
 		this.jwtAuthenticationConverter = jwtAuthenticationConverter;
 	}
 
-	private AuthenticationException onError(JwtException e) {
-		if (e instanceof BadJwtException) {
-			return new InvalidBearerTokenException(e.getMessage(), e);
+	private AuthenticationException onError(JwtException ex) {
+		if (ex instanceof BadJwtException) {
+			return new InvalidBearerTokenException(ex.getMessage(), ex);
 		}
 		else {
-			return new AuthenticationServiceException(e.getMessage(), e);
+			return new AuthenticationServiceException(ex.getMessage(), ex);
 		}
 	}
 
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenReactiveAuthenticationManager.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenReactiveAuthenticationManager.java
index 8745906907..fe57778e28 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenReactiveAuthenticationManager.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenReactiveAuthenticationManager.java
@@ -91,12 +91,12 @@ public class OpaqueTokenReactiveAuthenticationManager implements ReactiveAuthent
 		}).onErrorMap(OAuth2IntrospectionException.class, this::onError);
 	}
 
-	private AuthenticationException onError(OAuth2IntrospectionException e) {
-		if (e instanceof BadOpaqueTokenException) {
-			return new InvalidBearerTokenException(e.getMessage(), e);
+	private AuthenticationException onError(OAuth2IntrospectionException ex) {
+		if (ex instanceof BadOpaqueTokenException) {
+			return new InvalidBearerTokenException(ex.getMessage(), ex);
 		}
 		else {
-			return new AuthenticationServiceException(e.getMessage(), e);
+			return new AuthenticationServiceException(ex.getMessage(), ex);
 		}
 	}
 
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/NimbusReactiveOpaqueTokenIntrospector.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/NimbusReactiveOpaqueTokenIntrospector.java
index 5c7ccf0b04..6b37ddbeb4 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/NimbusReactiveOpaqueTokenIntrospector.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/NimbusReactiveOpaqueTokenIntrospector.java
@@ -191,8 +191,8 @@ public class NimbusReactiveOpaqueTokenIntrospector implements ReactiveOpaqueToke
 		}
 	}
 
-	private OAuth2IntrospectionException onError(Throwable e) {
-		return new OAuth2IntrospectionException(e.getMessage(), e);
+	private OAuth2IntrospectionException onError(Throwable ex) {
+		return new OAuth2IntrospectionException(ex.getMessage(), ex);
 	}
 
 }
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/core/TestOAuth2AuthenticatedPrincipals.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/core/TestOAuth2AuthenticatedPrincipals.java
index dd548a22b4..907bc3e9f5 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/core/TestOAuth2AuthenticatedPrincipals.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/core/TestOAuth2AuthenticatedPrincipals.java
@@ -65,8 +65,8 @@ public class TestOAuth2AuthenticatedPrincipals {
 		try {
 			return new URL(url);
 		}
-		catch (IOException e) {
-			throw new UncheckedIOException(e);
+		catch (IOException ex) {
+			throw new UncheckedIOException(ex);
 		}
 	}
 
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusReactiveOpaqueTokenIntrospectorTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusReactiveOpaqueTokenIntrospectorTests.java
index 69a96f5cba..45e3194ee1 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusReactiveOpaqueTokenIntrospectorTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusReactiveOpaqueTokenIntrospectorTests.java
@@ -224,12 +224,12 @@ public class NimbusReactiveOpaqueTokenIntrospectorTests {
 		return webClient;
 	}
 
-	private WebClient mockResponse(Throwable t) {
+	private WebClient mockResponse(Throwable ex) {
 		WebClient real = WebClient.builder().build();
 		WebClient.RequestBodyUriSpec spec = spy(real.post());
 		WebClient webClient = spy(WebClient.class);
 		given(webClient.post()).willReturn(spec);
-		given(spec.exchange()).willThrow(t);
+		given(spec.exchange()).willThrow(ex);
 		return webClient;
 	}
 
diff --git a/openid/src/main/java/org/springframework/security/openid/AuthenticationCancelledException.java b/openid/src/main/java/org/springframework/security/openid/AuthenticationCancelledException.java
index 2e9435ae63..4d72b1449f 100644
--- a/openid/src/main/java/org/springframework/security/openid/AuthenticationCancelledException.java
+++ b/openid/src/main/java/org/springframework/security/openid/AuthenticationCancelledException.java
@@ -33,8 +33,8 @@ public class AuthenticationCancelledException extends AuthenticationException {
 		super(msg);
 	}
 
-	public AuthenticationCancelledException(String msg, Throwable t) {
-		super(msg, t);
+	public AuthenticationCancelledException(String msg, Throwable cause) {
+		super(msg, cause);
 	}
 
 }
diff --git a/openid/src/main/java/org/springframework/security/openid/OpenID4JavaConsumer.java b/openid/src/main/java/org/springframework/security/openid/OpenID4JavaConsumer.java
index 391e8e152e..21dd846338 100644
--- a/openid/src/main/java/org/springframework/security/openid/OpenID4JavaConsumer.java
+++ b/openid/src/main/java/org/springframework/security/openid/OpenID4JavaConsumer.java
@@ -84,8 +84,8 @@ public class OpenID4JavaConsumer implements OpenIDConsumer {
 		try {
 			discoveries = this.consumerManager.discover(identityUrl);
 		}
-		catch (DiscoveryException e) {
-			throw new OpenIDConsumerException("Error during discovery", e);
+		catch (DiscoveryException ex) {
+			throw new OpenIDConsumerException("Error during discovery", ex);
 		}
 
 		DiscoveryInformation information = this.consumerManager.associate(discoveries);
@@ -112,8 +112,8 @@ public class OpenID4JavaConsumer implements OpenIDConsumer {
 				authReq.addExtension(fetchRequest);
 			}
 		}
-		catch (MessageException | ConsumerException e) {
-			throw new OpenIDConsumerException("Error processing ConsumerManager authentication", e);
+		catch (MessageException | ConsumerException ex) {
+			throw new OpenIDConsumerException("Error processing ConsumerManager authentication", ex);
 		}
 
 		return authReq.getDestinationUrl(true);
@@ -153,8 +153,8 @@ public class OpenID4JavaConsumer implements OpenIDConsumer {
 		try {
 			verification = this.consumerManager.verify(receivingURL.toString(), openidResp, discovered);
 		}
-		catch (MessageException | AssociationException | DiscoveryException e) {
-			throw new OpenIDConsumerException("Error verifying openid response", e);
+		catch (MessageException | AssociationException | DiscoveryException ex) {
+			throw new OpenIDConsumerException("Error verifying openid response", ex);
 		}
 
 		// examine the verification result and extract the verified identifier
@@ -201,8 +201,8 @@ public class OpenID4JavaConsumer implements OpenIDConsumer {
 				}
 			}
 		}
-		catch (MessageException e) {
-			throw new OpenIDConsumerException("Attribute retrieval failed", e);
+		catch (MessageException ex) {
+			throw new OpenIDConsumerException("Attribute retrieval failed", ex);
 		}
 
 		if (this.logger.isDebugEnabled()) {
diff --git a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationFilter.java b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationFilter.java
index 36adebf2c8..a8d65af41c 100644
--- a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationFilter.java
+++ b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationFilter.java
@@ -100,8 +100,8 @@ public class OpenIDAuthenticationFilter extends AbstractAuthenticationProcessing
 			try {
 				this.consumer = new OpenID4JavaConsumer();
 			}
-			catch (ConsumerException e) {
-				throw new IllegalArgumentException("Failed to initialize OpenID", e);
+			catch (ConsumerException ex) {
+				throw new IllegalArgumentException("Failed to initialize OpenID", ex);
 			}
 		}
 
@@ -143,8 +143,8 @@ public class OpenIDAuthenticationFilter extends AbstractAuthenticationProcessing
 				// Indicate to parent class that authentication is continuing.
 				return null;
 			}
-			catch (OpenIDConsumerException e) {
-				this.logger.debug("Failed to consume claimedIdentity: " + claimedIdentity, e);
+			catch (OpenIDConsumerException ex) {
+				this.logger.debug("Failed to consume claimedIdentity: " + claimedIdentity, ex);
 				throw new AuthenticationServiceException(
 						"Unable to process claimed identity '" + claimedIdentity + "'");
 			}
@@ -185,8 +185,8 @@ public class OpenIDAuthenticationFilter extends AbstractAuthenticationProcessing
 				realmBuffer.append("/");
 				mapping = realmBuffer.toString();
 			}
-			catch (MalformedURLException e) {
-				this.logger.warn("returnToUrl was not a valid URL: [" + returnToUrl + "]", e);
+			catch (MalformedURLException ex) {
+				this.logger.warn("returnToUrl was not a valid URL: [" + returnToUrl + "]", ex);
 			}
 		}
 
@@ -293,10 +293,10 @@ public class OpenIDAuthenticationFilter extends AbstractAuthenticationProcessing
 		try {
 			return URLEncoder.encode(value, "UTF-8");
 		}
-		catch (UnsupportedEncodingException e) {
+		catch (UnsupportedEncodingException ex) {
 			Error err = new AssertionError(
 					"The Java platform guarantees UTF-8 support, but it seemingly is not present.");
-			err.initCause(e);
+			err.initCause(ex);
 			throw err;
 		}
 	}
diff --git a/openid/src/main/java/org/springframework/security/openid/OpenIDConsumerException.java b/openid/src/main/java/org/springframework/security/openid/OpenIDConsumerException.java
index 66f0b7fb4d..46bb355281 100644
--- a/openid/src/main/java/org/springframework/security/openid/OpenIDConsumerException.java
+++ b/openid/src/main/java/org/springframework/security/openid/OpenIDConsumerException.java
@@ -31,8 +31,8 @@ public class OpenIDConsumerException extends Exception {
 		super(message);
 	}
 
-	public OpenIDConsumerException(String message, Throwable t) {
-		super(message, t);
+	public OpenIDConsumerException(String message, Throwable cause) {
+		super(message, cause);
 	}
 
 }
diff --git a/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationProviderTests.java b/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationProviderTests.java
index a25391b8c0..aac025770f 100644
--- a/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationProviderTests.java
+++ b/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationProviderTests.java
@@ -231,7 +231,7 @@ public class OpenIDAuthenticationProviderTests {
 			provider.afterPropertiesSet();
 			fail("IllegalArgumentException expected, ssoAuthoritiesPopulator is null");
 		}
-		catch (IllegalArgumentException e) {
+		catch (IllegalArgumentException ex) {
 			// expected
 		}
 
diff --git a/remoting/src/main/java/org/springframework/security/remoting/dns/JndiDnsResolver.java b/remoting/src/main/java/org/springframework/security/remoting/dns/JndiDnsResolver.java
index e196323ba1..d0be53f5f0 100644
--- a/remoting/src/main/java/org/springframework/security/remoting/dns/JndiDnsResolver.java
+++ b/remoting/src/main/java/org/springframework/security/remoting/dns/JndiDnsResolver.java
@@ -80,8 +80,8 @@ public class JndiDnsResolver implements DnsResolver {
 			// only the first.
 			return dnsRecord.get().toString();
 		}
-		catch (NamingException e) {
-			throw new DnsLookupException("DNS lookup failed for: " + hostname, e);
+		catch (NamingException ex) {
+			throw new DnsLookupException("DNS lookup failed for: " + hostname, ex);
 		}
 
 	}
@@ -120,8 +120,8 @@ public class JndiDnsResolver implements DnsResolver {
 				}
 			}
 		}
-		catch (NamingException e) {
-			throw new DnsLookupException("DNS lookup failed for service " + serviceType + " at " + domain, e);
+		catch (NamingException ex) {
+			throw new DnsLookupException("DNS lookup failed for service " + serviceType + " at " + domain, ex);
 		}
 
 		// remove the "." at the end
@@ -137,11 +137,11 @@ public class JndiDnsResolver implements DnsResolver {
 
 			return dnsResult.get(recordType);
 		}
-		catch (NamingException e) {
-			if (e instanceof NameNotFoundException) {
-				throw new DnsEntryNotFoundException("DNS entry not found for:" + query, e);
+		catch (NamingException ex) {
+			if (ex instanceof NameNotFoundException) {
+				throw new DnsEntryNotFoundException("DNS entry not found for:" + query, ex);
 			}
-			throw new DnsLookupException("DNS lookup failed for: " + query, e);
+			throw new DnsLookupException("DNS lookup failed for: " + query, ex);
 		}
 	}
 
@@ -156,8 +156,8 @@ public class JndiDnsResolver implements DnsResolver {
 			try {
 				ictx = new InitialDirContext(env);
 			}
-			catch (NamingException e) {
-				throw new DnsLookupException("Cannot create InitialDirContext for DNS lookup", e);
+			catch (NamingException ex) {
+				throw new DnsLookupException("Cannot create InitialDirContext for DNS lookup", ex);
 			}
 			return ictx;
 		}
diff --git a/remoting/src/test/java/org/springframework/security/remoting/rmi/ContextPropagatingRemoteInvocationTests.java b/remoting/src/test/java/org/springframework/security/remoting/rmi/ContextPropagatingRemoteInvocationTests.java
index 6a2f084c93..bfb1143fe6 100644
--- a/remoting/src/test/java/org/springframework/security/remoting/rmi/ContextPropagatingRemoteInvocationTests.java
+++ b/remoting/src/test/java/org/springframework/security/remoting/rmi/ContextPropagatingRemoteInvocationTests.java
@@ -69,7 +69,7 @@ public class ContextPropagatingRemoteInvocationTests {
 			remoteInvocation.invoke(TargetObject.class.newInstance());
 			fail("Expected IllegalArgumentException");
 		}
-		catch (IllegalArgumentException e) {
+		catch (IllegalArgumentException ex) {
 			// expected
 		}
 
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/core/OpenSamlInitializationService.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/core/OpenSamlInitializationService.java
index ba98b28ad8..640618266e 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/core/OpenSamlInitializationService.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/core/OpenSamlInitializationService.java
@@ -119,8 +119,8 @@ public class OpenSamlInitializationService {
 			try {
 				InitializationService.initialize();
 			}
-			catch (Exception e) {
-				throw new Saml2Exception(e);
+			catch (Exception ex) {
+				throw new Saml2Exception(ex);
 			}
 
 			BasicParserPool parserPool = new BasicParserPool();
@@ -139,8 +139,8 @@ public class OpenSamlInitializationService {
 			try {
 				parserPool.initialize();
 			}
-			catch (Exception e) {
-				throw new Saml2Exception(e);
+			catch (Exception ex) {
+				throw new Saml2Exception(ex);
 			}
 			XMLObjectProviderRegistrySupport.setParserPool(parserPool);
 
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProvider.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProvider.java
index 6c5be4d1bb..bf3a61c329 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProvider.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProvider.java
@@ -282,11 +282,11 @@ public final class OpenSamlAuthenticationProvider implements AuthenticationProvi
 			process(token, response);
 			return this.authenticationConverter.apply(token).convert(response);
 		}
-		catch (Saml2AuthenticationException e) {
-			throw e;
+		catch (Saml2AuthenticationException ex) {
+			throw ex;
 		}
-		catch (Exception e) {
-			throw authException(Saml2ErrorCodes.INTERNAL_VALIDATION_ERROR, e.getMessage(), e);
+		catch (Exception ex) {
+			throw authException(Saml2ErrorCodes.INTERNAL_VALIDATION_ERROR, ex.getMessage(), ex);
 		}
 	}
 
@@ -309,8 +309,8 @@ public final class OpenSamlAuthenticationProvider implements AuthenticationProvi
 			Element element = document.getDocumentElement();
 			return (Response) this.responseUnmarshaller.unmarshall(element);
 		}
-		catch (Exception e) {
-			throw authException(Saml2ErrorCodes.MALFORMED_RESPONSE_DATA, e.getMessage(), e);
+		catch (Exception ex) {
+			throw authException(Saml2ErrorCodes.MALFORMED_RESPONSE_DATA, ex.getMessage(), ex);
 		}
 	}
 
@@ -371,10 +371,10 @@ public final class OpenSamlAuthenticationProvider implements AuthenticationProvi
 			try {
 				profileValidator.validate(response.getSignature());
 			}
-			catch (Exception e) {
+			catch (Exception ex) {
 				validationExceptions.put(Saml2ErrorCodes.INVALID_SIGNATURE,
 						authException(Saml2ErrorCodes.INVALID_SIGNATURE,
-								"Invalid signature for SAML Response [" + response.getID() + "]: ", e));
+								"Invalid signature for SAML Response [" + response.getID() + "]: ", ex));
 			}
 
 			try {
@@ -389,10 +389,10 @@ public final class OpenSamlAuthenticationProvider implements AuthenticationProvi
 									"Invalid signature for SAML Response [" + response.getID() + "]"));
 				}
 			}
-			catch (Exception e) {
+			catch (Exception ex) {
 				validationExceptions.put(Saml2ErrorCodes.INVALID_SIGNATURE,
 						authException(Saml2ErrorCodes.INVALID_SIGNATURE,
-								"Invalid signature for SAML Response [" + response.getID() + "]: ", e));
+								"Invalid signature for SAML Response [" + response.getID() + "]: ", ex));
 			}
 		}
 
@@ -421,8 +421,8 @@ public final class OpenSamlAuthenticationProvider implements AuthenticationProvi
 				Assertion assertion = decrypter.decrypt(encryptedAssertion);
 				assertions.add(assertion);
 			}
-			catch (DecryptionException e) {
-				throw authException(Saml2ErrorCodes.DECRYPTION_ERROR, e.getMessage(), e);
+			catch (DecryptionException ex) {
+				throw authException(Saml2ErrorCodes.DECRYPTION_ERROR, ex.getMessage(), ex);
 			}
 		}
 		response.getAssertions().addAll(assertions);
@@ -457,11 +457,11 @@ public final class OpenSamlAuthenticationProvider implements AuthenticationProvi
 							authException(Saml2ErrorCodes.INVALID_ASSERTION, message));
 				}
 			}
-			catch (Exception e) {
+			catch (Exception ex) {
 				String message = String.format("Invalid assertion [%s] for SAML response [%s]: %s", assertion.getID(),
-						((Response) assertion.getParent()).getID(), e.getMessage());
+						((Response) assertion.getParent()).getID(), ex.getMessage());
 				validationExceptions.put(Saml2ErrorCodes.INVALID_ASSERTION,
-						authException(Saml2ErrorCodes.INVALID_ASSERTION, message, e));
+						authException(Saml2ErrorCodes.INVALID_ASSERTION, message, ex));
 			}
 		}
 
@@ -494,8 +494,8 @@ public final class OpenSamlAuthenticationProvider implements AuthenticationProvi
 			assertion.getSubject().setNameID(nameId);
 			return nameId;
 		}
-		catch (DecryptionException e) {
-			throw authException(Saml2ErrorCodes.DECRYPTION_ERROR, e.getMessage(), e);
+		catch (DecryptionException ex) {
+			throw authException(Saml2ErrorCodes.DECRYPTION_ERROR, ex.getMessage(), ex);
 		}
 	}
 
@@ -549,8 +549,8 @@ public final class OpenSamlAuthenticationProvider implements AuthenticationProvi
 				Element element = marshaller.marshall(xsAny);
 				return SerializeSupport.nodeToString(element);
 			}
-			catch (MarshallingException e) {
-				throw new Saml2Exception(e);
+			catch (MarshallingException ex) {
+				throw new Saml2Exception(ex);
 			}
 		}
 		return xsAny.getTextContent();
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationRequestFactory.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationRequestFactory.java
index b92852e308..e5a57b44f6 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationRequestFactory.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationRequestFactory.java
@@ -242,8 +242,8 @@ public class OpenSamlAuthenticationRequestFactory implements Saml2Authentication
 			SignatureSupport.signObject(authnRequest, parameters);
 			return authnRequest;
 		}
-		catch (MarshallingException | SignatureException | SecurityException e) {
-			throw new Saml2Exception(e);
+		catch (MarshallingException | SignatureException | SecurityException ex) {
+			throw new Saml2Exception(ex);
 		}
 	}
 
@@ -280,8 +280,8 @@ public class OpenSamlAuthenticationRequestFactory implements Saml2Authentication
 			result.put("Signature", b64Signature);
 			return result;
 		}
-		catch (SecurityException e) {
-			throw new Saml2Exception(e);
+		catch (SecurityException ex) {
+			throw new Saml2Exception(ex);
 		}
 	}
 
@@ -290,8 +290,8 @@ public class OpenSamlAuthenticationRequestFactory implements Saml2Authentication
 			Element element = this.marshaller.marshall(authnRequest);
 			return SerializeSupport.nodeToString(element);
 		}
-		catch (MarshallingException e) {
-			throw new Saml2Exception(e);
+		catch (MarshallingException ex) {
+			throw new Saml2Exception(ex);
 		}
 	}
 
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2Utils.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2Utils.java
index df0779d9ed..0f88d3a1b0 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2Utils.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2Utils.java
@@ -51,8 +51,8 @@ final class Saml2Utils {
 			deflater.finish();
 			return b.toByteArray();
 		}
-		catch (IOException e) {
-			throw new Saml2Exception("Unable to deflate string", e);
+		catch (IOException ex) {
+			throw new Saml2Exception("Unable to deflate string", ex);
 		}
 	}
 
@@ -64,8 +64,8 @@ final class Saml2Utils {
 			iout.finish();
 			return new String(out.toByteArray(), StandardCharsets.UTF_8);
 		}
-		catch (IOException e) {
-			throw new Saml2Exception("Unable to inflate string", e);
+		catch (IOException ex) {
+			throw new Saml2Exception("Unable to inflate string", ex);
 		}
 	}
 
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/metadata/OpenSamlMetadataResolver.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/metadata/OpenSamlMetadataResolver.java
index aa85c3bf82..0684e0b866 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/metadata/OpenSamlMetadataResolver.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/metadata/OpenSamlMetadataResolver.java
@@ -111,7 +111,7 @@ public final class OpenSamlMetadataResolver implements Saml2MetadataResolver {
 		try {
 			x509Certificate.setValue(new String(Base64.getEncoder().encode(certificate.getEncoded())));
 		}
-		catch (CertificateEncodingException e) {
+		catch (CertificateEncodingException ex) {
 			throw new Saml2Exception("Cannot encode certificate " + certificate.toString());
 		}
 
@@ -145,8 +145,8 @@ public final class OpenSamlMetadataResolver implements Saml2MetadataResolver {
 			Element element = this.entityDescriptorMarshaller.marshall(entityDescriptor);
 			return SerializeSupport.prettyPrintXML(element);
 		}
-		catch (Exception e) {
-			throw new Saml2Exception(e);
+		catch (Exception ex) {
+			throw new Saml2Exception(ex);
 		}
 	}
 
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverter.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverter.java
index c7919aec63..9616db50e7 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverter.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverter.java
@@ -187,8 +187,8 @@ public class OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverter
 		try {
 			return KeyInfoSupport.getCertificates(keyDescriptor.getKeyInfo());
 		}
-		catch (CertificateException e) {
-			throw new Saml2Exception(e);
+		catch (CertificateException ex) {
+			throw new Saml2Exception(ex);
 		}
 	}
 
@@ -198,8 +198,8 @@ public class OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverter
 			Element element = document.getDocumentElement();
 			return (EntityDescriptor) this.unmarshaller.unmarshall(element);
 		}
-		catch (Exception e) {
-			throw new Saml2Exception(e);
+		catch (Exception ex) {
+			throw new Saml2Exception(ex);
 		}
 	}
 
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistrations.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistrations.java
index 4c0a33710d..3945668c7a 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistrations.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistrations.java
@@ -60,11 +60,11 @@ public final class RelyingPartyRegistrations {
 		try {
 			return rest.getForObject(metadataLocation, RelyingPartyRegistration.Builder.class);
 		}
-		catch (RestClientException e) {
-			if (e.getCause() instanceof Saml2Exception) {
-				throw (Saml2Exception) e.getCause();
+		catch (RestClientException ex) {
+			if (ex.getCause() instanceof Saml2Exception) {
+				throw (Saml2Exception) ex.getCause();
 			}
-			throw new Saml2Exception(e);
+			throw new Saml2Exception(ex);
 		}
 	}
 
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationTokenConverter.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationTokenConverter.java
index 5c13e0e61e..b86475ba97 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationTokenConverter.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationTokenConverter.java
@@ -99,8 +99,8 @@ public final class Saml2AuthenticationTokenConverter implements AuthenticationCo
 			iout.finish();
 			return new String(out.toByteArray(), StandardCharsets.UTF_8);
 		}
-		catch (IOException e) {
-			throw new Saml2Exception("Unable to inflate string", e);
+		catch (IOException ex) {
+			throw new Saml2Exception("Unable to inflate string", ex);
 		}
 	}
 
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/core/Saml2Utils.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/core/Saml2Utils.java
index fd412e4183..e03ab37e41 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/core/Saml2Utils.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/core/Saml2Utils.java
@@ -48,8 +48,8 @@ public final class Saml2Utils {
 			deflater.finish();
 			return b.toByteArray();
 		}
-		catch (IOException e) {
-			throw new Saml2Exception("Unable to deflate string", e);
+		catch (IOException ex) {
+			throw new Saml2Exception("Unable to deflate string", ex);
 		}
 	}
 
@@ -61,8 +61,8 @@ public final class Saml2Utils {
 			iout.finish();
 			return new String(out.toByteArray(), StandardCharsets.UTF_8);
 		}
-		catch (IOException e) {
-			throw new Saml2Exception("Unable to inflate string", e);
+		catch (IOException ex) {
+			throw new Saml2Exception("Unable to inflate string", ex);
 		}
 	}
 
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/core/TestSaml2X509Credentials.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/core/TestSaml2X509Credentials.java
index b6b67df762..8c0b447071 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/core/TestSaml2X509Credentials.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/core/TestSaml2X509Credentials.java
@@ -61,8 +61,8 @@ public final class TestSaml2X509Credentials {
 		try {
 			return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(certBytes);
 		}
-		catch (CertificateException e) {
-			throw new Saml2Exception(e);
+		catch (CertificateException ex) {
+			throw new Saml2Exception(ex);
 		}
 	}
 
@@ -70,8 +70,8 @@ public final class TestSaml2X509Credentials {
 		try {
 			return KeySupport.decodePrivateKey(key.getBytes(StandardCharsets.UTF_8), new char[0]);
 		}
-		catch (KeyException e) {
-			throw new Saml2Exception(e);
+		catch (KeyException ex) {
+			throw new Saml2Exception(ex);
 		}
 	}
 
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/credentials/TestSaml2X509Credentials.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/credentials/TestSaml2X509Credentials.java
index 5f57547185..e577cef76e 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/credentials/TestSaml2X509Credentials.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/credentials/TestSaml2X509Credentials.java
@@ -61,8 +61,8 @@ public final class TestSaml2X509Credentials {
 		try {
 			return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(certBytes);
 		}
-		catch (CertificateException e) {
-			throw new Saml2Exception(e);
+		catch (CertificateException ex) {
+			throw new Saml2Exception(ex);
 		}
 	}
 
@@ -70,8 +70,8 @@ public final class TestSaml2X509Credentials {
 		try {
 			return KeySupport.decodePrivateKey(key.getBytes(StandardCharsets.UTF_8), new char[0]);
 		}
-		catch (KeyException e) {
-			throw new Saml2Exception(e);
+		catch (KeyException ex) {
+			throw new Saml2Exception(ex);
 		}
 	}
 
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProviderTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProviderTests.java
index 04adbb8968..b4afd923c2 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProviderTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProviderTests.java
@@ -436,8 +436,8 @@ public class OpenSamlAuthenticationProviderTests {
 			Element element = marshaller.marshall(object);
 			return SerializeSupport.nodeToString(element);
 		}
-		catch (MarshallingException e) {
-			throw new Saml2Exception(e);
+		catch (MarshallingException ex) {
+			throw new Saml2Exception(ex);
 		}
 	}
 
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationRequestFactoryTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationRequestFactoryTests.java
index d8715a4f5c..7a40ec0b9a 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationRequestFactoryTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationRequestFactoryTests.java
@@ -226,8 +226,8 @@ public class OpenSamlAuthenticationRequestFactoryTests {
 			Element element = document.getDocumentElement();
 			return (AuthnRequest) this.unmarshaller.unmarshall(element);
 		}
-		catch (Exception e) {
-			throw new Saml2Exception(e);
+		catch (Exception ex) {
+			throw new Saml2Exception(ex);
 		}
 	}
 
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/TestOpenSamlObjects.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/TestOpenSamlObjects.java
index 6cb77f7558..a2cfaf4b74 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/TestOpenSamlObjects.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/TestOpenSamlObjects.java
@@ -210,8 +210,8 @@ final class TestOpenSamlObjects {
 		try {
 			SignatureSupport.signObject(signable, parameters);
 		}
-		catch (MarshallingException | SignatureException | SecurityException e) {
-			throw new Saml2Exception(e);
+		catch (MarshallingException | SignatureException | SecurityException ex) {
+			throw new Saml2Exception(ex);
 		}
 
 		return signable;
@@ -228,8 +228,8 @@ final class TestOpenSamlObjects {
 		try {
 			SignatureSupport.signObject(signable, parameters);
 		}
-		catch (MarshallingException | SignatureException | SecurityException e) {
-			throw new Saml2Exception(e);
+		catch (MarshallingException | SignatureException | SecurityException ex) {
+			throw new Saml2Exception(ex);
 		}
 
 		return signable;
@@ -241,8 +241,8 @@ final class TestOpenSamlObjects {
 		try {
 			return encrypter.encrypt(assertion);
 		}
-		catch (EncryptionException e) {
-			throw new Saml2Exception("Unable to encrypt assertion.", e);
+		catch (EncryptionException ex) {
+			throw new Saml2Exception("Unable to encrypt assertion.", ex);
 		}
 	}
 
@@ -253,8 +253,8 @@ final class TestOpenSamlObjects {
 		try {
 			return encrypter.encrypt(assertion);
 		}
-		catch (EncryptionException e) {
-			throw new Saml2Exception("Unable to encrypt assertion.", e);
+		catch (EncryptionException ex) {
+			throw new Saml2Exception("Unable to encrypt assertion.", ex);
 		}
 	}
 
@@ -264,8 +264,8 @@ final class TestOpenSamlObjects {
 		try {
 			return encrypter.encrypt(nameId);
 		}
-		catch (EncryptionException e) {
-			throw new Saml2Exception("Unable to encrypt nameID.", e);
+		catch (EncryptionException ex) {
+			throw new Saml2Exception("Unable to encrypt nameID.", ex);
 		}
 	}
 
@@ -276,8 +276,8 @@ final class TestOpenSamlObjects {
 		try {
 			return encrypter.encrypt(nameId);
 		}
-		catch (EncryptionException e) {
-			throw new Saml2Exception("Unable to encrypt nameID.", e);
+		catch (EncryptionException ex) {
+			throw new Saml2Exception("Unable to encrypt nameID.", ex);
 		}
 	}
 
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverterTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverterTests.java
index 0d5733b82e..c0c1051882 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverterTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverterTests.java
@@ -130,8 +130,8 @@ public class OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverterTests {
 			InputStream certificate = new ByteArrayInputStream(Base64.getDecoder().decode(data.getBytes()));
 			return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(certificate);
 		}
-		catch (Exception e) {
-			throw new IllegalArgumentException(e);
+		catch (Exception ex) {
+			throw new IllegalArgumentException(ex);
 		}
 	}
 
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationFilterTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationFilterTests.java
index 25d7f416aa..c88a00b68b 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationFilterTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationFilterTests.java
@@ -92,9 +92,9 @@ public class Saml2WebSsoAuthenticationFilterTests {
 			this.filter.attemptAuthentication(this.request, this.response);
 			failBecauseExceptionWasNotThrown(Saml2AuthenticationException.class);
 		}
-		catch (Exception e) {
-			assertThat(e).isInstanceOf(Saml2AuthenticationException.class);
-			assertThat(e.getMessage()).isEqualTo("No relying party registration found");
+		catch (Exception ex) {
+			assertThat(ex).isInstanceOf(Saml2AuthenticationException.class);
+			assertThat(ex.getMessage()).isEqualTo("No relying party registration found");
 		}
 	}
 
diff --git a/taglibs/src/main/java/org/springframework/security/taglibs/authz/AbstractAuthorizeTag.java b/taglibs/src/main/java/org/springframework/security/taglibs/authz/AbstractAuthorizeTag.java
index b848fe63bf..7033d4d7d7 100644
--- a/taglibs/src/main/java/org/springframework/security/taglibs/authz/AbstractAuthorizeTag.java
+++ b/taglibs/src/main/java/org/springframework/security/taglibs/authz/AbstractAuthorizeTag.java
@@ -129,10 +129,8 @@ public abstract class AbstractAuthorizeTag {
 			accessExpression = handler.getExpressionParser().parseExpression(getAccess());
 
 		}
-		catch (ParseException e) {
-			IOException ioException = new IOException();
-			ioException.initCause(e);
-			throw ioException;
+		catch (ParseException ex) {
+			throw new IOException(ex);
 		}
 
 		return ExpressionUtils.evaluateAsBoolean(accessExpression, createExpressionEvaluationContext(handler));
diff --git a/taglibs/src/main/java/org/springframework/security/taglibs/authz/AuthenticationTag.java b/taglibs/src/main/java/org/springframework/security/taglibs/authz/AuthenticationTag.java
index 993877a851..e65e4e00b7 100644
--- a/taglibs/src/main/java/org/springframework/security/taglibs/authz/AuthenticationTag.java
+++ b/taglibs/src/main/java/org/springframework/security/taglibs/authz/AuthenticationTag.java
@@ -102,8 +102,8 @@ public class AuthenticationTag extends TagSupport {
 				BeanWrapperImpl wrapper = new BeanWrapperImpl(auth);
 				result = wrapper.getPropertyValue(this.property);
 			}
-			catch (BeansException e) {
-				throw new JspException(e);
+			catch (BeansException ex) {
+				throw new JspException(ex);
 			}
 		}
 
diff --git a/taglibs/src/main/java/org/springframework/security/taglibs/authz/JspAuthorizeTag.java b/taglibs/src/main/java/org/springframework/security/taglibs/authz/JspAuthorizeTag.java
index 2cb8acdd86..81b852c3d4 100644
--- a/taglibs/src/main/java/org/springframework/security/taglibs/authz/JspAuthorizeTag.java
+++ b/taglibs/src/main/java/org/springframework/security/taglibs/authz/JspAuthorizeTag.java
@@ -79,8 +79,8 @@ public class JspAuthorizeTag extends AbstractAuthorizeTag implements Tag {
 			return TagLibConfig.evalOrSkip(this.authorized);
 
 		}
-		catch (IOException e) {
-			throw new JspException(e);
+		catch (IOException ex) {
+			throw new JspException(ex);
 		}
 	}
 
@@ -101,8 +101,8 @@ public class JspAuthorizeTag extends AbstractAuthorizeTag implements Tag {
 				this.pageContext.getOut().write(TagLibConfig.getSecuredUiSuffix());
 			}
 		}
-		catch (IOException e) {
-			throw new JspException(e);
+		catch (IOException ex) {
+			throw new JspException(ex);
 		}
 
 		return EVAL_PAGE;
diff --git a/taglibs/src/main/java/org/springframework/security/taglibs/csrf/AbstractCsrfTag.java b/taglibs/src/main/java/org/springframework/security/taglibs/csrf/AbstractCsrfTag.java
index 88fbf28043..65509ddba4 100644
--- a/taglibs/src/main/java/org/springframework/security/taglibs/csrf/AbstractCsrfTag.java
+++ b/taglibs/src/main/java/org/springframework/security/taglibs/csrf/AbstractCsrfTag.java
@@ -39,8 +39,8 @@ abstract class AbstractCsrfTag extends TagSupport {
 			try {
 				this.pageContext.getOut().write(this.handleToken(token));
 			}
-			catch (IOException e) {
-				throw new JspException(e);
+			catch (IOException ex) {
+				throw new JspException(ex);
 			}
 		}
 
diff --git a/test/src/main/java/org/springframework/security/test/context/support/ReactorContextTestExecutionListener.java b/test/src/main/java/org/springframework/security/test/context/support/ReactorContextTestExecutionListener.java
index 97572bdf8e..c38cb5ad63 100644
--- a/test/src/main/java/org/springframework/security/test/context/support/ReactorContextTestExecutionListener.java
+++ b/test/src/main/java/org/springframework/security/test/context/support/ReactorContextTestExecutionListener.java
@@ -119,8 +119,8 @@ public class ReactorContextTestExecutionListener extends DelegatingTestExecution
 			}
 
 			@Override
-			public void onError(Throwable t) {
-				this.delegate.onError(t);
+			public void onError(Throwable ex) {
+				this.delegate.onError(ex);
 			}
 
 			@Override
diff --git a/test/src/main/java/org/springframework/security/test/context/support/WithSecurityContextTestExecutionListener.java b/test/src/main/java/org/springframework/security/test/context/support/WithSecurityContextTestExecutionListener.java
index c62ac3412f..af64400baa 100644
--- a/test/src/main/java/org/springframework/security/test/context/support/WithSecurityContextTestExecutionListener.java
+++ b/test/src/main/java/org/springframework/security/test/context/support/WithSecurityContextTestExecutionListener.java
@@ -119,8 +119,8 @@ public class WithSecurityContextTestExecutionListener extends AbstractTestExecut
 			try {
 				return factory.createSecurityContext(annotation);
 			}
-			catch (RuntimeException e) {
-				throw new IllegalStateException("Unable to create SecurityContext using " + annotation, e);
+			catch (RuntimeException ex) {
+				throw new IllegalStateException("Unable to create SecurityContext using " + annotation, ex);
 			}
 		};
 		TestExecutionEvent initialize = withSecurityContext.setupBefore();
@@ -149,11 +149,11 @@ public class WithSecurityContextTestExecutionListener extends AbstractTestExecut
 		try {
 			return testContext.getApplicationContext().getAutowireCapableBeanFactory().createBean(clazz);
 		}
-		catch (IllegalStateException e) {
+		catch (IllegalStateException ex) {
 			return BeanUtils.instantiateClass(clazz);
 		}
-		catch (Exception e) {
-			throw new RuntimeException(e);
+		catch (Exception ex) {
+			throw new RuntimeException(ex);
 		}
 	}
 
diff --git a/web/src/main/java/org/springframework/security/web/FilterChainProxy.java b/web/src/main/java/org/springframework/security/web/FilterChainProxy.java
index 821cd7c8f6..d6ba03070d 100644
--- a/web/src/main/java/org/springframework/security/web/FilterChainProxy.java
+++ b/web/src/main/java/org/springframework/security/web/FilterChainProxy.java
@@ -178,8 +178,8 @@ public class FilterChainProxy extends GenericFilterBean {
 				request.setAttribute(FILTER_APPLIED, Boolean.TRUE);
 				doFilterInternal(request, response, chain);
 			}
-			catch (RequestRejectedException e) {
-				this.requestRejectedHandler.handle((HttpServletRequest) request, (HttpServletResponse) response, e);
+			catch (RequestRejectedException ex) {
+				this.requestRejectedHandler.handle((HttpServletRequest) request, (HttpServletResponse) response, ex);
 			}
 			finally {
 				SecurityContextHolder.clearContext();
diff --git a/web/src/main/java/org/springframework/security/web/access/expression/ExpressionBasedFilterInvocationSecurityMetadataSource.java b/web/src/main/java/org/springframework/security/web/access/expression/ExpressionBasedFilterInvocationSecurityMetadataSource.java
index 88f83e32ab..0a239f3da9 100644
--- a/web/src/main/java/org/springframework/security/web/access/expression/ExpressionBasedFilterInvocationSecurityMetadataSource.java
+++ b/web/src/main/java/org/springframework/security/web/access/expression/ExpressionBasedFilterInvocationSecurityMetadataSource.java
@@ -72,7 +72,7 @@ public final class ExpressionBasedFilterInvocationSecurityMetadataSource
 			try {
 				attributes.add(new WebExpressionConfigAttribute(parser.parseExpression(expression), postProcessor));
 			}
-			catch (ParseException e) {
+			catch (ParseException ex) {
 				throw new IllegalArgumentException("Failed to parse expression '" + expression + "'");
 			}
 
diff --git a/web/src/main/java/org/springframework/security/web/authentication/AuthenticationFilter.java b/web/src/main/java/org/springframework/security/web/authentication/AuthenticationFilter.java
index 8a4f66b4b8..7353e906fb 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/AuthenticationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/AuthenticationFilter.java
@@ -156,8 +156,8 @@ public class AuthenticationFilter extends OncePerRequestFilter {
 
 			successfulAuthentication(request, response, filterChain, authenticationResult);
 		}
-		catch (AuthenticationException e) {
-			unsuccessfulAuthentication(request, response, e);
+		catch (AuthenticationException ex) {
+			unsuccessfulAuthentication(request, response, ex);
 		}
 	}
 
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilter.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilter.java
index 7045596f83..f47b58fcd9 100755
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilter.java
@@ -109,9 +109,9 @@ public abstract class AbstractPreAuthenticatedProcessingFilter extends GenericFi
 		try {
 			super.afterPropertiesSet();
 		}
-		catch (ServletException e) {
+		catch (ServletException ex) {
 			// convert to RuntimeException for passivity on afterPropertiesSet signature
-			throw new RuntimeException(e);
+			throw new RuntimeException(ex);
 		}
 		Assert.notNull(this.authenticationManager, "An AuthenticationManager must be set");
 	}
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/WebXmlMappableAttributesRetriever.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/WebXmlMappableAttributesRetriever.java
index 62fc83ba7d..0a99e9c476 100755
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/WebXmlMappableAttributesRetriever.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/WebXmlMappableAttributesRetriever.java
@@ -118,15 +118,15 @@ public class WebXmlMappableAttributesRetriever
 			doc = db.parse(aStream);
 			return doc;
 		}
-		catch (FactoryConfigurationError | IOException | SAXException | ParserConfigurationException e) {
-			throw new RuntimeException("Unable to parse document object", e);
+		catch (FactoryConfigurationError | IOException | SAXException | ParserConfigurationException ex) {
+			throw new RuntimeException("Unable to parse document object", ex);
 		}
 		finally {
 			try {
 				aStream.close();
 			}
-			catch (IOException e) {
-				this.logger.warn("Failed to close input stream for web.xml", e);
+			catch (IOException ex) {
+				this.logger.warn("Failed to close input stream for web.xml", ex);
 			}
 		}
 	}
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/DefaultWASUsernameAndGroupsExtractor.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/DefaultWASUsernameAndGroupsExtractor.java
index 91df4aab6c..fc6dabc9b2 100755
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/DefaultWASUsernameAndGroupsExtractor.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/DefaultWASUsernameAndGroupsExtractor.java
@@ -137,9 +137,9 @@ final class DefaultWASUsernameAndGroupsExtractor implements WASUsernameAndGroups
 
 			return new ArrayList(groups);
 		}
-		catch (Exception e) {
-			logger.error("Exception occured while looking up groups for user", e);
-			throw new RuntimeException("Exception occured while looking up groups for user", e);
+		catch (Exception ex) {
+			logger.error("Exception occured while looking up groups for user", ex);
+			throw new RuntimeException("Exception occured while looking up groups for user", ex);
 		}
 		finally {
 			try {
@@ -147,8 +147,8 @@ final class DefaultWASUsernameAndGroupsExtractor implements WASUsernameAndGroups
 					ic.close();
 				}
 			}
-			catch (NamingException e) {
-				logger.debug("Exception occured while closing context", e);
+			catch (NamingException ex) {
+				logger.debug("Exception occured while closing context", ex);
 			}
 		}
 	}
@@ -157,23 +157,23 @@ final class DefaultWASUsernameAndGroupsExtractor implements WASUsernameAndGroups
 		try {
 			return method.invoke(instance, args);
 		}
-		catch (IllegalArgumentException e) {
+		catch (IllegalArgumentException ex) {
 			logger.error("Error while invoking method " + method.getClass().getName() + "." + method.getName() + "("
-					+ Arrays.asList(args) + ")", e);
+					+ Arrays.asList(args) + ")", ex);
 			throw new RuntimeException("Error while invoking method " + method.getClass().getName() + "."
-					+ method.getName() + "(" + Arrays.asList(args) + ")", e);
+					+ method.getName() + "(" + Arrays.asList(args) + ")", ex);
 		}
-		catch (IllegalAccessException e) {
+		catch (IllegalAccessException ex) {
 			logger.error("Error while invoking method " + method.getClass().getName() + "." + method.getName() + "("
-					+ Arrays.asList(args) + ")", e);
+					+ Arrays.asList(args) + ")", ex);
 			throw new RuntimeException("Error while invoking method " + method.getClass().getName() + "."
-					+ method.getName() + "(" + Arrays.asList(args) + ")", e);
+					+ method.getName() + "(" + Arrays.asList(args) + ")", ex);
 		}
-		catch (InvocationTargetException e) {
+		catch (InvocationTargetException ex) {
 			logger.error("Error while invoking method " + method.getClass().getName() + "." + method.getName() + "("
-					+ Arrays.asList(args) + ")", e);
+					+ Arrays.asList(args) + ")", ex);
 			throw new RuntimeException("Error while invoking method " + method.getClass().getName() + "."
-					+ method.getName() + "(" + Arrays.asList(args) + ")", e);
+					+ method.getName() + "(" + Arrays.asList(args) + ")", ex);
 		}
 	}
 
@@ -187,14 +187,14 @@ final class DefaultWASUsernameAndGroupsExtractor implements WASUsernameAndGroups
 			}
 			return c.getDeclaredMethod(methodName, parameterTypes);
 		}
-		catch (ClassNotFoundException e) {
+		catch (ClassNotFoundException ex) {
 			logger.error("Required class" + className + " not found");
-			throw new RuntimeException("Required class" + className + " not found", e);
+			throw new RuntimeException("Required class" + className + " not found", ex);
 		}
-		catch (NoSuchMethodException e) {
+		catch (NoSuchMethodException ex) {
 			logger.error("Required method " + methodName + " with parameter types (" + Arrays.asList(parameterTypeNames)
 					+ ") not found on class " + className);
-			throw new RuntimeException("Required class" + className + " not found", e);
+			throw new RuntimeException("Required class" + className + " not found", ex);
 		}
 	}
 
@@ -242,9 +242,9 @@ final class DefaultWASUsernameAndGroupsExtractor implements WASUsernameAndGroups
 		try {
 			return Class.forName(className);
 		}
-		catch (ClassNotFoundException e) {
+		catch (ClassNotFoundException ex) {
 			logger.error("Required class " + className + " not found");
-			throw new RuntimeException("Required class " + className + " not found", e);
+			throw new RuntimeException("Required class " + className + " not found", ex);
 		}
 	}
 
diff --git a/web/src/main/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServices.java b/web/src/main/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServices.java
index a65e6a4579..238a7545b4 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServices.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServices.java
@@ -154,8 +154,8 @@ public abstract class AbstractRememberMeServices implements RememberMeServices,
 		catch (AccountStatusException statusInvalid) {
 			this.logger.debug("Invalid UserDetails: " + statusInvalid.getMessage());
 		}
-		catch (RememberMeAuthenticationException e) {
-			this.logger.debug(e.getMessage());
+		catch (RememberMeAuthenticationException ex) {
+			this.logger.debug(ex.getMessage());
 		}
 
 		cancelCookie(request, response);
@@ -219,7 +219,7 @@ public abstract class AbstractRememberMeServices implements RememberMeServices,
 		try {
 			Base64.getDecoder().decode(cookieValue.getBytes());
 		}
-		catch (IllegalArgumentException e) {
+		catch (IllegalArgumentException ex) {
 			throw new InvalidCookieException("Cookie token was not Base64 encoded; value was '" + cookieValue + "'");
 		}
 
@@ -231,8 +231,8 @@ public abstract class AbstractRememberMeServices implements RememberMeServices,
 			try {
 				tokens[i] = URLDecoder.decode(tokens[i], StandardCharsets.UTF_8.toString());
 			}
-			catch (UnsupportedEncodingException e) {
-				this.logger.error(e.getMessage(), e);
+			catch (UnsupportedEncodingException ex) {
+				this.logger.error(ex.getMessage(), ex);
 			}
 		}
 
@@ -250,8 +250,8 @@ public abstract class AbstractRememberMeServices implements RememberMeServices,
 			try {
 				sb.append(URLEncoder.encode(cookieTokens[i], StandardCharsets.UTF_8.toString()));
 			}
-			catch (UnsupportedEncodingException e) {
-				this.logger.error(e.getMessage(), e);
+			catch (UnsupportedEncodingException ex) {
+				this.logger.error(ex.getMessage(), ex);
 			}
 
 			if (i < cookieTokens.length - 1) {
diff --git a/web/src/main/java/org/springframework/security/web/authentication/rememberme/JdbcTokenRepositoryImpl.java b/web/src/main/java/org/springframework/security/web/authentication/rememberme/JdbcTokenRepositoryImpl.java
index 363f9d8aeb..f9704fdab0 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/rememberme/JdbcTokenRepositoryImpl.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/rememberme/JdbcTokenRepositoryImpl.java
@@ -100,8 +100,8 @@ public class JdbcTokenRepositoryImpl extends JdbcDaoSupport implements Persisten
 			this.logger.error("Querying token for series '" + seriesId + "' returned more than one value. Series"
 					+ " should be unique");
 		}
-		catch (DataAccessException e) {
-			this.logger.error("Failed to load token for series " + seriesId, e);
+		catch (DataAccessException ex) {
+			this.logger.error("Failed to load token for series " + seriesId, ex);
 		}
 
 		return null;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServices.java b/web/src/main/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServices.java
index 377a3567d1..2b612c7b38 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServices.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServices.java
@@ -137,8 +137,8 @@ public class PersistentTokenBasedRememberMeServices extends AbstractRememberMeSe
 			this.tokenRepository.updateToken(newToken.getSeries(), newToken.getTokenValue(), newToken.getDate());
 			addCookie(newToken, request, response);
 		}
-		catch (Exception e) {
-			this.logger.error("Failed to update token: ", e);
+		catch (Exception ex) {
+			this.logger.error("Failed to update token: ", ex);
 			throw new RememberMeAuthenticationException("Autologin failed due to data access problem");
 		}
 
@@ -163,8 +163,8 @@ public class PersistentTokenBasedRememberMeServices extends AbstractRememberMeSe
 			this.tokenRepository.createNewToken(persistentToken);
 			addCookie(persistentToken, request, response);
 		}
-		catch (Exception e) {
-			this.logger.error("Failed to save persistent token ", e);
+		catch (Exception ex) {
+			this.logger.error("Failed to save persistent token ", ex);
 		}
 	}
 
diff --git a/web/src/main/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationException.java b/web/src/main/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationException.java
index 0aeb3298db..a00174824b 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationException.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationException.java
@@ -30,10 +30,10 @@ public class RememberMeAuthenticationException extends AuthenticationException {
 	 * Constructs a {@code RememberMeAuthenticationException} with the specified message
 	 * and root cause.
 	 * @param msg the detail message
-	 * @param t the root cause
+	 * @param cause the root cause
 	 */
-	public RememberMeAuthenticationException(String msg, Throwable t) {
-		super(msg, t);
+	public RememberMeAuthenticationException(String msg, Throwable cause) {
+		super(msg, cause);
 	}
 
 	/**
diff --git a/web/src/main/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServices.java b/web/src/main/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServices.java
index 0fdf63e8d1..649d06726c 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServices.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServices.java
@@ -148,7 +148,7 @@ public class TokenBasedRememberMeServices extends AbstractRememberMeServices {
 		try {
 			digest = MessageDigest.getInstance("MD5");
 		}
-		catch (NoSuchAlgorithmException e) {
+		catch (NoSuchAlgorithmException ex) {
 			throw new IllegalStateException("No MD5 algorithm available!");
 		}
 
diff --git a/web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilter.java b/web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilter.java
index d64dd01cc3..5f1dd45139 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilter.java
@@ -177,9 +177,9 @@ public class SwitchUserFilter extends GenericFilterBean implements ApplicationEv
 				// redirect to target url
 				this.successHandler.onAuthenticationSuccess(request, response, targetUser);
 			}
-			catch (AuthenticationException e) {
-				this.logger.debug("Switch User failed", e);
-				this.failureHandler.onAuthenticationFailure(request, response, e);
+			catch (AuthenticationException ex) {
+				this.logger.debug("Switch User failed", ex);
+				this.failureHandler.onAuthenticationFailure(request, response, ex);
 			}
 
 			return;
@@ -310,7 +310,7 @@ public class SwitchUserFilter extends GenericFilterBean implements ApplicationEv
 			// SEC-1763. Check first if we are already switched.
 			currentAuth = attemptExitUser(request);
 		}
-		catch (AuthenticationCredentialsNotFoundException e) {
+		catch (AuthenticationCredentialsNotFoundException ex) {
 			currentAuth = SecurityContextHolder.getContext().getAuthentication();
 		}
 
diff --git a/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationConverter.java b/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationConverter.java
index 09281ac742..483ab89097 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationConverter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationConverter.java
@@ -94,7 +94,7 @@ public class BasicAuthenticationConverter implements AuthenticationConverter {
 		try {
 			decoded = Base64.getDecoder().decode(base64Token);
 		}
-		catch (IllegalArgumentException e) {
+		catch (IllegalArgumentException ex) {
 			throw new BadCredentialsException("Failed to decode basic authentication token");
 		}
 
diff --git a/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthUtils.java b/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthUtils.java
index 5800be6819..98472819e5 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthUtils.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthUtils.java
@@ -214,7 +214,7 @@ final class DigestAuthUtils {
 		try {
 			digest = MessageDigest.getInstance("MD5");
 		}
-		catch (NoSuchAlgorithmException e) {
+		catch (NoSuchAlgorithmException ex) {
 			throw new IllegalStateException("No MD5 algorithm available!");
 		}
 
diff --git a/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilter.java b/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilter.java
index d3a7ccc406..abda070507 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilter.java
@@ -135,8 +135,8 @@ public class DigestAuthenticationFilter extends GenericFilterBean implements Mes
 			digestAuth.validateAndDecode(this.authenticationEntryPoint.getKey(),
 					this.authenticationEntryPoint.getRealmName());
 		}
-		catch (BadCredentialsException e) {
-			fail(request, response, e);
+		catch (BadCredentialsException ex) {
+			fail(request, response, ex);
 
 			return;
 		}
@@ -374,7 +374,7 @@ public class DigestAuthenticationFilter extends GenericFilterBean implements Mes
 			try {
 				Base64.getDecoder().decode(this.nonce.getBytes());
 			}
-			catch (IllegalArgumentException e) {
+			catch (IllegalArgumentException ex) {
 				throw new BadCredentialsException(
 						DigestAuthenticationFilter.this.messages.getMessage("DigestAuthenticationFilter.nonceEncoding",
 								new Object[] { this.nonce }, "Nonce is not encoded in Base64; received nonce {0}"));
diff --git a/web/src/main/java/org/springframework/security/web/authentication/www/NonceExpiredException.java b/web/src/main/java/org/springframework/security/web/authentication/www/NonceExpiredException.java
index a2716bbef2..8ac38137d0 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/www/NonceExpiredException.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/www/NonceExpiredException.java
@@ -37,10 +37,10 @@ public class NonceExpiredException extends AuthenticationException {
 	 * Constructs a <code>NonceExpiredException</code> with the specified message and root
 	 * cause.
 	 * @param msg the detail message
-	 * @param t root cause
+	 * @param cause root cause
 	 */
-	public NonceExpiredException(String msg, Throwable t) {
-		super(msg, t);
+	public NonceExpiredException(String msg, Throwable cause) {
+		super(msg, cause);
 	}
 
 }
diff --git a/web/src/main/java/org/springframework/security/web/context/HttpSessionSecurityContextRepository.java b/web/src/main/java/org/springframework/security/web/context/HttpSessionSecurityContextRepository.java
index 763d2e7ad2..fbf238f45c 100644
--- a/web/src/main/java/org/springframework/security/web/context/HttpSessionSecurityContextRepository.java
+++ b/web/src/main/java/org/springframework/security/web/context/HttpSessionSecurityContextRepository.java
@@ -437,7 +437,7 @@ public class HttpSessionSecurityContextRepository implements SecurityContextRepo
 			try {
 				return this.request.getSession(true);
 			}
-			catch (IllegalStateException e) {
+			catch (IllegalStateException ex) {
 				// Response must already be committed, therefore can't create a new
 				// session
 				HttpSessionSecurityContextRepository.this.logger
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/HpkpHeaderWriter.java b/web/src/main/java/org/springframework/security/web/header/writers/HpkpHeaderWriter.java
index 52fa0300ff..c3d3050f92 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/HpkpHeaderWriter.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/HpkpHeaderWriter.java
@@ -414,8 +414,8 @@ public final class HpkpHeaderWriter implements HeaderWriter {
 		try {
 			this.reportUri = new URI(reportUri);
 		}
-		catch (URISyntaxException e) {
-			throw new IllegalArgumentException(e);
+		catch (URISyntaxException ex) {
+			throw new IllegalArgumentException(ex);
 		}
 		updateHpkpHeaderValue();
 	}
diff --git a/web/src/main/java/org/springframework/security/web/jaasapi/JaasApiIntegrationFilter.java b/web/src/main/java/org/springframework/security/web/jaasapi/JaasApiIntegrationFilter.java
index 8d857382b8..6473e80f9f 100644
--- a/web/src/main/java/org/springframework/security/web/jaasapi/JaasApiIntegrationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/jaasapi/JaasApiIntegrationFilter.java
@@ -98,8 +98,8 @@ public class JaasApiIntegrationFilter extends GenericFilterBean {
 		try {
 			Subject.doAs(subject, continueChain);
 		}
-		catch (PrivilegedActionException e) {
-			throw new ServletException(e.getMessage(), e);
+		catch (PrivilegedActionException ex) {
+			throw new ServletException(ex.getMessage(), ex);
 		}
 	}
 
diff --git a/web/src/main/java/org/springframework/security/web/server/DelegatingServerAuthenticationEntryPoint.java b/web/src/main/java/org/springframework/security/web/server/DelegatingServerAuthenticationEntryPoint.java
index ad85f52306..35f6856662 100644
--- a/web/src/main/java/org/springframework/security/web/server/DelegatingServerAuthenticationEntryPoint.java
+++ b/web/src/main/java/org/springframework/security/web/server/DelegatingServerAuthenticationEntryPoint.java
@@ -59,7 +59,7 @@ public class DelegatingServerAuthenticationEntryPoint implements ServerAuthentic
 	}
 
 	@Override
-	public Mono<Void> commence(ServerWebExchange exchange, AuthenticationException e) {
+	public Mono<Void> commence(ServerWebExchange exchange, AuthenticationException ex) {
 		return Flux.fromIterable(this.entryPoints).filterWhen(entry -> isMatch(exchange, entry)).next()
 				.map(entry -> entry.getEntryPoint()).doOnNext(it -> {
 					if (logger.isDebugEnabled()) {
@@ -69,7 +69,7 @@ public class DelegatingServerAuthenticationEntryPoint implements ServerAuthentic
 					if (logger.isDebugEnabled()) {
 						logger.debug("No match found. Using default entry point " + this.defaultEntryPoint);
 					}
-				})).flatMap(entryPoint -> entryPoint.commence(exchange, e));
+				})).flatMap(entryPoint -> entryPoint.commence(exchange, ex));
 	}
 
 	private Mono<Boolean> isMatch(ServerWebExchange exchange, DelegateEntry entry) {
diff --git a/web/src/main/java/org/springframework/security/web/server/ServerAuthenticationEntryPoint.java b/web/src/main/java/org/springframework/security/web/server/ServerAuthenticationEntryPoint.java
index 108be16860..3abf0a4668 100644
--- a/web/src/main/java/org/springframework/security/web/server/ServerAuthenticationEntryPoint.java
+++ b/web/src/main/java/org/springframework/security/web/server/ServerAuthenticationEntryPoint.java
@@ -32,10 +32,10 @@ public interface ServerAuthenticationEntryPoint {
 	/**
 	 * Initiates the authentication flow
 	 * @param exchange
-	 * @param e
+	 * @param ex
 	 * @return {@code Mono<Void>} to indicate when the request for authentication is
 	 * complete
 	 */
-	Mono<Void> commence(ServerWebExchange exchange, AuthenticationException e);
+	Mono<Void> commence(ServerWebExchange exchange, AuthenticationException ex);
 
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/ServerHttpBasicAuthenticationConverter.java b/web/src/main/java/org/springframework/security/web/server/ServerHttpBasicAuthenticationConverter.java
index 80d9546ee2..322cc712db 100644
--- a/web/src/main/java/org/springframework/security/web/server/ServerHttpBasicAuthenticationConverter.java
+++ b/web/src/main/java/org/springframework/security/web/server/ServerHttpBasicAuthenticationConverter.java
@@ -72,7 +72,7 @@ public class ServerHttpBasicAuthenticationConverter implements Function<ServerWe
 		try {
 			return Base64.getDecoder().decode(value);
 		}
-		catch (Exception e) {
+		catch (Exception ex) {
 			return new byte[0];
 		}
 	}
diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/HttpBasicServerAuthenticationEntryPoint.java b/web/src/main/java/org/springframework/security/web/server/authentication/HttpBasicServerAuthenticationEntryPoint.java
index e724ba892b..d20b707004 100644
--- a/web/src/main/java/org/springframework/security/web/server/authentication/HttpBasicServerAuthenticationEntryPoint.java
+++ b/web/src/main/java/org/springframework/security/web/server/authentication/HttpBasicServerAuthenticationEntryPoint.java
@@ -41,7 +41,7 @@ public class HttpBasicServerAuthenticationEntryPoint implements ServerAuthentica
 	private String headerValue = createHeaderValue(DEFAULT_REALM);
 
 	@Override
-	public Mono<Void> commence(ServerWebExchange exchange, AuthenticationException e) {
+	public Mono<Void> commence(ServerWebExchange exchange, AuthenticationException ex) {
 		return Mono.fromRunnable(() -> {
 			ServerHttpResponse response = exchange.getResponse();
 			response.setStatusCode(HttpStatus.UNAUTHORIZED);
diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationEntryPoint.java b/web/src/main/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationEntryPoint.java
index a6995f45c9..d4eedc4512 100644
--- a/web/src/main/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationEntryPoint.java
+++ b/web/src/main/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationEntryPoint.java
@@ -62,7 +62,7 @@ public class RedirectServerAuthenticationEntryPoint implements ServerAuthenticat
 	}
 
 	@Override
-	public Mono<Void> commence(ServerWebExchange exchange, AuthenticationException e) {
+	public Mono<Void> commence(ServerWebExchange exchange, AuthenticationException ex) {
 		return this.requestCache.saveRequest(exchange)
 				.then(this.redirectStrategy.sendRedirect(exchange, this.location));
 	}
diff --git a/web/src/main/java/org/springframework/security/web/server/authorization/HttpStatusServerAccessDeniedHandler.java b/web/src/main/java/org/springframework/security/web/server/authorization/HttpStatusServerAccessDeniedHandler.java
index 58a2308a9c..6aef6e1c17 100644
--- a/web/src/main/java/org/springframework/security/web/server/authorization/HttpStatusServerAccessDeniedHandler.java
+++ b/web/src/main/java/org/springframework/security/web/server/authorization/HttpStatusServerAccessDeniedHandler.java
@@ -49,12 +49,12 @@ public class HttpStatusServerAccessDeniedHandler implements ServerAccessDeniedHa
 	}
 
 	@Override
-	public Mono<Void> handle(ServerWebExchange exchange, AccessDeniedException e) {
+	public Mono<Void> handle(ServerWebExchange exchange, AccessDeniedException ex) {
 		return Mono.defer(() -> Mono.just(exchange.getResponse())).flatMap(response -> {
 			response.setStatusCode(this.httpStatus);
 			response.getHeaders().setContentType(MediaType.TEXT_PLAIN);
 			DataBufferFactory dataBufferFactory = response.bufferFactory();
-			DataBuffer buffer = dataBufferFactory.wrap(e.getMessage().getBytes(Charset.defaultCharset()));
+			DataBuffer buffer = dataBufferFactory.wrap(ex.getMessage().getBytes(Charset.defaultCharset()));
 			return response.writeWith(Mono.just(buffer)).doOnError(error -> DataBufferUtils.release(buffer));
 		});
 	}
diff --git a/web/src/main/java/org/springframework/security/web/server/util/matcher/MediaTypeServerWebExchangeMatcher.java b/web/src/main/java/org/springframework/security/web/server/util/matcher/MediaTypeServerWebExchangeMatcher.java
index 445c5d3b40..d455e37977 100644
--- a/web/src/main/java/org/springframework/security/web/server/util/matcher/MediaTypeServerWebExchangeMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/server/util/matcher/MediaTypeServerWebExchangeMatcher.java
@@ -76,8 +76,8 @@ public class MediaTypeServerWebExchangeMatcher implements ServerWebExchangeMatch
 		try {
 			httpRequestMediaTypes = resolveMediaTypes(exchange);
 		}
-		catch (NotAcceptableStatusException e) {
-			this.logger.debug("Failed to parse MediaTypes, returning false", e);
+		catch (NotAcceptableStatusException ex) {
+			this.logger.debug("Failed to parse MediaTypes, returning false", ex);
 			return MatchResult.notMatch();
 		}
 		if (this.logger.isDebugEnabled()) {
diff --git a/web/src/main/java/org/springframework/security/web/servlet/util/matcher/MvcRequestMatcher.java b/web/src/main/java/org/springframework/security/web/servlet/util/matcher/MvcRequestMatcher.java
index 7db8ab5983..9a9afc8efa 100644
--- a/web/src/main/java/org/springframework/security/web/servlet/util/matcher/MvcRequestMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/servlet/util/matcher/MvcRequestMatcher.java
@@ -82,7 +82,7 @@ public class MvcRequestMatcher implements RequestMatcher, RequestVariablesExtrac
 		try {
 			return this.introspector.getMatchableHandlerMapping(request);
 		}
-		catch (Throwable t) {
+		catch (Throwable ex) {
 			return null;
 		}
 	}
diff --git a/web/src/main/java/org/springframework/security/web/session/SessionManagementFilter.java b/web/src/main/java/org/springframework/security/web/session/SessionManagementFilter.java
index 710191e2a0..90aaac9fdb 100644
--- a/web/src/main/java/org/springframework/security/web/session/SessionManagementFilter.java
+++ b/web/src/main/java/org/springframework/security/web/session/SessionManagementFilter.java
@@ -95,11 +95,11 @@ public class SessionManagementFilter extends GenericFilterBean {
 				try {
 					this.sessionAuthenticationStrategy.onAuthentication(authentication, request, response);
 				}
-				catch (SessionAuthenticationException e) {
+				catch (SessionAuthenticationException ex) {
 					// The session strategy can reject the authentication
-					this.logger.debug("SessionAuthenticationStrategy rejected the authentication object", e);
+					this.logger.debug("SessionAuthenticationStrategy rejected the authentication object", ex);
 					SecurityContextHolder.clearContext();
-					this.failureHandler.onAuthenticationFailure(request, response, e);
+					this.failureHandler.onAuthenticationFailure(request, response, ex);
 
 					return;
 				}
diff --git a/web/src/main/java/org/springframework/security/web/util/matcher/AntPathRequestMatcher.java b/web/src/main/java/org/springframework/security/web/util/matcher/AntPathRequestMatcher.java
index 5005f6a140..c0af6461d4 100644
--- a/web/src/main/java/org/springframework/security/web/util/matcher/AntPathRequestMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/util/matcher/AntPathRequestMatcher.java
@@ -249,7 +249,7 @@ public final class AntPathRequestMatcher implements RequestMatcher, RequestVaria
 		try {
 			return HttpMethod.valueOf(method);
 		}
-		catch (IllegalArgumentException e) {
+		catch (IllegalArgumentException ex) {
 		}
 
 		return null;
diff --git a/web/src/main/java/org/springframework/security/web/util/matcher/IpAddressMatcher.java b/web/src/main/java/org/springframework/security/web/util/matcher/IpAddressMatcher.java
index 08792192b5..8a2198d66b 100644
--- a/web/src/main/java/org/springframework/security/web/util/matcher/IpAddressMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/util/matcher/IpAddressMatcher.java
@@ -101,8 +101,8 @@ public final class IpAddressMatcher implements RequestMatcher {
 		try {
 			return InetAddress.getByName(address);
 		}
-		catch (UnknownHostException e) {
-			throw new IllegalArgumentException("Failed to parse address" + address, e);
+		catch (UnknownHostException ex) {
+			throw new IllegalArgumentException("Failed to parse address" + address, ex);
 		}
 	}
 
diff --git a/web/src/main/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcher.java b/web/src/main/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcher.java
index e9272c3f5a..42a7041e72 100644
--- a/web/src/main/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcher.java
@@ -201,8 +201,8 @@ public final class MediaTypeRequestMatcher implements RequestMatcher {
 		try {
 			httpRequestMediaTypes = this.contentNegotiationStrategy.resolveMediaTypes(new ServletWebRequest(request));
 		}
-		catch (HttpMediaTypeNotAcceptableException e) {
-			this.logger.debug("Failed to parse MediaTypes, returning false", e);
+		catch (HttpMediaTypeNotAcceptableException ex) {
+			this.logger.debug("Failed to parse MediaTypes, returning false", ex);
 			return false;
 		}
 		if (this.logger.isDebugEnabled()) {
diff --git a/web/src/main/java/org/springframework/security/web/util/matcher/RegexRequestMatcher.java b/web/src/main/java/org/springframework/security/web/util/matcher/RegexRequestMatcher.java
index ed1d25e04f..e802925e18 100644
--- a/web/src/main/java/org/springframework/security/web/util/matcher/RegexRequestMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/util/matcher/RegexRequestMatcher.java
@@ -120,7 +120,7 @@ public final class RegexRequestMatcher implements RequestMatcher {
 		try {
 			return HttpMethod.valueOf(method);
 		}
-		catch (IllegalArgumentException e) {
+		catch (IllegalArgumentException ex) {
 		}
 
 		return null;
diff --git a/web/src/test/java/org/springframework/security/web/authentication/AuthenticationFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/AuthenticationFilterTests.java
index 50d37da710..db70ace427 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/AuthenticationFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/AuthenticationFilterTests.java
@@ -240,11 +240,11 @@ public class AuthenticationFilterTests {
 		try {
 			filter.doFilter(request, response, chain);
 		}
-		catch (ServletException e) {
+		catch (ServletException ex) {
 			verifyZeroInteractions(this.successHandler);
 			assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
 
-			throw e;
+			throw ex;
 		}
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/authentication/UsernamePasswordAuthenticationFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/UsernamePasswordAuthenticationFilterTests.java
index 5c00f97145..4f53e17eca 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/UsernamePasswordAuthenticationFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/UsernamePasswordAuthenticationFilterTests.java
@@ -129,7 +129,7 @@ public class UsernamePasswordAuthenticationFilterTests {
 			filter.attemptAuthentication(request, new MockHttpServletResponse());
 			fail("Expected AuthenticationException");
 		}
-		catch (AuthenticationException e) {
+		catch (AuthenticationException ex) {
 		}
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/authentication/logout/HttpStatusReturningLogoutSuccessHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/logout/HttpStatusReturningLogoutSuccessHandlerTests.java
index f0ee41cc4f..d4e399c6b7 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/logout/HttpStatusReturningLogoutSuccessHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/logout/HttpStatusReturningLogoutSuccessHandlerTests.java
@@ -69,8 +69,8 @@ public class HttpStatusReturningLogoutSuccessHandlerTests {
 		try {
 			new HttpStatusReturningLogoutSuccessHandler(null);
 		}
-		catch (IllegalArgumentException e) {
-			assertThat(e).hasMessage("The provided HttpStatus must not be null.");
+		catch (IllegalArgumentException ex) {
+			assertThat(ex).hasMessage("The provided HttpStatus must not be null.");
 			return;
 		}
 
diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/Http403ForbiddenEntryPointTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/Http403ForbiddenEntryPointTests.java
index 9d4fa105b8..d23a331918 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/preauth/Http403ForbiddenEntryPointTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/Http403ForbiddenEntryPointTests.java
@@ -38,8 +38,8 @@ public class Http403ForbiddenEntryPointTests {
 			assertThat(resp.getStatus()).withFailMessage("Incorrect status")
 					.isEqualTo(HttpServletResponse.SC_FORBIDDEN);
 		}
-		catch (IOException e) {
-			fail("Unexpected exception thrown: " + e);
+		catch (IOException ex) {
+			fail("Unexpected exception thrown: " + ex);
 		}
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/util/ThrowableAnalyzerTests.java b/web/src/test/java/org/springframework/security/web/util/ThrowableAnalyzerTests.java
index 82895a0cd0..a0cb2c9609 100644
--- a/web/src/test/java/org/springframework/security/web/util/ThrowableAnalyzerTests.java
+++ b/web/src/test/java/org/springframework/security/web/util/ThrowableAnalyzerTests.java
@@ -96,7 +96,7 @@ public class ThrowableAnalyzerTests {
 
 			fail("IllegalArgumentExpected");
 		}
-		catch (IllegalArgumentException e) {
+		catch (IllegalArgumentException ex) {
 			// ok
 		}
 	}
@@ -231,7 +231,7 @@ public class ThrowableAnalyzerTests {
 			ThrowableAnalyzer.verifyThrowableHierarchy(null, Throwable.class);
 			fail("IllegalArgumentException expected");
 		}
-		catch (IllegalArgumentException e) {
+		catch (IllegalArgumentException ex) {
 			// ok
 		}
 	}
@@ -244,7 +244,7 @@ public class ThrowableAnalyzerTests {
 			ThrowableAnalyzer.verifyThrowableHierarchy(throwable, InvocationTargetException.class);
 			fail("IllegalArgumentException expected");
 		}
-		catch (IllegalArgumentException e) {
+		catch (IllegalArgumentException ex) {
 			// ok
 		}
 	}

From 31ec450d055c8ac7c0397725b191622dbc4ef756 Mon Sep 17 00:00:00 2001
From: Phillip Webb <pwebb@vmware.com>
Date: Wed, 29 Jul 2020 00:19:27 -0700
Subject: [PATCH 39/84] Remove superfluous comments

Remove a few comments that previously add noise but don't offer a great
deal of value.

Issue gh-8945
---
 .../security/acls/domain/AclImplTests.java    |  2 -
 .../acls/jdbc/AclClassIdUtilsTests.java       | 43 ----------
 .../web/configurers/HeadersConfigurer.java    |  2 -
 .../OAuth2ResourceServerConfigurerTests.java  | 28 -------
 .../config/http/HttpHeadersConfigTests.java   |  6 --
 ...sourceServerBeanDefinitionParserTests.java | 34 +-------
 .../WebSocketMessageBrokerConfigTests.java    |  2 -
 ...pressionBasedPreInvocationAdviceTests.java | 17 ----
 ...elegatingSecurityContextExecutorTests.java |  4 -
 ...elegatingSecurityContextCallableTests.java |  8 --
 ...elegatingSecurityContextRunnableTests.java |  8 --
 .../crypto/encrypt/AesBytesEncryptor.java     |  2 -
 .../password/StandardPasswordEncoder.java     |  2 -
 ...ectoryLdapAuthenticationProviderTests.java |  9 --
 .../oauth2/jwt/NimbusJwtDecoderTests.java     |  8 --
 .../HelloWebfluxMethodApplicationTests.java   |  6 --
 ...OAuth2ResourceServerApplicationITests.java |  2 -
 ...OAuth2ResourceServerApplicationITests.java |  4 -
 ...OAuth2ResourceServerApplicationITests.java |  2 -
 ...OAuth2ResourceServerApplicationITests.java |  2 -
 ...OAuth2ResourceServerApplicationITests.java |  2 -
 ...OAuth2ResourceServerApplicationITests.java |  2 -
 .../test/java/sample/DmsIntegrationTests.java | 10 +--
 .../DefaultRequestRejectedHandlerTests.java   |  4 -
 ...HttpStatusRequestRejectedHandlerTests.java | 11 ---
 .../web/firewall/StrictHttpFirewallTests.java |  6 --
 .../SwitchUserWebFilterTests.java             | 83 -------------------
 .../util/OnCommittedResponseWrapperTests.java |  2 -
 28 files changed, 7 insertions(+), 304 deletions(-)

diff --git a/acl/src/test/java/org/springframework/security/acls/domain/AclImplTests.java b/acl/src/test/java/org/springframework/security/acls/domain/AclImplTests.java
index b4647f3ded..bb162fe65b 100644
--- a/acl/src/test/java/org/springframework/security/acls/domain/AclImplTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/domain/AclImplTests.java
@@ -557,7 +557,6 @@ public class AclImplTests {
 
 	@Test
 	public void hashCodeWithoutStackOverFlow() throws Exception {
-		// given
 		Sid sid = new PrincipalSid("pSid");
 		ObjectIdentity oid = new ObjectIdentityImpl("type", 1);
 		AclAuthorizationStrategy authStrategy = new AclAuthorizationStrategyImpl(new SimpleGrantedAuthority("role"));
@@ -570,7 +569,6 @@ public class AclImplTests {
 		fieldAces.setAccessible(true);
 		List<AccessControlEntryImpl> aces = (List<AccessControlEntryImpl>) fieldAces.get(acl);
 		aces.add(ace);
-		// when - then none StackOverFlowError been raised
 		ace.hashCode();
 	}
 
diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/AclClassIdUtilsTests.java b/acl/src/test/java/org/springframework/security/acls/jdbc/AclClassIdUtilsTests.java
index bf913fcab9..04dba0b446 100644
--- a/acl/src/test/java/org/springframework/security/acls/jdbc/AclClassIdUtilsTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/jdbc/AclClassIdUtilsTests.java
@@ -61,119 +61,76 @@ public class AclClassIdUtilsTests {
 
 	@Test
 	public void shouldReturnLongIfIdentifierIsLong() throws SQLException {
-		// when
 		Serializable newIdentifier = this.aclClassIdUtils.identifierFrom(DEFAULT_IDENTIFIER, this.resultSet);
-
-		// then
 		assertThat(newIdentifier).isEqualTo(DEFAULT_IDENTIFIER);
 	}
 
 	@Test
 	public void shouldReturnLongIfIdentifierIsBigInteger() throws SQLException {
-		// when
 		Serializable newIdentifier = this.aclClassIdUtils.identifierFrom(BIGINT_IDENTIFIER, this.resultSet);
-
-		// then
 		assertThat(newIdentifier).isEqualTo(DEFAULT_IDENTIFIER);
 	}
 
 	@Test
 	public void shouldReturnLongIfClassIdTypeIsNull() throws SQLException {
-		// given
 		given(this.resultSet.getString("class_id_type")).willReturn(null);
-
-		// when
 		Serializable newIdentifier = this.aclClassIdUtils.identifierFrom(DEFAULT_IDENTIFIER_AS_STRING, this.resultSet);
-
-		// then
 		assertThat(newIdentifier).isEqualTo(DEFAULT_IDENTIFIER);
 	}
 
 	@Test
 	public void shouldReturnLongIfNoClassIdTypeColumn() throws SQLException {
-		// given
 		given(this.resultSet.getString("class_id_type")).willThrow(SQLException.class);
-
-		// when
 		Serializable newIdentifier = this.aclClassIdUtils.identifierFrom(DEFAULT_IDENTIFIER_AS_STRING, this.resultSet);
-
-		// then
 		assertThat(newIdentifier).isEqualTo(DEFAULT_IDENTIFIER);
 	}
 
 	@Test
 	public void shouldReturnLongIfTypeClassNotFound() throws SQLException {
-		// given
 		given(this.resultSet.getString("class_id_type")).willReturn("com.example.UnknownType");
-
-		// when
 		Serializable newIdentifier = this.aclClassIdUtils.identifierFrom(DEFAULT_IDENTIFIER_AS_STRING, this.resultSet);
-
-		// then
 		assertThat(newIdentifier).isEqualTo(DEFAULT_IDENTIFIER);
 	}
 
 	@Test
 	public void shouldReturnLongEvenIfCustomConversionServiceDoesNotSupportLongConversion() throws SQLException {
-		// given
 		given(this.resultSet.getString("class_id_type")).willReturn("java.lang.Long");
 		given(this.conversionService.canConvert(String.class, Long.class)).willReturn(false);
 		this.aclClassIdUtils.setConversionService(this.conversionService);
-
-		// when
 		Serializable newIdentifier = this.aclClassIdUtils.identifierFrom(DEFAULT_IDENTIFIER_AS_STRING, this.resultSet);
-
-		// then
 		assertThat(newIdentifier).isEqualTo(DEFAULT_IDENTIFIER);
 	}
 
 	@Test
 	public void shouldReturnLongWhenLongClassIdType() throws SQLException {
-		// given
 		given(this.resultSet.getString("class_id_type")).willReturn("java.lang.Long");
-
-		// when
 		Serializable newIdentifier = this.aclClassIdUtils.identifierFrom(DEFAULT_IDENTIFIER_AS_STRING, this.resultSet);
-
-		// then
 		assertThat(newIdentifier).isEqualTo(DEFAULT_IDENTIFIER);
 	}
 
 	@Test
 	public void shouldReturnUUIDWhenUUIDClassIdType() throws SQLException {
-		// given
 		UUID identifier = UUID.randomUUID();
 		given(this.resultSet.getString("class_id_type")).willReturn("java.util.UUID");
-
-		// when
 		Serializable newIdentifier = this.aclClassIdUtils.identifierFrom(identifier.toString(), this.resultSet);
-
-		// then
 		assertThat(newIdentifier).isEqualTo(identifier);
 	}
 
 	@Test
 	public void shouldReturnStringWhenStringClassIdType() throws SQLException {
-		// given
 		String identifier = "MY_STRING_IDENTIFIER";
 		given(this.resultSet.getString("class_id_type")).willReturn("java.lang.String");
-
-		// when
 		Serializable newIdentifier = this.aclClassIdUtils.identifierFrom(identifier, this.resultSet);
-
-		// then
 		assertThat(newIdentifier).isEqualTo(identifier);
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void shouldNotAcceptNullConversionServiceInConstruction() {
-		// when
 		new AclClassIdUtils(null);
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void shouldNotAcceptNullConversionServiceInSetter() {
-		// when
 		this.aclClassIdUtils.setConversionService(null);
 	}
 
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurer.java
index 3a88e03e8f..0ed6cc1ca3 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurer.java
@@ -75,8 +75,6 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 
 	private List<HeaderWriter> headerWriters = new ArrayList<>();
 
-	// --- default header writers ---
-
 	private final ContentTypeOptionsConfig contentTypeOptions = new ContentTypeOptionsConfig();
 
 	private final XXssConfig xssProtection = new XXssConfig();
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java
index 8351a52ce5..93342403c6 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java
@@ -436,8 +436,6 @@ public class OAuth2ResourceServerConfigurerTests {
 				.andExpect(content().string("test-subject"));
 	}
 
-	// -- Method Security
-
 	@Test
 	public void getWhenUsingMethodSecurityWithValidBearerTokenThenAcceptsRequest() throws Exception {
 
@@ -494,8 +492,6 @@ public class OAuth2ResourceServerConfigurerTests {
 				.andExpect(insufficientScopeHeader());
 	}
 
-	// -- Resource Server should not engage csrf
-
 	@Test
 	public void postWhenUsingDefaultsWithValidBearerTokenAndNoCsrfTokenThenOk() throws Exception {
 
@@ -527,8 +523,6 @@ public class OAuth2ResourceServerConfigurerTests {
 				.andExpect(invalidTokenHeader("An error occurred while attempting to decode the Jwt"));
 	}
 
-	// -- Resource Server should not create sessions
-
 	@Test
 	public void requestWhenDefaultConfiguredThenSessionIsNotCreated() throws Exception {
 
@@ -576,8 +570,6 @@ public class OAuth2ResourceServerConfigurerTests {
 		assertThat(result.getRequest().getSession(false)).isNotNull();
 	}
 
-	// -- custom bearer token resolver
-
 	@Test
 	public void requestWhenBearerTokenResolverAllowsRequestBodyThenEitherHeaderOrRequestBodyIsAccepted()
 			throws Exception {
@@ -693,8 +685,6 @@ public class OAuth2ResourceServerConfigurerTests {
 		assertThat(oauth2.getBearerTokenResolver()).isInstanceOf(DefaultBearerTokenResolver.class);
 	}
 
-	// -- custom jwt decoder
-
 	@Test
 	public void requestWhenCustomJwtDecoderWiredOnDslThenUsed() throws Exception {
 
@@ -820,8 +810,6 @@ public class OAuth2ResourceServerConfigurerTests {
 		assertThatCode(() -> jwtConfigurer.getJwtDecoder()).isInstanceOf(NoUniqueBeanDefinitionException.class);
 	}
 
-	// -- exception handling
-
 	@Test
 	public void requestWhenRealmNameConfiguredThenUsesOnUnauthenticated() throws Exception {
 
@@ -861,8 +849,6 @@ public class OAuth2ResourceServerConfigurerTests {
 		assertThatCode(() -> configurer.accessDeniedHandler(null)).isInstanceOf(IllegalArgumentException.class);
 	}
 
-	// -- token validator
-
 	@Test
 	public void requestWhenCustomJwtValidatorFailsThenCorrespondingErrorMessage() throws Exception {
 
@@ -904,8 +890,6 @@ public class OAuth2ResourceServerConfigurerTests {
 				.andExpect(invalidTokenHeader("Jwt expired at"));
 	}
 
-	// -- converter
-
 	@Test
 	public void requestWhenJwtAuthenticationConverterConfiguredOnDslThenIsUsed() throws Exception {
 
@@ -937,8 +921,6 @@ public class OAuth2ResourceServerConfigurerTests {
 		this.mvc.perform(get("/requires-read-scope").with(bearerToken(JWT_TOKEN))).andExpect(status().isOk());
 	}
 
-	// -- single key
-
 	@Test
 	public void requestWhenUsingPublicKeyAndValidTokenThenAuthenticates() throws Exception {
 
@@ -991,8 +973,6 @@ public class OAuth2ResourceServerConfigurerTests {
 		verifyBean(AuthenticationProvider.class).authenticate(any(Authentication.class));
 	}
 
-	// -- opaque
-
 	@Test
 	public void getWhenIntrospectingThenOk() throws Exception {
 		this.spring.register(RestOperationsConfig.class, OpaqueTokenConfig.class, BasicController.class).autowire();
@@ -1099,8 +1079,6 @@ public class OAuth2ResourceServerConfigurerTests {
 		assertThat(opaqueToken.getIntrospector()).isNotNull();
 	}
 
-	// -- In combination with other authentication providers
-
 	@Test
 	public void requestWhenBasicAndResourceServerEntryPointsThenMatchedByRequest() throws Exception {
 
@@ -1171,8 +1149,6 @@ public class OAuth2ResourceServerConfigurerTests {
 				.andExpect(status().isOk()).andExpect(content().string("basic-user"));
 	}
 
-	// -- authentication manager
-
 	@Test
 	public void getAuthenticationManagerWhenConfiguredAuthenticationManagerThenTakesPrecedence() {
 		ApplicationContext context = mock(ApplicationContext.class);
@@ -1190,8 +1166,6 @@ public class OAuth2ResourceServerConfigurerTests {
 		verify(http, never()).authenticationProvider(any(AuthenticationProvider.class));
 	}
 
-	// -- authentication manager resolver
-
 	@Test
 	public void getWhenMultipleIssuersThenUsesIssuerClaimToDifferentiate() throws Exception {
 		this.spring.register(WebServerConfig.class, MultipleIssuersConfig.class, BasicController.class).autowire();
@@ -1226,8 +1200,6 @@ public class OAuth2ResourceServerConfigurerTests {
 				.andExpect(invalidTokenHeader("Invalid issuer"));
 	}
 
-	// -- Incorrect Configuration
-
 	@Test
 	public void configuredWhenMissingJwtAuthenticationProviderThenWiringException() {
 
diff --git a/config/src/test/java/org/springframework/security/config/http/HttpHeadersConfigTests.java b/config/src/test/java/org/springframework/security/config/http/HttpHeadersConfigTests.java
index 4bc4ae8846..a0c2c7861a 100644
--- a/config/src/test/java/org/springframework/security/config/http/HttpHeadersConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/HttpHeadersConfigTests.java
@@ -135,8 +135,6 @@ public class HttpHeadersConfigTests {
 		this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(includes(headers));
 	}
 
-	// -- defaults disabled
-
 	/**
 	 * gh-3986
 	 */
@@ -480,8 +478,6 @@ public class HttpHeadersConfigTests {
 				.andExpect(excludesDefaults());
 	}
 
-	// -- single-header disabled
-
 	@Test
 	public void requestWhenCacheControlDisabledThenExcludesHeader() throws Exception {
 
@@ -550,8 +546,6 @@ public class HttpHeadersConfigTests {
 				.andExpect(excludes(xssProtection));
 	}
 
-	// --- disable error handling ---
-
 	@Test
 	public void configureWhenHstsDisabledAndIncludeSubdomainsSpecifiedThenAutowireFails() {
 		assertThatThrownBy(
diff --git a/config/src/test/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParserTests.java
index 53b1dc8715..06195642b2 100644
--- a/config/src/test/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParserTests.java
@@ -335,8 +335,6 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 				.andExpect(status().isNotFound());
 	}
 
-	// -- Resource Server should not engage csrf
-
 	@Test
 	public void postWhenValidBearerTokenAndNoCsrfTokenThenOk() throws Exception {
 
@@ -371,8 +369,6 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 				.andExpect(invalidTokenHeader("An error occurred while attempting to decode the Jwt"));
 	}
 
-	// -- Resource Server should not create sessions
-
 	@Test
 	public void requestWhenJwtThenSessionIsNotCreated() throws Exception {
 
@@ -421,8 +417,6 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 		assertThat(result.getRequest().getSession(false)).isNotNull();
 	}
 
-	// -- custom bearer token resolver
-
 	@Test
 	public void getWhenCustomBearerTokenResolverThenUses() throws Exception {
 		this.spring.configLocations(xml("MockBearerTokenResolver"), xml("MockJwtDecoder"), xml("BearerTokenResolver"))
@@ -502,8 +496,6 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 		assertThat(oauth2.getBearerTokenResolver(mock(Element.class))).isInstanceOf(RootBeanDefinition.class);
 	}
 
-	// -- custom jwt decoder
-
 	@Test
 	public void requestWhenCustomJwtDecoderThenUsed() throws Exception {
 
@@ -525,8 +517,6 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 				.isInstanceOf(BeanDefinitionParsingException.class);
 	}
 
-	// -- exception handling
-
 	@Test
 	public void requestWhenRealmNameConfiguredThenUsesOnUnauthenticated() throws Exception {
 
@@ -553,8 +543,6 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer realm=\"myRealm\"")));
 	}
 
-	// -- token validator
-
 	@Test
 	public void requestWhenCustomJwtValidatorFailsThenCorrespondingErrorMessage() throws Exception {
 
@@ -593,8 +581,6 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 				.andExpect(invalidTokenHeader("Jwt expired at"));
 	}
 
-	// -- converter
-
 	@Test
 	public void requestWhenJwtAuthenticationConverterThenUsed() throws Exception {
 
@@ -614,8 +600,6 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 		verify(jwtAuthenticationConverter).convert(any(Jwt.class));
 	}
 
-	// -- single key
-
 	@Test
 	public void requestWhenUsingPublicKeyAndValidTokenThenAuthenticates() throws Exception {
 
@@ -645,8 +629,6 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 				.andExpect(invalidTokenHeader("algorithm"));
 	}
 
-	// -- opaque
-
 	@Test
 	public void getWhenIntrospectingThenOk() throws Exception {
 		this.spring.configLocations(xml("OpaqueTokenRestOperations"), xml("OpaqueToken")).autowire();
@@ -688,8 +670,6 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 				.isInstanceOf(BeanDefinitionParsingException.class);
 	}
 
-	// -- authentication manager resolver
-
 	@Test
 	public void getWhenAuthenticationManagerResolverThenUses() throws Exception {
 		this.spring.configLocations(xml("AuthenticationManagerResolver")).autowire();
@@ -738,12 +718,9 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 				.andExpect(status().isUnauthorized()).andExpect(invalidTokenHeader("Invalid issuer"));
 	}
 
-	// -- In combination with other authentication providers
-
 	@Test
-	public void requestWhenBasicAndResourceServerEntryPointsThenBearerTokenPresides() throws Exception { // different
-																											// from
-																											// DSL
+	public void requestWhenBasicAndResourceServerEntryPointsThenBearerTokenPresides() throws Exception {
+		// different from DSL
 
 		this.spring.configLocations(xml("MockJwtDecoder"), xml("BasicAndResourceServer")).autowire();
 
@@ -762,9 +739,8 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 	}
 
 	@Test
-	public void requestWhenFormLoginAndResourceServerEntryPointsThenSessionCreatedByRequest() throws Exception { // different
-																													// from
-																													// DSL
+	public void requestWhenFormLoginAndResourceServerEntryPointsThenSessionCreatedByRequest() throws Exception {
+		// different from DSL
 
 		this.spring.configLocations(xml("MockJwtDecoder"), xml("FormAndResourceServer")).autowire();
 
@@ -794,8 +770,6 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 		this.mvc.perform(get("/authenticated").with(httpBasic("user", "password"))).andExpect(status().isNotFound());
 	}
 
-	// -- Incorrect Configuration
-
 	@Test
 	public void configuredWhenMissingJwtAuthenticationProviderThenWiringException() {
 		assertThatCode(() -> this.spring.configLocations(xml("Jwtless")).autowire())
diff --git a/config/src/test/java/org/springframework/security/config/websocket/WebSocketMessageBrokerConfigTests.java b/config/src/test/java/org/springframework/security/config/websocket/WebSocketMessageBrokerConfigTests.java
index 6374b34664..f52196797b 100644
--- a/config/src/test/java/org/springframework/security/config/websocket/WebSocketMessageBrokerConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/websocket/WebSocketMessageBrokerConfigTests.java
@@ -242,8 +242,6 @@ public class WebSocketMessageBrokerConfigTests {
 		assertThatThrownBy(send(message)).hasCauseInstanceOf(AccessDeniedException.class);
 	}
 
-	// -- invalid intercept types -- //
-
 	@Test
 	public void configureWhenUsingConnectMessageTypeThenAutowireFails() {
 		ThrowingCallable bad = () -> this.spring.configLocations(xml("ConnectInterceptTypeConfig")).autowire();
diff --git a/core/src/test/java/org/springframework/security/access/expression/method/ExpressionBasedPreInvocationAdviceTests.java b/core/src/test/java/org/springframework/security/access/expression/method/ExpressionBasedPreInvocationAdviceTests.java
index d54ad3faca..1c4f1a9d38 100644
--- a/core/src/test/java/org/springframework/security/access/expression/method/ExpressionBasedPreInvocationAdviceTests.java
+++ b/core/src/test/java/org/springframework/security/access/expression/method/ExpressionBasedPreInvocationAdviceTests.java
@@ -51,80 +51,63 @@ public class ExpressionBasedPreInvocationAdviceTests {
 
 	@Test(expected = IllegalArgumentException.class)
 	public void findFilterTargetNameProvidedButNotMatch() throws Exception {
-		// given
 		PreInvocationAttribute attribute = new PreInvocationExpressionAttribute("true", "filterTargetDoesNotMatch",
 				null);
 		MockMethodInvocation methodInvocation = new MockMethodInvocation(new TestClass(), TestClass.class,
 				"doSomethingCollection", new Class[] { List.class }, new Object[] { new ArrayList<>() });
-		// when - then
 		this.expressionBasedPreInvocationAdvice.before(this.authentication, methodInvocation, attribute);
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void findFilterTargetNameProvidedArrayUnsupported() throws Exception {
-		// given
 		PreInvocationAttribute attribute = new PreInvocationExpressionAttribute("true", "param", null);
 		MockMethodInvocation methodInvocation = new MockMethodInvocation(new TestClass(), TestClass.class,
 				"doSomethingArray", new Class[] { String[].class }, new Object[] { new String[0] });
-		// when - then
 		this.expressionBasedPreInvocationAdvice.before(this.authentication, methodInvocation, attribute);
 	}
 
 	@Test
 	public void findFilterTargetNameProvided() throws Exception {
-		// given
 		PreInvocationAttribute attribute = new PreInvocationExpressionAttribute("true", "param", null);
 		MockMethodInvocation methodInvocation = new MockMethodInvocation(new TestClass(), TestClass.class,
 				"doSomethingCollection", new Class[] { List.class }, new Object[] { new ArrayList<>() });
-
-		// when
 		boolean result = this.expressionBasedPreInvocationAdvice.before(this.authentication, methodInvocation,
 				attribute);
-		// then
 		assertThat(result).isTrue();
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void findFilterTargetNameNotProvidedArrayUnsupported() throws Exception {
-		// given
 		PreInvocationAttribute attribute = new PreInvocationExpressionAttribute("true", "", null);
 		MockMethodInvocation methodInvocation = new MockMethodInvocation(new TestClass(), TestClass.class,
 				"doSomethingArray", new Class[] { String[].class }, new Object[] { new String[0] });
-		// when - then
 		this.expressionBasedPreInvocationAdvice.before(this.authentication, methodInvocation, attribute);
 	}
 
 	@Test
 	public void findFilterTargetNameNotProvided() throws Exception {
-		// given
 		PreInvocationAttribute attribute = new PreInvocationExpressionAttribute("true", "", null);
 		MockMethodInvocation methodInvocation = new MockMethodInvocation(new TestClass(), TestClass.class,
 				"doSomethingCollection", new Class[] { List.class }, new Object[] { new ArrayList<>() });
-		// when
 		boolean result = this.expressionBasedPreInvocationAdvice.before(this.authentication, methodInvocation,
 				attribute);
-		// then
 		assertThat(result).isTrue();
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void findFilterTargetNameNotProvidedTypeNotSupported() throws Exception {
-		// given
 		PreInvocationAttribute attribute = new PreInvocationExpressionAttribute("true", "", null);
 		MockMethodInvocation methodInvocation = new MockMethodInvocation(new TestClass(), TestClass.class,
 				"doSomethingString", new Class[] { String.class }, new Object[] { "param" });
-		// when - then
 		this.expressionBasedPreInvocationAdvice.before(this.authentication, methodInvocation, attribute);
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void findFilterTargetNameNotProvidedMethodAcceptMoreThenOneArgument() throws Exception {
-		// given
 		PreInvocationAttribute attribute = new PreInvocationExpressionAttribute("true", "", null);
 		MockMethodInvocation methodInvocation = new MockMethodInvocation(new TestClass(), TestClass.class,
 				"doSomethingTwoArgs", new Class[] { String.class, List.class },
 				new Object[] { "param", new ArrayList<>() });
-		// when - then
 		this.expressionBasedPreInvocationAdvice.before(this.authentication, methodInvocation, attribute);
 	}
 
diff --git a/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextExecutorTests.java b/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextExecutorTests.java
index 486f9b35c3..177b04ae27 100644
--- a/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextExecutorTests.java
+++ b/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextExecutorTests.java
@@ -41,15 +41,11 @@ public abstract class AbstractDelegatingSecurityContextExecutorTests
 
 	private DelegatingSecurityContextExecutor executor;
 
-	// --- constructor ---
-
 	@Test(expected = IllegalArgumentException.class)
 	public void constructorNullDelegate() {
 		new DelegatingSecurityContextExecutor(null);
 	}
 
-	// --- execute ---
-
 	@Test
 	public void execute() {
 		this.executor = create();
diff --git a/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextCallableTests.java b/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextCallableTests.java
index 0d386424f6..4a98820b02 100644
--- a/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextCallableTests.java
+++ b/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextCallableTests.java
@@ -78,8 +78,6 @@ public class DelegatingSecurityContextCallableTests {
 		SecurityContextHolder.clearContext();
 	}
 
-	// --- constructor ---
-
 	@Test(expected = IllegalArgumentException.class)
 	public void constructorNullDelegate() {
 		new DelegatingSecurityContextCallable<>(null);
@@ -100,8 +98,6 @@ public class DelegatingSecurityContextCallableTests {
 		new DelegatingSecurityContextCallable<>(this.delegate, null);
 	}
 
-	// --- call ---
-
 	@Test
 	public void call() throws Exception {
 		this.callable = new DelegatingSecurityContextCallable<>(this.delegate, this.securityContext);
@@ -126,8 +122,6 @@ public class DelegatingSecurityContextCallableTests {
 		assertWrapped(this.callable.call());
 	}
 
-	// --- create ---
-
 	@Test(expected = IllegalArgumentException.class)
 	public void createNullDelegate() {
 		DelegatingSecurityContextCallable.create(null, this.securityContext);
@@ -153,8 +147,6 @@ public class DelegatingSecurityContextCallableTests {
 		assertWrapped(this.callable);
 	}
 
-	// --- toString
-
 	// SEC-2682
 	@Test
 	public void toStringDelegates() {
diff --git a/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextRunnableTests.java b/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextRunnableTests.java
index 12365b4fc1..990c85ccb5 100644
--- a/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextRunnableTests.java
+++ b/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextRunnableTests.java
@@ -74,8 +74,6 @@ public class DelegatingSecurityContextRunnableTests {
 		SecurityContextHolder.clearContext();
 	}
 
-	// --- constructor ---
-
 	@Test(expected = IllegalArgumentException.class)
 	public void constructorNullDelegate() {
 		new DelegatingSecurityContextRunnable(null);
@@ -96,8 +94,6 @@ public class DelegatingSecurityContextRunnableTests {
 		new DelegatingSecurityContextRunnable(this.delegate, null);
 	}
 
-	// --- run ---
-
 	@Test
 	public void call() throws Exception {
 		this.runnable = new DelegatingSecurityContextRunnable(this.delegate, this.securityContext);
@@ -123,8 +119,6 @@ public class DelegatingSecurityContextRunnableTests {
 		assertWrapped(this.runnable);
 	}
 
-	// --- create ---
-
 	@Test(expected = IllegalArgumentException.class)
 	public void createNullDelegate() {
 		DelegatingSecurityContextRunnable.create(null, this.securityContext);
@@ -150,8 +144,6 @@ public class DelegatingSecurityContextRunnableTests {
 		assertWrapped(this.runnable);
 	}
 
-	// --- toString
-
 	// SEC-2682
 	@Test
 	public void toStringDelegates() {
diff --git a/crypto/src/main/java/org/springframework/security/crypto/encrypt/AesBytesEncryptor.java b/crypto/src/main/java/org/springframework/security/crypto/encrypt/AesBytesEncryptor.java
index 85e5478814..52c913071d 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/encrypt/AesBytesEncryptor.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/encrypt/AesBytesEncryptor.java
@@ -132,8 +132,6 @@ public final class AesBytesEncryptor implements BytesEncryptor {
 		}
 	}
 
-	// internal helpers
-
 	private byte[] iv(byte[] encrypted) {
 		return this.ivGenerator != NULL_IV_GENERATOR
 				? EncodingUtils.subArray(encrypted, 0, this.ivGenerator.getKeyLength())
diff --git a/crypto/src/main/java/org/springframework/security/crypto/password/StandardPasswordEncoder.java b/crypto/src/main/java/org/springframework/security/crypto/password/StandardPasswordEncoder.java
index bca1380bfd..1f36635d39 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/password/StandardPasswordEncoder.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/password/StandardPasswordEncoder.java
@@ -83,8 +83,6 @@ public final class StandardPasswordEncoder implements PasswordEncoder {
 		return MessageDigest.isEqual(digested, digest(rawPassword, salt));
 	}
 
-	// internal helpers
-
 	private StandardPasswordEncoder(String algorithm, CharSequence secret) {
 		this.digester = new Digester(algorithm, DEFAULT_ITERATIONS);
 		this.secret = Utf8.encode(secret);
diff --git a/ldap/src/test/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProviderTests.java b/ldap/src/test/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProviderTests.java
index c80407f9af..dd2ee0b428 100644
--- a/ldap/src/test/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProviderTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProviderTests.java
@@ -96,7 +96,6 @@ public class ActiveDirectoryLdapAuthenticationProviderTests {
 	// SEC-1915
 	@Test
 	public void customSearchFilterIsUsedForSuccessfulAuthentication() throws Exception {
-		// given
 		String customSearchFilter = "(&(objectClass=user)(sAMAccountName={0}))";
 
 		DirContext ctx = mock(DirContext.class);
@@ -111,17 +110,14 @@ public class ActiveDirectoryLdapAuthenticationProviderTests {
 				"mydomain.eu", "ldap://192.168.1.200/");
 		customProvider.contextFactory = createContextFactoryReturning(ctx);
 
-		// when
 		customProvider.setSearchFilter(customSearchFilter);
 		Authentication result = customProvider.authenticate(this.joe);
 
-		// then
 		assertThat(result.isAuthenticated()).isTrue();
 	}
 
 	@Test
 	public void defaultSearchFilter() throws Exception {
-		// given
 		final String defaultSearchFilter = "(&(objectClass=user)(userPrincipalName={0}))";
 
 		DirContext ctx = mock(DirContext.class);
@@ -136,10 +132,8 @@ public class ActiveDirectoryLdapAuthenticationProviderTests {
 				"mydomain.eu", "ldap://192.168.1.200/");
 		customProvider.contextFactory = createContextFactoryReturning(ctx);
 
-		// when
 		Authentication result = customProvider.authenticate(this.joe);
 
-		// then
 		assertThat(result.isAuthenticated()).isTrue();
 		verify(ctx).search(any(DistinguishedName.class), eq(defaultSearchFilter), any(Object[].class),
 				any(SearchControls.class));
@@ -148,7 +142,6 @@ public class ActiveDirectoryLdapAuthenticationProviderTests {
 	// SEC-2897,SEC-2224
 	@Test
 	public void bindPrincipalAndUsernameUsed() throws Exception {
-		// given
 		final String defaultSearchFilter = "(&(objectClass=user)(userPrincipalName={0}))";
 		ArgumentCaptor<Object[]> captor = ArgumentCaptor.forClass(Object[].class);
 
@@ -164,10 +157,8 @@ public class ActiveDirectoryLdapAuthenticationProviderTests {
 				"mydomain.eu", "ldap://192.168.1.200/");
 		customProvider.contextFactory = createContextFactoryReturning(ctx);
 
-		// when
 		Authentication result = customProvider.authenticate(this.joe);
 
-		// then
 		assertThat(captor.getValue()).containsExactly("joe@mydomain.eu", "joe");
 		assertThat(result.isAuthenticated()).isTrue();
 	}
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderTests.java
index b554ab2669..ce12e04584 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderTests.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderTests.java
@@ -491,16 +491,13 @@ public class NimbusJwtDecoderTests {
 
 	@Test
 	public void decodeWhenCacheThenStoreRetrievedJwkSetToCache() {
-		// given
 		Cache cache = new ConcurrentMapCache("test-jwk-set-cache");
 		RestOperations restOperations = mock(RestOperations.class);
 		given(restOperations.exchange(any(RequestEntity.class), eq(String.class)))
 				.willReturn(new ResponseEntity<>(JWK_SET, HttpStatus.OK));
 		NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder.withJwkSetUri(JWK_SET_URI).restOperations(restOperations)
 				.cache(cache).build();
-		// when
 		jwtDecoder.decode(SIGNED_JWT);
-		// then
 		assertThat(cache.get(JWK_SET_URI, String.class)).isEqualTo(JWK_SET);
 		ArgumentCaptor<RequestEntity> requestEntityCaptor = ArgumentCaptor.forClass(RequestEntity.class);
 		verify(restOperations).exchange(requestEntityCaptor.capture(), eq(String.class));
@@ -511,15 +508,12 @@ public class NimbusJwtDecoderTests {
 
 	@Test
 	public void decodeWhenCacheThenRetrieveFromCache() {
-		// given
 		RestOperations restOperations = mock(RestOperations.class);
 		Cache cache = mock(Cache.class);
 		given(cache.get(eq(JWK_SET_URI), any(Callable.class))).willReturn(JWK_SET);
 		NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder.withJwkSetUri(JWK_SET_URI).cache(cache)
 				.restOperations(restOperations).build();
-		// when
 		jwtDecoder.decode(SIGNED_JWT);
-		// then
 		verify(cache).get(eq(JWK_SET_URI), any(Callable.class));
 		verifyNoMoreInteractions(cache);
 		verifyNoInteractions(restOperations);
@@ -527,14 +521,12 @@ public class NimbusJwtDecoderTests {
 
 	@Test
 	public void decodeWhenCacheIsConfiguredAndValueLoaderErrorsThenThrowsJwtException() {
-		// given
 		Cache cache = new ConcurrentMapCache("test-jwk-set-cache");
 		RestOperations restOperations = mock(RestOperations.class);
 		given(restOperations.exchange(any(RequestEntity.class), eq(String.class)))
 				.willThrow(new RestClientException("Cannot retrieve JWK Set"));
 		NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder.withJwkSetUri(JWK_SET_URI).restOperations(restOperations)
 				.cache(cache).build();
-		// then
 		assertThatCode(() -> jwtDecoder.decode(SIGNED_JWT)).isInstanceOf(JwtException.class)
 				.isNotInstanceOf(BadJwtException.class)
 				.hasMessageContaining("An error occurred while attempting to decode the Jwt");
diff --git a/samples/boot/hellowebflux-method/src/test/java/sample/HelloWebfluxMethodApplicationTests.java b/samples/boot/hellowebflux-method/src/test/java/sample/HelloWebfluxMethodApplicationTests.java
index fdf850a114..72bddcf9ac 100644
--- a/samples/boot/hellowebflux-method/src/test/java/sample/HelloWebfluxMethodApplicationTests.java
+++ b/samples/boot/hellowebflux-method/src/test/java/sample/HelloWebfluxMethodApplicationTests.java
@@ -58,8 +58,6 @@ public class HelloWebfluxMethodApplicationTests {
 			.expectStatus().isUnauthorized();
 	}
 
-	// --- Basic Authentication ---
-
 	@Test
 	public void messageWhenUserThenForbidden() {
 		this.rest
@@ -81,8 +79,6 @@ public class HelloWebfluxMethodApplicationTests {
 			.expectBody(String.class).isEqualTo("Hello World!");
 	}
 
-	// --- WithMockUser ---
-
 	@Test
 	@WithMockUser
 	public void messageWhenWithMockUserThenForbidden() {
@@ -104,8 +100,6 @@ public class HelloWebfluxMethodApplicationTests {
 			.expectBody(String.class).isEqualTo("Hello World!");
 	}
 
-	// --- mutateWith mockUser ---
-
 	@Test
 	public void messageWhenMutateWithMockUserThenForbidden() {
 		this.rest
diff --git a/samples/boot/oauth2resourceserver-jwe/src/integration-test/java/sample/OAuth2ResourceServerApplicationITests.java b/samples/boot/oauth2resourceserver-jwe/src/integration-test/java/sample/OAuth2ResourceServerApplicationITests.java
index b10249a255..44c78dec23 100644
--- a/samples/boot/oauth2resourceserver-jwe/src/integration-test/java/sample/OAuth2ResourceServerApplicationITests.java
+++ b/samples/boot/oauth2resourceserver-jwe/src/integration-test/java/sample/OAuth2ResourceServerApplicationITests.java
@@ -60,8 +60,6 @@ public class OAuth2ResourceServerApplicationITests {
 				.andExpect(content().string(containsString("Hello, subject!")));
 	}
 
-	// -- tests with scopes
-
 	@Test
 	public void performWhenValidBearerTokenThenScopedRequestsAlsoWork()
 			throws Exception {
diff --git a/samples/boot/oauth2resourceserver-multitenancy/src/integration-test/java/sample/OAuth2ResourceServerApplicationITests.java b/samples/boot/oauth2resourceserver-multitenancy/src/integration-test/java/sample/OAuth2ResourceServerApplicationITests.java
index c50157dd92..a476a705f3 100644
--- a/samples/boot/oauth2resourceserver-multitenancy/src/integration-test/java/sample/OAuth2ResourceServerApplicationITests.java
+++ b/samples/boot/oauth2resourceserver-multitenancy/src/integration-test/java/sample/OAuth2ResourceServerApplicationITests.java
@@ -60,8 +60,6 @@ public class OAuth2ResourceServerApplicationITests {
 				.andExpect(content().string(containsString("Hello, subject for tenant one!")));
 	}
 
-	// -- tests with scopes
-
 	@Test
 	public void tenantOnePerformWhenValidBearerTokenThenScopedRequestsAlsoWork()
 			throws Exception {
@@ -96,8 +94,6 @@ public class OAuth2ResourceServerApplicationITests {
 				.andExpect(content().string(containsString("Hello, subject for tenant two!")));
 	}
 
-	// -- tests with scopes
-
 	@Test
 	public void tenantTwoPerformWhenValidBearerTokenThenScopedRequestsAlsoWork()
 			throws Exception {
diff --git a/samples/boot/oauth2resourceserver-opaque/src/integration-test/java/sample/OAuth2ResourceServerApplicationITests.java b/samples/boot/oauth2resourceserver-opaque/src/integration-test/java/sample/OAuth2ResourceServerApplicationITests.java
index cbeeb8ebda..0be5e8ac3f 100644
--- a/samples/boot/oauth2resourceserver-opaque/src/integration-test/java/sample/OAuth2ResourceServerApplicationITests.java
+++ b/samples/boot/oauth2resourceserver-opaque/src/integration-test/java/sample/OAuth2ResourceServerApplicationITests.java
@@ -60,8 +60,6 @@ public class OAuth2ResourceServerApplicationITests {
 				.andExpect(content().string(containsString("Hello, subject!")));
 	}
 
-	// -- tests with scopes
-
 	@Test
 	public void performWhenValidBearerTokenThenScopedRequestsAlsoWork()
 			throws Exception {
diff --git a/samples/boot/oauth2resourceserver-static/src/integration-test/java/sample/OAuth2ResourceServerApplicationITests.java b/samples/boot/oauth2resourceserver-static/src/integration-test/java/sample/OAuth2ResourceServerApplicationITests.java
index a5d644662a..4cb8018d8d 100644
--- a/samples/boot/oauth2resourceserver-static/src/integration-test/java/sample/OAuth2ResourceServerApplicationITests.java
+++ b/samples/boot/oauth2resourceserver-static/src/integration-test/java/sample/OAuth2ResourceServerApplicationITests.java
@@ -60,8 +60,6 @@ public class OAuth2ResourceServerApplicationITests {
 				.andExpect(content().string(containsString("Hello, subject!")));
 	}
 
-	// -- tests with scopes
-
 	@Test
 	public void performWhenValidBearerTokenThenScopedRequestsAlsoWork()
 			throws Exception {
diff --git a/samples/boot/oauth2resourceserver-webflux/src/integration-test/java/sample/ServerOAuth2ResourceServerApplicationITests.java b/samples/boot/oauth2resourceserver-webflux/src/integration-test/java/sample/ServerOAuth2ResourceServerApplicationITests.java
index 13d09b16c1..763d28a71e 100644
--- a/samples/boot/oauth2resourceserver-webflux/src/integration-test/java/sample/ServerOAuth2ResourceServerApplicationITests.java
+++ b/samples/boot/oauth2resourceserver-webflux/src/integration-test/java/sample/ServerOAuth2ResourceServerApplicationITests.java
@@ -55,8 +55,6 @@ public class ServerOAuth2ResourceServerApplicationITests {
 				.expectBody(String.class).isEqualTo("Hello, subject!");
 	}
 
-	// -- tests with scopes
-
 	@Test
 	public void getWhenValidBearerTokenThenScopedRequestsAlsoWork() {
 
diff --git a/samples/boot/oauth2resourceserver/src/integration-test/java/sample/OAuth2ResourceServerApplicationITests.java b/samples/boot/oauth2resourceserver/src/integration-test/java/sample/OAuth2ResourceServerApplicationITests.java
index 6479417499..a61ef43a1d 100644
--- a/samples/boot/oauth2resourceserver/src/integration-test/java/sample/OAuth2ResourceServerApplicationITests.java
+++ b/samples/boot/oauth2resourceserver/src/integration-test/java/sample/OAuth2ResourceServerApplicationITests.java
@@ -62,8 +62,6 @@ public class OAuth2ResourceServerApplicationITests {
 				.andExpect(content().string(containsString("Hello, subject!")));
 	}
 
-	// -- tests with scopes
-
 	@Test
 	public void performWhenValidBearerTokenThenScopedRequestsAlsoWork()
 			throws Exception {
diff --git a/samples/xml/dms/src/test/java/sample/DmsIntegrationTests.java b/samples/xml/dms/src/test/java/sample/DmsIntegrationTests.java
index bf28298f2e..4429d6c833 100644
--- a/samples/xml/dms/src/test/java/sample/DmsIntegrationTests.java
+++ b/samples/xml/dms/src/test/java/sample/DmsIntegrationTests.java
@@ -122,13 +122,9 @@ public class DmsIntegrationTests extends AbstractTransactionalJUnit4SpringContex
 		// plus 10 files
 
 		AbstractElement[] nonHomeElements = this.documentDao.findElements(nonHomeDir);
-		assertThat(nonHomeElements).hasSize(shouldBeFiltered ? 11 : 12); // cannot
-																					// see
-		// the user's
-		// "confidential"
-		// sub-directory
-		// when
-		// filtering
+		assertThat(nonHomeElements).hasSize(shouldBeFiltered ? 11 : 12);
+
+		// cannot see the user's "confidential" sub-directory when filtering
 
 		// Attempt to read the other user's confidential directory from the returned
 		// results
diff --git a/web/src/test/java/org/springframework/security/web/firewall/DefaultRequestRejectedHandlerTests.java b/web/src/test/java/org/springframework/security/web/firewall/DefaultRequestRejectedHandlerTests.java
index 3aafb0ebab..f401179f30 100644
--- a/web/src/test/java/org/springframework/security/web/firewall/DefaultRequestRejectedHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/firewall/DefaultRequestRejectedHandlerTests.java
@@ -28,16 +28,12 @@ public class DefaultRequestRejectedHandlerTests {
 
 	@Test
 	public void defaultRequestRejectedHandlerRethrowsTheException() throws Exception {
-		// given:
 		RequestRejectedException requestRejectedException = new RequestRejectedException("rejected");
 		DefaultRequestRejectedHandler sut = new DefaultRequestRejectedHandler();
-
-		// when:
 		try {
 			sut.handle(mock(HttpServletRequest.class), mock(HttpServletResponse.class), requestRejectedException);
 		}
 		catch (RequestRejectedException exception) {
-			// then:
 			Assert.assertThat(exception.getMessage(), CoreMatchers.is("rejected"));
 			return;
 		}
diff --git a/web/src/test/java/org/springframework/security/web/firewall/HttpStatusRequestRejectedHandlerTests.java b/web/src/test/java/org/springframework/security/web/firewall/HttpStatusRequestRejectedHandlerTests.java
index a68fcd3c72..580d07d034 100644
--- a/web/src/test/java/org/springframework/security/web/firewall/HttpStatusRequestRejectedHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/firewall/HttpStatusRequestRejectedHandlerTests.java
@@ -27,14 +27,9 @@ public class HttpStatusRequestRejectedHandlerTests {
 
 	@Test
 	public void httpStatusRequestRejectedHandlerUsesStatus400byDefault() throws Exception {
-		// given:
 		HttpStatusRequestRejectedHandler sut = new HttpStatusRequestRejectedHandler();
 		HttpServletResponse response = mock(HttpServletResponse.class);
-
-		// when:
 		sut.handle(mock(HttpServletRequest.class), response, mock(RequestRejectedException.class));
-
-		// then:
 		verify(response).sendError(400);
 	}
 
@@ -46,15 +41,9 @@ public class HttpStatusRequestRejectedHandlerTests {
 	}
 
 	private void httpStatusRequestRejectedHandlerCanBeConfiguredToUseStatusHelper(int status) throws Exception {
-
-		// given:
 		HttpStatusRequestRejectedHandler sut = new HttpStatusRequestRejectedHandler(status);
 		HttpServletResponse response = mock(HttpServletResponse.class);
-
-		// when:
 		sut.handle(mock(HttpServletRequest.class), response, mock(RequestRejectedException.class));
-
-		// then:
 		verify(response).sendError(status);
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/firewall/StrictHttpFirewallTests.java b/web/src/test/java/org/springframework/security/web/firewall/StrictHttpFirewallTests.java
index c42e98034e..17bf759c9c 100644
--- a/web/src/test/java/org/springframework/security/web/firewall/StrictHttpFirewallTests.java
+++ b/web/src/test/java/org/springframework/security/web/firewall/StrictHttpFirewallTests.java
@@ -146,8 +146,6 @@ public class StrictHttpFirewallTests {
 		}
 	}
 
-	// --- ; ---
-
 	@Test(expected = RequestRejectedException.class)
 	public void getFirewalledRequestWhenSemicolonInContextPathThenThrowsRequestRejectedException() {
 		this.request.setContextPath(";/context");
@@ -334,8 +332,6 @@ public class StrictHttpFirewallTests {
 		this.firewall.getFirewalledRequest(this.request);
 	}
 
-	// --- encoded . ---
-
 	@Test(expected = RequestRejectedException.class)
 	public void getFirewalledRequestWhenEncodedPeriodInThenThrowsRequestRejectedException() {
 		this.request.setRequestURI("/%2E/");
@@ -394,8 +390,6 @@ public class StrictHttpFirewallTests {
 		this.firewall.getFirewalledRequest(this.request);
 	}
 
-	// --- from DefaultHttpFirewallTests ---
-
 	/**
 	 * On WebSphere 8.5 a URL like /context-root/a/b;%2f1/c can bypass a rule on /a/b/c
 	 * because the pathInfo is /a/b;/1/c which ends up being /a/b/1/c while Spring MVC
diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/SwitchUserWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/SwitchUserWebFilterTests.java
index 7a4325920d..2f7296860c 100644
--- a/web/src/test/java/org/springframework/security/web/server/authentication/SwitchUserWebFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authentication/SwitchUserWebFilterTests.java
@@ -95,15 +95,10 @@ public class SwitchUserWebFilterTests {
 
 	@Test
 	public void switchUserWhenRequestNotMatchThenDoesNothing() {
-		// given
 		MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.post("/not/existing"));
-
 		WebFilterChain chain = mock(WebFilterChain.class);
 		given(chain.filter(exchange)).willReturn(Mono.empty());
-
-		// when
 		this.switchUserWebFilter.filter(exchange, chain).block();
-		// then
 		verifyNoInteractions(this.userDetailsService);
 		verifyNoInteractions(this.successHandler);
 		verifyNoInteractions(this.failureHandler);
@@ -114,7 +109,6 @@ public class SwitchUserWebFilterTests {
 
 	@Test
 	public void switchUser() {
-		// given
 		final String targetUsername = "TEST_USERNAME";
 		final UserDetails switchUserDetails = switchUserDetails(targetUsername, true);
 
@@ -133,12 +127,10 @@ public class SwitchUserWebFilterTests {
 		given(this.successHandler.onAuthenticationSuccess(any(WebFilterExchange.class), any(Authentication.class)))
 				.willReturn(Mono.empty());
 
-		// when
 		this.switchUserWebFilter.filter(exchange, chain)
 				.subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(securityContext)))
 				.block();
 
-		// then
 		verifyNoInteractions(chain);
 		verify(this.userDetailsService).findByUsername(targetUsername);
 
@@ -165,7 +157,6 @@ public class SwitchUserWebFilterTests {
 
 	@Test
 	public void switchUserWhenUserAlreadySwitchedThenExitSwitchAndSwitchAgain() {
-		// given
 		final Authentication originalAuthentication = new UsernamePasswordAuthenticationToken("origPrincipal",
 				"origCredentials");
 
@@ -189,12 +180,10 @@ public class SwitchUserWebFilterTests {
 		given(this.userDetailsService.findByUsername(targetUsername))
 				.willReturn(Mono.just(switchUserDetails(targetUsername, true)));
 
-		// when
 		this.switchUserWebFilter.filter(exchange, chain)
 				.subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(securityContext)))
 				.block();
 
-		// then
 		final ArgumentCaptor<Authentication> authenticationCaptor = ArgumentCaptor.forClass(Authentication.class);
 		verify(this.successHandler).onAuthenticationSuccess(any(WebFilterExchange.class),
 				authenticationCaptor.capture());
@@ -210,7 +199,6 @@ public class SwitchUserWebFilterTests {
 
 	@Test
 	public void switchUserWhenUsernameIsMissingThenThrowException() {
-		// given
 		final MockServerWebExchange exchange = MockServerWebExchange
 				.from(MockServerHttpRequest.post("/login/impersonate"));
 
@@ -220,7 +208,6 @@ public class SwitchUserWebFilterTests {
 		this.exceptionRule.expect(IllegalArgumentException.class);
 		this.exceptionRule.expectMessage("The userName can not be null.");
 
-		// when
 		this.switchUserWebFilter.filter(exchange, chain)
 				.subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(securityContext)))
 				.block();
@@ -241,7 +228,6 @@ public class SwitchUserWebFilterTests {
 		given(this.failureHandler.onAuthenticationFailure(any(WebFilterExchange.class), any(DisabledException.class)))
 				.willReturn(Mono.empty());
 
-		// when
 		this.switchUserWebFilter.filter(exchange, chain)
 				.subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(securityContext)))
 				.block();
@@ -252,7 +238,6 @@ public class SwitchUserWebFilterTests {
 
 	@Test
 	public void switchUserWhenFailureHandlerNotDefinedThenReturnError() {
-		// given
 		this.switchUserWebFilter = new SwitchUserWebFilter(this.userDetailsService, this.successHandler, null);
 
 		final String targetUsername = "TEST_USERNAME";
@@ -267,7 +252,6 @@ public class SwitchUserWebFilterTests {
 
 		this.exceptionRule.expect(DisabledException.class);
 
-		// when then
 		this.switchUserWebFilter.filter(exchange, chain)
 				.subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(securityContext)))
 				.block();
@@ -276,7 +260,6 @@ public class SwitchUserWebFilterTests {
 
 	@Test
 	public void exitSwitchThenReturnToOriginalAuthentication() {
-		// given
 		final MockServerWebExchange exchange = MockServerWebExchange
 				.from(MockServerHttpRequest.post("/logout/impersonate"));
 
@@ -296,12 +279,10 @@ public class SwitchUserWebFilterTests {
 		given(this.successHandler.onAuthenticationSuccess(any(WebFilterExchange.class), any(Authentication.class)))
 				.willReturn(Mono.empty());
 
-		// when
 		this.switchUserWebFilter.filter(exchange, chain)
 				.subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(securityContext)))
 				.block();
 
-		// then
 		final ArgumentCaptor<SecurityContext> securityContextCaptor = ArgumentCaptor.forClass(SecurityContext.class);
 		verify(this.serverSecurityContextRepository).save(eq(exchange), securityContextCaptor.capture());
 		final SecurityContext savedSecurityContext = securityContextCaptor.getValue();
@@ -319,7 +300,6 @@ public class SwitchUserWebFilterTests {
 
 	@Test
 	public void exitSwitchWhenUserNotSwitchedThenThrowError() {
-		// given
 		final MockServerWebExchange exchange = MockServerWebExchange
 				.from(MockServerHttpRequest.post("/logout/impersonate"));
 
@@ -332,7 +312,6 @@ public class SwitchUserWebFilterTests {
 		this.exceptionRule.expect(AuthenticationCredentialsNotFoundException.class);
 		this.exceptionRule.expectMessage("Could not find original Authentication object");
 
-		// when then
 		this.switchUserWebFilter.filter(exchange, chain)
 				.subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(securityContext)))
 				.block();
@@ -341,7 +320,6 @@ public class SwitchUserWebFilterTests {
 
 	@Test
 	public void exitSwitchWhenNoCurrentUserThenThrowError() {
-		// given
 		final MockServerWebExchange exchange = MockServerWebExchange
 				.from(MockServerHttpRequest.post("/logout/impersonate"));
 
@@ -350,65 +328,49 @@ public class SwitchUserWebFilterTests {
 		this.exceptionRule.expect(AuthenticationCredentialsNotFoundException.class);
 		this.exceptionRule.expectMessage("No current user associated with this request");
 
-		// when
 		this.switchUserWebFilter.filter(exchange, chain).block();
-		// then
 		verifyNoInteractions(chain);
 	}
 
 	@Test
 	public void constructorUserDetailsServiceRequired() {
-		// given
 		this.exceptionRule.expect(IllegalArgumentException.class);
 		this.exceptionRule.expectMessage("userDetailsService must be specified");
-
-		// when
 		this.switchUserWebFilter = new SwitchUserWebFilter(null, mock(ServerAuthenticationSuccessHandler.class),
 				mock(ServerAuthenticationFailureHandler.class));
 	}
 
 	@Test
 	public void constructorServerAuthenticationSuccessHandlerRequired() {
-		// given
 		this.exceptionRule.expect(IllegalArgumentException.class);
 		this.exceptionRule.expectMessage("successHandler must be specified");
-		// when
 		this.switchUserWebFilter = new SwitchUserWebFilter(mock(ReactiveUserDetailsService.class), null,
 				mock(ServerAuthenticationFailureHandler.class));
 	}
 
 	@Test
 	public void constructorSuccessTargetUrlRequired() {
-		// given
 		this.exceptionRule.expect(IllegalArgumentException.class);
 		this.exceptionRule.expectMessage("successTargetUrl must be specified");
-		// when
 		this.switchUserWebFilter = new SwitchUserWebFilter(mock(ReactiveUserDetailsService.class), null,
 				"failure/target/url");
 	}
 
 	@Test
 	public void constructorFirstDefaultValues() {
-		// when
 		this.switchUserWebFilter = new SwitchUserWebFilter(mock(ReactiveUserDetailsService.class),
 				mock(ServerAuthenticationSuccessHandler.class), mock(ServerAuthenticationFailureHandler.class));
-
-		// then
 		final Object securityContextRepository = ReflectionTestUtils.getField(this.switchUserWebFilter,
 				"securityContextRepository");
 		assertThat(securityContextRepository).isInstanceOf(WebSessionServerSecurityContextRepository.class);
-
 		final Object userDetailsChecker = ReflectionTestUtils.getField(this.switchUserWebFilter, "userDetailsChecker");
 		assertThat(userDetailsChecker).isInstanceOf(AccountStatusUserDetailsChecker.class);
 	}
 
 	@Test
 	public void constructorSecondDefaultValues() {
-		// when
 		this.switchUserWebFilter = new SwitchUserWebFilter(mock(ReactiveUserDetailsService.class), "success/target/url",
 				"failure/target/url");
-
-		// then
 		final Object successHandler = ReflectionTestUtils.getField(this.switchUserWebFilter, "successHandler");
 		assertThat(successHandler).isInstanceOf(RedirectServerAuthenticationSuccessHandler.class);
 
@@ -425,27 +387,20 @@ public class SwitchUserWebFilterTests {
 
 	@Test
 	public void setSecurityContextRepositoryWhenNullThenThrowException() {
-		// given
 		this.exceptionRule.expect(IllegalArgumentException.class);
 		this.exceptionRule.expectMessage("securityContextRepository cannot be null");
-		// when
 		this.switchUserWebFilter.setSecurityContextRepository(null);
-		// then
 		fail("Test should fail with exception");
 	}
 
 	@Test
 	public void setSecurityContextRepositoryWhenDefinedThenChangeDefaultValue() {
-		// given
 		final Object oldSecurityContextRepository = ReflectionTestUtils.getField(this.switchUserWebFilter,
 				"securityContextRepository");
 		assertThat(oldSecurityContextRepository).isSameAs(this.serverSecurityContextRepository);
-
 		final ServerSecurityContextRepository newSecurityContextRepository = mock(
 				ServerSecurityContextRepository.class);
-		// when
 		this.switchUserWebFilter.setSecurityContextRepository(newSecurityContextRepository);
-		// then
 		final Object currentSecurityContextRepository = ReflectionTestUtils.getField(this.switchUserWebFilter,
 				"securityContextRepository");
 		assertThat(currentSecurityContextRepository).isSameAs(newSecurityContextRepository);
@@ -453,29 +408,22 @@ public class SwitchUserWebFilterTests {
 
 	@Test
 	public void setExitUserUrlWhenNullThenThrowException() {
-		// given
 		this.exceptionRule.expect(IllegalArgumentException.class);
 		this.exceptionRule.expectMessage("exitUserUrl cannot be empty and must be a valid redirect URL");
-		// when
 		this.switchUserWebFilter.setExitUserUrl(null);
-		// then
 		fail("Test should fail with exception");
 	}
 
 	@Test
 	public void setExitUserUrlWhenInvalidUrlThenThrowException() {
-		// given
 		this.exceptionRule.expect(IllegalArgumentException.class);
 		this.exceptionRule.expectMessage("exitUserUrl cannot be empty and must be a valid redirect URL");
-		// when
 		this.switchUserWebFilter.setExitUserUrl("wrongUrl");
-		// then
 		fail("Test should fail with exception");
 	}
 
 	@Test
 	public void setExitUserUrlWhenDefinedThenChangeDefaultValue() {
-		// given
 		final MockServerWebExchange exchange = MockServerWebExchange
 				.from(MockServerHttpRequest.post("/logout/impersonate"));
 
@@ -483,13 +431,8 @@ public class SwitchUserWebFilterTests {
 				.getField(this.switchUserWebFilter, "exitUserMatcher");
 
 		assertThat(oldExitUserMatcher.matches(exchange).block().isMatch()).isTrue();
-
-		// when
 		this.switchUserWebFilter.setExitUserUrl("/exit-url");
-
-		// then
 		final MockServerWebExchange newExchange = MockServerWebExchange.from(MockServerHttpRequest.post("/exit-url"));
-
 		final ServerWebExchangeMatcher newExitUserMatcher = (ServerWebExchangeMatcher) ReflectionTestUtils
 				.getField(this.switchUserWebFilter, "exitUserMatcher");
 
@@ -498,18 +441,14 @@ public class SwitchUserWebFilterTests {
 
 	@Test
 	public void setExitUserMatcherWhenNullThenThrowException() {
-		// given
 		this.exceptionRule.expect(IllegalArgumentException.class);
 		this.exceptionRule.expectMessage("exitUserMatcher cannot be null");
-		// when
 		this.switchUserWebFilter.setExitUserMatcher(null);
-		// then
 		fail("Test should fail with exception");
 	}
 
 	@Test
 	public void setExitUserMatcherWhenDefinedThenChangeDefaultValue() {
-		// given
 		final MockServerWebExchange exchange = MockServerWebExchange
 				.from(MockServerHttpRequest.post("/logout/impersonate"));
 
@@ -521,11 +460,8 @@ public class SwitchUserWebFilterTests {
 		final ServerWebExchangeMatcher newExitUserMatcher = ServerWebExchangeMatchers.pathMatchers(HttpMethod.POST,
 				"/exit-url");
 
-		// when
 		this.switchUserWebFilter.setExitUserMatcher(newExitUserMatcher);
 
-		// then
-
 		final ServerWebExchangeMatcher currentExitUserMatcher = (ServerWebExchangeMatcher) ReflectionTestUtils
 				.getField(this.switchUserWebFilter, "exitUserMatcher");
 
@@ -534,29 +470,22 @@ public class SwitchUserWebFilterTests {
 
 	@Test
 	public void setSwitchUserUrlWhenNullThenThrowException() {
-		// given
 		this.exceptionRule.expect(IllegalArgumentException.class);
 		this.exceptionRule.expectMessage("switchUserUrl cannot be empty and must be a valid redirect URL");
-		// when
 		this.switchUserWebFilter.setSwitchUserUrl(null);
-		// then
 		fail("Test should fail with exception");
 	}
 
 	@Test
 	public void setSwitchUserUrlWhenInvalidThenThrowException() {
-		// given
 		this.exceptionRule.expect(IllegalArgumentException.class);
 		this.exceptionRule.expectMessage("switchUserUrl cannot be empty and must be a valid redirect URL");
-		// when
 		this.switchUserWebFilter.setSwitchUserUrl("wrongUrl");
-		// then
 		fail("Test should fail with exception");
 	}
 
 	@Test
 	public void setSwitchUserUrlWhenDefinedThenChangeDefaultValue() {
-		// given
 		final MockServerWebExchange exchange = MockServerWebExchange
 				.from(MockServerHttpRequest.post("/login/impersonate"));
 
@@ -565,32 +494,24 @@ public class SwitchUserWebFilterTests {
 
 		assertThat(oldSwitchUserMatcher.matches(exchange).block().isMatch()).isTrue();
 
-		// when
 		this.switchUserWebFilter.setSwitchUserUrl("/switch-url");
 
-		// then
 		final MockServerWebExchange newExchange = MockServerWebExchange.from(MockServerHttpRequest.post("/switch-url"));
-
 		final ServerWebExchangeMatcher newSwitchUserMatcher = (ServerWebExchangeMatcher) ReflectionTestUtils
 				.getField(this.switchUserWebFilter, "switchUserMatcher");
-
 		assertThat(newSwitchUserMatcher.matches(newExchange).block().isMatch()).isTrue();
 	}
 
 	@Test
 	public void setSwitchUserMatcherWhenNullThenThrowException() {
-		// given
 		this.exceptionRule.expect(IllegalArgumentException.class);
 		this.exceptionRule.expectMessage("switchUserMatcher cannot be null");
-		// when
 		this.switchUserWebFilter.setSwitchUserMatcher(null);
-		// then
 		fail("Test should fail with exception");
 	}
 
 	@Test
 	public void setSwitchUserMatcherWhenDefinedThenChangeDefaultValue() {
-		// given
 		final MockServerWebExchange exchange = MockServerWebExchange
 				.from(MockServerHttpRequest.post("/login/impersonate"));
 
@@ -602,14 +523,10 @@ public class SwitchUserWebFilterTests {
 		final ServerWebExchangeMatcher newSwitchUserMatcher = ServerWebExchangeMatchers.pathMatchers(HttpMethod.POST,
 				"/switch-url");
 
-		// when
 		this.switchUserWebFilter.setSwitchUserMatcher(newSwitchUserMatcher);
 
-		// then
-
 		final ServerWebExchangeMatcher currentExitUserMatcher = (ServerWebExchangeMatcher) ReflectionTestUtils
 				.getField(this.switchUserWebFilter, "switchUserMatcher");
-
 		assertThat(currentExitUserMatcher).isSameAs(newSwitchUserMatcher);
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/util/OnCommittedResponseWrapperTests.java b/web/src/test/java/org/springframework/security/web/util/OnCommittedResponseWrapperTests.java
index d22541e9da..1f39a8b7f4 100644
--- a/web/src/test/java/org/springframework/security/web/util/OnCommittedResponseWrapperTests.java
+++ b/web/src/test/java/org/springframework/security/web/util/OnCommittedResponseWrapperTests.java
@@ -62,8 +62,6 @@ public class OnCommittedResponseWrapperTests {
 		given(this.delegate.getOutputStream()).willReturn(this.out);
 	}
 
-	// --- printwriter
-
 	@Test
 	public void printWriterHashCode() throws Exception {
 		int expected = this.writer.hashCode();

From ff94944313d97b7c02ba8732ebbe63e3392ca7a4 Mon Sep 17 00:00:00 2001
From: Phillip Webb <pwebb@vmware.com>
Date: Wed, 29 Jul 2020 00:21:57 -0700
Subject: [PATCH 40/84] Add whitespace after copyright header

Add an additional lines after the copyright header and before the
`package` declaration. This aligns with the style used by Spring
Framework.

Issue gh-8945
---
 .../java/org/springframework/security/acls/AclEntryVoter.java   | 1 +
 .../security/acls/AclPermissionCacheOptimizer.java              | 1 +
 .../springframework/security/acls/AclPermissionEvaluator.java   | 1 +
 .../AclEntryAfterInvocationCollectionFilteringProvider.java     | 1 +
 .../acls/afterinvocation/AclEntryAfterInvocationProvider.java   | 1 +
 .../security/acls/afterinvocation/package-info.java             | 1 +
 .../security/acls/domain/AbstractPermission.java                | 1 +
 .../security/acls/domain/AccessControlEntryImpl.java            | 1 +
 .../security/acls/domain/AclFormattingUtils.java                | 1 +
 .../java/org/springframework/security/acls/domain/AclImpl.java  | 1 +
 .../org/springframework/security/acls/domain/AuditLogger.java   | 1 +
 .../springframework/security/acls/domain/BasePermission.java    | 1 +
 .../security/acls/domain/ConsoleAuditLogger.java                | 1 +
 .../security/acls/domain/CumulativePermission.java              | 1 +
 .../security/acls/domain/DefaultPermissionFactory.java          | 1 +
 .../security/acls/domain/DefaultPermissionGrantingStrategy.java | 1 +
 .../security/acls/domain/EhCacheBasedAclCache.java              | 1 +
 .../security/acls/domain/GrantedAuthoritySid.java               | 1 +
 .../security/acls/domain/IdentityUnavailableException.java      | 1 +
 .../security/acls/domain/ObjectIdentityImpl.java                | 1 +
 .../springframework/security/acls/domain/PermissionFactory.java | 1 +
 .../org/springframework/security/acls/domain/PrincipalSid.java  | 1 +
 .../security/acls/domain/SpringCacheBasedAclCache.java          | 1 +
 .../org/springframework/security/acls/domain/package-info.java  | 1 +
 .../org/springframework/security/acls/jdbc/AclClassIdUtils.java | 1 +
 .../springframework/security/acls/jdbc/BasicLookupStrategy.java | 1 +
 .../org/springframework/security/acls/jdbc/JdbcAclService.java  | 1 +
 .../security/acls/jdbc/JdbcMutableAclService.java               | 1 +
 .../org/springframework/security/acls/jdbc/LookupStrategy.java  | 1 +
 .../org/springframework/security/acls/jdbc/package-info.java    | 1 +
 .../springframework/security/acls/model/AccessControlEntry.java | 1 +
 .../main/java/org/springframework/security/acls/model/Acl.java  | 1 +
 .../java/org/springframework/security/acls/model/AclCache.java  | 1 +
 .../security/acls/model/AclDataAccessException.java             | 1 +
 .../org/springframework/security/acls/model/AclService.java     | 1 +
 .../security/acls/model/AlreadyExistsException.java             | 1 +
 .../security/acls/model/AuditableAccessControlEntry.java        | 1 +
 .../org/springframework/security/acls/model/AuditableAcl.java   | 1 +
 .../security/acls/model/ChildrenExistException.java             | 1 +
 .../org/springframework/security/acls/model/MutableAcl.java     | 1 +
 .../springframework/security/acls/model/MutableAclService.java  | 1 +
 .../springframework/security/acls/model/NotFoundException.java  | 1 +
 .../org/springframework/security/acls/model/ObjectIdentity.java | 1 +
 .../security/acls/model/ObjectIdentityGenerator.java            | 1 +
 .../org/springframework/security/acls/model/OwnershipAcl.java   | 1 +
 .../org/springframework/security/acls/model/Permission.java     | 1 +
 .../security/acls/model/PermissionGrantingStrategy.java         | 1 +
 .../main/java/org/springframework/security/acls/model/Sid.java  | 1 +
 .../security/acls/model/UnloadedSidException.java               | 1 +
 .../org/springframework/security/acls/model/package-info.java   | 1 +
 .../java/org/springframework/security/acls/package-info.java    | 1 +
 .../springframework/security/acls/AclFormattingUtilsTests.java  | 1 +
 .../security/acls/AclPermissionCacheOptimizerTests.java         | 1 +
 .../security/acls/AclPermissionEvaluatorTests.java              | 1 +
 .../java/org/springframework/security/acls/TargetObject.java    | 1 +
 .../org/springframework/security/acls/TargetObjectWithUUID.java | 1 +
 ...AclEntryAfterInvocationCollectionFilteringProviderTests.java | 1 +
 .../afterinvocation/AclEntryAfterInvocationProviderTests.java   | 1 +
 .../security/acls/domain/AccessControlImplEntryTests.java       | 1 +
 .../security/acls/domain/AclAuthorizationStrategyImplTests.java | 1 +
 .../org/springframework/security/acls/domain/AclImplTests.java  | 1 +
 .../acls/domain/AclImplementationSecurityCheckTests.java        | 1 +
 .../springframework/security/acls/domain/AuditLoggerTests.java  | 1 +
 .../security/acls/domain/ObjectIdentityImplTests.java           | 1 +
 .../acls/domain/ObjectIdentityRetrievalStrategyImplTests.java   | 1 +
 .../springframework/security/acls/domain/PermissionTests.java   | 1 +
 .../springframework/security/acls/domain/SpecialPermission.java | 1 +
 .../security/acls/jdbc/AbstractBasicLookupStrategyTests.java    | 1 +
 .../security/acls/jdbc/AclClassIdUtilsTests.java                | 1 +
 .../security/acls/jdbc/BasicLookupStrategyTests.java            | 1 +
 .../security/acls/jdbc/BasicLookupStrategyTestsDbHelper.java    | 1 +
 .../acls/jdbc/BasicLookupStrategyWithAclClassTypeTests.java     | 1 +
 .../org/springframework/security/acls/jdbc/DatabaseSeeder.java  | 1 +
 .../security/acls/jdbc/EhCacheBasedAclCacheTests.java           | 1 +
 .../springframework/security/acls/jdbc/JdbcAclServiceTests.java | 1 +
 .../security/acls/jdbc/JdbcMutableAclServiceTests.java          | 1 +
 .../acls/jdbc/JdbcMutableAclServiceTestsWithAclClassId.java     | 1 +
 .../security/acls/jdbc/SpringCacheBasedAclCacheTests.java       | 1 +
 .../java/org/springframework/security/acls/sid/CustomSid.java   | 1 +
 .../security/acls/sid/SidRetrievalStrategyTests.java            | 1 +
 .../java/org/springframework/security/acls/sid/SidTests.java    | 1 +
 .../intercept/aspectj/aspect/AnnotationSecurityAspectTests.java | 1 +
 .../org/springframework/security/cas/SamlServiceProperties.java | 1 +
 .../cas/authentication/CasAssertionAuthenticationToken.java     | 1 +
 .../security/cas/authentication/NullStatelessTicketCache.java   | 1 +
 .../cas/authentication/SpringCacheBasedTicketCache.java         | 1 +
 .../security/cas/authentication/package-info.java               | 1 +
 .../java/org/springframework/security/cas/package-info.java     | 1 +
 .../cas/userdetails/AbstractCasAssertionUserDetailsService.java | 1 +
 ...antedAuthorityFromAssertionAttributesUserDetailsService.java | 1 +
 .../web/authentication/DefaultServiceAuthenticationDetails.java | 1 +
 .../cas/web/authentication/ServiceAuthenticationDetails.java    | 1 +
 .../web/authentication/ServiceAuthenticationDetailsSource.java  | 1 +
 .../security/cas/web/authentication/package-info.java           | 1 +
 .../java/org/springframework/security/cas/web/package-info.java | 1 +
 .../cas/authentication/AbstractStatelessTicketCacheTests.java   | 1 +
 .../cas/authentication/NullStatelessTicketCacheTests.java       | 1 +
 ...AuthorityFromAssertionAttributesUserDetailsServiceTests.java | 1 +
 .../DefaultServiceAuthenticationDetailsTests.java               | 1 +
 .../ldap/NamespaceLdapAuthenticationProviderTestsConfigs.java   | 1 +
 .../security/config/annotation/rsocket/HelloHandler.java        | 1 +
 .../security/config/annotation/rsocket/JwtITests.java           | 1 +
 .../rsocket/RSocketMessageHandlerConnectionITests.java          | 1 +
 .../config/ldap/LdapServerBeanDefinitionParserTests.java        | 1 +
 .../config/ldap/LdapUserServiceBeanDefinitionParserTests.java   | 1 +
 .../main/java/org/springframework/security/config/BeanIds.java  | 1 +
 .../security/config/DebugBeanDefinitionParser.java              | 1 +
 .../main/java/org/springframework/security/config/Elements.java | 1 +
 .../security/config/SecurityNamespaceHandler.java               | 1 +
 .../config/annotation/AbstractConfiguredSecurityBuilder.java    | 1 +
 .../security/config/annotation/AbstractSecurityBuilder.java     | 1 +
 .../security/config/annotation/AlreadyBuiltException.java       | 1 +
 .../security/config/annotation/ObjectPostProcessor.java         | 1 +
 .../security/config/annotation/SecurityBuilder.java             | 1 +
 .../security/config/annotation/SecurityConfigurer.java          | 1 +
 .../security/config/annotation/SecurityConfigurerAdapter.java   | 1 +
 .../annotation/authentication/ProviderManagerBuilder.java       | 1 +
 .../authentication/builders/AuthenticationManagerBuilder.java   | 1 +
 .../configuration/AuthenticationConfiguration.java              | 1 +
 .../configuration/EnableGlobalAuthentication.java               | 1 +
 .../configuration/GlobalAuthenticationConfigurerAdapter.java    | 1 +
 .../InitializeAuthenticationProviderBeanManagerConfigurer.java  | 1 +
 .../InitializeUserDetailsBeanManagerConfigurer.java             | 1 +
 .../configurers/ldap/LdapAuthenticationProviderConfigurer.java  | 1 +
 .../provisioning/InMemoryUserDetailsManagerConfigurer.java      | 1 +
 .../provisioning/JdbcUserDetailsManagerConfigurer.java          | 1 +
 .../configurers/provisioning/UserDetailsManagerConfigurer.java  | 1 +
 .../userdetails/AbstractDaoAuthenticationConfigurer.java        | 1 +
 .../configurers/userdetails/DaoAuthenticationConfigurer.java    | 1 +
 .../configurers/userdetails/UserDetailsAwareConfigurer.java     | 1 +
 .../configurers/userdetails/UserDetailsServiceConfigurer.java   | 1 +
 .../configuration/AutowireBeanFactoryObjectPostProcessor.java   | 1 +
 .../configuration/ObjectPostProcessorConfiguration.java         | 1 +
 .../method/configuration/EnableGlobalMethodSecurity.java        | 1 +
 .../GlobalMethodSecurityAspectJAutoProxyRegistrar.java          | 1 +
 .../method/configuration/GlobalMethodSecurityConfiguration.java | 1 +
 .../method/configuration/GlobalMethodSecuritySelector.java      | 1 +
 .../method/configuration/Jsr250MetadataSourceConfiguration.java | 1 +
 .../MethodSecurityMetadataSourceAdvisorRegistrar.java           | 1 +
 .../config/annotation/web/AbstractRequestMatcherRegistry.java   | 1 +
 .../security/config/annotation/web/HttpSecurityBuilder.java     | 1 +
 .../security/config/annotation/web/WebSecurityConfigurer.java   | 1 +
 .../config/annotation/web/builders/FilterComparator.java        | 1 +
 .../security/config/annotation/web/builders/HttpSecurity.java   | 1 +
 .../security/config/annotation/web/builders/WebSecurity.java    | 1 +
 .../AutowiredWebSecurityConfigurersIgnoreParents.java           | 1 +
 .../config/annotation/web/configuration/EnableWebSecurity.java  | 1 +
 .../annotation/web/configuration/OAuth2ClientConfiguration.java | 1 +
 .../annotation/web/configuration/OAuth2ImportSelector.java      | 1 +
 .../web/configuration/SecurityReactorContextConfiguration.java  | 1 +
 .../web/configuration/SpringWebMvcImportSelector.java           | 1 +
 .../web/configuration/WebMvcSecurityConfiguration.java          | 1 +
 .../annotation/web/configuration/WebSecurityConfiguration.java  | 1 +
 .../web/configuration/WebSecurityConfigurerAdapter.java         | 1 +
 .../web/configurers/AbstractAuthenticationFilterConfigurer.java | 1 +
 .../AbstractConfigAttributeRequestMatcherRegistry.java          | 1 +
 .../annotation/web/configurers/AbstractHttpConfigurer.java      | 1 +
 .../web/configurers/AbstractInterceptUrlConfigurer.java         | 1 +
 .../config/annotation/web/configurers/AnonymousConfigurer.java  | 1 +
 .../annotation/web/configurers/ChannelSecurityConfigurer.java   | 1 +
 .../config/annotation/web/configurers/CorsConfigurer.java       | 1 +
 .../config/annotation/web/configurers/CsrfConfigurer.java       | 1 +
 .../annotation/web/configurers/DefaultLoginPageConfigurer.java  | 1 +
 .../annotation/web/configurers/ExceptionHandlingConfigurer.java | 1 +
 .../web/configurers/ExpressionUrlAuthorizationConfigurer.java   | 1 +
 .../config/annotation/web/configurers/FormLoginConfigurer.java  | 1 +
 .../config/annotation/web/configurers/HttpBasicConfigurer.java  | 1 +
 .../config/annotation/web/configurers/JeeConfigurer.java        | 1 +
 .../config/annotation/web/configurers/LogoutConfigurer.java     | 1 +
 .../config/annotation/web/configurers/PermitAllSupport.java     | 1 +
 .../config/annotation/web/configurers/PortMapperConfigurer.java | 1 +
 .../config/annotation/web/configurers/RememberMeConfigurer.java | 1 +
 .../annotation/web/configurers/RequestCacheConfigurer.java      | 1 +
 .../annotation/web/configurers/SecurityContextConfigurer.java   | 1 +
 .../config/annotation/web/configurers/ServletApiConfigurer.java | 1 +
 .../annotation/web/configurers/SessionManagementConfigurer.java | 1 +
 .../annotation/web/configurers/UrlAuthorizationConfigurer.java  | 1 +
 .../config/annotation/web/configurers/X509Configurer.java       | 1 +
 .../web/configurers/oauth2/client/ImplicitGrantConfigurer.java  | 1 +
 .../web/configurers/oauth2/client/OAuth2ClientConfigurer.java   | 1 +
 .../configurers/oauth2/client/OAuth2ClientConfigurerUtils.java  | 1 +
 .../web/configurers/oauth2/client/OAuth2LoginConfigurer.java    | 1 +
 .../web/configurers/openid/OpenIDLoginConfigurer.java           | 1 +
 .../web/messaging/MessageSecurityMetadataSourceRegistry.java    | 1 +
 .../web/servlet/configuration/EnableWebMvcSecurity.java         | 1 +
 .../web/servlet/configuration/WebMvcSecurityConfiguration.java  | 1 +
 .../AbstractSecurityWebSocketMessageBrokerConfigurer.java       | 1 +
 .../AbstractUserDetailsServiceBeanDefinitionParser.java         | 1 +
 .../AuthenticationManagerBeanDefinitionParser.java              | 1 +
 .../config/authentication/AuthenticationManagerFactoryBean.java | 1 +
 .../AuthenticationProviderBeanDefinitionParser.java             | 1 +
 .../authentication/JdbcUserServiceBeanDefinitionParser.java     | 1 +
 .../security/config/authentication/PasswordEncoderParser.java   | 1 +
 .../config/authentication/UserServiceBeanDefinitionParser.java  | 1 +
 .../security/config/authentication/package-info.java            | 1 +
 .../security/config/core/GrantedAuthorityDefaults.java          | 1 +
 .../config/debug/SecurityDebugBeanFactoryPostProcessor.java     | 1 +
 .../security/config/http/AuthenticationConfigBuilder.java       | 1 +
 .../security/config/http/ChannelAttributeFactory.java           | 1 +
 .../security/config/http/CorsBeanDefinitionParser.java          | 1 +
 .../security/config/http/CsrfBeanDefinitionParser.java          | 1 +
 .../security/config/http/DefaultFilterChainValidator.java       | 1 +
 .../security/config/http/FilterChainBeanDefinitionParser.java   | 1 +
 .../config/http/FilterChainMapBeanDefinitionDecorator.java      | 1 +
 .../http/FilterInvocationSecurityMetadataSourceParser.java      | 1 +
 .../security/config/http/FormLoginBeanDefinitionParser.java     | 1 +
 .../security/config/http/HttpConfigurationBuilder.java          | 1 +
 .../security/config/http/HttpFirewallBeanDefinitionParser.java  | 1 +
 .../security/config/http/HttpSecurityBeanDefinitionParser.java  | 1 +
 .../security/config/http/LogoutBeanDefinitionParser.java        | 1 +
 .../org/springframework/security/config/http/MatcherType.java   | 1 +
 .../security/config/http/OAuth2ClientBeanDefinitionParser.java  | 1 +
 .../config/http/OAuth2ClientBeanDefinitionParserUtils.java      | 1 +
 .../config/http/OAuth2ClientWebMvcSecurityPostProcessor.java    | 1 +
 .../security/config/http/OAuth2LoginBeanDefinitionParser.java   | 1 +
 .../security/config/http/PortMappingsBeanDefinitionParser.java  | 1 +
 .../security/config/http/RememberMeBeanDefinitionParser.java    | 1 +
 .../springframework/security/config/http/SecurityFilters.java   | 1 +
 .../security/config/http/SessionCreationPolicy.java             | 1 +
 .../security/config/http/UserDetailsServiceFactoryBean.java     | 1 +
 .../springframework/security/config/http/WebConfigUtils.java    | 1 +
 .../org/springframework/security/config/http/package-info.java  | 1 +
 .../security/config/ldap/ContextSourceSettingPostProcessor.java | 1 +
 .../security/config/ldap/LdapProviderBeanDefinitionParser.java  | 1 +
 .../security/config/ldap/LdapServerBeanDefinitionParser.java    | 1 +
 .../config/ldap/LdapUserServiceBeanDefinitionParser.java        | 1 +
 .../org/springframework/security/config/ldap/package-info.java  | 1 +
 .../config/method/GlobalMethodSecurityBeanDefinitionParser.java | 1 +
 .../config/method/InterceptMethodsBeanDefinitionDecorator.java  | 1 +
 .../security/config/method/MethodConfigUtils.java               | 1 +
 .../MethodSecurityMetadataSourceBeanDefinitionParser.java       | 1 +
 .../security/config/method/ProtectPointcutPostProcessor.java    | 1 +
 .../springframework/security/config/method/package-info.java    | 1 +
 .../oauth2/client/ClientRegistrationsBeanDefinitionParser.java  | 1 +
 .../security/config/oauth2/client/CommonOAuth2Provider.java     | 1 +
 .../java/org/springframework/security/config/package-info.java  | 1 +
 .../web/server/AbstractServerWebExchangeMatcherRegistry.java    | 1 +
 .../security/config/web/server/SecurityWebFiltersOrder.java     | 1 +
 .../WebSocketMessageBrokerSecurityBeanDefinitionParser.java     | 1 +
 .../security/BeanNameCollectingPostProcessor.java               | 1 +
 .../org/springframework/security/CollectingAppListener.java     | 1 +
 .../org/springframework/security/config/ConfigTestUtils.java    | 1 +
 .../springframework/security/config/DataSourcePopulator.java    | 1 +
 .../security/config/InvalidConfigurationTests.java              | 1 +
 .../security/config/MockAfterInvocationProvider.java            | 1 +
 .../springframework/security/config/MockTransactionManager.java | 1 +
 .../security/config/MockUserServiceBeanPostProcessor.java       | 1 +
 .../security/config/PostProcessedMockUserDetailsService.java    | 1 +
 .../security/config/SecurityNamespaceHandlerTests.java          | 1 +
 .../org/springframework/security/config/TestBusinessBean.java   | 1 +
 .../springframework/security/config/TestBusinessBeanImpl.java   | 1 +
 .../security/config/TransactionalTestBusinessBean.java          | 1 +
 .../config/annotation/ConcereteSecurityConfigurerAdapter.java   | 1 +
 .../security/config/annotation/ObjectPostProcessorTests.java    | 1 +
 .../annotation/SecurityConfigurerAdapterClosureTests.java       | 1 +
 .../config/annotation/SecurityConfigurerAdapterTests.java       | 1 +
 .../authentication/AuthenticationManagerBuilderTests.java       | 1 +
 .../annotation/authentication/BaseAuthenticationConfig.java     | 1 +
 .../authentication/NamespaceAuthenticationManagerTests.java     | 1 +
 .../configuration/AuthenticationConfigurationTests.java         | 1 +
 .../configuration/EnableGlobalAuthenticationTests.java          | 1 +
 .../ldap/LdapAuthenticationProviderConfigurerTests.java         | 1 +
 .../annotation/configuration/AroundMethodInterceptor.java       | 1 +
 .../AutowireBeanFactoryObjectPostProcessorTests.java            | 1 +
 .../security/config/annotation/configuration/MyAdvisedBean.java | 1 +
 .../security/config/annotation/issue50/ApplicationConfig.java   | 1 +
 .../security/config/annotation/issue50/Issue50Tests.java        | 1 +
 .../security/config/annotation/issue50/SecurityConfig.java      | 1 +
 .../security/config/annotation/issue50/domain/User.java         | 1 +
 .../security/config/annotation/issue50/repo/UserRepository.java | 1 +
 .../method/configuration/DelegatingReactiveMessageService.java  | 1 +
 .../configuration/GlobalMethodSecurityConfigurationTests.java   | 1 +
 .../method/configuration/MethodSecurityServiceConfig.java       | 1 +
 .../NamespaceGlobalMethodSecurityExpressionHandlerTests.java    | 1 +
 .../configuration/NamespaceGlobalMethodSecurityTests.java       | 1 +
 .../annotation/method/configuration/ReactiveMessageService.java | 1 +
 .../configuration/SampleEnableGlobalMethodSecurityTests.java    | 1 +
 .../security/config/annotation/sec2758/Sec2758Tests.java        | 1 +
 .../annotation/web/AbstractConfiguredSecurityBuilderTests.java  | 1 +
 .../web/AbstractRequestMatcherRegistryAnyMatcherTests.java      | 1 +
 .../annotation/web/AbstractRequestMatcherRegistryTests.java     | 1 +
 .../config/annotation/web/HttpSecurityHeadersTests.java         | 1 +
 .../annotation/web/SampleWebSecurityConfigurerAdapterTests.java | 1 +
 .../web/WebSecurityConfigurerAdapterPowermockTests.java         | 1 +
 .../annotation/web/WebSecurityConfigurerAdapterTests.java       | 1 +
 .../config/annotation/web/builders/HttpConfigurationTests.java  | 1 +
 .../config/annotation/web/builders/NamespaceHttpTests.java      | 1 +
 .../AuthenticationPrincipalArgumentResolverTests.java           | 1 +
 .../annotation/web/configuration/EnableWebSecurityTests.java    | 1 +
 .../web/configuration/OAuth2ClientConfigurationTests.java       | 1 +
 .../config/annotation/web/configuration/Sec2515Tests.java       | 1 +
 .../SecurityReactorContextConfigurationResourceServerTests.java | 1 +
 .../configuration/SecurityReactorContextConfigurationTests.java | 1 +
 .../web/configuration/WebMvcSecurityConfigurationTests.java     | 1 +
 .../web/configuration/WebSecurityConfigurationTests.java        | 1 +
 .../annotation/web/configuration/sec2377/Sec2377Tests.java      | 1 +
 .../annotation/web/configuration/sec2377/a/Sec2377AConfig.java  | 1 +
 .../annotation/web/configuration/sec2377/b/Sec2377BConfig.java  | 1 +
 .../annotation/web/configurers/AnonymousConfigurerTests.java    | 1 +
 .../annotation/web/configurers/AuthorizeRequestsTests.java      | 1 +
 .../annotation/web/configurers/CsrfConfigurerNoWebMvcTests.java | 1 +
 .../config/annotation/web/configurers/DefaultFiltersTests.java  | 1 +
 .../ExceptionHandlingConfigurerAccessDeniedHandlerTests.java    | 1 +
 .../web/configurers/ExceptionHandlingConfigurerTests.java       | 1 +
 .../web/configurers/HttpSecurityAntMatchersTests.java           | 1 +
 .../annotation/web/configurers/HttpSecurityLogoutTests.java     | 1 +
 .../web/configurers/HttpSecurityRequestMatchersTests.java       | 1 +
 .../config/annotation/web/configurers/Issue55Tests.java         | 1 +
 .../config/annotation/web/configurers/NamespaceDebugTests.java  | 1 +
 .../annotation/web/configurers/NamespaceHttpAnonymousTests.java | 1 +
 .../annotation/web/configurers/NamespaceHttpBasicTests.java     | 1 +
 .../web/configurers/NamespaceHttpCustomFilterTests.java         | 1 +
 .../web/configurers/NamespaceHttpExpressionHandlerTests.java    | 1 +
 .../annotation/web/configurers/NamespaceHttpFirewallTests.java  | 1 +
 .../annotation/web/configurers/NamespaceHttpFormLoginTests.java | 1 +
 .../annotation/web/configurers/NamespaceHttpHeadersTests.java   | 1 +
 .../web/configurers/NamespaceHttpInterceptUrlTests.java         | 1 +
 .../annotation/web/configurers/NamespaceHttpJeeTests.java       | 1 +
 .../annotation/web/configurers/NamespaceHttpLogoutTests.java    | 1 +
 .../web/configurers/NamespaceHttpOpenIDLoginTests.java          | 1 +
 .../web/configurers/NamespaceHttpPortMappingsTests.java         | 1 +
 .../web/configurers/NamespaceHttpRequestCacheTests.java         | 1 +
 .../NamespaceHttpServerAccessDeniedHandlerTests.java            | 1 +
 .../annotation/web/configurers/NamespaceHttpX509Tests.java      | 1 +
 .../annotation/web/configurers/NamespaceRememberMeTests.java    | 1 +
 .../web/configurers/NamespaceSessionManagementTests.java        | 1 +
 .../annotation/web/configurers/PermitAllSupportTests.java       | 1 +
 .../annotation/web/configurers/PortMapperConfigurerTests.java   | 1 +
 .../annotation/web/configurers/RequestCacheConfigurerTests.java | 1 +
 .../configurers/SessionManagementConfigurerServlet31Tests.java  | 1 +
 ...nManagementConfigurerSessionAuthenticationStrategyTests.java | 1 +
 ...SessionManagementConfigurerTransientAuthenticationTests.java | 1 +
 .../web/configurers/UrlAuthorizationConfigurerTests.java        | 1 +
 .../annotation/web/configurers/UrlAuthorizationsTests.java      | 1 +
 .../configurers/oauth2/client/OAuth2ClientConfigurerTests.java  | 1 +
 .../configurers/oauth2/client/OAuth2LoginConfigurerTests.java   | 1 +
 .../messaging/MessageSecurityMetadataSourceRegistryTests.java   | 1 +
 ...bstractSecurityWebSocketMessageBrokerConfigurerDocTests.java | 1 +
 .../AbstractSecurityWebSocketMessageBrokerConfigurerTests.java  | 1 +
 .../socket/SyncExecutorSubscribableChannelPostProcessor.java    | 1 +
 .../AuthenticationManagerBeanDefinitionParserTests.java         | 1 +
 .../AuthenticationProviderBeanDefinitionParserTests.java        | 1 +
 .../JdbcUserServiceBeanDefinitionParserTests.java               | 1 +
 .../authentication/UserServiceBeanDefinitionParserTests.java    | 1 +
 .../security/config/core/GrantedAuthorityDefaultsJcTests.java   | 1 +
 .../security/config/core/GrantedAuthorityDefaultsXmlTests.java  | 1 +
 .../security/config/core/HelloWorldMessageService.java          | 1 +
 .../springframework/security/config/core/MessageService.java    | 1 +
 .../security/config/debug/AuthProviderDependency.java           | 1 +
 .../debug/SecurityDebugBeanFactoryPostProcessorTests.java       | 1 +
 .../security/config/debug/TestAuthenticationProvider.java       | 1 +
 .../java/org/springframework/security/config/doc/Attribute.java | 1 +
 .../java/org/springframework/security/config/doc/Element.java   | 1 +
 .../security/config/doc/SpringSecurityXsdParser.java            | 1 +
 .../java/org/springframework/security/config/doc/XmlNode.java   | 1 +
 .../java/org/springframework/security/config/doc/XmlParser.java | 1 +
 .../org/springframework/security/config/doc/XmlSupport.java     | 1 +
 .../springframework/security/config/doc/XsdDocumentedTests.java | 1 +
 .../security/config/http/AccessDeniedConfigTests.java           | 1 +
 .../security/config/http/CsrfBeanDefinitionParserTests.java     | 1 +
 .../springframework/security/config/http/CsrfConfigTests.java   | 1 +
 .../security/config/http/DefaultFilterChainValidatorTests.java  | 1 +
 .../FilterSecurityMetadataSourceBeanDefinitionParserTests.java  | 1 +
 .../config/http/FormLoginBeanDefinitionParserTests.java         | 1 +
 .../security/config/http/FormLoginConfigTests.java              | 1 +
 .../springframework/security/config/http/HttpConfigTests.java   | 1 +
 .../security/config/http/HttpCorsConfigTests.java               | 1 +
 .../security/config/http/HttpHeadersConfigTests.java            | 1 +
 .../security/config/http/HttpInterceptUrlTests.java             | 1 +
 .../security/config/http/InterceptUrlConfigTests.java           | 1 +
 .../security/config/http/MultiHttpBlockConfigTests.java         | 1 +
 .../config/http/OAuth2ClientBeanDefinitionParserTests.java      | 1 +
 .../config/http/OAuth2LoginBeanDefinitionParserTests.java       | 1 +
 .../http/OAuth2ResourceServerBeanDefinitionParserTests.java     | 1 +
 .../springframework/security/config/http/OpenIDConfigTests.java | 1 +
 .../security/config/http/PlaceHolderAndELConfigTests.java       | 1 +
 .../security/config/http/RememberMeConfigTests.java             | 1 +
 .../http/SecurityContextHolderAwareRequestConfigTests.java      | 1 +
 .../security/config/http/SecurityFiltersAssertions.java         | 1 +
 .../config/http/SessionManagementConfigServlet31Tests.java      | 1 +
 .../security/config/http/SessionManagementConfigTests.java      | 1 +
 .../SessionManagementConfigTransientAuthenticationTests.java    | 1 +
 .../security/config/http/WebConfigUtilsTests.java               | 1 +
 .../security/config/http/customconfigurer/CustomConfigurer.java | 1 +
 .../customconfigurer/CustomHttpSecurityConfigurerTests.java     | 1 +
 .../org/springframework/security/config/method/Contact.java     | 1 +
 .../security/config/method/ContactPermission.java               | 1 +
 .../method/GlobalMethodSecurityBeanDefinitionParserTests.java   | 1 +
 .../method/InterceptMethodsBeanDefinitionDecoratorTests.java    | 1 +
 .../method/Jsr250AnnotationDrivenBeanDefinitionParserTests.java | 1 +
 .../security/config/method/PreAuthorizeAdminRole.java           | 1 +
 .../security/config/method/PreAuthorizeServiceImpl.java         | 1 +
 .../security/config/method/PreAuthorizeTests.java               | 1 +
 .../springframework/security/config/method/Sec2196Tests.java    | 1 +
 .../security/config/method/SecuredAdminRole.java                | 1 +
 .../SecuredAnnotationDrivenBeanDefinitionParserTests.java       | 1 +
 .../security/config/method/SecuredServiceImpl.java              | 1 +
 .../springframework/security/config/method/SecuredTests.java    | 1 +
 .../security/config/method/TestPermissionEvaluator.java         | 1 +
 .../security/config/method/sec2136/JpaPermissionEvaluator.java  | 1 +
 .../security/config/method/sec2136/Sec2136Tests.java            | 1 +
 .../security/config/method/sec2499/Sec2499Tests.java            | 1 +
 .../client/ClientRegistrationsBeanDefinitionParserTests.java    | 1 +
 .../config/oauth2/client/CommonOAuth2ProviderTests.java         | 1 +
 .../security/config/util/InMemoryXmlApplicationContext.java     | 1 +
 .../security/config/util/InMemoryXmlWebApplicationContext.java  | 1 +
 .../security/config/web/server/ExceptionHandlingSpecTests.java  | 1 +
 .../config/websocket/MessageSecurityPostProcessorTests.java     | 1 +
 .../config/websocket/WebSocketMessageBrokerConfigTests.java     | 1 +
 .../MethodSecurityInterceptorWithAopConfigTests.java            | 1 +
 .../security/access/PermissionCacheOptimizer.java               | 1 +
 .../springframework/security/access/PermissionEvaluator.java    | 1 +
 .../security/access/annotation/AnnotationMetadataExtractor.java | 1 +
 .../security/access/annotation/Jsr250SecurityConfig.java        | 1 +
 .../springframework/security/access/annotation/Jsr250Voter.java | 1 +
 .../security/access/annotation/package-info.java                | 1 +
 .../org/springframework/security/access/event/package-info.java | 1 +
 .../access/expression/AbstractSecurityExpressionHandler.java    | 1 +
 .../security/access/expression/DenyAllPermissionEvaluator.java  | 1 +
 .../security/access/expression/ExpressionUtils.java             | 1 +
 .../security/access/expression/SecurityExpressionHandler.java   | 1 +
 .../access/expression/SecurityExpressionOperations.java         | 1 +
 .../security/access/expression/SecurityExpressionRoot.java      | 1 +
 .../method/AbstractExpressionBasedMethodConfigAttribute.java    | 1 +
 .../method/DefaultMethodSecurityExpressionHandler.java          | 1 +
 .../method/ExpressionBasedAnnotationAttributeFactory.java       | 1 +
 .../expression/method/ExpressionBasedPostInvocationAdvice.java  | 1 +
 .../expression/method/ExpressionBasedPreInvocationAdvice.java   | 1 +
 .../expression/method/MethodSecurityEvaluationContext.java      | 1 +
 .../expression/method/MethodSecurityExpressionHandler.java      | 1 +
 .../expression/method/MethodSecurityExpressionOperations.java   | 1 +
 .../access/expression/method/MethodSecurityExpressionRoot.java  | 1 +
 .../expression/method/PostInvocationExpressionAttribute.java    | 1 +
 .../expression/method/PreInvocationExpressionAttribute.java     | 1 +
 .../security/access/expression/method/package-info.java         | 1 +
 .../security/access/expression/package-info.java                | 1 +
 .../access/hierarchicalroles/CycleInRoleHierarchyException.java | 1 +
 .../security/access/hierarchicalroles/NullRoleHierarchy.java    | 1 +
 .../security/access/hierarchicalroles/RoleHierarchy.java        | 1 +
 .../hierarchicalroles/RoleHierarchyAuthoritiesMapper.java       | 1 +
 .../security/access/hierarchicalroles/RoleHierarchyImpl.java    | 1 +
 .../security/access/hierarchicalroles/RoleHierarchyUtils.java   | 1 +
 .../security/access/hierarchicalroles/package-info.java         | 1 +
 .../security/access/intercept/aopalliance/package-info.java     | 1 +
 .../intercept/aspectj/AspectJMethodSecurityInterceptor.java     | 1 +
 .../access/intercept/aspectj/MethodInvocationAdapter.java       | 1 +
 .../security/access/intercept/aspectj/package-info.java         | 1 +
 .../springframework/security/access/intercept/package-info.java | 1 +
 .../method/AbstractFallbackMethodSecurityMetadataSource.java    | 1 +
 .../access/method/DelegatingMethodSecurityMetadataSource.java   | 1 +
 .../main/java/org/springframework/security/access/method/P.java | 1 +
 .../springframework/security/access/method/package-info.java    | 1 +
 .../java/org/springframework/security/access/package-info.java  | 1 +
 .../springframework/security/access/prepost/PostAuthorize.java  | 1 +
 .../org/springframework/security/access/prepost/PostFilter.java | 1 +
 .../security/access/prepost/PostInvocationAdviceProvider.java   | 1 +
 .../security/access/prepost/PostInvocationAttribute.java        | 1 +
 .../access/prepost/PostInvocationAuthorizationAdvice.java       | 1 +
 .../springframework/security/access/prepost/PreAuthorize.java   | 1 +
 .../org/springframework/security/access/prepost/PreFilter.java  | 1 +
 .../security/access/prepost/PreInvocationAttribute.java         | 1 +
 .../access/prepost/PreInvocationAuthorizationAdvice.java        | 1 +
 .../access/prepost/PreInvocationAuthorizationAdviceVoter.java   | 1 +
 .../access/prepost/PrePostAnnotationSecurityMetadataSource.java | 1 +
 .../access/prepost/PrePostInvocationAttributeFactory.java       | 1 +
 .../springframework/security/access/prepost/package-info.java   | 1 +
 .../springframework/security/access/vote/AbstractAclVoter.java  | 1 +
 .../security/access/vote/RoleHierarchyVoter.java                | 1 +
 .../org/springframework/security/access/vote/package-info.java  | 1 +
 .../security/authentication/AccountStatusException.java         | 1 +
 .../authentication/AccountStatusUserDetailsChecker.java         | 1 +
 .../security/authentication/AuthenticationEventPublisher.java   | 1 +
 .../security/authentication/CachingUserDetailsService.java      | 1 +
 .../authentication/DefaultAuthenticationEventPublisher.java     | 1 +
 .../authentication/InternalAuthenticationServiceException.java  | 1 +
 .../security/authentication/ProviderManager.java                | 1 +
 .../security/authentication/ReactiveAuthenticationManager.java  | 1 +
 .../authentication/ReactiveAuthenticationManagerAdapter.java    | 1 +
 .../security/authentication/dao/package-info.java               | 1 +
 .../security/authentication/event/package-info.java             | 2 +-
 .../authentication/jaas/AbstractJaasAuthenticationProvider.java | 1 +
 .../authentication/jaas/DefaultJaasAuthenticationProvider.java  | 1 +
 .../security/authentication/jaas/event/package-info.java        | 1 +
 .../authentication/jaas/memory/InMemoryConfiguration.java       | 1 +
 .../security/authentication/jaas/memory/package-info.java       | 1 +
 .../security/authentication/jaas/package-info.java              | 1 +
 .../springframework/security/authentication/package-info.java   | 1 +
 .../security/authentication/rcp/package-info.java               | 1 +
 .../security/authorization/ReactiveAuthorizationManager.java    | 1 +
 .../concurrent/AbstractDelegatingSecurityContextSupport.java    | 1 +
 .../security/concurrent/DelegatingSecurityContextCallable.java  | 1 +
 .../security/concurrent/DelegatingSecurityContextExecutor.java  | 1 +
 .../concurrent/DelegatingSecurityContextExecutorService.java    | 1 +
 .../security/concurrent/DelegatingSecurityContextRunnable.java  | 1 +
 .../DelegatingSecurityContextScheduledExecutorService.java      | 1 +
 .../security/context/DelegatingApplicationListener.java         | 1 +
 .../springframework/security/core/AuthenticatedPrincipal.java   | 1 +
 .../org/springframework/security/core/ComparableVersion.java    | 1 +
 .../org/springframework/security/core/CredentialsContainer.java | 1 +
 .../security/core/SpringSecurityCoreVersion.java                | 1 +
 .../security/core/annotation/AuthenticationPrincipal.java       | 1 +
 .../security/core/annotation/CurrentSecurityContext.java        | 1 +
 .../springframework/security/core/authority/AuthorityUtils.java | 1 +
 .../security/core/authority/GrantedAuthoritiesContainer.java    | 1 +
 .../security/core/authority/SimpleGrantedAuthority.java         | 1 +
 .../authority/mapping/Attributes2GrantedAuthoritiesMapper.java  | 1 +
 .../core/authority/mapping/GrantedAuthoritiesMapper.java        | 1 +
 .../mapping/MapBasedAttributes2GrantedAuthoritiesMapper.java    | 1 +
 .../core/authority/mapping/MappableAttributesRetriever.java     | 1 +
 .../security/core/authority/mapping/NullAuthoritiesMapper.java  | 1 +
 .../mapping/SimpleAttributes2GrantedAuthoritiesMapper.java      | 1 +
 .../security/core/authority/mapping/SimpleAuthorityMapper.java  | 1 +
 .../authority/mapping/SimpleMappableAttributesRetriever.java    | 1 +
 .../security/core/authority/mapping/package-info.java           | 1 +
 .../springframework/security/core/authority/package-info.java   | 1 +
 .../org/springframework/security/core/context/package-info.java | 1 +
 .../java/org/springframework/security/core/package-info.java    | 1 +
 .../core/parameters/AnnotationParameterNameDiscoverer.java      | 1 +
 .../core/parameters/DefaultSecurityParameterNameDiscoverer.java | 1 +
 .../java/org/springframework/security/core/parameters/P.java    | 1 +
 .../security/core/session/SessionCreationEvent.java             | 1 +
 .../security/core/session/SessionDestroyedEvent.java            | 1 +
 .../security/core/session/SessionIdChangedEvent.java            | 1 +
 .../org/springframework/security/core/session/package-info.java | 1 +
 .../org/springframework/security/core/token/DefaultToken.java   | 1 +
 .../security/core/token/KeyBasedPersistenceTokenService.java    | 1 +
 .../security/core/token/SecureRandomFactoryBean.java            | 1 +
 .../springframework/security/core/token/Sha512DigestUtils.java  | 1 +
 .../java/org/springframework/security/core/token/Token.java     | 1 +
 .../org/springframework/security/core/token/TokenService.java   | 1 +
 .../org/springframework/security/core/token/package-info.java   | 1 +
 .../core/userdetails/AuthenticationUserDetailsService.java      | 1 +
 .../core/userdetails/UserDetailsByNameServiceWrapper.java       | 1 +
 .../security/core/userdetails/UserDetailsChecker.java           | 1 +
 .../core/userdetails/cache/SpringCacheBasedUserCache.java       | 1 +
 .../security/core/userdetails/cache/package-info.java           | 1 +
 .../security/core/userdetails/jdbc/package-info.java            | 1 +
 .../security/core/userdetails/memory/package-info.java          | 1 +
 .../springframework/security/core/userdetails/package-info.java | 1 +
 .../security/jackson2/BadCredentialsExceptionMixin.java         | 1 +
 .../org/springframework/security/jackson2/package-info.java     | 1 +
 .../org/springframework/security/provisioning/GroupManager.java | 1 +
 .../security/provisioning/InMemoryUserDetailsManager.java       | 1 +
 .../security/provisioning/JdbcUserDetailsManager.java           | 1 +
 .../org/springframework/security/provisioning/MutableUser.java  | 1 +
 .../security/provisioning/MutableUserDetails.java               | 1 +
 .../security/provisioning/UserDetailsManager.java               | 1 +
 .../org/springframework/security/provisioning/package-info.java | 1 +
 .../DelegatingSecurityContextSchedulingTaskExecutor.java        | 1 +
 .../scheduling/DelegatingSecurityContextTaskScheduler.java      | 1 +
 .../task/DelegatingSecurityContextAsyncTaskExecutor.java        | 1 +
 .../security/task/DelegatingSecurityContextTaskExecutor.java    | 1 +
 .../java/org/springframework/security/util/package-info.java    | 1 +
 .../test/java/org/springframework/security/TestDataSource.java  | 1 +
 .../security/access/annotation/BusinessServiceImpl.java         | 1 +
 .../org/springframework/security/access/annotation/Entity.java  | 1 +
 .../annotation/ExpressionProtectedBusinessServiceImpl.java      | 1 +
 .../security/access/annotation/Jsr250BusinessServiceImpl.java   | 1 +
 .../security/access/annotation/Jsr250VoterTests.java            | 1 +
 .../security/access/annotation/sec2150/CrudRepository.java      | 1 +
 .../access/annotation/sec2150/MethodInvocationFactory.java      | 1 +
 .../security/access/annotation/sec2150/PersonRepository.java    | 1 +
 .../expression/AbstractSecurityExpressionHandlerTests.java      | 1 +
 .../security/access/expression/SecurityExpressionRootTests.java | 1 +
 .../method/DefaultMethodSecurityExpressionHandlerTests.java     | 1 +
 .../method/ExpressionBasedPreInvocationAdviceTests.java         | 1 +
 .../access/expression/method/MethodExpressionVoterTests.java    | 1 +
 .../expression/method/MethodSecurityEvaluationContextTests.java | 1 +
 .../expression/method/MethodSecurityExpressionRootTests.java    | 1 +
 .../method/PrePostAnnotationSecurityMetadataSourceTests.java    | 1 +
 .../security/access/expression/method/SecurityRules.java        | 1 +
 .../access/hierarchicalroles/HierarchicalRolesTestHelper.java   | 1 +
 .../hierarchicalroles/RoleHierarchyAuthoritiesMapperTests.java  | 1 +
 .../access/hierarchicalroles/RoleHierarchyImplTests.java        | 1 +
 .../access/hierarchicalroles/RoleHierarchyUtilsTests.java       | 1 +
 .../security/access/hierarchicalroles/TestHelperTests.java      | 1 +
 .../method/MapBasedMethodSecurityMetadataSourceTests.java       | 1 +
 .../security/access/intercept/method/MockMethodInvocation.java  | 1 +
 .../method/DelegatingMethodSecurityMetadataSourceTests.java     | 1 +
 .../prepost/PreInvocationAuthorizationAdviceVoterTests.java     | 1 +
 .../security/access/vote/AbstractAclVoterTests.java             | 1 +
 .../security/access/vote/RoleHierarchyVoterTests.java           | 1 +
 .../springframework/security/access/vote/RoleVoterTests.java    | 1 +
 .../DefaultAuthenticationEventPublisherTests.java               | 1 +
 .../ReactiveUserDetailsServiceAuthenticationManagerTests.java   | 1 +
 .../authentication/TestingAuthenticationTokenTests.java         | 1 +
 .../security/authentication/dao/MockUserCache.java              | 1 +
 .../jaas/DefaultJaasAuthenticationProviderTests.java            | 1 +
 .../security/authentication/jaas/Sec760Tests.java               | 1 +
 .../authentication/jaas/memory/InMemoryConfigurationTests.java  | 1 +
 .../AbstractDelegatingSecurityContextExecutorServiceTests.java  | 1 +
 .../AbstractDelegatingSecurityContextExecutorTests.java         | 1 +
 ...tDelegatingSecurityContextScheduledExecutorServiceTests.java | 1 +
 .../AbstractDelegatingSecurityContextTestSupport.java           | 1 +
 .../CurrentDelegatingSecurityContextExecutorServiceTests.java   | 1 +
 .../CurrentDelegatingSecurityContextExecutorTests.java          | 1 +
 ...tDelegatingSecurityContextScheduledExecutorServiceTests.java | 1 +
 .../concurrent/DelegatingSecurityContextCallableTests.java      | 1 +
 .../concurrent/DelegatingSecurityContextRunnableTests.java      | 1 +
 .../concurrent/DelegatingSecurityContextSupportTests.java       | 1 +
 .../ExplicitDelegatingSecurityContextExecutorServiceTests.java  | 1 +
 .../ExplicitDelegatingSecurityContextExecutorTests.java         | 1 +
 ...tDelegatingSecurityContextScheduledExecutorServiceTests.java | 1 +
 .../security/context/DelegatingApplicationListenerTests.java    | 1 +
 .../org/springframework/security/core/JavaVersionTests.java     | 1 +
 .../security/core/SpringSecurityCoreVersionTests.java           | 1 +
 .../security/core/authority/AuthorityUtilsTests.java            | 1 +
 .../MapBasedAttributes2GrantedAuthoritiesMapperTests.java       | 1 +
 .../core/authority/mapping/SimpleAuthoritiesMapperTests.java    | 1 +
 .../authority/mapping/SimpleMappableRolesRetrieverTests.java    | 1 +
 .../mapping/SimpleRoles2GrantedAuthoritiesMapperTests.java      | 1 +
 .../core/parameters/AnnotationParameterNameDiscovererTests.java | 1 +
 .../parameters/DefaultSecurityParameterNameDiscovererTests.java | 1 +
 .../springframework/security/core/token/DefaultTokenTests.java  | 1 +
 .../core/token/KeyBasedPersistenceTokenServiceTests.java        | 1 +
 .../security/core/token/SecureRandomFactoryBeanTests.java       | 1 +
 .../core/userdetails/MapReactiveUserDetailsServiceTests.java    | 1 +
 .../security/core/userdetails/MockUserDetailsService.java       | 1 +
 .../core/userdetails/UserDetailsByNameServiceWrapperTests.java  | 1 +
 .../security/jackson2/BadCredentialsExceptionMixinTests.java    | 1 +
 .../security/provisioning/JdbcUserDetailsManagerTests.java      | 1 +
 .../AbstractSecurityContextSchedulingTaskExecutorTests.java     | 1 +
 .../CurrentSecurityContextSchedulingTaskExecutorTests.java      | 1 +
 .../scheduling/DelegatingSecurityContextTaskSchedulerTests.java | 1 +
 .../ExplicitSecurityContextSchedulingTaskExecutorTests.java     | 1 +
 ...AbstractDelegatingSecurityContextAsyncTaskExecutorTests.java | 1 +
 .../CurrentDelegatingSecurityContextAsyncTaskExecutorTests.java | 1 +
 .../task/CurrentDelegatingSecurityContextTaskExecutorTests.java | 1 +
 ...ExplicitDelegatingSecurityContextAsyncTaskExecutorTests.java | 1 +
 .../ExplicitDelegatingSecurityContextTaskExecutorTests.java     | 1 +
 .../java/org/springframework/security/util/FieldUtilsTests.java | 1 +
 .../springframework/security/util/InMemoryResourceTests.java    | 1 +
 .../security/util/MethodInvocationUtilsTests.java               | 1 +
 .../security/crypto/argon2/Argon2EncodingUtils.java             | 1 +
 .../java/org/springframework/security/crypto/bcrypt/BCrypt.java | 1 +
 .../security/crypto/bcrypt/BCryptPasswordEncoder.java           | 1 +
 .../java/org/springframework/security/crypto/codec/Base64.java  | 1 +
 .../java/org/springframework/security/crypto/codec/Hex.java     | 1 +
 .../java/org/springframework/security/crypto/codec/Utf8.java    | 1 +
 .../org/springframework/security/crypto/codec/package-info.java | 1 +
 .../security/crypto/encrypt/AesBytesEncryptor.java              | 1 +
 .../security/crypto/encrypt/BouncyCastleAesBytesEncryptor.java  | 1 +
 .../crypto/encrypt/BouncyCastleAesCbcBytesEncryptor.java        | 1 +
 .../crypto/encrypt/BouncyCastleAesGcmBytesEncryptor.java        | 1 +
 .../springframework/security/crypto/encrypt/BytesEncryptor.java | 1 +
 .../springframework/security/crypto/encrypt/CipherUtils.java    | 1 +
 .../org/springframework/security/crypto/encrypt/Encryptors.java | 1 +
 .../security/crypto/encrypt/HexEncodingTextEncryptor.java       | 1 +
 .../springframework/security/crypto/encrypt/TextEncryptor.java  | 1 +
 .../security/crypto/keygen/Base64StringKeyGenerator.java        | 1 +
 .../security/crypto/keygen/BytesKeyGenerator.java               | 1 +
 .../security/crypto/keygen/HexEncodingStringKeyGenerator.java   | 1 +
 .../springframework/security/crypto/keygen/KeyGenerators.java   | 1 +
 .../security/crypto/keygen/SecureRandomBytesKeyGenerator.java   | 1 +
 .../security/crypto/keygen/SharedKeyGenerator.java              | 1 +
 .../security/crypto/keygen/StringKeyGenerator.java              | 1 +
 .../security/crypto/password/AbstractPasswordEncoder.java       | 1 +
 .../org/springframework/security/crypto/password/Digester.java  | 1 +
 .../java/org/springframework/security/crypto/password/Md4.java  | 1 +
 .../security/crypto/password/Md4PasswordEncoder.java            | 1 +
 .../security/crypto/password/MessageDigestPasswordEncoder.java  | 1 +
 .../security/crypto/password/NoOpPasswordEncoder.java           | 1 +
 .../security/crypto/password/PasswordEncoder.java               | 1 +
 .../security/crypto/password/PasswordEncoderUtils.java          | 1 +
 .../security/crypto/password/Pbkdf2PasswordEncoder.java         | 1 +
 .../security/crypto/password/StandardPasswordEncoder.java       | 1 +
 .../security/crypto/scrypt/SCryptPasswordEncoder.java           | 1 +
 .../org/springframework/security/crypto/util/EncodingUtils.java | 1 +
 .../security/crypto/argon2/Argon2EncodingUtilsTests.java        | 1 +
 .../security/crypto/argon2/Argon2PasswordEncoderTests.java      | 1 +
 .../security/crypto/bcrypt/BCryptPasswordEncoderTests.java      | 1 +
 .../org/springframework/security/crypto/codec/Base64Tests.java  | 1 +
 .../org/springframework/security/crypto/codec/HexTests.java     | 1 +
 .../org/springframework/security/crypto/codec/Utf8Tests.java    | 1 +
 .../encrypt/BouncyCastleAesBytesEncryptorEquivalencyTests.java  | 1 +
 .../crypto/encrypt/BouncyCastleAesBytesEncryptorTests.java      | 1 +
 .../security/crypto/encrypt/CryptoAssumptions.java              | 1 +
 .../security/crypto/encrypt/EncryptorsTests.java                | 1 +
 .../security/crypto/keygen/KeyGeneratorsTests.java              | 1 +
 .../springframework/security/crypto/password/DigesterTests.java | 1 +
 .../security/crypto/password/PasswordEncoderUtilsTests.java     | 1 +
 .../security/crypto/password/Pbkdf2PasswordEncoderTests.java    | 1 +
 .../security/crypto/password/StandardPasswordEncoderTests.java  | 1 +
 .../security/crypto/scrypt/SCryptPasswordEncoderTests.java      | 1 +
 .../security/crypto/util/EncodingUtilsTests.java                | 1 +
 .../repository/query/SecurityEvaluationContextExtension.java    | 1 +
 .../query/SecurityEvaluationContextExtensionTests.java          | 1 +
 .../integration/HttpNamespaceWithMultipleInterceptorsTests.java | 1 +
 .../security/integration/HttpPathParameterStrippingTests.java   | 1 +
 .../security/integration/MultiAnnotationTests.java              | 1 +
 .../security/integration/SEC933ApplicationContextTests.java     | 1 +
 .../security/integration/SEC936ApplicationContextTests.java     | 1 +
 .../security/integration/StubUserRepository.java                | 1 +
 .../integration/python/PythonInterpreterBasedSecurityTests.java | 1 +
 .../security/performance/FilterChainPerformanceTests.java       | 1 +
 .../security/performance/ProtectPointcutPerformanceTests.java   | 1 +
 .../security/integration/UserDetailsServiceImpl.java            | 1 +
 .../springframework/security/integration/UserRepository.java    | 1 +
 .../integration/multiannotation/MultiAnnotationService.java     | 1 +
 .../integration/multiannotation/MultiAnnotationServiceImpl.java | 1 +
 .../integration/multiannotation/PreAuthorizeService.java        | 1 +
 .../integration/multiannotation/PreAuthorizeServiceImpl.java    | 1 +
 .../security/integration/multiannotation/SecuredService.java    | 1 +
 .../integration/multiannotation/SecuredServiceImpl.java         | 1 +
 .../python/PythonInterpreterPostInvocationAdvice.java           | 1 +
 .../python/PythonInterpreterPreInvocationAdvice.java            | 1 +
 .../python/PythonInterpreterPreInvocationAttribute.java         | 1 +
 .../PythonInterpreterPrePostInvocationAttributeFactory.java     | 1 +
 .../security/integration/python/TestService.java                | 1 +
 .../security/integration/python/TestServiceImpl.java            | 1 +
 .../security/context/SecurityContextHolderMTTests.java          | 1 +
 .../security/integration/AbstractWebServerIntegrationTests.java | 1 +
 .../security/integration/BasicAuthenticationTests.java          | 1 +
 .../security/integration/ConcurrentSessionManagementTests.java  | 1 +
 .../org/springframework/security/itest/web/TestController.java  | 1 +
 .../springframework/security/ldap/ApacheDsContainerConfig.java  | 1 +
 .../security/ldap/DefaultSpringSecurityContextSourceTests.java  | 1 +
 .../security/ldap/server/ApacheDSEmbeddedLdifTests.java         | 1 +
 .../security/ldap/server/UnboundIdContainerLdifTests.java       | 1 +
 .../security/ldap/server/UnboundIdContainerTests.java           | 1 +
 .../userdetails/LdapUserDetailsManagerModifyPasswordTests.java  | 1 +
 .../ldap/userdetails/NestedLdapAuthoritiesPopulatorTests.java   | 1 +
 .../security/ldap/DefaultLdapUsernameToDnMapper.java            | 1 +
 .../security/ldap/DefaultSpringSecurityContextSource.java       | 1 +
 .../springframework/security/ldap/LdapUsernameToDnMapper.java   | 1 +
 .../security/ldap/SpringSecurityLdapTemplate.java               | 1 +
 .../ldap/authentication/AbstractLdapAuthenticationProvider.java | 1 +
 .../ldap/authentication/NullLdapAuthoritiesPopulator.java       | 1 +
 .../ldap/authentication/SpringSecurityAuthenticationSource.java | 1 +
 .../UserDetailsServiceLdapAuthoritiesPopulator.java             | 1 +
 .../ad/ActiveDirectoryAuthenticationException.java              | 1 +
 .../ad/ActiveDirectoryLdapAuthenticationProvider.java           | 1 +
 .../security/ldap/authentication/package-info.java              | 1 +
 .../java/org/springframework/security/ldap/package-info.java    | 1 +
 .../security/ldap/ppolicy/PasswordPolicyAwareContextSource.java | 1 +
 .../security/ldap/ppolicy/PasswordPolicyControlExtractor.java   | 1 +
 .../security/ldap/ppolicy/PasswordPolicyData.java               | 1 +
 .../security/ldap/ppolicy/PasswordPolicyErrorStatus.java        | 1 +
 .../security/ldap/ppolicy/PasswordPolicyException.java          | 1 +
 .../org/springframework/security/ldap/ppolicy/package-info.java | 1 +
 .../org/springframework/security/ldap/search/package-info.java  | 1 +
 .../springframework/security/ldap/server/ApacheDSContainer.java | 1 +
 .../security/ldap/server/UnboundIdContainer.java                | 1 +
 .../org/springframework/security/ldap/server/package-info.java  | 1 +
 .../security/ldap/userdetails/InetOrgPerson.java                | 1 +
 .../security/ldap/userdetails/InetOrgPersonContextMapper.java   | 1 +
 .../security/ldap/userdetails/LdapAuthority.java                | 1 +
 .../security/ldap/userdetails/LdapUserDetailsManager.java       | 1 +
 .../security/ldap/userdetails/LdapUserDetailsService.java       | 1 +
 .../ldap/userdetails/NestedLdapAuthoritiesPopulator.java        | 1 +
 .../org/springframework/security/ldap/userdetails/Person.java   | 1 +
 .../security/ldap/userdetails/PersonContextMapper.java          | 1 +
 .../security/ldap/userdetails/UserDetailsContextMapper.java     | 1 +
 .../springframework/security/ldap/userdetails/package-info.java | 1 +
 .../security/ldap/SpringSecurityAuthenticationSourceTests.java  | 1 +
 .../security/ldap/SpringSecurityLdapTemplateTests.java          | 1 +
 .../ad/ActiveDirectoryLdapAuthenticationProviderTests.java      | 1 +
 .../security/ldap/ppolicy/OpenLDAPIntegrationTestSuite.java     | 1 +
 .../ldap/ppolicy/PasswordPolicyAwareContextSourceTests.java     | 1 +
 .../ldap/ppolicy/PasswordPolicyControlFactoryTests.java         | 1 +
 .../security/ldap/userdetails/InetOrgPersonTests.java           | 1 +
 .../security/ldap/userdetails/LdapAuthorityTests.java           | 1 +
 .../security/ldap/userdetails/LdapUserDetailsImplTests.java     | 1 +
 .../security/ldap/userdetails/LdapUserDetailsServiceTests.java  | 1 +
 .../UserDetailsServiceLdapAuthoritiesPopulatorTests.java        | 1 +
 .../expression/DefaultMessageSecurityExpressionHandler.java     | 1 +
 .../access/expression/EvaluationContextPostProcessor.java       | 1 +
 .../ExpressionBasedMessageSecurityMetadataSourceFactory.java    | 1 +
 .../access/expression/MessageExpressionConfigAttribute.java     | 1 +
 .../messaging/access/expression/MessageExpressionVoter.java     | 1 +
 .../access/expression/MessageSecurityExpressionRoot.java        | 1 +
 .../messaging/access/intercept/ChannelSecurityInterceptor.java  | 1 +
 .../access/intercept/DefaultMessageSecurityMetadataSource.java  | 1 +
 .../access/intercept/MessageSecurityMetadataSource.java         | 1 +
 .../context/AuthenticationPrincipalArgumentResolver.java        | 1 +
 .../messaging/context/SecurityContextChannelInterceptor.java    | 1 +
 .../messaging/util/matcher/AbstractMessageMatcherComposite.java | 1 +
 .../security/messaging/util/matcher/AndMessageMatcher.java      | 1 +
 .../security/messaging/util/matcher/MessageMatcher.java         | 1 +
 .../security/messaging/util/matcher/OrMessageMatcher.java       | 1 +
 .../messaging/util/matcher/SimpDestinationMessageMatcher.java   | 1 +
 .../security/messaging/util/matcher/SimpMessageTypeMatcher.java | 1 +
 .../security/messaging/web/csrf/CsrfChannelInterceptor.java     | 1 +
 .../web/socket/server/CsrfTokenHandshakeInterceptor.java        | 1 +
 .../DefaultMessageSecurityExpressionHandlerTests.java           | 1 +
 ...xpressionBasedMessageSecurityMetadataSourceFactoryTests.java | 1 +
 .../expression/MessageExpressionConfigAttributeTests.java       | 1 +
 .../access/expression/MessageExpressionVoterTests.java          | 1 +
 .../access/intercept/ChannelSecurityInterceptorTests.java       | 1 +
 .../intercept/DefaultMessageSecurityMetadataSourceTests.java    | 1 +
 .../context/AuthenticationPrincipalArgumentResolverTests.java   | 1 +
 .../context/SecurityContextChannelInterceptorTests.java         | 1 +
 .../security/messaging/util/matcher/AndMessageMatcherTests.java | 1 +
 .../security/messaging/util/matcher/OrMessageMatcherTests.java  | 1 +
 .../util/matcher/SimpDestinationMessageMatcherTests.java        | 1 +
 .../messaging/util/matcher/SimpMessageTypeMatcherTests.java     | 1 +
 .../messaging/web/csrf/CsrfChannelInterceptorTests.java         | 1 +
 .../web/socket/server/CsrfTokenHandshakeInterceptorTests.java   | 1 +
 .../client/AuthorizationCodeOAuth2AuthorizedClientProvider.java | 1 +
 ...AuthorizationCodeReactiveOAuth2AuthorizedClientProvider.java | 1 +
 .../AuthorizedClientServiceOAuth2AuthorizedClientManager.java   | 1 +
 ...rizedClientServiceReactiveOAuth2AuthorizedClientManager.java | 1 +
 .../security/oauth2/client/ClientAuthorizationException.java    | 1 +
 .../oauth2/client/ClientAuthorizationRequiredException.java     | 1 +
 .../client/ClientCredentialsOAuth2AuthorizedClientProvider.java | 1 +
 ...ClientCredentialsReactiveOAuth2AuthorizedClientProvider.java | 1 +
 .../oauth2/client/DelegatingOAuth2AuthorizedClientProvider.java | 1 +
 .../DelegatingReactiveOAuth2AuthorizedClientProvider.java       | 1 +
 .../oauth2/client/InMemoryOAuth2AuthorizedClientService.java    | 1 +
 .../client/InMemoryReactiveOAuth2AuthorizedClientService.java   | 1 +
 .../oauth2/client/JdbcOAuth2AuthorizedClientService.java        | 1 +
 .../security/oauth2/client/OAuth2AuthorizationContext.java      | 1 +
 .../oauth2/client/OAuth2AuthorizationFailureHandler.java        | 1 +
 .../oauth2/client/OAuth2AuthorizationSuccessHandler.java        | 1 +
 .../security/oauth2/client/OAuth2AuthorizeRequest.java          | 1 +
 .../security/oauth2/client/OAuth2AuthorizedClient.java          | 1 +
 .../security/oauth2/client/OAuth2AuthorizedClientId.java        | 1 +
 .../security/oauth2/client/OAuth2AuthorizedClientManager.java   | 1 +
 .../security/oauth2/client/OAuth2AuthorizedClientProvider.java  | 1 +
 .../oauth2/client/OAuth2AuthorizedClientProviderBuilder.java    | 1 +
 .../security/oauth2/client/OAuth2AuthorizedClientService.java   | 1 +
 .../oauth2/client/PasswordOAuth2AuthorizedClientProvider.java   | 1 +
 .../client/PasswordReactiveOAuth2AuthorizedClientProvider.java  | 1 +
 .../client/ReactiveOAuth2AuthorizationFailureHandler.java       | 1 +
 .../client/ReactiveOAuth2AuthorizationSuccessHandler.java       | 1 +
 .../oauth2/client/ReactiveOAuth2AuthorizedClientManager.java    | 1 +
 .../oauth2/client/ReactiveOAuth2AuthorizedClientProvider.java   | 1 +
 .../client/ReactiveOAuth2AuthorizedClientProviderBuilder.java   | 1 +
 .../oauth2/client/ReactiveOAuth2AuthorizedClientService.java    | 1 +
 .../client/RefreshTokenOAuth2AuthorizedClientProvider.java      | 1 +
 .../RefreshTokenReactiveOAuth2AuthorizedClientProvider.java     | 1 +
 ...RemoveAuthorizedClientOAuth2AuthorizationFailureHandler.java | 1 +
 ...thorizedClientReactiveOAuth2AuthorizationFailureHandler.java | 1 +
 .../client/annotation/RegisteredOAuth2AuthorizedClient.java     | 1 +
 .../oauth2/client/authentication/OAuth2AuthenticationToken.java | 1 +
 .../OAuth2AuthorizationCodeAuthenticationProvider.java          | 1 +
 .../OAuth2AuthorizationCodeAuthenticationToken.java             | 1 +
 .../OAuth2AuthorizationCodeReactiveAuthenticationManager.java   | 1 +
 .../authentication/OAuth2LoginAuthenticationProvider.java       | 1 +
 .../client/authentication/OAuth2LoginAuthenticationToken.java   | 1 +
 .../OAuth2LoginReactiveAuthenticationManager.java               | 1 +
 .../security/oauth2/client/authentication/package-info.java     | 1 +
 .../endpoint/AbstractOAuth2AuthorizationGrantRequest.java       | 1 +
 ...bstractWebClientReactiveOAuth2AccessTokenResponseClient.java | 1 +
 .../endpoint/DefaultAuthorizationCodeTokenResponseClient.java   | 1 +
 .../endpoint/DefaultClientCredentialsTokenResponseClient.java   | 1 +
 .../client/endpoint/DefaultPasswordTokenResponseClient.java     | 1 +
 .../client/endpoint/DefaultRefreshTokenTokenResponseClient.java | 1 +
 .../endpoint/NimbusAuthorizationCodeTokenResponseClient.java    | 1 +
 .../oauth2/client/endpoint/OAuth2AccessTokenResponseClient.java | 1 +
 .../client/endpoint/OAuth2AuthorizationCodeGrantRequest.java    | 1 +
 .../OAuth2AuthorizationCodeGrantRequestEntityConverter.java     | 1 +
 .../endpoint/OAuth2AuthorizationGrantRequestEntityUtils.java    | 1 +
 .../client/endpoint/OAuth2ClientCredentialsGrantRequest.java    | 1 +
 .../OAuth2ClientCredentialsGrantRequestEntityConverter.java     | 1 +
 .../oauth2/client/endpoint/OAuth2PasswordGrantRequest.java      | 1 +
 .../endpoint/OAuth2PasswordGrantRequestEntityConverter.java     | 1 +
 .../oauth2/client/endpoint/OAuth2RefreshTokenGrantRequest.java  | 1 +
 .../endpoint/OAuth2RefreshTokenGrantRequestEntityConverter.java | 1 +
 .../endpoint/ReactiveOAuth2AccessTokenResponseClient.java       | 1 +
 .../WebClientReactiveAuthorizationCodeTokenResponseClient.java  | 1 +
 .../WebClientReactiveClientCredentialsTokenResponseClient.java  | 1 +
 .../endpoint/WebClientReactivePasswordTokenResponseClient.java  | 1 +
 .../WebClientReactiveRefreshTokenTokenResponseClient.java       | 1 +
 .../security/oauth2/client/endpoint/package-info.java           | 1 +
 .../oauth2/client/http/OAuth2ErrorResponseErrorHandler.java     | 1 +
 .../oauth2/client/jackson2/ClientRegistrationDeserializer.java  | 1 +
 .../oauth2/client/jackson2/ClientRegistrationMixin.java         | 1 +
 .../security/oauth2/client/jackson2/DefaultOAuth2UserMixin.java | 1 +
 .../security/oauth2/client/jackson2/DefaultOidcUserMixin.java   | 1 +
 .../security/oauth2/client/jackson2/JsonNodeUtils.java          | 1 +
 .../security/oauth2/client/jackson2/OAuth2AccessTokenMixin.java | 1 +
 .../client/jackson2/OAuth2AuthenticationExceptionMixin.java     | 1 +
 .../oauth2/client/jackson2/OAuth2AuthenticationTokenMixin.java  | 1 +
 .../client/jackson2/OAuth2AuthorizationRequestDeserializer.java | 1 +
 .../oauth2/client/jackson2/OAuth2AuthorizationRequestMixin.java | 1 +
 .../oauth2/client/jackson2/OAuth2AuthorizedClientMixin.java     | 1 +
 .../oauth2/client/jackson2/OAuth2ClientJackson2Module.java      | 1 +
 .../security/oauth2/client/jackson2/OAuth2ErrorMixin.java       | 1 +
 .../oauth2/client/jackson2/OAuth2RefreshTokenMixin.java         | 1 +
 .../oauth2/client/jackson2/OAuth2UserAuthorityMixin.java        | 1 +
 .../security/oauth2/client/jackson2/OidcIdTokenMixin.java       | 1 +
 .../security/oauth2/client/jackson2/OidcUserAuthorityMixin.java | 1 +
 .../security/oauth2/client/jackson2/OidcUserInfoMixin.java      | 1 +
 .../security/oauth2/client/jackson2/StdConverters.java          | 1 +
 .../oauth2/client/jackson2/UnmodifiableMapDeserializer.java     | 1 +
 .../security/oauth2/client/jackson2/UnmodifiableMapMixin.java   | 1 +
 .../oidc/authentication/DefaultOidcIdTokenValidatorFactory.java | 1 +
 .../OidcAuthorizationCodeAuthenticationProvider.java            | 1 +
 .../OidcAuthorizationCodeReactiveAuthenticationManager.java     | 1 +
 .../client/oidc/authentication/OidcIdTokenDecoderFactory.java   | 1 +
 .../oauth2/client/oidc/authentication/OidcIdTokenValidator.java | 1 +
 .../oidc/authentication/ReactiveOidcIdTokenDecoderFactory.java  | 1 +
 .../oauth2/client/oidc/authentication/package-info.java         | 1 +
 .../client/oidc/userinfo/OidcReactiveOAuth2UserService.java     | 1 +
 .../security/oauth2/client/oidc/userinfo/OidcUserRequest.java   | 1 +
 .../security/oauth2/client/oidc/userinfo/OidcUserService.java   | 1 +
 .../security/oauth2/client/oidc/userinfo/package-info.java      | 1 +
 .../springframework/security/oauth2/client/package-info.java    | 1 +
 .../security/oauth2/client/registration/ClientRegistration.java | 1 +
 .../client/registration/ClientRegistrationRepository.java       | 1 +
 .../registration/InMemoryClientRegistrationRepository.java      | 1 +
 .../InMemoryReactiveClientRegistrationRepository.java           | 1 +
 .../security/oauth2/client/registration/package-info.java       | 1 +
 .../client/userinfo/CustomUserTypesOAuth2UserService.java       | 1 +
 .../oauth2/client/userinfo/DefaultOAuth2UserService.java        | 1 +
 .../oauth2/client/userinfo/DelegatingOAuth2UserService.java     | 1 +
 .../security/oauth2/client/userinfo/OAuth2UserRequest.java      | 1 +
 .../client/userinfo/OAuth2UserRequestEntityConverter.java       | 1 +
 .../security/oauth2/client/userinfo/OAuth2UserService.java      | 1 +
 .../oauth2/client/userinfo/ReactiveOAuth2UserService.java       | 1 +
 .../security/oauth2/client/userinfo/package-info.java           | 1 +
 .../AuthenticatedPrincipalOAuth2AuthorizedClientRepository.java | 1 +
 .../oauth2/client/web/AuthorizationRequestRepository.java       | 1 +
 .../client/web/DefaultOAuth2AuthorizationRequestResolver.java   | 1 +
 .../oauth2/client/web/DefaultOAuth2AuthorizedClientManager.java | 1 +
 .../web/DefaultReactiveOAuth2AuthorizedClientManager.java       | 1 +
 .../web/HttpSessionOAuth2AuthorizationRequestRepository.java    | 1 +
 .../client/web/HttpSessionOAuth2AuthorizedClientRepository.java | 1 +
 .../oauth2/client/web/OAuth2AuthorizationCodeGrantFilter.java   | 1 +
 .../client/web/OAuth2AuthorizationRequestRedirectFilter.java    | 1 +
 .../oauth2/client/web/OAuth2AuthorizationRequestResolver.java   | 1 +
 .../oauth2/client/web/OAuth2AuthorizationResponseUtils.java     | 1 +
 .../oauth2/client/web/OAuth2AuthorizedClientRepository.java     | 1 +
 .../oauth2/client/web/OAuth2LoginAuthenticationFilter.java      | 1 +
 .../annotation/OAuth2AuthorizedClientArgumentResolver.java      | 1 +
 .../security/oauth2/client/web/package-info.java                | 1 +
 .../ServletOAuth2AuthorizedClientExchangeFilterFunction.java    | 1 +
 ...nticatedPrincipalServerOAuth2AuthorizedClientRepository.java | 1 +
 .../web/server/OAuth2AuthorizationRequestRedirectWebFilter.java | 1 +
 .../client/web/server/OAuth2AuthorizationResponseUtils.java     | 1 +
 .../web/server/ServerOAuth2AuthorizationRequestResolver.java    | 1 +
 .../web/server/ServerOAuth2AuthorizedClientRepository.java      | 1 +
 .../WebSessionServerOAuth2AuthorizedClientRepository.java       | 1 +
 .../authentication/OAuth2LoginAuthenticationWebFilter.java      | 1 +
 .../AuthorizationCodeOAuth2AuthorizedClientProviderTests.java   | 1 +
 ...rizationCodeReactiveOAuth2AuthorizedClientProviderTests.java | 1 +
 ...thorizedClientServiceOAuth2AuthorizedClientManagerTests.java | 1 +
 ...ClientServiceReactiveOAuth2AuthorizedClientManagerTests.java | 1 +
 .../ClientCredentialsOAuth2AuthorizedClientProviderTests.java   | 1 +
 ...tCredentialsReactiveOAuth2AuthorizedClientProviderTests.java | 1 +
 .../client/DelegatingOAuth2AuthorizedClientProviderTests.java   | 1 +
 .../DelegatingReactiveOAuth2AuthorizedClientProviderTests.java  | 1 +
 .../client/InMemoryOAuth2AuthorizedClientServiceTests.java      | 1 +
 .../oauth2/client/JdbcOAuth2AuthorizedClientServiceTests.java   | 1 +
 .../security/oauth2/client/OAuth2AuthorizationContextTests.java | 1 +
 .../security/oauth2/client/OAuth2AuthorizeRequestTests.java     | 1 +
 .../security/oauth2/client/OAuth2AuthorizedClientIdTests.java   | 1 +
 .../client/OAuth2AuthorizedClientProviderBuilderTests.java      | 1 +
 .../security/oauth2/client/OAuth2AuthorizedClientTests.java     | 1 +
 .../client/PasswordOAuth2AuthorizedClientProviderTests.java     | 1 +
 .../PasswordReactiveOAuth2AuthorizedClientProviderTests.java    | 1 +
 .../ReactiveOAuth2AuthorizedClientProviderBuilderTests.java     | 1 +
 .../client/RefreshTokenOAuth2AuthorizedClientProviderTests.java | 1 +
 ...RefreshTokenReactiveOAuth2AuthorizedClientProviderTests.java | 1 +
 .../client/authentication/OAuth2AuthenticationTokenTests.java   | 1 +
 .../OAuth2AuthorizationCodeAuthenticationProviderTests.java     | 1 +
 .../OAuth2AuthorizationCodeAuthenticationTokenTests.java        | 1 +
 .../authentication/OAuth2LoginAuthenticationProviderTests.java  | 1 +
 .../authentication/OAuth2LoginAuthenticationTokenTests.java     | 1 +
 .../DefaultAuthorizationCodeTokenResponseClientTests.java       | 1 +
 .../DefaultClientCredentialsTokenResponseClientTests.java       | 1 +
 .../endpoint/DefaultPasswordTokenResponseClientTests.java       | 1 +
 .../endpoint/DefaultRefreshTokenTokenResponseClientTests.java   | 1 +
 .../NimbusAuthorizationCodeTokenResponseClientTests.java        | 1 +
 ...OAuth2AuthorizationCodeGrantRequestEntityConverterTests.java | 1 +
 .../endpoint/OAuth2AuthorizationCodeGrantRequestTests.java      | 1 +
 ...OAuth2ClientCredentialsGrantRequestEntityConverterTests.java | 1 +
 .../endpoint/OAuth2ClientCredentialsGrantRequestTests.java      | 1 +
 .../OAuth2PasswordGrantRequestEntityConverterTests.java         | 1 +
 .../oauth2/client/endpoint/OAuth2PasswordGrantRequestTests.java | 1 +
 .../OAuth2RefreshTokenGrantRequestEntityConverterTests.java     | 1 +
 .../client/endpoint/OAuth2RefreshTokenGrantRequestTests.java    | 1 +
 .../WebClientReactivePasswordTokenResponseClientTests.java      | 1 +
 .../WebClientReactiveRefreshTokenTokenResponseClientTests.java  | 1 +
 .../client/http/OAuth2ErrorResponseErrorHandlerTests.java       | 1 +
 .../jackson2/OAuth2AuthenticationExceptionMixinTests.java       | 1 +
 .../client/jackson2/OAuth2AuthenticationTokenMixinTests.java    | 1 +
 .../client/jackson2/OAuth2AuthorizationRequestMixinTests.java   | 1 +
 .../client/jackson2/OAuth2AuthorizedClientMixinTests.java       | 1 +
 .../OidcAuthorizationCodeAuthenticationProviderTests.java       | 1 +
 .../oidc/authentication/OidcIdTokenDecoderFactoryTests.java     | 1 +
 .../client/oidc/authentication/OidcIdTokenValidatorTests.java   | 1 +
 .../authentication/ReactiveOidcIdTokenDecoderFactoryTests.java  | 1 +
 .../oauth2/client/oidc/userinfo/OidcUserRequestTests.java       | 1 +
 .../oauth2/client/oidc/userinfo/OidcUserServiceTests.java       | 1 +
 .../oauth2/client/registration/ClientRegistrationTests.java     | 1 +
 .../client/userinfo/CustomUserTypesOAuth2UserServiceTests.java  | 1 +
 .../oauth2/client/userinfo/DefaultOAuth2UserServiceTests.java   | 1 +
 .../client/userinfo/DelegatingOAuth2UserServiceTests.java       | 1 +
 .../client/userinfo/OAuth2UserRequestEntityConverterTests.java  | 1 +
 .../security/oauth2/client/userinfo/OAuth2UserRequestTests.java | 1 +
 ...enticatedPrincipalOAuth2AuthorizedClientRepositoryTests.java | 1 +
 .../web/DefaultOAuth2AuthorizationRequestResolverTests.java     | 1 +
 .../client/web/DefaultOAuth2AuthorizedClientManagerTests.java   | 1 +
 .../web/DefaultReactiveOAuth2AuthorizedClientManagerTests.java  | 1 +
 .../HttpSessionOAuth2AuthorizationRequestRepositoryTests.java   | 1 +
 .../web/HttpSessionOAuth2AuthorizedClientRepositoryTests.java   | 1 +
 .../client/web/OAuth2AuthorizationCodeGrantFilterTests.java     | 1 +
 .../web/OAuth2AuthorizationRequestRedirectFilterTests.java      | 1 +
 .../oauth2/client/web/OAuth2LoginAuthenticationFilterTests.java | 1 +
 .../annotation/OAuth2AuthorizedClientArgumentResolverTests.java | 1 +
 ...erverOAuth2AuthorizedClientExchangeFilterFunctionITests.java | 1 +
 ...ServerOAuth2AuthorizedClientExchangeFilterFunctionTests.java | 1 +
 ...rvletOAuth2AuthorizedClientExchangeFilterFunctionITests.java | 1 +
 ...ervletOAuth2AuthorizedClientExchangeFilterFunctionTests.java | 1 +
 ...tedPrincipalServerOAuth2AuthorizedClientRepositoryTests.java | 1 +
 .../WebSessionServerOAuth2AuthorizedClientRepositoryTests.java  | 1 +
 .../security/oauth2/core/AbstractOAuth2Token.java               | 1 +
 .../security/oauth2/core/AuthenticationMethod.java              | 1 +
 .../security/oauth2/core/AuthorizationGrantType.java            | 1 +
 .../org/springframework/security/oauth2/core/ClaimAccessor.java | 1 +
 .../security/oauth2/core/ClientAuthenticationMethod.java        | 1 +
 .../springframework/security/oauth2/core/OAuth2AccessToken.java | 1 +
 .../security/oauth2/core/OAuth2AuthenticationException.java     | 1 +
 .../security/oauth2/core/OAuth2AuthorizationException.java      | 1 +
 .../org/springframework/security/oauth2/core/OAuth2Error.java   | 1 +
 .../springframework/security/oauth2/core/OAuth2ErrorCodes.java  | 1 +
 .../security/oauth2/core/OAuth2RefreshToken.java                | 1 +
 .../security/oauth2/core/OAuth2TokenValidator.java              | 1 +
 .../security/oauth2/core/converter/ClaimConversionService.java  | 1 +
 .../security/oauth2/core/converter/ClaimTypeConverter.java      | 1 +
 .../oauth2/core/converter/ObjectToBooleanConverter.java         | 1 +
 .../oauth2/core/converter/ObjectToInstantConverter.java         | 1 +
 .../oauth2/core/converter/ObjectToListStringConverter.java      | 1 +
 .../oauth2/core/converter/ObjectToMapStringObjectConverter.java | 1 +
 .../security/oauth2/core/converter/ObjectToStringConverter.java | 1 +
 .../security/oauth2/core/converter/ObjectToURLConverter.java    | 1 +
 .../core/endpoint/MapOAuth2AccessTokenResponseConverter.java    | 1 +
 .../oauth2/core/endpoint/OAuth2AccessTokenResponse.java         | 1 +
 .../core/endpoint/OAuth2AccessTokenResponseMapConverter.java    | 1 +
 .../oauth2/core/endpoint/OAuth2AuthorizationExchange.java       | 1 +
 .../oauth2/core/endpoint/OAuth2AuthorizationRequest.java        | 1 +
 .../oauth2/core/endpoint/OAuth2AuthorizationResponse.java       | 1 +
 .../oauth2/core/endpoint/OAuth2AuthorizationResponseType.java   | 1 +
 .../security/oauth2/core/endpoint/OAuth2ParameterNames.java     | 1 +
 .../security/oauth2/core/endpoint/PkceParameterNames.java       | 1 +
 .../security/oauth2/core/endpoint/package-info.java             | 1 +
 .../oauth2/core/http/converter/HttpMessageConverters.java       | 1 +
 .../OAuth2AccessTokenResponseHttpMessageConverter.java          | 1 +
 .../core/http/converter/OAuth2ErrorHttpMessageConverter.java    | 1 +
 .../security/oauth2/core/oidc/AddressStandardClaim.java         | 1 +
 .../security/oauth2/core/oidc/DefaultAddressStandardClaim.java  | 1 +
 .../security/oauth2/core/oidc/IdTokenClaimAccessor.java         | 1 +
 .../security/oauth2/core/oidc/IdTokenClaimNames.java            | 1 +
 .../springframework/security/oauth2/core/oidc/OidcIdToken.java  | 1 +
 .../springframework/security/oauth2/core/oidc/OidcScopes.java   | 1 +
 .../springframework/security/oauth2/core/oidc/OidcUserInfo.java | 1 +
 .../security/oauth2/core/oidc/StandardClaimAccessor.java        | 1 +
 .../security/oauth2/core/oidc/StandardClaimNames.java           | 1 +
 .../security/oauth2/core/oidc/endpoint/OidcParameterNames.java  | 1 +
 .../security/oauth2/core/oidc/endpoint/package-info.java        | 1 +
 .../springframework/security/oauth2/core/oidc/package-info.java | 1 +
 .../security/oauth2/core/oidc/user/OidcUser.java                | 1 +
 .../security/oauth2/core/oidc/user/OidcUserAuthority.java       | 1 +
 .../security/oauth2/core/oidc/user/package-info.java            | 1 +
 .../org/springframework/security/oauth2/core/package-info.java  | 1 +
 .../security/oauth2/core/user/DefaultOAuth2User.java            | 1 +
 .../springframework/security/oauth2/core/user/OAuth2User.java   | 1 +
 .../security/oauth2/core/user/OAuth2UserAuthority.java          | 1 +
 .../springframework/security/oauth2/core/user/package-info.java | 1 +
 .../security/oauth2/core/AuthenticationMethodTests.java         | 1 +
 .../security/oauth2/core/AuthorizationGrantTypeTests.java       | 1 +
 .../security/oauth2/core/ClaimAccessorTests.java                | 1 +
 .../security/oauth2/core/ClientAuthenticationMethodTests.java   | 1 +
 .../oauth2/core/DelegatingOAuth2TokenValidatorTests.java        | 1 +
 .../security/oauth2/core/OAuth2AccessTokenTests.java            | 1 +
 .../springframework/security/oauth2/core/OAuth2ErrorTests.java  | 1 +
 .../security/oauth2/core/OAuth2TokenValidatorResultTests.java   | 1 +
 .../oauth2/core/converter/ClaimConversionServiceTests.java      | 1 +
 .../security/oauth2/core/converter/ClaimTypeConverterTests.java | 1 +
 .../endpoint/MapOAuth2AccessTokenResponseConverterTests.java    | 1 +
 .../endpoint/OAuth2AccessTokenResponseMapConverterTests.java    | 1 +
 .../oauth2/core/endpoint/OAuth2AccessTokenResponseTests.java    | 1 +
 .../oauth2/core/endpoint/OAuth2AuthorizationExchangeTests.java  | 1 +
 .../oauth2/core/endpoint/OAuth2AuthorizationRequestTests.java   | 1 +
 .../oauth2/core/endpoint/OAuth2AuthorizationResponseTests.java  | 1 +
 .../core/endpoint/OAuth2AuthorizationResponseTypeTests.java     | 1 +
 .../OAuth2AccessTokenResponseHttpMessageConverterTests.java     | 1 +
 .../http/converter/OAuth2ErrorHttpMessageConverterTests.java    | 1 +
 .../oauth2/core/oidc/DefaultAddressStandardClaimTests.java      | 1 +
 .../security/oauth2/core/oidc/OidcIdTokenTests.java             | 1 +
 .../security/oauth2/core/oidc/OidcUserInfoTests.java            | 1 +
 .../security/oauth2/core/oidc/user/OidcUserAuthorityTests.java  | 1 +
 .../security/oauth2/core/oidc/user/TestOidcUsers.java           | 1 +
 .../security/oauth2/core/user/OAuth2UserAuthorityTests.java     | 1 +
 .../springframework/security/oauth2/jose/jws/JwsAlgorithm.java  | 1 +
 .../springframework/security/oauth2/jose/jws/JwsAlgorithms.java | 1 +
 .../springframework/security/oauth2/jose/jws/MacAlgorithm.java  | 1 +
 .../security/oauth2/jose/jws/SignatureAlgorithm.java            | 1 +
 .../springframework/security/oauth2/jose/jws/package-info.java  | 1 +
 .../main/java/org/springframework/security/oauth2/jwt/Jwt.java  | 1 +
 .../springframework/security/oauth2/jwt/JwtClaimAccessor.java   | 1 +
 .../org/springframework/security/oauth2/jwt/JwtClaimNames.java  | 1 +
 .../springframework/security/oauth2/jwt/JwtClaimValidator.java  | 1 +
 .../org/springframework/security/oauth2/jwt/JwtDecoder.java     | 1 +
 .../springframework/security/oauth2/jwt/JwtDecoderFactory.java  | 1 +
 .../oauth2/jwt/JwtDecoderProviderConfigurationUtils.java        | 1 +
 .../org/springframework/security/oauth2/jwt/JwtDecoders.java    | 1 +
 .../org/springframework/security/oauth2/jwt/JwtException.java   | 1 +
 .../springframework/security/oauth2/jwt/JwtIssuerValidator.java | 1 +
 .../security/oauth2/jwt/JwtTimestampValidator.java              | 1 +
 .../security/oauth2/jwt/JwtValidationException.java             | 1 +
 .../org/springframework/security/oauth2/jwt/JwtValidators.java  | 1 +
 .../security/oauth2/jwt/NimbusJwtDecoderJwkSupport.java         | 1 +
 .../security/oauth2/jwt/NimbusReactiveJwtDecoder.java           | 1 +
 .../springframework/security/oauth2/jwt/ReactiveJwtDecoder.java | 1 +
 .../security/oauth2/jwt/ReactiveJwtDecoderFactory.java          | 1 +
 .../security/oauth2/jwt/ReactiveJwtDecoders.java                | 1 +
 .../org/springframework/security/oauth2/jwt/package-info.java   | 1 +
 .../java/org/springframework/security/oauth2/jose/TestKeys.java | 1 +
 .../security/oauth2/jose/jws/MacAlgorithmTests.java             | 1 +
 .../security/oauth2/jose/jws/SignatureAlgorithmTests.java       | 1 +
 .../springframework/security/oauth2/jwt/JwtBuilderTests.java    | 1 +
 .../security/oauth2/jwt/JwtClaimValidatorTests.java             | 1 +
 .../springframework/security/oauth2/jwt/JwtDecodersTests.java   | 1 +
 .../security/oauth2/jwt/JwtIssuerValidatorTests.java            | 1 +
 .../java/org/springframework/security/oauth2/jwt/JwtTests.java  | 1 +
 .../security/oauth2/jwt/JwtTimestampValidatorTests.java         | 1 +
 .../security/oauth2/jwt/NimbusJwtDecoderJwkSupportTests.java    | 1 +
 .../security/oauth2/jwt/ReactiveJwtDecodersTests.java           | 1 +
 .../authentication/AbstractOAuth2TokenAuthenticationToken.java  | 1 +
 .../resource/authentication/BearerTokenAuthentication.java      | 1 +
 .../resource/authentication/JwtAuthenticationProvider.java      | 1 +
 .../server/resource/authentication/JwtAuthenticationToken.java  | 1 +
 .../authentication/OpaqueTokenAuthenticationProvider.java       | 1 +
 .../resource/introspection/OAuth2IntrospectionClaimNames.java   | 1 +
 .../resource/authentication/JwtAuthenticationProviderTests.java | 1 +
 .../authentication/OpaqueTokenAuthenticationProviderTests.java  | 1 +
 .../resource/web/BearerTokenAuthenticationFilterTests.java      | 1 +
 .../security/openid/AuthenticationCancelledException.java       | 1 +
 .../org/springframework/security/openid/AxFetchListFactory.java | 1 +
 .../springframework/security/openid/NullAxFetchListFactory.java | 1 +
 .../springframework/security/openid/OpenID4JavaConsumer.java    | 1 +
 .../org/springframework/security/openid/OpenIDAttribute.java    | 1 +
 .../security/openid/OpenIDAuthenticationProvider.java           | 1 +
 .../security/openid/OpenIDAuthenticationStatus.java             | 1 +
 .../security/openid/OpenIDAuthenticationToken.java              | 1 +
 .../org/springframework/security/openid/OpenIDConsumer.java     | 1 +
 .../security/openid/OpenIDConsumerException.java                | 1 +
 .../security/openid/RegexBasedAxFetchListFactory.java           | 1 +
 .../java/org/springframework/security/openid/package-info.java  | 1 +
 .../org/springframework/security/openid/MockOpenIDConsumer.java | 1 +
 .../security/openid/OpenID4JavaConsumerTests.java               | 1 +
 .../security/openid/OpenIDAuthenticationFilterTests.java        | 1 +
 .../org/springframework/security/remoting/dns/package-info.java | 1 +
 .../security/remoting/httpinvoker/package-info.java             | 1 +
 .../org/springframework/security/remoting/package-info.java     | 1 +
 .../org/springframework/security/remoting/rmi/package-info.java | 1 +
 .../security/rsocket/util/matcher/PayloadExchangeMatcher.java   | 1 +
 .../security/saml2/core/Saml2X509Credential.java                | 1 +
 .../security/saml2/credentials/Saml2X509Credential.java         | 1 +
 .../service/authentication/OpenSamlAuthenticationProvider.java  | 1 +
 .../java/sample/HelloRSocketApplicationITests.java              | 1 +
 .../java/sample/HelloWebfluxMethodApplicationITests.java        | 1 +
 .../test/java/sample/HelloWebfluxMethodApplicationTests.java    | 1 +
 .../java/sample/HelloWebfluxApplicationITests.java              | 1 +
 .../src/test/java/sample/HelloWebfluxApplicationTests.java      | 1 +
 .../java/sample/HelloWebfluxFnApplicationITests.java            | 1 +
 .../src/test/java/sample/HelloWebfluxFnApplicationTests.java    | 1 +
 .../security/samples/HelloWorldApplicationTests.java            | 1 +
 .../springframework/security/samples/HelloWorldApplication.java | 1 +
 .../springframework/security/samples/config/SecurityConfig.java | 1 +
 .../springframework/security/samples/web/MainController.java    | 1 +
 .../security/samples/InsecureApplicationTests.java              | 1 +
 .../springframework/security/samples/InsecureApplication.java   | 1 +
 .../springframework/security/samples/web/MainController.java    | 1 +
 .../src/main/java/sample/AuthorizationServerConfiguration.java  | 1 +
 .../main/java/sample/OAuth2AuthorizationServerApplication.java  | 1 +
 .../java/sample/OAuth2AuthorizationServerApplicationTests.java  | 1 +
 .../java/sample/OAuth2LoginApplicationTests.java                | 1 +
 .../src/main/java/sample/ReactiveOAuth2LoginApplication.java    | 1 +
 .../java/sample/OAuth2LoginApplicationTests.java                | 1 +
 .../src/main/java/sample/OAuth2LoginApplication.java            | 1 +
 .../src/main/java/sample/web/OAuth2LoginController.java         | 1 +
 .../java/sample/OAuth2ResourceServerApplicationITests.java      | 1 +
 .../src/main/java/sample/OAuth2ResourceServerApplication.java   | 1 +
 .../src/main/java/sample/OAuth2ResourceServerController.java    | 1 +
 .../java/sample/OAuth2ResourceServerSecurityConfiguration.java  | 1 +
 .../java/sample/OAuth2ResourceServerApplicationITests.java      | 1 +
 .../src/main/java/sample/OAuth2ResourceServerApplication.java   | 1 +
 .../src/main/java/sample/OAuth2ResourceServerController.java    | 1 +
 .../java/sample/OAuth2ResourceServerSecurityConfiguration.java  | 1 +
 .../java/sample/OAuth2ResourceServerApplicationITests.java      | 1 +
 .../src/main/java/sample/OAuth2ResourceServerApplication.java   | 1 +
 .../src/main/java/sample/OAuth2ResourceServerController.java    | 1 +
 .../java/sample/OAuth2ResourceServerSecurityConfiguration.java  | 1 +
 .../test/java/sample/OAuth2ResourceServerControllerTests.java   | 1 +
 .../java/sample/OAuth2ResourceServerApplicationITests.java      | 1 +
 .../src/main/java/sample/OAuth2ResourceServerApplication.java   | 1 +
 .../src/main/java/sample/OAuth2ResourceServerController.java    | 1 +
 .../java/sample/OAuth2ResourceServerSecurityConfiguration.java  | 1 +
 .../src/main/java/sample/OAuth2ResourceServerController.java    | 1 +
 .../main/java/sample/ServerOAuth2ResourceServerApplication.java | 1 +
 .../java/sample/OAuth2ResourceServerApplicationITests.java      | 1 +
 .../src/main/java/sample/OAuth2ResourceServerApplication.java   | 1 +
 .../src/main/java/sample/OAuth2ResourceServerController.java    | 1 +
 .../java/sample/OAuth2ResourceServerSecurityConfiguration.java  | 1 +
 .../test/java/sample/OAuth2ResourceServerControllerTests.java   | 1 +
 .../src/main/java/sample/OAuth2WebClientWebFluxApplication.java | 1 +
 .../src/main/java/sample/config/SecurityConfig.java             | 1 +
 .../src/main/java/sample/web/OAuth2WebClientController.java     | 1 +
 .../sample/web/RegisteredOAuth2AuthorizedClientController.java  | 1 +
 .../src/main/java/sample/OAuth2WebClientApplication.java        | 1 +
 .../src/main/java/sample/config/SecurityConfig.java             | 1 +
 .../src/main/java/sample/web/OAuth2WebClientController.java     | 1 +
 .../sample/web/RegisteredOAuth2AuthorizedClientController.java  | 1 +
 .../saml2login/src/main/java/sample/Saml2LoginApplication.java  | 1 +
 .../java/sample/WebfluxFormApplicationTests.java                | 1 +
 .../src/main/java/sample/aspectj/AspectjSecurityConfig.java     | 1 +
 .../aspectj/src/main/java/sample/aspectj/SecuredService.java    | 1 +
 .../aspectj/src/main/java/sample/aspectj/Service.java           | 1 +
 .../src/test/java/sample/aspectj/AspectJInterceptorTests.java   | 1 +
 .../config/MessageSecurityWebApplicationInitializer.java        | 1 +
 .../springframework/security/samples/config/SecurityConfig.java | 1 +
 .../security/samples/config/SecurityConfigTests.java            | 1 +
 samples/javaconfig/data/src/main/java/samples/DataConfig.java   | 1 +
 samples/javaconfig/data/src/main/java/samples/data/Message.java | 1 +
 .../data/src/main/java/samples/data/MessageRepository.java      | 1 +
 .../src/main/java/samples/data/SecurityMessageRepository.java   | 1 +
 samples/javaconfig/data/src/main/java/samples/data/User.java    | 1 +
 .../test/java/samples/data/SecurityMessageRepositoryTests.java  | 1 +
 .../java/org/springframework/security/samples/FormJcTests.java  | 1 +
 .../org/springframework/security/samples/pages/HomePage.java    | 1 +
 .../org/springframework/security/samples/pages/LoginPage.java   | 1 +
 .../config/MessageSecurityWebApplicationInitializer.java        | 1 +
 .../springframework/security/samples/config/SecurityConfig.java | 1 +
 .../security/samples/config/SecurityConfigTests.java            | 1 +
 .../config/MessageSecurityWebApplicationInitializer.java        | 1 +
 .../springframework/security/samples/config/SecurityConfig.java | 1 +
 .../security/samples/mvc/MessageJsonController.java             | 1 +
 .../security/samples/config/SecurityConfigTests.java            | 1 +
 .../config/MessageSecurityWebApplicationInitializer.java        | 1 +
 .../springframework/security/samples/config/SecurityConfig.java | 1 +
 .../security/samples/config/SecurityConfigTests.java            | 1 +
 .../org/springframework/security/samples/HelloWorldJcTests.java | 1 +
 .../org/springframework/security/samples/pages/HomePage.java    | 1 +
 .../org/springframework/security/samples/pages/LoginPage.java   | 1 +
 .../springframework/security/samples/config/SecurityConfig.java | 1 +
 .../samples/config/SecurityWebApplicationInitializer.java       | 1 +
 .../config/MessageSecurityWebApplicationInitializer.java        | 1 +
 .../springframework/security/samples/config/SecurityConfig.java | 1 +
 .../security/samples/config/SecurityConfigTests.java            | 1 +
 .../java/org/springframework/security/samples/JdbcJcTests.java  | 1 +
 .../org/springframework/security/samples/pages/HomePage.java    | 1 +
 .../org/springframework/security/samples/pages/LoginPage.java   | 1 +
 .../config/MessageSecurityWebApplicationInitializer.java        | 1 +
 .../springframework/security/samples/config/SecurityConfig.java | 1 +
 .../java/org/springframework/security/samples/LdapJcTests.java  | 1 +
 .../org/springframework/security/samples/pages/HomePage.java    | 1 +
 .../org/springframework/security/samples/pages/LoginPage.java   | 1 +
 .../config/MessageSecurityWebApplicationInitializer.java        | 1 +
 .../springframework/security/samples/config/SecurityConfig.java | 1 +
 .../security/samples/config/DataConfiguration.java              | 1 +
 .../samples/config/MessageWebApplicationInitializer.java        | 1 +
 .../security/samples/config/RootConfiguration.java              | 1 +
 .../java/org/springframework/security/samples/data/Message.java | 1 +
 .../security/samples/data/MessageRepository.java                | 1 +
 .../springframework/security/samples/mvc/DefaultController.java | 1 +
 .../springframework/security/samples/mvc/MessageController.java | 1 +
 .../security/samples/mvc/config/WebMvcConfiguration.java        | 1 +
 .../config/MessageSecurityWebApplicationInitializer.java        | 1 +
 .../springframework/security/samples/config/SecurityConfig.java | 1 +
 .../springframework/security/samples/mvc/UserController.java    | 1 +
 .../security/samples/security/CustomUserDetailsService.java     | 1 +
 .../security/samples/config/SecurityConfigTests.java            | 1 +
 .../config/MessageSecurityWebApplicationInitializer.java        | 1 +
 .../springframework/security/samples/config/SecurityConfig.java | 1 +
 .../security/samples/config/SecurityConfigTests.java            | 1 +
 .../config/MessageSecurityWebApplicationInitializer.java        | 1 +
 .../springframework/security/samples/config/SecurityConfig.java | 1 +
 .../security/samples/config/SecurityConfigTests.java            | 1 +
 .../config/MessageSecurityWebApplicationInitializer.java        | 1 +
 .../springframework/security/samples/config/SecurityConfig.java | 1 +
 .../security/samples/config/SecurityConfigTests.java            | 1 +
 .../config/MessageSecurityWebApplicationInitializer.java        | 1 +
 .../springframework/security/samples/config/SecurityConfig.java | 1 +
 .../security/samples/config/SecurityConfigTests.java            | 1 +
 .../aspectj/src/main/java/sample/aspectj/SecuredService.java    | 1 +
 samples/xml/aspectj/src/main/java/sample/aspectj/Service.java   | 1 +
 .../src/test/java/sample/aspectj/AspectJInterceptorTests.java   | 1 +
 .../security/samples/cas/CasSampleProxyTests.java               | 1 +
 .../springframework/security/samples/cas/CasSampleTests.java    | 1 +
 .../springframework/security/samples/cas/JettyCasService.java   | 1 +
 .../security/samples/cas/pages/AccessDeniedPage.java            | 1 +
 .../security/samples/cas/pages/ExtremelySecurePage.java         | 1 +
 .../springframework/security/samples/cas/pages/HomePage.java    | 1 +
 .../security/samples/cas/pages/LocalLogoutPage.java             | 1 +
 .../springframework/security/samples/cas/pages/LoginPage.java   | 1 +
 .../security/samples/cas/pages/ProxyTicketSamplePage.java       | 1 +
 .../springframework/security/samples/cas/pages/SecurePage.java  | 1 +
 .../security/samples/cas/pages/UnauthorizedPage.java            | 1 +
 .../security/samples/cas/web/ProxyTicketSampleServlet.java      | 1 +
 .../org/springframework/security/samples/ContactsTests.java     | 1 +
 .../org/springframework/security/samples/pages/AddPage.java     | 1 +
 .../springframework/security/samples/pages/ContactsPage.java    | 1 +
 .../org/springframework/security/samples/pages/HomePage.java    | 1 +
 .../org/springframework/security/samples/pages/LoginPage.java   | 1 +
 .../main/java/sample/contact/AddDeleteContactController.java    | 1 +
 .../contacts/src/main/java/sample/contact/AddPermission.java    | 1 +
 .../src/main/java/sample/contact/AddPermissionValidator.java    | 1 +
 .../src/main/java/sample/contact/AdminPermissionController.java | 1 +
 .../contacts/src/main/java/sample/contact/ContactManager.java   | 1 +
 .../src/main/java/sample/contact/ContactManagerBackend.java     | 1 +
 .../src/main/java/sample/contact/DataSourcePopulator.java       | 1 +
 .../contacts/src/main/java/sample/contact/IndexController.java  | 1 +
 .../src/test/java/sample/contact/ContactManagerTests.java       | 1 +
 samples/xml/dms/src/main/java/sample/dms/AbstractElement.java   | 1 +
 .../xml/dms/src/main/java/sample/dms/DataSourcePopulator.java   | 1 +
 samples/xml/dms/src/main/java/sample/dms/Directory.java         | 1 +
 samples/xml/dms/src/main/java/sample/dms/DocumentDao.java       | 1 +
 samples/xml/dms/src/main/java/sample/dms/DocumentDaoImpl.java   | 1 +
 samples/xml/dms/src/main/java/sample/dms/File.java              | 1 +
 .../main/java/sample/dms/secured/SecureDataSourcePopulator.java | 1 +
 .../dms/src/main/java/sample/dms/secured/SecureDocumentDao.java | 1 +
 .../src/main/java/sample/dms/secured/SecureDocumentDaoImpl.java | 1 +
 samples/xml/dms/src/test/java/sample/DmsIntegrationTests.java   | 1 +
 .../xml/dms/src/test/java/sample/SecureDmsIntegrationTests.java | 1 +
 samples/xml/gae/src/main/java/samples/gae/security/AppRole.java | 1 +
 .../main/java/samples/gae/security/GaeAuthenticationFilter.java | 1 +
 .../main/java/samples/gae/security/GaeUserAuthentication.java   | 1 +
 .../gae/security/GoogleAccountsAuthenticationEntryPoint.java    | 1 +
 .../gae/security/GoogleAccountsAuthenticationProvider.java      | 1 +
 .../main/java/samples/gae/users/GaeDatastoreUserRegistry.java   | 1 +
 samples/xml/gae/src/main/java/samples/gae/users/GaeUser.java    | 1 +
 .../src/main/java/samples/gae/users/InMemoryUserRegistry.java   | 1 +
 .../xml/gae/src/main/java/samples/gae/users/UserRegistry.java   | 1 +
 .../xml/gae/src/main/java/samples/gae/validation/Forename.java  | 1 +
 .../src/main/java/samples/gae/validation/ForenameValidator.java | 1 +
 .../xml/gae/src/main/java/samples/gae/validation/Surname.java   | 1 +
 .../src/main/java/samples/gae/validation/SurnameValidator.java  | 1 +
 .../xml/gae/src/main/java/samples/gae/web/GaeAppController.java | 1 +
 .../src/main/java/samples/gae/web/RegistrationController.java   | 1 +
 .../xml/gae/src/main/java/samples/gae/web/RegistrationForm.java | 1 +
 .../gae/src/test/java/samples/gae/security/AppRoleTests.java    | 1 +
 .../java/samples/gae/users/GaeDataStoreUserRegistryTests.java   | 1 +
 .../springframework/security/samples/HelloWorldXmlTests.java    | 1 +
 .../org/springframework/security/samples/pages/HomePage.java    | 1 +
 .../org/springframework/security/samples/pages/LoginPage.java   | 1 +
 .../springframework/security/samples/HelloInsecureTests.java    | 1 +
 .../org/springframework/security/samples/pages/HomePage.java    | 1 +
 .../security/samples/config/SecurityConfigTests.java            | 1 +
 .../java/org/springframework/security/samples/JaasXmlTests.java | 1 +
 .../org/springframework/security/samples/pages/HomePage.java    | 1 +
 .../org/springframework/security/samples/pages/LoginPage.java   | 1 +
 .../org/springframework/security/samples/pages/LogoutPage.java  | 1 +
 .../org/springframework/security/samples/pages/SecurePage.java  | 1 +
 .../src/main/java/samples/jaas/RoleUserAuthorityGranter.java    | 1 +
 .../java/samples/jaas/UsernameEqualsPasswordLoginModule.java    | 1 +
 .../java/org/springframework/security/samples/LdapXmlTests.java | 1 +
 .../org/springframework/security/samples/pages/HomePage.java    | 1 +
 .../org/springframework/security/samples/pages/LoginPage.java   | 1 +
 .../org/springframework/security/samples/pages/LogoutPage.java  | 1 +
 .../org/springframework/security/samples/pages/SecurePage.java  | 1 +
 .../xml/oauth2login/src/main/java/sample/config/WebConfig.java  | 1 +
 .../src/main/java/sample/web/OAuth2LoginController.java         | 1 +
 .../security/samples/openid/CustomUserDetails.java              | 1 +
 .../security/samples/openid/CustomUserDetailsService.java       | 1 +
 samples/xml/preauth/src/test/java/sample/PreAuthXmlTests.java   | 1 +
 .../security/samples/servletapi/mvc/LoginForm.java              | 1 +
 .../security/samples/servletapi/mvc/ServletApiController.java   | 1 +
 samples/xml/tutorial/src/main/java/bigbank/Account.java         | 1 +
 samples/xml/tutorial/src/main/java/bigbank/BankDao.java         | 1 +
 samples/xml/tutorial/src/main/java/bigbank/BankDaoStub.java     | 1 +
 samples/xml/tutorial/src/main/java/bigbank/BankService.java     | 1 +
 samples/xml/tutorial/src/main/java/bigbank/BankServiceImpl.java | 1 +
 samples/xml/tutorial/src/main/java/bigbank/SeedData.java        | 1 +
 .../xml/tutorial/src/main/java/bigbank/web/ListAccounts.java    | 1 +
 .../xml/tutorial/src/main/java/bigbank/web/PostAccounts.java    | 1 +
 .../security/taglibs/authz/AbstractAuthorizeTag.java            | 1 +
 .../security/taglibs/authz/AccessControlListTag.java            | 1 +
 .../springframework/security/taglibs/authz/JspAuthorizeTag.java | 1 +
 .../springframework/security/taglibs/authz/package-info.java    | 1 +
 .../java/org/springframework/security/taglibs/package-info.java | 1 +
 .../security/taglibs/authz/AbstractAuthorizeTagTests.java       | 1 +
 .../security/taglibs/authz/AccessControlListTagTests.java       | 1 +
 .../security/taglibs/csrf/AbstractCsrfTagTests.java             | 1 +
 .../security/taglibs/csrf/CsrfInputTagTests.java                | 1 +
 .../security/taglibs/csrf/CsrfMetaTagsTagTests.java             | 1 +
 .../security/test/context/TestSecurityContextHolder.java        | 1 +
 .../test/context/annotation/SecurityTestExecutionListeners.java | 1 +
 .../security/test/context/support/WithAnonymousUser.java        | 1 +
 .../support/WithAnonymousUserSecurityContextFactory.java        | 1 +
 .../security/test/context/support/WithMockUser.java             | 1 +
 .../context/support/WithMockUserSecurityContextFactory.java     | 1 +
 .../security/test/context/support/WithSecurityContext.java      | 1 +
 .../test/context/support/WithSecurityContextFactory.java        | 1 +
 .../support/WithSecurityContextTestExecutionListener.java       | 1 +
 .../security/test/context/support/WithUserDetails.java          | 1 +
 .../context/support/WithUserDetailsSecurityContextFactory.java  | 1 +
 .../web/servlet/request/SecurityMockMvcRequestBuilders.java     | 1 +
 .../servlet/request/SecurityMockMvcRequestPostProcessors.java   | 1 +
 .../web/servlet/response/SecurityMockMvcResultMatchers.java     | 1 +
 .../test/web/servlet/setup/SecurityMockMvcConfigurer.java       | 1 +
 .../test/web/servlet/setup/SecurityMockMvcConfigurers.java      | 1 +
 .../springframework/security/test/web/support/WebTestUtils.java | 1 +
 .../security/test/context/TestSecurityContextHolderTests.java   | 1 +
 .../context/annotation/SecurityTestExecutionListenerTests.java  | 1 +
 .../security/test/context/showcase/CustomUserDetails.java       | 1 +
 .../security/test/context/showcase/WithMockCustomUser.java      | 1 +
 .../showcase/WithMockCustomUserSecurityContextFactory.java      | 1 +
 .../security/test/context/showcase/WithMockUserParent.java      | 1 +
 .../security/test/context/showcase/WithMockUserParentTests.java | 1 +
 .../security/test/context/showcase/WithMockUserTests.java       | 1 +
 .../security/test/context/showcase/WithUserDetailsTests.java    | 1 +
 .../test/context/showcase/service/HelloMessageService.java      | 1 +
 .../security/test/context/showcase/service/MessageService.java  | 1 +
 .../support/WithMockUserSecurityContextFactoryTests.java        | 1 +
 .../support/WithSecurityContextTestExcecutionListenerTests.java | 1 +
 .../support/WithUserDetailsSecurityContextFactoryTests.java     | 1 +
 .../security/test/context/support/WithUserDetailsTests.java     | 1 +
 .../server/SecurityMockServerConfigurerOpaqueTokenTests.java    | 1 +
 .../reactive/server/SecurityMockServerConfigurersJwtTests.java  | 1 +
 .../security/test/web/servlet/request/Sec2935Tests.java         | 1 +
 .../request/SecurityMockMvcRequestBuildersFormLoginTests.java   | 1 +
 .../request/SecurityMockMvcRequestBuildersFormLogoutTests.java  | 1 +
 ...ockMvcRequestPostProcessorsAuthenticationStatelessTests.java | 1 +
 ...SecurityMockMvcRequestPostProcessorsAuthenticationTests.java | 1 +
 .../SecurityMockMvcRequestPostProcessorsCertificateTests.java   | 1 +
 ...ecurityMockMvcRequestPostProcessorsCsrfDebugFilterTests.java | 1 +
 .../request/SecurityMockMvcRequestPostProcessorsCsrfTests.java  | 1 +
 .../SecurityMockMvcRequestPostProcessorsDigestTests.java        | 1 +
 .../request/SecurityMockMvcRequestPostProcessorsJwtTests.java   | 1 +
 .../SecurityMockMvcRequestPostProcessorsOAuth2ClientTests.java  | 1 +
 .../SecurityMockMvcRequestPostProcessorsOAuth2LoginTests.java   | 1 +
 .../SecurityMockMvcRequestPostProcessorsOidcLoginTests.java     | 1 +
 ...ecurityMockMvcRequestPostProcessorsSecurityContextTests.java | 1 +
 ...cRequestPostProcessorsTestSecurityContextStatelessTests.java | 1 +
 ...ityMockMvcRequestPostProcessorsTestSecurityContextTests.java | 1 +
 .../SecurityMockMvcRequestPostProcessorsUserDetailsTests.java   | 1 +
 .../request/SecurityMockMvcRequestPostProcessorsUserTests.java  | 1 +
 .../servlet/response/SecurityMockMvcResultMatchersTests.java    | 1 +
 .../SecurityMockWithAuthoritiesMvcResultMatchersTests.java      | 1 +
 .../test/web/servlet/setup/SecurityMockMvcConfigurerTests.java  | 1 +
 .../test/web/servlet/setup/SecurityMockMvcConfigurersTests.java | 1 +
 .../test/web/servlet/showcase/csrf/CsrfShowcaseTests.java       | 1 +
 .../test/web/servlet/showcase/csrf/CustomCsrfShowcaseTests.java | 1 +
 .../web/servlet/showcase/csrf/DefaultCsrfShowcaseTests.java     | 1 +
 .../test/web/servlet/showcase/login/AuthenticationTests.java    | 1 +
 .../servlet/showcase/login/CustomConfigAuthenticationTests.java | 1 +
 .../login/CustomLoginRequestBuilderAuthenticationTests.java     | 1 +
 .../servlet/showcase/secured/DefaultfSecurityRequestsTests.java | 1 +
 .../web/servlet/showcase/secured/SecurityRequestsTests.java     | 1 +
 .../test/web/servlet/showcase/secured/WithAdminRob.java         | 1 +
 .../servlet/showcase/secured/WithUserAuthenticationTests.java   | 1 +
 .../showcase/secured/WithUserClassLevelAuthenticationTests.java | 1 +
 .../showcase/secured/WithUserDetailsAuthenticationTests.java    | 1 +
 .../secured/WithUserDetailsClassLevelAuthenticationTests.java   | 1 +
 .../security/test/web/support/WebTestUtilsTests.java            | 1 +
 .../springframework/security/web/DefaultRedirectStrategy.java   | 1 +
 .../security/web/DefaultSecurityFilterChain.java                | 1 +
 .../java/org/springframework/security/web/RedirectStrategy.java | 1 +
 .../org/springframework/security/web/SecurityFilterChain.java   | 1 +
 .../java/org/springframework/security/web/WebAttributes.java    | 1 +
 .../security/web/access/DelegatingAccessDeniedHandler.java      | 1 +
 .../security/web/access/ExceptionTranslationFilter.java         | 1 +
 .../web/access/RequestMatcherDelegatingAccessDeniedHandler.java | 1 +
 .../security/web/access/channel/AbstractRetryEntryPoint.java    | 1 +
 .../security/web/access/channel/package-info.java               | 1 +
 .../AbstractVariableEvaluationContextPostProcessor.java         | 1 +
 .../access/expression/DefaultWebSecurityExpressionHandler.java  | 1 +
 .../web/access/expression/EvaluationContextPostProcessor.java   | 1 +
 .../ExpressionBasedFilterInvocationSecurityMetadataSource.java  | 1 +
 .../web/access/expression/WebExpressionConfigAttribute.java     | 1 +
 .../security/web/access/expression/WebExpressionVoter.java      | 1 +
 .../web/access/expression/WebSecurityExpressionRoot.java        | 1 +
 .../security/web/access/expression/package-info.java            | 1 +
 .../security/web/access/intercept/RequestKey.java               | 1 +
 .../security/web/access/intercept/package-info.java             | 1 +
 .../org/springframework/security/web/access/package-info.java   | 1 +
 .../AbstractAuthenticationTargetUrlRequestHandler.java          | 1 +
 .../security/web/authentication/AuthenticationConverter.java    | 1 +
 .../authentication/AuthenticationEntryPointFailureHandler.java  | 1 +
 .../web/authentication/AuthenticationFailureHandler.java        | 1 +
 .../security/web/authentication/AuthenticationFilter.java       | 1 +
 .../web/authentication/AuthenticationSuccessHandler.java        | 1 +
 .../web/authentication/DelegatingAuthenticationEntryPoint.java  | 1 +
 .../authentication/DelegatingAuthenticationFailureHandler.java  | 1 +
 .../ExceptionMappingAuthenticationFailureHandler.java           | 1 +
 .../web/authentication/ForwardAuthenticationFailureHandler.java | 1 +
 .../web/authentication/ForwardAuthenticationSuccessHandler.java | 1 +
 .../security/web/authentication/Http403ForbiddenEntryPoint.java | 1 +
 .../security/web/authentication/HttpStatusEntryPoint.java       | 1 +
 .../SavedRequestAwareAuthenticationSuccessHandler.java          | 1 +
 .../authentication/SimpleUrlAuthenticationFailureHandler.java   | 1 +
 .../authentication/SimpleUrlAuthenticationSuccessHandler.java   | 1 +
 .../web/authentication/logout/CookieClearingLogoutHandler.java  | 1 +
 .../authentication/logout/DelegatingLogoutSuccessHandler.java   | 1 +
 .../web/authentication/logout/LogoutSuccessHandler.java         | 1 +
 .../authentication/logout/SimpleUrlLogoutSuccessHandler.java    | 1 +
 .../security/web/authentication/logout/package-info.java        | 1 +
 .../security/web/authentication/package-info.java               | 1 +
 .../preauth/AbstractPreAuthenticatedProcessingFilter.java       | 1 +
 .../preauth/PreAuthenticatedAuthenticationProvider.java         | 1 +
 .../preauth/PreAuthenticatedAuthenticationToken.java            | 1 +
 .../preauth/PreAuthenticatedCredentialsNotFoundException.java   | 1 +
 .../PreAuthenticatedGrantedAuthoritiesUserDetailsService.java   | 1 +
 ...AuthenticatedGrantedAuthoritiesWebAuthenticationDetails.java | 1 +
 .../preauth/RequestAttributeAuthenticationFilter.java           | 1 +
 .../preauth/RequestHeaderAuthenticationFilter.java              | 1 +
 ...J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource.java | 1 +
 .../preauth/j2ee/J2eePreAuthenticatedProcessingFilter.java      | 1 +
 .../preauth/j2ee/WebXmlMappableAttributesRetriever.java         | 1 +
 .../security/web/authentication/preauth/j2ee/package-info.java  | 1 +
 .../security/web/authentication/preauth/package-info.java       | 1 +
 .../preauth/websphere/DefaultWASUsernameAndGroupsExtractor.java | 1 +
 .../preauth/websphere/WASUsernameAndGroupsExtractor.java        | 1 +
 .../websphere/WebSpherePreAuthenticatedProcessingFilter.java    | 1 +
 ...WebSpherePreAuthenticatedWebAuthenticationDetailsSource.java | 1 +
 .../web/authentication/preauth/websphere/package-info.java      | 1 +
 .../preauth/x509/SubjectDnX509PrincipalExtractor.java           | 1 +
 .../authentication/preauth/x509/X509AuthenticationFilter.java   | 1 +
 .../web/authentication/preauth/x509/X509PrincipalExtractor.java | 1 +
 .../security/web/authentication/preauth/x509/package-info.java  | 1 +
 .../authentication/rememberme/AbstractRememberMeServices.java   | 1 +
 .../web/authentication/rememberme/CookieTheftException.java     | 1 +
 .../authentication/rememberme/InMemoryTokenRepositoryImpl.java  | 1 +
 .../web/authentication/rememberme/InvalidCookieException.java   | 1 +
 .../web/authentication/rememberme/JdbcTokenRepositoryImpl.java  | 1 +
 .../authentication/rememberme/PersistentRememberMeToken.java    | 1 +
 .../rememberme/PersistentTokenBasedRememberMeServices.java      | 1 +
 .../authentication/rememberme/PersistentTokenRepository.java    | 1 +
 .../rememberme/RememberMeAuthenticationException.java           | 1 +
 .../security/web/authentication/rememberme/package-info.java    | 1 +
 .../session/AbstractSessionFixationProtectionStrategy.java      | 1 +
 .../session/ChangeSessionIdAuthenticationStrategy.java          | 1 +
 .../session/CompositeSessionAuthenticationStrategy.java         | 1 +
 .../session/ConcurrentSessionControlAuthenticationStrategy.java | 1 +
 .../session/NullAuthenticatedSessionStrategy.java               | 1 +
 .../session/RegisterSessionAuthenticationStrategy.java          | 1 +
 .../authentication/session/SessionAuthenticationException.java  | 1 +
 .../authentication/session/SessionAuthenticationStrategy.java   | 1 +
 .../security/web/authentication/session/package-info.java       | 1 +
 .../authentication/switchuser/SwitchUserAuthorityChanger.java   | 1 +
 .../security/web/authentication/switchuser/package-info.java    | 1 +
 .../web/authentication/ui/DefaultLoginPageGeneratingFilter.java | 1 +
 .../security/web/authentication/ui/package-info.java            | 1 +
 .../web/authentication/www/BasicAuthenticationConverter.java    | 1 +
 .../security/web/authentication/www/DigestAuthUtils.java        | 1 +
 .../security/web/authentication/www/package-info.java           | 1 +
 .../security/web/bind/annotation/AuthenticationPrincipal.java   | 1 +
 .../bind/support/AuthenticationPrincipalArgumentResolver.java   | 1 +
 .../web/context/AbstractSecurityWebApplicationInitializer.java  | 1 +
 .../security/web/context/HttpRequestResponseHolder.java         | 1 +
 .../web/context/HttpSessionSecurityContextRepository.java       | 1 +
 .../security/web/context/NullSecurityContextRepository.java     | 1 +
 .../web/context/SaveContextOnUpdateOrErrorResponseWrapper.java  | 1 +
 .../security/web/context/SecurityContextPersistenceFilter.java  | 1 +
 .../security/web/context/SecurityContextRepository.java         | 1 +
 .../org/springframework/security/web/context/package-info.java  | 1 +
 .../async/SecurityContextCallableProcessingInterceptor.java     | 1 +
 .../context/request/async/WebAsyncManagerIntegrationFilter.java | 1 +
 .../web/context/support/SecurityWebApplicationContextUtils.java | 1 +
 .../security/web/csrf/CsrfAuthenticationStrategy.java           | 1 +
 .../org/springframework/security/web/csrf/CsrfException.java    | 1 +
 .../java/org/springframework/security/web/csrf/CsrfFilter.java  | 1 +
 .../springframework/security/web/csrf/CsrfLogoutHandler.java    | 1 +
 .../java/org/springframework/security/web/csrf/CsrfToken.java   | 1 +
 .../springframework/security/web/csrf/CsrfTokenRepository.java  | 1 +
 .../org/springframework/security/web/csrf/DefaultCsrfToken.java | 1 +
 .../security/web/csrf/HttpSessionCsrfTokenRepository.java       | 1 +
 .../security/web/csrf/InvalidCsrfTokenException.java            | 1 +
 .../security/web/csrf/MissingCsrfTokenException.java            | 1 +
 .../org/springframework/security/web/debug/DebugFilter.java     | 1 +
 .../java/org/springframework/security/web/debug/Logger.java     | 1 +
 .../security/web/firewall/DefaultHttpFirewall.java              | 1 +
 .../security/web/firewall/DefaultRequestRejectedHandler.java    | 1 +
 .../security/web/firewall/FirewalledRequest.java                | 1 +
 .../security/web/firewall/FirewalledResponse.java               | 1 +
 .../org/springframework/security/web/firewall/HttpFirewall.java | 1 +
 .../security/web/firewall/HttpStatusRequestRejectedHandler.java | 1 +
 .../security/web/firewall/RequestRejectedException.java         | 1 +
 .../security/web/firewall/RequestRejectedHandler.java           | 1 +
 .../springframework/security/web/firewall/RequestWrapper.java   | 1 +
 .../java/org/springframework/security/web/header/Header.java    | 1 +
 .../org/springframework/security/web/header/HeaderWriter.java   | 1 +
 .../springframework/security/web/header/HeaderWriterFilter.java | 1 +
 .../security/web/header/writers/CacheControlHeadersWriter.java  | 1 +
 .../security/web/header/writers/CompositeHeaderWriter.java      | 1 +
 .../web/header/writers/ContentSecurityPolicyHeaderWriter.java   | 1 +
 .../header/writers/DelegatingRequestMatcherHeaderWriter.java    | 1 +
 .../security/web/header/writers/HpkpHeaderWriter.java           | 1 +
 .../security/web/header/writers/HstsHeaderWriter.java           | 1 +
 .../security/web/header/writers/ReferrerPolicyHeaderWriter.java | 1 +
 .../security/web/header/writers/StaticHeadersWriter.java        | 1 +
 .../web/header/writers/XContentTypeOptionsHeaderWriter.java     | 1 +
 .../security/web/header/writers/XXssProtectionHeaderWriter.java | 1 +
 .../frameoptions/AbstractRequestParameterAllowFromStrategy.java | 1 +
 .../web/header/writers/frameoptions/AllowFromStrategy.java      | 1 +
 .../header/writers/frameoptions/RegExpAllowFromStrategy.java    | 1 +
 .../header/writers/frameoptions/StaticAllowFromStrategy.java    | 1 +
 .../writers/frameoptions/WhiteListedAllowFromStrategy.java      | 1 +
 .../header/writers/frameoptions/XFrameOptionsHeaderWriter.java  | 1 +
 .../security/web/jaasapi/JaasApiIntegrationFilter.java          | 1 +
 .../org/springframework/security/web/jaasapi/package-info.java  | 1 +
 .../org/springframework/security/web/jackson2/package-info.java | 1 +
 .../annotation/AuthenticationPrincipalArgumentResolver.java     | 1 +
 .../web/method/annotation/CsrfTokenArgumentResolver.java        | 1 +
 .../annotation/CurrentSecurityContextArgumentResolver.java      | 1 +
 .../java/org/springframework/security/web/package-info.java     | 1 +
 .../annotation/AuthenticationPrincipalArgumentResolver.java     | 1 +
 .../annotation/CurrentSecurityContextArgumentResolver.java      | 1 +
 .../security/web/savedrequest/CookieRequestCache.java           | 1 +
 .../security/web/savedrequest/HttpSessionRequestCache.java      | 1 +
 .../security/web/savedrequest/NullRequestCache.java             | 1 +
 .../springframework/security/web/savedrequest/RequestCache.java | 1 +
 .../security/web/savedrequest/RequestCacheAwareFilter.java      | 1 +
 .../springframework/security/web/savedrequest/SavedCookie.java  | 1 +
 .../springframework/security/web/savedrequest/SavedRequest.java | 1 +
 .../security/web/savedrequest/SimpleSavedRequest.java           | 1 +
 .../springframework/security/web/savedrequest/package-info.java | 1 +
 .../security/web/server/ServerAuthenticationEntryPoint.java     | 1 +
 .../web/server/ServerFormLoginAuthenticationConverter.java      | 1 +
 .../web/server/ServerHttpBasicAuthenticationConverter.java      | 1 +
 .../security/web/server/WebFilterChainProxy.java                | 1 +
 .../web/server/authentication/AuthenticationWebFilter.java      | 1 +
 .../authentication/HttpBasicServerAuthenticationEntryPoint.java | 1 +
 .../ReactivePreAuthenticatedAuthenticationManager.java          | 1 +
 .../authentication/ServerFormLoginAuthenticationConverter.java  | 1 +
 .../authentication/ServerHttpBasicAuthenticationConverter.java  | 1 +
 .../authentication/logout/HeaderWriterServerLogoutHandler.java  | 1 +
 .../web/server/authorization/AuthorizationWebFilter.java        | 1 +
 .../authorization/DelegatingReactiveAuthorizationManager.java   | 1 +
 .../web/server/authorization/ExceptionTranslationWebFilter.java | 1 +
 .../web/server/authorization/ServerAccessDeniedHandler.java     | 1 +
 .../security/web/server/context/ReactorContextWebFilter.java    | 1 +
 .../web/server/context/SecurityContextServerWebExchange.java    | 1 +
 .../web/server/context/ServerSecurityContextRepository.java     | 1 +
 .../context/WebSessionServerSecurityContextRepository.java      | 1 +
 .../springframework/security/web/server/csrf/CsrfException.java | 1 +
 .../security/web/server/csrf/DefaultCsrfToken.java              | 1 +
 .../security/web/server/csrf/ServerCsrfTokenRepository.java     | 1 +
 .../web/server/csrf/WebSessionServerCsrfTokenRepository.java    | 1 +
 .../web/server/header/CacheControlServerHttpHeadersWriter.java  | 1 +
 .../web/server/header/ClearSiteDataServerHttpHeadersWriter.java | 1 +
 .../web/server/header/CompositeServerHttpHeadersWriter.java     | 1 +
 .../header/ContentTypeOptionsServerHttpHeadersWriter.java       | 1 +
 .../security/web/server/header/HttpHeaderWriterWebFilter.java   | 1 +
 .../security/web/server/header/ServerHttpHeadersWriter.java     | 1 +
 .../web/server/header/StaticServerHttpHeadersWriter.java        | 1 +
 .../header/StrictTransportSecurityServerHttpHeadersWriter.java  | 1 +
 .../header/XContentTypeOptionsServerHttpHeadersWriter.java      | 1 +
 .../web/server/header/XFrameOptionsServerHttpHeadersWriter.java | 1 +
 .../server/header/XXssProtectionServerHttpHeadersWriter.java    | 1 +
 .../web/server/util/matcher/AndServerWebExchangeMatcher.java    | 1 +
 .../server/util/matcher/NegatedServerWebExchangeMatcher.java    | 1 +
 .../web/server/util/matcher/OrServerWebExchangeMatcher.java     | 1 +
 .../util/matcher/PathPatternParserServerWebExchangeMatcher.java | 1 +
 .../web/server/util/matcher/ServerWebExchangeMatcher.java       | 1 +
 .../web/server/util/matcher/ServerWebExchangeMatchers.java      | 1 +
 .../web/servlet/support/csrf/CsrfRequestDataValueProcessor.java | 1 +
 .../security/web/servletapi/HttpServlet3RequestFactory.java     | 1 +
 .../security/web/servletapi/HttpServletRequestFactory.java      | 1 +
 .../springframework/security/web/servletapi/package-info.java   | 1 +
 .../security/web/session/InvalidSessionAccessDeniedHandler.java | 1 +
 .../security/web/session/InvalidSessionStrategy.java            | 1 +
 .../security/web/session/SessionInformationExpiredStrategy.java | 1 +
 .../security/web/session/SessionManagementFilter.java           | 1 +
 .../web/session/SimpleRedirectInvalidSessionStrategy.java       | 1 +
 .../SimpleRedirectSessionInformationExpiredStrategy.java        | 1 +
 .../org/springframework/security/web/session/package-info.java  | 1 +
 .../security/web/util/OnCommittedResponseWrapper.java           | 1 +
 .../springframework/security/web/util/RedirectUrlBuilder.java   | 1 +
 .../org/springframework/security/web/util/TextEscapeUtils.java  | 1 +
 .../springframework/security/web/util/ThrowableAnalyzer.java    | 1 +
 .../security/web/util/ThrowableCauseExtractor.java              | 1 +
 .../security/web/util/matcher/AndRequestMatcher.java            | 1 +
 .../security/web/util/matcher/AntPathRequestMatcher.java        | 1 +
 .../security/web/util/matcher/AnyRequestMatcher.java            | 1 +
 .../security/web/util/matcher/ELRequestMatcherContext.java      | 1 +
 .../security/web/util/matcher/IpAddressMatcher.java             | 1 +
 .../security/web/util/matcher/MediaTypeRequestMatcher.java      | 1 +
 .../security/web/util/matcher/NegatedRequestMatcher.java        | 1 +
 .../security/web/util/matcher/OrRequestMatcher.java             | 1 +
 .../security/web/util/matcher/RegexRequestMatcher.java          | 1 +
 .../security/web/util/matcher/RequestHeaderRequestMatcher.java  | 1 +
 .../security/web/util/matcher/RequestMatcher.java               | 1 +
 .../org/springframework/security/web/util/package-info.java     | 1 +
 .../security/test/web/reactive/server/WebTestClientBuilder.java | 1 +
 .../security/test/web/reactive/server/WebTestHandler.java       | 1 +
 .../security/web/DefaultRedirectStrategyTests.java              | 1 +
 .../org/springframework/security/web/FilterChainProxyTests.java | 1 +
 .../security/web/access/DelegatingAccessDeniedHandlerTests.java | 1 +
 .../security/web/access/ExceptionTranslationFilterTests.java    | 1 +
 .../AbstractVariableEvaluationContextPostProcessorTests.java    | 1 +
 ...ressionBasedFilterInvocationSecurityMetadataSourceTests.java | 1 +
 .../security/web/access/expression/WebExpressionVoterTests.java | 1 +
 .../web/access/expression/WebSecurityExpressionRootTests.java   | 1 +
 .../security/web/access/intercept/RequestKeyTests.java          | 1 +
 .../security/web/authentication/AuthenticationFilterTests.java  | 1 +
 .../authentication/DefaultLoginPageGeneratingFilterTests.java   | 1 +
 .../DelegatingAuthenticationEntryPointContextTests.java         | 1 +
 .../authentication/DelegatingAuthenticationEntryPointTests.java | 1 +
 .../DelegatingAuthenticationFailureHandlerTests.java            | 1 +
 .../ExceptionMappingAuthenticationFailureHandlerTests.java      | 1 +
 .../authentication/ForwardAuthenticaionSuccessHandlerTests.java | 1 +
 .../ForwardAuthenticationFailureHandlerTests.java               | 1 +
 .../security/web/authentication/HttpStatusEntryPointTests.java  | 1 +
 .../SavedRequestAwareAuthenticationSuccessHandlerTests.java     | 1 +
 .../SimpleUrlAuthenticationFailureHandlerTests.java             | 1 +
 .../SimpleUrlAuthenticationSuccessHandlerTests.java             | 1 +
 .../authentication/logout/CookieClearingLogoutHandlerTests.java | 1 +
 .../logout/DelegatingLogoutSuccessHandlerTests.java             | 1 +
 .../security/web/authentication/logout/LogoutHandlerTests.java  | 1 +
 .../logout/SecurityContextLogoutHandlerTests.java               | 1 +
 .../logout/SimpleUrlLogoutSuccessHandlerTests.java              | 1 +
 .../preauth/AbstractPreAuthenticatedProcessingFilterTests.java  | 1 +
 .../authentication/preauth/Http403ForbiddenEntryPointTests.java | 1 +
 .../preauth/PreAuthenticatedAuthenticationProviderTests.java    | 1 +
 .../preauth/PreAuthenticatedAuthenticationTokenTests.java       | 1 +
 ...eAuthenticatedGrantedAuthoritiesUserDetailsServiceTests.java | 1 +
 ...nticatedGrantedAuthoritiesWebAuthenticationDetailsTests.java | 1 +
 .../preauth/RequestAttributeAuthenticationFilterTests.java      | 1 +
 .../preauth/header/RequestHeaderAuthenticationFilterTests.java  | 1 +
 ...asedPreAuthenticatedWebAuthenticationDetailsSourceTests.java | 1 +
 .../preauth/j2ee/J2eePreAuthenticatedProcessingFilterTests.java | 1 +
 .../preauth/j2ee/WebXmlJ2eeDefinedRolesRetrieverTests.java      | 1 +
 .../WebSpherePreAuthenticatedProcessingFilterTests.java         | 1 +
 .../preauth/x509/SubjectDnX509PrincipalExtractorTests.java      | 1 +
 .../rememberme/AbstractRememberMeServicesTests.java             | 1 +
 .../rememberme/PersistentTokenBasedRememberMeServicesTests.java | 1 +
 .../session/ChangeSessionIdAuthenticationStrategyTests.java     | 1 +
 .../session/RegisterSessionAuthenticationStrategyTests.java     | 1 +
 .../switchuser/SwitchUserGrantedAuthorityTests.java             | 1 +
 .../authentication/www/BasicAuthenticationConverterTests.java   | 1 +
 .../support/AuthenticationPrincipalArgumentResolverTests.java   | 1 +
 .../context/AbstractSecurityWebApplicationInitializerTests.java | 1 +
 .../context/SaveContextOnUpdateOrErrorResponseWrapperTests.java | 1 +
 .../web/context/SecurityContextPersistenceFilterTests.java      | 1 +
 .../SecurityContextCallableProcessingInterceptorTests.java      | 1 +
 .../request/async/WebAsyncManagerIntegrationFilterTests.java    | 1 +
 .../security/web/csrf/CsrfAuthenticationStrategyTests.java      | 1 +
 .../org/springframework/security/web/csrf/CsrfFilterTests.java  | 1 +
 .../security/web/csrf/CsrfLogoutHandlerTests.java               | 1 +
 .../security/web/csrf/DefaultCsrfTokenTests.java                | 1 +
 .../security/web/csrf/HttpSessionCsrfTokenRepositoryTests.java  | 1 +
 .../security/web/csrf/MissingCsrfTokenExceptionTests.java       | 1 +
 .../springframework/security/web/debug/DebugFilterTests.java    | 1 +
 .../security/web/firewall/DefaultHttpFirewallTests.java         | 1 +
 .../web/firewall/DefaultRequestRejectedHandlerTests.java        | 1 +
 .../security/web/firewall/FirewalledResponseTests.java          | 1 +
 .../web/firewall/HttpStatusRequestRejectedHandlerTests.java     | 1 +
 .../security/web/firewall/RequestWrapperTests.java              | 1 +
 .../security/web/header/HeaderWriterFilterTests.java            | 1 +
 .../web/header/writers/CacheControlHeadersWriterTests.java      | 1 +
 .../security/web/header/writers/CompositeHeaderWriterTests.java | 1 +
 .../header/writers/ContentSecurityPolicyHeaderWriterTests.java  | 1 +
 .../writers/DelegatingRequestMatcherHeaderWriterTests.java      | 1 +
 .../security/web/header/writers/HpkpHeaderWriterTests.java      | 1 +
 .../security/web/header/writers/HstsHeaderWriterTests.java      | 1 +
 .../web/header/writers/ReferrerPolicyHeaderWriterTests.java     | 1 +
 .../security/web/header/writers/StaticHeaderWriterTests.java    | 1 +
 .../header/writers/XContentTypeOptionsHeaderWriterTests.java    | 1 +
 .../web/header/writers/XXssProtectionHeaderWriterTests.java     | 1 +
 .../AbstractRequestParameterAllowFromStrategyTests.java         | 1 +
 .../writers/frameoptions/FrameOptionsHeaderWriterTests.java     | 1 +
 .../writers/frameoptions/RegExpAllowFromStrategyTests.java      | 1 +
 .../writers/frameoptions/StaticAllowFromStrategyTests.java      | 1 +
 .../writers/frameoptions/WhiteListedAllowFromStrategyTests.java | 1 +
 .../AuthenticationPrincipalArgumentResolverTests.java           | 1 +
 .../web/method/annotation/CsrfTokenArgumentResolverTests.java   | 1 +
 .../annotation/CurrentSecurityContextArgumentResolverTests.java | 1 +
 .../security/web/savedrequest/CookieRequestCacheTests.java      | 1 +
 .../security/web/savedrequest/DefaultSavedRequestTests.java     | 1 +
 .../security/web/savedrequest/HttpSessionRequestCacheTests.java | 1 +
 .../security/web/savedrequest/RequestCacheAwareFilterTests.java | 1 +
 .../security/web/savedrequest/SavedCookieTests.java             | 1 +
 .../web/savedrequest/SavedRequestAwareWrapperTests.java         | 1 +
 .../security/web/savedrequest/SimpleSavedRequestTests.java      | 1 +
 .../logout/HeaderWriterServerLogoutHandlerTests.java            | 1 +
 .../security/web/server/csrf/CsrfServerLogoutHandlerTests.java  | 1 +
 .../server/header/CacheControlServerHttpHeadersWriterTests.java | 1 +
 .../header/ClearSiteDataServerHttpHeadersWriterTests.java       | 1 +
 .../server/header/CompositeServerHttpHeadersWriterTests.java    | 1 +
 .../web/server/header/HttpHeaderWriterWebFilterTests.java       | 1 +
 .../web/server/header/StaticServerHttpHeadersWriterTests.java   | 1 +
 .../StrictTransportSecurityServerHttpHeadersWriterTests.java    | 1 +
 .../header/XContentTypeOptionsServerHttpHeadersWriterTests.java | 1 +
 .../header/XFrameOptionsServerHttpHeadersWriterTests.java       | 1 +
 .../header/XXssProtectionServerHttpHeadersWriterTests.java      | 1 +
 .../util/matcher/PathMatcherServerWebExchangeMatcherTests.java  | 1 +
 .../support/csrf/CsrfRequestDataValueProcessorTests.java        | 1 +
 .../security/web/session/HttpSessionDestroyedEventTests.java    | 1 +
 .../security/web/session/SessionManagementFilterTests.java      | 1 +
 .../security/web/util/OnCommittedResponseWrapperTests.java      | 1 +
 .../springframework/security/web/util/TextEscapeUtilsTests.java | 1 +
 .../security/web/util/ThrowableAnalyzerTests.java               | 1 +
 .../org/springframework/security/web/util/UrlUtilsTests.java    | 1 +
 .../security/web/util/matcher/AndRequestMatcherTests.java       | 1 +
 .../security/web/util/matcher/ELRequestMatcherTests.java        | 1 +
 .../security/web/util/matcher/IpAddressMatcherTests.java        | 1 +
 .../util/matcher/MediaTypeRequestMatcherRequestHCNSTests.java   | 1 +
 .../security/web/util/matcher/MediaTypeRequestMatcherTests.java | 1 +
 .../security/web/util/matcher/NegatedRequestMatcherTests.java   | 1 +
 .../security/web/util/matcher/OrRequestMatcherTests.java        | 1 +
 .../web/util/matcher/RequestHeaderRequestMatcherTests.java      | 1 +
 1796 files changed, 1796 insertions(+), 1 deletion(-)

diff --git a/acl/src/main/java/org/springframework/security/acls/AclEntryVoter.java b/acl/src/main/java/org/springframework/security/acls/AclEntryVoter.java
index 73010a0575..1da5d07d6a 100644
--- a/acl/src/main/java/org/springframework/security/acls/AclEntryVoter.java
+++ b/acl/src/main/java/org/springframework/security/acls/AclEntryVoter.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.acls;
 
 import java.lang.reflect.InvocationTargetException;
diff --git a/acl/src/main/java/org/springframework/security/acls/AclPermissionCacheOptimizer.java b/acl/src/main/java/org/springframework/security/acls/AclPermissionCacheOptimizer.java
index 1c92b5b4e3..25fb52009a 100644
--- a/acl/src/main/java/org/springframework/security/acls/AclPermissionCacheOptimizer.java
+++ b/acl/src/main/java/org/springframework/security/acls/AclPermissionCacheOptimizer.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.acls;
 
 import java.util.ArrayList;
diff --git a/acl/src/main/java/org/springframework/security/acls/AclPermissionEvaluator.java b/acl/src/main/java/org/springframework/security/acls/AclPermissionEvaluator.java
index 2bc9b645f9..568f272c90 100644
--- a/acl/src/main/java/org/springframework/security/acls/AclPermissionEvaluator.java
+++ b/acl/src/main/java/org/springframework/security/acls/AclPermissionEvaluator.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.acls;
 
 import java.io.Serializable;
diff --git a/acl/src/main/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationCollectionFilteringProvider.java b/acl/src/main/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationCollectionFilteringProvider.java
index de001d40c8..80d8e5b2c8 100644
--- a/acl/src/main/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationCollectionFilteringProvider.java
+++ b/acl/src/main/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationCollectionFilteringProvider.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.acls.afterinvocation;
 
 import java.util.Collection;
diff --git a/acl/src/main/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationProvider.java b/acl/src/main/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationProvider.java
index 91f69396cc..d65017220e 100644
--- a/acl/src/main/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationProvider.java
+++ b/acl/src/main/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationProvider.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.acls.afterinvocation;
 
 import java.util.Collection;
diff --git a/acl/src/main/java/org/springframework/security/acls/afterinvocation/package-info.java b/acl/src/main/java/org/springframework/security/acls/afterinvocation/package-info.java
index 57897ef56f..4f4d7e647a 100644
--- a/acl/src/main/java/org/springframework/security/acls/afterinvocation/package-info.java
+++ b/acl/src/main/java/org/springframework/security/acls/afterinvocation/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * After-invocation providers for collection and array filtering. Consider using a
  * {@code PostFilter} annotation in preference.
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/AbstractPermission.java b/acl/src/main/java/org/springframework/security/acls/domain/AbstractPermission.java
index efc364acea..e878de16e6 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/AbstractPermission.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/AbstractPermission.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.acls.domain;
 
 import org.springframework.security.acls.model.Permission;
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/AccessControlEntryImpl.java b/acl/src/main/java/org/springframework/security/acls/domain/AccessControlEntryImpl.java
index 8a6ff5bee6..98dcc1e874 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/AccessControlEntryImpl.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/AccessControlEntryImpl.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.acls.domain;
 
 import java.io.Serializable;
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/AclFormattingUtils.java b/acl/src/main/java/org/springframework/security/acls/domain/AclFormattingUtils.java
index aedb5b8e5e..0922aa38bf 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/AclFormattingUtils.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/AclFormattingUtils.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.acls.domain;
 
 import org.springframework.security.acls.model.Permission;
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/AclImpl.java b/acl/src/main/java/org/springframework/security/acls/domain/AclImpl.java
index b314b389a9..3ef40c7b47 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/AclImpl.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/AclImpl.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.acls.domain;
 
 import java.io.Serializable;
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/AuditLogger.java b/acl/src/main/java/org/springframework/security/acls/domain/AuditLogger.java
index 2caf8fceb1..0003f44154 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/AuditLogger.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/AuditLogger.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.acls.domain;
 
 import org.springframework.security.acls.model.AccessControlEntry;
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/BasePermission.java b/acl/src/main/java/org/springframework/security/acls/domain/BasePermission.java
index c0bc3ce92b..5da94f08d4 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/BasePermission.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/BasePermission.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.acls.domain;
 
 import org.springframework.security.acls.model.Permission;
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/ConsoleAuditLogger.java b/acl/src/main/java/org/springframework/security/acls/domain/ConsoleAuditLogger.java
index 45770cbb0a..ee2aec26a8 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/ConsoleAuditLogger.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/ConsoleAuditLogger.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.acls.domain;
 
 import org.springframework.security.acls.model.AccessControlEntry;
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/CumulativePermission.java b/acl/src/main/java/org/springframework/security/acls/domain/CumulativePermission.java
index 2f1ff2d315..d895f0bb46 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/CumulativePermission.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/CumulativePermission.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.acls.domain;
 
 import org.springframework.security.acls.model.Permission;
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/DefaultPermissionFactory.java b/acl/src/main/java/org/springframework/security/acls/domain/DefaultPermissionFactory.java
index 0d57a3cde0..abc67f6d01 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/DefaultPermissionFactory.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/DefaultPermissionFactory.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.acls.domain;
 
 import java.lang.reflect.Field;
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/DefaultPermissionGrantingStrategy.java b/acl/src/main/java/org/springframework/security/acls/domain/DefaultPermissionGrantingStrategy.java
index af9e44b6d5..6b3d7ae2fb 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/DefaultPermissionGrantingStrategy.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/DefaultPermissionGrantingStrategy.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.acls.domain;
 
 import java.util.List;
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/EhCacheBasedAclCache.java b/acl/src/main/java/org/springframework/security/acls/domain/EhCacheBasedAclCache.java
index 861b4e3efa..0a7af4a255 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/EhCacheBasedAclCache.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/EhCacheBasedAclCache.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.acls.domain;
 
 import java.io.Serializable;
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/GrantedAuthoritySid.java b/acl/src/main/java/org/springframework/security/acls/domain/GrantedAuthoritySid.java
index 1389700d94..64eb57aacd 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/GrantedAuthoritySid.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/GrantedAuthoritySid.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.acls.domain;
 
 import org.springframework.security.acls.model.Sid;
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/IdentityUnavailableException.java b/acl/src/main/java/org/springframework/security/acls/domain/IdentityUnavailableException.java
index ab53988f52..c18fc33606 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/IdentityUnavailableException.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/IdentityUnavailableException.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.acls.domain;
 
 /**
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/ObjectIdentityImpl.java b/acl/src/main/java/org/springframework/security/acls/domain/ObjectIdentityImpl.java
index 4c64e995e4..61018e349c 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/ObjectIdentityImpl.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/ObjectIdentityImpl.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.acls.domain;
 
 import java.io.Serializable;
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/PermissionFactory.java b/acl/src/main/java/org/springframework/security/acls/domain/PermissionFactory.java
index cad03adcd9..70ca75701e 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/PermissionFactory.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/PermissionFactory.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.acls.domain;
 
 import java.util.List;
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/PrincipalSid.java b/acl/src/main/java/org/springframework/security/acls/domain/PrincipalSid.java
index 71dae880aa..1dc357762f 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/PrincipalSid.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/PrincipalSid.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.acls.domain;
 
 import org.springframework.security.acls.model.Sid;
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/SpringCacheBasedAclCache.java b/acl/src/main/java/org/springframework/security/acls/domain/SpringCacheBasedAclCache.java
index 24125209a7..37b2bd2fee 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/SpringCacheBasedAclCache.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/SpringCacheBasedAclCache.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.acls.domain;
 
 import java.io.Serializable;
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/package-info.java b/acl/src/main/java/org/springframework/security/acls/domain/package-info.java
index 8af64c8a7d..8ef86cecdb 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/package-info.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * Basic implementation of access control lists (ACLs) interfaces.
  */
diff --git a/acl/src/main/java/org/springframework/security/acls/jdbc/AclClassIdUtils.java b/acl/src/main/java/org/springframework/security/acls/jdbc/AclClassIdUtils.java
index fc311910cd..8f000bdd83 100644
--- a/acl/src/main/java/org/springframework/security/acls/jdbc/AclClassIdUtils.java
+++ b/acl/src/main/java/org/springframework/security/acls/jdbc/AclClassIdUtils.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.acls.jdbc;
 
 import java.io.Serializable;
diff --git a/acl/src/main/java/org/springframework/security/acls/jdbc/BasicLookupStrategy.java b/acl/src/main/java/org/springframework/security/acls/jdbc/BasicLookupStrategy.java
index 2faaeb2ac0..0b69010fd2 100644
--- a/acl/src/main/java/org/springframework/security/acls/jdbc/BasicLookupStrategy.java
+++ b/acl/src/main/java/org/springframework/security/acls/jdbc/BasicLookupStrategy.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.acls.jdbc;
 
 import java.io.Serializable;
diff --git a/acl/src/main/java/org/springframework/security/acls/jdbc/JdbcAclService.java b/acl/src/main/java/org/springframework/security/acls/jdbc/JdbcAclService.java
index 9cdf35873b..f78ec7601f 100644
--- a/acl/src/main/java/org/springframework/security/acls/jdbc/JdbcAclService.java
+++ b/acl/src/main/java/org/springframework/security/acls/jdbc/JdbcAclService.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.acls.jdbc;
 
 import java.io.Serializable;
diff --git a/acl/src/main/java/org/springframework/security/acls/jdbc/JdbcMutableAclService.java b/acl/src/main/java/org/springframework/security/acls/jdbc/JdbcMutableAclService.java
index b5b5ab5d3b..eb52374c07 100644
--- a/acl/src/main/java/org/springframework/security/acls/jdbc/JdbcMutableAclService.java
+++ b/acl/src/main/java/org/springframework/security/acls/jdbc/JdbcMutableAclService.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.acls.jdbc;
 
 import java.sql.PreparedStatement;
diff --git a/acl/src/main/java/org/springframework/security/acls/jdbc/LookupStrategy.java b/acl/src/main/java/org/springframework/security/acls/jdbc/LookupStrategy.java
index a7cfa4a8a6..adc6c6aef1 100644
--- a/acl/src/main/java/org/springframework/security/acls/jdbc/LookupStrategy.java
+++ b/acl/src/main/java/org/springframework/security/acls/jdbc/LookupStrategy.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.acls.jdbc;
 
 import java.util.List;
diff --git a/acl/src/main/java/org/springframework/security/acls/jdbc/package-info.java b/acl/src/main/java/org/springframework/security/acls/jdbc/package-info.java
index 0293449a4b..2c34420915 100644
--- a/acl/src/main/java/org/springframework/security/acls/jdbc/package-info.java
+++ b/acl/src/main/java/org/springframework/security/acls/jdbc/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * JDBC-based persistence of ACL information
  */
diff --git a/acl/src/main/java/org/springframework/security/acls/model/AccessControlEntry.java b/acl/src/main/java/org/springframework/security/acls/model/AccessControlEntry.java
index bc65718372..90a31179d7 100644
--- a/acl/src/main/java/org/springframework/security/acls/model/AccessControlEntry.java
+++ b/acl/src/main/java/org/springframework/security/acls/model/AccessControlEntry.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.acls.model;
 
 import java.io.Serializable;
diff --git a/acl/src/main/java/org/springframework/security/acls/model/Acl.java b/acl/src/main/java/org/springframework/security/acls/model/Acl.java
index 9174cd6b15..8128c9e0c1 100644
--- a/acl/src/main/java/org/springframework/security/acls/model/Acl.java
+++ b/acl/src/main/java/org/springframework/security/acls/model/Acl.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.acls.model;
 
 import java.io.Serializable;
diff --git a/acl/src/main/java/org/springframework/security/acls/model/AclCache.java b/acl/src/main/java/org/springframework/security/acls/model/AclCache.java
index 40857863f6..461d742c80 100644
--- a/acl/src/main/java/org/springframework/security/acls/model/AclCache.java
+++ b/acl/src/main/java/org/springframework/security/acls/model/AclCache.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.acls.model;
 
 import java.io.Serializable;
diff --git a/acl/src/main/java/org/springframework/security/acls/model/AclDataAccessException.java b/acl/src/main/java/org/springframework/security/acls/model/AclDataAccessException.java
index dc363d1318..84d65590b7 100644
--- a/acl/src/main/java/org/springframework/security/acls/model/AclDataAccessException.java
+++ b/acl/src/main/java/org/springframework/security/acls/model/AclDataAccessException.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.acls.model;
 
 /**
diff --git a/acl/src/main/java/org/springframework/security/acls/model/AclService.java b/acl/src/main/java/org/springframework/security/acls/model/AclService.java
index 2220f04fbb..2866ec83bd 100644
--- a/acl/src/main/java/org/springframework/security/acls/model/AclService.java
+++ b/acl/src/main/java/org/springframework/security/acls/model/AclService.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.acls.model;
 
 import java.util.List;
diff --git a/acl/src/main/java/org/springframework/security/acls/model/AlreadyExistsException.java b/acl/src/main/java/org/springframework/security/acls/model/AlreadyExistsException.java
index a8b3130f46..0f82ee6b34 100644
--- a/acl/src/main/java/org/springframework/security/acls/model/AlreadyExistsException.java
+++ b/acl/src/main/java/org/springframework/security/acls/model/AlreadyExistsException.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.acls.model;
 
 /**
diff --git a/acl/src/main/java/org/springframework/security/acls/model/AuditableAccessControlEntry.java b/acl/src/main/java/org/springframework/security/acls/model/AuditableAccessControlEntry.java
index 2f541427e0..eac37798a1 100644
--- a/acl/src/main/java/org/springframework/security/acls/model/AuditableAccessControlEntry.java
+++ b/acl/src/main/java/org/springframework/security/acls/model/AuditableAccessControlEntry.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.acls.model;
 
 /**
diff --git a/acl/src/main/java/org/springframework/security/acls/model/AuditableAcl.java b/acl/src/main/java/org/springframework/security/acls/model/AuditableAcl.java
index 19e224afc0..e83f298777 100644
--- a/acl/src/main/java/org/springframework/security/acls/model/AuditableAcl.java
+++ b/acl/src/main/java/org/springframework/security/acls/model/AuditableAcl.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.acls.model;
 
 /**
diff --git a/acl/src/main/java/org/springframework/security/acls/model/ChildrenExistException.java b/acl/src/main/java/org/springframework/security/acls/model/ChildrenExistException.java
index fca77474ff..d65f1903bb 100644
--- a/acl/src/main/java/org/springframework/security/acls/model/ChildrenExistException.java
+++ b/acl/src/main/java/org/springframework/security/acls/model/ChildrenExistException.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.acls.model;
 
 /**
diff --git a/acl/src/main/java/org/springframework/security/acls/model/MutableAcl.java b/acl/src/main/java/org/springframework/security/acls/model/MutableAcl.java
index 0b813a67ba..9231a0cc30 100644
--- a/acl/src/main/java/org/springframework/security/acls/model/MutableAcl.java
+++ b/acl/src/main/java/org/springframework/security/acls/model/MutableAcl.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.acls.model;
 
 import java.io.Serializable;
diff --git a/acl/src/main/java/org/springframework/security/acls/model/MutableAclService.java b/acl/src/main/java/org/springframework/security/acls/model/MutableAclService.java
index 6892f91f53..cdc229120e 100644
--- a/acl/src/main/java/org/springframework/security/acls/model/MutableAclService.java
+++ b/acl/src/main/java/org/springframework/security/acls/model/MutableAclService.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.acls.model;
 
 /**
diff --git a/acl/src/main/java/org/springframework/security/acls/model/NotFoundException.java b/acl/src/main/java/org/springframework/security/acls/model/NotFoundException.java
index 9f738f7cc2..1b0ab639bd 100644
--- a/acl/src/main/java/org/springframework/security/acls/model/NotFoundException.java
+++ b/acl/src/main/java/org/springframework/security/acls/model/NotFoundException.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.acls.model;
 
 /**
diff --git a/acl/src/main/java/org/springframework/security/acls/model/ObjectIdentity.java b/acl/src/main/java/org/springframework/security/acls/model/ObjectIdentity.java
index 265989b0a6..995e514056 100644
--- a/acl/src/main/java/org/springframework/security/acls/model/ObjectIdentity.java
+++ b/acl/src/main/java/org/springframework/security/acls/model/ObjectIdentity.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.acls.model;
 
 import java.io.Serializable;
diff --git a/acl/src/main/java/org/springframework/security/acls/model/ObjectIdentityGenerator.java b/acl/src/main/java/org/springframework/security/acls/model/ObjectIdentityGenerator.java
index b78059c8f1..e46f3dc09f 100644
--- a/acl/src/main/java/org/springframework/security/acls/model/ObjectIdentityGenerator.java
+++ b/acl/src/main/java/org/springframework/security/acls/model/ObjectIdentityGenerator.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.acls.model;
 
 import java.io.Serializable;
diff --git a/acl/src/main/java/org/springframework/security/acls/model/OwnershipAcl.java b/acl/src/main/java/org/springframework/security/acls/model/OwnershipAcl.java
index c3dc78b35a..de1e0bbace 100644
--- a/acl/src/main/java/org/springframework/security/acls/model/OwnershipAcl.java
+++ b/acl/src/main/java/org/springframework/security/acls/model/OwnershipAcl.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.acls.model;
 
 /**
diff --git a/acl/src/main/java/org/springframework/security/acls/model/Permission.java b/acl/src/main/java/org/springframework/security/acls/model/Permission.java
index 5e75764942..99a0d36a76 100644
--- a/acl/src/main/java/org/springframework/security/acls/model/Permission.java
+++ b/acl/src/main/java/org/springframework/security/acls/model/Permission.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.acls.model;
 
 import java.io.Serializable;
diff --git a/acl/src/main/java/org/springframework/security/acls/model/PermissionGrantingStrategy.java b/acl/src/main/java/org/springframework/security/acls/model/PermissionGrantingStrategy.java
index f9d5ffe351..13ccb68062 100644
--- a/acl/src/main/java/org/springframework/security/acls/model/PermissionGrantingStrategy.java
+++ b/acl/src/main/java/org/springframework/security/acls/model/PermissionGrantingStrategy.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.acls.model;
 
 import java.util.List;
diff --git a/acl/src/main/java/org/springframework/security/acls/model/Sid.java b/acl/src/main/java/org/springframework/security/acls/model/Sid.java
index fe9f55f313..1e16e8ea94 100644
--- a/acl/src/main/java/org/springframework/security/acls/model/Sid.java
+++ b/acl/src/main/java/org/springframework/security/acls/model/Sid.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.acls.model;
 
 import java.io.Serializable;
diff --git a/acl/src/main/java/org/springframework/security/acls/model/UnloadedSidException.java b/acl/src/main/java/org/springframework/security/acls/model/UnloadedSidException.java
index fd95557ab2..fe208d693b 100644
--- a/acl/src/main/java/org/springframework/security/acls/model/UnloadedSidException.java
+++ b/acl/src/main/java/org/springframework/security/acls/model/UnloadedSidException.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.acls.model;
 
 /**
diff --git a/acl/src/main/java/org/springframework/security/acls/model/package-info.java b/acl/src/main/java/org/springframework/security/acls/model/package-info.java
index 7b06410450..98dba043d4 100644
--- a/acl/src/main/java/org/springframework/security/acls/model/package-info.java
+++ b/acl/src/main/java/org/springframework/security/acls/model/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * Interfaces and shared classes to manage access control lists (ACLs) for domain object
  * instances.
diff --git a/acl/src/main/java/org/springframework/security/acls/package-info.java b/acl/src/main/java/org/springframework/security/acls/package-info.java
index 7b764596d5..dbd8f749de 100644
--- a/acl/src/main/java/org/springframework/security/acls/package-info.java
+++ b/acl/src/main/java/org/springframework/security/acls/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * The Spring Security ACL package which implements instance-based security for domain
  * objects.
diff --git a/acl/src/test/java/org/springframework/security/acls/AclFormattingUtilsTests.java b/acl/src/test/java/org/springframework/security/acls/AclFormattingUtilsTests.java
index 2d22d6a8eb..268beeef5a 100644
--- a/acl/src/test/java/org/springframework/security/acls/AclFormattingUtilsTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/AclFormattingUtilsTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.acls;
 
 import org.junit.Test;
diff --git a/acl/src/test/java/org/springframework/security/acls/AclPermissionCacheOptimizerTests.java b/acl/src/test/java/org/springframework/security/acls/AclPermissionCacheOptimizerTests.java
index 221e1b0cac..968cf92093 100644
--- a/acl/src/test/java/org/springframework/security/acls/AclPermissionCacheOptimizerTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/AclPermissionCacheOptimizerTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.acls;
 
 import java.util.Arrays;
diff --git a/acl/src/test/java/org/springframework/security/acls/AclPermissionEvaluatorTests.java b/acl/src/test/java/org/springframework/security/acls/AclPermissionEvaluatorTests.java
index c0100858b9..5bdc6a5446 100644
--- a/acl/src/test/java/org/springframework/security/acls/AclPermissionEvaluatorTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/AclPermissionEvaluatorTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.acls;
 
 import java.util.Locale;
diff --git a/acl/src/test/java/org/springframework/security/acls/TargetObject.java b/acl/src/test/java/org/springframework/security/acls/TargetObject.java
index c18f3e03ee..eeac7c8d70 100644
--- a/acl/src/test/java/org/springframework/security/acls/TargetObject.java
+++ b/acl/src/test/java/org/springframework/security/acls/TargetObject.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.acls;
 
 /**
diff --git a/acl/src/test/java/org/springframework/security/acls/TargetObjectWithUUID.java b/acl/src/test/java/org/springframework/security/acls/TargetObjectWithUUID.java
index 199eff0eb2..ee0727fa69 100644
--- a/acl/src/test/java/org/springframework/security/acls/TargetObjectWithUUID.java
+++ b/acl/src/test/java/org/springframework/security/acls/TargetObjectWithUUID.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.acls;
 
 import java.util.UUID;
diff --git a/acl/src/test/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationCollectionFilteringProviderTests.java b/acl/src/test/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationCollectionFilteringProviderTests.java
index dae0fd62c2..55800137e0 100644
--- a/acl/src/test/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationCollectionFilteringProviderTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationCollectionFilteringProviderTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.acls.afterinvocation;
 
 import java.util.ArrayList;
diff --git a/acl/src/test/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationProviderTests.java b/acl/src/test/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationProviderTests.java
index 8a7787577c..5e8bb47953 100644
--- a/acl/src/test/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationProviderTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationProviderTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.acls.afterinvocation;
 
 import java.util.Arrays;
diff --git a/acl/src/test/java/org/springframework/security/acls/domain/AccessControlImplEntryTests.java b/acl/src/test/java/org/springframework/security/acls/domain/AccessControlImplEntryTests.java
index 11b01e2c56..c51bc86701 100644
--- a/acl/src/test/java/org/springframework/security/acls/domain/AccessControlImplEntryTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/domain/AccessControlImplEntryTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.acls.domain;
 
 import org.junit.Test;
diff --git a/acl/src/test/java/org/springframework/security/acls/domain/AclAuthorizationStrategyImplTests.java b/acl/src/test/java/org/springframework/security/acls/domain/AclAuthorizationStrategyImplTests.java
index 907f7c1cc0..e1b06b7418 100644
--- a/acl/src/test/java/org/springframework/security/acls/domain/AclAuthorizationStrategyImplTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/domain/AclAuthorizationStrategyImplTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.acls.domain;
 
 import java.util.Arrays;
diff --git a/acl/src/test/java/org/springframework/security/acls/domain/AclImplTests.java b/acl/src/test/java/org/springframework/security/acls/domain/AclImplTests.java
index bb162fe65b..7427916de8 100644
--- a/acl/src/test/java/org/springframework/security/acls/domain/AclImplTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/domain/AclImplTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.acls.domain;
 
 import java.lang.reflect.Field;
diff --git a/acl/src/test/java/org/springframework/security/acls/domain/AclImplementationSecurityCheckTests.java b/acl/src/test/java/org/springframework/security/acls/domain/AclImplementationSecurityCheckTests.java
index 3d92896b3b..b563914901 100644
--- a/acl/src/test/java/org/springframework/security/acls/domain/AclImplementationSecurityCheckTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/domain/AclImplementationSecurityCheckTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.acls.domain;
 
 import org.junit.After;
diff --git a/acl/src/test/java/org/springframework/security/acls/domain/AuditLoggerTests.java b/acl/src/test/java/org/springframework/security/acls/domain/AuditLoggerTests.java
index 7e087b54d1..6542c73b59 100644
--- a/acl/src/test/java/org/springframework/security/acls/domain/AuditLoggerTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/domain/AuditLoggerTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.acls.domain;
 
 import java.io.ByteArrayOutputStream;
diff --git a/acl/src/test/java/org/springframework/security/acls/domain/ObjectIdentityImplTests.java b/acl/src/test/java/org/springframework/security/acls/domain/ObjectIdentityImplTests.java
index aa0c527ca4..f4def65adc 100644
--- a/acl/src/test/java/org/springframework/security/acls/domain/ObjectIdentityImplTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/domain/ObjectIdentityImplTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.acls.domain;
 
 import org.junit.Test;
diff --git a/acl/src/test/java/org/springframework/security/acls/domain/ObjectIdentityRetrievalStrategyImplTests.java b/acl/src/test/java/org/springframework/security/acls/domain/ObjectIdentityRetrievalStrategyImplTests.java
index 4cf3431e7b..ec2c572b95 100644
--- a/acl/src/test/java/org/springframework/security/acls/domain/ObjectIdentityRetrievalStrategyImplTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/domain/ObjectIdentityRetrievalStrategyImplTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.acls.domain;
 
 import org.junit.Test;
diff --git a/acl/src/test/java/org/springframework/security/acls/domain/PermissionTests.java b/acl/src/test/java/org/springframework/security/acls/domain/PermissionTests.java
index f81c64ff6d..1d10aeb66c 100644
--- a/acl/src/test/java/org/springframework/security/acls/domain/PermissionTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/domain/PermissionTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.acls.domain;
 
 import org.junit.Before;
diff --git a/acl/src/test/java/org/springframework/security/acls/domain/SpecialPermission.java b/acl/src/test/java/org/springframework/security/acls/domain/SpecialPermission.java
index c6ebb59d02..fb11be3008 100644
--- a/acl/src/test/java/org/springframework/security/acls/domain/SpecialPermission.java
+++ b/acl/src/test/java/org/springframework/security/acls/domain/SpecialPermission.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.acls.domain;
 
 import org.springframework.security.acls.model.Permission;
diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/AbstractBasicLookupStrategyTests.java b/acl/src/test/java/org/springframework/security/acls/jdbc/AbstractBasicLookupStrategyTests.java
index d3a32c1996..097be23708 100644
--- a/acl/src/test/java/org/springframework/security/acls/jdbc/AbstractBasicLookupStrategyTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/jdbc/AbstractBasicLookupStrategyTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.acls.jdbc;
 
 import java.util.Arrays;
diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/AclClassIdUtilsTests.java b/acl/src/test/java/org/springframework/security/acls/jdbc/AclClassIdUtilsTests.java
index 04dba0b446..99660737d7 100644
--- a/acl/src/test/java/org/springframework/security/acls/jdbc/AclClassIdUtilsTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/jdbc/AclClassIdUtilsTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.acls.jdbc;
 
 import java.io.Serializable;
diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/BasicLookupStrategyTests.java b/acl/src/test/java/org/springframework/security/acls/jdbc/BasicLookupStrategyTests.java
index 82b5f1286d..4e117ee5c0 100644
--- a/acl/src/test/java/org/springframework/security/acls/jdbc/BasicLookupStrategyTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/jdbc/BasicLookupStrategyTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.acls.jdbc;
 
 import javax.sql.DataSource;
diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/BasicLookupStrategyTestsDbHelper.java b/acl/src/test/java/org/springframework/security/acls/jdbc/BasicLookupStrategyTestsDbHelper.java
index b15647d16c..16206dea2b 100644
--- a/acl/src/test/java/org/springframework/security/acls/jdbc/BasicLookupStrategyTestsDbHelper.java
+++ b/acl/src/test/java/org/springframework/security/acls/jdbc/BasicLookupStrategyTestsDbHelper.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.acls.jdbc;
 
 import org.springframework.core.io.ClassPathResource;
diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/BasicLookupStrategyWithAclClassTypeTests.java b/acl/src/test/java/org/springframework/security/acls/jdbc/BasicLookupStrategyWithAclClassTypeTests.java
index 2c69fa7ce1..532304a57b 100644
--- a/acl/src/test/java/org/springframework/security/acls/jdbc/BasicLookupStrategyWithAclClassTypeTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/jdbc/BasicLookupStrategyWithAclClassTypeTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.acls.jdbc;
 
 import java.util.Arrays;
diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/DatabaseSeeder.java b/acl/src/test/java/org/springframework/security/acls/jdbc/DatabaseSeeder.java
index f9368db79c..9d2d6c2e5d 100644
--- a/acl/src/test/java/org/springframework/security/acls/jdbc/DatabaseSeeder.java
+++ b/acl/src/test/java/org/springframework/security/acls/jdbc/DatabaseSeeder.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.acls.jdbc;
 
 import java.io.IOException;
diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/EhCacheBasedAclCacheTests.java b/acl/src/test/java/org/springframework/security/acls/jdbc/EhCacheBasedAclCacheTests.java
index edadf05442..04f496a43b 100644
--- a/acl/src/test/java/org/springframework/security/acls/jdbc/EhCacheBasedAclCacheTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/jdbc/EhCacheBasedAclCacheTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.acls.jdbc;
 
 import java.io.File;
diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcAclServiceTests.java b/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcAclServiceTests.java
index 6d7e6a8f70..d76f888c08 100644
--- a/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcAclServiceTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcAclServiceTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.acls.jdbc;
 
 import java.util.ArrayList;
diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTests.java b/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTests.java
index 5a43cd8d54..9d70049f1a 100644
--- a/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.acls.jdbc;
 
 import java.util.Arrays;
diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTestsWithAclClassId.java b/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTestsWithAclClassId.java
index a0c990fe74..f912ad7514 100644
--- a/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTestsWithAclClassId.java
+++ b/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTestsWithAclClassId.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.acls.jdbc;
 
 import java.util.UUID;
diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/SpringCacheBasedAclCacheTests.java b/acl/src/test/java/org/springframework/security/acls/jdbc/SpringCacheBasedAclCacheTests.java
index 94d1fd7e8b..3d2a9c7928 100644
--- a/acl/src/test/java/org/springframework/security/acls/jdbc/SpringCacheBasedAclCacheTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/jdbc/SpringCacheBasedAclCacheTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.acls.jdbc;
 
 import java.util.Map;
diff --git a/acl/src/test/java/org/springframework/security/acls/sid/CustomSid.java b/acl/src/test/java/org/springframework/security/acls/sid/CustomSid.java
index ab947c00e6..92d0ceef48 100644
--- a/acl/src/test/java/org/springframework/security/acls/sid/CustomSid.java
+++ b/acl/src/test/java/org/springframework/security/acls/sid/CustomSid.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.acls.sid;
 
 import org.springframework.security.acls.model.Sid;
diff --git a/acl/src/test/java/org/springframework/security/acls/sid/SidRetrievalStrategyTests.java b/acl/src/test/java/org/springframework/security/acls/sid/SidRetrievalStrategyTests.java
index b25bf3c50a..0d5d0617a6 100644
--- a/acl/src/test/java/org/springframework/security/acls/sid/SidRetrievalStrategyTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/sid/SidRetrievalStrategyTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.acls.sid;
 
 import java.util.List;
diff --git a/acl/src/test/java/org/springframework/security/acls/sid/SidTests.java b/acl/src/test/java/org/springframework/security/acls/sid/SidTests.java
index 7cf9bad483..c9ae5a238b 100644
--- a/acl/src/test/java/org/springframework/security/acls/sid/SidTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/sid/SidTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.acls.sid;
 
 import java.util.Collection;
diff --git a/aspects/src/test/java/org/springframework/security/access/intercept/aspectj/aspect/AnnotationSecurityAspectTests.java b/aspects/src/test/java/org/springframework/security/access/intercept/aspectj/aspect/AnnotationSecurityAspectTests.java
index 9a6b63ddc8..f7d81ac042 100644
--- a/aspects/src/test/java/org/springframework/security/access/intercept/aspectj/aspect/AnnotationSecurityAspectTests.java
+++ b/aspects/src/test/java/org/springframework/security/access/intercept/aspectj/aspect/AnnotationSecurityAspectTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.access.intercept.aspectj.aspect;
 
 import java.util.ArrayList;
diff --git a/cas/src/main/java/org/springframework/security/cas/SamlServiceProperties.java b/cas/src/main/java/org/springframework/security/cas/SamlServiceProperties.java
index c20e352e73..8e300f8f8e 100644
--- a/cas/src/main/java/org/springframework/security/cas/SamlServiceProperties.java
+++ b/cas/src/main/java/org/springframework/security/cas/SamlServiceProperties.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.cas;
 
 /**
diff --git a/cas/src/main/java/org/springframework/security/cas/authentication/CasAssertionAuthenticationToken.java b/cas/src/main/java/org/springframework/security/cas/authentication/CasAssertionAuthenticationToken.java
index 8794c2987c..2786f90941 100644
--- a/cas/src/main/java/org/springframework/security/cas/authentication/CasAssertionAuthenticationToken.java
+++ b/cas/src/main/java/org/springframework/security/cas/authentication/CasAssertionAuthenticationToken.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.cas.authentication;
 
 import java.util.ArrayList;
diff --git a/cas/src/main/java/org/springframework/security/cas/authentication/NullStatelessTicketCache.java b/cas/src/main/java/org/springframework/security/cas/authentication/NullStatelessTicketCache.java
index ee217f7c7b..4284161a39 100644
--- a/cas/src/main/java/org/springframework/security/cas/authentication/NullStatelessTicketCache.java
+++ b/cas/src/main/java/org/springframework/security/cas/authentication/NullStatelessTicketCache.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.cas.authentication;
 
 /**
diff --git a/cas/src/main/java/org/springframework/security/cas/authentication/SpringCacheBasedTicketCache.java b/cas/src/main/java/org/springframework/security/cas/authentication/SpringCacheBasedTicketCache.java
index bdf30ea4b3..35eb7b084e 100644
--- a/cas/src/main/java/org/springframework/security/cas/authentication/SpringCacheBasedTicketCache.java
+++ b/cas/src/main/java/org/springframework/security/cas/authentication/SpringCacheBasedTicketCache.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.cas.authentication;
 
 import org.apache.commons.logging.Log;
diff --git a/cas/src/main/java/org/springframework/security/cas/authentication/package-info.java b/cas/src/main/java/org/springframework/security/cas/authentication/package-info.java
index c951b0f08b..8803500a0a 100644
--- a/cas/src/main/java/org/springframework/security/cas/authentication/package-info.java
+++ b/cas/src/main/java/org/springframework/security/cas/authentication/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * An {@code AuthenticationProvider} that can process CAS service tickets and proxy
  * tickets.
diff --git a/cas/src/main/java/org/springframework/security/cas/package-info.java b/cas/src/main/java/org/springframework/security/cas/package-info.java
index 87b0b093f8..13fae9057d 100644
--- a/cas/src/main/java/org/springframework/security/cas/package-info.java
+++ b/cas/src/main/java/org/springframework/security/cas/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * Spring Security support for Jasig's Central Authentication Service
  * (<a href="https://www.jasig.org/cas">CAS</a>).
diff --git a/cas/src/main/java/org/springframework/security/cas/userdetails/AbstractCasAssertionUserDetailsService.java b/cas/src/main/java/org/springframework/security/cas/userdetails/AbstractCasAssertionUserDetailsService.java
index 786f52a717..3d8cd9e412 100644
--- a/cas/src/main/java/org/springframework/security/cas/userdetails/AbstractCasAssertionUserDetailsService.java
+++ b/cas/src/main/java/org/springframework/security/cas/userdetails/AbstractCasAssertionUserDetailsService.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.cas.userdetails;
 
 import org.jasig.cas.client.validation.Assertion;
diff --git a/cas/src/main/java/org/springframework/security/cas/userdetails/GrantedAuthorityFromAssertionAttributesUserDetailsService.java b/cas/src/main/java/org/springframework/security/cas/userdetails/GrantedAuthorityFromAssertionAttributesUserDetailsService.java
index b29a6dd04f..9c5bf999df 100644
--- a/cas/src/main/java/org/springframework/security/cas/userdetails/GrantedAuthorityFromAssertionAttributesUserDetailsService.java
+++ b/cas/src/main/java/org/springframework/security/cas/userdetails/GrantedAuthorityFromAssertionAttributesUserDetailsService.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.cas.userdetails;
 
 import java.util.ArrayList;
diff --git a/cas/src/main/java/org/springframework/security/cas/web/authentication/DefaultServiceAuthenticationDetails.java b/cas/src/main/java/org/springframework/security/cas/web/authentication/DefaultServiceAuthenticationDetails.java
index 5cc9828d16..d16c723826 100644
--- a/cas/src/main/java/org/springframework/security/cas/web/authentication/DefaultServiceAuthenticationDetails.java
+++ b/cas/src/main/java/org/springframework/security/cas/web/authentication/DefaultServiceAuthenticationDetails.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.cas.web.authentication;
 
 import java.net.MalformedURLException;
diff --git a/cas/src/main/java/org/springframework/security/cas/web/authentication/ServiceAuthenticationDetails.java b/cas/src/main/java/org/springframework/security/cas/web/authentication/ServiceAuthenticationDetails.java
index 2f97f1321c..e14da3d70e 100644
--- a/cas/src/main/java/org/springframework/security/cas/web/authentication/ServiceAuthenticationDetails.java
+++ b/cas/src/main/java/org/springframework/security/cas/web/authentication/ServiceAuthenticationDetails.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.cas.web.authentication;
 
 import java.io.Serializable;
diff --git a/cas/src/main/java/org/springframework/security/cas/web/authentication/ServiceAuthenticationDetailsSource.java b/cas/src/main/java/org/springframework/security/cas/web/authentication/ServiceAuthenticationDetailsSource.java
index 530fae36c3..375952373f 100644
--- a/cas/src/main/java/org/springframework/security/cas/web/authentication/ServiceAuthenticationDetailsSource.java
+++ b/cas/src/main/java/org/springframework/security/cas/web/authentication/ServiceAuthenticationDetailsSource.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.cas.web.authentication;
 
 import java.net.MalformedURLException;
diff --git a/cas/src/main/java/org/springframework/security/cas/web/authentication/package-info.java b/cas/src/main/java/org/springframework/security/cas/web/authentication/package-info.java
index f774c00ef9..ecd447dbac 100644
--- a/cas/src/main/java/org/springframework/security/cas/web/authentication/package-info.java
+++ b/cas/src/main/java/org/springframework/security/cas/web/authentication/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * Authentication processing mechanisms which respond to the submission of authentication
  * credentials using CAS.
diff --git a/cas/src/main/java/org/springframework/security/cas/web/package-info.java b/cas/src/main/java/org/springframework/security/cas/web/package-info.java
index b37f7e89f2..903fdb8d4c 100644
--- a/cas/src/main/java/org/springframework/security/cas/web/package-info.java
+++ b/cas/src/main/java/org/springframework/security/cas/web/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * Authenticates standard web browser users via CAS.
  */
diff --git a/cas/src/test/java/org/springframework/security/cas/authentication/AbstractStatelessTicketCacheTests.java b/cas/src/test/java/org/springframework/security/cas/authentication/AbstractStatelessTicketCacheTests.java
index 43b0ea5262..d9248e6eec 100644
--- a/cas/src/test/java/org/springframework/security/cas/authentication/AbstractStatelessTicketCacheTests.java
+++ b/cas/src/test/java/org/springframework/security/cas/authentication/AbstractStatelessTicketCacheTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.cas.authentication;
 
 import java.util.ArrayList;
diff --git a/cas/src/test/java/org/springframework/security/cas/authentication/NullStatelessTicketCacheTests.java b/cas/src/test/java/org/springframework/security/cas/authentication/NullStatelessTicketCacheTests.java
index ddbaafe5e0..c48644644b 100644
--- a/cas/src/test/java/org/springframework/security/cas/authentication/NullStatelessTicketCacheTests.java
+++ b/cas/src/test/java/org/springframework/security/cas/authentication/NullStatelessTicketCacheTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.cas.authentication;
 
 import org.junit.Test;
diff --git a/cas/src/test/java/org/springframework/security/cas/userdetails/GrantedAuthorityFromAssertionAttributesUserDetailsServiceTests.java b/cas/src/test/java/org/springframework/security/cas/userdetails/GrantedAuthorityFromAssertionAttributesUserDetailsServiceTests.java
index c140dfad92..e33e8a441e 100644
--- a/cas/src/test/java/org/springframework/security/cas/userdetails/GrantedAuthorityFromAssertionAttributesUserDetailsServiceTests.java
+++ b/cas/src/test/java/org/springframework/security/cas/userdetails/GrantedAuthorityFromAssertionAttributesUserDetailsServiceTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.cas.userdetails;
 
 import java.util.Arrays;
diff --git a/cas/src/test/java/org/springframework/security/cas/web/authentication/DefaultServiceAuthenticationDetailsTests.java b/cas/src/test/java/org/springframework/security/cas/web/authentication/DefaultServiceAuthenticationDetailsTests.java
index f96d4ace8a..a292662cc4 100644
--- a/cas/src/test/java/org/springframework/security/cas/web/authentication/DefaultServiceAuthenticationDetailsTests.java
+++ b/cas/src/test/java/org/springframework/security/cas/web/authentication/DefaultServiceAuthenticationDetailsTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.cas.web.authentication;
 
 import java.util.regex.Pattern;
diff --git a/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/NamespaceLdapAuthenticationProviderTestsConfigs.java b/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/NamespaceLdapAuthenticationProviderTestsConfigs.java
index 33c7229c91..535bfa5496 100644
--- a/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/NamespaceLdapAuthenticationProviderTestsConfigs.java
+++ b/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/NamespaceLdapAuthenticationProviderTestsConfigs.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.authentication.ldap;
 
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
diff --git a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/HelloHandler.java b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/HelloHandler.java
index b5b6b28347..71dd831f3a 100644
--- a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/HelloHandler.java
+++ b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/HelloHandler.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.rsocket;
 
 import io.rsocket.AbstractRSocket;
diff --git a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/JwtITests.java b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/JwtITests.java
index 7fa45e111f..b5d412b8a0 100644
--- a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/JwtITests.java
+++ b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/JwtITests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.rsocket;
 
 import java.util.ArrayList;
diff --git a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerConnectionITests.java b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerConnectionITests.java
index effb1a470e..9f6ed43885 100644
--- a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerConnectionITests.java
+++ b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerConnectionITests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.rsocket;
 
 import java.util.ArrayList;
diff --git a/config/src/integration-test/java/org/springframework/security/config/ldap/LdapServerBeanDefinitionParserTests.java b/config/src/integration-test/java/org/springframework/security/config/ldap/LdapServerBeanDefinitionParserTests.java
index aeb55cb2ee..032a388401 100644
--- a/config/src/integration-test/java/org/springframework/security/config/ldap/LdapServerBeanDefinitionParserTests.java
+++ b/config/src/integration-test/java/org/springframework/security/config/ldap/LdapServerBeanDefinitionParserTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.ldap;
 
 import java.io.IOException;
diff --git a/config/src/integration-test/java/org/springframework/security/config/ldap/LdapUserServiceBeanDefinitionParserTests.java b/config/src/integration-test/java/org/springframework/security/config/ldap/LdapUserServiceBeanDefinitionParserTests.java
index 42a798290a..e9c8c32a17 100644
--- a/config/src/integration-test/java/org/springframework/security/config/ldap/LdapUserServiceBeanDefinitionParserTests.java
+++ b/config/src/integration-test/java/org/springframework/security/config/ldap/LdapUserServiceBeanDefinitionParserTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.ldap;
 
 import java.util.Set;
diff --git a/config/src/main/java/org/springframework/security/config/BeanIds.java b/config/src/main/java/org/springframework/security/config/BeanIds.java
index 4cdeddcd7f..d4ae25e53d 100644
--- a/config/src/main/java/org/springframework/security/config/BeanIds.java
+++ b/config/src/main/java/org/springframework/security/config/BeanIds.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config;
 
 /**
diff --git a/config/src/main/java/org/springframework/security/config/DebugBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/DebugBeanDefinitionParser.java
index 475c9b275b..6c2cf3c5fd 100644
--- a/config/src/main/java/org/springframework/security/config/DebugBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/DebugBeanDefinitionParser.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config;
 
 import org.w3c.dom.Element;
diff --git a/config/src/main/java/org/springframework/security/config/Elements.java b/config/src/main/java/org/springframework/security/config/Elements.java
index 9f7cee5862..20ad615769 100644
--- a/config/src/main/java/org/springframework/security/config/Elements.java
+++ b/config/src/main/java/org/springframework/security/config/Elements.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config;
 
 /**
diff --git a/config/src/main/java/org/springframework/security/config/SecurityNamespaceHandler.java b/config/src/main/java/org/springframework/security/config/SecurityNamespaceHandler.java
index 00f06674f3..6bce596593 100644
--- a/config/src/main/java/org/springframework/security/config/SecurityNamespaceHandler.java
+++ b/config/src/main/java/org/springframework/security/config/SecurityNamespaceHandler.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config;
 
 import java.util.HashMap;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/AbstractConfiguredSecurityBuilder.java b/config/src/main/java/org/springframework/security/config/annotation/AbstractConfiguredSecurityBuilder.java
index d240639492..11da1c8148 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/AbstractConfiguredSecurityBuilder.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/AbstractConfiguredSecurityBuilder.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation;
 
 import java.util.ArrayList;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/AbstractSecurityBuilder.java b/config/src/main/java/org/springframework/security/config/annotation/AbstractSecurityBuilder.java
index e56eec175e..925307b4c2 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/AbstractSecurityBuilder.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/AbstractSecurityBuilder.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation;
 
 import java.util.concurrent.atomic.AtomicBoolean;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/AlreadyBuiltException.java b/config/src/main/java/org/springframework/security/config/annotation/AlreadyBuiltException.java
index b50484c4ea..06ad51cec7 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/AlreadyBuiltException.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/AlreadyBuiltException.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation;
 
 /**
diff --git a/config/src/main/java/org/springframework/security/config/annotation/ObjectPostProcessor.java b/config/src/main/java/org/springframework/security/config/annotation/ObjectPostProcessor.java
index 39120f1833..53a43d1ce9 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/ObjectPostProcessor.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/ObjectPostProcessor.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation;
 
 import org.springframework.beans.factory.Aware;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/SecurityBuilder.java b/config/src/main/java/org/springframework/security/config/annotation/SecurityBuilder.java
index 4106ece615..d141d8c3f7 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/SecurityBuilder.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/SecurityBuilder.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation;
 
 /**
diff --git a/config/src/main/java/org/springframework/security/config/annotation/SecurityConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/SecurityConfigurer.java
index cf6571362e..59f51a8dd6 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/SecurityConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/SecurityConfigurer.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation;
 
 /**
diff --git a/config/src/main/java/org/springframework/security/config/annotation/SecurityConfigurerAdapter.java b/config/src/main/java/org/springframework/security/config/annotation/SecurityConfigurerAdapter.java
index 4d690a1324..a36d983c5c 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/SecurityConfigurerAdapter.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/SecurityConfigurerAdapter.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation;
 
 import java.util.ArrayList;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/authentication/ProviderManagerBuilder.java b/config/src/main/java/org/springframework/security/config/annotation/authentication/ProviderManagerBuilder.java
index 70bcb26c60..35e6e0ac4a 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/authentication/ProviderManagerBuilder.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/authentication/ProviderManagerBuilder.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.authentication;
 
 import org.springframework.security.authentication.AuthenticationManager;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/authentication/builders/AuthenticationManagerBuilder.java b/config/src/main/java/org/springframework/security/config/annotation/authentication/builders/AuthenticationManagerBuilder.java
index 33c65e45fb..77cef1a1e5 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/authentication/builders/AuthenticationManagerBuilder.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/authentication/builders/AuthenticationManagerBuilder.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.authentication.builders;
 
 import java.util.ArrayList;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfiguration.java
index 40c54c62ad..c2ed0a82ce 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfiguration.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.authentication.configuration;
 
 import java.util.ArrayList;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/EnableGlobalAuthentication.java b/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/EnableGlobalAuthentication.java
index 4980e6459d..acc8fef818 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/EnableGlobalAuthentication.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/EnableGlobalAuthentication.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.authentication.configuration;
 
 import java.lang.annotation.Documented;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/GlobalAuthenticationConfigurerAdapter.java b/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/GlobalAuthenticationConfigurerAdapter.java
index 8d28317fe1..20e4addef7 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/GlobalAuthenticationConfigurerAdapter.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/GlobalAuthenticationConfigurerAdapter.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.authentication.configuration;
 
 import org.springframework.core.annotation.Order;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/InitializeAuthenticationProviderBeanManagerConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/InitializeAuthenticationProviderBeanManagerConfigurer.java
index 499ad2b748..3853c9c4e3 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/InitializeAuthenticationProviderBeanManagerConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/InitializeAuthenticationProviderBeanManagerConfigurer.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.authentication.configuration;
 
 import org.springframework.context.ApplicationContext;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/InitializeUserDetailsBeanManagerConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/InitializeUserDetailsBeanManagerConfigurer.java
index c0bcdaa607..f14776f184 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/InitializeUserDetailsBeanManagerConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/InitializeUserDetailsBeanManagerConfigurer.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.authentication.configuration;
 
 import org.springframework.context.ApplicationContext;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/ldap/LdapAuthenticationProviderConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/ldap/LdapAuthenticationProviderConfigurer.java
index 69161becf0..54a97b4d67 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/ldap/LdapAuthenticationProviderConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/ldap/LdapAuthenticationProviderConfigurer.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.authentication.configurers.ldap;
 
 import java.io.IOException;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/provisioning/InMemoryUserDetailsManagerConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/provisioning/InMemoryUserDetailsManagerConfigurer.java
index f5a3591e03..b25d6b274d 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/provisioning/InMemoryUserDetailsManagerConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/provisioning/InMemoryUserDetailsManagerConfigurer.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.authentication.configurers.provisioning;
 
 import java.util.ArrayList;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/provisioning/JdbcUserDetailsManagerConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/provisioning/JdbcUserDetailsManagerConfigurer.java
index ce4c6d3506..1020cd6207 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/provisioning/JdbcUserDetailsManagerConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/provisioning/JdbcUserDetailsManagerConfigurer.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.authentication.configurers.provisioning;
 
 import java.util.ArrayList;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/provisioning/UserDetailsManagerConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/provisioning/UserDetailsManagerConfigurer.java
index 217b9c5d19..5b9cf34b97 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/provisioning/UserDetailsManagerConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/provisioning/UserDetailsManagerConfigurer.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.authentication.configurers.provisioning;
 
 import java.util.ArrayList;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/userdetails/AbstractDaoAuthenticationConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/userdetails/AbstractDaoAuthenticationConfigurer.java
index 11f44fa656..0cfea53ac4 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/userdetails/AbstractDaoAuthenticationConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/userdetails/AbstractDaoAuthenticationConfigurer.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.authentication.configurers.userdetails;
 
 import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/userdetails/DaoAuthenticationConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/userdetails/DaoAuthenticationConfigurer.java
index c83358c685..31fbdac40f 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/userdetails/DaoAuthenticationConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/userdetails/DaoAuthenticationConfigurer.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.authentication.configurers.userdetails;
 
 import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/userdetails/UserDetailsAwareConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/userdetails/UserDetailsAwareConfigurer.java
index b5ff1099d5..a09e64ace8 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/userdetails/UserDetailsAwareConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/userdetails/UserDetailsAwareConfigurer.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.authentication.configurers.userdetails;
 
 import org.springframework.security.authentication.AuthenticationManager;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/userdetails/UserDetailsServiceConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/userdetails/UserDetailsServiceConfigurer.java
index 553a64fdd1..8e769ff52a 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/userdetails/UserDetailsServiceConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/userdetails/UserDetailsServiceConfigurer.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.authentication.configurers.userdetails;
 
 import org.springframework.security.config.annotation.authentication.ProviderManagerBuilder;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/configuration/AutowireBeanFactoryObjectPostProcessor.java b/config/src/main/java/org/springframework/security/config/annotation/configuration/AutowireBeanFactoryObjectPostProcessor.java
index 6799a7113f..9ca88e0b5c 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/configuration/AutowireBeanFactoryObjectPostProcessor.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/configuration/AutowireBeanFactoryObjectPostProcessor.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.configuration;
 
 import java.util.ArrayList;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/configuration/ObjectPostProcessorConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/configuration/ObjectPostProcessorConfiguration.java
index 3dcaa846b4..cb1ffde00d 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/configuration/ObjectPostProcessorConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/configuration/ObjectPostProcessorConfiguration.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.configuration;
 
 import org.springframework.beans.factory.config.AutowireCapableBeanFactory;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/EnableGlobalMethodSecurity.java b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/EnableGlobalMethodSecurity.java
index cbc6734f28..34517d6beb 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/EnableGlobalMethodSecurity.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/EnableGlobalMethodSecurity.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.method.configuration;
 
 import java.lang.annotation.Documented;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityAspectJAutoProxyRegistrar.java b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityAspectJAutoProxyRegistrar.java
index 196fa89a16..773ea42614 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityAspectJAutoProxyRegistrar.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityAspectJAutoProxyRegistrar.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.method.configuration;
 
 import org.springframework.beans.factory.config.BeanDefinition;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfiguration.java
index 4b4bf3c503..5dda0b0f1f 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfiguration.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.method.configuration;
 
 import java.util.ArrayList;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecuritySelector.java b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecuritySelector.java
index 065e0306e7..91b9b82180 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecuritySelector.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecuritySelector.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.method.configuration;
 
 import java.util.ArrayList;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/Jsr250MetadataSourceConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/Jsr250MetadataSourceConfiguration.java
index b2b534d0aa..42b6198a11 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/Jsr250MetadataSourceConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/Jsr250MetadataSourceConfiguration.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.method.configuration;
 
 import org.springframework.beans.factory.config.BeanDefinition;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/MethodSecurityMetadataSourceAdvisorRegistrar.java b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/MethodSecurityMetadataSourceAdvisorRegistrar.java
index 8ffdb284b0..ba3546cf70 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/MethodSecurityMetadataSourceAdvisorRegistrar.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/MethodSecurityMetadataSourceAdvisorRegistrar.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.method.configuration;
 
 import org.springframework.beans.factory.config.BeanDefinition;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistry.java b/config/src/main/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistry.java
index 343ca304cb..920f6ec55a 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistry.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistry.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web;
 
 import java.util.ArrayList;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/HttpSecurityBuilder.java b/config/src/main/java/org/springframework/security/config/annotation/web/HttpSecurityBuilder.java
index 239a73b898..475f2de2f5 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/HttpSecurityBuilder.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/HttpSecurityBuilder.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web;
 
 import javax.servlet.Filter;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/WebSecurityConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/WebSecurityConfigurer.java
index 0ca9ed31f4..c7bc0578d5 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/WebSecurityConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/WebSecurityConfigurer.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web;
 
 import javax.servlet.Filter;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/builders/FilterComparator.java b/config/src/main/java/org/springframework/security/config/annotation/web/builders/FilterComparator.java
index bce769dd97..49352164cc 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/builders/FilterComparator.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/builders/FilterComparator.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.builders;
 
 import java.io.Serializable;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java b/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java
index 593272e0d1..cfeedfd26d 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.builders;
 
 import java.util.ArrayList;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/builders/WebSecurity.java b/config/src/main/java/org/springframework/security/config/annotation/web/builders/WebSecurity.java
index e35182977b..0acebe06fd 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/builders/WebSecurity.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/builders/WebSecurity.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.builders;
 
 import java.util.ArrayList;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/AutowiredWebSecurityConfigurersIgnoreParents.java b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/AutowiredWebSecurityConfigurersIgnoreParents.java
index 5aca276c39..7297f22f3e 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/AutowiredWebSecurityConfigurersIgnoreParents.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/AutowiredWebSecurityConfigurersIgnoreParents.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.configuration;
 
 import java.util.ArrayList;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/EnableWebSecurity.java b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/EnableWebSecurity.java
index 679273093a..aa95ed89a5 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/EnableWebSecurity.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/EnableWebSecurity.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.configuration;
 
 import java.lang.annotation.Documented;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfiguration.java
index eacfa24cbe..98c7fcc37a 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfiguration.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.configuration;
 
 import java.util.List;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/OAuth2ImportSelector.java b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/OAuth2ImportSelector.java
index 863cf03dca..058fc630db 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/OAuth2ImportSelector.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/OAuth2ImportSelector.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.configuration;
 
 import java.util.LinkedHashSet;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfiguration.java
index 3de9f90ccb..72c6d92801 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfiguration.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.configuration;
 
 import java.util.Collections;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/SpringWebMvcImportSelector.java b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/SpringWebMvcImportSelector.java
index d43c691d5f..4ff31b81d0 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/SpringWebMvcImportSelector.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/SpringWebMvcImportSelector.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.configuration;
 
 import org.springframework.context.annotation.ImportSelector;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebMvcSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebMvcSecurityConfiguration.java
index 445ba5e020..583ed45c92 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebMvcSecurityConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebMvcSecurityConfiguration.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.configuration;
 
 import java.util.List;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.java
index 3efddad82d..be2b1d22c7 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.configuration;
 
 import java.util.Collections;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurerAdapter.java b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurerAdapter.java
index e6948d70fe..fd66c8bf5a 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurerAdapter.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurerAdapter.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.configuration;
 
 import java.lang.reflect.Field;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractAuthenticationFilterConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractAuthenticationFilterConfigurer.java
index a0f88c138c..4365785385 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractAuthenticationFilterConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractAuthenticationFilterConfigurer.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.configurers;
 
 import java.util.Arrays;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractConfigAttributeRequestMatcherRegistry.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractConfigAttributeRequestMatcherRegistry.java
index f5e6f52d97..9ffbaf7680 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractConfigAttributeRequestMatcherRegistry.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractConfigAttributeRequestMatcherRegistry.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.configurers;
 
 import java.util.ArrayList;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractHttpConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractHttpConfigurer.java
index 7becadfb84..0881921efb 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractHttpConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractHttpConfigurer.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.configurers;
 
 import org.springframework.security.config.annotation.ObjectPostProcessor;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractInterceptUrlConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractInterceptUrlConfigurer.java
index 5927eb8be6..3c4b687f1e 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractInterceptUrlConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractInterceptUrlConfigurer.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.configurers;
 
 import java.util.List;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AnonymousConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AnonymousConfigurer.java
index 0f575e88b3..662ff2095b 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AnonymousConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AnonymousConfigurer.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.configurers;
 
 import java.util.List;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ChannelSecurityConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ChannelSecurityConfigurer.java
index 54369e6894..c798212069 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ChannelSecurityConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ChannelSecurityConfigurer.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.configurers;
 
 import java.util.Arrays;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/CorsConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/CorsConfigurer.java
index ccf9aa26ee..1e107cd659 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/CorsConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/CorsConfigurer.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.configurers;
 
 import org.springframework.beans.factory.NoSuchBeanDefinitionException;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurer.java
index 9245a1b93e..596cdb39e4 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurer.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.configurers;
 
 import java.util.ArrayList;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/DefaultLoginPageConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/DefaultLoginPageConfigurer.java
index 0e2d3567e1..6d9482bed7 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/DefaultLoginPageConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/DefaultLoginPageConfigurer.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.configurers;
 
 import java.util.Collections;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurer.java
index 43b1a09ec3..f311358e2c 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurer.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.configurers;
 
 import java.util.LinkedHashMap;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurer.java
index 34844a74b2..bcdf904d70 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurer.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.configurers;
 
 import java.util.ArrayList;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/FormLoginConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/FormLoginConfigurer.java
index 22044d3b09..32ff40beea 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/FormLoginConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/FormLoginConfigurer.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.configurers;
 
 import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HttpBasicConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HttpBasicConfigurer.java
index 6bddc681af..e4f58325de 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HttpBasicConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HttpBasicConfigurer.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.configurers;
 
 import java.util.Arrays;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/JeeConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/JeeConfigurer.java
index 999bd834b4..0cf5b51224 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/JeeConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/JeeConfigurer.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.configurers;
 
 import java.util.HashSet;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurer.java
index bb9a63f159..2567c4c3a5 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurer.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.configurers;
 
 import java.util.ArrayList;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/PermitAllSupport.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/PermitAllSupport.java
index c20068b09b..3f2a83a00b 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/PermitAllSupport.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/PermitAllSupport.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.configurers;
 
 import javax.servlet.http.HttpServletRequest;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/PortMapperConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/PortMapperConfigurer.java
index 25bd2b1b77..60004d0c73 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/PortMapperConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/PortMapperConfigurer.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.configurers;
 
 import java.util.HashMap;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurer.java
index a4aa031a56..f710b7a7a4 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurer.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.configurers;
 
 import java.util.UUID;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/RequestCacheConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/RequestCacheConfigurer.java
index 71965d88c4..fcd5711e0e 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/RequestCacheConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/RequestCacheConfigurer.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.configurers;
 
 import java.util.ArrayList;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/SecurityContextConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/SecurityContextConfigurer.java
index 0c5f9df8f1..07dba22037 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/SecurityContextConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/SecurityContextConfigurer.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.configurers;
 
 import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ServletApiConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ServletApiConfigurer.java
index 9cc00c5862..3a3373d634 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ServletApiConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ServletApiConfigurer.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.configurers;
 
 import java.util.List;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurer.java
index 12a0fccc89..c2484701e8 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurer.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.configurers;
 
 import java.util.ArrayList;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationConfigurer.java
index 149a7e79ac..210eb8922a 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationConfigurer.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.configurers;
 
 import java.util.ArrayList;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/X509Configurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/X509Configurer.java
index 674135f333..7e8c85bfcc 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/X509Configurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/X509Configurer.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.configurers;
 
 import javax.servlet.http.HttpServletRequest;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/ImplicitGrantConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/ImplicitGrantConfigurer.java
index 30d96b3b88..9fd1e1ead2 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/ImplicitGrantConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/ImplicitGrantConfigurer.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.configurers.oauth2.client;
 
 import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurer.java
index 96fe913fc6..1c66412689 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurer.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.configurers.oauth2.client;
 
 import org.springframework.security.authentication.AuthenticationManager;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerUtils.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerUtils.java
index aca11b6f6b..0f1dc7ab8f 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerUtils.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerUtils.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.configurers.oauth2.client;
 
 import java.util.Map;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java
index 9944dedfa3..4c5a7d1472 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.configurers.oauth2.client;
 
 import java.util.ArrayList;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurer.java
index 68904ef0d6..00e4604a77 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurer.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.configurers.openid;
 
 import java.util.ArrayList;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistry.java b/config/src/main/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistry.java
index 13099be811..52257b6c2d 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistry.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistry.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.messaging;
 
 import java.util.ArrayList;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/servlet/configuration/EnableWebMvcSecurity.java b/config/src/main/java/org/springframework/security/config/annotation/web/servlet/configuration/EnableWebMvcSecurity.java
index a6db2a84d8..7b68cf5de7 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/servlet/configuration/EnableWebMvcSecurity.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/servlet/configuration/EnableWebMvcSecurity.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.servlet.configuration;
 
 import java.lang.annotation.Documented;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/servlet/configuration/WebMvcSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/web/servlet/configuration/WebMvcSecurityConfiguration.java
index aaf439ba77..bbb4ea2980 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/servlet/configuration/WebMvcSecurityConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/servlet/configuration/WebMvcSecurityConfiguration.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.servlet.configuration;
 
 import java.util.List;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurer.java
index 243b26b52a..bd95622830 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurer.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.socket;
 
 import java.util.ArrayList;
diff --git a/config/src/main/java/org/springframework/security/config/authentication/AbstractUserDetailsServiceBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/authentication/AbstractUserDetailsServiceBeanDefinitionParser.java
index a8ba070ba1..efce360644 100644
--- a/config/src/main/java/org/springframework/security/config/authentication/AbstractUserDetailsServiceBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/authentication/AbstractUserDetailsServiceBeanDefinitionParser.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.authentication;
 
 import org.w3c.dom.Element;
diff --git a/config/src/main/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParser.java
index 0f0cf34043..acdba6c0c9 100644
--- a/config/src/main/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParser.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.authentication;
 
 import java.util.List;
diff --git a/config/src/main/java/org/springframework/security/config/authentication/AuthenticationManagerFactoryBean.java b/config/src/main/java/org/springframework/security/config/authentication/AuthenticationManagerFactoryBean.java
index 188ead0fb3..096d1dad4c 100644
--- a/config/src/main/java/org/springframework/security/config/authentication/AuthenticationManagerFactoryBean.java
+++ b/config/src/main/java/org/springframework/security/config/authentication/AuthenticationManagerFactoryBean.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.authentication;
 
 import java.util.Arrays;
diff --git a/config/src/main/java/org/springframework/security/config/authentication/AuthenticationProviderBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/authentication/AuthenticationProviderBeanDefinitionParser.java
index 76b9a69fa2..70fcab35d6 100644
--- a/config/src/main/java/org/springframework/security/config/authentication/AuthenticationProviderBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/authentication/AuthenticationProviderBeanDefinitionParser.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.authentication;
 
 import org.w3c.dom.Element;
diff --git a/config/src/main/java/org/springframework/security/config/authentication/JdbcUserServiceBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/authentication/JdbcUserServiceBeanDefinitionParser.java
index 017a6f2d27..56d7e90fd8 100644
--- a/config/src/main/java/org/springframework/security/config/authentication/JdbcUserServiceBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/authentication/JdbcUserServiceBeanDefinitionParser.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.authentication;
 
 import org.w3c.dom.Element;
diff --git a/config/src/main/java/org/springframework/security/config/authentication/PasswordEncoderParser.java b/config/src/main/java/org/springframework/security/config/authentication/PasswordEncoderParser.java
index 0ee8d05205..3d99b4f312 100644
--- a/config/src/main/java/org/springframework/security/config/authentication/PasswordEncoderParser.java
+++ b/config/src/main/java/org/springframework/security/config/authentication/PasswordEncoderParser.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.authentication;
 
 import java.util.HashMap;
diff --git a/config/src/main/java/org/springframework/security/config/authentication/UserServiceBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/authentication/UserServiceBeanDefinitionParser.java
index 4a6bca2951..882a67fbde 100644
--- a/config/src/main/java/org/springframework/security/config/authentication/UserServiceBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/authentication/UserServiceBeanDefinitionParser.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.authentication;
 
 import java.security.NoSuchAlgorithmException;
diff --git a/config/src/main/java/org/springframework/security/config/authentication/package-info.java b/config/src/main/java/org/springframework/security/config/authentication/package-info.java
index d3fb6b02f5..e28c505eb6 100644
--- a/config/src/main/java/org/springframework/security/config/authentication/package-info.java
+++ b/config/src/main/java/org/springframework/security/config/authentication/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * Parsing of &lt;authentication-manager&gt; and related elements.
  */
diff --git a/config/src/main/java/org/springframework/security/config/core/GrantedAuthorityDefaults.java b/config/src/main/java/org/springframework/security/config/core/GrantedAuthorityDefaults.java
index 0a479ad2ec..fe338054b9 100644
--- a/config/src/main/java/org/springframework/security/config/core/GrantedAuthorityDefaults.java
+++ b/config/src/main/java/org/springframework/security/config/core/GrantedAuthorityDefaults.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.core;
 
 import org.springframework.security.core.GrantedAuthority;
diff --git a/config/src/main/java/org/springframework/security/config/debug/SecurityDebugBeanFactoryPostProcessor.java b/config/src/main/java/org/springframework/security/config/debug/SecurityDebugBeanFactoryPostProcessor.java
index 58821987a8..b7fe459ff3 100644
--- a/config/src/main/java/org/springframework/security/config/debug/SecurityDebugBeanFactoryPostProcessor.java
+++ b/config/src/main/java/org/springframework/security/config/debug/SecurityDebugBeanFactoryPostProcessor.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.debug;
 
 import org.apache.commons.logging.Log;
diff --git a/config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java b/config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java
index 67dd4572c4..a587f84b89 100644
--- a/config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java
+++ b/config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.http;
 
 import java.security.SecureRandom;
diff --git a/config/src/main/java/org/springframework/security/config/http/ChannelAttributeFactory.java b/config/src/main/java/org/springframework/security/config/http/ChannelAttributeFactory.java
index c967584e78..7da9d7aa2c 100644
--- a/config/src/main/java/org/springframework/security/config/http/ChannelAttributeFactory.java
+++ b/config/src/main/java/org/springframework/security/config/http/ChannelAttributeFactory.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.http;
 
 import java.util.List;
diff --git a/config/src/main/java/org/springframework/security/config/http/CorsBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/CorsBeanDefinitionParser.java
index a518df519b..8430cc8f1b 100644
--- a/config/src/main/java/org/springframework/security/config/http/CorsBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/CorsBeanDefinitionParser.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.http;
 
 import org.w3c.dom.Element;
diff --git a/config/src/main/java/org/springframework/security/config/http/CsrfBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/CsrfBeanDefinitionParser.java
index 95f2fee856..d5dcd2d7a1 100644
--- a/config/src/main/java/org/springframework/security/config/http/CsrfBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/CsrfBeanDefinitionParser.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.http;
 
 import java.util.Arrays;
diff --git a/config/src/main/java/org/springframework/security/config/http/DefaultFilterChainValidator.java b/config/src/main/java/org/springframework/security/config/http/DefaultFilterChainValidator.java
index 1b587aca6e..563794cdf7 100644
--- a/config/src/main/java/org/springframework/security/config/http/DefaultFilterChainValidator.java
+++ b/config/src/main/java/org/springframework/security/config/http/DefaultFilterChainValidator.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.http;
 
 import java.util.ArrayList;
diff --git a/config/src/main/java/org/springframework/security/config/http/FilterChainBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/FilterChainBeanDefinitionParser.java
index b6919d36c8..2d87afe5e6 100644
--- a/config/src/main/java/org/springframework/security/config/http/FilterChainBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/FilterChainBeanDefinitionParser.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.http;
 
 import java.util.Collections;
diff --git a/config/src/main/java/org/springframework/security/config/http/FilterChainMapBeanDefinitionDecorator.java b/config/src/main/java/org/springframework/security/config/http/FilterChainMapBeanDefinitionDecorator.java
index 9fd10c482f..ce2f0d9c96 100644
--- a/config/src/main/java/org/springframework/security/config/http/FilterChainMapBeanDefinitionDecorator.java
+++ b/config/src/main/java/org/springframework/security/config/http/FilterChainMapBeanDefinitionDecorator.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.http;
 
 import java.util.List;
diff --git a/config/src/main/java/org/springframework/security/config/http/FilterInvocationSecurityMetadataSourceParser.java b/config/src/main/java/org/springframework/security/config/http/FilterInvocationSecurityMetadataSourceParser.java
index 78452dc7f3..6dad4e1ca0 100644
--- a/config/src/main/java/org/springframework/security/config/http/FilterInvocationSecurityMetadataSourceParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/FilterInvocationSecurityMetadataSourceParser.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.http;
 
 import java.util.List;
diff --git a/config/src/main/java/org/springframework/security/config/http/FormLoginBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/FormLoginBeanDefinitionParser.java
index c5e844740c..bb3d74138b 100644
--- a/config/src/main/java/org/springframework/security/config/http/FormLoginBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/FormLoginBeanDefinitionParser.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.http;
 
 import org.apache.commons.logging.Log;
diff --git a/config/src/main/java/org/springframework/security/config/http/HttpConfigurationBuilder.java b/config/src/main/java/org/springframework/security/config/http/HttpConfigurationBuilder.java
index 9d570fe4c2..294d830a36 100644
--- a/config/src/main/java/org/springframework/security/config/http/HttpConfigurationBuilder.java
+++ b/config/src/main/java/org/springframework/security/config/http/HttpConfigurationBuilder.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.http;
 
 import java.util.ArrayList;
diff --git a/config/src/main/java/org/springframework/security/config/http/HttpFirewallBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/HttpFirewallBeanDefinitionParser.java
index 05604572fb..eaba9f3896 100644
--- a/config/src/main/java/org/springframework/security/config/http/HttpFirewallBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/HttpFirewallBeanDefinitionParser.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.http;
 
 import org.w3c.dom.Element;
diff --git a/config/src/main/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParser.java
index c43d1b3903..cfb767531c 100644
--- a/config/src/main/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParser.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.http;
 
 import java.util.ArrayList;
diff --git a/config/src/main/java/org/springframework/security/config/http/LogoutBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/LogoutBeanDefinitionParser.java
index f6fea7df34..07aebdfb3a 100644
--- a/config/src/main/java/org/springframework/security/config/http/LogoutBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/LogoutBeanDefinitionParser.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.http;
 
 import org.w3c.dom.Element;
diff --git a/config/src/main/java/org/springframework/security/config/http/MatcherType.java b/config/src/main/java/org/springframework/security/config/http/MatcherType.java
index a3444624a8..a989ecc8b3 100644
--- a/config/src/main/java/org/springframework/security/config/http/MatcherType.java
+++ b/config/src/main/java/org/springframework/security/config/http/MatcherType.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.http;
 
 import org.w3c.dom.Element;
diff --git a/config/src/main/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParser.java
index 04ca9fc919..4807a4bb6a 100644
--- a/config/src/main/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParser.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.http;
 
 import org.w3c.dom.Element;
diff --git a/config/src/main/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserUtils.java b/config/src/main/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserUtils.java
index ab0d3cd89b..dd81b49c31 100644
--- a/config/src/main/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserUtils.java
+++ b/config/src/main/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserUtils.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.http;
 
 import org.w3c.dom.Element;
diff --git a/config/src/main/java/org/springframework/security/config/http/OAuth2ClientWebMvcSecurityPostProcessor.java b/config/src/main/java/org/springframework/security/config/http/OAuth2ClientWebMvcSecurityPostProcessor.java
index 1c6add1ede..e83d2a593f 100644
--- a/config/src/main/java/org/springframework/security/config/http/OAuth2ClientWebMvcSecurityPostProcessor.java
+++ b/config/src/main/java/org/springframework/security/config/http/OAuth2ClientWebMvcSecurityPostProcessor.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.http;
 
 import org.springframework.beans.BeansException;
diff --git a/config/src/main/java/org/springframework/security/config/http/OAuth2LoginBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/OAuth2LoginBeanDefinitionParser.java
index 1a6a07305c..b8cbeafe75 100644
--- a/config/src/main/java/org/springframework/security/config/http/OAuth2LoginBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/OAuth2LoginBeanDefinitionParser.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.http;
 
 import java.util.Arrays;
diff --git a/config/src/main/java/org/springframework/security/config/http/PortMappingsBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/PortMappingsBeanDefinitionParser.java
index 3db5b7b60e..e6a844a196 100644
--- a/config/src/main/java/org/springframework/security/config/http/PortMappingsBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/PortMappingsBeanDefinitionParser.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.http;
 
 import java.util.List;
diff --git a/config/src/main/java/org/springframework/security/config/http/RememberMeBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/RememberMeBeanDefinitionParser.java
index 3e17b634d1..97bcaa1bda 100644
--- a/config/src/main/java/org/springframework/security/config/http/RememberMeBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/RememberMeBeanDefinitionParser.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.http;
 
 import org.apache.commons.logging.Log;
diff --git a/config/src/main/java/org/springframework/security/config/http/SecurityFilters.java b/config/src/main/java/org/springframework/security/config/http/SecurityFilters.java
index b858c44054..d2c34c9ac5 100644
--- a/config/src/main/java/org/springframework/security/config/http/SecurityFilters.java
+++ b/config/src/main/java/org/springframework/security/config/http/SecurityFilters.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.http;
 
 /**
diff --git a/config/src/main/java/org/springframework/security/config/http/SessionCreationPolicy.java b/config/src/main/java/org/springframework/security/config/http/SessionCreationPolicy.java
index 314a8cddc3..5b67d82ba1 100644
--- a/config/src/main/java/org/springframework/security/config/http/SessionCreationPolicy.java
+++ b/config/src/main/java/org/springframework/security/config/http/SessionCreationPolicy.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.http;
 
 import javax.servlet.http.HttpSession;
diff --git a/config/src/main/java/org/springframework/security/config/http/UserDetailsServiceFactoryBean.java b/config/src/main/java/org/springframework/security/config/http/UserDetailsServiceFactoryBean.java
index 9924735ee3..48000087d1 100644
--- a/config/src/main/java/org/springframework/security/config/http/UserDetailsServiceFactoryBean.java
+++ b/config/src/main/java/org/springframework/security/config/http/UserDetailsServiceFactoryBean.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.http;
 
 import java.util.Map;
diff --git a/config/src/main/java/org/springframework/security/config/http/WebConfigUtils.java b/config/src/main/java/org/springframework/security/config/http/WebConfigUtils.java
index d590b88a55..2f5932176a 100644
--- a/config/src/main/java/org/springframework/security/config/http/WebConfigUtils.java
+++ b/config/src/main/java/org/springframework/security/config/http/WebConfigUtils.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.http;
 
 import org.springframework.beans.factory.xml.ParserContext;
diff --git a/config/src/main/java/org/springframework/security/config/http/package-info.java b/config/src/main/java/org/springframework/security/config/http/package-info.java
index aa327d361e..4a02a0ebda 100644
--- a/config/src/main/java/org/springframework/security/config/http/package-info.java
+++ b/config/src/main/java/org/springframework/security/config/http/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * Parsing of the &lt;http&gt; namespace element.
  */
diff --git a/config/src/main/java/org/springframework/security/config/ldap/ContextSourceSettingPostProcessor.java b/config/src/main/java/org/springframework/security/config/ldap/ContextSourceSettingPostProcessor.java
index 08b485ce90..79bb46734d 100644
--- a/config/src/main/java/org/springframework/security/config/ldap/ContextSourceSettingPostProcessor.java
+++ b/config/src/main/java/org/springframework/security/config/ldap/ContextSourceSettingPostProcessor.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.ldap;
 
 import org.springframework.beans.BeansException;
diff --git a/config/src/main/java/org/springframework/security/config/ldap/LdapProviderBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/ldap/LdapProviderBeanDefinitionParser.java
index 884b239085..201ac0aa7f 100644
--- a/config/src/main/java/org/springframework/security/config/ldap/LdapProviderBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/ldap/LdapProviderBeanDefinitionParser.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.ldap;
 
 import org.apache.commons.logging.Log;
diff --git a/config/src/main/java/org/springframework/security/config/ldap/LdapServerBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/ldap/LdapServerBeanDefinitionParser.java
index 1fa72e1210..40526d31e6 100644
--- a/config/src/main/java/org/springframework/security/config/ldap/LdapServerBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/ldap/LdapServerBeanDefinitionParser.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.ldap;
 
 import java.io.IOException;
diff --git a/config/src/main/java/org/springframework/security/config/ldap/LdapUserServiceBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/ldap/LdapUserServiceBeanDefinitionParser.java
index d0512dccd5..aa00b4b019 100644
--- a/config/src/main/java/org/springframework/security/config/ldap/LdapUserServiceBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/ldap/LdapUserServiceBeanDefinitionParser.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.ldap;
 
 import org.w3c.dom.Element;
diff --git a/config/src/main/java/org/springframework/security/config/ldap/package-info.java b/config/src/main/java/org/springframework/security/config/ldap/package-info.java
index 168ff506d5..54f428d6fa 100644
--- a/config/src/main/java/org/springframework/security/config/ldap/package-info.java
+++ b/config/src/main/java/org/springframework/security/config/ldap/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * Security namespace support for LDAP authentication.
  */
diff --git a/config/src/main/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParser.java
index e9a1f7c102..6a459cdc19 100644
--- a/config/src/main/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParser.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.method;
 
 import java.util.ArrayList;
diff --git a/config/src/main/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecorator.java b/config/src/main/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecorator.java
index 9c24b37c15..3d6cb881a6 100644
--- a/config/src/main/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecorator.java
+++ b/config/src/main/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecorator.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.method;
 
 import java.util.List;
diff --git a/config/src/main/java/org/springframework/security/config/method/MethodConfigUtils.java b/config/src/main/java/org/springframework/security/config/method/MethodConfigUtils.java
index 05b6c645b1..eb21d3b94c 100644
--- a/config/src/main/java/org/springframework/security/config/method/MethodConfigUtils.java
+++ b/config/src/main/java/org/springframework/security/config/method/MethodConfigUtils.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.method;
 
 import org.springframework.beans.factory.support.BeanDefinitionBuilder;
diff --git a/config/src/main/java/org/springframework/security/config/method/MethodSecurityMetadataSourceBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/method/MethodSecurityMetadataSourceBeanDefinitionParser.java
index 8cc6322765..606a5a080d 100644
--- a/config/src/main/java/org/springframework/security/config/method/MethodSecurityMetadataSourceBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/method/MethodSecurityMetadataSourceBeanDefinitionParser.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.method;
 
 import java.util.LinkedHashMap;
diff --git a/config/src/main/java/org/springframework/security/config/method/ProtectPointcutPostProcessor.java b/config/src/main/java/org/springframework/security/config/method/ProtectPointcutPostProcessor.java
index add166d3e5..8ddecffb07 100644
--- a/config/src/main/java/org/springframework/security/config/method/ProtectPointcutPostProcessor.java
+++ b/config/src/main/java/org/springframework/security/config/method/ProtectPointcutPostProcessor.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.method;
 
 import java.lang.reflect.Method;
diff --git a/config/src/main/java/org/springframework/security/config/method/package-info.java b/config/src/main/java/org/springframework/security/config/method/package-info.java
index 5e3615cd46..f393eefa82 100644
--- a/config/src/main/java/org/springframework/security/config/method/package-info.java
+++ b/config/src/main/java/org/springframework/security/config/method/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * Support for parsing of the &lt;global-method-security&gt; and &lt;intercept-methods&gt;
  * elements.
diff --git a/config/src/main/java/org/springframework/security/config/oauth2/client/ClientRegistrationsBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/oauth2/client/ClientRegistrationsBeanDefinitionParser.java
index dac349ed2b..fe29565b98 100644
--- a/config/src/main/java/org/springframework/security/config/oauth2/client/ClientRegistrationsBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/oauth2/client/ClientRegistrationsBeanDefinitionParser.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.oauth2.client;
 
 import java.util.ArrayList;
diff --git a/config/src/main/java/org/springframework/security/config/oauth2/client/CommonOAuth2Provider.java b/config/src/main/java/org/springframework/security/config/oauth2/client/CommonOAuth2Provider.java
index 6bfac7508a..ac1ba4b2a8 100644
--- a/config/src/main/java/org/springframework/security/config/oauth2/client/CommonOAuth2Provider.java
+++ b/config/src/main/java/org/springframework/security/config/oauth2/client/CommonOAuth2Provider.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.oauth2.client;
 
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
diff --git a/config/src/main/java/org/springframework/security/config/package-info.java b/config/src/main/java/org/springframework/security/config/package-info.java
index f564caec1c..10c9d64e61 100644
--- a/config/src/main/java/org/springframework/security/config/package-info.java
+++ b/config/src/main/java/org/springframework/security/config/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * Support classes for the Spring Security namespace. None of the code in these packages
  * should be used directly in applications.
diff --git a/config/src/main/java/org/springframework/security/config/web/server/AbstractServerWebExchangeMatcherRegistry.java b/config/src/main/java/org/springframework/security/config/web/server/AbstractServerWebExchangeMatcherRegistry.java
index d70d9b4e9d..0364626347 100644
--- a/config/src/main/java/org/springframework/security/config/web/server/AbstractServerWebExchangeMatcherRegistry.java
+++ b/config/src/main/java/org/springframework/security/config/web/server/AbstractServerWebExchangeMatcherRegistry.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.web.server;
 
 import java.util.List;
diff --git a/config/src/main/java/org/springframework/security/config/web/server/SecurityWebFiltersOrder.java b/config/src/main/java/org/springframework/security/config/web/server/SecurityWebFiltersOrder.java
index cabc272978..9e64e4483d 100644
--- a/config/src/main/java/org/springframework/security/config/web/server/SecurityWebFiltersOrder.java
+++ b/config/src/main/java/org/springframework/security/config/web/server/SecurityWebFiltersOrder.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.web.server;
 
 /**
diff --git a/config/src/main/java/org/springframework/security/config/websocket/WebSocketMessageBrokerSecurityBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/websocket/WebSocketMessageBrokerSecurityBeanDefinitionParser.java
index e72a81ebb7..7d7426ecbc 100644
--- a/config/src/main/java/org/springframework/security/config/websocket/WebSocketMessageBrokerSecurityBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/websocket/WebSocketMessageBrokerSecurityBeanDefinitionParser.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.websocket;
 
 import java.util.Comparator;
diff --git a/config/src/test/java/org/springframework/security/BeanNameCollectingPostProcessor.java b/config/src/test/java/org/springframework/security/BeanNameCollectingPostProcessor.java
index 2393f6de90..e91b07ba4d 100644
--- a/config/src/test/java/org/springframework/security/BeanNameCollectingPostProcessor.java
+++ b/config/src/test/java/org/springframework/security/BeanNameCollectingPostProcessor.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security;
 
 import java.util.HashSet;
diff --git a/config/src/test/java/org/springframework/security/CollectingAppListener.java b/config/src/test/java/org/springframework/security/CollectingAppListener.java
index 951a939913..5861750fe2 100644
--- a/config/src/test/java/org/springframework/security/CollectingAppListener.java
+++ b/config/src/test/java/org/springframework/security/CollectingAppListener.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security;
 
 import java.util.HashSet;
diff --git a/config/src/test/java/org/springframework/security/config/ConfigTestUtils.java b/config/src/test/java/org/springframework/security/config/ConfigTestUtils.java
index 845323e7db..c27107c156 100644
--- a/config/src/test/java/org/springframework/security/config/ConfigTestUtils.java
+++ b/config/src/test/java/org/springframework/security/config/ConfigTestUtils.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config;
 
 public abstract class ConfigTestUtils {
diff --git a/config/src/test/java/org/springframework/security/config/DataSourcePopulator.java b/config/src/test/java/org/springframework/security/config/DataSourcePopulator.java
index 90e34d3b0b..53b57df075 100644
--- a/config/src/test/java/org/springframework/security/config/DataSourcePopulator.java
+++ b/config/src/test/java/org/springframework/security/config/DataSourcePopulator.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config;
 
 import javax.sql.DataSource;
diff --git a/config/src/test/java/org/springframework/security/config/InvalidConfigurationTests.java b/config/src/test/java/org/springframework/security/config/InvalidConfigurationTests.java
index d06229151a..7d6134f7f3 100644
--- a/config/src/test/java/org/springframework/security/config/InvalidConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/InvalidConfigurationTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config;
 
 import org.junit.After;
diff --git a/config/src/test/java/org/springframework/security/config/MockAfterInvocationProvider.java b/config/src/test/java/org/springframework/security/config/MockAfterInvocationProvider.java
index 605c08e34f..1891bf0178 100644
--- a/config/src/test/java/org/springframework/security/config/MockAfterInvocationProvider.java
+++ b/config/src/test/java/org/springframework/security/config/MockAfterInvocationProvider.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config;
 
 import java.util.Collection;
diff --git a/config/src/test/java/org/springframework/security/config/MockTransactionManager.java b/config/src/test/java/org/springframework/security/config/MockTransactionManager.java
index 50c24bc2ba..ebd49d751d 100644
--- a/config/src/test/java/org/springframework/security/config/MockTransactionManager.java
+++ b/config/src/test/java/org/springframework/security/config/MockTransactionManager.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config;
 
 import org.springframework.transaction.PlatformTransactionManager;
diff --git a/config/src/test/java/org/springframework/security/config/MockUserServiceBeanPostProcessor.java b/config/src/test/java/org/springframework/security/config/MockUserServiceBeanPostProcessor.java
index f847f44162..1a08796e61 100644
--- a/config/src/test/java/org/springframework/security/config/MockUserServiceBeanPostProcessor.java
+++ b/config/src/test/java/org/springframework/security/config/MockUserServiceBeanPostProcessor.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config;
 
 import org.springframework.beans.BeansException;
diff --git a/config/src/test/java/org/springframework/security/config/PostProcessedMockUserDetailsService.java b/config/src/test/java/org/springframework/security/config/PostProcessedMockUserDetailsService.java
index ec4ac7a1f5..8cba5084f0 100644
--- a/config/src/test/java/org/springframework/security/config/PostProcessedMockUserDetailsService.java
+++ b/config/src/test/java/org/springframework/security/config/PostProcessedMockUserDetailsService.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config;
 
 import org.springframework.security.core.userdetails.UserDetails;
diff --git a/config/src/test/java/org/springframework/security/config/SecurityNamespaceHandlerTests.java b/config/src/test/java/org/springframework/security/config/SecurityNamespaceHandlerTests.java
index 7d1522b9ac..9b7ccaf51a 100644
--- a/config/src/test/java/org/springframework/security/config/SecurityNamespaceHandlerTests.java
+++ b/config/src/test/java/org/springframework/security/config/SecurityNamespaceHandlerTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config;
 
 import org.apache.commons.logging.Log;
diff --git a/config/src/test/java/org/springframework/security/config/TestBusinessBean.java b/config/src/test/java/org/springframework/security/config/TestBusinessBean.java
index aac8eefd0e..d066c7e30e 100644
--- a/config/src/test/java/org/springframework/security/config/TestBusinessBean.java
+++ b/config/src/test/java/org/springframework/security/config/TestBusinessBean.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config;
 
 /**
diff --git a/config/src/test/java/org/springframework/security/config/TestBusinessBeanImpl.java b/config/src/test/java/org/springframework/security/config/TestBusinessBeanImpl.java
index 7a77b359e4..ae11a823c1 100644
--- a/config/src/test/java/org/springframework/security/config/TestBusinessBeanImpl.java
+++ b/config/src/test/java/org/springframework/security/config/TestBusinessBeanImpl.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config;
 
 import org.springframework.context.ApplicationListener;
diff --git a/config/src/test/java/org/springframework/security/config/TransactionalTestBusinessBean.java b/config/src/test/java/org/springframework/security/config/TransactionalTestBusinessBean.java
index 74e1354f64..447d8ae88b 100644
--- a/config/src/test/java/org/springframework/security/config/TransactionalTestBusinessBean.java
+++ b/config/src/test/java/org/springframework/security/config/TransactionalTestBusinessBean.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config;
 
 import org.springframework.transaction.annotation.Transactional;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/ConcereteSecurityConfigurerAdapter.java b/config/src/test/java/org/springframework/security/config/annotation/ConcereteSecurityConfigurerAdapter.java
index d1fb0deae6..dbf8250fc1 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/ConcereteSecurityConfigurerAdapter.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/ConcereteSecurityConfigurerAdapter.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation;
 
 import java.util.ArrayList;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/ObjectPostProcessorTests.java b/config/src/test/java/org/springframework/security/config/annotation/ObjectPostProcessorTests.java
index 4073ffefec..67c29ea4e9 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/ObjectPostProcessorTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/ObjectPostProcessorTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation;
 
 import java.util.ArrayList;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/SecurityConfigurerAdapterClosureTests.java b/config/src/test/java/org/springframework/security/config/annotation/SecurityConfigurerAdapterClosureTests.java
index d943554611..028d28f089 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/SecurityConfigurerAdapterClosureTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/SecurityConfigurerAdapterClosureTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation;
 
 import java.util.ArrayList;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/SecurityConfigurerAdapterTests.java b/config/src/test/java/org/springframework/security/config/annotation/SecurityConfigurerAdapterTests.java
index d832899c3d..b6e0a5a87b 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/SecurityConfigurerAdapterTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/SecurityConfigurerAdapterTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation;
 
 import org.junit.Before;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/AuthenticationManagerBuilderTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/AuthenticationManagerBuilderTests.java
index d311138de0..fa57b57997 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/authentication/AuthenticationManagerBuilderTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/AuthenticationManagerBuilderTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.authentication;
 
 import java.util.Arrays;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/BaseAuthenticationConfig.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/BaseAuthenticationConfig.java
index c38be2364e..0f9ffa5107 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/authentication/BaseAuthenticationConfig.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/BaseAuthenticationConfig.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.authentication;
 
 import org.springframework.beans.factory.annotation.Autowired;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationManagerTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationManagerTests.java
index 01ae058853..e5d0e25c07 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationManagerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationManagerTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.authentication;
 
 import org.junit.Rule;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationTests.java
index 3112f51221..7cba39f447 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.authentication.configuration;
 
 import java.util.ArrayList;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/EnableGlobalAuthenticationTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/EnableGlobalAuthenticationTests.java
index b854bd952f..e69d1f88c8 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/EnableGlobalAuthenticationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/EnableGlobalAuthenticationTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.authentication.configuration;
 
 import org.junit.Rule;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/configurers/ldap/LdapAuthenticationProviderConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/configurers/ldap/LdapAuthenticationProviderConfigurerTests.java
index 41dd70e31e..fcadd1ec3d 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/authentication/configurers/ldap/LdapAuthenticationProviderConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/configurers/ldap/LdapAuthenticationProviderConfigurerTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.authentication.configurers.ldap;
 
 import org.junit.Before;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/configuration/AroundMethodInterceptor.java b/config/src/test/java/org/springframework/security/config/annotation/configuration/AroundMethodInterceptor.java
index d63fee05fe..4dff4bfca5 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/configuration/AroundMethodInterceptor.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/configuration/AroundMethodInterceptor.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.configuration;
 
 import org.aopalliance.intercept.MethodInterceptor;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/configuration/AutowireBeanFactoryObjectPostProcessorTests.java b/config/src/test/java/org/springframework/security/config/annotation/configuration/AutowireBeanFactoryObjectPostProcessorTests.java
index bea9e42276..7820acb3e1 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/configuration/AutowireBeanFactoryObjectPostProcessorTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/configuration/AutowireBeanFactoryObjectPostProcessorTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.configuration;
 
 import org.junit.Rule;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/configuration/MyAdvisedBean.java b/config/src/test/java/org/springframework/security/config/annotation/configuration/MyAdvisedBean.java
index 493c2928c7..ababb41c1c 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/configuration/MyAdvisedBean.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/configuration/MyAdvisedBean.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.configuration;
 
 public class MyAdvisedBean {
diff --git a/config/src/test/java/org/springframework/security/config/annotation/issue50/ApplicationConfig.java b/config/src/test/java/org/springframework/security/config/annotation/issue50/ApplicationConfig.java
index fb87a6eaf0..fa946076f7 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/issue50/ApplicationConfig.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/issue50/ApplicationConfig.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.issue50;
 
 import javax.sql.DataSource;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/issue50/Issue50Tests.java b/config/src/test/java/org/springframework/security/config/annotation/issue50/Issue50Tests.java
index 46850925fc..647ca8f834 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/issue50/Issue50Tests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/issue50/Issue50Tests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.issue50;
 
 import javax.transaction.Transactional;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/issue50/SecurityConfig.java b/config/src/test/java/org/springframework/security/config/annotation/issue50/SecurityConfig.java
index d167cbb711..de54b6d5ad 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/issue50/SecurityConfig.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/issue50/SecurityConfig.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.issue50;
 
 import org.springframework.beans.factory.annotation.Autowired;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/issue50/domain/User.java b/config/src/test/java/org/springframework/security/config/annotation/issue50/domain/User.java
index 9d77f983cf..d30ada88c4 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/issue50/domain/User.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/issue50/domain/User.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.issue50.domain;
 
 import javax.persistence.Entity;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/issue50/repo/UserRepository.java b/config/src/test/java/org/springframework/security/config/annotation/issue50/repo/UserRepository.java
index de8300b056..984be0a815 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/issue50/repo/UserRepository.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/issue50/repo/UserRepository.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.issue50.repo;
 
 import org.springframework.data.repository.CrudRepository;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/DelegatingReactiveMessageService.java b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/DelegatingReactiveMessageService.java
index 41b952f911..23d1df8069 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/DelegatingReactiveMessageService.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/DelegatingReactiveMessageService.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.method.configuration;
 
 import org.reactivestreams.Publisher;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfigurationTests.java
index 22eaa2005a..ac9fe3381c 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfigurationTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.method.configuration;
 
 import java.lang.reflect.Proxy;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/MethodSecurityServiceConfig.java b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/MethodSecurityServiceConfig.java
index 664919232b..ee664f5a45 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/MethodSecurityServiceConfig.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/MethodSecurityServiceConfig.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.method.configuration;
 
 import org.springframework.context.annotation.Bean;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/NamespaceGlobalMethodSecurityExpressionHandlerTests.java b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/NamespaceGlobalMethodSecurityExpressionHandlerTests.java
index 819a083dee..3c0532b3f3 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/NamespaceGlobalMethodSecurityExpressionHandlerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/NamespaceGlobalMethodSecurityExpressionHandlerTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.method.configuration;
 
 import java.io.Serializable;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/NamespaceGlobalMethodSecurityTests.java b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/NamespaceGlobalMethodSecurityTests.java
index 49a0b080cb..0efe382210 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/NamespaceGlobalMethodSecurityTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/NamespaceGlobalMethodSecurityTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.method.configuration;
 
 import java.lang.reflect.Method;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/ReactiveMessageService.java b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/ReactiveMessageService.java
index 636db9b6ff..908014c65c 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/ReactiveMessageService.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/ReactiveMessageService.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.method.configuration;
 
 import org.reactivestreams.Publisher;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/SampleEnableGlobalMethodSecurityTests.java b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/SampleEnableGlobalMethodSecurityTests.java
index f16f3586ec..9698da38b8 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/SampleEnableGlobalMethodSecurityTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/SampleEnableGlobalMethodSecurityTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.method.configuration;
 
 import java.io.Serializable;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/sec2758/Sec2758Tests.java b/config/src/test/java/org/springframework/security/config/annotation/sec2758/Sec2758Tests.java
index c550d4045c..5b9df02190 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/sec2758/Sec2758Tests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/sec2758/Sec2758Tests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.sec2758;
 
 import javax.annotation.security.RolesAllowed;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/AbstractConfiguredSecurityBuilderTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/AbstractConfiguredSecurityBuilderTests.java
index 02b3c40690..4c9eb0d3e3 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/AbstractConfiguredSecurityBuilderTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/AbstractConfiguredSecurityBuilderTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web;
 
 import java.util.List;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistryAnyMatcherTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistryAnyMatcherTests.java
index 06d405188f..bf6cbe1e3e 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistryAnyMatcherTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistryAnyMatcherTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web;
 
 import org.junit.Test;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistryTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistryTests.java
index 0616e815a7..ef2b793024 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistryTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistryTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web;
 
 import java.util.List;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/HttpSecurityHeadersTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/HttpSecurityHeadersTests.java
index 8b994a5fb1..60d7e6b866 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/HttpSecurityHeadersTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/HttpSecurityHeadersTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web;
 
 import javax.servlet.Filter;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/SampleWebSecurityConfigurerAdapterTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/SampleWebSecurityConfigurerAdapterTests.java
index 198c55c3b3..53aff06eec 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/SampleWebSecurityConfigurerAdapterTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/SampleWebSecurityConfigurerAdapterTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web;
 
 import java.util.Base64;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterPowermockTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterPowermockTests.java
index 72db1d8064..00e8731731 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterPowermockTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterPowermockTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web;
 
 import java.util.Arrays;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterTests.java
index af3accc65a..53dfedfc5d 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web;
 
 import java.io.IOException;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/builders/HttpConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/builders/HttpConfigurationTests.java
index 890de93c1f..404fcc566e 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/builders/HttpConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/builders/HttpConfigurationTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.builders;
 
 import java.io.IOException;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/builders/NamespaceHttpTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/builders/NamespaceHttpTests.java
index f630566f8d..8d4f8ae302 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/builders/NamespaceHttpTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/builders/NamespaceHttpTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.builders;
 
 import javax.security.auth.Subject;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/AuthenticationPrincipalArgumentResolverTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/AuthenticationPrincipalArgumentResolverTests.java
index 38cc3b7b58..8d5e1d5ca0 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/AuthenticationPrincipalArgumentResolverTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/AuthenticationPrincipalArgumentResolverTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.configuration;
 
 import org.junit.After;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/EnableWebSecurityTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/EnableWebSecurityTests.java
index 962db3234d..275d829068 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/EnableWebSecurityTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/EnableWebSecurityTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.configuration;
 
 import org.junit.Rule;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfigurationTests.java
index 80f6c0666f..77b1f0f460 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfigurationTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.configuration;
 
 import javax.servlet.http.HttpServletRequest;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/Sec2515Tests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/Sec2515Tests.java
index d81ecb80d0..37542b9fbb 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/Sec2515Tests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/Sec2515Tests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.configuration;
 
 import java.net.URL;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfigurationResourceServerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfigurationResourceServerTests.java
index 457fa6185d..3f5bc05eda 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfigurationResourceServerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfigurationResourceServerTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.configuration;
 
 import javax.annotation.PreDestroy;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfigurationTests.java
index 23c82f730e..855a00c311 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfigurationTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.configuration;
 
 import java.net.URI;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebMvcSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebMvcSecurityConfigurationTests.java
index 95ee25ae6a..9ae507255d 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebMvcSecurityConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebMvcSecurityConfigurationTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.configuration;
 
 import org.junit.After;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurationTests.java
index af7ad3ab0d..4b4e8567c4 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurationTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.configuration;
 
 import java.io.Serializable;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/sec2377/Sec2377Tests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/sec2377/Sec2377Tests.java
index 6475e99d16..57a1ca74f1 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/sec2377/Sec2377Tests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/sec2377/Sec2377Tests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.configuration.sec2377;
 
 import org.junit.Rule;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/sec2377/a/Sec2377AConfig.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/sec2377/a/Sec2377AConfig.java
index 23ba45407d..ed8857c73a 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/sec2377/a/Sec2377AConfig.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/sec2377/a/Sec2377AConfig.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.configuration.sec2377.a;
 
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/sec2377/b/Sec2377BConfig.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/sec2377/b/Sec2377BConfig.java
index 444b3c0d79..9a7cd92134 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/sec2377/b/Sec2377BConfig.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/sec2377/b/Sec2377BConfig.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.configuration.sec2377.b;
 
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AnonymousConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AnonymousConfigurerTests.java
index 05d7c530bd..40eafaf04d 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AnonymousConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AnonymousConfigurerTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.configurers;
 
 import org.junit.Rule;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AuthorizeRequestsTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AuthorizeRequestsTests.java
index fca0698300..42884f2f09 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AuthorizeRequestsTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AuthorizeRequestsTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.configurers;
 
 import javax.servlet.http.HttpServletResponse;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerNoWebMvcTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerNoWebMvcTests.java
index 1a5a64cfbb..cf627bb33e 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerNoWebMvcTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerNoWebMvcTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.configurers;
 
 import org.junit.After;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/DefaultFiltersTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/DefaultFiltersTests.java
index 0de52befb4..1bce91535a 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/DefaultFiltersTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/DefaultFiltersTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.configurers;
 
 import java.io.IOException;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurerAccessDeniedHandlerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurerAccessDeniedHandlerTests.java
index 4bfc897690..be40eb0eb6 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurerAccessDeniedHandlerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurerAccessDeniedHandlerTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.configurers;
 
 import org.junit.Rule;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurerTests.java
index 3728529db4..3e3b532066 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurerTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.configurers;
 
 import javax.servlet.http.HttpServletRequest;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityAntMatchersTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityAntMatchersTests.java
index c6449818c2..5357ad70da 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityAntMatchersTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityAntMatchersTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.configurers;
 
 import javax.servlet.http.HttpServletResponse;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityLogoutTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityLogoutTests.java
index 6e2fed7cc1..11ac70b1a6 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityLogoutTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityLogoutTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.configurers;
 
 import org.junit.After;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityRequestMatchersTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityRequestMatchersTests.java
index eb07fa41bf..cfeea9e85a 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityRequestMatchersTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityRequestMatchersTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.configurers;
 
 import javax.servlet.http.HttpServletResponse;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/Issue55Tests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/Issue55Tests.java
index 4191869ae3..0f3eefb8ed 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/Issue55Tests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/Issue55Tests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.configurers;
 
 import java.lang.reflect.InvocationTargetException;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceDebugTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceDebugTests.java
index 79c48708c1..4401d80f0b 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceDebugTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceDebugTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.configurers;
 
 import ch.qos.logback.classic.Level;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpAnonymousTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpAnonymousTests.java
index 1ff61c858c..077e69b5b5 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpAnonymousTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpAnonymousTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.configurers;
 
 import java.util.Optional;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpBasicTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpBasicTests.java
index 153c5e28dd..a4f1de385b 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpBasicTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpBasicTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.configurers;
 
 import javax.servlet.http.HttpServletRequest;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpCustomFilterTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpCustomFilterTests.java
index 4355601aa9..4e8ab99a6d 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpCustomFilterTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpCustomFilterTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.configurers;
 
 import java.io.IOException;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpExpressionHandlerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpExpressionHandlerTests.java
index ac14a32ba3..8255188f71 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpExpressionHandlerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpExpressionHandlerTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.configurers;
 
 import java.security.Principal;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFirewallTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFirewallTests.java
index 7ddce408dd..3802251c4d 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFirewallTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFirewallTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.configurers;
 
 import javax.servlet.http.HttpServletRequest;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFormLoginTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFormLoginTests.java
index 6a8b15d8a2..565d67e9e9 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFormLoginTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFormLoginTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.configurers;
 
 import javax.servlet.http.HttpServletRequest;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpHeadersTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpHeadersTests.java
index 403791c13e..d8a4f437d5 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpHeadersTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpHeadersTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.configurers;
 
 import java.net.URI;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpInterceptUrlTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpInterceptUrlTests.java
index 08dcf7f70c..2de270cea9 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpInterceptUrlTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpInterceptUrlTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.configurers;
 
 import org.junit.Rule;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpJeeTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpJeeTests.java
index 61e103645f..e243d28cc8 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpJeeTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpJeeTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.configurers;
 
 import java.security.Principal;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpLogoutTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpLogoutTests.java
index 5d56d6c05c..996f91a685 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpLogoutTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpLogoutTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.configurers;
 
 import java.util.Objects;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpOpenIDLoginTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpOpenIDLoginTests.java
index 780a2eee08..9064b565f8 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpOpenIDLoginTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpOpenIDLoginTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.configurers;
 
 import java.util.Arrays;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpPortMappingsTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpPortMappingsTests.java
index a9238613f3..3d4d1a8874 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpPortMappingsTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpPortMappingsTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.configurers;
 
 import org.junit.Rule;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpRequestCacheTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpRequestCacheTests.java
index 6969c377e1..7f24ed7f73 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpRequestCacheTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpRequestCacheTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.configurers;
 
 import javax.servlet.http.HttpServletRequest;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpServerAccessDeniedHandlerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpServerAccessDeniedHandlerTests.java
index 76e422ac91..757e52a740 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpServerAccessDeniedHandlerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpServerAccessDeniedHandlerTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.configurers;
 
 import javax.servlet.http.HttpServletRequest;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpX509Tests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpX509Tests.java
index f179ec95c5..8b9e0e6209 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpX509Tests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpX509Tests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.configurers;
 
 import java.io.InputStream;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceRememberMeTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceRememberMeTests.java
index 241cdf5bac..595b38b8e0 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceRememberMeTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceRememberMeTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.configurers;
 
 import javax.servlet.http.Cookie;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceSessionManagementTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceSessionManagementTests.java
index d15f595e64..4d8440efa6 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceSessionManagementTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceSessionManagementTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.configurers;
 
 import java.security.Principal;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/PermitAllSupportTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/PermitAllSupportTests.java
index 8d8fd76f3a..f30939fb0d 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/PermitAllSupportTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/PermitAllSupportTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.configurers;
 
 import org.junit.Rule;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/PortMapperConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/PortMapperConfigurerTests.java
index 8fd6a64f0b..75436e2a40 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/PortMapperConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/PortMapperConfigurerTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.configurers;
 
 import java.util.Collections;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestCacheConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestCacheConfigurerTests.java
index f1c2e15727..a82959e24f 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestCacheConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestCacheConfigurerTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.configurers;
 
 import javax.servlet.http.HttpServletRequest;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerServlet31Tests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerServlet31Tests.java
index 1dd734d486..10362b3eb7 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerServlet31Tests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerServlet31Tests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.configurers;
 
 import java.lang.reflect.Method;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerSessionAuthenticationStrategyTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerSessionAuthenticationStrategyTests.java
index 20e770ce7f..8985070277 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerSessionAuthenticationStrategyTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerSessionAuthenticationStrategyTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.configurers;
 
 import javax.servlet.http.HttpServletRequest;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTransientAuthenticationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTransientAuthenticationTests.java
index 4eb2626430..7323136e1c 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTransientAuthenticationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTransientAuthenticationTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.configurers;
 
 import org.junit.Rule;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationConfigurerTests.java
index 1604b8e616..f7b7b77681 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationConfigurerTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.configurers;
 
 import javax.servlet.http.HttpServletResponse;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationsTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationsTests.java
index 8497fee4fd..5fe6a6b770 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationsTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationsTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.configurers;
 
 import java.util.List;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerTests.java
index a82fc9bbca..8598189995 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.configurers.oauth2.client;
 
 import java.util.HashMap;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurerTests.java
index 1b9aaeb670..382e80edb9 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurerTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.configurers.oauth2.client;
 
 import java.util.ArrayList;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistryTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistryTests.java
index 06208c6364..ec88b8feae 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistryTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistryTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.messaging;
 
 import java.util.Collection;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerDocTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerDocTests.java
index 76333746ad..2bb6965eb8 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerDocTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerDocTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.socket;
 
 import java.util.HashMap;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerTests.java
index 8511a04d73..c840cbc282 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.socket;
 
 import java.util.HashMap;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/socket/SyncExecutorSubscribableChannelPostProcessor.java b/config/src/test/java/org/springframework/security/config/annotation/web/socket/SyncExecutorSubscribableChannelPostProcessor.java
index ad20a673bb..fa1bf08d26 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/socket/SyncExecutorSubscribableChannelPostProcessor.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/socket/SyncExecutorSubscribableChannelPostProcessor.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.annotation.web.socket;
 
 import org.springframework.beans.BeansException;
diff --git a/config/src/test/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParserTests.java
index 3af52ce611..790bb61c2d 100644
--- a/config/src/test/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParserTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.authentication;
 
 import java.util.ArrayList;
diff --git a/config/src/test/java/org/springframework/security/config/authentication/AuthenticationProviderBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/authentication/AuthenticationProviderBeanDefinitionParserTests.java
index 7fc1d471b1..42d9b70229 100644
--- a/config/src/test/java/org/springframework/security/config/authentication/AuthenticationProviderBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/authentication/AuthenticationProviderBeanDefinitionParserTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.authentication;
 
 import java.util.List;
diff --git a/config/src/test/java/org/springframework/security/config/authentication/JdbcUserServiceBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/authentication/JdbcUserServiceBeanDefinitionParserTests.java
index 66835a6e4a..cf8c3eaabd 100644
--- a/config/src/test/java/org/springframework/security/config/authentication/JdbcUserServiceBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/authentication/JdbcUserServiceBeanDefinitionParserTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.authentication;
 
 import org.junit.After;
diff --git a/config/src/test/java/org/springframework/security/config/authentication/UserServiceBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/authentication/UserServiceBeanDefinitionParserTests.java
index 772c21b290..2879c6343f 100644
--- a/config/src/test/java/org/springframework/security/config/authentication/UserServiceBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/authentication/UserServiceBeanDefinitionParserTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.authentication;
 
 import org.junit.After;
diff --git a/config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsJcTests.java b/config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsJcTests.java
index e0f7bc36dc..2e5ef45289 100644
--- a/config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsJcTests.java
+++ b/config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsJcTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.core;
 
 import java.io.IOException;
diff --git a/config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsXmlTests.java b/config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsXmlTests.java
index 8325261560..6de129cf68 100644
--- a/config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsXmlTests.java
+++ b/config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsXmlTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.core;
 
 import java.io.IOException;
diff --git a/config/src/test/java/org/springframework/security/config/core/HelloWorldMessageService.java b/config/src/test/java/org/springframework/security/config/core/HelloWorldMessageService.java
index 387f0ad006..452a20042f 100755
--- a/config/src/test/java/org/springframework/security/config/core/HelloWorldMessageService.java
+++ b/config/src/test/java/org/springframework/security/config/core/HelloWorldMessageService.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.core;
 
 import javax.annotation.security.RolesAllowed;
diff --git a/config/src/test/java/org/springframework/security/config/core/MessageService.java b/config/src/test/java/org/springframework/security/config/core/MessageService.java
index ce55bba1f3..03eaefab59 100755
--- a/config/src/test/java/org/springframework/security/config/core/MessageService.java
+++ b/config/src/test/java/org/springframework/security/config/core/MessageService.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.core;
 
 /**
diff --git a/config/src/test/java/org/springframework/security/config/debug/AuthProviderDependency.java b/config/src/test/java/org/springframework/security/config/debug/AuthProviderDependency.java
index c5916511f5..d29f1b476d 100644
--- a/config/src/test/java/org/springframework/security/config/debug/AuthProviderDependency.java
+++ b/config/src/test/java/org/springframework/security/config/debug/AuthProviderDependency.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.debug;
 
 import org.springframework.stereotype.Component;
diff --git a/config/src/test/java/org/springframework/security/config/debug/SecurityDebugBeanFactoryPostProcessorTests.java b/config/src/test/java/org/springframework/security/config/debug/SecurityDebugBeanFactoryPostProcessorTests.java
index 6d065fce3a..4f991d9d11 100644
--- a/config/src/test/java/org/springframework/security/config/debug/SecurityDebugBeanFactoryPostProcessorTests.java
+++ b/config/src/test/java/org/springframework/security/config/debug/SecurityDebugBeanFactoryPostProcessorTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.debug;
 
 import org.junit.Rule;
diff --git a/config/src/test/java/org/springframework/security/config/debug/TestAuthenticationProvider.java b/config/src/test/java/org/springframework/security/config/debug/TestAuthenticationProvider.java
index ee82e44dc0..b6aa96f65e 100644
--- a/config/src/test/java/org/springframework/security/config/debug/TestAuthenticationProvider.java
+++ b/config/src/test/java/org/springframework/security/config/debug/TestAuthenticationProvider.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.debug;
 
 import org.springframework.beans.factory.annotation.Autowired;
diff --git a/config/src/test/java/org/springframework/security/config/doc/Attribute.java b/config/src/test/java/org/springframework/security/config/doc/Attribute.java
index 6ee71d6d6e..ff409f7505 100644
--- a/config/src/test/java/org/springframework/security/config/doc/Attribute.java
+++ b/config/src/test/java/org/springframework/security/config/doc/Attribute.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.doc;
 
 /**
diff --git a/config/src/test/java/org/springframework/security/config/doc/Element.java b/config/src/test/java/org/springframework/security/config/doc/Element.java
index 9505c2c30a..2e8369880f 100644
--- a/config/src/test/java/org/springframework/security/config/doc/Element.java
+++ b/config/src/test/java/org/springframework/security/config/doc/Element.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.doc;
 
 import java.util.ArrayList;
diff --git a/config/src/test/java/org/springframework/security/config/doc/SpringSecurityXsdParser.java b/config/src/test/java/org/springframework/security/config/doc/SpringSecurityXsdParser.java
index bb81c4b893..00bb96ee0c 100644
--- a/config/src/test/java/org/springframework/security/config/doc/SpringSecurityXsdParser.java
+++ b/config/src/test/java/org/springframework/security/config/doc/SpringSecurityXsdParser.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.doc;
 
 import java.util.ArrayList;
diff --git a/config/src/test/java/org/springframework/security/config/doc/XmlNode.java b/config/src/test/java/org/springframework/security/config/doc/XmlNode.java
index 4144327920..639ed25322 100644
--- a/config/src/test/java/org/springframework/security/config/doc/XmlNode.java
+++ b/config/src/test/java/org/springframework/security/config/doc/XmlNode.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.doc;
 
 import java.util.Optional;
diff --git a/config/src/test/java/org/springframework/security/config/doc/XmlParser.java b/config/src/test/java/org/springframework/security/config/doc/XmlParser.java
index 263ee0451f..c7b07a8aae 100644
--- a/config/src/test/java/org/springframework/security/config/doc/XmlParser.java
+++ b/config/src/test/java/org/springframework/security/config/doc/XmlParser.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.doc;
 
 import java.io.IOException;
diff --git a/config/src/test/java/org/springframework/security/config/doc/XmlSupport.java b/config/src/test/java/org/springframework/security/config/doc/XmlSupport.java
index d9753b9bb3..d83b0f3279 100644
--- a/config/src/test/java/org/springframework/security/config/doc/XmlSupport.java
+++ b/config/src/test/java/org/springframework/security/config/doc/XmlSupport.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.doc;
 
 import java.io.IOException;
diff --git a/config/src/test/java/org/springframework/security/config/doc/XsdDocumentedTests.java b/config/src/test/java/org/springframework/security/config/doc/XsdDocumentedTests.java
index 6ac13756a0..519851f3be 100644
--- a/config/src/test/java/org/springframework/security/config/doc/XsdDocumentedTests.java
+++ b/config/src/test/java/org/springframework/security/config/doc/XsdDocumentedTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.doc;
 
 import java.io.IOException;
diff --git a/config/src/test/java/org/springframework/security/config/http/AccessDeniedConfigTests.java b/config/src/test/java/org/springframework/security/config/http/AccessDeniedConfigTests.java
index 5c6a615081..f64d56ad3d 100644
--- a/config/src/test/java/org/springframework/security/config/http/AccessDeniedConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/AccessDeniedConfigTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.http;
 
 import javax.servlet.http.HttpServletRequest;
diff --git a/config/src/test/java/org/springframework/security/config/http/CsrfBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/http/CsrfBeanDefinitionParserTests.java
index f9b8650588..d8e9862560 100644
--- a/config/src/test/java/org/springframework/security/config/http/CsrfBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/CsrfBeanDefinitionParserTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.http;
 
 import org.junit.Test;
diff --git a/config/src/test/java/org/springframework/security/config/http/CsrfConfigTests.java b/config/src/test/java/org/springframework/security/config/http/CsrfConfigTests.java
index ea4938b57b..ac82eb3c93 100644
--- a/config/src/test/java/org/springframework/security/config/http/CsrfConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/CsrfConfigTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.http;
 
 import java.net.URI;
diff --git a/config/src/test/java/org/springframework/security/config/http/DefaultFilterChainValidatorTests.java b/config/src/test/java/org/springframework/security/config/http/DefaultFilterChainValidatorTests.java
index 016c20c74a..8376784dd6 100644
--- a/config/src/test/java/org/springframework/security/config/http/DefaultFilterChainValidatorTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/DefaultFilterChainValidatorTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.http;
 
 import java.util.Collection;
diff --git a/config/src/test/java/org/springframework/security/config/http/FilterSecurityMetadataSourceBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/http/FilterSecurityMetadataSourceBeanDefinitionParserTests.java
index 0e64f64b7e..f6f1cadeb2 100644
--- a/config/src/test/java/org/springframework/security/config/http/FilterSecurityMetadataSourceBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/FilterSecurityMetadataSourceBeanDefinitionParserTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.http;
 
 import java.util.Collection;
diff --git a/config/src/test/java/org/springframework/security/config/http/FormLoginBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/http/FormLoginBeanDefinitionParserTests.java
index 2bdb457036..fcfe8904df 100644
--- a/config/src/test/java/org/springframework/security/config/http/FormLoginBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/FormLoginBeanDefinitionParserTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.http;
 
 import org.junit.Rule;
diff --git a/config/src/test/java/org/springframework/security/config/http/FormLoginConfigTests.java b/config/src/test/java/org/springframework/security/config/http/FormLoginConfigTests.java
index 4adaebc234..7e55dde548 100644
--- a/config/src/test/java/org/springframework/security/config/http/FormLoginConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/FormLoginConfigTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.http;
 
 import java.util.List;
diff --git a/config/src/test/java/org/springframework/security/config/http/HttpConfigTests.java b/config/src/test/java/org/springframework/security/config/http/HttpConfigTests.java
index 3cd2f3be8b..e0eacfd369 100644
--- a/config/src/test/java/org/springframework/security/config/http/HttpConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/HttpConfigTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.http;
 
 import javax.servlet.http.HttpServletResponse;
diff --git a/config/src/test/java/org/springframework/security/config/http/HttpCorsConfigTests.java b/config/src/test/java/org/springframework/security/config/http/HttpCorsConfigTests.java
index a51ff6d242..862cdd0613 100644
--- a/config/src/test/java/org/springframework/security/config/http/HttpCorsConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/HttpCorsConfigTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.http;
 
 import java.util.Arrays;
diff --git a/config/src/test/java/org/springframework/security/config/http/HttpHeadersConfigTests.java b/config/src/test/java/org/springframework/security/config/http/HttpHeadersConfigTests.java
index a0c2c7861a..ecc0c86719 100644
--- a/config/src/test/java/org/springframework/security/config/http/HttpHeadersConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/HttpHeadersConfigTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.http;
 
 import java.util.Arrays;
diff --git a/config/src/test/java/org/springframework/security/config/http/HttpInterceptUrlTests.java b/config/src/test/java/org/springframework/security/config/http/HttpInterceptUrlTests.java
index 86bb8e9707..614c072d60 100644
--- a/config/src/test/java/org/springframework/security/config/http/HttpInterceptUrlTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/HttpInterceptUrlTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.http;
 
 import javax.servlet.Filter;
diff --git a/config/src/test/java/org/springframework/security/config/http/InterceptUrlConfigTests.java b/config/src/test/java/org/springframework/security/config/http/InterceptUrlConfigTests.java
index e21bf32cab..bc12def2ef 100644
--- a/config/src/test/java/org/springframework/security/config/http/InterceptUrlConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/InterceptUrlConfigTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.http;
 
 import java.util.Collections;
diff --git a/config/src/test/java/org/springframework/security/config/http/MultiHttpBlockConfigTests.java b/config/src/test/java/org/springframework/security/config/http/MultiHttpBlockConfigTests.java
index 267c810076..5259123a9a 100644
--- a/config/src/test/java/org/springframework/security/config/http/MultiHttpBlockConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/MultiHttpBlockConfigTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.http;
 
 import org.junit.Rule;
diff --git a/config/src/test/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserTests.java
index 859e549a86..5d4a3568d4 100644
--- a/config/src/test/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.http;
 
 import java.util.HashMap;
diff --git a/config/src/test/java/org/springframework/security/config/http/OAuth2LoginBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/http/OAuth2LoginBeanDefinitionParserTests.java
index 5b98d0cdc0..295f0af89b 100644
--- a/config/src/test/java/org/springframework/security/config/http/OAuth2LoginBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/OAuth2LoginBeanDefinitionParserTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.http;
 
 import java.util.Collection;
diff --git a/config/src/test/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParserTests.java
index 06195642b2..6e88114297 100644
--- a/config/src/test/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParserTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.http;
 
 import java.io.BufferedReader;
diff --git a/config/src/test/java/org/springframework/security/config/http/OpenIDConfigTests.java b/config/src/test/java/org/springframework/security/config/http/OpenIDConfigTests.java
index f260d2efc6..93b754c02c 100644
--- a/config/src/test/java/org/springframework/security/config/http/OpenIDConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/OpenIDConfigTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.http;
 
 import java.util.HashSet;
diff --git a/config/src/test/java/org/springframework/security/config/http/PlaceHolderAndELConfigTests.java b/config/src/test/java/org/springframework/security/config/http/PlaceHolderAndELConfigTests.java
index e78e90f5a4..e413874758 100644
--- a/config/src/test/java/org/springframework/security/config/http/PlaceHolderAndELConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/PlaceHolderAndELConfigTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.http;
 
 import org.junit.Rule;
diff --git a/config/src/test/java/org/springframework/security/config/http/RememberMeConfigTests.java b/config/src/test/java/org/springframework/security/config/http/RememberMeConfigTests.java
index 97203086dc..e16b8ec2b1 100644
--- a/config/src/test/java/org/springframework/security/config/http/RememberMeConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/RememberMeConfigTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.http;
 
 import java.util.Collections;
diff --git a/config/src/test/java/org/springframework/security/config/http/SecurityContextHolderAwareRequestConfigTests.java b/config/src/test/java/org/springframework/security/config/http/SecurityContextHolderAwareRequestConfigTests.java
index 20df7178b3..ddb27b5cf5 100644
--- a/config/src/test/java/org/springframework/security/config/http/SecurityContextHolderAwareRequestConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/SecurityContextHolderAwareRequestConfigTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.http;
 
 import java.io.IOException;
diff --git a/config/src/test/java/org/springframework/security/config/http/SecurityFiltersAssertions.java b/config/src/test/java/org/springframework/security/config/http/SecurityFiltersAssertions.java
index 7b9da04b9e..e7c01c96fe 100644
--- a/config/src/test/java/org/springframework/security/config/http/SecurityFiltersAssertions.java
+++ b/config/src/test/java/org/springframework/security/config/http/SecurityFiltersAssertions.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.http;
 
 import java.util.Arrays;
diff --git a/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigServlet31Tests.java b/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigServlet31Tests.java
index f7a43ff8a2..6575395228 100644
--- a/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigServlet31Tests.java
+++ b/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigServlet31Tests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.http;
 
 import java.lang.reflect.Method;
diff --git a/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigTests.java b/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigTests.java
index b4a7bdc8c7..6a81001b45 100644
--- a/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.http;
 
 import java.io.IOException;
diff --git a/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigTransientAuthenticationTests.java b/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigTransientAuthenticationTests.java
index 8c1c2af17a..aa9ab7a33f 100644
--- a/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigTransientAuthenticationTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigTransientAuthenticationTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.http;
 
 import org.junit.Rule;
diff --git a/config/src/test/java/org/springframework/security/config/http/WebConfigUtilsTests.java b/config/src/test/java/org/springframework/security/config/http/WebConfigUtilsTests.java
index df9ce75d2f..7268e6400c 100644
--- a/config/src/test/java/org/springframework/security/config/http/WebConfigUtilsTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/WebConfigUtilsTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.http;
 
 import org.junit.Test;
diff --git a/config/src/test/java/org/springframework/security/config/http/customconfigurer/CustomConfigurer.java b/config/src/test/java/org/springframework/security/config/http/customconfigurer/CustomConfigurer.java
index 4978bee95b..96f5469ef5 100644
--- a/config/src/test/java/org/springframework/security/config/http/customconfigurer/CustomConfigurer.java
+++ b/config/src/test/java/org/springframework/security/config/http/customconfigurer/CustomConfigurer.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.http.customconfigurer;
 
 import org.springframework.beans.factory.annotation.Value;
diff --git a/config/src/test/java/org/springframework/security/config/http/customconfigurer/CustomHttpSecurityConfigurerTests.java b/config/src/test/java/org/springframework/security/config/http/customconfigurer/CustomHttpSecurityConfigurerTests.java
index 9cf4508d7d..5a76fc998d 100644
--- a/config/src/test/java/org/springframework/security/config/http/customconfigurer/CustomHttpSecurityConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/customconfigurer/CustomHttpSecurityConfigurerTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.http.customconfigurer;
 
 import java.util.Properties;
diff --git a/config/src/test/java/org/springframework/security/config/method/Contact.java b/config/src/test/java/org/springframework/security/config/method/Contact.java
index e79739ef90..819b97ad35 100644
--- a/config/src/test/java/org/springframework/security/config/method/Contact.java
+++ b/config/src/test/java/org/springframework/security/config/method/Contact.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.method;
 
 /**
diff --git a/config/src/test/java/org/springframework/security/config/method/ContactPermission.java b/config/src/test/java/org/springframework/security/config/method/ContactPermission.java
index 2cc42ae675..a78b26f15f 100644
--- a/config/src/test/java/org/springframework/security/config/method/ContactPermission.java
+++ b/config/src/test/java/org/springframework/security/config/method/ContactPermission.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.method;
 
 import java.lang.annotation.Retention;
diff --git a/config/src/test/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParserTests.java
index 579d47cb87..3e0088b38a 100644
--- a/config/src/test/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParserTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.method;
 
 import java.util.ArrayList;
diff --git a/config/src/test/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecoratorTests.java b/config/src/test/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecoratorTests.java
index 4b08393bd2..4771006d75 100644
--- a/config/src/test/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecoratorTests.java
+++ b/config/src/test/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecoratorTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.method;
 
 import org.junit.After;
diff --git a/config/src/test/java/org/springframework/security/config/method/Jsr250AnnotationDrivenBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/method/Jsr250AnnotationDrivenBeanDefinitionParserTests.java
index e1e48925a7..20b5183888 100644
--- a/config/src/test/java/org/springframework/security/config/method/Jsr250AnnotationDrivenBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/method/Jsr250AnnotationDrivenBeanDefinitionParserTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.method;
 
 import org.junit.After;
diff --git a/config/src/test/java/org/springframework/security/config/method/PreAuthorizeAdminRole.java b/config/src/test/java/org/springframework/security/config/method/PreAuthorizeAdminRole.java
index 46c2d4cefb..0401ff3ebf 100644
--- a/config/src/test/java/org/springframework/security/config/method/PreAuthorizeAdminRole.java
+++ b/config/src/test/java/org/springframework/security/config/method/PreAuthorizeAdminRole.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.method;
 
 import java.lang.annotation.Retention;
diff --git a/config/src/test/java/org/springframework/security/config/method/PreAuthorizeServiceImpl.java b/config/src/test/java/org/springframework/security/config/method/PreAuthorizeServiceImpl.java
index a17f384f43..bd3721a5db 100644
--- a/config/src/test/java/org/springframework/security/config/method/PreAuthorizeServiceImpl.java
+++ b/config/src/test/java/org/springframework/security/config/method/PreAuthorizeServiceImpl.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.method;
 
 /**
diff --git a/config/src/test/java/org/springframework/security/config/method/PreAuthorizeTests.java b/config/src/test/java/org/springframework/security/config/method/PreAuthorizeTests.java
index 27333d7172..91c10958e3 100644
--- a/config/src/test/java/org/springframework/security/config/method/PreAuthorizeTests.java
+++ b/config/src/test/java/org/springframework/security/config/method/PreAuthorizeTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.method;
 
 import org.junit.After;
diff --git a/config/src/test/java/org/springframework/security/config/method/Sec2196Tests.java b/config/src/test/java/org/springframework/security/config/method/Sec2196Tests.java
index 1b255256ee..083b3c2b7f 100644
--- a/config/src/test/java/org/springframework/security/config/method/Sec2196Tests.java
+++ b/config/src/test/java/org/springframework/security/config/method/Sec2196Tests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.method;
 
 import org.junit.After;
diff --git a/config/src/test/java/org/springframework/security/config/method/SecuredAdminRole.java b/config/src/test/java/org/springframework/security/config/method/SecuredAdminRole.java
index d3381b4c24..629dcaa7b2 100644
--- a/config/src/test/java/org/springframework/security/config/method/SecuredAdminRole.java
+++ b/config/src/test/java/org/springframework/security/config/method/SecuredAdminRole.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.method;
 
 import java.lang.annotation.Retention;
diff --git a/config/src/test/java/org/springframework/security/config/method/SecuredAnnotationDrivenBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/method/SecuredAnnotationDrivenBeanDefinitionParserTests.java
index 7c69b15459..3d46358d09 100644
--- a/config/src/test/java/org/springframework/security/config/method/SecuredAnnotationDrivenBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/method/SecuredAnnotationDrivenBeanDefinitionParserTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.method;
 
 import java.io.ByteArrayInputStream;
diff --git a/config/src/test/java/org/springframework/security/config/method/SecuredServiceImpl.java b/config/src/test/java/org/springframework/security/config/method/SecuredServiceImpl.java
index c5a5d4547e..582f51dd0d 100644
--- a/config/src/test/java/org/springframework/security/config/method/SecuredServiceImpl.java
+++ b/config/src/test/java/org/springframework/security/config/method/SecuredServiceImpl.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.method;
 
 /**
diff --git a/config/src/test/java/org/springframework/security/config/method/SecuredTests.java b/config/src/test/java/org/springframework/security/config/method/SecuredTests.java
index 609ff5bf99..607b164c67 100644
--- a/config/src/test/java/org/springframework/security/config/method/SecuredTests.java
+++ b/config/src/test/java/org/springframework/security/config/method/SecuredTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.method;
 
 import org.junit.After;
diff --git a/config/src/test/java/org/springframework/security/config/method/TestPermissionEvaluator.java b/config/src/test/java/org/springframework/security/config/method/TestPermissionEvaluator.java
index 03bed52407..0d6bbe37d8 100644
--- a/config/src/test/java/org/springframework/security/config/method/TestPermissionEvaluator.java
+++ b/config/src/test/java/org/springframework/security/config/method/TestPermissionEvaluator.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.method;
 
 import java.io.Serializable;
diff --git a/config/src/test/java/org/springframework/security/config/method/sec2136/JpaPermissionEvaluator.java b/config/src/test/java/org/springframework/security/config/method/sec2136/JpaPermissionEvaluator.java
index fe055ade88..d186330f0e 100644
--- a/config/src/test/java/org/springframework/security/config/method/sec2136/JpaPermissionEvaluator.java
+++ b/config/src/test/java/org/springframework/security/config/method/sec2136/JpaPermissionEvaluator.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.method.sec2136;
 
 import java.io.Serializable;
diff --git a/config/src/test/java/org/springframework/security/config/method/sec2136/Sec2136Tests.java b/config/src/test/java/org/springframework/security/config/method/sec2136/Sec2136Tests.java
index 123b7effcd..a78f32bf76 100644
--- a/config/src/test/java/org/springframework/security/config/method/sec2136/Sec2136Tests.java
+++ b/config/src/test/java/org/springframework/security/config/method/sec2136/Sec2136Tests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.method.sec2136;
 
 import org.junit.Test;
diff --git a/config/src/test/java/org/springframework/security/config/method/sec2499/Sec2499Tests.java b/config/src/test/java/org/springframework/security/config/method/sec2499/Sec2499Tests.java
index 3d991e1850..745c60eaa5 100644
--- a/config/src/test/java/org/springframework/security/config/method/sec2499/Sec2499Tests.java
+++ b/config/src/test/java/org/springframework/security/config/method/sec2499/Sec2499Tests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.method.sec2499;
 
 import org.junit.After;
diff --git a/config/src/test/java/org/springframework/security/config/oauth2/client/ClientRegistrationsBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/oauth2/client/ClientRegistrationsBeanDefinitionParserTests.java
index 4fa821baf9..2c593e80dc 100644
--- a/config/src/test/java/org/springframework/security/config/oauth2/client/ClientRegistrationsBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/oauth2/client/ClientRegistrationsBeanDefinitionParserTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.oauth2.client;
 
 import okhttp3.mockwebserver.MockResponse;
diff --git a/config/src/test/java/org/springframework/security/config/oauth2/client/CommonOAuth2ProviderTests.java b/config/src/test/java/org/springframework/security/config/oauth2/client/CommonOAuth2ProviderTests.java
index 451adf58d1..65d4ffd53a 100644
--- a/config/src/test/java/org/springframework/security/config/oauth2/client/CommonOAuth2ProviderTests.java
+++ b/config/src/test/java/org/springframework/security/config/oauth2/client/CommonOAuth2ProviderTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.oauth2.client;
 
 import org.junit.Test;
diff --git a/config/src/test/java/org/springframework/security/config/util/InMemoryXmlApplicationContext.java b/config/src/test/java/org/springframework/security/config/util/InMemoryXmlApplicationContext.java
index ac79550ee1..5ba707036e 100644
--- a/config/src/test/java/org/springframework/security/config/util/InMemoryXmlApplicationContext.java
+++ b/config/src/test/java/org/springframework/security/config/util/InMemoryXmlApplicationContext.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.util;
 
 import org.springframework.beans.factory.support.DefaultListableBeanFactory;
diff --git a/config/src/test/java/org/springframework/security/config/util/InMemoryXmlWebApplicationContext.java b/config/src/test/java/org/springframework/security/config/util/InMemoryXmlWebApplicationContext.java
index 8bcb27565a..72992ecef0 100644
--- a/config/src/test/java/org/springframework/security/config/util/InMemoryXmlWebApplicationContext.java
+++ b/config/src/test/java/org/springframework/security/config/util/InMemoryXmlWebApplicationContext.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.util;
 
 import org.springframework.beans.BeansException;
diff --git a/config/src/test/java/org/springframework/security/config/web/server/ExceptionHandlingSpecTests.java b/config/src/test/java/org/springframework/security/config/web/server/ExceptionHandlingSpecTests.java
index 9fa6c5156e..edad325b3c 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/ExceptionHandlingSpecTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/ExceptionHandlingSpecTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.web.server;
 
 import org.junit.Test;
diff --git a/config/src/test/java/org/springframework/security/config/websocket/MessageSecurityPostProcessorTests.java b/config/src/test/java/org/springframework/security/config/websocket/MessageSecurityPostProcessorTests.java
index 7b3a9660a0..bda928963a 100644
--- a/config/src/test/java/org/springframework/security/config/websocket/MessageSecurityPostProcessorTests.java
+++ b/config/src/test/java/org/springframework/security/config/websocket/MessageSecurityPostProcessorTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.websocket;
 
 import org.junit.Test;
diff --git a/config/src/test/java/org/springframework/security/config/websocket/WebSocketMessageBrokerConfigTests.java b/config/src/test/java/org/springframework/security/config/websocket/WebSocketMessageBrokerConfigTests.java
index f52196797b..19cefb2791 100644
--- a/config/src/test/java/org/springframework/security/config/websocket/WebSocketMessageBrokerConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/websocket/WebSocketMessageBrokerConfigTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.config.websocket;
 
 import java.util.HashMap;
diff --git a/config/src/test/java/org/springframework/security/intercept/method/aopalliance/MethodSecurityInterceptorWithAopConfigTests.java b/config/src/test/java/org/springframework/security/intercept/method/aopalliance/MethodSecurityInterceptorWithAopConfigTests.java
index d8fd4bf34b..dd8575d432 100644
--- a/config/src/test/java/org/springframework/security/intercept/method/aopalliance/MethodSecurityInterceptorWithAopConfigTests.java
+++ b/config/src/test/java/org/springframework/security/intercept/method/aopalliance/MethodSecurityInterceptorWithAopConfigTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.intercept.method.aopalliance;
 
 import org.junit.After;
diff --git a/core/src/main/java/org/springframework/security/access/PermissionCacheOptimizer.java b/core/src/main/java/org/springframework/security/access/PermissionCacheOptimizer.java
index 6af5c19e5f..bfb0e1ba94 100644
--- a/core/src/main/java/org/springframework/security/access/PermissionCacheOptimizer.java
+++ b/core/src/main/java/org/springframework/security/access/PermissionCacheOptimizer.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.access;
 
 import java.util.Collection;
diff --git a/core/src/main/java/org/springframework/security/access/PermissionEvaluator.java b/core/src/main/java/org/springframework/security/access/PermissionEvaluator.java
index 7c73b6a2a9..0371efe29e 100644
--- a/core/src/main/java/org/springframework/security/access/PermissionEvaluator.java
+++ b/core/src/main/java/org/springframework/security/access/PermissionEvaluator.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.access;
 
 import java.io.Serializable;
diff --git a/core/src/main/java/org/springframework/security/access/annotation/AnnotationMetadataExtractor.java b/core/src/main/java/org/springframework/security/access/annotation/AnnotationMetadataExtractor.java
index 6a2001a2ed..274856f9dd 100644
--- a/core/src/main/java/org/springframework/security/access/annotation/AnnotationMetadataExtractor.java
+++ b/core/src/main/java/org/springframework/security/access/annotation/AnnotationMetadataExtractor.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.access.annotation;
 
 import java.lang.annotation.Annotation;
diff --git a/core/src/main/java/org/springframework/security/access/annotation/Jsr250SecurityConfig.java b/core/src/main/java/org/springframework/security/access/annotation/Jsr250SecurityConfig.java
index 6f9322e165..133498535b 100644
--- a/core/src/main/java/org/springframework/security/access/annotation/Jsr250SecurityConfig.java
+++ b/core/src/main/java/org/springframework/security/access/annotation/Jsr250SecurityConfig.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.access.annotation;
 
 import javax.annotation.security.DenyAll;
diff --git a/core/src/main/java/org/springframework/security/access/annotation/Jsr250Voter.java b/core/src/main/java/org/springframework/security/access/annotation/Jsr250Voter.java
index b9f5d5c369..78e6778bbb 100644
--- a/core/src/main/java/org/springframework/security/access/annotation/Jsr250Voter.java
+++ b/core/src/main/java/org/springframework/security/access/annotation/Jsr250Voter.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.access.annotation;
 
 import java.util.Collection;
diff --git a/core/src/main/java/org/springframework/security/access/annotation/package-info.java b/core/src/main/java/org/springframework/security/access/annotation/package-info.java
index 1d35e90ac5..269a726520 100644
--- a/core/src/main/java/org/springframework/security/access/annotation/package-info.java
+++ b/core/src/main/java/org/springframework/security/access/annotation/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * Support for JSR-250 and Spring Security {@code @Secured} annotations.
  */
diff --git a/core/src/main/java/org/springframework/security/access/event/package-info.java b/core/src/main/java/org/springframework/security/access/event/package-info.java
index 14ee22ff9e..41488584ec 100644
--- a/core/src/main/java/org/springframework/security/access/event/package-info.java
+++ b/core/src/main/java/org/springframework/security/access/event/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * Authorization event and listener classes.
  */
diff --git a/core/src/main/java/org/springframework/security/access/expression/AbstractSecurityExpressionHandler.java b/core/src/main/java/org/springframework/security/access/expression/AbstractSecurityExpressionHandler.java
index dd53320cd7..9ca2847721 100644
--- a/core/src/main/java/org/springframework/security/access/expression/AbstractSecurityExpressionHandler.java
+++ b/core/src/main/java/org/springframework/security/access/expression/AbstractSecurityExpressionHandler.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.access.expression;
 
 import org.springframework.context.ApplicationContext;
diff --git a/core/src/main/java/org/springframework/security/access/expression/DenyAllPermissionEvaluator.java b/core/src/main/java/org/springframework/security/access/expression/DenyAllPermissionEvaluator.java
index 18ffa8ec8c..760f8059de 100644
--- a/core/src/main/java/org/springframework/security/access/expression/DenyAllPermissionEvaluator.java
+++ b/core/src/main/java/org/springframework/security/access/expression/DenyAllPermissionEvaluator.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.access.expression;
 
 import java.io.Serializable;
diff --git a/core/src/main/java/org/springframework/security/access/expression/ExpressionUtils.java b/core/src/main/java/org/springframework/security/access/expression/ExpressionUtils.java
index 235ca28e9a..1a051806f5 100644
--- a/core/src/main/java/org/springframework/security/access/expression/ExpressionUtils.java
+++ b/core/src/main/java/org/springframework/security/access/expression/ExpressionUtils.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.access.expression;
 
 import org.springframework.expression.EvaluationContext;
diff --git a/core/src/main/java/org/springframework/security/access/expression/SecurityExpressionHandler.java b/core/src/main/java/org/springframework/security/access/expression/SecurityExpressionHandler.java
index 23cb59bd66..39e171c4dd 100644
--- a/core/src/main/java/org/springframework/security/access/expression/SecurityExpressionHandler.java
+++ b/core/src/main/java/org/springframework/security/access/expression/SecurityExpressionHandler.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.access.expression;
 
 import org.springframework.aop.framework.AopInfrastructureBean;
diff --git a/core/src/main/java/org/springframework/security/access/expression/SecurityExpressionOperations.java b/core/src/main/java/org/springframework/security/access/expression/SecurityExpressionOperations.java
index 95805ec65b..b06d56df11 100644
--- a/core/src/main/java/org/springframework/security/access/expression/SecurityExpressionOperations.java
+++ b/core/src/main/java/org/springframework/security/access/expression/SecurityExpressionOperations.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.access.expression;
 
 import org.springframework.security.core.Authentication;
diff --git a/core/src/main/java/org/springframework/security/access/expression/SecurityExpressionRoot.java b/core/src/main/java/org/springframework/security/access/expression/SecurityExpressionRoot.java
index f48368c952..b665d23c45 100644
--- a/core/src/main/java/org/springframework/security/access/expression/SecurityExpressionRoot.java
+++ b/core/src/main/java/org/springframework/security/access/expression/SecurityExpressionRoot.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.access.expression;
 
 import java.io.Serializable;
diff --git a/core/src/main/java/org/springframework/security/access/expression/method/AbstractExpressionBasedMethodConfigAttribute.java b/core/src/main/java/org/springframework/security/access/expression/method/AbstractExpressionBasedMethodConfigAttribute.java
index 8adeaa9294..a81fee098f 100644
--- a/core/src/main/java/org/springframework/security/access/expression/method/AbstractExpressionBasedMethodConfigAttribute.java
+++ b/core/src/main/java/org/springframework/security/access/expression/method/AbstractExpressionBasedMethodConfigAttribute.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.access.expression.method;
 
 import org.springframework.expression.Expression;
diff --git a/core/src/main/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandler.java b/core/src/main/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandler.java
index 81c4230bc0..8ed41d8099 100644
--- a/core/src/main/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandler.java
+++ b/core/src/main/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandler.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.access.expression.method;
 
 import java.lang.reflect.Array;
diff --git a/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedAnnotationAttributeFactory.java b/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedAnnotationAttributeFactory.java
index 8cef2cec59..56c61f1f58 100644
--- a/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedAnnotationAttributeFactory.java
+++ b/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedAnnotationAttributeFactory.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.access.expression.method;
 
 import org.springframework.expression.Expression;
diff --git a/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPostInvocationAdvice.java b/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPostInvocationAdvice.java
index 5051258a09..100172d57e 100644
--- a/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPostInvocationAdvice.java
+++ b/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPostInvocationAdvice.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.access.expression.method;
 
 import org.aopalliance.intercept.MethodInvocation;
diff --git a/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPreInvocationAdvice.java b/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPreInvocationAdvice.java
index 651614e6bf..af6405a831 100644
--- a/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPreInvocationAdvice.java
+++ b/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPreInvocationAdvice.java
@@ -16,6 +16,7 @@
 /**
  *
  */
+
 package org.springframework.security.access.expression.method;
 
 import java.util.Collection;
diff --git a/core/src/main/java/org/springframework/security/access/expression/method/MethodSecurityEvaluationContext.java b/core/src/main/java/org/springframework/security/access/expression/method/MethodSecurityEvaluationContext.java
index fc9b79f949..1d19fa908a 100644
--- a/core/src/main/java/org/springframework/security/access/expression/method/MethodSecurityEvaluationContext.java
+++ b/core/src/main/java/org/springframework/security/access/expression/method/MethodSecurityEvaluationContext.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.access.expression.method;
 
 import java.lang.reflect.Method;
diff --git a/core/src/main/java/org/springframework/security/access/expression/method/MethodSecurityExpressionHandler.java b/core/src/main/java/org/springframework/security/access/expression/method/MethodSecurityExpressionHandler.java
index 61bd018875..50e0bfa76a 100644
--- a/core/src/main/java/org/springframework/security/access/expression/method/MethodSecurityExpressionHandler.java
+++ b/core/src/main/java/org/springframework/security/access/expression/method/MethodSecurityExpressionHandler.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.access.expression.method;
 
 import org.aopalliance.intercept.MethodInvocation;
diff --git a/core/src/main/java/org/springframework/security/access/expression/method/MethodSecurityExpressionOperations.java b/core/src/main/java/org/springframework/security/access/expression/method/MethodSecurityExpressionOperations.java
index e3af4e1e82..d3553eba33 100644
--- a/core/src/main/java/org/springframework/security/access/expression/method/MethodSecurityExpressionOperations.java
+++ b/core/src/main/java/org/springframework/security/access/expression/method/MethodSecurityExpressionOperations.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.access.expression.method;
 
 import org.springframework.security.access.expression.SecurityExpressionOperations;
diff --git a/core/src/main/java/org/springframework/security/access/expression/method/MethodSecurityExpressionRoot.java b/core/src/main/java/org/springframework/security/access/expression/method/MethodSecurityExpressionRoot.java
index 13d0e6ab42..a4d3f0a015 100644
--- a/core/src/main/java/org/springframework/security/access/expression/method/MethodSecurityExpressionRoot.java
+++ b/core/src/main/java/org/springframework/security/access/expression/method/MethodSecurityExpressionRoot.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.access.expression.method;
 
 import org.springframework.security.access.expression.SecurityExpressionRoot;
diff --git a/core/src/main/java/org/springframework/security/access/expression/method/PostInvocationExpressionAttribute.java b/core/src/main/java/org/springframework/security/access/expression/method/PostInvocationExpressionAttribute.java
index dc1463ca5c..d85c22b21a 100644
--- a/core/src/main/java/org/springframework/security/access/expression/method/PostInvocationExpressionAttribute.java
+++ b/core/src/main/java/org/springframework/security/access/expression/method/PostInvocationExpressionAttribute.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.access.expression.method;
 
 import org.springframework.expression.Expression;
diff --git a/core/src/main/java/org/springframework/security/access/expression/method/PreInvocationExpressionAttribute.java b/core/src/main/java/org/springframework/security/access/expression/method/PreInvocationExpressionAttribute.java
index 978bffd88d..fdaeb4bf21 100644
--- a/core/src/main/java/org/springframework/security/access/expression/method/PreInvocationExpressionAttribute.java
+++ b/core/src/main/java/org/springframework/security/access/expression/method/PreInvocationExpressionAttribute.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.access.expression.method;
 
 import org.springframework.expression.Expression;
diff --git a/core/src/main/java/org/springframework/security/access/expression/method/package-info.java b/core/src/main/java/org/springframework/security/access/expression/method/package-info.java
index 901c4278cc..b559639982 100644
--- a/core/src/main/java/org/springframework/security/access/expression/method/package-info.java
+++ b/core/src/main/java/org/springframework/security/access/expression/method/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * Implementation of expression-based method security.
  *
diff --git a/core/src/main/java/org/springframework/security/access/expression/package-info.java b/core/src/main/java/org/springframework/security/access/expression/package-info.java
index 5926dc9be7..b8873c1ddb 100644
--- a/core/src/main/java/org/springframework/security/access/expression/package-info.java
+++ b/core/src/main/java/org/springframework/security/access/expression/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * Expression handling code to support the use of Spring-EL based expressions in
  * {@code @PreAuthorize}, {@code @PreFilter}, {@code @PostAuthorize} and
diff --git a/core/src/main/java/org/springframework/security/access/hierarchicalroles/CycleInRoleHierarchyException.java b/core/src/main/java/org/springframework/security/access/hierarchicalroles/CycleInRoleHierarchyException.java
index fe007cd5d7..75ef16fab7 100755
--- a/core/src/main/java/org/springframework/security/access/hierarchicalroles/CycleInRoleHierarchyException.java
+++ b/core/src/main/java/org/springframework/security/access/hierarchicalroles/CycleInRoleHierarchyException.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.access.hierarchicalroles;
 
 /**
diff --git a/core/src/main/java/org/springframework/security/access/hierarchicalroles/NullRoleHierarchy.java b/core/src/main/java/org/springframework/security/access/hierarchicalroles/NullRoleHierarchy.java
index 9942abbc70..1e988862d0 100644
--- a/core/src/main/java/org/springframework/security/access/hierarchicalroles/NullRoleHierarchy.java
+++ b/core/src/main/java/org/springframework/security/access/hierarchicalroles/NullRoleHierarchy.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.access.hierarchicalroles;
 
 import java.util.Collection;
diff --git a/core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchy.java b/core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchy.java
index 3316786513..c8c0a975d7 100755
--- a/core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchy.java
+++ b/core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchy.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.access.hierarchicalroles;
 
 import java.util.Collection;
diff --git a/core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyAuthoritiesMapper.java b/core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyAuthoritiesMapper.java
index 591a04fc1e..a6d01008e6 100644
--- a/core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyAuthoritiesMapper.java
+++ b/core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyAuthoritiesMapper.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.access.hierarchicalroles;
 
 import java.util.Collection;
diff --git a/core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyImpl.java b/core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyImpl.java
index e26ce4bc0f..054472191b 100755
--- a/core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyImpl.java
+++ b/core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyImpl.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.access.hierarchicalroles;
 
 import java.util.ArrayList;
diff --git a/core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyUtils.java b/core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyUtils.java
index fa609cb40b..fb4a5562f5 100644
--- a/core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyUtils.java
+++ b/core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyUtils.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.access.hierarchicalroles;
 
 import java.io.PrintWriter;
diff --git a/core/src/main/java/org/springframework/security/access/hierarchicalroles/package-info.java b/core/src/main/java/org/springframework/security/access/hierarchicalroles/package-info.java
index a893032c17..e161c07e18 100644
--- a/core/src/main/java/org/springframework/security/access/hierarchicalroles/package-info.java
+++ b/core/src/main/java/org/springframework/security/access/hierarchicalroles/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * Role hierarchy implementation.
  */
diff --git a/core/src/main/java/org/springframework/security/access/intercept/aopalliance/package-info.java b/core/src/main/java/org/springframework/security/access/intercept/aopalliance/package-info.java
index 9d59151f06..ad8a9098ec 100644
--- a/core/src/main/java/org/springframework/security/access/intercept/aopalliance/package-info.java
+++ b/core/src/main/java/org/springframework/security/access/intercept/aopalliance/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * Enforces security for AOP Alliance <code>MethodInvocation</code>s, such as via Spring
  * AOP.
diff --git a/core/src/main/java/org/springframework/security/access/intercept/aspectj/AspectJMethodSecurityInterceptor.java b/core/src/main/java/org/springframework/security/access/intercept/aspectj/AspectJMethodSecurityInterceptor.java
index 70e86503cc..99c63eb8f4 100644
--- a/core/src/main/java/org/springframework/security/access/intercept/aspectj/AspectJMethodSecurityInterceptor.java
+++ b/core/src/main/java/org/springframework/security/access/intercept/aspectj/AspectJMethodSecurityInterceptor.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.access.intercept.aspectj;
 
 import org.aspectj.lang.JoinPoint;
diff --git a/core/src/main/java/org/springframework/security/access/intercept/aspectj/MethodInvocationAdapter.java b/core/src/main/java/org/springframework/security/access/intercept/aspectj/MethodInvocationAdapter.java
index a87df17cc9..041efdc311 100644
--- a/core/src/main/java/org/springframework/security/access/intercept/aspectj/MethodInvocationAdapter.java
+++ b/core/src/main/java/org/springframework/security/access/intercept/aspectj/MethodInvocationAdapter.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.access.intercept.aspectj;
 
 import java.lang.reflect.AccessibleObject;
diff --git a/core/src/main/java/org/springframework/security/access/intercept/aspectj/package-info.java b/core/src/main/java/org/springframework/security/access/intercept/aspectj/package-info.java
index d8e8792d9d..cf16a6f843 100644
--- a/core/src/main/java/org/springframework/security/access/intercept/aspectj/package-info.java
+++ b/core/src/main/java/org/springframework/security/access/intercept/aspectj/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * Enforces security for AspectJ <code>JointPoint</code>s, delegating secure object
  * callbacks to the calling aspect.
diff --git a/core/src/main/java/org/springframework/security/access/intercept/package-info.java b/core/src/main/java/org/springframework/security/access/intercept/package-info.java
index 02bcbacd7a..68b24a7798 100644
--- a/core/src/main/java/org/springframework/security/access/intercept/package-info.java
+++ b/core/src/main/java/org/springframework/security/access/intercept/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * Abstract level security interception classes which are responsible for enforcing the
  * configured security constraints for a secure object.
diff --git a/core/src/main/java/org/springframework/security/access/method/AbstractFallbackMethodSecurityMetadataSource.java b/core/src/main/java/org/springframework/security/access/method/AbstractFallbackMethodSecurityMetadataSource.java
index e2e8ff8c5e..2b5a9366c8 100644
--- a/core/src/main/java/org/springframework/security/access/method/AbstractFallbackMethodSecurityMetadataSource.java
+++ b/core/src/main/java/org/springframework/security/access/method/AbstractFallbackMethodSecurityMetadataSource.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.access.method;
 
 import java.lang.reflect.Method;
diff --git a/core/src/main/java/org/springframework/security/access/method/DelegatingMethodSecurityMetadataSource.java b/core/src/main/java/org/springframework/security/access/method/DelegatingMethodSecurityMetadataSource.java
index dccfbaa6fe..247f325ff9 100644
--- a/core/src/main/java/org/springframework/security/access/method/DelegatingMethodSecurityMetadataSource.java
+++ b/core/src/main/java/org/springframework/security/access/method/DelegatingMethodSecurityMetadataSource.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.access.method;
 
 import java.lang.reflect.Method;
diff --git a/core/src/main/java/org/springframework/security/access/method/P.java b/core/src/main/java/org/springframework/security/access/method/P.java
index 74b1894a45..53fc1a71c2 100644
--- a/core/src/main/java/org/springframework/security/access/method/P.java
+++ b/core/src/main/java/org/springframework/security/access/method/P.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.access.method;
 
 import java.lang.annotation.Documented;
diff --git a/core/src/main/java/org/springframework/security/access/method/package-info.java b/core/src/main/java/org/springframework/security/access/method/package-info.java
index 619c0bde09..d7cf84ccdc 100644
--- a/core/src/main/java/org/springframework/security/access/method/package-info.java
+++ b/core/src/main/java/org/springframework/security/access/method/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * Provides {@code SecurityMetadataSource} implementations for securing Java method
  * invocations via different AOP libraries.
diff --git a/core/src/main/java/org/springframework/security/access/package-info.java b/core/src/main/java/org/springframework/security/access/package-info.java
index ebf53f5585..2055530ce8 100644
--- a/core/src/main/java/org/springframework/security/access/package-info.java
+++ b/core/src/main/java/org/springframework/security/access/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * Core access-control related code, including security metadata related classes,
  * interception code, access control annotations, EL support and voter-based
diff --git a/core/src/main/java/org/springframework/security/access/prepost/PostAuthorize.java b/core/src/main/java/org/springframework/security/access/prepost/PostAuthorize.java
index 379c3dcbd5..18a60ef88f 100644
--- a/core/src/main/java/org/springframework/security/access/prepost/PostAuthorize.java
+++ b/core/src/main/java/org/springframework/security/access/prepost/PostAuthorize.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.access.prepost;
 
 import java.lang.annotation.Documented;
diff --git a/core/src/main/java/org/springframework/security/access/prepost/PostFilter.java b/core/src/main/java/org/springframework/security/access/prepost/PostFilter.java
index 5628e972eb..dc5d35b320 100644
--- a/core/src/main/java/org/springframework/security/access/prepost/PostFilter.java
+++ b/core/src/main/java/org/springframework/security/access/prepost/PostFilter.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.access.prepost;
 
 import java.lang.annotation.Documented;
diff --git a/core/src/main/java/org/springframework/security/access/prepost/PostInvocationAdviceProvider.java b/core/src/main/java/org/springframework/security/access/prepost/PostInvocationAdviceProvider.java
index 9b5727580f..ff13589249 100644
--- a/core/src/main/java/org/springframework/security/access/prepost/PostInvocationAdviceProvider.java
+++ b/core/src/main/java/org/springframework/security/access/prepost/PostInvocationAdviceProvider.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.access.prepost;
 
 import java.util.Collection;
diff --git a/core/src/main/java/org/springframework/security/access/prepost/PostInvocationAttribute.java b/core/src/main/java/org/springframework/security/access/prepost/PostInvocationAttribute.java
index e45a10a7d3..c5f6d280fa 100644
--- a/core/src/main/java/org/springframework/security/access/prepost/PostInvocationAttribute.java
+++ b/core/src/main/java/org/springframework/security/access/prepost/PostInvocationAttribute.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.access.prepost;
 
 import org.springframework.security.access.ConfigAttribute;
diff --git a/core/src/main/java/org/springframework/security/access/prepost/PostInvocationAuthorizationAdvice.java b/core/src/main/java/org/springframework/security/access/prepost/PostInvocationAuthorizationAdvice.java
index 5055b1bdae..31501ce000 100644
--- a/core/src/main/java/org/springframework/security/access/prepost/PostInvocationAuthorizationAdvice.java
+++ b/core/src/main/java/org/springframework/security/access/prepost/PostInvocationAuthorizationAdvice.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.access.prepost;
 
 import org.aopalliance.intercept.MethodInvocation;
diff --git a/core/src/main/java/org/springframework/security/access/prepost/PreAuthorize.java b/core/src/main/java/org/springframework/security/access/prepost/PreAuthorize.java
index 0292b2be73..ba71103053 100644
--- a/core/src/main/java/org/springframework/security/access/prepost/PreAuthorize.java
+++ b/core/src/main/java/org/springframework/security/access/prepost/PreAuthorize.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.access.prepost;
 
 import java.lang.annotation.Documented;
diff --git a/core/src/main/java/org/springframework/security/access/prepost/PreFilter.java b/core/src/main/java/org/springframework/security/access/prepost/PreFilter.java
index 880feedfa3..7736714395 100644
--- a/core/src/main/java/org/springframework/security/access/prepost/PreFilter.java
+++ b/core/src/main/java/org/springframework/security/access/prepost/PreFilter.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.access.prepost;
 
 import java.lang.annotation.Documented;
diff --git a/core/src/main/java/org/springframework/security/access/prepost/PreInvocationAttribute.java b/core/src/main/java/org/springframework/security/access/prepost/PreInvocationAttribute.java
index 3c11e7a7fe..1fa478c32e 100644
--- a/core/src/main/java/org/springframework/security/access/prepost/PreInvocationAttribute.java
+++ b/core/src/main/java/org/springframework/security/access/prepost/PreInvocationAttribute.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.access.prepost;
 
 import org.springframework.security.access.ConfigAttribute;
diff --git a/core/src/main/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdvice.java b/core/src/main/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdvice.java
index 066bdfe89c..b0647568e7 100644
--- a/core/src/main/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdvice.java
+++ b/core/src/main/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdvice.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.access.prepost;
 
 import org.aopalliance.intercept.MethodInvocation;
diff --git a/core/src/main/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdviceVoter.java b/core/src/main/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdviceVoter.java
index cd9b4fd101..5d1a4594a8 100644
--- a/core/src/main/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdviceVoter.java
+++ b/core/src/main/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdviceVoter.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.access.prepost;
 
 import java.util.Collection;
diff --git a/core/src/main/java/org/springframework/security/access/prepost/PrePostAnnotationSecurityMetadataSource.java b/core/src/main/java/org/springframework/security/access/prepost/PrePostAnnotationSecurityMetadataSource.java
index f68952eac6..02dfcee031 100644
--- a/core/src/main/java/org/springframework/security/access/prepost/PrePostAnnotationSecurityMetadataSource.java
+++ b/core/src/main/java/org/springframework/security/access/prepost/PrePostAnnotationSecurityMetadataSource.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.access.prepost;
 
 import java.lang.annotation.Annotation;
diff --git a/core/src/main/java/org/springframework/security/access/prepost/PrePostInvocationAttributeFactory.java b/core/src/main/java/org/springframework/security/access/prepost/PrePostInvocationAttributeFactory.java
index 6c6f9c3360..1feaba1395 100644
--- a/core/src/main/java/org/springframework/security/access/prepost/PrePostInvocationAttributeFactory.java
+++ b/core/src/main/java/org/springframework/security/access/prepost/PrePostInvocationAttributeFactory.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.access.prepost;
 
 import org.springframework.aop.framework.AopInfrastructureBean;
diff --git a/core/src/main/java/org/springframework/security/access/prepost/package-info.java b/core/src/main/java/org/springframework/security/access/prepost/package-info.java
index f23230de60..6fc3a3a8f9 100644
--- a/core/src/main/java/org/springframework/security/access/prepost/package-info.java
+++ b/core/src/main/java/org/springframework/security/access/prepost/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * Contains the infrastructure classes for handling the {@code @PreAuthorize},
  * {@code @PreFilter}, {@code @PostAuthorize} and {@code @PostFilter} annotations.
diff --git a/core/src/main/java/org/springframework/security/access/vote/AbstractAclVoter.java b/core/src/main/java/org/springframework/security/access/vote/AbstractAclVoter.java
index bc070ade8e..54257496a0 100644
--- a/core/src/main/java/org/springframework/security/access/vote/AbstractAclVoter.java
+++ b/core/src/main/java/org/springframework/security/access/vote/AbstractAclVoter.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.access.vote;
 
 import org.aopalliance.intercept.MethodInvocation;
diff --git a/core/src/main/java/org/springframework/security/access/vote/RoleHierarchyVoter.java b/core/src/main/java/org/springframework/security/access/vote/RoleHierarchyVoter.java
index 9da2fff2d5..6dc1cbcb6d 100644
--- a/core/src/main/java/org/springframework/security/access/vote/RoleHierarchyVoter.java
+++ b/core/src/main/java/org/springframework/security/access/vote/RoleHierarchyVoter.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.access.vote;
 
 import java.util.Collection;
diff --git a/core/src/main/java/org/springframework/security/access/vote/package-info.java b/core/src/main/java/org/springframework/security/access/vote/package-info.java
index 926d46fdc6..2ec2ecedb2 100644
--- a/core/src/main/java/org/springframework/security/access/vote/package-info.java
+++ b/core/src/main/java/org/springframework/security/access/vote/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * Implements a vote-based approach to authorization decisions.
  */
diff --git a/core/src/main/java/org/springframework/security/authentication/AccountStatusException.java b/core/src/main/java/org/springframework/security/authentication/AccountStatusException.java
index 59c68fe553..f465f995d6 100644
--- a/core/src/main/java/org/springframework/security/authentication/AccountStatusException.java
+++ b/core/src/main/java/org/springframework/security/authentication/AccountStatusException.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.authentication;
 
 import org.springframework.security.core.AuthenticationException;
diff --git a/core/src/main/java/org/springframework/security/authentication/AccountStatusUserDetailsChecker.java b/core/src/main/java/org/springframework/security/authentication/AccountStatusUserDetailsChecker.java
index fe0d5ef76b..2431294b01 100644
--- a/core/src/main/java/org/springframework/security/authentication/AccountStatusUserDetailsChecker.java
+++ b/core/src/main/java/org/springframework/security/authentication/AccountStatusUserDetailsChecker.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.authentication;
 
 import org.springframework.context.MessageSource;
diff --git a/core/src/main/java/org/springframework/security/authentication/AuthenticationEventPublisher.java b/core/src/main/java/org/springframework/security/authentication/AuthenticationEventPublisher.java
index 686cfb7a62..9158a0559a 100644
--- a/core/src/main/java/org/springframework/security/authentication/AuthenticationEventPublisher.java
+++ b/core/src/main/java/org/springframework/security/authentication/AuthenticationEventPublisher.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.authentication;
 
 import org.springframework.security.core.Authentication;
diff --git a/core/src/main/java/org/springframework/security/authentication/CachingUserDetailsService.java b/core/src/main/java/org/springframework/security/authentication/CachingUserDetailsService.java
index 13405e694b..d33eda5e0a 100644
--- a/core/src/main/java/org/springframework/security/authentication/CachingUserDetailsService.java
+++ b/core/src/main/java/org/springframework/security/authentication/CachingUserDetailsService.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.authentication;
 
 import org.springframework.security.core.userdetails.UserCache;
diff --git a/core/src/main/java/org/springframework/security/authentication/DefaultAuthenticationEventPublisher.java b/core/src/main/java/org/springframework/security/authentication/DefaultAuthenticationEventPublisher.java
index 6b4a344daa..23a6dd5f25 100644
--- a/core/src/main/java/org/springframework/security/authentication/DefaultAuthenticationEventPublisher.java
+++ b/core/src/main/java/org/springframework/security/authentication/DefaultAuthenticationEventPublisher.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.authentication;
 
 import java.lang.reflect.Constructor;
diff --git a/core/src/main/java/org/springframework/security/authentication/InternalAuthenticationServiceException.java b/core/src/main/java/org/springframework/security/authentication/InternalAuthenticationServiceException.java
index 05952d3dc9..140bbb8f2e 100644
--- a/core/src/main/java/org/springframework/security/authentication/InternalAuthenticationServiceException.java
+++ b/core/src/main/java/org/springframework/security/authentication/InternalAuthenticationServiceException.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.authentication;
 
 /**
diff --git a/core/src/main/java/org/springframework/security/authentication/ProviderManager.java b/core/src/main/java/org/springframework/security/authentication/ProviderManager.java
index 8d6bcce375..1b9a6a8ca6 100644
--- a/core/src/main/java/org/springframework/security/authentication/ProviderManager.java
+++ b/core/src/main/java/org/springframework/security/authentication/ProviderManager.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.authentication;
 
 import java.util.Arrays;
diff --git a/core/src/main/java/org/springframework/security/authentication/ReactiveAuthenticationManager.java b/core/src/main/java/org/springframework/security/authentication/ReactiveAuthenticationManager.java
index 6f4d7cc8db..92f945a890 100644
--- a/core/src/main/java/org/springframework/security/authentication/ReactiveAuthenticationManager.java
+++ b/core/src/main/java/org/springframework/security/authentication/ReactiveAuthenticationManager.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.authentication;
 
 import reactor.core.publisher.Mono;
diff --git a/core/src/main/java/org/springframework/security/authentication/ReactiveAuthenticationManagerAdapter.java b/core/src/main/java/org/springframework/security/authentication/ReactiveAuthenticationManagerAdapter.java
index ddbe07a111..69e962dafd 100644
--- a/core/src/main/java/org/springframework/security/authentication/ReactiveAuthenticationManagerAdapter.java
+++ b/core/src/main/java/org/springframework/security/authentication/ReactiveAuthenticationManagerAdapter.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.authentication;
 
 import reactor.core.publisher.Mono;
diff --git a/core/src/main/java/org/springframework/security/authentication/dao/package-info.java b/core/src/main/java/org/springframework/security/authentication/dao/package-info.java
index 1eaaf2baec..b5668f899e 100644
--- a/core/src/main/java/org/springframework/security/authentication/dao/package-info.java
+++ b/core/src/main/java/org/springframework/security/authentication/dao/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * An {@code AuthenticationProvider} which relies upon a data access object.
  */
diff --git a/core/src/main/java/org/springframework/security/authentication/event/package-info.java b/core/src/main/java/org/springframework/security/authentication/event/package-info.java
index ed2fe5d08f..b55823abf4 100644
--- a/core/src/main/java/org/springframework/security/authentication/event/package-info.java
+++ b/core/src/main/java/org/springframework/security/authentication/event/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * Authentication success and failure events which can be published to the Spring
  * application context.
@@ -21,5 +22,4 @@
  * context. These events are received by all registered Spring
  * <code>ApplicationListener</code>s.
  */
-
 package org.springframework.security.authentication.event;
diff --git a/core/src/main/java/org/springframework/security/authentication/jaas/AbstractJaasAuthenticationProvider.java b/core/src/main/java/org/springframework/security/authentication/jaas/AbstractJaasAuthenticationProvider.java
index 1b801f22b7..93903db4da 100644
--- a/core/src/main/java/org/springframework/security/authentication/jaas/AbstractJaasAuthenticationProvider.java
+++ b/core/src/main/java/org/springframework/security/authentication/jaas/AbstractJaasAuthenticationProvider.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.authentication.jaas;
 
 import java.io.IOException;
diff --git a/core/src/main/java/org/springframework/security/authentication/jaas/DefaultJaasAuthenticationProvider.java b/core/src/main/java/org/springframework/security/authentication/jaas/DefaultJaasAuthenticationProvider.java
index 7e7b6cd111..924f570831 100644
--- a/core/src/main/java/org/springframework/security/authentication/jaas/DefaultJaasAuthenticationProvider.java
+++ b/core/src/main/java/org/springframework/security/authentication/jaas/DefaultJaasAuthenticationProvider.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.authentication.jaas;
 
 import javax.security.auth.callback.CallbackHandler;
diff --git a/core/src/main/java/org/springframework/security/authentication/jaas/event/package-info.java b/core/src/main/java/org/springframework/security/authentication/jaas/event/package-info.java
index a6d7946886..802ac1c9d1 100644
--- a/core/src/main/java/org/springframework/security/authentication/jaas/event/package-info.java
+++ b/core/src/main/java/org/springframework/security/authentication/jaas/event/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * JAAS authentication events which can be published to the Spring application context by
  * the JAAS authentication provider.
diff --git a/core/src/main/java/org/springframework/security/authentication/jaas/memory/InMemoryConfiguration.java b/core/src/main/java/org/springframework/security/authentication/jaas/memory/InMemoryConfiguration.java
index cc7640d29d..9ea78bfd90 100644
--- a/core/src/main/java/org/springframework/security/authentication/jaas/memory/InMemoryConfiguration.java
+++ b/core/src/main/java/org/springframework/security/authentication/jaas/memory/InMemoryConfiguration.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.authentication.jaas.memory;
 
 import java.util.Collections;
diff --git a/core/src/main/java/org/springframework/security/authentication/jaas/memory/package-info.java b/core/src/main/java/org/springframework/security/authentication/jaas/memory/package-info.java
index 79662dcf5c..4e0476288b 100644
--- a/core/src/main/java/org/springframework/security/authentication/jaas/memory/package-info.java
+++ b/core/src/main/java/org/springframework/security/authentication/jaas/memory/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * An in memory JAAS implementation.
  */
diff --git a/core/src/main/java/org/springframework/security/authentication/jaas/package-info.java b/core/src/main/java/org/springframework/security/authentication/jaas/package-info.java
index 0362b02652..a5bb8e318d 100644
--- a/core/src/main/java/org/springframework/security/authentication/jaas/package-info.java
+++ b/core/src/main/java/org/springframework/security/authentication/jaas/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * An authentication provider for JAAS.
  */
diff --git a/core/src/main/java/org/springframework/security/authentication/package-info.java b/core/src/main/java/org/springframework/security/authentication/package-info.java
index a318d942e8..b133c48be4 100644
--- a/core/src/main/java/org/springframework/security/authentication/package-info.java
+++ b/core/src/main/java/org/springframework/security/authentication/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * Core classes and interfaces related to user authentication, which are used throughout
  * Spring Security.
diff --git a/core/src/main/java/org/springframework/security/authentication/rcp/package-info.java b/core/src/main/java/org/springframework/security/authentication/rcp/package-info.java
index f76b553f6f..b4010d186b 100644
--- a/core/src/main/java/org/springframework/security/authentication/rcp/package-info.java
+++ b/core/src/main/java/org/springframework/security/authentication/rcp/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * Allows remote clients to authenticate and obtain a populated
  * <code>Authentication</code> object.
diff --git a/core/src/main/java/org/springframework/security/authorization/ReactiveAuthorizationManager.java b/core/src/main/java/org/springframework/security/authorization/ReactiveAuthorizationManager.java
index 87d1954e95..7432427ccc 100644
--- a/core/src/main/java/org/springframework/security/authorization/ReactiveAuthorizationManager.java
+++ b/core/src/main/java/org/springframework/security/authorization/ReactiveAuthorizationManager.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.authorization;
 
 import reactor.core.publisher.Mono;
diff --git a/core/src/main/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextSupport.java b/core/src/main/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextSupport.java
index 995d5a3789..e3e6e0267a 100644
--- a/core/src/main/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextSupport.java
+++ b/core/src/main/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextSupport.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.concurrent;
 
 import java.util.concurrent.Callable;
diff --git a/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextCallable.java b/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextCallable.java
index f545c99a51..977f1fb735 100644
--- a/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextCallable.java
+++ b/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextCallable.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.concurrent;
 
 import java.util.concurrent.Callable;
diff --git a/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextExecutor.java b/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextExecutor.java
index 60577d0ba9..4f035cac2b 100644
--- a/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextExecutor.java
+++ b/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextExecutor.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.concurrent;
 
 import java.util.concurrent.Executor;
diff --git a/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextExecutorService.java b/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextExecutorService.java
index 68dbc2fd15..34201d5594 100644
--- a/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextExecutorService.java
+++ b/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextExecutorService.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.concurrent;
 
 import java.util.ArrayList;
diff --git a/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextRunnable.java b/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextRunnable.java
index 6dcf5874c5..6a4182dc3f 100644
--- a/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextRunnable.java
+++ b/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextRunnable.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.concurrent;
 
 import org.springframework.security.core.context.SecurityContext;
diff --git a/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextScheduledExecutorService.java b/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextScheduledExecutorService.java
index 5c959b10b2..3c01e1e201 100644
--- a/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextScheduledExecutorService.java
+++ b/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextScheduledExecutorService.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.concurrent;
 
 import java.util.concurrent.Callable;
diff --git a/core/src/main/java/org/springframework/security/context/DelegatingApplicationListener.java b/core/src/main/java/org/springframework/security/context/DelegatingApplicationListener.java
index 61c4a84c99..38ced18d42 100644
--- a/core/src/main/java/org/springframework/security/context/DelegatingApplicationListener.java
+++ b/core/src/main/java/org/springframework/security/context/DelegatingApplicationListener.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.context;
 
 import java.util.List;
diff --git a/core/src/main/java/org/springframework/security/core/AuthenticatedPrincipal.java b/core/src/main/java/org/springframework/security/core/AuthenticatedPrincipal.java
index 177ff2dfa7..88eb49837d 100644
--- a/core/src/main/java/org/springframework/security/core/AuthenticatedPrincipal.java
+++ b/core/src/main/java/org/springframework/security/core/AuthenticatedPrincipal.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.core;
 
 import org.springframework.security.authentication.AuthenticationManager;
diff --git a/core/src/main/java/org/springframework/security/core/ComparableVersion.java b/core/src/main/java/org/springframework/security/core/ComparableVersion.java
index 1d1178492c..ebc0042605 100644
--- a/core/src/main/java/org/springframework/security/core/ComparableVersion.java
+++ b/core/src/main/java/org/springframework/security/core/ComparableVersion.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.core;
 
 /*
diff --git a/core/src/main/java/org/springframework/security/core/CredentialsContainer.java b/core/src/main/java/org/springframework/security/core/CredentialsContainer.java
index d36bae8aeb..0a5d020870 100644
--- a/core/src/main/java/org/springframework/security/core/CredentialsContainer.java
+++ b/core/src/main/java/org/springframework/security/core/CredentialsContainer.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.core;
 
 /**
diff --git a/core/src/main/java/org/springframework/security/core/SpringSecurityCoreVersion.java b/core/src/main/java/org/springframework/security/core/SpringSecurityCoreVersion.java
index fbe5526e5c..75a2311f5a 100644
--- a/core/src/main/java/org/springframework/security/core/SpringSecurityCoreVersion.java
+++ b/core/src/main/java/org/springframework/security/core/SpringSecurityCoreVersion.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.core;
 
 import java.io.IOException;
diff --git a/core/src/main/java/org/springframework/security/core/annotation/AuthenticationPrincipal.java b/core/src/main/java/org/springframework/security/core/annotation/AuthenticationPrincipal.java
index aa0cbfcef3..1d544402f8 100644
--- a/core/src/main/java/org/springframework/security/core/annotation/AuthenticationPrincipal.java
+++ b/core/src/main/java/org/springframework/security/core/annotation/AuthenticationPrincipal.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.core.annotation;
 
 import java.lang.annotation.Documented;
diff --git a/core/src/main/java/org/springframework/security/core/annotation/CurrentSecurityContext.java b/core/src/main/java/org/springframework/security/core/annotation/CurrentSecurityContext.java
index 77a5ccb223..11301ad7c1 100644
--- a/core/src/main/java/org/springframework/security/core/annotation/CurrentSecurityContext.java
+++ b/core/src/main/java/org/springframework/security/core/annotation/CurrentSecurityContext.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.core.annotation;
 
 import java.lang.annotation.Documented;
diff --git a/core/src/main/java/org/springframework/security/core/authority/AuthorityUtils.java b/core/src/main/java/org/springframework/security/core/authority/AuthorityUtils.java
index 3eafeb6e61..1c69e4dc9f 100644
--- a/core/src/main/java/org/springframework/security/core/authority/AuthorityUtils.java
+++ b/core/src/main/java/org/springframework/security/core/authority/AuthorityUtils.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.core.authority;
 
 import java.util.ArrayList;
diff --git a/core/src/main/java/org/springframework/security/core/authority/GrantedAuthoritiesContainer.java b/core/src/main/java/org/springframework/security/core/authority/GrantedAuthoritiesContainer.java
index e994a19a49..5511964133 100644
--- a/core/src/main/java/org/springframework/security/core/authority/GrantedAuthoritiesContainer.java
+++ b/core/src/main/java/org/springframework/security/core/authority/GrantedAuthoritiesContainer.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.core.authority;
 
 import java.io.Serializable;
diff --git a/core/src/main/java/org/springframework/security/core/authority/SimpleGrantedAuthority.java b/core/src/main/java/org/springframework/security/core/authority/SimpleGrantedAuthority.java
index e57784c75c..d5ae07612e 100644
--- a/core/src/main/java/org/springframework/security/core/authority/SimpleGrantedAuthority.java
+++ b/core/src/main/java/org/springframework/security/core/authority/SimpleGrantedAuthority.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.core.authority;
 
 import org.springframework.security.core.GrantedAuthority;
diff --git a/core/src/main/java/org/springframework/security/core/authority/mapping/Attributes2GrantedAuthoritiesMapper.java b/core/src/main/java/org/springframework/security/core/authority/mapping/Attributes2GrantedAuthoritiesMapper.java
index 85b471cf00..10cd297225 100755
--- a/core/src/main/java/org/springframework/security/core/authority/mapping/Attributes2GrantedAuthoritiesMapper.java
+++ b/core/src/main/java/org/springframework/security/core/authority/mapping/Attributes2GrantedAuthoritiesMapper.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.core.authority.mapping;
 
 import java.util.Collection;
diff --git a/core/src/main/java/org/springframework/security/core/authority/mapping/GrantedAuthoritiesMapper.java b/core/src/main/java/org/springframework/security/core/authority/mapping/GrantedAuthoritiesMapper.java
index 6d5621bdea..0393ace9fa 100644
--- a/core/src/main/java/org/springframework/security/core/authority/mapping/GrantedAuthoritiesMapper.java
+++ b/core/src/main/java/org/springframework/security/core/authority/mapping/GrantedAuthoritiesMapper.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.core.authority.mapping;
 
 import java.util.Collection;
diff --git a/core/src/main/java/org/springframework/security/core/authority/mapping/MapBasedAttributes2GrantedAuthoritiesMapper.java b/core/src/main/java/org/springframework/security/core/authority/mapping/MapBasedAttributes2GrantedAuthoritiesMapper.java
index 10e39d5c65..733cb2e79a 100755
--- a/core/src/main/java/org/springframework/security/core/authority/mapping/MapBasedAttributes2GrantedAuthoritiesMapper.java
+++ b/core/src/main/java/org/springframework/security/core/authority/mapping/MapBasedAttributes2GrantedAuthoritiesMapper.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.core.authority.mapping;
 
 import java.util.ArrayList;
diff --git a/core/src/main/java/org/springframework/security/core/authority/mapping/MappableAttributesRetriever.java b/core/src/main/java/org/springframework/security/core/authority/mapping/MappableAttributesRetriever.java
index f9f646182c..dfb5d4a2a0 100755
--- a/core/src/main/java/org/springframework/security/core/authority/mapping/MappableAttributesRetriever.java
+++ b/core/src/main/java/org/springframework/security/core/authority/mapping/MappableAttributesRetriever.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.core.authority.mapping;
 
 import java.util.Set;
diff --git a/core/src/main/java/org/springframework/security/core/authority/mapping/NullAuthoritiesMapper.java b/core/src/main/java/org/springframework/security/core/authority/mapping/NullAuthoritiesMapper.java
index a8ade37368..66ae12909e 100644
--- a/core/src/main/java/org/springframework/security/core/authority/mapping/NullAuthoritiesMapper.java
+++ b/core/src/main/java/org/springframework/security/core/authority/mapping/NullAuthoritiesMapper.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.core.authority.mapping;
 
 import java.util.Collection;
diff --git a/core/src/main/java/org/springframework/security/core/authority/mapping/SimpleAttributes2GrantedAuthoritiesMapper.java b/core/src/main/java/org/springframework/security/core/authority/mapping/SimpleAttributes2GrantedAuthoritiesMapper.java
index 86ef7dc033..770e0e6d8f 100755
--- a/core/src/main/java/org/springframework/security/core/authority/mapping/SimpleAttributes2GrantedAuthoritiesMapper.java
+++ b/core/src/main/java/org/springframework/security/core/authority/mapping/SimpleAttributes2GrantedAuthoritiesMapper.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.core.authority.mapping;
 
 import java.util.ArrayList;
diff --git a/core/src/main/java/org/springframework/security/core/authority/mapping/SimpleAuthorityMapper.java b/core/src/main/java/org/springframework/security/core/authority/mapping/SimpleAuthorityMapper.java
index 16174a0991..577dff4990 100644
--- a/core/src/main/java/org/springframework/security/core/authority/mapping/SimpleAuthorityMapper.java
+++ b/core/src/main/java/org/springframework/security/core/authority/mapping/SimpleAuthorityMapper.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.core.authority.mapping;
 
 import java.util.Collection;
diff --git a/core/src/main/java/org/springframework/security/core/authority/mapping/SimpleMappableAttributesRetriever.java b/core/src/main/java/org/springframework/security/core/authority/mapping/SimpleMappableAttributesRetriever.java
index 72fad62e19..057cc22d9e 100755
--- a/core/src/main/java/org/springframework/security/core/authority/mapping/SimpleMappableAttributesRetriever.java
+++ b/core/src/main/java/org/springframework/security/core/authority/mapping/SimpleMappableAttributesRetriever.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.core.authority.mapping;
 
 import java.util.Collections;
diff --git a/core/src/main/java/org/springframework/security/core/authority/mapping/package-info.java b/core/src/main/java/org/springframework/security/core/authority/mapping/package-info.java
index c2bacb6ba3..48f121691b 100644
--- a/core/src/main/java/org/springframework/security/core/authority/mapping/package-info.java
+++ b/core/src/main/java/org/springframework/security/core/authority/mapping/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * Strategies for mapping a list of attributes (such as roles or LDAP groups) to a list of
  * {@code GrantedAuthority}s.
diff --git a/core/src/main/java/org/springframework/security/core/authority/package-info.java b/core/src/main/java/org/springframework/security/core/authority/package-info.java
index c4356efc30..b47cd17e4b 100644
--- a/core/src/main/java/org/springframework/security/core/authority/package-info.java
+++ b/core/src/main/java/org/springframework/security/core/authority/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * The default implementation of the {@code GrantedAuthority} interface.
  */
diff --git a/core/src/main/java/org/springframework/security/core/context/package-info.java b/core/src/main/java/org/springframework/security/core/context/package-info.java
index 2b963914fb..61009683ca 100644
--- a/core/src/main/java/org/springframework/security/core/context/package-info.java
+++ b/core/src/main/java/org/springframework/security/core/context/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * Classes related to the establishment of a security context for the duration of a
  * request (such as an HTTP or RMI invocation).
diff --git a/core/src/main/java/org/springframework/security/core/package-info.java b/core/src/main/java/org/springframework/security/core/package-info.java
index e3f6d2e3b0..b8dd2eaa5a 100644
--- a/core/src/main/java/org/springframework/security/core/package-info.java
+++ b/core/src/main/java/org/springframework/security/core/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * Core classes and interfaces related to user authentication and authorization, as well
  * as the maintenance of a security context.
diff --git a/core/src/main/java/org/springframework/security/core/parameters/AnnotationParameterNameDiscoverer.java b/core/src/main/java/org/springframework/security/core/parameters/AnnotationParameterNameDiscoverer.java
index dcbf25b4ca..982ed3312a 100644
--- a/core/src/main/java/org/springframework/security/core/parameters/AnnotationParameterNameDiscoverer.java
+++ b/core/src/main/java/org/springframework/security/core/parameters/AnnotationParameterNameDiscoverer.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.core.parameters;
 
 import java.lang.annotation.Annotation;
diff --git a/core/src/main/java/org/springframework/security/core/parameters/DefaultSecurityParameterNameDiscoverer.java b/core/src/main/java/org/springframework/security/core/parameters/DefaultSecurityParameterNameDiscoverer.java
index 055b311300..b708508192 100644
--- a/core/src/main/java/org/springframework/security/core/parameters/DefaultSecurityParameterNameDiscoverer.java
+++ b/core/src/main/java/org/springframework/security/core/parameters/DefaultSecurityParameterNameDiscoverer.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.core.parameters;
 
 import java.util.Collections;
diff --git a/core/src/main/java/org/springframework/security/core/parameters/P.java b/core/src/main/java/org/springframework/security/core/parameters/P.java
index 416aa43712..b6ece3bb30 100644
--- a/core/src/main/java/org/springframework/security/core/parameters/P.java
+++ b/core/src/main/java/org/springframework/security/core/parameters/P.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.core.parameters;
 
 import java.lang.annotation.Documented;
diff --git a/core/src/main/java/org/springframework/security/core/session/SessionCreationEvent.java b/core/src/main/java/org/springframework/security/core/session/SessionCreationEvent.java
index 2f62732e97..3fab046e58 100644
--- a/core/src/main/java/org/springframework/security/core/session/SessionCreationEvent.java
+++ b/core/src/main/java/org/springframework/security/core/session/SessionCreationEvent.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.core.session;
 
 /**
diff --git a/core/src/main/java/org/springframework/security/core/session/SessionDestroyedEvent.java b/core/src/main/java/org/springframework/security/core/session/SessionDestroyedEvent.java
index 5947732405..07e5d7d6f7 100644
--- a/core/src/main/java/org/springframework/security/core/session/SessionDestroyedEvent.java
+++ b/core/src/main/java/org/springframework/security/core/session/SessionDestroyedEvent.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.core.session;
 
 import java.util.List;
diff --git a/core/src/main/java/org/springframework/security/core/session/SessionIdChangedEvent.java b/core/src/main/java/org/springframework/security/core/session/SessionIdChangedEvent.java
index d46bb20c45..27229533e6 100644
--- a/core/src/main/java/org/springframework/security/core/session/SessionIdChangedEvent.java
+++ b/core/src/main/java/org/springframework/security/core/session/SessionIdChangedEvent.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.core.session;
 
 /**
diff --git a/core/src/main/java/org/springframework/security/core/session/package-info.java b/core/src/main/java/org/springframework/security/core/session/package-info.java
index 3dc76e0a5d..bdda791db2 100644
--- a/core/src/main/java/org/springframework/security/core/session/package-info.java
+++ b/core/src/main/java/org/springframework/security/core/session/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * Session abstraction which is provided by the
  * {@code org.springframework.security.core.session.SessionInformation
diff --git a/core/src/main/java/org/springframework/security/core/token/DefaultToken.java b/core/src/main/java/org/springframework/security/core/token/DefaultToken.java
index 9fbf405bd2..aaa89ffb6d 100644
--- a/core/src/main/java/org/springframework/security/core/token/DefaultToken.java
+++ b/core/src/main/java/org/springframework/security/core/token/DefaultToken.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.core.token;
 
 import java.util.Date;
diff --git a/core/src/main/java/org/springframework/security/core/token/KeyBasedPersistenceTokenService.java b/core/src/main/java/org/springframework/security/core/token/KeyBasedPersistenceTokenService.java
index fef00a0bc1..4e5297ab5d 100644
--- a/core/src/main/java/org/springframework/security/core/token/KeyBasedPersistenceTokenService.java
+++ b/core/src/main/java/org/springframework/security/core/token/KeyBasedPersistenceTokenService.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.core.token;
 
 import java.security.SecureRandom;
diff --git a/core/src/main/java/org/springframework/security/core/token/SecureRandomFactoryBean.java b/core/src/main/java/org/springframework/security/core/token/SecureRandomFactoryBean.java
index e7f415b421..2231f82006 100644
--- a/core/src/main/java/org/springframework/security/core/token/SecureRandomFactoryBean.java
+++ b/core/src/main/java/org/springframework/security/core/token/SecureRandomFactoryBean.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.core.token;
 
 import java.io.InputStream;
diff --git a/core/src/main/java/org/springframework/security/core/token/Sha512DigestUtils.java b/core/src/main/java/org/springframework/security/core/token/Sha512DigestUtils.java
index a34998f6b9..3aaa7fc0ae 100644
--- a/core/src/main/java/org/springframework/security/core/token/Sha512DigestUtils.java
+++ b/core/src/main/java/org/springframework/security/core/token/Sha512DigestUtils.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.core.token;
 
 import java.security.MessageDigest;
diff --git a/core/src/main/java/org/springframework/security/core/token/Token.java b/core/src/main/java/org/springframework/security/core/token/Token.java
index 0ab19a8924..8ab94c0d13 100644
--- a/core/src/main/java/org/springframework/security/core/token/Token.java
+++ b/core/src/main/java/org/springframework/security/core/token/Token.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.core.token;
 
 /**
diff --git a/core/src/main/java/org/springframework/security/core/token/TokenService.java b/core/src/main/java/org/springframework/security/core/token/TokenService.java
index 167163ca55..4c31ebc629 100644
--- a/core/src/main/java/org/springframework/security/core/token/TokenService.java
+++ b/core/src/main/java/org/springframework/security/core/token/TokenService.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.core.token;
 
 /**
diff --git a/core/src/main/java/org/springframework/security/core/token/package-info.java b/core/src/main/java/org/springframework/security/core/token/package-info.java
index ed6b3e931e..87b72c1e23 100644
--- a/core/src/main/java/org/springframework/security/core/token/package-info.java
+++ b/core/src/main/java/org/springframework/security/core/token/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * A service for building secure random tokens.
  */
diff --git a/core/src/main/java/org/springframework/security/core/userdetails/AuthenticationUserDetailsService.java b/core/src/main/java/org/springframework/security/core/userdetails/AuthenticationUserDetailsService.java
index c87c32f8e9..7533051852 100644
--- a/core/src/main/java/org/springframework/security/core/userdetails/AuthenticationUserDetailsService.java
+++ b/core/src/main/java/org/springframework/security/core/userdetails/AuthenticationUserDetailsService.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.core.userdetails;
 
 import org.springframework.security.core.Authentication;
diff --git a/core/src/main/java/org/springframework/security/core/userdetails/UserDetailsByNameServiceWrapper.java b/core/src/main/java/org/springframework/security/core/userdetails/UserDetailsByNameServiceWrapper.java
index b0fce0bdda..f116f69104 100755
--- a/core/src/main/java/org/springframework/security/core/userdetails/UserDetailsByNameServiceWrapper.java
+++ b/core/src/main/java/org/springframework/security/core/userdetails/UserDetailsByNameServiceWrapper.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.core.userdetails;
 
 import org.springframework.beans.factory.InitializingBean;
diff --git a/core/src/main/java/org/springframework/security/core/userdetails/UserDetailsChecker.java b/core/src/main/java/org/springframework/security/core/userdetails/UserDetailsChecker.java
index 189cd5e28a..a136b13ddc 100644
--- a/core/src/main/java/org/springframework/security/core/userdetails/UserDetailsChecker.java
+++ b/core/src/main/java/org/springframework/security/core/userdetails/UserDetailsChecker.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.core.userdetails;
 
 /**
diff --git a/core/src/main/java/org/springframework/security/core/userdetails/cache/SpringCacheBasedUserCache.java b/core/src/main/java/org/springframework/security/core/userdetails/cache/SpringCacheBasedUserCache.java
index c5a4e23012..6b4bdbdfd5 100644
--- a/core/src/main/java/org/springframework/security/core/userdetails/cache/SpringCacheBasedUserCache.java
+++ b/core/src/main/java/org/springframework/security/core/userdetails/cache/SpringCacheBasedUserCache.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.core.userdetails.cache;
 
 import org.apache.commons.logging.Log;
diff --git a/core/src/main/java/org/springframework/security/core/userdetails/cache/package-info.java b/core/src/main/java/org/springframework/security/core/userdetails/cache/package-info.java
index c4a76e87fc..3ce5d7e93b 100644
--- a/core/src/main/java/org/springframework/security/core/userdetails/cache/package-info.java
+++ b/core/src/main/java/org/springframework/security/core/userdetails/cache/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * Implementations of {@link org.springframework.security.core.userdetails.UserCache
  * UserCache}.
diff --git a/core/src/main/java/org/springframework/security/core/userdetails/jdbc/package-info.java b/core/src/main/java/org/springframework/security/core/userdetails/jdbc/package-info.java
index b9b4155d19..3c9399128f 100644
--- a/core/src/main/java/org/springframework/security/core/userdetails/jdbc/package-info.java
+++ b/core/src/main/java/org/springframework/security/core/userdetails/jdbc/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * Exposes a JDBC-based authentication repository, implementing
  * {@code org.springframework.security.core.userdetails.UserDetailsService UserDetailsService}.
diff --git a/core/src/main/java/org/springframework/security/core/userdetails/memory/package-info.java b/core/src/main/java/org/springframework/security/core/userdetails/memory/package-info.java
index 6e9c74c013..67b7f1ccbc 100644
--- a/core/src/main/java/org/springframework/security/core/userdetails/memory/package-info.java
+++ b/core/src/main/java/org/springframework/security/core/userdetails/memory/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * Exposes an in-memory authentication repository.
  */
diff --git a/core/src/main/java/org/springframework/security/core/userdetails/package-info.java b/core/src/main/java/org/springframework/security/core/userdetails/package-info.java
index 522724b0e5..e18dc5218b 100644
--- a/core/src/main/java/org/springframework/security/core/userdetails/package-info.java
+++ b/core/src/main/java/org/springframework/security/core/userdetails/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * The standard interfaces for implementing user data DAOs.
  * <p>
diff --git a/core/src/main/java/org/springframework/security/jackson2/BadCredentialsExceptionMixin.java b/core/src/main/java/org/springframework/security/jackson2/BadCredentialsExceptionMixin.java
index 9eaaabd5ca..08287ae8dd 100644
--- a/core/src/main/java/org/springframework/security/jackson2/BadCredentialsExceptionMixin.java
+++ b/core/src/main/java/org/springframework/security/jackson2/BadCredentialsExceptionMixin.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.jackson2;
 
 import com.fasterxml.jackson.annotation.JsonCreator;
diff --git a/core/src/main/java/org/springframework/security/jackson2/package-info.java b/core/src/main/java/org/springframework/security/jackson2/package-info.java
index be6b4ff4ae..a922b96576 100644
--- a/core/src/main/java/org/springframework/security/jackson2/package-info.java
+++ b/core/src/main/java/org/springframework/security/jackson2/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * Mix-in classes to add Jackson serialization support.
  *
diff --git a/core/src/main/java/org/springframework/security/provisioning/GroupManager.java b/core/src/main/java/org/springframework/security/provisioning/GroupManager.java
index 76b02290f8..763c2ca65e 100644
--- a/core/src/main/java/org/springframework/security/provisioning/GroupManager.java
+++ b/core/src/main/java/org/springframework/security/provisioning/GroupManager.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.provisioning;
 
 import java.util.List;
diff --git a/core/src/main/java/org/springframework/security/provisioning/InMemoryUserDetailsManager.java b/core/src/main/java/org/springframework/security/provisioning/InMemoryUserDetailsManager.java
index 5d07333377..762a0e3785 100644
--- a/core/src/main/java/org/springframework/security/provisioning/InMemoryUserDetailsManager.java
+++ b/core/src/main/java/org/springframework/security/provisioning/InMemoryUserDetailsManager.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.provisioning;
 
 import java.util.Collection;
diff --git a/core/src/main/java/org/springframework/security/provisioning/JdbcUserDetailsManager.java b/core/src/main/java/org/springframework/security/provisioning/JdbcUserDetailsManager.java
index d857344c56..16f426334e 100644
--- a/core/src/main/java/org/springframework/security/provisioning/JdbcUserDetailsManager.java
+++ b/core/src/main/java/org/springframework/security/provisioning/JdbcUserDetailsManager.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.provisioning;
 
 import java.util.Collection;
diff --git a/core/src/main/java/org/springframework/security/provisioning/MutableUser.java b/core/src/main/java/org/springframework/security/provisioning/MutableUser.java
index ee6c5a5d31..40b28f611b 100644
--- a/core/src/main/java/org/springframework/security/provisioning/MutableUser.java
+++ b/core/src/main/java/org/springframework/security/provisioning/MutableUser.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.provisioning;
 
 import java.util.Collection;
diff --git a/core/src/main/java/org/springframework/security/provisioning/MutableUserDetails.java b/core/src/main/java/org/springframework/security/provisioning/MutableUserDetails.java
index 7fdcc40565..2a911d668b 100644
--- a/core/src/main/java/org/springframework/security/provisioning/MutableUserDetails.java
+++ b/core/src/main/java/org/springframework/security/provisioning/MutableUserDetails.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.provisioning;
 
 import org.springframework.security.core.userdetails.UserDetails;
diff --git a/core/src/main/java/org/springframework/security/provisioning/UserDetailsManager.java b/core/src/main/java/org/springframework/security/provisioning/UserDetailsManager.java
index 2bbf3db53c..631966c14d 100644
--- a/core/src/main/java/org/springframework/security/provisioning/UserDetailsManager.java
+++ b/core/src/main/java/org/springframework/security/provisioning/UserDetailsManager.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.provisioning;
 
 import org.springframework.security.core.userdetails.UserDetails;
diff --git a/core/src/main/java/org/springframework/security/provisioning/package-info.java b/core/src/main/java/org/springframework/security/provisioning/package-info.java
index b64773f3da..f661aaa89d 100644
--- a/core/src/main/java/org/springframework/security/provisioning/package-info.java
+++ b/core/src/main/java/org/springframework/security/provisioning/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * Contains simple user and authority group account provisioning interfaces together with
  * a a JDBC-based implementation.
diff --git a/core/src/main/java/org/springframework/security/scheduling/DelegatingSecurityContextSchedulingTaskExecutor.java b/core/src/main/java/org/springframework/security/scheduling/DelegatingSecurityContextSchedulingTaskExecutor.java
index fc70156153..6c517a472e 100644
--- a/core/src/main/java/org/springframework/security/scheduling/DelegatingSecurityContextSchedulingTaskExecutor.java
+++ b/core/src/main/java/org/springframework/security/scheduling/DelegatingSecurityContextSchedulingTaskExecutor.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.scheduling;
 
 import java.util.concurrent.Callable;
diff --git a/core/src/main/java/org/springframework/security/scheduling/DelegatingSecurityContextTaskScheduler.java b/core/src/main/java/org/springframework/security/scheduling/DelegatingSecurityContextTaskScheduler.java
index d1a3642228..0925b7fa1f 100644
--- a/core/src/main/java/org/springframework/security/scheduling/DelegatingSecurityContextTaskScheduler.java
+++ b/core/src/main/java/org/springframework/security/scheduling/DelegatingSecurityContextTaskScheduler.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.scheduling;
 
 import java.util.Date;
diff --git a/core/src/main/java/org/springframework/security/task/DelegatingSecurityContextAsyncTaskExecutor.java b/core/src/main/java/org/springframework/security/task/DelegatingSecurityContextAsyncTaskExecutor.java
index 5f5bdba420..f52d99c86d 100644
--- a/core/src/main/java/org/springframework/security/task/DelegatingSecurityContextAsyncTaskExecutor.java
+++ b/core/src/main/java/org/springframework/security/task/DelegatingSecurityContextAsyncTaskExecutor.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.task;
 
 import java.util.concurrent.Callable;
diff --git a/core/src/main/java/org/springframework/security/task/DelegatingSecurityContextTaskExecutor.java b/core/src/main/java/org/springframework/security/task/DelegatingSecurityContextTaskExecutor.java
index 68234d0d56..c051e014b4 100644
--- a/core/src/main/java/org/springframework/security/task/DelegatingSecurityContextTaskExecutor.java
+++ b/core/src/main/java/org/springframework/security/task/DelegatingSecurityContextTaskExecutor.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.task;
 
 import org.springframework.core.task.TaskExecutor;
diff --git a/core/src/main/java/org/springframework/security/util/package-info.java b/core/src/main/java/org/springframework/security/util/package-info.java
index 3f3a9bdc95..e8cbd0733d 100644
--- a/core/src/main/java/org/springframework/security/util/package-info.java
+++ b/core/src/main/java/org/springframework/security/util/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * General utility classes used throughout the Spring Security framework. Intended for
  * internal use.
diff --git a/core/src/test/java/org/springframework/security/TestDataSource.java b/core/src/test/java/org/springframework/security/TestDataSource.java
index 24c7a5f5cc..9a81dec420 100644
--- a/core/src/test/java/org/springframework/security/TestDataSource.java
+++ b/core/src/test/java/org/springframework/security/TestDataSource.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security;
 
 import org.springframework.beans.factory.DisposableBean;
diff --git a/core/src/test/java/org/springframework/security/access/annotation/BusinessServiceImpl.java b/core/src/test/java/org/springframework/security/access/annotation/BusinessServiceImpl.java
index 482abd97ea..705632467e 100644
--- a/core/src/test/java/org/springframework/security/access/annotation/BusinessServiceImpl.java
+++ b/core/src/test/java/org/springframework/security/access/annotation/BusinessServiceImpl.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.access.annotation;
 
 import java.util.ArrayList;
diff --git a/core/src/test/java/org/springframework/security/access/annotation/Entity.java b/core/src/test/java/org/springframework/security/access/annotation/Entity.java
index ecb14e67aa..b6bc9fd7a9 100644
--- a/core/src/test/java/org/springframework/security/access/annotation/Entity.java
+++ b/core/src/test/java/org/springframework/security/access/annotation/Entity.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.access.annotation;
 
 /**
diff --git a/core/src/test/java/org/springframework/security/access/annotation/ExpressionProtectedBusinessServiceImpl.java b/core/src/test/java/org/springframework/security/access/annotation/ExpressionProtectedBusinessServiceImpl.java
index 4e1289a585..eec3144daa 100644
--- a/core/src/test/java/org/springframework/security/access/annotation/ExpressionProtectedBusinessServiceImpl.java
+++ b/core/src/test/java/org/springframework/security/access/annotation/ExpressionProtectedBusinessServiceImpl.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.access.annotation;
 
 import java.util.ArrayList;
diff --git a/core/src/test/java/org/springframework/security/access/annotation/Jsr250BusinessServiceImpl.java b/core/src/test/java/org/springframework/security/access/annotation/Jsr250BusinessServiceImpl.java
index 8d2500836d..3472f49f1c 100644
--- a/core/src/test/java/org/springframework/security/access/annotation/Jsr250BusinessServiceImpl.java
+++ b/core/src/test/java/org/springframework/security/access/annotation/Jsr250BusinessServiceImpl.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.access.annotation;
 
 import java.util.ArrayList;
diff --git a/core/src/test/java/org/springframework/security/access/annotation/Jsr250VoterTests.java b/core/src/test/java/org/springframework/security/access/annotation/Jsr250VoterTests.java
index 17daab161f..8e7f5536fc 100644
--- a/core/src/test/java/org/springframework/security/access/annotation/Jsr250VoterTests.java
+++ b/core/src/test/java/org/springframework/security/access/annotation/Jsr250VoterTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.access.annotation;
 
 import java.util.ArrayList;
diff --git a/core/src/test/java/org/springframework/security/access/annotation/sec2150/CrudRepository.java b/core/src/test/java/org/springframework/security/access/annotation/sec2150/CrudRepository.java
index 060d6d8011..f0cefba8a9 100644
--- a/core/src/test/java/org/springframework/security/access/annotation/sec2150/CrudRepository.java
+++ b/core/src/test/java/org/springframework/security/access/annotation/sec2150/CrudRepository.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.access.annotation.sec2150;
 
 public interface CrudRepository {
diff --git a/core/src/test/java/org/springframework/security/access/annotation/sec2150/MethodInvocationFactory.java b/core/src/test/java/org/springframework/security/access/annotation/sec2150/MethodInvocationFactory.java
index 9b9f15be8d..fdce7db144 100644
--- a/core/src/test/java/org/springframework/security/access/annotation/sec2150/MethodInvocationFactory.java
+++ b/core/src/test/java/org/springframework/security/access/annotation/sec2150/MethodInvocationFactory.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.access.annotation.sec2150;
 
 import org.springframework.aop.framework.ProxyFactory;
diff --git a/core/src/test/java/org/springframework/security/access/annotation/sec2150/PersonRepository.java b/core/src/test/java/org/springframework/security/access/annotation/sec2150/PersonRepository.java
index 30258f07b0..ed70ebaa59 100644
--- a/core/src/test/java/org/springframework/security/access/annotation/sec2150/PersonRepository.java
+++ b/core/src/test/java/org/springframework/security/access/annotation/sec2150/PersonRepository.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.access.annotation.sec2150;
 
 import org.springframework.security.access.annotation.Secured;
diff --git a/core/src/test/java/org/springframework/security/access/expression/AbstractSecurityExpressionHandlerTests.java b/core/src/test/java/org/springframework/security/access/expression/AbstractSecurityExpressionHandlerTests.java
index 9d20cc5efa..c9522feca6 100644
--- a/core/src/test/java/org/springframework/security/access/expression/AbstractSecurityExpressionHandlerTests.java
+++ b/core/src/test/java/org/springframework/security/access/expression/AbstractSecurityExpressionHandlerTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.access.expression;
 
 import org.junit.Before;
diff --git a/core/src/test/java/org/springframework/security/access/expression/SecurityExpressionRootTests.java b/core/src/test/java/org/springframework/security/access/expression/SecurityExpressionRootTests.java
index 28d28fd39f..37d272e78e 100644
--- a/core/src/test/java/org/springframework/security/access/expression/SecurityExpressionRootTests.java
+++ b/core/src/test/java/org/springframework/security/access/expression/SecurityExpressionRootTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.access.expression;
 
 import org.junit.Before;
diff --git a/core/src/test/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandlerTests.java b/core/src/test/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandlerTests.java
index 9201f6f56e..e59794a237 100644
--- a/core/src/test/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandlerTests.java
+++ b/core/src/test/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandlerTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.access.expression.method;
 
 import java.util.HashMap;
diff --git a/core/src/test/java/org/springframework/security/access/expression/method/ExpressionBasedPreInvocationAdviceTests.java b/core/src/test/java/org/springframework/security/access/expression/method/ExpressionBasedPreInvocationAdviceTests.java
index 1c4f1a9d38..8f942bb330 100644
--- a/core/src/test/java/org/springframework/security/access/expression/method/ExpressionBasedPreInvocationAdviceTests.java
+++ b/core/src/test/java/org/springframework/security/access/expression/method/ExpressionBasedPreInvocationAdviceTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.access.expression.method;
 
 import java.util.ArrayList;
diff --git a/core/src/test/java/org/springframework/security/access/expression/method/MethodExpressionVoterTests.java b/core/src/test/java/org/springframework/security/access/expression/method/MethodExpressionVoterTests.java
index ea735d6a5d..d60ef97c45 100644
--- a/core/src/test/java/org/springframework/security/access/expression/method/MethodExpressionVoterTests.java
+++ b/core/src/test/java/org/springframework/security/access/expression/method/MethodExpressionVoterTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.access.expression.method;
 
 import java.lang.reflect.Method;
diff --git a/core/src/test/java/org/springframework/security/access/expression/method/MethodSecurityEvaluationContextTests.java b/core/src/test/java/org/springframework/security/access/expression/method/MethodSecurityEvaluationContextTests.java
index 7870917a46..a573263d25 100644
--- a/core/src/test/java/org/springframework/security/access/expression/method/MethodSecurityEvaluationContextTests.java
+++ b/core/src/test/java/org/springframework/security/access/expression/method/MethodSecurityEvaluationContextTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.access.expression.method;
 
 import java.lang.reflect.Method;
diff --git a/core/src/test/java/org/springframework/security/access/expression/method/MethodSecurityExpressionRootTests.java b/core/src/test/java/org/springframework/security/access/expression/method/MethodSecurityExpressionRootTests.java
index cba5c7c8bc..43ee1027ad 100644
--- a/core/src/test/java/org/springframework/security/access/expression/method/MethodSecurityExpressionRootTests.java
+++ b/core/src/test/java/org/springframework/security/access/expression/method/MethodSecurityExpressionRootTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.access.expression.method;
 
 import org.junit.Before;
diff --git a/core/src/test/java/org/springframework/security/access/expression/method/PrePostAnnotationSecurityMetadataSourceTests.java b/core/src/test/java/org/springframework/security/access/expression/method/PrePostAnnotationSecurityMetadataSourceTests.java
index bf5d8b3375..bf024683f3 100644
--- a/core/src/test/java/org/springframework/security/access/expression/method/PrePostAnnotationSecurityMetadataSourceTests.java
+++ b/core/src/test/java/org/springframework/security/access/expression/method/PrePostAnnotationSecurityMetadataSourceTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.access.expression.method;
 
 import java.lang.annotation.ElementType;
diff --git a/core/src/test/java/org/springframework/security/access/expression/method/SecurityRules.java b/core/src/test/java/org/springframework/security/access/expression/method/SecurityRules.java
index 6943f5ef51..5be6cb8a29 100644
--- a/core/src/test/java/org/springframework/security/access/expression/method/SecurityRules.java
+++ b/core/src/test/java/org/springframework/security/access/expression/method/SecurityRules.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.access.expression.method;
 
 public class SecurityRules {
diff --git a/core/src/test/java/org/springframework/security/access/hierarchicalroles/HierarchicalRolesTestHelper.java b/core/src/test/java/org/springframework/security/access/hierarchicalroles/HierarchicalRolesTestHelper.java
index 6553ef7d6c..8d2a9fdff3 100755
--- a/core/src/test/java/org/springframework/security/access/hierarchicalroles/HierarchicalRolesTestHelper.java
+++ b/core/src/test/java/org/springframework/security/access/hierarchicalroles/HierarchicalRolesTestHelper.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.access.hierarchicalroles;
 
 import java.util.ArrayList;
diff --git a/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyAuthoritiesMapperTests.java b/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyAuthoritiesMapperTests.java
index f982b96e3a..0d373bf9d9 100644
--- a/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyAuthoritiesMapperTests.java
+++ b/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyAuthoritiesMapperTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.access.hierarchicalroles;
 
 import java.util.Collection;
diff --git a/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyImplTests.java b/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyImplTests.java
index 986d1dc92c..7f337dac51 100644
--- a/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyImplTests.java
+++ b/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyImplTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.access.hierarchicalroles;
 
 import java.util.ArrayList;
diff --git a/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyUtilsTests.java b/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyUtilsTests.java
index d9d7a9e6b3..6684a2e9d7 100644
--- a/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyUtilsTests.java
+++ b/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyUtilsTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.access.hierarchicalroles;
 
 import java.util.Arrays;
diff --git a/core/src/test/java/org/springframework/security/access/hierarchicalroles/TestHelperTests.java b/core/src/test/java/org/springframework/security/access/hierarchicalroles/TestHelperTests.java
index 4cfa39cc0c..54570c4759 100644
--- a/core/src/test/java/org/springframework/security/access/hierarchicalroles/TestHelperTests.java
+++ b/core/src/test/java/org/springframework/security/access/hierarchicalroles/TestHelperTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.access.hierarchicalroles;
 
 import java.util.ArrayList;
diff --git a/core/src/test/java/org/springframework/security/access/intercept/method/MapBasedMethodSecurityMetadataSourceTests.java b/core/src/test/java/org/springframework/security/access/intercept/method/MapBasedMethodSecurityMetadataSourceTests.java
index cc977f4176..9236bb38d8 100644
--- a/core/src/test/java/org/springframework/security/access/intercept/method/MapBasedMethodSecurityMetadataSourceTests.java
+++ b/core/src/test/java/org/springframework/security/access/intercept/method/MapBasedMethodSecurityMetadataSourceTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.access.intercept.method;
 
 import java.lang.reflect.Method;
diff --git a/core/src/test/java/org/springframework/security/access/intercept/method/MockMethodInvocation.java b/core/src/test/java/org/springframework/security/access/intercept/method/MockMethodInvocation.java
index 9fec6e3e8e..f0e8c4b2de 100644
--- a/core/src/test/java/org/springframework/security/access/intercept/method/MockMethodInvocation.java
+++ b/core/src/test/java/org/springframework/security/access/intercept/method/MockMethodInvocation.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.access.intercept.method;
 
 import java.lang.reflect.AccessibleObject;
diff --git a/core/src/test/java/org/springframework/security/access/method/DelegatingMethodSecurityMetadataSourceTests.java b/core/src/test/java/org/springframework/security/access/method/DelegatingMethodSecurityMetadataSourceTests.java
index ac07025682..cdab7177ca 100644
--- a/core/src/test/java/org/springframework/security/access/method/DelegatingMethodSecurityMetadataSourceTests.java
+++ b/core/src/test/java/org/springframework/security/access/method/DelegatingMethodSecurityMetadataSourceTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.access.method;
 
 import java.lang.reflect.Method;
diff --git a/core/src/test/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdviceVoterTests.java b/core/src/test/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdviceVoterTests.java
index 1dbdc8eb7c..417faedaab 100644
--- a/core/src/test/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdviceVoterTests.java
+++ b/core/src/test/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdviceVoterTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.access.prepost;
 
 import org.aopalliance.intercept.MethodInvocation;
diff --git a/core/src/test/java/org/springframework/security/access/vote/AbstractAclVoterTests.java b/core/src/test/java/org/springframework/security/access/vote/AbstractAclVoterTests.java
index f754ef6e0e..7cb15549ac 100644
--- a/core/src/test/java/org/springframework/security/access/vote/AbstractAclVoterTests.java
+++ b/core/src/test/java/org/springframework/security/access/vote/AbstractAclVoterTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.access.vote;
 
 import java.util.ArrayList;
diff --git a/core/src/test/java/org/springframework/security/access/vote/RoleHierarchyVoterTests.java b/core/src/test/java/org/springframework/security/access/vote/RoleHierarchyVoterTests.java
index 63aae83cd1..9dd3cc940d 100644
--- a/core/src/test/java/org/springframework/security/access/vote/RoleHierarchyVoterTests.java
+++ b/core/src/test/java/org/springframework/security/access/vote/RoleHierarchyVoterTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.access.vote;
 
 import org.junit.Test;
diff --git a/core/src/test/java/org/springframework/security/access/vote/RoleVoterTests.java b/core/src/test/java/org/springframework/security/access/vote/RoleVoterTests.java
index ea5d13ade5..ca6215e486 100644
--- a/core/src/test/java/org/springframework/security/access/vote/RoleVoterTests.java
+++ b/core/src/test/java/org/springframework/security/access/vote/RoleVoterTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.access.vote;
 
 import org.junit.Test;
diff --git a/core/src/test/java/org/springframework/security/authentication/DefaultAuthenticationEventPublisherTests.java b/core/src/test/java/org/springframework/security/authentication/DefaultAuthenticationEventPublisherTests.java
index d3ac44699d..111e33cb3b 100644
--- a/core/src/test/java/org/springframework/security/authentication/DefaultAuthenticationEventPublisherTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/DefaultAuthenticationEventPublisherTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.authentication;
 
 import java.util.HashMap;
diff --git a/core/src/test/java/org/springframework/security/authentication/ReactiveUserDetailsServiceAuthenticationManagerTests.java b/core/src/test/java/org/springframework/security/authentication/ReactiveUserDetailsServiceAuthenticationManagerTests.java
index 69ff1b9aad..d6fd522756 100644
--- a/core/src/test/java/org/springframework/security/authentication/ReactiveUserDetailsServiceAuthenticationManagerTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/ReactiveUserDetailsServiceAuthenticationManagerTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.authentication;
 
 import org.junit.Before;
diff --git a/core/src/test/java/org/springframework/security/authentication/TestingAuthenticationTokenTests.java b/core/src/test/java/org/springframework/security/authentication/TestingAuthenticationTokenTests.java
index ce040967bd..35ec2095b7 100644
--- a/core/src/test/java/org/springframework/security/authentication/TestingAuthenticationTokenTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/TestingAuthenticationTokenTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.authentication;
 
 import java.util.Arrays;
diff --git a/core/src/test/java/org/springframework/security/authentication/dao/MockUserCache.java b/core/src/test/java/org/springframework/security/authentication/dao/MockUserCache.java
index 356115b539..a6ff266adb 100644
--- a/core/src/test/java/org/springframework/security/authentication/dao/MockUserCache.java
+++ b/core/src/test/java/org/springframework/security/authentication/dao/MockUserCache.java
@@ -16,6 +16,7 @@
 /**
  *
  */
+
 package org.springframework.security.authentication.dao;
 
 import java.util.HashMap;
diff --git a/core/src/test/java/org/springframework/security/authentication/jaas/DefaultJaasAuthenticationProviderTests.java b/core/src/test/java/org/springframework/security/authentication/jaas/DefaultJaasAuthenticationProviderTests.java
index 7951b5cc61..ce23ea8c54 100644
--- a/core/src/test/java/org/springframework/security/authentication/jaas/DefaultJaasAuthenticationProviderTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/jaas/DefaultJaasAuthenticationProviderTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.authentication.jaas;
 
 import java.util.Arrays;
diff --git a/core/src/test/java/org/springframework/security/authentication/jaas/Sec760Tests.java b/core/src/test/java/org/springframework/security/authentication/jaas/Sec760Tests.java
index e32ad655fc..2d8d455032 100644
--- a/core/src/test/java/org/springframework/security/authentication/jaas/Sec760Tests.java
+++ b/core/src/test/java/org/springframework/security/authentication/jaas/Sec760Tests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.authentication.jaas;
 
 import org.junit.Test;
diff --git a/core/src/test/java/org/springframework/security/authentication/jaas/memory/InMemoryConfigurationTests.java b/core/src/test/java/org/springframework/security/authentication/jaas/memory/InMemoryConfigurationTests.java
index 7b4a690151..58bb0120f5 100644
--- a/core/src/test/java/org/springframework/security/authentication/jaas/memory/InMemoryConfigurationTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/jaas/memory/InMemoryConfigurationTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.authentication.jaas.memory;
 
 import java.lang.reflect.Method;
diff --git a/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextExecutorServiceTests.java b/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextExecutorServiceTests.java
index effd99686a..f8fcbc48cb 100644
--- a/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextExecutorServiceTests.java
+++ b/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextExecutorServiceTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.concurrent;
 
 import java.util.Arrays;
diff --git a/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextExecutorTests.java b/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextExecutorTests.java
index 177b04ae27..073670a93d 100644
--- a/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextExecutorTests.java
+++ b/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextExecutorTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.concurrent;
 
 import java.util.concurrent.Executor;
diff --git a/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextScheduledExecutorServiceTests.java b/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextScheduledExecutorServiceTests.java
index 166a021508..0530ce8a67 100644
--- a/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextScheduledExecutorServiceTests.java
+++ b/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextScheduledExecutorServiceTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.concurrent;
 
 import java.util.concurrent.ScheduledFuture;
diff --git a/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextTestSupport.java b/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextTestSupport.java
index 1ab51e3220..8e1de868f0 100644
--- a/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextTestSupport.java
+++ b/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextTestSupport.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.concurrent;
 
 import java.util.concurrent.Callable;
diff --git a/core/src/test/java/org/springframework/security/concurrent/CurrentDelegatingSecurityContextExecutorServiceTests.java b/core/src/test/java/org/springframework/security/concurrent/CurrentDelegatingSecurityContextExecutorServiceTests.java
index 081da79ff8..7579e28448 100644
--- a/core/src/test/java/org/springframework/security/concurrent/CurrentDelegatingSecurityContextExecutorServiceTests.java
+++ b/core/src/test/java/org/springframework/security/concurrent/CurrentDelegatingSecurityContextExecutorServiceTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.concurrent;
 
 import org.junit.Before;
diff --git a/core/src/test/java/org/springframework/security/concurrent/CurrentDelegatingSecurityContextExecutorTests.java b/core/src/test/java/org/springframework/security/concurrent/CurrentDelegatingSecurityContextExecutorTests.java
index dc6b40e07e..65a597aa9b 100644
--- a/core/src/test/java/org/springframework/security/concurrent/CurrentDelegatingSecurityContextExecutorTests.java
+++ b/core/src/test/java/org/springframework/security/concurrent/CurrentDelegatingSecurityContextExecutorTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.concurrent;
 
 import org.junit.Before;
diff --git a/core/src/test/java/org/springframework/security/concurrent/CurrentDelegatingSecurityContextScheduledExecutorServiceTests.java b/core/src/test/java/org/springframework/security/concurrent/CurrentDelegatingSecurityContextScheduledExecutorServiceTests.java
index 53f20764a0..b3eb423d54 100644
--- a/core/src/test/java/org/springframework/security/concurrent/CurrentDelegatingSecurityContextScheduledExecutorServiceTests.java
+++ b/core/src/test/java/org/springframework/security/concurrent/CurrentDelegatingSecurityContextScheduledExecutorServiceTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.concurrent;
 
 import org.junit.Before;
diff --git a/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextCallableTests.java b/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextCallableTests.java
index 4a98820b02..1783ee4806 100644
--- a/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextCallableTests.java
+++ b/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextCallableTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.concurrent;
 
 import java.util.concurrent.Callable;
diff --git a/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextRunnableTests.java b/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextRunnableTests.java
index 990c85ccb5..42bebe98c8 100644
--- a/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextRunnableTests.java
+++ b/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextRunnableTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.concurrent;
 
 import java.util.concurrent.ExecutorService;
diff --git a/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextSupportTests.java b/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextSupportTests.java
index c2135e3a8a..f311782752 100644
--- a/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextSupportTests.java
+++ b/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextSupportTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.concurrent;
 
 import org.junit.Test;
diff --git a/core/src/test/java/org/springframework/security/concurrent/ExplicitDelegatingSecurityContextExecutorServiceTests.java b/core/src/test/java/org/springframework/security/concurrent/ExplicitDelegatingSecurityContextExecutorServiceTests.java
index 5d18220b12..e2b2681e5c 100644
--- a/core/src/test/java/org/springframework/security/concurrent/ExplicitDelegatingSecurityContextExecutorServiceTests.java
+++ b/core/src/test/java/org/springframework/security/concurrent/ExplicitDelegatingSecurityContextExecutorServiceTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.concurrent;
 
 import org.junit.Before;
diff --git a/core/src/test/java/org/springframework/security/concurrent/ExplicitDelegatingSecurityContextExecutorTests.java b/core/src/test/java/org/springframework/security/concurrent/ExplicitDelegatingSecurityContextExecutorTests.java
index b54376d27f..232012d27f 100644
--- a/core/src/test/java/org/springframework/security/concurrent/ExplicitDelegatingSecurityContextExecutorTests.java
+++ b/core/src/test/java/org/springframework/security/concurrent/ExplicitDelegatingSecurityContextExecutorTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.concurrent;
 
 import org.junit.Before;
diff --git a/core/src/test/java/org/springframework/security/concurrent/ExplicitDelegatingSecurityContextScheduledExecutorServiceTests.java b/core/src/test/java/org/springframework/security/concurrent/ExplicitDelegatingSecurityContextScheduledExecutorServiceTests.java
index 6a2f07f9aa..a59bd8164f 100644
--- a/core/src/test/java/org/springframework/security/concurrent/ExplicitDelegatingSecurityContextScheduledExecutorServiceTests.java
+++ b/core/src/test/java/org/springframework/security/concurrent/ExplicitDelegatingSecurityContextScheduledExecutorServiceTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.concurrent;
 
 import org.junit.Before;
diff --git a/core/src/test/java/org/springframework/security/context/DelegatingApplicationListenerTests.java b/core/src/test/java/org/springframework/security/context/DelegatingApplicationListenerTests.java
index 2fcd276cc2..7f087dfbab 100644
--- a/core/src/test/java/org/springframework/security/context/DelegatingApplicationListenerTests.java
+++ b/core/src/test/java/org/springframework/security/context/DelegatingApplicationListenerTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.context;
 
 import org.junit.Before;
diff --git a/core/src/test/java/org/springframework/security/core/JavaVersionTests.java b/core/src/test/java/org/springframework/security/core/JavaVersionTests.java
index 7620505962..5f2602f7ab 100644
--- a/core/src/test/java/org/springframework/security/core/JavaVersionTests.java
+++ b/core/src/test/java/org/springframework/security/core/JavaVersionTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.core;
 
 import java.io.DataInputStream;
diff --git a/core/src/test/java/org/springframework/security/core/SpringSecurityCoreVersionTests.java b/core/src/test/java/org/springframework/security/core/SpringSecurityCoreVersionTests.java
index 7b77032d7f..292c9d1680 100644
--- a/core/src/test/java/org/springframework/security/core/SpringSecurityCoreVersionTests.java
+++ b/core/src/test/java/org/springframework/security/core/SpringSecurityCoreVersionTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.core;
 
 import org.apache.commons.logging.Log;
diff --git a/core/src/test/java/org/springframework/security/core/authority/AuthorityUtilsTests.java b/core/src/test/java/org/springframework/security/core/authority/AuthorityUtilsTests.java
index 5143867f4f..5d3ff6a689 100644
--- a/core/src/test/java/org/springframework/security/core/authority/AuthorityUtilsTests.java
+++ b/core/src/test/java/org/springframework/security/core/authority/AuthorityUtilsTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.core.authority;
 
 import java.util.List;
diff --git a/core/src/test/java/org/springframework/security/core/authority/mapping/MapBasedAttributes2GrantedAuthoritiesMapperTests.java b/core/src/test/java/org/springframework/security/core/authority/mapping/MapBasedAttributes2GrantedAuthoritiesMapperTests.java
index 5848263f29..b57bbc3801 100644
--- a/core/src/test/java/org/springframework/security/core/authority/mapping/MapBasedAttributes2GrantedAuthoritiesMapperTests.java
+++ b/core/src/test/java/org/springframework/security/core/authority/mapping/MapBasedAttributes2GrantedAuthoritiesMapperTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.core.authority.mapping;
 
 import java.util.ArrayList;
diff --git a/core/src/test/java/org/springframework/security/core/authority/mapping/SimpleAuthoritiesMapperTests.java b/core/src/test/java/org/springframework/security/core/authority/mapping/SimpleAuthoritiesMapperTests.java
index 595f1d0d67..f1515a3661 100644
--- a/core/src/test/java/org/springframework/security/core/authority/mapping/SimpleAuthoritiesMapperTests.java
+++ b/core/src/test/java/org/springframework/security/core/authority/mapping/SimpleAuthoritiesMapperTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.core.authority.mapping;
 
 import java.util.List;
diff --git a/core/src/test/java/org/springframework/security/core/authority/mapping/SimpleMappableRolesRetrieverTests.java b/core/src/test/java/org/springframework/security/core/authority/mapping/SimpleMappableRolesRetrieverTests.java
index 8fe0b2d8df..2c3cdab572 100644
--- a/core/src/test/java/org/springframework/security/core/authority/mapping/SimpleMappableRolesRetrieverTests.java
+++ b/core/src/test/java/org/springframework/security/core/authority/mapping/SimpleMappableRolesRetrieverTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.core.authority.mapping;
 
 import java.util.Set;
diff --git a/core/src/test/java/org/springframework/security/core/authority/mapping/SimpleRoles2GrantedAuthoritiesMapperTests.java b/core/src/test/java/org/springframework/security/core/authority/mapping/SimpleRoles2GrantedAuthoritiesMapperTests.java
index 9f792e24f3..da948dd54e 100644
--- a/core/src/test/java/org/springframework/security/core/authority/mapping/SimpleRoles2GrantedAuthoritiesMapperTests.java
+++ b/core/src/test/java/org/springframework/security/core/authority/mapping/SimpleRoles2GrantedAuthoritiesMapperTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.core.authority.mapping;
 
 import java.util.ArrayList;
diff --git a/core/src/test/java/org/springframework/security/core/parameters/AnnotationParameterNameDiscovererTests.java b/core/src/test/java/org/springframework/security/core/parameters/AnnotationParameterNameDiscovererTests.java
index c1fc3c9b8f..2627f17d47 100644
--- a/core/src/test/java/org/springframework/security/core/parameters/AnnotationParameterNameDiscovererTests.java
+++ b/core/src/test/java/org/springframework/security/core/parameters/AnnotationParameterNameDiscovererTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.core.parameters;
 
 import org.junit.Before;
diff --git a/core/src/test/java/org/springframework/security/core/parameters/DefaultSecurityParameterNameDiscovererTests.java b/core/src/test/java/org/springframework/security/core/parameters/DefaultSecurityParameterNameDiscovererTests.java
index fdea9f25c8..8f1cb7ee62 100644
--- a/core/src/test/java/org/springframework/security/core/parameters/DefaultSecurityParameterNameDiscovererTests.java
+++ b/core/src/test/java/org/springframework/security/core/parameters/DefaultSecurityParameterNameDiscovererTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.core.parameters;
 
 import java.util.Arrays;
diff --git a/core/src/test/java/org/springframework/security/core/token/DefaultTokenTests.java b/core/src/test/java/org/springframework/security/core/token/DefaultTokenTests.java
index ac2c19c8ff..5a392720ac 100644
--- a/core/src/test/java/org/springframework/security/core/token/DefaultTokenTests.java
+++ b/core/src/test/java/org/springframework/security/core/token/DefaultTokenTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.core.token;
 
 import java.util.Date;
diff --git a/core/src/test/java/org/springframework/security/core/token/KeyBasedPersistenceTokenServiceTests.java b/core/src/test/java/org/springframework/security/core/token/KeyBasedPersistenceTokenServiceTests.java
index dacc3678c5..fd4efeebb9 100644
--- a/core/src/test/java/org/springframework/security/core/token/KeyBasedPersistenceTokenServiceTests.java
+++ b/core/src/test/java/org/springframework/security/core/token/KeyBasedPersistenceTokenServiceTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.core.token;
 
 import java.security.SecureRandom;
diff --git a/core/src/test/java/org/springframework/security/core/token/SecureRandomFactoryBeanTests.java b/core/src/test/java/org/springframework/security/core/token/SecureRandomFactoryBeanTests.java
index b5220f488c..b3ab4cc491 100644
--- a/core/src/test/java/org/springframework/security/core/token/SecureRandomFactoryBeanTests.java
+++ b/core/src/test/java/org/springframework/security/core/token/SecureRandomFactoryBeanTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.core.token;
 
 import java.security.SecureRandom;
diff --git a/core/src/test/java/org/springframework/security/core/userdetails/MapReactiveUserDetailsServiceTests.java b/core/src/test/java/org/springframework/security/core/userdetails/MapReactiveUserDetailsServiceTests.java
index 34d633c551..f9d983a406 100644
--- a/core/src/test/java/org/springframework/security/core/userdetails/MapReactiveUserDetailsServiceTests.java
+++ b/core/src/test/java/org/springframework/security/core/userdetails/MapReactiveUserDetailsServiceTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.core.userdetails;
 
 import java.util.Arrays;
diff --git a/core/src/test/java/org/springframework/security/core/userdetails/MockUserDetailsService.java b/core/src/test/java/org/springframework/security/core/userdetails/MockUserDetailsService.java
index b08ae39241..3a2a074971 100644
--- a/core/src/test/java/org/springframework/security/core/userdetails/MockUserDetailsService.java
+++ b/core/src/test/java/org/springframework/security/core/userdetails/MockUserDetailsService.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.core.userdetails;
 
 import java.util.HashMap;
diff --git a/core/src/test/java/org/springframework/security/core/userdetails/UserDetailsByNameServiceWrapperTests.java b/core/src/test/java/org/springframework/security/core/userdetails/UserDetailsByNameServiceWrapperTests.java
index 17bc83221f..646b557499 100644
--- a/core/src/test/java/org/springframework/security/core/userdetails/UserDetailsByNameServiceWrapperTests.java
+++ b/core/src/test/java/org/springframework/security/core/userdetails/UserDetailsByNameServiceWrapperTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.core.userdetails;
 
 import org.junit.Test;
diff --git a/core/src/test/java/org/springframework/security/jackson2/BadCredentialsExceptionMixinTests.java b/core/src/test/java/org/springframework/security/jackson2/BadCredentialsExceptionMixinTests.java
index 6a62775408..2fcc882be4 100644
--- a/core/src/test/java/org/springframework/security/jackson2/BadCredentialsExceptionMixinTests.java
+++ b/core/src/test/java/org/springframework/security/jackson2/BadCredentialsExceptionMixinTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.jackson2;
 
 import java.io.IOException;
diff --git a/core/src/test/java/org/springframework/security/provisioning/JdbcUserDetailsManagerTests.java b/core/src/test/java/org/springframework/security/provisioning/JdbcUserDetailsManagerTests.java
index 424a344aa0..413bff2c53 100644
--- a/core/src/test/java/org/springframework/security/provisioning/JdbcUserDetailsManagerTests.java
+++ b/core/src/test/java/org/springframework/security/provisioning/JdbcUserDetailsManagerTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.provisioning;
 
 import java.util.Collections;
diff --git a/core/src/test/java/org/springframework/security/scheduling/AbstractSecurityContextSchedulingTaskExecutorTests.java b/core/src/test/java/org/springframework/security/scheduling/AbstractSecurityContextSchedulingTaskExecutorTests.java
index ae98a5d62a..635451cbef 100644
--- a/core/src/test/java/org/springframework/security/scheduling/AbstractSecurityContextSchedulingTaskExecutorTests.java
+++ b/core/src/test/java/org/springframework/security/scheduling/AbstractSecurityContextSchedulingTaskExecutorTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.scheduling;
 
 import org.junit.Test;
diff --git a/core/src/test/java/org/springframework/security/scheduling/CurrentSecurityContextSchedulingTaskExecutorTests.java b/core/src/test/java/org/springframework/security/scheduling/CurrentSecurityContextSchedulingTaskExecutorTests.java
index e93316ce00..9635b24c27 100644
--- a/core/src/test/java/org/springframework/security/scheduling/CurrentSecurityContextSchedulingTaskExecutorTests.java
+++ b/core/src/test/java/org/springframework/security/scheduling/CurrentSecurityContextSchedulingTaskExecutorTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.scheduling;
 
 import org.junit.Before;
diff --git a/core/src/test/java/org/springframework/security/scheduling/DelegatingSecurityContextTaskSchedulerTests.java b/core/src/test/java/org/springframework/security/scheduling/DelegatingSecurityContextTaskSchedulerTests.java
index 3828bb755d..d52d530956 100644
--- a/core/src/test/java/org/springframework/security/scheduling/DelegatingSecurityContextTaskSchedulerTests.java
+++ b/core/src/test/java/org/springframework/security/scheduling/DelegatingSecurityContextTaskSchedulerTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.scheduling;
 
 import java.time.Duration;
diff --git a/core/src/test/java/org/springframework/security/scheduling/ExplicitSecurityContextSchedulingTaskExecutorTests.java b/core/src/test/java/org/springframework/security/scheduling/ExplicitSecurityContextSchedulingTaskExecutorTests.java
index 1fdf8b9bb5..c6eb7e0d1a 100644
--- a/core/src/test/java/org/springframework/security/scheduling/ExplicitSecurityContextSchedulingTaskExecutorTests.java
+++ b/core/src/test/java/org/springframework/security/scheduling/ExplicitSecurityContextSchedulingTaskExecutorTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.scheduling;
 
 import org.junit.Before;
diff --git a/core/src/test/java/org/springframework/security/task/AbstractDelegatingSecurityContextAsyncTaskExecutorTests.java b/core/src/test/java/org/springframework/security/task/AbstractDelegatingSecurityContextAsyncTaskExecutorTests.java
index 8f3658f5b0..4558c6a9cb 100644
--- a/core/src/test/java/org/springframework/security/task/AbstractDelegatingSecurityContextAsyncTaskExecutorTests.java
+++ b/core/src/test/java/org/springframework/security/task/AbstractDelegatingSecurityContextAsyncTaskExecutorTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.task;
 
 import org.junit.Before;
diff --git a/core/src/test/java/org/springframework/security/task/CurrentDelegatingSecurityContextAsyncTaskExecutorTests.java b/core/src/test/java/org/springframework/security/task/CurrentDelegatingSecurityContextAsyncTaskExecutorTests.java
index 53b94f6c16..a3e33a742b 100644
--- a/core/src/test/java/org/springframework/security/task/CurrentDelegatingSecurityContextAsyncTaskExecutorTests.java
+++ b/core/src/test/java/org/springframework/security/task/CurrentDelegatingSecurityContextAsyncTaskExecutorTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.task;
 
 import org.junit.Before;
diff --git a/core/src/test/java/org/springframework/security/task/CurrentDelegatingSecurityContextTaskExecutorTests.java b/core/src/test/java/org/springframework/security/task/CurrentDelegatingSecurityContextTaskExecutorTests.java
index 7b2fa833c2..7ec62fbf73 100644
--- a/core/src/test/java/org/springframework/security/task/CurrentDelegatingSecurityContextTaskExecutorTests.java
+++ b/core/src/test/java/org/springframework/security/task/CurrentDelegatingSecurityContextTaskExecutorTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.task;
 
 import java.util.concurrent.Executor;
diff --git a/core/src/test/java/org/springframework/security/task/ExplicitDelegatingSecurityContextAsyncTaskExecutorTests.java b/core/src/test/java/org/springframework/security/task/ExplicitDelegatingSecurityContextAsyncTaskExecutorTests.java
index 89f611a613..d1464332a6 100644
--- a/core/src/test/java/org/springframework/security/task/ExplicitDelegatingSecurityContextAsyncTaskExecutorTests.java
+++ b/core/src/test/java/org/springframework/security/task/ExplicitDelegatingSecurityContextAsyncTaskExecutorTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.task;
 
 import org.junit.Before;
diff --git a/core/src/test/java/org/springframework/security/task/ExplicitDelegatingSecurityContextTaskExecutorTests.java b/core/src/test/java/org/springframework/security/task/ExplicitDelegatingSecurityContextTaskExecutorTests.java
index 12f4e94798..aced1ad9d5 100644
--- a/core/src/test/java/org/springframework/security/task/ExplicitDelegatingSecurityContextTaskExecutorTests.java
+++ b/core/src/test/java/org/springframework/security/task/ExplicitDelegatingSecurityContextTaskExecutorTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.task;
 
 import java.util.concurrent.Executor;
diff --git a/core/src/test/java/org/springframework/security/util/FieldUtilsTests.java b/core/src/test/java/org/springframework/security/util/FieldUtilsTests.java
index c2b84381ae..edc8356988 100644
--- a/core/src/test/java/org/springframework/security/util/FieldUtilsTests.java
+++ b/core/src/test/java/org/springframework/security/util/FieldUtilsTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.util;
 
 import org.junit.Test;
diff --git a/core/src/test/java/org/springframework/security/util/InMemoryResourceTests.java b/core/src/test/java/org/springframework/security/util/InMemoryResourceTests.java
index c98116c592..23edf7030a 100644
--- a/core/src/test/java/org/springframework/security/util/InMemoryResourceTests.java
+++ b/core/src/test/java/org/springframework/security/util/InMemoryResourceTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.util;
 
 import org.junit.Test;
diff --git a/core/src/test/java/org/springframework/security/util/MethodInvocationUtilsTests.java b/core/src/test/java/org/springframework/security/util/MethodInvocationUtilsTests.java
index eaaefdaefc..13dd7b7e16 100644
--- a/core/src/test/java/org/springframework/security/util/MethodInvocationUtilsTests.java
+++ b/core/src/test/java/org/springframework/security/util/MethodInvocationUtilsTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.util;
 
 import java.io.Serializable;
diff --git a/crypto/src/main/java/org/springframework/security/crypto/argon2/Argon2EncodingUtils.java b/crypto/src/main/java/org/springframework/security/crypto/argon2/Argon2EncodingUtils.java
index 0424fef616..21fdc524c3 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/argon2/Argon2EncodingUtils.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/argon2/Argon2EncodingUtils.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.crypto.argon2;
 
 import java.util.Base64;
diff --git a/crypto/src/main/java/org/springframework/security/crypto/bcrypt/BCrypt.java b/crypto/src/main/java/org/springframework/security/crypto/bcrypt/BCrypt.java
index 2c0f2257d7..1b545e5977 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/bcrypt/BCrypt.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/bcrypt/BCrypt.java
@@ -11,6 +11,7 @@
 // WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 // ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 // OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
 package org.springframework.security.crypto.bcrypt;
 
 import java.nio.charset.StandardCharsets;
diff --git a/crypto/src/main/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoder.java b/crypto/src/main/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoder.java
index 63df062bec..a60b2a89a7 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoder.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoder.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.crypto.bcrypt;
 
 import java.security.SecureRandom;
diff --git a/crypto/src/main/java/org/springframework/security/crypto/codec/Base64.java b/crypto/src/main/java/org/springframework/security/crypto/codec/Base64.java
index 366b380a96..efefa8f39a 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/codec/Base64.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/codec/Base64.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.crypto.codec;
 
 /**
diff --git a/crypto/src/main/java/org/springframework/security/crypto/codec/Hex.java b/crypto/src/main/java/org/springframework/security/crypto/codec/Hex.java
index c896a12034..339440820f 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/codec/Hex.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/codec/Hex.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.crypto.codec;
 
 /**
diff --git a/crypto/src/main/java/org/springframework/security/crypto/codec/Utf8.java b/crypto/src/main/java/org/springframework/security/crypto/codec/Utf8.java
index 1a926e3985..bc279665b3 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/codec/Utf8.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/codec/Utf8.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.crypto.codec;
 
 import java.nio.ByteBuffer;
diff --git a/crypto/src/main/java/org/springframework/security/crypto/codec/package-info.java b/crypto/src/main/java/org/springframework/security/crypto/codec/package-info.java
index 07941157f2..e560395216 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/codec/package-info.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/codec/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * Internal codec classes. Only intended for use within the framework.
  */
diff --git a/crypto/src/main/java/org/springframework/security/crypto/encrypt/AesBytesEncryptor.java b/crypto/src/main/java/org/springframework/security/crypto/encrypt/AesBytesEncryptor.java
index 52c913071d..bf7506bddf 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/encrypt/AesBytesEncryptor.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/encrypt/AesBytesEncryptor.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.crypto.encrypt;
 
 import java.security.spec.AlgorithmParameterSpec;
diff --git a/crypto/src/main/java/org/springframework/security/crypto/encrypt/BouncyCastleAesBytesEncryptor.java b/crypto/src/main/java/org/springframework/security/crypto/encrypt/BouncyCastleAesBytesEncryptor.java
index a6faef53cb..7322ae5ff5 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/encrypt/BouncyCastleAesBytesEncryptor.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/encrypt/BouncyCastleAesBytesEncryptor.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.crypto.encrypt;
 
 import org.bouncycastle.crypto.PBEParametersGenerator;
diff --git a/crypto/src/main/java/org/springframework/security/crypto/encrypt/BouncyCastleAesCbcBytesEncryptor.java b/crypto/src/main/java/org/springframework/security/crypto/encrypt/BouncyCastleAesCbcBytesEncryptor.java
index 24896cc71e..26b0f310a5 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/encrypt/BouncyCastleAesCbcBytesEncryptor.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/encrypt/BouncyCastleAesCbcBytesEncryptor.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.crypto.encrypt;
 
 import org.bouncycastle.crypto.BufferedBlockCipher;
diff --git a/crypto/src/main/java/org/springframework/security/crypto/encrypt/BouncyCastleAesGcmBytesEncryptor.java b/crypto/src/main/java/org/springframework/security/crypto/encrypt/BouncyCastleAesGcmBytesEncryptor.java
index cef2d1f977..b9d954691c 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/encrypt/BouncyCastleAesGcmBytesEncryptor.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/encrypt/BouncyCastleAesGcmBytesEncryptor.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.crypto.encrypt;
 
 import org.bouncycastle.crypto.InvalidCipherTextException;
diff --git a/crypto/src/main/java/org/springframework/security/crypto/encrypt/BytesEncryptor.java b/crypto/src/main/java/org/springframework/security/crypto/encrypt/BytesEncryptor.java
index 7f8fbc0981..37b4be273b 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/encrypt/BytesEncryptor.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/encrypt/BytesEncryptor.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.crypto.encrypt;
 
 /**
diff --git a/crypto/src/main/java/org/springframework/security/crypto/encrypt/CipherUtils.java b/crypto/src/main/java/org/springframework/security/crypto/encrypt/CipherUtils.java
index e1a3666115..e8cadac13c 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/encrypt/CipherUtils.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/encrypt/CipherUtils.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.crypto.encrypt;
 
 import java.security.InvalidAlgorithmParameterException;
diff --git a/crypto/src/main/java/org/springframework/security/crypto/encrypt/Encryptors.java b/crypto/src/main/java/org/springframework/security/crypto/encrypt/Encryptors.java
index 7d44ab3700..e4e2b88f1d 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/encrypt/Encryptors.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/encrypt/Encryptors.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.crypto.encrypt;
 
 import org.springframework.security.crypto.encrypt.AesBytesEncryptor.CipherAlgorithm;
diff --git a/crypto/src/main/java/org/springframework/security/crypto/encrypt/HexEncodingTextEncryptor.java b/crypto/src/main/java/org/springframework/security/crypto/encrypt/HexEncodingTextEncryptor.java
index 4bd12b4a53..80026b63b5 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/encrypt/HexEncodingTextEncryptor.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/encrypt/HexEncodingTextEncryptor.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.crypto.encrypt;
 
 import org.springframework.security.crypto.codec.Hex;
diff --git a/crypto/src/main/java/org/springframework/security/crypto/encrypt/TextEncryptor.java b/crypto/src/main/java/org/springframework/security/crypto/encrypt/TextEncryptor.java
index 03ff65a4d7..34eb1e5828 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/encrypt/TextEncryptor.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/encrypt/TextEncryptor.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.crypto.encrypt;
 
 /**
diff --git a/crypto/src/main/java/org/springframework/security/crypto/keygen/Base64StringKeyGenerator.java b/crypto/src/main/java/org/springframework/security/crypto/keygen/Base64StringKeyGenerator.java
index 1fc050c313..347328bba0 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/keygen/Base64StringKeyGenerator.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/keygen/Base64StringKeyGenerator.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.crypto.keygen;
 
 import java.util.Base64;
diff --git a/crypto/src/main/java/org/springframework/security/crypto/keygen/BytesKeyGenerator.java b/crypto/src/main/java/org/springframework/security/crypto/keygen/BytesKeyGenerator.java
index 56a8e4f308..51c18df36c 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/keygen/BytesKeyGenerator.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/keygen/BytesKeyGenerator.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.crypto.keygen;
 
 /**
diff --git a/crypto/src/main/java/org/springframework/security/crypto/keygen/HexEncodingStringKeyGenerator.java b/crypto/src/main/java/org/springframework/security/crypto/keygen/HexEncodingStringKeyGenerator.java
index 82c39a3ed4..9451c9dd4f 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/keygen/HexEncodingStringKeyGenerator.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/keygen/HexEncodingStringKeyGenerator.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.crypto.keygen;
 
 import org.springframework.security.crypto.codec.Hex;
diff --git a/crypto/src/main/java/org/springframework/security/crypto/keygen/KeyGenerators.java b/crypto/src/main/java/org/springframework/security/crypto/keygen/KeyGenerators.java
index 02d781788a..4b73049678 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/keygen/KeyGenerators.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/keygen/KeyGenerators.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.crypto.keygen;
 
 import java.security.SecureRandom;
diff --git a/crypto/src/main/java/org/springframework/security/crypto/keygen/SecureRandomBytesKeyGenerator.java b/crypto/src/main/java/org/springframework/security/crypto/keygen/SecureRandomBytesKeyGenerator.java
index d77d0093ae..b50bbe3bf5 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/keygen/SecureRandomBytesKeyGenerator.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/keygen/SecureRandomBytesKeyGenerator.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.crypto.keygen;
 
 import java.security.SecureRandom;
diff --git a/crypto/src/main/java/org/springframework/security/crypto/keygen/SharedKeyGenerator.java b/crypto/src/main/java/org/springframework/security/crypto/keygen/SharedKeyGenerator.java
index 87b47f180b..1e39d6323a 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/keygen/SharedKeyGenerator.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/keygen/SharedKeyGenerator.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.crypto.keygen;
 
 /**
diff --git a/crypto/src/main/java/org/springframework/security/crypto/keygen/StringKeyGenerator.java b/crypto/src/main/java/org/springframework/security/crypto/keygen/StringKeyGenerator.java
index 81a0a49460..1f5ed5a169 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/keygen/StringKeyGenerator.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/keygen/StringKeyGenerator.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.crypto.keygen;
 
 /**
diff --git a/crypto/src/main/java/org/springframework/security/crypto/password/AbstractPasswordEncoder.java b/crypto/src/main/java/org/springframework/security/crypto/password/AbstractPasswordEncoder.java
index 7f5e22ed60..180fb1863b 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/password/AbstractPasswordEncoder.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/password/AbstractPasswordEncoder.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.crypto.password;
 
 import java.security.MessageDigest;
diff --git a/crypto/src/main/java/org/springframework/security/crypto/password/Digester.java b/crypto/src/main/java/org/springframework/security/crypto/password/Digester.java
index 5add570e41..3ef2c768fb 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/password/Digester.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/password/Digester.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.crypto.password;
 
 import java.security.MessageDigest;
diff --git a/crypto/src/main/java/org/springframework/security/crypto/password/Md4.java b/crypto/src/main/java/org/springframework/security/crypto/password/Md4.java
index 20fe205baf..ee43131e79 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/password/Md4.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/password/Md4.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.crypto.password;
 
 /**
diff --git a/crypto/src/main/java/org/springframework/security/crypto/password/Md4PasswordEncoder.java b/crypto/src/main/java/org/springframework/security/crypto/password/Md4PasswordEncoder.java
index ba8c965bca..035d132709 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/password/Md4PasswordEncoder.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/password/Md4PasswordEncoder.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.crypto.password;
 
 import java.util.Base64;
diff --git a/crypto/src/main/java/org/springframework/security/crypto/password/MessageDigestPasswordEncoder.java b/crypto/src/main/java/org/springframework/security/crypto/password/MessageDigestPasswordEncoder.java
index 9791557505..606e5b6923 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/password/MessageDigestPasswordEncoder.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/password/MessageDigestPasswordEncoder.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.crypto.password;
 
 import java.security.MessageDigest;
diff --git a/crypto/src/main/java/org/springframework/security/crypto/password/NoOpPasswordEncoder.java b/crypto/src/main/java/org/springframework/security/crypto/password/NoOpPasswordEncoder.java
index c154d2c046..05feed195e 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/password/NoOpPasswordEncoder.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/password/NoOpPasswordEncoder.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.crypto.password;
 
 /**
diff --git a/crypto/src/main/java/org/springframework/security/crypto/password/PasswordEncoder.java b/crypto/src/main/java/org/springframework/security/crypto/password/PasswordEncoder.java
index 79fcf50ad4..3d3f8ee425 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/password/PasswordEncoder.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/password/PasswordEncoder.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.crypto.password;
 
 /**
diff --git a/crypto/src/main/java/org/springframework/security/crypto/password/PasswordEncoderUtils.java b/crypto/src/main/java/org/springframework/security/crypto/password/PasswordEncoderUtils.java
index d30b10d0bf..bcd0decacd 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/password/PasswordEncoderUtils.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/password/PasswordEncoderUtils.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.crypto.password;
 
 import java.security.MessageDigest;
diff --git a/crypto/src/main/java/org/springframework/security/crypto/password/Pbkdf2PasswordEncoder.java b/crypto/src/main/java/org/springframework/security/crypto/password/Pbkdf2PasswordEncoder.java
index f777424072..12854c95c7 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/password/Pbkdf2PasswordEncoder.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/password/Pbkdf2PasswordEncoder.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.crypto.password;
 
 import java.security.GeneralSecurityException;
diff --git a/crypto/src/main/java/org/springframework/security/crypto/password/StandardPasswordEncoder.java b/crypto/src/main/java/org/springframework/security/crypto/password/StandardPasswordEncoder.java
index 1f36635d39..b93b775f94 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/password/StandardPasswordEncoder.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/password/StandardPasswordEncoder.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.crypto.password;
 
 import java.security.MessageDigest;
diff --git a/crypto/src/main/java/org/springframework/security/crypto/scrypt/SCryptPasswordEncoder.java b/crypto/src/main/java/org/springframework/security/crypto/scrypt/SCryptPasswordEncoder.java
index b591794ede..01d1410130 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/scrypt/SCryptPasswordEncoder.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/scrypt/SCryptPasswordEncoder.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.crypto.scrypt;
 
 import java.security.MessageDigest;
diff --git a/crypto/src/main/java/org/springframework/security/crypto/util/EncodingUtils.java b/crypto/src/main/java/org/springframework/security/crypto/util/EncodingUtils.java
index f71e9f8cb2..f95bd7bd0b 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/util/EncodingUtils.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/util/EncodingUtils.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.crypto.util;
 
 /**
diff --git a/crypto/src/test/java/org/springframework/security/crypto/argon2/Argon2EncodingUtilsTests.java b/crypto/src/test/java/org/springframework/security/crypto/argon2/Argon2EncodingUtilsTests.java
index e3f4391401..5bab1e821f 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/argon2/Argon2EncodingUtilsTests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/argon2/Argon2EncodingUtilsTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.crypto.argon2;
 
 import java.util.Base64;
diff --git a/crypto/src/test/java/org/springframework/security/crypto/argon2/Argon2PasswordEncoderTests.java b/crypto/src/test/java/org/springframework/security/crypto/argon2/Argon2PasswordEncoderTests.java
index da18ccbedc..dce328f4b3 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/argon2/Argon2PasswordEncoderTests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/argon2/Argon2PasswordEncoderTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.crypto.argon2;
 
 import java.lang.reflect.Field;
diff --git a/crypto/src/test/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoderTests.java b/crypto/src/test/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoderTests.java
index 7be0e81a3c..1b88c0fc09 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoderTests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoderTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.crypto.bcrypt;
 
 import java.security.SecureRandom;
diff --git a/crypto/src/test/java/org/springframework/security/crypto/codec/Base64Tests.java b/crypto/src/test/java/org/springframework/security/crypto/codec/Base64Tests.java
index e220001c1f..16ec122720 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/codec/Base64Tests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/codec/Base64Tests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.crypto.codec;
 
 import org.junit.Test;
diff --git a/crypto/src/test/java/org/springframework/security/crypto/codec/HexTests.java b/crypto/src/test/java/org/springframework/security/crypto/codec/HexTests.java
index f5d53d3a19..ce02345c92 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/codec/HexTests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/codec/HexTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.crypto.codec;
 
 import org.junit.Rule;
diff --git a/crypto/src/test/java/org/springframework/security/crypto/codec/Utf8Tests.java b/crypto/src/test/java/org/springframework/security/crypto/codec/Utf8Tests.java
index 350cbccb6a..9a66e090d9 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/codec/Utf8Tests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/codec/Utf8Tests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.crypto.codec;
 
 import java.util.Arrays;
diff --git a/crypto/src/test/java/org/springframework/security/crypto/encrypt/BouncyCastleAesBytesEncryptorEquivalencyTests.java b/crypto/src/test/java/org/springframework/security/crypto/encrypt/BouncyCastleAesBytesEncryptorEquivalencyTests.java
index 828b2d32b0..56a70c073d 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/encrypt/BouncyCastleAesBytesEncryptorEquivalencyTests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/encrypt/BouncyCastleAesBytesEncryptorEquivalencyTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.crypto.encrypt;
 
 import java.security.SecureRandom;
diff --git a/crypto/src/test/java/org/springframework/security/crypto/encrypt/BouncyCastleAesBytesEncryptorTests.java b/crypto/src/test/java/org/springframework/security/crypto/encrypt/BouncyCastleAesBytesEncryptorTests.java
index af0030ad23..88d0712c5c 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/encrypt/BouncyCastleAesBytesEncryptorTests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/encrypt/BouncyCastleAesBytesEncryptorTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.crypto.encrypt;
 
 import java.security.SecureRandom;
diff --git a/crypto/src/test/java/org/springframework/security/crypto/encrypt/CryptoAssumptions.java b/crypto/src/test/java/org/springframework/security/crypto/encrypt/CryptoAssumptions.java
index fc77e011de..1c39238133 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/encrypt/CryptoAssumptions.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/encrypt/CryptoAssumptions.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.crypto.encrypt;
 
 import java.security.NoSuchAlgorithmException;
diff --git a/crypto/src/test/java/org/springframework/security/crypto/encrypt/EncryptorsTests.java b/crypto/src/test/java/org/springframework/security/crypto/encrypt/EncryptorsTests.java
index 75fbd97cc7..470cc796f7 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/encrypt/EncryptorsTests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/encrypt/EncryptorsTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.crypto.encrypt;
 
 import org.junit.Test;
diff --git a/crypto/src/test/java/org/springframework/security/crypto/keygen/KeyGeneratorsTests.java b/crypto/src/test/java/org/springframework/security/crypto/keygen/KeyGeneratorsTests.java
index 4fa1b5e502..f0ec884464 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/keygen/KeyGeneratorsTests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/keygen/KeyGeneratorsTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.crypto.keygen;
 
 import java.util.Arrays;
diff --git a/crypto/src/test/java/org/springframework/security/crypto/password/DigesterTests.java b/crypto/src/test/java/org/springframework/security/crypto/password/DigesterTests.java
index 24c8a58d46..b5a2c24351 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/password/DigesterTests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/password/DigesterTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.crypto.password;
 
 import org.junit.Test;
diff --git a/crypto/src/test/java/org/springframework/security/crypto/password/PasswordEncoderUtilsTests.java b/crypto/src/test/java/org/springframework/security/crypto/password/PasswordEncoderUtilsTests.java
index 99dd6a997f..beeadc065a 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/password/PasswordEncoderUtilsTests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/password/PasswordEncoderUtilsTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.crypto.password;
 
 import org.junit.Test;
diff --git a/crypto/src/test/java/org/springframework/security/crypto/password/Pbkdf2PasswordEncoderTests.java b/crypto/src/test/java/org/springframework/security/crypto/password/Pbkdf2PasswordEncoderTests.java
index 00109b174d..3da34c5daf 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/password/Pbkdf2PasswordEncoderTests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/password/Pbkdf2PasswordEncoderTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.crypto.password;
 
 import java.util.Arrays;
diff --git a/crypto/src/test/java/org/springframework/security/crypto/password/StandardPasswordEncoderTests.java b/crypto/src/test/java/org/springframework/security/crypto/password/StandardPasswordEncoderTests.java
index f1025f03a1..0c89dbcfd5 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/password/StandardPasswordEncoderTests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/password/StandardPasswordEncoderTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.crypto.password;
 
 import org.junit.Test;
diff --git a/crypto/src/test/java/org/springframework/security/crypto/scrypt/SCryptPasswordEncoderTests.java b/crypto/src/test/java/org/springframework/security/crypto/scrypt/SCryptPasswordEncoderTests.java
index e33eb2a8e6..22fa4d5ffe 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/scrypt/SCryptPasswordEncoderTests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/scrypt/SCryptPasswordEncoderTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.crypto.scrypt;
 
 import org.junit.Test;
diff --git a/crypto/src/test/java/org/springframework/security/crypto/util/EncodingUtilsTests.java b/crypto/src/test/java/org/springframework/security/crypto/util/EncodingUtilsTests.java
index 2bf80a3e4b..cc233a211e 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/util/EncodingUtilsTests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/util/EncodingUtilsTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.crypto.util;
 
 import java.util.Arrays;
diff --git a/data/src/main/java/org/springframework/security/data/repository/query/SecurityEvaluationContextExtension.java b/data/src/main/java/org/springframework/security/data/repository/query/SecurityEvaluationContextExtension.java
index 84d9f836c2..6b85649b08 100644
--- a/data/src/main/java/org/springframework/security/data/repository/query/SecurityEvaluationContextExtension.java
+++ b/data/src/main/java/org/springframework/security/data/repository/query/SecurityEvaluationContextExtension.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.data.repository.query;
 
 import org.springframework.data.spel.spi.EvaluationContextExtension;
diff --git a/data/src/test/java/org/springframework/security/data/repository/query/SecurityEvaluationContextExtensionTests.java b/data/src/test/java/org/springframework/security/data/repository/query/SecurityEvaluationContextExtensionTests.java
index 7931e2470d..38cd7e3f01 100644
--- a/data/src/test/java/org/springframework/security/data/repository/query/SecurityEvaluationContextExtensionTests.java
+++ b/data/src/test/java/org/springframework/security/data/repository/query/SecurityEvaluationContextExtensionTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.data.repository.query;
 
 import org.junit.After;
diff --git a/itest/context/src/integration-test/java/org/springframework/security/integration/HttpNamespaceWithMultipleInterceptorsTests.java b/itest/context/src/integration-test/java/org/springframework/security/integration/HttpNamespaceWithMultipleInterceptorsTests.java
index 89c3a11289..f4f42b4c4a 100644
--- a/itest/context/src/integration-test/java/org/springframework/security/integration/HttpNamespaceWithMultipleInterceptorsTests.java
+++ b/itest/context/src/integration-test/java/org/springframework/security/integration/HttpNamespaceWithMultipleInterceptorsTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.integration;
 
 import javax.servlet.http.HttpSession;
diff --git a/itest/context/src/integration-test/java/org/springframework/security/integration/HttpPathParameterStrippingTests.java b/itest/context/src/integration-test/java/org/springframework/security/integration/HttpPathParameterStrippingTests.java
index 46032d7af2..eebe083e15 100644
--- a/itest/context/src/integration-test/java/org/springframework/security/integration/HttpPathParameterStrippingTests.java
+++ b/itest/context/src/integration-test/java/org/springframework/security/integration/HttpPathParameterStrippingTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.integration;
 
 import javax.servlet.http.HttpSession;
diff --git a/itest/context/src/integration-test/java/org/springframework/security/integration/MultiAnnotationTests.java b/itest/context/src/integration-test/java/org/springframework/security/integration/MultiAnnotationTests.java
index f66094a252..90fe40b464 100644
--- a/itest/context/src/integration-test/java/org/springframework/security/integration/MultiAnnotationTests.java
+++ b/itest/context/src/integration-test/java/org/springframework/security/integration/MultiAnnotationTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.integration;
 
 import org.junit.After;
diff --git a/itest/context/src/integration-test/java/org/springframework/security/integration/SEC933ApplicationContextTests.java b/itest/context/src/integration-test/java/org/springframework/security/integration/SEC933ApplicationContextTests.java
index d4873d0098..dd9fc54bd4 100644
--- a/itest/context/src/integration-test/java/org/springframework/security/integration/SEC933ApplicationContextTests.java
+++ b/itest/context/src/integration-test/java/org/springframework/security/integration/SEC933ApplicationContextTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.integration;
 
 import org.junit.Test;
diff --git a/itest/context/src/integration-test/java/org/springframework/security/integration/SEC936ApplicationContextTests.java b/itest/context/src/integration-test/java/org/springframework/security/integration/SEC936ApplicationContextTests.java
index 2bc4f511da..03414f32ea 100644
--- a/itest/context/src/integration-test/java/org/springframework/security/integration/SEC936ApplicationContextTests.java
+++ b/itest/context/src/integration-test/java/org/springframework/security/integration/SEC936ApplicationContextTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.integration;
 
 import org.junit.Test;
diff --git a/itest/context/src/integration-test/java/org/springframework/security/integration/StubUserRepository.java b/itest/context/src/integration-test/java/org/springframework/security/integration/StubUserRepository.java
index 88c4070a39..a61081d7e4 100644
--- a/itest/context/src/integration-test/java/org/springframework/security/integration/StubUserRepository.java
+++ b/itest/context/src/integration-test/java/org/springframework/security/integration/StubUserRepository.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.integration;
 
 public class StubUserRepository implements UserRepository {
diff --git a/itest/context/src/integration-test/java/org/springframework/security/integration/python/PythonInterpreterBasedSecurityTests.java b/itest/context/src/integration-test/java/org/springframework/security/integration/python/PythonInterpreterBasedSecurityTests.java
index 22bfaf7020..b01eeb24c2 100644
--- a/itest/context/src/integration-test/java/org/springframework/security/integration/python/PythonInterpreterBasedSecurityTests.java
+++ b/itest/context/src/integration-test/java/org/springframework/security/integration/python/PythonInterpreterBasedSecurityTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.integration.python;
 
 import org.junit.Test;
diff --git a/itest/context/src/integration-test/java/org/springframework/security/performance/FilterChainPerformanceTests.java b/itest/context/src/integration-test/java/org/springframework/security/performance/FilterChainPerformanceTests.java
index 70964bc91b..782668e307 100644
--- a/itest/context/src/integration-test/java/org/springframework/security/performance/FilterChainPerformanceTests.java
+++ b/itest/context/src/integration-test/java/org/springframework/security/performance/FilterChainPerformanceTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.performance;
 
 import java.util.Arrays;
diff --git a/itest/context/src/integration-test/java/org/springframework/security/performance/ProtectPointcutPerformanceTests.java b/itest/context/src/integration-test/java/org/springframework/security/performance/ProtectPointcutPerformanceTests.java
index 79b7f90088..bd3aa82544 100644
--- a/itest/context/src/integration-test/java/org/springframework/security/performance/ProtectPointcutPerformanceTests.java
+++ b/itest/context/src/integration-test/java/org/springframework/security/performance/ProtectPointcutPerformanceTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.performance;
 
 import org.junit.Before;
diff --git a/itest/context/src/main/java/org/springframework/security/integration/UserDetailsServiceImpl.java b/itest/context/src/main/java/org/springframework/security/integration/UserDetailsServiceImpl.java
index d616b95eeb..ad732690fb 100755
--- a/itest/context/src/main/java/org/springframework/security/integration/UserDetailsServiceImpl.java
+++ b/itest/context/src/main/java/org/springframework/security/integration/UserDetailsServiceImpl.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.integration;
 
 import org.springframework.beans.factory.annotation.Required;
diff --git a/itest/context/src/main/java/org/springframework/security/integration/UserRepository.java b/itest/context/src/main/java/org/springframework/security/integration/UserRepository.java
index 4d76711c8e..0c74be0044 100755
--- a/itest/context/src/main/java/org/springframework/security/integration/UserRepository.java
+++ b/itest/context/src/main/java/org/springframework/security/integration/UserRepository.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.integration;
 
 public interface UserRepository {
diff --git a/itest/context/src/main/java/org/springframework/security/integration/multiannotation/MultiAnnotationService.java b/itest/context/src/main/java/org/springframework/security/integration/multiannotation/MultiAnnotationService.java
index 6cb989c4aa..a40559ec4f 100644
--- a/itest/context/src/main/java/org/springframework/security/integration/multiannotation/MultiAnnotationService.java
+++ b/itest/context/src/main/java/org/springframework/security/integration/multiannotation/MultiAnnotationService.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.integration.multiannotation;
 
 import org.springframework.security.access.annotation.Secured;
diff --git a/itest/context/src/main/java/org/springframework/security/integration/multiannotation/MultiAnnotationServiceImpl.java b/itest/context/src/main/java/org/springframework/security/integration/multiannotation/MultiAnnotationServiceImpl.java
index 0be8aed332..1105f09340 100644
--- a/itest/context/src/main/java/org/springframework/security/integration/multiannotation/MultiAnnotationServiceImpl.java
+++ b/itest/context/src/main/java/org/springframework/security/integration/multiannotation/MultiAnnotationServiceImpl.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.integration.multiannotation;
 
 public class MultiAnnotationServiceImpl implements MultiAnnotationService {
diff --git a/itest/context/src/main/java/org/springframework/security/integration/multiannotation/PreAuthorizeService.java b/itest/context/src/main/java/org/springframework/security/integration/multiannotation/PreAuthorizeService.java
index efe6264720..8573a7b764 100644
--- a/itest/context/src/main/java/org/springframework/security/integration/multiannotation/PreAuthorizeService.java
+++ b/itest/context/src/main/java/org/springframework/security/integration/multiannotation/PreAuthorizeService.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.integration.multiannotation;
 
 import org.springframework.security.access.prepost.PreAuthorize;
diff --git a/itest/context/src/main/java/org/springframework/security/integration/multiannotation/PreAuthorizeServiceImpl.java b/itest/context/src/main/java/org/springframework/security/integration/multiannotation/PreAuthorizeServiceImpl.java
index 32602d556e..f7be682050 100644
--- a/itest/context/src/main/java/org/springframework/security/integration/multiannotation/PreAuthorizeServiceImpl.java
+++ b/itest/context/src/main/java/org/springframework/security/integration/multiannotation/PreAuthorizeServiceImpl.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.integration.multiannotation;
 
 /**
diff --git a/itest/context/src/main/java/org/springframework/security/integration/multiannotation/SecuredService.java b/itest/context/src/main/java/org/springframework/security/integration/multiannotation/SecuredService.java
index d7bed1b697..74bab792b2 100644
--- a/itest/context/src/main/java/org/springframework/security/integration/multiannotation/SecuredService.java
+++ b/itest/context/src/main/java/org/springframework/security/integration/multiannotation/SecuredService.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.integration.multiannotation;
 
 import org.springframework.security.access.annotation.Secured;
diff --git a/itest/context/src/main/java/org/springframework/security/integration/multiannotation/SecuredServiceImpl.java b/itest/context/src/main/java/org/springframework/security/integration/multiannotation/SecuredServiceImpl.java
index 45302b2abe..a43a23c0e8 100644
--- a/itest/context/src/main/java/org/springframework/security/integration/multiannotation/SecuredServiceImpl.java
+++ b/itest/context/src/main/java/org/springframework/security/integration/multiannotation/SecuredServiceImpl.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.integration.multiannotation;
 
 /**
diff --git a/itest/context/src/main/java/org/springframework/security/integration/python/PythonInterpreterPostInvocationAdvice.java b/itest/context/src/main/java/org/springframework/security/integration/python/PythonInterpreterPostInvocationAdvice.java
index 7c09ba0e19..8b5c700292 100644
--- a/itest/context/src/main/java/org/springframework/security/integration/python/PythonInterpreterPostInvocationAdvice.java
+++ b/itest/context/src/main/java/org/springframework/security/integration/python/PythonInterpreterPostInvocationAdvice.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.integration.python;
 
 import org.aopalliance.intercept.MethodInvocation;
diff --git a/itest/context/src/main/java/org/springframework/security/integration/python/PythonInterpreterPreInvocationAdvice.java b/itest/context/src/main/java/org/springframework/security/integration/python/PythonInterpreterPreInvocationAdvice.java
index 69bcb94e8d..475e778237 100644
--- a/itest/context/src/main/java/org/springframework/security/integration/python/PythonInterpreterPreInvocationAdvice.java
+++ b/itest/context/src/main/java/org/springframework/security/integration/python/PythonInterpreterPreInvocationAdvice.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.integration.python;
 
 import java.io.IOException;
diff --git a/itest/context/src/main/java/org/springframework/security/integration/python/PythonInterpreterPreInvocationAttribute.java b/itest/context/src/main/java/org/springframework/security/integration/python/PythonInterpreterPreInvocationAttribute.java
index 6fda94603b..b50e2f95f5 100644
--- a/itest/context/src/main/java/org/springframework/security/integration/python/PythonInterpreterPreInvocationAttribute.java
+++ b/itest/context/src/main/java/org/springframework/security/integration/python/PythonInterpreterPreInvocationAttribute.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.integration.python;
 
 import org.springframework.security.access.prepost.PreInvocationAttribute;
diff --git a/itest/context/src/main/java/org/springframework/security/integration/python/PythonInterpreterPrePostInvocationAttributeFactory.java b/itest/context/src/main/java/org/springframework/security/integration/python/PythonInterpreterPrePostInvocationAttributeFactory.java
index 58c98d813b..c14516b323 100644
--- a/itest/context/src/main/java/org/springframework/security/integration/python/PythonInterpreterPrePostInvocationAttributeFactory.java
+++ b/itest/context/src/main/java/org/springframework/security/integration/python/PythonInterpreterPrePostInvocationAttributeFactory.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.integration.python;
 
 import org.python.util.PythonInterpreter;
diff --git a/itest/context/src/main/java/org/springframework/security/integration/python/TestService.java b/itest/context/src/main/java/org/springframework/security/integration/python/TestService.java
index 7bc9b50628..6a97c9028b 100644
--- a/itest/context/src/main/java/org/springframework/security/integration/python/TestService.java
+++ b/itest/context/src/main/java/org/springframework/security/integration/python/TestService.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.integration.python;
 
 import org.springframework.security.access.prepost.PreAuthorize;
diff --git a/itest/context/src/main/java/org/springframework/security/integration/python/TestServiceImpl.java b/itest/context/src/main/java/org/springframework/security/integration/python/TestServiceImpl.java
index 353cc3cf2e..dda588cb7e 100644
--- a/itest/context/src/main/java/org/springframework/security/integration/python/TestServiceImpl.java
+++ b/itest/context/src/main/java/org/springframework/security/integration/python/TestServiceImpl.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.integration.python;
 
 public class TestServiceImpl implements TestService {
diff --git a/itest/misc/src/integration-test/java/org/springframework/security/context/SecurityContextHolderMTTests.java b/itest/misc/src/integration-test/java/org/springframework/security/context/SecurityContextHolderMTTests.java
index bd79033cb3..4a09b0afc3 100644
--- a/itest/misc/src/integration-test/java/org/springframework/security/context/SecurityContextHolderMTTests.java
+++ b/itest/misc/src/integration-test/java/org/springframework/security/context/SecurityContextHolderMTTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.context;
 
 import java.util.Random;
diff --git a/itest/web/src/integration-test/java/org/springframework/security/integration/AbstractWebServerIntegrationTests.java b/itest/web/src/integration-test/java/org/springframework/security/integration/AbstractWebServerIntegrationTests.java
index 6a433d0483..272e663ea1 100644
--- a/itest/web/src/integration-test/java/org/springframework/security/integration/AbstractWebServerIntegrationTests.java
+++ b/itest/web/src/integration-test/java/org/springframework/security/integration/AbstractWebServerIntegrationTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.integration;
 
 import org.junit.After;
diff --git a/itest/web/src/integration-test/java/org/springframework/security/integration/BasicAuthenticationTests.java b/itest/web/src/integration-test/java/org/springframework/security/integration/BasicAuthenticationTests.java
index f1d71e48f8..583f91fb72 100644
--- a/itest/web/src/integration-test/java/org/springframework/security/integration/BasicAuthenticationTests.java
+++ b/itest/web/src/integration-test/java/org/springframework/security/integration/BasicAuthenticationTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.integration;
 
 import org.junit.Test;
diff --git a/itest/web/src/integration-test/java/org/springframework/security/integration/ConcurrentSessionManagementTests.java b/itest/web/src/integration-test/java/org/springframework/security/integration/ConcurrentSessionManagementTests.java
index 2240396fd3..c2820e8ddc 100644
--- a/itest/web/src/integration-test/java/org/springframework/security/integration/ConcurrentSessionManagementTests.java
+++ b/itest/web/src/integration-test/java/org/springframework/security/integration/ConcurrentSessionManagementTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.integration;
 
 import java.util.Collections;
diff --git a/itest/web/src/main/java/org/springframework/security/itest/web/TestController.java b/itest/web/src/main/java/org/springframework/security/itest/web/TestController.java
index 04381f890c..e66df34c57 100644
--- a/itest/web/src/main/java/org/springframework/security/itest/web/TestController.java
+++ b/itest/web/src/main/java/org/springframework/security/itest/web/TestController.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.itest.web;
 
 import org.springframework.web.bind.annotation.RequestMapping;
diff --git a/ldap/src/integration-test/java/org/springframework/security/ldap/ApacheDsContainerConfig.java b/ldap/src/integration-test/java/org/springframework/security/ldap/ApacheDsContainerConfig.java
index 42c7b2a74b..b1a2aca60d 100644
--- a/ldap/src/integration-test/java/org/springframework/security/ldap/ApacheDsContainerConfig.java
+++ b/ldap/src/integration-test/java/org/springframework/security/ldap/ApacheDsContainerConfig.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.ldap;
 
 import javax.annotation.PreDestroy;
diff --git a/ldap/src/integration-test/java/org/springframework/security/ldap/DefaultSpringSecurityContextSourceTests.java b/ldap/src/integration-test/java/org/springframework/security/ldap/DefaultSpringSecurityContextSourceTests.java
index 31844b4587..85d9c99e9f 100644
--- a/ldap/src/integration-test/java/org/springframework/security/ldap/DefaultSpringSecurityContextSourceTests.java
+++ b/ldap/src/integration-test/java/org/springframework/security/ldap/DefaultSpringSecurityContextSourceTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.ldap;
 
 import java.util.ArrayList;
diff --git a/ldap/src/integration-test/java/org/springframework/security/ldap/server/ApacheDSEmbeddedLdifTests.java b/ldap/src/integration-test/java/org/springframework/security/ldap/server/ApacheDSEmbeddedLdifTests.java
index 40a2882379..d166c00933 100644
--- a/ldap/src/integration-test/java/org/springframework/security/ldap/server/ApacheDSEmbeddedLdifTests.java
+++ b/ldap/src/integration-test/java/org/springframework/security/ldap/server/ApacheDSEmbeddedLdifTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.ldap.server;
 
 import org.junit.After;
diff --git a/ldap/src/integration-test/java/org/springframework/security/ldap/server/UnboundIdContainerLdifTests.java b/ldap/src/integration-test/java/org/springframework/security/ldap/server/UnboundIdContainerLdifTests.java
index f9f9ed4441..645da24654 100644
--- a/ldap/src/integration-test/java/org/springframework/security/ldap/server/UnboundIdContainerLdifTests.java
+++ b/ldap/src/integration-test/java/org/springframework/security/ldap/server/UnboundIdContainerLdifTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.ldap.server;
 
 import javax.annotation.PreDestroy;
diff --git a/ldap/src/integration-test/java/org/springframework/security/ldap/server/UnboundIdContainerTests.java b/ldap/src/integration-test/java/org/springframework/security/ldap/server/UnboundIdContainerTests.java
index fb72238a8c..a86de8c005 100644
--- a/ldap/src/integration-test/java/org/springframework/security/ldap/server/UnboundIdContainerTests.java
+++ b/ldap/src/integration-test/java/org/springframework/security/ldap/server/UnboundIdContainerTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.ldap.server;
 
 import java.io.IOException;
diff --git a/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsManagerModifyPasswordTests.java b/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsManagerModifyPasswordTests.java
index 99b05bb453..275cd0cb02 100644
--- a/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsManagerModifyPasswordTests.java
+++ b/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsManagerModifyPasswordTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.ldap.userdetails;
 
 import javax.annotation.PreDestroy;
diff --git a/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/NestedLdapAuthoritiesPopulatorTests.java b/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/NestedLdapAuthoritiesPopulatorTests.java
index 657cf67edc..e2c917507b 100644
--- a/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/NestedLdapAuthoritiesPopulatorTests.java
+++ b/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/NestedLdapAuthoritiesPopulatorTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.ldap.userdetails;
 
 import java.util.Arrays;
diff --git a/ldap/src/main/java/org/springframework/security/ldap/DefaultLdapUsernameToDnMapper.java b/ldap/src/main/java/org/springframework/security/ldap/DefaultLdapUsernameToDnMapper.java
index 5c0fe7823f..7cb9753c20 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/DefaultLdapUsernameToDnMapper.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/DefaultLdapUsernameToDnMapper.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.ldap;
 
 import org.springframework.ldap.core.DistinguishedName;
diff --git a/ldap/src/main/java/org/springframework/security/ldap/DefaultSpringSecurityContextSource.java b/ldap/src/main/java/org/springframework/security/ldap/DefaultSpringSecurityContextSource.java
index f815ce06d5..6307c3d92a 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/DefaultSpringSecurityContextSource.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/DefaultSpringSecurityContextSource.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.ldap;
 
 import java.util.ArrayList;
diff --git a/ldap/src/main/java/org/springframework/security/ldap/LdapUsernameToDnMapper.java b/ldap/src/main/java/org/springframework/security/ldap/LdapUsernameToDnMapper.java
index 6a7abc1213..43d38b8177 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/LdapUsernameToDnMapper.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/LdapUsernameToDnMapper.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.ldap;
 
 import org.springframework.ldap.core.DistinguishedName;
diff --git a/ldap/src/main/java/org/springframework/security/ldap/SpringSecurityLdapTemplate.java b/ldap/src/main/java/org/springframework/security/ldap/SpringSecurityLdapTemplate.java
index 6dcb0ba823..e12cdcf848 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/SpringSecurityLdapTemplate.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/SpringSecurityLdapTemplate.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.ldap;
 
 import java.text.MessageFormat;
diff --git a/ldap/src/main/java/org/springframework/security/ldap/authentication/AbstractLdapAuthenticationProvider.java b/ldap/src/main/java/org/springframework/security/ldap/authentication/AbstractLdapAuthenticationProvider.java
index bb7f494072..c8cc25f645 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/authentication/AbstractLdapAuthenticationProvider.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/authentication/AbstractLdapAuthenticationProvider.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.ldap.authentication;
 
 import java.util.Collection;
diff --git a/ldap/src/main/java/org/springframework/security/ldap/authentication/NullLdapAuthoritiesPopulator.java b/ldap/src/main/java/org/springframework/security/ldap/authentication/NullLdapAuthoritiesPopulator.java
index 21b70d0804..d0d80e5f08 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/authentication/NullLdapAuthoritiesPopulator.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/authentication/NullLdapAuthoritiesPopulator.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.ldap.authentication;
 
 import java.util.Collection;
diff --git a/ldap/src/main/java/org/springframework/security/ldap/authentication/SpringSecurityAuthenticationSource.java b/ldap/src/main/java/org/springframework/security/ldap/authentication/SpringSecurityAuthenticationSource.java
index 9a57616525..abafcb7e8b 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/authentication/SpringSecurityAuthenticationSource.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/authentication/SpringSecurityAuthenticationSource.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.ldap.authentication;
 
 import org.apache.commons.logging.Log;
diff --git a/ldap/src/main/java/org/springframework/security/ldap/authentication/UserDetailsServiceLdapAuthoritiesPopulator.java b/ldap/src/main/java/org/springframework/security/ldap/authentication/UserDetailsServiceLdapAuthoritiesPopulator.java
index ccfbd15c24..64ea83fb08 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/authentication/UserDetailsServiceLdapAuthoritiesPopulator.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/authentication/UserDetailsServiceLdapAuthoritiesPopulator.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.ldap.authentication;
 
 import java.util.Collection;
diff --git a/ldap/src/main/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryAuthenticationException.java b/ldap/src/main/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryAuthenticationException.java
index fb6f860a2a..f4d5199b23 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryAuthenticationException.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryAuthenticationException.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.ldap.authentication.ad;
 
 import org.springframework.security.core.AuthenticationException;
diff --git a/ldap/src/main/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProvider.java b/ldap/src/main/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProvider.java
index 73a90b0315..f8d658ff4c 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProvider.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProvider.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.ldap.authentication.ad;
 
 import java.io.Serializable;
diff --git a/ldap/src/main/java/org/springframework/security/ldap/authentication/package-info.java b/ldap/src/main/java/org/springframework/security/ldap/authentication/package-info.java
index b1331c2ed2..eed3e65804 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/authentication/package-info.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/authentication/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * The LDAP authentication provider package. Interfaces are provided for both
  * authentication and retrieval of user roles from an LDAP server.
diff --git a/ldap/src/main/java/org/springframework/security/ldap/package-info.java b/ldap/src/main/java/org/springframework/security/ldap/package-info.java
index 75cb5f4eeb..891f2c4874 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/package-info.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * Spring Security's LDAP module.
  */
diff --git a/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyAwareContextSource.java b/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyAwareContextSource.java
index 9615bcba13..c364899d77 100755
--- a/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyAwareContextSource.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyAwareContextSource.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.ldap.ppolicy;
 
 import java.util.Hashtable;
diff --git a/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControlExtractor.java b/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControlExtractor.java
index 4cf3364ca9..6e41501e62 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControlExtractor.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControlExtractor.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.ldap.ppolicy;
 
 import javax.naming.directory.DirContext;
diff --git a/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyData.java b/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyData.java
index 343744e3c1..2098ebeb53 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyData.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyData.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.ldap.ppolicy;
 
 /**
diff --git a/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyErrorStatus.java b/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyErrorStatus.java
index 9aae7e4824..0b134f3daf 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyErrorStatus.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyErrorStatus.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.ldap.ppolicy;
 
 /**
diff --git a/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyException.java b/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyException.java
index b09b158d5a..73ab142052 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyException.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyException.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.ldap.ppolicy;
 
 /**
diff --git a/ldap/src/main/java/org/springframework/security/ldap/ppolicy/package-info.java b/ldap/src/main/java/org/springframework/security/ldap/ppolicy/package-info.java
index 398ff32cbc..06956868f2 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/ppolicy/package-info.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/ppolicy/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * Implementation of password policy functionality based on the <a href=
  * "https://tools.ietf.org/draft/draft-behera-ldap-password-policy/draft-behera-ldap-password-policy-09.txt">
diff --git a/ldap/src/main/java/org/springframework/security/ldap/search/package-info.java b/ldap/src/main/java/org/springframework/security/ldap/search/package-info.java
index bb8675406e..7a8f00287b 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/search/package-info.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/search/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * {@code LdapUserSearch} implementations. These may be used to locate the user in the
  * directory.
diff --git a/ldap/src/main/java/org/springframework/security/ldap/server/ApacheDSContainer.java b/ldap/src/main/java/org/springframework/security/ldap/server/ApacheDSContainer.java
index 50bec4a81c..917ca80ffd 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/server/ApacheDSContainer.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/server/ApacheDSContainer.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.ldap.server;
 
 import java.io.File;
diff --git a/ldap/src/main/java/org/springframework/security/ldap/server/UnboundIdContainer.java b/ldap/src/main/java/org/springframework/security/ldap/server/UnboundIdContainer.java
index 7055cf98ac..3a50a0f838 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/server/UnboundIdContainer.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/server/UnboundIdContainer.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.ldap.server;
 
 import java.io.InputStream;
diff --git a/ldap/src/main/java/org/springframework/security/ldap/server/package-info.java b/ldap/src/main/java/org/springframework/security/ldap/server/package-info.java
index 00ac9262f7..eb33468157 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/server/package-info.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/server/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * Embedded Apache Directory Server implementation, as used by the configuration
  * namespace.
diff --git a/ldap/src/main/java/org/springframework/security/ldap/userdetails/InetOrgPerson.java b/ldap/src/main/java/org/springframework/security/ldap/userdetails/InetOrgPerson.java
index 77e674309b..3ef3427b09 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/userdetails/InetOrgPerson.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/userdetails/InetOrgPerson.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.ldap.userdetails;
 
 import org.springframework.ldap.core.DirContextAdapter;
diff --git a/ldap/src/main/java/org/springframework/security/ldap/userdetails/InetOrgPersonContextMapper.java b/ldap/src/main/java/org/springframework/security/ldap/userdetails/InetOrgPersonContextMapper.java
index ff7824acda..95866535aa 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/userdetails/InetOrgPersonContextMapper.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/userdetails/InetOrgPersonContextMapper.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.ldap.userdetails;
 
 import java.util.Collection;
diff --git a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapAuthority.java b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapAuthority.java
index 98fe382fab..a78c1ef47c 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapAuthority.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapAuthority.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.ldap.userdetails;
 
 import java.util.Collections;
diff --git a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsManager.java b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsManager.java
index c8c04669bd..a5a2c9e04e 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsManager.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsManager.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.ldap.userdetails;
 
 import java.io.ByteArrayOutputStream;
diff --git a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsService.java b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsService.java
index 467d781b59..bc5ee9fc03 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsService.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsService.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.ldap.userdetails;
 
 import java.util.Collection;
diff --git a/ldap/src/main/java/org/springframework/security/ldap/userdetails/NestedLdapAuthoritiesPopulator.java b/ldap/src/main/java/org/springframework/security/ldap/userdetails/NestedLdapAuthoritiesPopulator.java
index 4aa2f0c61f..8fc0a4c76e 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/userdetails/NestedLdapAuthoritiesPopulator.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/userdetails/NestedLdapAuthoritiesPopulator.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.ldap.userdetails;
 
 import java.util.HashSet;
diff --git a/ldap/src/main/java/org/springframework/security/ldap/userdetails/Person.java b/ldap/src/main/java/org/springframework/security/ldap/userdetails/Person.java
index 21e08f7e99..0fd4b8d9d9 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/userdetails/Person.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/userdetails/Person.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.ldap.userdetails;
 
 import java.util.ArrayList;
diff --git a/ldap/src/main/java/org/springframework/security/ldap/userdetails/PersonContextMapper.java b/ldap/src/main/java/org/springframework/security/ldap/userdetails/PersonContextMapper.java
index 542bfe7548..b4fc788d1d 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/userdetails/PersonContextMapper.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/userdetails/PersonContextMapper.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.ldap.userdetails;
 
 import java.util.Collection;
diff --git a/ldap/src/main/java/org/springframework/security/ldap/userdetails/UserDetailsContextMapper.java b/ldap/src/main/java/org/springframework/security/ldap/userdetails/UserDetailsContextMapper.java
index d9d0aaadf2..9c4a9e7294 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/userdetails/UserDetailsContextMapper.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/userdetails/UserDetailsContextMapper.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.ldap.userdetails;
 
 import java.util.Collection;
diff --git a/ldap/src/main/java/org/springframework/security/ldap/userdetails/package-info.java b/ldap/src/main/java/org/springframework/security/ldap/userdetails/package-info.java
index d6c5da261f..d4beff61c2 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/userdetails/package-info.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/userdetails/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * LDAP-focused {@code UserDetails} implementations which map from a ubset of the data
  * contained in some of the standard LDAP types (such as {@code InetOrgPerson}).
diff --git a/ldap/src/test/java/org/springframework/security/ldap/SpringSecurityAuthenticationSourceTests.java b/ldap/src/test/java/org/springframework/security/ldap/SpringSecurityAuthenticationSourceTests.java
index b0749df09b..e7e0b487f1 100644
--- a/ldap/src/test/java/org/springframework/security/ldap/SpringSecurityAuthenticationSourceTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/SpringSecurityAuthenticationSourceTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.ldap;
 
 import org.junit.After;
diff --git a/ldap/src/test/java/org/springframework/security/ldap/SpringSecurityLdapTemplateTests.java b/ldap/src/test/java/org/springframework/security/ldap/SpringSecurityLdapTemplateTests.java
index 2eb15fbbcd..082392d6d5 100644
--- a/ldap/src/test/java/org/springframework/security/ldap/SpringSecurityLdapTemplateTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/SpringSecurityLdapTemplateTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.ldap;
 
 import javax.naming.NamingEnumeration;
diff --git a/ldap/src/test/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProviderTests.java b/ldap/src/test/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProviderTests.java
index dd2ee0b428..b3c3a78d34 100644
--- a/ldap/src/test/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProviderTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProviderTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.ldap.authentication.ad;
 
 import java.util.Collections;
diff --git a/ldap/src/test/java/org/springframework/security/ldap/ppolicy/OpenLDAPIntegrationTestSuite.java b/ldap/src/test/java/org/springframework/security/ldap/ppolicy/OpenLDAPIntegrationTestSuite.java
index 4f6668d90c..4636baa78f 100644
--- a/ldap/src/test/java/org/springframework/security/ldap/ppolicy/OpenLDAPIntegrationTestSuite.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/ppolicy/OpenLDAPIntegrationTestSuite.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.ldap.ppolicy;
 
 /**
diff --git a/ldap/src/test/java/org/springframework/security/ldap/ppolicy/PasswordPolicyAwareContextSourceTests.java b/ldap/src/test/java/org/springframework/security/ldap/ppolicy/PasswordPolicyAwareContextSourceTests.java
index 45681bb1d6..0f0ffef89f 100644
--- a/ldap/src/test/java/org/springframework/security/ldap/ppolicy/PasswordPolicyAwareContextSourceTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/ppolicy/PasswordPolicyAwareContextSourceTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.ldap.ppolicy;
 
 import java.util.Hashtable;
diff --git a/ldap/src/test/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControlFactoryTests.java b/ldap/src/test/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControlFactoryTests.java
index 54c1bd06b5..2572727594 100644
--- a/ldap/src/test/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControlFactoryTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControlFactoryTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.ldap.ppolicy;
 
 import javax.naming.ldap.Control;
diff --git a/ldap/src/test/java/org/springframework/security/ldap/userdetails/InetOrgPersonTests.java b/ldap/src/test/java/org/springframework/security/ldap/userdetails/InetOrgPersonTests.java
index 74355326e9..1f1e767efe 100644
--- a/ldap/src/test/java/org/springframework/security/ldap/userdetails/InetOrgPersonTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/userdetails/InetOrgPersonTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.ldap.userdetails;
 
 import java.util.HashSet;
diff --git a/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapAuthorityTests.java b/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapAuthorityTests.java
index 60a6779fba..27b9c8421e 100644
--- a/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapAuthorityTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapAuthorityTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.ldap.userdetails;
 
 import java.util.Arrays;
diff --git a/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsImplTests.java b/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsImplTests.java
index 4352352500..7671e06211 100644
--- a/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsImplTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsImplTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.ldap.userdetails;
 
 import org.junit.Test;
diff --git a/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsServiceTests.java b/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsServiceTests.java
index 5fd8e1a295..5ef160ca9a 100644
--- a/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsServiceTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsServiceTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.ldap.userdetails;
 
 import java.util.Collection;
diff --git a/ldap/src/test/java/org/springframework/security/ldap/userdetails/UserDetailsServiceLdapAuthoritiesPopulatorTests.java b/ldap/src/test/java/org/springframework/security/ldap/userdetails/UserDetailsServiceLdapAuthoritiesPopulatorTests.java
index 0909c65191..cfdb2267c4 100644
--- a/ldap/src/test/java/org/springframework/security/ldap/userdetails/UserDetailsServiceLdapAuthoritiesPopulatorTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/userdetails/UserDetailsServiceLdapAuthoritiesPopulatorTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.ldap.userdetails;
 
 import java.util.Collection;
diff --git a/messaging/src/main/java/org/springframework/security/messaging/access/expression/DefaultMessageSecurityExpressionHandler.java b/messaging/src/main/java/org/springframework/security/messaging/access/expression/DefaultMessageSecurityExpressionHandler.java
index c896eb3955..4a0e6e8ffa 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/access/expression/DefaultMessageSecurityExpressionHandler.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/access/expression/DefaultMessageSecurityExpressionHandler.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.messaging.access.expression;
 
 import org.springframework.messaging.Message;
diff --git a/messaging/src/main/java/org/springframework/security/messaging/access/expression/EvaluationContextPostProcessor.java b/messaging/src/main/java/org/springframework/security/messaging/access/expression/EvaluationContextPostProcessor.java
index 6009fe07a6..72cd1f8bc2 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/access/expression/EvaluationContextPostProcessor.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/access/expression/EvaluationContextPostProcessor.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.messaging.access.expression;
 
 import org.springframework.expression.EvaluationContext;
diff --git a/messaging/src/main/java/org/springframework/security/messaging/access/expression/ExpressionBasedMessageSecurityMetadataSourceFactory.java b/messaging/src/main/java/org/springframework/security/messaging/access/expression/ExpressionBasedMessageSecurityMetadataSourceFactory.java
index ba70ba0583..0fba7760b7 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/access/expression/ExpressionBasedMessageSecurityMetadataSourceFactory.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/access/expression/ExpressionBasedMessageSecurityMetadataSourceFactory.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.messaging.access.expression;
 
 import java.util.Arrays;
diff --git a/messaging/src/main/java/org/springframework/security/messaging/access/expression/MessageExpressionConfigAttribute.java b/messaging/src/main/java/org/springframework/security/messaging/access/expression/MessageExpressionConfigAttribute.java
index a38abb344f..598ca2e339 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/access/expression/MessageExpressionConfigAttribute.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/access/expression/MessageExpressionConfigAttribute.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.messaging.access.expression;
 
 import java.util.Map;
diff --git a/messaging/src/main/java/org/springframework/security/messaging/access/expression/MessageExpressionVoter.java b/messaging/src/main/java/org/springframework/security/messaging/access/expression/MessageExpressionVoter.java
index a98e6c341a..3ec994cd77 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/access/expression/MessageExpressionVoter.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/access/expression/MessageExpressionVoter.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.messaging.access.expression;
 
 import java.util.Collection;
diff --git a/messaging/src/main/java/org/springframework/security/messaging/access/expression/MessageSecurityExpressionRoot.java b/messaging/src/main/java/org/springframework/security/messaging/access/expression/MessageSecurityExpressionRoot.java
index 74238e5c59..710fbeb154 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/access/expression/MessageSecurityExpressionRoot.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/access/expression/MessageSecurityExpressionRoot.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.messaging.access.expression;
 
 import org.springframework.messaging.Message;
diff --git a/messaging/src/main/java/org/springframework/security/messaging/access/intercept/ChannelSecurityInterceptor.java b/messaging/src/main/java/org/springframework/security/messaging/access/intercept/ChannelSecurityInterceptor.java
index 7e9071478c..9fe9f7117f 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/access/intercept/ChannelSecurityInterceptor.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/access/intercept/ChannelSecurityInterceptor.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.messaging.access.intercept;
 
 import org.springframework.messaging.Message;
diff --git a/messaging/src/main/java/org/springframework/security/messaging/access/intercept/DefaultMessageSecurityMetadataSource.java b/messaging/src/main/java/org/springframework/security/messaging/access/intercept/DefaultMessageSecurityMetadataSource.java
index e7d77c0f32..c1f3057c87 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/access/intercept/DefaultMessageSecurityMetadataSource.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/access/intercept/DefaultMessageSecurityMetadataSource.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.messaging.access.intercept;
 
 import java.util.Collection;
diff --git a/messaging/src/main/java/org/springframework/security/messaging/access/intercept/MessageSecurityMetadataSource.java b/messaging/src/main/java/org/springframework/security/messaging/access/intercept/MessageSecurityMetadataSource.java
index d50f47ad62..acf6565c45 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/access/intercept/MessageSecurityMetadataSource.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/access/intercept/MessageSecurityMetadataSource.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.messaging.access.intercept;
 
 import org.springframework.messaging.Message;
diff --git a/messaging/src/main/java/org/springframework/security/messaging/context/AuthenticationPrincipalArgumentResolver.java b/messaging/src/main/java/org/springframework/security/messaging/context/AuthenticationPrincipalArgumentResolver.java
index 75df6830d7..031752ffef 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/context/AuthenticationPrincipalArgumentResolver.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/context/AuthenticationPrincipalArgumentResolver.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.messaging.context;
 
 import java.lang.annotation.Annotation;
diff --git a/messaging/src/main/java/org/springframework/security/messaging/context/SecurityContextChannelInterceptor.java b/messaging/src/main/java/org/springframework/security/messaging/context/SecurityContextChannelInterceptor.java
index e30c1809c4..409043edcb 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/context/SecurityContextChannelInterceptor.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/context/SecurityContextChannelInterceptor.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.messaging.context;
 
 import java.util.Stack;
diff --git a/messaging/src/main/java/org/springframework/security/messaging/util/matcher/AbstractMessageMatcherComposite.java b/messaging/src/main/java/org/springframework/security/messaging/util/matcher/AbstractMessageMatcherComposite.java
index e5a4ef2c3a..aae2465ed5 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/util/matcher/AbstractMessageMatcherComposite.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/util/matcher/AbstractMessageMatcherComposite.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.messaging.util.matcher;
 
 import java.util.Arrays;
diff --git a/messaging/src/main/java/org/springframework/security/messaging/util/matcher/AndMessageMatcher.java b/messaging/src/main/java/org/springframework/security/messaging/util/matcher/AndMessageMatcher.java
index 303f4dd120..45767fc56e 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/util/matcher/AndMessageMatcher.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/util/matcher/AndMessageMatcher.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.messaging.util.matcher;
 
 import java.util.List;
diff --git a/messaging/src/main/java/org/springframework/security/messaging/util/matcher/MessageMatcher.java b/messaging/src/main/java/org/springframework/security/messaging/util/matcher/MessageMatcher.java
index 414d431b37..50d401ba3b 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/util/matcher/MessageMatcher.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/util/matcher/MessageMatcher.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.messaging.util.matcher;
 
 import org.springframework.messaging.Message;
diff --git a/messaging/src/main/java/org/springframework/security/messaging/util/matcher/OrMessageMatcher.java b/messaging/src/main/java/org/springframework/security/messaging/util/matcher/OrMessageMatcher.java
index 62c46719f5..fb9971cde3 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/util/matcher/OrMessageMatcher.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/util/matcher/OrMessageMatcher.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.messaging.util.matcher;
 
 import java.util.List;
diff --git a/messaging/src/main/java/org/springframework/security/messaging/util/matcher/SimpDestinationMessageMatcher.java b/messaging/src/main/java/org/springframework/security/messaging/util/matcher/SimpDestinationMessageMatcher.java
index 4d7ff037da..95c1c60a0b 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/util/matcher/SimpDestinationMessageMatcher.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/util/matcher/SimpDestinationMessageMatcher.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.messaging.util.matcher;
 
 import java.util.Collections;
diff --git a/messaging/src/main/java/org/springframework/security/messaging/util/matcher/SimpMessageTypeMatcher.java b/messaging/src/main/java/org/springframework/security/messaging/util/matcher/SimpMessageTypeMatcher.java
index b70e91395f..82fc578cb7 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/util/matcher/SimpMessageTypeMatcher.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/util/matcher/SimpMessageTypeMatcher.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.messaging.util.matcher;
 
 import org.springframework.messaging.Message;
diff --git a/messaging/src/main/java/org/springframework/security/messaging/web/csrf/CsrfChannelInterceptor.java b/messaging/src/main/java/org/springframework/security/messaging/web/csrf/CsrfChannelInterceptor.java
index ead278e4d7..9fc3169b81 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/web/csrf/CsrfChannelInterceptor.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/web/csrf/CsrfChannelInterceptor.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.messaging.web.csrf;
 
 import java.util.Map;
diff --git a/messaging/src/main/java/org/springframework/security/messaging/web/socket/server/CsrfTokenHandshakeInterceptor.java b/messaging/src/main/java/org/springframework/security/messaging/web/socket/server/CsrfTokenHandshakeInterceptor.java
index d2dfd2cc99..aa40975f2f 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/web/socket/server/CsrfTokenHandshakeInterceptor.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/web/socket/server/CsrfTokenHandshakeInterceptor.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.messaging.web.socket.server;
 
 import java.util.Map;
diff --git a/messaging/src/test/java/org/springframework/security/messaging/access/expression/DefaultMessageSecurityExpressionHandlerTests.java b/messaging/src/test/java/org/springframework/security/messaging/access/expression/DefaultMessageSecurityExpressionHandlerTests.java
index ce7350fe4a..3a23553cca 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/access/expression/DefaultMessageSecurityExpressionHandlerTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/access/expression/DefaultMessageSecurityExpressionHandlerTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.messaging.access.expression;
 
 import org.junit.Before;
diff --git a/messaging/src/test/java/org/springframework/security/messaging/access/expression/ExpressionBasedMessageSecurityMetadataSourceFactoryTests.java b/messaging/src/test/java/org/springframework/security/messaging/access/expression/ExpressionBasedMessageSecurityMetadataSourceFactoryTests.java
index e905aff96c..98a01be6b5 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/access/expression/ExpressionBasedMessageSecurityMetadataSourceFactoryTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/access/expression/ExpressionBasedMessageSecurityMetadataSourceFactoryTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.messaging.access.expression;
 
 import java.util.Collection;
diff --git a/messaging/src/test/java/org/springframework/security/messaging/access/expression/MessageExpressionConfigAttributeTests.java b/messaging/src/test/java/org/springframework/security/messaging/access/expression/MessageExpressionConfigAttributeTests.java
index f75956e8e6..0add3f1d23 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/access/expression/MessageExpressionConfigAttributeTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/access/expression/MessageExpressionConfigAttributeTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.messaging.access.expression;
 
 import org.junit.Before;
diff --git a/messaging/src/test/java/org/springframework/security/messaging/access/expression/MessageExpressionVoterTests.java b/messaging/src/test/java/org/springframework/security/messaging/access/expression/MessageExpressionVoterTests.java
index 0af2476af3..fcd38b0553 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/access/expression/MessageExpressionVoterTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/access/expression/MessageExpressionVoterTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.messaging.access.expression;
 
 import java.util.Arrays;
diff --git a/messaging/src/test/java/org/springframework/security/messaging/access/intercept/ChannelSecurityInterceptorTests.java b/messaging/src/test/java/org/springframework/security/messaging/access/intercept/ChannelSecurityInterceptorTests.java
index fd24be8296..43da6ad2f6 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/access/intercept/ChannelSecurityInterceptorTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/access/intercept/ChannelSecurityInterceptorTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.messaging.access.intercept;
 
 import java.util.Arrays;
diff --git a/messaging/src/test/java/org/springframework/security/messaging/access/intercept/DefaultMessageSecurityMetadataSourceTests.java b/messaging/src/test/java/org/springframework/security/messaging/access/intercept/DefaultMessageSecurityMetadataSourceTests.java
index 83e53d9057..037958cb4d 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/access/intercept/DefaultMessageSecurityMetadataSourceTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/access/intercept/DefaultMessageSecurityMetadataSourceTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.messaging.access.intercept;
 
 import java.util.Arrays;
diff --git a/messaging/src/test/java/org/springframework/security/messaging/context/AuthenticationPrincipalArgumentResolverTests.java b/messaging/src/test/java/org/springframework/security/messaging/context/AuthenticationPrincipalArgumentResolverTests.java
index 4bcd5168ec..565e85ccea 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/context/AuthenticationPrincipalArgumentResolverTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/context/AuthenticationPrincipalArgumentResolverTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.messaging.context;
 
 import java.lang.annotation.ElementType;
diff --git a/messaging/src/test/java/org/springframework/security/messaging/context/SecurityContextChannelInterceptorTests.java b/messaging/src/test/java/org/springframework/security/messaging/context/SecurityContextChannelInterceptorTests.java
index 7295ef0b2a..43656244ad 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/context/SecurityContextChannelInterceptorTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/context/SecurityContextChannelInterceptorTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.messaging.context;
 
 import java.security.Principal;
diff --git a/messaging/src/test/java/org/springframework/security/messaging/util/matcher/AndMessageMatcherTests.java b/messaging/src/test/java/org/springframework/security/messaging/util/matcher/AndMessageMatcherTests.java
index 68f654ad1e..dd740ed3c2 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/util/matcher/AndMessageMatcherTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/util/matcher/AndMessageMatcherTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.messaging.util.matcher;
 
 import java.util.Arrays;
diff --git a/messaging/src/test/java/org/springframework/security/messaging/util/matcher/OrMessageMatcherTests.java b/messaging/src/test/java/org/springframework/security/messaging/util/matcher/OrMessageMatcherTests.java
index 8eef7e11e9..157dd8c772 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/util/matcher/OrMessageMatcherTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/util/matcher/OrMessageMatcherTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.messaging.util.matcher;
 
 import java.util.Arrays;
diff --git a/messaging/src/test/java/org/springframework/security/messaging/util/matcher/SimpDestinationMessageMatcherTests.java b/messaging/src/test/java/org/springframework/security/messaging/util/matcher/SimpDestinationMessageMatcherTests.java
index ac04428c53..ed1ed3d9fc 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/util/matcher/SimpDestinationMessageMatcherTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/util/matcher/SimpDestinationMessageMatcherTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.messaging.util.matcher;
 
 import org.junit.Before;
diff --git a/messaging/src/test/java/org/springframework/security/messaging/util/matcher/SimpMessageTypeMatcherTests.java b/messaging/src/test/java/org/springframework/security/messaging/util/matcher/SimpMessageTypeMatcherTests.java
index 82fdd79c12..08b727f0fe 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/util/matcher/SimpMessageTypeMatcherTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/util/matcher/SimpMessageTypeMatcherTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.messaging.util.matcher;
 
 import org.junit.Before;
diff --git a/messaging/src/test/java/org/springframework/security/messaging/web/csrf/CsrfChannelInterceptorTests.java b/messaging/src/test/java/org/springframework/security/messaging/web/csrf/CsrfChannelInterceptorTests.java
index 85ab628039..9ec31982c2 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/web/csrf/CsrfChannelInterceptorTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/web/csrf/CsrfChannelInterceptorTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.messaging.web.csrf;
 
 import java.util.HashMap;
diff --git a/messaging/src/test/java/org/springframework/security/messaging/web/socket/server/CsrfTokenHandshakeInterceptorTests.java b/messaging/src/test/java/org/springframework/security/messaging/web/socket/server/CsrfTokenHandshakeInterceptorTests.java
index cad9a23c4d..04e511db7f 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/web/socket/server/CsrfTokenHandshakeInterceptorTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/web/socket/server/CsrfTokenHandshakeInterceptorTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.messaging.web.socket.server;
 
 import java.util.HashMap;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizationCodeOAuth2AuthorizedClientProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizationCodeOAuth2AuthorizedClientProvider.java
index ff6d24e17b..d99b1a7384 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizationCodeOAuth2AuthorizedClientProvider.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizationCodeOAuth2AuthorizedClientProvider.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client;
 
 import org.springframework.lang.Nullable;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizationCodeReactiveOAuth2AuthorizedClientProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizationCodeReactiveOAuth2AuthorizedClientProvider.java
index 3608d49117..acff2900ba 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizationCodeReactiveOAuth2AuthorizedClientProvider.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizationCodeReactiveOAuth2AuthorizedClientProvider.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client;
 
 import reactor.core.publisher.Mono;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizedClientServiceOAuth2AuthorizedClientManager.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizedClientServiceOAuth2AuthorizedClientManager.java
index 769ee45e2a..f978419418 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizedClientServiceOAuth2AuthorizedClientManager.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizedClientServiceOAuth2AuthorizedClientManager.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client;
 
 import java.util.Collections;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager.java
index ef69a07419..de45d9a6a1 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client;
 
 import java.util.Collections;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ClientAuthorizationException.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ClientAuthorizationException.java
index c6010c504f..8050b74a03 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ClientAuthorizationException.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ClientAuthorizationException.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client;
 
 import org.springframework.security.oauth2.core.OAuth2AuthorizationException;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ClientAuthorizationRequiredException.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ClientAuthorizationRequiredException.java
index d951c99bc0..ee4c0e4784 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ClientAuthorizationRequiredException.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ClientAuthorizationRequiredException.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client;
 
 import org.springframework.security.oauth2.core.OAuth2Error;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ClientCredentialsOAuth2AuthorizedClientProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ClientCredentialsOAuth2AuthorizedClientProvider.java
index 5ef6bb621b..c6186fb34e 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ClientCredentialsOAuth2AuthorizedClientProvider.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ClientCredentialsOAuth2AuthorizedClientProvider.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client;
 
 import java.time.Clock;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ClientCredentialsReactiveOAuth2AuthorizedClientProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ClientCredentialsReactiveOAuth2AuthorizedClientProvider.java
index e878c6c56c..0bdf39e3ec 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ClientCredentialsReactiveOAuth2AuthorizedClientProvider.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ClientCredentialsReactiveOAuth2AuthorizedClientProvider.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client;
 
 import java.time.Clock;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/DelegatingOAuth2AuthorizedClientProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/DelegatingOAuth2AuthorizedClientProvider.java
index 0592ffe416..43cddfbb3e 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/DelegatingOAuth2AuthorizedClientProvider.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/DelegatingOAuth2AuthorizedClientProvider.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client;
 
 import java.util.ArrayList;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/DelegatingReactiveOAuth2AuthorizedClientProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/DelegatingReactiveOAuth2AuthorizedClientProvider.java
index 1c26826ba5..1d948c43d3 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/DelegatingReactiveOAuth2AuthorizedClientProvider.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/DelegatingReactiveOAuth2AuthorizedClientProvider.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client;
 
 import java.util.ArrayList;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/InMemoryOAuth2AuthorizedClientService.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/InMemoryOAuth2AuthorizedClientService.java
index 6e22c9f1ed..3041ce764f 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/InMemoryOAuth2AuthorizedClientService.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/InMemoryOAuth2AuthorizedClientService.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client;
 
 import java.util.Map;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/InMemoryReactiveOAuth2AuthorizedClientService.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/InMemoryReactiveOAuth2AuthorizedClientService.java
index 6ece1e03f1..d14d86cfc6 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/InMemoryReactiveOAuth2AuthorizedClientService.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/InMemoryReactiveOAuth2AuthorizedClientService.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client;
 
 import java.util.Map;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/JdbcOAuth2AuthorizedClientService.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/JdbcOAuth2AuthorizedClientService.java
index 6b456e9589..0927195e79 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/JdbcOAuth2AuthorizedClientService.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/JdbcOAuth2AuthorizedClientService.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client;
 
 import java.nio.charset.StandardCharsets;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizationContext.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizationContext.java
index 7dcbed8268..a74a319d69 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizationContext.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizationContext.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client;
 
 import java.util.Collections;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizationFailureHandler.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizationFailureHandler.java
index e13064f94d..4e6089eab1 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizationFailureHandler.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizationFailureHandler.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client;
 
 import java.util.Map;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizationSuccessHandler.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizationSuccessHandler.java
index 7a9f8eec1b..7e5e81a385 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizationSuccessHandler.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizationSuccessHandler.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client;
 
 import java.util.Map;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizeRequest.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizeRequest.java
index aead6ea1ab..b4ef828a13 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizeRequest.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizeRequest.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client;
 
 import java.util.Collections;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClient.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClient.java
index a2aa6ed59b..9d9efe1343 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClient.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClient.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client;
 
 import java.io.Serializable;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientId.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientId.java
index 9dd649556c..4662679fd0 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientId.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientId.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client;
 
 import java.io.Serializable;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientManager.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientManager.java
index 4133fe8f6e..0f62e2ccbe 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientManager.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientManager.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client;
 
 import org.springframework.lang.Nullable;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientProvider.java
index d6f055c777..92c61d5b29 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientProvider.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientProvider.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client;
 
 import org.springframework.lang.Nullable;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientProviderBuilder.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientProviderBuilder.java
index a0541d8eb7..cf69c89344 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientProviderBuilder.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientProviderBuilder.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client;
 
 import java.time.Clock;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientService.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientService.java
index 47786cde16..aa07cd3abd 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientService.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientService.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client;
 
 import org.springframework.security.core.Authentication;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/PasswordOAuth2AuthorizedClientProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/PasswordOAuth2AuthorizedClientProvider.java
index 9633578151..a45b697dbf 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/PasswordOAuth2AuthorizedClientProvider.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/PasswordOAuth2AuthorizedClientProvider.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client;
 
 import java.time.Clock;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/PasswordReactiveOAuth2AuthorizedClientProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/PasswordReactiveOAuth2AuthorizedClientProvider.java
index 267f6db0ed..cd535abc6d 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/PasswordReactiveOAuth2AuthorizedClientProvider.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/PasswordReactiveOAuth2AuthorizedClientProvider.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client;
 
 import java.time.Clock;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizationFailureHandler.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizationFailureHandler.java
index ae7b203467..70c23ed0d0 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizationFailureHandler.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizationFailureHandler.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client;
 
 import java.util.Map;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizationSuccessHandler.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizationSuccessHandler.java
index 55e7965c0a..5b43d8d279 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizationSuccessHandler.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizationSuccessHandler.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client;
 
 import java.util.Map;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientManager.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientManager.java
index 41f2347a30..1ee84cbc0f 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientManager.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientManager.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client;
 
 import reactor.core.publisher.Mono;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientProvider.java
index 9270a1889f..f78b4f4b08 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientProvider.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientProvider.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client;
 
 import reactor.core.publisher.Mono;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientProviderBuilder.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientProviderBuilder.java
index c817be8527..6852f42c9f 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientProviderBuilder.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientProviderBuilder.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client;
 
 import java.time.Clock;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientService.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientService.java
index affacb99c3..49c53f1d22 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientService.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientService.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client;
 
 import reactor.core.publisher.Mono;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RefreshTokenOAuth2AuthorizedClientProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RefreshTokenOAuth2AuthorizedClientProvider.java
index bfcc85b466..794ce315df 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RefreshTokenOAuth2AuthorizedClientProvider.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RefreshTokenOAuth2AuthorizedClientProvider.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client;
 
 import java.time.Clock;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RefreshTokenReactiveOAuth2AuthorizedClientProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RefreshTokenReactiveOAuth2AuthorizedClientProvider.java
index 78f947883e..8abf943725 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RefreshTokenReactiveOAuth2AuthorizedClientProvider.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RefreshTokenReactiveOAuth2AuthorizedClientProvider.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client;
 
 import java.time.Clock;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RemoveAuthorizedClientOAuth2AuthorizationFailureHandler.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RemoveAuthorizedClientOAuth2AuthorizationFailureHandler.java
index 79a4007f70..aafaaa422f 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RemoveAuthorizedClientOAuth2AuthorizationFailureHandler.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RemoveAuthorizedClientOAuth2AuthorizationFailureHandler.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client;
 
 import java.util.Arrays;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler.java
index 0e52150bdb..0c7b295fb2 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client;
 
 import java.util.Arrays;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/annotation/RegisteredOAuth2AuthorizedClient.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/annotation/RegisteredOAuth2AuthorizedClient.java
index e207bdcfc8..d553b58fb6 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/annotation/RegisteredOAuth2AuthorizedClient.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/annotation/RegisteredOAuth2AuthorizedClient.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.annotation;
 
 import java.lang.annotation.Documented;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthenticationToken.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthenticationToken.java
index 7e8197a459..7d5fdba358 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthenticationToken.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthenticationToken.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.authentication;
 
 import java.util.Collection;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationProvider.java
index a2b3b900a9..64d870d790 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationProvider.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationProvider.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.authentication;
 
 import org.springframework.security.authentication.AuthenticationProvider;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationToken.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationToken.java
index f1e371d3c7..574b0b4900 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationToken.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationToken.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.authentication;
 
 import java.util.Collections;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeReactiveAuthenticationManager.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeReactiveAuthenticationManager.java
index e947fe4537..cf5af36cda 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeReactiveAuthenticationManager.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeReactiveAuthenticationManager.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.authentication;
 
 import java.util.function.Function;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProvider.java
index abc2b4701f..7edb67e586 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProvider.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProvider.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.authentication;
 
 import java.util.Collection;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationToken.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationToken.java
index aeb385f478..cbfe8b709f 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationToken.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationToken.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.authentication;
 
 import java.util.Collection;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginReactiveAuthenticationManager.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginReactiveAuthenticationManager.java
index 8fdb066ef2..470653b2a4 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginReactiveAuthenticationManager.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginReactiveAuthenticationManager.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.authentication;
 
 import java.util.Collection;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/package-info.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/package-info.java
index 8ca0e3b135..76109f9a3c 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/package-info.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * Support classes and interfaces for authenticating and authorizing a client with an
  * OAuth 2.0 Authorization Server using a specific authorization grant flow.
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/AbstractOAuth2AuthorizationGrantRequest.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/AbstractOAuth2AuthorizationGrantRequest.java
index 900f2c828b..a0d5a698d4 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/AbstractOAuth2AuthorizationGrantRequest.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/AbstractOAuth2AuthorizationGrantRequest.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.endpoint;
 
 import org.springframework.security.oauth2.core.AuthorizationGrantType;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/AbstractWebClientReactiveOAuth2AccessTokenResponseClient.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/AbstractWebClientReactiveOAuth2AccessTokenResponseClient.java
index 81329fb5ad..2b9f71e890 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/AbstractWebClientReactiveOAuth2AccessTokenResponseClient.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/AbstractWebClientReactiveOAuth2AccessTokenResponseClient.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.endpoint;
 
 import java.util.Collections;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/DefaultAuthorizationCodeTokenResponseClient.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/DefaultAuthorizationCodeTokenResponseClient.java
index 589eaca98a..46ea462465 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/DefaultAuthorizationCodeTokenResponseClient.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/DefaultAuthorizationCodeTokenResponseClient.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.endpoint;
 
 import java.util.Arrays;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/DefaultClientCredentialsTokenResponseClient.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/DefaultClientCredentialsTokenResponseClient.java
index 76772c945e..b74fcad2fa 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/DefaultClientCredentialsTokenResponseClient.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/DefaultClientCredentialsTokenResponseClient.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.endpoint;
 
 import java.util.Arrays;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/DefaultPasswordTokenResponseClient.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/DefaultPasswordTokenResponseClient.java
index 7dc693ec3e..cea3eee2f9 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/DefaultPasswordTokenResponseClient.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/DefaultPasswordTokenResponseClient.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.endpoint;
 
 import java.util.Arrays;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/DefaultRefreshTokenTokenResponseClient.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/DefaultRefreshTokenTokenResponseClient.java
index 2e470ab382..657ab72c7d 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/DefaultRefreshTokenTokenResponseClient.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/DefaultRefreshTokenTokenResponseClient.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.endpoint;
 
 import java.util.Arrays;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/NimbusAuthorizationCodeTokenResponseClient.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/NimbusAuthorizationCodeTokenResponseClient.java
index a9adea42fa..c4ae9d881b 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/NimbusAuthorizationCodeTokenResponseClient.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/NimbusAuthorizationCodeTokenResponseClient.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.endpoint;
 
 import java.io.IOException;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2AccessTokenResponseClient.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2AccessTokenResponseClient.java
index 7afbde5e98..508365898b 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2AccessTokenResponseClient.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2AccessTokenResponseClient.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.endpoint;
 
 import org.springframework.security.oauth2.core.AuthorizationGrantType;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequest.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequest.java
index 7fff7206d1..feae3d1f37 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequest.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequest.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.endpoint;
 
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestEntityConverter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestEntityConverter.java
index 9ff364c9d7..15eae1f504 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestEntityConverter.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestEntityConverter.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.endpoint;
 
 import java.net.URI;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationGrantRequestEntityUtils.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationGrantRequestEntityUtils.java
index 20079b80c0..a2ebf614b2 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationGrantRequestEntityUtils.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationGrantRequestEntityUtils.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.endpoint;
 
 import java.util.Collections;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequest.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequest.java
index 4b4c6574fc..f91868a0fe 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequest.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequest.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.endpoint;
 
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestEntityConverter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestEntityConverter.java
index 67784177a0..81467775da 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestEntityConverter.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestEntityConverter.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.endpoint;
 
 import java.net.URI;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2PasswordGrantRequest.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2PasswordGrantRequest.java
index 69901df2e7..cc82b3f47f 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2PasswordGrantRequest.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2PasswordGrantRequest.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.endpoint;
 
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2PasswordGrantRequestEntityConverter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2PasswordGrantRequestEntityConverter.java
index 5d5e43232a..0a9caee61f 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2PasswordGrantRequestEntityConverter.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2PasswordGrantRequestEntityConverter.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.endpoint;
 
 import java.net.URI;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2RefreshTokenGrantRequest.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2RefreshTokenGrantRequest.java
index 5229f7fa64..c24defbdb3 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2RefreshTokenGrantRequest.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2RefreshTokenGrantRequest.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.endpoint;
 
 import java.util.Collections;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2RefreshTokenGrantRequestEntityConverter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2RefreshTokenGrantRequestEntityConverter.java
index 21c8a9c09d..3012797171 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2RefreshTokenGrantRequestEntityConverter.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2RefreshTokenGrantRequestEntityConverter.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.endpoint;
 
 import java.net.URI;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/ReactiveOAuth2AccessTokenResponseClient.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/ReactiveOAuth2AccessTokenResponseClient.java
index 7dd03c92eb..0246a91cd1 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/ReactiveOAuth2AccessTokenResponseClient.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/ReactiveOAuth2AccessTokenResponseClient.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.endpoint;
 
 import reactor.core.publisher.Mono;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveAuthorizationCodeTokenResponseClient.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveAuthorizationCodeTokenResponseClient.java
index f565d24a75..77926000d4 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveAuthorizationCodeTokenResponseClient.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveAuthorizationCodeTokenResponseClient.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.endpoint;
 
 import java.util.Collections;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveClientCredentialsTokenResponseClient.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveClientCredentialsTokenResponseClient.java
index 8fdd865bd6..7ad39faf0c 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveClientCredentialsTokenResponseClient.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveClientCredentialsTokenResponseClient.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.endpoint;
 
 import java.util.Set;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/WebClientReactivePasswordTokenResponseClient.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/WebClientReactivePasswordTokenResponseClient.java
index edb2a20aa2..bac8801ea6 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/WebClientReactivePasswordTokenResponseClient.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/WebClientReactivePasswordTokenResponseClient.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.endpoint;
 
 import java.util.Set;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveRefreshTokenTokenResponseClient.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveRefreshTokenTokenResponseClient.java
index 1e59a431c6..6fb61850ff 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveRefreshTokenTokenResponseClient.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveRefreshTokenTokenResponseClient.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.endpoint;
 
 import java.util.Set;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/package-info.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/package-info.java
index fa3b2f41ba..bd3ed6e516 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/package-info.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * Classes and interfaces providing support to the client for initiating requests to the
  * Authorization Server's Protocol Endpoints.
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/http/OAuth2ErrorResponseErrorHandler.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/http/OAuth2ErrorResponseErrorHandler.java
index 9f1e7be66a..1b5135a56f 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/http/OAuth2ErrorResponseErrorHandler.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/http/OAuth2ErrorResponseErrorHandler.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.http;
 
 import java.io.IOException;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/ClientRegistrationDeserializer.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/ClientRegistrationDeserializer.java
index f299bdc242..9b8faa2ec5 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/ClientRegistrationDeserializer.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/ClientRegistrationDeserializer.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.jackson2;
 
 import java.io.IOException;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/ClientRegistrationMixin.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/ClientRegistrationMixin.java
index e750d9f51d..e56d1c039c 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/ClientRegistrationMixin.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/ClientRegistrationMixin.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.jackson2;
 
 import com.fasterxml.jackson.annotation.JsonAutoDetect;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/DefaultOAuth2UserMixin.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/DefaultOAuth2UserMixin.java
index e73d5d0d16..917062c905 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/DefaultOAuth2UserMixin.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/DefaultOAuth2UserMixin.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.jackson2;
 
 import java.util.Collection;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/DefaultOidcUserMixin.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/DefaultOidcUserMixin.java
index bfdfa3b268..5b46dc9396 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/DefaultOidcUserMixin.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/DefaultOidcUserMixin.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.jackson2;
 
 import java.util.Collection;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/JsonNodeUtils.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/JsonNodeUtils.java
index 6491424e09..3b1dff6da6 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/JsonNodeUtils.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/JsonNodeUtils.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.jackson2;
 
 import java.util.Map;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AccessTokenMixin.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AccessTokenMixin.java
index 0ac2181b72..1d9e682829 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AccessTokenMixin.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AccessTokenMixin.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.jackson2;
 
 import java.time.Instant;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationExceptionMixin.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationExceptionMixin.java
index e4d379189a..9fa810c1ac 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationExceptionMixin.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationExceptionMixin.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.jackson2;
 
 import com.fasterxml.jackson.annotation.JsonAutoDetect;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationTokenMixin.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationTokenMixin.java
index 78a4a1565c..30ac991032 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationTokenMixin.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationTokenMixin.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.jackson2;
 
 import java.util.Collection;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizationRequestDeserializer.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizationRequestDeserializer.java
index 5c514b86e2..01a31eb502 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizationRequestDeserializer.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizationRequestDeserializer.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.jackson2;
 
 import java.io.IOException;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizationRequestMixin.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizationRequestMixin.java
index 9398999951..49f7b40903 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizationRequestMixin.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizationRequestMixin.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.jackson2;
 
 import com.fasterxml.jackson.annotation.JsonAutoDetect;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizedClientMixin.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizedClientMixin.java
index a9af20a662..03cd18f2e0 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizedClientMixin.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizedClientMixin.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.jackson2;
 
 import com.fasterxml.jackson.annotation.JsonAutoDetect;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2ClientJackson2Module.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2ClientJackson2Module.java
index daa695bdfc..4c8158247a 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2ClientJackson2Module.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2ClientJackson2Module.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.jackson2;
 
 import java.util.Collections;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2ErrorMixin.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2ErrorMixin.java
index 5404c7177e..cc8cf872cd 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2ErrorMixin.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2ErrorMixin.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.jackson2;
 
 import com.fasterxml.jackson.annotation.JsonAutoDetect;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2RefreshTokenMixin.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2RefreshTokenMixin.java
index a241524ee4..f017ca6feb 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2RefreshTokenMixin.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2RefreshTokenMixin.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.jackson2;
 
 import java.time.Instant;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2UserAuthorityMixin.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2UserAuthorityMixin.java
index 35b4fa12cb..e870fb087f 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2UserAuthorityMixin.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2UserAuthorityMixin.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.jackson2;
 
 import java.util.Map;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OidcIdTokenMixin.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OidcIdTokenMixin.java
index 81f2f61f42..cdd0d0f592 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OidcIdTokenMixin.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OidcIdTokenMixin.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.jackson2;
 
 import java.time.Instant;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OidcUserAuthorityMixin.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OidcUserAuthorityMixin.java
index 1d25f5f7c0..5e5e0eda0a 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OidcUserAuthorityMixin.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OidcUserAuthorityMixin.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.jackson2;
 
 import com.fasterxml.jackson.annotation.JsonAutoDetect;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OidcUserInfoMixin.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OidcUserInfoMixin.java
index adecd16dc0..8dbdd4e4dc 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OidcUserInfoMixin.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OidcUserInfoMixin.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.jackson2;
 
 import java.util.Map;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/StdConverters.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/StdConverters.java
index cab0af678f..3fc82a57e1 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/StdConverters.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/StdConverters.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.jackson2;
 
 import com.fasterxml.jackson.databind.JsonNode;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/UnmodifiableMapDeserializer.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/UnmodifiableMapDeserializer.java
index 4e0b1636e4..d44b9c7278 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/UnmodifiableMapDeserializer.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/UnmodifiableMapDeserializer.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.jackson2;
 
 import java.io.IOException;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/UnmodifiableMapMixin.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/UnmodifiableMapMixin.java
index 604cfeb9d5..95941cc7e0 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/UnmodifiableMapMixin.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/UnmodifiableMapMixin.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.jackson2;
 
 import java.util.Collections;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/DefaultOidcIdTokenValidatorFactory.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/DefaultOidcIdTokenValidatorFactory.java
index aa23dd680a..c1eb285814 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/DefaultOidcIdTokenValidatorFactory.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/DefaultOidcIdTokenValidatorFactory.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.oidc.authentication;
 
 import java.util.function.Function;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProvider.java
index 2981891b44..fd47185b60 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProvider.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProvider.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.oidc.authentication;
 
 import java.nio.charset.StandardCharsets;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManager.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManager.java
index c924a77504..d602ef81a5 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManager.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManager.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.oidc.authentication;
 
 import java.nio.charset.StandardCharsets;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenDecoderFactory.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenDecoderFactory.java
index 183082ba52..1f9d489e05 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenDecoderFactory.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenDecoderFactory.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.oidc.authentication;
 
 import java.net.URL;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenValidator.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenValidator.java
index 92c3ebacc9..639e7c3fbc 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenValidator.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenValidator.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.oidc.authentication;
 
 import java.net.URL;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/ReactiveOidcIdTokenDecoderFactory.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/ReactiveOidcIdTokenDecoderFactory.java
index 8d816d30c9..6c15ae8022 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/ReactiveOidcIdTokenDecoderFactory.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/ReactiveOidcIdTokenDecoderFactory.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.oidc.authentication;
 
 import java.net.URL;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/package-info.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/package-info.java
index 04db3acbee..e487281a4a 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/package-info.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * Support classes and interfaces for authenticating and authorizing a client with an
  * OpenID Connect 1.0 Provider using a specific authorization grant flow.
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcReactiveOAuth2UserService.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcReactiveOAuth2UserService.java
index 0cc56ec6d9..36db6ded08 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcReactiveOAuth2UserService.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcReactiveOAuth2UserService.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.oidc.userinfo;
 
 import java.time.Instant;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequest.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequest.java
index 65b1134619..d7ef47081b 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequest.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequest.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.oidc.userinfo;
 
 import java.util.Collections;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserService.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserService.java
index 76bb9a6401..19111ad944 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserService.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserService.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.oidc.userinfo;
 
 import java.time.Instant;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/package-info.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/package-info.java
index 1a0f82f568..9db24f17d5 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/package-info.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * Classes and interfaces providing support to the client for initiating requests to the
  * OpenID Connect 1.0 Provider's UserInfo Endpoint.
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/package-info.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/package-info.java
index 0403e6c217..f8ab1aea4e 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/package-info.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * Core classes and interfaces providing support for OAuth 2.0 Client.
  */
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistration.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistration.java
index acf1e3848b..33773b60b3 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistration.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistration.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.registration;
 
 import java.io.Serializable;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistrationRepository.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistrationRepository.java
index 95df03b20c..9292e5f490 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistrationRepository.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistrationRepository.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.registration;
 
 /**
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/InMemoryClientRegistrationRepository.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/InMemoryClientRegistrationRepository.java
index 36e72e5e9d..67f656e963 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/InMemoryClientRegistrationRepository.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/InMemoryClientRegistrationRepository.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.registration;
 
 import java.util.Arrays;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/InMemoryReactiveClientRegistrationRepository.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/InMemoryReactiveClientRegistrationRepository.java
index 43a0d8c408..9a49d789a6 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/InMemoryReactiveClientRegistrationRepository.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/InMemoryReactiveClientRegistrationRepository.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.registration;
 
 import java.util.Arrays;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/package-info.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/package-info.java
index 437fb51e69..5e46a72fb4 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/package-info.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * Classes and interfaces that provide support for
  * {@link org.springframework.security.oauth2.client.registration.ClientRegistration}.
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/CustomUserTypesOAuth2UserService.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/CustomUserTypesOAuth2UserService.java
index a4ec0ba734..5416809838 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/CustomUserTypesOAuth2UserService.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/CustomUserTypesOAuth2UserService.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.userinfo;
 
 import java.util.Collections;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DefaultOAuth2UserService.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DefaultOAuth2UserService.java
index 83641346ef..09dd2f4045 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DefaultOAuth2UserService.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DefaultOAuth2UserService.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.userinfo;
 
 import java.util.LinkedHashSet;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DelegatingOAuth2UserService.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DelegatingOAuth2UserService.java
index 72fd1f7e4f..0acad041ae 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DelegatingOAuth2UserService.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DelegatingOAuth2UserService.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.userinfo;
 
 import java.util.ArrayList;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequest.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequest.java
index daceb0783a..e0582e9732 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequest.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequest.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.userinfo;
 
 import java.util.Collections;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequestEntityConverter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequestEntityConverter.java
index 7267d1862c..a27dc7b37e 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequestEntityConverter.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequestEntityConverter.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.userinfo;
 
 import java.net.URI;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserService.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserService.java
index 1c61f31fc0..4f0efc2548 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserService.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserService.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.userinfo;
 
 import org.springframework.security.core.AuthenticatedPrincipal;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/ReactiveOAuth2UserService.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/ReactiveOAuth2UserService.java
index eaecb1638e..61e2a99bed 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/ReactiveOAuth2UserService.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/ReactiveOAuth2UserService.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.userinfo;
 
 import reactor.core.publisher.Mono;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/package-info.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/package-info.java
index c66ac1a8e7..e016d4b9a9 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/package-info.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * Classes and interfaces providing support to the client for initiating requests to the
  * OAuth 2.0 Authorization Server's UserInfo Endpoint.
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthenticatedPrincipalOAuth2AuthorizedClientRepository.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthenticatedPrincipalOAuth2AuthorizedClientRepository.java
index a8886c8981..f6bcd82df5 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthenticatedPrincipalOAuth2AuthorizedClientRepository.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthenticatedPrincipalOAuth2AuthorizedClientRepository.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.web;
 
 import javax.servlet.http.HttpServletRequest;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthorizationRequestRepository.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthorizationRequestRepository.java
index 3ebd8161fd..4ccd7e5f46 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthorizationRequestRepository.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthorizationRequestRepository.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.web;
 
 import javax.servlet.http.HttpServletRequest;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolver.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolver.java
index bd32fe322b..c93f793a9c 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolver.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolver.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.web;
 
 import java.nio.charset.StandardCharsets;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManager.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManager.java
index 83863e6915..0f4744dc06 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManager.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManager.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.web;
 
 import java.util.Collections;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultReactiveOAuth2AuthorizedClientManager.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultReactiveOAuth2AuthorizedClientManager.java
index 85bc53a165..a9c0df0c9a 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultReactiveOAuth2AuthorizedClientManager.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultReactiveOAuth2AuthorizedClientManager.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.web;
 
 import java.util.Collections;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizationRequestRepository.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizationRequestRepository.java
index d72a4262ce..3a19443be0 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizationRequestRepository.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizationRequestRepository.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.web;
 
 import java.util.HashMap;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizedClientRepository.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizedClientRepository.java
index 7ad9841321..67d22bff29 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizedClientRepository.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizedClientRepository.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.web;
 
 import java.util.HashMap;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilter.java
index 32c8b9aeba..df524e71a8 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilter.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilter.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.web;
 
 import java.io.IOException;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilter.java
index c1a667c91a..52acad631a 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilter.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilter.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.web;
 
 import java.io.IOException;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestResolver.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestResolver.java
index d4b56b86cc..d4c6fda21f 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestResolver.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestResolver.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.web;
 
 import javax.servlet.http.HttpServletRequest;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationResponseUtils.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationResponseUtils.java
index 23bcd88174..b4020ee9e3 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationResponseUtils.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationResponseUtils.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.web;
 
 import java.util.Map;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizedClientRepository.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizedClientRepository.java
index 5577972e33..f52993a3d5 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizedClientRepository.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizedClientRepository.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.web;
 
 import javax.servlet.http.HttpServletRequest;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilter.java
index 067a2024cb..24103d8097 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilter.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilter.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.web;
 
 import javax.servlet.http.HttpServletRequest;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolver.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolver.java
index 9e43aae6ab..1add61a66a 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolver.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolver.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.web.method.annotation;
 
 import javax.servlet.http.HttpServletRequest;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/package-info.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/package-info.java
index cf4e21261f..f464d0e204 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/package-info.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * OAuth 2.0 Client {@code Filter}'s and supporting classes and interfaces.
  */
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunction.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunction.java
index 311e403766..ef8b4a80d9 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunction.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunction.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.web.reactive.function.client;
 
 import java.time.Duration;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/AuthenticatedPrincipalServerOAuth2AuthorizedClientRepository.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/AuthenticatedPrincipalServerOAuth2AuthorizedClientRepository.java
index ed37074c4b..0c6e56a17c 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/AuthenticatedPrincipalServerOAuth2AuthorizedClientRepository.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/AuthenticatedPrincipalServerOAuth2AuthorizedClientRepository.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.web.server;
 
 import reactor.core.publisher.Mono;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationRequestRedirectWebFilter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationRequestRedirectWebFilter.java
index 0d29ee76a6..4eb36c1d5d 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationRequestRedirectWebFilter.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationRequestRedirectWebFilter.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.web.server;
 
 import java.net.URI;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationResponseUtils.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationResponseUtils.java
index 95e45665a9..1d35f6b131 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationResponseUtils.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationResponseUtils.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.web.server;
 
 import java.util.Map;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizationRequestResolver.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizationRequestResolver.java
index 61f16fb52f..8037996269 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizationRequestResolver.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizationRequestResolver.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.web.server;
 
 import reactor.core.publisher.Mono;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizedClientRepository.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizedClientRepository.java
index 968be5b086..d7db2e45cc 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizedClientRepository.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizedClientRepository.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.web.server;
 
 import reactor.core.publisher.Mono;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/WebSessionServerOAuth2AuthorizedClientRepository.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/WebSessionServerOAuth2AuthorizedClientRepository.java
index d4515ba0dc..48fe56bd06 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/WebSessionServerOAuth2AuthorizedClientRepository.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/WebSessionServerOAuth2AuthorizedClientRepository.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.web.server;
 
 import java.util.HashMap;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/authentication/OAuth2LoginAuthenticationWebFilter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/authentication/OAuth2LoginAuthenticationWebFilter.java
index 792fda6d07..2656ec7a07 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/authentication/OAuth2LoginAuthenticationWebFilter.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/authentication/OAuth2LoginAuthenticationWebFilter.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.web.server.authentication;
 
 import reactor.core.publisher.Mono;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizationCodeOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizationCodeOAuth2AuthorizedClientProviderTests.java
index 9ef11087d1..5de8cb739c 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizationCodeOAuth2AuthorizedClientProviderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizationCodeOAuth2AuthorizedClientProviderTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client;
 
 import org.junit.Before;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizationCodeReactiveOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizationCodeReactiveOAuth2AuthorizedClientProviderTests.java
index ad0783edbd..b64751f885 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizationCodeReactiveOAuth2AuthorizedClientProviderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizationCodeReactiveOAuth2AuthorizedClientProviderTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client;
 
 import org.junit.Before;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceOAuth2AuthorizedClientManagerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceOAuth2AuthorizedClientManagerTests.java
index 67191de80c..8959d18c38 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceOAuth2AuthorizedClientManagerTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceOAuth2AuthorizedClientManagerTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client;
 
 import java.util.Map;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests.java
index 365560202b..857ed535a1 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client;
 
 import java.util.Map;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ClientCredentialsOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ClientCredentialsOAuth2AuthorizedClientProviderTests.java
index b14f9ca94c..4cc00ed3f7 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ClientCredentialsOAuth2AuthorizedClientProviderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ClientCredentialsOAuth2AuthorizedClientProviderTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client;
 
 import java.time.Duration;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ClientCredentialsReactiveOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ClientCredentialsReactiveOAuth2AuthorizedClientProviderTests.java
index 422da2aab9..32ba665c88 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ClientCredentialsReactiveOAuth2AuthorizedClientProviderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ClientCredentialsReactiveOAuth2AuthorizedClientProviderTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client;
 
 import java.time.Duration;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/DelegatingOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/DelegatingOAuth2AuthorizedClientProviderTests.java
index 821fda1717..ae155f6966 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/DelegatingOAuth2AuthorizedClientProviderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/DelegatingOAuth2AuthorizedClientProviderTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client;
 
 import java.util.Collections;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/DelegatingReactiveOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/DelegatingReactiveOAuth2AuthorizedClientProviderTests.java
index 04225c7cf1..a9f81cf137 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/DelegatingReactiveOAuth2AuthorizedClientProviderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/DelegatingReactiveOAuth2AuthorizedClientProviderTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client;
 
 import java.util.Collections;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryOAuth2AuthorizedClientServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryOAuth2AuthorizedClientServiceTests.java
index bf04958ad3..d86f847cbf 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryOAuth2AuthorizedClientServiceTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryOAuth2AuthorizedClientServiceTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client;
 
 import java.util.Collections;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/JdbcOAuth2AuthorizedClientServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/JdbcOAuth2AuthorizedClientServiceTests.java
index 0d77243605..d2d2931620 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/JdbcOAuth2AuthorizedClientServiceTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/JdbcOAuth2AuthorizedClientServiceTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client;
 
 import java.nio.charset.StandardCharsets;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizationContextTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizationContextTests.java
index 27b135d92d..db7d9086a8 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizationContextTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizationContextTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client;
 
 import org.junit.Before;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizeRequestTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizeRequestTests.java
index e693b11ae9..47a0c8420a 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizeRequestTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizeRequestTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client;
 
 import org.junit.Test;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientIdTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientIdTests.java
index b5f803e27e..5a14d45854 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientIdTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientIdTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client;
 
 import org.junit.Test;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientProviderBuilderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientProviderBuilderTests.java
index 7a1aac6beb..0e3190af46 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientProviderBuilderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientProviderBuilderTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client;
 
 import java.time.Duration;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientTests.java
index 4aa7b77f76..8e5e4a8a9f 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client;
 
 import org.junit.Before;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/PasswordOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/PasswordOAuth2AuthorizedClientProviderTests.java
index 4ff28da3a6..3f74f56885 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/PasswordOAuth2AuthorizedClientProviderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/PasswordOAuth2AuthorizedClientProviderTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client;
 
 import java.time.Duration;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/PasswordReactiveOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/PasswordReactiveOAuth2AuthorizedClientProviderTests.java
index d6525a74ac..e1803063c8 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/PasswordReactiveOAuth2AuthorizedClientProviderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/PasswordReactiveOAuth2AuthorizedClientProviderTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client;
 
 import java.time.Duration;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientProviderBuilderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientProviderBuilderTests.java
index c182d271a2..12d2d4bb63 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientProviderBuilderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientProviderBuilderTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client;
 
 import java.time.Duration;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/RefreshTokenOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/RefreshTokenOAuth2AuthorizedClientProviderTests.java
index 137a0968ab..e78a1d9898 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/RefreshTokenOAuth2AuthorizedClientProviderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/RefreshTokenOAuth2AuthorizedClientProviderTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client;
 
 import java.time.Duration;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/RefreshTokenReactiveOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/RefreshTokenReactiveOAuth2AuthorizedClientProviderTests.java
index 0e2867d660..06f9e27527 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/RefreshTokenReactiveOAuth2AuthorizedClientProviderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/RefreshTokenReactiveOAuth2AuthorizedClientProviderTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client;
 
 import java.time.Duration;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthenticationTokenTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthenticationTokenTests.java
index a51ce7f6d3..a2dfa39428 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthenticationTokenTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthenticationTokenTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.authentication;
 
 import java.util.Collection;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationProviderTests.java
index 2b724c2e20..e8d655ae23 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationProviderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationProviderTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.authentication;
 
 import java.util.Collections;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationTokenTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationTokenTests.java
index 0498058917..f3d4a0900e 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationTokenTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationTokenTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.authentication;
 
 import java.util.Collections;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProviderTests.java
index 1be451737a..840d60e630 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProviderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProviderTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.authentication;
 
 import java.time.Instant;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationTokenTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationTokenTests.java
index 0fd7bc89b3..8a50f56c84 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationTokenTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationTokenTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.authentication;
 
 import java.util.Collection;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultAuthorizationCodeTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultAuthorizationCodeTokenResponseClientTests.java
index 24793c06f6..458ab5ab3e 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultAuthorizationCodeTokenResponseClientTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultAuthorizationCodeTokenResponseClientTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.endpoint;
 
 import java.time.Instant;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultClientCredentialsTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultClientCredentialsTokenResponseClientTests.java
index 345a4aeb35..e7c0cfd370 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultClientCredentialsTokenResponseClientTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultClientCredentialsTokenResponseClientTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.endpoint;
 
 import java.time.Instant;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultPasswordTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultPasswordTokenResponseClientTests.java
index 0e52a574cd..0f24023a2e 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultPasswordTokenResponseClientTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultPasswordTokenResponseClientTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.endpoint;
 
 import java.time.Instant;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultRefreshTokenTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultRefreshTokenTokenResponseClientTests.java
index 25c786f36c..d4f5b66239 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultRefreshTokenTokenResponseClientTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultRefreshTokenTokenResponseClientTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.endpoint;
 
 import java.time.Instant;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/NimbusAuthorizationCodeTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/NimbusAuthorizationCodeTokenResponseClientTests.java
index 6928ec433a..7f366ba058 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/NimbusAuthorizationCodeTokenResponseClientTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/NimbusAuthorizationCodeTokenResponseClientTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.endpoint;
 
 import java.time.Instant;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestEntityConverterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestEntityConverterTests.java
index c366481e19..5000346862 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestEntityConverterTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestEntityConverterTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.endpoint;
 
 import java.util.Arrays;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestTests.java
index 53b1c25372..9771f072df 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.endpoint;
 
 import org.junit.Before;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestEntityConverterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestEntityConverterTests.java
index 2e4a53c849..4aa6632681 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestEntityConverterTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestEntityConverterTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.endpoint;
 
 import org.junit.Before;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestTests.java
index 60a8f12d0d..f0bc076c22 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.endpoint;
 
 import org.junit.Before;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2PasswordGrantRequestEntityConverterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2PasswordGrantRequestEntityConverterTests.java
index add7b3eba4..af4378312c 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2PasswordGrantRequestEntityConverterTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2PasswordGrantRequestEntityConverterTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.endpoint;
 
 import org.junit.Before;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2PasswordGrantRequestTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2PasswordGrantRequestTests.java
index 7fe0c24845..38e88cee94 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2PasswordGrantRequestTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2PasswordGrantRequestTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.endpoint;
 
 import org.junit.Test;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2RefreshTokenGrantRequestEntityConverterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2RefreshTokenGrantRequestEntityConverterTests.java
index c696b34592..c53b600a3a 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2RefreshTokenGrantRequestEntityConverterTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2RefreshTokenGrantRequestEntityConverterTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.endpoint;
 
 import java.util.Collections;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2RefreshTokenGrantRequestTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2RefreshTokenGrantRequestTests.java
index ea83b03789..f9f7fffe8e 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2RefreshTokenGrantRequestTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2RefreshTokenGrantRequestTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.endpoint;
 
 import java.util.Arrays;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactivePasswordTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactivePasswordTokenResponseClientTests.java
index 8414ae92d0..b5ff9d5fae 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactivePasswordTokenResponseClientTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactivePasswordTokenResponseClientTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.endpoint;
 
 import java.time.Instant;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveRefreshTokenTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveRefreshTokenTokenResponseClientTests.java
index ce92de3aeb..57fc0de01d 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveRefreshTokenTokenResponseClientTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveRefreshTokenTokenResponseClientTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.endpoint;
 
 import java.time.Instant;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/http/OAuth2ErrorResponseErrorHandlerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/http/OAuth2ErrorResponseErrorHandlerTests.java
index f1a549b387..10815a3cc6 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/http/OAuth2ErrorResponseErrorHandlerTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/http/OAuth2ErrorResponseErrorHandlerTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.http;
 
 import org.junit.Test;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationExceptionMixinTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationExceptionMixinTests.java
index 56d9202b4e..539c46feed 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationExceptionMixinTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationExceptionMixinTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.jackson2;
 
 import com.fasterxml.jackson.core.JsonProcessingException;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationTokenMixinTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationTokenMixinTests.java
index eeca9168d6..d1cb9de693 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationTokenMixinTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationTokenMixinTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.jackson2;
 
 import java.time.Instant;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizationRequestMixinTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizationRequestMixinTests.java
index 3307bde4a0..06e51a0d04 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizationRequestMixinTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizationRequestMixinTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.jackson2;
 
 import java.util.LinkedHashMap;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizedClientMixinTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizedClientMixinTests.java
index b1bc06b2d8..45aa8e959d 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizedClientMixinTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizedClientMixinTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.jackson2;
 
 import java.time.Instant;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProviderTests.java
index 1d4e471c55..56cf74b35e 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProviderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProviderTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.oidc.authentication;
 
 import java.security.NoSuchAlgorithmException;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenDecoderFactoryTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenDecoderFactoryTests.java
index c9275d69c1..36f74b3f96 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenDecoderFactoryTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenDecoderFactoryTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.oidc.authentication;
 
 import java.util.Map;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenValidatorTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenValidatorTests.java
index b87e1ed2b3..f7547e6b4f 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenValidatorTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenValidatorTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.oidc.authentication;
 
 import java.time.Duration;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/ReactiveOidcIdTokenDecoderFactoryTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/ReactiveOidcIdTokenDecoderFactoryTests.java
index f9158a160d..e4d626dde9 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/ReactiveOidcIdTokenDecoderFactoryTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/ReactiveOidcIdTokenDecoderFactoryTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.oidc.authentication;
 
 import java.util.Map;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestTests.java
index a5ac5ebdc3..973c8a150d 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.oidc.userinfo;
 
 import java.time.Instant;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserServiceTests.java
index 017b77408a..2517e8b4e5 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserServiceTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserServiceTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.oidc.userinfo;
 
 import java.time.Instant;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationTests.java
index 33bea2962b..db69a0ea48 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.registration;
 
 import java.util.Collections;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/CustomUserTypesOAuth2UserServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/CustomUserTypesOAuth2UserServiceTests.java
index 5fa6eab627..7a37f60f92 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/CustomUserTypesOAuth2UserServiceTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/CustomUserTypesOAuth2UserServiceTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.userinfo;
 
 import java.util.Collection;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultOAuth2UserServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultOAuth2UserServiceTests.java
index 97db1f4eeb..cfb50cc055 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultOAuth2UserServiceTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultOAuth2UserServiceTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.userinfo;
 
 import java.util.HashMap;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DelegatingOAuth2UserServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DelegatingOAuth2UserServiceTests.java
index 91040781e3..45eb7fcd4d 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DelegatingOAuth2UserServiceTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DelegatingOAuth2UserServiceTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.userinfo;
 
 import java.util.Arrays;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequestEntityConverterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequestEntityConverterTests.java
index a48c7531dd..61e80e7aad 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequestEntityConverterTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequestEntityConverterTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.userinfo;
 
 import java.time.Instant;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequestTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequestTests.java
index 62b712ab1d..18edbf0661 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequestTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequestTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.userinfo;
 
 import java.time.Instant;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/AuthenticatedPrincipalOAuth2AuthorizedClientRepositoryTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/AuthenticatedPrincipalOAuth2AuthorizedClientRepositoryTests.java
index 2d26750126..3266a7d653 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/AuthenticatedPrincipalOAuth2AuthorizedClientRepositoryTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/AuthenticatedPrincipalOAuth2AuthorizedClientRepositoryTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.web;
 
 import org.junit.Before;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolverTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolverTests.java
index 108e3f1b1d..04fe13aa16 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolverTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolverTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.web;
 
 import java.io.IOException;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManagerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManagerTests.java
index 2746905e9a..75fe20dab2 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManagerTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManagerTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.web;
 
 import java.util.HashMap;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultReactiveOAuth2AuthorizedClientManagerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultReactiveOAuth2AuthorizedClientManagerTests.java
index 94929d5c33..838f1b3205 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultReactiveOAuth2AuthorizedClientManagerTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultReactiveOAuth2AuthorizedClientManagerTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.web;
 
 import java.util.Collections;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizationRequestRepositoryTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizationRequestRepositoryTests.java
index 3a0115e192..36fca1a6f2 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizationRequestRepositoryTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizationRequestRepositoryTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.web;
 
 import java.util.HashMap;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizedClientRepositoryTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizedClientRepositoryTests.java
index d24c8e2b21..34967f442e 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizedClientRepositoryTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizedClientRepositoryTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.web;
 
 import java.util.Map;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilterTests.java
index 99c8f21033..af32d31d4a 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilterTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilterTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.web;
 
 import java.util.HashMap;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilterTests.java
index fac30550f6..c5e2ece886 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilterTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilterTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.web;
 
 import java.lang.reflect.Constructor;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilterTests.java
index 73b5cd3b0b..7237f3f046 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilterTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilterTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.web;
 
 import java.util.HashMap;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolverTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolverTests.java
index fcef072043..1250f1e267 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolverTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolverTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.web.method.annotation;
 
 import java.lang.reflect.Method;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionITests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionITests.java
index faefc4d01c..a1bb3d12c3 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionITests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionITests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.web.reactive.function.client;
 
 import java.time.Duration;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionTests.java
index 7c0d9b8dd7..0c9bdbdb07 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.web.reactive.function.client;
 
 import java.net.URI;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionITests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionITests.java
index deccb25a89..e717a08a5b 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionITests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionITests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.web.reactive.function.client;
 
 import java.time.Duration;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionTests.java
index d50ba79be8..932e3dfe2f 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.web.reactive.function.client;
 
 import java.net.URI;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/AuthenticatedPrincipalServerOAuth2AuthorizedClientRepositoryTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/AuthenticatedPrincipalServerOAuth2AuthorizedClientRepositoryTests.java
index 18763ef55c..3e8bbdc757 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/AuthenticatedPrincipalServerOAuth2AuthorizedClientRepositoryTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/AuthenticatedPrincipalServerOAuth2AuthorizedClientRepositoryTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.web.server;
 
 import org.junit.Before;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/WebSessionServerOAuth2AuthorizedClientRepositoryTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/WebSessionServerOAuth2AuthorizedClientRepositoryTests.java
index 54bef10037..3a683952e2 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/WebSessionServerOAuth2AuthorizedClientRepositoryTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/WebSessionServerOAuth2AuthorizedClientRepositoryTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.client.web.server;
 
 import org.junit.Test;
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/AbstractOAuth2Token.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/AbstractOAuth2Token.java
index 9dc4cb454c..2b00d4a00b 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/AbstractOAuth2Token.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/AbstractOAuth2Token.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.core;
 
 import java.io.Serializable;
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/AuthenticationMethod.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/AuthenticationMethod.java
index ed5882ef02..f01c4f4283 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/AuthenticationMethod.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/AuthenticationMethod.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.core;
 
 import java.io.Serializable;
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/AuthorizationGrantType.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/AuthorizationGrantType.java
index 6b588a631a..8285358b0d 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/AuthorizationGrantType.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/AuthorizationGrantType.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.core;
 
 import java.io.Serializable;
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/ClaimAccessor.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/ClaimAccessor.java
index cedb349bca..849033bdfa 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/ClaimAccessor.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/ClaimAccessor.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.core;
 
 import java.net.URL;
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/ClientAuthenticationMethod.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/ClientAuthenticationMethod.java
index ae824fbd83..c1e3510513 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/ClientAuthenticationMethod.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/ClientAuthenticationMethod.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.core;
 
 import java.io.Serializable;
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2AccessToken.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2AccessToken.java
index 6565de7a98..0c27e45de5 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2AccessToken.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2AccessToken.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.core;
 
 import java.io.Serializable;
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2AuthenticationException.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2AuthenticationException.java
index 11fcc5d7aa..01cedf36e1 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2AuthenticationException.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2AuthenticationException.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.core;
 
 import org.springframework.security.core.Authentication;
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2AuthorizationException.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2AuthorizationException.java
index aba323e7b2..dbfdf98e5f 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2AuthorizationException.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2AuthorizationException.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.core;
 
 import org.springframework.util.Assert;
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2Error.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2Error.java
index 2abf857ab6..8a7d04c2b6 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2Error.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2Error.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.core;
 
 import java.io.Serializable;
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2ErrorCodes.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2ErrorCodes.java
index 11045ead48..edcc5f2d6b 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2ErrorCodes.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2ErrorCodes.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.core;
 
 /**
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2RefreshToken.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2RefreshToken.java
index 71e2df1770..26814bc31f 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2RefreshToken.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2RefreshToken.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.core;
 
 import java.time.Instant;
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2TokenValidator.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2TokenValidator.java
index 48270aac54..25cb8f78a3 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2TokenValidator.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2TokenValidator.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.core;
 
 /**
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ClaimConversionService.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ClaimConversionService.java
index 21939b0933..9ff17edad5 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ClaimConversionService.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ClaimConversionService.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.core.converter;
 
 import org.springframework.core.convert.ConversionService;
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ClaimTypeConverter.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ClaimTypeConverter.java
index 881b25c0de..9f03f1f1f2 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ClaimTypeConverter.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ClaimTypeConverter.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.core.converter;
 
 import java.util.Collections;
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ObjectToBooleanConverter.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ObjectToBooleanConverter.java
index 38e0f8d06e..8dd12c1e21 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ObjectToBooleanConverter.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ObjectToBooleanConverter.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.core.converter;
 
 import java.util.Collections;
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ObjectToInstantConverter.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ObjectToInstantConverter.java
index 5b329d1d9e..bf0909ee82 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ObjectToInstantConverter.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ObjectToInstantConverter.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.core.converter;
 
 import java.time.Instant;
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ObjectToListStringConverter.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ObjectToListStringConverter.java
index 041909ae57..0597f561fe 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ObjectToListStringConverter.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ObjectToListStringConverter.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.core.converter;
 
 import java.util.ArrayList;
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ObjectToMapStringObjectConverter.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ObjectToMapStringObjectConverter.java
index 66895c2115..08d4f6ef97 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ObjectToMapStringObjectConverter.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ObjectToMapStringObjectConverter.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.core.converter;
 
 import java.util.Collections;
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ObjectToStringConverter.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ObjectToStringConverter.java
index 5e4c551918..f816dc9ad4 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ObjectToStringConverter.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ObjectToStringConverter.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.core.converter;
 
 import java.util.Collections;
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ObjectToURLConverter.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ObjectToURLConverter.java
index 9209d59980..209afb3ae6 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ObjectToURLConverter.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ObjectToURLConverter.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.core.converter;
 
 import java.net.URI;
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/MapOAuth2AccessTokenResponseConverter.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/MapOAuth2AccessTokenResponseConverter.java
index b11e904ad0..ebfcc40d80 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/MapOAuth2AccessTokenResponseConverter.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/MapOAuth2AccessTokenResponseConverter.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.core.endpoint;
 
 import java.util.Arrays;
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponse.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponse.java
index 1d26409579..9c2a65ace8 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponse.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponse.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.core.endpoint;
 
 import java.time.Instant;
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseMapConverter.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseMapConverter.java
index c9aefa2d4e..03a55c808f 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseMapConverter.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseMapConverter.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.core.endpoint;
 
 import java.time.Instant;
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationExchange.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationExchange.java
index fb62b59069..c4ef805bdf 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationExchange.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationExchange.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.core.endpoint;
 
 import org.springframework.util.Assert;
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequest.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequest.java
index 7b43028e73..bab9ec52d7 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequest.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequest.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.core.endpoint;
 
 import java.io.Serializable;
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationResponse.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationResponse.java
index 3cb0d23607..6a09409aec 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationResponse.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationResponse.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.core.endpoint;
 
 import org.springframework.security.oauth2.core.OAuth2Error;
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationResponseType.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationResponseType.java
index b6a8c09301..4415429058 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationResponseType.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationResponseType.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.core.endpoint;
 
 import java.io.Serializable;
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2ParameterNames.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2ParameterNames.java
index 52125853e2..6368b33fd4 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2ParameterNames.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2ParameterNames.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.core.endpoint;
 
 /**
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/PkceParameterNames.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/PkceParameterNames.java
index 1d66dc5756..873e7efe54 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/PkceParameterNames.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/PkceParameterNames.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.core.endpoint;
 
 /**
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/package-info.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/package-info.java
index 29564190f2..0980dfb4db 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/package-info.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * Support classes that model the OAuth 2.0 Request and Response messages from the
  * Authorization Endpoint and Token Endpoint.
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/http/converter/HttpMessageConverters.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/http/converter/HttpMessageConverters.java
index 4a1e104c5f..d290855d32 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/http/converter/HttpMessageConverters.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/http/converter/HttpMessageConverters.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.core.http.converter;
 
 import org.springframework.http.converter.GenericHttpMessageConverter;
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/http/converter/OAuth2AccessTokenResponseHttpMessageConverter.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/http/converter/OAuth2AccessTokenResponseHttpMessageConverter.java
index f50e82f668..54affc9e7f 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/http/converter/OAuth2AccessTokenResponseHttpMessageConverter.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/http/converter/OAuth2AccessTokenResponseHttpMessageConverter.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.core.http.converter;
 
 import java.nio.charset.Charset;
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/http/converter/OAuth2ErrorHttpMessageConverter.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/http/converter/OAuth2ErrorHttpMessageConverter.java
index 1d075df2fc..5ea6e7edcc 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/http/converter/OAuth2ErrorHttpMessageConverter.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/http/converter/OAuth2ErrorHttpMessageConverter.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.core.http.converter;
 
 import java.nio.charset.Charset;
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/AddressStandardClaim.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/AddressStandardClaim.java
index 53de6bb22e..ebce9e3b9a 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/AddressStandardClaim.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/AddressStandardClaim.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.core.oidc;
 
 /**
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/DefaultAddressStandardClaim.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/DefaultAddressStandardClaim.java
index 62b68f3f49..73fad90051 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/DefaultAddressStandardClaim.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/DefaultAddressStandardClaim.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.core.oidc;
 
 import java.util.Map;
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/IdTokenClaimAccessor.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/IdTokenClaimAccessor.java
index 5628e33f9b..f229848460 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/IdTokenClaimAccessor.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/IdTokenClaimAccessor.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.core.oidc;
 
 import java.net.URL;
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/IdTokenClaimNames.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/IdTokenClaimNames.java
index b8707c7e8e..76e9765ab7 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/IdTokenClaimNames.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/IdTokenClaimNames.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.core.oidc;
 
 /**
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/OidcIdToken.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/OidcIdToken.java
index 1e7d1d3d6a..87f72cd353 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/OidcIdToken.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/OidcIdToken.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.core.oidc;
 
 import java.time.Instant;
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/OidcScopes.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/OidcScopes.java
index 253db42356..083266e591 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/OidcScopes.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/OidcScopes.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.core.oidc;
 
 import org.springframework.security.oauth2.core.OAuth2AccessToken;
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/OidcUserInfo.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/OidcUserInfo.java
index 70d6290fae..e0086500e1 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/OidcUserInfo.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/OidcUserInfo.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.core.oidc;
 
 import java.io.Serializable;
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/StandardClaimAccessor.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/StandardClaimAccessor.java
index 0d90e22bf9..03abf96893 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/StandardClaimAccessor.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/StandardClaimAccessor.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.core.oidc;
 
 import java.time.Instant;
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/StandardClaimNames.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/StandardClaimNames.java
index 0e465c1e23..93c4d806da 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/StandardClaimNames.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/StandardClaimNames.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.core.oidc;
 
 /**
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/endpoint/OidcParameterNames.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/endpoint/OidcParameterNames.java
index b157408940..44ca88ac60 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/endpoint/OidcParameterNames.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/endpoint/OidcParameterNames.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.core.oidc.endpoint;
 
 /**
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/endpoint/package-info.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/endpoint/package-info.java
index f96f4788b7..afcacdf7bc 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/endpoint/package-info.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/endpoint/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * Support classes that model the OpenID Connect Core 1.0 Request and Response messages
  * from the Authorization Endpoint and Token Endpoint.
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/package-info.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/package-info.java
index 001ba47283..76f861e9a2 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/package-info.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * Core classes and interfaces providing support for OpenID Connect Core 1.0.
  */
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/OidcUser.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/OidcUser.java
index 38c6345b88..30bf20891a 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/OidcUser.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/OidcUser.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.core.oidc.user;
 
 import java.util.Map;
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/OidcUserAuthority.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/OidcUserAuthority.java
index a06112bd7e..fe0220028b 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/OidcUserAuthority.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/OidcUserAuthority.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.core.oidc.user;
 
 import java.util.HashMap;
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/package-info.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/package-info.java
index eaaf28ff6d..29bab7b734 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/package-info.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * Provides a model for an OpenID Connect Core 1.0 representation of a user
  * {@code Principal}.
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/package-info.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/package-info.java
index e723882d6c..4801f42b4e 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/package-info.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * Core classes and interfaces providing support for the OAuth 2.0 Authorization
  * Framework.
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/user/DefaultOAuth2User.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/user/DefaultOAuth2User.java
index 167b8ffd30..2d621c1ae6 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/user/DefaultOAuth2User.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/user/DefaultOAuth2User.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.core.user;
 
 import java.io.Serializable;
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/user/OAuth2User.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/user/OAuth2User.java
index d361098ede..f8eda9ad34 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/user/OAuth2User.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/user/OAuth2User.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.core.user;
 
 import org.springframework.security.core.Authentication;
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/user/OAuth2UserAuthority.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/user/OAuth2UserAuthority.java
index 89f051b4ba..7f6ebbd0f6 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/user/OAuth2UserAuthority.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/user/OAuth2UserAuthority.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.core.user;
 
 import java.util.Collections;
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/user/package-info.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/user/package-info.java
index 2f429402a1..6985015692 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/user/package-info.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/user/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * Provides a model for an OAuth 2.0 representation of a user {@code Principal}.
  */
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/AuthenticationMethodTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/AuthenticationMethodTests.java
index f8a1dd7601..f49f14cbae 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/AuthenticationMethodTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/AuthenticationMethodTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.core;
 
 import org.junit.Test;
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/AuthorizationGrantTypeTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/AuthorizationGrantTypeTests.java
index 9142d08a9e..d8b5aa6cd1 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/AuthorizationGrantTypeTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/AuthorizationGrantTypeTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.core;
 
 import org.junit.Test;
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/ClaimAccessorTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/ClaimAccessorTests.java
index f8449c42f5..a51174b003 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/ClaimAccessorTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/ClaimAccessorTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.core;
 
 import java.time.Instant;
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/ClientAuthenticationMethodTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/ClientAuthenticationMethodTests.java
index fcea86cdf2..e514bf4c2e 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/ClientAuthenticationMethodTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/ClientAuthenticationMethodTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.core;
 
 import org.junit.Test;
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/DelegatingOAuth2TokenValidatorTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/DelegatingOAuth2TokenValidatorTests.java
index 539a370999..1eaf4be167 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/DelegatingOAuth2TokenValidatorTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/DelegatingOAuth2TokenValidatorTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.core;
 
 import java.util.Arrays;
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2AccessTokenTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2AccessTokenTests.java
index 4f5525fb4a..00486cab70 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2AccessTokenTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2AccessTokenTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.core;
 
 import java.time.Instant;
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2ErrorTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2ErrorTests.java
index bacc7a3e0d..4595dba640 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2ErrorTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2ErrorTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.core;
 
 import org.junit.Test;
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2TokenValidatorResultTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2TokenValidatorResultTests.java
index 8d6a2827f3..a029dd1bfe 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2TokenValidatorResultTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2TokenValidatorResultTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.core;
 
 import org.junit.Test;
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/converter/ClaimConversionServiceTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/converter/ClaimConversionServiceTests.java
index 863197dee8..6a07f8f37f 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/converter/ClaimConversionServiceTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/converter/ClaimConversionServiceTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.core.converter;
 
 import java.net.URL;
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/converter/ClaimTypeConverterTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/converter/ClaimTypeConverterTests.java
index 12e0572c50..9a06a8407b 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/converter/ClaimTypeConverterTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/converter/ClaimTypeConverterTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.core.converter;
 
 import java.net.URL;
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/MapOAuth2AccessTokenResponseConverterTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/MapOAuth2AccessTokenResponseConverterTests.java
index a7c052fb91..8aa09301b4 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/MapOAuth2AccessTokenResponseConverterTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/MapOAuth2AccessTokenResponseConverterTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.core.endpoint;
 
 import java.time.Duration;
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseMapConverterTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseMapConverterTests.java
index 2e7edf479f..7be9dd9717 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseMapConverterTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseMapConverterTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.core.endpoint;
 
 import java.util.HashMap;
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseTests.java
index 6d1cc2818f..047dcc4c18 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.core.endpoint;
 
 import java.time.Instant;
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationExchangeTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationExchangeTests.java
index 3f765768b9..bd134c245b 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationExchangeTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationExchangeTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.core.endpoint;
 
 import org.junit.Test;
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequestTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequestTests.java
index 6208840c9a..e716082f58 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequestTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequestTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.core.endpoint;
 
 import java.net.URI;
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationResponseTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationResponseTests.java
index d3757fe5dd..d7ba2d2d28 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationResponseTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationResponseTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.core.endpoint;
 
 import org.junit.Test;
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationResponseTypeTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationResponseTypeTests.java
index f039a93683..238ddc6e3b 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationResponseTypeTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationResponseTypeTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.core.endpoint;
 
 import org.junit.Test;
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/http/converter/OAuth2AccessTokenResponseHttpMessageConverterTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/http/converter/OAuth2AccessTokenResponseHttpMessageConverterTests.java
index 83141c1313..2359547241 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/http/converter/OAuth2AccessTokenResponseHttpMessageConverterTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/http/converter/OAuth2AccessTokenResponseHttpMessageConverterTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.core.http.converter;
 
 import java.time.Instant;
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/http/converter/OAuth2ErrorHttpMessageConverterTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/http/converter/OAuth2ErrorHttpMessageConverterTests.java
index 6e916691dd..783f2f4de3 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/http/converter/OAuth2ErrorHttpMessageConverterTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/http/converter/OAuth2ErrorHttpMessageConverterTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.core.http.converter;
 
 import org.junit.Before;
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/DefaultAddressStandardClaimTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/DefaultAddressStandardClaimTests.java
index 63816583b0..d4f2ae75e0 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/DefaultAddressStandardClaimTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/DefaultAddressStandardClaimTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.core.oidc;
 
 import java.util.HashMap;
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcIdTokenTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcIdTokenTests.java
index aeccd0b3f2..9e43b0449a 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcIdTokenTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcIdTokenTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.core.oidc;
 
 import java.time.Instant;
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcUserInfoTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcUserInfoTests.java
index 247e4f8b45..9146c9760c 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcUserInfoTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcUserInfoTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.core.oidc;
 
 import java.time.Instant;
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/user/OidcUserAuthorityTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/user/OidcUserAuthorityTests.java
index d4a7f19394..4f83847331 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/user/OidcUserAuthorityTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/user/OidcUserAuthorityTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.core.oidc.user;
 
 import java.time.Instant;
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/user/TestOidcUsers.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/user/TestOidcUsers.java
index 55eedf2d78..6a801b760e 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/user/TestOidcUsers.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/user/TestOidcUsers.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.core.oidc.user;
 
 import java.time.Instant;
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/user/OAuth2UserAuthorityTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/user/OAuth2UserAuthorityTests.java
index d8eb1039b8..83d68e921e 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/user/OAuth2UserAuthorityTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/user/OAuth2UserAuthorityTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.core.user;
 
 import java.util.Collections;
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jose/jws/JwsAlgorithm.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jose/jws/JwsAlgorithm.java
index 59f66b248a..04d58314a2 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jose/jws/JwsAlgorithm.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jose/jws/JwsAlgorithm.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.jose.jws;
 
 /**
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jose/jws/JwsAlgorithms.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jose/jws/JwsAlgorithms.java
index c4b26be816..c8b159592c 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jose/jws/JwsAlgorithms.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jose/jws/JwsAlgorithms.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.jose.jws;
 
 /**
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jose/jws/MacAlgorithm.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jose/jws/MacAlgorithm.java
index 6e0b02967c..ad75edfa5c 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jose/jws/MacAlgorithm.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jose/jws/MacAlgorithm.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.jose.jws;
 
 /**
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jose/jws/SignatureAlgorithm.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jose/jws/SignatureAlgorithm.java
index 6e572209f6..1e6e85c7f7 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jose/jws/SignatureAlgorithm.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jose/jws/SignatureAlgorithm.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.jose.jws;
 
 /**
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jose/jws/package-info.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jose/jws/package-info.java
index 7801235a99..f3f95405a4 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jose/jws/package-info.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jose/jws/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * Core classes and interfaces providing support for JSON Web Signature (JWS).
  */
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/Jwt.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/Jwt.java
index a01c905704..829f731249 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/Jwt.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/Jwt.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.jwt;
 
 import java.time.Instant;
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtClaimAccessor.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtClaimAccessor.java
index 192ef3f241..c84be85912 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtClaimAccessor.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtClaimAccessor.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.jwt;
 
 import java.net.URL;
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtClaimNames.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtClaimNames.java
index 247c3a8818..683c21e509 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtClaimNames.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtClaimNames.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.jwt;
 
 /**
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtClaimValidator.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtClaimValidator.java
index fb0882a658..0e39cf0abd 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtClaimValidator.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtClaimValidator.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.jwt;
 
 import java.util.function.Predicate;
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtDecoder.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtDecoder.java
index e1a47036f4..7cda7fd9a9 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtDecoder.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtDecoder.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.jwt;
 
 /**
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtDecoderFactory.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtDecoderFactory.java
index f8d4898238..c1af8a909c 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtDecoderFactory.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtDecoderFactory.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.jwt;
 
 /**
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtDecoderProviderConfigurationUtils.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtDecoderProviderConfigurationUtils.java
index bdb52efd06..ee31467e02 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtDecoderProviderConfigurationUtils.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtDecoderProviderConfigurationUtils.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.jwt;
 
 import java.net.URI;
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtDecoders.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtDecoders.java
index ca8b4d2955..ad6c9274f1 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtDecoders.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtDecoders.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.jwt;
 
 import java.util.Map;
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtException.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtException.java
index 80f9c9d6f3..b13f0dff26 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtException.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtException.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.jwt;
 
 /**
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtIssuerValidator.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtIssuerValidator.java
index 87917a3b95..00b894d86e 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtIssuerValidator.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtIssuerValidator.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.jwt;
 
 import org.springframework.security.oauth2.core.OAuth2TokenValidator;
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtTimestampValidator.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtTimestampValidator.java
index 6659244242..5685e30793 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtTimestampValidator.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtTimestampValidator.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.jwt;
 
 import java.time.Clock;
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtValidationException.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtValidationException.java
index 34c8ab3ce1..d0d2dde0b3 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtValidationException.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtValidationException.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.jwt;
 
 import java.util.ArrayList;
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtValidators.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtValidators.java
index ceb3738fa2..ca49e7bae9 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtValidators.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtValidators.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.jwt;
 
 import java.util.ArrayList;
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderJwkSupport.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderJwkSupport.java
index 7997154f66..5fa2de4f65 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderJwkSupport.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderJwkSupport.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.jwt;
 
 import java.util.Collections;
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoder.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoder.java
index a6d7e383ca..740e5e0307 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoder.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoder.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.jwt;
 
 import java.security.interfaces.RSAPublicKey;
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveJwtDecoder.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveJwtDecoder.java
index 7f94e310e6..85866dea30 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveJwtDecoder.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveJwtDecoder.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.jwt;
 
 import reactor.core.publisher.Mono;
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveJwtDecoderFactory.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveJwtDecoderFactory.java
index 61b1ce0ac2..7c6f9f0c08 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveJwtDecoderFactory.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveJwtDecoderFactory.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.jwt;
 
 /**
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveJwtDecoders.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveJwtDecoders.java
index 3f5da085ac..ef5102d01c 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveJwtDecoders.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveJwtDecoders.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.jwt;
 
 import java.util.Map;
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/package-info.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/package-info.java
index bd7e2c5e4d..e3a27e0d34 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/package-info.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * Core classes and interfaces providing support for JSON Web Token (JWT).
  */
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jose/TestKeys.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jose/TestKeys.java
index e980ba4ca5..793a7aa647 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jose/TestKeys.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jose/TestKeys.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.jose;
 
 import java.security.KeyFactory;
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jose/jws/MacAlgorithmTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jose/jws/MacAlgorithmTests.java
index 085b53d0fb..e3435cf5c2 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jose/jws/MacAlgorithmTests.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jose/jws/MacAlgorithmTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.jose.jws;
 
 import org.junit.Test;
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jose/jws/SignatureAlgorithmTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jose/jws/SignatureAlgorithmTests.java
index 5942491975..99b01996fd 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jose/jws/SignatureAlgorithmTests.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jose/jws/SignatureAlgorithmTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.jose.jws;
 
 import org.junit.Test;
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtBuilderTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtBuilderTests.java
index d21ab8723e..39db3c7598 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtBuilderTests.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtBuilderTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.jwt;
 
 import java.time.Instant;
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtClaimValidatorTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtClaimValidatorTests.java
index a2db9b38a2..cb9881c168 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtClaimValidatorTests.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtClaimValidatorTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.jwt;
 
 import java.util.function.Predicate;
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtDecodersTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtDecodersTests.java
index 618e9f081e..8f1be78bb3 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtDecodersTests.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtDecodersTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.jwt;
 
 import java.net.URI;
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtIssuerValidatorTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtIssuerValidatorTests.java
index 62c50ef705..c8f73f387a 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtIssuerValidatorTests.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtIssuerValidatorTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.jwt;
 
 import org.junit.Test;
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtTests.java
index 27eca21bfc..924c5f85ca 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtTests.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.jwt;
 
 import java.time.Instant;
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtTimestampValidatorTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtTimestampValidatorTests.java
index 04f10f3074..ef3d6f8f4e 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtTimestampValidatorTests.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtTimestampValidatorTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.jwt;
 
 import java.time.Clock;
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderJwkSupportTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderJwkSupportTests.java
index 215d4ecd34..f1fa57de9b 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderJwkSupportTests.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderJwkSupportTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.jwt;
 
 import java.util.Arrays;
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/ReactiveJwtDecodersTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/ReactiveJwtDecodersTests.java
index 4cb9b91789..99b9d516c7 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/ReactiveJwtDecodersTests.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/ReactiveJwtDecodersTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.jwt;
 
 import java.net.URI;
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/AbstractOAuth2TokenAuthenticationToken.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/AbstractOAuth2TokenAuthenticationToken.java
index 4a9b3edf39..8992f5be8d 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/AbstractOAuth2TokenAuthenticationToken.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/AbstractOAuth2TokenAuthenticationToken.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.server.resource.authentication;
 
 import java.util.Collection;
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/BearerTokenAuthentication.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/BearerTokenAuthentication.java
index 18d2325e2d..ea57b85691 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/BearerTokenAuthentication.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/BearerTokenAuthentication.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.server.resource.authentication;
 
 import java.util.Collection;
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationProvider.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationProvider.java
index 65e44d8f47..3cc4726477 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationProvider.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationProvider.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.server.resource.authentication;
 
 import java.util.Collection;
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationToken.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationToken.java
index 323880c335..7745a17a57 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationToken.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationToken.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.server.resource.authentication;
 
 import java.util.Collection;
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenAuthenticationProvider.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenAuthenticationProvider.java
index 23513a9d1f..ff96d7a279 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenAuthenticationProvider.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenAuthenticationProvider.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.server.resource.authentication;
 
 import java.time.Instant;
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/OAuth2IntrospectionClaimNames.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/OAuth2IntrospectionClaimNames.java
index 2fdb15043f..c21e4bb91a 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/OAuth2IntrospectionClaimNames.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/OAuth2IntrospectionClaimNames.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.server.resource.introspection;
 
 /**
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationProviderTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationProviderTests.java
index b74050f296..4d764ddbde 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationProviderTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationProviderTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.server.resource.authentication;
 
 import java.util.function.Predicate;
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenAuthenticationProviderTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenAuthenticationProviderTests.java
index 3d69c5c690..1dc4b6a69a 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenAuthenticationProviderTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenAuthenticationProviderTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.server.resource.authentication;
 
 import java.net.URL;
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationFilterTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationFilterTests.java
index 1427bde865..1eff735717 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationFilterTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationFilterTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.oauth2.server.resource.web;
 
 import java.io.IOException;
diff --git a/openid/src/main/java/org/springframework/security/openid/AuthenticationCancelledException.java b/openid/src/main/java/org/springframework/security/openid/AuthenticationCancelledException.java
index 4d72b1449f..089b710612 100644
--- a/openid/src/main/java/org/springframework/security/openid/AuthenticationCancelledException.java
+++ b/openid/src/main/java/org/springframework/security/openid/AuthenticationCancelledException.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.openid;
 
 import org.springframework.security.core.AuthenticationException;
diff --git a/openid/src/main/java/org/springframework/security/openid/AxFetchListFactory.java b/openid/src/main/java/org/springframework/security/openid/AxFetchListFactory.java
index 1171feb756..f6b4f5bd57 100644
--- a/openid/src/main/java/org/springframework/security/openid/AxFetchListFactory.java
+++ b/openid/src/main/java/org/springframework/security/openid/AxFetchListFactory.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.openid;
 
 import java.util.List;
diff --git a/openid/src/main/java/org/springframework/security/openid/NullAxFetchListFactory.java b/openid/src/main/java/org/springframework/security/openid/NullAxFetchListFactory.java
index ad8ff48033..2d34debff5 100644
--- a/openid/src/main/java/org/springframework/security/openid/NullAxFetchListFactory.java
+++ b/openid/src/main/java/org/springframework/security/openid/NullAxFetchListFactory.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.openid;
 
 import java.util.Collections;
diff --git a/openid/src/main/java/org/springframework/security/openid/OpenID4JavaConsumer.java b/openid/src/main/java/org/springframework/security/openid/OpenID4JavaConsumer.java
index 21dd846338..009fd4eec5 100644
--- a/openid/src/main/java/org/springframework/security/openid/OpenID4JavaConsumer.java
+++ b/openid/src/main/java/org/springframework/security/openid/OpenID4JavaConsumer.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.openid;
 
 import java.util.ArrayList;
diff --git a/openid/src/main/java/org/springframework/security/openid/OpenIDAttribute.java b/openid/src/main/java/org/springframework/security/openid/OpenIDAttribute.java
index dcb41d697c..003c067146 100644
--- a/openid/src/main/java/org/springframework/security/openid/OpenIDAttribute.java
+++ b/openid/src/main/java/org/springframework/security/openid/OpenIDAttribute.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.openid;
 
 import java.io.Serializable;
diff --git a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationProvider.java b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationProvider.java
index f6d772bc2c..d823896056 100644
--- a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationProvider.java
+++ b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationProvider.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.openid;
 
 import org.springframework.beans.factory.InitializingBean;
diff --git a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationStatus.java b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationStatus.java
index b46d8ffb47..e7c4450ed2 100644
--- a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationStatus.java
+++ b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationStatus.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.openid;
 
 /**
diff --git a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationToken.java b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationToken.java
index bb4d831a36..00192b67aa 100644
--- a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationToken.java
+++ b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationToken.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.openid;
 
 import java.util.ArrayList;
diff --git a/openid/src/main/java/org/springframework/security/openid/OpenIDConsumer.java b/openid/src/main/java/org/springframework/security/openid/OpenIDConsumer.java
index 5d8711e32c..671b960bb5 100644
--- a/openid/src/main/java/org/springframework/security/openid/OpenIDConsumer.java
+++ b/openid/src/main/java/org/springframework/security/openid/OpenIDConsumer.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.openid;
 
 import javax.servlet.http.HttpServletRequest;
diff --git a/openid/src/main/java/org/springframework/security/openid/OpenIDConsumerException.java b/openid/src/main/java/org/springframework/security/openid/OpenIDConsumerException.java
index 46bb355281..b020f0efe4 100644
--- a/openid/src/main/java/org/springframework/security/openid/OpenIDConsumerException.java
+++ b/openid/src/main/java/org/springframework/security/openid/OpenIDConsumerException.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.openid;
 
 /**
diff --git a/openid/src/main/java/org/springframework/security/openid/RegexBasedAxFetchListFactory.java b/openid/src/main/java/org/springframework/security/openid/RegexBasedAxFetchListFactory.java
index a18949ab15..12a98ef511 100644
--- a/openid/src/main/java/org/springframework/security/openid/RegexBasedAxFetchListFactory.java
+++ b/openid/src/main/java/org/springframework/security/openid/RegexBasedAxFetchListFactory.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.openid;
 
 import java.util.Collections;
diff --git a/openid/src/main/java/org/springframework/security/openid/package-info.java b/openid/src/main/java/org/springframework/security/openid/package-info.java
index 78ce088c0e..62b2897d07 100644
--- a/openid/src/main/java/org/springframework/security/openid/package-info.java
+++ b/openid/src/main/java/org/springframework/security/openid/package-info.java
@@ -13,4 +13,5 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.openid;
diff --git a/openid/src/test/java/org/springframework/security/openid/MockOpenIDConsumer.java b/openid/src/test/java/org/springframework/security/openid/MockOpenIDConsumer.java
index 7c5b7a64ca..8f4cb141be 100644
--- a/openid/src/test/java/org/springframework/security/openid/MockOpenIDConsumer.java
+++ b/openid/src/test/java/org/springframework/security/openid/MockOpenIDConsumer.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.openid;
 
 import javax.servlet.http.HttpServletRequest;
diff --git a/openid/src/test/java/org/springframework/security/openid/OpenID4JavaConsumerTests.java b/openid/src/test/java/org/springframework/security/openid/OpenID4JavaConsumerTests.java
index 1bee6cb0cf..96bc08cfee 100644
--- a/openid/src/test/java/org/springframework/security/openid/OpenID4JavaConsumerTests.java
+++ b/openid/src/test/java/org/springframework/security/openid/OpenID4JavaConsumerTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.openid;
 
 import java.util.Arrays;
diff --git a/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationFilterTests.java b/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationFilterTests.java
index eaee4fa19b..fbedaae1dc 100644
--- a/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationFilterTests.java
+++ b/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationFilterTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.openid;
 
 import java.net.URI;
diff --git a/remoting/src/main/java/org/springframework/security/remoting/dns/package-info.java b/remoting/src/main/java/org/springframework/security/remoting/dns/package-info.java
index 92c58d3e1e..6f8c8a3f9b 100644
--- a/remoting/src/main/java/org/springframework/security/remoting/dns/package-info.java
+++ b/remoting/src/main/java/org/springframework/security/remoting/dns/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * DNS resolution.
  */
diff --git a/remoting/src/main/java/org/springframework/security/remoting/httpinvoker/package-info.java b/remoting/src/main/java/org/springframework/security/remoting/httpinvoker/package-info.java
index 5546bef57d..cd052eba4d 100644
--- a/remoting/src/main/java/org/springframework/security/remoting/httpinvoker/package-info.java
+++ b/remoting/src/main/java/org/springframework/security/remoting/httpinvoker/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * Enables use of Spring's <code>HttpInvoker</code> extension points to present the
  * <code>principal</code> and <code>credentials</code> located in the
diff --git a/remoting/src/main/java/org/springframework/security/remoting/package-info.java b/remoting/src/main/java/org/springframework/security/remoting/package-info.java
index eb42cf2ed7..1439310acb 100644
--- a/remoting/src/main/java/org/springframework/security/remoting/package-info.java
+++ b/remoting/src/main/java/org/springframework/security/remoting/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * Remote client related functionality.
  */
diff --git a/remoting/src/main/java/org/springframework/security/remoting/rmi/package-info.java b/remoting/src/main/java/org/springframework/security/remoting/rmi/package-info.java
index 3817405f8f..ead4d44863 100644
--- a/remoting/src/main/java/org/springframework/security/remoting/rmi/package-info.java
+++ b/remoting/src/main/java/org/springframework/security/remoting/rmi/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * Enables use of Spring's RMI remoting extension points to propagate the
  * <code>SecurityContextHolder</code> (which should contain an <code>Authentication</code>
diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/util/matcher/PayloadExchangeMatcher.java b/rsocket/src/main/java/org/springframework/security/rsocket/util/matcher/PayloadExchangeMatcher.java
index 275208c6a6..3dc38c0e68 100644
--- a/rsocket/src/main/java/org/springframework/security/rsocket/util/matcher/PayloadExchangeMatcher.java
+++ b/rsocket/src/main/java/org/springframework/security/rsocket/util/matcher/PayloadExchangeMatcher.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.rsocket.util.matcher;
 
 import java.util.Collections;
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/core/Saml2X509Credential.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/core/Saml2X509Credential.java
index d8031880f0..170739cee6 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/core/Saml2X509Credential.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/core/Saml2X509Credential.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.saml2.core;
 
 import java.security.PrivateKey;
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/credentials/Saml2X509Credential.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/credentials/Saml2X509Credential.java
index 9d07140b68..f139890141 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/credentials/Saml2X509Credential.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/credentials/Saml2X509Credential.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.saml2.credentials;
 
 import java.security.PrivateKey;
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProvider.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProvider.java
index bf3a61c329..30e796ec73 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProvider.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProvider.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.saml2.provider.service.authentication;
 
 import java.io.ByteArrayInputStream;
diff --git a/samples/boot/hellorsocket/src/integration-test/java/sample/HelloRSocketApplicationITests.java b/samples/boot/hellorsocket/src/integration-test/java/sample/HelloRSocketApplicationITests.java
index 420588c356..962b00f0c8 100644
--- a/samples/boot/hellorsocket/src/integration-test/java/sample/HelloRSocketApplicationITests.java
+++ b/samples/boot/hellorsocket/src/integration-test/java/sample/HelloRSocketApplicationITests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package sample;
 
 import org.springframework.beans.factory.annotation.Autowired;
diff --git a/samples/boot/hellowebflux-method/src/integration-test/java/sample/HelloWebfluxMethodApplicationITests.java b/samples/boot/hellowebflux-method/src/integration-test/java/sample/HelloWebfluxMethodApplicationITests.java
index e5dcd999ca..40974df660 100644
--- a/samples/boot/hellowebflux-method/src/integration-test/java/sample/HelloWebfluxMethodApplicationITests.java
+++ b/samples/boot/hellowebflux-method/src/integration-test/java/sample/HelloWebfluxMethodApplicationITests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package sample;
 
 import java.util.function.Consumer;
diff --git a/samples/boot/hellowebflux-method/src/test/java/sample/HelloWebfluxMethodApplicationTests.java b/samples/boot/hellowebflux-method/src/test/java/sample/HelloWebfluxMethodApplicationTests.java
index 72bddcf9ac..cf361e2bc2 100644
--- a/samples/boot/hellowebflux-method/src/test/java/sample/HelloWebfluxMethodApplicationTests.java
+++ b/samples/boot/hellowebflux-method/src/test/java/sample/HelloWebfluxMethodApplicationTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package sample;
 
 import static org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.mockUser;
diff --git a/samples/boot/hellowebflux/src/integration-test/java/sample/HelloWebfluxApplicationITests.java b/samples/boot/hellowebflux/src/integration-test/java/sample/HelloWebfluxApplicationITests.java
index a749cbb592..4f8aa5d3ad 100644
--- a/samples/boot/hellowebflux/src/integration-test/java/sample/HelloWebfluxApplicationITests.java
+++ b/samples/boot/hellowebflux/src/integration-test/java/sample/HelloWebfluxApplicationITests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package sample;
 
 import java.util.function.Consumer;
diff --git a/samples/boot/hellowebflux/src/test/java/sample/HelloWebfluxApplicationTests.java b/samples/boot/hellowebflux/src/test/java/sample/HelloWebfluxApplicationTests.java
index 7d6c2a7bf6..591c4dd46b 100644
--- a/samples/boot/hellowebflux/src/test/java/sample/HelloWebfluxApplicationTests.java
+++ b/samples/boot/hellowebflux/src/test/java/sample/HelloWebfluxApplicationTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package sample;
 
 import static org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.mockUser;
diff --git a/samples/boot/hellowebfluxfn/src/integration-test/java/sample/HelloWebfluxFnApplicationITests.java b/samples/boot/hellowebfluxfn/src/integration-test/java/sample/HelloWebfluxFnApplicationITests.java
index 80e805ff4f..515f321f8b 100644
--- a/samples/boot/hellowebfluxfn/src/integration-test/java/sample/HelloWebfluxFnApplicationITests.java
+++ b/samples/boot/hellowebfluxfn/src/integration-test/java/sample/HelloWebfluxFnApplicationITests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package sample;
 
 import java.util.function.Consumer;
diff --git a/samples/boot/hellowebfluxfn/src/test/java/sample/HelloWebfluxFnApplicationTests.java b/samples/boot/hellowebfluxfn/src/test/java/sample/HelloWebfluxFnApplicationTests.java
index 3bdc2f7e03..392dcdfce8 100644
--- a/samples/boot/hellowebfluxfn/src/test/java/sample/HelloWebfluxFnApplicationTests.java
+++ b/samples/boot/hellowebfluxfn/src/test/java/sample/HelloWebfluxFnApplicationTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package sample;
 
 import static org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.mockUser;
diff --git a/samples/boot/helloworld/src/integration-test/java/org/springframework/security/samples/HelloWorldApplicationTests.java b/samples/boot/helloworld/src/integration-test/java/org/springframework/security/samples/HelloWorldApplicationTests.java
index 3a2bb375d5..faeeb015a2 100644
--- a/samples/boot/helloworld/src/integration-test/java/org/springframework/security/samples/HelloWorldApplicationTests.java
+++ b/samples/boot/helloworld/src/integration-test/java/org/springframework/security/samples/HelloWorldApplicationTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples;
 
 import org.junit.Test;
diff --git a/samples/boot/helloworld/src/main/java/org/springframework/security/samples/HelloWorldApplication.java b/samples/boot/helloworld/src/main/java/org/springframework/security/samples/HelloWorldApplication.java
index 7ffeb8607c..170bcadef3 100644
--- a/samples/boot/helloworld/src/main/java/org/springframework/security/samples/HelloWorldApplication.java
+++ b/samples/boot/helloworld/src/main/java/org/springframework/security/samples/HelloWorldApplication.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples;
 
 import org.springframework.boot.SpringApplication;
diff --git a/samples/boot/helloworld/src/main/java/org/springframework/security/samples/config/SecurityConfig.java b/samples/boot/helloworld/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
index 9d7cf4c34c..8a8a3dd07b 100644
--- a/samples/boot/helloworld/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
+++ b/samples/boot/helloworld/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples.config;
 
 import org.springframework.context.annotation.Bean;
diff --git a/samples/boot/helloworld/src/main/java/org/springframework/security/samples/web/MainController.java b/samples/boot/helloworld/src/main/java/org/springframework/security/samples/web/MainController.java
index b4d9c9d9e1..793a8e97eb 100644
--- a/samples/boot/helloworld/src/main/java/org/springframework/security/samples/web/MainController.java
+++ b/samples/boot/helloworld/src/main/java/org/springframework/security/samples/web/MainController.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples.web;
 
 import org.springframework.stereotype.Controller;
diff --git a/samples/boot/insecure/src/integration-test/java/org/springframework/security/samples/InsecureApplicationTests.java b/samples/boot/insecure/src/integration-test/java/org/springframework/security/samples/InsecureApplicationTests.java
index 55200f47b3..f2c7542e5b 100644
--- a/samples/boot/insecure/src/integration-test/java/org/springframework/security/samples/InsecureApplicationTests.java
+++ b/samples/boot/insecure/src/integration-test/java/org/springframework/security/samples/InsecureApplicationTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples;
 
 import org.junit.Test;
diff --git a/samples/boot/insecure/src/main/java/org/springframework/security/samples/InsecureApplication.java b/samples/boot/insecure/src/main/java/org/springframework/security/samples/InsecureApplication.java
index a5e15a119b..aab24fa9d3 100644
--- a/samples/boot/insecure/src/main/java/org/springframework/security/samples/InsecureApplication.java
+++ b/samples/boot/insecure/src/main/java/org/springframework/security/samples/InsecureApplication.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples;
 
 import org.springframework.boot.SpringApplication;
diff --git a/samples/boot/insecure/src/main/java/org/springframework/security/samples/web/MainController.java b/samples/boot/insecure/src/main/java/org/springframework/security/samples/web/MainController.java
index 06c85aa0d6..f7de44adcc 100644
--- a/samples/boot/insecure/src/main/java/org/springframework/security/samples/web/MainController.java
+++ b/samples/boot/insecure/src/main/java/org/springframework/security/samples/web/MainController.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples.web;
 
 import org.springframework.stereotype.Controller;
diff --git a/samples/boot/oauth2authorizationserver/src/main/java/sample/AuthorizationServerConfiguration.java b/samples/boot/oauth2authorizationserver/src/main/java/sample/AuthorizationServerConfiguration.java
index 8a47b9b7a0..77efa11928 100644
--- a/samples/boot/oauth2authorizationserver/src/main/java/sample/AuthorizationServerConfiguration.java
+++ b/samples/boot/oauth2authorizationserver/src/main/java/sample/AuthorizationServerConfiguration.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package sample;
 
 import java.math.BigInteger;
diff --git a/samples/boot/oauth2authorizationserver/src/main/java/sample/OAuth2AuthorizationServerApplication.java b/samples/boot/oauth2authorizationserver/src/main/java/sample/OAuth2AuthorizationServerApplication.java
index f0ab3a4358..13602ec74e 100644
--- a/samples/boot/oauth2authorizationserver/src/main/java/sample/OAuth2AuthorizationServerApplication.java
+++ b/samples/boot/oauth2authorizationserver/src/main/java/sample/OAuth2AuthorizationServerApplication.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package sample;
 
 import org.springframework.boot.SpringApplication;
diff --git a/samples/boot/oauth2authorizationserver/src/test/java/sample/OAuth2AuthorizationServerApplicationTests.java b/samples/boot/oauth2authorizationserver/src/test/java/sample/OAuth2AuthorizationServerApplicationTests.java
index d9efa503bc..05377bf3f8 100644
--- a/samples/boot/oauth2authorizationserver/src/test/java/sample/OAuth2AuthorizationServerApplicationTests.java
+++ b/samples/boot/oauth2authorizationserver/src/test/java/sample/OAuth2AuthorizationServerApplicationTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package sample;
 
 import org.junit.Test;
diff --git a/samples/boot/oauth2login-webflux/src/integration-test/java/sample/OAuth2LoginApplicationTests.java b/samples/boot/oauth2login-webflux/src/integration-test/java/sample/OAuth2LoginApplicationTests.java
index 77be0fa63b..9f3d47193c 100644
--- a/samples/boot/oauth2login-webflux/src/integration-test/java/sample/OAuth2LoginApplicationTests.java
+++ b/samples/boot/oauth2login-webflux/src/integration-test/java/sample/OAuth2LoginApplicationTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package sample;
 
 import org.junit.Test;
diff --git a/samples/boot/oauth2login-webflux/src/main/java/sample/ReactiveOAuth2LoginApplication.java b/samples/boot/oauth2login-webflux/src/main/java/sample/ReactiveOAuth2LoginApplication.java
index 42fb0d9412..f6fd94e849 100644
--- a/samples/boot/oauth2login-webflux/src/main/java/sample/ReactiveOAuth2LoginApplication.java
+++ b/samples/boot/oauth2login-webflux/src/main/java/sample/ReactiveOAuth2LoginApplication.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package sample;
 
 import org.springframework.boot.SpringApplication;
diff --git a/samples/boot/oauth2login/src/integration-test/java/sample/OAuth2LoginApplicationTests.java b/samples/boot/oauth2login/src/integration-test/java/sample/OAuth2LoginApplicationTests.java
index 077a51abf3..f4488cb00d 100644
--- a/samples/boot/oauth2login/src/integration-test/java/sample/OAuth2LoginApplicationTests.java
+++ b/samples/boot/oauth2login/src/integration-test/java/sample/OAuth2LoginApplicationTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package sample;
 
 import java.net.URI;
diff --git a/samples/boot/oauth2login/src/main/java/sample/OAuth2LoginApplication.java b/samples/boot/oauth2login/src/main/java/sample/OAuth2LoginApplication.java
index 6496b2d0a3..dc69b3f9ec 100644
--- a/samples/boot/oauth2login/src/main/java/sample/OAuth2LoginApplication.java
+++ b/samples/boot/oauth2login/src/main/java/sample/OAuth2LoginApplication.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package sample;
 
 import org.springframework.boot.SpringApplication;
diff --git a/samples/boot/oauth2login/src/main/java/sample/web/OAuth2LoginController.java b/samples/boot/oauth2login/src/main/java/sample/web/OAuth2LoginController.java
index e70bd8744a..fa46a60ad7 100644
--- a/samples/boot/oauth2login/src/main/java/sample/web/OAuth2LoginController.java
+++ b/samples/boot/oauth2login/src/main/java/sample/web/OAuth2LoginController.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package sample.web;
 
 import org.springframework.security.core.annotation.AuthenticationPrincipal;
diff --git a/samples/boot/oauth2resourceserver-jwe/src/integration-test/java/sample/OAuth2ResourceServerApplicationITests.java b/samples/boot/oauth2resourceserver-jwe/src/integration-test/java/sample/OAuth2ResourceServerApplicationITests.java
index 44c78dec23..cd25346ce8 100644
--- a/samples/boot/oauth2resourceserver-jwe/src/integration-test/java/sample/OAuth2ResourceServerApplicationITests.java
+++ b/samples/boot/oauth2resourceserver-jwe/src/integration-test/java/sample/OAuth2ResourceServerApplicationITests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package sample;
 
 import org.junit.Test;
diff --git a/samples/boot/oauth2resourceserver-jwe/src/main/java/sample/OAuth2ResourceServerApplication.java b/samples/boot/oauth2resourceserver-jwe/src/main/java/sample/OAuth2ResourceServerApplication.java
index e854631aa2..a0841c00f3 100644
--- a/samples/boot/oauth2resourceserver-jwe/src/main/java/sample/OAuth2ResourceServerApplication.java
+++ b/samples/boot/oauth2resourceserver-jwe/src/main/java/sample/OAuth2ResourceServerApplication.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package sample;
 
 import org.springframework.boot.SpringApplication;
diff --git a/samples/boot/oauth2resourceserver-jwe/src/main/java/sample/OAuth2ResourceServerController.java b/samples/boot/oauth2resourceserver-jwe/src/main/java/sample/OAuth2ResourceServerController.java
index 87b123b7f8..f0bcdbe64f 100644
--- a/samples/boot/oauth2resourceserver-jwe/src/main/java/sample/OAuth2ResourceServerController.java
+++ b/samples/boot/oauth2resourceserver-jwe/src/main/java/sample/OAuth2ResourceServerController.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package sample;
 
 import org.springframework.security.core.annotation.AuthenticationPrincipal;
diff --git a/samples/boot/oauth2resourceserver-jwe/src/main/java/sample/OAuth2ResourceServerSecurityConfiguration.java b/samples/boot/oauth2resourceserver-jwe/src/main/java/sample/OAuth2ResourceServerSecurityConfiguration.java
index 827a9628f7..9e5e53f22e 100644
--- a/samples/boot/oauth2resourceserver-jwe/src/main/java/sample/OAuth2ResourceServerSecurityConfiguration.java
+++ b/samples/boot/oauth2resourceserver-jwe/src/main/java/sample/OAuth2ResourceServerSecurityConfiguration.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package sample;
 
 import java.net.URL;
diff --git a/samples/boot/oauth2resourceserver-multitenancy/src/integration-test/java/sample/OAuth2ResourceServerApplicationITests.java b/samples/boot/oauth2resourceserver-multitenancy/src/integration-test/java/sample/OAuth2ResourceServerApplicationITests.java
index a476a705f3..be6d3f559c 100644
--- a/samples/boot/oauth2resourceserver-multitenancy/src/integration-test/java/sample/OAuth2ResourceServerApplicationITests.java
+++ b/samples/boot/oauth2resourceserver-multitenancy/src/integration-test/java/sample/OAuth2ResourceServerApplicationITests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package sample;
 
 import org.junit.Test;
diff --git a/samples/boot/oauth2resourceserver-multitenancy/src/main/java/sample/OAuth2ResourceServerApplication.java b/samples/boot/oauth2resourceserver-multitenancy/src/main/java/sample/OAuth2ResourceServerApplication.java
index 06fc946601..d5c70cc70d 100644
--- a/samples/boot/oauth2resourceserver-multitenancy/src/main/java/sample/OAuth2ResourceServerApplication.java
+++ b/samples/boot/oauth2resourceserver-multitenancy/src/main/java/sample/OAuth2ResourceServerApplication.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package sample;
 
 import org.springframework.boot.SpringApplication;
diff --git a/samples/boot/oauth2resourceserver-multitenancy/src/main/java/sample/OAuth2ResourceServerController.java b/samples/boot/oauth2resourceserver-multitenancy/src/main/java/sample/OAuth2ResourceServerController.java
index 18165789a7..1dce6e718a 100644
--- a/samples/boot/oauth2resourceserver-multitenancy/src/main/java/sample/OAuth2ResourceServerController.java
+++ b/samples/boot/oauth2resourceserver-multitenancy/src/main/java/sample/OAuth2ResourceServerController.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package sample;
 
 import org.springframework.security.core.annotation.AuthenticationPrincipal;
diff --git a/samples/boot/oauth2resourceserver-multitenancy/src/main/java/sample/OAuth2ResourceServerSecurityConfiguration.java b/samples/boot/oauth2resourceserver-multitenancy/src/main/java/sample/OAuth2ResourceServerSecurityConfiguration.java
index a52933b648..5a8822631e 100644
--- a/samples/boot/oauth2resourceserver-multitenancy/src/main/java/sample/OAuth2ResourceServerSecurityConfiguration.java
+++ b/samples/boot/oauth2resourceserver-multitenancy/src/main/java/sample/OAuth2ResourceServerSecurityConfiguration.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package sample;
 
 import javax.servlet.http.HttpServletRequest;
diff --git a/samples/boot/oauth2resourceserver-opaque/src/integration-test/java/sample/OAuth2ResourceServerApplicationITests.java b/samples/boot/oauth2resourceserver-opaque/src/integration-test/java/sample/OAuth2ResourceServerApplicationITests.java
index 0be5e8ac3f..10bd3fc7ec 100644
--- a/samples/boot/oauth2resourceserver-opaque/src/integration-test/java/sample/OAuth2ResourceServerApplicationITests.java
+++ b/samples/boot/oauth2resourceserver-opaque/src/integration-test/java/sample/OAuth2ResourceServerApplicationITests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package sample;
 
 import org.junit.Test;
diff --git a/samples/boot/oauth2resourceserver-opaque/src/main/java/sample/OAuth2ResourceServerApplication.java b/samples/boot/oauth2resourceserver-opaque/src/main/java/sample/OAuth2ResourceServerApplication.java
index 06fc946601..d5c70cc70d 100644
--- a/samples/boot/oauth2resourceserver-opaque/src/main/java/sample/OAuth2ResourceServerApplication.java
+++ b/samples/boot/oauth2resourceserver-opaque/src/main/java/sample/OAuth2ResourceServerApplication.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package sample;
 
 import org.springframework.boot.SpringApplication;
diff --git a/samples/boot/oauth2resourceserver-opaque/src/main/java/sample/OAuth2ResourceServerController.java b/samples/boot/oauth2resourceserver-opaque/src/main/java/sample/OAuth2ResourceServerController.java
index f06db58ffd..857d29be66 100644
--- a/samples/boot/oauth2resourceserver-opaque/src/main/java/sample/OAuth2ResourceServerController.java
+++ b/samples/boot/oauth2resourceserver-opaque/src/main/java/sample/OAuth2ResourceServerController.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package sample;
 
 import org.springframework.security.core.annotation.AuthenticationPrincipal;
diff --git a/samples/boot/oauth2resourceserver-opaque/src/main/java/sample/OAuth2ResourceServerSecurityConfiguration.java b/samples/boot/oauth2resourceserver-opaque/src/main/java/sample/OAuth2ResourceServerSecurityConfiguration.java
index 42d424fd7a..f32a5d70c4 100644
--- a/samples/boot/oauth2resourceserver-opaque/src/main/java/sample/OAuth2ResourceServerSecurityConfiguration.java
+++ b/samples/boot/oauth2resourceserver-opaque/src/main/java/sample/OAuth2ResourceServerSecurityConfiguration.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package sample;
 
 import org.springframework.beans.factory.annotation.Value;
diff --git a/samples/boot/oauth2resourceserver-opaque/src/test/java/sample/OAuth2ResourceServerControllerTests.java b/samples/boot/oauth2resourceserver-opaque/src/test/java/sample/OAuth2ResourceServerControllerTests.java
index 48839acd3d..29d1cd1ea8 100644
--- a/samples/boot/oauth2resourceserver-opaque/src/test/java/sample/OAuth2ResourceServerControllerTests.java
+++ b/samples/boot/oauth2resourceserver-opaque/src/test/java/sample/OAuth2ResourceServerControllerTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package sample;
 
 import org.junit.Test;
diff --git a/samples/boot/oauth2resourceserver-static/src/integration-test/java/sample/OAuth2ResourceServerApplicationITests.java b/samples/boot/oauth2resourceserver-static/src/integration-test/java/sample/OAuth2ResourceServerApplicationITests.java
index 4cb8018d8d..851d3bd242 100644
--- a/samples/boot/oauth2resourceserver-static/src/integration-test/java/sample/OAuth2ResourceServerApplicationITests.java
+++ b/samples/boot/oauth2resourceserver-static/src/integration-test/java/sample/OAuth2ResourceServerApplicationITests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package sample;
 
 import org.junit.Test;
diff --git a/samples/boot/oauth2resourceserver-static/src/main/java/sample/OAuth2ResourceServerApplication.java b/samples/boot/oauth2resourceserver-static/src/main/java/sample/OAuth2ResourceServerApplication.java
index e854631aa2..a0841c00f3 100644
--- a/samples/boot/oauth2resourceserver-static/src/main/java/sample/OAuth2ResourceServerApplication.java
+++ b/samples/boot/oauth2resourceserver-static/src/main/java/sample/OAuth2ResourceServerApplication.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package sample;
 
 import org.springframework.boot.SpringApplication;
diff --git a/samples/boot/oauth2resourceserver-static/src/main/java/sample/OAuth2ResourceServerController.java b/samples/boot/oauth2resourceserver-static/src/main/java/sample/OAuth2ResourceServerController.java
index 87b123b7f8..f0bcdbe64f 100644
--- a/samples/boot/oauth2resourceserver-static/src/main/java/sample/OAuth2ResourceServerController.java
+++ b/samples/boot/oauth2resourceserver-static/src/main/java/sample/OAuth2ResourceServerController.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package sample;
 
 import org.springframework.security.core.annotation.AuthenticationPrincipal;
diff --git a/samples/boot/oauth2resourceserver-static/src/main/java/sample/OAuth2ResourceServerSecurityConfiguration.java b/samples/boot/oauth2resourceserver-static/src/main/java/sample/OAuth2ResourceServerSecurityConfiguration.java
index bdc248d5aa..4d70204150 100644
--- a/samples/boot/oauth2resourceserver-static/src/main/java/sample/OAuth2ResourceServerSecurityConfiguration.java
+++ b/samples/boot/oauth2resourceserver-static/src/main/java/sample/OAuth2ResourceServerSecurityConfiguration.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package sample;
 
 import java.security.interfaces.RSAPublicKey;
diff --git a/samples/boot/oauth2resourceserver-webflux/src/main/java/sample/OAuth2ResourceServerController.java b/samples/boot/oauth2resourceserver-webflux/src/main/java/sample/OAuth2ResourceServerController.java
index 4e0fed8cdd..ea34b99e20 100644
--- a/samples/boot/oauth2resourceserver-webflux/src/main/java/sample/OAuth2ResourceServerController.java
+++ b/samples/boot/oauth2resourceserver-webflux/src/main/java/sample/OAuth2ResourceServerController.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package sample;
 
 import org.springframework.security.core.annotation.AuthenticationPrincipal;
diff --git a/samples/boot/oauth2resourceserver-webflux/src/main/java/sample/ServerOAuth2ResourceServerApplication.java b/samples/boot/oauth2resourceserver-webflux/src/main/java/sample/ServerOAuth2ResourceServerApplication.java
index 4c63ed00ab..c3e3575e26 100644
--- a/samples/boot/oauth2resourceserver-webflux/src/main/java/sample/ServerOAuth2ResourceServerApplication.java
+++ b/samples/boot/oauth2resourceserver-webflux/src/main/java/sample/ServerOAuth2ResourceServerApplication.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package sample;
 
 import org.springframework.boot.SpringApplication;
diff --git a/samples/boot/oauth2resourceserver/src/integration-test/java/sample/OAuth2ResourceServerApplicationITests.java b/samples/boot/oauth2resourceserver/src/integration-test/java/sample/OAuth2ResourceServerApplicationITests.java
index a61ef43a1d..bb7de58665 100644
--- a/samples/boot/oauth2resourceserver/src/integration-test/java/sample/OAuth2ResourceServerApplicationITests.java
+++ b/samples/boot/oauth2resourceserver/src/integration-test/java/sample/OAuth2ResourceServerApplicationITests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package sample;
 
 import org.junit.Test;
diff --git a/samples/boot/oauth2resourceserver/src/main/java/sample/OAuth2ResourceServerApplication.java b/samples/boot/oauth2resourceserver/src/main/java/sample/OAuth2ResourceServerApplication.java
index e854631aa2..a0841c00f3 100644
--- a/samples/boot/oauth2resourceserver/src/main/java/sample/OAuth2ResourceServerApplication.java
+++ b/samples/boot/oauth2resourceserver/src/main/java/sample/OAuth2ResourceServerApplication.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package sample;
 
 import org.springframework.boot.SpringApplication;
diff --git a/samples/boot/oauth2resourceserver/src/main/java/sample/OAuth2ResourceServerController.java b/samples/boot/oauth2resourceserver/src/main/java/sample/OAuth2ResourceServerController.java
index 241f054885..c761078dd8 100644
--- a/samples/boot/oauth2resourceserver/src/main/java/sample/OAuth2ResourceServerController.java
+++ b/samples/boot/oauth2resourceserver/src/main/java/sample/OAuth2ResourceServerController.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package sample;
 
 import org.springframework.security.core.annotation.AuthenticationPrincipal;
diff --git a/samples/boot/oauth2resourceserver/src/main/java/sample/OAuth2ResourceServerSecurityConfiguration.java b/samples/boot/oauth2resourceserver/src/main/java/sample/OAuth2ResourceServerSecurityConfiguration.java
index 819e0bc5e3..f003ee37d9 100644
--- a/samples/boot/oauth2resourceserver/src/main/java/sample/OAuth2ResourceServerSecurityConfiguration.java
+++ b/samples/boot/oauth2resourceserver/src/main/java/sample/OAuth2ResourceServerSecurityConfiguration.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package sample;
 
 import org.springframework.beans.factory.annotation.Value;
diff --git a/samples/boot/oauth2resourceserver/src/test/java/sample/OAuth2ResourceServerControllerTests.java b/samples/boot/oauth2resourceserver/src/test/java/sample/OAuth2ResourceServerControllerTests.java
index 46ec794827..8160062ebd 100644
--- a/samples/boot/oauth2resourceserver/src/test/java/sample/OAuth2ResourceServerControllerTests.java
+++ b/samples/boot/oauth2resourceserver/src/test/java/sample/OAuth2ResourceServerControllerTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package sample;
 
 import org.junit.Test;
diff --git a/samples/boot/oauth2webclient-webflux/src/main/java/sample/OAuth2WebClientWebFluxApplication.java b/samples/boot/oauth2webclient-webflux/src/main/java/sample/OAuth2WebClientWebFluxApplication.java
index 1882440595..cdd6416f93 100644
--- a/samples/boot/oauth2webclient-webflux/src/main/java/sample/OAuth2WebClientWebFluxApplication.java
+++ b/samples/boot/oauth2webclient-webflux/src/main/java/sample/OAuth2WebClientWebFluxApplication.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package sample;
 
 import org.springframework.boot.SpringApplication;
diff --git a/samples/boot/oauth2webclient-webflux/src/main/java/sample/config/SecurityConfig.java b/samples/boot/oauth2webclient-webflux/src/main/java/sample/config/SecurityConfig.java
index bea4effe96..279aae17cb 100644
--- a/samples/boot/oauth2webclient-webflux/src/main/java/sample/config/SecurityConfig.java
+++ b/samples/boot/oauth2webclient-webflux/src/main/java/sample/config/SecurityConfig.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package sample.config;
 
 import org.springframework.context.annotation.Bean;
diff --git a/samples/boot/oauth2webclient-webflux/src/main/java/sample/web/OAuth2WebClientController.java b/samples/boot/oauth2webclient-webflux/src/main/java/sample/web/OAuth2WebClientController.java
index f7daadb18b..a1ddae90aa 100644
--- a/samples/boot/oauth2webclient-webflux/src/main/java/sample/web/OAuth2WebClientController.java
+++ b/samples/boot/oauth2webclient-webflux/src/main/java/sample/web/OAuth2WebClientController.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package sample.web;
 
 import reactor.core.publisher.Mono;
diff --git a/samples/boot/oauth2webclient-webflux/src/main/java/sample/web/RegisteredOAuth2AuthorizedClientController.java b/samples/boot/oauth2webclient-webflux/src/main/java/sample/web/RegisteredOAuth2AuthorizedClientController.java
index 89961e84f2..558277394f 100644
--- a/samples/boot/oauth2webclient-webflux/src/main/java/sample/web/RegisteredOAuth2AuthorizedClientController.java
+++ b/samples/boot/oauth2webclient-webflux/src/main/java/sample/web/RegisteredOAuth2AuthorizedClientController.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package sample.web;
 
 import reactor.core.publisher.Mono;
diff --git a/samples/boot/oauth2webclient/src/main/java/sample/OAuth2WebClientApplication.java b/samples/boot/oauth2webclient/src/main/java/sample/OAuth2WebClientApplication.java
index 89cf9a5fcd..4c4a6b7de1 100644
--- a/samples/boot/oauth2webclient/src/main/java/sample/OAuth2WebClientApplication.java
+++ b/samples/boot/oauth2webclient/src/main/java/sample/OAuth2WebClientApplication.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package sample;
 
 import org.springframework.boot.SpringApplication;
diff --git a/samples/boot/oauth2webclient/src/main/java/sample/config/SecurityConfig.java b/samples/boot/oauth2webclient/src/main/java/sample/config/SecurityConfig.java
index 80cae2f658..4ac610bf04 100644
--- a/samples/boot/oauth2webclient/src/main/java/sample/config/SecurityConfig.java
+++ b/samples/boot/oauth2webclient/src/main/java/sample/config/SecurityConfig.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package sample.config;
 
 import org.springframework.context.annotation.Bean;
diff --git a/samples/boot/oauth2webclient/src/main/java/sample/web/OAuth2WebClientController.java b/samples/boot/oauth2webclient/src/main/java/sample/web/OAuth2WebClientController.java
index 226b5e9bcd..f20b479d1f 100644
--- a/samples/boot/oauth2webclient/src/main/java/sample/web/OAuth2WebClientController.java
+++ b/samples/boot/oauth2webclient/src/main/java/sample/web/OAuth2WebClientController.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package sample.web;
 
 import org.springframework.stereotype.Controller;
diff --git a/samples/boot/oauth2webclient/src/main/java/sample/web/RegisteredOAuth2AuthorizedClientController.java b/samples/boot/oauth2webclient/src/main/java/sample/web/RegisteredOAuth2AuthorizedClientController.java
index b0b8200f30..883db445d0 100644
--- a/samples/boot/oauth2webclient/src/main/java/sample/web/RegisteredOAuth2AuthorizedClientController.java
+++ b/samples/boot/oauth2webclient/src/main/java/sample/web/RegisteredOAuth2AuthorizedClientController.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package sample.web;
 
 import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
diff --git a/samples/boot/saml2login/src/main/java/sample/Saml2LoginApplication.java b/samples/boot/saml2login/src/main/java/sample/Saml2LoginApplication.java
index 7162c406ab..08202d28de 100644
--- a/samples/boot/saml2login/src/main/java/sample/Saml2LoginApplication.java
+++ b/samples/boot/saml2login/src/main/java/sample/Saml2LoginApplication.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package sample;
 
 import org.springframework.boot.SpringApplication;
diff --git a/samples/boot/webflux-form/src/integration-test/java/sample/WebfluxFormApplicationTests.java b/samples/boot/webflux-form/src/integration-test/java/sample/WebfluxFormApplicationTests.java
index 41cda60a5c..c9062faa59 100644
--- a/samples/boot/webflux-form/src/integration-test/java/sample/WebfluxFormApplicationTests.java
+++ b/samples/boot/webflux-form/src/integration-test/java/sample/WebfluxFormApplicationTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package sample;
 
 import org.junit.Before;
diff --git a/samples/javaconfig/aspectj/src/main/java/sample/aspectj/AspectjSecurityConfig.java b/samples/javaconfig/aspectj/src/main/java/sample/aspectj/AspectjSecurityConfig.java
index 0bfe89b7f7..038b8271f3 100644
--- a/samples/javaconfig/aspectj/src/main/java/sample/aspectj/AspectjSecurityConfig.java
+++ b/samples/javaconfig/aspectj/src/main/java/sample/aspectj/AspectjSecurityConfig.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package sample.aspectj;
 
 import org.springframework.beans.factory.annotation.Autowired;
diff --git a/samples/javaconfig/aspectj/src/main/java/sample/aspectj/SecuredService.java b/samples/javaconfig/aspectj/src/main/java/sample/aspectj/SecuredService.java
index bf954915b8..9f81cf1733 100644
--- a/samples/javaconfig/aspectj/src/main/java/sample/aspectj/SecuredService.java
+++ b/samples/javaconfig/aspectj/src/main/java/sample/aspectj/SecuredService.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package sample.aspectj;
 
 import org.springframework.security.access.annotation.Secured;
diff --git a/samples/javaconfig/aspectj/src/main/java/sample/aspectj/Service.java b/samples/javaconfig/aspectj/src/main/java/sample/aspectj/Service.java
index 2c5a433018..70b8c0c71f 100644
--- a/samples/javaconfig/aspectj/src/main/java/sample/aspectj/Service.java
+++ b/samples/javaconfig/aspectj/src/main/java/sample/aspectj/Service.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package sample.aspectj;
 
 import org.springframework.security.access.annotation.Secured;
diff --git a/samples/javaconfig/aspectj/src/test/java/sample/aspectj/AspectJInterceptorTests.java b/samples/javaconfig/aspectj/src/test/java/sample/aspectj/AspectJInterceptorTests.java
index 1c7cf918bf..344de63e11 100644
--- a/samples/javaconfig/aspectj/src/test/java/sample/aspectj/AspectJInterceptorTests.java
+++ b/samples/javaconfig/aspectj/src/test/java/sample/aspectj/AspectJInterceptorTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package sample.aspectj;
 
 import org.junit.After;
diff --git a/samples/javaconfig/concurrency/src/main/java/org/springframework/security/samples/config/MessageSecurityWebApplicationInitializer.java b/samples/javaconfig/concurrency/src/main/java/org/springframework/security/samples/config/MessageSecurityWebApplicationInitializer.java
index 7de3308deb..c33dc58cf2 100644
--- a/samples/javaconfig/concurrency/src/main/java/org/springframework/security/samples/config/MessageSecurityWebApplicationInitializer.java
+++ b/samples/javaconfig/concurrency/src/main/java/org/springframework/security/samples/config/MessageSecurityWebApplicationInitializer.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples.config;
 
 import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;
diff --git a/samples/javaconfig/concurrency/src/main/java/org/springframework/security/samples/config/SecurityConfig.java b/samples/javaconfig/concurrency/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
index d71dd73fc7..99328c184e 100644
--- a/samples/javaconfig/concurrency/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
+++ b/samples/javaconfig/concurrency/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples.config;
 
 import org.springframework.beans.factory.annotation.Autowired;
diff --git a/samples/javaconfig/concurrency/src/test/java/org/springframework/security/samples/config/SecurityConfigTests.java b/samples/javaconfig/concurrency/src/test/java/org/springframework/security/samples/config/SecurityConfigTests.java
index e77a3ef7c1..dd807f16d1 100644
--- a/samples/javaconfig/concurrency/src/test/java/org/springframework/security/samples/config/SecurityConfigTests.java
+++ b/samples/javaconfig/concurrency/src/test/java/org/springframework/security/samples/config/SecurityConfigTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples.config;
 
 import org.junit.Test;
diff --git a/samples/javaconfig/data/src/main/java/samples/DataConfig.java b/samples/javaconfig/data/src/main/java/samples/DataConfig.java
index 063d637110..cd401a5df4 100644
--- a/samples/javaconfig/data/src/main/java/samples/DataConfig.java
+++ b/samples/javaconfig/data/src/main/java/samples/DataConfig.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package samples;
 
 import org.springframework.context.annotation.Bean;
diff --git a/samples/javaconfig/data/src/main/java/samples/data/Message.java b/samples/javaconfig/data/src/main/java/samples/data/Message.java
index 94e04ce520..7c567e9c12 100644
--- a/samples/javaconfig/data/src/main/java/samples/data/Message.java
+++ b/samples/javaconfig/data/src/main/java/samples/data/Message.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package samples.data;
 
 import java.util.Calendar;
diff --git a/samples/javaconfig/data/src/main/java/samples/data/MessageRepository.java b/samples/javaconfig/data/src/main/java/samples/data/MessageRepository.java
index f356f3065a..c98a1d3fde 100644
--- a/samples/javaconfig/data/src/main/java/samples/data/MessageRepository.java
+++ b/samples/javaconfig/data/src/main/java/samples/data/MessageRepository.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package samples.data;
 
 import org.springframework.data.jpa.repository.JpaRepository;
diff --git a/samples/javaconfig/data/src/main/java/samples/data/SecurityMessageRepository.java b/samples/javaconfig/data/src/main/java/samples/data/SecurityMessageRepository.java
index e9a2f8eee1..f6b2ac956d 100644
--- a/samples/javaconfig/data/src/main/java/samples/data/SecurityMessageRepository.java
+++ b/samples/javaconfig/data/src/main/java/samples/data/SecurityMessageRepository.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package samples.data;
 
 import org.springframework.data.jpa.repository.Query;
diff --git a/samples/javaconfig/data/src/main/java/samples/data/User.java b/samples/javaconfig/data/src/main/java/samples/data/User.java
index 55190206ba..15d4f37d77 100644
--- a/samples/javaconfig/data/src/main/java/samples/data/User.java
+++ b/samples/javaconfig/data/src/main/java/samples/data/User.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package samples.data;
 
 import javax.persistence.Entity;
diff --git a/samples/javaconfig/data/src/test/java/samples/data/SecurityMessageRepositoryTests.java b/samples/javaconfig/data/src/test/java/samples/data/SecurityMessageRepositoryTests.java
index 3ca8aa3203..9972659fd2 100644
--- a/samples/javaconfig/data/src/test/java/samples/data/SecurityMessageRepositoryTests.java
+++ b/samples/javaconfig/data/src/test/java/samples/data/SecurityMessageRepositoryTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package samples.data;
 
 import org.junit.After;
diff --git a/samples/javaconfig/form/src/integration-test/java/org/springframework/security/samples/FormJcTests.java b/samples/javaconfig/form/src/integration-test/java/org/springframework/security/samples/FormJcTests.java
index 8a56b13168..1ca1e669a1 100644
--- a/samples/javaconfig/form/src/integration-test/java/org/springframework/security/samples/FormJcTests.java
+++ b/samples/javaconfig/form/src/integration-test/java/org/springframework/security/samples/FormJcTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples;
 
 import org.junit.After;
diff --git a/samples/javaconfig/form/src/integration-test/java/org/springframework/security/samples/pages/HomePage.java b/samples/javaconfig/form/src/integration-test/java/org/springframework/security/samples/pages/HomePage.java
index 8becdc4b33..22ddd1c639 100644
--- a/samples/javaconfig/form/src/integration-test/java/org/springframework/security/samples/pages/HomePage.java
+++ b/samples/javaconfig/form/src/integration-test/java/org/springframework/security/samples/pages/HomePage.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples.pages;
 
 import org.openqa.selenium.WebDriver;
diff --git a/samples/javaconfig/form/src/integration-test/java/org/springframework/security/samples/pages/LoginPage.java b/samples/javaconfig/form/src/integration-test/java/org/springframework/security/samples/pages/LoginPage.java
index e4956e3eed..af6fbaa988 100644
--- a/samples/javaconfig/form/src/integration-test/java/org/springframework/security/samples/pages/LoginPage.java
+++ b/samples/javaconfig/form/src/integration-test/java/org/springframework/security/samples/pages/LoginPage.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples.pages;
 
 import org.openqa.selenium.WebDriver;
diff --git a/samples/javaconfig/form/src/main/java/org/springframework/security/samples/config/MessageSecurityWebApplicationInitializer.java b/samples/javaconfig/form/src/main/java/org/springframework/security/samples/config/MessageSecurityWebApplicationInitializer.java
index 4ed43fc3cb..f851f82de0 100644
--- a/samples/javaconfig/form/src/main/java/org/springframework/security/samples/config/MessageSecurityWebApplicationInitializer.java
+++ b/samples/javaconfig/form/src/main/java/org/springframework/security/samples/config/MessageSecurityWebApplicationInitializer.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples.config;
 
 import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;
diff --git a/samples/javaconfig/form/src/main/java/org/springframework/security/samples/config/SecurityConfig.java b/samples/javaconfig/form/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
index 5b002bade0..b1ee5fa3f3 100644
--- a/samples/javaconfig/form/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
+++ b/samples/javaconfig/form/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples.config;
 
 import org.springframework.beans.factory.annotation.Autowired;
diff --git a/samples/javaconfig/form/src/test/java/org/springframework/security/samples/config/SecurityConfigTests.java b/samples/javaconfig/form/src/test/java/org/springframework/security/samples/config/SecurityConfigTests.java
index e77a3ef7c1..dd807f16d1 100644
--- a/samples/javaconfig/form/src/test/java/org/springframework/security/samples/config/SecurityConfigTests.java
+++ b/samples/javaconfig/form/src/test/java/org/springframework/security/samples/config/SecurityConfigTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples.config;
 
 import org.junit.Test;
diff --git a/samples/javaconfig/hellojs/src/main/java/org/springframework/security/samples/config/MessageSecurityWebApplicationInitializer.java b/samples/javaconfig/hellojs/src/main/java/org/springframework/security/samples/config/MessageSecurityWebApplicationInitializer.java
index 4ed43fc3cb..f851f82de0 100644
--- a/samples/javaconfig/hellojs/src/main/java/org/springframework/security/samples/config/MessageSecurityWebApplicationInitializer.java
+++ b/samples/javaconfig/hellojs/src/main/java/org/springframework/security/samples/config/MessageSecurityWebApplicationInitializer.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples.config;
 
 import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;
diff --git a/samples/javaconfig/hellojs/src/main/java/org/springframework/security/samples/config/SecurityConfig.java b/samples/javaconfig/hellojs/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
index 4182b2b95c..595d2413e0 100644
--- a/samples/javaconfig/hellojs/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
+++ b/samples/javaconfig/hellojs/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples.config;
 
 import org.springframework.beans.factory.annotation.Autowired;
diff --git a/samples/javaconfig/hellojs/src/main/java/org/springframework/security/samples/mvc/MessageJsonController.java b/samples/javaconfig/hellojs/src/main/java/org/springframework/security/samples/mvc/MessageJsonController.java
index 65bc3d1f12..696d3c75e7 100644
--- a/samples/javaconfig/hellojs/src/main/java/org/springframework/security/samples/mvc/MessageJsonController.java
+++ b/samples/javaconfig/hellojs/src/main/java/org/springframework/security/samples/mvc/MessageJsonController.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples.mvc;
 
 import java.util.ArrayList;
diff --git a/samples/javaconfig/hellojs/src/test/java/org/springframework/security/samples/config/SecurityConfigTests.java b/samples/javaconfig/hellojs/src/test/java/org/springframework/security/samples/config/SecurityConfigTests.java
index e77a3ef7c1..dd807f16d1 100644
--- a/samples/javaconfig/hellojs/src/test/java/org/springframework/security/samples/config/SecurityConfigTests.java
+++ b/samples/javaconfig/hellojs/src/test/java/org/springframework/security/samples/config/SecurityConfigTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples.config;
 
 import org.junit.Test;
diff --git a/samples/javaconfig/hellomvc/src/main/java/org/springframework/security/samples/config/MessageSecurityWebApplicationInitializer.java b/samples/javaconfig/hellomvc/src/main/java/org/springframework/security/samples/config/MessageSecurityWebApplicationInitializer.java
index edce6c794f..45f8ae8d78 100644
--- a/samples/javaconfig/hellomvc/src/main/java/org/springframework/security/samples/config/MessageSecurityWebApplicationInitializer.java
+++ b/samples/javaconfig/hellomvc/src/main/java/org/springframework/security/samples/config/MessageSecurityWebApplicationInitializer.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples.config;
 
 import org.springframework.core.annotation.Order;
diff --git a/samples/javaconfig/hellomvc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java b/samples/javaconfig/hellomvc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
index 2ad15cf836..c0719e88f8 100644
--- a/samples/javaconfig/hellomvc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
+++ b/samples/javaconfig/hellomvc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples.config;
 
 import org.springframework.beans.factory.annotation.Autowired;
diff --git a/samples/javaconfig/hellomvc/src/test/java/org/springframework/security/samples/config/SecurityConfigTests.java b/samples/javaconfig/hellomvc/src/test/java/org/springframework/security/samples/config/SecurityConfigTests.java
index 140318cd59..f7117bf46b 100644
--- a/samples/javaconfig/hellomvc/src/test/java/org/springframework/security/samples/config/SecurityConfigTests.java
+++ b/samples/javaconfig/hellomvc/src/test/java/org/springframework/security/samples/config/SecurityConfigTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples.config;
 
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.*;
diff --git a/samples/javaconfig/helloworld/src/integration-test/java/org/springframework/security/samples/HelloWorldJcTests.java b/samples/javaconfig/helloworld/src/integration-test/java/org/springframework/security/samples/HelloWorldJcTests.java
index 85e7fcad64..d2f43eb8bd 100644
--- a/samples/javaconfig/helloworld/src/integration-test/java/org/springframework/security/samples/HelloWorldJcTests.java
+++ b/samples/javaconfig/helloworld/src/integration-test/java/org/springframework/security/samples/HelloWorldJcTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples;
 
 import org.junit.After;
diff --git a/samples/javaconfig/helloworld/src/integration-test/java/org/springframework/security/samples/pages/HomePage.java b/samples/javaconfig/helloworld/src/integration-test/java/org/springframework/security/samples/pages/HomePage.java
index fae8d98220..ed527c3957 100644
--- a/samples/javaconfig/helloworld/src/integration-test/java/org/springframework/security/samples/pages/HomePage.java
+++ b/samples/javaconfig/helloworld/src/integration-test/java/org/springframework/security/samples/pages/HomePage.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples.pages;
 
 import org.openqa.selenium.WebDriver;
diff --git a/samples/javaconfig/helloworld/src/integration-test/java/org/springframework/security/samples/pages/LoginPage.java b/samples/javaconfig/helloworld/src/integration-test/java/org/springframework/security/samples/pages/LoginPage.java
index 2532ba2406..30822ea2a9 100644
--- a/samples/javaconfig/helloworld/src/integration-test/java/org/springframework/security/samples/pages/LoginPage.java
+++ b/samples/javaconfig/helloworld/src/integration-test/java/org/springframework/security/samples/pages/LoginPage.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples.pages;
 
 import org.openqa.selenium.WebDriver;
diff --git a/samples/javaconfig/helloworld/src/main/java/org/springframework/security/samples/config/SecurityConfig.java b/samples/javaconfig/helloworld/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
index c3bdfe2417..0d80bfac16 100644
--- a/samples/javaconfig/helloworld/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
+++ b/samples/javaconfig/helloworld/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples.config;
 
 import org.springframework.context.annotation.Bean;
diff --git a/samples/javaconfig/helloworld/src/main/java/org/springframework/security/samples/config/SecurityWebApplicationInitializer.java b/samples/javaconfig/helloworld/src/main/java/org/springframework/security/samples/config/SecurityWebApplicationInitializer.java
index 0605ea4647..008b87b870 100644
--- a/samples/javaconfig/helloworld/src/main/java/org/springframework/security/samples/config/SecurityWebApplicationInitializer.java
+++ b/samples/javaconfig/helloworld/src/main/java/org/springframework/security/samples/config/SecurityWebApplicationInitializer.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples.config;
 
 import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;
diff --git a/samples/javaconfig/inmemory/src/main/java/org/springframework/security/samples/config/MessageSecurityWebApplicationInitializer.java b/samples/javaconfig/inmemory/src/main/java/org/springframework/security/samples/config/MessageSecurityWebApplicationInitializer.java
index 4ed43fc3cb..f851f82de0 100644
--- a/samples/javaconfig/inmemory/src/main/java/org/springframework/security/samples/config/MessageSecurityWebApplicationInitializer.java
+++ b/samples/javaconfig/inmemory/src/main/java/org/springframework/security/samples/config/MessageSecurityWebApplicationInitializer.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples.config;
 
 import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;
diff --git a/samples/javaconfig/inmemory/src/main/java/org/springframework/security/samples/config/SecurityConfig.java b/samples/javaconfig/inmemory/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
index a657c60795..ad65d6ec9b 100644
--- a/samples/javaconfig/inmemory/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
+++ b/samples/javaconfig/inmemory/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples.config;
 
 import org.springframework.context.annotation.Bean;
diff --git a/samples/javaconfig/inmemory/src/test/java/org/springframework/security/samples/config/SecurityConfigTests.java b/samples/javaconfig/inmemory/src/test/java/org/springframework/security/samples/config/SecurityConfigTests.java
index 1352614e87..507cc875da 100644
--- a/samples/javaconfig/inmemory/src/test/java/org/springframework/security/samples/config/SecurityConfigTests.java
+++ b/samples/javaconfig/inmemory/src/test/java/org/springframework/security/samples/config/SecurityConfigTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples.config;
 
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.*;
diff --git a/samples/javaconfig/jdbc/src/integration-test/java/org/springframework/security/samples/JdbcJcTests.java b/samples/javaconfig/jdbc/src/integration-test/java/org/springframework/security/samples/JdbcJcTests.java
index 985d2c6f63..dad6a0052c 100644
--- a/samples/javaconfig/jdbc/src/integration-test/java/org/springframework/security/samples/JdbcJcTests.java
+++ b/samples/javaconfig/jdbc/src/integration-test/java/org/springframework/security/samples/JdbcJcTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples;
 
 import org.junit.After;
diff --git a/samples/javaconfig/jdbc/src/integration-test/java/org/springframework/security/samples/pages/HomePage.java b/samples/javaconfig/jdbc/src/integration-test/java/org/springframework/security/samples/pages/HomePage.java
index d3bbbdb25b..71033bf941 100644
--- a/samples/javaconfig/jdbc/src/integration-test/java/org/springframework/security/samples/pages/HomePage.java
+++ b/samples/javaconfig/jdbc/src/integration-test/java/org/springframework/security/samples/pages/HomePage.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples.pages;
 
 import org.openqa.selenium.WebDriver;
diff --git a/samples/javaconfig/jdbc/src/integration-test/java/org/springframework/security/samples/pages/LoginPage.java b/samples/javaconfig/jdbc/src/integration-test/java/org/springframework/security/samples/pages/LoginPage.java
index 2532ba2406..30822ea2a9 100644
--- a/samples/javaconfig/jdbc/src/integration-test/java/org/springframework/security/samples/pages/LoginPage.java
+++ b/samples/javaconfig/jdbc/src/integration-test/java/org/springframework/security/samples/pages/LoginPage.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples.pages;
 
 import org.openqa.selenium.WebDriver;
diff --git a/samples/javaconfig/jdbc/src/main/java/org/springframework/security/samples/config/MessageSecurityWebApplicationInitializer.java b/samples/javaconfig/jdbc/src/main/java/org/springframework/security/samples/config/MessageSecurityWebApplicationInitializer.java
index 4ed43fc3cb..f851f82de0 100644
--- a/samples/javaconfig/jdbc/src/main/java/org/springframework/security/samples/config/MessageSecurityWebApplicationInitializer.java
+++ b/samples/javaconfig/jdbc/src/main/java/org/springframework/security/samples/config/MessageSecurityWebApplicationInitializer.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples.config;
 
 import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;
diff --git a/samples/javaconfig/jdbc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java b/samples/javaconfig/jdbc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
index 7715efc3e9..e3dbb1cf51 100644
--- a/samples/javaconfig/jdbc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
+++ b/samples/javaconfig/jdbc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples.config;
 
 import javax.sql.DataSource;
diff --git a/samples/javaconfig/ldap/src/integration-test/java/org/springframework/security/samples/LdapJcTests.java b/samples/javaconfig/ldap/src/integration-test/java/org/springframework/security/samples/LdapJcTests.java
index 7e8f7f6436..99df0ac959 100644
--- a/samples/javaconfig/ldap/src/integration-test/java/org/springframework/security/samples/LdapJcTests.java
+++ b/samples/javaconfig/ldap/src/integration-test/java/org/springframework/security/samples/LdapJcTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples;
 
 import org.junit.After;
diff --git a/samples/javaconfig/ldap/src/integration-test/java/org/springframework/security/samples/pages/HomePage.java b/samples/javaconfig/ldap/src/integration-test/java/org/springframework/security/samples/pages/HomePage.java
index 8becdc4b33..22ddd1c639 100644
--- a/samples/javaconfig/ldap/src/integration-test/java/org/springframework/security/samples/pages/HomePage.java
+++ b/samples/javaconfig/ldap/src/integration-test/java/org/springframework/security/samples/pages/HomePage.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples.pages;
 
 import org.openqa.selenium.WebDriver;
diff --git a/samples/javaconfig/ldap/src/integration-test/java/org/springframework/security/samples/pages/LoginPage.java b/samples/javaconfig/ldap/src/integration-test/java/org/springframework/security/samples/pages/LoginPage.java
index 2532ba2406..30822ea2a9 100644
--- a/samples/javaconfig/ldap/src/integration-test/java/org/springframework/security/samples/pages/LoginPage.java
+++ b/samples/javaconfig/ldap/src/integration-test/java/org/springframework/security/samples/pages/LoginPage.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples.pages;
 
 import org.openqa.selenium.WebDriver;
diff --git a/samples/javaconfig/ldap/src/main/java/org/springframework/security/samples/config/MessageSecurityWebApplicationInitializer.java b/samples/javaconfig/ldap/src/main/java/org/springframework/security/samples/config/MessageSecurityWebApplicationInitializer.java
index 4ed43fc3cb..f851f82de0 100644
--- a/samples/javaconfig/ldap/src/main/java/org/springframework/security/samples/config/MessageSecurityWebApplicationInitializer.java
+++ b/samples/javaconfig/ldap/src/main/java/org/springframework/security/samples/config/MessageSecurityWebApplicationInitializer.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples.config;
 
 import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;
diff --git a/samples/javaconfig/ldap/src/main/java/org/springframework/security/samples/config/SecurityConfig.java b/samples/javaconfig/ldap/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
index 0d07a12d62..116219d418 100644
--- a/samples/javaconfig/ldap/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
+++ b/samples/javaconfig/ldap/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples.config;
 
 import org.springframework.beans.factory.annotation.Autowired;
diff --git a/samples/javaconfig/messages/src/main/java/org/springframework/security/samples/config/DataConfiguration.java b/samples/javaconfig/messages/src/main/java/org/springframework/security/samples/config/DataConfiguration.java
index 8cf7d9695d..9e174051d8 100644
--- a/samples/javaconfig/messages/src/main/java/org/springframework/security/samples/config/DataConfiguration.java
+++ b/samples/javaconfig/messages/src/main/java/org/springframework/security/samples/config/DataConfiguration.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples.config;
 
 import javax.sql.DataSource;
diff --git a/samples/javaconfig/messages/src/main/java/org/springframework/security/samples/config/MessageWebApplicationInitializer.java b/samples/javaconfig/messages/src/main/java/org/springframework/security/samples/config/MessageWebApplicationInitializer.java
index bf46ff3364..428042060f 100644
--- a/samples/javaconfig/messages/src/main/java/org/springframework/security/samples/config/MessageWebApplicationInitializer.java
+++ b/samples/javaconfig/messages/src/main/java/org/springframework/security/samples/config/MessageWebApplicationInitializer.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples.config;
 
 import javax.servlet.Filter;
diff --git a/samples/javaconfig/messages/src/main/java/org/springframework/security/samples/config/RootConfiguration.java b/samples/javaconfig/messages/src/main/java/org/springframework/security/samples/config/RootConfiguration.java
index 56b3ed6828..ce3d173848 100644
--- a/samples/javaconfig/messages/src/main/java/org/springframework/security/samples/config/RootConfiguration.java
+++ b/samples/javaconfig/messages/src/main/java/org/springframework/security/samples/config/RootConfiguration.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples.config;
 
 import org.springframework.context.annotation.ComponentScan;
diff --git a/samples/javaconfig/messages/src/main/java/org/springframework/security/samples/data/Message.java b/samples/javaconfig/messages/src/main/java/org/springframework/security/samples/data/Message.java
index 6e180460ae..23e038f702 100644
--- a/samples/javaconfig/messages/src/main/java/org/springframework/security/samples/data/Message.java
+++ b/samples/javaconfig/messages/src/main/java/org/springframework/security/samples/data/Message.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples.data;
 
 import java.util.Calendar;
diff --git a/samples/javaconfig/messages/src/main/java/org/springframework/security/samples/data/MessageRepository.java b/samples/javaconfig/messages/src/main/java/org/springframework/security/samples/data/MessageRepository.java
index 9ed5d1ec49..22a417facf 100644
--- a/samples/javaconfig/messages/src/main/java/org/springframework/security/samples/data/MessageRepository.java
+++ b/samples/javaconfig/messages/src/main/java/org/springframework/security/samples/data/MessageRepository.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples.data;
 
 import org.springframework.data.repository.CrudRepository;
diff --git a/samples/javaconfig/messages/src/main/java/org/springframework/security/samples/mvc/DefaultController.java b/samples/javaconfig/messages/src/main/java/org/springframework/security/samples/mvc/DefaultController.java
index fff3fc600f..62b42b489f 100644
--- a/samples/javaconfig/messages/src/main/java/org/springframework/security/samples/mvc/DefaultController.java
+++ b/samples/javaconfig/messages/src/main/java/org/springframework/security/samples/mvc/DefaultController.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples.mvc;
 
 import org.springframework.stereotype.Controller;
diff --git a/samples/javaconfig/messages/src/main/java/org/springframework/security/samples/mvc/MessageController.java b/samples/javaconfig/messages/src/main/java/org/springframework/security/samples/mvc/MessageController.java
index 85aa9bda1b..8c909eb0a6 100644
--- a/samples/javaconfig/messages/src/main/java/org/springframework/security/samples/mvc/MessageController.java
+++ b/samples/javaconfig/messages/src/main/java/org/springframework/security/samples/mvc/MessageController.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples.mvc;
 
 import javax.validation.Valid;
diff --git a/samples/javaconfig/messages/src/main/java/org/springframework/security/samples/mvc/config/WebMvcConfiguration.java b/samples/javaconfig/messages/src/main/java/org/springframework/security/samples/mvc/config/WebMvcConfiguration.java
index 73fed516fb..dfbef33d6c 100644
--- a/samples/javaconfig/messages/src/main/java/org/springframework/security/samples/mvc/config/WebMvcConfiguration.java
+++ b/samples/javaconfig/messages/src/main/java/org/springframework/security/samples/mvc/config/WebMvcConfiguration.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples.mvc.config;
 
 import org.springframework.beans.factory.annotation.Autowired;
diff --git a/samples/javaconfig/openid/src/main/java/org/springframework/security/samples/config/MessageSecurityWebApplicationInitializer.java b/samples/javaconfig/openid/src/main/java/org/springframework/security/samples/config/MessageSecurityWebApplicationInitializer.java
index 3a4ec0ad52..c194eba095 100644
--- a/samples/javaconfig/openid/src/main/java/org/springframework/security/samples/config/MessageSecurityWebApplicationInitializer.java
+++ b/samples/javaconfig/openid/src/main/java/org/springframework/security/samples/config/MessageSecurityWebApplicationInitializer.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples.config;
 
 import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;
diff --git a/samples/javaconfig/openid/src/main/java/org/springframework/security/samples/config/SecurityConfig.java b/samples/javaconfig/openid/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
index 452a80bdd0..a5335e512a 100644
--- a/samples/javaconfig/openid/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
+++ b/samples/javaconfig/openid/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples.config;
 
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
diff --git a/samples/javaconfig/openid/src/main/java/org/springframework/security/samples/mvc/UserController.java b/samples/javaconfig/openid/src/main/java/org/springframework/security/samples/mvc/UserController.java
index d700a3e832..7b20b9d788 100644
--- a/samples/javaconfig/openid/src/main/java/org/springframework/security/samples/mvc/UserController.java
+++ b/samples/javaconfig/openid/src/main/java/org/springframework/security/samples/mvc/UserController.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples.mvc;
 
 import org.springframework.security.openid.OpenIDAuthenticationToken;
diff --git a/samples/javaconfig/openid/src/main/java/org/springframework/security/samples/security/CustomUserDetailsService.java b/samples/javaconfig/openid/src/main/java/org/springframework/security/samples/security/CustomUserDetailsService.java
index faaa81afbe..935a1efcf5 100644
--- a/samples/javaconfig/openid/src/main/java/org/springframework/security/samples/security/CustomUserDetailsService.java
+++ b/samples/javaconfig/openid/src/main/java/org/springframework/security/samples/security/CustomUserDetailsService.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples.security;
 
 import org.springframework.security.core.authority.AuthorityUtils;
diff --git a/samples/javaconfig/openid/src/test/java/org/springframework/security/samples/config/SecurityConfigTests.java b/samples/javaconfig/openid/src/test/java/org/springframework/security/samples/config/SecurityConfigTests.java
index 07a2cfb2c8..776fa09e04 100644
--- a/samples/javaconfig/openid/src/test/java/org/springframework/security/samples/config/SecurityConfigTests.java
+++ b/samples/javaconfig/openid/src/test/java/org/springframework/security/samples/config/SecurityConfigTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples.config;
 
 import org.junit.Test;
diff --git a/samples/javaconfig/preauth/src/main/java/org/springframework/security/samples/config/MessageSecurityWebApplicationInitializer.java b/samples/javaconfig/preauth/src/main/java/org/springframework/security/samples/config/MessageSecurityWebApplicationInitializer.java
index 4ed43fc3cb..f851f82de0 100644
--- a/samples/javaconfig/preauth/src/main/java/org/springframework/security/samples/config/MessageSecurityWebApplicationInitializer.java
+++ b/samples/javaconfig/preauth/src/main/java/org/springframework/security/samples/config/MessageSecurityWebApplicationInitializer.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples.config;
 
 import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;
diff --git a/samples/javaconfig/preauth/src/main/java/org/springframework/security/samples/config/SecurityConfig.java b/samples/javaconfig/preauth/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
index 1544f08b3b..a7fcc345cc 100644
--- a/samples/javaconfig/preauth/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
+++ b/samples/javaconfig/preauth/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples.config;
 
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
diff --git a/samples/javaconfig/preauth/src/test/java/org/springframework/security/samples/config/SecurityConfigTests.java b/samples/javaconfig/preauth/src/test/java/org/springframework/security/samples/config/SecurityConfigTests.java
index e77a3ef7c1..dd807f16d1 100644
--- a/samples/javaconfig/preauth/src/test/java/org/springframework/security/samples/config/SecurityConfigTests.java
+++ b/samples/javaconfig/preauth/src/test/java/org/springframework/security/samples/config/SecurityConfigTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples.config;
 
 import org.junit.Test;
diff --git a/samples/javaconfig/rememberme/src/main/java/org/springframework/security/samples/config/MessageSecurityWebApplicationInitializer.java b/samples/javaconfig/rememberme/src/main/java/org/springframework/security/samples/config/MessageSecurityWebApplicationInitializer.java
index 4ed43fc3cb..f851f82de0 100644
--- a/samples/javaconfig/rememberme/src/main/java/org/springframework/security/samples/config/MessageSecurityWebApplicationInitializer.java
+++ b/samples/javaconfig/rememberme/src/main/java/org/springframework/security/samples/config/MessageSecurityWebApplicationInitializer.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples.config;
 
 import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;
diff --git a/samples/javaconfig/rememberme/src/main/java/org/springframework/security/samples/config/SecurityConfig.java b/samples/javaconfig/rememberme/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
index c2e36065a0..5b2a543684 100644
--- a/samples/javaconfig/rememberme/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
+++ b/samples/javaconfig/rememberme/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples.config;
 
 import org.springframework.beans.factory.annotation.Autowired;
diff --git a/samples/javaconfig/rememberme/src/test/java/org/springframework/security/samples/config/SecurityConfigTests.java b/samples/javaconfig/rememberme/src/test/java/org/springframework/security/samples/config/SecurityConfigTests.java
index e77a3ef7c1..dd807f16d1 100644
--- a/samples/javaconfig/rememberme/src/test/java/org/springframework/security/samples/config/SecurityConfigTests.java
+++ b/samples/javaconfig/rememberme/src/test/java/org/springframework/security/samples/config/SecurityConfigTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples.config;
 
 import org.junit.Test;
diff --git a/samples/javaconfig/saml2login/src/main/java/org/springframework/security/samples/config/MessageSecurityWebApplicationInitializer.java b/samples/javaconfig/saml2login/src/main/java/org/springframework/security/samples/config/MessageSecurityWebApplicationInitializer.java
index 7de3308deb..c33dc58cf2 100644
--- a/samples/javaconfig/saml2login/src/main/java/org/springframework/security/samples/config/MessageSecurityWebApplicationInitializer.java
+++ b/samples/javaconfig/saml2login/src/main/java/org/springframework/security/samples/config/MessageSecurityWebApplicationInitializer.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples.config;
 
 import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;
diff --git a/samples/javaconfig/saml2login/src/main/java/org/springframework/security/samples/config/SecurityConfig.java b/samples/javaconfig/saml2login/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
index 0d6af74358..cb0fc35dfe 100644
--- a/samples/javaconfig/saml2login/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
+++ b/samples/javaconfig/saml2login/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples.config;
 
 import java.io.ByteArrayInputStream;
diff --git a/samples/javaconfig/saml2login/src/test/java/org/springframework/security/samples/config/SecurityConfigTests.java b/samples/javaconfig/saml2login/src/test/java/org/springframework/security/samples/config/SecurityConfigTests.java
index 0d79b19a50..2edd87332e 100644
--- a/samples/javaconfig/saml2login/src/test/java/org/springframework/security/samples/config/SecurityConfigTests.java
+++ b/samples/javaconfig/saml2login/src/test/java/org/springframework/security/samples/config/SecurityConfigTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples.config;
 
 import org.springframework.beans.factory.annotation.Autowired;
diff --git a/samples/javaconfig/x509/src/main/java/org/springframework/security/samples/config/MessageSecurityWebApplicationInitializer.java b/samples/javaconfig/x509/src/main/java/org/springframework/security/samples/config/MessageSecurityWebApplicationInitializer.java
index 4ed43fc3cb..f851f82de0 100644
--- a/samples/javaconfig/x509/src/main/java/org/springframework/security/samples/config/MessageSecurityWebApplicationInitializer.java
+++ b/samples/javaconfig/x509/src/main/java/org/springframework/security/samples/config/MessageSecurityWebApplicationInitializer.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples.config;
 
 import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;
diff --git a/samples/javaconfig/x509/src/main/java/org/springframework/security/samples/config/SecurityConfig.java b/samples/javaconfig/x509/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
index 1fa5356df4..fcb1274018 100644
--- a/samples/javaconfig/x509/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
+++ b/samples/javaconfig/x509/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples.config;
 
 import org.springframework.beans.factory.annotation.Autowired;
diff --git a/samples/javaconfig/x509/src/test/java/org/springframework/security/samples/config/SecurityConfigTests.java b/samples/javaconfig/x509/src/test/java/org/springframework/security/samples/config/SecurityConfigTests.java
index e77a3ef7c1..dd807f16d1 100644
--- a/samples/javaconfig/x509/src/test/java/org/springframework/security/samples/config/SecurityConfigTests.java
+++ b/samples/javaconfig/x509/src/test/java/org/springframework/security/samples/config/SecurityConfigTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples.config;
 
 import org.junit.Test;
diff --git a/samples/xml/aspectj/src/main/java/sample/aspectj/SecuredService.java b/samples/xml/aspectj/src/main/java/sample/aspectj/SecuredService.java
index bf954915b8..9f81cf1733 100644
--- a/samples/xml/aspectj/src/main/java/sample/aspectj/SecuredService.java
+++ b/samples/xml/aspectj/src/main/java/sample/aspectj/SecuredService.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package sample.aspectj;
 
 import org.springframework.security.access.annotation.Secured;
diff --git a/samples/xml/aspectj/src/main/java/sample/aspectj/Service.java b/samples/xml/aspectj/src/main/java/sample/aspectj/Service.java
index 2c5a433018..70b8c0c71f 100644
--- a/samples/xml/aspectj/src/main/java/sample/aspectj/Service.java
+++ b/samples/xml/aspectj/src/main/java/sample/aspectj/Service.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package sample.aspectj;
 
 import org.springframework.security.access.annotation.Secured;
diff --git a/samples/xml/aspectj/src/test/java/sample/aspectj/AspectJInterceptorTests.java b/samples/xml/aspectj/src/test/java/sample/aspectj/AspectJInterceptorTests.java
index a195b18224..5e78a92108 100644
--- a/samples/xml/aspectj/src/test/java/sample/aspectj/AspectJInterceptorTests.java
+++ b/samples/xml/aspectj/src/test/java/sample/aspectj/AspectJInterceptorTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package sample.aspectj;
 
 import org.junit.After;
diff --git a/samples/xml/cas/cassample/src/integration-test/java/org/springframework/security/samples/cas/CasSampleProxyTests.java b/samples/xml/cas/cassample/src/integration-test/java/org/springframework/security/samples/cas/CasSampleProxyTests.java
index de65160781..7dc347151f 100644
--- a/samples/xml/cas/cassample/src/integration-test/java/org/springframework/security/samples/cas/CasSampleProxyTests.java
+++ b/samples/xml/cas/cassample/src/integration-test/java/org/springframework/security/samples/cas/CasSampleProxyTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples.cas;
 
 import java.util.HashMap;
diff --git a/samples/xml/cas/cassample/src/integration-test/java/org/springframework/security/samples/cas/CasSampleTests.java b/samples/xml/cas/cassample/src/integration-test/java/org/springframework/security/samples/cas/CasSampleTests.java
index c03ef891fc..e820531969 100644
--- a/samples/xml/cas/cassample/src/integration-test/java/org/springframework/security/samples/cas/CasSampleTests.java
+++ b/samples/xml/cas/cassample/src/integration-test/java/org/springframework/security/samples/cas/CasSampleTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples.cas;
 
 import org.junit.After;
diff --git a/samples/xml/cas/cassample/src/integration-test/java/org/springframework/security/samples/cas/JettyCasService.java b/samples/xml/cas/cassample/src/integration-test/java/org/springframework/security/samples/cas/JettyCasService.java
index 1491beb6f2..dc9454b7e0 100644
--- a/samples/xml/cas/cassample/src/integration-test/java/org/springframework/security/samples/cas/JettyCasService.java
+++ b/samples/xml/cas/cassample/src/integration-test/java/org/springframework/security/samples/cas/JettyCasService.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples.cas;
 
 import java.io.File;
diff --git a/samples/xml/cas/cassample/src/integration-test/java/org/springframework/security/samples/cas/pages/AccessDeniedPage.java b/samples/xml/cas/cassample/src/integration-test/java/org/springframework/security/samples/cas/pages/AccessDeniedPage.java
index e1426a360f..cb143f14ff 100644
--- a/samples/xml/cas/cassample/src/integration-test/java/org/springframework/security/samples/cas/pages/AccessDeniedPage.java
+++ b/samples/xml/cas/cassample/src/integration-test/java/org/springframework/security/samples/cas/pages/AccessDeniedPage.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples.cas.pages;
 
 import org.openqa.selenium.WebDriver;
diff --git a/samples/xml/cas/cassample/src/integration-test/java/org/springframework/security/samples/cas/pages/ExtremelySecurePage.java b/samples/xml/cas/cassample/src/integration-test/java/org/springframework/security/samples/cas/pages/ExtremelySecurePage.java
index 7ad5e5d0ee..1524396506 100644
--- a/samples/xml/cas/cassample/src/integration-test/java/org/springframework/security/samples/cas/pages/ExtremelySecurePage.java
+++ b/samples/xml/cas/cassample/src/integration-test/java/org/springframework/security/samples/cas/pages/ExtremelySecurePage.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples.cas.pages;
 
 import org.openqa.selenium.WebDriver;
diff --git a/samples/xml/cas/cassample/src/integration-test/java/org/springframework/security/samples/cas/pages/HomePage.java b/samples/xml/cas/cassample/src/integration-test/java/org/springframework/security/samples/cas/pages/HomePage.java
index 25cf8dbded..87317329d7 100644
--- a/samples/xml/cas/cassample/src/integration-test/java/org/springframework/security/samples/cas/pages/HomePage.java
+++ b/samples/xml/cas/cassample/src/integration-test/java/org/springframework/security/samples/cas/pages/HomePage.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples.cas.pages;
 
 import org.openqa.selenium.WebDriver;
diff --git a/samples/xml/cas/cassample/src/integration-test/java/org/springframework/security/samples/cas/pages/LocalLogoutPage.java b/samples/xml/cas/cassample/src/integration-test/java/org/springframework/security/samples/cas/pages/LocalLogoutPage.java
index 075a792080..7cac6aad53 100644
--- a/samples/xml/cas/cassample/src/integration-test/java/org/springframework/security/samples/cas/pages/LocalLogoutPage.java
+++ b/samples/xml/cas/cassample/src/integration-test/java/org/springframework/security/samples/cas/pages/LocalLogoutPage.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples.cas.pages;
 
 import org.openqa.selenium.WebDriver;
diff --git a/samples/xml/cas/cassample/src/integration-test/java/org/springframework/security/samples/cas/pages/LoginPage.java b/samples/xml/cas/cassample/src/integration-test/java/org/springframework/security/samples/cas/pages/LoginPage.java
index 44c509905c..436e39eb8b 100644
--- a/samples/xml/cas/cassample/src/integration-test/java/org/springframework/security/samples/cas/pages/LoginPage.java
+++ b/samples/xml/cas/cassample/src/integration-test/java/org/springframework/security/samples/cas/pages/LoginPage.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples.cas.pages;
 
 import org.openqa.selenium.WebDriver;
diff --git a/samples/xml/cas/cassample/src/integration-test/java/org/springframework/security/samples/cas/pages/ProxyTicketSamplePage.java b/samples/xml/cas/cassample/src/integration-test/java/org/springframework/security/samples/cas/pages/ProxyTicketSamplePage.java
index 4f4bd78fa3..c570414f3a 100644
--- a/samples/xml/cas/cassample/src/integration-test/java/org/springframework/security/samples/cas/pages/ProxyTicketSamplePage.java
+++ b/samples/xml/cas/cassample/src/integration-test/java/org/springframework/security/samples/cas/pages/ProxyTicketSamplePage.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples.cas.pages;
 
 import org.openqa.selenium.WebDriver;
diff --git a/samples/xml/cas/cassample/src/integration-test/java/org/springframework/security/samples/cas/pages/SecurePage.java b/samples/xml/cas/cassample/src/integration-test/java/org/springframework/security/samples/cas/pages/SecurePage.java
index 7b5afe0093..338ce55ccf 100644
--- a/samples/xml/cas/cassample/src/integration-test/java/org/springframework/security/samples/cas/pages/SecurePage.java
+++ b/samples/xml/cas/cassample/src/integration-test/java/org/springframework/security/samples/cas/pages/SecurePage.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples.cas.pages;
 
 import org.openqa.selenium.WebDriver;
diff --git a/samples/xml/cas/cassample/src/integration-test/java/org/springframework/security/samples/cas/pages/UnauthorizedPage.java b/samples/xml/cas/cassample/src/integration-test/java/org/springframework/security/samples/cas/pages/UnauthorizedPage.java
index 4b8e099ab1..90b967d5b6 100644
--- a/samples/xml/cas/cassample/src/integration-test/java/org/springframework/security/samples/cas/pages/UnauthorizedPage.java
+++ b/samples/xml/cas/cassample/src/integration-test/java/org/springframework/security/samples/cas/pages/UnauthorizedPage.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples.cas.pages;
 
 import org.openqa.selenium.WebDriver;
diff --git a/samples/xml/cas/cassample/src/main/java/org/springframework/security/samples/cas/web/ProxyTicketSampleServlet.java b/samples/xml/cas/cassample/src/main/java/org/springframework/security/samples/cas/web/ProxyTicketSampleServlet.java
index 29f6241644..6b66a0b871 100644
--- a/samples/xml/cas/cassample/src/main/java/org/springframework/security/samples/cas/web/ProxyTicketSampleServlet.java
+++ b/samples/xml/cas/cassample/src/main/java/org/springframework/security/samples/cas/web/ProxyTicketSampleServlet.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples.cas.web;
 
 import java.io.IOException;
diff --git a/samples/xml/contacts/src/integration-test/java/org/springframework/security/samples/ContactsTests.java b/samples/xml/contacts/src/integration-test/java/org/springframework/security/samples/ContactsTests.java
index 5a7f5aee8c..db1e4e2e33 100644
--- a/samples/xml/contacts/src/integration-test/java/org/springframework/security/samples/ContactsTests.java
+++ b/samples/xml/contacts/src/integration-test/java/org/springframework/security/samples/ContactsTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples;
 
 import org.junit.After;
diff --git a/samples/xml/contacts/src/integration-test/java/org/springframework/security/samples/pages/AddPage.java b/samples/xml/contacts/src/integration-test/java/org/springframework/security/samples/pages/AddPage.java
index cc58bacb08..303e426375 100644
--- a/samples/xml/contacts/src/integration-test/java/org/springframework/security/samples/pages/AddPage.java
+++ b/samples/xml/contacts/src/integration-test/java/org/springframework/security/samples/pages/AddPage.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples.pages;
 
 import org.openqa.selenium.WebDriver;
diff --git a/samples/xml/contacts/src/integration-test/java/org/springframework/security/samples/pages/ContactsPage.java b/samples/xml/contacts/src/integration-test/java/org/springframework/security/samples/pages/ContactsPage.java
index dd045ee110..182c074369 100644
--- a/samples/xml/contacts/src/integration-test/java/org/springframework/security/samples/pages/ContactsPage.java
+++ b/samples/xml/contacts/src/integration-test/java/org/springframework/security/samples/pages/ContactsPage.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples.pages;
 
 import org.openqa.selenium.By;
diff --git a/samples/xml/contacts/src/integration-test/java/org/springframework/security/samples/pages/HomePage.java b/samples/xml/contacts/src/integration-test/java/org/springframework/security/samples/pages/HomePage.java
index 66370e9f8a..8c985c8d83 100644
--- a/samples/xml/contacts/src/integration-test/java/org/springframework/security/samples/pages/HomePage.java
+++ b/samples/xml/contacts/src/integration-test/java/org/springframework/security/samples/pages/HomePage.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples.pages;
 
 import org.openqa.selenium.WebDriver;
diff --git a/samples/xml/contacts/src/integration-test/java/org/springframework/security/samples/pages/LoginPage.java b/samples/xml/contacts/src/integration-test/java/org/springframework/security/samples/pages/LoginPage.java
index dc39dfe732..d0f9efefbf 100644
--- a/samples/xml/contacts/src/integration-test/java/org/springframework/security/samples/pages/LoginPage.java
+++ b/samples/xml/contacts/src/integration-test/java/org/springframework/security/samples/pages/LoginPage.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples.pages;
 
 import org.openqa.selenium.WebDriver;
diff --git a/samples/xml/contacts/src/main/java/sample/contact/AddDeleteContactController.java b/samples/xml/contacts/src/main/java/sample/contact/AddDeleteContactController.java
index 3f0ac3d9de..8c6ca3c256 100644
--- a/samples/xml/contacts/src/main/java/sample/contact/AddDeleteContactController.java
+++ b/samples/xml/contacts/src/main/java/sample/contact/AddDeleteContactController.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package sample.contact;
 
 import org.springframework.beans.factory.annotation.Autowired;
diff --git a/samples/xml/contacts/src/main/java/sample/contact/AddPermission.java b/samples/xml/contacts/src/main/java/sample/contact/AddPermission.java
index cfed19b9fe..254841e42e 100644
--- a/samples/xml/contacts/src/main/java/sample/contact/AddPermission.java
+++ b/samples/xml/contacts/src/main/java/sample/contact/AddPermission.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package sample.contact;
 
 import org.springframework.security.acls.domain.BasePermission;
diff --git a/samples/xml/contacts/src/main/java/sample/contact/AddPermissionValidator.java b/samples/xml/contacts/src/main/java/sample/contact/AddPermissionValidator.java
index 25c01eac83..f56b7647e2 100644
--- a/samples/xml/contacts/src/main/java/sample/contact/AddPermissionValidator.java
+++ b/samples/xml/contacts/src/main/java/sample/contact/AddPermissionValidator.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package sample.contact;
 
 import org.springframework.security.acls.domain.BasePermission;
diff --git a/samples/xml/contacts/src/main/java/sample/contact/AdminPermissionController.java b/samples/xml/contacts/src/main/java/sample/contact/AdminPermissionController.java
index c44bf22f78..7f048f1666 100644
--- a/samples/xml/contacts/src/main/java/sample/contact/AdminPermissionController.java
+++ b/samples/xml/contacts/src/main/java/sample/contact/AdminPermissionController.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package sample.contact;
 
 import java.util.HashMap;
diff --git a/samples/xml/contacts/src/main/java/sample/contact/ContactManager.java b/samples/xml/contacts/src/main/java/sample/contact/ContactManager.java
index 13f3f8b4e2..5d3ff14a47 100644
--- a/samples/xml/contacts/src/main/java/sample/contact/ContactManager.java
+++ b/samples/xml/contacts/src/main/java/sample/contact/ContactManager.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package sample.contact;
 
 import org.springframework.security.access.prepost.PostFilter;
diff --git a/samples/xml/contacts/src/main/java/sample/contact/ContactManagerBackend.java b/samples/xml/contacts/src/main/java/sample/contact/ContactManagerBackend.java
index b33d5fbcf5..3ba1a7dbf2 100644
--- a/samples/xml/contacts/src/main/java/sample/contact/ContactManagerBackend.java
+++ b/samples/xml/contacts/src/main/java/sample/contact/ContactManagerBackend.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package sample.contact;
 
 import org.springframework.security.acls.domain.BasePermission;
diff --git a/samples/xml/contacts/src/main/java/sample/contact/DataSourcePopulator.java b/samples/xml/contacts/src/main/java/sample/contact/DataSourcePopulator.java
index aa2358cda1..52b20eb646 100644
--- a/samples/xml/contacts/src/main/java/sample/contact/DataSourcePopulator.java
+++ b/samples/xml/contacts/src/main/java/sample/contact/DataSourcePopulator.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package sample.contact;
 
 import java.util.Random;
diff --git a/samples/xml/contacts/src/main/java/sample/contact/IndexController.java b/samples/xml/contacts/src/main/java/sample/contact/IndexController.java
index d5a578754a..b46b4e9810 100644
--- a/samples/xml/contacts/src/main/java/sample/contact/IndexController.java
+++ b/samples/xml/contacts/src/main/java/sample/contact/IndexController.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package sample.contact;
 
 import java.util.HashMap;
diff --git a/samples/xml/contacts/src/test/java/sample/contact/ContactManagerTests.java b/samples/xml/contacts/src/test/java/sample/contact/ContactManagerTests.java
index 498cb8a63c..2c64395c1d 100644
--- a/samples/xml/contacts/src/test/java/sample/contact/ContactManagerTests.java
+++ b/samples/xml/contacts/src/test/java/sample/contact/ContactManagerTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package sample.contact;
 
 import static org.assertj.core.api.Assertions.assertThat;
diff --git a/samples/xml/dms/src/main/java/sample/dms/AbstractElement.java b/samples/xml/dms/src/main/java/sample/dms/AbstractElement.java
index 046e500b91..a65f334179 100755
--- a/samples/xml/dms/src/main/java/sample/dms/AbstractElement.java
+++ b/samples/xml/dms/src/main/java/sample/dms/AbstractElement.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package sample.dms;
 
 import java.util.ArrayList;
diff --git a/samples/xml/dms/src/main/java/sample/dms/DataSourcePopulator.java b/samples/xml/dms/src/main/java/sample/dms/DataSourcePopulator.java
index 9e2250c288..476a73dd91 100755
--- a/samples/xml/dms/src/main/java/sample/dms/DataSourcePopulator.java
+++ b/samples/xml/dms/src/main/java/sample/dms/DataSourcePopulator.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package sample.dms;
 
 import javax.sql.DataSource;
diff --git a/samples/xml/dms/src/main/java/sample/dms/Directory.java b/samples/xml/dms/src/main/java/sample/dms/Directory.java
index 0326cfc41a..06a0b20991 100755
--- a/samples/xml/dms/src/main/java/sample/dms/Directory.java
+++ b/samples/xml/dms/src/main/java/sample/dms/Directory.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package sample.dms;
 
 /**
diff --git a/samples/xml/dms/src/main/java/sample/dms/DocumentDao.java b/samples/xml/dms/src/main/java/sample/dms/DocumentDao.java
index 46d27f4f56..1419d02808 100755
--- a/samples/xml/dms/src/main/java/sample/dms/DocumentDao.java
+++ b/samples/xml/dms/src/main/java/sample/dms/DocumentDao.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package sample.dms;
 
 /**
diff --git a/samples/xml/dms/src/main/java/sample/dms/DocumentDaoImpl.java b/samples/xml/dms/src/main/java/sample/dms/DocumentDaoImpl.java
index fc1c73afc0..0d83bf75f7 100755
--- a/samples/xml/dms/src/main/java/sample/dms/DocumentDaoImpl.java
+++ b/samples/xml/dms/src/main/java/sample/dms/DocumentDaoImpl.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package sample.dms;
 
 import java.util.List;
diff --git a/samples/xml/dms/src/main/java/sample/dms/File.java b/samples/xml/dms/src/main/java/sample/dms/File.java
index cec040822a..1ceaf8ecdb 100755
--- a/samples/xml/dms/src/main/java/sample/dms/File.java
+++ b/samples/xml/dms/src/main/java/sample/dms/File.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package sample.dms;
 
 import org.springframework.util.Assert;
diff --git a/samples/xml/dms/src/main/java/sample/dms/secured/SecureDataSourcePopulator.java b/samples/xml/dms/src/main/java/sample/dms/secured/SecureDataSourcePopulator.java
index 845848dbe7..7487c73db7 100755
--- a/samples/xml/dms/src/main/java/sample/dms/secured/SecureDataSourcePopulator.java
+++ b/samples/xml/dms/src/main/java/sample/dms/secured/SecureDataSourcePopulator.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package sample.dms.secured;
 
 import javax.sql.DataSource;
diff --git a/samples/xml/dms/src/main/java/sample/dms/secured/SecureDocumentDao.java b/samples/xml/dms/src/main/java/sample/dms/secured/SecureDocumentDao.java
index 004e33c298..d4132d2979 100755
--- a/samples/xml/dms/src/main/java/sample/dms/secured/SecureDocumentDao.java
+++ b/samples/xml/dms/src/main/java/sample/dms/secured/SecureDocumentDao.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package sample.dms.secured;
 
 import sample.dms.DocumentDao;
diff --git a/samples/xml/dms/src/main/java/sample/dms/secured/SecureDocumentDaoImpl.java b/samples/xml/dms/src/main/java/sample/dms/secured/SecureDocumentDaoImpl.java
index 2fad553bb6..caae4574b3 100755
--- a/samples/xml/dms/src/main/java/sample/dms/secured/SecureDocumentDaoImpl.java
+++ b/samples/xml/dms/src/main/java/sample/dms/secured/SecureDocumentDaoImpl.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package sample.dms.secured;
 
 import org.springframework.security.acls.domain.BasePermission;
diff --git a/samples/xml/dms/src/test/java/sample/DmsIntegrationTests.java b/samples/xml/dms/src/test/java/sample/DmsIntegrationTests.java
index 4429d6c833..11fbd3f6a6 100644
--- a/samples/xml/dms/src/test/java/sample/DmsIntegrationTests.java
+++ b/samples/xml/dms/src/test/java/sample/DmsIntegrationTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package sample;
 
 /*
diff --git a/samples/xml/dms/src/test/java/sample/SecureDmsIntegrationTests.java b/samples/xml/dms/src/test/java/sample/SecureDmsIntegrationTests.java
index 33b6b34641..63965afb26 100644
--- a/samples/xml/dms/src/test/java/sample/SecureDmsIntegrationTests.java
+++ b/samples/xml/dms/src/test/java/sample/SecureDmsIntegrationTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package sample;
 
 import org.junit.Test;
diff --git a/samples/xml/gae/src/main/java/samples/gae/security/AppRole.java b/samples/xml/gae/src/main/java/samples/gae/security/AppRole.java
index 030893db66..84743e6044 100644
--- a/samples/xml/gae/src/main/java/samples/gae/security/AppRole.java
+++ b/samples/xml/gae/src/main/java/samples/gae/security/AppRole.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package samples.gae.security;
 
 import org.springframework.security.core.GrantedAuthority;
diff --git a/samples/xml/gae/src/main/java/samples/gae/security/GaeAuthenticationFilter.java b/samples/xml/gae/src/main/java/samples/gae/security/GaeAuthenticationFilter.java
index 1d828d4032..838529efe3 100644
--- a/samples/xml/gae/src/main/java/samples/gae/security/GaeAuthenticationFilter.java
+++ b/samples/xml/gae/src/main/java/samples/gae/security/GaeAuthenticationFilter.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package samples.gae.security;
 
 import java.io.IOException;
diff --git a/samples/xml/gae/src/main/java/samples/gae/security/GaeUserAuthentication.java b/samples/xml/gae/src/main/java/samples/gae/security/GaeUserAuthentication.java
index b8d1f41a10..961ea99952 100644
--- a/samples/xml/gae/src/main/java/samples/gae/security/GaeUserAuthentication.java
+++ b/samples/xml/gae/src/main/java/samples/gae/security/GaeUserAuthentication.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package samples.gae.security;
 
 import java.util.Collection;
diff --git a/samples/xml/gae/src/main/java/samples/gae/security/GoogleAccountsAuthenticationEntryPoint.java b/samples/xml/gae/src/main/java/samples/gae/security/GoogleAccountsAuthenticationEntryPoint.java
index 0a4077f60f..4929c73cc4 100644
--- a/samples/xml/gae/src/main/java/samples/gae/security/GoogleAccountsAuthenticationEntryPoint.java
+++ b/samples/xml/gae/src/main/java/samples/gae/security/GoogleAccountsAuthenticationEntryPoint.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package samples.gae.security;
 
 import java.io.IOException;
diff --git a/samples/xml/gae/src/main/java/samples/gae/security/GoogleAccountsAuthenticationProvider.java b/samples/xml/gae/src/main/java/samples/gae/security/GoogleAccountsAuthenticationProvider.java
index 5f1a4bbada..6a8f1a37ae 100644
--- a/samples/xml/gae/src/main/java/samples/gae/security/GoogleAccountsAuthenticationProvider.java
+++ b/samples/xml/gae/src/main/java/samples/gae/security/GoogleAccountsAuthenticationProvider.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package samples.gae.security;
 
 import com.google.appengine.api.users.User;
diff --git a/samples/xml/gae/src/main/java/samples/gae/users/GaeDatastoreUserRegistry.java b/samples/xml/gae/src/main/java/samples/gae/users/GaeDatastoreUserRegistry.java
index 7545ca8b78..ea5b5c29b4 100644
--- a/samples/xml/gae/src/main/java/samples/gae/users/GaeDatastoreUserRegistry.java
+++ b/samples/xml/gae/src/main/java/samples/gae/users/GaeDatastoreUserRegistry.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package samples.gae.users;
 
 import com.google.appengine.api.datastore.DatastoreService;
diff --git a/samples/xml/gae/src/main/java/samples/gae/users/GaeUser.java b/samples/xml/gae/src/main/java/samples/gae/users/GaeUser.java
index cb4eab10c4..0d167aa5d7 100644
--- a/samples/xml/gae/src/main/java/samples/gae/users/GaeUser.java
+++ b/samples/xml/gae/src/main/java/samples/gae/users/GaeUser.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package samples.gae.users;
 
 import java.io.Serializable;
diff --git a/samples/xml/gae/src/main/java/samples/gae/users/InMemoryUserRegistry.java b/samples/xml/gae/src/main/java/samples/gae/users/InMemoryUserRegistry.java
index 1d7e2a77df..be1e481b3f 100644
--- a/samples/xml/gae/src/main/java/samples/gae/users/InMemoryUserRegistry.java
+++ b/samples/xml/gae/src/main/java/samples/gae/users/InMemoryUserRegistry.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package samples.gae.users;
 
 import java.util.Collections;
diff --git a/samples/xml/gae/src/main/java/samples/gae/users/UserRegistry.java b/samples/xml/gae/src/main/java/samples/gae/users/UserRegistry.java
index d805ccb489..8a53378e54 100644
--- a/samples/xml/gae/src/main/java/samples/gae/users/UserRegistry.java
+++ b/samples/xml/gae/src/main/java/samples/gae/users/UserRegistry.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package samples.gae.users;
 
 /**
diff --git a/samples/xml/gae/src/main/java/samples/gae/validation/Forename.java b/samples/xml/gae/src/main/java/samples/gae/validation/Forename.java
index d22c682ec2..3028c73c3c 100644
--- a/samples/xml/gae/src/main/java/samples/gae/validation/Forename.java
+++ b/samples/xml/gae/src/main/java/samples/gae/validation/Forename.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package samples.gae.validation;
 
 import static java.lang.annotation.ElementType.*;
diff --git a/samples/xml/gae/src/main/java/samples/gae/validation/ForenameValidator.java b/samples/xml/gae/src/main/java/samples/gae/validation/ForenameValidator.java
index 986d0f375f..0e4d56bc31 100644
--- a/samples/xml/gae/src/main/java/samples/gae/validation/ForenameValidator.java
+++ b/samples/xml/gae/src/main/java/samples/gae/validation/ForenameValidator.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package samples.gae.validation;
 
 import java.util.regex.Pattern;
diff --git a/samples/xml/gae/src/main/java/samples/gae/validation/Surname.java b/samples/xml/gae/src/main/java/samples/gae/validation/Surname.java
index a01836e222..5f10e8f4c9 100644
--- a/samples/xml/gae/src/main/java/samples/gae/validation/Surname.java
+++ b/samples/xml/gae/src/main/java/samples/gae/validation/Surname.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package samples.gae.validation;
 
 import static java.lang.annotation.ElementType.*;
diff --git a/samples/xml/gae/src/main/java/samples/gae/validation/SurnameValidator.java b/samples/xml/gae/src/main/java/samples/gae/validation/SurnameValidator.java
index f21e185401..a894922c7f 100644
--- a/samples/xml/gae/src/main/java/samples/gae/validation/SurnameValidator.java
+++ b/samples/xml/gae/src/main/java/samples/gae/validation/SurnameValidator.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package samples.gae.validation;
 
 import java.util.regex.Pattern;
diff --git a/samples/xml/gae/src/main/java/samples/gae/web/GaeAppController.java b/samples/xml/gae/src/main/java/samples/gae/web/GaeAppController.java
index 79b7e32f7f..c19ffb4194 100644
--- a/samples/xml/gae/src/main/java/samples/gae/web/GaeAppController.java
+++ b/samples/xml/gae/src/main/java/samples/gae/web/GaeAppController.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package samples.gae.web;
 
 import java.io.IOException;
diff --git a/samples/xml/gae/src/main/java/samples/gae/web/RegistrationController.java b/samples/xml/gae/src/main/java/samples/gae/web/RegistrationController.java
index a14ae77f88..0a535a2a23 100644
--- a/samples/xml/gae/src/main/java/samples/gae/web/RegistrationController.java
+++ b/samples/xml/gae/src/main/java/samples/gae/web/RegistrationController.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package samples.gae.web;
 
 import java.util.EnumSet;
diff --git a/samples/xml/gae/src/main/java/samples/gae/web/RegistrationForm.java b/samples/xml/gae/src/main/java/samples/gae/web/RegistrationForm.java
index 62d98a00f4..6001e532f0 100644
--- a/samples/xml/gae/src/main/java/samples/gae/web/RegistrationForm.java
+++ b/samples/xml/gae/src/main/java/samples/gae/web/RegistrationForm.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package samples.gae.web;
 
 import samples.gae.validation.Forename;
diff --git a/samples/xml/gae/src/test/java/samples/gae/security/AppRoleTests.java b/samples/xml/gae/src/test/java/samples/gae/security/AppRoleTests.java
index be7eb06751..8db7aea192 100644
--- a/samples/xml/gae/src/test/java/samples/gae/security/AppRoleTests.java
+++ b/samples/xml/gae/src/test/java/samples/gae/security/AppRoleTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package samples.gae.security;
 
 import static org.assertj.core.api.Assertions.*;
diff --git a/samples/xml/gae/src/test/java/samples/gae/users/GaeDataStoreUserRegistryTests.java b/samples/xml/gae/src/test/java/samples/gae/users/GaeDataStoreUserRegistryTests.java
index 28e6eb964d..69e24d47a7 100644
--- a/samples/xml/gae/src/test/java/samples/gae/users/GaeDataStoreUserRegistryTests.java
+++ b/samples/xml/gae/src/test/java/samples/gae/users/GaeDataStoreUserRegistryTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package samples.gae.users;
 
 import static org.assertj.core.api.Assertions.assertThat;
diff --git a/samples/xml/helloworld/src/integration-test/java/org/springframework/security/samples/HelloWorldXmlTests.java b/samples/xml/helloworld/src/integration-test/java/org/springframework/security/samples/HelloWorldXmlTests.java
index f723f945d9..68abc3a173 100644
--- a/samples/xml/helloworld/src/integration-test/java/org/springframework/security/samples/HelloWorldXmlTests.java
+++ b/samples/xml/helloworld/src/integration-test/java/org/springframework/security/samples/HelloWorldXmlTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples;
 
 import org.junit.After;
diff --git a/samples/xml/helloworld/src/integration-test/java/org/springframework/security/samples/pages/HomePage.java b/samples/xml/helloworld/src/integration-test/java/org/springframework/security/samples/pages/HomePage.java
index fae8d98220..ed527c3957 100644
--- a/samples/xml/helloworld/src/integration-test/java/org/springframework/security/samples/pages/HomePage.java
+++ b/samples/xml/helloworld/src/integration-test/java/org/springframework/security/samples/pages/HomePage.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples.pages;
 
 import org.openqa.selenium.WebDriver;
diff --git a/samples/xml/helloworld/src/integration-test/java/org/springframework/security/samples/pages/LoginPage.java b/samples/xml/helloworld/src/integration-test/java/org/springframework/security/samples/pages/LoginPage.java
index 2532ba2406..30822ea2a9 100644
--- a/samples/xml/helloworld/src/integration-test/java/org/springframework/security/samples/pages/LoginPage.java
+++ b/samples/xml/helloworld/src/integration-test/java/org/springframework/security/samples/pages/LoginPage.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples.pages;
 
 import org.openqa.selenium.WebDriver;
diff --git a/samples/xml/insecure/src/integration-test/java/org/springframework/security/samples/HelloInsecureTests.java b/samples/xml/insecure/src/integration-test/java/org/springframework/security/samples/HelloInsecureTests.java
index f93bbffe38..fb6231a809 100644
--- a/samples/xml/insecure/src/integration-test/java/org/springframework/security/samples/HelloInsecureTests.java
+++ b/samples/xml/insecure/src/integration-test/java/org/springframework/security/samples/HelloInsecureTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples;
 
 import org.junit.After;
diff --git a/samples/xml/insecure/src/integration-test/java/org/springframework/security/samples/pages/HomePage.java b/samples/xml/insecure/src/integration-test/java/org/springframework/security/samples/pages/HomePage.java
index 7388a703ed..9211300f62 100644
--- a/samples/xml/insecure/src/integration-test/java/org/springframework/security/samples/pages/HomePage.java
+++ b/samples/xml/insecure/src/integration-test/java/org/springframework/security/samples/pages/HomePage.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples.pages;
 
 import org.openqa.selenium.WebDriver;
diff --git a/samples/xml/insecuremvc/src/test/java/org/springframework/security/samples/config/SecurityConfigTests.java b/samples/xml/insecuremvc/src/test/java/org/springframework/security/samples/config/SecurityConfigTests.java
index 4dccf7f223..ec2d3f088e 100644
--- a/samples/xml/insecuremvc/src/test/java/org/springframework/security/samples/config/SecurityConfigTests.java
+++ b/samples/xml/insecuremvc/src/test/java/org/springframework/security/samples/config/SecurityConfigTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples.config;
 
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.*;
diff --git a/samples/xml/jaas/src/integration-test/java/org/springframework/security/samples/JaasXmlTests.java b/samples/xml/jaas/src/integration-test/java/org/springframework/security/samples/JaasXmlTests.java
index c16683fbcf..a6345a8221 100644
--- a/samples/xml/jaas/src/integration-test/java/org/springframework/security/samples/JaasXmlTests.java
+++ b/samples/xml/jaas/src/integration-test/java/org/springframework/security/samples/JaasXmlTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples;
 
 import org.junit.After;
diff --git a/samples/xml/jaas/src/integration-test/java/org/springframework/security/samples/pages/HomePage.java b/samples/xml/jaas/src/integration-test/java/org/springframework/security/samples/pages/HomePage.java
index 8e800a251f..69625fe8d2 100644
--- a/samples/xml/jaas/src/integration-test/java/org/springframework/security/samples/pages/HomePage.java
+++ b/samples/xml/jaas/src/integration-test/java/org/springframework/security/samples/pages/HomePage.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples.pages;
 
 import org.openqa.selenium.WebDriver;
diff --git a/samples/xml/jaas/src/integration-test/java/org/springframework/security/samples/pages/LoginPage.java b/samples/xml/jaas/src/integration-test/java/org/springframework/security/samples/pages/LoginPage.java
index 668b9d0aed..9aa9fea10f 100644
--- a/samples/xml/jaas/src/integration-test/java/org/springframework/security/samples/pages/LoginPage.java
+++ b/samples/xml/jaas/src/integration-test/java/org/springframework/security/samples/pages/LoginPage.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples.pages;
 
 import org.openqa.selenium.WebDriver;
diff --git a/samples/xml/jaas/src/integration-test/java/org/springframework/security/samples/pages/LogoutPage.java b/samples/xml/jaas/src/integration-test/java/org/springframework/security/samples/pages/LogoutPage.java
index e2c97392a0..819ad73e04 100644
--- a/samples/xml/jaas/src/integration-test/java/org/springframework/security/samples/pages/LogoutPage.java
+++ b/samples/xml/jaas/src/integration-test/java/org/springframework/security/samples/pages/LogoutPage.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples.pages;
 
 import org.openqa.selenium.WebDriver;
diff --git a/samples/xml/jaas/src/integration-test/java/org/springframework/security/samples/pages/SecurePage.java b/samples/xml/jaas/src/integration-test/java/org/springframework/security/samples/pages/SecurePage.java
index e20e0984cb..d2e067cb23 100644
--- a/samples/xml/jaas/src/integration-test/java/org/springframework/security/samples/pages/SecurePage.java
+++ b/samples/xml/jaas/src/integration-test/java/org/springframework/security/samples/pages/SecurePage.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples.pages;
 
 import org.openqa.selenium.WebDriver;
diff --git a/samples/xml/jaas/src/main/java/samples/jaas/RoleUserAuthorityGranter.java b/samples/xml/jaas/src/main/java/samples/jaas/RoleUserAuthorityGranter.java
index 4878471107..8f1fee9841 100644
--- a/samples/xml/jaas/src/main/java/samples/jaas/RoleUserAuthorityGranter.java
+++ b/samples/xml/jaas/src/main/java/samples/jaas/RoleUserAuthorityGranter.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package samples.jaas;
 
 import java.security.Principal;
diff --git a/samples/xml/jaas/src/main/java/samples/jaas/UsernameEqualsPasswordLoginModule.java b/samples/xml/jaas/src/main/java/samples/jaas/UsernameEqualsPasswordLoginModule.java
index 0186b32b17..c390c8cbc1 100644
--- a/samples/xml/jaas/src/main/java/samples/jaas/UsernameEqualsPasswordLoginModule.java
+++ b/samples/xml/jaas/src/main/java/samples/jaas/UsernameEqualsPasswordLoginModule.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package samples.jaas;
 
 import java.io.Serializable;
diff --git a/samples/xml/ldap/src/integration-test/java/org/springframework/security/samples/LdapXmlTests.java b/samples/xml/ldap/src/integration-test/java/org/springframework/security/samples/LdapXmlTests.java
index 5dba285788..29f44441ea 100644
--- a/samples/xml/ldap/src/integration-test/java/org/springframework/security/samples/LdapXmlTests.java
+++ b/samples/xml/ldap/src/integration-test/java/org/springframework/security/samples/LdapXmlTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples;
 
 import org.junit.After;
diff --git a/samples/xml/ldap/src/integration-test/java/org/springframework/security/samples/pages/HomePage.java b/samples/xml/ldap/src/integration-test/java/org/springframework/security/samples/pages/HomePage.java
index 8e800a251f..69625fe8d2 100644
--- a/samples/xml/ldap/src/integration-test/java/org/springframework/security/samples/pages/HomePage.java
+++ b/samples/xml/ldap/src/integration-test/java/org/springframework/security/samples/pages/HomePage.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples.pages;
 
 import org.openqa.selenium.WebDriver;
diff --git a/samples/xml/ldap/src/integration-test/java/org/springframework/security/samples/pages/LoginPage.java b/samples/xml/ldap/src/integration-test/java/org/springframework/security/samples/pages/LoginPage.java
index 668b9d0aed..9aa9fea10f 100644
--- a/samples/xml/ldap/src/integration-test/java/org/springframework/security/samples/pages/LoginPage.java
+++ b/samples/xml/ldap/src/integration-test/java/org/springframework/security/samples/pages/LoginPage.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples.pages;
 
 import org.openqa.selenium.WebDriver;
diff --git a/samples/xml/ldap/src/integration-test/java/org/springframework/security/samples/pages/LogoutPage.java b/samples/xml/ldap/src/integration-test/java/org/springframework/security/samples/pages/LogoutPage.java
index e2c97392a0..819ad73e04 100644
--- a/samples/xml/ldap/src/integration-test/java/org/springframework/security/samples/pages/LogoutPage.java
+++ b/samples/xml/ldap/src/integration-test/java/org/springframework/security/samples/pages/LogoutPage.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples.pages;
 
 import org.openqa.selenium.WebDriver;
diff --git a/samples/xml/ldap/src/integration-test/java/org/springframework/security/samples/pages/SecurePage.java b/samples/xml/ldap/src/integration-test/java/org/springframework/security/samples/pages/SecurePage.java
index f03bdf3870..81c7cb4050 100644
--- a/samples/xml/ldap/src/integration-test/java/org/springframework/security/samples/pages/SecurePage.java
+++ b/samples/xml/ldap/src/integration-test/java/org/springframework/security/samples/pages/SecurePage.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples.pages;
 
 import org.openqa.selenium.WebDriver;
diff --git a/samples/xml/oauth2login/src/main/java/sample/config/WebConfig.java b/samples/xml/oauth2login/src/main/java/sample/config/WebConfig.java
index 8761f0c77e..53db0361a8 100644
--- a/samples/xml/oauth2login/src/main/java/sample/config/WebConfig.java
+++ b/samples/xml/oauth2login/src/main/java/sample/config/WebConfig.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package sample.config;
 
 import org.springframework.beans.BeansException;
diff --git a/samples/xml/oauth2login/src/main/java/sample/web/OAuth2LoginController.java b/samples/xml/oauth2login/src/main/java/sample/web/OAuth2LoginController.java
index 0e66bd9d94..4165428145 100644
--- a/samples/xml/oauth2login/src/main/java/sample/web/OAuth2LoginController.java
+++ b/samples/xml/oauth2login/src/main/java/sample/web/OAuth2LoginController.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package sample.web;
 
 import org.springframework.security.core.annotation.AuthenticationPrincipal;
diff --git a/samples/xml/openid/src/main/java/org/springframework/security/samples/openid/CustomUserDetails.java b/samples/xml/openid/src/main/java/org/springframework/security/samples/openid/CustomUserDetails.java
index 7a5e400ec2..066eb0bbdc 100644
--- a/samples/xml/openid/src/main/java/org/springframework/security/samples/openid/CustomUserDetails.java
+++ b/samples/xml/openid/src/main/java/org/springframework/security/samples/openid/CustomUserDetails.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples.openid;
 
 import java.util.Collection;
diff --git a/samples/xml/openid/src/main/java/org/springframework/security/samples/openid/CustomUserDetailsService.java b/samples/xml/openid/src/main/java/org/springframework/security/samples/openid/CustomUserDetailsService.java
index 27a3bb409d..b92fe9b556 100644
--- a/samples/xml/openid/src/main/java/org/springframework/security/samples/openid/CustomUserDetailsService.java
+++ b/samples/xml/openid/src/main/java/org/springframework/security/samples/openid/CustomUserDetailsService.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples.openid;
 
 import java.util.HashMap;
diff --git a/samples/xml/preauth/src/test/java/sample/PreAuthXmlTests.java b/samples/xml/preauth/src/test/java/sample/PreAuthXmlTests.java
index be5528e86c..d5875080c6 100644
--- a/samples/xml/preauth/src/test/java/sample/PreAuthXmlTests.java
+++ b/samples/xml/preauth/src/test/java/sample/PreAuthXmlTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package sample;
 
 import org.junit.Test;
diff --git a/samples/xml/servletapi/src/main/java/org/springframework/security/samples/servletapi/mvc/LoginForm.java b/samples/xml/servletapi/src/main/java/org/springframework/security/samples/servletapi/mvc/LoginForm.java
index bbf22962d7..f635fb2f25 100644
--- a/samples/xml/servletapi/src/main/java/org/springframework/security/samples/servletapi/mvc/LoginForm.java
+++ b/samples/xml/servletapi/src/main/java/org/springframework/security/samples/servletapi/mvc/LoginForm.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples.servletapi.mvc;
 
 /**
diff --git a/samples/xml/servletapi/src/main/java/org/springframework/security/samples/servletapi/mvc/ServletApiController.java b/samples/xml/servletapi/src/main/java/org/springframework/security/samples/servletapi/mvc/ServletApiController.java
index 95170c1e9a..bdfd1a6988 100644
--- a/samples/xml/servletapi/src/main/java/org/springframework/security/samples/servletapi/mvc/ServletApiController.java
+++ b/samples/xml/servletapi/src/main/java/org/springframework/security/samples/servletapi/mvc/ServletApiController.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.samples.servletapi.mvc;
 
 import java.io.IOException;
diff --git a/samples/xml/tutorial/src/main/java/bigbank/Account.java b/samples/xml/tutorial/src/main/java/bigbank/Account.java
index a5ef9cd8a4..438df6aa77 100644
--- a/samples/xml/tutorial/src/main/java/bigbank/Account.java
+++ b/samples/xml/tutorial/src/main/java/bigbank/Account.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package bigbank;
 
 /**
diff --git a/samples/xml/tutorial/src/main/java/bigbank/BankDao.java b/samples/xml/tutorial/src/main/java/bigbank/BankDao.java
index 4411896ee2..84ebc6c077 100644
--- a/samples/xml/tutorial/src/main/java/bigbank/BankDao.java
+++ b/samples/xml/tutorial/src/main/java/bigbank/BankDao.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package bigbank;
 
 public interface BankDao {
diff --git a/samples/xml/tutorial/src/main/java/bigbank/BankDaoStub.java b/samples/xml/tutorial/src/main/java/bigbank/BankDaoStub.java
index 78d78f85b2..0a782379fd 100644
--- a/samples/xml/tutorial/src/main/java/bigbank/BankDaoStub.java
+++ b/samples/xml/tutorial/src/main/java/bigbank/BankDaoStub.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package bigbank;
 
 import java.util.HashMap;
diff --git a/samples/xml/tutorial/src/main/java/bigbank/BankService.java b/samples/xml/tutorial/src/main/java/bigbank/BankService.java
index 0e8f6014bc..5f76bb98f3 100644
--- a/samples/xml/tutorial/src/main/java/bigbank/BankService.java
+++ b/samples/xml/tutorial/src/main/java/bigbank/BankService.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package bigbank;
 
 import org.springframework.security.access.prepost.PreAuthorize;
diff --git a/samples/xml/tutorial/src/main/java/bigbank/BankServiceImpl.java b/samples/xml/tutorial/src/main/java/bigbank/BankServiceImpl.java
index 5feede7f61..e12f22845a 100644
--- a/samples/xml/tutorial/src/main/java/bigbank/BankServiceImpl.java
+++ b/samples/xml/tutorial/src/main/java/bigbank/BankServiceImpl.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package bigbank;
 
 import org.springframework.util.Assert;
diff --git a/samples/xml/tutorial/src/main/java/bigbank/SeedData.java b/samples/xml/tutorial/src/main/java/bigbank/SeedData.java
index 21b7791c0d..e4b15389e9 100644
--- a/samples/xml/tutorial/src/main/java/bigbank/SeedData.java
+++ b/samples/xml/tutorial/src/main/java/bigbank/SeedData.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package bigbank;
 
 import org.springframework.beans.factory.InitializingBean;
diff --git a/samples/xml/tutorial/src/main/java/bigbank/web/ListAccounts.java b/samples/xml/tutorial/src/main/java/bigbank/web/ListAccounts.java
index f17aad051b..7fd239b140 100644
--- a/samples/xml/tutorial/src/main/java/bigbank/web/ListAccounts.java
+++ b/samples/xml/tutorial/src/main/java/bigbank/web/ListAccounts.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package bigbank.web;
 
 import javax.servlet.http.HttpServletRequest;
diff --git a/samples/xml/tutorial/src/main/java/bigbank/web/PostAccounts.java b/samples/xml/tutorial/src/main/java/bigbank/web/PostAccounts.java
index 3a5f66c26a..e32ea4a0b7 100644
--- a/samples/xml/tutorial/src/main/java/bigbank/web/PostAccounts.java
+++ b/samples/xml/tutorial/src/main/java/bigbank/web/PostAccounts.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package bigbank.web;
 
 import javax.servlet.http.HttpServletRequest;
diff --git a/taglibs/src/main/java/org/springframework/security/taglibs/authz/AbstractAuthorizeTag.java b/taglibs/src/main/java/org/springframework/security/taglibs/authz/AbstractAuthorizeTag.java
index 7033d4d7d7..803f569d89 100644
--- a/taglibs/src/main/java/org/springframework/security/taglibs/authz/AbstractAuthorizeTag.java
+++ b/taglibs/src/main/java/org/springframework/security/taglibs/authz/AbstractAuthorizeTag.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.taglibs.authz;
 
 import java.io.IOException;
diff --git a/taglibs/src/main/java/org/springframework/security/taglibs/authz/AccessControlListTag.java b/taglibs/src/main/java/org/springframework/security/taglibs/authz/AccessControlListTag.java
index e893bb8d1e..0b8ce61b4e 100644
--- a/taglibs/src/main/java/org/springframework/security/taglibs/authz/AccessControlListTag.java
+++ b/taglibs/src/main/java/org/springframework/security/taglibs/authz/AccessControlListTag.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.taglibs.authz;
 
 import java.util.ArrayList;
diff --git a/taglibs/src/main/java/org/springframework/security/taglibs/authz/JspAuthorizeTag.java b/taglibs/src/main/java/org/springframework/security/taglibs/authz/JspAuthorizeTag.java
index 81b852c3d4..f1ae9512d8 100644
--- a/taglibs/src/main/java/org/springframework/security/taglibs/authz/JspAuthorizeTag.java
+++ b/taglibs/src/main/java/org/springframework/security/taglibs/authz/JspAuthorizeTag.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.taglibs.authz;
 
 import java.io.IOException;
diff --git a/taglibs/src/main/java/org/springframework/security/taglibs/authz/package-info.java b/taglibs/src/main/java/org/springframework/security/taglibs/authz/package-info.java
index e85e0b40da..c1d65c388d 100644
--- a/taglibs/src/main/java/org/springframework/security/taglibs/authz/package-info.java
+++ b/taglibs/src/main/java/org/springframework/security/taglibs/authz/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * JSP Security tag library implementation.
  */
diff --git a/taglibs/src/main/java/org/springframework/security/taglibs/package-info.java b/taglibs/src/main/java/org/springframework/security/taglibs/package-info.java
index 11e50856d9..de2fd6e483 100644
--- a/taglibs/src/main/java/org/springframework/security/taglibs/package-info.java
+++ b/taglibs/src/main/java/org/springframework/security/taglibs/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * Security related tag libraries that can be used in JSPs and templates.
  */
diff --git a/taglibs/src/test/java/org/springframework/security/taglibs/authz/AbstractAuthorizeTagTests.java b/taglibs/src/test/java/org/springframework/security/taglibs/authz/AbstractAuthorizeTagTests.java
index ca81cb9b85..8e6750d31e 100644
--- a/taglibs/src/test/java/org/springframework/security/taglibs/authz/AbstractAuthorizeTagTests.java
+++ b/taglibs/src/test/java/org/springframework/security/taglibs/authz/AbstractAuthorizeTagTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.taglibs.authz;
 
 import java.io.IOException;
diff --git a/taglibs/src/test/java/org/springframework/security/taglibs/authz/AccessControlListTagTests.java b/taglibs/src/test/java/org/springframework/security/taglibs/authz/AccessControlListTagTests.java
index 67d6718f2e..cc52e670d1 100644
--- a/taglibs/src/test/java/org/springframework/security/taglibs/authz/AccessControlListTagTests.java
+++ b/taglibs/src/test/java/org/springframework/security/taglibs/authz/AccessControlListTagTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.taglibs.authz;
 
 import java.util.HashMap;
diff --git a/taglibs/src/test/java/org/springframework/security/taglibs/csrf/AbstractCsrfTagTests.java b/taglibs/src/test/java/org/springframework/security/taglibs/csrf/AbstractCsrfTagTests.java
index 2075eaba4b..ecc26b9987 100644
--- a/taglibs/src/test/java/org/springframework/security/taglibs/csrf/AbstractCsrfTagTests.java
+++ b/taglibs/src/test/java/org/springframework/security/taglibs/csrf/AbstractCsrfTagTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.taglibs.csrf;
 
 import java.io.UnsupportedEncodingException;
diff --git a/taglibs/src/test/java/org/springframework/security/taglibs/csrf/CsrfInputTagTests.java b/taglibs/src/test/java/org/springframework/security/taglibs/csrf/CsrfInputTagTests.java
index 8b456428cc..ff28f7631a 100644
--- a/taglibs/src/test/java/org/springframework/security/taglibs/csrf/CsrfInputTagTests.java
+++ b/taglibs/src/test/java/org/springframework/security/taglibs/csrf/CsrfInputTagTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.taglibs.csrf;
 
 import org.junit.Before;
diff --git a/taglibs/src/test/java/org/springframework/security/taglibs/csrf/CsrfMetaTagsTagTests.java b/taglibs/src/test/java/org/springframework/security/taglibs/csrf/CsrfMetaTagsTagTests.java
index bc0c231396..bc19a1dc98 100644
--- a/taglibs/src/test/java/org/springframework/security/taglibs/csrf/CsrfMetaTagsTagTests.java
+++ b/taglibs/src/test/java/org/springframework/security/taglibs/csrf/CsrfMetaTagsTagTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.taglibs.csrf;
 
 import org.junit.Before;
diff --git a/test/src/main/java/org/springframework/security/test/context/TestSecurityContextHolder.java b/test/src/main/java/org/springframework/security/test/context/TestSecurityContextHolder.java
index bb90171497..e2602f4d9c 100644
--- a/test/src/main/java/org/springframework/security/test/context/TestSecurityContextHolder.java
+++ b/test/src/main/java/org/springframework/security/test/context/TestSecurityContextHolder.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.test.context;
 
 import javax.servlet.FilterChain;
diff --git a/test/src/main/java/org/springframework/security/test/context/annotation/SecurityTestExecutionListeners.java b/test/src/main/java/org/springframework/security/test/context/annotation/SecurityTestExecutionListeners.java
index 0d76e26b4c..265f4fe1cd 100644
--- a/test/src/main/java/org/springframework/security/test/context/annotation/SecurityTestExecutionListeners.java
+++ b/test/src/main/java/org/springframework/security/test/context/annotation/SecurityTestExecutionListeners.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.test.context.annotation;
 
 import java.lang.annotation.Documented;
diff --git a/test/src/main/java/org/springframework/security/test/context/support/WithAnonymousUser.java b/test/src/main/java/org/springframework/security/test/context/support/WithAnonymousUser.java
index a08275bca9..6cb49ac9f0 100644
--- a/test/src/main/java/org/springframework/security/test/context/support/WithAnonymousUser.java
+++ b/test/src/main/java/org/springframework/security/test/context/support/WithAnonymousUser.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.test.context.support;
 
 import java.lang.annotation.Documented;
diff --git a/test/src/main/java/org/springframework/security/test/context/support/WithAnonymousUserSecurityContextFactory.java b/test/src/main/java/org/springframework/security/test/context/support/WithAnonymousUserSecurityContextFactory.java
index 044e3f0924..d812fa9877 100644
--- a/test/src/main/java/org/springframework/security/test/context/support/WithAnonymousUserSecurityContextFactory.java
+++ b/test/src/main/java/org/springframework/security/test/context/support/WithAnonymousUserSecurityContextFactory.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.test.context.support;
 
 import java.util.List;
diff --git a/test/src/main/java/org/springframework/security/test/context/support/WithMockUser.java b/test/src/main/java/org/springframework/security/test/context/support/WithMockUser.java
index 23a2e2204c..c4c62244d2 100644
--- a/test/src/main/java/org/springframework/security/test/context/support/WithMockUser.java
+++ b/test/src/main/java/org/springframework/security/test/context/support/WithMockUser.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.test.context.support;
 
 import java.lang.annotation.Documented;
diff --git a/test/src/main/java/org/springframework/security/test/context/support/WithMockUserSecurityContextFactory.java b/test/src/main/java/org/springframework/security/test/context/support/WithMockUserSecurityContextFactory.java
index 9256f535b2..203b0bb599 100644
--- a/test/src/main/java/org/springframework/security/test/context/support/WithMockUserSecurityContextFactory.java
+++ b/test/src/main/java/org/springframework/security/test/context/support/WithMockUserSecurityContextFactory.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.test.context.support;
 
 import java.util.ArrayList;
diff --git a/test/src/main/java/org/springframework/security/test/context/support/WithSecurityContext.java b/test/src/main/java/org/springframework/security/test/context/support/WithSecurityContext.java
index a97bb44794..d696fe5e1b 100644
--- a/test/src/main/java/org/springframework/security/test/context/support/WithSecurityContext.java
+++ b/test/src/main/java/org/springframework/security/test/context/support/WithSecurityContext.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.test.context.support;
 
 import java.lang.annotation.Annotation;
diff --git a/test/src/main/java/org/springframework/security/test/context/support/WithSecurityContextFactory.java b/test/src/main/java/org/springframework/security/test/context/support/WithSecurityContextFactory.java
index 50c381b37b..86dbafc668 100644
--- a/test/src/main/java/org/springframework/security/test/context/support/WithSecurityContextFactory.java
+++ b/test/src/main/java/org/springframework/security/test/context/support/WithSecurityContextFactory.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.test.context.support;
 
 import java.lang.annotation.Annotation;
diff --git a/test/src/main/java/org/springframework/security/test/context/support/WithSecurityContextTestExecutionListener.java b/test/src/main/java/org/springframework/security/test/context/support/WithSecurityContextTestExecutionListener.java
index af64400baa..439c0519b2 100644
--- a/test/src/main/java/org/springframework/security/test/context/support/WithSecurityContextTestExecutionListener.java
+++ b/test/src/main/java/org/springframework/security/test/context/support/WithSecurityContextTestExecutionListener.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.test.context.support;
 
 import java.lang.annotation.Annotation;
diff --git a/test/src/main/java/org/springframework/security/test/context/support/WithUserDetails.java b/test/src/main/java/org/springframework/security/test/context/support/WithUserDetails.java
index ac2fee5b00..7da8db4ba8 100644
--- a/test/src/main/java/org/springframework/security/test/context/support/WithUserDetails.java
+++ b/test/src/main/java/org/springframework/security/test/context/support/WithUserDetails.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.test.context.support;
 
 import java.lang.annotation.Documented;
diff --git a/test/src/main/java/org/springframework/security/test/context/support/WithUserDetailsSecurityContextFactory.java b/test/src/main/java/org/springframework/security/test/context/support/WithUserDetailsSecurityContextFactory.java
index a9405e97c1..68a26d123a 100644
--- a/test/src/main/java/org/springframework/security/test/context/support/WithUserDetailsSecurityContextFactory.java
+++ b/test/src/main/java/org/springframework/security/test/context/support/WithUserDetailsSecurityContextFactory.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.test.context.support;
 
 import org.springframework.beans.factory.BeanFactory;
diff --git a/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestBuilders.java b/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestBuilders.java
index 6bb7660bb6..98754c1369 100644
--- a/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestBuilders.java
+++ b/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestBuilders.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.test.web.servlet.request;
 
 import javax.servlet.ServletContext;
diff --git a/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessors.java b/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessors.java
index ee790115e2..b78591eab6 100644
--- a/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessors.java
+++ b/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessors.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.test.web.servlet.request;
 
 import java.io.IOException;
diff --git a/test/src/main/java/org/springframework/security/test/web/servlet/response/SecurityMockMvcResultMatchers.java b/test/src/main/java/org/springframework/security/test/web/servlet/response/SecurityMockMvcResultMatchers.java
index a767f23604..3f7f7355aa 100644
--- a/test/src/main/java/org/springframework/security/test/web/servlet/response/SecurityMockMvcResultMatchers.java
+++ b/test/src/main/java/org/springframework/security/test/web/servlet/response/SecurityMockMvcResultMatchers.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.test.web.servlet.response;
 
 import java.util.ArrayList;
diff --git a/test/src/main/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurer.java b/test/src/main/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurer.java
index b3808f25a3..d6438e5973 100644
--- a/test/src/main/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurer.java
+++ b/test/src/main/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurer.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.test.web.servlet.setup;
 
 import java.io.IOException;
diff --git a/test/src/main/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurers.java b/test/src/main/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurers.java
index 987c78ddac..9d51d45694 100644
--- a/test/src/main/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurers.java
+++ b/test/src/main/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurers.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.test.web.servlet.setup;
 
 import javax.servlet.Filter;
diff --git a/test/src/main/java/org/springframework/security/test/web/support/WebTestUtils.java b/test/src/main/java/org/springframework/security/test/web/support/WebTestUtils.java
index 6c2c7c0613..5c657163a1 100644
--- a/test/src/main/java/org/springframework/security/test/web/support/WebTestUtils.java
+++ b/test/src/main/java/org/springframework/security/test/web/support/WebTestUtils.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.test.web.support;
 
 import java.util.List;
diff --git a/test/src/test/java/org/springframework/security/test/context/TestSecurityContextHolderTests.java b/test/src/test/java/org/springframework/security/test/context/TestSecurityContextHolderTests.java
index 9d60a0e54a..580ae98979 100644
--- a/test/src/test/java/org/springframework/security/test/context/TestSecurityContextHolderTests.java
+++ b/test/src/test/java/org/springframework/security/test/context/TestSecurityContextHolderTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.test.context;
 
 import org.junit.After;
diff --git a/test/src/test/java/org/springframework/security/test/context/annotation/SecurityTestExecutionListenerTests.java b/test/src/test/java/org/springframework/security/test/context/annotation/SecurityTestExecutionListenerTests.java
index ba752f72f5..ee400999be 100644
--- a/test/src/test/java/org/springframework/security/test/context/annotation/SecurityTestExecutionListenerTests.java
+++ b/test/src/test/java/org/springframework/security/test/context/annotation/SecurityTestExecutionListenerTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.test.context.annotation;
 
 import java.security.Principal;
diff --git a/test/src/test/java/org/springframework/security/test/context/showcase/CustomUserDetails.java b/test/src/test/java/org/springframework/security/test/context/showcase/CustomUserDetails.java
index 7b3220941f..ccbc7a00f0 100644
--- a/test/src/test/java/org/springframework/security/test/context/showcase/CustomUserDetails.java
+++ b/test/src/test/java/org/springframework/security/test/context/showcase/CustomUserDetails.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.test.context.showcase;
 
 import java.util.Collection;
diff --git a/test/src/test/java/org/springframework/security/test/context/showcase/WithMockCustomUser.java b/test/src/test/java/org/springframework/security/test/context/showcase/WithMockCustomUser.java
index 935f7954f7..a3c61627f2 100644
--- a/test/src/test/java/org/springframework/security/test/context/showcase/WithMockCustomUser.java
+++ b/test/src/test/java/org/springframework/security/test/context/showcase/WithMockCustomUser.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.test.context.showcase;
 
 import org.springframework.security.test.context.support.WithSecurityContext;
diff --git a/test/src/test/java/org/springframework/security/test/context/showcase/WithMockCustomUserSecurityContextFactory.java b/test/src/test/java/org/springframework/security/test/context/showcase/WithMockCustomUserSecurityContextFactory.java
index a02086265e..b3c8737b4c 100644
--- a/test/src/test/java/org/springframework/security/test/context/showcase/WithMockCustomUserSecurityContextFactory.java
+++ b/test/src/test/java/org/springframework/security/test/context/showcase/WithMockCustomUserSecurityContextFactory.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.test.context.showcase;
 
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
diff --git a/test/src/test/java/org/springframework/security/test/context/showcase/WithMockUserParent.java b/test/src/test/java/org/springframework/security/test/context/showcase/WithMockUserParent.java
index 25b613f11e..1f2c5c6016 100644
--- a/test/src/test/java/org/springframework/security/test/context/showcase/WithMockUserParent.java
+++ b/test/src/test/java/org/springframework/security/test/context/showcase/WithMockUserParent.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.test.context.showcase;
 
 import org.springframework.security.test.context.support.WithMockUser;
diff --git a/test/src/test/java/org/springframework/security/test/context/showcase/WithMockUserParentTests.java b/test/src/test/java/org/springframework/security/test/context/showcase/WithMockUserParentTests.java
index 299eca846f..a2d8f83802 100644
--- a/test/src/test/java/org/springframework/security/test/context/showcase/WithMockUserParentTests.java
+++ b/test/src/test/java/org/springframework/security/test/context/showcase/WithMockUserParentTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.test.context.showcase;
 
 import org.junit.Test;
diff --git a/test/src/test/java/org/springframework/security/test/context/showcase/WithMockUserTests.java b/test/src/test/java/org/springframework/security/test/context/showcase/WithMockUserTests.java
index 4620a410d3..e857ea9f72 100644
--- a/test/src/test/java/org/springframework/security/test/context/showcase/WithMockUserTests.java
+++ b/test/src/test/java/org/springframework/security/test/context/showcase/WithMockUserTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.test.context.showcase;
 
 import org.junit.Test;
diff --git a/test/src/test/java/org/springframework/security/test/context/showcase/WithUserDetailsTests.java b/test/src/test/java/org/springframework/security/test/context/showcase/WithUserDetailsTests.java
index 604dcbfbf9..1d9a341753 100644
--- a/test/src/test/java/org/springframework/security/test/context/showcase/WithUserDetailsTests.java
+++ b/test/src/test/java/org/springframework/security/test/context/showcase/WithUserDetailsTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.test.context.showcase;
 
 import org.junit.Test;
diff --git a/test/src/test/java/org/springframework/security/test/context/showcase/service/HelloMessageService.java b/test/src/test/java/org/springframework/security/test/context/showcase/service/HelloMessageService.java
index df1e05f8e0..95ad519c5e 100644
--- a/test/src/test/java/org/springframework/security/test/context/showcase/service/HelloMessageService.java
+++ b/test/src/test/java/org/springframework/security/test/context/showcase/service/HelloMessageService.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.test.context.showcase.service;
 
 import org.springframework.security.access.prepost.PreAuthorize;
diff --git a/test/src/test/java/org/springframework/security/test/context/showcase/service/MessageService.java b/test/src/test/java/org/springframework/security/test/context/showcase/service/MessageService.java
index ce83abda47..f42757f9ee 100644
--- a/test/src/test/java/org/springframework/security/test/context/showcase/service/MessageService.java
+++ b/test/src/test/java/org/springframework/security/test/context/showcase/service/MessageService.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.test.context.showcase.service;
 
 /**
diff --git a/test/src/test/java/org/springframework/security/test/context/support/WithMockUserSecurityContextFactoryTests.java b/test/src/test/java/org/springframework/security/test/context/support/WithMockUserSecurityContextFactoryTests.java
index 790b1498ec..d1750ba6ca 100644
--- a/test/src/test/java/org/springframework/security/test/context/support/WithMockUserSecurityContextFactoryTests.java
+++ b/test/src/test/java/org/springframework/security/test/context/support/WithMockUserSecurityContextFactoryTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.test.context.support;
 
 import org.junit.Before;
diff --git a/test/src/test/java/org/springframework/security/test/context/support/WithSecurityContextTestExcecutionListenerTests.java b/test/src/test/java/org/springframework/security/test/context/support/WithSecurityContextTestExcecutionListenerTests.java
index 3bacb905d9..a9caddfbce 100644
--- a/test/src/test/java/org/springframework/security/test/context/support/WithSecurityContextTestExcecutionListenerTests.java
+++ b/test/src/test/java/org/springframework/security/test/context/support/WithSecurityContextTestExcecutionListenerTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.test.context.support;
 
 import java.lang.annotation.Annotation;
diff --git a/test/src/test/java/org/springframework/security/test/context/support/WithUserDetailsSecurityContextFactoryTests.java b/test/src/test/java/org/springframework/security/test/context/support/WithUserDetailsSecurityContextFactoryTests.java
index ce3c9f7d90..56a4812de6 100644
--- a/test/src/test/java/org/springframework/security/test/context/support/WithUserDetailsSecurityContextFactoryTests.java
+++ b/test/src/test/java/org/springframework/security/test/context/support/WithUserDetailsSecurityContextFactoryTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.test.context.support;
 
 import org.junit.Before;
diff --git a/test/src/test/java/org/springframework/security/test/context/support/WithUserDetailsTests.java b/test/src/test/java/org/springframework/security/test/context/support/WithUserDetailsTests.java
index d9b1596a1b..abc94bff08 100644
--- a/test/src/test/java/org/springframework/security/test/context/support/WithUserDetailsTests.java
+++ b/test/src/test/java/org/springframework/security/test/context/support/WithUserDetailsTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.test.context.support;
 
 import org.junit.Test;
diff --git a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurerOpaqueTokenTests.java b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurerOpaqueTokenTests.java
index 46db6349b0..5b30f0fc69 100644
--- a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurerOpaqueTokenTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurerOpaqueTokenTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.test.web.reactive.server;
 
 import java.util.List;
diff --git a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersJwtTests.java b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersJwtTests.java
index 6ae453a237..f8b091f4b3 100644
--- a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersJwtTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersJwtTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.test.web.reactive.server;
 
 import java.util.Arrays;
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/Sec2935Tests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/Sec2935Tests.java
index f8ccde3430..7ba8965bc4 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/Sec2935Tests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/Sec2935Tests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.test.web.servlet.request;
 
 import org.junit.Before;
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestBuildersFormLoginTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestBuildersFormLoginTests.java
index fb6ba5b68b..30c39490e2 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestBuildersFormLoginTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestBuildersFormLoginTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.test.web.servlet.request;
 
 import java.util.Arrays;
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestBuildersFormLogoutTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestBuildersFormLogoutTests.java
index b339e2a254..a966ad52af 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestBuildersFormLogoutTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestBuildersFormLogoutTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.test.web.servlet.request;
 
 import java.util.Arrays;
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsAuthenticationStatelessTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsAuthenticationStatelessTests.java
index d37059a38a..c98a92bd03 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsAuthenticationStatelessTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsAuthenticationStatelessTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.test.web.servlet.request;
 
 import org.junit.Before;
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsAuthenticationTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsAuthenticationTests.java
index 8481800535..a6aaf08a74 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsAuthenticationTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsAuthenticationTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.test.web.servlet.request;
 
 import javax.servlet.http.HttpServletResponse;
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCertificateTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCertificateTests.java
index d1389af563..827bd15101 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCertificateTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCertificateTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.test.web.servlet.request;
 
 import java.security.cert.X509Certificate;
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCsrfDebugFilterTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCsrfDebugFilterTests.java
index 1771697493..b74fd99528 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCsrfDebugFilterTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCsrfDebugFilterTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.test.web.servlet.request;
 
 import org.junit.Test;
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCsrfTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCsrfTests.java
index a220845bba..3c09347f52 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCsrfTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCsrfTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.test.web.servlet.request;
 
 import java.io.IOException;
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsDigestTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsDigestTests.java
index dab46c6b0c..0cf9b63b6f 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsDigestTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsDigestTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.test.web.servlet.request;
 
 import java.io.IOException;
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsJwtTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsJwtTests.java
index a1ea6ce8af..954ce278cc 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsJwtTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsJwtTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.test.web.servlet.request;
 
 import java.util.Arrays;
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOAuth2ClientTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOAuth2ClientTests.java
index 8b4444036c..5bdedc8277 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOAuth2ClientTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOAuth2ClientTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.test.web.servlet.request;
 
 import javax.servlet.http.HttpServletRequest;
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOAuth2LoginTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOAuth2LoginTests.java
index e6dd8ea861..360a90088b 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOAuth2LoginTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOAuth2LoginTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.test.web.servlet.request;
 
 import java.util.Collection;
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOidcLoginTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOidcLoginTests.java
index fefe3b5ab3..fb26a1bb5b 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOidcLoginTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOidcLoginTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.test.web.servlet.request;
 
 import java.util.Collection;
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsSecurityContextTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsSecurityContextTests.java
index 376287a2a6..8e3e099300 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsSecurityContextTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsSecurityContextTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.test.web.servlet.request;
 
 import javax.servlet.http.HttpServletResponse;
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsTestSecurityContextStatelessTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsTestSecurityContextStatelessTests.java
index 451884e0b5..7aa1d6e944 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsTestSecurityContextStatelessTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsTestSecurityContextStatelessTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.test.web.servlet.request;
 
 import javax.servlet.Filter;
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsTestSecurityContextTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsTestSecurityContextTests.java
index 68fda69b26..0472d593aa 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsTestSecurityContextTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsTestSecurityContextTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.test.web.servlet.request;
 
 import javax.servlet.http.HttpServletResponse;
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsUserDetailsTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsUserDetailsTests.java
index 4f23b5284e..c471fdc396 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsUserDetailsTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsUserDetailsTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.test.web.servlet.request;
 
 import javax.servlet.http.HttpServletResponse;
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsUserTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsUserTests.java
index 7e3b0c1eab..37c3457c02 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsUserTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsUserTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.test.web.servlet.request;
 
 import java.util.Arrays;
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/response/SecurityMockMvcResultMatchersTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/response/SecurityMockMvcResultMatchersTests.java
index 519e1cda84..57bf66d878 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/response/SecurityMockMvcResultMatchersTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/response/SecurityMockMvcResultMatchersTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.test.web.servlet.response;
 
 import org.junit.Before;
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/response/SecurityMockWithAuthoritiesMvcResultMatchersTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/response/SecurityMockWithAuthoritiesMvcResultMatchersTests.java
index 962a73c18c..7f458d3970 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/response/SecurityMockWithAuthoritiesMvcResultMatchersTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/response/SecurityMockWithAuthoritiesMvcResultMatchersTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.test.web.servlet.response;
 
 import java.util.ArrayList;
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurerTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurerTests.java
index a64e06ecb7..9c27fd80c2 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurerTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurerTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.test.web.servlet.setup;
 
 import javax.servlet.Filter;
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurersTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurersTests.java
index f65fca98c2..8e62492aa7 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurersTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurersTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.test.web.servlet.setup;
 
 import javax.servlet.Filter;
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/CsrfShowcaseTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/CsrfShowcaseTests.java
index f6c42196ef..69f5891d30 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/CsrfShowcaseTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/CsrfShowcaseTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.test.web.servlet.showcase.csrf;
 
 import org.junit.Before;
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/CustomCsrfShowcaseTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/CustomCsrfShowcaseTests.java
index 711458b58f..c833a36aae 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/CustomCsrfShowcaseTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/CustomCsrfShowcaseTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.test.web.servlet.showcase.csrf;
 
 import org.junit.Before;
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/DefaultCsrfShowcaseTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/DefaultCsrfShowcaseTests.java
index 634016c50c..a5807986f5 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/DefaultCsrfShowcaseTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/DefaultCsrfShowcaseTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.test.web.servlet.showcase.csrf;
 
 import org.junit.Before;
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/AuthenticationTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/AuthenticationTests.java
index a691ae79fa..4a3d138737 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/AuthenticationTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/AuthenticationTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.test.web.servlet.showcase.login;
 
 import org.junit.Before;
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomConfigAuthenticationTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomConfigAuthenticationTests.java
index 2ea703fd48..ee3c177e55 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomConfigAuthenticationTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomConfigAuthenticationTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.test.web.servlet.showcase.login;
 
 import org.junit.Before;
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomLoginRequestBuilderAuthenticationTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomLoginRequestBuilderAuthenticationTests.java
index 48043ce380..a52b469534 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomLoginRequestBuilderAuthenticationTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomLoginRequestBuilderAuthenticationTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.test.web.servlet.showcase.login;
 
 import org.junit.Before;
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/DefaultfSecurityRequestsTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/DefaultfSecurityRequestsTests.java
index bc985e978d..60494ca3fe 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/DefaultfSecurityRequestsTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/DefaultfSecurityRequestsTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.test.web.servlet.showcase.secured;
 
 import org.junit.Before;
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/SecurityRequestsTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/SecurityRequestsTests.java
index 51a93e9df2..bfc31612c8 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/SecurityRequestsTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/SecurityRequestsTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.test.web.servlet.showcase.secured;
 
 import org.junit.Before;
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithAdminRob.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithAdminRob.java
index 1c8d7ed3c5..0b44126df1 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithAdminRob.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithAdminRob.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.test.web.servlet.showcase.secured;
 
 import java.lang.annotation.Documented;
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserAuthenticationTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserAuthenticationTests.java
index 16f496e187..d841c86e25 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserAuthenticationTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserAuthenticationTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.test.web.servlet.showcase.secured;
 
 import org.junit.Before;
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserClassLevelAuthenticationTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserClassLevelAuthenticationTests.java
index 28573717c6..59c010b741 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserClassLevelAuthenticationTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserClassLevelAuthenticationTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.test.web.servlet.showcase.secured;
 
 import org.junit.Before;
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserDetailsAuthenticationTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserDetailsAuthenticationTests.java
index d66a60472d..3bcf82c0ff 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserDetailsAuthenticationTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserDetailsAuthenticationTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.test.web.servlet.showcase.secured;
 
 import org.junit.Before;
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserDetailsClassLevelAuthenticationTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserDetailsClassLevelAuthenticationTests.java
index b52a0b4d0d..761950e47a 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserDetailsClassLevelAuthenticationTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserDetailsClassLevelAuthenticationTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.test.web.servlet.showcase.secured;
 
 import org.junit.Before;
diff --git a/test/src/test/java/org/springframework/security/test/web/support/WebTestUtilsTests.java b/test/src/test/java/org/springframework/security/test/web/support/WebTestUtilsTests.java
index 9e483e0b9d..a469d38530 100644
--- a/test/src/test/java/org/springframework/security/test/web/support/WebTestUtilsTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/support/WebTestUtilsTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.test.web.support;
 
 import org.junit.After;
diff --git a/web/src/main/java/org/springframework/security/web/DefaultRedirectStrategy.java b/web/src/main/java/org/springframework/security/web/DefaultRedirectStrategy.java
index 32379c2b61..6175bac52b 100644
--- a/web/src/main/java/org/springframework/security/web/DefaultRedirectStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/DefaultRedirectStrategy.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web;
 
 import java.io.IOException;
diff --git a/web/src/main/java/org/springframework/security/web/DefaultSecurityFilterChain.java b/web/src/main/java/org/springframework/security/web/DefaultSecurityFilterChain.java
index fde9261fa7..8786a86a1c 100644
--- a/web/src/main/java/org/springframework/security/web/DefaultSecurityFilterChain.java
+++ b/web/src/main/java/org/springframework/security/web/DefaultSecurityFilterChain.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web;
 
 import java.util.ArrayList;
diff --git a/web/src/main/java/org/springframework/security/web/RedirectStrategy.java b/web/src/main/java/org/springframework/security/web/RedirectStrategy.java
index 02e311cfc1..8dc718a46d 100644
--- a/web/src/main/java/org/springframework/security/web/RedirectStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/RedirectStrategy.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web;
 
 import java.io.IOException;
diff --git a/web/src/main/java/org/springframework/security/web/SecurityFilterChain.java b/web/src/main/java/org/springframework/security/web/SecurityFilterChain.java
index 49fefc5c06..bc919ef91b 100644
--- a/web/src/main/java/org/springframework/security/web/SecurityFilterChain.java
+++ b/web/src/main/java/org/springframework/security/web/SecurityFilterChain.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web;
 
 import java.util.List;
diff --git a/web/src/main/java/org/springframework/security/web/WebAttributes.java b/web/src/main/java/org/springframework/security/web/WebAttributes.java
index bb1c279ccb..62765ba25a 100644
--- a/web/src/main/java/org/springframework/security/web/WebAttributes.java
+++ b/web/src/main/java/org/springframework/security/web/WebAttributes.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web;
 
 import org.springframework.security.web.access.WebInvocationPrivilegeEvaluator;
diff --git a/web/src/main/java/org/springframework/security/web/access/DelegatingAccessDeniedHandler.java b/web/src/main/java/org/springframework/security/web/access/DelegatingAccessDeniedHandler.java
index 6db0f4cd62..9e5fc8d3fa 100644
--- a/web/src/main/java/org/springframework/security/web/access/DelegatingAccessDeniedHandler.java
+++ b/web/src/main/java/org/springframework/security/web/access/DelegatingAccessDeniedHandler.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.access;
 
 import java.io.IOException;
diff --git a/web/src/main/java/org/springframework/security/web/access/ExceptionTranslationFilter.java b/web/src/main/java/org/springframework/security/web/access/ExceptionTranslationFilter.java
index a33ffb37bb..526a237bc7 100644
--- a/web/src/main/java/org/springframework/security/web/access/ExceptionTranslationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/access/ExceptionTranslationFilter.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.access;
 
 import java.io.IOException;
diff --git a/web/src/main/java/org/springframework/security/web/access/RequestMatcherDelegatingAccessDeniedHandler.java b/web/src/main/java/org/springframework/security/web/access/RequestMatcherDelegatingAccessDeniedHandler.java
index fe38540a3e..65f8c1abac 100644
--- a/web/src/main/java/org/springframework/security/web/access/RequestMatcherDelegatingAccessDeniedHandler.java
+++ b/web/src/main/java/org/springframework/security/web/access/RequestMatcherDelegatingAccessDeniedHandler.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.access;
 
 import java.io.IOException;
diff --git a/web/src/main/java/org/springframework/security/web/access/channel/AbstractRetryEntryPoint.java b/web/src/main/java/org/springframework/security/web/access/channel/AbstractRetryEntryPoint.java
index 4dc16581df..9efe0bf185 100644
--- a/web/src/main/java/org/springframework/security/web/access/channel/AbstractRetryEntryPoint.java
+++ b/web/src/main/java/org/springframework/security/web/access/channel/AbstractRetryEntryPoint.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.access.channel;
 
 import java.io.IOException;
diff --git a/web/src/main/java/org/springframework/security/web/access/channel/package-info.java b/web/src/main/java/org/springframework/security/web/access/channel/package-info.java
index 342266d508..701d7b6e41 100644
--- a/web/src/main/java/org/springframework/security/web/access/channel/package-info.java
+++ b/web/src/main/java/org/springframework/security/web/access/channel/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * Classes that ensure web requests are received over required transport channels.
  * <p>
diff --git a/web/src/main/java/org/springframework/security/web/access/expression/AbstractVariableEvaluationContextPostProcessor.java b/web/src/main/java/org/springframework/security/web/access/expression/AbstractVariableEvaluationContextPostProcessor.java
index 202a8321ed..e562ea1e4b 100644
--- a/web/src/main/java/org/springframework/security/web/access/expression/AbstractVariableEvaluationContextPostProcessor.java
+++ b/web/src/main/java/org/springframework/security/web/access/expression/AbstractVariableEvaluationContextPostProcessor.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.access.expression;
 
 import java.util.Map;
diff --git a/web/src/main/java/org/springframework/security/web/access/expression/DefaultWebSecurityExpressionHandler.java b/web/src/main/java/org/springframework/security/web/access/expression/DefaultWebSecurityExpressionHandler.java
index 1450cd29fa..5634347671 100644
--- a/web/src/main/java/org/springframework/security/web/access/expression/DefaultWebSecurityExpressionHandler.java
+++ b/web/src/main/java/org/springframework/security/web/access/expression/DefaultWebSecurityExpressionHandler.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.access.expression;
 
 import org.springframework.security.access.expression.AbstractSecurityExpressionHandler;
diff --git a/web/src/main/java/org/springframework/security/web/access/expression/EvaluationContextPostProcessor.java b/web/src/main/java/org/springframework/security/web/access/expression/EvaluationContextPostProcessor.java
index 5f700fa6c3..f56c849457 100644
--- a/web/src/main/java/org/springframework/security/web/access/expression/EvaluationContextPostProcessor.java
+++ b/web/src/main/java/org/springframework/security/web/access/expression/EvaluationContextPostProcessor.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.access.expression;
 
 import org.springframework.expression.EvaluationContext;
diff --git a/web/src/main/java/org/springframework/security/web/access/expression/ExpressionBasedFilterInvocationSecurityMetadataSource.java b/web/src/main/java/org/springframework/security/web/access/expression/ExpressionBasedFilterInvocationSecurityMetadataSource.java
index 0a239f3da9..b8e4838794 100644
--- a/web/src/main/java/org/springframework/security/web/access/expression/ExpressionBasedFilterInvocationSecurityMetadataSource.java
+++ b/web/src/main/java/org/springframework/security/web/access/expression/ExpressionBasedFilterInvocationSecurityMetadataSource.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.access.expression;
 
 import java.util.ArrayList;
diff --git a/web/src/main/java/org/springframework/security/web/access/expression/WebExpressionConfigAttribute.java b/web/src/main/java/org/springframework/security/web/access/expression/WebExpressionConfigAttribute.java
index 57a2b1aa1d..4f40ffc7dd 100644
--- a/web/src/main/java/org/springframework/security/web/access/expression/WebExpressionConfigAttribute.java
+++ b/web/src/main/java/org/springframework/security/web/access/expression/WebExpressionConfigAttribute.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.access.expression;
 
 import org.springframework.expression.EvaluationContext;
diff --git a/web/src/main/java/org/springframework/security/web/access/expression/WebExpressionVoter.java b/web/src/main/java/org/springframework/security/web/access/expression/WebExpressionVoter.java
index 0b363a046a..88db17f211 100644
--- a/web/src/main/java/org/springframework/security/web/access/expression/WebExpressionVoter.java
+++ b/web/src/main/java/org/springframework/security/web/access/expression/WebExpressionVoter.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.access.expression;
 
 import java.util.Collection;
diff --git a/web/src/main/java/org/springframework/security/web/access/expression/WebSecurityExpressionRoot.java b/web/src/main/java/org/springframework/security/web/access/expression/WebSecurityExpressionRoot.java
index f1c85dd000..70fd24f022 100644
--- a/web/src/main/java/org/springframework/security/web/access/expression/WebSecurityExpressionRoot.java
+++ b/web/src/main/java/org/springframework/security/web/access/expression/WebSecurityExpressionRoot.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.access.expression;
 
 import javax.servlet.http.HttpServletRequest;
diff --git a/web/src/main/java/org/springframework/security/web/access/expression/package-info.java b/web/src/main/java/org/springframework/security/web/access/expression/package-info.java
index b6c3d6ce6f..ca3bb36504 100644
--- a/web/src/main/java/org/springframework/security/web/access/expression/package-info.java
+++ b/web/src/main/java/org/springframework/security/web/access/expression/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * Implementation of web security expressions.
  */
diff --git a/web/src/main/java/org/springframework/security/web/access/intercept/RequestKey.java b/web/src/main/java/org/springframework/security/web/access/intercept/RequestKey.java
index 1aa48691e0..e7a37eb180 100644
--- a/web/src/main/java/org/springframework/security/web/access/intercept/RequestKey.java
+++ b/web/src/main/java/org/springframework/security/web/access/intercept/RequestKey.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.access.intercept;
 
 import org.springframework.util.Assert;
diff --git a/web/src/main/java/org/springframework/security/web/access/intercept/package-info.java b/web/src/main/java/org/springframework/security/web/access/intercept/package-info.java
index 569a9d70be..e1064f6a5e 100644
--- a/web/src/main/java/org/springframework/security/web/access/intercept/package-info.java
+++ b/web/src/main/java/org/springframework/security/web/access/intercept/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * Enforcement of security for HTTP requests, typically by the URL requested.
  */
diff --git a/web/src/main/java/org/springframework/security/web/access/package-info.java b/web/src/main/java/org/springframework/security/web/access/package-info.java
index 4c5d8c6b1e..45565029a3 100644
--- a/web/src/main/java/org/springframework/security/web/access/package-info.java
+++ b/web/src/main/java/org/springframework/security/web/access/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * Access-control related classes and packages.
  */
diff --git a/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationTargetUrlRequestHandler.java b/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationTargetUrlRequestHandler.java
index cf0b795c4f..32e38c8525 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationTargetUrlRequestHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationTargetUrlRequestHandler.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication;
 
 import java.io.IOException;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/AuthenticationConverter.java b/web/src/main/java/org/springframework/security/web/authentication/AuthenticationConverter.java
index 7ada074310..63a144a020 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/AuthenticationConverter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/AuthenticationConverter.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication;
 
 import javax.servlet.http.HttpServletRequest;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/AuthenticationEntryPointFailureHandler.java b/web/src/main/java/org/springframework/security/web/authentication/AuthenticationEntryPointFailureHandler.java
index 5b41679859..f0f375b8ba 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/AuthenticationEntryPointFailureHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/AuthenticationEntryPointFailureHandler.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication;
 
 import java.io.IOException;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/AuthenticationFailureHandler.java b/web/src/main/java/org/springframework/security/web/authentication/AuthenticationFailureHandler.java
index 284c059957..ba4d23d1bc 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/AuthenticationFailureHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/AuthenticationFailureHandler.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication;
 
 import java.io.IOException;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/AuthenticationFilter.java b/web/src/main/java/org/springframework/security/web/authentication/AuthenticationFilter.java
index 7353e906fb..24e6e015e3 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/AuthenticationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/AuthenticationFilter.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication;
 
 import java.io.IOException;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/AuthenticationSuccessHandler.java b/web/src/main/java/org/springframework/security/web/authentication/AuthenticationSuccessHandler.java
index f34b4937d8..dc59b82f52 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/AuthenticationSuccessHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/AuthenticationSuccessHandler.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication;
 
 import java.io.IOException;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPoint.java b/web/src/main/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPoint.java
index 1a801c0478..d9d2a5cbbd 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPoint.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPoint.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication;
 
 import java.io.IOException;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/DelegatingAuthenticationFailureHandler.java b/web/src/main/java/org/springframework/security/web/authentication/DelegatingAuthenticationFailureHandler.java
index c96c8272b1..41ec7712a8 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/DelegatingAuthenticationFailureHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/DelegatingAuthenticationFailureHandler.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication;
 
 import java.io.IOException;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/ExceptionMappingAuthenticationFailureHandler.java b/web/src/main/java/org/springframework/security/web/authentication/ExceptionMappingAuthenticationFailureHandler.java
index 5b62059654..a85603ea7b 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/ExceptionMappingAuthenticationFailureHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/ExceptionMappingAuthenticationFailureHandler.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication;
 
 import java.io.IOException;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/ForwardAuthenticationFailureHandler.java b/web/src/main/java/org/springframework/security/web/authentication/ForwardAuthenticationFailureHandler.java
index 465e86d487..9071ea289e 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/ForwardAuthenticationFailureHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/ForwardAuthenticationFailureHandler.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication;
 
 import java.io.IOException;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/ForwardAuthenticationSuccessHandler.java b/web/src/main/java/org/springframework/security/web/authentication/ForwardAuthenticationSuccessHandler.java
index 42b46cd694..1e2ca60ef4 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/ForwardAuthenticationSuccessHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/ForwardAuthenticationSuccessHandler.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication;
 
 import java.io.IOException;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/Http403ForbiddenEntryPoint.java b/web/src/main/java/org/springframework/security/web/authentication/Http403ForbiddenEntryPoint.java
index 3a384222f3..bff458f006 100755
--- a/web/src/main/java/org/springframework/security/web/authentication/Http403ForbiddenEntryPoint.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/Http403ForbiddenEntryPoint.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication;
 
 import java.io.IOException;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/HttpStatusEntryPoint.java b/web/src/main/java/org/springframework/security/web/authentication/HttpStatusEntryPoint.java
index ef1eafb46f..a62e01e18e 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/HttpStatusEntryPoint.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/HttpStatusEntryPoint.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication;
 
 import javax.servlet.http.HttpServletRequest;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/SavedRequestAwareAuthenticationSuccessHandler.java b/web/src/main/java/org/springframework/security/web/authentication/SavedRequestAwareAuthenticationSuccessHandler.java
index 6f4ff39c82..8eab8096ca 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/SavedRequestAwareAuthenticationSuccessHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/SavedRequestAwareAuthenticationSuccessHandler.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication;
 
 import java.io.IOException;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationFailureHandler.java b/web/src/main/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationFailureHandler.java
index ec22d488f1..f376014279 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationFailureHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationFailureHandler.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication;
 
 import java.io.IOException;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationSuccessHandler.java b/web/src/main/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationSuccessHandler.java
index bccc0eaeda..4a7647239a 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationSuccessHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationSuccessHandler.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication;
 
 import java.io.IOException;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/logout/CookieClearingLogoutHandler.java b/web/src/main/java/org/springframework/security/web/authentication/logout/CookieClearingLogoutHandler.java
index 2409a0d16e..8633644620 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/logout/CookieClearingLogoutHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/logout/CookieClearingLogoutHandler.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication.logout;
 
 import java.util.ArrayList;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/logout/DelegatingLogoutSuccessHandler.java b/web/src/main/java/org/springframework/security/web/authentication/logout/DelegatingLogoutSuccessHandler.java
index e7336d5365..7632f57db7 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/logout/DelegatingLogoutSuccessHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/logout/DelegatingLogoutSuccessHandler.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication.logout;
 
 import java.io.IOException;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/logout/LogoutSuccessHandler.java b/web/src/main/java/org/springframework/security/web/authentication/logout/LogoutSuccessHandler.java
index 0b3e3147e5..dfbedca5e0 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/logout/LogoutSuccessHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/logout/LogoutSuccessHandler.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication.logout;
 
 import java.io.IOException;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/logout/SimpleUrlLogoutSuccessHandler.java b/web/src/main/java/org/springframework/security/web/authentication/logout/SimpleUrlLogoutSuccessHandler.java
index 85646bf7e2..08c4a20960 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/logout/SimpleUrlLogoutSuccessHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/logout/SimpleUrlLogoutSuccessHandler.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication.logout;
 
 import java.io.IOException;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/logout/package-info.java b/web/src/main/java/org/springframework/security/web/authentication/logout/package-info.java
index 4f37812e68..e8a73a2501 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/logout/package-info.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/logout/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * Logout functionality based around a filter which handles a specific logout URL.
  */
diff --git a/web/src/main/java/org/springframework/security/web/authentication/package-info.java b/web/src/main/java/org/springframework/security/web/authentication/package-info.java
index 4bd0aec8fb..0b3e328965 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/package-info.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * Authentication processing mechanisms, which respond to the submission of authentication
  * credentials using various protocols (eg BASIC, CAS, form login etc).
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilter.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilter.java
index f47b58fcd9..65b1fa56ed 100755
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilter.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication.preauth;
 
 import java.io.IOException;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationProvider.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationProvider.java
index dce3ad5fb8..f34e36fbaa 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationProvider.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationProvider.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication.preauth;
 
 import org.apache.commons.logging.Log;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationToken.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationToken.java
index a99352725c..08f269a586 100755
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationToken.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationToken.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication.preauth;
 
 import java.util.Collection;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedCredentialsNotFoundException.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedCredentialsNotFoundException.java
index 9793f9ebff..d18e7c0cc2 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedCredentialsNotFoundException.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedCredentialsNotFoundException.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication.preauth;
 
 import org.springframework.security.core.AuthenticationException;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesUserDetailsService.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesUserDetailsService.java
index af87ab29c0..2c92c26bd3 100755
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesUserDetailsService.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesUserDetailsService.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication.preauth;
 
 import java.util.Collection;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails.java
index bb08b1bc3a..f104f2d514 100755
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication.preauth;
 
 import java.util.ArrayList;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/RequestAttributeAuthenticationFilter.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/RequestAttributeAuthenticationFilter.java
index 3d9f7b8cf0..7eb9693acc 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/RequestAttributeAuthenticationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/RequestAttributeAuthenticationFilter.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication.preauth;
 
 import javax.servlet.http.HttpServletRequest;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/RequestHeaderAuthenticationFilter.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/RequestHeaderAuthenticationFilter.java
index 438a11ce6b..0af0c4e55f 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/RequestHeaderAuthenticationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/RequestHeaderAuthenticationFilter.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication.preauth;
 
 import javax.servlet.http.HttpServletRequest;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource.java
index cbf45ff40a..b819a575d6 100755
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication.preauth.j2ee;
 
 import java.util.ArrayList;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/J2eePreAuthenticatedProcessingFilter.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/J2eePreAuthenticatedProcessingFilter.java
index 2fc67dff1c..edc855132a 100755
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/J2eePreAuthenticatedProcessingFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/J2eePreAuthenticatedProcessingFilter.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication.preauth.j2ee;
 
 import javax.servlet.http.HttpServletRequest;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/WebXmlMappableAttributesRetriever.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/WebXmlMappableAttributesRetriever.java
index 0a99e9c476..a7b685853f 100755
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/WebXmlMappableAttributesRetriever.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/WebXmlMappableAttributesRetriever.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication.preauth.j2ee;
 
 import java.io.IOException;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/package-info.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/package-info.java
index 7cc1884e66..f44ea617dd 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/package-info.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * Pre-authentication support for container-authenticated requests.
  * <p>
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/package-info.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/package-info.java
index 9dfd0547cc..68be4b946b 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/package-info.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * Support for "pre-authenticated" scenarios, where Spring Security assumes the incoming
  * request has already been authenticated by some externally configured system.
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/DefaultWASUsernameAndGroupsExtractor.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/DefaultWASUsernameAndGroupsExtractor.java
index fc6dabc9b2..a95723a3a4 100755
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/DefaultWASUsernameAndGroupsExtractor.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/DefaultWASUsernameAndGroupsExtractor.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication.preauth.websphere;
 
 import java.lang.reflect.InvocationTargetException;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/WASUsernameAndGroupsExtractor.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/WASUsernameAndGroupsExtractor.java
index 0a5676c336..28489e4ae4 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/WASUsernameAndGroupsExtractor.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/WASUsernameAndGroupsExtractor.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication.preauth.websphere;
 
 import java.util.List;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedProcessingFilter.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedProcessingFilter.java
index 7e1c1071e4..f867d52a82 100755
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedProcessingFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedProcessingFilter.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication.preauth.websphere;
 
 import javax.servlet.http.HttpServletRequest;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedWebAuthenticationDetailsSource.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedWebAuthenticationDetailsSource.java
index 49665325bd..fdb6f1a3aa 100755
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedWebAuthenticationDetailsSource.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedWebAuthenticationDetailsSource.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication.preauth.websphere;
 
 import java.util.Collection;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/package-info.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/package-info.java
index f2aed4c60e..d8d50f8660 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/package-info.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * Websphere-specific pre-authentication classes.
  */
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/x509/SubjectDnX509PrincipalExtractor.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/x509/SubjectDnX509PrincipalExtractor.java
index 98edc23435..e590ff70b2 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/x509/SubjectDnX509PrincipalExtractor.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/x509/SubjectDnX509PrincipalExtractor.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication.preauth.x509;
 
 import java.security.cert.X509Certificate;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/x509/X509AuthenticationFilter.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/x509/X509AuthenticationFilter.java
index f66a3c3dfb..cdb4190ded 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/x509/X509AuthenticationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/x509/X509AuthenticationFilter.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication.preauth.x509;
 
 import java.security.cert.X509Certificate;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/x509/X509PrincipalExtractor.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/x509/X509PrincipalExtractor.java
index fc8311a72f..7ecb2c95c3 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/x509/X509PrincipalExtractor.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/x509/X509PrincipalExtractor.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication.preauth.x509;
 
 import java.security.cert.X509Certificate;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/x509/package-info.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/x509/package-info.java
index 231297c387..d45ff76545 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/x509/package-info.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/x509/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * X.509 client certificate authentication support. Hooks into the certificate exposed by
  * the servlet container through the {@code javax.servlet.request.X509Certificate}
diff --git a/web/src/main/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServices.java b/web/src/main/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServices.java
index 238a7545b4..5e0f49d509 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServices.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServices.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication.rememberme;
 
 import java.io.UnsupportedEncodingException;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/rememberme/CookieTheftException.java b/web/src/main/java/org/springframework/security/web/authentication/rememberme/CookieTheftException.java
index de0bbb867d..dabaedd895 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/rememberme/CookieTheftException.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/rememberme/CookieTheftException.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication.rememberme;
 
 /**
diff --git a/web/src/main/java/org/springframework/security/web/authentication/rememberme/InMemoryTokenRepositoryImpl.java b/web/src/main/java/org/springframework/security/web/authentication/rememberme/InMemoryTokenRepositoryImpl.java
index 6f1f77520a..aadf83fc7c 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/rememberme/InMemoryTokenRepositoryImpl.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/rememberme/InMemoryTokenRepositoryImpl.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication.rememberme;
 
 import java.util.Date;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/rememberme/InvalidCookieException.java b/web/src/main/java/org/springframework/security/web/authentication/rememberme/InvalidCookieException.java
index 13e080d526..00668e06d8 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/rememberme/InvalidCookieException.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/rememberme/InvalidCookieException.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication.rememberme;
 
 /**
diff --git a/web/src/main/java/org/springframework/security/web/authentication/rememberme/JdbcTokenRepositoryImpl.java b/web/src/main/java/org/springframework/security/web/authentication/rememberme/JdbcTokenRepositoryImpl.java
index f9704fdab0..bc14f0dd54 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/rememberme/JdbcTokenRepositoryImpl.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/rememberme/JdbcTokenRepositoryImpl.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication.rememberme;
 
 import java.util.Date;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/rememberme/PersistentRememberMeToken.java b/web/src/main/java/org/springframework/security/web/authentication/rememberme/PersistentRememberMeToken.java
index 2057dad4a1..e0dc5b2d2a 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/rememberme/PersistentRememberMeToken.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/rememberme/PersistentRememberMeToken.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication.rememberme;
 
 import java.util.Date;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServices.java b/web/src/main/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServices.java
index 2b612c7b38..8288d3e4a5 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServices.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServices.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication.rememberme;
 
 import java.security.SecureRandom;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/rememberme/PersistentTokenRepository.java b/web/src/main/java/org/springframework/security/web/authentication/rememberme/PersistentTokenRepository.java
index 8e61af9934..99677ed2ea 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/rememberme/PersistentTokenRepository.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/rememberme/PersistentTokenRepository.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication.rememberme;
 
 import java.util.Date;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationException.java b/web/src/main/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationException.java
index a00174824b..dc727efa92 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationException.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationException.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication.rememberme;
 
 import org.springframework.security.core.AuthenticationException;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/rememberme/package-info.java b/web/src/main/java/org/springframework/security/web/authentication/rememberme/package-info.java
index 752a10d694..7793dab275 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/rememberme/package-info.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/rememberme/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * Support for remembering a user between different web sessions.
  * <p>
diff --git a/web/src/main/java/org/springframework/security/web/authentication/session/AbstractSessionFixationProtectionStrategy.java b/web/src/main/java/org/springframework/security/web/authentication/session/AbstractSessionFixationProtectionStrategy.java
index 9db1525385..8e26c5f0c2 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/session/AbstractSessionFixationProtectionStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/session/AbstractSessionFixationProtectionStrategy.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication.session;
 
 import javax.servlet.http.HttpServletRequest;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/session/ChangeSessionIdAuthenticationStrategy.java b/web/src/main/java/org/springframework/security/web/authentication/session/ChangeSessionIdAuthenticationStrategy.java
index 88e3500a60..1f38218140 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/session/ChangeSessionIdAuthenticationStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/session/ChangeSessionIdAuthenticationStrategy.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication.session;
 
 import javax.servlet.http.HttpServletRequest;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/session/CompositeSessionAuthenticationStrategy.java b/web/src/main/java/org/springframework/security/web/authentication/session/CompositeSessionAuthenticationStrategy.java
index 1dd95f714f..d58303fa46 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/session/CompositeSessionAuthenticationStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/session/CompositeSessionAuthenticationStrategy.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication.session;
 
 import java.util.List;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/session/ConcurrentSessionControlAuthenticationStrategy.java b/web/src/main/java/org/springframework/security/web/authentication/session/ConcurrentSessionControlAuthenticationStrategy.java
index a2e4383b51..e91ad70f07 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/session/ConcurrentSessionControlAuthenticationStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/session/ConcurrentSessionControlAuthenticationStrategy.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication.session;
 
 import java.util.Comparator;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/session/NullAuthenticatedSessionStrategy.java b/web/src/main/java/org/springframework/security/web/authentication/session/NullAuthenticatedSessionStrategy.java
index bae5f27f76..5af14ee24a 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/session/NullAuthenticatedSessionStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/session/NullAuthenticatedSessionStrategy.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication.session;
 
 import javax.servlet.http.HttpServletRequest;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/session/RegisterSessionAuthenticationStrategy.java b/web/src/main/java/org/springframework/security/web/authentication/session/RegisterSessionAuthenticationStrategy.java
index 0cbe06c900..99723e02ae 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/session/RegisterSessionAuthenticationStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/session/RegisterSessionAuthenticationStrategy.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication.session;
 
 import javax.servlet.http.HttpServletRequest;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/session/SessionAuthenticationException.java b/web/src/main/java/org/springframework/security/web/authentication/session/SessionAuthenticationException.java
index 9cdb2bf8e8..b4159f8e58 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/session/SessionAuthenticationException.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/session/SessionAuthenticationException.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication.session;
 
 import org.springframework.security.core.AuthenticationException;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/session/SessionAuthenticationStrategy.java b/web/src/main/java/org/springframework/security/web/authentication/session/SessionAuthenticationStrategy.java
index 21d576ba70..dfdcf76279 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/session/SessionAuthenticationStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/session/SessionAuthenticationStrategy.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication.session;
 
 import javax.servlet.http.HttpServletRequest;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/session/package-info.java b/web/src/main/java/org/springframework/security/web/authentication/session/package-info.java
index b68ddd1bce..f5b855fd94 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/session/package-info.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/session/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * Strategy interface and implementations for handling session-related behaviour for a
  * newly authenticated user.
diff --git a/web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserAuthorityChanger.java b/web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserAuthorityChanger.java
index a3a37bb140..e1116221fd 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserAuthorityChanger.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserAuthorityChanger.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication.switchuser;
 
 import java.util.Collection;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/switchuser/package-info.java b/web/src/main/java/org/springframework/security/web/authentication/switchuser/package-info.java
index e54d53267a..a39409f946 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/switchuser/package-info.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/switchuser/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * Provides HTTP-based "switch user" (su) capabilities.
  */
diff --git a/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLoginPageGeneratingFilter.java b/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLoginPageGeneratingFilter.java
index f12d17c366..5783719463 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLoginPageGeneratingFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLoginPageGeneratingFilter.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication.ui;
 
 import java.io.IOException;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/ui/package-info.java b/web/src/main/java/org/springframework/security/web/authentication/ui/package-info.java
index 356932b8ae..bcbf8cce7a 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/ui/package-info.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/ui/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * Authentication user-interface rendering code. Used to conveniently create an
  * appropriate login page when using namespace configuration without defining a login page
diff --git a/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationConverter.java b/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationConverter.java
index 483ab89097..fdbbb743bf 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationConverter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationConverter.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication.www;
 
 import java.nio.charset.Charset;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthUtils.java b/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthUtils.java
index 98472819e5..4935aab8d0 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthUtils.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthUtils.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication.www;
 
 import java.security.MessageDigest;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/www/package-info.java b/web/src/main/java/org/springframework/security/web/authentication/www/package-info.java
index 052f3ae654..19afdcba8b 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/www/package-info.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/www/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * WWW-Authenticate based authentication mechanism implementations: Basic and Digest
  * authentication.
diff --git a/web/src/main/java/org/springframework/security/web/bind/annotation/AuthenticationPrincipal.java b/web/src/main/java/org/springframework/security/web/bind/annotation/AuthenticationPrincipal.java
index 0b570c9b58..5350679cf3 100644
--- a/web/src/main/java/org/springframework/security/web/bind/annotation/AuthenticationPrincipal.java
+++ b/web/src/main/java/org/springframework/security/web/bind/annotation/AuthenticationPrincipal.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.bind.annotation;
 
 import java.lang.annotation.Documented;
diff --git a/web/src/main/java/org/springframework/security/web/bind/support/AuthenticationPrincipalArgumentResolver.java b/web/src/main/java/org/springframework/security/web/bind/support/AuthenticationPrincipalArgumentResolver.java
index dcd3d7e56d..fcda61caf1 100644
--- a/web/src/main/java/org/springframework/security/web/bind/support/AuthenticationPrincipalArgumentResolver.java
+++ b/web/src/main/java/org/springframework/security/web/bind/support/AuthenticationPrincipalArgumentResolver.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.bind.support;
 
 import java.lang.annotation.Annotation;
diff --git a/web/src/main/java/org/springframework/security/web/context/AbstractSecurityWebApplicationInitializer.java b/web/src/main/java/org/springframework/security/web/context/AbstractSecurityWebApplicationInitializer.java
index 6edcf65cfa..f722374ab1 100644
--- a/web/src/main/java/org/springframework/security/web/context/AbstractSecurityWebApplicationInitializer.java
+++ b/web/src/main/java/org/springframework/security/web/context/AbstractSecurityWebApplicationInitializer.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.context;
 
 import java.util.Arrays;
diff --git a/web/src/main/java/org/springframework/security/web/context/HttpRequestResponseHolder.java b/web/src/main/java/org/springframework/security/web/context/HttpRequestResponseHolder.java
index a0cbdbc50f..d2e68ad817 100644
--- a/web/src/main/java/org/springframework/security/web/context/HttpRequestResponseHolder.java
+++ b/web/src/main/java/org/springframework/security/web/context/HttpRequestResponseHolder.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.context;
 
 import javax.servlet.http.HttpServletRequest;
diff --git a/web/src/main/java/org/springframework/security/web/context/HttpSessionSecurityContextRepository.java b/web/src/main/java/org/springframework/security/web/context/HttpSessionSecurityContextRepository.java
index fbf238f45c..c0e9b958a6 100644
--- a/web/src/main/java/org/springframework/security/web/context/HttpSessionSecurityContextRepository.java
+++ b/web/src/main/java/org/springframework/security/web/context/HttpSessionSecurityContextRepository.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.context;
 
 import javax.servlet.AsyncContext;
diff --git a/web/src/main/java/org/springframework/security/web/context/NullSecurityContextRepository.java b/web/src/main/java/org/springframework/security/web/context/NullSecurityContextRepository.java
index 1afd4b8832..bd8563a3d0 100644
--- a/web/src/main/java/org/springframework/security/web/context/NullSecurityContextRepository.java
+++ b/web/src/main/java/org/springframework/security/web/context/NullSecurityContextRepository.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.context;
 
 import javax.servlet.http.HttpServletRequest;
diff --git a/web/src/main/java/org/springframework/security/web/context/SaveContextOnUpdateOrErrorResponseWrapper.java b/web/src/main/java/org/springframework/security/web/context/SaveContextOnUpdateOrErrorResponseWrapper.java
index b337d16b0f..ab021a8525 100644
--- a/web/src/main/java/org/springframework/security/web/context/SaveContextOnUpdateOrErrorResponseWrapper.java
+++ b/web/src/main/java/org/springframework/security/web/context/SaveContextOnUpdateOrErrorResponseWrapper.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.context;
 
 import javax.servlet.http.HttpServletResponse;
diff --git a/web/src/main/java/org/springframework/security/web/context/SecurityContextPersistenceFilter.java b/web/src/main/java/org/springframework/security/web/context/SecurityContextPersistenceFilter.java
index fb9c238052..67a623cf3d 100644
--- a/web/src/main/java/org/springframework/security/web/context/SecurityContextPersistenceFilter.java
+++ b/web/src/main/java/org/springframework/security/web/context/SecurityContextPersistenceFilter.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.context;
 
 import java.io.IOException;
diff --git a/web/src/main/java/org/springframework/security/web/context/SecurityContextRepository.java b/web/src/main/java/org/springframework/security/web/context/SecurityContextRepository.java
index 0ecc235e1f..506dda8e38 100644
--- a/web/src/main/java/org/springframework/security/web/context/SecurityContextRepository.java
+++ b/web/src/main/java/org/springframework/security/web/context/SecurityContextRepository.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.context;
 
 import javax.servlet.http.HttpServletRequest;
diff --git a/web/src/main/java/org/springframework/security/web/context/package-info.java b/web/src/main/java/org/springframework/security/web/context/package-info.java
index 0fe3523d10..35e399118d 100644
--- a/web/src/main/java/org/springframework/security/web/context/package-info.java
+++ b/web/src/main/java/org/springframework/security/web/context/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * Classes which are responsible for maintaining the security context between HTTP
  * requests.
diff --git a/web/src/main/java/org/springframework/security/web/context/request/async/SecurityContextCallableProcessingInterceptor.java b/web/src/main/java/org/springframework/security/web/context/request/async/SecurityContextCallableProcessingInterceptor.java
index 9f9a2fda46..bb54c2cc9d 100644
--- a/web/src/main/java/org/springframework/security/web/context/request/async/SecurityContextCallableProcessingInterceptor.java
+++ b/web/src/main/java/org/springframework/security/web/context/request/async/SecurityContextCallableProcessingInterceptor.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.context.request.async;
 
 import java.util.concurrent.Callable;
diff --git a/web/src/main/java/org/springframework/security/web/context/request/async/WebAsyncManagerIntegrationFilter.java b/web/src/main/java/org/springframework/security/web/context/request/async/WebAsyncManagerIntegrationFilter.java
index bc0694bf9b..8f2f091bfc 100644
--- a/web/src/main/java/org/springframework/security/web/context/request/async/WebAsyncManagerIntegrationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/context/request/async/WebAsyncManagerIntegrationFilter.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.context.request.async;
 
 import java.io.IOException;
diff --git a/web/src/main/java/org/springframework/security/web/context/support/SecurityWebApplicationContextUtils.java b/web/src/main/java/org/springframework/security/web/context/support/SecurityWebApplicationContextUtils.java
index 6a896c3e48..ba4721eee8 100644
--- a/web/src/main/java/org/springframework/security/web/context/support/SecurityWebApplicationContextUtils.java
+++ b/web/src/main/java/org/springframework/security/web/context/support/SecurityWebApplicationContextUtils.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.context.support;
 
 import java.util.Enumeration;
diff --git a/web/src/main/java/org/springframework/security/web/csrf/CsrfAuthenticationStrategy.java b/web/src/main/java/org/springframework/security/web/csrf/CsrfAuthenticationStrategy.java
index b126c744bd..60af71fbea 100644
--- a/web/src/main/java/org/springframework/security/web/csrf/CsrfAuthenticationStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/csrf/CsrfAuthenticationStrategy.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.csrf;
 
 import javax.servlet.http.HttpServletRequest;
diff --git a/web/src/main/java/org/springframework/security/web/csrf/CsrfException.java b/web/src/main/java/org/springframework/security/web/csrf/CsrfException.java
index 4b6fe7f3e6..c53541ac54 100644
--- a/web/src/main/java/org/springframework/security/web/csrf/CsrfException.java
+++ b/web/src/main/java/org/springframework/security/web/csrf/CsrfException.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.csrf;
 
 import org.springframework.security.access.AccessDeniedException;
diff --git a/web/src/main/java/org/springframework/security/web/csrf/CsrfFilter.java b/web/src/main/java/org/springframework/security/web/csrf/CsrfFilter.java
index 280535b38e..e2b34d8f46 100644
--- a/web/src/main/java/org/springframework/security/web/csrf/CsrfFilter.java
+++ b/web/src/main/java/org/springframework/security/web/csrf/CsrfFilter.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.csrf;
 
 import java.io.IOException;
diff --git a/web/src/main/java/org/springframework/security/web/csrf/CsrfLogoutHandler.java b/web/src/main/java/org/springframework/security/web/csrf/CsrfLogoutHandler.java
index 73d005a7d2..c3b6090997 100644
--- a/web/src/main/java/org/springframework/security/web/csrf/CsrfLogoutHandler.java
+++ b/web/src/main/java/org/springframework/security/web/csrf/CsrfLogoutHandler.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.csrf;
 
 import javax.servlet.http.HttpServletRequest;
diff --git a/web/src/main/java/org/springframework/security/web/csrf/CsrfToken.java b/web/src/main/java/org/springframework/security/web/csrf/CsrfToken.java
index f497980dfc..9a2cb42a75 100644
--- a/web/src/main/java/org/springframework/security/web/csrf/CsrfToken.java
+++ b/web/src/main/java/org/springframework/security/web/csrf/CsrfToken.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.csrf;
 
 import java.io.Serializable;
diff --git a/web/src/main/java/org/springframework/security/web/csrf/CsrfTokenRepository.java b/web/src/main/java/org/springframework/security/web/csrf/CsrfTokenRepository.java
index fa3877ab3b..bc20131685 100644
--- a/web/src/main/java/org/springframework/security/web/csrf/CsrfTokenRepository.java
+++ b/web/src/main/java/org/springframework/security/web/csrf/CsrfTokenRepository.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.csrf;
 
 import javax.servlet.http.HttpServletRequest;
diff --git a/web/src/main/java/org/springframework/security/web/csrf/DefaultCsrfToken.java b/web/src/main/java/org/springframework/security/web/csrf/DefaultCsrfToken.java
index e186418d2a..682be4b1dd 100644
--- a/web/src/main/java/org/springframework/security/web/csrf/DefaultCsrfToken.java
+++ b/web/src/main/java/org/springframework/security/web/csrf/DefaultCsrfToken.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.csrf;
 
 import org.springframework.util.Assert;
diff --git a/web/src/main/java/org/springframework/security/web/csrf/HttpSessionCsrfTokenRepository.java b/web/src/main/java/org/springframework/security/web/csrf/HttpSessionCsrfTokenRepository.java
index de6e34f2f9..70c701b60e 100644
--- a/web/src/main/java/org/springframework/security/web/csrf/HttpSessionCsrfTokenRepository.java
+++ b/web/src/main/java/org/springframework/security/web/csrf/HttpSessionCsrfTokenRepository.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.csrf;
 
 import java.util.UUID;
diff --git a/web/src/main/java/org/springframework/security/web/csrf/InvalidCsrfTokenException.java b/web/src/main/java/org/springframework/security/web/csrf/InvalidCsrfTokenException.java
index fd371cfa41..135ba3831f 100644
--- a/web/src/main/java/org/springframework/security/web/csrf/InvalidCsrfTokenException.java
+++ b/web/src/main/java/org/springframework/security/web/csrf/InvalidCsrfTokenException.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.csrf;
 
 import javax.servlet.http.HttpServletRequest;
diff --git a/web/src/main/java/org/springframework/security/web/csrf/MissingCsrfTokenException.java b/web/src/main/java/org/springframework/security/web/csrf/MissingCsrfTokenException.java
index 6f50c1adf7..182370dba8 100644
--- a/web/src/main/java/org/springframework/security/web/csrf/MissingCsrfTokenException.java
+++ b/web/src/main/java/org/springframework/security/web/csrf/MissingCsrfTokenException.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.csrf;
 
 /**
diff --git a/web/src/main/java/org/springframework/security/web/debug/DebugFilter.java b/web/src/main/java/org/springframework/security/web/debug/DebugFilter.java
index 174b66a175..c1fa2cb84a 100644
--- a/web/src/main/java/org/springframework/security/web/debug/DebugFilter.java
+++ b/web/src/main/java/org/springframework/security/web/debug/DebugFilter.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.debug;
 
 import java.io.IOException;
diff --git a/web/src/main/java/org/springframework/security/web/debug/Logger.java b/web/src/main/java/org/springframework/security/web/debug/Logger.java
index 4d9759ae41..1f178a1169 100644
--- a/web/src/main/java/org/springframework/security/web/debug/Logger.java
+++ b/web/src/main/java/org/springframework/security/web/debug/Logger.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.debug;
 
 import java.io.PrintWriter;
diff --git a/web/src/main/java/org/springframework/security/web/firewall/DefaultHttpFirewall.java b/web/src/main/java/org/springframework/security/web/firewall/DefaultHttpFirewall.java
index ae88da3777..4c90eb24c6 100644
--- a/web/src/main/java/org/springframework/security/web/firewall/DefaultHttpFirewall.java
+++ b/web/src/main/java/org/springframework/security/web/firewall/DefaultHttpFirewall.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.firewall;
 
 import javax.servlet.http.HttpServletRequest;
diff --git a/web/src/main/java/org/springframework/security/web/firewall/DefaultRequestRejectedHandler.java b/web/src/main/java/org/springframework/security/web/firewall/DefaultRequestRejectedHandler.java
index 3b90f93f14..5c4cc314c6 100644
--- a/web/src/main/java/org/springframework/security/web/firewall/DefaultRequestRejectedHandler.java
+++ b/web/src/main/java/org/springframework/security/web/firewall/DefaultRequestRejectedHandler.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.firewall;
 
 import java.io.IOException;
diff --git a/web/src/main/java/org/springframework/security/web/firewall/FirewalledRequest.java b/web/src/main/java/org/springframework/security/web/firewall/FirewalledRequest.java
index 33ee2eb0ae..396a19aa94 100644
--- a/web/src/main/java/org/springframework/security/web/firewall/FirewalledRequest.java
+++ b/web/src/main/java/org/springframework/security/web/firewall/FirewalledRequest.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.firewall;
 
 import javax.servlet.http.HttpServletRequest;
diff --git a/web/src/main/java/org/springframework/security/web/firewall/FirewalledResponse.java b/web/src/main/java/org/springframework/security/web/firewall/FirewalledResponse.java
index e3ce0c8ae3..83db1f9932 100644
--- a/web/src/main/java/org/springframework/security/web/firewall/FirewalledResponse.java
+++ b/web/src/main/java/org/springframework/security/web/firewall/FirewalledResponse.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.firewall;
 
 import java.io.IOException;
diff --git a/web/src/main/java/org/springframework/security/web/firewall/HttpFirewall.java b/web/src/main/java/org/springframework/security/web/firewall/HttpFirewall.java
index 7d697f9a9d..e6c3d6ab90 100644
--- a/web/src/main/java/org/springframework/security/web/firewall/HttpFirewall.java
+++ b/web/src/main/java/org/springframework/security/web/firewall/HttpFirewall.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.firewall;
 
 import javax.servlet.http.HttpServletRequest;
diff --git a/web/src/main/java/org/springframework/security/web/firewall/HttpStatusRequestRejectedHandler.java b/web/src/main/java/org/springframework/security/web/firewall/HttpStatusRequestRejectedHandler.java
index 4a0bf2f5c8..0946038da9 100644
--- a/web/src/main/java/org/springframework/security/web/firewall/HttpStatusRequestRejectedHandler.java
+++ b/web/src/main/java/org/springframework/security/web/firewall/HttpStatusRequestRejectedHandler.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.firewall;
 
 import java.io.IOException;
diff --git a/web/src/main/java/org/springframework/security/web/firewall/RequestRejectedException.java b/web/src/main/java/org/springframework/security/web/firewall/RequestRejectedException.java
index c6a38e9df1..b997031a47 100644
--- a/web/src/main/java/org/springframework/security/web/firewall/RequestRejectedException.java
+++ b/web/src/main/java/org/springframework/security/web/firewall/RequestRejectedException.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.firewall;
 
 /**
diff --git a/web/src/main/java/org/springframework/security/web/firewall/RequestRejectedHandler.java b/web/src/main/java/org/springframework/security/web/firewall/RequestRejectedHandler.java
index c3a05e6fcc..5fa1a5ce31 100644
--- a/web/src/main/java/org/springframework/security/web/firewall/RequestRejectedHandler.java
+++ b/web/src/main/java/org/springframework/security/web/firewall/RequestRejectedHandler.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.firewall;
 
 import java.io.IOException;
diff --git a/web/src/main/java/org/springframework/security/web/firewall/RequestWrapper.java b/web/src/main/java/org/springframework/security/web/firewall/RequestWrapper.java
index 2fc56d21fc..d0c559af22 100644
--- a/web/src/main/java/org/springframework/security/web/firewall/RequestWrapper.java
+++ b/web/src/main/java/org/springframework/security/web/firewall/RequestWrapper.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.firewall;
 
 import java.io.IOException;
diff --git a/web/src/main/java/org/springframework/security/web/header/Header.java b/web/src/main/java/org/springframework/security/web/header/Header.java
index 8902a190cc..b1c6aa1576 100644
--- a/web/src/main/java/org/springframework/security/web/header/Header.java
+++ b/web/src/main/java/org/springframework/security/web/header/Header.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.header;
 
 import java.util.Arrays;
diff --git a/web/src/main/java/org/springframework/security/web/header/HeaderWriter.java b/web/src/main/java/org/springframework/security/web/header/HeaderWriter.java
index cf4b1945eb..e844d73483 100644
--- a/web/src/main/java/org/springframework/security/web/header/HeaderWriter.java
+++ b/web/src/main/java/org/springframework/security/web/header/HeaderWriter.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.header;
 
 import javax.servlet.http.HttpServletRequest;
diff --git a/web/src/main/java/org/springframework/security/web/header/HeaderWriterFilter.java b/web/src/main/java/org/springframework/security/web/header/HeaderWriterFilter.java
index 8d413a2de1..f59983f47c 100644
--- a/web/src/main/java/org/springframework/security/web/header/HeaderWriterFilter.java
+++ b/web/src/main/java/org/springframework/security/web/header/HeaderWriterFilter.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.header;
 
 import java.io.IOException;
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/CacheControlHeadersWriter.java b/web/src/main/java/org/springframework/security/web/header/writers/CacheControlHeadersWriter.java
index ecd63c3f80..88f78dc6aa 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/CacheControlHeadersWriter.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/CacheControlHeadersWriter.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.header.writers;
 
 import java.util.ArrayList;
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/CompositeHeaderWriter.java b/web/src/main/java/org/springframework/security/web/header/writers/CompositeHeaderWriter.java
index 871a80add3..6b9ea6cf39 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/CompositeHeaderWriter.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/CompositeHeaderWriter.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.header.writers;
 
 import java.util.List;
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/ContentSecurityPolicyHeaderWriter.java b/web/src/main/java/org/springframework/security/web/header/writers/ContentSecurityPolicyHeaderWriter.java
index 79c29ad4a8..a782869052 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/ContentSecurityPolicyHeaderWriter.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/ContentSecurityPolicyHeaderWriter.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.header.writers;
 
 import javax.servlet.http.HttpServletRequest;
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/DelegatingRequestMatcherHeaderWriter.java b/web/src/main/java/org/springframework/security/web/header/writers/DelegatingRequestMatcherHeaderWriter.java
index ca52b24ba9..d30cecc5f2 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/DelegatingRequestMatcherHeaderWriter.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/DelegatingRequestMatcherHeaderWriter.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.header.writers;
 
 import javax.servlet.http.HttpServletRequest;
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/HpkpHeaderWriter.java b/web/src/main/java/org/springframework/security/web/header/writers/HpkpHeaderWriter.java
index c3d3050f92..89de450887 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/HpkpHeaderWriter.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/HpkpHeaderWriter.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.header.writers;
 
 import java.net.URI;
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/HstsHeaderWriter.java b/web/src/main/java/org/springframework/security/web/header/writers/HstsHeaderWriter.java
index 743677b1ea..7d1ee6b5e5 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/HstsHeaderWriter.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/HstsHeaderWriter.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.header.writers;
 
 import javax.servlet.http.HttpServletRequest;
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/ReferrerPolicyHeaderWriter.java b/web/src/main/java/org/springframework/security/web/header/writers/ReferrerPolicyHeaderWriter.java
index b616d865cf..0397c999cf 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/ReferrerPolicyHeaderWriter.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/ReferrerPolicyHeaderWriter.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.header.writers;
 
 import java.util.Collections;
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/StaticHeadersWriter.java b/web/src/main/java/org/springframework/security/web/header/writers/StaticHeadersWriter.java
index 1879d7576e..bec4a5d5da 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/StaticHeadersWriter.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/StaticHeadersWriter.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.header.writers;
 
 import java.util.Collections;
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/XContentTypeOptionsHeaderWriter.java b/web/src/main/java/org/springframework/security/web/header/writers/XContentTypeOptionsHeaderWriter.java
index a5d7270e92..a5a882bab0 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/XContentTypeOptionsHeaderWriter.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/XContentTypeOptionsHeaderWriter.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.header.writers;
 
 /**
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/XXssProtectionHeaderWriter.java b/web/src/main/java/org/springframework/security/web/header/writers/XXssProtectionHeaderWriter.java
index 7bdba9e97f..a5a72d1384 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/XXssProtectionHeaderWriter.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/XXssProtectionHeaderWriter.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.header.writers;
 
 import javax.servlet.http.HttpServletRequest;
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/AbstractRequestParameterAllowFromStrategy.java b/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/AbstractRequestParameterAllowFromStrategy.java
index 9daf174e3c..151ae3d1fc 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/AbstractRequestParameterAllowFromStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/AbstractRequestParameterAllowFromStrategy.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.header.writers.frameoptions;
 
 import javax.servlet.http.HttpServletRequest;
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/AllowFromStrategy.java b/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/AllowFromStrategy.java
index dd7d6c1afd..8c9a2373b5 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/AllowFromStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/AllowFromStrategy.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.header.writers.frameoptions;
 
 import javax.servlet.http.HttpServletRequest;
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/RegExpAllowFromStrategy.java b/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/RegExpAllowFromStrategy.java
index 3a6d98d1ed..d4d8e179cb 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/RegExpAllowFromStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/RegExpAllowFromStrategy.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.header.writers.frameoptions;
 
 import java.util.regex.Pattern;
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/StaticAllowFromStrategy.java b/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/StaticAllowFromStrategy.java
index 9ab95c0d3b..11ae4f091f 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/StaticAllowFromStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/StaticAllowFromStrategy.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.header.writers.frameoptions;
 
 import java.net.URI;
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/WhiteListedAllowFromStrategy.java b/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/WhiteListedAllowFromStrategy.java
index a778f67bfa..99d72c5e7c 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/WhiteListedAllowFromStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/WhiteListedAllowFromStrategy.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.header.writers.frameoptions;
 
 import java.util.Collection;
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/XFrameOptionsHeaderWriter.java b/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/XFrameOptionsHeaderWriter.java
index 25777c8b72..cf094d753b 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/XFrameOptionsHeaderWriter.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/XFrameOptionsHeaderWriter.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.header.writers.frameoptions;
 
 import javax.servlet.http.HttpServletRequest;
diff --git a/web/src/main/java/org/springframework/security/web/jaasapi/JaasApiIntegrationFilter.java b/web/src/main/java/org/springframework/security/web/jaasapi/JaasApiIntegrationFilter.java
index 6473e80f9f..49e9ff9272 100644
--- a/web/src/main/java/org/springframework/security/web/jaasapi/JaasApiIntegrationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/jaasapi/JaasApiIntegrationFilter.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.jaasapi;
 
 import java.io.IOException;
diff --git a/web/src/main/java/org/springframework/security/web/jaasapi/package-info.java b/web/src/main/java/org/springframework/security/web/jaasapi/package-info.java
index b87e8d14cd..21f8b3c6f5 100644
--- a/web/src/main/java/org/springframework/security/web/jaasapi/package-info.java
+++ b/web/src/main/java/org/springframework/security/web/jaasapi/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * Makes a JAAS Subject available as the current Subject.
  * <p>
diff --git a/web/src/main/java/org/springframework/security/web/jackson2/package-info.java b/web/src/main/java/org/springframework/security/web/jackson2/package-info.java
index a23c20f153..5e617cbd77 100644
--- a/web/src/main/java/org/springframework/security/web/jackson2/package-info.java
+++ b/web/src/main/java/org/springframework/security/web/jackson2/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * Mix-in classes to provide Jackson serialization support.
  *
diff --git a/web/src/main/java/org/springframework/security/web/method/annotation/AuthenticationPrincipalArgumentResolver.java b/web/src/main/java/org/springframework/security/web/method/annotation/AuthenticationPrincipalArgumentResolver.java
index 17ba5b44c9..eb455c75cf 100644
--- a/web/src/main/java/org/springframework/security/web/method/annotation/AuthenticationPrincipalArgumentResolver.java
+++ b/web/src/main/java/org/springframework/security/web/method/annotation/AuthenticationPrincipalArgumentResolver.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.method.annotation;
 
 import java.lang.annotation.Annotation;
diff --git a/web/src/main/java/org/springframework/security/web/method/annotation/CsrfTokenArgumentResolver.java b/web/src/main/java/org/springframework/security/web/method/annotation/CsrfTokenArgumentResolver.java
index cc401de79a..d0c4fd8ff0 100644
--- a/web/src/main/java/org/springframework/security/web/method/annotation/CsrfTokenArgumentResolver.java
+++ b/web/src/main/java/org/springframework/security/web/method/annotation/CsrfTokenArgumentResolver.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.method.annotation;
 
 import org.springframework.core.MethodParameter;
diff --git a/web/src/main/java/org/springframework/security/web/method/annotation/CurrentSecurityContextArgumentResolver.java b/web/src/main/java/org/springframework/security/web/method/annotation/CurrentSecurityContextArgumentResolver.java
index d559c8befb..007ddc7ceb 100644
--- a/web/src/main/java/org/springframework/security/web/method/annotation/CurrentSecurityContextArgumentResolver.java
+++ b/web/src/main/java/org/springframework/security/web/method/annotation/CurrentSecurityContextArgumentResolver.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.method.annotation;
 
 import java.lang.annotation.Annotation;
diff --git a/web/src/main/java/org/springframework/security/web/package-info.java b/web/src/main/java/org/springframework/security/web/package-info.java
index 3ffe4e16d8..deba3ef1dc 100644
--- a/web/src/main/java/org/springframework/security/web/package-info.java
+++ b/web/src/main/java/org/springframework/security/web/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * Spring Security's web security module. Classes which have a dependency on the Servlet
  * API can be found here.
diff --git a/web/src/main/java/org/springframework/security/web/reactive/result/method/annotation/AuthenticationPrincipalArgumentResolver.java b/web/src/main/java/org/springframework/security/web/reactive/result/method/annotation/AuthenticationPrincipalArgumentResolver.java
index 5764e0b33c..7f3f87c51f 100644
--- a/web/src/main/java/org/springframework/security/web/reactive/result/method/annotation/AuthenticationPrincipalArgumentResolver.java
+++ b/web/src/main/java/org/springframework/security/web/reactive/result/method/annotation/AuthenticationPrincipalArgumentResolver.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.reactive.result.method.annotation;
 
 import java.lang.annotation.Annotation;
diff --git a/web/src/main/java/org/springframework/security/web/reactive/result/method/annotation/CurrentSecurityContextArgumentResolver.java b/web/src/main/java/org/springframework/security/web/reactive/result/method/annotation/CurrentSecurityContextArgumentResolver.java
index 5a0c490d0e..d29c505e4a 100644
--- a/web/src/main/java/org/springframework/security/web/reactive/result/method/annotation/CurrentSecurityContextArgumentResolver.java
+++ b/web/src/main/java/org/springframework/security/web/reactive/result/method/annotation/CurrentSecurityContextArgumentResolver.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.reactive.result.method.annotation;
 
 import java.lang.annotation.Annotation;
diff --git a/web/src/main/java/org/springframework/security/web/savedrequest/CookieRequestCache.java b/web/src/main/java/org/springframework/security/web/savedrequest/CookieRequestCache.java
index a848804bdb..3117a37016 100644
--- a/web/src/main/java/org/springframework/security/web/savedrequest/CookieRequestCache.java
+++ b/web/src/main/java/org/springframework/security/web/savedrequest/CookieRequestCache.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.savedrequest;
 
 import java.util.Base64;
diff --git a/web/src/main/java/org/springframework/security/web/savedrequest/HttpSessionRequestCache.java b/web/src/main/java/org/springframework/security/web/savedrequest/HttpSessionRequestCache.java
index 21b0f82b6b..ba261fb0e7 100644
--- a/web/src/main/java/org/springframework/security/web/savedrequest/HttpSessionRequestCache.java
+++ b/web/src/main/java/org/springframework/security/web/savedrequest/HttpSessionRequestCache.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.savedrequest;
 
 import javax.servlet.http.HttpServletRequest;
diff --git a/web/src/main/java/org/springframework/security/web/savedrequest/NullRequestCache.java b/web/src/main/java/org/springframework/security/web/savedrequest/NullRequestCache.java
index 6ddc40ce11..5106483905 100644
--- a/web/src/main/java/org/springframework/security/web/savedrequest/NullRequestCache.java
+++ b/web/src/main/java/org/springframework/security/web/savedrequest/NullRequestCache.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.savedrequest;
 
 import javax.servlet.http.HttpServletRequest;
diff --git a/web/src/main/java/org/springframework/security/web/savedrequest/RequestCache.java b/web/src/main/java/org/springframework/security/web/savedrequest/RequestCache.java
index 22d50f1618..0746dbfbf6 100644
--- a/web/src/main/java/org/springframework/security/web/savedrequest/RequestCache.java
+++ b/web/src/main/java/org/springframework/security/web/savedrequest/RequestCache.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.savedrequest;
 
 import javax.servlet.http.HttpServletRequest;
diff --git a/web/src/main/java/org/springframework/security/web/savedrequest/RequestCacheAwareFilter.java b/web/src/main/java/org/springframework/security/web/savedrequest/RequestCacheAwareFilter.java
index f65ef98b98..773072bd88 100644
--- a/web/src/main/java/org/springframework/security/web/savedrequest/RequestCacheAwareFilter.java
+++ b/web/src/main/java/org/springframework/security/web/savedrequest/RequestCacheAwareFilter.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.savedrequest;
 
 import java.io.IOException;
diff --git a/web/src/main/java/org/springframework/security/web/savedrequest/SavedCookie.java b/web/src/main/java/org/springframework/security/web/savedrequest/SavedCookie.java
index 3fb5d77e1c..79f6651e74 100644
--- a/web/src/main/java/org/springframework/security/web/savedrequest/SavedCookie.java
+++ b/web/src/main/java/org/springframework/security/web/savedrequest/SavedCookie.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.savedrequest;
 
 import java.io.Serializable;
diff --git a/web/src/main/java/org/springframework/security/web/savedrequest/SavedRequest.java b/web/src/main/java/org/springframework/security/web/savedrequest/SavedRequest.java
index 9a9ce344b6..6a2984c732 100644
--- a/web/src/main/java/org/springframework/security/web/savedrequest/SavedRequest.java
+++ b/web/src/main/java/org/springframework/security/web/savedrequest/SavedRequest.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.savedrequest;
 
 import java.util.Collection;
diff --git a/web/src/main/java/org/springframework/security/web/savedrequest/SimpleSavedRequest.java b/web/src/main/java/org/springframework/security/web/savedrequest/SimpleSavedRequest.java
index c04a687f68..431f037703 100644
--- a/web/src/main/java/org/springframework/security/web/savedrequest/SimpleSavedRequest.java
+++ b/web/src/main/java/org/springframework/security/web/savedrequest/SimpleSavedRequest.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.savedrequest;
 
 import java.util.ArrayList;
diff --git a/web/src/main/java/org/springframework/security/web/savedrequest/package-info.java b/web/src/main/java/org/springframework/security/web/savedrequest/package-info.java
index d4c534fa4d..24f629761a 100644
--- a/web/src/main/java/org/springframework/security/web/savedrequest/package-info.java
+++ b/web/src/main/java/org/springframework/security/web/savedrequest/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * Classes related to the caching of an {@code HttpServletRequest} which requires
  * authentication. While the user is logging in, the request is cached (using the
diff --git a/web/src/main/java/org/springframework/security/web/server/ServerAuthenticationEntryPoint.java b/web/src/main/java/org/springframework/security/web/server/ServerAuthenticationEntryPoint.java
index 3abf0a4668..8d9e458d1b 100644
--- a/web/src/main/java/org/springframework/security/web/server/ServerAuthenticationEntryPoint.java
+++ b/web/src/main/java/org/springframework/security/web/server/ServerAuthenticationEntryPoint.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.server;
 
 import reactor.core.publisher.Mono;
diff --git a/web/src/main/java/org/springframework/security/web/server/ServerFormLoginAuthenticationConverter.java b/web/src/main/java/org/springframework/security/web/server/ServerFormLoginAuthenticationConverter.java
index 6e12ac2254..f5ed89c7b1 100644
--- a/web/src/main/java/org/springframework/security/web/server/ServerFormLoginAuthenticationConverter.java
+++ b/web/src/main/java/org/springframework/security/web/server/ServerFormLoginAuthenticationConverter.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.server;
 
 import java.util.function.Function;
diff --git a/web/src/main/java/org/springframework/security/web/server/ServerHttpBasicAuthenticationConverter.java b/web/src/main/java/org/springframework/security/web/server/ServerHttpBasicAuthenticationConverter.java
index 322cc712db..334e4ed2f7 100644
--- a/web/src/main/java/org/springframework/security/web/server/ServerHttpBasicAuthenticationConverter.java
+++ b/web/src/main/java/org/springframework/security/web/server/ServerHttpBasicAuthenticationConverter.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.server;
 
 import java.util.Base64;
diff --git a/web/src/main/java/org/springframework/security/web/server/WebFilterChainProxy.java b/web/src/main/java/org/springframework/security/web/server/WebFilterChainProxy.java
index 1df0d3b8e8..26e98e7b99 100644
--- a/web/src/main/java/org/springframework/security/web/server/WebFilterChainProxy.java
+++ b/web/src/main/java/org/springframework/security/web/server/WebFilterChainProxy.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.server;
 
 import java.util.Arrays;
diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/AuthenticationWebFilter.java b/web/src/main/java/org/springframework/security/web/server/authentication/AuthenticationWebFilter.java
index a39cd87a96..602ddbe090 100644
--- a/web/src/main/java/org/springframework/security/web/server/authentication/AuthenticationWebFilter.java
+++ b/web/src/main/java/org/springframework/security/web/server/authentication/AuthenticationWebFilter.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.server.authentication;
 
 import java.util.function.Function;
diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/HttpBasicServerAuthenticationEntryPoint.java b/web/src/main/java/org/springframework/security/web/server/authentication/HttpBasicServerAuthenticationEntryPoint.java
index d20b707004..a542c75d6f 100644
--- a/web/src/main/java/org/springframework/security/web/server/authentication/HttpBasicServerAuthenticationEntryPoint.java
+++ b/web/src/main/java/org/springframework/security/web/server/authentication/HttpBasicServerAuthenticationEntryPoint.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.server.authentication;
 
 import reactor.core.publisher.Mono;
diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/ReactivePreAuthenticatedAuthenticationManager.java b/web/src/main/java/org/springframework/security/web/server/authentication/ReactivePreAuthenticatedAuthenticationManager.java
index 27512861b2..8252c65ba2 100644
--- a/web/src/main/java/org/springframework/security/web/server/authentication/ReactivePreAuthenticatedAuthenticationManager.java
+++ b/web/src/main/java/org/springframework/security/web/server/authentication/ReactivePreAuthenticatedAuthenticationManager.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.server.authentication;
 
 import reactor.core.publisher.Mono;
diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/ServerFormLoginAuthenticationConverter.java b/web/src/main/java/org/springframework/security/web/server/authentication/ServerFormLoginAuthenticationConverter.java
index 85c028da16..c6b570dab8 100644
--- a/web/src/main/java/org/springframework/security/web/server/authentication/ServerFormLoginAuthenticationConverter.java
+++ b/web/src/main/java/org/springframework/security/web/server/authentication/ServerFormLoginAuthenticationConverter.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.server.authentication;
 
 import reactor.core.publisher.Mono;
diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/ServerHttpBasicAuthenticationConverter.java b/web/src/main/java/org/springframework/security/web/server/authentication/ServerHttpBasicAuthenticationConverter.java
index 72d0ca9ec1..5f28761565 100644
--- a/web/src/main/java/org/springframework/security/web/server/authentication/ServerHttpBasicAuthenticationConverter.java
+++ b/web/src/main/java/org/springframework/security/web/server/authentication/ServerHttpBasicAuthenticationConverter.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.server.authentication;
 
 import reactor.core.publisher.Mono;
diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/logout/HeaderWriterServerLogoutHandler.java b/web/src/main/java/org/springframework/security/web/server/authentication/logout/HeaderWriterServerLogoutHandler.java
index ddb29e1d08..5be7e6e822 100644
--- a/web/src/main/java/org/springframework/security/web/server/authentication/logout/HeaderWriterServerLogoutHandler.java
+++ b/web/src/main/java/org/springframework/security/web/server/authentication/logout/HeaderWriterServerLogoutHandler.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.server.authentication.logout;
 
 import reactor.core.publisher.Mono;
diff --git a/web/src/main/java/org/springframework/security/web/server/authorization/AuthorizationWebFilter.java b/web/src/main/java/org/springframework/security/web/server/authorization/AuthorizationWebFilter.java
index 07ce081b55..b9f6e93050 100644
--- a/web/src/main/java/org/springframework/security/web/server/authorization/AuthorizationWebFilter.java
+++ b/web/src/main/java/org/springframework/security/web/server/authorization/AuthorizationWebFilter.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.server.authorization;
 
 import org.apache.commons.logging.Log;
diff --git a/web/src/main/java/org/springframework/security/web/server/authorization/DelegatingReactiveAuthorizationManager.java b/web/src/main/java/org/springframework/security/web/server/authorization/DelegatingReactiveAuthorizationManager.java
index 1579308e9b..ccde3d0ac2 100644
--- a/web/src/main/java/org/springframework/security/web/server/authorization/DelegatingReactiveAuthorizationManager.java
+++ b/web/src/main/java/org/springframework/security/web/server/authorization/DelegatingReactiveAuthorizationManager.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.server.authorization;
 
 import java.util.ArrayList;
diff --git a/web/src/main/java/org/springframework/security/web/server/authorization/ExceptionTranslationWebFilter.java b/web/src/main/java/org/springframework/security/web/server/authorization/ExceptionTranslationWebFilter.java
index 116ea4ba8f..de894d1524 100644
--- a/web/src/main/java/org/springframework/security/web/server/authorization/ExceptionTranslationWebFilter.java
+++ b/web/src/main/java/org/springframework/security/web/server/authorization/ExceptionTranslationWebFilter.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.server.authorization;
 
 import reactor.core.publisher.Mono;
diff --git a/web/src/main/java/org/springframework/security/web/server/authorization/ServerAccessDeniedHandler.java b/web/src/main/java/org/springframework/security/web/server/authorization/ServerAccessDeniedHandler.java
index c466da293c..fe23628293 100644
--- a/web/src/main/java/org/springframework/security/web/server/authorization/ServerAccessDeniedHandler.java
+++ b/web/src/main/java/org/springframework/security/web/server/authorization/ServerAccessDeniedHandler.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.server.authorization;
 
 import reactor.core.publisher.Mono;
diff --git a/web/src/main/java/org/springframework/security/web/server/context/ReactorContextWebFilter.java b/web/src/main/java/org/springframework/security/web/server/context/ReactorContextWebFilter.java
index dc02c90d32..f243e0dc22 100644
--- a/web/src/main/java/org/springframework/security/web/server/context/ReactorContextWebFilter.java
+++ b/web/src/main/java/org/springframework/security/web/server/context/ReactorContextWebFilter.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.server.context;
 
 import reactor.core.publisher.Mono;
diff --git a/web/src/main/java/org/springframework/security/web/server/context/SecurityContextServerWebExchange.java b/web/src/main/java/org/springframework/security/web/server/context/SecurityContextServerWebExchange.java
index 0008931bea..02a165b79d 100644
--- a/web/src/main/java/org/springframework/security/web/server/context/SecurityContextServerWebExchange.java
+++ b/web/src/main/java/org/springframework/security/web/server/context/SecurityContextServerWebExchange.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.server.context;
 
 import java.security.Principal;
diff --git a/web/src/main/java/org/springframework/security/web/server/context/ServerSecurityContextRepository.java b/web/src/main/java/org/springframework/security/web/server/context/ServerSecurityContextRepository.java
index b895187271..7af7b6cb51 100644
--- a/web/src/main/java/org/springframework/security/web/server/context/ServerSecurityContextRepository.java
+++ b/web/src/main/java/org/springframework/security/web/server/context/ServerSecurityContextRepository.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.server.context;
 
 import reactor.core.publisher.Mono;
diff --git a/web/src/main/java/org/springframework/security/web/server/context/WebSessionServerSecurityContextRepository.java b/web/src/main/java/org/springframework/security/web/server/context/WebSessionServerSecurityContextRepository.java
index 813d3f595d..75e126df5b 100644
--- a/web/src/main/java/org/springframework/security/web/server/context/WebSessionServerSecurityContextRepository.java
+++ b/web/src/main/java/org/springframework/security/web/server/context/WebSessionServerSecurityContextRepository.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.server.context;
 
 import org.apache.commons.logging.Log;
diff --git a/web/src/main/java/org/springframework/security/web/server/csrf/CsrfException.java b/web/src/main/java/org/springframework/security/web/server/csrf/CsrfException.java
index 1c7d03ac8e..631c5b7fdc 100644
--- a/web/src/main/java/org/springframework/security/web/server/csrf/CsrfException.java
+++ b/web/src/main/java/org/springframework/security/web/server/csrf/CsrfException.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.server.csrf;
 
 import org.springframework.security.access.AccessDeniedException;
diff --git a/web/src/main/java/org/springframework/security/web/server/csrf/DefaultCsrfToken.java b/web/src/main/java/org/springframework/security/web/server/csrf/DefaultCsrfToken.java
index de0aefd93c..42fc487fe0 100644
--- a/web/src/main/java/org/springframework/security/web/server/csrf/DefaultCsrfToken.java
+++ b/web/src/main/java/org/springframework/security/web/server/csrf/DefaultCsrfToken.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.server.csrf;
 
 import org.springframework.util.Assert;
diff --git a/web/src/main/java/org/springframework/security/web/server/csrf/ServerCsrfTokenRepository.java b/web/src/main/java/org/springframework/security/web/server/csrf/ServerCsrfTokenRepository.java
index e4d9262f77..45033cc0a7 100644
--- a/web/src/main/java/org/springframework/security/web/server/csrf/ServerCsrfTokenRepository.java
+++ b/web/src/main/java/org/springframework/security/web/server/csrf/ServerCsrfTokenRepository.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.server.csrf;
 
 import reactor.core.publisher.Mono;
diff --git a/web/src/main/java/org/springframework/security/web/server/csrf/WebSessionServerCsrfTokenRepository.java b/web/src/main/java/org/springframework/security/web/server/csrf/WebSessionServerCsrfTokenRepository.java
index 76953bcc0d..4951acc3bf 100644
--- a/web/src/main/java/org/springframework/security/web/server/csrf/WebSessionServerCsrfTokenRepository.java
+++ b/web/src/main/java/org/springframework/security/web/server/csrf/WebSessionServerCsrfTokenRepository.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.server.csrf;
 
 import java.util.Map;
diff --git a/web/src/main/java/org/springframework/security/web/server/header/CacheControlServerHttpHeadersWriter.java b/web/src/main/java/org/springframework/security/web/server/header/CacheControlServerHttpHeadersWriter.java
index ea6d37057d..fcf6eaef53 100644
--- a/web/src/main/java/org/springframework/security/web/server/header/CacheControlServerHttpHeadersWriter.java
+++ b/web/src/main/java/org/springframework/security/web/server/header/CacheControlServerHttpHeadersWriter.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.server.header;
 
 import reactor.core.publisher.Mono;
diff --git a/web/src/main/java/org/springframework/security/web/server/header/ClearSiteDataServerHttpHeadersWriter.java b/web/src/main/java/org/springframework/security/web/server/header/ClearSiteDataServerHttpHeadersWriter.java
index bc003aadc3..31b94b4692 100644
--- a/web/src/main/java/org/springframework/security/web/server/header/ClearSiteDataServerHttpHeadersWriter.java
+++ b/web/src/main/java/org/springframework/security/web/server/header/ClearSiteDataServerHttpHeadersWriter.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.server.header;
 
 import reactor.core.publisher.Mono;
diff --git a/web/src/main/java/org/springframework/security/web/server/header/CompositeServerHttpHeadersWriter.java b/web/src/main/java/org/springframework/security/web/server/header/CompositeServerHttpHeadersWriter.java
index 896a72b87a..d811daec39 100644
--- a/web/src/main/java/org/springframework/security/web/server/header/CompositeServerHttpHeadersWriter.java
+++ b/web/src/main/java/org/springframework/security/web/server/header/CompositeServerHttpHeadersWriter.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.server.header;
 
 import java.util.Arrays;
diff --git a/web/src/main/java/org/springframework/security/web/server/header/ContentTypeOptionsServerHttpHeadersWriter.java b/web/src/main/java/org/springframework/security/web/server/header/ContentTypeOptionsServerHttpHeadersWriter.java
index bd2f33f783..decbd78523 100644
--- a/web/src/main/java/org/springframework/security/web/server/header/ContentTypeOptionsServerHttpHeadersWriter.java
+++ b/web/src/main/java/org/springframework/security/web/server/header/ContentTypeOptionsServerHttpHeadersWriter.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.server.header;
 
 import reactor.core.publisher.Mono;
diff --git a/web/src/main/java/org/springframework/security/web/server/header/HttpHeaderWriterWebFilter.java b/web/src/main/java/org/springframework/security/web/server/header/HttpHeaderWriterWebFilter.java
index ab02ac1b09..c715ce5494 100644
--- a/web/src/main/java/org/springframework/security/web/server/header/HttpHeaderWriterWebFilter.java
+++ b/web/src/main/java/org/springframework/security/web/server/header/HttpHeaderWriterWebFilter.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.server.header;
 
 import reactor.core.publisher.Mono;
diff --git a/web/src/main/java/org/springframework/security/web/server/header/ServerHttpHeadersWriter.java b/web/src/main/java/org/springframework/security/web/server/header/ServerHttpHeadersWriter.java
index 191a64a608..0103c277a0 100644
--- a/web/src/main/java/org/springframework/security/web/server/header/ServerHttpHeadersWriter.java
+++ b/web/src/main/java/org/springframework/security/web/server/header/ServerHttpHeadersWriter.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.server.header;
 
 import java.util.function.Supplier;
diff --git a/web/src/main/java/org/springframework/security/web/server/header/StaticServerHttpHeadersWriter.java b/web/src/main/java/org/springframework/security/web/server/header/StaticServerHttpHeadersWriter.java
index f763655171..9be1b23891 100644
--- a/web/src/main/java/org/springframework/security/web/server/header/StaticServerHttpHeadersWriter.java
+++ b/web/src/main/java/org/springframework/security/web/server/header/StaticServerHttpHeadersWriter.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.server.header;
 
 import java.util.Arrays;
diff --git a/web/src/main/java/org/springframework/security/web/server/header/StrictTransportSecurityServerHttpHeadersWriter.java b/web/src/main/java/org/springframework/security/web/server/header/StrictTransportSecurityServerHttpHeadersWriter.java
index 049e870a6c..f4fcc58fa8 100644
--- a/web/src/main/java/org/springframework/security/web/server/header/StrictTransportSecurityServerHttpHeadersWriter.java
+++ b/web/src/main/java/org/springframework/security/web/server/header/StrictTransportSecurityServerHttpHeadersWriter.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.server.header;
 
 import java.time.Duration;
diff --git a/web/src/main/java/org/springframework/security/web/server/header/XContentTypeOptionsServerHttpHeadersWriter.java b/web/src/main/java/org/springframework/security/web/server/header/XContentTypeOptionsServerHttpHeadersWriter.java
index 98edc40a93..0f65321d8c 100644
--- a/web/src/main/java/org/springframework/security/web/server/header/XContentTypeOptionsServerHttpHeadersWriter.java
+++ b/web/src/main/java/org/springframework/security/web/server/header/XContentTypeOptionsServerHttpHeadersWriter.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.server.header;
 
 import reactor.core.publisher.Mono;
diff --git a/web/src/main/java/org/springframework/security/web/server/header/XFrameOptionsServerHttpHeadersWriter.java b/web/src/main/java/org/springframework/security/web/server/header/XFrameOptionsServerHttpHeadersWriter.java
index 6346f837f5..3e5beb7046 100644
--- a/web/src/main/java/org/springframework/security/web/server/header/XFrameOptionsServerHttpHeadersWriter.java
+++ b/web/src/main/java/org/springframework/security/web/server/header/XFrameOptionsServerHttpHeadersWriter.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.server.header;
 
 import reactor.core.publisher.Mono;
diff --git a/web/src/main/java/org/springframework/security/web/server/header/XXssProtectionServerHttpHeadersWriter.java b/web/src/main/java/org/springframework/security/web/server/header/XXssProtectionServerHttpHeadersWriter.java
index c67116354f..2112d4afbb 100644
--- a/web/src/main/java/org/springframework/security/web/server/header/XXssProtectionServerHttpHeadersWriter.java
+++ b/web/src/main/java/org/springframework/security/web/server/header/XXssProtectionServerHttpHeadersWriter.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.server.header;
 
 import reactor.core.publisher.Mono;
diff --git a/web/src/main/java/org/springframework/security/web/server/util/matcher/AndServerWebExchangeMatcher.java b/web/src/main/java/org/springframework/security/web/server/util/matcher/AndServerWebExchangeMatcher.java
index d16eb934e5..42b80444a9 100644
--- a/web/src/main/java/org/springframework/security/web/server/util/matcher/AndServerWebExchangeMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/server/util/matcher/AndServerWebExchangeMatcher.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.server.util.matcher;
 
 import java.util.Arrays;
diff --git a/web/src/main/java/org/springframework/security/web/server/util/matcher/NegatedServerWebExchangeMatcher.java b/web/src/main/java/org/springframework/security/web/server/util/matcher/NegatedServerWebExchangeMatcher.java
index 7ffdff8ceb..5c06881d39 100644
--- a/web/src/main/java/org/springframework/security/web/server/util/matcher/NegatedServerWebExchangeMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/server/util/matcher/NegatedServerWebExchangeMatcher.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.server.util.matcher;
 
 import org.apache.commons.logging.Log;
diff --git a/web/src/main/java/org/springframework/security/web/server/util/matcher/OrServerWebExchangeMatcher.java b/web/src/main/java/org/springframework/security/web/server/util/matcher/OrServerWebExchangeMatcher.java
index 302b38b58d..b6b015ab12 100644
--- a/web/src/main/java/org/springframework/security/web/server/util/matcher/OrServerWebExchangeMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/server/util/matcher/OrServerWebExchangeMatcher.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.server.util.matcher;
 
 import java.util.Arrays;
diff --git a/web/src/main/java/org/springframework/security/web/server/util/matcher/PathPatternParserServerWebExchangeMatcher.java b/web/src/main/java/org/springframework/security/web/server/util/matcher/PathPatternParserServerWebExchangeMatcher.java
index 4fd4f0f1f8..0dae293172 100644
--- a/web/src/main/java/org/springframework/security/web/server/util/matcher/PathPatternParserServerWebExchangeMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/server/util/matcher/PathPatternParserServerWebExchangeMatcher.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.server.util.matcher;
 
 import java.util.HashMap;
diff --git a/web/src/main/java/org/springframework/security/web/server/util/matcher/ServerWebExchangeMatcher.java b/web/src/main/java/org/springframework/security/web/server/util/matcher/ServerWebExchangeMatcher.java
index c831ad0c2b..90bef38d6e 100644
--- a/web/src/main/java/org/springframework/security/web/server/util/matcher/ServerWebExchangeMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/server/util/matcher/ServerWebExchangeMatcher.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.server.util.matcher;
 
 import java.util.Collections;
diff --git a/web/src/main/java/org/springframework/security/web/server/util/matcher/ServerWebExchangeMatchers.java b/web/src/main/java/org/springframework/security/web/server/util/matcher/ServerWebExchangeMatchers.java
index eccab0ab2d..9fe5da54a6 100644
--- a/web/src/main/java/org/springframework/security/web/server/util/matcher/ServerWebExchangeMatchers.java
+++ b/web/src/main/java/org/springframework/security/web/server/util/matcher/ServerWebExchangeMatchers.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.server.util.matcher;
 
 import java.util.ArrayList;
diff --git a/web/src/main/java/org/springframework/security/web/servlet/support/csrf/CsrfRequestDataValueProcessor.java b/web/src/main/java/org/springframework/security/web/servlet/support/csrf/CsrfRequestDataValueProcessor.java
index 9d85128d2c..d904f4d1fe 100644
--- a/web/src/main/java/org/springframework/security/web/servlet/support/csrf/CsrfRequestDataValueProcessor.java
+++ b/web/src/main/java/org/springframework/security/web/servlet/support/csrf/CsrfRequestDataValueProcessor.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.servlet.support.csrf;
 
 import java.util.Collections;
diff --git a/web/src/main/java/org/springframework/security/web/servletapi/HttpServlet3RequestFactory.java b/web/src/main/java/org/springframework/security/web/servletapi/HttpServlet3RequestFactory.java
index 09b80e2716..dbd06835f8 100644
--- a/web/src/main/java/org/springframework/security/web/servletapi/HttpServlet3RequestFactory.java
+++ b/web/src/main/java/org/springframework/security/web/servletapi/HttpServlet3RequestFactory.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.servletapi;
 
 import java.io.IOException;
diff --git a/web/src/main/java/org/springframework/security/web/servletapi/HttpServletRequestFactory.java b/web/src/main/java/org/springframework/security/web/servletapi/HttpServletRequestFactory.java
index 42c9c06425..e6d430d1ba 100644
--- a/web/src/main/java/org/springframework/security/web/servletapi/HttpServletRequestFactory.java
+++ b/web/src/main/java/org/springframework/security/web/servletapi/HttpServletRequestFactory.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.servletapi;
 
 import javax.servlet.http.HttpServletRequest;
diff --git a/web/src/main/java/org/springframework/security/web/servletapi/package-info.java b/web/src/main/java/org/springframework/security/web/servletapi/package-info.java
index b3a21724d8..135e044d53 100644
--- a/web/src/main/java/org/springframework/security/web/servletapi/package-info.java
+++ b/web/src/main/java/org/springframework/security/web/servletapi/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * Populates a Servlet request with a new Spring Security compliant
  * {@code HttpServletRequestWrapper}.
diff --git a/web/src/main/java/org/springframework/security/web/session/InvalidSessionAccessDeniedHandler.java b/web/src/main/java/org/springframework/security/web/session/InvalidSessionAccessDeniedHandler.java
index 0c17383baf..64540da7b0 100644
--- a/web/src/main/java/org/springframework/security/web/session/InvalidSessionAccessDeniedHandler.java
+++ b/web/src/main/java/org/springframework/security/web/session/InvalidSessionAccessDeniedHandler.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.session;
 
 import java.io.IOException;
diff --git a/web/src/main/java/org/springframework/security/web/session/InvalidSessionStrategy.java b/web/src/main/java/org/springframework/security/web/session/InvalidSessionStrategy.java
index ba320fc043..5919279c7a 100644
--- a/web/src/main/java/org/springframework/security/web/session/InvalidSessionStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/session/InvalidSessionStrategy.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.session;
 
 import java.io.IOException;
diff --git a/web/src/main/java/org/springframework/security/web/session/SessionInformationExpiredStrategy.java b/web/src/main/java/org/springframework/security/web/session/SessionInformationExpiredStrategy.java
index fec0ad9af8..29a5b59d71 100644
--- a/web/src/main/java/org/springframework/security/web/session/SessionInformationExpiredStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/session/SessionInformationExpiredStrategy.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.session;
 
 import java.io.IOException;
diff --git a/web/src/main/java/org/springframework/security/web/session/SessionManagementFilter.java b/web/src/main/java/org/springframework/security/web/session/SessionManagementFilter.java
index 90aaac9fdb..13ea888eb8 100644
--- a/web/src/main/java/org/springframework/security/web/session/SessionManagementFilter.java
+++ b/web/src/main/java/org/springframework/security/web/session/SessionManagementFilter.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.session;
 
 import java.io.IOException;
diff --git a/web/src/main/java/org/springframework/security/web/session/SimpleRedirectInvalidSessionStrategy.java b/web/src/main/java/org/springframework/security/web/session/SimpleRedirectInvalidSessionStrategy.java
index d5c464e33d..6fd0f7b3cb 100644
--- a/web/src/main/java/org/springframework/security/web/session/SimpleRedirectInvalidSessionStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/session/SimpleRedirectInvalidSessionStrategy.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.session;
 
 import java.io.IOException;
diff --git a/web/src/main/java/org/springframework/security/web/session/SimpleRedirectSessionInformationExpiredStrategy.java b/web/src/main/java/org/springframework/security/web/session/SimpleRedirectSessionInformationExpiredStrategy.java
index 3467a66491..8c00287b6b 100644
--- a/web/src/main/java/org/springframework/security/web/session/SimpleRedirectSessionInformationExpiredStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/session/SimpleRedirectSessionInformationExpiredStrategy.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.session;
 
 import java.io.IOException;
diff --git a/web/src/main/java/org/springframework/security/web/session/package-info.java b/web/src/main/java/org/springframework/security/web/session/package-info.java
index d460877f83..af9822f7ff 100644
--- a/web/src/main/java/org/springframework/security/web/session/package-info.java
+++ b/web/src/main/java/org/springframework/security/web/session/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * Session management filters, {@code HttpSession} events and publisher classes.
  */
diff --git a/web/src/main/java/org/springframework/security/web/util/OnCommittedResponseWrapper.java b/web/src/main/java/org/springframework/security/web/util/OnCommittedResponseWrapper.java
index 747c59fda9..aac699f03e 100644
--- a/web/src/main/java/org/springframework/security/web/util/OnCommittedResponseWrapper.java
+++ b/web/src/main/java/org/springframework/security/web/util/OnCommittedResponseWrapper.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.util;
 
 import java.io.IOException;
diff --git a/web/src/main/java/org/springframework/security/web/util/RedirectUrlBuilder.java b/web/src/main/java/org/springframework/security/web/util/RedirectUrlBuilder.java
index 61b2a1e666..f41e39f253 100644
--- a/web/src/main/java/org/springframework/security/web/util/RedirectUrlBuilder.java
+++ b/web/src/main/java/org/springframework/security/web/util/RedirectUrlBuilder.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.util;
 
 import org.springframework.util.Assert;
diff --git a/web/src/main/java/org/springframework/security/web/util/TextEscapeUtils.java b/web/src/main/java/org/springframework/security/web/util/TextEscapeUtils.java
index fed40240f9..abedceb714 100644
--- a/web/src/main/java/org/springframework/security/web/util/TextEscapeUtils.java
+++ b/web/src/main/java/org/springframework/security/web/util/TextEscapeUtils.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.util;
 
 /**
diff --git a/web/src/main/java/org/springframework/security/web/util/ThrowableAnalyzer.java b/web/src/main/java/org/springframework/security/web/util/ThrowableAnalyzer.java
index 9b6af8a73e..12c8324fe6 100755
--- a/web/src/main/java/org/springframework/security/web/util/ThrowableAnalyzer.java
+++ b/web/src/main/java/org/springframework/security/web/util/ThrowableAnalyzer.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.util;
 
 import java.lang.reflect.InvocationTargetException;
diff --git a/web/src/main/java/org/springframework/security/web/util/ThrowableCauseExtractor.java b/web/src/main/java/org/springframework/security/web/util/ThrowableCauseExtractor.java
index b9a2a3b9ee..1d3911b9b3 100755
--- a/web/src/main/java/org/springframework/security/web/util/ThrowableCauseExtractor.java
+++ b/web/src/main/java/org/springframework/security/web/util/ThrowableCauseExtractor.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.util;
 
 /**
diff --git a/web/src/main/java/org/springframework/security/web/util/matcher/AndRequestMatcher.java b/web/src/main/java/org/springframework/security/web/util/matcher/AndRequestMatcher.java
index 39307db8ff..567dd989a0 100644
--- a/web/src/main/java/org/springframework/security/web/util/matcher/AndRequestMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/util/matcher/AndRequestMatcher.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.util.matcher;
 
 import java.util.Arrays;
diff --git a/web/src/main/java/org/springframework/security/web/util/matcher/AntPathRequestMatcher.java b/web/src/main/java/org/springframework/security/web/util/matcher/AntPathRequestMatcher.java
index c0af6461d4..abd5b0b089 100644
--- a/web/src/main/java/org/springframework/security/web/util/matcher/AntPathRequestMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/util/matcher/AntPathRequestMatcher.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.util.matcher;
 
 import java.util.Collections;
diff --git a/web/src/main/java/org/springframework/security/web/util/matcher/AnyRequestMatcher.java b/web/src/main/java/org/springframework/security/web/util/matcher/AnyRequestMatcher.java
index c2ad877abb..7d83e3cd0a 100644
--- a/web/src/main/java/org/springframework/security/web/util/matcher/AnyRequestMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/util/matcher/AnyRequestMatcher.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.util.matcher;
 
 import javax.servlet.http.HttpServletRequest;
diff --git a/web/src/main/java/org/springframework/security/web/util/matcher/ELRequestMatcherContext.java b/web/src/main/java/org/springframework/security/web/util/matcher/ELRequestMatcherContext.java
index bb429742a5..de339c3d3a 100644
--- a/web/src/main/java/org/springframework/security/web/util/matcher/ELRequestMatcherContext.java
+++ b/web/src/main/java/org/springframework/security/web/util/matcher/ELRequestMatcherContext.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.util.matcher;
 
 import javax.servlet.http.HttpServletRequest;
diff --git a/web/src/main/java/org/springframework/security/web/util/matcher/IpAddressMatcher.java b/web/src/main/java/org/springframework/security/web/util/matcher/IpAddressMatcher.java
index 8a2198d66b..c53686db2d 100644
--- a/web/src/main/java/org/springframework/security/web/util/matcher/IpAddressMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/util/matcher/IpAddressMatcher.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.util.matcher;
 
 import java.net.InetAddress;
diff --git a/web/src/main/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcher.java b/web/src/main/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcher.java
index 42a7041e72..29c22f81c6 100644
--- a/web/src/main/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcher.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.util.matcher;
 
 import java.util.Arrays;
diff --git a/web/src/main/java/org/springframework/security/web/util/matcher/NegatedRequestMatcher.java b/web/src/main/java/org/springframework/security/web/util/matcher/NegatedRequestMatcher.java
index 7bc8d41689..f7e500a362 100644
--- a/web/src/main/java/org/springframework/security/web/util/matcher/NegatedRequestMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/util/matcher/NegatedRequestMatcher.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.util.matcher;
 
 import javax.servlet.http.HttpServletRequest;
diff --git a/web/src/main/java/org/springframework/security/web/util/matcher/OrRequestMatcher.java b/web/src/main/java/org/springframework/security/web/util/matcher/OrRequestMatcher.java
index 7c0d3022f7..cf501da94a 100644
--- a/web/src/main/java/org/springframework/security/web/util/matcher/OrRequestMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/util/matcher/OrRequestMatcher.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.util.matcher;
 
 import java.util.Arrays;
diff --git a/web/src/main/java/org/springframework/security/web/util/matcher/RegexRequestMatcher.java b/web/src/main/java/org/springframework/security/web/util/matcher/RegexRequestMatcher.java
index e802925e18..0e36a55a18 100644
--- a/web/src/main/java/org/springframework/security/web/util/matcher/RegexRequestMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/util/matcher/RegexRequestMatcher.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.util.matcher;
 
 import java.util.regex.Pattern;
diff --git a/web/src/main/java/org/springframework/security/web/util/matcher/RequestHeaderRequestMatcher.java b/web/src/main/java/org/springframework/security/web/util/matcher/RequestHeaderRequestMatcher.java
index fcb8efbf6f..8faa366d61 100644
--- a/web/src/main/java/org/springframework/security/web/util/matcher/RequestHeaderRequestMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/util/matcher/RequestHeaderRequestMatcher.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.util.matcher;
 
 import javax.servlet.http.HttpServletRequest;
diff --git a/web/src/main/java/org/springframework/security/web/util/matcher/RequestMatcher.java b/web/src/main/java/org/springframework/security/web/util/matcher/RequestMatcher.java
index 4245bd4688..0d3fccf6f9 100644
--- a/web/src/main/java/org/springframework/security/web/util/matcher/RequestMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/util/matcher/RequestMatcher.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.util.matcher;
 
 import java.util.Collections;
diff --git a/web/src/main/java/org/springframework/security/web/util/package-info.java b/web/src/main/java/org/springframework/security/web/util/package-info.java
index 5f0c4b2bfa..2bf681d737 100644
--- a/web/src/main/java/org/springframework/security/web/util/package-info.java
+++ b/web/src/main/java/org/springframework/security/web/util/package-info.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 /**
  * Web utility classes.
  * <p>
diff --git a/web/src/test/java/org/springframework/security/test/web/reactive/server/WebTestClientBuilder.java b/web/src/test/java/org/springframework/security/test/web/reactive/server/WebTestClientBuilder.java
index 2a8d282348..58955a6f4f 100644
--- a/web/src/test/java/org/springframework/security/test/web/reactive/server/WebTestClientBuilder.java
+++ b/web/src/test/java/org/springframework/security/test/web/reactive/server/WebTestClientBuilder.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.test.web.reactive.server;
 
 import org.springframework.http.HttpStatus;
diff --git a/web/src/test/java/org/springframework/security/test/web/reactive/server/WebTestHandler.java b/web/src/test/java/org/springframework/security/test/web/reactive/server/WebTestHandler.java
index 07d478e0f9..f20104eae4 100644
--- a/web/src/test/java/org/springframework/security/test/web/reactive/server/WebTestHandler.java
+++ b/web/src/test/java/org/springframework/security/test/web/reactive/server/WebTestHandler.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.test.web.reactive.server;
 
 import java.util.Arrays;
diff --git a/web/src/test/java/org/springframework/security/web/DefaultRedirectStrategyTests.java b/web/src/test/java/org/springframework/security/web/DefaultRedirectStrategyTests.java
index 685f0ee901..32971f6513 100644
--- a/web/src/test/java/org/springframework/security/web/DefaultRedirectStrategyTests.java
+++ b/web/src/test/java/org/springframework/security/web/DefaultRedirectStrategyTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web;
 
 import org.junit.Test;
diff --git a/web/src/test/java/org/springframework/security/web/FilterChainProxyTests.java b/web/src/test/java/org/springframework/security/web/FilterChainProxyTests.java
index 2017452c98..ca3702bede 100644
--- a/web/src/test/java/org/springframework/security/web/FilterChainProxyTests.java
+++ b/web/src/test/java/org/springframework/security/web/FilterChainProxyTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web;
 
 import java.util.Arrays;
diff --git a/web/src/test/java/org/springframework/security/web/access/DelegatingAccessDeniedHandlerTests.java b/web/src/test/java/org/springframework/security/web/access/DelegatingAccessDeniedHandlerTests.java
index d7a53f822e..6063aab348 100644
--- a/web/src/test/java/org/springframework/security/web/access/DelegatingAccessDeniedHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/DelegatingAccessDeniedHandlerTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.access;
 
 import java.util.LinkedHashMap;
diff --git a/web/src/test/java/org/springframework/security/web/access/ExceptionTranslationFilterTests.java b/web/src/test/java/org/springframework/security/web/access/ExceptionTranslationFilterTests.java
index 4976f8a3e3..1506d493ce 100644
--- a/web/src/test/java/org/springframework/security/web/access/ExceptionTranslationFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/ExceptionTranslationFilterTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.access;
 
 import java.io.IOException;
diff --git a/web/src/test/java/org/springframework/security/web/access/expression/AbstractVariableEvaluationContextPostProcessorTests.java b/web/src/test/java/org/springframework/security/web/access/expression/AbstractVariableEvaluationContextPostProcessorTests.java
index c4f92d32f7..0244b48aa6 100644
--- a/web/src/test/java/org/springframework/security/web/access/expression/AbstractVariableEvaluationContextPostProcessorTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/expression/AbstractVariableEvaluationContextPostProcessorTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.access.expression;
 
 import java.util.Collections;
diff --git a/web/src/test/java/org/springframework/security/web/access/expression/ExpressionBasedFilterInvocationSecurityMetadataSourceTests.java b/web/src/test/java/org/springframework/security/web/access/expression/ExpressionBasedFilterInvocationSecurityMetadataSourceTests.java
index ca426b3a29..1519245972 100644
--- a/web/src/test/java/org/springframework/security/web/access/expression/ExpressionBasedFilterInvocationSecurityMetadataSourceTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/expression/ExpressionBasedFilterInvocationSecurityMetadataSourceTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.access.expression;
 
 import java.util.Collection;
diff --git a/web/src/test/java/org/springframework/security/web/access/expression/WebExpressionVoterTests.java b/web/src/test/java/org/springframework/security/web/access/expression/WebExpressionVoterTests.java
index 4e709ba6c7..6b1c930623 100644
--- a/web/src/test/java/org/springframework/security/web/access/expression/WebExpressionVoterTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/expression/WebExpressionVoterTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.access.expression;
 
 import java.util.ArrayList;
diff --git a/web/src/test/java/org/springframework/security/web/access/expression/WebSecurityExpressionRootTests.java b/web/src/test/java/org/springframework/security/web/access/expression/WebSecurityExpressionRootTests.java
index f10ad0d18a..0e973ade90 100644
--- a/web/src/test/java/org/springframework/security/web/access/expression/WebSecurityExpressionRootTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/expression/WebSecurityExpressionRootTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.access.expression;
 
 import javax.servlet.FilterChain;
diff --git a/web/src/test/java/org/springframework/security/web/access/intercept/RequestKeyTests.java b/web/src/test/java/org/springframework/security/web/access/intercept/RequestKeyTests.java
index 543eb20351..40576c0a41 100644
--- a/web/src/test/java/org/springframework/security/web/access/intercept/RequestKeyTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/intercept/RequestKeyTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.access.intercept;
 
 import org.junit.Test;
diff --git a/web/src/test/java/org/springframework/security/web/authentication/AuthenticationFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/AuthenticationFilterTests.java
index db70ace427..8a36219287 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/AuthenticationFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/AuthenticationFilterTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication;
 
 import javax.servlet.FilterChain;
diff --git a/web/src/test/java/org/springframework/security/web/authentication/DefaultLoginPageGeneratingFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/DefaultLoginPageGeneratingFilterTests.java
index ea179bd770..ebb95ceea6 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/DefaultLoginPageGeneratingFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/DefaultLoginPageGeneratingFilterTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication;
 
 import java.util.Collections;
diff --git a/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPointContextTests.java b/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPointContextTests.java
index 43980c148a..0033fa13f1 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPointContextTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPointContextTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication;
 
 import javax.servlet.http.HttpServletRequest;
diff --git a/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPointTests.java b/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPointTests.java
index 9cb163cdc9..ff9068b8f6 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPointTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPointTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication;
 
 import java.util.LinkedHashMap;
diff --git a/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationFailureHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationFailureHandlerTests.java
index 8883e12c4d..e896523bb6 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationFailureHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationFailureHandlerTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication;
 
 import java.util.LinkedHashMap;
diff --git a/web/src/test/java/org/springframework/security/web/authentication/ExceptionMappingAuthenticationFailureHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/ExceptionMappingAuthenticationFailureHandlerTests.java
index 40f928ce87..bbcc57781a 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/ExceptionMappingAuthenticationFailureHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/ExceptionMappingAuthenticationFailureHandlerTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication;
 
 import java.util.HashMap;
diff --git a/web/src/test/java/org/springframework/security/web/authentication/ForwardAuthenticaionSuccessHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/ForwardAuthenticaionSuccessHandlerTests.java
index fe9c9e434c..8102ea6e5f 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/ForwardAuthenticaionSuccessHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/ForwardAuthenticaionSuccessHandlerTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication;
 
 import org.junit.Test;
diff --git a/web/src/test/java/org/springframework/security/web/authentication/ForwardAuthenticationFailureHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/ForwardAuthenticationFailureHandlerTests.java
index 2f28538b1e..4701fe1ad5 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/ForwardAuthenticationFailureHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/ForwardAuthenticationFailureHandlerTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication;
 
 import org.junit.Test;
diff --git a/web/src/test/java/org/springframework/security/web/authentication/HttpStatusEntryPointTests.java b/web/src/test/java/org/springframework/security/web/authentication/HttpStatusEntryPointTests.java
index ca7ab99c49..f3ec882629 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/HttpStatusEntryPointTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/HttpStatusEntryPointTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication;
 
 import org.junit.Before;
diff --git a/web/src/test/java/org/springframework/security/web/authentication/SavedRequestAwareAuthenticationSuccessHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/SavedRequestAwareAuthenticationSuccessHandlerTests.java
index af5c0e2a9a..b8e50844d9 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/SavedRequestAwareAuthenticationSuccessHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/SavedRequestAwareAuthenticationSuccessHandlerTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication;
 
 import org.junit.Test;
diff --git a/web/src/test/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationFailureHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationFailureHandlerTests.java
index 1df1153e29..ad536450f6 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationFailureHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationFailureHandlerTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication;
 
 import org.junit.Test;
diff --git a/web/src/test/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationSuccessHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationSuccessHandlerTests.java
index a7cbac033a..d4e54686d2 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationSuccessHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationSuccessHandlerTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication;
 
 import org.junit.Test;
diff --git a/web/src/test/java/org/springframework/security/web/authentication/logout/CookieClearingLogoutHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/logout/CookieClearingLogoutHandlerTests.java
index d1887b01c2..64b4f073c5 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/logout/CookieClearingLogoutHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/logout/CookieClearingLogoutHandlerTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication.logout;
 
 import javax.servlet.http.Cookie;
diff --git a/web/src/test/java/org/springframework/security/web/authentication/logout/DelegatingLogoutSuccessHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/logout/DelegatingLogoutSuccessHandlerTests.java
index ff92fb9536..288edf36de 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/logout/DelegatingLogoutSuccessHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/logout/DelegatingLogoutSuccessHandlerTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication.logout;
 
 import java.util.LinkedHashMap;
diff --git a/web/src/test/java/org/springframework/security/web/authentication/logout/LogoutHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/logout/LogoutHandlerTests.java
index 6050578eaf..cc0067351f 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/logout/LogoutHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/logout/LogoutHandlerTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication.logout;
 
 import org.junit.Before;
diff --git a/web/src/test/java/org/springframework/security/web/authentication/logout/SecurityContextLogoutHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/logout/SecurityContextLogoutHandlerTests.java
index 0874268b81..34b73a69bf 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/logout/SecurityContextLogoutHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/logout/SecurityContextLogoutHandlerTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication.logout;
 
 import org.junit.After;
diff --git a/web/src/test/java/org/springframework/security/web/authentication/logout/SimpleUrlLogoutSuccessHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/logout/SimpleUrlLogoutSuccessHandlerTests.java
index 50f43d1926..4a8374a9d8 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/logout/SimpleUrlLogoutSuccessHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/logout/SimpleUrlLogoutSuccessHandlerTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication.logout;
 
 import org.junit.Test;
diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilterTests.java
index 2a39eea38a..82813d3e29 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilterTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication.preauth;
 
 import javax.servlet.FilterChain;
diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/Http403ForbiddenEntryPointTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/Http403ForbiddenEntryPointTests.java
index d23a331918..9075872148 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/preauth/Http403ForbiddenEntryPointTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/Http403ForbiddenEntryPointTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication.preauth;
 
 import java.io.IOException;
diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationProviderTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationProviderTests.java
index 3bb99184e2..db62065c8c 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationProviderTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationProviderTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication.preauth;
 
 import org.junit.Test;
diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationTokenTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationTokenTests.java
index f86a01abd4..ae98ada53d 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationTokenTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationTokenTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication.preauth;
 
 import java.util.Collection;
diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesUserDetailsServiceTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesUserDetailsServiceTests.java
index aff725f6b5..0faaa7393e 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesUserDetailsServiceTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesUserDetailsServiceTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication.preauth;
 
 import java.util.List;
diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetailsTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetailsTests.java
index a68a9c4bcb..f99701485a 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetailsTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetailsTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication.preauth;
 
 import java.util.Arrays;
diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/RequestAttributeAuthenticationFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/RequestAttributeAuthenticationFilterTests.java
index 5f1ef577d4..647770f200 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/preauth/RequestAttributeAuthenticationFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/RequestAttributeAuthenticationFilterTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication.preauth;
 
 import org.junit.After;
diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/header/RequestHeaderAuthenticationFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/header/RequestHeaderAuthenticationFilterTests.java
index 41d857c928..aa65e72045 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/preauth/header/RequestHeaderAuthenticationFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/header/RequestHeaderAuthenticationFilterTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication.preauth.header;
 
 import org.junit.After;
diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/J2eeBasedPreAuthenticatedWebAuthenticationDetailsSourceTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/J2eeBasedPreAuthenticatedWebAuthenticationDetailsSourceTests.java
index 83f42dab02..13cab85518 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/J2eeBasedPreAuthenticatedWebAuthenticationDetailsSourceTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/J2eeBasedPreAuthenticatedWebAuthenticationDetailsSourceTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication.preauth.j2ee;
 
 import java.util.Arrays;
diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/J2eePreAuthenticatedProcessingFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/J2eePreAuthenticatedProcessingFilterTests.java
index 8f33c8d6a3..e5e5fd9343 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/J2eePreAuthenticatedProcessingFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/J2eePreAuthenticatedProcessingFilterTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication.preauth.j2ee;
 
 import java.util.Arrays;
diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/WebXmlJ2eeDefinedRolesRetrieverTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/WebXmlJ2eeDefinedRolesRetrieverTests.java
index 9165a69a34..fc2dd00f04 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/WebXmlJ2eeDefinedRolesRetrieverTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/WebXmlJ2eeDefinedRolesRetrieverTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication.preauth.j2ee;
 
 import java.util.Arrays;
diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedProcessingFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedProcessingFilterTests.java
index d5edb037d5..9c17ee1824 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedProcessingFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedProcessingFilterTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication.preauth.websphere;
 
 import javax.servlet.FilterChain;
diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/x509/SubjectDnX509PrincipalExtractorTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/x509/SubjectDnX509PrincipalExtractorTests.java
index 6c1e7da0be..5d8e963c55 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/preauth/x509/SubjectDnX509PrincipalExtractorTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/x509/SubjectDnX509PrincipalExtractorTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication.preauth.x509;
 
 import org.junit.Before;
diff --git a/web/src/test/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServicesTests.java b/web/src/test/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServicesTests.java
index f3a16db337..2556a59e57 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServicesTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServicesTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication.rememberme;
 
 import javax.servlet.http.Cookie;
diff --git a/web/src/test/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServicesTests.java b/web/src/test/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServicesTests.java
index 5f21f410e5..6d0bbd2371 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServicesTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServicesTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication.rememberme;
 
 import java.util.Date;
diff --git a/web/src/test/java/org/springframework/security/web/authentication/session/ChangeSessionIdAuthenticationStrategyTests.java b/web/src/test/java/org/springframework/security/web/authentication/session/ChangeSessionIdAuthenticationStrategyTests.java
index 3eaec75425..2fa89b2a3b 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/session/ChangeSessionIdAuthenticationStrategyTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/session/ChangeSessionIdAuthenticationStrategyTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication.session;
 
 import org.junit.Test;
diff --git a/web/src/test/java/org/springframework/security/web/authentication/session/RegisterSessionAuthenticationStrategyTests.java b/web/src/test/java/org/springframework/security/web/authentication/session/RegisterSessionAuthenticationStrategyTests.java
index bcc1747e54..668b651805 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/session/RegisterSessionAuthenticationStrategyTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/session/RegisterSessionAuthenticationStrategyTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication.session;
 
 import org.junit.Before;
diff --git a/web/src/test/java/org/springframework/security/web/authentication/switchuser/SwitchUserGrantedAuthorityTests.java b/web/src/test/java/org/springframework/security/web/authentication/switchuser/SwitchUserGrantedAuthorityTests.java
index 845363de76..0ccd0937cb 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/switchuser/SwitchUserGrantedAuthorityTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/switchuser/SwitchUserGrantedAuthorityTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication.switchuser;
 
 import org.junit.Test;
diff --git a/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationConverterTests.java b/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationConverterTests.java
index 33d282965b..a06829f66b 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationConverterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationConverterTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.authentication.www;
 
 import javax.servlet.http.HttpServletRequest;
diff --git a/web/src/test/java/org/springframework/security/web/bind/support/AuthenticationPrincipalArgumentResolverTests.java b/web/src/test/java/org/springframework/security/web/bind/support/AuthenticationPrincipalArgumentResolverTests.java
index d55357f9ff..675e68db6e 100644
--- a/web/src/test/java/org/springframework/security/web/bind/support/AuthenticationPrincipalArgumentResolverTests.java
+++ b/web/src/test/java/org/springframework/security/web/bind/support/AuthenticationPrincipalArgumentResolverTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.bind.support;
 
 import java.lang.annotation.ElementType;
diff --git a/web/src/test/java/org/springframework/security/web/context/AbstractSecurityWebApplicationInitializerTests.java b/web/src/test/java/org/springframework/security/web/context/AbstractSecurityWebApplicationInitializerTests.java
index 087653ce2e..1eac035d61 100644
--- a/web/src/test/java/org/springframework/security/web/context/AbstractSecurityWebApplicationInitializerTests.java
+++ b/web/src/test/java/org/springframework/security/web/context/AbstractSecurityWebApplicationInitializerTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.context;
 
 import java.util.Collections;
diff --git a/web/src/test/java/org/springframework/security/web/context/SaveContextOnUpdateOrErrorResponseWrapperTests.java b/web/src/test/java/org/springframework/security/web/context/SaveContextOnUpdateOrErrorResponseWrapperTests.java
index 8ea6d0344e..611e221817 100644
--- a/web/src/test/java/org/springframework/security/web/context/SaveContextOnUpdateOrErrorResponseWrapperTests.java
+++ b/web/src/test/java/org/springframework/security/web/context/SaveContextOnUpdateOrErrorResponseWrapperTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.context;
 
 import javax.servlet.http.HttpServletResponse;
diff --git a/web/src/test/java/org/springframework/security/web/context/SecurityContextPersistenceFilterTests.java b/web/src/test/java/org/springframework/security/web/context/SecurityContextPersistenceFilterTests.java
index b4c15c2db7..7dea43d79a 100644
--- a/web/src/test/java/org/springframework/security/web/context/SecurityContextPersistenceFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/context/SecurityContextPersistenceFilterTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.context;
 
 import java.io.IOException;
diff --git a/web/src/test/java/org/springframework/security/web/context/request/async/SecurityContextCallableProcessingInterceptorTests.java b/web/src/test/java/org/springframework/security/web/context/request/async/SecurityContextCallableProcessingInterceptorTests.java
index 46a235bfe5..88681cca87 100644
--- a/web/src/test/java/org/springframework/security/web/context/request/async/SecurityContextCallableProcessingInterceptorTests.java
+++ b/web/src/test/java/org/springframework/security/web/context/request/async/SecurityContextCallableProcessingInterceptorTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.context.request.async;
 
 import java.util.concurrent.Callable;
diff --git a/web/src/test/java/org/springframework/security/web/context/request/async/WebAsyncManagerIntegrationFilterTests.java b/web/src/test/java/org/springframework/security/web/context/request/async/WebAsyncManagerIntegrationFilterTests.java
index 2242f64dd1..ee0ba41e9b 100644
--- a/web/src/test/java/org/springframework/security/web/context/request/async/WebAsyncManagerIntegrationFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/context/request/async/WebAsyncManagerIntegrationFilterTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.context.request.async;
 
 import java.util.concurrent.Callable;
diff --git a/web/src/test/java/org/springframework/security/web/csrf/CsrfAuthenticationStrategyTests.java b/web/src/test/java/org/springframework/security/web/csrf/CsrfAuthenticationStrategyTests.java
index 3ea7571f82..9a848bf0c9 100644
--- a/web/src/test/java/org/springframework/security/web/csrf/CsrfAuthenticationStrategyTests.java
+++ b/web/src/test/java/org/springframework/security/web/csrf/CsrfAuthenticationStrategyTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.csrf;
 
 import javax.servlet.http.HttpServletRequest;
diff --git a/web/src/test/java/org/springframework/security/web/csrf/CsrfFilterTests.java b/web/src/test/java/org/springframework/security/web/csrf/CsrfFilterTests.java
index df217454e2..01976d0555 100644
--- a/web/src/test/java/org/springframework/security/web/csrf/CsrfFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/csrf/CsrfFilterTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.csrf;
 
 import java.io.IOException;
diff --git a/web/src/test/java/org/springframework/security/web/csrf/CsrfLogoutHandlerTests.java b/web/src/test/java/org/springframework/security/web/csrf/CsrfLogoutHandlerTests.java
index 424df7e7a1..64be6dad9d 100644
--- a/web/src/test/java/org/springframework/security/web/csrf/CsrfLogoutHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/csrf/CsrfLogoutHandlerTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.csrf;
 
 import org.junit.Before;
diff --git a/web/src/test/java/org/springframework/security/web/csrf/DefaultCsrfTokenTests.java b/web/src/test/java/org/springframework/security/web/csrf/DefaultCsrfTokenTests.java
index 2fbfc69992..3ece0e164e 100644
--- a/web/src/test/java/org/springframework/security/web/csrf/DefaultCsrfTokenTests.java
+++ b/web/src/test/java/org/springframework/security/web/csrf/DefaultCsrfTokenTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.csrf;
 
 import org.junit.Test;
diff --git a/web/src/test/java/org/springframework/security/web/csrf/HttpSessionCsrfTokenRepositoryTests.java b/web/src/test/java/org/springframework/security/web/csrf/HttpSessionCsrfTokenRepositoryTests.java
index 3280c2741a..52f89da077 100644
--- a/web/src/test/java/org/springframework/security/web/csrf/HttpSessionCsrfTokenRepositoryTests.java
+++ b/web/src/test/java/org/springframework/security/web/csrf/HttpSessionCsrfTokenRepositoryTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.csrf;
 
 import org.junit.Before;
diff --git a/web/src/test/java/org/springframework/security/web/csrf/MissingCsrfTokenExceptionTests.java b/web/src/test/java/org/springframework/security/web/csrf/MissingCsrfTokenExceptionTests.java
index 6a173d88c0..ef84d3b5de 100644
--- a/web/src/test/java/org/springframework/security/web/csrf/MissingCsrfTokenExceptionTests.java
+++ b/web/src/test/java/org/springframework/security/web/csrf/MissingCsrfTokenExceptionTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.csrf;
 
 import org.junit.Test;
diff --git a/web/src/test/java/org/springframework/security/web/debug/DebugFilterTests.java b/web/src/test/java/org/springframework/security/web/debug/DebugFilterTests.java
index c9d76279df..7d5316e497 100644
--- a/web/src/test/java/org/springframework/security/web/debug/DebugFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/debug/DebugFilterTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.debug;
 
 import java.util.Collections;
diff --git a/web/src/test/java/org/springframework/security/web/firewall/DefaultHttpFirewallTests.java b/web/src/test/java/org/springframework/security/web/firewall/DefaultHttpFirewallTests.java
index 2ff3404968..aa36573226 100644
--- a/web/src/test/java/org/springframework/security/web/firewall/DefaultHttpFirewallTests.java
+++ b/web/src/test/java/org/springframework/security/web/firewall/DefaultHttpFirewallTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.firewall;
 
 import org.junit.Test;
diff --git a/web/src/test/java/org/springframework/security/web/firewall/DefaultRequestRejectedHandlerTests.java b/web/src/test/java/org/springframework/security/web/firewall/DefaultRequestRejectedHandlerTests.java
index f401179f30..e00195629d 100644
--- a/web/src/test/java/org/springframework/security/web/firewall/DefaultRequestRejectedHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/firewall/DefaultRequestRejectedHandlerTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.firewall;
 
 import javax.servlet.http.HttpServletRequest;
diff --git a/web/src/test/java/org/springframework/security/web/firewall/FirewalledResponseTests.java b/web/src/test/java/org/springframework/security/web/firewall/FirewalledResponseTests.java
index df0d31f616..3b7fb9a846 100644
--- a/web/src/test/java/org/springframework/security/web/firewall/FirewalledResponseTests.java
+++ b/web/src/test/java/org/springframework/security/web/firewall/FirewalledResponseTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.firewall;
 
 import javax.servlet.http.Cookie;
diff --git a/web/src/test/java/org/springframework/security/web/firewall/HttpStatusRequestRejectedHandlerTests.java b/web/src/test/java/org/springframework/security/web/firewall/HttpStatusRequestRejectedHandlerTests.java
index 580d07d034..32d6e3f50e 100644
--- a/web/src/test/java/org/springframework/security/web/firewall/HttpStatusRequestRejectedHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/firewall/HttpStatusRequestRejectedHandlerTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.firewall;
 
 import javax.servlet.http.HttpServletRequest;
diff --git a/web/src/test/java/org/springframework/security/web/firewall/RequestWrapperTests.java b/web/src/test/java/org/springframework/security/web/firewall/RequestWrapperTests.java
index 378122d10e..36169d418d 100644
--- a/web/src/test/java/org/springframework/security/web/firewall/RequestWrapperTests.java
+++ b/web/src/test/java/org/springframework/security/web/firewall/RequestWrapperTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.firewall;
 
 import java.util.LinkedHashMap;
diff --git a/web/src/test/java/org/springframework/security/web/header/HeaderWriterFilterTests.java b/web/src/test/java/org/springframework/security/web/header/HeaderWriterFilterTests.java
index 3344e04175..2bf8744e3e 100644
--- a/web/src/test/java/org/springframework/security/web/header/HeaderWriterFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/HeaderWriterFilterTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.header;
 
 import java.util.ArrayList;
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/CacheControlHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/CacheControlHeadersWriterTests.java
index 2da78cbcca..c21b93e29d 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/CacheControlHeadersWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/CacheControlHeadersWriterTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.header.writers;
 
 import org.junit.Before;
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/CompositeHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/CompositeHeaderWriterTests.java
index d0b7accf29..fe3c26097a 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/CompositeHeaderWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/CompositeHeaderWriterTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.header.writers;
 
 import java.util.Arrays;
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/ContentSecurityPolicyHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/ContentSecurityPolicyHeaderWriterTests.java
index 5deaa5c785..5946ac1105 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/ContentSecurityPolicyHeaderWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/ContentSecurityPolicyHeaderWriterTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.header.writers;
 
 import org.junit.Before;
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/DelegatingRequestMatcherHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/DelegatingRequestMatcherHeaderWriterTests.java
index 2c5469247d..aca16eb1ae 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/DelegatingRequestMatcherHeaderWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/DelegatingRequestMatcherHeaderWriterTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.header.writers;
 
 import org.junit.Before;
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/HpkpHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/HpkpHeaderWriterTests.java
index a3386c5734..c92dfc09d8 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/HpkpHeaderWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/HpkpHeaderWriterTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.header.writers;
 
 import java.net.URI;
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/HstsHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/HstsHeaderWriterTests.java
index 0129af05a3..1ac7ea3b6c 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/HstsHeaderWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/HstsHeaderWriterTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.header.writers;
 
 import org.junit.Before;
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/ReferrerPolicyHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/ReferrerPolicyHeaderWriterTests.java
index 01eb4b6cec..95d06305e8 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/ReferrerPolicyHeaderWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/ReferrerPolicyHeaderWriterTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.header.writers;
 
 import org.junit.Before;
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/StaticHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/StaticHeaderWriterTests.java
index 1a502e56d6..ca82d20848 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/StaticHeaderWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/StaticHeaderWriterTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.header.writers;
 
 import java.util.Arrays;
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/XContentTypeOptionsHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/XContentTypeOptionsHeaderWriterTests.java
index 41ec5a4d14..10288251a9 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/XContentTypeOptionsHeaderWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/XContentTypeOptionsHeaderWriterTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.header.writers;
 
 import org.junit.Before;
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/XXssProtectionHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/XXssProtectionHeaderWriterTests.java
index 7cfe28314f..775e9058a1 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/XXssProtectionHeaderWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/XXssProtectionHeaderWriterTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.header.writers;
 
 import org.junit.Before;
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/AbstractRequestParameterAllowFromStrategyTests.java b/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/AbstractRequestParameterAllowFromStrategyTests.java
index c01dba9c8d..b853d1dcbf 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/AbstractRequestParameterAllowFromStrategyTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/AbstractRequestParameterAllowFromStrategyTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.header.writers.frameoptions;
 
 import org.junit.Before;
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/FrameOptionsHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/FrameOptionsHeaderWriterTests.java
index e3a2af46df..fdc33bee9c 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/FrameOptionsHeaderWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/FrameOptionsHeaderWriterTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.header.writers.frameoptions;
 
 import org.junit.Before;
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/RegExpAllowFromStrategyTests.java b/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/RegExpAllowFromStrategyTests.java
index 4850081c0e..3eb1ab512a 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/RegExpAllowFromStrategyTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/RegExpAllowFromStrategyTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.header.writers.frameoptions;
 
 import java.util.regex.PatternSyntaxException;
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/StaticAllowFromStrategyTests.java b/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/StaticAllowFromStrategyTests.java
index a9d8a2d5ff..e5faa74757 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/StaticAllowFromStrategyTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/StaticAllowFromStrategyTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.header.writers.frameoptions;
 
 import java.net.URI;
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/WhiteListedAllowFromStrategyTests.java b/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/WhiteListedAllowFromStrategyTests.java
index 89f57cc6e2..1d088d6c34 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/WhiteListedAllowFromStrategyTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/WhiteListedAllowFromStrategyTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.header.writers.frameoptions;
 
 import java.util.ArrayList;
diff --git a/web/src/test/java/org/springframework/security/web/method/annotation/AuthenticationPrincipalArgumentResolverTests.java b/web/src/test/java/org/springframework/security/web/method/annotation/AuthenticationPrincipalArgumentResolverTests.java
index c4a5545f84..630627d31c 100644
--- a/web/src/test/java/org/springframework/security/web/method/annotation/AuthenticationPrincipalArgumentResolverTests.java
+++ b/web/src/test/java/org/springframework/security/web/method/annotation/AuthenticationPrincipalArgumentResolverTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.method.annotation;
 
 import java.lang.annotation.ElementType;
diff --git a/web/src/test/java/org/springframework/security/web/method/annotation/CsrfTokenArgumentResolverTests.java b/web/src/test/java/org/springframework/security/web/method/annotation/CsrfTokenArgumentResolverTests.java
index 78a0257842..3e78d79014 100644
--- a/web/src/test/java/org/springframework/security/web/method/annotation/CsrfTokenArgumentResolverTests.java
+++ b/web/src/test/java/org/springframework/security/web/method/annotation/CsrfTokenArgumentResolverTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.method.annotation;
 
 import java.lang.reflect.Method;
diff --git a/web/src/test/java/org/springframework/security/web/method/annotation/CurrentSecurityContextArgumentResolverTests.java b/web/src/test/java/org/springframework/security/web/method/annotation/CurrentSecurityContextArgumentResolverTests.java
index e2c94bfa5f..ae55230c7a 100644
--- a/web/src/test/java/org/springframework/security/web/method/annotation/CurrentSecurityContextArgumentResolverTests.java
+++ b/web/src/test/java/org/springframework/security/web/method/annotation/CurrentSecurityContextArgumentResolverTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.method.annotation;
 
 import java.lang.annotation.ElementType;
diff --git a/web/src/test/java/org/springframework/security/web/savedrequest/CookieRequestCacheTests.java b/web/src/test/java/org/springframework/security/web/savedrequest/CookieRequestCacheTests.java
index b4c5df2465..5a3e85327f 100644
--- a/web/src/test/java/org/springframework/security/web/savedrequest/CookieRequestCacheTests.java
+++ b/web/src/test/java/org/springframework/security/web/savedrequest/CookieRequestCacheTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.savedrequest;
 
 import java.util.Base64;
diff --git a/web/src/test/java/org/springframework/security/web/savedrequest/DefaultSavedRequestTests.java b/web/src/test/java/org/springframework/security/web/savedrequest/DefaultSavedRequestTests.java
index 9d4f8408ef..258d7084ea 100644
--- a/web/src/test/java/org/springframework/security/web/savedrequest/DefaultSavedRequestTests.java
+++ b/web/src/test/java/org/springframework/security/web/savedrequest/DefaultSavedRequestTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.savedrequest;
 
 import org.junit.Test;
diff --git a/web/src/test/java/org/springframework/security/web/savedrequest/HttpSessionRequestCacheTests.java b/web/src/test/java/org/springframework/security/web/savedrequest/HttpSessionRequestCacheTests.java
index a5f883a2ff..4f201474cd 100644
--- a/web/src/test/java/org/springframework/security/web/savedrequest/HttpSessionRequestCacheTests.java
+++ b/web/src/test/java/org/springframework/security/web/savedrequest/HttpSessionRequestCacheTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.savedrequest;
 
 import java.util.Collection;
diff --git a/web/src/test/java/org/springframework/security/web/savedrequest/RequestCacheAwareFilterTests.java b/web/src/test/java/org/springframework/security/web/savedrequest/RequestCacheAwareFilterTests.java
index aa8a5ae0df..6457a22d6d 100644
--- a/web/src/test/java/org/springframework/security/web/savedrequest/RequestCacheAwareFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/savedrequest/RequestCacheAwareFilterTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.savedrequest;
 
 import java.util.Base64;
diff --git a/web/src/test/java/org/springframework/security/web/savedrequest/SavedCookieTests.java b/web/src/test/java/org/springframework/security/web/savedrequest/SavedCookieTests.java
index 999042e694..0bb9dd6027 100644
--- a/web/src/test/java/org/springframework/security/web/savedrequest/SavedCookieTests.java
+++ b/web/src/test/java/org/springframework/security/web/savedrequest/SavedCookieTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.savedrequest;
 
 import java.io.Serializable;
diff --git a/web/src/test/java/org/springframework/security/web/savedrequest/SavedRequestAwareWrapperTests.java b/web/src/test/java/org/springframework/security/web/savedrequest/SavedRequestAwareWrapperTests.java
index 86a28343f5..6a3ba4987c 100644
--- a/web/src/test/java/org/springframework/security/web/savedrequest/SavedRequestAwareWrapperTests.java
+++ b/web/src/test/java/org/springframework/security/web/savedrequest/SavedRequestAwareWrapperTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.savedrequest;
 
 import java.text.SimpleDateFormat;
diff --git a/web/src/test/java/org/springframework/security/web/savedrequest/SimpleSavedRequestTests.java b/web/src/test/java/org/springframework/security/web/savedrequest/SimpleSavedRequestTests.java
index 6753ff5dc4..24aa5ecb80 100644
--- a/web/src/test/java/org/springframework/security/web/savedrequest/SimpleSavedRequestTests.java
+++ b/web/src/test/java/org/springframework/security/web/savedrequest/SimpleSavedRequestTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.savedrequest;
 
 import java.util.Collection;
diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/logout/HeaderWriterServerLogoutHandlerTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/logout/HeaderWriterServerLogoutHandlerTests.java
index 083bc7f105..0cb532a837 100644
--- a/web/src/test/java/org/springframework/security/web/server/authentication/logout/HeaderWriterServerLogoutHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authentication/logout/HeaderWriterServerLogoutHandlerTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.server.authentication.logout;
 
 import org.junit.Test;
diff --git a/web/src/test/java/org/springframework/security/web/server/csrf/CsrfServerLogoutHandlerTests.java b/web/src/test/java/org/springframework/security/web/server/csrf/CsrfServerLogoutHandlerTests.java
index f48c29295e..5acdbd3569 100644
--- a/web/src/test/java/org/springframework/security/web/server/csrf/CsrfServerLogoutHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/csrf/CsrfServerLogoutHandlerTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.server.csrf;
 
 import org.junit.Before;
diff --git a/web/src/test/java/org/springframework/security/web/server/header/CacheControlServerHttpHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/server/header/CacheControlServerHttpHeadersWriterTests.java
index 2d32dca7f4..4b7db815ec 100644
--- a/web/src/test/java/org/springframework/security/web/server/header/CacheControlServerHttpHeadersWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/header/CacheControlServerHttpHeadersWriterTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.server.header;
 
 import org.junit.Test;
diff --git a/web/src/test/java/org/springframework/security/web/server/header/ClearSiteDataServerHttpHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/server/header/ClearSiteDataServerHttpHeadersWriterTests.java
index faa8b87451..ff8a0c0020 100644
--- a/web/src/test/java/org/springframework/security/web/server/header/ClearSiteDataServerHttpHeadersWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/header/ClearSiteDataServerHttpHeadersWriterTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.server.header;
 
 import java.util.List;
diff --git a/web/src/test/java/org/springframework/security/web/server/header/CompositeServerHttpHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/server/header/CompositeServerHttpHeadersWriterTests.java
index b49441fa89..f2f33daf80 100644
--- a/web/src/test/java/org/springframework/security/web/server/header/CompositeServerHttpHeadersWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/header/CompositeServerHttpHeadersWriterTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.server.header;
 
 import java.time.Duration;
diff --git a/web/src/test/java/org/springframework/security/web/server/header/HttpHeaderWriterWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/header/HttpHeaderWriterWebFilterTests.java
index 293e85b8a5..094f329b3b 100644
--- a/web/src/test/java/org/springframework/security/web/server/header/HttpHeaderWriterWebFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/header/HttpHeaderWriterWebFilterTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.server.header;
 
 import org.junit.Before;
diff --git a/web/src/test/java/org/springframework/security/web/server/header/StaticServerHttpHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/server/header/StaticServerHttpHeadersWriterTests.java
index f2f850fbf4..94e98b9d7a 100644
--- a/web/src/test/java/org/springframework/security/web/server/header/StaticServerHttpHeadersWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/header/StaticServerHttpHeadersWriterTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.server.header;
 
 import org.junit.Test;
diff --git a/web/src/test/java/org/springframework/security/web/server/header/StrictTransportSecurityServerHttpHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/server/header/StrictTransportSecurityServerHttpHeadersWriterTests.java
index 16f6520443..351e3515c3 100644
--- a/web/src/test/java/org/springframework/security/web/server/header/StrictTransportSecurityServerHttpHeadersWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/header/StrictTransportSecurityServerHttpHeadersWriterTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.server.header;
 
 import java.time.Duration;
diff --git a/web/src/test/java/org/springframework/security/web/server/header/XContentTypeOptionsServerHttpHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/server/header/XContentTypeOptionsServerHttpHeadersWriterTests.java
index 099ebfac57..a6765baa97 100644
--- a/web/src/test/java/org/springframework/security/web/server/header/XContentTypeOptionsServerHttpHeadersWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/header/XContentTypeOptionsServerHttpHeadersWriterTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.server.header;
 
 import org.junit.Test;
diff --git a/web/src/test/java/org/springframework/security/web/server/header/XFrameOptionsServerHttpHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/server/header/XFrameOptionsServerHttpHeadersWriterTests.java
index cef79b2993..4c078b24ac 100644
--- a/web/src/test/java/org/springframework/security/web/server/header/XFrameOptionsServerHttpHeadersWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/header/XFrameOptionsServerHttpHeadersWriterTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.server.header;
 
 import org.junit.Before;
diff --git a/web/src/test/java/org/springframework/security/web/server/header/XXssProtectionServerHttpHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/server/header/XXssProtectionServerHttpHeadersWriterTests.java
index e735f1b233..8e012d0721 100644
--- a/web/src/test/java/org/springframework/security/web/server/header/XXssProtectionServerHttpHeadersWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/header/XXssProtectionServerHttpHeadersWriterTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.server.header;
 
 import org.junit.Test;
diff --git a/web/src/test/java/org/springframework/security/web/server/util/matcher/PathMatcherServerWebExchangeMatcherTests.java b/web/src/test/java/org/springframework/security/web/server/util/matcher/PathMatcherServerWebExchangeMatcherTests.java
index 0f12d95dd0..b44fa173bb 100644
--- a/web/src/test/java/org/springframework/security/web/server/util/matcher/PathMatcherServerWebExchangeMatcherTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/util/matcher/PathMatcherServerWebExchangeMatcherTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.server.util.matcher;
 
 import java.util.HashMap;
diff --git a/web/src/test/java/org/springframework/security/web/servlet/support/csrf/CsrfRequestDataValueProcessorTests.java b/web/src/test/java/org/springframework/security/web/servlet/support/csrf/CsrfRequestDataValueProcessorTests.java
index 1b2ef782ac..b227f2ed86 100644
--- a/web/src/test/java/org/springframework/security/web/servlet/support/csrf/CsrfRequestDataValueProcessorTests.java
+++ b/web/src/test/java/org/springframework/security/web/servlet/support/csrf/CsrfRequestDataValueProcessorTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.servlet.support.csrf;
 
 import java.lang.reflect.Method;
diff --git a/web/src/test/java/org/springframework/security/web/session/HttpSessionDestroyedEventTests.java b/web/src/test/java/org/springframework/security/web/session/HttpSessionDestroyedEventTests.java
index 400aea182b..71e11b6b06 100644
--- a/web/src/test/java/org/springframework/security/web/session/HttpSessionDestroyedEventTests.java
+++ b/web/src/test/java/org/springframework/security/web/session/HttpSessionDestroyedEventTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.session;
 
 import java.util.List;
diff --git a/web/src/test/java/org/springframework/security/web/session/SessionManagementFilterTests.java b/web/src/test/java/org/springframework/security/web/session/SessionManagementFilterTests.java
index f973fe6331..bb5f535ba9 100644
--- a/web/src/test/java/org/springframework/security/web/session/SessionManagementFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/session/SessionManagementFilterTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.session;
 
 import javax.servlet.FilterChain;
diff --git a/web/src/test/java/org/springframework/security/web/util/OnCommittedResponseWrapperTests.java b/web/src/test/java/org/springframework/security/web/util/OnCommittedResponseWrapperTests.java
index 1f39a8b7f4..778b5bcb92 100644
--- a/web/src/test/java/org/springframework/security/web/util/OnCommittedResponseWrapperTests.java
+++ b/web/src/test/java/org/springframework/security/web/util/OnCommittedResponseWrapperTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.util;
 
 import java.io.IOException;
diff --git a/web/src/test/java/org/springframework/security/web/util/TextEscapeUtilsTests.java b/web/src/test/java/org/springframework/security/web/util/TextEscapeUtilsTests.java
index 90f6dcd4d7..c3be88a3ed 100644
--- a/web/src/test/java/org/springframework/security/web/util/TextEscapeUtilsTests.java
+++ b/web/src/test/java/org/springframework/security/web/util/TextEscapeUtilsTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.util;
 
 import org.junit.Test;
diff --git a/web/src/test/java/org/springframework/security/web/util/ThrowableAnalyzerTests.java b/web/src/test/java/org/springframework/security/web/util/ThrowableAnalyzerTests.java
index a0cb2c9609..10a76b0f6c 100644
--- a/web/src/test/java/org/springframework/security/web/util/ThrowableAnalyzerTests.java
+++ b/web/src/test/java/org/springframework/security/web/util/ThrowableAnalyzerTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.util;
 
 import java.lang.reflect.InvocationTargetException;
diff --git a/web/src/test/java/org/springframework/security/web/util/UrlUtilsTests.java b/web/src/test/java/org/springframework/security/web/util/UrlUtilsTests.java
index a5a9313a2a..3130aec2a6 100644
--- a/web/src/test/java/org/springframework/security/web/util/UrlUtilsTests.java
+++ b/web/src/test/java/org/springframework/security/web/util/UrlUtilsTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.util;
 
 import org.junit.Test;
diff --git a/web/src/test/java/org/springframework/security/web/util/matcher/AndRequestMatcherTests.java b/web/src/test/java/org/springframework/security/web/util/matcher/AndRequestMatcherTests.java
index cd83fe120d..f3a7671d50 100644
--- a/web/src/test/java/org/springframework/security/web/util/matcher/AndRequestMatcherTests.java
+++ b/web/src/test/java/org/springframework/security/web/util/matcher/AndRequestMatcherTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.util.matcher;
 
 import java.util.Arrays;
diff --git a/web/src/test/java/org/springframework/security/web/util/matcher/ELRequestMatcherTests.java b/web/src/test/java/org/springframework/security/web/util/matcher/ELRequestMatcherTests.java
index 5c7f5ba565..4a71218ce9 100644
--- a/web/src/test/java/org/springframework/security/web/util/matcher/ELRequestMatcherTests.java
+++ b/web/src/test/java/org/springframework/security/web/util/matcher/ELRequestMatcherTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.util.matcher;
 
 import org.junit.Test;
diff --git a/web/src/test/java/org/springframework/security/web/util/matcher/IpAddressMatcherTests.java b/web/src/test/java/org/springframework/security/web/util/matcher/IpAddressMatcherTests.java
index f99fb66b7b..b0f2594cf6 100644
--- a/web/src/test/java/org/springframework/security/web/util/matcher/IpAddressMatcherTests.java
+++ b/web/src/test/java/org/springframework/security/web/util/matcher/IpAddressMatcherTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.util.matcher;
 
 import org.junit.Before;
diff --git a/web/src/test/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcherRequestHCNSTests.java b/web/src/test/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcherRequestHCNSTests.java
index ec7d9e6e88..df88943b00 100644
--- a/web/src/test/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcherRequestHCNSTests.java
+++ b/web/src/test/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcherRequestHCNSTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.util.matcher;
 
 import java.util.Collections;
diff --git a/web/src/test/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcherTests.java b/web/src/test/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcherTests.java
index 558ea6d6a5..77567eb379 100644
--- a/web/src/test/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcherTests.java
+++ b/web/src/test/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcherTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.util.matcher;
 
 import java.util.Arrays;
diff --git a/web/src/test/java/org/springframework/security/web/util/matcher/NegatedRequestMatcherTests.java b/web/src/test/java/org/springframework/security/web/util/matcher/NegatedRequestMatcherTests.java
index 64ecf24e69..7c9cbbae36 100644
--- a/web/src/test/java/org/springframework/security/web/util/matcher/NegatedRequestMatcherTests.java
+++ b/web/src/test/java/org/springframework/security/web/util/matcher/NegatedRequestMatcherTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.util.matcher;
 
 import javax.servlet.http.HttpServletRequest;
diff --git a/web/src/test/java/org/springframework/security/web/util/matcher/OrRequestMatcherTests.java b/web/src/test/java/org/springframework/security/web/util/matcher/OrRequestMatcherTests.java
index 8da438fb84..6783abef41 100644
--- a/web/src/test/java/org/springframework/security/web/util/matcher/OrRequestMatcherTests.java
+++ b/web/src/test/java/org/springframework/security/web/util/matcher/OrRequestMatcherTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.util.matcher;
 
 import java.util.Arrays;
diff --git a/web/src/test/java/org/springframework/security/web/util/matcher/RequestHeaderRequestMatcherTests.java b/web/src/test/java/org/springframework/security/web/util/matcher/RequestHeaderRequestMatcherTests.java
index 7f9d4b3b77..e677059a9b 100644
--- a/web/src/test/java/org/springframework/security/web/util/matcher/RequestHeaderRequestMatcherTests.java
+++ b/web/src/test/java/org/springframework/security/web/util/matcher/RequestHeaderRequestMatcherTests.java
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.springframework.security.web.util.matcher;
 
 import org.junit.Before;

From 8559447357ad32d2130abf402ac984f5f7dec5b5 Mon Sep 17 00:00:00 2001
From: Phillip Webb <pwebb@vmware.com>
Date: Wed, 29 Jul 2020 14:14:23 -0700
Subject: [PATCH 41/84] Enforce checkstyle header rule

Enforce the checkstyle header rule and fix a few classes that had
malformed headers.

Issue gh-8945
---
 .../ExpressionBasedPreInvocationAdvice.java   |  3 ---
 .../security/core/ComparableVersion.java      | 19 -------------------
 .../authentication/dao/MockUserCache.java     |  3 ---
 etc/checkstyle/checkstyle-suppressions.xml    |  1 -
 etc/checkstyle/checkstyle.xml                 |  8 +++++++-
 etc/checkstyle/header.txt                     | 16 ++++++++++++++++
 6 files changed, 23 insertions(+), 27 deletions(-)
 create mode 100644 etc/checkstyle/header.txt

diff --git a/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPreInvocationAdvice.java b/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPreInvocationAdvice.java
index af6405a831..da6cfdacba 100644
--- a/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPreInvocationAdvice.java
+++ b/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPreInvocationAdvice.java
@@ -13,9 +13,6 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-/**
- *
- */
 
 package org.springframework.security.access.expression.method;
 
diff --git a/core/src/main/java/org/springframework/security/core/ComparableVersion.java b/core/src/main/java/org/springframework/security/core/ComparableVersion.java
index ebc0042605..bce13b7ac1 100644
--- a/core/src/main/java/org/springframework/security/core/ComparableVersion.java
+++ b/core/src/main/java/org/springframework/security/core/ComparableVersion.java
@@ -16,25 +16,6 @@
 
 package org.springframework.security.core;
 
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *  https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
 import java.math.BigInteger;
 import java.util.ArrayList;
 import java.util.Arrays;
diff --git a/core/src/test/java/org/springframework/security/authentication/dao/MockUserCache.java b/core/src/test/java/org/springframework/security/authentication/dao/MockUserCache.java
index a6ff266adb..5a2a0467ed 100644
--- a/core/src/test/java/org/springframework/security/authentication/dao/MockUserCache.java
+++ b/core/src/test/java/org/springframework/security/authentication/dao/MockUserCache.java
@@ -13,9 +13,6 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-/**
- *
- */
 
 package org.springframework.security.authentication.dao;
 
diff --git a/etc/checkstyle/checkstyle-suppressions.xml b/etc/checkstyle/checkstyle-suppressions.xml
index 3ec4e39adc..d542c23394 100644
--- a/etc/checkstyle/checkstyle-suppressions.xml
+++ b/etc/checkstyle/checkstyle-suppressions.xml
@@ -3,7 +3,6 @@
 		"-//Checkstyle//DTD SuppressionFilter Configuration 1.2//EN"
 		"https://checkstyle.org/dtds/suppressions_1_2.dtd">
 <suppressions>
-	<suppress files=".*" checks="SpringHeader" />
 	<suppress files=".*" checks="SpringHideUtilityClassConstructor" />
 	<suppress files=".*" checks="SpringJavadoc" />
 	<suppress files=".*" checks="SpringLambda" />
diff --git a/etc/checkstyle/checkstyle.xml b/etc/checkstyle/checkstyle.xml
index deb31f3d5b..e2c3704a5a 100644
--- a/etc/checkstyle/checkstyle.xml
+++ b/etc/checkstyle/checkstyle.xml
@@ -7,5 +7,11 @@
 		<property name="file"
 			value="${config_loc}/checkstyle-suppressions.xml" />
 	</module>
-	<module name="io.spring.javaformat.checkstyle.SpringChecks" />
+	<module name="com.puppycrawl.tools.checkstyle.checks.header.RegexpHeaderCheck">
+		<property name="headerFile" value="${config_loc}/header.txt" />
+		<property name="fileExtensions" value="java" />
+	</module>
+	<module name="io.spring.javaformat.checkstyle.SpringChecks">
+		<property name="excludes" value="io.spring.javaformat.checkstyle.check.SpringHeaderCheck" />
+	</module>
 </module>
\ No newline at end of file
diff --git a/etc/checkstyle/header.txt b/etc/checkstyle/header.txt
new file mode 100644
index 0000000000..a0eb45dbdf
--- /dev/null
+++ b/etc/checkstyle/header.txt
@@ -0,0 +1,16 @@
+^\Q/*\E$
+^\Q * Copyright \E20\d\d(-20\d\d)?(, \d\d\d\d)*\ (Acegi Technology Pty Limited|the original author or authors.)$
+^\Q *\E$
+^\Q * Licensed under the Apache License, Version 2.0 (the "License");\E$
+^\Q * you may not use this file except in compliance with the License.\E$
+^\Q * You may obtain a copy of the License at\E$
+^\Q *\E$
+^\Q *      https://www.apache.org/licenses/LICENSE-2.0\E$
+^\Q *\E$
+^\Q * Unless required by applicable law or agreed to in writing, software\E$
+^\Q * distributed under the License is distributed on an "AS IS" BASIS,\E$
+^\Q * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\E$
+^\Q * See the License for the specific language governing permissions and\E$
+^\Q * limitations under the License.\E$
+^\Q */\E$
+^$

From 01d90c98810f7b421ffeb3147fb6a5157cda8446 Mon Sep 17 00:00:00 2001
From: Phillip Webb <pwebb@vmware.com>
Date: Wed, 29 Jul 2020 15:15:15 -0700
Subject: [PATCH 42/84] Hide utility class constructors

Update all utility classes so that they have a private constructor. This
prevents users from accidentally creating an instance, when they should
just use the static methods directly.

Issue gh-8945
---
 .../config/http/ChannelAttributeFactory.java  |  5 ++++-
 ...OAuth2ClientBeanDefinitionParserUtils.java |  3 +++
 .../saml2/TestSaml2Credentials.java           |  5 ++++-
 ...erverHttpSecurityConfigurationBuilder.java |  5 ++++-
 .../http/SecurityFiltersAssertions.java       |  6 ++++--
 .../access/expression/ExpressionUtils.java    |  3 +++
 .../security/converter/RsaKeyConverters.java  |  5 ++++-
 .../core/SpringSecurityCoreVersion.java       |  5 ++++-
 .../ReactiveSecurityContextHolder.java        |  5 ++++-
 .../security/util/FieldUtils.java             |  3 +++
 .../security/util/MethodInvocationUtils.java  |  3 +++
 .../sec2150/MethodInvocationFactory.java      |  5 ++++-
 .../expression/method/SecurityRules.java      |  5 ++++-
 .../security/util/FieldUtilsTests.java        |  2 --
 .../util/MethodInvocationUtilsTests.java      |  2 --
 .../crypto/argon2/Argon2EncodingUtils.java    |  5 ++++-
 .../security/crypto/codec/Base64.java         |  3 +++
 .../security/crypto/codec/Hex.java            |  3 +++
 .../security/crypto/codec/Utf8.java           |  3 +++
 .../security/crypto/codec/Base64Tests.java    |  2 --
 .../crypto/encrypt/CryptoAssumptions.java     |  5 ++++-
 etc/checkstyle/checkstyle-suppressions.xml    |  1 -
 .../PasswordPolicyControlExtractor.java       |  5 ++++-
 ...2AuthorizationGrantRequestEntityUtils.java |  3 +++
 .../TestOAuth2AuthenticationTokens.java       |  5 ++++-
 ...AuthorizationCodeAuthenticationTokens.java |  5 ++++-
 .../registration/TestClientRegistrations.java |  5 ++++-
 .../http/converter/HttpMessageConverters.java |  3 +++
 .../oauth2/core/TestOAuth2AccessTokens.java   |  5 ++++-
 .../oauth2/core/TestOAuth2RefreshTokens.java  |  5 ++++-
 .../TestOAuth2AccessTokenResponses.java       |  5 ++++-
 .../TestOAuth2AuthorizationExchanges.java     |  5 ++++-
 .../TestOAuth2AuthorizationRequests.java      |  5 ++++-
 .../TestOAuth2AuthorizationResponses.java     |  5 ++++-
 .../oauth2/core/oidc/TestOidcIdTokens.java    |  5 ++++-
 .../oauth2/core/oidc/user/TestOidcUsers.java  |  5 ++++-
 .../oauth2/core/user/TestOAuth2Users.java     |  5 ++++-
 .../JwtDecoderProviderConfigurationUtils.java |  5 ++++-
 .../security/oauth2/jose/TestKeys.java        | 19 ++++++++++---------
 .../security/oauth2/jwt/TestJwts.java         |  5 ++++-
 .../TestOAuth2AuthenticatedPrincipals.java    |  5 ++++-
 .../TestBearerTokenAuthentications.java       |  5 ++++-
 .../core/OpenSamlInitializationService.java   |  5 ++++-
 .../service/authentication/Saml2Utils.java    |  3 +++
 .../RelyingPartyRegistrations.java            |  3 +++
 .../servlet/filter/Saml2ServletUtils.java     |  3 +++
 .../security/saml2/core/Saml2Utils.java       |  3 +++
 .../saml2/core/TestSaml2X509Credentials.java  |  3 +++
 .../credentials/TestSaml2X509Credentials.java |  3 +++
 .../authentication/TestOpenSamlObjects.java   |  3 +++
 ...estSaml2AuthenticationRequestContexts.java |  5 ++++-
 .../TestRelyingPartyRegistrations.java        |  5 ++++-
 .../security/taglibs/TagLibConfig.java        |  3 +++
 .../server/SecurityMockServerConfigurers.java |  5 ++++-
 .../setup/SecurityMockMvcConfigurers.java     |  3 +++
 .../security/web/WebAttributes.java           |  3 +++
 .../authentication/www/DigestAuthUtils.java   |  3 +++
 .../web/savedrequest/FastHttpDateFormat.java  |  5 ++++-
 .../security/web/util/UrlUtils.java           |  3 +++
 .../reactive/server/WebTestClientBuilder.java |  5 ++++-
 .../preauth/x509/X509TestUtils.java           |  5 ++++-
 61 files changed, 213 insertions(+), 52 deletions(-)

diff --git a/config/src/main/java/org/springframework/security/config/http/ChannelAttributeFactory.java b/config/src/main/java/org/springframework/security/config/http/ChannelAttributeFactory.java
index 7da9d7aa2c..0f2d649d08 100644
--- a/config/src/main/java/org/springframework/security/config/http/ChannelAttributeFactory.java
+++ b/config/src/main/java/org/springframework/security/config/http/ChannelAttributeFactory.java
@@ -30,7 +30,7 @@ import org.springframework.security.web.access.channel.ChannelDecisionManagerImp
  * @author Luke Taylor
  * @since 3.0
  */
-public class ChannelAttributeFactory {
+public final class ChannelAttributeFactory {
 
 	private static final String OPT_REQUIRES_HTTP = "http";
 
@@ -38,6 +38,9 @@ public class ChannelAttributeFactory {
 
 	private static final String OPT_ANY_CHANNEL = "any";
 
+	private ChannelAttributeFactory() {
+	}
+
 	public static List<ConfigAttribute> createChannelAttributes(String requiredChannel) {
 		String channelConfigAttribute;
 
diff --git a/config/src/main/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserUtils.java b/config/src/main/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserUtils.java
index dd81b49c31..40be5b39aa 100644
--- a/config/src/main/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserUtils.java
+++ b/config/src/main/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserUtils.java
@@ -37,6 +37,9 @@ final class OAuth2ClientBeanDefinitionParserUtils {
 
 	private static final String ATT_AUTHORIZED_CLIENT_SERVICE_REF = "authorized-client-service-ref";
 
+	private OAuth2ClientBeanDefinitionParserUtils() {
+	}
+
 	static BeanMetadataElement getClientRegistrationRepository(Element element) {
 		BeanMetadataElement clientRegistrationRepository;
 		String clientRegistrationRepositoryRef = element.getAttribute(ATT_CLIENT_REGISTRATION_REPOSITORY_REF);
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/TestSaml2Credentials.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/TestSaml2Credentials.java
index fc99869575..3952a19c1a 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/TestSaml2Credentials.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/TestSaml2Credentials.java
@@ -29,7 +29,10 @@ import org.springframework.security.saml2.credentials.Saml2X509Credential.Saml2X
 /**
  * Preconfigured SAML credentials for SAML integration tests.
  */
-public class TestSaml2Credentials {
+public final class TestSaml2Credentials {
+
+	private TestSaml2Credentials() {
+	}
 
 	static Saml2X509Credential verificationCertificate() {
 		String certificate = "-----BEGIN CERTIFICATE-----\n"
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfigurationBuilder.java b/config/src/test/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfigurationBuilder.java
index 925b4e7552..d8922ad6c1 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfigurationBuilder.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfigurationBuilder.java
@@ -26,7 +26,10 @@ import org.springframework.security.core.userdetails.ReactiveUserDetailsService;
  * @author Rob Winch
  * @since 5.0
  */
-public class ServerHttpSecurityConfigurationBuilder {
+public final class ServerHttpSecurityConfigurationBuilder {
+
+	private ServerHttpSecurityConfigurationBuilder() {
+	}
 
 	public static ServerHttpSecurity http() {
 		return new ServerHttpSecurityConfiguration().httpSecurity();
diff --git a/config/src/test/java/org/springframework/security/config/http/SecurityFiltersAssertions.java b/config/src/test/java/org/springframework/security/config/http/SecurityFiltersAssertions.java
index e7c01c96fe..afa8a80d1a 100644
--- a/config/src/test/java/org/springframework/security/config/http/SecurityFiltersAssertions.java
+++ b/config/src/test/java/org/springframework/security/config/http/SecurityFiltersAssertions.java
@@ -29,13 +29,15 @@ import static org.assertj.core.api.Assertions.assertThat;
  *
  * @author Josh Cummings
  */
-public class SecurityFiltersAssertions {
+public final class SecurityFiltersAssertions {
 
 	private static Collection<SecurityFilters> ordered = Arrays.asList(SecurityFilters.values());
 
+	private SecurityFiltersAssertions() {
+	}
+
 	public static void assertEquals(List<String> filters) {
 		List<String> expected = ordered.stream().map(SecurityFilters::name).collect(Collectors.toList());
-
 		assertThat(filters).isEqualTo(expected);
 	}
 
diff --git a/core/src/main/java/org/springframework/security/access/expression/ExpressionUtils.java b/core/src/main/java/org/springframework/security/access/expression/ExpressionUtils.java
index 1a051806f5..5296a3eacb 100644
--- a/core/src/main/java/org/springframework/security/access/expression/ExpressionUtils.java
+++ b/core/src/main/java/org/springframework/security/access/expression/ExpressionUtils.java
@@ -22,6 +22,9 @@ import org.springframework.expression.Expression;
 
 public final class ExpressionUtils {
 
+	private ExpressionUtils() {
+	}
+
 	public static boolean evaluateAsBoolean(Expression expr, EvaluationContext ctx) {
 		try {
 			return expr.getValue(ctx, Boolean.class);
diff --git a/core/src/main/java/org/springframework/security/converter/RsaKeyConverters.java b/core/src/main/java/org/springframework/security/converter/RsaKeyConverters.java
index bf63a85819..920017fd96 100644
--- a/core/src/main/java/org/springframework/security/converter/RsaKeyConverters.java
+++ b/core/src/main/java/org/springframework/security/converter/RsaKeyConverters.java
@@ -38,7 +38,7 @@ import org.springframework.util.Assert;
  * @author Josh Cummings
  * @since 5.2
  */
-public class RsaKeyConverters {
+public final class RsaKeyConverters {
 
 	private static final String DASHES = "-----";
 
@@ -50,6 +50,9 @@ public class RsaKeyConverters {
 
 	private static final String X509_PEM_FOOTER = DASHES + "END PUBLIC KEY" + DASHES;
 
+	private RsaKeyConverters() {
+	}
+
 	/**
 	 * Construct a {@link Converter} for converting a PEM-encoded PKCS#8 RSA Private Key
 	 * into a {@link RSAPrivateKey}.
diff --git a/core/src/main/java/org/springframework/security/core/SpringSecurityCoreVersion.java b/core/src/main/java/org/springframework/security/core/SpringSecurityCoreVersion.java
index 75a2311f5a..0fa679be95 100644
--- a/core/src/main/java/org/springframework/security/core/SpringSecurityCoreVersion.java
+++ b/core/src/main/java/org/springframework/security/core/SpringSecurityCoreVersion.java
@@ -30,7 +30,7 @@ import org.springframework.core.SpringVersion;
  * @author Luke Taylor
  * @author Rob Winch
  */
-public class SpringSecurityCoreVersion {
+public final class SpringSecurityCoreVersion {
 
 	private static final String DISABLE_CHECKS = SpringSecurityCoreVersion.class.getName().concat(".DISABLE_CHECKS");
 
@@ -50,6 +50,9 @@ public class SpringSecurityCoreVersion {
 		performVersionChecks();
 	}
 
+	private SpringSecurityCoreVersion() {
+	}
+
 	public static String getVersion() {
 		Package pkg = SpringSecurityCoreVersion.class.getPackage();
 		return (pkg != null ? pkg.getImplementationVersion() : null);
diff --git a/core/src/main/java/org/springframework/security/core/context/ReactiveSecurityContextHolder.java b/core/src/main/java/org/springframework/security/core/context/ReactiveSecurityContextHolder.java
index 07e988f54d..ac3366d665 100644
--- a/core/src/main/java/org/springframework/security/core/context/ReactiveSecurityContextHolder.java
+++ b/core/src/main/java/org/springframework/security/core/context/ReactiveSecurityContextHolder.java
@@ -29,10 +29,13 @@ import org.springframework.security.core.Authentication;
  * @author Rob Winch
  * @since 5.0
  */
-public class ReactiveSecurityContextHolder {
+public final class ReactiveSecurityContextHolder {
 
 	private static final Class<?> SECURITY_CONTEXT_KEY = SecurityContext.class;
 
+	private ReactiveSecurityContextHolder() {
+	}
+
 	/**
 	 * Gets the {@code Mono<SecurityContext>} from Reactor {@link Context}
 	 * @return the {@code Mono<SecurityContext>}
diff --git a/core/src/main/java/org/springframework/security/util/FieldUtils.java b/core/src/main/java/org/springframework/security/util/FieldUtils.java
index 0f19684ad5..be6de9d0e6 100644
--- a/core/src/main/java/org/springframework/security/util/FieldUtils.java
+++ b/core/src/main/java/org/springframework/security/util/FieldUtils.java
@@ -29,6 +29,9 @@ import org.springframework.util.StringUtils;
  */
 public final class FieldUtils {
 
+	private FieldUtils() {
+	}
+
 	/**
 	 * Attempts to locate the specified field on the class.
 	 * @param clazz the class definition containing the field
diff --git a/core/src/main/java/org/springframework/security/util/MethodInvocationUtils.java b/core/src/main/java/org/springframework/security/util/MethodInvocationUtils.java
index ef05c2d84f..09d44f5760 100644
--- a/core/src/main/java/org/springframework/security/util/MethodInvocationUtils.java
+++ b/core/src/main/java/org/springframework/security/util/MethodInvocationUtils.java
@@ -35,6 +35,9 @@ import org.springframework.util.Assert;
  */
 public final class MethodInvocationUtils {
 
+	private MethodInvocationUtils() {
+	}
+
 	/**
 	 * Generates a <code>MethodInvocation</code> for specified <code>methodName</code> on
 	 * the passed object, using the <code>args</code> to locate the method.
diff --git a/core/src/test/java/org/springframework/security/access/annotation/sec2150/MethodInvocationFactory.java b/core/src/test/java/org/springframework/security/access/annotation/sec2150/MethodInvocationFactory.java
index fdce7db144..eb0c440713 100644
--- a/core/src/test/java/org/springframework/security/access/annotation/sec2150/MethodInvocationFactory.java
+++ b/core/src/test/java/org/springframework/security/access/annotation/sec2150/MethodInvocationFactory.java
@@ -19,7 +19,10 @@ package org.springframework.security.access.annotation.sec2150;
 import org.springframework.aop.framework.ProxyFactory;
 import org.springframework.security.access.intercept.method.MockMethodInvocation;
 
-public class MethodInvocationFactory {
+public final class MethodInvocationFactory {
+
+	private MethodInvocationFactory() {
+	}
 
 	/**
 	 * In order to reproduce the bug for SEC-2150, we must have a proxy object that
diff --git a/core/src/test/java/org/springframework/security/access/expression/method/SecurityRules.java b/core/src/test/java/org/springframework/security/access/expression/method/SecurityRules.java
index 5be6cb8a29..af4715cf69 100644
--- a/core/src/test/java/org/springframework/security/access/expression/method/SecurityRules.java
+++ b/core/src/test/java/org/springframework/security/access/expression/method/SecurityRules.java
@@ -16,7 +16,10 @@
 
 package org.springframework.security.access.expression.method;
 
-public class SecurityRules {
+public final class SecurityRules {
+
+	private SecurityRules() {
+	}
 
 	public static boolean disallow() {
 		return false;
diff --git a/core/src/test/java/org/springframework/security/util/FieldUtilsTests.java b/core/src/test/java/org/springframework/security/util/FieldUtilsTests.java
index edc8356988..51835d2133 100644
--- a/core/src/test/java/org/springframework/security/util/FieldUtilsTests.java
+++ b/core/src/test/java/org/springframework/security/util/FieldUtilsTests.java
@@ -27,8 +27,6 @@ public class FieldUtilsTests {
 
 	@Test
 	public void gettingAndSettingProtectedFieldIsSuccessful() throws Exception {
-		new FieldUtils();
-
 		Object tc = new TestClass();
 
 		assertThat(FieldUtils.getProtectedFieldValue("protectedField", tc)).isEqualTo("x");
diff --git a/core/src/test/java/org/springframework/security/util/MethodInvocationUtilsTests.java b/core/src/test/java/org/springframework/security/util/MethodInvocationUtilsTests.java
index 13dd7b7e16..aa099fb9c0 100644
--- a/core/src/test/java/org/springframework/security/util/MethodInvocationUtilsTests.java
+++ b/core/src/test/java/org/springframework/security/util/MethodInvocationUtilsTests.java
@@ -33,8 +33,6 @@ public class MethodInvocationUtilsTests {
 
 	@Test
 	public void createFromClassReturnsMethodWithNoArgInfoForMethodWithNoArgs() {
-		new MethodInvocationUtils();
-
 		MethodInvocation mi = MethodInvocationUtils.createFromClass(String.class, "length");
 		assertThat(mi).isNotNull();
 	}
diff --git a/crypto/src/main/java/org/springframework/security/crypto/argon2/Argon2EncodingUtils.java b/crypto/src/main/java/org/springframework/security/crypto/argon2/Argon2EncodingUtils.java
index 21fdc524c3..dcc0a5d478 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/argon2/Argon2EncodingUtils.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/argon2/Argon2EncodingUtils.java
@@ -29,12 +29,15 @@ import org.bouncycastle.util.Arrays;
  * @author Simeon Macke
  * @since 5.3
  */
-class Argon2EncodingUtils {
+final class Argon2EncodingUtils {
 
 	private static final Base64.Encoder b64encoder = Base64.getEncoder().withoutPadding();
 
 	private static final Base64.Decoder b64decoder = Base64.getDecoder();
 
+	private Argon2EncodingUtils() {
+	}
+
 	/**
 	 * Encodes a raw Argon2-hash and its parameters into the standard Argon2-hash-string
 	 * as specified in the reference implementation
diff --git a/crypto/src/main/java/org/springframework/security/crypto/codec/Base64.java b/crypto/src/main/java/org/springframework/security/crypto/codec/Base64.java
index efefa8f39a..234882ceab 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/codec/Base64.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/codec/Base64.java
@@ -237,6 +237,9 @@ public final class Base64 {
 			-9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9 // Decimal 244 - 255
 	};
 
+	private Base64() {
+	}
+
 	public static byte[] decode(byte[] bytes) {
 		return decode(bytes, 0, bytes.length, NO_OPTIONS);
 	}
diff --git a/crypto/src/main/java/org/springframework/security/crypto/codec/Hex.java b/crypto/src/main/java/org/springframework/security/crypto/codec/Hex.java
index 339440820f..48360ca934 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/codec/Hex.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/codec/Hex.java
@@ -30,6 +30,9 @@ public final class Hex {
 	private static final char[] HEX = { '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e',
 			'f' };
 
+	private Hex() {
+	}
+
 	public static char[] encode(byte[] bytes) {
 		final int nBytes = bytes.length;
 		char[] result = new char[2 * nBytes];
diff --git a/crypto/src/main/java/org/springframework/security/crypto/codec/Utf8.java b/crypto/src/main/java/org/springframework/security/crypto/codec/Utf8.java
index bc279665b3..7dd723a99b 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/codec/Utf8.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/codec/Utf8.java
@@ -33,6 +33,9 @@ public final class Utf8 {
 
 	private static final Charset CHARSET = StandardCharsets.UTF_8;
 
+	private Utf8() {
+	}
+
 	/**
 	 * Get the bytes of the String in UTF-8 encoded form.
 	 */
diff --git a/crypto/src/test/java/org/springframework/security/crypto/codec/Base64Tests.java b/crypto/src/test/java/org/springframework/security/crypto/codec/Base64Tests.java
index 16ec122720..6518c4b007 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/codec/Base64Tests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/codec/Base64Tests.java
@@ -28,8 +28,6 @@ public class Base64Tests {
 
 	@Test
 	public void isBase64ReturnsTrueForValidBase64() {
-		new Base64(); // unused
-
 		assertThat(Base64.isBase64(new byte[] { (byte) 'A', (byte) 'B', (byte) 'C', (byte) 'D' })).isTrue();
 	}
 
diff --git a/crypto/src/test/java/org/springframework/security/crypto/encrypt/CryptoAssumptions.java b/crypto/src/test/java/org/springframework/security/crypto/encrypt/CryptoAssumptions.java
index 1c39238133..3feeb87868 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/encrypt/CryptoAssumptions.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/encrypt/CryptoAssumptions.java
@@ -26,7 +26,10 @@ import org.junit.AssumptionViolatedException;
 
 import org.springframework.security.crypto.encrypt.AesBytesEncryptor.CipherAlgorithm;
 
-public class CryptoAssumptions {
+public final class CryptoAssumptions {
+
+	private CryptoAssumptions() {
+	}
 
 	public static void assumeGCMJCE() {
 		assumeAes256(CipherAlgorithm.GCM);
diff --git a/etc/checkstyle/checkstyle-suppressions.xml b/etc/checkstyle/checkstyle-suppressions.xml
index d542c23394..5c12d4242a 100644
--- a/etc/checkstyle/checkstyle-suppressions.xml
+++ b/etc/checkstyle/checkstyle-suppressions.xml
@@ -3,7 +3,6 @@
 		"-//Checkstyle//DTD SuppressionFilter Configuration 1.2//EN"
 		"https://checkstyle.org/dtds/suppressions_1_2.dtd">
 <suppressions>
-	<suppress files=".*" checks="SpringHideUtilityClassConstructor" />
 	<suppress files=".*" checks="SpringJavadoc" />
 	<suppress files=".*" checks="SpringLambda" />
 	<suppress files=".*" checks="SpringMethodOrder" />
diff --git a/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControlExtractor.java b/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControlExtractor.java
index 6e41501e62..6c6341bfd5 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControlExtractor.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControlExtractor.java
@@ -29,10 +29,13 @@ import org.apache.commons.logging.LogFactory;
  * @author Luke Taylor
  * @since 3.0
  */
-public class PasswordPolicyControlExtractor {
+public final class PasswordPolicyControlExtractor {
 
 	private static final Log logger = LogFactory.getLog(PasswordPolicyControlExtractor.class);
 
+	private PasswordPolicyControlExtractor() {
+	}
+
 	public static PasswordPolicyResponseControl extractControl(DirContext dirCtx) {
 		LdapContext ctx = (LdapContext) dirCtx;
 		Control[] ctrls = null;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationGrantRequestEntityUtils.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationGrantRequestEntityUtils.java
index a2ebf614b2..1ca61bf69e 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationGrantRequestEntityUtils.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationGrantRequestEntityUtils.java
@@ -40,6 +40,9 @@ final class OAuth2AuthorizationGrantRequestEntityUtils {
 
 	private static HttpHeaders DEFAULT_TOKEN_REQUEST_HEADERS = getDefaultTokenRequestHeaders();
 
+	private OAuth2AuthorizationGrantRequestEntityUtils() {
+	}
+
 	static HttpHeaders getTokenRequestHeaders(ClientRegistration clientRegistration) {
 		HttpHeaders headers = new HttpHeaders();
 		headers.addAll(DEFAULT_TOKEN_REQUEST_HEADERS);
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/TestOAuth2AuthenticationTokens.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/TestOAuth2AuthenticationTokens.java
index ead6b2d65d..846ad1abec 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/TestOAuth2AuthenticationTokens.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/TestOAuth2AuthenticationTokens.java
@@ -25,7 +25,10 @@ import org.springframework.security.oauth2.core.user.TestOAuth2Users;
  * @author Josh Cummings
  * @since 5.2
  */
-public class TestOAuth2AuthenticationTokens {
+public final class TestOAuth2AuthenticationTokens {
+
+	private TestOAuth2AuthenticationTokens() {
+	}
 
 	public static OAuth2AuthenticationToken authenticated() {
 		DefaultOAuth2User principal = TestOAuth2Users.create();
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/TestOAuth2AuthorizationCodeAuthenticationTokens.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/TestOAuth2AuthorizationCodeAuthenticationTokens.java
index 5951b62808..bde27fc388 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/TestOAuth2AuthorizationCodeAuthenticationTokens.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/TestOAuth2AuthorizationCodeAuthenticationTokens.java
@@ -29,7 +29,10 @@ import org.springframework.security.oauth2.core.endpoint.TestOAuth2Authorization
  * @author Rob Winch
  * @since 5.1
  */
-public class TestOAuth2AuthorizationCodeAuthenticationTokens {
+public final class TestOAuth2AuthorizationCodeAuthenticationTokens {
+
+	private TestOAuth2AuthorizationCodeAuthenticationTokens() {
+	}
 
 	public static OAuth2AuthorizationCodeAuthenticationToken unauthenticated() {
 		ClientRegistration registration = TestClientRegistrations.clientRegistration().build();
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/TestClientRegistrations.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/TestClientRegistrations.java
index f108252f7a..2c579087d4 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/TestClientRegistrations.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/TestClientRegistrations.java
@@ -23,7 +23,10 @@ import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
  * @author Rob Winch
  * @since 5.1
  */
-public class TestClientRegistrations {
+public final class TestClientRegistrations {
+
+	private TestClientRegistrations() {
+	}
 
 	public static ClientRegistration.Builder clientRegistration() {
 		return ClientRegistration.withRegistrationId("registration-id")
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/http/converter/HttpMessageConverters.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/http/converter/HttpMessageConverters.java
index d290855d32..e80d147d1a 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/http/converter/HttpMessageConverters.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/http/converter/HttpMessageConverters.java
@@ -45,6 +45,9 @@ final class HttpMessageConverters {
 		jsonbPresent = ClassUtils.isPresent("javax.json.bind.Jsonb", classLoader);
 	}
 
+	private HttpMessageConverters() {
+	}
+
 	static GenericHttpMessageConverter<Object> getJsonMessageConverter() {
 		if (jackson2Present) {
 			return new MappingJackson2HttpMessageConverter();
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/TestOAuth2AccessTokens.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/TestOAuth2AccessTokens.java
index c4ba056f9f..4d8a130169 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/TestOAuth2AccessTokens.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/TestOAuth2AccessTokens.java
@@ -25,7 +25,10 @@ import java.util.HashSet;
  * @author Rob Winch
  * @since 5.1
  */
-public class TestOAuth2AccessTokens {
+public final class TestOAuth2AccessTokens {
+
+	private TestOAuth2AccessTokens() {
+	}
 
 	public static OAuth2AccessToken noScopes() {
 		return new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, "no-scopes", Instant.now(),
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/TestOAuth2RefreshTokens.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/TestOAuth2RefreshTokens.java
index 69d56d33bb..3cbaa3dbc4 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/TestOAuth2RefreshTokens.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/TestOAuth2RefreshTokens.java
@@ -22,7 +22,10 @@ import java.time.Instant;
  * @author Rob Winch
  * @since 5.1
  */
-public class TestOAuth2RefreshTokens {
+public final class TestOAuth2RefreshTokens {
+
+	private TestOAuth2RefreshTokens() {
+	}
 
 	public static OAuth2RefreshToken refreshToken() {
 		return new OAuth2RefreshToken("refresh-token", Instant.now());
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TestOAuth2AccessTokenResponses.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TestOAuth2AccessTokenResponses.java
index c8e0a75079..a2eebd66bd 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TestOAuth2AccessTokenResponses.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TestOAuth2AccessTokenResponses.java
@@ -26,7 +26,10 @@ import org.springframework.security.oauth2.core.oidc.endpoint.OidcParameterNames
  * @author Rob Winch
  * @since 5.1
  */
-public class TestOAuth2AccessTokenResponses {
+public final class TestOAuth2AccessTokenResponses {
+
+	private TestOAuth2AccessTokenResponses() {
+	}
 
 	public static OAuth2AccessTokenResponse.Builder accessTokenResponse() {
 		return OAuth2AccessTokenResponse.withToken("token").tokenType(OAuth2AccessToken.TokenType.BEARER);
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TestOAuth2AuthorizationExchanges.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TestOAuth2AuthorizationExchanges.java
index 68cb45df48..761ce7f205 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TestOAuth2AuthorizationExchanges.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TestOAuth2AuthorizationExchanges.java
@@ -21,7 +21,10 @@ package org.springframework.security.oauth2.core.endpoint;
  * @author Eddú Meléndez
  * @since 5.1
  */
-public class TestOAuth2AuthorizationExchanges {
+public final class TestOAuth2AuthorizationExchanges {
+
+	private TestOAuth2AuthorizationExchanges() {
+	}
 
 	public static OAuth2AuthorizationExchange success() {
 		OAuth2AuthorizationRequest request = TestOAuth2AuthorizationRequests.request().build();
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TestOAuth2AuthorizationRequests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TestOAuth2AuthorizationRequests.java
index ccfa6679c0..41123de992 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TestOAuth2AuthorizationRequests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TestOAuth2AuthorizationRequests.java
@@ -23,7 +23,10 @@ import java.util.Map;
  * @author Rob Winch
  * @since 5.1
  */
-public class TestOAuth2AuthorizationRequests {
+public final class TestOAuth2AuthorizationRequests {
+
+	private TestOAuth2AuthorizationRequests() {
+	}
 
 	public static OAuth2AuthorizationRequest.Builder request() {
 		String registrationId = "registration-id";
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TestOAuth2AuthorizationResponses.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TestOAuth2AuthorizationResponses.java
index fbed4c0fef..5dec72377f 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TestOAuth2AuthorizationResponses.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TestOAuth2AuthorizationResponses.java
@@ -20,7 +20,10 @@ package org.springframework.security.oauth2.core.endpoint;
  * @author Rob Winch
  * @since 5.1
  */
-public class TestOAuth2AuthorizationResponses {
+public final class TestOAuth2AuthorizationResponses {
+
+	private TestOAuth2AuthorizationResponses() {
+	}
 
 	public static OAuth2AuthorizationResponse.Builder success() {
 		return OAuth2AuthorizationResponse.success("authorization-code").state("state")
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/TestOidcIdTokens.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/TestOidcIdTokens.java
index 1f5935bb80..0bcdcb48c8 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/TestOidcIdTokens.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/TestOidcIdTokens.java
@@ -23,7 +23,10 @@ import java.time.Instant;
  *
  * @author Josh Cummings
  */
-public class TestOidcIdTokens {
+public final class TestOidcIdTokens {
+
+	private TestOidcIdTokens() {
+	}
 
 	public static OidcIdToken.Builder idToken() {
 		return OidcIdToken.withTokenValue("id-token").issuer("https://example.com").subject("subject")
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/user/TestOidcUsers.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/user/TestOidcUsers.java
index 6a801b760e..e7d872a6ad 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/user/TestOidcUsers.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/user/TestOidcUsers.java
@@ -30,7 +30,10 @@ import org.springframework.security.oauth2.core.oidc.OidcUserInfo;
 /**
  * @author Joe Grandja
  */
-public class TestOidcUsers {
+public final class TestOidcUsers {
+
+	private TestOidcUsers() {
+	}
 
 	public static DefaultOidcUser create() {
 		OidcIdToken idToken = idToken();
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/user/TestOAuth2Users.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/user/TestOAuth2Users.java
index e36228a757..8c50d677b5 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/user/TestOAuth2Users.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/user/TestOAuth2Users.java
@@ -28,7 +28,10 @@ import org.springframework.security.core.authority.SimpleGrantedAuthority;
 /**
  * @author Rob Winch
  */
-public class TestOAuth2Users {
+public final class TestOAuth2Users {
+
+	private TestOAuth2Users() {
+	}
 
 	public static DefaultOAuth2User create() {
 		String nameAttributeKey = "username";
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtDecoderProviderConfigurationUtils.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtDecoderProviderConfigurationUtils.java
index ee31467e02..e895ad2950 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtDecoderProviderConfigurationUtils.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtDecoderProviderConfigurationUtils.java
@@ -38,7 +38,7 @@ import org.springframework.web.util.UriComponentsBuilder;
  * @author Rafiullah Hamedy
  * @since 5.2
  */
-class JwtDecoderProviderConfigurationUtils {
+final class JwtDecoderProviderConfigurationUtils {
 
 	private static final String OIDC_METADATA_PATH = "/.well-known/openid-configuration";
 
@@ -49,6 +49,9 @@ class JwtDecoderProviderConfigurationUtils {
 	private static final ParameterizedTypeReference<Map<String, Object>> typeReference = new ParameterizedTypeReference<Map<String, Object>>() {
 	};
 
+	private JwtDecoderProviderConfigurationUtils() {
+	}
+
 	static Map<String, Object> getConfigurationForOidcIssuerLocation(String oidcIssuerLocation) {
 		return getConfiguration(oidcIssuerLocation, oidc(URI.create(oidcIssuerLocation)));
 	}
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jose/TestKeys.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jose/TestKeys.java
index 793a7aa647..6cde34191f 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jose/TestKeys.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jose/TestKeys.java
@@ -32,10 +32,9 @@ import javax.crypto.spec.SecretKeySpec;
  * @author Joe Grandja
  * @since 5.2
  */
-public class TestKeys {
+public final class TestKeys {
 
 	public static final KeyFactory kf;
-
 	static {
 		try {
 			kf = KeyFactory.getInstance("RSA");
@@ -57,12 +56,11 @@ public class TestKeys {
 			+ "kJdJ/ZIV+WW4noDdzpKqHcwmB8FsrumlVY/DNVvUSDIipiq9PbP4H99TXN1o746o"
 			+ "RaNa07rq1hoCgMSSy+85SagCoxlmyE+D+of9SsMY8Ol9t0rdzpobBuhyJ/o5dfvj" + "KwIDAQAB";
 
-	public static final RSAPublicKey DEFAULT_PUBLIC_KEY = publicKey();
-
-	private static RSAPublicKey publicKey() {
+	public static final RSAPublicKey DEFAULT_PUBLIC_KEY;
+	static {
 		X509EncodedKeySpec spec = new X509EncodedKeySpec(Base64.getDecoder().decode(DEFAULT_RSA_PUBLIC_KEY));
 		try {
-			return (RSAPublicKey) kf.generatePublic(spec);
+			DEFAULT_PUBLIC_KEY = (RSAPublicKey) kf.generatePublic(spec);
 		}
 		catch (InvalidKeySpecException ex) {
 			throw new IllegalArgumentException(ex);
@@ -95,16 +93,19 @@ public class TestKeys {
 			+ "c5TVvhG/ubfBspI5DhQqIGijnVBzFT//UfIYMSKJo75qqBEyP2EJSmCsunWsAFsM"
 			+ "TszuiGTkrKcZy9G0wJqPztZZl2F2+bJgnA6nBEV7g5PA4Af+QSmaIhRwqGDAuROR" + "47jndeyIaMTNETEmOnms+as17g==";
 
-	public static final RSAPrivateKey DEFAULT_PRIVATE_KEY = privateKey();
+	public static final RSAPrivateKey DEFAULT_PRIVATE_KEY;
 
-	private static RSAPrivateKey privateKey() {
+	static {
 		PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(Base64.getDecoder().decode(DEFAULT_RSA_PRIVATE_KEY));
 		try {
-			return (RSAPrivateKey) kf.generatePrivate(spec);
+			DEFAULT_PRIVATE_KEY = (RSAPrivateKey) kf.generatePrivate(spec);
 		}
 		catch (InvalidKeySpecException ex) {
 			throw new IllegalArgumentException(ex);
 		}
 	}
 
+	private TestKeys() {
+	}
+
 }
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/TestJwts.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/TestJwts.java
index 8cb46904ca..f975408bcc 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/TestJwts.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/TestJwts.java
@@ -19,7 +19,10 @@ package org.springframework.security.oauth2.jwt;
 import java.time.Instant;
 import java.util.Arrays;
 
-public class TestJwts {
+public final class TestJwts {
+
+	private TestJwts() {
+	}
 
 	public static Jwt.Builder jwt() {
 		return Jwt.withTokenValue("token").header("alg", "none").audience(Arrays.asList("https://audience.example.org"))
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/core/TestOAuth2AuthenticatedPrincipals.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/core/TestOAuth2AuthenticatedPrincipals.java
index 907bc3e9f5..0876c52748 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/core/TestOAuth2AuthenticatedPrincipals.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/core/TestOAuth2AuthenticatedPrincipals.java
@@ -36,7 +36,10 @@ import org.springframework.security.oauth2.server.resource.introspection.OAuth2I
  *
  * @author Josh Cummings
  */
-public class TestOAuth2AuthenticatedPrincipals {
+public final class TestOAuth2AuthenticatedPrincipals {
+
+	private TestOAuth2AuthenticatedPrincipals() {
+	}
 
 	public static OAuth2AuthenticatedPrincipal active() {
 		return active(attributes -> {
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/TestBearerTokenAuthentications.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/TestBearerTokenAuthentications.java
index d02af90c84..01d1dec49c 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/TestBearerTokenAuthentications.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/TestBearerTokenAuthentications.java
@@ -33,7 +33,10 @@ import org.springframework.security.oauth2.core.OAuth2AuthenticatedPrincipal;
  *
  * @author Josh Cummings
  */
-public class TestBearerTokenAuthentications {
+public final class TestBearerTokenAuthentications {
+
+	private TestBearerTokenAuthentications() {
+	}
 
 	public static BearerTokenAuthentication bearer() {
 		Collection<GrantedAuthority> authorities = AuthorityUtils.createAuthorityList("SCOPE_USER");
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/core/OpenSamlInitializationService.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/core/OpenSamlInitializationService.java
index 640618266e..90c1c275b4 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/core/OpenSamlInitializationService.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/core/OpenSamlInitializationService.java
@@ -74,12 +74,15 @@ import org.springframework.security.saml2.Saml2Exception;
  * @author Josh Cummings
  * @since 5.4
  */
-public class OpenSamlInitializationService {
+public final class OpenSamlInitializationService {
 
 	private static final Log log = LogFactory.getLog(OpenSamlInitializationService.class);
 
 	private static final AtomicBoolean initialized = new AtomicBoolean(false);
 
+	private OpenSamlInitializationService() {
+	}
+
 	/**
 	 * Ready OpenSAML for use and configure it with reasonable defaults.
 	 *
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2Utils.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2Utils.java
index 0f88d3a1b0..f8f1066a79 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2Utils.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2Utils.java
@@ -35,6 +35,9 @@ final class Saml2Utils {
 
 	private static Base64 BASE64 = new Base64(0, new byte[] { '\n' });
 
+	private Saml2Utils() {
+	}
+
 	static String samlEncode(byte[] b) {
 		return BASE64.encodeAsString(b);
 	}
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistrations.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistrations.java
index 3945668c7a..05e8695fb4 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistrations.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistrations.java
@@ -34,6 +34,9 @@ public final class RelyingPartyRegistrations {
 	private static final RestOperations rest = new RestTemplate(
 			Arrays.asList(new OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverter()));
 
+	private RelyingPartyRegistrations() {
+	}
+
 	/**
 	 * Return a {@link RelyingPartyRegistration.Builder} based off of the given SAML 2.0
 	 * Asserting Party (IDP) metadata.
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2ServletUtils.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2ServletUtils.java
index 5b58d68fec..046d75f33a 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2ServletUtils.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2ServletUtils.java
@@ -34,6 +34,9 @@ final class Saml2ServletUtils {
 
 	private static final char PATH_DELIMITER = '/';
 
+	private Saml2ServletUtils() {
+	}
+
 	static String resolveUrlTemplate(String template, String baseUrl, RelyingPartyRegistration relyingParty) {
 		if (!StringUtils.hasText(template)) {
 			return baseUrl;
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/core/Saml2Utils.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/core/Saml2Utils.java
index e03ab37e41..0a80ee0ed4 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/core/Saml2Utils.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/core/Saml2Utils.java
@@ -32,6 +32,9 @@ public final class Saml2Utils {
 
 	private static Base64 BASE64 = new Base64(0, new byte[] { '\n' });
 
+	private Saml2Utils() {
+	}
+
 	public static String samlEncode(byte[] b) {
 		return BASE64.encodeAsString(b);
 	}
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/core/TestSaml2X509Credentials.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/core/TestSaml2X509Credentials.java
index 8c0b447071..9f77a72e41 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/core/TestSaml2X509Credentials.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/core/TestSaml2X509Credentials.java
@@ -31,6 +31,9 @@ import org.springframework.security.saml2.core.Saml2X509Credential.Saml2X509Cred
 
 public final class TestSaml2X509Credentials {
 
+	private TestSaml2X509Credentials() {
+	}
+
 	public static Saml2X509Credential assertingPartySigningCredential() {
 		return new Saml2X509Credential(idpPrivateKey(), idpCertificate(), Saml2X509CredentialType.SIGNING);
 	}
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/credentials/TestSaml2X509Credentials.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/credentials/TestSaml2X509Credentials.java
index e577cef76e..e4991ef64b 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/credentials/TestSaml2X509Credentials.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/credentials/TestSaml2X509Credentials.java
@@ -31,6 +31,9 @@ import org.springframework.security.saml2.credentials.Saml2X509Credential.Saml2X
 
 public final class TestSaml2X509Credentials {
 
+	private TestSaml2X509Credentials() {
+	}
+
 	public static Saml2X509Credential assertingPartySigningCredential() {
 		return new Saml2X509Credential(idpPrivateKey(), idpCertificate(), Saml2X509CredentialType.SIGNING);
 	}
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/TestOpenSamlObjects.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/TestOpenSamlObjects.java
index a2cfaf4b74..ac309a7547 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/TestOpenSamlObjects.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/TestOpenSamlObjects.java
@@ -97,6 +97,9 @@ final class TestOpenSamlObjects {
 	private static SecretKey SECRET_KEY = new SecretKeySpec(
 			Base64.getDecoder().decode("shOnwNMoCv88HKMEa91+FlYoD5RNvzMTAL5LGxZKIFk="), "AES");
 
+	private TestOpenSamlObjects() {
+	}
+
 	static Response response() {
 		return response(DESTINATION, ASSERTING_PARTY_ENTITY_ID);
 	}
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/TestSaml2AuthenticationRequestContexts.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/TestSaml2AuthenticationRequestContexts.java
index 451ef004eb..ad3aa83a47 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/TestSaml2AuthenticationRequestContexts.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/TestSaml2AuthenticationRequestContexts.java
@@ -21,7 +21,10 @@ import org.springframework.security.saml2.provider.service.registration.TestRely
 /**
  * Test {@link Saml2AuthenticationRequestContext}s
  */
-public class TestSaml2AuthenticationRequestContexts {
+public final class TestSaml2AuthenticationRequestContexts {
+
+	private TestSaml2AuthenticationRequestContexts() {
+	}
 
 	public static Saml2AuthenticationRequestContext.Builder authenticationRequestContext() {
 		return Saml2AuthenticationRequestContext.builder().relayState("relayState").issuer("issuer")
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/TestRelyingPartyRegistrations.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/TestRelyingPartyRegistrations.java
index 62b3e4f2a2..6cca53f78a 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/TestRelyingPartyRegistrations.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/TestRelyingPartyRegistrations.java
@@ -23,7 +23,10 @@ import org.springframework.security.saml2.provider.service.servlet.filter.Saml2W
 /**
  * Preconfigured test data for {@link RelyingPartyRegistration} objects
  */
-public class TestRelyingPartyRegistrations {
+public final class TestRelyingPartyRegistrations {
+
+	private TestRelyingPartyRegistrations() {
+	}
 
 	public static RelyingPartyRegistration.Builder relyingPartyRegistration() {
 		String registrationId = "simplesamlphp";
diff --git a/taglibs/src/main/java/org/springframework/security/taglibs/TagLibConfig.java b/taglibs/src/main/java/org/springframework/security/taglibs/TagLibConfig.java
index 9499636e10..c316bc8982 100644
--- a/taglibs/src/main/java/org/springframework/security/taglibs/TagLibConfig.java
+++ b/taglibs/src/main/java/org/springframework/security/taglibs/TagLibConfig.java
@@ -51,6 +51,9 @@ public final class TagLibConfig {
 		}
 	}
 
+	private TagLibConfig() {
+	}
+
 	/**
 	 * Returns EVAL_BODY_INCLUDE if the authorized flag is true or UI security has been
 	 * disabled. Otherwise returns SKIP_BODY.
diff --git a/test/src/main/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurers.java b/test/src/main/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurers.java
index 33c7cd330f..77240f33ae 100644
--- a/test/src/main/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurers.java
+++ b/test/src/main/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurers.java
@@ -97,7 +97,10 @@ import org.springframework.web.server.adapter.WebHttpHandlerBuilder;
  * @author Rob Winch
  * @since 5.0
  */
-public class SecurityMockServerConfigurers {
+public final class SecurityMockServerConfigurers {
+
+	private SecurityMockServerConfigurers() {
+	}
 
 	/**
 	 * Sets up Spring Security's {@link WebTestClient} test support
diff --git a/test/src/main/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurers.java b/test/src/main/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurers.java
index 9d51d45694..07332b3244 100644
--- a/test/src/main/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurers.java
+++ b/test/src/main/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurers.java
@@ -30,6 +30,9 @@ import org.springframework.util.Assert;
  */
 public final class SecurityMockMvcConfigurers {
 
+	private SecurityMockMvcConfigurers() {
+	}
+
 	/**
 	 * Configures the MockMvcBuilder for use with Spring Security. Specifically the
 	 * configurer adds the Spring Bean named "springSecurityFilterChain" as a Filter. It
diff --git a/web/src/main/java/org/springframework/security/web/WebAttributes.java b/web/src/main/java/org/springframework/security/web/WebAttributes.java
index 62765ba25a..a95700241c 100644
--- a/web/src/main/java/org/springframework/security/web/WebAttributes.java
+++ b/web/src/main/java/org/springframework/security/web/WebAttributes.java
@@ -52,4 +52,7 @@ public final class WebAttributes {
 	public static final String WEB_INVOCATION_PRIVILEGE_EVALUATOR_ATTRIBUTE = WebAttributes.class.getName()
 			+ ".WEB_INVOCATION_PRIVILEGE_EVALUATOR_ATTRIBUTE";
 
+	private WebAttributes() {
+	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthUtils.java b/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthUtils.java
index 4935aab8d0..506dd648dd 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthUtils.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthUtils.java
@@ -31,6 +31,9 @@ final class DigestAuthUtils {
 
 	private static final String[] EMPTY_STRING_ARRAY = new String[0];
 
+	private DigestAuthUtils() {
+	}
+
 	static String encodePasswordInA1Format(String username, String realm, String password) {
 		String a1 = username + ":" + realm + ":" + password;
 
diff --git a/web/src/main/java/org/springframework/security/web/savedrequest/FastHttpDateFormat.java b/web/src/main/java/org/springframework/security/web/savedrequest/FastHttpDateFormat.java
index aeac06f347..58bdb08cfd 100644
--- a/web/src/main/java/org/springframework/security/web/savedrequest/FastHttpDateFormat.java
+++ b/web/src/main/java/org/springframework/security/web/savedrequest/FastHttpDateFormat.java
@@ -32,7 +32,7 @@ import java.util.TimeZone;
  * @author Remy Maucherat
  * @author Andrey Grebnev
  */
-public class FastHttpDateFormat {
+public final class FastHttpDateFormat {
 
 	/** HTTP date format. */
 	protected static final SimpleDateFormat format = new SimpleDateFormat("EEE, dd MMM yyyy HH:mm:ss zzz", Locale.US);
@@ -66,6 +66,9 @@ public class FastHttpDateFormat {
 	/** Parser cache. */
 	protected static final HashMap<String, Long> parseCache = new HashMap<>();
 
+	private FastHttpDateFormat() {
+	}
+
 	/**
 	 * Formats a specified date to HTTP format. If local format is not <code>null</code>,
 	 * it's used instead.
diff --git a/web/src/main/java/org/springframework/security/web/util/UrlUtils.java b/web/src/main/java/org/springframework/security/web/util/UrlUtils.java
index 1d8ba499b0..8ff574f66e 100644
--- a/web/src/main/java/org/springframework/security/web/util/UrlUtils.java
+++ b/web/src/main/java/org/springframework/security/web/util/UrlUtils.java
@@ -30,6 +30,9 @@ import javax.servlet.http.HttpServletRequest;
  */
 public final class UrlUtils {
 
+	private UrlUtils() {
+	}
+
 	public static String buildFullRequestUrl(HttpServletRequest r) {
 		return buildFullRequestUrl(r.getScheme(), r.getServerName(), r.getServerPort(), r.getRequestURI(),
 				r.getQueryString());
diff --git a/web/src/test/java/org/springframework/security/test/web/reactive/server/WebTestClientBuilder.java b/web/src/test/java/org/springframework/security/test/web/reactive/server/WebTestClientBuilder.java
index 58955a6f4f..da57e59810 100644
--- a/web/src/test/java/org/springframework/security/test/web/reactive/server/WebTestClientBuilder.java
+++ b/web/src/test/java/org/springframework/security/test/web/reactive/server/WebTestClientBuilder.java
@@ -34,7 +34,10 @@ import org.springframework.web.server.WebFilter;
  * @since 5.0
  *
  */
-public class WebTestClientBuilder {
+public final class WebTestClientBuilder {
+
+	private WebTestClientBuilder() {
+	}
 
 	public static Builder bindToWebFilters(WebFilter... webFilters) {
 		return WebTestClient.bindToController(new Http200RestController()).webFilter(webFilters).configureClient();
diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/x509/X509TestUtils.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/x509/X509TestUtils.java
index 1649e9468b..f290fc34a6 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/preauth/x509/X509TestUtils.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/x509/X509TestUtils.java
@@ -25,7 +25,10 @@ import java.security.cert.X509Certificate;
  *
  * @author Luke Taylor
  */
-public class X509TestUtils {
+public final class X509TestUtils {
+
+	private X509TestUtils() {
+	}
 
 	/**
 	 * Builds an X.509 certificate. In human-readable form it is:

From 52f20b5281314df4d04c4aa6e85d2bbb76bd986a Mon Sep 17 00:00:00 2001
From: Phillip Webb <pwebb@vmware.com>
Date: Wed, 29 Jul 2020 18:18:05 -0700
Subject: [PATCH 43/84] Use parenthesis with single-arg lambdas

Use regular expression search/replace to ensure all single-arg
lambdas have parenthesis. This aligns with the style used in Spring
Boot and ensure that single-arg and multi-arg lambdas are consistent.

Issue gh-8945
---
 .../acls/jdbc/BasicLookupStrategy.java        |   4 +-
 .../src/main/java/lock/GlobalLockPlugin.java  |   2 +-
 buildSrc/src/main/java/trang/TrangPlugin.java |   2 +-
 .../cas/web/CasAuthenticationFilterTests.java |   4 +-
 .../config/annotation/rsocket/JwtITests.java  |   2 +-
 ...RSocketMessageHandlerConnectionITests.java |   2 +-
 .../rsocket/RSocketMessageHandlerITests.java  |   6 +-
 .../rsocket/SimpleAuthenticationITests.java   |   2 +-
 ...LdapProviderBeanDefinitionParserTests.java |   8 +-
 .../security/config/Customizer.java           |   2 +-
 .../annotation/rsocket/RSocketSecurity.java   |   4 +-
 ...ocketAcceptorInterceptorConfiguration.java |   4 +-
 .../annotation/web/builders/HttpSecurity.java | 120 +++++++++---------
 .../OAuth2ClientConfiguration.java            |   5 +-
 .../SecurityReactorContextConfiguration.java  |   2 +-
 .../web/configurers/CsrfConfigurer.java       |   2 +-
 .../DefaultLoginPageConfigurer.java           |   2 +-
 .../oauth2/client/OAuth2LoginConfigurer.java  |   2 +-
 .../OAuth2ResourceServerConfigurer.java       |   2 +-
 .../saml2/Saml2LoginConfigurer.java           |   2 +-
 .../RsaKeyConversionServicePostProcessor.java |   8 +-
 .../http/OAuth2LoginBeanDefinitionParser.java |   2 +-
 ...ientRegistrationsBeanDefinitionParser.java |  18 +--
 .../config/web/server/ServerHttpSecurity.java |  58 ++++-----
 .../AuthenticationManagerBuilderTests.java    |   2 +-
 .../NamespaceAuthenticationManagerTests.java  |  10 +-
 .../AuthenticationConfigurationTests.java     |   2 +-
 .../EnableReactiveMethodSecurityTests.java    |   6 +-
 ...lobalMethodSecurityConfigurationTests.java |   2 +-
 .../NamespaceGlobalMethodSecurityTests.java   |   2 +-
 ...curityConfigurerAdapterPowermockTests.java |   2 +-
 .../HttpSecurityConfigurationTests.java       |   6 +-
 ...ntextConfigurationResourceServerTests.java |   2 +-
 ...urityReactorContextConfigurationTests.java |   8 +-
 .../WebSecurityConfigurationTests.java        |  16 +--
 .../configurers/AnonymousConfigurerTests.java |   6 +-
 .../configurers/AuthorizeRequestsTests.java   |   8 +-
 .../ChannelSecurityConfigurerTests.java       |   2 +-
 .../web/configurers/CorsConfigurerTests.java  |   6 +-
 ...onfigurerIgnoringRequestMatchersTests.java |  12 +-
 .../web/configurers/CsrfConfigurerTests.java  |   4 +-
 .../web/configurers/DefaultFiltersTests.java  |   4 +-
 .../DefaultLoginPageConfigurerTests.java      |   2 +-
 ...ingConfigurerAccessDeniedHandlerTests.java |   4 +-
 ...essionUrlAuthorizationConfigurerTests.java |   4 +-
 .../configurers/FormLoginConfigurerTests.java |  12 +-
 .../configurers/HeadersConfigurerTests.java   |  34 ++---
 .../configurers/HttpBasicConfigurerTests.java |   2 +-
 .../HttpSecurityRequestMatchersTests.java     |   8 +-
 .../web/configurers/JeeConfigurerTests.java   |  20 +--
 .../configurers/LogoutConfigurerTests.java    |   8 +-
 .../NamespaceHttpAnonymousTests.java          |   2 +-
 .../configurers/NamespaceHttpBasicTests.java  |  12 +-
 .../NamespaceHttpHeadersTests.java            |   2 +-
 .../configurers/NamespaceHttpJeeTests.java    |   2 +-
 .../configurers/NamespaceHttpLogoutTests.java |  14 +-
 .../NamespaceHttpOpenIDLoginTests.java        |   6 +-
 ...aceHttpServerAccessDeniedHandlerTests.java |   8 +-
 .../configurers/NamespaceHttpX509Tests.java   |   4 +-
 .../configurers/NamespaceRememberMeTests.java |   2 +-
 .../NamespaceSessionManagementTests.java      |   6 +-
 .../PortMapperConfigurerTests.java            |   8 +-
 .../RememberMeConfigurerTests.java            |  10 +-
 .../RequestCacheConfigurerTests.java          |   8 +-
 .../RequestMatcherConfigurerTests.java        |   6 +-
 .../SecurityContextConfigurerTests.java       |   2 +-
 .../ServletApiConfigurerTests.java            |   2 +-
 .../SessionManagementConfigurerTests.java     |  10 +-
 .../web/configurers/X509ConfigurerTests.java  |   2 +-
 .../client/OAuth2ClientConfigurerTests.java   |   4 +-
 .../client/OAuth2LoginConfigurerTests.java    |  34 ++---
 .../OAuth2ResourceServerConfigurerTests.java  |  30 ++---
 .../openid/OpenIDLoginConfigurerTests.java    |  24 ++--
 .../saml2/Saml2LoginConfigurerTests.java      |  26 ++--
 .../reactive/EnableWebFluxSecurityTests.java  |  26 ++--
 ...eyConversionServicePostProcessorTests.java |   4 +-
 .../security/config/doc/Element.java          |  10 +-
 .../config/doc/SpringSecurityXsdParser.java   |  16 +--
 .../security/config/doc/XmlNode.java          |   8 +-
 .../config/doc/XsdDocumentedTests.java        |  36 +++---
 .../security/config/http/CsrfConfigTests.java |   8 +-
 .../config/http/HttpCorsConfigTests.java      |   2 +-
 .../config/http/HttpHeadersConfigTests.java   |   4 +-
 .../config/http/InterceptUrlConfigTests.java  |   2 +-
 .../config/http/MiscHttpConfigTests.java      |  10 +-
 .../OAuth2LoginBeanDefinitionParserTests.java |   4 +-
 ...sourceServerBeanDefinitionParserTests.java |   2 +-
 .../config/http/OpenIDConfigTests.java        |   4 +-
 .../http/SessionManagementConfigTests.java    |   2 +-
 .../server/AuthorizeExchangeSpecTests.java    |   6 +-
 .../config/web/server/CorsSpecTests.java      |   4 +-
 .../server/ExceptionHandlingSpecTests.java    |  20 +--
 .../config/web/server/FormLoginTests.java     |   8 +-
 .../config/web/server/HeaderSpecTests.java    |  39 +++---
 .../web/server/HttpsRedirectSpecTests.java    |   4 +-
 .../config/web/server/LogoutSpecTests.java    |   4 +-
 .../web/server/OAuth2ClientSpecTests.java     |  10 +-
 .../config/web/server/OAuth2LoginTests.java   |  18 +--
 .../server/OAuth2ResourceServerSpecTests.java |  64 +++++-----
 .../config/web/server/RequestCacheTests.java  |   5 +-
 .../web/server/ServerHttpSecurityTests.java   |  59 ++++-----
 .../server/HtmlUnitWebTestClient.java         |  22 ++--
 .../server/MockWebResponseBuilder.java        |   2 +-
 ...efaultMethodSecurityExpressionHandler.java |   2 +-
 .../MapBasedMethodSecurityMetadataSource.java |   2 +-
 ...rePostAdviceReactiveMethodInterceptor.java |  16 +--
 ...rDetailsReactiveAuthenticationManager.java |  10 +-
 ...legatingReactiveAuthenticationManager.java |   2 +-
 .../ReactiveAuthenticationManagerAdapter.java |   4 +-
 ...enticatedReactiveAuthorizationManager.java |   2 +-
 ...AuthorityReactiveAuthorizationManager.java |   6 +-
 .../ReactiveAuthorizationManager.java         |   4 +-
 .../security/converter/RsaKeyConverters.java  |   4 +-
 .../ReactiveSecurityContextHolder.java        |   6 +-
 .../AnnotationParameterNameDiscoverer.java    |   6 +-
 .../MapReactiveUserDetailsService.java        |   2 +-
 .../security/core/userdetails/User.java       |   2 +-
 .../provisioning/JdbcUserDetailsManager.java  |  16 +--
 .../SecurityExpressionRootTests.java          |   2 +-
 ...oryReactiveAuthenticationManagerTests.java |   2 +-
 .../jaas/JaasAuthenticationProviderTests.java |   2 +-
 ...elegatingSecurityContextRunnableTests.java |   2 +-
 .../ReactiveSecurityContextHolderTests.java   |   6 +-
 .../core/userdetails/PasswordEncodedUser.java |   2 +-
 .../UserDetailsByNameServiceWrapperTests.java |   2 +-
 .../security/core/userdetails/UserTests.java  |   9 +-
 .../ConcurrentSessionManagementTests.java     |   2 +-
 .../SpringSecurityLdapTemplateITests.java     |   2 +-
 .../DefaultLdapAuthoritiesPopulatorTests.java |   2 +-
 .../ldap/SpringSecurityLdapTemplate.java      |   8 +-
 .../DefaultLdapAuthoritiesPopulator.java      |   2 +-
 .../userdetails/LdapUserDetailsManager.java   |  12 +-
 ...thenticationPrincipalArgumentResolver.java |   2 +-
 ...urrentSecurityContextArgumentResolver.java |   2 +-
 .../SimpDestinationMessageMatcher.java        |   2 +-
 .../handler/invocation/ResolvableMethod.java  |  26 ++--
 ...tServiceOAuth2AuthorizedClientManager.java |  13 +-
 ...ReactiveOAuth2AuthorizedClientManager.java |  14 +-
 ...eactiveOAuth2AuthorizedClientProvider.java |   5 +-
 ...eactiveOAuth2AuthorizedClientProvider.java |   2 +-
 ...ReactiveOAuth2AuthorizedClientService.java |   6 +-
 ...OAuth2AuthorizedClientProviderBuilder.java |  18 +--
 ...eactiveOAuth2AuthorizedClientProvider.java |   5 +-
 ...OAuth2AuthorizedClientProviderBuilder.java |  18 +--
 ...eactiveOAuth2AuthorizedClientProvider.java |   5 +-
 ...tionCodeReactiveAuthenticationManager.java |   2 +-
 .../OAuth2LoginAuthenticationProvider.java    |   2 +-
 ...th2LoginReactiveAuthenticationManager.java |   6 +-
 ...activeOAuth2AccessTokenResponseClient.java |   6 +-
 ...thorizationCodeAuthenticationProvider.java |   2 +-
 ...tionCodeReactiveAuthenticationManager.java |  16 +--
 .../OidcIdTokenDecoderFactory.java            |  11 +-
 .../ReactiveOidcIdTokenDecoderFactory.java    |  11 +-
 .../OidcReactiveOAuth2UserService.java        |  14 +-
 .../client/oidc/userinfo/OidcUserService.java |   6 +-
 ...ntInitiatedServerLogoutSuccessHandler.java |   6 +-
 .../registration/ClientRegistration.java      |   2 +-
 .../DefaultReactiveOAuth2UserService.java     |  15 ++-
 .../userinfo/DelegatingOAuth2UserService.java |   4 +-
 ...ultOAuth2AuthorizationRequestResolver.java |   2 +-
 .../DefaultOAuth2AuthorizedClientManager.java |  13 +-
 ...ReactiveOAuth2AuthorizedClientManager.java |  45 +++----
 ...th2AuthorizationRequestRedirectFilter.java |   2 +-
 ...Auth2AuthorizedClientArgumentResolver.java |   2 +-
 ...uthorizedClientExchangeFilterFunction.java |  78 ++++++------
 ...uthorizedClientExchangeFilterFunction.java |  66 +++++-----
 ...Auth2AuthorizedClientArgumentResolver.java |   9 +-
 ...verOAuth2AuthorizationRequestResolver.java |  10 +-
 ...OAuth2AuthorizationCodeGrantWebFilter.java |  22 ++--
 ...AuthorizationRequestRedirectWebFilter.java |   4 +-
 ...ationCodeAuthenticationTokenConverter.java |   6 +-
 ...2ServerAuthorizationRequestRepository.java |  12 +-
 ...erverOAuth2AuthorizedClientRepository.java |   6 +-
 .../OAuth2AuthorizationContextTests.java      |   2 +-
 .../client/OAuth2AuthorizeRequestTests.java   |   4 +-
 ...2AuthorizedClientProviderBuilderTests.java |  16 ++-
 ...Auth2LoginAuthenticationProviderTests.java |   8 +-
 ...ginReactiveAuthenticationManagerTests.java |   2 +-
 ...orizationCodeTokenResponseClientTests.java |   2 +-
 ...ntCredentialsTokenResponseClientTests.java |   2 +-
 ...ctivePasswordTokenResponseClientTests.java |   6 +-
 ...eRefreshTokenTokenResponseClientTests.java |   4 +-
 .../OAuth2AuthenticationTokenMixinTests.java  |   2 +-
 .../OAuth2AuthorizationRequestMixinTests.java |   6 +-
 .../OAuth2AuthorizedClientMixinTests.java     |   2 +-
 ...zationCodeAuthenticationProviderTests.java |  14 +-
 ...odeReactiveAuthenticationManagerTests.java |  28 ++--
 .../OidcIdTokenDecoderFactoryTests.java       |   6 +-
 .../OidcIdTokenValidatorTests.java            |  38 +++---
 ...eactiveOidcIdTokenDecoderFactoryTests.java |   6 +-
 ...DefaultReactiveOAuth2UserServiceTests.java |   4 +-
 ...uth2AuthorizationRequestResolverTests.java |  15 ++-
 ...ultOAuth2AuthorizedClientManagerTests.java |  22 ++--
 ...iveOAuth2AuthorizedClientManagerTests.java |   8 +-
 ...uth2AuthorizationCodeGrantFilterTests.java |   4 +-
 ...AuthorizedClientArgumentResolverTests.java |   2 +-
 ...zedClientExchangeFilterFunctionITests.java |   4 +-
 ...izedClientExchangeFilterFunctionTests.java |  28 ++--
 ...zedClientExchangeFilterFunctionITests.java |   2 +-
 ...izedClientExchangeFilterFunctionTests.java |  29 +++--
 ...uth2AuthorizationRequestResolverTests.java |  15 ++-
 ...2AuthorizationCodeGrantWebFilterTests.java |  18 +--
 ...rizationRequestRedirectWebFilterTests.java |   6 +-
 ...erAuthorizationRequestRepositoryTests.java |   8 +-
 ...uth2LoginAuthenticationWebFilterTests.java |   2 +-
 .../endpoint/OAuth2AuthorizationRequest.java  |   4 +-
 ...cessTokenResponseHttpMessageConverter.java |   2 +-
 .../OAuth2ErrorHttpMessageConverter.java      |   2 +-
 ...Auth2AccessTokenResponseBodyExtractor.java |   2 +-
 .../converter/ClaimTypeConverterTests.java    |   3 +-
 .../OAuth2AuthorizationRequestTests.java      |   2 +-
 .../core/oidc/OidcIdTokenBuilderTests.java    |   4 +-
 .../core/oidc/OidcUserInfoBuilderTests.java   |   4 +-
 .../jwt/MappedJwtClaimSetConverter.java       |   2 +-
 .../security/oauth2/jwt/NimbusJwtDecoder.java |   2 +-
 .../oauth2/jwt/NimbusReactiveJwtDecoder.java  |  27 ++--
 .../oauth2/jwt/ReactiveRemoteJWKSource.java   |   6 +-
 .../security/oauth2/jwt/JwtBuilderTests.java  |   8 +-
 .../oauth2/jwt/JwtClaimValidatorTests.java    |   2 +-
 .../jwt/JwtTimestampValidatorTests.java       |   4 +-
 .../jwt/NimbusJwtDecoderJwkSupportTests.java  |   2 +-
 .../oauth2/jwt/NimbusJwtDecoderTests.java     |   6 +-
 .../jwt/NimbusReactiveJwtDecoderTests.java    |  17 ++-
 .../server/resource/BearerTokenError.java     |   8 +-
 ...wtIssuerAuthenticationManagerResolver.java |   2 +-
 ...ReactiveAuthenticationManagerResolver.java |   8 +-
 .../JwtReactiveAuthenticationManager.java     |   2 +-
 ...queTokenReactiveAuthenticationManager.java |   2 +-
 .../ReactiveJwtAuthenticationConverter.java   |   2 +-
 .../NimbusOpaqueTokenIntrospector.java        |   2 +-
 ...NimbusReactiveOpaqueTokenIntrospector.java |   8 +-
 .../web/BearerTokenAuthenticationFilter.java  |   2 +-
 .../BearerTokenServerAccessDeniedHandler.java |   4 +-
 .../ServerBearerExchangeFilterFunction.java   |   6 +-
 .../ServletBearerExchangeFilterFunction.java  |   6 +-
 ...verBearerTokenAuthenticationConverter.java |   2 +-
 .../TestOAuth2AuthenticatedPrincipals.java    |   2 +-
 .../JwtAuthenticationConverterTests.java      |   2 +-
 .../JwtAuthenticationProviderTests.java       |   4 +-
 ...uerAuthenticationManagerResolverTests.java |   2 +-
 ...iveAuthenticationManagerResolverTests.java |   4 +-
 ...paqueTokenAuthenticationProviderTests.java |   2 +-
 ...kenReactiveAuthenticationManagerTests.java |   2 +-
 ...activeJwtAuthenticationConverterTests.java |   2 +-
 ...antedAuthoritiesConverterAdapterTests.java |   2 +-
 .../NimbusOpaqueTokenIntrospectorTests.java   |   4 +-
 ...sReactiveOpaqueTokenIntrospectorTests.java |   4 +-
 .../OpenIDAuthenticationFilterTests.java      |   2 +-
 .../AnonymousPayloadInterceptor.java          |   2 +-
 ...uthenticationPayloadExchangeConverter.java |   2 +-
 .../AuthenticationPayloadInterceptor.java     |   4 +-
 ...uthenticationPayloadExchangeConverter.java |   4 +-
 .../AuthorizationPayloadInterceptor.java      |   4 +-
 ...geMatcherReactiveAuthorizationManager.java |   6 +-
 .../core/ContextPayloadInterceptorChain.java  |   2 +-
 .../core/PayloadInterceptorRSocket.java       |  18 +--
 .../rsocket/core/PayloadSocketAcceptor.java   |   4 +-
 .../metadata/BasicAuthenticationDecoder.java  |   4 +-
 .../metadata/BasicAuthenticationEncoder.java  |   2 +-
 .../BearerTokenAuthenticationEncoder.java     |   2 +-
 .../metadata/SimpleAuthenticationEncoder.java |   2 +-
 .../matcher/RoutePayloadExchangeMatcher.java  |   4 +-
 ...AuthenticationPayloadInterceptorChain.java |   2 +-
 ...cherReactiveAuthorizationManagerTests.java |   6 +-
 .../CaptureSecurityContextSocketAcceptor.java |   2 +-
 .../core/PayloadInterceptorRSocketTests.java  |  24 ++--
 .../core/OpenSamlInitializationService.java   |   4 +-
 .../OpenSamlAuthenticationProvider.java       |  20 +--
 .../OpenSamlAuthenticationRequestFactory.java |   9 +-
 .../Saml2AuthenticationRequest.java           |   4 +-
 .../Saml2AuthenticationToken.java             |   5 +-
 ...gistrationBuilderHttpMessageConverter.java |  11 +-
 .../RelyingPartyRegistration.java             |  32 ++---
 ...faultRelyingPartyRegistrationResolver.java |   2 +-
 .../OpenSamlInitializationServiceTests.java   |   2 +-
 .../OpenSamlAuthenticationProviderTests.java  |   4 +-
 ...SamlAuthenticationRequestFactoryTests.java |  14 +-
 ...aml2AuthenticationRequestFactoryTests.java |  10 +-
 .../OpenSamlMetadataResolverTests.java        |   4 +-
 .../RelyingPartyRegistrationTests.java        |  10 +-
 .../TestRelyingPartyRegistrations.java        |  16 +--
 ...ebSsoAuthenticationRequestFilterTests.java |  18 +--
 ...enticationRequestContextResolverTests.java |   8 +-
 .../service/web/Saml2MetadataFilterTests.java |   6 +-
 .../sample/HelloRSocketApplicationITests.java |   2 +-
 .../HelloWebfluxMethodApplicationITests.java  |   4 +-
 .../src/main/java/sample/SecurityConfig.java  |   2 +-
 .../HelloWebfluxMethodApplicationTests.java   |   4 +-
 .../sample/HelloWebfluxApplicationITests.java |   4 +-
 .../sample/HelloWebfluxApplicationTests.java  |   4 +-
 .../HelloWebfluxFnApplicationITests.java      |   4 +-
 .../main/java/sample/HelloUserController.java |   2 +-
 .../HelloWebfluxFnApplicationTests.java       |   4 +-
 .../samples/config/SecurityConfig.java        |   4 +-
 .../AuthorizationServerConfiguration.java     |   2 +-
 .../sample/OAuth2LoginApplicationTests.java   |   2 +-
 .../sample/OAuth2LoginControllerTests.java    |   4 +-
 .../sample/OAuth2LoginApplicationTests.java   |  10 +-
 .../web/OAuth2LoginControllerTests.java       |   2 +-
 ...h2ResourceServerSecurityConfiguration.java |   4 +-
 .../boot/env/MockWebServerPropertySource.java |  12 +-
 ...h2ResourceServerSecurityConfiguration.java |   4 +-
 .../boot/env/MockWebServerPropertySource.java |  12 +-
 ...h2ResourceServerSecurityConfiguration.java |   6 +-
 .../OAuth2ResourceServerControllerTests.java  |   4 +-
 ...h2ResourceServerSecurityConfiguration.java |   6 +-
 ...OAuth2ResourceServerApplicationITests.java |   4 +-
 .../src/main/java/sample/SecurityConfig.java  |   4 +-
 .../OAuth2ResourceServerControllerTests.java  |  10 +-
 ...h2ResourceServerSecurityConfiguration.java |   2 +-
 .../OAuth2ResourceServerControllerTests.java  |   8 +-
 .../java/sample/config/SecurityConfig.java    |   2 +-
 .../java/sample/config/SecurityConfig.java    |   2 +-
 .../Saml2LoginIntegrationTests.java           |   2 +-
 .../sample/WebfluxFormSecurityConfig.java     |   4 +-
 .../src/main/java/sample/MeController.java    |   2 +-
 .../java/sample/WebfluxX509Application.java   |   2 +-
 .../sample/WebfluxX509ApplicationTest.java    |   4 +-
 .../samples/config/SecurityConfig.java        |   6 +-
 .../samples/config/SecurityConfig.java        |   6 +-
 .../samples/config/SecurityConfig.java        |  24 ++--
 .../samples/config/SecurityConfig.java        |   4 +-
 .../samples/config/SecurityConfig.java        |   4 +-
 .../samples/config/SecurityConfig.java        |   6 +-
 .../samples/config/SecurityConfigTests.java   |   2 +-
 .../samples/config/SecurityConfig.java        |   2 +-
 .../samples/cas/CasSampleProxyTests.java      |   6 +-
 .../security/samples/pages/ContactsPage.java  |   8 +-
 .../java/sample/contact/ContactDaoSpring.java |   6 +-
 .../sample/contact/DataSourcePopulator.java   |   4 +-
 .../server/SecurityMockServerConfigurers.java |  22 ++--
 .../SecurityMockMvcRequestPostProcessors.java |  10 +-
 ...ctorContextTestExecutionListenerTests.java |   6 +-
 ...yMockServerConfigurerOpaqueTokenTests.java |  11 +-
 ...kServerConfigurersClassAnnotatedTests.java |   6 +-
 ...SecurityMockServerConfigurersJwtTests.java |  12 +-
 ...ockServerConfigurersOAuth2ClientTests.java |   4 +-
 ...MockServerConfigurersOAuth2LoginTests.java |  11 +-
 ...tyMockServerConfigurersOidcLoginTests.java |  23 ++--
 .../SecurityMockServerConfigurersTests.java   |   2 +-
 ...yMockMvcRequestBuildersFormLoginTests.java |   2 +-
 ...MockMvcRequestBuildersFormLogoutTests.java |   2 +-
 ...ckMvcRequestPostProcessorsDigestTests.java |   2 +-
 ...yMockMvcRequestPostProcessorsJwtTests.java |  10 +-
 ...equestPostProcessorsOAuth2ClientTests.java |   4 +-
 ...RequestPostProcessorsOAuth2LoginTests.java |  12 +-
 ...vcRequestPostProcessorsOidcLoginTests.java |   8 +-
 ...RequestPostProcessorsOpaqueTokenTests.java |  13 +-
 .../SecurityMockMvcResultMatchersTests.java   |   6 +-
 .../access/ExceptionTranslationFilter.java    |   2 +-
 .../authentication/AuthenticationFilter.java  |   2 +-
 .../logout/CookieClearingLogoutHandler.java   |   2 +-
 .../ui/DefaultLoginPageGeneratingFilter.java  |   2 +-
 .../ui/DefaultLogoutPageGeneratingFilter.java |   2 +-
 .../web/firewall/StrictHttpFirewall.java      |   8 +-
 .../header/writers/CompositeHeaderWriter.java |   2 +-
 .../security/web/http/SecurityHeaders.java    |   2 +-
 ...thenticationPrincipalArgumentResolver.java |   2 +-
 ...urrentSecurityContextArgumentResolver.java |   2 +-
 .../web/savedrequest/DefaultSavedRequest.java |   2 +-
 ...egatingServerAuthenticationEntryPoint.java |  10 +-
 .../server/MatcherSecurityWebFilterChain.java |   2 +-
 ...erverFormLoginAuthenticationConverter.java |   2 +-
 .../web/server/WebFilterChainProxy.java       |  10 +-
 .../AnonymousAuthenticationWebFilter.java     |   2 +-
 ...tionConverterServerWebExchangeMatcher.java |   4 +-
 .../AuthenticationWebFilter.java              |  16 +--
 ...ingServerAuthenticationSuccessHandler.java |   2 +-
 ...PreAuthenticatedAuthenticationManager.java |   2 +-
 ...ectServerAuthenticationSuccessHandler.java |   2 +-
 .../authentication/SwitchUserWebFilter.java   |  16 +--
 .../logout/DelegatingServerLogoutHandler.java |   2 +-
 .../logout/LogoutWebFilter.java               |   6 +-
 .../authorization/AuthorizationWebFilter.java |   7 +-
 ...elegatingReactiveAuthorizationManager.java |   4 +-
 .../ExceptionTranslationWebFilter.java        |   4 +-
 .../HttpStatusServerAccessDeniedHandler.java  |   4 +-
 ...geDelegatingServerAccessDeniedHandler.java |   4 +-
 .../context/ReactorContextWebFilter.java      |   2 +-
 .../SecurityContextServerWebExchange.java     |   2 +-
 ...essionServerSecurityContextRepository.java |   6 +-
 .../web/server/csrf/CsrfWebFilter.java        |  22 ++--
 .../WebSessionServerCsrfTokenRepository.java  |   8 +-
 .../CompositeServerHttpHeadersWriter.java     |   2 +-
 .../CookieServerRequestCache.java             |   8 +-
 .../ServerRequestCacheWebFilter.java          |   4 +-
 .../WebSessionServerRequestCache.java         |   8 +-
 .../transport/HttpsRedirectWebFilter.java     |   6 +-
 .../ui/LoginPageGeneratingWebFilter.java      |   4 +-
 .../ui/LogoutPageGeneratingWebFilter.java     |   6 +-
 .../matcher/AndServerWebExchangeMatcher.java  |  10 +-
 .../NegatedServerWebExchangeMatcher.java      |   4 +-
 .../matcher/OrServerWebExchangeMatcher.java   |   6 +-
 ...PatternParserServerWebExchangeMatcher.java |   4 +-
 .../web/session/ConcurrentSessionFilter.java  |   2 +-
 .../security/web/util/ThrowableAnalyzer.java  |   4 +-
 .../security/web/FilterChainProxyTests.java   |  10 +-
 .../expression/WebExpressionVoterTests.java   |   2 +-
 ...namePasswordAuthenticationFilterTests.java |   2 +-
 ...PreAuthenticatedProcessingFilterTests.java |   2 +-
 ...henticatedAuthenticationProviderTests.java |   2 +-
 ...estAttributeAuthenticationFilterTests.java |   2 +-
 ...equestHeaderAuthenticationFilterTests.java |   2 +-
 ...PreAuthenticatedProcessingFilterTests.java |   2 +-
 ...efaultLogoutPageGeneratingFilterTests.java |   2 +-
 .../www/DigestAuthenticationFilterTests.java  |   2 +-
 .../web/firewall/StrictHttpFirewallTests.java |  12 +-
 .../JaasApiIntegrationFilterTests.java        |   2 +-
 .../security/web/method/ResolvableMethod.java |  24 ++--
 .../savedrequest/CookieRequestCacheTests.java |   2 +-
 .../HttpSessionRequestCacheTests.java         |   2 +-
 .../web/server/WebFilterChainProxyTests.java  |   2 +-
 .../AuthenticationWebFilterTests.java         |  26 ++--
 ...rverAuthenticationSuccessHandlerTests.java |   2 +-
 ...rverAuthenticationFailureHandlerTests.java |   2 +-
 .../SwitchUserWebFilterTests.java             |  12 +-
 .../DelegatingServerLogoutHandlerTests.java   |   2 +-
 .../logout/LogoutWebFilterTests.java          |   2 +-
 .../AuthorizationWebFilterTests.java          |   4 +-
 .../context/ReactorContextWebFilterTests.java |   4 +-
 ...ontextServerWebExchangeWebFilterTests.java |  20 +--
 ...SessionServerCsrfTokenRepositoryTests.java |   2 +-
 ...CompositeServerHttpHeadersWriterTests.java |   6 +-
 .../CookieServerRequestCacheTests.java        |   2 +-
 .../WebSessionServerRequestCacheTests.java    |   2 +-
 .../ui/LoginPageGeneratingWebFilterTests.java |   4 +-
 426 files changed, 1668 insertions(+), 1617 deletions(-)

diff --git a/acl/src/main/java/org/springframework/security/acls/jdbc/BasicLookupStrategy.java b/acl/src/main/java/org/springframework/security/acls/jdbc/BasicLookupStrategy.java
index 0b69010fd2..6258b27495 100644
--- a/acl/src/main/java/org/springframework/security/acls/jdbc/BasicLookupStrategy.java
+++ b/acl/src/main/java/org/springframework/security/acls/jdbc/BasicLookupStrategy.java
@@ -231,7 +231,7 @@ public class BasicLookupStrategy implements LookupStrategy {
 
 		String sql = computeRepeatingSql(this.lookupPrimaryKeysWhereClause, findNow.size());
 
-		Set<Long> parentsToLookup = this.jdbcTemplate.query(sql, ps -> {
+		Set<Long> parentsToLookup = this.jdbcTemplate.query(sql, (ps) -> {
 			int i = 0;
 
 			for (Long toFind : findNow) {
@@ -358,7 +358,7 @@ public class BasicLookupStrategy implements LookupStrategy {
 		// (including markers to each parent in the hierarchy)
 		String sql = computeRepeatingSql(this.lookupObjectIdentitiesWhereClause, objectIdentities.size());
 
-		Set<Long> parentsToLookup = this.jdbcTemplate.query(sql, ps -> {
+		Set<Long> parentsToLookup = this.jdbcTemplate.query(sql, (ps) -> {
 			int i = 0;
 			for (ObjectIdentity oid : objectIdentities) {
 				// Determine prepared statement values for this iteration
diff --git a/buildSrc/src/main/java/lock/GlobalLockPlugin.java b/buildSrc/src/main/java/lock/GlobalLockPlugin.java
index 955e73e681..ee458eb0d4 100644
--- a/buildSrc/src/main/java/lock/GlobalLockPlugin.java
+++ b/buildSrc/src/main/java/lock/GlobalLockPlugin.java
@@ -9,7 +9,7 @@ import org.gradle.api.Project;
 public class GlobalLockPlugin implements Plugin<Project> {
 	@Override
 	public void apply(Project project) {
-		project.getTasks().register("writeLocks", GlobalLockTask.class, writeAll -> {
+		project.getTasks().register("writeLocks", GlobalLockTask.class, (writeAll) -> {
 			writeAll.setDescription("Writes the locks for all projects");
 		});
 	}
diff --git a/buildSrc/src/main/java/trang/TrangPlugin.java b/buildSrc/src/main/java/trang/TrangPlugin.java
index d447b64bb4..02ca3746ad 100644
--- a/buildSrc/src/main/java/trang/TrangPlugin.java
+++ b/buildSrc/src/main/java/trang/TrangPlugin.java
@@ -10,7 +10,7 @@ import org.gradle.api.Project;
 public class TrangPlugin implements Plugin<Project> {
 	@Override
 	public void apply(Project project) {
-		project.getTasks().register("rncToXsd", RncToXsd.class, rncToXsd -> {
+		project.getTasks().register("rncToXsd", RncToXsd.class, (rncToXsd) -> {
 			rncToXsd.setDescription("Converts .rnc to .xsd");
 			rncToXsd.setGroup("Build");
 		});
diff --git a/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationFilterTests.java b/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationFilterTests.java
index f8c141f7b4..e37c07619f 100644
--- a/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationFilterTests.java
+++ b/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationFilterTests.java
@@ -71,7 +71,7 @@ public class CasAuthenticationFilterTests {
 		request.addParameter("ticket", "ST-0-ER94xMJmn6pha35CQRoZ");
 
 		CasAuthenticationFilter filter = new CasAuthenticationFilter();
-		filter.setAuthenticationManager(a -> a);
+		filter.setAuthenticationManager((a) -> a);
 
 		assertThat(filter.requiresAuthentication(request, new MockHttpServletResponse())).isTrue();
 
@@ -82,7 +82,7 @@ public class CasAuthenticationFilterTests {
 	@Test(expected = AuthenticationException.class)
 	public void testNullServiceTicketHandledGracefully() throws Exception {
 		CasAuthenticationFilter filter = new CasAuthenticationFilter();
-		filter.setAuthenticationManager(a -> {
+		filter.setAuthenticationManager((a) -> {
 			throw new BadCredentialsException("Rejected");
 		});
 
diff --git a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/JwtITests.java b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/JwtITests.java
index b5d412b8a0..4ef09c80d9 100644
--- a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/JwtITests.java
+++ b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/JwtITests.java
@@ -155,7 +155,7 @@ public class JwtITests {
 
 		@Bean
 		PayloadSocketAcceptorInterceptor rsocketInterceptor(RSocketSecurity rsocket) {
-			rsocket.authorizePayload(authorize -> authorize.anyRequest().authenticated().anyExchange().permitAll())
+			rsocket.authorizePayload((authorize) -> authorize.anyRequest().authenticated().anyExchange().permitAll())
 					.jwt(Customizer.withDefaults());
 			return rsocket.build();
 		}
diff --git a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerConnectionITests.java b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerConnectionITests.java
index 9f6ed43885..01c3095b9f 100644
--- a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerConnectionITests.java
+++ b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerConnectionITests.java
@@ -244,7 +244,7 @@ public class RSocketMessageHandlerConnectionITests {
 
 		@Bean
 		PayloadSocketAcceptorInterceptor rsocketInterceptor(RSocketSecurity rsocket) {
-			rsocket.authorizePayload(authorize -> authorize.setup().hasRole("SETUP").route("secure.admin.*")
+			rsocket.authorizePayload((authorize) -> authorize.setup().hasRole("SETUP").route("secure.admin.*")
 					.hasRole("ADMIN").route("secure.**").hasRole("USER").route("secure.authority.*")
 					.hasAuthority("ROLE_USER").route("management.*").hasAnyAuthority("ROLE_ADMIN").route("prohibit")
 					.denyAll().anyRequest().permitAll()).basicAuthentication(Customizer.withDefaults());
diff --git a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerITests.java b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerITests.java
index 4997af8aed..ebe6c0f996 100644
--- a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerITests.java
+++ b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerITests.java
@@ -81,7 +81,7 @@ public class RSocketMessageHandlerITests {
 				.transport(TcpServerTransport.create("localhost", 0)).start().block();
 
 		this.requester = RSocketRequester.builder()
-				// .rsocketFactory(factory ->
+				// .rsocketFactory((factory) ->
 				// factory.addRequesterPlugin(payloadInterceptor))
 				.rsocketStrategies(this.handler.getRSocketStrategies())
 				.connectTcp("localhost", this.server.address().getPort()).block();
@@ -221,7 +221,7 @@ public class RSocketMessageHandlerITests {
 
 		@Bean
 		PayloadSocketAcceptorInterceptor rsocketInterceptor(RSocketSecurity rsocket) {
-			rsocket.authorizePayload(authorize -> {
+			rsocket.authorizePayload((authorize) -> {
 				authorize.route("secure.*").authenticated().anyExchange().permitAll();
 			}).basicAuthentication(Customizer.withDefaults());
 			return rsocket.build();
@@ -242,7 +242,7 @@ public class RSocketMessageHandlerITests {
 
 		@MessageMapping({ "secure.retrieve-flux", "retrieve-flux" })
 		Flux<String> retrieveFlux(Flux<String> payload) {
-			return payload.doOnNext(this::add).map(p -> "hello " + p);
+			return payload.doOnNext(this::add).map((p) -> "hello " + p);
 		}
 
 		@MessageMapping({ "secure.send", "send" })
diff --git a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/SimpleAuthenticationITests.java b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/SimpleAuthenticationITests.java
index 6dc34ec2dd..2598c152cb 100644
--- a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/SimpleAuthenticationITests.java
+++ b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/SimpleAuthenticationITests.java
@@ -139,7 +139,7 @@ public class SimpleAuthenticationITests {
 
 		@Bean
 		PayloadSocketAcceptorInterceptor rsocketInterceptor(RSocketSecurity rsocket) {
-			rsocket.authorizePayload(authorize -> authorize.anyRequest().authenticated().anyExchange().permitAll())
+			rsocket.authorizePayload((authorize) -> authorize.anyRequest().authenticated().anyExchange().permitAll())
 					.simpleAuthentication(Customizer.withDefaults());
 			return rsocket.build();
 		}
diff --git a/config/src/integration-test/java/org/springframework/security/config/ldap/LdapProviderBeanDefinitionParserTests.java b/config/src/integration-test/java/org/springframework/security/config/ldap/LdapProviderBeanDefinitionParserTests.java
index 250197b140..01edcd9f47 100644
--- a/config/src/integration-test/java/org/springframework/security/config/ldap/LdapProviderBeanDefinitionParserTests.java
+++ b/config/src/integration-test/java/org/springframework/security/config/ldap/LdapProviderBeanDefinitionParserTests.java
@@ -135,8 +135,8 @@ public class LdapProviderBeanDefinitionParserTests {
 
 		ProviderManager providerManager = this.appCtx.getBean(BeanIds.AUTHENTICATION_MANAGER, ProviderManager.class);
 		assertThat(providerManager.getProviders()).hasSize(1);
-		assertThat(providerManager.getProviders()).extracting("userDetailsContextMapper")
-				.allSatisfy(contextMapper -> assertThat(contextMapper).isInstanceOf(InetOrgPersonContextMapper.class));
+		assertThat(providerManager.getProviders()).extracting("userDetailsContextMapper").allSatisfy(
+				(contextMapper) -> assertThat(contextMapper).isInstanceOf(InetOrgPersonContextMapper.class));
 	}
 
 	@Test
@@ -153,10 +153,10 @@ public class LdapProviderBeanDefinitionParserTests {
 
 		AuthenticationProvider authenticationProvider = providerManager.getProviders().get(0);
 		assertThat(authenticationProvider).extracting("authenticator.userDnFormat")
-				.satisfies(messageFormats -> assertThat(messageFormats)
+				.satisfies((messageFormats) -> assertThat(messageFormats)
 						.isEqualTo(new MessageFormat[] { new MessageFormat("uid={0},ou=people") }));
 		assertThat(authenticationProvider).extracting("authoritiesPopulator.groupSearchFilter")
-				.satisfies(searchFilter -> assertThat(searchFilter).isEqualTo("member={0}"));
+				.satisfies((searchFilter) -> assertThat(searchFilter).isEqualTo("member={0}"));
 	}
 
 }
diff --git a/config/src/main/java/org/springframework/security/config/Customizer.java b/config/src/main/java/org/springframework/security/config/Customizer.java
index 8433a3c7de..fc68b127e0 100644
--- a/config/src/main/java/org/springframework/security/config/Customizer.java
+++ b/config/src/main/java/org/springframework/security/config/Customizer.java
@@ -37,7 +37,7 @@ public interface Customizer<T> {
 	 * @return a {@link Customizer} that does not alter the input argument.
 	 */
 	static <T> Customizer<T> withDefaults() {
-		return t -> {
+		return (t) -> {
 		};
 	}
 
diff --git a/config/src/main/java/org/springframework/security/config/annotation/rsocket/RSocketSecurity.java b/config/src/main/java/org/springframework/security/config/annotation/rsocket/RSocketSecurity.java
index ab47073dab..85bde9ee27 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/rsocket/RSocketSecurity.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/rsocket/RSocketSecurity.java
@@ -60,7 +60,7 @@ import org.springframework.security.rsocket.util.matcher.RoutePayloadExchangeMat
  *     &#064;Bean
  *     PayloadSocketAcceptorInterceptor rsocketInterceptor(RSocketSecurity rsocket) {
  *         rsocket
- *             .authorizePayload(authorize ->
+ *             .authorizePayload((authorize) ->
  *                 authorize
  *                     .anyRequest().authenticated()
  *             );
@@ -87,7 +87,7 @@ import org.springframework.security.rsocket.util.matcher.RoutePayloadExchangeMat
  *     &#064;Bean
  *     PayloadSocketAcceptorInterceptor rsocketInterceptor(RSocketSecurity rsocket) {
  *         rsocket
- *             .authorizePayload(authorize ->
+ *             .authorizePayload((authorize) ->
  *                 authorize
  *                     // must have ROLE_SETUP to make connection
  *                     .setup().hasRole("SETUP")
diff --git a/config/src/main/java/org/springframework/security/config/annotation/rsocket/SecuritySocketAcceptorInterceptorConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/rsocket/SecuritySocketAcceptorInterceptorConfiguration.java
index 57804f171f..7e36fbfcde 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/rsocket/SecuritySocketAcceptorInterceptorConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/rsocket/SecuritySocketAcceptorInterceptorConfiguration.java
@@ -47,8 +47,8 @@ class SecuritySocketAcceptorInterceptorConfiguration {
 			throw new NoSuchBeanDefinitionException("No RSocketSecurity defined");
 		}
 		rsocket.basicAuthentication(Customizer.withDefaults()).simpleAuthentication(Customizer.withDefaults())
-				.authorizePayload(authz -> authz.setup().authenticated().anyRequest().authenticated()
-						.matcher(e -> MatchResult.match()).permitAll());
+				.authorizePayload((authz) -> authz.setup().authenticated().anyRequest().authenticated()
+						.matcher((e) -> MatchResult.match()).permitAll());
 		return rsocket.build();
 	}
 
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java b/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java
index cfeedfd26d..002676eef2 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java
@@ -260,11 +260,11 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * 	&#064;Override
 	 * 	protected void configure(HttpSecurity http) {
 	 * 		http
-	 * 			.authorizeRequests(authorizeRequests ->
+	 * 			.authorizeRequests((authorizeRequests) ->
 	 * 				authorizeRequests
 	 * 					.antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
 	 * 			)
-	 * 			.openidLogin(openidLogin ->
+	 * 			.openidLogin((openidLogin) ->
 	 * 				openidLogin
 	 * 					.permitAll()
 	 * 			);
@@ -293,48 +293,48 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 *
 	 * 	&#064;Override
 	 * 	protected void configure(HttpSecurity http) throws Exception {
-	 * 		http.authorizeRequests(authorizeRequests ->
+	 * 		http.authorizeRequests((authorizeRequests) ->
 	 * 				authorizeRequests
 	 * 					.antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
 	 * 			)
-	 * 			.openidLogin(openidLogin ->
+	 * 			.openidLogin((openidLogin) ->
 	 * 				openidLogin
 	 * 					.loginPage(&quot;/login&quot;)
 	 * 					.permitAll()
 	 * 					.authenticationUserDetailsService(
 	 * 						new AutoProvisioningUserDetailsService())
-	 * 					.attributeExchange(googleExchange ->
+	 * 					.attributeExchange((googleExchange) ->
 	 * 						googleExchange
 	 * 							.identifierPattern(&quot;https://www.google.com/.*&quot;)
-	 * 							.attribute(emailAttribute ->
+	 * 							.attribute((emailAttribute) ->
 	 * 								emailAttribute
 	 * 									.name(&quot;email&quot;)
 	 * 									.type(&quot;https://axschema.org/contact/email&quot;)
 	 * 									.required(true)
 	 * 							)
-	 * 							.attribute(firstnameAttribute ->
+	 * 							.attribute((firstnameAttribute) ->
 	 * 								firstnameAttribute
 	 * 									.name(&quot;firstname&quot;)
 	 * 									.type(&quot;https://axschema.org/namePerson/first&quot;)
 	 * 									.required(true)
 	 * 							)
-	 * 							.attribute(lastnameAttribute ->
+	 * 							.attribute((lastnameAttribute) ->
 	 * 								lastnameAttribute
 	 * 									.name(&quot;lastname&quot;)
 	 * 									.type(&quot;https://axschema.org/namePerson/last&quot;)
 	 * 									.required(true)
 	 * 							)
 	 * 					)
-	 * 					.attributeExchange(yahooExchange ->
+	 * 					.attributeExchange((yahooExchange) ->
 	 * 						yahooExchange
 	 * 							.identifierPattern(&quot;.*yahoo.com.*&quot;)
-	 * 							.attribute(emailAttribute ->
+	 * 							.attribute((emailAttribute) ->
 	 * 								emailAttribute
 	 * 									.name(&quot;email&quot;)
 	 * 									.type(&quot;https://schema.openid.net/contact/email&quot;)
 	 * 									.required(true)
 	 * 							)
-	 * 							.attribute(fullnameAttribute ->
+	 * 							.attribute((fullnameAttribute) ->
 	 * 								fullnameAttribute
 	 * 									.name(&quot;fullname&quot;)
 	 * 									.type(&quot;https://axschema.org/namePerson&quot;)
@@ -488,7 +488,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 *	&#064;Override
 	 *	protected void configure(HttpSecurity http) throws Exception {
 	 *		http
-	 *			.headers(headers ->
+	 *			.headers((headers) ->
 	 *				headers
 	 *					.contentTypeOptions(withDefaults())
 	 *					.xssProtection(withDefaults())
@@ -510,7 +510,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 *	&#064;Override
 	 *	protected void configure(HttpSecurity http) throws Exception {
 	 * 		http
-	 * 			.headers(headers -> headers.disable());
+	 * 			.headers((headers) -> headers.disable());
 	 *	}
 	 * }
 	 * </pre>
@@ -529,7 +529,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 *	&#064;Override
 	 *	protected void configure(HttpSecurity http) throws Exception {
 	 *		http
-	 *			.headers(headers ->
+	 *			.headers((headers) ->
 	 *				headers
 	 *			 		.defaultsDisabled()
 	 *			 		.cacheControl(withDefaults())
@@ -551,9 +551,9 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * 	&#064;Override
 	 *  protected void configure(HttpSecurity http) throws Exception {
 	 *  	http
-	 *  		.headers(headers ->
+	 *  		.headers((headers) ->
 	 *  			headers
-	 *  				.frameOptions(frameOptions -> frameOptions.disable())
+	 *  				.frameOptions((frameOptions) -> frameOptions.disable())
 	 *  		);
 	 * }
 	 * </pre>
@@ -677,17 +677,17 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * 	&#064;Override
 	 * 	protected void configure(HttpSecurity http) throws Exception {
 	 * 		http
-	 * 			.authorizeRequests(authorizeRequests ->
+	 * 			.authorizeRequests((authorizeRequests) ->
 	 * 				authorizeRequests
 	 * 					.anyRequest().hasRole(&quot;USER&quot;)
 	 * 			)
-	 * 			.formLogin(formLogin ->
+	 * 			.formLogin((formLogin) ->
 	 * 				formLogin
 	 * 					.permitAll()
 	 * 			)
-	 * 			.sessionManagement(sessionManagement ->
+	 * 			.sessionManagement((sessionManagement) ->
 	 * 				sessionManagement
-	 * 					.sessionConcurrency(sessionConcurrency ->
+	 * 					.sessionConcurrency((sessionConcurrency) ->
 	 * 						sessionConcurrency
 	 * 							.maximumSessions(1)
 	 * 							.expiredUrl(&quot;/login?expired&quot;)
@@ -788,11 +788,11 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * 	&#064;Override
 	 * 	protected void configure(HttpSecurity http) throws Exception {
 	 * 		http
-	 * 			.requiresChannel(requiresChannel ->
+	 * 			.requiresChannel((requiresChannel) ->
 	 * 				requiresChannel
 	 * 					.anyRequest().requiresSecure()
 	 * 			)
-	 * 			.portMapper(portMapper ->
+	 * 			.portMapper((portMapper) ->
 	 * 				portMapper
 	 * 					.http(9090).mapsTo(9443)
 	 * 					.http(80).mapsTo(443)
@@ -901,11 +901,11 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * 	&#064;Override
 	 * 	protected void configure(HttpSecurity http) throws Exception {
 	 * 		http
-	 * 			.authorizeRequests(authorizeRequests ->
+	 * 			.authorizeRequests((authorizeRequests) ->
 	 * 				authorizeRequests
 	 * 					.antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
 	 * 			)
-	 * 			.jee(jee ->
+	 * 			.jee((jee) ->
 	 * 				jee
 	 * 					.mappableRoles(&quot;USER&quot;, &quot;ADMIN&quot;)
 	 * 			);
@@ -1009,7 +1009,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * 	&#064;Override
 	 * 	protected void configure(HttpSecurity http) throws Exception {
 	 * 		http
-	 * 			.authorizeRequests(authorizeRequests ->
+	 * 			.authorizeRequests((authorizeRequests) ->
 	 * 				authorizeRequests
 	 * 					.antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
 	 * 			)
@@ -1081,7 +1081,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * 	&#064;Override
 	 * 	protected void configure(HttpSecurity http) throws Exception {
 	 * 		http
-	 * 			.authorizeRequests(authorizeRequests ->
+	 * 			.authorizeRequests((authorizeRequests) ->
 	 * 				authorizeRequests
 	 * 					.antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
 	 * 			)
@@ -1188,7 +1188,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * 	&#064;Override
 	 * 	protected void configure(HttpSecurity http) throws Exception {
 	 * 		http
-	 * 			.authorizeRequests(authorizeRequests ->
+	 * 			.authorizeRequests((authorizeRequests) ->
 	 * 				authorizeRequests
 	 * 					.antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
 	 * 			)
@@ -1209,7 +1209,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * 	&#064;Override
 	 * 	protected void configure(HttpSecurity http) throws Exception {
 	 * 		http
-	 * 			.authorizeRequests(authorizeRequests ->
+	 * 			.authorizeRequests((authorizeRequests) ->
 	 * 				authorizeRequests
 	 * 					.antMatchers(&quot;/admin/**&quot;).hasRole(&quot;ADMIN&quot;)
 	 * 					.antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
@@ -1231,7 +1231,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * 	&#064;Override
 	 * 	protected void configure(HttpSecurity http) throws Exception {
 	 * 		 http
-	 * 		 	.authorizeRequests(authorizeRequests ->
+	 * 		 	.authorizeRequests((authorizeRequests) ->
 	 * 		 		authorizeRequests
 	 * 			 		.antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
 	 * 			 		.antMatchers(&quot;/admin/**&quot;).hasRole(&quot;ADMIN&quot;)
@@ -1286,11 +1286,11 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * 	&#064;Override
 	 * 	protected void configure(HttpSecurity http) throws Exception {
 	 * 		http
-	 * 			.authorizeRequests(authorizeRequests ->
+	 * 			.authorizeRequests((authorizeRequests) ->
 	 * 				authorizeRequests
 	 * 					.antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
 	 * 			)
-	 * 			.requestCache(requestCache ->
+	 * 			.requestCache((requestCache) ->
 	 * 				requestCache.disable()
 	 * 			);
 	 * 	}
@@ -1334,12 +1334,12 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * 	&#064;Override
 	 * 	protected void configure(HttpSecurity http) throws Exception {
 	 * 		http
-	 * 			.authorizeRequests(authorizeRequests ->
+	 * 			.authorizeRequests((authorizeRequests) ->
 	 * 				authorizeRequests
 	 * 					.antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
 	 * 			)
 	 * 			// sample exception handling customization
-	 * 			.exceptionHandling(exceptionHandling ->
+	 * 			.exceptionHandling((exceptionHandling) ->
 	 * 				exceptionHandling
 	 * 					.accessDeniedPage(&quot;/errors/access-denied&quot;)
 	 * 			);
@@ -1383,7 +1383,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * 	&#064;Override
 	 * 	protected void configure(HttpSecurity http) throws Exception {
 	 * 		http
-	 * 			.securityContext(securityContext ->
+	 * 			.securityContext((securityContext) ->
 	 * 				securityContext
 	 * 					.securityContextRepository(SCR)
 	 * 			);
@@ -1425,7 +1425,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * 	&#064;Override
 	 * 	protected void configure(HttpSecurity http) throws Exception {
 	 * 		http
-	 * 			.servletApi(servletApi ->
+	 * 			.servletApi((servletApi) ->
 	 * 				servletApi.disable()
 	 * 			);
 	 * 	}
@@ -1481,7 +1481,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * 	&#064;Override
 	 *     protected void configure(HttpSecurity http) throws Exception {
 	 *         http
-	 *             .csrf(csrf -> csrf.disable());
+	 *             .csrf((csrf) -> csrf.disable());
 	 *     }
 	 * }
 	 * </pre>
@@ -1557,13 +1557,13 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * 	&#064;Override
 	 * 	protected void configure(HttpSecurity http) throws Exception {
 	 * 		http
-	 * 			.authorizeRequests(authorizeRequests ->
+	 * 			.authorizeRequests((authorizeRequests) ->
 	 * 				authorizeRequests
 	 * 					.antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
 	 * 			)
 	 * 			.formLogin(withDefaults())
 	 * 			// sample logout customization
-	 * 			.logout(logout ->
+	 * 			.logout((logout) ->
 	 * 				logout.deleteCookies(&quot;remove&quot;)
 	 * 					.invalidateHttpSession(false)
 	 * 					.logoutUrl(&quot;/custom-logout&quot;)
@@ -1672,13 +1672,13 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * 	&#064;Override
 	 * 	protected void configure(HttpSecurity http) throws Exception {
 	 * 		http
-	 * 			.authorizeRequests(authorizeRequests ->
+	 * 			.authorizeRequests((authorizeRequests) ->
 	 * 				authorizeRequests
 	 * 					.antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
 	 * 			)
 	 * 			.formLogin(withDefaults())
 	 * 			// sample anonymous customization
-	 * 			.anonymous(anonymous ->
+	 * 			.anonymous((anonymous) ->
 	 * 				anonymous
 	 * 					.authorities(&quot;ROLE_ANON&quot;)
 	 * 			)
@@ -1698,13 +1698,13 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * 	&#064;Override
 	 * 	protected void configure(HttpSecurity http) throws Exception {
 	 * 		http
-	 * 			.authorizeRequests(authorizeRequests ->
+	 * 			.authorizeRequests((authorizeRequests) ->
 	 * 				authorizeRequests
 	 * 					.antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
 	 * 			)
 	 * 			.formLogin(withDefaults())
 	 * 			// sample anonymous customization
-	 * 			.anonymous(anonymous ->
+	 * 			.anonymous((anonymous) ->
 	 * 				anonymous.disable()
 	 * 			);
 	 * 	}
@@ -1807,7 +1807,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * 	&#064;Override
 	 * 	protected void configure(HttpSecurity http) throws Exception {
 	 * 		http
-	 * 			.authorizeRequests(authorizeRequests ->
+	 * 			.authorizeRequests((authorizeRequests) ->
 	 * 				authorizeRequests
 	 * 					.antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
 	 * 			)
@@ -1826,11 +1826,11 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * 	&#064;Override
 	 * 	protected void configure(HttpSecurity http) throws Exception {
 	 * 		http
-	 * 			.authorizeRequests(authorizeRequests ->
+	 * 			.authorizeRequests((authorizeRequests) ->
 	 * 				authorizeRequests
 	 * 					.antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
 	 * 			)
-	 * 			.formLogin(formLogin ->
+	 * 			.formLogin((formLogin) ->
 	 * 				formLogin
 	 * 					.usernameParameter(&quot;username&quot;)
 	 * 					.passwordParameter(&quot;password&quot;)
@@ -2184,7 +2184,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * 		&#064;Override
 	 * 		protected void configure(HttpSecurity http) throws Exception {
 	 * 			http
-	 * 				.authorizeRequests(authorizeRequests ->
+	 * 				.authorizeRequests((authorizeRequests) ->
 	 * 					authorizeRequests
 	 * 						.anyRequest().authenticated()
 	 * 				)
@@ -2268,7 +2268,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * 	&#064;Override
 	 * 	protected void configure(HttpSecurity http) throws Exception {
 	 * 		http
-	 * 			.authorizeRequests(authorizeRequests ->
+	 * 			.authorizeRequests((authorizeRequests) ->
 	 * 				authorizeRequests
 	 * 					.anyRequest().authenticated()
 	 * 			)
@@ -2325,13 +2325,13 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * 	&#064;Override
 	 * 	protected void configure(HttpSecurity http) throws Exception {
 	 * 		http
-	 * 			.authorizeRequests(authorizeRequests ->
+	 * 			.authorizeRequests((authorizeRequests) ->
 	 * 				authorizeRequests
 	 * 					.anyRequest().authenticated()
 	 * 			)
-	 * 			.oauth2ResourceServer(oauth2ResourceServer ->
+	 * 			.oauth2ResourceServer((oauth2ResourceServer) ->
 	 * 				oauth2ResourceServer
-	 * 					.jwt(jwt ->
+	 * 					.jwt((jwt) ->
 	 * 						jwt
 	 * 							.decoder(jwtDecoder())
 	 * 					)
@@ -2418,12 +2418,12 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * 	&#064;Override
 	 * 	protected void configure(HttpSecurity http) throws Exception {
 	 * 		http
-	 * 			.authorizeRequests(authorizeRequests ->
+	 * 			.authorizeRequests((authorizeRequests) ->
 	 * 				authorizeRequests
 	 * 					.antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
 	 * 			)
 	 * 			.formLogin(withDefaults())
-	 * 			.requiresChannel(requiresChannel ->
+	 * 			.requiresChannel((requiresChannel) ->
 	 * 				requiresChannel
 	 * 					.anyRequest().requiresSecure()
 	 * 			);
@@ -2492,7 +2492,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * 	&#064;Override
 	 * 	protected void configure(HttpSecurity http) throws Exception {
 	 * 		http
-	 * 			.authorizeRequests(authorizeRequests ->
+	 * 			.authorizeRequests((authorizeRequests) ->
 	 * 				authorizeRequests
 	 * 					.antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
 	 * 			)
@@ -2727,11 +2727,11 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * 	&#064;Override
 	 * 	protected void configure(HttpSecurity http) throws Exception {
 	 * 		http
-	 * 			.requestMatchers(requestMatchers ->
+	 * 			.requestMatchers((requestMatchers) ->
 	 * 				requestMatchers
 	 * 					.antMatchers(&quot;/api/**&quot;, &quot;/oauth/**&quot;)
 	 * 			)
-	 * 			.authorizeRequests(authorizeRequests ->
+	 * 			.authorizeRequests((authorizeRequests) ->
 	 * 				authorizeRequests
 	 * 					.antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
 	 * 			)
@@ -2750,12 +2750,12 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * 	&#064;Override
 	 * 	protected void configure(HttpSecurity http) throws Exception {
 	 * 		http
-	 * 			.requestMatchers(requestMatchers ->
+	 * 			.requestMatchers((requestMatchers) ->
 	 * 				requestMatchers
 	 * 					.antMatchers(&quot;/api/**&quot;)
 	 * 					.antMatchers(&quot;/oauth/**&quot;)
 	 * 			)
-	 * 			.authorizeRequests(authorizeRequests ->
+	 * 			.authorizeRequests((authorizeRequests) ->
 	 * 				authorizeRequests
 	 * 					.antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
 	 * 			)
@@ -2774,15 +2774,15 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * 	&#064;Override
 	 * 	protected void configure(HttpSecurity http) throws Exception {
 	 * 		http
-	 * 			.requestMatchers(requestMatchers ->
+	 * 			.requestMatchers((requestMatchers) ->
 	 * 				requestMatchers
 	 * 					.antMatchers(&quot;/api/**&quot;)
 	 * 			)
-	 *			.requestMatchers(requestMatchers ->
+	 *			.requestMatchers((requestMatchers) ->
 	 *			requestMatchers
 	 * 				.antMatchers(&quot;/oauth/**&quot;)
 	 * 			)
-	 * 			.authorizeRequests(authorizeRequests ->
+	 * 			.authorizeRequests((authorizeRequests) ->
 	 * 				authorizeRequests
 	 * 					.antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
 	 * 			)
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfiguration.java
index 98c7fcc37a..9b6e11ec87 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfiguration.java
@@ -119,9 +119,8 @@ final class OAuth2ClientConfiguration {
 			if (this.clientRegistrationRepository != null && this.authorizedClientRepository != null) {
 				if (this.accessTokenResponseClient != null) {
 					OAuth2AuthorizedClientProvider authorizedClientProvider = OAuth2AuthorizedClientProviderBuilder
-							.builder().authorizationCode().refreshToken()
-							.clientCredentials(
-									configurer -> configurer.accessTokenResponseClient(this.accessTokenResponseClient))
+							.builder().authorizationCode().refreshToken().clientCredentials((configurer) -> configurer
+									.accessTokenResponseClient(this.accessTokenResponseClient))
 							.password().build();
 					DefaultOAuth2AuthorizedClientManager defaultAuthorizedClientManager = new DefaultOAuth2AuthorizedClientManager(
 							this.clientRegistrationRepository, this.authorizedClientRepository);
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfiguration.java
index 72c6d92801..2e59665ff4 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfiguration.java
@@ -72,7 +72,7 @@ class SecurityReactorContextConfiguration {
 			Function<? super Publisher<Object>, ? extends Publisher<Object>> lifter = Operators
 					.liftPublisher((pub, sub) -> createSubscriberIfNecessary(sub));
 
-			Hooks.onLastOperator(SECURITY_REACTOR_CONTEXT_OPERATOR_KEY, pub -> {
+			Hooks.onLastOperator(SECURITY_REACTOR_CONTEXT_OPERATOR_KEY, (pub) -> {
 				if (!contextAttributesAvailable()) {
 					// No need to decorate so return original Publisher
 					return pub;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurer.java
index 596cdb39e4..44f7dd85b7 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurer.java
@@ -170,7 +170,7 @@ public final class CsrfConfigurer<H extends HttpSecurityBuilder<H>>
 	 * <pre>
 	 * http
 	 *     .csrf()
-	 *         .ignoringRequestMatchers(request -> "XMLHttpRequest".equals(request.getHeader("X-Requested-With")))
+	 *         .ignoringRequestMatchers((request) -> "XMLHttpRequest".equals(request.getHeader("X-Requested-With")))
 	 *         .and()
 	 *     ...
 	 * </pre>
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/DefaultLoginPageConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/DefaultLoginPageConfigurer.java
index 6d9482bed7..315e27a806 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/DefaultLoginPageConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/DefaultLoginPageConfigurer.java
@@ -76,7 +76,7 @@ public final class DefaultLoginPageConfigurer<H extends HttpSecurityBuilder<H>>
 
 	@Override
 	public void init(H http) {
-		Function<HttpServletRequest, Map<String, String>> hiddenInputs = request -> {
+		Function<HttpServletRequest, Map<String, String>> hiddenInputs = (request) -> {
 			CsrfToken token = (CsrfToken) request.getAttribute(CsrfToken.class.getName());
 			if (token == null) {
 				return Collections.emptyMap();
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java
index 4c5a7d1472..1d111b866a 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java
@@ -504,7 +504,7 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>
 				? this.authorizationEndpointConfig.authorizationRequestBaseUri
 				: OAuth2AuthorizationRequestRedirectFilter.DEFAULT_AUTHORIZATION_REQUEST_BASE_URI;
 		Map<String, String> loginUrlToClientName = new HashMap<>();
-		clientRegistrations.forEach(registration -> loginUrlToClientName.put(
+		clientRegistrations.forEach((registration) -> loginUrlToClientName.put(
 				authorizationRequestBaseUri + "/" + registration.getRegistrationId(), registration.getClientName()));
 
 		return loginUrlToClientName;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurer.java
index 2ae3b43bce..53db1292f7 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurer.java
@@ -242,7 +242,7 @@ public final class OAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<
 		AuthenticationManagerResolver resolver = this.authenticationManagerResolver;
 		if (resolver == null) {
 			AuthenticationManager authenticationManager = getAuthenticationManager(http);
-			resolver = request -> authenticationManager;
+			resolver = (request) -> authenticationManager;
 		}
 
 		BearerTokenAuthenticationFilter filter = new BearerTokenAuthenticationFilter(resolver);
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurer.java
index 7811cb40e4..e73183dc28 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurer.java
@@ -303,7 +303,7 @@ public final class Saml2LoginConfigurer<B extends HttpSecurityBuilder<B>>
 		Map<String, String> idps = new LinkedHashMap<>();
 		if (idpRepo instanceof Iterable) {
 			Iterable<RelyingPartyRegistration> repo = (Iterable<RelyingPartyRegistration>) idpRepo;
-			repo.forEach(p -> idps.put(authRequestPrefixUrl.replace("{registrationId}", p.getRegistrationId()),
+			repo.forEach((p) -> idps.put(authRequestPrefixUrl.replace("{registrationId}", p.getRegistrationId()),
 					p.getRegistrationId()));
 		}
 		return idps;
diff --git a/config/src/main/java/org/springframework/security/config/crypto/RsaKeyConversionServicePostProcessor.java b/config/src/main/java/org/springframework/security/config/crypto/RsaKeyConversionServicePostProcessor.java
index 1d7892a626..6fbde50351 100644
--- a/config/src/main/java/org/springframework/security/config/crypto/RsaKeyConversionServicePostProcessor.java
+++ b/config/src/main/java/org/springframework/security/config/crypto/RsaKeyConversionServicePostProcessor.java
@@ -76,7 +76,7 @@ public class RsaKeyConversionServicePostProcessor implements BeanFactoryPostProc
 			registry.addConverter(String.class, RSAPublicKey.class, x509);
 		}
 		else {
-			beanFactory.addPropertyEditorRegistrar(registry -> {
+			beanFactory.addPropertyEditorRegistrar((registry) -> {
 				registry.registerCustomEditor(RSAPublicKey.class, new ConverterPropertyEditorAdapter<>(x509));
 				registry.registerCustomEditor(RSAPrivateKey.class, new ConverterPropertyEditorAdapter<>(pkcs8));
 			});
@@ -101,7 +101,7 @@ public class RsaKeyConversionServicePostProcessor implements BeanFactoryPostProc
 	}
 
 	private Converter<String, InputStream> pemInputStreamConverter() {
-		return source -> source.startsWith("-----") ? toInputStream(source)
+		return (source) -> source.startsWith("-----") ? toInputStream(source)
 				: toInputStream(this.resourceLoader.getResource(source));
 	}
 
@@ -119,7 +119,7 @@ public class RsaKeyConversionServicePostProcessor implements BeanFactoryPostProc
 	}
 
 	private <T> Converter<InputStream, T> autoclose(Converter<InputStream, T> inputStreamKeyConverter) {
-		return inputStream -> {
+		return (inputStream) -> {
 			try (InputStream is = inputStream) {
 				return inputStreamKeyConverter.convert(is);
 			}
@@ -130,7 +130,7 @@ public class RsaKeyConversionServicePostProcessor implements BeanFactoryPostProc
 	}
 
 	private <S, T, I> Converter<S, T> pair(Converter<S, I> one, Converter<I, T> two) {
-		return source -> {
+		return (source) -> {
 			I intermediary = one.convert(source);
 			return two.convert(intermediary);
 		};
diff --git a/config/src/main/java/org/springframework/security/config/http/OAuth2LoginBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/OAuth2LoginBeanDefinitionParser.java
index b8cbeafe75..40bad1103b 100644
--- a/config/src/main/java/org/springframework/security/config/http/OAuth2LoginBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/OAuth2LoginBeanDefinitionParser.java
@@ -469,7 +469,7 @@ final class OAuth2LoginBeanDefinitionParser implements BeanDefinitionParser {
 
 			String authorizationRequestBaseUri = DEFAULT_AUTHORIZATION_REQUEST_BASE_URI;
 			Map<String, String> loginUrlToClientName = new HashMap<>();
-			clientRegistrations.forEach(registration -> loginUrlToClientName.put(
+			clientRegistrations.forEach((registration) -> loginUrlToClientName.put(
 					authorizationRequestBaseUri + "/" + registration.getRegistrationId(),
 					registration.getClientName()));
 
diff --git a/config/src/main/java/org/springframework/security/config/oauth2/client/ClientRegistrationsBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/oauth2/client/ClientRegistrationsBeanDefinitionParser.java
index fe29565b98..a8c3ff9473 100644
--- a/config/src/main/java/org/springframework/security/config/oauth2/client/ClientRegistrationsBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/oauth2/client/ClientRegistrationsBeanDefinitionParser.java
@@ -147,19 +147,19 @@ public final class ClientRegistrationsBeanDefinitionParser implements BeanDefini
 			String providerId = providerElt.getAttribute(ATT_PROVIDER_ID);
 			provider.put(ATT_PROVIDER_ID, providerId);
 			getOptionalIfNotEmpty(providerElt.getAttribute(ATT_AUTHORIZATION_URI))
-					.ifPresent(value -> provider.put(ATT_AUTHORIZATION_URI, value));
+					.ifPresent((value) -> provider.put(ATT_AUTHORIZATION_URI, value));
 			getOptionalIfNotEmpty(providerElt.getAttribute(ATT_TOKEN_URI))
-					.ifPresent(value -> provider.put(ATT_TOKEN_URI, value));
+					.ifPresent((value) -> provider.put(ATT_TOKEN_URI, value));
 			getOptionalIfNotEmpty(providerElt.getAttribute(ATT_USER_INFO_URI))
-					.ifPresent(value -> provider.put(ATT_USER_INFO_URI, value));
+					.ifPresent((value) -> provider.put(ATT_USER_INFO_URI, value));
 			getOptionalIfNotEmpty(providerElt.getAttribute(ATT_USER_INFO_AUTHENTICATION_METHOD))
-					.ifPresent(value -> provider.put(ATT_USER_INFO_AUTHENTICATION_METHOD, value));
+					.ifPresent((value) -> provider.put(ATT_USER_INFO_AUTHENTICATION_METHOD, value));
 			getOptionalIfNotEmpty(providerElt.getAttribute(ATT_USER_INFO_USER_NAME_ATTRIBUTE))
-					.ifPresent(value -> provider.put(ATT_USER_INFO_USER_NAME_ATTRIBUTE, value));
+					.ifPresent((value) -> provider.put(ATT_USER_INFO_USER_NAME_ATTRIBUTE, value));
 			getOptionalIfNotEmpty(providerElt.getAttribute(ATT_JWK_SET_URI))
-					.ifPresent(value -> provider.put(ATT_JWK_SET_URI, value));
+					.ifPresent((value) -> provider.put(ATT_JWK_SET_URI, value));
 			getOptionalIfNotEmpty(providerElt.getAttribute(ATT_ISSUER_URI))
-					.ifPresent(value -> provider.put(ATT_ISSUER_URI, value));
+					.ifPresent((value) -> provider.put(ATT_ISSUER_URI, value));
 			providers.put(providerId, provider);
 		}
 
@@ -210,7 +210,7 @@ public final class ClientRegistrationsBeanDefinitionParser implements BeanDefini
 	}
 
 	private static Optional<String> getOptionalIfNotEmpty(String str) {
-		return Optional.ofNullable(str).filter(s -> !s.isEmpty());
+		return Optional.ofNullable(str).filter((s) -> !s.isEmpty());
 	}
 
 	private static CommonOAuth2Provider getCommonProvider(String providerId) {
@@ -246,7 +246,7 @@ public final class ClientRegistrationsBeanDefinitionParser implements BeanDefini
 	private static String getCanonicalName(String name) {
 		StringBuilder canonicalName = new StringBuilder(name.length());
 		name.chars().filter(Character::isLetterOrDigit).map(Character::toLowerCase)
-				.forEach(c -> canonicalName.append((char) c));
+				.forEach((c) -> canonicalName.append((char) c));
 		return canonicalName.toString();
 	}
 
diff --git a/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java b/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java
index 8d55920d15..f9247744c6 100644
--- a/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java
+++ b/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java
@@ -396,7 +396,7 @@ public class ServerHttpSecurity {
 	 * 	    http
 	 * 	        // ...
 	 * 	        .redirectToHttps()
-	 * 	            .httpsRedirectWhen(serverWebExchange ->
+	 * 	            .httpsRedirectWhen((serverWebExchange) ->
 	 * 	            	serverWebExchange.getRequest().getHeaders().containsKey("X-Requires-Https"))
 	 * 	    return http.build();
 	 * 	}
@@ -431,9 +431,9 @@ public class ServerHttpSecurity {
 	 * 	public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	 * 	    http
 	 * 	        // ...
-	 * 	        .redirectToHttps(redirectToHttps ->
+	 * 	        .redirectToHttps((redirectToHttps) ->
 	 * 	        	redirectToHttps
-	 * 	            	.httpsRedirectWhen(serverWebExchange ->
+	 * 	            	.httpsRedirectWhen((serverWebExchange) ->
 	 * 	            		serverWebExchange.getRequest().getHeaders().containsKey("X-Requires-Https"))
 	 * 	            );
 	 * 	    return http.build();
@@ -501,7 +501,7 @@ public class ServerHttpSecurity {
 	 *  public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	 *      http
 	 *          // ...
-	 *          .csrf(csrf ->
+	 *          .csrf((csrf) ->
 	 *              csrf.disabled()
 	 *          );
 	 *      return http.build();
@@ -516,7 +516,7 @@ public class ServerHttpSecurity {
 	 *  public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	 *      http
 	 *          // ...
-	 *          .csrf(csrf ->
+	 *          .csrf((csrf) ->
 	 *              csrf
 	 *                  // Handle CSRF failures
 	 *                  .accessDeniedHandler(accessDeniedHandler)
@@ -607,7 +607,7 @@ public class ServerHttpSecurity {
 	 *  public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	 *      http
 	 *          // ...
-	 *          .anonymous(anonymous ->
+	 *          .anonymous((anonymous) ->
 	 *              anonymous
 	 *                  .key("key")
 	 *                  .authorities("ROLE_ANONYMOUS")
@@ -660,7 +660,7 @@ public class ServerHttpSecurity {
 	 *  public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	 *      http
 	 *          // ...
-	 *          .httpBasic(httpBasic ->
+	 *          .httpBasic((httpBasic) ->
 	 *              httpBasic
 	 *                  // used for authenticating the credentials
 	 *                  .authenticationManager(authenticationManager)
@@ -719,7 +719,7 @@ public class ServerHttpSecurity {
 	 *  public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	 *      http
 	 *          // ...
-	 *          .formLogin(formLogin ->
+	 *          .formLogin((formLogin) ->
 	 *              formLogin
 	 *              	// used for authenticating the credentials
 	 *              	.authenticationManager(authenticationManager)
@@ -781,7 +781,7 @@ public class ServerHttpSecurity {
 	 *  &#064;Bean
 	 *  public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	 *      http
-	 *          .x509(x509 ->
+	 *          .x509((x509) ->
 	 *              x509
 	 *          	    .authenticationManager(authenticationManager)
 	 *                  .principalExtractor(principalExtractor)
@@ -839,7 +839,7 @@ public class ServerHttpSecurity {
 	 *  public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	 *      http
 	 *          // ...
-	 *          .oauth2Login(oauth2Login ->
+	 *          .oauth2Login((oauth2Login) ->
 	 *              oauth2Login
 	 *                  .authenticationConverter(authenticationConverter)
 	 *                  .authenticationManager(manager)
@@ -890,7 +890,7 @@ public class ServerHttpSecurity {
 	 *  public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	 *      http
 	 *          // ...
-	 *          .oauth2Client(oauth2Client ->
+	 *          .oauth2Client((oauth2Client) ->
 	 *              oauth2Client
 	 *                  .clientRegistrationRepository(clientRegistrationRepository)
 	 *                  .authorizedClientRepository(authorizedClientRepository)
@@ -941,9 +941,9 @@ public class ServerHttpSecurity {
 	 *  public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	 *      http
 	 *          // ...
-	 *          .oauth2ResourceServer(oauth2ResourceServer ->
+	 *          .oauth2ResourceServer((oauth2ResourceServer) ->
 	 *              oauth2ResourceServer
-	 *                  .jwt(jwt ->
+	 *                  .jwt((jwt) ->
 	 *                      jwt
 	 *                          .publicKey(publicKey())
 	 *                  )
@@ -1027,15 +1027,15 @@ public class ServerHttpSecurity {
 	 *  public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	 *      http
 	 *          // ...
-	 *          .headers(headers ->
+	 *          .headers((headers) ->
 	 *              headers
 	 *                  // customize frame options to be same origin
-	 *                  .frameOptions(frameOptions ->
+	 *                  .frameOptions((frameOptions) ->
 	 *                      frameOptions
 	 *                          .mode(XFrameOptionsServerHttpHeadersWriter.Mode.SAMEORIGIN)
 	 *                   )
 	 *                  // disable cache control
-	 *                  .cache(cache ->
+	 *                  .cache((cache) ->
 	 *                      cache
 	 *                          .disable()
 	 *                  )
@@ -1088,7 +1088,7 @@ public class ServerHttpSecurity {
 	 *  public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	 *      http
 	 *          // ...
-	 *          .exceptionHandling(exceptionHandling ->
+	 *          .exceptionHandling((exceptionHandling) ->
 	 *              exceptionHandling
 	 *                  // customize how to request for authentication
 	 *                  .authenticationEntryPoint(entryPoint)
@@ -1126,7 +1126,7 @@ public class ServerHttpSecurity {
 	 *              .pathMatchers("/users/{username}").access((authentication, context) ->
 	 *                  authentication
 	 *                      .map(Authentication::getName)
-	 *                      .map(username -> username.equals(context.getVariables().get("username")))
+	 *                      .map((username) -> username.equals(context.getVariables().get("username")))
 	 *                      .map(AuthorizationDecision::new)
 	 *              )
 	 *              // allows providing a custom matching strategy that requires the role "ROLE_CUSTOM"
@@ -1153,7 +1153,7 @@ public class ServerHttpSecurity {
 	 *  public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	 *      http
 	 *          // ...
-	 *          .authorizeExchange(exchanges ->
+	 *          .authorizeExchange((exchanges) ->
 	 *              exchanges
 	 *                  // any URL that starts with /admin/ requires the role "ROLE_ADMIN"
 	 *                  .pathMatchers("/admin/**").hasRole("ADMIN")
@@ -1164,7 +1164,7 @@ public class ServerHttpSecurity {
 	 *                  .pathMatchers("/users/{username}").access((authentication, context) ->
 	 *                      authentication
 	 *                          .map(Authentication::getName)
-	 *                          .map(username -> username.equals(context.getVariables().get("username")))
+	 *                          .map((username) -> username.equals(context.getVariables().get("username")))
 	 *                          .map(AuthorizationDecision::new)
 	 *                  )
 	 *                  // allows providing a custom matching strategy that requires the role "ROLE_CUSTOM"
@@ -1222,7 +1222,7 @@ public class ServerHttpSecurity {
 	 *  public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	 *      http
 	 *          // ...
-	 *          .logout(logout ->
+	 *          .logout((logout) ->
 	 *              logout
 	 *                  // configures how log out is done
 	 *                  .logoutHandler(logoutHandler)
@@ -1278,7 +1278,7 @@ public class ServerHttpSecurity {
 	 *  public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	 *      http
 	 *          // ...
-	 *          .requestCache(requestCache ->
+	 *          .requestCache((requestCache) ->
 	 *              requestCache
 	 *                  // configures how the request is cached
 	 *                  .requestCache(customRequestCache)
@@ -1405,7 +1405,7 @@ public class ServerHttpSecurity {
 		}
 		AnnotationAwareOrderComparator.sort(this.webFilters);
 		List<WebFilter> sortedWebFilters = new ArrayList<>();
-		this.webFilters.forEach(f -> {
+		this.webFilters.forEach((f) -> {
 			if (f instanceof OrderedWebFilter) {
 				f = ((OrderedWebFilter) f).webFilter;
 			}
@@ -1675,7 +1675,7 @@ public class ServerHttpSecurity {
 		 * @return the {@link HttpsRedirectSpec} for additional configuration
 		 */
 		public HttpsRedirectSpec httpsRedirectWhen(Function<ServerWebExchange, Boolean> when) {
-			ServerWebExchangeMatcher matcher = e -> when.apply(e) ? ServerWebExchangeMatcher.MatchResult.match()
+			ServerWebExchangeMatcher matcher = (e) -> when.apply(e) ? ServerWebExchangeMatcher.MatchResult.match()
 					: ServerWebExchangeMatcher.MatchResult.notMatch();
 			return httpsRedirectWhen(matcher);
 		}
@@ -3128,9 +3128,9 @@ public class ServerHttpSecurity {
 				ServerOAuth2AuthorizationCodeAuthenticationTokenConverter delegate = new ServerOAuth2AuthorizationCodeAuthenticationTokenConverter(
 						clientRegistrationRepository);
 				delegate.setAuthorizationRequestRepository(getAuthorizationRequestRepository());
-				ServerAuthenticationConverter authenticationConverter = exchange -> delegate.convert(exchange)
+				ServerAuthenticationConverter authenticationConverter = (exchange) -> delegate.convert(exchange)
 						.onErrorMap(OAuth2AuthorizationException.class,
-								e -> new OAuth2AuthenticationException(e.getError(), e.getError().toString()));
+								(e) -> new OAuth2AuthenticationException(e.getError(), e.getError().toString()));
 				this.authenticationConverter = authenticationConverter;
 				return authenticationConverter;
 			}
@@ -3248,7 +3248,7 @@ public class ServerHttpSecurity {
 					MediaType.TEXT_PLAIN);
 			htmlMatcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL));
 
-			ServerWebExchangeMatcher xhrMatcher = exchange -> {
+			ServerWebExchangeMatcher xhrMatcher = (exchange) -> {
 				if (exchange.getRequest().getHeaders().getOrEmpty("X-Requested-With").contains("XMLHttpRequest")) {
 					return ServerWebExchangeMatcher.MatchResult.match();
 				}
@@ -3330,7 +3330,7 @@ public class ServerHttpSecurity {
 			}
 			Map<String, String> result = new HashMap<>();
 			registrations.iterator().forEachRemaining(
-					r -> result.put("/oauth2/authorization/" + r.getRegistrationId(), r.getClientName()));
+					(r) -> result.put("/oauth2/authorization/" + r.getRegistrationId(), r.getClientName()));
 			return result;
 		}
 
@@ -3784,7 +3784,7 @@ public class ServerHttpSecurity {
 			public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
 				WebFilterExchange webFilterExchange = new WebFilterExchange(exchange, chain);
 				return super.filter(exchange, chain).onErrorResume(AuthenticationException.class,
-						e -> this.authenticationFailureHandler.onAuthenticationFailure(webFilterExchange, e));
+						(e) -> this.authenticationFailureHandler.onAuthenticationFailure(webFilterExchange, e));
 			}
 
 			@Override
diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/AuthenticationManagerBuilderTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/AuthenticationManagerBuilderTests.java
index fa57b57997..ff15268852 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/authentication/AuthenticationManagerBuilderTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/AuthenticationManagerBuilderTests.java
@@ -89,7 +89,7 @@ public class AuthenticationManagerBuilderTests {
 	public void customAuthenticationEventPublisherWithWeb() throws Exception {
 		ObjectPostProcessor<Object> opp = mock(ObjectPostProcessor.class);
 		AuthenticationEventPublisher aep = mock(AuthenticationEventPublisher.class);
-		given(opp.postProcess(any())).willAnswer(a -> a.getArgument(0));
+		given(opp.postProcess(any())).willAnswer((a) -> a.getArgument(0));
 		AuthenticationManager am = new AuthenticationManagerBuilder(opp).authenticationEventPublisher(aep)
 				.inMemoryAuthentication().and().build();
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationManagerTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationManagerTests.java
index e5d0e25c07..3ec92265b7 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationManagerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationManagerTests.java
@@ -49,10 +49,10 @@ public class NamespaceAuthenticationManagerTests {
 		this.spring.register(EraseCredentialsTrueDefaultConfig.class).autowire();
 
 		this.mockMvc.perform(formLogin())
-				.andExpect(authenticated().withAuthentication(a -> assertThat(a.getCredentials()).isNull()));
+				.andExpect(authenticated().withAuthentication((a) -> assertThat(a.getCredentials()).isNull()));
 
 		this.mockMvc.perform(formLogin())
-				.andExpect(authenticated().withAuthentication(a -> assertThat(a.getCredentials()).isNull()));
+				.andExpect(authenticated().withAuthentication((a) -> assertThat(a.getCredentials()).isNull()));
 		// no exception due to username being cleared out
 	}
 
@@ -61,10 +61,10 @@ public class NamespaceAuthenticationManagerTests {
 		this.spring.register(EraseCredentialsFalseConfig.class).autowire();
 
 		this.mockMvc.perform(formLogin())
-				.andExpect(authenticated().withAuthentication(a -> assertThat(a.getCredentials()).isNotNull()));
+				.andExpect(authenticated().withAuthentication((a) -> assertThat(a.getCredentials()).isNotNull()));
 
 		this.mockMvc.perform(formLogin())
-				.andExpect(authenticated().withAuthentication(a -> assertThat(a.getCredentials()).isNotNull()));
+				.andExpect(authenticated().withAuthentication((a) -> assertThat(a.getCredentials()).isNotNull()));
 		// no exception due to username being cleared out
 	}
 
@@ -74,7 +74,7 @@ public class NamespaceAuthenticationManagerTests {
 		this.spring.register(GlobalEraseCredentialsFalseConfig.class).autowire();
 
 		this.mockMvc.perform(SecurityMockMvcRequestBuilders.formLogin()).andExpect(SecurityMockMvcResultMatchers
-				.authenticated().withAuthentication(a -> assertThat(a.getCredentials()).isNotNull()));
+				.authenticated().withAuthentication((a) -> assertThat(a.getCredentials()).isNotNull()));
 	}
 
 	@EnableWebSecurity
diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationTests.java
index 7cba39f447..a9e3c0ae0e 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationTests.java
@@ -197,7 +197,7 @@ public class AuthenticationConfigurationTests {
 	public void getAuthenticationManagerWhenPostProcessThenUsesBeanClassLoaderOnProxyFactoryBean() throws Exception {
 		this.spring.register(Sec2531Config.class).autowire();
 		ObjectPostProcessor<Object> opp = this.spring.getContext().getBean(ObjectPostProcessor.class);
-		given(opp.postProcess(any())).willAnswer(a -> a.getArgument(0));
+		given(opp.postProcess(any())).willAnswer((a) -> a.getArgument(0));
 
 		AuthenticationConfiguration config = this.spring.getContext().getBean(AuthenticationConfiguration.class);
 		config.getAuthenticationManager();
diff --git a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/EnableReactiveMethodSecurityTests.java b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/EnableReactiveMethodSecurityTests.java
index 474713b393..3b5b47c9fb 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/EnableReactiveMethodSecurityTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/EnableReactiveMethodSecurityTests.java
@@ -224,7 +224,7 @@ public class EnableReactiveMethodSecurityTests {
 
 		Flux<String> findById = this.messageService.fluxPreAuthorizeHasRoleFindById(1L)
 				.subscriberContext(this.withAdmin);
-		StepVerifier.create(findById).consumeNextWith(s -> AssertionsForClassTypes.assertThat(s).isEqualTo("result"))
+		StepVerifier.create(findById).consumeNextWith((s) -> AssertionsForClassTypes.assertThat(s).isEqualTo("result"))
 				.verifyComplete();
 	}
 
@@ -349,7 +349,7 @@ public class EnableReactiveMethodSecurityTests {
 
 		Publisher<String> findById = Flux.from(this.messageService.publisherPreAuthorizeHasRoleFindById(1L))
 				.subscriberContext(this.withAdmin);
-		StepVerifier.create(findById).consumeNextWith(s -> AssertionsForClassTypes.assertThat(s).isEqualTo("result"))
+		StepVerifier.create(findById).consumeNextWith((s) -> AssertionsForClassTypes.assertThat(s).isEqualTo("result"))
 				.verifyComplete();
 	}
 
@@ -457,7 +457,7 @@ public class EnableReactiveMethodSecurityTests {
 	}
 
 	static <T> Publisher<T> publisher(Flux<T> flux) {
-		return subscriber -> flux.subscribe(subscriber);
+		return (subscriber) -> flux.subscribe(subscriber);
 	}
 
 	static <T> Publisher<T> publisherJust(T... data) {
diff --git a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfigurationTests.java
index ac9fe3381c..cadb3c8982 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfigurationTests.java
@@ -221,7 +221,7 @@ public class GlobalMethodSecurityConfigurationTests {
 	public void globalSecurityProxiesSecurity() {
 		this.spring.register(Sec3005Config.class).autowire();
 
-		assertThat(this.service.getClass()).matches(c -> !Proxy.isProxyClass(c), "is not proxy class");
+		assertThat(this.service.getClass()).matches((c) -> !Proxy.isProxyClass(c), "is not proxy class");
 	}
 	//
 	// // gh-3797
diff --git a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/NamespaceGlobalMethodSecurityTests.java b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/NamespaceGlobalMethodSecurityTests.java
index 0efe382210..5266e15d28 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/NamespaceGlobalMethodSecurityTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/NamespaceGlobalMethodSecurityTests.java
@@ -241,7 +241,7 @@ public class NamespaceGlobalMethodSecurityTests {
 		this.spring.register(CustomRunAsManagerConfig.class, MethodSecurityServiceConfig.class).autowire();
 
 		assertThat(this.service.runAs().getAuthorities())
-				.anyMatch(authority -> "ROLE_RUN_AS_SUPER".equals(authority.getAuthority()));
+				.anyMatch((authority) -> "ROLE_RUN_AS_SUPER".equals(authority.getAuthority()));
 	}
 
 	@Test
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterPowermockTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterPowermockTests.java
index 00e8731731..7a46bdddcb 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterPowermockTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterPowermockTests.java
@@ -106,7 +106,7 @@ public class WebSecurityConfigurerAdapterPowermockTests {
 
 		CallableProcessingInterceptor callableProcessingInterceptor = callableProcessingInterceptorArgCaptor
 				.getAllValues().stream()
-				.filter(e -> SecurityContextCallableProcessingInterceptor.class.isAssignableFrom(e.getClass()))
+				.filter((e) -> SecurityContextCallableProcessingInterceptor.class.isAssignableFrom(e.getClass()))
 				.findFirst().orElse(null);
 
 		assertThat(callableProcessingInterceptor).isNotNull();
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfigurationTests.java
index 6e2eb6804c..83bb042a5b 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfigurationTests.java
@@ -189,7 +189,7 @@ public class HttpSecurityConfigurationTests {
 
 		@Bean
 		public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
-			return http.authorizeRequests(authorize -> authorize.anyRequest().permitAll()).build();
+			return http.authorizeRequests((authorize) -> authorize.anyRequest().permitAll()).build();
 		}
 
 	}
@@ -199,8 +199,8 @@ public class HttpSecurityConfigurationTests {
 
 		@Bean
 		public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
-			return http.authorizeRequests(authorize -> authorize.anyRequest().authenticated()).formLogin(withDefaults())
-					.build();
+			return http.authorizeRequests((authorize) -> authorize.anyRequest().authenticated())
+					.formLogin(withDefaults()).build();
 		}
 
 	}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfigurationResourceServerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfigurationResourceServerTests.java
index 3f5bc05eda..1dbe5abdce 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfigurationResourceServerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfigurationResourceServerTests.java
@@ -123,7 +123,7 @@ public class SecurityReactorContextConfigurationResourceServerTests {
 		@GetMapping("/token")
 		public String token() {
 			return this.rest.get().uri(this.uri).retrieve().bodyToMono(String.class)
-					.flatMap(result -> this.rest.get().uri(this.uri).retrieve().bodyToMono(String.class)).block();
+					.flatMap((result) -> this.rest.get().uri(this.uri).retrieve().bodyToMono(String.class)).block();
 		}
 
 	}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfigurationTests.java
index 855a00c311..f4e09b2fe6 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfigurationTests.java
@@ -209,9 +209,9 @@ public class SecurityReactorContextConfigurationTests {
 		ClientResponse clientResponseOk = ClientResponse.create(HttpStatus.OK).build();
 
 		ExchangeFilterFunction filter = (req, next) -> Mono.subscriberContext()
-				.filter(ctx -> ctx.hasKey(SecurityReactorContextSubscriber.SECURITY_CONTEXT_ATTRIBUTES))
-				.map(ctx -> ctx.get(SecurityReactorContextSubscriber.SECURITY_CONTEXT_ATTRIBUTES)).cast(Map.class)
-				.map(attributes -> {
+				.filter((ctx) -> ctx.hasKey(SecurityReactorContextSubscriber.SECURITY_CONTEXT_ATTRIBUTES))
+				.map((ctx) -> ctx.get(SecurityReactorContextSubscriber.SECURITY_CONTEXT_ATTRIBUTES)).cast(Map.class)
+				.map((attributes) -> {
 					if (attributes.containsKey(HttpServletRequest.class)
 							&& attributes.containsKey(HttpServletResponse.class)
 							&& attributes.containsKey(Authentication.class)) {
@@ -231,7 +231,7 @@ public class SecurityReactorContextConfigurationTests {
 		expectedContextAttributes.put(Authentication.class, this.authentication);
 
 		Mono<ClientResponse> clientResponseMono = filter.filter(clientRequest, exchange)
-				.flatMap(response -> filter.filter(clientRequest, exchange));
+				.flatMap((response) -> filter.filter(clientRequest, exchange));
 
 		StepVerifier.create(clientResponseMono).expectAccessibleContext()
 				.contains(SecurityReactorContextSubscriber.SECURITY_CONTEXT_ATTRIBUTES, expectedContextAttributes)
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurationTests.java
index 4b4e8567c4..384db38440 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurationTests.java
@@ -368,27 +368,27 @@ public class WebSecurityConfigurationTests {
 		@Order(1)
 		@Bean
 		SecurityFilterChain filterChain1(HttpSecurity http) throws Exception {
-			return http.antMatcher("/role1/**").authorizeRequests(authorize -> authorize.anyRequest().hasRole("1"))
+			return http.antMatcher("/role1/**").authorizeRequests((authorize) -> authorize.anyRequest().hasRole("1"))
 					.build();
 		}
 
 		@Order(2)
 		@Bean
 		SecurityFilterChain filterChain2(HttpSecurity http) throws Exception {
-			return http.antMatcher("/role2/**").authorizeRequests(authorize -> authorize.anyRequest().hasRole("2"))
+			return http.antMatcher("/role2/**").authorizeRequests((authorize) -> authorize.anyRequest().hasRole("2"))
 					.build();
 		}
 
 		@Order(3)
 		@Bean
 		SecurityFilterChain filterChain3(HttpSecurity http) throws Exception {
-			return http.antMatcher("/role3/**").authorizeRequests(authorize -> authorize.anyRequest().hasRole("3"))
+			return http.antMatcher("/role3/**").authorizeRequests((authorize) -> authorize.anyRequest().hasRole("3"))
 					.build();
 		}
 
 		@Bean
 		SecurityFilterChain filterChain4(HttpSecurity http) throws Exception {
-			return http.authorizeRequests(authorize -> authorize.anyRequest().hasRole("4")).build();
+			return http.authorizeRequests((authorize) -> authorize.anyRequest().hasRole("4")).build();
 		}
 
 	}
@@ -541,7 +541,7 @@ public class WebSecurityConfigurationTests {
 
 		@Bean
 		public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
-			return http.authorizeRequests(authorize -> authorize.anyRequest().authenticated()).build();
+			return http.authorizeRequests((authorize) -> authorize.anyRequest().authenticated()).build();
 		}
 
 	}
@@ -655,8 +655,8 @@ public class WebSecurityConfigurationTests {
 		@Order(2)
 		@Bean
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
-			return http.antMatcher("/filter/**").authorizeRequests(authorize -> authorize.anyRequest().authenticated())
-					.build();
+			return http.antMatcher("/filter/**")
+					.authorizeRequests((authorize) -> authorize.anyRequest().authenticated()).build();
 		}
 
 		@Order(1)
@@ -665,7 +665,7 @@ public class WebSecurityConfigurationTests {
 
 			@Override
 			protected void configure(HttpSecurity http) throws Exception {
-				http.antMatcher("/config/**").authorizeRequests(authorize -> authorize.anyRequest().permitAll());
+				http.antMatcher("/config/**").authorizeRequests((authorize) -> authorize.anyRequest().permitAll());
 			}
 
 		}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AnonymousConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AnonymousConfigurerTests.java
index 40eafaf04d..71e4af4647 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AnonymousConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AnonymousConfigurerTests.java
@@ -103,7 +103,7 @@ public class AnonymousConfigurerTests {
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.anonymous(anonymous ->
+				.anonymous((anonymous) ->
 					anonymous
 						.principal("principal")
 				);
@@ -119,7 +119,7 @@ public class AnonymousConfigurerTests {
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests(authorizeRequests ->
+				.authorizeRequests((authorizeRequests) ->
 					authorizeRequests
 						.anyRequest().permitAll()
 				)
@@ -145,7 +145,7 @@ public class AnonymousConfigurerTests {
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests(authorizeRequests ->
+				.authorizeRequests((authorizeRequests) ->
 					authorizeRequests
 						.anyRequest().permitAll()
 				)
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AuthorizeRequestsTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AuthorizeRequestsTests.java
index 42884f2f09..1ff7e6d757 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AuthorizeRequestsTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AuthorizeRequestsTests.java
@@ -393,7 +393,7 @@ public class AuthorizeRequestsTests {
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests(authorizeRequests ->
+				.authorizeRequests((authorizeRequests) ->
 					authorizeRequests
 						.antMatchers(HttpMethod.POST).denyAll()
 				);
@@ -533,7 +533,7 @@ public class AuthorizeRequestsTests {
 			// @formatter:off
 			http
 				.httpBasic(withDefaults())
-				.authorizeRequests(authorizeRequests ->
+				.authorizeRequests((authorizeRequests) ->
 					authorizeRequests
 						.mvcMatchers("/path").denyAll()
 				);
@@ -605,7 +605,7 @@ public class AuthorizeRequestsTests {
 			// @formatter:off
 			http
 				.httpBasic(withDefaults())
-				.authorizeRequests(authorizeRequests ->
+				.authorizeRequests((authorizeRequests) ->
 					authorizeRequests
 						.mvcMatchers("/path").servletPath("/spring").denyAll()
 				);
@@ -677,7 +677,7 @@ public class AuthorizeRequestsTests {
 			// @formatter:off
 			http
 				.httpBasic(withDefaults())
-				.authorizeRequests(authorizeRequests ->
+				.authorizeRequests((authorizeRequests) ->
 					authorizeRequests
 						.mvcMatchers("/user/{userName}").access("#userName == 'user'")
 				);
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ChannelSecurityConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ChannelSecurityConfigurerTests.java
index c385a6aacb..11f93dafb3 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ChannelSecurityConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ChannelSecurityConfigurerTests.java
@@ -151,7 +151,7 @@ public class ChannelSecurityConfigurerTests {
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.requiresChannel(requiresChannel ->
+				.requiresChannel((requiresChannel) ->
 					requiresChannel
 						.anyRequest().requiresSecure()
 			);
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CorsConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CorsConfigurerTests.java
index c883479ace..a238e07b2c 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CorsConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CorsConfigurerTests.java
@@ -244,7 +244,7 @@ public class CorsConfigurerTests {
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests(authorizeRequests ->
+				.authorizeRequests((authorizeRequests) ->
 					authorizeRequests
 						.anyRequest().authenticated()
 				)
@@ -298,7 +298,7 @@ public class CorsConfigurerTests {
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests(authorizeRequests ->
+				.authorizeRequests((authorizeRequests) ->
 					authorizeRequests
 						.anyRequest().authenticated()
 				)
@@ -351,7 +351,7 @@ public class CorsConfigurerTests {
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests(authorizeRequests ->
+				.authorizeRequests((authorizeRequests) ->
 					authorizeRequests
 						.anyRequest().authenticated()
 				)
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerIgnoringRequestMatchersTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerIgnoringRequestMatchersTests.java
index bba69c31a7..14c59ab078 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerIgnoringRequestMatchersTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerIgnoringRequestMatchersTests.java
@@ -93,7 +93,7 @@ public class CsrfConfigurerIgnoringRequestMatchersTests {
 	@EnableWebSecurity
 	static class IgnoringRequestMatchers extends WebSecurityConfigurerAdapter {
 
-		RequestMatcher requestMatcher = request -> HttpMethod.POST.name().equals(request.getMethod());
+		RequestMatcher requestMatcher = (request) -> HttpMethod.POST.name().equals(request.getMethod());
 
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
@@ -110,13 +110,13 @@ public class CsrfConfigurerIgnoringRequestMatchersTests {
 	@EnableWebSecurity
 	static class IgnoringRequestInLambdaMatchers extends WebSecurityConfigurerAdapter {
 
-		RequestMatcher requestMatcher = request -> HttpMethod.POST.name().equals(request.getMethod());
+		RequestMatcher requestMatcher = (request) -> HttpMethod.POST.name().equals(request.getMethod());
 
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.csrf(csrf ->
+				.csrf((csrf) ->
 					csrf
 						.requireCsrfProtectionMatcher(new AntPathRequestMatcher("/path"))
 						.ignoringRequestMatchers(this.requestMatcher)
@@ -129,7 +129,7 @@ public class CsrfConfigurerIgnoringRequestMatchersTests {
 	@EnableWebSecurity
 	static class IgnoringPathsAndMatchers extends WebSecurityConfigurerAdapter {
 
-		RequestMatcher requestMatcher = request -> HttpMethod.POST.name().equals(request.getMethod());
+		RequestMatcher requestMatcher = (request) -> HttpMethod.POST.name().equals(request.getMethod());
 
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
@@ -146,13 +146,13 @@ public class CsrfConfigurerIgnoringRequestMatchersTests {
 	@EnableWebSecurity
 	static class IgnoringPathsAndMatchersInLambdaConfig extends WebSecurityConfigurerAdapter {
 
-		RequestMatcher requestMatcher = request -> HttpMethod.POST.name().equals(request.getMethod());
+		RequestMatcher requestMatcher = (request) -> HttpMethod.POST.name().equals(request.getMethod());
 
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.csrf(csrf ->
+				.csrf((csrf) ->
 					csrf
 						.ignoringAntMatchers("/no-csrf")
 						.ignoringRequestMatchers(this.requestMatcher)
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerTests.java
index eace9809e5..1c147877e2 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerTests.java
@@ -558,7 +558,7 @@ public class CsrfConfigurerTests {
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.csrf(csrf -> csrf.requireCsrfProtectionMatcher(MATCHER));
+				.csrf((csrf) -> csrf.requireCsrfProtectionMatcher(MATCHER));
 			// @formatter:on
 		}
 
@@ -601,7 +601,7 @@ public class CsrfConfigurerTests {
 			// @formatter:off
 			http
 				.formLogin(withDefaults())
-				.csrf(csrf -> csrf.csrfTokenRepository(REPO));
+				.csrf((csrf) -> csrf.csrfTokenRepository(REPO));
 			// @formatter:on
 		}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/DefaultFiltersTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/DefaultFiltersTests.java
index 1bce91535a..558a0cb400 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/DefaultFiltersTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/DefaultFiltersTests.java
@@ -87,8 +87,8 @@ public class DefaultFiltersTests {
 		DefaultSecurityFilterChain filterChain = (DefaultSecurityFilterChain) filterChains.get(0);
 		assertThat(filterChain.getRequestMatcher()).isInstanceOf(AnyRequestMatcher.class);
 		assertThat(filterChain.getFilters().size()).isEqualTo(1);
-		long filter = filterChain.getFilters().stream().filter(it -> it instanceof UsernamePasswordAuthenticationFilter)
-				.count();
+		long filter = filterChain.getFilters().stream()
+				.filter((it) -> it instanceof UsernamePasswordAuthenticationFilter).count();
 		assertThat(filter).isEqualTo(1);
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/DefaultLoginPageConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/DefaultLoginPageConfigurerTests.java
index d2110741cf..3b398acaac 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/DefaultLoginPageConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/DefaultLoginPageConfigurerTests.java
@@ -325,7 +325,7 @@ public class DefaultLoginPageConfigurerTests {
 
 		FilterChainProxy filterChain = this.spring.getContext().getBean(FilterChainProxy.class);
 		assertThat(filterChain.getFilterChains().get(0).getFilters().stream()
-				.filter(filter -> filter.getClass().isAssignableFrom(DefaultLoginPageGeneratingFilter.class)).count())
+				.filter((filter) -> filter.getClass().isAssignableFrom(DefaultLoginPageGeneratingFilter.class)).count())
 						.isZero();
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurerAccessDeniedHandlerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurerAccessDeniedHandlerTests.java
index be40eb0eb6..139b2ab63b 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurerAccessDeniedHandlerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurerAccessDeniedHandlerTests.java
@@ -116,11 +116,11 @@ public class ExceptionHandlingConfigurerAccessDeniedHandlerTests {
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests(authorizeRequests ->
+				.authorizeRequests((authorizeRequests) ->
 					authorizeRequests
 						.anyRequest().denyAll()
 				)
-				.exceptionHandling(exceptionHandling ->
+				.exceptionHandling((exceptionHandling) ->
 					exceptionHandling
 						.defaultAccessDeniedHandlerFor(
 								this.teapotDeniedHandler,
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurerTests.java
index dcb870439c..b2cbe23e82 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurerTests.java
@@ -229,7 +229,7 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 	public void getWhenHasIpAddressConfiguredAndIpAddressMatchesThenRespondsWithOk() throws Exception {
 		this.spring.register(HasIpAddressConfig.class, BasicController.class).autowire();
 
-		this.mvc.perform(get("/").with(request -> {
+		this.mvc.perform(get("/").with((request) -> {
 			request.setRemoteAddr("192.168.1.0");
 			return request;
 		})).andExpect(status().isOk());
@@ -239,7 +239,7 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 	public void getWhenHasIpAddressConfiguredAndIpAddressDoesNotMatchThenRespondsWithUnauthorized() throws Exception {
 		this.spring.register(HasIpAddressConfig.class, BasicController.class).autowire();
 
-		this.mvc.perform(get("/").with(request -> {
+		this.mvc.perform(get("/").with((request) -> {
 			request.setRemoteAddr("192.168.1.1");
 			return request;
 		})).andExpect(status().isUnauthorized());
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/FormLoginConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/FormLoginConfigurerTests.java
index 0ed4745f88..505d5313a4 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/FormLoginConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/FormLoginConfigurerTests.java
@@ -392,7 +392,7 @@ public class FormLoginConfigurerTests {
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests(authorizeRequests ->
+				.authorizeRequests((authorizeRequests) ->
 					authorizeRequests
 						.anyRequest().hasRole("USER")
 				)
@@ -456,11 +456,11 @@ public class FormLoginConfigurerTests {
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests(authorizeRequests ->
+				.authorizeRequests((authorizeRequests) ->
 					authorizeRequests
 						.anyRequest().hasRole("USER")
 				)
-				.formLogin(formLogin ->
+				.formLogin((formLogin) ->
 					formLogin
 						.loginPage("/authenticate")
 						.permitAll()
@@ -514,18 +514,18 @@ public class FormLoginConfigurerTests {
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests(authorizeRequests ->
+				.authorizeRequests((authorizeRequests) ->
 					authorizeRequests
 						.anyRequest().authenticated()
 				)
-				.formLogin(formLogin ->
+				.formLogin((formLogin) ->
 					formLogin
 						.loginProcessingUrl("/loginCheck")
 						.loginPage("/login")
 						.defaultSuccessUrl("/", true)
 						.permitAll()
 				)
-				.logout(logout ->
+				.logout((logout) ->
 					logout
 						.logoutSuccessUrl("/login")
 						.logoutUrl("/logout")
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerTests.java
index 275f89c498..81a541d42d 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerTests.java
@@ -486,7 +486,7 @@ public class HeadersConfigurerTests {
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.headers(headers ->
+				.headers((headers) ->
 					headers
 						.defaultsDisabled()
 						.contentTypeOptions(withDefaults())
@@ -548,7 +548,7 @@ public class HeadersConfigurerTests {
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.headers(headers ->
+				.headers((headers) ->
 					headers
 						.defaultsDisabled()
 						.cacheControl(withDefaults())
@@ -580,7 +580,7 @@ public class HeadersConfigurerTests {
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.headers(headers ->
+				.headers((headers) ->
 					headers
 						.defaultsDisabled()
 						.xssProtection(withDefaults())
@@ -611,9 +611,9 @@ public class HeadersConfigurerTests {
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.headers(headers ->
+				.headers((headers) ->
 					headers
-						.frameOptions(frameOptionsConfig -> frameOptionsConfig.sameOrigin())
+						.frameOptions((frameOptionsConfig) -> frameOptionsConfig.sameOrigin())
 				);
 			// @formatter:on
 		}
@@ -763,10 +763,10 @@ public class HeadersConfigurerTests {
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.headers(headers ->
+				.headers((headers) ->
 					headers
 						.defaultsDisabled()
-						.httpPublicKeyPinning(hpkp ->
+						.httpPublicKeyPinning((hpkp) ->
 							hpkp
 								.addSha256Pins("d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=")
 								.reportUri("https://example.net/pkp-report")
@@ -815,10 +815,10 @@ public class HeadersConfigurerTests {
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.headers(headers ->
+				.headers((headers) ->
 					headers
 						.defaultsDisabled()
-						.contentSecurityPolicy(csp ->
+						.contentSecurityPolicy((csp) ->
 							csp
 								.policyDirectives("default-src 'self'; script-src trustedscripts.example.com")
 								.reportOnly()
@@ -851,10 +851,10 @@ public class HeadersConfigurerTests {
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.headers(headers ->
+				.headers((headers) ->
 					headers
 						.defaultsDisabled()
-						.contentSecurityPolicy(csp ->
+						.contentSecurityPolicy((csp) ->
 								csp.policyDirectives("")
 						)
 				);
@@ -870,7 +870,7 @@ public class HeadersConfigurerTests {
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.headers(headers ->
+				.headers((headers) ->
 					headers
 						.defaultsDisabled()
 						.contentSecurityPolicy(withDefaults())
@@ -902,7 +902,7 @@ public class HeadersConfigurerTests {
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.headers(headers ->
+				.headers((headers) ->
 					headers
 						.defaultsDisabled()
 						.referrerPolicy()
@@ -934,10 +934,10 @@ public class HeadersConfigurerTests {
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.headers(headers ->
+				.headers((headers) ->
 					headers
 						.defaultsDisabled()
-						.referrerPolicy(referrerPolicy ->
+						.referrerPolicy((referrerPolicy) ->
 								referrerPolicy.policy(ReferrerPolicy.SAME_ORIGIN)
 						)
 				);
@@ -999,10 +999,10 @@ public class HeadersConfigurerTests {
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.headers(headers ->
+				.headers((headers) ->
 					headers
 						.defaultsDisabled()
-						.httpStrictTransportSecurity(hstsConfig -> hstsConfig.preload(true))
+						.httpStrictTransportSecurity((hstsConfig) -> hstsConfig.preload(true))
 				);
 			// @formatter:on
 		}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpBasicConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpBasicConfigurerTests.java
index 6353743976..493a85479d 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpBasicConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpBasicConfigurerTests.java
@@ -153,7 +153,7 @@ public class HttpBasicConfigurerTests {
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests(authorizeRequests ->
+				.authorizeRequests((authorizeRequests) ->
 					authorizeRequests
 						.anyRequest().authenticated()
 				)
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityRequestMatchersTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityRequestMatchersTests.java
index cfeea9e85a..8ec6163509 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityRequestMatchersTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityRequestMatchersTests.java
@@ -302,12 +302,12 @@ public class HttpSecurityRequestMatchersTests {
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.requestMatchers(requestMatchers ->
+				.requestMatchers((requestMatchers) ->
 					requestMatchers
 						.mvcMatchers("/path")
 				)
 				.httpBasic(withDefaults())
-				.authorizeRequests(authorizeRequests ->
+				.authorizeRequests((authorizeRequests) ->
 					authorizeRequests
 						.anyRequest().denyAll()
 				);
@@ -374,13 +374,13 @@ public class HttpSecurityRequestMatchersTests {
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.requestMatchers(requestMatchers ->
+				.requestMatchers((requestMatchers) ->
 					requestMatchers
 						.mvcMatchers("/path").servletPath("/spring")
 						.mvcMatchers("/never-match")
 				)
 				.httpBasic(withDefaults())
-				.authorizeRequests(authorizeRequests ->
+				.authorizeRequests((authorizeRequests) ->
 					authorizeRequests
 						.anyRequest().denyAll()
 				);
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/JeeConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/JeeConfigurerTests.java
index 3ce299689d..485689185d 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/JeeConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/JeeConfigurerTests.java
@@ -81,7 +81,7 @@ public class JeeConfigurerTests {
 		Principal user = mock(Principal.class);
 		given(user.getName()).willReturn("user");
 
-		this.mvc.perform(get("/").principal(user).with(request -> {
+		this.mvc.perform(get("/").principal(user).with((request) -> {
 			request.addUserRole("ROLE_ADMIN");
 			request.addUserRole("ROLE_USER");
 			return request;
@@ -94,7 +94,7 @@ public class JeeConfigurerTests {
 		Principal user = mock(Principal.class);
 		given(user.getName()).willReturn("user");
 
-		this.mvc.perform(get("/").principal(user).with(request -> {
+		this.mvc.perform(get("/").principal(user).with((request) -> {
 			request.addUserRole("ROLE_ADMIN");
 			request.addUserRole("ROLE_USER");
 			return request;
@@ -107,7 +107,7 @@ public class JeeConfigurerTests {
 		Principal user = mock(Principal.class);
 		given(user.getName()).willReturn("user");
 
-		this.mvc.perform(get("/").principal(user).with(request -> {
+		this.mvc.perform(get("/").principal(user).with((request) -> {
 			request.addUserRole("ROLE_ADMIN");
 			request.addUserRole("ROLE_USER");
 			return request;
@@ -125,7 +125,7 @@ public class JeeConfigurerTests {
 		given(JeeCustomAuthenticatedUserDetailsServiceConfig.authenticationUserDetailsService.loadUserDetails(any()))
 				.willReturn(userDetails);
 
-		this.mvc.perform(get("/").principal(user).with(request -> {
+		this.mvc.perform(get("/").principal(user).with((request) -> {
 			request.addUserRole("ROLE_ADMIN");
 			request.addUserRole("ROLE_USER");
 			return request;
@@ -184,11 +184,11 @@ public class JeeConfigurerTests {
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests(authorizeRequests ->
+				.authorizeRequests((authorizeRequests) ->
 					authorizeRequests
 						.anyRequest().hasRole("USER")
 				)
-				.jee(jee ->
+				.jee((jee) ->
 					jee
 						.mappableRoles("USER")
 				);
@@ -204,11 +204,11 @@ public class JeeConfigurerTests {
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests(authorizeRequests ->
+				.authorizeRequests((authorizeRequests) ->
 					authorizeRequests
 						.anyRequest().hasRole("USER")
 				)
-				.jee(jee ->
+				.jee((jee) ->
 					jee
 						.mappableAuthorities("ROLE_USER")
 				);
@@ -227,11 +227,11 @@ public class JeeConfigurerTests {
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests(authorizeRequests ->
+				.authorizeRequests((authorizeRequests) ->
 					authorizeRequests
 						.anyRequest().hasRole("USER")
 				)
-				.jee(jee ->
+				.jee((jee) ->
 					jee
 						.authenticatedUserDetailsService(authenticationUserDetailsService)
 				);
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurerTests.java
index 4d3905976b..c6a722e127 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurerTests.java
@@ -267,7 +267,7 @@ public class LogoutConfigurerTests {
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.logout(logout ->
+				.logout((logout) ->
 					logout.defaultLogoutSuccessHandlerFor(null, mock(RequestMatcher.class))
 				);
 			// @formatter:on
@@ -296,7 +296,7 @@ public class LogoutConfigurerTests {
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.logout(logout ->
+				.logout((logout) ->
 					logout.defaultLogoutSuccessHandlerFor(mock(LogoutSuccessHandler.class), null)
 				);
 			// @formatter:on
@@ -397,7 +397,7 @@ public class LogoutConfigurerTests {
 			http
 				.csrf()
 					.disable()
-				.logout(logout -> logout.logoutUrl("/custom/logout"));
+				.logout((logout) -> logout.logoutUrl("/custom/logout"));
 			// @formatter:on
 		}
 
@@ -424,7 +424,7 @@ public class LogoutConfigurerTests {
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.logout(logout -> logout.addLogoutHandler(null));
+				.logout((logout) -> logout.addLogoutHandler(null));
 			// @formatter:on
 		}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpAnonymousTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpAnonymousTests.java
index 077e69b5b5..6ebf4a23dd 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpAnonymousTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpAnonymousTests.java
@@ -198,7 +198,7 @@ public class NamespaceHttpAnonymousTests {
 
 		Optional<AnonymousAuthenticationToken> anonymousToken() {
 			return Optional.of(SecurityContextHolder.getContext()).map(SecurityContext::getAuthentication)
-					.filter(a -> a instanceof AnonymousAuthenticationToken)
+					.filter((a) -> a instanceof AnonymousAuthenticationToken)
 					.map(AnonymousAuthenticationToken.class::cast);
 		}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpBasicTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpBasicTests.java
index a4f1de385b..8eed33342d 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpBasicTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpBasicTests.java
@@ -199,7 +199,7 @@ public class NamespaceHttpBasicTests {
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests(authorizeRequests ->
+				.authorizeRequests((authorizeRequests) ->
 					authorizeRequests
 						.anyRequest().hasRole("USER")
 				)
@@ -232,11 +232,11 @@ public class NamespaceHttpBasicTests {
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests(authorizeRequests ->
+				.authorizeRequests((authorizeRequests) ->
 					authorizeRequests
 						.anyRequest().hasRole("USER")
 				)
-				.httpBasic(httpBasicConfig -> httpBasicConfig.realmName("Custom Realm"));
+				.httpBasic((httpBasicConfig) -> httpBasicConfig.realmName("Custom Realm"));
 			// @formatter:on
 		}
 
@@ -274,7 +274,7 @@ public class NamespaceHttpBasicTests {
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.httpBasic(httpBasicConfig ->
+				.httpBasic((httpBasicConfig) ->
 						httpBasicConfig.authenticationDetailsSource(this.authenticationDetailsSource));
 			// @formatter:on
 		}
@@ -314,11 +314,11 @@ public class NamespaceHttpBasicTests {
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests(authorizeRequests ->
+				.authorizeRequests((authorizeRequests) ->
 					authorizeRequests
 						.anyRequest().hasRole("USER")
 				)
-				.httpBasic(httpBasicConfig ->
+				.httpBasic((httpBasicConfig) ->
 						httpBasicConfig.authenticationEntryPoint(this.authenticationEntryPoint));
 			// @formatter:on
 		}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpHeadersTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpHeadersTests.java
index d8a4f437d5..eef4ba934a 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpHeadersTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpHeadersTests.java
@@ -153,7 +153,7 @@ public class NamespaceHttpHeadersTests {
 	}
 
 	private static ResultMatcher includes(Map<String, String> headers, String... headerNames) {
-		return result -> {
+		return (result) -> {
 			assertThat(result.getResponse().getHeaderNames()).hasSameSizeAs(headerNames);
 			for (String headerName : headerNames) {
 				header().string(headerName, headers.get(headerName)).match(result);
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpJeeTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpJeeTests.java
index e243d28cc8..47cd62b4c3 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpJeeTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpJeeTests.java
@@ -66,7 +66,7 @@ public class NamespaceHttpJeeTests {
 		Principal user = mock(Principal.class);
 		given(user.getName()).willReturn("joe");
 
-		this.mvc.perform(get("/roles").principal(user).with(request -> {
+		this.mvc.perform(get("/roles").principal(user).with((request) -> {
 			request.addUserRole("ROLE_admin");
 			request.addUserRole("ROLE_user");
 			request.addUserRole("ROLE_unmapped");
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpLogoutTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpLogoutTests.java
index 996f91a685..3f69893ed9 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpLogoutTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpLogoutTests.java
@@ -95,7 +95,7 @@ public class NamespaceHttpLogoutTests {
 
 		this.mvc.perform(post("/custom-logout").with(csrf())).andExpect(authenticated(false))
 				.andExpect(redirectedUrl("/logout-success"))
-				.andExpect(result -> assertThat(result.getResponse().getCookies()).hasSize(1))
+				.andExpect((result) -> assertThat(result.getResponse().getCookies()).hasSize(1))
 				.andExpect(cookie().maxAge("remove", 0)).andExpect(session(Objects::nonNull));
 	}
 
@@ -106,7 +106,7 @@ public class NamespaceHttpLogoutTests {
 
 		this.mvc.perform(post("/custom-logout").with(csrf())).andExpect(authenticated(false))
 				.andExpect(redirectedUrl("/logout-success"))
-				.andExpect(result -> assertThat(result.getResponse().getCookies()).hasSize(1))
+				.andExpect((result) -> assertThat(result.getResponse().getCookies()).hasSize(1))
 				.andExpect(cookie().maxAge("remove", 0)).andExpect(session(Objects::nonNull));
 	}
 
@@ -134,16 +134,16 @@ public class NamespaceHttpLogoutTests {
 	}
 
 	ResultMatcher authenticated(boolean authenticated) {
-		return result -> assertThat(Optional.ofNullable(SecurityContextHolder.getContext().getAuthentication())
+		return (result) -> assertThat(Optional.ofNullable(SecurityContextHolder.getContext().getAuthentication())
 				.map(Authentication::isAuthenticated).orElse(false)).isEqualTo(authenticated);
 	}
 
 	ResultMatcher noCookies() {
-		return result -> assertThat(result.getResponse().getCookies()).isEmpty();
+		return (result) -> assertThat(result.getResponse().getCookies()).isEmpty();
 	}
 
 	ResultMatcher session(Predicate<HttpSession> sessionPredicate) {
-		return result -> assertThat(result.getRequest().getSession(false))
+		return (result) -> assertThat(result.getRequest().getSession(false))
 				.is(new Condition<>(sessionPredicate, "sessionPredicate failed"));
 	}
 
@@ -190,7 +190,7 @@ public class NamespaceHttpLogoutTests {
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.logout(logout ->
+				.logout((logout) ->
 						logout.deleteCookies("remove")
 							.invalidateHttpSession(false)
 							.logoutUrl("/custom-logout")
@@ -227,7 +227,7 @@ public class NamespaceHttpLogoutTests {
 
 			// @formatter:off
 			http
-				.logout(logout -> logout.logoutSuccessHandler(logoutSuccessHandler));
+				.logout((logout) -> logout.logoutSuccessHandler(logoutSuccessHandler));
 			// @formatter:on
 		}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpOpenIDLoginTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpOpenIDLoginTests.java
index 9064b565f8..8200697010 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpOpenIDLoginTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpOpenIDLoginTests.java
@@ -120,13 +120,13 @@ public class NamespaceHttpOpenIDLoginTests {
 					.getAttribute("SPRING_SECURITY_OPEN_ID_ATTRIBUTES_FETCH_LIST");
 			assertThat(attributeObject).isInstanceOf(List.class);
 			List<OpenIDAttribute> attributeList = (List<OpenIDAttribute>) attributeObject;
-			assertThat(attributeList.stream().anyMatch(attribute -> "firstname".equals(attribute.getName())
+			assertThat(attributeList.stream().anyMatch((attribute) -> "firstname".equals(attribute.getName())
 					&& "https://axschema.org/namePerson/first".equals(attribute.getType()) && attribute.isRequired()))
 							.isTrue();
-			assertThat(attributeList.stream().anyMatch(attribute -> "lastname".equals(attribute.getName())
+			assertThat(attributeList.stream().anyMatch((attribute) -> "lastname".equals(attribute.getName())
 					&& "https://axschema.org/namePerson/last".equals(attribute.getType()) && attribute.isRequired()))
 							.isTrue();
-			assertThat(attributeList.stream().anyMatch(attribute -> "email".equals(attribute.getName())
+			assertThat(attributeList.stream().anyMatch((attribute) -> "email".equals(attribute.getName())
 					&& "https://axschema.org/contact/email".equals(attribute.getType()) && attribute.isRequired()))
 							.isTrue();
 		}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpServerAccessDeniedHandlerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpServerAccessDeniedHandlerTests.java
index 757e52a740..f431f397be 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpServerAccessDeniedHandlerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpServerAccessDeniedHandlerTests.java
@@ -124,11 +124,11 @@ public class NamespaceHttpServerAccessDeniedHandlerTests {
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests(authorizeRequests ->
+				.authorizeRequests((authorizeRequests) ->
 					authorizeRequests
 						.anyRequest().denyAll()
 				)
-				.exceptionHandling(exceptionHandling ->
+				.exceptionHandling((exceptionHandling) ->
 					exceptionHandling.accessDeniedPage("/AccessDeniedPageConfig")
 				);
 			// @formatter:on
@@ -167,11 +167,11 @@ public class NamespaceHttpServerAccessDeniedHandlerTests {
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests(authorizeRequests ->
+				.authorizeRequests((authorizeRequests) ->
 					authorizeRequests
 						.anyRequest().denyAll()
 				)
-				.exceptionHandling(exceptionHandling ->
+				.exceptionHandling((exceptionHandling) ->
 						exceptionHandling.accessDeniedHandler(accessDeniedHandler())
 				);
 			// @formatter:on
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpX509Tests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpX509Tests.java
index 8b9e0e6209..e6d6576183 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpX509Tests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpX509Tests.java
@@ -273,7 +273,7 @@ public class NamespaceHttpX509Tests {
 					.anyRequest().hasRole("USER")
 					.and()
 				.x509()
-					.userDetailsService(username -> USER);
+					.userDetailsService((username) -> USER);
 			// @formatter:on
 		}
 
@@ -296,7 +296,7 @@ public class NamespaceHttpX509Tests {
 					.anyRequest().hasRole("USER")
 					.and()
 				.x509()
-					.authenticationUserDetailsService(authentication -> USER);
+					.authenticationUserDetailsService((authentication) -> USER);
 			// @formatter:on
 		}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceRememberMeTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceRememberMeTests.java
index 595b38b8e0..949fea0e42 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceRememberMeTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceRememberMeTests.java
@@ -244,7 +244,7 @@ public class NamespaceRememberMeTests {
 	}
 
 	static RequestPostProcessor rememberMeLogin(String parameterName, boolean parameterValue) {
-		return request -> {
+		return (request) -> {
 			csrf().postProcessRequest(request);
 			request.setParameter("username", "user");
 			request.setParameter("password", "password");
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceSessionManagementTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceSessionManagementTests.java
index 4d8440efa6..8fccfcd006 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceSessionManagementTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceSessionManagementTests.java
@@ -96,7 +96,7 @@ public class NamespaceSessionManagementTests {
 	public void authenticateWhenUsingInvalidSessionUrlThenMatchesNamespace() throws Exception {
 		this.spring.register(CustomSessionManagementConfig.class).autowire();
 
-		this.mvc.perform(get("/auth").with(request -> {
+		this.mvc.perform(get("/auth").with((request) -> {
 			request.setRequestedSessionIdValid(false);
 			request.setRequestedSessionId("id");
 			return request;
@@ -137,7 +137,7 @@ public class NamespaceSessionManagementTests {
 		given(mock.changeSessionId()).willThrow(SessionAuthenticationException.class);
 		mock.setMethod("GET");
 
-		this.mvc.perform(get("/auth").with(request -> mock).with(httpBasic("user", "password")))
+		this.mvc.perform(get("/auth").with((request) -> mock).with(httpBasic("user", "password")))
 				.andExpect(redirectedUrl("/session-auth-error"));
 	}
 
@@ -158,7 +158,7 @@ public class NamespaceSessionManagementTests {
 	public void authenticateWhenUsingCustomInvalidSessionStrategyThenMatchesNamespace() throws Exception {
 		this.spring.register(InvalidSessionStrategyConfig.class).autowire();
 
-		this.mvc.perform(get("/auth").with(request -> {
+		this.mvc.perform(get("/auth").with((request) -> {
 			request.setRequestedSessionIdValid(false);
 			request.setRequestedSessionId("id");
 			return request;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/PortMapperConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/PortMapperConfigurerTests.java
index 75436e2a40..6c7f1d59ea 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/PortMapperConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/PortMapperConfigurerTests.java
@@ -91,11 +91,11 @@ public class PortMapperConfigurerTests {
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.requiresChannel(requiresChannel ->
+				.requiresChannel((requiresChannel) ->
 					requiresChannel
 					.anyRequest().requiresSecure()
 				)
-				.portMapper(portMapper ->
+				.portMapper((portMapper) ->
 					portMapper
 						.http(543).mapsTo(123)
 				);
@@ -113,11 +113,11 @@ public class PortMapperConfigurerTests {
 			customPortMapper.setPortMappings(Collections.singletonMap("543", "123"));
 			// @formatter:off
 			http
-				.requiresChannel(requiresChannel ->
+				.requiresChannel((requiresChannel) ->
 					requiresChannel
 						.anyRequest().requiresSecure()
 				)
-				.portMapper(portMapper ->
+				.portMapper((portMapper) ->
 					portMapper
 						.portMapper(customPortMapper)
 				);
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurerTests.java
index a0030c867e..8c10fa0d5a 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurerTests.java
@@ -121,7 +121,7 @@ public class RememberMeConfigurerTests {
 		Cookie rememberMeCookie = mvcResult.getResponse().getCookie("remember-me");
 
 		this.mvc.perform(get("/abc").cookie(rememberMeCookie)).andExpect(authenticated()
-				.withAuthentication(auth -> assertThat(auth).isInstanceOf(RememberMeAuthenticationToken.class)));
+				.withAuthentication((auth) -> assertThat(auth).isInstanceOf(RememberMeAuthenticationToken.class)));
 	}
 
 	@Test
@@ -196,7 +196,7 @@ public class RememberMeConfigurerTests {
 		Cookie rememberMeCookie = mvcResult.getResponse().getCookie("remember-me");
 
 		this.mvc.perform(get("/abc").cookie(rememberMeCookie)).andExpect(authenticated()
-				.withAuthentication(auth -> assertThat(auth).isInstanceOf(RememberMeAuthenticationToken.class)));
+				.withAuthentication((auth) -> assertThat(auth).isInstanceOf(RememberMeAuthenticationToken.class)));
 	}
 
 	@EnableWebSecurity
@@ -334,7 +334,7 @@ public class RememberMeConfigurerTests {
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests(authorizeRequests ->
+				.authorizeRequests((authorizeRequests) ->
 					authorizeRequests
 						.anyRequest().hasRole("USER")
 				)
@@ -389,12 +389,12 @@ public class RememberMeConfigurerTests {
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests(authorizeRequests ->
+				.authorizeRequests((authorizeRequests) ->
 					authorizeRequests
 						.anyRequest().hasRole("USER")
 				)
 				.formLogin(withDefaults())
-				.rememberMe(rememberMe ->
+				.rememberMe((rememberMe) ->
 					rememberMe
 						.rememberMeCookieDomain("spring.io")
 				);
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestCacheConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestCacheConfigurerTests.java
index a82959e24f..a385089f9a 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestCacheConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestCacheConfigurerTests.java
@@ -333,7 +333,7 @@ public class RequestCacheConfigurerTests {
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests(authorizeRequests ->
+				.authorizeRequests((authorizeRequests) ->
 					authorizeRequests
 						.anyRequest().authenticated()
 				)
@@ -351,7 +351,7 @@ public class RequestCacheConfigurerTests {
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests(authorizeRequests ->
+				.authorizeRequests((authorizeRequests) ->
 					authorizeRequests
 						.anyRequest().authenticated()
 				)
@@ -369,12 +369,12 @@ public class RequestCacheConfigurerTests {
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests(authorizeRequests ->
+				.authorizeRequests((authorizeRequests) ->
 					authorizeRequests
 						.anyRequest().authenticated()
 				)
 				.formLogin(withDefaults())
-				.requestCache(requestCache ->
+				.requestCache((requestCache) ->
 					requestCache
 						.requestCache(new NullRequestCache())
 				);
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestMatcherConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestMatcherConfigurerTests.java
index 9abd316d03..e820678b2f 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestMatcherConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestMatcherConfigurerTests.java
@@ -87,15 +87,15 @@ public class RequestMatcherConfigurerTests {
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.requestMatchers(requestMatchers ->
+				.requestMatchers((requestMatchers) ->
 					requestMatchers
 						.antMatchers("/api/**")
 				)
-				.requestMatchers(requestMatchers ->
+				.requestMatchers((requestMatchers) ->
 					requestMatchers
 						.antMatchers("/oauth/**")
 				)
-				.authorizeRequests(authorizeRequests ->
+				.authorizeRequests((authorizeRequests) ->
 					authorizeRequests
 						.anyRequest().denyAll()
 				);
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SecurityContextConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SecurityContextConfigurerTests.java
index 4d232ac77f..e3bb13407c 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SecurityContextConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SecurityContextConfigurerTests.java
@@ -252,7 +252,7 @@ public class SecurityContextConfigurerTests {
 			// @formatter:off
 			http
 				.formLogin(withDefaults())
-				.securityContext(securityContext ->
+				.securityContext((securityContext) ->
 					securityContext
 						.securityContextRepository(new NullSecurityContextRepository())
 				);
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ServletApiConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ServletApiConfigurerTests.java
index ae3318db30..05236e3742 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ServletApiConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ServletApiConfigurerTests.java
@@ -343,7 +343,7 @@ public class ServletApiConfigurerTests {
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.servletApi(servletApi ->
+				.servletApi((servletApi) ->
 					servletApi
 						.rolePrefix("PERMISSION_")
 				);
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTests.java
index 4022a9d2d0..36c2b9aeba 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTests.java
@@ -362,9 +362,9 @@ public class SessionManagementConfigurerTests {
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.sessionManagement(sessionManagement ->
+				.sessionManagement((sessionManagement) ->
 					sessionManagement
-						.sessionFixation(sessionFixation ->
+						.sessionFixation((sessionFixation) ->
 							sessionFixation.newSession()
 						)
 				)
@@ -417,9 +417,9 @@ public class SessionManagementConfigurerTests {
 			// @formatter:off
 			http
 				.formLogin(withDefaults())
-				.sessionManagement(sessionManagement ->
+				.sessionManagement((sessionManagement) ->
 					sessionManagement
-						.sessionConcurrency(sessionConcurrency ->
+						.sessionConcurrency((sessionConcurrency) ->
 							sessionConcurrency
 								.maximumSessions(1)
 								.maxSessionsPreventsLogin(true)
@@ -446,7 +446,7 @@ public class SessionManagementConfigurerTests {
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.sessionManagement(sessionManagement ->
+				.sessionManagement((sessionManagement) ->
 					sessionManagement
 						.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
 				);
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/X509ConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/X509ConfigurerTests.java
index 0de22b0bb0..64ca605e85 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/X509ConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/X509ConfigurerTests.java
@@ -182,7 +182,7 @@ public class X509ConfigurerTests {
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.x509(x509 ->
+				.x509((x509) ->
 					x509
 						.subjectPrincipalRegex("CN=(.*?)@example.com(?:,|$)")
 				);
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerTests.java
index 8598189995..2fd0b699a8 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerTests.java
@@ -233,7 +233,7 @@ public class OAuth2ClientConfigurerTests {
 		OAuth2AuthorizationRequestResolver defaultAuthorizationRequestResolver = authorizationRequestResolver;
 		authorizationRequestResolver = mock(OAuth2AuthorizationRequestResolver.class);
 		given(authorizationRequestResolver.resolve(any()))
-				.willAnswer(invocation -> defaultAuthorizationRequestResolver.resolve(invocation.getArgument(0)));
+				.willAnswer((invocation) -> defaultAuthorizationRequestResolver.resolve(invocation.getArgument(0)));
 
 		this.spring.register(OAuth2ClientConfig.class).autowire();
 
@@ -295,7 +295,7 @@ public class OAuth2ClientConfigurerTests {
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests(authorizeRequests ->
+				.authorizeRequests((authorizeRequests) ->
 					authorizeRequests
 						.anyRequest().authenticated()
 				)
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurerTests.java
index 382e80edb9..206b1157c2 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurerTests.java
@@ -586,7 +586,7 @@ public class OAuth2LoginConfigurerTests {
 	}
 
 	private static OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> createOauth2AccessTokenResponseClient() {
-		return request -> {
+		return (request) -> {
 			Map<String, Object> additionalParameters = new HashMap<>();
 			if (request.getAuthorizationExchange().getAuthorizationRequest().getScopes().contains("openid")) {
 				additionalParameters.put(OidcParameterNames.ID_TOKEN, "token123");
@@ -598,17 +598,17 @@ public class OAuth2LoginConfigurerTests {
 
 	private static OAuth2UserService<OAuth2UserRequest, OAuth2User> createOauth2UserService() {
 		Map<String, Object> userAttributes = Collections.singletonMap("name", "spring");
-		return request -> new DefaultOAuth2User(Collections.singleton(new OAuth2UserAuthority(userAttributes)),
+		return (request) -> new DefaultOAuth2User(Collections.singleton(new OAuth2UserAuthority(userAttributes)),
 				userAttributes, "name");
 	}
 
 	private static OAuth2UserService<OidcUserRequest, OidcUser> createOidcUserService() {
 		OidcIdToken idToken = TestOidcIdTokens.idToken().build();
-		return request -> new DefaultOidcUser(Collections.singleton(new OidcUserAuthority(idToken)), idToken);
+		return (request) -> new DefaultOidcUser(Collections.singleton(new OidcUserAuthority(idToken)), idToken);
 	}
 
 	private static GrantedAuthoritiesMapper createGrantedAuthoritiesMapper() {
-		return authorities -> {
+		return (authorities) -> {
 			boolean isOidc = OidcUserAuthority.class.isInstance(authorities.iterator().next());
 			List<GrantedAuthority> mappedAuthorities = new ArrayList<>(authorities);
 			mappedAuthorities.add(new SimpleGrantedAuthority(isOidc ? "ROLE_OIDC_USER" : "ROLE_OAUTH2_USER"));
@@ -650,7 +650,7 @@ public class OAuth2LoginConfigurerTests {
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.oauth2Login(oauth2Login ->
+				.oauth2Login((oauth2Login) ->
 					oauth2Login
 						.clientRegistrationRepository(
 							new InMemoryClientRegistrationRepository(GOOGLE_CLIENT_REGISTRATION))
@@ -811,10 +811,10 @@ public class OAuth2LoginConfigurerTests {
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.oauth2Login(oauth2Login ->
+				.oauth2Login((oauth2Login) ->
 					oauth2Login
 						.clientRegistrationRepository(this.clientRegistrationRepository)
-						.authorizationEndpoint(authorizationEndpoint ->
+						.authorizationEndpoint((authorizationEndpoint) ->
 							authorizationEndpoint
 								.authorizationRequestResolver(this.resolver)
 						)
@@ -866,7 +866,7 @@ public class OAuth2LoginConfigurerTests {
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.oauth2Login(oauth2Login ->
+				.oauth2Login((oauth2Login) ->
 						oauth2Login
 							.clientRegistrationRepository(
 									new InMemoryClientRegistrationRepository(GOOGLE_CLIENT_REGISTRATION))
@@ -945,21 +945,21 @@ public class OAuth2LoginConfigurerTests {
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests(authorizeRequests ->
+				.authorizeRequests((authorizeRequests) ->
 					authorizeRequests
 						.anyRequest().authenticated()
 				)
-				.securityContext(securityContext ->
+				.securityContext((securityContext) ->
 					securityContext
 						.securityContextRepository(securityContextRepository())
 				)
-				.oauth2Login(oauth2Login ->
+				.oauth2Login((oauth2Login) ->
 					oauth2Login
-						.tokenEndpoint(tokenEndpoint ->
+						.tokenEndpoint((tokenEndpoint) ->
 							tokenEndpoint
 								.accessTokenResponseClient(createOauth2AccessTokenResponseClient())
 						)
-						.userInfoEndpoint(userInfoEndpoint ->
+						.userInfoEndpoint((userInfoEndpoint) ->
 							userInfoEndpoint
 								.userService(createOauth2UserService())
 								.oidcUserService(createOidcUserService())
@@ -985,7 +985,7 @@ public class OAuth2LoginConfigurerTests {
 
 		@Bean
 		JwtDecoderFactory<ClientRegistration> jwtDecoderFactory() {
-			return clientRegistration -> getJwtDecoder();
+			return (clientRegistration) -> getJwtDecoder();
 		}
 
 		private static JwtDecoder getJwtDecoder() {
@@ -994,7 +994,7 @@ public class OAuth2LoginConfigurerTests {
 			claims.put(IdTokenClaimNames.ISS, "http://localhost/iss");
 			claims.put(IdTokenClaimNames.AUD, Arrays.asList("clientId", "a", "u", "d"));
 			claims.put(IdTokenClaimNames.AZP, "clientId");
-			Jwt jwt = TestJwts.jwt().claims(c -> c.putAll(claims)).build();
+			Jwt jwt = TestJwts.jwt().claims((c) -> c.putAll(claims)).build();
 			JwtDecoder jwtDecoder = mock(JwtDecoder.class);
 			given(jwtDecoder.decode(any())).willReturn(jwt);
 			return jwtDecoder;
@@ -1007,12 +1007,12 @@ public class OAuth2LoginConfigurerTests {
 
 		@Bean
 		JwtDecoderFactory<ClientRegistration> jwtDecoderFactory1() {
-			return clientRegistration -> JwtDecoderFactoryConfig.getJwtDecoder();
+			return (clientRegistration) -> JwtDecoderFactoryConfig.getJwtDecoder();
 		}
 
 		@Bean
 		JwtDecoderFactory<ClientRegistration> jwtDecoderFactory2() {
-			return clientRegistration -> JwtDecoderFactoryConfig.getJwtDecoder();
+			return (clientRegistration) -> JwtDecoderFactoryConfig.getJwtDecoder();
 		}
 
 	}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java
index 93342403c6..82fbe70deb 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java
@@ -1404,12 +1404,12 @@ public class OAuth2ResourceServerConfigurerTests {
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests(authorizeRequests ->
+				.authorizeRequests((authorizeRequests) ->
 					authorizeRequests
 						.antMatchers("/requires-read-scope").access("hasAuthority('SCOPE_message:read')")
 						.anyRequest().authenticated()
 				)
-				.oauth2ResourceServer(oauth2ResourceServer ->
+				.oauth2ResourceServer((oauth2ResourceServer) ->
 					oauth2ResourceServer
 						.jwt(withDefaults())
 				);
@@ -1450,14 +1450,14 @@ public class OAuth2ResourceServerConfigurerTests {
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests(authorizeRequests ->
+				.authorizeRequests((authorizeRequests) ->
 					authorizeRequests
 						.antMatchers("/requires-read-scope").access("hasAuthority('SCOPE_message:read')")
 						.anyRequest().authenticated()
 				)
-				.oauth2ResourceServer(oauth2ResourceServer ->
+				.oauth2ResourceServer((oauth2ResourceServer) ->
 					oauth2ResourceServer
-						.jwt(jwt ->
+						.jwt((jwt) ->
 							jwt
 								.jwkSetUri(this.jwkSetUri)
 						)
@@ -1601,7 +1601,7 @@ public class OAuth2ResourceServerConfigurerTests {
 					.anyRequest().denyAll()
 					.and()
 				.exceptionHandling()
-					.defaultAccessDeniedHandlerFor(new AccessDeniedHandlerImpl(), request -> false)
+					.defaultAccessDeniedHandlerFor(new AccessDeniedHandlerImpl(), (request) -> false)
 					.and()
 				.httpBasic()
 					.and()
@@ -1668,7 +1668,7 @@ public class OAuth2ResourceServerConfigurerTests {
 		Converter<Jwt, AbstractAuthenticationToken> getJwtAuthenticationConverter() {
 			JwtAuthenticationConverter converter = new JwtAuthenticationConverter();
 			converter.setJwtGrantedAuthoritiesConverter(
-					jwt -> Collections.singletonList(new SimpleGrantedAuthority("message:read")));
+					(jwt) -> Collections.singletonList(new SimpleGrantedAuthority("message:read")));
 			return converter;
 		}
 
@@ -1871,13 +1871,13 @@ public class OAuth2ResourceServerConfigurerTests {
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests(authorizeRequests ->
+				.authorizeRequests((authorizeRequests) ->
 					authorizeRequests
 						.anyRequest().authenticated()
 				)
-				.oauth2ResourceServer(oauth2ResourceServer ->
+				.oauth2ResourceServer((oauth2ResourceServer) ->
 					oauth2ResourceServer
-						.jwt(jwt ->
+						.jwt((jwt) ->
 							jwt
 								.decoder(decoder())
 						)
@@ -2091,12 +2091,12 @@ public class OAuth2ResourceServerConfigurerTests {
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests(authorizeRequests ->
+				.authorizeRequests((authorizeRequests) ->
 					authorizeRequests
 						.antMatchers("/requires-read-scope").hasAuthority("SCOPE_message:read")
 						.anyRequest().authenticated()
 				)
-				.oauth2ResourceServer(oauth2ResourceServer ->
+				.oauth2ResourceServer((oauth2ResourceServer) ->
 					oauth2ResourceServer
 						.opaqueToken(withDefaults())
 				);
@@ -2135,13 +2135,13 @@ public class OAuth2ResourceServerConfigurerTests {
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests(authorizeRequests ->
+				.authorizeRequests((authorizeRequests) ->
 					authorizeRequests
 						.anyRequest().authenticated()
 				)
-				.oauth2ResourceServer(oauth2ResourceServer ->
+				.oauth2ResourceServer((oauth2ResourceServer) ->
 					oauth2ResourceServer
-						.opaqueToken(opaqueToken ->
+						.opaqueToken((opaqueToken) ->
 							opaqueToken
 								.authenticationManager(authenticationProvider()::authenticate)
 						)
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurerTests.java
index e5cb902773..66d8cf2701 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurerTests.java
@@ -127,11 +127,11 @@ public class OpenIDLoginConfigurerTests {
 			List<OpenIDAttribute> attributeList = (List<OpenIDAttribute>) attributeObject;
 			assertThat(
 					attributeList.stream()
-							.anyMatch(attribute -> "nickname".equals(attribute.getName())
+							.anyMatch((attribute) -> "nickname".equals(attribute.getName())
 									&& "https://schema.openid.net/namePerson/friendly".equals(attribute.getType())))
 											.isTrue();
 			assertThat(attributeList.stream()
-					.anyMatch(attribute -> "email".equals(attribute.getName())
+					.anyMatch((attribute) -> "email".equals(attribute.getName())
 							&& "https://schema.openid.net/contact/email".equals(attribute.getType())
 							&& attribute.isRequired() && attribute.getCount() == 2)).isTrue();
 		}
@@ -231,11 +231,11 @@ public class OpenIDLoginConfigurerTests {
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests(authorizeRequests ->
+				.authorizeRequests((authorizeRequests) ->
 					authorizeRequests
 						.anyRequest().authenticated()
 				)
-				.openidLogin(openIdLogin ->
+				.openidLogin((openIdLogin) ->
 					openIdLogin
 						.loginPage("/login/custom")
 				);
@@ -253,22 +253,22 @@ public class OpenIDLoginConfigurerTests {
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests(authorizeRequests ->
+				.authorizeRequests((authorizeRequests) ->
 					authorizeRequests
 						.anyRequest().permitAll()
 				)
-				.openidLogin(openIdLogin ->
+				.openidLogin((openIdLogin) ->
 					openIdLogin
 						.consumerManager(CONSUMER_MANAGER)
-						.attributeExchange(attributeExchange ->
+						.attributeExchange((attributeExchange) ->
 								attributeExchange
 									.identifierPattern(".*")
-									.attribute(nicknameAttribute ->
+									.attribute((nicknameAttribute) ->
 										nicknameAttribute
 											.name("nickname")
 											.type("https://schema.openid.net/namePerson/friendly")
 									)
-									.attribute(emailAttribute ->
+									.attribute((emailAttribute) ->
 										emailAttribute
 											.name("email")
 											.type("https://schema.openid.net/contact/email")
@@ -291,14 +291,14 @@ public class OpenIDLoginConfigurerTests {
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests(authorizeRequests ->
+				.authorizeRequests((authorizeRequests) ->
 					authorizeRequests
 						.anyRequest().permitAll()
 				)
-				.openidLogin(openIdLogin ->
+				.openidLogin((openIdLogin) ->
 					openIdLogin
 							.consumerManager(CONSUMER_MANAGER)
-						.attributeExchange(attributeExchange ->
+						.attributeExchange((attributeExchange) ->
 								attributeExchange
 									.identifierPattern(".*")
 									.attribute(withDefaults())
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurerTests.java
index 0205de29b3..a8c47766f6 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurerTests.java
@@ -102,10 +102,10 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
  */
 public class Saml2LoginConfigurerTests {
 
-	private static final Converter<Assertion, Collection<? extends GrantedAuthority>> AUTHORITIES_EXTRACTOR = a -> Arrays
-			.asList(new SimpleGrantedAuthority("TEST"));
+	private static final Converter<Assertion, Collection<? extends GrantedAuthority>> AUTHORITIES_EXTRACTOR = (
+			a) -> Arrays.asList(new SimpleGrantedAuthority("TEST"));
 
-	private static final GrantedAuthoritiesMapper AUTHORITIES_MAPPER = authorities -> Arrays
+	private static final GrantedAuthoritiesMapper AUTHORITIES_MAPPER = (authorities) -> Arrays
 			.asList(new SimpleGrantedAuthority("TEST CONVERTED"));
 
 	private static final Duration RESPONSE_TIME_VALIDATION_SKEW = Duration.ZERO;
@@ -194,8 +194,8 @@ public class Saml2LoginConfigurerTests {
 	public void authenticateWhenCustomAuthenticationConverterThenUses() throws Exception {
 		this.spring.register(CustomAuthenticationConverter.class).autowire();
 		RelyingPartyRegistration relyingPartyRegistration = TestRelyingPartyRegistrations.noCredentials()
-				.assertingPartyDetails(party -> party.verificationX509Credentials(
-						c -> c.add(TestSaml2X509Credentials.relyingPartyVerifyingCredential())))
+				.assertingPartyDetails((party) -> party.verificationX509Credentials(
+						(c) -> c.add(TestSaml2X509Credentials.relyingPartyVerifyingCredential())))
 				.build();
 		String response = new String(samlDecode(SIGNED_RESPONSE));
 		given(CustomAuthenticationConverter.authenticationConverter.convert(any(HttpServletRequest.class)))
@@ -212,7 +212,7 @@ public class Saml2LoginConfigurerTests {
 				"authenticationManager");
 		ProviderManager pm = (ProviderManager) manager;
 		AuthenticationProvider provider = pm.getProviders().stream()
-				.filter(p -> p instanceof OpenSamlAuthenticationProvider).findFirst().get();
+				.filter((p) -> p instanceof OpenSamlAuthenticationProvider).findFirst().get();
 		Assert.assertSame(AUTHORITIES_EXTRACTOR, ReflectionTestUtils.getField(provider, "authoritiesExtractor"));
 		Assert.assertSame(AUTHORITIES_MAPPER, ReflectionTestUtils.getField(provider, "authoritiesMapper"));
 		Assert.assertSame(RESPONSE_TIME_VALIDATION_SKEW,
@@ -221,7 +221,7 @@ public class Saml2LoginConfigurerTests {
 
 	private Saml2WebSsoAuthenticationFilter getSaml2SsoFilter(FilterChainProxy chain) {
 		return (Saml2WebSsoAuthenticationFilter) chain.getFilters("/login/saml2/sso/test").stream()
-				.filter(f -> f instanceof Saml2WebSsoAuthenticationFilter).findFirst().get();
+				.filter((f) -> f instanceof Saml2WebSsoAuthenticationFilter).findFirst().get();
 	}
 
 	private void performSaml2Login(String expected) throws IOException, ServletException {
@@ -324,7 +324,7 @@ public class Saml2LoginConfigurerTests {
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests(authz -> authz
+				.authorizeRequests((authz) -> authz
 						.anyRequest().authenticated()
 				)
 				.saml2Login(withDefaults());
@@ -346,10 +346,10 @@ public class Saml2LoginConfigurerTests {
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests(authz -> authz
+				.authorizeRequests((authz) -> authz
 					.anyRequest().authenticated()
 				)
-				.saml2Login(saml2 -> {});
+				.saml2Login((saml2) -> {});
 			// @formatter:on
 		}
 
@@ -357,7 +357,7 @@ public class Saml2LoginConfigurerTests {
 		Saml2AuthenticationRequestFactory authenticationRequestFactory() {
 			OpenSamlAuthenticationRequestFactory authenticationRequestFactory = new OpenSamlAuthenticationRequestFactory();
 			authenticationRequestFactory
-					.setAuthnRequestConsumerResolver(context -> authnRequest -> authnRequest.setForceAuthn(true));
+					.setAuthnRequestConsumerResolver((context) -> (authnRequest) -> authnRequest.setForceAuthn(true));
 			return authenticationRequestFactory;
 		}
 
@@ -371,8 +371,8 @@ public class Saml2LoginConfigurerTests {
 
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
-			http.authorizeRequests(authz -> authz.anyRequest().authenticated())
-					.saml2Login(saml2 -> saml2.authenticationConverter(authenticationConverter));
+			http.authorizeRequests((authz) -> authz.anyRequest().authenticated())
+					.saml2Login((saml2) -> saml2.authenticationConverter(authenticationConverter));
 		}
 
 	}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurityTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurityTests.java
index 036618be7b..9ef91dc752 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurityTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurityTests.java
@@ -112,7 +112,7 @@ public class EnableWebFluxSecurityTests {
 
 		WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.springSecurityFilterChain).build();
 
-		FluxExchangeResult<String> result = client.get().headers(headers -> headers.setBasicAuth("user", "password"))
+		FluxExchangeResult<String> result = client.get().headers((headers) -> headers.setBasicAuth("user", "password"))
 				.exchange().expectStatus().isOk().returnResult(String.class);
 		result.assertWithDiagnostics(() -> assertThat(result.getResponseCookies().isEmpty()));
 	}
@@ -126,16 +126,16 @@ public class EnableWebFluxSecurityTests {
 		WebTestClient client = WebTestClientBuilder
 				.bindToWebFilters(
 						(exchange, chain) -> contextRepository.save(exchange, context)
-								.switchIfEmpty(chain.filter(exchange)).flatMap(e -> chain.filter(exchange)),
+								.switchIfEmpty(chain.filter(exchange)).flatMap((e) -> chain.filter(exchange)),
 						this.springSecurityFilterChain,
 						(exchange,
 								chain) -> ReactiveSecurityContextHolder.getContext()
-										.map(SecurityContext::getAuthentication).flatMap(principal -> exchange
+										.map(SecurityContext::getAuthentication).flatMap((principal) -> exchange
 												.getResponse().writeWith(Mono.just(toDataBuffer(principal.getName())))))
 				.build();
 
 		client.get().uri("/").exchange().expectStatus().isOk().expectBody(String.class)
-				.consumeWith(result -> assertThat(result.getResponseBody()).isEqualTo(currentPrincipal.getName()));
+				.consumeWith((result) -> assertThat(result.getResponseBody()).isEqualTo(currentPrincipal.getName()));
 	}
 
 	@Test
@@ -145,13 +145,13 @@ public class EnableWebFluxSecurityTests {
 				.bindToWebFilters(this.springSecurityFilterChain,
 						(exchange,
 								chain) -> ReactiveSecurityContextHolder.getContext()
-										.map(SecurityContext::getAuthentication).flatMap(principal -> exchange
+										.map(SecurityContext::getAuthentication).flatMap((principal) -> exchange
 												.getResponse().writeWith(Mono.just(toDataBuffer(principal.getName())))))
 				.build();
 
-		client.get().uri("/").headers(headers -> headers.setBasicAuth("user", "password")).exchange().expectStatus()
+		client.get().uri("/").headers((headers) -> headers.setBasicAuth("user", "password")).exchange().expectStatus()
 				.isOk().expectBody(String.class)
-				.consumeWith(result -> assertThat(result.getResponseBody()).isEqualTo("user"));
+				.consumeWith((result) -> assertThat(result.getResponseBody()).isEqualTo("user"));
 	}
 
 	@Test
@@ -171,13 +171,13 @@ public class EnableWebFluxSecurityTests {
 				.bindToWebFilters(this.springSecurityFilterChain,
 						(exchange,
 								chain) -> ReactiveSecurityContextHolder.getContext()
-										.map(SecurityContext::getAuthentication).flatMap(principal -> exchange
+										.map(SecurityContext::getAuthentication).flatMap((principal) -> exchange
 												.getResponse().writeWith(Mono.just(toDataBuffer(principal.getName())))))
 				.build();
 
-		client.get().uri("/").headers(headers -> headers.setBasicAuth("user", "password")).exchange().expectStatus()
+		client.get().uri("/").headers((headers) -> headers.setBasicAuth("user", "password")).exchange().expectStatus()
 				.isOk().expectBody(String.class)
-				.consumeWith(result -> assertThat(result.getResponseBody()).isEqualTo("user"));
+				.consumeWith((result) -> assertThat(result.getResponseBody()).isEqualTo("user"));
 	}
 
 	@Test
@@ -185,7 +185,7 @@ public class EnableWebFluxSecurityTests {
 		this.spring.register(MapReactiveUserDetailsServiceConfig.class).autowire();
 		WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.springSecurityFilterChain).build();
 
-		client.get().uri("/").headers(h -> h.setBasicAuth("user", "password")).exchange().expectStatus().isOk();
+		client.get().uri("/").headers((h) -> h.setBasicAuth("user", "password")).exchange().expectStatus().isOk();
 
 		ReactiveUserDetailsService users = this.spring.getContext().getBean(ReactiveUserDetailsService.class);
 		assertThat(users.findByUsername("user").block().getPassword()).startsWith("{bcrypt}");
@@ -195,8 +195,8 @@ public class EnableWebFluxSecurityTests {
 	public void formLoginWorks() {
 		this.spring.register(Config.class).autowire();
 		WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.springSecurityFilterChain, (exchange,
-				chain) -> Mono.subscriberContext().flatMap(c -> c.<Mono<Principal>>get(Authentication.class)).flatMap(
-						principal -> exchange.getResponse().writeWith(Mono.just(toDataBuffer(principal.getName())))))
+				chain) -> Mono.subscriberContext().flatMap((c) -> c.<Mono<Principal>>get(Authentication.class)).flatMap(
+						(principal) -> exchange.getResponse().writeWith(Mono.just(toDataBuffer(principal.getName())))))
 				.build();
 
 		MultiValueMap<String, String> data = new LinkedMultiValueMap<>();
diff --git a/config/src/test/java/org/springframework/security/config/crypto/RsaKeyConversionServicePostProcessorTests.java b/config/src/test/java/org/springframework/security/config/crypto/RsaKeyConversionServicePostProcessorTests.java
index 180983d8f6..dfa8399e66 100644
--- a/config/src/test/java/org/springframework/security/config/crypto/RsaKeyConversionServicePostProcessorTests.java
+++ b/config/src/test/java/org/springframework/security/config/crypto/RsaKeyConversionServicePostProcessorTests.java
@@ -146,7 +146,7 @@ public class RsaKeyConversionServicePostProcessorTests {
 
 		@Bean
 		BeanFactoryPostProcessor conversionServiceCustomizer() {
-			return beanFactory -> beanFactory.getBean(RsaKeyConversionServicePostProcessor.class)
+			return (beanFactory) -> beanFactory.getBean(RsaKeyConversionServicePostProcessor.class)
 					.setResourceLoader(new CustomResourceLoader());
 		}
 
@@ -158,7 +158,7 @@ public class RsaKeyConversionServicePostProcessorTests {
 		@Bean
 		ConversionService conversionService() {
 			GenericConversionService service = new GenericConversionService();
-			service.addConverter(String.class, RSAPublicKey.class, source -> {
+			service.addConverter(String.class, RSAPublicKey.class, (source) -> {
 				throw new IllegalArgumentException("unsupported");
 			});
 			return service;
diff --git a/config/src/test/java/org/springframework/security/config/doc/Element.java b/config/src/test/java/org/springframework/security/config/doc/Element.java
index 2e8369880f..6a6bd75181 100644
--- a/config/src/test/java/org/springframework/security/config/doc/Element.java
+++ b/config/src/test/java/org/springframework/security/config/doc/Element.java
@@ -130,9 +130,9 @@ public class Element {
 		Collection<String> ids = new ArrayList<>();
 		ids.add(getId());
 
-		this.childElmts.values().forEach(elmt -> ids.add(elmt.getId()));
+		this.childElmts.values().forEach((elmt) -> ids.add(elmt.getId()));
 
-		this.attrs.forEach(attr -> ids.add(attr.getId()));
+		this.attrs.forEach((attr) -> ids.add(attr.getId()));
 
 		if (!this.childElmts.isEmpty()) {
 			ids.add(getId() + "-children");
@@ -152,7 +152,8 @@ public class Element {
 	public Map<String, Element> getAllChildElmts() {
 		Map<String, Element> result = new HashMap<>();
 
-		this.childElmts.values().forEach(elmt -> elmt.subGrps.forEach(subElmt -> result.put(subElmt.name, subElmt)));
+		this.childElmts.values()
+				.forEach((elmt) -> elmt.subGrps.forEach((subElmt) -> result.put(subElmt.name, subElmt)));
 
 		result.putAll(this.childElmts);
 
@@ -162,7 +163,8 @@ public class Element {
 	public Map<String, Element> getAllParentElmts() {
 		Map<String, Element> result = new HashMap<>();
 
-		this.parentElmts.values().forEach(elmt -> elmt.subGrps.forEach(subElmt -> result.put(subElmt.name, subElmt)));
+		this.parentElmts.values()
+				.forEach((elmt) -> elmt.subGrps.forEach((subElmt) -> result.put(subElmt.name, subElmt)));
 
 		result.putAll(this.parentElmts);
 
diff --git a/config/src/test/java/org/springframework/security/config/doc/SpringSecurityXsdParser.java b/config/src/test/java/org/springframework/security/config/doc/SpringSecurityXsdParser.java
index 00bb96ee0c..1181230cf0 100644
--- a/config/src/test/java/org/springframework/security/config/doc/SpringSecurityXsdParser.java
+++ b/config/src/test/java/org/springframework/security/config/doc/SpringSecurityXsdParser.java
@@ -61,7 +61,7 @@ public class SpringSecurityXsdParser {
 	private Map<String, Element> elements(XmlNode node) {
 		Map<String, Element> elementNameToElement = new HashMap<>();
 
-		node.children().forEach(child -> {
+		node.children().forEach((child) -> {
 			if ("element".equals(child.simpleName())) {
 				Element e = elmt(child);
 				elementNameToElement.put(e.getName(), e);
@@ -81,7 +81,7 @@ public class SpringSecurityXsdParser {
 	 */
 	private Collection<Attribute> attrs(XmlNode element) {
 		Collection<Attribute> attrs = new ArrayList<>();
-		element.children().forEach(c -> {
+		element.children().forEach((c) -> {
 			String name = c.simpleName();
 			if ("attribute".equals(name)) {
 				attrs.add(attr(c));
@@ -103,7 +103,7 @@ public class SpringSecurityXsdParser {
 	private Collection<Attribute> attrgrps(XmlNode element) {
 		Collection<Attribute> attrgrp = new ArrayList<>();
 
-		element.children().forEach(c -> {
+		element.children().forEach((c) -> {
 			if (!"element".equals(c.simpleName())) {
 				if ("attributeGroup".equals(c.simpleName())) {
 					if (c.attribute("name") != null) {
@@ -130,7 +130,7 @@ public class SpringSecurityXsdParser {
 			root = root.parent().get();
 		}
 
-		return expand(root).filter(node -> name.equals(node.attribute("name"))).findFirst()
+		return expand(root).filter((node) -> name.equals(node.attribute("name"))).findFirst()
 				.orElseThrow(IllegalArgumentException::new);
 	}
 
@@ -157,8 +157,8 @@ public class SpringSecurityXsdParser {
 	 * @return
 	 */
 	private String desc(XmlNode element) {
-		return element.child("annotation").flatMap(annotation -> annotation.child("documentation"))
-				.map(documentation -> documentation.text()).orElse(null);
+		return element.child("annotation").flatMap((annotation) -> annotation.child("documentation"))
+				.map((documentation) -> documentation.text()).orElse(null);
 	}
 
 	/**
@@ -197,8 +197,8 @@ public class SpringSecurityXsdParser {
 		e.setChildElmts(elements(n));
 		e.setAttrs(attrs(n));
 		e.getAttrs().addAll(attrgrps(n));
-		e.getAttrs().forEach(attr -> attr.setElmt(e));
-		e.getChildElmts().values().forEach(element -> element.getParentElmts().put(e.getName(), e));
+		e.getAttrs().forEach((attr) -> attr.setElmt(e));
+		e.getChildElmts().values().forEach((element) -> element.getParentElmts().put(e.getName(), e));
 
 		String subGrpName = n.attribute("substitutionGroup");
 		if (!StringUtils.isEmpty(subGrpName)) {
diff --git a/config/src/test/java/org/springframework/security/config/doc/XmlNode.java b/config/src/test/java/org/springframework/security/config/doc/XmlNode.java
index 639ed25322..173efac460 100644
--- a/config/src/test/java/org/springframework/security/config/doc/XmlNode.java
+++ b/config/src/test/java/org/springframework/security/config/doc/XmlNode.java
@@ -50,16 +50,16 @@ public class XmlNode {
 	}
 
 	public Optional<XmlNode> child(String name) {
-		return this.children().filter(child -> name.equals(child.simpleName())).findFirst();
+		return this.children().filter((child) -> name.equals(child.simpleName())).findFirst();
 	}
 
 	public Optional<XmlNode> parent() {
-		return Optional.ofNullable(this.node.getParentNode()).map(parent -> new XmlNode(parent));
+		return Optional.ofNullable(this.node.getParentNode()).map((parent) -> new XmlNode(parent));
 	}
 
 	public String attribute(String name) {
-		return Optional.ofNullable(this.node.getAttributes()).map(attrs -> attrs.getNamedItem(name))
-				.map(attr -> attr.getTextContent()).orElse(null);
+		return Optional.ofNullable(this.node.getAttributes()).map((attrs) -> attrs.getNamedItem(name))
+				.map((attr) -> attr.getTextContent()).orElse(null);
 	}
 
 	public Node node() {
diff --git a/config/src/test/java/org/springframework/security/config/doc/XsdDocumentedTests.java b/config/src/test/java/org/springframework/security/config/doc/XsdDocumentedTests.java
index 519851f3be..d07647fda1 100644
--- a/config/src/test/java/org/springframework/security/config/doc/XsdDocumentedTests.java
+++ b/config/src/test/java/org/springframework/security/config/doc/XsdDocumentedTests.java
@@ -70,9 +70,9 @@ public class XsdDocumentedTests {
 		XmlNode root = this.xml.parse(this.schemaDocumentLocation);
 
 		List<String> nodes = root.child("schema").map(XmlNode::children).orElse(Stream.empty())
-				.filter(node -> "simpleType".equals(node.simpleName())
+				.filter((node) -> "simpleType".equals(node.simpleName())
 						&& "named-security-filter".equals(node.attribute("name")))
-				.flatMap(XmlNode::children).flatMap(XmlNode::children).map(node -> node.attribute("value"))
+				.flatMap(XmlNode::children).flatMap(XmlNode::children).map((node) -> node.attribute("value"))
 				.filter(StringUtils::isNotEmpty).collect(Collectors.toList());
 
 		SecurityFiltersAssertions.assertEquals(nodes);
@@ -91,9 +91,9 @@ public class XsdDocumentedTests {
 		XmlNode root = this.xml.parse(this.schema31xDocumentLocation);
 
 		List<String> nodes = root.child("schema").map(XmlNode::children).orElse(Stream.empty())
-				.filter(node -> "simpleType".equals(node.simpleName())
+				.filter((node) -> "simpleType".equals(node.simpleName())
 						&& "named-security-filter".equals(node.attribute("name")))
-				.flatMap(XmlNode::children).flatMap(XmlNode::children).map(node -> node.attribute("value"))
+				.flatMap(XmlNode::children).flatMap(XmlNode::children).map((node) -> node.attribute("value"))
 				.filter(StringUtils::isNotEmpty).collect(Collectors.toList());
 
 		assertThat(nodes).isEqualTo(expected);
@@ -129,11 +129,11 @@ public class XsdDocumentedTests {
 		Map<String, Element> elementsByElementName = this.xml.elementsByElementName(this.schemaDocumentLocation);
 
 		List<String> documentIds = Files.lines(Paths.get(this.referenceLocation))
-				.filter(line -> line.matches("\\[\\[(nsa-.*)\\]\\]")).map(line -> line.substring(2, line.length() - 2))
-				.collect(Collectors.toList());
+				.filter((line) -> line.matches("\\[\\[(nsa-.*)\\]\\]"))
+				.map((line) -> line.substring(2, line.length() - 2)).collect(Collectors.toList());
 
-		Set<String> expectedIds = elementsByElementName.values().stream().flatMap(element -> element.getIds().stream())
-				.collect(Collectors.toSet());
+		Set<String> expectedIds = elementsByElementName.values().stream()
+				.flatMap((element) -> element.getIds().stream()).collect(Collectors.toSet());
 
 		documentIds.removeAll(this.ignoredIds);
 		expectedIds.removeAll(this.ignoredIds);
@@ -179,7 +179,7 @@ public class XsdDocumentedTests {
 				String expression = "^\\* <<(nsa-.*),.*>>$";
 				if (line.matches(expression)) {
 					String elmtId = line.replaceAll(expression, "$1");
-					currentDocAttrNameToElmt.computeIfAbsent(docAttrName, key -> new ArrayList<>()).add(elmtId);
+					currentDocAttrNameToElmt.computeIfAbsent(docAttrName, (key) -> new ArrayList<>()).add(elmtId);
 				}
 			}
 		}
@@ -189,21 +189,21 @@ public class XsdDocumentedTests {
 		Map<String, List<String>> schemaAttrNameToChildren = new HashMap<>();
 		Map<String, List<String>> schemaAttrNameToParents = new HashMap<>();
 
-		elementNameToElement.entrySet().stream().forEach(entry -> {
+		elementNameToElement.entrySet().stream().forEach((entry) -> {
 			String key = "nsa-" + entry.getKey();
 			if (this.ignoredIds.contains(key)) {
 				return;
 			}
 
 			List<String> parentIds = entry.getValue().getAllParentElmts().values().stream()
-					.filter(element -> !this.ignoredIds.contains(element.getId())).map(element -> element.getId())
+					.filter((element) -> !this.ignoredIds.contains(element.getId())).map((element) -> element.getId())
 					.sorted().collect(Collectors.toList());
 			if (!parentIds.isEmpty()) {
 				schemaAttrNameToParents.put(key, parentIds);
 			}
 
 			List<String> childIds = entry.getValue().getAllChildElmts().values().stream()
-					.filter(element -> !this.ignoredIds.contains(element.getId())).map(element -> element.getId())
+					.filter((element) -> !this.ignoredIds.contains(element.getId())).map((element) -> element.getId())
 					.sorted().collect(Collectors.toList());
 			if (!childIds.isEmpty()) {
 				schemaAttrNameToChildren.put(key, childIds);
@@ -224,12 +224,14 @@ public class XsdDocumentedTests {
 		Map<String, Element> elementNameToElement = this.xml.elementsByElementName(this.schemaDocumentLocation);
 
 		String notDocElmtIds = elementNameToElement.values().stream()
-				.filter(element -> StringUtils.isEmpty(element.getDesc()) && !this.ignoredIds.contains(element.getId()))
-				.map(element -> element.getId()).sorted().collect(Collectors.joining("\n"));
+				.filter((element) -> StringUtils.isEmpty(element.getDesc())
+						&& !this.ignoredIds.contains(element.getId()))
+				.map((element) -> element.getId()).sorted().collect(Collectors.joining("\n"));
 
-		String notDocAttrIds = elementNameToElement.values().stream().flatMap(element -> element.getAttrs().stream())
-				.filter(element -> StringUtils.isEmpty(element.getDesc()) && !this.ignoredIds.contains(element.getId()))
-				.map(element -> element.getId()).sorted().collect(Collectors.joining("\n"));
+		String notDocAttrIds = elementNameToElement.values().stream().flatMap((element) -> element.getAttrs().stream())
+				.filter((element) -> StringUtils.isEmpty(element.getDesc())
+						&& !this.ignoredIds.contains(element.getId()))
+				.map((element) -> element.getId()).sorted().collect(Collectors.joining("\n"));
 
 		assertThat(notDocElmtIds).isEmpty();
 		assertThat(notDocAttrIds).isEmpty();
diff --git a/config/src/test/java/org/springframework/security/config/http/CsrfConfigTests.java b/config/src/test/java/org/springframework/security/config/http/CsrfConfigTests.java
index ac82eb3c93..0f3bc46d77 100644
--- a/config/src/test/java/org/springframework/security/config/http/CsrfConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/CsrfConfigTests.java
@@ -142,7 +142,7 @@ public class CsrfConfigTests {
 		this.spring.configLocations(this.xml("shared-controllers"), this.xml("AutoConfig")).autowire();
 
 		MockMvc traceEnabled = MockMvcBuilders.webAppContextSetup(this.spring.getContext()).apply(springSecurity())
-				.addDispatcherServletCustomizer(dispatcherServlet -> dispatcherServlet.setDispatchTraceRequest(true))
+				.addDispatcherServletCustomizer((dispatcherServlet) -> dispatcherServlet.setDispatchTraceRequest(true))
 				.build();
 
 		traceEnabled.perform(request(HttpMethod.TRACE, "/csrf-in-header")).andExpect(csrfInHeader());
@@ -219,7 +219,7 @@ public class CsrfConfigTests {
 		this.spring.configLocations(this.xml("shared-controllers"), this.xml("CsrfEnabled")).autowire();
 
 		MockMvc traceEnabled = MockMvcBuilders.webAppContextSetup(this.spring.getContext()).apply(springSecurity())
-				.addDispatcherServletCustomizer(dispatcherServlet -> dispatcherServlet.setDispatchTraceRequest(true))
+				.addDispatcherServletCustomizer((dispatcherServlet) -> dispatcherServlet.setDispatchTraceRequest(true))
 				.build();
 
 		traceEnabled.perform(request(HttpMethod.TRACE, "/csrf-in-header")).andExpect(csrfInHeader());
@@ -425,11 +425,11 @@ public class CsrfConfigTests {
 	}
 
 	ResultMatcher csrfInHeader() {
-		return new CsrfReturnedResultMatcher(result -> result.getResponse().getHeader("X-CSRF-TOKEN"));
+		return new CsrfReturnedResultMatcher((result) -> result.getResponse().getHeader("X-CSRF-TOKEN"));
 	}
 
 	ResultMatcher csrfInBody() {
-		return new CsrfReturnedResultMatcher(result -> result.getResponse().getContentAsString());
+		return new CsrfReturnedResultMatcher((result) -> result.getResponse().getContentAsString());
 	}
 
 	@Controller
diff --git a/config/src/test/java/org/springframework/security/config/http/HttpCorsConfigTests.java b/config/src/test/java/org/springframework/security/config/http/HttpCorsConfigTests.java
index 862cdd0613..3809b4f5a1 100644
--- a/config/src/test/java/org/springframework/security/config/http/HttpCorsConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/HttpCorsConfigTests.java
@@ -126,7 +126,7 @@ public class HttpCorsConfigTests {
 	}
 
 	private ResultMatcher corsResponseHeaders() {
-		return result -> {
+		return (result) -> {
 			header().exists("Access-Control-Allow-Origin").match(result);
 			header().exists("X-Content-Type-Options").match(result);
 		};
diff --git a/config/src/test/java/org/springframework/security/config/http/HttpHeadersConfigTests.java b/config/src/test/java/org/springframework/security/config/http/HttpHeadersConfigTests.java
index ecc0c86719..ef52dec747 100644
--- a/config/src/test/java/org/springframework/security/config/http/HttpHeadersConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/HttpHeadersConfigTests.java
@@ -659,7 +659,7 @@ public class HttpHeadersConfigTests {
 	}
 
 	private static ResultMatcher includes(Map<String, String> headers) {
-		return result -> {
+		return (result) -> {
 			for (Map.Entry<String, String> header : headers.entrySet()) {
 				header().string(header.getKey(), header.getValue()).match(result);
 			}
@@ -671,7 +671,7 @@ public class HttpHeadersConfigTests {
 	}
 
 	private static ResultMatcher excludes(Collection<String> headers) {
-		return result -> {
+		return (result) -> {
 			for (String name : headers) {
 				header().doesNotExist(name).match(result);
 			}
diff --git a/config/src/test/java/org/springframework/security/config/http/InterceptUrlConfigTests.java b/config/src/test/java/org/springframework/security/config/http/InterceptUrlConfigTests.java
index bc12def2ef..5a3860ddae 100644
--- a/config/src/test/java/org/springframework/security/config/http/InterceptUrlConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/InterceptUrlConfigTests.java
@@ -214,7 +214,7 @@ public class InterceptUrlConfigTests {
 		MockServletContext servletContext = spy(new MockServletContext());
 		final ServletRegistration registration = mock(ServletRegistration.class);
 		given(registration.getMappings()).willReturn(Collections.singleton(servletPath));
-		Answer<Map<String, ? extends ServletRegistration>> answer = invocation -> Collections.singletonMap("spring",
+		Answer<Map<String, ? extends ServletRegistration>> answer = (invocation) -> Collections.singletonMap("spring",
 				registration);
 		given(servletContext.getServletRegistrations()).willAnswer(answer);
 		return servletContext;
diff --git a/config/src/test/java/org/springframework/security/config/http/MiscHttpConfigTests.java b/config/src/test/java/org/springframework/security/config/http/MiscHttpConfigTests.java
index a1f99f4d41..d77ce6517e 100644
--- a/config/src/test/java/org/springframework/security/config/http/MiscHttpConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/MiscHttpConfigTests.java
@@ -340,7 +340,7 @@ public class MiscHttpConfigTests {
 
 		Class<?> userFilterClass = this.spring.getContext().getBean("userFilter").getClass();
 
-		assertThat(filters).extracting((Extractor<Filter, Class<?>>) filter -> filter.getClass()).containsSubsequence(
+		assertThat(filters).extracting((Extractor<Filter, Class<?>>) (filter) -> filter.getClass()).containsSubsequence(
 				userFilterClass, userFilterClass, SecurityContextPersistenceFilter.class, LogoutFilter.class,
 				userFilterClass);
 	}
@@ -355,7 +355,7 @@ public class MiscHttpConfigTests {
 	public void configureWhenUsingX509ThenAddsX509FilterCorrectly() {
 		this.spring.configLocations(xml("X509")).autowire();
 
-		assertThat(getFilters("/")).extracting((Extractor<Filter, Class<?>>) filter -> filter.getClass())
+		assertThat(getFilters("/")).extracting((Extractor<Filter, Class<?>>) (filter) -> filter.getClass())
 				.containsSubsequence(CsrfFilter.class, X509AuthenticationFilter.class,
 						ExceptionTranslationFilter.class);
 	}
@@ -384,7 +384,7 @@ public class MiscHttpConfigTests {
 
 		List<String> values = result.getResponse().getHeaders("Set-Cookie");
 		assertThat(values.size()).isEqualTo(2);
-		assertThat(values).extracting(value -> value.split("=")[0]).contains("JSESSIONID", "mycookie");
+		assertThat(values).extracting((value) -> value.split("=")[0]).contains("JSESSIONID", "mycookie");
 	}
 
 	@Test
@@ -587,7 +587,7 @@ public class MiscHttpConfigTests {
 		Principal user = mock(Principal.class);
 		given(user.getName()).willReturn("joe");
 
-		this.mvc.perform(get("/roles").principal(user).with(request -> {
+		this.mvc.perform(get("/roles").principal(user).with((request) -> {
 			request.addUserRole("admin");
 			request.addUserRole("user");
 			request.addUserRole("unmapped");
@@ -703,7 +703,7 @@ public class MiscHttpConfigTests {
 	}
 
 	private Answer<ILoggingEvent> writeTo(OutputStream os) {
-		return invocation -> {
+		return (invocation) -> {
 			os.write(invocation.getArgument(0).toString().getBytes());
 			return null;
 		};
diff --git a/config/src/test/java/org/springframework/security/config/http/OAuth2LoginBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/http/OAuth2LoginBeanDefinitionParserTests.java
index 295f0af89b..343c4d6469 100644
--- a/config/src/test/java/org/springframework/security/config/http/OAuth2LoginBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/OAuth2LoginBeanDefinitionParserTests.java
@@ -274,7 +274,7 @@ public class OAuth2LoginBeanDefinitionParserTests {
 		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse);
 
 		Jwt jwt = TestJwts.user();
-		given(this.jwtDecoderFactory.createDecoder(any())).willReturn(token -> jwt);
+		given(this.jwtDecoderFactory.createDecoder(any())).willReturn((token) -> jwt);
 
 		MultiValueMap<String, String> params = new LinkedMultiValueMap<>();
 		params.add("code", "code123");
@@ -331,7 +331,7 @@ public class OAuth2LoginBeanDefinitionParserTests {
 		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse);
 
 		Jwt jwt = TestJwts.user();
-		given(this.jwtDecoderFactory.createDecoder(any())).willReturn(token -> jwt);
+		given(this.jwtDecoderFactory.createDecoder(any())).willReturn((token) -> jwt);
 
 		given(this.userAuthoritiesMapper.mapAuthorities(any()))
 				.willReturn((Collection) AuthorityUtils.createAuthorityList("ROLE_OIDC_USER"));
diff --git a/config/src/test/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParserTests.java
index 6e88114297..aa233653b1 100644
--- a/config/src/test/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParserTests.java
@@ -678,7 +678,7 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 		AuthenticationManagerResolver<HttpServletRequest> authenticationManagerResolver = this.spring.getContext()
 				.getBean(AuthenticationManagerResolver.class);
 		given(authenticationManagerResolver.resolve(any(HttpServletRequest.class))).willReturn(
-				authentication -> new JwtAuthenticationToken(TestJwts.jwt().build(), Collections.emptyList()));
+				(authentication) -> new JwtAuthenticationToken(TestJwts.jwt().build(), Collections.emptyList()));
 
 		this.mvc.perform(get("/").header("Authorization", "Bearer token")).andExpect(status().isNotFound());
 
diff --git a/config/src/test/java/org/springframework/security/config/http/OpenIDConfigTests.java b/config/src/test/java/org/springframework/security/config/http/OpenIDConfigTests.java
index 93b754c02c..3de4472b57 100644
--- a/config/src/test/java/org/springframework/security/config/http/OpenIDConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/OpenIDConfigTests.java
@@ -118,7 +118,7 @@ public class OpenIDConfigTests {
 
 		OpenIDConsumer consumer = mock(OpenIDConsumer.class);
 		given(consumer.beginConsumption(any(HttpServletRequest.class), anyString(), anyString(), anyString()))
-				.will(invocation -> openIdEndpointUrl + invocation.getArgument(2));
+				.will((invocation) -> openIdEndpointUrl + invocation.getArgument(2));
 		openIDFilter.setConsumer(consumer);
 
 		String expectedReturnTo = new StringBuilder("http://localhost/login/openid").append("?")
@@ -155,7 +155,7 @@ public class OpenIDConfigTests {
 			this.mvc.perform(
 					get("/login/openid").param(OpenIDAuthenticationFilter.DEFAULT_CLAIMED_IDENTITY_FIELD, endpoint))
 					.andExpect(status().isFound())
-					.andExpect(result -> result.getResponse().getRedirectedUrl().endsWith(
+					.andExpect((result) -> result.getResponse().getRedirectedUrl().endsWith(
 							"openid.ext1.type.nickname=http%3A%2F%2Fschema.openid.net%2FnamePerson%2Ffriendly&"
 									+ "openid.ext1.if_available=nickname&"
 									+ "openid.ext1.type.email=http%3A%2F%2Fschema.openid.net%2Fcontact%2Femail&"
diff --git a/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigTests.java b/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigTests.java
index 6a81001b45..19f7b33547 100644
--- a/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigTests.java
@@ -378,7 +378,7 @@ public class SessionManagementConfigTests {
 
 		this.spring.configLocations(this.xml("SessionFixationProtectionNoneWithInvalidSessionUrl")).autowire();
 
-		this.mvc.perform(get("/auth").with(request -> {
+		this.mvc.perform(get("/auth").with((request) -> {
 			request.setRequestedSessionId("1");
 			request.setRequestedSessionIdValid(false);
 			return request;
diff --git a/config/src/test/java/org/springframework/security/config/web/server/AuthorizeExchangeSpecTests.java b/config/src/test/java/org/springframework/security/config/web/server/AuthorizeExchangeSpecTests.java
index c1bb20ae3d..1fec30b4fc 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/AuthorizeExchangeSpecTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/AuthorizeExchangeSpecTests.java
@@ -64,8 +64,8 @@ public class AuthorizeExchangeSpecTests {
 
 	@Test
 	public void antMatchersWhenPatternsInLambdaThenAnyMethod() {
-		this.http.csrf(ServerHttpSecurity.CsrfSpec::disable)
-				.authorizeExchange(exchanges -> exchanges.pathMatchers("/a", "/b").denyAll().anyExchange().permitAll());
+		this.http.csrf(ServerHttpSecurity.CsrfSpec::disable).authorizeExchange(
+				(exchanges) -> exchanges.pathMatchers("/a", "/b").denyAll().anyExchange().permitAll());
 
 		WebTestClient client = buildClient();
 
@@ -97,7 +97,7 @@ public class AuthorizeExchangeSpecTests {
 
 	@Test(expected = IllegalStateException.class)
 	public void buildWhenMatcherDefinedWithNoAccessInLambdaThenThrowsException() {
-		this.http.authorizeExchange(exchanges -> exchanges.pathMatchers("/incomplete"));
+		this.http.authorizeExchange((exchanges) -> exchanges.pathMatchers("/incomplete"));
 		this.http.build();
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/web/server/CorsSpecTests.java b/config/src/test/java/org/springframework/security/config/web/server/CorsSpecTests.java
index 9bec73e8bd..33e1d2e9c0 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/CorsSpecTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/CorsSpecTests.java
@@ -78,7 +78,7 @@ public class CorsSpecTests {
 
 	@Test
 	public void corsWhenEnabledInLambdaThenAccessControlAllowOriginAndSecurityHeaders() {
-		this.http.cors(cors -> cors.configurationSource(this.source));
+		this.http.cors((cors) -> cors.configurationSource(this.source));
 		this.expectedHeaders.set("Access-Control-Allow-Origin", "*");
 		this.expectedHeaders.set("X-Frame-Options", "DENY");
 		assertHeaders();
@@ -104,7 +104,7 @@ public class CorsSpecTests {
 	private void assertHeaders() {
 		WebTestClient client = buildClient();
 		FluxExchangeResult<String> response = client.get().uri("https://example.com/")
-				.headers(h -> h.setOrigin("https://origin.example.com")).exchange().returnResult(String.class);
+				.headers((h) -> h.setOrigin("https://origin.example.com")).exchange().returnResult(String.class);
 
 		Map<String, List<String>> responseHeaders = response.getResponseHeaders();
 
diff --git a/config/src/test/java/org/springframework/security/config/web/server/ExceptionHandlingSpecTests.java b/config/src/test/java/org/springframework/security/config/web/server/ExceptionHandlingSpecTests.java
index edad325b3c..470536e558 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/ExceptionHandlingSpecTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/ExceptionHandlingSpecTests.java
@@ -52,7 +52,7 @@ public class ExceptionHandlingSpecTests {
 	@Test
 	public void requestWhenExceptionHandlingWithDefaultsInLambdaThenDefaultAuthenticationEntryPointUsed() {
 		SecurityWebFilterChain securityWebFilter = this.http
-				.authorizeExchange(exchanges -> exchanges.anyExchange().authenticated())
+				.authorizeExchange((exchanges) -> exchanges.anyExchange().authenticated())
 				.exceptionHandling(withDefaults()).build();
 
 		WebTestClient client = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build();
@@ -75,8 +75,8 @@ public class ExceptionHandlingSpecTests {
 	@Test
 	public void requestWhenCustomAuthenticationEntryPointInLambdaThenCustomAuthenticationEntryPointUsed() {
 		SecurityWebFilterChain securityWebFilter = this.http
-				.authorizeExchange(exchanges -> exchanges.anyExchange().authenticated())
-				.exceptionHandling(exceptionHandling -> exceptionHandling
+				.authorizeExchange((exchanges) -> exchanges.anyExchange().authenticated())
+				.exceptionHandling((exceptionHandling) -> exceptionHandling
 						.authenticationEntryPoint(redirectServerAuthenticationEntryPoint("/auth")))
 				.build();
 
@@ -92,19 +92,19 @@ public class ExceptionHandlingSpecTests {
 
 		WebTestClient client = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build();
 
-		client.get().uri("/admin").headers(headers -> headers.setBasicAuth("user", "password")).exchange()
+		client.get().uri("/admin").headers((headers) -> headers.setBasicAuth("user", "password")).exchange()
 				.expectStatus().isForbidden();
 	}
 
 	@Test
 	public void requestWhenExceptionHandlingWithDefaultsInLambdaThenDefaultAccessDeniedHandlerUsed() {
 		SecurityWebFilterChain securityWebFilter = this.http.httpBasic(withDefaults())
-				.authorizeExchange(exchanges -> exchanges.anyExchange().hasRole("ADMIN"))
+				.authorizeExchange((exchanges) -> exchanges.anyExchange().hasRole("ADMIN"))
 				.exceptionHandling(withDefaults()).build();
 
 		WebTestClient client = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build();
 
-		client.get().uri("/admin").headers(headers -> headers.setBasicAuth("user", "password")).exchange()
+		client.get().uri("/admin").headers((headers) -> headers.setBasicAuth("user", "password")).exchange()
 				.expectStatus().isForbidden();
 	}
 
@@ -116,21 +116,21 @@ public class ExceptionHandlingSpecTests {
 
 		WebTestClient client = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build();
 
-		client.get().uri("/admin").headers(headers -> headers.setBasicAuth("user", "password")).exchange()
+		client.get().uri("/admin").headers((headers) -> headers.setBasicAuth("user", "password")).exchange()
 				.expectStatus().isBadRequest();
 	}
 
 	@Test
 	public void requestWhenCustomAccessDeniedHandlerInLambdaThenCustomAccessDeniedHandlerUsed() {
 		SecurityWebFilterChain securityWebFilter = this.http.httpBasic(withDefaults())
-				.authorizeExchange(exchanges -> exchanges.anyExchange().hasRole("ADMIN"))
-				.exceptionHandling(exceptionHandling -> exceptionHandling
+				.authorizeExchange((exchanges) -> exchanges.anyExchange().hasRole("ADMIN"))
+				.exceptionHandling((exceptionHandling) -> exceptionHandling
 						.accessDeniedHandler(httpStatusServerAccessDeniedHandler(HttpStatus.BAD_REQUEST)))
 				.build();
 
 		WebTestClient client = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build();
 
-		client.get().uri("/admin").headers(headers -> headers.setBasicAuth("user", "password")).exchange()
+		client.get().uri("/admin").headers((headers) -> headers.setBasicAuth("user", "password")).exchange()
 				.expectStatus().isBadRequest();
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/web/server/FormLoginTests.java b/config/src/test/java/org/springframework/security/config/web/server/FormLoginTests.java
index cdda790028..791d064c70 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/FormLoginTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/FormLoginTests.java
@@ -92,7 +92,7 @@ public class FormLoginTests {
 	@Test
 	public void formLoginWhenDefaultsInLambdaThenCreatesDefaultLoginPage() {
 		SecurityWebFilterChain securityWebFilter = this.http
-				.authorizeExchange(exchanges -> exchanges.anyExchange().authenticated()).formLogin(withDefaults())
+				.authorizeExchange((exchanges) -> exchanges.anyExchange().authenticated()).formLogin(withDefaults())
 				.build();
 
 		WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build();
@@ -135,8 +135,8 @@ public class FormLoginTests {
 	public void formLoginWhenCustomLoginPageInLambdaThenUsed() {
 		SecurityWebFilterChain securityWebFilter = this.http
 				.authorizeExchange(
-						exchanges -> exchanges.pathMatchers("/login").permitAll().anyExchange().authenticated())
-				.formLogin(formLogin -> formLogin.loginPage("/login")).build();
+						(exchanges) -> exchanges.pathMatchers("/login").permitAll().anyExchange().authenticated())
+				.formLogin((formLogin) -> formLogin.loginPage("/login")).build();
 
 		WebTestClient webTestClient = WebTestClient
 				.bindToController(new CustomLoginPageController(), new WebTestClientBuilder.Http200RestController())
@@ -479,7 +479,7 @@ public class FormLoginTests {
 		@GetMapping("/login")
 		public Mono<String> login(ServerWebExchange exchange) {
 			Mono<CsrfToken> token = exchange.getAttributeOrDefault(CsrfToken.class.getName(), Mono.empty());
-			return token.map(t -> "<!DOCTYPE html>\n" + "<html lang=\"en\">\n" + "  <head>\n"
+			return token.map((t) -> "<!DOCTYPE html>\n" + "<html lang=\"en\">\n" + "  <head>\n"
 					+ "    <meta charset=\"utf-8\">\n"
 					+ "    <meta name=\"viewport\" content=\"width=device-width, initial-scale=1, shrink-to-fit=no\">\n"
 					+ "    <meta name=\"description\" content=\"\">\n" + "    <meta name=\"author\" content=\"\">\n"
diff --git a/config/src/test/java/org/springframework/security/config/web/server/HeaderSpecTests.java b/config/src/test/java/org/springframework/security/config/web/server/HeaderSpecTests.java
index 5608941875..746da35e23 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/HeaderSpecTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/HeaderSpecTests.java
@@ -87,7 +87,7 @@ public class HeaderSpecTests {
 	public void headersWhenDisableInLambdaThenNoSecurityHeaders() {
 		new HashSet<>(this.expectedHeaders.keySet()).forEach(this::expectHeaderNamesNotPresent);
 
-		this.http.headers(headers -> headers.disable());
+		this.http.headers((headers) -> headers.disable());
 
 		assertHeaders();
 	}
@@ -124,7 +124,7 @@ public class HeaderSpecTests {
 	@Test
 	public void headersWhenCacheDisableInLambdaThenCacheNotWritten() {
 		expectHeaderNamesNotPresent(HttpHeaders.CACHE_CONTROL, HttpHeaders.PRAGMA, HttpHeaders.EXPIRES);
-		this.http.headers(headers -> headers.cache(cache -> cache.disable()));
+		this.http.headers((headers) -> headers.cache((cache) -> cache.disable()));
 
 		assertHeaders();
 	}
@@ -140,7 +140,8 @@ public class HeaderSpecTests {
 	@Test
 	public void headersWhenContentOptionsDisableInLambdaThenContentTypeOptionsNotWritten() {
 		expectHeaderNamesNotPresent(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS);
-		this.http.headers(headers -> headers.contentTypeOptions(contentTypeOptions -> contentTypeOptions.disable()));
+		this.http
+				.headers((headers) -> headers.contentTypeOptions((contentTypeOptions) -> contentTypeOptions.disable()));
 
 		assertHeaders();
 	}
@@ -156,7 +157,7 @@ public class HeaderSpecTests {
 	@Test
 	public void headersWhenHstsDisableInLambdaThenHstsNotWritten() {
 		expectHeaderNamesNotPresent(StrictTransportSecurityServerHttpHeadersWriter.STRICT_TRANSPORT_SECURITY);
-		this.http.headers(headers -> headers.hsts(hsts -> hsts.disable()));
+		this.http.headers((headers) -> headers.hsts((hsts) -> hsts.disable()));
 
 		assertHeaders();
 	}
@@ -176,8 +177,8 @@ public class HeaderSpecTests {
 		this.expectedHeaders.remove(StrictTransportSecurityServerHttpHeadersWriter.STRICT_TRANSPORT_SECURITY);
 		this.expectedHeaders.add(StrictTransportSecurityServerHttpHeadersWriter.STRICT_TRANSPORT_SECURITY,
 				"max-age=60");
-		this.http
-				.headers(headers -> headers.hsts(hsts -> hsts.maxAge(Duration.ofSeconds(60)).includeSubdomains(false)));
+		this.http.headers(
+				(headers) -> headers.hsts((hsts) -> hsts.maxAge(Duration.ofSeconds(60)).includeSubdomains(false)));
 
 		assertHeaders();
 	}
@@ -197,7 +198,7 @@ public class HeaderSpecTests {
 		this.expectedHeaders.remove(StrictTransportSecurityServerHttpHeadersWriter.STRICT_TRANSPORT_SECURITY);
 		this.expectedHeaders.add(StrictTransportSecurityServerHttpHeadersWriter.STRICT_TRANSPORT_SECURITY,
 				"max-age=60 ; includeSubDomains ; preload");
-		this.http.headers(headers -> headers.hsts(hsts -> hsts.maxAge(Duration.ofSeconds(60)).preload(true)));
+		this.http.headers((headers) -> headers.hsts((hsts) -> hsts.maxAge(Duration.ofSeconds(60)).preload(true)));
 
 		assertHeaders();
 	}
@@ -213,7 +214,7 @@ public class HeaderSpecTests {
 	@Test
 	public void headersWhenFrameOptionsDisableInLambdaThenFrameOptionsNotWritten() {
 		expectHeaderNamesNotPresent(XFrameOptionsServerHttpHeadersWriter.X_FRAME_OPTIONS);
-		this.http.headers(headers -> headers.frameOptions(frameOptions -> frameOptions.disable()));
+		this.http.headers((headers) -> headers.frameOptions((frameOptions) -> frameOptions.disable()));
 
 		assertHeaders();
 	}
@@ -229,8 +230,8 @@ public class HeaderSpecTests {
 	@Test
 	public void headersWhenFrameOptionsModeInLambdaThenFrameOptionsCustomMode() {
 		this.expectedHeaders.set(XFrameOptionsServerHttpHeadersWriter.X_FRAME_OPTIONS, "SAMEORIGIN");
-		this.http.headers(headers -> headers
-				.frameOptions(frameOptions -> frameOptions.mode(XFrameOptionsServerHttpHeadersWriter.Mode.SAMEORIGIN)));
+		this.http.headers((headers) -> headers.frameOptions(
+				(frameOptions) -> frameOptions.mode(XFrameOptionsServerHttpHeadersWriter.Mode.SAMEORIGIN)));
 
 		assertHeaders();
 	}
@@ -246,7 +247,7 @@ public class HeaderSpecTests {
 	@Test
 	public void headersWhenXssProtectionDisableInLambdaThenXssProtectionNotWritten() {
 		expectHeaderNamesNotPresent("X-Xss-Protection");
-		this.http.headers(headers -> headers.xssProtection(xssProtection -> xssProtection.disable()));
+		this.http.headers((headers) -> headers.xssProtection((xssProtection) -> xssProtection.disable()));
 
 		assertHeaders();
 	}
@@ -278,7 +279,7 @@ public class HeaderSpecTests {
 		this.expectedHeaders.add(ContentSecurityPolicyServerHttpHeadersWriter.CONTENT_SECURITY_POLICY,
 				expectedPolicyDirectives);
 
-		this.http.headers(headers -> headers.contentSecurityPolicy(withDefaults()));
+		this.http.headers((headers) -> headers.contentSecurityPolicy(withDefaults()));
 
 		assertHeaders();
 	}
@@ -289,8 +290,8 @@ public class HeaderSpecTests {
 		this.expectedHeaders.add(ContentSecurityPolicyServerHttpHeadersWriter.CONTENT_SECURITY_POLICY,
 				policyDirectives);
 
-		this.http.headers(headers -> headers.contentSecurityPolicy(
-				contentSecurityPolicy -> contentSecurityPolicy.policyDirectives(policyDirectives)));
+		this.http.headers((headers) -> headers.contentSecurityPolicy(
+				(contentSecurityPolicy) -> contentSecurityPolicy.policyDirectives(policyDirectives)));
 
 		assertHeaders();
 	}
@@ -308,7 +309,7 @@ public class HeaderSpecTests {
 	public void headersWhenReferrerPolicyEnabledInLambdaThenReferrerPolicyWritten() {
 		this.expectedHeaders.add(ReferrerPolicyServerHttpHeadersWriter.REFERRER_POLICY,
 				ReferrerPolicy.NO_REFERRER.getPolicy());
-		this.http.headers(headers -> headers.referrerPolicy(withDefaults()));
+		this.http.headers((headers) -> headers.referrerPolicy(withDefaults()));
 
 		assertHeaders();
 	}
@@ -326,8 +327,8 @@ public class HeaderSpecTests {
 	public void headersWhenReferrerPolicyCustomEnabledInLambdaThenCustomReferrerPolicyWritten() {
 		this.expectedHeaders.add(ReferrerPolicyServerHttpHeadersWriter.REFERRER_POLICY,
 				ReferrerPolicy.NO_REFERRER_WHEN_DOWNGRADE.getPolicy());
-		this.http.headers(headers -> headers
-				.referrerPolicy(referrerPolicy -> referrerPolicy.policy(ReferrerPolicy.NO_REFERRER_WHEN_DOWNGRADE)));
+		this.http.headers((headers) -> headers
+				.referrerPolicy((referrerPolicy) -> referrerPolicy.policy(ReferrerPolicy.NO_REFERRER_WHEN_DOWNGRADE)));
 
 		assertHeaders();
 	}
@@ -335,8 +336,8 @@ public class HeaderSpecTests {
 	@Test
 	public void headersWhenCustomHeadersWriter() {
 		this.expectedHeaders.add(CUSTOM_HEADER, CUSTOM_VALUE);
-		this.http.headers(headers -> headers.writer(exchange -> {
-			return Mono.just(exchange).doOnNext(it -> {
+		this.http.headers((headers) -> headers.writer((exchange) -> {
+			return Mono.just(exchange).doOnNext((it) -> {
 				it.getResponse().getHeaders().add(CUSTOM_HEADER, CUSTOM_VALUE);
 			}).then();
 
diff --git a/config/src/test/java/org/springframework/security/config/web/server/HttpsRedirectSpecTests.java b/config/src/test/java/org/springframework/security/config/web/server/HttpsRedirectSpecTests.java
index 71583b5a6c..bd1c597808 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/HttpsRedirectSpecTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/HttpsRedirectSpecTests.java
@@ -174,7 +174,7 @@ public class HttpsRedirectSpecTests {
 		SecurityWebFilterChain springSecurity(ServerHttpSecurity http) {
 			// @formatter:off
 			http
-				.redirectToHttps(redirectToHttps ->
+				.redirectToHttps((redirectToHttps) ->
 					redirectToHttps
 						.httpsRedirectWhen(new PathPatternParserServerWebExchangeMatcher("/secure"))
 				);
@@ -215,7 +215,7 @@ public class HttpsRedirectSpecTests {
 		SecurityWebFilterChain springSecurity(ServerHttpSecurity http) {
 			// @formatter:off
 			http
-				.redirectToHttps(redirectToHttps ->
+				.redirectToHttps((redirectToHttps) ->
 					redirectToHttps
 						.portMapper(portMapper())
 				);
diff --git a/config/src/test/java/org/springframework/security/config/web/server/LogoutSpecTests.java b/config/src/test/java/org/springframework/security/config/web/server/LogoutSpecTests.java
index 3beabcc3af..7f4b247184 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/LogoutSpecTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/LogoutSpecTests.java
@@ -91,9 +91,9 @@ public class LogoutSpecTests {
 	@Test
 	public void logoutWhenCustomLogoutInLambdaThenCustomLogoutUsed() {
 		SecurityWebFilterChain securityWebFilter = this.http
-				.authorizeExchange(authorizeExchange -> authorizeExchange.anyExchange().authenticated())
+				.authorizeExchange((authorizeExchange) -> authorizeExchange.anyExchange().authenticated())
 				.formLogin(withDefaults())
-				.logout(logout -> logout.requiresLogout(ServerWebExchangeMatchers.pathMatchers("/custom-logout")))
+				.logout((logout) -> logout.requiresLogout(ServerWebExchangeMatchers.pathMatchers("/custom-logout")))
 				.build();
 
 		WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build();
diff --git a/config/src/test/java/org/springframework/security/config/web/server/OAuth2ClientSpecTests.java b/config/src/test/java/org/springframework/security/config/web/server/OAuth2ClientSpecTests.java
index cf7ef9d962..2392649dd4 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/OAuth2ClientSpecTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/OAuth2ClientSpecTests.java
@@ -144,7 +144,7 @@ public class OAuth2ClientSpecTests {
 		given(requestCache.getRedirectUri(any())).willReturn(Mono.just(URI.create("/saved-request")));
 
 		this.client.get()
-				.uri(uriBuilder -> uriBuilder.path("/authorize/oauth2/code/registration-id")
+				.uri((uriBuilder) -> uriBuilder.path("/authorize/oauth2/code/registration-id")
 						.queryParam(OAuth2ParameterNames.CODE, "code").queryParam(OAuth2ParameterNames.STATE, "state")
 						.build())
 				.exchange().expectStatus().is3xxRedirection();
@@ -185,7 +185,7 @@ public class OAuth2ClientSpecTests {
 		given(requestCache.getRedirectUri(any())).willReturn(Mono.just(URI.create("/saved-request")));
 
 		this.client.get()
-				.uri(uriBuilder -> uriBuilder.path("/authorize/oauth2/code/registration-id")
+				.uri((uriBuilder) -> uriBuilder.path("/authorize/oauth2/code/registration-id")
 						.queryParam(OAuth2ParameterNames.CODE, "code").queryParam(OAuth2ParameterNames.STATE, "state")
 						.build())
 				.exchange().expectStatus().is3xxRedirection();
@@ -264,7 +264,7 @@ public class OAuth2ClientSpecTests {
 					.authenticationManager(this.manager)
 					.authorizationRequestRepository(this.authorizationRequestRepository)
 					.and()
-				.requestCache(c -> c.requestCache(this.requestCache));
+				.requestCache((c) -> c.requestCache(this.requestCache));
 			// @formatter:on
 			return http.build();
 		}
@@ -287,12 +287,12 @@ public class OAuth2ClientSpecTests {
 		public SecurityWebFilterChain springSecurityFilter(ServerHttpSecurity http) {
 			// @formatter:off
 			http
-				.oauth2Client(oauth2Client ->
+				.oauth2Client((oauth2Client) ->
 					oauth2Client
 						.authenticationConverter(this.authenticationConverter)
 						.authenticationManager(this.manager)
 						.authorizationRequestRepository(this.authorizationRequestRepository))
-				.requestCache(c -> c.requestCache(this.requestCache));
+				.requestCache((c) -> c.requestCache(this.requestCache));
 			// @formatter:on
 			return http.build();
 		}
diff --git a/config/src/test/java/org/springframework/security/config/web/server/OAuth2LoginTests.java b/config/src/test/java/org/springframework/security/config/web/server/OAuth2LoginTests.java
index 428739a1af..ad3da58441 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/OAuth2LoginTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/OAuth2LoginTests.java
@@ -226,7 +226,7 @@ public class OAuth2LoginTests {
 		given(manager.authenticate(any())).willReturn(Mono.just(result));
 		given(matcher.matches(any())).willReturn(ServerWebExchangeMatcher.MatchResult.match());
 		given(resolver.resolve(any())).willReturn(Mono.empty());
-		given(successHandler.onAuthenticationSuccess(any(), any())).willAnswer((Answer<Mono<Void>>) invocation -> {
+		given(successHandler.onAuthenticationSuccess(any(), any())).willAnswer((Answer<Mono<Void>>) (invocation) -> {
 			WebFilterExchange webFilterExchange = invocation.getArgument(0);
 			Authentication authentication = invocation.getArgument(1);
 
@@ -268,14 +268,14 @@ public class OAuth2LoginTests {
 				.willReturn(Mono.error(new OAuth2AuthenticationException(new OAuth2Error("error"), "message")));
 		given(matcher.matches(any())).willReturn(ServerWebExchangeMatcher.MatchResult.match());
 		given(resolver.resolve(any())).willReturn(Mono.empty());
-		given(successHandler.onAuthenticationSuccess(any(), any())).willAnswer((Answer<Mono<Void>>) invocation -> {
+		given(successHandler.onAuthenticationSuccess(any(), any())).willAnswer((Answer<Mono<Void>>) (invocation) -> {
 			WebFilterExchange webFilterExchange = invocation.getArgument(0);
 			Authentication authentication = invocation.getArgument(1);
 
 			return new RedirectServerAuthenticationSuccessHandler(redirectLocation)
 					.onAuthenticationSuccess(webFilterExchange, authentication);
 		});
-		given(failureHandler.onAuthenticationFailure(any(), any())).willAnswer((Answer<Mono<Void>>) invocation -> {
+		given(failureHandler.onAuthenticationFailure(any(), any())).willAnswer((Answer<Mono<Void>>) (invocation) -> {
 			WebFilterExchange webFilterExchange = invocation.getArgument(0);
 			AuthenticationException authenticationException = invocation.getArgument(1);
 
@@ -321,7 +321,7 @@ public class OAuth2LoginTests {
 		given(manager.authenticate(any())).willReturn(Mono.just(result));
 		given(matcher.matches(any())).willReturn(ServerWebExchangeMatcher.MatchResult.match());
 		given(resolver.resolve(any())).willReturn(Mono.empty());
-		given(successHandler.onAuthenticationSuccess(any(), any())).willAnswer((Answer<Mono<Void>>) invocation -> {
+		given(successHandler.onAuthenticationSuccess(any(), any())).willAnswer((Answer<Mono<Void>>) (invocation) -> {
 			WebFilterExchange webFilterExchange = invocation.getArgument(0);
 			Authentication authentication = invocation.getArgument(1);
 
@@ -442,7 +442,7 @@ public class OAuth2LoginTests {
 
 		ReactiveJwtDecoderFactory<ClientRegistration> jwtDecoderFactory = config.jwtDecoderFactory;
 		OAuth2Error oauth2Error = new OAuth2Error("invalid_id_token", "Invalid ID Token", null);
-		given(jwtDecoderFactory.createDecoder(any())).willReturn(token -> Mono
+		given(jwtDecoderFactory.createDecoder(any())).willReturn((token) -> Mono
 				.error(new JwtValidationException("ID Token validation failed", Collections.singleton(oauth2Error))));
 
 		webTestClient.get().uri("/login/oauth2/code/google").exchange().expectStatus().is3xxRedirection().expectHeader()
@@ -602,11 +602,11 @@ public class OAuth2LoginTests {
 		public SecurityWebFilterChain springSecurityFilter(ServerHttpSecurity http) {
 			// @formatter:off
 			http
-				.authorizeExchange(exchanges ->
+				.authorizeExchange((exchanges) ->
 					exchanges
 						.anyExchange().authenticated()
 				)
-				.oauth2Login(oauth2Login ->
+				.oauth2Login((oauth2Login) ->
 					oauth2Login
 						.authenticationConverter(this.authenticationConverter)
 						.authenticationManager(this.manager)
@@ -674,13 +674,13 @@ public class OAuth2LoginTests {
 			}
 
 			private ReactiveJwtDecoder getJwtDecoder() {
-				return token -> {
+				return (token) -> {
 					Map<String, Object> claims = new HashMap<>();
 					claims.put(IdTokenClaimNames.SUB, "subject");
 					claims.put(IdTokenClaimNames.ISS, "http://localhost/issuer");
 					claims.put(IdTokenClaimNames.AUD, Collections.singletonList("client"));
 					claims.put(IdTokenClaimNames.AZP, "client");
-					Jwt jwt = TestJwts.jwt().claims(c -> c.putAll(claims)).build();
+					Jwt jwt = TestJwts.jwt().claims((c) -> c.putAll(claims)).build();
 					return Mono.just(jwt);
 				};
 			}
diff --git a/config/src/test/java/org/springframework/security/config/web/server/OAuth2ResourceServerSpecTests.java b/config/src/test/java/org/springframework/security/config/web/server/OAuth2ResourceServerSpecTests.java
index 3f01bf9d14..019ced220c 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/OAuth2ResourceServerSpecTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/OAuth2ResourceServerSpecTests.java
@@ -135,7 +135,7 @@ public class OAuth2ResourceServerSpecTests {
 	public void getWhenValidThenReturnsOk() {
 		this.spring.register(PublicKeyConfig.class, RootController.class).autowire();
 
-		this.client.get().headers(headers -> headers.setBearerAuth(this.messageReadToken)).exchange().expectStatus()
+		this.client.get().headers((headers) -> headers.setBearerAuth(this.messageReadToken)).exchange().expectStatus()
 				.isOk();
 	}
 
@@ -143,7 +143,7 @@ public class OAuth2ResourceServerSpecTests {
 	public void getWhenExpiredThenReturnsInvalidToken() {
 		this.spring.register(PublicKeyConfig.class).autowire();
 
-		this.client.get().headers(headers -> headers.setBearerAuth(this.expired)).exchange().expectStatus()
+		this.client.get().headers((headers) -> headers.setBearerAuth(this.expired)).exchange().expectStatus()
 				.isUnauthorized().expectHeader()
 				.value(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer error=\"invalid_token\""));
 	}
@@ -152,7 +152,7 @@ public class OAuth2ResourceServerSpecTests {
 	public void getWhenUnsignedThenReturnsInvalidToken() {
 		this.spring.register(PublicKeyConfig.class).autowire();
 
-		this.client.get().headers(headers -> headers.setBearerAuth(this.unsignedToken)).exchange().expectStatus()
+		this.client.get().headers((headers) -> headers.setBearerAuth(this.unsignedToken)).exchange().expectStatus()
 				.isUnauthorized().expectHeader()
 				.value(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer error=\"invalid_token\""));
 	}
@@ -161,7 +161,7 @@ public class OAuth2ResourceServerSpecTests {
 	public void getWhenEmptyBearerTokenThenReturnsInvalidToken() {
 		this.spring.register(PublicKeyConfig.class).autowire();
 
-		this.client.get().headers(headers -> headers.add("Authorization", "Bearer ")).exchange().expectStatus()
+		this.client.get().headers((headers) -> headers.add("Authorization", "Bearer ")).exchange().expectStatus()
 				.isUnauthorized().expectHeader()
 				.value(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer error=\"invalid_token\""));
 	}
@@ -170,7 +170,7 @@ public class OAuth2ResourceServerSpecTests {
 	public void getWhenValidTokenAndPublicKeyInLambdaThenReturnsOk() {
 		this.spring.register(PublicKeyInLambdaConfig.class, RootController.class).autowire();
 
-		this.client.get().headers(headers -> headers.setBearerAuth(this.messageReadToken)).exchange().expectStatus()
+		this.client.get().headers((headers) -> headers.setBearerAuth(this.messageReadToken)).exchange().expectStatus()
 				.isOk();
 	}
 
@@ -178,7 +178,7 @@ public class OAuth2ResourceServerSpecTests {
 	public void getWhenExpiredTokenAndPublicKeyInLambdaThenReturnsInvalidToken() {
 		this.spring.register(PublicKeyInLambdaConfig.class).autowire();
 
-		this.client.get().headers(headers -> headers.setBearerAuth(this.expired)).exchange().expectStatus()
+		this.client.get().headers((headers) -> headers.setBearerAuth(this.expired)).exchange().expectStatus()
 				.isUnauthorized().expectHeader()
 				.value(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer error=\"invalid_token\""));
 	}
@@ -187,7 +187,7 @@ public class OAuth2ResourceServerSpecTests {
 	public void getWhenValidUsingPlaceholderThenReturnsOk() {
 		this.spring.register(PlaceholderConfig.class, RootController.class).autowire();
 
-		this.client.get().headers(headers -> headers.setBearerAuth(this.messageReadToken)).exchange().expectStatus()
+		this.client.get().headers((headers) -> headers.setBearerAuth(this.messageReadToken)).exchange().expectStatus()
 				.isOk();
 	}
 
@@ -198,7 +198,7 @@ public class OAuth2ResourceServerSpecTests {
 		ReactiveJwtDecoder jwtDecoder = this.spring.getContext().getBean(ReactiveJwtDecoder.class);
 		given(jwtDecoder.decode(anyString())).willReturn(Mono.just(this.jwt));
 
-		this.client.get().headers(headers -> headers.setBearerAuth("token")).exchange().expectStatus().isOk();
+		this.client.get().headers((headers) -> headers.setBearerAuth("token")).exchange().expectStatus().isOk();
 
 		verify(jwtDecoder).decode(anyString());
 	}
@@ -210,7 +210,7 @@ public class OAuth2ResourceServerSpecTests {
 		MockWebServer mockWebServer = this.spring.getContext().getBean(MockWebServer.class);
 		mockWebServer.enqueue(new MockResponse().setBody(this.jwkSet));
 
-		this.client.get().headers(headers -> headers.setBearerAuth(this.messageReadTokenWithKid)).exchange()
+		this.client.get().headers((headers) -> headers.setBearerAuth(this.messageReadTokenWithKid)).exchange()
 				.expectStatus().isOk();
 	}
 
@@ -221,7 +221,7 @@ public class OAuth2ResourceServerSpecTests {
 		MockWebServer mockWebServer = this.spring.getContext().getBean(MockWebServer.class);
 		mockWebServer.enqueue(new MockResponse().setBody(this.jwkSet));
 
-		this.client.get().headers(headers -> headers.setBearerAuth(this.messageReadTokenWithKid)).exchange()
+		this.client.get().headers((headers) -> headers.setBearerAuth(this.messageReadTokenWithKid)).exchange()
 				.expectStatus().isOk();
 	}
 
@@ -234,7 +234,7 @@ public class OAuth2ResourceServerSpecTests {
 		given(authenticationManager.authenticate(any(Authentication.class)))
 				.willReturn(Mono.error(new OAuth2AuthenticationException(new OAuth2Error("mock-failure"))));
 
-		this.client.get().headers(headers -> headers.setBearerAuth(this.messageReadToken)).exchange().expectStatus()
+		this.client.get().headers((headers) -> headers.setBearerAuth(this.messageReadToken)).exchange().expectStatus()
 				.isUnauthorized().expectHeader()
 				.value(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer error=\"mock-failure\""));
 	}
@@ -248,7 +248,7 @@ public class OAuth2ResourceServerSpecTests {
 		given(authenticationManager.authenticate(any(Authentication.class)))
 				.willReturn(Mono.error(new OAuth2AuthenticationException(new OAuth2Error("mock-failure"))));
 
-		this.client.get().headers(headers -> headers.setBearerAuth(this.messageReadToken)).exchange().expectStatus()
+		this.client.get().headers((headers) -> headers.setBearerAuth(this.messageReadToken)).exchange().expectStatus()
 				.isUnauthorized().expectHeader()
 				.value(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer error=\"mock-failure\""));
 	}
@@ -268,7 +268,7 @@ public class OAuth2ResourceServerSpecTests {
 		given(authenticationManager.authenticate(any(Authentication.class)))
 				.willReturn(Mono.error(new OAuth2AuthenticationException(new OAuth2Error("mock-failure"))));
 
-		this.client.get().headers(headers -> headers.setBearerAuth(this.messageReadToken)).exchange().expectStatus()
+		this.client.get().headers((headers) -> headers.setBearerAuth(this.messageReadToken)).exchange().expectStatus()
 				.isUnauthorized().expectHeader()
 				.value(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer error=\"mock-failure\""));
 	}
@@ -277,7 +277,7 @@ public class OAuth2ResourceServerSpecTests {
 	public void postWhenSignedThenReturnsOk() {
 		this.spring.register(PublicKeyConfig.class, RootController.class).autowire();
 
-		this.client.post().headers(headers -> headers.setBearerAuth(this.messageReadToken)).exchange().expectStatus()
+		this.client.post().headers((headers) -> headers.setBearerAuth(this.messageReadToken)).exchange().expectStatus()
 				.isOk();
 	}
 
@@ -285,7 +285,7 @@ public class OAuth2ResourceServerSpecTests {
 	public void getWhenTokenHasInsufficientScopeThenReturnsInsufficientScope() {
 		this.spring.register(DenyAllConfig.class, RootController.class).autowire();
 
-		this.client.get().headers(headers -> headers.setBearerAuth(this.messageReadToken)).exchange().expectStatus()
+		this.client.get().headers((headers) -> headers.setBearerAuth(this.messageReadToken)).exchange().expectStatus()
 				.isForbidden().expectHeader()
 				.value(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer error=\"insufficient_scope\""));
 	}
@@ -308,7 +308,7 @@ public class OAuth2ResourceServerSpecTests {
 	public void getWhenSignedAndCustomConverterThenConverts() {
 		this.spring.register(CustomJwtAuthenticationConverterConfig.class, RootController.class).autowire();
 
-		this.client.get().headers(headers -> headers.setBearerAuth(this.messageReadToken)).exchange().expectStatus()
+		this.client.get().headers((headers) -> headers.setBearerAuth(this.messageReadToken)).exchange().expectStatus()
 				.isOk();
 	}
 
@@ -323,7 +323,7 @@ public class OAuth2ResourceServerSpecTests {
 	public void getWhenCustomBearerTokenDeniedHandlerThenResponds() {
 		this.spring.register(CustomErrorHandlingConfig.class).autowire();
 
-		this.client.get().uri("/unobtainable").headers(headers -> headers.setBearerAuth(this.messageReadToken))
+		this.client.get().uri("/unobtainable").headers((headers) -> headers.setBearerAuth(this.messageReadToken))
 				.exchange().expectStatus().isEqualTo(HttpStatus.BANDWIDTH_LIMIT_EXCEEDED);
 	}
 
@@ -392,7 +392,7 @@ public class OAuth2ResourceServerSpecTests {
 		this.spring.getContext().getBean(MockWebServer.class)
 				.setDispatcher(requiresAuth(this.clientId, this.clientSecret, this.active));
 
-		this.client.get().headers(headers -> headers.setBearerAuth(this.messageReadToken)).exchange().expectStatus()
+		this.client.get().headers((headers) -> headers.setBearerAuth(this.messageReadToken)).exchange().expectStatus()
 				.isOk();
 	}
 
@@ -402,7 +402,7 @@ public class OAuth2ResourceServerSpecTests {
 		this.spring.getContext().getBean(MockWebServer.class)
 				.setDispatcher(requiresAuth(this.clientId, this.clientSecret, this.active));
 
-		this.client.get().headers(headers -> headers.setBearerAuth(this.messageReadToken)).exchange().expectStatus()
+		this.client.get().headers((headers) -> headers.setBearerAuth(this.messageReadToken)).exchange().expectStatus()
 				.isOk();
 	}
 
@@ -417,8 +417,8 @@ public class OAuth2ResourceServerSpecTests {
 			@Override
 			public MockResponse dispatch(RecordedRequest request) {
 				String authorization = request.getHeader(org.springframework.http.HttpHeaders.AUTHORIZATION);
-				return Optional.ofNullable(authorization).filter(a -> isAuthorized(authorization, username, password))
-						.map(a -> ok(response)).orElse(unauthorized());
+				return Optional.ofNullable(authorization).filter((a) -> isAuthorized(authorization, username, password))
+						.map((a) -> ok(response)).orElse(unauthorized());
 			}
 		};
 	}
@@ -488,13 +488,13 @@ public class OAuth2ResourceServerSpecTests {
 		SecurityWebFilterChain springSecurity(ServerHttpSecurity http) {
 			// @formatter:off
 			http
-				.authorizeExchange(exchanges ->
+				.authorizeExchange((exchanges) ->
 					exchanges
 						.anyExchange().hasAuthority("SCOPE_message:read")
 				)
-				.oauth2ResourceServer(oauth2ResourceServer ->
+				.oauth2ResourceServer((oauth2ResourceServer) ->
 					oauth2ResourceServer
-						.jwt(jwt ->
+						.jwt((jwt) ->
 							jwt
 								.publicKey(publicKey())
 						)
@@ -572,9 +572,9 @@ public class OAuth2ResourceServerSpecTests {
 
 			// @formatter:off
 			http
-				.oauth2ResourceServer(oauth2ResourceServer ->
+				.oauth2ResourceServer((oauth2ResourceServer) ->
 					oauth2ResourceServer
-						.jwt(jwt ->
+						.jwt((jwt) ->
 							jwt
 								.jwkSetUri(jwkSetUri)
 						)
@@ -672,9 +672,9 @@ public class OAuth2ResourceServerSpecTests {
 		SecurityWebFilterChain springSecurity(ServerHttpSecurity http) {
 			// @formatter:off
 			http
-				.oauth2ResourceServer(oauth2ResourceServer ->
+				.oauth2ResourceServer((oauth2ResourceServer) ->
 					oauth2ResourceServer
-						.jwt(jwt ->
+						.jwt((jwt) ->
 							jwt
 								.authenticationManager(authenticationManager())
 						)
@@ -743,7 +743,7 @@ public class OAuth2ResourceServerSpecTests {
 
 		@Bean
 		ServerAuthenticationConverter bearerTokenAuthenticationConverter() {
-			return exchange -> Mono.justOrEmpty(exchange.getRequest().getCookies().getFirst("TOKEN").getValue())
+			return (exchange) -> Mono.justOrEmpty(exchange.getRequest().getCookies().getFirst("TOKEN").getValue())
 					.map(BearerTokenAuthenticationToken::new);
 		}
 
@@ -773,7 +773,7 @@ public class OAuth2ResourceServerSpecTests {
 		Converter<Jwt, Mono<AbstractAuthenticationToken>> jwtAuthenticationConverter() {
 
 			JwtAuthenticationConverter converter = new JwtAuthenticationConverter();
-			converter.setJwtGrantedAuthoritiesConverter(jwt -> {
+			converter.setJwtGrantedAuthoritiesConverter((jwt) -> {
 				String[] claims = ((String) jwt.getClaims().get("scope")).split(" ");
 				return Stream.of(claims).map(SimpleGrantedAuthority::new).collect(Collectors.toList());
 			});
@@ -852,9 +852,9 @@ public class OAuth2ResourceServerSpecTests {
 
 			// @formatter:off
 			http
-				.oauth2ResourceServer(oauth2ResourceServer ->
+				.oauth2ResourceServer((oauth2ResourceServer) ->
 					oauth2ResourceServer
-						.opaqueToken(opaqueToken ->
+						.opaqueToken((opaqueToken) ->
 								opaqueToken
 									.introspectionUri(introspectionUri)
 									.introspectionClientCredentials("client", "secret")
diff --git a/config/src/test/java/org/springframework/security/config/web/server/RequestCacheTests.java b/config/src/test/java/org/springframework/security/config/web/server/RequestCacheTests.java
index e3a438d19e..cccf0f0df9 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/RequestCacheTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/RequestCacheTests.java
@@ -84,9 +84,10 @@ public class RequestCacheTests {
 	@Test
 	public void requestWhenCustomRequestCacheInLambdaThenCustomCacheUsed() {
 		SecurityWebFilterChain securityWebFilter = this.http
-				.authorizeExchange(authorizeExchange -> authorizeExchange.anyExchange().authenticated())
+				.authorizeExchange((authorizeExchange) -> authorizeExchange.anyExchange().authenticated())
 				.formLogin(withDefaults())
-				.requestCache(requestCache -> requestCache.requestCache(NoOpServerRequestCache.getInstance())).build();
+				.requestCache((requestCache) -> requestCache.requestCache(NoOpServerRequestCache.getInstance()))
+				.build();
 
 		WebTestClient webTestClient = WebTestClient
 				.bindToController(new SecuredPageController(), new WebTestClientBuilder.Http200RestController())
diff --git a/config/src/test/java/org/springframework/security/config/web/server/ServerHttpSecurityTests.java b/config/src/test/java/org/springframework/security/config/web/server/ServerHttpSecurityTests.java
index 0769425fd7..a23964ceec 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/ServerHttpSecurityTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/ServerHttpSecurityTests.java
@@ -133,9 +133,9 @@ public class ServerHttpSecurityTests {
 		WebTestClient client = buildClient();
 
 		EntityExchangeResult<String> result = client.get().uri("/")
-				.headers(headers -> headers.setBasicAuth("rob", "rob")).exchange().expectStatus().isOk().expectHeader()
-				.valueMatches(HttpHeaders.CACHE_CONTROL, ".+").expectBody(String.class)
-				.consumeWith(b -> assertThat(b.getResponseBody()).isEqualTo("ok")).returnResult();
+				.headers((headers) -> headers.setBasicAuth("rob", "rob")).exchange().expectStatus().isOk()
+				.expectHeader().valueMatches(HttpHeaders.CACHE_CONTROL, ".+").expectBody(String.class)
+				.consumeWith((b) -> assertThat(b.getResponseBody()).isEqualTo("ok")).returnResult();
 
 		assertThat(result.getResponseCookies().getFirst("SESSION")).isNull();
 	}
@@ -154,9 +154,9 @@ public class ServerHttpSecurityTests {
 		WebTestClient client = buildClient();
 
 		EntityExchangeResult<String> result = client.get().uri("/")
-				.headers(headers -> headers.setBasicAuth("rob", "rob")).exchange().expectStatus().isOk().expectHeader()
-				.valueMatches(HttpHeaders.CACHE_CONTROL, ".+").expectBody(String.class)
-				.consumeWith(b -> assertThat(b.getResponseBody()).isEqualTo("ok")).returnResult();
+				.headers((headers) -> headers.setBasicAuth("rob", "rob")).exchange().expectStatus().isOk()
+				.expectHeader().valueMatches(HttpHeaders.CACHE_CONTROL, ".+").expectBody(String.class)
+				.consumeWith((b) -> assertThat(b.getResponseBody()).isEqualTo("ok")).returnResult();
 
 		assertThat(result.getResponseCookies().getFirst("SESSION")).isNotNull();
 	}
@@ -187,7 +187,7 @@ public class ServerHttpSecurityTests {
 		assertThat(getWebFilter(securityWebFilterChain, CsrfWebFilter.class)).isNotPresent();
 
 		Optional<ServerLogoutHandler> logoutHandler = getWebFilter(securityWebFilterChain, LogoutWebFilter.class)
-				.map(logoutWebFilter -> (ServerLogoutHandler) ReflectionTestUtils.getField(logoutWebFilter,
+				.map((logoutWebFilter) -> (ServerLogoutHandler) ReflectionTestUtils.getField(logoutWebFilter,
 						LogoutWebFilter.class, "logoutHandler"));
 
 		assertThat(logoutHandler).get().isExactlyInstanceOf(SecurityContextServerLogoutHandler.class);
@@ -199,15 +199,15 @@ public class ServerHttpSecurityTests {
 				.and().build();
 
 		assertThat(getWebFilter(securityWebFilterChain, CsrfWebFilter.class)).get()
-				.extracting(csrfWebFilter -> ReflectionTestUtils.getField(csrfWebFilter, "csrfTokenRepository"))
+				.extracting((csrfWebFilter) -> ReflectionTestUtils.getField(csrfWebFilter, "csrfTokenRepository"))
 				.isEqualTo(this.csrfTokenRepository);
 
 		Optional<ServerLogoutHandler> logoutHandler = getWebFilter(securityWebFilterChain, LogoutWebFilter.class)
-				.map(logoutWebFilter -> (ServerLogoutHandler) ReflectionTestUtils.getField(logoutWebFilter,
+				.map((logoutWebFilter) -> (ServerLogoutHandler) ReflectionTestUtils.getField(logoutWebFilter,
 						LogoutWebFilter.class, "logoutHandler"));
 
 		assertThat(logoutHandler).get().isExactlyInstanceOf(DelegatingServerLogoutHandler.class)
-				.extracting(delegatingLogoutHandler -> ((List<ServerLogoutHandler>) ReflectionTestUtils
+				.extracting((delegatingLogoutHandler) -> ((List<ServerLogoutHandler>) ReflectionTestUtils
 						.getField(delegatingLogoutHandler, DelegatingServerLogoutHandler.class, "delegates")).stream()
 								.map(ServerLogoutHandler::getClass).collect(Collectors.toList()))
 				.isEqualTo(Arrays.asList(SecurityContextServerLogoutHandler.class, CsrfServerLogoutHandler.class));
@@ -271,9 +271,9 @@ public class ServerHttpSecurityTests {
 		WebTestClient client = buildClient();
 
 		EntityExchangeResult<String> result = client.get().uri("/")
-				.headers(headers -> headers.setBasicAuth("rob", "rob")).exchange().expectStatus().isOk().expectHeader()
-				.valueMatches(HttpHeaders.CACHE_CONTROL, ".+").expectBody(String.class)
-				.consumeWith(b -> assertThat(b.getResponseBody()).isEqualTo("ok")).returnResult();
+				.headers((headers) -> headers.setBasicAuth("rob", "rob")).exchange().expectStatus().isOk()
+				.expectHeader().valueMatches(HttpHeaders.CACHE_CONTROL, ".+").expectBody(String.class)
+				.consumeWith((b) -> assertThat(b.getResponseBody()).isEqualTo("ok")).returnResult();
 
 		assertThat(result.getResponseCookies().getFirst("SESSION")).isNull();
 	}
@@ -291,7 +291,7 @@ public class ServerHttpSecurityTests {
 		WebTestClient client = buildClient();
 
 		EntityExchangeResult<String> result = client.get().uri("/").exchange().expectStatus().isUnauthorized()
-				.expectHeader().value(HttpHeaders.WWW_AUTHENTICATE, value -> assertThat(value).contains("myrealm"))
+				.expectHeader().value(HttpHeaders.WWW_AUTHENTICATE, (value) -> assertThat(value).contains("myrealm"))
 				.expectBody(String.class).returnResult();
 
 		assertThat(result.getResponseCookies().getFirst("SESSION")).isNull();
@@ -302,7 +302,7 @@ public class ServerHttpSecurityTests {
 		this.http.securityContextRepository(new WebSessionServerSecurityContextRepository());
 		HttpBasicServerAuthenticationEntryPoint authenticationEntryPoint = new HttpBasicServerAuthenticationEntryPoint();
 		authenticationEntryPoint.setRealm("myrealm");
-		this.http.httpBasic(httpBasic -> httpBasic.authenticationEntryPoint(authenticationEntryPoint));
+		this.http.httpBasic((httpBasic) -> httpBasic.authenticationEntryPoint(authenticationEntryPoint));
 		this.http.authenticationManager(this.authenticationManager);
 		ServerHttpSecurity.AuthorizeExchangeSpec authorize = this.http.authorizeExchange();
 		authorize.anyExchange().authenticated();
@@ -310,7 +310,7 @@ public class ServerHttpSecurityTests {
 		WebTestClient client = buildClient();
 
 		EntityExchangeResult<String> result = client.get().uri("/").exchange().expectStatus().isUnauthorized()
-				.expectHeader().value(HttpHeaders.WWW_AUTHENTICATE, value -> assertThat(value).contains("myrealm"))
+				.expectHeader().value(HttpHeaders.WWW_AUTHENTICATE, (value) -> assertThat(value).contains("myrealm"))
 				.expectBody(String.class).returnResult();
 
 		assertThat(result.getResponseCookies().getFirst("SESSION")).isNull();
@@ -327,8 +327,8 @@ public class ServerHttpSecurityTests {
 		WebFilterChainProxy springSecurityFilterChain = new WebFilterChainProxy(securityFilterChain);
 		WebTestClient client = WebTestClientBuilder.bindToWebFilters(springSecurityFilterChain).build();
 
-		client.get().uri("/").headers(headers -> headers.setBasicAuth("rob", "rob")).exchange().expectStatus().isOk()
-				.expectBody(String.class).consumeWith(b -> assertThat(b.getResponseBody()).isEqualTo("ok"));
+		client.get().uri("/").headers((headers) -> headers.setBasicAuth("rob", "rob")).exchange().expectStatus().isOk()
+				.expectBody(String.class).consumeWith((b) -> assertThat(b.getResponseBody()).isEqualTo("ok"));
 
 		verifyZeroInteractions(this.authenticationManager);
 	}
@@ -340,12 +340,12 @@ public class ServerHttpSecurityTests {
 				.willReturn(Mono.just(new TestingAuthenticationToken("rob", "rob", "ROLE_USER", "ROLE_ADMIN")));
 
 		SecurityWebFilterChain securityFilterChain = this.http
-				.httpBasic(httpBasic -> httpBasic.authenticationManager(customAuthenticationManager)).build();
+				.httpBasic((httpBasic) -> httpBasic.authenticationManager(customAuthenticationManager)).build();
 		WebFilterChainProxy springSecurityFilterChain = new WebFilterChainProxy(securityFilterChain);
 		WebTestClient client = WebTestClientBuilder.bindToWebFilters(springSecurityFilterChain).build();
 
-		client.get().uri("/").headers(headers -> headers.setBasicAuth("rob", "rob")).exchange().expectStatus().isOk()
-				.expectBody(String.class).consumeWith(b -> assertThat(b.getResponseBody()).isEqualTo("ok"));
+		client.get().uri("/").headers((headers) -> headers.setBasicAuth("rob", "rob")).exchange().expectStatus().isOk()
+				.expectBody(String.class).consumeWith((b) -> assertThat(b.getResponseBody()).isEqualTo("ok"));
 
 		verifyZeroInteractions(this.authenticationManager);
 		verify(customAuthenticationManager).authenticate(any(Authentication.class));
@@ -370,7 +370,8 @@ public class ServerHttpSecurityTests {
 		X509PrincipalExtractor mockExtractor = mock(X509PrincipalExtractor.class);
 		ReactiveAuthenticationManager mockAuthenticationManager = mock(ReactiveAuthenticationManager.class);
 
-		this.http.x509(x509 -> x509.principalExtractor(mockExtractor).authenticationManager(mockAuthenticationManager));
+		this.http.x509(
+				(x509) -> x509.principalExtractor(mockExtractor).authenticationManager(mockAuthenticationManager));
 
 		SecurityWebFilterChain securityWebFilterChain = this.http.build();
 		WebFilter x509WebFilter = securityWebFilterChain.getWebFilters().filter(this::isX509Filter).blockFirst();
@@ -400,7 +401,7 @@ public class ServerHttpSecurityTests {
 
 	@Test
 	public void postWhenCsrfDisabledThenPermitted() {
-		SecurityWebFilterChain securityFilterChain = this.http.csrf(csrf -> csrf.disable()).build();
+		SecurityWebFilterChain securityFilterChain = this.http.csrf((csrf) -> csrf.disable()).build();
 		WebFilterChainProxy springSecurityFilterChain = new WebFilterChainProxy(securityFilterChain);
 		WebTestClient client = WebTestClientBuilder.bindToWebFilters(springSecurityFilterChain).build();
 
@@ -412,7 +413,7 @@ public class ServerHttpSecurityTests {
 		ServerCsrfTokenRepository customServerCsrfTokenRepository = mock(ServerCsrfTokenRepository.class);
 		given(customServerCsrfTokenRepository.loadToken(any(ServerWebExchange.class))).willReturn(Mono.empty());
 		SecurityWebFilterChain securityFilterChain = this.http
-				.csrf(csrf -> csrf.csrfTokenRepository(customServerCsrfTokenRepository)).build();
+				.csrf((csrf) -> csrf.csrfTokenRepository(customServerCsrfTokenRepository)).build();
 		WebFilterChainProxy springSecurityFilterChain = new WebFilterChainProxy(securityFilterChain);
 		WebTestClient client = WebTestClientBuilder.bindToWebFilters(springSecurityFilterChain).build();
 
@@ -429,7 +430,7 @@ public class ServerHttpSecurityTests {
 
 		SecurityWebFilterChain securityFilterChain = this.http.oauth2Login()
 				.clientRegistrationRepository(clientRegistrationRepository).and().authorizeExchange().anyExchange()
-				.authenticated().and().requestCache(c -> c.requestCache(requestCache)).build();
+				.authenticated().and().requestCache((c) -> c.requestCache(requestCache)).build();
 
 		WebTestClient client = WebTestClientBuilder.bindToWebFilters(securityFilterChain).build();
 		client.get().uri("/test").exchange();
@@ -478,7 +479,7 @@ public class ServerHttpSecurityTests {
 
 	private <T extends WebFilter> Optional<T> getWebFilter(SecurityWebFilterChain filterChain, Class<T> filterClass) {
 		return (Optional<T>) filterChain.getWebFilters().filter(Objects::nonNull)
-				.filter(filter -> filter.getClass().isAssignableFrom(filterClass)).singleOrEmpty().blockOptional();
+				.filter((filter) -> filter.getClass().isAssignableFrom(filterClass)).singleOrEmpty().blockOptional();
 	}
 
 	private WebTestClient buildClient() {
@@ -491,9 +492,9 @@ public class ServerHttpSecurityTests {
 
 		@GetMapping("/**")
 		Mono<String> pathWithinApplicationFromContext() {
-			return Mono.subscriberContext().filter(c -> c.hasKey(ServerWebExchange.class))
-					.map(c -> c.get(ServerWebExchange.class))
-					.map(e -> e.getRequest().getPath().pathWithinApplication().value());
+			return Mono.subscriberContext().filter((c) -> c.hasKey(ServerWebExchange.class))
+					.map((c) -> c.get(ServerWebExchange.class))
+					.map((e) -> e.getRequest().getPath().pathWithinApplication().value());
 		}
 
 	}
diff --git a/config/src/test/java/org/springframework/security/htmlunit/server/HtmlUnitWebTestClient.java b/config/src/test/java/org/springframework/security/htmlunit/server/HtmlUnitWebTestClient.java
index f6b1ee9aa0..44f2c57947 100644
--- a/config/src/test/java/org/springframework/security/htmlunit/server/HtmlUnitWebTestClient.java
+++ b/config/src/test/java/org/springframework/security/htmlunit/server/HtmlUnitWebTestClient.java
@@ -81,7 +81,7 @@ final class HtmlUnitWebTestClient {
 
 	private MultiValueMap<String, String> formData(List<NameValuePair> params) {
 		MultiValueMap<String, String> result = new LinkedMultiValueMap<>(params.size());
-		params.forEach(pair -> result.add(pair.getName(), pair.getValue()));
+		params.forEach((pair) -> result.add(pair.getName(), pair.getValue()));
 		return result;
 	}
 
@@ -139,7 +139,7 @@ final class HtmlUnitWebTestClient {
 
 		@Override
 		public Mono<ClientResponse> filter(ClientRequest request, ExchangeFunction next) {
-			return next.exchange(request).flatMap(response -> redirectIfNecessary(request, next, response));
+			return next.exchange(request).flatMap((response) -> redirectIfNecessary(request, next, response));
 		}
 
 		private Mono<ClientResponse> redirectIfNecessary(ClientRequest request, ExchangeFunction next,
@@ -153,11 +153,11 @@ final class HtmlUnitWebTestClient {
 					redirectUrl = scheme + "://" + host + location.toASCIIString();
 				}
 				ClientRequest redirect = ClientRequest.method(HttpMethod.GET, URI.create(redirectUrl))
-						.headers(headers -> headers.addAll(request.headers()))
-						.cookies(cookies -> cookies.addAll(request.cookies()))
-						.attributes(attributes -> attributes.putAll(request.attributes())).build();
+						.headers((headers) -> headers.addAll(request.headers()))
+						.cookies((cookies) -> cookies.addAll(request.cookies()))
+						.attributes((attributes) -> attributes.putAll(request.attributes())).build();
 
-				return next.exchange(redirect).flatMap(r -> redirectIfNecessary(request, next, r));
+				return next.exchange(redirect).flatMap((r) -> redirectIfNecessary(request, next, r));
 			}
 
 			return Mono.just(response);
@@ -171,9 +171,9 @@ final class HtmlUnitWebTestClient {
 
 		@Override
 		public Mono<ClientResponse> filter(ClientRequest request, ExchangeFunction next) {
-			return next.exchange(withClientCookies(request)).doOnSuccess(response -> {
-				response.cookies().values().forEach(cookies -> {
-					cookies.forEach(cookie -> {
+			return next.exchange(withClientCookies(request)).doOnSuccess((response) -> {
+				response.cookies().values().forEach((cookies) -> {
+					cookies.forEach((cookie) -> {
 						if (cookie.getMaxAge().isZero()) {
 							this.cookies.remove(cookie.getName());
 						}
@@ -186,14 +186,14 @@ final class HtmlUnitWebTestClient {
 		}
 
 		private ClientRequest withClientCookies(ClientRequest request) {
-			return ClientRequest.from(request).cookies(c -> {
+			return ClientRequest.from(request).cookies((c) -> {
 				c.addAll(clientCookies());
 			}).build();
 		}
 
 		private MultiValueMap<String, String> clientCookies() {
 			MultiValueMap<String, String> result = new LinkedMultiValueMap<>(this.cookies.size());
-			this.cookies.values().forEach(cookie -> result.add(cookie.getName(), cookie.getValue()));
+			this.cookies.values().forEach((cookie) -> result.add(cookie.getName(), cookie.getValue()));
 			return result;
 		}
 
diff --git a/config/src/test/java/org/springframework/security/htmlunit/server/MockWebResponseBuilder.java b/config/src/test/java/org/springframework/security/htmlunit/server/MockWebResponseBuilder.java
index f693f4258f..fe634597b0 100644
--- a/config/src/test/java/org/springframework/security/htmlunit/server/MockWebResponseBuilder.java
+++ b/config/src/test/java/org/springframework/security/htmlunit/server/MockWebResponseBuilder.java
@@ -67,7 +67,7 @@ final class MockWebResponseBuilder {
 		HttpHeaders responseHeaders = this.exchangeResult.getResponseHeaders();
 		List<NameValuePair> result = new ArrayList<>(responseHeaders.size());
 		responseHeaders.forEach((headerName, headerValues) -> headerValues
-				.forEach(headerValue -> result.add(new NameValuePair(headerName, headerValue))));
+				.forEach((headerValue) -> result.add(new NameValuePair(headerName, headerValue))));
 		return result;
 	}
 
diff --git a/core/src/main/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandler.java b/core/src/main/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandler.java
index 8ed41d8099..95b5bced1b 100644
--- a/core/src/main/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandler.java
+++ b/core/src/main/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandler.java
@@ -204,7 +204,7 @@ public class DefaultMethodSecurityExpressionHandler extends AbstractSecurityExpr
 		if (filterTarget instanceof Stream) {
 			final Stream<?> original = (Stream<?>) filterTarget;
 
-			return original.filter(filterObject -> {
+			return original.filter((filterObject) -> {
 				rootObject.setFilterObject(filterObject);
 				return ExpressionUtils.evaluateAsBoolean(filterExpression, ctx);
 			}).onClose(original::close);
diff --git a/core/src/main/java/org/springframework/security/access/method/MapBasedMethodSecurityMetadataSource.java b/core/src/main/java/org/springframework/security/access/method/MapBasedMethodSecurityMetadataSource.java
index 5b6c45bd69..eb7a41816a 100644
--- a/core/src/main/java/org/springframework/security/access/method/MapBasedMethodSecurityMetadataSource.java
+++ b/core/src/main/java/org/springframework/security/access/method/MapBasedMethodSecurityMetadataSource.java
@@ -156,7 +156,7 @@ public class MapBasedMethodSecurityMetadataSource extends AbstractFallbackMethod
 
 			if ((regMethodName == null) || (!regMethodName.equals(name) && (regMethodName.length() <= name.length()))) {
 				// no already registered method name, or more specific
-				// method name specification now -> (re-)register method
+				// method name specification (now) -> (re-)register method
 				if (regMethodName != null) {
 					this.logger.debug("Replacing attributes for secure method [" + method + "]: current name [" + name
 							+ "] is more specific than [" + regMethodName + "]");
diff --git a/core/src/main/java/org/springframework/security/access/prepost/PrePostAdviceReactiveMethodInterceptor.java b/core/src/main/java/org/springframework/security/access/prepost/PrePostAdviceReactiveMethodInterceptor.java
index f1552942e5..9bd9efd203 100644
--- a/core/src/main/java/org/springframework/security/access/prepost/PrePostAdviceReactiveMethodInterceptor.java
+++ b/core/src/main/java/org/springframework/security/access/prepost/PrePostAdviceReactiveMethodInterceptor.java
@@ -86,24 +86,24 @@ public class PrePostAdviceReactiveMethodInterceptor implements MethodInterceptor
 		PreInvocationAttribute preAttr = findPreInvocationAttribute(attributes);
 		Mono<Authentication> toInvoke = ReactiveSecurityContextHolder.getContext()
 				.map(SecurityContext::getAuthentication).defaultIfEmpty(this.anonymous)
-				.filter(auth -> this.preInvocationAdvice.before(auth, invocation, preAttr))
+				.filter((auth) -> this.preInvocationAdvice.before(auth, invocation, preAttr))
 				.switchIfEmpty(Mono.defer(() -> Mono.error(new AccessDeniedException("Denied"))));
 
 		PostInvocationAttribute attr = findPostInvocationAttribute(attributes);
 
 		if (Mono.class.isAssignableFrom(returnType)) {
-			return toInvoke.flatMap(auth -> PrePostAdviceReactiveMethodInterceptor.<Mono<?>>proceed(invocation)
-					.map(r -> attr == null ? r : this.postAdvice.after(auth, invocation, attr, r)));
+			return toInvoke.flatMap((auth) -> PrePostAdviceReactiveMethodInterceptor.<Mono<?>>proceed(invocation)
+					.map((r) -> attr == null ? r : this.postAdvice.after(auth, invocation, attr, r)));
 		}
 
 		if (Flux.class.isAssignableFrom(returnType)) {
-			return toInvoke.flatMapMany(auth -> PrePostAdviceReactiveMethodInterceptor.<Flux<?>>proceed(invocation)
-					.map(r -> attr == null ? r : this.postAdvice.after(auth, invocation, attr, r)));
+			return toInvoke.flatMapMany((auth) -> PrePostAdviceReactiveMethodInterceptor.<Flux<?>>proceed(invocation)
+					.map((r) -> attr == null ? r : this.postAdvice.after(auth, invocation, attr, r)));
 		}
 
-		return toInvoke
-				.flatMapMany(auth -> Flux.from(PrePostAdviceReactiveMethodInterceptor.<Publisher<?>>proceed(invocation))
-						.map(r -> attr == null ? r : this.postAdvice.after(auth, invocation, attr, r)));
+		return toInvoke.flatMapMany(
+				(auth) -> Flux.from(PrePostAdviceReactiveMethodInterceptor.<Publisher<?>>proceed(invocation))
+						.map((r) -> attr == null ? r : this.postAdvice.after(auth, invocation, attr, r)));
 	}
 
 	private static <T extends Publisher<?>> T proceed(final MethodInvocation invocation) {
diff --git a/core/src/main/java/org/springframework/security/authentication/AbstractUserDetailsReactiveAuthenticationManager.java b/core/src/main/java/org/springframework/security/authentication/AbstractUserDetailsReactiveAuthenticationManager.java
index b936c38b28..08b86ca969 100644
--- a/core/src/main/java/org/springframework/security/authentication/AbstractUserDetailsReactiveAuthenticationManager.java
+++ b/core/src/main/java/org/springframework/security/authentication/AbstractUserDetailsReactiveAuthenticationManager.java
@@ -57,7 +57,7 @@ public abstract class AbstractUserDetailsReactiveAuthenticationManager implement
 
 	private Scheduler scheduler = Schedulers.boundedElastic();
 
-	private UserDetailsChecker preAuthenticationChecks = user -> {
+	private UserDetailsChecker preAuthenticationChecks = (user) -> {
 		if (!user.isAccountNonLocked()) {
 			this.logger.debug("User account is locked");
 
@@ -80,7 +80,7 @@ public abstract class AbstractUserDetailsReactiveAuthenticationManager implement
 		}
 	};
 
-	private UserDetailsChecker postAuthenticationChecks = user -> {
+	private UserDetailsChecker postAuthenticationChecks = (user) -> {
 		if (!user.isCredentialsNonExpired()) {
 			this.logger.debug("User account credentials have expired");
 
@@ -94,9 +94,9 @@ public abstract class AbstractUserDetailsReactiveAuthenticationManager implement
 		final String username = authentication.getName();
 		final String presentedPassword = (String) authentication.getCredentials();
 		return retrieveUser(username).doOnNext(this.preAuthenticationChecks::check).publishOn(this.scheduler)
-				.filter(u -> this.passwordEncoder.matches(presentedPassword, u.getPassword()))
+				.filter((u) -> this.passwordEncoder.matches(presentedPassword, u.getPassword()))
 				.switchIfEmpty(Mono.defer(() -> Mono.error(new BadCredentialsException("Invalid Credentials"))))
-				.flatMap(u -> {
+				.flatMap((u) -> {
 					boolean upgradeEncoding = this.userDetailsPasswordService != null
 							&& this.passwordEncoder.upgradeEncoding(u.getPassword());
 					if (upgradeEncoding) {
@@ -105,7 +105,7 @@ public abstract class AbstractUserDetailsReactiveAuthenticationManager implement
 					}
 					return Mono.just(u);
 				}).doOnNext(this.postAuthenticationChecks::check)
-				.map(u -> new UsernamePasswordAuthenticationToken(u, u.getPassword(), u.getAuthorities()));
+				.map((u) -> new UsernamePasswordAuthenticationToken(u, u.getPassword(), u.getAuthorities()));
 	}
 
 	/**
diff --git a/core/src/main/java/org/springframework/security/authentication/DelegatingReactiveAuthenticationManager.java b/core/src/main/java/org/springframework/security/authentication/DelegatingReactiveAuthenticationManager.java
index 8c1268dc5f..8fd156a10d 100644
--- a/core/src/main/java/org/springframework/security/authentication/DelegatingReactiveAuthenticationManager.java
+++ b/core/src/main/java/org/springframework/security/authentication/DelegatingReactiveAuthenticationManager.java
@@ -48,7 +48,7 @@ public class DelegatingReactiveAuthenticationManager implements ReactiveAuthenti
 
 	@Override
 	public Mono<Authentication> authenticate(Authentication authentication) {
-		return Flux.fromIterable(this.delegates).concatMap(m -> m.authenticate(authentication)).next();
+		return Flux.fromIterable(this.delegates).concatMap((m) -> m.authenticate(authentication)).next();
 	}
 
 }
diff --git a/core/src/main/java/org/springframework/security/authentication/ReactiveAuthenticationManagerAdapter.java b/core/src/main/java/org/springframework/security/authentication/ReactiveAuthenticationManagerAdapter.java
index 69e962dafd..bb5d6dc17e 100644
--- a/core/src/main/java/org/springframework/security/authentication/ReactiveAuthenticationManagerAdapter.java
+++ b/core/src/main/java/org/springframework/security/authentication/ReactiveAuthenticationManagerAdapter.java
@@ -47,14 +47,14 @@ public class ReactiveAuthenticationManagerAdapter implements ReactiveAuthenticat
 
 	@Override
 	public Mono<Authentication> authenticate(Authentication token) {
-		return Mono.just(token).publishOn(this.scheduler).flatMap(t -> {
+		return Mono.just(token).publishOn(this.scheduler).flatMap((t) -> {
 			try {
 				return Mono.just(this.authenticationManager.authenticate(t));
 			}
 			catch (Throwable error) {
 				return Mono.error(error);
 			}
-		}).filter(a -> a.isAuthenticated());
+		}).filter((a) -> a.isAuthenticated());
 	}
 
 	/**
diff --git a/core/src/main/java/org/springframework/security/authorization/AuthenticatedReactiveAuthorizationManager.java b/core/src/main/java/org/springframework/security/authorization/AuthenticatedReactiveAuthorizationManager.java
index e20d1ed5a2..b854eac09f 100644
--- a/core/src/main/java/org/springframework/security/authorization/AuthenticatedReactiveAuthorizationManager.java
+++ b/core/src/main/java/org/springframework/security/authorization/AuthenticatedReactiveAuthorizationManager.java
@@ -39,7 +39,7 @@ public class AuthenticatedReactiveAuthorizationManager<T> implements ReactiveAut
 
 	@Override
 	public Mono<AuthorizationDecision> check(Mono<Authentication> authentication, T object) {
-		return authentication.filter(this::isNotAnonymous).map(a -> new AuthorizationDecision(a.isAuthenticated()))
+		return authentication.filter(this::isNotAnonymous).map((a) -> new AuthorizationDecision(a.isAuthenticated()))
 				.defaultIfEmpty(new AuthorizationDecision(false));
 	}
 
diff --git a/core/src/main/java/org/springframework/security/authorization/AuthorityReactiveAuthorizationManager.java b/core/src/main/java/org/springframework/security/authorization/AuthorityReactiveAuthorizationManager.java
index e1faf00f95..e8bb7b8fe8 100644
--- a/core/src/main/java/org/springframework/security/authorization/AuthorityReactiveAuthorizationManager.java
+++ b/core/src/main/java/org/springframework/security/authorization/AuthorityReactiveAuthorizationManager.java
@@ -42,9 +42,9 @@ public class AuthorityReactiveAuthorizationManager<T> implements ReactiveAuthori
 
 	@Override
 	public Mono<AuthorizationDecision> check(Mono<Authentication> authentication, T object) {
-		return authentication.filter(a -> a.isAuthenticated()).flatMapIterable(a -> a.getAuthorities())
-				.map(g -> g.getAuthority()).any(a -> this.authorities.contains(a))
-				.map(hasAuthority -> new AuthorizationDecision(hasAuthority))
+		return authentication.filter((a) -> a.isAuthenticated()).flatMapIterable((a) -> a.getAuthorities())
+				.map((g) -> g.getAuthority()).any((a) -> this.authorities.contains(a))
+				.map((hasAuthority) -> new AuthorizationDecision(hasAuthority))
 				.defaultIfEmpty(new AuthorizationDecision(false));
 	}
 
diff --git a/core/src/main/java/org/springframework/security/authorization/ReactiveAuthorizationManager.java b/core/src/main/java/org/springframework/security/authorization/ReactiveAuthorizationManager.java
index 7432427ccc..05b3adc293 100644
--- a/core/src/main/java/org/springframework/security/authorization/ReactiveAuthorizationManager.java
+++ b/core/src/main/java/org/springframework/security/authorization/ReactiveAuthorizationManager.java
@@ -47,9 +47,9 @@ public interface ReactiveAuthorizationManager<T> {
 	 * denied
 	 */
 	default Mono<Void> verify(Mono<Authentication> authentication, T object) {
-		return check(authentication, object).filter(d -> d.isGranted())
+		return check(authentication, object).filter((d) -> d.isGranted())
 				.switchIfEmpty(Mono.defer(() -> Mono.error(new AccessDeniedException("Access Denied"))))
-				.flatMap(d -> Mono.empty());
+				.flatMap((d) -> Mono.empty());
 	}
 
 }
diff --git a/core/src/main/java/org/springframework/security/converter/RsaKeyConverters.java b/core/src/main/java/org/springframework/security/converter/RsaKeyConverters.java
index 920017fd96..b675c35855 100644
--- a/core/src/main/java/org/springframework/security/converter/RsaKeyConverters.java
+++ b/core/src/main/java/org/springframework/security/converter/RsaKeyConverters.java
@@ -69,7 +69,7 @@ public final class RsaKeyConverters {
 	 */
 	public static Converter<InputStream, RSAPrivateKey> pkcs8() {
 		KeyFactory keyFactory = rsaFactory();
-		return source -> {
+		return (source) -> {
 			List<String> lines = readAllLines(source);
 			Assert.isTrue(!lines.isEmpty() && lines.get(0).startsWith(PKCS8_PEM_HEADER),
 					"Key is not in PEM-encoded PKCS#8 format, " + "please check that the header begins with -----"
@@ -102,7 +102,7 @@ public final class RsaKeyConverters {
 	 */
 	public static Converter<InputStream, RSAPublicKey> x509() {
 		KeyFactory keyFactory = rsaFactory();
-		return source -> {
+		return (source) -> {
 			List<String> lines = readAllLines(source);
 			Assert.isTrue(!lines.isEmpty() && lines.get(0).startsWith(X509_PEM_HEADER),
 					"Key is not in PEM-encoded X.509 format, " + "please check that the header begins with -----"
diff --git a/core/src/main/java/org/springframework/security/core/context/ReactiveSecurityContextHolder.java b/core/src/main/java/org/springframework/security/core/context/ReactiveSecurityContextHolder.java
index ac3366d665..449d461fd7 100644
--- a/core/src/main/java/org/springframework/security/core/context/ReactiveSecurityContextHolder.java
+++ b/core/src/main/java/org/springframework/security/core/context/ReactiveSecurityContextHolder.java
@@ -41,8 +41,8 @@ public final class ReactiveSecurityContextHolder {
 	 * @return the {@code Mono<SecurityContext>}
 	 */
 	public static Mono<SecurityContext> getContext() {
-		return Mono.subscriberContext().filter(c -> c.hasKey(SECURITY_CONTEXT_KEY))
-				.flatMap(c -> c.<Mono<SecurityContext>>get(SECURITY_CONTEXT_KEY));
+		return Mono.subscriberContext().filter((c) -> c.hasKey(SECURITY_CONTEXT_KEY))
+				.flatMap((c) -> c.<Mono<SecurityContext>>get(SECURITY_CONTEXT_KEY));
 	}
 
 	/**
@@ -51,7 +51,7 @@ public final class ReactiveSecurityContextHolder {
 	 * from clearing the context.
 	 */
 	public static Function<Context, Context> clearContext() {
-		return context -> context.delete(SECURITY_CONTEXT_KEY);
+		return (context) -> context.delete(SECURITY_CONTEXT_KEY);
 	}
 
 	/**
diff --git a/core/src/main/java/org/springframework/security/core/parameters/AnnotationParameterNameDiscoverer.java b/core/src/main/java/org/springframework/security/core/parameters/AnnotationParameterNameDiscoverer.java
index 982ed3312a..d2f0f6f0c8 100644
--- a/core/src/main/java/org/springframework/security/core/parameters/AnnotationParameterNameDiscoverer.java
+++ b/core/src/main/java/org/springframework/security/core/parameters/AnnotationParameterNameDiscoverer.java
@@ -162,10 +162,10 @@ public class AnnotationParameterNameDiscoverer implements ParameterNameDiscovere
 		return null;
 	}
 
-	private static final ParameterNameFactory<Constructor<?>> CONSTRUCTOR_METHODPARAM_FACTORY = constructor -> constructor
-			.getParameterAnnotations();
+	private static final ParameterNameFactory<Constructor<?>> CONSTRUCTOR_METHODPARAM_FACTORY = (
+			constructor) -> constructor.getParameterAnnotations();
 
-	private static final ParameterNameFactory<Method> METHOD_METHODPARAM_FACTORY = method -> method
+	private static final ParameterNameFactory<Method> METHOD_METHODPARAM_FACTORY = (method) -> method
 			.getParameterAnnotations();
 
 	/**
diff --git a/core/src/main/java/org/springframework/security/core/userdetails/MapReactiveUserDetailsService.java b/core/src/main/java/org/springframework/security/core/userdetails/MapReactiveUserDetailsService.java
index bab768315a..6d543134bb 100644
--- a/core/src/main/java/org/springframework/security/core/userdetails/MapReactiveUserDetailsService.java
+++ b/core/src/main/java/org/springframework/security/core/userdetails/MapReactiveUserDetailsService.java
@@ -72,7 +72,7 @@ public class MapReactiveUserDetailsService implements ReactiveUserDetailsService
 
 	@Override
 	public Mono<UserDetails> updatePassword(UserDetails user, String newPassword) {
-		return Mono.just(user).map(u -> User.withUserDetails(u).password(newPassword).build()).doOnNext(u -> {
+		return Mono.just(user).map((u) -> User.withUserDetails(u).password(newPassword).build()).doOnNext((u) -> {
 			String key = getKey(user.getUsername());
 			this.users.put(key, u);
 		});
diff --git a/core/src/main/java/org/springframework/security/core/userdetails/User.java b/core/src/main/java/org/springframework/security/core/userdetails/User.java
index e3c8fe469e..d2587154b8 100644
--- a/core/src/main/java/org/springframework/security/core/userdetails/User.java
+++ b/core/src/main/java/org/springframework/security/core/userdetails/User.java
@@ -359,7 +359,7 @@ public class User implements UserDetails, CredentialsContainer {
 
 		private boolean disabled;
 
-		private Function<String, String> passwordEncoder = password -> password;
+		private Function<String, String> passwordEncoder = (password) -> password;
 
 		/**
 		 * Creates a new instance
diff --git a/core/src/main/java/org/springframework/security/provisioning/JdbcUserDetailsManager.java b/core/src/main/java/org/springframework/security/provisioning/JdbcUserDetailsManager.java
index 16f426334e..f3d6e7ee8a 100644
--- a/core/src/main/java/org/springframework/security/provisioning/JdbcUserDetailsManager.java
+++ b/core/src/main/java/org/springframework/security/provisioning/JdbcUserDetailsManager.java
@@ -198,7 +198,7 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
 	public void createUser(final UserDetails user) {
 		validateUserDetails(user);
 
-		getJdbcTemplate().update(this.createUserSql, ps -> {
+		getJdbcTemplate().update(this.createUserSql, (ps) -> {
 			ps.setString(1, user.getUsername());
 			ps.setString(2, user.getPassword());
 			ps.setBoolean(3, user.isEnabled());
@@ -221,7 +221,7 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
 	public void updateUser(final UserDetails user) {
 		validateUserDetails(user);
 
-		getJdbcTemplate().update(this.updateUserSql, ps -> {
+		getJdbcTemplate().update(this.updateUserSql, (ps) -> {
 			ps.setString(1, user.getPassword());
 			ps.setBoolean(2, user.isEnabled());
 
@@ -347,7 +347,7 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
 
 		for (GrantedAuthority a : authorities) {
 			final String authority = a.getAuthority();
-			getJdbcTemplate().update(this.insertGroupAuthoritySql, ps -> {
+			getJdbcTemplate().update(this.insertGroupAuthoritySql, (ps) -> {
 				ps.setInt(1, groupId);
 				ps.setString(2, authority);
 			});
@@ -360,7 +360,7 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
 		Assert.hasText(groupName, "groupName should have text");
 
 		final int id = findGroupId(groupName);
-		PreparedStatementSetter groupIdPSS = ps -> ps.setInt(1, id);
+		PreparedStatementSetter groupIdPSS = (ps) -> ps.setInt(1, id);
 		getJdbcTemplate().update(this.deleteGroupMembersSql, groupIdPSS);
 		getJdbcTemplate().update(this.deleteGroupAuthoritiesSql, groupIdPSS);
 		getJdbcTemplate().update(this.deleteGroupSql, groupIdPSS);
@@ -382,7 +382,7 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
 		Assert.hasText(groupName, "groupName should have text");
 
 		final int id = findGroupId(groupName);
-		getJdbcTemplate().update(this.insertGroupMemberSql, ps -> {
+		getJdbcTemplate().update(this.insertGroupMemberSql, (ps) -> {
 			ps.setInt(1, id);
 			ps.setString(2, username);
 		});
@@ -398,7 +398,7 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
 
 		final int id = findGroupId(groupName);
 
-		getJdbcTemplate().update(this.deleteGroupMemberSql, ps -> {
+		getJdbcTemplate().update(this.deleteGroupMemberSql, (ps) -> {
 			ps.setInt(1, id);
 			ps.setString(2, username);
 		});
@@ -426,7 +426,7 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
 
 		final int id = findGroupId(groupName);
 
-		getJdbcTemplate().update(this.deleteGroupAuthoritySql, ps -> {
+		getJdbcTemplate().update(this.deleteGroupAuthoritySql, (ps) -> {
 			ps.setInt(1, id);
 			ps.setString(2, authority.getAuthority());
 		});
@@ -439,7 +439,7 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
 		Assert.notNull(authority, "authority cannot be null");
 
 		final int id = findGroupId(groupName);
-		getJdbcTemplate().update(this.insertGroupAuthoritySql, ps -> {
+		getJdbcTemplate().update(this.insertGroupAuthoritySql, (ps) -> {
 			ps.setInt(1, id);
 			ps.setString(2, authority.getAuthority());
 		});
diff --git a/core/src/test/java/org/springframework/security/access/expression/SecurityExpressionRootTests.java b/core/src/test/java/org/springframework/security/access/expression/SecurityExpressionRootTests.java
index 37d272e78e..c1e953f363 100644
--- a/core/src/test/java/org/springframework/security/access/expression/SecurityExpressionRootTests.java
+++ b/core/src/test/java/org/springframework/security/access/expression/SecurityExpressionRootTests.java
@@ -63,7 +63,7 @@ public class SecurityExpressionRootTests {
 
 	@Test
 	public void roleHierarchySupportIsCorrectlyUsedInEvaluatingRoles() {
-		this.root.setRoleHierarchy(authorities -> AuthorityUtils.createAuthorityList("ROLE_C"));
+		this.root.setRoleHierarchy((authorities) -> AuthorityUtils.createAuthorityList("ROLE_C"));
 
 		assertThat(this.root.hasRole("C")).isTrue();
 		assertThat(this.root.hasAuthority("ROLE_C")).isTrue();
diff --git a/core/src/test/java/org/springframework/security/authentication/UserDetailsRepositoryReactiveAuthenticationManagerTests.java b/core/src/test/java/org/springframework/security/authentication/UserDetailsRepositoryReactiveAuthenticationManagerTests.java
index a551d8fcb8..1718a05da4 100644
--- a/core/src/test/java/org/springframework/security/authentication/UserDetailsRepositoryReactiveAuthenticationManagerTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/UserDetailsRepositoryReactiveAuthenticationManagerTests.java
@@ -78,7 +78,7 @@ public class UserDetailsRepositoryReactiveAuthenticationManagerTests {
 	@Before
 	public void setup() {
 		this.manager = new UserDetailsRepositoryReactiveAuthenticationManager(this.userDetailsService);
-		given(this.scheduler.schedule(any())).willAnswer(a -> {
+		given(this.scheduler.schedule(any())).willAnswer((a) -> {
 			Runnable r = a.getArgument(0);
 			return Schedulers.immediate().schedule(r);
 		});
diff --git a/core/src/test/java/org/springframework/security/authentication/jaas/JaasAuthenticationProviderTests.java b/core/src/test/java/org/springframework/security/authentication/jaas/JaasAuthenticationProviderTests.java
index cf7f5681e4..f474ce4c40 100644
--- a/core/src/test/java/org/springframework/security/authentication/jaas/JaasAuthenticationProviderTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/jaas/JaasAuthenticationProviderTests.java
@@ -236,7 +236,7 @@ public class JaasAuthenticationProviderTests {
 	@Test
 	public void testLoginExceptionResolver() {
 		assertThat(this.jaasProvider.getLoginExceptionResolver()).isNotNull();
-		this.jaasProvider.setLoginExceptionResolver(e -> new LockedException("This is just a test!"));
+		this.jaasProvider.setLoginExceptionResolver((e) -> new LockedException("This is just a test!"));
 
 		try {
 			this.jaasProvider.authenticate(new UsernamePasswordAuthenticationToken("user", "password"));
diff --git a/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextRunnableTests.java b/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextRunnableTests.java
index 42bebe98c8..265ab85f16 100644
--- a/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextRunnableTests.java
+++ b/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextRunnableTests.java
@@ -62,7 +62,7 @@ public class DelegatingSecurityContextRunnableTests {
 	@Before
 	public void setUp() {
 		this.originalSecurityContext = SecurityContextHolder.createEmptyContext();
-		willAnswer((Answer<Object>) invocation -> {
+		willAnswer((Answer<Object>) (invocation) -> {
 			assertThat(SecurityContextHolder.getContext()).isEqualTo(this.securityContext);
 			return null;
 		}).given(this.delegate).run();
diff --git a/core/src/test/java/org/springframework/security/core/context/ReactiveSecurityContextHolderTests.java b/core/src/test/java/org/springframework/security/core/context/ReactiveSecurityContextHolderTests.java
index 573ebaccb8..eb915d7e32 100644
--- a/core/src/test/java/org/springframework/security/core/context/ReactiveSecurityContextHolderTests.java
+++ b/core/src/test/java/org/springframework/security/core/context/ReactiveSecurityContextHolderTests.java
@@ -42,7 +42,7 @@ public class ReactiveSecurityContextHolderTests {
 				new TestingAuthenticationToken("user", "password", "ROLE_USER"));
 
 		Mono<SecurityContext> context = Mono.subscriberContext()
-				.flatMap(c -> ReactiveSecurityContextHolder.getContext())
+				.flatMap((c) -> ReactiveSecurityContextHolder.getContext())
 				.subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(expectedContext)));
 
 		StepVerifier.create(context).expectNext(expectedContext).verifyComplete();
@@ -70,7 +70,7 @@ public class ReactiveSecurityContextHolderTests {
 				new TestingAuthenticationToken("user", "password", "ROLE_USER"));
 
 		Mono<SecurityContext> context = Mono.subscriberContext()
-				.flatMap(c -> ReactiveSecurityContextHolder.getContext())
+				.flatMap((c) -> ReactiveSecurityContextHolder.getContext())
 				.subscriberContext(ReactiveSecurityContextHolder.clearContext())
 				.subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(expectedContext)));
 
@@ -82,7 +82,7 @@ public class ReactiveSecurityContextHolderTests {
 		Authentication expectedAuthentication = new TestingAuthenticationToken("user", "password", "ROLE_USER");
 
 		Mono<Authentication> authentication = Mono.subscriberContext()
-				.flatMap(c -> ReactiveSecurityContextHolder.getContext()).map(SecurityContext::getAuthentication)
+				.flatMap((c) -> ReactiveSecurityContextHolder.getContext()).map(SecurityContext::getAuthentication)
 				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(expectedAuthentication));
 
 		StepVerifier.create(authentication).expectNext(expectedAuthentication).verifyComplete();
diff --git a/core/src/test/java/org/springframework/security/core/userdetails/PasswordEncodedUser.java b/core/src/test/java/org/springframework/security/core/userdetails/PasswordEncodedUser.java
index 60c190c40a..869c0f3538 100644
--- a/core/src/test/java/org/springframework/security/core/userdetails/PasswordEncodedUser.java
+++ b/core/src/test/java/org/springframework/security/core/userdetails/PasswordEncodedUser.java
@@ -49,7 +49,7 @@ public class PasswordEncodedUser {
 	}
 
 	private static Function<String, String> passwordEncoder() {
-		return rawPassword -> "{noop}" + rawPassword;
+		return (rawPassword) -> "{noop}" + rawPassword;
 	}
 
 	protected PasswordEncodedUser() {
diff --git a/core/src/test/java/org/springframework/security/core/userdetails/UserDetailsByNameServiceWrapperTests.java b/core/src/test/java/org/springframework/security/core/userdetails/UserDetailsByNameServiceWrapperTests.java
index 646b557499..8364a1f360 100644
--- a/core/src/test/java/org/springframework/security/core/userdetails/UserDetailsByNameServiceWrapperTests.java
+++ b/core/src/test/java/org/springframework/security/core/userdetails/UserDetailsByNameServiceWrapperTests.java
@@ -49,7 +49,7 @@ public class UserDetailsByNameServiceWrapperTests {
 	public final void testGetUserDetails() throws Exception {
 		UserDetailsByNameServiceWrapper svc = new UserDetailsByNameServiceWrapper();
 		final User user = new User("dummy", "dummy", true, true, true, true, AuthorityUtils.NO_AUTHORITIES);
-		svc.setUserDetailsService(name -> {
+		svc.setUserDetailsService((name) -> {
 			if (user != null && user.getUsername().equals(name)) {
 				return user;
 			}
diff --git a/core/src/test/java/org/springframework/security/core/userdetails/UserTests.java b/core/src/test/java/org/springframework/security/core/userdetails/UserTests.java
index 7138ef8ca0..920d6a249f 100644
--- a/core/src/test/java/org/springframework/security/core/userdetails/UserTests.java
+++ b/core/src/test/java/org/springframework/security/core/userdetails/UserTests.java
@@ -176,7 +176,8 @@ public class UserTests {
 	public void withUserWhenDetailsPasswordEncoderThenEncodes() {
 		UserDetails userDetails = User.withUsername("user").password("password").roles("USER").build();
 
-		UserDetails withEncodedPassword = User.withUserDetails(userDetails).passwordEncoder(p -> p + "encoded").build();
+		UserDetails withEncodedPassword = User.withUserDetails(userDetails).passwordEncoder((p) -> p + "encoded")
+				.build();
 
 		assertThat(withEncodedPassword.getPassword()).isEqualTo("passwordencoded");
 	}
@@ -184,7 +185,7 @@ public class UserTests {
 	@Test
 	public void withUsernameWhenPasswordEncoderAndPasswordThenEncodes() {
 		UserDetails withEncodedPassword = User.withUsername("user").password("password")
-				.passwordEncoder(p -> p + "encoded").roles("USER").build();
+				.passwordEncoder((p) -> p + "encoded").roles("USER").build();
 
 		assertThat(withEncodedPassword.getPassword()).isEqualTo("passwordencoded");
 	}
@@ -193,7 +194,7 @@ public class UserTests {
 	public void withUsernameWhenPasswordAndPasswordEncoderThenEncodes() {
 		// @formatter:off
 		UserDetails withEncodedPassword = User.withUsername("user")
-			.passwordEncoder(p -> p + "encoded")
+			.passwordEncoder((p) -> p + "encoded")
 			.password("password")
 			.roles("USER")
 			.build();
@@ -204,7 +205,7 @@ public class UserTests {
 
 	@Test
 	public void withUsernameWhenPasswordAndPasswordEncoderTwiceThenEncodesOnce() {
-		Function<String, String> encoder = p -> p + "encoded";
+		Function<String, String> encoder = (p) -> p + "encoded";
 		// @formatter:off
 		UserDetails withEncodedPassword = User.withUsername("user")
 			.passwordEncoder(encoder)
diff --git a/itest/web/src/integration-test/java/org/springframework/security/integration/ConcurrentSessionManagementTests.java b/itest/web/src/integration-test/java/org/springframework/security/integration/ConcurrentSessionManagementTests.java
index c2820e8ddc..4f74d2b48f 100644
--- a/itest/web/src/integration-test/java/org/springframework/security/integration/ConcurrentSessionManagementTests.java
+++ b/itest/web/src/integration-test/java/org/springframework/security/integration/ConcurrentSessionManagementTests.java
@@ -63,7 +63,7 @@ public class ConcurrentSessionManagementTests extends AbstractWebServerIntegrati
 
 		// Now logout to kill first session
 		mockMvc.perform(post("/logout").with(csrf())).andExpect(status().is3xxRedirection())
-				.andDo(result -> this.context.publishEvent(new SessionDestroyedEvent(session1) {
+				.andDo((result) -> this.context.publishEvent(new SessionDestroyedEvent(session1) {
 					@Override
 					public List<SecurityContext> getSecurityContexts() {
 						return Collections.emptyList();
diff --git a/ldap/src/integration-test/java/org/springframework/security/ldap/SpringSecurityLdapTemplateITests.java b/ldap/src/integration-test/java/org/springframework/security/ldap/SpringSecurityLdapTemplateITests.java
index ba1c820021..aadb2faaf9 100644
--- a/ldap/src/integration-test/java/org/springframework/security/ldap/SpringSecurityLdapTemplateITests.java
+++ b/ldap/src/integration-test/java/org/springframework/security/ldap/SpringSecurityLdapTemplateITests.java
@@ -91,7 +91,7 @@ public class SpringSecurityLdapTemplateITests {
 	@Test
 	public void namingExceptionIsTranslatedCorrectly() {
 		try {
-			this.template.executeReadOnly((ContextExecutor) dirContext -> {
+			this.template.executeReadOnly((ContextExecutor) (dirContext) -> {
 				throw new NamingException();
 			});
 			fail("Expected UncategorizedLdapException on NamingException");
diff --git a/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/DefaultLdapAuthoritiesPopulatorTests.java b/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/DefaultLdapAuthoritiesPopulatorTests.java
index b448b9518b..37cb58cc02 100644
--- a/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/DefaultLdapAuthoritiesPopulatorTests.java
+++ b/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/DefaultLdapAuthoritiesPopulatorTests.java
@@ -184,7 +184,7 @@ public class DefaultLdapAuthoritiesPopulatorTests {
 
 	@Test
 	public void customAuthoritiesMappingFunction() {
-		this.populator.setAuthorityMapper(record -> {
+		this.populator.setAuthorityMapper((record) -> {
 			String dn = record.get(SpringSecurityLdapTemplate.DN_KEY).get(0);
 			String role = record.get(this.populator.getGroupRoleAttribute()).get(0);
 			return new LdapAuthority(role, dn);
diff --git a/ldap/src/main/java/org/springframework/security/ldap/SpringSecurityLdapTemplate.java b/ldap/src/main/java/org/springframework/security/ldap/SpringSecurityLdapTemplate.java
index e12cdcf848..7c21ead437 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/SpringSecurityLdapTemplate.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/SpringSecurityLdapTemplate.java
@@ -124,7 +124,7 @@ public class SpringSecurityLdapTemplate extends LdapTemplate {
 	 */
 	public DirContextOperations retrieveEntry(final String dn, final String[] attributesToRetrieve) {
 
-		return (DirContextOperations) executeReadOnly((ContextExecutor) ctx -> {
+		return (DirContextOperations) executeReadOnly((ContextExecutor) (ctx) -> {
 			Attributes attrs = ctx.getAttributes(dn, attributesToRetrieve);
 
 			// Object object = ctx.lookup(LdapUtils.getRelativeName(dn, ctx));
@@ -188,7 +188,7 @@ public class SpringSecurityLdapTemplate extends LdapTemplate {
 
 		final HashSet<Map<String, List<String>>> set = new HashSet<>();
 
-		ContextMapper roleMapper = ctx -> {
+		ContextMapper roleMapper = (ctx) -> {
 			DirContextAdapter adapter = (DirContextAdapter) ctx;
 			Map<String, List<String>> record = new HashMap<>();
 			if (attributeNames == null || attributeNames.length == 0) {
@@ -285,8 +285,8 @@ public class SpringSecurityLdapTemplate extends LdapTemplate {
 	 */
 	public DirContextOperations searchForSingleEntry(final String base, final String filter, final Object[] params) {
 
-		return (DirContextOperations) executeReadOnly(
-				(ContextExecutor) ctx -> searchForSingleEntryInternal(ctx, this.searchControls, base, filter, params));
+		return (DirContextOperations) executeReadOnly((ContextExecutor) (ctx) -> searchForSingleEntryInternal(ctx,
+				this.searchControls, base, filter, params));
 	}
 
 	/**
diff --git a/ldap/src/main/java/org/springframework/security/ldap/userdetails/DefaultLdapAuthoritiesPopulator.java b/ldap/src/main/java/org/springframework/security/ldap/userdetails/DefaultLdapAuthoritiesPopulator.java
index 6ec5f13606..2fd023c839 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/userdetails/DefaultLdapAuthoritiesPopulator.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/userdetails/DefaultLdapAuthoritiesPopulator.java
@@ -169,7 +169,7 @@ public class DefaultLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator
 			logger.info("groupSearchBase is empty. Searches will be performed from the context source base");
 		}
 
-		this.authorityMapper = record -> {
+		this.authorityMapper = (record) -> {
 			String role = record.get(this.groupRoleAttribute).get(0);
 
 			if (this.convertToUpperCase) {
diff --git a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsManager.java b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsManager.java
index a5a2c9e04e..b2faf060bc 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsManager.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsManager.java
@@ -114,7 +114,7 @@ public class LdapUserDetailsManager implements UserDetailsManager {
 	private final LdapTemplate template;
 
 	/** Default context mapper used to create a set of roles from a list of attributes */
-	private AttributesMapper roleMapper = attributes -> {
+	private AttributesMapper roleMapper = (attributes) -> {
 		Attribute roleAttr = attributes.get(this.groupRoleAttributeName);
 
 		NamingEnumeration<?> ne = roleAttr.getAll();
@@ -146,7 +146,7 @@ public class LdapUserDetailsManager implements UserDetailsManager {
 	}
 
 	private DirContextAdapter loadUserAsContext(final DistinguishedName dn, final String username) {
-		return (DirContextAdapter) this.template.executeReadOnly((ContextExecutor) ctx -> {
+		return (DirContextAdapter) this.template.executeReadOnly((ContextExecutor) (ctx) -> {
 			try {
 				Attributes attrs = ctx.getAttributes(dn, this.attributesToRetrieve);
 				return new DirContextAdapter(attrs, LdapUtils.getFullDn(dn, ctx));
@@ -210,7 +210,7 @@ public class LdapUserDetailsManager implements UserDetailsManager {
 	 */
 	@SuppressWarnings("unchecked")
 	List<GrantedAuthority> getUserAuthorities(final DistinguishedName dn, final String username) {
-		SearchExecutor se = ctx -> {
+		SearchExecutor se = (ctx) -> {
 			DistinguishedName fullDn = LdapUtils.getFullDn(dn, ctx);
 			SearchControls ctrls = new SearchControls();
 			ctrls.setReturningAttributes(new String[] { this.groupRoleAttributeName });
@@ -327,7 +327,7 @@ public class LdapUserDetailsManager implements UserDetailsManager {
 
 	private void modifyAuthorities(final DistinguishedName userDn,
 			final Collection<? extends GrantedAuthority> authorities, final int modType) {
-		this.template.executeReadWrite((ContextExecutor) ctx -> {
+		this.template.executeReadWrite((ContextExecutor) (ctx) -> {
 			for (GrantedAuthority authority : authorities) {
 				String group = convertAuthorityToGroup(authority);
 				DistinguishedName fullDn = LdapUtils.getFullDn(userDn, ctx);
@@ -428,7 +428,7 @@ public class LdapUserDetailsManager implements UserDetailsManager {
 			return;
 		}
 
-		this.template.executeReadWrite(dirCtx -> {
+		this.template.executeReadWrite((dirCtx) -> {
 			LdapContext ctx = (LdapContext) dirCtx;
 			ctx.removeFromEnvironment("com.sun.jndi.ldap.connect.pool");
 			ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, LdapUtils.getFullDn(userDn, ctx).toString());
@@ -451,7 +451,7 @@ public class LdapUserDetailsManager implements UserDetailsManager {
 	private void changePasswordUsingExtensionOperation(DistinguishedName userDn, String oldPassword,
 			String newPassword) {
 
-		this.template.executeReadWrite(dirCtx -> {
+		this.template.executeReadWrite((dirCtx) -> {
 			LdapContext ctx = (LdapContext) dirCtx;
 
 			String userIdentity = LdapUtils.getFullDn(userDn, ctx).encode();
diff --git a/messaging/src/main/java/org/springframework/security/messaging/handler/invocation/reactive/AuthenticationPrincipalArgumentResolver.java b/messaging/src/main/java/org/springframework/security/messaging/handler/invocation/reactive/AuthenticationPrincipalArgumentResolver.java
index c2d9fb6483..4f5b14bd5a 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/handler/invocation/reactive/AuthenticationPrincipalArgumentResolver.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/handler/invocation/reactive/AuthenticationPrincipalArgumentResolver.java
@@ -125,7 +125,7 @@ public class AuthenticationPrincipalArgumentResolver implements HandlerMethodArg
 	@Override
 	public Mono<Object> resolveArgument(MethodParameter parameter, Message<?> message) {
 		ReactiveAdapter adapter = this.adapterRegistry.getAdapter(parameter.getParameterType());
-		return ReactiveSecurityContextHolder.getContext().map(SecurityContext::getAuthentication).flatMap(a -> {
+		return ReactiveSecurityContextHolder.getContext().map(SecurityContext::getAuthentication).flatMap((a) -> {
 			Object p = resolvePrincipal(parameter, a.getPrincipal());
 			Mono<Object> principal = Mono.justOrEmpty(p);
 			return adapter == null ? principal : Mono.just(adapter.fromPublisher(principal));
diff --git a/messaging/src/main/java/org/springframework/security/messaging/handler/invocation/reactive/CurrentSecurityContextArgumentResolver.java b/messaging/src/main/java/org/springframework/security/messaging/handler/invocation/reactive/CurrentSecurityContextArgumentResolver.java
index ed07e9e893..21165e9363 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/handler/invocation/reactive/CurrentSecurityContextArgumentResolver.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/handler/invocation/reactive/CurrentSecurityContextArgumentResolver.java
@@ -124,7 +124,7 @@ public class CurrentSecurityContextArgumentResolver implements HandlerMethodArgu
 	@Override
 	public Mono<Object> resolveArgument(MethodParameter parameter, Message<?> message) {
 		ReactiveAdapter adapter = this.adapterRegistry.getAdapter(parameter.getParameterType());
-		return ReactiveSecurityContextHolder.getContext().flatMap(securityContext -> {
+		return ReactiveSecurityContextHolder.getContext().flatMap((securityContext) -> {
 			Object sc = resolveSecurityContext(parameter, securityContext);
 			Mono<Object> result = Mono.justOrEmpty(sc);
 			return adapter == null ? result : Mono.just(adapter.fromPublisher(result));
diff --git a/messaging/src/main/java/org/springframework/security/messaging/util/matcher/SimpDestinationMessageMatcher.java b/messaging/src/main/java/org/springframework/security/messaging/util/matcher/SimpDestinationMessageMatcher.java
index 95c1c60a0b..12aea1f659 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/util/matcher/SimpDestinationMessageMatcher.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/util/matcher/SimpDestinationMessageMatcher.java
@@ -38,7 +38,7 @@ import org.springframework.util.PathMatcher;
  */
 public final class SimpDestinationMessageMatcher implements MessageMatcher<Object> {
 
-	public static final MessageMatcher<Object> NULL_DESTINATION_MATCHER = message -> {
+	public static final MessageMatcher<Object> NULL_DESTINATION_MATCHER = (message) -> {
 		String destination = SimpMessageHeaderAccessor.getDestination(message.getHeaders());
 		return destination == null;
 	};
diff --git a/messaging/src/test/java/org/springframework/security/messaging/handler/invocation/ResolvableMethod.java b/messaging/src/test/java/org/springframework/security/messaging/handler/invocation/ResolvableMethod.java
index 653b3a2c66..2dde084f5d 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/handler/invocation/ResolvableMethod.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/handler/invocation/ResolvableMethod.java
@@ -120,7 +120,7 @@ import org.springframework.util.ReflectionUtils;
  * Locate a method by invoking it through a proxy of the target handler:
  *
  * <pre>
- * ResolvableMethod.on(TestController.class).mockCall(o -> o.handle(null)).method();
+ * ResolvableMethod.on(TestController.class).mockCall((o) -> o.handle(null)).method();
  * </pre>
  *
  * @author Rossen Stoyanchev
@@ -323,7 +323,7 @@ public final class ResolvableMethod {
 		 * Filter on methods with the given name.
 		 */
 		public Builder<T> named(String methodName) {
-			addFilter("methodName=" + methodName, method -> method.getName().equals(methodName));
+			addFilter("methodName=" + methodName, (method) -> method.getName().equals(methodName));
 			return this;
 		}
 
@@ -331,7 +331,7 @@ public final class ResolvableMethod {
 		 * Filter on methods with the given parameter types.
 		 */
 		public Builder<T> argTypes(Class<?>... argTypes) {
-			addFilter("argTypes=" + Arrays.toString(argTypes), method -> ObjectUtils.isEmpty(argTypes)
+			addFilter("argTypes=" + Arrays.toString(argTypes), (method) -> ObjectUtils.isEmpty(argTypes)
 					? method.getParameterCount() == 0 : Arrays.equals(method.getParameterTypes(), argTypes));
 			return this;
 		}
@@ -354,8 +354,8 @@ public final class ResolvableMethod {
 		@SafeVarargs
 		public final Builder<T> annotPresent(Class<? extends Annotation>... annotationTypes) {
 			String message = "annotationPresent=" + Arrays.toString(annotationTypes);
-			addFilter(message, candidate -> Arrays.stream(annotationTypes)
-					.allMatch(annotType -> AnnotatedElementUtils.findMergedAnnotation(candidate, annotType) != null));
+			addFilter(message, (candidate) -> Arrays.stream(annotationTypes)
+					.allMatch((annotType) -> AnnotatedElementUtils.findMergedAnnotation(candidate, annotType) != null));
 			return this;
 		}
 
@@ -365,10 +365,10 @@ public final class ResolvableMethod {
 		@SafeVarargs
 		public final Builder<T> annotNotPresent(Class<? extends Annotation>... annotationTypes) {
 			String message = "annotationNotPresent=" + Arrays.toString(annotationTypes);
-			addFilter(message, candidate -> {
+			addFilter(message, (candidate) -> {
 				if (annotationTypes.length != 0) {
 					return Arrays.stream(annotationTypes).noneMatch(
-							annotType -> AnnotatedElementUtils.findMergedAnnotation(candidate, annotType) != null);
+							(annotType) -> AnnotatedElementUtils.findMergedAnnotation(candidate, annotType) != null);
 				}
 				else {
 					return candidate.getAnnotations().length == 0;
@@ -403,7 +403,7 @@ public final class ResolvableMethod {
 		public Builder<T> returning(ResolvableType returnType) {
 			String expected = returnType.toString();
 			String message = "returnType=" + expected;
-			addFilter(message, m -> expected.equals(ResolvableType.forMethodReturnType(m).toString()));
+			addFilter(message, (m) -> expected.equals(ResolvableType.forMethodReturnType(m).toString()));
 			return this;
 		}
 
@@ -423,7 +423,7 @@ public final class ResolvableMethod {
 		}
 
 		private boolean isMatch(Method method) {
-			return this.filters.stream().allMatch(p -> p.test(method));
+			return this.filters.stream().allMatch((p) -> p.test(method));
 		}
 
 		private String formatMethods(Set<Method> methods) {
@@ -581,7 +581,7 @@ public final class ResolvableMethod {
 		 */
 		@SafeVarargs
 		public final ArgResolver annotPresent(Class<? extends Annotation>... annotationTypes) {
-			this.filters.add(param -> Arrays.stream(annotationTypes).allMatch(param::hasParameterAnnotation));
+			this.filters.add((param) -> Arrays.stream(annotationTypes).allMatch(param::hasParameterAnnotation));
 			return this;
 		}
 
@@ -591,7 +591,7 @@ public final class ResolvableMethod {
 		 */
 		@SafeVarargs
 		public final ArgResolver annotNotPresent(Class<? extends Annotation>... annotationTypes) {
-			this.filters.add(param -> (annotationTypes.length > 0
+			this.filters.add((param) -> (annotationTypes.length > 0
 					? Arrays.stream(annotationTypes).noneMatch(param::hasParameterAnnotation)
 					: param.getParameterAnnotations().length == 0));
 			return this;
@@ -618,7 +618,7 @@ public final class ResolvableMethod {
 		 * @param type the expected type
 		 */
 		public MethodParameter arg(ResolvableType type) {
-			this.filters.add(p -> type.toString().equals(ResolvableType.forMethodParameter(p).toString()));
+			this.filters.add((p) -> type.toString().equals(ResolvableType.forMethodParameter(p).toString()));
 			return arg();
 		}
 
@@ -638,7 +638,7 @@ public final class ResolvableMethod {
 			for (int i = 0; i < ResolvableMethod.this.method.getParameterCount(); i++) {
 				MethodParameter param = new SynthesizingMethodParameter(ResolvableMethod.this.method, i);
 				param.initParameterNameDiscovery(nameDiscoverer);
-				if (this.filters.stream().allMatch(p -> p.test(param))) {
+				if (this.filters.stream().allMatch((p) -> p.test(param))) {
 					matches.add(param);
 				}
 			}
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizedClientServiceOAuth2AuthorizedClientManager.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizedClientServiceOAuth2AuthorizedClientManager.java
index f978419418..e2a4d6a753 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizedClientServiceOAuth2AuthorizedClientManager.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizedClientServiceOAuth2AuthorizedClientManager.java
@@ -138,12 +138,13 @@ public final class AuthorizedClientServiceOAuth2AuthorizedClientManager implemen
 				contextBuilder = OAuth2AuthorizationContext.withClientRegistration(clientRegistration);
 			}
 		}
-		OAuth2AuthorizationContext authorizationContext = contextBuilder.principal(principal).attributes(attributes -> {
-			Map<String, Object> contextAttributes = this.contextAttributesMapper.apply(authorizeRequest);
-			if (!CollectionUtils.isEmpty(contextAttributes)) {
-				attributes.putAll(contextAttributes);
-			}
-		}).build();
+		OAuth2AuthorizationContext authorizationContext = contextBuilder.principal(principal)
+				.attributes((attributes) -> {
+					Map<String, Object> contextAttributes = this.contextAttributesMapper.apply(authorizeRequest);
+					if (!CollectionUtils.isEmpty(contextAttributes)) {
+						attributes.putAll(contextAttributes);
+					}
+				}).build();
 
 		try {
 			authorizedClient = this.authorizedClientProvider.authorize(authorizationContext);
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager.java
index de45d9a6a1..c1a6193e6f 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager.java
@@ -122,7 +122,7 @@ public final class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager
 		Assert.notNull(authorizeRequest, "authorizeRequest cannot be null");
 
 		return createAuthorizationContext(authorizeRequest)
-				.flatMap(authorizationContext -> authorize(authorizationContext, authorizeRequest.getPrincipal()));
+				.flatMap((authorizationContext) -> authorize(authorizationContext, authorizeRequest.getPrincipal()));
 	}
 
 	private Mono<OAuth2AuthorizationContext> createAuthorizationContext(OAuth2AuthorizeRequest authorizeRequest) {
@@ -132,18 +132,18 @@ public final class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager
 				.map(OAuth2AuthorizationContext::withAuthorizedClient)
 				.switchIfEmpty(Mono.defer(() -> this.clientRegistrationRepository
 						.findByRegistrationId(clientRegistrationId)
-						.flatMap(clientRegistration -> this.authorizedClientService
+						.flatMap((clientRegistration) -> this.authorizedClientService
 								.loadAuthorizedClient(clientRegistrationId, principal.getName())
 								.map(OAuth2AuthorizationContext::withAuthorizedClient)
 								.switchIfEmpty(Mono.fromSupplier(
 										() -> OAuth2AuthorizationContext.withClientRegistration(clientRegistration))))
 						.switchIfEmpty(Mono.error(() -> new IllegalArgumentException(
 								"Could not find ClientRegistration with id '" + clientRegistrationId + "'")))))
-				.flatMap(contextBuilder -> this.contextAttributesMapper.apply(authorizeRequest)
-						.defaultIfEmpty(Collections.emptyMap()).map(contextAttributes -> {
+				.flatMap((contextBuilder) -> this.contextAttributesMapper.apply(authorizeRequest)
+						.defaultIfEmpty(Collections.emptyMap()).map((contextAttributes) -> {
 							OAuth2AuthorizationContext.Builder builder = contextBuilder.principal(principal);
 							if (!contextAttributes.isEmpty()) {
-								builder = builder.attributes(attributes -> attributes.putAll(contextAttributes));
+								builder = builder.attributes((attributes) -> attributes.putAll(contextAttributes));
 							}
 							return builder.build();
 						}));
@@ -165,12 +165,12 @@ public final class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager
 		return this.authorizedClientProvider.authorize(authorizationContext)
 				// Delegate to the authorizationSuccessHandler of the successful
 				// authorization
-				.flatMap(authorizedClient -> this.authorizationSuccessHandler
+				.flatMap((authorizedClient) -> this.authorizationSuccessHandler
 						.onAuthorizationSuccess(authorizedClient, principal, Collections.emptyMap())
 						.thenReturn(authorizedClient))
 				// Delegate to the authorizationFailureHandler of the failed authorization
 				.onErrorResume(OAuth2AuthorizationException.class,
-						authorizationException -> this.authorizationFailureHandler
+						(authorizationException) -> this.authorizationFailureHandler
 								.onAuthorizationFailure(authorizationException, principal, Collections.emptyMap())
 								.then(Mono.error(authorizationException)))
 				.switchIfEmpty(Mono.defer(() -> Mono.justOrEmpty(authorizationContext.getAuthorizedClient())));
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ClientCredentialsReactiveOAuth2AuthorizedClientProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ClientCredentialsReactiveOAuth2AuthorizedClientProvider.java
index 0bdf39e3ec..9a22665efa 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ClientCredentialsReactiveOAuth2AuthorizedClientProvider.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ClientCredentialsReactiveOAuth2AuthorizedClientProvider.java
@@ -87,8 +87,9 @@ public final class ClientCredentialsReactiveOAuth2AuthorizedClientProvider
 		return Mono.just(new OAuth2ClientCredentialsGrantRequest(clientRegistration))
 				.flatMap(this.accessTokenResponseClient::getTokenResponse)
 				.onErrorMap(OAuth2AuthorizationException.class,
-						e -> new ClientAuthorizationException(e.getError(), clientRegistration.getRegistrationId(), e))
-				.map(tokenResponse -> new OAuth2AuthorizedClient(clientRegistration, context.getPrincipal().getName(),
+						(e) -> new ClientAuthorizationException(e.getError(), clientRegistration.getRegistrationId(),
+								e))
+				.map((tokenResponse) -> new OAuth2AuthorizedClient(clientRegistration, context.getPrincipal().getName(),
 						tokenResponse.getAccessToken()));
 	}
 
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/DelegatingReactiveOAuth2AuthorizedClientProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/DelegatingReactiveOAuth2AuthorizedClientProvider.java
index 1d948c43d3..af24c53289 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/DelegatingReactiveOAuth2AuthorizedClientProvider.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/DelegatingReactiveOAuth2AuthorizedClientProvider.java
@@ -73,7 +73,7 @@ public final class DelegatingReactiveOAuth2AuthorizedClientProvider implements R
 	public Mono<OAuth2AuthorizedClient> authorize(OAuth2AuthorizationContext context) {
 		Assert.notNull(context, "context cannot be null");
 		return Flux.fromIterable(this.authorizedClientProviders)
-				.concatMap(authorizedClientProvider -> authorizedClientProvider.authorize(context)).next();
+				.concatMap((authorizedClientProvider) -> authorizedClientProvider.authorize(context)).next();
 	}
 
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/InMemoryReactiveOAuth2AuthorizedClientService.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/InMemoryReactiveOAuth2AuthorizedClientService.java
index d14d86cfc6..4d6161a936 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/InMemoryReactiveOAuth2AuthorizedClientService.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/InMemoryReactiveOAuth2AuthorizedClientService.java
@@ -62,8 +62,8 @@ public final class InMemoryReactiveOAuth2AuthorizedClientService implements Reac
 		Assert.hasText(clientRegistrationId, "clientRegistrationId cannot be empty");
 		Assert.hasText(principalName, "principalName cannot be empty");
 		return (Mono<T>) this.clientRegistrationRepository.findByRegistrationId(clientRegistrationId)
-				.map(clientRegistration -> new OAuth2AuthorizedClientId(clientRegistrationId, principalName))
-				.flatMap(identifier -> Mono.justOrEmpty(this.authorizedClients.get(identifier)));
+				.map((clientRegistration) -> new OAuth2AuthorizedClientId(clientRegistrationId, principalName))
+				.flatMap((identifier) -> Mono.justOrEmpty(this.authorizedClients.get(identifier)));
 	}
 
 	@Override
@@ -82,7 +82,7 @@ public final class InMemoryReactiveOAuth2AuthorizedClientService implements Reac
 		Assert.hasText(clientRegistrationId, "clientRegistrationId cannot be empty");
 		Assert.hasText(principalName, "principalName cannot be empty");
 		return this.clientRegistrationRepository.findByRegistrationId(clientRegistrationId)
-				.map(clientRegistration -> new OAuth2AuthorizedClientId(clientRegistrationId, principalName))
+				.map((clientRegistration) -> new OAuth2AuthorizedClientId(clientRegistrationId, principalName))
 				.doOnNext(this.authorizedClients::remove).then(Mono.empty());
 	}
 
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientProviderBuilder.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientProviderBuilder.java
index cf69c89344..fa109dd2aa 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientProviderBuilder.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientProviderBuilder.java
@@ -73,7 +73,7 @@ public final class OAuth2AuthorizedClientProviderBuilder {
 	 */
 	public OAuth2AuthorizedClientProviderBuilder provider(OAuth2AuthorizedClientProvider provider) {
 		Assert.notNull(provider, "provider cannot be null");
-		this.builders.computeIfAbsent(provider.getClass(), k -> () -> provider);
+		this.builders.computeIfAbsent(provider.getClass(), (k) -> () -> provider);
 		return OAuth2AuthorizedClientProviderBuilder.this;
 	}
 
@@ -83,7 +83,7 @@ public final class OAuth2AuthorizedClientProviderBuilder {
 	 */
 	public OAuth2AuthorizedClientProviderBuilder authorizationCode() {
 		this.builders.computeIfAbsent(AuthorizationCodeOAuth2AuthorizedClientProvider.class,
-				k -> new AuthorizationCodeGrantBuilder());
+				(k) -> new AuthorizationCodeGrantBuilder());
 		return OAuth2AuthorizedClientProviderBuilder.this;
 	}
 
@@ -93,7 +93,7 @@ public final class OAuth2AuthorizedClientProviderBuilder {
 	 */
 	public OAuth2AuthorizedClientProviderBuilder refreshToken() {
 		this.builders.computeIfAbsent(RefreshTokenOAuth2AuthorizedClientProvider.class,
-				k -> new RefreshTokenGrantBuilder());
+				(k) -> new RefreshTokenGrantBuilder());
 		return OAuth2AuthorizedClientProviderBuilder.this;
 	}
 
@@ -104,8 +104,8 @@ public final class OAuth2AuthorizedClientProviderBuilder {
 	 * @return the {@link OAuth2AuthorizedClientProviderBuilder}
 	 */
 	public OAuth2AuthorizedClientProviderBuilder refreshToken(Consumer<RefreshTokenGrantBuilder> builderConsumer) {
-		RefreshTokenGrantBuilder builder = (RefreshTokenGrantBuilder) this.builders
-				.computeIfAbsent(RefreshTokenOAuth2AuthorizedClientProvider.class, k -> new RefreshTokenGrantBuilder());
+		RefreshTokenGrantBuilder builder = (RefreshTokenGrantBuilder) this.builders.computeIfAbsent(
+				RefreshTokenOAuth2AuthorizedClientProvider.class, (k) -> new RefreshTokenGrantBuilder());
 		builderConsumer.accept(builder);
 		return OAuth2AuthorizedClientProviderBuilder.this;
 	}
@@ -116,7 +116,7 @@ public final class OAuth2AuthorizedClientProviderBuilder {
 	 */
 	public OAuth2AuthorizedClientProviderBuilder clientCredentials() {
 		this.builders.computeIfAbsent(ClientCredentialsOAuth2AuthorizedClientProvider.class,
-				k -> new ClientCredentialsGrantBuilder());
+				(k) -> new ClientCredentialsGrantBuilder());
 		return OAuth2AuthorizedClientProviderBuilder.this;
 	}
 
@@ -129,7 +129,7 @@ public final class OAuth2AuthorizedClientProviderBuilder {
 	public OAuth2AuthorizedClientProviderBuilder clientCredentials(
 			Consumer<ClientCredentialsGrantBuilder> builderConsumer) {
 		ClientCredentialsGrantBuilder builder = (ClientCredentialsGrantBuilder) this.builders.computeIfAbsent(
-				ClientCredentialsOAuth2AuthorizedClientProvider.class, k -> new ClientCredentialsGrantBuilder());
+				ClientCredentialsOAuth2AuthorizedClientProvider.class, (k) -> new ClientCredentialsGrantBuilder());
 		builderConsumer.accept(builder);
 		return OAuth2AuthorizedClientProviderBuilder.this;
 	}
@@ -139,7 +139,7 @@ public final class OAuth2AuthorizedClientProviderBuilder {
 	 * @return the {@link OAuth2AuthorizedClientProviderBuilder}
 	 */
 	public OAuth2AuthorizedClientProviderBuilder password() {
-		this.builders.computeIfAbsent(PasswordOAuth2AuthorizedClientProvider.class, k -> new PasswordGrantBuilder());
+		this.builders.computeIfAbsent(PasswordOAuth2AuthorizedClientProvider.class, (k) -> new PasswordGrantBuilder());
 		return OAuth2AuthorizedClientProviderBuilder.this;
 	}
 
@@ -151,7 +151,7 @@ public final class OAuth2AuthorizedClientProviderBuilder {
 	 */
 	public OAuth2AuthorizedClientProviderBuilder password(Consumer<PasswordGrantBuilder> builderConsumer) {
 		PasswordGrantBuilder builder = (PasswordGrantBuilder) this.builders
-				.computeIfAbsent(PasswordOAuth2AuthorizedClientProvider.class, k -> new PasswordGrantBuilder());
+				.computeIfAbsent(PasswordOAuth2AuthorizedClientProvider.class, (k) -> new PasswordGrantBuilder());
 		builderConsumer.accept(builder);
 		return OAuth2AuthorizedClientProviderBuilder.this;
 	}
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/PasswordReactiveOAuth2AuthorizedClientProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/PasswordReactiveOAuth2AuthorizedClientProvider.java
index cd535abc6d..3b34cf85d9 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/PasswordReactiveOAuth2AuthorizedClientProvider.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/PasswordReactiveOAuth2AuthorizedClientProvider.java
@@ -111,8 +111,9 @@ public final class PasswordReactiveOAuth2AuthorizedClientProvider implements Rea
 
 		return Mono.just(passwordGrantRequest).flatMap(this.accessTokenResponseClient::getTokenResponse)
 				.onErrorMap(OAuth2AuthorizationException.class,
-						e -> new ClientAuthorizationException(e.getError(), clientRegistration.getRegistrationId(), e))
-				.map(tokenResponse -> new OAuth2AuthorizedClient(clientRegistration, context.getPrincipal().getName(),
+						(e) -> new ClientAuthorizationException(e.getError(), clientRegistration.getRegistrationId(),
+								e))
+				.map((tokenResponse) -> new OAuth2AuthorizedClient(clientRegistration, context.getPrincipal().getName(),
 						tokenResponse.getAccessToken(), tokenResponse.getRefreshToken()));
 	}
 
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientProviderBuilder.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientProviderBuilder.java
index 6852f42c9f..7b0580571d 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientProviderBuilder.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientProviderBuilder.java
@@ -73,7 +73,7 @@ public final class ReactiveOAuth2AuthorizedClientProviderBuilder {
 	 */
 	public ReactiveOAuth2AuthorizedClientProviderBuilder provider(ReactiveOAuth2AuthorizedClientProvider provider) {
 		Assert.notNull(provider, "provider cannot be null");
-		this.builders.computeIfAbsent(provider.getClass(), k -> () -> provider);
+		this.builders.computeIfAbsent(provider.getClass(), (k) -> () -> provider);
 		return ReactiveOAuth2AuthorizedClientProviderBuilder.this;
 	}
 
@@ -83,7 +83,7 @@ public final class ReactiveOAuth2AuthorizedClientProviderBuilder {
 	 */
 	public ReactiveOAuth2AuthorizedClientProviderBuilder authorizationCode() {
 		this.builders.computeIfAbsent(AuthorizationCodeReactiveOAuth2AuthorizedClientProvider.class,
-				k -> new AuthorizationCodeGrantBuilder());
+				(k) -> new AuthorizationCodeGrantBuilder());
 		return ReactiveOAuth2AuthorizedClientProviderBuilder.this;
 	}
 
@@ -93,7 +93,7 @@ public final class ReactiveOAuth2AuthorizedClientProviderBuilder {
 	 */
 	public ReactiveOAuth2AuthorizedClientProviderBuilder refreshToken() {
 		this.builders.computeIfAbsent(RefreshTokenReactiveOAuth2AuthorizedClientProvider.class,
-				k -> new RefreshTokenGrantBuilder());
+				(k) -> new RefreshTokenGrantBuilder());
 		return ReactiveOAuth2AuthorizedClientProviderBuilder.this;
 	}
 
@@ -106,7 +106,7 @@ public final class ReactiveOAuth2AuthorizedClientProviderBuilder {
 	public ReactiveOAuth2AuthorizedClientProviderBuilder refreshToken(
 			Consumer<RefreshTokenGrantBuilder> builderConsumer) {
 		RefreshTokenGrantBuilder builder = (RefreshTokenGrantBuilder) this.builders.computeIfAbsent(
-				RefreshTokenReactiveOAuth2AuthorizedClientProvider.class, k -> new RefreshTokenGrantBuilder());
+				RefreshTokenReactiveOAuth2AuthorizedClientProvider.class, (k) -> new RefreshTokenGrantBuilder());
 		builderConsumer.accept(builder);
 		return ReactiveOAuth2AuthorizedClientProviderBuilder.this;
 	}
@@ -117,7 +117,7 @@ public final class ReactiveOAuth2AuthorizedClientProviderBuilder {
 	 */
 	public ReactiveOAuth2AuthorizedClientProviderBuilder clientCredentials() {
 		this.builders.computeIfAbsent(ClientCredentialsReactiveOAuth2AuthorizedClientProvider.class,
-				k -> new ClientCredentialsGrantBuilder());
+				(k) -> new ClientCredentialsGrantBuilder());
 		return ReactiveOAuth2AuthorizedClientProviderBuilder.this;
 	}
 
@@ -131,7 +131,7 @@ public final class ReactiveOAuth2AuthorizedClientProviderBuilder {
 			Consumer<ClientCredentialsGrantBuilder> builderConsumer) {
 		ClientCredentialsGrantBuilder builder = (ClientCredentialsGrantBuilder) this.builders.computeIfAbsent(
 				ClientCredentialsReactiveOAuth2AuthorizedClientProvider.class,
-				k -> new ClientCredentialsGrantBuilder());
+				(k) -> new ClientCredentialsGrantBuilder());
 		builderConsumer.accept(builder);
 		return ReactiveOAuth2AuthorizedClientProviderBuilder.this;
 	}
@@ -142,7 +142,7 @@ public final class ReactiveOAuth2AuthorizedClientProviderBuilder {
 	 */
 	public ReactiveOAuth2AuthorizedClientProviderBuilder password() {
 		this.builders.computeIfAbsent(PasswordReactiveOAuth2AuthorizedClientProvider.class,
-				k -> new PasswordGrantBuilder());
+				(k) -> new PasswordGrantBuilder());
 		return ReactiveOAuth2AuthorizedClientProviderBuilder.this;
 	}
 
@@ -153,8 +153,8 @@ public final class ReactiveOAuth2AuthorizedClientProviderBuilder {
 	 * @return the {@link ReactiveOAuth2AuthorizedClientProviderBuilder}
 	 */
 	public ReactiveOAuth2AuthorizedClientProviderBuilder password(Consumer<PasswordGrantBuilder> builderConsumer) {
-		PasswordGrantBuilder builder = (PasswordGrantBuilder) this.builders
-				.computeIfAbsent(PasswordReactiveOAuth2AuthorizedClientProvider.class, k -> new PasswordGrantBuilder());
+		PasswordGrantBuilder builder = (PasswordGrantBuilder) this.builders.computeIfAbsent(
+				PasswordReactiveOAuth2AuthorizedClientProvider.class, (k) -> new PasswordGrantBuilder());
 		builderConsumer.accept(builder);
 		return ReactiveOAuth2AuthorizedClientProviderBuilder.this;
 	}
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RefreshTokenReactiveOAuth2AuthorizedClientProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RefreshTokenReactiveOAuth2AuthorizedClientProvider.java
index 8abf943725..d93f36e485 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RefreshTokenReactiveOAuth2AuthorizedClientProvider.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RefreshTokenReactiveOAuth2AuthorizedClientProvider.java
@@ -98,8 +98,9 @@ public final class RefreshTokenReactiveOAuth2AuthorizedClientProvider
 
 		return Mono.just(refreshTokenGrantRequest).flatMap(this.accessTokenResponseClient::getTokenResponse)
 				.onErrorMap(OAuth2AuthorizationException.class,
-						e -> new ClientAuthorizationException(e.getError(), clientRegistration.getRegistrationId(), e))
-				.map(tokenResponse -> new OAuth2AuthorizedClient(clientRegistration, context.getPrincipal().getName(),
+						(e) -> new ClientAuthorizationException(e.getError(), clientRegistration.getRegistrationId(),
+								e))
+				.map((tokenResponse) -> new OAuth2AuthorizedClient(clientRegistration, context.getPrincipal().getName(),
 						tokenResponse.getAccessToken(), tokenResponse.getRefreshToken()));
 	}
 
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeReactiveAuthenticationManager.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeReactiveAuthenticationManager.java
index cf5af36cda..034ed3efb7 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeReactiveAuthenticationManager.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeReactiveAuthenticationManager.java
@@ -107,7 +107,7 @@ public class OAuth2AuthorizationCodeReactiveAuthenticationManager implements Rea
 
 	private Function<OAuth2AccessTokenResponse, OAuth2AuthorizationCodeAuthenticationToken> onSuccess(
 			OAuth2AuthorizationCodeAuthenticationToken token) {
-		return accessTokenResponse -> {
+		return (accessTokenResponse) -> {
 			ClientRegistration registration = token.getClientRegistration();
 			OAuth2AuthorizationExchange exchange = token.getAuthorizationExchange();
 			OAuth2AccessToken accessToken = accessTokenResponse.getAccessToken();
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProvider.java
index 7edb67e586..e20e0006e9 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProvider.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProvider.java
@@ -70,7 +70,7 @@ public class OAuth2LoginAuthenticationProvider implements AuthenticationProvider
 
 	private final OAuth2UserService<OAuth2UserRequest, OAuth2User> userService;
 
-	private GrantedAuthoritiesMapper authoritiesMapper = (authorities -> authorities);
+	private GrantedAuthoritiesMapper authoritiesMapper = ((authorities) -> authorities);
 
 	/**
 	 * Constructs an {@code OAuth2LoginAuthenticationProvider} using the provided
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginReactiveAuthenticationManager.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginReactiveAuthenticationManager.java
index 470653b2a4..1d3dae2fbe 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginReactiveAuthenticationManager.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginReactiveAuthenticationManager.java
@@ -72,7 +72,7 @@ public class OAuth2LoginReactiveAuthenticationManager implements ReactiveAuthent
 
 	private final ReactiveOAuth2UserService<OAuth2UserRequest, OAuth2User> userService;
 
-	private GrantedAuthoritiesMapper authoritiesMapper = (authorities -> authorities);
+	private GrantedAuthoritiesMapper authoritiesMapper = ((authorities) -> authorities);
 
 	public OAuth2LoginReactiveAuthenticationManager(
 			ReactiveOAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient,
@@ -102,7 +102,7 @@ public class OAuth2LoginReactiveAuthenticationManager implements ReactiveAuthent
 
 			return this.authorizationCodeManager.authenticate(token)
 					.onErrorMap(OAuth2AuthorizationException.class,
-							e -> new OAuth2AuthenticationException(e.getError(), e.getError().toString()))
+							(e) -> new OAuth2AuthenticationException(e.getError(), e.getError().toString()))
 					.cast(OAuth2AuthorizationCodeAuthenticationToken.class).flatMap(this::onSuccess);
 		});
 	}
@@ -125,7 +125,7 @@ public class OAuth2LoginReactiveAuthenticationManager implements ReactiveAuthent
 		Map<String, Object> additionalParameters = authentication.getAdditionalParameters();
 		OAuth2UserRequest userRequest = new OAuth2UserRequest(authentication.getClientRegistration(), accessToken,
 				additionalParameters);
-		return this.userService.loadUser(userRequest).map(oauth2User -> {
+		return this.userService.loadUser(userRequest).map((oauth2User) -> {
 			Collection<? extends GrantedAuthority> mappedAuthorities = this.authoritiesMapper
 					.mapAuthorities(oauth2User.getAuthorities());
 
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/AbstractWebClientReactiveOAuth2AccessTokenResponseClient.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/AbstractWebClientReactiveOAuth2AccessTokenResponseClient.java
index 2b9f71e890..70e0695c05 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/AbstractWebClientReactiveOAuth2AccessTokenResponseClient.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/AbstractWebClientReactiveOAuth2AccessTokenResponseClient.java
@@ -67,9 +67,9 @@ abstract class AbstractWebClientReactiveOAuth2AccessTokenResponseClient<T extend
 		Assert.notNull(grantRequest, "grantRequest cannot be null");
 		return Mono.defer(
 				() -> this.webClient.post().uri(clientRegistration(grantRequest).getProviderDetails().getTokenUri())
-						.headers(headers -> populateTokenRequestHeaders(grantRequest, headers))
+						.headers((headers) -> populateTokenRequestHeaders(grantRequest, headers))
 						.body(createTokenRequestBody(grantRequest)).exchange()
-						.flatMap(response -> readTokenResponse(grantRequest, response)));
+						.flatMap((response) -> readTokenResponse(grantRequest, response)));
 	}
 
 	/**
@@ -170,7 +170,7 @@ abstract class AbstractWebClientReactiveOAuth2AccessTokenResponseClient<T extend
 	 */
 	private Mono<OAuth2AccessTokenResponse> readTokenResponse(T grantRequest, ClientResponse response) {
 		return response.body(OAuth2BodyExtractors.oauth2AccessTokenResponse())
-				.map(tokenResponse -> populateTokenResponse(grantRequest, tokenResponse));
+				.map((tokenResponse) -> populateTokenResponse(grantRequest, tokenResponse));
 	}
 
 	/**
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProvider.java
index fd47185b60..e4409457d9 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProvider.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProvider.java
@@ -97,7 +97,7 @@ public class OidcAuthorizationCodeAuthenticationProvider implements Authenticati
 
 	private JwtDecoderFactory<ClientRegistration> jwtDecoderFactory = new OidcIdTokenDecoderFactory();
 
-	private GrantedAuthoritiesMapper authoritiesMapper = (authorities -> authorities);
+	private GrantedAuthoritiesMapper authoritiesMapper = ((authorities) -> authorities);
 
 	/**
 	 * Constructs an {@code OidcAuthorizationCodeAuthenticationProvider} using the
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManager.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManager.java
index d602ef81a5..02f5fdfe97 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManager.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManager.java
@@ -97,7 +97,7 @@ public class OidcAuthorizationCodeReactiveAuthenticationManager implements React
 
 	private final ReactiveOAuth2UserService<OidcUserRequest, OidcUser> userService;
 
-	private GrantedAuthoritiesMapper authoritiesMapper = (authorities -> authorities);
+	private GrantedAuthoritiesMapper authoritiesMapper = ((authorities) -> authorities);
 
 	private ReactiveJwtDecoderFactory<ClientRegistration> jwtDecoderFactory = new ReactiveOidcIdTokenDecoderFactory();
 
@@ -146,10 +146,10 @@ public class OidcAuthorizationCodeReactiveAuthenticationManager implements React
 					authorizationCodeAuthentication.getAuthorizationExchange());
 
 			return this.accessTokenResponseClient.getTokenResponse(authzRequest).flatMap(
-					accessTokenResponse -> authenticationResult(authorizationCodeAuthentication, accessTokenResponse))
+					(accessTokenResponse) -> authenticationResult(authorizationCodeAuthentication, accessTokenResponse))
 					.onErrorMap(OAuth2AuthorizationException.class,
-							e -> new OAuth2AuthenticationException(e.getError(), e.getError().toString()))
-					.onErrorMap(JwtException.class, e -> {
+							(e) -> new OAuth2AuthenticationException(e.getError(), e.getError().toString()))
+					.onErrorMap(JwtException.class, (e) -> {
 						OAuth2Error invalidIdTokenError = new OAuth2Error(INVALID_ID_TOKEN_ERROR_CODE, e.getMessage(),
 								null);
 						return new OAuth2AuthenticationException(invalidIdTokenError, invalidIdTokenError.toString(),
@@ -200,9 +200,9 @@ public class OidcAuthorizationCodeReactiveAuthenticationManager implements React
 		}
 
 		return createOidcToken(clientRegistration, accessTokenResponse)
-				.doOnNext(idToken -> validateNonce(authorizationCodeAuthentication, idToken))
-				.map(idToken -> new OidcUserRequest(clientRegistration, accessToken, idToken, additionalParameters))
-				.flatMap(this.userService::loadUser).map(oauth2User -> {
+				.doOnNext((idToken) -> validateNonce(authorizationCodeAuthentication, idToken))
+				.map((idToken) -> new OidcUserRequest(clientRegistration, accessToken, idToken, additionalParameters))
+				.flatMap(this.userService::loadUser).map((oauth2User) -> {
 					Collection<? extends GrantedAuthority> mappedAuthorities = this.authoritiesMapper
 							.mapAuthorities(oauth2User.getAuthorities());
 
@@ -217,7 +217,7 @@ public class OidcAuthorizationCodeReactiveAuthenticationManager implements React
 		ReactiveJwtDecoder jwtDecoder = this.jwtDecoderFactory.createDecoder(clientRegistration);
 		String rawIdToken = (String) accessTokenResponse.getAdditionalParameters().get(OidcParameterNames.ID_TOKEN);
 		return jwtDecoder.decode(rawIdToken).map(
-				jwt -> new OidcIdToken(jwt.getTokenValue(), jwt.getIssuedAt(), jwt.getExpiresAt(), jwt.getClaims()));
+				(jwt) -> new OidcIdToken(jwt.getTokenValue(), jwt.getIssuedAt(), jwt.getExpiresAt(), jwt.getClaims()));
 	}
 
 	private static Mono<OidcIdToken> validateNonce(
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenDecoderFactory.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenDecoderFactory.java
index 1f9d489e05..5eedbdc2b9 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenDecoderFactory.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenDecoderFactory.java
@@ -81,9 +81,11 @@ public final class OidcIdTokenDecoderFactory implements JwtDecoderFactory<Client
 
 	private Function<ClientRegistration, OAuth2TokenValidator<Jwt>> jwtValidatorFactory = new DefaultOidcIdTokenValidatorFactory();
 
-	private Function<ClientRegistration, JwsAlgorithm> jwsAlgorithmResolver = clientRegistration -> SignatureAlgorithm.RS256;
+	private Function<ClientRegistration, JwsAlgorithm> jwsAlgorithmResolver = (
+			clientRegistration) -> SignatureAlgorithm.RS256;
 
-	private Function<ClientRegistration, Converter<Map<String, Object>, Map<String, Object>>> claimTypeConverterFactory = clientRegistration -> DEFAULT_CLAIM_TYPE_CONVERTER;
+	private Function<ClientRegistration, Converter<Map<String, Object>, Map<String, Object>>> claimTypeConverterFactory = (
+			clientRegistration) -> DEFAULT_CLAIM_TYPE_CONVERTER;
 
 	/**
 	 * Returns the default {@link Converter}'s used for type conversion of claim values
@@ -115,13 +117,14 @@ public final class OidcIdTokenDecoderFactory implements JwtDecoderFactory<Client
 
 	private static Converter<Object, ?> getConverter(TypeDescriptor targetDescriptor) {
 		final TypeDescriptor sourceDescriptor = TypeDescriptor.valueOf(Object.class);
-		return source -> ClaimConversionService.getSharedInstance().convert(source, sourceDescriptor, targetDescriptor);
+		return (source) -> ClaimConversionService.getSharedInstance().convert(source, sourceDescriptor,
+				targetDescriptor);
 	}
 
 	@Override
 	public JwtDecoder createDecoder(ClientRegistration clientRegistration) {
 		Assert.notNull(clientRegistration, "clientRegistration cannot be null");
-		return this.jwtDecoders.computeIfAbsent(clientRegistration.getRegistrationId(), key -> {
+		return this.jwtDecoders.computeIfAbsent(clientRegistration.getRegistrationId(), (key) -> {
 			NimbusJwtDecoder jwtDecoder = buildDecoder(clientRegistration);
 			jwtDecoder.setJwtValidator(this.jwtValidatorFactory.apply(clientRegistration));
 			Converter<Map<String, Object>, Map<String, Object>> claimTypeConverter = this.claimTypeConverterFactory
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/ReactiveOidcIdTokenDecoderFactory.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/ReactiveOidcIdTokenDecoderFactory.java
index 6c15ae8022..a231bb0d57 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/ReactiveOidcIdTokenDecoderFactory.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/ReactiveOidcIdTokenDecoderFactory.java
@@ -81,9 +81,11 @@ public final class ReactiveOidcIdTokenDecoderFactory implements ReactiveJwtDecod
 
 	private Function<ClientRegistration, OAuth2TokenValidator<Jwt>> jwtValidatorFactory = new DefaultOidcIdTokenValidatorFactory();
 
-	private Function<ClientRegistration, JwsAlgorithm> jwsAlgorithmResolver = clientRegistration -> SignatureAlgorithm.RS256;
+	private Function<ClientRegistration, JwsAlgorithm> jwsAlgorithmResolver = (
+			clientRegistration) -> SignatureAlgorithm.RS256;
 
-	private Function<ClientRegistration, Converter<Map<String, Object>, Map<String, Object>>> claimTypeConverterFactory = clientRegistration -> DEFAULT_CLAIM_TYPE_CONVERTER;
+	private Function<ClientRegistration, Converter<Map<String, Object>, Map<String, Object>>> claimTypeConverterFactory = (
+			clientRegistration) -> DEFAULT_CLAIM_TYPE_CONVERTER;
 
 	/**
 	 * Returns the default {@link Converter}'s used for type conversion of claim values
@@ -115,13 +117,14 @@ public final class ReactiveOidcIdTokenDecoderFactory implements ReactiveJwtDecod
 
 	private static Converter<Object, ?> getConverter(TypeDescriptor targetDescriptor) {
 		final TypeDescriptor sourceDescriptor = TypeDescriptor.valueOf(Object.class);
-		return source -> ClaimConversionService.getSharedInstance().convert(source, sourceDescriptor, targetDescriptor);
+		return (source) -> ClaimConversionService.getSharedInstance().convert(source, sourceDescriptor,
+				targetDescriptor);
 	}
 
 	@Override
 	public ReactiveJwtDecoder createDecoder(ClientRegistration clientRegistration) {
 		Assert.notNull(clientRegistration, "clientRegistration cannot be null");
-		return this.jwtDecoders.computeIfAbsent(clientRegistration.getRegistrationId(), key -> {
+		return this.jwtDecoders.computeIfAbsent(clientRegistration.getRegistrationId(), (key) -> {
 			NimbusReactiveJwtDecoder jwtDecoder = buildDecoder(clientRegistration);
 			jwtDecoder.setJwtValidator(this.jwtValidatorFactory.apply(clientRegistration));
 			Converter<Map<String, Object>, Map<String, Object>> claimTypeConverter = this.claimTypeConverterFactory
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcReactiveOAuth2UserService.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcReactiveOAuth2UserService.java
index 36db6ded08..eb8f0a0fae 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcReactiveOAuth2UserService.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcReactiveOAuth2UserService.java
@@ -68,7 +68,8 @@ public class OidcReactiveOAuth2UserService implements ReactiveOAuth2UserService<
 
 	private ReactiveOAuth2UserService<OAuth2UserRequest, OAuth2User> oauth2UserService = new DefaultReactiveOAuth2UserService();
 
-	private Function<ClientRegistration, Converter<Map<String, Object>, Map<String, Object>>> claimTypeConverterFactory = clientRegistration -> DEFAULT_CLAIM_TYPE_CONVERTER;
+	private Function<ClientRegistration, Converter<Map<String, Object>, Map<String, Object>>> claimTypeConverterFactory = (
+			clientRegistration) -> DEFAULT_CLAIM_TYPE_CONVERTER;
 
 	/**
 	 * Returns the default {@link Converter}'s used for type conversion of claim values
@@ -90,14 +91,15 @@ public class OidcReactiveOAuth2UserService implements ReactiveOAuth2UserService<
 
 	private static Converter<Object, ?> getConverter(TypeDescriptor targetDescriptor) {
 		final TypeDescriptor sourceDescriptor = TypeDescriptor.valueOf(Object.class);
-		return source -> ClaimConversionService.getSharedInstance().convert(source, sourceDescriptor, targetDescriptor);
+		return (source) -> ClaimConversionService.getSharedInstance().convert(source, sourceDescriptor,
+				targetDescriptor);
 	}
 
 	@Override
 	public Mono<OidcUser> loadUser(OidcUserRequest userRequest) throws OAuth2AuthenticationException {
 		Assert.notNull(userRequest, "userRequest cannot be null");
-		return getUserInfo(userRequest).map(userInfo -> new OidcUserAuthority(userRequest.getIdToken(), userInfo))
-				.defaultIfEmpty(new OidcUserAuthority(userRequest.getIdToken(), null)).map(authority -> {
+		return getUserInfo(userRequest).map((userInfo) -> new OidcUserAuthority(userRequest.getIdToken(), userInfo))
+				.defaultIfEmpty(new OidcUserAuthority(userRequest.getIdToken(), null)).map((authority) -> {
 					OidcUserInfo userInfo = authority.getUserInfo();
 					Set<GrantedAuthority> authorities = new HashSet<>();
 					authorities.add(authority);
@@ -123,8 +125,8 @@ public class OidcReactiveOAuth2UserService implements ReactiveOAuth2UserService<
 		}
 
 		return this.oauth2UserService.loadUser(userRequest).map(OAuth2User::getAttributes)
-				.map(claims -> convertClaims(claims, userRequest.getClientRegistration())).map(OidcUserInfo::new)
-				.doOnNext(userInfo -> {
+				.map((claims) -> convertClaims(claims, userRequest.getClientRegistration())).map(OidcUserInfo::new)
+				.doOnNext((userInfo) -> {
 					String subject = userInfo.getSubject();
 					if (subject == null || !subject.equals(userRequest.getIdToken().getSubject())) {
 						OAuth2Error oauth2Error = new OAuth2Error(INVALID_USER_INFO_RESPONSE_ERROR_CODE);
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserService.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserService.java
index 19111ad944..6f83c525fa 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserService.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserService.java
@@ -74,7 +74,8 @@ public class OidcUserService implements OAuth2UserService<OidcUserRequest, OidcU
 
 	private OAuth2UserService<OAuth2UserRequest, OAuth2User> oauth2UserService = new DefaultOAuth2UserService();
 
-	private Function<ClientRegistration, Converter<Map<String, Object>, Map<String, Object>>> claimTypeConverterFactory = clientRegistration -> DEFAULT_CLAIM_TYPE_CONVERTER;
+	private Function<ClientRegistration, Converter<Map<String, Object>, Map<String, Object>>> claimTypeConverterFactory = (
+			clientRegistration) -> DEFAULT_CLAIM_TYPE_CONVERTER;
 
 	/**
 	 * Returns the default {@link Converter}'s used for type conversion of claim values
@@ -96,7 +97,8 @@ public class OidcUserService implements OAuth2UserService<OidcUserRequest, OidcU
 
 	private static Converter<Object, ?> getConverter(TypeDescriptor targetDescriptor) {
 		final TypeDescriptor sourceDescriptor = TypeDescriptor.valueOf(Object.class);
-		return source -> ClaimConversionService.getSharedInstance().convert(source, sourceDescriptor, targetDescriptor);
+		return (source) -> ClaimConversionService.getSharedInstance().convert(source, sourceDescriptor,
+				targetDescriptor);
 	}
 
 	@Override
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/web/server/logout/OidcClientInitiatedServerLogoutSuccessHandler.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/web/server/logout/OidcClientInitiatedServerLogoutSuccessHandler.java
index c3eac99e96..c4d82104bb 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/web/server/logout/OidcClientInitiatedServerLogoutSuccessHandler.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/web/server/logout/OidcClientInitiatedServerLogoutSuccessHandler.java
@@ -77,10 +77,10 @@ public class OidcClientInitiatedServerLogoutSuccessHandler implements ServerLogo
 	@Override
 	public Mono<Void> onLogoutSuccess(WebFilterExchange exchange, Authentication authentication) {
 		return Mono.just(authentication).filter(OAuth2AuthenticationToken.class::isInstance)
-				.filter(token -> authentication.getPrincipal() instanceof OidcUser)
+				.filter((token) -> authentication.getPrincipal() instanceof OidcUser)
 				.map(OAuth2AuthenticationToken.class::cast)
 				.map(OAuth2AuthenticationToken::getAuthorizedClientRegistrationId)
-				.flatMap(this.clientRegistrationRepository::findByRegistrationId).flatMap(clientRegistration -> {
+				.flatMap(this.clientRegistrationRepository::findByRegistrationId).flatMap((clientRegistration) -> {
 					URI endSessionEndpoint = endSessionEndpoint(clientRegistration);
 					if (endSessionEndpoint == null) {
 						return Mono.empty();
@@ -91,7 +91,7 @@ public class OidcClientInitiatedServerLogoutSuccessHandler implements ServerLogo
 				})
 				.switchIfEmpty(
 						this.serverLogoutSuccessHandler.onLogoutSuccess(exchange, authentication).then(Mono.empty()))
-				.flatMap(endpointUri -> this.redirectStrategy.sendRedirect(exchange.getExchange(), endpointUri));
+				.flatMap((endpointUri) -> this.redirectStrategy.sendRedirect(exchange.getExchange(), endpointUri));
 	}
 
 	private URI endSessionEndpoint(ClientRegistration clientRegistration) {
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistration.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistration.java
index 33773b60b3..584e44a896 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistration.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistration.java
@@ -703,7 +703,7 @@ public final class ClientRegistration implements Serializable {
 		}
 
 		private static boolean validateScope(String scope) {
-			return scope == null || scope.chars().allMatch(c -> withinTheRangeOf(c, 0x21, 0x21)
+			return scope == null || scope.chars().allMatch((c) -> withinTheRangeOf(c, 0x21, 0x21)
 					|| withinTheRangeOf(c, 0x23, 0x5B) || withinTheRangeOf(c, 0x5D, 0x7E));
 		}
 
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserService.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserService.java
index 97e498207e..9d7212c9e7 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserService.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserService.java
@@ -115,17 +115,17 @@ public class DefaultReactiveOAuth2UserService implements ReactiveOAuth2UserServi
 			else {
 				requestHeadersSpec = this.webClient.get().uri(userInfoUri)
 						.header(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_VALUE)
-						.headers(headers -> headers.setBearerAuth(userRequest.getAccessToken().getTokenValue()));
+						.headers((headers) -> headers.setBearerAuth(userRequest.getAccessToken().getTokenValue()));
 			}
 			Mono<Map<String, Object>> userAttributes = requestHeadersSpec.retrieve()
-					.onStatus(s -> s != HttpStatus.OK, response -> parse(response).map(userInfoErrorResponse -> {
+					.onStatus((s) -> s != HttpStatus.OK, (response) -> parse(response).map((userInfoErrorResponse) -> {
 						String description = userInfoErrorResponse.getErrorObject().getDescription();
 						OAuth2Error oauth2Error = new OAuth2Error(INVALID_USER_INFO_RESPONSE_ERROR_CODE, description,
 								null);
 						throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
 					})).bodyToMono(typeReference);
 
-			return userAttributes.map(attrs -> {
+			return userAttributes.map((attrs) -> {
 				GrantedAuthority authority = new OAuth2UserAuthority(attrs);
 				Set<GrantedAuthority> authorities = new HashSet<>();
 				authorities.add(authority);
@@ -136,8 +136,9 @@ public class DefaultReactiveOAuth2UserService implements ReactiveOAuth2UserServi
 
 				return new DefaultOAuth2User(authorities, attrs, userNameAttributeName);
 			}).onErrorMap(IOException.class,
-					e -> new AuthenticationServiceException("Unable to access the userInfoEndpoint " + userInfoUri, e))
-					.onErrorMap(UnsupportedMediaTypeException.class, e -> {
+					(e) -> new AuthenticationServiceException("Unable to access the userInfoEndpoint " + userInfoUri,
+							e))
+					.onErrorMap(UnsupportedMediaTypeException.class, (e) -> {
 						String errorMessage = "An error occurred while attempting to retrieve the UserInfo Resource from '"
 								+ userRequest.getClientRegistration().getProviderDetails().getUserInfoEndpoint()
 										.getUri()
@@ -151,7 +152,7 @@ public class DefaultReactiveOAuth2UserService implements ReactiveOAuth2UserServi
 						OAuth2Error oauth2Error = new OAuth2Error(INVALID_USER_INFO_RESPONSE_ERROR_CODE, errorMessage,
 								null);
 						throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString(), e);
-					}).onErrorMap(t -> !(t instanceof AuthenticationServiceException), t -> {
+					}).onErrorMap((t) -> !(t instanceof AuthenticationServiceException), (t) -> {
 						OAuth2Error oauth2Error = new OAuth2Error(INVALID_USER_INFO_RESPONSE_ERROR_CODE,
 								"An error occurred reading the UserInfo Success response: " + t.getMessage(), null);
 						return new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString(), t);
@@ -181,7 +182,7 @@ public class DefaultReactiveOAuth2UserService implements ReactiveOAuth2UserServi
 		};
 		// Other error?
 		return httpResponse.bodyToMono(typeReference)
-				.map(body -> new UserInfoErrorResponse(ErrorObject.parse(new JSONObject(body))));
+				.map((body) -> new UserInfoErrorResponse(ErrorObject.parse(new JSONObject(body))));
 	}
 
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DelegatingOAuth2UserService.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DelegatingOAuth2UserService.java
index 0acad041ae..a0fe26adad 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DelegatingOAuth2UserService.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DelegatingOAuth2UserService.java
@@ -58,8 +58,8 @@ public class DelegatingOAuth2UserService<R extends OAuth2UserRequest, U extends
 	@Override
 	public U loadUser(R userRequest) throws OAuth2AuthenticationException {
 		Assert.notNull(userRequest, "userRequest cannot be null");
-		return this.userServices.stream().map(userService -> userService.loadUser(userRequest)).filter(Objects::nonNull)
-				.findFirst().orElse(null);
+		return this.userServices.stream().map((userService) -> userService.loadUser(userRequest))
+				.filter(Objects::nonNull).findFirst().orElse(null);
 	}
 
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolver.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolver.java
index c93f793a9c..167455f05c 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolver.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolver.java
@@ -79,7 +79,7 @@ public final class DefaultOAuth2AuthorizationRequestResolver implements OAuth2Au
 	private final StringKeyGenerator secureKeyGenerator = new Base64StringKeyGenerator(
 			Base64.getUrlEncoder().withoutPadding(), 96);
 
-	private Consumer<OAuth2AuthorizationRequest.Builder> authorizationRequestCustomizer = customizer -> {
+	private Consumer<OAuth2AuthorizationRequest.Builder> authorizationRequestCustomizer = (customizer) -> {
 	};
 
 	/**
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManager.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManager.java
index 0f4744dc06..6d21a1a243 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManager.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManager.java
@@ -159,12 +159,13 @@ public final class DefaultOAuth2AuthorizedClientManager implements OAuth2Authori
 				contextBuilder = OAuth2AuthorizationContext.withClientRegistration(clientRegistration);
 			}
 		}
-		OAuth2AuthorizationContext authorizationContext = contextBuilder.principal(principal).attributes(attributes -> {
-			Map<String, Object> contextAttributes = this.contextAttributesMapper.apply(authorizeRequest);
-			if (!CollectionUtils.isEmpty(contextAttributes)) {
-				attributes.putAll(contextAttributes);
-			}
-		}).build();
+		OAuth2AuthorizationContext authorizationContext = contextBuilder.principal(principal)
+				.attributes((attributes) -> {
+					Map<String, Object> contextAttributes = this.contextAttributesMapper.apply(authorizeRequest);
+					if (!CollectionUtils.isEmpty(contextAttributes)) {
+						attributes.putAll(contextAttributes);
+					}
+				}).build();
 
 		try {
 			authorizedClient = this.authorizedClientProvider.authorize(authorizationContext);
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultReactiveOAuth2AuthorizedClientManager.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultReactiveOAuth2AuthorizedClientManager.java
index a9c0df0c9a..aa32c5841d 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultReactiveOAuth2AuthorizedClientManager.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultReactiveOAuth2AuthorizedClientManager.java
@@ -97,7 +97,7 @@ public final class DefaultReactiveOAuth2AuthorizedClientManager implements React
 			.builder().authorizationCode().refreshToken().clientCredentials().password().build();
 
 	private static final Mono<ServerWebExchange> currentServerWebExchangeMono = Mono.subscriberContext()
-			.filter(c -> c.hasKey(ServerWebExchange.class)).map(c -> c.get(ServerWebExchange.class));
+			.filter((c) -> c.hasKey(ServerWebExchange.class)).map((c) -> c.get(ServerWebExchange.class));
 
 	private final ReactiveClientRegistrationRepository clientRegistrationRepository;
 
@@ -143,13 +143,13 @@ public final class DefaultReactiveOAuth2AuthorizedClientManager implements React
 		return Mono.justOrEmpty(authorizeRequest.<ServerWebExchange>getAttribute(ServerWebExchange.class.getName()))
 				.switchIfEmpty(currentServerWebExchangeMono)
 				.switchIfEmpty(Mono.error(() -> new IllegalArgumentException("serverWebExchange cannot be null")))
-				.flatMap(serverWebExchange -> Mono.justOrEmpty(authorizeRequest.getAuthorizedClient())
+				.flatMap((serverWebExchange) -> Mono.justOrEmpty(authorizeRequest.getAuthorizedClient())
 						.switchIfEmpty(Mono
 								.defer(() -> loadAuthorizedClient(clientRegistrationId, principal, serverWebExchange)))
-						.flatMap(authorizedClient -> {
+						.flatMap((authorizedClient) -> {
 							// Re-authorize
 							return authorizationContext(authorizeRequest, authorizedClient)
-									.flatMap(authorizationContext -> authorize(authorizationContext, principal,
+									.flatMap((authorizationContext) -> authorize(authorizationContext, principal,
 											serverWebExchange))
 									// Default to the existing authorizedClient if the
 									// client was not re-authorized
@@ -160,9 +160,9 @@ public final class DefaultReactiveOAuth2AuthorizedClientManager implements React
 						this.clientRegistrationRepository.findByRegistrationId(clientRegistrationId)
 								.switchIfEmpty(Mono.error(() -> new IllegalArgumentException(
 										"Could not find ClientRegistration with id '" + clientRegistrationId + "'")))
-								.flatMap(clientRegistration -> authorizationContext(authorizeRequest,
+								.flatMap((clientRegistration) -> authorizationContext(authorizeRequest,
 										clientRegistration))
-								.flatMap(authorizationContext -> authorize(authorizationContext, principal,
+								.flatMap((authorizationContext) -> authorize(authorizationContext, principal,
 										serverWebExchange)))));
 	}
 
@@ -189,12 +189,12 @@ public final class DefaultReactiveOAuth2AuthorizedClientManager implements React
 		return this.authorizedClientProvider.authorize(authorizationContext)
 				// Delegate to the authorizationSuccessHandler of the successful
 				// authorization
-				.flatMap(authorizedClient -> this.authorizationSuccessHandler
+				.flatMap((authorizedClient) -> this.authorizationSuccessHandler
 						.onAuthorizationSuccess(authorizedClient, principal, createAttributes(serverWebExchange))
 						.thenReturn(authorizedClient))
 				// Delegate to the authorizationFailureHandler of the failed authorization
 				.onErrorResume(OAuth2AuthorizationException.class,
-						authorizationException -> this.authorizationFailureHandler
+						(authorizationException) -> this.authorizationFailureHandler
 								.onAuthorizationFailure(authorizationException, principal,
 										createAttributes(serverWebExchange))
 								.then(Mono.error(authorizationException)));
@@ -207,8 +207,8 @@ public final class DefaultReactiveOAuth2AuthorizedClientManager implements React
 	private Mono<OAuth2AuthorizationContext> authorizationContext(OAuth2AuthorizeRequest authorizeRequest,
 			OAuth2AuthorizedClient authorizedClient) {
 		return Mono.just(authorizeRequest).flatMap(this.contextAttributesMapper)
-				.map(attrs -> OAuth2AuthorizationContext.withAuthorizedClient(authorizedClient)
-						.principal(authorizeRequest.getPrincipal()).attributes(attributes -> {
+				.map((attrs) -> OAuth2AuthorizationContext.withAuthorizedClient(authorizedClient)
+						.principal(authorizeRequest.getPrincipal()).attributes((attributes) -> {
 							if (!CollectionUtils.isEmpty(attrs)) {
 								attributes.putAll(attrs);
 							}
@@ -218,8 +218,8 @@ public final class DefaultReactiveOAuth2AuthorizedClientManager implements React
 	private Mono<OAuth2AuthorizationContext> authorizationContext(OAuth2AuthorizeRequest authorizeRequest,
 			ClientRegistration clientRegistration) {
 		return Mono.just(authorizeRequest).flatMap(this.contextAttributesMapper)
-				.map(attrs -> OAuth2AuthorizationContext.withClientRegistration(clientRegistration)
-						.principal(authorizeRequest.getPrincipal()).attributes(attributes -> {
+				.map((attrs) -> OAuth2AuthorizationContext.withClientRegistration(clientRegistration)
+						.principal(authorizeRequest.getPrincipal()).attributes((attributes) -> {
 							if (!CollectionUtils.isEmpty(attrs)) {
 								attributes.putAll(attrs);
 							}
@@ -291,16 +291,17 @@ public final class DefaultReactiveOAuth2AuthorizedClientManager implements React
 		@Override
 		public Mono<Map<String, Object>> apply(OAuth2AuthorizeRequest authorizeRequest) {
 			ServerWebExchange serverWebExchange = authorizeRequest.getAttribute(ServerWebExchange.class.getName());
-			return Mono.justOrEmpty(serverWebExchange).switchIfEmpty(currentServerWebExchangeMono).flatMap(exchange -> {
-				Map<String, Object> contextAttributes = Collections.emptyMap();
-				String scope = exchange.getRequest().getQueryParams().getFirst(OAuth2ParameterNames.SCOPE);
-				if (StringUtils.hasText(scope)) {
-					contextAttributes = new HashMap<>();
-					contextAttributes.put(OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME,
-							StringUtils.delimitedListToStringArray(scope, " "));
-				}
-				return Mono.just(contextAttributes);
-			}).defaultIfEmpty(Collections.emptyMap());
+			return Mono.justOrEmpty(serverWebExchange).switchIfEmpty(currentServerWebExchangeMono)
+					.flatMap((exchange) -> {
+						Map<String, Object> contextAttributes = Collections.emptyMap();
+						String scope = exchange.getRequest().getQueryParams().getFirst(OAuth2ParameterNames.SCOPE);
+						if (StringUtils.hasText(scope)) {
+							contextAttributes = new HashMap<>();
+							contextAttributes.put(OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME,
+									StringUtils.delimitedListToStringArray(scope, " "));
+						}
+						return Mono.just(contextAttributes);
+					}).defaultIfEmpty(Collections.emptyMap());
 		}
 
 	}
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilter.java
index 52acad631a..670ca8006d 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilter.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilter.java
@@ -239,7 +239,7 @@ public class OAuth2AuthorizationRequestRedirectFilter extends OncePerRequestFilt
 		@Override
 		protected void initExtractorMap() {
 			super.initExtractorMap();
-			registerExtractor(ServletException.class, throwable -> {
+			registerExtractor(ServletException.class, (throwable) -> {
 				ThrowableAnalyzer.verifyThrowableHierarchy(throwable, ServletException.class);
 				return ((ServletException) throwable).getRootCause();
 			});
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolver.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolver.java
index 1add61a66a..4a5680a752 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolver.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolver.java
@@ -188,7 +188,7 @@ public final class OAuth2AuthorizedClientArgumentResolver implements HandlerMeth
 		OAuth2AuthorizedClientProvider authorizedClientProvider = OAuth2AuthorizedClientProviderBuilder.builder()
 				.authorizationCode().refreshToken()
 				.clientCredentials(
-						configurer -> configurer.accessTokenResponseClient(clientCredentialsTokenResponseClient))
+						(configurer) -> configurer.accessTokenResponseClient(clientCredentialsTokenResponseClient))
 				.password().build();
 		((DefaultOAuth2AuthorizedClientManager) this.authorizedClientManager)
 				.setAuthorizedClientProvider(authorizedClientProvider);
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunction.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunction.java
index d8b0dfea79..9970b8255d 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunction.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunction.java
@@ -132,11 +132,11 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements
 			.map(SecurityContext::getAuthentication).defaultIfEmpty(ANONYMOUS_USER_TOKEN);
 
 	private final Mono<String> clientRegistrationIdMono = this.currentAuthenticationMono
-			.filter(t -> this.defaultOAuth2AuthorizedClient && t instanceof OAuth2AuthenticationToken)
+			.filter((t) -> this.defaultOAuth2AuthorizedClient && t instanceof OAuth2AuthenticationToken)
 			.cast(OAuth2AuthenticationToken.class).map(OAuth2AuthenticationToken::getAuthorizedClientRegistrationId);
 
 	private final Mono<ServerWebExchange> currentServerWebExchangeMono = Mono.subscriberContext()
-			.filter(c -> c.hasKey(ServerWebExchange.class)).map(c -> c.get(ServerWebExchange.class));
+			.filter((c) -> c.hasKey(ServerWebExchange.class)).map((c) -> c.get(ServerWebExchange.class));
 
 	private final ReactiveOAuth2AuthorizedClientManager authorizedClientManager;
 
@@ -275,7 +275,7 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements
 	 * @return the {@link Consumer} to populate the
 	 */
 	public static Consumer<Map<String, Object>> oauth2AuthorizedClient(OAuth2AuthorizedClient authorizedClient) {
-		return attributes -> attributes.put(OAUTH2_AUTHORIZED_CLIENT_ATTR_NAME, authorizedClient);
+		return (attributes) -> attributes.put(OAUTH2_AUTHORIZED_CLIENT_ATTR_NAME, authorizedClient);
 	}
 
 	private static OAuth2AuthorizedClient oauth2AuthorizedClient(ClientRequest request) {
@@ -302,7 +302,7 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements
 	 * @return the {@link Consumer} to populate the client request attributes
 	 */
 	public static Consumer<Map<String, Object>> serverWebExchange(ServerWebExchange serverWebExchange) {
-		return attributes -> attributes.put(SERVER_WEB_EXCHANGE_ATTR_NAME, serverWebExchange);
+		return (attributes) -> attributes.put(SERVER_WEB_EXCHANGE_ATTR_NAME, serverWebExchange);
 	}
 
 	private static ServerWebExchange serverWebExchange(ClientRequest request) {
@@ -318,7 +318,7 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements
 	 * @return the {@link Consumer} to populate the attributes
 	 */
 	public static Consumer<Map<String, Object>> clientRegistrationId(String clientRegistrationId) {
-		return attributes -> attributes.put(CLIENT_REGISTRATION_ID_ATTR_NAME, clientRegistrationId);
+		return (attributes) -> attributes.put(CLIENT_REGISTRATION_ID_ATTR_NAME, clientRegistrationId);
 	}
 
 	private static String clientRegistrationId(ClientRequest request) {
@@ -379,9 +379,9 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements
 	private void updateDefaultAuthorizedClientManager() {
 		ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider = ReactiveOAuth2AuthorizedClientProviderBuilder
 				.builder().authorizationCode()
-				.refreshToken(configurer -> configurer.clockSkew(this.accessTokenExpiresSkew))
+				.refreshToken((configurer) -> configurer.clockSkew(this.accessTokenExpiresSkew))
 				.clientCredentials(this::updateClientCredentialsProvider)
-				.password(configurer -> configurer.clockSkew(this.accessTokenExpiresSkew)).build();
+				.password((configurer) -> configurer.clockSkew(this.accessTokenExpiresSkew)).build();
 		if (this.authorizedClientManager instanceof UnAuthenticatedReactiveOAuth2AuthorizedClientManager) {
 			((UnAuthenticatedReactiveOAuth2AuthorizedClientManager) this.authorizedClientManager)
 					.setAuthorizedClientProvider(authorizedClientProvider);
@@ -423,14 +423,14 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements
 
 	@Override
 	public Mono<ClientResponse> filter(ClientRequest request, ExchangeFunction next) {
-		return authorizedClient(request).map(authorizedClient -> bearer(request, authorizedClient))
-				.flatMap(requestWithBearer -> exchangeAndHandleResponse(requestWithBearer, next))
+		return authorizedClient(request).map((authorizedClient) -> bearer(request, authorizedClient))
+				.flatMap((requestWithBearer) -> exchangeAndHandleResponse(requestWithBearer, next))
 				.switchIfEmpty(Mono.defer(() -> exchangeAndHandleResponse(request, next)));
 	}
 
 	private Mono<ClientResponse> exchangeAndHandleResponse(ClientRequest request, ExchangeFunction next) {
 		return next.exchange(request)
-				.transform(responseMono -> this.clientResponseHandler.handleResponse(request, responseMono));
+				.transform((responseMono) -> this.clientResponseHandler.handleResponse(request, responseMono));
 	}
 
 	private Mono<OAuth2AuthorizedClient> authorizedClient(ClientRequest request) {
@@ -438,7 +438,7 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements
 		return Mono.justOrEmpty(authorizedClientFromAttrs)
 				.switchIfEmpty(
 						Mono.defer(() -> authorizeRequest(request).flatMap(this.authorizedClientManager::authorize)))
-				.flatMap(authorizedClient -> reauthorizeRequest(request, authorizedClient)
+				.flatMap((authorizedClient) -> reauthorizeRequest(request, authorizedClient)
 						.flatMap(this.authorizedClientManager::authorize));
 	}
 
@@ -447,10 +447,10 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements
 
 		Mono<Optional<ServerWebExchange>> serverWebExchange = effectiveServerWebExchange(request);
 
-		return Mono.zip(clientRegistrationId, this.currentAuthenticationMono, serverWebExchange).map(t3 -> {
+		return Mono.zip(clientRegistrationId, this.currentAuthenticationMono, serverWebExchange).map((t3) -> {
 			OAuth2AuthorizeRequest.Builder builder = OAuth2AuthorizeRequest.withClientRegistrationId(t3.getT1())
 					.principal(t3.getT2());
-			t3.getT3().ifPresent(exchange -> builder.attribute(ServerWebExchange.class.getName(), exchange));
+			t3.getT3().ifPresent((exchange) -> builder.attribute(ServerWebExchange.class.getName(), exchange));
 			return builder.build();
 		});
 	}
@@ -489,17 +489,17 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements
 			OAuth2AuthorizedClient authorizedClient) {
 		Mono<Optional<ServerWebExchange>> serverWebExchange = effectiveServerWebExchange(request);
 
-		return Mono.zip(this.currentAuthenticationMono, serverWebExchange).map(t2 -> {
+		return Mono.zip(this.currentAuthenticationMono, serverWebExchange).map((t2) -> {
 			OAuth2AuthorizeRequest.Builder builder = OAuth2AuthorizeRequest.withAuthorizedClient(authorizedClient)
 					.principal(t2.getT1());
-			t2.getT2().ifPresent(exchange -> builder.attribute(ServerWebExchange.class.getName(), exchange));
+			t2.getT2().ifPresent((exchange) -> builder.attribute(ServerWebExchange.class.getName(), exchange));
 			return builder.build();
 		});
 	}
 
 	private ClientRequest bearer(ClientRequest request, OAuth2AuthorizedClient authorizedClient) {
 		return ClientRequest.from(request)
-				.headers(headers -> headers.setBearerAuth(authorizedClient.getAccessToken().getTokenValue())).build();
+				.headers((headers) -> headers.setBearerAuth(authorizedClient.getAccessToken().getTokenValue())).build();
 	}
 
 	/**
@@ -565,14 +565,15 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements
 			String clientRegistrationId = authorizeRequest.getClientRegistrationId();
 			Authentication principal = authorizeRequest.getPrincipal();
 
-			return Mono.justOrEmpty(authorizeRequest.getAuthorizedClient()).switchIfEmpty(Mono.defer(
-					() -> this.authorizedClientRepository.loadAuthorizedClient(clientRegistrationId, principal, null)))
-					.flatMap(authorizedClient -> {
+			return Mono.justOrEmpty(authorizeRequest.getAuthorizedClient())
+					.switchIfEmpty(Mono.defer(() -> this.authorizedClientRepository
+							.loadAuthorizedClient(clientRegistrationId, principal, null)))
+					.flatMap((authorizedClient) -> {
 						// Re-authorize
 						return Mono
 								.just(OAuth2AuthorizationContext.withAuthorizedClient(authorizedClient)
 										.principal(principal).build())
-								.flatMap(authorizationContext -> authorize(authorizationContext, principal))
+								.flatMap((authorizationContext) -> authorize(authorizationContext, principal))
 								// Default to the existing authorizedClient if the client
 								// was not re-authorized
 								.defaultIfEmpty(authorizeRequest.getAuthorizedClient() != null
@@ -582,9 +583,9 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements
 					this.clientRegistrationRepository.findByRegistrationId(clientRegistrationId)
 							.switchIfEmpty(Mono.error(() -> new IllegalArgumentException(
 									"Could not find ClientRegistration with id '" + clientRegistrationId + "'")))
-							.flatMap(clientRegistration -> Mono.just(OAuth2AuthorizationContext
+							.flatMap((clientRegistration) -> Mono.just(OAuth2AuthorizationContext
 									.withClientRegistration(clientRegistration).principal(principal).build()))
-							.flatMap(authorizationContext -> authorize(authorizationContext, principal))));
+							.flatMap((authorizationContext) -> authorize(authorizationContext, principal))));
 		}
 
 		/**
@@ -604,13 +605,13 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements
 			return this.authorizedClientProvider.authorize(authorizationContext)
 					// Delegates to the authorizationSuccessHandler of the successful
 					// authorization
-					.flatMap(authorizedClient -> this.authorizationSuccessHandler
+					.flatMap((authorizedClient) -> this.authorizationSuccessHandler
 							.onAuthorizationSuccess(authorizedClient, principal, Collections.emptyMap())
 							.thenReturn(authorizedClient))
 					// Delegates to the authorizationFailureHandler of the failed
 					// authorization
 					.onErrorResume(OAuth2AuthorizationException.class,
-							authorizationException -> this.authorizationFailureHandler
+							(authorizationException) -> this.authorizationFailureHandler
 									.onAuthorizationFailure(authorizationException, principal, Collections.emptyMap())
 									.then(Mono.error(authorizationException)));
 		}
@@ -654,15 +655,15 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements
 
 		@Override
 		public Mono<ClientResponse> handleResponse(ClientRequest request, Mono<ClientResponse> responseMono) {
-			return responseMono.flatMap(response -> handleResponse(request, response).thenReturn(response))
+			return responseMono.flatMap((response) -> handleResponse(request, response).thenReturn(response))
 					.onErrorResume(WebClientResponseException.class,
-							e -> handleWebClientResponseException(request, e).then(Mono.error(e)))
+							(e) -> handleWebClientResponseException(request, e).then(Mono.error(e)))
 					.onErrorResume(OAuth2AuthorizationException.class,
-							e -> handleAuthorizationException(request, e).then(Mono.error(e)));
+							(e) -> handleAuthorizationException(request, e).then(Mono.error(e)));
 		}
 
 		private Mono<Void> handleResponse(ClientRequest request, ClientResponse response) {
-			return Mono.justOrEmpty(resolveErrorIfPossible(response)).flatMap(oauth2Error -> {
+			return Mono.justOrEmpty(resolveErrorIfPossible(response)).flatMap((oauth2Error) -> {
 				Mono<Optional<ServerWebExchange>> serverWebExchange = effectiveServerWebExchange(request);
 
 				Mono<String> clientRegistrationId = effectiveClientRegistrationId(request);
@@ -670,7 +671,7 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements
 				return Mono
 						.zip(ServerOAuth2AuthorizedClientExchangeFilterFunction.this.currentAuthenticationMono,
 								serverWebExchange, clientRegistrationId)
-						.flatMap(tuple3 -> handleAuthorizationFailure(tuple3.getT1(), // Authentication
+						.flatMap((tuple3) -> handleAuthorizationFailure(tuple3.getT1(), // Authentication
 																						// principal
 								tuple3.getT2().orElse(null), // ServerWebExchange exchange
 								new ClientAuthorizationException(oauth2Error, tuple3.getT3()))); // String
@@ -701,12 +702,13 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements
 		}
 
 		private Map<String, String> parseAuthParameters(String wwwAuthenticateHeader) {
-			return Stream.of(wwwAuthenticateHeader).filter(header -> !StringUtils.isEmpty(header))
-					.filter(header -> header.toLowerCase().startsWith("bearer"))
-					.map(header -> header.substring("bearer".length())).map(header -> header.split(","))
-					.flatMap(Stream::of).map(parameter -> parameter.split("="))
-					.filter(parameter -> parameter.length > 1).collect(Collectors.toMap(
-							parameters -> parameters[0].trim(), parameters -> parameters[1].trim().replace("\"", "")));
+			return Stream.of(wwwAuthenticateHeader).filter((header) -> !StringUtils.isEmpty(header))
+					.filter((header) -> header.toLowerCase().startsWith("bearer"))
+					.map((header) -> header.substring("bearer".length())).map((header) -> header.split(","))
+					.flatMap(Stream::of).map((parameter) -> parameter.split("="))
+					.filter((parameter) -> parameter.length > 1)
+					.collect(Collectors.toMap((parameters) -> parameters[0].trim(),
+							(parameters) -> parameters[1].trim().replace("\"", "")));
 		}
 
 		/**
@@ -720,7 +722,7 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements
 		 */
 		private Mono<Void> handleWebClientResponseException(ClientRequest request,
 				WebClientResponseException exception) {
-			return Mono.justOrEmpty(resolveErrorIfPossible(exception.getRawStatusCode())).flatMap(oauth2Error -> {
+			return Mono.justOrEmpty(resolveErrorIfPossible(exception.getRawStatusCode())).flatMap((oauth2Error) -> {
 				Mono<Optional<ServerWebExchange>> serverWebExchange = effectiveServerWebExchange(request);
 
 				Mono<String> clientRegistrationId = effectiveClientRegistrationId(request);
@@ -728,7 +730,7 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements
 				return Mono
 						.zip(ServerOAuth2AuthorizedClientExchangeFilterFunction.this.currentAuthenticationMono,
 								serverWebExchange, clientRegistrationId)
-						.flatMap(tuple3 -> handleAuthorizationFailure(tuple3.getT1(), // Authentication
+						.flatMap((tuple3) -> handleAuthorizationFailure(tuple3.getT1(), // Authentication
 																						// principal
 								tuple3.getT2().orElse(null), // ServerWebExchange exchange
 								new ClientAuthorizationException(oauth2Error, tuple3.getT3(), // String
@@ -750,7 +752,7 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements
 
 			return Mono.zip(ServerOAuth2AuthorizedClientExchangeFilterFunction.this.currentAuthenticationMono,
 					serverWebExchange).flatMap(
-							tuple2 -> handleAuthorizationFailure(tuple2.getT1(), // Authentication
+							(tuple2) -> handleAuthorizationFailure(tuple2.getT1(), // Authentication
 																					// principal
 									tuple2.getT2().orElse(null), // ServerWebExchange
 																	// exchange
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunction.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunction.java
index ef8b4a80d9..aa6a237fdb 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunction.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunction.java
@@ -259,9 +259,9 @@ public final class ServletOAuth2AuthorizedClientExchangeFilterFunction implement
 
 	private void updateDefaultAuthorizedClientManager() {
 		OAuth2AuthorizedClientProvider authorizedClientProvider = OAuth2AuthorizedClientProviderBuilder.builder()
-				.authorizationCode().refreshToken(configurer -> configurer.clockSkew(this.accessTokenExpiresSkew))
+				.authorizationCode().refreshToken((configurer) -> configurer.clockSkew(this.accessTokenExpiresSkew))
 				.clientCredentials(this::updateClientCredentialsProvider)
-				.password(configurer -> configurer.clockSkew(this.accessTokenExpiresSkew)).build();
+				.password((configurer) -> configurer.clockSkew(this.accessTokenExpiresSkew)).build();
 		((DefaultOAuth2AuthorizedClientManager) this.authorizedClientManager)
 				.setAuthorizedClientProvider(authorizedClientProvider);
 	}
@@ -302,7 +302,7 @@ public final class ServletOAuth2AuthorizedClientExchangeFilterFunction implement
 	 * @return the {@link Consumer} to configure the builder
 	 */
 	public Consumer<WebClient.Builder> oauth2Configuration() {
-		return builder -> builder.defaultRequest(defaultRequest()).filter(this);
+		return (builder) -> builder.defaultRequest(defaultRequest()).filter(this);
 	}
 
 	/**
@@ -315,7 +315,7 @@ public final class ServletOAuth2AuthorizedClientExchangeFilterFunction implement
 	 * @return the {@link Consumer} to populate the attributes
 	 */
 	public Consumer<WebClient.RequestHeadersSpec<?>> defaultRequest() {
-		return spec -> spec.attributes(attrs -> {
+		return (spec) -> spec.attributes((attrs) -> {
 			populateDefaultRequestResponse(attrs);
 			populateDefaultAuthentication(attrs);
 		});
@@ -328,7 +328,7 @@ public final class ServletOAuth2AuthorizedClientExchangeFilterFunction implement
 	 * @return the {@link Consumer} to populate the attributes
 	 */
 	public static Consumer<Map<String, Object>> oauth2AuthorizedClient(OAuth2AuthorizedClient authorizedClient) {
-		return attributes -> {
+		return (attributes) -> {
 			if (authorizedClient == null) {
 				attributes.remove(OAUTH2_AUTHORIZED_CLIENT_ATTR_NAME);
 			}
@@ -347,7 +347,7 @@ public final class ServletOAuth2AuthorizedClientExchangeFilterFunction implement
 	 * @return the {@link Consumer} to populate the attributes
 	 */
 	public static Consumer<Map<String, Object>> clientRegistrationId(String clientRegistrationId) {
-		return attributes -> attributes.put(CLIENT_REGISTRATION_ID_ATTR_NAME, clientRegistrationId);
+		return (attributes) -> attributes.put(CLIENT_REGISTRATION_ID_ATTR_NAME, clientRegistrationId);
 	}
 
 	/**
@@ -359,7 +359,7 @@ public final class ServletOAuth2AuthorizedClientExchangeFilterFunction implement
 	 * @return the {@link Consumer} to populate the attributes
 	 */
 	public static Consumer<Map<String, Object>> authentication(Authentication authentication) {
-		return attributes -> attributes.put(AUTHENTICATION_ATTR_NAME, authentication);
+		return (attributes) -> attributes.put(AUTHENTICATION_ATTR_NAME, authentication);
 	}
 
 	/**
@@ -371,7 +371,7 @@ public final class ServletOAuth2AuthorizedClientExchangeFilterFunction implement
 	 * @return the {@link Consumer} to populate the attributes
 	 */
 	public static Consumer<Map<String, Object>> httpServletRequest(HttpServletRequest request) {
-		return attributes -> attributes.put(HTTP_SERVLET_REQUEST_ATTR_NAME, request);
+		return (attributes) -> attributes.put(HTTP_SERVLET_REQUEST_ATTR_NAME, request);
 	}
 
 	/**
@@ -383,7 +383,7 @@ public final class ServletOAuth2AuthorizedClientExchangeFilterFunction implement
 	 * @return the {@link Consumer} to populate the attributes
 	 */
 	public static Consumer<Map<String, Object>> httpServletResponse(HttpServletResponse response) {
-		return attributes -> attributes.put(HTTP_SERVLET_RESPONSE_ATTR_NAME, response);
+		return (attributes) -> attributes.put(HTTP_SERVLET_RESPONSE_ATTR_NAME, response);
 	}
 
 	/**
@@ -432,19 +432,19 @@ public final class ServletOAuth2AuthorizedClientExchangeFilterFunction implement
 	@Override
 	public Mono<ClientResponse> filter(ClientRequest request, ExchangeFunction next) {
 		return mergeRequestAttributesIfNecessary(request)
-				.filter(req -> req.attribute(OAUTH2_AUTHORIZED_CLIENT_ATTR_NAME).isPresent())
-				.flatMap(req -> reauthorizeClient(getOAuth2AuthorizedClient(req.attributes()), req))
+				.filter((req) -> req.attribute(OAUTH2_AUTHORIZED_CLIENT_ATTR_NAME).isPresent())
+				.flatMap((req) -> reauthorizeClient(getOAuth2AuthorizedClient(req.attributes()), req))
 				.switchIfEmpty(Mono.defer(() -> mergeRequestAttributesIfNecessary(request)
-						.filter(req -> resolveClientRegistrationId(req) != null)
-						.flatMap(req -> authorizeClient(resolveClientRegistrationId(req), req))))
-				.map(authorizedClient -> bearer(request, authorizedClient))
-				.flatMap(requestWithBearer -> exchangeAndHandleResponse(requestWithBearer, next))
+						.filter((req) -> resolveClientRegistrationId(req) != null)
+						.flatMap((req) -> authorizeClient(resolveClientRegistrationId(req), req))))
+				.map((authorizedClient) -> bearer(request, authorizedClient))
+				.flatMap((requestWithBearer) -> exchangeAndHandleResponse(requestWithBearer, next))
 				.switchIfEmpty(Mono.defer(() -> exchangeAndHandleResponse(request, next)));
 	}
 
 	private Mono<ClientResponse> exchangeAndHandleResponse(ClientRequest request, ExchangeFunction next) {
 		return next.exchange(request)
-				.transform(responseMono -> this.clientResponseHandler.handleResponse(request, responseMono));
+				.transform((responseMono) -> this.clientResponseHandler.handleResponse(request, responseMono));
 	}
 
 	private Mono<ClientRequest> mergeRequestAttributesIfNecessary(ClientRequest request) {
@@ -460,7 +460,8 @@ public final class ServletOAuth2AuthorizedClientExchangeFilterFunction implement
 
 	private Mono<ClientRequest> mergeRequestAttributesFromContext(ClientRequest request) {
 		ClientRequest.Builder builder = ClientRequest.from(request);
-		return Mono.subscriberContext().map(ctx -> builder.attributes(attrs -> populateRequestAttributes(attrs, ctx)))
+		return Mono.subscriberContext()
+				.map((ctx) -> builder.attributes((attrs) -> populateRequestAttributes(attrs, ctx)))
 				.map(ClientRequest.Builder::build);
 	}
 
@@ -532,7 +533,7 @@ public final class ServletOAuth2AuthorizedClientExchangeFilterFunction implement
 
 		OAuth2AuthorizeRequest.Builder builder = OAuth2AuthorizeRequest.withClientRegistrationId(clientRegistrationId)
 				.principal(authentication);
-		builder.attributes(attributes -> {
+		builder.attributes((attributes) -> {
 			if (servletRequest != null) {
 				attributes.put(HttpServletRequest.class.getName(), servletRequest);
 			}
@@ -565,7 +566,7 @@ public final class ServletOAuth2AuthorizedClientExchangeFilterFunction implement
 
 		OAuth2AuthorizeRequest.Builder builder = OAuth2AuthorizeRequest.withAuthorizedClient(authorizedClient)
 				.principal(authentication);
-		builder.attributes(attributes -> {
+		builder.attributes((attributes) -> {
 			if (servletRequest != null) {
 				attributes.put(HttpServletRequest.class.getName(), servletRequest);
 			}
@@ -585,7 +586,7 @@ public final class ServletOAuth2AuthorizedClientExchangeFilterFunction implement
 
 	private ClientRequest bearer(ClientRequest request, OAuth2AuthorizedClient authorizedClient) {
 		return ClientRequest.from(request)
-				.headers(headers -> headers.setBearerAuth(authorizedClient.getAccessToken().getTokenValue()))
+				.headers((headers) -> headers.setBearerAuth(authorizedClient.getAccessToken().getTokenValue()))
 				.attributes(oauth2AuthorizedClient(authorizedClient)).build();
 	}
 
@@ -664,15 +665,15 @@ public final class ServletOAuth2AuthorizedClientExchangeFilterFunction implement
 
 		@Override
 		public Mono<ClientResponse> handleResponse(ClientRequest request, Mono<ClientResponse> responseMono) {
-			return responseMono.flatMap(response -> handleResponse(request, response).thenReturn(response))
+			return responseMono.flatMap((response) -> handleResponse(request, response).thenReturn(response))
 					.onErrorResume(WebClientResponseException.class,
-							e -> handleWebClientResponseException(request, e).then(Mono.error(e)))
+							(e) -> handleWebClientResponseException(request, e).then(Mono.error(e)))
 					.onErrorResume(OAuth2AuthorizationException.class,
-							e -> handleAuthorizationException(request, e).then(Mono.error(e)));
+							(e) -> handleAuthorizationException(request, e).then(Mono.error(e)));
 		}
 
 		private Mono<Void> handleResponse(ClientRequest request, ClientResponse response) {
-			return Mono.justOrEmpty(resolveErrorIfPossible(response)).flatMap(oauth2Error -> {
+			return Mono.justOrEmpty(resolveErrorIfPossible(response)).flatMap((oauth2Error) -> {
 				Map<String, Object> attrs = request.attributes();
 				OAuth2AuthorizedClient authorizedClient = getOAuth2AuthorizedClient(attrs);
 				if (authorizedClient == null) {
@@ -713,12 +714,13 @@ public final class ServletOAuth2AuthorizedClientExchangeFilterFunction implement
 		}
 
 		private Map<String, String> parseAuthParameters(String wwwAuthenticateHeader) {
-			return Stream.of(wwwAuthenticateHeader).filter(header -> !StringUtils.isEmpty(header))
-					.filter(header -> header.toLowerCase().startsWith("bearer"))
-					.map(header -> header.substring("bearer".length())).map(header -> header.split(","))
-					.flatMap(Stream::of).map(parameter -> parameter.split("="))
-					.filter(parameter -> parameter.length > 1).collect(Collectors.toMap(
-							parameters -> parameters[0].trim(), parameters -> parameters[1].trim().replace("\"", "")));
+			return Stream.of(wwwAuthenticateHeader).filter((header) -> !StringUtils.isEmpty(header))
+					.filter((header) -> header.toLowerCase().startsWith("bearer"))
+					.map((header) -> header.substring("bearer".length())).map((header) -> header.split(","))
+					.flatMap(Stream::of).map((parameter) -> parameter.split("="))
+					.filter((parameter) -> parameter.length > 1)
+					.collect(Collectors.toMap((parameters) -> parameters[0].trim(),
+							(parameters) -> parameters[1].trim().replace("\"", "")));
 		}
 
 		/**
@@ -732,7 +734,7 @@ public final class ServletOAuth2AuthorizedClientExchangeFilterFunction implement
 		 */
 		private Mono<Void> handleWebClientResponseException(ClientRequest request,
 				WebClientResponseException exception) {
-			return Mono.justOrEmpty(resolveErrorIfPossible(exception.getRawStatusCode())).flatMap(oauth2Error -> {
+			return Mono.justOrEmpty(resolveErrorIfPossible(exception.getRawStatusCode())).flatMap((oauth2Error) -> {
 				Map<String, Object> attrs = request.attributes();
 				OAuth2AuthorizedClient authorizedClient = getOAuth2AuthorizedClient(attrs);
 				if (authorizedClient == null) {
@@ -761,7 +763,7 @@ public final class ServletOAuth2AuthorizedClientExchangeFilterFunction implement
 		 */
 		private Mono<Void> handleAuthorizationException(ClientRequest request,
 				OAuth2AuthorizationException authorizationException) {
-			return Mono.justOrEmpty(request).flatMap(req -> {
+			return Mono.justOrEmpty(request).flatMap((req) -> {
 				Map<String, Object> attrs = req.attributes();
 				OAuth2AuthorizedClient authorizedClient = getOAuth2AuthorizedClient(attrs);
 				if (authorizedClient == null) {
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/result/method/annotation/OAuth2AuthorizedClientArgumentResolver.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/result/method/annotation/OAuth2AuthorizedClientArgumentResolver.java
index 68689fadbc..b014eb2dd6 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/result/method/annotation/OAuth2AuthorizedClientArgumentResolver.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/result/method/annotation/OAuth2AuthorizedClientArgumentResolver.java
@@ -125,7 +125,7 @@ public final class OAuth2AuthorizedClientArgumentResolver implements HandlerMeth
 				.switchIfEmpty(currentServerWebExchange());
 
 		return Mono.zip(defaultedRegistrationId, defaultedAuthentication, defaultedExchange)
-				.map(t3 -> OAuth2AuthorizeRequest.withClientRegistrationId(t3.getT1()).principal(t3.getT2())
+				.map((t3) -> OAuth2AuthorizeRequest.withClientRegistrationId(t3.getT1()).principal(t3.getT2())
 						.attribute(ServerWebExchange.class.getName(), t3.getT3()).build());
 	}
 
@@ -135,13 +135,14 @@ public final class OAuth2AuthorizedClientArgumentResolver implements HandlerMeth
 	}
 
 	private Mono<String> clientRegistrationId(Mono<Authentication> authentication) {
-		return authentication.filter(t -> t instanceof OAuth2AuthenticationToken).cast(OAuth2AuthenticationToken.class)
+		return authentication.filter((t) -> t instanceof OAuth2AuthenticationToken)
+				.cast(OAuth2AuthenticationToken.class)
 				.map(OAuth2AuthenticationToken::getAuthorizedClientRegistrationId);
 	}
 
 	private Mono<ServerWebExchange> currentServerWebExchange() {
-		return Mono.subscriberContext().filter(c -> c.hasKey(ServerWebExchange.class))
-				.map(c -> c.get(ServerWebExchange.class));
+		return Mono.subscriberContext().filter((c) -> c.hasKey(ServerWebExchange.class))
+				.map((c) -> c.get(ServerWebExchange.class));
 	}
 
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolver.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolver.java
index a30ce7849b..b8d725a59e 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolver.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolver.java
@@ -87,7 +87,7 @@ public class DefaultServerOAuth2AuthorizationRequestResolver implements ServerOA
 	private final StringKeyGenerator secureKeyGenerator = new Base64StringKeyGenerator(
 			Base64.getUrlEncoder().withoutPadding(), 96);
 
-	private Consumer<OAuth2AuthorizationRequest.Builder> authorizationRequestCustomizer = customizer -> {
+	private Consumer<OAuth2AuthorizationRequest.Builder> authorizationRequestCustomizer = (customizer) -> {
 	};
 
 	/**
@@ -120,16 +120,16 @@ public class DefaultServerOAuth2AuthorizationRequestResolver implements ServerOA
 
 	@Override
 	public Mono<OAuth2AuthorizationRequest> resolve(ServerWebExchange exchange) {
-		return this.authorizationRequestMatcher.matches(exchange).filter(matchResult -> matchResult.isMatch())
+		return this.authorizationRequestMatcher.matches(exchange).filter((matchResult) -> matchResult.isMatch())
 				.map(ServerWebExchangeMatcher.MatchResult::getVariables)
-				.map(variables -> variables.get(DEFAULT_REGISTRATION_ID_URI_VARIABLE_NAME)).cast(String.class)
-				.flatMap(clientRegistrationId -> resolve(exchange, clientRegistrationId));
+				.map((variables) -> variables.get(DEFAULT_REGISTRATION_ID_URI_VARIABLE_NAME)).cast(String.class)
+				.flatMap((clientRegistrationId) -> resolve(exchange, clientRegistrationId));
 	}
 
 	@Override
 	public Mono<OAuth2AuthorizationRequest> resolve(ServerWebExchange exchange, String clientRegistrationId) {
 		return this.findByRegistrationId(exchange, clientRegistrationId)
-				.map(clientRegistration -> authorizationRequest(exchange, clientRegistration));
+				.map((clientRegistration) -> authorizationRequest(exchange, clientRegistration));
 	}
 
 	/**
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationCodeGrantWebFilter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationCodeGrantWebFilter.java
index 6ea168f55a..b7e68fbe8a 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationCodeGrantWebFilter.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationCodeGrantWebFilter.java
@@ -204,12 +204,12 @@ public class OAuth2AuthorizationCodeGrantWebFilter implements WebFilter {
 	public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
 		return this.requiresAuthenticationMatcher.matches(exchange)
 				.filter(ServerWebExchangeMatcher.MatchResult::isMatch)
-				.flatMap(matchResult -> this.authenticationConverter.convert(exchange).onErrorMap(
+				.flatMap((matchResult) -> this.authenticationConverter.convert(exchange).onErrorMap(
 						OAuth2AuthorizationException.class,
-						e -> new OAuth2AuthenticationException(e.getError(), e.getError().toString())))
+						(e) -> new OAuth2AuthenticationException(e.getError(), e.getError().toString())))
 				.switchIfEmpty(chain.filter(exchange).then(Mono.empty()))
-				.flatMap(token -> authenticate(exchange, chain, token))
-				.onErrorResume(AuthenticationException.class, e -> this.authenticationFailureHandler
+				.flatMap((token) -> authenticate(exchange, chain, token))
+				.onErrorResume(AuthenticationException.class, (e) -> this.authenticationFailureHandler
 						.onAuthenticationFailure(new WebFilterExchange(exchange, chain), e));
 	}
 
@@ -217,12 +217,12 @@ public class OAuth2AuthorizationCodeGrantWebFilter implements WebFilter {
 		WebFilterExchange webFilterExchange = new WebFilterExchange(exchange, chain);
 		return this.authenticationManager.authenticate(token)
 				.onErrorMap(OAuth2AuthorizationException.class,
-						e -> new OAuth2AuthenticationException(e.getError(), e.getError().toString()))
+						(e) -> new OAuth2AuthenticationException(e.getError(), e.getError().toString()))
 				.switchIfEmpty(Mono.defer(
 						() -> Mono.error(new IllegalStateException("No provider found for " + token.getClass()))))
-				.flatMap(authentication -> onAuthenticationSuccess(authentication, webFilterExchange))
+				.flatMap((authentication) -> onAuthenticationSuccess(authentication, webFilterExchange))
 				.onErrorResume(AuthenticationException.class,
-						e -> this.authenticationFailureHandler.onAuthenticationFailure(webFilterExchange, e));
+						(e) -> this.authenticationFailureHandler.onAuthenticationFailure(webFilterExchange, e));
 	}
 
 	private Mono<Void> onAuthenticationSuccess(Authentication authentication, WebFilterExchange webFilterExchange) {
@@ -232,15 +232,15 @@ public class OAuth2AuthorizationCodeGrantWebFilter implements WebFilter {
 				authenticationResult.getAccessToken(), authenticationResult.getRefreshToken());
 		return this.authenticationSuccessHandler.onAuthenticationSuccess(webFilterExchange, authentication)
 				.then(ReactiveSecurityContextHolder.getContext().map(SecurityContext::getAuthentication)
-						.defaultIfEmpty(this.anonymousToken).flatMap(principal -> this.authorizedClientRepository
+						.defaultIfEmpty(this.anonymousToken).flatMap((principal) -> this.authorizedClientRepository
 								.saveAuthorizedClient(authorizedClient, principal, webFilterExchange.getExchange())));
 	}
 
 	private Mono<ServerWebExchangeMatcher.MatchResult> matchesAuthorizationResponse(ServerWebExchange exchange) {
 		return Mono.just(exchange).filter(
-				exch -> OAuth2AuthorizationResponseUtils.isAuthorizationResponse(exch.getRequest().getQueryParams()))
-				.flatMap(exch -> this.authorizationRequestRepository.loadAuthorizationRequest(exchange)
-						.flatMap(authorizationRequest -> matchesRedirectUri(exch.getRequest().getURI(),
+				(exch) -> OAuth2AuthorizationResponseUtils.isAuthorizationResponse(exch.getRequest().getQueryParams()))
+				.flatMap((exch) -> this.authorizationRequestRepository.loadAuthorizationRequest(exchange)
+						.flatMap((authorizationRequest) -> matchesRedirectUri(exch.getRequest().getURI(),
 								authorizationRequest.getRedirectUri())))
 				.switchIfEmpty(ServerWebExchangeMatcher.MatchResult.notMatch());
 	}
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationRequestRedirectWebFilter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationRequestRedirectWebFilter.java
index 4eb36c1d5d..b1ae82caaf 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationRequestRedirectWebFilter.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationRequestRedirectWebFilter.java
@@ -130,9 +130,9 @@ public class OAuth2AuthorizationRequestRedirectWebFilter implements WebFilter {
 		return this.authorizationRequestResolver.resolve(exchange)
 				.switchIfEmpty(chain.filter(exchange).then(Mono.empty()))
 				.onErrorResume(ClientAuthorizationRequiredException.class,
-						e -> this.requestCache.saveRequest(exchange)
+						(e) -> this.requestCache.saveRequest(exchange)
 								.then(this.authorizationRequestResolver.resolve(exchange, e.getClientRegistrationId())))
-				.flatMap(clientRegistration -> sendRedirectForAuthorization(exchange, clientRegistration));
+				.flatMap((clientRegistration) -> sendRedirectForAuthorization(exchange, clientRegistration));
 	}
 
 	private Mono<Void> sendRedirectForAuthorization(ServerWebExchange exchange,
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizationCodeAuthenticationTokenConverter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizationCodeAuthenticationTokenConverter.java
index 01dd09a1bc..5dd7a7ce49 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizationCodeAuthenticationTokenConverter.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizationCodeAuthenticationTokenConverter.java
@@ -72,7 +72,7 @@ public class ServerOAuth2AuthorizationCodeAuthenticationTokenConverter implement
 	public Mono<Authentication> convert(ServerWebExchange serverWebExchange) {
 		return this.authorizationRequestRepository.removeAuthorizationRequest(serverWebExchange)
 				.switchIfEmpty(oauth2AuthorizationException(AUTHORIZATION_REQUEST_NOT_FOUND_ERROR_CODE))
-				.flatMap(authorizationRequest -> authenticationRequest(serverWebExchange, authorizationRequest));
+				.flatMap((authorizationRequest) -> authenticationRequest(serverWebExchange, authorizationRequest));
 	}
 
 	private <T> Mono<T> oauth2AuthorizationException(String errorCode) {
@@ -84,14 +84,14 @@ public class ServerOAuth2AuthorizationCodeAuthenticationTokenConverter implement
 
 	private Mono<OAuth2AuthorizationCodeAuthenticationToken> authenticationRequest(ServerWebExchange exchange,
 			OAuth2AuthorizationRequest authorizationRequest) {
-		return Mono.just(authorizationRequest).map(OAuth2AuthorizationRequest::getAttributes).flatMap(attributes -> {
+		return Mono.just(authorizationRequest).map(OAuth2AuthorizationRequest::getAttributes).flatMap((attributes) -> {
 			String id = (String) attributes.get(OAuth2ParameterNames.REGISTRATION_ID);
 			if (id == null) {
 				return oauth2AuthorizationException(CLIENT_REGISTRATION_NOT_FOUND_ERROR_CODE);
 			}
 			return this.clientRegistrationRepository.findByRegistrationId(id);
 		}).switchIfEmpty(oauth2AuthorizationException(CLIENT_REGISTRATION_NOT_FOUND_ERROR_CODE))
-				.map(clientRegistration -> {
+				.map((clientRegistration) -> {
 					OAuth2AuthorizationResponse authorizationResponse = convertResponse(exchange);
 					OAuth2AuthorizationCodeAuthenticationToken authenticationRequest = new OAuth2AuthorizationCodeAuthenticationToken(
 							clientRegistration,
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/WebSessionOAuth2ServerAuthorizationRequestRepository.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/WebSessionOAuth2ServerAuthorizationRequestRepository.java
index 558641eeaa..b987ef0b2f 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/WebSessionOAuth2ServerAuthorizationRequestRepository.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/WebSessionOAuth2ServerAuthorizationRequestRepository.java
@@ -53,8 +53,8 @@ public final class WebSessionOAuth2ServerAuthorizationRequestRepository
 			return Mono.empty();
 		}
 		return getStateToAuthorizationRequest(exchange)
-				.filter(stateToAuthorizationRequest -> stateToAuthorizationRequest.containsKey(state))
-				.map(stateToAuthorizationRequest -> stateToAuthorizationRequest.get(state));
+				.filter((stateToAuthorizationRequest) -> stateToAuthorizationRequest.containsKey(state))
+				.map((stateToAuthorizationRequest) -> stateToAuthorizationRequest.get(state));
 	}
 
 	@Override
@@ -62,7 +62,7 @@ public final class WebSessionOAuth2ServerAuthorizationRequestRepository
 			ServerWebExchange exchange) {
 		Assert.notNull(authorizationRequest, "authorizationRequest cannot be null");
 		return saveStateToAuthorizationRequest(exchange)
-				.doOnNext(stateToAuthorizationRequest -> stateToAuthorizationRequest
+				.doOnNext((stateToAuthorizationRequest) -> stateToAuthorizationRequest
 						.put(authorizationRequest.getState(), authorizationRequest))
 				.then();
 	}
@@ -116,13 +116,13 @@ public final class WebSessionOAuth2ServerAuthorizationRequestRepository
 		Assert.notNull(exchange, "exchange cannot be null");
 
 		return getSessionAttributes(exchange).flatMap(
-				sessionAttrs -> Mono.justOrEmpty(this.sessionAttrsMapStateToAuthorizationRequest(sessionAttrs)));
+				(sessionAttrs) -> Mono.justOrEmpty(this.sessionAttrsMapStateToAuthorizationRequest(sessionAttrs)));
 	}
 
 	private Mono<Map<String, OAuth2AuthorizationRequest>> saveStateToAuthorizationRequest(ServerWebExchange exchange) {
 		Assert.notNull(exchange, "exchange cannot be null");
 
-		return getSessionAttributes(exchange).doOnNext(sessionAttrs -> {
+		return getSessionAttributes(exchange).doOnNext((sessionAttrs) -> {
 			Object stateToAuthzRequest = sessionAttrs.get(this.sessionAttributeName);
 
 			if (stateToAuthzRequest == null) {
@@ -133,7 +133,7 @@ public final class WebSessionOAuth2ServerAuthorizationRequestRepository
 			// it into session again
 			// in case of redis or hazelcast session. #6215
 			sessionAttrs.put(this.sessionAttributeName, stateToAuthzRequest);
-		}).flatMap(sessionAttrs -> Mono.justOrEmpty(this.sessionAttrsMapStateToAuthorizationRequest(sessionAttrs)));
+		}).flatMap((sessionAttrs) -> Mono.justOrEmpty(this.sessionAttrsMapStateToAuthorizationRequest(sessionAttrs)));
 	}
 
 	private Map<String, OAuth2AuthorizationRequest> sessionAttrsMapStateToAuthorizationRequest(
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/WebSessionServerOAuth2AuthorizedClientRepository.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/WebSessionServerOAuth2AuthorizedClientRepository.java
index 48fe56bd06..ab410f866f 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/WebSessionServerOAuth2AuthorizedClientRepository.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/WebSessionServerOAuth2AuthorizedClientRepository.java
@@ -51,7 +51,7 @@ public final class WebSessionServerOAuth2AuthorizedClientRepository implements S
 		Assert.hasText(clientRegistrationId, "clientRegistrationId cannot be empty");
 		Assert.notNull(exchange, "exchange cannot be null");
 		return exchange.getSession().map(this::getAuthorizedClients)
-				.flatMap(clients -> Mono.justOrEmpty((T) clients.get(clientRegistrationId)));
+				.flatMap((clients) -> Mono.justOrEmpty((T) clients.get(clientRegistrationId)));
 	}
 
 	@Override
@@ -59,7 +59,7 @@ public final class WebSessionServerOAuth2AuthorizedClientRepository implements S
 			ServerWebExchange exchange) {
 		Assert.notNull(authorizedClient, "authorizedClient cannot be null");
 		Assert.notNull(exchange, "exchange cannot be null");
-		return exchange.getSession().doOnSuccess(session -> {
+		return exchange.getSession().doOnSuccess((session) -> {
 			Map<String, OAuth2AuthorizedClient> authorizedClients = getAuthorizedClients(session);
 			authorizedClients.put(authorizedClient.getClientRegistration().getRegistrationId(), authorizedClient);
 			session.getAttributes().put(this.sessionAttributeName, authorizedClients);
@@ -71,7 +71,7 @@ public final class WebSessionServerOAuth2AuthorizedClientRepository implements S
 			ServerWebExchange exchange) {
 		Assert.hasText(clientRegistrationId, "clientRegistrationId cannot be empty");
 		Assert.notNull(exchange, "exchange cannot be null");
-		return exchange.getSession().doOnSuccess(session -> {
+		return exchange.getSession().doOnSuccess((session) -> {
 			Map<String, OAuth2AuthorizedClient> authorizedClients = getAuthorizedClients(session);
 			authorizedClients.remove(clientRegistrationId);
 			if (authorizedClients.isEmpty()) {
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizationContextTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizationContextTests.java
index db7d9086a8..103fe77dce 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizationContextTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizationContextTests.java
@@ -71,7 +71,7 @@ public class OAuth2AuthorizationContextTests {
 	@Test
 	public void withAuthorizedClientWhenAllValuesProvidedThenAllValuesAreSet() {
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
-				.withAuthorizedClient(this.authorizedClient).principal(this.principal).attributes(attributes -> {
+				.withAuthorizedClient(this.authorizedClient).principal(this.principal).attributes((attributes) -> {
 					attributes.put("attribute1", "value1");
 					attributes.put("attribute2", "value2");
 				}).build();
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizeRequestTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizeRequestTests.java
index 47a0c8420a..5d2d0c8418 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizeRequestTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizeRequestTests.java
@@ -74,7 +74,7 @@ public class OAuth2AuthorizeRequestTests {
 	public void withClientRegistrationIdWhenAllValuesProvidedThenAllValuesAreSet() {
 		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
 				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
-				.attributes(attrs -> {
+				.attributes((attrs) -> {
 					attrs.put("name1", "value1");
 					attrs.put("name2", "value2");
 				}).build();
@@ -88,7 +88,7 @@ public class OAuth2AuthorizeRequestTests {
 	@Test
 	public void withAuthorizedClientWhenAllValuesProvidedThenAllValuesAreSet() {
 		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient)
-				.principal(this.principal).attributes(attrs -> {
+				.principal(this.principal).attributes((attrs) -> {
 					attrs.put("name1", "value1");
 					attrs.put("name2", "value2");
 				}).build();
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientProviderBuilderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientProviderBuilderTests.java
index 0e3190af46..fae43f8872 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientProviderBuilderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientProviderBuilderTests.java
@@ -101,7 +101,8 @@ public class OAuth2AuthorizedClientProviderBuilderTests {
 	@Test
 	public void buildWhenRefreshTokenProviderThenProviderReauthorizes() {
 		OAuth2AuthorizedClientProvider authorizedClientProvider = OAuth2AuthorizedClientProviderBuilder.builder()
-				.refreshToken(configurer -> configurer.accessTokenResponseClient(this.refreshTokenTokenResponseClient))
+				.refreshToken(
+						(configurer) -> configurer.accessTokenResponseClient(this.refreshTokenTokenResponseClient))
 				.build();
 
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(
@@ -120,7 +121,7 @@ public class OAuth2AuthorizedClientProviderBuilderTests {
 	public void buildWhenClientCredentialsProviderThenProviderAuthorizes() {
 		OAuth2AuthorizedClientProvider authorizedClientProvider = OAuth2AuthorizedClientProviderBuilder.builder()
 				.clientCredentials(
-						configurer -> configurer.accessTokenResponseClient(this.clientCredentialsTokenResponseClient))
+						(configurer) -> configurer.accessTokenResponseClient(this.clientCredentialsTokenResponseClient))
 				.build();
 
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
@@ -135,7 +136,8 @@ public class OAuth2AuthorizedClientProviderBuilderTests {
 	@Test
 	public void buildWhenPasswordProviderThenProviderAuthorizes() {
 		OAuth2AuthorizedClientProvider authorizedClientProvider = OAuth2AuthorizedClientProviderBuilder.builder()
-				.password(configurer -> configurer.accessTokenResponseClient(this.passwordTokenResponseClient)).build();
+				.password((configurer) -> configurer.accessTokenResponseClient(this.passwordTokenResponseClient))
+				.build();
 
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
 				.withClientRegistration(TestClientRegistrations.password().build()).principal(this.principal)
@@ -151,10 +153,12 @@ public class OAuth2AuthorizedClientProviderBuilderTests {
 	public void buildWhenAllProvidersThenProvidersAuthorize() {
 		OAuth2AuthorizedClientProvider authorizedClientProvider = OAuth2AuthorizedClientProviderBuilder.builder()
 				.authorizationCode()
-				.refreshToken(configurer -> configurer.accessTokenResponseClient(this.refreshTokenTokenResponseClient))
+				.refreshToken(
+						(configurer) -> configurer.accessTokenResponseClient(this.refreshTokenTokenResponseClient))
 				.clientCredentials(
-						configurer -> configurer.accessTokenResponseClient(this.clientCredentialsTokenResponseClient))
-				.password(configurer -> configurer.accessTokenResponseClient(this.passwordTokenResponseClient)).build();
+						(configurer) -> configurer.accessTokenResponseClient(this.clientCredentialsTokenResponseClient))
+				.password((configurer) -> configurer.accessTokenResponseClient(this.passwordTokenResponseClient))
+				.build();
 
 		ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build();
 
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProviderTests.java
index 840d60e630..7833f2ab05 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProviderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProviderTests.java
@@ -167,7 +167,7 @@ public class OAuth2LoginAuthenticationProviderTests {
 
 		OAuth2User principal = mock(OAuth2User.class);
 		List<GrantedAuthority> authorities = AuthorityUtils.createAuthorityList("ROLE_USER");
-		given(principal.getAuthorities()).willAnswer((Answer<List<GrantedAuthority>>) invocation -> authorities);
+		given(principal.getAuthorities()).willAnswer((Answer<List<GrantedAuthority>>) (invocation) -> authorities);
 		given(this.userService.loadUser(any())).willReturn(principal);
 
 		OAuth2LoginAuthenticationToken authentication = (OAuth2LoginAuthenticationToken) this.authenticationProvider
@@ -190,13 +190,13 @@ public class OAuth2LoginAuthenticationProviderTests {
 
 		OAuth2User principal = mock(OAuth2User.class);
 		List<GrantedAuthority> authorities = AuthorityUtils.createAuthorityList("ROLE_USER");
-		given(principal.getAuthorities()).willAnswer((Answer<List<GrantedAuthority>>) invocation -> authorities);
+		given(principal.getAuthorities()).willAnswer((Answer<List<GrantedAuthority>>) (invocation) -> authorities);
 		given(this.userService.loadUser(any())).willReturn(principal);
 
 		List<GrantedAuthority> mappedAuthorities = AuthorityUtils.createAuthorityList("ROLE_OAUTH2_USER");
 		GrantedAuthoritiesMapper authoritiesMapper = mock(GrantedAuthoritiesMapper.class);
 		given(authoritiesMapper.mapAuthorities(anyCollection()))
-				.willAnswer((Answer<List<GrantedAuthority>>) invocation -> mappedAuthorities);
+				.willAnswer((Answer<List<GrantedAuthority>>) (invocation) -> mappedAuthorities);
 		this.authenticationProvider.setAuthoritiesMapper(authoritiesMapper);
 
 		OAuth2LoginAuthenticationToken authentication = (OAuth2LoginAuthenticationToken) this.authenticationProvider
@@ -213,7 +213,7 @@ public class OAuth2LoginAuthenticationProviderTests {
 
 		OAuth2User principal = mock(OAuth2User.class);
 		List<GrantedAuthority> authorities = AuthorityUtils.createAuthorityList("ROLE_USER");
-		given(principal.getAuthorities()).willAnswer((Answer<List<GrantedAuthority>>) invocation -> authorities);
+		given(principal.getAuthorities()).willAnswer((Answer<List<GrantedAuthority>>) (invocation) -> authorities);
 		ArgumentCaptor<OAuth2UserRequest> userRequestArgCaptor = ArgumentCaptor.forClass(OAuth2UserRequest.class);
 		given(this.userService.loadUser(userRequestArgCaptor.capture())).willReturn(principal);
 
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginReactiveAuthenticationManagerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginReactiveAuthenticationManagerTests.java
index f16c1db8c6..977feff17d 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginReactiveAuthenticationManagerTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginReactiveAuthenticationManagerTests.java
@@ -197,7 +197,7 @@ public class OAuth2LoginReactiveAuthenticationManagerTests {
 		List<GrantedAuthority> mappedAuthorities = AuthorityUtils.createAuthorityList("ROLE_OAUTH_USER");
 		GrantedAuthoritiesMapper authoritiesMapper = mock(GrantedAuthoritiesMapper.class);
 		given(authoritiesMapper.mapAuthorities(anyCollection()))
-				.willAnswer((Answer<List<GrantedAuthority>>) invocation -> mappedAuthorities);
+				.willAnswer((Answer<List<GrantedAuthority>>) (invocation) -> mappedAuthorities);
 		this.manager.setAuthoritiesMapper(authoritiesMapper);
 
 		OAuth2LoginAuthenticationToken result = (OAuth2LoginAuthenticationToken) this.manager.authenticate(loginToken())
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveAuthorizationCodeTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveAuthorizationCodeTokenResponseClientTests.java
index 16f7d1c589..f2a2dba39e 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveAuthorizationCodeTokenResponseClientTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveAuthorizationCodeTokenResponseClientTests.java
@@ -190,7 +190,7 @@ public class WebClientReactiveAuthorizationCodeTokenResponseClientTests {
 
 		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(authorizationCodeGrantRequest()).block())
 				.isInstanceOfSatisfying(OAuth2AuthorizationException.class,
-						e -> assertThat(e.getError().getErrorCode()).isEqualTo("unauthorized_client"))
+						(e) -> assertThat(e.getError().getErrorCode()).isEqualTo("unauthorized_client"))
 				.hasMessageContaining("unauthorized_client");
 	}
 
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveClientCredentialsTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveClientCredentialsTokenResponseClientTests.java
index b28b286f59..46ce905b07 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveClientCredentialsTokenResponseClientTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveClientCredentialsTokenResponseClientTests.java
@@ -149,7 +149,7 @@ public class WebClientReactiveClientCredentialsTokenResponseClientTests {
 
 		assertThatThrownBy(() -> this.client.getTokenResponse(request).block())
 				.isInstanceOfSatisfying(OAuth2AuthorizationException.class,
-						e -> assertThat(e.getError().getErrorCode()).isEqualTo("invalid_token_response"))
+						(e) -> assertThat(e.getError().getErrorCode()).isEqualTo("invalid_token_response"))
 				.hasMessageContaining("[invalid_token_response]")
 				.hasMessageContaining("Empty OAuth 2.0 Access Token Response");
 
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactivePasswordTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactivePasswordTokenResponseClientTests.java
index b5ff9d5fae..a131e93910 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactivePasswordTokenResponseClientTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactivePasswordTokenResponseClientTests.java
@@ -149,7 +149,7 @@ public class WebClientReactivePasswordTokenResponseClientTests {
 
 		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(passwordGrantRequest).block())
 				.isInstanceOfSatisfying(OAuth2AuthorizationException.class,
-						e -> assertThat(e.getError().getErrorCode()).isEqualTo("invalid_token_response"))
+						(e) -> assertThat(e.getError().getErrorCode()).isEqualTo("invalid_token_response"))
 				.hasMessageContaining("[invalid_token_response]")
 				.hasMessageContaining("An error occurred parsing the Access Token response")
 				.hasCauseInstanceOf(Throwable.class);
@@ -185,7 +185,7 @@ public class WebClientReactivePasswordTokenResponseClientTests {
 
 		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(passwordGrantRequest).block())
 				.isInstanceOfSatisfying(OAuth2AuthorizationException.class,
-						e -> assertThat(e.getError().getErrorCode()).isEqualTo("unauthorized_client"))
+						(e) -> assertThat(e.getError().getErrorCode()).isEqualTo("unauthorized_client"))
 				.hasMessageContaining("[unauthorized_client]");
 	}
 
@@ -198,7 +198,7 @@ public class WebClientReactivePasswordTokenResponseClientTests {
 
 		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(passwordGrantRequest).block())
 				.isInstanceOfSatisfying(OAuth2AuthorizationException.class,
-						e -> assertThat(e.getError().getErrorCode()).isEqualTo("invalid_token_response"))
+						(e) -> assertThat(e.getError().getErrorCode()).isEqualTo("invalid_token_response"))
 				.hasMessageContaining("[invalid_token_response]")
 				.hasMessageContaining("Empty OAuth 2.0 Access Token Response");
 	}
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveRefreshTokenTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveRefreshTokenTokenResponseClientTests.java
index 57fc0de01d..4599d702e6 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveRefreshTokenTokenResponseClientTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveRefreshTokenTokenResponseClientTests.java
@@ -189,7 +189,7 @@ public class WebClientReactiveRefreshTokenTokenResponseClientTests {
 
 		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(refreshTokenGrantRequest).block())
 				.isInstanceOfSatisfying(OAuth2AuthorizationException.class,
-						e -> assertThat(e.getError().getErrorCode()).isEqualTo("unauthorized_client"))
+						(e) -> assertThat(e.getError().getErrorCode()).isEqualTo("unauthorized_client"))
 				.hasMessageContaining("[unauthorized_client]");
 	}
 
@@ -202,7 +202,7 @@ public class WebClientReactiveRefreshTokenTokenResponseClientTests {
 
 		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(refreshTokenGrantRequest).block())
 				.isInstanceOfSatisfying(OAuth2AuthorizationException.class,
-						e -> assertThat(e.getError().getErrorCode()).isEqualTo("invalid_token_response"))
+						(e) -> assertThat(e.getError().getErrorCode()).isEqualTo("invalid_token_response"))
 				.hasMessageContaining("[invalid_token_response]")
 				.hasMessageContaining("Empty OAuth 2.0 Access Token Response");
 	}
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationTokenMixinTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationTokenMixinTests.java
index d1cb9de693..42c4c66a25 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationTokenMixinTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationTokenMixinTests.java
@@ -267,7 +267,7 @@ public class OAuth2AuthenticationTokenMixinTests {
 	private static String asJson(List<SimpleGrantedAuthority> simpleAuthorities) {
 		// @formatter:off
 		return simpleAuthorities.stream()
-				.map(authority -> "{\n" +
+				.map((authority) -> "{\n" +
 						"        \"@class\": \"org.springframework.security.core.authority.SimpleGrantedAuthority\",\n" +
 						"        \"authority\": \"" + authority.getAuthority() + "\"\n" +
 						"      }")
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizationRequestMixinTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizationRequestMixinTests.java
index 06e51a0d04..e7e3bd7919 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizationRequestMixinTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizationRequestMixinTests.java
@@ -139,14 +139,14 @@ public class OAuth2AuthorizationRequestMixinTests {
 		}
 		String additionalParameters = "\"@class\": \"java.util.Collections$UnmodifiableMap\"";
 		if (!CollectionUtils.isEmpty(authorizationRequest.getAdditionalParameters())) {
-			additionalParameters += "," + authorizationRequest.getAdditionalParameters().keySet().stream()
-					.map(key -> "\"" + key + "\": \"" + authorizationRequest.getAdditionalParameters().get(key) + "\"")
+			additionalParameters += "," + authorizationRequest.getAdditionalParameters().keySet().stream().map(
+					(key) -> "\"" + key + "\": \"" + authorizationRequest.getAdditionalParameters().get(key) + "\"")
 					.collect(Collectors.joining(","));
 		}
 		String attributes = "\"@class\": \"java.util.Collections$UnmodifiableMap\"";
 		if (!CollectionUtils.isEmpty(authorizationRequest.getAttributes())) {
 			attributes += "," + authorizationRequest.getAttributes().keySet().stream()
-					.map(key -> "\"" + key + "\": \"" + authorizationRequest.getAttributes().get(key) + "\"")
+					.map((key) -> "\"" + key + "\": \"" + authorizationRequest.getAttributes().get(key) + "\"")
 					.collect(Collectors.joining(","));
 		}
 		// @formatter:off
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizedClientMixinTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizedClientMixinTests.java
index 45aa8e959d..1fe9558934 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizedClientMixinTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizedClientMixinTests.java
@@ -215,7 +215,7 @@ public class OAuth2AuthorizedClientMixinTests {
 		String configurationMetadata = "\"@class\": \"java.util.Collections$UnmodifiableMap\"";
 		if (!CollectionUtils.isEmpty(providerDetails.getConfigurationMetadata())) {
 			configurationMetadata += "," + providerDetails.getConfigurationMetadata().keySet().stream()
-					.map(key -> "\"" + key + "\": \"" + providerDetails.getConfigurationMetadata().get(key) + "\"")
+					.map((key) -> "\"" + key + "\": \"" + providerDetails.getConfigurationMetadata().get(key) + "\"")
 					.collect(Collectors.joining(","));
 		}
 		// @formatter:off
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProviderTests.java
index 56cf74b35e..2246bed695 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProviderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProviderTests.java
@@ -232,7 +232,7 @@ public class OidcAuthorizationCodeAuthenticationProviderTests {
 
 		JwtDecoder jwtDecoder = mock(JwtDecoder.class);
 		given(jwtDecoder.decode(anyString())).willThrow(new JwtException("ID Token Validation Error"));
-		this.authenticationProvider.setJwtDecoderFactory(registration -> jwtDecoder);
+		this.authenticationProvider.setJwtDecoderFactory((registration) -> jwtDecoder);
 
 		this.authenticationProvider
 				.authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, this.authorizationExchange));
@@ -267,7 +267,7 @@ public class OidcAuthorizationCodeAuthenticationProviderTests {
 
 		OidcUser principal = mock(OidcUser.class);
 		List<GrantedAuthority> authorities = AuthorityUtils.createAuthorityList("ROLE_USER");
-		given(principal.getAuthorities()).willAnswer((Answer<List<GrantedAuthority>>) invocation -> authorities);
+		given(principal.getAuthorities()).willAnswer((Answer<List<GrantedAuthority>>) (invocation) -> authorities);
 		given(this.userService.loadUser(any())).willReturn(principal);
 
 		OAuth2LoginAuthenticationToken authentication = (OAuth2LoginAuthenticationToken) this.authenticationProvider
@@ -295,13 +295,13 @@ public class OidcAuthorizationCodeAuthenticationProviderTests {
 
 		OidcUser principal = mock(OidcUser.class);
 		List<GrantedAuthority> authorities = AuthorityUtils.createAuthorityList("ROLE_USER");
-		given(principal.getAuthorities()).willAnswer((Answer<List<GrantedAuthority>>) invocation -> authorities);
+		given(principal.getAuthorities()).willAnswer((Answer<List<GrantedAuthority>>) (invocation) -> authorities);
 		given(this.userService.loadUser(any())).willReturn(principal);
 
 		List<GrantedAuthority> mappedAuthorities = AuthorityUtils.createAuthorityList("ROLE_OIDC_USER");
 		GrantedAuthoritiesMapper authoritiesMapper = mock(GrantedAuthoritiesMapper.class);
 		given(authoritiesMapper.mapAuthorities(anyCollection()))
-				.willAnswer((Answer<List<GrantedAuthority>>) invocation -> mappedAuthorities);
+				.willAnswer((Answer<List<GrantedAuthority>>) (invocation) -> mappedAuthorities);
 		this.authenticationProvider.setAuthoritiesMapper(authoritiesMapper);
 
 		OAuth2LoginAuthenticationToken authentication = (OAuth2LoginAuthenticationToken) this.authenticationProvider
@@ -323,7 +323,7 @@ public class OidcAuthorizationCodeAuthenticationProviderTests {
 
 		OidcUser principal = mock(OidcUser.class);
 		List<GrantedAuthority> authorities = AuthorityUtils.createAuthorityList("ROLE_USER");
-		given(principal.getAuthorities()).willAnswer((Answer<List<GrantedAuthority>>) invocation -> authorities);
+		given(principal.getAuthorities()).willAnswer((Answer<List<GrantedAuthority>>) (invocation) -> authorities);
 		ArgumentCaptor<OidcUserRequest> userRequestArgCaptor = ArgumentCaptor.forClass(OidcUserRequest.class);
 		given(this.userService.loadUser(userRequestArgCaptor.capture())).willReturn(principal);
 
@@ -335,10 +335,10 @@ public class OidcAuthorizationCodeAuthenticationProviderTests {
 	}
 
 	private void setUpIdToken(Map<String, Object> claims) {
-		Jwt idToken = TestJwts.jwt().claims(c -> c.putAll(claims)).build();
+		Jwt idToken = TestJwts.jwt().claims((c) -> c.putAll(claims)).build();
 		JwtDecoder jwtDecoder = mock(JwtDecoder.class);
 		given(jwtDecoder.decode(anyString())).willReturn(idToken);
-		this.authenticationProvider.setJwtDecoderFactory(registration -> jwtDecoder);
+		this.authenticationProvider.setJwtDecoderFactory((registration) -> jwtDecoder);
 	}
 
 	private OAuth2AccessTokenResponse accessTokenSuccessResponse() {
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManagerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManagerTests.java
index eb87575457..ceb35a8a25 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManagerTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManagerTests.java
@@ -174,7 +174,7 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests {
 		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse));
 
 		given(this.jwtDecoder.decode(any())).willThrow(new JwtException("ID Token Validation Error"));
-		this.manager.setJwtDecoderFactory(c -> this.jwtDecoder);
+		this.manager.setJwtDecoderFactory((c) -> this.jwtDecoder);
 
 		assertThatThrownBy(() -> this.manager.authenticate(loginToken()).block())
 				.isInstanceOf(OAuth2AuthenticationException.class)
@@ -195,11 +195,11 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests {
 		claims.put(IdTokenClaimNames.SUB, "sub");
 		claims.put(IdTokenClaimNames.AUD, Arrays.asList("client-id"));
 		claims.put(IdTokenClaimNames.NONCE, "invalid-nonce-hash");
-		Jwt idToken = TestJwts.jwt().claims(c -> c.putAll(claims)).build();
+		Jwt idToken = TestJwts.jwt().claims((c) -> c.putAll(claims)).build();
 
 		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse));
 		given(this.jwtDecoder.decode(any())).willReturn(Mono.just(idToken));
-		this.manager.setJwtDecoderFactory(c -> this.jwtDecoder);
+		this.manager.setJwtDecoderFactory((c) -> this.jwtDecoder);
 
 		assertThatThrownBy(() -> this.manager.authenticate(authorizationCodeAuthentication).block())
 				.isInstanceOf(OAuth2AuthenticationException.class).hasMessageContaining("[invalid_nonce]");
@@ -220,12 +220,12 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests {
 		claims.put(IdTokenClaimNames.SUB, "rob");
 		claims.put(IdTokenClaimNames.AUD, Arrays.asList("client-id"));
 		claims.put(IdTokenClaimNames.NONCE, this.nonceHash);
-		Jwt idToken = TestJwts.jwt().claims(c -> c.putAll(claims)).build();
+		Jwt idToken = TestJwts.jwt().claims((c) -> c.putAll(claims)).build();
 
 		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse));
 		given(this.userService.loadUser(any())).willReturn(Mono.empty());
 		given(this.jwtDecoder.decode(any())).willReturn(Mono.just(idToken));
-		this.manager.setJwtDecoderFactory(c -> this.jwtDecoder);
+		this.manager.setJwtDecoderFactory((c) -> this.jwtDecoder);
 		assertThat(this.manager.authenticate(authorizationCodeAuthentication).block()).isNull();
 	}
 
@@ -243,13 +243,13 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests {
 		claims.put(IdTokenClaimNames.SUB, "rob");
 		claims.put(IdTokenClaimNames.AUD, Arrays.asList("client-id"));
 		claims.put(IdTokenClaimNames.NONCE, this.nonceHash);
-		Jwt idToken = TestJwts.jwt().claims(c -> c.putAll(claims)).build();
+		Jwt idToken = TestJwts.jwt().claims((c) -> c.putAll(claims)).build();
 
 		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse));
 		DefaultOidcUser user = new DefaultOidcUser(AuthorityUtils.createAuthorityList("ROLE_USER"), this.idToken);
 		given(this.userService.loadUser(any())).willReturn(Mono.just(user));
 		given(this.jwtDecoder.decode(any())).willReturn(Mono.just(idToken));
-		this.manager.setJwtDecoderFactory(c -> this.jwtDecoder);
+		this.manager.setJwtDecoderFactory((c) -> this.jwtDecoder);
 
 		OAuth2LoginAuthenticationToken result = (OAuth2LoginAuthenticationToken) this.manager
 				.authenticate(authorizationCodeAuthentication).block();
@@ -274,13 +274,13 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests {
 		claims.put(IdTokenClaimNames.SUB, "rob");
 		claims.put(IdTokenClaimNames.AUD, Arrays.asList("client-id"));
 		claims.put(IdTokenClaimNames.NONCE, this.nonceHash);
-		Jwt idToken = TestJwts.jwt().claims(c -> c.putAll(claims)).build();
+		Jwt idToken = TestJwts.jwt().claims((c) -> c.putAll(claims)).build();
 
 		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse));
 		DefaultOidcUser user = new DefaultOidcUser(AuthorityUtils.createAuthorityList("ROLE_USER"), this.idToken);
 		given(this.userService.loadUser(any())).willReturn(Mono.just(user));
 		given(this.jwtDecoder.decode(any())).willReturn(Mono.just(idToken));
-		this.manager.setJwtDecoderFactory(c -> this.jwtDecoder);
+		this.manager.setJwtDecoderFactory((c) -> this.jwtDecoder);
 
 		OAuth2LoginAuthenticationToken result = (OAuth2LoginAuthenticationToken) this.manager
 				.authenticate(authorizationCodeAuthentication).block();
@@ -309,14 +309,14 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests {
 		claims.put(IdTokenClaimNames.SUB, "rob");
 		claims.put(IdTokenClaimNames.AUD, Arrays.asList(clientRegistration.getClientId()));
 		claims.put(IdTokenClaimNames.NONCE, this.nonceHash);
-		Jwt idToken = TestJwts.jwt().claims(c -> c.putAll(claims)).build();
+		Jwt idToken = TestJwts.jwt().claims((c) -> c.putAll(claims)).build();
 
 		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse));
 		DefaultOidcUser user = new DefaultOidcUser(AuthorityUtils.createAuthorityList("ROLE_USER"), this.idToken);
 		ArgumentCaptor<OidcUserRequest> userRequestArgCaptor = ArgumentCaptor.forClass(OidcUserRequest.class);
 		given(this.userService.loadUser(userRequestArgCaptor.capture())).willReturn(Mono.just(user));
 		given(this.jwtDecoder.decode(any())).willReturn(Mono.just(idToken));
-		this.manager.setJwtDecoderFactory(c -> this.jwtDecoder);
+		this.manager.setJwtDecoderFactory((c) -> this.jwtDecoder);
 
 		this.manager.authenticate(authorizationCodeAuthentication).block();
 
@@ -339,7 +339,7 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests {
 		claims.put(IdTokenClaimNames.SUB, "rob");
 		claims.put(IdTokenClaimNames.AUD, Collections.singletonList(clientRegistration.getClientId()));
 		claims.put(IdTokenClaimNames.NONCE, this.nonceHash);
-		Jwt idToken = TestJwts.jwt().claims(c -> c.putAll(claims)).build();
+		Jwt idToken = TestJwts.jwt().claims((c) -> c.putAll(claims)).build();
 
 		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse));
 		DefaultOidcUser user = new DefaultOidcUser(AuthorityUtils.createAuthorityList("ROLE_USER"), this.idToken);
@@ -349,9 +349,9 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests {
 		List<GrantedAuthority> mappedAuthorities = AuthorityUtils.createAuthorityList("ROLE_OIDC_USER");
 		GrantedAuthoritiesMapper authoritiesMapper = mock(GrantedAuthoritiesMapper.class);
 		given(authoritiesMapper.mapAuthorities(anyCollection()))
-				.willAnswer((Answer<List<GrantedAuthority>>) invocation -> mappedAuthorities);
+				.willAnswer((Answer<List<GrantedAuthority>>) (invocation) -> mappedAuthorities);
 		given(this.jwtDecoder.decode(any())).willReturn(Mono.just(idToken));
-		this.manager.setJwtDecoderFactory(c -> this.jwtDecoder);
+		this.manager.setJwtDecoderFactory((c) -> this.jwtDecoder);
 		this.manager.setAuthoritiesMapper(authoritiesMapper);
 
 		Authentication result = this.manager.authenticate(authorizationCodeAuthentication).block();
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenDecoderFactoryTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenDecoderFactoryTests.java
index 36f74b3f96..38ea444a74 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenDecoderFactoryTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenDecoderFactoryTests.java
@@ -109,7 +109,7 @@ public class OidcIdTokenDecoderFactoryTests {
 
 	@Test
 	public void createDecoderWhenJwsAlgorithmEcAndJwkSetUriEmptyThenThrowOAuth2AuthenticationException() {
-		this.idTokenDecoderFactory.setJwsAlgorithmResolver(clientRegistration -> SignatureAlgorithm.ES256);
+		this.idTokenDecoderFactory.setJwsAlgorithmResolver((clientRegistration) -> SignatureAlgorithm.ES256);
 		assertThatThrownBy(() -> this.idTokenDecoderFactory.createDecoder(this.registration.jwkSetUri(null).build()))
 				.isInstanceOf(OAuth2AuthenticationException.class)
 				.hasMessage("[missing_signature_verifier] Failed to find a Signature Verifier "
@@ -119,7 +119,7 @@ public class OidcIdTokenDecoderFactoryTests {
 
 	@Test
 	public void createDecoderWhenJwsAlgorithmHmacAndClientSecretNullThenThrowOAuth2AuthenticationException() {
-		this.idTokenDecoderFactory.setJwsAlgorithmResolver(clientRegistration -> MacAlgorithm.HS256);
+		this.idTokenDecoderFactory.setJwsAlgorithmResolver((clientRegistration) -> MacAlgorithm.HS256);
 		assertThatThrownBy(() -> this.idTokenDecoderFactory.createDecoder(this.registration.clientSecret(null).build()))
 				.isInstanceOf(OAuth2AuthenticationException.class)
 				.hasMessage("[missing_signature_verifier] Failed to find a Signature Verifier "
@@ -129,7 +129,7 @@ public class OidcIdTokenDecoderFactoryTests {
 
 	@Test
 	public void createDecoderWhenJwsAlgorithmNullThenThrowOAuth2AuthenticationException() {
-		this.idTokenDecoderFactory.setJwsAlgorithmResolver(clientRegistration -> null);
+		this.idTokenDecoderFactory.setJwsAlgorithmResolver((clientRegistration) -> null);
 		assertThatThrownBy(() -> this.idTokenDecoderFactory.createDecoder(this.registration.build()))
 				.isInstanceOf(OAuth2AuthenticationException.class)
 				.hasMessage("[missing_signature_verifier] Failed to find a Signature Verifier "
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenValidatorTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenValidatorTests.java
index f7547e6b4f..8f1023628b 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenValidatorTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenValidatorTests.java
@@ -92,7 +92,7 @@ public class OidcIdTokenValidatorTests {
 	public void validateWhenIssuerNullThenHasErrors() {
 		this.claims.remove(IdTokenClaimNames.ISS);
 		assertThat(this.validateIdToken()).hasSize(1).extracting(OAuth2Error::getDescription)
-				.allMatch(msg -> msg.contains(IdTokenClaimNames.ISS));
+				.allMatch((msg) -> msg.contains(IdTokenClaimNames.ISS));
 	}
 
 	@Test
@@ -104,7 +104,7 @@ public class OidcIdTokenValidatorTests {
 		this.registration = this.registration.issuerUri("https://somethingelse.com");
 
 		assertThat(this.validateIdToken()).hasSize(1).extracting(OAuth2Error::getDescription)
-				.allMatch(msg -> msg.contains(IdTokenClaimNames.ISS));
+				.allMatch((msg) -> msg.contains(IdTokenClaimNames.ISS));
 	}
 
 	@Test
@@ -122,42 +122,42 @@ public class OidcIdTokenValidatorTests {
 	public void validateWhenSubNullThenHasErrors() {
 		this.claims.remove(IdTokenClaimNames.SUB);
 		assertThat(this.validateIdToken()).hasSize(1).extracting(OAuth2Error::getDescription)
-				.allMatch(msg -> msg.contains(IdTokenClaimNames.SUB));
+				.allMatch((msg) -> msg.contains(IdTokenClaimNames.SUB));
 	}
 
 	@Test
 	public void validateWhenAudNullThenHasErrors() {
 		this.claims.remove(IdTokenClaimNames.AUD);
 		assertThat(this.validateIdToken()).hasSize(1).extracting(OAuth2Error::getDescription)
-				.allMatch(msg -> msg.contains(IdTokenClaimNames.AUD));
+				.allMatch((msg) -> msg.contains(IdTokenClaimNames.AUD));
 	}
 
 	@Test
 	public void validateWhenIssuedAtNullThenHasErrors() {
 		this.issuedAt = null;
 		assertThat(this.validateIdToken()).hasSize(1).extracting(OAuth2Error::getDescription)
-				.allMatch(msg -> msg.contains(IdTokenClaimNames.IAT));
+				.allMatch((msg) -> msg.contains(IdTokenClaimNames.IAT));
 	}
 
 	@Test
 	public void validateWhenExpiresAtNullThenHasErrors() {
 		this.expiresAt = null;
 		assertThat(this.validateIdToken()).hasSize(1).extracting(OAuth2Error::getDescription)
-				.allMatch(msg -> msg.contains(IdTokenClaimNames.EXP));
+				.allMatch((msg) -> msg.contains(IdTokenClaimNames.EXP));
 	}
 
 	@Test
 	public void validateWhenAudMultipleAndAzpNullThenHasErrors() {
 		this.claims.put(IdTokenClaimNames.AUD, Arrays.asList("client-id", "other"));
 		assertThat(this.validateIdToken()).hasSize(1).extracting(OAuth2Error::getDescription)
-				.allMatch(msg -> msg.contains(IdTokenClaimNames.AZP));
+				.allMatch((msg) -> msg.contains(IdTokenClaimNames.AZP));
 	}
 
 	@Test
 	public void validateWhenAzpNotClientIdThenHasErrors() {
 		this.claims.put(IdTokenClaimNames.AZP, "other");
 		assertThat(this.validateIdToken()).hasSize(1).extracting(OAuth2Error::getDescription)
-				.allMatch(msg -> msg.contains(IdTokenClaimNames.AZP));
+				.allMatch((msg) -> msg.contains(IdTokenClaimNames.AZP));
 	}
 
 	@Test
@@ -172,14 +172,14 @@ public class OidcIdTokenValidatorTests {
 		this.claims.put(IdTokenClaimNames.AUD, Arrays.asList("client-id-1", "client-id-2"));
 		this.claims.put(IdTokenClaimNames.AZP, "other-client");
 		assertThat(this.validateIdToken()).hasSize(1).extracting(OAuth2Error::getDescription)
-				.allMatch(msg -> msg.contains(IdTokenClaimNames.AZP));
+				.allMatch((msg) -> msg.contains(IdTokenClaimNames.AZP));
 	}
 
 	@Test
 	public void validateWhenAudNotClientIdThenHasErrors() {
 		this.claims.put(IdTokenClaimNames.AUD, Collections.singletonList("other-client"));
 		assertThat(this.validateIdToken()).hasSize(1).extracting(OAuth2Error::getDescription)
-				.allMatch(msg -> msg.contains(IdTokenClaimNames.AUD));
+				.allMatch((msg) -> msg.contains(IdTokenClaimNames.AUD));
 	}
 
 	@Test
@@ -196,7 +196,7 @@ public class OidcIdTokenValidatorTests {
 		this.expiresAt = this.issuedAt.plus(Duration.ofSeconds(30));
 		this.clockSkew = Duration.ofSeconds(0);
 		assertThat(this.validateIdToken()).hasSize(1).extracting(OAuth2Error::getDescription)
-				.allMatch(msg -> msg.contains(IdTokenClaimNames.EXP));
+				.allMatch((msg) -> msg.contains(IdTokenClaimNames.EXP));
 	}
 
 	@Test
@@ -213,7 +213,7 @@ public class OidcIdTokenValidatorTests {
 		this.expiresAt = this.issuedAt.plus(Duration.ofSeconds(60));
 		this.clockSkew = Duration.ofMinutes(0);
 		assertThat(this.validateIdToken()).hasSize(1).extracting(OAuth2Error::getDescription)
-				.allMatch(msg -> msg.contains(IdTokenClaimNames.IAT));
+				.allMatch((msg) -> msg.contains(IdTokenClaimNames.IAT));
 	}
 
 	@Test
@@ -222,7 +222,7 @@ public class OidcIdTokenValidatorTests {
 		this.expiresAt = this.issuedAt.plus(Duration.ofSeconds(5));
 		this.clockSkew = Duration.ofSeconds(0);
 		assertThat(this.validateIdToken()).hasSize(1).extracting(OAuth2Error::getDescription)
-				.allMatch(msg -> msg.contains(IdTokenClaimNames.EXP));
+				.allMatch((msg) -> msg.contains(IdTokenClaimNames.EXP));
 	}
 
 	@Test
@@ -232,10 +232,10 @@ public class OidcIdTokenValidatorTests {
 		this.issuedAt = null;
 		this.expiresAt = null;
 		assertThat(this.validateIdToken()).hasSize(1).extracting(OAuth2Error::getDescription)
-				.allMatch(msg -> msg.contains(IdTokenClaimNames.SUB))
-				.allMatch(msg -> msg.contains(IdTokenClaimNames.AUD))
-				.allMatch(msg -> msg.contains(IdTokenClaimNames.IAT))
-				.allMatch(msg -> msg.contains(IdTokenClaimNames.EXP));
+				.allMatch((msg) -> msg.contains(IdTokenClaimNames.SUB))
+				.allMatch((msg) -> msg.contains(IdTokenClaimNames.AUD))
+				.allMatch((msg) -> msg.contains(IdTokenClaimNames.IAT))
+				.allMatch((msg) -> msg.contains(IdTokenClaimNames.EXP));
 	}
 
 	@Test
@@ -243,12 +243,12 @@ public class OidcIdTokenValidatorTests {
 		this.claims.remove(IdTokenClaimNames.SUB);
 		this.claims.remove(IdTokenClaimNames.AUD);
 		assertThat(this.validateIdToken()).hasSize(1).extracting(OAuth2Error::getDescription)
-				.allMatch(msg -> msg.equals("The ID Token contains invalid claims: {sub=null, aud=null}"));
+				.allMatch((msg) -> msg.equals("The ID Token contains invalid claims: {sub=null, aud=null}"));
 	}
 
 	private Collection<OAuth2Error> validateIdToken() {
 		Jwt idToken = Jwt.withTokenValue("token").issuedAt(this.issuedAt).expiresAt(this.expiresAt)
-				.headers(h -> h.putAll(this.headers)).claims(c -> c.putAll(this.claims)).build();
+				.headers((h) -> h.putAll(this.headers)).claims((c) -> c.putAll(this.claims)).build();
 		OidcIdTokenValidator validator = new OidcIdTokenValidator(this.registration.build());
 		validator.setClockSkew(this.clockSkew);
 		return validator.validate(idToken).getErrors();
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/ReactiveOidcIdTokenDecoderFactoryTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/ReactiveOidcIdTokenDecoderFactoryTests.java
index e4d626dde9..99d2525d1b 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/ReactiveOidcIdTokenDecoderFactoryTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/ReactiveOidcIdTokenDecoderFactoryTests.java
@@ -109,7 +109,7 @@ public class ReactiveOidcIdTokenDecoderFactoryTests {
 
 	@Test
 	public void createDecoderWhenJwsAlgorithmEcAndJwkSetUriEmptyThenThrowOAuth2AuthenticationException() {
-		this.idTokenDecoderFactory.setJwsAlgorithmResolver(clientRegistration -> SignatureAlgorithm.ES256);
+		this.idTokenDecoderFactory.setJwsAlgorithmResolver((clientRegistration) -> SignatureAlgorithm.ES256);
 		assertThatThrownBy(() -> this.idTokenDecoderFactory.createDecoder(this.registration.jwkSetUri(null).build()))
 				.isInstanceOf(OAuth2AuthenticationException.class)
 				.hasMessage("[missing_signature_verifier] Failed to find a Signature Verifier "
@@ -119,7 +119,7 @@ public class ReactiveOidcIdTokenDecoderFactoryTests {
 
 	@Test
 	public void createDecoderWhenJwsAlgorithmHmacAndClientSecretNullThenThrowOAuth2AuthenticationException() {
-		this.idTokenDecoderFactory.setJwsAlgorithmResolver(clientRegistration -> MacAlgorithm.HS256);
+		this.idTokenDecoderFactory.setJwsAlgorithmResolver((clientRegistration) -> MacAlgorithm.HS256);
 		assertThatThrownBy(() -> this.idTokenDecoderFactory.createDecoder(this.registration.clientSecret(null).build()))
 				.isInstanceOf(OAuth2AuthenticationException.class)
 				.hasMessage("[missing_signature_verifier] Failed to find a Signature Verifier "
@@ -129,7 +129,7 @@ public class ReactiveOidcIdTokenDecoderFactoryTests {
 
 	@Test
 	public void createDecoderWhenJwsAlgorithmNullThenThrowOAuth2AuthenticationException() {
-		this.idTokenDecoderFactory.setJwsAlgorithmResolver(clientRegistration -> null);
+		this.idTokenDecoderFactory.setJwsAlgorithmResolver((clientRegistration) -> null);
 		assertThatThrownBy(() -> this.idTokenDecoderFactory.createDecoder(this.registration.build()))
 				.isInstanceOf(OAuth2AuthenticationException.class)
 				.hasMessage("[missing_signature_verifier] Failed to find a Signature Verifier "
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserServiceTests.java
index 2ac7888a57..5476241816 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserServiceTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserServiceTests.java
@@ -98,7 +98,7 @@ public class DefaultReactiveOAuth2UserServiceTests {
 	public void loadUserWhenUserInfoUriIsNullThenThrowOAuth2AuthenticationException() {
 		this.clientRegistration.userInfoUri(null);
 
-		StepVerifier.create(this.userService.loadUser(oauth2UserRequest())).expectErrorSatisfies(t -> assertThat(t)
+		StepVerifier.create(this.userService.loadUser(oauth2UserRequest())).expectErrorSatisfies((t) -> assertThat(t)
 				.isInstanceOf(OAuth2AuthenticationException.class).hasMessageContaining("missing_user_info_uri"))
 				.verify();
 	}
@@ -107,7 +107,7 @@ public class DefaultReactiveOAuth2UserServiceTests {
 	public void loadUserWhenUserNameAttributeNameIsNullThenThrowOAuth2AuthenticationException() {
 		this.clientRegistration.userNameAttributeName(null);
 
-		StepVerifier.create(this.userService.loadUser(oauth2UserRequest())).expectErrorSatisfies(t -> assertThat(t)
+		StepVerifier.create(this.userService.loadUser(oauth2UserRequest())).expectErrorSatisfies((t) -> assertThat(t)
 				.isInstanceOf(OAuth2AuthenticationException.class).hasMessageContaining("missing_user_name_attribute"))
 				.verify();
 	}
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolverTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolverTests.java
index 04fe13aa16..832bce8902 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolverTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolverTests.java
@@ -458,8 +458,8 @@ public class DefaultOAuth2AuthorizationRequestResolverTests {
 		request.setServletPath(requestUri);
 
 		this.resolver.setAuthorizationRequestCustomizer(
-				customizer -> customizer.additionalParameters(params -> params.remove(OidcParameterNames.NONCE))
-						.attributes(attrs -> attrs.remove(OidcParameterNames.NONCE)));
+				(customizer) -> customizer.additionalParameters((params) -> params.remove(OidcParameterNames.NONCE))
+						.attributes((attrs) -> attrs.remove(OidcParameterNames.NONCE)));
 
 		OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request);
 		assertThat(authorizationRequest.getAdditionalParameters()).doesNotContainKey(OidcParameterNames.NONCE);
@@ -478,10 +478,11 @@ public class DefaultOAuth2AuthorizationRequestResolverTests {
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri);
 		request.setServletPath(requestUri);
 
-		this.resolver.setAuthorizationRequestCustomizer(customizer -> customizer.authorizationRequestUri(uriBuilder -> {
-			uriBuilder.queryParam("param1", "value1");
-			return uriBuilder.build();
-		}));
+		this.resolver
+				.setAuthorizationRequestCustomizer((customizer) -> customizer.authorizationRequestUri((uriBuilder) -> {
+					uriBuilder.queryParam("param1", "value1");
+					return uriBuilder.build();
+				}));
 
 		OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request);
 		assertThat(authorizationRequest.getAuthorizationRequestUri())
@@ -498,7 +499,7 @@ public class DefaultOAuth2AuthorizationRequestResolverTests {
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri);
 		request.setServletPath(requestUri);
 
-		this.resolver.setAuthorizationRequestCustomizer(customizer -> customizer.parameters(params -> {
+		this.resolver.setAuthorizationRequestCustomizer((customizer) -> customizer.parameters((params) -> {
 			params.put("appid", params.get("client_id"));
 			params.remove("client_id");
 		}));
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManagerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManagerTests.java
index 75fe20dab2..445dfa9fa6 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManagerTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManagerTests.java
@@ -194,7 +194,7 @@ public class DefaultOAuth2AuthorizedClientManagerTests {
 	@Test
 	public void authorizeWhenClientRegistrationNotFoundThenThrowIllegalArgumentException() {
 		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
-				.withClientRegistrationId("invalid-registration-id").principal(this.principal).attributes(attrs -> {
+				.withClientRegistrationId("invalid-registration-id").principal(this.principal).attributes((attrs) -> {
 					attrs.put(HttpServletRequest.class.getName(), this.request);
 					attrs.put(HttpServletResponse.class.getName(), this.response);
 				}).build();
@@ -211,7 +211,7 @@ public class DefaultOAuth2AuthorizedClientManagerTests {
 
 		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
 				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
-				.attributes(attrs -> {
+				.attributes((attrs) -> {
 					attrs.put(HttpServletRequest.class.getName(), this.request);
 					attrs.put(HttpServletResponse.class.getName(), this.response);
 				}).build();
@@ -241,7 +241,7 @@ public class DefaultOAuth2AuthorizedClientManagerTests {
 
 		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
 				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
-				.attributes(attrs -> {
+				.attributes((attrs) -> {
 					attrs.put(HttpServletRequest.class.getName(), this.request);
 					attrs.put(HttpServletResponse.class.getName(), this.response);
 				}).build();
@@ -278,7 +278,7 @@ public class DefaultOAuth2AuthorizedClientManagerTests {
 
 		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
 				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
-				.attributes(attrs -> {
+				.attributes((attrs) -> {
 					attrs.put(HttpServletRequest.class.getName(), this.request);
 					attrs.put(HttpServletResponse.class.getName(), this.response);
 				}).build();
@@ -308,7 +308,7 @@ public class DefaultOAuth2AuthorizedClientManagerTests {
 				.willReturn(this.authorizedClient);
 
 		// Set custom contextAttributesMapper
-		this.authorizedClientManager.setContextAttributesMapper(authorizeRequest -> {
+		this.authorizedClientManager.setContextAttributesMapper((authorizeRequest) -> {
 			Map<String, Object> contextAttributes = new HashMap<>();
 			HttpServletRequest servletRequest = authorizeRequest.getAttribute(HttpServletRequest.class.getName());
 			String username = servletRequest.getParameter(OAuth2ParameterNames.USERNAME);
@@ -325,7 +325,7 @@ public class DefaultOAuth2AuthorizedClientManagerTests {
 
 		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
 				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
-				.attributes(attrs -> {
+				.attributes((attrs) -> {
 					attrs.put(HttpServletRequest.class.getName(), this.request);
 					attrs.put(HttpServletResponse.class.getName(), this.response);
 				}).build();
@@ -344,7 +344,7 @@ public class DefaultOAuth2AuthorizedClientManagerTests {
 	@Test
 	public void reauthorizeWhenUnsupportedProviderThenNotReauthorized() {
 		OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient)
-				.principal(this.principal).attributes(attrs -> {
+				.principal(this.principal).attributes((attrs) -> {
 					attrs.put(HttpServletRequest.class.getName(), this.request);
 					attrs.put(HttpServletResponse.class.getName(), this.response);
 				}).build();
@@ -374,7 +374,7 @@ public class DefaultOAuth2AuthorizedClientManagerTests {
 				.willReturn(reauthorizedClient);
 
 		OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient)
-				.principal(this.principal).attributes(attrs -> {
+				.principal(this.principal).attributes((attrs) -> {
 					attrs.put(HttpServletRequest.class.getName(), this.request);
 					attrs.put(HttpServletResponse.class.getName(), this.response);
 				}).build();
@@ -410,7 +410,7 @@ public class DefaultOAuth2AuthorizedClientManagerTests {
 		this.request.addParameter(OAuth2ParameterNames.SCOPE, "read write");
 
 		OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient)
-				.principal(this.principal).attributes(attrs -> {
+				.principal(this.principal).attributes((attrs) -> {
 					attrs.put(HttpServletRequest.class.getName(), this.request);
 					attrs.put(HttpServletResponse.class.getName(), this.response);
 				}).build();
@@ -434,7 +434,7 @@ public class DefaultOAuth2AuthorizedClientManagerTests {
 				.willThrow(authorizationException);
 
 		OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient)
-				.principal(this.principal).attributes(attrs -> {
+				.principal(this.principal).attributes((attrs) -> {
 					attrs.put(HttpServletRequest.class.getName(), this.request);
 					attrs.put(HttpServletResponse.class.getName(), this.response);
 				}).build();
@@ -457,7 +457,7 @@ public class DefaultOAuth2AuthorizedClientManagerTests {
 				.willThrow(authorizationException);
 
 		OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient)
-				.principal(this.principal).attributes(attrs -> {
+				.principal(this.principal).attributes((attrs) -> {
 					attrs.put(HttpServletRequest.class.getName(), this.request);
 					attrs.put(HttpServletResponse.class.getName(), this.response);
 				}).build();
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultReactiveOAuth2AuthorizedClientManagerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultReactiveOAuth2AuthorizedClientManagerTests.java
index 838f1b3205..0548e9fbff 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultReactiveOAuth2AuthorizedClientManagerTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultReactiveOAuth2AuthorizedClientManagerTests.java
@@ -498,8 +498,8 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests {
 				.willReturn(Mono.just(this.authorizedClient));
 
 		// Set custom contextAttributesMapper capable of mapping the form parameters
-		this.authorizedClientManager.setContextAttributesMapper(
-				authorizeRequest -> currentServerWebExchange().flatMap(ServerWebExchange::getFormData).map(formData -> {
+		this.authorizedClientManager.setContextAttributesMapper((authorizeRequest) -> currentServerWebExchange()
+				.flatMap(ServerWebExchange::getFormData).map((formData) -> {
 					Map<String, Object> contextAttributes = new HashMap<>();
 					String username = formData.getFirst(OAuth2ParameterNames.USERNAME);
 					contextAttributes.put(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, username);
@@ -605,8 +605,8 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests {
 	}
 
 	private Mono<ServerWebExchange> currentServerWebExchange() {
-		return Mono.subscriberContext().filter(c -> c.hasKey(ServerWebExchange.class))
-				.map(c -> c.get(ServerWebExchange.class));
+		return Mono.subscriberContext().filter((c) -> c.hasKey(ServerWebExchange.class))
+				.map((c) -> c.get(ServerWebExchange.class));
 	}
 
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilterTests.java
index af32d31d4a..4977086d0b 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilterTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilterTests.java
@@ -445,7 +445,7 @@ public class OAuth2AuthorizationCodeGrantFilterTests {
 		request.setServletPath(requestUri);
 		if (!CollectionUtils.isEmpty(parameters)) {
 			parameters.forEach(request::addParameter);
-			request.setQueryString(parameters.entrySet().stream().map(e -> e.getKey() + "=" + e.getValue())
+			request.setQueryString(parameters.entrySet().stream().map((e) -> e.getKey() + "=" + e.getValue())
 					.collect(Collectors.joining("&")));
 		}
 		return request;
@@ -465,7 +465,7 @@ public class OAuth2AuthorizationCodeGrantFilterTests {
 		authorizationResponse.addParameter(OAuth2ParameterNames.STATE, "state");
 		additionalParameters.forEach(authorizationResponse::addParameter);
 		authorizationResponse.setQueryString(authorizationResponse.getParameterMap().entrySet().stream()
-				.map(e -> e.getKey() + "=" + e.getValue()[0]).collect(Collectors.joining("&")));
+				.map((e) -> e.getKey() + "=" + e.getValue()[0]).collect(Collectors.joining("&")));
 		authorizationResponse.setSession(authorizationRequest.getSession());
 		return authorizationResponse;
 	}
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolverTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolverTests.java
index 1250f1e267..04b820fe0c 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolverTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolverTests.java
@@ -303,7 +303,7 @@ public class OAuth2AuthorizedClientArgumentResolverTests {
 		authorizedClientManager.setAuthorizedClientProvider(passwordAuthorizedClientProvider);
 
 		// Set custom contextAttributesMapper
-		authorizedClientManager.setContextAttributesMapper(authorizeRequest -> {
+		authorizedClientManager.setContextAttributesMapper((authorizeRequest) -> {
 			Map<String, Object> contextAttributes = new HashMap<>();
 			HttpServletRequest servletRequest = authorizeRequest.getAttribute(HttpServletRequest.class.getName());
 			String username = servletRequest.getParameter(OAuth2ParameterNames.USERNAME);
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionITests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionITests.java
index a1bb3d12c3..041a5283d9 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionITests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionITests.java
@@ -228,7 +228,7 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionITests {
 				.attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction
 						.clientRegistrationId(clientRegistration1.getRegistrationId()))
 				.retrieve().bodyToMono(String.class)
-				.flatMap(response -> this.webClient.get().uri(this.serverUrl)
+				.flatMap((response) -> this.webClient.get().uri(this.serverUrl)
 						.attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction
 								.clientRegistrationId(clientRegistration2.getRegistrationId()))
 						.retrieve().bodyToMono(String.class))
@@ -281,7 +281,7 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionITests {
 
 		// first try should fail, and remove the cached authorized client
 		assertThatCode(requestMono::block).isInstanceOfSatisfying(WebClientResponseException.class,
-				e -> assertThat(e.getStatusCode()).isEqualTo(HttpStatus.UNAUTHORIZED));
+				(e) -> assertThat(e.getStatusCode()).isEqualTo(HttpStatus.UNAUTHORIZED));
 
 		assertThat(this.server.getRequestCount()).isEqualTo(1);
 
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionTests.java
index 0c9bdbdb07..3896a725ed 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionTests.java
@@ -162,10 +162,12 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 	public void setup() {
 		ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider = ReactiveOAuth2AuthorizedClientProviderBuilder
 				.builder().authorizationCode()
-				.refreshToken(configurer -> configurer.accessTokenResponseClient(this.refreshTokenTokenResponseClient))
+				.refreshToken(
+						(configurer) -> configurer.accessTokenResponseClient(this.refreshTokenTokenResponseClient))
 				.clientCredentials(
-						configurer -> configurer.accessTokenResponseClient(this.clientCredentialsTokenResponseClient))
-				.password(configurer -> configurer.accessTokenResponseClient(this.passwordTokenResponseClient)).build();
+						(configurer) -> configurer.accessTokenResponseClient(this.clientCredentialsTokenResponseClient))
+				.password((configurer) -> configurer.accessTokenResponseClient(this.passwordTokenResponseClient))
+				.build();
 		this.authorizedClientManager = new DefaultReactiveOAuth2AuthorizedClientManager(
 				this.clientRegistrationRepository, this.authorizedClientRepository);
 		this.authorizedClientManager.setAuthorizedClientProvider(authorizedClientProvider);
@@ -445,7 +447,7 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 				this.authenticationCaptor.capture(), this.attributesCaptor.capture());
 
 		assertThat(this.authorizationExceptionCaptor.getValue())
-				.isInstanceOfSatisfying(ClientAuthorizationException.class, e -> {
+				.isInstanceOfSatisfying(ClientAuthorizationException.class, (e) -> {
 					assertThat(e.getClientRegistrationId()).isEqualTo(this.registration.getRegistrationId());
 					assertThat(e.getError().getErrorCode()).isEqualTo("invalid_token");
 					assertThat(e).hasNoCause();
@@ -474,7 +476,7 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		WebClientResponseException exception = WebClientResponseException.create(HttpStatus.UNAUTHORIZED.value(),
 				HttpStatus.UNAUTHORIZED.getReasonPhrase(), HttpHeaders.EMPTY, new byte[0], StandardCharsets.UTF_8);
 
-		ExchangeFunction throwingExchangeFunction = r -> Mono.error(exception);
+		ExchangeFunction throwingExchangeFunction = (r) -> Mono.error(exception);
 
 		assertThatCode(() -> this.function.filter(request, throwingExchangeFunction)
 				.subscriberContext(serverWebExchange()).block()).isEqualTo(exception);
@@ -485,7 +487,7 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 				this.authenticationCaptor.capture(), this.attributesCaptor.capture());
 
 		assertThat(this.authorizationExceptionCaptor.getValue())
-				.isInstanceOfSatisfying(ClientAuthorizationException.class, e -> {
+				.isInstanceOfSatisfying(ClientAuthorizationException.class, (e) -> {
 					assertThat(e.getClientRegistrationId()).isEqualTo(this.registration.getRegistrationId());
 					assertThat(e.getError().getErrorCode()).isEqualTo("invalid_token");
 					assertThat(e).hasCause(exception);
@@ -521,7 +523,7 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 				this.authenticationCaptor.capture(), this.attributesCaptor.capture());
 
 		assertThat(this.authorizationExceptionCaptor.getValue())
-				.isInstanceOfSatisfying(ClientAuthorizationException.class, e -> {
+				.isInstanceOfSatisfying(ClientAuthorizationException.class, (e) -> {
 					assertThat(e.getClientRegistrationId()).isEqualTo(this.registration.getRegistrationId());
 					assertThat(e.getError().getErrorCode()).isEqualTo("insufficient_scope");
 					assertThat(e).hasNoCause();
@@ -550,7 +552,7 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		WebClientResponseException exception = WebClientResponseException.create(HttpStatus.FORBIDDEN.value(),
 				HttpStatus.FORBIDDEN.getReasonPhrase(), HttpHeaders.EMPTY, new byte[0], StandardCharsets.UTF_8);
 
-		ExchangeFunction throwingExchangeFunction = r -> Mono.error(exception);
+		ExchangeFunction throwingExchangeFunction = (r) -> Mono.error(exception);
 
 		assertThatCode(() -> this.function.filter(request, throwingExchangeFunction)
 				.subscriberContext(serverWebExchange()).block()).isEqualTo(exception);
@@ -561,7 +563,7 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 				this.authenticationCaptor.capture(), this.attributesCaptor.capture());
 
 		assertThat(this.authorizationExceptionCaptor.getValue())
-				.isInstanceOfSatisfying(ClientAuthorizationException.class, e -> {
+				.isInstanceOfSatisfying(ClientAuthorizationException.class, (e) -> {
 					assertThat(e.getClientRegistrationId()).isEqualTo(this.registration.getRegistrationId());
 					assertThat(e.getError().getErrorCode()).isEqualTo("insufficient_scope");
 					assertThat(e).hasCause(exception);
@@ -603,7 +605,7 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 				this.authenticationCaptor.capture(), this.attributesCaptor.capture());
 
 		assertThat(this.authorizationExceptionCaptor.getValue())
-				.isInstanceOfSatisfying(ClientAuthorizationException.class, e -> {
+				.isInstanceOfSatisfying(ClientAuthorizationException.class, (e) -> {
 					assertThat(e.getClientRegistrationId()).isEqualTo(this.registration.getRegistrationId());
 					assertThat(e.getError().getErrorCode()).isEqualTo(OAuth2ErrorCodes.INSUFFICIENT_SCOPE);
 					assertThat(e.getError().getDescription())
@@ -635,7 +637,7 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		OAuth2AuthorizationException exception = new OAuth2AuthorizationException(
 				new OAuth2Error(OAuth2ErrorCodes.INVALID_TOKEN, null, null));
 
-		ExchangeFunction throwingExchangeFunction = r -> Mono.error(exception);
+		ExchangeFunction throwingExchangeFunction = (r) -> Mono.error(exception);
 
 		assertThatCode(() -> this.function.filter(request, throwingExchangeFunction)
 				.subscriberContext(serverWebExchange()).block()).isEqualTo(exception);
@@ -684,9 +686,9 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 				eq(authentication), any())).willReturn(Mono.empty());
 
 		// Set custom contextAttributesMapper capable of mapping the form parameters
-		this.authorizedClientManager.setContextAttributesMapper(authorizeRequest -> {
+		this.authorizedClientManager.setContextAttributesMapper((authorizeRequest) -> {
 			ServerWebExchange serverWebExchange = authorizeRequest.getAttribute(ServerWebExchange.class.getName());
-			return Mono.just(serverWebExchange).flatMap(ServerWebExchange::getFormData).map(formData -> {
+			return Mono.just(serverWebExchange).flatMap(ServerWebExchange::getFormData).map((formData) -> {
 				Map<String, Object> contextAttributes = new HashMap<>();
 				String username = formData.getFirst(OAuth2ParameterNames.USERNAME);
 				String password = formData.getFirst(OAuth2ParameterNames.PASSWORD);
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionITests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionITests.java
index e717a08a5b..7bd2bab3ae 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionITests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionITests.java
@@ -244,7 +244,7 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionITests {
 				.attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction
 						.clientRegistrationId(clientRegistration1.getRegistrationId()))
 				.retrieve().bodyToMono(String.class)
-				.flatMap(response -> this.webClient.get().uri(this.serverUrl)
+				.flatMap((response) -> this.webClient.get().uri(this.serverUrl)
 						.attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction
 								.clientRegistrationId(clientRegistration2.getRegistrationId()))
 						.retrieve().bodyToMono(String.class))
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionTests.java
index 932e3dfe2f..c486b01ec4 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionTests.java
@@ -182,10 +182,12 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		this.authentication = new TestingAuthenticationToken("test", "this");
 		OAuth2AuthorizedClientProvider authorizedClientProvider = OAuth2AuthorizedClientProviderBuilder.builder()
 				.authorizationCode()
-				.refreshToken(configurer -> configurer.accessTokenResponseClient(this.refreshTokenTokenResponseClient))
+				.refreshToken(
+						(configurer) -> configurer.accessTokenResponseClient(this.refreshTokenTokenResponseClient))
 				.clientCredentials(
-						configurer -> configurer.accessTokenResponseClient(this.clientCredentialsTokenResponseClient))
-				.password(configurer -> configurer.accessTokenResponseClient(this.passwordTokenResponseClient)).build();
+						(configurer) -> configurer.accessTokenResponseClient(this.clientCredentialsTokenResponseClient))
+				.password((configurer) -> configurer.accessTokenResponseClient(this.passwordTokenResponseClient))
+				.build();
 		this.authorizedClientManager = new DefaultOAuth2AuthorizedClientManager(this.clientRegistrationRepository,
 				this.authorizedClientRepository);
 		this.authorizedClientManager.setAuthorizedClientProvider(authorizedClientProvider);
@@ -506,7 +508,7 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 				.willReturn(registration);
 
 		// Set custom contextAttributesMapper
-		this.authorizedClientManager.setContextAttributesMapper(authorizeRequest -> {
+		this.authorizedClientManager.setContextAttributesMapper((authorizeRequest) -> {
 			Map<String, Object> contextAttributes = new HashMap<>();
 			HttpServletRequest servletRequest = authorizeRequest.getAttribute(HttpServletRequest.class.getName());
 			String username = servletRequest.getParameter(OAuth2ParameterNames.USERNAME);
@@ -658,15 +660,16 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 
 		// Default request attributes set
 		final ClientRequest request1 = ClientRequest.create(HttpMethod.GET, URI.create("https://example1.com"))
-				.attributes(attrs -> attrs.putAll(getDefaultRequestAttributes())).build();
+				.attributes((attrs) -> attrs.putAll(getDefaultRequestAttributes())).build();
 
 		// Default request attributes NOT set
 		final ClientRequest request2 = ClientRequest.create(HttpMethod.GET, URI.create("https://example2.com")).build();
 
 		Context context = context(servletRequest, servletResponse, authentication);
 
-		this.function.filter(request1, this.exchange).flatMap(response -> this.function.filter(request2, this.exchange))
-				.subscriberContext(context).block();
+		this.function.filter(request1, this.exchange)
+				.flatMap((response) -> this.function.filter(request2, this.exchange)).subscriberContext(context)
+				.block();
 
 		List<ClientRequest> requests = this.exchange.getRequests();
 		assertThat(requests).hasSize(2);
@@ -716,7 +719,7 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 				this.authenticationCaptor.capture(), this.attributesCaptor.capture());
 
 		assertThat(this.authorizationExceptionCaptor.getValue())
-				.isInstanceOfSatisfying(ClientAuthorizationException.class, e -> {
+				.isInstanceOfSatisfying(ClientAuthorizationException.class, (e) -> {
 					assertThat(e.getClientRegistrationId()).isEqualTo(this.registration.getRegistrationId());
 					assertThat(e.getError().getErrorCode()).isEqualTo(expectedErrorCode);
 					assertThat(e).hasNoCause();
@@ -756,7 +759,7 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 				this.authenticationCaptor.capture(), this.attributesCaptor.capture());
 
 		assertThat(this.authorizationExceptionCaptor.getValue())
-				.isInstanceOfSatisfying(ClientAuthorizationException.class, e -> {
+				.isInstanceOfSatisfying(ClientAuthorizationException.class, (e) -> {
 					assertThat(e.getClientRegistrationId()).isEqualTo(this.registration.getRegistrationId());
 					assertThat(e.getError().getErrorCode()).isEqualTo(OAuth2ErrorCodes.INSUFFICIENT_SCOPE);
 					assertThat(e.getError().getDescription())
@@ -799,7 +802,7 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 
 		WebClientResponseException exception = WebClientResponseException.create(httpStatus.value(),
 				httpStatus.getReasonPhrase(), HttpHeaders.EMPTY, new byte[0], StandardCharsets.UTF_8);
-		ExchangeFunction throwingExchangeFunction = r -> Mono.error(exception);
+		ExchangeFunction throwingExchangeFunction = (r) -> Mono.error(exception);
 		this.function.setAuthorizationFailureHandler(this.authorizationFailureHandler);
 
 		assertThatCode(() -> this.function.filter(request, throwingExchangeFunction).block()).isEqualTo(exception);
@@ -808,7 +811,7 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 				this.authenticationCaptor.capture(), this.attributesCaptor.capture());
 
 		assertThat(this.authorizationExceptionCaptor.getValue())
-				.isInstanceOfSatisfying(ClientAuthorizationException.class, e -> {
+				.isInstanceOfSatisfying(ClientAuthorizationException.class, (e) -> {
 					assertThat(e.getClientRegistrationId()).isEqualTo(this.registration.getRegistrationId());
 					assertThat(e.getError().getErrorCode()).isEqualTo(expectedErrorCode);
 					assertThat(e).hasCause(exception);
@@ -835,7 +838,7 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 
 		OAuth2AuthorizationException authorizationException = new OAuth2AuthorizationException(
 				new OAuth2Error(OAuth2ErrorCodes.INVALID_TOKEN));
-		ExchangeFunction throwingExchangeFunction = r -> Mono.error(authorizationException);
+		ExchangeFunction throwingExchangeFunction = (r) -> Mono.error(authorizationException);
 		this.function.setAuthorizationFailureHandler(this.authorizationFailureHandler);
 
 		assertThatCode(() -> this.function.filter(request, throwingExchangeFunction).block())
@@ -845,7 +848,7 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 				this.authenticationCaptor.capture(), this.attributesCaptor.capture());
 
 		assertThat(this.authorizationExceptionCaptor.getValue())
-				.isInstanceOfSatisfying(OAuth2AuthorizationException.class, e -> {
+				.isInstanceOfSatisfying(OAuth2AuthorizationException.class, (e) -> {
 					assertThat(e.getError().getErrorCode()).isEqualTo(authorizationException.getError().getErrorCode());
 					assertThat(e).hasNoCause();
 					assertThat(e).hasMessageContaining(OAuth2ErrorCodes.INVALID_TOKEN);
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolverTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolverTests.java
index 5307448290..a85ef616f4 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolverTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolverTests.java
@@ -146,8 +146,8 @@ public class DefaultServerOAuth2AuthorizationRequestResolverTests {
 				.willReturn(Mono.just(TestClientRegistrations.clientRegistration().scope(OidcScopes.OPENID).build()));
 
 		this.resolver.setAuthorizationRequestCustomizer(
-				customizer -> customizer.additionalParameters(params -> params.remove(OidcParameterNames.NONCE))
-						.attributes(attrs -> attrs.remove(OidcParameterNames.NONCE)));
+				(customizer) -> customizer.additionalParameters((params) -> params.remove(OidcParameterNames.NONCE))
+						.attributes((attrs) -> attrs.remove(OidcParameterNames.NONCE)));
 
 		OAuth2AuthorizationRequest authorizationRequest = resolve("/oauth2/authorization/registration-id");
 
@@ -164,10 +164,11 @@ public class DefaultServerOAuth2AuthorizationRequestResolverTests {
 		given(this.clientRegistrationRepository.findByRegistrationId(any()))
 				.willReturn(Mono.just(TestClientRegistrations.clientRegistration().scope(OidcScopes.OPENID).build()));
 
-		this.resolver.setAuthorizationRequestCustomizer(customizer -> customizer.authorizationRequestUri(uriBuilder -> {
-			uriBuilder.queryParam("param1", "value1");
-			return uriBuilder.build();
-		}));
+		this.resolver
+				.setAuthorizationRequestCustomizer((customizer) -> customizer.authorizationRequestUri((uriBuilder) -> {
+					uriBuilder.queryParam("param1", "value1");
+					return uriBuilder.build();
+				}));
 
 		OAuth2AuthorizationRequest authorizationRequest = resolve("/oauth2/authorization/registration-id");
 
@@ -182,7 +183,7 @@ public class DefaultServerOAuth2AuthorizationRequestResolverTests {
 		given(this.clientRegistrationRepository.findByRegistrationId(any()))
 				.willReturn(Mono.just(TestClientRegistrations.clientRegistration().scope(OidcScopes.OPENID).build()));
 
-		this.resolver.setAuthorizationRequestCustomizer(customizer -> customizer.parameters(params -> {
+		this.resolver.setAuthorizationRequestCustomizer((customizer) -> customizer.parameters((params) -> {
 			params.put("appid", params.get("client_id"));
 			params.remove("client_id");
 		}));
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationCodeGrantWebFilterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationCodeGrantWebFilterTests.java
index 41d9d22b97..6b1369601a 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationCodeGrantWebFilterTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationCodeGrantWebFilterTests.java
@@ -119,7 +119,7 @@ public class OAuth2AuthorizationCodeGrantWebFilterTests {
 	@Test
 	public void filterWhenNotMatchThenAuthenticationManagerNotCalled() {
 		MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/"));
-		DefaultWebFilterChain chain = new DefaultWebFilterChain(e -> e.getResponse().setComplete(),
+		DefaultWebFilterChain chain = new DefaultWebFilterChain((e) -> e.getResponse().setComplete(),
 				Collections.emptyList());
 
 		this.filter.filter(exchange, chain).block();
@@ -146,7 +146,7 @@ public class OAuth2AuthorizationCodeGrantWebFilterTests {
 
 		MockServerHttpRequest authorizationResponse = createAuthorizationResponse(authorizationRequest);
 		MockServerWebExchange exchange = MockServerWebExchange.from(authorizationResponse);
-		DefaultWebFilterChain chain = new DefaultWebFilterChain(e -> e.getResponse().setComplete(),
+		DefaultWebFilterChain chain = new DefaultWebFilterChain((e) -> e.getResponse().setComplete(),
 				Collections.emptyList());
 
 		this.filter.filter(exchange, chain).block();
@@ -178,7 +178,7 @@ public class OAuth2AuthorizationCodeGrantWebFilterTests {
 
 		MockServerHttpRequest authorizationResponse = createAuthorizationResponse(authorizationRequest);
 		MockServerWebExchange exchange = MockServerWebExchange.from(authorizationResponse);
-		DefaultWebFilterChain chain = new DefaultWebFilterChain(e -> e.getResponse().setComplete(),
+		DefaultWebFilterChain chain = new DefaultWebFilterChain((e) -> e.getResponse().setComplete(),
 				Collections.emptyList());
 
 		this.filter.filter(exchange, chain).block();
@@ -216,7 +216,7 @@ public class OAuth2AuthorizationCodeGrantWebFilterTests {
 		MockServerHttpRequest authorizationResponse = createAuthorizationResponse(
 				createAuthorizationRequest(requestUri, parametersNotMatch));
 		MockServerWebExchange exchange = MockServerWebExchange.from(authorizationResponse);
-		DefaultWebFilterChain chain = new DefaultWebFilterChain(e -> e.getResponse().setComplete(),
+		DefaultWebFilterChain chain = new DefaultWebFilterChain((e) -> e.getResponse().setComplete(),
 				Collections.emptyList());
 
 		this.filter.filter(exchange, chain).block();
@@ -260,7 +260,7 @@ public class OAuth2AuthorizationCodeGrantWebFilterTests {
 
 		MockServerHttpRequest authorizationResponse = createAuthorizationResponse(authorizationRequest);
 		MockServerWebExchange exchange = MockServerWebExchange.from(authorizationResponse);
-		DefaultWebFilterChain chain = new DefaultWebFilterChain(e -> e.getResponse().setComplete(),
+		DefaultWebFilterChain chain = new DefaultWebFilterChain((e) -> e.getResponse().setComplete(),
 				Collections.emptyList());
 
 		ServerRequestCache requestCache = mock(ServerRequestCache.class);
@@ -291,12 +291,12 @@ public class OAuth2AuthorizationCodeGrantWebFilterTests {
 
 		MockServerHttpRequest authorizationResponse = createAuthorizationResponse(authorizationRequest);
 		MockServerWebExchange exchange = MockServerWebExchange.from(authorizationResponse);
-		DefaultWebFilterChain chain = new DefaultWebFilterChain(e -> e.getResponse().setComplete(),
+		DefaultWebFilterChain chain = new DefaultWebFilterChain((e) -> e.getResponse().setComplete(),
 				Collections.emptyList());
 
 		assertThatThrownBy(() -> this.filter.filter(exchange, chain).block())
 				.isInstanceOf(OAuth2AuthenticationException.class)
-				.extracting(ex -> ((OAuth2AuthenticationException) ex).getError()).extracting("errorCode")
+				.extracting((ex) -> ((OAuth2AuthenticationException) ex).getError()).extracting("errorCode")
 				.isEqualTo("client_registration_not_found");
 		verifyNoInteractions(this.authenticationManager);
 	}
@@ -320,12 +320,12 @@ public class OAuth2AuthorizationCodeGrantWebFilterTests {
 
 		MockServerHttpRequest authorizationResponse = createAuthorizationResponse(authorizationRequest);
 		MockServerWebExchange exchange = MockServerWebExchange.from(authorizationResponse);
-		DefaultWebFilterChain chain = new DefaultWebFilterChain(e -> e.getResponse().setComplete(),
+		DefaultWebFilterChain chain = new DefaultWebFilterChain((e) -> e.getResponse().setComplete(),
 				Collections.emptyList());
 
 		assertThatThrownBy(() -> this.filter.filter(exchange, chain).block())
 				.isInstanceOf(OAuth2AuthenticationException.class)
-				.extracting(ex -> ((OAuth2AuthenticationException) ex).getError()).extracting("errorCode")
+				.extracting((ex) -> ((OAuth2AuthenticationException) ex).getError()).extracting("errorCode")
 				.isEqualTo("authorization_error");
 	}
 
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationRequestRedirectWebFilterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationRequestRedirectWebFilterTests.java
index 41852e6ff3..b18bd9442b 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationRequestRedirectWebFilterTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationRequestRedirectWebFilterTests.java
@@ -69,7 +69,7 @@ public class OAuth2AuthorizationRequestRedirectWebFilterTests {
 	public void setup() {
 		this.filter = new OAuth2AuthorizationRequestRedirectWebFilter(this.clientRepository);
 		this.filter.setAuthorizationRequestRepository(this.authzRequestRepository);
-		FilteringWebHandler webHandler = new FilteringWebHandler(e -> e.getResponse().setComplete(),
+		FilteringWebHandler webHandler = new FilteringWebHandler((e) -> e.getResponse().setComplete(),
 				Arrays.asList(this.filter));
 
 		this.client = WebTestClient.bindToWebHandler(webHandler).build();
@@ -125,7 +125,7 @@ public class OAuth2AuthorizationRequestRedirectWebFilterTests {
 	@Test
 	public void filterWhenExceptionThenRedirected() {
 		FilteringWebHandler webHandler = new FilteringWebHandler(
-				e -> Mono.error(new ClientAuthorizationRequiredException(this.registration.getRegistrationId())),
+				(e) -> Mono.error(new ClientAuthorizationRequiredException(this.registration.getRegistrationId())),
 				Arrays.asList(this.filter));
 		this.client = WebTestClient.bindToWebHandler(webHandler).build();
 		FluxExchangeResult<String> result = this.client.get().uri("https://example.com/foo").exchange().expectStatus()
@@ -137,7 +137,7 @@ public class OAuth2AuthorizationRequestRedirectWebFilterTests {
 		this.filter.setRequestCache(this.requestCache);
 		given(this.requestCache.saveRequest(any())).willReturn(Mono.empty());
 		FilteringWebHandler webHandler = new FilteringWebHandler(
-				e -> Mono.error(new ClientAuthorizationRequiredException(this.registration.getRegistrationId())),
+				(e) -> Mono.error(new ClientAuthorizationRequiredException(this.registration.getRegistrationId())),
 				Arrays.asList(this.filter));
 		this.client = WebTestClient.bindToWebHandler(webHandler).build();
 		this.client.get().uri("https://example.com/foo").exchange().expectStatus().is3xxRedirection()
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/WebSessionOAuth2ServerAuthorizationRequestRepositoryTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/WebSessionOAuth2ServerAuthorizationRequestRepositoryTests.java
index ddb447c74c..4b027dac97 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/WebSessionOAuth2ServerAuthorizationRequestRepositoryTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/WebSessionOAuth2ServerAuthorizationRequestRepositoryTests.java
@@ -75,7 +75,7 @@ public class WebSessionOAuth2ServerAuthorizationRequestRepositoryTests {
 	@Test
 	public void loadAuthorizationRequestWhenSessionAndNoRequestThenEmpty() {
 		Mono<OAuth2AuthorizationRequest> setAttrThenLoad = this.exchange.getSession().map(WebSession::getAttributes)
-				.doOnNext(attrs -> attrs.put("foo", "bar"))
+				.doOnNext((attrs) -> attrs.put("foo", "bar"))
 				.then(this.repository.loadAuthorizationRequest(this.exchange));
 
 		StepVerifier.create(setAttrThenLoad).verifyComplete();
@@ -109,7 +109,7 @@ public class WebSessionOAuth2ServerAuthorizationRequestRepositoryTests {
 				.authorizationUri("https://example.com/oauth2/authorize").clientId("client-id")
 				.redirectUri("http://localhost/client-1").state(oldState).build();
 
-		WebSessionManager sessionManager = e -> this.exchange.getSession();
+		WebSessionManager sessionManager = (e) -> this.exchange.getSession();
 
 		this.exchange = new DefaultServerWebExchange(this.exchange.getRequest(), new MockServerHttpResponse(),
 				sessionManager, ServerCodecConfigurer.create(), new AcceptHeaderLocaleContextResolver());
@@ -192,7 +192,7 @@ public class WebSessionOAuth2ServerAuthorizationRequestRepositoryTests {
 				.authorizationUri("https://example.com/oauth2/authorize").clientId("client-id")
 				.redirectUri("http://localhost/client-1").state(oldState).build();
 
-		WebSessionManager sessionManager = e -> this.exchange.getSession();
+		WebSessionManager sessionManager = (e) -> this.exchange.getSession();
 
 		this.exchange = new DefaultServerWebExchange(this.exchange.getRequest(), new MockServerHttpResponse(),
 				sessionManager, ServerCodecConfigurer.create(), new AcceptHeaderLocaleContextResolver());
@@ -226,7 +226,7 @@ public class WebSessionOAuth2ServerAuthorizationRequestRepositoryTests {
 		Map<String, Object> sessionAttrs = spy(new HashMap<>());
 		WebSession session = mock(WebSession.class);
 		given(session.getAttributes()).willReturn(sessionAttrs);
-		WebSessionManager sessionManager = e -> Mono.just(session);
+		WebSessionManager sessionManager = (e) -> Mono.just(session);
 
 		this.exchange = new DefaultServerWebExchange(this.exchange.getRequest(), new MockServerHttpResponse(),
 				sessionManager, ServerCodecConfigurer.create(), new AcceptHeaderLocaleContextResolver());
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/authentication/OAuth2LoginAuthenticationWebFilterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/authentication/OAuth2LoginAuthenticationWebFilterTests.java
index 64dfebf040..5f262d97f6 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/authentication/OAuth2LoginAuthenticationWebFilterTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/authentication/OAuth2LoginAuthenticationWebFilterTests.java
@@ -74,7 +74,7 @@ public class OAuth2LoginAuthenticationWebFilterTests {
 		this.filter = new OAuth2LoginAuthenticationWebFilter(this.authenticationManager,
 				this.authorizedClientRepository);
 		this.webFilterExchange = new WebFilterExchange(MockServerWebExchange.from(MockServerHttpRequest.get("/")),
-				new DefaultWebFilterChain(exchange -> exchange.getResponse().setComplete()));
+				new DefaultWebFilterChain((exchange) -> exchange.getResponse().setComplete()));
 		given(this.authorizedClientRepository.saveAuthorizedClient(any(), any(), any())).willReturn(Mono.empty());
 	}
 
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequest.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequest.java
index bab9ec52d7..b86c189a65 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequest.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequest.java
@@ -245,14 +245,14 @@ public final class OAuth2AuthorizationRequest implements Serializable {
 
 		private Map<String, Object> additionalParameters = new LinkedHashMap<>();
 
-		private Consumer<Map<String, Object>> parametersConsumer = params -> {
+		private Consumer<Map<String, Object>> parametersConsumer = (params) -> {
 		};
 
 		private Map<String, Object> attributes = new LinkedHashMap<>();
 
 		private String authorizationRequestUri;
 
-		private Function<UriBuilder, URI> authorizationRequestUriFunction = builder -> builder.build();
+		private Function<UriBuilder, URI> authorizationRequestUriFunction = (builder) -> builder.build();
 
 		private final DefaultUriBuilderFactory uriBuilderFactory;
 
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/http/converter/OAuth2AccessTokenResponseHttpMessageConverter.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/http/converter/OAuth2AccessTokenResponseHttpMessageConverter.java
index 54affc9e7f..f714634822 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/http/converter/OAuth2AccessTokenResponseHttpMessageConverter.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/http/converter/OAuth2AccessTokenResponseHttpMessageConverter.java
@@ -80,7 +80,7 @@ public class OAuth2AccessTokenResponseHttpMessageConverter
 			Map<String, Object> tokenResponseParameters = (Map<String, Object>) this.jsonMessageConverter
 					.read(PARAMETERIZED_RESPONSE_TYPE.getType(), null, inputMessage);
 			return this.tokenResponseConverter.convert(tokenResponseParameters.entrySet().stream()
-					.collect(Collectors.toMap(Map.Entry::getKey, entry -> String.valueOf(entry.getValue()))));
+					.collect(Collectors.toMap(Map.Entry::getKey, (entry) -> String.valueOf(entry.getValue()))));
 		}
 		catch (Exception ex) {
 			throw new HttpMessageNotReadableException(
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/http/converter/OAuth2ErrorHttpMessageConverter.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/http/converter/OAuth2ErrorHttpMessageConverter.java
index 5ea6e7edcc..9ed1069af5 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/http/converter/OAuth2ErrorHttpMessageConverter.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/http/converter/OAuth2ErrorHttpMessageConverter.java
@@ -79,7 +79,7 @@ public class OAuth2ErrorHttpMessageConverter extends AbstractHttpMessageConverte
 			Map<String, Object> errorParameters = (Map<String, Object>) this.jsonMessageConverter
 					.read(PARAMETERIZED_RESPONSE_TYPE.getType(), null, inputMessage);
 			return this.errorConverter.convert(errorParameters.entrySet().stream()
-					.collect(Collectors.toMap(Map.Entry::getKey, entry -> String.valueOf(entry.getValue()))));
+					.collect(Collectors.toMap(Map.Entry::getKey, (entry) -> String.valueOf(entry.getValue()))));
 		}
 		catch (Exception ex) {
 			throw new HttpMessageNotReadableException(
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/web/reactive/function/OAuth2AccessTokenResponseBodyExtractor.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/web/reactive/function/OAuth2AccessTokenResponseBodyExtractor.java
index 00462bd2e0..3eaf03d205 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/web/reactive/function/OAuth2AccessTokenResponseBodyExtractor.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/web/reactive/function/OAuth2AccessTokenResponseBodyExtractor.java
@@ -62,7 +62,7 @@ class OAuth2AccessTokenResponseBodyExtractor
 		};
 		BodyExtractor<Mono<Map<String, Object>>, ReactiveHttpInputMessage> delegate = BodyExtractors.toMono(type);
 		return delegate.extract(inputMessage, context)
-				.onErrorMap(e -> new OAuth2AuthorizationException(
+				.onErrorMap((e) -> new OAuth2AuthorizationException(
 						invalidTokenResponse("An error occurred parsing the Access Token response: " + e.getMessage()),
 						e))
 				.switchIfEmpty(Mono.error(() -> new OAuth2AuthorizationException(
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/converter/ClaimTypeConverterTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/converter/ClaimTypeConverterTests.java
index 9a06a8407b..c295fa2694 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/converter/ClaimTypeConverterTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/converter/ClaimTypeConverterTests.java
@@ -84,7 +84,8 @@ public class ClaimTypeConverterTests {
 
 	private static Converter<Object, ?> getConverter(TypeDescriptor targetDescriptor) {
 		final TypeDescriptor sourceDescriptor = TypeDescriptor.valueOf(Object.class);
-		return source -> ClaimConversionService.getSharedInstance().convert(source, sourceDescriptor, targetDescriptor);
+		return (source) -> ClaimConversionService.getSharedInstance().convert(source, sourceDescriptor,
+				targetDescriptor);
 	}
 
 	@Test
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequestTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequestTests.java
index e716082f58..e6c64edd15 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequestTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequestTests.java
@@ -165,7 +165,7 @@ public class OAuth2AuthorizationRequestTests {
 	public void buildWhenAuthorizationRequestUriFunctionSetThenOverridesDefault() {
 		OAuth2AuthorizationRequest authorizationRequest = OAuth2AuthorizationRequest.authorizationCode()
 				.authorizationUri(AUTHORIZATION_URI).clientId(CLIENT_ID).redirectUri(REDIRECT_URI).scopes(SCOPES)
-				.state(STATE).authorizationRequestUri(uriBuilder -> URI.create(AUTHORIZATION_URI)).build();
+				.state(STATE).authorizationRequestUri((uriBuilder) -> URI.create(AUTHORIZATION_URI)).build();
 		assertThat(authorizationRequest.getAuthorizationRequestUri()).isEqualTo(AUTHORIZATION_URI);
 	}
 
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcIdTokenBuilderTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcIdTokenBuilderTests.java
index 07ba4d5834..dc9b96c0cf 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcIdTokenBuilderTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcIdTokenBuilderTests.java
@@ -97,7 +97,7 @@ public class OidcIdTokenBuilderTests {
 	public void claimsWhenRemovingAClaimThenIsNotPresent() {
 		OidcIdToken.Builder idTokenBuilder = OidcIdToken.withTokenValue("token").claim("needs", "a claim");
 
-		OidcIdToken idToken = idTokenBuilder.subject("sub").claims(claims -> claims.remove(IdTokenClaimNames.SUB))
+		OidcIdToken idToken = idTokenBuilder.subject("sub").claims((claims) -> claims.remove(IdTokenClaimNames.SUB))
 				.build();
 		assertThat(idToken.getSubject()).isNull();
 	}
@@ -108,7 +108,7 @@ public class OidcIdTokenBuilderTests {
 
 		String name = new String("name");
 		String value = new String("value");
-		OidcIdToken idToken = idTokenBuilder.claims(claims -> claims.put(name, value)).build();
+		OidcIdToken idToken = idTokenBuilder.claims((claims) -> claims.put(name, value)).build();
 
 		assertThat(idToken.getClaims()).hasSize(1);
 		assertThat(idToken.getClaims().get(name)).isSameAs(value);
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcUserInfoBuilderTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcUserInfoBuilderTests.java
index 84bdf7f5e9..fe5a579734 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcUserInfoBuilderTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcUserInfoBuilderTests.java
@@ -59,7 +59,7 @@ public class OidcUserInfoBuilderTests {
 	public void claimsWhenRemovingAClaimThenIsNotPresent() {
 		OidcUserInfo.Builder userInfoBuilder = OidcUserInfo.builder().claim("needs", "a claim");
 
-		OidcUserInfo userInfo = userInfoBuilder.subject("sub").claims(claims -> claims.remove(IdTokenClaimNames.SUB))
+		OidcUserInfo userInfo = userInfoBuilder.subject("sub").claims((claims) -> claims.remove(IdTokenClaimNames.SUB))
 				.build();
 		assertThat(userInfo.getSubject()).isNull();
 	}
@@ -70,7 +70,7 @@ public class OidcUserInfoBuilderTests {
 
 		String name = new String("name");
 		String value = new String("value");
-		OidcUserInfo userInfo = userInfoBuilder.claims(claims -> claims.put(name, value)).build();
+		OidcUserInfo userInfo = userInfoBuilder.claims((claims) -> claims.put(name, value)).build();
 
 		assertThat(userInfo.getClaims()).hasSize(1);
 		assertThat(userInfo.getClaims().get(name)).isSameAs(value);
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/MappedJwtClaimSetConverter.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/MappedJwtClaimSetConverter.java
index b59cdfd2f8..d5c6c23670 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/MappedJwtClaimSetConverter.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/MappedJwtClaimSetConverter.java
@@ -112,7 +112,7 @@ public final class MappedJwtClaimSetConverter implements Converter<Map<String, O
 	}
 
 	private static Converter<Object, ?> getConverter(TypeDescriptor targetDescriptor) {
-		return source -> CONVERSION_SERVICE.convert(source, OBJECT_TYPE_DESCRIPTOR, targetDescriptor);
+		return (source) -> CONVERSION_SERVICE.convert(source, OBJECT_TYPE_DESCRIPTOR, targetDescriptor);
 	}
 
 	private static Instant convertInstant(Object source) {
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoder.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoder.java
index c15da7031a..aa76a21151 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoder.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoder.java
@@ -149,7 +149,7 @@ public final class NimbusJwtDecoder implements JwtDecoder {
 			Map<String, Object> headers = new LinkedHashMap<>(parsedJwt.getHeader().toJSONObject());
 			Map<String, Object> claims = this.claimSetConverter.convert(jwtClaimsSet.getClaims());
 
-			return Jwt.withTokenValue(token).headers(h -> h.putAll(headers)).claims(c -> c.putAll(claims)).build();
+			return Jwt.withTokenValue(token).headers((h) -> h.putAll(headers)).claims((c) -> c.putAll(claims)).build();
 		}
 		catch (RemoteKeySourceException ex) {
 			if (ex.getCause() instanceof ParseException) {
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoder.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoder.java
index 740e5e0307..fa457aa1e2 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoder.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoder.java
@@ -159,9 +159,10 @@ public final class NimbusReactiveJwtDecoder implements ReactiveJwtDecoder {
 
 	private Mono<Jwt> decode(JWT parsedToken) {
 		try {
-			return this.jwtProcessor.convert(parsedToken).map(set -> createJwt(parsedToken, set)).map(this::validateJwt)
-					.onErrorMap(e -> !(e instanceof IllegalStateException) && !(e instanceof JwtException),
-							e -> new JwtException("An error occurred while attempting to decode the Jwt: ", e));
+			return this.jwtProcessor.convert(parsedToken).map((set) -> createJwt(parsedToken, set))
+					.map(this::validateJwt)
+					.onErrorMap((e) -> !(e instanceof IllegalStateException) && !(e instanceof JwtException),
+							(e) -> new JwtException("An error occurred while attempting to decode the Jwt: ", e));
 		}
 		catch (JwtException ex) {
 			throw ex;
@@ -176,8 +177,8 @@ public final class NimbusReactiveJwtDecoder implements ReactiveJwtDecoder {
 			Map<String, Object> headers = new LinkedHashMap<>(parsedJwt.getHeader().toJSONObject());
 			Map<String, Object> claims = this.claimSetConverter.convert(jwtClaimsSet.getClaims());
 
-			return Jwt.withTokenValue(parsedJwt.getParsedString()).headers(h -> h.putAll(headers))
-					.claims(c -> c.putAll(claims)).build();
+			return Jwt.withTokenValue(parsedJwt.getParsedString()).headers((h) -> h.putAll(headers))
+					.claims((c) -> c.putAll(claims)).build();
 		}
 		catch (Exception ex) {
 			throw new BadJwtException("An error occurred while attempting to decode the Jwt: " + ex.getMessage(), ex);
@@ -376,10 +377,10 @@ public final class NimbusReactiveJwtDecoder implements ReactiveJwtDecoder {
 			source.setWebClient(this.webClient);
 
 			Function<JWSAlgorithm, Boolean> expectedJwsAlgorithms = getExpectedJwsAlgorithms(jwsKeySelector);
-			return jwt -> {
+			return (jwt) -> {
 				JWKSelector selector = createSelector(expectedJwsAlgorithms, jwt.getHeader());
-				return source.get(selector).onErrorMap(e -> new IllegalStateException("Could not obtain the keys", e))
-						.map(jwkList -> createClaimsSet(jwtProcessor, jwt, new JWKSecurityContext(jwkList)));
+				return source.get(selector).onErrorMap((e) -> new IllegalStateException("Could not obtain the keys", e))
+						.map((jwkList) -> createClaimsSet(jwtProcessor, jwt, new JWKSecurityContext(jwkList)));
 			};
 		}
 
@@ -478,7 +479,7 @@ public final class NimbusReactiveJwtDecoder implements ReactiveJwtDecoder {
 
 			this.jwtProcessorCustomizer.accept(jwtProcessor);
 
-			return jwt -> Mono.just(createClaimsSet(jwtProcessor, jwt, null));
+			return (jwt) -> Mono.just(createClaimsSet(jwtProcessor, jwt, null));
 		}
 
 	}
@@ -556,7 +557,7 @@ public final class NimbusReactiveJwtDecoder implements ReactiveJwtDecoder {
 
 			this.jwtProcessorCustomizer.accept(jwtProcessor);
 
-			return jwt -> Mono.just(createClaimsSet(jwtProcessor, jwt, null));
+			return (jwt) -> Mono.just(createClaimsSet(jwtProcessor, jwt, null));
 		}
 
 	}
@@ -628,11 +629,11 @@ public final class NimbusReactiveJwtDecoder implements ReactiveJwtDecoder {
 
 			this.jwtProcessorCustomizer.accept(jwtProcessor);
 
-			return jwt -> {
+			return (jwt) -> {
 				if (jwt instanceof SignedJWT) {
 					return this.jwkSource.apply((SignedJWT) jwt)
-							.onErrorMap(e -> new IllegalStateException("Could not obtain the keys", e)).collectList()
-							.map(jwks -> createClaimsSet(jwtProcessor, jwt, new JWKSecurityContext(jwks)));
+							.onErrorMap((e) -> new IllegalStateException("Could not obtain the keys", e)).collectList()
+							.map((jwks) -> createClaimsSet(jwtProcessor, jwt, new JWKSecurityContext(jwks)));
 				}
 				throw new BadJwtException("Unsupported algorithm of " + jwt.getHeader().getAlgorithm());
 			};
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveRemoteJWKSource.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveRemoteJWKSource.java
index bb2e249598..8ee61a32f8 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveRemoteJWKSource.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveRemoteJWKSource.java
@@ -55,8 +55,8 @@ class ReactiveRemoteJWKSource implements ReactiveJWKSource {
 	@Override
 	public Mono<List<JWK>> get(JWKSelector jwkSelector) {
 		return this.cachedJWKSet.get().switchIfEmpty(Mono.defer(() -> getJWKSet()))
-				.flatMap(jwkSet -> get(jwkSelector, jwkSet))
-				.switchIfEmpty(Mono.defer(() -> getJWKSet().map(jwkSet -> jwkSelector.select(jwkSet))));
+				.flatMap((jwkSet) -> get(jwkSelector, jwkSet))
+				.switchIfEmpty(Mono.defer(() -> getJWKSet().map((jwkSet) -> jwkSelector.select(jwkSet))));
 	}
 
 	private Mono<List<JWK>> get(JWKSelector jwkSelector, JWKSet jwkSet) {
@@ -96,7 +96,7 @@ class ReactiveRemoteJWKSource implements ReactiveJWKSource {
 	 */
 	private Mono<JWKSet> getJWKSet() {
 		return this.webClient.get().uri(this.jwkSetURL).retrieve().bodyToMono(String.class).map(this::parse)
-				.doOnNext(jwkSet -> this.cachedJWKSet.set(Mono.just(jwkSet))).cache();
+				.doOnNext((jwkSet) -> this.cachedJWKSet.set(Mono.just(jwkSet))).cache();
 	}
 
 	private JWKSet parse(String body) {
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtBuilderTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtBuilderTests.java
index 39db3c7598..d91c78a928 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtBuilderTests.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtBuilderTests.java
@@ -105,7 +105,7 @@ public class JwtBuilderTests {
 	public void claimsWhenRemovingAClaimThenIsNotPresent() {
 		Jwt.Builder jwtBuilder = Jwt.withTokenValue("token").claim("needs", "a claim").header("needs", "a header");
 
-		Jwt jwt = jwtBuilder.subject("sub").claims(claims -> claims.remove(JwtClaimNames.SUB)).build();
+		Jwt jwt = jwtBuilder.subject("sub").claims((claims) -> claims.remove(JwtClaimNames.SUB)).build();
 		assertThat(jwt.getSubject()).isNull();
 	}
 
@@ -115,7 +115,7 @@ public class JwtBuilderTests {
 
 		String name = new String("name");
 		String value = new String("value");
-		Jwt jwt = jwtBuilder.claims(claims -> claims.put(name, value)).build();
+		Jwt jwt = jwtBuilder.claims((claims) -> claims.put(name, value)).build();
 
 		assertThat(jwt.getClaims()).hasSize(1);
 		assertThat(jwt.getClaims().get(name)).isSameAs(value);
@@ -125,7 +125,7 @@ public class JwtBuilderTests {
 	public void headersWhenRemovingAClaimThenIsNotPresent() {
 		Jwt.Builder jwtBuilder = Jwt.withTokenValue("token").claim("needs", "a claim").header("needs", "a header");
 
-		Jwt jwt = jwtBuilder.header("alg", "none").headers(headers -> headers.remove("alg")).build();
+		Jwt jwt = jwtBuilder.header("alg", "none").headers((headers) -> headers.remove("alg")).build();
 		assertThat(jwt.getHeaders().get("alg")).isNull();
 	}
 
@@ -135,7 +135,7 @@ public class JwtBuilderTests {
 
 		String name = new String("name");
 		String value = new String("value");
-		Jwt jwt = jwtBuilder.headers(headers -> headers.put(name, value)).build();
+		Jwt jwt = jwtBuilder.headers((headers) -> headers.put(name, value)).build();
 
 		assertThat(jwt.getHeaders()).hasSize(1);
 		assertThat(jwt.getHeaders().get(name)).isSameAs(value);
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtClaimValidatorTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtClaimValidatorTests.java
index cb9881c168..26e60fed35 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtClaimValidatorTests.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtClaimValidatorTests.java
@@ -32,7 +32,7 @@ import static org.assertj.core.api.Assertions.assertThatThrownBy;
  */
 public class JwtClaimValidatorTests {
 
-	private static final Predicate<String> test = claim -> claim.equals("http://test");
+	private static final Predicate<String> test = (claim) -> claim.equals("http://test");
 
 	private final JwtClaimValidator<String> validator = new JwtClaimValidator<>(JwtClaimNames.ISS, test);
 
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtTimestampValidatorTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtTimestampValidatorTests.java
index ef3d6f8f4e..cba1158652 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtTimestampValidatorTests.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtTimestampValidatorTests.java
@@ -129,7 +129,7 @@ public class JwtTimestampValidatorTests {
 
 	@Test
 	public void validateWhenNeitherExpiryNorNotBeforeIsSpecifiedThenReturnsSuccessfulResult() {
-		Jwt jwt = TestJwts.jwt().claims(c -> c.remove(JwtClaimNames.EXP)).build();
+		Jwt jwt = TestJwts.jwt().claims((c) -> c.remove(JwtClaimNames.EXP)).build();
 
 		JwtTimestampValidator jwtValidator = new JwtTimestampValidator();
 		assertThat(jwtValidator.validate(jwt).hasErrors()).isFalse();
@@ -137,7 +137,7 @@ public class JwtTimestampValidatorTests {
 
 	@Test
 	public void validateWhenNotBeforeIsValidAndExpiryIsNotSpecifiedThenReturnsSuccessfulResult() {
-		Jwt jwt = TestJwts.jwt().claims(c -> c.remove(JwtClaimNames.EXP)).notBefore(Instant.MIN).build();
+		Jwt jwt = TestJwts.jwt().claims((c) -> c.remove(JwtClaimNames.EXP)).notBefore(Instant.MIN).build();
 
 		JwtTimestampValidator jwtValidator = new JwtTimestampValidator();
 		assertThat(jwtValidator.validate(jwt).hasErrors()).isFalse();
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderJwkSupportTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderJwkSupportTests.java
index f1fa57de9b..18a4a00aa2 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderJwkSupportTests.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderJwkSupportTests.java
@@ -104,7 +104,7 @@ public class NimbusJwtDecoderJwkSupportTests {
 	public void decodeWhenExpClaimNullThenDoesNotThrowException() {
 		NimbusJwtDecoderJwkSupport jwtDecoder = new NimbusJwtDecoderJwkSupport(JWK_SET_URL);
 		jwtDecoder.setRestOperations(mockJwkSetResponse(JWK_SET));
-		jwtDecoder.setClaimSetConverter(map -> {
+		jwtDecoder.setClaimSetConverter((map) -> {
 			Map<String, Object> claims = new HashMap<>(map);
 			claims.remove(JwtClaimNames.EXP);
 			return claims;
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderTests.java
index ce12e04584..32b04cc858 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderTests.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderTests.java
@@ -360,7 +360,7 @@ public class NimbusJwtDecoderTests {
 		NimbusJwtDecoder decoder = NimbusJwtDecoder.withPublicKey(publicKey)
 				.signatureAlgorithm(SignatureAlgorithm.RS256)
 				.jwtProcessorCustomizer(
-						p -> p.setJWSTypeVerifier(new DefaultJOSEObjectTypeVerifier<>(new JOSEObjectType("JWS"))))
+						(p) -> p.setJWSTypeVerifier(new DefaultJOSEObjectTypeVerifier<>(new JOSEObjectType("JWS"))))
 				.build();
 		assertThat(decoder.decode(signedJwt.serialize()).containsClaim(JwtClaimNames.EXP)).isNotNull();
 	}
@@ -429,7 +429,7 @@ public class NimbusJwtDecoderTests {
 		SignedJWT signedJwt = signedJwt(secretKey, header, claimsSet);
 		NimbusJwtDecoder decoder = NimbusJwtDecoder.withSecretKey(secretKey).macAlgorithm(MacAlgorithm.HS256)
 				.jwtProcessorCustomizer(
-						p -> p.setJWSTypeVerifier(new DefaultJOSEObjectTypeVerifier<>(new JOSEObjectType("JWS"))))
+						(p) -> p.setJWSTypeVerifier(new DefaultJOSEObjectTypeVerifier<>(new JOSEObjectType("JWS"))))
 				.build();
 		assertThat(decoder.decode(signedJwt.serialize()).containsClaim(JwtClaimNames.EXP)).isNotNull();
 	}
@@ -541,7 +541,7 @@ public class NimbusJwtDecoderTests {
 				.willReturn(new ResponseEntity<>(JWK_SET, HttpStatus.OK));
 		NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder.withJwkSetUri(JWK_SET_URI).restOperations(restOperations)
 				.jwtProcessorCustomizer(
-						p -> p.setJWSTypeVerifier(new DefaultJOSEObjectTypeVerifier<>(new JOSEObjectType("JWS"))))
+						(p) -> p.setJWSTypeVerifier(new DefaultJOSEObjectTypeVerifier<>(new JOSEObjectType("JWS"))))
 				.build();
 		assertThatCode(() -> jwtDecoder.decode(SIGNED_JWT)).isInstanceOf(BadJwtException.class).hasMessageContaining(
 				"An error occurred while attempting to decode the Jwt: Required JOSE header \"typ\" (type) parameter is missing");
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoderTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoderTests.java
index 7449f4381f..fb9906cffc 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoderTests.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoderTests.java
@@ -308,7 +308,7 @@ public class NimbusReactiveJwtDecoderTests {
 		WebClient webClient = mockJwkSetResponse(this.jwkSet);
 		NimbusReactiveJwtDecoder decoder = NimbusReactiveJwtDecoder.withJwkSetUri(this.jwkSetUri).webClient(webClient)
 				.jwtProcessorCustomizer(
-						p -> p.setJWSTypeVerifier(new DefaultJOSEObjectTypeVerifier<>(new JOSEObjectType("JWS"))))
+						(p) -> p.setJWSTypeVerifier(new DefaultJOSEObjectTypeVerifier<>(new JOSEObjectType("JWS"))))
 				.build();
 		assertThatCode(() -> decoder.decode(this.messageReadToken).block()).isInstanceOf(BadJwtException.class)
 				.hasRootCauseMessage("Required JOSE header \"typ\" (type) parameter is missing");
@@ -357,7 +357,7 @@ public class NimbusReactiveJwtDecoderTests {
 	public void withPublicKeyWhenUsingCustomTypeHeaderThenRefuseOmittedType() throws Exception {
 		NimbusReactiveJwtDecoder decoder = NimbusReactiveJwtDecoder.withPublicKey(key())
 				.jwtProcessorCustomizer(
-						p -> p.setJWSTypeVerifier(new DefaultJOSEObjectTypeVerifier<>(new JOSEObjectType("JWS"))))
+						(p) -> p.setJWSTypeVerifier(new DefaultJOSEObjectTypeVerifier<>(new JOSEObjectType("JWS"))))
 				.build();
 
 		AssertionsForClassTypes.assertThatCode(() -> decoder.decode(this.rsa256).block())
@@ -372,16 +372,15 @@ public class NimbusReactiveJwtDecoderTests {
 
 	@Test
 	public void withJwkSourceWhenJwtProcessorCustomizerNullThenThrowsIllegalArgumentException() {
-		assertThatCode(
-				() -> NimbusReactiveJwtDecoder.withJwkSource(jwt -> Flux.empty()).jwtProcessorCustomizer(null).build())
-						.isInstanceOf(IllegalArgumentException.class)
+		assertThatCode(() -> NimbusReactiveJwtDecoder.withJwkSource((jwt) -> Flux.empty()).jwtProcessorCustomizer(null)
+				.build()).isInstanceOf(IllegalArgumentException.class)
 						.hasMessage("jwtProcessorCustomizer cannot be null");
 	}
 
 	@Test
 	public void decodeWhenCustomJwkSourceResolutionThenDecodes() {
 		NimbusReactiveJwtDecoder decoder = NimbusReactiveJwtDecoder
-				.withJwkSource(jwt -> Flux.fromIterable(parseJWKSet(this.jwkSet).getKeys())).build();
+				.withJwkSource((jwt) -> Flux.fromIterable(parseJWKSet(this.jwkSet).getKeys())).build();
 
 		assertThat(decoder.decode(this.messageReadToken).block()).extracting(Jwt::getExpiresAt).isNotNull();
 	}
@@ -389,9 +388,9 @@ public class NimbusReactiveJwtDecoderTests {
 	// gh-8730
 	@Test
 	public void withJwkSourceWhenUsingCustomTypeHeaderThenRefuseOmittedType() {
-		NimbusReactiveJwtDecoder decoder = NimbusReactiveJwtDecoder.withJwkSource(jwt -> Flux.empty())
+		NimbusReactiveJwtDecoder decoder = NimbusReactiveJwtDecoder.withJwkSource((jwt) -> Flux.empty())
 				.jwtProcessorCustomizer(
-						p -> p.setJWSTypeVerifier(new DefaultJOSEObjectTypeVerifier<>(new JOSEObjectType("JWS"))))
+						(p) -> p.setJWSTypeVerifier(new DefaultJOSEObjectTypeVerifier<>(new JOSEObjectType("JWS"))))
 				.build();
 
 		assertThatCode(() -> decoder.decode(this.messageReadToken).block()).isInstanceOf(BadJwtException.class)
@@ -437,7 +436,7 @@ public class NimbusReactiveJwtDecoderTests {
 		SecretKey secretKey = TestKeys.DEFAULT_SECRET_KEY;
 		NimbusReactiveJwtDecoder decoder = NimbusReactiveJwtDecoder.withSecretKey(secretKey)
 				.jwtProcessorCustomizer(
-						p -> p.setJWSTypeVerifier(new DefaultJOSEObjectTypeVerifier<>(new JOSEObjectType("JWS"))))
+						(p) -> p.setJWSTypeVerifier(new DefaultJOSEObjectTypeVerifier<>(new JOSEObjectType("JWS"))))
 				.build();
 		assertThatCode(() -> decoder.decode(this.messageReadToken).block()).isInstanceOf(BadJwtException.class)
 				.hasRootCauseMessage("Required JOSE header \"typ\" (type) parameter is missing");
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/BearerTokenError.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/BearerTokenError.java
index 59fe9f399c..0fa0463d5c 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/BearerTokenError.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/BearerTokenError.java
@@ -89,22 +89,22 @@ public final class BearerTokenError extends OAuth2Error {
 	}
 
 	private static boolean isDescriptionValid(String description) {
-		return description == null || description.chars().allMatch(c -> withinTheRangeOf(c, 0x20, 0x21)
+		return description == null || description.chars().allMatch((c) -> withinTheRangeOf(c, 0x20, 0x21)
 				|| withinTheRangeOf(c, 0x23, 0x5B) || withinTheRangeOf(c, 0x5D, 0x7E));
 	}
 
 	private static boolean isErrorCodeValid(String errorCode) {
-		return errorCode.chars().allMatch(c -> withinTheRangeOf(c, 0x20, 0x21) || withinTheRangeOf(c, 0x23, 0x5B)
+		return errorCode.chars().allMatch((c) -> withinTheRangeOf(c, 0x20, 0x21) || withinTheRangeOf(c, 0x23, 0x5B)
 				|| withinTheRangeOf(c, 0x5D, 0x7E));
 	}
 
 	private static boolean isErrorUriValid(String errorUri) {
 		return errorUri == null || errorUri.chars()
-				.allMatch(c -> c == 0x21 || withinTheRangeOf(c, 0x23, 0x5B) || withinTheRangeOf(c, 0x5D, 0x7E));
+				.allMatch((c) -> c == 0x21 || withinTheRangeOf(c, 0x23, 0x5B) || withinTheRangeOf(c, 0x5D, 0x7E));
 	}
 
 	private static boolean isScopeValid(String scope) {
-		return scope == null || scope.chars().allMatch(c -> withinTheRangeOf(c, 0x20, 0x21)
+		return scope == null || scope.chars().allMatch((c) -> withinTheRangeOf(c, 0x20, 0x21)
 				|| withinTheRangeOf(c, 0x23, 0x5B) || withinTheRangeOf(c, 0x5D, 0x7E));
 	}
 
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerAuthenticationManagerResolver.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerAuthenticationManagerResolver.java
index 9ae5945975..0542792f01 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerAuthenticationManagerResolver.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerAuthenticationManagerResolver.java
@@ -162,7 +162,7 @@ public final class JwtIssuerAuthenticationManagerResolver implements Authenticat
 		@Override
 		public AuthenticationManager resolve(String issuer) {
 			if (this.trustedIssuer.test(issuer)) {
-				return this.authenticationManagers.computeIfAbsent(issuer, k -> {
+				return this.authenticationManagers.computeIfAbsent(issuer, (k) -> {
 					JwtDecoder jwtDecoder = JwtDecoders.fromIssuerLocation(issuer);
 					return new JwtAuthenticationProvider(jwtDecoder)::authenticate;
 				});
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerReactiveAuthenticationManagerResolver.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerReactiveAuthenticationManagerResolver.java
index 422f70c0b3..e4741235e3 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerReactiveAuthenticationManagerResolver.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerReactiveAuthenticationManagerResolver.java
@@ -101,7 +101,7 @@ public final class JwtIssuerReactiveAuthenticationManagerResolver
 	 *     authenticationManagers.put("https://issuerOne.example.org", managerOne);
 	 *     authenticationManagers.put("https://issuerTwo.example.org", managerTwo);
 	 *     JwtIssuerReactiveAuthenticationManagerResolver resolver = new JwtIssuerReactiveAuthenticationManagerResolver
-	 *     	(issuer -> Mono.justOrEmpty(authenticationManagers.get(issuer));
+	 *     	((issuer) -> Mono.justOrEmpty(authenticationManagers.get(issuer));
 	 * </pre>
 	 *
 	 * The keys in the {@link Map} are the trusted issuers.
@@ -124,7 +124,7 @@ public final class JwtIssuerReactiveAuthenticationManagerResolver
 	@Override
 	public Mono<ReactiveAuthenticationManager> resolve(ServerWebExchange exchange) {
 		return this.issuerConverter.convert(exchange)
-				.flatMap(issuer -> this.issuerAuthenticationManagerResolver.resolve(issuer)
+				.flatMap((issuer) -> this.issuerAuthenticationManagerResolver.resolve(issuer)
 						.switchIfEmpty(Mono.error(() -> new InvalidBearerTokenException("Invalid issuer " + issuer))));
 	}
 
@@ -134,7 +134,7 @@ public final class JwtIssuerReactiveAuthenticationManagerResolver
 
 		@Override
 		public Mono<String> convert(@NonNull ServerWebExchange exchange) {
-			return this.converter.convert(exchange).map(convertedToken -> {
+			return this.converter.convert(exchange).map((convertedToken) -> {
 				BearerTokenAuthenticationToken token = (BearerTokenAuthenticationToken) convertedToken;
 				try {
 					String issuer = JWTParser.parse(token.getToken()).getJWTClaimsSet().getIssuer();
@@ -170,7 +170,7 @@ public final class JwtIssuerReactiveAuthenticationManagerResolver
 				return Mono.empty();
 			}
 			return this.authenticationManagers.computeIfAbsent(issuer,
-					k -> Mono.<ReactiveAuthenticationManager>fromCallable(
+					(k) -> Mono.<ReactiveAuthenticationManager>fromCallable(
 							() -> new JwtReactiveAuthenticationManager(ReactiveJwtDecoders.fromIssuerLocation(k)))
 							.subscribeOn(Schedulers.boundedElastic()).cache());
 		}
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtReactiveAuthenticationManager.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtReactiveAuthenticationManager.java
index 81018df14e..4b8641f323 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtReactiveAuthenticationManager.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtReactiveAuthenticationManager.java
@@ -52,7 +52,7 @@ public final class JwtReactiveAuthenticationManager implements ReactiveAuthentic
 
 	@Override
 	public Mono<Authentication> authenticate(Authentication authentication) {
-		return Mono.justOrEmpty(authentication).filter(a -> a instanceof BearerTokenAuthenticationToken)
+		return Mono.justOrEmpty(authentication).filter((a) -> a instanceof BearerTokenAuthenticationToken)
 				.cast(BearerTokenAuthenticationToken.class).map(BearerTokenAuthenticationToken::getToken)
 				.flatMap(this.jwtDecoder::decode).flatMap(this.jwtAuthenticationConverter::convert)
 				.cast(Authentication.class).onErrorMap(JwtException.class, this::onError);
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenReactiveAuthenticationManager.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenReactiveAuthenticationManager.java
index fe57778e28..dfd7fbd211 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenReactiveAuthenticationManager.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenReactiveAuthenticationManager.java
@@ -81,7 +81,7 @@ public class OpaqueTokenReactiveAuthenticationManager implements ReactiveAuthent
 	}
 
 	private Mono<BearerTokenAuthentication> authenticate(String token) {
-		return this.introspector.introspect(token).map(principal -> {
+		return this.introspector.introspect(token).map((principal) -> {
 			Instant iat = principal.getAttribute(OAuth2IntrospectionClaimNames.ISSUED_AT);
 			Instant exp = principal.getAttribute(OAuth2IntrospectionClaimNames.EXPIRES_AT);
 
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtAuthenticationConverter.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtAuthenticationConverter.java
index 51e80f776b..d9730174e8 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtAuthenticationConverter.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtAuthenticationConverter.java
@@ -40,7 +40,7 @@ public final class ReactiveJwtAuthenticationConverter implements Converter<Jwt,
 	@Override
 	public Mono<AbstractAuthenticationToken> convert(Jwt jwt) {
 		return this.jwtGrantedAuthoritiesConverter.convert(jwt).collectList()
-				.map(authorities -> new JwtAuthenticationToken(jwt, authorities));
+				.map((authorities) -> new JwtAuthenticationToken(jwt, authorities));
 	}
 
 	/**
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/NimbusOpaqueTokenIntrospector.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/NimbusOpaqueTokenIntrospector.java
index 992a58ad58..bbeae6fe85 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/NimbusOpaqueTokenIntrospector.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/NimbusOpaqueTokenIntrospector.java
@@ -98,7 +98,7 @@ public class NimbusOpaqueTokenIntrospector implements OpaqueTokenIntrospector {
 	}
 
 	private Converter<String, RequestEntity<?>> defaultRequestEntityConverter(URI introspectionUri) {
-		return token -> {
+		return (token) -> {
 			HttpHeaders headers = requestHeaders();
 			MultiValueMap<String, String> body = requestBody(token);
 			return new RequestEntity<>(body, headers, HttpMethod.POST, introspectionUri);
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/NimbusReactiveOpaqueTokenIntrospector.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/NimbusReactiveOpaqueTokenIntrospector.java
index 6b37ddbeb4..5a6603b8a0 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/NimbusReactiveOpaqueTokenIntrospector.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/NimbusReactiveOpaqueTokenIntrospector.java
@@ -73,7 +73,7 @@ public class NimbusReactiveOpaqueTokenIntrospector implements ReactiveOpaqueToke
 		Assert.notNull(clientSecret, "clientSecret cannot be null");
 
 		this.introspectionUri = URI.create(introspectionUri);
-		this.webClient = WebClient.builder().defaultHeaders(h -> h.setBasicAuth(clientId, clientSecret)).build();
+		this.webClient = WebClient.builder().defaultHeaders((h) -> h.setBasicAuth(clientId, clientSecret)).build();
 	}
 
 	/**
@@ -97,8 +97,8 @@ public class NimbusReactiveOpaqueTokenIntrospector implements ReactiveOpaqueToke
 	public Mono<OAuth2AuthenticatedPrincipal> introspect(String token) {
 		return Mono.just(token).flatMap(this::makeRequest).flatMap(this::adaptToNimbusResponse)
 				.map(this::parseNimbusResponse).map(this::castToNimbusSuccess)
-				.doOnNext(response -> validate(token, response)).map(this::convertClaimsSet)
-				.onErrorMap(e -> !(e instanceof OAuth2IntrospectionException), this::onError);
+				.doOnNext((response) -> validate(token, response)).map(this::convertClaimsSet)
+				.onErrorMap((e) -> !(e instanceof OAuth2IntrospectionException), this::onError);
 	}
 
 	private Mono<ClientResponse> makeRequest(String token) {
@@ -115,7 +115,7 @@ public class NimbusReactiveOpaqueTokenIntrospector implements ReactiveOpaqueToke
 					.then(Mono.error(new OAuth2IntrospectionException(
 							"Introspection endpoint responded with " + response.getStatusCode())));
 		}
-		return responseEntity.bodyToMono(String.class).doOnNext(response::setContent).map(body -> response);
+		return responseEntity.bodyToMono(String.class).doOnNext(response::setContent).map((body) -> response);
 	}
 
 	private TokenIntrospectionResponse parseNimbusResponse(HTTPResponse response) {
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationFilter.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationFilter.java
index d294fb9d48..4abad2a8df 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationFilter.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationFilter.java
@@ -85,7 +85,7 @@ public final class BearerTokenAuthenticationFilter extends OncePerRequestFilter
 	 */
 	public BearerTokenAuthenticationFilter(AuthenticationManager authenticationManager) {
 		Assert.notNull(authenticationManager, "authenticationManager cannot be null");
-		this.authenticationManagerResolver = request -> authenticationManager;
+		this.authenticationManagerResolver = (request) -> authenticationManager;
 	}
 
 	/**
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/access/server/BearerTokenServerAccessDeniedHandler.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/access/server/BearerTokenServerAccessDeniedHandler.java
index 7b0c43c0ed..a6b7884de0 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/access/server/BearerTokenServerAccessDeniedHandler.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/access/server/BearerTokenServerAccessDeniedHandler.java
@@ -63,8 +63,8 @@ public class BearerTokenServerAccessDeniedHandler implements ServerAccessDeniedH
 		}
 
 		return exchange.getPrincipal().filter(AbstractOAuth2TokenAuthenticationToken.class::isInstance)
-				.map(token -> errorMessageParameters(parameters)).switchIfEmpty(Mono.just(parameters))
-				.flatMap(params -> respond(exchange, params));
+				.map((token) -> errorMessageParameters(parameters)).switchIfEmpty(Mono.just(parameters))
+				.flatMap((params) -> respond(exchange, params));
 	}
 
 	/**
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServerBearerExchangeFilterFunction.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServerBearerExchangeFilterFunction.java
index ccf4a8c1f5..19d4839f1e 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServerBearerExchangeFilterFunction.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServerBearerExchangeFilterFunction.java
@@ -56,12 +56,12 @@ public final class ServerBearerExchangeFilterFunction implements ExchangeFilterF
 	 */
 	@Override
 	public Mono<ClientResponse> filter(ClientRequest request, ExchangeFunction next) {
-		return oauth2Token().map(token -> bearer(request, token)).defaultIfEmpty(request).flatMap(next::exchange);
+		return oauth2Token().map((token) -> bearer(request, token)).defaultIfEmpty(request).flatMap(next::exchange);
 	}
 
 	private Mono<AbstractOAuth2Token> oauth2Token() {
 		return currentAuthentication()
-				.filter(authentication -> authentication.getCredentials() instanceof AbstractOAuth2Token)
+				.filter((authentication) -> authentication.getCredentials() instanceof AbstractOAuth2Token)
 				.map(Authentication::getCredentials).cast(AbstractOAuth2Token.class);
 	}
 
@@ -70,7 +70,7 @@ public final class ServerBearerExchangeFilterFunction implements ExchangeFilterF
 	}
 
 	private ClientRequest bearer(ClientRequest request, AbstractOAuth2Token token) {
-		return ClientRequest.from(request).headers(headers -> headers.setBearerAuth(token.getTokenValue())).build();
+		return ClientRequest.from(request).headers((headers) -> headers.setBearerAuth(token.getTokenValue())).build();
 	}
 
 }
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServletBearerExchangeFilterFunction.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServletBearerExchangeFilterFunction.java
index 3e9d377678..556c326cdd 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServletBearerExchangeFilterFunction.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServletBearerExchangeFilterFunction.java
@@ -67,12 +67,12 @@ public final class ServletBearerExchangeFilterFunction implements ExchangeFilter
 	 */
 	@Override
 	public Mono<ClientResponse> filter(ClientRequest request, ExchangeFunction next) {
-		return oauth2Token().map(token -> bearer(request, token)).defaultIfEmpty(request).flatMap(next::exchange);
+		return oauth2Token().map((token) -> bearer(request, token)).defaultIfEmpty(request).flatMap(next::exchange);
 	}
 
 	private Mono<AbstractOAuth2Token> oauth2Token() {
 		return Mono.subscriberContext().flatMap(this::currentAuthentication)
-				.filter(authentication -> authentication.getCredentials() instanceof AbstractOAuth2Token)
+				.filter((authentication) -> authentication.getCredentials() instanceof AbstractOAuth2Token)
 				.map(Authentication::getCredentials).cast(AbstractOAuth2Token.class);
 	}
 
@@ -91,7 +91,7 @@ public final class ServletBearerExchangeFilterFunction implements ExchangeFilter
 	}
 
 	private ClientRequest bearer(ClientRequest request, AbstractOAuth2Token token) {
-		return ClientRequest.from(request).headers(headers -> headers.setBearerAuth(token.getTokenValue())).build();
+		return ClientRequest.from(request).headers((headers) -> headers.setBearerAuth(token.getTokenValue())).build();
 	}
 
 }
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/server/ServerBearerTokenAuthenticationConverter.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/server/ServerBearerTokenAuthenticationConverter.java
index be467f65a4..dff1306dba 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/server/ServerBearerTokenAuthenticationConverter.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/server/ServerBearerTokenAuthenticationConverter.java
@@ -54,7 +54,7 @@ public class ServerBearerTokenAuthenticationConverter implements ServerAuthentic
 
 	@Override
 	public Mono<Authentication> convert(ServerWebExchange exchange) {
-		return Mono.fromCallable(() -> token(exchange.getRequest())).map(token -> {
+		return Mono.fromCallable(() -> token(exchange.getRequest())).map((token) -> {
 			if (token.isEmpty()) {
 				BearerTokenError error = invalidTokenError();
 				throw new OAuth2AuthenticationException(error);
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/core/TestOAuth2AuthenticatedPrincipals.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/core/TestOAuth2AuthenticatedPrincipals.java
index 0876c52748..3a7e07471c 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/core/TestOAuth2AuthenticatedPrincipals.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/core/TestOAuth2AuthenticatedPrincipals.java
@@ -42,7 +42,7 @@ public final class TestOAuth2AuthenticatedPrincipals {
 	}
 
 	public static OAuth2AuthenticatedPrincipal active() {
-		return active(attributes -> {
+		return active((attributes) -> {
 		});
 	}
 
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationConverterTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationConverterTests.java
index e51eeba4c5..64e14fd6e2 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationConverterTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationConverterTests.java
@@ -63,7 +63,7 @@ public class JwtAuthenticationConverterTests {
 	public void convertWithOverriddenGrantedAuthoritiesConverter() {
 		Jwt jwt = TestJwts.jwt().claim("scope", "message:read message:write").build();
 
-		Converter<Jwt, Collection<GrantedAuthority>> grantedAuthoritiesConverter = token -> Arrays
+		Converter<Jwt, Collection<GrantedAuthority>> grantedAuthoritiesConverter = (token) -> Arrays
 				.asList(new SimpleGrantedAuthority("blah"));
 
 		this.jwtAuthenticationConverter.setJwtGrantedAuthoritiesConverter(grantedAuthoritiesConverter);
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationProviderTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationProviderTests.java
index 4d764ddbde..abbb3be03b 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationProviderTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationProviderTests.java
@@ -83,7 +83,7 @@ public class JwtAuthenticationProviderTests {
 		given(this.jwtDecoder.decode("token")).willThrow(BadJwtException.class);
 
 		assertThatCode(() -> this.provider.authenticate(token))
-				.matches(failed -> failed instanceof OAuth2AuthenticationException)
+				.matches((failed) -> failed instanceof OAuth2AuthenticationException)
 				.matches(errorCode(BearerTokenErrorCodes.INVALID_TOKEN));
 	}
 
@@ -134,7 +134,7 @@ public class JwtAuthenticationProviderTests {
 	}
 
 	private Predicate<? super Throwable> errorCode(String errorCode) {
-		return failed -> ((OAuth2AuthenticationException) failed).getError().getErrorCode() == errorCode;
+		return (failed) -> ((OAuth2AuthenticationException) failed).getError().getErrorCode() == errorCode;
 	}
 
 }
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerAuthenticationManagerResolverTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerAuthenticationManagerResolverTests.java
index 041c0a4f5a..8a4e57e1b4 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerAuthenticationManagerResolverTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerAuthenticationManagerResolverTests.java
@@ -97,7 +97,7 @@ public class JwtIssuerAuthenticationManagerResolverTests {
 	public void resolveWhenUsingCustomIssuerAuthenticationManagerResolverThenUses() {
 		AuthenticationManager authenticationManager = mock(AuthenticationManager.class);
 		JwtIssuerAuthenticationManagerResolver authenticationManagerResolver = new JwtIssuerAuthenticationManagerResolver(
-				issuer -> authenticationManager);
+				(issuer) -> authenticationManager);
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.addHeader("Authorization", "Bearer " + this.jwt);
 
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerReactiveAuthenticationManagerResolverTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerReactiveAuthenticationManagerResolverTests.java
index 1c3ffd4c09..d0dc716d5c 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerReactiveAuthenticationManagerResolverTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerReactiveAuthenticationManagerResolverTests.java
@@ -98,7 +98,7 @@ public class JwtIssuerReactiveAuthenticationManagerResolverTests {
 	public void resolveWhenUsingCustomIssuerAuthenticationManagerResolverThenUses() {
 		ReactiveAuthenticationManager authenticationManager = mock(ReactiveAuthenticationManager.class);
 		JwtIssuerReactiveAuthenticationManagerResolver authenticationManagerResolver = new JwtIssuerReactiveAuthenticationManagerResolver(
-				issuer -> Mono.just(authenticationManager));
+				(issuer) -> Mono.just(authenticationManager));
 		MockServerWebExchange exchange = withBearerToken(this.jwt);
 
 		assertThat(authenticationManagerResolver.resolve(exchange).block()).isSameAs(authenticationManager);
@@ -110,7 +110,7 @@ public class JwtIssuerReactiveAuthenticationManagerResolverTests {
 
 		Map<String, ReactiveAuthenticationManager> authenticationManagers = new HashMap<>();
 		JwtIssuerReactiveAuthenticationManagerResolver authenticationManagerResolver = new JwtIssuerReactiveAuthenticationManagerResolver(
-				issuer -> Mono.justOrEmpty(authenticationManagers.get(issuer)));
+				(issuer) -> Mono.justOrEmpty(authenticationManagers.get(issuer)));
 		assertThatCode(() -> authenticationManagerResolver.resolve(exchange).block())
 				.isInstanceOf(OAuth2AuthenticationException.class).hasMessageContaining("Invalid issuer");
 
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenAuthenticationProviderTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenAuthenticationProviderTests.java
index 1dc4b6a69a..dc4cb4bf45 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenAuthenticationProviderTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenAuthenticationProviderTests.java
@@ -50,7 +50,7 @@ public class OpaqueTokenAuthenticationProviderTests {
 	@Test
 	public void authenticateWhenActiveTokenThenOk() throws Exception {
 		OAuth2AuthenticatedPrincipal principal = TestOAuth2AuthenticatedPrincipals
-				.active(attributes -> attributes.put("extension_field", "twenty-seven"));
+				.active((attributes) -> attributes.put("extension_field", "twenty-seven"));
 		OpaqueTokenIntrospector introspector = mock(OpaqueTokenIntrospector.class);
 		given(introspector.introspect(any())).willReturn(principal);
 		OpaqueTokenAuthenticationProvider provider = new OpaqueTokenAuthenticationProvider(introspector);
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenReactiveAuthenticationManagerTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenReactiveAuthenticationManagerTests.java
index d71c354e38..2e1782bfd0 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenReactiveAuthenticationManagerTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenReactiveAuthenticationManagerTests.java
@@ -51,7 +51,7 @@ public class OpaqueTokenReactiveAuthenticationManagerTests {
 	@Test
 	public void authenticateWhenActiveTokenThenOk() throws Exception {
 		OAuth2AuthenticatedPrincipal authority = TestOAuth2AuthenticatedPrincipals
-				.active(attributes -> attributes.put("extension_field", "twenty-seven"));
+				.active((attributes) -> attributes.put("extension_field", "twenty-seven"));
 		ReactiveOpaqueTokenIntrospector introspector = mock(ReactiveOpaqueTokenIntrospector.class);
 		given(introspector.introspect(any())).willReturn(Mono.just(authority));
 		OpaqueTokenReactiveAuthenticationManager provider = new OpaqueTokenReactiveAuthenticationManager(introspector);
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtAuthenticationConverterTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtAuthenticationConverterTests.java
index d80b9f7800..0c7b24be76 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtAuthenticationConverterTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtAuthenticationConverterTests.java
@@ -63,7 +63,7 @@ public class ReactiveJwtAuthenticationConverterTests {
 	public void convertWithOverriddenGrantedAuthoritiesConverter() {
 		Jwt jwt = TestJwts.jwt().claim("scope", "message:read message:write").build();
 
-		Converter<Jwt, Flux<GrantedAuthority>> grantedAuthoritiesConverter = token -> Flux
+		Converter<Jwt, Flux<GrantedAuthority>> grantedAuthoritiesConverter = (token) -> Flux
 				.just(new SimpleGrantedAuthority("blah"));
 
 		this.jwtAuthenticationConverter.setJwtGrantedAuthoritiesConverter(grantedAuthoritiesConverter);
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtGrantedAuthoritiesConverterAdapterTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtGrantedAuthoritiesConverterAdapterTests.java
index 66c550fcfd..bfda0ea627 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtGrantedAuthoritiesConverterAdapterTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtGrantedAuthoritiesConverterAdapterTests.java
@@ -43,7 +43,7 @@ public class ReactiveJwtGrantedAuthoritiesConverterAdapterTests {
 	public void convertWithGrantedAuthoritiesConverter() {
 		Jwt jwt = TestJwts.jwt().claim("scope", "message:read message:write").build();
 
-		Converter<Jwt, Collection<GrantedAuthority>> grantedAuthoritiesConverter = token -> Arrays
+		Converter<Jwt, Collection<GrantedAuthority>> grantedAuthoritiesConverter = (token) -> Arrays
 				.asList(new SimpleGrantedAuthority("blah"));
 
 		Collection<GrantedAuthority> authorities = new ReactiveJwtGrantedAuthoritiesConverterAdapter(
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusOpaqueTokenIntrospectorTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusOpaqueTokenIntrospectorTests.java
index 8eaa70a584..1e3a601581 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusOpaqueTokenIntrospectorTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusOpaqueTokenIntrospectorTests.java
@@ -287,8 +287,8 @@ public class NimbusOpaqueTokenIntrospectorTests {
 			@Override
 			public MockResponse dispatch(RecordedRequest request) {
 				String authorization = request.getHeader(HttpHeaders.AUTHORIZATION);
-				return Optional.ofNullable(authorization).filter(a -> isAuthorized(authorization, username, password))
-						.map(a -> ok(response)).orElse(unauthorized());
+				return Optional.ofNullable(authorization).filter((a) -> isAuthorized(authorization, username, password))
+						.map((a) -> ok(response)).orElse(unauthorized());
 			}
 		};
 	}
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusReactiveOpaqueTokenIntrospectorTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusReactiveOpaqueTokenIntrospectorTests.java
index 45e3194ee1..51ffbbf947 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusReactiveOpaqueTokenIntrospectorTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusReactiveOpaqueTokenIntrospectorTests.java
@@ -238,8 +238,8 @@ public class NimbusReactiveOpaqueTokenIntrospectorTests {
 			@Override
 			public MockResponse dispatch(RecordedRequest request) {
 				String authorization = request.getHeader(HttpHeaders.AUTHORIZATION);
-				return Optional.ofNullable(authorization).filter(a -> isAuthorized(authorization, username, password))
-						.map(a -> ok(response)).orElse(unauthorized());
+				return Optional.ofNullable(authorization).filter((a) -> isAuthorized(authorization, username, password))
+						.map((a) -> ok(response)).orElse(unauthorized());
 			}
 		};
 	}
diff --git a/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationFilterTests.java b/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationFilterTests.java
index fbedaae1dc..d114122f43 100644
--- a/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationFilterTests.java
+++ b/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationFilterTests.java
@@ -64,7 +64,7 @@ public class OpenIDAuthenticationFilterTests {
 		SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
 		this.filter.setAuthenticationSuccessHandler(new SavedRequestAwareAuthenticationSuccessHandler());
 		successHandler.setDefaultTargetUrl(DEFAULT_TARGET_URL);
-		this.filter.setAuthenticationManager(a -> a);
+		this.filter.setAuthenticationManager((a) -> a);
 		this.filter.afterPropertiesSet();
 	}
 
diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/authentication/AnonymousPayloadInterceptor.java b/rsocket/src/main/java/org/springframework/security/rsocket/authentication/AnonymousPayloadInterceptor.java
index b3f9e2c9d4..e659bb6850 100644
--- a/rsocket/src/main/java/org/springframework/security/rsocket/authentication/AnonymousPayloadInterceptor.java
+++ b/rsocket/src/main/java/org/springframework/security/rsocket/authentication/AnonymousPayloadInterceptor.java
@@ -87,7 +87,7 @@ public class AnonymousPayloadInterceptor implements PayloadInterceptor, Ordered
 			return chain.next(exchange)
 					.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication))
 					.then(Mono.empty());
-		})).flatMap(securityContext -> chain.next(exchange));
+		})).flatMap((securityContext) -> chain.next(exchange));
 	}
 
 }
diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadExchangeConverter.java b/rsocket/src/main/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadExchangeConverter.java
index aaf4f1c3ac..ebc4d6cfc2 100644
--- a/rsocket/src/main/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadExchangeConverter.java
+++ b/rsocket/src/main/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadExchangeConverter.java
@@ -63,7 +63,7 @@ public class AuthenticationPayloadExchangeConverter implements PayloadExchangeAu
 		return Mono
 				.fromCallable(() -> this.metadataExtractor.extract(exchange.getPayload(),
 						AuthenticationPayloadExchangeConverter.COMPOSITE_METADATA_MIME_TYPE))
-				.flatMap(metadata -> Mono.justOrEmpty(authentication(metadata)));
+				.flatMap((metadata) -> Mono.justOrEmpty(authentication(metadata)));
 	}
 
 	private Authentication authentication(Map<String, Object> metadata) {
diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadInterceptor.java b/rsocket/src/main/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadInterceptor.java
index 6a3e94b2a6..0a0aa58777 100644
--- a/rsocket/src/main/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadInterceptor.java
+++ b/rsocket/src/main/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadInterceptor.java
@@ -73,8 +73,8 @@ public class AuthenticationPayloadInterceptor implements PayloadInterceptor, Ord
 	@Override
 	public Mono<Void> intercept(PayloadExchange exchange, PayloadInterceptorChain chain) {
 		return this.authenticationConverter.convert(exchange).switchIfEmpty(chain.next(exchange).then(Mono.empty()))
-				.flatMap(a -> this.authenticationManager.authenticate(a))
-				.flatMap(a -> onAuthenticationSuccess(chain.next(exchange), a));
+				.flatMap((a) -> this.authenticationManager.authenticate(a))
+				.flatMap((a) -> onAuthenticationSuccess(chain.next(exchange), a));
 	}
 
 	private Mono<Void> onAuthenticationSuccess(Mono<Void> payload, Authentication authentication) {
diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/authentication/BasicAuthenticationPayloadExchangeConverter.java b/rsocket/src/main/java/org/springframework/security/rsocket/authentication/BasicAuthenticationPayloadExchangeConverter.java
index 4da1b0db74..1a806c3bb8 100644
--- a/rsocket/src/main/java/org/springframework/security/rsocket/authentication/BasicAuthenticationPayloadExchangeConverter.java
+++ b/rsocket/src/main/java/org/springframework/security/rsocket/authentication/BasicAuthenticationPayloadExchangeConverter.java
@@ -47,10 +47,10 @@ public class BasicAuthenticationPayloadExchangeConverter implements PayloadExcha
 	@Override
 	public Mono<Authentication> convert(PayloadExchange exchange) {
 		return Mono.fromCallable(() -> this.metadataExtractor.extract(exchange.getPayload(), this.metadataMimetype))
-				.flatMap(metadata -> Mono
+				.flatMap((metadata) -> Mono
 						.justOrEmpty(metadata.get(UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE.toString())))
 				.cast(UsernamePasswordMetadata.class)
-				.map(credentials -> new UsernamePasswordAuthenticationToken(credentials.getUsername(),
+				.map((credentials) -> new UsernamePasswordAuthenticationToken(credentials.getUsername(),
 						credentials.getPassword()));
 	}
 
diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/authorization/AuthorizationPayloadInterceptor.java b/rsocket/src/main/java/org/springframework/security/rsocket/authorization/AuthorizationPayloadInterceptor.java
index bdaadec7eb..05b030afb7 100644
--- a/rsocket/src/main/java/org/springframework/security/rsocket/authorization/AuthorizationPayloadInterceptor.java
+++ b/rsocket/src/main/java/org/springframework/security/rsocket/authorization/AuthorizationPayloadInterceptor.java
@@ -56,11 +56,11 @@ public class AuthorizationPayloadInterceptor implements PayloadInterceptor, Orde
 
 	@Override
 	public Mono<Void> intercept(PayloadExchange exchange, PayloadInterceptorChain chain) {
-		return ReactiveSecurityContextHolder.getContext().filter(c -> c.getAuthentication() != null)
+		return ReactiveSecurityContextHolder.getContext().filter((c) -> c.getAuthentication() != null)
 				.map(SecurityContext::getAuthentication)
 				.switchIfEmpty(Mono.error(() -> new AuthenticationCredentialsNotFoundException(
 						"An Authentication (possibly AnonymousAuthenticationToken) is required.")))
-				.as(authentication -> this.authorizationManager.verify(authentication, exchange))
+				.as((authentication) -> this.authorizationManager.verify(authentication, exchange))
 				.then(chain.next(exchange));
 	}
 
diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/authorization/PayloadExchangeMatcherReactiveAuthorizationManager.java b/rsocket/src/main/java/org/springframework/security/rsocket/authorization/PayloadExchangeMatcherReactiveAuthorizationManager.java
index cd3e7015aa..13e43d15ca 100644
--- a/rsocket/src/main/java/org/springframework/security/rsocket/authorization/PayloadExchangeMatcherReactiveAuthorizationManager.java
+++ b/rsocket/src/main/java/org/springframework/security/rsocket/authorization/PayloadExchangeMatcherReactiveAuthorizationManager.java
@@ -52,9 +52,9 @@ public final class PayloadExchangeMatcherReactiveAuthorizationManager
 	@Override
 	public Mono<AuthorizationDecision> check(Mono<Authentication> authentication, PayloadExchange exchange) {
 		return Flux.fromIterable(this.mappings)
-				.concatMap(mapping -> mapping.getMatcher().matches(exchange)
-						.filter(PayloadExchangeMatcher.MatchResult::isMatch).map(r -> r.getVariables())
-						.flatMap(variables -> mapping.getEntry().check(authentication,
+				.concatMap((mapping) -> mapping.getMatcher().matches(exchange)
+						.filter(PayloadExchangeMatcher.MatchResult::isMatch).map((r) -> r.getVariables())
+						.flatMap((variables) -> mapping.getEntry().check(authentication,
 								new PayloadExchangeAuthorizationContext(exchange, variables))))
 				.next().switchIfEmpty(Mono.fromCallable(() -> new AuthorizationDecision(false)));
 	}
diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/core/ContextPayloadInterceptorChain.java b/rsocket/src/main/java/org/springframework/security/rsocket/core/ContextPayloadInterceptorChain.java
index 601abccd90..6697abc725 100644
--- a/rsocket/src/main/java/org/springframework/security/rsocket/core/ContextPayloadInterceptorChain.java
+++ b/rsocket/src/main/java/org/springframework/security/rsocket/core/ContextPayloadInterceptorChain.java
@@ -76,7 +76,7 @@ class ContextPayloadInterceptorChain implements PayloadInterceptorChain {
 	@Override
 	public Mono<Void> next(PayloadExchange exchange) {
 		return Mono.defer(() -> shouldIntercept() ? this.currentInterceptor.intercept(exchange, this.next)
-				: Mono.subscriberContext().doOnNext(c -> this.context = c).then());
+				: Mono.subscriberContext().doOnNext((c) -> this.context = c).then());
 	}
 
 	Context getContext() {
diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/core/PayloadInterceptorRSocket.java b/rsocket/src/main/java/org/springframework/security/rsocket/core/PayloadInterceptorRSocket.java
index f297fe322b..3120cab77c 100644
--- a/rsocket/src/main/java/org/springframework/security/rsocket/core/PayloadInterceptorRSocket.java
+++ b/rsocket/src/main/java/org/springframework/security/rsocket/core/PayloadInterceptorRSocket.java
@@ -72,37 +72,37 @@ class PayloadInterceptorRSocket extends RSocketProxy {
 	@Override
 	public Mono<Void> fireAndForget(Payload payload) {
 		return intercept(PayloadExchangeType.FIRE_AND_FORGET, payload)
-				.flatMap(context -> this.source.fireAndForget(payload).subscriberContext(context));
+				.flatMap((context) -> this.source.fireAndForget(payload).subscriberContext(context));
 	}
 
 	@Override
 	public Mono<Payload> requestResponse(Payload payload) {
 		return intercept(PayloadExchangeType.REQUEST_RESPONSE, payload)
-				.flatMap(context -> this.source.requestResponse(payload).subscriberContext(context));
+				.flatMap((context) -> this.source.requestResponse(payload).subscriberContext(context));
 	}
 
 	@Override
 	public Flux<Payload> requestStream(Payload payload) {
 		return intercept(PayloadExchangeType.REQUEST_STREAM, payload)
-				.flatMapMany(context -> this.source.requestStream(payload).subscriberContext(context));
+				.flatMapMany((context) -> this.source.requestStream(payload).subscriberContext(context));
 	}
 
 	@Override
 	public Flux<Payload> requestChannel(Publisher<Payload> payloads) {
 		return Flux.from(payloads).switchOnFirst((signal, innerFlux) -> {
 			Payload firstPayload = signal.get();
-			return intercept(PayloadExchangeType.REQUEST_CHANNEL, firstPayload).flatMapMany(
-					context -> innerFlux.skip(1).flatMap(p -> intercept(PayloadExchangeType.PAYLOAD, p).thenReturn(p))
-							.transform(securedPayloads -> Flux.concat(Flux.just(firstPayload), securedPayloads))
-							.transform(securedPayloads -> this.source.requestChannel(securedPayloads))
-							.subscriberContext(context));
+			return intercept(PayloadExchangeType.REQUEST_CHANNEL, firstPayload).flatMapMany((context) -> innerFlux
+					.skip(1).flatMap((p) -> intercept(PayloadExchangeType.PAYLOAD, p).thenReturn(p))
+					.transform((securedPayloads) -> Flux.concat(Flux.just(firstPayload), securedPayloads))
+					.transform((securedPayloads) -> this.source.requestChannel(securedPayloads))
+					.subscriberContext(context));
 		});
 	}
 
 	@Override
 	public Mono<Void> metadataPush(Payload payload) {
 		return intercept(PayloadExchangeType.METADATA_PUSH, payload)
-				.flatMap(c -> this.source.metadataPush(payload).subscriberContext(c));
+				.flatMap((c) -> this.source.metadataPush(payload).subscriberContext(c));
 	}
 
 	private Mono<Context> intercept(PayloadExchangeType type, Payload payload) {
diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/core/PayloadSocketAcceptor.java b/rsocket/src/main/java/org/springframework/security/rsocket/core/PayloadSocketAcceptor.java
index 848eae1cda..9809fa788e 100644
--- a/rsocket/src/main/java/org/springframework/security/rsocket/core/PayloadSocketAcceptor.java
+++ b/rsocket/src/main/java/org/springframework/security/rsocket/core/PayloadSocketAcceptor.java
@@ -73,8 +73,8 @@ class PayloadSocketAcceptor implements SocketAcceptor {
 		// FIXME do we want to make the sendingSocket available in the PayloadExchange
 		return intercept(setup, dataMimeType, metadataMimeType)
 				.flatMap(
-						ctx -> this.delegate.accept(setup, sendingSocket)
-								.map(acceptingSocket -> new PayloadInterceptorRSocket(acceptingSocket,
+						(ctx) -> this.delegate.accept(setup, sendingSocket)
+								.map((acceptingSocket) -> new PayloadInterceptorRSocket(acceptingSocket,
 										this.interceptors, metadataMimeType, dataMimeType, ctx))
 								.subscriberContext(ctx));
 	}
diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/metadata/BasicAuthenticationDecoder.java b/rsocket/src/main/java/org/springframework/security/rsocket/metadata/BasicAuthenticationDecoder.java
index 85d75dc4e9..07ba2ab348 100644
--- a/rsocket/src/main/java/org/springframework/security/rsocket/metadata/BasicAuthenticationDecoder.java
+++ b/rsocket/src/main/java/org/springframework/security/rsocket/metadata/BasicAuthenticationDecoder.java
@@ -45,7 +45,7 @@ public class BasicAuthenticationDecoder extends AbstractDecoder<UsernamePassword
 	@Override
 	public Flux<UsernamePasswordMetadata> decode(Publisher<DataBuffer> input, ResolvableType elementType,
 			MimeType mimeType, Map<String, Object> hints) {
-		return Flux.from(input).map(DataBuffer::asByteBuffer).map(byteBuffer -> {
+		return Flux.from(input).map(DataBuffer::asByteBuffer).map((byteBuffer) -> {
 			byte[] sizeBytes = new byte[4];
 			byteBuffer.get(sizeBytes);
 
@@ -63,7 +63,7 @@ public class BasicAuthenticationDecoder extends AbstractDecoder<UsernamePassword
 	@Override
 	public Mono<UsernamePasswordMetadata> decodeToMono(Publisher<DataBuffer> input, ResolvableType elementType,
 			MimeType mimeType, Map<String, Object> hints) {
-		return Mono.from(input).map(DataBuffer::asByteBuffer).map(byteBuffer -> {
+		return Mono.from(input).map(DataBuffer::asByteBuffer).map((byteBuffer) -> {
 			int usernameSize = byteBuffer.getInt();
 			byte[] usernameBytes = new byte[usernameSize];
 			byteBuffer.get(usernameBytes);
diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/metadata/BasicAuthenticationEncoder.java b/rsocket/src/main/java/org/springframework/security/rsocket/metadata/BasicAuthenticationEncoder.java
index 327c900e03..d1b6f739ad 100644
--- a/rsocket/src/main/java/org/springframework/security/rsocket/metadata/BasicAuthenticationEncoder.java
+++ b/rsocket/src/main/java/org/springframework/security/rsocket/metadata/BasicAuthenticationEncoder.java
@@ -49,7 +49,7 @@ public class BasicAuthenticationEncoder extends AbstractEncoder<UsernamePassword
 	public Flux<DataBuffer> encode(Publisher<? extends UsernamePasswordMetadata> inputStream,
 			DataBufferFactory bufferFactory, ResolvableType elementType, MimeType mimeType, Map<String, Object> hints) {
 		return Flux.from(inputStream)
-				.map(credentials -> encodeValue(credentials, bufferFactory, elementType, mimeType, hints));
+				.map((credentials) -> encodeValue(credentials, bufferFactory, elementType, mimeType, hints));
 	}
 
 	@Override
diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/metadata/BearerTokenAuthenticationEncoder.java b/rsocket/src/main/java/org/springframework/security/rsocket/metadata/BearerTokenAuthenticationEncoder.java
index ac7c61496a..e822fa8bff 100644
--- a/rsocket/src/main/java/org/springframework/security/rsocket/metadata/BearerTokenAuthenticationEncoder.java
+++ b/rsocket/src/main/java/org/springframework/security/rsocket/metadata/BearerTokenAuthenticationEncoder.java
@@ -55,7 +55,7 @@ public class BearerTokenAuthenticationEncoder extends AbstractEncoder<BearerToke
 	public Flux<DataBuffer> encode(Publisher<? extends BearerTokenMetadata> inputStream,
 			DataBufferFactory bufferFactory, ResolvableType elementType, MimeType mimeType, Map<String, Object> hints) {
 		return Flux.from(inputStream)
-				.map(credentials -> encodeValue(credentials, bufferFactory, elementType, mimeType, hints));
+				.map((credentials) -> encodeValue(credentials, bufferFactory, elementType, mimeType, hints));
 	}
 
 	@Override
diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/metadata/SimpleAuthenticationEncoder.java b/rsocket/src/main/java/org/springframework/security/rsocket/metadata/SimpleAuthenticationEncoder.java
index 4bbc479f98..1c31395de7 100644
--- a/rsocket/src/main/java/org/springframework/security/rsocket/metadata/SimpleAuthenticationEncoder.java
+++ b/rsocket/src/main/java/org/springframework/security/rsocket/metadata/SimpleAuthenticationEncoder.java
@@ -55,7 +55,7 @@ public class SimpleAuthenticationEncoder extends AbstractEncoder<UsernamePasswor
 	public Flux<DataBuffer> encode(Publisher<? extends UsernamePasswordMetadata> inputStream,
 			DataBufferFactory bufferFactory, ResolvableType elementType, MimeType mimeType, Map<String, Object> hints) {
 		return Flux.from(inputStream)
-				.map(credentials -> encodeValue(credentials, bufferFactory, elementType, mimeType, hints));
+				.map((credentials) -> encodeValue(credentials, bufferFactory, elementType, mimeType, hints));
 	}
 
 	@Override
diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/util/matcher/RoutePayloadExchangeMatcher.java b/rsocket/src/main/java/org/springframework/security/rsocket/util/matcher/RoutePayloadExchangeMatcher.java
index 8496a5ffec..ca9fe9d9ef 100644
--- a/rsocket/src/main/java/org/springframework/security/rsocket/util/matcher/RoutePayloadExchangeMatcher.java
+++ b/rsocket/src/main/java/org/springframework/security/rsocket/util/matcher/RoutePayloadExchangeMatcher.java
@@ -53,8 +53,8 @@ public class RoutePayloadExchangeMatcher implements PayloadExchangeMatcher {
 		Map<String, Object> metadata = this.metadataExtractor.extract(exchange.getPayload(),
 				exchange.getMetadataMimeType());
 		return Optional.ofNullable((String) metadata.get(MetadataExtractor.ROUTE_KEY))
-				.map(routeValue -> this.routeMatcher.parseRoute(routeValue))
-				.map(route -> this.routeMatcher.matchAndExtract(this.pattern, route)).map(v -> MatchResult.match(v))
+				.map((routeValue) -> this.routeMatcher.parseRoute(routeValue))
+				.map((route) -> this.routeMatcher.matchAndExtract(this.pattern, route)).map((v) -> MatchResult.match(v))
 				.orElse(MatchResult.notMatch());
 	}
 
diff --git a/rsocket/src/test/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadInterceptorChain.java b/rsocket/src/test/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadInterceptorChain.java
index b503f15bba..c68cce9196 100644
--- a/rsocket/src/test/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadInterceptorChain.java
+++ b/rsocket/src/test/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadInterceptorChain.java
@@ -34,7 +34,7 @@ class AuthenticationPayloadInterceptorChain implements PayloadInterceptorChain {
 	@Override
 	public Mono<Void> next(PayloadExchange exchange) {
 		return ReactiveSecurityContextHolder.getContext().map(SecurityContext::getAuthentication)
-				.doOnNext(a -> this.setAuthentication(a)).then();
+				.doOnNext((a) -> this.setAuthentication(a)).then();
 	}
 
 	public Authentication getAuthentication() {
diff --git a/rsocket/src/test/java/org/springframework/security/rsocket/authorization/PayloadExchangeMatcherReactiveAuthorizationManagerTests.java b/rsocket/src/test/java/org/springframework/security/rsocket/authorization/PayloadExchangeMatcherReactiveAuthorizationManagerTests.java
index 835a50c02b..ba65b66254 100644
--- a/rsocket/src/test/java/org/springframework/security/rsocket/authorization/PayloadExchangeMatcherReactiveAuthorizationManagerTests.java
+++ b/rsocket/src/test/java/org/springframework/security/rsocket/authorization/PayloadExchangeMatcherReactiveAuthorizationManagerTests.java
@@ -77,7 +77,8 @@ public class PayloadExchangeMatcherReactiveAuthorizationManagerTests {
 		given(this.authz.check(any(), any())).willReturn(Mono.just(expected));
 		PayloadExchangeMatcherReactiveAuthorizationManager manager = PayloadExchangeMatcherReactiveAuthorizationManager
 				.builder().add(new PayloadExchangeMatcherEntry<>(PayloadExchangeMatchers.anyExchange(), this.authz))
-				.add(new PayloadExchangeMatcherEntry<>(e -> PayloadExchangeMatcher.MatchResult.notMatch(), this.authz2))
+				.add(new PayloadExchangeMatcherEntry<>((e) -> PayloadExchangeMatcher.MatchResult.notMatch(),
+						this.authz2))
 				.build();
 
 		assertThat(manager.check(Mono.empty(), this.exchange).block()).isEqualTo(expected);
@@ -89,7 +90,8 @@ public class PayloadExchangeMatcherReactiveAuthorizationManagerTests {
 		given(this.authz2.check(any(), any())).willReturn(Mono.just(expected));
 		PayloadExchangeMatcherReactiveAuthorizationManager manager = PayloadExchangeMatcherReactiveAuthorizationManager
 				.builder()
-				.add(new PayloadExchangeMatcherEntry<>(e -> PayloadExchangeMatcher.MatchResult.notMatch(), this.authz))
+				.add(new PayloadExchangeMatcherEntry<>((e) -> PayloadExchangeMatcher.MatchResult.notMatch(),
+						this.authz))
 				.add(new PayloadExchangeMatcherEntry<>(PayloadExchangeMatchers.anyExchange(), this.authz2)).build();
 
 		assertThat(manager.check(Mono.empty(), this.exchange).block()).isEqualTo(expected);
diff --git a/rsocket/src/test/java/org/springframework/security/rsocket/core/CaptureSecurityContextSocketAcceptor.java b/rsocket/src/test/java/org/springframework/security/rsocket/core/CaptureSecurityContextSocketAcceptor.java
index 0146455715..6c6e25e608 100644
--- a/rsocket/src/test/java/org/springframework/security/rsocket/core/CaptureSecurityContextSocketAcceptor.java
+++ b/rsocket/src/test/java/org/springframework/security/rsocket/core/CaptureSecurityContextSocketAcceptor.java
@@ -43,7 +43,7 @@ class CaptureSecurityContextSocketAcceptor implements SocketAcceptor {
 	@Override
 	public Mono<RSocket> accept(ConnectionSetupPayload setup, RSocket sendingSocket) {
 		return ReactiveSecurityContextHolder.getContext()
-				.doOnNext(securityContext -> this.securityContext = securityContext).thenReturn(this.accept);
+				.doOnNext((securityContext) -> this.securityContext = securityContext).thenReturn(this.accept);
 	}
 
 	public SecurityContext getSecurityContext() {
diff --git a/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadInterceptorRSocketTests.java b/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadInterceptorRSocketTests.java
index f5aa79ab3b..a96324d2f6 100644
--- a/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadInterceptorRSocketTests.java
+++ b/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadInterceptorRSocketTests.java
@@ -140,7 +140,7 @@ public class PayloadInterceptorRSocketTests {
 
 		StepVerifier.create(interceptor.fireAndForget(this.payload))
 				.then(() -> this.voidResult.assertWasNotSubscribed())
-				.verifyErrorSatisfies(e -> assertThat(e).isEqualTo(expected));
+				.verifyErrorSatisfies((e) -> assertThat(e).isEqualTo(expected));
 
 		verify(this.interceptor).intercept(this.exchange.capture(), any());
 		assertThat(this.exchange.getValue().getPayload()).isEqualTo(this.payload);
@@ -155,7 +155,7 @@ public class PayloadInterceptorRSocketTests {
 		RSocket assertAuthentication = new RSocketProxy(this.delegate) {
 			@Override
 			public Mono<Void> fireAndForget(Payload payload) {
-				return assertAuthentication(authentication).flatMap(a -> super.fireAndForget(payload));
+				return assertAuthentication(authentication).flatMap((a) -> super.fireAndForget(payload));
 			}
 		};
 		PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(assertAuthentication,
@@ -209,7 +209,7 @@ public class PayloadInterceptorRSocketTests {
 		RSocket assertAuthentication = new RSocketProxy(this.delegate) {
 			@Override
 			public Mono<Payload> requestResponse(Payload payload) {
-				return assertAuthentication(authentication).flatMap(a -> super.requestResponse(payload));
+				return assertAuthentication(authentication).flatMap((a) -> super.requestResponse(payload));
 			}
 		};
 		PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(assertAuthentication,
@@ -249,7 +249,7 @@ public class PayloadInterceptorRSocketTests {
 
 		StepVerifier.create(interceptor.requestStream(this.payload))
 				.then(() -> this.payloadResult.assertNoSubscribers())
-				.verifyErrorSatisfies(e -> assertThat(e).isEqualTo(expected));
+				.verifyErrorSatisfies((e) -> assertThat(e).isEqualTo(expected));
 
 		verify(this.interceptor).intercept(this.exchange.capture(), any());
 		assertThat(this.exchange.getValue().getPayload()).isEqualTo(this.payload);
@@ -264,7 +264,7 @@ public class PayloadInterceptorRSocketTests {
 		RSocket assertAuthentication = new RSocketProxy(this.delegate) {
 			@Override
 			public Flux<Payload> requestStream(Payload payload) {
-				return assertAuthentication(authentication).flatMapMany(a -> super.requestStream(payload));
+				return assertAuthentication(authentication).flatMapMany((a) -> super.requestStream(payload));
 			}
 		};
 		PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(assertAuthentication,
@@ -305,7 +305,7 @@ public class PayloadInterceptorRSocketTests {
 
 		StepVerifier.create(interceptor.requestChannel(Flux.just(this.payload)))
 				.then(() -> this.payloadResult.assertNoSubscribers())
-				.verifyErrorSatisfies(e -> assertThat(e).isEqualTo(expected));
+				.verifyErrorSatisfies((e) -> assertThat(e).isEqualTo(expected));
 
 		verify(this.interceptor).intercept(this.exchange.capture(), any());
 		assertThat(this.exchange.getValue().getPayload()).isEqualTo(this.payload);
@@ -321,7 +321,7 @@ public class PayloadInterceptorRSocketTests {
 		RSocket assertAuthentication = new RSocketProxy(this.delegate) {
 			@Override
 			public Flux<Payload> requestChannel(Publisher<Payload> payload) {
-				return assertAuthentication(authentication).flatMapMany(a -> super.requestChannel(payload));
+				return assertAuthentication(authentication).flatMapMany((a) -> super.requestChannel(payload));
 			}
 		};
 		PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(assertAuthentication,
@@ -359,7 +359,7 @@ public class PayloadInterceptorRSocketTests {
 				Arrays.asList(this.interceptor), this.metadataMimeType, this.dataMimeType);
 
 		StepVerifier.create(interceptor.metadataPush(this.payload)).then(() -> this.voidResult.assertWasNotSubscribed())
-				.verifyErrorSatisfies(e -> assertThat(e).isEqualTo(expected));
+				.verifyErrorSatisfies((e) -> assertThat(e).isEqualTo(expected));
 
 		verify(this.interceptor).intercept(this.exchange.capture(), any());
 		assertThat(this.exchange.getValue().getPayload()).isEqualTo(this.payload);
@@ -374,7 +374,7 @@ public class PayloadInterceptorRSocketTests {
 		RSocket assertAuthentication = new RSocketProxy(this.delegate) {
 			@Override
 			public Mono<Void> metadataPush(Payload payload) {
-				return assertAuthentication(authentication).flatMap(a -> super.metadataPush(payload));
+				return assertAuthentication(authentication).flatMap((a) -> super.metadataPush(payload));
 			}
 		};
 		PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(assertAuthentication,
@@ -459,11 +459,11 @@ public class PayloadInterceptorRSocketTests {
 
 	private Mono<Authentication> assertAuthentication(Authentication authentication) {
 		return ReactiveSecurityContextHolder.getContext().map(SecurityContext::getAuthentication)
-				.doOnNext(a -> assertThat(a).isEqualTo(authentication));
+				.doOnNext((a) -> assertThat(a).isEqualTo(authentication));
 	}
 
 	private Answer<Object> withAuthenticated(Authentication authentication) {
-		return invocation -> {
+		return (invocation) -> {
 			PayloadInterceptorChain c = (PayloadInterceptorChain) invocation.getArguments()[1];
 			return c.next(new DefaultPayloadExchange(PayloadExchangeType.REQUEST_CHANNEL, this.payload,
 					this.metadataMimeType, this.dataMimeType))
@@ -472,7 +472,7 @@ public class PayloadInterceptorRSocketTests {
 	}
 
 	private static Answer<Mono<Void>> withChainNext() {
-		return invocation -> {
+		return (invocation) -> {
 			PayloadExchange exchange = (PayloadExchange) invocation.getArguments()[0];
 			PayloadInterceptorChain chain = (PayloadInterceptorChain) invocation.getArguments()[1];
 			return chain.next(exchange);
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/core/OpenSamlInitializationService.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/core/OpenSamlInitializationService.java
index 90c1c275b4..d617fdafc1 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/core/OpenSamlInitializationService.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/core/OpenSamlInitializationService.java
@@ -52,7 +52,7 @@ import org.springframework.security.saml2.Saml2Exception;
  *
  * <pre>
  * 	static {
- *  	OpenSamlInitializationService.requireInitialize(registry -> {
+ *  	OpenSamlInitializationService.requireInitialize((registry) -> {
  *  	 	registry.setParserPool(...);
  *  		registry.getBuilderFactory().registerBuilder(...);
  *  	});
@@ -94,7 +94,7 @@ public final class OpenSamlInitializationService {
 	 * @throws Saml2Exception if OpenSAML failed to initialize
 	 */
 	public static boolean initialize() {
-		return initialize(registry -> {
+		return initialize((registry) -> {
 		});
 	}
 
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProvider.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProvider.java
index 30e796ec73..0a5b4cd4ba 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProvider.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProvider.java
@@ -175,20 +175,22 @@ public final class OpenSamlAuthenticationProvider implements AuthenticationProvi
 
 	private final ParserPool parserPool;
 
-	private Converter<Assertion, Collection<? extends GrantedAuthority>> authoritiesExtractor = (a -> Collections
+	private Converter<Assertion, Collection<? extends GrantedAuthority>> authoritiesExtractor = ((a) -> Collections
 			.singletonList(new SimpleGrantedAuthority("ROLE_USER")));
 
-	private GrantedAuthoritiesMapper authoritiesMapper = (a -> a);
+	private GrantedAuthoritiesMapper authoritiesMapper = ((a) -> a);
 
 	private Duration responseTimeValidationSkew = Duration.ofMinutes(5);
 
-	private Function<Saml2AuthenticationToken, Converter<Response, AbstractAuthenticationToken>> authenticationConverter = token -> response -> {
-		Assertion assertion = CollectionUtils.firstElement(response.getAssertions());
-		String username = assertion.getSubject().getNameID().getValue();
-		Map<String, List<Object>> attributes = getAssertionAttributes(assertion);
-		return new Saml2Authentication(new DefaultSaml2AuthenticatedPrincipal(username, attributes),
-				token.getSaml2Response(), this.authoritiesMapper.mapAuthorities(getAssertionAuthorities(assertion)));
-	};
+	private Function<Saml2AuthenticationToken, Converter<Response, AbstractAuthenticationToken>> authenticationConverter = (
+			token) -> (response) -> {
+				Assertion assertion = CollectionUtils.firstElement(response.getAssertions());
+				String username = assertion.getSubject().getNameID().getValue();
+				Map<String, List<Object>> attributes = getAssertionAttributes(assertion);
+				return new Saml2Authentication(new DefaultSaml2AuthenticatedPrincipal(username, attributes),
+						token.getSaml2Response(),
+						this.authoritiesMapper.mapAuthorities(getAssertionAuthorities(assertion)));
+			};
 
 	private Converter<Saml2AuthenticationToken, SignatureTrustEngine> signatureTrustEngineConverter = new SignatureTrustEngineConverter();
 
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationRequestFactory.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationRequestFactory.java
index e5a57b44f6..af788ed70b 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationRequestFactory.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationRequestFactory.java
@@ -79,15 +79,16 @@ public class OpenSamlAuthenticationRequestFactory implements Saml2Authentication
 
 	private IssuerBuilder issuerBuilder;
 
-	private Converter<Saml2AuthenticationRequestContext, String> protocolBindingResolver = context -> {
+	private Converter<Saml2AuthenticationRequestContext, String> protocolBindingResolver = (context) -> {
 		if (context == null) {
 			return SAMLConstants.SAML2_POST_BINDING_URI;
 		}
 		return context.getRelyingPartyRegistration().getAssertionConsumerServiceBinding().getUrn();
 	};
 
-	private Function<Saml2AuthenticationRequestContext, Consumer<AuthnRequest>> authnRequestConsumerResolver = context -> authnRequest -> {
-	};
+	private Function<Saml2AuthenticationRequestContext, Consumer<AuthnRequest>> authnRequestConsumerResolver = (
+			context) -> (authnRequest) -> {
+			};
 
 	/**
 	 * Creates an {@link OpenSamlAuthenticationRequestFactory}
@@ -220,7 +221,7 @@ public class OpenSamlAuthenticationRequestFactory implements Saml2Authentication
 		if (!isAllowedBinding) {
 			throw new IllegalArgumentException("Invalid protocol binding: " + protocolBinding);
 		}
-		this.protocolBindingResolver = context -> protocolBinding;
+		this.protocolBindingResolver = (context) -> protocolBinding;
 	}
 
 	private AuthnRequest sign(AuthnRequest authnRequest, RelyingPartyRegistration relyingPartyRegistration) {
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationRequest.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationRequest.java
index 495709919b..1cac7d9fb5 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationRequest.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationRequest.java
@@ -113,7 +113,7 @@ public final class Saml2AuthenticationRequest {
 	public static Builder withAuthenticationRequestContext(Saml2AuthenticationRequestContext context) {
 		return new Builder().assertionConsumerServiceUrl(context.getAssertionConsumerServiceUrl())
 				.issuer(context.getIssuer()).destination(context.getDestination())
-				.credentials(c -> c.addAll(context.getRelyingPartyRegistration().getCredentials()));
+				.credentials((c) -> c.addAll(context.getRelyingPartyRegistration().getCredentials()));
 	}
 
 	/**
@@ -148,7 +148,7 @@ public final class Saml2AuthenticationRequest {
 		 * request. For example: <code>
 		 *     Saml2X509Credential credential = ...;
 		 *     return Saml2AuthenticationRequest.withLocalSpEntityId("id")
-		 *             .credentials(c -> c.add(credential))
+		 *             .credentials((c) -> c.add(credential))
 		 *             ...
 		 *             .build();
 		 * </code>
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationToken.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationToken.java
index 8e32c57a7f..c235157147 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationToken.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationToken.java
@@ -78,9 +78,8 @@ public class Saml2AuthenticationToken extends AbstractAuthenticationToken {
 		super(null);
 		this.relyingPartyRegistration = RelyingPartyRegistration.withRegistrationId(idpEntityId)
 				.entityId(localSpEntityId).assertionConsumerServiceLocation(recipientUri)
-				.credentials(c -> c.addAll(credentials))
-				.assertingPartyDetails(
-						assertingParty -> assertingParty.entityId(idpEntityId).singleSignOnServiceLocation(idpEntityId))
+				.credentials((c) -> c.addAll(credentials)).assertingPartyDetails((assertingParty) -> assertingParty
+						.entityId(idpEntityId).singleSignOnServiceLocation(idpEntityId))
 				.build();
 		this.saml2Response = saml2Response;
 	}
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverter.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverter.java
index 9616db50e7..52aa839ddd 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverter.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverter.java
@@ -160,10 +160,10 @@ public class OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverter
 					"Metadata response is missing verification certificates, necessary for verifying SAML assertions");
 		}
 		RelyingPartyRegistration.Builder builder = RelyingPartyRegistration.withRegistrationId(descriptor.getEntityID())
-				.assertingPartyDetails(party -> party.entityId(descriptor.getEntityID())
+				.assertingPartyDetails((party) -> party.entityId(descriptor.getEntityID())
 						.wantAuthnRequestsSigned(Boolean.TRUE.equals(idpssoDescriptor.getWantAuthnRequestsSigned()))
-						.verificationX509Credentials(c -> c.addAll(verification))
-						.encryptionX509Credentials(c -> c.addAll(encryption)));
+						.verificationX509Credentials((c) -> c.addAll(verification))
+						.encryptionX509Credentials((c) -> c.addAll(encryption)));
 		for (SingleSignOnService singleSignOnService : idpssoDescriptor.getSingleSignOnServices()) {
 			Saml2MessageBinding binding;
 			if (singleSignOnService.getBinding().equals(Saml2MessageBinding.POST.getUrn())) {
@@ -175,8 +175,9 @@ public class OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverter
 			else {
 				continue;
 			}
-			builder.assertingPartyDetails(party -> party.singleSignOnServiceLocation(singleSignOnService.getLocation())
-					.singleSignOnServiceBinding(binding));
+			builder.assertingPartyDetails(
+					(party) -> party.singleSignOnServiceLocation(singleSignOnService.getLocation())
+							.singleSignOnServiceBinding(binding));
 			return builder;
 		}
 		throw new Saml2Exception(
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistration.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistration.java
index 3927cd2c6b..ccbf33791f 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistration.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistration.java
@@ -59,11 +59,11 @@ import org.springframework.util.Assert;
  *	RelyingPartyRegistration rp = RelyingPartyRegistration.withRegistrationId(registrationId)
  * 			.entityId(relyingPartyEntityId)
  * 			.assertionConsumerServiceLocation(assertingConsumerServiceLocation)
- * 		 	.signingX509Credentials(c -> c.add(relyingPartySigningCredential))
- * 			.assertingPartyDetails(details -> details
+ * 		 	.signingX509Credentials((c) -> c.add(relyingPartySigningCredential))
+ * 			.assertingPartyDetails((details) -> details
  * 				.entityId(assertingPartyEntityId));
  * 				.singleSignOnServiceLocation(singleSignOnServiceLocation))
- * 				.verifyingX509Credentials(c -> c.add(assertingPartyVerificationCredential))
+ * 				.verifyingX509Credentials((c) -> c.add(assertingPartyVerificationCredential))
  * 			.build();
  * </pre>
  *
@@ -362,17 +362,17 @@ public final class RelyingPartyRegistration {
 	public static Builder withRelyingPartyRegistration(RelyingPartyRegistration registration) {
 		Assert.notNull(registration, "registration cannot be null");
 		return withRegistrationId(registration.getRegistrationId()).entityId(registration.getEntityId())
-				.signingX509Credentials(c -> c.addAll(registration.getSigningX509Credentials()))
-				.decryptionX509Credentials(c -> c.addAll(registration.getDecryptionX509Credentials()))
+				.signingX509Credentials((c) -> c.addAll(registration.getSigningX509Credentials()))
+				.decryptionX509Credentials((c) -> c.addAll(registration.getDecryptionX509Credentials()))
 				.assertionConsumerServiceLocation(registration.getAssertionConsumerServiceLocation())
 				.assertionConsumerServiceBinding(registration.getAssertionConsumerServiceBinding())
-				.assertingPartyDetails(assertingParty -> assertingParty
+				.assertingPartyDetails((assertingParty) -> assertingParty
 						.entityId(registration.getAssertingPartyDetails().getEntityId())
 						.wantAuthnRequestsSigned(registration.getAssertingPartyDetails().getWantAuthnRequestsSigned())
-						.verificationX509Credentials(
-								c -> c.addAll(registration.getAssertingPartyDetails().getVerificationX509Credentials()))
+						.verificationX509Credentials((c) -> c
+								.addAll(registration.getAssertingPartyDetails().getVerificationX509Credentials()))
 						.encryptionX509Credentials(
-								c -> c.addAll(registration.getAssertingPartyDetails().getEncryptionX509Credentials()))
+								(c) -> c.addAll(registration.getAssertingPartyDetails().getEncryptionX509Credentials()))
 						.singleSignOnServiceLocation(
 								registration.getAssertingPartyDetails().getSingleSignOnServiceLocation())
 						.singleSignOnServiceBinding(
@@ -913,7 +913,7 @@ public final class RelyingPartyRegistration {
 		 * communication between IDP and SP For example: <code>
 		 *     Saml2X509Credential credential = ...;
 		 *     return RelyingPartyRegistration.withRegistrationId("id")
-		 *             .credentials(c -> c.add(credential))
+		 *             .credentials((c) -> c.add(credential))
 		 *             ...
 		 *             .build();
 		 * </code>
@@ -959,7 +959,7 @@ public final class RelyingPartyRegistration {
 		 */
 		@Deprecated
 		public Builder remoteIdpEntityId(String entityId) {
-			assertingPartyDetails(idp -> idp.entityId(entityId));
+			assertingPartyDetails((idp) -> idp.entityId(entityId));
 			return this;
 		}
 
@@ -973,7 +973,7 @@ public final class RelyingPartyRegistration {
 		 */
 		@Deprecated
 		public Builder idpWebSsoUrl(String url) {
-			assertingPartyDetails(config -> config.singleSignOnServiceLocation(url));
+			assertingPartyDetails((config) -> config.singleSignOnServiceLocation(url));
 			return this;
 		}
 
@@ -1013,16 +1013,16 @@ public final class RelyingPartyRegistration {
 			for (org.springframework.security.saml2.credentials.Saml2X509Credential credential : this.credentials) {
 				Saml2X509Credential mapped = fromDeprecated(credential);
 				if (credential.isSigningCredential()) {
-					signingX509Credentials(c -> c.add(mapped));
+					signingX509Credentials((c) -> c.add(mapped));
 				}
 				if (credential.isDecryptionCredential()) {
-					decryptionX509Credentials(c -> c.add(mapped));
+					decryptionX509Credentials((c) -> c.add(mapped));
 				}
 				if (credential.isSignatureVerficationCredential()) {
-					this.providerDetails.assertingPartyDetailsBuilder.verificationX509Credentials(c -> c.add(mapped));
+					this.providerDetails.assertingPartyDetailsBuilder.verificationX509Credentials((c) -> c.add(mapped));
 				}
 				if (credential.isEncryptionCredential()) {
-					this.providerDetails.assertingPartyDetailsBuilder.encryptionX509Credentials(c -> c.add(mapped));
+					this.providerDetails.assertingPartyDetailsBuilder.encryptionX509Credentials((c) -> c.add(mapped));
 				}
 			}
 
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/DefaultRelyingPartyRegistrationResolver.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/DefaultRelyingPartyRegistrationResolver.java
index d5fa8df8b5..c81f6b2b6d 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/DefaultRelyingPartyRegistrationResolver.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/DefaultRelyingPartyRegistrationResolver.java
@@ -80,7 +80,7 @@ public final class DefaultRelyingPartyRegistrationResolver
 	}
 
 	private Function<String, String> templateResolver(String applicationUri, RelyingPartyRegistration relyingParty) {
-		return template -> resolveUrlTemplate(template, applicationUri, relyingParty);
+		return (template) -> resolveUrlTemplate(template, applicationUri, relyingParty);
 	}
 
 	private static String resolveUrlTemplate(String template, String baseUrl, RelyingPartyRegistration relyingParty) {
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/core/OpenSamlInitializationServiceTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/core/OpenSamlInitializationServiceTests.java
index ca2924b3fd..85bb9bbb48 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/core/OpenSamlInitializationServiceTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/core/OpenSamlInitializationServiceTests.java
@@ -37,7 +37,7 @@ public class OpenSamlInitializationServiceTests {
 		OpenSamlInitializationService.initialize();
 		XMLObjectProviderRegistry registry = ConfigurationService.get(XMLObjectProviderRegistry.class);
 		assertThat(registry.getParserPool()).isNotNull();
-		assertThatCode(() -> OpenSamlInitializationService.requireInitialize(r -> {
+		assertThatCode(() -> OpenSamlInitializationService.requireInitialize((r) -> {
 		})).isInstanceOf(Saml2Exception.class).hasMessageContaining("OpenSAML was already initialized previously");
 	}
 
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProviderTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProviderTests.java
index b4afd923c2..02a3be00ad 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProviderTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProviderTests.java
@@ -210,7 +210,7 @@ public class OpenSamlAuthenticationProviderTests {
 		Response response = TestOpenSamlObjects.response();
 		Assertion assertion = TestOpenSamlObjects.assertion();
 		assertion.getSubject().getSubjectConfirmations()
-				.forEach(sc -> sc.getSubjectConfirmationData().setAddress("10.10.10.10"));
+				.forEach((sc) -> sc.getSubjectConfirmationData().setAddress("10.10.10.10"));
 		TestOpenSamlObjects.signed(assertion, TestSaml2X509Credentials.assertingPartySigningCredential(),
 				RELYING_PARTY_ENTITY_ID);
 		response.getAssertions().add(assertion);
@@ -401,7 +401,7 @@ public class OpenSamlAuthenticationProviderTests {
 		ValidationContext context = mock(ValidationContext.class);
 		given(context.getStaticParameters()).willReturn(parameters);
 		OpenSamlAuthenticationProvider provider = new OpenSamlAuthenticationProvider();
-		provider.setValidationContextConverter(tuple -> context);
+		provider.setValidationContextConverter((tuple) -> context);
 		Response response = TestOpenSamlObjects.response();
 		Assertion assertion = TestOpenSamlObjects.assertion();
 		response.getAssertions().add(assertion);
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationRequestFactoryTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationRequestFactoryTests.java
index 7a40ec0b9a..1d17a31016 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationRequestFactoryTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationRequestFactoryTests.java
@@ -70,9 +70,9 @@ public class OpenSamlAuthenticationRequestFactoryTests {
 	public void setUp() {
 		this.relyingPartyRegistrationBuilder = RelyingPartyRegistration.withRegistrationId("id")
 				.assertionConsumerServiceLocation("template")
-				.providerDetails(c -> c.webSsoUrl("https://destination/sso"))
-				.providerDetails(c -> c.entityId("remote-entity-id")).localEntityIdTemplate("local-entity-id")
-				.credentials(c -> c.add(TestSaml2X509Credentials.relyingPartySigningCredential()));
+				.providerDetails((c) -> c.webSsoUrl("https://destination/sso"))
+				.providerDetails((c) -> c.entityId("remote-entity-id")).localEntityIdTemplate("local-entity-id")
+				.credentials((c) -> c.add(TestSaml2X509Credentials.relyingPartySigningCredential()));
 		this.relyingPartyRegistration = this.relyingPartyRegistrationBuilder.build();
 		this.contextBuilder = Saml2AuthenticationRequestContext.builder().issuer("https://issuer")
 				.relyingPartyRegistration(this.relyingPartyRegistration)
@@ -107,7 +107,7 @@ public class OpenSamlAuthenticationRequestFactoryTests {
 		this.context = this.contextBuilder.relayState("Relay State Value")
 				.relyingPartyRegistration(
 						RelyingPartyRegistration.withRelyingPartyRegistration(this.relyingPartyRegistration)
-								.providerDetails(c -> c.signAuthNRequest(false)).build())
+								.providerDetails((c) -> c.signAuthNRequest(false)).build())
 				.build();
 		Saml2RedirectAuthenticationRequest result = this.factory.createRedirectAuthenticationRequest(this.context);
 		assertThat(result.getSamlRequest()).isNotEmpty();
@@ -122,7 +122,7 @@ public class OpenSamlAuthenticationRequestFactoryTests {
 		this.context = this.contextBuilder.relayState("Relay State Value")
 				.relyingPartyRegistration(
 						RelyingPartyRegistration.withRelyingPartyRegistration(this.relyingPartyRegistration)
-								.providerDetails(c -> c.signAuthNRequest(false)).build())
+								.providerDetails((c) -> c.signAuthNRequest(false)).build())
 				.build();
 		Saml2PostAuthenticationRequest result = this.factory.createPostAuthenticationRequest(this.context);
 		assertThat(result.getSamlRequest()).isNotEmpty();
@@ -170,7 +170,7 @@ public class OpenSamlAuthenticationRequestFactoryTests {
 	public void createPostAuthenticationRequestWhenAuthnRequestConsumerThenUses() {
 		Function<Saml2AuthenticationRequestContext, Consumer<AuthnRequest>> authnRequestConsumerResolver = mock(
 				Function.class);
-		given(authnRequestConsumerResolver.apply(this.context)).willReturn(authnRequest -> {
+		given(authnRequestConsumerResolver.apply(this.context)).willReturn((authnRequest) -> {
 		});
 		this.factory.setAuthnRequestConsumerResolver(authnRequestConsumerResolver);
 
@@ -182,7 +182,7 @@ public class OpenSamlAuthenticationRequestFactoryTests {
 	public void createRedirectAuthenticationRequestWhenAuthnRequestConsumerThenUses() {
 		Function<Saml2AuthenticationRequestContext, Consumer<AuthnRequest>> authnRequestConsumerResolver = mock(
 				Function.class);
-		given(authnRequestConsumerResolver.apply(this.context)).willReturn(authnRequest -> {
+		given(authnRequestConsumerResolver.apply(this.context)).willReturn((authnRequest) -> {
 		});
 		this.factory.setAuthnRequestConsumerResolver(authnRequestConsumerResolver);
 
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationRequestFactoryTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationRequestFactoryTests.java
index 383b0ed5f9..c5b611e6d6 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationRequestFactoryTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationRequestFactoryTests.java
@@ -32,14 +32,14 @@ public class Saml2AuthenticationRequestFactoryTests {
 
 	private RelyingPartyRegistration registration = RelyingPartyRegistration.withRegistrationId("id")
 			.assertionConsumerServiceUrlTemplate("template")
-			.providerDetails(c -> c.webSsoUrl("https://example.com/destination"))
-			.providerDetails(c -> c.entityId("remote-entity-id")).localEntityIdTemplate("local-entity-id")
-			.credentials(c -> c.add(TestSaml2X509Credentials.relyingPartySigningCredential())).build();
+			.providerDetails((c) -> c.webSsoUrl("https://example.com/destination"))
+			.providerDetails((c) -> c.entityId("remote-entity-id")).localEntityIdTemplate("local-entity-id")
+			.credentials((c) -> c.add(TestSaml2X509Credentials.relyingPartySigningCredential())).build();
 
 	@Test
 	public void createAuthenticationRequestParametersWhenRedirectDefaultIsUsedMessageIsDeflatedAndEncoded() {
 		final String value = "Test String: " + UUID.randomUUID().toString();
-		Saml2AuthenticationRequestFactory factory = request -> value;
+		Saml2AuthenticationRequestFactory factory = (request) -> value;
 		Saml2AuthenticationRequestContext request = Saml2AuthenticationRequestContext.builder()
 				.relyingPartyRegistration(this.registration).issuer("https://example.com/issuer")
 				.assertionConsumerServiceUrl("https://example.com/acs-url").build();
@@ -53,7 +53,7 @@ public class Saml2AuthenticationRequestFactoryTests {
 	@Test
 	public void createAuthenticationRequestParametersWhenPostDefaultIsUsedMessageIsEncoded() {
 		final String value = "Test String: " + UUID.randomUUID().toString();
-		Saml2AuthenticationRequestFactory factory = request -> value;
+		Saml2AuthenticationRequestFactory factory = (request) -> value;
 		Saml2AuthenticationRequestContext request = Saml2AuthenticationRequestContext.builder()
 				.relyingPartyRegistration(this.registration).issuer("https://example.com/issuer")
 				.assertionConsumerServiceUrl("https://example.com/acs-url").build();
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/metadata/OpenSamlMetadataResolverTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/metadata/OpenSamlMetadataResolverTests.java
index 4d66195f89..3d7344705d 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/metadata/OpenSamlMetadataResolverTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/metadata/OpenSamlMetadataResolverTests.java
@@ -53,8 +53,8 @@ public class OpenSamlMetadataResolverTests {
 	public void resolveWhenRelyingPartyNoCredentialsThenMetadataMatches() {
 		// given
 		RelyingPartyRegistration relyingPartyRegistration = TestRelyingPartyRegistrations.noCredentials()
-				.assertingPartyDetails(party -> party.verificationX509Credentials(
-						c -> c.add(TestSaml2X509Credentials.relyingPartyVerifyingCredential())))
+				.assertingPartyDetails((party) -> party.verificationX509Credentials(
+						(c) -> c.add(TestSaml2X509Credentials.relyingPartyVerifyingCredential())))
 				.build();
 		OpenSamlMetadataResolver openSamlMetadataResolver = new OpenSamlMetadataResolver();
 
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistrationTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistrationTests.java
index cc85cac289..2c6fd22f4d 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistrationTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistrationTests.java
@@ -28,8 +28,8 @@ public class RelyingPartyRegistrationTests {
 	@Test
 	public void withRelyingPartyRegistrationWorks() {
 		RelyingPartyRegistration registration = TestRelyingPartyRegistrations.relyingPartyRegistration()
-				.providerDetails(p -> p.binding(Saml2MessageBinding.POST))
-				.providerDetails(p -> p.signAuthNRequest(false))
+				.providerDetails((p) -> p.binding(Saml2MessageBinding.POST))
+				.providerDetails((p) -> p.signAuthNRequest(false))
 				.assertionConsumerServiceBinding(Saml2MessageBinding.REDIRECT).build();
 		RelyingPartyRegistration copy = RelyingPartyRegistration.withRelyingPartyRegistration(registration).build();
 		compareRegistrations(registration, copy);
@@ -77,9 +77,9 @@ public class RelyingPartyRegistrationTests {
 	public void buildWhenUsingDefaultsThenAssertionConsumerServiceBindingDefaultsToPost() {
 		RelyingPartyRegistration relyingPartyRegistration = RelyingPartyRegistration.withRegistrationId("id")
 				.entityId("entity-id").assertionConsumerServiceLocation("location")
-				.assertingPartyDetails(
-						assertingParty -> assertingParty.entityId("entity-id").singleSignOnServiceLocation("location"))
-				.credentials(c -> c.add(TestSaml2X509Credentials.relyingPartyVerifyingCredential())).build();
+				.assertingPartyDetails((assertingParty) -> assertingParty.entityId("entity-id")
+						.singleSignOnServiceLocation("location"))
+				.credentials((c) -> c.add(TestSaml2X509Credentials.relyingPartyVerifyingCredential())).build();
 
 		assertThat(relyingPartyRegistration.getAssertionConsumerServiceBinding()).isEqualTo(Saml2MessageBinding.POST);
 	}
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/TestRelyingPartyRegistrations.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/TestRelyingPartyRegistrations.java
index 6cca53f78a..4a1b693f49 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/TestRelyingPartyRegistrations.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/TestRelyingPartyRegistrations.java
@@ -42,25 +42,25 @@ public final class TestRelyingPartyRegistrations {
 
 		return RelyingPartyRegistration.withRegistrationId(registrationId).entityId(rpEntityId)
 				.assertionConsumerServiceLocation(assertionConsumerServiceLocation)
-				.credentials(c -> c.add(signingCredential))
-				.providerDetails(c -> c.entityId(apEntityId).webSsoUrl(singleSignOnServiceLocation))
-				.credentials(c -> c.add(verificationCertificate));
+				.credentials((c) -> c.add(signingCredential))
+				.providerDetails((c) -> c.entityId(apEntityId).webSsoUrl(singleSignOnServiceLocation))
+				.credentials((c) -> c.add(verificationCertificate));
 	}
 
 	public static RelyingPartyRegistration.Builder noCredentials() {
 		return RelyingPartyRegistration.withRegistrationId("registration-id").entityId("rp-entity-id")
-				.assertionConsumerServiceLocation("https://rp.example.org/acs").assertingPartyDetails(party -> party
+				.assertionConsumerServiceLocation("https://rp.example.org/acs").assertingPartyDetails((party) -> party
 						.entityId("ap-entity-id").singleSignOnServiceLocation("https://ap.example.org/sso"));
 	}
 
 	public static RelyingPartyRegistration.Builder full() {
 		return noCredentials()
-				.signingX509Credentials(c -> c.add(org.springframework.security.saml2.core.TestSaml2X509Credentials
+				.signingX509Credentials((c) -> c.add(org.springframework.security.saml2.core.TestSaml2X509Credentials
 						.relyingPartySigningCredential()))
-				.decryptionX509Credentials(c -> c.add(org.springframework.security.saml2.core.TestSaml2X509Credentials
+				.decryptionX509Credentials((c) -> c.add(org.springframework.security.saml2.core.TestSaml2X509Credentials
 						.relyingPartyDecryptingCredential()))
-				.assertingPartyDetails(party -> party.verificationX509Credentials(
-						c -> c.add(org.springframework.security.saml2.core.TestSaml2X509Credentials
+				.assertingPartyDetails((party) -> party.verificationX509Credentials(
+						(c) -> c.add(org.springframework.security.saml2.core.TestSaml2X509Credentials
 								.relyingPartyVerifyingCredential())));
 	}
 
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationRequestFilterTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationRequestFilterTests.java
index 78a1e50025..fa3c2774de 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationRequestFilterTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationRequestFilterTests.java
@@ -76,9 +76,9 @@ public class Saml2WebSsoAuthenticationRequestFilterTests {
 		this.filterChain = new MockFilterChain();
 
 		this.rpBuilder = RelyingPartyRegistration.withRegistrationId("registration-id")
-				.providerDetails(c -> c.entityId("idp-entity-id")).providerDetails(c -> c.webSsoUrl(IDP_SSO_URL))
+				.providerDetails((c) -> c.entityId("idp-entity-id")).providerDetails((c) -> c.webSsoUrl(IDP_SSO_URL))
 				.assertionConsumerServiceUrlTemplate("template")
-				.credentials(c -> c.add(TestSaml2X509Credentials.assertingPartyPrivateCredential()));
+				.credentials((c) -> c.add(TestSaml2X509Credentials.assertingPartyPrivateCredential()));
 	}
 
 	@Test
@@ -121,7 +121,7 @@ public class Saml2WebSsoAuthenticationRequestFilterTests {
 	@Test
 	public void doFilterWhenSignatureIsDisabledThenSignatureParametersAreNotInTheRedirectURL() throws Exception {
 		given(this.repository.findByRegistrationId("registration-id"))
-				.willReturn(this.rpBuilder.providerDetails(c -> c.signAuthNRequest(false)).build());
+				.willReturn(this.rpBuilder.providerDetails((c) -> c.signAuthNRequest(false)).build());
 		final String relayStateValue = "https://my-relay-state.example.com?with=param&other=param";
 		final String relayStateEncoded = UriUtils.encode(relayStateValue, StandardCharsets.ISO_8859_1);
 		this.request.setParameter("RelayState", relayStateValue);
@@ -133,7 +133,7 @@ public class Saml2WebSsoAuthenticationRequestFilterTests {
 	@Test
 	public void doFilterWhenPostFormDataIsPresent() throws Exception {
 		given(this.repository.findByRegistrationId("registration-id"))
-				.willReturn(this.rpBuilder.providerDetails(c -> c.binding(Saml2MessageBinding.POST)).build());
+				.willReturn(this.rpBuilder.providerDetails((c) -> c.binding(Saml2MessageBinding.POST)).build());
 		final String relayStateValue = "https://my-relay-state.example.com?with=param&other=param&javascript{alert('1');}";
 		final String relayStateEncoded = HtmlUtils.htmlEscape(relayStateValue);
 		this.request.setParameter("RelayState", relayStateValue);
@@ -147,8 +147,8 @@ public class Saml2WebSsoAuthenticationRequestFilterTests {
 
 	@Test
 	public void doFilterWhenSetAuthenticationRequestFactoryThenUses() throws Exception {
-		RelyingPartyRegistration relyingParty = this.rpBuilder.providerDetails(c -> c.binding(Saml2MessageBinding.POST))
-				.build();
+		RelyingPartyRegistration relyingParty = this.rpBuilder
+				.providerDetails((c) -> c.binding(Saml2MessageBinding.POST)).build();
 		Saml2PostAuthenticationRequest authenticationRequest = mock(Saml2PostAuthenticationRequest.class);
 		given(authenticationRequest.getAuthenticationRequestUri()).willReturn("uri");
 		given(authenticationRequest.getRelayState()).willReturn("relay");
@@ -167,8 +167,8 @@ public class Saml2WebSsoAuthenticationRequestFilterTests {
 
 	@Test
 	public void doFilterWhenCustomAuthenticationRequestFactoryThenUses() throws Exception {
-		RelyingPartyRegistration relyingParty = this.rpBuilder.providerDetails(c -> c.binding(Saml2MessageBinding.POST))
-				.build();
+		RelyingPartyRegistration relyingParty = this.rpBuilder
+				.providerDetails((c) -> c.binding(Saml2MessageBinding.POST)).build();
 		Saml2PostAuthenticationRequest authenticationRequest = mock(Saml2PostAuthenticationRequest.class);
 		given(authenticationRequest.getAuthenticationRequestUri()).willReturn("uri");
 		given(authenticationRequest.getRelayState()).willReturn("relay");
@@ -201,7 +201,7 @@ public class Saml2WebSsoAuthenticationRequestFilterTests {
 	@Test
 	public void doFilterWhenRequestMatcherFailsThenSkipsFilter() throws Exception {
 		Saml2WebSsoAuthenticationRequestFilter filter = new Saml2WebSsoAuthenticationRequestFilter(this.repository);
-		filter.setRedirectMatcher(request -> false);
+		filter.setRedirectMatcher((request) -> false);
 		filter.doFilter(this.request, this.response, this.filterChain);
 		verifyNoInteractions(this.repository);
 	}
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/DefaultSaml2AuthenticationRequestContextResolverTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/DefaultSaml2AuthenticationRequestContextResolverTests.java
index e12618d650..dbd7eecadc 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/DefaultSaml2AuthenticationRequestContextResolverTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/DefaultSaml2AuthenticationRequestContextResolverTests.java
@@ -50,7 +50,7 @@ public class DefaultSaml2AuthenticationRequestContextResolverTests {
 	private RelyingPartyRegistration.Builder relyingPartyBuilder;
 
 	private Saml2AuthenticationRequestContextResolver authenticationRequestContextResolver = new DefaultSaml2AuthenticationRequestContextResolver(
-			new DefaultRelyingPartyRegistrationResolver(id -> this.relyingPartyBuilder.build()));
+			new DefaultRelyingPartyRegistrationResolver((id) -> this.relyingPartyBuilder.build()));
 
 	@Before
 	public void setup() {
@@ -58,10 +58,10 @@ public class DefaultSaml2AuthenticationRequestContextResolverTests {
 		this.request.setPathInfo("/saml2/authenticate/registration-id");
 		this.relyingPartyBuilder = RelyingPartyRegistration.withRegistrationId(REGISTRATION_ID)
 				.localEntityIdTemplate(RELYING_PARTY_ENTITY_ID)
-				.providerDetails(c -> c.entityId(ASSERTING_PARTY_ENTITY_ID))
-				.providerDetails(c -> c.webSsoUrl(ASSERTING_PARTY_SSO_URL))
+				.providerDetails((c) -> c.entityId(ASSERTING_PARTY_ENTITY_ID))
+				.providerDetails((c) -> c.webSsoUrl(ASSERTING_PARTY_SSO_URL))
 				.assertionConsumerServiceUrlTemplate(RELYING_PARTY_SSO_URL)
-				.credentials(c -> c.add(TestSaml2X509Credentials.relyingPartyVerifyingCredential()));
+				.credentials((c) -> c.add(TestSaml2X509Credentials.relyingPartyVerifyingCredential()));
 	}
 
 	@Test
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilterTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilterTests.java
index 672b53f6f7..3cb5214a36 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilterTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilterTests.java
@@ -109,14 +109,14 @@ public class Saml2MetadataFilterTests {
 		// given
 		this.request.setPathInfo("/saml2/service-provider-metadata/validRegistration");
 		RelyingPartyRegistration validRegistration = TestRelyingPartyRegistrations.noCredentials()
-				.assertingPartyDetails(party -> party.verificationX509Credentials(
-						c -> c.add(TestSaml2X509Credentials.relyingPartyVerifyingCredential())))
+				.assertingPartyDetails((party) -> party.verificationX509Credentials(
+						(c) -> c.add(TestSaml2X509Credentials.relyingPartyVerifyingCredential())))
 				.build();
 
 		String generatedMetadata = "<xml>test</xml>";
 		given(this.resolver.resolve(validRegistration)).willReturn(generatedMetadata);
 
-		this.filter = new Saml2MetadataFilter(request -> validRegistration, this.resolver);
+		this.filter = new Saml2MetadataFilter((request) -> validRegistration, this.resolver);
 
 		// when
 		this.filter.doFilter(this.request, this.response, this.chain);
diff --git a/samples/boot/hellorsocket/src/integration-test/java/sample/HelloRSocketApplicationITests.java b/samples/boot/hellorsocket/src/integration-test/java/sample/HelloRSocketApplicationITests.java
index 962b00f0c8..0709dd93bc 100644
--- a/samples/boot/hellorsocket/src/integration-test/java/sample/HelloRSocketApplicationITests.java
+++ b/samples/boot/hellorsocket/src/integration-test/java/sample/HelloRSocketApplicationITests.java
@@ -53,7 +53,7 @@ public class HelloRSocketApplicationITests {
 	public void messageWhenAuthenticatedThenSuccess() {
 		UsernamePasswordMetadata credentials = new UsernamePasswordMetadata("user", "password");
 		RSocketRequester requester = this.requester
-				.rsocketStrategies(builder -> builder.encoder(new BasicAuthenticationEncoder()))
+				.rsocketStrategies((builder) -> builder.encoder(new BasicAuthenticationEncoder()))
 				.setupMetadata(credentials, BASIC_AUTHENTICATION_MIME_TYPE)
 				.connectTcp("localhost", this.port)
 				.block();
diff --git a/samples/boot/hellowebflux-method/src/integration-test/java/sample/HelloWebfluxMethodApplicationITests.java b/samples/boot/hellowebflux-method/src/integration-test/java/sample/HelloWebfluxMethodApplicationITests.java
index 40974df660..d95956b2d6 100644
--- a/samples/boot/hellowebflux-method/src/integration-test/java/sample/HelloWebfluxMethodApplicationITests.java
+++ b/samples/boot/hellowebflux-method/src/integration-test/java/sample/HelloWebfluxMethodApplicationITests.java
@@ -70,11 +70,11 @@ public class HelloWebfluxMethodApplicationITests {
 	}
 
 	private Consumer<HttpHeaders> robsCredentials() {
-		return httpHeaders -> httpHeaders.setBasicAuth("rob", "rob");
+		return (httpHeaders) -> httpHeaders.setBasicAuth("rob", "rob");
 	}
 
 	private Consumer<HttpHeaders> adminCredentials() {
-		return httpHeaders -> httpHeaders.setBasicAuth("admin", "admin");
+		return (httpHeaders) -> httpHeaders.setBasicAuth("admin", "admin");
 	}
 }
 
diff --git a/samples/boot/hellowebflux-method/src/main/java/sample/SecurityConfig.java b/samples/boot/hellowebflux-method/src/main/java/sample/SecurityConfig.java
index cf8cd0e92b..fbbcdc835e 100644
--- a/samples/boot/hellowebflux-method/src/main/java/sample/SecurityConfig.java
+++ b/samples/boot/hellowebflux-method/src/main/java/sample/SecurityConfig.java
@@ -40,7 +40,7 @@ public class SecurityConfig {
 		return http
 			// Demonstrate that method security works
 			// Best practice to use both for defense in depth
-			.authorizeExchange(exchanges -> exchanges
+			.authorizeExchange((exchanges) -> exchanges
 				.anyExchange().permitAll()
 			)
 			.httpBasic(withDefaults())
diff --git a/samples/boot/hellowebflux-method/src/test/java/sample/HelloWebfluxMethodApplicationTests.java b/samples/boot/hellowebflux-method/src/test/java/sample/HelloWebfluxMethodApplicationTests.java
index cf361e2bc2..6a2e2898ed 100644
--- a/samples/boot/hellowebflux-method/src/test/java/sample/HelloWebfluxMethodApplicationTests.java
+++ b/samples/boot/hellowebflux-method/src/test/java/sample/HelloWebfluxMethodApplicationTests.java
@@ -123,10 +123,10 @@ public class HelloWebfluxMethodApplicationTests {
 	}
 
 	private Consumer<HttpHeaders> robsCredentials() {
-		return httpHeaders -> httpHeaders.setBasicAuth("rob", "rob");
+		return (httpHeaders) -> httpHeaders.setBasicAuth("rob", "rob");
 	}
 
 	private Consumer<HttpHeaders> adminCredentials() {
-		return httpHeaders -> httpHeaders.setBasicAuth("admin", "admin");
+		return (httpHeaders) -> httpHeaders.setBasicAuth("admin", "admin");
 	}
 }
diff --git a/samples/boot/hellowebflux/src/integration-test/java/sample/HelloWebfluxApplicationITests.java b/samples/boot/hellowebflux/src/integration-test/java/sample/HelloWebfluxApplicationITests.java
index 4f8aa5d3ad..6d1dda2fac 100644
--- a/samples/boot/hellowebflux/src/integration-test/java/sample/HelloWebfluxApplicationITests.java
+++ b/samples/boot/hellowebflux/src/integration-test/java/sample/HelloWebfluxApplicationITests.java
@@ -69,10 +69,10 @@ public class HelloWebfluxApplicationITests {
 	}
 
 	private Consumer<HttpHeaders> userCredentials() {
-		return httpHeaders -> httpHeaders.setBasicAuth("user", "user");
+		return (httpHeaders) -> httpHeaders.setBasicAuth("user", "user");
 	}
 
 	private Consumer<HttpHeaders> invalidCredentials() {
-		return httpHeaders -> httpHeaders.setBasicAuth("user", "INVALID");
+		return (httpHeaders) -> httpHeaders.setBasicAuth("user", "INVALID");
 	}
 }
diff --git a/samples/boot/hellowebflux/src/test/java/sample/HelloWebfluxApplicationTests.java b/samples/boot/hellowebflux/src/test/java/sample/HelloWebfluxApplicationTests.java
index 591c4dd46b..cc7892116f 100644
--- a/samples/boot/hellowebflux/src/test/java/sample/HelloWebfluxApplicationTests.java
+++ b/samples/boot/hellowebflux/src/test/java/sample/HelloWebfluxApplicationTests.java
@@ -105,10 +105,10 @@ public class HelloWebfluxApplicationTests {
 	}
 
 	private Consumer<HttpHeaders> userCredentials() {
-		return httpHeaders -> httpHeaders.setBasicAuth("user", "user");
+		return (httpHeaders) -> httpHeaders.setBasicAuth("user", "user");
 	}
 
 	private Consumer<HttpHeaders> invalidCredentials() {
-		return httpHeaders -> httpHeaders.setBasicAuth("user", "INVALID");
+		return (httpHeaders) -> httpHeaders.setBasicAuth("user", "INVALID");
 	}
 }
diff --git a/samples/boot/hellowebfluxfn/src/integration-test/java/sample/HelloWebfluxFnApplicationITests.java b/samples/boot/hellowebfluxfn/src/integration-test/java/sample/HelloWebfluxFnApplicationITests.java
index 515f321f8b..de42538a78 100644
--- a/samples/boot/hellowebfluxfn/src/integration-test/java/sample/HelloWebfluxFnApplicationITests.java
+++ b/samples/boot/hellowebfluxfn/src/integration-test/java/sample/HelloWebfluxFnApplicationITests.java
@@ -75,10 +75,10 @@ public class HelloWebfluxFnApplicationITests {
 	}
 
 	private Consumer<HttpHeaders> userCredentials() {
-		return httpHeaders -> httpHeaders.setBasicAuth("user", "user");
+		return (httpHeaders) -> httpHeaders.setBasicAuth("user", "user");
 	}
 
 	private Consumer<HttpHeaders> invalidCredentials() {
-		return httpHeaders -> httpHeaders.setBasicAuth("user", "INVALID");
+		return (httpHeaders) -> httpHeaders.setBasicAuth("user", "INVALID");
 	}
 }
diff --git a/samples/boot/hellowebfluxfn/src/main/java/sample/HelloUserController.java b/samples/boot/hellowebfluxfn/src/main/java/sample/HelloUserController.java
index e1fd699e3d..e0c0810cee 100644
--- a/samples/boot/hellowebfluxfn/src/main/java/sample/HelloUserController.java
+++ b/samples/boot/hellowebfluxfn/src/main/java/sample/HelloUserController.java
@@ -36,7 +36,7 @@ public class HelloUserController {
 	public Mono<ServerResponse> hello(ServerRequest serverRequest) {
 		return serverRequest.principal()
 			.map(Principal::getName)
-			.flatMap(username ->
+			.flatMap((username) -> 
 				ServerResponse.ok()
 					.contentType(MediaType.APPLICATION_JSON)
 					.syncBody(Collections.singletonMap("message", "Hello " + username + "!"))
diff --git a/samples/boot/hellowebfluxfn/src/test/java/sample/HelloWebfluxFnApplicationTests.java b/samples/boot/hellowebfluxfn/src/test/java/sample/HelloWebfluxFnApplicationTests.java
index 392dcdfce8..826fe95cf3 100644
--- a/samples/boot/hellowebfluxfn/src/test/java/sample/HelloWebfluxFnApplicationTests.java
+++ b/samples/boot/hellowebfluxfn/src/test/java/sample/HelloWebfluxFnApplicationTests.java
@@ -106,10 +106,10 @@ public class HelloWebfluxFnApplicationTests {
 	}
 
 	private Consumer<HttpHeaders> userCredentials() {
-		return httpHeaders -> httpHeaders.setBasicAuth("user", "user");
+		return (httpHeaders) -> httpHeaders.setBasicAuth("user", "user");
 	}
 
 	private Consumer<HttpHeaders> invalidCredentials() {
-		return httpHeaders -> httpHeaders.setBasicAuth("user", "INVALID");
+		return (httpHeaders) -> httpHeaders.setBasicAuth("user", "INVALID");
 	}
 }
diff --git a/samples/boot/helloworld/src/main/java/org/springframework/security/samples/config/SecurityConfig.java b/samples/boot/helloworld/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
index 8a8a3dd07b..c3c71cf2fe 100644
--- a/samples/boot/helloworld/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
+++ b/samples/boot/helloworld/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
@@ -35,11 +35,11 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
 		http
-				.authorizeRequests(authorize -> authorize
+				.authorizeRequests((authorize) -> authorize
 					.antMatchers("/css/**", "/index").permitAll()
 					.antMatchers("/user/**").hasRole("USER")
 				)
-				.formLogin(formLogin -> formLogin
+				.formLogin((formLogin) -> formLogin
 					.loginPage("/login")
 					.failureUrl("/login-error")
 				);
diff --git a/samples/boot/oauth2authorizationserver/src/main/java/sample/AuthorizationServerConfiguration.java b/samples/boot/oauth2authorizationserver/src/main/java/sample/AuthorizationServerConfiguration.java
index 77efa11928..4b20b0c88c 100644
--- a/samples/boot/oauth2authorizationserver/src/main/java/sample/AuthorizationServerConfiguration.java
+++ b/samples/boot/oauth2authorizationserver/src/main/java/sample/AuthorizationServerConfiguration.java
@@ -167,7 +167,7 @@ class UserConfig extends WebSecurityConfigurerAdapter {
 				.and()
 			.httpBasic()
 				.and()
-			.csrf().ignoringRequestMatchers(request -> "/introspect".equals(request.getRequestURI()));
+			.csrf().ignoringRequestMatchers((request) -> "/introspect".equals(request.getRequestURI()));
 	}
 
 	@Bean
diff --git a/samples/boot/oauth2login-webflux/src/integration-test/java/sample/OAuth2LoginApplicationTests.java b/samples/boot/oauth2login-webflux/src/integration-test/java/sample/OAuth2LoginApplicationTests.java
index 9f3d47193c..c3e2b63af6 100644
--- a/samples/boot/oauth2login-webflux/src/integration-test/java/sample/OAuth2LoginApplicationTests.java
+++ b/samples/boot/oauth2login-webflux/src/integration-test/java/sample/OAuth2LoginApplicationTests.java
@@ -46,7 +46,7 @@ public class OAuth2LoginApplicationTests {
 	@Test
 	public void requestWhenMockOidcLoginThenIndex() {
 		this.clientRegistrationRepository.findByRegistrationId("github")
-				.map(clientRegistration ->
+				.map((clientRegistration) -> 
 						this.test.mutateWith(mockOAuth2Login().clientRegistration(clientRegistration))
 							.get().uri("/")
 							.exchange()
diff --git a/samples/boot/oauth2login-webflux/src/test/java/sample/OAuth2LoginControllerTests.java b/samples/boot/oauth2login-webflux/src/test/java/sample/OAuth2LoginControllerTests.java
index d1fb3c5b3e..11ae5f8ba6 100644
--- a/samples/boot/oauth2login-webflux/src/test/java/sample/OAuth2LoginControllerTests.java
+++ b/samples/boot/oauth2login-webflux/src/test/java/sample/OAuth2LoginControllerTests.java
@@ -65,12 +65,12 @@ public class OAuth2LoginControllerTests {
 					.bindToController(this.controller)
 					.apply(springSecurity())
 					.webFilter(new SecurityContextServerWebExchangeWebFilter())
-					.argumentResolvers(c -> {
+					.argumentResolvers((c) -> {
 						c.addCustomResolver(new AuthenticationPrincipalArgumentResolver(new ReactiveAdapterRegistry()));
 						c.addCustomResolver(new OAuth2AuthorizedClientArgumentResolver
 								(this.clientRegistrationRepository, this.authorizedClientRepository));
 					})
-					.viewResolvers(c -> c.viewResolver(this.viewResolver))
+					.viewResolvers((c) -> c.viewResolver(this.viewResolver))
 					.build();
 		}
 
diff --git a/samples/boot/oauth2login/src/integration-test/java/sample/OAuth2LoginApplicationTests.java b/samples/boot/oauth2login/src/integration-test/java/sample/OAuth2LoginApplicationTests.java
index f4488cb00d..77867dbbc8 100644
--- a/samples/boot/oauth2login/src/integration-test/java/sample/OAuth2LoginApplicationTests.java
+++ b/samples/boot/oauth2login/src/integration-test/java/sample/OAuth2LoginApplicationTests.java
@@ -308,7 +308,7 @@ public class OAuth2LoginApplicationTests {
 
 	private HtmlAnchor getClientAnchorElement(HtmlPage page, ClientRegistration clientRegistration) {
 		Optional<HtmlAnchor> clientAnchorElement = page.getAnchors().stream()
-				.filter(e -> e.asText().equals(clientRegistration.getClientName())).findFirst();
+				.filter((e) -> e.asText().equals(clientRegistration.getClientName())).findFirst();
 
 		return (clientAnchorElement.orElse(null));
 	}
@@ -335,17 +335,17 @@ public class OAuth2LoginApplicationTests {
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			http
-				.authorizeRequests(authorizeRequests ->
+				.authorizeRequests((authorizeRequests) -> 
 					authorizeRequests
 						.anyRequest().authenticated()
 				)
-				.oauth2Login(oauth2Login ->
+				.oauth2Login((oauth2Login) -> 
 					oauth2Login
-						.tokenEndpoint(tokenEndpoint ->
+						.tokenEndpoint((tokenEndpoint) -> 
 							tokenEndpoint
 								.accessTokenResponseClient(this.mockAccessTokenResponseClient())
 						)
-						.userInfoEndpoint(userInfoEndpoint ->
+						.userInfoEndpoint((userInfoEndpoint) -> 
 							userInfoEndpoint
 								.userService(this.mockUserService())
 						)
diff --git a/samples/boot/oauth2login/src/test/java/sample/web/OAuth2LoginControllerTests.java b/samples/boot/oauth2login/src/test/java/sample/web/OAuth2LoginControllerTests.java
index 3779bb7ff8..6a3af42ff7 100644
--- a/samples/boot/oauth2login/src/test/java/sample/web/OAuth2LoginControllerTests.java
+++ b/samples/boot/oauth2login/src/test/java/sample/web/OAuth2LoginControllerTests.java
@@ -63,7 +63,7 @@ public class OAuth2LoginControllerTests {
 
 		this.mvc.perform(get("/").with(oauth2Login()
 				.clientRegistration(clientRegistration)
-				.attributes(a -> a.put("sub", "spring-security"))))
+				.attributes((a) -> a.put("sub", "spring-security"))))
 				.andExpect(model().attribute("userName", "spring-security"))
 				.andExpect(model().attribute("clientName", "my-client-name"))
 				.andExpect(model().attribute("userAttributes", Collections.singletonMap("sub", "spring-security")));
diff --git a/samples/boot/oauth2resourceserver-jwe/src/main/java/sample/OAuth2ResourceServerSecurityConfiguration.java b/samples/boot/oauth2resourceserver-jwe/src/main/java/sample/OAuth2ResourceServerSecurityConfiguration.java
index 9e5e53f22e..dfe4135d4b 100644
--- a/samples/boot/oauth2resourceserver-jwe/src/main/java/sample/OAuth2ResourceServerSecurityConfiguration.java
+++ b/samples/boot/oauth2resourceserver-jwe/src/main/java/sample/OAuth2ResourceServerSecurityConfiguration.java
@@ -69,12 +69,12 @@ public class OAuth2ResourceServerSecurityConfiguration extends WebSecurityConfig
 	protected void configure(HttpSecurity http) throws Exception {
 		// @formatter:off
 		http
-			.authorizeRequests(authorizeRequests ->
+			.authorizeRequests((authorizeRequests) -> 
 				authorizeRequests
 					.antMatchers("/message/**").hasAuthority("SCOPE_message:read")
 					.anyRequest().authenticated()
 			)
-			.oauth2ResourceServer(oauth2ResourceServer ->
+			.oauth2ResourceServer((oauth2ResourceServer) -> 
 				oauth2ResourceServer
 					.jwt(withDefaults())
 			);
diff --git a/samples/boot/oauth2resourceserver-multitenancy/src/main/java/org/springframework/boot/env/MockWebServerPropertySource.java b/samples/boot/oauth2resourceserver-multitenancy/src/main/java/org/springframework/boot/env/MockWebServerPropertySource.java
index f0663200de..9e3f58e628 100644
--- a/samples/boot/oauth2resourceserver-multitenancy/src/main/java/org/springframework/boot/env/MockWebServerPropertySource.java
+++ b/samples/boot/oauth2resourceserver-multitenancy/src/main/java/org/springframework/boot/env/MockWebServerPropertySource.java
@@ -156,10 +156,10 @@ public class MockWebServerPropertySource extends PropertySource<MockWebServer> i
 
 		if ("/introspect".equals(request.getPath())) {
 			return Optional.ofNullable(request.getHeader(HttpHeaders.AUTHORIZATION))
-					.filter(authorization -> isAuthorized(authorization, "client", "secret"))
-					.map(authorization -> parseBody(request.getBody()))
-					.map(parameters -> parameters.get("token"))
-					.map(token -> {
+					.filter((authorization) -> isAuthorized(authorization, "client", "secret"))
+					.map((authorization) -> parseBody(request.getBody()))
+					.map((parameters) -> parameters.get("token"))
+					.map((token) -> {
 						if ("00ed5855-1869-47a0-b0c9-0f3ce520aee7".equals(token)) {
 							return NO_SCOPES_RESPONSE;
 						} else if ("b43d1500-c405-4dc9-b9c9-6cfd966c34c9".equals(token)) {
@@ -181,8 +181,8 @@ public class MockWebServerPropertySource extends PropertySource<MockWebServer> i
 
 	private Map<String, Object> parseBody(Buffer body) {
 		return Stream.of(body.readUtf8().split("&"))
-				.map(parameter -> parameter.split("="))
-				.collect(Collectors.toMap(parts -> parts[0], parts -> parts[1]));
+				.map((parameter) -> parameter.split("="))
+				.collect(Collectors.toMap((parts) -> parts[0], (parts) -> parts[1]));
 	}
 
 	private static MockResponse response(String body, int status) {
diff --git a/samples/boot/oauth2resourceserver-multitenancy/src/main/java/sample/OAuth2ResourceServerSecurityConfiguration.java b/samples/boot/oauth2resourceserver-multitenancy/src/main/java/sample/OAuth2ResourceServerSecurityConfiguration.java
index 5a8822631e..75bf3865b9 100644
--- a/samples/boot/oauth2resourceserver-multitenancy/src/main/java/sample/OAuth2ResourceServerSecurityConfiguration.java
+++ b/samples/boot/oauth2resourceserver-multitenancy/src/main/java/sample/OAuth2ResourceServerSecurityConfiguration.java
@@ -37,11 +37,11 @@ public class OAuth2ResourceServerSecurityConfiguration extends WebSecurityConfig
 	protected void configure(HttpSecurity http) throws Exception {
 		// @formatter:off
 		http
-			.authorizeRequests(authz -> authz
+			.authorizeRequests((authz) -> authz
 				.antMatchers("/message/**").hasAuthority("SCOPE_message:read")
 				.anyRequest().authenticated()
 			)
-			.oauth2ResourceServer(oauth2 -> oauth2
+			.oauth2ResourceServer((oauth2) -> oauth2
 				.authenticationManagerResolver(this.authenticationManagerResolver)
 			);
 		// @formatter:on
diff --git a/samples/boot/oauth2resourceserver-opaque/src/main/java/org/springframework/boot/env/MockWebServerPropertySource.java b/samples/boot/oauth2resourceserver-opaque/src/main/java/org/springframework/boot/env/MockWebServerPropertySource.java
index 32e1cdbd35..0bc6b57558 100644
--- a/samples/boot/oauth2resourceserver-opaque/src/main/java/org/springframework/boot/env/MockWebServerPropertySource.java
+++ b/samples/boot/oauth2resourceserver-opaque/src/main/java/org/springframework/boot/env/MockWebServerPropertySource.java
@@ -142,10 +142,10 @@ public class MockWebServerPropertySource extends PropertySource<MockWebServer> i
 	private MockResponse doDispatch(RecordedRequest request) {
 		if ("/introspect".equals(request.getPath())) {
 			return Optional.ofNullable(request.getHeader(HttpHeaders.AUTHORIZATION))
-					.filter(authorization -> isAuthorized(authorization, "client", "secret"))
-					.map(authorization -> parseBody(request.getBody()))
-					.map(parameters -> parameters.get("token"))
-					.map(token -> {
+					.filter((authorization) -> isAuthorized(authorization, "client", "secret"))
+					.map((authorization) -> parseBody(request.getBody()))
+					.map((parameters) -> parameters.get("token"))
+					.map((token) -> {
 						if ("00ed5855-1869-47a0-b0c9-0f3ce520aee7".equals(token)) {
 							return NO_SCOPES_RESPONSE;
 						} else if ("b43d1500-c405-4dc9-b9c9-6cfd966c34c9".equals(token)) {
@@ -167,8 +167,8 @@ public class MockWebServerPropertySource extends PropertySource<MockWebServer> i
 
 	private Map<String, Object> parseBody(Buffer body) {
 		return Stream.of(body.readUtf8().split("&"))
-				.map(parameter -> parameter.split("="))
-				.collect(Collectors.toMap(parts -> parts[0], parts -> parts[1]));
+				.map((parameter) -> parameter.split("="))
+				.collect(Collectors.toMap((parts) -> parts[0], (parts) -> parts[1]));
 	}
 
 	private static MockResponse response(String body, int status) {
diff --git a/samples/boot/oauth2resourceserver-opaque/src/main/java/sample/OAuth2ResourceServerSecurityConfiguration.java b/samples/boot/oauth2resourceserver-opaque/src/main/java/sample/OAuth2ResourceServerSecurityConfiguration.java
index f32a5d70c4..6fc3444c73 100644
--- a/samples/boot/oauth2resourceserver-opaque/src/main/java/sample/OAuth2ResourceServerSecurityConfiguration.java
+++ b/samples/boot/oauth2resourceserver-opaque/src/main/java/sample/OAuth2ResourceServerSecurityConfiguration.java
@@ -36,15 +36,15 @@ public class OAuth2ResourceServerSecurityConfiguration extends WebSecurityConfig
 	protected void configure(HttpSecurity http) throws Exception {
 		// @formatter:off
 		http
-			.authorizeRequests(authorizeRequests ->
+			.authorizeRequests((authorizeRequests) -> 
 				authorizeRequests
 					.antMatchers(HttpMethod.GET, "/message/**").hasAuthority("SCOPE_message:read")
 					.antMatchers(HttpMethod.POST, "/message/**").hasAuthority("SCOPE_message:write")
 					.anyRequest().authenticated()
 			)
-			.oauth2ResourceServer(oauth2ResourceServer ->
+			.oauth2ResourceServer((oauth2ResourceServer) -> 
 				oauth2ResourceServer
-					.opaqueToken(opaqueToken ->
+					.opaqueToken((opaqueToken) -> 
 						opaqueToken
 							.introspectionUri(this.introspectionUri)
 							.introspectionClientCredentials(this.clientId, this.clientSecret)
diff --git a/samples/boot/oauth2resourceserver-opaque/src/test/java/sample/OAuth2ResourceServerControllerTests.java b/samples/boot/oauth2resourceserver-opaque/src/test/java/sample/OAuth2ResourceServerControllerTests.java
index 29d1cd1ea8..ee3318f246 100644
--- a/samples/boot/oauth2resourceserver-opaque/src/test/java/sample/OAuth2ResourceServerControllerTests.java
+++ b/samples/boot/oauth2resourceserver-opaque/src/test/java/sample/OAuth2ResourceServerControllerTests.java
@@ -46,13 +46,13 @@ public class OAuth2ResourceServerControllerTests {
 
 	@Test
 	public void indexGreetsAuthenticatedUser() throws Exception {
-		this.mvc.perform(get("/").with(opaqueToken().attributes(a -> a.put("sub", "ch4mpy"))))
+		this.mvc.perform(get("/").with(opaqueToken().attributes((a) -> a.put("sub", "ch4mpy"))))
 				.andExpect(content().string(is("Hello, ch4mpy!")));
 	}
 
 	@Test
 	public void messageCanBeReadWithScopeMessageReadAuthority() throws Exception {
-		this.mvc.perform(get("/message").with(opaqueToken().attributes(a -> a.put("scope", "message:read"))))
+		this.mvc.perform(get("/message").with(opaqueToken().attributes((a) -> a.put("scope", "message:read"))))
 				.andExpect(content().string(is("secret message")));
 
 		this.mvc.perform(get("/message")
diff --git a/samples/boot/oauth2resourceserver-static/src/main/java/sample/OAuth2ResourceServerSecurityConfiguration.java b/samples/boot/oauth2resourceserver-static/src/main/java/sample/OAuth2ResourceServerSecurityConfiguration.java
index 4d70204150..a57bed2d51 100644
--- a/samples/boot/oauth2resourceserver-static/src/main/java/sample/OAuth2ResourceServerSecurityConfiguration.java
+++ b/samples/boot/oauth2resourceserver-static/src/main/java/sample/OAuth2ResourceServerSecurityConfiguration.java
@@ -39,14 +39,14 @@ public class OAuth2ResourceServerSecurityConfiguration extends WebSecurityConfig
 	protected void configure(HttpSecurity http) throws Exception {
 		// @formatter:off
 		http
-			.authorizeRequests(authorizeRequests ->
+			.authorizeRequests((authorizeRequests) -> 
 				authorizeRequests
 					.antMatchers("/message/**").hasAuthority("SCOPE_message:read")
 					.anyRequest().authenticated()
 			)
-			.oauth2ResourceServer(oauth2ResourceServer ->
+			.oauth2ResourceServer((oauth2ResourceServer) -> 
 				oauth2ResourceServer
-					.jwt(jwt ->
+					.jwt((jwt) -> 
 						jwt.decoder(jwtDecoder())
 					)
 			);
diff --git a/samples/boot/oauth2resourceserver-webflux/src/integration-test/java/sample/ServerOAuth2ResourceServerApplicationITests.java b/samples/boot/oauth2resourceserver-webflux/src/integration-test/java/sample/ServerOAuth2ResourceServerApplicationITests.java
index 763d28a71e..9cbdcf2b36 100644
--- a/samples/boot/oauth2resourceserver-webflux/src/integration-test/java/sample/ServerOAuth2ResourceServerApplicationITests.java
+++ b/samples/boot/oauth2resourceserver-webflux/src/integration-test/java/sample/ServerOAuth2ResourceServerApplicationITests.java
@@ -38,8 +38,8 @@ import static org.hamcrest.Matchers.containsString;
 @RunWith(SpringJUnit4ClassRunner.class)
 public class ServerOAuth2ResourceServerApplicationITests {
 
-	Consumer<HttpHeaders> noScopesToken = http -> http.setBearerAuth("eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJzdWJqZWN0IiwiZXhwIjo0NjgzODA1MTI4fQ.ULEPdHG-MK5GlrTQMhgqcyug2brTIZaJIrahUeq9zaiwUSdW83fJ7W1IDd2Z3n4a25JY2uhEcoV95lMfccHR6y_2DLrNvfta22SumY9PEDF2pido54LXG6edIGgarnUbJdR4rpRe_5oRGVa8gDx8FnuZsNv6StSZHAzw5OsuevSTJ1UbJm4UfX3wiahFOQ2OI6G-r5TB2rQNdiPHuNyzG5yznUqRIZ7-GCoMqHMaC-1epKxiX8gYXRROuUYTtcMNa86wh7OVDmvwVmFioRcR58UWBRoO1XQexTtOQq_t8KYsrPZhb9gkyW8x2bAQF-d0J0EJY8JslaH6n4RBaZISww");
-	Consumer<HttpHeaders> messageReadToken = http -> http.setBearerAuth("eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJzdWJqZWN0Iiwic2NvcGUiOiJtZXNzYWdlOnJlYWQiLCJleHAiOjQ2ODM4MDUxNDF9.h-j6FKRFdnTdmAueTZCdep45e6DPwqM68ZQ8doIJ1exi9YxAlbWzOwId6Bd0L5YmCmp63gGQgsBUBLzwnZQ8kLUgUOBEC3UzSWGRqMskCY9_k9pX0iomX6IfF3N0PaYs0WPC4hO1s8wfZQ-6hKQ4KigFi13G9LMLdH58PRMK0pKEvs3gCbHJuEPw-K5ORlpdnleUTQIwINafU57cmK3KocTeknPAM_L716sCuSYGvDl6xUTXO7oPdrXhS_EhxLP6KxrpI1uD4Ea_5OWTh7S0Wx5LLDfU6wBG1DowN20d374zepOIEkR-Jnmr_QlR44vmRqS5ncrF-1R0EGcPX49U6A");
+	Consumer<HttpHeaders> noScopesToken = (http) -> http.setBearerAuth("eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJzdWJqZWN0IiwiZXhwIjo0NjgzODA1MTI4fQ.ULEPdHG-MK5GlrTQMhgqcyug2brTIZaJIrahUeq9zaiwUSdW83fJ7W1IDd2Z3n4a25JY2uhEcoV95lMfccHR6y_2DLrNvfta22SumY9PEDF2pido54LXG6edIGgarnUbJdR4rpRe_5oRGVa8gDx8FnuZsNv6StSZHAzw5OsuevSTJ1UbJm4UfX3wiahFOQ2OI6G-r5TB2rQNdiPHuNyzG5yznUqRIZ7-GCoMqHMaC-1epKxiX8gYXRROuUYTtcMNa86wh7OVDmvwVmFioRcR58UWBRoO1XQexTtOQq_t8KYsrPZhb9gkyW8x2bAQF-d0J0EJY8JslaH6n4RBaZISww");
+	Consumer<HttpHeaders> messageReadToken = (http) -> http.setBearerAuth("eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJzdWJqZWN0Iiwic2NvcGUiOiJtZXNzYWdlOnJlYWQiLCJleHAiOjQ2ODM4MDUxNDF9.h-j6FKRFdnTdmAueTZCdep45e6DPwqM68ZQ8doIJ1exi9YxAlbWzOwId6Bd0L5YmCmp63gGQgsBUBLzwnZQ8kLUgUOBEC3UzSWGRqMskCY9_k9pX0iomX6IfF3N0PaYs0WPC4hO1s8wfZQ-6hKQ4KigFi13G9LMLdH58PRMK0pKEvs3gCbHJuEPw-K5ORlpdnleUTQIwINafU57cmK3KocTeknPAM_L716sCuSYGvDl6xUTXO7oPdrXhS_EhxLP6KxrpI1uD4Ea_5OWTh7S0Wx5LLDfU6wBG1DowN20d374zepOIEkR-Jnmr_QlR44vmRqS5ncrF-1R0EGcPX49U6A");
 
 	@Autowired
 	private WebTestClient rest;
diff --git a/samples/boot/oauth2resourceserver-webflux/src/main/java/sample/SecurityConfig.java b/samples/boot/oauth2resourceserver-webflux/src/main/java/sample/SecurityConfig.java
index fad9309c02..d4f6429b51 100644
--- a/samples/boot/oauth2resourceserver-webflux/src/main/java/sample/SecurityConfig.java
+++ b/samples/boot/oauth2resourceserver-webflux/src/main/java/sample/SecurityConfig.java
@@ -34,13 +34,13 @@ public class SecurityConfig {
 	@Bean
 	SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 		http
-			.authorizeExchange(exchanges ->
+			.authorizeExchange((exchanges) -> 
 				exchanges
 					.pathMatchers(HttpMethod.GET, "/message/**").hasAuthority("SCOPE_message:read")
 					.pathMatchers(HttpMethod.POST, "/message/**").hasAuthority("SCOPE_message:write")
 					.anyExchange().authenticated()
 			)
-			.oauth2ResourceServer(oauth2ResourceServer ->
+			.oauth2ResourceServer((oauth2ResourceServer) -> 
 				oauth2ResourceServer
 					.jwt(withDefaults())
 			);
diff --git a/samples/boot/oauth2resourceserver-webflux/src/test/java/sample/OAuth2ResourceServerControllerTests.java b/samples/boot/oauth2resourceserver-webflux/src/test/java/sample/OAuth2ResourceServerControllerTests.java
index 3f1291c6fa..8fc72574f1 100644
--- a/samples/boot/oauth2resourceserver-webflux/src/test/java/sample/OAuth2ResourceServerControllerTests.java
+++ b/samples/boot/oauth2resourceserver-webflux/src/test/java/sample/OAuth2ResourceServerControllerTests.java
@@ -50,14 +50,14 @@ public class OAuth2ResourceServerControllerTests {
 
 		@Test
 		public void indexGreetsAuthenticatedUser() {
-			this.rest.mutateWith(mockJwt().jwt(jwt -> jwt.subject("test-subject")))
+			this.rest.mutateWith(mockJwt().jwt((jwt) -> jwt.subject("test-subject")))
 					.get().uri("/").exchange()
 					.expectBody(String.class).isEqualTo("Hello, test-subject!");
 		}
 
 		@Test
 		public void messageCanBeReadWithScopeMessageReadAuthority() {
-			this.rest.mutateWith(mockJwt().jwt(jwt -> jwt.claim("scope", "message:read")))
+			this.rest.mutateWith(mockJwt().jwt((jwt) -> jwt.claim("scope", "message:read")))
 					.get().uri("/message").exchange()
 					.expectBody(String.class).isEqualTo("secret message");
 
@@ -78,7 +78,7 @@ public class OAuth2ResourceServerControllerTests {
 			Jwt jwt = jwt().claim("scope", "").build();
 			when(this.jwtDecoder.decode(anyString())).thenReturn(Mono.just(jwt));
 			this.rest.post().uri("/message")
-					.headers(headers -> headers.setBearerAuth(jwt.getTokenValue()))
+					.headers((headers) -> headers.setBearerAuth(jwt.getTokenValue()))
 					.syncBody("Hello message").exchange()
 					.expectStatus().isForbidden();
 		}
@@ -88,7 +88,7 @@ public class OAuth2ResourceServerControllerTests {
 			Jwt jwt = jwt().claim("scope", "message:read").build();
 			when(this.jwtDecoder.decode(anyString())).thenReturn(Mono.just(jwt));
 			this.rest.post().uri("/message")
-					.headers(headers -> headers.setBearerAuth(jwt.getTokenValue()))
+					.headers((headers) -> headers.setBearerAuth(jwt.getTokenValue()))
 					.syncBody("Hello message").exchange()
 					.expectStatus().isForbidden();
 		}
@@ -98,7 +98,7 @@ public class OAuth2ResourceServerControllerTests {
 			Jwt jwt = jwt().claim("scope", "message:write").build();
 			when(this.jwtDecoder.decode(anyString())).thenReturn(Mono.just(jwt));
 			this.rest.post().uri("/message")
-					.headers(headers -> headers.setBearerAuth(jwt.getTokenValue()))
+					.headers((headers) -> headers.setBearerAuth(jwt.getTokenValue()))
 					.syncBody("Hello message").exchange()
 					.expectStatus().isOk()
 					.expectBody(String.class).isEqualTo("Message was created. Content: Hello message");
diff --git a/samples/boot/oauth2resourceserver/src/main/java/sample/OAuth2ResourceServerSecurityConfiguration.java b/samples/boot/oauth2resourceserver/src/main/java/sample/OAuth2ResourceServerSecurityConfiguration.java
index f003ee37d9..d7e157cfc6 100644
--- a/samples/boot/oauth2resourceserver/src/main/java/sample/OAuth2ResourceServerSecurityConfiguration.java
+++ b/samples/boot/oauth2resourceserver/src/main/java/sample/OAuth2ResourceServerSecurityConfiguration.java
@@ -38,7 +38,7 @@ public class OAuth2ResourceServerSecurityConfiguration extends WebSecurityConfig
 	protected void configure(HttpSecurity http) throws Exception {
 		// @formatter:off
 		http
-			.authorizeRequests(authorizeRequests ->
+			.authorizeRequests((authorizeRequests) -> 
 				authorizeRequests
 					.antMatchers(HttpMethod.GET, "/message/**").hasAuthority("SCOPE_message:read")
 					.antMatchers(HttpMethod.POST, "/message/**").hasAuthority("SCOPE_message:write")
diff --git a/samples/boot/oauth2resourceserver/src/test/java/sample/OAuth2ResourceServerControllerTests.java b/samples/boot/oauth2resourceserver/src/test/java/sample/OAuth2ResourceServerControllerTests.java
index 8160062ebd..565212b073 100644
--- a/samples/boot/oauth2resourceserver/src/test/java/sample/OAuth2ResourceServerControllerTests.java
+++ b/samples/boot/oauth2resourceserver/src/test/java/sample/OAuth2ResourceServerControllerTests.java
@@ -48,13 +48,13 @@ public class OAuth2ResourceServerControllerTests {
 
 	@Test
 	public void indexGreetsAuthenticatedUser() throws Exception {
-		mockMvc.perform(get("/").with(jwt().jwt(jwt -> jwt.subject("ch4mpy"))))
+		mockMvc.perform(get("/").with(jwt().jwt((jwt) -> jwt.subject("ch4mpy"))))
 				.andExpect(content().string(is("Hello, ch4mpy!")));
 	}
 
 	@Test
 	public void messageCanBeReadWithScopeMessageReadAuthority() throws Exception {
-		mockMvc.perform(get("/message").with(jwt().jwt(jwt -> jwt.claim("scope", "message:read"))))
+		mockMvc.perform(get("/message").with(jwt().jwt((jwt) -> jwt.claim("scope", "message:read"))))
 				.andExpect(content().string(is("secret message")));
 
 		mockMvc.perform(get("/message")
@@ -80,7 +80,7 @@ public class OAuth2ResourceServerControllerTests {
 	public void messageCanNotBeCreatedWithScopeMessageReadAuthority() throws Exception {
 		mockMvc.perform(post("/message")
 				.content("Hello message")
-				.with(jwt().jwt(jwt -> jwt.claim("scope", "message:read"))))
+				.with(jwt().jwt((jwt) -> jwt.claim("scope", "message:read"))))
 				.andExpect(status().isForbidden());
 	}
 
@@ -89,7 +89,7 @@ public class OAuth2ResourceServerControllerTests {
 			throws Exception {
 		mockMvc.perform(post("/message")
 				.content("Hello message")
-				.with(jwt().jwt(jwt -> jwt.claim("scope", "message:write"))))
+				.with(jwt().jwt((jwt) -> jwt.claim("scope", "message:write"))))
 				.andExpect(status().isOk())
 				.andExpect(content().string(is("Message was created. Content: Hello message")));
 	}
diff --git a/samples/boot/oauth2webclient-webflux/src/main/java/sample/config/SecurityConfig.java b/samples/boot/oauth2webclient-webflux/src/main/java/sample/config/SecurityConfig.java
index 279aae17cb..33fb8b7867 100644
--- a/samples/boot/oauth2webclient-webflux/src/main/java/sample/config/SecurityConfig.java
+++ b/samples/boot/oauth2webclient-webflux/src/main/java/sample/config/SecurityConfig.java
@@ -35,7 +35,7 @@ public class SecurityConfig {
 	@Bean
 	SecurityWebFilterChain configure(ServerHttpSecurity http) {
 		http
-			.authorizeExchange(exchanges ->
+			.authorizeExchange((exchanges) -> 
 				exchanges
 					.pathMatchers("/", "/public/**").permitAll()
 					.anyExchange().authenticated()
diff --git a/samples/boot/oauth2webclient/src/main/java/sample/config/SecurityConfig.java b/samples/boot/oauth2webclient/src/main/java/sample/config/SecurityConfig.java
index 4ac610bf04..e5602d812d 100644
--- a/samples/boot/oauth2webclient/src/main/java/sample/config/SecurityConfig.java
+++ b/samples/boot/oauth2webclient/src/main/java/sample/config/SecurityConfig.java
@@ -36,7 +36,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
 		http
-			.authorizeRequests(authorizeRequests ->
+			.authorizeRequests((authorizeRequests) -> 
 				authorizeRequests
 					.mvcMatchers("/", "/public/**").permitAll()
 					.anyRequest().authenticated()
diff --git a/samples/boot/saml2login/src/integration-test/java/org/springframework/security/saml2/provider/service/authentication/Saml2LoginIntegrationTests.java b/samples/boot/saml2login/src/integration-test/java/org/springframework/security/saml2/provider/service/authentication/Saml2LoginIntegrationTests.java
index d51d2cdc4b..330e9a58d2 100644
--- a/samples/boot/saml2login/src/integration-test/java/org/springframework/security/saml2/provider/service/authentication/Saml2LoginIntegrationTests.java
+++ b/samples/boot/saml2login/src/integration-test/java/org/springframework/security/saml2/provider/service/authentication/Saml2LoginIntegrationTests.java
@@ -483,7 +483,7 @@ public class Saml2LoginIntegrationTests {
 			String code,
 			Matcher<String> message
 	) {
-		return result -> {
+		return (result) -> {
 			final HttpSession session = result.getRequest().getSession(false);
 			AssertionErrors.assertNotNull("HttpSession", session);
 			Object exception = session.getAttribute(AUTHENTICATION_EXCEPTION);
diff --git a/samples/boot/webflux-form/src/main/java/sample/WebfluxFormSecurityConfig.java b/samples/boot/webflux-form/src/main/java/sample/WebfluxFormSecurityConfig.java
index c87bc0a4af..94642742dc 100644
--- a/samples/boot/webflux-form/src/main/java/sample/WebfluxFormSecurityConfig.java
+++ b/samples/boot/webflux-form/src/main/java/sample/WebfluxFormSecurityConfig.java
@@ -46,13 +46,13 @@ public class WebfluxFormSecurityConfig {
 	@Bean
 	SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 		http
-			.authorizeExchange(exchanges ->
+			.authorizeExchange((exchanges) -> 
 				exchanges
 					.pathMatchers("/login").permitAll()
 					.anyExchange().authenticated()
 			)
 			.httpBasic(withDefaults())
-			.formLogin(formLogin ->
+			.formLogin((formLogin) -> 
 				formLogin
 					.loginPage("/login")
 			);
diff --git a/samples/boot/webflux-x509/src/main/java/sample/MeController.java b/samples/boot/webflux-x509/src/main/java/sample/MeController.java
index f7a3958784..7c10c6aedf 100644
--- a/samples/boot/webflux-x509/src/main/java/sample/MeController.java
+++ b/samples/boot/webflux-x509/src/main/java/sample/MeController.java
@@ -35,6 +35,6 @@ public class MeController {
 	public Mono<String> me() {
 		return ReactiveSecurityContextHolder.getContext()
 				.map(SecurityContext::getAuthentication)
-				.map(authentication -> "Hello, " + authentication.getName());
+				.map((authentication) -> "Hello, " + authentication.getName());
 	}
 }
diff --git a/samples/boot/webflux-x509/src/main/java/sample/WebfluxX509Application.java b/samples/boot/webflux-x509/src/main/java/sample/WebfluxX509Application.java
index 02e145c14b..89813d073b 100644
--- a/samples/boot/webflux-x509/src/main/java/sample/WebfluxX509Application.java
+++ b/samples/boot/webflux-x509/src/main/java/sample/WebfluxX509Application.java
@@ -46,7 +46,7 @@ public class WebfluxX509Application {
 		// @formatter:off
 		http
 			.x509(withDefaults())
-			.authorizeExchange(exchanges ->
+			.authorizeExchange((exchanges) -> 
 				exchanges
 					.anyExchange().authenticated()
 			);
diff --git a/samples/boot/webflux-x509/src/test/java/sample/WebfluxX509ApplicationTest.java b/samples/boot/webflux-x509/src/test/java/sample/WebfluxX509ApplicationTest.java
index 604692d5ad..e6ed9cf200 100644
--- a/samples/boot/webflux-x509/src/test/java/sample/WebfluxX509ApplicationTest.java
+++ b/samples/boot/webflux-x509/src/test/java/sample/WebfluxX509ApplicationTest.java
@@ -55,7 +55,7 @@ public class WebfluxX509ApplicationTest {
 				.exchange()
 				.expectStatus().isOk()
 				.expectBody()
-				.consumeWith(result -> {
+				.consumeWith((result) -> {
 					String responseBody = new String(result.getResponseBody());
 					assertThat(responseBody).contains("Hello, client");
 				});
@@ -79,7 +79,7 @@ public class WebfluxX509ApplicationTest {
 				.trustManager(devCA)
 				.keyManager(clientKey, clientCrt);
 
-		HttpClient httpClient = HttpClient.create().secure(sslContextSpec -> sslContextSpec.sslContext(sslContextBuilder));
+		HttpClient httpClient = HttpClient.create().secure((sslContextSpec) -> sslContextSpec.sslContext(sslContextBuilder));
 		ClientHttpConnector httpConnector = new ReactorClientHttpConnector(httpClient);
 
 		return WebTestClient
diff --git a/samples/javaconfig/concurrency/src/main/java/org/springframework/security/samples/config/SecurityConfig.java b/samples/javaconfig/concurrency/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
index 99328c184e..45773f3eb7 100644
--- a/samples/javaconfig/concurrency/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
+++ b/samples/javaconfig/concurrency/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
@@ -43,14 +43,14 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
 	protected void configure(
 			HttpSecurity http) throws Exception {
 		http
-			.authorizeRequests(authorizeRequests ->
+			.authorizeRequests((authorizeRequests) -> 
 				authorizeRequests
 					.anyRequest().authenticated()
 			)
 			.formLogin(withDefaults())
-			.sessionManagement(sessionManagement ->
+			.sessionManagement((sessionManagement) -> 
 				sessionManagement
-					.sessionConcurrency(sessionConcurrency ->
+					.sessionConcurrency((sessionConcurrency) -> 
 						sessionConcurrency
 							.maximumSessions(1)
 							.expiredUrl("/login?expired")
diff --git a/samples/javaconfig/form/src/main/java/org/springframework/security/samples/config/SecurityConfig.java b/samples/javaconfig/form/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
index b1ee5fa3f3..8f9cbba6f6 100644
--- a/samples/javaconfig/form/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
+++ b/samples/javaconfig/form/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
@@ -30,17 +30,17 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
 		http
-			.authorizeRequests(authorizeRequests ->
+			.authorizeRequests((authorizeRequests) -> 
 				authorizeRequests
 					.antMatchers("/resources/**").permitAll()
 					.anyRequest().authenticated()
 			)
-			.formLogin(formLogin ->
+			.formLogin((formLogin) -> 
 				formLogin
 					.loginPage("/login")
 					.permitAll()
 			)
-			.logout(logout ->
+			.logout((logout) -> 
 				logout
 					.permitAll()
 			);
diff --git a/samples/javaconfig/openid/src/main/java/org/springframework/security/samples/config/SecurityConfig.java b/samples/javaconfig/openid/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
index a5335e512a..9645aac23b 100644
--- a/samples/javaconfig/openid/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
+++ b/samples/javaconfig/openid/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
@@ -32,64 +32,64 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
 		http
-			.authorizeRequests(authorizeRequests ->
+			.authorizeRequests((authorizeRequests) -> 
 				authorizeRequests
 					.antMatchers("/resources/**").permitAll()
 					.anyRequest().authenticated()
 			)
-			.openidLogin(openidLogin ->
+			.openidLogin((openidLogin) -> 
 				openidLogin
 					.loginPage("/login")
 					.permitAll()
 					.authenticationUserDetailsService(new CustomUserDetailsService())
-					.attributeExchange(googleExchange ->
+					.attributeExchange((googleExchange) -> 
 						googleExchange
 							.identifierPattern("https://www.google.com/.*")
-							.attribute(emailAttribute ->
+							.attribute((emailAttribute) -> 
 								emailAttribute
 									.name("email")
 									.type("https://axschema.org/contact/email")
 									.required(true)
 							)
-							.attribute(firstnameAttribute ->
+							.attribute((firstnameAttribute) -> 
 								firstnameAttribute
 									.name("firstname")
 									.type("https://axschema.org/namePerson/first")
 									.required(true)
 							)
-							.attribute(lastnameAttribute ->
+							.attribute((lastnameAttribute) -> 
 								lastnameAttribute
 									.name("lastname")
 									.type("https://axschema.org/namePerson/last")
 									.required(true)
 							)
 					)
-					.attributeExchange(yahooExchange ->
+					.attributeExchange((yahooExchange) -> 
 						yahooExchange
 							.identifierPattern(".*yahoo.com.*")
-							.attribute(emailAttribute ->
+							.attribute((emailAttribute) -> 
 								emailAttribute
 									.name("email")
 									.type("https://axschema.org/contact/email")
 									.required(true)
 							)
-							.attribute(fullnameAttribute ->
+							.attribute((fullnameAttribute) -> 
 								fullnameAttribute
 									.name("fullname")
 									.type("https://axschema.org/namePerson")
 									.required(true)
 							)
 					)
-					.attributeExchange(myopenidExchange ->
+					.attributeExchange((myopenidExchange) -> 
 						myopenidExchange
 							.identifierPattern(".*myopenid.com.*")
-							.attribute(emailAttribute ->
+							.attribute((emailAttribute) -> 
 								emailAttribute
 									.name("email")
 									.type("https://schema.openid.net/contact/email")
 									.required(true)
 							)
-							.attribute(fullnameAttribute ->
+							.attribute((fullnameAttribute) -> 
 									fullnameAttribute
 									.name("fullname")
 									.type("https://schema.openid.net/namePerson")
diff --git a/samples/javaconfig/preauth/src/main/java/org/springframework/security/samples/config/SecurityConfig.java b/samples/javaconfig/preauth/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
index a7fcc345cc..512365bcf0 100644
--- a/samples/javaconfig/preauth/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
+++ b/samples/javaconfig/preauth/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
@@ -27,12 +27,12 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
 		http
-			.authorizeRequests(authorizeRequests ->
+			.authorizeRequests((authorizeRequests) -> 
 				authorizeRequests
 					.antMatchers("/login", "/resources/**").permitAll()
 					.anyRequest().authenticated()
 			)
-			.jee(jee ->
+			.jee((jee) -> 
 				jee
 					.mappableRoles("USER", "ADMIN")
 			);
diff --git a/samples/javaconfig/rememberme/src/main/java/org/springframework/security/samples/config/SecurityConfig.java b/samples/javaconfig/rememberme/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
index 5b2a543684..2570717394 100644
--- a/samples/javaconfig/rememberme/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
+++ b/samples/javaconfig/rememberme/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
@@ -42,12 +42,12 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
 		http
-			.authorizeRequests(authorizeRequests ->
+			.authorizeRequests((authorizeRequests) -> 
 				authorizeRequests
 					.antMatchers("/resources/**").permitAll()
 					.anyRequest().authenticated()
 			)
-			.formLogin(formLogin ->
+			.formLogin((formLogin) -> 
 				formLogin
 					.loginPage("/login")
 					.permitAll()
diff --git a/samples/javaconfig/saml2login/src/main/java/org/springframework/security/samples/config/SecurityConfig.java b/samples/javaconfig/saml2login/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
index cb0fc35dfe..15a24f5b50 100644
--- a/samples/javaconfig/saml2login/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
+++ b/samples/javaconfig/saml2login/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
@@ -57,11 +57,11 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
 		return RelyingPartyRegistration.withRegistrationId(registrationId)
 				.entityId(localEntityIdTemplate)
 				.assertionConsumerServiceLocation(acsUrlTemplate)
-				.signingX509Credentials(c -> c.add(signingCredential))
-				.assertingPartyDetails(config -> config
+				.signingX509Credentials((c) -> c.add(signingCredential))
+				.assertingPartyDetails((config) -> config
 						.entityId(idpEntityId)
 						.singleSignOnServiceLocation(webSsoEndpoint)
-						.verificationX509Credentials(c -> c.add(idpVerificationCertificate)))
+						.verificationX509Credentials((c) -> c.add(idpVerificationCertificate)))
 				.build();
 	}
 
diff --git a/samples/javaconfig/saml2login/src/test/java/org/springframework/security/samples/config/SecurityConfigTests.java b/samples/javaconfig/saml2login/src/test/java/org/springframework/security/samples/config/SecurityConfigTests.java
index 2edd87332e..8a416b95c1 100644
--- a/samples/javaconfig/saml2login/src/test/java/org/springframework/security/samples/config/SecurityConfigTests.java
+++ b/samples/javaconfig/saml2login/src/test/java/org/springframework/security/samples/config/SecurityConfigTests.java
@@ -52,7 +52,7 @@ public class SecurityConfigTests {
 		Saml2WebSsoAuthenticationFilter filter = (Saml2WebSsoAuthenticationFilter) filters
 				.stream()
 				.filter(
-						f -> f instanceof Saml2WebSsoAuthenticationFilter
+						(f) -> f instanceof Saml2WebSsoAuthenticationFilter
 				)
 				.findFirst()
 				.get();
diff --git a/samples/javaconfig/x509/src/main/java/org/springframework/security/samples/config/SecurityConfig.java b/samples/javaconfig/x509/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
index fcb1274018..040dd75762 100644
--- a/samples/javaconfig/x509/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
+++ b/samples/javaconfig/x509/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
@@ -43,7 +43,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
 		http
-			.authorizeRequests(authorizeRequests ->
+			.authorizeRequests((authorizeRequests) -> 
 				authorizeRequests
 					.anyRequest().authenticated()
 			)
diff --git a/samples/xml/cas/cassample/src/integration-test/java/org/springframework/security/samples/cas/CasSampleProxyTests.java b/samples/xml/cas/cassample/src/integration-test/java/org/springframework/security/samples/cas/CasSampleProxyTests.java
index 7dc347151f..906952cb63 100644
--- a/samples/xml/cas/cassample/src/integration-test/java/org/springframework/security/samples/cas/CasSampleProxyTests.java
+++ b/samples/xml/cas/cassample/src/integration-test/java/org/springframework/security/samples/cas/CasSampleProxyTests.java
@@ -117,14 +117,14 @@ public class CasSampleProxyTests {
 	public void extremelySecurePageWhenReusingTicketThenDisplays() {
 		this.login.to(this::serviceParam).assertAt().login("rod");
 		Map<String, String> ptCache = new HashMap<>();
-		this.extremelySecure.to(url -> url + "?ticket=" + ptCache.computeIfAbsent(url, this::getPt)).assertAt();
-		this.extremelySecure.to(url -> url + "?ticket=" + ptCache.get(url)).assertAt();
+		this.extremelySecure.to((url) -> url + "?ticket=" + ptCache.computeIfAbsent(url, this::getPt)).assertAt();
+		this.extremelySecure.to((url) -> url + "?ticket=" + ptCache.get(url)).assertAt();
 	}
 
 	@Test
 	public void securePageWhenInvalidTicketThenFails() {
 		this.login.to(this::serviceParam).assertAt().login("scott");
-		this.secure.to(url -> url + "?ticket=invalid");
+		this.secure.to((url) -> url + "?ticket=invalid");
 		this.unauthorized.assertAt();
 	}
 
diff --git a/samples/xml/contacts/src/integration-test/java/org/springframework/security/samples/pages/ContactsPage.java b/samples/xml/contacts/src/integration-test/java/org/springframework/security/samples/pages/ContactsPage.java
index 182c074369..a6b4ff5d6f 100644
--- a/samples/xml/contacts/src/integration-test/java/org/springframework/security/samples/pages/ContactsPage.java
+++ b/samples/xml/contacts/src/integration-test/java/org/springframework/security/samples/pages/ContactsPage.java
@@ -66,19 +66,19 @@ public class ContactsPage {
 	}
 
 	Predicate<WebElement> byEmail(final String val) {
-		return e -> e.findElements(By.xpath("td[position()=3 and normalize-space()='" + val + "']")).size() == 1;
+		return (e) -> e.findElements(By.xpath("td[position()=3 and normalize-space()='" + val + "']")).size() == 1;
 	}
 
 	Predicate<WebElement> byName(final String val) {
-		return e -> e.findElements(By.xpath("td[position()=2 and normalize-space()='" + val + "']")).size() == 1;
+		return (e) -> e.findElements(By.xpath("td[position()=2 and normalize-space()='" + val + "']")).size() == 1;
 	}
 
 	public DeleteContactLink andHasContact(final String name, final String email) {
 		return this.contacts.stream()
 			.filter(byEmail(email).and(byName(name)))
-			.map(e -> e.findElement(By.cssSelector("td:nth-child(4) > a")))
+			.map((e) -> e.findElement(By.cssSelector("td:nth-child(4) > a")))
 			.findFirst()
-			.map(e -> new DeleteContactLink(webDriver, e))
+			.map((e) -> new DeleteContactLink(webDriver, e))
 			.get();
 	}
 
diff --git a/samples/xml/contacts/src/main/java/sample/contact/ContactDaoSpring.java b/samples/xml/contacts/src/main/java/sample/contact/ContactDaoSpring.java
index 175c4c2f4e..f2b8029516 100644
--- a/samples/xml/contacts/src/main/java/sample/contact/ContactDaoSpring.java
+++ b/samples/xml/contacts/src/main/java/sample/contact/ContactDaoSpring.java
@@ -33,7 +33,7 @@ public class ContactDaoSpring extends JdbcDaoSupport implements ContactDao {
 
 	public void create(final Contact contact) {
 		getJdbcTemplate().update("insert into contacts values (?, ?, ?)",
-				ps -> {
+				(ps) -> {
 					ps.setLong(1, contact.getId());
 					ps.setString(2, contact.getName());
 					ps.setString(3, contact.getEmail());
@@ -42,13 +42,13 @@ public class ContactDaoSpring extends JdbcDaoSupport implements ContactDao {
 
 	public void delete(final Long contactId) {
 		getJdbcTemplate().update("delete from contacts where id = ?",
-				ps -> ps.setLong(1, contactId));
+				(ps) -> ps.setLong(1, contactId));
 	}
 
 	public void update(final Contact contact) {
 		getJdbcTemplate().update(
 				"update contacts set contact_name = ?, address = ? where id = ?",
-				ps -> {
+				(ps) -> {
 					ps.setString(1, contact.getName());
 					ps.setString(2, contact.getEmail());
 					ps.setLong(3, contact.getId());
diff --git a/samples/xml/contacts/src/main/java/sample/contact/DataSourcePopulator.java b/samples/xml/contacts/src/main/java/sample/contact/DataSourcePopulator.java
index 52b20eb646..2315426909 100644
--- a/samples/xml/contacts/src/main/java/sample/contact/DataSourcePopulator.java
+++ b/samples/xml/contacts/src/main/java/sample/contact/DataSourcePopulator.java
@@ -162,7 +162,7 @@ public class DataSourcePopulator implements InitializingBean {
 		for (int i = 1; i < createEntities; i++) {
 			final ObjectIdentity objectIdentity = new ObjectIdentityImpl(Contact.class,
 					(long) i);
-			tt.execute(arg0 -> {
+			tt.execute((arg0) -> {
 				mutableAclService.createAcl(objectIdentity);
 
 				return null;
@@ -267,7 +267,7 @@ public class DataSourcePopulator implements InitializingBean {
 	}
 
 	private void updateAclInTransaction(final MutableAcl acl) {
-		tt.execute(arg0 -> {
+		tt.execute((arg0) -> {
 			mutableAclService.updateAcl(acl);
 
 			return null;
diff --git a/test/src/main/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurers.java b/test/src/main/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurers.java
index 77240f33ae..49fe636a7c 100644
--- a/test/src/main/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurers.java
+++ b/test/src/main/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurers.java
@@ -110,7 +110,7 @@ public final class SecurityMockServerConfigurers {
 		return new MockServerConfigurer() {
 			@Override
 			public void beforeServerCreated(WebHttpHandlerBuilder builder) {
-				builder.filters(filters -> filters.add(0, new MutatorFilter()));
+				builder.filters((filters) -> filters.add(0, new MutatorFilter()));
 			}
 		};
 	}
@@ -253,8 +253,8 @@ public final class SecurityMockServerConfigurers {
 		public void afterConfigurerAdded(WebTestClient.Builder builder,
 				@Nullable WebHttpHandlerBuilder httpHandlerBuilder, @Nullable ClientHttpConnector connector) {
 			CsrfWebFilter filter = new CsrfWebFilter();
-			filter.setRequireCsrfProtectionMatcher(e -> ServerWebExchangeMatcher.MatchResult.notMatch());
-			httpHandlerBuilder.filters(filters -> filters.add(0, filter));
+			filter.setRequireCsrfProtectionMatcher((e) -> ServerWebExchangeMatcher.MatchResult.notMatch());
+			httpHandlerBuilder.filters((filters) -> filters.add(0, filter));
 		}
 
 		@Override
@@ -399,7 +399,7 @@ public final class SecurityMockServerConfigurers {
 		}
 
 		private Consumer<List<WebFilter>> addSetupMutatorFilter() {
-			return filters -> filters.add(0, new SetupMutatorFilter(this.context));
+			return (filters) -> filters.add(0, new SetupMutatorFilter(this.context));
 		}
 
 	}
@@ -414,7 +414,7 @@ public final class SecurityMockServerConfigurers {
 
 		@Override
 		public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain webFilterChain) {
-			exchange.getAttributes().computeIfAbsent(MutatorFilter.ATTRIBUTE_NAME, key -> this.context);
+			exchange.getAttributes().computeIfAbsent(MutatorFilter.ATTRIBUTE_NAME, (key) -> this.context);
 			return webFilterChain.filter(exchange);
 		}
 
@@ -494,7 +494,7 @@ public final class SecurityMockServerConfigurers {
 		 */
 		public JwtMutator authorities(Collection<GrantedAuthority> authorities) {
 			Assert.notNull(authorities, "authorities cannot be null");
-			this.authoritiesConverter = jwt -> authorities;
+			this.authoritiesConverter = (jwt) -> authorities;
 			return this;
 		}
 
@@ -505,7 +505,7 @@ public final class SecurityMockServerConfigurers {
 		 */
 		public JwtMutator authorities(GrantedAuthority... authorities) {
 			Assert.notNull(authorities, "authorities cannot be null");
-			this.authoritiesConverter = jwt -> Arrays.asList(authorities);
+			this.authoritiesConverter = (jwt) -> Arrays.asList(authorities);
 			return this;
 		}
 
@@ -672,7 +672,7 @@ public final class SecurityMockServerConfigurers {
 		}
 
 		private Collection<GrantedAuthority> getAuthorities(Collection<?> scopes) {
-			return scopes.stream().map(scope -> new SimpleGrantedAuthority("SCOPE_" + scope))
+			return scopes.stream().map((scope) -> new SimpleGrantedAuthority("SCOPE_" + scope))
 					.collect(Collectors.toList());
 		}
 
@@ -1046,7 +1046,7 @@ public final class SecurityMockServerConfigurers {
 
 		private OAuth2ClientMutator(String registrationId) {
 			this.registrationId = registrationId;
-			clientRegistration(c -> {
+			clientRegistration((c) -> {
 			});
 		}
 
@@ -1119,7 +1119,7 @@ public final class SecurityMockServerConfigurers {
 
 		private Consumer<List<WebFilter>> addAuthorizedClientFilter() {
 			OAuth2AuthorizedClient client = getClient();
-			return filters -> filters.add(0, (exchange, chain) -> {
+			return (filters) -> filters.add(0, (exchange, chain) -> {
 				ReactiveOAuth2AuthorizedClientManager authorizationClientManager = OAuth2ClientServerTestUtils
 						.getOAuth2AuthorizedClientManager(exchange);
 				if (!(authorizationClientManager instanceof TestReactiveOAuth2AuthorizedClientManager)) {
@@ -1209,7 +1209,7 @@ public final class SecurityMockServerConfigurers {
 				OAuth2AuthorizedClientArgumentResolver resolver = findResolver(exchange,
 						OAuth2AuthorizedClientArgumentResolver.class);
 				if (resolver == null) {
-					return authorizeRequest -> DEFAULT_CLIENT_REPO.loadAuthorizedClient(
+					return (authorizeRequest) -> DEFAULT_CLIENT_REPO.loadAuthorizedClient(
 							authorizeRequest.getClientRegistrationId(), authorizeRequest.getPrincipal(), exchange);
 				}
 				return (ReactiveOAuth2AuthorizedClientManager) ReflectionTestUtils.getField(resolver,
diff --git a/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessors.java b/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessors.java
index b78591eab6..d39845c055 100644
--- a/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessors.java
+++ b/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessors.java
@@ -1094,7 +1094,7 @@ public final class SecurityMockMvcRequestPostProcessors {
 		 */
 		public JwtRequestPostProcessor authorities(Collection<GrantedAuthority> authorities) {
 			Assert.notNull(authorities, "authorities cannot be null");
-			this.authoritiesConverter = jwt -> authorities;
+			this.authoritiesConverter = (jwt) -> authorities;
 			return this;
 		}
 
@@ -1105,7 +1105,7 @@ public final class SecurityMockMvcRequestPostProcessors {
 		 */
 		public JwtRequestPostProcessor authorities(GrantedAuthority... authorities) {
 			Assert.notNull(authorities, "authorities cannot be null");
-			this.authoritiesConverter = jwt -> Arrays.asList(authorities);
+			this.authoritiesConverter = (jwt) -> Arrays.asList(authorities);
 			return this;
 		}
 
@@ -1237,7 +1237,7 @@ public final class SecurityMockMvcRequestPostProcessors {
 		}
 
 		private Collection<GrantedAuthority> getAuthorities(Collection<?> scopes) {
-			return scopes.stream().map(scope -> new SimpleGrantedAuthority("SCOPE_" + scope))
+			return scopes.stream().map((scope) -> new SimpleGrantedAuthority("SCOPE_" + scope))
 					.collect(Collectors.toList());
 		}
 
@@ -1556,7 +1556,7 @@ public final class SecurityMockMvcRequestPostProcessors {
 
 		private OAuth2ClientRequestPostProcessor(String registrationId) {
 			this.registrationId = registrationId;
-			clientRegistration(c -> {
+			clientRegistration((c) -> {
 			});
 		}
 
@@ -1686,7 +1686,7 @@ public final class SecurityMockMvcRequestPostProcessors {
 				OAuth2AuthorizedClientArgumentResolver resolver = findResolver(request,
 						OAuth2AuthorizedClientArgumentResolver.class);
 				if (resolver == null) {
-					return authorizeRequest -> DEFAULT_CLIENT_REPO.loadAuthorizedClient(
+					return (authorizeRequest) -> DEFAULT_CLIENT_REPO.loadAuthorizedClient(
 							authorizeRequest.getClientRegistrationId(), authorizeRequest.getPrincipal(), request);
 				}
 				return (OAuth2AuthorizedClientManager) ReflectionTestUtils.getField(resolver,
diff --git a/test/src/test/java/org/springframework/security/test/context/support/ReactorContextTestExecutionListenerTests.java b/test/src/test/java/org/springframework/security/test/context/support/ReactorContextTestExecutionListenerTests.java
index 915f0997fc..cb5f960882 100644
--- a/test/src/test/java/org/springframework/security/test/context/support/ReactorContextTestExecutionListenerTests.java
+++ b/test/src/test/java/org/springframework/security/test/context/support/ReactorContextTestExecutionListenerTests.java
@@ -112,7 +112,7 @@ public class ReactorContextTestExecutionListenerTests {
 		this.listener.beforeTestMethod(this.testContext);
 
 		Mono<Authentication> authentication = Mono.just("any")
-				.flatMap(s -> ReactiveSecurityContextHolder.getContext().map(SecurityContext::getAuthentication))
+				.flatMap((s) -> ReactiveSecurityContextHolder.getContext().map(SecurityContext::getAuthentication))
 				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(expectedAuthentication));
 
 		StepVerifier.create(authentication).expectNext(expectedAuthentication).verifyComplete();
@@ -129,7 +129,7 @@ public class ReactorContextTestExecutionListenerTests {
 		this.listener.beforeTestMethod(this.testContext);
 
 		Mono<Authentication> authentication = Mono.just("any")
-				.flatMap(s -> ReactiveSecurityContextHolder.getContext().map(SecurityContext::getAuthentication))
+				.flatMap((s) -> ReactiveSecurityContextHolder.getContext().map(SecurityContext::getAuthentication))
 				.subscriberContext(ReactiveSecurityContextHolder.clearContext());
 
 		StepVerifier.create(authentication).verifyComplete();
@@ -155,7 +155,7 @@ public class ReactorContextTestExecutionListenerTests {
 	public void afterTestMethodWhenDifferentHookIsRegistered() throws Exception {
 		Object obj = new Object();
 
-		Hooks.onLastOperator("CUSTOM_HOOK", p -> Mono.just(obj));
+		Hooks.onLastOperator("CUSTOM_HOOK", (p) -> Mono.just(obj));
 		this.listener.afterTestMethod(this.testContext);
 
 		Object result = Mono.subscriberContext().block();
diff --git a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurerOpaqueTokenTests.java b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurerOpaqueTokenTests.java
index 5b30f0fc69..022a7a7ba0 100644
--- a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurerOpaqueTokenTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurerOpaqueTokenTests.java
@@ -51,7 +51,7 @@ public class SecurityMockServerConfigurerOpaqueTokenTests extends AbstractMockSe
 
 	private WebTestClient client = WebTestClient.bindToController(this.securityContextController)
 			.webFilter(new SecurityContextServerWebExchangeWebFilter())
-			.argumentResolvers(resolvers -> resolvers
+			.argumentResolvers((resolvers) -> resolvers
 					.addCustomResolver(new CurrentSecurityContextArgumentResolver(new ReactiveAdapterRegistry())))
 			.apply(SecurityMockServerConfigurers.springSecurity()).configureClient()
 			.defaultHeader(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_VALUE).build();
@@ -85,7 +85,7 @@ public class SecurityMockServerConfigurerOpaqueTokenTests extends AbstractMockSe
 		String sub = new String("my-subject");
 		this.client
 				.mutateWith(SecurityMockServerConfigurers.mockOpaqueToken()
-						.attributes(attributes -> attributes.put(OAuth2IntrospectionClaimNames.SUBJECT, sub)))
+						.attributes((attributes) -> attributes.put(OAuth2IntrospectionClaimNames.SUBJECT, sub)))
 				.get().exchange().expectStatus().isOk();
 
 		SecurityContext context = this.securityContextController.removeSecurityContext();
@@ -108,11 +108,12 @@ public class SecurityMockServerConfigurerOpaqueTokenTests extends AbstractMockSe
 
 	@Test
 	public void mockOpaqueTokenWhenPrincipalSpecifiedThenLastCalledTakesPrecedence() {
-		OAuth2AuthenticatedPrincipal principal = TestOAuth2AuthenticatedPrincipals.active(a -> a.put("scope", "user"));
+		OAuth2AuthenticatedPrincipal principal = TestOAuth2AuthenticatedPrincipals
+				.active((a) -> a.put("scope", "user"));
 
 		this.client
 				.mutateWith(SecurityMockServerConfigurers.mockOpaqueToken()
-						.attributes(a -> a.put(OAuth2IntrospectionClaimNames.SUBJECT, "foo")).principal(principal))
+						.attributes((a) -> a.put(OAuth2IntrospectionClaimNames.SUBJECT, "foo")).principal(principal))
 				.get().exchange().expectStatus().isOk();
 
 		SecurityContext context = this.securityContextController.removeSecurityContext();
@@ -124,7 +125,7 @@ public class SecurityMockServerConfigurerOpaqueTokenTests extends AbstractMockSe
 
 		this.client
 				.mutateWith(SecurityMockServerConfigurers.mockOpaqueToken().principal(principal)
-						.attributes(a -> a.put(OAuth2IntrospectionClaimNames.SUBJECT, "bar")))
+						.attributes((a) -> a.put(OAuth2IntrospectionClaimNames.SUBJECT, "bar")))
 				.get().exchange().expectStatus().isOk();
 
 		context = this.securityContextController.removeSecurityContext();
diff --git a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersClassAnnotatedTests.java b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersClassAnnotatedTests.java
index 8699062b6f..433f8b3483 100644
--- a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersClassAnnotatedTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersClassAnnotatedTests.java
@@ -50,7 +50,7 @@ public class SecurityMockServerConfigurersClassAnnotatedTests extends AbstractMo
 	@Test
 	public void wheMockUserWhenClassAnnotatedThenSuccess() {
 		this.client.get().exchange().expectStatus().isOk().expectBody(String.class)
-				.consumeWith(response -> assertThat(response.getResponseBody()).contains("\"username\":\"user\""));
+				.consumeWith((response) -> assertThat(response.getResponseBody()).contains("\"username\":\"user\""));
 
 		Authentication authentication = TestSecurityContextHolder.getContext().getAuthentication();
 		this.controller.assertPrincipalIsEqualTo(authentication);
@@ -60,7 +60,7 @@ public class SecurityMockServerConfigurersClassAnnotatedTests extends AbstractMo
 	@WithMockUser("method-user")
 	public void withMockUserWhenClassAndMethodAnnotationThenMethodOverrides() {
 		this.client.get().exchange().expectStatus().isOk().expectBody(String.class).consumeWith(
-				response -> assertThat(response.getResponseBody()).contains("\"username\":\"method-user\""));
+				(response) -> assertThat(response.getResponseBody()).contains("\"username\":\"method-user\""));
 
 		Authentication authentication = TestSecurityContextHolder.getContext().getAuthentication();
 		this.controller.assertPrincipalIsEqualTo(authentication);
@@ -70,7 +70,7 @@ public class SecurityMockServerConfigurersClassAnnotatedTests extends AbstractMo
 	public void withMockUserWhenMutateWithThenMustateWithOverrides() {
 		this.client.mutateWith(SecurityMockServerConfigurers.mockUser("mutateWith-mockUser")).get().exchange()
 				.expectStatus().isOk().expectBody(String.class)
-				.consumeWith(response -> assertThat(response.getResponseBody())
+				.consumeWith((response) -> assertThat(response.getResponseBody())
 						.contains("\"username\":\"mutateWith-mockUser\""));
 
 		Principal principal = this.controller.removePrincipal();
diff --git a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersJwtTests.java b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersJwtTests.java
index f8b091f4b3..f11b965214 100644
--- a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersJwtTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersJwtTests.java
@@ -55,7 +55,7 @@ public class SecurityMockServerConfigurersJwtTests extends AbstractMockServerCon
 
 	WebTestClient client = WebTestClient.bindToController(this.securityContextController)
 			.webFilter(new SecurityContextServerWebExchangeWebFilter())
-			.argumentResolvers(resolvers -> resolvers
+			.argumentResolvers((resolvers) -> resolvers
 					.addCustomResolver(new CurrentSecurityContextArgumentResolver(new ReactiveAdapterRegistry())))
 			.apply(SecurityMockServerConfigurers.springSecurity()).configureClient()
 			.defaultHeader(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_VALUE).build();
@@ -76,7 +76,7 @@ public class SecurityMockServerConfigurersJwtTests extends AbstractMockServerCon
 	@Test
 	public void mockJwtWhenProvidingBuilderConsumerThenProducesJwtAuthentication() {
 		String name = new String("user");
-		this.client.mutateWith(SecurityMockServerConfigurers.mockJwt().jwt(jwt -> jwt.subject(name))).get().exchange()
+		this.client.mutateWith(SecurityMockServerConfigurers.mockJwt().jwt((jwt) -> jwt.subject(name))).get().exchange()
 				.expectStatus().isOk();
 
 		SecurityContext context = this.securityContextController.removeSecurityContext();
@@ -88,7 +88,7 @@ public class SecurityMockServerConfigurersJwtTests extends AbstractMockServerCon
 	@Test
 	public void mockJwtWhenProvidingCustomAuthoritiesThenProducesJwtAuthentication() {
 		this.client.mutateWith(SecurityMockServerConfigurers.mockJwt()
-				.jwt(jwt -> jwt.claim("scope", "ignored authorities")).authorities(this.authority1, this.authority2))
+				.jwt((jwt) -> jwt.claim("scope", "ignored authorities")).authorities(this.authority1, this.authority2))
 				.get().exchange().expectStatus().isOk();
 
 		SecurityContext context = this.securityContextController.removeSecurityContext();
@@ -100,7 +100,7 @@ public class SecurityMockServerConfigurersJwtTests extends AbstractMockServerCon
 	public void mockJwtWhenProvidingScopedAuthoritiesThenProducesJwtAuthentication() {
 		this.client
 				.mutateWith(
-						SecurityMockServerConfigurers.mockJwt().jwt(jwt -> jwt.claim("scope", "scoped authorities")))
+						SecurityMockServerConfigurers.mockJwt().jwt((jwt) -> jwt.claim("scope", "scoped authorities")))
 				.get().exchange().expectStatus().isOk();
 
 		SecurityContext context = this.securityContextController.removeSecurityContext();
@@ -112,8 +112,8 @@ public class SecurityMockServerConfigurersJwtTests extends AbstractMockServerCon
 	public void mockJwtWhenProvidingGrantedAuthoritiesThenProducesJwtAuthentication() {
 		this.client
 				.mutateWith(
-						SecurityMockServerConfigurers.mockJwt().jwt(jwt -> jwt.claim("scope", "ignored authorities"))
-								.authorities(jwt -> Arrays.asList(this.authority1)))
+						SecurityMockServerConfigurers.mockJwt().jwt((jwt) -> jwt.claim("scope", "ignored authorities"))
+								.authorities((jwt) -> Arrays.asList(this.authority1)))
 				.get().exchange().expectStatus().isOk();
 
 		SecurityContext context = this.securityContextController.removeSecurityContext();
diff --git a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersOAuth2ClientTests.java b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersOAuth2ClientTests.java
index ae7b45cd82..2bdaf7367c 100644
--- a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersOAuth2ClientTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersOAuth2ClientTests.java
@@ -66,7 +66,7 @@ public class SecurityMockServerConfigurersOAuth2ClientTests extends AbstractMock
 	@Before
 	public void setup() {
 		this.client = WebTestClient.bindToController(this.controller)
-				.argumentResolvers(c -> c.addCustomResolver(new OAuth2AuthorizedClientArgumentResolver(
+				.argumentResolvers((c) -> c.addCustomResolver(new OAuth2AuthorizedClientArgumentResolver(
 						this.clientRegistrationRepository, this.authorizedClientRepository)))
 				.webFilter(new SecurityContextServerWebExchangeWebFilter())
 				.apply(SecurityMockServerConfigurers.springSecurity()).configureClient()
@@ -114,7 +114,7 @@ public class SecurityMockServerConfigurersOAuth2ClientTests extends AbstractMock
 
 		this.client
 				.mutateWith(SecurityMockServerConfigurers.mockOAuth2Client("registration-id")
-						.clientRegistration(c -> c.clientId("client-id")))
+						.clientRegistration((c) -> c.clientId("client-id")))
 				.get().uri("/client").exchange().expectStatus().isOk();
 
 		OAuth2AuthorizedClient client = this.controller.authorizedClient;
diff --git a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersOAuth2LoginTests.java b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersOAuth2LoginTests.java
index d967c49cbf..8028d88803 100644
--- a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersOAuth2LoginTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersOAuth2LoginTests.java
@@ -61,7 +61,7 @@ public class SecurityMockServerConfigurersOAuth2LoginTests extends AbstractMockS
 	@Before
 	public void setup() {
 		this.client = WebTestClient.bindToController(this.controller)
-				.argumentResolvers(c -> c.addCustomResolver(new OAuth2AuthorizedClientArgumentResolver(
+				.argumentResolvers((c) -> c.addCustomResolver(new OAuth2AuthorizedClientArgumentResolver(
 						this.clientRegistrationRepository, this.authorizedClientRepository)))
 				.webFilter(new SecurityContextServerWebExchangeWebFilter())
 				.apply(SecurityMockServerConfigurers.springSecurity()).configureClient()
@@ -110,7 +110,7 @@ public class SecurityMockServerConfigurersOAuth2LoginTests extends AbstractMockS
 	public void oauth2LoginWhenAttributeSpecifiedThenUserHasAttribute() {
 		this.client
 				.mutateWith(SecurityMockServerConfigurers.mockOAuth2Login()
-						.attributes(a -> a.put("iss", "https://idp.example.org")))
+						.attributes((a) -> a.put("iss", "https://idp.example.org")))
 				.get().uri("/token").exchange().expectStatus().isOk();
 
 		OAuth2AuthenticationToken token = this.controller.token;
@@ -140,14 +140,15 @@ public class SecurityMockServerConfigurersOAuth2LoginTests extends AbstractMockS
 		OAuth2User oauth2User = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("SCOPE_read"),
 				Collections.singletonMap("sub", "subject"), "sub");
 
-		this.client.mutateWith(SecurityMockServerConfigurers.mockOAuth2Login().attributes(a -> a.put("subject", "foo"))
-				.oauth2User(oauth2User)).get().uri("/token").exchange().expectStatus().isOk();
+		this.client.mutateWith(SecurityMockServerConfigurers.mockOAuth2Login()
+				.attributes((a) -> a.put("subject", "foo")).oauth2User(oauth2User)).get().uri("/token").exchange()
+				.expectStatus().isOk();
 
 		OAuth2AuthenticationToken token = this.controller.token;
 		assertThat(token.getPrincipal().getAttributes()).containsEntry("sub", "subject");
 
 		this.client.mutateWith(SecurityMockServerConfigurers.mockOAuth2Login().oauth2User(oauth2User)
-				.attributes(a -> a.put("sub", "bar"))).get().uri("/token").exchange().expectStatus().isOk();
+				.attributes((a) -> a.put("sub", "bar"))).get().uri("/token").exchange().expectStatus().isOk();
 
 		token = this.controller.token;
 		assertThat(token.getPrincipal().getAttributes()).containsEntry("sub", "bar");
diff --git a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersOidcLoginTests.java b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersOidcLoginTests.java
index 8c6c9c5cce..8f7927893f 100644
--- a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersOidcLoginTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersOidcLoginTests.java
@@ -62,7 +62,7 @@ public class SecurityMockServerConfigurersOidcLoginTests extends AbstractMockSer
 	@Before
 	public void setup() {
 		this.client = WebTestClient.bindToController(this.controller)
-				.argumentResolvers(c -> c.addCustomResolver(new OAuth2AuthorizedClientArgumentResolver(
+				.argumentResolvers((c) -> c.addCustomResolver(new OAuth2AuthorizedClientArgumentResolver(
 						this.clientRegistrationRepository, this.authorizedClientRepository)))
 				.webFilter(new SecurityContextServerWebExchangeWebFilter())
 				.apply(SecurityMockServerConfigurers.springSecurity()).configureClient()
@@ -111,8 +111,8 @@ public class SecurityMockServerConfigurersOidcLoginTests extends AbstractMockSer
 	@Test
 	public void oidcLoginWhenIdTokenSpecifiedThenUserHasClaims() {
 		this.client
-				.mutateWith(
-						SecurityMockServerConfigurers.mockOidcLogin().idToken(i -> i.issuer("https://idp.example.org")))
+				.mutateWith(SecurityMockServerConfigurers.mockOidcLogin()
+						.idToken((i) -> i.issuer("https://idp.example.org")))
 				.get().uri("/token").exchange().expectStatus().isOk();
 
 		OAuth2AuthenticationToken token = this.controller.token;
@@ -121,7 +121,8 @@ public class SecurityMockServerConfigurersOidcLoginTests extends AbstractMockSer
 
 	@Test
 	public void oidcLoginWhenUserInfoSpecifiedThenUserHasClaims() throws Exception {
-		this.client.mutateWith(SecurityMockServerConfigurers.mockOidcLogin().userInfoToken(u -> u.email("email@email")))
+		this.client
+				.mutateWith(SecurityMockServerConfigurers.mockOidcLogin().userInfoToken((u) -> u.email("email@email")))
 				.get().uri("/token").exchange().expectStatus().isOk();
 
 		OAuth2AuthenticationToken token = this.controller.token;
@@ -153,18 +154,16 @@ public class SecurityMockServerConfigurersOidcLoginTests extends AbstractMockSer
 		OidcUser oidcUser = new DefaultOidcUser(AuthorityUtils.createAuthorityList("SCOPE_read"),
 				TestOidcIdTokens.idToken().build());
 
-		this.client
-				.mutateWith(
-						SecurityMockServerConfigurers.mockOidcLogin().idToken(i -> i.subject("foo")).oidcUser(oidcUser))
-				.get().uri("/token").exchange().expectStatus().isOk();
+		this.client.mutateWith(
+				SecurityMockServerConfigurers.mockOidcLogin().idToken((i) -> i.subject("foo")).oidcUser(oidcUser)).get()
+				.uri("/token").exchange().expectStatus().isOk();
 
 		OAuth2AuthenticationToken token = this.controller.token;
 		assertThat(token.getPrincipal().getAttributes()).containsEntry("sub", "subject");
 
-		this.client
-				.mutateWith(
-						SecurityMockServerConfigurers.mockOidcLogin().oidcUser(oidcUser).idToken(i -> i.subject("bar")))
-				.get().uri("/token").exchange().expectStatus().isOk();
+		this.client.mutateWith(
+				SecurityMockServerConfigurers.mockOidcLogin().oidcUser(oidcUser).idToken((i) -> i.subject("bar"))).get()
+				.uri("/token").exchange().expectStatus().isOk();
 
 		token = this.controller.token;
 		assertThat(token.getPrincipal().getAttributes()).containsEntry("sub", "bar");
diff --git a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersTests.java b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersTests.java
index 555d96f2f6..fd5ccb3699 100644
--- a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersTests.java
@@ -123,7 +123,7 @@ public class SecurityMockServerConfigurersTests extends AbstractMockServerConfig
 	@Test
 	public void csrfWhenMutateWithThenDisablesCsrf() {
 		this.client.post().exchange().expectStatus().isEqualTo(HttpStatus.FORBIDDEN).expectBody()
-				.consumeWith(b -> assertThat(new String(b.getResponseBody())).contains("CSRF"));
+				.consumeWith((b) -> assertThat(new String(b.getResponseBody())).contains("CSRF"));
 
 		this.client.mutateWith(SecurityMockServerConfigurers.csrf()).post().exchange().expectStatus().isOk();
 
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestBuildersFormLoginTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestBuildersFormLoginTests.java
index 30c39490e2..0337afee88 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestBuildersFormLoginTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestBuildersFormLoginTests.java
@@ -101,7 +101,7 @@ public class SecurityMockMvcRequestBuildersFormLoginTests {
 	@Test
 	public void postProcessorsAreMergedDuringMockMvcPerform() throws Exception {
 		RequestPostProcessor postProcessor = mock(RequestPostProcessor.class);
-		given(postProcessor.postProcessRequest(any())).willAnswer(i -> i.getArgument(0));
+		given(postProcessor.postProcessRequest(any())).willAnswer((i) -> i.getArgument(0));
 		MockMvc mockMvc = MockMvcBuilders.standaloneSetup(new Object())
 				.defaultRequest(MockMvcRequestBuilders.get("/").with(postProcessor)).build();
 
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestBuildersFormLogoutTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestBuildersFormLogoutTests.java
index a966ad52af..438f3d19c3 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestBuildersFormLogoutTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestBuildersFormLogoutTests.java
@@ -94,7 +94,7 @@ public class SecurityMockMvcRequestBuildersFormLogoutTests {
 	@Test
 	public void postProcessorsAreMergedDuringMockMvcPerform() throws Exception {
 		RequestPostProcessor postProcessor = mock(RequestPostProcessor.class);
-		given(postProcessor.postProcessRequest(any())).willAnswer(i -> i.getArgument(0));
+		given(postProcessor.postProcessRequest(any())).willAnswer((i) -> i.getArgument(0));
 		MockMvc mockMvc = MockMvcBuilders.standaloneSetup(new Object())
 				.defaultRequest(MockMvcRequestBuilders.get("/").with(postProcessor)).build();
 
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsDigestTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsDigestTests.java
index 0cf9b63b6f..51a9687d6e 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsDigestTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsDigestTests.java
@@ -61,7 +61,7 @@ public class SecurityMockMvcRequestPostProcessorsDigestTests {
 		this.entryPoint.setRealmName("Spring Security");
 		this.filter = new DigestAuthenticationFilter();
 		this.filter.setUserDetailsService(
-				username -> new User(username, this.password, AuthorityUtils.createAuthorityList("ROLE_USER")));
+				(username) -> new User(username, this.password, AuthorityUtils.createAuthorityList("ROLE_USER")));
 		this.filter.setAuthenticationEntryPoint(this.entryPoint);
 		this.filter.afterPropertiesSet();
 	}
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsJwtTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsJwtTests.java
index 954ce278cc..dfa8792001 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsJwtTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsJwtTests.java
@@ -110,7 +110,7 @@ public class SecurityMockMvcRequestPostProcessorsJwtTests {
 	@Test
 	public void jwtWhenProvidingBuilderConsumerThenProducesJwtAuthentication() {
 		String name = new String("user");
-		jwt().jwt(jwt -> jwt.subject(name)).postProcessRequest(this.request);
+		jwt().jwt((jwt) -> jwt.subject(name)).postProcessRequest(this.request);
 
 		verify(this.repository).saveContext(this.contextCaptor.capture(), eq(this.request),
 				any(HttpServletResponse.class));
@@ -122,7 +122,7 @@ public class SecurityMockMvcRequestPostProcessorsJwtTests {
 
 	@Test
 	public void jwtWhenProvidingCustomAuthoritiesThenProducesJwtAuthentication() {
-		jwt().jwt(jwt -> jwt.claim("scope", "ignored authorities")).authorities(this.authority1, this.authority2)
+		jwt().jwt((jwt) -> jwt.claim("scope", "ignored authorities")).authorities(this.authority1, this.authority2)
 				.postProcessRequest(this.request);
 
 		verify(this.repository).saveContext(this.contextCaptor.capture(), eq(this.request),
@@ -134,7 +134,7 @@ public class SecurityMockMvcRequestPostProcessorsJwtTests {
 
 	@Test
 	public void jwtWhenProvidingScopedAuthoritiesThenProducesJwtAuthentication() {
-		jwt().jwt(jwt -> jwt.claim("scope", "scoped authorities")).postProcessRequest(this.request);
+		jwt().jwt((jwt) -> jwt.claim("scope", "scoped authorities")).postProcessRequest(this.request);
 
 		verify(this.repository).saveContext(this.contextCaptor.capture(), eq(this.request),
 				any(HttpServletResponse.class));
@@ -145,8 +145,8 @@ public class SecurityMockMvcRequestPostProcessorsJwtTests {
 
 	@Test
 	public void jwtWhenProvidingGrantedAuthoritiesThenProducesJwtAuthentication() {
-		jwt().jwt(jwt -> jwt.claim("scope", "ignored authorities")).authorities(jwt -> Arrays.asList(this.authority1))
-				.postProcessRequest(this.request);
+		jwt().jwt((jwt) -> jwt.claim("scope", "ignored authorities"))
+				.authorities((jwt) -> Arrays.asList(this.authority1)).postProcessRequest(this.request);
 
 		verify(this.repository).saveContext(this.contextCaptor.capture(), eq(this.request),
 				any(HttpServletResponse.class));
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOAuth2ClientTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOAuth2ClientTests.java
index 5bdedc8277..7e17a95223 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOAuth2ClientTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOAuth2ClientTests.java
@@ -120,7 +120,7 @@ public class SecurityMockMvcRequestPostProcessorsOAuth2ClientTests {
 	public void oauth2ClientWhenClientRegistrationConsumerThenUses() throws Exception {
 
 		this.mvc.perform(get("/client-id")
-				.with(oauth2Client("registration-id").clientRegistration(c -> c.clientId("client-id"))))
+				.with(oauth2Client("registration-id").clientRegistration((c) -> c.clientId("client-id"))))
 				.andExpect(content().string("client-id"));
 	}
 
@@ -160,7 +160,7 @@ public class SecurityMockMvcRequestPostProcessorsOAuth2ClientTests {
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests(authz -> authz
+				.authorizeRequests((authz) -> authz
 					.anyRequest().permitAll()
 				)
 				.oauth2Client();
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOAuth2LoginTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOAuth2LoginTests.java
index 360a90088b..d92b97c398 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOAuth2LoginTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOAuth2LoginTests.java
@@ -109,7 +109,7 @@ public class SecurityMockMvcRequestPostProcessorsOAuth2LoginTests {
 	@Test
 	public void oauth2LoginWhenAttributeSpecifiedThenUserHasAttribute() throws Exception {
 		this.mvc.perform(
-				get("/attributes/iss").with(oauth2Login().attributes(a -> a.put("iss", "https://idp.example.org"))))
+				get("/attributes/iss").with(oauth2Login().attributes((a) -> a.put("iss", "https://idp.example.org"))))
 				.andExpect(content().string("https://idp.example.org"));
 	}
 
@@ -139,11 +139,11 @@ public class SecurityMockMvcRequestPostProcessorsOAuth2LoginTests {
 		OAuth2User oauth2User = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("SCOPE_read"),
 				Collections.singletonMap("username", "user"), "username");
 
-		this.mvc.perform(
-				get("/attributes/sub").with(oauth2Login().attributes(a -> a.put("sub", "bar")).oauth2User(oauth2User)))
+		this.mvc.perform(get("/attributes/sub")
+				.with(oauth2Login().attributes((a) -> a.put("sub", "bar")).oauth2User(oauth2User)))
 				.andExpect(status().isOk()).andExpect(content().string("no-attribute"));
-		this.mvc.perform(
-				get("/attributes/sub").with(oauth2Login().oauth2User(oauth2User).attributes(a -> a.put("sub", "bar"))))
+		this.mvc.perform(get("/attributes/sub")
+				.with(oauth2Login().oauth2User(oauth2User).attributes((a) -> a.put("sub", "bar"))))
 				.andExpect(content().string("bar"));
 	}
 
@@ -155,7 +155,7 @@ public class SecurityMockMvcRequestPostProcessorsOAuth2LoginTests {
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests(authorize -> authorize
+				.authorizeRequests((authorize) -> authorize
 					.mvcMatchers("/admin/**").hasAuthority("SCOPE_admin")
 					.anyRequest().hasAuthority("SCOPE_read")
 				).oauth2Login();
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOidcLoginTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOidcLoginTests.java
index fb26a1bb5b..7de780a095 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOidcLoginTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOidcLoginTests.java
@@ -113,13 +113,13 @@ public class SecurityMockMvcRequestPostProcessorsOidcLoginTests {
 
 	@Test
 	public void oidcLoginWhenIdTokenSpecifiedThenUserHasClaims() throws Exception {
-		this.mvc.perform(get("/id-token/iss").with(oidcLogin().idToken(i -> i.issuer("https://idp.example.org"))))
+		this.mvc.perform(get("/id-token/iss").with(oidcLogin().idToken((i) -> i.issuer("https://idp.example.org"))))
 				.andExpect(content().string("https://idp.example.org"));
 	}
 
 	@Test
 	public void oidcLoginWhenUserInfoSpecifiedThenUserHasClaims() throws Exception {
-		this.mvc.perform(get("/user-info/email").with(oidcLogin().userInfoToken(u -> u.email("email@email"))))
+		this.mvc.perform(get("/user-info/email").with(oidcLogin().userInfoToken((u) -> u.email("email@email"))))
 				.andExpect(content().string("email@email"));
 	}
 
@@ -144,9 +144,9 @@ public class SecurityMockMvcRequestPostProcessorsOidcLoginTests {
 		OidcUser oidcUser = new DefaultOidcUser(AuthorityUtils.createAuthorityList("SCOPE_read"),
 				TestOidcIdTokens.idToken().build());
 
-		this.mvc.perform(get("/id-token/sub").with(oidcLogin().idToken(i -> i.subject("foo")).oidcUser(oidcUser)))
+		this.mvc.perform(get("/id-token/sub").with(oidcLogin().idToken((i) -> i.subject("foo")).oidcUser(oidcUser)))
 				.andExpect(status().isOk()).andExpect(content().string("subject"));
-		this.mvc.perform(get("/id-token/sub").with(oidcLogin().oidcUser(oidcUser).idToken(i -> i.subject("bar"))))
+		this.mvc.perform(get("/id-token/sub").with(oidcLogin().oidcUser(oidcUser).idToken((i) -> i.subject("bar"))))
 				.andExpect(content().string("bar"));
 	}
 
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOpaqueTokenTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOpaqueTokenTests.java
index 4acdb63396..46f9b54f37 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOpaqueTokenTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOpaqueTokenTests.java
@@ -90,7 +90,7 @@ public class SecurityMockMvcRequestPostProcessorsOpaqueTokenTests {
 	@Test
 	public void opaqueTokenWhenAttributeSpecifiedThenUserHasAttribute() throws Exception {
 		this.mvc.perform(
-				get("/opaque-token/iss").with(opaqueToken().attributes(a -> a.put("iss", "https://idp.example.org"))))
+				get("/opaque-token/iss").with(opaqueToken().attributes((a) -> a.put("iss", "https://idp.example.org"))))
 				.andExpect(content().string("https://idp.example.org"));
 	}
 
@@ -107,13 +107,14 @@ public class SecurityMockMvcRequestPostProcessorsOpaqueTokenTests {
 	// gh-7800
 	@Test
 	public void opaqueTokenWhenPrincipalSpecifiedThenLastCalledTakesPrecedence() throws Exception {
-		OAuth2AuthenticatedPrincipal principal = TestOAuth2AuthenticatedPrincipals.active(a -> a.put("scope", "user"));
+		OAuth2AuthenticatedPrincipal principal = TestOAuth2AuthenticatedPrincipals
+				.active((a) -> a.put("scope", "user"));
 
-		this.mvc.perform(
-				get("/opaque-token/sub").with(opaqueToken().attributes(a -> a.put("sub", "foo")).principal(principal)))
+		this.mvc.perform(get("/opaque-token/sub")
+				.with(opaqueToken().attributes((a) -> a.put("sub", "foo")).principal(principal)))
 				.andExpect(status().isOk()).andExpect(content().string((String) principal.getAttribute("sub")));
-		this.mvc.perform(
-				get("/opaque-token/sub").with(opaqueToken().principal(principal).attributes(a -> a.put("sub", "bar"))))
+		this.mvc.perform(get("/opaque-token/sub")
+				.with(opaqueToken().principal(principal).attributes((a) -> a.put("sub", "bar"))))
 				.andExpect(content().string("bar"));
 	}
 
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/response/SecurityMockMvcResultMatchersTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/response/SecurityMockMvcResultMatchersTests.java
index 57bf66d878..c789869b03 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/response/SecurityMockMvcResultMatchersTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/response/SecurityMockMvcResultMatchersTests.java
@@ -66,14 +66,14 @@ public class SecurityMockMvcResultMatchersTests {
 
 	@Test
 	public void withAuthenticationWhenMatchesThenSuccess() throws Exception {
-		this.mockMvc.perform(formLogin()).andExpect(authenticated()
-				.withAuthentication(auth -> assertThat(auth).isInstanceOf(UsernamePasswordAuthenticationToken.class)));
+		this.mockMvc.perform(formLogin()).andExpect(authenticated().withAuthentication(
+				(auth) -> assertThat(auth).isInstanceOf(UsernamePasswordAuthenticationToken.class)));
 	}
 
 	@Test(expected = AssertionError.class)
 	public void withAuthenticationWhenNotMatchesThenFails() throws Exception {
 		this.mockMvc.perform(formLogin()).andExpect(
-				authenticated().withAuthentication(auth -> assertThat(auth.getName()).isEqualTo("notmatch")));
+				authenticated().withAuthentication((auth) -> assertThat(auth.getName()).isEqualTo("notmatch")));
 	}
 
 	// SEC-2719
diff --git a/web/src/main/java/org/springframework/security/web/access/ExceptionTranslationFilter.java b/web/src/main/java/org/springframework/security/web/access/ExceptionTranslationFilter.java
index 526a237bc7..2ff4908806 100644
--- a/web/src/main/java/org/springframework/security/web/access/ExceptionTranslationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/access/ExceptionTranslationFilter.java
@@ -233,7 +233,7 @@ public class ExceptionTranslationFilter extends GenericFilterBean {
 		protected void initExtractorMap() {
 			super.initExtractorMap();
 
-			registerExtractor(ServletException.class, throwable -> {
+			registerExtractor(ServletException.class, (throwable) -> {
 				ThrowableAnalyzer.verifyThrowableHierarchy(throwable, ServletException.class);
 				return ((ServletException) throwable).getRootCause();
 			});
diff --git a/web/src/main/java/org/springframework/security/web/authentication/AuthenticationFilter.java b/web/src/main/java/org/springframework/security/web/authentication/AuthenticationFilter.java
index 24e6e015e3..25f0f1e0b9 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/AuthenticationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/AuthenticationFilter.java
@@ -77,7 +77,7 @@ public class AuthenticationFilter extends OncePerRequestFilter {
 
 	public AuthenticationFilter(AuthenticationManager authenticationManager,
 			AuthenticationConverter authenticationConverter) {
-		this((AuthenticationManagerResolver<HttpServletRequest>) r -> authenticationManager, authenticationConverter);
+		this((AuthenticationManagerResolver<HttpServletRequest>) (r) -> authenticationManager, authenticationConverter);
 	}
 
 	public AuthenticationFilter(AuthenticationManagerResolver<HttpServletRequest> authenticationManagerResolver,
diff --git a/web/src/main/java/org/springframework/security/web/authentication/logout/CookieClearingLogoutHandler.java b/web/src/main/java/org/springframework/security/web/authentication/logout/CookieClearingLogoutHandler.java
index 8633644620..70272a7893 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/logout/CookieClearingLogoutHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/logout/CookieClearingLogoutHandler.java
@@ -73,7 +73,7 @@ public final class CookieClearingLogoutHandler implements LogoutHandler {
 
 	@Override
 	public void logout(HttpServletRequest request, HttpServletResponse response, Authentication authentication) {
-		this.cookiesToClear.forEach(f -> response.addCookie(f.apply(request)));
+		this.cookiesToClear.forEach((f) -> response.addCookie(f.apply(request)));
 	}
 
 }
diff --git a/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLoginPageGeneratingFilter.java b/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLoginPageGeneratingFilter.java
index 5783719463..ba90274987 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLoginPageGeneratingFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLoginPageGeneratingFilter.java
@@ -87,7 +87,7 @@ public class DefaultLoginPageGeneratingFilter extends GenericFilterBean {
 
 	private Map<String, String> saml2AuthenticationUrlToProviderName;
 
-	private Function<HttpServletRequest, Map<String, String>> resolveHiddenInputs = request -> Collections.emptyMap();
+	private Function<HttpServletRequest, Map<String, String>> resolveHiddenInputs = (request) -> Collections.emptyMap();
 
 	public DefaultLoginPageGeneratingFilter() {
 	}
diff --git a/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLogoutPageGeneratingFilter.java b/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLogoutPageGeneratingFilter.java
index e8b9e9c666..7dae48a336 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLogoutPageGeneratingFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLogoutPageGeneratingFilter.java
@@ -41,7 +41,7 @@ public class DefaultLogoutPageGeneratingFilter extends OncePerRequestFilter {
 
 	private RequestMatcher matcher = new AntPathRequestMatcher("/logout", "GET");
 
-	private Function<HttpServletRequest, Map<String, String>> resolveHiddenInputs = request -> Collections.emptyMap();
+	private Function<HttpServletRequest, Map<String, String>> resolveHiddenInputs = (request) -> Collections.emptyMap();
 
 	@Override
 	protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
diff --git a/web/src/main/java/org/springframework/security/web/firewall/StrictHttpFirewall.java b/web/src/main/java/org/springframework/security/web/firewall/StrictHttpFirewall.java
index 4b63eb9b43..f8893c0c55 100644
--- a/web/src/main/java/org/springframework/security/web/firewall/StrictHttpFirewall.java
+++ b/web/src/main/java/org/springframework/security/web/firewall/StrictHttpFirewall.java
@@ -112,13 +112,13 @@ public class StrictHttpFirewall implements HttpFirewall {
 
 	private Set<String> allowedHttpMethods = createDefaultAllowedHttpMethods();
 
-	private Predicate<String> allowedHostnames = hostname -> true;
+	private Predicate<String> allowedHostnames = (hostname) -> true;
 
 	private static final Pattern ASSIGNED_AND_NOT_ISO_CONTROL_PATTERN = Pattern
 			.compile("[\\p{IsAssigned}&&[^\\p{IsControl}]]*");
 
-	private static final Predicate<String> ASSIGNED_AND_NOT_ISO_CONTROL_PREDICATE = s -> ASSIGNED_AND_NOT_ISO_CONTROL_PATTERN
-			.matcher(s).matches();
+	private static final Predicate<String> ASSIGNED_AND_NOT_ISO_CONTROL_PREDICATE = (
+			s) -> ASSIGNED_AND_NOT_ISO_CONTROL_PATTERN.matcher(s).matches();
 
 	private Predicate<String> allowedHeaderNames = ASSIGNED_AND_NOT_ISO_CONTROL_PREDICATE;
 
@@ -126,7 +126,7 @@ public class StrictHttpFirewall implements HttpFirewall {
 
 	private Predicate<String> allowedParameterNames = ASSIGNED_AND_NOT_ISO_CONTROL_PREDICATE;
 
-	private Predicate<String> allowedParameterValues = value -> true;
+	private Predicate<String> allowedParameterValues = (value) -> true;
 
 	public StrictHttpFirewall() {
 		urlBlocklistsAddAll(FORBIDDEN_SEMICOLON);
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/CompositeHeaderWriter.java b/web/src/main/java/org/springframework/security/web/header/writers/CompositeHeaderWriter.java
index 6b9ea6cf39..4f2b9f4185 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/CompositeHeaderWriter.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/CompositeHeaderWriter.java
@@ -46,7 +46,7 @@ public class CompositeHeaderWriter implements HeaderWriter {
 
 	@Override
 	public void writeHeaders(HttpServletRequest request, HttpServletResponse response) {
-		this.headerWriters.forEach(headerWriter -> headerWriter.writeHeaders(request, response));
+		this.headerWriters.forEach((headerWriter) -> headerWriter.writeHeaders(request, response));
 	}
 
 }
diff --git a/web/src/main/java/org/springframework/security/web/http/SecurityHeaders.java b/web/src/main/java/org/springframework/security/web/http/SecurityHeaders.java
index 55c7c486c2..a7d399e275 100644
--- a/web/src/main/java/org/springframework/security/web/http/SecurityHeaders.java
+++ b/web/src/main/java/org/springframework/security/web/http/SecurityHeaders.java
@@ -37,7 +37,7 @@ public final class SecurityHeaders {
 	 */
 	public static Consumer<HttpHeaders> bearerToken(String bearerTokenValue) {
 		Assert.hasText(bearerTokenValue, "bearerTokenValue cannot be null");
-		return headers -> headers.set(HttpHeaders.AUTHORIZATION, "Bearer " + bearerTokenValue);
+		return (headers) -> headers.set(HttpHeaders.AUTHORIZATION, "Bearer " + bearerTokenValue);
 	}
 
 	private SecurityHeaders() {
diff --git a/web/src/main/java/org/springframework/security/web/reactive/result/method/annotation/AuthenticationPrincipalArgumentResolver.java b/web/src/main/java/org/springframework/security/web/reactive/result/method/annotation/AuthenticationPrincipalArgumentResolver.java
index 7f3f87c51f..edc2ee76be 100644
--- a/web/src/main/java/org/springframework/security/web/reactive/result/method/annotation/AuthenticationPrincipalArgumentResolver.java
+++ b/web/src/main/java/org/springframework/security/web/reactive/result/method/annotation/AuthenticationPrincipalArgumentResolver.java
@@ -72,7 +72,7 @@ public class AuthenticationPrincipalArgumentResolver extends HandlerMethodArgume
 	public Mono<Object> resolveArgument(MethodParameter parameter, BindingContext bindingContext,
 			ServerWebExchange exchange) {
 		ReactiveAdapter adapter = getAdapterRegistry().getAdapter(parameter.getParameterType());
-		return ReactiveSecurityContextHolder.getContext().map(SecurityContext::getAuthentication).flatMap(a -> {
+		return ReactiveSecurityContextHolder.getContext().map(SecurityContext::getAuthentication).flatMap((a) -> {
 			Object p = resolvePrincipal(parameter, a.getPrincipal());
 			Mono<Object> principal = Mono.justOrEmpty(p);
 			return adapter == null ? principal : Mono.just(adapter.fromPublisher(principal));
diff --git a/web/src/main/java/org/springframework/security/web/reactive/result/method/annotation/CurrentSecurityContextArgumentResolver.java b/web/src/main/java/org/springframework/security/web/reactive/result/method/annotation/CurrentSecurityContextArgumentResolver.java
index d29c505e4a..af4a52ed49 100644
--- a/web/src/main/java/org/springframework/security/web/reactive/result/method/annotation/CurrentSecurityContextArgumentResolver.java
+++ b/web/src/main/java/org/springframework/security/web/reactive/result/method/annotation/CurrentSecurityContextArgumentResolver.java
@@ -84,7 +84,7 @@ public class CurrentSecurityContextArgumentResolver extends HandlerMethodArgumen
 		if (reactiveSecurityContext == null) {
 			return null;
 		}
-		return reactiveSecurityContext.flatMap(a -> {
+		return reactiveSecurityContext.flatMap((a) -> {
 			Object p = resolveSecurityContext(parameter, a);
 			Mono<Object> o = Mono.justOrEmpty(p);
 			return adapter == null ? o : Mono.just(adapter.fromPublisher(o));
diff --git a/web/src/main/java/org/springframework/security/web/savedrequest/DefaultSavedRequest.java b/web/src/main/java/org/springframework/security/web/savedrequest/DefaultSavedRequest.java
index 29ab2383a4..5b8b1aacd9 100644
--- a/web/src/main/java/org/springframework/security/web/savedrequest/DefaultSavedRequest.java
+++ b/web/src/main/java/org/springframework/security/web/savedrequest/DefaultSavedRequest.java
@@ -170,7 +170,7 @@ public class DefaultSavedRequest implements SavedRequest {
 	}
 
 	private void addHeader(String name, String value) {
-		List<String> values = this.headers.computeIfAbsent(name, k -> new ArrayList<>());
+		List<String> values = this.headers.computeIfAbsent(name, (k) -> new ArrayList<>());
 
 		values.add(value);
 	}
diff --git a/web/src/main/java/org/springframework/security/web/server/DelegatingServerAuthenticationEntryPoint.java b/web/src/main/java/org/springframework/security/web/server/DelegatingServerAuthenticationEntryPoint.java
index 35f6856662..633a996302 100644
--- a/web/src/main/java/org/springframework/security/web/server/DelegatingServerAuthenticationEntryPoint.java
+++ b/web/src/main/java/org/springframework/security/web/server/DelegatingServerAuthenticationEntryPoint.java
@@ -60,16 +60,16 @@ public class DelegatingServerAuthenticationEntryPoint implements ServerAuthentic
 
 	@Override
 	public Mono<Void> commence(ServerWebExchange exchange, AuthenticationException ex) {
-		return Flux.fromIterable(this.entryPoints).filterWhen(entry -> isMatch(exchange, entry)).next()
-				.map(entry -> entry.getEntryPoint()).doOnNext(it -> {
+		return Flux.fromIterable(this.entryPoints).filterWhen((entry) -> isMatch(exchange, entry)).next()
+				.map((entry) -> entry.getEntryPoint()).doOnNext((it) -> {
 					if (logger.isDebugEnabled()) {
 						logger.debug("Match found! Executing " + it);
 					}
-				}).switchIfEmpty(Mono.just(this.defaultEntryPoint).doOnNext(it -> {
+				}).switchIfEmpty(Mono.just(this.defaultEntryPoint).doOnNext((it) -> {
 					if (logger.isDebugEnabled()) {
 						logger.debug("No match found. Using default entry point " + this.defaultEntryPoint);
 					}
-				})).flatMap(entryPoint -> entryPoint.commence(exchange, ex));
+				})).flatMap((entryPoint) -> entryPoint.commence(exchange, ex));
 	}
 
 	private Mono<Boolean> isMatch(ServerWebExchange exchange, DelegateEntry entry) {
@@ -77,7 +77,7 @@ public class DelegatingServerAuthenticationEntryPoint implements ServerAuthentic
 		if (logger.isDebugEnabled()) {
 			logger.debug("Trying to match using " + matcher);
 		}
-		return matcher.matches(exchange).map(result -> result.isMatch());
+		return matcher.matches(exchange).map((result) -> result.isMatch());
 	}
 
 	/**
diff --git a/web/src/main/java/org/springframework/security/web/server/MatcherSecurityWebFilterChain.java b/web/src/main/java/org/springframework/security/web/server/MatcherSecurityWebFilterChain.java
index 081e0c865e..ad3cbd328b 100644
--- a/web/src/main/java/org/springframework/security/web/server/MatcherSecurityWebFilterChain.java
+++ b/web/src/main/java/org/springframework/security/web/server/MatcherSecurityWebFilterChain.java
@@ -48,7 +48,7 @@ public class MatcherSecurityWebFilterChain implements SecurityWebFilterChain {
 
 	@Override
 	public Mono<Boolean> matches(ServerWebExchange exchange) {
-		return this.matcher.matches(exchange).map(m -> m.isMatch());
+		return this.matcher.matches(exchange).map((m) -> m.isMatch());
 	}
 
 	@Override
diff --git a/web/src/main/java/org/springframework/security/web/server/ServerFormLoginAuthenticationConverter.java b/web/src/main/java/org/springframework/security/web/server/ServerFormLoginAuthenticationConverter.java
index f5ed89c7b1..9d538ad0aa 100644
--- a/web/src/main/java/org/springframework/security/web/server/ServerFormLoginAuthenticationConverter.java
+++ b/web/src/main/java/org/springframework/security/web/server/ServerFormLoginAuthenticationConverter.java
@@ -46,7 +46,7 @@ public class ServerFormLoginAuthenticationConverter implements Function<ServerWe
 	@Override
 	@Deprecated
 	public Mono<Authentication> apply(ServerWebExchange exchange) {
-		return exchange.getFormData().map(data -> createAuthentication(data));
+		return exchange.getFormData().map((data) -> createAuthentication(data));
 	}
 
 	private UsernamePasswordAuthenticationToken createAuthentication(MultiValueMap<String, String> data) {
diff --git a/web/src/main/java/org/springframework/security/web/server/WebFilterChainProxy.java b/web/src/main/java/org/springframework/security/web/server/WebFilterChainProxy.java
index 26e98e7b99..0e03b36497 100644
--- a/web/src/main/java/org/springframework/security/web/server/WebFilterChainProxy.java
+++ b/web/src/main/java/org/springframework/security/web/server/WebFilterChainProxy.java
@@ -49,12 +49,12 @@ public class WebFilterChainProxy implements WebFilter {
 	@Override
 	public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
 		return Flux.fromIterable(this.filters)
-				.filterWhen(securityWebFilterChain -> securityWebFilterChain.matches(exchange)).next()
+				.filterWhen((securityWebFilterChain) -> securityWebFilterChain.matches(exchange)).next()
 				.switchIfEmpty(chain.filter(exchange).then(Mono.empty()))
-				.flatMap(securityWebFilterChain -> securityWebFilterChain.getWebFilters().collectList())
-				.map(filters -> new FilteringWebHandler(webHandler -> chain.filter(webHandler), filters))
-				.map(handler -> new DefaultWebFilterChain(handler))
-				.flatMap(securedChain -> securedChain.filter(exchange));
+				.flatMap((securityWebFilterChain) -> securityWebFilterChain.getWebFilters().collectList())
+				.map((filters) -> new FilteringWebHandler((webHandler) -> chain.filter(webHandler), filters))
+				.map((handler) -> new DefaultWebFilterChain(handler))
+				.flatMap((securedChain) -> securedChain.filter(exchange));
 	}
 
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/AnonymousAuthenticationWebFilter.java b/web/src/main/java/org/springframework/security/web/server/authentication/AnonymousAuthenticationWebFilter.java
index efc927d835..131cf14796 100644
--- a/web/src/main/java/org/springframework/security/web/server/authentication/AnonymousAuthenticationWebFilter.java
+++ b/web/src/main/java/org/springframework/security/web/server/authentication/AnonymousAuthenticationWebFilter.java
@@ -86,7 +86,7 @@ public class AnonymousAuthenticationWebFilter implements WebFilter {
 			return chain.filter(exchange)
 					.subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(securityContext)))
 					.then(Mono.empty());
-		})).flatMap(securityContext -> {
+		})).flatMap((securityContext) -> {
 			if (logger.isDebugEnabled()) {
 				logger.debug("SecurityContext contains anonymous token: '" + securityContext.getAuthentication() + "'");
 			}
diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/AuthenticationConverterServerWebExchangeMatcher.java b/web/src/main/java/org/springframework/security/web/server/authentication/AuthenticationConverterServerWebExchangeMatcher.java
index 951eb75b69..8b60a584e7 100644
--- a/web/src/main/java/org/springframework/security/web/server/authentication/AuthenticationConverterServerWebExchangeMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/server/authentication/AuthenticationConverterServerWebExchangeMatcher.java
@@ -43,8 +43,8 @@ public final class AuthenticationConverterServerWebExchangeMatcher implements Se
 
 	@Override
 	public Mono<MatchResult> matches(ServerWebExchange exchange) {
-		return this.serverAuthenticationConverter.convert(exchange).flatMap(a -> MatchResult.match())
-				.onErrorResume(e -> MatchResult.notMatch()).switchIfEmpty(MatchResult.notMatch());
+		return this.serverAuthenticationConverter.convert(exchange).flatMap((a) -> MatchResult.match())
+				.onErrorResume((e) -> MatchResult.notMatch()).switchIfEmpty(MatchResult.notMatch());
 	}
 
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/AuthenticationWebFilter.java b/web/src/main/java/org/springframework/security/web/server/authentication/AuthenticationWebFilter.java
index 602ddbe090..b7d51de9d2 100644
--- a/web/src/main/java/org/springframework/security/web/server/authentication/AuthenticationWebFilter.java
+++ b/web/src/main/java/org/springframework/security/web/server/authentication/AuthenticationWebFilter.java
@@ -91,7 +91,7 @@ public class AuthenticationWebFilter implements WebFilter {
 	 */
 	public AuthenticationWebFilter(ReactiveAuthenticationManager authenticationManager) {
 		Assert.notNull(authenticationManager, "authenticationManager cannot be null");
-		this.authenticationManagerResolver = request -> Mono.just(authenticationManager);
+		this.authenticationManagerResolver = (request) -> Mono.just(authenticationManager);
 	}
 
 	/**
@@ -107,22 +107,22 @@ public class AuthenticationWebFilter implements WebFilter {
 
 	@Override
 	public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
-		return this.requiresAuthenticationMatcher.matches(exchange).filter(matchResult -> matchResult.isMatch())
-				.flatMap(matchResult -> this.authenticationConverter.convert(exchange))
+		return this.requiresAuthenticationMatcher.matches(exchange).filter((matchResult) -> matchResult.isMatch())
+				.flatMap((matchResult) -> this.authenticationConverter.convert(exchange))
 				.switchIfEmpty(chain.filter(exchange).then(Mono.empty()))
-				.flatMap(token -> authenticate(exchange, chain, token))
-				.onErrorResume(AuthenticationException.class, e -> this.authenticationFailureHandler
+				.flatMap((token) -> authenticate(exchange, chain, token))
+				.onErrorResume(AuthenticationException.class, (e) -> this.authenticationFailureHandler
 						.onAuthenticationFailure(new WebFilterExchange(exchange, chain), e));
 	}
 
 	private Mono<Void> authenticate(ServerWebExchange exchange, WebFilterChain chain, Authentication token) {
 		return this.authenticationManagerResolver.resolve(exchange)
-				.flatMap(authenticationManager -> authenticationManager.authenticate(token))
+				.flatMap((authenticationManager) -> authenticationManager.authenticate(token))
 				.switchIfEmpty(Mono.defer(
 						() -> Mono.error(new IllegalStateException("No provider found for " + token.getClass()))))
-				.flatMap(authentication -> onAuthenticationSuccess(authentication,
+				.flatMap((authentication) -> onAuthenticationSuccess(authentication,
 						new WebFilterExchange(exchange, chain)))
-				.doOnError(AuthenticationException.class, e -> {
+				.doOnError(AuthenticationException.class, (e) -> {
 					if (logger.isDebugEnabled()) {
 						logger.debug("Authentication failed: " + e.getMessage());
 					}
diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/DelegatingServerAuthenticationSuccessHandler.java b/web/src/main/java/org/springframework/security/web/server/authentication/DelegatingServerAuthenticationSuccessHandler.java
index bbda2025bd..edd81bcaf4 100644
--- a/web/src/main/java/org/springframework/security/web/server/authentication/DelegatingServerAuthenticationSuccessHandler.java
+++ b/web/src/main/java/org/springframework/security/web/server/authentication/DelegatingServerAuthenticationSuccessHandler.java
@@ -45,7 +45,7 @@ public class DelegatingServerAuthenticationSuccessHandler implements ServerAuthe
 	@Override
 	public Mono<Void> onAuthenticationSuccess(WebFilterExchange exchange, Authentication authentication) {
 		return Flux.fromIterable(this.delegates)
-				.concatMap(delegate -> delegate.onAuthenticationSuccess(exchange, authentication)).then();
+				.concatMap((delegate) -> delegate.onAuthenticationSuccess(exchange, authentication)).then();
 	}
 
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/ReactivePreAuthenticatedAuthenticationManager.java b/web/src/main/java/org/springframework/security/web/server/authentication/ReactivePreAuthenticatedAuthenticationManager.java
index 8252c65ba2..d21ff1363f 100644
--- a/web/src/main/java/org/springframework/security/web/server/authentication/ReactivePreAuthenticatedAuthenticationManager.java
+++ b/web/src/main/java/org/springframework/security/web/server/authentication/ReactivePreAuthenticatedAuthenticationManager.java
@@ -61,7 +61,7 @@ public class ReactivePreAuthenticatedAuthenticationManager implements ReactiveAu
 		return Mono.just(authentication).filter(this::supports).map(Authentication::getName)
 				.flatMap(this.userDetailsService::findByUsername)
 				.switchIfEmpty(Mono.error(() -> new UsernameNotFoundException("User not found")))
-				.doOnNext(this.userDetailsChecker::check).map(ud -> {
+				.doOnNext(this.userDetailsChecker::check).map((ud) -> {
 					PreAuthenticatedAuthenticationToken result = new PreAuthenticatedAuthenticationToken(ud,
 							authentication.getCredentials(), ud.getAuthorities());
 					result.setDetails(authentication.getDetails());
diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationSuccessHandler.java b/web/src/main/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationSuccessHandler.java
index 0f479ef470..8ef9e8635f 100644
--- a/web/src/main/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationSuccessHandler.java
+++ b/web/src/main/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationSuccessHandler.java
@@ -73,7 +73,7 @@ public class RedirectServerAuthenticationSuccessHandler implements ServerAuthent
 	public Mono<Void> onAuthenticationSuccess(WebFilterExchange webFilterExchange, Authentication authentication) {
 		ServerWebExchange exchange = webFilterExchange.getExchange();
 		return this.requestCache.getRedirectUri(exchange).defaultIfEmpty(this.location)
-				.flatMap(location -> this.redirectStrategy.sendRedirect(exchange, location));
+				.flatMap((location) -> this.redirectStrategy.sendRedirect(exchange, location));
 	}
 
 	/**
diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/SwitchUserWebFilter.java b/web/src/main/java/org/springframework/security/web/server/authentication/SwitchUserWebFilter.java
index e06fbaada5..38f59f48f2 100644
--- a/web/src/main/java/org/springframework/security/web/server/authentication/SwitchUserWebFilter.java
+++ b/web/src/main/java/org/springframework/security/web/server/authentication/SwitchUserWebFilter.java
@@ -168,8 +168,8 @@ public class SwitchUserWebFilter implements WebFilter {
 
 		return switchUser(webFilterExchange).switchIfEmpty(Mono.defer(() -> exitSwitchUser(webFilterExchange)))
 				.switchIfEmpty(Mono.defer(() -> chain.filter(exchange).then(Mono.empty())))
-				.flatMap(authentication -> onAuthenticationSuccess(authentication, webFilterExchange))
-				.onErrorResume(SwitchUserAuthenticationException.class, exception -> Mono.empty());
+				.flatMap((authentication) -> onAuthenticationSuccess(authentication, webFilterExchange))
+				.onErrorResume(SwitchUserAuthenticationException.class, (exception) -> Mono.empty());
 	}
 
 	/**
@@ -183,11 +183,11 @@ public class SwitchUserWebFilter implements WebFilter {
 	protected Mono<Authentication> switchUser(WebFilterExchange webFilterExchange) {
 		return this.switchUserMatcher.matches(webFilterExchange.getExchange())
 				.filter(ServerWebExchangeMatcher.MatchResult::isMatch)
-				.flatMap(matchResult -> ReactiveSecurityContextHolder.getContext())
-				.map(SecurityContext::getAuthentication).flatMap(currentAuthentication -> {
+				.flatMap((matchResult) -> ReactiveSecurityContextHolder.getContext())
+				.map(SecurityContext::getAuthentication).flatMap((currentAuthentication) -> {
 					final String username = getUsername(webFilterExchange.getExchange());
 					return attemptSwitchUser(currentAuthentication, username);
-				}).onErrorResume(AuthenticationException.class, e -> onAuthenticationFailure(e, webFilterExchange)
+				}).onErrorResume(AuthenticationException.class, (e) -> onAuthenticationFailure(e, webFilterExchange)
 						.then(Mono.error(new SwitchUserAuthenticationException(e))));
 	}
 
@@ -202,7 +202,7 @@ public class SwitchUserWebFilter implements WebFilter {
 	protected Mono<Authentication> exitSwitchUser(WebFilterExchange webFilterExchange) {
 		return this.exitUserMatcher.matches(webFilterExchange.getExchange())
 				.filter(ServerWebExchangeMatcher.MatchResult::isMatch)
-				.flatMap(matchResult -> ReactiveSecurityContextHolder.getContext()
+				.flatMap((matchResult) -> ReactiveSecurityContextHolder.getContext()
 						.map(SecurityContext::getAuthentication)
 						.switchIfEmpty(Mono.error(this::noCurrentUserException)))
 				.map(this::attemptExitUser);
@@ -228,7 +228,7 @@ public class SwitchUserWebFilter implements WebFilter {
 		return this.userDetailsService.findByUsername(userName)
 				.switchIfEmpty(Mono.error(this::noTargetAuthenticationException))
 				.doOnNext(this.userDetailsChecker::check)
-				.map(userDetails -> createSwitchUserToken(userDetails, currentAuthentication));
+				.map((userDetails) -> createSwitchUserToken(userDetails, currentAuthentication));
 	}
 
 	@NonNull
@@ -255,7 +255,7 @@ public class SwitchUserWebFilter implements WebFilter {
 		return Mono.justOrEmpty(this.failureHandler).switchIfEmpty(Mono.defer(() -> {
 			this.logger.error("Switch User failed", exception);
 			return Mono.error(exception);
-		})).flatMap(failureHandler -> failureHandler.onAuthenticationFailure(webFilterExchange, exception));
+		})).flatMap((failureHandler) -> failureHandler.onAuthenticationFailure(webFilterExchange, exception));
 	}
 
 	private Authentication createSwitchUserToken(UserDetails targetUser, Authentication currentAuthentication) {
diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/logout/DelegatingServerLogoutHandler.java b/web/src/main/java/org/springframework/security/web/server/authentication/logout/DelegatingServerLogoutHandler.java
index d8e2fd6f81..c05e29d585 100644
--- a/web/src/main/java/org/springframework/security/web/server/authentication/logout/DelegatingServerLogoutHandler.java
+++ b/web/src/main/java/org/springframework/security/web/server/authentication/logout/DelegatingServerLogoutHandler.java
@@ -50,7 +50,7 @@ public class DelegatingServerLogoutHandler implements ServerLogoutHandler {
 
 	@Override
 	public Mono<Void> logout(WebFilterExchange exchange, Authentication authentication) {
-		return Flux.fromIterable(this.delegates).concatMap(delegate -> delegate.logout(exchange, authentication))
+		return Flux.fromIterable(this.delegates).concatMap((delegate) -> delegate.logout(exchange, authentication))
 				.then();
 	}
 
diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/logout/LogoutWebFilter.java b/web/src/main/java/org/springframework/security/web/server/authentication/logout/LogoutWebFilter.java
index 70d8976db8..a27b42d657 100644
--- a/web/src/main/java/org/springframework/security/web/server/authentication/logout/LogoutWebFilter.java
+++ b/web/src/main/java/org/springframework/security/web/server/authentication/logout/LogoutWebFilter.java
@@ -57,9 +57,9 @@ public class LogoutWebFilter implements WebFilter {
 
 	@Override
 	public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
-		return this.requiresLogout.matches(exchange).filter(result -> result.isMatch())
-				.switchIfEmpty(chain.filter(exchange).then(Mono.empty())).map(result -> exchange)
-				.flatMap(this::flatMapAuthentication).flatMap(authentication -> {
+		return this.requiresLogout.matches(exchange).filter((result) -> result.isMatch())
+				.switchIfEmpty(chain.filter(exchange).then(Mono.empty())).map((result) -> exchange)
+				.flatMap(this::flatMapAuthentication).flatMap((authentication) -> {
 					WebFilterExchange webFilterExchange = new WebFilterExchange(exchange, chain);
 					return logout(webFilterExchange, authentication);
 				});
diff --git a/web/src/main/java/org/springframework/security/web/server/authorization/AuthorizationWebFilter.java b/web/src/main/java/org/springframework/security/web/server/authorization/AuthorizationWebFilter.java
index b9f6e93050..7c167f8265 100644
--- a/web/src/main/java/org/springframework/security/web/server/authorization/AuthorizationWebFilter.java
+++ b/web/src/main/java/org/springframework/security/web/server/authorization/AuthorizationWebFilter.java
@@ -45,13 +45,14 @@ public class AuthorizationWebFilter implements WebFilter {
 
 	@Override
 	public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
-		return ReactiveSecurityContextHolder.getContext().filter(c -> c.getAuthentication() != null)
+		return ReactiveSecurityContextHolder.getContext().filter((c) -> c.getAuthentication() != null)
 				.map(SecurityContext::getAuthentication)
-				.as(authentication -> this.authorizationManager.verify(authentication, exchange)).doOnSuccess(it -> {
+				.as((authentication) -> this.authorizationManager.verify(authentication, exchange))
+				.doOnSuccess((it) -> {
 					if (logger.isDebugEnabled()) {
 						logger.debug("Authorization successful");
 					}
-				}).doOnError(AccessDeniedException.class, e -> {
+				}).doOnError(AccessDeniedException.class, (e) -> {
 					if (logger.isDebugEnabled()) {
 						logger.debug("Authorization failed: " + e.getMessage());
 					}
diff --git a/web/src/main/java/org/springframework/security/web/server/authorization/DelegatingReactiveAuthorizationManager.java b/web/src/main/java/org/springframework/security/web/server/authorization/DelegatingReactiveAuthorizationManager.java
index ccde3d0ac2..a7074b36f8 100644
--- a/web/src/main/java/org/springframework/security/web/server/authorization/DelegatingReactiveAuthorizationManager.java
+++ b/web/src/main/java/org/springframework/security/web/server/authorization/DelegatingReactiveAuthorizationManager.java
@@ -49,8 +49,8 @@ public final class DelegatingReactiveAuthorizationManager implements ReactiveAut
 
 	@Override
 	public Mono<AuthorizationDecision> check(Mono<Authentication> authentication, ServerWebExchange exchange) {
-		return Flux.fromIterable(this.mappings).concatMap(mapping -> mapping.getMatcher().matches(exchange)
-				.filter(MatchResult::isMatch).map(MatchResult::getVariables).flatMap(variables -> {
+		return Flux.fromIterable(this.mappings).concatMap((mapping) -> mapping.getMatcher().matches(exchange)
+				.filter(MatchResult::isMatch).map(MatchResult::getVariables).flatMap((variables) -> {
 					if (logger.isDebugEnabled()) {
 						logger.debug(
 								"Checking authorization on '" + exchange.getRequest().getPath().pathWithinApplication()
diff --git a/web/src/main/java/org/springframework/security/web/server/authorization/ExceptionTranslationWebFilter.java b/web/src/main/java/org/springframework/security/web/server/authorization/ExceptionTranslationWebFilter.java
index de894d1524..3c1103270f 100644
--- a/web/src/main/java/org/springframework/security/web/server/authorization/ExceptionTranslationWebFilter.java
+++ b/web/src/main/java/org/springframework/security/web/server/authorization/ExceptionTranslationWebFilter.java
@@ -42,8 +42,8 @@ public class ExceptionTranslationWebFilter implements WebFilter {
 	@Override
 	public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
 		return chain.filter(exchange).onErrorResume(AccessDeniedException.class,
-				denied -> exchange.getPrincipal().switchIfEmpty(commenceAuthentication(exchange, denied))
-						.flatMap(principal -> this.accessDeniedHandler.handle(exchange, denied)));
+				(denied) -> exchange.getPrincipal().switchIfEmpty(commenceAuthentication(exchange, denied))
+						.flatMap((principal) -> this.accessDeniedHandler.handle(exchange, denied)));
 	}
 
 	/**
diff --git a/web/src/main/java/org/springframework/security/web/server/authorization/HttpStatusServerAccessDeniedHandler.java b/web/src/main/java/org/springframework/security/web/server/authorization/HttpStatusServerAccessDeniedHandler.java
index 6aef6e1c17..2e47dace44 100644
--- a/web/src/main/java/org/springframework/security/web/server/authorization/HttpStatusServerAccessDeniedHandler.java
+++ b/web/src/main/java/org/springframework/security/web/server/authorization/HttpStatusServerAccessDeniedHandler.java
@@ -50,12 +50,12 @@ public class HttpStatusServerAccessDeniedHandler implements ServerAccessDeniedHa
 
 	@Override
 	public Mono<Void> handle(ServerWebExchange exchange, AccessDeniedException ex) {
-		return Mono.defer(() -> Mono.just(exchange.getResponse())).flatMap(response -> {
+		return Mono.defer(() -> Mono.just(exchange.getResponse())).flatMap((response) -> {
 			response.setStatusCode(this.httpStatus);
 			response.getHeaders().setContentType(MediaType.TEXT_PLAIN);
 			DataBufferFactory dataBufferFactory = response.bufferFactory();
 			DataBuffer buffer = dataBufferFactory.wrap(ex.getMessage().getBytes(Charset.defaultCharset()));
-			return response.writeWith(Mono.just(buffer)).doOnError(error -> DataBufferUtils.release(buffer));
+			return response.writeWith(Mono.just(buffer)).doOnError((error) -> DataBufferUtils.release(buffer));
 		});
 	}
 
diff --git a/web/src/main/java/org/springframework/security/web/server/authorization/ServerWebExchangeDelegatingServerAccessDeniedHandler.java b/web/src/main/java/org/springframework/security/web/server/authorization/ServerWebExchangeDelegatingServerAccessDeniedHandler.java
index 38961c513d..9c7100da90 100644
--- a/web/src/main/java/org/springframework/security/web/server/authorization/ServerWebExchangeDelegatingServerAccessDeniedHandler.java
+++ b/web/src/main/java/org/springframework/security/web/server/authorization/ServerWebExchangeDelegatingServerAccessDeniedHandler.java
@@ -69,9 +69,9 @@ public class ServerWebExchangeDelegatingServerAccessDeniedHandler implements Ser
 
 	@Override
 	public Mono<Void> handle(ServerWebExchange exchange, AccessDeniedException denied) {
-		return Flux.fromIterable(this.handlers).filterWhen(entry -> isMatch(exchange, entry)).next()
+		return Flux.fromIterable(this.handlers).filterWhen((entry) -> isMatch(exchange, entry)).next()
 				.map(DelegateEntry::getAccessDeniedHandler).defaultIfEmpty(this.defaultHandler)
-				.flatMap(handler -> handler.handle(exchange, denied));
+				.flatMap((handler) -> handler.handle(exchange, denied));
 	}
 
 	/**
diff --git a/web/src/main/java/org/springframework/security/web/server/context/ReactorContextWebFilter.java b/web/src/main/java/org/springframework/security/web/server/context/ReactorContextWebFilter.java
index f243e0dc22..724e884fff 100644
--- a/web/src/main/java/org/springframework/security/web/server/context/ReactorContextWebFilter.java
+++ b/web/src/main/java/org/springframework/security/web/server/context/ReactorContextWebFilter.java
@@ -45,7 +45,7 @@ public class ReactorContextWebFilter implements WebFilter {
 	@Override
 	public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
 		return chain.filter(exchange)
-				.subscriberContext(c -> c.hasKey(SecurityContext.class) ? c : withSecurityContext(c, exchange));
+				.subscriberContext((c) -> c.hasKey(SecurityContext.class) ? c : withSecurityContext(c, exchange));
 	}
 
 	private Context withSecurityContext(Context mainContext, ServerWebExchange exchange) {
diff --git a/web/src/main/java/org/springframework/security/web/server/context/SecurityContextServerWebExchange.java b/web/src/main/java/org/springframework/security/web/server/context/SecurityContextServerWebExchange.java
index 02a165b79d..c4bd23556d 100644
--- a/web/src/main/java/org/springframework/security/web/server/context/SecurityContextServerWebExchange.java
+++ b/web/src/main/java/org/springframework/security/web/server/context/SecurityContextServerWebExchange.java
@@ -44,7 +44,7 @@ public class SecurityContextServerWebExchange extends ServerWebExchangeDecorator
 	@Override
 	@SuppressWarnings("unchecked")
 	public <T extends Principal> Mono<T> getPrincipal() {
-		return this.context.map(c -> (T) c.getAuthentication());
+		return this.context.map((c) -> (T) c.getAuthentication());
 	}
 
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/context/WebSessionServerSecurityContextRepository.java b/web/src/main/java/org/springframework/security/web/server/context/WebSessionServerSecurityContextRepository.java
index 75e126df5b..3058a82e1e 100644
--- a/web/src/main/java/org/springframework/security/web/server/context/WebSessionServerSecurityContextRepository.java
+++ b/web/src/main/java/org/springframework/security/web/server/context/WebSessionServerSecurityContextRepository.java
@@ -56,7 +56,7 @@ public class WebSessionServerSecurityContextRepository implements ServerSecurity
 
 	@Override
 	public Mono<Void> save(ServerWebExchange exchange, SecurityContext context) {
-		return exchange.getSession().doOnNext(session -> {
+		return exchange.getSession().doOnNext((session) -> {
 			if (context == null) {
 				session.getAttributes().remove(this.springSecurityContextAttrName);
 				if (logger.isDebugEnabled()) {
@@ -69,12 +69,12 @@ public class WebSessionServerSecurityContextRepository implements ServerSecurity
 					logger.debug("Saved SecurityContext '" + context + "' in WebSession: '" + session + "'");
 				}
 			}
-		}).flatMap(session -> session.changeSessionId());
+		}).flatMap((session) -> session.changeSessionId());
 	}
 
 	@Override
 	public Mono<SecurityContext> load(ServerWebExchange exchange) {
-		return exchange.getSession().flatMap(session -> {
+		return exchange.getSession().flatMap((session) -> {
 			SecurityContext context = (SecurityContext) session.getAttribute(this.springSecurityContextAttrName);
 			if (logger.isDebugEnabled()) {
 				if (context == null) {
diff --git a/web/src/main/java/org/springframework/security/web/server/csrf/CsrfWebFilter.java b/web/src/main/java/org/springframework/security/web/server/csrf/CsrfWebFilter.java
index 8bdab6fa1f..87655dee60 100644
--- a/web/src/main/java/org/springframework/security/web/server/csrf/CsrfWebFilter.java
+++ b/web/src/main/java/org/springframework/security/web/server/csrf/CsrfWebFilter.java
@@ -116,11 +116,11 @@ public class CsrfWebFilter implements WebFilter {
 			return chain.filter(exchange).then(Mono.empty());
 		}
 
-		return this.requireCsrfProtectionMatcher.matches(exchange).filter(matchResult -> matchResult.isMatch())
-				.filter(matchResult -> !exchange.getAttributes().containsKey(CsrfToken.class.getName()))
-				.flatMap(m -> validateToken(exchange)).flatMap(m -> continueFilterChain(exchange, chain))
+		return this.requireCsrfProtectionMatcher.matches(exchange).filter((matchResult) -> matchResult.isMatch())
+				.filter((matchResult) -> !exchange.getAttributes().containsKey(CsrfToken.class.getName()))
+				.flatMap((m) -> validateToken(exchange)).flatMap((m) -> continueFilterChain(exchange, chain))
 				.switchIfEmpty(continueFilterChain(exchange, chain).then(Mono.empty()))
-				.onErrorResume(CsrfException.class, e -> this.accessDeniedHandler.handle(exchange, e));
+				.onErrorResume(CsrfException.class, (e) -> this.accessDeniedHandler.handle(exchange, e));
 	}
 
 	public static void skipExchange(ServerWebExchange exchange) {
@@ -131,15 +131,15 @@ public class CsrfWebFilter implements WebFilter {
 		return this.csrfTokenRepository.loadToken(exchange)
 				.switchIfEmpty(Mono
 						.defer(() -> Mono.error(new CsrfException("CSRF Token has been associated to this client"))))
-				.filterWhen(expected -> containsValidCsrfToken(exchange, expected))
+				.filterWhen((expected) -> containsValidCsrfToken(exchange, expected))
 				.switchIfEmpty(Mono.defer(() -> Mono.error(new CsrfException("Invalid CSRF Token")))).then();
 	}
 
 	private Mono<Boolean> containsValidCsrfToken(ServerWebExchange exchange, CsrfToken expected) {
-		return exchange.getFormData().flatMap(data -> Mono.justOrEmpty(data.getFirst(expected.getParameterName())))
+		return exchange.getFormData().flatMap((data) -> Mono.justOrEmpty(data.getFirst(expected.getParameterName())))
 				.switchIfEmpty(Mono.justOrEmpty(exchange.getRequest().getHeaders().getFirst(expected.getHeaderName())))
 				.switchIfEmpty(tokenFromMultipartData(exchange, expected))
-				.map(actual -> actual.equals(expected.getToken()));
+				.map((actual) -> actual.equals(expected.getToken()));
 	}
 
 	private Mono<String> tokenFromMultipartData(ServerWebExchange exchange, CsrfToken expected) {
@@ -152,7 +152,7 @@ public class CsrfWebFilter implements WebFilter {
 		if (!contentType.includes(MediaType.MULTIPART_FORM_DATA)) {
 			return Mono.empty();
 		}
-		return exchange.getMultipartData().map(d -> d.getFirst(expected.getParameterName())).cast(FormFieldPart.class)
+		return exchange.getMultipartData().map((d) -> d.getFirst(expected.getParameterName())).cast(FormFieldPart.class)
 				.map(FormFieldPart::value);
 	}
 
@@ -170,7 +170,7 @@ public class CsrfWebFilter implements WebFilter {
 
 	private Mono<CsrfToken> generateToken(ServerWebExchange exchange) {
 		return this.csrfTokenRepository.generateToken(exchange)
-				.delayUntil(token -> this.csrfTokenRepository.saveToken(exchange, token));
+				.delayUntil((token) -> this.csrfTokenRepository.saveToken(exchange, token));
 	}
 
 	private static class DefaultRequireCsrfProtectionMatcher implements ServerWebExchangeMatcher {
@@ -180,8 +180,8 @@ public class CsrfWebFilter implements WebFilter {
 
 		@Override
 		public Mono<MatchResult> matches(ServerWebExchange exchange) {
-			return Mono.just(exchange.getRequest()).flatMap(r -> Mono.justOrEmpty(r.getMethod()))
-					.filter(m -> ALLOWED_METHODS.contains(m)).flatMap(m -> MatchResult.notMatch())
+			return Mono.just(exchange.getRequest()).flatMap((r) -> Mono.justOrEmpty(r.getMethod()))
+					.filter((m) -> ALLOWED_METHODS.contains(m)).flatMap((m) -> MatchResult.notMatch())
 					.switchIfEmpty(MatchResult.match());
 		}
 
diff --git a/web/src/main/java/org/springframework/security/web/server/csrf/WebSessionServerCsrfTokenRepository.java b/web/src/main/java/org/springframework/security/web/server/csrf/WebSessionServerCsrfTokenRepository.java
index 4951acc3bf..57002cf9db 100644
--- a/web/src/main/java/org/springframework/security/web/server/csrf/WebSessionServerCsrfTokenRepository.java
+++ b/web/src/main/java/org/springframework/security/web/server/csrf/WebSessionServerCsrfTokenRepository.java
@@ -58,8 +58,8 @@ public class WebSessionServerCsrfTokenRepository implements ServerCsrfTokenRepos
 
 	@Override
 	public Mono<Void> saveToken(ServerWebExchange exchange, CsrfToken token) {
-		return exchange.getSession().doOnNext(session -> putToken(session.getAttributes(), token))
-				.flatMap(session -> session.changeSessionId());
+		return exchange.getSession().doOnNext((session) -> putToken(session.getAttributes(), token))
+				.flatMap((session) -> session.changeSessionId());
 	}
 
 	private void putToken(Map<String, Object> attributes, CsrfToken token) {
@@ -73,8 +73,8 @@ public class WebSessionServerCsrfTokenRepository implements ServerCsrfTokenRepos
 
 	@Override
 	public Mono<CsrfToken> loadToken(ServerWebExchange exchange) {
-		return exchange.getSession().filter(s -> s.getAttributes().containsKey(this.sessionAttributeName))
-				.map(s -> s.getAttribute(this.sessionAttributeName));
+		return exchange.getSession().filter((s) -> s.getAttributes().containsKey(this.sessionAttributeName))
+				.map((s) -> s.getAttribute(this.sessionAttributeName));
 	}
 
 	/**
diff --git a/web/src/main/java/org/springframework/security/web/server/header/CompositeServerHttpHeadersWriter.java b/web/src/main/java/org/springframework/security/web/server/header/CompositeServerHttpHeadersWriter.java
index d811daec39..57b8533754 100644
--- a/web/src/main/java/org/springframework/security/web/server/header/CompositeServerHttpHeadersWriter.java
+++ b/web/src/main/java/org/springframework/security/web/server/header/CompositeServerHttpHeadersWriter.java
@@ -44,7 +44,7 @@ public class CompositeServerHttpHeadersWriter implements ServerHttpHeadersWriter
 
 	@Override
 	public Mono<Void> writeHttpHeaders(ServerWebExchange exchange) {
-		return Flux.fromIterable(this.writers).concatMap(w -> w.writeHttpHeaders(exchange)).then();
+		return Flux.fromIterable(this.writers).concatMap((w) -> w.writeHttpHeaders(exchange)).then();
 	}
 
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/savedrequest/CookieServerRequestCache.java b/web/src/main/java/org/springframework/security/web/server/savedrequest/CookieServerRequestCache.java
index 7f74da047f..d9135feb3d 100644
--- a/web/src/main/java/org/springframework/security/web/server/savedrequest/CookieServerRequestCache.java
+++ b/web/src/main/java/org/springframework/security/web/server/savedrequest/CookieServerRequestCache.java
@@ -71,8 +71,8 @@ public class CookieServerRequestCache implements ServerRequestCache {
 
 	@Override
 	public Mono<Void> saveRequest(ServerWebExchange exchange) {
-		return this.saveRequestMatcher.matches(exchange).filter(m -> m.isMatch()).map(m -> exchange.getResponse())
-				.map(ServerHttpResponse::getCookies).doOnNext(cookies -> {
+		return this.saveRequestMatcher.matches(exchange).filter((m) -> m.isMatch()).map((m) -> exchange.getResponse())
+				.map(ServerHttpResponse::getCookies).doOnNext((cookies) -> {
 					ResponseCookie redirectUriCookie = createRedirectUriCookie(exchange.getRequest());
 					cookies.add(REDIRECT_URI_COOKIE_NAME, redirectUriCookie);
 					if (logger.isDebugEnabled()) {
@@ -86,13 +86,13 @@ public class CookieServerRequestCache implements ServerRequestCache {
 		MultiValueMap<String, HttpCookie> cookieMap = exchange.getRequest().getCookies();
 		return Mono.justOrEmpty(cookieMap.getFirst(REDIRECT_URI_COOKIE_NAME)).map(HttpCookie::getValue)
 				.map(CookieServerRequestCache::decodeCookie)
-				.onErrorResume(IllegalArgumentException.class, e -> Mono.empty()).map(URI::create);
+				.onErrorResume(IllegalArgumentException.class, (e) -> Mono.empty()).map(URI::create);
 	}
 
 	@Override
 	public Mono<ServerHttpRequest> removeMatchingRequest(ServerWebExchange exchange) {
 		return Mono.just(exchange.getResponse()).map(ServerHttpResponse::getCookies).doOnNext(
-				cookies -> cookies.add(REDIRECT_URI_COOKIE_NAME, invalidateRedirectUriCookie(exchange.getRequest())))
+				(cookies) -> cookies.add(REDIRECT_URI_COOKIE_NAME, invalidateRedirectUriCookie(exchange.getRequest())))
 				.thenReturn(exchange.getRequest());
 	}
 
diff --git a/web/src/main/java/org/springframework/security/web/server/savedrequest/ServerRequestCacheWebFilter.java b/web/src/main/java/org/springframework/security/web/server/savedrequest/ServerRequestCacheWebFilter.java
index 846b17fa40..a79dd0448a 100644
--- a/web/src/main/java/org/springframework/security/web/server/savedrequest/ServerRequestCacheWebFilter.java
+++ b/web/src/main/java/org/springframework/security/web/server/savedrequest/ServerRequestCacheWebFilter.java
@@ -35,8 +35,8 @@ public class ServerRequestCacheWebFilter implements WebFilter {
 
 	@Override
 	public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
-		return this.requestCache.removeMatchingRequest(exchange).map(r -> exchange.mutate().request(r).build())
-				.defaultIfEmpty(exchange).flatMap(e -> chain.filter(e));
+		return this.requestCache.removeMatchingRequest(exchange).map((r) -> exchange.mutate().request(r).build())
+				.defaultIfEmpty(exchange).flatMap((e) -> chain.filter(e));
 	}
 
 	public void setRequestCache(ServerRequestCache requestCache) {
diff --git a/web/src/main/java/org/springframework/security/web/server/savedrequest/WebSessionServerRequestCache.java b/web/src/main/java/org/springframework/security/web/server/savedrequest/WebSessionServerRequestCache.java
index d30a128cc3..533e960ed0 100644
--- a/web/src/main/java/org/springframework/security/web/server/savedrequest/WebSessionServerRequestCache.java
+++ b/web/src/main/java/org/springframework/security/web/server/savedrequest/WebSessionServerRequestCache.java
@@ -69,7 +69,7 @@ public class WebSessionServerRequestCache implements ServerRequestCache {
 	@Override
 	public Mono<Void> saveRequest(ServerWebExchange exchange) {
 		return this.saveRequestMatcher.matches(exchange).filter(MatchResult::isMatch)
-				.flatMap(m -> exchange.getSession()).map(WebSession::getAttributes).doOnNext(attrs -> {
+				.flatMap((m) -> exchange.getSession()).map(WebSession::getAttributes).doOnNext((attrs) -> {
 					String requestPath = pathInApplication(exchange.getRequest());
 					attrs.put(this.sessionAttrName, requestPath);
 					if (logger.isDebugEnabled()) {
@@ -81,13 +81,13 @@ public class WebSessionServerRequestCache implements ServerRequestCache {
 	@Override
 	public Mono<URI> getRedirectUri(ServerWebExchange exchange) {
 		return exchange.getSession()
-				.flatMap(session -> Mono.justOrEmpty(session.<String>getAttribute(this.sessionAttrName)))
+				.flatMap((session) -> Mono.justOrEmpty(session.<String>getAttribute(this.sessionAttrName)))
 				.map(URI::create);
 	}
 
 	@Override
 	public Mono<ServerHttpRequest> removeMatchingRequest(ServerWebExchange exchange) {
-		return exchange.getSession().map(WebSession::getAttributes).filter(attributes -> {
+		return exchange.getSession().map(WebSession::getAttributes).filter((attributes) -> {
 			String requestPath = pathInApplication(exchange.getRequest());
 			boolean removed = attributes.remove(this.sessionAttrName, requestPath);
 			if (removed) {
@@ -96,7 +96,7 @@ public class WebSessionServerRequestCache implements ServerRequestCache {
 				}
 			}
 			return removed;
-		}).map(attributes -> exchange.getRequest());
+		}).map((attributes) -> exchange.getRequest());
 	}
 
 	private static String pathInApplication(ServerHttpRequest request) {
diff --git a/web/src/main/java/org/springframework/security/web/server/transport/HttpsRedirectWebFilter.java b/web/src/main/java/org/springframework/security/web/server/transport/HttpsRedirectWebFilter.java
index 94ba6af9f6..da69b1b028 100644
--- a/web/src/main/java/org/springframework/security/web/server/transport/HttpsRedirectWebFilter.java
+++ b/web/src/main/java/org/springframework/security/web/server/transport/HttpsRedirectWebFilter.java
@@ -57,9 +57,9 @@ public final class HttpsRedirectWebFilter implements WebFilter {
 	@Override
 	public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
 		return Mono.just(exchange).filter(this::isInsecure).flatMap(this.requiresHttpsRedirectMatcher::matches)
-				.filter(matchResult -> matchResult.isMatch()).switchIfEmpty(chain.filter(exchange).then(Mono.empty()))
-				.map(matchResult -> createRedirectUri(exchange))
-				.flatMap(uri -> this.redirectStrategy.sendRedirect(exchange, uri));
+				.filter((matchResult) -> matchResult.isMatch()).switchIfEmpty(chain.filter(exchange).then(Mono.empty()))
+				.map((matchResult) -> createRedirectUri(exchange))
+				.flatMap((uri) -> this.redirectStrategy.sendRedirect(exchange, uri));
 	}
 
 	/**
diff --git a/web/src/main/java/org/springframework/security/web/server/ui/LoginPageGeneratingWebFilter.java b/web/src/main/java/org/springframework/security/web/server/ui/LoginPageGeneratingWebFilter.java
index 82acde159f..7f56d33c98 100644
--- a/web/src/main/java/org/springframework/security/web/server/ui/LoginPageGeneratingWebFilter.java
+++ b/web/src/main/java/org/springframework/security/web/server/ui/LoginPageGeneratingWebFilter.java
@@ -64,7 +64,7 @@ public class LoginPageGeneratingWebFilter implements WebFilter {
 	@Override
 	public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
 		return this.matcher.matches(exchange).filter(ServerWebExchangeMatcher.MatchResult::isMatch)
-				.switchIfEmpty(chain.filter(exchange).then(Mono.empty())).flatMap(matchResult -> render(exchange));
+				.switchIfEmpty(chain.filter(exchange).then(Mono.empty())).flatMap((matchResult) -> render(exchange));
 	}
 
 	private Mono<Void> render(ServerWebExchange exchange) {
@@ -77,7 +77,7 @@ public class LoginPageGeneratingWebFilter implements WebFilter {
 	private Mono<DataBuffer> createBuffer(ServerWebExchange exchange) {
 
 		Mono<CsrfToken> token = exchange.getAttributeOrDefault(CsrfToken.class.getName(), Mono.empty());
-		return token.map(LoginPageGeneratingWebFilter::csrfToken).defaultIfEmpty("").map(csrfTokenHtmlInput -> {
+		return token.map(LoginPageGeneratingWebFilter::csrfToken).defaultIfEmpty("").map((csrfTokenHtmlInput) -> {
 			byte[] bytes = createPage(exchange, csrfTokenHtmlInput);
 			DataBufferFactory bufferFactory = exchange.getResponse().bufferFactory();
 			return bufferFactory.wrap(bytes);
diff --git a/web/src/main/java/org/springframework/security/web/server/ui/LogoutPageGeneratingWebFilter.java b/web/src/main/java/org/springframework/security/web/server/ui/LogoutPageGeneratingWebFilter.java
index 4b51f239aa..b32c5af1b2 100644
--- a/web/src/main/java/org/springframework/security/web/server/ui/LogoutPageGeneratingWebFilter.java
+++ b/web/src/main/java/org/springframework/security/web/server/ui/LogoutPageGeneratingWebFilter.java
@@ -46,7 +46,7 @@ public class LogoutPageGeneratingWebFilter implements WebFilter {
 	@Override
 	public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
 		return this.matcher.matches(exchange).filter(ServerWebExchangeMatcher.MatchResult::isMatch)
-				.switchIfEmpty(chain.filter(exchange).then(Mono.empty())).flatMap(matchResult -> render(exchange));
+				.switchIfEmpty(chain.filter(exchange).then(Mono.empty())).flatMap((matchResult) -> render(exchange));
 	}
 
 	private Mono<Void> render(ServerWebExchange exchange) {
@@ -54,12 +54,12 @@ public class LogoutPageGeneratingWebFilter implements WebFilter {
 		result.setStatusCode(HttpStatus.OK);
 		result.getHeaders().setContentType(MediaType.TEXT_HTML);
 		return result.writeWith(createBuffer(exchange));
-		// .doOnError( error -> DataBufferUtils.release(buffer));
+		// .doOnError( (error) -> DataBufferUtils.release(buffer));
 	}
 
 	private Mono<DataBuffer> createBuffer(ServerWebExchange exchange) {
 		Mono<CsrfToken> token = exchange.getAttributeOrDefault(CsrfToken.class.getName(), Mono.empty());
-		return token.map(LogoutPageGeneratingWebFilter::csrfToken).defaultIfEmpty("").map(csrfTokenHtmlInput -> {
+		return token.map(LogoutPageGeneratingWebFilter::csrfToken).defaultIfEmpty("").map((csrfTokenHtmlInput) -> {
 			byte[] bytes = createPage(csrfTokenHtmlInput);
 			DataBufferFactory bufferFactory = exchange.getResponse().bufferFactory();
 			return bufferFactory.wrap(bytes);
diff --git a/web/src/main/java/org/springframework/security/web/server/util/matcher/AndServerWebExchangeMatcher.java b/web/src/main/java/org/springframework/security/web/server/util/matcher/AndServerWebExchangeMatcher.java
index 42b80444a9..d5f7ae92ec 100644
--- a/web/src/main/java/org/springframework/security/web/server/util/matcher/AndServerWebExchangeMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/server/util/matcher/AndServerWebExchangeMatcher.java
@@ -56,14 +56,14 @@ public class AndServerWebExchangeMatcher implements ServerWebExchangeMatcher {
 	public Mono<MatchResult> matches(ServerWebExchange exchange) {
 		return Mono.defer(() -> {
 			Map<String, Object> variables = new HashMap<>();
-			return Flux.fromIterable(this.matchers).doOnNext(it -> {
+			return Flux.fromIterable(this.matchers).doOnNext((it) -> {
 				if (logger.isDebugEnabled()) {
 					logger.debug("Trying to match using " + it);
 				}
-			}).flatMap(matcher -> matcher.matches(exchange))
-					.doOnNext(matchResult -> variables.putAll(matchResult.getVariables())).all(MatchResult::isMatch)
-					.flatMap(allMatch -> allMatch ? MatchResult.match(variables) : MatchResult.notMatch())
-					.doOnNext(it -> {
+			}).flatMap((matcher) -> matcher.matches(exchange))
+					.doOnNext((matchResult) -> variables.putAll(matchResult.getVariables())).all(MatchResult::isMatch)
+					.flatMap((allMatch) -> allMatch ? MatchResult.match(variables) : MatchResult.notMatch())
+					.doOnNext((it) -> {
 						if (logger.isDebugEnabled()) {
 							logger.debug(it.isMatch() ? "All requestMatchers returned true" : "Did not match");
 						}
diff --git a/web/src/main/java/org/springframework/security/web/server/util/matcher/NegatedServerWebExchangeMatcher.java b/web/src/main/java/org/springframework/security/web/server/util/matcher/NegatedServerWebExchangeMatcher.java
index 5c06881d39..e0b3b17993 100644
--- a/web/src/main/java/org/springframework/security/web/server/util/matcher/NegatedServerWebExchangeMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/server/util/matcher/NegatedServerWebExchangeMatcher.java
@@ -44,8 +44,8 @@ public class NegatedServerWebExchangeMatcher implements ServerWebExchangeMatcher
 
 	@Override
 	public Mono<MatchResult> matches(ServerWebExchange exchange) {
-		return this.matcher.matches(exchange).flatMap(m -> m.isMatch() ? MatchResult.notMatch() : MatchResult.match())
-				.doOnNext(it -> {
+		return this.matcher.matches(exchange).flatMap((m) -> m.isMatch() ? MatchResult.notMatch() : MatchResult.match())
+				.doOnNext((it) -> {
 					if (logger.isDebugEnabled()) {
 						logger.debug("matches = " + it.isMatch());
 					}
diff --git a/web/src/main/java/org/springframework/security/web/server/util/matcher/OrServerWebExchangeMatcher.java b/web/src/main/java/org/springframework/security/web/server/util/matcher/OrServerWebExchangeMatcher.java
index b6b015ab12..5ceb1b1788 100644
--- a/web/src/main/java/org/springframework/security/web/server/util/matcher/OrServerWebExchangeMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/server/util/matcher/OrServerWebExchangeMatcher.java
@@ -52,12 +52,12 @@ public class OrServerWebExchangeMatcher implements ServerWebExchangeMatcher {
 
 	@Override
 	public Mono<MatchResult> matches(ServerWebExchange exchange) {
-		return Flux.fromIterable(this.matchers).doOnNext(it -> {
+		return Flux.fromIterable(this.matchers).doOnNext((it) -> {
 			if (logger.isDebugEnabled()) {
 				logger.debug("Trying to match using " + it);
 			}
-		}).flatMap(m -> m.matches(exchange)).filter(MatchResult::isMatch).next().switchIfEmpty(MatchResult.notMatch())
-				.doOnNext(it -> {
+		}).flatMap((m) -> m.matches(exchange)).filter(MatchResult::isMatch).next().switchIfEmpty(MatchResult.notMatch())
+				.doOnNext((it) -> {
 					if (logger.isDebugEnabled()) {
 						logger.debug(it.isMatch() ? "matched" : "No matches found");
 					}
diff --git a/web/src/main/java/org/springframework/security/web/server/util/matcher/PathPatternParserServerWebExchangeMatcher.java b/web/src/main/java/org/springframework/security/web/server/util/matcher/PathPatternParserServerWebExchangeMatcher.java
index 0dae293172..0e0a3dbbcf 100644
--- a/web/src/main/java/org/springframework/security/web/server/util/matcher/PathPatternParserServerWebExchangeMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/server/util/matcher/PathPatternParserServerWebExchangeMatcher.java
@@ -73,7 +73,7 @@ public final class PathPatternParserServerWebExchangeMatcher implements ServerWe
 		ServerHttpRequest request = exchange.getRequest();
 		PathContainer path = request.getPath().pathWithinApplication();
 		if (this.method != null && !this.method.equals(request.getMethod())) {
-			return MatchResult.notMatch().doOnNext(result -> {
+			return MatchResult.notMatch().doOnNext((result) -> {
 				if (logger.isDebugEnabled()) {
 					logger.debug("Request '" + request.getMethod() + " " + path + "' doesn't match '" + this.method
 							+ " " + this.pattern.getPatternString() + "'");
@@ -82,7 +82,7 @@ public final class PathPatternParserServerWebExchangeMatcher implements ServerWe
 		}
 		boolean match = this.pattern.matches(path);
 		if (!match) {
-			return MatchResult.notMatch().doOnNext(result -> {
+			return MatchResult.notMatch().doOnNext((result) -> {
 				if (logger.isDebugEnabled()) {
 					logger.debug("Request '" + request.getMethod() + " " + path + "' doesn't match '" + this.method
 							+ " " + this.pattern.getPatternString() + "'");
diff --git a/web/src/main/java/org/springframework/security/web/session/ConcurrentSessionFilter.java b/web/src/main/java/org/springframework/security/web/session/ConcurrentSessionFilter.java
index 2847a4e9ec..8bdc2af005 100644
--- a/web/src/main/java/org/springframework/security/web/session/ConcurrentSessionFilter.java
+++ b/web/src/main/java/org/springframework/security/web/session/ConcurrentSessionFilter.java
@@ -97,7 +97,7 @@ public class ConcurrentSessionFilter extends GenericFilterBean {
 				() -> expiredUrl + " isn't a valid redirect URL");
 		this.expiredUrl = expiredUrl;
 		this.sessionRegistry = sessionRegistry;
-		this.sessionInformationExpiredStrategy = event -> {
+		this.sessionInformationExpiredStrategy = (event) -> {
 			HttpServletRequest request = event.getRequest();
 			HttpServletResponse response = event.getResponse();
 			SessionInformation info = event.getSessionInformation();
diff --git a/web/src/main/java/org/springframework/security/web/util/ThrowableAnalyzer.java b/web/src/main/java/org/springframework/security/web/util/ThrowableAnalyzer.java
index 12c8324fe6..73207cdcb1 100755
--- a/web/src/main/java/org/springframework/security/web/util/ThrowableAnalyzer.java
+++ b/web/src/main/java/org/springframework/security/web/util/ThrowableAnalyzer.java
@@ -41,14 +41,14 @@ public class ThrowableAnalyzer {
 	 *
 	 * @see Throwable#getCause()
 	 */
-	public static final ThrowableCauseExtractor DEFAULT_EXTRACTOR = throwable -> throwable.getCause();
+	public static final ThrowableCauseExtractor DEFAULT_EXTRACTOR = (throwable) -> throwable.getCause();
 
 	/**
 	 * Default extractor for {@link InvocationTargetException} instances.
 	 *
 	 * @see InvocationTargetException#getTargetException()
 	 */
-	public static final ThrowableCauseExtractor INVOCATIONTARGET_EXTRACTOR = throwable -> {
+	public static final ThrowableCauseExtractor INVOCATIONTARGET_EXTRACTOR = (throwable) -> {
 		verifyThrowableHierarchy(throwable, InvocationTargetException.class);
 		return ((InvocationTargetException) throwable).getTargetException();
 	};
diff --git a/web/src/test/java/org/springframework/security/web/FilterChainProxyTests.java b/web/src/test/java/org/springframework/security/web/FilterChainProxyTests.java
index ca3702bede..56a21a1dc8 100644
--- a/web/src/test/java/org/springframework/security/web/FilterChainProxyTests.java
+++ b/web/src/test/java/org/springframework/security/web/FilterChainProxyTests.java
@@ -74,7 +74,7 @@ public class FilterChainProxyTests {
 	public void setup() throws Exception {
 		this.matcher = mock(RequestMatcher.class);
 		this.filter = mock(Filter.class);
-		willAnswer((Answer<Object>) inv -> {
+		willAnswer((Answer<Object>) (inv) -> {
 			Object[] args = inv.getArguments();
 			FilterChain fc = (FilterChain) args[2];
 			HttpServletRequestWrapper extraWrapper = new HttpServletRequestWrapper((HttpServletRequest) args[0]);
@@ -191,7 +191,7 @@ public class FilterChainProxyTests {
 	@Test
 	public void doFilterClearsSecurityContextHolder() throws Exception {
 		given(this.matcher.matches(any(HttpServletRequest.class))).willReturn(true);
-		willAnswer((Answer<Object>) inv -> {
+		willAnswer((Answer<Object>) (inv) -> {
 			SecurityContextHolder.getContext()
 					.setAuthentication(new TestingAuthenticationToken("username", "password"));
 			return null;
@@ -206,7 +206,7 @@ public class FilterChainProxyTests {
 	@Test
 	public void doFilterClearsSecurityContextHolderWithException() throws Exception {
 		given(this.matcher.matches(any(HttpServletRequest.class))).willReturn(true);
-		willAnswer((Answer<Object>) inv -> {
+		willAnswer((Answer<Object>) (inv) -> {
 			SecurityContextHolder.getContext()
 					.setAuthentication(new TestingAuthenticationToken("username", "password"));
 			throw new ServletException("oops");
@@ -228,10 +228,10 @@ public class FilterChainProxyTests {
 	public void doFilterClearsSecurityContextHolderOnceOnForwards() throws Exception {
 		final FilterChain innerChain = mock(FilterChain.class);
 		given(this.matcher.matches(any(HttpServletRequest.class))).willReturn(true);
-		willAnswer((Answer<Object>) inv -> {
+		willAnswer((Answer<Object>) (inv) -> {
 			TestingAuthenticationToken expected = new TestingAuthenticationToken("username", "password");
 			SecurityContextHolder.getContext().setAuthentication(expected);
-			willAnswer((Answer<Object>) inv1 -> {
+			willAnswer((Answer<Object>) (inv1) -> {
 				innerChain.doFilter(this.request, this.response);
 				return null;
 			}).given(this.filter).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class),
diff --git a/web/src/test/java/org/springframework/security/web/access/expression/WebExpressionVoterTests.java b/web/src/test/java/org/springframework/security/web/access/expression/WebExpressionVoterTests.java
index 6b1c930623..fdca0484e6 100644
--- a/web/src/test/java/org/springframework/security/web/access/expression/WebExpressionVoterTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/expression/WebExpressionVoterTests.java
@@ -72,7 +72,7 @@ public class WebExpressionVoterTests {
 		Expression ex = mock(Expression.class);
 		EvaluationContextPostProcessor postProcessor = mock(EvaluationContextPostProcessor.class);
 		given(postProcessor.postProcess(any(EvaluationContext.class), any(FilterInvocation.class)))
-				.willAnswer(invocation -> invocation.getArgument(0));
+				.willAnswer((invocation) -> invocation.getArgument(0));
 		WebExpressionConfigAttribute weca = new WebExpressionConfigAttribute(ex, postProcessor);
 		EvaluationContext ctx = mock(EvaluationContext.class);
 		SecurityExpressionHandler eh = mock(SecurityExpressionHandler.class);
diff --git a/web/src/test/java/org/springframework/security/web/authentication/UsernamePasswordAuthenticationFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/UsernamePasswordAuthenticationFilterTests.java
index 4f53e17eca..157e42fb12 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/UsernamePasswordAuthenticationFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/UsernamePasswordAuthenticationFilterTests.java
@@ -153,7 +153,7 @@ public class UsernamePasswordAuthenticationFilterTests {
 	private AuthenticationManager createAuthenticationManager() {
 		AuthenticationManager am = mock(AuthenticationManager.class);
 		given(am.authenticate(any(Authentication.class)))
-				.willAnswer((Answer<Authentication>) invocation -> (Authentication) invocation.getArguments()[0]);
+				.willAnswer((Answer<Authentication>) (invocation) -> (Authentication) invocation.getArguments()[0]);
 
 		return am;
 	}
diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilterTests.java
index 82813d3e29..ec318a9f33 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilterTests.java
@@ -423,7 +423,7 @@ public class AbstractPreAuthenticatedProcessingFilterTests {
 		}
 		else {
 			given(am.authenticate(any(Authentication.class)))
-					.willAnswer((Answer<Authentication>) invocation -> (Authentication) invocation.getArguments()[0]);
+					.willAnswer((Answer<Authentication>) (invocation) -> (Authentication) invocation.getArguments()[0]);
 		}
 
 		filter.setAuthenticationManager(am);
diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationProviderTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationProviderTests.java
index db62065c8c..cac4b9c717 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationProviderTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationProviderTests.java
@@ -116,7 +116,7 @@ public class PreAuthenticatedAuthenticationProviderTests {
 
 	private AuthenticationUserDetailsService<PreAuthenticatedAuthenticationToken> getPreAuthenticatedUserDetailsService(
 			final UserDetails aUserDetails) {
-		return token -> {
+		return (token) -> {
 			if (aUserDetails != null && aUserDetails.getUsername().equals(token.getName())) {
 				return aUserDetails;
 			}
diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/RequestAttributeAuthenticationFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/RequestAttributeAuthenticationFilterTests.java
index 647770f200..d5e8c7778f 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/preauth/RequestAttributeAuthenticationFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/RequestAttributeAuthenticationFilterTests.java
@@ -151,7 +151,7 @@ public class RequestAttributeAuthenticationFilterTests {
 	private AuthenticationManager createAuthenticationManager() {
 		AuthenticationManager am = mock(AuthenticationManager.class);
 		given(am.authenticate(any(Authentication.class)))
-				.willAnswer((Answer<Authentication>) invocation -> (Authentication) invocation.getArguments()[0]);
+				.willAnswer((Answer<Authentication>) (invocation) -> (Authentication) invocation.getArguments()[0]);
 
 		return am;
 	}
diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/header/RequestHeaderAuthenticationFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/header/RequestHeaderAuthenticationFilterTests.java
index aa65e72045..feff5b00fb 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/preauth/header/RequestHeaderAuthenticationFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/header/RequestHeaderAuthenticationFilterTests.java
@@ -152,7 +152,7 @@ public class RequestHeaderAuthenticationFilterTests {
 	private AuthenticationManager createAuthenticationManager() {
 		AuthenticationManager am = mock(AuthenticationManager.class);
 		given(am.authenticate(any(Authentication.class)))
-				.willAnswer((Answer<Authentication>) invocation -> (Authentication) invocation.getArguments()[0]);
+				.willAnswer((Answer<Authentication>) (invocation) -> (Authentication) invocation.getArguments()[0]);
 
 		return am;
 	}
diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedProcessingFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedProcessingFilterTests.java
index 9c17ee1824..54a3ade07f 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedProcessingFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedProcessingFilterTests.java
@@ -55,7 +55,7 @@ public class WebSpherePreAuthenticatedProcessingFilterTests {
 
 		AuthenticationManager am = mock(AuthenticationManager.class);
 		given(am.authenticate(any(Authentication.class)))
-				.willAnswer((Answer<Authentication>) invocation -> (Authentication) invocation.getArguments()[0]);
+				.willAnswer((Answer<Authentication>) (invocation) -> (Authentication) invocation.getArguments()[0]);
 
 		filter.setAuthenticationManager(am);
 		WebSpherePreAuthenticatedWebAuthenticationDetailsSource ads = new WebSpherePreAuthenticatedWebAuthenticationDetailsSource(
diff --git a/web/src/test/java/org/springframework/security/web/authentication/ui/DefaultLogoutPageGeneratingFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/ui/DefaultLogoutPageGeneratingFilterTests.java
index ea25312591..f8c1de66a8 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/ui/DefaultLogoutPageGeneratingFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/ui/DefaultLogoutPageGeneratingFilterTests.java
@@ -56,7 +56,7 @@ public class DefaultLogoutPageGeneratingFilterTests {
 
 	@Test
 	public void doFilterWhenHiddenInputsSetThenHiddenInputsRendered() throws Exception {
-		this.filter.setResolveHiddenInputs(r -> Collections.singletonMap("_csrf", "csrf-token-1"));
+		this.filter.setResolveHiddenInputs((r) -> Collections.singletonMap("_csrf", "csrf-token-1"));
 		MockMvc mockMvc = MockMvcBuilders.standaloneSetup(new Object()).addFilters(this.filter).build();
 
 		mockMvc.perform(get("/logout")).andExpect(
diff --git a/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilterTests.java
index cc5ae3a032..f3bef133b8 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilterTests.java
@@ -121,7 +121,7 @@ public class DigestAuthenticationFilterTests {
 		SecurityContextHolder.clearContext();
 
 		// Create User Details Service
-		UserDetailsService uds = username -> new User("rod,ok", "koala",
+		UserDetailsService uds = (username) -> new User("rod,ok", "koala",
 				AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO"));
 
 		DigestAuthenticationEntryPoint ep = new DigestAuthenticationEntryPoint();
diff --git a/web/src/test/java/org/springframework/security/web/firewall/StrictHttpFirewallTests.java b/web/src/test/java/org/springframework/security/web/firewall/StrictHttpFirewallTests.java
index 17bf759c9c..9146827284 100644
--- a/web/src/test/java/org/springframework/security/web/firewall/StrictHttpFirewallTests.java
+++ b/web/src/test/java/org/springframework/security/web/firewall/StrictHttpFirewallTests.java
@@ -581,7 +581,7 @@ public class StrictHttpFirewallTests {
 	@Test
 	public void getFirewalledRequestWhenTrustedDomainThenNoException() {
 		this.request.addHeader("Host", "example.org");
-		this.firewall.setAllowedHostnames(hostname -> hostname.equals("example.org"));
+		this.firewall.setAllowedHostnames((hostname) -> hostname.equals("example.org"));
 
 		assertThatCode(() -> this.firewall.getFirewalledRequest(this.request)).doesNotThrowAnyException();
 	}
@@ -589,14 +589,14 @@ public class StrictHttpFirewallTests {
 	@Test(expected = RequestRejectedException.class)
 	public void getFirewalledRequestWhenUntrustedDomainThenException() {
 		this.request.addHeader("Host", "example.org");
-		this.firewall.setAllowedHostnames(hostname -> hostname.equals("myexample.org"));
+		this.firewall.setAllowedHostnames((hostname) -> hostname.equals("myexample.org"));
 
 		this.firewall.getFirewalledRequest(this.request);
 	}
 
 	@Test(expected = RequestRejectedException.class)
 	public void getFirewalledRequestGetHeaderWhenNotAllowedHeaderNameThenException() {
-		this.firewall.setAllowedHeaderNames(name -> !name.equals("bad name"));
+		this.firewall.setAllowedHeaderNames((name) -> !name.equals("bad name"));
 
 		HttpServletRequest request = this.firewall.getFirewalledRequest(this.request);
 		request.getHeader("bad name");
@@ -605,7 +605,7 @@ public class StrictHttpFirewallTests {
 	@Test(expected = RequestRejectedException.class)
 	public void getFirewalledRequestGetHeaderWhenNotAllowedHeaderValueThenException() {
 		this.request.addHeader("good name", "bad value");
-		this.firewall.setAllowedHeaderValues(value -> !value.equals("bad value"));
+		this.firewall.setAllowedHeaderValues((value) -> !value.equals("bad value"));
 
 		HttpServletRequest request = this.firewall.getFirewalledRequest(this.request);
 		request.getHeader("good name");
@@ -717,7 +717,7 @@ public class StrictHttpFirewallTests {
 
 	@Test(expected = RequestRejectedException.class)
 	public void getFirewalledRequestGetParameterValuesWhenNotAllowedInParameterValueThenException() {
-		this.firewall.setAllowedParameterValues(value -> !value.equals("bad value"));
+		this.firewall.setAllowedParameterValues((value) -> !value.equals("bad value"));
 
 		this.request.addParameter("Something", "bad value");
 
@@ -727,7 +727,7 @@ public class StrictHttpFirewallTests {
 
 	@Test(expected = RequestRejectedException.class)
 	public void getFirewalledRequestGetParameterValuesWhenNotAllowedInParameterNameThenException() {
-		this.firewall.setAllowedParameterNames(value -> !value.equals("bad name"));
+		this.firewall.setAllowedParameterNames((value) -> !value.equals("bad name"));
 
 		this.request.addParameter("bad name", "good value");
 
diff --git a/web/src/test/java/org/springframework/security/web/jaasapi/JaasApiIntegrationFilterTests.java b/web/src/test/java/org/springframework/security/web/jaasapi/JaasApiIntegrationFilterTests.java
index 12027b2e58..2d6d4e3da5 100644
--- a/web/src/test/java/org/springframework/security/web/jaasapi/JaasApiIntegrationFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/jaasapi/JaasApiIntegrationFilterTests.java
@@ -82,7 +82,7 @@ public class JaasApiIntegrationFilterTests {
 		this.authenticatedSubject.getPrincipals().add(() -> "principal");
 		this.authenticatedSubject.getPrivateCredentials().add("password");
 		this.authenticatedSubject.getPublicCredentials().add("username");
-		this.callbackHandler = callbacks -> {
+		this.callbackHandler = (callbacks) -> {
 			for (Callback callback : callbacks) {
 				if (callback instanceof NameCallback) {
 					((NameCallback) callback).setName("user");
diff --git a/web/src/test/java/org/springframework/security/web/method/ResolvableMethod.java b/web/src/test/java/org/springframework/security/web/method/ResolvableMethod.java
index eebbc02be4..933d2efaad 100644
--- a/web/src/test/java/org/springframework/security/web/method/ResolvableMethod.java
+++ b/web/src/test/java/org/springframework/security/web/method/ResolvableMethod.java
@@ -119,7 +119,7 @@ import org.springframework.web.bind.annotation.ValueConstants;
  *
  * <pre>
  *
- * ResolvableMethod.on(TestController.class).mockCall(o -> o.handle(null)).method();
+ * ResolvableMethod.on(TestController.class).mockCall((o) -> o.handle(null)).method();
  * </pre>
  *
  * @author Rossen Stoyanchev
@@ -318,7 +318,7 @@ public final class ResolvableMethod {
 		 * Filter on methods with the given name.
 		 */
 		public Builder<T> named(String methodName) {
-			addFilter("methodName=" + methodName, m -> m.getName().equals(methodName));
+			addFilter("methodName=" + methodName, (m) -> m.getName().equals(methodName));
 			return this;
 		}
 
@@ -339,8 +339,8 @@ public final class ResolvableMethod {
 		@SafeVarargs
 		public final Builder<T> annotPresent(Class<? extends Annotation>... annotationTypes) {
 			String message = "annotationPresent=" + Arrays.toString(annotationTypes);
-			addFilter(message, candidate -> Arrays.stream(annotationTypes)
-					.allMatch(annotType -> AnnotatedElementUtils.findMergedAnnotation(candidate, annotType) != null));
+			addFilter(message, (candidate) -> Arrays.stream(annotationTypes)
+					.allMatch((annotType) -> AnnotatedElementUtils.findMergedAnnotation(candidate, annotType) != null));
 			return this;
 		}
 
@@ -350,10 +350,10 @@ public final class ResolvableMethod {
 		@SafeVarargs
 		public final Builder<T> annotNotPresent(Class<? extends Annotation>... annotationTypes) {
 			String message = "annotationNotPresent=" + Arrays.toString(annotationTypes);
-			addFilter(message, candidate -> {
+			addFilter(message, (candidate) -> {
 				if (annotationTypes.length != 0) {
 					return Arrays.stream(annotationTypes).noneMatch(
-							annotType -> AnnotatedElementUtils.findMergedAnnotation(candidate, annotType) != null);
+							(annotType) -> AnnotatedElementUtils.findMergedAnnotation(candidate, annotType) != null);
 				}
 				else {
 					return candidate.getAnnotations().length == 0;
@@ -388,7 +388,7 @@ public final class ResolvableMethod {
 		public Builder<T> returning(ResolvableType returnType) {
 			String expected = returnType.toString();
 			String message = "returnType=" + expected;
-			addFilter(message, m -> expected.equals(ResolvableType.forMethodReturnType(m).toString()));
+			addFilter(message, (m) -> expected.equals(ResolvableType.forMethodReturnType(m).toString()));
 			return this;
 		}
 
@@ -409,7 +409,7 @@ public final class ResolvableMethod {
 		}
 
 		private boolean isMatch(Method method) {
-			return this.filters.stream().allMatch(p -> p.test(method));
+			return this.filters.stream().allMatch((p) -> p.test(method));
 		}
 
 		private String formatMethods(Set<Method> methods) {
@@ -567,7 +567,7 @@ public final class ResolvableMethod {
 		 */
 		@SafeVarargs
 		public final ArgResolver annotPresent(Class<? extends Annotation>... annotationTypes) {
-			this.filters.add(param -> Arrays.stream(annotationTypes).allMatch(param::hasParameterAnnotation));
+			this.filters.add((param) -> Arrays.stream(annotationTypes).allMatch(param::hasParameterAnnotation));
 			return this;
 		}
 
@@ -577,7 +577,7 @@ public final class ResolvableMethod {
 		 */
 		@SafeVarargs
 		public final ArgResolver annotNotPresent(Class<? extends Annotation>... annotationTypes) {
-			this.filters.add(param -> (annotationTypes.length != 0)
+			this.filters.add((param) -> (annotationTypes.length != 0)
 					? Arrays.stream(annotationTypes).noneMatch(param::hasParameterAnnotation)
 					: param.getParameterAnnotations().length == 0);
 			return this;
@@ -604,7 +604,7 @@ public final class ResolvableMethod {
 		 * @param type the expected type
 		 */
 		public MethodParameter arg(ResolvableType type) {
-			this.filters.add(p -> type.toString().equals(ResolvableType.forMethodParameter(p).toString()));
+			this.filters.add((p) -> type.toString().equals(ResolvableType.forMethodParameter(p).toString()));
 			return arg();
 		}
 
@@ -624,7 +624,7 @@ public final class ResolvableMethod {
 			for (int i = 0; i < ResolvableMethod.this.method.getParameterCount(); i++) {
 				MethodParameter param = new SynthesizingMethodParameter(ResolvableMethod.this.method, i);
 				param.initParameterNameDiscovery(nameDiscoverer);
-				if (this.filters.stream().allMatch(p -> p.test(param))) {
+				if (this.filters.stream().allMatch((p) -> p.test(param))) {
 					matches.add(param);
 				}
 			}
diff --git a/web/src/test/java/org/springframework/security/web/savedrequest/CookieRequestCacheTests.java b/web/src/test/java/org/springframework/security/web/savedrequest/CookieRequestCacheTests.java
index 5a3e85327f..b6a8596640 100644
--- a/web/src/test/java/org/springframework/security/web/savedrequest/CookieRequestCacheTests.java
+++ b/web/src/test/java/org/springframework/security/web/savedrequest/CookieRequestCacheTests.java
@@ -73,7 +73,7 @@ public class CookieRequestCacheTests {
 	@Test
 	public void getMatchingRequestWhenRequestMatcherDefinedThenReturnsCorrectSubsetOfCachedRequests() {
 		CookieRequestCache cookieRequestCache = new CookieRequestCache();
-		cookieRequestCache.setRequestMatcher(request -> request.getRequestURI().equals("/expected-destination"));
+		cookieRequestCache.setRequestMatcher((request) -> request.getRequestURI().equals("/expected-destination"));
 
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", "/destination");
 		MockHttpServletResponse response = new MockHttpServletResponse();
diff --git a/web/src/test/java/org/springframework/security/web/savedrequest/HttpSessionRequestCacheTests.java b/web/src/test/java/org/springframework/security/web/savedrequest/HttpSessionRequestCacheTests.java
index 4f201474cd..d352f5242a 100644
--- a/web/src/test/java/org/springframework/security/web/savedrequest/HttpSessionRequestCacheTests.java
+++ b/web/src/test/java/org/springframework/security/web/savedrequest/HttpSessionRequestCacheTests.java
@@ -59,7 +59,7 @@ public class HttpSessionRequestCacheTests {
 	@Test
 	public void requestMatcherDefinesCorrectSubsetOfCachedRequests() {
 		HttpSessionRequestCache cache = new HttpSessionRequestCache();
-		cache.setRequestMatcher(request -> request.getMethod().equals("GET"));
+		cache.setRequestMatcher((request) -> request.getMethod().equals("GET"));
 
 		MockHttpServletRequest request = new MockHttpServletRequest("POST", "/destination");
 		MockHttpServletResponse response = new MockHttpServletResponse();
diff --git a/web/src/test/java/org/springframework/security/web/server/WebFilterChainProxyTests.java b/web/src/test/java/org/springframework/security/web/server/WebFilterChainProxyTests.java
index 45a66d8387..a0b4bf8b3a 100644
--- a/web/src/test/java/org/springframework/security/web/server/WebFilterChainProxyTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/WebFilterChainProxyTests.java
@@ -41,7 +41,7 @@ public class WebFilterChainProxyTests {
 	@Test
 	public void filterWhenNoMatchThenContinuesChainAnd404() {
 		List<WebFilter> filters = Arrays.asList(new Http200WebFilter());
-		ServerWebExchangeMatcher notMatch = exchange -> MatchResult.notMatch();
+		ServerWebExchangeMatcher notMatch = (exchange) -> MatchResult.notMatch();
 		MatcherSecurityWebFilterChain chain = new MatcherSecurityWebFilterChain(notMatch, filters);
 		WebFilterChainProxy filter = new WebFilterChainProxy(chain);
 
diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/AuthenticationWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/AuthenticationWebFilterTests.java
index 6e381d1220..4c935b969d 100644
--- a/web/src/test/java/org/springframework/security/web/server/authentication/AuthenticationWebFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authentication/AuthenticationWebFilterTests.java
@@ -87,7 +87,7 @@ public class AuthenticationWebFilterTests {
 		WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.filter).build();
 
 		EntityExchangeResult<String> result = client.get().uri("/").exchange().expectStatus().isOk()
-				.expectBody(String.class).consumeWith(b -> assertThat(b.getResponseBody()).isEqualTo("ok"))
+				.expectBody(String.class).consumeWith((b) -> assertThat(b.getResponseBody()).isEqualTo("ok"))
 				.returnResult();
 
 		verifyZeroInteractions(this.authenticationManager);
@@ -101,7 +101,7 @@ public class AuthenticationWebFilterTests {
 		WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.filter).build();
 
 		EntityExchangeResult<String> result = client.get().uri("/").exchange().expectStatus().isOk()
-				.expectBody(String.class).consumeWith(b -> assertThat(b.getResponseBody()).isEqualTo("ok"))
+				.expectBody(String.class).consumeWith((b) -> assertThat(b.getResponseBody()).isEqualTo("ok"))
 				.returnResult();
 
 		verifyZeroInteractions(this.authenticationManagerResolver);
@@ -117,8 +117,8 @@ public class AuthenticationWebFilterTests {
 		WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.filter).build();
 
 		EntityExchangeResult<String> result = client.get().uri("/")
-				.headers(headers -> headers.setBasicAuth("test", "this")).exchange().expectStatus().isOk()
-				.expectBody(String.class).consumeWith(b -> assertThat(b.getResponseBody()).isEqualTo("ok"))
+				.headers((headers) -> headers.setBasicAuth("test", "this")).exchange().expectStatus().isOk()
+				.expectBody(String.class).consumeWith((b) -> assertThat(b.getResponseBody()).isEqualTo("ok"))
 				.returnResult();
 
 		assertThat(result.getResponseCookies()).isEmpty();
@@ -135,8 +135,8 @@ public class AuthenticationWebFilterTests {
 		WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.filter).build();
 
 		EntityExchangeResult<String> result = client.get().uri("/")
-				.headers(headers -> headers.setBasicAuth("test", "this")).exchange().expectStatus().isOk()
-				.expectBody(String.class).consumeWith(b -> assertThat(b.getResponseBody()).isEqualTo("ok"))
+				.headers((headers) -> headers.setBasicAuth("test", "this")).exchange().expectStatus().isOk()
+				.expectBody(String.class).consumeWith((b) -> assertThat(b.getResponseBody()).isEqualTo("ok"))
 				.returnResult();
 
 		assertThat(result.getResponseCookies()).isEmpty();
@@ -151,7 +151,7 @@ public class AuthenticationWebFilterTests {
 		WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.filter).build();
 
 		EntityExchangeResult<Void> result = client.get().uri("/")
-				.headers(headers -> headers.setBasicAuth("test", "this")).exchange().expectStatus().isUnauthorized()
+				.headers((headers) -> headers.setBasicAuth("test", "this")).exchange().expectStatus().isUnauthorized()
 				.expectHeader().valueMatches("WWW-Authenticate", "Basic realm=\"Realm\"").expectBody().isEmpty();
 
 		assertThat(result.getResponseCookies()).isEmpty();
@@ -168,7 +168,7 @@ public class AuthenticationWebFilterTests {
 		WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.filter).build();
 
 		EntityExchangeResult<Void> result = client.get().uri("/")
-				.headers(headers -> headers.setBasicAuth("test", "this")).exchange().expectStatus().isUnauthorized()
+				.headers((headers) -> headers.setBasicAuth("test", "this")).exchange().expectStatus().isUnauthorized()
 				.expectHeader().valueMatches("WWW-Authenticate", "Basic realm=\"Realm\"").expectBody().isEmpty();
 
 		assertThat(result.getResponseCookies()).isEmpty();
@@ -181,7 +181,7 @@ public class AuthenticationWebFilterTests {
 		WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.filter).build();
 
 		client.get().uri("/").exchange().expectStatus().isOk().expectBody(String.class)
-				.consumeWith(b -> assertThat(b.getResponseBody()).isEqualTo("ok")).returnResult();
+				.consumeWith((b) -> assertThat(b.getResponseBody()).isEqualTo("ok")).returnResult();
 
 		verify(this.securityContextRepository, never()).save(any(), any());
 		verifyZeroInteractions(this.authenticationManager, this.successHandler, this.failureHandler);
@@ -205,7 +205,7 @@ public class AuthenticationWebFilterTests {
 		given(this.authenticationConverter.convert(any())).willReturn(authentication);
 		given(this.authenticationManager.authenticate(any())).willReturn(authentication);
 		given(this.successHandler.onAuthenticationSuccess(any(), any())).willReturn(Mono.empty());
-		given(this.securityContextRepository.save(any(), any())).willAnswer(a -> Mono.just(a.getArguments()[0]));
+		given(this.securityContextRepository.save(any(), any())).willAnswer((a) -> Mono.just(a.getArguments()[0]));
 
 		WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.filter).build();
 
@@ -232,13 +232,13 @@ public class AuthenticationWebFilterTests {
 
 	@Test
 	public void filterWhenNotMatchAndConvertAndAuthenticationSuccessThenContinues() {
-		this.filter.setRequiresAuthenticationMatcher(e -> ServerWebExchangeMatcher.MatchResult.notMatch());
+		this.filter.setRequiresAuthenticationMatcher((e) -> ServerWebExchangeMatcher.MatchResult.notMatch());
 
 		WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.filter).build();
 
 		EntityExchangeResult<String> result = client.get().uri("/")
-				.headers(headers -> headers.setBasicAuth("test", "this")).exchange().expectStatus().isOk()
-				.expectBody(String.class).consumeWith(b -> assertThat(b.getResponseBody()).isEqualTo("ok"))
+				.headers((headers) -> headers.setBasicAuth("test", "this")).exchange().expectStatus().isOk()
+				.expectBody(String.class).consumeWith((b) -> assertThat(b.getResponseBody()).isEqualTo("ok"))
 				.returnResult();
 
 		assertThat(result.getResponseCookies()).isEmpty();
diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/DelegatingServerAuthenticationSuccessHandlerTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/DelegatingServerAuthenticationSuccessHandlerTests.java
index 4ced5bd408..179ae25eba 100644
--- a/web/src/test/java/org/springframework/security/web/server/authentication/DelegatingServerAuthenticationSuccessHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authentication/DelegatingServerAuthenticationSuccessHandlerTests.java
@@ -106,7 +106,7 @@ public class DelegatingServerAuthenticationSuccessHandlerTests {
 		AtomicBoolean slowDone = new AtomicBoolean();
 		CountDownLatch latch = new CountDownLatch(1);
 		ServerAuthenticationSuccessHandler slow = (exchange, authentication) -> Mono.delay(Duration.ofMillis(100))
-				.doOnSuccess(__ -> slowDone.set(true)).then();
+				.doOnSuccess((__) -> slowDone.set(true)).then();
 		ServerAuthenticationSuccessHandler second = (exchange, authentication) -> Mono.fromRunnable(() -> {
 			latch.countDown();
 			assertThat(slowDone.get()).describedAs("ServerAuthenticationSuccessHandler should be executed sequentially")
diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationFailureHandlerTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationFailureHandlerTests.java
index 84b295f9ad..25cba86938 100644
--- a/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationFailureHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationFailureHandlerTests.java
@@ -99,7 +99,7 @@ public class RedirectServerAuthenticationFailureHandlerTests {
 
 	private WebFilterExchange createExchange() {
 		return new WebFilterExchange(MockServerWebExchange.from(MockServerHttpRequest.get("/").build()),
-				new DefaultWebFilterChain(e -> Mono.empty()));
+				new DefaultWebFilterChain((e) -> Mono.empty()));
 	}
 
 }
diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/SwitchUserWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/SwitchUserWebFilterTests.java
index 2f7296860c..ae7e5531fb 100644
--- a/web/src/test/java/org/springframework/security/web/server/authentication/SwitchUserWebFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authentication/SwitchUserWebFilterTests.java
@@ -149,10 +149,10 @@ public class SwitchUserWebFilterTests {
 		assertThat(switchUserAuthentication.getAuthorities()).anyMatch(SwitchUserGrantedAuthority.class::isInstance);
 		assertThat(switchUserAuthentication.getAuthorities())
 				.anyMatch((a) -> a.getAuthority().contains(SwitchUserWebFilter.ROLE_PREVIOUS_ADMINISTRATOR));
-		assertThat(
-				switchUserAuthentication.getAuthorities().stream().filter(a -> a instanceof SwitchUserGrantedAuthority)
-						.map(a -> ((SwitchUserGrantedAuthority) a).getSource()).map(Principal::getName))
-								.contains(originalAuthentication.getName());
+		assertThat(switchUserAuthentication.getAuthorities().stream()
+				.filter((a) -> a instanceof SwitchUserGrantedAuthority)
+				.map((a) -> ((SwitchUserGrantedAuthority) a).getSource()).map(Principal::getName))
+						.contains(originalAuthentication.getName());
 	}
 
 	@Test
@@ -192,8 +192,8 @@ public class SwitchUserWebFilterTests {
 
 		assertThat(secondSwitchUserAuthentication.getName()).isEqualTo(targetUsername);
 		assertThat(secondSwitchUserAuthentication.getAuthorities().stream()
-				.filter(a -> a instanceof SwitchUserGrantedAuthority)
-				.map(a -> ((SwitchUserGrantedAuthority) a).getSource()).map(Principal::getName).findFirst()
+				.filter((a) -> a instanceof SwitchUserGrantedAuthority)
+				.map((a) -> ((SwitchUserGrantedAuthority) a).getSource()).map(Principal::getName).findFirst()
 				.orElse(null)).isEqualTo(originalAuthentication.getName());
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/logout/DelegatingServerLogoutHandlerTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/logout/DelegatingServerLogoutHandlerTests.java
index e531624c8e..9414b01363 100644
--- a/web/src/test/java/org/springframework/security/web/server/authentication/logout/DelegatingServerLogoutHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authentication/logout/DelegatingServerLogoutHandlerTests.java
@@ -112,7 +112,7 @@ public class DelegatingServerLogoutHandlerTests {
 		AtomicBoolean slowDone = new AtomicBoolean();
 		CountDownLatch latch = new CountDownLatch(1);
 		ServerLogoutHandler slow = (exchange, authentication) -> Mono.delay(Duration.ofMillis(100))
-				.doOnSuccess(__ -> slowDone.set(true)).then();
+				.doOnSuccess((__) -> slowDone.set(true)).then();
 		ServerLogoutHandler second = (exchange, authentication) -> Mono.fromRunnable(() -> {
 			latch.countDown();
 			assertThat(slowDone.get()).describedAs("ServerLogoutHandler should be executed sequentially").isTrue();
diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/logout/LogoutWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/logout/LogoutWebFilterTests.java
index 69e63942f2..4439a68961 100644
--- a/web/src/test/java/org/springframework/security/web/server/authentication/logout/LogoutWebFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authentication/logout/LogoutWebFilterTests.java
@@ -68,7 +68,7 @@ public class LogoutWebFilterTests {
 				.setLogoutHandler(new DelegatingServerLogoutHandler(this.handler1, this.handler2, this.handler3));
 
 		assertThat(getLogoutHandler()).isNotNull().isExactlyInstanceOf(DelegatingServerLogoutHandler.class)
-				.extracting(delegatingLogoutHandler -> ((Collection<ServerLogoutHandler>) ReflectionTestUtils
+				.extracting((delegatingLogoutHandler) -> ((Collection<ServerLogoutHandler>) ReflectionTestUtils
 						.getField(delegatingLogoutHandler, DelegatingServerLogoutHandler.class, "delegates")).stream()
 								.map(ServerLogoutHandler::getClass).collect(Collectors.toList()))
 				.isEqualTo(Arrays.asList(this.handler1.getClass(), this.handler2.getClass(), this.handler3.getClass()));
diff --git a/web/src/test/java/org/springframework/security/web/server/authorization/AuthorizationWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/authorization/AuthorizationWebFilterTests.java
index a35a1d5215..0bcbcb5edc 100644
--- a/web/src/test/java/org/springframework/security/web/server/authorization/AuthorizationWebFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authorization/AuthorizationWebFilterTests.java
@@ -66,7 +66,7 @@ public class AuthorizationWebFilterTests {
 	public void filterWhenNoAuthenticationThenThrowsAccessDenied() {
 		given(this.chain.filter(this.exchange)).willReturn(this.chainResult.mono());
 		AuthorizationWebFilter filter = new AuthorizationWebFilter(
-				(a, e) -> a.flatMap(auth -> Mono.error(new AccessDeniedException("Denied"))));
+				(a, e) -> a.flatMap((auth) -> Mono.error(new AccessDeniedException("Denied"))));
 
 		Mono<Void> result = filter.filter(this.exchange, this.chain).subscriberContext(
 				ReactiveSecurityContextHolder.withSecurityContext(Mono.just(new SecurityContextImpl())));
@@ -123,7 +123,7 @@ public class AuthorizationWebFilterTests {
 		PublisherProbe<SecurityContext> context = PublisherProbe.empty();
 		given(this.chain.filter(this.exchange)).willReturn(this.chainResult.mono());
 		AuthorizationWebFilter filter = new AuthorizationWebFilter((a, e) -> a
-				.map(auth -> new AuthorizationDecision(true)).defaultIfEmpty(new AuthorizationDecision(true)));
+				.map((auth) -> new AuthorizationDecision(true)).defaultIfEmpty(new AuthorizationDecision(true)));
 
 		Mono<Void> result = filter.filter(this.exchange, this.chain)
 				.subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(context.mono()));
diff --git a/web/src/test/java/org/springframework/security/web/server/context/ReactorContextWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/context/ReactorContextWebFilterTests.java
index 0f3024dd7f..f74e15e195 100644
--- a/web/src/test/java/org/springframework/security/web/server/context/ReactorContextWebFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/context/ReactorContextWebFilterTests.java
@@ -100,7 +100,7 @@ public class ReactorContextWebFilterTests {
 		given(this.repository.load(any())).willReturn(Mono.just(context));
 		this.handler = WebTestHandler.bindToWebFilters(this.filter,
 				(e, c) -> ReactiveSecurityContextHolder.getContext().map(SecurityContext::getAuthentication)
-						.doOnSuccess(p -> assertThat(p).isSameAs(this.principal)).flatMap(p -> c.filter(e)));
+						.doOnSuccess((p) -> assertThat(p).isSameAs(this.principal)).flatMap((p) -> c.filter(e)));
 
 		WebTestHandler.WebHandlerResult result = this.handler.exchange(this.exchange);
 
@@ -113,7 +113,7 @@ public class ReactorContextWebFilterTests {
 		String contextKey = "main";
 		WebFilter mainContextWebFilter = (e, c) -> c.filter(e).subscriberContext(Context.of(contextKey, true));
 
-		WebFilterChain chain = new DefaultWebFilterChain(e -> Mono.empty(), mainContextWebFilter, this.filter);
+		WebFilterChain chain = new DefaultWebFilterChain((e) -> Mono.empty(), mainContextWebFilter, this.filter);
 		Mono<Void> filter = chain.filter(MockServerWebExchange.from(this.exchange.build()));
 		StepVerifier.create(filter).expectAccessibleContext().hasKey(contextKey).then().verifyComplete();
 	}
diff --git a/web/src/test/java/org/springframework/security/web/server/context/SecurityContextServerWebExchangeWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/context/SecurityContextServerWebExchangeWebFilterTests.java
index c81b62f70c..63cb704adc 100644
--- a/web/src/test/java/org/springframework/security/web/server/context/SecurityContextServerWebExchangeWebFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/context/SecurityContextServerWebExchangeWebFilterTests.java
@@ -45,11 +45,11 @@ public class SecurityContextServerWebExchangeWebFilterTests {
 	@Test
 	public void filterWhenExistingContextAndPrincipalNotNullThenContextPopulated() {
 		Mono<Void> result = this.filter
-				.filter(this.exchange, new DefaultWebFilterChain(e -> e.getPrincipal()
-						.doOnSuccess(contextPrincipal -> assertThat(contextPrincipal).isEqualTo(this.principal))
-						.flatMap(contextPrincipal -> Mono.subscriberContext())
-						.doOnSuccess(context -> assertThat(context.<String>get("foo")).isEqualTo("bar")).then()))
-				.subscriberContext(context -> context.put("foo", "bar"))
+				.filter(this.exchange, new DefaultWebFilterChain((e) -> e.getPrincipal()
+						.doOnSuccess((contextPrincipal) -> assertThat(contextPrincipal).isEqualTo(this.principal))
+						.flatMap((contextPrincipal) -> Mono.subscriberContext())
+						.doOnSuccess((context) -> assertThat(context.<String>get("foo")).isEqualTo("bar")).then()))
+				.subscriberContext((context) -> context.put("foo", "bar"))
 				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.principal));
 
 		StepVerifier.create(result).verifyComplete();
@@ -59,8 +59,9 @@ public class SecurityContextServerWebExchangeWebFilterTests {
 	public void filterWhenPrincipalNotNullThenContextPopulated() {
 		Mono<Void> result = this.filter
 				.filter(this.exchange,
-						new DefaultWebFilterChain(e -> e.getPrincipal()
-								.doOnSuccess(contextPrincipal -> assertThat(contextPrincipal).isEqualTo(this.principal))
+						new DefaultWebFilterChain((e) -> e.getPrincipal()
+								.doOnSuccess(
+										(contextPrincipal) -> assertThat(contextPrincipal).isEqualTo(this.principal))
 								.then()))
 				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.principal));
 
@@ -71,8 +72,9 @@ public class SecurityContextServerWebExchangeWebFilterTests {
 	public void filterWhenPrincipalNullThenContextEmpty() {
 		Authentication defaultAuthentication = new TestingAuthenticationToken("anonymouse", "anonymous", "TEST");
 		Mono<Void> result = this.filter.filter(this.exchange,
-				new DefaultWebFilterChain(e -> e.getPrincipal().defaultIfEmpty(defaultAuthentication)
-						.doOnSuccess(contextPrincipal -> assertThat(contextPrincipal).isEqualTo(defaultAuthentication))
+				new DefaultWebFilterChain((e) -> e.getPrincipal().defaultIfEmpty(defaultAuthentication)
+						.doOnSuccess(
+								(contextPrincipal) -> assertThat(contextPrincipal).isEqualTo(defaultAuthentication))
 						.then()));
 		StepVerifier.create(result).verifyComplete();
 	}
diff --git a/web/src/test/java/org/springframework/security/web/server/csrf/WebSessionServerCsrfTokenRepositoryTests.java b/web/src/test/java/org/springframework/security/web/server/csrf/WebSessionServerCsrfTokenRepositoryTests.java
index 12065047cd..ba2cd59a9e 100644
--- a/web/src/test/java/org/springframework/security/web/server/csrf/WebSessionServerCsrfTokenRepositoryTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/csrf/WebSessionServerCsrfTokenRepositoryTests.java
@@ -59,7 +59,7 @@ public class WebSessionServerCsrfTokenRepositoryTests {
 	@Test
 	public void saveTokenWhenDefaultThenAddsToSession() {
 		Mono<CsrfToken> result = this.repository.generateToken(this.exchange)
-				.delayUntil(t -> this.repository.saveToken(this.exchange, t));
+				.delayUntil((t) -> this.repository.saveToken(this.exchange, t));
 		result.block();
 
 		WebSession session = this.exchange.getSession().block();
diff --git a/web/src/test/java/org/springframework/security/web/server/header/CompositeServerHttpHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/server/header/CompositeServerHttpHeadersWriterTests.java
index f2f33daf80..9a72024092 100644
--- a/web/src/test/java/org/springframework/security/web/server/header/CompositeServerHttpHeadersWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/header/CompositeServerHttpHeadersWriterTests.java
@@ -99,9 +99,9 @@ public class CompositeServerHttpHeadersWriterTests {
 	public void writeHttpHeadersSequential() throws Exception {
 		AtomicBoolean slowDone = new AtomicBoolean();
 		CountDownLatch latch = new CountDownLatch(1);
-		ServerHttpHeadersWriter slow = exchange -> Mono.delay(Duration.ofMillis(100))
-				.doOnSuccess(__ -> slowDone.set(true)).then();
-		ServerHttpHeadersWriter second = exchange -> Mono.fromRunnable(() -> {
+		ServerHttpHeadersWriter slow = (exchange) -> Mono.delay(Duration.ofMillis(100))
+				.doOnSuccess((__) -> slowDone.set(true)).then();
+		ServerHttpHeadersWriter second = (exchange) -> Mono.fromRunnable(() -> {
 			latch.countDown();
 			assertThat(slowDone.get()).describedAs("ServerLogoutHandler should be executed sequentially").isTrue();
 		});
diff --git a/web/src/test/java/org/springframework/security/web/server/savedrequest/CookieServerRequestCacheTests.java b/web/src/test/java/org/springframework/security/web/server/savedrequest/CookieServerRequestCacheTests.java
index d9295ab015..7bd21e0963 100644
--- a/web/src/test/java/org/springframework/security/web/server/savedrequest/CookieServerRequestCacheTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/savedrequest/CookieServerRequestCacheTests.java
@@ -91,7 +91,7 @@ public class CookieServerRequestCacheTests {
 
 	@Test
 	public void saveRequestWhenPostRequestAndCustomMatcherThenRequestUriInCookie() {
-		this.cache.setSaveRequestMatcher(e -> ServerWebExchangeMatcher.MatchResult.match());
+		this.cache.setSaveRequestMatcher((e) -> ServerWebExchangeMatcher.MatchResult.match());
 		MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.post("/secured/"));
 		this.cache.saveRequest(exchange).block();
 
diff --git a/web/src/test/java/org/springframework/security/web/server/savedrequest/WebSessionServerRequestCacheTests.java b/web/src/test/java/org/springframework/security/web/server/savedrequest/WebSessionServerRequestCacheTests.java
index d3b4267df5..4f1c45a04b 100644
--- a/web/src/test/java/org/springframework/security/web/server/savedrequest/WebSessionServerRequestCacheTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/savedrequest/WebSessionServerRequestCacheTests.java
@@ -79,7 +79,7 @@ public class WebSessionServerRequestCacheTests {
 
 	@Test
 	public void saveRequestGetRequestWhenPostAndCustomMatcherThenFound() {
-		this.cache.setSaveRequestMatcher(e -> ServerWebExchangeMatcher.MatchResult.match());
+		this.cache.setSaveRequestMatcher((e) -> ServerWebExchangeMatcher.MatchResult.match());
 		MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.post("/secured/"));
 		this.cache.saveRequest(exchange).block();
 
diff --git a/web/src/test/java/org/springframework/security/web/server/ui/LoginPageGeneratingWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/ui/LoginPageGeneratingWebFilterTests.java
index 2735794b47..6bedbadcc9 100644
--- a/web/src/test/java/org/springframework/security/web/server/ui/LoginPageGeneratingWebFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/ui/LoginPageGeneratingWebFilterTests.java
@@ -34,7 +34,7 @@ public class LoginPageGeneratingWebFilterTests {
 		MockServerWebExchange exchange = MockServerWebExchange
 				.from(MockServerHttpRequest.get("/test/login").contextPath("/test"));
 
-		filter.filter(exchange, e -> Mono.empty()).block();
+		filter.filter(exchange, (e) -> Mono.empty()).block();
 
 		assertThat(exchange.getResponse().getBodyAsString().block()).contains("action=\"/test/login\"");
 	}
@@ -46,7 +46,7 @@ public class LoginPageGeneratingWebFilterTests {
 
 		MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/login"));
 
-		filter.filter(exchange, e -> Mono.empty()).block();
+		filter.filter(exchange, (e) -> Mono.empty()).block();
 
 		assertThat(exchange.getResponse().getBodyAsString().block()).contains("action=\"/login\"");
 	}

From 612fb22a7f2841ea8d1c05336ea85b3f1fee1219 Mon Sep 17 00:00:00 2001
From: Phillip Webb <pwebb@vmware.com>
Date: Wed, 29 Jul 2020 18:18:00 -0700
Subject: [PATCH 44/84] Remove unnecessary lambda blocks

Remove lambda blocks that aren't needed and replace instead with a
simple expression.

Issue gh-8945
---
 .../rsocket/RSocketMessageHandlerITests.java  | 11 ++++-----
 .../config/web/server/HeaderSpecTests.java    |  8 +++----
 .../server/HtmlUnitWebTestClient.java         |  4 +---
 .../SecurityJackson2ModulesTests.java         |  4 +---
 etc/checkstyle/checkstyle-suppressions.xml    |  3 +--
 ...ReactiveOAuth2AuthorizedClientManager.java | 18 +++++++-------
 ...uthorizedClientExchangeFilterFunction.java | 24 ++++++++-----------
 ...zationCodeAuthenticationProviderTests.java | 16 ++++++-------
 .../oauth2/core/ClaimAccessorTests.java       |  9 ++-----
 .../web/HeaderBearerTokenResolverTests.java   | 10 ++++----
 .../core/PayloadInterceptorRSocketTests.java  |  5 ++--
 .../header/StaticServerHttpHeadersWriter.java |  4 +---
 ...tSecurityContextArgumentResolverTests.java |  5 ++--
 13 files changed, 48 insertions(+), 73 deletions(-)

diff --git a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerITests.java b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerITests.java
index ebe6c0f996..53e11a1c77 100644
--- a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerITests.java
+++ b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerITests.java
@@ -221,9 +221,9 @@ public class RSocketMessageHandlerITests {
 
 		@Bean
 		PayloadSocketAcceptorInterceptor rsocketInterceptor(RSocketSecurity rsocket) {
-			rsocket.authorizePayload((authorize) -> {
-				authorize.route("secure.*").authenticated().anyExchange().permitAll();
-			}).basicAuthentication(Customizer.withDefaults());
+			rsocket.authorizePayload(
+					(authorize) -> authorize.route("secure.*").authenticated().anyExchange().permitAll())
+					.basicAuthentication(Customizer.withDefaults());
 			return rsocket.build();
 		}
 
@@ -247,9 +247,8 @@ public class RSocketMessageHandlerITests {
 
 		@MessageMapping({ "secure.send", "send" })
 		Mono<Void> send(Mono<String> payload) {
-			return payload.doOnNext(this::add).then(Mono.fromRunnable(() -> {
-				doNotifyAll();
-			}));
+			return payload.doOnNext(this::add).then(Mono.fromRunnable(() -> doNotifyAll()));
+
 		}
 
 		private synchronized void doNotifyAll() {
diff --git a/config/src/test/java/org/springframework/security/config/web/server/HeaderSpecTests.java b/config/src/test/java/org/springframework/security/config/web/server/HeaderSpecTests.java
index 746da35e23..a168b477f7 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/HeaderSpecTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/HeaderSpecTests.java
@@ -336,12 +336,10 @@ public class HeaderSpecTests {
 	@Test
 	public void headersWhenCustomHeadersWriter() {
 		this.expectedHeaders.add(CUSTOM_HEADER, CUSTOM_VALUE);
-		this.http.headers((headers) -> headers.writer((exchange) -> {
-			return Mono.just(exchange).doOnNext((it) -> {
-				it.getResponse().getHeaders().add(CUSTOM_HEADER, CUSTOM_VALUE);
-			}).then();
+		this.http.headers((headers) -> headers.writer((exchange) -> Mono.just(exchange)
+				.doOnNext((it) -> it.getResponse().getHeaders().add(CUSTOM_HEADER, CUSTOM_VALUE)).then()
 
-		}));
+		));
 
 		assertHeaders();
 	}
diff --git a/config/src/test/java/org/springframework/security/htmlunit/server/HtmlUnitWebTestClient.java b/config/src/test/java/org/springframework/security/htmlunit/server/HtmlUnitWebTestClient.java
index 44f2c57947..1859625ce4 100644
--- a/config/src/test/java/org/springframework/security/htmlunit/server/HtmlUnitWebTestClient.java
+++ b/config/src/test/java/org/springframework/security/htmlunit/server/HtmlUnitWebTestClient.java
@@ -186,9 +186,7 @@ final class HtmlUnitWebTestClient {
 		}
 
 		private ClientRequest withClientCookies(ClientRequest request) {
-			return ClientRequest.from(request).cookies((c) -> {
-				c.addAll(clientCookies());
-			}).build();
+			return ClientRequest.from(request).cookies((c) -> c.addAll(clientCookies())).build();
 		}
 
 		private MultiValueMap<String, String> clientCookies() {
diff --git a/core/src/test/java/org/springframework/security/jackson2/SecurityJackson2ModulesTests.java b/core/src/test/java/org/springframework/security/jackson2/SecurityJackson2ModulesTests.java
index 79fb7d4fa4..305c22adc8 100644
--- a/core/src/test/java/org/springframework/security/jackson2/SecurityJackson2ModulesTests.java
+++ b/core/src/test/java/org/springframework/security/jackson2/SecurityJackson2ModulesTests.java
@@ -51,9 +51,7 @@ public class SecurityJackson2ModulesTests {
 	@Test
 	public void readValueWhenNotAllowedOrMappedThenThrowsException() {
 		String content = "{\"@class\":\"org.springframework.security.jackson2.SecurityJackson2ModulesTests$NotAllowlisted\",\"property\":\"bar\"}";
-		assertThatThrownBy(() -> {
-			this.mapper.readValue(content, Object.class);
-		}).hasStackTraceContaining("allowlist");
+		assertThatThrownBy(() -> this.mapper.readValue(content, Object.class)).hasStackTraceContaining("allowlist");
 	}
 
 	@Test
diff --git a/etc/checkstyle/checkstyle-suppressions.xml b/etc/checkstyle/checkstyle-suppressions.xml
index 5c12d4242a..ff6fb32e1b 100644
--- a/etc/checkstyle/checkstyle-suppressions.xml
+++ b/etc/checkstyle/checkstyle-suppressions.xml
@@ -3,8 +3,6 @@
 		"-//Checkstyle//DTD SuppressionFilter Configuration 1.2//EN"
 		"https://checkstyle.org/dtds/suppressions_1_2.dtd">
 <suppressions>
-	<suppress files=".*" checks="SpringJavadoc" />
-	<suppress files=".*" checks="SpringLambda" />
 	<suppress files=".*" checks="SpringMethodOrder" />
 	<suppress files=".*" checks="SpringMethodVisibility" />
 	<suppress files=".*" checks="SpringTernary" />
@@ -16,6 +14,7 @@
 	<suppress files=".*" checks="JavadocType" />
 	<suppress files=".*" checks="JavadocVariable" />
 	<suppress files=".*" checks="NonEmptyAtclauseDescription" />
+	<suppress files=".*" checks="SpringJavadoc" />
 
 	<!-- Ignore third-party code -->
 	<suppress files="BCrypt\.java|BCryptTests\.java" checks=".*"/>
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultReactiveOAuth2AuthorizedClientManager.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultReactiveOAuth2AuthorizedClientManager.java
index aa32c5841d..c1970512ff 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultReactiveOAuth2AuthorizedClientManager.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultReactiveOAuth2AuthorizedClientManager.java
@@ -146,16 +146,14 @@ public final class DefaultReactiveOAuth2AuthorizedClientManager implements React
 				.flatMap((serverWebExchange) -> Mono.justOrEmpty(authorizeRequest.getAuthorizedClient())
 						.switchIfEmpty(Mono
 								.defer(() -> loadAuthorizedClient(clientRegistrationId, principal, serverWebExchange)))
-						.flatMap((authorizedClient) -> {
-							// Re-authorize
-							return authorizationContext(authorizeRequest, authorizedClient)
-									.flatMap((authorizationContext) -> authorize(authorizationContext, principal,
-											serverWebExchange))
-									// Default to the existing authorizedClient if the
-									// client was not re-authorized
-									.defaultIfEmpty(authorizeRequest.getAuthorizedClient() != null
-											? authorizeRequest.getAuthorizedClient() : authorizedClient);
-						}).switchIfEmpty(Mono.defer(() ->
+						.flatMap((authorizedClient) -> // Re-authorize
+						authorizationContext(authorizeRequest, authorizedClient).flatMap(
+								(authorizationContext) -> authorize(authorizationContext, principal, serverWebExchange))
+								// Default to the existing authorizedClient if the
+								// client was not re-authorized
+								.defaultIfEmpty(authorizeRequest.getAuthorizedClient() != null
+										? authorizeRequest.getAuthorizedClient() : authorizedClient))
+						.switchIfEmpty(Mono.defer(() ->
 						// Authorize
 						this.clientRegistrationRepository.findByRegistrationId(clientRegistrationId)
 								.switchIfEmpty(Mono.error(() -> new IllegalArgumentException(
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunction.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunction.java
index 9970b8255d..b4a8fd8c6e 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunction.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunction.java
@@ -565,20 +565,16 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements
 			String clientRegistrationId = authorizeRequest.getClientRegistrationId();
 			Authentication principal = authorizeRequest.getPrincipal();
 
-			return Mono.justOrEmpty(authorizeRequest.getAuthorizedClient())
-					.switchIfEmpty(Mono.defer(() -> this.authorizedClientRepository
-							.loadAuthorizedClient(clientRegistrationId, principal, null)))
-					.flatMap((authorizedClient) -> {
-						// Re-authorize
-						return Mono
-								.just(OAuth2AuthorizationContext.withAuthorizedClient(authorizedClient)
-										.principal(principal).build())
-								.flatMap((authorizationContext) -> authorize(authorizationContext, principal))
-								// Default to the existing authorizedClient if the client
-								// was not re-authorized
-								.defaultIfEmpty(authorizeRequest.getAuthorizedClient() != null
-										? authorizeRequest.getAuthorizedClient() : authorizedClient);
-					}).switchIfEmpty(Mono.defer(() ->
+			return Mono.justOrEmpty(authorizeRequest.getAuthorizedClient()).switchIfEmpty(Mono.defer(
+					() -> this.authorizedClientRepository.loadAuthorizedClient(clientRegistrationId, principal, null)))
+					.flatMap((authorizedClient) -> // Re-authorize
+					Mono.just(OAuth2AuthorizationContext.withAuthorizedClient(authorizedClient).principal(principal)
+							.build()).flatMap((authorizationContext) -> authorize(authorizationContext, principal))
+							// Default to the existing authorizedClient if the client
+							// was not re-authorized
+							.defaultIfEmpty(authorizeRequest.getAuthorizedClient() != null
+									? authorizeRequest.getAuthorizedClient() : authorizedClient))
+					.switchIfEmpty(Mono.defer(() ->
 					// Authorize
 					this.clientRegistrationRepository.findByRegistrationId(clientRegistrationId)
 							.switchIfEmpty(Mono.error(() -> new IllegalArgumentException(
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationProviderTests.java
index e8d655ae23..3d82ba7717 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationProviderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationProviderTests.java
@@ -85,10 +85,10 @@ public class OAuth2AuthorizationCodeAuthenticationProviderTests {
 		OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(this.authorizationRequest,
 				authorizationResponse);
 
-		assertThatThrownBy(() -> {
-			this.authenticationProvider.authenticate(
-					new OAuth2AuthorizationCodeAuthenticationToken(this.clientRegistration, authorizationExchange));
-		}).isInstanceOf(OAuth2AuthorizationException.class).hasMessageContaining(OAuth2ErrorCodes.INVALID_REQUEST);
+		assertThatThrownBy(() -> this.authenticationProvider.authenticate(
+				new OAuth2AuthorizationCodeAuthenticationToken(this.clientRegistration, authorizationExchange)))
+						.isInstanceOf(OAuth2AuthorizationException.class)
+						.hasMessageContaining(OAuth2ErrorCodes.INVALID_REQUEST);
 	}
 
 	@Test
@@ -98,10 +98,10 @@ public class OAuth2AuthorizationCodeAuthenticationProviderTests {
 		OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(this.authorizationRequest,
 				authorizationResponse);
 
-		assertThatThrownBy(() -> {
-			this.authenticationProvider.authenticate(
-					new OAuth2AuthorizationCodeAuthenticationToken(this.clientRegistration, authorizationExchange));
-		}).isInstanceOf(OAuth2AuthorizationException.class).hasMessageContaining("invalid_state_parameter");
+		assertThatThrownBy(() -> this.authenticationProvider.authenticate(
+				new OAuth2AuthorizationCodeAuthenticationToken(this.clientRegistration, authorizationExchange)))
+						.isInstanceOf(OAuth2AuthorizationException.class)
+						.hasMessageContaining("invalid_state_parameter");
 	}
 
 	@Test
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/ClaimAccessorTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/ClaimAccessorTests.java
index a51174b003..272e74c75c 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/ClaimAccessorTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/ClaimAccessorTests.java
@@ -27,7 +27,7 @@ import org.junit.Before;
 import org.junit.Test;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.catchThrowable;
+import static org.assertj.core.api.Assertions.assertThatObject;
 
 /**
  * Tests for {@link ClaimAccessor}.
@@ -142,12 +142,7 @@ public class ClaimAccessorTests {
 		String expectedClaimValue = "true";
 		String claimName = "boolean";
 		this.claims.put(claimName, expectedClaimValue);
-
-		Throwable thrown = catchThrowable(() -> {
-			boolean actualClaimValue = this.claimAccessor.getClaim(claimName);
-		});
-
-		assertThat(thrown).isInstanceOf(ClassCastException.class);
+		assertThatObject(this.claimAccessor.getClaim(claimName)).isNotInstanceOf(Boolean.class);
 	}
 
 }
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/HeaderBearerTokenResolverTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/HeaderBearerTokenResolverTests.java
index 20121017c0..5be30212f0 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/HeaderBearerTokenResolverTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/HeaderBearerTokenResolverTests.java
@@ -38,16 +38,14 @@ public class HeaderBearerTokenResolverTests {
 
 	@Test
 	public void constructorWhenHeaderNullThenThrowIllegalArgumentException() {
-		assertThatCode(() -> {
-			new HeaderBearerTokenResolver(null);
-		}).isInstanceOf(IllegalArgumentException.class).hasMessage("header cannot be empty");
+		assertThatCode(() -> new HeaderBearerTokenResolver(null)).isInstanceOf(IllegalArgumentException.class)
+				.hasMessage("header cannot be empty");
 	}
 
 	@Test
 	public void constructorWhenHeaderEmptyThenThrowIllegalArgumentException() {
-		assertThatCode(() -> {
-			new HeaderBearerTokenResolver("");
-		}).isInstanceOf(IllegalArgumentException.class).hasMessage("header cannot be empty");
+		assertThatCode(() -> new HeaderBearerTokenResolver("")).isInstanceOf(IllegalArgumentException.class)
+				.hasMessage("header cannot be empty");
 	}
 
 	@Test
diff --git a/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadInterceptorRSocketTests.java b/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadInterceptorRSocketTests.java
index a96324d2f6..d41d5b2541 100644
--- a/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadInterceptorRSocketTests.java
+++ b/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadInterceptorRSocketTests.java
@@ -94,9 +94,8 @@ public class PayloadInterceptorRSocketTests {
 	public void constructorWhenNullDelegateThenException() {
 		this.delegate = null;
 		List<PayloadInterceptor> interceptors = Arrays.asList(this.interceptor);
-		assertThatCode(() -> {
-			new PayloadInterceptorRSocket(this.delegate, interceptors, this.metadataMimeType, this.dataMimeType);
-		}).isInstanceOf(IllegalArgumentException.class);
+		assertThatCode(() -> new PayloadInterceptorRSocket(this.delegate, interceptors, this.metadataMimeType,
+				this.dataMimeType)).isInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
diff --git a/web/src/main/java/org/springframework/security/web/server/header/StaticServerHttpHeadersWriter.java b/web/src/main/java/org/springframework/security/web/server/header/StaticServerHttpHeadersWriter.java
index 9be1b23891..1f636f5cd3 100644
--- a/web/src/main/java/org/springframework/security/web/server/header/StaticServerHttpHeadersWriter.java
+++ b/web/src/main/java/org/springframework/security/web/server/header/StaticServerHttpHeadersWriter.java
@@ -43,9 +43,7 @@ public class StaticServerHttpHeadersWriter implements ServerHttpHeadersWriter {
 		HttpHeaders headers = exchange.getResponse().getHeaders();
 		boolean containsOneHeaderToAdd = Collections.disjoint(headers.keySet(), this.headersToAdd.keySet());
 		if (containsOneHeaderToAdd) {
-			this.headersToAdd.forEach((name, values) -> {
-				headers.put(name, values);
-			});
+			this.headersToAdd.forEach(headers::put);
 		}
 		return Mono.empty();
 	}
diff --git a/web/src/test/java/org/springframework/security/web/method/annotation/CurrentSecurityContextArgumentResolverTests.java b/web/src/test/java/org/springframework/security/web/method/annotation/CurrentSecurityContextArgumentResolverTests.java
index ae55230c7a..7dfb2df30c 100644
--- a/web/src/test/java/org/springframework/security/web/method/annotation/CurrentSecurityContextArgumentResolverTests.java
+++ b/web/src/test/java/org/springframework/security/web/method/annotation/CurrentSecurityContextArgumentResolverTests.java
@@ -111,9 +111,8 @@ public class CurrentSecurityContextArgumentResolverTests {
 		SecurityContext context = SecurityContextHolder.getContext();
 		Authentication authentication = context.getAuthentication();
 		context.setAuthentication(null);
-		assertThatExceptionOfType(SpelEvaluationException.class).isThrownBy(() -> {
-			this.resolver.resolveArgument(showSecurityContextAuthenticationWithPrincipal(), null, null, null);
-		});
+		assertThatExceptionOfType(SpelEvaluationException.class).isThrownBy(() -> this.resolver
+				.resolveArgument(showSecurityContextAuthenticationWithPrincipal(), null, null, null));
 		context.setAuthentication(authentication);
 	}
 

From ec6a4cb3f0c64c7880fe1b92860bc5620c573227 Mon Sep 17 00:00:00 2001
From: Phillip Webb <pwebb@vmware.com>
Date: Wed, 29 Jul 2020 20:03:19 -0700
Subject: [PATCH 45/84] Use consistent equals/hashCode/toString order

Ensure that `equals` `hashCode` and `toString` methods always appear in
the same order. This aligns with the style used in Spring Framework.

Issue gh-8945
---
 .../acls/domain/AbstractPermission.java       | 29 ++++++++---------
 .../DefaultServiceAuthenticationDetails.java  | 16 +++++-----
 .../jaas/JaasGrantedAuthority.java            | 16 +++++-----
 .../security/util/InMemoryResource.java       | 11 +++----
 etc/checkstyle/checkstyle-suppressions.xml    |  1 -
 ...icationPrincipalArgumentResolverTests.java | 16 +++++-----
 .../setup/SecurityMockMvcConfigurer.java      |  8 ++---
 .../web/access/intercept/RequestKey.java      | 18 +++++------
 .../SwitchUserGrantedAuthority.java           | 16 +++++-----
 .../web/csrf/LazyCsrfTokenRepository.java     | 31 +++++++++----------
 .../web/util/OnCommittedResponseWrapper.java  | 28 ++++++++---------
 ...icationPrincipalArgumentResolverTests.java | 16 +++++-----
 12 files changed, 95 insertions(+), 111 deletions(-)

diff --git a/acl/src/main/java/org/springframework/security/acls/domain/AbstractPermission.java b/acl/src/main/java/org/springframework/security/acls/domain/AbstractPermission.java
index e878de16e6..147f643966 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/AbstractPermission.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/AbstractPermission.java
@@ -52,18 +52,25 @@ public abstract class AbstractPermission implements Permission {
 	}
 
 	@Override
-	public final boolean equals(Object arg0) {
-		if (arg0 == null) {
+	public final boolean equals(Object obj) {
+		if (obj == null) {
 			return false;
 		}
-
-		if (!(arg0 instanceof Permission)) {
+		if (!(obj instanceof Permission)) {
 			return false;
 		}
+		Permission other = (Permission) obj;
+		return (this.mask == other.getMask());
+	}
 
-		Permission rhs = (Permission) arg0;
+	@Override
+	public final int hashCode() {
+		return this.mask;
+	}
 
-		return (this.mask == rhs.getMask());
+	@Override
+	public final String toString() {
+		return this.getClass().getSimpleName() + "[" + getPattern() + "=" + this.mask + "]";
 	}
 
 	@Override
@@ -76,14 +83,4 @@ public abstract class AbstractPermission implements Permission {
 		return AclFormattingUtils.printBinary(this.mask, this.code);
 	}
 
-	@Override
-	public final String toString() {
-		return this.getClass().getSimpleName() + "[" + getPattern() + "=" + this.mask + "]";
-	}
-
-	@Override
-	public final int hashCode() {
-		return this.mask;
-	}
-
 }
diff --git a/cas/src/main/java/org/springframework/security/cas/web/authentication/DefaultServiceAuthenticationDetails.java b/cas/src/main/java/org/springframework/security/cas/web/authentication/DefaultServiceAuthenticationDetails.java
index d16c723826..370402c26a 100644
--- a/cas/src/main/java/org/springframework/security/cas/web/authentication/DefaultServiceAuthenticationDetails.java
+++ b/cas/src/main/java/org/springframework/security/cas/web/authentication/DefaultServiceAuthenticationDetails.java
@@ -67,14 +67,6 @@ final class DefaultServiceAuthenticationDetails extends WebAuthenticationDetails
 		return this.serviceUrl;
 	}
 
-	@Override
-	public int hashCode() {
-		final int prime = 31;
-		int result = super.hashCode();
-		result = prime * result + this.serviceUrl.hashCode();
-		return result;
-	}
-
 	@Override
 	public boolean equals(Object obj) {
 		if (this == obj) {
@@ -87,6 +79,14 @@ final class DefaultServiceAuthenticationDetails extends WebAuthenticationDetails
 		return this.serviceUrl.equals(that.getServiceUrl());
 	}
 
+	@Override
+	public int hashCode() {
+		final int prime = 31;
+		int result = super.hashCode();
+		result = prime * result + this.serviceUrl.hashCode();
+		return result;
+	}
+
 	@Override
 	public String toString() {
 		StringBuilder result = new StringBuilder();
diff --git a/core/src/main/java/org/springframework/security/authentication/jaas/JaasGrantedAuthority.java b/core/src/main/java/org/springframework/security/authentication/jaas/JaasGrantedAuthority.java
index 4bfadc6454..d0d76b89d1 100644
--- a/core/src/main/java/org/springframework/security/authentication/jaas/JaasGrantedAuthority.java
+++ b/core/src/main/java/org/springframework/security/authentication/jaas/JaasGrantedAuthority.java
@@ -53,27 +53,25 @@ public final class JaasGrantedAuthority implements GrantedAuthority {
 		return this.role;
 	}
 
-	@Override
-	public int hashCode() {
-		int result = this.principal.hashCode();
-		result = 31 * result + this.role.hashCode();
-		return result;
-	}
-
 	@Override
 	public boolean equals(Object obj) {
 		if (this == obj) {
 			return true;
 		}
-
 		if (obj instanceof JaasGrantedAuthority) {
 			JaasGrantedAuthority jga = (JaasGrantedAuthority) obj;
 			return this.role.equals(jga.role) && this.principal.equals(jga.principal);
 		}
-
 		return false;
 	}
 
+	@Override
+	public int hashCode() {
+		int result = this.principal.hashCode();
+		result = 31 * result + this.role.hashCode();
+		return result;
+	}
+
 	@Override
 	public String toString() {
 		return "Jaas Authority [" + this.role + "," + this.principal + "]";
diff --git a/core/src/main/java/org/springframework/security/util/InMemoryResource.java b/core/src/main/java/org/springframework/security/util/InMemoryResource.java
index c027324f90..30b3158b6a 100644
--- a/core/src/main/java/org/springframework/security/util/InMemoryResource.java
+++ b/core/src/main/java/org/springframework/security/util/InMemoryResource.java
@@ -62,18 +62,17 @@ public class InMemoryResource extends AbstractResource {
 		return new ByteArrayInputStream(this.source);
 	}
 
-	@Override
-	public int hashCode() {
-		return 1;
-	}
-
 	@Override
 	public boolean equals(Object res) {
 		if (!(res instanceof InMemoryResource)) {
 			return false;
 		}
-
 		return Arrays.equals(this.source, ((InMemoryResource) res).source);
 	}
 
+	@Override
+	public int hashCode() {
+		return 1;
+	}
+
 }
diff --git a/etc/checkstyle/checkstyle-suppressions.xml b/etc/checkstyle/checkstyle-suppressions.xml
index ff6fb32e1b..d36fa62d5a 100644
--- a/etc/checkstyle/checkstyle-suppressions.xml
+++ b/etc/checkstyle/checkstyle-suppressions.xml
@@ -3,7 +3,6 @@
 		"-//Checkstyle//DTD SuppressionFilter Configuration 1.2//EN"
 		"https://checkstyle.org/dtds/suppressions_1_2.dtd">
 <suppressions>
-	<suppress files=".*" checks="SpringMethodOrder" />
 	<suppress files=".*" checks="SpringMethodVisibility" />
 	<suppress files=".*" checks="SpringTernary" />
 	<suppress files=".*" checks="WhitespaceAfter" />
diff --git a/messaging/src/test/java/org/springframework/security/messaging/context/AuthenticationPrincipalArgumentResolverTests.java b/messaging/src/test/java/org/springframework/security/messaging/context/AuthenticationPrincipalArgumentResolverTests.java
index 565e85ccea..fe3e6c2323 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/context/AuthenticationPrincipalArgumentResolverTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/context/AuthenticationPrincipalArgumentResolverTests.java
@@ -275,14 +275,6 @@ public class AuthenticationPrincipalArgumentResolverTests {
 			this.property = toCopy.property;
 		}
 
-		@Override
-		public int hashCode() {
-			final int prime = 31;
-			int result = 1;
-			result = prime * result + ((this.property == null) ? 0 : this.property.hashCode());
-			return result;
-		}
-
 		@Override
 		public boolean equals(Object obj) {
 			if (this == obj) {
@@ -306,6 +298,14 @@ public class AuthenticationPrincipalArgumentResolverTests {
 			return true;
 		}
 
+		@Override
+		public int hashCode() {
+			final int prime = 31;
+			int result = 1;
+			result = prime * result + ((this.property == null) ? 0 : this.property.hashCode());
+			return result;
+		}
+
 	}
 
 }
diff --git a/test/src/main/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurer.java b/test/src/main/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurer.java
index d6438e5973..0a0df842c3 100644
--- a/test/src/main/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurer.java
+++ b/test/src/main/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurer.java
@@ -143,13 +143,13 @@ final class SecurityMockMvcConfigurer extends MockMvcConfigurerAdapter {
 		}
 
 		@Override
-		public int hashCode() {
-			return getDelegate().hashCode();
+		public boolean equals(Object obj) {
+			return getDelegate().equals(obj);
 		}
 
 		@Override
-		public boolean equals(Object obj) {
-			return getDelegate().equals(obj);
+		public int hashCode() {
+			return getDelegate().hashCode();
 		}
 
 		@Override
diff --git a/web/src/main/java/org/springframework/security/web/access/intercept/RequestKey.java b/web/src/main/java/org/springframework/security/web/access/intercept/RequestKey.java
index e7a37eb180..6779564117 100644
--- a/web/src/main/java/org/springframework/security/web/access/intercept/RequestKey.java
+++ b/web/src/main/java/org/springframework/security/web/access/intercept/RequestKey.java
@@ -46,32 +46,28 @@ public class RequestKey {
 		return this.method;
 	}
 
-	@Override
-	public int hashCode() {
-		int result = this.url.hashCode();
-		result = 31 * result + (this.method != null ? this.method.hashCode() : 0);
-		return result;
-	}
-
 	@Override
 	public boolean equals(Object obj) {
 		if (!(obj instanceof RequestKey)) {
 			return false;
 		}
-
 		RequestKey key = (RequestKey) obj;
-
 		if (!this.url.equals(key.url)) {
 			return false;
 		}
-
 		if (this.method == null) {
 			return key.method == null;
 		}
-
 		return this.method.equals(key.method);
 	}
 
+	@Override
+	public int hashCode() {
+		int result = this.url.hashCode();
+		result = 31 * result + (this.method != null ? this.method.hashCode() : 0);
+		return result;
+	}
+
 	@Override
 	public String toString() {
 		StringBuilder sb = new StringBuilder(this.url.length() + 7);
diff --git a/web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserGrantedAuthority.java b/web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserGrantedAuthority.java
index 5764b1ca3b..a05155e9e0 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserGrantedAuthority.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserGrantedAuthority.java
@@ -59,27 +59,25 @@ public final class SwitchUserGrantedAuthority implements GrantedAuthority {
 		return this.role;
 	}
 
-	@Override
-	public int hashCode() {
-		int result = this.role.hashCode();
-		result = 31 * result + this.source.hashCode();
-		return result;
-	}
-
 	@Override
 	public boolean equals(Object obj) {
 		if (this == obj) {
 			return true;
 		}
-
 		if (obj instanceof SwitchUserGrantedAuthority) {
 			SwitchUserGrantedAuthority swa = (SwitchUserGrantedAuthority) obj;
 			return this.role.equals(swa.role) && this.source.equals(swa.source);
 		}
-
 		return false;
 	}
 
+	@Override
+	public int hashCode() {
+		int result = this.role.hashCode();
+		result = 31 * result + this.source.hashCode();
+		return result;
+	}
+
 	@Override
 	public String toString() {
 		return "Switch User Authority [" + this.role + "," + this.source + "]";
diff --git a/web/src/main/java/org/springframework/security/web/csrf/LazyCsrfTokenRepository.java b/web/src/main/java/org/springframework/security/web/csrf/LazyCsrfTokenRepository.java
index c64724a8bc..fcb044a327 100644
--- a/web/src/main/java/org/springframework/security/web/csrf/LazyCsrfTokenRepository.java
+++ b/web/src/main/java/org/springframework/security/web/csrf/LazyCsrfTokenRepository.java
@@ -129,28 +129,12 @@ public final class LazyCsrfTokenRepository implements CsrfTokenRepository {
 			return this.delegate.getToken();
 		}
 
-		@Override
-		public String toString() {
-			return "SaveOnAccessCsrfToken [delegate=" + this.delegate + "]";
-		}
-
-		@Override
-		public int hashCode() {
-			final int prime = 31;
-			int result = 1;
-			result = prime * result + ((this.delegate == null) ? 0 : this.delegate.hashCode());
-			return result;
-		}
-
 		@Override
 		public boolean equals(Object obj) {
 			if (this == obj) {
 				return true;
 			}
-			if (obj == null) {
-				return false;
-			}
-			if (getClass() != obj.getClass()) {
+			if (obj == null || getClass() != obj.getClass()) {
 				return false;
 			}
 			SaveOnAccessCsrfToken other = (SaveOnAccessCsrfToken) obj;
@@ -165,6 +149,19 @@ public final class LazyCsrfTokenRepository implements CsrfTokenRepository {
 			return true;
 		}
 
+		@Override
+		public int hashCode() {
+			final int prime = 31;
+			int result = 1;
+			result = prime * result + ((this.delegate == null) ? 0 : this.delegate.hashCode());
+			return result;
+		}
+
+		@Override
+		public String toString() {
+			return "SaveOnAccessCsrfToken [delegate=" + this.delegate + "]";
+		}
+
 		private void saveTokenIfNecessary() {
 			if (this.tokenRepository == null) {
 				return;
diff --git a/web/src/main/java/org/springframework/security/web/util/OnCommittedResponseWrapper.java b/web/src/main/java/org/springframework/security/web/util/OnCommittedResponseWrapper.java
index aac699f03e..d35d6336a0 100644
--- a/web/src/main/java/org/springframework/security/web/util/OnCommittedResponseWrapper.java
+++ b/web/src/main/java/org/springframework/security/web/util/OnCommittedResponseWrapper.java
@@ -283,13 +283,13 @@ public abstract class OnCommittedResponseWrapper extends HttpServletResponseWrap
 		}
 
 		@Override
-		public int hashCode() {
-			return this.delegate.hashCode();
+		public boolean equals(Object obj) {
+			return this.delegate.equals(obj);
 		}
 
 		@Override
-		public boolean equals(Object obj) {
-			return this.delegate.equals(obj);
+		public int hashCode() {
+			return this.delegate.hashCode();
 		}
 
 		@Override
@@ -529,16 +529,6 @@ public abstract class OnCommittedResponseWrapper extends HttpServletResponseWrap
 			this.delegate.close();
 		}
 
-		@Override
-		public int hashCode() {
-			return this.delegate.hashCode();
-		}
-
-		@Override
-		public boolean equals(Object obj) {
-			return this.delegate.equals(obj);
-		}
-
 		@Override
 		public void print(boolean b) throws IOException {
 			trackContentLength(b);
@@ -658,6 +648,16 @@ public abstract class OnCommittedResponseWrapper extends HttpServletResponseWrap
 			this.delegate.setWriteListener(writeListener);
 		}
 
+		@Override
+		public boolean equals(Object obj) {
+			return this.delegate.equals(obj);
+		}
+
+		@Override
+		public int hashCode() {
+			return this.delegate.hashCode();
+		}
+
 		@Override
 		public String toString() {
 			return getClass().getName() + "[delegate=" + this.delegate.toString() + "]";
diff --git a/web/src/test/java/org/springframework/security/web/method/annotation/AuthenticationPrincipalArgumentResolverTests.java b/web/src/test/java/org/springframework/security/web/method/annotation/AuthenticationPrincipalArgumentResolverTests.java
index 630627d31c..31b97dc145 100644
--- a/web/src/test/java/org/springframework/security/web/method/annotation/AuthenticationPrincipalArgumentResolverTests.java
+++ b/web/src/test/java/org/springframework/security/web/method/annotation/AuthenticationPrincipalArgumentResolverTests.java
@@ -279,14 +279,6 @@ public class AuthenticationPrincipalArgumentResolverTests {
 			this.property = toCopy.property;
 		}
 
-		@Override
-		public int hashCode() {
-			final int prime = 31;
-			int result = 1;
-			result = prime * result + ((this.property == null) ? 0 : this.property.hashCode());
-			return result;
-		}
-
 		@Override
 		public boolean equals(Object obj) {
 			if (this == obj) {
@@ -310,6 +302,14 @@ public class AuthenticationPrincipalArgumentResolverTests {
 			return true;
 		}
 
+		@Override
+		public int hashCode() {
+			final int prime = 31;
+			int result = 1;
+			result = prime * result + ((this.property == null) ? 0 : this.property.hashCode());
+			return result;
+		}
+
 	}
 
 }

From 8d3f039f764933c336136048172932b94e3328ac Mon Sep 17 00:00:00 2001
From: Phillip Webb <pwebb@vmware.com>
Date: Wed, 29 Jul 2020 22:05:08 -0700
Subject: [PATCH 46/84] Reduce method visibility when possible

Reduce method visibility for package private classes when possible.

In the case of abstract classes that will eventually be made public,
the class has been made public and a package-private constructor has
been added.

Issue gh-8945
---
 .../security/acls/jdbc/AclClassIdUtils.java   |  2 +-
 .../acls/jdbc/BasicLookupStrategy.java        |  8 +--
 .../acls/jdbc/JdbcAclServiceTests.java        | 12 ++---
 ...onProviderBuilderSecurityBuilderTests.java |  6 +--
 .../rsocket/HelloRSocketITests.java           |  6 +--
 .../config/annotation/rsocket/JwtITests.java  |  6 +--
 ...RSocketMessageHandlerConnectionITests.java |  6 +--
 .../rsocket/RSocketMessageHandlerITests.java  |  6 +--
 .../rsocket/SimpleAuthenticationITests.java   |  6 +--
 .../AbstractDaoAuthenticationConfigurer.java  |  4 +-
 .../Jsr250MetadataSourceConfiguration.java    |  2 +-
 .../ReactiveMethodSecurityConfiguration.java  |  8 +--
 .../rsocket/RSocketSecurityConfiguration.java |  2 +-
 .../web/AbstractRequestMatcherRegistry.java   | 14 +++---
 .../web/builders/FilterComparator.java        |  8 +--
 ...edWebSecurityConfigurersIgnoreParents.java |  3 +-
 .../HttpSecurityConfiguration.java            |  8 +--
 .../WebMvcSecurityConfiguration.java          |  2 +-
 ...ConfigAttributeRequestMatcherRegistry.java |  8 +--
 .../AbstractInterceptUrlConfigurer.java       | 10 +++-
 .../web/configurers/CsrfConfigurer.java       |  4 +-
 .../web/configurers/PermitAllSupport.java     | 10 ++--
 .../OAuth2ResourceServerConfigurer.java       |  2 +-
 .../ReactiveOAuth2ClientImportSelector.java   |  6 +--
 .../ServerHttpSecurityConfiguration.java      | 10 ++--
 .../WebFluxSecurityConfiguration.java         |  6 +--
 .../HttpSecurityBeanDefinitionParser.java     |  2 +-
 .../http/OAuth2LoginBeanDefinitionParser.java |  2 +-
 .../security/config/http/WebConfigUtils.java  |  9 ++--
 .../ContextSourceSettingPostProcessor.java    |  5 +-
 ...balMethodSecurityBeanDefinitionParser.java |  4 +-
 ...tractServerWebExchangeMatcherRegistry.java |  5 +-
 .../ConcereteSecurityConfigurerAdapter.java   |  2 +-
 .../annotation/ObjectPostProcessorTests.java  |  2 +-
 ...SecurityConfigurerAdapterClosureTests.java |  2 +-
 .../AuthenticationManagerBuilderTests.java    |  6 +--
 .../NamespaceAuthenticationManagerTests.java  |  4 +-
 .../NamespaceAuthenticationProviderTests.java |  2 +-
 .../NamespaceJdbcUserServiceTests.java        |  4 +-
 .../NamespacePasswordEncoderTests.java        |  4 +-
 .../PasswordEncoderConfigurerTests.java       |  4 +-
 .../AuthenticationConfigurationTests.java     | 18 +++----
 .../EnableGlobalAuthenticationTests.java      | 12 ++---
 ...reBeanFactoryObjectPostProcessorTests.java |  8 +--
 .../EnableReactiveMethodSecurityTests.java    |  4 +-
 ...lobalMethodSecurityConfigurationTests.java | 50 +++++++++----------
 ...ctiveMethodSecurityConfigurationTests.java |  2 +-
 ...SampleEnableGlobalMethodSecurityTests.java |  2 +-
 .../annotation/sec2758/Sec2758Tests.java      |  8 +--
 .../WebSecurityConfigurerAdapterTests.java    | 10 ++--
 .../web/builders/NamespaceHttpTests.java      |  2 +-
 .../web/builders/WebSecurityTests.java        |  4 +-
 .../configuration/EnableWebSecurityTests.java | 10 ++--
 .../HttpSecurityConfigurationTests.java       | 14 +++---
 .../OAuth2ClientConfigurationTests.java       | 44 ++++++++--------
 ...ntextConfigurationResourceServerTests.java |  2 +-
 .../WebMvcSecurityConfigurationTests.java     |  8 +--
 .../WebSecurityConfigurationTests.java        |  8 +--
 .../configurers/AuthorizeRequestsTests.java   | 16 +++---
 .../CsrfConfigurerNoWebMvcTests.java          |  2 +-
 .../web/configurers/CsrfConfigurerTests.java  |  4 +-
 .../web/configurers/DefaultFiltersTests.java  |  4 +-
 .../ExceptionHandlingConfigurerTests.java     |  4 +-
 ...essionUrlAuthorizationConfigurerTests.java | 18 ++++---
 .../HttpSecurityRequestMatchersTests.java     | 10 ++--
 .../configurers/NamespaceHttpBasicTests.java  |  2 +-
 .../NamespaceHttpCustomFilterTests.java       | 10 +---
 .../NamespaceHttpFormLoginTests.java          |  2 +-
 .../NamespaceHttpInterceptUrlTests.java       | 10 ++--
 .../configurers/NamespaceHttpJeeTests.java    |  4 +-
 .../NamespaceHttpOpenIDLoginTests.java        | 10 +---
 .../NamespaceHttpRequestCacheTests.java       |  2 +-
 .../NamespaceSessionManagementTests.java      | 12 ++---
 .../RememberMeConfigurerTests.java            | 10 ++--
 .../RequestCacheConfigurerTests.java          |  2 +-
 .../ServletApiConfigurerTests.java            |  4 +-
 ...tConfigurerSessionCreationPolicyTests.java |  2 +-
 .../SessionManagementConfigurerTests.java     |  6 +--
 .../UrlAuthorizationConfigurerTests.java      |  4 +-
 .../client/OAuth2ClientConfigurerTests.java   | 12 ++---
 .../OAuth2ResourceServerConfigurerTests.java  | 30 +++++------
 .../reactive/EnableWebFluxSecurityTests.java  | 24 ++++-----
 ...SocketMessageBrokerConfigurerDocTests.java |  6 +--
 ...WebSocketMessageBrokerConfigurerTests.java | 12 +++--
 ...uthenticationConfigurationGh3935Tests.java |  2 +-
 .../core/GrantedAuthorityDefaultsJcTests.java |  6 +--
 ...ceFactoryBeanPropertiesResourceITests.java |  2 +-
 ...yBeanPropertiesResourceLocationITests.java |  2 +-
 ...erviceResourceFactoryBeanStringITests.java |  2 +-
 .../config/http/InterceptUrlConfigTests.java  |  4 +-
 .../config/http/MiscHttpConfigTests.java      | 14 +++---
 .../http/MultiHttpBlockConfigTests.java       |  2 +-
 .../config/http/OpenIDConfigTests.java        |  2 +-
 .../http/SessionManagementConfigTests.java    | 10 ++--
 .../CustomHttpSecurityConfigurerTests.java    |  4 +-
 ...ceFactoryBeanPropertiesResourceITests.java |  2 +-
 ...yBeanPropertiesResourceLocationITests.java |  2 +-
 ...anagerResourceFactoryBeanStringITests.java |  2 +-
 .../web/server/HttpsRedirectSpecTests.java    |  4 +-
 .../web/server/OAuth2ClientSpecTests.java     |  4 +-
 .../config/web/server/OAuth2LoginTests.java   | 12 ++---
 .../WebSocketMessageBrokerConfigTests.java    |  6 ++-
 .../server/HtmlUnitWebTestClient.java         |  2 +-
 .../server/MockWebResponseBuilder.java        |  2 +-
 ...bTestClientHtmlUnitDriverBuilderTests.java |  8 +--
 ...tMethodSecurityExpressionHandlerTests.java |  4 +-
 .../AbstractSecurityInterceptorTests.java     |  4 +-
 .../dao/DaoAuthenticationProviderTests.java   |  2 +-
 .../SecurityJackson2ModulesTests.java         |  8 +--
 .../crypto/argon2/Argon2EncodingUtils.java    |  4 +-
 .../security/crypto/encrypt/CipherUtils.java  | 16 +++---
 .../security/crypto/password/Digester.java    |  2 +-
 .../security/crypto/password/Md4.java         |  6 +--
 etc/checkstyle/checkstyle-suppressions.xml    | 22 +++++++-
 .../security/ldap/LdapEncoder.java            |  6 +--
 .../ldap/authentication/LdapEncoder.java      |  6 +--
 .../AbstractMessageMatcherComposite.java      |  2 +-
 ...activeOAuth2AccessTokenResponseClient.java |  5 +-
 .../oauth2/jwt/ReactiveRemoteJWKSource.java   |  2 +-
 .../rsocket/core/PayloadSocketAcceptor.java   |  4 +-
 ...AuthenticationPayloadInterceptorChain.java |  4 +-
 .../CaptureSecurityContextSocketAcceptor.java |  2 +-
 .../AbstractSaml2AuthenticationRequest.java   |  4 +-
 .../taglibs/authz/AuthenticationTagTests.java |  2 +-
 ...hSecurityContextTestExecutionListener.java |  4 +-
 ...WithUserDetailsSecurityContextFactory.java |  2 +-
 .../server/SecurityMockServerConfigurers.java |  9 ++--
 .../SecurityMockMvcRequestPostProcessors.java | 18 +++----
 .../showcase/WithMockUserParentTests.java     |  2 +-
 .../context/showcase/WithMockUserTests.java   |  2 +-
 .../showcase/WithUserDetailsTests.java        |  9 ++--
 ...ityContextTestExcecutionListenerTests.java |  5 +-
 .../web/servlet/request/Sec2935Tests.java     |  2 +-
 ...rocessorsAuthenticationStatelessTests.java |  4 +-
 ...sorsTestSecurityContextStatelessTests.java |  9 ++--
 .../SecurityMockMvcResultMatchersTests.java   |  2 +-
 ...WithAuthoritiesMvcResultMatchersTests.java |  2 +-
 .../showcase/csrf/CsrfShowcaseTests.java      |  2 +-
 .../csrf/CustomCsrfShowcaseTests.java         |  4 +-
 .../csrf/DefaultCsrfShowcaseTests.java        |  2 +-
 .../CustomConfigAuthenticationTests.java      |  2 +-
 .../DefaultfSecurityRequestsTests.java        |  2 +-
 .../secured/SecurityRequestsTests.java        |  2 +-
 .../secured/WithUserAuthenticationTests.java  |  2 +-
 ...WithUserClassLevelAuthenticationTests.java |  2 +-
 .../WithUserDetailsAuthenticationTests.java   |  2 +-
 ...rDetailsClassLevelAuthenticationTests.java |  2 +-
 .../security/web/FilterInvocation.java        | 16 +++---
 ...ractSessionFixationProtectionStrategy.java |  5 +-
 .../security/web/debug/Logger.java            |  4 +-
 ...ractRequestParameterAllowFromStrategy.java |  5 +-
 .../HttpServlet3RequestFactory.java           |  8 +--
 ...DefaultLoginPageGeneratingFilterTests.java |  2 +-
 ...WebAsyncManagerIntegrationFilterTests.java |  2 +-
 .../security/web/csrf/CsrfFilterTests.java    |  2 +-
 155 files changed, 508 insertions(+), 477 deletions(-)

diff --git a/acl/src/main/java/org/springframework/security/acls/jdbc/AclClassIdUtils.java b/acl/src/main/java/org/springframework/security/acls/jdbc/AclClassIdUtils.java
index 8f000bdd83..5d124d8b52 100644
--- a/acl/src/main/java/org/springframework/security/acls/jdbc/AclClassIdUtils.java
+++ b/acl/src/main/java/org/springframework/security/acls/jdbc/AclClassIdUtils.java
@@ -142,7 +142,7 @@ class AclClassIdUtils {
 		return object.getClass().isAssignableFrom(String.class);
 	}
 
-	public void setConversionService(ConversionService conversionService) {
+	void setConversionService(ConversionService conversionService) {
 		Assert.notNull(conversionService, "conversionService must not be null");
 		this.conversionService = conversionService;
 	}
diff --git a/acl/src/main/java/org/springframework/security/acls/jdbc/BasicLookupStrategy.java b/acl/src/main/java/org/springframework/security/acls/jdbc/BasicLookupStrategy.java
index 6258b27495..4ebf564588 100644
--- a/acl/src/main/java/org/springframework/security/acls/jdbc/BasicLookupStrategy.java
+++ b/acl/src/main/java/org/springframework/security/acls/jdbc/BasicLookupStrategy.java
@@ -655,15 +655,15 @@ public class BasicLookupStrategy implements LookupStrategy {
 			this.id = id;
 		}
 
+		Long getId() {
+			return this.id;
+		}
+
 		@Override
 		public List<AccessControlEntry> getEntries() {
 			throw new UnsupportedOperationException("Stub only");
 		}
 
-		public Long getId() {
-			return this.id;
-		}
-
 		@Override
 		public ObjectIdentity getObjectIdentity() {
 			throw new UnsupportedOperationException("Stub only");
diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcAclServiceTests.java b/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcAclServiceTests.java
index d76f888c08..3e5e09c2f7 100644
--- a/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcAclServiceTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcAclServiceTests.java
@@ -175,29 +175,29 @@ public class JdbcAclServiceTests {
 				.isEqualTo(UUID.fromString("25d93b3f-c3aa-4814-9d5e-c7c96ced7762"));
 	}
 
-	private class MockLongIdDomainObject {
+	class MockLongIdDomainObject {
 
 		private Object id;
 
-		public Object getId() {
+		Object getId() {
 			return this.id;
 		}
 
-		public void setId(Object id) {
+		void setId(Object id) {
 			this.id = id;
 		}
 
 	}
 
-	private class MockUntypedIdDomainObject {
+	class MockUntypedIdDomainObject {
 
 		private Object id;
 
-		public Object getId() {
+		Object getId() {
 			return this.id;
 		}
 
-		public void setId(Object id) {
+		void setId(Object id) {
 			this.id = id;
 		}
 
diff --git a/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/LdapAuthenticationProviderBuilderSecurityBuilderTests.java b/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/LdapAuthenticationProviderBuilderSecurityBuilderTests.java
index b51a4128b9..36d1d636ee 100644
--- a/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/LdapAuthenticationProviderBuilderSecurityBuilderTests.java
+++ b/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/LdapAuthenticationProviderBuilderSecurityBuilderTests.java
@@ -273,7 +273,7 @@ public class LdapAuthenticationProviderBuilderSecurityBuilderTests {
 	abstract static class BaseLdapServerConfig extends BaseLdapProviderConfig {
 
 		@Bean
-		public ApacheDSContainer ldapServer() throws Exception {
+		ApacheDSContainer ldapServer() throws Exception {
 			ApacheDSContainer apacheDSContainer = new ApacheDSContainer("dc=springframework,dc=org",
 					"classpath:/test-server.ldif");
 			apacheDSContainer.setPort(getPort());
@@ -288,7 +288,7 @@ public class LdapAuthenticationProviderBuilderSecurityBuilderTests {
 	abstract static class BaseLdapProviderConfig extends WebSecurityConfigurerAdapter {
 
 		@Bean
-		public BaseLdapPathContextSource contextSource() throws Exception {
+		BaseLdapPathContextSource contextSource() throws Exception {
 			DefaultSpringSecurityContextSource contextSource = new DefaultSpringSecurityContextSource(
 					"ldap://127.0.0.1:" + getPort() + "/dc=springframework,dc=org");
 			contextSource.setUserDn("uid=admin,ou=system");
@@ -298,7 +298,7 @@ public class LdapAuthenticationProviderBuilderSecurityBuilderTests {
 		}
 
 		@Bean
-		public AuthenticationManager authenticationManager(AuthenticationManagerBuilder auth) throws Exception {
+		AuthenticationManager authenticationManager(AuthenticationManagerBuilder auth) throws Exception {
 			configure(auth);
 			return auth.build();
 		}
diff --git a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/HelloRSocketITests.java b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/HelloRSocketITests.java
index ebe5e52d23..a6809b8574 100644
--- a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/HelloRSocketITests.java
+++ b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/HelloRSocketITests.java
@@ -116,19 +116,19 @@ public class HelloRSocketITests {
 	static class Config {
 
 		@Bean
-		public ServerController controller() {
+		ServerController controller() {
 			return new ServerController();
 		}
 
 		@Bean
-		public RSocketMessageHandler messageHandler() {
+		RSocketMessageHandler messageHandler() {
 			RSocketMessageHandler handler = new RSocketMessageHandler();
 			handler.setRSocketStrategies(rsocketStrategies());
 			return handler;
 		}
 
 		@Bean
-		public RSocketStrategies rsocketStrategies() {
+		RSocketStrategies rsocketStrategies() {
 			return RSocketStrategies.builder().encoder(new BasicAuthenticationEncoder()).build();
 		}
 
diff --git a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/JwtITests.java b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/JwtITests.java
index 4ef09c80d9..12e27e88c9 100644
--- a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/JwtITests.java
+++ b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/JwtITests.java
@@ -137,19 +137,19 @@ public class JwtITests {
 	static class Config {
 
 		@Bean
-		public ServerController controller() {
+		ServerController controller() {
 			return new ServerController();
 		}
 
 		@Bean
-		public RSocketMessageHandler messageHandler() {
+		RSocketMessageHandler messageHandler() {
 			RSocketMessageHandler handler = new RSocketMessageHandler();
 			handler.setRSocketStrategies(rsocketStrategies());
 			return handler;
 		}
 
 		@Bean
-		public RSocketStrategies rsocketStrategies() {
+		RSocketStrategies rsocketStrategies() {
 			return RSocketStrategies.builder().encoder(new BearerTokenAuthenticationEncoder()).build();
 		}
 
diff --git a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerConnectionITests.java b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerConnectionITests.java
index 01c3095b9f..1a73888c74 100644
--- a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerConnectionITests.java
+++ b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerConnectionITests.java
@@ -204,19 +204,19 @@ public class RSocketMessageHandlerConnectionITests {
 	static class Config {
 
 		@Bean
-		public ServerController controller() {
+		ServerController controller() {
 			return new ServerController();
 		}
 
 		@Bean
-		public RSocketMessageHandler messageHandler() {
+		RSocketMessageHandler messageHandler() {
 			RSocketMessageHandler handler = new RSocketMessageHandler();
 			handler.setRSocketStrategies(rsocketStrategies());
 			return handler;
 		}
 
 		@Bean
-		public RSocketStrategies rsocketStrategies() {
+		RSocketStrategies rsocketStrategies() {
 			return RSocketStrategies.builder().encoder(new BasicAuthenticationEncoder()).build();
 		}
 
diff --git a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerITests.java b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerITests.java
index 53e11a1c77..eb22782c00 100644
--- a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerITests.java
+++ b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerITests.java
@@ -186,19 +186,19 @@ public class RSocketMessageHandlerITests {
 	static class Config {
 
 		@Bean
-		public ServerController controller() {
+		ServerController controller() {
 			return new ServerController();
 		}
 
 		@Bean
-		public RSocketMessageHandler messageHandler() {
+		RSocketMessageHandler messageHandler() {
 			RSocketMessageHandler handler = new RSocketMessageHandler();
 			handler.setRSocketStrategies(rsocketStrategies());
 			return handler;
 		}
 
 		@Bean
-		public RSocketStrategies rsocketStrategies() {
+		RSocketStrategies rsocketStrategies() {
 			return RSocketStrategies.builder().encoder(new BasicAuthenticationEncoder()).build();
 		}
 
diff --git a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/SimpleAuthenticationITests.java b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/SimpleAuthenticationITests.java
index 2598c152cb..fc3d4e01ed 100644
--- a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/SimpleAuthenticationITests.java
+++ b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/SimpleAuthenticationITests.java
@@ -121,19 +121,19 @@ public class SimpleAuthenticationITests {
 	static class Config {
 
 		@Bean
-		public ServerController controller() {
+		ServerController controller() {
 			return new ServerController();
 		}
 
 		@Bean
-		public RSocketMessageHandler messageHandler() {
+		RSocketMessageHandler messageHandler() {
 			RSocketMessageHandler handler = new RSocketMessageHandler();
 			handler.setRSocketStrategies(rsocketStrategies());
 			return handler;
 		}
 
 		@Bean
-		public RSocketStrategies rsocketStrategies() {
+		RSocketStrategies rsocketStrategies() {
 			return RSocketStrategies.builder().encoder(new SimpleAuthenticationEncoder()).build();
 		}
 
diff --git a/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/userdetails/AbstractDaoAuthenticationConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/userdetails/AbstractDaoAuthenticationConfigurer.java
index 0cfea53ac4..6acd120958 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/userdetails/AbstractDaoAuthenticationConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/userdetails/AbstractDaoAuthenticationConfigurer.java
@@ -33,7 +33,7 @@ import org.springframework.security.crypto.password.PasswordEncoder;
  * @author Rob Winch
  * @since 3.2
  */
-abstract class AbstractDaoAuthenticationConfigurer<B extends ProviderManagerBuilder<B>, C extends AbstractDaoAuthenticationConfigurer<B, C, U>, U extends UserDetailsService>
+public abstract class AbstractDaoAuthenticationConfigurer<B extends ProviderManagerBuilder<B>, C extends AbstractDaoAuthenticationConfigurer<B, C, U>, U extends UserDetailsService>
 		extends UserDetailsAwareConfigurer<B, U> {
 
 	private DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
@@ -44,7 +44,7 @@ abstract class AbstractDaoAuthenticationConfigurer<B extends ProviderManagerBuil
 	 * Creates a new instance
 	 * @param userDetailsService
 	 */
-	protected AbstractDaoAuthenticationConfigurer(U userDetailsService) {
+	AbstractDaoAuthenticationConfigurer(U userDetailsService) {
 		this.userDetailsService = userDetailsService;
 		this.provider.setUserDetailsService(userDetailsService);
 		if (userDetailsService instanceof UserDetailsPasswordService) {
diff --git a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/Jsr250MetadataSourceConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/Jsr250MetadataSourceConfiguration.java
index 42b6198a11..147e8c6070 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/Jsr250MetadataSourceConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/Jsr250MetadataSourceConfiguration.java
@@ -28,7 +28,7 @@ class Jsr250MetadataSourceConfiguration {
 
 	@Bean
 	@Role(BeanDefinition.ROLE_INFRASTRUCTURE)
-	public Jsr250MethodSecurityMetadataSource jsr250MethodSecurityMetadataSource() {
+	Jsr250MethodSecurityMetadataSource jsr250MethodSecurityMetadataSource() {
 		return new Jsr250MethodSecurityMetadataSource();
 	}
 
diff --git a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecurityConfiguration.java
index 39ac8e362b..102795da16 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecurityConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecurityConfiguration.java
@@ -51,7 +51,7 @@ class ReactiveMethodSecurityConfiguration implements ImportAware {
 
 	@Bean
 	@Role(BeanDefinition.ROLE_INFRASTRUCTURE)
-	public MethodSecurityMetadataSourceAdvisor methodSecurityInterceptor(AbstractMethodSecurityMetadataSource source) {
+	MethodSecurityMetadataSourceAdvisor methodSecurityInterceptor(AbstractMethodSecurityMetadataSource source) {
 		MethodSecurityMetadataSourceAdvisor advisor = new MethodSecurityMetadataSourceAdvisor(
 				"securityMethodInterceptor", source, "methodMetadataSource");
 		advisor.setOrder(this.advisorOrder);
@@ -60,7 +60,7 @@ class ReactiveMethodSecurityConfiguration implements ImportAware {
 
 	@Bean
 	@Role(BeanDefinition.ROLE_INFRASTRUCTURE)
-	public DelegatingMethodSecurityMetadataSource methodMetadataSource(
+	DelegatingMethodSecurityMetadataSource methodMetadataSource(
 			MethodSecurityExpressionHandler methodSecurityExpressionHandler) {
 		ExpressionBasedAnnotationAttributeFactory attributeFactory = new ExpressionBasedAnnotationAttributeFactory(
 				methodSecurityExpressionHandler);
@@ -70,7 +70,7 @@ class ReactiveMethodSecurityConfiguration implements ImportAware {
 	}
 
 	@Bean
-	public PrePostAdviceReactiveMethodInterceptor securityMethodInterceptor(AbstractMethodSecurityMetadataSource source,
+	PrePostAdviceReactiveMethodInterceptor securityMethodInterceptor(AbstractMethodSecurityMetadataSource source,
 			MethodSecurityExpressionHandler handler) {
 
 		ExpressionBasedPostInvocationAdvice postAdvice = new ExpressionBasedPostInvocationAdvice(handler);
@@ -82,7 +82,7 @@ class ReactiveMethodSecurityConfiguration implements ImportAware {
 
 	@Bean
 	@Role(BeanDefinition.ROLE_INFRASTRUCTURE)
-	public DefaultMethodSecurityExpressionHandler methodSecurityExpressionHandler() {
+	DefaultMethodSecurityExpressionHandler methodSecurityExpressionHandler() {
 		DefaultMethodSecurityExpressionHandler handler = new DefaultMethodSecurityExpressionHandler();
 		if (this.grantedAuthorityDefaults != null) {
 			handler.setDefaultRolePrefix(this.grantedAuthorityDefaults.getRolePrefix());
diff --git a/config/src/main/java/org/springframework/security/config/annotation/rsocket/RSocketSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/rsocket/RSocketSecurityConfiguration.java
index 9e6cfcb73d..ea5c2f1a32 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/rsocket/RSocketSecurityConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/rsocket/RSocketSecurityConfiguration.java
@@ -60,7 +60,7 @@ class RSocketSecurityConfiguration {
 
 	@Bean(name = RSOCKET_SECURITY_BEAN_NAME)
 	@Scope("prototype")
-	public RSocketSecurity rsocketSecurity(ApplicationContext context) {
+	RSocketSecurity rsocketSecurity(ApplicationContext context) {
 		RSocketSecurity security = new RSocketSecurity().authenticationManager(authenticationManager());
 		security.setApplicationContext(context);
 		return security;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistry.java b/config/src/main/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistry.java
index 920f6ec55a..92871d5519 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistry.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistry.java
@@ -235,6 +235,9 @@ public abstract class AbstractRequestMatcherRegistry<C> {
 	 */
 	private static final class RequestMatchers {
 
+		private RequestMatchers() {
+		}
+
 		/**
 		 * Create a {@link List} of {@link AntPathRequestMatcher} instances.
 		 * @param httpMethod the {@link HttpMethod} to use or {@code null} for any
@@ -243,7 +246,7 @@ public abstract class AbstractRequestMatcherRegistry<C> {
 		 * from
 		 * @return a {@link List} of {@link AntPathRequestMatcher} instances
 		 */
-		public static List<RequestMatcher> antMatchers(HttpMethod httpMethod, String... antPatterns) {
+		static List<RequestMatcher> antMatchers(HttpMethod httpMethod, String... antPatterns) {
 			String method = httpMethod == null ? null : httpMethod.toString();
 			List<RequestMatcher> matchers = new ArrayList<>();
 			for (String pattern : antPatterns) {
@@ -259,7 +262,7 @@ public abstract class AbstractRequestMatcherRegistry<C> {
 		 * from
 		 * @return a {@link List} of {@link AntPathRequestMatcher} instances
 		 */
-		public static List<RequestMatcher> antMatchers(String... antPatterns) {
+		static List<RequestMatcher> antMatchers(String... antPatterns) {
 			return antMatchers(null, antPatterns);
 		}
 
@@ -271,7 +274,7 @@ public abstract class AbstractRequestMatcherRegistry<C> {
 		 * {@link RegexRequestMatcher} from
 		 * @return a {@link List} of {@link RegexRequestMatcher} instances
 		 */
-		public static List<RequestMatcher> regexMatchers(HttpMethod httpMethod, String... regexPatterns) {
+		static List<RequestMatcher> regexMatchers(HttpMethod httpMethod, String... regexPatterns) {
 			String method = httpMethod == null ? null : httpMethod.toString();
 			List<RequestMatcher> matchers = new ArrayList<>();
 			for (String pattern : regexPatterns) {
@@ -287,13 +290,10 @@ public abstract class AbstractRequestMatcherRegistry<C> {
 		 * {@link RegexRequestMatcher} from
 		 * @return a {@link List} of {@link RegexRequestMatcher} instances
 		 */
-		public static List<RequestMatcher> regexMatchers(String... regexPatterns) {
+		static List<RequestMatcher> regexMatchers(String... regexPatterns) {
 			return regexMatchers(null, regexPatterns);
 		}
 
-		private RequestMatchers() {
-		}
-
 	}
 
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/builders/FilterComparator.java b/config/src/main/java/org/springframework/security/config/annotation/web/builders/FilterComparator.java
index 49352164cc..d143aab14c 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/builders/FilterComparator.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/builders/FilterComparator.java
@@ -125,7 +125,7 @@ final class FilterComparator implements Comparator<Filter>, Serializable {
 	 * @param filter
 	 * @return
 	 */
-	public boolean isRegistered(Class<? extends Filter> filter) {
+	boolean isRegistered(Class<? extends Filter> filter) {
 		return getOrder(filter) != null;
 	}
 
@@ -136,7 +136,7 @@ final class FilterComparator implements Comparator<Filter>, Serializable {
 	 * @param afterFilter the {@link Filter} that is already registered and that
 	 * {@code filter} should be placed after.
 	 */
-	public void registerAfter(Class<? extends Filter> filter, Class<? extends Filter> afterFilter) {
+	void registerAfter(Class<? extends Filter> filter, Class<? extends Filter> afterFilter) {
 		Integer position = getOrder(afterFilter);
 		if (position == null) {
 			throw new IllegalArgumentException("Cannot register after unregistered Filter " + afterFilter);
@@ -151,7 +151,7 @@ final class FilterComparator implements Comparator<Filter>, Serializable {
 	 * @param atFilter the {@link Filter} that is already registered and that
 	 * {@code filter} should be placed at.
 	 */
-	public void registerAt(Class<? extends Filter> filter, Class<? extends Filter> atFilter) {
+	void registerAt(Class<? extends Filter> filter, Class<? extends Filter> atFilter) {
 		Integer position = getOrder(atFilter);
 		if (position == null) {
 			throw new IllegalArgumentException("Cannot register after unregistered Filter " + atFilter);
@@ -167,7 +167,7 @@ final class FilterComparator implements Comparator<Filter>, Serializable {
 	 * @param beforeFilter the {@link Filter} that is already registered and that
 	 * {@code filter} should be placed before.
 	 */
-	public void registerBefore(Class<? extends Filter> filter, Class<? extends Filter> beforeFilter) {
+	void registerBefore(Class<? extends Filter> filter, Class<? extends Filter> beforeFilter) {
 		Integer position = getOrder(beforeFilter);
 		if (position == null) {
 			throw new IllegalArgumentException("Cannot register after unregistered Filter " + beforeFilter);
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/AutowiredWebSecurityConfigurersIgnoreParents.java b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/AutowiredWebSecurityConfigurersIgnoreParents.java
index 7297f22f3e..dec674d305 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/AutowiredWebSecurityConfigurersIgnoreParents.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/AutowiredWebSecurityConfigurersIgnoreParents.java
@@ -35,9 +35,8 @@ import org.springframework.util.Assert;
  * {@link ApplicationContext} but ignoring the parent.
  *
  * @author Rob Winch
- *
  */
-final class AutowiredWebSecurityConfigurersIgnoreParents {
+public final class AutowiredWebSecurityConfigurersIgnoreParents {
 
 	private final ConfigurableListableBeanFactory beanFactory;
 
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfiguration.java
index 1a38a58bf0..90f2cf9f03 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfiguration.java
@@ -56,7 +56,7 @@ class HttpSecurityConfiguration {
 	private ApplicationContext context;
 
 	@Autowired
-	public void setObjectPostProcessor(ObjectPostProcessor<Object> objectPostProcessor) {
+	void setObjectPostProcessor(ObjectPostProcessor<Object> objectPostProcessor) {
 		this.objectPostProcessor = objectPostProcessor;
 	}
 
@@ -66,18 +66,18 @@ class HttpSecurityConfiguration {
 	}
 
 	@Autowired
-	public void setAuthenticationConfiguration(AuthenticationConfiguration authenticationConfiguration) {
+	void setAuthenticationConfiguration(AuthenticationConfiguration authenticationConfiguration) {
 		this.authenticationConfiguration = authenticationConfiguration;
 	}
 
 	@Autowired
-	public void setApplicationContext(ApplicationContext context) {
+	void setApplicationContext(ApplicationContext context) {
 		this.context = context;
 	}
 
 	@Bean(HTTPSECURITY_BEAN_NAME)
 	@Scope("prototype")
-	public HttpSecurity httpSecurity() throws Exception {
+	HttpSecurity httpSecurity() throws Exception {
 		WebSecurityConfigurerAdapter.LazyPasswordEncoder passwordEncoder = new WebSecurityConfigurerAdapter.LazyPasswordEncoder(
 				this.context);
 
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebMvcSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebMvcSecurityConfiguration.java
index 583ed45c92..0e72157de2 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebMvcSecurityConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebMvcSecurityConfiguration.java
@@ -66,7 +66,7 @@ class WebMvcSecurityConfiguration implements WebMvcConfigurer, ApplicationContex
 	}
 
 	@Bean
-	public RequestDataValueProcessor requestDataValueProcessor() {
+	RequestDataValueProcessor requestDataValueProcessor() {
 		return new CsrfRequestDataValueProcessor();
 	}
 
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractConfigAttributeRequestMatcherRegistry.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractConfigAttributeRequestMatcherRegistry.java
index 9ffbaf7680..9385feb21e 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractConfigAttributeRequestMatcherRegistry.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractConfigAttributeRequestMatcherRegistry.java
@@ -122,20 +122,20 @@ public abstract class AbstractConfigAttributeRequestMatcherRegistry<C> extends A
 	 */
 	static final class UrlMapping {
 
-		private RequestMatcher requestMatcher;
+		private final RequestMatcher requestMatcher;
 
-		private Collection<ConfigAttribute> configAttrs;
+		private final Collection<ConfigAttribute> configAttrs;
 
 		UrlMapping(RequestMatcher requestMatcher, Collection<ConfigAttribute> configAttrs) {
 			this.requestMatcher = requestMatcher;
 			this.configAttrs = configAttrs;
 		}
 
-		public RequestMatcher getRequestMatcher() {
+		RequestMatcher getRequestMatcher() {
 			return this.requestMatcher;
 		}
 
-		public Collection<ConfigAttribute> getConfigAttrs() {
+		Collection<ConfigAttribute> getConfigAttrs() {
 			return this.configAttrs;
 		}
 
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractInterceptUrlConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractInterceptUrlConfigurer.java
index 3c4b687f1e..fb0d0e089e 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractInterceptUrlConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractInterceptUrlConfigurer.java
@@ -61,13 +61,16 @@ import org.springframework.security.web.access.intercept.FilterSecurityIntercept
  * @see ExpressionUrlAuthorizationConfigurer
  * @see UrlAuthorizationConfigurer
  */
-abstract class AbstractInterceptUrlConfigurer<C extends AbstractInterceptUrlConfigurer<C, H>, H extends HttpSecurityBuilder<H>>
+public abstract class AbstractInterceptUrlConfigurer<C extends AbstractInterceptUrlConfigurer<C, H>, H extends HttpSecurityBuilder<H>>
 		extends AbstractHttpConfigurer<C, H> {
 
 	private Boolean filterSecurityInterceptorOncePerRequest;
 
 	private AccessDecisionManager accessDecisionManager;
 
+	AbstractInterceptUrlConfigurer() {
+	}
+
 	@Override
 	public void configure(H http) throws Exception {
 		FilterInvocationSecurityMetadataSource metadataSource = createMetadataSource(http);
@@ -145,9 +148,12 @@ abstract class AbstractInterceptUrlConfigurer<C extends AbstractInterceptUrlConf
 		return securityInterceptor;
 	}
 
-	abstract class AbstractInterceptUrlRegistry<R extends AbstractInterceptUrlRegistry<R, T>, T>
+	public abstract class AbstractInterceptUrlRegistry<R extends AbstractInterceptUrlRegistry<R, T>, T>
 			extends AbstractConfigAttributeRequestMatcherRegistry<T> {
 
+		AbstractInterceptUrlRegistry() {
+		}
+
 		/**
 		 * Allows setting the {@link AccessDecisionManager}. If none is provided, a
 		 * default {@link AccessDecisionManager} is created.
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurer.java
index 44f7dd85b7..6ead1c38c4 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurer.java
@@ -338,7 +338,7 @@ public final class CsrfConfigurer<H extends HttpSecurityBuilder<H>>
 			return mvcMatchers(null, mvcPatterns);
 		}
 
-		public CsrfConfigurer<H> and() {
+		CsrfConfigurer<H> and() {
 			return CsrfConfigurer.this;
 		}
 
@@ -366,7 +366,7 @@ public final class CsrfConfigurer<H extends HttpSecurityBuilder<H>>
 			this.mvcMatchers = mvcMatchers;
 		}
 
-		public IgnoreCsrfProtectionRegistry servletPath(String servletPath) {
+		IgnoreCsrfProtectionRegistry servletPath(String servletPath) {
 			for (MvcRequestMatcher matcher : this.mvcMatchers) {
 				matcher.setServletPath(servletPath);
 			}
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/PermitAllSupport.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/PermitAllSupport.java
index 3f2a83a00b..c1c9152954 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/PermitAllSupport.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/PermitAllSupport.java
@@ -31,7 +31,10 @@ import org.springframework.security.web.util.matcher.RequestMatcher;
  */
 final class PermitAllSupport {
 
-	public static void permitAll(HttpSecurityBuilder<? extends HttpSecurityBuilder<?>> http, String... urls) {
+	private PermitAllSupport() {
+	}
+
+	static void permitAll(HttpSecurityBuilder<? extends HttpSecurityBuilder<?>> http, String... urls) {
 		for (String url : urls) {
 			if (url != null) {
 				permitAll(http, new ExactUrlRequestMatcher(url));
@@ -40,7 +43,7 @@ final class PermitAllSupport {
 	}
 
 	@SuppressWarnings("unchecked")
-	public static void permitAll(HttpSecurityBuilder<? extends HttpSecurityBuilder<?>> http,
+	static void permitAll(HttpSecurityBuilder<? extends HttpSecurityBuilder<?>> http,
 			RequestMatcher... requestMatchers) {
 		ExpressionUrlAuthorizationConfigurer<?> configurer = http
 				.getConfigurer(ExpressionUrlAuthorizationConfigurer.class);
@@ -90,7 +93,4 @@ final class PermitAllSupport {
 
 	}
 
-	private PermitAllSupport() {
-	}
-
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurer.java
index 53db1292f7..03053952f3 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurer.java
@@ -511,7 +511,7 @@ public final class OAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<
 			}
 		}
 
-		public void setBearerTokenResolver(BearerTokenResolver tokenResolver) {
+		void setBearerTokenResolver(BearerTokenResolver tokenResolver) {
 			Assert.notNull(tokenResolver, "resolver cannot be null");
 			this.bearerTokenResolver = tokenResolver;
 		}
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/reactive/ReactiveOAuth2ClientImportSelector.java b/config/src/main/java/org/springframework/security/config/annotation/web/reactive/ReactiveOAuth2ClientImportSelector.java
index d55c7440e1..46b109fc28 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/reactive/ReactiveOAuth2ClientImportSelector.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/reactive/ReactiveOAuth2ClientImportSelector.java
@@ -78,17 +78,17 @@ final class ReactiveOAuth2ClientImportSelector implements ImportSelector {
 		}
 
 		@Autowired(required = false)
-		public void setClientRegistrationRepository(ReactiveClientRegistrationRepository clientRegistrationRepository) {
+		void setClientRegistrationRepository(ReactiveClientRegistrationRepository clientRegistrationRepository) {
 			this.clientRegistrationRepository = clientRegistrationRepository;
 		}
 
 		@Autowired(required = false)
-		public void setAuthorizedClientRepository(ServerOAuth2AuthorizedClientRepository authorizedClientRepository) {
+		void setAuthorizedClientRepository(ServerOAuth2AuthorizedClientRepository authorizedClientRepository) {
 			this.authorizedClientRepository = authorizedClientRepository;
 		}
 
 		@Autowired(required = false)
-		public void setAuthorizedClientService(List<ReactiveOAuth2AuthorizedClientService> authorizedClientService) {
+		void setAuthorizedClientService(List<ReactiveOAuth2AuthorizedClientService> authorizedClientService) {
 			if (authorizedClientService.size() == 1) {
 				this.authorizedClientService = authorizedClientService.get(0);
 			}
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfiguration.java
index bfef35ed7a..728b893475 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfiguration.java
@@ -89,18 +89,20 @@ class ServerHttpSecurityConfiguration {
 	}
 
 	@Bean
-	public WebFluxConfigurer authenticationPrincipalArgumentResolverConfigurer(
+	WebFluxConfigurer authenticationPrincipalArgumentResolverConfigurer(
 			ObjectProvider<AuthenticationPrincipalArgumentResolver> authenticationPrincipalArgumentResolver) {
 		return new WebFluxConfigurer() {
+
 			@Override
 			public void configureArgumentResolvers(ArgumentResolverConfigurer configurer) {
 				configurer.addCustomResolver(authenticationPrincipalArgumentResolver.getObject());
 			}
+
 		};
 	}
 
 	@Bean
-	public AuthenticationPrincipalArgumentResolver authenticationPrincipalArgumentResolver() {
+	AuthenticationPrincipalArgumentResolver authenticationPrincipalArgumentResolver() {
 		AuthenticationPrincipalArgumentResolver resolver = new AuthenticationPrincipalArgumentResolver(
 				this.adapterRegistry);
 		if (this.beanFactory != null) {
@@ -110,7 +112,7 @@ class ServerHttpSecurityConfiguration {
 	}
 
 	@Bean
-	public CurrentSecurityContextArgumentResolver reactiveCurrentSecurityContextArgumentResolver() {
+	CurrentSecurityContextArgumentResolver reactiveCurrentSecurityContextArgumentResolver() {
 		CurrentSecurityContextArgumentResolver resolver = new CurrentSecurityContextArgumentResolver(
 				this.adapterRegistry);
 		if (this.beanFactory != null) {
@@ -121,7 +123,7 @@ class ServerHttpSecurityConfiguration {
 
 	@Bean(HTTPSECURITY_BEAN_NAME)
 	@Scope("prototype")
-	public ServerHttpSecurity httpSecurity() {
+	ServerHttpSecurity httpSecurity() {
 		ContextAwareServerHttpSecurity http = new ContextAwareServerHttpSecurity();
 		return http.authenticationManager(authenticationManager()).headers().and().logout().and();
 	}
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/reactive/WebFluxSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/web/reactive/WebFluxSecurityConfiguration.java
index 39e160f19b..de54752001 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/reactive/WebFluxSecurityConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/reactive/WebFluxSecurityConfiguration.java
@@ -65,17 +65,17 @@ class WebFluxSecurityConfiguration {
 
 	@Bean(SPRING_SECURITY_WEBFILTERCHAINFILTER_BEAN_NAME)
 	@Order(WEB_FILTER_CHAIN_FILTER_ORDER)
-	public WebFilterChainProxy springSecurityWebFilterChainFilter() {
+	WebFilterChainProxy springSecurityWebFilterChainFilter() {
 		return new WebFilterChainProxy(getSecurityWebFilterChains());
 	}
 
 	@Bean(name = AbstractView.REQUEST_DATA_VALUE_PROCESSOR_BEAN_NAME)
-	public CsrfRequestDataValueProcessor requestDataValueProcessor() {
+	CsrfRequestDataValueProcessor requestDataValueProcessor() {
 		return new CsrfRequestDataValueProcessor();
 	}
 
 	@Bean
-	public static BeanFactoryPostProcessor conversionServicePostProcessor() {
+	static BeanFactoryPostProcessor conversionServicePostProcessor() {
 		return new RsaKeyConversionServicePostProcessor();
 	}
 
diff --git a/config/src/main/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParser.java
index cfb767531c..c63a70eab9 100644
--- a/config/src/main/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParser.java
@@ -459,7 +459,7 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
 		 * cannot determine if it should be on or off).
 		 * @return
 		 */
-		public boolean isEraseCredentialsAfterAuthentication() {
+		boolean isEraseCredentialsAfterAuthentication() {
 			return false;
 		}
 
diff --git a/config/src/main/java/org/springframework/security/config/http/OAuth2LoginBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/OAuth2LoginBeanDefinitionParser.java
index 40bad1103b..673e26fb8c 100644
--- a/config/src/main/java/org/springframework/security/config/http/OAuth2LoginBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/OAuth2LoginBeanDefinitionParser.java
@@ -455,7 +455,7 @@ final class OAuth2LoginBeanDefinitionParser implements BeanDefinitionParser {
 		}
 
 		@SuppressWarnings({ "unchecked", "unused" })
-		public Map<String, String> getLoginLinks() {
+		Map<String, String> getLoginLinks() {
 			Iterable<ClientRegistration> clientRegistrations = null;
 			ClientRegistrationRepository clientRegistrationRepository = this.context
 					.getBean(ClientRegistrationRepository.class);
diff --git a/config/src/main/java/org/springframework/security/config/http/WebConfigUtils.java b/config/src/main/java/org/springframework/security/config/http/WebConfigUtils.java
index 2f5932176a..64aa026c36 100644
--- a/config/src/main/java/org/springframework/security/config/http/WebConfigUtils.java
+++ b/config/src/main/java/org/springframework/security/config/http/WebConfigUtils.java
@@ -27,17 +27,18 @@ import org.springframework.util.StringUtils;
  * @author Luke Taylor
  * @author Ben Alex
  */
-abstract class WebConfigUtils {
+final class WebConfigUtils {
 
-	public static int countNonEmpty(String[] objects) {
+	private WebConfigUtils() {
+	}
+
+	static int countNonEmpty(String[] objects) {
 		int nonNulls = 0;
-
 		for (String object : objects) {
 			if (StringUtils.hasText(object)) {
 				nonNulls++;
 			}
 		}
-
 		return nonNulls;
 	}
 
diff --git a/config/src/main/java/org/springframework/security/config/ldap/ContextSourceSettingPostProcessor.java b/config/src/main/java/org/springframework/security/config/ldap/ContextSourceSettingPostProcessor.java
index 79bb46734d..b97dd909a1 100644
--- a/config/src/main/java/org/springframework/security/config/ldap/ContextSourceSettingPostProcessor.java
+++ b/config/src/main/java/org/springframework/security/config/ldap/ContextSourceSettingPostProcessor.java
@@ -35,7 +35,7 @@ import org.springframework.util.ClassUtils;
  * @author Luke Taylor
  * @since 3.0
  */
-class ContextSourceSettingPostProcessor implements BeanFactoryPostProcessor, Ordered {
+public class ContextSourceSettingPostProcessor implements BeanFactoryPostProcessor, Ordered {
 
 	private static final String REQUIRED_CONTEXT_SOURCE_CLASS_NAME = "org.springframework.ldap.core.support.BaseLdapPathContextSource";
 
@@ -45,6 +45,9 @@ class ContextSourceSettingPostProcessor implements BeanFactoryPostProcessor, Ord
 	 */
 	private boolean defaultNameRequired;
 
+	ContextSourceSettingPostProcessor() {
+	}
+
 	@Override
 	public void postProcessBeanFactory(ConfigurableListableBeanFactory bf) throws BeansException {
 		Class<?> contextSourceClass;
diff --git a/config/src/main/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParser.java
index 6a459cdc19..62b0ed5286 100644
--- a/config/src/main/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParser.java
@@ -514,7 +514,7 @@ public class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionP
 
 		private Jsr250MethodSecurityMetadataSource source = new Jsr250MethodSecurityMetadataSource();
 
-		public Jsr250MethodSecurityMetadataSource getBean() {
+		Jsr250MethodSecurityMetadataSource getBean() {
 			this.source.setDefaultRolePrefix(this.rolePrefix);
 			return this.source;
 		}
@@ -525,7 +525,7 @@ public class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionP
 
 		private DefaultMethodSecurityExpressionHandler handler = new DefaultMethodSecurityExpressionHandler();
 
-		public DefaultMethodSecurityExpressionHandler getBean() {
+		DefaultMethodSecurityExpressionHandler getBean() {
 			this.handler.setDefaultRolePrefix(this.rolePrefix);
 			return this.handler;
 		}
diff --git a/config/src/main/java/org/springframework/security/config/web/server/AbstractServerWebExchangeMatcherRegistry.java b/config/src/main/java/org/springframework/security/config/web/server/AbstractServerWebExchangeMatcherRegistry.java
index 0364626347..aa3382f1f0 100644
--- a/config/src/main/java/org/springframework/security/config/web/server/AbstractServerWebExchangeMatcherRegistry.java
+++ b/config/src/main/java/org/springframework/security/config/web/server/AbstractServerWebExchangeMatcherRegistry.java
@@ -28,7 +28,10 @@ import org.springframework.security.web.server.util.matcher.ServerWebExchangeMat
  * @author Rob Winch
  * @since 5.0
  */
-abstract class AbstractServerWebExchangeMatcherRegistry<T> {
+public abstract class AbstractServerWebExchangeMatcherRegistry<T> {
+
+	AbstractServerWebExchangeMatcherRegistry() {
+	}
 
 	/**
 	 * Maps any request.
diff --git a/config/src/test/java/org/springframework/security/config/annotation/ConcereteSecurityConfigurerAdapter.java b/config/src/test/java/org/springframework/security/config/annotation/ConcereteSecurityConfigurerAdapter.java
index dbf8250fc1..05c6425ff2 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/ConcereteSecurityConfigurerAdapter.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/ConcereteSecurityConfigurerAdapter.java
@@ -32,7 +32,7 @@ class ConcereteSecurityConfigurerAdapter extends SecurityConfigurerAdapter<Objec
 		this.list = postProcess(this.list);
 	}
 
-	public ConcereteSecurityConfigurerAdapter list(List<Object> l) {
+	ConcereteSecurityConfigurerAdapter list(List<Object> l) {
 		this.list = l;
 		return this;
 	}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/ObjectPostProcessorTests.java b/config/src/test/java/org/springframework/security/config/annotation/ObjectPostProcessorTests.java
index 67c29ea4e9..5df8bf1433 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/ObjectPostProcessorTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/ObjectPostProcessorTests.java
@@ -47,7 +47,7 @@ public class ObjectPostProcessorTests {
 
 	static class PerformConversion {
 
-		public static List<?> perform(ArrayList<?> l) {
+		static List<?> perform(ArrayList<?> l) {
 			return new ListToLinkedListObjectPostProcessor().postProcess(l);
 		}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/SecurityConfigurerAdapterClosureTests.java b/config/src/test/java/org/springframework/security/config/annotation/SecurityConfigurerAdapterClosureTests.java
index 028d28f089..c1cf8715e9 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/SecurityConfigurerAdapterClosureTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/SecurityConfigurerAdapterClosureTests.java
@@ -59,7 +59,7 @@ public class SecurityConfigurerAdapterClosureTests {
 			this.list = postProcess(this.list);
 		}
 
-		public ConcereteSecurityConfigurerAdapter list(List<Object> l) {
+		ConcereteSecurityConfigurerAdapter list(List<Object> l) {
 			this.list = l;
 			return this;
 		}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/AuthenticationManagerBuilderTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/AuthenticationManagerBuilderTests.java
index ff15268852..fd6749db83 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/authentication/AuthenticationManagerBuilderTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/AuthenticationManagerBuilderTests.java
@@ -235,19 +235,19 @@ public class AuthenticationManagerBuilderTests {
 		Resource users;
 
 		@Bean
-		public AuthenticationManager authenticationManager() throws Exception {
+		AuthenticationManager authenticationManager() throws Exception {
 			return new ProviderManager(Arrays.asList(authenticationProvider()));
 		}
 
 		@Bean
-		public AuthenticationProvider authenticationProvider() throws Exception {
+		AuthenticationProvider authenticationProvider() throws Exception {
 			DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
 			provider.setUserDetailsService(userDetailsService());
 			return provider;
 		}
 
 		@Bean
-		public UserDetailsService userDetailsService() throws Exception {
+		UserDetailsService userDetailsService() throws Exception {
 			Properties properties = new Properties();
 			properties.load(this.users.getInputStream());
 			return new InMemoryUserDetailsManager(properties);
diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationManagerTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationManagerTests.java
index 3ec92265b7..a4ca8c40b1 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationManagerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationManagerTests.java
@@ -81,7 +81,7 @@ public class NamespaceAuthenticationManagerTests {
 	static class EraseCredentialsTrueDefaultConfig extends WebSecurityConfigurerAdapter {
 
 		@Autowired
-		public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
+		void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
 			// @formatter:off
 			auth
 				.inMemoryAuthentication()
@@ -110,7 +110,7 @@ public class NamespaceAuthenticationManagerTests {
 	static class GlobalEraseCredentialsFalseConfig extends WebSecurityConfigurerAdapter {
 
 		@Autowired
-		public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
+		void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
 			// @formatter:off
 			auth
 				.eraseCredentials(false)
diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationProviderTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationProviderTests.java
index aa3853f0f6..61d1e1e660 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationProviderTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationProviderTests.java
@@ -73,7 +73,7 @@ public class NamespaceAuthenticationProviderTests {
 		}
 
 		@Bean
-		public DaoAuthenticationProvider authenticationProvider() {
+		DaoAuthenticationProvider authenticationProvider() {
 			DaoAuthenticationProvider result = new DaoAuthenticationProvider();
 			result.setUserDetailsService(new InMemoryUserDetailsManager(PasswordEncodedUser.user()));
 			return result;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceJdbcUserServiceTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceJdbcUserServiceTests.java
index 64c6c455e2..e8a4d77abe 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceJdbcUserServiceTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceJdbcUserServiceTests.java
@@ -87,7 +87,7 @@ public class NamespaceJdbcUserServiceTests {
 	static class DataSourceConfig {
 
 		@Bean
-		public DataSource dataSource() {
+		DataSource dataSource() {
 			EmbeddedDatabaseBuilder builder = new EmbeddedDatabaseBuilder();
 			return builder.setType(EmbeddedDatabaseType.HSQL).build();
 		}
@@ -144,7 +144,7 @@ public class NamespaceJdbcUserServiceTests {
 	static class CustomDataSourceConfig {
 
 		@Bean
-		public DataSource dataSource() {
+		DataSource dataSource() {
 			EmbeddedDatabaseBuilder builder = new EmbeddedDatabaseBuilder()
 					// simulate that the DB already has the schema loaded and users in it
 					.addScript("CustomJdbcUserServiceSampleConfig.sql");
diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespacePasswordEncoderTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespacePasswordEncoderTests.java
index a535a1874b..1068e37d13 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespacePasswordEncoderTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespacePasswordEncoderTests.java
@@ -104,7 +104,7 @@ public class NamespacePasswordEncoderTests {
 		}
 
 		@Bean
-		public DataSource dataSource() {
+		DataSource dataSource() {
 			EmbeddedDatabaseBuilder builder = new EmbeddedDatabaseBuilder();
 			return builder.setType(EmbeddedDatabaseType.HSQL).build();
 		}
@@ -133,7 +133,7 @@ public class NamespacePasswordEncoderTests {
 		}
 
 		@Bean
-		public DataSource dataSource() {
+		DataSource dataSource() {
 			EmbeddedDatabaseBuilder builder = new EmbeddedDatabaseBuilder();
 			return builder.setType(EmbeddedDatabaseType.HSQL).build();
 		}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/PasswordEncoderConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/PasswordEncoderConfigurerTests.java
index 85c46ab747..086f7cbc00 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/authentication/PasswordEncoderConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/PasswordEncoderConfigurerTests.java
@@ -74,7 +74,7 @@ public class PasswordEncoderConfigurerTests {
 		}
 
 		@Bean
-		public BCryptPasswordEncoder passwordEncoder() {
+		BCryptPasswordEncoder passwordEncoder() {
 			return new BCryptPasswordEncoder();
 		}
 
@@ -95,7 +95,7 @@ public class PasswordEncoderConfigurerTests {
 		}
 
 		@Bean
-		public BCryptPasswordEncoder passwordEncoder() {
+		BCryptPasswordEncoder passwordEncoder() {
 			return new BCryptPasswordEncoder();
 		}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationTests.java
index a9e3c0ae0e..e02f237cd8 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationTests.java
@@ -356,7 +356,7 @@ public class AuthenticationConfigurationTests {
 		AuthenticationManager authenticationManager = mock(AuthenticationManager.class);
 
 		@Bean
-		public AuthenticationManager authenticationManager() {
+		AuthenticationManager authenticationManager() {
 			return this.authenticationManager;
 		}
 
@@ -366,7 +366,7 @@ public class AuthenticationConfigurationTests {
 	static class ServicesConfig {
 
 		@Bean
-		public Service service() {
+		Service service() {
 			return new ServiceImpl();
 		}
 
@@ -466,12 +466,12 @@ public class AuthenticationConfigurationTests {
 	static class Sec2531Config {
 
 		@Bean
-		public ObjectPostProcessor objectPostProcessor() {
+		ObjectPostProcessor objectPostProcessor() {
 			return mock(ObjectPostProcessor.class);
 		}
 
 		@Bean
-		public AuthenticationManager manager() {
+		AuthenticationManager manager() {
 			return null;
 		}
 
@@ -488,7 +488,7 @@ public class AuthenticationConfigurationTests {
 	static class Sec2822WebSecurity extends WebSecurityConfigurerAdapter {
 
 		@Autowired
-		public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
+		void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
 			auth.inMemoryAuthentication();
 		}
 
@@ -498,14 +498,14 @@ public class AuthenticationConfigurationTests {
 	static class Sec2822UseAuth {
 
 		@Autowired
-		public void useAuthenticationManager(AuthenticationConfiguration auth) throws Exception {
+		void useAuthenticationManager(AuthenticationConfiguration auth) throws Exception {
 			auth.getAuthenticationManager();
 		}
 
 		// Ensures that Sec2822UseAuth is initialized before Sec2822WebSecurity
 		// must have additional GlobalAuthenticationConfigurerAdapter to trigger SEC-2822
 		@Bean
-		public static GlobalAuthenticationConfigurerAdapter bootGlobalAuthenticationConfigurerAdapter() {
+		static GlobalAuthenticationConfigurerAdapter bootGlobalAuthenticationConfigurerAdapter() {
 			return new BootGlobalAuthenticationConfigurerAdapter();
 		}
 
@@ -621,12 +621,12 @@ public class AuthenticationConfigurationTests {
 
 		@Bean
 		@Primary
-		public AuthenticationManager manager1() {
+		AuthenticationManager manager1() {
 			return mock(AuthenticationManager.class);
 		}
 
 		@Bean
-		public AuthenticationManager manager2() {
+		AuthenticationManager manager2() {
 			return mock(AuthenticationManager.class);
 		}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/EnableGlobalAuthenticationTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/EnableGlobalAuthenticationTests.java
index e69d1f88c8..4f6d9e735f 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/EnableGlobalAuthenticationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/EnableGlobalAuthenticationTests.java
@@ -71,7 +71,7 @@ public class EnableGlobalAuthenticationTests {
 	static class Config {
 
 		@Autowired
-		public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
+		void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
 			auth.inMemoryAuthentication().withUser("user").password("password").roles("USER");
 		}
 
@@ -81,12 +81,12 @@ public class EnableGlobalAuthenticationTests {
 	static class BeanProxyEnabledByDefaultConfig {
 
 		@Bean
-		public Child child() {
+		Child child() {
 			return new Child();
 		}
 
 		@Bean
-		public Parent parent() {
+		Parent parent() {
 			return new Parent(child());
 		}
 
@@ -97,12 +97,12 @@ public class EnableGlobalAuthenticationTests {
 	static class BeanProxyDisabledConfig {
 
 		@Bean
-		public Child child() {
+		Child child() {
 			return new Child();
 		}
 
 		@Bean
-		public Parent parent() {
+		Parent parent() {
 			return new Parent(child());
 		}
 
@@ -116,7 +116,7 @@ public class EnableGlobalAuthenticationTests {
 			this.child = child;
 		}
 
-		public Child getChild() {
+		Child getChild() {
 			return this.child;
 		}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/configuration/AutowireBeanFactoryObjectPostProcessorTests.java b/config/src/test/java/org/springframework/security/config/annotation/configuration/AutowireBeanFactoryObjectPostProcessorTests.java
index 7820acb3e1..78d24959c0 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/configuration/AutowireBeanFactoryObjectPostProcessorTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/configuration/AutowireBeanFactoryObjectPostProcessorTests.java
@@ -150,7 +150,7 @@ public class AutowireBeanFactoryObjectPostProcessorTests {
 	static class Config {
 
 		@Bean
-		public ObjectPostProcessor objectPostProcessor(AutowireCapableBeanFactory beanFactory) {
+		ObjectPostProcessor objectPostProcessor(AutowireCapableBeanFactory beanFactory) {
 			return new AutowireBeanFactoryObjectPostProcessor(beanFactory);
 		}
 
@@ -162,7 +162,7 @@ public class AutowireBeanFactoryObjectPostProcessorTests {
 		SmartInitializingSingleton toTest = mock(SmartInitializingSingleton.class);
 
 		@Autowired
-		public void configure(ObjectPostProcessor<Object> p) {
+		void configure(ObjectPostProcessor<Object> p) {
 			p.postProcess(this.toTest);
 		}
 
@@ -172,12 +172,12 @@ public class AutowireBeanFactoryObjectPostProcessorTests {
 	static class WithBeanNameAutoProxyCreatorConfig {
 
 		@Bean
-		public ObjectPostProcessor objectPostProcessor(AutowireCapableBeanFactory beanFactory) {
+		ObjectPostProcessor objectPostProcessor(AutowireCapableBeanFactory beanFactory) {
 			return new AutowireBeanFactoryObjectPostProcessor(beanFactory);
 		}
 
 		@Autowired
-		public void configure(ObjectPostProcessor<Object> p) {
+		void configure(ObjectPostProcessor<Object> p) {
 			p.postProcess(new Object());
 		}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/EnableReactiveMethodSecurityTests.java b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/EnableReactiveMethodSecurityTests.java
index 3b5b47c9fb..751199fb55 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/EnableReactiveMethodSecurityTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/EnableReactiveMethodSecurityTests.java
@@ -470,12 +470,12 @@ public class EnableReactiveMethodSecurityTests {
 		ReactiveMessageService delegate = mock(ReactiveMessageService.class);
 
 		@Bean
-		public DelegatingReactiveMessageService defaultMessageService() {
+		DelegatingReactiveMessageService defaultMessageService() {
 			return new DelegatingReactiveMessageService(this.delegate);
 		}
 
 		@Bean
-		public Authz authz() {
+		Authz authz() {
 			return new Authz();
 		}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfigurationTests.java
index cadb3c8982..d5a8b8ef35 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfigurationTests.java
@@ -340,12 +340,12 @@ public class GlobalMethodSecurityConfigurationTests {
 	static class CustomTrustResolverConfig {
 
 		@Bean
-		public AuthenticationTrustResolver trustResolver() {
+		AuthenticationTrustResolver trustResolver() {
 			return mock(AuthenticationTrustResolver.class);
 		}
 
 		@Bean
-		public MethodSecurityServiceImpl service() {
+		MethodSecurityServiceImpl service() {
 			return new MethodSecurityServiceImpl();
 		}
 
@@ -355,12 +355,12 @@ public class GlobalMethodSecurityConfigurationTests {
 	static class ExpressionHandlerHasBeanResolverSetConfig {
 
 		@Bean
-		public MethodSecurityServiceImpl service() {
+		MethodSecurityServiceImpl service() {
 			return new MethodSecurityServiceImpl();
 		}
 
 		@Bean
-		public Authz authz() {
+		Authz authz() {
 			return new Authz();
 		}
 
@@ -370,7 +370,7 @@ public class GlobalMethodSecurityConfigurationTests {
 	static class MethodSecurityServiceConfig {
 
 		@Bean
-		public MethodSecurityService service() {
+		MethodSecurityService service() {
 			return new MethodSecurityServiceImpl();
 		}
 
@@ -380,12 +380,12 @@ public class GlobalMethodSecurityConfigurationTests {
 	public static class AutowirePermissionEvaluatorConfig {
 
 		@Bean
-		public PermissionEvaluator permissionEvaluator() {
+		PermissionEvaluator permissionEvaluator() {
 			return mock(PermissionEvaluator.class);
 		}
 
 		@Bean
-		public MethodSecurityService service() {
+		MethodSecurityService service() {
 			return new MethodSecurityServiceImpl();
 		}
 
@@ -395,12 +395,12 @@ public class GlobalMethodSecurityConfigurationTests {
 	public static class MultiPermissionEvaluatorConfig {
 
 		@Bean
-		public PermissionEvaluator permissionEvaluator() {
+		PermissionEvaluator permissionEvaluator() {
 			return mock(PermissionEvaluator.class);
 		}
 
 		@Bean
-		public PermissionEvaluator permissionEvaluator2() {
+		PermissionEvaluator permissionEvaluator2() {
 			return mock(PermissionEvaluator.class);
 		}
 
@@ -415,7 +415,7 @@ public class GlobalMethodSecurityConfigurationTests {
 	static class ParentConfig {
 
 		@Bean
-		public MethodSecurityService service() {
+		MethodSecurityService service() {
 			return new MethodSecurityServiceImpl();
 		}
 
@@ -425,7 +425,7 @@ public class GlobalMethodSecurityConfigurationTests {
 	static class Sec2479ParentConfig {
 
 		@Bean
-		public AuthenticationManager am() {
+		AuthenticationManager am() {
 			return mock(AuthenticationManager.class);
 		}
 
@@ -435,7 +435,7 @@ public class GlobalMethodSecurityConfigurationTests {
 	static class Sec2479ChildConfig {
 
 		@Bean
-		public MethodSecurityService service() {
+		MethodSecurityService service() {
 			return new MethodSecurityServiceImpl();
 		}
 
@@ -445,17 +445,17 @@ public class GlobalMethodSecurityConfigurationTests {
 	static class Sec2815Config {
 
 		@Bean
-		public MethodSecurityService service() {
+		MethodSecurityService service() {
 			return new MethodSecurityServiceImpl();
 		}
 
 		@Bean
-		public MockBeanPostProcessor mockBeanPostProcessor() {
+		MockBeanPostProcessor mockBeanPostProcessor() {
 			return new MockBeanPostProcessor();
 		}
 
 		@Bean
-		public DataSource dataSource() {
+		DataSource dataSource() {
 			return mock(DataSource.class);
 		}
 
@@ -499,12 +499,12 @@ public class GlobalMethodSecurityConfigurationTests {
 	static class Sec3005Config {
 
 		@Bean
-		public MethodSecurityService service() {
+		MethodSecurityService service() {
 			return new MethodSecurityServiceImpl();
 		}
 
 		@Autowired
-		public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
+		void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
 			auth.inMemoryAuthentication();
 		}
 
@@ -548,24 +548,24 @@ public class GlobalMethodSecurityConfigurationTests {
 	static class CustomGrantedAuthorityConfig {
 
 		@Bean
-		public GrantedAuthorityDefaults ga() {
+		GrantedAuthorityDefaults ga() {
 			return new GrantedAuthorityDefaults("ROLE:");
 		}
 
 		@Bean
-		public CustomAuthorityService service() {
+		CustomAuthorityService service() {
 			return new CustomAuthorityService();
 		}
 
 		@Bean
-		public MethodSecurityServiceImpl methodSecurityService() {
+		MethodSecurityServiceImpl methodSecurityService() {
 			return new MethodSecurityServiceImpl();
 		}
 
 		static class CustomAuthorityService {
 
 			@PreAuthorize("hasRole('ROLE:USER')")
-			public void customPrefixRoleUser() {
+			void customPrefixRoleUser() {
 			}
 
 		}
@@ -576,24 +576,24 @@ public class GlobalMethodSecurityConfigurationTests {
 	static class EmptyRolePrefixGrantedAuthorityConfig {
 
 		@Bean
-		public GrantedAuthorityDefaults ga() {
+		GrantedAuthorityDefaults ga() {
 			return new GrantedAuthorityDefaults("");
 		}
 
 		@Bean
-		public CustomAuthorityService service() {
+		CustomAuthorityService service() {
 			return new CustomAuthorityService();
 		}
 
 		@Bean
-		public MethodSecurityServiceImpl methodSecurityService() {
+		MethodSecurityServiceImpl methodSecurityService() {
 			return new MethodSecurityServiceImpl();
 		}
 
 		static class CustomAuthorityService {
 
 			@Secured("USER")
-			public void emptyPrefixRoleUser() {
+			void emptyPrefixRoleUser() {
 			}
 
 		}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecurityConfigurationTests.java
index 13f45b1ca8..961e0e3bf1 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecurityConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecurityConfigurationTests.java
@@ -109,7 +109,7 @@ public class ReactiveMethodSecurityConfigurationTests {
 
 	}
 
-	private static class Foo {
+	static class Foo {
 
 		public void bar(String param) {
 		}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/SampleEnableGlobalMethodSecurityTests.java b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/SampleEnableGlobalMethodSecurityTests.java
index 9698da38b8..91ad7a5c96 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/SampleEnableGlobalMethodSecurityTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/SampleEnableGlobalMethodSecurityTests.java
@@ -81,7 +81,7 @@ public class SampleEnableGlobalMethodSecurityTests {
 	static class SampleWebSecurityConfig {
 
 		@Bean
-		public MethodSecurityService methodSecurityService() {
+		MethodSecurityService methodSecurityService() {
 			return new MethodSecurityServiceImpl();
 		}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/sec2758/Sec2758Tests.java b/config/src/test/java/org/springframework/security/config/annotation/sec2758/Sec2758Tests.java
index 5b9df02190..80472bb588 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/sec2758/Sec2758Tests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/sec2758/Sec2758Tests.java
@@ -99,7 +99,7 @@ public class Sec2758Tests {
 		}
 
 		@Bean
-		public Service service() {
+		Service service() {
 			return new Service();
 		}
 
@@ -112,7 +112,7 @@ public class Sec2758Tests {
 		static class RootController {
 
 			@GetMapping("/")
-			public String ok() {
+			String ok() {
 				return "ok";
 			}
 
@@ -123,11 +123,11 @@ public class Sec2758Tests {
 	static class Service {
 
 		@PreAuthorize("hasRole('CUSTOM')")
-		public void doPreAuthorize() {
+		void doPreAuthorize() {
 		}
 
 		@RolesAllowed("CUSTOM")
-		public void doJsr250() {
+		void doJsr250() {
 		}
 
 	}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterTests.java
index 53dfedfc5d..8c0d1914f5 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterTests.java
@@ -284,7 +284,7 @@ public class WebSecurityConfigurerAdapterTests {
 	static class InMemoryConfigureGlobalConfig extends WebSecurityConfigurerAdapter {
 
 		@Autowired
-		public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
+		void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
 			// @formatter:off
 			auth
 				.inMemoryAuthentication()
@@ -308,7 +308,7 @@ public class WebSecurityConfigurerAdapterTests {
 		private ContentNegotiationStrategy contentNegotiationStrategySharedObject;
 
 		@Bean
-		public ContentNegotiationStrategy contentNegotiationStrategy() {
+		ContentNegotiationStrategy contentNegotiationStrategy() {
 			return CONTENT_NEGOTIATION_STRATEGY_BEAN;
 		}
 
@@ -337,7 +337,7 @@ public class WebSecurityConfigurerAdapterTests {
 	static class RequiresUserDetailsServiceConfig {
 
 		@Bean
-		public MyFilter myFilter(UserDetailsService userDetailsService) {
+		MyFilter myFilter(UserDetailsService userDetailsService) {
 			return new MyFilter(userDetailsService);
 		}
 
@@ -408,7 +408,7 @@ public class WebSecurityConfigurerAdapterTests {
 		private AuthenticationTrustResolver authenticationTrustResolverSharedObject;
 
 		@Bean
-		public AuthenticationTrustResolver authenticationTrustResolver() {
+		AuthenticationTrustResolver authenticationTrustResolver() {
 			return AUTHENTICATION_TRUST_RESOLVER_BEAN;
 		}
 
@@ -439,7 +439,7 @@ public class WebSecurityConfigurerAdapterTests {
 		}
 
 		@Bean
-		public AuthenticationEventPublisher authenticationEventPublisher() {
+		AuthenticationEventPublisher authenticationEventPublisher() {
 			return mock(AuthenticationEventPublisher.class);
 		}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/builders/NamespaceHttpTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/builders/NamespaceHttpTests.java
index 8d4f8ae302..3ae4b97201 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/builders/NamespaceHttpTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/builders/NamespaceHttpTests.java
@@ -613,7 +613,7 @@ public class NamespaceHttpTests {
 		static Class<? extends HttpServletRequest> HTTP_SERVLET_REQUEST_TYPE;
 
 		@GetMapping("/")
-		public String index(HttpServletRequest request) {
+		String index(HttpServletRequest request) {
 			HTTP_SERVLET_REQUEST_TYPE = request.getClass();
 			return "index";
 		}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/builders/WebSecurityTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/builders/WebSecurityTests.java
index 223dabf3b2..25b5785f18 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/builders/WebSecurityTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/builders/WebSecurityTests.java
@@ -183,7 +183,7 @@ public class WebSecurityTests {
 		static class PathController {
 
 			@RequestMapping("/path")
-			public String path() {
+			String path() {
 				return "path";
 			}
 
@@ -228,7 +228,7 @@ public class WebSecurityTests {
 		static class PathController {
 
 			@RequestMapping("/path")
-			public String path() {
+			String path() {
 				return "path";
 			}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/EnableWebSecurityTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/EnableWebSecurityTests.java
index 275d829068..15594e6498 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/EnableWebSecurityTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/EnableWebSecurityTests.java
@@ -192,12 +192,12 @@ public class EnableWebSecurityTests {
 	static class BeanProxyEnabledByDefaultConfig extends WebSecurityConfigurerAdapter {
 
 		@Bean
-		public Child child() {
+		Child child() {
 			return new Child();
 		}
 
 		@Bean
-		public Parent parent() {
+		Parent parent() {
 			return new Parent(child());
 		}
 
@@ -208,12 +208,12 @@ public class EnableWebSecurityTests {
 	static class BeanProxyDisabledConfig extends WebSecurityConfigurerAdapter {
 
 		@Bean
-		public Child child() {
+		Child child() {
 			return new Child();
 		}
 
 		@Bean
-		public Parent parent() {
+		Parent parent() {
 			return new Parent(child());
 		}
 
@@ -227,7 +227,7 @@ public class EnableWebSecurityTests {
 			this.child = child;
 		}
 
-		public Child getChild() {
+		Child getChild() {
 			return this.child;
 		}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfigurationTests.java
index 83bb042a5b..732eebe133 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfigurationTests.java
@@ -168,7 +168,7 @@ public class HttpSecurityConfigurationTests {
 	static class NameController {
 
 		@GetMapping("/name")
-		public Callable<String> name() {
+		Callable<String> name() {
 			return () -> SecurityContextHolder.getContext().getAuthentication().getName();
 		}
 
@@ -178,7 +178,7 @@ public class HttpSecurityConfigurationTests {
 	static class DefaultWithFilterChainConfig {
 
 		@Bean
-		public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			return http.build();
 		}
 
@@ -188,7 +188,7 @@ public class HttpSecurityConfigurationTests {
 	static class AuthorizeRequestsConfig {
 
 		@Bean
-		public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			return http.authorizeRequests((authorize) -> authorize.anyRequest().permitAll()).build();
 		}
 
@@ -198,7 +198,7 @@ public class HttpSecurityConfigurationTests {
 	static class SecurityEnabledConfig {
 
 		@Bean
-		public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			return http.authorizeRequests((authorize) -> authorize.anyRequest().authenticated())
 					.formLogin(withDefaults()).build();
 		}
@@ -209,7 +209,7 @@ public class HttpSecurityConfigurationTests {
 	static class UserDetailsConfig {
 
 		@Bean
-		public UserDetailsService userDetailsService() {
+		UserDetailsService userDetailsService() {
 			UserDetails user = User.withDefaultPasswordEncoder().username("user").password("password").roles("USER")
 					.build();
 			return new InMemoryUserDetailsManager(user);
@@ -221,7 +221,7 @@ public class HttpSecurityConfigurationTests {
 	static class BaseController {
 
 		@GetMapping("/")
-		public void index() {
+		void index() {
 		}
 
 	}
@@ -230,7 +230,7 @@ public class HttpSecurityConfigurationTests {
 	static class UserController {
 
 		@GetMapping("/user")
-		public void user(HttpServletRequest request) {
+		void user(HttpServletRequest request) {
 			if (!request.isUserInRole("USER")) {
 				throw new AccessDeniedException("This resource is only available to users");
 			}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfigurationTests.java
index 77b1f0f460..1b6955367d 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfigurationTests.java
@@ -217,25 +217,25 @@ public class OAuth2ClientConfigurationTests {
 		}
 
 		@Bean
-		public ClientRegistrationRepository clientRegistrationRepository() {
+		ClientRegistrationRepository clientRegistrationRepository() {
 			return CLIENT_REGISTRATION_REPOSITORY;
 		}
 
 		@Bean
-		public OAuth2AuthorizedClientRepository authorizedClientRepository() {
+		OAuth2AuthorizedClientRepository authorizedClientRepository() {
 			return AUTHORIZED_CLIENT_REPOSITORY;
 		}
 
 		@Bean
-		public OAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest> accessTokenResponseClient() {
+		OAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest> accessTokenResponseClient() {
 			return ACCESS_TOKEN_RESPONSE_CLIENT;
 		}
 
 		@RestController
-		public class Controller {
+		class Controller {
 
 			@GetMapping("/authorized-client")
-			public String authorizedClient(
+			String authorizedClient(
 					@RegisteredOAuth2AuthorizedClient("client1") OAuth2AuthorizedClient authorizedClient) {
 				return authorizedClient != null ? "resolved" : "not-resolved";
 			}
@@ -260,22 +260,22 @@ public class OAuth2ClientConfigurationTests {
 		}
 
 		@Bean
-		public ClientRegistrationRepository clientRegistrationRepository() {
+		ClientRegistrationRepository clientRegistrationRepository() {
 			return mock(ClientRegistrationRepository.class);
 		}
 
 		@Bean
-		public OAuth2AuthorizedClientRepository authorizedClientRepository1() {
+		OAuth2AuthorizedClientRepository authorizedClientRepository1() {
 			return mock(OAuth2AuthorizedClientRepository.class);
 		}
 
 		@Bean
-		public OAuth2AuthorizedClientRepository authorizedClientRepository2() {
+		OAuth2AuthorizedClientRepository authorizedClientRepository2() {
 			return mock(OAuth2AuthorizedClientRepository.class);
 		}
 
 		@Bean
-		public OAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest> accessTokenResponseClient() {
+		OAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest> accessTokenResponseClient() {
 			return mock(OAuth2AccessTokenResponseClient.class);
 		}
 
@@ -314,22 +314,22 @@ public class OAuth2ClientConfigurationTests {
 		}
 
 		@Bean
-		public ClientRegistrationRepository clientRegistrationRepository1() {
+		ClientRegistrationRepository clientRegistrationRepository1() {
 			return mock(ClientRegistrationRepository.class);
 		}
 
 		@Bean
-		public ClientRegistrationRepository clientRegistrationRepository2() {
+		ClientRegistrationRepository clientRegistrationRepository2() {
 			return mock(ClientRegistrationRepository.class);
 		}
 
 		@Bean
-		public OAuth2AuthorizedClientRepository authorizedClientRepository() {
+		OAuth2AuthorizedClientRepository authorizedClientRepository() {
 			return mock(OAuth2AuthorizedClientRepository.class);
 		}
 
 		@Bean
-		public OAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest> accessTokenResponseClient() {
+		OAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest> accessTokenResponseClient() {
 			return mock(OAuth2AccessTokenResponseClient.class);
 		}
 
@@ -351,22 +351,22 @@ public class OAuth2ClientConfigurationTests {
 		}
 
 		@Bean
-		public ClientRegistrationRepository clientRegistrationRepository() {
+		ClientRegistrationRepository clientRegistrationRepository() {
 			return mock(ClientRegistrationRepository.class);
 		}
 
 		@Bean
-		public OAuth2AuthorizedClientRepository authorizedClientRepository() {
+		OAuth2AuthorizedClientRepository authorizedClientRepository() {
 			return mock(OAuth2AuthorizedClientRepository.class);
 		}
 
 		@Bean
-		public OAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest> accessTokenResponseClient1() {
+		OAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest> accessTokenResponseClient1() {
 			return mock(OAuth2AccessTokenResponseClient.class);
 		}
 
 		@Bean
-		public OAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest> accessTokenResponseClient2() {
+		OAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest> accessTokenResponseClient2() {
 			return mock(OAuth2AccessTokenResponseClient.class);
 		}
 
@@ -385,25 +385,25 @@ public class OAuth2ClientConfigurationTests {
 		}
 
 		@Bean
-		public ClientRegistrationRepository clientRegistrationRepository() {
+		ClientRegistrationRepository clientRegistrationRepository() {
 			return CLIENT_REGISTRATION_REPOSITORY;
 		}
 
 		@Bean
-		public OAuth2AuthorizedClientRepository authorizedClientRepository() {
+		OAuth2AuthorizedClientRepository authorizedClientRepository() {
 			return AUTHORIZED_CLIENT_REPOSITORY;
 		}
 
 		@Bean
-		public OAuth2AuthorizedClientManager authorizedClientManager() {
+		OAuth2AuthorizedClientManager authorizedClientManager() {
 			return AUTHORIZED_CLIENT_MANAGER;
 		}
 
 		@RestController
-		public class Controller {
+		class Controller {
 
 			@GetMapping("/authorized-client")
-			public String authorizedClient(
+			String authorizedClient(
 					@RegisteredOAuth2AuthorizedClient("client1") OAuth2AuthorizedClient authorizedClient) {
 				return authorizedClient != null ? "resolved" : "not-resolved";
 			}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfigurationResourceServerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfigurationResourceServerTests.java
index 1dbe5abdce..a870dbc6e9 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfigurationResourceServerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfigurationResourceServerTests.java
@@ -121,7 +121,7 @@ public class SecurityReactorContextConfigurationResourceServerTests {
 		}
 
 		@GetMapping("/token")
-		public String token() {
+		String token() {
 			return this.rest.get().uri(this.uri).retrieve().bodyToMono(String.class)
 					.flatMap((result) -> this.rest.get().uri(this.uri).retrieve().bodyToMono(String.class)).block();
 		}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebMvcSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebMvcSecurityConfigurationTests.java
index 9ae507255d..d3e2f8cce2 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebMvcSecurityConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebMvcSecurityConfigurationTests.java
@@ -106,18 +106,18 @@ public class WebMvcSecurityConfigurationTests {
 	static class TestController {
 
 		@RequestMapping("/authentication-principal")
-		public ModelAndView authenticationPrincipal(@AuthenticationPrincipal String principal) {
+		ModelAndView authenticationPrincipal(@AuthenticationPrincipal String principal) {
 			return new ModelAndView("authentication-principal-view", "result", principal);
 		}
 
 		@RequestMapping("/deprecated-authentication-principal")
-		public ModelAndView deprecatedAuthenticationPrincipal(
+		ModelAndView deprecatedAuthenticationPrincipal(
 				@org.springframework.security.web.bind.annotation.AuthenticationPrincipal String principal) {
 			return new ModelAndView("deprecated-authentication-principal-view", "result", principal);
 		}
 
 		@RequestMapping("/csrf")
-		public ModelAndView csrf(CsrfToken token) {
+		ModelAndView csrf(CsrfToken token) {
 			return new ModelAndView("view", "result", token);
 		}
 
@@ -129,7 +129,7 @@ public class WebMvcSecurityConfigurationTests {
 	static class Config {
 
 		@Bean
-		public TestController testController() {
+		TestController testController() {
 			return new TestController();
 		}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurationTests.java
index 384db38440..534425c175 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurationTests.java
@@ -516,7 +516,7 @@ public class WebSecurityConfigurationTests {
 		};
 
 		@Bean
-		public PermissionEvaluator permissionEvaluator() {
+		PermissionEvaluator permissionEvaluator() {
 			return PERMIT_ALL_PERMISSION_EVALUATOR;
 		}
 
@@ -564,10 +564,10 @@ public class WebSecurityConfigurationTests {
 		}
 
 		@RestController
-		public class HomeController {
+		class HomeController {
 
 			@GetMapping("/")
-			public String home() {
+			String home() {
 				return "home";
 			}
 
@@ -591,7 +591,7 @@ public class WebSecurityConfigurationTests {
 	static class ParentConfig extends WebSecurityConfigurerAdapter {
 
 		@Autowired
-		public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
+		void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
 			auth.inMemoryAuthentication();
 		}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AuthorizeRequestsTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AuthorizeRequestsTests.java
index 1ff7e6d757..935e4c62d4 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AuthorizeRequestsTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AuthorizeRequestsTests.java
@@ -480,7 +480,7 @@ public class AuthorizeRequestsTests {
 		}
 
 		@Bean
-		public RoleHierarchy roleHiearchy() {
+		RoleHierarchy roleHiearchy() {
 			RoleHierarchyImpl result = new RoleHierarchyImpl();
 			result.setHierarchy("ROLE_USER > ROLE_ADMIN");
 			return result;
@@ -515,7 +515,7 @@ public class AuthorizeRequestsTests {
 		static class PathController {
 
 			@RequestMapping("/path")
-			public String path() {
+			String path() {
 				return "path";
 			}
 
@@ -552,7 +552,7 @@ public class AuthorizeRequestsTests {
 		static class PathController {
 
 			@RequestMapping("/path")
-			public String path() {
+			String path() {
 				return "path";
 			}
 
@@ -587,7 +587,7 @@ public class AuthorizeRequestsTests {
 		static class PathController {
 
 			@RequestMapping("/path")
-			public String path() {
+			String path() {
 				return "path";
 			}
 
@@ -624,7 +624,7 @@ public class AuthorizeRequestsTests {
 		static class PathController {
 
 			@RequestMapping("/path")
-			public String path() {
+			String path() {
 				return "path";
 			}
 
@@ -659,7 +659,7 @@ public class AuthorizeRequestsTests {
 		static class PathController {
 
 			@RequestMapping("/path")
-			public String path() {
+			String path() {
 				return "path";
 			}
 
@@ -696,7 +696,7 @@ public class AuthorizeRequestsTests {
 		static class PathController {
 
 			@RequestMapping("/path")
-			public String path() {
+			String path() {
 				return "path";
 			}
 
@@ -731,7 +731,7 @@ public class AuthorizeRequestsTests {
 		static class PathController {
 
 			@RequestMapping("/path")
-			public String path() {
+			String path() {
 				return "path";
 			}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerNoWebMvcTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerNoWebMvcTests.java
index cf627bb33e..387ec6a009 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerNoWebMvcTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerNoWebMvcTests.java
@@ -90,7 +90,7 @@ public class CsrfConfigurerNoWebMvcTests {
 
 		@Bean
 		@Primary
-		public RequestDataValueProcessor requestDataValueProcessor() {
+		RequestDataValueProcessor requestDataValueProcessor() {
 			return mock(RequestDataValueProcessor.class);
 		}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerTests.java
index 1c147877e2..2162872879 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerTests.java
@@ -738,11 +738,11 @@ public class CsrfConfigurerTests {
 	static class BasicController {
 
 		@GetMapping("/")
-		public void rootGet() {
+		void rootGet() {
 		}
 
 		@PostMapping("/")
-		public void rootPost() {
+		void rootPost() {
 		}
 
 	}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/DefaultFiltersTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/DefaultFiltersTests.java
index 558a0cb400..ef9220d001 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/DefaultFiltersTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/DefaultFiltersTests.java
@@ -139,7 +139,7 @@ public class DefaultFiltersTests {
 	static class FilterChainProxyBuilderMissingConfig {
 
 		@Autowired
-		public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
+		void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
 			// @formatter:off
 			auth
 				.inMemoryAuthentication()
@@ -153,7 +153,7 @@ public class DefaultFiltersTests {
 	static class UserDetailsServiceConfig {
 
 		@Bean
-		public UserDetailsService userDetailsService() {
+		UserDetailsService userDetailsService() {
 			return new InMemoryUserDetailsManager(PasswordEncodedUser.user(), PasswordEncodedUser.admin());
 		}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurerTests.java
index 3e3b532066..bc22565be6 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurerTests.java
@@ -267,7 +267,7 @@ public class ExceptionHandlingConfigurerTests {
 	static class DefaultSecurityConfig {
 
 		@Bean
-		public InMemoryUserDetailsManager userDetailsManager() {
+		InMemoryUserDetailsManager userDetailsManager() {
 			// @formatter:off
 			return new InMemoryUserDetailsManager(User.withDefaultPasswordEncoder()
 				.username("user")
@@ -310,7 +310,7 @@ public class ExceptionHandlingConfigurerTests {
 		static ContentNegotiationStrategy CNS = mock(ContentNegotiationStrategy.class);
 
 		@Bean
-		public static ContentNegotiationStrategy cns() {
+		static ContentNegotiationStrategy cns() {
 			return CNS;
 		}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurerTests.java
index b2cbe23e82..d4fb8ebf88 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurerTests.java
@@ -805,7 +805,7 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 		}
 
 		@Bean
-		public ApplicationListener<AuthorizedEvent> applicationListener() {
+		ApplicationListener<AuthorizedEvent> applicationListener() {
 			return AL;
 		}
 
@@ -827,7 +827,7 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 		}
 
 		@Bean
-		public Checker permission() {
+		Checker permission() {
 			return new Checker();
 		}
 
@@ -858,7 +858,7 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 		}
 
 		@Bean
-		public CustomExpressionHandler expressionHandler() {
+		CustomExpressionHandler expressionHandler() {
 			return new CustomExpressionHandler();
 		}
 
@@ -937,8 +937,9 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 		}
 
 		@Bean
-		public PermissionEvaluator permissionEvaluator() {
+		PermissionEvaluator permissionEvaluator() {
 			return new PermissionEvaluator() {
+
 				@Override
 				public boolean hasPermission(Authentication authentication, Object targetDomainObject,
 						Object permission) {
@@ -950,6 +951,7 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 						Object permission) {
 					return "ID".equals(targetId) && "TYPE".equals(targetType) && "PERMISSION".equals(permission);
 				}
+
 			};
 		}
 
@@ -970,7 +972,7 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 		}
 
 		@Bean
-		public RoleHierarchy roleHierarchy() {
+		RoleHierarchy roleHierarchy() {
 			RoleHierarchyImpl roleHierarchy = new RoleHierarchyImpl();
 			roleHierarchy.setHierarchy("ROLE_USER > ROLE_MEMBER");
 			return roleHierarchy;
@@ -982,11 +984,11 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 	static class BasicController {
 
 		@GetMapping("/")
-		public void rootGet() {
+		void rootGet() {
 		}
 
 		@PostMapping("/")
-		public void rootPost() {
+		void rootPost() {
 		}
 
 	}
@@ -995,7 +997,7 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 	static class WildcardController {
 
 		@GetMapping("/{path}")
-		public void wildcard(@PathVariable String path) {
+		void wildcard(@PathVariable String path) {
 		}
 
 	}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityRequestMatchersTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityRequestMatchersTests.java
index 8ec6163509..652e5852aa 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityRequestMatchersTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityRequestMatchersTests.java
@@ -247,7 +247,7 @@ public class HttpSecurityRequestMatchersTests {
 		static class PathController {
 
 			@RequestMapping("/path")
-			public String path() {
+			String path() {
 				return "path";
 			}
 
@@ -285,7 +285,7 @@ public class HttpSecurityRequestMatchersTests {
 		static class PathController {
 
 			@RequestMapping("/path")
-			public String path() {
+			String path() {
 				return "path";
 			}
 
@@ -318,7 +318,7 @@ public class HttpSecurityRequestMatchersTests {
 		static class PathController {
 
 			@RequestMapping("/path")
-			public String path() {
+			String path() {
 				return "path";
 			}
 
@@ -357,7 +357,7 @@ public class HttpSecurityRequestMatchersTests {
 		static class PathController {
 
 			@RequestMapping("/path")
-			public String path() {
+			String path() {
 				return "path";
 			}
 
@@ -391,7 +391,7 @@ public class HttpSecurityRequestMatchersTests {
 		static class PathController {
 
 			@RequestMapping("/path")
-			public String path() {
+			String path() {
 				return "path";
 			}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpBasicTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpBasicTests.java
index 8eed33342d..1d66dfce56 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpBasicTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpBasicTests.java
@@ -162,7 +162,7 @@ public class NamespaceHttpBasicTests {
 	static class UserConfig {
 
 		@Bean
-		public UserDetailsService userDetailsService() {
+		UserDetailsService userDetailsService() {
 			return new InMemoryUserDetailsManager(
 			// @formatter:off
 				User.withDefaultPasswordEncoder()
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpCustomFilterTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpCustomFilterTests.java
index 4e8ab99a6d..817792742f 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpCustomFilterTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpCustomFilterTests.java
@@ -192,15 +192,9 @@ public class NamespaceHttpCustomFilterTests {
 	static class UserDetailsServiceConfig {
 
 		@Bean
-		public UserDetailsService userDetailsService() {
+		UserDetailsService userDetailsService() {
 			return new InMemoryUserDetailsManager(
-			// @formatter:off
-					User.withDefaultPasswordEncoder()
-							.username("user")
-							.password("password")
-							.roles("USER")
-							.build());
-					// @formatter:on
+					User.withDefaultPasswordEncoder().username("user").password("password").roles("USER").build());
 		}
 
 	}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFormLoginTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFormLoginTests.java
index 565d67e9e9..b080cf6754 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFormLoginTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFormLoginTests.java
@@ -178,7 +178,7 @@ public class NamespaceHttpFormLoginTests {
 	static class UserDetailsServiceConfig {
 
 		@Bean
-		public UserDetailsService userDetailsService() {
+		UserDetailsService userDetailsService() {
 			return new InMemoryUserDetailsManager(
 			// @formatter:off
 					User.withDefaultPasswordEncoder()
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpInterceptUrlTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpInterceptUrlTests.java
index 2de270cea9..e88dd304e4 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpInterceptUrlTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpInterceptUrlTests.java
@@ -152,27 +152,27 @@ public class NamespaceHttpInterceptUrlTests {
 	static class BaseController {
 
 		@GetMapping("/users")
-		public String users() {
+		String users() {
 			return "ok";
 		}
 
 		@GetMapping("/sessions")
-		public String sessions() {
+		String sessions() {
 			return "sessions";
 		}
 
 		@RequestMapping("/admin/post")
-		public String adminPost() {
+		String adminPost() {
 			return "adminPost";
 		}
 
 		@GetMapping("/admin/another-post")
-		public String adminAnotherPost() {
+		String adminAnotherPost() {
 			return "adminAnotherPost";
 		}
 
 		@GetMapping("/signup")
-		public String signup() {
+		String signup() {
 			return "signup";
 		}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpJeeTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpJeeTests.java
index 47cd62b4c3..96a9287fe8 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpJeeTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpJeeTests.java
@@ -147,12 +147,12 @@ public class NamespaceHttpJeeTests {
 	static class BaseController {
 
 		@GetMapping("/authenticated")
-		public String authenticated(Authentication authentication) {
+		String authenticated(Authentication authentication) {
 			return authentication.getName();
 		}
 
 		@GetMapping("/roles")
-		public String roles(Authentication authentication) {
+		String roles(Authentication authentication) {
 			return authentication.getAuthorities().stream().map(Object::toString).collect(Collectors.joining(","));
 		}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpOpenIDLoginTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpOpenIDLoginTests.java
index 8200697010..373c29186a 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpOpenIDLoginTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpOpenIDLoginTests.java
@@ -293,15 +293,9 @@ public class NamespaceHttpOpenIDLoginTests {
 	static class UserDetailsServiceConfig {
 
 		@Bean
-		public UserDetailsService userDetailsService() {
+		UserDetailsService userDetailsService() {
 			return new InMemoryUserDetailsManager(
-			// @formatter:off
-					User.withDefaultPasswordEncoder()
-							.username("user")
-							.password("password")
-							.roles("USER")
-							.build());
-					// @formatter:on
+					User.withDefaultPasswordEncoder().username("user").password("password").roles("USER").build());
 		}
 
 	}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpRequestCacheTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpRequestCacheTests.java
index 7f24ed7f73..a67380193c 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpRequestCacheTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpRequestCacheTests.java
@@ -106,7 +106,7 @@ public class NamespaceHttpRequestCacheTests {
 		}
 
 		@Bean
-		public RequestCache requestCache() {
+		RequestCache requestCache() {
 			return mock(RequestCache.class);
 		}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceSessionManagementTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceSessionManagementTests.java
index 8fccfcd006..6f08c7290a 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceSessionManagementTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceSessionManagementTests.java
@@ -371,7 +371,7 @@ public class NamespaceSessionManagementTests {
 		}
 
 		@Bean
-		public MockEventListener eventListener() {
+		MockEventListener eventListener() {
 			return spy(new MockEventListener());
 		}
 
@@ -425,12 +425,12 @@ public class NamespaceSessionManagementTests {
 	static class BasicController {
 
 		@GetMapping("/")
-		public String ok() {
+		String ok() {
 			return "ok";
 		}
 
 		@GetMapping("/auth")
-		public String auth(Principal principal) {
+		String auth(Principal principal) {
 			return principal.getName();
 		}
 
@@ -444,17 +444,17 @@ public class NamespaceSessionManagementTests {
 
 		private Boolean exists = true;
 
-		public ResultMatcher exists(boolean exists) {
+		ResultMatcher exists(boolean exists) {
 			this.exists = exists;
 			return this;
 		}
 
-		public ResultMatcher valid(boolean valid) {
+		ResultMatcher valid(boolean valid) {
 			this.valid = valid;
 			return this.exists(true);
 		}
 
-		public ResultMatcher id(String id) {
+		ResultMatcher id(String id) {
 			this.id = id;
 			return this.exists(true);
 		}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurerTests.java
index 8c10fa0d5a..8ec6c1b5a7 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurerTests.java
@@ -317,7 +317,7 @@ public class RememberMeConfigurerTests {
 		}
 
 		@Autowired
-		public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
+		void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
 			// @formatter:off
 			auth
 				.inMemoryAuthentication()
@@ -344,7 +344,7 @@ public class RememberMeConfigurerTests {
 		}
 
 		@Autowired
-		public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
+		void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
 			// @formatter:off
 			auth
 				.inMemoryAuthentication()
@@ -372,7 +372,7 @@ public class RememberMeConfigurerTests {
 		}
 
 		@Autowired
-		public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
+		void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
 			// @formatter:off
 			auth
 				.inMemoryAuthentication()
@@ -402,7 +402,7 @@ public class RememberMeConfigurerTests {
 		}
 
 		@Autowired
-		public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
+		void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
 			// @formatter:off
 			auth
 				.inMemoryAuthentication()
@@ -434,7 +434,7 @@ public class RememberMeConfigurerTests {
 		}
 
 		@Autowired
-		public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
+		void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
 			// @formatter:off
 			auth
 				.inMemoryAuthentication()
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestCacheConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestCacheConfigurerTests.java
index a385089f9a..d769b5869d 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestCacheConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestCacheConfigurerTests.java
@@ -387,7 +387,7 @@ public class RequestCacheConfigurerTests {
 	static class DefaultSecurityConfig {
 
 		@Bean
-		public InMemoryUserDetailsManager userDetailsManager() {
+		InMemoryUserDetailsManager userDetailsManager() {
 			// @formatter:off
 			return new InMemoryUserDetailsManager(User.withDefaultPasswordEncoder()
 					.username("user")
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ServletApiConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ServletApiConfigurerTests.java
index 05236e3742..274b156c11 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ServletApiConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ServletApiConfigurerTests.java
@@ -256,7 +256,7 @@ public class ServletApiConfigurerTests {
 		}
 
 		@Bean
-		public AuthenticationManager customAuthenticationManager() throws Exception {
+		AuthenticationManager customAuthenticationManager() throws Exception {
 			return super.authenticationManagerBean();
 		}
 
@@ -356,7 +356,7 @@ public class ServletApiConfigurerTests {
 	static class AdminController {
 
 		@GetMapping("/admin")
-		public void admin(HttpServletRequest request) {
+		void admin(HttpServletRequest request) {
 			if (!request.isUserInRole("ADMIN")) {
 				throw new AccessDeniedException("This resource is only available to admins");
 			}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerSessionCreationPolicyTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerSessionCreationPolicyTests.java
index ff7d81bae3..11f60b1e9e 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerSessionCreationPolicyTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerSessionCreationPolicyTests.java
@@ -111,7 +111,7 @@ public class SessionManagementConfigurerSessionCreationPolicyTests {
 	static class BasicController {
 
 		@GetMapping("/")
-		public String root() {
+		String root() {
 			return "ok";
 		}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTests.java
index 36c2b9aeba..095c01d59c 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTests.java
@@ -515,7 +515,7 @@ public class SessionManagementConfigurerTests {
 		}
 
 		@Bean
-		public SessionRegistry sessionRegistry() {
+		SessionRegistry sessionRegistry() {
 			return SESSION_REGISTRY;
 		}
 
@@ -538,12 +538,12 @@ public class SessionManagementConfigurerTests {
 		}
 
 		@Bean
-		public SessionRegistry sessionRegistryOne() {
+		SessionRegistry sessionRegistryOne() {
 			return SESSION_REGISTRY_ONE;
 		}
 
 		@Bean
-		public SessionRegistry sessionRegistryTwo() {
+		SessionRegistry sessionRegistryTwo() {
 			return SESSION_REGISTRY_TWO;
 		}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationConfigurerTests.java
index f7b7b77681..b9b61ad579 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationConfigurerTests.java
@@ -183,7 +183,7 @@ public class UrlAuthorizationConfigurerTests {
 		static class PathController {
 
 			@RequestMapping("/path")
-			public String path() {
+			String path() {
 				return "path";
 			}
 
@@ -218,7 +218,7 @@ public class UrlAuthorizationConfigurerTests {
 		static class PathController {
 
 			@RequestMapping("/path")
-			public String path() {
+			String path() {
 				return "path";
 			}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerTests.java
index 2fd0b699a8..7e96a853e8 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerTests.java
@@ -265,20 +265,20 @@ public class OAuth2ClientConfigurerTests {
 		}
 
 		@Bean
-		public ClientRegistrationRepository clientRegistrationRepository() {
+		ClientRegistrationRepository clientRegistrationRepository() {
 			return clientRegistrationRepository;
 		}
 
 		@Bean
-		public OAuth2AuthorizedClientRepository authorizedClientRepository() {
+		OAuth2AuthorizedClientRepository authorizedClientRepository() {
 			return authorizedClientRepository;
 		}
 
 		@RestController
-		public class ResourceController {
+		class ResourceController {
 
 			@GetMapping("/resource1")
-			public String resource1(
+			String resource1(
 					@RegisteredOAuth2AuthorizedClient("registration-1") OAuth2AuthorizedClient authorizedClient) {
 				return "resource1";
 			}
@@ -304,12 +304,12 @@ public class OAuth2ClientConfigurerTests {
 		}
 
 		@Bean
-		public ClientRegistrationRepository clientRegistrationRepository() {
+		ClientRegistrationRepository clientRegistrationRepository() {
 			return clientRegistrationRepository;
 		}
 
 		@Bean
-		public OAuth2AuthorizedClientRepository authorizedClientRepository() {
+		OAuth2AuthorizedClientRepository authorizedClientRepository() {
 			return authorizedClientRepository;
 		}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java
index 82fbe70deb..407342ba0e 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java
@@ -1907,7 +1907,7 @@ public class OAuth2ResourceServerConfigurerTests {
 		}
 
 		@Bean
-		public JwtDecoder decoder() {
+		JwtDecoder decoder() {
 			return mock(JwtDecoder.class);
 		}
 
@@ -1930,7 +1930,7 @@ public class OAuth2ResourceServerConfigurerTests {
 		}
 
 		@Bean
-		public AuthenticationProvider authenticationProvider() {
+		AuthenticationProvider authenticationProvider() {
 			return mock(AuthenticationProvider.class);
 		}
 
@@ -1955,7 +1955,7 @@ public class OAuth2ResourceServerConfigurerTests {
 			// @formatter:on
 		}
 
-		public OAuth2TokenValidator<Jwt> getJwtValidator() {
+		OAuth2TokenValidator<Jwt> getJwtValidator() {
 			return this.jwtValidator;
 		}
 
@@ -2122,7 +2122,7 @@ public class OAuth2ResourceServerConfigurerTests {
 		}
 
 		@Bean
-		public AuthenticationProvider authenticationProvider() {
+		AuthenticationProvider authenticationProvider() {
 			return mock(AuthenticationProvider.class);
 		}
 
@@ -2150,7 +2150,7 @@ public class OAuth2ResourceServerConfigurerTests {
 		}
 
 		@Bean
-		public AuthenticationProvider authenticationProvider() {
+		AuthenticationProvider authenticationProvider() {
 			return mock(AuthenticationProvider.class);
 		}
 
@@ -2234,7 +2234,7 @@ public class OAuth2ResourceServerConfigurerTests {
 	static class JwtDecoderConfig {
 
 		@Bean
-		public JwtDecoder jwtDecoder() {
+		JwtDecoder jwtDecoder() {
 			return mock(JwtDecoder.class);
 		}
 
@@ -2244,35 +2244,35 @@ public class OAuth2ResourceServerConfigurerTests {
 	static class BasicController {
 
 		@GetMapping("/")
-		public String get() {
+		String get() {
 			return "ok";
 		}
 
 		@PostMapping("/post")
-		public String post() {
+		String post() {
 			return "post";
 		}
 
 		@RequestMapping(value = "/authenticated", method = { RequestMethod.GET, RequestMethod.POST })
-		public String authenticated(Authentication authentication) {
+		String authenticated(Authentication authentication) {
 			return authentication.getName();
 		}
 
 		@GetMapping("/requires-read-scope")
-		public String requiresReadScope(JwtAuthenticationToken token) {
+		String requiresReadScope(JwtAuthenticationToken token) {
 			return token.getAuthorities().stream().map(GrantedAuthority::getAuthority).collect(Collectors.toList())
 					.toString();
 		}
 
 		@GetMapping("/ms-requires-read-scope")
 		@PreAuthorize("hasAuthority('SCOPE_message:read')")
-		public String msRequiresReadScope(JwtAuthenticationToken token) {
+		String msRequiresReadScope(JwtAuthenticationToken token) {
 			return requiresReadScope(token);
 		}
 
 		@GetMapping("/ms-deny")
 		@PreAuthorize("denyAll")
-		public String deny() {
+		String deny() {
 			return "hmm, that's odd";
 		}
 
@@ -2284,7 +2284,7 @@ public class OAuth2ResourceServerConfigurerTests {
 		private final MockWebServer server = new MockWebServer();
 
 		@PreDestroy
-		public void shutdown() throws IOException {
+		void shutdown() throws IOException {
 			this.server.shutdown();
 		}
 
@@ -2297,7 +2297,7 @@ public class OAuth2ResourceServerConfigurerTests {
 		}
 
 		@Bean
-		public MockWebServer web() {
+		MockWebServer web() {
 			return this.server;
 		}
 
@@ -2354,7 +2354,7 @@ public class OAuth2ResourceServerConfigurerTests {
 			this.token = token;
 		}
 
-		public BearerTokenRequestPostProcessor asParam() {
+		BearerTokenRequestPostProcessor asParam() {
 			this.asRequestParameter = true;
 			return this;
 		}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurityTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurityTests.java
index 9ef91dc752..f4024587df 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurityTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurityTests.java
@@ -270,13 +270,13 @@ public class EnableWebFluxSecurityTests {
 	static class CustomPasswordEncoderConfig {
 
 		@Bean
-		public ReactiveUserDetailsService userDetailsService(PasswordEncoder encoder) {
+		ReactiveUserDetailsService userDetailsService(PasswordEncoder encoder) {
 			return new MapReactiveUserDetailsService(
 					User.withUsername("user").password(encoder.encode("password")).roles("USER").build());
 		}
 
 		@Bean
-		public static PasswordEncoder passwordEncoder() {
+		static PasswordEncoder passwordEncoder() {
 			return new BCryptPasswordEncoder();
 		}
 
@@ -286,7 +286,7 @@ public class EnableWebFluxSecurityTests {
 	static class MapReactiveUserDetailsServiceConfig {
 
 		@Bean
-		public MapReactiveUserDetailsService userDetailsService() {
+		MapReactiveUserDetailsService userDetailsService() {
 			// @formatter:off
 			return new MapReactiveUserDetailsService(User.withUsername("user")
 					.password("{noop}password")
@@ -304,14 +304,14 @@ public class EnableWebFluxSecurityTests {
 
 		@Order(Ordered.HIGHEST_PRECEDENCE)
 		@Bean
-		public SecurityWebFilterChain apiHttpSecurity(ServerHttpSecurity http) {
+		SecurityWebFilterChain apiHttpSecurity(ServerHttpSecurity http) {
 			http.securityMatcher(new PathPatternParserServerWebExchangeMatcher("/api/**")).authorizeExchange()
 					.anyExchange().denyAll();
 			return http.build();
 		}
 
 		@Bean
-		public SecurityWebFilterChain httpSecurity(ServerHttpSecurity http) {
+		SecurityWebFilterChain httpSecurity(ServerHttpSecurity http) {
 			return http.build();
 		}
 
@@ -323,7 +323,7 @@ public class EnableWebFluxSecurityTests {
 	static class AuthenticationPrincipalConfig {
 
 		@Bean
-		public PrincipalBean principalBean() {
+		PrincipalBean principalBean() {
 			return new PrincipalBean();
 		}
 
@@ -336,7 +336,7 @@ public class EnableWebFluxSecurityTests {
 		}
 
 		@RestController
-		public static class AuthenticationPrincipalResolver {
+		static class AuthenticationPrincipalResolver {
 
 			@GetMapping("/spel")
 			String username(@AuthenticationPrincipal(expression = "@principalBean.username(#this)") String username) {
@@ -352,12 +352,12 @@ public class EnableWebFluxSecurityTests {
 	static class BeanProxyEnabledByDefaultConfig {
 
 		@Bean
-		public Child child() {
+		Child child() {
 			return new Child();
 		}
 
 		@Bean
-		public Parent parent() {
+		Parent parent() {
 			return new Parent(child());
 		}
 
@@ -369,12 +369,12 @@ public class EnableWebFluxSecurityTests {
 	static class BeanProxyDisabledConfig {
 
 		@Bean
-		public Child child() {
+		Child child() {
 			return new Child();
 		}
 
 		@Bean
-		public Parent parent() {
+		Parent parent() {
 			return new Parent(child());
 		}
 
@@ -388,7 +388,7 @@ public class EnableWebFluxSecurityTests {
 			this.child = child;
 		}
 
-		public Child getChild() {
+		Child getChild() {
 			return this.child;
 		}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerDocTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerDocTests.java
index 2bb6965eb8..5b38a0668c 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerDocTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerDocTests.java
@@ -120,7 +120,7 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerDocTests {
 	static class MyController {
 
 		@MessageMapping("/authentication")
-		public void authentication(@AuthenticationPrincipal String un) {
+		void authentication(@AuthenticationPrincipal String un) {
 			// ... do something ...
 		}
 
@@ -161,7 +161,7 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerDocTests {
 		}
 
 		@Bean
-		public MyController myController() {
+		MyController myController() {
 			return new MyController();
 		}
 
@@ -171,7 +171,7 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerDocTests {
 	static class SyncExecutorConfig {
 
 		@Bean
-		public static SyncExecutorSubscribableChannelPostProcessor postProcessor() {
+		static SyncExecutorSubscribableChannelPostProcessor postProcessor() {
 			return new SyncExecutorSubscribableChannelPostProcessor();
 		}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerTests.java
index c840cbc282..4aecda3869 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerTests.java
@@ -441,7 +441,7 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
 		}
 
 		@Bean
-		public TestHandshakeHandler testHandshakeHandler() {
+		TestHandshakeHandler testHandshakeHandler() {
 			return new TestHandshakeHandler();
 		}
 
@@ -480,7 +480,7 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
 		}
 
 		@Bean
-		public TestHandshakeHandler testHandshakeHandler() {
+		TestHandshakeHandler testHandshakeHandler() {
 			return new TestHandshakeHandler();
 		}
 
@@ -516,7 +516,7 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
 		}
 
 		@Bean
-		public TestHandshakeHandler testHandshakeHandler() {
+		TestHandshakeHandler testHandshakeHandler() {
 			return new TestHandshakeHandler();
 		}
 
@@ -545,18 +545,22 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
 		// @formatter:on
 
 		@Bean
-		public static SecurityExpressionHandler<Message<Object>> messageSecurityExpressionHandler() {
+		static SecurityExpressionHandler<Message<Object>> messageSecurityExpressionHandler() {
 			return new DefaultMessageSecurityExpressionHandler<Object>() {
+
 				@Override
 				protected SecurityExpressionOperations createSecurityExpressionRoot(Authentication authentication,
 						Message<Object> invocation) {
 					return new MessageSecurityExpressionRoot(authentication, invocation) {
+
 						public boolean denyRob() {
 							Authentication auth = getAuthentication();
 							return auth != null && !"rob".equals(auth.getName());
 						}
+
 					};
 				}
+
 			};
 		}
 
diff --git a/config/src/test/java/org/springframework/security/config/authentication/AuthenticationConfigurationGh3935Tests.java b/config/src/test/java/org/springframework/security/config/authentication/AuthenticationConfigurationGh3935Tests.java
index c1a5d9125e..b688bba746 100644
--- a/config/src/test/java/org/springframework/security/config/authentication/AuthenticationConfigurationGh3935Tests.java
+++ b/config/src/test/java/org/springframework/security/config/authentication/AuthenticationConfigurationGh3935Tests.java
@@ -113,7 +113,7 @@ public class AuthenticationConfigurationGh3935Tests {
 		}
 
 		@Bean
-		public UserDetailsService userDetailsService() {
+		UserDetailsService userDetailsService() {
 			return mock(UserDetailsService.class);
 		}
 
diff --git a/config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsJcTests.java b/config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsJcTests.java
index 2e5ef45289..14298cf186 100644
--- a/config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsJcTests.java
+++ b/config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsJcTests.java
@@ -166,7 +166,7 @@ public class GrantedAuthorityDefaultsJcTests {
 	static class Config extends WebSecurityConfigurerAdapter {
 
 		@Autowired
-		public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
+		void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
 			// @formatter:off
 			auth
 				.inMemoryAuthentication()
@@ -184,12 +184,12 @@ public class GrantedAuthorityDefaultsJcTests {
 		}
 
 		@Bean
-		public MessageService messageService() {
+		MessageService messageService() {
 			return new HelloWorldMessageService();
 		}
 
 		@Bean
-		public static GrantedAuthorityDefaults grantedAuthorityDefaults() {
+		static GrantedAuthorityDefaults grantedAuthorityDefaults() {
 			return new GrantedAuthorityDefaults("");
 		}
 
diff --git a/config/src/test/java/org/springframework/security/config/core/userdetails/ReactiveUserDetailsServiceResourceFactoryBeanPropertiesResourceITests.java b/config/src/test/java/org/springframework/security/config/core/userdetails/ReactiveUserDetailsServiceResourceFactoryBeanPropertiesResourceITests.java
index 1cbe52e40d..77bbef169f 100644
--- a/config/src/test/java/org/springframework/security/config/core/userdetails/ReactiveUserDetailsServiceResourceFactoryBeanPropertiesResourceITests.java
+++ b/config/src/test/java/org/springframework/security/config/core/userdetails/ReactiveUserDetailsServiceResourceFactoryBeanPropertiesResourceITests.java
@@ -47,7 +47,7 @@ public class ReactiveUserDetailsServiceResourceFactoryBeanPropertiesResourceITes
 	static class Config {
 
 		@Bean
-		public ReactiveUserDetailsServiceResourceFactoryBean userDetailsService() {
+		ReactiveUserDetailsServiceResourceFactoryBean userDetailsService() {
 			return ReactiveUserDetailsServiceResourceFactoryBean
 					.fromResource(new InMemoryResource("user=password,ROLE_USER"));
 		}
diff --git a/config/src/test/java/org/springframework/security/config/core/userdetails/ReactiveUserDetailsServiceResourceFactoryBeanPropertiesResourceLocationITests.java b/config/src/test/java/org/springframework/security/config/core/userdetails/ReactiveUserDetailsServiceResourceFactoryBeanPropertiesResourceLocationITests.java
index effd00c71e..cd720f1b7b 100644
--- a/config/src/test/java/org/springframework/security/config/core/userdetails/ReactiveUserDetailsServiceResourceFactoryBeanPropertiesResourceLocationITests.java
+++ b/config/src/test/java/org/springframework/security/config/core/userdetails/ReactiveUserDetailsServiceResourceFactoryBeanPropertiesResourceLocationITests.java
@@ -46,7 +46,7 @@ public class ReactiveUserDetailsServiceResourceFactoryBeanPropertiesResourceLoca
 	static class Config {
 
 		@Bean
-		public ReactiveUserDetailsServiceResourceFactoryBean userDetailsService() {
+		ReactiveUserDetailsServiceResourceFactoryBean userDetailsService() {
 			return ReactiveUserDetailsServiceResourceFactoryBean.fromResourceLocation("classpath:users.properties");
 		}
 
diff --git a/config/src/test/java/org/springframework/security/config/core/userdetails/ReactiveUserDetailsServiceResourceFactoryBeanStringITests.java b/config/src/test/java/org/springframework/security/config/core/userdetails/ReactiveUserDetailsServiceResourceFactoryBeanStringITests.java
index 76bccac1ba..f257138526 100644
--- a/config/src/test/java/org/springframework/security/config/core/userdetails/ReactiveUserDetailsServiceResourceFactoryBeanStringITests.java
+++ b/config/src/test/java/org/springframework/security/config/core/userdetails/ReactiveUserDetailsServiceResourceFactoryBeanStringITests.java
@@ -46,7 +46,7 @@ public class ReactiveUserDetailsServiceResourceFactoryBeanStringITests {
 	static class Config {
 
 		@Bean
-		public ReactiveUserDetailsServiceResourceFactoryBean userDetailsService() {
+		ReactiveUserDetailsServiceResourceFactoryBean userDetailsService() {
 			return ReactiveUserDetailsServiceResourceFactoryBean.fromString("user=password,ROLE_USER");
 		}
 
diff --git a/config/src/test/java/org/springframework/security/config/http/InterceptUrlConfigTests.java b/config/src/test/java/org/springframework/security/config/http/InterceptUrlConfigTests.java
index 5a3860ddae..07b4708f9e 100644
--- a/config/src/test/java/org/springframework/security/config/http/InterceptUrlConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/InterceptUrlConfigTests.java
@@ -228,12 +228,12 @@ public class InterceptUrlConfigTests {
 	static class PathController {
 
 		@RequestMapping("/path")
-		public String path() {
+		String path() {
 			return "path";
 		}
 
 		@RequestMapping("/path/{un}/path")
-		public String path(@PathVariable("un") String name) {
+		String path(@PathVariable("un") String name) {
 			return name;
 		}
 
diff --git a/config/src/test/java/org/springframework/security/config/http/MiscHttpConfigTests.java b/config/src/test/java/org/springframework/security/config/http/MiscHttpConfigTests.java
index d77ce6517e..56c9106964 100644
--- a/config/src/test/java/org/springframework/security/config/http/MiscHttpConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/MiscHttpConfigTests.java
@@ -751,12 +751,12 @@ public class MiscHttpConfigTests {
 	static class BasicController {
 
 		@RequestMapping("/unprotected")
-		public String unprotected() {
+		String unprotected() {
 			return "ok";
 		}
 
 		@RequestMapping("/protected")
-		public String protectedMethod(@AuthenticationPrincipal String name) {
+		String protectedMethod(@AuthenticationPrincipal String name) {
 			return name;
 		}
 
@@ -766,7 +766,7 @@ public class MiscHttpConfigTests {
 	static class CustomKeyController {
 
 		@GetMapping("/customKey")
-		public String customKey() {
+		String customKey() {
 			Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
 
 			if (authentication != null && authentication instanceof AnonymousAuthenticationToken) {
@@ -782,18 +782,18 @@ public class MiscHttpConfigTests {
 	static class AuthenticationController {
 
 		@GetMapping("/password")
-		public String password(@AuthenticationPrincipal Authentication authentication) {
+		String password(@AuthenticationPrincipal Authentication authentication) {
 			return (String) authentication.getCredentials();
 		}
 
 		@GetMapping("/roles")
-		public String roles(@AuthenticationPrincipal Authentication authentication) {
+		String roles(@AuthenticationPrincipal Authentication authentication) {
 			return authentication.getAuthorities().stream().map(GrantedAuthority::getAuthority)
 					.collect(Collectors.joining(","));
 		}
 
 		@GetMapping("/details")
-		public String details(@AuthenticationPrincipal Authentication authentication) {
+		String details(@AuthenticationPrincipal Authentication authentication) {
 			return authentication.getDetails().getClass().getName();
 		}
 
@@ -803,7 +803,7 @@ public class MiscHttpConfigTests {
 	static class JaasController {
 
 		@GetMapping("/username")
-		public String username() {
+		String username() {
 			Subject subject = Subject.getSubject(AccessController.getContext());
 			return subject.getPrincipals().iterator().next().getName();
 		}
diff --git a/config/src/test/java/org/springframework/security/config/http/MultiHttpBlockConfigTests.java b/config/src/test/java/org/springframework/security/config/http/MultiHttpBlockConfigTests.java
index 5259123a9a..dd3fb990e3 100644
--- a/config/src/test/java/org/springframework/security/config/http/MultiHttpBlockConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/MultiHttpBlockConfigTests.java
@@ -97,7 +97,7 @@ public class MultiHttpBlockConfigTests {
 	static class BasicController {
 
 		@GetMapping("/first")
-		public String first() {
+		String first() {
 			return "ok";
 		}
 
diff --git a/config/src/test/java/org/springframework/security/config/http/OpenIDConfigTests.java b/config/src/test/java/org/springframework/security/config/http/OpenIDConfigTests.java
index 3de4472b57..fad993004f 100644
--- a/config/src/test/java/org/springframework/security/config/http/OpenIDConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/OpenIDConfigTests.java
@@ -194,7 +194,7 @@ public class OpenIDConfigTests {
 	static class CustomLoginController {
 
 		@GetMapping("/login")
-		public String custom() {
+		String custom() {
 			return "a custom login page";
 		}
 
diff --git a/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigTests.java b/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigTests.java
index 19f7b33547..f7bd58f0b0 100644
--- a/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigTests.java
@@ -534,12 +534,12 @@ public class SessionManagementConfigTests {
 	static class BasicController {
 
 		@GetMapping("/")
-		public String ok() {
+		String ok() {
 			return "ok";
 		}
 
 		@GetMapping("/auth")
-		public String auth(Principal principal) {
+		String auth(Principal principal) {
 			return principal.getName();
 		}
 
@@ -553,17 +553,17 @@ public class SessionManagementConfigTests {
 
 		private Boolean exists = true;
 
-		public ResultMatcher exists(boolean exists) {
+		ResultMatcher exists(boolean exists) {
 			this.exists = exists;
 			return this;
 		}
 
-		public ResultMatcher valid(boolean valid) {
+		ResultMatcher valid(boolean valid) {
 			this.valid = valid;
 			return this.exists(true);
 		}
 
-		public ResultMatcher id(String id) {
+		ResultMatcher id(String id) {
 			this.id = id;
 			return this.exists(true);
 		}
diff --git a/config/src/test/java/org/springframework/security/config/http/customconfigurer/CustomHttpSecurityConfigurerTests.java b/config/src/test/java/org/springframework/security/config/http/customconfigurer/CustomHttpSecurityConfigurerTests.java
index 5a76fc998d..9f715ddce9 100644
--- a/config/src/test/java/org/springframework/security/config/http/customconfigurer/CustomHttpSecurityConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/customconfigurer/CustomHttpSecurityConfigurerTests.java
@@ -132,7 +132,7 @@ public class CustomHttpSecurityConfigurerTests {
 		}
 
 		@Bean
-		public static PropertyPlaceholderConfigurer propertyPlaceholderConfigurer() {
+		static PropertyPlaceholderConfigurer propertyPlaceholderConfigurer() {
 			// Typically externalize this as a properties file
 			Properties properties = new Properties();
 			properties.setProperty("permitAllPattern", "/public/**");
@@ -160,7 +160,7 @@ public class CustomHttpSecurityConfigurerTests {
 		}
 
 		@Bean
-		public static PropertyPlaceholderConfigurer propertyPlaceholderConfigurer() {
+		static PropertyPlaceholderConfigurer propertyPlaceholderConfigurer() {
 			// Typically externalize this as a properties file
 			Properties properties = new Properties();
 			properties.setProperty("permitAllPattern", "/public/**");
diff --git a/config/src/test/java/org/springframework/security/config/provisioning/UserDetailsManagerResourceFactoryBeanPropertiesResourceITests.java b/config/src/test/java/org/springframework/security/config/provisioning/UserDetailsManagerResourceFactoryBeanPropertiesResourceITests.java
index 4baab7a972..d1c937dd65 100644
--- a/config/src/test/java/org/springframework/security/config/provisioning/UserDetailsManagerResourceFactoryBeanPropertiesResourceITests.java
+++ b/config/src/test/java/org/springframework/security/config/provisioning/UserDetailsManagerResourceFactoryBeanPropertiesResourceITests.java
@@ -47,7 +47,7 @@ public class UserDetailsManagerResourceFactoryBeanPropertiesResourceITests {
 	static class Config {
 
 		@Bean
-		public UserDetailsManagerResourceFactoryBean userDetailsService() {
+		UserDetailsManagerResourceFactoryBean userDetailsService() {
 			return UserDetailsManagerResourceFactoryBean.fromResource(new InMemoryResource("user=password,ROLE_USER"));
 		}
 
diff --git a/config/src/test/java/org/springframework/security/config/provisioning/UserDetailsManagerResourceFactoryBeanPropertiesResourceLocationITests.java b/config/src/test/java/org/springframework/security/config/provisioning/UserDetailsManagerResourceFactoryBeanPropertiesResourceLocationITests.java
index d02a00723c..5138dd984d 100644
--- a/config/src/test/java/org/springframework/security/config/provisioning/UserDetailsManagerResourceFactoryBeanPropertiesResourceLocationITests.java
+++ b/config/src/test/java/org/springframework/security/config/provisioning/UserDetailsManagerResourceFactoryBeanPropertiesResourceLocationITests.java
@@ -46,7 +46,7 @@ public class UserDetailsManagerResourceFactoryBeanPropertiesResourceLocationITes
 	static class Config {
 
 		@Bean
-		public UserDetailsManagerResourceFactoryBean userDetailsService() {
+		UserDetailsManagerResourceFactoryBean userDetailsService() {
 			return UserDetailsManagerResourceFactoryBean.fromResourceLocation("classpath:users.properties");
 		}
 
diff --git a/config/src/test/java/org/springframework/security/config/provisioning/UserDetailsManagerResourceFactoryBeanStringITests.java b/config/src/test/java/org/springframework/security/config/provisioning/UserDetailsManagerResourceFactoryBeanStringITests.java
index cf85689257..af4fccbd23 100644
--- a/config/src/test/java/org/springframework/security/config/provisioning/UserDetailsManagerResourceFactoryBeanStringITests.java
+++ b/config/src/test/java/org/springframework/security/config/provisioning/UserDetailsManagerResourceFactoryBeanStringITests.java
@@ -46,7 +46,7 @@ public class UserDetailsManagerResourceFactoryBeanStringITests {
 	static class Config {
 
 		@Bean
-		public UserDetailsManagerResourceFactoryBean userDetailsService() {
+		UserDetailsManagerResourceFactoryBean userDetailsService() {
 			return UserDetailsManagerResourceFactoryBean.fromString("user=password,ROLE_USER");
 		}
 
diff --git a/config/src/test/java/org/springframework/security/config/web/server/HttpsRedirectSpecTests.java b/config/src/test/java/org/springframework/security/config/web/server/HttpsRedirectSpecTests.java
index bd1c597808..f31818b22b 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/HttpsRedirectSpecTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/HttpsRedirectSpecTests.java
@@ -201,7 +201,7 @@ public class HttpsRedirectSpecTests {
 		}
 
 		@Bean
-		public PortMapper portMapper() {
+		PortMapper portMapper() {
 			return mock(PortMapper.class);
 		}
 
@@ -225,7 +225,7 @@ public class HttpsRedirectSpecTests {
 		}
 
 		@Bean
-		public PortMapper portMapper() {
+		PortMapper portMapper() {
 			return mock(PortMapper.class);
 		}
 
diff --git a/config/src/test/java/org/springframework/security/config/web/server/OAuth2ClientSpecTests.java b/config/src/test/java/org/springframework/security/config/web/server/OAuth2ClientSpecTests.java
index 2392649dd4..6000f4da54 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/OAuth2ClientSpecTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/OAuth2ClientSpecTests.java
@@ -256,7 +256,7 @@ public class OAuth2ClientSpecTests {
 		ServerRequestCache requestCache = mock(ServerRequestCache.class);
 
 		@Bean
-		public SecurityWebFilterChain springSecurityFilter(ServerHttpSecurity http) {
+		SecurityWebFilterChain springSecurityFilter(ServerHttpSecurity http) {
 			// @formatter:off
 			http
 				.oauth2Client()
@@ -284,7 +284,7 @@ public class OAuth2ClientSpecTests {
 		ServerRequestCache requestCache = mock(ServerRequestCache.class);
 
 		@Bean
-		public SecurityWebFilterChain springSecurityFilter(ServerHttpSecurity http) {
+		SecurityWebFilterChain springSecurityFilter(ServerHttpSecurity http) {
 			// @formatter:off
 			http
 				.oauth2Client((oauth2Client) ->
diff --git a/config/src/test/java/org/springframework/security/config/web/server/OAuth2LoginTests.java b/config/src/test/java/org/springframework/security/config/web/server/OAuth2LoginTests.java
index ad3da58441..c6809ca45b 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/OAuth2LoginTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/OAuth2LoginTests.java
@@ -566,7 +566,7 @@ public class OAuth2LoginTests {
 		ServerAuthenticationFailureHandler failureHandler = mock(ServerAuthenticationFailureHandler.class);
 
 		@Bean
-		public SecurityWebFilterChain springSecurityFilter(ServerHttpSecurity http) {
+		SecurityWebFilterChain springSecurityFilter(ServerHttpSecurity http) {
 			// @formatter:off
 			http
 				.authorizeExchange()
@@ -599,7 +599,7 @@ public class OAuth2LoginTests {
 		ServerAuthenticationSuccessHandler successHandler = mock(ServerAuthenticationSuccessHandler.class);
 
 		@Bean
-		public SecurityWebFilterChain springSecurityFilter(ServerHttpSecurity http) {
+		SecurityWebFilterChain springSecurityFilter(ServerHttpSecurity http) {
 			// @formatter:off
 			http
 				.authorizeExchange((exchanges) ->
@@ -635,7 +635,7 @@ public class OAuth2LoginTests {
 		ServerSecurityContextRepository securityContextRepository = mock(ServerSecurityContextRepository.class);
 
 		@Bean
-		public SecurityWebFilterChain springSecurityFilter(ServerHttpSecurity http) {
+		SecurityWebFilterChain springSecurityFilter(ServerHttpSecurity http) {
 			// @formatter:off
 			http
 				.authorizeExchange()
@@ -657,12 +657,12 @@ public class OAuth2LoginTests {
 		}
 
 		@Bean
-		public ReactiveJwtDecoderFactory<ClientRegistration> jwtDecoderFactory() {
+		ReactiveJwtDecoderFactory<ClientRegistration> jwtDecoderFactory() {
 			return this.jwtDecoderFactory;
 		}
 
 		@Bean
-		public ReactiveOAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient() {
+		ReactiveOAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient() {
 			return this.tokenResponseClient;
 		}
 
@@ -700,7 +700,7 @@ public class OAuth2LoginTests {
 				.build();
 
 		@Bean
-		public SecurityWebFilterChain springSecurity(ServerHttpSecurity http) {
+		SecurityWebFilterChain springSecurity(ServerHttpSecurity http) {
 			// @formatter:off
 			http
 				.csrf().disable()
diff --git a/config/src/test/java/org/springframework/security/config/websocket/WebSocketMessageBrokerConfigTests.java b/config/src/test/java/org/springframework/security/config/websocket/WebSocketMessageBrokerConfigTests.java
index 19cefb2791..4bd2d1e9f3 100644
--- a/config/src/test/java/org/springframework/security/config/websocket/WebSocketMessageBrokerConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/websocket/WebSocketMessageBrokerConfigTests.java
@@ -444,7 +444,7 @@ public class WebSocketMessageBrokerConfigTests {
 		String username;
 
 		@MessageMapping("/message")
-		public void authentication(@AuthenticationPrincipal String username) {
+		void authentication(@AuthenticationPrincipal String username) {
 			this.username = username;
 		}
 
@@ -456,7 +456,7 @@ public class WebSocketMessageBrokerConfigTests {
 		MessageArgument messageArgument;
 
 		@MessageMapping("/message-with-argument")
-		public void myCustom(MessageArgument messageArgument) {
+		void myCustom(MessageArgument messageArgument) {
 			this.messageArgument = messageArgument;
 		}
 
@@ -531,10 +531,12 @@ public class WebSocketMessageBrokerConfigTests {
 				Message<Object> invocation) {
 
 			return new MessageSecurityExpressionRoot(authentication, invocation) {
+
 				public boolean denyNile() {
 					Authentication auth = getAuthentication();
 					return auth != null && !"nile".equals(auth.getName());
 				}
+
 			};
 		}
 
diff --git a/config/src/test/java/org/springframework/security/htmlunit/server/HtmlUnitWebTestClient.java b/config/src/test/java/org/springframework/security/htmlunit/server/HtmlUnitWebTestClient.java
index 1859625ce4..53c2b86913 100644
--- a/config/src/test/java/org/springframework/security/htmlunit/server/HtmlUnitWebTestClient.java
+++ b/config/src/test/java/org/springframework/security/htmlunit/server/HtmlUnitWebTestClient.java
@@ -58,7 +58,7 @@ final class HtmlUnitWebTestClient {
 		this.webTestClient = webTestClient.mutate().filter(new FollowRedirects()).filter(new CookieManager()).build();
 	}
 
-	public FluxExchangeResult<String> getResponse(WebRequest webRequest) {
+	FluxExchangeResult<String> getResponse(WebRequest webRequest) {
 		WebTestClient.RequestBodySpec request = this.webTestClient.method(httpMethod(webRequest)).uri(uri(webRequest));
 		contentType(request, webRequest);
 		cookies(request, webRequest);
diff --git a/config/src/test/java/org/springframework/security/htmlunit/server/MockWebResponseBuilder.java b/config/src/test/java/org/springframework/security/htmlunit/server/MockWebResponseBuilder.java
index fe634597b0..ef1253c08d 100644
--- a/config/src/test/java/org/springframework/security/htmlunit/server/MockWebResponseBuilder.java
+++ b/config/src/test/java/org/springframework/security/htmlunit/server/MockWebResponseBuilder.java
@@ -50,7 +50,7 @@ final class MockWebResponseBuilder {
 		this.exchangeResult = exchangeResult;
 	}
 
-	public WebResponse build() throws IOException {
+	WebResponse build() throws IOException {
 		WebResponseData webResponseData = webResponseData();
 		long endTime = System.currentTimeMillis();
 		return new WebResponse(webResponseData, this.webRequest, endTime - this.startTime);
diff --git a/config/src/test/java/org/springframework/security/htmlunit/server/WebTestClientHtmlUnitDriverBuilderTests.java b/config/src/test/java/org/springframework/security/htmlunit/server/WebTestClientHtmlUnitDriverBuilderTests.java
index c1c02565db..7f509d7f1a 100644
--- a/config/src/test/java/org/springframework/security/htmlunit/server/WebTestClientHtmlUnitDriverBuilderTests.java
+++ b/config/src/test/java/org/springframework/security/htmlunit/server/WebTestClientHtmlUnitDriverBuilderTests.java
@@ -71,7 +71,7 @@ public class WebTestClientHtmlUnitDriverBuilderTests {
 
 		@ResponseBody
 		@GetMapping(produces = MediaType.TEXT_HTML_VALUE)
-		public String index() {
+		String index() {
 			return "<html>\n" + "<head>\n" + "<title>Hello World</title>\n" + "</head>\n" + "<body>\n"
 					+ "<h1>Hello World</h1>\n" + "</body>\n" + "</html>";
 		}
@@ -83,13 +83,13 @@ public class WebTestClientHtmlUnitDriverBuilderTests {
 	class CookieController {
 
 		@GetMapping(path = "/", produces = MediaType.TEXT_HTML_VALUE)
-		public String view(@CookieValue(required = false) String cookieName) {
+		String view(@CookieValue(required = false) String cookieName) {
 			return "<html>\n" + "<head>\n" + "<title>Hello World</title>\n" + "</head>\n" + "<body>\n" + "<h1>"
 					+ TextEscapeUtils.escapeEntities(cookieName) + "</h1>\n" + "</body>\n" + "</html>";
 		}
 
 		@GetMapping("/cookie")
-		public Mono<Void> setCookie(ServerHttpResponse response) {
+		Mono<Void> setCookie(ServerHttpResponse response) {
 			response.addCookie(ResponseCookie.from("cookieName", "theCookie").build());
 			return redirect(response);
 		}
@@ -101,7 +101,7 @@ public class WebTestClientHtmlUnitDriverBuilderTests {
 		}
 
 		@GetMapping("/cookie/delete")
-		public Mono<Void> deleteCookie(ServerHttpResponse response) {
+		Mono<Void> deleteCookie(ServerHttpResponse response) {
 			response.addCookie(ResponseCookie.from("cookieName", "").maxAge(Duration.ofSeconds(0)).build());
 			return redirect(response);
 		}
diff --git a/core/src/test/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandlerTests.java b/core/src/test/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandlerTests.java
index e59794a237..f2f1047f61 100644
--- a/core/src/test/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandlerTests.java
+++ b/core/src/test/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandlerTests.java
@@ -178,9 +178,9 @@ public class DefaultMethodSecurityExpressionHandlerTests {
 		verify(upstream).close();
 	}
 
-	private static class Foo {
+	static class Foo {
 
-		public void bar() {
+		void bar() {
 		}
 
 	}
diff --git a/core/src/test/java/org/springframework/security/access/intercept/AbstractSecurityInterceptorTests.java b/core/src/test/java/org/springframework/security/access/intercept/AbstractSecurityInterceptorTests.java
index de5f8cd1d3..67f6e1aa86 100644
--- a/core/src/test/java/org/springframework/security/access/intercept/AbstractSecurityInterceptorTests.java
+++ b/core/src/test/java/org/springframework/security/access/intercept/AbstractSecurityInterceptorTests.java
@@ -70,7 +70,7 @@ public class AbstractSecurityInterceptorTests {
 			return this.securityMetadataSource;
 		}
 
-		public void setSecurityMetadataSource(SecurityMetadataSource securityMetadataSource) {
+		void setSecurityMetadataSource(SecurityMetadataSource securityMetadataSource) {
 			this.securityMetadataSource = securityMetadataSource;
 		}
 
@@ -90,7 +90,7 @@ public class AbstractSecurityInterceptorTests {
 			return this.securityMetadataSource;
 		}
 
-		public void setSecurityMetadataSource(SecurityMetadataSource securityMetadataSource) {
+		void setSecurityMetadataSource(SecurityMetadataSource securityMetadataSource) {
 			this.securityMetadataSource = securityMetadataSource;
 		}
 
diff --git a/core/src/test/java/org/springframework/security/authentication/dao/DaoAuthenticationProviderTests.java b/core/src/test/java/org/springframework/security/authentication/dao/DaoAuthenticationProviderTests.java
index 90bbd2336f..ca50e2d215 100644
--- a/core/src/test/java/org/springframework/security/authentication/dao/DaoAuthenticationProviderTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/dao/DaoAuthenticationProviderTests.java
@@ -719,7 +719,7 @@ public class DaoAuthenticationProviderTests {
 			throw new UsernameNotFoundException("Could not find: " + username);
 		}
 
-		public void setPassword(String password) {
+		void setPassword(String password) {
 			this.password = password;
 		}
 
diff --git a/core/src/test/java/org/springframework/security/jackson2/SecurityJackson2ModulesTests.java b/core/src/test/java/org/springframework/security/jackson2/SecurityJackson2ModulesTests.java
index 305c22adc8..d053a451b9 100644
--- a/core/src/test/java/org/springframework/security/jackson2/SecurityJackson2ModulesTests.java
+++ b/core/src/test/java/org/springframework/security/jackson2/SecurityJackson2ModulesTests.java
@@ -107,11 +107,11 @@ public class SecurityJackson2ModulesTests {
 
 		private String property = "bar";
 
-		public String getProperty() {
+		String getProperty() {
 			return this.property;
 		}
 
-		public void setProperty(String property) {
+		void setProperty(String property) {
 		}
 
 	}
@@ -121,11 +121,11 @@ public class SecurityJackson2ModulesTests {
 
 		private String property = "bar";
 
-		public String getProperty() {
+		String getProperty() {
 			return this.property;
 		}
 
-		public void setProperty(String property) {
+		void setProperty(String property) {
 		}
 
 	}
diff --git a/crypto/src/main/java/org/springframework/security/crypto/argon2/Argon2EncodingUtils.java b/crypto/src/main/java/org/springframework/security/crypto/argon2/Argon2EncodingUtils.java
index dcc0a5d478..1cdeb21016 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/argon2/Argon2EncodingUtils.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/argon2/Argon2EncodingUtils.java
@@ -56,7 +56,7 @@ final class Argon2EncodingUtils {
 	 * @return the encoded Argon2-hash-string as described above
 	 * @throws IllegalArgumentException if the Argon2Parameters are invalid
 	 */
-	public static String encode(byte[] hash, Argon2Parameters parameters) throws IllegalArgumentException {
+	static String encode(byte[] hash, Argon2Parameters parameters) throws IllegalArgumentException {
 		StringBuilder stringBuilder = new StringBuilder();
 
 		switch (parameters.getType()) {
@@ -104,7 +104,7 @@ final class Argon2EncodingUtils {
 	 * {@link Argon2Parameters}.
 	 * @throws IllegalArgumentException if the encoded hash is malformed
 	 */
-	public static Argon2Hash decode(String encodedHash) throws IllegalArgumentException {
+	static Argon2Hash decode(String encodedHash) throws IllegalArgumentException {
 		Argon2Parameters.Builder paramsBuilder;
 
 		String[] parts = encodedHash.split("\\$");
diff --git a/crypto/src/main/java/org/springframework/security/crypto/encrypt/CipherUtils.java b/crypto/src/main/java/org/springframework/security/crypto/encrypt/CipherUtils.java
index e8cadac13c..723208caff 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/encrypt/CipherUtils.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/encrypt/CipherUtils.java
@@ -45,14 +45,14 @@ final class CipherUtils {
 	/**
 	 * Generates a SecretKey.
 	 */
-	public static SecretKey newSecretKey(String algorithm, String password) {
+	static SecretKey newSecretKey(String algorithm, String password) {
 		return newSecretKey(algorithm, new PBEKeySpec(password.toCharArray()));
 	}
 
 	/**
 	 * Generates a SecretKey.
 	 */
-	public static SecretKey newSecretKey(String algorithm, PBEKeySpec keySpec) {
+	static SecretKey newSecretKey(String algorithm, PBEKeySpec keySpec) {
 		try {
 			SecretKeyFactory factory = SecretKeyFactory.getInstance(algorithm);
 			return factory.generateSecret(keySpec);
@@ -68,7 +68,7 @@ final class CipherUtils {
 	/**
 	 * Constructs a new Cipher.
 	 */
-	public static Cipher newCipher(String algorithm) {
+	static Cipher newCipher(String algorithm) {
 		try {
 			return Cipher.getInstance(algorithm);
 		}
@@ -83,7 +83,7 @@ final class CipherUtils {
 	/**
 	 * Initializes the Cipher for use.
 	 */
-	public static <T extends AlgorithmParameterSpec> T getParameterSpec(Cipher cipher, Class<T> parameterSpecClass) {
+	static <T extends AlgorithmParameterSpec> T getParameterSpec(Cipher cipher, Class<T> parameterSpecClass) {
 		try {
 			return cipher.getParameters().getParameterSpec(parameterSpecClass);
 		}
@@ -95,21 +95,21 @@ final class CipherUtils {
 	/**
 	 * Initializes the Cipher for use.
 	 */
-	public static void initCipher(Cipher cipher, int mode, SecretKey secretKey) {
+	static void initCipher(Cipher cipher, int mode, SecretKey secretKey) {
 		initCipher(cipher, mode, secretKey, null);
 	}
 
 	/**
 	 * Initializes the Cipher for use.
 	 */
-	public static void initCipher(Cipher cipher, int mode, SecretKey secretKey, byte[] salt, int iterationCount) {
+	static void initCipher(Cipher cipher, int mode, SecretKey secretKey, byte[] salt, int iterationCount) {
 		initCipher(cipher, mode, secretKey, new PBEParameterSpec(salt, iterationCount));
 	}
 
 	/**
 	 * Initializes the Cipher for use.
 	 */
-	public static void initCipher(Cipher cipher, int mode, SecretKey secretKey, AlgorithmParameterSpec parameterSpec) {
+	static void initCipher(Cipher cipher, int mode, SecretKey secretKey, AlgorithmParameterSpec parameterSpec) {
 		try {
 			if (parameterSpec != null) {
 				cipher.init(mode, secretKey, parameterSpec);
@@ -130,7 +130,7 @@ final class CipherUtils {
 	 * Invokes the Cipher to perform encryption or decryption (depending on the
 	 * initialized mode).
 	 */
-	public static byte[] doFinal(Cipher cipher, byte[] input) {
+	static byte[] doFinal(Cipher cipher, byte[] input) {
 		try {
 			return cipher.doFinal(input);
 		}
diff --git a/crypto/src/main/java/org/springframework/security/crypto/password/Digester.java b/crypto/src/main/java/org/springframework/security/crypto/password/Digester.java
index 3ef2c768fb..e7c8dffd3c 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/password/Digester.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/password/Digester.java
@@ -46,7 +46,7 @@ final class Digester {
 		setIterations(iterations);
 	}
 
-	public byte[] digest(byte[] value) {
+	byte[] digest(byte[] value) {
 		MessageDigest messageDigest = createDigest(this.algorithm);
 		for (int i = 0; i < this.iterations; i++) {
 			value = messageDigest.digest(value);
diff --git a/crypto/src/main/java/org/springframework/security/crypto/password/Md4.java b/crypto/src/main/java/org/springframework/security/crypto/password/Md4.java
index ee43131e79..29511f2358 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/password/Md4.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/password/Md4.java
@@ -42,7 +42,7 @@ class Md4 {
 		reset();
 	}
 
-	public void reset() {
+	void reset() {
 		this.bufferOffset = 0;
 		this.byteCount = 0;
 		this.state[0] = 0x67452301;
@@ -51,7 +51,7 @@ class Md4 {
 		this.state[3] = 0x10325476;
 	}
 
-	public byte[] digest() {
+	byte[] digest() {
 		byte[] resBuf = new byte[HASH_SIZE];
 		digest(resBuf, 0, HASH_SIZE);
 		return resBuf;
@@ -90,7 +90,7 @@ class Md4 {
 		digest(buffer, offset);
 	}
 
-	public void update(byte[] input, int offset, int length) {
+	void update(byte[] input, int offset, int length) {
 		this.byteCount += length;
 		int todo;
 		while (length >= (todo = BLOCK_SIZE - this.bufferOffset)) {
diff --git a/etc/checkstyle/checkstyle-suppressions.xml b/etc/checkstyle/checkstyle-suppressions.xml
index d36fa62d5a..1a11e02cca 100644
--- a/etc/checkstyle/checkstyle-suppressions.xml
+++ b/etc/checkstyle/checkstyle-suppressions.xml
@@ -3,7 +3,6 @@
 		"-//Checkstyle//DTD SuppressionFilter Configuration 1.2//EN"
 		"https://checkstyle.org/dtds/suppressions_1_2.dtd">
 <suppressions>
-	<suppress files=".*" checks="SpringMethodVisibility" />
 	<suppress files=".*" checks="SpringTernary" />
 	<suppress files=".*" checks="WhitespaceAfter" />
 	<suppress files=".*" checks="WhitespaceAround" />
@@ -32,4 +31,25 @@
 	<suppress files="BearerTokenErrorCodes\.java" checks="InterfaceIsType"/>
 	<suppress files="OAuth2IntrospectionClaimNames\.java" checks="InterfaceIsType"/>
 	<suppress files="Saml2ErrorCodes\.java" checks="InterfaceIsType"/>
+
+	<!-- Method Visibility that we can't reduce -->
+	<suppress files="AbstractAclVoterTests\.java" checks="SpringMethodVisibility"/>
+	<suppress files="AbstractSecurityWebSocketMessageBrokerConfigurerTests\.java" checks="SpringMethodVisibility"/>
+	<suppress files="AnnotationParameterNameDiscovererTests\.java" checks="SpringMethodVisibility"/>
+	<suppress files="AnnotationSecurityAspectTests\.java" checks="SpringMethodVisibility"/>
+	<suppress files="AuthenticationPrincipalArgumentResolverTests\.java" checks="SpringMethodVisibility"/>
+	<suppress files="ELRequestMatcherContext\.java" checks="SpringMethodVisibility"/>
+	<suppress files="EnableWebFluxSecurityTests\.java" checks="SpringMethodVisibility"/>
+	<suppress files="ExpressionBasedPreInvocationAdviceTests\.java" checks="SpringMethodVisibility"/>
+	<suppress files="ExpressionUrlAuthorizationConfigurerTests\.java" checks="SpringMethodVisibility"/>
+	<suppress files="Jsr250MethodSecurityMetadataSourceTests\.java" checks="SpringMethodVisibility"/>
+	<suppress files="MapBasedMethodSecurityMetadataSourceTests\.java" checks="SpringMethodVisibility"/>
+	<suppress files="OAuth2ResourceServerBeanDefinitionParserTests\.java" checks="SpringMethodVisibility"/>
+	<suppress files="ObjectIdentityImplTests\.java" checks="SpringMethodVisibility"/>
+	<suppress files="ObjectIdentityRetrievalStrategyImplTests\.java" checks="SpringMethodVisibility"/>
+	<suppress files="ProtectPointcutPostProcessor\.java" checks="SpringMethodVisibility"/>
+	<suppress files="ReactiveMethodSecurityConfigurationTests" checks="SpringMethodVisibility"/>
+	<suppress files="WebSocketMessageBrokerConfigTests\.java" checks="SpringMethodVisibility"/>
+	<suppress files="WebSecurityConfigurationTests\.java" checks="SpringMethodVisibility"/>
+	<suppress files="WithSecurityContextTestExecutionListenerTests\.java" checks="SpringMethodVisibility"/>
 </suppressions>
diff --git a/ldap/src/main/java/org/springframework/security/ldap/LdapEncoder.java b/ldap/src/main/java/org/springframework/security/ldap/LdapEncoder.java
index af2f1f1a36..5727f668af 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/LdapEncoder.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/LdapEncoder.java
@@ -95,7 +95,7 @@ final class LdapEncoder {
 	 * @param value the value to escape.
 	 * @return a properly escaped representation of the supplied value.
 	 */
-	public static String filterEncode(String value) {
+	static String filterEncode(String value) {
 
 		if (value == null) {
 			return null;
@@ -140,7 +140,7 @@ final class LdapEncoder {
 	 * @param value the value to escape.
 	 * @return The escaped value.
 	 */
-	public static String nameEncode(String value) {
+	static String nameEncode(String value) {
 
 		if (value == null) {
 			return null;
@@ -187,7 +187,7 @@ final class LdapEncoder {
 	 * @return The decoded value as a string.
 	 * @throws BadLdapGrammarException
 	 */
-	public static String nameDecode(String value) throws BadLdapGrammarException {
+	static String nameDecode(String value) throws BadLdapGrammarException {
 
 		if (value == null) {
 			return null;
diff --git a/ldap/src/main/java/org/springframework/security/ldap/authentication/LdapEncoder.java b/ldap/src/main/java/org/springframework/security/ldap/authentication/LdapEncoder.java
index dc439704bf..ae6d6c67c7 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/authentication/LdapEncoder.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/authentication/LdapEncoder.java
@@ -95,7 +95,7 @@ final class LdapEncoder {
 	 * @param value the value to escape.
 	 * @return a properly escaped representation of the supplied value.
 	 */
-	public static String filterEncode(String value) {
+	static String filterEncode(String value) {
 
 		if (value == null) {
 			return null;
@@ -140,7 +140,7 @@ final class LdapEncoder {
 	 * @param value the value to escape.
 	 * @return The escaped value.
 	 */
-	public static String nameEncode(String value) {
+	static String nameEncode(String value) {
 
 		if (value == null) {
 			return null;
@@ -187,7 +187,7 @@ final class LdapEncoder {
 	 * @return The decoded value as a string.
 	 * @throws BadLdapGrammarException
 	 */
-	public static String nameDecode(String value) throws BadLdapGrammarException {
+	static String nameDecode(String value) throws BadLdapGrammarException {
 
 		if (value == null) {
 			return null;
diff --git a/messaging/src/main/java/org/springframework/security/messaging/util/matcher/AbstractMessageMatcherComposite.java b/messaging/src/main/java/org/springframework/security/messaging/util/matcher/AbstractMessageMatcherComposite.java
index aae2465ed5..fc1ca1f2c0 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/util/matcher/AbstractMessageMatcherComposite.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/util/matcher/AbstractMessageMatcherComposite.java
@@ -29,7 +29,7 @@ import org.springframework.util.Assert;
  *
  * @since 4.0
  */
-abstract class AbstractMessageMatcherComposite<T> implements MessageMatcher<T> {
+public abstract class AbstractMessageMatcherComposite<T> implements MessageMatcher<T> {
 
 	protected final Log LOGGER = LogFactory.getLog(getClass());
 
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/AbstractWebClientReactiveOAuth2AccessTokenResponseClient.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/AbstractWebClientReactiveOAuth2AccessTokenResponseClient.java
index 70e0695c05..27b49841c2 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/AbstractWebClientReactiveOAuth2AccessTokenResponseClient.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/AbstractWebClientReactiveOAuth2AccessTokenResponseClient.java
@@ -57,11 +57,14 @@ import org.springframework.web.reactive.function.client.WebClient;
  * @see WebClientReactivePasswordTokenResponseClient
  * @see WebClientReactiveRefreshTokenTokenResponseClient
  */
-abstract class AbstractWebClientReactiveOAuth2AccessTokenResponseClient<T extends AbstractOAuth2AuthorizationGrantRequest>
+public abstract class AbstractWebClientReactiveOAuth2AccessTokenResponseClient<T extends AbstractOAuth2AuthorizationGrantRequest>
 		implements ReactiveOAuth2AccessTokenResponseClient<T> {
 
 	private WebClient webClient = WebClient.builder().build();
 
+	AbstractWebClientReactiveOAuth2AccessTokenResponseClient() {
+	}
+
 	@Override
 	public Mono<OAuth2AccessTokenResponse> getTokenResponse(T grantRequest) {
 		Assert.notNull(grantRequest, "grantRequest cannot be null");
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveRemoteJWKSource.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveRemoteJWKSource.java
index 8ee61a32f8..28b4640b68 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveRemoteJWKSource.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveRemoteJWKSource.java
@@ -129,7 +129,7 @@ class ReactiveRemoteJWKSource implements ReactiveJWKSource {
 		return null; // No kid in matcher
 	}
 
-	public void setWebClient(WebClient webClient) {
+	void setWebClient(WebClient webClient) {
 		this.webClient = webClient;
 	}
 
diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/core/PayloadSocketAcceptor.java b/rsocket/src/main/java/org/springframework/security/rsocket/core/PayloadSocketAcceptor.java
index 9809fa788e..71e4383b50 100644
--- a/rsocket/src/main/java/org/springframework/security/rsocket/core/PayloadSocketAcceptor.java
+++ b/rsocket/src/main/java/org/springframework/security/rsocket/core/PayloadSocketAcceptor.java
@@ -93,11 +93,11 @@ class PayloadSocketAcceptor implements SocketAcceptor {
 		return StringUtils.hasText(str) ? MimeTypeUtils.parseMimeType(str) : defaultMimeType;
 	}
 
-	public void setDefaultDataMimeType(@Nullable MimeType defaultDataMimeType) {
+	void setDefaultDataMimeType(@Nullable MimeType defaultDataMimeType) {
 		this.defaultDataMimeType = defaultDataMimeType;
 	}
 
-	public void setDefaultMetadataMimeType(MimeType defaultMetadataMimeType) {
+	void setDefaultMetadataMimeType(MimeType defaultMetadataMimeType) {
 		Assert.notNull(defaultMetadataMimeType, "defaultMetadataMimeType cannot be null");
 		this.defaultMetadataMimeType = defaultMetadataMimeType;
 	}
diff --git a/rsocket/src/test/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadInterceptorChain.java b/rsocket/src/test/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadInterceptorChain.java
index c68cce9196..e1effd435f 100644
--- a/rsocket/src/test/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadInterceptorChain.java
+++ b/rsocket/src/test/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadInterceptorChain.java
@@ -37,11 +37,11 @@ class AuthenticationPayloadInterceptorChain implements PayloadInterceptorChain {
 				.doOnNext((a) -> this.setAuthentication(a)).then();
 	}
 
-	public Authentication getAuthentication() {
+	Authentication getAuthentication() {
 		return this.authentication;
 	}
 
-	public void setAuthentication(Authentication authentication) {
+	void setAuthentication(Authentication authentication) {
 		this.authentication = authentication;
 	}
 
diff --git a/rsocket/src/test/java/org/springframework/security/rsocket/core/CaptureSecurityContextSocketAcceptor.java b/rsocket/src/test/java/org/springframework/security/rsocket/core/CaptureSecurityContextSocketAcceptor.java
index 6c6e25e608..b8e54b7aa0 100644
--- a/rsocket/src/test/java/org/springframework/security/rsocket/core/CaptureSecurityContextSocketAcceptor.java
+++ b/rsocket/src/test/java/org/springframework/security/rsocket/core/CaptureSecurityContextSocketAcceptor.java
@@ -46,7 +46,7 @@ class CaptureSecurityContextSocketAcceptor implements SocketAcceptor {
 				.doOnNext((securityContext) -> this.securityContext = securityContext).thenReturn(this.accept);
 	}
 
-	public SecurityContext getSecurityContext() {
+	SecurityContext getSecurityContext() {
 		return this.securityContext;
 	}
 
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/AbstractSaml2AuthenticationRequest.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/AbstractSaml2AuthenticationRequest.java
index 49884728bc..028ecd6bae 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/AbstractSaml2AuthenticationRequest.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/AbstractSaml2AuthenticationRequest.java
@@ -34,7 +34,7 @@ import org.springframework.util.Assert;
  * @see Saml2AuthenticationRequestFactory#createPostAuthenticationRequest(Saml2AuthenticationRequestContext)
  * @see Saml2AuthenticationRequestFactory#createRedirectAuthenticationRequest(Saml2AuthenticationRequestContext)
  */
-abstract class AbstractSaml2AuthenticationRequest {
+public abstract class AbstractSaml2AuthenticationRequest {
 
 	private final String samlRequest;
 
@@ -96,7 +96,7 @@ abstract class AbstractSaml2AuthenticationRequest {
 	/**
 	 * A builder for {@link AbstractSaml2AuthenticationRequest} and its subclasses.
 	 */
-	static class Builder<T extends Builder<T>> {
+	public static class Builder<T extends Builder<T>> {
 
 		String authenticationRequestUri;
 
diff --git a/taglibs/src/test/java/org/springframework/security/taglibs/authz/AuthenticationTagTests.java b/taglibs/src/test/java/org/springframework/security/taglibs/authz/AuthenticationTagTests.java
index 09ee82c7dd..779d9e340e 100644
--- a/taglibs/src/test/java/org/springframework/security/taglibs/authz/AuthenticationTagTests.java
+++ b/taglibs/src/test/java/org/springframework/security/taglibs/authz/AuthenticationTagTests.java
@@ -144,7 +144,7 @@ public class AuthenticationTagTests {
 
 		String lastMessage = null;
 
-		public String getLastMessage() {
+		String getLastMessage() {
 			return this.lastMessage;
 		}
 
diff --git a/test/src/main/java/org/springframework/security/test/context/support/WithSecurityContextTestExecutionListener.java b/test/src/main/java/org/springframework/security/test/context/support/WithSecurityContextTestExecutionListener.java
index 439c0519b2..0a5bb40de4 100644
--- a/test/src/main/java/org/springframework/security/test/context/support/WithSecurityContextTestExecutionListener.java
+++ b/test/src/main/java/org/springframework/security/test/context/support/WithSecurityContextTestExecutionListener.java
@@ -186,11 +186,11 @@ public class WithSecurityContextTestExecutionListener extends AbstractTestExecut
 			this.testExecutionEvent = testExecutionEvent;
 		}
 
-		public Supplier<SecurityContext> getSecurityContextSupplier() {
+		Supplier<SecurityContext> getSecurityContextSupplier() {
 			return this.securityContextSupplier;
 		}
 
-		public TestExecutionEvent getTestExecutionEvent() {
+		TestExecutionEvent getTestExecutionEvent() {
 			return this.testExecutionEvent;
 		}
 
diff --git a/test/src/main/java/org/springframework/security/test/context/support/WithUserDetailsSecurityContextFactory.java b/test/src/main/java/org/springframework/security/test/context/support/WithUserDetailsSecurityContextFactory.java
index 68a26d123a..3816316ab1 100644
--- a/test/src/main/java/org/springframework/security/test/context/support/WithUserDetailsSecurityContextFactory.java
+++ b/test/src/main/java/org/springframework/security/test/context/support/WithUserDetailsSecurityContextFactory.java
@@ -77,7 +77,7 @@ final class WithUserDetailsSecurityContextFactory implements WithSecurityContext
 				: this.beans.getBean(UserDetailsService.class);
 	}
 
-	public UserDetailsService findAndAdaptReactiveUserDetailsService(String beanName) {
+	UserDetailsService findAndAdaptReactiveUserDetailsService(String beanName) {
 		try {
 			ReactiveUserDetailsService reactiveUserDetailsService = StringUtils.hasLength(beanName)
 					? this.beans.getBean(beanName, ReactiveUserDetailsService.class)
diff --git a/test/src/main/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurers.java b/test/src/main/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurers.java
index 49fe636a7c..98375bc6ee 100644
--- a/test/src/main/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurers.java
+++ b/test/src/main/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurers.java
@@ -1178,11 +1178,11 @@ public final class SecurityMockServerConfigurers {
 				}
 			}
 
-			public static void enable(ServerWebExchange exchange) {
+			static void enable(ServerWebExchange exchange) {
 				exchange.getAttributes().put(ENABLED_ATTR_NAME, Boolean.TRUE);
 			}
 
-			public boolean isEnabled(ServerWebExchange exchange) {
+			boolean isEnabled(ServerWebExchange exchange) {
 				return Boolean.TRUE.equals(exchange.getAttribute(ENABLED_ATTR_NAME));
 			}
 
@@ -1204,8 +1204,7 @@ public final class SecurityMockServerConfigurers {
 			 * @return the {@link ReactiveOAuth2AuthorizedClientManager} for the specified
 			 * {@link ServerWebExchange}
 			 */
-			public static ReactiveOAuth2AuthorizedClientManager getOAuth2AuthorizedClientManager(
-					ServerWebExchange exchange) {
+			static ReactiveOAuth2AuthorizedClientManager getOAuth2AuthorizedClientManager(ServerWebExchange exchange) {
 				OAuth2AuthorizedClientArgumentResolver resolver = findResolver(exchange,
 						OAuth2AuthorizedClientArgumentResolver.class);
 				if (resolver == null) {
@@ -1223,7 +1222,7 @@ public final class SecurityMockServerConfigurers {
 			 * {@link ReactiveOAuth2AuthorizedClientManager}
 			 * @param manager the {@link ReactiveOAuth2AuthorizedClientManager} to set
 			 */
-			public static void setOAuth2AuthorizedClientManager(ServerWebExchange exchange,
+			static void setOAuth2AuthorizedClientManager(ServerWebExchange exchange,
 					ReactiveOAuth2AuthorizedClientManager manager) {
 				OAuth2AuthorizedClientArgumentResolver resolver = findResolver(exchange,
 						OAuth2AuthorizedClientArgumentResolver.class);
diff --git a/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessors.java b/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessors.java
index d39845c055..846bc223c0 100644
--- a/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessors.java
+++ b/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessors.java
@@ -568,11 +568,11 @@ public final class SecurityMockMvcRequestPostProcessors {
 				}
 			}
 
-			public static void enable(HttpServletRequest request) {
+			static void enable(HttpServletRequest request) {
 				request.setAttribute(ENABLED_ATTR_NAME, Boolean.TRUE);
 			}
 
-			public boolean isEnabled(HttpServletRequest request) {
+			boolean isEnabled(HttpServletRequest request) {
 				return Boolean.TRUE.equals(request.getAttribute(ENABLED_ATTR_NAME));
 			}
 
@@ -1659,11 +1659,11 @@ public final class SecurityMockMvcRequestPostProcessors {
 				}
 			}
 
-			public static void enable(HttpServletRequest request) {
+			static void enable(HttpServletRequest request) {
 				request.setAttribute(ENABLED_ATTR_NAME, Boolean.TRUE);
 			}
 
-			public boolean isEnabled(HttpServletRequest request) {
+			boolean isEnabled(HttpServletRequest request) {
 				return Boolean.TRUE.equals(request.getAttribute(ENABLED_ATTR_NAME));
 			}
 
@@ -1673,6 +1673,9 @@ public final class SecurityMockMvcRequestPostProcessors {
 
 			private static final OAuth2AuthorizedClientRepository DEFAULT_CLIENT_REPO = new HttpSessionOAuth2AuthorizedClientRepository();
 
+			private OAuth2ClientServletTestUtils() {
+			}
+
 			/**
 			 * Gets the {@link OAuth2AuthorizedClientManager} for the specified
 			 * {@link HttpServletRequest}. If one is not found, one based off of
@@ -1682,7 +1685,7 @@ public final class SecurityMockMvcRequestPostProcessors {
 			 * @return the {@link OAuth2AuthorizedClientManager} for the specified
 			 * {@link HttpServletRequest}
 			 */
-			public static OAuth2AuthorizedClientManager getOAuth2AuthorizedClientManager(HttpServletRequest request) {
+			static OAuth2AuthorizedClientManager getOAuth2AuthorizedClientManager(HttpServletRequest request) {
 				OAuth2AuthorizedClientArgumentResolver resolver = findResolver(request,
 						OAuth2AuthorizedClientArgumentResolver.class);
 				if (resolver == null) {
@@ -1700,7 +1703,7 @@ public final class SecurityMockMvcRequestPostProcessors {
 			 * {@link OAuth2AuthorizedClientManager}
 			 * @param manager the {@link OAuth2AuthorizedClientManager} to set
 			 */
-			public static void setOAuth2AuthorizedClientManager(HttpServletRequest request,
+			static void setOAuth2AuthorizedClientManager(HttpServletRequest request,
 					OAuth2AuthorizedClientManager manager) {
 				OAuth2AuthorizedClientArgumentResolver resolver = findResolver(request,
 						OAuth2AuthorizedClientArgumentResolver.class);
@@ -1755,9 +1758,6 @@ public final class SecurityMockMvcRequestPostProcessors {
 
 			}
 
-			private OAuth2ClientServletTestUtils() {
-			}
-
 		}
 
 	}
diff --git a/test/src/test/java/org/springframework/security/test/context/showcase/WithMockUserParentTests.java b/test/src/test/java/org/springframework/security/test/context/showcase/WithMockUserParentTests.java
index a2d8f83802..d7294d510f 100644
--- a/test/src/test/java/org/springframework/security/test/context/showcase/WithMockUserParentTests.java
+++ b/test/src/test/java/org/springframework/security/test/context/showcase/WithMockUserParentTests.java
@@ -51,7 +51,7 @@ public class WithMockUserParentTests extends WithMockUserParent {
 	static class Config {
 
 		@Autowired
-		public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
+		void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
 			// @formatter:off
 			auth
 				.inMemoryAuthentication()
diff --git a/test/src/test/java/org/springframework/security/test/context/showcase/WithMockUserTests.java b/test/src/test/java/org/springframework/security/test/context/showcase/WithMockUserTests.java
index e857ea9f72..f4655f8718 100644
--- a/test/src/test/java/org/springframework/security/test/context/showcase/WithMockUserTests.java
+++ b/test/src/test/java/org/springframework/security/test/context/showcase/WithMockUserTests.java
@@ -81,7 +81,7 @@ public class WithMockUserTests {
 	static class Config {
 
 		@Autowired
-		public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
+		void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
 			// @formatter:off
 			auth
 				.inMemoryAuthentication()
diff --git a/test/src/test/java/org/springframework/security/test/context/showcase/WithUserDetailsTests.java b/test/src/test/java/org/springframework/security/test/context/showcase/WithUserDetailsTests.java
index 1d9a341753..d279434416 100644
--- a/test/src/test/java/org/springframework/security/test/context/showcase/WithUserDetailsTests.java
+++ b/test/src/test/java/org/springframework/security/test/context/showcase/WithUserDetailsTests.java
@@ -86,15 +86,12 @@ public class WithUserDetailsTests {
 	static class Config {
 
 		@Autowired
-		public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
-			// @formatter:off
-			auth
-					.userDetailsService(myUserDetailsService());
-			// @formatter:on
+		void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
+			auth.userDetailsService(myUserDetailsService());
 		}
 
 		@Bean
-		public UserDetailsService myUserDetailsService() {
+		UserDetailsService myUserDetailsService() {
 			return new CustomUserDetailsService();
 		}
 
diff --git a/test/src/test/java/org/springframework/security/test/context/support/WithSecurityContextTestExcecutionListenerTests.java b/test/src/test/java/org/springframework/security/test/context/support/WithSecurityContextTestExcecutionListenerTests.java
index a9caddfbce..975b8b1ba2 100644
--- a/test/src/test/java/org/springframework/security/test/context/support/WithSecurityContextTestExcecutionListenerTests.java
+++ b/test/src/test/java/org/springframework/security/test/context/support/WithSecurityContextTestExcecutionListenerTests.java
@@ -163,12 +163,11 @@ public class WithSecurityContextTestExcecutionListenerTests {
 
 	static class FakeTest {
 
-		public void testNoAnnotation() {
+		void testNoAnnotation() {
 		}
 
 		@WithMockUser
-		public void testWithMockUser() {
-
+		void testWithMockUser() {
 		}
 
 	}
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/Sec2935Tests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/Sec2935Tests.java
index 7ba8965bc4..397f04b404 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/Sec2935Tests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/Sec2935Tests.java
@@ -133,7 +133,7 @@ public class Sec2935Tests {
 		}
 
 		@Autowired
-		public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
+		void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
 			auth.inMemoryAuthentication();
 		}
 
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsAuthenticationStatelessTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsAuthenticationStatelessTests.java
index c98a92bd03..63e7b6c177 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsAuthenticationStatelessTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsAuthenticationStatelessTests.java
@@ -85,7 +85,7 @@ public class SecurityMockMvcRequestPostProcessorsAuthenticationStatelessTests {
 		}
 
 		@Autowired
-		public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
+		void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
 			// @formatter:off
 			auth
 				.inMemoryAuthentication();
@@ -96,7 +96,7 @@ public class SecurityMockMvcRequestPostProcessorsAuthenticationStatelessTests {
 		static class Controller {
 
 			@RequestMapping
-			public String hello() {
+			String hello() {
 				return "Hello";
 			}
 
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsTestSecurityContextStatelessTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsTestSecurityContextStatelessTests.java
index 7aa1d6e944..2ed0a2ffc7 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsTestSecurityContextStatelessTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsTestSecurityContextStatelessTests.java
@@ -83,18 +83,15 @@ public class SecurityMockMvcRequestPostProcessorsTestSecurityContextStatelessTes
 		}
 
 		@Autowired
-		public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
-			// @formatter:off
-			auth
-				.inMemoryAuthentication();
-			// @formatter:on
+		void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
+			auth.inMemoryAuthentication();
 		}
 
 		@RestController
 		static class Controller {
 
 			@RequestMapping
-			public String hello() {
+			String hello() {
 				return "Hello";
 			}
 
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/response/SecurityMockMvcResultMatchersTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/response/SecurityMockMvcResultMatchersTests.java
index c789869b03..3441b8cbe8 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/response/SecurityMockMvcResultMatchersTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/response/SecurityMockMvcResultMatchersTests.java
@@ -113,7 +113,7 @@ public class SecurityMockMvcResultMatchersTests {
 		static class Controller {
 
 			@RequestMapping("/")
-			public String ok() {
+			String ok() {
 				return "ok";
 			}
 
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/response/SecurityMockWithAuthoritiesMvcResultMatchersTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/response/SecurityMockWithAuthoritiesMvcResultMatchersTests.java
index 7f458d3970..82335524fb 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/response/SecurityMockWithAuthoritiesMvcResultMatchersTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/response/SecurityMockWithAuthoritiesMvcResultMatchersTests.java
@@ -93,7 +93,7 @@ public class SecurityMockWithAuthoritiesMvcResultMatchersTests {
 		static class Controller {
 
 			@RequestMapping("/")
-			public String ok() {
+			String ok() {
 				return "ok";
 			}
 
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/CsrfShowcaseTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/CsrfShowcaseTests.java
index 69f5891d30..92a9e392ae 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/CsrfShowcaseTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/CsrfShowcaseTests.java
@@ -78,7 +78,7 @@ public class CsrfShowcaseTests {
 		}
 
 		@Autowired
-		public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
+		void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
 			// @formatter:off
 			auth
 				.inMemoryAuthentication()
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/CustomCsrfShowcaseTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/CustomCsrfShowcaseTests.java
index c833a36aae..c0382f7eaa 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/CustomCsrfShowcaseTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/CustomCsrfShowcaseTests.java
@@ -86,7 +86,7 @@ public class CustomCsrfShowcaseTests {
 		}
 
 		@Autowired
-		public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
+		void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
 			// @formatter:off
 			auth
 				.inMemoryAuthentication()
@@ -95,7 +95,7 @@ public class CustomCsrfShowcaseTests {
 		}
 
 		@Bean
-		public CsrfTokenRepository repo() {
+		CsrfTokenRepository repo() {
 			HttpSessionCsrfTokenRepository repo = new HttpSessionCsrfTokenRepository();
 			repo.setParameterName("custom_csrf");
 			return repo;
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/DefaultCsrfShowcaseTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/DefaultCsrfShowcaseTests.java
index a5807986f5..136852f546 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/DefaultCsrfShowcaseTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/DefaultCsrfShowcaseTests.java
@@ -75,7 +75,7 @@ public class DefaultCsrfShowcaseTests {
 		}
 
 		@Autowired
-		public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
+		void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
 			// @formatter:off
 			auth
 				.inMemoryAuthentication()
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomConfigAuthenticationTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomConfigAuthenticationTests.java
index ee3c177e55..ecc20e3f92 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomConfigAuthenticationTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomConfigAuthenticationTests.java
@@ -117,7 +117,7 @@ public class CustomConfigAuthenticationTests {
 		// @formatter:on
 
 		@Bean
-		public SecurityContextRepository securityContextRepository() {
+		SecurityContextRepository securityContextRepository() {
 			HttpSessionSecurityContextRepository repo = new HttpSessionSecurityContextRepository();
 			repo.setSpringSecurityContextKey("CUSTOM");
 			return repo;
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/DefaultfSecurityRequestsTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/DefaultfSecurityRequestsTests.java
index 60494ca3fe..591042179d 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/DefaultfSecurityRequestsTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/DefaultfSecurityRequestsTests.java
@@ -101,7 +101,7 @@ public class DefaultfSecurityRequestsTests {
 		}
 
 		@Autowired
-		public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
+		void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
 			// @formatter:off
 			auth
 				.inMemoryAuthentication()
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/SecurityRequestsTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/SecurityRequestsTests.java
index bfc31612c8..71f1947496 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/SecurityRequestsTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/SecurityRequestsTests.java
@@ -118,7 +118,7 @@ public class SecurityRequestsTests {
 		}
 
 		@Autowired
-		public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
+		void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
 			// @formatter:off
 			auth
 				.inMemoryAuthentication()
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserAuthenticationTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserAuthenticationTests.java
index d841c86e25..e95bdd1816 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserAuthenticationTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserAuthenticationTests.java
@@ -102,7 +102,7 @@ public class WithUserAuthenticationTests {
 		}
 
 		@Autowired
-		public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
+		void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
 			// @formatter:off
 			auth
 				.inMemoryAuthentication()
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserClassLevelAuthenticationTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserClassLevelAuthenticationTests.java
index 59c010b741..d9906782c0 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserClassLevelAuthenticationTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserClassLevelAuthenticationTests.java
@@ -102,7 +102,7 @@ public class WithUserClassLevelAuthenticationTests {
 		}
 
 		@Autowired
-		public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
+		void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
 			// @formatter:off
 			auth
 				.inMemoryAuthentication()
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserDetailsAuthenticationTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserDetailsAuthenticationTests.java
index 3bcf82c0ff..eda6e95166 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserDetailsAuthenticationTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserDetailsAuthenticationTests.java
@@ -99,7 +99,7 @@ public class WithUserDetailsAuthenticationTests {
 		}
 
 		@Autowired
-		public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
+		void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
 			// @formatter:off
 			auth
 				.inMemoryAuthentication()
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserDetailsClassLevelAuthenticationTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserDetailsClassLevelAuthenticationTests.java
index 761950e47a..0fb8741231 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserDetailsClassLevelAuthenticationTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserDetailsClassLevelAuthenticationTests.java
@@ -98,7 +98,7 @@ public class WithUserDetailsClassLevelAuthenticationTests {
 		}
 
 		@Autowired
-		public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
+		void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
 			// @formatter:off
 			auth
 				.inMemoryAuthentication()
diff --git a/web/src/main/java/org/springframework/security/web/FilterInvocation.java b/web/src/main/java/org/springframework/security/web/FilterInvocation.java
index 56037c47ac..5a0f90ab87 100644
--- a/web/src/main/java/org/springframework/security/web/FilterInvocation.java
+++ b/web/src/main/java/org/springframework/security/web/FilterInvocation.java
@@ -176,11 +176,11 @@ public class FilterInvocation {
 			return null;
 		}
 
-		public void setRequestURI(String requestURI) {
+		void setRequestURI(String requestURI) {
 			this.requestURI = requestURI;
 		}
 
-		public void setPathInfo(String pathInfo) {
+		void setPathInfo(String pathInfo) {
 			this.pathInfo = pathInfo;
 		}
 
@@ -189,7 +189,7 @@ public class FilterInvocation {
 			return this.requestURI;
 		}
 
-		public void setContextPath(String contextPath) {
+		void setContextPath(String contextPath) {
 			this.contextPath = contextPath;
 		}
 
@@ -198,7 +198,7 @@ public class FilterInvocation {
 			return this.contextPath;
 		}
 
-		public void setServletPath(String servletPath) {
+		void setServletPath(String servletPath) {
 			this.servletPath = servletPath;
 		}
 
@@ -207,7 +207,7 @@ public class FilterInvocation {
 			return this.servletPath;
 		}
 
-		public void setMethod(String method) {
+		void setMethod(String method) {
 			this.method = method;
 		}
 
@@ -226,7 +226,7 @@ public class FilterInvocation {
 			return this.queryString;
 		}
 
-		public void setQueryString(String queryString) {
+		void setQueryString(String queryString) {
 			this.queryString = queryString;
 		}
 
@@ -261,7 +261,7 @@ public class FilterInvocation {
 			}
 		}
 
-		public void addHeader(String name, String value) {
+		void addHeader(String name, String value) {
 			this.headers.add(name, value);
 		}
 
@@ -286,7 +286,7 @@ public class FilterInvocation {
 			return this.parameters.get(name);
 		}
 
-		public void setParameter(String name, String... values) {
+		void setParameter(String name, String... values) {
 			this.parameters.put(name, values);
 		}
 
diff --git a/web/src/main/java/org/springframework/security/web/authentication/session/AbstractSessionFixationProtectionStrategy.java b/web/src/main/java/org/springframework/security/web/authentication/session/AbstractSessionFixationProtectionStrategy.java
index 8e26c5f0c2..5ff51a6131 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/session/AbstractSessionFixationProtectionStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/session/AbstractSessionFixationProtectionStrategy.java
@@ -36,7 +36,7 @@ import org.springframework.web.util.WebUtils;
  * @author Rob Winch
  * @since 3.2
  */
-abstract class AbstractSessionFixationProtectionStrategy
+public abstract class AbstractSessionFixationProtectionStrategy
 		implements SessionAuthenticationStrategy, ApplicationEventPublisherAware {
 
 	protected final Log logger = LogFactory.getLog(this.getClass());
@@ -53,6 +53,9 @@ abstract class AbstractSessionFixationProtectionStrategy
 	 */
 	private boolean alwaysCreateSession;
 
+	AbstractSessionFixationProtectionStrategy() {
+	}
+
 	/**
 	 * Called when a user is newly authenticated.
 	 * <p>
diff --git a/web/src/main/java/org/springframework/security/web/debug/Logger.java b/web/src/main/java/org/springframework/security/web/debug/Logger.java
index 1f178a1169..4fc51b4225 100644
--- a/web/src/main/java/org/springframework/security/web/debug/Logger.java
+++ b/web/src/main/java/org/springframework/security/web/debug/Logger.java
@@ -32,11 +32,11 @@ final class Logger {
 
 	private static final Log logger = LogFactory.getLog("Spring Security Debugger");
 
-	public void info(String message) {
+	void info(String message) {
 		info(message, false);
 	}
 
-	public void info(String message, boolean dumpStack) {
+	void info(String message, boolean dumpStack) {
 		StringBuilder output = new StringBuilder(256);
 		output.append("\n\n************************************************************\n\n");
 		output.append(message).append("\n");
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/AbstractRequestParameterAllowFromStrategy.java b/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/AbstractRequestParameterAllowFromStrategy.java
index 151ae3d1fc..0426ccdec0 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/AbstractRequestParameterAllowFromStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/AbstractRequestParameterAllowFromStrategy.java
@@ -37,7 +37,7 @@ import org.springframework.util.StringUtils;
  * directive.
  */
 @Deprecated
-abstract class AbstractRequestParameterAllowFromStrategy implements AllowFromStrategy {
+public abstract class AbstractRequestParameterAllowFromStrategy implements AllowFromStrategy {
 
 	private static final String DEFAULT_ORIGIN_REQUEST_PARAMETER = "x-frames-allow-from";
 
@@ -46,6 +46,9 @@ abstract class AbstractRequestParameterAllowFromStrategy implements AllowFromStr
 	/** Logger for use by subclasses */
 	protected final Log log = LogFactory.getLog(getClass());
 
+	AbstractRequestParameterAllowFromStrategy() {
+	}
+
 	@Override
 	public String getAllowFromValue(HttpServletRequest request) {
 		String allowFromOrigin = request.getParameter(this.allowFromParameterName);
diff --git a/web/src/main/java/org/springframework/security/web/servletapi/HttpServlet3RequestFactory.java b/web/src/main/java/org/springframework/security/web/servletapi/HttpServlet3RequestFactory.java
index dbd06835f8..22ca477e2d 100644
--- a/web/src/main/java/org/springframework/security/web/servletapi/HttpServlet3RequestFactory.java
+++ b/web/src/main/java/org/springframework/security/web/servletapi/HttpServlet3RequestFactory.java
@@ -107,7 +107,7 @@ final class HttpServlet3RequestFactory implements HttpServletRequestFactory {
 	 * is not authenticated.
 	 */
 
-	public void setAuthenticationEntryPoint(AuthenticationEntryPoint authenticationEntryPoint) {
+	void setAuthenticationEntryPoint(AuthenticationEntryPoint authenticationEntryPoint) {
 		this.authenticationEntryPoint = authenticationEntryPoint;
 	}
 
@@ -125,7 +125,7 @@ final class HttpServlet3RequestFactory implements HttpServletRequestFactory {
 	 * @param authenticationManager the {@link AuthenticationManager} to use when invoking
 	 * {@link HttpServletRequest#login(String, String)}
 	 */
-	public void setAuthenticationManager(AuthenticationManager authenticationManager) {
+	void setAuthenticationManager(AuthenticationManager authenticationManager) {
 		this.authenticationManager = authenticationManager;
 	}
 
@@ -144,7 +144,7 @@ final class HttpServlet3RequestFactory implements HttpServletRequestFactory {
 	 * @param logoutHandlers the {@code List<LogoutHandler>}s when invoking
 	 * {@link HttpServletRequest#logout()}.
 	 */
-	public void setLogoutHandlers(List<LogoutHandler> logoutHandlers) {
+	void setLogoutHandlers(List<LogoutHandler> logoutHandlers) {
 		this.logoutHandlers = logoutHandlers;
 	}
 
@@ -154,7 +154,7 @@ final class HttpServlet3RequestFactory implements HttpServletRequestFactory {
 	 * @param trustResolver the {@link AuthenticationTrustResolver} to use. Cannot be
 	 * null.
 	 */
-	public void setTrustResolver(AuthenticationTrustResolver trustResolver) {
+	void setTrustResolver(AuthenticationTrustResolver trustResolver) {
 		Assert.notNull(trustResolver, "trustResolver cannot be null");
 		this.trustResolver = trustResolver;
 	}
diff --git a/web/src/test/java/org/springframework/security/web/authentication/DefaultLoginPageGeneratingFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/DefaultLoginPageGeneratingFilterTests.java
index ebb95ceea6..2a3293e94a 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/DefaultLoginPageGeneratingFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/DefaultLoginPageGeneratingFilterTests.java
@@ -214,7 +214,7 @@ public class DefaultLoginPageGeneratingFilterTests {
 			return null;
 		}
 
-		public String getClaimedIdentityFieldName() {
+		String getClaimedIdentityFieldName() {
 			return "unused";
 		}
 
diff --git a/web/src/test/java/org/springframework/security/web/context/request/async/WebAsyncManagerIntegrationFilterTests.java b/web/src/test/java/org/springframework/security/web/context/request/async/WebAsyncManagerIntegrationFilterTests.java
index ee0ba41e9b..2f35a7e449 100644
--- a/web/src/test/java/org/springframework/security/web/context/request/async/WebAsyncManagerIntegrationFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/context/request/async/WebAsyncManagerIntegrationFilterTests.java
@@ -137,7 +137,7 @@ public class WebAsyncManagerIntegrationFilterTests {
 			return this.t;
 		}
 
-		public void join() throws InterruptedException {
+		void join() throws InterruptedException {
 			this.t.join();
 		}
 
diff --git a/web/src/test/java/org/springframework/security/web/csrf/CsrfFilterTests.java b/web/src/test/java/org/springframework/security/web/csrf/CsrfFilterTests.java
index 01976d0555..0f3c2edc97 100644
--- a/web/src/test/java/org/springframework/security/web/csrf/CsrfFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/csrf/CsrfFilterTests.java
@@ -394,7 +394,7 @@ public class CsrfFilterTests {
 			super(actual, CsrfTokenAssert.class);
 		}
 
-		public CsrfTokenAssert isEqualTo(CsrfToken expected) {
+		CsrfTokenAssert isEqualTo(CsrfToken expected) {
 			assertThat(this.actual.getHeaderName()).isEqualTo(expected.getHeaderName());
 			assertThat(this.actual.getParameterName()).isEqualTo(expected.getParameterName());
 			assertThat(this.actual.getToken()).isEqualTo(expected.getToken());

From 834dcf5bcf989f1595464aa548bcec666ad55465 Mon Sep 17 00:00:00 2001
From: Phillip Webb <pwebb@vmware.com>
Date: Thu, 30 Jul 2020 00:31:13 -0700
Subject: [PATCH 47/84] Use consistent ternary expression style

Update all ternary expressions so that the condition is always in
parentheses and "not equals" is used in the test. This helps to bring
consistency across the codebase which makes ternary expression easier
to scan.

For example: `a = (a != null) ? a : b`

Issue gh-8945
---
 .../acls/domain/AccessControlEntryImpl.java   |  2 +-
 .../security/acls/domain/AclImpl.java         | 10 +++---
 .../CasAuthenticationToken.java               |  3 +-
 .../EhCacheBasedTicketCache.java              |  2 +-
 .../SpringCacheBasedTicketCache.java          |  4 +--
 .../config/SecurityNamespaceHandler.java      |  2 +-
 .../LdapAuthenticationProviderConfigurer.java |  4 +--
 .../web/AbstractRequestMatcherRegistry.java   |  4 +--
 .../annotation/web/builders/WebSecurity.java  |  4 +--
 .../WebSecurityConfiguration.java             |  2 +-
 .../web/configurers/JeeConfigurer.java        |  2 +-
 .../web/configurers/RememberMeConfigurer.java |  4 +--
 .../SecurityContextConfigurer.java            |  4 +--
 .../web/configurers/ServletApiConfigurer.java |  6 ++--
 .../SessionManagementConfigurer.java          |  2 +-
 .../client/ImplicitGrantConfigurer.java       |  2 +-
 .../oauth2/client/OAuth2LoginConfigurer.java  |  2 +-
 ...nvocationSecurityMetadataSourceParser.java |  4 +--
 .../http/FormLoginBeanDefinitionParser.java   |  2 +-
 .../http/HeadersBeanDefinitionParser.java     | 26 +++++++--------
 .../OAuth2ClientBeanDefinitionParser.java     |  6 ++--
 ...balMethodSecurityBeanDefinitionParser.java |  4 +--
 ...ientRegistrationsBeanDefinitionParser.java |  6 ++--
 .../config/web/server/ServerHttpSecurity.java |  4 +--
 ...ageBrokerSecurityBeanDefinitionParser.java |  4 +--
 .../OAuth2ClientConfigurationTests.java       |  4 +--
 ...OAuth2ClientBeanDefinitionParserTests.java |  2 +-
 .../OAuth2LoginBeanDefinitionParserTests.java |  2 +-
 .../server/HtmlUnitWebTestClient.java         |  2 +-
 ...tExpressionBasedMethodConfigAttribute.java |  8 ++---
 ...essionBasedAnnotationAttributeFactory.java | 17 +++++-----
 .../PostInvocationExpressionAttribute.java    |  4 +--
 .../PreInvocationExpressionAttribute.java     |  4 +--
 .../access/intercept/RunAsUserToken.java      |  2 +-
 .../AbstractMethodSecurityMetadataSource.java |  2 +-
 ...elegatingMethodSecurityMetadataSource.java |  4 +--
 ...rePostAdviceReactiveMethodInterceptor.java |  6 ++--
 ...ePostAnnotationSecurityMetadataSource.java | 10 +++---
 .../DefaultAuthenticationEventPublisher.java  |  2 +-
 .../jaas/memory/InMemoryConfiguration.java    |  2 +-
 .../rcp/RemoteAuthenticationProvider.java     |  2 +-
 .../DelegatingSecurityContextCallable.java    |  4 +--
 .../DelegatingSecurityContextRunnable.java    |  4 +--
 .../core/SpringSecurityCoreVersion.java       |  2 +-
 ...leAttributes2GrantedAuthoritiesMapper.java |  2 +-
 .../MapReactiveUserDetailsService.java        |  2 +-
 .../cache/SpringCacheBasedUserCache.java      |  2 +-
 .../security/util/SimpleMethodInvocation.java |  2 +-
 .../crypto/bcrypt/BCryptPasswordEncoder.java  |  2 +-
 .../security/crypto/codec/Base64.java         | 12 ++++---
 .../crypto/encrypt/AesBytesEncryptor.java     | 10 +++---
 .../BouncyCastleAesCbcBytesEncryptor.java     |  2 +-
 .../BouncyCastleAesGcmBytesEncryptor.java     |  2 +-
 .../password/LdapShaPasswordEncoder.java      |  2 +-
 etc/checkstyle/checkstyle-suppressions.xml    |  1 -
 .../FilterChainPerformanceTests.java          |  2 +-
 .../ldap/SpringSecurityLdapTemplate.java      |  2 +-
 ...veDirectoryLdapAuthenticationProvider.java |  4 +--
 .../search/FilterBasedLdapUserSearch.java     |  2 +-
 .../ldap/userdetails/LdapAuthority.java       |  2 +-
 .../NestedLdapAuthoritiesPopulator.java       |  2 +-
 ...thenticationPrincipalArgumentResolver.java |  2 +-
 ...urrentSecurityContextArgumentResolver.java |  2 +-
 .../SimpDestinationMessageMatcher.java        |  4 +--
 .../web/csrf/CsrfChannelInterceptor.java      |  4 +--
 .../handler/invocation/ResolvableMethod.java  |  8 ++---
 ...2AuthorizationCodeAuthenticationToken.java |  2 +-
 ...sAuthorizationCodeTokenResponseClient.java |  4 +--
 .../OAuth2RefreshTokenGrantRequest.java       |  2 +-
 .../http/OAuth2ErrorResponseErrorHandler.java |  4 +--
 .../OidcReactiveOAuth2UserService.java        |  2 +-
 .../registration/ClientRegistration.java      |  2 +-
 ...ultOAuth2AuthorizationRequestResolver.java | 10 +++---
 ...ReactiveOAuth2AuthorizedClientManager.java |  2 +-
 ...nOAuth2AuthorizationRequestRepository.java |  4 +--
 ...ssionOAuth2AuthorizedClientRepository.java |  4 +--
 .../OAuth2AuthorizationCodeGrantFilter.java   |  2 +-
 ...uthorizedClientExchangeFilterFunction.java |  2 +-
 ...verOAuth2AuthorizationRequestResolver.java |  8 ++---
 ...erverOAuth2AuthorizedClientRepository.java |  4 +--
 ...uth2AuthenticationExceptionMixinTests.java |  2 +-
 .../OAuth2AuthenticationTokenMixinTests.java  |  6 ++--
 .../OAuth2AuthorizationRequestMixinTests.java |  2 +-
 .../OAuth2AuthorizedClientMixinTests.java     |  8 ++---
 .../ClientRegistrationsTests.java             |  4 +--
 ...AuthorizedClientArgumentResolverTests.java |  4 +--
 .../oauth2/core/AbstractOAuth2Token.java      | 15 +++++----
 .../DefaultOAuth2AuthenticatedPrincipal.java  |  6 ++--
 .../oauth2/core/OAuth2AccessToken.java        |  2 +-
 .../security/oauth2/core/OAuth2Error.java     |  2 +-
 .../converter/ObjectToStringConverter.java    |  2 +-
 .../endpoint/OAuth2AccessTokenResponse.java   |  5 +--
 .../oidc/DefaultAddressStandardClaim.java     | 33 ++++++++++---------
 .../core/oidc/user/OidcUserAuthority.java     |  5 +--
 ...Auth2AccessTokenResponseBodyExtractor.java |  8 ++---
 .../security/openid/OpenID4JavaConsumer.java  |  2 +-
 .../ContextPropagatingRemoteInvocation.java   |  2 +-
 .../util/matcher/PayloadExchangeMatcher.java  |  4 ++-
 .../security/saml2/core/Saml2Error.java       |  2 +-
 .../OpenSamlAuthenticationProvider.java       |  4 +--
 .../service/authentication/Saml2Error.java    |  2 +-
 .../servlet/filter/Saml2ServletUtils.java     |  8 ++---
 ...faultRelyingPartyRegistrationResolver.java |  8 ++---
 .../security/taglibs/TagLibConfig.java        |  4 +--
 ...hSecurityContextTestExecutionListener.java |  4 +--
 .../SecurityMockMvcRequestPostProcessors.java |  2 +-
 ...ckMvcRequestPostProcessorsDigestTests.java |  4 +--
 .../security/web/FilterChainProxy.java        |  2 +-
 .../security/web/FilterInvocation.java        |  4 +--
 .../channel/AbstractRetryEntryPoint.java      |  2 +-
 .../WebExpressionConfigAttribute.java         |  2 +-
 .../web/access/intercept/RequestKey.java      |  2 +-
 .../J2eePreAuthenticatedProcessingFilter.java |  2 +-
 .../AbstractRememberMeServices.java           |  4 +--
 .../TokenBasedRememberMeServices.java         |  2 +-
 .../switchuser/SwitchUserFilter.java          |  5 +--
 .../ui/DefaultLoginPageGeneratingFilter.java  |  2 +-
 .../web/csrf/CookieCsrfTokenRepository.java   |  4 +--
 .../web/firewall/DefaultHttpFirewall.java     |  2 +-
 .../web/jackson2/CookieDeserializer.java      |  6 +++-
 ...thenticationPrincipalArgumentResolver.java |  2 +-
 ...urrentSecurityContextArgumentResolver.java |  2 +-
 .../savedrequest/RequestCacheAwareFilter.java |  2 +-
 ...erverHttpBasicAuthenticationConverter.java |  2 +-
 .../csrf/CookieServerCsrfTokenRepository.java |  4 +--
 .../CookieServerRequestCache.java             |  2 +-
 .../WebSessionServerRequestCache.java         |  2 +-
 .../util/matcher/MvcRequestMatcher.java       |  2 +-
 .../web/util/OnCommittedResponseWrapper.java  |  6 ++--
 .../util/matcher/AntPathRequestMatcher.java   |  4 +--
 .../security/web/method/ResolvableMethod.java |  2 +-
 131 files changed, 277 insertions(+), 265 deletions(-)

diff --git a/acl/src/main/java/org/springframework/security/acls/domain/AccessControlEntryImpl.java b/acl/src/main/java/org/springframework/security/acls/domain/AccessControlEntryImpl.java
index 98dcc1e874..e58d3d5562 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/AccessControlEntryImpl.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/AccessControlEntryImpl.java
@@ -125,7 +125,7 @@ public class AccessControlEntryImpl implements AccessControlEntry, AuditableAcce
 	@Override
 	public int hashCode() {
 		int result = this.permission.hashCode();
-		result = 31 * result + (this.id != null ? this.id.hashCode() : 0);
+		result = 31 * result + ((this.id != null) ? this.id.hashCode() : 0);
 		result = 31 * result + (this.sid.hashCode());
 		result = 31 * result + (this.auditFailure ? 1 : 0);
 		result = 31 * result + (this.auditSuccess ? 1 : 0);
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/AclImpl.java b/acl/src/main/java/org/springframework/security/acls/domain/AclImpl.java
index 3ef40c7b47..bbba414e96 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/AclImpl.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/AclImpl.java
@@ -307,15 +307,15 @@ public class AclImpl implements Acl, MutableAcl, AuditableAcl, OwnershipAcl {
 
 	@Override
 	public int hashCode() {
-		int result = this.parentAcl != null ? this.parentAcl.hashCode() : 0;
+		int result = (this.parentAcl != null) ? this.parentAcl.hashCode() : 0;
 		result = 31 * result + this.aclAuthorizationStrategy.hashCode();
 		result = 31 * result
-				+ (this.permissionGrantingStrategy != null ? this.permissionGrantingStrategy.hashCode() : 0);
-		result = 31 * result + (this.aces != null ? this.aces.hashCode() : 0);
+				+ ((this.permissionGrantingStrategy != null) ? this.permissionGrantingStrategy.hashCode() : 0);
+		result = 31 * result + ((this.aces != null) ? this.aces.hashCode() : 0);
 		result = 31 * result + this.objectIdentity.hashCode();
 		result = 31 * result + this.id.hashCode();
-		result = 31 * result + (this.owner != null ? this.owner.hashCode() : 0);
-		result = 31 * result + (this.loadedSids != null ? this.loadedSids.hashCode() : 0);
+		result = 31 * result + ((this.owner != null) ? this.owner.hashCode() : 0);
+		result = 31 * result + ((this.loadedSids != null) ? this.loadedSids.hashCode() : 0);
 		result = 31 * result + (this.entriesInheriting ? 1 : 0);
 		return result;
 	}
diff --git a/cas/src/main/java/org/springframework/security/cas/authentication/CasAuthenticationToken.java b/cas/src/main/java/org/springframework/security/cas/authentication/CasAuthenticationToken.java
index f44403e829..1b35db4a77 100644
--- a/cas/src/main/java/org/springframework/security/cas/authentication/CasAuthenticationToken.java
+++ b/cas/src/main/java/org/springframework/security/cas/authentication/CasAuthenticationToken.java
@@ -26,6 +26,7 @@ import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.SpringSecurityCoreVersion;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.util.Assert;
+import org.springframework.util.ObjectUtils;
 
 /**
  * Represents a successful CAS <code>Authentication</code>.
@@ -141,7 +142,7 @@ public class CasAuthenticationToken extends AbstractAuthenticationToken implemen
 		result = 31 * result + this.principal.hashCode();
 		result = 31 * result + this.userDetails.hashCode();
 		result = 31 * result + this.keyHash;
-		result = 31 * result + (this.assertion != null ? this.assertion.hashCode() : 0);
+		result = 31 * result + ObjectUtils.nullSafeHashCode(this.assertion);
 		return result;
 	}
 
diff --git a/cas/src/main/java/org/springframework/security/cas/authentication/EhCacheBasedTicketCache.java b/cas/src/main/java/org/springframework/security/cas/authentication/EhCacheBasedTicketCache.java
index 4d54de1aed..68fcd3caaf 100644
--- a/cas/src/main/java/org/springframework/security/cas/authentication/EhCacheBasedTicketCache.java
+++ b/cas/src/main/java/org/springframework/security/cas/authentication/EhCacheBasedTicketCache.java
@@ -49,7 +49,7 @@ public class EhCacheBasedTicketCache implements StatelessTicketCache, Initializi
 			logger.debug("Cache hit: " + (element != null) + "; service ticket: " + serviceTicket);
 		}
 
-		return element == null ? null : (CasAuthenticationToken) element.getValue();
+		return (element != null) ? (CasAuthenticationToken) element.getValue() : null;
 	}
 
 	public Ehcache getCache() {
diff --git a/cas/src/main/java/org/springframework/security/cas/authentication/SpringCacheBasedTicketCache.java b/cas/src/main/java/org/springframework/security/cas/authentication/SpringCacheBasedTicketCache.java
index 35eb7b084e..33d3ce49a6 100644
--- a/cas/src/main/java/org/springframework/security/cas/authentication/SpringCacheBasedTicketCache.java
+++ b/cas/src/main/java/org/springframework/security/cas/authentication/SpringCacheBasedTicketCache.java
@@ -42,13 +42,13 @@ public class SpringCacheBasedTicketCache implements StatelessTicketCache {
 
 	@Override
 	public CasAuthenticationToken getByTicketId(final String serviceTicket) {
-		final Cache.ValueWrapper element = serviceTicket != null ? this.cache.get(serviceTicket) : null;
+		final Cache.ValueWrapper element = (serviceTicket != null) ? this.cache.get(serviceTicket) : null;
 
 		if (logger.isDebugEnabled()) {
 			logger.debug("Cache hit: " + (element != null) + "; service ticket: " + serviceTicket);
 		}
 
-		return element == null ? null : (CasAuthenticationToken) element.get();
+		return (element != null) ? (CasAuthenticationToken) element.get() : null;
 	}
 
 	@Override
diff --git a/config/src/main/java/org/springframework/security/config/SecurityNamespaceHandler.java b/config/src/main/java/org/springframework/security/config/SecurityNamespaceHandler.java
index 6bce596593..9273bee2af 100644
--- a/config/src/main/java/org/springframework/security/config/SecurityNamespaceHandler.java
+++ b/config/src/main/java/org/springframework/security/config/SecurityNamespaceHandler.java
@@ -151,7 +151,7 @@ public final class SecurityNamespaceHandler implements NamespaceHandler {
 
 	private void reportUnsupportedNodeType(String name, ParserContext pc, Node node) {
 		pc.getReaderContext().fatal("Security namespace does not support decoration of "
-				+ (node instanceof Element ? "element" : "attribute") + " [" + name + "]", node);
+				+ ((node instanceof Element) ? "element" : "attribute") + " [" + name + "]", node);
 	}
 
 	private void reportMissingWebClasses(String nodeName, ParserContext pc, Node node) {
diff --git a/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/ldap/LdapAuthenticationProviderConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/ldap/LdapAuthenticationProviderConfigurer.java
index 54a97b4d67..389a39eda6 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/ldap/LdapAuthenticationProviderConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/ldap/LdapAuthenticationProviderConfigurer.java
@@ -187,8 +187,8 @@ public class LdapAuthenticationProviderConfigurer<B extends ProviderManagerBuild
 	 * @return the {@link LdapAuthenticator} to use
 	 */
 	private LdapAuthenticator createLdapAuthenticator(BaseLdapPathContextSource contextSource) {
-		AbstractLdapAuthenticator ldapAuthenticator = this.passwordEncoder == null
-				? createBindAuthenticator(contextSource) : createPasswordCompareAuthenticator(contextSource);
+		AbstractLdapAuthenticator ldapAuthenticator = (this.passwordEncoder != null)
+				? createPasswordCompareAuthenticator(contextSource) : createBindAuthenticator(contextSource);
 		LdapUserSearch userSearch = createUserSearch();
 		if (userSearch != null) {
 			ldapAuthenticator.setUserSearch(userSearch);
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistry.java b/config/src/main/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistry.java
index 92871d5519..054896575c 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistry.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistry.java
@@ -247,7 +247,7 @@ public abstract class AbstractRequestMatcherRegistry<C> {
 		 * @return a {@link List} of {@link AntPathRequestMatcher} instances
 		 */
 		static List<RequestMatcher> antMatchers(HttpMethod httpMethod, String... antPatterns) {
-			String method = httpMethod == null ? null : httpMethod.toString();
+			String method = (httpMethod != null) ? httpMethod.toString() : null;
 			List<RequestMatcher> matchers = new ArrayList<>();
 			for (String pattern : antPatterns) {
 				matchers.add(new AntPathRequestMatcher(pattern, method));
@@ -275,7 +275,7 @@ public abstract class AbstractRequestMatcherRegistry<C> {
 		 * @return a {@link List} of {@link RegexRequestMatcher} instances
 		 */
 		static List<RequestMatcher> regexMatchers(HttpMethod httpMethod, String... regexPatterns) {
-			String method = httpMethod == null ? null : httpMethod.toString();
+			String method = (httpMethod != null) ? httpMethod.toString() : null;
 			List<RequestMatcher> matchers = new ArrayList<>();
 			for (String pattern : regexPatterns) {
 				matchers.add(new RegexRequestMatcher(pattern, method));
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/builders/WebSecurity.java b/config/src/main/java/org/springframework/security/config/annotation/web/builders/WebSecurity.java
index 0acebe06fd..5ff35ec68f 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/builders/WebSecurity.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/builders/WebSecurity.java
@@ -242,8 +242,8 @@ public final class WebSecurity extends AbstractConfiguredSecurityBuilder<Filter,
 		if (this.privilegeEvaluator != null) {
 			return this.privilegeEvaluator;
 		}
-		return this.filterSecurityInterceptor == null ? null
-				: new DefaultWebInvocationPrivilegeEvaluator(this.filterSecurityInterceptor);
+		return (this.filterSecurityInterceptor != null)
+				? new DefaultWebInvocationPrivilegeEvaluator(this.filterSecurityInterceptor) : null;
 	}
 
 	/**
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.java
index be2b1d22c7..2294bdc25d 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.java
@@ -227,7 +227,7 @@ public class WebSecurityConfiguration implements ImportAware, BeanClassLoaderAwa
 				return ((Ordered) obj).getOrder();
 			}
 			if (obj != null) {
-				Class<?> clazz = (obj instanceof Class ? (Class<?>) obj : obj.getClass());
+				Class<?> clazz = ((obj instanceof Class) ? (Class<?>) obj : obj.getClass());
 				Order order = AnnotationUtils.findAnnotation(clazz, Order.class);
 				if (order != null) {
 					return order.value();
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/JeeConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/JeeConfigurer.java
index 0cf5b51224..078adc18b0 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/JeeConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/JeeConfigurer.java
@@ -230,7 +230,7 @@ public final class JeeConfigurer<H extends HttpSecurityBuilder<H>> extends Abstr
 	 * @return the {@link AuthenticationUserDetailsService} to use
 	 */
 	private AuthenticationUserDetailsService<PreAuthenticatedAuthenticationToken> getUserDetailsService() {
-		return this.authenticationUserDetailsService == null
+		return (this.authenticationUserDetailsService != null)
 				? new PreAuthenticatedGrantedAuthoritiesUserDetailsService() : this.authenticationUserDetailsService;
 	}
 
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurer.java
index f710b7a7a4..1c54f5e440 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurer.java
@@ -369,8 +369,8 @@ public final class RememberMeConfigurer<H extends HttpSecurityBuilder<H>>
 	 * @return the {@link RememberMeServices} to use
 	 */
 	private AbstractRememberMeServices createRememberMeServices(H http, String key) {
-		return this.tokenRepository == null ? createTokenBasedRememberMeServices(http, key)
-				: createPersistentRememberMeServices(http, key);
+		return (this.tokenRepository != null) ? createPersistentRememberMeServices(http, key)
+				: createTokenBasedRememberMeServices(http, key);
 	}
 
 	/**
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/SecurityContextConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/SecurityContextConfigurer.java
index 07dba22037..acd06c1221 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/SecurityContextConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/SecurityContextConfigurer.java
@@ -90,8 +90,8 @@ public final class SecurityContextConfigurer<H extends HttpSecurityBuilder<H>>
 		SecurityContextPersistenceFilter securityContextFilter = new SecurityContextPersistenceFilter(
 				securityContextRepository);
 		SessionManagementConfigurer<?> sessionManagement = http.getConfigurer(SessionManagementConfigurer.class);
-		SessionCreationPolicy sessionCreationPolicy = sessionManagement == null ? null
-				: sessionManagement.getSessionCreationPolicy();
+		SessionCreationPolicy sessionCreationPolicy = (sessionManagement != null)
+				? sessionManagement.getSessionCreationPolicy() : null;
 		if (SessionCreationPolicy.ALWAYS == sessionCreationPolicy) {
 			securityContextFilter.setForceEagerSessionCreation(true);
 		}
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ServletApiConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ServletApiConfigurer.java
index 3a3373d634..5959d9d08e 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ServletApiConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ServletApiConfigurer.java
@@ -80,11 +80,11 @@ public final class ServletApiConfigurer<H extends HttpSecurityBuilder<H>>
 	public void configure(H http) {
 		this.securityContextRequestFilter.setAuthenticationManager(http.getSharedObject(AuthenticationManager.class));
 		ExceptionHandlingConfigurer<H> exceptionConf = http.getConfigurer(ExceptionHandlingConfigurer.class);
-		AuthenticationEntryPoint authenticationEntryPoint = exceptionConf == null ? null
-				: exceptionConf.getAuthenticationEntryPoint(http);
+		AuthenticationEntryPoint authenticationEntryPoint = (exceptionConf != null)
+				? exceptionConf.getAuthenticationEntryPoint(http) : null;
 		this.securityContextRequestFilter.setAuthenticationEntryPoint(authenticationEntryPoint);
 		LogoutConfigurer<H> logoutConf = http.getConfigurer(LogoutConfigurer.class);
-		List<LogoutHandler> logoutHandlers = logoutConf == null ? null : logoutConf.getLogoutHandlers();
+		List<LogoutHandler> logoutHandlers = (logoutConf != null) ? logoutConf.getLogoutHandlers() : null;
 		this.securityContextRequestFilter.setLogoutHandlers(logoutHandlers);
 		AuthenticationTrustResolver trustResolver = http.getSharedObject(AuthenticationTrustResolver.class);
 		if (trustResolver != null) {
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurer.java
index c2484701e8..59146667e4 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurer.java
@@ -451,7 +451,7 @@ public final class SessionManagementConfigurer<H extends HttpSecurityBuilder<H>>
 		}
 
 		SessionCreationPolicy sessionPolicy = getBuilder().getSharedObject(SessionCreationPolicy.class);
-		return sessionPolicy == null ? SessionCreationPolicy.IF_REQUIRED : sessionPolicy;
+		return (sessionPolicy != null) ? sessionPolicy : SessionCreationPolicy.IF_REQUIRED;
 	}
 
 	/**
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/ImplicitGrantConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/ImplicitGrantConfigurer.java
index 9fd1e1ead2..51d151c9ed 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/ImplicitGrantConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/ImplicitGrantConfigurer.java
@@ -98,7 +98,7 @@ public final class ImplicitGrantConfigurer<B extends HttpSecurityBuilder<B>>
 	}
 
 	private String getAuthorizationRequestBaseUri() {
-		return this.authorizationRequestBaseUri != null ? this.authorizationRequestBaseUri
+		return (this.authorizationRequestBaseUri != null) ? this.authorizationRequestBaseUri
 				: OAuth2AuthorizationRequestRedirectFilter.DEFAULT_AUTHORIZATION_REQUEST_BASE_URI;
 	}
 
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java
index 1d111b866a..bab025eff0 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java
@@ -500,7 +500,7 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>
 			return Collections.emptyMap();
 		}
 
-		String authorizationRequestBaseUri = this.authorizationEndpointConfig.authorizationRequestBaseUri != null
+		String authorizationRequestBaseUri = (this.authorizationEndpointConfig.authorizationRequestBaseUri != null)
 				? this.authorizationEndpointConfig.authorizationRequestBaseUri
 				: OAuth2AuthorizationRequestRedirectFilter.DEFAULT_AUTHORIZATION_REQUEST_BASE_URI;
 		Map<String, String> loginUrlToClientName = new HashMap<>();
diff --git a/config/src/main/java/org/springframework/security/config/http/FilterInvocationSecurityMetadataSourceParser.java b/config/src/main/java/org/springframework/security/config/http/FilterInvocationSecurityMetadataSourceParser.java
index 6dad4e1ca0..f0dc125778 100644
--- a/config/src/main/java/org/springframework/security/config/http/FilterInvocationSecurityMetadataSourceParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/FilterInvocationSecurityMetadataSourceParser.java
@@ -107,8 +107,8 @@ public class FilterInvocationSecurityMetadataSourceParser implements BeanDefinit
 
 		if (useExpressions) {
 			Element expressionHandlerElt = DomUtils.getChildElementByTagName(httpElt, Elements.EXPRESSION_HANDLER);
-			String expressionHandlerRef = expressionHandlerElt == null ? null
-					: expressionHandlerElt.getAttribute("ref");
+			String expressionHandlerRef = (expressionHandlerElt != null) ? expressionHandlerElt.getAttribute("ref")
+					: null;
 
 			if (StringUtils.hasText(expressionHandlerRef)) {
 				logger.info(
diff --git a/config/src/main/java/org/springframework/security/config/http/FormLoginBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/FormLoginBeanDefinitionParser.java
index bb3d74138b..c39c6a303a 100644
--- a/config/src/main/java/org/springframework/security/config/http/FormLoginBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/FormLoginBeanDefinitionParser.java
@@ -168,7 +168,7 @@ public class FormLoginBeanDefinitionParser {
 		BeanDefinitionBuilder entryPointBuilder = BeanDefinitionBuilder
 				.rootBeanDefinition(LoginUrlAuthenticationEntryPoint.class);
 		entryPointBuilder.getRawBeanDefinition().setSource(source);
-		entryPointBuilder.addConstructorArgValue(this.loginPage != null ? this.loginPage : DEF_LOGIN_PAGE);
+		entryPointBuilder.addConstructorArgValue((this.loginPage != null) ? this.loginPage : DEF_LOGIN_PAGE);
 		entryPointBuilder.addPropertyValue("portMapper", this.portMapper);
 		entryPointBuilder.addPropertyValue("portResolver", this.portResolver);
 		this.entryPointBean = (RootBeanDefinition) entryPointBuilder.getBeanDefinition();
diff --git a/config/src/main/java/org/springframework/security/config/http/HeadersBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/HeadersBeanDefinitionParser.java
index d1a4d4c552..c4f96eba3a 100644
--- a/config/src/main/java/org/springframework/security/config/http/HeadersBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/HeadersBeanDefinitionParser.java
@@ -177,8 +177,8 @@ public class HeadersBeanDefinitionParser implements BeanDefinitionParser {
 	}
 
 	private void parseCacheControlElement(boolean addIfNotPresent, Element element) {
-		Element cacheControlElement = element == null ? null
-				: DomUtils.getChildElementByTagName(element, CACHE_CONTROL_ELEMENT);
+		Element cacheControlElement = (element != null)
+				? DomUtils.getChildElementByTagName(element, CACHE_CONTROL_ELEMENT) : null;
 		boolean disabled = "true".equals(getAttribute(cacheControlElement, ATT_DISABLED, "false"));
 		if (disabled) {
 			return;
@@ -195,7 +195,7 @@ public class HeadersBeanDefinitionParser implements BeanDefinitionParser {
 	}
 
 	private void parseHstsElement(boolean addIfNotPresent, Element element, ParserContext context) {
-		Element hstsElement = element == null ? null : DomUtils.getChildElementByTagName(element, HSTS_ELEMENT);
+		Element hstsElement = (element != null) ? DomUtils.getChildElementByTagName(element, HSTS_ELEMENT) : null;
 		if (addIfNotPresent || hstsElement != null) {
 			addHsts(addIfNotPresent, hstsElement, context);
 		}
@@ -244,7 +244,7 @@ public class HeadersBeanDefinitionParser implements BeanDefinitionParser {
 	}
 
 	private void parseHpkpElement(boolean addIfNotPresent, Element element, ParserContext context) {
-		Element hpkpElement = element == null ? null : DomUtils.getChildElementByTagName(element, HPKP_ELEMENT);
+		Element hpkpElement = (element != null) ? DomUtils.getChildElementByTagName(element, HPKP_ELEMENT) : null;
 		if (addIfNotPresent || hpkpElement != null) {
 			addHpkp(addIfNotPresent, hpkpElement, context);
 		}
@@ -342,8 +342,8 @@ public class HeadersBeanDefinitionParser implements BeanDefinitionParser {
 	}
 
 	private void parseReferrerPolicyElement(Element element, ParserContext context) {
-		Element referrerPolicyElement = (element == null) ? null
-				: DomUtils.getChildElementByTagName(element, REFERRER_POLICY_ELEMENT);
+		Element referrerPolicyElement = (element != null)
+				? DomUtils.getChildElementByTagName(element, REFERRER_POLICY_ELEMENT) : null;
 		if (referrerPolicyElement != null) {
 			addReferrerPolicy(referrerPolicyElement, context);
 		}
@@ -361,8 +361,8 @@ public class HeadersBeanDefinitionParser implements BeanDefinitionParser {
 	}
 
 	private void parseFeaturePolicyElement(Element element, ParserContext context) {
-		Element featurePolicyElement = (element == null) ? null
-				: DomUtils.getChildElementByTagName(element, FEATURE_POLICY_ELEMENT);
+		Element featurePolicyElement = (element != null)
+				? DomUtils.getChildElementByTagName(element, FEATURE_POLICY_ELEMENT) : null;
 		if (featurePolicyElement != null) {
 			addFeaturePolicy(featurePolicyElement, context);
 		}
@@ -390,8 +390,8 @@ public class HeadersBeanDefinitionParser implements BeanDefinitionParser {
 	}
 
 	private void parseHeaderElements(Element element) {
-		List<Element> headerElts = element == null ? Collections.<Element>emptyList()
-				: DomUtils.getChildElementsByTagName(element, GENERIC_HEADER_ELEMENT);
+		List<Element> headerElts = (element != null)
+				? DomUtils.getChildElementsByTagName(element, GENERIC_HEADER_ELEMENT) : Collections.emptyList();
 		for (Element headerElt : headerElts) {
 			String headerFactoryRef = headerElt.getAttribute(ATT_REF);
 			if (StringUtils.hasText(headerFactoryRef)) {
@@ -407,8 +407,8 @@ public class HeadersBeanDefinitionParser implements BeanDefinitionParser {
 	}
 
 	private void parseContentTypeOptionsElement(boolean addIfNotPresent, Element element) {
-		Element contentTypeElt = element == null ? null
-				: DomUtils.getChildElementByTagName(element, CONTENT_TYPE_ELEMENT);
+		Element contentTypeElt = (element != null) ? DomUtils.getChildElementByTagName(element, CONTENT_TYPE_ELEMENT)
+				: null;
 		boolean disabled = "true".equals(getAttribute(contentTypeElt, ATT_DISABLED, "false"));
 		if (disabled) {
 			return;
@@ -504,7 +504,7 @@ public class HeadersBeanDefinitionParser implements BeanDefinitionParser {
 	}
 
 	private void parseXssElement(boolean addIfNotPresent, Element element, ParserContext parserContext) {
-		Element xssElt = element == null ? null : DomUtils.getChildElementByTagName(element, XSS_ELEMENT);
+		Element xssElt = (element != null) ? DomUtils.getChildElementByTagName(element, XSS_ELEMENT) : null;
 		BeanDefinitionBuilder builder = BeanDefinitionBuilder.genericBeanDefinition(XXssProtectionHeaderWriter.class);
 		if (xssElt != null) {
 			boolean disabled = "true".equals(getAttribute(xssElt, ATT_DISABLED, "false"));
diff --git a/config/src/main/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParser.java
index 4807a4bb6a..9122d28691 100644
--- a/config/src/main/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParser.java
@@ -83,7 +83,7 @@ final class OAuth2ClientBeanDefinitionParser implements BeanDefinitionParser {
 
 		BeanDefinitionBuilder authorizationRequestRedirectFilterBuilder = BeanDefinitionBuilder
 				.rootBeanDefinition(OAuth2AuthorizationRequestRedirectFilter.class);
-		String authorizationRequestResolverRef = authorizationCodeGrantElt != null
+		String authorizationRequestResolverRef = (authorizationCodeGrantElt != null)
 				? authorizationCodeGrantElt.getAttribute(ATT_AUTHORIZATION_REQUEST_RESOLVER_REF) : null;
 		if (!StringUtils.isEmpty(authorizationRequestResolverRef)) {
 			authorizationRequestRedirectFilterBuilder.addConstructorArgReference(authorizationRequestResolverRef);
@@ -112,7 +112,7 @@ final class OAuth2ClientBeanDefinitionParser implements BeanDefinitionParser {
 
 	private BeanMetadataElement getAuthorizationRequestRepository(Element element) {
 		BeanMetadataElement authorizationRequestRepository;
-		String authorizationRequestRepositoryRef = element != null
+		String authorizationRequestRepositoryRef = (element != null)
 				? element.getAttribute(ATT_AUTHORIZATION_REQUEST_REPOSITORY_REF) : null;
 		if (!StringUtils.isEmpty(authorizationRequestRepositoryRef)) {
 			authorizationRequestRepository = new RuntimeBeanReference(authorizationRequestRepositoryRef);
@@ -127,7 +127,7 @@ final class OAuth2ClientBeanDefinitionParser implements BeanDefinitionParser {
 
 	private BeanMetadataElement getAccessTokenResponseClient(Element element) {
 		BeanMetadataElement accessTokenResponseClient;
-		String accessTokenResponseClientRef = element != null
+		String accessTokenResponseClientRef = (element != null)
 				? element.getAttribute(ATT_ACCESS_TOKEN_RESPONSE_CLIENT_REF) : null;
 		if (!StringUtils.isEmpty(accessTokenResponseClientRef)) {
 			accessTokenResponseClient = new RuntimeBeanReference(accessTokenResponseClientRef);
diff --git a/config/src/main/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParser.java
index 62b0ed5286..fde8ab1571 100644
--- a/config/src/main/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParser.java
@@ -178,8 +178,8 @@ public class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionP
 			}
 			else {
 				// The default expression-based system
-				String expressionHandlerRef = expressionHandlerElt == null ? null
-						: expressionHandlerElt.getAttribute("ref");
+				String expressionHandlerRef = (expressionHandlerElt != null) ? expressionHandlerElt.getAttribute("ref")
+						: null;
 
 				if (StringUtils.hasText(expressionHandlerRef)) {
 					this.logger.info(
diff --git a/config/src/main/java/org/springframework/security/config/oauth2/client/ClientRegistrationsBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/oauth2/client/ClientRegistrationsBeanDefinitionParser.java
index a8c3ff9473..8b0a0011f2 100644
--- a/config/src/main/java/org/springframework/security/config/oauth2/client/ClientRegistrationsBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/oauth2/client/ClientRegistrationsBeanDefinitionParser.java
@@ -168,7 +168,7 @@ public final class ClientRegistrationsBeanDefinitionParser implements BeanDefini
 
 	private static ClientRegistration.Builder getBuilderFromIssuerIfPossible(String registrationId,
 			String configuredProviderId, Map<String, Map<String, String>> providers) {
-		String providerId = configuredProviderId != null ? configuredProviderId : registrationId;
+		String providerId = (configuredProviderId != null) ? configuredProviderId : registrationId;
 		if (providers.containsKey(providerId)) {
 			Map<String, String> provider = providers.get(providerId);
 			String issuer = provider.get(ATT_ISSUER_URI);
@@ -188,7 +188,7 @@ public final class ClientRegistrationsBeanDefinitionParser implements BeanDefini
 		if (provider == null && !providers.containsKey(providerId)) {
 			return null;
 		}
-		ClientRegistration.Builder builder = provider != null ? provider.getBuilder(registrationId)
+		ClientRegistration.Builder builder = (provider != null) ? provider.getBuilder(registrationId)
 				: ClientRegistration.withRegistrationId(registrationId);
 		if (providers.containsKey(providerId)) {
 			return getBuilder(builder, providers.get(providerId));
@@ -251,7 +251,7 @@ public final class ClientRegistrationsBeanDefinitionParser implements BeanDefini
 	}
 
 	private static String getErrorMessage(String configuredProviderId, String registrationId) {
-		return configuredProviderId != null ? "Unknown provider ID '" + configuredProviderId + "'"
+		return (configuredProviderId != null) ? "Unknown provider ID '" + configuredProviderId + "'"
 				: "Provider ID must be specified for client registration '" + registrationId + "'";
 	}
 
diff --git a/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java b/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java
index f9247744c6..507be8e960 100644
--- a/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java
+++ b/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java
@@ -1467,8 +1467,8 @@ public class ServerHttpSecurity {
 	}
 
 	private WebFilter securityContextRepositoryWebFilter() {
-		ServerSecurityContextRepository repository = this.securityContextRepository == null
-				? new WebSessionServerSecurityContextRepository() : this.securityContextRepository;
+		ServerSecurityContextRepository repository = (this.securityContextRepository != null)
+				? this.securityContextRepository : new WebSessionServerSecurityContextRepository();
 		WebFilter result = new ReactorContextWebFilter(repository);
 		return new OrderedWebFilter(result, SecurityWebFiltersOrder.REACTOR_CONTEXT.getOrder());
 	}
diff --git a/config/src/main/java/org/springframework/security/config/websocket/WebSocketMessageBrokerSecurityBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/websocket/WebSocketMessageBrokerSecurityBeanDefinitionParser.java
index 7d7426ecbc..a5316adec5 100644
--- a/config/src/main/java/org/springframework/security/config/websocket/WebSocketMessageBrokerSecurityBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/websocket/WebSocketMessageBrokerSecurityBeanDefinitionParser.java
@@ -121,7 +121,7 @@ public final class WebSocketMessageBrokerSecurityBeanDefinitionParser implements
 
 		String id = element.getAttribute(ID_ATTR);
 		Element expressionHandlerElt = DomUtils.getChildElementByTagName(element, Elements.EXPRESSION_HANDLER);
-		String expressionHandlerRef = expressionHandlerElt == null ? null : expressionHandlerElt.getAttribute("ref");
+		String expressionHandlerRef = (expressionHandlerElt != null) ? expressionHandlerElt.getAttribute("ref") : null;
 		boolean expressionHandlerDefined = StringUtils.hasText(expressionHandlerRef);
 
 		boolean sameOriginDisabled = Boolean.parseBoolean(element.getAttribute(DISABLED_ATTR));
@@ -252,7 +252,7 @@ public final class WebSocketMessageBrokerSecurityBeanDefinitionParser implements
 
 					if (!registry.containsBeanDefinition(PATH_MATCHER_BEAN_NAME)) {
 						PropertyValue pathMatcherProp = bd.getPropertyValues().getPropertyValue("pathMatcher");
-						Object pathMatcher = pathMatcherProp == null ? null : pathMatcherProp.getValue();
+						Object pathMatcher = (pathMatcherProp != null) ? pathMatcherProp.getValue() : null;
 						if (pathMatcher instanceof BeanReference) {
 							registry.registerAlias(((BeanReference) pathMatcher).getBeanName(), PATH_MATCHER_BEAN_NAME);
 						}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfigurationTests.java
index 1b6955367d..bd872e58e4 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfigurationTests.java
@@ -237,7 +237,7 @@ public class OAuth2ClientConfigurationTests {
 			@GetMapping("/authorized-client")
 			String authorizedClient(
 					@RegisteredOAuth2AuthorizedClient("client1") OAuth2AuthorizedClient authorizedClient) {
-				return authorizedClient != null ? "resolved" : "not-resolved";
+				return (authorizedClient != null) ? "resolved" : "not-resolved";
 			}
 
 		}
@@ -405,7 +405,7 @@ public class OAuth2ClientConfigurationTests {
 			@GetMapping("/authorized-client")
 			String authorizedClient(
 					@RegisteredOAuth2AuthorizedClient("client1") OAuth2AuthorizedClient authorizedClient) {
-				return authorizedClient != null ? "resolved" : "not-resolved";
+				return (authorizedClient != null) ? "resolved" : "not-resolved";
 			}
 
 		}
diff --git a/config/src/test/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserTests.java
index 5d4a3568d4..0b0842641d 100644
--- a/config/src/test/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserTests.java
@@ -229,7 +229,7 @@ public class OAuth2ClientBeanDefinitionParserTests {
 		@GetMapping("/authorized-client")
 		String authorizedClient(Model model,
 				@RegisteredOAuth2AuthorizedClient("google") OAuth2AuthorizedClient authorizedClient) {
-			return authorizedClient != null ? "resolved" : "not-resolved";
+			return (authorizedClient != null) ? "resolved" : "not-resolved";
 		}
 
 	}
diff --git a/config/src/test/java/org/springframework/security/config/http/OAuth2LoginBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/http/OAuth2LoginBeanDefinitionParserTests.java
index 343c4d6469..190fd7e704 100644
--- a/config/src/test/java/org/springframework/security/config/http/OAuth2LoginBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/OAuth2LoginBeanDefinitionParserTests.java
@@ -523,7 +523,7 @@ public class OAuth2LoginBeanDefinitionParserTests {
 		@GetMapping("/authorized-client")
 		String authorizedClient(Model model,
 				@RegisteredOAuth2AuthorizedClient("google") OAuth2AuthorizedClient authorizedClient) {
-			return authorizedClient != null ? "resolved" : "not-resolved";
+			return (authorizedClient != null) ? "resolved" : "not-resolved";
 		}
 
 	}
diff --git a/config/src/test/java/org/springframework/security/htmlunit/server/HtmlUnitWebTestClient.java b/config/src/test/java/org/springframework/security/htmlunit/server/HtmlUnitWebTestClient.java
index 53c2b86913..4f673aa2ef 100644
--- a/config/src/test/java/org/springframework/security/htmlunit/server/HtmlUnitWebTestClient.java
+++ b/config/src/test/java/org/springframework/security/htmlunit/server/HtmlUnitWebTestClient.java
@@ -93,7 +93,7 @@ final class HtmlUnitWebTestClient {
 				contentType = encodingType.getName();
 			}
 		}
-		MediaType mediaType = contentType == null ? MediaType.ALL : MediaType.parseMediaType(contentType);
+		MediaType mediaType = (contentType != null) ? MediaType.parseMediaType(contentType) : MediaType.ALL;
 		request.contentType(mediaType);
 	}
 
diff --git a/core/src/main/java/org/springframework/security/access/expression/method/AbstractExpressionBasedMethodConfigAttribute.java b/core/src/main/java/org/springframework/security/access/expression/method/AbstractExpressionBasedMethodConfigAttribute.java
index a81fee098f..722505f22a 100644
--- a/core/src/main/java/org/springframework/security/access/expression/method/AbstractExpressionBasedMethodConfigAttribute.java
+++ b/core/src/main/java/org/springframework/security/access/expression/method/AbstractExpressionBasedMethodConfigAttribute.java
@@ -47,16 +47,16 @@ abstract class AbstractExpressionBasedMethodConfigAttribute implements ConfigAtt
 		Assert.isTrue(filterExpression != null || authorizeExpression != null,
 				"Filter and authorization Expressions cannot both be null");
 		SpelExpressionParser parser = new SpelExpressionParser();
-		this.filterExpression = filterExpression == null ? null : parser.parseExpression(filterExpression);
-		this.authorizeExpression = authorizeExpression == null ? null : parser.parseExpression(authorizeExpression);
+		this.filterExpression = (filterExpression != null) ? parser.parseExpression(filterExpression) : null;
+		this.authorizeExpression = (authorizeExpression != null) ? parser.parseExpression(authorizeExpression) : null;
 	}
 
 	AbstractExpressionBasedMethodConfigAttribute(Expression filterExpression, Expression authorizeExpression)
 			throws ParseException {
 		Assert.isTrue(filterExpression != null || authorizeExpression != null,
 				"Filter and authorization Expressions cannot both be null");
-		this.filterExpression = filterExpression == null ? null : filterExpression;
-		this.authorizeExpression = authorizeExpression == null ? null : authorizeExpression;
+		this.filterExpression = (filterExpression != null) ? filterExpression : null;
+		this.authorizeExpression = (authorizeExpression != null) ? authorizeExpression : null;
 	}
 
 	Expression getFilterExpression() {
diff --git a/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedAnnotationAttributeFactory.java b/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedAnnotationAttributeFactory.java
index 56c61f1f58..d6fb761966 100644
--- a/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedAnnotationAttributeFactory.java
+++ b/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedAnnotationAttributeFactory.java
@@ -49,10 +49,10 @@ public class ExpressionBasedAnnotationAttributeFactory implements PrePostInvocat
 		try {
 			// TODO: Optimization of permitAll
 			ExpressionParser parser = getParser();
-			Expression preAuthorizeExpression = preAuthorizeAttribute == null ? parser.parseExpression("permitAll")
-					: parser.parseExpression(preAuthorizeAttribute);
-			Expression preFilterExpression = preFilterAttribute == null ? null
-					: parser.parseExpression(preFilterAttribute);
+			Expression preAuthorizeExpression = (preAuthorizeAttribute != null)
+					? parser.parseExpression(preAuthorizeAttribute) : parser.parseExpression("permitAll");
+			Expression preFilterExpression = (preFilterAttribute != null) ? parser.parseExpression(preFilterAttribute)
+					: null;
 			return new PreInvocationExpressionAttribute(preFilterExpression, filterObject, preAuthorizeExpression);
 		}
 		catch (ParseException ex) {
@@ -65,11 +65,10 @@ public class ExpressionBasedAnnotationAttributeFactory implements PrePostInvocat
 			String postAuthorizeAttribute) {
 		try {
 			ExpressionParser parser = getParser();
-			Expression postAuthorizeExpression = postAuthorizeAttribute == null ? null
-					: parser.parseExpression(postAuthorizeAttribute);
-			Expression postFilterExpression = postFilterAttribute == null ? null
-					: parser.parseExpression(postFilterAttribute);
-
+			Expression postAuthorizeExpression = (postAuthorizeAttribute != null)
+					? parser.parseExpression(postAuthorizeAttribute) : null;
+			Expression postFilterExpression = (postFilterAttribute != null)
+					? parser.parseExpression(postFilterAttribute) : null;
 			if (postFilterExpression != null || postAuthorizeExpression != null) {
 				return new PostInvocationExpressionAttribute(postFilterExpression, postAuthorizeExpression);
 			}
diff --git a/core/src/main/java/org/springframework/security/access/expression/method/PostInvocationExpressionAttribute.java b/core/src/main/java/org/springframework/security/access/expression/method/PostInvocationExpressionAttribute.java
index d85c22b21a..08d9c6f2b8 100644
--- a/core/src/main/java/org/springframework/security/access/expression/method/PostInvocationExpressionAttribute.java
+++ b/core/src/main/java/org/springframework/security/access/expression/method/PostInvocationExpressionAttribute.java
@@ -41,8 +41,8 @@ class PostInvocationExpressionAttribute extends AbstractExpressionBasedMethodCon
 		StringBuilder sb = new StringBuilder();
 		Expression authorize = getAuthorizeExpression();
 		Expression filter = getFilterExpression();
-		sb.append("[authorize: '").append(authorize == null ? "null" : authorize.getExpressionString());
-		sb.append("', filter: '").append(filter == null ? "null" : filter.getExpressionString()).append("']");
+		sb.append("[authorize: '").append((authorize != null) ? authorize.getExpressionString() : "null");
+		sb.append("', filter: '").append((filter != null) ? filter.getExpressionString() : "null").append("']");
 		return sb.toString();
 	}
 
diff --git a/core/src/main/java/org/springframework/security/access/expression/method/PreInvocationExpressionAttribute.java b/core/src/main/java/org/springframework/security/access/expression/method/PreInvocationExpressionAttribute.java
index fdaeb4bf21..5f5ffc56cd 100644
--- a/core/src/main/java/org/springframework/security/access/expression/method/PreInvocationExpressionAttribute.java
+++ b/core/src/main/java/org/springframework/security/access/expression/method/PreInvocationExpressionAttribute.java
@@ -57,8 +57,8 @@ class PreInvocationExpressionAttribute extends AbstractExpressionBasedMethodConf
 		StringBuilder sb = new StringBuilder();
 		Expression authorize = getAuthorizeExpression();
 		Expression filter = getFilterExpression();
-		sb.append("[authorize: '").append(authorize == null ? "null" : authorize.getExpressionString());
-		sb.append("', filter: '").append(filter == null ? "null" : filter.getExpressionString());
+		sb.append("[authorize: '").append((authorize != null) ? authorize.getExpressionString() : "null");
+		sb.append("', filter: '").append((filter != null) ? filter.getExpressionString() : "null");
 		sb.append("', filterTarget: '").append(this.filterTarget).append("']");
 		return sb.toString();
 	}
diff --git a/core/src/main/java/org/springframework/security/access/intercept/RunAsUserToken.java b/core/src/main/java/org/springframework/security/access/intercept/RunAsUserToken.java
index ecd683b892..31b145f84c 100644
--- a/core/src/main/java/org/springframework/security/access/intercept/RunAsUserToken.java
+++ b/core/src/main/java/org/springframework/security/access/intercept/RunAsUserToken.java
@@ -73,7 +73,7 @@ public class RunAsUserToken extends AbstractAuthenticationToken {
 	@Override
 	public String toString() {
 		StringBuilder sb = new StringBuilder(super.toString());
-		String className = this.originalAuthentication == null ? null : this.originalAuthentication.getName();
+		String className = (this.originalAuthentication != null) ? this.originalAuthentication.getName() : null;
 		sb.append("; Original Class: ").append(className);
 
 		return sb.toString();
diff --git a/core/src/main/java/org/springframework/security/access/method/AbstractMethodSecurityMetadataSource.java b/core/src/main/java/org/springframework/security/access/method/AbstractMethodSecurityMetadataSource.java
index 3b3a9809b4..9fc0775825 100644
--- a/core/src/main/java/org/springframework/security/access/method/AbstractMethodSecurityMetadataSource.java
+++ b/core/src/main/java/org/springframework/security/access/method/AbstractMethodSecurityMetadataSource.java
@@ -44,7 +44,7 @@ public abstract class AbstractMethodSecurityMetadataSource implements MethodSecu
 			Class<?> targetClass = null;
 
 			if (target != null) {
-				targetClass = target instanceof Class<?> ? (Class<?>) target
+				targetClass = (target instanceof Class<?>) ? (Class<?>) target
 						: AopProxyUtils.ultimateTargetClass(target);
 			}
 			Collection<ConfigAttribute> attrs = getAttributes(mi.getMethod(), targetClass);
diff --git a/core/src/main/java/org/springframework/security/access/method/DelegatingMethodSecurityMetadataSource.java b/core/src/main/java/org/springframework/security/access/method/DelegatingMethodSecurityMetadataSource.java
index 247f325ff9..583d140b31 100644
--- a/core/src/main/java/org/springframework/security/access/method/DelegatingMethodSecurityMetadataSource.java
+++ b/core/src/main/java/org/springframework/security/access/method/DelegatingMethodSecurityMetadataSource.java
@@ -122,12 +122,12 @@ public final class DelegatingMethodSecurityMetadataSource extends AbstractMethod
 
 		@Override
 		public int hashCode() {
-			return this.method.hashCode() * 21 + (this.targetClass != null ? this.targetClass.hashCode() : 0);
+			return this.method.hashCode() * 21 + ((this.targetClass != null) ? this.targetClass.hashCode() : 0);
 		}
 
 		@Override
 		public String toString() {
-			return "CacheKey[" + (this.targetClass == null ? "-" : this.targetClass.getName()) + "; " + this.method
+			return "CacheKey[" + ((this.targetClass != null) ? this.targetClass.getName() : "-") + "; " + this.method
 					+ "]";
 		}
 
diff --git a/core/src/main/java/org/springframework/security/access/prepost/PrePostAdviceReactiveMethodInterceptor.java b/core/src/main/java/org/springframework/security/access/prepost/PrePostAdviceReactiveMethodInterceptor.java
index 9bd9efd203..0fc6e502a2 100644
--- a/core/src/main/java/org/springframework/security/access/prepost/PrePostAdviceReactiveMethodInterceptor.java
+++ b/core/src/main/java/org/springframework/security/access/prepost/PrePostAdviceReactiveMethodInterceptor.java
@@ -93,17 +93,17 @@ public class PrePostAdviceReactiveMethodInterceptor implements MethodInterceptor
 
 		if (Mono.class.isAssignableFrom(returnType)) {
 			return toInvoke.flatMap((auth) -> PrePostAdviceReactiveMethodInterceptor.<Mono<?>>proceed(invocation)
-					.map((r) -> attr == null ? r : this.postAdvice.after(auth, invocation, attr, r)));
+					.map((r) -> (attr != null) ? this.postAdvice.after(auth, invocation, attr, r) : r));
 		}
 
 		if (Flux.class.isAssignableFrom(returnType)) {
 			return toInvoke.flatMapMany((auth) -> PrePostAdviceReactiveMethodInterceptor.<Flux<?>>proceed(invocation)
-					.map((r) -> attr == null ? r : this.postAdvice.after(auth, invocation, attr, r)));
+					.map((r) -> (attr != null) ? this.postAdvice.after(auth, invocation, attr, r) : r));
 		}
 
 		return toInvoke.flatMapMany(
 				(auth) -> Flux.from(PrePostAdviceReactiveMethodInterceptor.<Publisher<?>>proceed(invocation))
-						.map((r) -> attr == null ? r : this.postAdvice.after(auth, invocation, attr, r)));
+						.map((r) -> (attr != null) ? this.postAdvice.after(auth, invocation, attr, r) : r));
 	}
 
 	private static <T extends Publisher<?>> T proceed(final MethodInvocation invocation) {
diff --git a/core/src/main/java/org/springframework/security/access/prepost/PrePostAnnotationSecurityMetadataSource.java b/core/src/main/java/org/springframework/security/access/prepost/PrePostAnnotationSecurityMetadataSource.java
index 02dfcee031..ff12befce0 100644
--- a/core/src/main/java/org/springframework/security/access/prepost/PrePostAnnotationSecurityMetadataSource.java
+++ b/core/src/main/java/org/springframework/security/access/prepost/PrePostAnnotationSecurityMetadataSource.java
@@ -76,11 +76,11 @@ public class PrePostAnnotationSecurityMetadataSource extends AbstractMethodSecur
 			return Collections.emptyList();
 		}
 
-		String preFilterAttribute = preFilter == null ? null : preFilter.value();
-		String filterObject = preFilter == null ? null : preFilter.filterTarget();
-		String preAuthorizeAttribute = preAuthorize == null ? null : preAuthorize.value();
-		String postFilterAttribute = postFilter == null ? null : postFilter.value();
-		String postAuthorizeAttribute = postAuthorize == null ? null : postAuthorize.value();
+		String preFilterAttribute = (preFilter != null) ? preFilter.value() : null;
+		String filterObject = (preFilter != null) ? preFilter.filterTarget() : null;
+		String preAuthorizeAttribute = (preAuthorize != null) ? preAuthorize.value() : null;
+		String postFilterAttribute = (postFilter != null) ? postFilter.value() : null;
+		String postAuthorizeAttribute = (postAuthorize != null) ? postAuthorize.value() : null;
 
 		ArrayList<ConfigAttribute> attrs = new ArrayList<>(2);
 
diff --git a/core/src/main/java/org/springframework/security/authentication/DefaultAuthenticationEventPublisher.java b/core/src/main/java/org/springframework/security/authentication/DefaultAuthenticationEventPublisher.java
index 23a6dd5f25..6e9049f7be 100644
--- a/core/src/main/java/org/springframework/security/authentication/DefaultAuthenticationEventPublisher.java
+++ b/core/src/main/java/org/springframework/security/authentication/DefaultAuthenticationEventPublisher.java
@@ -129,7 +129,7 @@ public class DefaultAuthenticationEventPublisher
 	private Constructor<? extends AbstractAuthenticationEvent> getEventConstructor(AuthenticationException exception) {
 		Constructor<? extends AbstractAuthenticationEvent> eventConstructor = this.exceptionMappings
 				.get(exception.getClass().getName());
-		return (eventConstructor == null ? this.defaultAuthenticationFailureEventConstructor : eventConstructor);
+		return (eventConstructor != null) ? eventConstructor : this.defaultAuthenticationFailureEventConstructor;
 	}
 
 	@Override
diff --git a/core/src/main/java/org/springframework/security/authentication/jaas/memory/InMemoryConfiguration.java b/core/src/main/java/org/springframework/security/authentication/jaas/memory/InMemoryConfiguration.java
index 9ea78bfd90..8aa767aaa7 100644
--- a/core/src/main/java/org/springframework/security/authentication/jaas/memory/InMemoryConfiguration.java
+++ b/core/src/main/java/org/springframework/security/authentication/jaas/memory/InMemoryConfiguration.java
@@ -80,7 +80,7 @@ public class InMemoryConfiguration extends Configuration {
 	@Override
 	public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
 		AppConfigurationEntry[] mappedResult = this.mappedConfigurations.get(name);
-		return mappedResult == null ? this.defaultConfiguration : mappedResult;
+		return (mappedResult != null) ? mappedResult : this.defaultConfiguration;
 	}
 
 	/**
diff --git a/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationProvider.java b/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationProvider.java
index c7ea764196..d68867bc7a 100644
--- a/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationProvider.java
+++ b/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationProvider.java
@@ -63,7 +63,7 @@ public class RemoteAuthenticationProvider implements AuthenticationProvider, Ini
 	public Authentication authenticate(Authentication authentication) throws AuthenticationException {
 		String username = authentication.getPrincipal().toString();
 		Object credentials = authentication.getCredentials();
-		String password = credentials == null ? null : credentials.toString();
+		String password = (credentials != null) ? credentials.toString() : null;
 		Collection<? extends GrantedAuthority> authorities = this.remoteAuthenticationManager
 				.attemptAuthentication(username, password);
 
diff --git a/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextCallable.java b/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextCallable.java
index 977f1fb735..ea7a1a9849 100644
--- a/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextCallable.java
+++ b/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextCallable.java
@@ -113,8 +113,8 @@ public final class DelegatingSecurityContextCallable<V> implements Callable<V> {
 	 * @return
 	 */
 	public static <V> Callable<V> create(Callable<V> delegate, SecurityContext securityContext) {
-		return securityContext == null ? new DelegatingSecurityContextCallable<>(delegate)
-				: new DelegatingSecurityContextCallable<>(delegate, securityContext);
+		return (securityContext != null) ? new DelegatingSecurityContextCallable<>(delegate, securityContext)
+				: new DelegatingSecurityContextCallable<>(delegate);
 	}
 
 }
diff --git a/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextRunnable.java b/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextRunnable.java
index 6a4182dc3f..80def0d9cf 100644
--- a/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextRunnable.java
+++ b/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextRunnable.java
@@ -111,8 +111,8 @@ public final class DelegatingSecurityContextRunnable implements Runnable {
 	 */
 	public static Runnable create(Runnable delegate, SecurityContext securityContext) {
 		Assert.notNull(delegate, "delegate cannot be  null");
-		return securityContext == null ? new DelegatingSecurityContextRunnable(delegate)
-				: new DelegatingSecurityContextRunnable(delegate, securityContext);
+		return (securityContext != null) ? new DelegatingSecurityContextRunnable(delegate, securityContext)
+				: new DelegatingSecurityContextRunnable(delegate);
 	}
 
 }
diff --git a/core/src/main/java/org/springframework/security/core/SpringSecurityCoreVersion.java b/core/src/main/java/org/springframework/security/core/SpringSecurityCoreVersion.java
index 0fa679be95..d8c6fadf92 100644
--- a/core/src/main/java/org/springframework/security/core/SpringSecurityCoreVersion.java
+++ b/core/src/main/java/org/springframework/security/core/SpringSecurityCoreVersion.java
@@ -55,7 +55,7 @@ public final class SpringSecurityCoreVersion {
 
 	public static String getVersion() {
 		Package pkg = SpringSecurityCoreVersion.class.getPackage();
-		return (pkg != null ? pkg.getImplementationVersion() : null);
+		return (pkg != null) ? pkg.getImplementationVersion() : null;
 	}
 
 	/**
diff --git a/core/src/main/java/org/springframework/security/core/authority/mapping/SimpleAttributes2GrantedAuthoritiesMapper.java b/core/src/main/java/org/springframework/security/core/authority/mapping/SimpleAttributes2GrantedAuthoritiesMapper.java
index 770e0e6d8f..c07137bb8f 100755
--- a/core/src/main/java/org/springframework/security/core/authority/mapping/SimpleAttributes2GrantedAuthoritiesMapper.java
+++ b/core/src/main/java/org/springframework/security/core/authority/mapping/SimpleAttributes2GrantedAuthoritiesMapper.java
@@ -109,7 +109,7 @@ public class SimpleAttributes2GrantedAuthoritiesMapper
 	}
 
 	private String getAttributePrefix() {
-		return this.attributePrefix == null ? "" : this.attributePrefix;
+		return (this.attributePrefix != null) ? this.attributePrefix : "";
 	}
 
 	public void setAttributePrefix(String string) {
diff --git a/core/src/main/java/org/springframework/security/core/userdetails/MapReactiveUserDetailsService.java b/core/src/main/java/org/springframework/security/core/userdetails/MapReactiveUserDetailsService.java
index 6d543134bb..2b465afda5 100644
--- a/core/src/main/java/org/springframework/security/core/userdetails/MapReactiveUserDetailsService.java
+++ b/core/src/main/java/org/springframework/security/core/userdetails/MapReactiveUserDetailsService.java
@@ -67,7 +67,7 @@ public class MapReactiveUserDetailsService implements ReactiveUserDetailsService
 	public Mono<UserDetails> findByUsername(String username) {
 		String key = getKey(username);
 		UserDetails result = this.users.get(key);
-		return result == null ? Mono.empty() : Mono.just(User.withUserDetails(result).build());
+		return (result != null) ? Mono.just(User.withUserDetails(result).build()) : Mono.empty();
 	}
 
 	@Override
diff --git a/core/src/main/java/org/springframework/security/core/userdetails/cache/SpringCacheBasedUserCache.java b/core/src/main/java/org/springframework/security/core/userdetails/cache/SpringCacheBasedUserCache.java
index 6b4bdbdfd5..50f4b46464 100644
--- a/core/src/main/java/org/springframework/security/core/userdetails/cache/SpringCacheBasedUserCache.java
+++ b/core/src/main/java/org/springframework/security/core/userdetails/cache/SpringCacheBasedUserCache.java
@@ -43,7 +43,7 @@ public class SpringCacheBasedUserCache implements UserCache {
 
 	@Override
 	public UserDetails getUserFromCache(String username) {
-		Cache.ValueWrapper element = username != null ? this.cache.get(username) : null;
+		Cache.ValueWrapper element = (username != null) ? this.cache.get(username) : null;
 
 		if (logger.isDebugEnabled()) {
 			logger.debug("Cache hit: " + (element != null) + "; username: " + username);
diff --git a/core/src/main/java/org/springframework/security/util/SimpleMethodInvocation.java b/core/src/main/java/org/springframework/security/util/SimpleMethodInvocation.java
index 5a890f4dd9..37977d3881 100644
--- a/core/src/main/java/org/springframework/security/util/SimpleMethodInvocation.java
+++ b/core/src/main/java/org/springframework/security/util/SimpleMethodInvocation.java
@@ -37,7 +37,7 @@ public class SimpleMethodInvocation implements MethodInvocation {
 	public SimpleMethodInvocation(Object targetObject, Method method, Object... arguments) {
 		this.targetObject = targetObject;
 		this.method = method;
-		this.arguments = arguments == null ? new Object[0] : arguments;
+		this.arguments = (arguments != null) ? arguments : new Object[0];
 	}
 
 	public SimpleMethodInvocation() {
diff --git a/crypto/src/main/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoder.java b/crypto/src/main/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoder.java
index a60b2a89a7..43311f6f03 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoder.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoder.java
@@ -97,7 +97,7 @@ public class BCryptPasswordEncoder implements PasswordEncoder {
 			throw new IllegalArgumentException("Bad strength");
 		}
 		this.version = version;
-		this.strength = strength == -1 ? 10 : strength;
+		this.strength = (strength == -1) ? 10 : strength;
 		this.random = random;
 	}
 
diff --git a/crypto/src/main/java/org/springframework/security/crypto/codec/Base64.java b/crypto/src/main/java/org/springframework/security/crypto/codec/Base64.java
index 234882ceab..998b4df10e 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/codec/Base64.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/codec/Base64.java
@@ -333,9 +333,9 @@ public final class Base64 {
 		// significant bytes passed in the array.
 		// We have to shift left 24 in order to flush out the 1's that appear
 		// when Java treats a value as negative that is cast from a byte to an int.
-		int inBuff = (numSigBytes > 0 ? ((source[srcOffset] << 24) >>> 8) : 0)
-				| (numSigBytes > 1 ? ((source[srcOffset + 1] << 24) >>> 16) : 0)
-				| (numSigBytes > 2 ? ((source[srcOffset + 2] << 24) >>> 24) : 0);
+		int inBuff = ((numSigBytes > 0) ? ((source[srcOffset] << 24) >>> 8) : 0)
+				| ((numSigBytes > 1) ? ((source[srcOffset + 1] << 24) >>> 16) : 0)
+				| ((numSigBytes > 2) ? ((source[srcOffset + 2] << 24) >>> 24) : 0);
 
 		switch (numSigBytes) {
 		case 3:
@@ -404,8 +404,10 @@ public final class Base64 {
 		// Try to determine more precisely how big the array needs to be.
 		// If we get it right, we don't have to do an array copy, and
 		// we save a bunch of memory.
-		int encLen = (len / 3) * 4 + (len % 3 > 0 ? 4 : 0); // Bytes needed for actual
-															// encoding
+
+		// Bytes needed for actual encoding
+		int encLen = (len / 3) * 4 + ((len % 3 > 0) ? 4 : 0);
+
 		if (breakLines) {
 			encLen += encLen / MAX_LINE_LENGTH; // Plus extra newline characters
 		}
diff --git a/crypto/src/main/java/org/springframework/security/crypto/encrypt/AesBytesEncryptor.java b/crypto/src/main/java/org/springframework/security/crypto/encrypt/AesBytesEncryptor.java
index bf7506bddf..bed724b6af 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/encrypt/AesBytesEncryptor.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/encrypt/AesBytesEncryptor.java
@@ -71,7 +71,7 @@ public final class AesBytesEncryptor implements BytesEncryptor {
 		}
 
 		public AlgorithmParameterSpec getParameterSpec(byte[] iv) {
-			return this == CBC ? new IvParameterSpec(iv) : new GCMParameterSpec(128, iv);
+			return (this != CBC) ? new GCMParameterSpec(128, iv) : new IvParameterSpec(iv);
 		}
 
 		public Cipher createCipher() {
@@ -110,7 +110,7 @@ public final class AesBytesEncryptor implements BytesEncryptor {
 		this.alg = alg;
 		this.encryptor = alg.createCipher();
 		this.decryptor = alg.createCipher();
-		this.ivGenerator = ivGenerator != null ? ivGenerator : alg.defaultIvGenerator();
+		this.ivGenerator = (ivGenerator != null) ? ivGenerator : alg.defaultIvGenerator();
 	}
 
 	@Override
@@ -119,7 +119,7 @@ public final class AesBytesEncryptor implements BytesEncryptor {
 			byte[] iv = this.ivGenerator.generateKey();
 			CipherUtils.initCipher(this.encryptor, Cipher.ENCRYPT_MODE, this.secretKey, this.alg.getParameterSpec(iv));
 			byte[] encrypted = CipherUtils.doFinal(this.encryptor, bytes);
-			return this.ivGenerator != NULL_IV_GENERATOR ? EncodingUtils.concatenate(iv, encrypted) : encrypted;
+			return (this.ivGenerator != NULL_IV_GENERATOR) ? EncodingUtils.concatenate(iv, encrypted) : encrypted;
 		}
 	}
 
@@ -129,12 +129,12 @@ public final class AesBytesEncryptor implements BytesEncryptor {
 			byte[] iv = iv(encryptedBytes);
 			CipherUtils.initCipher(this.decryptor, Cipher.DECRYPT_MODE, this.secretKey, this.alg.getParameterSpec(iv));
 			return CipherUtils.doFinal(this.decryptor,
-					this.ivGenerator != NULL_IV_GENERATOR ? encrypted(encryptedBytes, iv.length) : encryptedBytes);
+					(this.ivGenerator != NULL_IV_GENERATOR) ? encrypted(encryptedBytes, iv.length) : encryptedBytes);
 		}
 	}
 
 	private byte[] iv(byte[] encrypted) {
-		return this.ivGenerator != NULL_IV_GENERATOR
+		return (this.ivGenerator != NULL_IV_GENERATOR)
 				? EncodingUtils.subArray(encrypted, 0, this.ivGenerator.getKeyLength())
 				: NULL_IV_GENERATOR.generateKey();
 	}
diff --git a/crypto/src/main/java/org/springframework/security/crypto/encrypt/BouncyCastleAesCbcBytesEncryptor.java b/crypto/src/main/java/org/springframework/security/crypto/encrypt/BouncyCastleAesCbcBytesEncryptor.java
index 26b0f310a5..84181d885b 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/encrypt/BouncyCastleAesCbcBytesEncryptor.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/encrypt/BouncyCastleAesCbcBytesEncryptor.java
@@ -54,7 +54,7 @@ public class BouncyCastleAesCbcBytesEncryptor extends BouncyCastleAesBytesEncryp
 				new CBCBlockCipher(new org.bouncycastle.crypto.engines.AESFastEngine()), new PKCS7Padding());
 		blockCipher.init(true, new ParametersWithIV(this.secretKey, iv));
 		byte[] encrypted = process(blockCipher, bytes);
-		return iv != null ? EncodingUtils.concatenate(iv, encrypted) : encrypted;
+		return (iv != null) ? EncodingUtils.concatenate(iv, encrypted) : encrypted;
 	}
 
 	@Override
diff --git a/crypto/src/main/java/org/springframework/security/crypto/encrypt/BouncyCastleAesGcmBytesEncryptor.java b/crypto/src/main/java/org/springframework/security/crypto/encrypt/BouncyCastleAesGcmBytesEncryptor.java
index b9d954691c..044d6a2a77 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/encrypt/BouncyCastleAesGcmBytesEncryptor.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/encrypt/BouncyCastleAesGcmBytesEncryptor.java
@@ -52,7 +52,7 @@ public class BouncyCastleAesGcmBytesEncryptor extends BouncyCastleAesBytesEncryp
 		blockCipher.init(true, new AEADParameters(this.secretKey, 128, iv, null));
 
 		byte[] encrypted = process(blockCipher, bytes);
-		return iv != null ? EncodingUtils.concatenate(iv, encrypted) : encrypted;
+		return (iv != null) ? EncodingUtils.concatenate(iv, encrypted) : encrypted;
 	}
 
 	@Override
diff --git a/crypto/src/main/java/org/springframework/security/crypto/password/LdapShaPasswordEncoder.java b/crypto/src/main/java/org/springframework/security/crypto/password/LdapShaPasswordEncoder.java
index 8e0a7ec7de..808e908c05 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/password/LdapShaPasswordEncoder.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/password/LdapShaPasswordEncoder.java
@@ -146,7 +146,7 @@ public class LdapShaPasswordEncoder implements PasswordEncoder {
 	 */
 	@Override
 	public boolean matches(CharSequence rawPassword, String encodedPassword) {
-		return matches(rawPassword == null ? null : rawPassword.toString(), encodedPassword);
+		return matches((rawPassword != null) ? rawPassword.toString() : null, encodedPassword);
 	}
 
 	private boolean matches(String rawPassword, String encodedPassword) {
diff --git a/etc/checkstyle/checkstyle-suppressions.xml b/etc/checkstyle/checkstyle-suppressions.xml
index 1a11e02cca..ec81d6574e 100644
--- a/etc/checkstyle/checkstyle-suppressions.xml
+++ b/etc/checkstyle/checkstyle-suppressions.xml
@@ -3,7 +3,6 @@
 		"-//Checkstyle//DTD SuppressionFilter Configuration 1.2//EN"
 		"https://checkstyle.org/dtds/suppressions_1_2.dtd">
 <suppressions>
-	<suppress files=".*" checks="SpringTernary" />
 	<suppress files=".*" checks="WhitespaceAfter" />
 	<suppress files=".*" checks="WhitespaceAround" />
 	<suppress files=".*" checks="JavadocMethod" />
diff --git a/itest/context/src/integration-test/java/org/springframework/security/performance/FilterChainPerformanceTests.java b/itest/context/src/integration-test/java/org/springframework/security/performance/FilterChainPerformanceTests.java
index 782668e307..eb0f760253 100644
--- a/itest/context/src/integration-test/java/org/springframework/security/performance/FilterChainPerformanceTests.java
+++ b/itest/context/src/integration-test/java/org/springframework/security/performance/FilterChainPerformanceTests.java
@@ -128,7 +128,7 @@ public class FilterChainPerformanceTests {
 	public void provideDataOnScalingWithNumberOfAuthoritiesUserHas() throws Exception {
 		StopWatch sw = new StopWatch("Scaling with nAuthorities");
 		for (int user = 0; user < N_AUTHORITIES / 10; user++) {
-			int nAuthorities = user == 0 ? 1 : user * 10;
+			int nAuthorities = (user != 0) ? user * 10 : 1;
 			SecurityContextHolder.getContext().setAuthentication(
 					new UsernamePasswordAuthenticationToken("bob", "bobspassword", createRoles(nAuthorities)));
 			this.session.setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY,
diff --git a/ldap/src/main/java/org/springframework/security/ldap/SpringSecurityLdapTemplate.java b/ldap/src/main/java/org/springframework/security/ldap/SpringSecurityLdapTemplate.java
index 7c21ead437..ce0b69e61b 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/SpringSecurityLdapTemplate.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/SpringSecurityLdapTemplate.java
@@ -214,7 +214,7 @@ public class SpringSecurityLdapTemplate extends LdapTemplate {
 
 		SearchControls ctls = new SearchControls();
 		ctls.setSearchScope(this.searchControls.getSearchScope());
-		ctls.setReturningAttributes(attributeNames != null && attributeNames.length > 0 ? attributeNames : null);
+		ctls.setReturningAttributes((attributeNames != null && attributeNames.length > 0) ? attributeNames : null);
 
 		search(base, formattedFilter, ctls, roleMapper);
 
diff --git a/ldap/src/main/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProvider.java b/ldap/src/main/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProvider.java
index f8d658ff4c..40b82b5d01 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProvider.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProvider.java
@@ -153,7 +153,7 @@ public final class ActiveDirectoryLdapAuthenticationProvider extends AbstractLda
 		Assert.isTrue(StringUtils.hasText(url), "Url cannot be empty");
 		this.domain = StringUtils.hasText(domain) ? domain.toLowerCase() : null;
 		this.url = url;
-		this.rootDn = this.domain == null ? null : rootDnFromDomain(this.domain);
+		this.rootDn = (this.domain != null) ? rootDnFromDomain(this.domain) : null;
 	}
 
 	@Override
@@ -336,7 +336,7 @@ public final class ActiveDirectoryLdapAuthenticationProvider extends AbstractLda
 		searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE);
 
 		String bindPrincipal = createBindPrincipal(username);
-		String searchRoot = this.rootDn != null ? this.rootDn : searchRootFromPrincipal(bindPrincipal);
+		String searchRoot = (this.rootDn != null) ? this.rootDn : searchRootFromPrincipal(bindPrincipal);
 
 		try {
 			return SpringSecurityLdapTemplate.searchForSingleEntryInternal(context, searchControls, searchRoot,
diff --git a/ldap/src/main/java/org/springframework/security/ldap/search/FilterBasedLdapUserSearch.java b/ldap/src/main/java/org/springframework/security/ldap/search/FilterBasedLdapUserSearch.java
index 22bb16229d..6475ae7546 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/search/FilterBasedLdapUserSearch.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/search/FilterBasedLdapUserSearch.java
@@ -165,7 +165,7 @@ public class FilterBasedLdapUserSearch implements LdapUserSearch {
 		sb.append("[ searchFilter: '").append(this.searchFilter).append("', ");
 		sb.append("searchBase: '").append(this.searchBase).append("'");
 		sb.append(", scope: ").append(
-				this.searchControls.getSearchScope() == SearchControls.SUBTREE_SCOPE ? "subtree" : "single-level, ");
+				(this.searchControls.getSearchScope() != SearchControls.SUBTREE_SCOPE) ? "single-level, " : "subtree");
 		sb.append(", searchTimeLimit: ").append(this.searchControls.getTimeLimit());
 		sb.append(", derefLinkFlag: ").append(this.searchControls.getDerefLinkFlag()).append(" ]");
 		return sb.toString();
diff --git a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapAuthority.java b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapAuthority.java
index a78c1ef47c..e60b6c8f2c 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapAuthority.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapAuthority.java
@@ -140,7 +140,7 @@ public class LdapAuthority implements GrantedAuthority {
 	@Override
 	public int hashCode() {
 		int result = this.dn.hashCode();
-		result = 31 * result + (this.role != null ? this.role.hashCode() : 0);
+		result = 31 * result + ((this.role != null) ? this.role.hashCode() : 0);
 		return result;
 	}
 
diff --git a/ldap/src/main/java/org/springframework/security/ldap/userdetails/NestedLdapAuthoritiesPopulator.java b/ldap/src/main/java/org/springframework/security/ldap/userdetails/NestedLdapAuthoritiesPopulator.java
index 8fc0a4c76e..0507597bf0 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/userdetails/NestedLdapAuthoritiesPopulator.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/userdetails/NestedLdapAuthoritiesPopulator.java
@@ -216,7 +216,7 @@ public class NestedLdapAuthoritiesPopulator extends DefaultLdapAuthoritiesPopula
 				// this prevents a forever loop for a misconfigured ldap directory
 				circular = circular | (!authorities.add(new LdapAuthority(role, dn, record)));
 			}
-			String roleName = roles.size() > 0 ? roles.iterator().next() : dn;
+			String roleName = (roles.size() > 0) ? roles.iterator().next() : dn;
 			if (!circular) {
 				performNestedSearch(dn, roleName, authorities, (depth - 1));
 			}
diff --git a/messaging/src/main/java/org/springframework/security/messaging/handler/invocation/reactive/AuthenticationPrincipalArgumentResolver.java b/messaging/src/main/java/org/springframework/security/messaging/handler/invocation/reactive/AuthenticationPrincipalArgumentResolver.java
index 4f5b14bd5a..237b79cc13 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/handler/invocation/reactive/AuthenticationPrincipalArgumentResolver.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/handler/invocation/reactive/AuthenticationPrincipalArgumentResolver.java
@@ -128,7 +128,7 @@ public class AuthenticationPrincipalArgumentResolver implements HandlerMethodArg
 		return ReactiveSecurityContextHolder.getContext().map(SecurityContext::getAuthentication).flatMap((a) -> {
 			Object p = resolvePrincipal(parameter, a.getPrincipal());
 			Mono<Object> principal = Mono.justOrEmpty(p);
-			return adapter == null ? principal : Mono.just(adapter.fromPublisher(principal));
+			return (adapter != null) ? Mono.just(adapter.fromPublisher(principal)) : principal;
 		});
 	}
 
diff --git a/messaging/src/main/java/org/springframework/security/messaging/handler/invocation/reactive/CurrentSecurityContextArgumentResolver.java b/messaging/src/main/java/org/springframework/security/messaging/handler/invocation/reactive/CurrentSecurityContextArgumentResolver.java
index 21165e9363..4b835e3f97 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/handler/invocation/reactive/CurrentSecurityContextArgumentResolver.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/handler/invocation/reactive/CurrentSecurityContextArgumentResolver.java
@@ -127,7 +127,7 @@ public class CurrentSecurityContextArgumentResolver implements HandlerMethodArgu
 		return ReactiveSecurityContextHolder.getContext().flatMap((securityContext) -> {
 			Object sc = resolveSecurityContext(parameter, securityContext);
 			Mono<Object> result = Mono.justOrEmpty(sc);
-			return adapter == null ? result : Mono.just(adapter.fromPublisher(result));
+			return (adapter != null) ? Mono.just(adapter.fromPublisher(result)) : result;
 		});
 	}
 
diff --git a/messaging/src/main/java/org/springframework/security/messaging/util/matcher/SimpDestinationMessageMatcher.java b/messaging/src/main/java/org/springframework/security/messaging/util/matcher/SimpDestinationMessageMatcher.java
index 12aea1f659..39a52b3beb 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/util/matcher/SimpDestinationMessageMatcher.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/util/matcher/SimpDestinationMessageMatcher.java
@@ -113,7 +113,7 @@ public final class SimpDestinationMessageMatcher implements MessageMatcher<Objec
 		}
 
 		this.matcher = pathMatcher;
-		this.messageTypeMatcher = type == null ? ANY_MESSAGE : new SimpMessageTypeMatcher(type);
+		this.messageTypeMatcher = (type != null) ? new SimpMessageTypeMatcher(type) : ANY_MESSAGE;
 		this.pattern = pattern;
 	}
 
@@ -129,7 +129,7 @@ public final class SimpDestinationMessageMatcher implements MessageMatcher<Objec
 
 	public Map<String, String> extractPathVariables(Message<?> message) {
 		final String destination = SimpMessageHeaderAccessor.getDestination(message.getHeaders());
-		return destination != null ? this.matcher.extractUriTemplateVariables(this.pattern, destination)
+		return (destination != null) ? this.matcher.extractUriTemplateVariables(this.pattern, destination)
 				: Collections.emptyMap();
 	}
 
diff --git a/messaging/src/main/java/org/springframework/security/messaging/web/csrf/CsrfChannelInterceptor.java b/messaging/src/main/java/org/springframework/security/messaging/web/csrf/CsrfChannelInterceptor.java
index 9fc3169b81..e9b26e7f2f 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/web/csrf/CsrfChannelInterceptor.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/web/csrf/CsrfChannelInterceptor.java
@@ -48,8 +48,8 @@ public final class CsrfChannelInterceptor extends ChannelInterceptorAdapter {
 		}
 
 		Map<String, Object> sessionAttributes = SimpMessageHeaderAccessor.getSessionAttributes(message.getHeaders());
-		CsrfToken expectedToken = sessionAttributes == null ? null
-				: (CsrfToken) sessionAttributes.get(CsrfToken.class.getName());
+		CsrfToken expectedToken = (sessionAttributes != null)
+				? (CsrfToken) sessionAttributes.get(CsrfToken.class.getName()) : null;
 
 		if (expectedToken == null) {
 			throw new MissingCsrfTokenException(null);
diff --git a/messaging/src/test/java/org/springframework/security/messaging/handler/invocation/ResolvableMethod.java b/messaging/src/test/java/org/springframework/security/messaging/handler/invocation/ResolvableMethod.java
index 2dde084f5d..a22a63ee0a 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/handler/invocation/ResolvableMethod.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/handler/invocation/ResolvableMethod.java
@@ -220,10 +220,10 @@ public final class ResolvableMethod {
 
 	private String formatParameter(Parameter param) {
 		Annotation[] anns = param.getAnnotations();
-		return (anns.length > 0
+		return (anns.length > 0)
 				? Arrays.stream(anns).map(this::formatAnnotation).collect(Collectors.joining(",", "[", "]")) + " "
 						+ param
-				: param.toString());
+				: param.toString();
 	}
 
 	private String formatAnnotation(Annotation annotation) {
@@ -591,9 +591,9 @@ public final class ResolvableMethod {
 		 */
 		@SafeVarargs
 		public final ArgResolver annotNotPresent(Class<? extends Annotation>... annotationTypes) {
-			this.filters.add((param) -> (annotationTypes.length > 0
+			this.filters.add((param) -> (annotationTypes.length > 0)
 					? Arrays.stream(annotationTypes).noneMatch(param::hasParameterAnnotation)
-					: param.getParameterAnnotations().length == 0));
+					: param.getParameterAnnotations().length == 0);
 			return this;
 		}
 
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationToken.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationToken.java
index 574b0b4900..9d5fe681b6 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationToken.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationToken.java
@@ -114,7 +114,7 @@ public class OAuth2AuthorizationCodeAuthenticationToken extends AbstractAuthenti
 
 	@Override
 	public Object getCredentials() {
-		return this.accessToken != null ? this.accessToken.getTokenValue()
+		return (this.accessToken != null) ? this.accessToken.getTokenValue()
 				: this.authorizationExchange.getAuthorizationResponse().getCode();
 	}
 
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/NimbusAuthorizationCodeTokenResponseClient.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/NimbusAuthorizationCodeTokenResponseClient.java
index c4ae9d881b..83c38dbe43 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/NimbusAuthorizationCodeTokenResponseClient.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/NimbusAuthorizationCodeTokenResponseClient.java
@@ -128,9 +128,9 @@ public class NimbusAuthorizationCodeTokenResponseClient
 			}
 			else {
 				oauth2Error = new OAuth2Error(
-						errorObject.getCode() != null ? errorObject.getCode() : OAuth2ErrorCodes.SERVER_ERROR,
+						(errorObject.getCode() != null) ? errorObject.getCode() : OAuth2ErrorCodes.SERVER_ERROR,
 						errorObject.getDescription(),
-						errorObject.getURI() != null ? errorObject.getURI().toString() : null);
+						(errorObject.getURI() != null) ? errorObject.getURI().toString() : null);
 			}
 			throw new OAuth2AuthorizationException(oauth2Error);
 		}
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2RefreshTokenGrantRequest.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2RefreshTokenGrantRequest.java
index c24defbdb3..5bb5d12758 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2RefreshTokenGrantRequest.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2RefreshTokenGrantRequest.java
@@ -75,7 +75,7 @@ public class OAuth2RefreshTokenGrantRequest extends AbstractOAuth2AuthorizationG
 		this.accessToken = accessToken;
 		this.refreshToken = refreshToken;
 		this.scopes = Collections
-				.unmodifiableSet(scopes != null ? new LinkedHashSet<>(scopes) : Collections.emptySet());
+				.unmodifiableSet((scopes != null) ? new LinkedHashSet<>(scopes) : Collections.emptySet());
 	}
 
 	/**
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/http/OAuth2ErrorResponseErrorHandler.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/http/OAuth2ErrorResponseErrorHandler.java
index 1b5135a56f..95464eeb74 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/http/OAuth2ErrorResponseErrorHandler.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/http/OAuth2ErrorResponseErrorHandler.java
@@ -80,10 +80,10 @@ public class OAuth2ErrorResponseErrorHandler implements ResponseErrorHandler {
 			return null;
 		}
 
-		String errorCode = bearerTokenError.getCode() != null ? bearerTokenError.getCode()
+		String errorCode = (bearerTokenError.getCode() != null) ? bearerTokenError.getCode()
 				: OAuth2ErrorCodes.SERVER_ERROR;
 		String errorDescription = bearerTokenError.getDescription();
-		String errorUri = bearerTokenError.getURI() != null ? bearerTokenError.getURI().toString() : null;
+		String errorUri = (bearerTokenError.getURI() != null) ? bearerTokenError.getURI().toString() : null;
 
 		return new OAuth2Error(errorCode, errorDescription, errorUri);
 	}
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcReactiveOAuth2UserService.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcReactiveOAuth2UserService.java
index eb8f0a0fae..fced8acd0a 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcReactiveOAuth2UserService.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcReactiveOAuth2UserService.java
@@ -138,7 +138,7 @@ public class OidcReactiveOAuth2UserService implements ReactiveOAuth2UserService<
 	private Map<String, Object> convertClaims(Map<String, Object> claims, ClientRegistration clientRegistration) {
 		Converter<Map<String, Object>, Map<String, Object>> claimTypeConverter = this.claimTypeConverterFactory
 				.apply(clientRegistration);
-		return claimTypeConverter != null ? claimTypeConverter.convert(claims)
+		return (claimTypeConverter != null) ? claimTypeConverter.convert(claims)
 				: DEFAULT_CLAIM_TYPE_CONVERTER.convert(claims);
 	}
 
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistration.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistration.java
index 584e44a896..353049076a 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistration.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistration.java
@@ -368,7 +368,7 @@ public final class ClientRegistration implements Serializable {
 			this.clientAuthenticationMethod = clientRegistration.clientAuthenticationMethod;
 			this.authorizationGrantType = clientRegistration.authorizationGrantType;
 			this.redirectUri = clientRegistration.redirectUri;
-			this.scopes = clientRegistration.scopes == null ? null : new HashSet<>(clientRegistration.scopes);
+			this.scopes = (clientRegistration.scopes != null) ? new HashSet<>(clientRegistration.scopes) : null;
 			this.authorizationUri = clientRegistration.providerDetails.authorizationUri;
 			this.tokenUri = clientRegistration.providerDetails.tokenUri;
 			this.userInfoUri = clientRegistration.providerDetails.userInfoEndpoint.uri;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolver.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolver.java
index 167455f05c..a333239355 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolver.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolver.java
@@ -224,22 +224,22 @@ public final class DefaultOAuth2AuthorizationRequestResolver implements OAuth2Au
 		UriComponents uriComponents = UriComponentsBuilder.fromHttpUrl(UrlUtils.buildFullRequestUrl(request))
 				.replacePath(request.getContextPath()).replaceQuery(null).fragment(null).build();
 		String scheme = uriComponents.getScheme();
-		uriVariables.put("baseScheme", scheme == null ? "" : scheme);
+		uriVariables.put("baseScheme", (scheme != null) ? scheme : "");
 		String host = uriComponents.getHost();
-		uriVariables.put("baseHost", host == null ? "" : host);
+		uriVariables.put("baseHost", (host != null) ? host : "");
 		// following logic is based on HierarchicalUriComponents#toUriString()
 		int port = uriComponents.getPort();
-		uriVariables.put("basePort", port == -1 ? "" : ":" + port);
+		uriVariables.put("basePort", (port == -1) ? "" : ":" + port);
 		String path = uriComponents.getPath();
 		if (StringUtils.hasLength(path)) {
 			if (path.charAt(0) != PATH_DELIMITER) {
 				path = PATH_DELIMITER + path;
 			}
 		}
-		uriVariables.put("basePath", path == null ? "" : path);
+		uriVariables.put("basePath", (path != null) ? path : "");
 		uriVariables.put("baseUrl", uriComponents.toUriString());
 
-		uriVariables.put("action", action == null ? "" : action);
+		uriVariables.put("action", (action != null) ? action : "");
 
 		return UriComponentsBuilder.fromUriString(clientRegistration.getRedirectUri()).buildAndExpand(uriVariables)
 				.toUriString();
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultReactiveOAuth2AuthorizedClientManager.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultReactiveOAuth2AuthorizedClientManager.java
index c1970512ff..7ee459ad6a 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultReactiveOAuth2AuthorizedClientManager.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultReactiveOAuth2AuthorizedClientManager.java
@@ -151,7 +151,7 @@ public final class DefaultReactiveOAuth2AuthorizedClientManager implements React
 								(authorizationContext) -> authorize(authorizationContext, principal, serverWebExchange))
 								// Default to the existing authorizedClient if the
 								// client was not re-authorized
-								.defaultIfEmpty(authorizeRequest.getAuthorizedClient() != null
+								.defaultIfEmpty((authorizeRequest.getAuthorizedClient() != null)
 										? authorizeRequest.getAuthorizedClient() : authorizedClient))
 						.switchIfEmpty(Mono.defer(() ->
 						// Authorize
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizationRequestRepository.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizationRequestRepository.java
index 3a19443be0..df26460b4c 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizationRequestRepository.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizationRequestRepository.java
@@ -115,8 +115,8 @@ public final class HttpSessionOAuth2AuthorizationRequestRepository
 	 */
 	private Map<String, OAuth2AuthorizationRequest> getAuthorizationRequests(HttpServletRequest request) {
 		HttpSession session = request.getSession(false);
-		Map<String, OAuth2AuthorizationRequest> authorizationRequests = session == null ? null
-				: (Map<String, OAuth2AuthorizationRequest>) session.getAttribute(this.sessionAttributeName);
+		Map<String, OAuth2AuthorizationRequest> authorizationRequests = (session != null)
+				? (Map<String, OAuth2AuthorizationRequest>) session.getAttribute(this.sessionAttributeName) : null;
 		if (authorizationRequests == null) {
 			return new HashMap<>();
 		}
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizedClientRepository.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizedClientRepository.java
index 67d22bff29..e0b65a6398 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizedClientRepository.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizedClientRepository.java
@@ -84,8 +84,8 @@ public final class HttpSessionOAuth2AuthorizedClientRepository implements OAuth2
 	@SuppressWarnings("unchecked")
 	private Map<String, OAuth2AuthorizedClient> getAuthorizedClients(HttpServletRequest request) {
 		HttpSession session = request.getSession(false);
-		Map<String, OAuth2AuthorizedClient> authorizedClients = session == null ? null
-				: (Map<String, OAuth2AuthorizedClient>) session.getAttribute(this.sessionAttributeName);
+		Map<String, OAuth2AuthorizedClient> authorizedClients = (session != null)
+				? (Map<String, OAuth2AuthorizedClient>) session.getAttribute(this.sessionAttributeName) : null;
 		if (authorizedClients == null) {
 			authorizedClients = new HashMap<>();
 		}
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilter.java
index df524e71a8..f86c761178 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilter.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilter.java
@@ -244,7 +244,7 @@ public class OAuth2AuthorizationCodeGrantFilter extends OncePerRequestFilter {
 		}
 
 		Authentication currentAuthentication = SecurityContextHolder.getContext().getAuthentication();
-		String principalName = currentAuthentication != null ? currentAuthentication.getName() : "anonymousUser";
+		String principalName = (currentAuthentication != null) ? currentAuthentication.getName() : "anonymousUser";
 
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(
 				authenticationResult.getClientRegistration(), principalName, authenticationResult.getAccessToken(),
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunction.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunction.java
index b4a8fd8c6e..6e9b5f09f4 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunction.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunction.java
@@ -572,7 +572,7 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements
 							.build()).flatMap((authorizationContext) -> authorize(authorizationContext, principal))
 							// Default to the existing authorizedClient if the client
 							// was not re-authorized
-							.defaultIfEmpty(authorizeRequest.getAuthorizedClient() != null
+							.defaultIfEmpty((authorizeRequest.getAuthorizedClient() != null)
 									? authorizeRequest.getAuthorizedClient() : authorizedClient))
 					.switchIfEmpty(Mono.defer(() ->
 					// Authorize
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolver.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolver.java
index b8d725a59e..af0df46d5c 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolver.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolver.java
@@ -217,19 +217,19 @@ public class DefaultServerOAuth2AuthorizationRequestResolver implements ServerOA
 		UriComponents uriComponents = UriComponentsBuilder.fromUri(request.getURI())
 				.replacePath(request.getPath().contextPath().value()).replaceQuery(null).fragment(null).build();
 		String scheme = uriComponents.getScheme();
-		uriVariables.put("baseScheme", scheme == null ? "" : scheme);
+		uriVariables.put("baseScheme", (scheme != null) ? scheme : "");
 		String host = uriComponents.getHost();
-		uriVariables.put("baseHost", host == null ? "" : host);
+		uriVariables.put("baseHost", (host != null) ? host : "");
 		// following logic is based on HierarchicalUriComponents#toUriString()
 		int port = uriComponents.getPort();
-		uriVariables.put("basePort", port == -1 ? "" : ":" + port);
+		uriVariables.put("basePort", (port == -1) ? "" : ":" + port);
 		String path = uriComponents.getPath();
 		if (StringUtils.hasLength(path)) {
 			if (path.charAt(0) != PATH_DELIMITER) {
 				path = PATH_DELIMITER + path;
 			}
 		}
-		uriVariables.put("basePath", path == null ? "" : path);
+		uriVariables.put("basePath", (path != null) ? path : "");
 		uriVariables.put("baseUrl", uriComponents.toUriString());
 
 		String action = "";
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/WebSessionServerOAuth2AuthorizedClientRepository.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/WebSessionServerOAuth2AuthorizedClientRepository.java
index ab410f866f..040419a076 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/WebSessionServerOAuth2AuthorizedClientRepository.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/WebSessionServerOAuth2AuthorizedClientRepository.java
@@ -85,8 +85,8 @@ public final class WebSessionServerOAuth2AuthorizedClientRepository implements S
 
 	@SuppressWarnings("unchecked")
 	private Map<String, OAuth2AuthorizedClient> getAuthorizedClients(WebSession session) {
-		Map<String, OAuth2AuthorizedClient> authorizedClients = session == null ? null
-				: (Map<String, OAuth2AuthorizedClient>) session.getAttribute(this.sessionAttributeName);
+		Map<String, OAuth2AuthorizedClient> authorizedClients = (session != null)
+				? (Map<String, OAuth2AuthorizedClient>) session.getAttribute(this.sessionAttributeName) : null;
 		if (authorizedClients == null) {
 			authorizedClients = new HashMap<>();
 		}
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationExceptionMixinTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationExceptionMixinTests.java
index 539c46feed..6bfcc4f2a9 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationExceptionMixinTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationExceptionMixinTests.java
@@ -129,7 +129,7 @@ public class OAuth2AuthenticationExceptionMixinTests {
 	}
 
 	private String jsonStringOrNull(String input) {
-		return input != null ? "\"" + input + "\"" : "null";
+		return (input != null) ? "\"" + input + "\"" : "null";
 	}
 
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationTokenMixinTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationTokenMixinTests.java
index 42c4c66a25..6e7583df26 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationTokenMixinTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationTokenMixinTests.java
@@ -169,7 +169,7 @@ public class OAuth2AuthenticationTokenMixinTests {
 	}
 
 	private static String asJson(OAuth2AuthenticationToken authentication) {
-		String principalJson = authentication.getPrincipal() instanceof DefaultOidcUser
+		String principalJson = (authentication.getPrincipal() instanceof DefaultOidcUser)
 				? asJson((DefaultOidcUser) authentication.getPrincipal())
 				: asJson((DefaultOAuth2User) authentication.getPrincipal());
 		// @formatter:off
@@ -224,8 +224,8 @@ public class OAuth2AuthenticationTokenMixinTests {
 				simpleAuthorities.add((SimpleGrantedAuthority) authority);
 			}
 		}
-		String authoritiesJson = oidcUserAuthority != null ? asJson(oidcUserAuthority)
-				: oauth2UserAuthority != null ? asJson(oauth2UserAuthority) : "";
+		String authoritiesJson = (oidcUserAuthority != null) ? asJson(oidcUserAuthority)
+				: (oauth2UserAuthority != null) ? asJson(oauth2UserAuthority) : "";
 		if (!simpleAuthorities.isEmpty()) {
 			if (!StringUtils.isEmpty(authoritiesJson)) {
 				authoritiesJson += ",";
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizationRequestMixinTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizationRequestMixinTests.java
index e7e3bd7919..326a56c3fa 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizationRequestMixinTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizationRequestMixinTests.java
@@ -165,7 +165,7 @@ public class OAuth2AuthorizationRequestMixinTests {
 				"    \"java.util.Collections$UnmodifiableSet\",\n" +
 				"    [" + scopes + "]\n" +
 				"  ],\n" +
-				"  \"state\": " + (authorizationRequest.getState() != null ? "\"" + authorizationRequest.getState() + "\"" : "null") + ",\n" +
+				"  \"state\": " + ((authorizationRequest.getState() != null) ? "\"" + authorizationRequest.getState() + "\"" : "null") + ",\n" +
 				"  \"additionalParameters\": {\n" +
 				"    " + additionalParameters + "\n" +
 				"  },\n" +
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizedClientMixinTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizedClientMixinTests.java
index 1fe9558934..b829abc651 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizedClientMixinTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizedClientMixinTests.java
@@ -241,14 +241,14 @@ public class OAuth2AuthorizedClientMixinTests {
 				"      \"tokenUri\": \"" + providerDetails.getTokenUri() + "\",\n" +
 				"      \"userInfoEndpoint\": {\n" +
 				"        \"@class\": \"org.springframework.security.oauth2.client.registration.ClientRegistration$ProviderDetails$UserInfoEndpoint\",\n" +
-				"        \"uri\": " + (userInfoEndpoint.getUri() != null ? "\"" + userInfoEndpoint.getUri() + "\"" : null) + ",\n" +
+				"        \"uri\": " + ((userInfoEndpoint.getUri() != null) ? "\"" + userInfoEndpoint.getUri() + "\"" : null) + ",\n" +
 				"        \"authenticationMethod\": {\n" +
 				"          \"value\": \"" + userInfoEndpoint.getAuthenticationMethod().getValue() + "\"\n" +
 				"        },\n" +
-				"        \"userNameAttributeName\": " + (userInfoEndpoint.getUserNameAttributeName() != null ? "\"" + userInfoEndpoint.getUserNameAttributeName() + "\"" : null) + "\n" +
+				"        \"userNameAttributeName\": " + ((userInfoEndpoint.getUserNameAttributeName() != null) ? "\"" + userInfoEndpoint.getUserNameAttributeName() + "\"" : null) + "\n" +
 				"      },\n" +
-				"      \"jwkSetUri\": " + (providerDetails.getJwkSetUri() != null ? "\"" + providerDetails.getJwkSetUri() + "\"" : null) + ",\n" +
-				"      \"issuerUri\": " + (providerDetails.getIssuerUri() != null ? "\"" + providerDetails.getIssuerUri() + "\"" : null) + ",\n" +
+				"      \"jwkSetUri\": " + ((providerDetails.getJwkSetUri() != null) ? "\"" + providerDetails.getJwkSetUri() + "\"" : null) + ",\n" +
+				"      \"issuerUri\": " + ((providerDetails.getIssuerUri() != null) ? "\"" + providerDetails.getIssuerUri() + "\"" : null) + ",\n" +
 				"      \"configurationMetadata\": {\n" +
 				"        " + configurationMetadata + "\n" +
 				"      }\n" +
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationsTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationsTests.java
index ee51e2cf1d..61dc4e954a 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationsTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationsTests.java
@@ -393,7 +393,7 @@ public class ClientRegistrationsTests {
 		this.issuer = createIssuerFromServer(path);
 		this.response.put("issuer", this.issuer);
 		this.issuer = this.server.url(path).toString();
-		final String responseBody = body != null ? body : this.mapper.writeValueAsString(this.response);
+		final String responseBody = (body != null) ? body : this.mapper.writeValueAsString(this.response);
 
 		final Dispatcher dispatcher = new Dispatcher() {
 			@Override
@@ -429,7 +429,7 @@ public class ClientRegistrationsTests {
 		this.issuer = createIssuerFromServer(path);
 		this.response.put("issuer", this.issuer);
 
-		String responseBody = body != null ? body : this.mapper.writeValueAsString(this.response);
+		String responseBody = (body != null) ? body : this.mapper.writeValueAsString(this.response);
 
 		final Dispatcher dispatcher = new Dispatcher() {
 			@Override
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/result/method/annotation/OAuth2AuthorizedClientArgumentResolverTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/result/method/annotation/OAuth2AuthorizedClientArgumentResolverTests.java
index 577aca3bb7..f92100222f 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/result/method/annotation/OAuth2AuthorizedClientArgumentResolverTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/result/method/annotation/OAuth2AuthorizedClientArgumentResolverTests.java
@@ -175,8 +175,8 @@ public class OAuth2AuthorizedClientArgumentResolverTests {
 
 	private Object resolveArgument(MethodParameter methodParameter) {
 		return this.argumentResolver.resolveArgument(methodParameter, null, null)
-				.subscriberContext(this.authentication == null ? Context.empty()
-						: ReactiveSecurityContextHolder.withAuthentication(this.authentication))
+				.subscriberContext((this.authentication != null)
+						? ReactiveSecurityContextHolder.withAuthentication(this.authentication) : Context.empty())
 				.subscriberContext(serverWebExchange()).block();
 	}
 
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/AbstractOAuth2Token.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/AbstractOAuth2Token.java
index 2b00d4a00b..1d4e1daf0d 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/AbstractOAuth2Token.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/AbstractOAuth2Token.java
@@ -98,23 +98,24 @@ public abstract class AbstractOAuth2Token implements Serializable {
 			return false;
 		}
 
-		AbstractOAuth2Token that = (AbstractOAuth2Token) obj;
+		AbstractOAuth2Token other = (AbstractOAuth2Token) obj;
 
-		if (!this.getTokenValue().equals(that.getTokenValue())) {
+		if (!this.getTokenValue().equals(other.getTokenValue())) {
 			return false;
 		}
-		if (this.getIssuedAt() != null ? !this.getIssuedAt().equals(that.getIssuedAt()) : that.getIssuedAt() != null) {
+		if ((this.getIssuedAt() != null) ? !this.getIssuedAt().equals(other.getIssuedAt())
+				: other.getIssuedAt() != null) {
 			return false;
 		}
-		return this.getExpiresAt() != null ? this.getExpiresAt().equals(that.getExpiresAt())
-				: that.getExpiresAt() == null;
+		return (this.getExpiresAt() != null) ? this.getExpiresAt().equals(other.getExpiresAt())
+				: other.getExpiresAt() == null;
 	}
 
 	@Override
 	public int hashCode() {
 		int result = this.getTokenValue().hashCode();
-		result = 31 * result + (this.getIssuedAt() != null ? this.getIssuedAt().hashCode() : 0);
-		result = 31 * result + (this.getExpiresAt() != null ? this.getExpiresAt().hashCode() : 0);
+		result = 31 * result + ((this.getIssuedAt() != null) ? this.getIssuedAt().hashCode() : 0);
+		result = 31 * result + ((this.getExpiresAt() != null) ? this.getExpiresAt().hashCode() : 0);
 		return result;
 	}
 
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/DefaultOAuth2AuthenticatedPrincipal.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/DefaultOAuth2AuthenticatedPrincipal.java
index 7107109323..e537ad953d 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/DefaultOAuth2AuthenticatedPrincipal.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/DefaultOAuth2AuthenticatedPrincipal.java
@@ -64,9 +64,9 @@ public final class DefaultOAuth2AuthenticatedPrincipal implements OAuth2Authenti
 
 		Assert.notEmpty(attributes, "attributes cannot be empty");
 		this.attributes = Collections.unmodifiableMap(attributes);
-		this.authorities = authorities == null ? AuthorityUtils.NO_AUTHORITIES
-				: Collections.unmodifiableCollection(authorities);
-		this.name = name == null ? (String) this.attributes.get("sub") : name;
+		this.authorities = (authorities != null) ? Collections.unmodifiableCollection(authorities)
+				: AuthorityUtils.NO_AUTHORITIES;
+		this.name = (name != null) ? name : (String) this.attributes.get("sub");
 	}
 
 	/**
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2AccessToken.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2AccessToken.java
index 0c27e45de5..8ec26b6023 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2AccessToken.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2AccessToken.java
@@ -71,7 +71,7 @@ public class OAuth2AccessToken extends AbstractOAuth2Token {
 		super(tokenValue, issuedAt, expiresAt);
 		Assert.notNull(tokenType, "tokenType cannot be null");
 		this.tokenType = tokenType;
-		this.scopes = Collections.unmodifiableSet(scopes != null ? scopes : Collections.emptySet());
+		this.scopes = Collections.unmodifiableSet((scopes != null) ? scopes : Collections.emptySet());
 	}
 
 	/**
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2Error.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2Error.java
index 8a7d04c2b6..f1816b723d 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2Error.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2Error.java
@@ -93,7 +93,7 @@ public class OAuth2Error implements Serializable {
 
 	@Override
 	public String toString() {
-		return "[" + this.getErrorCode() + "] " + (this.getDescription() != null ? this.getDescription() : "");
+		return "[" + this.getErrorCode() + "] " + ((this.getDescription() != null) ? this.getDescription() : "");
 	}
 
 }
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ObjectToStringConverter.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ObjectToStringConverter.java
index f816dc9ad4..a82e0341b3 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ObjectToStringConverter.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ObjectToStringConverter.java
@@ -35,7 +35,7 @@ final class ObjectToStringConverter implements GenericConverter {
 
 	@Override
 	public Object convert(Object source, TypeDescriptor sourceType, TypeDescriptor targetType) {
-		return source == null ? null : source.toString();
+		return (source != null) ? source.toString() : null;
 	}
 
 }
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponse.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponse.java
index 9c2a65ace8..6d5197350a 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponse.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponse.java
@@ -120,7 +120,8 @@ public final class OAuth2AccessTokenResponse {
 			this.issuedAt = accessToken.getIssuedAt();
 			this.expiresAt = accessToken.getExpiresAt();
 			this.scopes = accessToken.getScopes();
-			this.refreshToken = response.getRefreshToken() == null ? null : response.getRefreshToken().getTokenValue();
+			this.refreshToken = (response.getRefreshToken() != null) ? response.getRefreshToken().getTokenValue()
+					: null;
 			this.additionalParameters = response.getAdditionalParameters();
 		}
 
@@ -217,7 +218,7 @@ public final class OAuth2AccessTokenResponse {
 		private Instant getExpiresAt() {
 			if (this.expiresAt == null) {
 				Instant issuedAt = getIssuedAt();
-				this.expiresAt = this.expiresIn > 0 ? issuedAt.plusSeconds(this.expiresIn) : issuedAt.plusSeconds(1);
+				this.expiresAt = (this.expiresIn > 0) ? issuedAt.plusSeconds(this.expiresIn) : issuedAt.plusSeconds(1);
 			}
 			return this.expiresAt;
 		}
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/DefaultAddressStandardClaim.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/DefaultAddressStandardClaim.java
index 73fad90051..e5ffcdc544 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/DefaultAddressStandardClaim.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/DefaultAddressStandardClaim.java
@@ -81,37 +81,38 @@ public final class DefaultAddressStandardClaim implements AddressStandardClaim {
 			return false;
 		}
 
-		AddressStandardClaim that = (AddressStandardClaim) obj;
+		AddressStandardClaim other = (AddressStandardClaim) obj;
 
-		if (this.getFormatted() != null ? !this.getFormatted().equals(that.getFormatted())
-				: that.getFormatted() != null) {
+		if ((this.getFormatted() != null) ? !this.getFormatted().equals(other.getFormatted())
+				: other.getFormatted() != null) {
 			return false;
 		}
-		if (this.getStreetAddress() != null ? !this.getStreetAddress().equals(that.getStreetAddress())
-				: that.getStreetAddress() != null) {
+		if ((this.getStreetAddress() != null) ? !this.getStreetAddress().equals(other.getStreetAddress())
+				: other.getStreetAddress() != null) {
 			return false;
 		}
-		if (this.getLocality() != null ? !this.getLocality().equals(that.getLocality()) : that.getLocality() != null) {
+		if ((this.getLocality() != null) ? !this.getLocality().equals(other.getLocality())
+				: other.getLocality() != null) {
 			return false;
 		}
-		if (this.getRegion() != null ? !this.getRegion().equals(that.getRegion()) : that.getRegion() != null) {
+		if ((this.getRegion() != null) ? !this.getRegion().equals(other.getRegion()) : other.getRegion() != null) {
 			return false;
 		}
-		if (this.getPostalCode() != null ? !this.getPostalCode().equals(that.getPostalCode())
-				: that.getPostalCode() != null) {
+		if ((this.getPostalCode() != null) ? !this.getPostalCode().equals(other.getPostalCode())
+				: other.getPostalCode() != null) {
 			return false;
 		}
-		return this.getCountry() != null ? this.getCountry().equals(that.getCountry()) : that.getCountry() == null;
+		return (this.getCountry() != null) ? this.getCountry().equals(other.getCountry()) : other.getCountry() == null;
 	}
 
 	@Override
 	public int hashCode() {
-		int result = this.getFormatted() != null ? this.getFormatted().hashCode() : 0;
-		result = 31 * result + (this.getStreetAddress() != null ? this.getStreetAddress().hashCode() : 0);
-		result = 31 * result + (this.getLocality() != null ? this.getLocality().hashCode() : 0);
-		result = 31 * result + (this.getRegion() != null ? this.getRegion().hashCode() : 0);
-		result = 31 * result + (this.getPostalCode() != null ? this.getPostalCode().hashCode() : 0);
-		result = 31 * result + (this.getCountry() != null ? this.getCountry().hashCode() : 0);
+		int result = (this.getFormatted() != null) ? this.getFormatted().hashCode() : 0;
+		result = 31 * result + ((this.getStreetAddress() != null) ? this.getStreetAddress().hashCode() : 0);
+		result = 31 * result + ((this.getLocality() != null) ? this.getLocality().hashCode() : 0);
+		result = 31 * result + ((this.getRegion() != null) ? this.getRegion().hashCode() : 0);
+		result = 31 * result + ((this.getPostalCode() != null) ? this.getPostalCode().hashCode() : 0);
+		result = 31 * result + ((this.getCountry() != null) ? this.getCountry().hashCode() : 0);
 		return result;
 	}
 
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/OidcUserAuthority.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/OidcUserAuthority.java
index fe0220028b..fb57773904 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/OidcUserAuthority.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/OidcUserAuthority.java
@@ -104,14 +104,15 @@ public class OidcUserAuthority extends OAuth2UserAuthority {
 		if (!this.getIdToken().equals(that.getIdToken())) {
 			return false;
 		}
-		return this.getUserInfo() != null ? this.getUserInfo().equals(that.getUserInfo()) : that.getUserInfo() == null;
+		return (this.getUserInfo() != null) ? this.getUserInfo().equals(that.getUserInfo())
+				: that.getUserInfo() == null;
 	}
 
 	@Override
 	public int hashCode() {
 		int result = super.hashCode();
 		result = 31 * result + this.getIdToken().hashCode();
-		result = 31 * result + (this.getUserInfo() != null ? this.getUserInfo().hashCode() : 0);
+		result = 31 * result + ((this.getUserInfo() != null) ? this.getUserInfo().hashCode() : 0);
 		return result;
 	}
 
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/web/reactive/function/OAuth2AccessTokenResponseBodyExtractor.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/web/reactive/function/OAuth2AccessTokenResponseBodyExtractor.java
index 3eaf03d205..1cb8553fc7 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/web/reactive/function/OAuth2AccessTokenResponseBodyExtractor.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/web/reactive/function/OAuth2AccessTokenResponseBodyExtractor.java
@@ -99,9 +99,9 @@ class OAuth2AccessTokenResponseBodyExtractor
 		}
 		else {
 			oauth2Error = new OAuth2Error(
-					errorObject.getCode() != null ? errorObject.getCode() : OAuth2ErrorCodes.SERVER_ERROR,
+					(errorObject.getCode() != null) ? errorObject.getCode() : OAuth2ErrorCodes.SERVER_ERROR,
 					errorObject.getDescription(),
-					errorObject.getURI() != null ? errorObject.getURI().toString() : null);
+					(errorObject.getURI() != null) ? errorObject.getURI().toString() : null);
 		}
 		return Mono.error(new OAuth2AuthorizationException(oauth2Error));
 	}
@@ -114,8 +114,8 @@ class OAuth2AccessTokenResponseBodyExtractor
 		}
 		long expiresIn = accessToken.getLifetime();
 
-		Set<String> scopes = accessToken.getScope() == null ? Collections.emptySet()
-				: new LinkedHashSet<>(accessToken.getScope().toStringList());
+		Set<String> scopes = (accessToken.getScope() != null)
+				? new LinkedHashSet<>(accessToken.getScope().toStringList()) : Collections.emptySet();
 
 		String refreshToken = null;
 		if (accessTokenResponse.getTokens().getRefreshToken() != null) {
diff --git a/openid/src/main/java/org/springframework/security/openid/OpenID4JavaConsumer.java b/openid/src/main/java/org/springframework/security/openid/OpenID4JavaConsumer.java
index 009fd4eec5..aa8dac2356 100644
--- a/openid/src/main/java/org/springframework/security/openid/OpenID4JavaConsumer.java
+++ b/openid/src/main/java/org/springframework/security/openid/OpenID4JavaConsumer.java
@@ -164,7 +164,7 @@ public class OpenID4JavaConsumer implements OpenIDConsumer {
 		if (verified == null) {
 			Identifier id = discovered.getClaimedIdentifier();
 			return new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.FAILURE,
-					id == null ? "Unknown" : id.getIdentifier(),
+					(id != null) ? id.getIdentifier() : "Unknown",
 					"Verification status message: [" + verification.getStatusMsg() + "]",
 					Collections.<OpenIDAttribute>emptyList());
 		}
diff --git a/remoting/src/main/java/org/springframework/security/remoting/rmi/ContextPropagatingRemoteInvocation.java b/remoting/src/main/java/org/springframework/security/remoting/rmi/ContextPropagatingRemoteInvocation.java
index a5f37c60c8..0f6bffb0c9 100644
--- a/remoting/src/main/java/org/springframework/security/remoting/rmi/ContextPropagatingRemoteInvocation.java
+++ b/remoting/src/main/java/org/springframework/security/remoting/rmi/ContextPropagatingRemoteInvocation.java
@@ -65,7 +65,7 @@ public class ContextPropagatingRemoteInvocation extends RemoteInvocation {
 		if (currentUser != null) {
 			this.principal = currentUser.getName();
 			Object userCredentials = currentUser.getCredentials();
-			this.credentials = userCredentials == null ? null : userCredentials.toString();
+			this.credentials = (userCredentials != null) ? userCredentials.toString() : null;
 		}
 		else {
 			this.credentials = null;
diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/util/matcher/PayloadExchangeMatcher.java b/rsocket/src/main/java/org/springframework/security/rsocket/util/matcher/PayloadExchangeMatcher.java
index 3dc38c0e68..582bf8a2e4 100644
--- a/rsocket/src/main/java/org/springframework/security/rsocket/util/matcher/PayloadExchangeMatcher.java
+++ b/rsocket/src/main/java/org/springframework/security/rsocket/util/matcher/PayloadExchangeMatcher.java
@@ -81,7 +81,9 @@ public interface PayloadExchangeMatcher {
 		 * @return
 		 */
 		public static Mono<MatchResult> match(Map<String, ? extends Object> variables) {
-			return Mono.just(new MatchResult(true, variables == null ? null : new HashMap<String, Object>(variables)));
+			MatchResult result = new MatchResult(true,
+					(variables != null) ? new HashMap<String, Object>(variables) : null);
+			return Mono.just(result);
 		}
 
 		/**
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/core/Saml2Error.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/core/Saml2Error.java
index 92338f5551..6709092ced 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/core/Saml2Error.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/core/Saml2Error.java
@@ -69,7 +69,7 @@ public class Saml2Error implements Serializable {
 
 	@Override
 	public String toString() {
-		return "[" + this.getErrorCode() + "] " + (this.getDescription() != null ? this.getDescription() : "");
+		return "[" + this.getErrorCode() + "] " + ((this.getDescription() != null) ? this.getDescription() : "");
 	}
 
 }
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProvider.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProvider.java
index 0a5b4cd4ba..3c1f122d1a 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProvider.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProvider.java
@@ -536,11 +536,11 @@ public final class OpenSamlAuthenticationProvider implements AuthenticationProvi
 		}
 		if (xmlObject instanceof XSBoolean) {
 			XSBooleanValue xsBooleanValue = ((XSBoolean) xmlObject).getValue();
-			return xsBooleanValue != null ? xsBooleanValue.getValue() : null;
+			return (xsBooleanValue != null) ? xsBooleanValue.getValue() : null;
 		}
 		if (xmlObject instanceof XSDateTime) {
 			DateTime dateTime = ((XSDateTime) xmlObject).getValue();
-			return dateTime != null ? Instant.ofEpochMilli(dateTime.getMillis()) : null;
+			return (dateTime != null) ? Instant.ofEpochMilli(dateTime.getMillis()) : null;
 		}
 		return null;
 	}
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2Error.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2Error.java
index 23f3d24d1b..4c2b35afae 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2Error.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2Error.java
@@ -66,7 +66,7 @@ public class Saml2Error implements Serializable {
 
 	@Override
 	public String toString() {
-		return "[" + this.getErrorCode() + "] " + (this.getDescription() != null ? this.getDescription() : "");
+		return "[" + this.getErrorCode() + "] " + ((this.getDescription() != null) ? this.getDescription() : "");
 	}
 
 }
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2ServletUtils.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2ServletUtils.java
index 046d75f33a..ce062757dc 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2ServletUtils.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2ServletUtils.java
@@ -48,19 +48,19 @@ final class Saml2ServletUtils {
 		UriComponents uriComponents = UriComponentsBuilder.fromHttpUrl(baseUrl).replaceQuery(null).fragment(null)
 				.build();
 		String scheme = uriComponents.getScheme();
-		uriVariables.put("baseScheme", scheme == null ? "" : scheme);
+		uriVariables.put("baseScheme", (scheme != null) ? scheme : "");
 		String host = uriComponents.getHost();
-		uriVariables.put("baseHost", host == null ? "" : host);
+		uriVariables.put("baseHost", (host != null) ? host : "");
 		// following logic is based on HierarchicalUriComponents#toUriString()
 		int port = uriComponents.getPort();
-		uriVariables.put("basePort", port == -1 ? "" : ":" + port);
+		uriVariables.put("basePort", (port != -1) ? ":" + port : "");
 		String path = uriComponents.getPath();
 		if (StringUtils.hasLength(path)) {
 			if (path.charAt(0) != PATH_DELIMITER) {
 				path = PATH_DELIMITER + path;
 			}
 		}
-		uriVariables.put("basePath", path == null ? "" : path);
+		uriVariables.put("basePath", (path != null) ? path : "");
 		uriVariables.put("baseUrl", uriComponents.toUriString());
 		uriVariables.put("entityId", StringUtils.hasText(entityId) ? entityId : "");
 		uriVariables.put("registrationId", StringUtils.hasText(registrationId) ? registrationId : "");
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/DefaultRelyingPartyRegistrationResolver.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/DefaultRelyingPartyRegistrationResolver.java
index c81f6b2b6d..45c6c27d95 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/DefaultRelyingPartyRegistrationResolver.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/DefaultRelyingPartyRegistrationResolver.java
@@ -90,17 +90,17 @@ public final class DefaultRelyingPartyRegistrationResolver
 		UriComponents uriComponents = UriComponentsBuilder.fromHttpUrl(baseUrl).replaceQuery(null).fragment(null)
 				.build();
 		String scheme = uriComponents.getScheme();
-		uriVariables.put("baseScheme", scheme == null ? "" : scheme);
+		uriVariables.put("baseScheme", (scheme != null) ? scheme : "");
 		String host = uriComponents.getHost();
-		uriVariables.put("baseHost", host == null ? "" : host);
+		uriVariables.put("baseHost", (host != null) ? host : "");
 		// following logic is based on HierarchicalUriComponents#toUriString()
 		int port = uriComponents.getPort();
-		uriVariables.put("basePort", port == -1 ? "" : ":" + port);
+		uriVariables.put("basePort", (port == -1) ? "" : ":" + port);
 		String path = uriComponents.getPath();
 		if (StringUtils.hasLength(path) && path.charAt(0) != PATH_DELIMITER) {
 			path = PATH_DELIMITER + path;
 		}
-		uriVariables.put("basePath", path == null ? "" : path);
+		uriVariables.put("basePath", (path != null) ? path : "");
 		uriVariables.put("baseUrl", uriComponents.toUriString());
 		uriVariables.put("entityId", StringUtils.hasText(entityId) ? entityId : "");
 		uriVariables.put("registrationId", StringUtils.hasText(registrationId) ? registrationId : "");
diff --git a/taglibs/src/main/java/org/springframework/security/taglibs/TagLibConfig.java b/taglibs/src/main/java/org/springframework/security/taglibs/TagLibConfig.java
index c316bc8982..dfbe370fde 100644
--- a/taglibs/src/main/java/org/springframework/security/taglibs/TagLibConfig.java
+++ b/taglibs/src/main/java/org/springframework/security/taglibs/TagLibConfig.java
@@ -41,8 +41,8 @@ public final class TagLibConfig {
 		String prefix = System.getProperty("spring.security.securedUIPrefix");
 		String suffix = System.getProperty("spring.security.securedUISuffix");
 
-		SECURED_UI_PREFIX = prefix == null ? "<span class=\"securityHiddenUI\">" : prefix;
-		SECURED_UI_SUFFIX = suffix == null ? "</span>" : suffix;
+		SECURED_UI_PREFIX = (prefix != null) ? prefix : "<span class=\"securityHiddenUI\">";
+		SECURED_UI_SUFFIX = (suffix != null) ? suffix : "</span>";
 
 		DISABLE_UI_SECURITY = "true".equals(db);
 
diff --git a/test/src/main/java/org/springframework/security/test/context/support/WithSecurityContextTestExecutionListener.java b/test/src/main/java/org/springframework/security/test/context/support/WithSecurityContextTestExecutionListener.java
index 0a5bb40de4..862f79962b 100644
--- a/test/src/main/java/org/springframework/security/test/context/support/WithSecurityContextTestExecutionListener.java
+++ b/test/src/main/java/org/springframework/security/test/context/support/WithSecurityContextTestExecutionListener.java
@@ -100,8 +100,8 @@ public class WithSecurityContextTestExecutionListener extends AbstractTestExecut
 	private TestSecurityContext createTestSecurityContext(Class<?> annotated, TestContext context) {
 		MetaAnnotationUtils.AnnotationDescriptor<WithSecurityContext> withSecurityContextDescriptor = MetaAnnotationUtils
 				.findAnnotationDescriptor(annotated, WithSecurityContext.class);
-		WithSecurityContext withSecurityContext = withSecurityContextDescriptor == null ? null
-				: withSecurityContextDescriptor.getAnnotation();
+		WithSecurityContext withSecurityContext = (withSecurityContextDescriptor != null)
+				? withSecurityContextDescriptor.getAnnotation() : null;
 		return createTestSecurityContext(annotated, withSecurityContext, context);
 	}
 
diff --git a/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessors.java b/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessors.java
index 846bc223c0..975c684174 100644
--- a/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessors.java
+++ b/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessors.java
@@ -770,7 +770,7 @@ public final class SecurityMockMvcRequestPostProcessors {
 				// remember the SecurityContextRepository is used in many different
 				// locations
 				SecurityContext delegateResult = this.delegate.loadContext(requestResponseHolder);
-				return result == null ? delegateResult : result;
+				return (result != null) ? result : delegateResult;
 			}
 
 			@Override
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsDigestTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsDigestTests.java
index 51a9687d6e..9f9653ff25 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsDigestTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsDigestTests.java
@@ -120,8 +120,8 @@ public class SecurityMockMvcRequestPostProcessorsDigestTests {
 			@Override
 			public void doFilter(ServletRequest request, ServletResponse response) {
 				Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
-				SecurityMockMvcRequestPostProcessorsDigestTests.this.username = authentication == null ? null
-						: authentication.getName();
+				SecurityMockMvcRequestPostProcessorsDigestTests.this.username = (authentication != null)
+						? authentication.getName() : null;
 			}
 		});
 		return this.username;
diff --git a/web/src/main/java/org/springframework/security/web/FilterChainProxy.java b/web/src/main/java/org/springframework/security/web/FilterChainProxy.java
index d6ba03070d..47bb405a83 100644
--- a/web/src/main/java/org/springframework/security/web/FilterChainProxy.java
+++ b/web/src/main/java/org/springframework/security/web/FilterChainProxy.java
@@ -202,7 +202,7 @@ public class FilterChainProxy extends GenericFilterBean {
 		if (filters == null || filters.size() == 0) {
 			if (logger.isDebugEnabled()) {
 				logger.debug(UrlUtils.buildRequestUrl(fwRequest)
-						+ (filters == null ? " has no matching filters" : " has an empty filter list"));
+						+ ((filters != null) ? " has an empty filter list" : " has no matching filters"));
 			}
 
 			fwRequest.reset();
diff --git a/web/src/main/java/org/springframework/security/web/FilterInvocation.java b/web/src/main/java/org/springframework/security/web/FilterInvocation.java
index 5a0f90ab87..879b1ce94b 100644
--- a/web/src/main/java/org/springframework/security/web/FilterInvocation.java
+++ b/web/src/main/java/org/springframework/security/web/FilterInvocation.java
@@ -89,7 +89,7 @@ public class FilterInvocation {
 		}
 		request.setContextPath(contextPath);
 		request.setServletPath(servletPath);
-		request.setRequestURI(contextPath + servletPath + (pathInfo == null ? "" : pathInfo));
+		request.setRequestURI(contextPath + servletPath + ((pathInfo != null) ? pathInfo : ""));
 		request.setPathInfo(pathInfo);
 		request.setQueryString(query);
 		request.setMethod(method);
@@ -268,7 +268,7 @@ public class FilterInvocation {
 		@Override
 		public String getParameter(String name) {
 			String[] arr = this.parameters.get(name);
-			return (arr != null && arr.length > 0 ? arr[0] : null);
+			return (arr != null && arr.length > 0) ? arr[0] : null;
 		}
 
 		@Override
diff --git a/web/src/main/java/org/springframework/security/web/access/channel/AbstractRetryEntryPoint.java b/web/src/main/java/org/springframework/security/web/access/channel/AbstractRetryEntryPoint.java
index 9efe0bf185..607ada7667 100644
--- a/web/src/main/java/org/springframework/security/web/access/channel/AbstractRetryEntryPoint.java
+++ b/web/src/main/java/org/springframework/security/web/access/channel/AbstractRetryEntryPoint.java
@@ -59,7 +59,7 @@ public abstract class AbstractRetryEntryPoint implements ChannelEntryPoint {
 	@Override
 	public void commence(HttpServletRequest request, HttpServletResponse response) throws IOException {
 		String queryString = request.getQueryString();
-		String redirectUrl = request.getRequestURI() + ((queryString == null) ? "" : ("?" + queryString));
+		String redirectUrl = request.getRequestURI() + ((queryString != null) ? ("?" + queryString) : "");
 
 		Integer currentPort = this.portResolver.getServerPort(request);
 		Integer redirectPort = getMappedPort(currentPort);
diff --git a/web/src/main/java/org/springframework/security/web/access/expression/WebExpressionConfigAttribute.java b/web/src/main/java/org/springframework/security/web/access/expression/WebExpressionConfigAttribute.java
index 4f40ffc7dd..b967de5e38 100644
--- a/web/src/main/java/org/springframework/security/web/access/expression/WebExpressionConfigAttribute.java
+++ b/web/src/main/java/org/springframework/security/web/access/expression/WebExpressionConfigAttribute.java
@@ -45,7 +45,7 @@ class WebExpressionConfigAttribute implements ConfigAttribute, EvaluationContext
 
 	@Override
 	public EvaluationContext postProcess(EvaluationContext context, FilterInvocation fi) {
-		return this.postProcessor == null ? context : this.postProcessor.postProcess(context, fi);
+		return (this.postProcessor != null) ? this.postProcessor.postProcess(context, fi) : context;
 	}
 
 	@Override
diff --git a/web/src/main/java/org/springframework/security/web/access/intercept/RequestKey.java b/web/src/main/java/org/springframework/security/web/access/intercept/RequestKey.java
index 6779564117..8e6c569313 100644
--- a/web/src/main/java/org/springframework/security/web/access/intercept/RequestKey.java
+++ b/web/src/main/java/org/springframework/security/web/access/intercept/RequestKey.java
@@ -64,7 +64,7 @@ public class RequestKey {
 	@Override
 	public int hashCode() {
 		int result = this.url.hashCode();
-		result = 31 * result + (this.method != null ? this.method.hashCode() : 0);
+		result = 31 * result + ((this.method != null) ? this.method.hashCode() : 0);
 		return result;
 	}
 
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/J2eePreAuthenticatedProcessingFilter.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/J2eePreAuthenticatedProcessingFilter.java
index edc855132a..4fce63bd38 100755
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/J2eePreAuthenticatedProcessingFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/J2eePreAuthenticatedProcessingFilter.java
@@ -35,7 +35,7 @@ public class J2eePreAuthenticatedProcessingFilter extends AbstractPreAuthenticat
 	 */
 	@Override
 	protected Object getPreAuthenticatedPrincipal(HttpServletRequest httpRequest) {
-		Object principal = httpRequest.getUserPrincipal() == null ? null : httpRequest.getUserPrincipal().getName();
+		Object principal = (httpRequest.getUserPrincipal() != null) ? httpRequest.getUserPrincipal().getName() : null;
 		if (this.logger.isDebugEnabled()) {
 			this.logger.debug("PreAuthenticated J2EE principal: " + principal);
 		}
diff --git a/web/src/main/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServices.java b/web/src/main/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServices.java
index 5e0f49d509..a250449dc8 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServices.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServices.java
@@ -417,7 +417,7 @@ public abstract class AbstractRememberMeServices implements RememberMeServices,
 
 	private String getCookiePath(HttpServletRequest request) {
 		String contextPath = request.getContextPath();
-		return contextPath.length() > 0 ? contextPath : "/";
+		return (contextPath.length() > 0) ? contextPath : "/";
 	}
 
 	/**
@@ -427,7 +427,7 @@ public abstract class AbstractRememberMeServices implements RememberMeServices,
 	@Override
 	public void logout(HttpServletRequest request, HttpServletResponse response, Authentication authentication) {
 		if (this.logger.isDebugEnabled()) {
-			this.logger.debug("Logout of user " + (authentication == null ? "Unknown" : authentication.getName()));
+			this.logger.debug("Logout of user " + ((authentication != null) ? authentication.getName() : "Unknown"));
 		}
 		cancelCookie(request, response);
 	}
diff --git a/web/src/main/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServices.java b/web/src/main/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServices.java
index 649d06726c..d75d228ed2 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServices.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServices.java
@@ -187,7 +187,7 @@ public class TokenBasedRememberMeServices extends AbstractRememberMeServices {
 		int tokenLifetime = calculateLoginLifetime(request, successfulAuthentication);
 		long expiryTime = System.currentTimeMillis();
 		// SEC-949
-		expiryTime += 1000L * (tokenLifetime < 0 ? TWO_WEEKS_S : tokenLifetime);
+		expiryTime += 1000L * ((tokenLifetime < 0) ? TWO_WEEKS_S : tokenLifetime);
 
 		String signatureValue = makeTokenSignature(expiryTime, username, password);
 
diff --git a/web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilter.java b/web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilter.java
index 5f1dd45139..58e1e4fb44 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilter.java
@@ -151,8 +151,9 @@ public class SwitchUserFilter extends GenericFilterBean implements ApplicationEv
 		}
 
 		if (this.failureHandler == null) {
-			this.failureHandler = this.switchFailureUrl == null ? new SimpleUrlAuthenticationFailureHandler()
-					: new SimpleUrlAuthenticationFailureHandler(this.switchFailureUrl);
+			this.failureHandler = (this.switchFailureUrl != null)
+					? new SimpleUrlAuthenticationFailureHandler(this.switchFailureUrl)
+					: new SimpleUrlAuthenticationFailureHandler();
 		}
 		else {
 			Assert.isNull(this.switchFailureUrl, "You cannot set both a switchFailureUrl and a failureHandler");
diff --git a/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLoginPageGeneratingFilter.java b/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLoginPageGeneratingFilter.java
index ba90274987..f3c96da440 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLoginPageGeneratingFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLoginPageGeneratingFilter.java
@@ -242,7 +242,7 @@ public class DefaultLoginPageGeneratingFilter extends GenericFilterBean {
 			if (session != null) {
 				AuthenticationException ex = (AuthenticationException) session
 						.getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
-				errorMsg = ex != null ? ex.getMessage() : "Invalid credentials";
+				errorMsg = (ex != null) ? ex.getMessage() : "Invalid credentials";
 			}
 		}
 
diff --git a/web/src/main/java/org/springframework/security/web/csrf/CookieCsrfTokenRepository.java b/web/src/main/java/org/springframework/security/web/csrf/CookieCsrfTokenRepository.java
index b885ea265a..761785fb8e 100644
--- a/web/src/main/java/org/springframework/security/web/csrf/CookieCsrfTokenRepository.java
+++ b/web/src/main/java/org/springframework/security/web/csrf/CookieCsrfTokenRepository.java
@@ -67,7 +67,7 @@ public final class CookieCsrfTokenRepository implements CsrfTokenRepository {
 
 	@Override
 	public void saveToken(CsrfToken token, HttpServletRequest request, HttpServletResponse response) {
-		String tokenValue = token == null ? "" : token.getToken();
+		String tokenValue = (token != null) ? token.getToken() : "";
 		Cookie cookie = new Cookie(this.cookieName, tokenValue);
 		if (this.secure == null) {
 			cookie.setSecure(request.isSecure());
@@ -151,7 +151,7 @@ public final class CookieCsrfTokenRepository implements CsrfTokenRepository {
 
 	private String getRequestContext(HttpServletRequest request) {
 		String contextPath = request.getContextPath();
-		return contextPath.length() > 0 ? contextPath : "/";
+		return (contextPath.length() > 0) ? contextPath : "/";
 	}
 
 	/**
diff --git a/web/src/main/java/org/springframework/security/web/firewall/DefaultHttpFirewall.java b/web/src/main/java/org/springframework/security/web/firewall/DefaultHttpFirewall.java
index 4c90eb24c6..ed6b51922a 100644
--- a/web/src/main/java/org/springframework/security/web/firewall/DefaultHttpFirewall.java
+++ b/web/src/main/java/org/springframework/security/web/firewall/DefaultHttpFirewall.java
@@ -54,7 +54,7 @@ public class DefaultHttpFirewall implements HttpFirewall {
 
 		if (!isNormalized(fwr.getServletPath()) || !isNormalized(fwr.getPathInfo())) {
 			throw new RequestRejectedException("Un-normalized paths are not supported: " + fwr.getServletPath()
-					+ (fwr.getPathInfo() != null ? fwr.getPathInfo() : ""));
+					+ ((fwr.getPathInfo() != null) ? fwr.getPathInfo() : ""));
 		}
 
 		String requestURI = fwr.getRequestURI();
diff --git a/web/src/main/java/org/springframework/security/web/jackson2/CookieDeserializer.java b/web/src/main/java/org/springframework/security/web/jackson2/CookieDeserializer.java
index f6ad7efc04..90e1273faf 100644
--- a/web/src/main/java/org/springframework/security/web/jackson2/CookieDeserializer.java
+++ b/web/src/main/java/org/springframework/security/web/jackson2/CookieDeserializer.java
@@ -57,8 +57,12 @@ class CookieDeserializer extends JsonDeserializer<Cookie> {
 	}
 
 	private JsonNode readJsonNode(JsonNode jsonNode, String field) {
-		return jsonNode.has(field) && !(jsonNode.get(field) instanceof NullNode) ? jsonNode.get(field)
+		return hasNonNullField(jsonNode, field) ? jsonNode.get(field)
 				: MissingNode.getInstance();
 	}
 
+	private boolean hasNonNullField(JsonNode jsonNode, String field) {
+		return jsonNode.has(field) && !(jsonNode.get(field) instanceof NullNode);
+	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/reactive/result/method/annotation/AuthenticationPrincipalArgumentResolver.java b/web/src/main/java/org/springframework/security/web/reactive/result/method/annotation/AuthenticationPrincipalArgumentResolver.java
index edc2ee76be..6068d82f9d 100644
--- a/web/src/main/java/org/springframework/security/web/reactive/result/method/annotation/AuthenticationPrincipalArgumentResolver.java
+++ b/web/src/main/java/org/springframework/security/web/reactive/result/method/annotation/AuthenticationPrincipalArgumentResolver.java
@@ -75,7 +75,7 @@ public class AuthenticationPrincipalArgumentResolver extends HandlerMethodArgume
 		return ReactiveSecurityContextHolder.getContext().map(SecurityContext::getAuthentication).flatMap((a) -> {
 			Object p = resolvePrincipal(parameter, a.getPrincipal());
 			Mono<Object> principal = Mono.justOrEmpty(p);
-			return adapter == null ? principal : Mono.just(adapter.fromPublisher(principal));
+			return (adapter != null) ? Mono.just(adapter.fromPublisher(principal)) : principal;
 		});
 	}
 
diff --git a/web/src/main/java/org/springframework/security/web/reactive/result/method/annotation/CurrentSecurityContextArgumentResolver.java b/web/src/main/java/org/springframework/security/web/reactive/result/method/annotation/CurrentSecurityContextArgumentResolver.java
index af4a52ed49..101749642f 100644
--- a/web/src/main/java/org/springframework/security/web/reactive/result/method/annotation/CurrentSecurityContextArgumentResolver.java
+++ b/web/src/main/java/org/springframework/security/web/reactive/result/method/annotation/CurrentSecurityContextArgumentResolver.java
@@ -87,7 +87,7 @@ public class CurrentSecurityContextArgumentResolver extends HandlerMethodArgumen
 		return reactiveSecurityContext.flatMap((a) -> {
 			Object p = resolveSecurityContext(parameter, a);
 			Mono<Object> o = Mono.justOrEmpty(p);
-			return adapter == null ? o : Mono.just(adapter.fromPublisher(o));
+			return (adapter != null) ? Mono.just(adapter.fromPublisher(o)) : o;
 		});
 
 	}
diff --git a/web/src/main/java/org/springframework/security/web/savedrequest/RequestCacheAwareFilter.java b/web/src/main/java/org/springframework/security/web/savedrequest/RequestCacheAwareFilter.java
index 773072bd88..27657614c0 100644
--- a/web/src/main/java/org/springframework/security/web/savedrequest/RequestCacheAwareFilter.java
+++ b/web/src/main/java/org/springframework/security/web/savedrequest/RequestCacheAwareFilter.java
@@ -62,7 +62,7 @@ public class RequestCacheAwareFilter extends GenericFilterBean {
 		HttpServletRequest wrappedSavedRequest = this.requestCache.getMatchingRequest((HttpServletRequest) request,
 				(HttpServletResponse) response);
 
-		chain.doFilter(wrappedSavedRequest == null ? request : wrappedSavedRequest, response);
+		chain.doFilter((wrappedSavedRequest != null) ? wrappedSavedRequest : request, response);
 	}
 
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/ServerHttpBasicAuthenticationConverter.java b/web/src/main/java/org/springframework/security/web/server/ServerHttpBasicAuthenticationConverter.java
index 334e4ed2f7..e0afa30196 100644
--- a/web/src/main/java/org/springframework/security/web/server/ServerHttpBasicAuthenticationConverter.java
+++ b/web/src/main/java/org/springframework/security/web/server/ServerHttpBasicAuthenticationConverter.java
@@ -53,7 +53,7 @@ public class ServerHttpBasicAuthenticationConverter implements Function<ServerWe
 			return Mono.empty();
 		}
 
-		String credentials = authorization.length() <= BASIC.length() ? ""
+		String credentials = (authorization.length() <= BASIC.length()) ? ""
 				: authorization.substring(BASIC.length(), authorization.length());
 		byte[] decodedCredentials = base64Decode(credentials);
 		String decodedAuthz = new String(decodedCredentials);
diff --git a/web/src/main/java/org/springframework/security/web/server/csrf/CookieServerCsrfTokenRepository.java b/web/src/main/java/org/springframework/security/web/server/csrf/CookieServerCsrfTokenRepository.java
index 85d0119544..18fa4d6eeb 100644
--- a/web/src/main/java/org/springframework/security/web/server/csrf/CookieServerCsrfTokenRepository.java
+++ b/web/src/main/java/org/springframework/security/web/server/csrf/CookieServerCsrfTokenRepository.java
@@ -73,9 +73,9 @@ public final class CookieServerCsrfTokenRepository implements ServerCsrfTokenRep
 	@Override
 	public Mono<Void> saveToken(ServerWebExchange exchange, CsrfToken token) {
 		return Mono.fromRunnable(() -> {
-			String tokenValue = token != null ? token.getToken() : "";
+			String tokenValue = (token != null) ? token.getToken() : "";
 			int maxAge = !tokenValue.isEmpty() ? -1 : 0;
-			String path = this.cookiePath != null ? this.cookiePath : getRequestContext(exchange.getRequest());
+			String path = (this.cookiePath != null) ? this.cookiePath : getRequestContext(exchange.getRequest());
 			boolean secure = exchange.getRequest().getSslInfo() != null;
 
 			ResponseCookie cookie = ResponseCookie.from(this.cookieName, tokenValue).domain(this.cookieDomain)
diff --git a/web/src/main/java/org/springframework/security/web/server/savedrequest/CookieServerRequestCache.java b/web/src/main/java/org/springframework/security/web/server/savedrequest/CookieServerRequestCache.java
index d9135feb3d..ca8bd11c79 100644
--- a/web/src/main/java/org/springframework/security/web/server/savedrequest/CookieServerRequestCache.java
+++ b/web/src/main/java/org/springframework/security/web/server/savedrequest/CookieServerRequestCache.java
@@ -99,7 +99,7 @@ public class CookieServerRequestCache implements ServerRequestCache {
 	private static ResponseCookie createRedirectUriCookie(ServerHttpRequest request) {
 		String path = request.getPath().pathWithinApplication().value();
 		String query = request.getURI().getRawQuery();
-		String redirectUri = path + (query != null ? "?" + query : "");
+		String redirectUri = path + ((query != null) ? "?" + query : "");
 
 		return createResponseCookie(request, encodeCookie(redirectUri), COOKIE_MAX_AGE);
 	}
diff --git a/web/src/main/java/org/springframework/security/web/server/savedrequest/WebSessionServerRequestCache.java b/web/src/main/java/org/springframework/security/web/server/savedrequest/WebSessionServerRequestCache.java
index 533e960ed0..37822da309 100644
--- a/web/src/main/java/org/springframework/security/web/server/savedrequest/WebSessionServerRequestCache.java
+++ b/web/src/main/java/org/springframework/security/web/server/savedrequest/WebSessionServerRequestCache.java
@@ -102,7 +102,7 @@ public class WebSessionServerRequestCache implements ServerRequestCache {
 	private static String pathInApplication(ServerHttpRequest request) {
 		String path = request.getPath().pathWithinApplication().value();
 		String query = request.getURI().getRawQuery();
-		return path + (query != null ? "?" + query : "");
+		return path + ((query != null) ? "?" + query : "");
 	}
 
 	private static ServerWebExchangeMatcher createDefaultRequestMacher() {
diff --git a/web/src/main/java/org/springframework/security/web/servlet/util/matcher/MvcRequestMatcher.java b/web/src/main/java/org/springframework/security/web/servlet/util/matcher/MvcRequestMatcher.java
index 9a9afc8efa..8ca395e047 100644
--- a/web/src/main/java/org/springframework/security/web/servlet/util/matcher/MvcRequestMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/servlet/util/matcher/MvcRequestMatcher.java
@@ -100,7 +100,7 @@ public class MvcRequestMatcher implements RequestMatcher, RequestVariablesExtrac
 			return this.defaultMatcher.matcher(request);
 		}
 		RequestMatchResult result = mapping.match(request, this.pattern);
-		return result == null ? MatchResult.notMatch() : MatchResult.match(result.extractUriTemplateVariables());
+		return (result != null) ? MatchResult.match(result.extractUriTemplateVariables()) : MatchResult.notMatch();
 	}
 
 	/**
diff --git a/web/src/main/java/org/springframework/security/web/util/OnCommittedResponseWrapper.java b/web/src/main/java/org/springframework/security/web/util/OnCommittedResponseWrapper.java
index d35d6336a0..6cd63e0e4c 100644
--- a/web/src/main/java/org/springframework/security/web/util/OnCommittedResponseWrapper.java
+++ b/web/src/main/java/org/springframework/security/web/util/OnCommittedResponseWrapper.java
@@ -186,13 +186,13 @@ public abstract class OnCommittedResponseWrapper extends HttpServletResponseWrap
 
 	private void trackContentLength(byte[] content) {
 		if (!this.disableOnCommitted) {
-			checkContentLength(content == null ? 0 : content.length);
+			checkContentLength((content != null) ? content.length : 0);
 		}
 	}
 
 	private void trackContentLength(char[] content) {
 		if (!this.disableOnCommitted) {
-			checkContentLength(content == null ? 0 : content.length);
+			checkContentLength((content != null) ? content.length : 0);
 		}
 	}
 
@@ -222,7 +222,7 @@ public abstract class OnCommittedResponseWrapper extends HttpServletResponseWrap
 
 	private void trackContentLength(String content) {
 		if (!this.disableOnCommitted) {
-			int contentLength = content == null ? 4 : content.length();
+			int contentLength = (content != null) ? content.length() : 4;
 			checkContentLength(contentLength);
 		}
 	}
diff --git a/web/src/main/java/org/springframework/security/web/util/matcher/AntPathRequestMatcher.java b/web/src/main/java/org/springframework/security/web/util/matcher/AntPathRequestMatcher.java
index abd5b0b089..0e707cfdfe 100644
--- a/web/src/main/java/org/springframework/security/web/util/matcher/AntPathRequestMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/util/matcher/AntPathRequestMatcher.java
@@ -220,8 +220,8 @@ public final class AntPathRequestMatcher implements RequestMatcher, RequestVaria
 
 	@Override
 	public int hashCode() {
-		int result = this.pattern != null ? this.pattern.hashCode() : 0;
-		result = 31 * result + (this.httpMethod != null ? this.httpMethod.hashCode() : 0);
+		int result = (this.pattern != null) ? this.pattern.hashCode() : 0;
+		result = 31 * result + ((this.httpMethod != null) ? this.httpMethod.hashCode() : 0);
 		result = 31 * result + (this.caseSensitive ? 1231 : 1237);
 		return result;
 	}
diff --git a/web/src/test/java/org/springframework/security/web/method/ResolvableMethod.java b/web/src/test/java/org/springframework/security/web/method/ResolvableMethod.java
index 933d2efaad..0e8f447630 100644
--- a/web/src/test/java/org/springframework/security/web/method/ResolvableMethod.java
+++ b/web/src/test/java/org/springframework/security/web/method/ResolvableMethod.java
@@ -215,7 +215,7 @@ public final class ResolvableMethod {
 
 	private String formatParameter(Parameter param) {
 		Annotation[] annot = param.getAnnotations();
-		return annot.length > 0
+		return (annot.length > 0)
 				? Arrays.stream(annot).map(this::formatAnnotation).collect(Collectors.joining(",", "[", "]")) + " "
 						+ param
 				: param.toString();

From ee661f7b711299fc1b077090b034bed12901fe42 Mon Sep 17 00:00:00 2001
From: Phillip Webb <pwebb@vmware.com>
Date: Thu, 30 Jul 2020 00:34:51 -0700
Subject: [PATCH 48/84] Fix whitespace issues in format-off code

Fix a few whitespace issues in format-off code that would
otherwise fail checkstyle.

Issue gh-8945
---
 .../config/annotation/web/configurers/JeeConfigurer.java      | 4 ++--
 .../web/configurers/saml2/Saml2LoginConfigurerTests.java      | 3 ++-
 .../security/jackson2/UserDeserializerTests.java              | 2 +-
 etc/checkstyle/checkstyle-suppressions.xml                    | 2 --
 .../security/web/jackson2/CookieDeserializer.java             | 3 +--
 .../security/web/jackson2/DefaultSavedRequestMixinTests.java  | 2 +-
 .../PreAuthenticatedAuthenticationTokenMixinTests.java        | 2 +-
 7 files changed, 8 insertions(+), 10 deletions(-)

diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/JeeConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/JeeConfigurer.java
index 078adc18b0..30928d0b24 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/JeeConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/JeeConfigurer.java
@@ -230,8 +230,8 @@ public final class JeeConfigurer<H extends HttpSecurityBuilder<H>> extends Abstr
 	 * @return the {@link AuthenticationUserDetailsService} to use
 	 */
 	private AuthenticationUserDetailsService<PreAuthenticatedAuthenticationToken> getUserDetailsService() {
-		return (this.authenticationUserDetailsService != null)
-				? new PreAuthenticatedGrantedAuthoritiesUserDetailsService() : this.authenticationUserDetailsService;
+		return (this.authenticationUserDetailsService != null) ? this.authenticationUserDetailsService
+				: new PreAuthenticatedGrantedAuthoritiesUserDetailsService();
 	}
 
 	/**
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurerTests.java
index a8c47766f6..601473a3e6 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurerTests.java
@@ -349,7 +349,8 @@ public class Saml2LoginConfigurerTests {
 				.authorizeRequests((authz) -> authz
 					.anyRequest().authenticated()
 				)
-				.saml2Login((saml2) -> {});
+				.saml2Login((saml2) -> {
+				});
 			// @formatter:on
 		}
 
diff --git a/core/src/test/java/org/springframework/security/jackson2/UserDeserializerTests.java b/core/src/test/java/org/springframework/security/jackson2/UserDeserializerTests.java
index 5f165c43d3..f7d902486b 100644
--- a/core/src/test/java/org/springframework/security/jackson2/UserDeserializerTests.java
+++ b/core/src/test/java/org/springframework/security/jackson2/UserDeserializerTests.java
@@ -45,7 +45,7 @@ public class UserDeserializerTests extends AbstractMixinTests {
 	public static final String USER_JSON = "{"
 		+ "\"@class\": \"org.springframework.security.core.userdetails.User\", "
 		+ "\"username\": \"admin\","
-		+ " \"password\": "+ USER_PASSWORD +", "
+		+ " \"password\": " + USER_PASSWORD + ", "
 		+ "\"accountNonExpired\": true, "
 		+ "\"accountNonLocked\": true, "
 		+ "\"credentialsNonExpired\": true, "
diff --git a/etc/checkstyle/checkstyle-suppressions.xml b/etc/checkstyle/checkstyle-suppressions.xml
index ec81d6574e..8ad15ce4af 100644
--- a/etc/checkstyle/checkstyle-suppressions.xml
+++ b/etc/checkstyle/checkstyle-suppressions.xml
@@ -3,8 +3,6 @@
 		"-//Checkstyle//DTD SuppressionFilter Configuration 1.2//EN"
 		"https://checkstyle.org/dtds/suppressions_1_2.dtd">
 <suppressions>
-	<suppress files=".*" checks="WhitespaceAfter" />
-	<suppress files=".*" checks="WhitespaceAround" />
 	<suppress files=".*" checks="JavadocMethod" />
 	<suppress files=".*" checks="JavadocStyle" />
 	<suppress files=".*" checks="JavadocTagContinuationIndentation" />
diff --git a/web/src/main/java/org/springframework/security/web/jackson2/CookieDeserializer.java b/web/src/main/java/org/springframework/security/web/jackson2/CookieDeserializer.java
index 90e1273faf..4b0c3a41f2 100644
--- a/web/src/main/java/org/springframework/security/web/jackson2/CookieDeserializer.java
+++ b/web/src/main/java/org/springframework/security/web/jackson2/CookieDeserializer.java
@@ -57,8 +57,7 @@ class CookieDeserializer extends JsonDeserializer<Cookie> {
 	}
 
 	private JsonNode readJsonNode(JsonNode jsonNode, String field) {
-		return hasNonNullField(jsonNode, field) ? jsonNode.get(field)
-				: MissingNode.getInstance();
+		return hasNonNullField(jsonNode, field) ? jsonNode.get(field) : MissingNode.getInstance();
 	}
 
 	private boolean hasNonNullField(JsonNode jsonNode, String field) {
diff --git a/web/src/test/java/org/springframework/security/web/jackson2/DefaultSavedRequestMixinTests.java b/web/src/test/java/org/springframework/security/web/jackson2/DefaultSavedRequestMixinTests.java
index 33da0c0a6d..d5cff45f45 100644
--- a/web/src/test/java/org/springframework/security/web/jackson2/DefaultSavedRequestMixinTests.java
+++ b/web/src/test/java/org/springframework/security/web/jackson2/DefaultSavedRequestMixinTests.java
@@ -58,7 +58,7 @@ public class DefaultSavedRequestMixinTests extends AbstractMixinTests {
 	// @formatter:off
 	private static final String REQUEST_JSON = "{" +
 		"\"@class\": \"org.springframework.security.web.savedrequest.DefaultSavedRequest\", "
-		+ "\"cookies\": "+ COOKIES_JSON +","
+		+ "\"cookies\": " + COOKIES_JSON + ","
 		+ "\"locales\": [\"java.util.ArrayList\", [\"en\"]], "
 		+ "\"headers\": {\"@class\": \"java.util.TreeMap\", \"x-auth-token\": [\"java.util.ArrayList\", [\"12\"]]}, "
 		+ "\"parameters\": {\"@class\": \"java.util.TreeMap\"},"
diff --git a/web/src/test/java/org/springframework/security/web/jackson2/PreAuthenticatedAuthenticationTokenMixinTests.java b/web/src/test/java/org/springframework/security/web/jackson2/PreAuthenticatedAuthenticationTokenMixinTests.java
index acc7f3feda..a4a79d5e6d 100644
--- a/web/src/test/java/org/springframework/security/web/jackson2/PreAuthenticatedAuthenticationTokenMixinTests.java
+++ b/web/src/test/java/org/springframework/security/web/jackson2/PreAuthenticatedAuthenticationTokenMixinTests.java
@@ -41,7 +41,7 @@ public class PreAuthenticatedAuthenticationTokenMixinTests extends AbstractMixin
 		+ "\"credentials\": \"credentials\", "
 		+ "\"authenticated\": true, "
 		+ "\"details\": null, "
-		+ "\"authorities\": "+ SimpleGrantedAuthorityMixinTests.AUTHORITIES_ARRAYLIST_JSON
+		+ "\"authorities\": " + SimpleGrantedAuthorityMixinTests.AUTHORITIES_ARRAYLIST_JSON
 	+ "}";
 	// @formatter:on
 

From fdc66d45d54309091e4046879951ca234468f51f Mon Sep 17 00:00:00 2001
From: Phillip Webb <pwebb@vmware.com>
Date: Thu, 30 Jul 2020 09:14:00 -0700
Subject: [PATCH 49/84] Polish spring-security-acl main code

Manually polish `spring-security-acl` following the formatting
and checkstyle fixes.

Issue gh-8945
---
 .../security/acls/AclEntryVoter.java          | 100 ++++++---------
 .../acls/AclPermissionCacheOptimizer.java     |  17 +--
 .../security/acls/AclPermissionEvaluator.java |  53 +++-----
 .../afterinvocation/AbstractAclProvider.java  |  14 +-
 ...InvocationCollectionFilteringProvider.java |  35 ++---
 .../AclEntryAfterInvocationProvider.java      |   5 +-
 .../acls/afterinvocation/ArrayFilterer.java   |  69 ++++------
 .../afterinvocation/CollectionFilterer.java   |  25 +---
 .../acls/domain/AccessControlEntryImpl.java   |  29 ++---
 .../domain/AclAuthorizationStrategyImpl.java  |  33 ++---
 .../acls/domain/AclFormattingUtils.java       |   8 --
 .../security/acls/domain/AclImpl.java         |  25 +---
 .../security/acls/domain/AuditLogger.java     |   1 -
 .../acls/domain/ConsoleAuditLogger.java       |   2 -
 .../acls/domain/CumulativePermission.java     |   3 -
 .../acls/domain/DefaultPermissionFactory.java |  26 +---
 .../DefaultPermissionGrantingStrategy.java    |  18 +--
 .../acls/domain/EhCacheBasedAclCache.java     |  34 +----
 .../acls/domain/GrantedAuthoritySid.java      |   1 -
 .../acls/domain/ObjectIdentityImpl.java       |  28 ++--
 .../acls/domain/PermissionFactory.java        |   1 -
 .../security/acls/domain/PrincipalSid.java    |   2 -
 .../acls/domain/SidRetrievalStrategyImpl.java |   3 -
 .../acls/domain/SpringCacheBasedAclCache.java |   9 --
 .../security/acls/jdbc/AclClassIdUtils.java   |  42 +++---
 .../acls/jdbc/BasicLookupStrategy.java        | 120 +++++++-----------
 .../security/acls/jdbc/JdbcAclService.java    |  25 ++--
 .../acls/jdbc/JdbcMutableAclService.java      |  34 ++---
 .../acls/model/AccessControlEntry.java        |   1 -
 .../security/acls/model/AclCache.java         |   1 -
 .../model/AuditableAccessControlEntry.java    |   1 -
 .../security/acls/model/AuditableAcl.java     |   1 -
 .../ObjectIdentityRetrievalStrategy.java      |   1 -
 33 files changed, 245 insertions(+), 522 deletions(-)

diff --git a/acl/src/main/java/org/springframework/security/acls/AclEntryVoter.java b/acl/src/main/java/org/springframework/security/acls/AclEntryVoter.java
index 1da5d07d6a..4e694b0247 100644
--- a/acl/src/main/java/org/springframework/security/acls/AclEntryVoter.java
+++ b/acl/src/main/java/org/springframework/security/acls/AclEntryVoter.java
@@ -41,6 +41,7 @@ import org.springframework.security.acls.model.Sid;
 import org.springframework.security.acls.model.SidRetrievalStrategy;
 import org.springframework.security.core.Authentication;
 import org.springframework.util.Assert;
+import org.springframework.util.ObjectUtils;
 import org.springframework.util.StringUtils;
 
 /**
@@ -100,7 +101,11 @@ public class AclEntryVoter extends AbstractAclVoter {
 
 	private static final Log logger = LogFactory.getLog(AclEntryVoter.class);
 
-	private AclService aclService;
+	private final AclService aclService;
+
+	private final String processConfigAttribute;
+
+	private final List<Permission> requirePermission;
 
 	private ObjectIdentityRetrievalStrategy objectIdentityRetrievalStrategy = new ObjectIdentityRetrievalStrategyImpl();
 
@@ -108,18 +113,10 @@ public class AclEntryVoter extends AbstractAclVoter {
 
 	private String internalMethod;
 
-	private String processConfigAttribute;
-
-	private List<Permission> requirePermission;
-
 	public AclEntryVoter(AclService aclService, String processConfigAttribute, Permission[] requirePermission) {
 		Assert.notNull(processConfigAttribute, "A processConfigAttribute is mandatory");
 		Assert.notNull(aclService, "An AclService is mandatory");
-
-		if ((requirePermission == null) || (requirePermission.length == 0)) {
-			throw new IllegalArgumentException("One or more requirePermission entries is mandatory");
-		}
-
+		Assert.isTrue(!ObjectUtils.isEmpty(requirePermission), "One or more requirePermission entries is mandatory");
 		this.aclService = aclService;
 		this.processConfigAttribute = processConfigAttribute;
 		this.requirePermission = Arrays.asList(requirePermission);
@@ -164,48 +161,24 @@ public class AclEntryVoter extends AbstractAclVoter {
 
 	@Override
 	public int vote(Authentication authentication, MethodInvocation object, Collection<ConfigAttribute> attributes) {
-
 		for (ConfigAttribute attr : attributes) {
-
-			if (!this.supports(attr)) {
+			if (!supports(attr)) {
 				continue;
 			}
+
 			// Need to make an access decision on this invocation
 			// Attempt to locate the domain object instance to process
 			Object domainObject = getDomainObjectInstance(object);
 
 			// If domain object is null, vote to abstain
 			if (domainObject == null) {
-				if (logger.isDebugEnabled()) {
-					logger.debug("Voting to abstain - domainObject is null");
-				}
-
+				logger.debug("Voting to abstain - domainObject is null");
 				return ACCESS_ABSTAIN;
 			}
 
 			// Evaluate if we are required to use an inner domain object
 			if (StringUtils.hasText(this.internalMethod)) {
-				try {
-					Class<?> clazz = domainObject.getClass();
-					Method method = clazz.getMethod(this.internalMethod, new Class[0]);
-					domainObject = method.invoke(domainObject);
-				}
-				catch (NoSuchMethodException nsme) {
-					throw new AuthorizationServiceException("Object of class '" + domainObject.getClass()
-							+ "' does not provide the requested internalMethod: " + this.internalMethod);
-				}
-				catch (IllegalAccessException iae) {
-					logger.debug("IllegalAccessException", iae);
-
-					throw new AuthorizationServiceException(
-							"Problem invoking internalMethod: " + this.internalMethod + " for object: " + domainObject);
-				}
-				catch (InvocationTargetException ite) {
-					logger.debug("InvocationTargetException", ite);
-
-					throw new AuthorizationServiceException(
-							"Problem invoking internalMethod: " + this.internalMethod + " for object: " + domainObject);
-				}
+				domainObject = invokeInternalMethod(domainObject);
 			}
 
 			// Obtain the OID applicable to the domain object
@@ -220,36 +193,21 @@ public class AclEntryVoter extends AbstractAclVoter {
 				// Lookup only ACLs for SIDs we're interested in
 				acl = this.aclService.readAclById(objectIdentity, sids);
 			}
-			catch (NotFoundException nfe) {
-				if (logger.isDebugEnabled()) {
-					logger.debug("Voting to deny access - no ACLs apply for this principal");
-				}
-
+			catch (NotFoundException ex) {
+				logger.debug("Voting to deny access - no ACLs apply for this principal");
 				return ACCESS_DENIED;
 			}
 
 			try {
 				if (acl.isGranted(this.requirePermission, sids, false)) {
-					if (logger.isDebugEnabled()) {
-						logger.debug("Voting to grant access");
-					}
-
+					logger.debug("Voting to grant access");
 					return ACCESS_GRANTED;
 				}
-				else {
-					if (logger.isDebugEnabled()) {
-						logger.debug(
-								"Voting to deny access - ACLs returned, but insufficient permissions for this principal");
-					}
-
-					return ACCESS_DENIED;
-				}
+				logger.debug("Voting to deny access - ACLs returned, but insufficient permissions for this principal");
+				return ACCESS_DENIED;
 			}
-			catch (NotFoundException nfe) {
-				if (logger.isDebugEnabled()) {
-					logger.debug("Voting to deny access - no ACLs apply for this principal");
-				}
-
+			catch (NotFoundException ex) {
+				logger.debug("Voting to deny access - no ACLs apply for this principal");
 				return ACCESS_DENIED;
 			}
 		}
@@ -258,4 +216,26 @@ public class AclEntryVoter extends AbstractAclVoter {
 		return ACCESS_ABSTAIN;
 	}
 
+	private Object invokeInternalMethod(Object domainObject) {
+		try {
+			Class<?> domainObjectType = domainObject.getClass();
+			Method method = domainObjectType.getMethod(this.internalMethod, new Class[0]);
+			return method.invoke(domainObject);
+		}
+		catch (NoSuchMethodException ex) {
+			throw new AuthorizationServiceException("Object of class '" + domainObject.getClass()
+					+ "' does not provide the requested internalMethod: " + this.internalMethod);
+		}
+		catch (IllegalAccessException ex) {
+			logger.debug("IllegalAccessException", ex);
+			throw new AuthorizationServiceException(
+					"Problem invoking internalMethod: " + this.internalMethod + " for object: " + domainObject);
+		}
+		catch (InvocationTargetException ex) {
+			logger.debug("InvocationTargetException", ex);
+			throw new AuthorizationServiceException(
+					"Problem invoking internalMethod: " + this.internalMethod + " for object: " + domainObject);
+		}
+	}
+
 }
diff --git a/acl/src/main/java/org/springframework/security/acls/AclPermissionCacheOptimizer.java b/acl/src/main/java/org/springframework/security/acls/AclPermissionCacheOptimizer.java
index 25fb52009a..663dcbf174 100644
--- a/acl/src/main/java/org/springframework/security/acls/AclPermissionCacheOptimizer.java
+++ b/acl/src/main/java/org/springframework/security/acls/AclPermissionCacheOptimizer.java
@@ -23,6 +23,7 @@ import java.util.List;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
+import org.springframework.core.log.LogMessage;
 import org.springframework.security.access.PermissionCacheOptimizer;
 import org.springframework.security.acls.domain.ObjectIdentityRetrievalStrategyImpl;
 import org.springframework.security.acls.domain.SidRetrievalStrategyImpl;
@@ -58,23 +59,15 @@ public class AclPermissionCacheOptimizer implements PermissionCacheOptimizer {
 		if (objects.isEmpty()) {
 			return;
 		}
-
 		List<ObjectIdentity> oidsToCache = new ArrayList<>(objects.size());
-
 		for (Object domainObject : objects) {
-			if (domainObject == null) {
-				continue;
+			if (domainObject != null) {
+				ObjectIdentity oid = this.oidRetrievalStrategy.getObjectIdentity(domainObject);
+				oidsToCache.add(oid);
 			}
-			ObjectIdentity oid = this.oidRetrievalStrategy.getObjectIdentity(domainObject);
-			oidsToCache.add(oid);
 		}
-
 		List<Sid> sids = this.sidRetrievalStrategy.getSids(authentication);
-
-		if (this.logger.isDebugEnabled()) {
-			this.logger.debug("Eagerly loading Acls for " + oidsToCache.size() + " objects");
-		}
-
+		this.logger.debug(LogMessage.of(() -> "Eagerly loading Acls for " + oidsToCache.size() + " objects"));
 		this.aclService.readAclsById(oidsToCache, sids);
 	}
 
diff --git a/acl/src/main/java/org/springframework/security/acls/AclPermissionEvaluator.java b/acl/src/main/java/org/springframework/security/acls/AclPermissionEvaluator.java
index 568f272c90..15907a22ca 100644
--- a/acl/src/main/java/org/springframework/security/acls/AclPermissionEvaluator.java
+++ b/acl/src/main/java/org/springframework/security/acls/AclPermissionEvaluator.java
@@ -24,6 +24,7 @@ import java.util.Locale;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
+import org.springframework.core.log.LogMessage;
 import org.springframework.security.access.PermissionEvaluator;
 import org.springframework.security.acls.domain.DefaultPermissionFactory;
 import org.springframework.security.acls.domain.ObjectIdentityRetrievalStrategyImpl;
@@ -76,9 +77,7 @@ public class AclPermissionEvaluator implements PermissionEvaluator {
 		if (domainObject == null) {
 			return false;
 		}
-
 		ObjectIdentity objectIdentity = this.objectIdentityRetrievalStrategy.getObjectIdentity(domainObject);
-
 		return checkPermission(authentication, objectIdentity, permission);
 	}
 
@@ -86,7 +85,6 @@ public class AclPermissionEvaluator implements PermissionEvaluator {
 	public boolean hasPermission(Authentication authentication, Serializable targetId, String targetType,
 			Object permission) {
 		ObjectIdentity objectIdentity = this.objectIdentityGenerator.createObjectIdentity(targetId, targetType);
-
 		return checkPermission(authentication, objectIdentity, permission);
 	}
 
@@ -94,72 +92,51 @@ public class AclPermissionEvaluator implements PermissionEvaluator {
 		// Obtain the SIDs applicable to the principal
 		List<Sid> sids = this.sidRetrievalStrategy.getSids(authentication);
 		List<Permission> requiredPermission = resolvePermission(permission);
-
-		final boolean debug = this.logger.isDebugEnabled();
-
-		if (debug) {
-			this.logger.debug("Checking permission '" + permission + "' for object '" + oid + "'");
-		}
-
+		this.logger.debug(LogMessage.of(() -> "Checking permission '" + permission + "' for object '" + oid + "'"));
 		try {
 			// Lookup only ACLs for SIDs we're interested in
 			Acl acl = this.aclService.readAclById(oid, sids);
-
 			if (acl.isGranted(requiredPermission, sids, false)) {
-				if (debug) {
-					this.logger.debug("Access is granted");
-				}
-
+				this.logger.debug("Access is granted");
 				return true;
 			}
-
-			if (debug) {
-				this.logger.debug("Returning false - ACLs returned, but insufficient permissions for this principal");
-			}
-
+			this.logger.debug("Returning false - ACLs returned, but insufficient permissions for this principal");
 		}
 		catch (NotFoundException nfe) {
-			if (debug) {
-				this.logger.debug("Returning false - no ACLs apply for this principal");
-			}
+			this.logger.debug("Returning false - no ACLs apply for this principal");
 		}
-
 		return false;
-
 	}
 
 	List<Permission> resolvePermission(Object permission) {
 		if (permission instanceof Integer) {
 			return Arrays.asList(this.permissionFactory.buildFromMask((Integer) permission));
 		}
-
 		if (permission instanceof Permission) {
 			return Arrays.asList((Permission) permission);
 		}
-
 		if (permission instanceof Permission[]) {
 			return Arrays.asList((Permission[]) permission);
 		}
-
 		if (permission instanceof String) {
 			String permString = (String) permission;
-			Permission p;
-
-			try {
-				p = this.permissionFactory.buildFromName(permString);
-			}
-			catch (IllegalArgumentException notfound) {
-				p = this.permissionFactory.buildFromName(permString.toUpperCase(Locale.ENGLISH));
-			}
-
+			Permission p = buildPermission(permString);
 			if (p != null) {
 				return Arrays.asList(p);
 			}
-
 		}
 		throw new IllegalArgumentException("Unsupported permission: " + permission);
 	}
 
+	private Permission buildPermission(String permString) {
+		try {
+			return this.permissionFactory.buildFromName(permString);
+		}
+		catch (IllegalArgumentException notfound) {
+			return this.permissionFactory.buildFromName(permString.toUpperCase(Locale.ENGLISH));
+		}
+	}
+
 	public void setObjectIdentityRetrievalStrategy(ObjectIdentityRetrievalStrategy objectIdentityRetrievalStrategy) {
 		this.objectIdentityRetrievalStrategy = objectIdentityRetrievalStrategy;
 	}
diff --git a/acl/src/main/java/org/springframework/security/acls/afterinvocation/AbstractAclProvider.java b/acl/src/main/java/org/springframework/security/acls/afterinvocation/AbstractAclProvider.java
index 9f1f5cd9b4..14fb8730d7 100644
--- a/acl/src/main/java/org/springframework/security/acls/afterinvocation/AbstractAclProvider.java
+++ b/acl/src/main/java/org/springframework/security/acls/afterinvocation/AbstractAclProvider.java
@@ -32,6 +32,7 @@ import org.springframework.security.acls.model.Sid;
 import org.springframework.security.acls.model.SidRetrievalStrategy;
 import org.springframework.security.core.Authentication;
 import org.springframework.util.Assert;
+import org.springframework.util.ObjectUtils;
 
 /**
  * Abstract {@link AfterInvocationProvider} which provides commonly-used ACL-related
@@ -43,25 +44,21 @@ public abstract class AbstractAclProvider implements AfterInvocationProvider {
 
 	protected final AclService aclService;
 
+	protected String processConfigAttribute;
+
 	protected Class<?> processDomainObjectClass = Object.class;
 
 	protected ObjectIdentityRetrievalStrategy objectIdentityRetrievalStrategy = new ObjectIdentityRetrievalStrategyImpl();
 
 	protected SidRetrievalStrategy sidRetrievalStrategy = new SidRetrievalStrategyImpl();
 
-	protected String processConfigAttribute;
-
 	protected final List<Permission> requirePermission;
 
 	public AbstractAclProvider(AclService aclService, String processConfigAttribute,
 			List<Permission> requirePermission) {
 		Assert.hasText(processConfigAttribute, "A processConfigAttribute is mandatory");
 		Assert.notNull(aclService, "An AclService is mandatory");
-
-		if (requirePermission == null || requirePermission.isEmpty()) {
-			throw new IllegalArgumentException("One or more requirePermission entries is mandatory");
-		}
-
+		Assert.isTrue(!ObjectUtils.isEmpty(requirePermission), "One or more requirePermission entries is mandatory");
 		this.aclService = aclService;
 		this.processConfigAttribute = processConfigAttribute;
 		this.requirePermission = requirePermission;
@@ -81,10 +78,9 @@ public abstract class AbstractAclProvider implements AfterInvocationProvider {
 		try {
 			// Lookup only ACLs for SIDs we're interested in
 			Acl acl = this.aclService.readAclById(objectIdentity, sids);
-
 			return acl.isGranted(this.requirePermission, sids, false);
 		}
-		catch (NotFoundException ignore) {
+		catch (NotFoundException ex) {
 			return false;
 		}
 	}
diff --git a/acl/src/main/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationCollectionFilteringProvider.java b/acl/src/main/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationCollectionFilteringProvider.java
index 80d8e5b2c8..fb788322dc 100644
--- a/acl/src/main/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationCollectionFilteringProvider.java
+++ b/acl/src/main/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationCollectionFilteringProvider.java
@@ -22,6 +22,7 @@ import java.util.List;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
+import org.springframework.core.log.LogMessage;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.access.AuthorizationServiceException;
 import org.springframework.security.access.ConfigAttribute;
@@ -75,10 +76,8 @@ public class AclEntryAfterInvocationCollectionFilteringProvider extends Abstract
 	@SuppressWarnings("unchecked")
 	public Object decide(Authentication authentication, Object object, Collection<ConfigAttribute> config,
 			Object returnedObject) throws AccessDeniedException {
-
 		if (returnedObject == null) {
 			logger.debug("Return object is null, skipping");
-
 			return null;
 		}
 
@@ -88,18 +87,7 @@ public class AclEntryAfterInvocationCollectionFilteringProvider extends Abstract
 			}
 
 			// Need to process the Collection for this invocation
-			Filterer filterer;
-
-			if (returnedObject instanceof Collection) {
-				filterer = new CollectionFilterer((Collection) returnedObject);
-			}
-			else if (returnedObject.getClass().isArray()) {
-				filterer = new ArrayFilterer((Object[]) returnedObject);
-			}
-			else {
-				throw new AuthorizationServiceException("A Collection or an array (or null) was required as the "
-						+ "returnedObject, but the returnedObject was: " + returnedObject);
-			}
+			Filterer filterer = getFilterer(returnedObject);
 
 			// Locate unauthorised Collection elements
 			for (Object domainObject : filterer) {
@@ -108,20 +96,25 @@ public class AclEntryAfterInvocationCollectionFilteringProvider extends Abstract
 				if (domainObject == null || !getProcessDomainObjectClass().isAssignableFrom(domainObject.getClass())) {
 					continue;
 				}
-
 				if (!hasPermission(authentication, domainObject)) {
 					filterer.remove(domainObject);
-
-					if (logger.isDebugEnabled()) {
-						logger.debug("Principal is NOT authorised for element: " + domainObject);
-					}
+					logger.debug(LogMessage.of(() -> "Principal is NOT authorised for element: " + domainObject));
 				}
 			}
-
 			return filterer.getFilteredObject();
 		}
-
 		return returnedObject;
 	}
 
+	private Filterer getFilterer(Object returnedObject) {
+		if (returnedObject instanceof Collection) {
+			return new CollectionFilterer((Collection) returnedObject);
+		}
+		if (returnedObject.getClass().isArray()) {
+			return new ArrayFilterer((Object[]) returnedObject);
+		}
+		throw new AuthorizationServiceException("A Collection or an array (or null) was required as the "
+				+ "returnedObject, but the returnedObject was: " + returnedObject);
+	}
+
 }
diff --git a/acl/src/main/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationProvider.java b/acl/src/main/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationProvider.java
index d65017220e..7659cee298 100644
--- a/acl/src/main/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationProvider.java
+++ b/acl/src/main/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationProvider.java
@@ -83,13 +83,11 @@ public class AclEntryAfterInvocationProvider extends AbstractAclProvider impleme
 			// AclManager interface contract prohibits nulls
 			// As they have permission to null/nothing, grant access
 			logger.debug("Return object is null, skipping");
-
 			return null;
 		}
 
 		if (!getProcessDomainObjectClass().isAssignableFrom(returnedObject.getClass())) {
 			logger.debug("Return object is not applicable for this provider, skipping");
-
 			return returnedObject;
 		}
 
@@ -97,14 +95,13 @@ public class AclEntryAfterInvocationProvider extends AbstractAclProvider impleme
 			if (!this.supports(attr)) {
 				continue;
 			}
-			// Need to make an access decision on this invocation
 
+			// Need to make an access decision on this invocation
 			if (hasPermission(authentication, returnedObject)) {
 				return returnedObject;
 			}
 
 			logger.debug("Denying access");
-
 			throw new AccessDeniedException(this.messages.getMessage("AclEntryAfterInvocationProvider.noPermission",
 					new Object[] { authentication.getName(), returnedObject },
 					"Authentication {0} has NO permissions to the domain object {1}"));
diff --git a/acl/src/main/java/org/springframework/security/acls/afterinvocation/ArrayFilterer.java b/acl/src/main/java/org/springframework/security/acls/afterinvocation/ArrayFilterer.java
index 38ee6610a9..c9c9d01fd5 100644
--- a/acl/src/main/java/org/springframework/security/acls/afterinvocation/ArrayFilterer.java
+++ b/acl/src/main/java/org/springframework/security/acls/afterinvocation/ArrayFilterer.java
@@ -25,6 +25,8 @@ import java.util.Set;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
+import org.springframework.core.log.LogMessage;
+
 /**
  * A filter used to filter arrays.
  *
@@ -41,17 +43,12 @@ class ArrayFilterer<T> implements Filterer<T> {
 
 	ArrayFilterer(T[] list) {
 		this.list = list;
-
 		// Collect the removed objects to a HashSet so that
 		// it is fast to lookup them when a filtered array
 		// is constructed.
 		this.removeList = new HashSet<>();
 	}
 
-	/**
-	 *
-	 * @see org.springframework.security.acls.afterinvocation.Filterer#getFilteredObject()
-	 */
 	@Override
 	@SuppressWarnings("unchecked")
 	public T[] getFilteredObject() {
@@ -59,60 +56,48 @@ class ArrayFilterer<T> implements Filterer<T> {
 		int originalSize = this.list.length;
 		int sizeOfResultingList = originalSize - this.removeList.size();
 		T[] filtered = (T[]) Array.newInstance(this.list.getClass().getComponentType(), sizeOfResultingList);
-
 		for (int i = 0, j = 0; i < this.list.length; i++) {
 			T object = this.list[i];
-
 			if (!this.removeList.contains(object)) {
 				filtered[j] = object;
 				j++;
 			}
 		}
-
-		if (logger.isDebugEnabled()) {
-			logger.debug("Original array contained " + originalSize + " elements; now contains " + sizeOfResultingList
-					+ " elements");
-		}
-
+		logger.debug(LogMessage.of(() -> "Original array contained " + originalSize + " elements; now contains "
+				+ sizeOfResultingList + " elements"));
 		return filtered;
 	}
 
-	/**
-	 *
-	 * @see org.springframework.security.acls.afterinvocation.Filterer#iterator()
-	 */
 	@Override
 	public Iterator<T> iterator() {
-		return new Iterator<T>() {
-			private int index = 0;
-
-			@Override
-			public boolean hasNext() {
-				return this.index < ArrayFilterer.this.list.length;
-			}
-
-			@Override
-			public T next() {
-				if (!hasNext()) {
-					throw new NoSuchElementException();
-				}
-				return ArrayFilterer.this.list[this.index++];
-			}
-
-			@Override
-			public void remove() {
-				throw new UnsupportedOperationException();
-			}
-		};
+		return new ArrayFiltererIterator();
 	}
 
-	/**
-	 *
-	 * @see org.springframework.security.acls.afterinvocation.Filterer#remove(java.lang.Object)
-	 */
 	@Override
 	public void remove(T object) {
 		this.removeList.add(object);
 	}
 
+	/**
+	 * Iterator for {@link ArrayFilterer} elements.
+	 */
+	private class ArrayFiltererIterator implements Iterator<T> {
+
+		private int index = 0;
+
+		@Override
+		public boolean hasNext() {
+			return this.index < ArrayFilterer.this.list.length;
+		}
+
+		@Override
+		public T next() {
+			if (hasNext()) {
+				return ArrayFilterer.this.list[this.index++];
+			}
+			throw new NoSuchElementException();
+		}
+
+	}
+
 }
diff --git a/acl/src/main/java/org/springframework/security/acls/afterinvocation/CollectionFilterer.java b/acl/src/main/java/org/springframework/security/acls/afterinvocation/CollectionFilterer.java
index 70a6a0e9cf..8322a9c1aa 100644
--- a/acl/src/main/java/org/springframework/security/acls/afterinvocation/CollectionFilterer.java
+++ b/acl/src/main/java/org/springframework/security/acls/afterinvocation/CollectionFilterer.java
@@ -24,6 +24,8 @@ import java.util.Set;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
+import org.springframework.core.log.LogMessage;
+
 /**
  * A filter used to filter Collections.
  *
@@ -40,7 +42,6 @@ class CollectionFilterer<T> implements Filterer<T> {
 
 	CollectionFilterer(Collection<T> collection) {
 		this.collection = collection;
-
 		// We create a Set of objects to be removed from the Collection,
 		// as ConcurrentModificationException prevents removal during
 		// iteration, and making a new Collection to be returned is
@@ -51,42 +52,24 @@ class CollectionFilterer<T> implements Filterer<T> {
 		this.removeList = new HashSet<>();
 	}
 
-	/**
-	 *
-	 * @see org.springframework.security.acls.afterinvocation.Filterer#getFilteredObject()
-	 */
 	@Override
 	public Object getFilteredObject() {
 		// Now the Iterator has ended, remove Objects from Collection
 		Iterator<T> removeIter = this.removeList.iterator();
-
 		int originalSize = this.collection.size();
-
 		while (removeIter.hasNext()) {
 			this.collection.remove(removeIter.next());
 		}
-
-		if (logger.isDebugEnabled()) {
-			logger.debug("Original collection contained " + originalSize + " elements; now contains "
-					+ this.collection.size() + " elements");
-		}
-
+		logger.debug(LogMessage.of(() -> "Original collection contained " + originalSize + " elements; now contains "
+				+ this.collection.size() + " elements"));
 		return this.collection;
 	}
 
-	/**
-	 *
-	 * @see org.springframework.security.acls.afterinvocation.Filterer#iterator()
-	 */
 	@Override
 	public Iterator<T> iterator() {
 		return this.collection.iterator();
 	}
 
-	/**
-	 *
-	 * @see org.springframework.security.acls.afterinvocation.Filterer#remove(java.lang.Object)
-	 */
 	@Override
 	public void remove(T object) {
 		this.removeList.add(object);
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/AccessControlEntryImpl.java b/acl/src/main/java/org/springframework/security/acls/domain/AccessControlEntryImpl.java
index e58d3d5562..dfc87a5f1f 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/AccessControlEntryImpl.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/AccessControlEntryImpl.java
@@ -65,60 +65,54 @@ public class AccessControlEntryImpl implements AccessControlEntry, AuditableAcce
 		if (!(arg0 instanceof AccessControlEntryImpl)) {
 			return false;
 		}
-
-		AccessControlEntryImpl rhs = (AccessControlEntryImpl) arg0;
-
+		AccessControlEntryImpl other = (AccessControlEntryImpl) arg0;
 		if (this.acl == null) {
-			if (rhs.getAcl() != null) {
+			if (other.getAcl() != null) {
 				return false;
 			}
 			// Both this.acl and rhs.acl are null and thus equal
 		}
 		else {
 			// this.acl is non-null
-			if (rhs.getAcl() == null) {
+			if (other.getAcl() == null) {
 				return false;
 			}
 
 			// Both this.acl and rhs.acl are non-null, so do a comparison
 			if (this.acl.getObjectIdentity() == null) {
-				if (rhs.acl.getObjectIdentity() != null) {
+				if (other.acl.getObjectIdentity() != null) {
 					return false;
 				}
 				// Both this.acl and rhs.acl are null and thus equal
 			}
 			else {
 				// Both this.acl.objectIdentity and rhs.acl.objectIdentity are non-null
-				if (!this.acl.getObjectIdentity().equals(rhs.getAcl().getObjectIdentity())) {
+				if (!this.acl.getObjectIdentity().equals(other.getAcl().getObjectIdentity())) {
 					return false;
 				}
 			}
 		}
-
 		if (this.id == null) {
-			if (rhs.id != null) {
+			if (other.id != null) {
 				return false;
 			}
 			// Both this.id and rhs.id are null and thus equal
 		}
 		else {
 			// this.id is non-null
-			if (rhs.id == null) {
+			if (other.id == null) {
 				return false;
 			}
-
 			// Both this.id and rhs.id are non-null
-			if (!this.id.equals(rhs.id)) {
+			if (!this.id.equals(other.id)) {
 				return false;
 			}
 		}
-
-		if ((this.auditFailure != rhs.isAuditFailure()) || (this.auditSuccess != rhs.isAuditSuccess())
-				|| (this.granting != rhs.isGranting()) || !this.permission.equals(rhs.getPermission())
-				|| !this.sid.equals(rhs.getSid())) {
+		if ((this.auditFailure != other.isAuditFailure()) || (this.auditSuccess != other.isAuditSuccess())
+				|| (this.granting != other.isGranting()) || !this.permission.equals(other.getPermission())
+				|| !this.sid.equals(other.getSid())) {
 			return false;
 		}
-
 		return true;
 	}
 
@@ -192,7 +186,6 @@ public class AccessControlEntryImpl implements AccessControlEntry, AuditableAcce
 		sb.append("auditSuccess: ").append(this.auditSuccess).append("; ");
 		sb.append("auditFailure: ").append(this.auditFailure);
 		sb.append("]");
-
 		return sb.toString();
 	}
 
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/AclAuthorizationStrategyImpl.java b/acl/src/main/java/org/springframework/security/acls/domain/AclAuthorizationStrategyImpl.java
index 92e621bc2d..34e62babb5 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/AclAuthorizationStrategyImpl.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/AclAuthorizationStrategyImpl.java
@@ -86,32 +86,15 @@ public class AclAuthorizationStrategyImpl implements AclAuthorizationStrategy {
 				|| !SecurityContextHolder.getContext().getAuthentication().isAuthenticated()) {
 			throw new AccessDeniedException("Authenticated principal required to operate with ACLs");
 		}
-
 		Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
-
 		// Check if authorized by virtue of ACL ownership
 		Sid currentUser = createCurrentUser(authentication);
-
 		if (currentUser.equals(acl.getOwner())
 				&& ((changeType == CHANGE_GENERAL) || (changeType == CHANGE_OWNERSHIP))) {
 			return;
 		}
-
 		// Not authorized by ACL ownership; try via adminstrative permissions
-		GrantedAuthority requiredAuthority;
-
-		if (changeType == CHANGE_AUDITING) {
-			requiredAuthority = this.gaModifyAuditing;
-		}
-		else if (changeType == CHANGE_GENERAL) {
-			requiredAuthority = this.gaGeneralChanges;
-		}
-		else if (changeType == CHANGE_OWNERSHIP) {
-			requiredAuthority = this.gaTakeOwnership;
-		}
-		else {
-			throw new IllegalArgumentException("Unknown change type");
-		}
+		GrantedAuthority requiredAuthority = getRequiredAuthority(changeType);
 
 		// Iterate this principal's authorities to determine right
 		Set<String> authorities = AuthorityUtils.authorityListToSet(authentication.getAuthorities());
@@ -121,7 +104,6 @@ public class AclAuthorizationStrategyImpl implements AclAuthorizationStrategy {
 
 		// Try to get permission via ACEs within the ACL
 		List<Sid> sids = this.sidRetrievalStrategy.getSids(authentication);
-
 		if (acl.isGranted(Arrays.asList(BasePermission.ADMINISTRATION), sids, false)) {
 			return;
 		}
@@ -130,6 +112,19 @@ public class AclAuthorizationStrategyImpl implements AclAuthorizationStrategy {
 				"Principal does not have required ACL permissions to perform requested operation");
 	}
 
+	private GrantedAuthority getRequiredAuthority(int changeType) {
+		if (changeType == CHANGE_AUDITING) {
+			return this.gaModifyAuditing;
+		}
+		if (changeType == CHANGE_GENERAL) {
+			return this.gaGeneralChanges;
+		}
+		if (changeType == CHANGE_OWNERSHIP) {
+			return this.gaTakeOwnership;
+		}
+		throw new IllegalArgumentException("Unknown change type");
+	}
+
 	/**
 	 * Creates a principal-like sid from the authentication information.
 	 * @param authentication the authentication information that can provide principal and
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/AclFormattingUtils.java b/acl/src/main/java/org/springframework/security/acls/domain/AclFormattingUtils.java
index 0922aa38bf..36bdb28a2d 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/AclFormattingUtils.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/AclFormattingUtils.java
@@ -31,9 +31,7 @@ public abstract class AclFormattingUtils {
 		Assert.notNull(removeBits, "Bits To Remove string required");
 		Assert.isTrue(original.length() == removeBits.length(),
 				"Original and Bits To Remove strings must be identical length");
-
 		char[] replacement = new char[original.length()];
-
 		for (int i = 0; i < original.length(); i++) {
 			if (removeBits.charAt(i) == Permission.RESERVED_OFF) {
 				replacement[i] = original.charAt(i);
@@ -42,7 +40,6 @@ public abstract class AclFormattingUtils {
 				replacement[i] = Permission.RESERVED_OFF;
 			}
 		}
-
 		return new String(replacement);
 	}
 
@@ -51,9 +48,7 @@ public abstract class AclFormattingUtils {
 		Assert.notNull(extraBits, "Extra Bits string required");
 		Assert.isTrue(original.length() == extraBits.length(),
 				"Original and Extra Bits strings must be identical length");
-
 		char[] replacement = new char[extraBits.length()];
-
 		for (int i = 0; i < extraBits.length(); i++) {
 			if (extraBits.charAt(i) == Permission.RESERVED_OFF) {
 				replacement[i] = original.charAt(i);
@@ -62,7 +57,6 @@ public abstract class AclFormattingUtils {
 				replacement[i] = extraBits.charAt(i);
 			}
 		}
-
 		return new String(replacement);
 	}
 
@@ -92,7 +86,6 @@ public abstract class AclFormattingUtils {
 				() -> Permission.RESERVED_ON + " is a reserved character code");
 		Assert.doesNotContain(Character.toString(code), Character.toString(Permission.RESERVED_OFF),
 				() -> Permission.RESERVED_OFF + " is a reserved character code");
-
 		return printBinary(mask, Permission.RESERVED_ON, Permission.RESERVED_OFF).replace(Permission.RESERVED_ON, code);
 	}
 
@@ -100,7 +93,6 @@ public abstract class AclFormattingUtils {
 		String s = Integer.toBinaryString(i);
 		String pattern = Permission.THIRTY_TWO_RESERVED_OFF;
 		String temp2 = pattern.substring(0, pattern.length() - s.length()) + s;
-
 		return temp2.replace('0', off).replace('1', on);
 	}
 
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/AclImpl.java b/acl/src/main/java/org/springframework/security/acls/domain/AclImpl.java
index bbba414e96..5f7a0532a3 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/AclImpl.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/AclImpl.java
@@ -53,10 +53,11 @@ public class AclImpl implements Acl, MutableAcl, AuditableAcl, OwnershipAcl {
 
 	private Serializable id;
 
-	private Sid owner; // OwnershipAcl
+	// OwnershipAcl
+	private Sid owner;
 
-	private List<Sid> loadedSids = null; // includes all SIDs the WHERE clause covered,
-											// even if there was no ACE for a SID
+	// includes all SIDs the WHERE clause covered, even if there was no ACE for a SID
+	private List<Sid> loadedSids = null;
 
 	private boolean entriesInheriting = true;
 
@@ -102,7 +103,6 @@ public class AclImpl implements Acl, MutableAcl, AuditableAcl, OwnershipAcl {
 		Assert.notNull(id, "Id required");
 		Assert.notNull(aclAuthorizationStrategy, "AclAuthorizationStrategy required");
 		Assert.notNull(owner, "Owner required");
-
 		this.objectIdentity = objectIdentity;
 		this.id = id;
 		this.aclAuthorizationStrategy = aclAuthorizationStrategy;
@@ -125,7 +125,6 @@ public class AclImpl implements Acl, MutableAcl, AuditableAcl, OwnershipAcl {
 	public void deleteAce(int aceIndex) throws NotFoundException {
 		this.aclAuthorizationStrategy.securityCheck(this, AclAuthorizationStrategy.CHANGE_GENERAL);
 		verifyAceIndexExists(aceIndex);
-
 		synchronized (this.aces) {
 			this.aces.remove(aceIndex);
 		}
@@ -154,9 +153,7 @@ public class AclImpl implements Acl, MutableAcl, AuditableAcl, OwnershipAcl {
 			throw new NotFoundException(
 					"atIndexLocation must be less than or equal to the size of the AccessControlEntry collection");
 		}
-
 		AccessControlEntryImpl ace = new AccessControlEntryImpl(null, this, sid, permission, granting, false, false);
-
 		synchronized (this.aces) {
 			this.aces.add(atIndexLocation, ace);
 		}
@@ -195,11 +192,9 @@ public class AclImpl implements Acl, MutableAcl, AuditableAcl, OwnershipAcl {
 			throws NotFoundException, UnloadedSidException {
 		Assert.notEmpty(permission, "Permissions required");
 		Assert.notEmpty(sids, "SIDs required");
-
 		if (!this.isSidLoaded(sids)) {
 			throw new UnloadedSidException("ACL was not loaded for one or more SID");
 		}
-
 		return this.permissionGrantingStrategy.isGranted(this, permission, sids, administrativeMode);
 	}
 
@@ -214,16 +209,13 @@ public class AclImpl implements Acl, MutableAcl, AuditableAcl, OwnershipAcl {
 		// This ACL applies to a SID subset only. Iterate to check it applies.
 		for (Sid sid : sids) {
 			boolean found = false;
-
 			for (Sid loadedSid : this.loadedSids) {
 				if (sid.equals(loadedSid)) {
 					// this SID is OK
 					found = true;
-
 					break; // out of loadedSids for loop
 				}
 			}
-
 			if (!found) {
 				return false;
 			}
@@ -266,7 +258,6 @@ public class AclImpl implements Acl, MutableAcl, AuditableAcl, OwnershipAcl {
 	public void updateAce(int aceIndex, Permission permission) throws NotFoundException {
 		this.aclAuthorizationStrategy.securityCheck(this, AclAuthorizationStrategy.CHANGE_GENERAL);
 		verifyAceIndexExists(aceIndex);
-
 		synchronized (this.aces) {
 			AccessControlEntryImpl ace = (AccessControlEntryImpl) this.aces.get(aceIndex);
 			ace.setPermission(permission);
@@ -277,7 +268,6 @@ public class AclImpl implements Acl, MutableAcl, AuditableAcl, OwnershipAcl {
 	public void updateAuditing(int aceIndex, boolean auditSuccess, boolean auditFailure) {
 		this.aclAuthorizationStrategy.securityCheck(this, AclAuthorizationStrategy.CHANGE_AUDITING);
 		verifyAceIndexExists(aceIndex);
-
 		synchronized (this.aces) {
 			AccessControlEntryImpl ace = (AccessControlEntryImpl) this.aces.get(aceIndex);
 			ace.setAuditSuccess(auditSuccess);
@@ -327,30 +317,23 @@ public class AclImpl implements Acl, MutableAcl, AuditableAcl, OwnershipAcl {
 		sb.append("id: ").append(this.id).append("; ");
 		sb.append("objectIdentity: ").append(this.objectIdentity).append("; ");
 		sb.append("owner: ").append(this.owner).append("; ");
-
 		int count = 0;
-
 		for (AccessControlEntry ace : this.aces) {
 			count++;
-
 			if (count == 1) {
 				sb.append("\n");
 			}
-
 			sb.append(ace).append("\n");
 		}
-
 		if (count == 0) {
 			sb.append("no ACEs; ");
 		}
-
 		sb.append("inheriting: ").append(this.entriesInheriting).append("; ");
 		sb.append("parent: ").append((this.parentAcl == null) ? "Null" : this.parentAcl.getObjectIdentity().toString());
 		sb.append("; ");
 		sb.append("aclAuthorizationStrategy: ").append(this.aclAuthorizationStrategy).append("; ");
 		sb.append("permissionGrantingStrategy: ").append(this.permissionGrantingStrategy);
 		sb.append("]");
-
 		return sb.toString();
 	}
 
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/AuditLogger.java b/acl/src/main/java/org/springframework/security/acls/domain/AuditLogger.java
index 0003f44154..20edb6aa23 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/AuditLogger.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/AuditLogger.java
@@ -22,7 +22,6 @@ import org.springframework.security.acls.model.AccessControlEntry;
  * Used by <code>AclImpl</code> to log audit events.
  *
  * @author Ben Alex
- *
  */
 public interface AuditLogger {
 
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/ConsoleAuditLogger.java b/acl/src/main/java/org/springframework/security/acls/domain/ConsoleAuditLogger.java
index ee2aec26a8..744ec34148 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/ConsoleAuditLogger.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/ConsoleAuditLogger.java
@@ -30,10 +30,8 @@ public class ConsoleAuditLogger implements AuditLogger {
 	@Override
 	public void logIfNeeded(boolean granted, AccessControlEntry ace) {
 		Assert.notNull(ace, "AccessControlEntry required");
-
 		if (ace instanceof AuditableAccessControlEntry) {
 			AuditableAccessControlEntry auditableAce = (AuditableAccessControlEntry) ace;
-
 			if (granted && auditableAce.isAuditSuccess()) {
 				System.out.println("GRANTED due to ACE: " + ace);
 			}
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/CumulativePermission.java b/acl/src/main/java/org/springframework/security/acls/domain/CumulativePermission.java
index d895f0bb46..819ce4e5f3 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/CumulativePermission.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/CumulativePermission.java
@@ -39,21 +39,18 @@ public class CumulativePermission extends AbstractPermission {
 	public CumulativePermission clear(Permission permission) {
 		this.mask &= ~permission.getMask();
 		this.pattern = AclFormattingUtils.demergePatterns(this.pattern, permission.getPattern());
-
 		return this;
 	}
 
 	public CumulativePermission clear() {
 		this.mask = 0;
 		this.pattern = THIRTY_TWO_RESERVED_OFF;
-
 		return this;
 	}
 
 	public CumulativePermission set(Permission permission) {
 		this.mask |= permission.getMask();
 		this.pattern = AclFormattingUtils.mergePatterns(this.pattern, permission.getPattern());
-
 		return this;
 	}
 
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/DefaultPermissionFactory.java b/acl/src/main/java/org/springframework/security/acls/domain/DefaultPermissionFactory.java
index abc67f6d01..8a68843d89 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/DefaultPermissionFactory.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/DefaultPermissionFactory.java
@@ -77,22 +77,18 @@ public class DefaultPermissionFactory implements PermissionFactory {
 	 */
 	protected void registerPublicPermissions(Class<? extends Permission> clazz) {
 		Assert.notNull(clazz, "Class required");
-
 		Field[] fields = clazz.getFields();
-
 		for (Field field : fields) {
 			try {
 				Object fieldValue = field.get(null);
-
 				if (Permission.class.isAssignableFrom(fieldValue.getClass())) {
 					// Found a Permission static field
 					Permission perm = (Permission) fieldValue;
 					String permissionName = field.getName();
-
 					registerPermission(perm, permissionName);
 				}
 			}
-			catch (Exception ignore) {
+			catch (Exception ex) {
 			}
 		}
 	}
@@ -100,7 +96,6 @@ public class DefaultPermissionFactory implements PermissionFactory {
 	protected void registerPermission(Permission perm, String permissionName) {
 		Assert.notNull(perm, "Permission required");
 		Assert.hasText(permissionName, "Permission name required");
-
 		Integer mask = perm.getMask();
 
 		// Ensure no existing Permission uses this integer or code
@@ -124,32 +119,22 @@ public class DefaultPermissionFactory implements PermissionFactory {
 
 		// To get this far, we have to use a CumulativePermission
 		CumulativePermission permission = new CumulativePermission();
-
 		for (int i = 0; i < 32; i++) {
 			int permissionToCheck = 1 << i;
-
 			if ((mask & permissionToCheck) == permissionToCheck) {
 				Permission p = this.registeredPermissionsByInteger.get(permissionToCheck);
-
-				if (p == null) {
-					throw new IllegalStateException(
-							"Mask '" + permissionToCheck + "' does not have a corresponding static Permission");
-				}
+				Assert.state(p != null,
+						() -> "Mask '" + permissionToCheck + "' does not have a corresponding static Permission");
 				permission.set(p);
 			}
 		}
-
 		return permission;
 	}
 
 	@Override
 	public Permission buildFromName(String name) {
 		Permission p = this.registeredPermissionsByName.get(name);
-
-		if (p == null) {
-			throw new IllegalArgumentException("Unknown permission '" + name + "'");
-		}
-
+		Assert.notNull(p, "Unknown permission '" + name + "'");
 		return p;
 	}
 
@@ -158,13 +143,10 @@ public class DefaultPermissionFactory implements PermissionFactory {
 		if ((names == null) || (names.size() == 0)) {
 			return Collections.emptyList();
 		}
-
 		List<Permission> permissions = new ArrayList<>(names.size());
-
 		for (String name : names) {
 			permissions.add(buildFromName(name));
 		}
-
 		return permissions;
 	}
 
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/DefaultPermissionGrantingStrategy.java b/acl/src/main/java/org/springframework/security/acls/domain/DefaultPermissionGrantingStrategy.java
index 6b3d7ae2fb..2bfc050be2 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/DefaultPermissionGrantingStrategy.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/DefaultPermissionGrantingStrategy.java
@@ -74,18 +74,13 @@ public class DefaultPermissionGrantingStrategy implements PermissionGrantingStra
 	@Override
 	public boolean isGranted(Acl acl, List<Permission> permission, List<Sid> sids, boolean administrativeMode)
 			throws NotFoundException {
-
-		final List<AccessControlEntry> aces = acl.getEntries();
-
+		List<AccessControlEntry> aces = acl.getEntries();
 		AccessControlEntry firstRejection = null;
-
 		for (Permission p : permission) {
 			for (Sid sid : sids) {
 				// Attempt to find exact match for this permission mask and SID
 				boolean scanNextSid = true;
-
 				for (AccessControlEntry ace : aces) {
-
 					if (isGranted(ace, p) && ace.getSid().equals(sid)) {
 						// Found a matching ACE, so its authorization decision will
 						// prevail
@@ -94,7 +89,6 @@ public class DefaultPermissionGrantingStrategy implements PermissionGrantingStra
 							if (!administrativeMode) {
 								this.auditLogger.logIfNeeded(true, ace);
 							}
-
 							return true;
 						}
 
@@ -105,13 +99,11 @@ public class DefaultPermissionGrantingStrategy implements PermissionGrantingStra
 							// Store first rejection for auditing reasons
 							firstRejection = ace;
 						}
-
 						scanNextSid = false; // helps break the loop
 
 						break; // exit aces loop
 					}
 				}
-
 				if (!scanNextSid) {
 					break; // exit SID for loop (now try next permission)
 				}
@@ -124,7 +116,6 @@ public class DefaultPermissionGrantingStrategy implements PermissionGrantingStra
 			if (!administrativeMode) {
 				this.auditLogger.logIfNeeded(false, firstRejection);
 			}
-
 			return false;
 		}
 
@@ -133,10 +124,9 @@ public class DefaultPermissionGrantingStrategy implements PermissionGrantingStra
 			// We have a parent, so let them try to find a matching ACE
 			return acl.getParentAcl().isGranted(permission, sids, false);
 		}
-		else {
-			// We either have no parent, or we're the uppermost parent
-			throw new NotFoundException("Unable to locate a matching ACE for passed permissions and SIDs");
-		}
+
+		// We either have no parent, or we're the uppermost parent
+		throw new NotFoundException("Unable to locate a matching ACE for passed permissions and SIDs");
 	}
 
 	/**
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/EhCacheBasedAclCache.java b/acl/src/main/java/org/springframework/security/acls/domain/EhCacheBasedAclCache.java
index 0a7af4a255..124ec9671d 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/EhCacheBasedAclCache.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/EhCacheBasedAclCache.java
@@ -59,9 +59,7 @@ public class EhCacheBasedAclCache implements AclCache {
 	@Override
 	public void evictFromCache(Serializable pk) {
 		Assert.notNull(pk, "Primary key (identifier) required");
-
 		MutableAcl acl = getFromCache(pk);
-
 		if (acl != null) {
 			this.cache.remove(acl.getId());
 			this.cache.remove(acl.getObjectIdentity());
@@ -71,9 +69,7 @@ public class EhCacheBasedAclCache implements AclCache {
 	@Override
 	public void evictFromCache(ObjectIdentity objectIdentity) {
 		Assert.notNull(objectIdentity, "ObjectIdentity required");
-
 		MutableAcl acl = getFromCache(objectIdentity);
-
 		if (acl != null) {
 			this.cache.remove(acl.getId());
 			this.cache.remove(acl.getObjectIdentity());
@@ -83,39 +79,25 @@ public class EhCacheBasedAclCache implements AclCache {
 	@Override
 	public MutableAcl getFromCache(ObjectIdentity objectIdentity) {
 		Assert.notNull(objectIdentity, "ObjectIdentity required");
-
-		Element element = null;
-
 		try {
-			element = this.cache.get(objectIdentity);
+			Element element = this.cache.get(objectIdentity);
+			return (element != null) ? initializeTransientFields((MutableAcl) element.getValue()) : null;
 		}
-		catch (CacheException ignored) {
-		}
-
-		if (element == null) {
+		catch (CacheException ex) {
 			return null;
 		}
-
-		return initializeTransientFields((MutableAcl) element.getValue());
 	}
 
 	@Override
 	public MutableAcl getFromCache(Serializable pk) {
 		Assert.notNull(pk, "Primary key (identifier) required");
-
-		Element element = null;
-
 		try {
-			element = this.cache.get(pk);
+			Element element = this.cache.get(pk);
+			return (element != null) ? initializeTransientFields((MutableAcl) element.getValue()) : null;
 		}
-		catch (CacheException ignored) {
-		}
-
-		if (element == null) {
+		catch (CacheException ex) {
 			return null;
 		}
-
-		return initializeTransientFields((MutableAcl) element.getValue());
 	}
 
 	@Override
@@ -123,7 +105,6 @@ public class EhCacheBasedAclCache implements AclCache {
 		Assert.notNull(acl, "Acl required");
 		Assert.notNull(acl.getObjectIdentity(), "ObjectIdentity required");
 		Assert.notNull(acl.getId(), "ID required");
-
 		if (this.aclAuthorizationStrategy == null) {
 			if (acl instanceof AclImpl) {
 				this.aclAuthorizationStrategy = (AclAuthorizationStrategy) FieldUtils
@@ -132,11 +113,9 @@ public class EhCacheBasedAclCache implements AclCache {
 						.getProtectedFieldValue("permissionGrantingStrategy", acl);
 			}
 		}
-
 		if ((acl.getParentAcl() != null) && (acl.getParentAcl() instanceof MutableAcl)) {
 			putInCache((MutableAcl) acl.getParentAcl());
 		}
-
 		this.cache.put(new Element(acl.getObjectIdentity(), acl));
 		this.cache.put(new Element(acl.getId(), acl));
 	}
@@ -146,7 +125,6 @@ public class EhCacheBasedAclCache implements AclCache {
 			FieldUtils.setProtectedFieldValue("aclAuthorizationStrategy", value, this.aclAuthorizationStrategy);
 			FieldUtils.setProtectedFieldValue("permissionGrantingStrategy", value, this.permissionGrantingStrategy);
 		}
-
 		if (value.getParentAcl() != null) {
 			initializeTransientFields((MutableAcl) value.getParentAcl());
 		}
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/GrantedAuthoritySid.java b/acl/src/main/java/org/springframework/security/acls/domain/GrantedAuthoritySid.java
index 64eb57aacd..73c1dc0366 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/GrantedAuthoritySid.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/GrantedAuthoritySid.java
@@ -51,7 +51,6 @@ public class GrantedAuthoritySid implements Sid {
 		if ((object == null) || !(object instanceof GrantedAuthoritySid)) {
 			return false;
 		}
-
 		// Delegate to getGrantedAuthority() to perform actual comparison (both should be
 		// identical)
 		return ((GrantedAuthoritySid) object).getGrantedAuthority().equals(this.getGrantedAuthority());
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/ObjectIdentityImpl.java b/acl/src/main/java/org/springframework/security/acls/domain/ObjectIdentityImpl.java
index 61018e349c..aafa3fff3f 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/ObjectIdentityImpl.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/ObjectIdentityImpl.java
@@ -40,7 +40,6 @@ public class ObjectIdentityImpl implements ObjectIdentity {
 	public ObjectIdentityImpl(String type, Serializable identifier) {
 		Assert.hasText(type, "Type required");
 		Assert.notNull(identifier, "identifier required");
-
 		this.identifier = identifier;
 		this.type = type;
 	}
@@ -68,23 +67,22 @@ public class ObjectIdentityImpl implements ObjectIdentity {
 	 */
 	public ObjectIdentityImpl(Object object) throws IdentityUnavailableException {
 		Assert.notNull(object, "object cannot be null");
-
 		Class<?> typeClass = ClassUtils.getUserClass(object.getClass());
 		this.type = typeClass.getName();
+		Object result = invokeGetIdMethod(object, typeClass);
+		Assert.notNull(result, "getId() is required to return a non-null value");
+		Assert.isInstanceOf(Serializable.class, result, "Getter must provide a return value of type Serializable");
+		this.identifier = (Serializable) result;
+	}
 
-		Object result;
-
+	private Object invokeGetIdMethod(Object object, Class<?> typeClass) {
 		try {
 			Method method = typeClass.getMethod("getId", new Class[] {});
-			result = method.invoke(object);
+			return method.invoke(object);
 		}
 		catch (Exception ex) {
 			throw new IdentityUnavailableException("Could not extract identity from object " + object, ex);
 		}
-
-		Assert.notNull(result, "getId() is required to return a non-null value");
-		Assert.isInstanceOf(Serializable.class, result, "Getter must provide a return value of type Serializable");
-		this.identifier = (Serializable) result;
 	}
 
 	/**
@@ -95,17 +93,15 @@ public class ObjectIdentityImpl implements ObjectIdentity {
 	 * <p>
 	 * Numeric identities (Integer and Long values) are considered equal if they are
 	 * numerically equal. Other serializable types are evaluated using a simple equality.
-	 * @param arg0 object to compare
+	 * @param obj object to compare
 	 * @return <code>true</code> if the presented object matches this object
 	 */
 	@Override
-	public boolean equals(Object arg0) {
-		if (arg0 == null || !(arg0 instanceof ObjectIdentityImpl)) {
+	public boolean equals(Object obj) {
+		if (obj == null || !(obj instanceof ObjectIdentityImpl)) {
 			return false;
 		}
-
-		ObjectIdentityImpl other = (ObjectIdentityImpl) arg0;
-
+		ObjectIdentityImpl other = (ObjectIdentityImpl) obj;
 		if (this.identifier instanceof Number && other.identifier instanceof Number) {
 			// Integers and Longs with same value should be considered equal
 			if (((Number) this.identifier).longValue() != ((Number) other.identifier).longValue()) {
@@ -118,7 +114,6 @@ public class ObjectIdentityImpl implements ObjectIdentity {
 				return false;
 			}
 		}
-
 		return this.type.equals(other.type);
 	}
 
@@ -149,7 +144,6 @@ public class ObjectIdentityImpl implements ObjectIdentity {
 		sb.append(this.getClass().getName()).append("[");
 		sb.append("Type: ").append(this.type);
 		sb.append("; Identifier: ").append(this.identifier).append("]");
-
 		return sb.toString();
 	}
 
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/PermissionFactory.java b/acl/src/main/java/org/springframework/security/acls/domain/PermissionFactory.java
index 70ca75701e..41b613274e 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/PermissionFactory.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/PermissionFactory.java
@@ -26,7 +26,6 @@ import org.springframework.security.acls.model.Permission;
  *
  * @author Ben Alex
  * @since 2.0.3
- *
  */
 public interface PermissionFactory {
 
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/PrincipalSid.java b/acl/src/main/java/org/springframework/security/acls/domain/PrincipalSid.java
index 1dc357762f..373d85a5e9 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/PrincipalSid.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/PrincipalSid.java
@@ -42,7 +42,6 @@ public class PrincipalSid implements Sid {
 	public PrincipalSid(Authentication authentication) {
 		Assert.notNull(authentication, "Authentication required");
 		Assert.notNull(authentication.getPrincipal(), "Principal required");
-
 		this.principal = authentication.getName();
 	}
 
@@ -51,7 +50,6 @@ public class PrincipalSid implements Sid {
 		if ((object == null) || !(object instanceof PrincipalSid)) {
 			return false;
 		}
-
 		// Delegate to getPrincipal() to perform actual comparison (both should be
 		// identical)
 		return ((PrincipalSid) object).getPrincipal().equals(this.getPrincipal());
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/SidRetrievalStrategyImpl.java b/acl/src/main/java/org/springframework/security/acls/domain/SidRetrievalStrategyImpl.java
index 5a82c3e6ac..92e0e6a224 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/SidRetrievalStrategyImpl.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/SidRetrievalStrategyImpl.java
@@ -56,13 +56,10 @@ public class SidRetrievalStrategyImpl implements SidRetrievalStrategy {
 		Collection<? extends GrantedAuthority> authorities = this.roleHierarchy
 				.getReachableGrantedAuthorities(authentication.getAuthorities());
 		List<Sid> sids = new ArrayList<>(authorities.size() + 1);
-
 		sids.add(new PrincipalSid(authentication));
-
 		for (GrantedAuthority authority : authorities) {
 			sids.add(new GrantedAuthoritySid(authority));
 		}
-
 		return sids;
 	}
 
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/SpringCacheBasedAclCache.java b/acl/src/main/java/org/springframework/security/acls/domain/SpringCacheBasedAclCache.java
index 37b2bd2fee..0ad9813b5e 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/SpringCacheBasedAclCache.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/SpringCacheBasedAclCache.java
@@ -60,9 +60,7 @@ public class SpringCacheBasedAclCache implements AclCache {
 	@Override
 	public void evictFromCache(Serializable pk) {
 		Assert.notNull(pk, "Primary key (identifier) required");
-
 		MutableAcl acl = getFromCache(pk);
-
 		if (acl != null) {
 			this.cache.evict(acl.getId());
 			this.cache.evict(acl.getObjectIdentity());
@@ -72,9 +70,7 @@ public class SpringCacheBasedAclCache implements AclCache {
 	@Override
 	public void evictFromCache(ObjectIdentity objectIdentity) {
 		Assert.notNull(objectIdentity, "ObjectIdentity required");
-
 		MutableAcl acl = getFromCache(objectIdentity);
-
 		if (acl != null) {
 			this.cache.evict(acl.getId());
 			this.cache.evict(acl.getObjectIdentity());
@@ -98,22 +94,18 @@ public class SpringCacheBasedAclCache implements AclCache {
 		Assert.notNull(acl, "Acl required");
 		Assert.notNull(acl.getObjectIdentity(), "ObjectIdentity required");
 		Assert.notNull(acl.getId(), "ID required");
-
 		if ((acl.getParentAcl() != null) && (acl.getParentAcl() instanceof MutableAcl)) {
 			putInCache((MutableAcl) acl.getParentAcl());
 		}
-
 		this.cache.put(acl.getObjectIdentity(), acl);
 		this.cache.put(acl.getId(), acl);
 	}
 
 	private MutableAcl getFromCache(Object key) {
 		Cache.ValueWrapper element = this.cache.get(key);
-
 		if (element == null) {
 			return null;
 		}
-
 		return initializeTransientFields((MutableAcl) element.get());
 	}
 
@@ -122,7 +114,6 @@ public class SpringCacheBasedAclCache implements AclCache {
 			FieldUtils.setProtectedFieldValue("aclAuthorizationStrategy", value, this.aclAuthorizationStrategy);
 			FieldUtils.setProtectedFieldValue("permissionGrantingStrategy", value, this.permissionGrantingStrategy);
 		}
-
 		if (value.getParentAcl() != null) {
 			initializeTransientFields((MutableAcl) value.getParentAcl());
 		}
diff --git a/acl/src/main/java/org/springframework/security/acls/jdbc/AclClassIdUtils.java b/acl/src/main/java/org/springframework/security/acls/jdbc/AclClassIdUtils.java
index 5d124d8b52..3255b3a967 100644
--- a/acl/src/main/java/org/springframework/security/acls/jdbc/AclClassIdUtils.java
+++ b/acl/src/main/java/org/springframework/security/acls/jdbc/AclClassIdUtils.java
@@ -70,26 +70,20 @@ class AclClassIdUtils {
 	Serializable identifierFrom(Serializable identifier, ResultSet resultSet) throws SQLException {
 		if (isString(identifier) && hasValidClassIdType(resultSet)
 				&& canConvertFromStringTo(classIdTypeFrom(resultSet))) {
-
-			identifier = convertFromStringTo((String) identifier, classIdTypeFrom(resultSet));
+			return convertFromStringTo((String) identifier, classIdTypeFrom(resultSet));
 		}
-		else {
-			// Assume it should be a Long type
-			identifier = convertToLong(identifier);
-		}
-
-		return identifier;
+		// Assume it should be a Long type
+		return convertToLong(identifier);
 	}
 
 	private boolean hasValidClassIdType(ResultSet resultSet) {
-		boolean hasClassIdType = false;
 		try {
-			hasClassIdType = classIdTypeFrom(resultSet) != null;
+			return classIdTypeFrom(resultSet) != null;
 		}
 		catch (SQLException ex) {
 			log.debug("Unable to obtain the class id type", ex);
+			return false;
 		}
-		return hasClassIdType;
 	}
 
 	private <T extends Serializable> Class<T> classIdTypeFrom(ResultSet resultSet) throws SQLException {
@@ -97,16 +91,16 @@ class AclClassIdUtils {
 	}
 
 	private <T extends Serializable> Class<T> classIdTypeFrom(String className) {
-		Class targetType = null;
-		if (className != null) {
-			try {
-				targetType = Class.forName(className);
-			}
-			catch (ClassNotFoundException ex) {
-				log.debug("Unable to find class id type on classpath", ex);
-			}
+		if (className == null) {
+			return null;
+		}
+		try {
+			return (Class) Class.forName(className);
+		}
+		catch (ClassNotFoundException ex) {
+			log.debug("Unable to find class id type on classpath", ex);
+			return null;
 		}
-		return targetType;
 	}
 
 	private <T> boolean canConvertFromStringTo(Class<T> targetType) {
@@ -128,14 +122,10 @@ class AclClassIdUtils {
 	 * @throws IllegalArgumentException if targetType is null
 	 */
 	private Long convertToLong(Serializable identifier) {
-		Long idAsLong;
 		if (this.conversionService.canConvert(identifier.getClass(), Long.class)) {
-			idAsLong = this.conversionService.convert(identifier, Long.class);
+			return this.conversionService.convert(identifier, Long.class);
 		}
-		else {
-			idAsLong = Long.valueOf(identifier.toString());
-		}
-		return idAsLong;
+		return Long.valueOf(identifier.toString());
 	}
 
 	private boolean isString(Serializable object) {
diff --git a/acl/src/main/java/org/springframework/security/acls/jdbc/BasicLookupStrategy.java b/acl/src/main/java/org/springframework/security/acls/jdbc/BasicLookupStrategy.java
index 4ebf564588..9d4d099b25 100644
--- a/acl/src/main/java/org/springframework/security/acls/jdbc/BasicLookupStrategy.java
+++ b/acl/src/main/java/org/springframework/security/acls/jdbc/BasicLookupStrategy.java
@@ -18,6 +18,7 @@ package org.springframework.security.acls.jdbc;
 
 import java.io.Serializable;
 import java.lang.reflect.Field;
+import java.sql.PreparedStatement;
 import java.sql.ResultSet;
 import java.sql.SQLException;
 import java.util.ArrayList;
@@ -167,26 +168,19 @@ public class BasicLookupStrategy implements LookupStrategy {
 	}
 
 	private String computeRepeatingSql(String repeatingSql, int requiredRepetitions) {
-		assert requiredRepetitions > 0 : "requiredRepetitions must be > 0";
-
-		final String startSql = this.selectClause;
-
-		final String endSql = this.orderByClause;
-
+		Assert.isTrue(requiredRepetitions > 0, "requiredRepetitions must be > 0");
+		String startSql = this.selectClause;
+		String endSql = this.orderByClause;
 		StringBuilder sqlStringBldr = new StringBuilder(
 				startSql.length() + endSql.length() + requiredRepetitions * (repeatingSql.length() + 4));
 		sqlStringBldr.append(startSql);
-
 		for (int i = 1; i <= requiredRepetitions; i++) {
 			sqlStringBldr.append(repeatingSql);
-
 			if (i != requiredRepetitions) {
 				sqlStringBldr.append(" or ");
 			}
 		}
-
 		sqlStringBldr.append(endSql);
-
 		return sqlStringBldr.toString();
 	}
 
@@ -228,18 +222,9 @@ public class BasicLookupStrategy implements LookupStrategy {
 	private void lookupPrimaryKeys(final Map<Serializable, Acl> acls, final Set<Long> findNow, final List<Sid> sids) {
 		Assert.notNull(acls, "ACLs are required");
 		Assert.notEmpty(findNow, "Items to find now required");
-
 		String sql = computeRepeatingSql(this.lookupPrimaryKeysWhereClause, findNow.size());
-
-		Set<Long> parentsToLookup = this.jdbcTemplate.query(sql, (ps) -> {
-			int i = 0;
-
-			for (Long toFind : findNow) {
-				i++;
-				ps.setLong(i, toFind);
-			}
-		}, new ProcessResultSet(acls, sids));
-
+		Set<Long> parentsToLookup = this.jdbcTemplate.query(sql, (ps) -> setKeys(ps, findNow),
+				new ProcessResultSet(acls, sids));
 		// Lookup the parents, now that our JdbcTemplate has released the database
 		// connection (SEC-547)
 		if (parentsToLookup.size() > 0) {
@@ -247,6 +232,14 @@ public class BasicLookupStrategy implements LookupStrategy {
 		}
 	}
 
+	private void setKeys(PreparedStatement ps, Set<Long> findNow) throws SQLException {
+		int i = 0;
+		for (Long toFind : findNow) {
+			i++;
+			ps.setLong(i, toFind);
+		}
+	}
+
 	/**
 	 * The main method.
 	 * <p>
@@ -269,68 +262,48 @@ public class BasicLookupStrategy implements LookupStrategy {
 	public final Map<ObjectIdentity, Acl> readAclsById(List<ObjectIdentity> objects, List<Sid> sids) {
 		Assert.isTrue(this.batchSize >= 1, "BatchSize must be >= 1");
 		Assert.notEmpty(objects, "Objects to lookup required");
-
 		// Map<ObjectIdentity,Acl>
-		Map<ObjectIdentity, Acl> result = new HashMap<>(); // contains
-															// FULLY
-															// loaded
-															// Acl
-															// objects
-
+		// contains FULLY loaded Acl objects
+		Map<ObjectIdentity, Acl> result = new HashMap<>();
 		Set<ObjectIdentity> currentBatchToLoad = new HashSet<>();
-
 		for (int i = 0; i < objects.size(); i++) {
 			final ObjectIdentity oid = objects.get(i);
 			boolean aclFound = false;
-
 			// Check we don't already have this ACL in the results
 			if (result.containsKey(oid)) {
 				aclFound = true;
 			}
-
 			// Check cache for the present ACL entry
 			if (!aclFound) {
 				Acl acl = this.aclCache.getFromCache(oid);
-
 				// Ensure any cached element supports all the requested SIDs
 				// (they should always, as our base impl doesn't filter on SID)
 				if (acl != null) {
-					if (acl.isSidLoaded(sids)) {
-						result.put(acl.getObjectIdentity(), acl);
-						aclFound = true;
-					}
-					else {
-						throw new IllegalStateException(
-								"Error: SID-filtered element detected when implementation does not perform SID filtering "
-										+ "- have you added something to the cache manually?");
-					}
+					Assert.state(acl.isSidLoaded(sids),
+							"Error: SID-filtered element detected when implementation does not perform SID filtering "
+									+ "- have you added something to the cache manually?");
+					result.put(acl.getObjectIdentity(), acl);
+					aclFound = true;
 				}
 			}
-
 			// Load the ACL from the database
 			if (!aclFound) {
 				currentBatchToLoad.add(oid);
 			}
-
 			// Is it time to load from JDBC the currentBatchToLoad?
 			if ((currentBatchToLoad.size() == this.batchSize) || ((i + 1) == objects.size())) {
 				if (currentBatchToLoad.size() > 0) {
 					Map<ObjectIdentity, Acl> loadedBatch = lookupObjectIdentities(currentBatchToLoad, sids);
-
 					// Add loaded batch (all elements 100% initialized) to results
 					result.putAll(loadedBatch);
-
 					// Add the loaded batch to the cache
-
 					for (Acl loadedAcl : loadedBatch.values()) {
 						this.aclCache.putInCache((AclImpl) loadedAcl);
 					}
-
 					currentBatchToLoad.clear();
 				}
 			}
 		}
-
 		return result;
 	}
 
@@ -343,37 +316,20 @@ public class BasicLookupStrategy implements LookupStrategy {
 	 * <p>
 	 * This subclass is required to return fully valid <code>Acl</code>s, including
 	 * properly-configured parent ACLs.
-	 *
 	 */
 	private Map<ObjectIdentity, Acl> lookupObjectIdentities(final Collection<ObjectIdentity> objectIdentities,
 			List<Sid> sids) {
 		Assert.notEmpty(objectIdentities, "Must provide identities to lookup");
 
-		final Map<Serializable, Acl> acls = new HashMap<>(); // contains
-																// Acls
-																// with
-																// StubAclParents
+		// contains Acls with StubAclParents
+		Map<Serializable, Acl> acls = new HashMap<>();
 
 		// Make the "acls" map contain all requested objectIdentities
 		// (including markers to each parent in the hierarchy)
 		String sql = computeRepeatingSql(this.lookupObjectIdentitiesWhereClause, objectIdentities.size());
 
-		Set<Long> parentsToLookup = this.jdbcTemplate.query(sql, (ps) -> {
-			int i = 0;
-			for (ObjectIdentity oid : objectIdentities) {
-				// Determine prepared statement values for this iteration
-				String type = oid.getType();
-
-				// No need to check for nulls, as guaranteed non-null by
-				// ObjectIdentity.getIdentifier() interface contract
-				String identifier = oid.getIdentifier().toString();
-
-				// Inject values
-				ps.setString((2 * i) + 1, identifier);
-				ps.setString((2 * i) + 2, type);
-				i++;
-			}
-		}, new ProcessResultSet(acls, sids));
+		Set<Long> parentsToLookup = this.jdbcTemplate.query(sql,
+				(ps) -> setupLookupObjectIdentitiesStatement(ps, objectIdentities), new ProcessResultSet(acls, sids));
 
 		// Lookup the parents, now that our JdbcTemplate has released the database
 		// connection (SEC-547)
@@ -383,11 +339,9 @@ public class BasicLookupStrategy implements LookupStrategy {
 
 		// Finally, convert our "acls" containing StubAclParents into true Acls
 		Map<ObjectIdentity, Acl> resultMap = new HashMap<>();
-
 		for (Acl inputAcl : acls.values()) {
 			Assert.isInstanceOf(AclImpl.class, inputAcl, "Map should have contained an AclImpl");
 			Assert.isInstanceOf(Long.class, ((AclImpl) inputAcl).getId(), "Acl.getId() must be Long");
-
 			Acl result = convert(acls, (Long) ((AclImpl) inputAcl).getId());
 			resultMap.put(result.getObjectIdentity(), result);
 		}
@@ -395,6 +349,24 @@ public class BasicLookupStrategy implements LookupStrategy {
 		return resultMap;
 	}
 
+	private void setupLookupObjectIdentitiesStatement(PreparedStatement ps, Collection<ObjectIdentity> objectIdentities)
+			throws SQLException {
+		int i = 0;
+		for (ObjectIdentity oid : objectIdentities) {
+			// Determine prepared statement values for this iteration
+			String type = oid.getType();
+
+			// No need to check for nulls, as guaranteed non-null by
+			// ObjectIdentity.getIdentifier() interface contract
+			String identifier = oid.getIdentifier().toString();
+
+			// Inject values
+			ps.setString((2 * i) + 1, identifier);
+			ps.setString((2 * i) + 2, type);
+			i++;
+		}
+	}
+
 	/**
 	 * The final phase of converting the <code>Map</code> of <code>AclImpl</code>
 	 * instances which contain <code>StubAclParent</code>s into proper, valid
@@ -402,7 +374,6 @@ public class BasicLookupStrategy implements LookupStrategy {
 	 * @param inputMap the unconverted <code>AclImpl</code>s
 	 * @param currentIdentity the current<code>Acl</code> that we wish to convert (this
 	 * may be
-	 *
 	 */
 	private AclImpl convert(Map<Serializable, Acl> inputMap, Long currentIdentity) {
 		Assert.notEmpty(inputMap, "InputMap required");
@@ -460,9 +431,7 @@ public class BasicLookupStrategy implements LookupStrategy {
 		if (isPrincipal) {
 			return new PrincipalSid(sid);
 		}
-		else {
-			return new GrantedAuthoritySid(sid);
-		}
+		return new GrantedAuthoritySid(sid);
 	}
 
 	/**
@@ -564,7 +533,6 @@ public class BasicLookupStrategy implements LookupStrategy {
 
 					// Now try to find it in the cache
 					MutableAcl cached = BasicLookupStrategy.this.aclCache.getFromCache(parentId);
-
 					if ((cached == null) || !cached.isSidLoaded(this.sids)) {
 						parentIdsToLookup.add(parentId);
 					}
diff --git a/acl/src/main/java/org/springframework/security/acls/jdbc/JdbcAclService.java b/acl/src/main/java/org/springframework/security/acls/jdbc/JdbcAclService.java
index f78ec7601f..935466f5d1 100644
--- a/acl/src/main/java/org/springframework/security/acls/jdbc/JdbcAclService.java
+++ b/acl/src/main/java/org/springframework/security/acls/jdbc/JdbcAclService.java
@@ -17,6 +17,8 @@
 package org.springframework.security.acls.jdbc;
 
 import java.io.Serializable;
+import java.sql.ResultSet;
+import java.sql.SQLException;
 import java.util.Collections;
 import java.util.List;
 import java.util.Map;
@@ -94,18 +96,16 @@ public class JdbcAclService implements AclService {
 	@Override
 	public List<ObjectIdentity> findChildren(ObjectIdentity parentIdentity) {
 		Object[] args = { parentIdentity.getIdentifier().toString(), parentIdentity.getType() };
-		List<ObjectIdentity> objects = this.jdbcOperations.query(this.findChildrenSql, args, (rs, rowNum) -> {
-			String javaType = rs.getString("class");
-			Serializable identifier = (Serializable) rs.getObject("obj_id");
-			identifier = this.aclClassIdUtils.identifierFrom(identifier, rs);
-			return new ObjectIdentityImpl(javaType, identifier);
-		});
+		List<ObjectIdentity> objects = this.jdbcOperations.query(this.findChildrenSql, args,
+				(rs, rowNum) -> mapObjectIdentityRow(rs));
+		return (!objects.isEmpty()) ? objects : null;
+	}
 
-		if (objects.isEmpty()) {
-			return null;
-		}
-
-		return objects;
+	private ObjectIdentity mapObjectIdentityRow(ResultSet rs) throws SQLException {
+		String javaType = rs.getString("class");
+		Serializable identifier = (Serializable) rs.getObject("obj_id");
+		identifier = this.aclClassIdUtils.identifierFrom(identifier, rs);
+		return new ObjectIdentityImpl(javaType, identifier);
 	}
 
 	@Override
@@ -113,7 +113,6 @@ public class JdbcAclService implements AclService {
 		Map<ObjectIdentity, Acl> map = readAclsById(Collections.singletonList(object), sids);
 		Assert.isTrue(map.containsKey(object),
 				() -> "There should have been an Acl entry for ObjectIdentity " + object);
-
 		return map.get(object);
 	}
 
@@ -131,7 +130,6 @@ public class JdbcAclService implements AclService {
 	public Map<ObjectIdentity, Acl> readAclsById(List<ObjectIdentity> objects, List<Sid> sids)
 			throws NotFoundException {
 		Map<ObjectIdentity, Acl> result = this.lookupStrategy.readAclsById(objects, sids);
-
 		// Check every requested object identity was found (throw NotFoundException if
 		// needed)
 		for (ObjectIdentity oid : objects) {
@@ -139,7 +137,6 @@ public class JdbcAclService implements AclService {
 				throw new NotFoundException("Unable to find ACL information for object identity '" + oid + "'");
 			}
 		}
-
 		return result;
 	}
 
diff --git a/acl/src/main/java/org/springframework/security/acls/jdbc/JdbcMutableAclService.java b/acl/src/main/java/org/springframework/security/acls/jdbc/JdbcMutableAclService.java
index eb52374c07..f1c7a7a174 100644
--- a/acl/src/main/java/org/springframework/security/acls/jdbc/JdbcMutableAclService.java
+++ b/acl/src/main/java/org/springframework/security/acls/jdbc/JdbcMutableAclService.java
@@ -139,6 +139,7 @@ public class JdbcMutableAclService extends JdbcAclService implements MutableAclS
 			return;
 		}
 		this.jdbcOperations.batchUpdate(this.insertEntry, new BatchPreparedStatementSetter() {
+
 			@Override
 			public int getBatchSize() {
 				return acl.getEntries().size();
@@ -158,6 +159,7 @@ public class JdbcMutableAclService extends JdbcAclService implements MutableAclS
 				stmt.setBoolean(6, entry.isAuditSuccess());
 				stmt.setBoolean(7, entry.isAuditFailure());
 			}
+
 		});
 	}
 
@@ -216,22 +218,15 @@ public class JdbcMutableAclService extends JdbcAclService implements MutableAclS
 	 */
 	protected Long createOrRetrieveSidPrimaryKey(Sid sid, boolean allowCreate) {
 		Assert.notNull(sid, "Sid required");
-
-		String sidName;
-		boolean sidIsPrincipal = true;
-
 		if (sid instanceof PrincipalSid) {
-			sidName = ((PrincipalSid) sid).getPrincipal();
+			String sidName = ((PrincipalSid) sid).getPrincipal();
+			return createOrRetrieveSidPrimaryKey(sidName, true, allowCreate);
 		}
-		else if (sid instanceof GrantedAuthoritySid) {
-			sidName = ((GrantedAuthoritySid) sid).getGrantedAuthority();
-			sidIsPrincipal = false;
+		if (sid instanceof GrantedAuthoritySid) {
+			String sidName = ((GrantedAuthoritySid) sid).getGrantedAuthority();
+			return createOrRetrieveSidPrimaryKey(sidName, false, allowCreate);
 		}
-		else {
-			throw new IllegalArgumentException("Unsupported implementation of Sid");
-		}
-
-		return createOrRetrieveSidPrimaryKey(sidName, sidIsPrincipal, allowCreate);
+		throw new IllegalArgumentException("Unsupported implementation of Sid");
 	}
 
 	/**
@@ -243,20 +238,16 @@ public class JdbcMutableAclService extends JdbcAclService implements MutableAclS
 	 * @return the primary key or null if not found
 	 */
 	protected Long createOrRetrieveSidPrimaryKey(String sidName, boolean sidIsPrincipal, boolean allowCreate) {
-
 		List<Long> sidIds = this.jdbcOperations.queryForList(this.selectSidPrimaryKey,
 				new Object[] { sidIsPrincipal, sidName }, Long.class);
-
 		if (!sidIds.isEmpty()) {
 			return sidIds.get(0);
 		}
-
 		if (allowCreate) {
 			this.jdbcOperations.update(this.insertSid, sidIsPrincipal, sidName);
 			Assert.isTrue(TransactionSynchronizationManager.isSynchronizationActive(), "Transaction must be running");
 			return this.jdbcOperations.queryForObject(this.sidIdentityQuery, Long.class);
 		}
-
 		return null;
 	}
 
@@ -264,7 +255,6 @@ public class JdbcMutableAclService extends JdbcAclService implements MutableAclS
 	public void deleteAcl(ObjectIdentity objectIdentity, boolean deleteChildren) throws ChildrenExistException {
 		Assert.notNull(objectIdentity, "Object Identity required");
 		Assert.notNull(objectIdentity.getIdentifier(), "Object Identity doesn't provide an identifier");
-
 		if (deleteChildren) {
 			List<ObjectIdentity> children = findChildren(objectIdentity);
 			if (children != null) {
@@ -276,8 +266,7 @@ public class JdbcMutableAclService extends JdbcAclService implements MutableAclS
 		else {
 			if (!this.foreignKeysInDatabase) {
 				// We need to perform a manual verification for what a FK would normally
-				// do
-				// We generally don't do this, in the interests of deadlock management
+				// do. We generally don't do this, in the interests of deadlock management
 				List<ObjectIdentity> children = findChildren(objectIdentity);
 				if (children != null) {
 					throw new ChildrenExistException(
@@ -384,21 +373,16 @@ public class JdbcMutableAclService extends JdbcAclService implements MutableAclS
 	 */
 	protected void updateObjectIdentity(MutableAcl acl) {
 		Long parentId = null;
-
 		if (acl.getParentAcl() != null) {
 			Assert.isInstanceOf(ObjectIdentityImpl.class, acl.getParentAcl().getObjectIdentity(),
 					"Implementation only supports ObjectIdentityImpl");
-
 			ObjectIdentityImpl oii = (ObjectIdentityImpl) acl.getParentAcl().getObjectIdentity();
 			parentId = retrieveObjectIdentityPrimaryKey(oii);
 		}
-
 		Assert.notNull(acl.getOwner(), "Owner is required in this implementation");
-
 		Long ownerSid = createOrRetrieveSidPrimaryKey(acl.getOwner(), true);
 		int count = this.jdbcOperations.update(this.updateObjectIdentity, parentId, ownerSid, acl.isEntriesInheriting(),
 				acl.getId());
-
 		if (count != 1) {
 			throw new NotFoundException("Unable to locate ACL to update");
 		}
diff --git a/acl/src/main/java/org/springframework/security/acls/model/AccessControlEntry.java b/acl/src/main/java/org/springframework/security/acls/model/AccessControlEntry.java
index 90a31179d7..d8c8e286f6 100644
--- a/acl/src/main/java/org/springframework/security/acls/model/AccessControlEntry.java
+++ b/acl/src/main/java/org/springframework/security/acls/model/AccessControlEntry.java
@@ -27,7 +27,6 @@ import java.io.Serializable;
  * </p>
  *
  * @author Ben Alex
- *
  */
 public interface AccessControlEntry extends Serializable {
 
diff --git a/acl/src/main/java/org/springframework/security/acls/model/AclCache.java b/acl/src/main/java/org/springframework/security/acls/model/AclCache.java
index 461d742c80..945b1b1a2a 100644
--- a/acl/src/main/java/org/springframework/security/acls/model/AclCache.java
+++ b/acl/src/main/java/org/springframework/security/acls/model/AclCache.java
@@ -24,7 +24,6 @@ import org.springframework.security.acls.jdbc.JdbcAclService;
  * A caching layer for {@link JdbcAclService}.
  *
  * @author Ben Alex
- *
  */
 public interface AclCache {
 
diff --git a/acl/src/main/java/org/springframework/security/acls/model/AuditableAccessControlEntry.java b/acl/src/main/java/org/springframework/security/acls/model/AuditableAccessControlEntry.java
index eac37798a1..e14a5d1596 100644
--- a/acl/src/main/java/org/springframework/security/acls/model/AuditableAccessControlEntry.java
+++ b/acl/src/main/java/org/springframework/security/acls/model/AuditableAccessControlEntry.java
@@ -20,7 +20,6 @@ package org.springframework.security.acls.model;
  * Represents an ACE that provides auditing information.
  *
  * @author Ben Alex
- *
  */
 public interface AuditableAccessControlEntry extends AccessControlEntry {
 
diff --git a/acl/src/main/java/org/springframework/security/acls/model/AuditableAcl.java b/acl/src/main/java/org/springframework/security/acls/model/AuditableAcl.java
index e83f298777..3760d78dc3 100644
--- a/acl/src/main/java/org/springframework/security/acls/model/AuditableAcl.java
+++ b/acl/src/main/java/org/springframework/security/acls/model/AuditableAcl.java
@@ -20,7 +20,6 @@ package org.springframework.security.acls.model;
  * A mutable ACL that provides audit capabilities.
  *
  * @author Ben Alex
- *
  */
 public interface AuditableAcl extends MutableAcl {
 
diff --git a/acl/src/main/java/org/springframework/security/acls/model/ObjectIdentityRetrievalStrategy.java b/acl/src/main/java/org/springframework/security/acls/model/ObjectIdentityRetrievalStrategy.java
index f39c58fe2e..3838443a5d 100644
--- a/acl/src/main/java/org/springframework/security/acls/model/ObjectIdentityRetrievalStrategy.java
+++ b/acl/src/main/java/org/springframework/security/acls/model/ObjectIdentityRetrievalStrategy.java
@@ -21,7 +21,6 @@ package org.springframework.security.acls.model;
  * will be returned for a particular domain object
  *
  * @author Ben Alex
- *
  */
 public interface ObjectIdentityRetrievalStrategy {
 

From 4e5aa6c9d37cbfb6c0b5f70678d418589868f3dc Mon Sep 17 00:00:00 2001
From: Phillip Webb <pwebb@vmware.com>
Date: Wed, 5 Aug 2020 22:22:41 -0700
Subject: [PATCH 50/84] Polish spring-security-cas main code

Manually polish `spring-security-cas` following the formatting
and checkstyle fixes.

Issue gh-8945
---
 .../CasAssertionAuthenticationToken.java      |  1 -
 .../CasAuthenticationProvider.java            | 47 +++++-----------
 .../CasAuthenticationToken.java               |  8 ---
 .../EhCacheBasedTicketCache.java              | 18 ++-----
 .../SpringCacheBasedTicketCache.java          | 18 ++-----
 ...AssertionAttributesUserDetailsService.java | 37 ++++++-------
 .../cas/web/CasAuthenticationEntryPoint.java  | 23 ++++----
 .../cas/web/CasAuthenticationFilter.java      | 53 ++++++-------------
 .../DefaultServiceAuthenticationDetails.java  |  2 +-
 9 files changed, 64 insertions(+), 143 deletions(-)

diff --git a/cas/src/main/java/org/springframework/security/cas/authentication/CasAssertionAuthenticationToken.java b/cas/src/main/java/org/springframework/security/cas/authentication/CasAssertionAuthenticationToken.java
index 2786f90941..d04d30d154 100644
--- a/cas/src/main/java/org/springframework/security/cas/authentication/CasAssertionAuthenticationToken.java
+++ b/cas/src/main/java/org/springframework/security/cas/authentication/CasAssertionAuthenticationToken.java
@@ -39,7 +39,6 @@ public final class CasAssertionAuthenticationToken extends AbstractAuthenticatio
 
 	public CasAssertionAuthenticationToken(final Assertion assertion, final String ticket) {
 		super(new ArrayList<>());
-
 		this.assertion = assertion;
 		this.ticket = ticket;
 	}
diff --git a/cas/src/main/java/org/springframework/security/cas/authentication/CasAuthenticationProvider.java b/cas/src/main/java/org/springframework/security/cas/authentication/CasAuthenticationProvider.java
index 17ff6d98ec..3a84c2109a 100644
--- a/cas/src/main/java/org/springframework/security/cas/authentication/CasAuthenticationProvider.java
+++ b/cas/src/main/java/org/springframework/security/cas/authentication/CasAuthenticationProvider.java
@@ -26,6 +26,7 @@ import org.springframework.beans.factory.InitializingBean;
 import org.springframework.context.MessageSource;
 import org.springframework.context.MessageSourceAware;
 import org.springframework.context.support.MessageSourceAccessor;
+import org.springframework.core.log.LogMessage;
 import org.springframework.security.authentication.AccountStatusUserDetailsChecker;
 import org.springframework.security.authentication.AuthenticationProvider;
 import org.springframework.security.authentication.BadCredentialsException;
@@ -94,7 +95,6 @@ public class CasAuthenticationProvider implements AuthenticationProvider, Initia
 		if (!supports(authentication.getClass())) {
 			return null;
 		}
-
 		if (authentication instanceof UsernamePasswordAuthenticationToken
 				&& (!CasAuthenticationFilter.CAS_STATEFUL_IDENTIFIER.equals(authentication.getPrincipal().toString())
 						&& !CasAuthenticationFilter.CAS_STATELESS_IDENTIFIER
@@ -102,16 +102,13 @@ public class CasAuthenticationProvider implements AuthenticationProvider, Initia
 			// UsernamePasswordAuthenticationToken not CAS related
 			return null;
 		}
-
 		// If an existing CasAuthenticationToken, just check we created it
 		if (authentication instanceof CasAuthenticationToken) {
-			if (this.key.hashCode() == ((CasAuthenticationToken) authentication).getKeyHash()) {
-				return authentication;
-			}
-			else {
+			if (this.key.hashCode() != ((CasAuthenticationToken) authentication).getKeyHash()) {
 				throw new BadCredentialsException(this.messages.getMessage("CasAuthenticationProvider.incorrectKey",
 						"The presented CasAuthenticationToken does not contain the expected key"));
 			}
+			return authentication;
 		}
 
 		// Ensure credentials are presented
@@ -120,38 +117,30 @@ public class CasAuthenticationProvider implements AuthenticationProvider, Initia
 					"Failed to provide a CAS service ticket to validate"));
 		}
 
-		boolean stateless = false;
-
-		if (authentication instanceof UsernamePasswordAuthenticationToken
-				&& CasAuthenticationFilter.CAS_STATELESS_IDENTIFIER.equals(authentication.getPrincipal())) {
-			stateless = true;
-		}
-
+		boolean stateless = (authentication instanceof UsernamePasswordAuthenticationToken
+				&& CasAuthenticationFilter.CAS_STATELESS_IDENTIFIER.equals(authentication.getPrincipal()));
 		CasAuthenticationToken result = null;
 
 		if (stateless) {
 			// Try to obtain from cache
 			result = this.statelessTicketCache.getByTicketId(authentication.getCredentials().toString());
 		}
-
 		if (result == null) {
 			result = this.authenticateNow(authentication);
 			result.setDetails(authentication.getDetails());
 		}
-
 		if (stateless) {
 			// Add to cache
 			this.statelessTicketCache.putTicketInCache(result);
 		}
-
 		return result;
 	}
 
 	private CasAuthenticationToken authenticateNow(final Authentication authentication) throws AuthenticationException {
 		try {
-			final Assertion assertion = this.ticketValidator.validate(authentication.getCredentials().toString(),
+			Assertion assertion = this.ticketValidator.validate(authentication.getCredentials().toString(),
 					getServiceUrl(authentication));
-			final UserDetails userDetails = loadUserByAssertion(assertion);
+			UserDetails userDetails = loadUserByAssertion(assertion);
 			this.userDetailsChecker.check(userDetails);
 			return new CasAuthenticationToken(this.key, userDetails, authentication.getCredentials(),
 					this.authoritiesMapper.mapAuthorities(userDetails.getAuthorities()), userDetails, assertion);
@@ -172,22 +161,14 @@ public class CasAuthenticationProvider implements AuthenticationProvider, Initia
 	private String getServiceUrl(Authentication authentication) {
 		String serviceUrl;
 		if (authentication.getDetails() instanceof ServiceAuthenticationDetails) {
-			serviceUrl = ((ServiceAuthenticationDetails) authentication.getDetails()).getServiceUrl();
-		}
-		else if (this.serviceProperties == null) {
-			throw new IllegalStateException(
-					"serviceProperties cannot be null unless Authentication.getDetails() implements ServiceAuthenticationDetails.");
-		}
-		else if (this.serviceProperties.getService() == null) {
-			throw new IllegalStateException(
-					"serviceProperties.getService() cannot be null unless Authentication.getDetails() implements ServiceAuthenticationDetails.");
-		}
-		else {
-			serviceUrl = this.serviceProperties.getService();
-		}
-		if (logger.isDebugEnabled()) {
-			logger.debug("serviceUrl = " + serviceUrl);
+			return ((ServiceAuthenticationDetails) authentication.getDetails()).getServiceUrl();
 		}
+		Assert.state(this.serviceProperties != null,
+				"serviceProperties cannot be null unless Authentication.getDetails() implements ServiceAuthenticationDetails.");
+		Assert.state(this.serviceProperties.getService() != null,
+				"serviceProperties.getService() cannot be null unless Authentication.getDetails() implements ServiceAuthenticationDetails.");
+		serviceUrl = this.serviceProperties.getService();
+		logger.debug(LogMessage.format("serviceUrl = %s", serviceUrl));
 		return serviceUrl;
 	}
 
diff --git a/cas/src/main/java/org/springframework/security/cas/authentication/CasAuthenticationToken.java b/cas/src/main/java/org/springframework/security/cas/authentication/CasAuthenticationToken.java
index 1b35db4a77..8020da0400 100644
--- a/cas/src/main/java/org/springframework/security/cas/authentication/CasAuthenticationToken.java
+++ b/cas/src/main/java/org/springframework/security/cas/authentication/CasAuthenticationToken.java
@@ -93,12 +93,10 @@ public class CasAuthenticationToken extends AbstractAuthenticationToken implemen
 			final Collection<? extends GrantedAuthority> authorities, final UserDetails userDetails,
 			final Assertion assertion) {
 		super(authorities);
-
 		if ((principal == null) || "".equals(principal) || (credentials == null) || "".equals(credentials)
 				|| (authorities == null) || (userDetails == null) || (assertion == null)) {
 			throw new IllegalArgumentException("Cannot pass null or empty values to constructor");
 		}
-
 		this.keyHash = keyHash;
 		this.principal = principal;
 		this.credentials = credentials;
@@ -117,21 +115,16 @@ public class CasAuthenticationToken extends AbstractAuthenticationToken implemen
 		if (!super.equals(obj)) {
 			return false;
 		}
-
 		if (obj instanceof CasAuthenticationToken) {
 			CasAuthenticationToken test = (CasAuthenticationToken) obj;
-
 			if (!this.assertion.equals(test.getAssertion())) {
 				return false;
 			}
-
 			if (this.getKeyHash() != test.getKeyHash()) {
 				return false;
 			}
-
 			return true;
 		}
-
 		return false;
 	}
 
@@ -174,7 +167,6 @@ public class CasAuthenticationToken extends AbstractAuthenticationToken implemen
 		sb.append(super.toString());
 		sb.append(" Assertion: ").append(this.assertion);
 		sb.append(" Credentials (Service/Proxy Ticket): ").append(this.credentials);
-
 		return (sb.toString());
 	}
 
diff --git a/cas/src/main/java/org/springframework/security/cas/authentication/EhCacheBasedTicketCache.java b/cas/src/main/java/org/springframework/security/cas/authentication/EhCacheBasedTicketCache.java
index 68fcd3caaf..037b2a3f0f 100644
--- a/cas/src/main/java/org/springframework/security/cas/authentication/EhCacheBasedTicketCache.java
+++ b/cas/src/main/java/org/springframework/security/cas/authentication/EhCacheBasedTicketCache.java
@@ -22,6 +22,7 @@ import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
 import org.springframework.beans.factory.InitializingBean;
+import org.springframework.core.log.LogMessage;
 import org.springframework.util.Assert;
 
 /**
@@ -44,11 +45,7 @@ public class EhCacheBasedTicketCache implements StatelessTicketCache, Initializi
 	@Override
 	public CasAuthenticationToken getByTicketId(final String serviceTicket) {
 		final Element element = this.cache.get(serviceTicket);
-
-		if (logger.isDebugEnabled()) {
-			logger.debug("Cache hit: " + (element != null) + "; service ticket: " + serviceTicket);
-		}
-
+		logger.debug(LogMessage.of(() -> "Cache hit: " + (element != null) + "; service ticket: " + serviceTicket));
 		return (element != null) ? (CasAuthenticationToken) element.getValue() : null;
 	}
 
@@ -59,20 +56,13 @@ public class EhCacheBasedTicketCache implements StatelessTicketCache, Initializi
 	@Override
 	public void putTicketInCache(final CasAuthenticationToken token) {
 		final Element element = new Element(token.getCredentials().toString(), token);
-
-		if (logger.isDebugEnabled()) {
-			logger.debug("Cache put: " + element.getKey());
-		}
-
+		logger.debug(LogMessage.of(() -> "Cache put: " + element.getKey()));
 		this.cache.put(element);
 	}
 
 	@Override
 	public void removeTicketFromCache(final CasAuthenticationToken token) {
-		if (logger.isDebugEnabled()) {
-			logger.debug("Cache remove: " + token.getCredentials().toString());
-		}
-
+		logger.debug(LogMessage.of(() -> "Cache remove: " + token.getCredentials().toString()));
 		this.removeTicketFromCache(token.getCredentials().toString());
 	}
 
diff --git a/cas/src/main/java/org/springframework/security/cas/authentication/SpringCacheBasedTicketCache.java b/cas/src/main/java/org/springframework/security/cas/authentication/SpringCacheBasedTicketCache.java
index 33d3ce49a6..b72e824c75 100644
--- a/cas/src/main/java/org/springframework/security/cas/authentication/SpringCacheBasedTicketCache.java
+++ b/cas/src/main/java/org/springframework/security/cas/authentication/SpringCacheBasedTicketCache.java
@@ -20,6 +20,7 @@ import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
 import org.springframework.cache.Cache;
+import org.springframework.core.log.LogMessage;
 import org.springframework.util.Assert;
 
 /**
@@ -43,31 +44,20 @@ public class SpringCacheBasedTicketCache implements StatelessTicketCache {
 	@Override
 	public CasAuthenticationToken getByTicketId(final String serviceTicket) {
 		final Cache.ValueWrapper element = (serviceTicket != null) ? this.cache.get(serviceTicket) : null;
-
-		if (logger.isDebugEnabled()) {
-			logger.debug("Cache hit: " + (element != null) + "; service ticket: " + serviceTicket);
-		}
-
+		logger.debug(LogMessage.of(() -> "Cache hit: " + (element != null) + "; service ticket: " + serviceTicket));
 		return (element != null) ? (CasAuthenticationToken) element.get() : null;
 	}
 
 	@Override
 	public void putTicketInCache(final CasAuthenticationToken token) {
 		String key = token.getCredentials().toString();
-
-		if (logger.isDebugEnabled()) {
-			logger.debug("Cache put: " + key);
-		}
-
+		logger.debug(LogMessage.of(() -> "Cache put: " + key));
 		this.cache.put(key, token);
 	}
 
 	@Override
 	public void removeTicketFromCache(final CasAuthenticationToken token) {
-		if (logger.isDebugEnabled()) {
-			logger.debug("Cache remove: " + token.getCredentials().toString());
-		}
-
+		logger.debug(LogMessage.of(() -> "Cache remove: " + token.getCredentials().toString()));
 		this.removeTicketFromCache(token.getCredentials().toString());
 	}
 
diff --git a/cas/src/main/java/org/springframework/security/cas/userdetails/GrantedAuthorityFromAssertionAttributesUserDetailsService.java b/cas/src/main/java/org/springframework/security/cas/userdetails/GrantedAuthorityFromAssertionAttributesUserDetailsService.java
index 9c5bf999df..0e47d1c57f 100644
--- a/cas/src/main/java/org/springframework/security/cas/userdetails/GrantedAuthorityFromAssertionAttributesUserDetailsService.java
+++ b/cas/src/main/java/org/springframework/security/cas/userdetails/GrantedAuthorityFromAssertionAttributesUserDetailsService.java
@@ -54,35 +54,28 @@ public final class GrantedAuthorityFromAssertionAttributesUserDetailsService
 	@SuppressWarnings("unchecked")
 	@Override
 	protected UserDetails loadUserDetails(final Assertion assertion) {
-		final List<GrantedAuthority> grantedAuthorities = new ArrayList<>();
-
-		for (final String attribute : this.attributes) {
-			final Object value = assertion.getPrincipal().getAttributes().get(attribute);
-
-			if (value == null) {
-				continue;
-			}
-
-			if (value instanceof List) {
-				final List list = (List) value;
-
-				for (final Object o : list) {
-					grantedAuthorities.add(new SimpleGrantedAuthority(
-							this.convertToUpperCase ? o.toString().toUpperCase() : o.toString()));
+		List<GrantedAuthority> grantedAuthorities = new ArrayList<>();
+		for (String attribute : this.attributes) {
+			Object value = assertion.getPrincipal().getAttributes().get(attribute);
+			if (value != null) {
+				if (value instanceof List) {
+					for (Object o : (List<?>) value) {
+						grantedAuthorities.add(createSimpleGrantedAuthority(o));
+					}
+				}
+				else {
+					grantedAuthorities.add(createSimpleGrantedAuthority(value));
 				}
-
 			}
-			else {
-				grantedAuthorities.add(new SimpleGrantedAuthority(
-						this.convertToUpperCase ? value.toString().toUpperCase() : value.toString()));
-			}
-
 		}
-
 		return new User(assertion.getPrincipal().getName(), NON_EXISTENT_PASSWORD_VALUE, true, true, true, true,
 				grantedAuthorities);
 	}
 
+	private SimpleGrantedAuthority createSimpleGrantedAuthority(Object o) {
+		return new SimpleGrantedAuthority(this.convertToUpperCase ? o.toString().toUpperCase() : o.toString());
+	}
+
 	/**
 	 * Converts the returned attribute values to uppercase values.
 	 * @param convertToUpperCase true if it should convert, false otherwise.
diff --git a/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationEntryPoint.java b/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationEntryPoint.java
index 033a26db9f..25221addf8 100644
--- a/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationEntryPoint.java
+++ b/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationEntryPoint.java
@@ -68,14 +68,11 @@ public class CasAuthenticationEntryPoint implements AuthenticationEntryPoint, In
 	}
 
 	@Override
-	public final void commence(final HttpServletRequest servletRequest, final HttpServletResponse response,
-			final AuthenticationException authenticationException) throws IOException {
-
-		final String urlEncodedService = createServiceUrl(servletRequest, response);
-		final String redirectUrl = createRedirectUrl(urlEncodedService);
-
+	public final void commence(final HttpServletRequest servletRequest, HttpServletResponse response,
+			AuthenticationException authenticationException) throws IOException {
+		String urlEncodedService = createServiceUrl(servletRequest, response);
+		String redirectUrl = createRedirectUrl(urlEncodedService);
 		preCommence(servletRequest, response);
-
 		response.sendRedirect(redirectUrl);
 	}
 
@@ -86,7 +83,7 @@ public class CasAuthenticationEntryPoint implements AuthenticationEntryPoint, In
 	 * @param response the HttpServlet Response
 	 * @return the constructed service url. CANNOT be NULL.
 	 */
-	protected String createServiceUrl(final HttpServletRequest request, final HttpServletResponse response) {
+	protected String createServiceUrl(HttpServletRequest request, HttpServletResponse response) {
 		return CommonUtils.constructServiceUrl(null, response, this.serviceProperties.getService(), null,
 				this.serviceProperties.getArtifactParameter(), this.encodeServiceUrlWithSessionId);
 	}
@@ -97,7 +94,7 @@ public class CasAuthenticationEntryPoint implements AuthenticationEntryPoint, In
 	 * @param serviceUrl the service url that should be included.
 	 * @return the redirect url. CANNOT be NULL.
 	 */
-	protected String createRedirectUrl(final String serviceUrl) {
+	protected String createRedirectUrl(String serviceUrl) {
 		return CommonUtils.constructRedirectUrl(this.loginUrl, this.serviceProperties.getServiceParameter(), serviceUrl,
 				this.serviceProperties.isSendRenew(), false);
 	}
@@ -107,7 +104,7 @@ public class CasAuthenticationEntryPoint implements AuthenticationEntryPoint, In
 	 * @param request the HttpServletRequest
 	 * @param response the HttpServletResponse
 	 */
-	protected void preCommence(final HttpServletRequest request, final HttpServletResponse response) {
+	protected void preCommence(HttpServletRequest request, HttpServletResponse response) {
 
 	}
 
@@ -124,11 +121,11 @@ public class CasAuthenticationEntryPoint implements AuthenticationEntryPoint, In
 		return this.serviceProperties;
 	}
 
-	public final void setLoginUrl(final String loginUrl) {
+	public final void setLoginUrl(String loginUrl) {
 		this.loginUrl = loginUrl;
 	}
 
-	public final void setServiceProperties(final ServiceProperties serviceProperties) {
+	public final void setServiceProperties(ServiceProperties serviceProperties) {
 		this.serviceProperties = serviceProperties;
 	}
 
@@ -137,7 +134,7 @@ public class CasAuthenticationEntryPoint implements AuthenticationEntryPoint, In
 	 * @param encodeServiceUrlWithSessionId whether to encode the service url with the
 	 * session id or not.
 	 */
-	public final void setEncodeServiceUrlWithSessionId(final boolean encodeServiceUrlWithSessionId) {
+	public final void setEncodeServiceUrlWithSessionId(boolean encodeServiceUrlWithSessionId) {
 		this.encodeServiceUrlWithSessionId = encodeServiceUrlWithSessionId;
 	}
 
diff --git a/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationFilter.java b/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationFilter.java
index ee5164c166..42339c0c9d 100644
--- a/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationFilter.java
+++ b/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationFilter.java
@@ -27,6 +27,7 @@ import org.jasig.cas.client.proxy.ProxyGrantingTicketStorage;
 import org.jasig.cas.client.util.CommonUtils;
 import org.jasig.cas.client.validation.TicketValidator;
 
+import org.springframework.core.log.LogMessage;
 import org.springframework.security.authentication.AnonymousAuthenticationToken;
 import org.springframework.security.authentication.AuthenticationDetailsSource;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
@@ -216,23 +217,17 @@ public class CasAuthenticationFilter extends AbstractAuthenticationProcessingFil
 			super.successfulAuthentication(request, response, chain, authResult);
 			return;
 		}
-
-		if (this.logger.isDebugEnabled()) {
-			this.logger.debug("Authentication success. Updating SecurityContextHolder to contain: " + authResult);
-		}
-
+		this.logger.debug(
+				LogMessage.format("Authentication success. Updating SecurityContextHolder to contain: %s", authResult));
 		SecurityContextHolder.getContext().setAuthentication(authResult);
-
-		// Fire event
 		if (this.eventPublisher != null) {
 			this.eventPublisher.publishEvent(new InteractiveAuthenticationSuccessEvent(authResult, this.getClass()));
 		}
-
 		chain.doFilter(request, response);
 	}
 
 	@Override
-	public Authentication attemptAuthentication(final HttpServletRequest request, final HttpServletResponse response)
+	public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
 			throws AuthenticationException, IOException {
 		// if the request is a proxy request process it and return null to indicate the
 		// request has been processed
@@ -241,21 +236,15 @@ public class CasAuthenticationFilter extends AbstractAuthenticationProcessingFil
 			CommonUtils.readAndRespondToProxyReceptorRequest(request, response, this.proxyGrantingTicketStorage);
 			return null;
 		}
-
-		final boolean serviceTicketRequest = serviceTicketRequest(request, response);
-		final String username = serviceTicketRequest ? CAS_STATEFUL_IDENTIFIER : CAS_STATELESS_IDENTIFIER;
+		boolean serviceTicketRequest = serviceTicketRequest(request, response);
+		String username = serviceTicketRequest ? CAS_STATEFUL_IDENTIFIER : CAS_STATELESS_IDENTIFIER;
 		String password = obtainArtifact(request);
-
 		if (password == null) {
 			this.logger.debug("Failed to obtain an artifact (cas ticket)");
 			password = "";
 		}
-
-		final UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username,
-				password);
-
+		UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username, password);
 		authRequest.setDetails(this.authenticationDetailsSource.buildDetails(request));
-
 		return this.getAuthenticationManager().authenticate(authRequest);
 	}
 
@@ -272,7 +261,7 @@ public class CasAuthenticationFilter extends AbstractAuthenticationProcessingFil
 	 * Overridden to provide proxying capabilities.
 	 */
 	@Override
-	protected boolean requiresAuthentication(final HttpServletRequest request, final HttpServletResponse response) {
+	protected boolean requiresAuthentication(HttpServletRequest request, HttpServletResponse response) {
 		final boolean serviceTicketRequest = serviceTicketRequest(request, response);
 		final boolean result = serviceTicketRequest || proxyReceptorRequest(request)
 				|| (proxyTicketRequest(serviceTicketRequest, request));
@@ -320,11 +309,9 @@ public class CasAuthenticationFilter extends AbstractAuthenticationProcessingFil
 	 * @param response
 	 * @return
 	 */
-	private boolean serviceTicketRequest(final HttpServletRequest request, final HttpServletResponse response) {
+	private boolean serviceTicketRequest(HttpServletRequest request, HttpServletResponse response) {
 		boolean result = super.requiresAuthentication(request, response);
-		if (this.logger.isDebugEnabled()) {
-			this.logger.debug("serviceTicketRequest = " + result);
-		}
+		this.logger.debug(LogMessage.format("serviceTicketRequest = %s", result));
 		return result;
 	}
 
@@ -333,14 +320,12 @@ public class CasAuthenticationFilter extends AbstractAuthenticationProcessingFil
 	 * @param request
 	 * @return
 	 */
-	private boolean proxyTicketRequest(final boolean serviceTicketRequest, final HttpServletRequest request) {
+	private boolean proxyTicketRequest(boolean serviceTicketRequest, HttpServletRequest request) {
 		if (serviceTicketRequest) {
 			return false;
 		}
-		final boolean result = this.authenticateAllArtifacts && obtainArtifact(request) != null && !authenticated();
-		if (this.logger.isDebugEnabled()) {
-			this.logger.debug("proxyTicketRequest = " + result);
-		}
+		boolean result = this.authenticateAllArtifacts && obtainArtifact(request) != null && !authenticated();
+		this.logger.debug(LogMessage.format("proxyTicketRequest = %s", result));
 		return result;
 	}
 
@@ -359,11 +344,9 @@ public class CasAuthenticationFilter extends AbstractAuthenticationProcessingFil
 	 * @param request
 	 * @return
 	 */
-	private boolean proxyReceptorRequest(final HttpServletRequest request) {
+	private boolean proxyReceptorRequest(HttpServletRequest request) {
 		final boolean result = proxyReceptorConfigured() && this.proxyReceptorMatcher.matches(request);
-		if (this.logger.isDebugEnabled()) {
-			this.logger.debug("proxyReceptorRequest = " + result);
-		}
+		this.logger.debug(LogMessage.format("proxyReceptorRequest = %s", result));
 		return result;
 	}
 
@@ -374,9 +357,7 @@ public class CasAuthenticationFilter extends AbstractAuthenticationProcessingFil
 	 */
 	private boolean proxyReceptorConfigured() {
 		final boolean result = this.proxyGrantingTicketStorage != null && this.proxyReceptorMatcher != null;
-		if (this.logger.isDebugEnabled()) {
-			this.logger.debug("proxyReceptorConfigured = " + result);
-		}
+		this.logger.debug(LogMessage.format("proxyReceptorConfigured = %s", result));
 		return result;
 	}
 
@@ -387,8 +368,6 @@ public class CasAuthenticationFilter extends AbstractAuthenticationProcessingFil
 	 * will be used for proxy requests that fail. The value
 	 * {@link CasAuthenticationFilter#setAuthenticationFailureHandler(AuthenticationFailureHandler)}
 	 * will be used for service tickets that fail.
-	 *
-	 * @author Rob Winch
 	 */
 	private class CasAuthenticationFailureHandler implements AuthenticationFailureHandler {
 
diff --git a/cas/src/main/java/org/springframework/security/cas/web/authentication/DefaultServiceAuthenticationDetails.java b/cas/src/main/java/org/springframework/security/cas/web/authentication/DefaultServiceAuthenticationDetails.java
index 370402c26a..2171df6cfc 100644
--- a/cas/src/main/java/org/springframework/security/cas/web/authentication/DefaultServiceAuthenticationDetails.java
+++ b/cas/src/main/java/org/springframework/security/cas/web/authentication/DefaultServiceAuthenticationDetails.java
@@ -108,7 +108,7 @@ final class DefaultServiceAuthenticationDetails extends WebAuthenticationDetails
 		if (query == null) {
 			return null;
 		}
-		final String result = artifactPattern.matcher(query).replaceFirst("");
+		String result = artifactPattern.matcher(query).replaceFirst("");
 		if (result.length() == 0) {
 			return null;
 		}

From 7bf6008efe485e3f0c93411f46b77f263150dc8f Mon Sep 17 00:00:00 2001
From: Phillip Webb <pwebb@vmware.com>
Date: Thu, 30 Jul 2020 14:04:38 -0700
Subject: [PATCH 51/84] Polish spring-security-config main code

Manually polish `spring-security-config` following the formatting
and checkstyle fixes.

Issue gh-8945
---
 .../security/config/BeanIds.java              |   4 +-
 .../config/DebugBeanDefinitionParser.java     |   1 -
 .../config/SecurityNamespaceHandler.java      |  74 ++---
 .../AbstractConfiguredSecurityBuilder.java    |  47 +--
 .../annotation/SecurityConfigurerAdapter.java |   5 +-
 .../AuthenticationConfiguration.java          |  39 +--
 ...ticationProviderBeanManagerConfigurer.java |   2 -
 ...alizeUserDetailsBeanManagerConfigurer.java |   4 -
 .../LdapAuthenticationProviderConfigurer.java |   6 -
 .../UserDetailsServiceConfigurer.java         |   1 -
 ...utowireBeanFactoryObjectPostProcessor.java |   4 +-
 ...thodSecurityAspectJAutoProxyRegistrar.java |   3 -
 .../GlobalMethodSecurityConfiguration.java    |  29 +-
 .../GlobalMethodSecuritySelector.java         |   8 -
 ...ecurityMetadataSourceAdvisorRegistrar.java |   3 -
 .../ReactiveMethodSecurityConfiguration.java  |   2 -
 .../ReactiveMethodSecuritySelector.java       |   6 +-
 .../annotation/rsocket/RSocketSecurity.java   |  22 +-
 .../web/AbstractRequestMatcherRegistry.java   |   1 -
 .../web/builders/FilterComparator.java        |  16 +-
 .../annotation/web/builders/WebSecurity.java  |   3 -
 .../HttpSecurityConfiguration.java            |  26 +-
 .../OAuth2ClientConfiguration.java            |  13 +-
 .../configuration/OAuth2ImportSelector.java   |  21 +-
 .../SecurityReactorContextConfiguration.java  |  18 +-
 .../SpringWebMvcImportSelector.java           |  11 +-
 .../WebMvcSecurityConfiguration.java          |   1 -
 .../WebSecurityConfiguration.java             |   9 +-
 .../WebSecurityConfigurerAdapter.java         |  96 +++---
 ...bstractAuthenticationFilterConfigurer.java |   8 +-
 ...ConfigAttributeRequestMatcherRegistry.java |   8 +-
 .../configurers/AbstractHttpConfigurer.java   |   1 -
 .../ChannelSecurityConfigurer.java            |  10 +-
 .../web/configurers/CorsConfigurer.java       |  11 +-
 .../web/configurers/CsrfConfigurer.java       |   5 +-
 .../DefaultLoginPageConfigurer.java           |  19 +-
 .../ExpressionUrlAuthorizationConfigurer.java |  71 ++--
 .../web/configurers/HeadersConfigurer.java    |   1 -
 .../web/configurers/HttpBasicConfigurer.java  |   7 -
 .../web/configurers/JeeConfigurer.java        |   9 +-
 .../web/configurers/LogoutConfigurer.java     |  27 +-
 .../web/configurers/PermitAllSupport.java     |  10 +-
 .../web/configurers/RememberMeConfigurer.java |  15 +-
 .../configurers/RequestCacheConfigurer.java   |   5 -
 .../SecurityContextConfigurer.java            |   1 -
 .../SessionManagementConfigurer.java          |  26 +-
 .../UrlAuthorizationConfigurer.java           |  17 +-
 .../web/configurers/X509Configurer.java       |   8 +-
 .../oauth2/client/OAuth2ClientConfigurer.java |   4 -
 .../oauth2/client/OAuth2LoginConfigurer.java  |  71 ++--
 .../OAuth2ResourceServerConfigurer.java       |  62 +---
 .../openid/OpenIDLoginConfigurer.java         |   2 -
 .../saml2/Saml2LoginConfigurer.java           |  21 +-
 ...MessageSecurityMetadataSourceRegistry.java |   4 +-
 .../ReactiveOAuth2ClientImportSelector.java   |  13 +-
 .../WebFluxSecurityConfiguration.java         |  22 +-
 ...urityWebSocketMessageBrokerConfigurer.java |  54 ++--
 ...serDetailsServiceBeanDefinitionParser.java |  16 +-
 ...enticationManagerBeanDefinitionParser.java |  65 ++--
 .../AuthenticationManagerFactoryBean.java     |   2 -
 ...nticationProviderBeanDefinitionParser.java |   8 -
 .../JdbcUserServiceBeanDefinitionParser.java  |   6 -
 .../authentication/PasswordEncoderParser.java |  25 +-
 .../UserServiceBeanDefinitionParser.java      |  12 -
 .../UserDetailsMapFactoryBean.java            |  28 +-
 .../RsaKeyConversionServicePostProcessor.java |   5 -
 .../http/AuthenticationConfigBuilder.java     | 139 +-------
 .../config/http/ChannelAttributeFactory.java  |   2 -
 .../config/http/CorsBeanDefinitionParser.java |   5 -
 .../config/http/CsrfBeanDefinitionParser.java |  18 +-
 .../http/DefaultFilterChainValidator.java     |  27 +-
 .../http/FilterChainBeanDefinitionParser.java |   6 -
 ...FilterChainMapBeanDefinitionDecorator.java |  12 -
 ...nvocationSecurityMetadataSourceParser.java |  31 +-
 .../http/FormLoginBeanDefinitionParser.java   |  18 --
 .../GrantedAuthorityDefaultsParserUtils.java  |   1 -
 ...HandlerMappingIntrospectorFactoryBean.java |   8 +-
 .../http/HeadersBeanDefinitionParser.java     |  40 +--
 .../config/http/HttpConfigurationBuilder.java | 158 ++-------
 .../HttpFirewallBeanDefinitionParser.java     |   3 -
 .../HttpSecurityBeanDefinitionParser.java     |  82 ++---
 .../http/LogoutBeanDefinitionParser.java      |  15 +-
 .../security/config/http/MatcherType.java     |   5 -
 .../OAuth2ClientBeanDefinitionParser.java     |  28 +-
 ...OAuth2ClientBeanDefinitionParserUtils.java |   8 +-
 ...uth2ClientWebMvcSecurityPostProcessor.java |   4 -
 .../http/OAuth2LoginBeanDefinitionParser.java |  99 ++----
 ...th2ResourceServerBeanDefinitionParser.java |  65 ++--
 .../PortMappingsBeanDefinitionParser.java     |   8 -
 .../http/RememberMeBeanDefinitionParser.java  |  32 +-
 .../config/http/SessionCreationPolicy.java    |  11 +-
 .../http/UserDetailsServiceFactoryBean.java   |  17 +-
 .../ContextSourceSettingPostProcessor.java    |  27 +-
 .../LdapProviderBeanDefinitionParser.java     |  14 +-
 .../ldap/LdapServerBeanDefinitionParser.java  |  47 +--
 .../LdapUserServiceBeanDefinitionParser.java  |  47 +--
 ...balMethodSecurityBeanDefinitionParser.java |  68 +---
 ...terceptMethodsBeanDefinitionDecorator.java |  15 +-
 .../config/method/MethodConfigUtils.java      |   2 -
 ...ityMetadataSourceBeanDefinitionParser.java |   5 +-
 .../method/ProtectPointcutPostProcessor.java  |  28 +-
 ...ientRegistrationsBeanDefinitionParser.java |   7 -
 .../oauth2/client/CommonOAuth2Provider.java   |   4 +
 .../web/server/SecurityWebFiltersOrder.java   |  31 +-
 .../config/web/server/ServerHttpSecurity.java | 306 +++++++-----------
 ...ageBrokerSecurityBeanDefinitionParser.java |  19 --
 106 files changed, 770 insertions(+), 1846 deletions(-)

diff --git a/config/src/main/java/org/springframework/security/config/BeanIds.java b/config/src/main/java/org/springframework/security/config/BeanIds.java
index d4ae25e53d..fcf2e5fc1d 100644
--- a/config/src/main/java/org/springframework/security/config/BeanIds.java
+++ b/config/src/main/java/org/springframework/security/config/BeanIds.java
@@ -35,7 +35,9 @@ public abstract class BeanIds {
 	 */
 	public static final String AUTHENTICATION_MANAGER = PREFIX + "authenticationManager";
 
-	/** External alias for FilterChainProxy bean, for use in web.xml files */
+	/**
+	 * External alias for FilterChainProxy bean, for use in web.xml files
+	 */
 	public static final String SPRING_SECURITY_FILTER_CHAIN = "springSecurityFilterChain";
 
 	public static final String CONTEXT_SOURCE_SETTING_POST_PROCESSOR = PREFIX + "contextSettingPostProcessor";
diff --git a/config/src/main/java/org/springframework/security/config/DebugBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/DebugBeanDefinitionParser.java
index 6c2cf3c5fd..b96b2ee872 100644
--- a/config/src/main/java/org/springframework/security/config/DebugBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/DebugBeanDefinitionParser.java
@@ -33,7 +33,6 @@ public class DebugBeanDefinitionParser implements BeanDefinitionParser {
 	public BeanDefinition parse(Element element, ParserContext parserContext) {
 		RootBeanDefinition debugPP = new RootBeanDefinition(SecurityDebugBeanFactoryPostProcessor.class);
 		parserContext.getReaderContext().registerWithGeneratedName(debugPP);
-
 		return null;
 	}
 
diff --git a/config/src/main/java/org/springframework/security/config/SecurityNamespaceHandler.java b/config/src/main/java/org/springframework/security/config/SecurityNamespaceHandler.java
index 9273bee2af..9a11086870 100644
--- a/config/src/main/java/org/springframework/security/config/SecurityNamespaceHandler.java
+++ b/config/src/main/java/org/springframework/security/config/SecurityNamespaceHandler.java
@@ -75,17 +75,13 @@ public final class SecurityNamespaceHandler implements NamespaceHandler {
 
 	public SecurityNamespaceHandler() {
 		String coreVersion = SpringSecurityCoreVersion.getVersion();
-
 		Package pkg = SpringSecurityCoreVersion.class.getPackage();
-
 		if (pkg == null || coreVersion == null) {
 			this.logger.info("Couldn't determine package version information.");
 			return;
 		}
-
 		String version = pkg.getImplementationVersion();
 		this.logger.info("Spring Security 'config' module version is " + version);
-
 		if (version.compareTo(coreVersion) != 0) {
 			this.logger.error(
 					"You are running with different versions of the Spring Security 'core' and 'config' modules");
@@ -95,44 +91,37 @@ public final class SecurityNamespaceHandler implements NamespaceHandler {
 	@Override
 	public BeanDefinition parse(Element element, ParserContext pc) {
 		if (!namespaceMatchesVersion(element)) {
-			pc.getReaderContext().fatal(
-					"You cannot use a spring-security-2.0.xsd or spring-security-3.0.xsd or spring-security-3.1.xsd schema or spring-security-3.2.xsd schema or spring-security-4.0.xsd schema "
-							+ "with Spring Security 5.4. Please update your schema declarations to the 5.4 schema.",
-					element);
+			pc.getReaderContext().fatal("You cannot use a spring-security-2.0.xsd or spring-security-3.0.xsd or "
+					+ "spring-security-3.1.xsd schema or spring-security-3.2.xsd schema or spring-security-4.0.xsd schema "
+					+ "with Spring Security 5.4. Please update your schema declarations to the 5.4 schema.", element);
 		}
 		String name = pc.getDelegate().getLocalName(element);
 		BeanDefinitionParser parser = this.parsers.get(name);
-
 		if (parser == null) {
 			// SEC-1455. Load parsers when required, not just on init().
 			loadParsers();
 		}
-
-		if (parser == null) {
-			if (Elements.HTTP.equals(name) || Elements.FILTER_SECURITY_METADATA_SOURCE.equals(name)
-					|| Elements.FILTER_CHAIN_MAP.equals(name) || Elements.FILTER_CHAIN.equals(name)) {
-				reportMissingWebClasses(name, pc, element);
-			}
-			else {
-				reportUnsupportedNodeType(name, pc, element);
-			}
-
-			return null;
+		if (parser != null) {
+			return parser.parse(element, pc);
 		}
-
-		return parser.parse(element, pc);
+		if (Elements.HTTP.equals(name) || Elements.FILTER_SECURITY_METADATA_SOURCE.equals(name)
+				|| Elements.FILTER_CHAIN_MAP.equals(name) || Elements.FILTER_CHAIN.equals(name)) {
+			reportMissingWebClasses(name, pc, element);
+		}
+		else {
+			reportUnsupportedNodeType(name, pc, element);
+		}
+		return null;
 	}
 
 	@Override
 	public BeanDefinitionHolder decorate(Node node, BeanDefinitionHolder definition, ParserContext pc) {
 		String name = pc.getDelegate().getLocalName(node);
-
-		// We only handle elements
 		if (node instanceof Element) {
+			// We only handle elements
 			if (Elements.INTERCEPT_METHODS.equals(name)) {
 				return this.interceptMethodsBDD.decorate(node, definition, pc);
 			}
-
 			if (Elements.FILTER_CHAIN_MAP.equals(name)) {
 				if (this.filterChainMapBDD == null) {
 					loadParsers();
@@ -143,9 +132,7 @@ public final class SecurityNamespaceHandler implements NamespaceHandler {
 				return this.filterChainMapBDD.decorate(node, definition, pc);
 			}
 		}
-
 		reportUnsupportedNodeType(name, pc, node);
-
 		return null;
 	}
 
@@ -162,9 +149,9 @@ public final class SecurityNamespaceHandler implements NamespaceHandler {
 			// no details available
 			pc.getReaderContext().fatal(errorMessage, node);
 		}
-		catch (Throwable cause) {
+		catch (Throwable ex) {
 			// provide details on why it could not be loaded
-			pc.getReaderContext().fatal(errorMessage, node, cause);
+			pc.getReaderContext().fatal(errorMessage, node, ex);
 		}
 	}
 
@@ -185,25 +172,28 @@ public final class SecurityNamespaceHandler implements NamespaceHandler {
 		this.parsers.put(Elements.AUTHENTICATION_MANAGER, new AuthenticationManagerBeanDefinitionParser());
 		this.parsers.put(Elements.METHOD_SECURITY_METADATA_SOURCE,
 				new MethodSecurityMetadataSourceBeanDefinitionParser());
-
-		// Only load the web-namespace parsers if the web classes are available
 		if (ClassUtils.isPresent(FILTER_CHAIN_PROXY_CLASSNAME, getClass().getClassLoader())) {
-			this.parsers.put(Elements.DEBUG, new DebugBeanDefinitionParser());
-			this.parsers.put(Elements.HTTP, new HttpSecurityBeanDefinitionParser());
-			this.parsers.put(Elements.HTTP_FIREWALL, new HttpFirewallBeanDefinitionParser());
-			this.parsers.put(Elements.FILTER_SECURITY_METADATA_SOURCE,
-					new FilterInvocationSecurityMetadataSourceParser());
-			this.parsers.put(Elements.FILTER_CHAIN, new FilterChainBeanDefinitionParser());
-			this.filterChainMapBDD = new FilterChainMapBeanDefinitionDecorator();
-			this.parsers.put(Elements.CLIENT_REGISTRATIONS, new ClientRegistrationsBeanDefinitionParser());
+			loadWebParsers();
 		}
-
 		if (ClassUtils.isPresent(MESSAGE_CLASSNAME, getClass().getClassLoader())) {
-			this.parsers.put(Elements.WEBSOCKET_MESSAGE_BROKER,
-					new WebSocketMessageBrokerSecurityBeanDefinitionParser());
+			loadWebSocketParsers();
 		}
 	}
 
+	private void loadWebParsers() {
+		this.parsers.put(Elements.DEBUG, new DebugBeanDefinitionParser());
+		this.parsers.put(Elements.HTTP, new HttpSecurityBeanDefinitionParser());
+		this.parsers.put(Elements.HTTP_FIREWALL, new HttpFirewallBeanDefinitionParser());
+		this.parsers.put(Elements.FILTER_SECURITY_METADATA_SOURCE, new FilterInvocationSecurityMetadataSourceParser());
+		this.parsers.put(Elements.FILTER_CHAIN, new FilterChainBeanDefinitionParser());
+		this.filterChainMapBDD = new FilterChainMapBeanDefinitionDecorator();
+		this.parsers.put(Elements.CLIENT_REGISTRATIONS, new ClientRegistrationsBeanDefinitionParser());
+	}
+
+	private void loadWebSocketParsers() {
+		this.parsers.put(Elements.WEBSOCKET_MESSAGE_BROKER, new WebSocketMessageBrokerSecurityBeanDefinitionParser());
+	}
+
 	/**
 	 * Check that the schema location declared in the source file being parsed matches the
 	 * Spring Security version. The old 2.0 schema is not compatible with the 3.1 parser,
diff --git a/config/src/main/java/org/springframework/security/config/annotation/AbstractConfiguredSecurityBuilder.java b/config/src/main/java/org/springframework/security/config/annotation/AbstractConfiguredSecurityBuilder.java
index 11da1c8148..b9d6ebed1e 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/AbstractConfiguredSecurityBuilder.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/AbstractConfiguredSecurityBuilder.java
@@ -99,18 +99,16 @@ public abstract class AbstractConfiguredSecurityBuilder<O, B extends SecurityBui
 	 * while building, returns null.
 	 */
 	public O getOrBuild() {
-		if (isUnbuilt()) {
-			try {
-				return build();
-			}
-			catch (Exception ex) {
-				this.logger.debug("Failed to perform build. Returning null", ex);
-				return null;
-			}
-		}
-		else {
+		if (!isUnbuilt()) {
 			return getObject();
 		}
+		try {
+			return build();
+		}
+		catch (Exception ex) {
+			this.logger.debug("Failed to perform build. Returning null", ex);
+			return null;
+		}
 	}
 
 	/**
@@ -177,18 +175,17 @@ public abstract class AbstractConfiguredSecurityBuilder<O, B extends SecurityBui
 	@SuppressWarnings("unchecked")
 	private <C extends SecurityConfigurer<O, B>> void add(C configurer) {
 		Assert.notNull(configurer, "configurer cannot be null");
-
 		Class<? extends SecurityConfigurer<O, B>> clazz = (Class<? extends SecurityConfigurer<O, B>>) configurer
 				.getClass();
 		synchronized (this.configurers) {
 			if (this.buildState.isConfigured()) {
 				throw new IllegalStateException("Cannot apply " + configurer + " to already built object");
 			}
-			List<SecurityConfigurer<O, B>> configs = this.allowConfigurersOfSameType ? this.configurers.get(clazz)
-					: null;
-			if (configs == null) {
-				configs = new ArrayList<>(1);
+			List<SecurityConfigurer<O, B>> configs = null;
+			if (this.allowConfigurersOfSameType) {
+				configs = this.configurers.get(clazz);
 			}
+			configs = (configs != null) ? configs : new ArrayList<>(1);
 			configs.add(configurer);
 			this.configurers.put(clazz, configs);
 			if (this.buildState.isInitializing()) {
@@ -239,9 +236,8 @@ public abstract class AbstractConfiguredSecurityBuilder<O, B extends SecurityBui
 		if (configs == null) {
 			return null;
 		}
-		if (configs.size() != 1) {
-			throw new IllegalStateException("Only one configurer expected for type " + clazz + ", but got " + configs);
-		}
+		Assert.state(configs.size() == 1,
+				() -> "Only one configurer expected for type " + clazz + ", but got " + configs);
 		return (C) configs.get(0);
 	}
 
@@ -257,9 +253,8 @@ public abstract class AbstractConfiguredSecurityBuilder<O, B extends SecurityBui
 		if (configs == null) {
 			return null;
 		}
-		if (configs.size() != 1) {
-			throw new IllegalStateException("Only one configurer expected for type " + clazz + ", but got " + configs);
-		}
+		Assert.state(configs.size() == 1,
+				() -> "Only one configurer expected for type " + clazz + ", but got " + configs);
 		return (C) configs.get(0);
 	}
 
@@ -301,21 +296,14 @@ public abstract class AbstractConfiguredSecurityBuilder<O, B extends SecurityBui
 	protected final O doBuild() throws Exception {
 		synchronized (this.configurers) {
 			this.buildState = BuildState.INITIALIZING;
-
 			beforeInit();
 			init();
-
 			this.buildState = BuildState.CONFIGURING;
-
 			beforeConfigure();
 			configure();
-
 			this.buildState = BuildState.BUILDING;
-
 			O result = performBuild();
-
 			this.buildState = BuildState.BUILT;
-
 			return result;
 		}
 	}
@@ -346,11 +334,9 @@ public abstract class AbstractConfiguredSecurityBuilder<O, B extends SecurityBui
 	@SuppressWarnings("unchecked")
 	private void init() throws Exception {
 		Collection<SecurityConfigurer<O, B>> configurers = getConfigurers();
-
 		for (SecurityConfigurer<O, B> configurer : configurers) {
 			configurer.init((B) this);
 		}
-
 		for (SecurityConfigurer<O, B> configurer : this.configurersAddedInInitializing) {
 			configurer.init((B) this);
 		}
@@ -359,7 +345,6 @@ public abstract class AbstractConfiguredSecurityBuilder<O, B extends SecurityBui
 	@SuppressWarnings("unchecked")
 	private void configure() throws Exception {
 		Collection<SecurityConfigurer<O, B>> configurers = getConfigurers();
-
 		for (SecurityConfigurer<O, B> configurer : configurers) {
 			configurer.configure((B) this);
 		}
diff --git a/config/src/main/java/org/springframework/security/config/annotation/SecurityConfigurerAdapter.java b/config/src/main/java/org/springframework/security/config/annotation/SecurityConfigurerAdapter.java
index a36d983c5c..fd25c16d12 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/SecurityConfigurerAdapter.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/SecurityConfigurerAdapter.java
@@ -21,6 +21,7 @@ import java.util.List;
 
 import org.springframework.core.GenericTypeResolver;
 import org.springframework.core.annotation.AnnotationAwareOrderComparator;
+import org.springframework.util.Assert;
 
 /**
  * A base class for {@link SecurityConfigurer} that allows subclasses to only implement
@@ -63,9 +64,7 @@ public abstract class SecurityConfigurerAdapter<O, B extends SecurityBuilder<O>>
 	 * @throws IllegalStateException if {@link SecurityBuilder} is null
 	 */
 	protected final B getBuilder() {
-		if (this.securityBuilder == null) {
-			throw new IllegalStateException("securityBuilder cannot be null");
-		}
+		Assert.state(this.securityBuilder != null, "securityBuilder cannot be null");
 		return this.securityBuilder;
 	}
 
diff --git a/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfiguration.java
index c2ed0a82ce..821a88d3d2 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfiguration.java
@@ -36,6 +36,7 @@ import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Import;
 import org.springframework.core.annotation.AnnotationAwareOrderComparator;
+import org.springframework.core.log.LogMessage;
 import org.springframework.security.authentication.AuthenticationEventPublisher;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.config.annotation.ObjectPostProcessor;
@@ -80,7 +81,6 @@ public class AuthenticationConfiguration {
 		LazyPasswordEncoder defaultPasswordEncoder = new LazyPasswordEncoder(context);
 		AuthenticationEventPublisher authenticationEventPublisher = getBeanOrNull(context,
 				AuthenticationEventPublisher.class);
-
 		DefaultPasswordEncoderAuthenticationManagerBuilder result = new DefaultPasswordEncoderAuthenticationManagerBuilder(
 				objectPostProcessor, defaultPasswordEncoder);
 		if (authenticationEventPublisher != null) {
@@ -115,17 +115,13 @@ public class AuthenticationConfiguration {
 		if (this.buildingAuthenticationManager.getAndSet(true)) {
 			return new AuthenticationManagerDelegator(authBuilder);
 		}
-
 		for (GlobalAuthenticationConfigurerAdapter config : this.globalAuthConfigurers) {
 			authBuilder.apply(config);
 		}
-
 		this.authenticationManager = authBuilder.build();
-
 		if (this.authenticationManager == null) {
 			this.authenticationManager = getAuthenticationManagerBean();
 		}
-
 		this.authenticationManagerInitialized = true;
 		return this.authenticationManager;
 	}
@@ -154,20 +150,7 @@ public class AuthenticationConfiguration {
 		if (beanNamesForType.length == 0) {
 			return null;
 		}
-		String beanName;
-		if (beanNamesForType.length > 1) {
-			List<String> primaryBeanNames = getPrimaryBeanNames(beanNamesForType);
-
-			Assert.isTrue(primaryBeanNames.size() != 0, () -> "Found " + beanNamesForType.length + " beans for type "
-					+ interfaceName + ", but none marked as primary");
-			Assert.isTrue(primaryBeanNames.size() == 1, () -> "Found " + primaryBeanNames.size() + " beans for type "
-					+ interfaceName + " marked as primary");
-			beanName = primaryBeanNames.get(0);
-		}
-		else {
-			beanName = beanNamesForType[0];
-		}
-
+		String beanName = getBeanName(interfaceName, beanNamesForType);
 		lazyTargetSource.setTargetBeanName(beanName);
 		lazyTargetSource.setBeanFactory(this.applicationContext);
 		ProxyFactoryBean proxyFactory = new ProxyFactoryBean();
@@ -176,6 +159,18 @@ public class AuthenticationConfiguration {
 		return (T) proxyFactory.getObject();
 	}
 
+	private <T> String getBeanName(Class<T> interfaceName, String[] beanNamesForType) {
+		if (beanNamesForType.length == 1) {
+			return beanNamesForType[0];
+		}
+		List<String> primaryBeanNames = getPrimaryBeanNames(beanNamesForType);
+		Assert.isTrue(primaryBeanNames.size() != 0, () -> "Found " + beanNamesForType.length + " beans for type "
+				+ interfaceName + ", but none marked as primary");
+		Assert.isTrue(primaryBeanNames.size() == 1,
+				() -> "Found " + primaryBeanNames.size() + " beans for type " + interfaceName + " marked as primary");
+		return primaryBeanNames.get(0);
+	}
+
 	private List<String> getPrimaryBeanNames(String[] beanNamesForType) {
 		List<String> list = new ArrayList<>();
 		if (!(this.applicationContext instanceof ConfigurableApplicationContext)) {
@@ -217,9 +212,7 @@ public class AuthenticationConfiguration {
 		public void init(AuthenticationManagerBuilder auth) {
 			Map<String, Object> beansWithAnnotation = this.context
 					.getBeansWithAnnotation(EnableGlobalAuthentication.class);
-			if (logger.isDebugEnabled()) {
-				logger.debug("Eagerly initializing " + beansWithAnnotation);
-			}
+			logger.debug(LogMessage.format("Eagerly initializing %s", beansWithAnnotation));
 		}
 
 	}
@@ -249,14 +242,12 @@ public class AuthenticationConfiguration {
 			if (this.delegate != null) {
 				return this.delegate.authenticate(authentication);
 			}
-
 			synchronized (this.delegateMonitor) {
 				if (this.delegate == null) {
 					this.delegate = this.delegateBuilder.getObject();
 					this.delegateBuilder = null;
 				}
 			}
-
 			return this.delegate.authenticate(authentication);
 		}
 
diff --git a/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/InitializeAuthenticationProviderBeanManagerConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/InitializeAuthenticationProviderBeanManagerConfigurer.java
index 3853c9c4e3..3958699f4b 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/InitializeAuthenticationProviderBeanManagerConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/InitializeAuthenticationProviderBeanManagerConfigurer.java
@@ -58,7 +58,6 @@ class InitializeAuthenticationProviderBeanManagerConfigurer extends GlobalAuthen
 			if (authenticationProvider == null) {
 				return;
 			}
-
 			auth.authenticationProvider(authenticationProvider);
 		}
 
@@ -72,7 +71,6 @@ class InitializeAuthenticationProviderBeanManagerConfigurer extends GlobalAuthen
 			if (beanNames.length != 1) {
 				return null;
 			}
-
 			return InitializeAuthenticationProviderBeanManagerConfigurer.this.context.getBean(beanNames[0], type);
 		}
 
diff --git a/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/InitializeUserDetailsBeanManagerConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/InitializeUserDetailsBeanManagerConfigurer.java
index f14776f184..07fff8886b 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/InitializeUserDetailsBeanManagerConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/InitializeUserDetailsBeanManagerConfigurer.java
@@ -63,10 +63,8 @@ class InitializeUserDetailsBeanManagerConfigurer extends GlobalAuthenticationCon
 			if (userDetailsService == null) {
 				return;
 			}
-
 			PasswordEncoder passwordEncoder = getBeanOrNull(PasswordEncoder.class);
 			UserDetailsPasswordService passwordManager = getBeanOrNull(UserDetailsPasswordService.class);
-
 			DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
 			provider.setUserDetailsService(userDetailsService);
 			if (passwordEncoder != null) {
@@ -76,7 +74,6 @@ class InitializeUserDetailsBeanManagerConfigurer extends GlobalAuthenticationCon
 				provider.setUserDetailsPasswordService(passwordManager);
 			}
 			provider.afterPropertiesSet();
-
 			auth.authenticationProvider(provider);
 		}
 
@@ -89,7 +86,6 @@ class InitializeUserDetailsBeanManagerConfigurer extends GlobalAuthenticationCon
 			if (beanNames.length != 1) {
 				return null;
 			}
-
 			return InitializeUserDetailsBeanManagerConfigurer.this.context.getBean(beanNames[0], type);
 		}
 
diff --git a/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/ldap/LdapAuthenticationProviderConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/ldap/LdapAuthenticationProviderConfigurer.java
index 389a39eda6..ac956837b7 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/ldap/LdapAuthenticationProviderConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/ldap/LdapAuthenticationProviderConfigurer.java
@@ -93,9 +93,7 @@ public class LdapAuthenticationProviderConfigurer<B extends ProviderManagerBuild
 	private LdapAuthenticationProvider build() throws Exception {
 		BaseLdapPathContextSource contextSource = getContextSource();
 		LdapAuthenticator ldapAuthenticator = createLdapAuthenticator(contextSource);
-
 		LdapAuthoritiesPopulator authoritiesPopulator = getLdapAuthoritiesPopulator();
-
 		LdapAuthenticationProvider ldapAuthenticationProvider = new LdapAuthenticationProvider(ldapAuthenticator,
 				authoritiesPopulator);
 		ldapAuthenticationProvider.setAuthoritiesMapper(getAuthoritiesMapper());
@@ -136,14 +134,12 @@ public class LdapAuthenticationProviderConfigurer<B extends ProviderManagerBuild
 		if (this.ldapAuthoritiesPopulator != null) {
 			return this.ldapAuthoritiesPopulator;
 		}
-
 		DefaultLdapAuthoritiesPopulator defaultAuthoritiesPopulator = new DefaultLdapAuthoritiesPopulator(
 				this.contextSource, this.groupSearchBase);
 		defaultAuthoritiesPopulator.setGroupRoleAttribute(this.groupRoleAttribute);
 		defaultAuthoritiesPopulator.setGroupSearchFilter(this.groupSearchFilter);
 		defaultAuthoritiesPopulator.setSearchSubtree(this.groupSearchSubtree);
 		defaultAuthoritiesPopulator.setRolePrefix(this.rolePrefix);
-
 		this.ldapAuthoritiesPopulator = defaultAuthoritiesPopulator;
 		return defaultAuthoritiesPopulator;
 	}
@@ -173,7 +169,6 @@ public class LdapAuthenticationProviderConfigurer<B extends ProviderManagerBuild
 		if (this.authoritiesMapper != null) {
 			return this.authoritiesMapper;
 		}
-
 		SimpleAuthorityMapper simpleAuthorityMapper = new SimpleAuthorityMapper();
 		simpleAuthorityMapper.setPrefix(this.rolePrefix);
 		simpleAuthorityMapper.afterPropertiesSet();
@@ -554,7 +549,6 @@ public class LdapAuthenticationProviderConfigurer<B extends ProviderManagerBuild
 			if (this.url == null) {
 				startEmbeddedLdapServer();
 			}
-
 			DefaultSpringSecurityContextSource contextSource = new DefaultSpringSecurityContextSource(getProviderUrl());
 			if (this.managerDn != null) {
 				contextSource.setUserDn(this.managerDn);
diff --git a/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/userdetails/UserDetailsServiceConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/userdetails/UserDetailsServiceConfigurer.java
index 8e769ff52a..33bfb5c909 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/userdetails/UserDetailsServiceConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/userdetails/UserDetailsServiceConfigurer.java
@@ -45,7 +45,6 @@ public class UserDetailsServiceConfigurer<B extends ProviderManagerBuilder<B>, C
 	@Override
 	public void configure(B builder) throws Exception {
 		initUserDetailsService();
-
 		super.configure(builder);
 	}
 
diff --git a/config/src/main/java/org/springframework/security/config/annotation/configuration/AutowireBeanFactoryObjectPostProcessor.java b/config/src/main/java/org/springframework/security/config/annotation/configuration/AutowireBeanFactoryObjectPostProcessor.java
index 9ca88e0b5c..7792ff44ce 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/configuration/AutowireBeanFactoryObjectPostProcessor.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/configuration/AutowireBeanFactoryObjectPostProcessor.java
@@ -91,8 +91,8 @@ final class AutowireBeanFactoryObjectPostProcessor
 			try {
 				disposable.destroy();
 			}
-			catch (Exception error) {
-				this.logger.error(error);
+			catch (Exception ex) {
+				this.logger.error(ex);
 			}
 		}
 	}
diff --git a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityAspectJAutoProxyRegistrar.java b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityAspectJAutoProxyRegistrar.java
index 773ea42614..b2c44c9280 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityAspectJAutoProxyRegistrar.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityAspectJAutoProxyRegistrar.java
@@ -46,15 +46,12 @@ class GlobalMethodSecurityAspectJAutoProxyRegistrar implements ImportBeanDefinit
 	 */
 	@Override
 	public void registerBeanDefinitions(AnnotationMetadata importingClassMetadata, BeanDefinitionRegistry registry) {
-
 		BeanDefinition interceptor = registry.getBeanDefinition("methodSecurityInterceptor");
-
 		BeanDefinitionBuilder aspect = BeanDefinitionBuilder.rootBeanDefinition(
 				"org.springframework.security.access.intercept.aspectj.aspect.AnnotationSecurityAspect");
 		aspect.setFactoryMethod("aspectOf");
 		aspect.setRole(BeanDefinition.ROLE_INFRASTRUCTURE);
 		aspect.addPropertyValue("securityInterceptor", interceptor);
-
 		registry.registerBeanDefinition("annotationSecurityAspect$0", aspect.getBeanDefinition());
 	}
 
diff --git a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfiguration.java
index 5dda0b0f1f..89c713062d 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfiguration.java
@@ -92,11 +92,13 @@ public class GlobalMethodSecurityConfiguration implements ImportAware, SmartInit
 	private static final Log logger = LogFactory.getLog(GlobalMethodSecurityConfiguration.class);
 
 	private ObjectPostProcessor<Object> objectPostProcessor = new ObjectPostProcessor<Object>() {
+
 		@Override
 		public <T> T postProcess(T object) {
 			throw new IllegalStateException(ObjectPostProcessor.class.getName()
 					+ " is a required bean. Ensure you have used @" + EnableGlobalMethodSecurity.class.getName());
 		}
+
 	};
 
 	private DefaultMethodSecurityExpressionHandler defaultMethodExpressionHandler = new DefaultMethodSecurityExpressionHandler();
@@ -145,7 +147,6 @@ public class GlobalMethodSecurityConfiguration implements ImportAware, SmartInit
 		if (runAsManager != null) {
 			this.methodSecurityInterceptor.setRunAsManager(runAsManager);
 		}
-
 		return this.methodSecurityInterceptor;
 	}
 
@@ -157,22 +158,18 @@ public class GlobalMethodSecurityConfiguration implements ImportAware, SmartInit
 		catch (Exception ex) {
 			throw new RuntimeException(ex);
 		}
-
 		PermissionEvaluator permissionEvaluator = getSingleBeanOrNull(PermissionEvaluator.class);
 		if (permissionEvaluator != null) {
 			this.defaultMethodExpressionHandler.setPermissionEvaluator(permissionEvaluator);
 		}
-
 		RoleHierarchy roleHierarchy = getSingleBeanOrNull(RoleHierarchy.class);
 		if (roleHierarchy != null) {
 			this.defaultMethodExpressionHandler.setRoleHierarchy(roleHierarchy);
 		}
-
 		AuthenticationTrustResolver trustResolver = getSingleBeanOrNull(AuthenticationTrustResolver.class);
 		if (trustResolver != null) {
 			this.defaultMethodExpressionHandler.setTrustResolver(trustResolver);
 		}
-
 		GrantedAuthorityDefaults grantedAuthorityDefaults = getSingleBeanOrNull(GrantedAuthorityDefaults.class);
 		if (grantedAuthorityDefaults != null) {
 			this.defaultMethodExpressionHandler.setDefaultRolePrefix(grantedAuthorityDefaults.getRolePrefix());
@@ -315,12 +312,8 @@ public class GlobalMethodSecurityConfiguration implements ImportAware, SmartInit
 			this.auth = new AuthenticationManagerBuilder(this.objectPostProcessor);
 			this.auth.authenticationEventPublisher(eventPublisher);
 			configure(this.auth);
-			if (this.disableAuthenticationRegistry) {
-				this.authenticationManager = getAuthenticationConfiguration().getAuthenticationManager();
-			}
-			else {
-				this.authenticationManager = this.auth.build();
-			}
+			this.authenticationManager = (this.disableAuthenticationRegistry)
+					? getAuthenticationConfiguration().getAuthenticationManager() : this.auth.build();
 		}
 		return this.authenticationManager;
 	}
@@ -353,17 +346,13 @@ public class GlobalMethodSecurityConfiguration implements ImportAware, SmartInit
 		if (customMethodSecurityMetadataSource != null) {
 			sources.add(customMethodSecurityMetadataSource);
 		}
-
 		boolean hasCustom = customMethodSecurityMetadataSource != null;
 		boolean isPrePostEnabled = prePostEnabled();
 		boolean isSecuredEnabled = securedEnabled();
 		boolean isJsr250Enabled = jsr250Enabled();
-
-		if (!isPrePostEnabled && !isSecuredEnabled && !isJsr250Enabled && !hasCustom) {
-			throw new IllegalStateException("In the composition of all global method configuration, "
-					+ "no annotation support was actually activated");
-		}
-
+		Assert.state(isPrePostEnabled || isSecuredEnabled || isJsr250Enabled || hasCustom,
+				"In the composition of all global method configuration, "
+						+ "no annotation support was actually activated");
 		if (isPrePostEnabled) {
 			sources.add(new PrePostAnnotationSecurityMetadataSource(attributeFactory));
 		}
@@ -441,10 +430,6 @@ public class GlobalMethodSecurityConfiguration implements ImportAware, SmartInit
 		return enableMethodSecurity().getBoolean("jsr250Enabled");
 	}
 
-	private int order() {
-		return (Integer) enableMethodSecurity().get("order");
-	}
-
 	private boolean isAspectJ() {
 		return enableMethodSecurity().getEnum("mode") == AdviceMode.ASPECTJ;
 	}
diff --git a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecuritySelector.java b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecuritySelector.java
index 91b9b82180..516835b0a4 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecuritySelector.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecuritySelector.java
@@ -45,35 +45,27 @@ final class GlobalMethodSecuritySelector implements ImportSelector {
 		AnnotationAttributes attributes = AnnotationAttributes.fromMap(annotationAttributes);
 		Assert.notNull(attributes, () -> String.format("@%s is not present on importing class '%s' as expected",
 				annoType.getSimpleName(), importingClassMetadata.getClassName()));
-
 		// TODO would be nice if could use BeanClassLoaderAware (does not work)
 		Class<?> importingClass = ClassUtils.resolveClassName(importingClassMetadata.getClassName(),
 				ClassUtils.getDefaultClassLoader());
 		boolean skipMethodSecurityConfiguration = GlobalMethodSecurityConfiguration.class
 				.isAssignableFrom(importingClass);
-
 		AdviceMode mode = attributes.getEnum("mode");
 		boolean isProxy = AdviceMode.PROXY == mode;
 		String autoProxyClassName = isProxy ? AutoProxyRegistrar.class.getName()
 				: GlobalMethodSecurityAspectJAutoProxyRegistrar.class.getName();
-
 		boolean jsr250Enabled = attributes.getBoolean("jsr250Enabled");
-
 		List<String> classNames = new ArrayList<>(4);
 		if (isProxy) {
 			classNames.add(MethodSecurityMetadataSourceAdvisorRegistrar.class.getName());
 		}
-
 		classNames.add(autoProxyClassName);
-
 		if (!skipMethodSecurityConfiguration) {
 			classNames.add(GlobalMethodSecurityConfiguration.class.getName());
 		}
-
 		if (jsr250Enabled) {
 			classNames.add(Jsr250MetadataSourceConfiguration.class.getName());
 		}
-
 		return classNames.toArray(new String[0]);
 	}
 
diff --git a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/MethodSecurityMetadataSourceAdvisorRegistrar.java b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/MethodSecurityMetadataSourceAdvisorRegistrar.java
index ba3546cf70..84a33b00cd 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/MethodSecurityMetadataSourceAdvisorRegistrar.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/MethodSecurityMetadataSourceAdvisorRegistrar.java
@@ -42,21 +42,18 @@ class MethodSecurityMetadataSourceAdvisorRegistrar implements ImportBeanDefiniti
 	 */
 	@Override
 	public void registerBeanDefinitions(AnnotationMetadata importingClassMetadata, BeanDefinitionRegistry registry) {
-
 		BeanDefinitionBuilder advisor = BeanDefinitionBuilder
 				.rootBeanDefinition(MethodSecurityMetadataSourceAdvisor.class);
 		advisor.setRole(BeanDefinition.ROLE_INFRASTRUCTURE);
 		advisor.addConstructorArgValue("methodSecurityInterceptor");
 		advisor.addConstructorArgReference("methodSecurityMetadataSource");
 		advisor.addConstructorArgValue("methodSecurityMetadataSource");
-
 		MultiValueMap<String, Object> attributes = importingClassMetadata
 				.getAllAnnotationAttributes(EnableGlobalMethodSecurity.class.getName());
 		Integer order = (Integer) attributes.getFirst("order");
 		if (order != null) {
 			advisor.addPropertyValue("order", order);
 		}
-
 		registry.registerBeanDefinition("metaDataSourceAdvisor", advisor.getBeanDefinition());
 	}
 
diff --git a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecurityConfiguration.java
index 102795da16..e66dec4d6e 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecurityConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecurityConfiguration.java
@@ -72,11 +72,9 @@ class ReactiveMethodSecurityConfiguration implements ImportAware {
 	@Bean
 	PrePostAdviceReactiveMethodInterceptor securityMethodInterceptor(AbstractMethodSecurityMetadataSource source,
 			MethodSecurityExpressionHandler handler) {
-
 		ExpressionBasedPostInvocationAdvice postAdvice = new ExpressionBasedPostInvocationAdvice(handler);
 		ExpressionBasedPreInvocationAdvice preAdvice = new ExpressionBasedPreInvocationAdvice();
 		preAdvice.setExpressionHandler(handler);
-
 		return new PrePostAdviceReactiveMethodInterceptor(source, preAdvice, postAdvice);
 	}
 
diff --git a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecuritySelector.java b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecuritySelector.java
index eee357e655..17e350e5f2 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecuritySelector.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecuritySelector.java
@@ -31,12 +31,10 @@ class ReactiveMethodSecuritySelector extends AdviceModeImportSelector<EnableReac
 
 	@Override
 	protected String[] selectImports(AdviceMode adviceMode) {
-		switch (adviceMode) {
-		case PROXY:
+		if (adviceMode == AdviceMode.PROXY) {
 			return getProxyImports();
-		default:
-			throw new IllegalStateException("AdviceMode " + adviceMode + " is not supported");
 		}
+		throw new IllegalStateException("AdviceMode " + adviceMode + " is not supported");
 	}
 
 	/**
diff --git a/config/src/main/java/org/springframework/security/config/annotation/rsocket/RSocketSecurity.java b/config/src/main/java/org/springframework/security/config/annotation/rsocket/RSocketSecurity.java
index 85bde9ee27..4beef6947b 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/rsocket/RSocketSecurity.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/rsocket/RSocketSecurity.java
@@ -202,7 +202,6 @@ public class RSocketSecurity {
 
 	private List<PayloadInterceptor> payloadInterceptors() {
 		List<PayloadInterceptor> result = new ArrayList<>(this.payloadInterceptors);
-
 		if (this.basicAuthSpec != null) {
 			result.add(this.basicAuthSpec.build());
 		}
@@ -213,7 +212,6 @@ public class RSocketSecurity {
 			result.addAll(this.jwtSpec.build());
 		}
 		result.add(anonymous());
-
 		if (this.authorizePayload != null) {
 			result.add(this.authorizePayload.build());
 		}
@@ -260,6 +258,9 @@ public class RSocketSecurity {
 
 		private ReactiveAuthenticationManager authenticationManager;
 
+		private SimpleAuthenticationSpec() {
+		}
+
 		public SimpleAuthenticationSpec authenticationManager(ReactiveAuthenticationManager authenticationManager) {
 			this.authenticationManager = authenticationManager;
 			return this;
@@ -280,15 +281,15 @@ public class RSocketSecurity {
 			return result;
 		}
 
-		private SimpleAuthenticationSpec() {
-		}
-
 	}
 
 	public final class BasicAuthenticationSpec {
 
 		private ReactiveAuthenticationManager authenticationManager;
 
+		private BasicAuthenticationSpec() {
+		}
+
 		public BasicAuthenticationSpec authenticationManager(ReactiveAuthenticationManager authenticationManager) {
 			this.authenticationManager = authenticationManager;
 			return this;
@@ -308,15 +309,15 @@ public class RSocketSecurity {
 			return result;
 		}
 
-		private BasicAuthenticationSpec() {
-		}
-
 	}
 
 	public final class JwtSpec {
 
 		private ReactiveAuthenticationManager authenticationManager;
 
+		private JwtSpec() {
+		}
+
 		public JwtSpec authenticationManager(ReactiveAuthenticationManager authenticationManager) {
 			this.authenticationManager = authenticationManager;
 			return this;
@@ -339,17 +340,12 @@ public class RSocketSecurity {
 			AuthenticationPayloadInterceptor legacy = new AuthenticationPayloadInterceptor(manager);
 			legacy.setAuthenticationConverter(new BearerPayloadExchangeConverter());
 			legacy.setOrder(PayloadInterceptorOrder.AUTHENTICATION.getOrder());
-
 			AuthenticationPayloadInterceptor standard = new AuthenticationPayloadInterceptor(manager);
 			standard.setAuthenticationConverter(new AuthenticationPayloadExchangeConverter());
 			standard.setOrder(PayloadInterceptorOrder.AUTHENTICATION.getOrder());
-
 			return Arrays.asList(standard, legacy);
 		}
 
-		private JwtSpec() {
-		}
-
 	}
 
 	public class AuthorizePayloadsSpec {
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistry.java b/config/src/main/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistry.java
index 054896575c..e20d71054d 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistry.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistry.java
@@ -170,7 +170,6 @@ public abstract class AbstractRequestMatcherRegistry<C> {
 		for (String mvcPattern : mvcPatterns) {
 			MvcRequestMatcher matcher = new MvcRequestMatcher(introspector, mvcPattern);
 			opp.postProcess(matcher);
-
 			if (method != null) {
 				matcher.setMethod(method);
 			}
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/builders/FilterComparator.java b/config/src/main/java/org/springframework/security/config/annotation/web/builders/FilterComparator.java
index d143aab14c..9c07581daa 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/builders/FilterComparator.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/builders/FilterComparator.java
@@ -46,6 +46,7 @@ import org.springframework.security.web.savedrequest.RequestCacheAwareFilter;
 import org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter;
 import org.springframework.security.web.session.ConcurrentSessionFilter;
 import org.springframework.security.web.session.SessionManagementFilter;
+import org.springframework.util.Assert;
 import org.springframework.web.filter.CorsFilter;
 
 /**
@@ -138,10 +139,7 @@ final class FilterComparator implements Comparator<Filter>, Serializable {
 	 */
 	void registerAfter(Class<? extends Filter> filter, Class<? extends Filter> afterFilter) {
 		Integer position = getOrder(afterFilter);
-		if (position == null) {
-			throw new IllegalArgumentException("Cannot register after unregistered Filter " + afterFilter);
-		}
-
+		Assert.notNull(position, () -> "Cannot register after unregistered Filter " + afterFilter);
 		put(filter, position + 1);
 	}
 
@@ -153,10 +151,7 @@ final class FilterComparator implements Comparator<Filter>, Serializable {
 	 */
 	void registerAt(Class<? extends Filter> filter, Class<? extends Filter> atFilter) {
 		Integer position = getOrder(atFilter);
-		if (position == null) {
-			throw new IllegalArgumentException("Cannot register after unregistered Filter " + atFilter);
-		}
-
+		Assert.notNull(position, () -> "Cannot register after unregistered Filter " + atFilter);
 		put(filter, position);
 	}
 
@@ -169,10 +164,7 @@ final class FilterComparator implements Comparator<Filter>, Serializable {
 	 */
 	void registerBefore(Class<? extends Filter> filter, Class<? extends Filter> beforeFilter) {
 		Integer position = getOrder(beforeFilter);
-		if (position == null) {
-			throw new IllegalArgumentException("Cannot register after unregistered Filter " + beforeFilter);
-		}
-
+		Assert.notNull(position, () -> "Cannot register after unregistered Filter " + beforeFilter);
 		put(filter, position - 1);
 	}
 
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/builders/WebSecurity.java b/config/src/main/java/org/springframework/security/config/annotation/web/builders/WebSecurity.java
index 5ff35ec68f..78cbb2a4f3 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/builders/WebSecurity.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/builders/WebSecurity.java
@@ -308,20 +308,17 @@ public final class WebSecurity extends AbstractConfiguredSecurityBuilder<Filter,
 	@Override
 	public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
 		this.defaultWebSecurityExpressionHandler.setApplicationContext(applicationContext);
-
 		try {
 			this.defaultWebSecurityExpressionHandler.setRoleHierarchy(applicationContext.getBean(RoleHierarchy.class));
 		}
 		catch (NoSuchBeanDefinitionException ex) {
 		}
-
 		try {
 			this.defaultWebSecurityExpressionHandler
 					.setPermissionEvaluator(applicationContext.getBean(PermissionEvaluator.class));
 		}
 		catch (NoSuchBeanDefinitionException ex) {
 		}
-
 		this.ignoredRequestRegistry = new IgnoredRequestConfigurer(applicationContext);
 		try {
 			this.httpFirewall = applicationContext.getBean(HttpFirewall.class);
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfiguration.java
index 90f2cf9f03..c6c45f8472 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfiguration.java
@@ -80,27 +80,27 @@ class HttpSecurityConfiguration {
 	HttpSecurity httpSecurity() throws Exception {
 		WebSecurityConfigurerAdapter.LazyPasswordEncoder passwordEncoder = new WebSecurityConfigurerAdapter.LazyPasswordEncoder(
 				this.context);
-
 		AuthenticationManagerBuilder authenticationBuilder = new WebSecurityConfigurerAdapter.DefaultPasswordEncoderAuthenticationManagerBuilder(
 				this.objectPostProcessor, passwordEncoder);
 		authenticationBuilder.parentAuthenticationManager(authenticationManager());
-
 		HttpSecurity http = new HttpSecurity(this.objectPostProcessor, authenticationBuilder, createSharedObjects());
-		http.csrf(withDefaults()).addFilter(new WebAsyncManagerIntegrationFilter()).exceptionHandling(withDefaults())
-				.headers(withDefaults()).sessionManagement(withDefaults()).securityContext(withDefaults())
-				.requestCache(withDefaults()).anonymous(withDefaults()).servletApi(withDefaults())
-				.logout(withDefaults()).apply(new DefaultLoginPageConfigurer<>());
-
+		http.csrf(withDefaults());
+		http.addFilter(new WebAsyncManagerIntegrationFilter());
+		http.exceptionHandling(withDefaults());
+		http.headers(withDefaults());
+		http.sessionManagement(withDefaults());
+		http.securityContext(withDefaults());
+		http.requestCache(withDefaults());
+		http.anonymous(withDefaults());
+		http.servletApi(withDefaults());
+		http.logout(withDefaults());
+		http.apply(new DefaultLoginPageConfigurer<>());
 		return http;
 	}
 
 	private AuthenticationManager authenticationManager() throws Exception {
-		if (this.authenticationManager != null) {
-			return this.authenticationManager;
-		}
-		else {
-			return this.authenticationConfiguration.getAuthenticationManager();
-		}
+		return (this.authenticationManager != null) ? this.authenticationManager
+				: this.authenticationConfiguration.getAuthenticationManager();
 	}
 
 	private Map<Class<?>, Object> createSharedObjects() {
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfiguration.java
index 9b6e11ec87..80f4ffa6b6 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfiguration.java
@@ -54,12 +54,12 @@ final class OAuth2ClientConfiguration {
 
 		@Override
 		public String[] selectImports(AnnotationMetadata importingClassMetadata) {
-			boolean webmvcPresent = ClassUtils.isPresent("org.springframework.web.servlet.DispatcherServlet",
-					getClass().getClassLoader());
-
-			return webmvcPresent ? new String[] {
-					"org.springframework.security.config.annotation.web.configuration.OAuth2ClientConfiguration.OAuth2ClientWebMvcSecurityConfiguration" }
-					: new String[] {};
+			if (!ClassUtils.isPresent("org.springframework.web.servlet.DispatcherServlet",
+					getClass().getClassLoader())) {
+				return new String[0];
+			}
+			return new String[] { "org.springframework.security.config.annotation.web.configuration."
+					+ "OAuth2ClientConfiguration.OAuth2ClientWebMvcSecurityConfiguration" };
 		}
 
 	}
@@ -114,7 +114,6 @@ final class OAuth2ClientConfiguration {
 			if (this.authorizedClientManager != null) {
 				return this.authorizedClientManager;
 			}
-
 			OAuth2AuthorizedClientManager authorizedClientManager = null;
 			if (this.clientRegistrationRepository != null && this.authorizedClientRepository != null) {
 				if (this.accessTokenResponseClient != null) {
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/OAuth2ImportSelector.java b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/OAuth2ImportSelector.java
index 058fc630db..79eeb478d5 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/OAuth2ImportSelector.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/OAuth2ImportSelector.java
@@ -22,6 +22,7 @@ import java.util.Set;
 import org.springframework.context.annotation.ImportSelector;
 import org.springframework.core.type.AnnotationMetadata;
 import org.springframework.util.ClassUtils;
+import org.springframework.util.StringUtils;
 
 /**
  * Used by {@link EnableWebSecurity} to conditionally import:
@@ -45,29 +46,25 @@ final class OAuth2ImportSelector implements ImportSelector {
 	@Override
 	public String[] selectImports(AnnotationMetadata importingClassMetadata) {
 		Set<String> imports = new LinkedHashSet<>();
-
-		boolean oauth2ClientPresent = ClassUtils.isPresent(
-				"org.springframework.security.oauth2.client.registration.ClientRegistration",
-				getClass().getClassLoader());
+		ClassLoader classLoader = getClass().getClassLoader();
+		boolean oauth2ClientPresent = ClassUtils
+				.isPresent("org.springframework.security.oauth2.client.registration.ClientRegistration", classLoader);
+		boolean webfluxPresent = ClassUtils
+				.isPresent("org.springframework.web.reactive.function.client.ExchangeFilterFunction", classLoader);
+		boolean oauth2ResourceServerPresent = ClassUtils
+				.isPresent("org.springframework.security.oauth2.server.resource.BearerTokenError", classLoader);
 		if (oauth2ClientPresent) {
 			imports.add("org.springframework.security.config.annotation.web.configuration.OAuth2ClientConfiguration");
 		}
-
-		boolean webfluxPresent = ClassUtils.isPresent(
-				"org.springframework.web.reactive.function.client.ExchangeFilterFunction", getClass().getClassLoader());
 		if (webfluxPresent && oauth2ClientPresent) {
 			imports.add(
 					"org.springframework.security.config.annotation.web.configuration.SecurityReactorContextConfiguration");
 		}
-
-		boolean oauth2ResourceServerPresent = ClassUtils.isPresent(
-				"org.springframework.security.oauth2.server.resource.BearerTokenError", getClass().getClassLoader());
 		if (webfluxPresent && oauth2ResourceServerPresent) {
 			imports.add(
 					"org.springframework.security.config.annotation.web.configuration.SecurityReactorContextConfiguration");
 		}
-
-		return imports.toArray(new String[0]);
+		return StringUtils.toStringArray(imports);
 	}
 
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfiguration.java
index 2e59665ff4..2783cb358b 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfiguration.java
@@ -71,7 +71,6 @@ class SecurityReactorContextConfiguration {
 		public void afterPropertiesSet() throws Exception {
 			Function<? super Publisher<Object>, ? extends Publisher<Object>> lifter = Operators
 					.liftPublisher((pub, sub) -> createSubscriberIfNecessary(sub));
-
 			Hooks.onLastOperator(SECURITY_REACTOR_CONTEXT_OPERATOR_KEY, (pub) -> {
 				if (!contextAttributesAvailable()) {
 					// No need to decorate so return original Publisher
@@ -112,7 +111,6 @@ class SecurityReactorContextConfiguration {
 			if (authentication == null && servletRequest == null) {
 				return Collections.emptyMap();
 			}
-
 			Map<Object, Object> contextAttributes = new HashMap<>();
 			if (servletRequest != null) {
 				contextAttributes.put(HttpServletRequest.class, servletRequest);
@@ -139,17 +137,17 @@ class SecurityReactorContextConfiguration {
 
 		SecurityReactorContextSubscriber(CoreSubscriber<T> delegate, Map<Object, Object> attributes) {
 			this.delegate = delegate;
-			Context currentContext = this.delegate.currentContext();
-			Context context;
-			if (currentContext.hasKey(SECURITY_CONTEXT_ATTRIBUTES)) {
-				context = currentContext;
-			}
-			else {
-				context = currentContext.put(SECURITY_CONTEXT_ATTRIBUTES, attributes);
-			}
+			Context context = getOrPutContext(attributes, this.delegate.currentContext());
 			this.context = context;
 		}
 
+		private Context getOrPutContext(Map<Object, Object> attributes, Context currentContext) {
+			if (currentContext.hasKey(SECURITY_CONTEXT_ATTRIBUTES)) {
+				return currentContext;
+			}
+			return currentContext.put(SECURITY_CONTEXT_ATTRIBUTES, attributes);
+		}
+
 		@Override
 		public Context currentContext() {
 			return this.context;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/SpringWebMvcImportSelector.java b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/SpringWebMvcImportSelector.java
index 4ff31b81d0..fee0fd6162 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/SpringWebMvcImportSelector.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/SpringWebMvcImportSelector.java
@@ -32,12 +32,11 @@ class SpringWebMvcImportSelector implements ImportSelector {
 
 	@Override
 	public String[] selectImports(AnnotationMetadata importingClassMetadata) {
-		boolean webmvcPresent = ClassUtils.isPresent("org.springframework.web.servlet.DispatcherServlet",
-				getClass().getClassLoader());
-		return webmvcPresent
-				? new String[] {
-						"org.springframework.security.config.annotation.web.configuration.WebMvcSecurityConfiguration" }
-				: new String[] {};
+		if (!ClassUtils.isPresent("org.springframework.web.servlet.DispatcherServlet", getClass().getClassLoader())) {
+			return new String[0];
+		}
+		return new String[] {
+				"org.springframework.security.config.annotation.web.configuration.WebMvcSecurityConfiguration" };
 	}
 
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebMvcSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebMvcSecurityConfiguration.java
index 0e72157de2..db63fcf82b 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebMvcSecurityConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebMvcSecurityConfiguration.java
@@ -58,7 +58,6 @@ class WebMvcSecurityConfiguration implements WebMvcConfigurer, ApplicationContex
 		argumentResolvers.add(authenticationPrincipalResolver);
 		argumentResolvers
 				.add(new org.springframework.security.web.bind.support.AuthenticationPrincipalArgumentResolver());
-
 		CurrentSecurityContextArgumentResolver currentSecurityContextArgumentResolver = new CurrentSecurityContextArgumentResolver();
 		currentSecurityContextArgumentResolver.setBeanResolver(this.beanResolver);
 		argumentResolvers.add(currentSecurityContextArgumentResolver);
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.java
index 2294bdc25d..27fc4ba5e1 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.java
@@ -50,6 +50,7 @@ import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.access.WebInvocationPrivilegeEvaluator;
 import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
 import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;
+import org.springframework.util.Assert;
 
 /**
  * Uses a {@link WebSecurity} to create the {@link FilterChainProxy} that performs the web
@@ -101,10 +102,8 @@ public class WebSecurityConfiguration implements ImportAware, BeanClassLoaderAwa
 	public Filter springSecurityFilterChain() throws Exception {
 		boolean hasConfigurers = this.webSecurityConfigurers != null && !this.webSecurityConfigurers.isEmpty();
 		boolean hasFilterChain = !this.securityFilterChains.isEmpty();
-		if (hasConfigurers && hasFilterChain) {
-			throw new IllegalStateException(
-					"Found WebSecurityConfigurerAdapter as well as SecurityFilterChain." + "Please select just one.");
-		}
+		Assert.state(!(hasConfigurers && hasFilterChain),
+				"Found WebSecurityConfigurerAdapter as well as SecurityFilterChain. Please select just one.");
 		if (!hasConfigurers && !hasFilterChain) {
 			WebSecurityConfigurerAdapter adapter = this.objectObjectPostProcessor
 					.postProcess(new WebSecurityConfigurerAdapter() {
@@ -152,9 +151,7 @@ public class WebSecurityConfiguration implements ImportAware, BeanClassLoaderAwa
 		if (this.debugEnabled != null) {
 			this.webSecurity.debug(this.debugEnabled);
 		}
-
 		webSecurityConfigurers.sort(AnnotationAwareOrderComparator.INSTANCE);
-
 		Integer previousOrder = null;
 		Object previousConfig = null;
 		for (SecurityConfigurer<Filter, WebSecurity> config : webSecurityConfigurers) {
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurerAdapter.java b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurerAdapter.java
index fd66c8bf5a..61609ede2a 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurerAdapter.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurerAdapter.java
@@ -18,7 +18,6 @@ package org.springframework.security.config.annotation.web.configuration;
 
 import java.lang.reflect.Field;
 import java.util.Arrays;
-import java.util.Collections;
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.List;
@@ -200,34 +199,17 @@ public abstract class WebSecurityConfigurerAdapter implements WebSecurityConfigu
 		if (this.http != null) {
 			return this.http;
 		}
-
 		AuthenticationEventPublisher eventPublisher = getAuthenticationEventPublisher();
 		this.localConfigureAuthenticationBldr.authenticationEventPublisher(eventPublisher);
-
 		AuthenticationManager authenticationManager = authenticationManager();
 		this.authenticationBuilder.parentAuthenticationManager(authenticationManager);
 		Map<Class<?>, Object> sharedObjects = createSharedObjects();
-
 		this.http = new HttpSecurity(this.objectPostProcessor, this.authenticationBuilder, sharedObjects);
 		if (!this.disableDefaults) {
-			// @formatter:off
-			this.http
-				.csrf().and()
-				.addFilter(new WebAsyncManagerIntegrationFilter())
-				.exceptionHandling().and()
-				.headers().and()
-				.sessionManagement().and()
-				.securityContext().and()
-				.requestCache().and()
-				.anonymous().and()
-				.servletApi().and()
-				.apply(new DefaultLoginPageConfigurer<>()).and()
-				.logout();
-			// @formatter:on
+			applyDefaultConfiguration(this.http);
 			ClassLoader classLoader = this.context.getClassLoader();
 			List<AbstractHttpConfigurer> defaultHttpConfigurers = SpringFactoriesLoader
 					.loadFactories(AbstractHttpConfigurer.class, classLoader);
-
 			for (AbstractHttpConfigurer configurer : defaultHttpConfigurers) {
 				this.http.apply(configurer);
 			}
@@ -236,6 +218,20 @@ public abstract class WebSecurityConfigurerAdapter implements WebSecurityConfigu
 		return this.http;
 	}
 
+	private void applyDefaultConfiguration(HttpSecurity http) throws Exception {
+		http.csrf();
+		http.addFilter(new WebAsyncManagerIntegrationFilter());
+		http.exceptionHandling();
+		http.headers();
+		http.sessionManagement();
+		http.securityContext();
+		http.requestCache();
+		http.anonymous();
+		http.servletApi();
+		http.apply(new DefaultLoginPageConfigurer<>());
+		http.logout();
+	}
+
 	/**
 	 * Override this method to expose the {@link AuthenticationManager} from
 	 * {@link #configure(AuthenticationManagerBuilder)} to be exposed as a Bean. For
@@ -315,8 +311,8 @@ public abstract class WebSecurityConfigurerAdapter implements WebSecurityConfigu
 	}
 
 	@Override
-	public void init(final WebSecurity web) throws Exception {
-		final HttpSecurity http = getHttp();
+	public void init(WebSecurity web) throws Exception {
+		HttpSecurity http = getHttp();
 		web.addSecurityFilterChainBuilder(http).postBuildAction(() -> {
 			FilterSecurityInterceptor securityInterceptor = http.getSharedObject(FilterSecurityInterceptor.class);
 			web.securityInterceptor(securityInterceptor);
@@ -354,17 +350,11 @@ public abstract class WebSecurityConfigurerAdapter implements WebSecurityConfigu
 	 * @throws Exception if an error occurs
 	 */
 	protected void configure(HttpSecurity http) throws Exception {
-		this.logger.debug(
-				"Using default configure(HttpSecurity). If subclassed this will potentially override subclass configure(HttpSecurity).");
-
-		// @formatter:off
-		http
-			.authorizeRequests()
-				.anyRequest().authenticated()
-				.and()
-			.formLogin().and()
-			.httpBasic();
-		// @formatter:on
+		this.logger.debug("Using default configure(HttpSecurity). "
+				+ "If subclassed this will potentially override subclass configure(HttpSecurity).");
+		http.authorizeRequests((requests) -> requests.anyRequest().authenticated());
+		http.formLogin();
+		http.httpBasic();
 	}
 
 	/**
@@ -378,14 +368,13 @@ public abstract class WebSecurityConfigurerAdapter implements WebSecurityConfigu
 	@Autowired
 	public void setApplicationContext(ApplicationContext context) {
 		this.context = context;
-
 		ObjectPostProcessor<Object> objectPostProcessor = context.getBean(ObjectPostProcessor.class);
 		LazyPasswordEncoder passwordEncoder = new LazyPasswordEncoder(context);
-
 		this.authenticationBuilder = new DefaultPasswordEncoderAuthenticationManagerBuilder(objectPostProcessor,
 				passwordEncoder);
 		this.localConfigureAuthenticationBldr = new DefaultPasswordEncoderAuthenticationManagerBuilder(
 				objectPostProcessor, passwordEncoder) {
+
 			@Override
 			public AuthenticationManagerBuilder eraseCredentials(boolean eraseCredentials) {
 				WebSecurityConfigurerAdapter.this.authenticationBuilder.eraseCredentials(eraseCredentials);
@@ -398,6 +387,7 @@ public abstract class WebSecurityConfigurerAdapter implements WebSecurityConfigu
 				WebSecurityConfigurerAdapter.this.authenticationBuilder.authenticationEventPublisher(eventPublisher);
 				return super.authenticationEventPublisher(eventPublisher);
 			}
+
 		};
 	}
 
@@ -458,10 +448,8 @@ public abstract class WebSecurityConfigurerAdapter implements WebSecurityConfigu
 		private final Object delegateMonitor = new Object();
 
 		UserDetailsServiceDelegator(List<AuthenticationManagerBuilder> delegateBuilders) {
-			if (delegateBuilders.contains(null)) {
-				throw new IllegalArgumentException(
-						"delegateBuilders cannot contain null values. Got " + delegateBuilders);
-			}
+			Assert.isTrue(!delegateBuilders.contains(null),
+					() -> "delegateBuilders cannot contain null values. Got " + delegateBuilders);
 			this.delegateBuilders = delegateBuilders;
 		}
 
@@ -470,7 +458,6 @@ public abstract class WebSecurityConfigurerAdapter implements WebSecurityConfigu
 			if (this.delegate != null) {
 				return this.delegate.loadUserByUsername(username);
 			}
-
 			synchronized (this.delegateMonitor) {
 				if (this.delegate == null) {
 					for (AuthenticationManagerBuilder delegateBuilder : this.delegateBuilders) {
@@ -479,14 +466,12 @@ public abstract class WebSecurityConfigurerAdapter implements WebSecurityConfigu
 							break;
 						}
 					}
-
 					if (this.delegate == null) {
 						throw new IllegalStateException("UserDetailsService is required.");
 					}
 					this.delegateBuilders = null;
 				}
 			}
-
 			return this.delegate.loadUserByUsername(username);
 		}
 
@@ -524,14 +509,12 @@ public abstract class WebSecurityConfigurerAdapter implements WebSecurityConfigu
 			if (this.delegate != null) {
 				return this.delegate.authenticate(authentication);
 			}
-
 			synchronized (this.delegateMonitor) {
 				if (this.delegate == null) {
 					this.delegate = this.delegateBuilder.getObject();
 					this.delegateBuilder = null;
 				}
 			}
-
 			return this.delegate.authenticate(authentication);
 		}
 
@@ -542,19 +525,18 @@ public abstract class WebSecurityConfigurerAdapter implements WebSecurityConfigu
 		}
 
 		private static void validateBeanCycle(Object auth, Set<String> beanNames) {
-			if (auth != null && !beanNames.isEmpty()) {
-				if (auth instanceof Advised) {
-					Advised advised = (Advised) auth;
-					TargetSource targetSource = advised.getTargetSource();
-					if (targetSource instanceof LazyInitTargetSource) {
-						LazyInitTargetSource lits = (LazyInitTargetSource) targetSource;
-						if (beanNames.contains(lits.getTargetBeanName())) {
-							throw new FatalBeanException(
-									"A dependency cycle was detected when trying to resolve the AuthenticationManager. Please ensure you have configured authentication.");
-						}
-					}
-				}
-				beanNames = Collections.emptySet();
+			if (auth == null || beanNames.isEmpty() || !(auth instanceof Advised)) {
+				return;
+			}
+			TargetSource targetSource = ((Advised) auth).getTargetSource();
+			if (!(targetSource instanceof LazyInitTargetSource)) {
+				return;
+			}
+			LazyInitTargetSource lits = (LazyInitTargetSource) targetSource;
+			if (beanNames.contains(lits.getTargetBeanName())) {
+				throw new FatalBeanException(
+						"A dependency cycle was detected when trying to resolve the AuthenticationManager. "
+								+ "Please ensure you have configured authentication.");
 			}
 		}
 
@@ -634,7 +616,7 @@ public abstract class WebSecurityConfigurerAdapter implements WebSecurityConfigu
 			try {
 				return this.applicationContext.getBean(type);
 			}
-			catch (NoSuchBeanDefinitionException notFound) {
+			catch (NoSuchBeanDefinitionException ex) {
 				return null;
 			}
 		}
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractAuthenticationFilterConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractAuthenticationFilterConfigurer.java
index 4365785385..34cd345311 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractAuthenticationFilterConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractAuthenticationFilterConfigurer.java
@@ -253,15 +253,12 @@ public abstract class AbstractAuthenticationFilterConfigurer<B extends HttpSecur
 		if (contentNegotiationStrategy == null) {
 			contentNegotiationStrategy = new HeaderContentNegotiationStrategy();
 		}
-
 		MediaTypeRequestMatcher mediaMatcher = new MediaTypeRequestMatcher(contentNegotiationStrategy,
 				MediaType.APPLICATION_XHTML_XML, new MediaType("image", "*"), MediaType.TEXT_HTML,
 				MediaType.TEXT_PLAIN);
 		mediaMatcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL));
-
 		RequestMatcher notXRequestedWith = new NegatedRequestMatcher(
 				new RequestHeaderRequestMatcher("X-Requested-With", "XMLHttpRequest"));
-
 		return new AndRequestMatcher(Arrays.asList(notXRequestedWith, mediaMatcher));
 	}
 
@@ -271,12 +268,10 @@ public abstract class AbstractAuthenticationFilterConfigurer<B extends HttpSecur
 		if (portMapper != null) {
 			this.authenticationEntryPoint.setPortMapper(portMapper);
 		}
-
 		RequestCache requestCache = http.getSharedObject(RequestCache.class);
 		if (requestCache != null) {
 			this.defaultSuccessHandler.setRequestCache(requestCache);
 		}
-
 		this.authFilter.setAuthenticationManager(http.getSharedObject(AuthenticationManager.class));
 		this.authFilter.setAuthenticationSuccessHandler(this.successHandler);
 		this.authFilter.setAuthenticationFailureHandler(this.failureHandler);
@@ -383,8 +378,7 @@ public abstract class AbstractAuthenticationFilterConfigurer<B extends HttpSecur
 		if (this.failureHandler == null) {
 			failureUrl(this.loginPage + "?error");
 		}
-
-		final LogoutConfigurer<B> logoutConfigurer = getBuilder().getConfigurer(LogoutConfigurer.class);
+		LogoutConfigurer<B> logoutConfigurer = getBuilder().getConfigurer(LogoutConfigurer.class);
 		if (logoutConfigurer != null && !logoutConfigurer.isCustomLogoutSuccess()) {
 			logoutConfigurer.logoutSuccessUrl(this.loginPage + "?logout");
 		}
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractConfigAttributeRequestMatcherRegistry.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractConfigAttributeRequestMatcherRegistry.java
index 9385feb21e..12b41b5c42 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractConfigAttributeRequestMatcherRegistry.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractConfigAttributeRequestMatcherRegistry.java
@@ -24,6 +24,7 @@ import java.util.List;
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry;
 import org.springframework.security.web.util.matcher.RequestMatcher;
+import org.springframework.util.Assert;
 
 /**
  * A base class for registering {@link RequestMatcher}'s. For example, it might allow for
@@ -102,11 +103,8 @@ public abstract class AbstractConfigAttributeRequestMatcherRegistry<C> extends A
 	 * {@link ConfigAttribute} instances. Cannot be null.
 	 */
 	final LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>> createRequestMap() {
-		if (this.unmappedMatchers != null) {
-			throw new IllegalStateException("An incomplete mapping was found for " + this.unmappedMatchers
-					+ ". Try completing it with something like requestUrls().<something>.hasRole('USER')");
-		}
-
+		Assert.state(this.unmappedMatchers == null, () -> "An incomplete mapping was found for " + this.unmappedMatchers
+				+ ". Try completing it with something like requestUrls().<something>.hasRole('USER')");
 		LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>> requestMap = new LinkedHashMap<>();
 		for (UrlMapping mapping : getUrlMappings()) {
 			RequestMatcher matcher = mapping.getRequestMatcher();
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractHttpConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractHttpConfigurer.java
index 0881921efb..4144d5e840 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractHttpConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractHttpConfigurer.java
@@ -28,7 +28,6 @@ import org.springframework.security.web.DefaultSecurityFilterChain;
  * {@link HttpSecurity}.
  *
  * @author Rob Winch
- *
  */
 public abstract class AbstractHttpConfigurer<T extends AbstractHttpConfigurer<T, B>, B extends HttpSecurityBuilder<B>>
 		extends SecurityConfigurerAdapter<DefaultSecurityFilterChain, B> {
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ChannelSecurityConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ChannelSecurityConfigurer.java
index c798212069..19fc8ae0ca 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ChannelSecurityConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ChannelSecurityConfigurer.java
@@ -105,13 +105,10 @@ public final class ChannelSecurityConfigurer<H extends HttpSecurityBuilder<H>>
 		ChannelDecisionManagerImpl channelDecisionManager = new ChannelDecisionManagerImpl();
 		channelDecisionManager.setChannelProcessors(getChannelProcessors(http));
 		channelDecisionManager = postProcess(channelDecisionManager);
-
 		this.channelFilter.setChannelDecisionManager(channelDecisionManager);
-
 		DefaultFilterInvocationSecurityMetadataSource filterInvocationSecurityMetadataSource = new DefaultFilterInvocationSecurityMetadataSource(
 				this.requestMap);
 		this.channelFilter.setSecurityMetadataSource(filterInvocationSecurityMetadataSource);
-
 		this.channelFilter = postProcess(this.channelFilter);
 		http.addFilter(this.channelFilter);
 	}
@@ -120,28 +117,25 @@ public final class ChannelSecurityConfigurer<H extends HttpSecurityBuilder<H>>
 		if (this.channelProcessors != null) {
 			return this.channelProcessors;
 		}
-
 		InsecureChannelProcessor insecureChannelProcessor = new InsecureChannelProcessor();
 		SecureChannelProcessor secureChannelProcessor = new SecureChannelProcessor();
-
 		PortMapper portMapper = http.getSharedObject(PortMapper.class);
 		if (portMapper != null) {
 			RetryWithHttpEntryPoint httpEntryPoint = new RetryWithHttpEntryPoint();
 			httpEntryPoint.setPortMapper(portMapper);
 			insecureChannelProcessor.setEntryPoint(httpEntryPoint);
-
 			RetryWithHttpsEntryPoint httpsEntryPoint = new RetryWithHttpsEntryPoint();
 			httpsEntryPoint.setPortMapper(portMapper);
 			secureChannelProcessor.setEntryPoint(httpsEntryPoint);
 		}
 		insecureChannelProcessor = postProcess(insecureChannelProcessor);
 		secureChannelProcessor = postProcess(secureChannelProcessor);
-		return Arrays.<ChannelProcessor>asList(insecureChannelProcessor, secureChannelProcessor);
+		return Arrays.asList(insecureChannelProcessor, secureChannelProcessor);
 	}
 
 	private ChannelRequestMatcherRegistry addAttribute(String attribute, List<? extends RequestMatcher> matchers) {
 		for (RequestMatcher matcher : matchers) {
-			Collection<ConfigAttribute> attrs = Arrays.<ConfigAttribute>asList(new SecurityConfig(attribute));
+			Collection<ConfigAttribute> attrs = Arrays.asList(new SecurityConfig(attribute));
 			this.requestMap.put(matcher, attrs);
 		}
 		return this.REGISTRY;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/CorsConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/CorsConfigurer.java
index 1e107cd659..f4002d799b 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/CorsConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/CorsConfigurer.java
@@ -20,6 +20,7 @@ import org.springframework.beans.factory.NoSuchBeanDefinitionException;
 import org.springframework.context.ApplicationContext;
 import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.util.Assert;
 import org.springframework.util.ClassUtils;
 import org.springframework.web.cors.CorsConfiguration;
 import org.springframework.web.cors.CorsConfigurationSource;
@@ -63,12 +64,9 @@ public class CorsConfigurer<H extends HttpSecurityBuilder<H>> extends AbstractHt
 	@Override
 	public void configure(H http) {
 		ApplicationContext context = http.getSharedObject(ApplicationContext.class);
-
 		CorsFilter corsFilter = getCorsFilter(context);
-		if (corsFilter == null) {
-			throw new IllegalStateException("Please configure either a " + CORS_FILTER_BEAN_NAME + " bean or a "
-					+ CORS_CONFIGURATION_SOURCE_BEAN_NAME + "bean.");
-		}
+		Assert.state(corsFilter != null, () -> "Please configure either a " + CORS_FILTER_BEAN_NAME + " bean or a "
+				+ CORS_CONFIGURATION_SOURCE_BEAN_NAME + "bean.");
 		http.addFilter(corsFilter);
 	}
 
@@ -76,19 +74,16 @@ public class CorsConfigurer<H extends HttpSecurityBuilder<H>> extends AbstractHt
 		if (this.configurationSource != null) {
 			return new CorsFilter(this.configurationSource);
 		}
-
 		boolean containsCorsFilter = context.containsBeanDefinition(CORS_FILTER_BEAN_NAME);
 		if (containsCorsFilter) {
 			return context.getBean(CORS_FILTER_BEAN_NAME, CorsFilter.class);
 		}
-
 		boolean containsCorsSource = context.containsBean(CORS_CONFIGURATION_SOURCE_BEAN_NAME);
 		if (containsCorsSource) {
 			CorsConfigurationSource configurationSource = context.getBean(CORS_CONFIGURATION_SOURCE_BEAN_NAME,
 					CorsConfigurationSource.class);
 			return new CorsFilter(configurationSource);
 		}
-
 		boolean mvcPresent = ClassUtils.isPresent(HANDLER_MAPPING_INTROSPECTOR, context.getClassLoader());
 		if (mvcPresent) {
 			return MvcCorsFilter.getMvcCorsFilter(context);
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurer.java
index 6ead1c38c4..4e33f4bc7e 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurer.java
@@ -289,7 +289,6 @@ public final class CsrfConfigurer<H extends HttpSecurityBuilder<H>>
 		if (invalidSessionStrategy == null) {
 			return defaultAccessDeniedHandler;
 		}
-
 		InvalidSessionAccessDeniedHandler invalidSessionDeniedHandler = new InvalidSessionAccessDeniedHandler(
 				invalidSessionStrategy);
 		LinkedHashMap<Class<? extends AccessDeniedException>, AccessDeniedHandler> handlers = new LinkedHashMap<>();
@@ -307,9 +306,7 @@ public final class CsrfConfigurer<H extends HttpSecurityBuilder<H>>
 		if (this.sessionAuthenticationStrategy != null) {
 			return this.sessionAuthenticationStrategy;
 		}
-		else {
-			return new CsrfAuthenticationStrategy(this.csrfTokenRepository);
-		}
+		return new CsrfAuthenticationStrategy(this.csrfTokenRepository);
 	}
 
 	/**
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/DefaultLoginPageConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/DefaultLoginPageConfigurer.java
index 315e27a806..bf144dc56c 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/DefaultLoginPageConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/DefaultLoginPageConfigurer.java
@@ -18,7 +18,6 @@ package org.springframework.security.config.annotation.web.configurers;
 
 import java.util.Collections;
 import java.util.Map;
-import java.util.function.Function;
 
 import javax.servlet.http.HttpServletRequest;
 
@@ -76,18 +75,17 @@ public final class DefaultLoginPageConfigurer<H extends HttpSecurityBuilder<H>>
 
 	@Override
 	public void init(H http) {
-		Function<HttpServletRequest, Map<String, String>> hiddenInputs = (request) -> {
-			CsrfToken token = (CsrfToken) request.getAttribute(CsrfToken.class.getName());
-			if (token == null) {
-				return Collections.emptyMap();
-			}
-			return Collections.singletonMap(token.getParameterName(), token.getToken());
-		};
-		this.loginPageGeneratingFilter.setResolveHiddenInputs(hiddenInputs);
-		this.logoutPageGeneratingFilter.setResolveHiddenInputs(hiddenInputs);
+		this.loginPageGeneratingFilter.setResolveHiddenInputs(DefaultLoginPageConfigurer.this::hiddenInputs);
+		this.logoutPageGeneratingFilter.setResolveHiddenInputs(DefaultLoginPageConfigurer.this::hiddenInputs);
 		http.setSharedObject(DefaultLoginPageGeneratingFilter.class, this.loginPageGeneratingFilter);
 	}
 
+	private Map<String, String> hiddenInputs(HttpServletRequest request) {
+		CsrfToken token = (CsrfToken) request.getAttribute(CsrfToken.class.getName());
+		return (token != null) ? Collections.singletonMap(token.getParameterName(), token.getToken())
+				: Collections.emptyMap();
+	}
+
 	@Override
 	@SuppressWarnings("unchecked")
 	public void configure(H http) {
@@ -96,7 +94,6 @@ public final class DefaultLoginPageConfigurer<H extends HttpSecurityBuilder<H>>
 		if (exceptionConf != null) {
 			authenticationEntryPoint = exceptionConf.getAuthenticationEntryPoint();
 		}
-
 		if (this.loginPageGeneratingFilter.isEnabled() && authenticationEntryPoint == null) {
 			this.loginPageGeneratingFilter = postProcess(this.loginPageGeneratingFilter);
 			http.addFilter(this.loginPageGeneratingFilter);
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurer.java
index bcdf904d70..949b833da4 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurer.java
@@ -139,44 +139,40 @@ public final class ExpressionUrlAuthorizationConfigurer<H extends HttpSecurityBu
 	@Override
 	ExpressionBasedFilterInvocationSecurityMetadataSource createMetadataSource(H http) {
 		LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>> requestMap = this.REGISTRY.createRequestMap();
-		if (requestMap.isEmpty()) {
-			throw new IllegalStateException(
-					"At least one mapping is required (i.e. authorizeRequests().anyRequest().authenticated())");
-		}
+		Assert.state(!requestMap.isEmpty(),
+				"At least one mapping is required (i.e. authorizeRequests().anyRequest().authenticated())");
 		return new ExpressionBasedFilterInvocationSecurityMetadataSource(requestMap, getExpressionHandler(http));
 	}
 
 	private SecurityExpressionHandler<FilterInvocation> getExpressionHandler(H http) {
-		if (this.expressionHandler == null) {
-			DefaultWebSecurityExpressionHandler defaultHandler = new DefaultWebSecurityExpressionHandler();
-			AuthenticationTrustResolver trustResolver = http.getSharedObject(AuthenticationTrustResolver.class);
-			if (trustResolver != null) {
-				defaultHandler.setTrustResolver(trustResolver);
-			}
-			ApplicationContext context = http.getSharedObject(ApplicationContext.class);
-			if (context != null) {
-				String[] roleHiearchyBeanNames = context.getBeanNamesForType(RoleHierarchy.class);
-				if (roleHiearchyBeanNames.length == 1) {
-					defaultHandler.setRoleHierarchy(context.getBean(roleHiearchyBeanNames[0], RoleHierarchy.class));
-				}
-				String[] grantedAuthorityDefaultsBeanNames = context
-						.getBeanNamesForType(GrantedAuthorityDefaults.class);
-				if (grantedAuthorityDefaultsBeanNames.length == 1) {
-					GrantedAuthorityDefaults grantedAuthorityDefaults = context
-							.getBean(grantedAuthorityDefaultsBeanNames[0], GrantedAuthorityDefaults.class);
-					defaultHandler.setDefaultRolePrefix(grantedAuthorityDefaults.getRolePrefix());
-				}
-				String[] permissionEvaluatorBeanNames = context.getBeanNamesForType(PermissionEvaluator.class);
-				if (permissionEvaluatorBeanNames.length == 1) {
-					PermissionEvaluator permissionEvaluator = context.getBean(permissionEvaluatorBeanNames[0],
-							PermissionEvaluator.class);
-					defaultHandler.setPermissionEvaluator(permissionEvaluator);
-				}
-			}
-
-			this.expressionHandler = postProcess(defaultHandler);
+		if (this.expressionHandler != null) {
+			return this.expressionHandler;
 		}
-
+		DefaultWebSecurityExpressionHandler defaultHandler = new DefaultWebSecurityExpressionHandler();
+		AuthenticationTrustResolver trustResolver = http.getSharedObject(AuthenticationTrustResolver.class);
+		if (trustResolver != null) {
+			defaultHandler.setTrustResolver(trustResolver);
+		}
+		ApplicationContext context = http.getSharedObject(ApplicationContext.class);
+		if (context != null) {
+			String[] roleHiearchyBeanNames = context.getBeanNamesForType(RoleHierarchy.class);
+			if (roleHiearchyBeanNames.length == 1) {
+				defaultHandler.setRoleHierarchy(context.getBean(roleHiearchyBeanNames[0], RoleHierarchy.class));
+			}
+			String[] grantedAuthorityDefaultsBeanNames = context.getBeanNamesForType(GrantedAuthorityDefaults.class);
+			if (grantedAuthorityDefaultsBeanNames.length == 1) {
+				GrantedAuthorityDefaults grantedAuthorityDefaults = context
+						.getBean(grantedAuthorityDefaultsBeanNames[0], GrantedAuthorityDefaults.class);
+				defaultHandler.setDefaultRolePrefix(grantedAuthorityDefaults.getRolePrefix());
+			}
+			String[] permissionEvaluatorBeanNames = context.getBeanNamesForType(PermissionEvaluator.class);
+			if (permissionEvaluatorBeanNames.length == 1) {
+				PermissionEvaluator permissionEvaluator = context.getBean(permissionEvaluatorBeanNames[0],
+						PermissionEvaluator.class);
+				defaultHandler.setPermissionEvaluator(permissionEvaluator);
+			}
+		}
+		this.expressionHandler = postProcess(defaultHandler);
 		return this.expressionHandler;
 	}
 
@@ -187,10 +183,8 @@ public final class ExpressionUrlAuthorizationConfigurer<H extends HttpSecurityBu
 
 	private static String hasRole(String role) {
 		Assert.notNull(role, "role cannot be null");
-		if (role.startsWith("ROLE_")) {
-			throw new IllegalArgumentException(
-					"role should not start with 'ROLE_' since it is automatically inserted. Got '" + role + "'");
-		}
+		Assert.isTrue(!role.startsWith("ROLE_"),
+				() -> "role should not start with 'ROLE_' since it is automatically inserted. Got '" + role + "'");
 		return "hasRole('ROLE_" + role + "')";
 	}
 
@@ -210,9 +204,6 @@ public final class ExpressionUrlAuthorizationConfigurer<H extends HttpSecurityBu
 	public final class ExpressionInterceptUrlRegistry extends
 			ExpressionUrlAuthorizationConfigurer<H>.AbstractInterceptUrlRegistry<ExpressionInterceptUrlRegistry, AuthorizedUrl> {
 
-		/**
-		 * @param context
-		 */
 		private ExpressionInterceptUrlRegistry(ApplicationContext context) {
 			setApplicationContext(context);
 		}
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurer.java
index 0ed6cc1ca3..9d007ec7fa 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurer.java
@@ -329,7 +329,6 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 			Customizer<ContentSecurityPolicyConfig> contentSecurityCustomizer) {
 		this.contentSecurityPolicy.writer = new ContentSecurityPolicyHeaderWriter();
 		contentSecurityCustomizer.customize(this.contentSecurityPolicy);
-
 		return HeadersConfigurer.this;
 	}
 
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HttpBasicConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HttpBasicConfigurer.java
index e4f58325de..e45bb31a06 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HttpBasicConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HttpBasicConfigurer.java
@@ -97,10 +97,8 @@ public final class HttpBasicConfigurer<B extends HttpSecurityBuilder<B>>
 	 */
 	public HttpBasicConfigurer() {
 		realmName(DEFAULT_REALM);
-
 		LinkedHashMap<RequestMatcher, AuthenticationEntryPoint> entryPoints = new LinkedHashMap<>();
 		entryPoints.put(X_REQUESTED_WITH, new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED));
-
 		DelegatingAuthenticationEntryPoint defaultEntryPoint = new DelegatingAuthenticationEntryPoint(entryPoints);
 		defaultEntryPoint.setDefaultEntryPoint(this.basicAuthEntryPoint);
 		this.authenticationEntryPoint = defaultEntryPoint;
@@ -154,24 +152,19 @@ public final class HttpBasicConfigurer<B extends HttpSecurityBuilder<B>>
 		if (contentNegotiationStrategy == null) {
 			contentNegotiationStrategy = new HeaderContentNegotiationStrategy();
 		}
-
 		MediaTypeRequestMatcher restMatcher = new MediaTypeRequestMatcher(contentNegotiationStrategy,
 				MediaType.APPLICATION_ATOM_XML, MediaType.APPLICATION_FORM_URLENCODED, MediaType.APPLICATION_JSON,
 				MediaType.APPLICATION_OCTET_STREAM, MediaType.APPLICATION_XML, MediaType.MULTIPART_FORM_DATA,
 				MediaType.TEXT_XML);
 		restMatcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL));
-
 		MediaTypeRequestMatcher allMatcher = new MediaTypeRequestMatcher(contentNegotiationStrategy, MediaType.ALL);
 		allMatcher.setUseEquals(true);
-
 		RequestMatcher notHtmlMatcher = new NegatedRequestMatcher(
 				new MediaTypeRequestMatcher(contentNegotiationStrategy, MediaType.TEXT_HTML));
 		RequestMatcher restNotHtmlMatcher = new AndRequestMatcher(
 				Arrays.<RequestMatcher>asList(notHtmlMatcher, restMatcher));
-
 		RequestMatcher preferredMatcher = new OrRequestMatcher(
 				Arrays.asList(X_REQUESTED_WITH, restNotHtmlMatcher, allMatcher));
-
 		registerDefaultEntryPoint(http, preferredMatcher);
 		registerDefaultLogoutSuccessHandler(http, preferredMatcher);
 	}
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/JeeConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/JeeConfigurer.java
index 30928d0b24..bbd91f045c 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/JeeConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/JeeConfigurer.java
@@ -192,12 +192,8 @@ public final class JeeConfigurer<H extends HttpSecurityBuilder<H>> extends Abstr
 		PreAuthenticatedAuthenticationProvider authenticationProvider = new PreAuthenticatedAuthenticationProvider();
 		authenticationProvider.setPreAuthenticatedUserDetailsService(getUserDetailsService());
 		authenticationProvider = postProcess(authenticationProvider);
-
-		// @formatter:off
-		http
-			.authenticationProvider(authenticationProvider)
-			.setSharedObject(AuthenticationEntryPoint.class, new Http403ForbiddenEntryPoint());
-		// @formatter:on
+		http.authenticationProvider(authenticationProvider).setSharedObject(AuthenticationEntryPoint.class,
+				new Http403ForbiddenEntryPoint());
 	}
 
 	@Override
@@ -245,7 +241,6 @@ public final class JeeConfigurer<H extends HttpSecurityBuilder<H>> extends Abstr
 		SimpleMappableAttributesRetriever rolesRetriever = new SimpleMappableAttributesRetriever();
 		rolesRetriever.setMappableAttributes(this.mappableRoles);
 		detailsSource.setMappableRolesRetriever(rolesRetriever);
-
 		detailsSource = postProcess(detailsSource);
 		return detailsSource;
 	}
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurer.java
index 2567c4c3a5..a86d8339dc 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurer.java
@@ -276,7 +276,6 @@ public final class LogoutConfigurer<H extends HttpSecurityBuilder<H>>
 			PermitAllSupport.permitAll(http, this.logoutSuccessUrl);
 			PermitAllSupport.permitAll(http, this.getLogoutRequestMatcher(http));
 		}
-
 		DefaultLoginPageGeneratingFilter loginPageGeneratingFilter = http
 				.getSharedObject(DefaultLoginPageGeneratingFilter.class);
 		if (loginPageGeneratingFilter != null && !isCustomLogoutSuccess()) {
@@ -334,20 +333,28 @@ public final class LogoutConfigurer<H extends HttpSecurityBuilder<H>>
 		return result;
 	}
 
-	@SuppressWarnings("unchecked")
 	private RequestMatcher getLogoutRequestMatcher(H http) {
 		if (this.logoutRequestMatcher != null) {
 			return this.logoutRequestMatcher;
 		}
-		if (http.getConfigurer(CsrfConfigurer.class) != null) {
-			this.logoutRequestMatcher = new AntPathRequestMatcher(this.logoutUrl, "POST");
-		}
-		else {
-			this.logoutRequestMatcher = new OrRequestMatcher(new AntPathRequestMatcher(this.logoutUrl, "GET"),
-					new AntPathRequestMatcher(this.logoutUrl, "POST"), new AntPathRequestMatcher(this.logoutUrl, "PUT"),
-					new AntPathRequestMatcher(this.logoutUrl, "DELETE"));
-		}
+		this.logoutRequestMatcher = createLogoutRequestMatcher(http);
 		return this.logoutRequestMatcher;
 	}
 
+	@SuppressWarnings("unchecked")
+	private RequestMatcher createLogoutRequestMatcher(H http) {
+		RequestMatcher post = createLogoutRequestMatcher("POST");
+		if (http.getConfigurer(CsrfConfigurer.class) != null) {
+			return post;
+		}
+		RequestMatcher get = createLogoutRequestMatcher("GET");
+		RequestMatcher put = createLogoutRequestMatcher("PUT");
+		RequestMatcher delete = createLogoutRequestMatcher("DELETE");
+		return new OrRequestMatcher(get, post, put, delete);
+	}
+
+	private RequestMatcher createLogoutRequestMatcher(String httpMethod) {
+		return new AntPathRequestMatcher(this.logoutUrl, httpMethod);
+	}
+
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/PermitAllSupport.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/PermitAllSupport.java
index c1c9152954..3af0eba172 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/PermitAllSupport.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/PermitAllSupport.java
@@ -22,6 +22,7 @@ import org.springframework.security.access.SecurityConfig;
 import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
 import org.springframework.security.config.annotation.web.configurers.AbstractConfigAttributeRequestMatcherRegistry.UrlMapping;
 import org.springframework.security.web.util.matcher.RequestMatcher;
+import org.springframework.util.Assert;
 
 /**
  * Configures non-null URL's to grant access to every URL
@@ -47,11 +48,7 @@ final class PermitAllSupport {
 			RequestMatcher... requestMatchers) {
 		ExpressionUrlAuthorizationConfigurer<?> configurer = http
 				.getConfigurer(ExpressionUrlAuthorizationConfigurer.class);
-
-		if (configurer == null) {
-			throw new IllegalStateException("permitAll only works with HttpSecurity.authorizeRequests()");
-		}
-
+		Assert.state(configurer != null, "permitAll only works with HttpSecurity.authorizeRequests()");
 		for (RequestMatcher matcher : requestMatchers) {
 			if (matcher != null) {
 				configurer.getRegistry().addMapping(0, new UrlMapping(matcher,
@@ -72,15 +69,12 @@ final class PermitAllSupport {
 		public boolean matches(HttpServletRequest request) {
 			String uri = request.getRequestURI();
 			String query = request.getQueryString();
-
 			if (query != null) {
 				uri += "?" + query;
 			}
-
 			if ("".equals(request.getContextPath())) {
 				return uri.equals(this.processUrl);
 			}
-
 			return uri.equals(request.getContextPath() + this.processUrl);
 		}
 
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurer.java
index 1c54f5e440..d6d352995d 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurer.java
@@ -35,6 +35,7 @@ import org.springframework.security.web.authentication.rememberme.PersistentToke
 import org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter;
 import org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices;
 import org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter;
+import org.springframework.util.Assert;
 
 /**
  * Configures Remember Me authentication. This typically involves the user checking a box
@@ -275,11 +276,9 @@ public final class RememberMeConfigurer<H extends HttpSecurityBuilder<H>>
 		if (logoutConfigurer != null && this.logoutHandler != null) {
 			logoutConfigurer.addLogoutHandler(this.logoutHandler);
 		}
-
 		RememberMeAuthenticationProvider authenticationProvider = new RememberMeAuthenticationProvider(key);
 		authenticationProvider = postProcess(authenticationProvider);
 		http.authenticationProvider(authenticationProvider);
-
 		initDefaultLoginFilter(http);
 	}
 
@@ -299,8 +298,8 @@ public final class RememberMeConfigurer<H extends HttpSecurityBuilder<H>>
 	 * time.
 	 */
 	private void validateInput() {
-		if (this.rememberMeServices != null && this.rememberMeCookieName != DEFAULT_REMEMBER_ME_NAME) {
-			throw new IllegalArgumentException("Can not set rememberMeCookieName " + "and custom rememberMeServices.");
+		if (this.rememberMeServices != null && !DEFAULT_REMEMBER_ME_NAME.equals(this.rememberMeCookieName)) {
+			throw new IllegalArgumentException("Can not set rememberMeCookieName and custom rememberMeServices.");
 		}
 	}
 
@@ -406,11 +405,9 @@ public final class RememberMeConfigurer<H extends HttpSecurityBuilder<H>>
 		if (this.userDetailsService == null) {
 			this.userDetailsService = http.getSharedObject(UserDetailsService.class);
 		}
-		if (this.userDetailsService == null) {
-			throw new IllegalStateException(
-					"userDetailsService cannot be null. Invoke " + RememberMeConfigurer.class.getSimpleName()
-							+ "#userDetailsService(UserDetailsService) or see its javadoc for alternative approaches.");
-		}
+		Assert.state(this.userDetailsService != null,
+				() -> "userDetailsService cannot be null. Invoke " + RememberMeConfigurer.class.getSimpleName()
+						+ "#userDetailsService(UserDetailsService) or see its javadoc for alternative approaches.");
 		return this.userDetailsService;
 	}
 
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/RequestCacheConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/RequestCacheConfigurer.java
index fcd5711e0e..e7eae3f283 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/RequestCacheConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/RequestCacheConfigurer.java
@@ -145,12 +145,9 @@ public final class RequestCacheConfigurer<H extends HttpSecurityBuilder<H>>
 	@SuppressWarnings("unchecked")
 	private RequestMatcher createDefaultSavedRequestMatcher(H http) {
 		RequestMatcher notFavIcon = new NegatedRequestMatcher(new AntPathRequestMatcher("/**/favicon.*"));
-
 		RequestMatcher notXRequestedWith = new NegatedRequestMatcher(
 				new RequestHeaderRequestMatcher("X-Requested-With", "XMLHttpRequest"));
-
 		boolean isCsrfEnabled = http.getConfigurer(CsrfConfigurer.class) != null;
-
 		List<RequestMatcher> matchers = new ArrayList<>();
 		if (isCsrfEnabled) {
 			RequestMatcher getRequests = new AntPathRequestMatcher("/**", "GET");
@@ -161,7 +158,6 @@ public final class RequestCacheConfigurer<H extends HttpSecurityBuilder<H>>
 		matchers.add(notXRequestedWith);
 		matchers.add(notMatchingMediaType(http, MediaType.MULTIPART_FORM_DATA));
 		matchers.add(notMatchingMediaType(http, MediaType.TEXT_EVENT_STREAM));
-
 		return new AndRequestMatcher(matchers);
 	}
 
@@ -170,7 +166,6 @@ public final class RequestCacheConfigurer<H extends HttpSecurityBuilder<H>>
 		if (contentNegotiationStrategy == null) {
 			contentNegotiationStrategy = new HeaderContentNegotiationStrategy();
 		}
-
 		MediaTypeRequestMatcher mediaRequest = new MediaTypeRequestMatcher(contentNegotiationStrategy, mediaType);
 		mediaRequest.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL));
 		return new NegatedRequestMatcher(mediaRequest);
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/SecurityContextConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/SecurityContextConfigurer.java
index acd06c1221..2139961a00 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/SecurityContextConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/SecurityContextConfigurer.java
@@ -82,7 +82,6 @@ public final class SecurityContextConfigurer<H extends HttpSecurityBuilder<H>>
 	@Override
 	@SuppressWarnings("unchecked")
 	public void configure(H http) {
-
 		SecurityContextRepository securityContextRepository = http.getSharedObject(SecurityContextRepository.class);
 		if (securityContextRepository == null) {
 			securityContextRepository = new HttpSessionSecurityContextRepository();
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurer.java
index 59146667e4..86b9cc0275 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurer.java
@@ -316,7 +316,6 @@ public final class SessionManagementConfigurer<H extends HttpSecurityBuilder<H>>
 	public void init(H http) {
 		SecurityContextRepository securityContextRepository = http.getSharedObject(SecurityContextRepository.class);
 		boolean stateless = isStateless();
-
 		if (securityContextRepository == null) {
 			if (stateless) {
 				http.setSharedObject(SecurityContextRepository.class, new NullSecurityContextRepository());
@@ -332,7 +331,6 @@ public final class SessionManagementConfigurer<H extends HttpSecurityBuilder<H>>
 				http.setSharedObject(SecurityContextRepository.class, httpSecurityRepository);
 			}
 		}
-
 		RequestCache requestCache = http.getSharedObject(RequestCache.class);
 		if (requestCache == null) {
 			if (stateless) {
@@ -365,7 +363,6 @@ public final class SessionManagementConfigurer<H extends HttpSecurityBuilder<H>>
 			sessionManagementFilter.setTrustResolver(trustResolver);
 		}
 		sessionManagementFilter = postProcess(sessionManagementFilter);
-
 		http.addFilter(sessionManagementFilter);
 		if (isConcurrentSessionControlEnabled()) {
 			ConcurrentSessionFilter concurrentSessionFilter = createConcurrencyFilter(http);
@@ -378,13 +375,9 @@ public final class SessionManagementConfigurer<H extends HttpSecurityBuilder<H>>
 	private ConcurrentSessionFilter createConcurrencyFilter(H http) {
 		SessionInformationExpiredStrategy expireStrategy = getExpiredSessionStrategy();
 		SessionRegistry sessionRegistry = getSessionRegistry(http);
-		ConcurrentSessionFilter concurrentSessionFilter;
-		if (expireStrategy == null) {
-			concurrentSessionFilter = new ConcurrentSessionFilter(sessionRegistry);
-		}
-		else {
-			concurrentSessionFilter = new ConcurrentSessionFilter(sessionRegistry, expireStrategy);
-		}
+		ConcurrentSessionFilter concurrentSessionFilter = (expireStrategy != null)
+				? new ConcurrentSessionFilter(sessionRegistry, expireStrategy)
+				: new ConcurrentSessionFilter(sessionRegistry);
 		LogoutConfigurer<H> logoutConfigurer = http.getConfigurer(LogoutConfigurer.class);
 		if (logoutConfigurer != null) {
 			List<LogoutHandler> logoutHandlers = logoutConfigurer.getLogoutHandlers();
@@ -405,11 +398,9 @@ public final class SessionManagementConfigurer<H extends HttpSecurityBuilder<H>>
 		if (this.invalidSessionStrategy != null) {
 			return this.invalidSessionStrategy;
 		}
-
 		if (this.invalidSessionUrl == null) {
 			return null;
 		}
-
 		this.invalidSessionStrategy = new SimpleRedirectInvalidSessionStrategy(this.invalidSessionUrl);
 		return this.invalidSessionStrategy;
 	}
@@ -418,11 +409,9 @@ public final class SessionManagementConfigurer<H extends HttpSecurityBuilder<H>>
 		if (this.expiredSessionStrategy != null) {
 			return this.expiredSessionStrategy;
 		}
-
 		if (this.expiredUrl == null) {
 			return null;
 		}
-
 		this.expiredSessionStrategy = new SimpleRedirectSessionInformationExpiredStrategy(this.expiredUrl);
 		return this.expiredSessionStrategy;
 	}
@@ -431,11 +420,9 @@ public final class SessionManagementConfigurer<H extends HttpSecurityBuilder<H>>
 		if (this.sessionAuthenticationFailureHandler != null) {
 			return this.sessionAuthenticationFailureHandler;
 		}
-
 		if (this.sessionAuthenticationErrorUrl == null) {
 			return null;
 		}
-
 		this.sessionAuthenticationFailureHandler = new SimpleUrlAuthenticationFailureHandler(
 				this.sessionAuthenticationErrorUrl);
 		return this.sessionAuthenticationFailureHandler;
@@ -449,7 +436,6 @@ public final class SessionManagementConfigurer<H extends HttpSecurityBuilder<H>>
 		if (this.sessionPolicy != null) {
 			return this.sessionPolicy;
 		}
-
 		SessionCreationPolicy sessionPolicy = getBuilder().getSharedObject(SessionCreationPolicy.class);
 		return (sessionPolicy != null) ? sessionPolicy : SessionCreationPolicy.IF_REQUIRED;
 	}
@@ -628,6 +614,9 @@ public final class SessionManagementConfigurer<H extends HttpSecurityBuilder<H>>
 	 */
 	public final class ConcurrencyControlConfigurer {
 
+		private ConcurrencyControlConfigurer() {
+		}
+
 		/**
 		 * Controls the maximum number of sessions for a user. The default is to allow any
 		 * number of users.
@@ -699,9 +688,6 @@ public final class SessionManagementConfigurer<H extends HttpSecurityBuilder<H>>
 			return SessionManagementConfigurer.this;
 		}
 
-		private ConcurrencyControlConfigurer() {
-		}
-
 	}
 
 }
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationConfigurer.java
index 210eb8922a..4dd72aa947 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationConfigurer.java
@@ -89,10 +89,10 @@ import org.springframework.util.Assert;
 public final class UrlAuthorizationConfigurer<H extends HttpSecurityBuilder<H>>
 		extends AbstractInterceptUrlConfigurer<UrlAuthorizationConfigurer<H>, H> {
 
-	private final StandardInterceptUrlRegistry REGISTRY;
+	private final StandardInterceptUrlRegistry registry;
 
 	public UrlAuthorizationConfigurer(ApplicationContext context) {
-		this.REGISTRY = new StandardInterceptUrlRegistry(context);
+		this.registry = new StandardInterceptUrlRegistry(context);
 	}
 
 	/**
@@ -101,7 +101,7 @@ public final class UrlAuthorizationConfigurer<H extends HttpSecurityBuilder<H>>
 	 * @return the {@link ExpressionUrlAuthorizationConfigurer} for further customizations
 	 */
 	public StandardInterceptUrlRegistry getRegistry() {
-		return this.REGISTRY;
+		return this.registry;
 	}
 
 	/**
@@ -136,7 +136,7 @@ public final class UrlAuthorizationConfigurer<H extends HttpSecurityBuilder<H>>
 	 */
 	@Override
 	FilterInvocationSecurityMetadataSource createMetadataSource(H http) {
-		return new DefaultFilterInvocationSecurityMetadataSource(this.REGISTRY.createRequestMap());
+		return new DefaultFilterInvocationSecurityMetadataSource(this.registry.createRequestMap());
 	}
 
 	/**
@@ -151,10 +151,10 @@ public final class UrlAuthorizationConfigurer<H extends HttpSecurityBuilder<H>>
 	private StandardInterceptUrlRegistry addMapping(Iterable<? extends RequestMatcher> requestMatchers,
 			Collection<ConfigAttribute> configAttributes) {
 		for (RequestMatcher requestMatcher : requestMatchers) {
-			this.REGISTRY.addMapping(
+			this.registry.addMapping(
 					new AbstractConfigAttributeRequestMatcherRegistry.UrlMapping(requestMatcher, configAttributes));
 		}
-		return this.REGISTRY;
+		return this.registry;
 	}
 
 	/**
@@ -196,9 +196,6 @@ public final class UrlAuthorizationConfigurer<H extends HttpSecurityBuilder<H>>
 	public final class StandardInterceptUrlRegistry extends
 			ExpressionUrlAuthorizationConfigurer<H>.AbstractInterceptUrlRegistry<StandardInterceptUrlRegistry, AuthorizedUrl> {
 
-		/**
-		 * @param context
-		 */
 		private StandardInterceptUrlRegistry(ApplicationContext context) {
 			setApplicationContext(context);
 		}
@@ -337,7 +334,7 @@ public final class UrlAuthorizationConfigurer<H extends HttpSecurityBuilder<H>>
 		 */
 		public StandardInterceptUrlRegistry access(String... attributes) {
 			addMapping(this.requestMatchers, SecurityConfig.createList(attributes));
-			return UrlAuthorizationConfigurer.this.REGISTRY;
+			return UrlAuthorizationConfigurer.this.registry;
 		}
 
 		protected List<? extends RequestMatcher> getMatchers() {
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/X509Configurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/X509Configurer.java
index 7e8c85bfcc..93e1b09250 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/X509Configurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/X509Configurer.java
@@ -171,12 +171,8 @@ public final class X509Configurer<H extends HttpSecurityBuilder<H>>
 	public void init(H http) {
 		PreAuthenticatedAuthenticationProvider authenticationProvider = new PreAuthenticatedAuthenticationProvider();
 		authenticationProvider.setPreAuthenticatedUserDetailsService(getAuthenticationUserDetailsService(http));
-
-		// @formatter:off
-		http
-			.authenticationProvider(authenticationProvider)
-			.setSharedObject(AuthenticationEntryPoint.class, new Http403ForbiddenEntryPoint());
-		// @formatter:on
+		http.authenticationProvider(authenticationProvider).setSharedObject(AuthenticationEntryPoint.class,
+				new Http403ForbiddenEntryPoint());
 	}
 
 	@Override
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurer.java
index 1c66412689..a8447e7d14 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurer.java
@@ -197,7 +197,6 @@ public final class OAuth2ClientConfigurer<B extends HttpSecurityBuilder<B>>
 		 */
 		public AuthorizationCodeGrantConfigurer authorizationRequestRepository(
 				AuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository) {
-
 			Assert.notNull(authorizationRequestRepository, "authorizationRequestRepository cannot be null");
 			this.authorizationRequestRepository = authorizationRequestRepository;
 			return this;
@@ -212,7 +211,6 @@ public final class OAuth2ClientConfigurer<B extends HttpSecurityBuilder<B>>
 		 */
 		public AuthorizationCodeGrantConfigurer accessTokenResponseClient(
 				OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient) {
-
 			Assert.notNull(accessTokenResponseClient, "accessTokenResponseClient cannot be null");
 			this.accessTokenResponseClient = accessTokenResponseClient;
 			return this;
@@ -245,7 +243,6 @@ public final class OAuth2ClientConfigurer<B extends HttpSecurityBuilder<B>>
 			OAuth2AuthorizationRequestResolver resolver = getAuthorizationRequestResolver();
 			OAuth2AuthorizationRequestRedirectFilter authorizationRequestRedirectFilter = new OAuth2AuthorizationRequestRedirectFilter(
 					resolver);
-
 			if (this.authorizationRequestRepository != null) {
 				authorizationRequestRedirectFilter
 						.setAuthorizationRequestRepository(this.authorizationRequestRepository);
@@ -272,7 +269,6 @@ public final class OAuth2ClientConfigurer<B extends HttpSecurityBuilder<B>>
 			OAuth2AuthorizationCodeGrantFilter authorizationCodeGrantFilter = new OAuth2AuthorizationCodeGrantFilter(
 					OAuth2ClientConfigurerUtils.getClientRegistrationRepository(builder),
 					OAuth2ClientConfigurerUtils.getAuthorizedClientRepository(builder), authenticationManager);
-
 			if (this.authorizationRequestRepository != null) {
 				authorizationCodeGrantFilter.setAuthorizationRequestRepository(this.authorizationRequestRepository);
 			}
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java
index bab025eff0..a7e0cc46cb 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java
@@ -291,7 +291,6 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>
 				OAuth2ClientConfigurerUtils.getAuthorizedClientRepository(this.getBuilder()), this.loginProcessingUrl);
 		this.setAuthenticationFilter(authenticationFilter);
 		super.loginProcessingUrl(this.loginProcessingUrl);
-
 		if (this.loginPage != null) {
 			// Set custom login page
 			super.loginPage(this.loginPage);
@@ -311,12 +310,10 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>
 				super.init(http);
 			}
 		}
-
 		OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient = this.tokenEndpointConfig.accessTokenResponseClient;
 		if (accessTokenResponseClient == null) {
 			accessTokenResponseClient = new DefaultAuthorizationCodeTokenResponseClient();
 		}
-
 		OAuth2UserService<OAuth2UserRequest, OAuth2User> oauth2UserService = getOAuth2UserService();
 		OAuth2LoginAuthenticationProvider oauth2LoginAuthenticationProvider = new OAuth2LoginAuthenticationProvider(
 				accessTokenResponseClient, oauth2UserService);
@@ -325,10 +322,8 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>
 			oauth2LoginAuthenticationProvider.setAuthoritiesMapper(userAuthoritiesMapper);
 		}
 		http.authenticationProvider(this.postProcess(oauth2LoginAuthenticationProvider));
-
 		boolean oidcAuthenticationProviderEnabled = ClassUtils
 				.isPresent("org.springframework.security.oauth2.jwt.JwtDecoder", this.getClass().getClassLoader());
-
 		if (oidcAuthenticationProviderEnabled) {
 			OAuth2UserService<OidcUserRequest, OidcUser> oidcUserService = getOidcUserService();
 			OidcAuthorizationCodeAuthenticationProvider oidcAuthorizationCodeAuthenticationProvider = new OidcAuthorizationCodeAuthenticationProvider(
@@ -345,14 +340,12 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>
 		else {
 			http.authenticationProvider(new OidcAuthenticationRequestChecker());
 		}
-
 		this.initDefaultLoginFilter(http);
 	}
 
 	@Override
 	public void configure(B http) throws Exception {
 		OAuth2AuthorizationRequestRedirectFilter authorizationRequestFilter;
-
 		if (this.authorizationEndpointConfig.authorizationRequestResolver != null) {
 			authorizationRequestFilter = new OAuth2AuthorizationRequestRedirectFilter(
 					this.authorizationEndpointConfig.authorizationRequestResolver);
@@ -366,7 +359,6 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>
 					OAuth2ClientConfigurerUtils.getClientRegistrationRepository(this.getBuilder()),
 					authorizationRequestBaseUri);
 		}
-
 		if (this.authorizationEndpointConfig.authorizationRequestRepository != null) {
 			authorizationRequestFilter
 					.setAuthorizationRequestRepository(this.authorizationEndpointConfig.authorizationRequestRepository);
@@ -376,7 +368,6 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>
 			authorizationRequestFilter.setRequestCache(requestCache);
 		}
 		http.addFilter(this.postProcess(authorizationRequestFilter));
-
 		OAuth2LoginAuthenticationFilter authenticationFilter = this.getAuthenticationFilter();
 		if (this.redirectionEndpointConfig.authorizationResponseBaseUri != null) {
 			authenticationFilter.setFilterProcessesUrl(this.redirectionEndpointConfig.authorizationResponseBaseUri);
@@ -433,11 +424,7 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>
 		ResolvableType type = ResolvableType.forClassWithGenerics(OAuth2UserService.class, OidcUserRequest.class,
 				OidcUser.class);
 		OAuth2UserService<OidcUserRequest, OidcUser> bean = getBeanOrNull(type);
-		if (bean == null) {
-			return new OidcUserService();
-		}
-
-		return bean;
+		return (bean != null) ? bean : new OidcUserService();
 	}
 
 	private OAuth2UserService<OAuth2UserRequest, OAuth2User> getOAuth2UserService() {
@@ -447,29 +434,25 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>
 		ResolvableType type = ResolvableType.forClassWithGenerics(OAuth2UserService.class, OAuth2UserRequest.class,
 				OAuth2User.class);
 		OAuth2UserService<OAuth2UserRequest, OAuth2User> bean = getBeanOrNull(type);
-		if (bean == null) {
-			if (!this.userInfoEndpointConfig.customUserTypes.isEmpty()) {
-				List<OAuth2UserService<OAuth2UserRequest, OAuth2User>> userServices = new ArrayList<>();
-				userServices.add(new CustomUserTypesOAuth2UserService(this.userInfoEndpointConfig.customUserTypes));
-				userServices.add(new DefaultOAuth2UserService());
-				return new DelegatingOAuth2UserService<>(userServices);
-			}
-			else {
-				return new DefaultOAuth2UserService();
-			}
+		if (bean != null) {
+			return bean;
 		}
-
-		return bean;
+		if (this.userInfoEndpointConfig.customUserTypes.isEmpty()) {
+			return new DefaultOAuth2UserService();
+		}
+		List<OAuth2UserService<OAuth2UserRequest, OAuth2User>> userServices = new ArrayList<>();
+		userServices.add(new CustomUserTypesOAuth2UserService(this.userInfoEndpointConfig.customUserTypes));
+		userServices.add(new DefaultOAuth2UserService());
+		return new DelegatingOAuth2UserService<>(userServices);
 	}
 
 	private <T> T getBeanOrNull(ResolvableType type) {
 		ApplicationContext context = getBuilder().getSharedObject(ApplicationContext.class);
-		if (context == null) {
-			return null;
-		}
-		String[] names = context.getBeanNamesForType(type);
-		if (names.length == 1) {
-			return (T) context.getBean(names[0]);
+		if (context != null) {
+			String[] names = context.getBeanNamesForType(type);
+			if (names.length == 1) {
+				return (T) context.getBean(names[0]);
+			}
 		}
 		return null;
 	}
@@ -480,7 +463,6 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>
 		if (loginPageGeneratingFilter == null || this.isCustomLoginPage()) {
 			return;
 		}
-
 		loginPageGeneratingFilter.setOauth2LoginEnabled(true);
 		loginPageGeneratingFilter.setOauth2AuthenticationUrlToClientName(this.getLoginLinks());
 		loginPageGeneratingFilter.setLoginPageUrl(this.getLoginPage());
@@ -499,14 +481,12 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>
 		if (clientRegistrations == null) {
 			return Collections.emptyMap();
 		}
-
 		String authorizationRequestBaseUri = (this.authorizationEndpointConfig.authorizationRequestBaseUri != null)
 				? this.authorizationEndpointConfig.authorizationRequestBaseUri
 				: OAuth2AuthorizationRequestRedirectFilter.DEFAULT_AUTHORIZATION_REQUEST_BASE_URI;
 		Map<String, String> loginUrlToClientName = new HashMap<>();
 		clientRegistrations.forEach((registration) -> loginUrlToClientName.put(
 				authorizationRequestBaseUri + "/" + registration.getRegistrationId(), registration.getClientName()));
-
 		return loginUrlToClientName;
 	}
 
@@ -516,17 +496,13 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>
 		RequestMatcher defaultEntryPointMatcher = this.getAuthenticationEntryPointMatcher(http);
 		RequestMatcher defaultLoginPageMatcher = new AndRequestMatcher(
 				new OrRequestMatcher(loginPageMatcher, faviconMatcher), defaultEntryPointMatcher);
-
 		RequestMatcher notXRequestedWith = new NegatedRequestMatcher(
 				new RequestHeaderRequestMatcher("X-Requested-With", "XMLHttpRequest"));
-
 		LinkedHashMap<RequestMatcher, AuthenticationEntryPoint> entryPoints = new LinkedHashMap<>();
 		entryPoints.put(new AndRequestMatcher(notXRequestedWith, new NegatedRequestMatcher(defaultLoginPageMatcher)),
 				new LoginUrlAuthenticationEntryPoint(providerLoginPage));
-
 		DelegatingAuthenticationEntryPoint loginEntryPoint = new DelegatingAuthenticationEntryPoint(entryPoints);
 		loginEntryPoint.setDefaultEntryPoint(this.getAuthenticationEntryPoint());
-
 		return loginEntryPoint;
 	}
 
@@ -612,7 +588,6 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>
 		 */
 		public TokenEndpointConfig accessTokenResponseClient(
 				OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient) {
-
 			Assert.notNull(accessTokenResponseClient, "accessTokenResponseClient cannot be null");
 			this.accessTokenResponseClient = accessTokenResponseClient;
 			return this;
@@ -746,21 +721,19 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>
 		@Override
 		public Authentication authenticate(Authentication authentication) throws AuthenticationException {
 			OAuth2LoginAuthenticationToken authorizationCodeAuthentication = (OAuth2LoginAuthenticationToken) authentication;
-
-			// Section 3.1.2.1 Authentication Request -
-			// https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
-			// scope
-			// REQUIRED. OpenID Connect requests MUST contain the "openid" scope value.
-			if (authorizationCodeAuthentication.getAuthorizationExchange().getAuthorizationRequest().getScopes()
-					.contains(OidcScopes.OPENID)) {
-
+			OAuth2AuthorizationRequest authorizationRequest = authorizationCodeAuthentication.getAuthorizationExchange()
+					.getAuthorizationRequest();
+			if (authorizationRequest.getScopes().contains(OidcScopes.OPENID)) {
+				// Section 3.1.2.1 Authentication Request -
+				// https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest scope
+				// REQUIRED. OpenID Connect requests MUST contain the "openid" scope
+				// value.
 				OAuth2Error oauth2Error = new OAuth2Error("oidc_provider_not_configured",
 						"An OpenID Connect Authentication Provider has not been configured. "
 								+ "Check to ensure you include the dependency 'spring-security-oauth2-jose'.",
 						null);
 				throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
 			}
-
 			return null;
 		}
 
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurer.java
index 03053952f3..d56ca5bb4c 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurer.java
@@ -180,7 +180,6 @@ public final class OAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<
 		if (this.jwtConfigurer == null) {
 			this.jwtConfigurer = new JwtConfigurer(this.context);
 		}
-
 		return this.jwtConfigurer;
 	}
 
@@ -202,7 +201,6 @@ public final class OAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<
 		if (this.opaqueTokenConfigurer == null) {
 			this.opaqueTokenConfigurer = new OpaqueTokenConfigurer(this.context);
 		}
-
 		return this.opaqueTokenConfigurer;
 	}
 
@@ -223,11 +221,9 @@ public final class OAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<
 	@Override
 	public void init(H http) {
 		validateConfiguration();
-
 		registerDefaultAccessDeniedHandler(http);
 		registerDefaultEntryPoint(http);
 		registerDefaultCsrfOverride(http);
-
 		AuthenticationProvider authenticationProvider = getAuthenticationProvider();
 		if (authenticationProvider != null) {
 			http.authenticationProvider(authenticationProvider);
@@ -238,79 +234,63 @@ public final class OAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<
 	public void configure(H http) {
 		BearerTokenResolver bearerTokenResolver = getBearerTokenResolver();
 		this.requestMatcher.setBearerTokenResolver(bearerTokenResolver);
-
 		AuthenticationManagerResolver resolver = this.authenticationManagerResolver;
 		if (resolver == null) {
 			AuthenticationManager authenticationManager = getAuthenticationManager(http);
 			resolver = (request) -> authenticationManager;
 		}
-
 		BearerTokenAuthenticationFilter filter = new BearerTokenAuthenticationFilter(resolver);
 		filter.setBearerTokenResolver(bearerTokenResolver);
 		filter.setAuthenticationEntryPoint(this.authenticationEntryPoint);
 		filter = postProcess(filter);
-
 		http.addFilter(filter);
 	}
 
 	private void validateConfiguration() {
 		if (this.authenticationManagerResolver == null) {
-			if (this.jwtConfigurer == null && this.opaqueTokenConfigurer == null) {
-				throw new IllegalStateException("Jwt and Opaque Token are the only supported formats for bearer tokens "
-						+ "in Spring Security and neither was found. Make sure to configure JWT "
-						+ "via http.oauth2ResourceServer().jwt() or Opaque Tokens via "
-						+ "http.oauth2ResourceServer().opaqueToken().");
-			}
-
-			if (this.jwtConfigurer != null && this.opaqueTokenConfigurer != null) {
-				throw new IllegalStateException(
-						"Spring Security only supports JWTs or Opaque Tokens, not both at the " + "same time.");
-			}
+			Assert.state(this.jwtConfigurer != null || this.opaqueTokenConfigurer != null,
+					"Jwt and Opaque Token are the only supported formats for bearer tokens "
+							+ "in Spring Security and neither was found. Make sure to configure JWT "
+							+ "via http.oauth2ResourceServer().jwt() or Opaque Tokens via "
+							+ "http.oauth2ResourceServer().opaqueToken().");
+			Assert.state(this.jwtConfigurer == null || this.opaqueTokenConfigurer == null,
+					"Spring Security only supports JWTs or Opaque Tokens, not both at the " + "same time.");
 		}
 		else {
-			if (this.jwtConfigurer != null || this.opaqueTokenConfigurer != null) {
-				throw new IllegalStateException("If an authenticationManagerResolver() is configured, then it takes "
-						+ "precedence over any jwt() or opaqueToken() configuration.");
-			}
+			Assert.state(this.jwtConfigurer == null && this.opaqueTokenConfigurer == null,
+					"If an authenticationManagerResolver() is configured, then it takes "
+							+ "precedence over any jwt() or opaqueToken() configuration.");
 		}
 	}
 
 	private void registerDefaultAccessDeniedHandler(H http) {
 		ExceptionHandlingConfigurer<H> exceptionHandling = http.getConfigurer(ExceptionHandlingConfigurer.class);
-		if (exceptionHandling == null) {
-			return;
+		if (exceptionHandling != null) {
+			exceptionHandling.defaultAccessDeniedHandlerFor(this.accessDeniedHandler, this.requestMatcher);
 		}
-
-		exceptionHandling.defaultAccessDeniedHandlerFor(this.accessDeniedHandler, this.requestMatcher);
 	}
 
 	private void registerDefaultEntryPoint(H http) {
 		ExceptionHandlingConfigurer<H> exceptionHandling = http.getConfigurer(ExceptionHandlingConfigurer.class);
-		if (exceptionHandling == null) {
-			return;
+		if (exceptionHandling != null) {
+			exceptionHandling.defaultAuthenticationEntryPointFor(this.authenticationEntryPoint, this.requestMatcher);
 		}
-
-		exceptionHandling.defaultAuthenticationEntryPointFor(this.authenticationEntryPoint, this.requestMatcher);
 	}
 
 	private void registerDefaultCsrfOverride(H http) {
 		CsrfConfigurer<H> csrf = http.getConfigurer(CsrfConfigurer.class);
-		if (csrf == null) {
-			return;
+		if (csrf != null) {
+			csrf.ignoringRequestMatchers(this.requestMatcher);
 		}
-
-		csrf.ignoringRequestMatchers(this.requestMatcher);
 	}
 
 	AuthenticationProvider getAuthenticationProvider() {
 		if (this.jwtConfigurer != null) {
 			return this.jwtConfigurer.getAuthenticationProvider();
 		}
-
 		if (this.opaqueTokenConfigurer != null) {
 			return this.opaqueTokenConfigurer.getAuthenticationProvider();
 		}
-
 		return null;
 	}
 
@@ -318,11 +298,9 @@ public final class OAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<
 		if (this.jwtConfigurer != null) {
 			return this.jwtConfigurer.getAuthenticationManager(http);
 		}
-
 		if (this.opaqueTokenConfigurer != null) {
 			return this.opaqueTokenConfigurer.getAuthenticationManager(http);
 		}
-
 		return http.getSharedObject(AuthenticationManager.class);
 	}
 
@@ -335,7 +313,6 @@ public final class OAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<
 				this.bearerTokenResolver = new DefaultBearerTokenResolver();
 			}
 		}
-
 		return this.bearerTokenResolver;
 	}
 
@@ -371,7 +348,6 @@ public final class OAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<
 
 		public JwtConfigurer jwtAuthenticationConverter(
 				Converter<Jwt, ? extends AbstractAuthenticationToken> jwtAuthenticationConverter) {
-
 			this.jwtAuthenticationConverter = jwtAuthenticationConverter;
 			return this;
 		}
@@ -389,7 +365,6 @@ public final class OAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<
 					this.jwtAuthenticationConverter = new JwtAuthenticationConverter();
 				}
 			}
-
 			return this.jwtAuthenticationConverter;
 		}
 
@@ -397,7 +372,6 @@ public final class OAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<
 			if (this.decoder == null) {
 				return this.context.getBean(JwtDecoder.class);
 			}
-
 			return this.decoder;
 		}
 
@@ -405,10 +379,8 @@ public final class OAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<
 			if (this.authenticationManager != null) {
 				return null;
 			}
-
 			JwtDecoder decoder = getJwtDecoder();
 			Converter<Jwt, ? extends AbstractAuthenticationToken> jwtAuthenticationConverter = getJwtAuthenticationConverter();
-
 			JwtAuthenticationProvider provider = new JwtAuthenticationProvider(decoder);
 			provider.setJwtAuthenticationConverter(jwtAuthenticationConverter);
 			return postProcess(provider);
@@ -418,7 +390,6 @@ public final class OAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<
 			if (this.authenticationManager != null) {
 				return this.authenticationManager;
 			}
-
 			return http.getSharedObject(AuthenticationManager.class);
 		}
 
@@ -491,7 +462,6 @@ public final class OAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<
 			if (this.authenticationManager != null) {
 				return this.authenticationManager;
 			}
-
 			return http.getSharedObject(AuthenticationManager.class);
 		}
 
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurer.java
index 00e4604a77..e54c2863a8 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurer.java
@@ -280,12 +280,10 @@ public final class OpenIDLoginConfigurer<H extends HttpSecurityBuilder<H>>
 	@Override
 	public void init(H http) throws Exception {
 		super.init(http);
-
 		OpenIDAuthenticationProvider authenticationProvider = new OpenIDAuthenticationProvider();
 		authenticationProvider.setAuthenticationUserDetailsService(getAuthenticationUserDetailsService(http));
 		authenticationProvider = postProcess(authenticationProvider);
 		http.authenticationProvider(authenticationProvider);
-
 		initDefaultLoginFilter(http);
 	}
 
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurer.java
index e73183dc28..4adad193d6 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurer.java
@@ -160,9 +160,6 @@ public final class Saml2LoginConfigurer<B extends HttpSecurityBuilder<B>>
 		return this;
 	}
 
-	/**
-	 * {@inheritDoc}
-	 */
 	@Override
 	public Saml2LoginConfigurer<B> loginPage(String loginPage) {
 		Assert.hasText(loginPage, "loginPage cannot be empty");
@@ -170,9 +167,6 @@ public final class Saml2LoginConfigurer<B extends HttpSecurityBuilder<B>>
 		return this;
 	}
 
-	/**
-	 * {@inheritDoc}
-	 */
 	@Override
 	public Saml2LoginConfigurer<B> loginProcessingUrl(String loginProcessingUrl) {
 		Assert.hasText(loginProcessingUrl, "loginProcessingUrl cannot be empty");
@@ -181,9 +175,6 @@ public final class Saml2LoginConfigurer<B extends HttpSecurityBuilder<B>>
 		return this;
 	}
 
-	/**
-	 * {@inheritDoc}
-	 */
 	@Override
 	protected RequestMatcher createLoginProcessingUrlMatcher(String loginProcessingUrl) {
 		return new AntPathRequestMatcher(loginProcessingUrl);
@@ -208,28 +199,24 @@ public final class Saml2LoginConfigurer<B extends HttpSecurityBuilder<B>>
 		if (this.relyingPartyRegistrationRepository == null) {
 			this.relyingPartyRegistrationRepository = getSharedOrBean(http, RelyingPartyRegistrationRepository.class);
 		}
-
 		this.saml2WebSsoAuthenticationFilter = new Saml2WebSsoAuthenticationFilter(getAuthenticationConverter(http),
 				this.loginProcessingUrl);
 		setAuthenticationFilter(this.saml2WebSsoAuthenticationFilter);
 		super.loginProcessingUrl(this.loginProcessingUrl);
-
 		if (StringUtils.hasText(this.loginPage)) {
 			// Set custom login page
 			super.loginPage(this.loginPage);
 			super.init(http);
 		}
 		else {
-			final Map<String, String> providerUrlMap = getIdentityProviderUrlMap(
+			Map<String, String> providerUrlMap = getIdentityProviderUrlMap(
 					this.authenticationRequestEndpoint.filterProcessingUrl, this.relyingPartyRegistrationRepository);
-
 			boolean singleProvider = providerUrlMap.size() == 1;
 			if (singleProvider) {
 				// Setup auto-redirect to provider login page
 				// when only 1 IDP is configured
 				this.updateAuthenticationDefaults();
 				this.updateAccessDefaults(http);
-
 				String loginUrl = providerUrlMap.entrySet().iterator().next().getKey();
 				final LoginUrlAuthenticationEntryPoint entryPoint = new LoginUrlAuthenticationEntryPoint(loginUrl);
 				registerAuthenticationEntryPoint(http, entryPoint);
@@ -238,7 +225,6 @@ public final class Saml2LoginConfigurer<B extends HttpSecurityBuilder<B>>
 				super.init(http);
 			}
 		}
-
 		this.initDefaultLoginFilter(http);
 	}
 
@@ -279,7 +265,6 @@ public final class Saml2LoginConfigurer<B extends HttpSecurityBuilder<B>>
 		if (csrf == null) {
 			return;
 		}
-
 		csrf.ignoringRequestMatchers(new AntPathRequestMatcher(this.loginProcessingUrl));
 	}
 
@@ -289,7 +274,6 @@ public final class Saml2LoginConfigurer<B extends HttpSecurityBuilder<B>>
 		if (loginPageGeneratingFilter == null || this.isCustomLoginPage()) {
 			return;
 		}
-
 		loginPageGeneratingFilter.setSaml2LoginEnabled(true);
 		loginPageGeneratingFilter.setSaml2AuthenticationUrlToProviderName(this.getIdentityProviderUrlMap(
 				this.authenticationRequestEndpoint.filterProcessingUrl, this.relyingPartyRegistrationRepository));
@@ -326,8 +310,8 @@ public final class Saml2LoginConfigurer<B extends HttpSecurityBuilder<B>>
 			return context.getBean(clazz);
 		}
 		catch (NoSuchBeanDefinitionException ex) {
+			return null;
 		}
-		return null;
 	}
 
 	private <C> void setSharedObject(B http, Class<C> clazz, C object) {
@@ -346,7 +330,6 @@ public final class Saml2LoginConfigurer<B extends HttpSecurityBuilder<B>>
 		private Filter build(B http) {
 			Saml2AuthenticationRequestFactory authenticationRequestResolver = getResolver(http);
 			Saml2AuthenticationRequestContextResolver contextResolver = getContextResolver(http);
-
 			return postProcess(
 					new Saml2WebSsoAuthenticationRequestFilter(contextResolver, authenticationRequestResolver));
 		}
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistry.java b/config/src/main/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistry.java
index 52257b6c2d..eee7e34f36 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistry.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistry.java
@@ -442,11 +442,11 @@ public class MessageSecurityMetadataSourceRegistry {
 				return new SimpDestinationMessageMatcher(this.pattern,
 						MessageSecurityMetadataSourceRegistry.this.pathMatcher);
 			}
-			else if (SimpMessageType.MESSAGE == this.type) {
+			if (SimpMessageType.MESSAGE == this.type) {
 				return SimpDestinationMessageMatcher.createMessageMatcher(this.pattern,
 						MessageSecurityMetadataSourceRegistry.this.pathMatcher);
 			}
-			else if (SimpMessageType.SUBSCRIBE == this.type) {
+			if (SimpMessageType.SUBSCRIBE == this.type) {
 				return SimpDestinationMessageMatcher.createSubscribeMatcher(this.pattern,
 						MessageSecurityMetadataSourceRegistry.this.pathMatcher);
 			}
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/reactive/ReactiveOAuth2ClientImportSelector.java b/config/src/main/java/org/springframework/security/config/annotation/web/reactive/ReactiveOAuth2ClientImportSelector.java
index 46b109fc28..5a56f25650 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/reactive/ReactiveOAuth2ClientImportSelector.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/reactive/ReactiveOAuth2ClientImportSelector.java
@@ -47,13 +47,12 @@ final class ReactiveOAuth2ClientImportSelector implements ImportSelector {
 
 	@Override
 	public String[] selectImports(AnnotationMetadata importingClassMetadata) {
-		boolean oauth2ClientPresent = ClassUtils.isPresent(
-				"org.springframework.security.oauth2.client.registration.ClientRegistration",
-				getClass().getClassLoader());
-
-		return oauth2ClientPresent ? new String[] {
-				"org.springframework.security.config.annotation.web.reactive.ReactiveOAuth2ClientImportSelector$OAuth2ClientWebFluxSecurityConfiguration" }
-				: new String[] {};
+		if (!ClassUtils.isPresent("org.springframework.security.oauth2.client.registration.ClientRegistration",
+				getClass().getClassLoader())) {
+			return new String[0];
+		}
+		return new String[] { "org.springframework.security.config.annotation.web.reactive."
+				+ "ReactiveOAuth2ClientImportSelector$OAuth2ClientWebFluxSecurityConfiguration" };
 	}
 
 	@Configuration(proxyBeanMethods = false)
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/reactive/WebFluxSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/web/reactive/WebFluxSecurityConfiguration.java
index de54752001..07119e8ee0 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/reactive/WebFluxSecurityConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/reactive/WebFluxSecurityConfiguration.java
@@ -98,23 +98,14 @@ class WebFluxSecurityConfiguration {
 	 * @return
 	 */
 	private SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
-		// @formatter:off
-		http
-			.authorizeExchange()
-				.anyExchange().authenticated();
-		// @formatter:on
-
+		http.authorizeExchange().anyExchange().authenticated();
 		if (isOAuth2Present && OAuth2ClasspathGuard.shouldConfigure(this.context)) {
 			OAuth2ClasspathGuard.configure(this.context, http);
 		}
 		else {
-			// @formatter:off
-			http
-				.httpBasic().and()
-				.formLogin();
-			// @formatter:on
+			http.httpBasic();
+			http.formLogin();
 		}
-
 		SecurityWebFilterChain result = http.build();
 		return result;
 	}
@@ -122,11 +113,8 @@ class WebFluxSecurityConfiguration {
 	private static class OAuth2ClasspathGuard {
 
 		static void configure(ApplicationContext context, ServerHttpSecurity http) {
-			// @formatter:off
-			http
-				.oauth2Login().and()
-				.oauth2Client();
-			// @formatter:on
+			http.oauth2Login();
+			http.oauth2Client();
 		}
 
 		static boolean shouldConfigure(ApplicationContext context) {
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurer.java
index bd95622830..f201352f59 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurer.java
@@ -47,6 +47,7 @@ import org.springframework.security.messaging.context.SecurityContextChannelInte
 import org.springframework.security.messaging.web.csrf.CsrfChannelInterceptor;
 import org.springframework.security.messaging.web.socket.server.CsrfTokenHandshakeInterceptor;
 import org.springframework.util.AntPathMatcher;
+import org.springframework.util.Assert;
 import org.springframework.util.PathMatcher;
 import org.springframework.web.servlet.handler.SimpleUrlHandlerMapping;
 import org.springframework.web.socket.config.annotation.AbstractWebSocketMessageBrokerConfigurer;
@@ -160,10 +161,8 @@ public abstract class AbstractSecurityWebSocketMessageBrokerConfigurer extends A
 				messageSecurityMetadataSource);
 		MessageExpressionVoter<Object> voter = new MessageExpressionVoter<>();
 		voter.setExpressionHandler(getMessageExpressionHandler());
-
 		List<AccessDecisionVoter<?>> voters = new ArrayList<>();
 		voters.add(voter);
-
 		AffirmativeBased manager = new AffirmativeBased(voters);
 		channelSecurityInterceptor.setAccessDecisionManager(manager);
 		return channelSecurityInterceptor;
@@ -221,50 +220,47 @@ public abstract class AbstractSecurityWebSocketMessageBrokerConfigurer extends A
 		if (sameOriginDisabled()) {
 			return;
 		}
-
 		String beanName = "stompWebSocketHandlerMapping";
 		SimpleUrlHandlerMapping mapping = this.context.getBean(beanName, SimpleUrlHandlerMapping.class);
 		Map<String, Object> mappings = mapping.getHandlerMap();
 		for (Object object : mappings.values()) {
 			if (object instanceof SockJsHttpRequestHandler) {
-				SockJsHttpRequestHandler sockjsHandler = (SockJsHttpRequestHandler) object;
-				SockJsService sockJsService = sockjsHandler.getSockJsService();
-				if (!(sockJsService instanceof TransportHandlingSockJsService)) {
-					throw new IllegalStateException(
-							"sockJsService must be instance of TransportHandlingSockJsService got " + sockJsService);
-				}
-
-				TransportHandlingSockJsService transportHandlingSockJsService = (TransportHandlingSockJsService) sockJsService;
-				List<HandshakeInterceptor> handshakeInterceptors = transportHandlingSockJsService
-						.getHandshakeInterceptors();
-				List<HandshakeInterceptor> interceptorsToSet = new ArrayList<>(handshakeInterceptors.size() + 1);
-				interceptorsToSet.add(new CsrfTokenHandshakeInterceptor());
-				interceptorsToSet.addAll(handshakeInterceptors);
-
-				transportHandlingSockJsService.setHandshakeInterceptors(interceptorsToSet);
+				setHandshakeInterceptors((SockJsHttpRequestHandler) object);
 			}
 			else if (object instanceof WebSocketHttpRequestHandler) {
-				WebSocketHttpRequestHandler handler = (WebSocketHttpRequestHandler) object;
-				List<HandshakeInterceptor> handshakeInterceptors = handler.getHandshakeInterceptors();
-				List<HandshakeInterceptor> interceptorsToSet = new ArrayList<>(handshakeInterceptors.size() + 1);
-				interceptorsToSet.add(new CsrfTokenHandshakeInterceptor());
-				interceptorsToSet.addAll(handshakeInterceptors);
-
-				handler.setHandshakeInterceptors(interceptorsToSet);
+				setHandshakeInterceptors((WebSocketHttpRequestHandler) object);
 			}
 			else {
-				throw new IllegalStateException("Bean " + beanName
-						+ " is expected to contain mappings to either a SockJsHttpRequestHandler or a WebSocketHttpRequestHandler but got "
-						+ object);
+				throw new IllegalStateException("Bean " + beanName + " is expected to contain mappings to either a "
+						+ "SockJsHttpRequestHandler or a WebSocketHttpRequestHandler but got " + object);
 			}
 		}
-
 		if (this.inboundRegistry.containsMapping() && !this.inboundRegistry.isSimpDestPathMatcherConfigured()) {
 			PathMatcher pathMatcher = getDefaultPathMatcher();
 			this.inboundRegistry.simpDestPathMatcher(pathMatcher);
 		}
 	}
 
+	private void setHandshakeInterceptors(SockJsHttpRequestHandler handler) {
+		SockJsService sockJsService = handler.getSockJsService();
+		Assert.state(sockJsService instanceof TransportHandlingSockJsService,
+				() -> "sockJsService must be instance of TransportHandlingSockJsService got " + sockJsService);
+		TransportHandlingSockJsService transportHandlingSockJsService = (TransportHandlingSockJsService) sockJsService;
+		List<HandshakeInterceptor> handshakeInterceptors = transportHandlingSockJsService.getHandshakeInterceptors();
+		List<HandshakeInterceptor> interceptorsToSet = new ArrayList<>(handshakeInterceptors.size() + 1);
+		interceptorsToSet.add(new CsrfTokenHandshakeInterceptor());
+		interceptorsToSet.addAll(handshakeInterceptors);
+		transportHandlingSockJsService.setHandshakeInterceptors(interceptorsToSet);
+	}
+
+	private void setHandshakeInterceptors(WebSocketHttpRequestHandler handler) {
+		List<HandshakeInterceptor> handshakeInterceptors = handler.getHandshakeInterceptors();
+		List<HandshakeInterceptor> interceptorsToSet = new ArrayList<>(handshakeInterceptors.size() + 1);
+		interceptorsToSet.add(new CsrfTokenHandshakeInterceptor());
+		interceptorsToSet.addAll(handshakeInterceptors);
+		handler.setHandshakeInterceptors(interceptorsToSet);
+	}
+
 	private static class WebSocketMessageSecurityMetadataSourceRegistry extends MessageSecurityMetadataSourceRegistry {
 
 		@Override
diff --git a/config/src/main/java/org/springframework/security/config/authentication/AbstractUserDetailsServiceBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/authentication/AbstractUserDetailsServiceBeanDefinitionParser.java
index efce360644..883e98bc39 100644
--- a/config/src/main/java/org/springframework/security/config/authentication/AbstractUserDetailsServiceBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/authentication/AbstractUserDetailsServiceBeanDefinitionParser.java
@@ -47,36 +47,27 @@ public abstract class AbstractUserDetailsServiceBeanDefinitionParser implements
 	@Override
 	public BeanDefinition parse(Element element, ParserContext parserContext) {
 		BeanDefinitionBuilder builder = BeanDefinitionBuilder.rootBeanDefinition(getBeanClassName(element));
-
 		doParse(element, parserContext, builder);
-
 		RootBeanDefinition userService = (RootBeanDefinition) builder.getBeanDefinition();
-		final String beanId = resolveId(element, userService, parserContext);
-
+		String beanId = resolveId(element, userService, parserContext);
 		parserContext.registerBeanComponent(new BeanComponentDefinition(userService, beanId));
-
 		String cacheRef = element.getAttribute(CACHE_REF);
-
 		// Register a caching version of the user service if there's a cache-ref
 		if (StringUtils.hasText(cacheRef)) {
 			BeanDefinitionBuilder cachingUSBuilder = BeanDefinitionBuilder
 					.rootBeanDefinition(CachingUserDetailsService.class);
 			cachingUSBuilder.addConstructorArgReference(beanId);
-
 			cachingUSBuilder.addPropertyValue("userCache", new RuntimeBeanReference(cacheRef));
 			BeanDefinition cachingUserService = cachingUSBuilder.getBeanDefinition();
 			parserContext
 					.registerBeanComponent(new BeanComponentDefinition(cachingUserService, beanId + CACHING_SUFFIX));
 		}
-
 		return null;
 	}
 
 	private String resolveId(Element element, AbstractBeanDefinition definition, ParserContext pc)
 			throws BeanDefinitionStoreException {
-
 		String id = element.getAttribute("id");
-
 		if (pc.isNested()) {
 			// We're inside an <authentication-provider> element
 			if (!StringUtils.hasText(id)) {
@@ -85,17 +76,14 @@ public abstract class AbstractUserDetailsServiceBeanDefinitionParser implements
 			BeanDefinition container = pc.getContainingBeanDefinition();
 			container.getPropertyValues().add("userDetailsService", new RuntimeBeanReference(id));
 		}
-
 		if (StringUtils.hasText(id)) {
 			return id;
 		}
-
 		// If top level, use the default name or throw an exception if already used
 		if (pc.getRegistry().containsBeanDefinition(BeanIds.USER_DETAILS_SERVICE)) {
 			throw new BeanDefinitionStoreException(
-					"No id supplied and another " + "bean is already registered as " + BeanIds.USER_DETAILS_SERVICE);
+					"No id supplied and another bean is already registered as " + BeanIds.USER_DETAILS_SERVICE);
 		}
-
 		return BeanIds.USER_DETAILS_SERVICE;
 	}
 
diff --git a/config/src/main/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParser.java
index acdba6c0c9..0439549e28 100644
--- a/config/src/main/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParser.java
@@ -60,7 +60,6 @@ public class AuthenticationManagerBeanDefinitionParser implements BeanDefinition
 	@Override
 	public BeanDefinition parse(Element element, ParserContext pc) {
 		String id = element.getAttribute("id");
-
 		if (!StringUtils.hasText(id)) {
 			if (pc.getRegistry().containsBeanDefinition(BeanIds.AUTHENTICATION_MANAGER)) {
 				pc.getReaderContext().warning("Overriding globally registered AuthenticationManager",
@@ -69,65 +68,30 @@ public class AuthenticationManagerBeanDefinitionParser implements BeanDefinition
 			id = BeanIds.AUTHENTICATION_MANAGER;
 		}
 		pc.pushContainingComponent(new CompositeComponentDefinition(element.getTagName(), pc.extractSource(element)));
-
 		BeanDefinitionBuilder providerManagerBldr = BeanDefinitionBuilder.rootBeanDefinition(ProviderManager.class);
-
 		String alias = element.getAttribute(ATT_ALIAS);
-
 		List<BeanMetadataElement> providers = new ManagedList<>();
 		NamespaceHandlerResolver resolver = pc.getReaderContext().getNamespaceHandlerResolver();
-
 		NodeList children = element.getChildNodes();
-
 		for (int i = 0; i < children.getLength(); i++) {
 			Node node = children.item(i);
 			if (node instanceof Element) {
-				Element providerElt = (Element) node;
-				if (StringUtils.hasText(providerElt.getAttribute(ATT_REF))) {
-					if (providerElt.getAttributes().getLength() > 1) {
-						pc.getReaderContext()
-								.error("authentication-provider element cannot be used with other attributes "
-										+ "when using 'ref' attribute", pc.extractSource(element));
-					}
-					NodeList providerChildren = providerElt.getChildNodes();
-					for (int j = 0; j < providerChildren.getLength(); j++) {
-						if (providerChildren.item(j) instanceof Element) {
-							pc.getReaderContext()
-									.error("authentication-provider element cannot have child elements when used "
-											+ "with 'ref' attribute", pc.extractSource(element));
-						}
-					}
-					providers.add(new RuntimeBeanReference(providerElt.getAttribute(ATT_REF)));
-				}
-				else {
-					BeanDefinition provider = resolver.resolve(providerElt.getNamespaceURI()).parse(providerElt, pc);
-					Assert.notNull(provider,
-							() -> "Parser for " + providerElt.getNodeName() + " returned a null bean definition");
-					String providerId = pc.getReaderContext().generateBeanName(provider);
-					pc.registerBeanComponent(new BeanComponentDefinition(provider, providerId));
-					providers.add(new RuntimeBeanReference(providerId));
-				}
+				providers.add(extracted(element, pc, resolver, (Element) node));
 			}
 		}
-
 		if (providers.isEmpty()) {
 			providers.add(new RootBeanDefinition(NullAuthenticationProvider.class));
 		}
-
 		providerManagerBldr.addConstructorArgValue(providers);
-
 		if ("false".equals(element.getAttribute(ATT_ERASE_CREDENTIALS))) {
 			providerManagerBldr.addPropertyValue("eraseCredentialsAfterAuthentication", false);
 		}
-
 		// Add the default event publisher
 		BeanDefinition publisher = new RootBeanDefinition(DefaultAuthenticationEventPublisher.class);
 		String pubId = pc.getReaderContext().generateBeanName(publisher);
 		pc.registerBeanComponent(new BeanComponentDefinition(publisher, pubId));
 		providerManagerBldr.addPropertyReference("authenticationEventPublisher", pubId);
-
 		pc.registerBeanComponent(new BeanComponentDefinition(providerManagerBldr.getBeanDefinition(), id));
-
 		if (StringUtils.hasText(alias)) {
 			pc.getRegistry().registerAlias(id, alias);
 			pc.getReaderContext().fireAliasRegistered(id, alias, pc.extractSource(element));
@@ -136,12 +100,35 @@ public class AuthenticationManagerBeanDefinitionParser implements BeanDefinition
 			pc.getRegistry().registerAlias(id, BeanIds.AUTHENTICATION_MANAGER);
 			pc.getReaderContext().fireAliasRegistered(id, BeanIds.AUTHENTICATION_MANAGER, pc.extractSource(element));
 		}
-
 		pc.popAndRegisterContainingComponent();
-
 		return null;
 	}
 
+	private BeanMetadataElement extracted(Element element, ParserContext pc, NamespaceHandlerResolver resolver,
+			Element providerElement) {
+		String ref = providerElement.getAttribute(ATT_REF);
+		if (!StringUtils.hasText(ref)) {
+			BeanDefinition provider = resolver.resolve(providerElement.getNamespaceURI()).parse(providerElement, pc);
+			Assert.notNull(provider,
+					() -> "Parser for " + providerElement.getNodeName() + " returned a null bean definition");
+			String providerId = pc.getReaderContext().generateBeanName(provider);
+			pc.registerBeanComponent(new BeanComponentDefinition(provider, providerId));
+			return new RuntimeBeanReference(providerId);
+		}
+		if (providerElement.getAttributes().getLength() > 1) {
+			pc.getReaderContext().error("authentication-provider element cannot be used with other attributes "
+					+ "when using 'ref' attribute", pc.extractSource(element));
+		}
+		NodeList providerChildren = providerElement.getChildNodes();
+		for (int i = 0; i < providerChildren.getLength(); i++) {
+			if (providerChildren.item(i) instanceof Element) {
+				pc.getReaderContext().error("authentication-provider element cannot have child elements when used "
+						+ "with 'ref' attribute", pc.extractSource(element));
+			}
+		}
+		return new RuntimeBeanReference(ref);
+	}
+
 	/**
 	 * Provider which doesn't provide any service. Only used to prevent a configuration
 	 * exception if the provider list is empty (usually because a child ProviderManager
diff --git a/config/src/main/java/org/springframework/security/config/authentication/AuthenticationManagerFactoryBean.java b/config/src/main/java/org/springframework/security/config/authentication/AuthenticationManagerFactoryBean.java
index 096d1dad4c..ce199e8ea3 100644
--- a/config/src/main/java/org/springframework/security/config/authentication/AuthenticationManagerFactoryBean.java
+++ b/config/src/main/java/org/springframework/security/config/authentication/AuthenticationManagerFactoryBean.java
@@ -56,12 +56,10 @@ public class AuthenticationManagerFactoryBean implements FactoryBean<Authenticat
 			if (!BeanIds.AUTHENTICATION_MANAGER.equals(ex.getBeanName())) {
 				throw ex;
 			}
-
 			UserDetailsService uds = getBeanOrNull(UserDetailsService.class);
 			if (uds == null) {
 				throw new NoSuchBeanDefinitionException(BeanIds.AUTHENTICATION_MANAGER, MISSING_BEAN_ERROR_MESSAGE);
 			}
-
 			DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
 			provider.setUserDetailsService(uds);
 			PasswordEncoder passwordEncoder = getBeanOrNull(PasswordEncoder.class);
diff --git a/config/src/main/java/org/springframework/security/config/authentication/AuthenticationProviderBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/authentication/AuthenticationProviderBeanDefinitionParser.java
index 70fcab35d6..973edde649 100644
--- a/config/src/main/java/org/springframework/security/config/authentication/AuthenticationProviderBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/authentication/AuthenticationProviderBeanDefinitionParser.java
@@ -43,15 +43,12 @@ public class AuthenticationProviderBeanDefinitionParser implements BeanDefinitio
 	public BeanDefinition parse(Element element, ParserContext pc) {
 		RootBeanDefinition authProvider = new RootBeanDefinition(DaoAuthenticationProvider.class);
 		authProvider.setSource(pc.extractSource(element));
-
 		Element passwordEncoderElt = DomUtils.getChildElementByTagName(element, Elements.PASSWORD_ENCODER);
-
 		PasswordEncoderParser pep = new PasswordEncoderParser(passwordEncoderElt, pc);
 		BeanMetadataElement passwordEncoder = pep.getPasswordEncoder();
 		if (passwordEncoder != null) {
 			authProvider.getPropertyValues().addPropertyValue("passwordEncoder", passwordEncoder);
 		}
-
 		Element userServiceElt = DomUtils.getChildElementByTagName(element, Elements.USER_SERVICE);
 		if (userServiceElt == null) {
 			userServiceElt = DomUtils.getChildElementByTagName(element, Elements.JDBC_USER_SERVICE);
@@ -59,9 +56,7 @@ public class AuthenticationProviderBeanDefinitionParser implements BeanDefinitio
 		if (userServiceElt == null) {
 			userServiceElt = DomUtils.getChildElementByTagName(element, Elements.LDAP_USER_SERVICE);
 		}
-
 		String ref = element.getAttribute(ATT_USER_DETAILS_REF);
-
 		if (StringUtils.hasText(ref)) {
 			if (userServiceElt != null) {
 				pc.getReaderContext()
@@ -69,7 +64,6 @@ public class AuthenticationProviderBeanDefinitionParser implements BeanDefinitio
 								+ "elements '" + Elements.USER_SERVICE + "', '" + Elements.JDBC_USER_SERVICE + "' or '"
 								+ Elements.LDAP_USER_SERVICE + "'", element);
 			}
-
 			authProvider.getPropertyValues().add("userDetailsService", new RuntimeBeanReference(ref));
 		}
 		else {
@@ -80,7 +74,6 @@ public class AuthenticationProviderBeanDefinitionParser implements BeanDefinitio
 			else {
 				pc.getReaderContext().error("A user-service is required", element);
 			}
-
 			// Pinch the cache-ref from the UserDetailService element, if set.
 			String cacheRef = userServiceElt.getAttribute(AbstractUserDetailsServiceBeanDefinitionParser.CACHE_REF);
 
@@ -88,7 +81,6 @@ public class AuthenticationProviderBeanDefinitionParser implements BeanDefinitio
 				authProvider.getPropertyValues().addPropertyValue("userCache", new RuntimeBeanReference(cacheRef));
 			}
 		}
-
 		return authProvider;
 	}
 
diff --git a/config/src/main/java/org/springframework/security/config/authentication/JdbcUserServiceBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/authentication/JdbcUserServiceBeanDefinitionParser.java
index 56d7e90fd8..d1e192a6e7 100644
--- a/config/src/main/java/org/springframework/security/config/authentication/JdbcUserServiceBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/authentication/JdbcUserServiceBeanDefinitionParser.java
@@ -42,7 +42,6 @@ public class JdbcUserServiceBeanDefinitionParser extends AbstractUserDetailsServ
 	@Override
 	protected void doParse(Element element, ParserContext parserContext, BeanDefinitionBuilder builder) {
 		String dataSource = element.getAttribute(ATT_DATA_SOURCE);
-
 		if (dataSource != null) {
 			builder.addPropertyReference("dataSource", dataSource);
 		}
@@ -50,24 +49,19 @@ public class JdbcUserServiceBeanDefinitionParser extends AbstractUserDetailsServ
 			parserContext.getReaderContext().error(ATT_DATA_SOURCE + " is required for " + Elements.JDBC_USER_SERVICE,
 					parserContext.extractSource(element));
 		}
-
 		String usersQuery = element.getAttribute(ATT_USERS_BY_USERNAME_QUERY);
 		String authoritiesQuery = element.getAttribute(ATT_AUTHORITIES_BY_USERNAME_QUERY);
 		String groupAuthoritiesQuery = element.getAttribute(ATT_GROUP_AUTHORITIES_QUERY);
 		String rolePrefix = element.getAttribute(ATT_ROLE_PREFIX);
-
 		if (StringUtils.hasText(rolePrefix)) {
 			builder.addPropertyValue("rolePrefix", rolePrefix);
 		}
-
 		if (StringUtils.hasText(usersQuery)) {
 			builder.addPropertyValue("usersByUsernameQuery", usersQuery);
 		}
-
 		if (StringUtils.hasText(authoritiesQuery)) {
 			builder.addPropertyValue("authoritiesByUsernameQuery", authoritiesQuery);
 		}
-
 		if (StringUtils.hasText(groupAuthoritiesQuery)) {
 			builder.addPropertyValue("enableGroups", Boolean.TRUE);
 			builder.addPropertyValue("groupAuthoritiesByUsernameQuery", groupAuthoritiesQuery);
diff --git a/config/src/main/java/org/springframework/security/config/authentication/PasswordEncoderParser.java b/config/src/main/java/org/springframework/security/config/authentication/PasswordEncoderParser.java
index 3d99b4f312..3fced6b18f 100644
--- a/config/src/main/java/org/springframework/security/config/authentication/PasswordEncoderParser.java
+++ b/config/src/main/java/org/springframework/security/config/authentication/PasswordEncoderParser.java
@@ -16,11 +16,9 @@
 
 package org.springframework.security.config.authentication;
 
-import java.util.HashMap;
+import java.util.Collections;
 import java.util.Map;
 
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
 import org.w3c.dom.Element;
 
 import org.springframework.beans.BeanMetadataElement;
@@ -42,17 +40,13 @@ public class PasswordEncoderParser {
 	static final String ATT_REF = "ref";
 
 	public static final String ATT_HASH = "hash";
+
 	static final String ATT_BASE_64 = "base64";
+
 	static final String OPT_HASH_BCRYPT = "bcrypt";
 
-	private static final Map<String, Class<?>> ENCODER_CLASSES;
-
-	static {
-		ENCODER_CLASSES = new HashMap<>();
-		ENCODER_CLASSES.put(OPT_HASH_BCRYPT, BCryptPasswordEncoder.class);
-	}
-
-	private static final Log logger = LogFactory.getLog(PasswordEncoderParser.class);
+	private static final Map<String, Class<?>> ENCODER_CLASSES = Collections.singletonMap(OPT_HASH_BCRYPT,
+			BCryptPasswordEncoder.class);
 
 	private BeanMetadataElement passwordEncoder;
 
@@ -68,14 +62,9 @@ public class PasswordEncoderParser {
 			return;
 		}
 		String hash = element.getAttribute(ATT_HASH);
-		boolean useBase64 = false;
-
-		if (StringUtils.hasText(element.getAttribute(ATT_BASE_64))) {
-			useBase64 = Boolean.parseBoolean(element.getAttribute(ATT_BASE_64));
-		}
-
+		boolean useBase64 = StringUtils.hasText(element.getAttribute(ATT_BASE_64))
+				&& Boolean.parseBoolean(element.getAttribute(ATT_BASE_64));
 		String ref = element.getAttribute(ATT_REF);
-
 		if (StringUtils.hasText(ref)) {
 			this.passwordEncoder = new RuntimeBeanReference(ref);
 		}
diff --git a/config/src/main/java/org/springframework/security/config/authentication/UserServiceBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/authentication/UserServiceBeanDefinitionParser.java
index 882a67fbde..eecd64bf28 100644
--- a/config/src/main/java/org/springframework/security/config/authentication/UserServiceBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/authentication/UserServiceBeanDefinitionParser.java
@@ -62,43 +62,33 @@ public class UserServiceBeanDefinitionParser extends AbstractUserDetailsServiceB
 	protected void doParse(Element element, ParserContext parserContext, BeanDefinitionBuilder builder) {
 		String userProperties = element.getAttribute(ATT_PROPERTIES);
 		List<Element> userElts = DomUtils.getChildElementsByTagName(element, ELT_USER);
-
 		if (StringUtils.hasText(userProperties)) {
-
 			if (!CollectionUtils.isEmpty(userElts)) {
 				throw new BeanDefinitionStoreException(
 						"Use of a properties file and user elements are mutually exclusive");
 			}
-
 			BeanDefinition bd = new RootBeanDefinition(PropertiesFactoryBean.class);
 			bd.getPropertyValues().addPropertyValue("location", userProperties);
 			builder.addConstructorArgValue(bd);
-
 			return;
 		}
-
 		if (CollectionUtils.isEmpty(userElts)) {
 			throw new BeanDefinitionStoreException("You must supply user definitions, either with <" + ELT_USER
 					+ "> child elements or a " + "properties file (using the '" + ATT_PROPERTIES + "' attribute)");
 		}
-
 		ManagedList<BeanDefinition> users = new ManagedList<>();
-
 		for (Object elt : userElts) {
 			Element userElt = (Element) elt;
 			String userName = userElt.getAttribute(ATT_NAME);
 			String password = userElt.getAttribute(ATT_PASSWORD);
-
 			if (!StringUtils.hasLength(password)) {
 				password = generateRandomPassword();
 			}
-
 			boolean locked = "true".equals(userElt.getAttribute(ATT_LOCKED));
 			boolean disabled = "true".equals(userElt.getAttribute(ATT_DISABLED));
 			BeanDefinitionBuilder authorities = BeanDefinitionBuilder.rootBeanDefinition(AuthorityUtils.class);
 			authorities.addConstructorArgValue(userElt.getAttribute(ATT_AUTHORITIES));
 			authorities.setFactoryMethod("commaSeparatedStringToAuthorityList");
-
 			BeanDefinitionBuilder user = BeanDefinitionBuilder.rootBeanDefinition(User.class);
 			user.addConstructorArgValue(userName);
 			user.addConstructorArgValue(password);
@@ -107,10 +97,8 @@ public class UserServiceBeanDefinitionParser extends AbstractUserDetailsServiceB
 			user.addConstructorArgValue(true);
 			user.addConstructorArgValue(!locked);
 			user.addConstructorArgValue(authorities.getBeanDefinition());
-
 			users.add(user.getBeanDefinition());
 		}
-
 		builder.addConstructorArgValue(users);
 	}
 
diff --git a/config/src/main/java/org/springframework/security/config/core/userdetails/UserDetailsMapFactoryBean.java b/config/src/main/java/org/springframework/security/config/core/userdetails/UserDetailsMapFactoryBean.java
index e01f3daff9..7b36a5ee19 100644
--- a/config/src/main/java/org/springframework/security/config/core/userdetails/UserDetailsMapFactoryBean.java
+++ b/config/src/main/java/org/springframework/security/config/core/userdetails/UserDetailsMapFactoryBean.java
@@ -18,9 +18,11 @@ package org.springframework.security.config.core.userdetails;
 
 import java.util.ArrayList;
 import java.util.Collection;
+import java.util.List;
 import java.util.Map;
 
 import org.springframework.beans.factory.FactoryBean;
+import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.userdetails.User;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.memory.UserAttribute;
@@ -58,27 +60,19 @@ public class UserDetailsMapFactoryBean implements FactoryBean<Collection<UserDet
 	@Override
 	public Collection<UserDetails> getObject() {
 		Collection<UserDetails> users = new ArrayList<>(this.userProperties.size());
-
 		UserAttributeEditor editor = new UserAttributeEditor();
-		for (Map.Entry<String, String> entry : this.userProperties.entrySet()) {
-			String name = entry.getKey();
-			String property = entry.getValue();
+		this.userProperties.forEach((name, property) -> {
 			editor.setAsText(property);
 			UserAttribute attr = (UserAttribute) editor.getValue();
-			if (attr == null) {
-				throw new IllegalStateException("The entry with username '" + name + "' and value '" + property
-						+ "' could not be converted to a UserDetails.");
-			}
-			// @formatter:off
-			UserDetails user = User.withUsername(name)
-				.password(attr.getPassword())
-				.disabled(!attr.isEnabled())
-				.authorities(attr.getAuthorities())
-				.build();
-			users.add(user);
-			// @formatter:on
-		}
+			Assert.state(attr != null, () -> "The entry with username '" + name + "' and value '" + property
+					+ "' could not be converted to a UserDetails.");
+			String password = attr.getPassword();
+			boolean disabled = !attr.isEnabled();
+			List<GrantedAuthority> authorities = attr.getAuthorities();
+			users.add(User.withUsername(name).password(password).disabled(disabled).authorities(authorities).build());
+		});
 		return users;
+
 	}
 
 	@Override
diff --git a/config/src/main/java/org/springframework/security/config/crypto/RsaKeyConversionServicePostProcessor.java b/config/src/main/java/org/springframework/security/config/crypto/RsaKeyConversionServicePostProcessor.java
index 6fbde50351..5174a62bc5 100644
--- a/config/src/main/java/org/springframework/security/config/crypto/RsaKeyConversionServicePostProcessor.java
+++ b/config/src/main/java/org/springframework/security/config/crypto/RsaKeyConversionServicePostProcessor.java
@@ -57,18 +57,13 @@ public class RsaKeyConversionServicePostProcessor implements BeanFactoryPostProc
 		this.resourceLoader = resourceLoader;
 	}
 
-	/**
-	 * {@inheritDoc}
-	 */
 	@Override
 	public void postProcessBeanFactory(ConfigurableListableBeanFactory beanFactory) throws BeansException {
 		if (hasUserDefinedConversionService(beanFactory)) {
 			return;
 		}
-
 		Converter<String, RSAPrivateKey> pkcs8 = pkcs8();
 		Converter<String, RSAPublicKey> x509 = x509();
-
 		ConversionService service = beanFactory.getConversionService();
 		if (service instanceof ConverterRegistry) {
 			ConverterRegistry registry = (ConverterRegistry) service;
diff --git a/config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java b/config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java
index a587f84b89..d3c0ce32f4 100644
--- a/config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java
+++ b/config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java
@@ -86,12 +86,15 @@ final class AuthenticationConfigBuilder {
 	private static final String DEF_REALM = "Realm";
 
 	static final String OPEN_ID_AUTHENTICATION_PROCESSING_FILTER_CLASS = "org.springframework.security.openid.OpenIDAuthenticationFilter";
+
 	static final String OPEN_ID_AUTHENTICATION_PROVIDER_CLASS = "org.springframework.security.openid.OpenIDAuthenticationProvider";
 
 	private static final String OPEN_ID_CONSUMER_CLASS = "org.springframework.security.openid.OpenID4JavaConsumer";
+
 	static final String OPEN_ID_ATTRIBUTE_CLASS = "org.springframework.security.openid.OpenIDAttribute";
 
 	private static final String OPEN_ID_ATTRIBUTE_FACTORY_CLASS = "org.springframework.security.openid.RegexBasedAxFetchListFactory";
+
 	static final String AUTHENTICATION_PROCESSING_FILTER_CLASS = "org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter";
 
 	static final String ATT_AUTH_DETAILS_SOURCE_REF = "authentication-details-source-ref";
@@ -106,6 +109,8 @@ final class AuthenticationConfigBuilder {
 
 	private static final String ATT_KEY = "key";
 
+	private static final String ATT_MAPPABLE_ROLES = "mappable-roles";
+
 	private final Element httpElt;
 
 	private final ParserContext pc;
@@ -226,7 +231,6 @@ final class AuthenticationConfigBuilder {
 		this.portMapper = portMapper;
 		this.portResolver = portResolver;
 		this.csrfLogoutHandler = csrfLogoutHandler;
-
 		createAnonymousFilter();
 		createRememberMeFilter(authenticationManager);
 		createBasicFilter(authenticationManager);
@@ -243,18 +247,14 @@ final class AuthenticationConfigBuilder {
 	}
 
 	void createRememberMeFilter(BeanReference authenticationManager) {
-
 		// Parse remember me before logout as RememberMeServices is also a LogoutHandler
 		// implementation.
 		Element rememberMeElt = DomUtils.getChildElementByTagName(this.httpElt, Elements.REMEMBER_ME);
-
 		if (rememberMeElt != null) {
 			String key = rememberMeElt.getAttribute(ATT_KEY);
-
 			if (!StringUtils.hasText(key)) {
 				key = createKey();
 			}
-
 			RememberMeBeanDefinitionParser rememberMeParser = new RememberMeBeanDefinitionParser(key,
 					authenticationManager);
 			this.rememberMeFilter = rememberMeParser.parse(rememberMeElt, this.pc);
@@ -266,36 +266,28 @@ final class AuthenticationConfigBuilder {
 	private void createRememberMeProvider(String key) {
 		RootBeanDefinition provider = new RootBeanDefinition(RememberMeAuthenticationProvider.class);
 		provider.setSource(this.rememberMeFilter.getSource());
-
 		provider.getConstructorArgumentValues().addGenericArgumentValue(key);
-
 		String id = this.pc.getReaderContext().generateBeanName(provider);
 		this.pc.registerBeanComponent(new BeanComponentDefinition(provider, id));
-
 		this.rememberMeProviderRef = new RuntimeBeanReference(id);
 	}
 
 	void createFormLoginFilter(BeanReference sessionStrategy, BeanReference authManager) {
-
 		Element formLoginElt = DomUtils.getChildElementByTagName(this.httpElt, Elements.FORM_LOGIN);
 		RootBeanDefinition formFilter = null;
-
 		if (formLoginElt != null || this.autoConfig) {
 			FormLoginBeanDefinitionParser parser = new FormLoginBeanDefinitionParser("/login", "POST",
 					AUTHENTICATION_PROCESSING_FILTER_CLASS, this.requestCache, sessionStrategy,
 					this.allowSessionCreation, this.portMapper, this.portResolver);
-
 			parser.parse(formLoginElt, this.pc);
 			formFilter = parser.getFilterBean();
 			this.formEntryPoint = parser.getEntryPointBean();
 			this.loginProcessingUrl = parser.getLoginProcessingUrl();
 			this.formLoginPage = parser.getLoginPage();
 		}
-
 		if (formFilter != null) {
 			formFilter.getPropertyValues().addPropertyValue("allowSessionCreation", this.allowSessionCreation);
 			formFilter.getPropertyValues().addPropertyValue("authenticationManager", authManager);
-
 			// Id is required by login page filter
 			this.formFilterId = this.pc.getReaderContext().generateBeanName(formFilter);
 			this.pc.registerBeanComponent(new BeanComponentDefinition(formFilter, this.formFilterId));
@@ -316,14 +308,11 @@ final class AuthenticationConfigBuilder {
 			return;
 		}
 		this.oauth2LoginEnabled = true;
-
 		OAuth2LoginBeanDefinitionParser parser = new OAuth2LoginBeanDefinitionParser(this.requestCache, this.portMapper,
 				this.portResolver, sessionStrategy, this.allowSessionCreation);
 		BeanDefinition oauth2LoginFilterBean = parser.parse(oauth2LoginElt, this.pc);
-
 		BeanDefinition defaultAuthorizedClientRepository = parser.getDefaultAuthorizedClientRepository();
 		registerDefaultAuthorizedClientRepositoryIfNecessary(defaultAuthorizedClientRepository);
-
 		oauth2LoginFilterBean.getPropertyValues().addPropertyValue("authenticationManager", authManager);
 
 		// retrieve the other bean result
@@ -360,26 +349,21 @@ final class AuthenticationConfigBuilder {
 			return;
 		}
 		this.oauth2ClientEnabled = true;
-
 		OAuth2ClientBeanDefinitionParser parser = new OAuth2ClientBeanDefinitionParser(requestCache,
 				authenticationManager);
 		parser.parse(oauth2ClientElt, this.pc);
-
 		BeanDefinition defaultAuthorizedClientRepository = parser.getDefaultAuthorizedClientRepository();
 		registerDefaultAuthorizedClientRepositoryIfNecessary(defaultAuthorizedClientRepository);
-
 		this.authorizationRequestRedirectFilter = parser.getAuthorizationRequestRedirectFilter();
 		String authorizationRequestRedirectFilterId = this.pc.getReaderContext()
 				.generateBeanName(this.authorizationRequestRedirectFilter);
 		this.pc.registerBeanComponent(new BeanComponentDefinition(this.authorizationRequestRedirectFilter,
 				authorizationRequestRedirectFilterId));
-
 		this.authorizationCodeGrantFilter = parser.getAuthorizationCodeGrantFilter();
 		String authorizationCodeGrantFilterId = this.pc.getReaderContext()
 				.generateBeanName(this.authorizationCodeGrantFilter);
 		this.pc.registerBeanComponent(
 				new BeanComponentDefinition(this.authorizationCodeGrantFilter, authorizationCodeGrantFilterId));
-
 		BeanDefinition authorizationCodeAuthenticationProvider = parser.getAuthorizationCodeAuthenticationProvider();
 		String authorizationCodeAuthenticationProviderId = this.pc.getReaderContext()
 				.generateBeanName(authorizationCodeAuthenticationProvider);
@@ -403,7 +387,6 @@ final class AuthenticationConfigBuilder {
 		if (!this.oauth2LoginEnabled && !this.oauth2ClientEnabled) {
 			return;
 		}
-
 		boolean webmvcPresent = ClassUtils.isPresent("org.springframework.web.servlet.DispatcherServlet",
 				getClass().getClassLoader());
 		if (webmvcPresent) {
@@ -415,11 +398,9 @@ final class AuthenticationConfigBuilder {
 	void createOpenIDLoginFilter(BeanReference sessionStrategy, BeanReference authManager) {
 		Element openIDLoginElt = DomUtils.getChildElementByTagName(this.httpElt, Elements.OPENID_LOGIN);
 		RootBeanDefinition openIDFilter = null;
-
 		if (openIDLoginElt != null) {
 			openIDFilter = parseOpenIDFilter(sessionStrategy, openIDLoginElt);
 		}
-
 		if (openIDFilter != null) {
 			openIDFilter.getPropertyValues().addPropertyValue("allowSessionCreation", this.allowSessionCreation);
 			openIDFilter.getPropertyValues().addPropertyValue("authenticationManager", authManager);
@@ -427,7 +408,6 @@ final class AuthenticationConfigBuilder {
 			this.openIDFilterId = this.pc.getReaderContext().generateBeanName(openIDFilter);
 			this.pc.registerBeanComponent(new BeanComponentDefinition(openIDFilter, this.openIDFilterId));
 			injectRememberMeServicesRef(openIDFilter, this.rememberMeServicesId);
-
 			createOpenIDProvider();
 		}
 	}
@@ -454,19 +434,15 @@ final class AuthenticationConfigBuilder {
 		this.openIDEntryPoint = parser.getEntryPointBean();
 		this.openidLoginProcessingUrl = parser.getLoginProcessingUrl();
 		this.openIDLoginPage = parser.getLoginPage();
-
 		List<Element> attrExElts = DomUtils.getChildElementsByTagName(openIDLoginElt,
 				Elements.OPENID_ATTRIBUTE_EXCHANGE);
-
 		if (!attrExElts.isEmpty()) {
 			// Set up the consumer with the required attribute list
 			BeanDefinitionBuilder consumerBldr = BeanDefinitionBuilder.rootBeanDefinition(OPEN_ID_CONSUMER_CLASS);
 			BeanDefinitionBuilder axFactory = BeanDefinitionBuilder.rootBeanDefinition(OPEN_ID_ATTRIBUTE_FACTORY_CLASS);
 			ManagedMap<String, ManagedList<BeanDefinition>> axMap = new ManagedMap<>();
-
 			for (Element attrExElt : attrExElts) {
 				String identifierMatch = attrExElt.getAttribute("identifier-match");
-
 				if (!StringUtils.hasText(identifierMatch)) {
 					if (attrExElts.size() > 1) {
 						this.pc.getReaderContext().error("You must supply an identifier-match attribute if using more"
@@ -475,11 +451,9 @@ final class AuthenticationConfigBuilder {
 					// Match anything
 					identifierMatch = ".*";
 				}
-
 				axMap.put(identifierMatch, parseOpenIDAttributes(attrExElt));
 			}
 			axFactory.addConstructorArgValue(axMap);
-
 			consumerBldr.addConstructorArgValue(axFactory.getBeanDefinition());
 			openIDFilter.getPropertyValues().addPropertyValue("consumer", consumerBldr.getBeanDefinition());
 		}
@@ -499,13 +473,11 @@ final class AuthenticationConfigBuilder {
 			if (StringUtils.hasLength(required)) {
 				attrBldr.addPropertyValue("required", Boolean.valueOf(required));
 			}
-
 			if (StringUtils.hasLength(count)) {
 				attrBldr.addPropertyValue("count", Integer.parseInt(count));
 			}
 			attributes.add(attrBldr.getBeanDefinition());
 		}
-
 		return attributes;
 	}
 
@@ -513,14 +485,11 @@ final class AuthenticationConfigBuilder {
 		Element openIDLoginElt = DomUtils.getChildElementByTagName(this.httpElt, Elements.OPENID_LOGIN);
 		BeanDefinitionBuilder openIDProviderBuilder = BeanDefinitionBuilder
 				.rootBeanDefinition(OPEN_ID_AUTHENTICATION_PROVIDER_CLASS);
-
 		RootBeanDefinition uds = new RootBeanDefinition();
 		uds.setFactoryBeanName(BeanIds.USER_DETAILS_SERVICE_FACTORY);
 		uds.setFactoryMethodName("authenticationUserDetailsService");
 		uds.getConstructorArgumentValues().addGenericArgumentValue(openIDLoginElt.getAttribute(ATT_USER_SERVICE_REF));
-
 		openIDProviderBuilder.addPropertyValue("authenticationUserDetailsService", uds);
-
 		BeanDefinition openIDProvider = openIDProviderBuilder.getBeanDefinition();
 		this.openIDProviderRef = new RuntimeBeanReference(
 				this.pc.getReaderContext().registerWithGeneratedName(openIDProvider));
@@ -535,30 +504,22 @@ final class AuthenticationConfigBuilder {
 
 	void createBasicFilter(BeanReference authManager) {
 		Element basicAuthElt = DomUtils.getChildElementByTagName(this.httpElt, Elements.BASIC_AUTH);
-
 		if (basicAuthElt == null && !this.autoConfig) {
 			// No basic auth, do nothing
 			return;
 		}
-
 		String realm = this.httpElt.getAttribute(ATT_REALM);
 		if (!StringUtils.hasText(realm)) {
 			realm = DEF_REALM;
 		}
-
 		BeanDefinitionBuilder filterBuilder = BeanDefinitionBuilder.rootBeanDefinition(BasicAuthenticationFilter.class);
-
 		String entryPointId;
-
 		if (basicAuthElt != null) {
 			if (StringUtils.hasText(basicAuthElt.getAttribute(ATT_ENTRY_POINT_REF))) {
 				this.basicEntryPoint = new RuntimeBeanReference(basicAuthElt.getAttribute(ATT_ENTRY_POINT_REF));
 			}
-
 			injectAuthenticationDetailsSource(basicAuthElt, filterBuilder);
-
 		}
-
 		if (this.basicEntryPoint == null) {
 			RootBeanDefinition entryPoint = new RootBeanDefinition(BasicAuthenticationEntryPoint.class);
 			entryPoint.setSource(this.pc.extractSource(this.httpElt));
@@ -567,7 +528,6 @@ final class AuthenticationConfigBuilder {
 			this.pc.registerBeanComponent(new BeanComponentDefinition(entryPoint, entryPointId));
 			this.basicEntryPoint = new RuntimeBeanReference(entryPointId);
 		}
-
 		filterBuilder.addConstructorArgValue(authManager);
 		filterBuilder.addConstructorArgValue(this.basicEntryPoint);
 		this.basicFilter = filterBuilder.getBeanDefinition();
@@ -575,12 +535,10 @@ final class AuthenticationConfigBuilder {
 
 	void createBearerTokenAuthenticationFilter(BeanReference authManager) {
 		Element resourceServerElt = DomUtils.getChildElementByTagName(this.httpElt, Elements.OAUTH2_RESOURCE_SERVER);
-
 		if (resourceServerElt == null) {
 			// No resource server, do nothing
 			return;
 		}
-
 		OAuth2ResourceServerBeanDefinitionParser resourceServerBuilder = new OAuth2ResourceServerBeanDefinitionParser(
 				authManager, this.authenticationProviders, this.defaultEntryPointMappings,
 				this.defaultDeniedHandlerMappings, this.csrfIgnoreRequestMatchers);
@@ -590,37 +548,28 @@ final class AuthenticationConfigBuilder {
 	void createX509Filter(BeanReference authManager) {
 		Element x509Elt = DomUtils.getChildElementByTagName(this.httpElt, Elements.X509);
 		RootBeanDefinition filter = null;
-
 		if (x509Elt != null) {
 			BeanDefinitionBuilder filterBuilder = BeanDefinitionBuilder
 					.rootBeanDefinition(X509AuthenticationFilter.class);
 			filterBuilder.getRawBeanDefinition().setSource(this.pc.extractSource(x509Elt));
 			filterBuilder.addPropertyValue("authenticationManager", authManager);
-
 			String regex = x509Elt.getAttribute("subject-principal-regex");
-
 			if (StringUtils.hasText(regex)) {
 				BeanDefinitionBuilder extractor = BeanDefinitionBuilder
 						.rootBeanDefinition(SubjectDnX509PrincipalExtractor.class);
 				extractor.addPropertyValue("subjectDnRegex", regex);
-
 				filterBuilder.addPropertyValue("principalExtractor", extractor.getBeanDefinition());
 			}
-
 			injectAuthenticationDetailsSource(x509Elt, filterBuilder);
-
 			filter = (RootBeanDefinition) filterBuilder.getBeanDefinition();
 			createPrauthEntryPoint(x509Elt);
-
 			createX509Provider();
 		}
-
 		this.x509Filter = filter;
 	}
 
 	private void injectAuthenticationDetailsSource(Element elt, BeanDefinitionBuilder filterBuilder) {
 		String authDetailsSourceRef = elt.getAttribute(AuthenticationConfigBuilder.ATT_AUTH_DETAILS_SOURCE_REF);
-
 		if (StringUtils.hasText(authDetailsSourceRef)) {
 			filterBuilder.addPropertyReference("authenticationDetailsSource", authDetailsSourceRef);
 		}
@@ -629,14 +578,11 @@ final class AuthenticationConfigBuilder {
 	private void createX509Provider() {
 		Element x509Elt = DomUtils.getChildElementByTagName(this.httpElt, Elements.X509);
 		BeanDefinition provider = new RootBeanDefinition(PreAuthenticatedAuthenticationProvider.class);
-
 		RootBeanDefinition uds = new RootBeanDefinition();
 		uds.setFactoryBeanName(BeanIds.USER_DETAILS_SERVICE_FACTORY);
 		uds.setFactoryMethodName("authenticationUserDetailsService");
 		uds.getConstructorArgumentValues().addGenericArgumentValue(x509Elt.getAttribute(ATT_USER_SERVICE_REF));
-
 		provider.getPropertyValues().addPropertyValue("preAuthenticatedUserDetailsService", uds);
-
 		this.x509ProviderRef = new RuntimeBeanReference(this.pc.getReaderContext().registerWithGeneratedName(provider));
 	}
 
@@ -648,47 +594,37 @@ final class AuthenticationConfigBuilder {
 	}
 
 	void createJeeFilter(BeanReference authManager) {
-		final String ATT_MAPPABLE_ROLES = "mappable-roles";
-
 		Element jeeElt = DomUtils.getChildElementByTagName(this.httpElt, Elements.JEE);
 		RootBeanDefinition filter = null;
-
 		if (jeeElt != null) {
 			BeanDefinitionBuilder filterBuilder = BeanDefinitionBuilder
 					.rootBeanDefinition(J2eePreAuthenticatedProcessingFilter.class);
 			filterBuilder.getRawBeanDefinition().setSource(this.pc.extractSource(jeeElt));
 			filterBuilder.addPropertyValue("authenticationManager", authManager);
-
 			BeanDefinitionBuilder adsBldr = BeanDefinitionBuilder
 					.rootBeanDefinition(J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource.class);
 			adsBldr.addPropertyValue("userRoles2GrantedAuthoritiesMapper",
 					new RootBeanDefinition(SimpleAttributes2GrantedAuthoritiesMapper.class));
-
 			String roles = jeeElt.getAttribute(ATT_MAPPABLE_ROLES);
 			Assert.hasLength(roles, "roles is expected to have length");
 			BeanDefinitionBuilder rolesBuilder = BeanDefinitionBuilder.rootBeanDefinition(StringUtils.class);
 			rolesBuilder.addConstructorArgValue(roles);
 			rolesBuilder.setFactoryMethod("commaDelimitedListToSet");
-
 			RootBeanDefinition mappableRolesRetriever = new RootBeanDefinition(SimpleMappableAttributesRetriever.class);
 			mappableRolesRetriever.getPropertyValues().addPropertyValue("mappableAttributes",
 					rolesBuilder.getBeanDefinition());
 			adsBldr.addPropertyValue("mappableRolesRetriever", mappableRolesRetriever);
 			filterBuilder.addPropertyValue("authenticationDetailsSource", adsBldr.getBeanDefinition());
-
 			filter = (RootBeanDefinition) filterBuilder.getBeanDefinition();
-
 			createPrauthEntryPoint(jeeElt);
 			createJeeProvider();
 		}
-
 		this.jeeFilter = filter;
 	}
 
 	private void createJeeProvider() {
 		Element jeeElt = DomUtils.getChildElementByTagName(this.httpElt, Elements.JEE);
 		BeanDefinition provider = new RootBeanDefinition(PreAuthenticatedAuthenticationProvider.class);
-
 		RootBeanDefinition uds;
 		if (StringUtils.hasText(jeeElt.getAttribute(ATT_USER_SERVICE_REF))) {
 			uds = new RootBeanDefinition();
@@ -699,16 +635,13 @@ final class AuthenticationConfigBuilder {
 		else {
 			uds = new RootBeanDefinition(PreAuthenticatedGrantedAuthoritiesUserDetailsService.class);
 		}
-
 		provider.getPropertyValues().addPropertyValue("preAuthenticatedUserDetailsService", uds);
-
 		this.jeeProviderRef = new RuntimeBeanReference(this.pc.getReaderContext().registerWithGeneratedName(provider));
 	}
 
 	void createLoginPageFilterIfNeeded() {
 		boolean needLoginPage = this.formFilterId != null || this.openIDFilterId != null
 				|| this.oauth2LoginFilterId != null;
-
 		// If no login page has been defined, add in the default page generator.
 		if (needLoginPage && this.formLoginPage == null && this.openIDLoginPage == null) {
 			this.logger.info("No login page configured. The default internal one will be used. Use the '"
@@ -720,23 +653,19 @@ final class AuthenticationConfigBuilder {
 			BeanDefinitionBuilder logoutPageFilter = BeanDefinitionBuilder
 					.rootBeanDefinition(DefaultLogoutPageGeneratingFilter.class);
 			logoutPageFilter.addPropertyValue("resolveHiddenInputs", new CsrfTokenHiddenInputFunction());
-
 			if (this.formFilterId != null) {
 				loginPageFilter.addConstructorArgReference(this.formFilterId);
 				loginPageFilter.addPropertyValue("authenticationUrl", this.loginProcessingUrl);
 			}
-
 			if (this.openIDFilterId != null) {
 				loginPageFilter.addConstructorArgReference(this.openIDFilterId);
 				loginPageFilter.addPropertyValue("openIDauthenticationUrl", this.openidLoginProcessingUrl);
 			}
-
 			if (this.oauth2LoginFilterId != null) {
 				loginPageFilter.addConstructorArgReference(this.oauth2LoginFilterId);
 				loginPageFilter.addPropertyValue("Oauth2LoginEnabled", true);
 				loginPageFilter.addPropertyValue("Oauth2AuthenticationUrlToClientName", this.oauth2LoginLinks);
 			}
-
 			this.loginPageGenerationFilter = loginPageFilter.getBeanDefinition();
 			this.logoutPageGenerationFilter = logoutPageFilter.getBeanDefinition();
 		}
@@ -784,51 +713,41 @@ final class AuthenticationConfigBuilder {
 
 	void createAnonymousFilter() {
 		Element anonymousElt = DomUtils.getChildElementByTagName(this.httpElt, Elements.ANONYMOUS);
-
 		if (anonymousElt != null && "false".equals(anonymousElt.getAttribute("enabled"))) {
 			return;
 		}
-
 		String grantedAuthority = null;
 		String username = null;
 		String key = null;
 		Object source = this.pc.extractSource(this.httpElt);
-
 		if (anonymousElt != null) {
 			grantedAuthority = anonymousElt.getAttribute("granted-authority");
 			username = anonymousElt.getAttribute("username");
 			key = anonymousElt.getAttribute(ATT_KEY);
 			source = this.pc.extractSource(anonymousElt);
 		}
-
 		if (!StringUtils.hasText(grantedAuthority)) {
 			grantedAuthority = "ROLE_ANONYMOUS";
 		}
-
 		if (!StringUtils.hasText(username)) {
 			username = "anonymousUser";
 		}
-
 		if (!StringUtils.hasText(key)) {
 			// Generate a random key for the Anonymous provider
 			key = createKey();
 		}
-
 		this.anonymousFilter = new RootBeanDefinition(AnonymousAuthenticationFilter.class);
 		this.anonymousFilter.getConstructorArgumentValues().addIndexedArgumentValue(0, key);
 		this.anonymousFilter.getConstructorArgumentValues().addIndexedArgumentValue(1, username);
 		this.anonymousFilter.getConstructorArgumentValues().addIndexedArgumentValue(2,
 				AuthorityUtils.commaSeparatedStringToAuthorityList(grantedAuthority));
 		this.anonymousFilter.setSource(source);
-
 		RootBeanDefinition anonymousProviderBean = new RootBeanDefinition(AnonymousAuthenticationProvider.class);
 		anonymousProviderBean.getConstructorArgumentValues().addIndexedArgumentValue(0, key);
 		anonymousProviderBean.setSource(this.anonymousFilter.getSource());
 		String id = this.pc.getReaderContext().generateBeanName(anonymousProviderBean);
 		this.pc.registerBeanComponent(new BeanComponentDefinition(anonymousProviderBean, id));
-
 		this.anonymousProviderRef = new RuntimeBeanReference(id);
-
 	}
 
 	private String createKey() {
@@ -840,11 +759,10 @@ final class AuthenticationConfigBuilder {
 		BeanDefinitionBuilder etfBuilder = BeanDefinitionBuilder.rootBeanDefinition(ExceptionTranslationFilter.class);
 		this.accessDeniedHandler = createAccessDeniedHandler(this.httpElt, this.pc);
 		etfBuilder.addPropertyValue("accessDeniedHandler", this.accessDeniedHandler);
-		assert this.requestCache != null;
+		Assert.state(this.requestCache != null, "No request cache found");
 		this.mainEntryPoint = selectEntryPoint();
 		etfBuilder.addConstructorArgValue(this.mainEntryPoint);
 		etfBuilder.addConstructorArgValue(this.requestCache);
-
 		this.etf = etfBuilder.getBeanDefinition();
 	}
 
@@ -852,11 +770,9 @@ final class AuthenticationConfigBuilder {
 		Element accessDeniedElt = DomUtils.getChildElementByTagName(element, Elements.ACCESS_DENIED_HANDLER);
 		BeanDefinitionBuilder accessDeniedHandler = BeanDefinitionBuilder
 				.rootBeanDefinition(AccessDeniedHandlerImpl.class);
-
 		if (accessDeniedElt != null) {
 			String errorPage = accessDeniedElt.getAttribute("error-page");
 			String ref = accessDeniedElt.getAttribute("ref");
-
 			if (StringUtils.hasText(errorPage)) {
 				if (StringUtils.hasText(ref)) {
 					pc.getReaderContext()
@@ -868,25 +784,21 @@ final class AuthenticationConfigBuilder {
 				accessDeniedHandler.addPropertyValue("errorPage", errorPage);
 				return accessDeniedHandler.getBeanDefinition();
 			}
-			else if (StringUtils.hasText(ref)) {
+			if (StringUtils.hasText(ref)) {
 				return new RuntimeBeanReference(ref);
 			}
-
 		}
-
 		if (this.defaultDeniedHandlerMappings.isEmpty()) {
 			return accessDeniedHandler.getBeanDefinition();
 		}
 		if (this.defaultDeniedHandlerMappings.size() == 1) {
 			return this.defaultDeniedHandlerMappings.values().iterator().next();
 		}
-
 		accessDeniedHandler = BeanDefinitionBuilder
 				.rootBeanDefinition(RequestMatcherDelegatingAccessDeniedHandler.class);
 		accessDeniedHandler.addConstructorArgValue(this.defaultDeniedHandlerMappings);
 		accessDeniedHandler
 				.addConstructorArgValue(BeanDefinitionBuilder.rootBeanDefinition(AccessDeniedHandlerImpl.class));
-
 		return accessDeniedHandler.getBeanDefinition();
 	}
 
@@ -894,11 +806,9 @@ final class AuthenticationConfigBuilder {
 		// We need to establish the main entry point.
 		// First check if a custom entry point bean is set
 		String customEntryPoint = this.httpElt.getAttribute(ATT_ENTRY_POINT_REF);
-
 		if (StringUtils.hasText(customEntryPoint)) {
 			return new RuntimeBeanReference(customEntryPoint);
 		}
-
 		if (!this.defaultEntryPointMappings.isEmpty()) {
 			if (this.defaultEntryPointMappings.size() == 1) {
 				return this.defaultEntryPointMappings.values().iterator().next();
@@ -908,7 +818,6 @@ final class AuthenticationConfigBuilder {
 			delegatingEntryPoint.addConstructorArgValue(this.defaultEntryPointMappings);
 			return delegatingEntryPoint.getBeanDefinition();
 		}
-
 		Element basicAuthElt = DomUtils.getChildElementByTagName(this.httpElt, Elements.BASIC_AUTH);
 		Element formLoginElt = DomUtils.getChildElementByTagName(this.httpElt, Elements.FORM_LOGIN);
 		Element openIDLoginElt = DomUtils.getChildElementByTagName(this.httpElt, Elements.OPENID_LOGIN);
@@ -917,21 +826,17 @@ final class AuthenticationConfigBuilder {
 				&& this.oauth2LoginEntryPoint == null) {
 			return this.basicEntryPoint;
 		}
-
 		// If formLogin has been enabled either through an element or auto-config, then it
 		// is used if no openID login page
 		// has been set.
-
 		if (this.formLoginPage != null && this.openIDLoginPage != null) {
 			this.pc.getReaderContext().error(
 					"Only one login-page can be defined, either for OpenID or form-login, " + "but not both.",
 					this.pc.extractSource(openIDLoginElt));
 		}
-
 		if (this.formFilterId != null && this.openIDLoginPage == null) {
-			// gh-6802
 			// If form login was enabled through element and Oauth2 login was enabled from
-			// element then use form login
+			// element then use form login (gh-6802)
 			if (formLoginElt != null && this.oauth2LoginEntryPoint != null) {
 				return this.formEntryPoint;
 			}
@@ -941,22 +846,18 @@ final class AuthenticationConfigBuilder {
 				return this.formEntryPoint;
 			}
 		}
-
 		// Otherwise use OpenID if enabled
 		if (this.openIDFilterId != null) {
 			return this.openIDEntryPoint;
 		}
-
 		// If X.509 or JEE have been enabled, use the preauth entry point.
 		if (this.preAuthEntryPoint != null) {
 			return this.preAuthEntryPoint;
 		}
-
 		// OAuth2 entry point will not be null if only 1 client registration
 		if (this.oauth2LoginEntryPoint != null) {
 			return this.oauth2LoginEntryPoint;
 		}
-
 		this.pc.getReaderContext().error("No AuthenticationEntryPoint could be established. Please "
 				+ "make sure you have a login mechanism configured through the namespace (such as form-login) or "
 				+ "specify a custom AuthenticationEntryPoint with the '" + ATT_ENTRY_POINT_REF + "' attribute ",
@@ -976,107 +877,83 @@ final class AuthenticationConfigBuilder {
 
 	List<OrderDecorator> getFilters() {
 		List<OrderDecorator> filters = new ArrayList<>();
-
 		if (this.anonymousFilter != null) {
 			filters.add(new OrderDecorator(this.anonymousFilter, SecurityFilters.ANONYMOUS_FILTER));
 		}
-
 		if (this.rememberMeFilter != null) {
 			filters.add(new OrderDecorator(this.rememberMeFilter, SecurityFilters.REMEMBER_ME_FILTER));
 		}
-
 		if (this.logoutFilter != null) {
 			filters.add(new OrderDecorator(this.logoutFilter, SecurityFilters.LOGOUT_FILTER));
 		}
-
 		if (this.x509Filter != null) {
 			filters.add(new OrderDecorator(this.x509Filter, SecurityFilters.X509_FILTER));
 		}
-
 		if (this.jeeFilter != null) {
 			filters.add(new OrderDecorator(this.jeeFilter, SecurityFilters.PRE_AUTH_FILTER));
 		}
-
 		if (this.formFilterId != null) {
 			filters.add(
 					new OrderDecorator(new RuntimeBeanReference(this.formFilterId), SecurityFilters.FORM_LOGIN_FILTER));
 		}
-
 		if (this.oauth2LoginFilterId != null) {
 			filters.add(new OrderDecorator(new RuntimeBeanReference(this.oauth2LoginFilterId),
 					SecurityFilters.OAUTH2_LOGIN_FILTER));
 			filters.add(new OrderDecorator(this.oauth2AuthorizationRequestRedirectFilter,
 					SecurityFilters.OAUTH2_AUTHORIZATION_REQUEST_FILTER));
 		}
-
 		if (this.openIDFilterId != null) {
 			filters.add(
 					new OrderDecorator(new RuntimeBeanReference(this.openIDFilterId), SecurityFilters.OPENID_FILTER));
 		}
-
 		if (this.loginPageGenerationFilter != null) {
 			filters.add(new OrderDecorator(this.loginPageGenerationFilter, SecurityFilters.LOGIN_PAGE_FILTER));
 			filters.add(new OrderDecorator(this.logoutPageGenerationFilter, SecurityFilters.LOGOUT_PAGE_FILTER));
 		}
-
 		if (this.basicFilter != null) {
 			filters.add(new OrderDecorator(this.basicFilter, SecurityFilters.BASIC_AUTH_FILTER));
 		}
-
 		if (this.bearerTokenAuthenticationFilter != null) {
 			filters.add(
 					new OrderDecorator(this.bearerTokenAuthenticationFilter, SecurityFilters.BEARER_TOKEN_AUTH_FILTER));
 		}
-
 		if (this.authorizationCodeGrantFilter != null) {
 			filters.add(new OrderDecorator(this.authorizationRequestRedirectFilter,
 					SecurityFilters.OAUTH2_AUTHORIZATION_REQUEST_FILTER.getOrder() + 1));
 			filters.add(new OrderDecorator(this.authorizationCodeGrantFilter,
 					SecurityFilters.OAUTH2_AUTHORIZATION_CODE_GRANT_FILTER));
 		}
-
 		filters.add(new OrderDecorator(this.etf, SecurityFilters.EXCEPTION_TRANSLATION_FILTER));
-
 		return filters;
 	}
 
 	List<BeanReference> getProviders() {
 		List<BeanReference> providers = new ArrayList<>();
-
 		if (this.anonymousProviderRef != null) {
 			providers.add(this.anonymousProviderRef);
 		}
-
 		if (this.rememberMeProviderRef != null) {
 			providers.add(this.rememberMeProviderRef);
 		}
-
 		if (this.openIDProviderRef != null) {
 			providers.add(this.openIDProviderRef);
 		}
-
 		if (this.x509ProviderRef != null) {
 			providers.add(this.x509ProviderRef);
 		}
-
 		if (this.jeeProviderRef != null) {
 			providers.add(this.jeeProviderRef);
 		}
-
 		if (this.oauth2LoginAuthenticationProviderRef != null) {
 			providers.add(this.oauth2LoginAuthenticationProviderRef);
 		}
-
 		if (this.oauth2LoginOidcAuthenticationProviderRef != null) {
 			providers.add(this.oauth2LoginOidcAuthenticationProviderRef);
 		}
-
 		if (this.authorizationCodeAuthenticationProviderRef != null) {
 			providers.add(this.authorizationCodeAuthenticationProviderRef);
 		}
-
 		providers.addAll(this.authenticationProviders);
-
 		return providers;
 	}
 
diff --git a/config/src/main/java/org/springframework/security/config/http/ChannelAttributeFactory.java b/config/src/main/java/org/springframework/security/config/http/ChannelAttributeFactory.java
index 0f2d649d08..6c00919429 100644
--- a/config/src/main/java/org/springframework/security/config/http/ChannelAttributeFactory.java
+++ b/config/src/main/java/org/springframework/security/config/http/ChannelAttributeFactory.java
@@ -43,7 +43,6 @@ public final class ChannelAttributeFactory {
 
 	public static List<ConfigAttribute> createChannelAttributes(String requiredChannel) {
 		String channelConfigAttribute;
-
 		if (requiredChannel.equals(OPT_REQUIRES_HTTPS)) {
 			channelConfigAttribute = "REQUIRES_SECURE_CHANNEL";
 		}
@@ -56,7 +55,6 @@ public final class ChannelAttributeFactory {
 		else {
 			throw new BeanCreationException("Unknown channel attribute " + requiredChannel);
 		}
-
 		return SecurityConfig.createList(channelConfigAttribute);
 	}
 
diff --git a/config/src/main/java/org/springframework/security/config/http/CorsBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/CorsBeanDefinitionParser.java
index 8430cc8f1b..8f7ccc1eab 100644
--- a/config/src/main/java/org/springframework/security/config/http/CorsBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/CorsBeanDefinitionParser.java
@@ -46,17 +46,14 @@ public class CorsBeanDefinitionParser {
 		if (element == null) {
 			return null;
 		}
-
 		String filterRef = element.getAttribute(ATT_REF);
 		if (StringUtils.hasText(filterRef)) {
 			return new RuntimeBeanReference(filterRef);
 		}
-
 		BeanMetadataElement configurationSource = getSource(element, parserContext);
 		if (configurationSource == null) {
 			throw new BeanCreationException("Could not create CorsFilter");
 		}
-
 		BeanDefinitionBuilder filterBldr = BeanDefinitionBuilder.rootBeanDefinition(CorsFilter.class);
 		filterBldr.addConstructorArgValue(configurationSource);
 		return filterBldr.getBeanDefinition();
@@ -67,12 +64,10 @@ public class CorsBeanDefinitionParser {
 		if (StringUtils.hasText(configurationSourceRef)) {
 			return new RuntimeBeanReference(configurationSourceRef);
 		}
-
 		boolean mvcPresent = ClassUtils.isPresent(HANDLER_MAPPING_INTROSPECTOR, getClass().getClassLoader());
 		if (!mvcPresent) {
 			return null;
 		}
-
 		return new RootBeanDefinition(HandlerMappingIntrospectorFactoryBean.class);
 	}
 
diff --git a/config/src/main/java/org/springframework/security/config/http/CsrfBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/CsrfBeanDefinitionParser.java
index d5dcd2d7a1..58dcd468a8 100644
--- a/config/src/main/java/org/springframework/security/config/http/CsrfBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/CsrfBeanDefinitionParser.java
@@ -92,14 +92,11 @@ public class CsrfBeanDefinitionParser implements BeanDefinitionParser {
 				pc.registerBeanComponent(componentDefinition);
 			}
 		}
-
 		if (element != null) {
 			this.csrfRepositoryRef = element.getAttribute(ATT_REPOSITORY);
 			this.requestMatcherRef = element.getAttribute(ATT_MATCHER);
 		}
-
 		if (!StringUtils.hasText(this.csrfRepositoryRef)) {
-
 			RootBeanDefinition csrfTokenRepository = new RootBeanDefinition(HttpSessionCsrfTokenRepository.class);
 			BeanDefinitionBuilder lazyTokenRepository = BeanDefinitionBuilder
 					.rootBeanDefinition(LazyCsrfTokenRepository.class);
@@ -108,14 +105,11 @@ public class CsrfBeanDefinitionParser implements BeanDefinitionParser {
 			pc.registerBeanComponent(
 					new BeanComponentDefinition(lazyTokenRepository.getBeanDefinition(), this.csrfRepositoryRef));
 		}
-
 		BeanDefinitionBuilder builder = BeanDefinitionBuilder.rootBeanDefinition(CsrfFilter.class);
 		builder.addConstructorArgReference(this.csrfRepositoryRef);
-
 		if (StringUtils.hasText(this.requestMatcherRef)) {
 			builder.addPropertyReference("requireCsrfProtectionMatcher", this.requestMatcherRef);
 		}
-
 		this.csrfFilter = builder.getBeanDefinition();
 		return this.csrfFilter;
 	}
@@ -155,12 +149,10 @@ public class CsrfBeanDefinitionParser implements BeanDefinitionParser {
 				.rootBeanDefinition(InvalidSessionAccessDeniedHandler.class);
 		invalidSessionHandlerBldr.addConstructorArgValue(invalidSessionStrategy);
 		handlers.put(MissingCsrfTokenException.class, invalidSessionHandlerBldr.getBeanDefinition());
-
 		BeanDefinitionBuilder deniedBldr = BeanDefinitionBuilder
 				.rootBeanDefinition(DelegatingAccessDeniedHandler.class);
 		deniedBldr.addConstructorArgValue(handlers);
 		deniedBldr.addConstructorArgValue(defaultDeniedHandler);
-
 		return deniedBldr.getBeanDefinition();
 	}
 
@@ -180,13 +172,9 @@ public class CsrfBeanDefinitionParser implements BeanDefinitionParser {
 
 	void setIgnoreCsrfRequestMatchers(List<BeanDefinition> requestMatchers) {
 		if (!requestMatchers.isEmpty()) {
-			BeanMetadataElement requestMatcher;
-			if (StringUtils.hasText(this.requestMatcherRef)) {
-				requestMatcher = new RuntimeBeanReference(this.requestMatcherRef);
-			}
-			else {
-				requestMatcher = new RootBeanDefinition(DefaultRequiresCsrfMatcher.class);
-			}
+			BeanMetadataElement requestMatcher = (!StringUtils.hasText(this.requestMatcherRef))
+					? new RootBeanDefinition(DefaultRequiresCsrfMatcher.class)
+					: new RuntimeBeanReference(this.requestMatcherRef);
 			BeanDefinitionBuilder and = BeanDefinitionBuilder.rootBeanDefinition(AndRequestMatcher.class);
 			BeanDefinitionBuilder negated = BeanDefinitionBuilder.rootBeanDefinition(NegatedRequestMatcher.class);
 			BeanDefinitionBuilder or = BeanDefinitionBuilder.rootBeanDefinition(OrRequestMatcher.class);
diff --git a/config/src/main/java/org/springframework/security/config/http/DefaultFilterChainValidator.java b/config/src/main/java/org/springframework/security/config/http/DefaultFilterChainValidator.java
index 563794cdf7..423ae18de6 100644
--- a/config/src/main/java/org/springframework/security/config/http/DefaultFilterChainValidator.java
+++ b/config/src/main/java/org/springframework/security/config/http/DefaultFilterChainValidator.java
@@ -58,7 +58,6 @@ public class DefaultFilterChainValidator implements FilterChainProxy.FilterChain
 			checkLoginPageIsntProtected(fcp, filterChain.getFilters());
 			checkFilterStack(filterChain.getFilters());
 		}
-
 		checkPathOrder(new ArrayList<>(fcp.getFilterChains()));
 		checkForDuplicateMatchers(new ArrayList<>(fcp.getFilterChains()));
 	}
@@ -66,7 +65,6 @@ public class DefaultFilterChainValidator implements FilterChainProxy.FilterChain
 	private void checkPathOrder(List<SecurityFilterChain> filterChains) {
 		// Check that the universal pattern is listed at the end, if at all
 		Iterator<SecurityFilterChain> chains = filterChains.iterator();
-
 		while (chains.hasNext()) {
 			RequestMatcher matcher = ((DefaultSecurityFilterChain) chains.next()).getRequestMatcher();
 			if (AnyRequestMatcher.INSTANCE.equals(matcher) && chains.hasNext()) {
@@ -78,10 +76,8 @@ public class DefaultFilterChainValidator implements FilterChainProxy.FilterChain
 	}
 
 	private void checkForDuplicateMatchers(List<SecurityFilterChain> chains) {
-
 		while (chains.size() > 1) {
 			DefaultSecurityFilterChain chain = (DefaultSecurityFilterChain) chains.remove(0);
-
 			for (SecurityFilterChain test : chains) {
 				if (chain.getRequestMatcher().equals(((DefaultSecurityFilterChain) test).getRequestMatcher())) {
 					throw new IllegalArgumentException("The FilterChainProxy contains two filter chains using the"
@@ -99,7 +95,6 @@ public class DefaultFilterChainValidator implements FilterChainProxy.FilterChain
 				return (F) f;
 			}
 		}
-
 		return null;
 	}
 
@@ -140,16 +135,13 @@ public class DefaultFilterChainValidator implements FilterChainProxy.FilterChain
 	 */
 	private void checkLoginPageIsntProtected(FilterChainProxy fcp, List<Filter> filterStack) {
 		ExceptionTranslationFilter etf = getFilter(ExceptionTranslationFilter.class, filterStack);
-
 		if (etf == null || !(etf.getAuthenticationEntryPoint() instanceof LoginUrlAuthenticationEntryPoint)) {
 			return;
 		}
-
 		String loginPage = ((LoginUrlAuthenticationEntryPoint) etf.getAuthenticationEntryPoint()).getLoginFormUrl();
 		this.logger.info("Checking whether login URL '" + loginPage + "' is accessible with your configuration");
 		FilterInvocation loginRequest = new FilterInvocation(loginPage, "POST");
 		List<Filter> filters = null;
-
 		try {
 			filters = fcp.getFilters(loginPage);
 		}
@@ -159,22 +151,17 @@ public class DefaultFilterChainValidator implements FilterChainProxy.FilterChain
 			// by the dummy request used when creating the filter invocation.
 			this.logger.info("Failed to obtain filter chain information for the login page. Unable to complete check.");
 		}
-
 		if (filters == null || filters.isEmpty()) {
 			this.logger.debug("Filter chain is empty for the login page");
 			return;
 		}
-
 		if (getFilter(DefaultLoginPageGeneratingFilter.class, filters) != null) {
 			this.logger.debug("Default generated login page is in use");
 			return;
 		}
-
 		FilterSecurityInterceptor fsi = getFilter(FilterSecurityInterceptor.class, filters);
 		FilterInvocationSecurityMetadataSource fids = fsi.getSecurityMetadataSource();
-
 		Collection<ConfigAttribute> attributes = fids.getAttributes(loginRequest);
-
 		if (attributes == null) {
 			this.logger.debug("No access attributes defined for login page URL");
 			if (fsi.isRejectPublicInvocations()) {
@@ -183,14 +170,12 @@ public class DefaultFilterChainValidator implements FilterChainProxy.FilterChain
 			}
 			return;
 		}
-
 		AnonymousAuthenticationFilter anonPF = getFilter(AnonymousAuthenticationFilter.class, filters);
 		if (anonPF == null) {
 			this.logger.warn("The login page is being protected by the filter chain, but you don't appear to have"
 					+ " anonymous authentication enabled. This is almost certainly an error.");
 			return;
 		}
-
 		// Simulate an anonymous access with the supplied attributes.
 		AnonymousAuthenticationToken token = new AnonymousAuthenticationToken("key", anonPF.getPrincipal(),
 				anonPF.getAuthorities());
@@ -198,18 +183,16 @@ public class DefaultFilterChainValidator implements FilterChainProxy.FilterChain
 			fsi.getAccessDecisionManager().decide(token, loginRequest, attributes);
 		}
 		catch (AccessDeniedException ex) {
-			this.logger
-					.warn("Anonymous access to the login page doesn't appear to be enabled. This is almost certainly "
-							+ "an error. Please check your configuration allows unauthenticated access to the configured "
-							+ "login page. (Simulated access was rejected: " + ex + ")");
+			this.logger.warn("Anonymous access to the login page doesn't appear to be enabled. "
+					+ "This is almost certainly an error. Please check your configuration allows unauthenticated "
+					+ "access to the configured login page. (Simulated access was rejected: " + ex + ")");
 		}
 		catch (Exception ex) {
 			// May happen legitimately if a filter-chain request matcher requires more
 			// request data than that provided
 			// by the dummy request used when creating the filter invocation. See SEC-1878
-			this.logger.info(
-					"Unable to check access to the login page to determine if anonymous access is allowed. This might be an error, but can happen under normal circumstances.",
-					ex);
+			this.logger.info("Unable to check access to the login page to determine if anonymous access is allowed. "
+					+ "This might be an error, but can happen under normal circumstances.", ex);
 		}
 	}
 
diff --git a/config/src/main/java/org/springframework/security/config/http/FilterChainBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/FilterChainBeanDefinitionParser.java
index 2d87afe5e6..c362bcc0a1 100644
--- a/config/src/main/java/org/springframework/security/config/http/FilterChainBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/FilterChainBeanDefinitionParser.java
@@ -43,9 +43,7 @@ public class FilterChainBeanDefinitionParser implements BeanDefinitionParser {
 		String path = elt.getAttribute(HttpSecurityBeanDefinitionParser.ATT_PATH_PATTERN);
 		String requestMatcher = elt.getAttribute(ATT_REQUEST_MATCHER_REF);
 		String filters = elt.getAttribute(HttpSecurityBeanDefinitionParser.ATT_FILTERS);
-
 		BeanDefinitionBuilder builder = BeanDefinitionBuilder.rootBeanDefinition(DefaultSecurityFilterChain.class);
-
 		if (StringUtils.hasText(path)) {
 			Assert.isTrue(!StringUtils.hasText(requestMatcher), "");
 			builder.addConstructorArgValue(matcherType.createMatcher(pc, path, null));
@@ -54,21 +52,17 @@ public class FilterChainBeanDefinitionParser implements BeanDefinitionParser {
 			Assert.isTrue(StringUtils.hasText(requestMatcher), "");
 			builder.addConstructorArgReference(requestMatcher);
 		}
-
 		if (filters.equals(HttpSecurityBeanDefinitionParser.OPT_FILTERS_NONE)) {
 			builder.addConstructorArgValue(Collections.EMPTY_LIST);
 		}
 		else {
 			String[] filterBeanNames = StringUtils.tokenizeToStringArray(filters, ",");
 			ManagedList<RuntimeBeanReference> filterChain = new ManagedList<>(filterBeanNames.length);
-
 			for (String name : filterBeanNames) {
 				filterChain.add(new RuntimeBeanReference(name));
 			}
-
 			builder.addConstructorArgValue(filterChain);
 		}
-
 		return builder.getBeanDefinition();
 	}
 
diff --git a/config/src/main/java/org/springframework/security/config/http/FilterChainMapBeanDefinitionDecorator.java b/config/src/main/java/org/springframework/security/config/http/FilterChainMapBeanDefinitionDecorator.java
index ce2f0d9c96..842ac8799f 100644
--- a/config/src/main/java/org/springframework/security/config/http/FilterChainMapBeanDefinitionDecorator.java
+++ b/config/src/main/java/org/springframework/security/config/http/FilterChainMapBeanDefinitionDecorator.java
@@ -45,48 +45,36 @@ public class FilterChainMapBeanDefinitionDecorator implements BeanDefinitionDeco
 	@SuppressWarnings("unchecked")
 	public BeanDefinitionHolder decorate(Node node, BeanDefinitionHolder holder, ParserContext parserContext) {
 		BeanDefinition filterChainProxy = holder.getBeanDefinition();
-
 		ManagedList<BeanMetadataElement> securityFilterChains = new ManagedList<>();
 		Element elt = (Element) node;
-
 		MatcherType matcherType = MatcherType.fromElement(elt);
-
 		List<Element> filterChainElts = DomUtils.getChildElementsByTagName(elt, Elements.FILTER_CHAIN);
-
 		for (Element chain : filterChainElts) {
 			String path = chain.getAttribute(HttpSecurityBeanDefinitionParser.ATT_PATH_PATTERN);
 			String filters = chain.getAttribute(HttpSecurityBeanDefinitionParser.ATT_FILTERS);
-
 			if (!StringUtils.hasText(path)) {
 				parserContext.getReaderContext().error(
 						"The attribute '" + HttpSecurityBeanDefinitionParser.ATT_PATH_PATTERN + "' must not be empty",
 						elt);
 			}
-
 			if (!StringUtils.hasText(filters)) {
 				parserContext.getReaderContext().error(
 						"The attribute '" + HttpSecurityBeanDefinitionParser.ATT_FILTERS + "'must not be empty", elt);
 			}
-
 			BeanDefinition matcher = matcherType.createMatcher(parserContext, path, null);
-
 			if (filters.equals(HttpSecurityBeanDefinitionParser.OPT_FILTERS_NONE)) {
 				securityFilterChains.add(createSecurityFilterChain(matcher, new ManagedList(0)));
 			}
 			else {
 				String[] filterBeanNames = StringUtils.tokenizeToStringArray(filters, ",");
 				ManagedList filterChain = new ManagedList(filterBeanNames.length);
-
 				for (String name : filterBeanNames) {
 					filterChain.add(new RuntimeBeanReference(name));
 				}
-
 				securityFilterChains.add(createSecurityFilterChain(matcher, filterChain));
 			}
 		}
-
 		filterChainProxy.getConstructorArgumentValues().addGenericArgumentValue(securityFilterChains);
-
 		return holder;
 	}
 
diff --git a/config/src/main/java/org/springframework/security/config/http/FilterInvocationSecurityMetadataSourceParser.java b/config/src/main/java/org/springframework/security/config/http/FilterInvocationSecurityMetadataSourceParser.java
index f0dc125778..abc7929438 100644
--- a/config/src/main/java/org/springframework/security/config/http/FilterInvocationSecurityMetadataSourceParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/FilterInvocationSecurityMetadataSourceParser.java
@@ -64,35 +64,28 @@ public class FilterInvocationSecurityMetadataSourceParser implements BeanDefinit
 	@Override
 	public BeanDefinition parse(Element element, ParserContext parserContext) {
 		List<Element> interceptUrls = DomUtils.getChildElementsByTagName(element, Elements.INTERCEPT_URL);
-
 		// Check for attributes that aren't allowed in this context
 		for (Element elt : interceptUrls) {
 			if (StringUtils.hasLength(elt.getAttribute(HttpSecurityBeanDefinitionParser.ATT_REQUIRES_CHANNEL))) {
 				parserContext.getReaderContext().error("The attribute '"
 						+ HttpSecurityBeanDefinitionParser.ATT_REQUIRES_CHANNEL + "' isn't allowed here.", elt);
 			}
-
 			if (StringUtils.hasLength(elt.getAttribute(HttpSecurityBeanDefinitionParser.ATT_FILTERS))) {
 				parserContext.getReaderContext().error(
 						"The attribute '" + HttpSecurityBeanDefinitionParser.ATT_FILTERS + "' isn't allowed here.",
 						elt);
 			}
-
 			if (StringUtils.hasLength(elt.getAttribute(ATT_SERVLET_PATH))) {
 				parserContext.getReaderContext().error("The attribute '" + ATT_SERVLET_PATH + "' isn't allowed here.",
 						elt);
 			}
 		}
-
 		BeanDefinition mds = createSecurityMetadataSource(interceptUrls, false, element, parserContext);
-
 		String id = element.getAttribute(AbstractBeanDefinitionParser.ID_ATTRIBUTE);
-
 		if (StringUtils.hasText(id)) {
 			parserContext.registerComponent(new BeanComponentDefinition(mds, id));
 			parserContext.getRegistry().registerBeanDefinition(id, mds);
 		}
-
 		return mds;
 	}
 
@@ -100,24 +93,20 @@ public class FilterInvocationSecurityMetadataSourceParser implements BeanDefinit
 			Element httpElt, ParserContext pc) {
 		MatcherType matcherType = MatcherType.fromElement(httpElt);
 		boolean useExpressions = isUseExpressions(httpElt);
-
 		ManagedMap<BeanMetadataElement, BeanDefinition> requestToAttributesMap = parseInterceptUrlsForFilterInvocationRequestMap(
 				matcherType, interceptUrls, useExpressions, addAllAuth, pc);
 		BeanDefinitionBuilder fidsBuilder;
-
 		if (useExpressions) {
 			Element expressionHandlerElt = DomUtils.getChildElementByTagName(httpElt, Elements.EXPRESSION_HANDLER);
 			String expressionHandlerRef = (expressionHandlerElt != null) ? expressionHandlerElt.getAttribute("ref")
 					: null;
-
 			if (StringUtils.hasText(expressionHandlerRef)) {
-				logger.info(
-						"Using bean '" + expressionHandlerRef + "' as web SecurityExpressionHandler implementation");
+				logger.info("Using bean '" + expressionHandlerRef + "' as web "
+						+ "SecurityExpressionHandler implementation");
 			}
 			else {
 				expressionHandlerRef = registerDefaultExpressionHandler(pc);
 			}
-
 			fidsBuilder = BeanDefinitionBuilder
 					.rootBeanDefinition(ExpressionBasedFilterInvocationSecurityMetadataSource.class);
 			fidsBuilder.addConstructorArgValue(requestToAttributesMap);
@@ -127,9 +116,7 @@ public class FilterInvocationSecurityMetadataSourceParser implements BeanDefinit
 			fidsBuilder = BeanDefinitionBuilder.rootBeanDefinition(DefaultFilterInvocationSecurityMetadataSource.class);
 			fidsBuilder.addConstructorArgValue(requestToAttributesMap);
 		}
-
 		fidsBuilder.getRawBeanDefinition().setSource(pc.extractSource(httpElt));
-
 		return (RootBeanDefinition) fidsBuilder.getBeanDefinition();
 	}
 
@@ -138,7 +125,6 @@ public class FilterInvocationSecurityMetadataSourceParser implements BeanDefinit
 				DefaultWebSecurityExpressionHandlerBeanFactory.class);
 		String expressionHandlerRef = pc.getReaderContext().generateBeanName(expressionHandler);
 		pc.registerBeanComponent(new BeanComponentDefinition(expressionHandler, expressionHandlerRef));
-
 		return expressionHandlerRef;
 	}
 
@@ -150,28 +136,22 @@ public class FilterInvocationSecurityMetadataSourceParser implements BeanDefinit
 	private static ManagedMap<BeanMetadataElement, BeanDefinition> parseInterceptUrlsForFilterInvocationRequestMap(
 			MatcherType matcherType, List<Element> urlElts, boolean useExpressions, boolean addAuthenticatedAll,
 			ParserContext parserContext) {
-
 		ManagedMap<BeanMetadataElement, BeanDefinition> filterInvocationDefinitionMap = new ManagedMap<>();
-
 		for (Element urlElt : urlElts) {
 			String access = urlElt.getAttribute(ATT_ACCESS);
 			if (!StringUtils.hasText(access)) {
 				continue;
 			}
-
 			String path = urlElt.getAttribute(ATT_PATTERN);
 			String matcherRef = urlElt.getAttribute(HttpSecurityBeanDefinitionParser.ATT_REQUEST_MATCHER_REF);
 			boolean hasMatcherRef = StringUtils.hasText(matcherRef);
-
 			if (!hasMatcherRef && !StringUtils.hasText(path)) {
 				parserContext.getReaderContext().error("path attribute cannot be empty or null", urlElt);
 			}
-
 			String method = urlElt.getAttribute(ATT_HTTP_METHOD);
 			if (!StringUtils.hasText(method)) {
 				method = null;
 			}
-
 			String servletPath = urlElt.getAttribute(ATT_SERVLET_PATH);
 			if (!StringUtils.hasText(servletPath)) {
 				servletPath = null;
@@ -181,11 +161,9 @@ public class FilterInvocationSecurityMetadataSourceParser implements BeanDefinit
 						ATT_SERVLET_PATH + " is not applicable for request-matcher: '" + matcherType.name() + "'",
 						urlElt);
 			}
-
 			BeanMetadataElement matcher = hasMatcherRef ? new RuntimeBeanReference(matcherRef)
 					: matcherType.createMatcher(parserContext, path, method, servletPath);
 			BeanDefinitionBuilder attributeBuilder = BeanDefinitionBuilder.rootBeanDefinition(SecurityConfig.class);
-
 			if (useExpressions) {
 				logger.info("Creating access control expression attribute '" + access + "' for " + path);
 				// The single expression will be parsed later by the
@@ -198,23 +176,18 @@ public class FilterInvocationSecurityMetadataSourceParser implements BeanDefinit
 				attributeBuilder.addConstructorArgValue(access);
 				attributeBuilder.setFactoryMethod("createListFromCommaDelimitedString");
 			}
-
 			if (filterInvocationDefinitionMap.containsKey(matcher)) {
 				logger.warn("Duplicate URL defined: " + path + ". The original attribute values will be overwritten");
 			}
-
 			filterInvocationDefinitionMap.put(matcher, attributeBuilder.getBeanDefinition());
 		}
-
 		if (addAuthenticatedAll && filterInvocationDefinitionMap.isEmpty()) {
-
 			BeanDefinition matcher = matcherType.createMatcher(parserContext, "/**", null);
 			BeanDefinitionBuilder attributeBuilder = BeanDefinitionBuilder.rootBeanDefinition(SecurityConfig.class);
 			attributeBuilder.addConstructorArgValue(new String[] { "authenticated" });
 			attributeBuilder.setFactoryMethod("createList");
 			filterInvocationDefinitionMap.put(matcher, attributeBuilder.getBeanDefinition());
 		}
-
 		return filterInvocationDefinitionMap;
 	}
 
diff --git a/config/src/main/java/org/springframework/security/config/http/FormLoginBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/FormLoginBeanDefinitionParser.java
index c39c6a303a..e29bed8283 100644
--- a/config/src/main/java/org/springframework/security/config/http/FormLoginBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/FormLoginBeanDefinitionParser.java
@@ -123,9 +123,7 @@ public class FormLoginBeanDefinitionParser {
 		String authDetailsSourceRef = null;
 		String authenticationFailureForwardUrl = null;
 		String authenticationSuccessForwardUrl = null;
-
 		Object source = null;
-
 		if (elt != null) {
 			source = pc.extractSource(elt);
 			loginUrl = elt.getAttribute(ATT_LOGIN_URL);
@@ -143,7 +141,6 @@ public class FormLoginBeanDefinitionParser {
 			WebConfigUtils.validateHttpRedirect(authenticationFailureForwardUrl, pc, source);
 			authenticationSuccessForwardUrl = elt.getAttribute(ATT_FORM_LOGIN_AUTHENTICATION_SUCCESS_FORWARD_URL);
 			WebConfigUtils.validateHttpRedirect(authenticationSuccessForwardUrl, pc, source);
-
 			if (!StringUtils.hasText(this.loginPage)) {
 				this.loginPage = null;
 			}
@@ -151,20 +148,16 @@ public class FormLoginBeanDefinitionParser {
 			usernameParameter = elt.getAttribute(ATT_USERNAME_PARAMETER);
 			passwordParameter = elt.getAttribute(ATT_PASSWORD_PARAMETER);
 		}
-
 		this.filterBean = createFilterBean(loginUrl, defaultTargetUrl, alwaysUseDefault, this.loginPage,
 				authenticationFailureUrl, successHandlerRef, failureHandlerRef, authDetailsSourceRef,
 				authenticationFailureForwardUrl, authenticationSuccessForwardUrl);
-
 		if (StringUtils.hasText(usernameParameter)) {
 			this.filterBean.getPropertyValues().addPropertyValue("usernameParameter", usernameParameter);
 		}
 		if (StringUtils.hasText(passwordParameter)) {
 			this.filterBean.getPropertyValues().addPropertyValue("passwordParameter", passwordParameter);
 		}
-
 		this.filterBean.setSource(source);
-
 		BeanDefinitionBuilder entryPointBuilder = BeanDefinitionBuilder
 				.rootBeanDefinition(LoginUrlAuthenticationEntryPoint.class);
 		entryPointBuilder.getRawBeanDefinition().setSource(source);
@@ -172,7 +165,6 @@ public class FormLoginBeanDefinitionParser {
 		entryPointBuilder.addPropertyValue("portMapper", this.portMapper);
 		entryPointBuilder.addPropertyValue("portResolver", this.portResolver);
 		this.entryPointBean = (RootBeanDefinition) entryPointBuilder.getBeanDefinition();
-
 		return null;
 	}
 
@@ -180,24 +172,18 @@ public class FormLoginBeanDefinitionParser {
 			String loginPage, String authenticationFailureUrl, String successHandlerRef, String failureHandlerRef,
 			String authDetailsSourceRef, String authenticationFailureForwardUrl,
 			String authenticationSuccessForwardUrl) {
-
 		BeanDefinitionBuilder filterBuilder = BeanDefinitionBuilder.rootBeanDefinition(this.filterClassName);
-
 		if (!StringUtils.hasText(loginUrl)) {
 			loginUrl = this.defaultLoginProcessingUrl;
 		}
-
 		this.loginProcessingUrl = loginUrl;
-
 		BeanDefinitionBuilder matcherBuilder = BeanDefinitionBuilder
 				.rootBeanDefinition("org.springframework.security.web.util.matcher.AntPathRequestMatcher");
 		matcherBuilder.addConstructorArgValue(loginUrl);
 		if (this.loginMethod != null) {
 			matcherBuilder.addConstructorArgValue("POST");
 		}
-
 		filterBuilder.addPropertyValue("requiresAuthenticationRequestMatcher", matcherBuilder.getBeanDefinition());
-
 		if (StringUtils.hasText(successHandlerRef)) {
 			filterBuilder.addPropertyReference("authenticationSuccessHandler", successHandlerRef);
 		}
@@ -218,15 +204,12 @@ public class FormLoginBeanDefinitionParser {
 					StringUtils.hasText(defaultTargetUrl) ? defaultTargetUrl : DEF_FORM_LOGIN_TARGET_URL);
 			filterBuilder.addPropertyValue("authenticationSuccessHandler", successHandler.getBeanDefinition());
 		}
-
 		if (StringUtils.hasText(authDetailsSourceRef)) {
 			filterBuilder.addPropertyReference("authenticationDetailsSource", authDetailsSourceRef);
 		}
-
 		if (this.sessionStrategy != null) {
 			filterBuilder.addPropertyValue("sessionAuthenticationStrategy", this.sessionStrategy);
 		}
-
 		if (StringUtils.hasText(failureHandlerRef)) {
 			filterBuilder.addPropertyReference("authenticationFailureHandler", failureHandlerRef);
 		}
@@ -252,7 +235,6 @@ public class FormLoginBeanDefinitionParser {
 			failureHandler.addPropertyValue("allowSessionCreation", this.allowSessionCreation);
 			filterBuilder.addPropertyValue("authenticationFailureHandler", failureHandler.getBeanDefinition());
 		}
-
 		return (RootBeanDefinition) filterBuilder.getBeanDefinition();
 	}
 
diff --git a/config/src/main/java/org/springframework/security/config/http/GrantedAuthorityDefaultsParserUtils.java b/config/src/main/java/org/springframework/security/config/http/GrantedAuthorityDefaultsParserUtils.java
index ae7a2f8f27..ce32607100 100644
--- a/config/src/main/java/org/springframework/security/config/http/GrantedAuthorityDefaultsParserUtils.java
+++ b/config/src/main/java/org/springframework/security/config/http/GrantedAuthorityDefaultsParserUtils.java
@@ -37,7 +37,6 @@ final class GrantedAuthorityDefaultsParserUtils {
 		RootBeanDefinition beanFactoryDefinition = new RootBeanDefinition(beanFactoryClass);
 		String beanFactoryRef = pc.getReaderContext().generateBeanName(beanFactoryDefinition);
 		pc.getRegistry().registerBeanDefinition(beanFactoryRef, beanFactoryDefinition);
-
 		RootBeanDefinition bean = new RootBeanDefinition();
 		bean.setFactoryBeanName(beanFactoryRef);
 		bean.setFactoryMethodName("getBean");
diff --git a/config/src/main/java/org/springframework/security/config/http/HandlerMappingIntrospectorFactoryBean.java b/config/src/main/java/org/springframework/security/config/http/HandlerMappingIntrospectorFactoryBean.java
index 3b991a8d38..302e95834a 100644
--- a/config/src/main/java/org/springframework/security/config/http/HandlerMappingIntrospectorFactoryBean.java
+++ b/config/src/main/java/org/springframework/security/config/http/HandlerMappingIntrospectorFactoryBean.java
@@ -41,9 +41,11 @@ class HandlerMappingIntrospectorFactoryBean
 	@Override
 	public HandlerMappingIntrospector getObject() {
 		if (!this.context.containsBean(HANDLER_MAPPING_INTROSPECTOR_BEAN_NAME)) {
-			throw new NoSuchBeanDefinitionException(HANDLER_MAPPING_INTROSPECTOR_BEAN_NAME, "A Bean named "
-					+ HANDLER_MAPPING_INTROSPECTOR_BEAN_NAME + " of type " + HandlerMappingIntrospector.class.getName()
-					+ " is required to use MvcRequestMatcher. Please ensure Spring Security & Spring MVC are configured in a shared ApplicationContext.");
+			throw new NoSuchBeanDefinitionException(HANDLER_MAPPING_INTROSPECTOR_BEAN_NAME,
+					"A Bean named " + HANDLER_MAPPING_INTROSPECTOR_BEAN_NAME + " of type "
+							+ HandlerMappingIntrospector.class.getName()
+							+ " is required to use MvcRequestMatcher. Please ensure Spring Security & Spring "
+							+ "MVC are configured in a shared ApplicationContext.");
 		}
 		return this.context.getBean(HANDLER_MAPPING_INTROSPECTOR_BEAN_NAME, HandlerMappingIntrospector.class);
 	}
diff --git a/config/src/main/java/org/springframework/security/config/http/HeadersBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/HeadersBeanDefinitionParser.java
index c4f96eba3a..ac37bc76ab 100644
--- a/config/src/main/java/org/springframework/security/config/http/HeadersBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/HeadersBeanDefinitionParser.java
@@ -125,32 +125,22 @@ public class HeadersBeanDefinitionParser implements BeanDefinitionParser {
 
 	@Override
 	public BeanDefinition parse(Element element, ParserContext parserContext) {
-
 		this.headerWriters = new ManagedList<>();
 		BeanDefinitionBuilder builder = BeanDefinitionBuilder.rootBeanDefinition(HeaderWriterFilter.class);
-
 		boolean disabled = element != null && "true".equals(resolveAttribute(parserContext, element, "disabled"));
 		boolean defaultsDisabled = element != null
 				&& "true".equals(resolveAttribute(parserContext, element, "defaults-disabled"));
-
 		boolean addIfNotPresent = element == null || !disabled && !defaultsDisabled;
-
 		parseCacheControlElement(addIfNotPresent, element);
 		parseHstsElement(addIfNotPresent, element, parserContext);
 		parseXssElement(addIfNotPresent, element, parserContext);
 		parseFrameOptionsElement(addIfNotPresent, element, parserContext);
 		parseContentTypeOptionsElement(addIfNotPresent, element);
-
 		parseHpkpElement(element == null || !disabled, element, parserContext);
-
 		parseContentSecurityPolicyElement(disabled, element, parserContext);
-
 		parseReferrerPolicyElement(element, parserContext);
-
 		parseFeaturePolicyElement(element, parserContext);
-
 		parseHeaderElements(element);
-
 		boolean noWriters = this.headerWriters.isEmpty();
 		if (disabled && !noWriters) {
 			parserContext.getReaderContext().error("Cannot specify <headers disabled=\"true\"> with child elements.",
@@ -159,13 +149,11 @@ public class HeadersBeanDefinitionParser implements BeanDefinitionParser {
 		else if (noWriters) {
 			return null;
 		}
-
 		builder.addConstructorArgValue(this.headerWriters);
 		return builder.getBeanDefinition();
 	}
 
 	/**
-	 *
 	 * Resolve the placeholder for a given attribute on a element.
 	 * @param pc
 	 * @param element
@@ -233,7 +221,6 @@ public class HeadersBeanDefinitionParser implements BeanDefinitionParser {
 				}
 				headersWriter.addPropertyValue("preload", preload);
 			}
-
 			if (disabled) {
 				return;
 			}
@@ -253,59 +240,45 @@ public class HeadersBeanDefinitionParser implements BeanDefinitionParser {
 	private void addHpkp(boolean addIfNotPresent, Element hpkpElement, ParserContext context) {
 		if (hpkpElement != null) {
 			boolean disabled = "true".equals(getAttribute(hpkpElement, ATT_DISABLED, "false"));
-
 			if (disabled) {
 				return;
 			}
-
 			BeanDefinitionBuilder headersWriter = BeanDefinitionBuilder.genericBeanDefinition(HpkpHeaderWriter.class);
-
 			Element pinsElement = DomUtils.getChildElementByTagName(hpkpElement, PINS_ELEMENT);
 			if (pinsElement != null) {
 				List<Element> pinElements = DomUtils.getChildElements(pinsElement);
-
 				Map<String, String> pins = new LinkedHashMap<>();
-
 				for (Element pinElement : pinElements) {
 					String hash = pinElement.getAttribute(ATT_ALGORITHM);
 					if (!StringUtils.hasText(hash)) {
 						hash = "sha256";
 					}
-
 					Node pinValueNode = pinElement.getFirstChild();
 					if (pinValueNode == null) {
 						context.getReaderContext().warning("Missing value for pin entry.", hpkpElement);
 						continue;
 					}
-
 					String fingerprint = pinElement.getFirstChild().getTextContent();
-
 					pins.put(fingerprint, hash);
 				}
-
 				headersWriter.addPropertyValue("pins", pins);
 			}
-
 			String includeSubDomains = hpkpElement.getAttribute(ATT_INCLUDE_SUBDOMAINS);
 			if (StringUtils.hasText(includeSubDomains)) {
 				headersWriter.addPropertyValue("includeSubDomains", includeSubDomains);
 			}
-
 			String maxAgeSeconds = hpkpElement.getAttribute(ATT_MAX_AGE_SECONDS);
 			if (StringUtils.hasText(maxAgeSeconds)) {
 				headersWriter.addPropertyValue("maxAgeInSeconds", maxAgeSeconds);
 			}
-
 			String reportOnly = hpkpElement.getAttribute(ATT_REPORT_ONLY);
 			if (StringUtils.hasText(reportOnly)) {
 				headersWriter.addPropertyValue("reportOnly", reportOnly);
 			}
-
 			String reportUri = hpkpElement.getAttribute(ATT_REPORT_URI);
 			if (StringUtils.hasText(reportUri)) {
 				headersWriter.addPropertyValue("reportUri", reportUri);
 			}
-
 			if (addIfNotPresent) {
 				this.headerWriters.add(headersWriter.getBeanDefinition());
 			}
@@ -323,7 +296,6 @@ public class HeadersBeanDefinitionParser implements BeanDefinitionParser {
 	private void addContentSecurityPolicy(Element contentSecurityPolicyElement, ParserContext context) {
 		BeanDefinitionBuilder headersWriter = BeanDefinitionBuilder
 				.genericBeanDefinition(ContentSecurityPolicyHeaderWriter.class);
-
 		String policyDirectives = contentSecurityPolicyElement.getAttribute(ATT_POLICY_DIRECTIVES);
 		if (!StringUtils.hasText(policyDirectives)) {
 			context.getReaderContext().error(ATT_POLICY_DIRECTIVES + " requires a 'value' to be set.",
@@ -332,12 +304,10 @@ public class HeadersBeanDefinitionParser implements BeanDefinitionParser {
 		else {
 			headersWriter.addConstructorArgValue(policyDirectives);
 		}
-
 		String reportOnly = contentSecurityPolicyElement.getAttribute(ATT_REPORT_ONLY);
 		if (StringUtils.hasText(reportOnly)) {
 			headersWriter.addPropertyValue("reportOnly", reportOnly);
 		}
-
 		this.headerWriters.add(headersWriter.getBeanDefinition());
 	}
 
@@ -352,7 +322,6 @@ public class HeadersBeanDefinitionParser implements BeanDefinitionParser {
 	private void addReferrerPolicy(Element referrerPolicyElement, ParserContext context) {
 		BeanDefinitionBuilder headersWriter = BeanDefinitionBuilder
 				.genericBeanDefinition(ReferrerPolicyHeaderWriter.class);
-
 		String policy = referrerPolicyElement.getAttribute(ATT_POLICY);
 		if (StringUtils.hasLength(policy)) {
 			headersWriter.addConstructorArgValue(ReferrerPolicy.get(policy));
@@ -371,7 +340,6 @@ public class HeadersBeanDefinitionParser implements BeanDefinitionParser {
 	private void addFeaturePolicy(Element featurePolicyElement, ParserContext context) {
 		BeanDefinitionBuilder headersWriter = BeanDefinitionBuilder
 				.genericBeanDefinition(FeaturePolicyHeaderWriter.class);
-
 		String policyDirectives = featurePolicyElement.getAttribute(ATT_POLICY_DIRECTIVES);
 		if (!StringUtils.hasText(policyDirectives)) {
 			context.getReaderContext().error(ATT_POLICY_DIRECTIVES + " requires a 'value' to be set.",
@@ -380,7 +348,6 @@ public class HeadersBeanDefinitionParser implements BeanDefinitionParser {
 		else {
 			headersWriter.addConstructorArgValue(policyDirectives);
 		}
-
 		this.headerWriters.add(headersWriter.getBeanDefinition());
 	}
 
@@ -508,7 +475,6 @@ public class HeadersBeanDefinitionParser implements BeanDefinitionParser {
 		BeanDefinitionBuilder builder = BeanDefinitionBuilder.genericBeanDefinition(XXssProtectionHeaderWriter.class);
 		if (xssElt != null) {
 			boolean disabled = "true".equals(getAttribute(xssElt, ATT_DISABLED, "false"));
-
 			String enabled = xssElt.getAttribute(ATT_ENABLED);
 			if (StringUtils.hasText(enabled)) {
 				if (disabled) {
@@ -516,7 +482,6 @@ public class HeadersBeanDefinitionParser implements BeanDefinitionParser {
 				}
 				builder.addPropertyValue("enabled", enabled);
 			}
-
 			String block = xssElt.getAttribute(ATT_BLOCK);
 			if (StringUtils.hasText(block)) {
 				if (disabled) {
@@ -524,7 +489,6 @@ public class HeadersBeanDefinitionParser implements BeanDefinitionParser {
 				}
 				builder.addPropertyValue("block", block);
 			}
-
 			if (disabled) {
 				return;
 			}
@@ -542,9 +506,7 @@ public class HeadersBeanDefinitionParser implements BeanDefinitionParser {
 		if (StringUtils.hasText(value)) {
 			return value;
 		}
-		else {
-			return defaultValue;
-		}
+		return defaultValue;
 	}
 
 }
diff --git a/config/src/main/java/org/springframework/security/config/http/HttpConfigurationBuilder.java b/config/src/main/java/org/springframework/security/config/http/HttpConfigurationBuilder.java
index 294d830a36..992d5c60a1 100644
--- a/config/src/main/java/org/springframework/security/config/http/HttpConfigurationBuilder.java
+++ b/config/src/main/java/org/springframework/security/config/http/HttpConfigurationBuilder.java
@@ -71,6 +71,7 @@ import org.springframework.security.web.session.SessionManagementFilter;
 import org.springframework.security.web.session.SimpleRedirectInvalidSessionStrategy;
 import org.springframework.security.web.session.SimpleRedirectSessionInformationExpiredStrategy;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
+import org.springframework.util.Assert;
 import org.springframework.util.ClassUtils;
 import org.springframework.util.StringUtils;
 import org.springframework.util.xml.DomUtils;
@@ -113,6 +114,22 @@ class HttpConfigurationBuilder {
 
 	private static final String ATT_REF = "ref";
 
+	private static final String ATT_EXPIRY_URL = "expired-url";
+
+	private static final String ATT_EXPIRED_SESSION_STRATEGY_REF = "expired-session-strategy-ref";
+
+	private static final String ATT_SESSION_REGISTRY_ALIAS = "session-registry-alias";
+
+	private static final String ATT_SESSION_REGISTRY_REF = "session-registry-ref";
+
+	private static final String ATT_SERVLET_API_PROVISION = "servlet-api-provision";
+
+	private static final String DEF_SERVLET_API_PROVISION = "true";
+
+	private static final String ATT_JAAS_API_PROVISION = "jaas-api-provision";
+
+	private static final String DEF_JAAS_API_PROVISION = "false";
+
 	private final Element httpElt;
 
 	private final ParserContext pc;
@@ -178,25 +195,10 @@ class HttpConfigurationBuilder {
 		this.portResolver = portResolver;
 		this.matcherType = MatcherType.fromElement(element);
 		this.interceptUrls = DomUtils.getChildElementsByTagName(element, Elements.INTERCEPT_URL);
-
-		for (Element urlElt : this.interceptUrls) {
-			if (StringUtils.hasText(urlElt.getAttribute(HttpSecurityBeanDefinitionParser.ATT_FILTERS))) {
-				pc.getReaderContext()
-						.error("The use of \"filters='none'\" is no longer supported. Please define a"
-								+ " separate <http> element for the pattern you want to exclude and use the attribute"
-								+ " \"security='none'\".", pc.extractSource(urlElt));
-			}
-		}
-
+		validateInterceptUrls(pc);
 		String createSession = element.getAttribute(ATT_CREATE_SESSION);
-
-		if (StringUtils.hasText(createSession)) {
-			this.sessionPolicy = createPolicy(createSession);
-		}
-		else {
-			this.sessionPolicy = SessionCreationPolicy.IF_REQUIRED;
-		}
-
+		this.sessionPolicy = !StringUtils.hasText(createSession) ? SessionCreationPolicy.IF_REQUIRED
+				: createPolicy(createSession);
 		createCsrfFilter();
 		createSecurityContextPersistenceFilter();
 		createSessionManagementFilters();
@@ -210,20 +212,30 @@ class HttpConfigurationBuilder {
 		createCorsFilter();
 	}
 
+	private void validateInterceptUrls(ParserContext pc) {
+		for (Element element : this.interceptUrls) {
+			if (StringUtils.hasText(element.getAttribute(HttpSecurityBeanDefinitionParser.ATT_FILTERS))) {
+				String message = "The use of \"filters='none'\" is no longer supported. Please define a"
+						+ " separate <http> element for the pattern you want to exclude and use the attribute"
+						+ " \"security='none'\".";
+				pc.getReaderContext().error(message, pc.extractSource(element));
+			}
+		}
+	}
+
 	private SessionCreationPolicy createPolicy(String createSession) {
 		if ("ifRequired".equals(createSession)) {
 			return SessionCreationPolicy.IF_REQUIRED;
 		}
-		else if ("always".equals(createSession)) {
+		if ("always".equals(createSession)) {
 			return SessionCreationPolicy.ALWAYS;
 		}
-		else if ("never".equals(createSession)) {
+		if ("never".equals(createSession)) {
 			return SessionCreationPolicy.NEVER;
 		}
-		else if ("stateless".equals(createSession)) {
+		if ("stateless".equals(createSession)) {
 			return SessionCreationPolicy.STATELESS;
 		}
-
 		throw new IllegalStateException(
 				"Cannot convert " + createSession + " to " + SessionCreationPolicy.class.getName());
 	}
@@ -265,13 +277,11 @@ class HttpConfigurationBuilder {
 
 	private void createSecurityContextPersistenceFilter() {
 		BeanDefinitionBuilder scpf = BeanDefinitionBuilder.rootBeanDefinition(SecurityContextPersistenceFilter.class);
-
 		String repoRef = this.httpElt.getAttribute(ATT_SECURITY_CONTEXT_REPOSITORY);
 		String disableUrlRewriting = this.httpElt.getAttribute(ATT_DISABLE_URL_REWRITING);
 		if (!StringUtils.hasText(disableUrlRewriting)) {
 			disableUrlRewriting = "true";
 		}
-
 		if (StringUtils.hasText(repoRef)) {
 			if (this.sessionPolicy == SessionCreationPolicy.ALWAYS) {
 				scpf.addPropertyValue("forceEagerSessionCreation", Boolean.TRUE);
@@ -297,12 +307,10 @@ class HttpConfigurationBuilder {
 					contextRepo.addPropertyValue("allowSessionCreation", Boolean.TRUE);
 					scpf.addPropertyValue("forceEagerSessionCreation", Boolean.FALSE);
 				}
-
 				if ("true".equals(disableUrlRewriting)) {
 					contextRepo.addPropertyValue("disableUrlRewriting", Boolean.TRUE);
 				}
 			}
-
 			BeanDefinition repoBean = contextRepo.getBeanDefinition();
 			repoRef = this.pc.getReaderContext().generateBeanName(repoBean);
 			this.pc.registerBeanComponent(new BeanComponentDefinition(repoBean, repoRef));
@@ -317,13 +325,11 @@ class HttpConfigurationBuilder {
 	private void createSessionManagementFilters() {
 		Element sessionMgmtElt = DomUtils.getChildElementByTagName(this.httpElt, Elements.SESSION_MANAGEMENT);
 		Element sessionCtrlElt = null;
-
 		String sessionFixationAttribute = null;
 		String invalidSessionUrl = null;
 		String invalidSessionStrategyRef = null;
 		String sessionAuthStratRef = null;
 		String errorUrl = null;
-
 		boolean sessionControlEnabled = false;
 		if (sessionMgmtElt != null) {
 			if (this.sessionPolicy == SessionCreationPolicy.STATELESS) {
@@ -335,18 +341,15 @@ class HttpConfigurationBuilder {
 			sessionFixationAttribute = sessionMgmtElt.getAttribute(ATT_SESSION_FIXATION_PROTECTION);
 			invalidSessionUrl = sessionMgmtElt.getAttribute(ATT_INVALID_SESSION_URL);
 			invalidSessionStrategyRef = sessionMgmtElt.getAttribute(ATT_INVALID_SESSION_STRATEGY_REF);
-
 			sessionAuthStratRef = sessionMgmtElt.getAttribute(ATT_SESSION_AUTH_STRATEGY_REF);
 			errorUrl = sessionMgmtElt.getAttribute(ATT_SESSION_AUTH_ERROR_URL);
 			sessionCtrlElt = DomUtils.getChildElementByTagName(sessionMgmtElt, Elements.CONCURRENT_SESSIONS);
 			sessionControlEnabled = sessionCtrlElt != null;
-
 			if (StringUtils.hasText(invalidSessionUrl) && StringUtils.hasText(invalidSessionStrategyRef)) {
 				this.pc.getReaderContext()
 						.error(ATT_INVALID_SESSION_URL + " attribute cannot be used in combination with" + " the "
 								+ ATT_INVALID_SESSION_STRATEGY_REF + " attribute.", sessionMgmtElt);
 			}
-
 			if (sessionControlEnabled) {
 				if (StringUtils.hasText(sessionAuthStratRef)) {
 					this.pc.getReaderContext()
@@ -370,33 +373,25 @@ class HttpConfigurationBuilder {
 			// SEC-1424: do nothing
 			return;
 		}
-
 		boolean sessionFixationProtectionRequired = !sessionFixationAttribute
 				.equals(OPT_SESSION_FIXATION_NO_PROTECTION);
-
 		ManagedList<BeanMetadataElement> delegateSessionStrategies = new ManagedList<>();
 		BeanDefinitionBuilder concurrentSessionStrategy;
 		BeanDefinitionBuilder sessionFixationStrategy = null;
 		BeanDefinitionBuilder registerSessionStrategy;
-
 		if (this.csrfAuthStrategy != null) {
 			delegateSessionStrategies.add(this.csrfAuthStrategy);
 		}
-
 		if (sessionControlEnabled) {
-			assert this.sessionRegistryRef != null;
+			Assert.state(this.sessionRegistryRef != null, "No sessionRegistryRef found");
 			concurrentSessionStrategy = BeanDefinitionBuilder
 					.rootBeanDefinition(ConcurrentSessionControlAuthenticationStrategy.class);
 			concurrentSessionStrategy.addConstructorArgValue(this.sessionRegistryRef);
-
 			String maxSessions = sessionCtrlElt.getAttribute("max-sessions");
-
 			if (StringUtils.hasText(maxSessions)) {
 				concurrentSessionStrategy.addPropertyValue("maximumSessions", maxSessions);
 			}
-
 			String exceptionIfMaximumExceeded = sessionCtrlElt.getAttribute("error-if-maximum-exceeded");
-
 			if (StringUtils.hasText(exceptionIfMaximumExceeded)) {
 				concurrentSessionStrategy.addPropertyValue("exceptionIfMaximumExceeded", exceptionIfMaximumExceeded);
 			}
@@ -414,23 +409,19 @@ class HttpConfigurationBuilder {
 			}
 			delegateSessionStrategies.add(sessionFixationStrategy.getBeanDefinition());
 		}
-
 		if (StringUtils.hasText(sessionAuthStratRef)) {
 			delegateSessionStrategies.add(new RuntimeBeanReference(sessionAuthStratRef));
 		}
-
 		if (sessionControlEnabled) {
 			registerSessionStrategy = BeanDefinitionBuilder
 					.rootBeanDefinition(RegisterSessionAuthenticationStrategy.class);
 			registerSessionStrategy.addConstructorArgValue(this.sessionRegistryRef);
 			delegateSessionStrategies.add(registerSessionStrategy.getBeanDefinition());
 		}
-
 		if (delegateSessionStrategies.isEmpty()) {
 			this.sfpf = null;
 			return;
 		}
-
 		BeanDefinitionBuilder sessionMgmtFilter = BeanDefinitionBuilder
 				.rootBeanDefinition(SessionManagementFilter.class);
 		RootBeanDefinition failureHandler = new RootBeanDefinition(SimpleUrlAuthenticationFailureHandler.class);
@@ -439,15 +430,12 @@ class HttpConfigurationBuilder {
 		}
 		sessionMgmtFilter.addPropertyValue("authenticationFailureHandler", failureHandler);
 		sessionMgmtFilter.addConstructorArgValue(this.contextRepoRef);
-
 		if (!StringUtils.hasText(sessionAuthStratRef) && sessionFixationStrategy != null && !useChangeSessionId) {
-
 			if (sessionFixationProtectionRequired) {
 				sessionFixationStrategy.addPropertyValue("migrateSessionAttributes",
 						sessionFixationAttribute.equals(OPT_SESSION_FIXATION_MIGRATE_SESSION));
 			}
 		}
-
 		if (!delegateSessionStrategies.isEmpty()) {
 			BeanDefinitionBuilder sessionStrategy = BeanDefinitionBuilder
 					.rootBeanDefinition(CompositeSessionAuthenticationStrategy.class);
@@ -455,9 +443,7 @@ class HttpConfigurationBuilder {
 			sessionStrategy.addConstructorArgValue(delegateSessionStrategies);
 			sessionAuthStratRef = this.pc.getReaderContext().generateBeanName(strategyBean);
 			this.pc.registerBeanComponent(new BeanComponentDefinition(strategyBean, sessionAuthStratRef));
-
 		}
-
 		if (StringUtils.hasText(invalidSessionUrl)) {
 			BeanDefinitionBuilder invalidSessionBldr = BeanDefinitionBuilder
 					.rootBeanDefinition(SimpleRedirectInvalidSessionStrategy.class);
@@ -468,55 +454,39 @@ class HttpConfigurationBuilder {
 		else if (StringUtils.hasText(invalidSessionStrategyRef)) {
 			sessionMgmtFilter.addPropertyReference("invalidSessionStrategy", invalidSessionStrategyRef);
 		}
-
 		sessionMgmtFilter.addConstructorArgReference(sessionAuthStratRef);
-
 		this.sfpf = (RootBeanDefinition) sessionMgmtFilter.getBeanDefinition();
 		this.sessionStrategyRef = new RuntimeBeanReference(sessionAuthStratRef);
 	}
 
 	private void createConcurrencyControlFilterAndSessionRegistry(Element element) {
-		final String ATT_EXPIRY_URL = "expired-url";
-		final String ATT_EXPIRED_SESSION_STRATEGY_REF = "expired-session-strategy-ref";
-		final String ATT_SESSION_REGISTRY_ALIAS = "session-registry-alias";
-		final String ATT_SESSION_REGISTRY_REF = "session-registry-ref";
-
 		CompositeComponentDefinition compositeDef = new CompositeComponentDefinition(element.getTagName(),
 				this.pc.extractSource(element));
 		this.pc.pushContainingComponent(compositeDef);
-
 		BeanDefinitionRegistry beanRegistry = this.pc.getRegistry();
-
 		String sessionRegistryId = element.getAttribute(ATT_SESSION_REGISTRY_REF);
-
 		if (!StringUtils.hasText(sessionRegistryId)) {
 			// Register an internal SessionRegistryImpl if no external reference supplied.
 			RootBeanDefinition sessionRegistry = new RootBeanDefinition(SessionRegistryImpl.class);
 			sessionRegistryId = this.pc.getReaderContext().registerWithGeneratedName(sessionRegistry);
 			this.pc.registerComponent(new BeanComponentDefinition(sessionRegistry, sessionRegistryId));
 		}
-
 		String registryAlias = element.getAttribute(ATT_SESSION_REGISTRY_ALIAS);
 		if (StringUtils.hasText(registryAlias)) {
 			beanRegistry.registerAlias(sessionRegistryId, registryAlias);
 		}
-
 		BeanDefinitionBuilder filterBuilder = BeanDefinitionBuilder.rootBeanDefinition(ConcurrentSessionFilter.class);
 		filterBuilder.addConstructorArgReference(sessionRegistryId);
-
 		Object source = this.pc.extractSource(element);
 		filterBuilder.getRawBeanDefinition().setSource(source);
 		filterBuilder.setRole(BeanDefinition.ROLE_INFRASTRUCTURE);
-
 		String expiryUrl = element.getAttribute(ATT_EXPIRY_URL);
 		String expiredSessionStrategyRef = element.getAttribute(ATT_EXPIRED_SESSION_STRATEGY_REF);
-
 		if (StringUtils.hasText(expiryUrl) && StringUtils.hasText(expiredSessionStrategyRef)) {
 			this.pc.getReaderContext().error(
 					"Cannot use 'expired-url' attribute and 'expired-session-strategy-ref'" + " attribute together.",
 					source);
 		}
-
 		if (StringUtils.hasText(expiryUrl)) {
 			BeanDefinitionBuilder expiredSessionBldr = BeanDefinitionBuilder
 					.rootBeanDefinition(SimpleRedirectSessionInformationExpiredStrategy.class);
@@ -526,9 +496,7 @@ class HttpConfigurationBuilder {
 		else if (StringUtils.hasText(expiredSessionStrategyRef)) {
 			filterBuilder.addConstructorArgReference(expiredSessionStrategyRef);
 		}
-
 		this.pc.popAndRegisterContainingComponent();
-
 		this.concurrentSessionFilter = filterBuilder.getBeanDefinition();
 		this.sessionRegistryRef = new RuntimeBeanReference(sessionRegistryId);
 	}
@@ -542,14 +510,10 @@ class HttpConfigurationBuilder {
 
 	// Adds the servlet-api integration filter if required
 	private void createServletApiFilter(BeanReference authenticationManager) {
-		final String ATT_SERVLET_API_PROVISION = "servlet-api-provision";
-		final String DEF_SERVLET_API_PROVISION = "true";
-
 		String provideServletApi = this.httpElt.getAttribute(ATT_SERVLET_API_PROVISION);
 		if (!StringUtils.hasText(provideServletApi)) {
 			provideServletApi = DEF_SERVLET_API_PROVISION;
 		}
-
 		if ("true".equals(provideServletApi)) {
 			this.servApiFilter = GrantedAuthorityDefaultsParserUtils.registerWithDefaultRolePrefix(this.pc,
 					SecurityContextHolderAwareRequestFilterBeanFactory.class);
@@ -559,14 +523,10 @@ class HttpConfigurationBuilder {
 
 	// Adds the jaas-api integration filter if required
 	private void createJaasApiFilter() {
-		final String ATT_JAAS_API_PROVISION = "jaas-api-provision";
-		final String DEF_JAAS_API_PROVISION = "false";
-
 		String provideJaasApi = this.httpElt.getAttribute(ATT_JAAS_API_PROVISION);
 		if (!StringUtils.hasText(provideJaasApi)) {
 			provideJaasApi = DEF_JAAS_API_PROVISION;
 		}
-
 		if ("true".equals(provideJaasApi)) {
 			this.jaasApiFilter = new RootBeanDefinition(JaasApiIntegrationFilter.class);
 		}
@@ -574,18 +534,13 @@ class HttpConfigurationBuilder {
 
 	private void createChannelProcessingFilter() {
 		ManagedMap<BeanMetadataElement, BeanDefinition> channelRequestMap = parseInterceptUrlsForChannelSecurity();
-
 		if (channelRequestMap.isEmpty()) {
 			return;
 		}
-
 		RootBeanDefinition channelFilter = new RootBeanDefinition(ChannelProcessingFilter.class);
 		BeanDefinitionBuilder metadataSourceBldr = BeanDefinitionBuilder
 				.rootBeanDefinition(DefaultFilterInvocationSecurityMetadataSource.class);
 		metadataSourceBldr.addConstructorArgValue(channelRequestMap);
-		// metadataSourceBldr.addPropertyValue("stripQueryStringFromUrls", matcher
-		// instanceof AntUrlPathMatcher);
-
 		channelFilter.getPropertyValues().addPropertyValue("securityMetadataSource",
 				metadataSourceBldr.getBeanDefinition());
 		RootBeanDefinition channelDecisionManager = new RootBeanDefinition(ChannelDecisionManagerImpl.class);
@@ -593,7 +548,6 @@ class HttpConfigurationBuilder {
 		RootBeanDefinition secureChannelProcessor = new RootBeanDefinition(SecureChannelProcessor.class);
 		RootBeanDefinition retryWithHttp = new RootBeanDefinition(RetryWithHttpEntryPoint.class);
 		RootBeanDefinition retryWithHttps = new RootBeanDefinition(RetryWithHttpsEntryPoint.class);
-
 		retryWithHttp.getPropertyValues().addPropertyValue("portMapper", this.portMapper);
 		retryWithHttp.getPropertyValues().addPropertyValue("portResolver", this.portResolver);
 		retryWithHttps.getPropertyValues().addPropertyValue("portMapper", this.portMapper);
@@ -604,7 +558,6 @@ class HttpConfigurationBuilder {
 		channelProcessors.add(secureChannelProcessor);
 		channelProcessors.add(inSecureChannelProcessor);
 		channelDecisionManager.getPropertyValues().addPropertyValue("channelProcessors", channelProcessors);
-
 		String id = this.pc.getReaderContext().registerWithGeneratedName(channelDecisionManager);
 		channelFilter.getPropertyValues().addPropertyValue("channelDecisionManager", new RuntimeBeanReference(id));
 		this.cpf = channelFilter;
@@ -616,45 +569,35 @@ class HttpConfigurationBuilder {
 	 * path.
 	 */
 	private ManagedMap<BeanMetadataElement, BeanDefinition> parseInterceptUrlsForChannelSecurity() {
-
 		ManagedMap<BeanMetadataElement, BeanDefinition> channelRequestMap = new ManagedMap<>();
-
 		for (Element urlElt : this.interceptUrls) {
 			String path = urlElt.getAttribute(HttpSecurityBeanDefinitionParser.ATT_PATH_PATTERN);
 			String method = urlElt.getAttribute(HttpSecurityBeanDefinitionParser.ATT_HTTP_METHOD);
 			String matcherRef = urlElt.getAttribute(HttpSecurityBeanDefinitionParser.ATT_REQUEST_MATCHER_REF);
 			boolean hasMatcherRef = StringUtils.hasText(matcherRef);
-
 			if (!hasMatcherRef && !StringUtils.hasText(path)) {
 				this.pc.getReaderContext().error("pattern attribute cannot be empty or null", urlElt);
 			}
-
 			String requiredChannel = urlElt.getAttribute(HttpSecurityBeanDefinitionParser.ATT_REQUIRES_CHANNEL);
-
 			if (StringUtils.hasText(requiredChannel)) {
 				BeanMetadataElement matcher = hasMatcherRef ? new RuntimeBeanReference(matcherRef)
 						: this.matcherType.createMatcher(this.pc, path, method);
-
 				RootBeanDefinition channelAttributes = new RootBeanDefinition(ChannelAttributeFactory.class);
 				channelAttributes.getConstructorArgumentValues().addGenericArgumentValue(requiredChannel);
 				channelAttributes.setFactoryMethodName("createChannelAttributes");
-
 				channelRequestMap.put(matcher, channelAttributes);
 			}
 		}
-
 		return channelRequestMap;
 	}
 
 	private void createRequestCacheFilter() {
 		Element requestCacheElt = DomUtils.getChildElementByTagName(this.httpElt, Elements.REQUEST_CACHE);
-
 		if (requestCacheElt != null) {
 			this.requestCache = new RuntimeBeanReference(requestCacheElt.getAttribute(ATT_REF));
 		}
 		else {
 			BeanDefinitionBuilder requestCacheBldr;
-
 			if (this.sessionPolicy == SessionCreationPolicy.STATELESS) {
 				requestCacheBldr = BeanDefinitionBuilder.rootBeanDefinition(NullRequestCache.class);
 			}
@@ -671,14 +614,11 @@ class HttpConfigurationBuilder {
 					requestCacheBldr.addPropertyValue("requestMatcher", requestCacheMatcherBldr.getBeanDefinition());
 				}
 			}
-
 			BeanDefinition bean = requestCacheBldr.getBeanDefinition();
 			String id = this.pc.getReaderContext().generateBeanName(bean);
 			this.pc.registerBeanComponent(new BeanComponentDefinition(bean, id));
-
 			this.requestCache = new RuntimeBeanReference(id);
 		}
-
 		this.requestCacheAwareFilter = new RootBeanDefinition(RequestCacheAwareFilter.class);
 		this.requestCacheAwareFilter.getConstructorArgumentValues().addGenericArgumentValue(this.requestCache);
 	}
@@ -687,18 +627,14 @@ class HttpConfigurationBuilder {
 		boolean useExpressions = FilterInvocationSecurityMetadataSourceParser.isUseExpressions(this.httpElt);
 		RootBeanDefinition securityMds = FilterInvocationSecurityMetadataSourceParser
 				.createSecurityMetadataSource(this.interceptUrls, this.addAllAuth, this.httpElt, this.pc);
-
 		RootBeanDefinition accessDecisionMgr;
 		ManagedList<BeanDefinition> voters = new ManagedList<>(2);
-
 		if (useExpressions) {
 			BeanDefinitionBuilder expressionVoter = BeanDefinitionBuilder.rootBeanDefinition(WebExpressionVoter.class);
 			// Read the expression handler from the FISMS
 			RuntimeBeanReference expressionHandler = (RuntimeBeanReference) securityMds.getConstructorArgumentValues()
 					.getArgumentValue(1, RuntimeBeanReference.class).getValue();
-
 			expressionVoter.addPropertyValue("expressionHandler", expressionHandler);
-
 			voters.add(expressionVoter.getBeanDefinition());
 		}
 		else {
@@ -709,37 +645,28 @@ class HttpConfigurationBuilder {
 		accessDecisionMgr = new RootBeanDefinition(AffirmativeBased.class);
 		accessDecisionMgr.getConstructorArgumentValues().addGenericArgumentValue(voters);
 		accessDecisionMgr.setSource(this.pc.extractSource(this.httpElt));
-
 		// Set up the access manager reference for http
 		String accessManagerId = this.httpElt.getAttribute(ATT_ACCESS_MGR);
-
 		if (!StringUtils.hasText(accessManagerId)) {
 			accessManagerId = this.pc.getReaderContext().generateBeanName(accessDecisionMgr);
 			this.pc.registerBeanComponent(new BeanComponentDefinition(accessDecisionMgr, accessManagerId));
 		}
-
 		BeanDefinitionBuilder builder = BeanDefinitionBuilder.rootBeanDefinition(FilterSecurityInterceptor.class);
-
 		builder.addPropertyReference("accessDecisionManager", accessManagerId);
 		builder.addPropertyValue("authenticationManager", authManager);
-
 		if ("false".equals(this.httpElt.getAttribute(ATT_ONCE_PER_REQUEST))) {
 			builder.addPropertyValue("observeOncePerRequest", Boolean.FALSE);
 		}
-
 		builder.addPropertyValue("securityMetadataSource", securityMds);
 		BeanDefinition fsiBean = builder.getBeanDefinition();
 		String fsiId = this.pc.getReaderContext().generateBeanName(fsiBean);
 		this.pc.registerBeanComponent(new BeanComponentDefinition(fsiBean, fsiId));
-
 		// Create and register a DefaultWebInvocationPrivilegeEvaluator for use with
 		// taglibs etc.
 		BeanDefinition wipe = new RootBeanDefinition(DefaultWebInvocationPrivilegeEvaluator.class);
 		wipe.getConstructorArgumentValues().addGenericArgumentValue(new RuntimeBeanReference(fsiId));
-
 		this.pc.registerBeanComponent(
 				new BeanComponentDefinition(wipe, this.pc.getReaderContext().generateBeanName(wipe)));
-
 		this.fsi = new RuntimeBeanReference(fsiId);
 	}
 
@@ -758,12 +685,10 @@ class HttpConfigurationBuilder {
 		Element elmt = DomUtils.getChildElementByTagName(this.httpElt, Elements.CSRF);
 		this.csrfParser = new CsrfBeanDefinitionParser();
 		this.csrfFilter = this.csrfParser.parse(elmt, this.pc);
-
 		if (this.csrfFilter == null) {
 			this.csrfParser = null;
 			return;
 		}
-
 		this.csrfAuthStrategy = this.csrfParser.getCsrfAuthenticationStrategy();
 		this.csrfLogoutHandler = this.csrfParser.getCsrfLogoutHandler();
 	}
@@ -786,51 +711,38 @@ class HttpConfigurationBuilder {
 
 	List<OrderDecorator> getFilters() {
 		List<OrderDecorator> filters = new ArrayList<>();
-
 		if (this.cpf != null) {
 			filters.add(new OrderDecorator(this.cpf, SecurityFilters.CHANNEL_FILTER));
 		}
-
 		if (this.concurrentSessionFilter != null) {
 			filters.add(new OrderDecorator(this.concurrentSessionFilter, SecurityFilters.CONCURRENT_SESSION_FILTER));
 		}
-
 		if (this.webAsyncManagerFilter != null) {
 			filters.add(new OrderDecorator(this.webAsyncManagerFilter, SecurityFilters.WEB_ASYNC_MANAGER_FILTER));
 		}
-
 		filters.add(new OrderDecorator(this.securityContextPersistenceFilter, SecurityFilters.SECURITY_CONTEXT_FILTER));
-
 		if (this.servApiFilter != null) {
 			filters.add(new OrderDecorator(this.servApiFilter, SecurityFilters.SERVLET_API_SUPPORT_FILTER));
 		}
-
 		if (this.jaasApiFilter != null) {
 			filters.add(new OrderDecorator(this.jaasApiFilter, SecurityFilters.JAAS_API_SUPPORT_FILTER));
 		}
-
 		if (this.sfpf != null) {
 			filters.add(new OrderDecorator(this.sfpf, SecurityFilters.SESSION_MANAGEMENT_FILTER));
 		}
-
 		filters.add(new OrderDecorator(this.fsi, SecurityFilters.FILTER_SECURITY_INTERCEPTOR));
-
 		if (this.sessionPolicy != SessionCreationPolicy.STATELESS) {
 			filters.add(new OrderDecorator(this.requestCacheAwareFilter, SecurityFilters.REQUEST_CACHE_FILTER));
 		}
-
 		if (this.corsFilter != null) {
 			filters.add(new OrderDecorator(this.corsFilter, SecurityFilters.CORS_FILTER));
 		}
-
 		if (this.addHeadersFilter != null) {
 			filters.add(new OrderDecorator(this.addHeadersFilter, SecurityFilters.HEADERS_FILTER));
 		}
-
 		if (this.csrfFilter != null) {
 			filters.add(new OrderDecorator(this.csrfFilter, SecurityFilters.CSRF_FILTER));
 		}
-
 		return filters;
 	}
 
diff --git a/config/src/main/java/org/springframework/security/config/http/HttpFirewallBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/HttpFirewallBeanDefinitionParser.java
index eaba9f3896..2a166c662d 100644
--- a/config/src/main/java/org/springframework/security/config/http/HttpFirewallBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/HttpFirewallBeanDefinitionParser.java
@@ -36,16 +36,13 @@ public class HttpFirewallBeanDefinitionParser implements BeanDefinitionParser {
 	@Override
 	public BeanDefinition parse(Element element, ParserContext pc) {
 		String ref = element.getAttribute("ref");
-
 		if (!StringUtils.hasText(ref)) {
 			pc.getReaderContext().error("ref attribute is required", pc.extractSource(element));
 		}
-
 		// Ensure the FCP is registered.
 		HttpSecurityBeanDefinitionParser.registerFilterChainProxyIfNecessary(pc, pc.extractSource(element));
 		BeanDefinition filterChainProxy = pc.getRegistry().getBeanDefinition(BeanIds.FILTER_CHAIN_PROXY);
 		filterChainProxy.getPropertyValues().addPropertyValue("firewall", new RuntimeBeanReference(ref));
-
 		return null;
 	}
 
diff --git a/config/src/main/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParser.java
index c63a70eab9..970245d134 100644
--- a/config/src/main/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParser.java
@@ -69,11 +69,15 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
 	private static final Log logger = LogFactory.getLog(HttpSecurityBeanDefinitionParser.class);
 
 	private static final String ATT_AUTHENTICATION_MANAGER_REF = "authentication-manager-ref";
+
 	static final String ATT_REQUEST_MATCHER_REF = "request-matcher-ref";
+
 	static final String ATT_PATH_PATTERN = "pattern";
+
 	static final String ATT_HTTP_METHOD = "method";
 
 	static final String ATT_FILTERS = "filters";
+
 	static final String OPT_FILTERS_NONE = "none";
 
 	static final String ATT_REQUIRES_CHANNEL = "requires-channel";
@@ -84,6 +88,12 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
 
 	private static final String OPT_SECURITY_NONE = "none";
 
+	private static final String ATT_AFTER = "after";
+
+	private static final String ATT_BEFORE = "before";
+
+	private static final String ATT_POSITION = "position";
+
 	public HttpSecurityBeanDefinitionParser() {
 	}
 
@@ -102,16 +112,12 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
 		CompositeComponentDefinition compositeDef = new CompositeComponentDefinition(element.getTagName(),
 				pc.extractSource(element));
 		pc.pushContainingComponent(compositeDef);
-
 		registerFilterChainProxyIfNecessary(pc, pc.extractSource(element));
-
 		// Obtain the filter chains and add the new chain to it
 		BeanDefinition listFactoryBean = pc.getRegistry().getBeanDefinition(BeanIds.FILTER_CHAINS);
 		List<BeanReference> filterChains = (List<BeanReference>) listFactoryBean.getPropertyValues()
 				.getPropertyValue("sourceList").getValue();
-
 		filterChains.add(createFilterChain(element, pc));
-
 		pc.popAndRegisterContainingComponent();
 		return null;
 	}
@@ -121,76 +127,62 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
 	 */
 	private BeanReference createFilterChain(Element element, ParserContext pc) {
 		boolean secured = !OPT_SECURITY_NONE.equals(element.getAttribute(ATT_SECURED));
-
 		if (!secured) {
-			if (!StringUtils.hasText(element.getAttribute(ATT_PATH_PATTERN))
-					&& !StringUtils.hasText(ATT_REQUEST_MATCHER_REF)) {
-				pc.getReaderContext()
-						.error("The '" + ATT_SECURED + "' attribute must be used in combination with" + " the '"
-								+ ATT_PATH_PATTERN + "' or '" + ATT_REQUEST_MATCHER_REF + "' attributes.",
-								pc.extractSource(element));
-			}
-
-			for (int n = 0; n < element.getChildNodes().getLength(); n++) {
-				if (element.getChildNodes().item(n) instanceof Element) {
+			validateSecuredFilterChainElement(element, pc);
+			for (int i = 0; i < element.getChildNodes().getLength(); i++) {
+				if (element.getChildNodes().item(i) instanceof Element) {
 					pc.getReaderContext().error("If you are using <http> to define an unsecured pattern, "
 							+ "it cannot contain child elements.", pc.extractSource(element));
 				}
 			}
-
 			return createSecurityFilterChainBean(element, pc, Collections.emptyList());
 		}
-
-		final BeanReference portMapper = createPortMapper(element, pc);
-		final BeanReference portResolver = createPortResolver(portMapper, pc);
-
+		BeanReference portMapper = createPortMapper(element, pc);
+		BeanReference portResolver = createPortResolver(portMapper, pc);
 		ManagedList<BeanReference> authenticationProviders = new ManagedList<>();
 		BeanReference authenticationManager = createAuthenticationManager(element, pc, authenticationProviders);
-
 		boolean forceAutoConfig = isDefaultHttpConfig(element);
 		HttpConfigurationBuilder httpBldr = new HttpConfigurationBuilder(element, forceAutoConfig, pc, portMapper,
 				portResolver, authenticationManager);
-
 		AuthenticationConfigBuilder authBldr = new AuthenticationConfigBuilder(element, forceAutoConfig, pc,
 				httpBldr.getSessionCreationPolicy(), httpBldr.getRequestCache(), authenticationManager,
 				httpBldr.getSessionStrategy(), portMapper, portResolver, httpBldr.getCsrfLogoutHandler());
-
 		httpBldr.setLogoutHandlers(authBldr.getLogoutHandlers());
 		httpBldr.setEntryPoint(authBldr.getEntryPointBean());
 		httpBldr.setAccessDeniedHandler(authBldr.getAccessDeniedHandlerBean());
 		httpBldr.setCsrfIgnoreRequestMatchers(authBldr.getCsrfIgnoreRequestMatchers());
-
 		authenticationProviders.addAll(authBldr.getProviders());
-
 		List<OrderDecorator> unorderedFilterChain = new ArrayList<>();
-
 		unorderedFilterChain.addAll(httpBldr.getFilters());
 		unorderedFilterChain.addAll(authBldr.getFilters());
 		unorderedFilterChain.addAll(buildCustomFilterList(element, pc));
-
 		unorderedFilterChain.sort(new OrderComparator());
 		checkFilterChainOrder(unorderedFilterChain, pc, pc.extractSource(element));
-
 		// The list of filter beans
 		List<BeanMetadataElement> filterChain = new ManagedList<>();
-
 		for (OrderDecorator od : unorderedFilterChain) {
 			filterChain.add(od.bean);
 		}
-
 		return createSecurityFilterChainBean(element, pc, filterChain);
 	}
 
+	private void validateSecuredFilterChainElement(Element element, ParserContext pc) {
+		if (!StringUtils.hasText(element.getAttribute(ATT_PATH_PATTERN))
+				&& !StringUtils.hasText(ATT_REQUEST_MATCHER_REF)) {
+			String message = "The '" + ATT_SECURED + "' attribute must be used in combination with" + " the '"
+					+ ATT_PATH_PATTERN + "' or '" + ATT_REQUEST_MATCHER_REF + "' attributes.";
+			pc.getReaderContext().error(message, pc.extractSource(element));
+		}
+	}
+
 	private static boolean isDefaultHttpConfig(Element httpElt) {
 		return httpElt.getChildNodes().getLength() == 0 && httpElt.getAttributes().getLength() == 0;
 	}
 
 	private BeanReference createSecurityFilterChainBean(Element element, ParserContext pc, List<?> filterChain) {
 		BeanMetadataElement filterChainMatcher;
-
 		String requestMatcherRef = element.getAttribute(ATT_REQUEST_MATCHER_REF);
 		String filterChainPattern = element.getAttribute(ATT_PATH_PATTERN);
-
 		if (StringUtils.hasText(requestMatcherRef)) {
 			if (StringUtils.hasText(filterChainPattern)) {
 				pc.getReaderContext().error(
@@ -206,14 +198,11 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
 		else {
 			filterChainMatcher = new RootBeanDefinition(AnyRequestMatcher.class);
 		}
-
 		BeanDefinitionBuilder filterChainBldr = BeanDefinitionBuilder
 				.rootBeanDefinition(DefaultSecurityFilterChain.class);
 		filterChainBldr.addConstructorArgValue(filterChainMatcher);
 		filterChainBldr.addConstructorArgValue(filterChain);
-
 		BeanDefinition filterChainBean = filterChainBldr.getBeanDefinition();
-
 		String id = element.getAttribute("name");
 		if (!StringUtils.hasText(id)) {
 			id = element.getAttribute("id");
@@ -221,9 +210,7 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
 				id = pc.getReaderContext().generateBeanName(filterChainBean);
 			}
 		}
-
 		pc.registerBeanComponent(new BeanComponentDefinition(filterChainBean, id));
-
 		return new RuntimeBeanReference(id);
 	}
 
@@ -234,7 +221,6 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
 				.parse(DomUtils.getChildElementByTagName(elt, Elements.PORT_MAPPINGS), pc);
 		String portMapperName = pc.getReaderContext().generateBeanName(portMapper);
 		pc.registerBeanComponent(new BeanComponentDefinition(portMapper, portMapperName));
-
 		return new RuntimeBeanReference(portMapperName);
 	}
 
@@ -259,7 +245,6 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
 		String parentMgrRef = element.getAttribute(ATT_AUTHENTICATION_MANAGER_REF);
 		BeanDefinitionBuilder authManager = BeanDefinitionBuilder.rootBeanDefinition(ProviderManager.class);
 		authManager.addConstructorArgValue(authenticationProviders);
-
 		if (StringUtils.hasText(parentMgrRef)) {
 			RuntimeBeanReference parentAuthManager = new RuntimeBeanReference(parentMgrRef);
 			authManager.addConstructorArgValue(parentAuthManager);
@@ -268,7 +253,6 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
 			clearCredentials.getPropertyValues().addPropertyValue("targetObject", parentAuthManager);
 			clearCredentials.getPropertyValues().addPropertyValue("targetMethod",
 					"isEraseCredentialsAfterAuthentication");
-
 			authManager.addPropertyValue("eraseCredentialsAfterAuthentication", clearCredentials);
 		}
 		else {
@@ -280,11 +264,9 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
 			clearCredentials.getPropertyValues().addPropertyValue("targetObject", new RuntimeBeanReference(amfbId));
 			clearCredentials.getPropertyValues().addPropertyValue("targetMethod",
 					"isEraseCredentialsAfterAuthentication");
-
 			authManager.addConstructorArgValue(new RuntimeBeanReference(amfbId));
 			authManager.addPropertyValue("eraseCredentialsAfterAuthentication", clearCredentials);
 		}
-
 		// gh-6009
 		authManager.addPropertyValue("authenticationEventPublisher",
 				new RootBeanDefinition(DefaultAuthenticationEventPublisher.class));
@@ -292,16 +274,13 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
 		BeanDefinition authMgrBean = authManager.getBeanDefinition();
 		String id = pc.getReaderContext().generateBeanName(authMgrBean);
 		pc.registerBeanComponent(new BeanComponentDefinition(authMgrBean, id));
-
 		return new RuntimeBeanReference(id);
 	}
 
 	private void checkFilterChainOrder(List<OrderDecorator> filters, ParserContext pc, Object source) {
 		logger.info("Checking sorted filter chain: " + filters);
-
 		for (int i = 0; i < filters.size(); i++) {
 			OrderDecorator filter = filters.get(i);
-
 			if (i > 0) {
 				OrderDecorator previous = filters.get(i - 1);
 				if (filter.getOrder() == previous.getOrder()) {
@@ -320,29 +299,19 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
 	List<OrderDecorator> buildCustomFilterList(Element element, ParserContext pc) {
 		List<Element> customFilterElts = DomUtils.getChildElementsByTagName(element, Elements.CUSTOM_FILTER);
 		List<OrderDecorator> customFilters = new ArrayList<>();
-
-		final String ATT_AFTER = "after";
-		final String ATT_BEFORE = "before";
-		final String ATT_POSITION = "position";
-
 		for (Element elt : customFilterElts) {
 			String after = elt.getAttribute(ATT_AFTER);
 			String before = elt.getAttribute(ATT_BEFORE);
 			String position = elt.getAttribute(ATT_POSITION);
-
 			String ref = elt.getAttribute(ATT_REF);
-
 			if (!StringUtils.hasText(ref)) {
 				pc.getReaderContext().error("The '" + ATT_REF + "' attribute must be supplied", pc.extractSource(elt));
 			}
-
 			RuntimeBeanReference bean = new RuntimeBeanReference(ref);
-
 			if (WebConfigUtils.countNonEmpty(new String[] { after, before, position }) != 1) {
 				pc.getReaderContext().error("A single '" + ATT_AFTER + "', '" + ATT_BEFORE + "', or '" + ATT_POSITION
 						+ "' attribute must be supplied", pc.extractSource(elt));
 			}
-
 			if (StringUtils.hasText(position)) {
 				customFilters.add(new OrderDecorator(bean, SecurityFilters.valueOf(position)));
 			}
@@ -365,7 +334,6 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
 				}
 			}
 		}
-
 		return customFilters;
 	}
 
@@ -379,7 +347,6 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
 		BeanDefinition listFactoryBean = new RootBeanDefinition(ListFactoryBean.class);
 		listFactoryBean.getPropertyValues().add("sourceList", new ManagedList());
 		pc.registerBeanComponent(new BeanComponentDefinition(listFactoryBean, BeanIds.FILTER_CHAINS));
-
 		BeanDefinitionBuilder fcpBldr = BeanDefinitionBuilder.rootBeanDefinition(FilterChainProxy.class);
 		fcpBldr.getRawBeanDefinition().setSource(source);
 		fcpBldr.addConstructorArgReference(BeanIds.FILTER_CHAINS);
@@ -387,7 +354,6 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
 		BeanDefinition fcpBean = fcpBldr.getBeanDefinition();
 		pc.registerBeanComponent(new BeanComponentDefinition(fcpBean, BeanIds.FILTER_CHAIN_PROXY));
 		registry.registerAlias(BeanIds.FILTER_CHAIN_PROXY, BeanIds.SPRING_SECURITY_FILTER_CHAIN);
-
 		BeanDefinitionBuilder requestRejected = BeanDefinitionBuilder
 				.rootBeanDefinition(RequestRejectedHandlerPostProcessor.class);
 		requestRejected.setRole(BeanDefinition.ROLE_INFRASTRUCTURE);
diff --git a/config/src/main/java/org/springframework/security/config/http/LogoutBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/LogoutBeanDefinitionParser.java
index 07aebdfb3a..65c1b3b931 100644
--- a/config/src/main/java/org/springframework/security/config/http/LogoutBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/LogoutBeanDefinitionParser.java
@@ -44,8 +44,11 @@ class LogoutBeanDefinitionParser implements BeanDefinitionParser {
 	static final String ATT_INVALIDATE_SESSION = "invalidate-session";
 
 	static final String ATT_LOGOUT_URL = "logout-url";
+
 	static final String DEF_LOGOUT_URL = "/logout";
+
 	static final String ATT_LOGOUT_HANDLER = "success-handler-ref";
+
 	static final String ATT_DELETE_COOKIES = "delete-cookies";
 
 	final String rememberMeServices;
@@ -72,9 +75,7 @@ class LogoutBeanDefinitionParser implements BeanDefinitionParser {
 		String logoutSuccessUrl = null;
 		String invalidateSession = null;
 		String deleteCookies = null;
-
 		BeanDefinitionBuilder builder = BeanDefinitionBuilder.rootBeanDefinition(LogoutFilter.class);
-
 		if (element != null) {
 			Object source = pc.extractSource(element);
 			builder.getRawBeanDefinition().setSource(source);
@@ -86,13 +87,10 @@ class LogoutBeanDefinitionParser implements BeanDefinitionParser {
 			invalidateSession = element.getAttribute(ATT_INVALIDATE_SESSION);
 			deleteCookies = element.getAttribute(ATT_DELETE_COOKIES);
 		}
-
 		if (!StringUtils.hasText(logoutUrl)) {
 			logoutUrl = DEF_LOGOUT_URL;
 		}
-
 		builder.addPropertyValue("logoutRequestMatcher", getLogoutRequestMatcher(logoutUrl));
-
 		if (StringUtils.hasText(successHandlerRef)) {
 			if (StringUtils.hasText(logoutSuccessUrl)) {
 				pc.getReaderContext().error(
@@ -108,26 +106,20 @@ class LogoutBeanDefinitionParser implements BeanDefinitionParser {
 			}
 			builder.addConstructorArgValue(logoutSuccessUrl);
 		}
-
 		BeanDefinition sclh = new RootBeanDefinition(SecurityContextLogoutHandler.class);
 		sclh.getPropertyValues().addPropertyValue("invalidateHttpSession", !"false".equals(invalidateSession));
 		this.logoutHandlers.add(sclh);
-
 		if (this.rememberMeServices != null) {
 			this.logoutHandlers.add(new RuntimeBeanReference(this.rememberMeServices));
 		}
-
 		if (StringUtils.hasText(deleteCookies)) {
 			BeanDefinition cookieDeleter = new RootBeanDefinition(CookieClearingLogoutHandler.class);
 			String[] names = StringUtils.tokenizeToStringArray(deleteCookies, ",");
 			cookieDeleter.getConstructorArgumentValues().addGenericArgumentValue(names);
 			this.logoutHandlers.add(cookieDeleter);
 		}
-
 		this.logoutHandlers.add(new RootBeanDefinition(LogoutSuccessEventPublishingLogoutHandler.class));
-
 		builder.addConstructorArgValue(this.logoutHandlers);
-
 		return builder.getBeanDefinition();
 	}
 
@@ -138,7 +130,6 @@ class LogoutBeanDefinitionParser implements BeanDefinitionParser {
 		if (this.csrfEnabled) {
 			matcherBuilder.addConstructorArgValue("POST");
 		}
-
 		return matcherBuilder.getBeanDefinition();
 	}
 
diff --git a/config/src/main/java/org/springframework/security/config/http/MatcherType.java b/config/src/main/java/org/springframework/security/config/http/MatcherType.java
index a989ecc8b3..9d65f9ea63 100644
--- a/config/src/main/java/org/springframework/security/config/http/MatcherType.java
+++ b/config/src/main/java/org/springframework/security/config/http/MatcherType.java
@@ -58,13 +58,10 @@ public enum MatcherType {
 		if (("/**".equals(path) || "**".equals(path)) && method == null) {
 			return new RootBeanDefinition(AnyRequestMatcher.class);
 		}
-
 		BeanDefinitionBuilder matcherBldr = BeanDefinitionBuilder.rootBeanDefinition(this.type);
-
 		if (this == mvc) {
 			matcherBldr.addConstructorArgValue(new RootBeanDefinition(HandlerMappingIntrospectorFactoryBean.class));
 		}
-
 		matcherBldr.addConstructorArgValue(path);
 		if (this == mvc) {
 			matcherBldr.addPropertyValue("method", method);
@@ -73,11 +70,9 @@ public enum MatcherType {
 		else {
 			matcherBldr.addConstructorArgValue(method);
 		}
-
 		if (this == ciRegex) {
 			matcherBldr.addConstructorArgValue(true);
 		}
-
 		return matcherBldr.getBeanDefinition();
 	}
 
diff --git a/config/src/main/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParser.java
index 9122d28691..3a72f62585 100644
--- a/config/src/main/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParser.java
@@ -66,7 +66,6 @@ final class OAuth2ClientBeanDefinitionParser implements BeanDefinitionParser {
 	@Override
 	public BeanDefinition parse(Element element, ParserContext parserContext) {
 		Element authorizationCodeGrantElt = DomUtils.getChildElementByTagName(element, ELT_AUTHORIZATION_CODE_GRANT);
-
 		BeanMetadataElement clientRegistrationRepository = OAuth2ClientBeanDefinitionParserUtils
 				.getClientRegistrationRepository(element);
 		BeanMetadataElement authorizedClientRepository = OAuth2ClientBeanDefinitionParserUtils
@@ -80,7 +79,6 @@ final class OAuth2ClientBeanDefinitionParser implements BeanDefinitionParser {
 		}
 		BeanMetadataElement authorizationRequestRepository = getAuthorizationRequestRepository(
 				authorizationCodeGrantElt);
-
 		BeanDefinitionBuilder authorizationRequestRedirectFilterBuilder = BeanDefinitionBuilder
 				.rootBeanDefinition(OAuth2AuthorizationRequestRedirectFilter.class);
 		String authorizationRequestResolverRef = (authorizationCodeGrantElt != null)
@@ -94,7 +92,6 @@ final class OAuth2ClientBeanDefinitionParser implements BeanDefinitionParser {
 		this.authorizationRequestRedirectFilter = authorizationRequestRedirectFilterBuilder
 				.addPropertyValue("authorizationRequestRepository", authorizationRequestRepository)
 				.addPropertyValue("requestCache", this.requestCache).getBeanDefinition();
-
 		this.authorizationCodeGrantFilter = BeanDefinitionBuilder
 				.rootBeanDefinition(OAuth2AuthorizationCodeGrantFilter.class)
 				.addConstructorArgValue(clientRegistrationRepository).addConstructorArgValue(authorizedClientRepository)
@@ -102,7 +99,6 @@ final class OAuth2ClientBeanDefinitionParser implements BeanDefinitionParser {
 				.addPropertyValue("authorizationRequestRepository", authorizationRequestRepository).getBeanDefinition();
 
 		BeanMetadataElement accessTokenResponseClient = getAccessTokenResponseClient(authorizationCodeGrantElt);
-
 		this.authorizationCodeAuthenticationProvider = BeanDefinitionBuilder
 				.rootBeanDefinition(OAuth2AuthorizationCodeAuthenticationProvider.class)
 				.addConstructorArgValue(accessTokenResponseClient).getBeanDefinition();
@@ -111,33 +107,25 @@ final class OAuth2ClientBeanDefinitionParser implements BeanDefinitionParser {
 	}
 
 	private BeanMetadataElement getAuthorizationRequestRepository(Element element) {
-		BeanMetadataElement authorizationRequestRepository;
 		String authorizationRequestRepositoryRef = (element != null)
 				? element.getAttribute(ATT_AUTHORIZATION_REQUEST_REPOSITORY_REF) : null;
 		if (!StringUtils.isEmpty(authorizationRequestRepositoryRef)) {
-			authorizationRequestRepository = new RuntimeBeanReference(authorizationRequestRepositoryRef);
+			return new RuntimeBeanReference(authorizationRequestRepositoryRef);
 		}
-		else {
-			authorizationRequestRepository = BeanDefinitionBuilder.rootBeanDefinition(
-					"org.springframework.security.oauth2.client.web.HttpSessionOAuth2AuthorizationRequestRepository")
-					.getBeanDefinition();
-		}
-		return authorizationRequestRepository;
+		return BeanDefinitionBuilder.rootBeanDefinition(
+				"org.springframework.security.oauth2.client.web.HttpSessionOAuth2AuthorizationRequestRepository")
+				.getBeanDefinition();
 	}
 
 	private BeanMetadataElement getAccessTokenResponseClient(Element element) {
-		BeanMetadataElement accessTokenResponseClient;
 		String accessTokenResponseClientRef = (element != null)
 				? element.getAttribute(ATT_ACCESS_TOKEN_RESPONSE_CLIENT_REF) : null;
 		if (!StringUtils.isEmpty(accessTokenResponseClientRef)) {
-			accessTokenResponseClient = new RuntimeBeanReference(accessTokenResponseClientRef);
+			return new RuntimeBeanReference(accessTokenResponseClientRef);
 		}
-		else {
-			accessTokenResponseClient = BeanDefinitionBuilder.rootBeanDefinition(
-					"org.springframework.security.oauth2.client.endpoint.DefaultAuthorizationCodeTokenResponseClient")
-					.getBeanDefinition();
-		}
-		return accessTokenResponseClient;
+		return BeanDefinitionBuilder.rootBeanDefinition(
+				"org.springframework.security.oauth2.client.endpoint.DefaultAuthorizationCodeTokenResponseClient")
+				.getBeanDefinition();
 	}
 
 	BeanDefinition getDefaultAuthorizedClientRepository() {
diff --git a/config/src/main/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserUtils.java b/config/src/main/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserUtils.java
index 40be5b39aa..8b8a333c7b 100644
--- a/config/src/main/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserUtils.java
+++ b/config/src/main/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserUtils.java
@@ -41,15 +41,11 @@ final class OAuth2ClientBeanDefinitionParserUtils {
 	}
 
 	static BeanMetadataElement getClientRegistrationRepository(Element element) {
-		BeanMetadataElement clientRegistrationRepository;
 		String clientRegistrationRepositoryRef = element.getAttribute(ATT_CLIENT_REGISTRATION_REPOSITORY_REF);
 		if (!StringUtils.isEmpty(clientRegistrationRepositoryRef)) {
-			clientRegistrationRepository = new RuntimeBeanReference(clientRegistrationRepositoryRef);
+			return new RuntimeBeanReference(clientRegistrationRepositoryRef);
 		}
-		else {
-			clientRegistrationRepository = new RuntimeBeanReference(ClientRegistrationRepository.class);
-		}
-		return clientRegistrationRepository;
+		return new RuntimeBeanReference(ClientRegistrationRepository.class);
 	}
 
 	static BeanMetadataElement getAuthorizedClientRepository(Element element) {
diff --git a/config/src/main/java/org/springframework/security/config/http/OAuth2ClientWebMvcSecurityPostProcessor.java b/config/src/main/java/org/springframework/security/config/http/OAuth2ClientWebMvcSecurityPostProcessor.java
index e83d2a593f..a62cd65055 100644
--- a/config/src/main/java/org/springframework/security/config/http/OAuth2ClientWebMvcSecurityPostProcessor.java
+++ b/config/src/main/java/org/springframework/security/config/http/OAuth2ClientWebMvcSecurityPostProcessor.java
@@ -50,11 +50,9 @@ final class OAuth2ClientWebMvcSecurityPostProcessor implements BeanDefinitionReg
 				(ListableBeanFactory) this.beanFactory, ClientRegistrationRepository.class, false, false);
 		String[] authorizedClientRepositoryBeanNames = BeanFactoryUtils.beanNamesForTypeIncludingAncestors(
 				(ListableBeanFactory) this.beanFactory, OAuth2AuthorizedClientRepository.class, false, false);
-
 		if (clientRegistrationRepositoryBeanNames.length != 1 || authorizedClientRepositoryBeanNames.length != 1) {
 			return;
 		}
-
 		for (String beanName : registry.getBeanDefinitionNames()) {
 			BeanDefinition beanDefinition = registry.getBeanDefinition(beanName);
 			if (RequestMappingHandlerAdapter.class.getName().equals(beanDefinition.getBeanClassName())) {
@@ -64,10 +62,8 @@ final class OAuth2ClientWebMvcSecurityPostProcessor implements BeanDefinitionReg
 				if (currentArgumentResolvers != null) {
 					argumentResolvers.addAll((ManagedList<?>) currentArgumentResolvers.getValue());
 				}
-
 				String[] authorizedClientManagerBeanNames = BeanFactoryUtils.beanNamesForTypeIncludingAncestors(
 						(ListableBeanFactory) this.beanFactory, OAuth2AuthorizedClientManager.class, false, false);
-
 				BeanDefinitionBuilder beanDefinitionBuilder = BeanDefinitionBuilder
 						.genericBeanDefinition(OAuth2AuthorizedClientArgumentResolver.class);
 				if (authorizedClientManagerBeanNames.length == 1) {
diff --git a/config/src/main/java/org/springframework/security/config/http/OAuth2LoginBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/OAuth2LoginBeanDefinitionParser.java
index 673e26fb8c..288b09072e 100644
--- a/config/src/main/java/org/springframework/security/config/http/OAuth2LoginBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/OAuth2LoginBeanDefinitionParser.java
@@ -144,7 +144,6 @@ final class OAuth2LoginBeanDefinitionParser implements BeanDefinitionParser {
 		String oauth2LoginBeanConfigId = parserContext.getReaderContext().generateBeanName(oauth2LoginBeanConfig);
 		parserContext
 				.registerBeanComponent(new BeanComponentDefinition(oauth2LoginBeanConfig, oauth2LoginBeanConfigId));
-
 		// configure filter
 		BeanMetadataElement clientRegistrationRepository = OAuth2ClientBeanDefinitionParserUtils
 				.getClientRegistrationRepository(element);
@@ -160,17 +159,14 @@ final class OAuth2LoginBeanDefinitionParser implements BeanDefinitionParser {
 		BeanMetadataElement accessTokenResponseClient = getAccessTokenResponseClient(element);
 		BeanMetadataElement oauth2UserService = getOAuth2UserService(element);
 		BeanMetadataElement authorizationRequestRepository = getAuthorizationRequestRepository(element);
-
 		BeanDefinitionBuilder oauth2LoginAuthenticationFilterBuilder = BeanDefinitionBuilder
 				.rootBeanDefinition(OAuth2LoginAuthenticationFilter.class)
 				.addConstructorArgValue(clientRegistrationRepository).addConstructorArgValue(authorizedClientRepository)
 				.addPropertyValue("authorizationRequestRepository", authorizationRequestRepository);
-
 		if (this.sessionStrategy != null) {
 			oauth2LoginAuthenticationFilterBuilder.addPropertyValue("sessionAuthenticationStrategy",
 					this.sessionStrategy);
 		}
-
 		Object source = parserContext.extractSource(element);
 		String loginProcessingUrl = element.getAttribute(ATT_LOGIN_PROCESSING_URL);
 		if (!StringUtils.isEmpty(loginProcessingUrl)) {
@@ -181,25 +177,19 @@ final class OAuth2LoginBeanDefinitionParser implements BeanDefinitionParser {
 			oauth2LoginAuthenticationFilterBuilder
 					.addConstructorArgValue(OAuth2LoginAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI);
 		}
-
 		BeanDefinitionBuilder oauth2LoginAuthenticationProviderBuilder = BeanDefinitionBuilder
 				.rootBeanDefinition(OAuth2LoginAuthenticationProvider.class)
 				.addConstructorArgValue(accessTokenResponseClient).addConstructorArgValue(oauth2UserService);
-
 		String userAuthoritiesMapperRef = element.getAttribute(ATT_USER_AUTHORITIES_MAPPER_REF);
 		if (!StringUtils.isEmpty(userAuthoritiesMapperRef)) {
 			oauth2LoginAuthenticationProviderBuilder.addPropertyReference("authoritiesMapper",
 					userAuthoritiesMapperRef);
 		}
-
 		this.oauth2LoginAuthenticationProvider = oauth2LoginAuthenticationProviderBuilder.getBeanDefinition();
-
 		this.oauth2LoginOidcAuthenticationProvider = getOidcAuthProvider(element, accessTokenResponseClient,
 				userAuthoritiesMapperRef);
-
 		BeanDefinitionBuilder oauth2AuthorizationRequestRedirectFilterBuilder = BeanDefinitionBuilder
 				.rootBeanDefinition(OAuth2AuthorizationRequestRedirectFilter.class);
-
 		String authorizationRequestResolverRef = element.getAttribute(ATT_AUTHORIZATION_REQUEST_RESOLVER_REF);
 		if (!StringUtils.isEmpty(authorizationRequestResolverRef)) {
 			oauth2AuthorizationRequestRedirectFilterBuilder.addConstructorArgReference(authorizationRequestResolverRef);
@@ -207,13 +197,11 @@ final class OAuth2LoginBeanDefinitionParser implements BeanDefinitionParser {
 		else {
 			oauth2AuthorizationRequestRedirectFilterBuilder.addConstructorArgValue(clientRegistrationRepository);
 		}
-
 		oauth2AuthorizationRequestRedirectFilterBuilder
 				.addPropertyValue("authorizationRequestRepository", authorizationRequestRepository)
 				.addPropertyValue("requestCache", this.requestCache);
 		this.oauth2AuthorizationRequestRedirectFilter = oauth2AuthorizationRequestRedirectFilterBuilder
 				.getBeanDefinition();
-
 		String authenticationSuccessHandlerRef = element.getAttribute(ATT_AUTHENTICATION_SUCCESS_HANDLER_REF);
 		if (!StringUtils.isEmpty(authenticationSuccessHandlerRef)) {
 			oauth2LoginAuthenticationFilterBuilder.addPropertyReference("authenticationSuccessHandler",
@@ -226,7 +214,6 @@ final class OAuth2LoginBeanDefinitionParser implements BeanDefinitionParser {
 			oauth2LoginAuthenticationFilterBuilder.addPropertyValue("authenticationSuccessHandler",
 					successHandlerBuilder.getBeanDefinition());
 		}
-
 		String loginPage = element.getAttribute(ATT_LOGIN_PAGE);
 		if (!StringUtils.isEmpty(loginPage)) {
 			WebConfigUtils.validateHttpRedirect(loginPage, parserContext, source);
@@ -244,7 +231,6 @@ final class OAuth2LoginBeanDefinitionParser implements BeanDefinitionParser {
 						.getBeanDefinition();
 			}
 		}
-
 		String authenticationFailureHandlerRef = element.getAttribute(ATT_AUTHENTICATION_FAILURE_HANDLER_REF);
 		if (!StringUtils.isEmpty(authenticationFailureHandlerRef)) {
 			oauth2LoginAuthenticationFilterBuilder.addPropertyReference("authenticationFailureHandler",
@@ -259,95 +245,71 @@ final class OAuth2LoginBeanDefinitionParser implements BeanDefinitionParser {
 			oauth2LoginAuthenticationFilterBuilder.addPropertyValue("authenticationFailureHandler",
 					failureHandlerBuilder.getBeanDefinition());
 		}
-
 		// prepare loginlinks
 		this.oauth2LoginLinks = BeanDefinitionBuilder.rootBeanDefinition(Map.class)
 				.setFactoryMethodOnBean("getLoginLinks", oauth2LoginBeanConfigId).getBeanDefinition();
-
 		return oauth2LoginAuthenticationFilterBuilder.getBeanDefinition();
 	}
 
 	private BeanMetadataElement getAuthorizationRequestRepository(Element element) {
-		BeanMetadataElement authorizationRequestRepository;
 		String authorizationRequestRepositoryRef = element.getAttribute(ATT_AUTHORIZATION_REQUEST_REPOSITORY_REF);
 		if (!StringUtils.isEmpty(authorizationRequestRepositoryRef)) {
-			authorizationRequestRepository = new RuntimeBeanReference(authorizationRequestRepositoryRef);
+			return new RuntimeBeanReference(authorizationRequestRepositoryRef);
 		}
-		else {
-			authorizationRequestRepository = BeanDefinitionBuilder.rootBeanDefinition(
-					"org.springframework.security.oauth2.client.web.HttpSessionOAuth2AuthorizationRequestRepository")
-					.getBeanDefinition();
-		}
-		return authorizationRequestRepository;
+		return BeanDefinitionBuilder.rootBeanDefinition(
+				"org.springframework.security.oauth2.client.web.HttpSessionOAuth2AuthorizationRequestRepository")
+				.getBeanDefinition();
 	}
 
 	private BeanDefinition getOidcAuthProvider(Element element, BeanMetadataElement accessTokenResponseClient,
 			String userAuthoritiesMapperRef) {
-
 		boolean oidcAuthenticationProviderEnabled = ClassUtils
 				.isPresent("org.springframework.security.oauth2.jwt.JwtDecoder", this.getClass().getClassLoader());
 		if (!oidcAuthenticationProviderEnabled) {
 			return BeanDefinitionBuilder.rootBeanDefinition(OidcAuthenticationRequestChecker.class).getBeanDefinition();
 		}
-
 		BeanMetadataElement oidcUserService = getOidcUserService(element);
-
 		BeanDefinitionBuilder oidcAuthProviderBuilder = BeanDefinitionBuilder.rootBeanDefinition(
 				"org.springframework.security.oauth2.client.oidc.authentication.OidcAuthorizationCodeAuthenticationProvider")
 				.addConstructorArgValue(accessTokenResponseClient).addConstructorArgValue(oidcUserService);
-
 		if (!StringUtils.isEmpty(userAuthoritiesMapperRef)) {
 			oidcAuthProviderBuilder.addPropertyReference("authoritiesMapper", userAuthoritiesMapperRef);
 		}
-
 		String jwtDecoderFactoryRef = element.getAttribute(ATT_JWT_DECODER_FACTORY_REF);
 		if (!StringUtils.isEmpty(jwtDecoderFactoryRef)) {
 			oidcAuthProviderBuilder.addPropertyReference("jwtDecoderFactory", jwtDecoderFactoryRef);
 		}
-
 		return oidcAuthProviderBuilder.getBeanDefinition();
 	}
 
 	private BeanMetadataElement getOidcUserService(Element element) {
-		BeanMetadataElement oidcUserService;
 		String oidcUserServiceRef = element.getAttribute(ATT_OIDC_USER_SERVICE_REF);
 		if (!StringUtils.isEmpty(oidcUserServiceRef)) {
-			oidcUserService = new RuntimeBeanReference(oidcUserServiceRef);
+			return new RuntimeBeanReference(oidcUserServiceRef);
 		}
-		else {
-			oidcUserService = BeanDefinitionBuilder
-					.rootBeanDefinition("org.springframework.security.oauth2.client.oidc.userinfo.OidcUserService")
-					.getBeanDefinition();
-		}
-		return oidcUserService;
+		return BeanDefinitionBuilder
+				.rootBeanDefinition("org.springframework.security.oauth2.client.oidc.userinfo.OidcUserService")
+				.getBeanDefinition();
 	}
 
 	private BeanMetadataElement getOAuth2UserService(Element element) {
-		BeanMetadataElement oauth2UserService;
 		String oauth2UserServiceRef = element.getAttribute(ATT_USER_SERVICE_REF);
 		if (!StringUtils.isEmpty(oauth2UserServiceRef)) {
-			oauth2UserService = new RuntimeBeanReference(oauth2UserServiceRef);
+			return new RuntimeBeanReference(oauth2UserServiceRef);
 		}
-		else {
-			oauth2UserService = BeanDefinitionBuilder
-					.rootBeanDefinition("org.springframework.security.oauth2.client.userinfo.DefaultOAuth2UserService")
-					.getBeanDefinition();
-		}
-		return oauth2UserService;
+		return BeanDefinitionBuilder
+				.rootBeanDefinition("org.springframework.security.oauth2.client.userinfo.DefaultOAuth2UserService")
+				.getBeanDefinition();
 	}
 
 	private BeanMetadataElement getAccessTokenResponseClient(Element element) {
-		BeanMetadataElement accessTokenResponseClient;
 		String accessTokenResponseClientRef = element.getAttribute(ATT_ACCESS_TOKEN_RESPONSE_CLIENT_REF);
 		if (!StringUtils.isEmpty(accessTokenResponseClientRef)) {
-			accessTokenResponseClient = new RuntimeBeanReference(accessTokenResponseClientRef);
+			return new RuntimeBeanReference(accessTokenResponseClientRef);
 		}
-		else {
-			accessTokenResponseClient = BeanDefinitionBuilder.rootBeanDefinition(
-					"org.springframework.security.oauth2.client.endpoint.DefaultAuthorizationCodeTokenResponseClient")
-					.getBeanDefinition();
-		}
-		return accessTokenResponseClient;
+		return BeanDefinitionBuilder.rootBeanDefinition(
+				"org.springframework.security.oauth2.client.endpoint.DefaultAuthorizationCodeTokenResponseClient")
+				.getBeanDefinition();
 	}
 
 	BeanDefinition getDefaultAuthorizedClientRepository() {
@@ -386,10 +348,8 @@ final class OAuth2LoginBeanDefinitionParser implements BeanDefinitionParser {
 				RequestMatcher defaultEntryPointMatcher = this.getAuthenticationEntryPointMatcher();
 				RequestMatcher defaultLoginPageMatcher = new AndRequestMatcher(
 						new OrRequestMatcher(loginPageMatcher, faviconMatcher), defaultEntryPointMatcher);
-
 				RequestMatcher notXRequestedWith = new NegatedRequestMatcher(
 						new RequestHeaderRequestMatcher("X-Requested-With", "XMLHttpRequest"));
-
 				Element clientRegElt = clientRegList.get(0);
 				entryPoints = new LinkedHashMap<>();
 				entryPoints.put(
@@ -417,22 +377,19 @@ final class OAuth2LoginBeanDefinitionParser implements BeanDefinitionParser {
 		@Override
 		public Authentication authenticate(Authentication authentication) throws AuthenticationException {
 			OAuth2LoginAuthenticationToken authorizationCodeAuthentication = (OAuth2LoginAuthenticationToken) authentication;
-
-			// Section 3.1.2.1 Authentication Request -
-			// https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
-			// scope
-			// REQUIRED. OpenID Connect requests MUST contain the "openid" scope value.
-			if (authorizationCodeAuthentication.getAuthorizationExchange().getAuthorizationRequest().getScopes()
+			if (!authorizationCodeAuthentication.getAuthorizationExchange().getAuthorizationRequest().getScopes()
 					.contains(OidcScopes.OPENID)) {
-
-				OAuth2Error oauth2Error = new OAuth2Error("oidc_provider_not_configured",
-						"An OpenID Connect Authentication Provider has not been configured. "
-								+ "Check to ensure you include the dependency 'spring-security-oauth2-jose'.",
-						null);
-				throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
+				return null;
 			}
-
-			return null;
+			// Section 3.1.2.1 Authentication Request -
+			// https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest scope
+			// REQUIRED. OpenID Connect requests MUST contain the "openid" scope
+			// value.
+			OAuth2Error oauth2Error = new OAuth2Error("oidc_provider_not_configured",
+					"An OpenID Connect Authentication Provider has not been configured. "
+							+ "Check to ensure you include the dependency 'spring-security-oauth2-jose'.",
+					null);
+			throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
 		}
 
 		@Override
@@ -466,13 +423,11 @@ final class OAuth2LoginBeanDefinitionParser implements BeanDefinitionParser {
 			if (clientRegistrations == null) {
 				return Collections.emptyMap();
 			}
-
 			String authorizationRequestBaseUri = DEFAULT_AUTHORIZATION_REQUEST_BASE_URI;
 			Map<String, String> loginUrlToClientName = new HashMap<>();
 			clientRegistrations.forEach((registration) -> loginUrlToClientName.put(
 					authorizationRequestBaseUri + "/" + registration.getRegistrationId(),
 					registration.getClientName()));
-
 			return loginUrlToClientName;
 		}
 
diff --git a/config/src/main/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParser.java
index 7d5d9ba6f0..2be6d13796 100644
--- a/config/src/main/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParser.java
@@ -62,10 +62,13 @@ import org.springframework.util.xml.DomUtils;
 final class OAuth2ResourceServerBeanDefinitionParser implements BeanDefinitionParser {
 
 	static final String AUTHENTICATION_MANAGER_RESOLVER_REF = "authentication-manager-resolver-ref";
+
 	static final String BEARER_TOKEN_RESOLVER_REF = "bearer-token-resolver-ref";
+
 	static final String ENTRY_POINT_REF = "entry-point-ref";
 
 	static final String BEARER_TOKEN_RESOLVER = "bearerTokenResolver";
+
 	static final String AUTHENTICATION_ENTRY_POINT = "authenticationEntryPoint";
 
 	private final BeanReference authenticationManager;
@@ -105,34 +108,27 @@ final class OAuth2ResourceServerBeanDefinitionParser implements BeanDefinitionPa
 	public BeanDefinition parse(Element oauth2ResourceServer, ParserContext pc) {
 		Element jwt = DomUtils.getChildElementByTagName(oauth2ResourceServer, Elements.JWT);
 		Element opaqueToken = DomUtils.getChildElementByTagName(oauth2ResourceServer, Elements.OPAQUE_TOKEN);
-
 		validateConfiguration(oauth2ResourceServer, jwt, opaqueToken, pc);
-
 		if (jwt != null) {
 			BeanDefinition jwtAuthenticationProvider = new JwtBeanDefinitionParser().parse(jwt, pc);
 			this.authenticationProviders.add(new RuntimeBeanReference(
 					pc.getReaderContext().registerWithGeneratedName(jwtAuthenticationProvider)));
 		}
-
 		if (opaqueToken != null) {
 			BeanDefinition opaqueTokenAuthenticationProvider = new OpaqueTokenBeanDefinitionParser().parse(opaqueToken,
 					pc);
 			this.authenticationProviders.add(new RuntimeBeanReference(
 					pc.getReaderContext().registerWithGeneratedName(opaqueTokenAuthenticationProvider)));
 		}
-
 		BeanMetadataElement bearerTokenResolver = getBearerTokenResolver(oauth2ResourceServer);
 		BeanDefinitionBuilder requestMatcherBuilder = BeanDefinitionBuilder
 				.rootBeanDefinition(BearerTokenRequestMatcher.class);
 		requestMatcherBuilder.addConstructorArgValue(bearerTokenResolver);
 		BeanDefinition requestMatcher = requestMatcherBuilder.getBeanDefinition();
-
 		BeanMetadataElement authenticationEntryPoint = getEntryPoint(oauth2ResourceServer);
-
 		this.entryPoints.put(requestMatcher, authenticationEntryPoint);
 		this.deniedHandlers.put(requestMatcher, this.accessDeniedHandler);
 		this.ignoreCsrfRequestMatchers.add(requestMatcher);
-
 		BeanDefinitionBuilder filterBuilder = BeanDefinitionBuilder
 				.rootBeanDefinition(BearerTokenAuthenticationFilter.class);
 		BeanMetadataElement authenticationManagerResolver = getAuthenticationManagerResolver(oauth2ResourceServer);
@@ -145,22 +141,19 @@ final class OAuth2ResourceServerBeanDefinitionParser implements BeanDefinitionPa
 	void validateConfiguration(Element oauth2ResourceServer, Element jwt, Element opaqueToken, ParserContext pc) {
 		if (!oauth2ResourceServer.hasAttribute(AUTHENTICATION_MANAGER_RESOLVER_REF)) {
 			if (jwt == null && opaqueToken == null) {
-				pc.getReaderContext()
-						.error("Didn't find authentication-manager-resolver-ref, <jwt>, or <opaque-token>. "
-								+ "Please select one.", oauth2ResourceServer);
+				pc.getReaderContext().error("Didn't find authentication-manager-resolver-ref, "
+						+ "<jwt>, or <opaque-token>. " + "Please select one.", oauth2ResourceServer);
 			}
 			return;
 		}
-
 		if (jwt != null) {
 			pc.getReaderContext().error(
-					"Found <jwt> as well as authentication-manager-resolver-ref. " + "Please select just one.",
+					"Found <jwt> as well as authentication-manager-resolver-ref. Please select just one.",
 					oauth2ResourceServer);
 		}
-
 		if (opaqueToken != null) {
 			pc.getReaderContext().error(
-					"Found <opaque-token> as well as authentication-manager-resolver-ref. " + "Please select just one.",
+					"Found <opaque-token> as well as authentication-manager-resolver-ref. Please select just one.",
 					oauth2ResourceServer);
 		}
 	}
@@ -181,9 +174,7 @@ final class OAuth2ResourceServerBeanDefinitionParser implements BeanDefinitionPa
 		if (StringUtils.isEmpty(bearerTokenResolverRef)) {
 			return new RootBeanDefinition(DefaultBearerTokenResolver.class);
 		}
-		else {
-			return new RuntimeBeanReference(bearerTokenResolverRef);
-		}
+		return new RuntimeBeanReference(bearerTokenResolverRef);
 	}
 
 	BeanMetadataElement getEntryPoint(Element element) {
@@ -191,34 +182,35 @@ final class OAuth2ResourceServerBeanDefinitionParser implements BeanDefinitionPa
 		if (StringUtils.isEmpty(entryPointRef)) {
 			return this.authenticationEntryPoint;
 		}
-		else {
-			return new RuntimeBeanReference(entryPointRef);
-		}
+		return new RuntimeBeanReference(entryPointRef);
 	}
 
 	static final class JwtBeanDefinitionParser implements BeanDefinitionParser {
 
 		static final String DECODER_REF = "decoder-ref";
+
 		static final String JWK_SET_URI = "jwk-set-uri";
+
 		static final String JWT_AUTHENTICATION_CONVERTER_REF = "jwt-authentication-converter-ref";
+
 		static final String JWT_AUTHENTICATION_CONVERTER = "jwtAuthenticationConverter";
 
+		JwtBeanDefinitionParser() {
+		}
+
 		@Override
 		public BeanDefinition parse(Element element, ParserContext pc) {
 			validateConfiguration(element, pc);
-
 			BeanDefinitionBuilder jwtProviderBuilder = BeanDefinitionBuilder
 					.rootBeanDefinition(JwtAuthenticationProvider.class);
 			jwtProviderBuilder.addConstructorArgValue(getDecoder(element));
 			jwtProviderBuilder.addPropertyValue(JWT_AUTHENTICATION_CONVERTER, getJwtAuthenticationConverter(element));
-
 			return jwtProviderBuilder.getBeanDefinition();
 		}
 
 		void validateConfiguration(Element element, ParserContext pc) {
 			boolean usesDecoder = element.hasAttribute(DECODER_REF);
 			boolean usesJwkSetUri = element.hasAttribute(JWK_SET_URI);
-
 			if (usesDecoder == usesJwkSetUri) {
 				pc.getReaderContext().error("Please specify either decoder-ref or jwk-set-uri.", element);
 			}
@@ -229,7 +221,6 @@ final class OAuth2ResourceServerBeanDefinitionParser implements BeanDefinitionPa
 			if (!StringUtils.isEmpty(decoderRef)) {
 				return new RuntimeBeanReference(decoderRef);
 			}
-
 			BeanDefinitionBuilder builder = BeanDefinitionBuilder
 					.rootBeanDefinition(NimbusJwtDecoderJwkSetUriFactoryBean.class);
 			builder.addConstructorArgValue(element.getAttribute(JWK_SET_URI));
@@ -238,14 +229,8 @@ final class OAuth2ResourceServerBeanDefinitionParser implements BeanDefinitionPa
 
 		Object getJwtAuthenticationConverter(Element element) {
 			String jwtDecoderRef = element.getAttribute(JWT_AUTHENTICATION_CONVERTER_REF);
-			if (!StringUtils.isEmpty(jwtDecoderRef)) {
-				return new RuntimeBeanReference(jwtDecoderRef);
-			}
-
-			return new JwtAuthenticationConverter();
-		}
-
-		JwtBeanDefinitionParser() {
+			return (!StringUtils.isEmpty(jwtDecoderRef)) ? new RuntimeBeanReference(jwtDecoderRef)
+					: new JwtAuthenticationConverter();
 		}
 
 	}
@@ -253,19 +238,23 @@ final class OAuth2ResourceServerBeanDefinitionParser implements BeanDefinitionPa
 	static final class OpaqueTokenBeanDefinitionParser implements BeanDefinitionParser {
 
 		static final String INTROSPECTOR_REF = "introspector-ref";
+
 		static final String INTROSPECTION_URI = "introspection-uri";
+
 		static final String CLIENT_ID = "client-id";
+
 		static final String CLIENT_SECRET = "client-secret";
 
+		OpaqueTokenBeanDefinitionParser() {
+		}
+
 		@Override
 		public BeanDefinition parse(Element element, ParserContext pc) {
 			validateConfiguration(element, pc);
-
 			BeanMetadataElement introspector = getIntrospector(element);
 			BeanDefinitionBuilder opaqueTokenProviderBuilder = BeanDefinitionBuilder
 					.rootBeanDefinition(OpaqueTokenAuthenticationProvider.class);
 			opaqueTokenProviderBuilder.addConstructorArgValue(introspector);
-
 			return opaqueTokenProviderBuilder.getBeanDefinition();
 		}
 
@@ -273,13 +262,11 @@ final class OAuth2ResourceServerBeanDefinitionParser implements BeanDefinitionPa
 			boolean usesIntrospector = element.hasAttribute(INTROSPECTOR_REF);
 			boolean usesEndpoint = element.hasAttribute(INTROSPECTION_URI) || element.hasAttribute(CLIENT_ID)
 					|| element.hasAttribute(CLIENT_SECRET);
-
 			if (usesIntrospector == usesEndpoint) {
 				pc.getReaderContext().error("Please specify either introspector-ref or all of "
 						+ "introspection-uri, client-id, and client-secret.", element);
 				return;
 			}
-
 			if (usesEndpoint) {
 				if (!(element.hasAttribute(INTROSPECTION_URI) && element.hasAttribute(CLIENT_ID)
 						&& element.hasAttribute(CLIENT_SECRET))) {
@@ -294,23 +281,17 @@ final class OAuth2ResourceServerBeanDefinitionParser implements BeanDefinitionPa
 			if (!StringUtils.isEmpty(introspectorRef)) {
 				return new RuntimeBeanReference(introspectorRef);
 			}
-
 			String introspectionUri = element.getAttribute(INTROSPECTION_URI);
 			String clientId = element.getAttribute(CLIENT_ID);
 			String clientSecret = element.getAttribute(CLIENT_SECRET);
-
 			BeanDefinitionBuilder introspectorBuilder = BeanDefinitionBuilder
 					.rootBeanDefinition(NimbusOpaqueTokenIntrospector.class);
 			introspectorBuilder.addConstructorArgValue(introspectionUri);
 			introspectorBuilder.addConstructorArgValue(clientId);
 			introspectorBuilder.addConstructorArgValue(clientSecret);
-
 			return introspectorBuilder.getBeanDefinition();
 		}
 
-		OpaqueTokenBeanDefinitionParser() {
-		}
-
 	}
 
 	static final class StaticAuthenticationManagerResolver
diff --git a/config/src/main/java/org/springframework/security/config/http/PortMappingsBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/PortMappingsBeanDefinitionParser.java
index e6a844a196..dff5ebfa5b 100644
--- a/config/src/main/java/org/springframework/security/config/http/PortMappingsBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/PortMappingsBeanDefinitionParser.java
@@ -48,33 +48,25 @@ class PortMappingsBeanDefinitionParser implements BeanDefinitionParser {
 	public BeanDefinition parse(Element element, ParserContext parserContext) {
 		RootBeanDefinition portMapper = new RootBeanDefinition(PortMapperImpl.class);
 		portMapper.setSource(parserContext.extractSource(element));
-
 		if (element != null) {
 			List<Element> mappingElts = DomUtils.getChildElementsByTagName(element, Elements.PORT_MAPPING);
 			if (mappingElts.isEmpty()) {
 				parserContext.getReaderContext().error("No port-mapping child elements specified", element);
 			}
-
 			Map mappings = new ManagedMap();
-
 			for (Element elt : mappingElts) {
 				String httpPort = elt.getAttribute(ATT_HTTP_PORT);
 				String httpsPort = elt.getAttribute(ATT_HTTPS_PORT);
-
 				if (!StringUtils.hasText(httpPort)) {
 					parserContext.getReaderContext().error("No http port supplied in port mapping", elt);
 				}
-
 				if (!StringUtils.hasText(httpsPort)) {
 					parserContext.getReaderContext().error("No https port supplied in port mapping", elt);
 				}
-
 				mappings.put(httpPort, httpsPort);
 			}
-
 			portMapper.getPropertyValues().addPropertyValue("portMappings", mappings);
 		}
-
 		return portMapper;
 	}
 
diff --git a/config/src/main/java/org/springframework/security/config/http/RememberMeBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/RememberMeBeanDefinitionParser.java
index 97bcaa1bda..85ac360cf6 100644
--- a/config/src/main/java/org/springframework/security/config/http/RememberMeBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/RememberMeBeanDefinitionParser.java
@@ -45,14 +45,23 @@ import org.springframework.util.StringUtils;
 class RememberMeBeanDefinitionParser implements BeanDefinitionParser {
 
 	static final String ATT_DATA_SOURCE = "data-source-ref";
+
 	static final String ATT_SERVICES_REF = "services-ref";
+
 	static final String ATT_SERVICES_ALIAS = "services-alias";
+
 	static final String ATT_TOKEN_REPOSITORY = "token-repository-ref";
+
 	static final String ATT_USER_SERVICE_REF = "user-service-ref";
+
 	static final String ATT_SUCCESS_HANDLER_REF = "authentication-success-handler-ref";
+
 	static final String ATT_TOKEN_VALIDITY = "token-validity-seconds";
+
 	static final String ATT_SECURE_COOKIE = "use-secure-cookie";
+
 	static final String ATT_FORM_REMEMBERME_PARAMETER = "remember-me-parameter";
+
 	static final String ATT_REMEMBERME_COOKIE = "remember-me-cookie";
 
 	protected final Log logger = LogFactory.getLog(getClass());
@@ -73,7 +82,6 @@ class RememberMeBeanDefinitionParser implements BeanDefinitionParser {
 		CompositeComponentDefinition compositeDef = new CompositeComponentDefinition(element.getTagName(),
 				pc.extractSource(element));
 		pc.pushContainingComponent(compositeDef);
-
 		String tokenRepository = element.getAttribute(ATT_TOKEN_REPOSITORY);
 		String dataSource = element.getAttribute(ATT_DATA_SOURCE);
 		String userServiceRef = element.getAttribute(ATT_USER_SERVICE_REF);
@@ -84,9 +92,7 @@ class RememberMeBeanDefinitionParser implements BeanDefinitionParser {
 		String remembermeParameter = element.getAttribute(ATT_FORM_REMEMBERME_PARAMETER);
 		String remembermeCookie = element.getAttribute(ATT_REMEMBERME_COOKIE);
 		Object source = pc.extractSource(element);
-
 		RootBeanDefinition services = null;
-
 		boolean dataSourceSet = StringUtils.hasText(dataSource);
 		boolean tokenRepoSet = StringUtils.hasText(tokenRepository);
 		boolean servicesRefSet = StringUtils.hasText(rememberMeServicesRef);
@@ -95,7 +101,6 @@ class RememberMeBeanDefinitionParser implements BeanDefinitionParser {
 		boolean tokenValiditySet = StringUtils.hasText(tokenValiditySeconds);
 		boolean remembermeParameterSet = StringUtils.hasText(remembermeParameter);
 		boolean remembermeCookieSet = StringUtils.hasText(remembermeCookie);
-
 		if (servicesRefSet && (dataSourceSet || tokenRepoSet || userServiceSet || tokenValiditySet || useSecureCookieSet
 				|| remembermeParameterSet || remembermeCookieSet)) {
 			pc.getReaderContext()
@@ -104,18 +109,14 @@ class RememberMeBeanDefinitionParser implements BeanDefinitionParser {
 							+ ATT_SECURE_COOKIE + ", " + ATT_FORM_REMEMBERME_PARAMETER + " or " + ATT_REMEMBERME_COOKIE,
 							source);
 		}
-
 		if (dataSourceSet && tokenRepoSet) {
 			pc.getReaderContext().error("Specify " + ATT_TOKEN_REPOSITORY + " or " + ATT_DATA_SOURCE + " but not both",
 					source);
 		}
-
 		boolean isPersistent = dataSourceSet | tokenRepoSet;
-
 		if (isPersistent) {
 			Object tokenRepo;
 			services = new RootBeanDefinition(PersistentTokenBasedRememberMeServices.class);
-
 			if (tokenRepoSet) {
 				tokenRepo = new RuntimeBeanReference(tokenRepository);
 			}
@@ -129,24 +130,19 @@ class RememberMeBeanDefinitionParser implements BeanDefinitionParser {
 		else if (!servicesRefSet) {
 			services = new RootBeanDefinition(TokenBasedRememberMeServices.class);
 		}
-
 		String servicesName;
-
 		if (services != null) {
 			RootBeanDefinition uds = new RootBeanDefinition();
 			uds.setFactoryBeanName(BeanIds.USER_DETAILS_SERVICE_FACTORY);
 			uds.setFactoryMethodName("cachingUserDetailsService");
 			uds.getConstructorArgumentValues().addGenericArgumentValue(userServiceRef);
-
 			services.getConstructorArgumentValues().addGenericArgumentValue(this.key);
 			services.getConstructorArgumentValues().addGenericArgumentValue(uds);
 			// tokenRepo is already added if it is a
 			// PersistentTokenBasedRememberMeServices
-
 			if (useSecureCookieSet) {
 				services.getPropertyValues().addPropertyValue("useSecureCookie", Boolean.valueOf(useSecureCookie));
 			}
-
 			if (tokenValiditySet) {
 				boolean isTokenValidityNegative = tokenValiditySeconds.startsWith("-");
 				if (isTokenValidityNegative && isPersistent) {
@@ -155,15 +151,12 @@ class RememberMeBeanDefinitionParser implements BeanDefinitionParser {
 				}
 				services.getPropertyValues().addPropertyValue("tokenValiditySeconds", tokenValiditySeconds);
 			}
-
 			if (remembermeParameterSet) {
 				services.getPropertyValues().addPropertyValue("parameter", remembermeParameter);
 			}
-
 			if (remembermeCookieSet) {
 				services.getPropertyValues().addPropertyValue("cookieName", remembermeCookie);
 			}
-
 			services.setSource(source);
 			servicesName = pc.getReaderContext().generateBeanName(services);
 			pc.registerBeanComponent(new BeanComponentDefinition(services, servicesName));
@@ -171,25 +164,18 @@ class RememberMeBeanDefinitionParser implements BeanDefinitionParser {
 		else {
 			servicesName = rememberMeServicesRef;
 		}
-
 		if (StringUtils.hasText(element.getAttribute(ATT_SERVICES_ALIAS))) {
 			pc.getRegistry().registerAlias(servicesName, element.getAttribute(ATT_SERVICES_ALIAS));
 		}
-
 		this.rememberMeServicesId = servicesName;
-
 		BeanDefinitionBuilder filter = BeanDefinitionBuilder.rootBeanDefinition(RememberMeAuthenticationFilter.class);
 		filter.getRawBeanDefinition().setSource(source);
-
 		if (StringUtils.hasText(successHandlerRef)) {
 			filter.addPropertyReference("authenticationSuccessHandler", successHandlerRef);
 		}
-
 		filter.addConstructorArgValue(this.authenticationManager);
 		filter.addConstructorArgReference(servicesName);
-
 		pc.popAndRegisterContainingComponent();
-
 		return filter.getBeanDefinition();
 	}
 
diff --git a/config/src/main/java/org/springframework/security/config/http/SessionCreationPolicy.java b/config/src/main/java/org/springframework/security/config/http/SessionCreationPolicy.java
index 5b67d82ba1..74beef711d 100644
--- a/config/src/main/java/org/springframework/security/config/http/SessionCreationPolicy.java
+++ b/config/src/main/java/org/springframework/security/config/http/SessionCreationPolicy.java
@@ -28,15 +28,22 @@ import org.springframework.security.core.context.SecurityContext;
  */
 public enum SessionCreationPolicy {
 
-	/** Always create an {@link HttpSession} */
+	/**
+	 * Always create an {@link HttpSession}
+	 */
 	ALWAYS,
+
 	/**
 	 * Spring Security will never create an {@link HttpSession}, but will use the
 	 * {@link HttpSession} if it already exists
 	 */
 	NEVER,
-	/** Spring Security will only create an {@link HttpSession} if required */
+
+	/**
+	 * Spring Security will only create an {@link HttpSession} if required
+	 */
 	IF_REQUIRED,
+
 	/**
 	 * Spring Security will never create an {@link HttpSession} and it will never use it
 	 * to obtain the {@link SecurityContext}
diff --git a/config/src/main/java/org/springframework/security/config/http/UserDetailsServiceFactoryBean.java b/config/src/main/java/org/springframework/security/config/http/UserDetailsServiceFactoryBean.java
index 48000087d1..851416c3f8 100644
--- a/config/src/main/java/org/springframework/security/config/http/UserDetailsServiceFactoryBean.java
+++ b/config/src/main/java/org/springframework/security/config/http/UserDetailsServiceFactoryBean.java
@@ -46,7 +46,6 @@ public class UserDetailsServiceFactoryBean implements ApplicationContextAware {
 		if (!StringUtils.hasText(id)) {
 			return getUserDetailsService();
 		}
-
 		return (UserDetailsService) this.beanFactory.getBean(id);
 	}
 
@@ -56,21 +55,17 @@ public class UserDetailsServiceFactoryBean implements ApplicationContextAware {
 		}
 		// Overwrite with the caching version if available
 		String cachingId = id + AbstractUserDetailsServiceBeanDefinitionParser.CACHING_SUFFIX;
-
 		if (this.beanFactory.containsBeanDefinition(cachingId)) {
 			return (UserDetailsService) this.beanFactory.getBean(cachingId);
 		}
-
 		return (UserDetailsService) this.beanFactory.getBean(id);
 	}
 
 	@SuppressWarnings("unchecked")
 	AuthenticationUserDetailsService authenticationUserDetailsService(String name) {
 		UserDetailsService uds;
-
 		if (!StringUtils.hasText(name)) {
 			Map<String, ?> beans = getBeansOfType(AuthenticationUserDetailsService.class);
-
 			if (!beans.isEmpty()) {
 				if (beans.size() > 1) {
 					throw new ApplicationContextException("More than one AuthenticationUserDetailsService registered."
@@ -78,18 +73,15 @@ public class UserDetailsServiceFactoryBean implements ApplicationContextAware {
 				}
 				return (AuthenticationUserDetailsService) beans.values().toArray()[0];
 			}
-
 			uds = getUserDetailsService();
 		}
 		else {
 			Object bean = this.beanFactory.getBean(name);
-
 			if (bean instanceof AuthenticationUserDetailsService) {
 				return (AuthenticationUserDetailsService) bean;
 			}
 			else if (bean instanceof UserDetailsService) {
 				uds = cachingUserDetailsService(name);
-
 				if (uds == null) {
 					uds = (UserDetailsService) bean;
 				}
@@ -99,7 +91,6 @@ public class UserDetailsServiceFactoryBean implements ApplicationContextAware {
 						"Bean '" + name + "' must be a UserDetailsService or an" + " AuthenticationUserDetailsService");
 			}
 		}
-
 		return new UserDetailsByNameServiceWrapper(uds);
 	}
 
@@ -110,20 +101,16 @@ public class UserDetailsServiceFactoryBean implements ApplicationContextAware {
 	 */
 	private UserDetailsService getUserDetailsService() {
 		Map<String, ?> beans = getBeansOfType(CachingUserDetailsService.class);
-
 		if (beans.size() == 0) {
 			beans = getBeansOfType(UserDetailsService.class);
 		}
-
 		if (beans.size() == 0) {
 			throw new ApplicationContextException("No UserDetailsService registered.");
-
 		}
-		else if (beans.size() > 1) {
+		if (beans.size() > 1) {
 			throw new ApplicationContextException("More than one UserDetailsService registered. Please "
 					+ "use a specific Id reference in <remember-me/> <openid-login/> or <x509 /> elements.");
 		}
-
 		return (UserDetailsService) beans.values().toArray()[0];
 	}
 
@@ -134,7 +121,6 @@ public class UserDetailsServiceFactoryBean implements ApplicationContextAware {
 
 	private Map<String, ?> getBeansOfType(Class<?> type) {
 		Map<String, ?> beans = this.beanFactory.getBeansOfType(type);
-
 		// Check ancestor bean factories if they exist and the current one has none of the
 		// required type
 		BeanFactory parent = this.beanFactory.getParentBeanFactory();
@@ -149,7 +135,6 @@ public class UserDetailsServiceFactoryBean implements ApplicationContextAware {
 				break;
 			}
 		}
-
 		return beans;
 	}
 
diff --git a/config/src/main/java/org/springframework/security/config/ldap/ContextSourceSettingPostProcessor.java b/config/src/main/java/org/springframework/security/config/ldap/ContextSourceSettingPostProcessor.java
index b97dd909a1..1a7b5e72b7 100644
--- a/config/src/main/java/org/springframework/security/config/ldap/ContextSourceSettingPostProcessor.java
+++ b/config/src/main/java/org/springframework/security/config/ldap/ContextSourceSettingPostProcessor.java
@@ -50,37 +50,34 @@ public class ContextSourceSettingPostProcessor implements BeanFactoryPostProcess
 
 	@Override
 	public void postProcessBeanFactory(ConfigurableListableBeanFactory bf) throws BeansException {
-		Class<?> contextSourceClass;
-
-		try {
-			contextSourceClass = ClassUtils.forName(REQUIRED_CONTEXT_SOURCE_CLASS_NAME,
-					ClassUtils.getDefaultClassLoader());
-		}
-		catch (ClassNotFoundException ex) {
-			throw new ApplicationContextException("Couldn't locate: " + REQUIRED_CONTEXT_SOURCE_CLASS_NAME + ". "
-					+ " If you are using LDAP with Spring Security, please ensure that you include the spring-ldap "
-					+ "jar file in your application", ex);
-		}
-
+		Class<?> contextSourceClass = getContextSourceClass();
 		String[] sources = bf.getBeanNamesForType(contextSourceClass, false, false);
-
 		if (sources.length == 0) {
 			throw new ApplicationContextException("No BaseLdapPathContextSource instances found. Have you "
 					+ "added an <" + Elements.LDAP_SERVER + " /> element to your application context? If you have "
 					+ "declared an explicit bean, do not use lazy-init");
 		}
-
 		if (!bf.containsBean(BeanIds.CONTEXT_SOURCE) && this.defaultNameRequired) {
 			if (sources.length > 1) {
 				throw new ApplicationContextException("More than one BaseLdapPathContextSource instance found. "
 						+ "Please specify a specific server id using the 'server-ref' attribute when configuring your <"
 						+ Elements.LDAP_PROVIDER + "> " + "or <" + Elements.LDAP_USER_SERVICE + ">.");
 			}
-
 			bf.registerAlias(sources[0], BeanIds.CONTEXT_SOURCE);
 		}
 	}
 
+	private Class<?> getContextSourceClass() throws LinkageError {
+		try {
+			return ClassUtils.forName(REQUIRED_CONTEXT_SOURCE_CLASS_NAME, ClassUtils.getDefaultClassLoader());
+		}
+		catch (ClassNotFoundException ex) {
+			throw new ApplicationContextException("Couldn't locate: " + REQUIRED_CONTEXT_SOURCE_CLASS_NAME + ". "
+					+ " If you are using LDAP with Spring Security, please ensure that you include the spring-ldap "
+					+ "jar file in your application", ex);
+		}
+	}
+
 	public void setDefaultNameRequired(boolean defaultNameRequired) {
 		this.defaultNameRequired = defaultNameRequired;
 	}
diff --git a/config/src/main/java/org/springframework/security/config/ldap/LdapProviderBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/ldap/LdapProviderBeanDefinitionParser.java
index 201ac0aa7f..3e735458f4 100644
--- a/config/src/main/java/org/springframework/security/config/ldap/LdapProviderBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/ldap/LdapProviderBeanDefinitionParser.java
@@ -49,19 +49,18 @@ public class LdapProviderBeanDefinitionParser implements BeanDefinitionParser {
 	private static final String DEF_USER_SEARCH_FILTER = "uid={0}";
 
 	static final String PROVIDER_CLASS = "org.springframework.security.ldap.authentication.LdapAuthenticationProvider";
+
 	static final String BIND_AUTH_CLASS = "org.springframework.security.ldap.authentication.BindAuthenticator";
+
 	static final String PASSWD_AUTH_CLASS = "org.springframework.security.ldap.authentication.PasswordComparisonAuthenticator";
 
 	@Override
 	public BeanDefinition parse(Element elt, ParserContext parserContext) {
 		RuntimeBeanReference contextSource = LdapUserServiceBeanDefinitionParser.parseServerReference(elt,
 				parserContext);
-
 		BeanDefinition searchBean = LdapUserServiceBeanDefinitionParser.parseSearchBean(elt, parserContext);
 		String userDnPattern = elt.getAttribute(ATT_USER_DN_PATTERN);
-
 		String[] userDnPatternArray = new String[0];
-
 		if (StringUtils.hasText(userDnPattern)) {
 			userDnPatternArray = new String[] { userDnPattern };
 			// TODO: Validate the pattern and make sure it is a valid DN.
@@ -77,22 +76,17 @@ public class LdapProviderBeanDefinitionParser implements BeanDefinitionParser {
 			searchBeanBuilder.addConstructorArgValue(contextSource);
 			searchBean = searchBeanBuilder.getBeanDefinition();
 		}
-
 		BeanDefinitionBuilder authenticatorBuilder = BeanDefinitionBuilder.rootBeanDefinition(BIND_AUTH_CLASS);
 		Element passwordCompareElt = DomUtils.getChildElementByTagName(elt, Elements.LDAP_PASSWORD_COMPARE);
-
 		if (passwordCompareElt != null) {
 			authenticatorBuilder = BeanDefinitionBuilder.rootBeanDefinition(PASSWD_AUTH_CLASS);
-
 			String passwordAttribute = passwordCompareElt.getAttribute(ATT_USER_PASSWORD);
 			if (StringUtils.hasText(passwordAttribute)) {
 				authenticatorBuilder.addPropertyValue("passwordAttributeName", passwordAttribute);
 			}
-
 			Element passwordEncoderElement = DomUtils.getChildElementByTagName(passwordCompareElt,
 					Elements.PASSWORD_ENCODER);
 			String hash = passwordCompareElt.getAttribute(ATT_HASH);
-
 			if (passwordEncoderElement != null) {
 				if (StringUtils.hasText(hash)) {
 					parserContext.getReaderContext().warning(
@@ -107,21 +101,17 @@ public class LdapProviderBeanDefinitionParser implements BeanDefinitionParser {
 						PasswordEncoderParser.createPasswordEncoderBeanDefinition(hash, false));
 			}
 		}
-
 		authenticatorBuilder.addConstructorArgValue(contextSource);
 		authenticatorBuilder.addPropertyValue("userDnPatterns", userDnPatternArray);
-
 		if (searchBean != null) {
 			authenticatorBuilder.addPropertyValue("userSearch", searchBean);
 		}
-
 		BeanDefinitionBuilder ldapProvider = BeanDefinitionBuilder.rootBeanDefinition(PROVIDER_CLASS);
 		ldapProvider.addConstructorArgValue(authenticatorBuilder.getBeanDefinition());
 		ldapProvider.addConstructorArgValue(
 				LdapUserServiceBeanDefinitionParser.parseAuthoritiesPopulator(elt, parserContext));
 		ldapProvider.addPropertyValue("userDetailsContextMapper",
 				LdapUserServiceBeanDefinitionParser.parseUserDetailsClassOrUserMapperRef(elt, parserContext));
-
 		return ldapProvider.getBeanDefinition();
 	}
 
diff --git a/config/src/main/java/org/springframework/security/config/ldap/LdapServerBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/ldap/LdapServerBeanDefinitionParser.java
index 40526d31e6..3da012c375 100644
--- a/config/src/main/java/org/springframework/security/config/ldap/LdapServerBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/ldap/LdapServerBeanDefinitionParser.java
@@ -89,9 +89,7 @@ public class LdapServerBeanDefinitionParser implements BeanDefinitionParser {
 	@Override
 	public BeanDefinition parse(Element elt, ParserContext parserContext) {
 		String url = elt.getAttribute(ATT_URL);
-
 		RootBeanDefinition contextSource;
-
 		if (!StringUtils.hasText(url)) {
 			contextSource = createEmbeddedServer(elt, parserContext);
 		}
@@ -100,28 +98,20 @@ public class LdapServerBeanDefinitionParser implements BeanDefinitionParser {
 			contextSource.setBeanClassName(CONTEXT_SOURCE_CLASS);
 			contextSource.getConstructorArgumentValues().addIndexedArgumentValue(0, url);
 		}
-
 		contextSource.setSource(parserContext.extractSource(elt));
-
 		String managerDn = elt.getAttribute(ATT_PRINCIPAL);
 		String managerPassword = elt.getAttribute(ATT_PASSWORD);
-
 		if (StringUtils.hasText(managerDn)) {
 			if (!StringUtils.hasText(managerPassword)) {
 				parserContext.getReaderContext()
 						.error("You must specify the " + ATT_PASSWORD + " if you supply a " + managerDn, elt);
 			}
-
 			contextSource.getPropertyValues().addPropertyValue("userDn", managerDn);
 			contextSource.getPropertyValues().addPropertyValue("password", managerPassword);
 		}
-
 		String id = elt.getAttribute(AbstractBeanDefinitionParser.ID_ATTRIBUTE);
-
 		String contextSourceId = StringUtils.hasText(id) ? id : BeanIds.CONTEXT_SOURCE;
-
 		parserContext.getRegistry().registerBeanDefinition(contextSourceId, contextSource);
-
 		return null;
 	}
 
@@ -136,52 +126,40 @@ public class LdapServerBeanDefinitionParser implements BeanDefinitionParser {
 	 */
 	private RootBeanDefinition createEmbeddedServer(Element element, ParserContext parserContext) {
 		Object source = parserContext.extractSource(element);
-
 		String suffix = element.getAttribute(ATT_ROOT_SUFFIX);
-
 		if (!StringUtils.hasText(suffix)) {
 			suffix = OPT_DEFAULT_ROOT_SUFFIX;
 		}
-
 		BeanDefinitionBuilder contextSource = BeanDefinitionBuilder.rootBeanDefinition(CONTEXT_SOURCE_CLASS);
 		contextSource.addConstructorArgValue(suffix);
 		contextSource.addPropertyValue("userDn", "uid=admin,ou=system");
 		contextSource.addPropertyValue("password", "secret");
-
 		BeanDefinition embeddedLdapServerConfigBean = BeanDefinitionBuilder
 				.rootBeanDefinition(EmbeddedLdapServerConfigBean.class).getBeanDefinition();
 		String embeddedLdapServerConfigBeanName = parserContext.getReaderContext()
 				.generateBeanName(embeddedLdapServerConfigBean);
-
 		parserContext.registerBeanComponent(
 				new BeanComponentDefinition(embeddedLdapServerConfigBean, embeddedLdapServerConfigBeanName));
-
 		contextSource.setFactoryMethodOnBean("createEmbeddedContextSource", embeddedLdapServerConfigBeanName);
-
 		String mode = element.getAttribute("mode");
 		RootBeanDefinition ldapContainer = getRootBeanDefinition(mode);
 		ldapContainer.setSource(source);
 		ldapContainer.getConstructorArgumentValues().addGenericArgumentValue(suffix);
-
 		String ldifs = element.getAttribute(ATT_LDIF_FILE);
 		if (!StringUtils.hasText(ldifs)) {
 			ldifs = OPT_DEFAULT_LDIF_FILE;
 		}
-
 		ldapContainer.getConstructorArgumentValues().addGenericArgumentValue(ldifs);
 		ldapContainer.getPropertyValues().addPropertyValue("port", getPort(element));
-
 		if (parserContext.getRegistry().containsBeanDefinition(BeanIds.EMBEDDED_APACHE_DS)
 				|| parserContext.getRegistry().containsBeanDefinition(BeanIds.EMBEDDED_UNBOUNDID)) {
 			parserContext.getReaderContext().error("Only one embedded server bean is allowed per application context",
 					element);
 		}
-
 		String beanId = resolveBeanId(mode);
 		if (beanId != null) {
 			parserContext.getRegistry().registerBeanDefinition(beanId, ldapContainer);
 		}
-
 		return (RootBeanDefinition) contextSource.getBeanDefinition();
 	}
 
@@ -189,7 +167,7 @@ public class LdapServerBeanDefinitionParser implements BeanDefinitionParser {
 		if (isApacheDsEnabled(mode)) {
 			return new RootBeanDefinition(APACHEDS_CONTAINER_CLASSNAME, null, null);
 		}
-		else if (isUnboundidEnabled(mode)) {
+		if (isUnboundidEnabled(mode)) {
 			return new RootBeanDefinition(UNBOUNDID_CONTAINER_CLASSNAME, null, null);
 		}
 		throw new IllegalStateException("Embedded LDAP server is not provided");
@@ -199,7 +177,7 @@ public class LdapServerBeanDefinitionParser implements BeanDefinitionParser {
 		if (isApacheDsEnabled(mode)) {
 			return BeanIds.EMBEDDED_APACHE_DS;
 		}
-		else if (isUnboundidEnabled(mode)) {
+		if (isUnboundidEnabled(mode)) {
 			return BeanIds.EMBEDDED_UNBOUNDID;
 		}
 		return null;
@@ -238,22 +216,21 @@ public class LdapServerBeanDefinitionParser implements BeanDefinitionParser {
 
 		@SuppressWarnings("unused")
 		private DefaultSpringSecurityContextSource createEmbeddedContextSource(String suffix) {
-			int port;
+			int port = getPort();
+			String providerUrl = "ldap://127.0.0.1:" + port + "/" + suffix;
+			return new DefaultSpringSecurityContextSource(providerUrl);
+		}
+
+		private int getPort() {
 			if (ClassUtils.isPresent(APACHEDS_CLASSNAME, getClass().getClassLoader())) {
 				ApacheDSContainer apacheDSContainer = this.applicationContext.getBean(ApacheDSContainer.class);
-				port = apacheDSContainer.getLocalPort();
+				return apacheDSContainer.getLocalPort();
 			}
-			else if (ClassUtils.isPresent(UNBOUNID_CLASSNAME, getClass().getClassLoader())) {
+			if (ClassUtils.isPresent(UNBOUNID_CLASSNAME, getClass().getClassLoader())) {
 				UnboundIdContainer unboundIdContainer = this.applicationContext.getBean(UnboundIdContainer.class);
-				port = unboundIdContainer.getPort();
+				return unboundIdContainer.getPort();
 			}
-			else {
-				throw new IllegalStateException("Embedded LDAP server is not provided");
-			}
-
-			String providerUrl = "ldap://127.0.0.1:" + port + "/" + suffix;
-
-			return new DefaultSpringSecurityContextSource(providerUrl);
+			throw new IllegalStateException("Embedded LDAP server is not provided");
 		}
 
 	}
diff --git a/config/src/main/java/org/springframework/security/config/ldap/LdapUserServiceBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/ldap/LdapUserServiceBeanDefinitionParser.java
index aa00b4b019..dec9a6ac41 100644
--- a/config/src/main/java/org/springframework/security/config/ldap/LdapUserServiceBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/ldap/LdapUserServiceBeanDefinitionParser.java
@@ -54,9 +54,13 @@ public class LdapUserServiceBeanDefinitionParser extends AbstractUserDetailsServ
 	public static final String DEF_GROUP_SEARCH_BASE = "";
 
 	static final String ATT_ROLE_PREFIX = "role-prefix";
+
 	static final String ATT_USER_CLASS = "user-details-class";
+
 	static final String ATT_USER_CONTEXT_MAPPER_REF = "user-context-mapper-ref";
+
 	static final String OPT_PERSON = "person";
+
 	static final String OPT_INETORGPERSON = "inetOrgPerson";
 
 	public static final String LDAP_SEARCH_CLASS = "org.springframework.security.ldap.search.FilterBasedLdapUserSearch";
@@ -76,11 +80,9 @@ public class LdapUserServiceBeanDefinitionParser extends AbstractUserDetailsServ
 
 	@Override
 	protected void doParse(Element elt, ParserContext parserContext, BeanDefinitionBuilder builder) {
-
 		if (!StringUtils.hasText(elt.getAttribute(ATT_USER_SEARCH_FILTER))) {
 			parserContext.getReaderContext().error("User search filter must be supplied", elt);
 		}
-
 		builder.addConstructorArgValue(parseSearchBean(elt, parserContext));
 		builder.getRawBeanDefinition().setSource(parserContext.extractSource(elt));
 		builder.addConstructorArgValue(parseAuthoritiesPopulator(elt, parserContext));
@@ -91,7 +93,6 @@ public class LdapUserServiceBeanDefinitionParser extends AbstractUserDetailsServ
 		String userSearchFilter = elt.getAttribute(ATT_USER_SEARCH_FILTER);
 		String userSearchBase = elt.getAttribute(ATT_USER_SEARCH_BASE);
 		Object source = parserContext.extractSource(elt);
-
 		if (StringUtils.hasText(userSearchBase)) {
 			if (!StringUtils.hasText(userSearchFilter)) {
 				parserContext.getReaderContext()
@@ -101,33 +102,27 @@ public class LdapUserServiceBeanDefinitionParser extends AbstractUserDetailsServ
 		else {
 			userSearchBase = DEF_USER_SEARCH_BASE;
 		}
-
 		if (!StringUtils.hasText(userSearchFilter)) {
 			return null;
 		}
-
 		BeanDefinitionBuilder searchBuilder = BeanDefinitionBuilder.rootBeanDefinition(LDAP_SEARCH_CLASS);
 		searchBuilder.getRawBeanDefinition().setSource(source);
 		searchBuilder.addConstructorArgValue(userSearchBase);
 		searchBuilder.addConstructorArgValue(userSearchFilter);
 		searchBuilder.addConstructorArgValue(parseServerReference(elt, parserContext));
-
 		return (RootBeanDefinition) searchBuilder.getBeanDefinition();
 	}
 
 	static RuntimeBeanReference parseServerReference(Element elt, ParserContext parserContext) {
 		String server = elt.getAttribute(ATT_SERVER);
 		boolean requiresDefaultName = false;
-
 		if (!StringUtils.hasText(server)) {
 			server = BeanIds.CONTEXT_SOURCE;
 			requiresDefaultName = true;
 		}
-
 		RuntimeBeanReference contextSource = new RuntimeBeanReference(server);
 		contextSource.setSource(parserContext.extractSource(elt));
 		registerPostProcessorIfNecessary(parserContext.getRegistry(), requiresDefaultName);
-
 		return contextSource;
 	}
 
@@ -139,7 +134,6 @@ public class LdapUserServiceBeanDefinitionParser extends AbstractUserDetailsServ
 			}
 			return;
 		}
-
 		BeanDefinitionBuilder bdb = BeanDefinitionBuilder.rootBeanDefinition(ContextSourceSettingPostProcessor.class);
 		bdb.addPropertyValue("defaultNameRequired", defaultNameRequired);
 		registry.registerBeanDefinition(BeanIds.CONTEXT_SOURCE_SETTING_POST_PROCESSOR, bdb.getBeanDefinition());
@@ -148,65 +142,54 @@ public class LdapUserServiceBeanDefinitionParser extends AbstractUserDetailsServ
 	static BeanMetadataElement parseUserDetailsClassOrUserMapperRef(Element elt, ParserContext parserContext) {
 		String userDetailsClass = elt.getAttribute(ATT_USER_CLASS);
 		String userMapperRef = elt.getAttribute(ATT_USER_CONTEXT_MAPPER_REF);
-
 		if (StringUtils.hasText(userDetailsClass) && StringUtils.hasText(userMapperRef)) {
 			parserContext.getReaderContext().error("Attributes " + ATT_USER_CLASS + " and "
 					+ ATT_USER_CONTEXT_MAPPER_REF + " cannot be used together.", parserContext.extractSource(elt));
 		}
-
 		if (StringUtils.hasText(userMapperRef)) {
 			return new RuntimeBeanReference(userMapperRef);
 		}
-
-		RootBeanDefinition mapper;
-
-		if (OPT_PERSON.equals(userDetailsClass)) {
-			mapper = new RootBeanDefinition(PERSON_MAPPER_CLASS, null, null);
-		}
-		else if (OPT_INETORGPERSON.equals(userDetailsClass)) {
-			mapper = new RootBeanDefinition(INET_ORG_PERSON_MAPPER_CLASS, null, null);
-		}
-		else {
-			mapper = new RootBeanDefinition(LDAP_USER_MAPPER_CLASS, null, null);
-		}
-
+		RootBeanDefinition mapper = getMapper(userDetailsClass);
 		mapper.setSource(parserContext.extractSource(elt));
-
 		return mapper;
 	}
 
+	private static RootBeanDefinition getMapper(String userDetailsClass) {
+		if (OPT_PERSON.equals(userDetailsClass)) {
+			return new RootBeanDefinition(PERSON_MAPPER_CLASS, null, null);
+		}
+		if (OPT_INETORGPERSON.equals(userDetailsClass)) {
+			return new RootBeanDefinition(INET_ORG_PERSON_MAPPER_CLASS, null, null);
+		}
+		return new RootBeanDefinition(LDAP_USER_MAPPER_CLASS, null, null);
+	}
+
 	static RootBeanDefinition parseAuthoritiesPopulator(Element elt, ParserContext parserContext) {
 		String groupSearchFilter = elt.getAttribute(ATT_GROUP_SEARCH_FILTER);
 		String groupSearchBase = elt.getAttribute(ATT_GROUP_SEARCH_BASE);
 		String groupRoleAttribute = elt.getAttribute(ATT_GROUP_ROLE_ATTRIBUTE);
 		String rolePrefix = elt.getAttribute(ATT_ROLE_PREFIX);
-
 		if (!StringUtils.hasText(groupSearchFilter)) {
 			groupSearchFilter = DEF_GROUP_SEARCH_FILTER;
 		}
-
 		if (!StringUtils.hasText(groupSearchBase)) {
 			groupSearchBase = DEF_GROUP_SEARCH_BASE;
 		}
-
 		BeanDefinitionBuilder populator = BeanDefinitionBuilder.rootBeanDefinition(LDAP_AUTHORITIES_POPULATOR_CLASS);
 		populator.getRawBeanDefinition().setSource(parserContext.extractSource(elt));
 		populator.addConstructorArgValue(parseServerReference(elt, parserContext));
 		populator.addConstructorArgValue(groupSearchBase);
 		populator.addPropertyValue("groupSearchFilter", groupSearchFilter);
 		populator.addPropertyValue("searchSubtree", Boolean.TRUE);
-
 		if (StringUtils.hasText(rolePrefix)) {
 			if ("none".equals(rolePrefix)) {
 				rolePrefix = "";
 			}
 			populator.addPropertyValue("rolePrefix", rolePrefix);
 		}
-
 		if (StringUtils.hasLength(groupRoleAttribute)) {
 			populator.addPropertyValue("groupRoleAttribute", groupRoleAttribute);
 		}
-
 		return (RootBeanDefinition) populator.getBeanDefinition();
 	}
 
diff --git a/config/src/main/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParser.java
index fde8ab1571..c87b32e169 100644
--- a/config/src/main/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParser.java
@@ -48,6 +48,7 @@ import org.springframework.beans.factory.xml.BeanDefinitionParser;
 import org.springframework.beans.factory.xml.ParserContext;
 import org.springframework.context.ApplicationContext;
 import org.springframework.context.ApplicationContextAware;
+import org.springframework.core.log.LogMessage;
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.access.SecurityConfig;
 import org.springframework.security.access.annotation.Jsr250MethodSecurityMetadataSource;
@@ -122,36 +123,28 @@ public class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionP
 		CompositeComponentDefinition compositeDef = new CompositeComponentDefinition(element.getTagName(),
 				pc.extractSource(element));
 		pc.pushContainingComponent(compositeDef);
-
 		Object source = pc.extractSource(element);
 		// The list of method metadata delegates
 		ManagedList<BeanMetadataElement> delegates = new ManagedList<>();
-
 		boolean jsr250Enabled = "enabled".equals(element.getAttribute(ATT_USE_JSR250));
 		boolean useSecured = "enabled".equals(element.getAttribute(ATT_USE_SECURED));
 		boolean prePostAnnotationsEnabled = "enabled".equals(element.getAttribute(ATT_USE_PREPOST));
 		boolean useAspectJ = "aspectj".equals(element.getAttribute(ATT_MODE));
-
 		BeanDefinition preInvocationVoter = null;
 		ManagedList<BeanMetadataElement> afterInvocationProviders = new ManagedList<>();
-
 		// Check for an external SecurityMetadataSource, which takes priority over other
 		// sources
 		String metaDataSourceId = element.getAttribute(ATT_META_DATA_SOURCE_REF);
-
 		if (StringUtils.hasText(metaDataSourceId)) {
 			delegates.add(new RuntimeBeanReference(metaDataSourceId));
 		}
-
 		if (prePostAnnotationsEnabled) {
 			Element prePostElt = DomUtils.getChildElementByTagName(element, Elements.INVOCATION_HANDLING);
 			Element expressionHandlerElt = DomUtils.getChildElementByTagName(element, Elements.EXPRESSION_HANDLER);
-
 			if (prePostElt != null && expressionHandlerElt != null) {
 				pc.getReaderContext().error(Elements.INVOCATION_HANDLING + " and " + Elements.EXPRESSION_HANDLER
 						+ " cannot be used together ", source);
 			}
-
 			BeanDefinitionBuilder preInvocationVoterBldr = BeanDefinitionBuilder
 					.rootBeanDefinition(PreInvocationAuthorizationAdviceVoter.class);
 			// After-invocation provider to handle post-invocation filtering and
@@ -161,7 +154,6 @@ public class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionP
 			// The metadata source for the security interceptor
 			BeanDefinitionBuilder mds = BeanDefinitionBuilder
 					.rootBeanDefinition(PrePostAnnotationSecurityMetadataSource.class);
-
 			if (prePostElt != null) {
 				// Customized override of expression handling system
 				String attributeFactoryRef = DomUtils
@@ -171,7 +163,6 @@ public class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionP
 						.getAttribute("ref");
 				String postAdviceRef = DomUtils.getChildElementByTagName(prePostElt, Elements.POST_INVOCATION_ADVICE)
 						.getAttribute("ref");
-
 				mds.addConstructorArgReference(attributeFactoryRef);
 				preInvocationVoterBldr.addConstructorArgReference(preAdviceRef);
 				afterInvocationBldr.addConstructorArgReference(postAdviceRef);
@@ -180,80 +171,65 @@ public class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionP
 				// The default expression-based system
 				String expressionHandlerRef = (expressionHandlerElt != null) ? expressionHandlerElt.getAttribute("ref")
 						: null;
-
 				if (StringUtils.hasText(expressionHandlerRef)) {
-					this.logger.info(
-							"Using bean '" + expressionHandlerRef + "' as method ExpressionHandler implementation");
+					this.logger.info(LogMessage.format("Using bean '%s' as method ExpressionHandler implementation",
+							expressionHandlerRef));
 					RootBeanDefinition lazyInitPP = new RootBeanDefinition(
 							LazyInitBeanDefinitionRegistryPostProcessor.class);
 					lazyInitPP.getConstructorArgumentValues().addGenericArgumentValue(expressionHandlerRef);
 					pc.getReaderContext().registerWithGeneratedName(lazyInitPP);
-
 					BeanDefinitionBuilder lazyMethodSecurityExpressionHandlerBldr = BeanDefinitionBuilder
 							.rootBeanDefinition(LazyInitTargetSource.class);
 					lazyMethodSecurityExpressionHandlerBldr.addPropertyValue("targetBeanName", expressionHandlerRef);
-
 					BeanDefinitionBuilder expressionHandlerProxyBldr = BeanDefinitionBuilder
 							.rootBeanDefinition(ProxyFactoryBean.class);
 					expressionHandlerProxyBldr.addPropertyValue("targetSource",
 							lazyMethodSecurityExpressionHandlerBldr.getBeanDefinition());
 					expressionHandlerProxyBldr.addPropertyValue("proxyInterfaces",
 							MethodSecurityExpressionHandler.class);
-
 					expressionHandlerRef = pc.getReaderContext()
 							.generateBeanName(expressionHandlerProxyBldr.getBeanDefinition());
-
 					pc.registerBeanComponent(new BeanComponentDefinition(expressionHandlerProxyBldr.getBeanDefinition(),
 							expressionHandlerRef));
 				}
 				else {
 					RootBeanDefinition expressionHandler = registerWithDefaultRolePrefix(pc,
 							DefaultMethodSecurityExpressionHandlerBeanFactory.class);
-
 					expressionHandlerRef = pc.getReaderContext().generateBeanName(expressionHandler);
 					pc.registerBeanComponent(new BeanComponentDefinition(expressionHandler, expressionHandlerRef));
-					this.logger.info(
-							"Expressions were enabled for method security but no SecurityExpressionHandler was configured. "
-									+ "All hasPermission() expressions will evaluate to false.");
+					this.logger.info("Expressions were enabled for method security but no SecurityExpressionHandler "
+							+ "was configured. All hasPermission() expressions will evaluate to false.");
 				}
-
 				BeanDefinitionBuilder expressionPreAdviceBldr = BeanDefinitionBuilder
 						.rootBeanDefinition(ExpressionBasedPreInvocationAdvice.class);
 				expressionPreAdviceBldr.addPropertyReference("expressionHandler", expressionHandlerRef);
 				preInvocationVoterBldr.addConstructorArgValue(expressionPreAdviceBldr.getBeanDefinition());
-
 				BeanDefinitionBuilder expressionPostAdviceBldr = BeanDefinitionBuilder
 						.rootBeanDefinition(ExpressionBasedPostInvocationAdvice.class);
 				expressionPostAdviceBldr.addConstructorArgReference(expressionHandlerRef);
 				afterInvocationBldr.addConstructorArgValue(expressionPostAdviceBldr.getBeanDefinition());
-
 				BeanDefinitionBuilder annotationInvocationFactory = BeanDefinitionBuilder
 						.rootBeanDefinition(ExpressionBasedAnnotationAttributeFactory.class);
 				annotationInvocationFactory.addConstructorArgReference(expressionHandlerRef);
 				mds.addConstructorArgValue(annotationInvocationFactory.getBeanDefinition());
 			}
-
 			preInvocationVoter = preInvocationVoterBldr.getBeanDefinition();
 			afterInvocationProviders.add(afterInvocationBldr.getBeanDefinition());
 			delegates.add(mds.getBeanDefinition());
 		}
-
 		if (useSecured) {
 			delegates.add(BeanDefinitionBuilder.rootBeanDefinition(SecuredAnnotationSecurityMetadataSource.class)
 					.getBeanDefinition());
 		}
-
 		if (jsr250Enabled) {
 			RootBeanDefinition jsrMetadataSource = registerWithDefaultRolePrefix(pc,
 					Jsr250MethodSecurityMetadataSourceBeanFactory.class);
 			delegates.add(jsrMetadataSource);
 		}
-
 		// Now create a Map<String, ConfigAttribute> for each <protect-pointcut>
 		// sub-element
 		Map<String, List<ConfigAttribute>> pointcutMap = parseProtectPointcuts(pc,
 				DomUtils.getChildElementsByTagName(element, Elements.PROTECT_POINTCUT));
-
 		if (pointcutMap.size() > 0) {
 			if (useAspectJ) {
 				pc.getReaderContext().error("You can't use AspectJ mode with protect-pointcut definitions", source);
@@ -262,34 +238,25 @@ public class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionP
 			BeanDefinition mapBasedMetadataSource = new RootBeanDefinition(MapBasedMethodSecurityMetadataSource.class);
 			BeanReference ref = new RuntimeBeanReference(
 					pc.getReaderContext().generateBeanName(mapBasedMetadataSource));
-
 			delegates.add(ref);
 			pc.registerBeanComponent(new BeanComponentDefinition(mapBasedMetadataSource, ref.getBeanName()));
 			registerProtectPointcutPostProcessor(pc, pointcutMap, ref, source);
 		}
-
 		BeanReference metadataSource = registerDelegatingMethodSecurityMetadataSource(pc, delegates, source);
-
 		// Check for additional after-invocation-providers..
 		List<Element> afterInvocationElts = DomUtils.getChildElementsByTagName(element,
 				Elements.AFTER_INVOCATION_PROVIDER);
-
 		for (Element elt : afterInvocationElts) {
 			afterInvocationProviders.add(new RuntimeBeanReference(elt.getAttribute(ATT_REF)));
 		}
-
 		String accessManagerId = element.getAttribute(ATT_ACCESS_MGR);
-
 		if (!StringUtils.hasText(accessManagerId)) {
 			accessManagerId = registerAccessManager(pc, jsr250Enabled, preInvocationVoter);
 		}
-
 		String authMgrRef = element.getAttribute(ATT_AUTHENTICATION_MANAGER_REF);
-
 		String runAsManagerId = element.getAttribute(ATT_RUN_AS_MGR);
 		BeanReference interceptor = registerMethodSecurityInterceptor(pc, authMgrRef, accessManagerId, runAsManagerId,
 				metadataSource, afterInvocationProviders, source, useAspectJ);
-
 		if (useAspectJ) {
 			BeanDefinitionBuilder aspect = BeanDefinitionBuilder.rootBeanDefinition(
 					"org.springframework.security.access.intercept.aspectj.aspect.AnnotationSecurityAspect");
@@ -303,9 +270,7 @@ public class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionP
 			registerAdvisor(pc, interceptor, metadataSource, source, element.getAttribute(ATT_ADVICE_ORDER));
 			AopNamespaceUtils.registerAutoProxyCreatorIfNecessary(pc, element);
 		}
-
 		pc.popAndRegisterContainingComponent();
-
 		return null;
 	}
 
@@ -316,26 +281,20 @@ public class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionP
 	 */
 	@SuppressWarnings({ "unchecked", "rawtypes" })
 	private String registerAccessManager(ParserContext pc, boolean jsr250Enabled, BeanDefinition expressionVoter) {
-
 		BeanDefinitionBuilder accessMgrBuilder = BeanDefinitionBuilder.rootBeanDefinition(AffirmativeBased.class);
 		ManagedList voters = new ManagedList(4);
-
 		if (expressionVoter != null) {
 			voters.add(expressionVoter);
 		}
 		voters.add(new RootBeanDefinition(RoleVoter.class));
 		voters.add(new RootBeanDefinition(AuthenticatedVoter.class));
-
 		if (jsr250Enabled) {
 			voters.add(new RootBeanDefinition(Jsr250Voter.class));
 		}
-
 		accessMgrBuilder.addConstructorArgValue(voters);
-
 		BeanDefinition accessManager = accessMgrBuilder.getBeanDefinition();
 		String id = pc.getReaderContext().generateBeanName(accessManager);
 		pc.registerBeanComponent(new BeanComponentDefinition(accessManager, id));
-
 		return id;
 	}
 
@@ -346,7 +305,6 @@ public class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionP
 				DelegatingMethodSecurityMetadataSource.class);
 		delegatingMethodSecurityMetadataSource.setSource(source);
 		delegatingMethodSecurityMetadataSource.getConstructorArgumentValues().addGenericArgumentValue(delegates);
-
 		String id = pc.getReaderContext().generateBeanName(delegatingMethodSecurityMetadataSource);
 		pc.registerBeanComponent(new BeanComponentDefinition(delegatingMethodSecurityMetadataSource, id));
 
@@ -367,31 +325,24 @@ public class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionP
 	private Map<String, List<ConfigAttribute>> parseProtectPointcuts(ParserContext parserContext,
 			List<Element> protectPointcutElts) {
 		Map<String, List<ConfigAttribute>> pointcutMap = new LinkedHashMap<>();
-
 		for (Element childElt : protectPointcutElts) {
 			String accessConfig = childElt.getAttribute(ATT_ACCESS);
 			String expression = childElt.getAttribute(ATT_EXPRESSION);
-
 			if (!StringUtils.hasText(accessConfig)) {
 				parserContext.getReaderContext().error("Access configuration required",
 						parserContext.extractSource(childElt));
 			}
-
 			if (!StringUtils.hasText(expression)) {
 				parserContext.getReaderContext().error("Pointcut expression required",
 						parserContext.extractSource(childElt));
 			}
-
 			String[] attributeTokens = StringUtils.commaDelimitedListToStringArray(accessConfig);
 			List<ConfigAttribute> attributes = new ArrayList<>(attributeTokens.length);
-
 			for (String token : attributeTokens) {
 				attributes.add(new SecurityConfig(token));
 			}
-
 			pointcutMap.put(expression, attributes);
 		}
-
 		return pointcutMap;
 	}
 
@@ -406,22 +357,18 @@ public class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionP
 		authMgr.getConstructorArgumentValues().addGenericArgumentValue(authMgrRef);
 		bldr.addPropertyValue("authenticationManager", authMgr);
 		bldr.addPropertyValue("securityMetadataSource", metadataSource);
-
 		if (StringUtils.hasText(runAsManagerId)) {
 			bldr.addPropertyReference("runAsManager", runAsManagerId);
 		}
-
 		if (!afterInvocationProviders.isEmpty()) {
 			BeanDefinition afterInvocationManager;
 			afterInvocationManager = new RootBeanDefinition(AfterInvocationProviderManager.class);
 			afterInvocationManager.getPropertyValues().addPropertyValue("providers", afterInvocationProviders);
 			bldr.addPropertyValue("afterInvocationManager", afterInvocationManager);
 		}
-
 		BeanDefinition bean = bldr.getBeanDefinition();
 		String id = pc.getReaderContext().generateBeanName(bean);
 		pc.registerBeanComponent(new BeanComponentDefinition(bean, id));
-
 		return new RuntimeBeanReference(id);
 	}
 
@@ -431,11 +378,9 @@ public class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionP
 			parserContext.getReaderContext().error("Duplicate <global-method-security> detected.", source);
 		}
 		RootBeanDefinition advisor = new RootBeanDefinition(MethodSecurityMetadataSourceAdvisor.class);
-
 		if (StringUtils.hasText(adviceOrder)) {
 			advisor.getPropertyValues().addPropertyValue("order", adviceOrder);
 		}
-
 		// advisor must be an infrastructure bean as Spring's
 		// InfrastructureAdvisorAutoProxyCreator will ignore it
 		// otherwise
@@ -444,7 +389,6 @@ public class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionP
 		advisor.getConstructorArgumentValues().addGenericArgumentValue(interceptor.getBeanName());
 		advisor.getConstructorArgumentValues().addGenericArgumentValue(metadataSource);
 		advisor.getConstructorArgumentValues().addGenericArgumentValue(metadataSource.getBeanName());
-
 		parserContext.getRegistry().registerBeanDefinition(BeanIds.METHOD_SECURITY_METADATA_SOURCE_ADVISOR, advisor);
 	}
 
@@ -453,7 +397,6 @@ public class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionP
 		RootBeanDefinition beanFactoryDefinition = new RootBeanDefinition(beanFactoryClass);
 		String beanFactoryRef = pc.getReaderContext().generateBeanName(beanFactoryDefinition);
 		pc.getRegistry().registerBeanDefinition(beanFactoryRef, beanFactoryDefinition);
-
 		RootBeanDefinition bean = new RootBeanDefinition();
 		bean.setFactoryBeanName(beanFactoryRef);
 		bean.setFactoryMethodName("getBean");
@@ -499,7 +442,6 @@ public class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionP
 					}
 				}
 			}
-
 			return this.delegate.authenticate(authentication);
 		}
 
diff --git a/config/src/main/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecorator.java b/config/src/main/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecorator.java
index 3d6cb881a6..ca4a87b477 100644
--- a/config/src/main/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecorator.java
+++ b/config/src/main/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecorator.java
@@ -52,7 +52,6 @@ public class InterceptMethodsBeanDefinitionDecorator implements BeanDefinitionDe
 	@Override
 	public BeanDefinitionHolder decorate(Node node, BeanDefinitionHolder definition, ParserContext parserContext) {
 		MethodConfigUtils.registerDefaultMethodAccessManagerIfNecessary(parserContext);
-
 		return this.delegate.decorate(node, definition, parserContext);
 	}
 
@@ -64,6 +63,7 @@ public class InterceptMethodsBeanDefinitionDecorator implements BeanDefinitionDe
 			extends AbstractInterceptorDrivenBeanDefinitionDecorator {
 
 		static final String ATT_METHOD = "method";
+
 		static final String ATT_ACCESS = "access";
 
 		private static final String ATT_ACCESS_MGR = "access-decision-manager-ref";
@@ -73,49 +73,36 @@ public class InterceptMethodsBeanDefinitionDecorator implements BeanDefinitionDe
 			Element interceptMethodsElt = (Element) node;
 			BeanDefinitionBuilder interceptor = BeanDefinitionBuilder
 					.rootBeanDefinition(MethodSecurityInterceptor.class);
-
 			// Default to autowiring to pick up after invocation mgr
 			interceptor.setAutowireMode(AbstractBeanDefinition.AUTOWIRE_BY_TYPE);
-
 			String accessManagerId = interceptMethodsElt.getAttribute(ATT_ACCESS_MGR);
-
 			if (!StringUtils.hasText(accessManagerId)) {
 				accessManagerId = BeanIds.METHOD_ACCESS_MANAGER;
 			}
-
 			interceptor.addPropertyValue("accessDecisionManager", new RuntimeBeanReference(accessManagerId));
 			interceptor.addPropertyValue("authenticationManager",
 					new RuntimeBeanReference(BeanIds.AUTHENTICATION_MANAGER));
-
 			// Lookup parent bean information
-
 			String parentBeanClass = ((Element) node.getParentNode()).getAttribute("class");
-
 			// Parse the included methods
 			List<Element> methods = DomUtils.getChildElementsByTagName(interceptMethodsElt, Elements.PROTECT);
 			Map<String, BeanDefinition> mappings = new ManagedMap<>();
-
 			for (Element protectmethodElt : methods) {
 				BeanDefinitionBuilder attributeBuilder = BeanDefinitionBuilder.rootBeanDefinition(SecurityConfig.class);
 				attributeBuilder.setFactoryMethod("createListFromCommaDelimitedString");
 				attributeBuilder.addConstructorArgValue(protectmethodElt.getAttribute(ATT_ACCESS));
-
 				// Support inference of class names
 				String methodName = protectmethodElt.getAttribute(ATT_METHOD);
-
 				if (methodName.lastIndexOf(".") == -1) {
 					if (parentBeanClass != null && !"".equals(parentBeanClass)) {
 						methodName = parentBeanClass + "." + methodName;
 					}
 				}
-
 				mappings.put(methodName, attributeBuilder.getBeanDefinition());
 			}
-
 			BeanDefinition metadataSource = new RootBeanDefinition(MapBasedMethodSecurityMetadataSource.class);
 			metadataSource.getConstructorArgumentValues().addGenericArgumentValue(mappings);
 			interceptor.addPropertyValue("securityMetadataSource", metadataSource);
-
 			return interceptor.getBeanDefinition();
 		}
 
diff --git a/config/src/main/java/org/springframework/security/config/method/MethodConfigUtils.java b/config/src/main/java/org/springframework/security/config/method/MethodConfigUtils.java
index eb21d3b94c..f951d01446 100644
--- a/config/src/main/java/org/springframework/security/config/method/MethodConfigUtils.java
+++ b/config/src/main/java/org/springframework/security/config/method/MethodConfigUtils.java
@@ -46,11 +46,9 @@ abstract class MethodConfigUtils {
 	@SuppressWarnings("unchecked")
 	private static RootBeanDefinition createAccessManagerBean(Class<? extends AccessDecisionVoter>... voters) {
 		ManagedList defaultVoters = new ManagedList(voters.length);
-
 		for (Class<? extends AccessDecisionVoter> voter : voters) {
 			defaultVoters.add(new RootBeanDefinition(voter));
 		}
-
 		BeanDefinitionBuilder accessMgrBuilder = BeanDefinitionBuilder.rootBeanDefinition(AffirmativeBased.class);
 		accessMgrBuilder.addConstructorArgValue(defaultVoters);
 		return (RootBeanDefinition) accessMgrBuilder.getBeanDefinition();
diff --git a/config/src/main/java/org/springframework/security/config/method/MethodSecurityMetadataSourceBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/method/MethodSecurityMetadataSourceBeanDefinitionParser.java
index 606a5a080d..6b0228de93 100644
--- a/config/src/main/java/org/springframework/security/config/method/MethodSecurityMetadataSourceBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/method/MethodSecurityMetadataSourceBeanDefinitionParser.java
@@ -40,6 +40,7 @@ import org.springframework.util.xml.DomUtils;
 public class MethodSecurityMetadataSourceBeanDefinitionParser extends AbstractBeanDefinitionParser {
 
 	static final String ATT_METHOD = "method";
+
 	static final String ATT_ACCESS = "access";
 
 	@Override
@@ -47,17 +48,13 @@ public class MethodSecurityMetadataSourceBeanDefinitionParser extends AbstractBe
 		// Parse the included methods
 		List<Element> methods = DomUtils.getChildElementsByTagName(elt, Elements.PROTECT);
 		Map<String, List<ConfigAttribute>> mappings = new LinkedHashMap<>();
-
 		for (Element protectmethodElt : methods) {
 			String[] tokens = StringUtils.commaDelimitedListToStringArray(protectmethodElt.getAttribute(ATT_ACCESS));
 			String methodName = protectmethodElt.getAttribute(ATT_METHOD);
-
 			mappings.put(methodName, SecurityConfig.createList(tokens));
 		}
-
 		RootBeanDefinition metadataSource = new RootBeanDefinition(MapBasedMethodSecurityMetadataSource.class);
 		metadataSource.getConstructorArgumentValues().addGenericArgumentValue(mappings);
-
 		return metadataSource;
 	}
 
diff --git a/config/src/main/java/org/springframework/security/config/method/ProtectPointcutPostProcessor.java b/config/src/main/java/org/springframework/security/config/method/ProtectPointcutPostProcessor.java
index 8ddecffb07..f35ecc9a88 100644
--- a/config/src/main/java/org/springframework/security/config/method/ProtectPointcutPostProcessor.java
+++ b/config/src/main/java/org/springframework/security/config/method/ProtectPointcutPostProcessor.java
@@ -82,7 +82,6 @@ final class ProtectPointcutPostProcessor implements BeanPostProcessor {
 		Assert.notNull(mapBasedMethodSecurityMetadataSource,
 				"MapBasedMethodSecurityMetadataSource to populate is required");
 		this.mapBasedMethodSecurityMetadataSource = mapBasedMethodSecurityMetadataSource;
-
 		// Set up AspectJ pointcut expression parser
 		Set<PointcutPrimitive> supportedPrimitives = new HashSet<>(3);
 		supportedPrimitives.add(PointcutPrimitive.EXECUTION);
@@ -111,22 +110,13 @@ final class ProtectPointcutPostProcessor implements BeanPostProcessor {
 			// We already have the metadata for this bean
 			return bean;
 		}
-
 		synchronized (this.processedBeans) {
 			// check again synchronized this time
 			if (this.processedBeans.contains(beanName)) {
 				return bean;
 			}
-
 			// Obtain methods for the present bean
-			Method[] methods;
-			try {
-				methods = bean.getClass().getMethods();
-			}
-			catch (Exception ex) {
-				throw new IllegalStateException(ex.getMessage());
-			}
-
+			Method[] methods = getBeanMethods(bean);
 			// Check to see if any of those methods are compatible with our pointcut
 			// expressions
 			for (Method method : methods) {
@@ -139,31 +129,34 @@ final class ProtectPointcutPostProcessor implements BeanPostProcessor {
 					}
 				}
 			}
-
 			this.processedBeans.add(beanName);
 		}
-
 		return bean;
 	}
 
+	private Method[] getBeanMethods(Object bean) {
+		try {
+			return bean.getClass().getMethods();
+		}
+		catch (Exception ex) {
+			throw new IllegalStateException(ex.getMessage());
+		}
+	}
+
 	private boolean attemptMatch(Class<?> targetClass, Method method, PointcutExpression expression, String beanName) {
 		// Determine if the presented AspectJ pointcut expression matches this method
 		boolean matches = expression.matchesMethodExecution(method).alwaysMatches();
-
 		// Handle accordingly
 		if (matches) {
 			List<ConfigAttribute> attr = this.pointcutMap.get(expression.getPointcutExpression());
-
 			if (logger.isDebugEnabled()) {
 				logger.debug("AspectJ pointcut expression '" + expression.getPointcutExpression()
 						+ "' matches target class '" + targetClass.getName() + "' (bean ID '" + beanName
 						+ "') for method '" + method + "'; registering security configuration attribute '" + attr
 						+ "'");
 			}
-
 			this.mapBasedMethodSecurityMetadataSource.addSecureMethod(targetClass, method, attr);
 		}
-
 		return matches;
 	}
 
@@ -182,7 +175,6 @@ final class ProtectPointcutPostProcessor implements BeanPostProcessor {
 		this.pointcutMap.put(pointcutExpression, definition);
 		// Parse the presented AspectJ pointcut expression and add it to the cache
 		this.pointCutExpressions.add(this.parser.parsePointcutExpression(pointcutExpression));
-
 		if (logger.isDebugEnabled()) {
 			logger.debug("AspectJ pointcut expression '" + pointcutExpression
 					+ "' registered for security configuration attribute '" + definition + "'");
diff --git a/config/src/main/java/org/springframework/security/config/oauth2/client/ClientRegistrationsBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/oauth2/client/ClientRegistrationsBeanDefinitionParser.java
index 8b0a0011f2..78fb3543a7 100644
--- a/config/src/main/java/org/springframework/security/config/oauth2/client/ClientRegistrationsBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/oauth2/client/ClientRegistrationsBeanDefinitionParser.java
@@ -87,10 +87,8 @@ public final class ClientRegistrationsBeanDefinitionParser implements BeanDefini
 		CompositeComponentDefinition compositeDef = new CompositeComponentDefinition(element.getTagName(),
 				parserContext.extractSource(element));
 		parserContext.pushContainingComponent(compositeDef);
-
 		Map<String, Map<String, String>> providers = getProviders(element);
 		List<ClientRegistration> clientRegistrations = getClientRegistrations(element, parserContext, providers);
-
 		BeanDefinition clientRegistrationRepositoryBean = BeanDefinitionBuilder
 				.rootBeanDefinition(InMemoryClientRegistrationRepository.class)
 				.addConstructorArgValue(clientRegistrations).getBeanDefinition();
@@ -98,7 +96,6 @@ public final class ClientRegistrationsBeanDefinitionParser implements BeanDefini
 				.generateBeanName(clientRegistrationRepositoryBean);
 		parserContext.registerBeanComponent(
 				new BeanComponentDefinition(clientRegistrationRepositoryBean, clientRegistrationRepositoryId));
-
 		parserContext.popAndRegisterContainingComponent();
 		return null;
 	}
@@ -107,7 +104,6 @@ public final class ClientRegistrationsBeanDefinitionParser implements BeanDefini
 			Map<String, Map<String, String>> providers) {
 		List<Element> clientRegistrationElts = DomUtils.getChildElementsByTagName(element, ELT_CLIENT_REGISTRATION);
 		List<ClientRegistration> clientRegistrations = new ArrayList<>();
-
 		for (Element clientRegistrationElt : clientRegistrationElts) {
 			String registrationId = clientRegistrationElt.getAttribute(ATT_REGISTRATION_ID);
 			String providerId = clientRegistrationElt.getAttribute(ATT_PROVIDER_ID);
@@ -134,14 +130,12 @@ public final class ClientRegistrationsBeanDefinitionParser implements BeanDefini
 			getOptionalIfNotEmpty(clientRegistrationElt.getAttribute(ATT_CLIENT_NAME)).ifPresent(builder::clientName);
 			clientRegistrations.add(builder.build());
 		}
-
 		return clientRegistrations;
 	}
 
 	private Map<String, Map<String, String>> getProviders(Element element) {
 		List<Element> providerElts = DomUtils.getChildElementsByTagName(element, ELT_PROVIDER);
 		Map<String, Map<String, String>> providers = new HashMap<>();
-
 		for (Element providerElt : providerElts) {
 			Map<String, String> provider = new HashMap<>();
 			String providerId = providerElt.getAttribute(ATT_PROVIDER_ID);
@@ -162,7 +156,6 @@ public final class ClientRegistrationsBeanDefinitionParser implements BeanDefini
 					.ifPresent((value) -> provider.put(ATT_ISSUER_URI, value));
 			providers.put(providerId, provider);
 		}
-
 		return providers;
 	}
 
diff --git a/config/src/main/java/org/springframework/security/config/oauth2/client/CommonOAuth2Provider.java b/config/src/main/java/org/springframework/security/config/oauth2/client/CommonOAuth2Provider.java
index ac1ba4b2a8..74cec2b2ca 100644
--- a/config/src/main/java/org/springframework/security/config/oauth2/client/CommonOAuth2Provider.java
+++ b/config/src/main/java/org/springframework/security/config/oauth2/client/CommonOAuth2Provider.java
@@ -48,6 +48,7 @@ public enum CommonOAuth2Provider {
 			builder.clientName("Google");
 			return builder;
 		}
+
 	},
 
 	GITHUB {
@@ -64,6 +65,7 @@ public enum CommonOAuth2Provider {
 			builder.clientName("GitHub");
 			return builder;
 		}
+
 	},
 
 	FACEBOOK {
@@ -80,6 +82,7 @@ public enum CommonOAuth2Provider {
 			builder.clientName("Facebook");
 			return builder;
 		}
+
 	},
 
 	OKTA {
@@ -93,6 +96,7 @@ public enum CommonOAuth2Provider {
 			builder.clientName("Okta");
 			return builder;
 		}
+
 	};
 
 	private static final String DEFAULT_REDIRECT_URL = "{baseUrl}/{action}/oauth2/code/{registrationId}";
diff --git a/config/src/main/java/org/springframework/security/config/web/server/SecurityWebFiltersOrder.java b/config/src/main/java/org/springframework/security/config/web/server/SecurityWebFiltersOrder.java
index 9e64e4483d..101d5b15c5 100644
--- a/config/src/main/java/org/springframework/security/config/web/server/SecurityWebFiltersOrder.java
+++ b/config/src/main/java/org/springframework/security/config/web/server/SecurityWebFiltersOrder.java
@@ -22,43 +22,68 @@ package org.springframework.security.config.web.server;
  */
 public enum SecurityWebFiltersOrder {
 
-	FIRST(Integer.MIN_VALUE), HTTP_HEADERS_WRITER,
+	FIRST(Integer.MIN_VALUE),
+
+	HTTP_HEADERS_WRITER,
+
 	/**
 	 * {@link org.springframework.security.web.server.transport.HttpsRedirectWebFilter}
 	 */
 	HTTPS_REDIRECT,
+
 	/**
 	 * {@link org.springframework.web.cors.reactive.CorsWebFilter}
 	 */
 	CORS,
+
 	/**
 	 * {@link org.springframework.security.web.server.csrf.CsrfWebFilter}
 	 */
 	CSRF,
+
 	/**
 	 * {@link org.springframework.security.web.server.context.ReactorContextWebFilter}
 	 */
 	REACTOR_CONTEXT,
+
 	/**
 	 * Instance of AuthenticationWebFilter
 	 */
 	HTTP_BASIC,
+
 	/**
 	 * Instance of AuthenticationWebFilter
 	 */
 	FORM_LOGIN, AUTHENTICATION,
+
 	/**
 	 * Instance of AnonymousAuthenticationWebFilter
 	 */
-	ANONYMOUS_AUTHENTICATION, OAUTH2_AUTHORIZATION_CODE, LOGIN_PAGE_GENERATING, LOGOUT_PAGE_GENERATING,
+	ANONYMOUS_AUTHENTICATION,
+
+	OAUTH2_AUTHORIZATION_CODE,
+
+	LOGIN_PAGE_GENERATING,
+
+	LOGOUT_PAGE_GENERATING,
+
 	/**
 	 * {@link org.springframework.security.web.server.context.SecurityContextServerWebExchangeWebFilter}
 	 */
 	SECURITY_CONTEXT_SERVER_WEB_EXCHANGE,
+
 	/**
 	 * {@link org.springframework.security.web.server.savedrequest.ServerRequestCacheWebFilter}
 	 */
-	SERVER_REQUEST_CACHE, LOGOUT, EXCEPTION_TRANSLATION, AUTHORIZATION, LAST(Integer.MAX_VALUE);
+	SERVER_REQUEST_CACHE,
+
+	LOGOUT,
+
+	EXCEPTION_TRANSLATION,
+
+	AUTHORIZATION,
+
+	LAST(Integer.MAX_VALUE);
 
 	private static final int INTERVAL = 100;
 
diff --git a/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java b/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java
index 507be8e960..2cbbaeb231 100644
--- a/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java
+++ b/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java
@@ -1536,22 +1536,17 @@ public class ServerHttpSecurity {
 
 		@Override
 		protected Access registerMatcher(ServerWebExchangeMatcher matcher) {
-			if (this.anyExchangeRegistered) {
-				throw new IllegalStateException("Cannot register " + matcher
-						+ " which would be unreachable because anyExchange() has already been registered.");
-			}
-			if (this.matcher != null) {
-				throw new IllegalStateException("The matcher " + matcher + " does not have an access rule defined");
-			}
+			Assert.state(!this.anyExchangeRegistered, () -> "Cannot register " + matcher
+					+ " which would be unreachable because anyExchange() has already been registered.");
+			Assert.state(this.matcher == null,
+					() -> "The matcher " + matcher + " does not have an access rule defined");
 			this.matcher = matcher;
 			return new Access();
 		}
 
 		protected void configure(ServerHttpSecurity http) {
-			if (this.matcher != null) {
-				throw new IllegalStateException(
-						"The matcher " + this.matcher + " does not have an access rule defined");
-			}
+			Assert.state(this.matcher == null,
+					() -> "The matcher " + this.matcher + " does not have an access rule defined");
 			AuthorizationWebFilter result = new AuthorizationWebFilter(this.managerBldr.build());
 			http.addFilterAt(result, SecurityWebFiltersOrder.AUTHORIZATION);
 		}
@@ -1722,6 +1717,9 @@ public class ServerHttpSecurity {
 	 */
 	public final class CsrfSpec {
 
+		private CsrfSpec() {
+		}
+
 		private CsrfWebFilter filter = new CsrfWebFilter();
 
 		private ServerCsrfTokenRepository csrfTokenRepository = new WebSessionServerCsrfTokenRepository();
@@ -1805,9 +1803,6 @@ public class ServerHttpSecurity {
 			http.addFilterAt(this.filter, SecurityWebFiltersOrder.CSRF);
 		}
 
-		private CsrfSpec() {
-		}
-
 	}
 
 	/**
@@ -1819,6 +1814,9 @@ public class ServerHttpSecurity {
 	 */
 	public final class ExceptionHandlingSpec {
 
+		private ExceptionHandlingSpec() {
+		}
+
 		/**
 		 * Configures what to do when the application request authentication
 		 * @param authenticationEntryPoint the entry point to use
@@ -1850,9 +1848,6 @@ public class ServerHttpSecurity {
 			return ServerHttpSecurity.this;
 		}
 
-		private ExceptionHandlingSpec() {
-		}
-
 	}
 
 	/**
@@ -1867,6 +1862,9 @@ public class ServerHttpSecurity {
 
 		private ServerRequestCache requestCache = new WebSessionServerRequestCache();
 
+		private RequestCacheSpec() {
+		}
+
 		/**
 		 * Configures the cache used
 		 * @param requestCache the request cache
@@ -1901,9 +1899,6 @@ public class ServerHttpSecurity {
 			return and();
 		}
 
-		private RequestCacheSpec() {
-		}
-
 	}
 
 	/**
@@ -1921,6 +1916,9 @@ public class ServerHttpSecurity {
 
 		private ServerAuthenticationEntryPoint entryPoint = new HttpBasicServerAuthenticationEntryPoint();
 
+		private HttpBasicSpec() {
+		}
+
 		/**
 		 * The {@link ReactiveAuthenticationManager} used to authenticate. Defaults to
 		 * {@link ServerHttpSecurity#authenticationManager(ReactiveAuthenticationManager)}.
@@ -1992,9 +1990,6 @@ public class ServerHttpSecurity {
 			http.addFilterAt(authenticationFilter, SecurityWebFiltersOrder.HTTP_BASIC);
 		}
 
-		private HttpBasicSpec() {
-		}
-
 	}
 
 	/**
@@ -2025,6 +2020,9 @@ public class ServerHttpSecurity {
 
 		private ServerAuthenticationSuccessHandler authenticationSuccessHandler = this.defaultSuccessHandler;
 
+		private FormLoginSpec() {
+		}
+
 		/**
 		 * The {@link ReactiveAuthenticationManager} used to authenticate. Defaults to
 		 * {@link ServerHttpSecurity#authenticationManager(ReactiveAuthenticationManager)}.
@@ -2177,13 +2175,13 @@ public class ServerHttpSecurity {
 			http.addFilterAt(authenticationFilter, SecurityWebFiltersOrder.FORM_LOGIN);
 		}
 
-		private FormLoginSpec() {
-		}
-
 	}
 
 	private final class LoginPageSpec {
 
+		private LoginPageSpec() {
+		}
+
 		protected void configure(ServerHttpSecurity http) {
 			if (http.authenticationEntryPoint != null) {
 				return;
@@ -2209,9 +2207,6 @@ public class ServerHttpSecurity {
 			}
 		}
 
-		private LoginPageSpec() {
-		}
-
 	}
 
 	/**
@@ -2241,6 +2236,11 @@ public class ServerHttpSecurity {
 
 		private ReferrerPolicyServerHttpHeadersWriter referrerPolicy = new ReferrerPolicyServerHttpHeadersWriter();
 
+		private HeaderSpec() {
+			this.writers = new ArrayList<>(Arrays.asList(this.cacheControl, this.contentTypeOptions, this.hsts,
+					this.frameOptions, this.xss, this.featurePolicy, this.contentSecurityPolicy, this.referrerPolicy));
+		}
+
 		/**
 		 * Allows method chaining to continue configuring the {@link ServerHttpSecurity}
 		 * @return the {@link ServerHttpSecurity} to continue configuring
@@ -2437,6 +2437,9 @@ public class ServerHttpSecurity {
 		 */
 		public final class CacheSpec {
 
+			private CacheSpec() {
+			}
+
 			/**
 			 * Disables cache control response headers
 			 * @return the {@link HeaderSpec} to configure
@@ -2446,9 +2449,6 @@ public class ServerHttpSecurity {
 				return HeaderSpec.this;
 			}
 
-			private CacheSpec() {
-			}
-
 		}
 
 		/**
@@ -2458,6 +2458,9 @@ public class ServerHttpSecurity {
 		 */
 		public final class ContentTypeOptionsSpec {
 
+			private ContentTypeOptionsSpec() {
+			}
+
 			/**
 			 * Disables the content type options response header
 			 * @return the {@link HeaderSpec} to configure
@@ -2467,9 +2470,6 @@ public class ServerHttpSecurity {
 				return HeaderSpec.this;
 			}
 
-			private ContentTypeOptionsSpec() {
-			}
-
 		}
 
 		/**
@@ -2479,6 +2479,9 @@ public class ServerHttpSecurity {
 		 */
 		public final class FrameOptionsSpec {
 
+			private FrameOptionsSpec() {
+			}
+
 			/**
 			 * The mode to configure. Default is
 			 * {@link org.springframework.security.web.server.header.XFrameOptionsServerHttpHeadersWriter.Mode#DENY}
@@ -2508,9 +2511,6 @@ public class ServerHttpSecurity {
 				return and();
 			}
 
-			private FrameOptionsSpec() {
-			}
-
 		}
 
 		/**
@@ -2520,6 +2520,9 @@ public class ServerHttpSecurity {
 		 */
 		public final class HstsSpec {
 
+			private HstsSpec() {
+			}
+
 			/**
 			 * Configures the max age. Default is one year.
 			 * @param maxAge the max age
@@ -2577,9 +2580,6 @@ public class ServerHttpSecurity {
 				return HeaderSpec.this;
 			}
 
-			private HstsSpec() {
-			}
-
 		}
 
 		/**
@@ -2613,6 +2613,10 @@ public class ServerHttpSecurity {
 
 			private static final String DEFAULT_SRC_SELF_POLICY = "default-src 'self'";
 
+			private ContentSecurityPolicySpec() {
+				HeaderSpec.this.contentSecurityPolicy.setPolicyDirectives(DEFAULT_SRC_SELF_POLICY);
+			}
+
 			/**
 			 * Whether to include the {@code Content-Security-Policy-Report-Only} header
 			 * in the response. Otherwise, defaults to the {@code Content-Security-Policy}
@@ -2648,10 +2652,6 @@ public class ServerHttpSecurity {
 				HeaderSpec.this.contentSecurityPolicy.setPolicyDirectives(policyDirectives);
 			}
 
-			private ContentSecurityPolicySpec() {
-				HeaderSpec.this.contentSecurityPolicy.setPolicyDirectives(DEFAULT_SRC_SELF_POLICY);
-			}
-
 		}
 
 		/**
@@ -2662,6 +2662,10 @@ public class ServerHttpSecurity {
 		 */
 		public final class FeaturePolicySpec {
 
+			private FeaturePolicySpec(String policyDirectives) {
+				HeaderSpec.this.featurePolicy.setPolicyDirectives(policyDirectives);
+			}
+
 			/**
 			 * Allows method chaining to continue configuring the
 			 * {@link ServerHttpSecurity}.
@@ -2671,10 +2675,6 @@ public class ServerHttpSecurity {
 				return HeaderSpec.this;
 			}
 
-			private FeaturePolicySpec(String policyDirectives) {
-				HeaderSpec.this.featurePolicy.setPolicyDirectives(policyDirectives);
-			}
-
 		}
 
 		/**
@@ -2686,6 +2686,9 @@ public class ServerHttpSecurity {
 		 */
 		public final class ReferrerPolicySpec {
 
+			private ReferrerPolicySpec() {
+			}
+
 			private ReferrerPolicySpec(ReferrerPolicy referrerPolicy) {
 				HeaderSpec.this.referrerPolicy.setPolicy(referrerPolicy);
 			}
@@ -2709,14 +2712,6 @@ public class ServerHttpSecurity {
 				return HeaderSpec.this;
 			}
 
-			private ReferrerPolicySpec() {
-			}
-
-		}
-
-		private HeaderSpec() {
-			this.writers = new ArrayList<>(Arrays.asList(this.cacheControl, this.contentTypeOptions, this.hsts,
-					this.frameOptions, this.xss, this.featurePolicy, this.contentSecurityPolicy, this.referrerPolicy));
 		}
 
 	}
@@ -2736,6 +2731,9 @@ public class ServerHttpSecurity {
 
 		private List<ServerLogoutHandler> logoutHandlers = new ArrayList<>(Arrays.asList(this.DEFAULT_LOGOUT_HANDLER));
 
+		private LogoutSpec() {
+		}
+
 		/**
 		 * Configures the logout handler. Default is
 		 * {@code SecurityContextServerLogoutHandler}
@@ -2807,12 +2805,10 @@ public class ServerHttpSecurity {
 			if (this.logoutHandlers.isEmpty()) {
 				return null;
 			}
-			else if (this.logoutHandlers.size() == 1) {
+			if (this.logoutHandlers.size() == 1) {
 				return this.logoutHandlers.get(0);
 			}
-			else {
-				return new DelegatingServerLogoutHandler(this.logoutHandlers);
-			}
+			return new DelegatingServerLogoutHandler(this.logoutHandlers);
 		}
 
 		protected void configure(ServerHttpSecurity http) {
@@ -2823,9 +2819,6 @@ public class ServerHttpSecurity {
 			http.addFilterAt(this.logoutWebFilter, SecurityWebFiltersOrder.LOGOUT);
 		}
 
-		private LogoutSpec() {
-		}
-
 	}
 
 	private static class OrderedWebFilter implements WebFilter, Ordered {
@@ -2917,7 +2910,6 @@ public class ServerHttpSecurity {
 			if (this.corsFilter != null) {
 				return this.corsFilter;
 			}
-
 			CorsConfigurationSource source = getBeanOrNull(CorsConfigurationSource.class);
 			if (source == null) {
 				return null;
@@ -2965,7 +2957,6 @@ public class ServerHttpSecurity {
 		protected void configure(ServerHttpSecurity http) {
 			ReactiveAuthenticationManager authenticationManager = getAuthenticationManager();
 			X509PrincipalExtractor principalExtractor = getPrincipalExtractor();
-
 			AuthenticationWebFilter filter = new AuthenticationWebFilter(authenticationManager);
 			filter.setServerAuthenticationConverter(new ServerX509AuthenticationConverter(principalExtractor));
 			http.addFilterAt(filter, SecurityWebFiltersOrder.AUTHENTICATION);
@@ -2975,7 +2966,6 @@ public class ServerHttpSecurity {
 			if (this.principalExtractor != null) {
 				return this.principalExtractor;
 			}
-
 			return new SubjectDnX509PrincipalExtractor();
 		}
 
@@ -2983,12 +2973,8 @@ public class ServerHttpSecurity {
 			if (this.authenticationManager != null) {
 				return this.authenticationManager;
 			}
-
 			ReactiveUserDetailsService userDetailsService = getBean(ReactiveUserDetailsService.class);
-			ReactivePreAuthenticatedAuthenticationManager authenticationManager = new ReactivePreAuthenticatedAuthenticationManager(
-					userDetailsService);
-
-			return authenticationManager;
+			return new ReactivePreAuthenticatedAuthenticationManager(userDetailsService);
 		}
 
 	}
@@ -3095,21 +3081,21 @@ public class ServerHttpSecurity {
 			}
 			boolean oidcAuthenticationProviderEnabled = ClassUtils
 					.isPresent("org.springframework.security.oauth2.jwt.JwtDecoder", this.getClass().getClassLoader());
-			if (oidcAuthenticationProviderEnabled) {
-				OidcAuthorizationCodeReactiveAuthenticationManager oidc = new OidcAuthorizationCodeReactiveAuthenticationManager(
-						client, getOidcUserService());
-				ResolvableType type = ResolvableType.forClassWithGenerics(ReactiveJwtDecoderFactory.class,
-						ClientRegistration.class);
-				ReactiveJwtDecoderFactory<ClientRegistration> jwtDecoderFactory = getBeanOrNull(type);
-				if (jwtDecoderFactory != null) {
-					oidc.setJwtDecoderFactory(jwtDecoderFactory);
-				}
-				if (authoritiesMapper != null) {
-					oidc.setAuthoritiesMapper(authoritiesMapper);
-				}
-				return new DelegatingReactiveAuthenticationManager(oidc, oauth2Manager);
+			if (!oidcAuthenticationProviderEnabled) {
+				return oauth2Manager;
 			}
-			return oauth2Manager;
+			OidcAuthorizationCodeReactiveAuthenticationManager oidc = new OidcAuthorizationCodeReactiveAuthenticationManager(
+					client, getOidcUserService());
+			ResolvableType type = ResolvableType.forClassWithGenerics(ReactiveJwtDecoderFactory.class,
+					ClientRegistration.class);
+			ReactiveJwtDecoderFactory<ClientRegistration> jwtDecoderFactory = getBeanOrNull(type);
+			if (jwtDecoderFactory != null) {
+				oidc.setJwtDecoderFactory(jwtDecoderFactory);
+			}
+			if (authoritiesMapper != null) {
+				oidc.setAuthoritiesMapper(authoritiesMapper);
+			}
+			return new DelegatingReactiveAuthenticationManager(oidc, oauth2Manager);
 		}
 
 		/**
@@ -3124,17 +3110,17 @@ public class ServerHttpSecurity {
 
 		private ServerAuthenticationConverter getAuthenticationConverter(
 				ReactiveClientRegistrationRepository clientRegistrationRepository) {
-			if (this.authenticationConverter == null) {
-				ServerOAuth2AuthorizationCodeAuthenticationTokenConverter delegate = new ServerOAuth2AuthorizationCodeAuthenticationTokenConverter(
-						clientRegistrationRepository);
-				delegate.setAuthorizationRequestRepository(getAuthorizationRequestRepository());
-				ServerAuthenticationConverter authenticationConverter = (exchange) -> delegate.convert(exchange)
-						.onErrorMap(OAuth2AuthorizationException.class,
-								(e) -> new OAuth2AuthenticationException(e.getError(), e.getError().toString()));
-				this.authenticationConverter = authenticationConverter;
-				return authenticationConverter;
+			if (this.authenticationConverter != null) {
+				return this.authenticationConverter;
 			}
-			return this.authenticationConverter;
+			ServerOAuth2AuthorizationCodeAuthenticationTokenConverter delegate = new ServerOAuth2AuthorizationCodeAuthenticationTokenConverter(
+					clientRegistrationRepository);
+			delegate.setAuthorizationRequestRepository(getAuthorizationRequestRepository());
+			ServerAuthenticationConverter authenticationConverter = (exchange) -> delegate.convert(exchange).onErrorMap(
+					OAuth2AuthorizationException.class,
+					(e) -> new OAuth2AuthenticationException(e.getError(), e.getError().toString()));
+			this.authenticationConverter = authenticationConverter;
+			return authenticationConverter;
 		}
 
 		public OAuth2LoginSpec clientRegistrationRepository(
@@ -3216,21 +3202,16 @@ public class ServerHttpSecurity {
 			ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository = getAuthorizationRequestRepository();
 			oauthRedirectFilter.setAuthorizationRequestRepository(authorizationRequestRepository);
 			oauthRedirectFilter.setRequestCache(http.requestCache.requestCache);
-
 			ReactiveAuthenticationManager manager = getAuthenticationManager();
-
 			AuthenticationWebFilter authenticationFilter = new OAuth2LoginAuthenticationWebFilter(manager,
 					authorizedClientRepository);
 			authenticationFilter.setRequiresAuthenticationMatcher(getAuthenticationMatcher());
 			authenticationFilter
 					.setServerAuthenticationConverter(getAuthenticationConverter(clientRegistrationRepository));
-
 			authenticationFilter.setAuthenticationSuccessHandler(getAuthenticationSuccessHandler(http));
 			authenticationFilter.setAuthenticationFailureHandler(getAuthenticationFailureHandler());
 			authenticationFilter.setSecurityContextRepository(this.securityContextRepository);
-
 			setDefaultEntryPoints(http);
-
 			http.addFilterAt(oauthRedirectFilter, SecurityWebFiltersOrder.HTTP_BASIC);
 			http.addFilterAt(authenticationFilter, SecurityWebFiltersOrder.AUTHENTICATION);
 		}
@@ -3242,12 +3223,10 @@ public class ServerHttpSecurity {
 			if (urlToText.size() == 1) {
 				providerLoginPage = urlToText.keySet().iterator().next();
 			}
-
 			MediaTypeServerWebExchangeMatcher htmlMatcher = new MediaTypeServerWebExchangeMatcher(
 					MediaType.APPLICATION_XHTML_XML, new MediaType("image", "*"), MediaType.TEXT_HTML,
 					MediaType.TEXT_PLAIN);
 			htmlMatcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL));
-
 			ServerWebExchangeMatcher xhrMatcher = (exchange) -> {
 				if (exchange.getRequest().getHeaders().getOrEmpty("X-Requested-With").contains("XMLHttpRequest")) {
 					return ServerWebExchangeMatcher.MatchResult.match();
@@ -3255,10 +3234,8 @@ public class ServerHttpSecurity {
 				return ServerWebExchangeMatcher.MatchResult.notMatch();
 			};
 			ServerWebExchangeMatcher notXhrMatcher = new NegatedServerWebExchangeMatcher(xhrMatcher);
-
 			ServerWebExchangeMatcher defaultEntryPointMatcher = new AndServerWebExchangeMatcher(notXhrMatcher,
 					htmlMatcher);
-
 			if (providerLoginPage != null) {
 				ServerWebExchangeMatcher loginPageMatcher = new PathPatternParserServerWebExchangeMatcher(
 						defaultLoginPage);
@@ -3273,7 +3250,6 @@ public class ServerHttpSecurity {
 				entryPoint.setRequestCache(http.requestCache.requestCache);
 				http.defaultEntryPoints.add(new DelegateEntry(matcher, entryPoint));
 			}
-
 			RedirectServerAuthenticationEntryPoint defaultEntryPoint = new RedirectServerAuthenticationEntryPoint(
 					defaultLoginPage);
 			defaultEntryPoint.setRequestCache(http.requestCache.requestCache);
@@ -3304,22 +3280,20 @@ public class ServerHttpSecurity {
 			ResolvableType type = ResolvableType.forClassWithGenerics(ReactiveOAuth2UserService.class,
 					OidcUserRequest.class, OidcUser.class);
 			ReactiveOAuth2UserService<OidcUserRequest, OidcUser> bean = getBeanOrNull(type);
-			if (bean == null) {
-				return new OidcReactiveOAuth2UserService();
+			if (bean != null) {
+				return bean;
 			}
-
-			return bean;
+			return new OidcReactiveOAuth2UserService();
 		}
 
 		private ReactiveOAuth2UserService<OAuth2UserRequest, OAuth2User> getOauth2UserService() {
 			ResolvableType type = ResolvableType.forClassWithGenerics(ReactiveOAuth2UserService.class,
 					OAuth2UserRequest.class, OAuth2User.class);
 			ReactiveOAuth2UserService<OAuth2UserRequest, OAuth2User> bean = getBeanOrNull(type);
-			if (bean == null) {
-				return new DefaultReactiveOAuth2UserService();
+			if (bean != null) {
+				return bean;
 			}
-
-			return bean;
+			return new DefaultReactiveOAuth2UserService();
 		}
 
 		private Map<String, String> getLinks() {
@@ -3338,10 +3312,10 @@ public class ServerHttpSecurity {
 			ResolvableType type = ResolvableType.forClassWithGenerics(ReactiveOAuth2AccessTokenResponseClient.class,
 					OAuth2AuthorizationCodeGrantRequest.class);
 			ReactiveOAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> bean = getBeanOrNull(type);
-			if (bean == null) {
-				return new WebClientReactiveAuthorizationCodeTokenResponseClient();
+			if (bean != null) {
+				return bean;
 			}
-			return bean;
+			return new WebClientReactiveAuthorizationCodeTokenResponseClient();
 		}
 
 		private ReactiveClientRegistrationRepository getClientRegistrationRepository() {
@@ -3353,15 +3327,10 @@ public class ServerHttpSecurity {
 
 		private OAuth2AuthorizationRequestRedirectWebFilter getRedirectWebFilter() {
 			OAuth2AuthorizationRequestRedirectWebFilter oauthRedirectFilter;
-			if (this.authorizationRequestResolver == null) {
-				oauthRedirectFilter = new OAuth2AuthorizationRequestRedirectWebFilter(
-						getClientRegistrationRepository());
+			if (this.authorizationRequestResolver != null) {
+				return new OAuth2AuthorizationRequestRedirectWebFilter(this.authorizationRequestResolver);
 			}
-			else {
-				oauthRedirectFilter = new OAuth2AuthorizationRequestRedirectWebFilter(
-						this.authorizationRequestResolver);
-			}
-			return oauthRedirectFilter;
+			return new OAuth2AuthorizationRequestRedirectWebFilter(getClientRegistrationRepository());
 		}
 
 		private ServerOAuth2AuthorizedClientRepository getAuthorizedClientRepository() {
@@ -3386,11 +3355,11 @@ public class ServerHttpSecurity {
 		}
 
 		private ReactiveOAuth2AuthorizedClientService getAuthorizedClientService() {
-			ReactiveOAuth2AuthorizedClientService service = getBeanOrNull(ReactiveOAuth2AuthorizedClientService.class);
-			if (service == null) {
-				service = new InMemoryReactiveOAuth2AuthorizedClientService(getClientRegistrationRepository());
+			ReactiveOAuth2AuthorizedClientService bean = getBeanOrNull(ReactiveOAuth2AuthorizedClientService.class);
+			if (bean != null) {
+				return bean;
 			}
-			return service;
+			return new InMemoryReactiveOAuth2AuthorizedClientService(getClientRegistrationRepository());
 		}
 
 	}
@@ -3518,14 +3487,12 @@ public class ServerHttpSecurity {
 			if (http.requestCache != null) {
 				codeGrantWebFilter.setRequestCache(http.requestCache.requestCache);
 			}
-
 			OAuth2AuthorizationRequestRedirectWebFilter oauthRedirectFilter = new OAuth2AuthorizationRequestRedirectWebFilter(
 					clientRegistrationRepository);
 			oauthRedirectFilter.setAuthorizationRequestRepository(getAuthorizationRequestRepository());
 			if (http.requestCache != null) {
 				oauthRedirectFilter.setRequestCache(http.requestCache.requestCache);
 			}
-
 			http.addFilterAt(codeGrantWebFilter, SecurityWebFiltersOrder.OAUTH2_AUTHORIZATION_CODE);
 			http.addFilterAt(oauthRedirectFilter, SecurityWebFiltersOrder.HTTP_BASIC);
 		}
@@ -3542,21 +3509,22 @@ public class ServerHttpSecurity {
 				return this.authorizedClientRepository;
 			}
 			ServerOAuth2AuthorizedClientRepository result = getBeanOrNull(ServerOAuth2AuthorizedClientRepository.class);
-			if (result == null) {
-				ReactiveOAuth2AuthorizedClientService authorizedClientService = getAuthorizedClientService();
-				if (authorizedClientService != null) {
-					result = new AuthenticatedPrincipalServerOAuth2AuthorizedClientRepository(authorizedClientService);
-				}
+			if (result != null) {
+				return result;
 			}
-			return result;
+			ReactiveOAuth2AuthorizedClientService authorizedClientService = getAuthorizedClientService();
+			if (authorizedClientService != null) {
+				return new AuthenticatedPrincipalServerOAuth2AuthorizedClientRepository(authorizedClientService);
+			}
+			return null;
 		}
 
 		private ReactiveOAuth2AuthorizedClientService getAuthorizedClientService() {
-			ReactiveOAuth2AuthorizedClientService service = getBeanOrNull(ReactiveOAuth2AuthorizedClientService.class);
-			if (service == null) {
-				service = new InMemoryReactiveOAuth2AuthorizedClientService(getClientRegistrationRepository());
+			ReactiveOAuth2AuthorizedClientService bean = getBeanOrNull(ReactiveOAuth2AuthorizedClientService.class);
+			if (bean != null) {
+				return bean;
 			}
-			return service;
+			return new InMemoryReactiveOAuth2AuthorizedClientService(getClientRegistrationRepository());
 		}
 
 	}
@@ -3692,13 +3660,10 @@ public class ServerHttpSecurity {
 		protected void configure(ServerHttpSecurity http) {
 			this.authenticationConverterServerWebExchangeMatcher = new AuthenticationConverterServerWebExchangeMatcher(
 					this.bearerTokenConverter);
-
 			registerDefaultAccessDeniedHandler(http);
 			registerDefaultAuthenticationEntryPoint(http);
 			registerDefaultCsrfOverride(http);
-
 			validateConfiguration();
-
 			if (this.authenticationManagerResolver != null) {
 				AuthenticationWebFilter oauth2 = new AuthenticationWebFilter(this.authenticationManagerResolver);
 				oauth2.setServerAuthenticationConverter(this.bearerTokenConverter);
@@ -3716,25 +3681,18 @@ public class ServerHttpSecurity {
 
 		private void validateConfiguration() {
 			if (this.authenticationManagerResolver == null) {
-				if (this.jwt == null && this.opaqueToken == null) {
-					throw new IllegalStateException(
-							"Jwt and Opaque Token are the only supported formats for bearer tokens "
-									+ "in Spring Security and neither was found. Make sure to configure JWT "
-									+ "via http.oauth2ResourceServer().jwt() or Opaque Tokens via "
-									+ "http.oauth2ResourceServer().opaqueToken().");
-				}
-
-				if (this.jwt != null && this.opaqueToken != null) {
-					throw new IllegalStateException(
-							"Spring Security only supports JWTs or Opaque Tokens, not both at the " + "same time.");
-				}
+				Assert.state(this.jwt != null || this.opaqueToken != null,
+						"Jwt and Opaque Token are the only supported formats for bearer tokens "
+								+ "in Spring Security and neither was found. Make sure to configure JWT "
+								+ "via http.oauth2ResourceServer().jwt() or Opaque Tokens via "
+								+ "http.oauth2ResourceServer().opaqueToken().");
+				Assert.state(this.jwt == null || this.opaqueToken == null,
+						"Spring Security only supports JWTs or Opaque Tokens, not both at the " + "same time.");
 			}
 			else {
-				if (this.jwt != null || this.opaqueToken != null) {
-					throw new IllegalStateException(
-							"If an authenticationManagerResolver() is configured, then it takes "
-									+ "precedence over any jwt() or opaqueToken() configuration.");
-				}
+				Assert.state(this.jwt == null && this.opaqueToken == null,
+						"If an authenticationManagerResolver() is configured, then it takes "
+								+ "precedence over any jwt() or opaqueToken() configuration.");
 			}
 		}
 
@@ -3756,15 +3714,10 @@ public class ServerHttpSecurity {
 
 		private void registerDefaultCsrfOverride(ServerHttpSecurity http) {
 			if (http.csrf != null && !http.csrf.specifiedRequireCsrfProtectionMatcher) {
-				// @formatter:off
-				http
-					.csrf()
-					.requireCsrfProtectionMatcher(
-							new AndServerWebExchangeMatcher(
-									CsrfWebFilter.DEFAULT_CSRF_MATCHER,
-									new NegatedServerWebExchangeMatcher(
-											this.authenticationConverterServerWebExchangeMatcher)));
-				// @formatter:on
+				AndServerWebExchangeMatcher matcher = new AndServerWebExchangeMatcher(
+						CsrfWebFilter.DEFAULT_CSRF_MATCHER,
+						new NegatedServerWebExchangeMatcher(this.authenticationConverterServerWebExchangeMatcher));
+				http.csrf().requireCsrfProtectionMatcher(matcher);
 			}
 		}
 
@@ -3876,21 +3829,14 @@ public class ServerHttpSecurity {
 				oauth2.setServerAuthenticationConverter(OAuth2ResourceServerSpec.this.bearerTokenConverter);
 				oauth2.setAuthenticationFailureHandler(
 						new ServerAuthenticationEntryPointFailureHandler(OAuth2ResourceServerSpec.this.entryPoint));
-				// @formatter:off
-				http
-					.addFilterAt(oauth2, SecurityWebFiltersOrder.AUTHENTICATION);
-				// @formatter:on
+				http.addFilterAt(oauth2, SecurityWebFiltersOrder.AUTHENTICATION);
 			}
 
 			protected ReactiveJwtDecoder getJwtDecoder() {
-				if (this.jwtDecoder == null) {
-					return getBean(ReactiveJwtDecoder.class);
-				}
-				return this.jwtDecoder;
+				return (this.jwtDecoder != null) ? this.jwtDecoder : getBean(ReactiveJwtDecoder.class);
 			}
 
 			protected Converter<Jwt, ? extends Mono<? extends AbstractAuthenticationToken>> getJwtAuthenticationConverter() {
-
 				return this.jwtAuthenticationConverter;
 			}
 
@@ -3898,13 +3844,11 @@ public class ServerHttpSecurity {
 				if (this.authenticationManager != null) {
 					return this.authenticationManager;
 				}
-
 				ReactiveJwtDecoder jwtDecoder = getJwtDecoder();
 				Converter<Jwt, ? extends Mono<? extends AbstractAuthenticationToken>> jwtAuthenticationConverter = getJwtAuthenticationConverter();
 				JwtReactiveAuthenticationManager authenticationManager = new JwtReactiveAuthenticationManager(
 						jwtDecoder);
 				authenticationManager.setJwtAuthenticationConverter(jwtAuthenticationConverter);
-
 				return authenticationManager;
 			}
 
diff --git a/config/src/main/java/org/springframework/security/config/websocket/WebSocketMessageBrokerSecurityBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/websocket/WebSocketMessageBrokerSecurityBeanDefinitionParser.java
index a5316adec5..ba8d3ac4e0 100644
--- a/config/src/main/java/org/springframework/security/config/websocket/WebSocketMessageBrokerSecurityBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/websocket/WebSocketMessageBrokerSecurityBeanDefinitionParser.java
@@ -116,26 +116,20 @@ public final class WebSocketMessageBrokerSecurityBeanDefinitionParser implements
 	public BeanDefinition parse(Element element, ParserContext parserContext) {
 		BeanDefinitionRegistry registry = parserContext.getRegistry();
 		XmlReaderContext context = parserContext.getReaderContext();
-
 		ManagedMap<BeanDefinition, String> matcherToExpression = new ManagedMap<>();
-
 		String id = element.getAttribute(ID_ATTR);
 		Element expressionHandlerElt = DomUtils.getChildElementByTagName(element, Elements.EXPRESSION_HANDLER);
 		String expressionHandlerRef = (expressionHandlerElt != null) ? expressionHandlerElt.getAttribute("ref") : null;
 		boolean expressionHandlerDefined = StringUtils.hasText(expressionHandlerRef);
-
 		boolean sameOriginDisabled = Boolean.parseBoolean(element.getAttribute(DISABLED_ATTR));
-
 		List<Element> interceptMessages = DomUtils.getChildElementsByTagName(element, Elements.INTERCEPT_MESSAGE);
 		for (Element interceptMessage : interceptMessages) {
 			String matcherPattern = interceptMessage.getAttribute(PATTERN_ATTR);
 			String accessExpression = interceptMessage.getAttribute(ACCESS_ATTR);
 			String messageType = interceptMessage.getAttribute(TYPE_ATTR);
-
 			BeanDefinition matcher = createMatcher(matcherPattern, messageType, parserContext, interceptMessage);
 			matcherToExpression.put(matcher, accessExpression);
 		}
-
 		BeanDefinitionBuilder mds = BeanDefinitionBuilder
 				.rootBeanDefinition(ExpressionBasedMessageSecurityMetadataSourceFactory.class);
 		mds.setFactoryMethod("createExpressionMessageMetadataSource");
@@ -143,9 +137,7 @@ public final class WebSocketMessageBrokerSecurityBeanDefinitionParser implements
 		if (expressionHandlerDefined) {
 			mds.addConstructorArgReference(expressionHandlerRef);
 		}
-
 		String mdsId = context.registerWithGeneratedName(mds.getBeanDefinition());
-
 		ManagedList<BeanDefinition> voters = new ManagedList<>();
 		BeanDefinitionBuilder messageExpressionVoterBldr = BeanDefinitionBuilder
 				.rootBeanDefinition(MessageExpressionVoter.class);
@@ -155,17 +147,14 @@ public final class WebSocketMessageBrokerSecurityBeanDefinitionParser implements
 		voters.add(messageExpressionVoterBldr.getBeanDefinition());
 		BeanDefinitionBuilder adm = BeanDefinitionBuilder.rootBeanDefinition(ConsensusBased.class);
 		adm.addConstructorArgValue(voters);
-
 		BeanDefinitionBuilder inboundChannelSecurityInterceptor = BeanDefinitionBuilder
 				.rootBeanDefinition(ChannelSecurityInterceptor.class);
 		inboundChannelSecurityInterceptor.addConstructorArgValue(registry.getBeanDefinition(mdsId));
 		inboundChannelSecurityInterceptor.addPropertyValue("accessDecisionManager", adm.getBeanDefinition());
 		String inSecurityInterceptorName = context
 				.registerWithGeneratedName(inboundChannelSecurityInterceptor.getBeanDefinition());
-
 		if (StringUtils.hasText(id)) {
 			registry.registerAlias(inSecurityInterceptorName, id);
-
 			if (!registry.containsBeanDefinition(PATH_MATCHER_BEAN_NAME)) {
 				registry.registerBeanDefinition(PATH_MATCHER_BEAN_NAME, new RootBeanDefinition(AntPathMatcher.class));
 			}
@@ -176,7 +165,6 @@ public final class WebSocketMessageBrokerSecurityBeanDefinitionParser implements
 			mspp.addConstructorArgValue(sameOriginDisabled);
 			context.registerWithGeneratedName(mspp.getBeanDefinition());
 		}
-
 		return null;
 	}
 
@@ -189,7 +177,6 @@ public final class WebSocketMessageBrokerSecurityBeanDefinitionParser implements
 			matcher.addConstructorArgValue(messageType);
 			return matcher.getBeanDefinition();
 		}
-
 		String factoryName = null;
 		if (hasPattern && hasMessageType) {
 			SimpMessageType type = SimpMessageType.valueOf(messageType);
@@ -204,7 +191,6 @@ public final class WebSocketMessageBrokerSecurityBeanDefinitionParser implements
 						+ " with a pattern because the type does not have a destination.", interceptMessage);
 			}
 		}
-
 		BeanDefinitionBuilder matcher = BeanDefinitionBuilder.rootBeanDefinition(SimpDestinationMessageMatcher.class);
 		matcher.setFactoryMethod(factoryName);
 		matcher.addConstructorArgValue(matcherPattern);
@@ -249,7 +235,6 @@ public final class WebSocketMessageBrokerSecurityBeanDefinitionParser implements
 					}
 					argResolvers.add(new RootBeanDefinition(AuthenticationPrincipalArgumentResolver.class));
 					bd.getPropertyValues().add(CUSTOM_ARG_RESOLVERS_PROP, argResolvers);
-
 					if (!registry.containsBeanDefinition(PATH_MATCHER_BEAN_NAME)) {
 						PropertyValue pathMatcherProp = bd.getPropertyValues().getPropertyValue("pathMatcher");
 						Object pathMatcher = (pathMatcherProp != null) ? pathMatcherProp.getValue() : null;
@@ -271,7 +256,6 @@ public final class WebSocketMessageBrokerSecurityBeanDefinitionParser implements
 					addCsrfTokenHandshakeInterceptor(bd);
 				}
 			}
-
 			if (!registry.containsBeanDefinition(CLIENT_INBOUND_CHANNEL_BEAN_ID)) {
 				return;
 			}
@@ -281,7 +265,6 @@ public final class WebSocketMessageBrokerSecurityBeanDefinitionParser implements
 				interceptors.add(new RootBeanDefinition(CsrfChannelInterceptor.class));
 			}
 			interceptors.add(registry.getBeanDefinition(this.inboundSecurityInterceptorId));
-
 			BeanDefinition inboundChannel = registry.getBeanDefinition(CLIENT_INBOUND_CHANNEL_BEAN_ID);
 			PropertyValue currentInterceptorsPv = inboundChannel.getPropertyValues()
 					.getPropertyValue(INTERCEPTORS_PROP);
@@ -289,9 +272,7 @@ public final class WebSocketMessageBrokerSecurityBeanDefinitionParser implements
 				ManagedList<?> currentInterceptors = (ManagedList<?>) currentInterceptorsPv.getValue();
 				interceptors.addAll(currentInterceptors);
 			}
-
 			inboundChannel.getPropertyValues().add(INTERCEPTORS_PROP, interceptors);
-
 			if (!registry.containsBeanDefinition(PATH_MATCHER_BEAN_NAME)) {
 				registry.registerBeanDefinition(PATH_MATCHER_BEAN_NAME, new RootBeanDefinition(AntPathMatcher.class));
 			}

From 771ef0dadcbaf0e9887a36d884167c80025654e5 Mon Sep 17 00:00:00 2001
From: Phillip Webb <pwebb@vmware.com>
Date: Thu, 30 Jul 2020 21:09:15 -0700
Subject: [PATCH 52/84] Polish spring-security-core main code

Manually polish `spring-security-core` following the formatting
and checkstyle fixes.

Issue gh-8945
---
 .../security/access/SecurityConfig.java       |   4 -
 .../Jsr250MethodSecurityMetadataSource.java   |  11 +-
 .../access/annotation/Jsr250Voter.java        |   4 -
 ...curedAnnotationSecurityMetadataSource.java |  10 +-
 ...uthenticationCredentialsNotFoundEvent.java |  12 +-
 .../event/AuthorizationFailureEvent.java      |  14 +-
 .../access/event/AuthorizedEvent.java         |  11 +-
 .../security/access/event/LoggerListener.java |  58 +++---
 .../AbstractSecurityExpressionHandler.java    |   9 +-
 .../DenyAllPermissionEvaluator.java           |   9 +-
 .../expression/SecurityExpressionRoot.java    |  13 +-
 ...efaultMethodSecurityExpressionHandler.java | 170 ++++++++----------
 .../ExpressionBasedPostInvocationAdvice.java  |  18 +-
 .../ExpressionBasedPreInvocationAdvice.java   |  39 ++--
 .../MethodSecurityEvaluationContext.java      |   4 -
 .../PreInvocationExpressionAttribute.java     |   2 -
 .../hierarchicalroles/RoleHierarchyImpl.java  |  42 ++---
 .../hierarchicalroles/RoleHierarchyUtils.java |  21 +--
 .../AbstractSecurityInterceptor.java          | 158 ++++++----------
 .../AfterInvocationProviderManager.java       |  23 +--
 .../MethodInvocationPrivilegeEvaluator.java   |  30 ++--
 .../RunAsImplAuthenticationProvider.java      |   7 +-
 .../access/intercept/RunAsManagerImpl.java    |   4 -
 .../access/intercept/RunAsUserToken.java      |   1 -
 .../MethodSecurityInterceptor.java            |   1 -
 .../MethodSecurityMetadataSourceAdvisor.java  |  11 +-
 .../AspectJMethodSecurityInterceptor.java     |   2 -
 .../aspectj/MethodInvocationAdapter.java      |  11 +-
 ...tFallbackMethodSecurityMetadataSource.java |   2 -
 .../AbstractMethodSecurityMetadataSource.java |   2 -
 ...elegatingMethodSecurityMetadataSource.java |  15 +-
 .../MapBasedMethodSecurityMetadataSource.java |  69 +++----
 .../prepost/PostInvocationAdviceProvider.java |  11 +-
 ...PreInvocationAuthorizationAdviceVoter.java |  12 +-
 ...rePostAdviceReactiveMethodInterceptor.java |  16 +-
 ...ePostAnnotationSecurityMetadataSource.java |  28 +--
 .../vote/AbstractAccessDecisionManager.java   |   6 +-
 .../access/vote/AbstractAclVoter.java         |   9 +-
 .../access/vote/AffirmativeBased.java         |  14 +-
 .../access/vote/AuthenticatedVoter.java       |   5 -
 .../security/access/vote/ConsensusBased.java  |  23 +--
 .../security/access/vote/RoleVoter.java       |   3 -
 .../security/access/vote/UnanimousBased.java  |  17 +-
 .../AbstractAuthenticationToken.java          |  31 +---
 ...rDetailsReactiveAuthenticationManager.java |  51 +++---
 .../AccountStatusUserDetailsChecker.java      |   3 -
 .../AnonymousAuthenticationProvider.java      |   2 -
 .../AnonymousAuthenticationToken.java         |  15 +-
 .../AuthenticationTrustResolverImpl.java      |   2 -
 .../CachingUserDetailsService.java            |   4 -
 .../DefaultAuthenticationEventPublisher.java  |   3 -
 .../authentication/ProviderManager.java       |  28 +--
 .../ReactiveAuthenticationManagerAdapter.java |  19 +-
 .../RememberMeAuthenticationProvider.java     |   2 -
 .../RememberMeAuthenticationToken.java        |  11 +-
 .../UsernamePasswordAuthenticationToken.java  |   8 +-
 ...ractUserDetailsAuthenticationProvider.java |  58 ++----
 .../dao/DaoAuthenticationProvider.java        |   4 -
 .../authentication/event/LoggerListener.java  |  30 ++--
 .../AbstractJaasAuthenticationProvider.java   |  85 ++++-----
 .../jaas/JaasAuthenticationProvider.java      |  13 +-
 .../jaas/JaasNameCallbackHandler.java         |  22 +--
 .../jaas/JaasPasswordCallbackHandler.java     |   3 +-
 .../jaas/SecurityContextLoginModule.java      |  29 +--
 .../rcp/RemoteAuthenticationManagerImpl.java  |   5 +-
 .../rcp/RemoteAuthenticationProvider.java     |   1 -
 ...enticatedReactiveAuthorizationManager.java |   6 +-
 ...AuthorityReactiveAuthorizationManager.java |   8 +-
 .../ReactiveAuthorizationManager.java         |   4 +-
 .../DelegatingSecurityContextCallable.java    |   1 -
 .../DelegatingSecurityContextExecutor.java    |   3 +-
 ...egatingSecurityContextExecutorService.java |   9 +-
 .../DelegatingSecurityContextRunnable.java    |   1 -
 ...curityContextScheduledExecutorService.java |  12 +-
 .../security/converter/RsaKeyConverters.java  |   6 +-
 .../core/SpringSecurityCoreVersion.java       |  15 +-
 .../core/authority/AuthorityUtils.java        |   9 +-
 .../authority/SimpleGrantedAuthority.java     |   2 -
 ...edAttributes2GrantedAuthoritiesMapper.java |  25 ++-
 .../mapping/SimpleAuthorityMapper.java        |   4 -
 .../GlobalSecurityContextHolderStrategy.java  |   1 -
 ...eadLocalSecurityContextHolderStrategy.java |   2 -
 .../ReactiveSecurityContextHolder.java        |  12 +-
 .../core/context/SecurityContextHolder.java   |  58 +++---
 .../core/context/SecurityContextImpl.java     |  21 +--
 ...eadLocalSecurityContextHolderStrategy.java |   2 -
 .../AnnotationParameterNameDiscoverer.java    |  12 +-
 ...efaultSecurityParameterNameDiscoverer.java |   7 -
 .../core/session/SessionRegistryImpl.java     |  45 +----
 .../KeyBasedPersistenceTokenService.java      |  17 +-
 .../core/token/SecureRandomFactoryBean.java   |  11 +-
 .../MapReactiveUserDetailsService.java        |  13 +-
 .../security/core/userdetails/User.java       |  30 +---
 .../cache/EhCacheBasedUserCache.java          |  25 +--
 .../cache/SpringCacheBasedUserCache.java      |  23 +--
 .../core/userdetails/jdbc/JdbcDaoImpl.java    |  15 --
 .../memory/UserAttributeEditor.java           |  54 +++---
 .../jackson2/SecurityJackson2Modules.java     |  37 ++--
 .../security/jackson2/UserDeserializer.java   |  23 ++-
 ...sswordAuthenticationTokenDeserializer.java |  55 +++---
 .../InMemoryUserDetailsManager.java           |  30 +---
 .../provisioning/JdbcUserDetailsManager.java  | 108 ++++-------
 ...atingSecurityContextAsyncTaskExecutor.java |   9 +-
 .../security/util/FieldUtils.java             |  10 +-
 .../security/util/MethodInvocationUtils.java  |  39 ++--
 105 files changed, 753 insertions(+), 1371 deletions(-)

diff --git a/core/src/main/java/org/springframework/security/access/SecurityConfig.java b/core/src/main/java/org/springframework/security/access/SecurityConfig.java
index c6888dff8a..4be11c2dfc 100644
--- a/core/src/main/java/org/springframework/security/access/SecurityConfig.java
+++ b/core/src/main/java/org/springframework/security/access/SecurityConfig.java
@@ -40,10 +40,8 @@ public class SecurityConfig implements ConfigAttribute {
 	public boolean equals(Object obj) {
 		if (obj instanceof ConfigAttribute) {
 			ConfigAttribute attr = (ConfigAttribute) obj;
-
 			return this.attrib.equals(attr.getAttribute());
 		}
-
 		return false;
 	}
 
@@ -69,11 +67,9 @@ public class SecurityConfig implements ConfigAttribute {
 	public static List<ConfigAttribute> createList(String... attributeNames) {
 		Assert.notNull(attributeNames, "You must supply an array of attribute names");
 		List<ConfigAttribute> attributes = new ArrayList<>(attributeNames.length);
-
 		for (String attribute : attributeNames) {
 			attributes.add(new SecurityConfig(attribute.trim()));
 		}
-
 		return attributes;
 	}
 
diff --git a/core/src/main/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSource.java b/core/src/main/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSource.java
index b2c9efa2f6..2cc9700280 100644
--- a/core/src/main/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSource.java
+++ b/core/src/main/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSource.java
@@ -76,18 +76,17 @@ public class Jsr250MethodSecurityMetadataSource extends AbstractFallbackMethodSe
 			return null;
 		}
 		List<ConfigAttribute> attributes = new ArrayList<>();
-
-		for (Annotation a : annotations) {
-			if (a instanceof DenyAll) {
+		for (Annotation annotation : annotations) {
+			if (annotation instanceof DenyAll) {
 				attributes.add(Jsr250SecurityConfig.DENY_ALL_ATTRIBUTE);
 				return attributes;
 			}
-			if (a instanceof PermitAll) {
+			if (annotation instanceof PermitAll) {
 				attributes.add(Jsr250SecurityConfig.PERMIT_ALL_ATTRIBUTE);
 				return attributes;
 			}
-			if (a instanceof RolesAllowed) {
-				RolesAllowed ra = (RolesAllowed) a;
+			if (annotation instanceof RolesAllowed) {
+				RolesAllowed ra = (RolesAllowed) annotation;
 
 				for (String allowed : ra.value()) {
 					String defaultedAllowed = getRoleWithDefaultPrefix(allowed);
diff --git a/core/src/main/java/org/springframework/security/access/annotation/Jsr250Voter.java b/core/src/main/java/org/springframework/security/access/annotation/Jsr250Voter.java
index 78e6778bbb..d94ae1d3da 100644
--- a/core/src/main/java/org/springframework/security/access/annotation/Jsr250Voter.java
+++ b/core/src/main/java/org/springframework/security/access/annotation/Jsr250Voter.java
@@ -65,16 +65,13 @@ public class Jsr250Voter implements AccessDecisionVoter<Object> {
 	@Override
 	public int vote(Authentication authentication, Object object, Collection<ConfigAttribute> definition) {
 		boolean jsr250AttributeFound = false;
-
 		for (ConfigAttribute attribute : definition) {
 			if (Jsr250SecurityConfig.PERMIT_ALL_ATTRIBUTE.equals(attribute)) {
 				return ACCESS_GRANTED;
 			}
-
 			if (Jsr250SecurityConfig.DENY_ALL_ATTRIBUTE.equals(attribute)) {
 				return ACCESS_DENIED;
 			}
-
 			if (supports(attribute)) {
 				jsr250AttributeFound = true;
 				// Attempt to find a matching granted authority
@@ -85,7 +82,6 @@ public class Jsr250Voter implements AccessDecisionVoter<Object> {
 				}
 			}
 		}
-
 		return jsr250AttributeFound ? ACCESS_DENIED : ACCESS_ABSTAIN;
 	}
 
diff --git a/core/src/main/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSource.java b/core/src/main/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSource.java
index 903e91b4a2..152b52ec43 100644
--- a/core/src/main/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSource.java
+++ b/core/src/main/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSource.java
@@ -74,12 +74,8 @@ public class SecuredAnnotationSecurityMetadataSource extends AbstractFallbackMet
 		return null;
 	}
 
-	private Collection<ConfigAttribute> processAnnotation(Annotation a) {
-		if (a == null) {
-			return null;
-		}
-
-		return this.annotationExtractor.extractAttributes(a);
+	private Collection<ConfigAttribute> processAnnotation(Annotation annotation) {
+		return (annotation != null) ? this.annotationExtractor.extractAttributes(annotation) : null;
 	}
 
 	static class SecuredAnnotationMetadataExtractor implements AnnotationMetadataExtractor<Secured> {
@@ -88,11 +84,9 @@ public class SecuredAnnotationSecurityMetadataSource extends AbstractFallbackMet
 		public Collection<ConfigAttribute> extractAttributes(Secured secured) {
 			String[] attributeTokens = secured.value();
 			List<ConfigAttribute> attributes = new ArrayList<>(attributeTokens.length);
-
 			for (String token : attributeTokens) {
 				attributes.add(new SecurityConfig(token));
 			}
-
 			return attributes;
 		}
 
diff --git a/core/src/main/java/org/springframework/security/access/event/AuthenticationCredentialsNotFoundEvent.java b/core/src/main/java/org/springframework/security/access/event/AuthenticationCredentialsNotFoundEvent.java
index 2a380cdb73..2474a81059 100644
--- a/core/src/main/java/org/springframework/security/access/event/AuthenticationCredentialsNotFoundEvent.java
+++ b/core/src/main/java/org/springframework/security/access/event/AuthenticationCredentialsNotFoundEvent.java
@@ -20,6 +20,7 @@ import java.util.Collection;
 
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
+import org.springframework.util.Assert;
 
 /**
  * Indicates a secure object invocation failed because the <code>Authentication</code>
@@ -29,9 +30,9 @@ import org.springframework.security.authentication.AuthenticationCredentialsNotF
  */
 public class AuthenticationCredentialsNotFoundEvent extends AbstractAuthorizationEvent {
 
-	private AuthenticationCredentialsNotFoundException credentialsNotFoundException;
+	private final AuthenticationCredentialsNotFoundException credentialsNotFoundException;
 
-	private Collection<ConfigAttribute> configAttribs;
+	private final Collection<ConfigAttribute> configAttribs;
 
 	/**
 	 * Construct the event.
@@ -44,11 +45,8 @@ public class AuthenticationCredentialsNotFoundEvent extends AbstractAuthorizatio
 	public AuthenticationCredentialsNotFoundEvent(Object secureObject, Collection<ConfigAttribute> attributes,
 			AuthenticationCredentialsNotFoundException credentialsNotFoundException) {
 		super(secureObject);
-
-		if ((attributes == null) || (credentialsNotFoundException == null)) {
-			throw new IllegalArgumentException("All parameters are required and cannot be null");
-		}
-
+		Assert.isTrue(attributes != null && credentialsNotFoundException != null,
+				"All parameters are required and cannot be null");
 		this.configAttribs = attributes;
 		this.credentialsNotFoundException = credentialsNotFoundException;
 	}
diff --git a/core/src/main/java/org/springframework/security/access/event/AuthorizationFailureEvent.java b/core/src/main/java/org/springframework/security/access/event/AuthorizationFailureEvent.java
index a3a39198e3..de6a301c6a 100644
--- a/core/src/main/java/org/springframework/security/access/event/AuthorizationFailureEvent.java
+++ b/core/src/main/java/org/springframework/security/access/event/AuthorizationFailureEvent.java
@@ -21,6 +21,7 @@ import java.util.Collection;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.core.Authentication;
+import org.springframework.util.Assert;
 
 /**
  * Indicates a secure object invocation failed because the principal could not be
@@ -36,11 +37,11 @@ import org.springframework.security.core.Authentication;
  */
 public class AuthorizationFailureEvent extends AbstractAuthorizationEvent {
 
-	private AccessDeniedException accessDeniedException;
+	private final AccessDeniedException accessDeniedException;
 
-	private Authentication authentication;
+	private final Authentication authentication;
 
-	private Collection<ConfigAttribute> configAttributes;
+	private final Collection<ConfigAttribute> configAttributes;
 
 	/**
 	 * Construct the event.
@@ -54,11 +55,8 @@ public class AuthorizationFailureEvent extends AbstractAuthorizationEvent {
 	public AuthorizationFailureEvent(Object secureObject, Collection<ConfigAttribute> attributes,
 			Authentication authentication, AccessDeniedException accessDeniedException) {
 		super(secureObject);
-
-		if ((attributes == null) || (authentication == null) || (accessDeniedException == null)) {
-			throw new IllegalArgumentException("All parameters are required and cannot be null");
-		}
-
+		Assert.isTrue(attributes != null && authentication != null && accessDeniedException != null,
+				"All parameters are required and cannot be null");
 		this.configAttributes = attributes;
 		this.authentication = authentication;
 		this.accessDeniedException = accessDeniedException;
diff --git a/core/src/main/java/org/springframework/security/access/event/AuthorizedEvent.java b/core/src/main/java/org/springframework/security/access/event/AuthorizedEvent.java
index dbe2e8d434..f3b05d655b 100644
--- a/core/src/main/java/org/springframework/security/access/event/AuthorizedEvent.java
+++ b/core/src/main/java/org/springframework/security/access/event/AuthorizedEvent.java
@@ -20,6 +20,7 @@ import java.util.Collection;
 
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.core.Authentication;
+import org.springframework.util.Assert;
 
 /**
  * Event indicating a secure object was invoked successfully.
@@ -31,9 +32,9 @@ import org.springframework.security.core.Authentication;
  */
 public class AuthorizedEvent extends AbstractAuthorizationEvent {
 
-	private Authentication authentication;
+	private final Authentication authentication;
 
-	private Collection<ConfigAttribute> configAttributes;
+	private final Collection<ConfigAttribute> configAttributes;
 
 	/**
 	 * Construct the event.
@@ -44,11 +45,7 @@ public class AuthorizedEvent extends AbstractAuthorizationEvent {
 	 */
 	public AuthorizedEvent(Object secureObject, Collection<ConfigAttribute> attributes, Authentication authentication) {
 		super(secureObject);
-
-		if ((attributes == null) || (authentication == null)) {
-			throw new IllegalArgumentException("All parameters are required and cannot be null");
-		}
-
+		Assert.isTrue(attributes != null && authentication != null, "All parameters are required and cannot be null");
 		this.configAttributes = attributes;
 		this.authentication = authentication;
 	}
diff --git a/core/src/main/java/org/springframework/security/access/event/LoggerListener.java b/core/src/main/java/org/springframework/security/access/event/LoggerListener.java
index 57e6d52d17..02247ceb15 100644
--- a/core/src/main/java/org/springframework/security/access/event/LoggerListener.java
+++ b/core/src/main/java/org/springframework/security/access/event/LoggerListener.java
@@ -20,6 +20,7 @@ import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
 import org.springframework.context.ApplicationListener;
+import org.springframework.core.log.LogMessage;
 
 /**
  * Outputs interceptor-related application events to Commons Logging.
@@ -37,42 +38,41 @@ public class LoggerListener implements ApplicationListener<AbstractAuthorization
 	@Override
 	public void onApplicationEvent(AbstractAuthorizationEvent event) {
 		if (event instanceof AuthenticationCredentialsNotFoundEvent) {
-			AuthenticationCredentialsNotFoundEvent authEvent = (AuthenticationCredentialsNotFoundEvent) event;
-
-			if (logger.isWarnEnabled()) {
-				logger.warn("Security interception failed due to: " + authEvent.getCredentialsNotFoundException()
-						+ "; secure object: " + authEvent.getSource() + "; configuration attributes: "
-						+ authEvent.getConfigAttributes());
-			}
+			onAuthenticationCredentialsNotFoundEvent((AuthenticationCredentialsNotFoundEvent) event);
 		}
-
 		if (event instanceof AuthorizationFailureEvent) {
-			AuthorizationFailureEvent authEvent = (AuthorizationFailureEvent) event;
-
-			if (logger.isWarnEnabled()) {
-				logger.warn("Security authorization failed due to: " + authEvent.getAccessDeniedException()
-						+ "; authenticated principal: " + authEvent.getAuthentication() + "; secure object: "
-						+ authEvent.getSource() + "; configuration attributes: " + authEvent.getConfigAttributes());
-			}
+			onAuthorizationFailureEvent((AuthorizationFailureEvent) event);
 		}
-
 		if (event instanceof AuthorizedEvent) {
-			AuthorizedEvent authEvent = (AuthorizedEvent) event;
-
-			if (logger.isInfoEnabled()) {
-				logger.info("Security authorized for authenticated principal: " + authEvent.getAuthentication()
-						+ "; secure object: " + authEvent.getSource() + "; configuration attributes: "
-						+ authEvent.getConfigAttributes());
-			}
+			onAuthorizedEvent((AuthorizedEvent) event);
 		}
-
 		if (event instanceof PublicInvocationEvent) {
-			PublicInvocationEvent authEvent = (PublicInvocationEvent) event;
-
-			if (logger.isInfoEnabled()) {
-				logger.info("Security interception not required for public secure object: " + authEvent.getSource());
-			}
+			onPublicInvocationEvent((PublicInvocationEvent) event);
 		}
 	}
 
+	private void onAuthenticationCredentialsNotFoundEvent(AuthenticationCredentialsNotFoundEvent authEvent) {
+		logger.warn(LogMessage.format(
+				"Security interception failed due to: %s; secure object: %s; configuration attributes: %s",
+				authEvent.getCredentialsNotFoundException(), authEvent.getSource(), authEvent.getConfigAttributes()));
+	}
+
+	private void onPublicInvocationEvent(PublicInvocationEvent event) {
+		logger.info(LogMessage.format("Security interception not required for public secure object: %s",
+				event.getSource()));
+	}
+
+	private void onAuthorizedEvent(AuthorizedEvent authEvent) {
+		logger.info(LogMessage.format(
+				"Security authorized for authenticated principal: %s; secure object: %s; configuration attributes: %s",
+				authEvent.getAuthentication(), authEvent.getSource(), authEvent.getConfigAttributes()));
+	}
+
+	private void onAuthorizationFailureEvent(AuthorizationFailureEvent authEvent) {
+		logger.warn(LogMessage.format(
+				"Security authorization failed due to: %s; authenticated principal: %s; secure object: %s; configuration attributes: %s",
+				authEvent.getAccessDeniedException(), authEvent.getAuthentication(), authEvent.getSource(),
+				authEvent.getConfigAttributes()));
+	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/access/expression/AbstractSecurityExpressionHandler.java b/core/src/main/java/org/springframework/security/access/expression/AbstractSecurityExpressionHandler.java
index 9ca2847721..6a70491d7c 100644
--- a/core/src/main/java/org/springframework/security/access/expression/AbstractSecurityExpressionHandler.java
+++ b/core/src/main/java/org/springframework/security/access/expression/AbstractSecurityExpressionHandler.java
@@ -42,7 +42,7 @@ public abstract class AbstractSecurityExpressionHandler<T>
 
 	private ExpressionParser expressionParser = new SpelExpressionParser();
 
-	private BeanResolver br;
+	private BeanResolver beanResolver;
 
 	private RoleHierarchy roleHierarchy;
 
@@ -70,9 +70,8 @@ public abstract class AbstractSecurityExpressionHandler<T>
 	public final EvaluationContext createEvaluationContext(Authentication authentication, T invocation) {
 		SecurityExpressionOperations root = createSecurityExpressionRoot(authentication, invocation);
 		StandardEvaluationContext ctx = createEvaluationContextInternal(authentication, invocation);
-		ctx.setBeanResolver(this.br);
+		ctx.setBeanResolver(this.beanResolver);
 		ctx.setRootObject(root);
-
 		return ctx;
 	}
 
@@ -96,7 +95,7 @@ public abstract class AbstractSecurityExpressionHandler<T>
 	 * invocation type.
 	 * @param authentication the current authentication object
 	 * @param invocation the invocation (filter, method, channel)
-	 * @return the object wh
+	 * @return the object
 	 */
 	protected abstract SecurityExpressionOperations createSecurityExpressionRoot(Authentication authentication,
 			T invocation);
@@ -119,7 +118,7 @@ public abstract class AbstractSecurityExpressionHandler<T>
 
 	@Override
 	public void setApplicationContext(ApplicationContext applicationContext) {
-		this.br = new BeanFactoryResolver(applicationContext);
+		this.beanResolver = new BeanFactoryResolver(applicationContext);
 	}
 
 }
diff --git a/core/src/main/java/org/springframework/security/access/expression/DenyAllPermissionEvaluator.java b/core/src/main/java/org/springframework/security/access/expression/DenyAllPermissionEvaluator.java
index 760f8059de..2aae6b7a24 100644
--- a/core/src/main/java/org/springframework/security/access/expression/DenyAllPermissionEvaluator.java
+++ b/core/src/main/java/org/springframework/security/access/expression/DenyAllPermissionEvaluator.java
@@ -21,6 +21,7 @@ import java.io.Serializable;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
+import org.springframework.core.log.LogMessage;
 import org.springframework.security.access.PermissionEvaluator;
 import org.springframework.security.core.Authentication;
 
@@ -40,8 +41,8 @@ public class DenyAllPermissionEvaluator implements PermissionEvaluator {
 	 */
 	@Override
 	public boolean hasPermission(Authentication authentication, Object target, Object permission) {
-		this.logger.warn(
-				"Denying user " + authentication.getName() + " permission '" + permission + "' on object " + target);
+		this.logger.warn(LogMessage.format("Denying user %s permission '%s' on object %s", authentication.getName(),
+				permission, target));
 		return false;
 	}
 
@@ -51,8 +52,8 @@ public class DenyAllPermissionEvaluator implements PermissionEvaluator {
 	@Override
 	public boolean hasPermission(Authentication authentication, Serializable targetId, String targetType,
 			Object permission) {
-		this.logger.warn("Denying user " + authentication.getName() + " permission '" + permission
-				+ "' on object with Id '" + targetId);
+		this.logger.warn(LogMessage.format("Denying user %s permission '%s' on object with Id %s",
+				authentication.getName(), permission, targetId));
 		return false;
 	}
 
diff --git a/core/src/main/java/org/springframework/security/access/expression/SecurityExpressionRoot.java b/core/src/main/java/org/springframework/security/access/expression/SecurityExpressionRoot.java
index b665d23c45..155b317638 100644
--- a/core/src/main/java/org/springframework/security/access/expression/SecurityExpressionRoot.java
+++ b/core/src/main/java/org/springframework/security/access/expression/SecurityExpressionRoot.java
@@ -45,10 +45,14 @@ public abstract class SecurityExpressionRoot implements SecurityExpressionOperat
 
 	private String defaultRolePrefix = "ROLE_";
 
-	/** Allows "permitAll" expression */
+	/**
+	 * Allows "permitAll" expression
+	 */
 	public final boolean permitAll = true;
 
-	/** Allows "denyAll" expression */
+	/**
+	 * Allows "denyAll" expression
+	 */
 	public final boolean denyAll = false;
 
 	private PermissionEvaluator permissionEvaluator;
@@ -96,14 +100,12 @@ public abstract class SecurityExpressionRoot implements SecurityExpressionOperat
 
 	private boolean hasAnyAuthorityName(String prefix, String... roles) {
 		Set<String> roleSet = getAuthoritySet();
-
 		for (String role : roles) {
 			String defaultedRole = getRoleWithDefaultPrefix(prefix, role);
 			if (roleSet.contains(defaultedRole)) {
 				return true;
 			}
 		}
-
 		return false;
 	}
 
@@ -180,14 +182,11 @@ public abstract class SecurityExpressionRoot implements SecurityExpressionOperat
 	private Set<String> getAuthoritySet() {
 		if (this.roles == null) {
 			Collection<? extends GrantedAuthority> userAuthorities = this.authentication.getAuthorities();
-
 			if (this.roleHierarchy != null) {
 				userAuthorities = this.roleHierarchy.getReachableGrantedAuthorities(userAuthorities);
 			}
-
 			this.roles = AuthorityUtils.authorityListToSet(userAuthorities);
 		}
-
 		return this.roles;
 	}
 
diff --git a/core/src/main/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandler.java b/core/src/main/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandler.java
index 95b5bced1b..6254ee087d 100644
--- a/core/src/main/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandler.java
+++ b/core/src/main/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandler.java
@@ -30,6 +30,7 @@ import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
 import org.springframework.core.ParameterNameDiscoverer;
+import org.springframework.core.log.LogMessage;
 import org.springframework.expression.EvaluationContext;
 import org.springframework.expression.Expression;
 import org.springframework.expression.spel.support.StandardEvaluationContext;
@@ -88,7 +89,6 @@ public class DefaultMethodSecurityExpressionHandler extends AbstractSecurityExpr
 		root.setTrustResolver(getTrustResolver());
 		root.setRoleHierarchy(getRoleHierarchy());
 		root.setDefaultRolePrefix(getDefaultRolePrefix());
-
 		return root;
 	}
 
@@ -101,119 +101,91 @@ public class DefaultMethodSecurityExpressionHandler extends AbstractSecurityExpr
 	 * {@code true}. For an array, a new array instance will be returned.
 	 */
 	@Override
-	@SuppressWarnings("unchecked")
 	public Object filter(Object filterTarget, Expression filterExpression, EvaluationContext ctx) {
 		MethodSecurityExpressionOperations rootObject = (MethodSecurityExpressionOperations) ctx.getRootObject()
 				.getValue();
-		final boolean debug = this.logger.isDebugEnabled();
-		List retainList;
-
-		if (debug) {
-			this.logger.debug("Filtering with expression: " + filterExpression.getExpressionString());
-		}
-
+		this.logger.debug(LogMessage.format("Filtering with expression: %s", filterExpression.getExpressionString()));
 		if (filterTarget instanceof Collection) {
-			Collection collection = (Collection) filterTarget;
-			retainList = new ArrayList(collection.size());
-
-			if (debug) {
-				this.logger.debug("Filtering collection with " + collection.size() + " elements");
-			}
-
-			if (this.permissionCacheOptimizer != null) {
-				this.permissionCacheOptimizer.cachePermissionsFor(rootObject.getAuthentication(), collection);
-			}
-
-			for (Object filterObject : (Collection) filterTarget) {
-				rootObject.setFilterObject(filterObject);
-
-				if (ExpressionUtils.evaluateAsBoolean(filterExpression, ctx)) {
-					retainList.add(filterObject);
-				}
-			}
-
-			if (debug) {
-				this.logger.debug("Retaining elements: " + retainList);
-			}
-
-			collection.clear();
-			collection.addAll(retainList);
-
-			return filterTarget;
+			return filterCollection((Collection<?>) filterTarget, filterExpression, ctx, rootObject);
 		}
-
 		if (filterTarget.getClass().isArray()) {
-			Object[] array = (Object[]) filterTarget;
-			retainList = new ArrayList(array.length);
-
-			if (debug) {
-				this.logger.debug("Filtering array with " + array.length + " elements");
-			}
-
-			if (this.permissionCacheOptimizer != null) {
-				this.permissionCacheOptimizer.cachePermissionsFor(rootObject.getAuthentication(), Arrays.asList(array));
-			}
-
-			for (Object o : array) {
-				rootObject.setFilterObject(o);
-
-				if (ExpressionUtils.evaluateAsBoolean(filterExpression, ctx)) {
-					retainList.add(o);
-				}
-			}
-
-			if (debug) {
-				this.logger.debug("Retaining elements: " + retainList);
-			}
-
-			Object[] filtered = (Object[]) Array.newInstance(filterTarget.getClass().getComponentType(),
-					retainList.size());
-			for (int i = 0; i < retainList.size(); i++) {
-				filtered[i] = retainList.get(i);
-			}
-
-			return filtered;
+			return filterArray((Object[]) filterTarget, filterExpression, ctx, rootObject);
 		}
-
 		if (filterTarget instanceof Map) {
-			final Map<?, ?> map = (Map<?, ?>) filterTarget;
-			final Map retainMap = new LinkedHashMap(map.size());
-
-			if (debug) {
-				this.logger.debug("Filtering map with " + map.size() + " elements");
-			}
-
-			for (Map.Entry<?, ?> filterObject : map.entrySet()) {
-				rootObject.setFilterObject(filterObject);
-
-				if (ExpressionUtils.evaluateAsBoolean(filterExpression, ctx)) {
-					retainMap.put(filterObject.getKey(), filterObject.getValue());
-				}
-			}
-
-			if (debug) {
-				this.logger.debug("Retaining elements: " + retainMap);
-			}
-
-			map.clear();
-			map.putAll(retainMap);
-
-			return filterTarget;
+			return filterMap((Map<?, ?>) filterTarget, filterExpression, ctx, rootObject);
 		}
-
 		if (filterTarget instanceof Stream) {
-			final Stream<?> original = (Stream<?>) filterTarget;
-
-			return original.filter((filterObject) -> {
-				rootObject.setFilterObject(filterObject);
-				return ExpressionUtils.evaluateAsBoolean(filterExpression, ctx);
-			}).onClose(original::close);
+			return filterStream((Stream<?>) filterTarget, filterExpression, ctx, rootObject);
 		}
-
 		throw new IllegalArgumentException(
 				"Filter target must be a collection, array, map or stream type, but was " + filterTarget);
 	}
 
+	private <T> Object filterCollection(Collection<T> filterTarget, Expression filterExpression, EvaluationContext ctx,
+			MethodSecurityExpressionOperations rootObject) {
+		this.logger.debug(LogMessage.format("Filtering collection with %s elements", filterTarget.size()));
+		List<T> retain = new ArrayList<>(filterTarget.size());
+		if (this.permissionCacheOptimizer != null) {
+			this.permissionCacheOptimizer.cachePermissionsFor(rootObject.getAuthentication(), filterTarget);
+		}
+		for (T filterObject : filterTarget) {
+			rootObject.setFilterObject(filterObject);
+			if (ExpressionUtils.evaluateAsBoolean(filterExpression, ctx)) {
+				retain.add(filterObject);
+			}
+		}
+		this.logger.debug(LogMessage.format("Retaining elements: %s", retain));
+		filterTarget.clear();
+		filterTarget.addAll(retain);
+		return filterTarget;
+	}
+
+	private Object filterArray(Object[] filterTarget, Expression filterExpression, EvaluationContext ctx,
+			MethodSecurityExpressionOperations rootObject) {
+		List<Object> retain = new ArrayList<>(filterTarget.length);
+		this.logger.debug(LogMessage.format("Filtering array with %s elements", filterTarget.length));
+		if (this.permissionCacheOptimizer != null) {
+			this.permissionCacheOptimizer.cachePermissionsFor(rootObject.getAuthentication(),
+					Arrays.asList(filterTarget));
+		}
+		for (Object filterObject : filterTarget) {
+			rootObject.setFilterObject(filterObject);
+			if (ExpressionUtils.evaluateAsBoolean(filterExpression, ctx)) {
+				retain.add(filterObject);
+			}
+		}
+		this.logger.debug(LogMessage.format("Retaining elements: %s", retain));
+		Object[] filtered = (Object[]) Array.newInstance(filterTarget.getClass().getComponentType(), retain.size());
+		for (int i = 0; i < retain.size(); i++) {
+			filtered[i] = retain.get(i);
+		}
+		return filtered;
+	}
+
+	private <K, V> Object filterMap(final Map<K, V> filterTarget, Expression filterExpression, EvaluationContext ctx,
+			MethodSecurityExpressionOperations rootObject) {
+		Map<K, V> retain = new LinkedHashMap<>(filterTarget.size());
+		this.logger.debug(LogMessage.format("Filtering map with %s elements", filterTarget.size()));
+		for (Map.Entry<K, V> filterObject : filterTarget.entrySet()) {
+			rootObject.setFilterObject(filterObject);
+			if (ExpressionUtils.evaluateAsBoolean(filterExpression, ctx)) {
+				retain.put(filterObject.getKey(), filterObject.getValue());
+			}
+		}
+		this.logger.debug(LogMessage.format("Retaining elements: %s", retain));
+		filterTarget.clear();
+		filterTarget.putAll(retain);
+		return filterTarget;
+	}
+
+	private Object filterStream(final Stream<?> filterTarget, Expression filterExpression, EvaluationContext ctx,
+			MethodSecurityExpressionOperations rootObject) {
+		return filterTarget.filter((filterObject) -> {
+			rootObject.setFilterObject(filterObject);
+			return ExpressionUtils.evaluateAsBoolean(filterExpression, ctx);
+		}).onClose(filterTarget::close);
+	}
+
 	/**
 	 * Sets the {@link AuthenticationTrustResolver} to be used. The default is
 	 * {@link AuthenticationTrustResolverImpl}.
diff --git a/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPostInvocationAdvice.java b/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPostInvocationAdvice.java
index 100172d57e..664f97102e 100644
--- a/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPostInvocationAdvice.java
+++ b/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPostInvocationAdvice.java
@@ -20,6 +20,7 @@ import org.aopalliance.intercept.MethodInvocation;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
+import org.springframework.core.log.LogMessage;
 import org.springframework.expression.EvaluationContext;
 import org.springframework.expression.Expression;
 import org.springframework.security.access.AccessDeniedException;
@@ -49,31 +50,20 @@ public class ExpressionBasedPostInvocationAdvice implements PostInvocationAuthor
 		EvaluationContext ctx = this.expressionHandler.createEvaluationContext(authentication, mi);
 		Expression postFilter = pia.getFilterExpression();
 		Expression postAuthorize = pia.getAuthorizeExpression();
-
 		if (postFilter != null) {
-			if (this.logger.isDebugEnabled()) {
-				this.logger.debug("Applying PostFilter expression " + postFilter);
-			}
-
+			this.logger.debug(LogMessage.format("Applying PostFilter expression %s", postFilter));
 			if (returnedObject != null) {
 				returnedObject = this.expressionHandler.filter(returnedObject, postFilter, ctx);
 			}
 			else {
-				if (this.logger.isDebugEnabled()) {
-					this.logger.debug("Return object is null, filtering will be skipped");
-				}
+				this.logger.debug("Return object is null, filtering will be skipped");
 			}
 		}
-
 		this.expressionHandler.setReturnObject(returnedObject, ctx);
-
 		if (postAuthorize != null && !ExpressionUtils.evaluateAsBoolean(postAuthorize, ctx)) {
-			if (this.logger.isDebugEnabled()) {
-				this.logger.debug("PostAuthorize expression rejected access");
-			}
+			this.logger.debug("PostAuthorize expression rejected access");
 			throw new AccessDeniedException("Access is denied");
 		}
-
 		return returnedObject;
 	}
 
diff --git a/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPreInvocationAdvice.java b/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPreInvocationAdvice.java
index da6cfdacba..19c7659407 100644
--- a/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPreInvocationAdvice.java
+++ b/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPreInvocationAdvice.java
@@ -26,6 +26,7 @@ import org.springframework.security.access.expression.ExpressionUtils;
 import org.springframework.security.access.prepost.PreInvocationAttribute;
 import org.springframework.security.access.prepost.PreInvocationAuthorizationAdvice;
 import org.springframework.security.core.Authentication;
+import org.springframework.util.Assert;
 
 /**
  * Method pre-invocation handling based on expressions.
@@ -43,50 +44,34 @@ public class ExpressionBasedPreInvocationAdvice implements PreInvocationAuthoriz
 		EvaluationContext ctx = this.expressionHandler.createEvaluationContext(authentication, mi);
 		Expression preFilter = preAttr.getFilterExpression();
 		Expression preAuthorize = preAttr.getAuthorizeExpression();
-
 		if (preFilter != null) {
 			Object filterTarget = findFilterTarget(preAttr.getFilterTarget(), ctx, mi);
-
 			this.expressionHandler.filter(filterTarget, preFilter, ctx);
 		}
-
-		if (preAuthorize == null) {
-			return true;
-		}
-
-		return ExpressionUtils.evaluateAsBoolean(preAuthorize, ctx);
+		return (preAuthorize != null) ? ExpressionUtils.evaluateAsBoolean(preAuthorize, ctx) : true;
 	}
 
-	private Object findFilterTarget(String filterTargetName, EvaluationContext ctx, MethodInvocation mi) {
+	private Object findFilterTarget(String filterTargetName, EvaluationContext ctx, MethodInvocation invocation) {
 		Object filterTarget = null;
-
 		if (filterTargetName.length() > 0) {
 			filterTarget = ctx.lookupVariable(filterTargetName);
-			if (filterTarget == null) {
-				throw new IllegalArgumentException(
-						"Filter target was null, or no argument with name " + filterTargetName + " found in method");
-			}
+			Assert.notNull(filterTarget,
+					() -> "Filter target was null, or no argument with name " + filterTargetName + " found in method");
 		}
-		else if (mi.getArguments().length == 1) {
-			Object arg = mi.getArguments()[0];
+		else if (invocation.getArguments().length == 1) {
+			Object arg = invocation.getArguments()[0];
 			if (arg.getClass().isArray() || arg instanceof Collection<?>) {
 				filterTarget = arg;
 			}
-			if (filterTarget == null) {
-				throw new IllegalArgumentException("A PreFilter expression was set but the method argument type"
-						+ arg.getClass() + " is not filterable");
-			}
+			Assert.notNull(filterTarget, () -> "A PreFilter expression was set but the method argument type"
+					+ arg.getClass() + " is not filterable");
 		}
-		else if (mi.getArguments().length > 1) {
+		else if (invocation.getArguments().length > 1) {
 			throw new IllegalArgumentException(
 					"Unable to determine the method argument for filtering. Specify the filter target.");
 		}
-
-		if (filterTarget.getClass().isArray()) {
-			throw new IllegalArgumentException(
-					"Pre-filtering on array types is not supported. " + "Using a Collection will solve this problem");
-		}
-
+		Assert.isTrue(!filterTarget.getClass().isArray(),
+				"Pre-filtering on array types is not supported. Using a Collection will solve this problem");
 		return filterTarget;
 	}
 
diff --git a/core/src/main/java/org/springframework/security/access/expression/method/MethodSecurityEvaluationContext.java b/core/src/main/java/org/springframework/security/access/expression/method/MethodSecurityEvaluationContext.java
index 1d19fa908a..5ba0a376b6 100644
--- a/core/src/main/java/org/springframework/security/access/expression/method/MethodSecurityEvaluationContext.java
+++ b/core/src/main/java/org/springframework/security/access/expression/method/MethodSecurityEvaluationContext.java
@@ -19,8 +19,6 @@ package org.springframework.security.access.expression.method;
 import java.lang.reflect.Method;
 
 import org.aopalliance.intercept.MethodInvocation;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
 
 import org.springframework.aop.framework.AopProxyUtils;
 import org.springframework.aop.support.AopUtils;
@@ -40,8 +38,6 @@ import org.springframework.security.core.parameters.DefaultSecurityParameterName
  */
 class MethodSecurityEvaluationContext extends MethodBasedEvaluationContext {
 
-	private static final Log logger = LogFactory.getLog(MethodSecurityEvaluationContext.class);
-
 	/**
 	 * Intended for testing. Don't use in practice as it creates a new parameter resolver
 	 * for each instance. Use the constructor which takes the resolver, as an argument
diff --git a/core/src/main/java/org/springframework/security/access/expression/method/PreInvocationExpressionAttribute.java b/core/src/main/java/org/springframework/security/access/expression/method/PreInvocationExpressionAttribute.java
index 5f5ffc56cd..f8c3bae329 100644
--- a/core/src/main/java/org/springframework/security/access/expression/method/PreInvocationExpressionAttribute.java
+++ b/core/src/main/java/org/springframework/security/access/expression/method/PreInvocationExpressionAttribute.java
@@ -32,14 +32,12 @@ class PreInvocationExpressionAttribute extends AbstractExpressionBasedMethodConf
 	PreInvocationExpressionAttribute(String filterExpression, String filterTarget, String authorizeExpression)
 			throws ParseException {
 		super(filterExpression, authorizeExpression);
-
 		this.filterTarget = filterTarget;
 	}
 
 	PreInvocationExpressionAttribute(Expression filterExpression, String filterTarget, Expression authorizeExpression)
 			throws ParseException {
 		super(filterExpression, authorizeExpression);
-
 		this.filterTarget = filterTarget;
 	}
 
diff --git a/core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyImpl.java b/core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyImpl.java
index 054472191b..e0988445fe 100755
--- a/core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyImpl.java
+++ b/core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyImpl.java
@@ -20,13 +20,13 @@ import java.util.ArrayList;
 import java.util.Collection;
 import java.util.HashMap;
 import java.util.HashSet;
-import java.util.List;
 import java.util.Map;
 import java.util.Set;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
+import org.springframework.core.log.LogMessage;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
@@ -109,11 +109,8 @@ public class RoleHierarchyImpl implements RoleHierarchy {
 	 */
 	public void setHierarchy(String roleHierarchyStringRepresentation) {
 		this.roleHierarchyStringRepresentation = roleHierarchyStringRepresentation;
-
-		if (logger.isDebugEnabled()) {
-			logger.debug("setHierarchy() - The following role hierarchy was set: " + roleHierarchyStringRepresentation);
-		}
-
+		logger.debug(LogMessage.format("setHierarchy() - The following role hierarchy was set: %s",
+				roleHierarchyStringRepresentation));
 		buildRolesReachableInOneStepMap();
 		buildRolesReachableInOneOrMoreStepsMap();
 	}
@@ -124,10 +121,8 @@ public class RoleHierarchyImpl implements RoleHierarchy {
 		if (authorities == null || authorities.isEmpty()) {
 			return AuthorityUtils.NO_AUTHORITIES;
 		}
-
 		Set<GrantedAuthority> reachableRoles = new HashSet<>();
 		Set<String> processedNames = new HashSet<>();
-
 		for (GrantedAuthority authority : authorities) {
 			// Do not process authorities without string representation
 			if (authority.getAuthority() == null) {
@@ -151,16 +146,10 @@ public class RoleHierarchyImpl implements RoleHierarchy {
 				}
 			}
 		}
-
-		if (logger.isDebugEnabled()) {
-			logger.debug("getReachableGrantedAuthorities() - From the roles " + authorities + " one can reach "
-					+ reachableRoles + " in zero or more steps.");
-		}
-
-		List<GrantedAuthority> reachableRoleList = new ArrayList<>(reachableRoles.size());
-		reachableRoleList.addAll(reachableRoles);
-
-		return reachableRoleList;
+		logger.debug(LogMessage.format(
+				"getReachableGrantedAuthorities() - From the roles %s one can reach %s in zero or more steps.",
+				authorities, reachableRoles));
+		return new ArrayList<>(reachableRoles);
 	}
 
 	/**
@@ -172,11 +161,9 @@ public class RoleHierarchyImpl implements RoleHierarchy {
 		for (String line : this.roleHierarchyStringRepresentation.split("\n")) {
 			// Split on > and trim excessive whitespace
 			String[] roles = line.trim().split("\\s+>\\s+");
-
 			for (int i = 1; i < roles.length; i++) {
 				String higherRole = roles[i - 1];
 				GrantedAuthority lowerRole = new SimpleGrantedAuthority(roles[i]);
-
 				Set<GrantedAuthority> rolesReachableInOneStepSet;
 				if (!this.rolesReachableInOneStepMap.containsKey(higherRole)) {
 					rolesReachableInOneStepSet = new HashSet<>();
@@ -186,11 +173,9 @@ public class RoleHierarchyImpl implements RoleHierarchy {
 					rolesReachableInOneStepSet = this.rolesReachableInOneStepMap.get(higherRole);
 				}
 				rolesReachableInOneStepSet.add(lowerRole);
-
-				if (logger.isDebugEnabled()) {
-					logger.debug("buildRolesReachableInOneStepMap() - From role " + higherRole + " one can reach role "
-							+ lowerRole + " in one step.");
-				}
+				logger.debug(LogMessage.format(
+						"buildRolesReachableInOneStepMap() - From role %s one can reach role %s in one step.",
+						higherRole, lowerRole));
 			}
 		}
 	}
@@ -207,7 +192,6 @@ public class RoleHierarchyImpl implements RoleHierarchy {
 		for (String roleName : this.rolesReachableInOneStepMap.keySet()) {
 			Set<GrantedAuthority> rolesToVisitSet = new HashSet<>(this.rolesReachableInOneStepMap.get(roleName));
 			Set<GrantedAuthority> visitedRolesSet = new HashSet<>();
-
 			while (!rolesToVisitSet.isEmpty()) {
 				// take a role from the rolesToVisit set
 				GrantedAuthority lowerRole = rolesToVisitSet.iterator().next();
@@ -222,9 +206,9 @@ public class RoleHierarchyImpl implements RoleHierarchy {
 				rolesToVisitSet.addAll(this.rolesReachableInOneStepMap.get(lowerRole.getAuthority()));
 			}
 			this.rolesReachableInOneOrMoreStepsMap.put(roleName, visitedRolesSet);
-
-			logger.debug("buildRolesReachableInOneOrMoreStepsMap() - From role " + roleName + " one can reach "
-					+ visitedRolesSet + " in one or more steps.");
+			logger.debug(LogMessage.format(
+					"buildRolesReachableInOneOrMoreStepsMap() - From role %s one can reach %s in one or more steps.",
+					roleName, visitedRolesSet));
 		}
 
 	}
diff --git a/core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyUtils.java b/core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyUtils.java
index fb4a5562f5..2143632d14 100644
--- a/core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyUtils.java
+++ b/core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyUtils.java
@@ -43,28 +43,19 @@ public final class RoleHierarchyUtils {
 	 * @return a string representation of a role hierarchy
 	 * @throws IllegalArgumentException if roleHierarchyMap is null or empty or if a role
 	 * name is null or empty or if an implied role name(s) is null or empty
-	 *
 	 */
 	public static String roleHierarchyFromMap(Map<String, List<String>> roleHierarchyMap) {
 		Assert.notEmpty(roleHierarchyMap, "roleHierarchyMap cannot be empty");
-
-		StringWriter roleHierarchyBuffer = new StringWriter();
-		PrintWriter roleHierarchyWriter = new PrintWriter(roleHierarchyBuffer);
-
-		for (Map.Entry<String, List<String>> roleHierarchyEntry : roleHierarchyMap.entrySet()) {
-			String role = roleHierarchyEntry.getKey();
-			List<String> impliedRoles = roleHierarchyEntry.getValue();
-
+		StringWriter result = new StringWriter();
+		PrintWriter writer = new PrintWriter(result);
+		roleHierarchyMap.forEach((role, impliedRoles) -> {
 			Assert.hasLength(role, "role name must be supplied");
 			Assert.notEmpty(impliedRoles, "implied role name(s) cannot be empty");
-
 			for (String impliedRole : impliedRoles) {
-				String roleMapping = role + " > " + impliedRole;
-				roleHierarchyWriter.println(roleMapping);
+				writer.println(role + " > " + impliedRole);
 			}
-		}
-
-		return roleHierarchyBuffer.toString();
+		});
+		return result.toString();
 	}
 
 }
diff --git a/core/src/main/java/org/springframework/security/access/intercept/AbstractSecurityInterceptor.java b/core/src/main/java/org/springframework/security/access/intercept/AbstractSecurityInterceptor.java
index 9dc828e31c..d92a5ed500 100644
--- a/core/src/main/java/org/springframework/security/access/intercept/AbstractSecurityInterceptor.java
+++ b/core/src/main/java/org/springframework/security/access/intercept/AbstractSecurityInterceptor.java
@@ -30,6 +30,7 @@ import org.springframework.context.ApplicationEventPublisherAware;
 import org.springframework.context.MessageSource;
 import org.springframework.context.MessageSourceAware;
 import org.springframework.context.support.MessageSourceAccessor;
+import org.springframework.core.log.LogMessage;
 import org.springframework.security.access.AccessDecisionManager;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.access.ConfigAttribute;
@@ -47,6 +48,7 @@ import org.springframework.security.core.SpringSecurityMessageSource;
 import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.util.Assert;
+import org.springframework.util.CollectionUtils;
 
 /**
  * Abstract class that implements security interception for secure objects.
@@ -141,120 +143,91 @@ public abstract class AbstractSecurityInterceptor
 				() -> "RunAsManager does not support secure object class: " + getSecureObjectClass());
 		Assert.isTrue(this.accessDecisionManager.supports(getSecureObjectClass()),
 				() -> "AccessDecisionManager does not support secure object class: " + getSecureObjectClass());
-
 		if (this.afterInvocationManager != null) {
 			Assert.isTrue(this.afterInvocationManager.supports(getSecureObjectClass()),
 					() -> "AfterInvocationManager does not support secure object class: " + getSecureObjectClass());
 		}
-
 		if (this.validateConfigAttributes) {
 			Collection<ConfigAttribute> attributeDefs = this.obtainSecurityMetadataSource().getAllConfigAttributes();
-
 			if (attributeDefs == null) {
-				this.logger.warn(
-						"Could not validate configuration attributes as the SecurityMetadataSource did not return "
-								+ "any attributes from getAllConfigAttributes()");
+				this.logger.warn("Could not validate configuration attributes as the "
+						+ "SecurityMetadataSource did not return any attributes from getAllConfigAttributes()");
 				return;
 			}
-
-			Set<ConfigAttribute> unsupportedAttrs = new HashSet<>();
-
-			for (ConfigAttribute attr : attributeDefs) {
-				if (!this.runAsManager.supports(attr) && !this.accessDecisionManager.supports(attr)
-						&& ((this.afterInvocationManager == null) || !this.afterInvocationManager.supports(attr))) {
-					unsupportedAttrs.add(attr);
-				}
-			}
-
-			if (unsupportedAttrs.size() != 0) {
-				throw new IllegalArgumentException("Unsupported configuration attributes: " + unsupportedAttrs);
-			}
-
-			this.logger.debug("Validated configuration attributes");
+			validateAttributeDefs(attributeDefs);
 		}
 	}
 
+	private void validateAttributeDefs(Collection<ConfigAttribute> attributeDefs) {
+		Set<ConfigAttribute> unsupportedAttrs = new HashSet<>();
+		for (ConfigAttribute attr : attributeDefs) {
+			if (!this.runAsManager.supports(attr) && !this.accessDecisionManager.supports(attr)
+					&& ((this.afterInvocationManager == null) || !this.afterInvocationManager.supports(attr))) {
+				unsupportedAttrs.add(attr);
+			}
+		}
+		if (unsupportedAttrs.size() != 0) {
+			throw new IllegalArgumentException("Unsupported configuration attributes: " + unsupportedAttrs);
+		}
+		this.logger.debug("Validated configuration attributes");
+	}
+
 	protected InterceptorStatusToken beforeInvocation(Object object) {
 		Assert.notNull(object, "Object was null");
-		final boolean debug = this.logger.isDebugEnabled();
-
 		if (!getSecureObjectClass().isAssignableFrom(object.getClass())) {
 			throw new IllegalArgumentException("Security invocation attempted for object " + object.getClass().getName()
 					+ " but AbstractSecurityInterceptor only configured to support secure objects of type: "
 					+ getSecureObjectClass());
 		}
-
 		Collection<ConfigAttribute> attributes = this.obtainSecurityMetadataSource().getAttributes(object);
-
-		if (attributes == null || attributes.isEmpty()) {
-			if (this.rejectPublicInvocations) {
-				throw new IllegalArgumentException("Secure object invocation " + object
-						+ " was denied as public invocations are not allowed via this interceptor. "
-						+ "This indicates a configuration error because the "
-						+ "rejectPublicInvocations property is set to 'true'");
-			}
-
-			if (debug) {
-				this.logger.debug("Public object - authentication not attempted");
-			}
-
+		if (CollectionUtils.isEmpty(attributes)) {
+			Assert.isTrue(!this.rejectPublicInvocations,
+					() -> "Secure object invocation " + object
+							+ " was denied as public invocations are not allowed via this interceptor. "
+							+ "This indicates a configuration error because the "
+							+ "rejectPublicInvocations property is set to 'true'");
+			this.logger.debug("Public object - authentication not attempted");
 			publishEvent(new PublicInvocationEvent(object));
-
 			return null; // no further work post-invocation
 		}
-
-		if (debug) {
-			this.logger.debug("Secure object: " + object + "; Attributes: " + attributes);
-		}
-
+		this.logger.debug(LogMessage.format("Secure object: %s; Attributes: %s", object, attributes));
 		if (SecurityContextHolder.getContext().getAuthentication() == null) {
 			credentialsNotFound(this.messages.getMessage("AbstractSecurityInterceptor.authenticationNotFound",
 					"An Authentication object was not found in the SecurityContext"), object, attributes);
 		}
-
 		Authentication authenticated = authenticateIfRequired();
-
 		// Attempt authorization
-		try {
-			this.accessDecisionManager.decide(authenticated, object, attributes);
-		}
-		catch (AccessDeniedException accessDeniedException) {
-			publishEvent(new AuthorizationFailureEvent(object, attributes, authenticated, accessDeniedException));
-
-			throw accessDeniedException;
-		}
-
-		if (debug) {
-			this.logger.debug("Authorization successful");
-		}
-
+		attemptAuthorization(object, attributes, authenticated);
+		this.logger.debug("Authorization successful");
 		if (this.publishAuthorizationSuccess) {
 			publishEvent(new AuthorizedEvent(object, attributes, authenticated));
 		}
 
 		// Attempt to run as a different user
 		Authentication runAs = this.runAsManager.buildRunAs(authenticated, object, attributes);
-
-		if (runAs == null) {
-			if (debug) {
-				this.logger.debug("RunAsManager did not change Authentication object");
-			}
-
-			// no further work post-invocation
-			return new InterceptorStatusToken(SecurityContextHolder.getContext(), false, attributes, object);
-		}
-		else {
-			if (debug) {
-				this.logger.debug("Switching to RunAs Authentication: " + runAs);
-			}
-
+		if (runAs != null) {
+			this.logger.debug(LogMessage.format("Switching to RunAs Authentication: %s", runAs));
 			SecurityContext origCtx = SecurityContextHolder.getContext();
 			SecurityContextHolder.setContext(SecurityContextHolder.createEmptyContext());
 			SecurityContextHolder.getContext().setAuthentication(runAs);
-
 			// need to revert to token.Authenticated post-invocation
 			return new InterceptorStatusToken(origCtx, true, attributes, object);
 		}
+		this.logger.debug("RunAsManager did not change Authentication object");
+		// no further work post-invocation
+		return new InterceptorStatusToken(SecurityContextHolder.getContext(), false, attributes, object);
+
+	}
+
+	private void attemptAuthorization(Object object, Collection<ConfigAttribute> attributes,
+			Authentication authenticated) {
+		try {
+			this.accessDecisionManager.decide(authenticated, object, attributes);
+		}
+		catch (AccessDeniedException ex) {
+			publishEvent(new AuthorizationFailureEvent(object, attributes, authenticated, ex));
+			throw ex;
+		}
 	}
 
 	/**
@@ -266,11 +239,8 @@ public abstract class AbstractSecurityInterceptor
 	 */
 	protected void finallyInvocation(InterceptorStatusToken token) {
 		if (token != null && token.isContextHolderRefreshRequired()) {
-			if (this.logger.isDebugEnabled()) {
-				this.logger.debug(
-						"Reverting to original Authentication: " + token.getSecurityContext().getAuthentication());
-			}
-
+			this.logger.debug(LogMessage.of(
+					() -> "Reverting to original Authentication: " + token.getSecurityContext().getAuthentication()));
 			SecurityContextHolder.setContext(token.getSecurityContext());
 		}
 	}
@@ -289,24 +259,19 @@ public abstract class AbstractSecurityInterceptor
 			// public object
 			return returnedObject;
 		}
-
 		finallyInvocation(token); // continue to clean in this method for passivity
-
 		if (this.afterInvocationManager != null) {
 			// Attempt after invocation handling
 			try {
 				returnedObject = this.afterInvocationManager.decide(token.getSecurityContext().getAuthentication(),
 						token.getSecureObject(), token.getAttributes(), returnedObject);
 			}
-			catch (AccessDeniedException accessDeniedException) {
-				AuthorizationFailureEvent event = new AuthorizationFailureEvent(token.getSecureObject(),
-						token.getAttributes(), token.getSecurityContext().getAuthentication(), accessDeniedException);
-				publishEvent(event);
-
-				throw accessDeniedException;
+			catch (AccessDeniedException ex) {
+				publishEvent(new AuthorizationFailureEvent(token.getSecureObject(), token.getAttributes(),
+						token.getSecurityContext().getAuthentication(), ex));
+				throw ex;
 			}
 		}
-
 		return returnedObject;
 	}
 
@@ -318,25 +283,14 @@ public abstract class AbstractSecurityInterceptor
 	 */
 	private Authentication authenticateIfRequired() {
 		Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
-
 		if (authentication.isAuthenticated() && !this.alwaysReauthenticate) {
-			if (this.logger.isDebugEnabled()) {
-				this.logger.debug("Previously Authenticated: " + authentication);
-			}
-
+			this.logger.debug(LogMessage.format("Previously Authenticated: %s", authentication));
 			return authentication;
 		}
-
 		authentication = this.authenticationManager.authenticate(authentication);
-
-		// We don't authenticated.setAuthentication(true), because each provider should do
-		// that
-		if (this.logger.isDebugEnabled()) {
-			this.logger.debug("Successfully Authenticated: " + authentication);
-		}
-
+		// Don't authenticated.setAuthentication(true) because each provider does that
+		this.logger.debug(LogMessage.format("Successfully Authenticated: %s", authentication));
 		SecurityContextHolder.getContext().setAuthentication(authentication);
-
 		return authentication;
 	}
 
@@ -351,11 +305,9 @@ public abstract class AbstractSecurityInterceptor
 	 */
 	private void credentialsNotFound(String reason, Object secureObject, Collection<ConfigAttribute> configAttribs) {
 		AuthenticationCredentialsNotFoundException exception = new AuthenticationCredentialsNotFoundException(reason);
-
 		AuthenticationCredentialsNotFoundEvent event = new AuthenticationCredentialsNotFoundEvent(secureObject,
 				configAttribs, exception);
 		publishEvent(event);
-
 		throw exception;
 	}
 
diff --git a/core/src/main/java/org/springframework/security/access/intercept/AfterInvocationProviderManager.java b/core/src/main/java/org/springframework/security/access/intercept/AfterInvocationProviderManager.java
index 26626f006b..44d42d850a 100644
--- a/core/src/main/java/org/springframework/security/access/intercept/AfterInvocationProviderManager.java
+++ b/core/src/main/java/org/springframework/security/access/intercept/AfterInvocationProviderManager.java
@@ -24,11 +24,13 @@ import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
 import org.springframework.beans.factory.InitializingBean;
+import org.springframework.core.log.LogMessage;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.access.AfterInvocationProvider;
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.core.Authentication;
 import org.springframework.util.Assert;
+import org.springframework.util.CollectionUtils;
 
 /**
  * Provider-based implementation of {@link AfterInvocationManager}.
@@ -57,22 +59,13 @@ public class AfterInvocationProviderManager implements AfterInvocationManager, I
 		checkIfValidList(this.providers);
 	}
 
-	private void checkIfValidList(List<?> listToCheck) {
-		if ((listToCheck == null) || (listToCheck.size() == 0)) {
-			throw new IllegalArgumentException("A list of AfterInvocationProviders is required");
-		}
-	}
-
 	@Override
 	public Object decide(Authentication authentication, Object object, Collection<ConfigAttribute> config,
 			Object returnedObject) throws AccessDeniedException {
-
 		Object result = returnedObject;
-
 		for (AfterInvocationProvider provider : this.providers) {
 			result = provider.decide(authentication, object, config, result);
 		}
-
 		return result;
 	}
 
@@ -83,7 +76,6 @@ public class AfterInvocationProviderManager implements AfterInvocationManager, I
 	public void setProviders(List<?> newList) {
 		checkIfValidList(newList);
 		this.providers = new ArrayList<>(newList.size());
-
 		for (Object currentObject : newList) {
 			Assert.isInstanceOf(AfterInvocationProvider.class, currentObject, () -> "AfterInvocationProvider "
 					+ currentObject.getClass().getName() + " must implement AfterInvocationProvider");
@@ -91,18 +83,18 @@ public class AfterInvocationProviderManager implements AfterInvocationManager, I
 		}
 	}
 
+	private void checkIfValidList(List<?> listToCheck) {
+		Assert.isTrue(!CollectionUtils.isEmpty(listToCheck), "A list of AfterInvocationProviders is required");
+	}
+
 	@Override
 	public boolean supports(ConfigAttribute attribute) {
 		for (AfterInvocationProvider provider : this.providers) {
-			if (logger.isDebugEnabled()) {
-				logger.debug("Evaluating " + attribute + " against " + provider);
-			}
-
+			logger.debug(LogMessage.format("Evaluating %s against %s", attribute, provider));
 			if (provider.supports(attribute)) {
 				return true;
 			}
 		}
-
 		return false;
 	}
 
@@ -124,7 +116,6 @@ public class AfterInvocationProviderManager implements AfterInvocationManager, I
 				return false;
 			}
 		}
-
 		return true;
 	}
 
diff --git a/core/src/main/java/org/springframework/security/access/intercept/MethodInvocationPrivilegeEvaluator.java b/core/src/main/java/org/springframework/security/access/intercept/MethodInvocationPrivilegeEvaluator.java
index 131149429d..95b98e2622 100644
--- a/core/src/main/java/org/springframework/security/access/intercept/MethodInvocationPrivilegeEvaluator.java
+++ b/core/src/main/java/org/springframework/security/access/intercept/MethodInvocationPrivilegeEvaluator.java
@@ -23,6 +23,7 @@ import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
 import org.springframework.beans.factory.InitializingBean;
+import org.springframework.core.log.LogMessage;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.core.Authentication;
@@ -54,36 +55,25 @@ public class MethodInvocationPrivilegeEvaluator implements InitializingBean {
 		Assert.notNull(this.securityInterceptor, "SecurityInterceptor required");
 	}
 
-	public boolean isAllowed(MethodInvocation mi, Authentication authentication) {
-		Assert.notNull(mi, "MethodInvocation required");
-		Assert.notNull(mi.getMethod(), "MethodInvocation must provide a non-null getMethod()");
-
-		Collection<ConfigAttribute> attrs = this.securityInterceptor.obtainSecurityMetadataSource().getAttributes(mi);
-
+	public boolean isAllowed(MethodInvocation invocation, Authentication authentication) {
+		Assert.notNull(invocation, "MethodInvocation required");
+		Assert.notNull(invocation.getMethod(), "MethodInvocation must provide a non-null getMethod()");
+		Collection<ConfigAttribute> attrs = this.securityInterceptor.obtainSecurityMetadataSource()
+				.getAttributes(invocation);
 		if (attrs == null) {
-			if (this.securityInterceptor.isRejectPublicInvocations()) {
-				return false;
-			}
-
-			return true;
+			return !this.securityInterceptor.isRejectPublicInvocations();
 		}
-
 		if (authentication == null || authentication.getAuthorities().isEmpty()) {
 			return false;
 		}
-
 		try {
-			this.securityInterceptor.getAccessDecisionManager().decide(authentication, mi, attrs);
+			this.securityInterceptor.getAccessDecisionManager().decide(authentication, invocation, attrs);
+			return true;
 		}
 		catch (AccessDeniedException unauthorized) {
-			if (logger.isDebugEnabled()) {
-				logger.debug(mi.toString() + " denied for " + authentication.toString(), unauthorized);
-			}
-
+			logger.debug(LogMessage.format("%s denied for %s", invocation, authentication), unauthorized);
 			return false;
 		}
-
-		return true;
 	}
 
 	public void setSecurityInterceptor(AbstractSecurityInterceptor securityInterceptor) {
diff --git a/core/src/main/java/org/springframework/security/access/intercept/RunAsImplAuthenticationProvider.java b/core/src/main/java/org/springframework/security/access/intercept/RunAsImplAuthenticationProvider.java
index 274d20b2c3..eb0fa743aa 100644
--- a/core/src/main/java/org/springframework/security/access/intercept/RunAsImplAuthenticationProvider.java
+++ b/core/src/main/java/org/springframework/security/access/intercept/RunAsImplAuthenticationProvider.java
@@ -54,14 +54,11 @@ public class RunAsImplAuthenticationProvider implements InitializingBean, Authen
 	@Override
 	public Authentication authenticate(Authentication authentication) throws AuthenticationException {
 		RunAsUserToken token = (RunAsUserToken) authentication;
-
-		if (token.getKeyHash() == this.key.hashCode()) {
-			return authentication;
-		}
-		else {
+		if (token.getKeyHash() != this.key.hashCode()) {
 			throw new BadCredentialsException(this.messages.getMessage("RunAsImplAuthenticationProvider.incorrectKey",
 					"The presented RunAsUserToken does not contain the expected key"));
 		}
+		return authentication;
 	}
 
 	public String getKey() {
diff --git a/core/src/main/java/org/springframework/security/access/intercept/RunAsManagerImpl.java b/core/src/main/java/org/springframework/security/access/intercept/RunAsManagerImpl.java
index 144af06954..352ff66f9f 100644
--- a/core/src/main/java/org/springframework/security/access/intercept/RunAsManagerImpl.java
+++ b/core/src/main/java/org/springframework/security/access/intercept/RunAsManagerImpl.java
@@ -69,7 +69,6 @@ public class RunAsManagerImpl implements RunAsManager, InitializingBean {
 	public Authentication buildRunAs(Authentication authentication, Object object,
 			Collection<ConfigAttribute> attributes) {
 		List<GrantedAuthority> newAuthorities = new ArrayList<>();
-
 		for (ConfigAttribute attribute : attributes) {
 			if (this.supports(attribute)) {
 				GrantedAuthority extraAuthority = new SimpleGrantedAuthority(
@@ -77,14 +76,11 @@ public class RunAsManagerImpl implements RunAsManager, InitializingBean {
 				newAuthorities.add(extraAuthority);
 			}
 		}
-
 		if (newAuthorities.size() == 0) {
 			return null;
 		}
-
 		// Add existing authorities
 		newAuthorities.addAll(authentication.getAuthorities());
-
 		return new RunAsUserToken(this.key, authentication.getPrincipal(), authentication.getCredentials(),
 				newAuthorities, authentication.getClass());
 	}
diff --git a/core/src/main/java/org/springframework/security/access/intercept/RunAsUserToken.java b/core/src/main/java/org/springframework/security/access/intercept/RunAsUserToken.java
index 31b145f84c..1019947440 100644
--- a/core/src/main/java/org/springframework/security/access/intercept/RunAsUserToken.java
+++ b/core/src/main/java/org/springframework/security/access/intercept/RunAsUserToken.java
@@ -75,7 +75,6 @@ public class RunAsUserToken extends AbstractAuthenticationToken {
 		StringBuilder sb = new StringBuilder(super.toString());
 		String className = (this.originalAuthentication != null) ? this.originalAuthentication.getName() : null;
 		sb.append("; Original Class: ").append(className);
-
 		return sb.toString();
 	}
 
diff --git a/core/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptor.java b/core/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptor.java
index 42e1af08d1..fadf5baf42 100644
--- a/core/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptor.java
+++ b/core/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptor.java
@@ -56,7 +56,6 @@ public class MethodSecurityInterceptor extends AbstractSecurityInterceptor imple
 	@Override
 	public Object invoke(MethodInvocation mi) throws Throwable {
 		InterceptorStatusToken token = super.beforeInvocation(mi);
-
 		Object result;
 		try {
 			result = mi.proceed();
diff --git a/core/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisor.java b/core/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisor.java
index 89d04e208a..1d8902d82c 100644
--- a/core/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisor.java
+++ b/core/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisor.java
@@ -20,7 +20,6 @@ import java.io.IOException;
 import java.io.ObjectInputStream;
 import java.io.Serializable;
 import java.lang.reflect.Method;
-import java.util.Collection;
 
 import org.aopalliance.aop.Advice;
 import org.aopalliance.intercept.MethodInterceptor;
@@ -33,6 +32,7 @@ import org.springframework.beans.factory.BeanFactory;
 import org.springframework.beans.factory.BeanFactoryAware;
 import org.springframework.security.access.method.MethodSecurityMetadataSource;
 import org.springframework.util.Assert;
+import org.springframework.util.CollectionUtils;
 
 /**
  * Advisor driven by a {@link MethodSecurityMetadataSource}, used to exclude a
@@ -85,7 +85,6 @@ public class MethodSecurityMetadataSourceAdvisor extends AbstractPointcutAdvisor
 		Assert.notNull(adviceBeanName, "The adviceBeanName cannot be null");
 		Assert.notNull(attributeSource, "The attributeSource cannot be null");
 		Assert.notNull(attributeSourceBeanName, "The attributeSourceBeanName cannot be null");
-
 		this.adviceBeanName = adviceBeanName;
 		this.attributeSource = attributeSource;
 		this.metadataSourceBeanName = attributeSourceBeanName;
@@ -123,11 +122,9 @@ public class MethodSecurityMetadataSourceAdvisor extends AbstractPointcutAdvisor
 	class MethodSecurityMetadataSourcePointcut extends StaticMethodMatcherPointcut implements Serializable {
 
 		@Override
-		@SuppressWarnings("unchecked")
-		public boolean matches(Method m, Class targetClass) {
-			Collection attributes = MethodSecurityMetadataSourceAdvisor.this.attributeSource.getAttributes(m,
-					targetClass);
-			return attributes != null && !attributes.isEmpty();
+		public boolean matches(Method m, Class<?> targetClass) {
+			MethodSecurityMetadataSource source = MethodSecurityMetadataSourceAdvisor.this.attributeSource;
+			return !CollectionUtils.isEmpty(source.getAttributes(m, targetClass));
 		}
 
 	}
diff --git a/core/src/main/java/org/springframework/security/access/intercept/aspectj/AspectJMethodSecurityInterceptor.java b/core/src/main/java/org/springframework/security/access/intercept/aspectj/AspectJMethodSecurityInterceptor.java
index 99c63eb8f4..78e450c4d1 100644
--- a/core/src/main/java/org/springframework/security/access/intercept/aspectj/AspectJMethodSecurityInterceptor.java
+++ b/core/src/main/java/org/springframework/security/access/intercept/aspectj/AspectJMethodSecurityInterceptor.java
@@ -55,7 +55,6 @@ public final class AspectJMethodSecurityInterceptor extends MethodSecurityInterc
 	 */
 	public Object invoke(JoinPoint jp, AspectJCallback advisorProceed) {
 		InterceptorStatusToken token = super.beforeInvocation(new MethodInvocationAdapter(jp));
-
 		Object result;
 		try {
 			result = advisorProceed.proceedWithObject();
@@ -63,7 +62,6 @@ public final class AspectJMethodSecurityInterceptor extends MethodSecurityInterc
 		finally {
 			super.finallyInvocation(token);
 		}
-
 		return super.afterInvocation(token, result);
 	}
 
diff --git a/core/src/main/java/org/springframework/security/access/intercept/aspectj/MethodInvocationAdapter.java b/core/src/main/java/org/springframework/security/access/intercept/aspectj/MethodInvocationAdapter.java
index 041efdc311..7030f99ee4 100644
--- a/core/src/main/java/org/springframework/security/access/intercept/aspectj/MethodInvocationAdapter.java
+++ b/core/src/main/java/org/springframework/security/access/intercept/aspectj/MethodInvocationAdapter.java
@@ -24,6 +24,8 @@ import org.aspectj.lang.JoinPoint;
 import org.aspectj.lang.ProceedingJoinPoint;
 import org.aspectj.lang.reflect.CodeSignature;
 
+import org.springframework.util.Assert;
+
 /**
  * Decorates a JoinPoint to allow it to be used with method-security infrastructure
  * classes which support {@code MethodInvocation} instances.
@@ -51,23 +53,17 @@ public final class MethodInvocationAdapter implements MethodInvocation {
 		String targetMethodName = jp.getStaticPart().getSignature().getName();
 		Class<?>[] types = ((CodeSignature) jp.getStaticPart().getSignature()).getParameterTypes();
 		Class<?> declaringType = jp.getStaticPart().getSignature().getDeclaringType();
-
 		this.method = findMethod(targetMethodName, declaringType, types);
-
-		if (this.method == null) {
-			throw new IllegalArgumentException("Could not obtain target method from JoinPoint: '" + jp + "'");
-		}
+		Assert.notNull(this.method, () -> "Could not obtain target method from JoinPoint: '" + jp + "'");
 	}
 
 	private Method findMethod(String name, Class<?> declaringType, Class<?>[] params) {
 		Method method = null;
-
 		try {
 			method = declaringType.getMethod(name, params);
 		}
 		catch (NoSuchMethodException ignored) {
 		}
-
 		if (method == null) {
 			try {
 				method = declaringType.getDeclaredMethod(name, params);
@@ -75,7 +71,6 @@ public final class MethodInvocationAdapter implements MethodInvocation {
 			catch (NoSuchMethodException ignored) {
 			}
 		}
-
 		return method;
 	}
 
diff --git a/core/src/main/java/org/springframework/security/access/method/AbstractFallbackMethodSecurityMetadataSource.java b/core/src/main/java/org/springframework/security/access/method/AbstractFallbackMethodSecurityMetadataSource.java
index 2b5a9366c8..3b3be3effb 100644
--- a/core/src/main/java/org/springframework/security/access/method/AbstractFallbackMethodSecurityMetadataSource.java
+++ b/core/src/main/java/org/springframework/security/access/method/AbstractFallbackMethodSecurityMetadataSource.java
@@ -57,13 +57,11 @@ public abstract class AbstractFallbackMethodSecurityMetadataSource extends Abstr
 		if (attr != null) {
 			return attr;
 		}
-
 		// Second try is the config attribute on the target class.
 		attr = findAttributes(specificMethod.getDeclaringClass());
 		if (attr != null) {
 			return attr;
 		}
-
 		if (specificMethod != method || targetClass == null) {
 			// Fallback is to look at the original method.
 			attr = findAttributes(method, method.getDeclaringClass());
diff --git a/core/src/main/java/org/springframework/security/access/method/AbstractMethodSecurityMetadataSource.java b/core/src/main/java/org/springframework/security/access/method/AbstractMethodSecurityMetadataSource.java
index 9fc0775825..3ed17acc70 100644
--- a/core/src/main/java/org/springframework/security/access/method/AbstractMethodSecurityMetadataSource.java
+++ b/core/src/main/java/org/springframework/security/access/method/AbstractMethodSecurityMetadataSource.java
@@ -42,7 +42,6 @@ public abstract class AbstractMethodSecurityMetadataSource implements MethodSecu
 			MethodInvocation mi = (MethodInvocation) object;
 			Object target = mi.getThis();
 			Class<?> targetClass = null;
-
 			if (target != null) {
 				targetClass = (target instanceof Class<?>) ? (Class<?>) target
 						: AopProxyUtils.ultimateTargetClass(target);
@@ -56,7 +55,6 @@ public abstract class AbstractMethodSecurityMetadataSource implements MethodSecu
 			}
 			return attrs;
 		}
-
 		throw new IllegalArgumentException("Object must be a non-null MethodInvocation");
 	}
 
diff --git a/core/src/main/java/org/springframework/security/access/method/DelegatingMethodSecurityMetadataSource.java b/core/src/main/java/org/springframework/security/access/method/DelegatingMethodSecurityMetadataSource.java
index 583d140b31..2591d099fc 100644
--- a/core/src/main/java/org/springframework/security/access/method/DelegatingMethodSecurityMetadataSource.java
+++ b/core/src/main/java/org/springframework/security/access/method/DelegatingMethodSecurityMetadataSource.java
@@ -25,6 +25,7 @@ import java.util.List;
 import java.util.Map;
 import java.util.Set;
 
+import org.springframework.core.log.LogMessage;
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.util.Assert;
 import org.springframework.util.ObjectUtils;
@@ -56,11 +57,9 @@ public final class DelegatingMethodSecurityMetadataSource extends AbstractMethod
 		synchronized (this.attributeCache) {
 			Collection<ConfigAttribute> cached = this.attributeCache.get(cacheKey);
 			// Check for canonical value indicating there is no config attribute,
-
 			if (cached != null) {
 				return cached;
 			}
-
 			// No cached value, so query the sources to find a result
 			Collection<ConfigAttribute> attributes = null;
 			for (MethodSecurityMetadataSource s : this.methodSecurityMetadataSources) {
@@ -69,19 +68,13 @@ public final class DelegatingMethodSecurityMetadataSource extends AbstractMethod
 					break;
 				}
 			}
-
 			// Put it in the cache.
 			if (attributes == null || attributes.isEmpty()) {
 				this.attributeCache.put(cacheKey, NULL_CONFIG_ATTRIBUTE);
 				return NULL_CONFIG_ATTRIBUTE;
 			}
-
-			if (this.logger.isDebugEnabled()) {
-				this.logger.debug("Caching method [" + cacheKey + "] with attributes " + attributes);
-			}
-
+			this.logger.debug(LogMessage.format("Caching method [%s] with attributes %s", cacheKey, attributes));
 			this.attributeCache.put(cacheKey, attributes);
-
 			return attributes;
 		}
 	}
@@ -127,8 +120,8 @@ public final class DelegatingMethodSecurityMetadataSource extends AbstractMethod
 
 		@Override
 		public String toString() {
-			return "CacheKey[" + ((this.targetClass != null) ? this.targetClass.getName() : "-") + "; " + this.method
-					+ "]";
+			String targetClassName = (this.targetClass != null) ? this.targetClass.getName() : "-";
+			return "CacheKey[" + targetClassName + "; " + this.method + "]";
 		}
 
 	}
diff --git a/core/src/main/java/org/springframework/security/access/method/MapBasedMethodSecurityMetadataSource.java b/core/src/main/java/org/springframework/security/access/method/MapBasedMethodSecurityMetadataSource.java
index eb7a41816a..4fb00cc78e 100644
--- a/core/src/main/java/org/springframework/security/access/method/MapBasedMethodSecurityMetadataSource.java
+++ b/core/src/main/java/org/springframework/security/access/method/MapBasedMethodSecurityMetadataSource.java
@@ -26,6 +26,7 @@ import java.util.Map;
 import java.util.Set;
 
 import org.springframework.beans.factory.BeanClassLoaderAware;
+import org.springframework.core.log.LogMessage;
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.util.Assert;
 import org.springframework.util.ClassUtils;
@@ -47,10 +48,14 @@ public class MapBasedMethodSecurityMetadataSource extends AbstractFallbackMethod
 
 	private ClassLoader beanClassLoader = ClassUtils.getDefaultClassLoader();
 
-	/** Map from RegisteredMethod to ConfigAttribute list */
+	/**
+	 * Map from RegisteredMethod to ConfigAttribute list
+	 */
 	protected final Map<RegisteredMethod, List<ConfigAttribute>> methodMap = new HashMap<>();
 
-	/** Map from RegisteredMethod to name pattern used for registration */
+	/**
+	 * Map from RegisteredMethod to name pattern used for registration
+	 */
 	private final Map<RegisteredMethod, String> nameMap = new HashMap<>();
 
 	public MapBasedMethodSecurityMetadataSource() {
@@ -83,7 +88,6 @@ public class MapBasedMethodSecurityMetadataSource extends AbstractFallbackMethod
 		if (targetClass == null) {
 			return null;
 		}
-
 		return findAttributesSpecifiedAgainst(method, targetClass);
 	}
 
@@ -107,17 +111,11 @@ public class MapBasedMethodSecurityMetadataSource extends AbstractFallbackMethod
 	 */
 	private void addSecureMethod(String name, List<ConfigAttribute> attr) {
 		int lastDotIndex = name.lastIndexOf(".");
-
-		if (lastDotIndex == -1) {
-			throw new IllegalArgumentException("'" + name + "' is not a valid method name: format is FQN.methodName");
-		}
-
+		Assert.isTrue(lastDotIndex != -1, () -> "'" + name + "' is not a valid method name: format is FQN.methodName");
 		String methodName = name.substring(lastDotIndex + 1);
 		Assert.hasText(methodName, () -> "Method not found for '" + name + "'");
-
 		String typeName = name.substring(0, lastDotIndex);
 		Class<?> type = ClassUtils.resolveClassName(typeName, this.beanClassLoader);
-
 		addSecureMethod(type, methodName, attr);
 	}
 
@@ -131,43 +129,38 @@ public class MapBasedMethodSecurityMetadataSource extends AbstractFallbackMethod
 	 */
 	public void addSecureMethod(Class<?> javaType, String mappedName, List<ConfigAttribute> attr) {
 		String name = javaType.getName() + '.' + mappedName;
-
-		if (this.logger.isDebugEnabled()) {
-			this.logger.debug("Request to add secure method [" + name + "] with attributes [" + attr + "]");
-		}
-
+		this.logger.debug(LogMessage.format("Request to add secure method [%s] with attributes [%s]", name, attr));
 		Method[] methods = javaType.getMethods();
 		List<Method> matchingMethods = new ArrayList<>();
-
-		for (Method m : methods) {
-			if (m.getName().equals(mappedName) || isMatch(m.getName(), mappedName)) {
-				matchingMethods.add(m);
+		for (Method method : methods) {
+			if (method.getName().equals(mappedName) || isMatch(method.getName(), mappedName)) {
+				matchingMethods.add(method);
 			}
 		}
+		Assert.notEmpty(matchingMethods, () -> "Couldn't find method '" + mappedName + "' on '" + javaType + "'");
+		registerAllMatchingMethods(javaType, attr, name, matchingMethods);
+	}
 
-		if (matchingMethods.isEmpty()) {
-			throw new IllegalArgumentException("Couldn't find method '" + mappedName + "' on '" + javaType + "'");
-		}
-
-		// register all matching methods
+	private void registerAllMatchingMethods(Class<?> javaType, List<ConfigAttribute> attr, String name,
+			List<Method> matchingMethods) {
 		for (Method method : matchingMethods) {
 			RegisteredMethod registeredMethod = new RegisteredMethod(method, javaType);
 			String regMethodName = this.nameMap.get(registeredMethod);
-
 			if ((regMethodName == null) || (!regMethodName.equals(name) && (regMethodName.length() <= name.length()))) {
 				// no already registered method name, or more specific
 				// method name specification (now) -> (re-)register method
 				if (regMethodName != null) {
-					this.logger.debug("Replacing attributes for secure method [" + method + "]: current name [" + name
-							+ "] is more specific than [" + regMethodName + "]");
+					this.logger.debug(LogMessage.format(
+							"Replacing attributes for secure method [%s]: current name [%s] is more specific than [%s]",
+							method, name, regMethodName));
 				}
-
 				this.nameMap.put(registeredMethod, name);
 				addSecureMethod(registeredMethod, attr);
 			}
 			else {
-				this.logger.debug("Keeping attributes for secure method [" + method + "]: current name [" + name
-						+ "] is not more specific than [" + regMethodName + "]");
+				this.logger.debug(LogMessage.format(
+						"Keeping attributes for secure method [%s]: current name [%s] is not more specific than [%s]",
+						method, name, regMethodName));
 			}
 		}
 	}
@@ -183,13 +176,11 @@ public class MapBasedMethodSecurityMetadataSource extends AbstractFallbackMethod
 	 */
 	public void addSecureMethod(Class<?> javaType, Method method, List<ConfigAttribute> attr) {
 		RegisteredMethod key = new RegisteredMethod(method, javaType);
-
 		if (this.methodMap.containsKey(key)) {
-			this.logger.debug(
-					"Method [" + method + "] is already registered with attributes [" + this.methodMap.get(key) + "]");
+			this.logger.debug(LogMessage.format("Method [%s] is already registered with attributes [%s]", method,
+					this.methodMap.get(key)));
 			return;
 		}
-
 		this.methodMap.put(key, attr);
 	}
 
@@ -201,9 +192,7 @@ public class MapBasedMethodSecurityMetadataSource extends AbstractFallbackMethod
 	private void addSecureMethod(RegisteredMethod method, List<ConfigAttribute> attr) {
 		Assert.notNull(method, "RegisteredMethod required");
 		Assert.notNull(attr, "Configuration attribute required");
-		if (this.logger.isInfoEnabled()) {
-			this.logger.info("Adding secure method [" + method + "] with attributes [" + attr + "]");
-		}
+		this.logger.info(LogMessage.format("Adding secure method [%s] with attributes [%s]", method, attr));
 		this.methodMap.put(method, attr);
 	}
 
@@ -214,11 +203,7 @@ public class MapBasedMethodSecurityMetadataSource extends AbstractFallbackMethod
 	@Override
 	public Collection<ConfigAttribute> getAllConfigAttributes() {
 		Set<ConfigAttribute> allAttributes = new HashSet<>();
-
-		for (List<ConfigAttribute> attributeList : this.methodMap.values()) {
-			allAttributes.addAll(attributeList);
-		}
-
+		this.methodMap.values().forEach(allAttributes::addAll);
 		return allAttributes;
 	}
 
diff --git a/core/src/main/java/org/springframework/security/access/prepost/PostInvocationAdviceProvider.java b/core/src/main/java/org/springframework/security/access/prepost/PostInvocationAdviceProvider.java
index ff13589249..b63a39e8c7 100644
--- a/core/src/main/java/org/springframework/security/access/prepost/PostInvocationAdviceProvider.java
+++ b/core/src/main/java/org/springframework/security/access/prepost/PostInvocationAdviceProvider.java
@@ -49,14 +49,12 @@ public class PostInvocationAdviceProvider implements AfterInvocationProvider {
 	@Override
 	public Object decide(Authentication authentication, Object object, Collection<ConfigAttribute> config,
 			Object returnedObject) throws AccessDeniedException {
-
-		PostInvocationAttribute pia = findPostInvocationAttribute(config);
-
-		if (pia == null) {
+		PostInvocationAttribute postInvocationAttribute = findPostInvocationAttribute(config);
+		if (postInvocationAttribute == null) {
 			return returnedObject;
 		}
-
-		return this.postAdvice.after(authentication, (MethodInvocation) object, pia, returnedObject);
+		return this.postAdvice.after(authentication, (MethodInvocation) object, postInvocationAttribute,
+				returnedObject);
 	}
 
 	private PostInvocationAttribute findPostInvocationAttribute(Collection<ConfigAttribute> config) {
@@ -65,7 +63,6 @@ public class PostInvocationAdviceProvider implements AfterInvocationProvider {
 				return (PostInvocationAttribute) attribute;
 			}
 		}
-
 		return null;
 	}
 
diff --git a/core/src/main/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdviceVoter.java b/core/src/main/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdviceVoter.java
index 5d1a4594a8..2b9979290a 100644
--- a/core/src/main/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdviceVoter.java
+++ b/core/src/main/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdviceVoter.java
@@ -61,21 +61,14 @@ public class PreInvocationAuthorizationAdviceVoter implements AccessDecisionVote
 
 	@Override
 	public int vote(Authentication authentication, MethodInvocation method, Collection<ConfigAttribute> attributes) {
-
 		// Find prefilter and preauth (or combined) attributes
-		// if both null, abstain
-		// else call advice with them
-
+		// if both null, abstain else call advice with them
 		PreInvocationAttribute preAttr = findPreInvocationAttribute(attributes);
-
 		if (preAttr == null) {
 			// No expression based metadata, so abstain
 			return ACCESS_ABSTAIN;
 		}
-
-		boolean allowed = this.preAdvice.before(authentication, method, preAttr);
-
-		return allowed ? ACCESS_GRANTED : ACCESS_DENIED;
+		return this.preAdvice.before(authentication, method, preAttr) ? ACCESS_GRANTED : ACCESS_DENIED;
 	}
 
 	private PreInvocationAttribute findPreInvocationAttribute(Collection<ConfigAttribute> config) {
@@ -84,7 +77,6 @@ public class PreInvocationAuthorizationAdviceVoter implements AccessDecisionVote
 				return (PreInvocationAttribute) attribute;
 			}
 		}
-
 		return null;
 	}
 
diff --git a/core/src/main/java/org/springframework/security/access/prepost/PrePostAdviceReactiveMethodInterceptor.java b/core/src/main/java/org/springframework/security/access/prepost/PrePostAdviceReactiveMethodInterceptor.java
index 0fc6e502a2..b56a755edb 100644
--- a/core/src/main/java/org/springframework/security/access/prepost/PrePostAdviceReactiveMethodInterceptor.java
+++ b/core/src/main/java/org/springframework/security/access/prepost/PrePostAdviceReactiveMethodInterceptor.java
@@ -66,7 +66,6 @@ public class PrePostAdviceReactiveMethodInterceptor implements MethodInterceptor
 		Assert.notNull(attributeSource, "attributeSource cannot be null");
 		Assert.notNull(preInvocationAdvice, "preInvocationAdvice cannot be null");
 		Assert.notNull(postInvocationAdvice, "postInvocationAdvice cannot be null");
-
 		this.attributeSource = attributeSource;
 		this.preInvocationAdvice = preInvocationAdvice;
 		this.postAdvice = postInvocationAdvice;
@@ -76,31 +75,26 @@ public class PrePostAdviceReactiveMethodInterceptor implements MethodInterceptor
 	public Object invoke(final MethodInvocation invocation) {
 		Method method = invocation.getMethod();
 		Class<?> returnType = method.getReturnType();
-		if (!Publisher.class.isAssignableFrom(returnType)) {
-			throw new IllegalStateException("The returnType " + returnType + " on " + method
-					+ " must return an instance of org.reactivestreams.Publisher (i.e. Mono / Flux) in order to support Reactor Context");
-		}
+		Assert.state(Publisher.class.isAssignableFrom(returnType),
+				() -> "The returnType " + returnType + " on " + method
+						+ " must return an instance of org.reactivestreams.Publisher "
+						+ "(i.e. Mono / Flux) in order to support Reactor Context");
 		Class<?> targetClass = invocation.getThis().getClass();
 		Collection<ConfigAttribute> attributes = this.attributeSource.getAttributes(method, targetClass);
-
 		PreInvocationAttribute preAttr = findPreInvocationAttribute(attributes);
 		Mono<Authentication> toInvoke = ReactiveSecurityContextHolder.getContext()
 				.map(SecurityContext::getAuthentication).defaultIfEmpty(this.anonymous)
 				.filter((auth) -> this.preInvocationAdvice.before(auth, invocation, preAttr))
 				.switchIfEmpty(Mono.defer(() -> Mono.error(new AccessDeniedException("Denied"))));
-
 		PostInvocationAttribute attr = findPostInvocationAttribute(attributes);
-
 		if (Mono.class.isAssignableFrom(returnType)) {
 			return toInvoke.flatMap((auth) -> PrePostAdviceReactiveMethodInterceptor.<Mono<?>>proceed(invocation)
 					.map((r) -> (attr != null) ? this.postAdvice.after(auth, invocation, attr, r) : r));
 		}
-
 		if (Flux.class.isAssignableFrom(returnType)) {
 			return toInvoke.flatMapMany((auth) -> PrePostAdviceReactiveMethodInterceptor.<Flux<?>>proceed(invocation)
 					.map((r) -> (attr != null) ? this.postAdvice.after(auth, invocation, attr, r) : r));
 		}
-
 		return toInvoke.flatMapMany(
 				(auth) -> Flux.from(PrePostAdviceReactiveMethodInterceptor.<Publisher<?>>proceed(invocation))
 						.map((r) -> (attr != null) ? this.postAdvice.after(auth, invocation, attr, r) : r));
@@ -121,7 +115,6 @@ public class PrePostAdviceReactiveMethodInterceptor implements MethodInterceptor
 				return (PostInvocationAttribute) attribute;
 			}
 		}
-
 		return null;
 	}
 
@@ -131,7 +124,6 @@ public class PrePostAdviceReactiveMethodInterceptor implements MethodInterceptor
 				return (PreInvocationAttribute) attribute;
 			}
 		}
-
 		return null;
 	}
 
diff --git a/core/src/main/java/org/springframework/security/access/prepost/PrePostAnnotationSecurityMetadataSource.java b/core/src/main/java/org/springframework/security/access/prepost/PrePostAnnotationSecurityMetadataSource.java
index ff12befce0..8f85e8ad78 100644
--- a/core/src/main/java/org/springframework/security/access/prepost/PrePostAnnotationSecurityMetadataSource.java
+++ b/core/src/main/java/org/springframework/security/access/prepost/PrePostAnnotationSecurityMetadataSource.java
@@ -23,6 +23,7 @@ import java.util.Collection;
 import java.util.Collections;
 
 import org.springframework.core.annotation.AnnotationUtils;
+import org.springframework.core.log.LogMessage;
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.access.method.AbstractMethodSecurityMetadataSource;
 import org.springframework.util.ClassUtils;
@@ -61,45 +62,35 @@ public class PrePostAnnotationSecurityMetadataSource extends AbstractMethodSecur
 		if (method.getDeclaringClass() == Object.class) {
 			return Collections.emptyList();
 		}
-
-		this.logger.trace("Looking for Pre/Post annotations for method '" + method.getName() + "' on target class '"
-				+ targetClass + "'");
+		this.logger.trace(LogMessage.format("Looking for Pre/Post annotations for method '%s' on target class '%s'",
+				method.getName(), targetClass));
 		PreFilter preFilter = findAnnotation(method, targetClass, PreFilter.class);
 		PreAuthorize preAuthorize = findAnnotation(method, targetClass, PreAuthorize.class);
 		PostFilter postFilter = findAnnotation(method, targetClass, PostFilter.class);
 		// TODO: Can we check for void methods and throw an exception here?
 		PostAuthorize postAuthorize = findAnnotation(method, targetClass, PostAuthorize.class);
-
 		if (preFilter == null && preAuthorize == null && postFilter == null && postAuthorize == null) {
 			// There is no meta-data so return
 			this.logger.trace("No expression annotations found");
 			return Collections.emptyList();
 		}
-
 		String preFilterAttribute = (preFilter != null) ? preFilter.value() : null;
 		String filterObject = (preFilter != null) ? preFilter.filterTarget() : null;
 		String preAuthorizeAttribute = (preAuthorize != null) ? preAuthorize.value() : null;
 		String postFilterAttribute = (postFilter != null) ? postFilter.value() : null;
 		String postAuthorizeAttribute = (postAuthorize != null) ? postAuthorize.value() : null;
-
 		ArrayList<ConfigAttribute> attrs = new ArrayList<>(2);
-
 		PreInvocationAttribute pre = this.attributeFactory.createPreInvocationAttribute(preFilterAttribute,
 				filterObject, preAuthorizeAttribute);
-
 		if (pre != null) {
 			attrs.add(pre);
 		}
-
 		PostInvocationAttribute post = this.attributeFactory.createPostInvocationAttribute(postFilterAttribute,
 				postAuthorizeAttribute);
-
 		if (post != null) {
 			attrs.add(post);
 		}
-
 		attrs.trimToSize();
-
 		return attrs;
 	}
 
@@ -120,31 +111,26 @@ public class PrePostAnnotationSecurityMetadataSource extends AbstractMethodSecur
 		// If the target class is null, the method will be unchanged.
 		Method specificMethod = ClassUtils.getMostSpecificMethod(method, targetClass);
 		A annotation = AnnotationUtils.findAnnotation(specificMethod, annotationClass);
-
 		if (annotation != null) {
-			this.logger.debug(annotation + " found on specific method: " + specificMethod);
+			this.logger.debug(LogMessage.format("%s found on specific method: %s", annotation, specificMethod));
 			return annotation;
 		}
-
 		// Check the original (e.g. interface) method
 		if (specificMethod != method) {
 			annotation = AnnotationUtils.findAnnotation(method, annotationClass);
-
 			if (annotation != null) {
-				this.logger.debug(annotation + " found on: " + method);
+				this.logger.debug(LogMessage.format("%s found on: %s", annotation, method));
 				return annotation;
 			}
 		}
-
 		// Check the class-level (note declaringClass, not targetClass, which may not
 		// actually implement the method)
 		annotation = AnnotationUtils.findAnnotation(specificMethod.getDeclaringClass(), annotationClass);
-
 		if (annotation != null) {
-			this.logger.debug(annotation + " found on: " + specificMethod.getDeclaringClass().getName());
+			this.logger.debug(
+					LogMessage.format("%s found on: %s", annotation, specificMethod.getDeclaringClass().getName()));
 			return annotation;
 		}
-
 		return null;
 	}
 
diff --git a/core/src/main/java/org/springframework/security/access/vote/AbstractAccessDecisionManager.java b/core/src/main/java/org/springframework/security/access/vote/AbstractAccessDecisionManager.java
index d603c6183e..50d835df37 100644
--- a/core/src/main/java/org/springframework/security/access/vote/AbstractAccessDecisionManager.java
+++ b/core/src/main/java/org/springframework/security/access/vote/AbstractAccessDecisionManager.java
@@ -88,12 +88,11 @@ public abstract class AbstractAccessDecisionManager
 
 	@Override
 	public boolean supports(ConfigAttribute attribute) {
-		for (AccessDecisionVoter voter : this.decisionVoters) {
+		for (AccessDecisionVoter<?> voter : this.decisionVoters) {
 			if (voter.supports(attribute)) {
 				return true;
 			}
 		}
-
 		return false;
 	}
 
@@ -108,12 +107,11 @@ public abstract class AbstractAccessDecisionManager
 	 */
 	@Override
 	public boolean supports(Class<?> clazz) {
-		for (AccessDecisionVoter voter : this.decisionVoters) {
+		for (AccessDecisionVoter<?> voter : this.decisionVoters) {
 			if (!voter.supports(clazz)) {
 				return false;
 			}
 		}
-
 		return true;
 	}
 
diff --git a/core/src/main/java/org/springframework/security/access/vote/AbstractAclVoter.java b/core/src/main/java/org/springframework/security/access/vote/AbstractAclVoter.java
index 54257496a0..5e1fd32180 100644
--- a/core/src/main/java/org/springframework/security/access/vote/AbstractAclVoter.java
+++ b/core/src/main/java/org/springframework/security/access/vote/AbstractAclVoter.java
@@ -33,18 +33,13 @@ public abstract class AbstractAclVoter implements AccessDecisionVoter<MethodInvo
 	private Class<?> processDomainObjectClass;
 
 	protected Object getDomainObjectInstance(MethodInvocation invocation) {
-		Object[] args;
-		Class<?>[] params;
-
-		params = invocation.getMethod().getParameterTypes();
-		args = invocation.getArguments();
-
+		Object[] args = invocation.getArguments();
+		Class<?>[] params = invocation.getMethod().getParameterTypes();
 		for (int i = 0; i < params.length; i++) {
 			if (this.processDomainObjectClass.isAssignableFrom(params[i])) {
 				return args[i];
 			}
 		}
-
 		throw new AuthorizationServiceException("MethodInvocation: " + invocation
 				+ " did not provide any argument of type: " + this.processDomainObjectClass);
 	}
diff --git a/core/src/main/java/org/springframework/security/access/vote/AffirmativeBased.java b/core/src/main/java/org/springframework/security/access/vote/AffirmativeBased.java
index 1ddc9157c8..718ed9f15f 100644
--- a/core/src/main/java/org/springframework/security/access/vote/AffirmativeBased.java
+++ b/core/src/main/java/org/springframework/security/access/vote/AffirmativeBased.java
@@ -19,6 +19,7 @@ package org.springframework.security.access.vote;
 import java.util.Collection;
 import java.util.List;
 
+import org.springframework.core.log.LogMessage;
 import org.springframework.security.access.AccessDecisionVoter;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.access.ConfigAttribute;
@@ -52,36 +53,27 @@ public class AffirmativeBased extends AbstractAccessDecisionManager {
 	 * @throws AccessDeniedException if access is denied
 	 */
 	@Override
+	@SuppressWarnings({ "rawtypes", "unchecked" })
 	public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes)
 			throws AccessDeniedException {
 		int deny = 0;
-
 		for (AccessDecisionVoter voter : getDecisionVoters()) {
 			int result = voter.vote(authentication, object, configAttributes);
-
-			if (this.logger.isDebugEnabled()) {
-				this.logger.debug("Voter: " + voter + ", returned: " + result);
-			}
-
+			this.logger.debug(LogMessage.format("Voter: %s, returned: %s", voter, result));
 			switch (result) {
 			case AccessDecisionVoter.ACCESS_GRANTED:
 				return;
-
 			case AccessDecisionVoter.ACCESS_DENIED:
 				deny++;
-
 				break;
-
 			default:
 				break;
 			}
 		}
-
 		if (deny > 0) {
 			throw new AccessDeniedException(
 					this.messages.getMessage("AbstractAccessDecisionManager.accessDenied", "Access is denied"));
 		}
-
 		// To get this far, every AccessDecisionVoter abstained
 		checkAllowIfAllAbstainDecisions();
 	}
diff --git a/core/src/main/java/org/springframework/security/access/vote/AuthenticatedVoter.java b/core/src/main/java/org/springframework/security/access/vote/AuthenticatedVoter.java
index 364485b8ec..eec33f2d53 100644
--- a/core/src/main/java/org/springframework/security/access/vote/AuthenticatedVoter.java
+++ b/core/src/main/java/org/springframework/security/access/vote/AuthenticatedVoter.java
@@ -87,24 +87,20 @@ public class AuthenticatedVoter implements AccessDecisionVoter<Object> {
 	@Override
 	public int vote(Authentication authentication, Object object, Collection<ConfigAttribute> attributes) {
 		int result = ACCESS_ABSTAIN;
-
 		for (ConfigAttribute attribute : attributes) {
 			if (this.supports(attribute)) {
 				result = ACCESS_DENIED;
-
 				if (IS_AUTHENTICATED_FULLY.equals(attribute.getAttribute())) {
 					if (isFullyAuthenticated(authentication)) {
 						return ACCESS_GRANTED;
 					}
 				}
-
 				if (IS_AUTHENTICATED_REMEMBERED.equals(attribute.getAttribute())) {
 					if (this.authenticationTrustResolver.isRememberMe(authentication)
 							|| isFullyAuthenticated(authentication)) {
 						return ACCESS_GRANTED;
 					}
 				}
-
 				if (IS_AUTHENTICATED_ANONYMOUSLY.equals(attribute.getAttribute())) {
 					if (this.authenticationTrustResolver.isAnonymous(authentication)
 							|| isFullyAuthenticated(authentication)
@@ -114,7 +110,6 @@ public class AuthenticatedVoter implements AccessDecisionVoter<Object> {
 				}
 			}
 		}
-
 		return result;
 	}
 
diff --git a/core/src/main/java/org/springframework/security/access/vote/ConsensusBased.java b/core/src/main/java/org/springframework/security/access/vote/ConsensusBased.java
index 2bd16b2930..3a98a61a49 100644
--- a/core/src/main/java/org/springframework/security/access/vote/ConsensusBased.java
+++ b/core/src/main/java/org/springframework/security/access/vote/ConsensusBased.java
@@ -19,6 +19,7 @@ package org.springframework.security.access.vote;
 import java.util.Collection;
 import java.util.List;
 
+import org.springframework.core.log.LogMessage;
 import org.springframework.security.access.AccessDecisionVoter;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.access.ConfigAttribute;
@@ -59,53 +60,39 @@ public class ConsensusBased extends AbstractAccessDecisionManager {
 	 * @throws AccessDeniedException if access is denied
 	 */
 	@Override
+	@SuppressWarnings({ "rawtypes", "unchecked" })
 	public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes)
 			throws AccessDeniedException {
 		int grant = 0;
 		int deny = 0;
-
 		for (AccessDecisionVoter voter : getDecisionVoters()) {
 			int result = voter.vote(authentication, object, configAttributes);
-
-			if (this.logger.isDebugEnabled()) {
-				this.logger.debug("Voter: " + voter + ", returned: " + result);
-			}
-
+			this.logger.debug(LogMessage.format("Voter: %s, returned: %s", voter, result));
 			switch (result) {
 			case AccessDecisionVoter.ACCESS_GRANTED:
 				grant++;
-
 				break;
-
 			case AccessDecisionVoter.ACCESS_DENIED:
 				deny++;
-
 				break;
-
 			default:
 				break;
 			}
 		}
-
 		if (grant > deny) {
 			return;
 		}
-
 		if (deny > grant) {
 			throw new AccessDeniedException(
 					this.messages.getMessage("AbstractAccessDecisionManager.accessDenied", "Access is denied"));
 		}
-
 		if ((grant == deny) && (grant != 0)) {
 			if (this.allowIfEqualGrantedDeniedDecisions) {
 				return;
 			}
-			else {
-				throw new AccessDeniedException(
-						this.messages.getMessage("AbstractAccessDecisionManager.accessDenied", "Access is denied"));
-			}
+			throw new AccessDeniedException(
+					this.messages.getMessage("AbstractAccessDecisionManager.accessDenied", "Access is denied"));
 		}
-
 		// To get this far, every AccessDecisionVoter abstained
 		checkAllowIfAllAbstainDecisions();
 	}
diff --git a/core/src/main/java/org/springframework/security/access/vote/RoleVoter.java b/core/src/main/java/org/springframework/security/access/vote/RoleVoter.java
index e20808eb73..546507df12 100644
--- a/core/src/main/java/org/springframework/security/access/vote/RoleVoter.java
+++ b/core/src/main/java/org/springframework/security/access/vote/RoleVoter.java
@@ -89,11 +89,9 @@ public class RoleVoter implements AccessDecisionVoter<Object> {
 		}
 		int result = ACCESS_ABSTAIN;
 		Collection<? extends GrantedAuthority> authorities = extractAuthorities(authentication);
-
 		for (ConfigAttribute attribute : attributes) {
 			if (this.supports(attribute)) {
 				result = ACCESS_DENIED;
-
 				// Attempt to find a matching granted authority
 				for (GrantedAuthority authority : authorities) {
 					if (attribute.getAttribute().equals(authority.getAuthority())) {
@@ -102,7 +100,6 @@ public class RoleVoter implements AccessDecisionVoter<Object> {
 				}
 			}
 		}
-
 		return result;
 	}
 
diff --git a/core/src/main/java/org/springframework/security/access/vote/UnanimousBased.java b/core/src/main/java/org/springframework/security/access/vote/UnanimousBased.java
index 0dae111017..edadbb9f49 100644
--- a/core/src/main/java/org/springframework/security/access/vote/UnanimousBased.java
+++ b/core/src/main/java/org/springframework/security/access/vote/UnanimousBased.java
@@ -20,6 +20,7 @@ import java.util.ArrayList;
 import java.util.Collection;
 import java.util.List;
 
+import org.springframework.core.log.LogMessage;
 import org.springframework.security.access.AccessDecisionVoter;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.access.ConfigAttribute;
@@ -56,45 +57,33 @@ public class UnanimousBased extends AbstractAccessDecisionManager {
 	 * @throws AccessDeniedException if access is denied
 	 */
 	@Override
+	@SuppressWarnings({ "rawtypes", "unchecked" })
 	public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> attributes)
 			throws AccessDeniedException {
-
 		int grant = 0;
-
 		List<ConfigAttribute> singleAttributeList = new ArrayList<>(1);
 		singleAttributeList.add(null);
-
 		for (ConfigAttribute attribute : attributes) {
 			singleAttributeList.set(0, attribute);
-
 			for (AccessDecisionVoter voter : getDecisionVoters()) {
 				int result = voter.vote(authentication, object, singleAttributeList);
-
-				if (this.logger.isDebugEnabled()) {
-					this.logger.debug("Voter: " + voter + ", returned: " + result);
-				}
-
+				this.logger.debug(LogMessage.format("Voter: %s, returned: %s", voter, result));
 				switch (result) {
 				case AccessDecisionVoter.ACCESS_GRANTED:
 					grant++;
-
 					break;
-
 				case AccessDecisionVoter.ACCESS_DENIED:
 					throw new AccessDeniedException(
 							this.messages.getMessage("AbstractAccessDecisionManager.accessDenied", "Access is denied"));
-
 				default:
 					break;
 				}
 			}
 		}
-
 		// To get this far, there were no deny votes
 		if (grant > 0) {
 			return;
 		}
-
 		// To get this far, every AccessDecisionVoter abstained
 		checkAllowIfAllAbstainDecisions();
 	}
diff --git a/core/src/main/java/org/springframework/security/authentication/AbstractAuthenticationToken.java b/core/src/main/java/org/springframework/security/authentication/AbstractAuthenticationToken.java
index dc01274d1f..422ce529d3 100644
--- a/core/src/main/java/org/springframework/security/authentication/AbstractAuthenticationToken.java
+++ b/core/src/main/java/org/springframework/security/authentication/AbstractAuthenticationToken.java
@@ -27,6 +27,7 @@ import org.springframework.security.core.CredentialsContainer;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.util.Assert;
 
 /**
  * Base class for <code>Authentication</code> objects.
@@ -54,15 +55,10 @@ public abstract class AbstractAuthenticationToken implements Authentication, Cre
 			this.authorities = AuthorityUtils.NO_AUTHORITIES;
 			return;
 		}
-
 		for (GrantedAuthority a : authorities) {
-			if (a == null) {
-				throw new IllegalArgumentException("Authorities collection cannot contain any null elements");
-			}
+			Assert.notNull(a, "Authorities collection cannot contain any null elements");
 		}
-		ArrayList<GrantedAuthority> temp = new ArrayList<>(authorities.size());
-		temp.addAll(authorities);
-		this.authorities = Collections.unmodifiableList(temp);
+		this.authorities = Collections.unmodifiableList(new ArrayList<>(authorities));
 	}
 
 	@Override
@@ -81,7 +77,6 @@ public abstract class AbstractAuthenticationToken implements Authentication, Cre
 		if (this.getPrincipal() instanceof Principal) {
 			return ((Principal) this.getPrincipal()).getName();
 		}
-
 		return (this.getPrincipal() == null) ? "" : this.getPrincipal().toString();
 	}
 
@@ -127,68 +122,52 @@ public abstract class AbstractAuthenticationToken implements Authentication, Cre
 		if (!(obj instanceof AbstractAuthenticationToken)) {
 			return false;
 		}
-
 		AbstractAuthenticationToken test = (AbstractAuthenticationToken) obj;
-
 		if (!this.authorities.equals(test.authorities)) {
 			return false;
 		}
-
 		if ((this.details == null) && (test.getDetails() != null)) {
 			return false;
 		}
-
 		if ((this.details != null) && (test.getDetails() == null)) {
 			return false;
 		}
-
 		if ((this.details != null) && (!this.details.equals(test.getDetails()))) {
 			return false;
 		}
-
 		if ((this.getCredentials() == null) && (test.getCredentials() != null)) {
 			return false;
 		}
-
 		if ((this.getCredentials() != null) && !this.getCredentials().equals(test.getCredentials())) {
 			return false;
 		}
-
 		if (this.getPrincipal() == null && test.getPrincipal() != null) {
 			return false;
 		}
-
 		if (this.getPrincipal() != null && !this.getPrincipal().equals(test.getPrincipal())) {
 			return false;
 		}
-
 		return this.isAuthenticated() == test.isAuthenticated();
 	}
 
 	@Override
 	public int hashCode() {
 		int code = 31;
-
 		for (GrantedAuthority authority : this.authorities) {
 			code ^= authority.hashCode();
 		}
-
 		if (this.getPrincipal() != null) {
 			code ^= this.getPrincipal().hashCode();
 		}
-
 		if (this.getCredentials() != null) {
 			code ^= this.getCredentials().hashCode();
 		}
-
 		if (this.getDetails() != null) {
 			code ^= this.getDetails().hashCode();
 		}
-
 		if (this.isAuthenticated()) {
 			code ^= -37;
 		}
-
 		return code;
 	}
 
@@ -200,23 +179,19 @@ public abstract class AbstractAuthenticationToken implements Authentication, Cre
 		sb.append("Credentials: [PROTECTED]; ");
 		sb.append("Authenticated: ").append(this.isAuthenticated()).append("; ");
 		sb.append("Details: ").append(this.getDetails()).append("; ");
-
 		if (!this.authorities.isEmpty()) {
 			sb.append("Granted Authorities: ");
-
 			int i = 0;
 			for (GrantedAuthority authority : this.authorities) {
 				if (i++ > 0) {
 					sb.append(", ");
 				}
-
 				sb.append(authority);
 			}
 		}
 		else {
 			sb.append("Not granted any authorities");
 		}
-
 		return sb.toString();
 	}
 
diff --git a/core/src/main/java/org/springframework/security/authentication/AbstractUserDetailsReactiveAuthenticationManager.java b/core/src/main/java/org/springframework/security/authentication/AbstractUserDetailsReactiveAuthenticationManager.java
index 08b86ca969..0c1b6daf5d 100644
--- a/core/src/main/java/org/springframework/security/authentication/AbstractUserDetailsReactiveAuthenticationManager.java
+++ b/core/src/main/java/org/springframework/security/authentication/AbstractUserDetailsReactiveAuthenticationManager.java
@@ -57,55 +57,60 @@ public abstract class AbstractUserDetailsReactiveAuthenticationManager implement
 
 	private Scheduler scheduler = Schedulers.boundedElastic();
 
-	private UserDetailsChecker preAuthenticationChecks = (user) -> {
+	private UserDetailsChecker preAuthenticationChecks = this::defaultPreAuthenticationChecks;
+
+	private UserDetailsChecker postAuthenticationChecks = this::defaultPostAuthenticationChecks;
+
+	private void defaultPreAuthenticationChecks(UserDetails user) {
 		if (!user.isAccountNonLocked()) {
 			this.logger.debug("User account is locked");
-
 			throw new LockedException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.locked",
 					"User account is locked"));
 		}
-
 		if (!user.isEnabled()) {
 			this.logger.debug("User account is disabled");
-
 			throw new DisabledException(
 					this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.disabled", "User is disabled"));
 		}
-
 		if (!user.isAccountNonExpired()) {
 			this.logger.debug("User account is expired");
-
 			throw new AccountExpiredException(this.messages
 					.getMessage("AbstractUserDetailsAuthenticationProvider.expired", "User account has expired"));
 		}
-	};
+	}
 
-	private UserDetailsChecker postAuthenticationChecks = (user) -> {
+	private void defaultPostAuthenticationChecks(UserDetails user) {
 		if (!user.isCredentialsNonExpired()) {
 			this.logger.debug("User account credentials have expired");
-
 			throw new CredentialsExpiredException(this.messages.getMessage(
 					"AbstractUserDetailsAuthenticationProvider.credentialsExpired", "User credentials have expired"));
 		}
-	};
+	}
 
 	@Override
 	public Mono<Authentication> authenticate(Authentication authentication) {
-		final String username = authentication.getName();
-		final String presentedPassword = (String) authentication.getCredentials();
+		String username = authentication.getName();
+		String presentedPassword = (String) authentication.getCredentials();
 		return retrieveUser(username).doOnNext(this.preAuthenticationChecks::check).publishOn(this.scheduler)
-				.filter((u) -> this.passwordEncoder.matches(presentedPassword, u.getPassword()))
+				.filter((userDetails) -> this.passwordEncoder.matches(presentedPassword, userDetails.getPassword()))
 				.switchIfEmpty(Mono.defer(() -> Mono.error(new BadCredentialsException("Invalid Credentials"))))
-				.flatMap((u) -> {
-					boolean upgradeEncoding = this.userDetailsPasswordService != null
-							&& this.passwordEncoder.upgradeEncoding(u.getPassword());
-					if (upgradeEncoding) {
-						String newPassword = this.passwordEncoder.encode(presentedPassword);
-						return this.userDetailsPasswordService.updatePassword(u, newPassword);
-					}
-					return Mono.just(u);
-				}).doOnNext(this.postAuthenticationChecks::check)
-				.map((u) -> new UsernamePasswordAuthenticationToken(u, u.getPassword(), u.getAuthorities()));
+				.flatMap((userDetails) -> upgradeEncodingIfNecessary(userDetails, presentedPassword))
+				.doOnNext(this.postAuthenticationChecks::check).map(this::createUsernamePasswordAuthenticationToken);
+	}
+
+	private Mono<UserDetails> upgradeEncodingIfNecessary(UserDetails userDetails, String presentedPassword) {
+		boolean upgradeEncoding = this.userDetailsPasswordService != null
+				&& this.passwordEncoder.upgradeEncoding(userDetails.getPassword());
+		if (upgradeEncoding) {
+			String newPassword = this.passwordEncoder.encode(presentedPassword);
+			return this.userDetailsPasswordService.updatePassword(userDetails, newPassword);
+		}
+		return Mono.just(userDetails);
+	}
+
+	private UsernamePasswordAuthenticationToken createUsernamePasswordAuthenticationToken(UserDetails userDetails) {
+		return new UsernamePasswordAuthenticationToken(userDetails, userDetails.getPassword(),
+				userDetails.getAuthorities());
 	}
 
 	/**
diff --git a/core/src/main/java/org/springframework/security/authentication/AccountStatusUserDetailsChecker.java b/core/src/main/java/org/springframework/security/authentication/AccountStatusUserDetailsChecker.java
index 2431294b01..9770a62111 100644
--- a/core/src/main/java/org/springframework/security/authentication/AccountStatusUserDetailsChecker.java
+++ b/core/src/main/java/org/springframework/security/authentication/AccountStatusUserDetailsChecker.java
@@ -37,17 +37,14 @@ public class AccountStatusUserDetailsChecker implements UserDetailsChecker, Mess
 			throw new LockedException(
 					this.messages.getMessage("AccountStatusUserDetailsChecker.locked", "User account is locked"));
 		}
-
 		if (!user.isEnabled()) {
 			throw new DisabledException(
 					this.messages.getMessage("AccountStatusUserDetailsChecker.disabled", "User is disabled"));
 		}
-
 		if (!user.isAccountNonExpired()) {
 			throw new AccountExpiredException(
 					this.messages.getMessage("AccountStatusUserDetailsChecker.expired", "User account has expired"));
 		}
-
 		if (!user.isCredentialsNonExpired()) {
 			throw new CredentialsExpiredException(this.messages
 					.getMessage("AccountStatusUserDetailsChecker.credentialsExpired", "User credentials have expired"));
diff --git a/core/src/main/java/org/springframework/security/authentication/AnonymousAuthenticationProvider.java b/core/src/main/java/org/springframework/security/authentication/AnonymousAuthenticationProvider.java
index 74b428b30d..dbff14cb4c 100644
--- a/core/src/main/java/org/springframework/security/authentication/AnonymousAuthenticationProvider.java
+++ b/core/src/main/java/org/springframework/security/authentication/AnonymousAuthenticationProvider.java
@@ -49,12 +49,10 @@ public class AnonymousAuthenticationProvider implements AuthenticationProvider,
 		if (!supports(authentication.getClass())) {
 			return null;
 		}
-
 		if (this.key.hashCode() != ((AnonymousAuthenticationToken) authentication).getKeyHash()) {
 			throw new BadCredentialsException(this.messages.getMessage("AnonymousAuthenticationProvider.incorrectKey",
 					"The presented AnonymousAuthenticationToken does not contain the expected key"));
 		}
-
 		return authentication;
 	}
 
diff --git a/core/src/main/java/org/springframework/security/authentication/AnonymousAuthenticationToken.java b/core/src/main/java/org/springframework/security/authentication/AnonymousAuthenticationToken.java
index ede6e269b2..2e92d105f7 100644
--- a/core/src/main/java/org/springframework/security/authentication/AnonymousAuthenticationToken.java
+++ b/core/src/main/java/org/springframework/security/authentication/AnonymousAuthenticationToken.java
@@ -57,12 +57,8 @@ public class AnonymousAuthenticationToken extends AbstractAuthenticationToken im
 	private AnonymousAuthenticationToken(Integer keyHash, Object principal,
 			Collection<? extends GrantedAuthority> authorities) {
 		super(authorities);
-
-		if (principal == null || "".equals(principal)) {
-			throw new IllegalArgumentException("principal cannot be null or empty");
-		}
+		Assert.isTrue(principal != null && !"".equals(principal), "principal cannot be null or empty");
 		Assert.notEmpty(authorities, "authorities cannot be null or empty");
-
 		this.keyHash = keyHash;
 		this.principal = principal;
 		setAuthenticated(true);
@@ -78,17 +74,10 @@ public class AnonymousAuthenticationToken extends AbstractAuthenticationToken im
 		if (!super.equals(obj)) {
 			return false;
 		}
-
 		if (obj instanceof AnonymousAuthenticationToken) {
 			AnonymousAuthenticationToken test = (AnonymousAuthenticationToken) obj;
-
-			if (this.getKeyHash() != test.getKeyHash()) {
-				return false;
-			}
-
-			return true;
+			return (this.getKeyHash() == test.getKeyHash());
 		}
-
 		return false;
 	}
 
diff --git a/core/src/main/java/org/springframework/security/authentication/AuthenticationTrustResolverImpl.java b/core/src/main/java/org/springframework/security/authentication/AuthenticationTrustResolverImpl.java
index f9b16aea86..a34645cde0 100644
--- a/core/src/main/java/org/springframework/security/authentication/AuthenticationTrustResolverImpl.java
+++ b/core/src/main/java/org/springframework/security/authentication/AuthenticationTrustResolverImpl.java
@@ -48,7 +48,6 @@ public class AuthenticationTrustResolverImpl implements AuthenticationTrustResol
 		if ((this.anonymousClass == null) || (authentication == null)) {
 			return false;
 		}
-
 		return this.anonymousClass.isAssignableFrom(authentication.getClass());
 	}
 
@@ -57,7 +56,6 @@ public class AuthenticationTrustResolverImpl implements AuthenticationTrustResol
 		if ((this.rememberMeClass == null) || (authentication == null)) {
 			return false;
 		}
-
 		return this.rememberMeClass.isAssignableFrom(authentication.getClass());
 	}
 
diff --git a/core/src/main/java/org/springframework/security/authentication/CachingUserDetailsService.java b/core/src/main/java/org/springframework/security/authentication/CachingUserDetailsService.java
index d33eda5e0a..39dc1f6487 100644
--- a/core/src/main/java/org/springframework/security/authentication/CachingUserDetailsService.java
+++ b/core/src/main/java/org/springframework/security/authentication/CachingUserDetailsService.java
@@ -47,16 +47,12 @@ public class CachingUserDetailsService implements UserDetailsService {
 	@Override
 	public UserDetails loadUserByUsername(String username) {
 		UserDetails user = this.userCache.getUserFromCache(username);
-
 		if (user == null) {
 			user = this.delegate.loadUserByUsername(username);
 		}
-
 		Assert.notNull(user, () -> "UserDetailsService " + this.delegate + " returned null for username " + username
 				+ ". " + "This is an interface contract violation");
-
 		this.userCache.putUserInCache(user);
-
 		return user;
 	}
 
diff --git a/core/src/main/java/org/springframework/security/authentication/DefaultAuthenticationEventPublisher.java b/core/src/main/java/org/springframework/security/authentication/DefaultAuthenticationEventPublisher.java
index 6e9049f7be..a5e9ff8619 100644
--- a/core/src/main/java/org/springframework/security/authentication/DefaultAuthenticationEventPublisher.java
+++ b/core/src/main/java/org/springframework/security/authentication/DefaultAuthenticationEventPublisher.java
@@ -79,7 +79,6 @@ public class DefaultAuthenticationEventPublisher
 
 	public DefaultAuthenticationEventPublisher(ApplicationEventPublisher applicationEventPublisher) {
 		this.applicationEventPublisher = applicationEventPublisher;
-
 		addMapping(BadCredentialsException.class.getName(), AuthenticationFailureBadCredentialsEvent.class);
 		addMapping(UsernameNotFoundException.class.getName(), AuthenticationFailureBadCredentialsEvent.class);
 		addMapping(AccountExpiredException.class.getName(), AuthenticationFailureExpiredEvent.class);
@@ -105,7 +104,6 @@ public class DefaultAuthenticationEventPublisher
 	public void publishAuthenticationFailure(AuthenticationException exception, Authentication authentication) {
 		Constructor<? extends AbstractAuthenticationEvent> constructor = getEventConstructor(exception);
 		AbstractAuthenticationEvent event = null;
-
 		if (constructor != null) {
 			try {
 				event = constructor.newInstance(authentication, exception);
@@ -113,7 +111,6 @@ public class DefaultAuthenticationEventPublisher
 			catch (IllegalAccessException | InvocationTargetException | InstantiationException ignored) {
 			}
 		}
-
 		if (event != null) {
 			if (this.applicationEventPublisher != null) {
 				this.applicationEventPublisher.publishEvent(event);
diff --git a/core/src/main/java/org/springframework/security/authentication/ProviderManager.java b/core/src/main/java/org/springframework/security/authentication/ProviderManager.java
index 1b9a6a8ca6..622c0284b1 100644
--- a/core/src/main/java/org/springframework/security/authentication/ProviderManager.java
+++ b/core/src/main/java/org/springframework/security/authentication/ProviderManager.java
@@ -27,6 +27,7 @@ import org.springframework.beans.factory.InitializingBean;
 import org.springframework.context.MessageSource;
 import org.springframework.context.MessageSourceAware;
 import org.springframework.context.support.MessageSourceAccessor;
+import org.springframework.core.log.LogMessage;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.core.CredentialsContainer;
@@ -134,13 +135,10 @@ public class ProviderManager implements AuthenticationManager, MessageSourceAwar
 	}
 
 	private void checkState() {
-		if (this.parent == null && this.providers.isEmpty()) {
-			throw new IllegalArgumentException(
-					"A parent AuthenticationManager or a list " + "of AuthenticationProviders is required");
-		}
-		else if (CollectionUtils.contains(this.providers.iterator(), null)) {
-			throw new IllegalArgumentException("providers list cannot contain null values");
-		}
+		Assert.isTrue(this.parent != null || !this.providers.isEmpty(),
+				"A parent AuthenticationManager or a list of AuthenticationProviders is required");
+		Assert.isTrue(!CollectionUtils.contains(this.providers.iterator(), null),
+				"providers list cannot contain null values");
 	}
 
 	/**
@@ -170,20 +168,13 @@ public class ProviderManager implements AuthenticationManager, MessageSourceAwar
 		AuthenticationException parentException = null;
 		Authentication result = null;
 		Authentication parentResult = null;
-		boolean debug = logger.isDebugEnabled();
-
 		for (AuthenticationProvider provider : getProviders()) {
 			if (!provider.supports(toTest)) {
 				continue;
 			}
-
-			if (debug) {
-				logger.debug("Authentication attempt using " + provider.getClass().getName());
-			}
-
+			logger.debug(LogMessage.format("Authentication attempt using %s", provider.getClass().getName()));
 			try {
 				result = provider.authenticate(authentication);
-
 				if (result != null) {
 					copyDetails(authentication, result);
 					break;
@@ -199,7 +190,6 @@ public class ProviderManager implements AuthenticationManager, MessageSourceAwar
 				lastException = ex;
 			}
 		}
-
 		if (result == null && this.parent != null) {
 			// Allow the parent to try.
 			try {
@@ -217,14 +207,12 @@ public class ProviderManager implements AuthenticationManager, MessageSourceAwar
 				lastException = ex;
 			}
 		}
-
 		if (result != null) {
 			if (this.eraseCredentialsAfterAuthentication && (result instanceof CredentialsContainer)) {
 				// Authentication is complete. Remove credentials and other secret data
 				// from authentication
 				((CredentialsContainer) result).eraseCredentials();
 			}
-
 			// If the parent AuthenticationManager was attempted and successful then it
 			// will publish an AuthenticationSuccessEvent
 			// This check prevents a duplicate AuthenticationSuccessEvent if the parent
@@ -236,12 +224,10 @@ public class ProviderManager implements AuthenticationManager, MessageSourceAwar
 		}
 
 		// Parent was null, or didn't authenticate (or throw an exception).
-
 		if (lastException == null) {
 			lastException = new ProviderNotFoundException(this.messages.getMessage("ProviderManager.providerNotFound",
 					new Object[] { toTest.getName() }, "No AuthenticationProvider found for {0}"));
 		}
-
 		// If the parent AuthenticationManager was attempted and failed then it will
 		// publish an AbstractAuthenticationFailureEvent
 		// This check prevents a duplicate AbstractAuthenticationFailureEvent if the
@@ -249,7 +235,6 @@ public class ProviderManager implements AuthenticationManager, MessageSourceAwar
 		if (parentException == null) {
 			prepareException(lastException, authentication);
 		}
-
 		throw lastException;
 	}
 
@@ -267,7 +252,6 @@ public class ProviderManager implements AuthenticationManager, MessageSourceAwar
 	private void copyDetails(Authentication source, Authentication dest) {
 		if ((dest instanceof AbstractAuthenticationToken) && (dest.getDetails() == null)) {
 			AbstractAuthenticationToken token = (AbstractAuthenticationToken) dest;
-
 			token.setDetails(source.getDetails());
 		}
 	}
diff --git a/core/src/main/java/org/springframework/security/authentication/ReactiveAuthenticationManagerAdapter.java b/core/src/main/java/org/springframework/security/authentication/ReactiveAuthenticationManagerAdapter.java
index bb5d6dc17e..01612df39c 100644
--- a/core/src/main/java/org/springframework/security/authentication/ReactiveAuthenticationManagerAdapter.java
+++ b/core/src/main/java/org/springframework/security/authentication/ReactiveAuthenticationManagerAdapter.java
@@ -47,14 +47,17 @@ public class ReactiveAuthenticationManagerAdapter implements ReactiveAuthenticat
 
 	@Override
 	public Mono<Authentication> authenticate(Authentication token) {
-		return Mono.just(token).publishOn(this.scheduler).flatMap((t) -> {
-			try {
-				return Mono.just(this.authenticationManager.authenticate(t));
-			}
-			catch (Throwable error) {
-				return Mono.error(error);
-			}
-		}).filter((a) -> a.isAuthenticated());
+		return Mono.just(token).publishOn(this.scheduler).flatMap(this::doAuthenticate)
+				.filter(Authentication::isAuthenticated);
+	}
+
+	private Mono<Authentication> doAuthenticate(Authentication authentication) {
+		try {
+			return Mono.just(this.authenticationManager.authenticate(authentication));
+		}
+		catch (Throwable ex) {
+			return Mono.error(ex);
+		}
 	}
 
 	/**
diff --git a/core/src/main/java/org/springframework/security/authentication/RememberMeAuthenticationProvider.java b/core/src/main/java/org/springframework/security/authentication/RememberMeAuthenticationProvider.java
index f15311ab6a..ed9df33a28 100644
--- a/core/src/main/java/org/springframework/security/authentication/RememberMeAuthenticationProvider.java
+++ b/core/src/main/java/org/springframework/security/authentication/RememberMeAuthenticationProvider.java
@@ -53,12 +53,10 @@ public class RememberMeAuthenticationProvider implements AuthenticationProvider,
 		if (!supports(authentication.getClass())) {
 			return null;
 		}
-
 		if (this.key.hashCode() != ((RememberMeAuthenticationToken) authentication).getKeyHash()) {
 			throw new BadCredentialsException(this.messages.getMessage("RememberMeAuthenticationProvider.incorrectKey",
 					"The presented RememberMeAuthenticationToken does not contain the expected key"));
 		}
-
 		return authentication;
 	}
 
diff --git a/core/src/main/java/org/springframework/security/authentication/RememberMeAuthenticationToken.java b/core/src/main/java/org/springframework/security/authentication/RememberMeAuthenticationToken.java
index cf26e8851b..8a62c9ca2a 100644
--- a/core/src/main/java/org/springframework/security/authentication/RememberMeAuthenticationToken.java
+++ b/core/src/main/java/org/springframework/security/authentication/RememberMeAuthenticationToken.java
@@ -48,11 +48,9 @@ public class RememberMeAuthenticationToken extends AbstractAuthenticationToken {
 	public RememberMeAuthenticationToken(String key, Object principal,
 			Collection<? extends GrantedAuthority> authorities) {
 		super(authorities);
-
 		if ((key == null) || ("".equals(key)) || (principal == null) || "".equals(principal)) {
 			throw new IllegalArgumentException("Cannot pass null or empty values to constructor");
 		}
-
 		this.keyHash = key.hashCode();
 		this.principal = principal;
 		setAuthenticated(true);
@@ -68,7 +66,6 @@ public class RememberMeAuthenticationToken extends AbstractAuthenticationToken {
 	private RememberMeAuthenticationToken(Integer keyHash, Object principal,
 			Collection<? extends GrantedAuthority> authorities) {
 		super(authorities);
-
 		this.keyHash = keyHash;
 		this.principal = principal;
 		setAuthenticated(true);
@@ -97,17 +94,13 @@ public class RememberMeAuthenticationToken extends AbstractAuthenticationToken {
 		if (!super.equals(obj)) {
 			return false;
 		}
-
 		if (obj instanceof RememberMeAuthenticationToken) {
-			RememberMeAuthenticationToken test = (RememberMeAuthenticationToken) obj;
-
-			if (this.getKeyHash() != test.getKeyHash()) {
+			RememberMeAuthenticationToken other = (RememberMeAuthenticationToken) obj;
+			if (this.getKeyHash() != other.getKeyHash()) {
 				return false;
 			}
-
 			return true;
 		}
-
 		return false;
 	}
 
diff --git a/core/src/main/java/org/springframework/security/authentication/UsernamePasswordAuthenticationToken.java b/core/src/main/java/org/springframework/security/authentication/UsernamePasswordAuthenticationToken.java
index ca28be6eb5..55963150a6 100644
--- a/core/src/main/java/org/springframework/security/authentication/UsernamePasswordAuthenticationToken.java
+++ b/core/src/main/java/org/springframework/security/authentication/UsernamePasswordAuthenticationToken.java
@@ -20,6 +20,7 @@ import java.util.Collection;
 
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.SpringSecurityCoreVersion;
+import org.springframework.util.Assert;
 
 /**
  * An {@link org.springframework.security.core.Authentication} implementation that is
@@ -82,11 +83,8 @@ public class UsernamePasswordAuthenticationToken extends AbstractAuthenticationT
 
 	@Override
 	public void setAuthenticated(boolean isAuthenticated) throws IllegalArgumentException {
-		if (isAuthenticated) {
-			throw new IllegalArgumentException(
-					"Cannot set this token to trusted - use constructor which takes a GrantedAuthority list instead");
-		}
-
+		Assert.isTrue(!isAuthenticated,
+				"Cannot set this token to trusted - use constructor which takes a GrantedAuthority list instead");
 		super.setAuthenticated(false);
 	}
 
diff --git a/core/src/main/java/org/springframework/security/authentication/dao/AbstractUserDetailsAuthenticationProvider.java b/core/src/main/java/org/springframework/security/authentication/dao/AbstractUserDetailsAuthenticationProvider.java
index b9f93d4a7d..953e99455c 100644
--- a/core/src/main/java/org/springframework/security/authentication/dao/AbstractUserDetailsAuthenticationProvider.java
+++ b/core/src/main/java/org/springframework/security/authentication/dao/AbstractUserDetailsAuthenticationProvider.java
@@ -124,67 +124,54 @@ public abstract class AbstractUserDetailsAuthenticationProvider
 		Assert.isInstanceOf(UsernamePasswordAuthenticationToken.class, authentication,
 				() -> this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.onlySupports",
 						"Only UsernamePasswordAuthenticationToken is supported"));
-
-		// Determine username
-		String username = (authentication.getPrincipal() == null) ? "NONE_PROVIDED" : authentication.getName();
-
+		String username = determineUsername(authentication);
 		boolean cacheWasUsed = true;
 		UserDetails user = this.userCache.getUserFromCache(username);
-
 		if (user == null) {
 			cacheWasUsed = false;
-
 			try {
 				user = retrieveUser(username, (UsernamePasswordAuthenticationToken) authentication);
 			}
-			catch (UsernameNotFoundException notFound) {
+			catch (UsernameNotFoundException ex) {
 				this.logger.debug("User '" + username + "' not found");
-
-				if (this.hideUserNotFoundExceptions) {
-					throw new BadCredentialsException(this.messages
-							.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
-				}
-				else {
-					throw notFound;
+				if (!this.hideUserNotFoundExceptions) {
+					throw ex;
 				}
+				throw new BadCredentialsException(this.messages
+						.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
 			}
-
 			Assert.notNull(user, "retrieveUser returned null - a violation of the interface contract");
 		}
-
 		try {
 			this.preAuthenticationChecks.check(user);
 			additionalAuthenticationChecks(user, (UsernamePasswordAuthenticationToken) authentication);
 		}
-		catch (AuthenticationException exception) {
-			if (cacheWasUsed) {
-				// There was a problem, so try again after checking
-				// we're using latest data (i.e. not from the cache)
-				cacheWasUsed = false;
-				user = retrieveUser(username, (UsernamePasswordAuthenticationToken) authentication);
-				this.preAuthenticationChecks.check(user);
-				additionalAuthenticationChecks(user, (UsernamePasswordAuthenticationToken) authentication);
-			}
-			else {
-				throw exception;
+		catch (AuthenticationException ex) {
+			if (!cacheWasUsed) {
+				throw ex;
 			}
+			// There was a problem, so try again after checking
+			// we're using latest data (i.e. not from the cache)
+			cacheWasUsed = false;
+			user = retrieveUser(username, (UsernamePasswordAuthenticationToken) authentication);
+			this.preAuthenticationChecks.check(user);
+			additionalAuthenticationChecks(user, (UsernamePasswordAuthenticationToken) authentication);
 		}
-
 		this.postAuthenticationChecks.check(user);
-
 		if (!cacheWasUsed) {
 			this.userCache.putUserInCache(user);
 		}
-
 		Object principalToReturn = user;
-
 		if (this.forcePrincipalAsString) {
 			principalToReturn = user.getUsername();
 		}
-
 		return createSuccessAuthentication(principalToReturn, authentication, user);
 	}
 
+	private String determineUsername(Authentication authentication) {
+		return (authentication.getPrincipal() == null) ? "NONE_PROVIDED" : authentication.getName();
+	}
+
 	/**
 	 * Creates a successful {@link Authentication} object.
 	 * <p>
@@ -209,7 +196,6 @@ public abstract class AbstractUserDetailsAuthenticationProvider
 		UsernamePasswordAuthenticationToken result = new UsernamePasswordAuthenticationToken(principal,
 				authentication.getCredentials(), this.authoritiesMapper.mapAuthorities(user.getAuthorities()));
 		result.setDetails(authentication.getDetails());
-
 		return result;
 	}
 
@@ -333,21 +319,16 @@ public abstract class AbstractUserDetailsAuthenticationProvider
 		public void check(UserDetails user) {
 			if (!user.isAccountNonLocked()) {
 				AbstractUserDetailsAuthenticationProvider.this.logger.debug("User account is locked");
-
 				throw new LockedException(AbstractUserDetailsAuthenticationProvider.this.messages
 						.getMessage("AbstractUserDetailsAuthenticationProvider.locked", "User account is locked"));
 			}
-
 			if (!user.isEnabled()) {
 				AbstractUserDetailsAuthenticationProvider.this.logger.debug("User account is disabled");
-
 				throw new DisabledException(AbstractUserDetailsAuthenticationProvider.this.messages
 						.getMessage("AbstractUserDetailsAuthenticationProvider.disabled", "User is disabled"));
 			}
-
 			if (!user.isAccountNonExpired()) {
 				AbstractUserDetailsAuthenticationProvider.this.logger.debug("User account is expired");
-
 				throw new AccountExpiredException(AbstractUserDetailsAuthenticationProvider.this.messages
 						.getMessage("AbstractUserDetailsAuthenticationProvider.expired", "User account has expired"));
 			}
@@ -361,7 +342,6 @@ public abstract class AbstractUserDetailsAuthenticationProvider
 		public void check(UserDetails user) {
 			if (!user.isCredentialsNonExpired()) {
 				AbstractUserDetailsAuthenticationProvider.this.logger.debug("User account credentials have expired");
-
 				throw new CredentialsExpiredException(AbstractUserDetailsAuthenticationProvider.this.messages
 						.getMessage("AbstractUserDetailsAuthenticationProvider.credentialsExpired",
 								"User credentials have expired"));
diff --git a/core/src/main/java/org/springframework/security/authentication/dao/DaoAuthenticationProvider.java b/core/src/main/java/org/springframework/security/authentication/dao/DaoAuthenticationProvider.java
index ecb852cb54..245101592f 100644
--- a/core/src/main/java/org/springframework/security/authentication/dao/DaoAuthenticationProvider.java
+++ b/core/src/main/java/org/springframework/security/authentication/dao/DaoAuthenticationProvider.java
@@ -69,16 +69,12 @@ public class DaoAuthenticationProvider extends AbstractUserDetailsAuthentication
 			UsernamePasswordAuthenticationToken authentication) throws AuthenticationException {
 		if (authentication.getCredentials() == null) {
 			this.logger.debug("Authentication failed: no credentials provided");
-
 			throw new BadCredentialsException(this.messages
 					.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
 		}
-
 		String presentedPassword = authentication.getCredentials().toString();
-
 		if (!this.passwordEncoder.matches(presentedPassword, userDetails.getPassword())) {
 			this.logger.debug("Authentication failed: password does not match stored value");
-
 			throw new BadCredentialsException(this.messages
 					.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
 		}
diff --git a/core/src/main/java/org/springframework/security/authentication/event/LoggerListener.java b/core/src/main/java/org/springframework/security/authentication/event/LoggerListener.java
index 71b153c201..92fda0f52d 100644
--- a/core/src/main/java/org/springframework/security/authentication/event/LoggerListener.java
+++ b/core/src/main/java/org/springframework/security/authentication/event/LoggerListener.java
@@ -20,6 +20,7 @@ import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
 import org.springframework.context.ApplicationListener;
+import org.springframework.core.log.LogMessage;
 import org.springframework.util.ClassUtils;
 
 /**
@@ -44,23 +45,22 @@ public class LoggerListener implements ApplicationListener<AbstractAuthenticatio
 		if (!this.logInteractiveAuthenticationSuccessEvents && event instanceof InteractiveAuthenticationSuccessEvent) {
 			return;
 		}
+		logger.warn(LogMessage.of(() -> getLogMessage(event)));
+	}
 
-		if (logger.isWarnEnabled()) {
-			final StringBuilder builder = new StringBuilder();
-			builder.append("Authentication event ");
-			builder.append(ClassUtils.getShortName(event.getClass()));
-			builder.append(": ");
-			builder.append(event.getAuthentication().getName());
-			builder.append("; details: ");
-			builder.append(event.getAuthentication().getDetails());
-
-			if (event instanceof AbstractAuthenticationFailureEvent) {
-				builder.append("; exception: ");
-				builder.append(((AbstractAuthenticationFailureEvent) event).getException().getMessage());
-			}
-
-			logger.warn(builder.toString());
+	private String getLogMessage(AbstractAuthenticationEvent event) {
+		StringBuilder builder = new StringBuilder();
+		builder.append("Authentication event ");
+		builder.append(ClassUtils.getShortName(event.getClass()));
+		builder.append(": ");
+		builder.append(event.getAuthentication().getName());
+		builder.append("; details: ");
+		builder.append(event.getAuthentication().getDetails());
+		if (event instanceof AbstractAuthenticationFailureEvent) {
+			builder.append("; exception: ");
+			builder.append(((AbstractAuthenticationFailureEvent) event).getException().getMessage());
 		}
+		return builder.toString();
 	}
 
 	public boolean isLogInteractiveAuthenticationSuccessEvents() {
diff --git a/core/src/main/java/org/springframework/security/authentication/jaas/AbstractJaasAuthenticationProvider.java b/core/src/main/java/org/springframework/security/authentication/jaas/AbstractJaasAuthenticationProvider.java
index 93903db4da..d9327ff437 100644
--- a/core/src/main/java/org/springframework/security/authentication/jaas/AbstractJaasAuthenticationProvider.java
+++ b/core/src/main/java/org/springframework/security/authentication/jaas/AbstractJaasAuthenticationProvider.java
@@ -36,6 +36,7 @@ import org.springframework.beans.factory.InitializingBean;
 import org.springframework.context.ApplicationEventPublisher;
 import org.springframework.context.ApplicationEventPublisherAware;
 import org.springframework.context.ApplicationListener;
+import org.springframework.core.log.LogMessage;
 import org.springframework.security.authentication.AuthenticationProvider;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.authentication.jaas.event.JaasAuthenticationFailedEvent;
@@ -46,6 +47,7 @@ import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.core.session.SessionDestroyedEvent;
 import org.springframework.util.Assert;
+import org.springframework.util.CollectionUtils;
 import org.springframework.util.ObjectUtils;
 
 /**
@@ -161,58 +163,53 @@ public abstract class AbstractJaasAuthenticationProvider implements Authenticati
 		if (!(auth instanceof UsernamePasswordAuthenticationToken)) {
 			return null;
 		}
-
 		UsernamePasswordAuthenticationToken request = (UsernamePasswordAuthenticationToken) auth;
 		Set<GrantedAuthority> authorities;
-
 		try {
 			// Create the LoginContext object, and pass our InternallCallbackHandler
 			LoginContext loginContext = createLoginContext(new InternalCallbackHandler(auth));
-
 			// Attempt to login the user, the LoginContext will call our
 			// InternalCallbackHandler at this point.
 			loginContext.login();
-
-			// Create a set to hold the authorities, and add any that have already been
-			// applied.
-			authorities = new HashSet<>();
-
 			// Get the subject principals and pass them to each of the AuthorityGranters
 			Set<Principal> principals = loginContext.getSubject().getPrincipals();
-
-			for (Principal principal : principals) {
-				for (AuthorityGranter granter : this.authorityGranters) {
-					Set<String> roles = granter.grant(principal);
-
-					// If the granter doesn't wish to grant any authorities, it should
-					// return null.
-					if ((roles != null) && !roles.isEmpty()) {
-						for (String role : roles) {
-							authorities.add(new JaasGrantedAuthority(role, principal));
-						}
-					}
-				}
-			}
-
+			// Create a set to hold the authorities, and add any that have already been
+			// applied.
+			authorities = getAuthorities(principals);
 			// Convert the authorities set back to an array and apply it to the token.
 			JaasAuthenticationToken result = new JaasAuthenticationToken(request.getPrincipal(),
 					request.getCredentials(), new ArrayList<>(authorities), loginContext);
-
 			// Publish the success event
 			publishSuccessEvent(result);
-
 			// we're done, return the token.
 			return result;
 
 		}
-		catch (LoginException loginException) {
-			AuthenticationException ase = this.loginExceptionResolver.resolveException(loginException);
-
-			publishFailureEvent(request, ase);
-			throw ase;
+		catch (LoginException ex) {
+			AuthenticationException resolvedException = this.loginExceptionResolver.resolveException(ex);
+			publishFailureEvent(request, resolvedException);
+			throw resolvedException;
 		}
 	}
 
+	private Set<GrantedAuthority> getAuthorities(Set<Principal> principals) {
+		Set<GrantedAuthority> authorities;
+		authorities = new HashSet<>();
+		for (Principal principal : principals) {
+			for (AuthorityGranter granter : this.authorityGranters) {
+				Set<String> roles = granter.grant(principal);
+				// If the granter doesn't wish to grant any authorities,
+				// it should return null.
+				if (!CollectionUtils.isEmpty(roles)) {
+					for (String role : roles) {
+						authorities.add(new JaasGrantedAuthority(role, principal));
+					}
+				}
+			}
+		}
+		return authorities;
+	}
+
 	/**
 	 * Creates the LoginContext to be used for authentication.
 	 * @param handler The CallbackHandler that should be used for the LoginContext (never
@@ -230,32 +227,17 @@ public abstract class AbstractJaasAuthenticationProvider implements Authenticati
 	 */
 	protected void handleLogout(SessionDestroyedEvent event) {
 		List<SecurityContext> contexts = event.getSecurityContexts();
-
 		if (contexts.isEmpty()) {
 			this.log.debug("The destroyed session has no SecurityContexts");
-
 			return;
 		}
-
 		for (SecurityContext context : contexts) {
 			Authentication auth = context.getAuthentication();
-
 			if ((auth != null) && (auth instanceof JaasAuthenticationToken)) {
 				JaasAuthenticationToken token = (JaasAuthenticationToken) auth;
-
 				try {
 					LoginContext loginContext = token.getLoginContext();
-					boolean debug = this.log.isDebugEnabled();
-					if (loginContext != null) {
-						if (debug) {
-							this.log.debug("Logging principal: [" + token.getPrincipal() + "] out of LoginContext");
-						}
-						loginContext.logout();
-					}
-					else if (debug) {
-						this.log.debug("Cannot logout principal: [" + token.getPrincipal() + "] from LoginContext. "
-								+ "The LoginContext is unavailable");
-					}
+					logout(token, loginContext);
 				}
 				catch (LoginException ex) {
 					this.log.warn("Error error logging out of LoginContext", ex);
@@ -264,6 +246,17 @@ public abstract class AbstractJaasAuthenticationProvider implements Authenticati
 		}
 	}
 
+	private void logout(JaasAuthenticationToken token, LoginContext loginContext) throws LoginException {
+		if (loginContext != null) {
+			this.log.debug(
+					LogMessage.of(() -> "Logging principal: [" + token.getPrincipal() + "] out of LoginContext"));
+			loginContext.logout();
+			return;
+		}
+		this.log.debug(LogMessage.of(() -> "Cannot logout principal: [" + token.getPrincipal()
+				+ "] from LoginContext. The LoginContext is unavailable"));
+	}
+
 	@Override
 	public void onApplicationEvent(SessionDestroyedEvent event) {
 		handleLogout(event);
diff --git a/core/src/main/java/org/springframework/security/authentication/jaas/JaasAuthenticationProvider.java b/core/src/main/java/org/springframework/security/authentication/jaas/JaasAuthenticationProvider.java
index f5b20e8653..f9e38143c4 100644
--- a/core/src/main/java/org/springframework/security/authentication/jaas/JaasAuthenticationProvider.java
+++ b/core/src/main/java/org/springframework/security/authentication/jaas/JaasAuthenticationProvider.java
@@ -30,6 +30,7 @@ import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
 import org.springframework.core.io.Resource;
+import org.springframework.core.log.LogMessage;
 import org.springframework.security.authentication.AuthenticationProvider;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.authentication.jaas.event.JaasAuthenticationFailedEvent;
@@ -153,7 +154,6 @@ public class JaasAuthenticationProvider extends AbstractJaasAuthenticationProvid
 		Assert.hasLength(getLoginContextName(), () -> "loginContextName must be set on " + getClass());
 		Assert.notNull(this.loginConfig, () -> "loginConfig must be set on " + getClass());
 		configureJaas(this.loginConfig);
-
 		Assert.notNull(Configuration.getConfiguration(),
 				"As per https://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/login/Configuration.html "
 						+ "\"If a Configuration object was set via the Configuration.setConfiguration method, then that object is "
@@ -173,7 +173,6 @@ public class JaasAuthenticationProvider extends AbstractJaasAuthenticationProvid
 	 */
 	protected void configureJaas(Resource loginConfig) throws IOException {
 		configureJaasUsingLoop();
-
 		if (this.refreshConfigurationOnStartup) {
 			// Overcome issue in SEC-760
 			Configuration.getConfiguration().refresh();
@@ -189,38 +188,30 @@ public class JaasAuthenticationProvider extends AbstractJaasAuthenticationProvid
 	private void configureJaasUsingLoop() throws IOException {
 		String loginConfigUrl = convertLoginConfigToUrl();
 		boolean alreadySet = false;
-
 		int n = 1;
 		final String prefix = "login.config.url.";
 		String existing;
-
 		while ((existing = Security.getProperty(prefix + n)) != null) {
 			alreadySet = existing.equals(loginConfigUrl);
-
 			if (alreadySet) {
 				break;
 			}
-
 			n++;
 		}
-
 		if (!alreadySet) {
 			String key = prefix + n;
-			log.debug("Setting security property [" + key + "] to: " + loginConfigUrl);
+			log.debug(LogMessage.format("Setting security property [%s] to: %s", key, loginConfigUrl));
 			Security.setProperty(key, loginConfigUrl);
 		}
 	}
 
 	private String convertLoginConfigToUrl() throws IOException {
 		String loginConfigPath;
-
 		try {
 			loginConfigPath = this.loginConfig.getFile().getAbsolutePath().replace(File.separatorChar, '/');
-
 			if (!loginConfigPath.startsWith("/")) {
 				loginConfigPath = "/" + loginConfigPath;
 			}
-
 			return new URL("file", "", loginConfigPath).toString();
 		}
 		catch (IOException ex) {
diff --git a/core/src/main/java/org/springframework/security/authentication/jaas/JaasNameCallbackHandler.java b/core/src/main/java/org/springframework/security/authentication/jaas/JaasNameCallbackHandler.java
index d2aba3590d..1f7881283f 100644
--- a/core/src/main/java/org/springframework/security/authentication/jaas/JaasNameCallbackHandler.java
+++ b/core/src/main/java/org/springframework/security/authentication/jaas/JaasNameCallbackHandler.java
@@ -46,20 +46,16 @@ public class JaasNameCallbackHandler implements JaasAuthenticationCallbackHandle
 	@Override
 	public void handle(Callback callback, Authentication authentication) {
 		if (callback instanceof NameCallback) {
-			NameCallback ncb = (NameCallback) callback;
-			String username;
-
-			Object principal = authentication.getPrincipal();
-
-			if (principal instanceof UserDetails) {
-				username = ((UserDetails) principal).getUsername();
-			}
-			else {
-				username = principal.toString();
-			}
-
-			ncb.setName(username);
+			((NameCallback) callback).setName(getUserName(authentication));
 		}
 	}
 
+	private String getUserName(Authentication authentication) {
+		Object principal = authentication.getPrincipal();
+		if (principal instanceof UserDetails) {
+			return ((UserDetails) principal).getUsername();
+		}
+		return principal.toString();
+	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/authentication/jaas/JaasPasswordCallbackHandler.java b/core/src/main/java/org/springframework/security/authentication/jaas/JaasPasswordCallbackHandler.java
index c558a6ea74..8b43440052 100644
--- a/core/src/main/java/org/springframework/security/authentication/jaas/JaasPasswordCallbackHandler.java
+++ b/core/src/main/java/org/springframework/security/authentication/jaas/JaasPasswordCallbackHandler.java
@@ -47,8 +47,7 @@ public class JaasPasswordCallbackHandler implements JaasAuthenticationCallbackHa
 	@Override
 	public void handle(Callback callback, Authentication auth) {
 		if (callback instanceof PasswordCallback) {
-			PasswordCallback pc = (PasswordCallback) callback;
-			pc.setPassword(auth.getCredentials().toString().toCharArray());
+			((PasswordCallback) callback).setPassword(auth.getCredentials().toString().toCharArray());
 		}
 	}
 
diff --git a/core/src/main/java/org/springframework/security/authentication/jaas/SecurityContextLoginModule.java b/core/src/main/java/org/springframework/security/authentication/jaas/SecurityContextLoginModule.java
index c74bfcd6c1..4cc8c8d402 100644
--- a/core/src/main/java/org/springframework/security/authentication/jaas/SecurityContextLoginModule.java
+++ b/core/src/main/java/org/springframework/security/authentication/jaas/SecurityContextLoginModule.java
@@ -73,9 +73,7 @@ public class SecurityContextLoginModule implements LoginModule {
 		if (this.authen == null) {
 			return false;
 		}
-
 		this.authen = null;
-
 		return true;
 	}
 
@@ -91,9 +89,7 @@ public class SecurityContextLoginModule implements LoginModule {
 		if (this.authen == null) {
 			return false;
 		}
-
 		this.subject.getPrincipals().add(this.authen);
-
 		return true;
 	}
 
@@ -119,7 +115,6 @@ public class SecurityContextLoginModule implements LoginModule {
 	@SuppressWarnings("unchecked")
 	public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) {
 		this.subject = subject;
-
 		if (options != null) {
 			this.ignoreMissingAuthentication = "true".equals(options.get("ignoreMissingAuthentication"));
 		}
@@ -135,21 +130,15 @@ public class SecurityContextLoginModule implements LoginModule {
 	@Override
 	public boolean login() throws LoginException {
 		this.authen = SecurityContextHolder.getContext().getAuthentication();
-
-		if (this.authen == null) {
-			String msg = "Login cannot complete, authentication not found in security context";
-
-			if (this.ignoreMissingAuthentication) {
-				log.warn(msg);
-
-				return false;
-			}
-			else {
-				throw new LoginException(msg);
-			}
+		if (this.authen != null) {
+			return true;
 		}
-
-		return true;
+		String msg = "Login cannot complete, authentication not found in security context";
+		if (!this.ignoreMissingAuthentication) {
+			throw new LoginException(msg);
+		}
+		log.warn(msg);
+		return false;
 	}
 
 	/**
@@ -163,10 +152,8 @@ public class SecurityContextLoginModule implements LoginModule {
 		if (this.authen == null) {
 			return false;
 		}
-
 		this.subject.getPrincipals().remove(this.authen);
 		this.authen = null;
-
 		return true;
 	}
 
diff --git a/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationManagerImpl.java b/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationManagerImpl.java
index 5bf95fad72..2f3063cdd3 100644
--- a/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationManagerImpl.java
+++ b/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationManagerImpl.java
@@ -46,12 +46,11 @@ public class RemoteAuthenticationManagerImpl implements RemoteAuthenticationMana
 	public Collection<? extends GrantedAuthority> attemptAuthentication(String username, String password)
 			throws RemoteAuthenticationException {
 		UsernamePasswordAuthenticationToken request = new UsernamePasswordAuthenticationToken(username, password);
-
 		try {
 			return this.authenticationManager.authenticate(request).getAuthorities();
 		}
-		catch (AuthenticationException authEx) {
-			throw new RemoteAuthenticationException(authEx.getMessage());
+		catch (AuthenticationException ex) {
+			throw new RemoteAuthenticationException(ex.getMessage());
 		}
 	}
 
diff --git a/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationProvider.java b/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationProvider.java
index d68867bc7a..3ed938a248 100644
--- a/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationProvider.java
+++ b/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationProvider.java
@@ -66,7 +66,6 @@ public class RemoteAuthenticationProvider implements AuthenticationProvider, Ini
 		String password = (credentials != null) ? credentials.toString() : null;
 		Collection<? extends GrantedAuthority> authorities = this.remoteAuthenticationManager
 				.attemptAuthentication(username, password);
-
 		return new UsernamePasswordAuthenticationToken(username, password, authorities);
 	}
 
diff --git a/core/src/main/java/org/springframework/security/authorization/AuthenticatedReactiveAuthorizationManager.java b/core/src/main/java/org/springframework/security/authorization/AuthenticatedReactiveAuthorizationManager.java
index b854eac09f..2bba4744f6 100644
--- a/core/src/main/java/org/springframework/security/authorization/AuthenticatedReactiveAuthorizationManager.java
+++ b/core/src/main/java/org/springframework/security/authorization/AuthenticatedReactiveAuthorizationManager.java
@@ -39,10 +39,14 @@ public class AuthenticatedReactiveAuthorizationManager<T> implements ReactiveAut
 
 	@Override
 	public Mono<AuthorizationDecision> check(Mono<Authentication> authentication, T object) {
-		return authentication.filter(this::isNotAnonymous).map((a) -> new AuthorizationDecision(a.isAuthenticated()))
+		return authentication.filter(this::isNotAnonymous).map(this::getAuthorizationDecision)
 				.defaultIfEmpty(new AuthorizationDecision(false));
 	}
 
+	private AuthorizationDecision getAuthorizationDecision(Authentication authentication) {
+		return new AuthorizationDecision(authentication.isAuthenticated());
+	}
+
 	/**
 	 * Verify (via {@link AuthenticationTrustResolver}) that the given authentication is
 	 * not anonymous.
diff --git a/core/src/main/java/org/springframework/security/authorization/AuthorityReactiveAuthorizationManager.java b/core/src/main/java/org/springframework/security/authorization/AuthorityReactiveAuthorizationManager.java
index e8bb7b8fe8..144904a000 100644
--- a/core/src/main/java/org/springframework/security/authorization/AuthorityReactiveAuthorizationManager.java
+++ b/core/src/main/java/org/springframework/security/authorization/AuthorityReactiveAuthorizationManager.java
@@ -22,6 +22,7 @@ import java.util.List;
 import reactor.core.publisher.Mono;
 
 import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
 import org.springframework.util.Assert;
 
 /**
@@ -42,9 +43,8 @@ public class AuthorityReactiveAuthorizationManager<T> implements ReactiveAuthori
 
 	@Override
 	public Mono<AuthorizationDecision> check(Mono<Authentication> authentication, T object) {
-		return authentication.filter((a) -> a.isAuthenticated()).flatMapIterable((a) -> a.getAuthorities())
-				.map((g) -> g.getAuthority()).any((a) -> this.authorities.contains(a))
-				.map((hasAuthority) -> new AuthorizationDecision(hasAuthority))
+		return authentication.filter((a) -> a.isAuthenticated()).flatMapIterable(Authentication::getAuthorities)
+				.map(GrantedAuthority::getAuthority).any(this.authorities::contains).map(AuthorizationDecision::new)
 				.defaultIfEmpty(new AuthorizationDecision(false));
 	}
 
@@ -74,7 +74,6 @@ public class AuthorityReactiveAuthorizationManager<T> implements ReactiveAuthori
 		for (String authority : authorities) {
 			Assert.notNull(authority, "authority cannot be null");
 		}
-
 		return new AuthorityReactiveAuthorizationManager<>(authorities);
 	}
 
@@ -104,7 +103,6 @@ public class AuthorityReactiveAuthorizationManager<T> implements ReactiveAuthori
 		for (String role : roles) {
 			Assert.notNull(role, "role cannot be null");
 		}
-
 		return hasAnyAuthority(toNamedRolesArray(roles));
 	}
 
diff --git a/core/src/main/java/org/springframework/security/authorization/ReactiveAuthorizationManager.java b/core/src/main/java/org/springframework/security/authorization/ReactiveAuthorizationManager.java
index 05b3adc293..ff5c304794 100644
--- a/core/src/main/java/org/springframework/security/authorization/ReactiveAuthorizationManager.java
+++ b/core/src/main/java/org/springframework/security/authorization/ReactiveAuthorizationManager.java
@@ -47,9 +47,9 @@ public interface ReactiveAuthorizationManager<T> {
 	 * denied
 	 */
 	default Mono<Void> verify(Mono<Authentication> authentication, T object) {
-		return check(authentication, object).filter((d) -> d.isGranted())
+		return check(authentication, object).filter(AuthorizationDecision::isGranted)
 				.switchIfEmpty(Mono.defer(() -> Mono.error(new AccessDeniedException("Access Denied"))))
-				.flatMap((d) -> Mono.empty());
+				.flatMap((decision) -> Mono.empty());
 	}
 
 }
diff --git a/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextCallable.java b/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextCallable.java
index ea7a1a9849..50d1b89af0 100644
--- a/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextCallable.java
+++ b/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextCallable.java
@@ -79,7 +79,6 @@ public final class DelegatingSecurityContextCallable<V> implements Callable<V> {
 	@Override
 	public V call() throws Exception {
 		this.originalSecurityContext = SecurityContextHolder.getContext();
-
 		try {
 			SecurityContextHolder.setContext(this.delegateSecurityContext);
 			return this.delegate.call();
diff --git a/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextExecutor.java b/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextExecutor.java
index 4f035cac2b..c1af6a7546 100644
--- a/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextExecutor.java
+++ b/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextExecutor.java
@@ -59,8 +59,7 @@ public class DelegatingSecurityContextExecutor extends AbstractDelegatingSecurit
 
 	@Override
 	public final void execute(Runnable task) {
-		task = wrap(task);
-		this.delegate.execute(task);
+		this.delegate.execute(wrap(task));
 	}
 
 	protected final Executor getDelegateExecutor() {
diff --git a/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextExecutorService.java b/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextExecutorService.java
index 34201d5594..289f9bec83 100644
--- a/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextExecutorService.java
+++ b/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextExecutorService.java
@@ -90,20 +90,17 @@ public class DelegatingSecurityContextExecutorService extends DelegatingSecurity
 
 	@Override
 	public final <T> Future<T> submit(Callable<T> task) {
-		task = wrap(task);
-		return getDelegate().submit(task);
+		return getDelegate().submit(wrap(task));
 	}
 
 	@Override
 	public final <T> Future<T> submit(Runnable task, T result) {
-		task = wrap(task);
-		return getDelegate().submit(task, result);
+		return getDelegate().submit(wrap(task), result);
 	}
 
 	@Override
 	public final Future<?> submit(Runnable task) {
-		task = wrap(task);
-		return getDelegate().submit(task);
+		return getDelegate().submit(wrap(task));
 	}
 
 	@Override
diff --git a/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextRunnable.java b/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextRunnable.java
index 80def0d9cf..24b0746641 100644
--- a/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextRunnable.java
+++ b/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextRunnable.java
@@ -77,7 +77,6 @@ public final class DelegatingSecurityContextRunnable implements Runnable {
 	@Override
 	public void run() {
 		this.originalSecurityContext = SecurityContextHolder.getContext();
-
 		try {
 			SecurityContextHolder.setContext(this.delegateSecurityContext);
 			this.delegate.run();
diff --git a/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextScheduledExecutorService.java b/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextScheduledExecutorService.java
index 3c01e1e201..ee8ff98489 100644
--- a/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextScheduledExecutorService.java
+++ b/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextScheduledExecutorService.java
@@ -61,26 +61,22 @@ public final class DelegatingSecurityContextScheduledExecutorService extends Del
 
 	@Override
 	public ScheduledFuture<?> schedule(Runnable command, long delay, TimeUnit unit) {
-		command = wrap(command);
-		return getDelegate().schedule(command, delay, unit);
+		return getDelegate().schedule(wrap(command), delay, unit);
 	}
 
 	@Override
 	public <V> ScheduledFuture<V> schedule(Callable<V> callable, long delay, TimeUnit unit) {
-		callable = wrap(callable);
-		return getDelegate().schedule(callable, delay, unit);
+		return getDelegate().schedule(wrap(callable), delay, unit);
 	}
 
 	@Override
 	public ScheduledFuture<?> scheduleAtFixedRate(Runnable command, long initialDelay, long period, TimeUnit unit) {
-		command = wrap(command);
-		return getDelegate().scheduleAtFixedRate(command, initialDelay, period, unit);
+		return getDelegate().scheduleAtFixedRate(wrap(command), initialDelay, period, unit);
 	}
 
 	@Override
 	public ScheduledFuture<?> scheduleWithFixedDelay(Runnable command, long initialDelay, long delay, TimeUnit unit) {
-		command = wrap(command);
-		return getDelegate().scheduleWithFixedDelay(command, initialDelay, delay, unit);
+		return getDelegate().scheduleWithFixedDelay(wrap(command), initialDelay, delay, unit);
 	}
 
 	private ScheduledExecutorService getDelegate() {
diff --git a/core/src/main/java/org/springframework/security/converter/RsaKeyConverters.java b/core/src/main/java/org/springframework/security/converter/RsaKeyConverters.java
index b675c35855..c330d4121e 100644
--- a/core/src/main/java/org/springframework/security/converter/RsaKeyConverters.java
+++ b/core/src/main/java/org/springframework/security/converter/RsaKeyConverters.java
@@ -72,7 +72,7 @@ public final class RsaKeyConverters {
 		return (source) -> {
 			List<String> lines = readAllLines(source);
 			Assert.isTrue(!lines.isEmpty() && lines.get(0).startsWith(PKCS8_PEM_HEADER),
-					"Key is not in PEM-encoded PKCS#8 format, " + "please check that the header begins with -----"
+					"Key is not in PEM-encoded PKCS#8 format, please check that the header begins with -----"
 							+ PKCS8_PEM_HEADER + "-----");
 			StringBuilder base64Encoded = new StringBuilder();
 			for (String line : lines) {
@@ -81,7 +81,6 @@ public final class RsaKeyConverters {
 				}
 			}
 			byte[] pkcs8 = Base64.getDecoder().decode(base64Encoded.toString());
-
 			try {
 				return (RSAPrivateKey) keyFactory.generatePrivate(new PKCS8EncodedKeySpec(pkcs8));
 			}
@@ -105,7 +104,7 @@ public final class RsaKeyConverters {
 		return (source) -> {
 			List<String> lines = readAllLines(source);
 			Assert.isTrue(!lines.isEmpty() && lines.get(0).startsWith(X509_PEM_HEADER),
-					"Key is not in PEM-encoded X.509 format, " + "please check that the header begins with -----"
+					"Key is not in PEM-encoded X.509 format, please check that the header begins with -----"
 							+ X509_PEM_HEADER + "-----");
 			StringBuilder base64Encoded = new StringBuilder();
 			for (String line : lines) {
@@ -114,7 +113,6 @@ public final class RsaKeyConverters {
 				}
 			}
 			byte[] x509 = Base64.getDecoder().decode(base64Encoded.toString());
-
 			try {
 				return (RSAPublicKey) keyFactory.generatePublic(new X509EncodedKeySpec(x509));
 			}
diff --git a/core/src/main/java/org/springframework/security/core/SpringSecurityCoreVersion.java b/core/src/main/java/org/springframework/security/core/SpringSecurityCoreVersion.java
index d8c6fadf92..e67e0cafd3 100644
--- a/core/src/main/java/org/springframework/security/core/SpringSecurityCoreVersion.java
+++ b/core/src/main/java/org/springframework/security/core/SpringSecurityCoreVersion.java
@@ -53,14 +53,6 @@ public final class SpringSecurityCoreVersion {
 	private SpringSecurityCoreVersion() {
 	}
 
-	public static String getVersion() {
-		Package pkg = SpringSecurityCoreVersion.class.getPackage();
-		return (pkg != null) ? pkg.getImplementationVersion() : null;
-	}
-
-	/**
-	 * Performs version checks
-	 */
 	private static void performVersionChecks() {
 		performVersionChecks(MIN_SPRING_VERSION);
 	}
@@ -76,11 +68,9 @@ public final class SpringSecurityCoreVersion {
 		// Check Spring Compatibility
 		String springVersion = SpringVersion.getVersion();
 		String version = getVersion();
-
 		if (disableChecks(springVersion, version)) {
 			return;
 		}
-
 		logger.info("You are running with Spring Security Core " + version);
 		if (new ComparableVersion(springVersion).compareTo(new ComparableVersion(minSpringVersion)) < 0) {
 			logger.warn("**** You are advised to use Spring " + minSpringVersion
@@ -88,6 +78,11 @@ public final class SpringSecurityCoreVersion {
 		}
 	}
 
+	public static String getVersion() {
+		Package pkg = SpringSecurityCoreVersion.class.getPackage();
+		return (pkg != null) ? pkg.getImplementationVersion() : null;
+	}
+
 	/**
 	 * Disable if springVersion and springSecurityVersion are the same to allow working
 	 * with Uber Jars.
diff --git a/core/src/main/java/org/springframework/security/core/authority/AuthorityUtils.java b/core/src/main/java/org/springframework/security/core/authority/AuthorityUtils.java
index 1c69e4dc9f..babadbca1d 100644
--- a/core/src/main/java/org/springframework/security/core/authority/AuthorityUtils.java
+++ b/core/src/main/java/org/springframework/security/core/authority/AuthorityUtils.java
@@ -34,10 +34,13 @@ import org.springframework.util.StringUtils;
  *
  * @author Luke Taylor
  */
-public abstract class AuthorityUtils {
+public final class AuthorityUtils {
 
 	public static final List<GrantedAuthority> NO_AUTHORITIES = Collections.emptyList();
 
+	private AuthorityUtils() {
+	}
+
 	/**
 	 * Creates a array of GrantedAuthority objects from a comma-separated string
 	 * representation (e.g. "ROLE_A, ROLE_B, ROLE_C").
@@ -56,11 +59,9 @@ public abstract class AuthorityUtils {
 	public static Set<String> authorityListToSet(Collection<? extends GrantedAuthority> userAuthorities) {
 		Assert.notNull(userAuthorities, "userAuthorities cannot be null");
 		Set<String> set = new HashSet<>(userAuthorities.size());
-
 		for (GrantedAuthority authority : userAuthorities) {
 			set.add(authority.getAuthority());
 		}
-
 		return set;
 	}
 
@@ -71,11 +72,9 @@ public abstract class AuthorityUtils {
 	 */
 	public static List<GrantedAuthority> createAuthorityList(String... authorities) {
 		List<GrantedAuthority> grantedAuthorities = new ArrayList<>(authorities.length);
-
 		for (String authority : authorities) {
 			grantedAuthorities.add(new SimpleGrantedAuthority(authority));
 		}
-
 		return grantedAuthorities;
 	}
 
diff --git a/core/src/main/java/org/springframework/security/core/authority/SimpleGrantedAuthority.java b/core/src/main/java/org/springframework/security/core/authority/SimpleGrantedAuthority.java
index d5ae07612e..71719d4801 100644
--- a/core/src/main/java/org/springframework/security/core/authority/SimpleGrantedAuthority.java
+++ b/core/src/main/java/org/springframework/security/core/authority/SimpleGrantedAuthority.java
@@ -50,11 +50,9 @@ public final class SimpleGrantedAuthority implements GrantedAuthority {
 		if (this == obj) {
 			return true;
 		}
-
 		if (obj instanceof SimpleGrantedAuthority) {
 			return this.role.equals(((SimpleGrantedAuthority) obj).role);
 		}
-
 		return false;
 	}
 
diff --git a/core/src/main/java/org/springframework/security/core/authority/mapping/MapBasedAttributes2GrantedAuthoritiesMapper.java b/core/src/main/java/org/springframework/security/core/authority/mapping/MapBasedAttributes2GrantedAuthoritiesMapper.java
index 733cb2e79a..263973f5d2 100755
--- a/core/src/main/java/org/springframework/security/core/authority/mapping/MapBasedAttributes2GrantedAuthoritiesMapper.java
+++ b/core/src/main/java/org/springframework/security/core/authority/mapping/MapBasedAttributes2GrantedAuthoritiesMapper.java
@@ -58,16 +58,15 @@ public class MapBasedAttributes2GrantedAuthoritiesMapper
 	 */
 	@Override
 	public List<GrantedAuthority> getGrantedAuthorities(Collection<String> attributes) {
-		ArrayList<GrantedAuthority> gaList = new ArrayList<>();
+		ArrayList<GrantedAuthority> result = new ArrayList<>();
 		for (String attribute : attributes) {
-			Collection<GrantedAuthority> c = this.attributes2grantedAuthoritiesMap.get(attribute);
-			if (c != null) {
-				gaList.addAll(c);
+			Collection<GrantedAuthority> granted = this.attributes2grantedAuthoritiesMap.get(attribute);
+			if (granted != null) {
+				result.addAll(granted);
 			}
 		}
-		gaList.trimToSize();
-
-		return gaList;
+		result.trimToSize();
+		return result;
 	}
 
 	/**
@@ -85,7 +84,6 @@ public class MapBasedAttributes2GrantedAuthoritiesMapper
 		Assert.notEmpty(attributes2grantedAuthoritiesMap,
 				"A non-empty attributes2grantedAuthoritiesMap must be supplied");
 		this.attributes2grantedAuthoritiesMap = preProcessMap(attributes2grantedAuthoritiesMap);
-
 		this.mappableAttributes = Collections.unmodifiableSet(this.attributes2grantedAuthoritiesMap.keySet());
 	}
 
@@ -96,7 +94,6 @@ public class MapBasedAttributes2GrantedAuthoritiesMapper
 	 */
 	private Map<String, Collection<GrantedAuthority>> preProcessMap(Map<?, ?> orgMap) {
 		Map<String, Collection<GrantedAuthority>> result = new HashMap<>(orgMap.size());
-
 		for (Map.Entry<?, ?> entry : orgMap.entrySet()) {
 			Assert.isInstanceOf(String.class, entry.getKey(),
 					"attributes2grantedAuthoritiesMap contains non-String objects as keys");
@@ -156,11 +153,11 @@ public class MapBasedAttributes2GrantedAuthoritiesMapper
 	}
 
 	private void addGrantedAuthorityCollection(Collection<GrantedAuthority> result, String value) {
-		StringTokenizer st = new StringTokenizer(value, this.stringSeparator, false);
-		while (st.hasMoreTokens()) {
-			String nextToken = st.nextToken();
-			if (StringUtils.hasText(nextToken)) {
-				result.add(new SimpleGrantedAuthority(nextToken));
+		StringTokenizer tokenizer = new StringTokenizer(value, this.stringSeparator, false);
+		while (tokenizer.hasMoreTokens()) {
+			String token = tokenizer.nextToken();
+			if (StringUtils.hasText(token)) {
+				result.add(new SimpleGrantedAuthority(token));
 			}
 		}
 	}
diff --git a/core/src/main/java/org/springframework/security/core/authority/mapping/SimpleAuthorityMapper.java b/core/src/main/java/org/springframework/security/core/authority/mapping/SimpleAuthorityMapper.java
index 577dff4990..2bb66a73b6 100644
--- a/core/src/main/java/org/springframework/security/core/authority/mapping/SimpleAuthorityMapper.java
+++ b/core/src/main/java/org/springframework/security/core/authority/mapping/SimpleAuthorityMapper.java
@@ -63,11 +63,9 @@ public final class SimpleAuthorityMapper implements GrantedAuthoritiesMapper, In
 		for (GrantedAuthority authority : authorities) {
 			mapped.add(mapAuthority(authority.getAuthority()));
 		}
-
 		if (this.defaultAuthority != null) {
 			mapped.add(this.defaultAuthority);
 		}
-
 		return mapped;
 	}
 
@@ -78,11 +76,9 @@ public final class SimpleAuthorityMapper implements GrantedAuthoritiesMapper, In
 		else if (this.convertToLowerCase) {
 			name = name.toLowerCase();
 		}
-
 		if (this.prefix.length() > 0 && !name.startsWith(this.prefix)) {
 			name = this.prefix + name;
 		}
-
 		return new SimpleGrantedAuthority(name);
 	}
 
diff --git a/core/src/main/java/org/springframework/security/core/context/GlobalSecurityContextHolderStrategy.java b/core/src/main/java/org/springframework/security/core/context/GlobalSecurityContextHolderStrategy.java
index 141c1d6354..d8367c4ebd 100644
--- a/core/src/main/java/org/springframework/security/core/context/GlobalSecurityContextHolderStrategy.java
+++ b/core/src/main/java/org/springframework/security/core/context/GlobalSecurityContextHolderStrategy.java
@@ -41,7 +41,6 @@ final class GlobalSecurityContextHolderStrategy implements SecurityContextHolder
 		if (contextHolder == null) {
 			contextHolder = new SecurityContextImpl();
 		}
-
 		return contextHolder;
 	}
 
diff --git a/core/src/main/java/org/springframework/security/core/context/InheritableThreadLocalSecurityContextHolderStrategy.java b/core/src/main/java/org/springframework/security/core/context/InheritableThreadLocalSecurityContextHolderStrategy.java
index fac2ce9875..cb415500ca 100644
--- a/core/src/main/java/org/springframework/security/core/context/InheritableThreadLocalSecurityContextHolderStrategy.java
+++ b/core/src/main/java/org/springframework/security/core/context/InheritableThreadLocalSecurityContextHolderStrategy.java
@@ -37,12 +37,10 @@ final class InheritableThreadLocalSecurityContextHolderStrategy implements Secur
 	@Override
 	public SecurityContext getContext() {
 		SecurityContext ctx = contextHolder.get();
-
 		if (ctx == null) {
 			ctx = createEmptyContext();
 			contextHolder.set(ctx);
 		}
-
 		return ctx;
 	}
 
diff --git a/core/src/main/java/org/springframework/security/core/context/ReactiveSecurityContextHolder.java b/core/src/main/java/org/springframework/security/core/context/ReactiveSecurityContextHolder.java
index 449d461fd7..279ccfed8c 100644
--- a/core/src/main/java/org/springframework/security/core/context/ReactiveSecurityContextHolder.java
+++ b/core/src/main/java/org/springframework/security/core/context/ReactiveSecurityContextHolder.java
@@ -41,8 +41,16 @@ public final class ReactiveSecurityContextHolder {
 	 * @return the {@code Mono<SecurityContext>}
 	 */
 	public static Mono<SecurityContext> getContext() {
-		return Mono.subscriberContext().filter((c) -> c.hasKey(SECURITY_CONTEXT_KEY))
-				.flatMap((c) -> c.<Mono<SecurityContext>>get(SECURITY_CONTEXT_KEY));
+		return Mono.subscriberContext().filter(ReactiveSecurityContextHolder::hasSecurityContext)
+				.flatMap(ReactiveSecurityContextHolder::getSecurityContext);
+	}
+
+	private static boolean hasSecurityContext(Context context) {
+		return context.hasKey(SECURITY_CONTEXT_KEY);
+	}
+
+	private static Mono<SecurityContext> getSecurityContext(Context context) {
+		return context.<Mono<SecurityContext>>get(SECURITY_CONTEXT_KEY);
 	}
 
 	/**
diff --git a/core/src/main/java/org/springframework/security/core/context/SecurityContextHolder.java b/core/src/main/java/org/springframework/security/core/context/SecurityContextHolder.java
index d84fbf9419..810edef7c9 100644
--- a/core/src/main/java/org/springframework/security/core/context/SecurityContextHolder.java
+++ b/core/src/main/java/org/springframework/security/core/context/SecurityContextHolder.java
@@ -67,6 +67,34 @@ public class SecurityContextHolder {
 		initialize();
 	}
 
+	private static void initialize() {
+		if (!StringUtils.hasText(strategyName)) {
+			// Set default
+			strategyName = MODE_THREADLOCAL;
+		}
+		if (strategyName.equals(MODE_THREADLOCAL)) {
+			strategy = new ThreadLocalSecurityContextHolderStrategy();
+		}
+		else if (strategyName.equals(MODE_INHERITABLETHREADLOCAL)) {
+			strategy = new InheritableThreadLocalSecurityContextHolderStrategy();
+		}
+		else if (strategyName.equals(MODE_GLOBAL)) {
+			strategy = new GlobalSecurityContextHolderStrategy();
+		}
+		else {
+			// Try to load a custom strategy
+			try {
+				Class<?> clazz = Class.forName(strategyName);
+				Constructor<?> customStrategy = clazz.getConstructor();
+				strategy = (SecurityContextHolderStrategy) customStrategy.newInstance();
+			}
+			catch (Exception ex) {
+				ReflectionUtils.handleReflectionException(ex);
+			}
+		}
+		initializeCount++;
+	}
+
 	/**
 	 * Explicitly clears the context value from the current thread.
 	 */
@@ -92,36 +120,6 @@ public class SecurityContextHolder {
 		return initializeCount;
 	}
 
-	private static void initialize() {
-		if (!StringUtils.hasText(strategyName)) {
-			// Set default
-			strategyName = MODE_THREADLOCAL;
-		}
-
-		if (strategyName.equals(MODE_THREADLOCAL)) {
-			strategy = new ThreadLocalSecurityContextHolderStrategy();
-		}
-		else if (strategyName.equals(MODE_INHERITABLETHREADLOCAL)) {
-			strategy = new InheritableThreadLocalSecurityContextHolderStrategy();
-		}
-		else if (strategyName.equals(MODE_GLOBAL)) {
-			strategy = new GlobalSecurityContextHolderStrategy();
-		}
-		else {
-			// Try to load a custom strategy
-			try {
-				Class<?> clazz = Class.forName(strategyName);
-				Constructor<?> customStrategy = clazz.getConstructor();
-				strategy = (SecurityContextHolderStrategy) customStrategy.newInstance();
-			}
-			catch (Exception ex) {
-				ReflectionUtils.handleReflectionException(ex);
-			}
-		}
-
-		initializeCount++;
-	}
-
 	/**
 	 * Associates a new <code>SecurityContext</code> with the current thread of execution.
 	 * @param context the new <code>SecurityContext</code> (may not be <code>null</code>)
diff --git a/core/src/main/java/org/springframework/security/core/context/SecurityContextImpl.java b/core/src/main/java/org/springframework/security/core/context/SecurityContextImpl.java
index e38de5e3e2..19c18abb24 100644
--- a/core/src/main/java/org/springframework/security/core/context/SecurityContextImpl.java
+++ b/core/src/main/java/org/springframework/security/core/context/SecurityContextImpl.java
@@ -18,6 +18,7 @@ package org.springframework.security.core.context;
 
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.SpringSecurityCoreVersion;
+import org.springframework.util.ObjectUtils;
 
 /**
  * Base implementation of {@link SecurityContext}.
@@ -42,18 +43,15 @@ public class SecurityContextImpl implements SecurityContext {
 	@Override
 	public boolean equals(Object obj) {
 		if (obj instanceof SecurityContextImpl) {
-			SecurityContextImpl test = (SecurityContextImpl) obj;
-
-			if ((this.getAuthentication() == null) && (test.getAuthentication() == null)) {
+			SecurityContextImpl other = (SecurityContextImpl) obj;
+			if ((this.getAuthentication() == null) && (other.getAuthentication() == null)) {
 				return true;
 			}
-
-			if ((this.getAuthentication() != null) && (test.getAuthentication() != null)
-					&& this.getAuthentication().equals(test.getAuthentication())) {
+			if ((this.getAuthentication() != null) && (other.getAuthentication() != null)
+					&& this.getAuthentication().equals(other.getAuthentication())) {
 				return true;
 			}
 		}
-
 		return false;
 	}
 
@@ -64,12 +62,7 @@ public class SecurityContextImpl implements SecurityContext {
 
 	@Override
 	public int hashCode() {
-		if (this.authentication == null) {
-			return -1;
-		}
-		else {
-			return this.authentication.hashCode();
-		}
+		return ObjectUtils.nullSafeHashCode(this.authentication);
 	}
 
 	@Override
@@ -81,14 +74,12 @@ public class SecurityContextImpl implements SecurityContext {
 	public String toString() {
 		StringBuilder sb = new StringBuilder();
 		sb.append(super.toString());
-
 		if (this.authentication == null) {
 			sb.append(": Null authentication");
 		}
 		else {
 			sb.append(": Authentication: ").append(this.authentication);
 		}
-
 		return sb.toString();
 	}
 
diff --git a/core/src/main/java/org/springframework/security/core/context/ThreadLocalSecurityContextHolderStrategy.java b/core/src/main/java/org/springframework/security/core/context/ThreadLocalSecurityContextHolderStrategy.java
index 88506f1a18..801f5c8207 100644
--- a/core/src/main/java/org/springframework/security/core/context/ThreadLocalSecurityContextHolderStrategy.java
+++ b/core/src/main/java/org/springframework/security/core/context/ThreadLocalSecurityContextHolderStrategy.java
@@ -38,12 +38,10 @@ final class ThreadLocalSecurityContextHolderStrategy implements SecurityContextH
 	@Override
 	public SecurityContext getContext() {
 		SecurityContext ctx = contextHolder.get();
-
 		if (ctx == null) {
 			ctx = createEmptyContext();
 			contextHolder.set(ctx);
 		}
-
 		return ctx;
 	}
 
diff --git a/core/src/main/java/org/springframework/security/core/parameters/AnnotationParameterNameDiscoverer.java b/core/src/main/java/org/springframework/security/core/parameters/AnnotationParameterNameDiscoverer.java
index d2f0f6f0c8..18d8099705 100644
--- a/core/src/main/java/org/springframework/security/core/parameters/AnnotationParameterNameDiscoverer.java
+++ b/core/src/main/java/org/springframework/security/core/parameters/AnnotationParameterNameDiscoverer.java
@@ -88,6 +88,11 @@ import org.springframework.util.ReflectionUtils;
  */
 public class AnnotationParameterNameDiscoverer implements ParameterNameDiscoverer {
 
+	private static final ParameterNameFactory<Constructor<?>> CONSTRUCTOR_METHODPARAM_FACTORY = (
+			constructor) -> constructor.getParameterAnnotations();
+
+	private static final ParameterNameFactory<Method> METHOD_METHODPARAM_FACTORY = Method::getParameterAnnotations;
+
 	private final Set<String> annotationClassesToUse;
 
 	public AnnotationParameterNameDiscoverer(String... annotationClassToUse) {
@@ -162,12 +167,6 @@ public class AnnotationParameterNameDiscoverer implements ParameterNameDiscovere
 		return null;
 	}
 
-	private static final ParameterNameFactory<Constructor<?>> CONSTRUCTOR_METHODPARAM_FACTORY = (
-			constructor) -> constructor.getParameterAnnotations();
-
-	private static final ParameterNameFactory<Method> METHOD_METHODPARAM_FACTORY = (method) -> method
-			.getParameterAnnotations();
-
 	/**
 	 * Strategy interface for looking up the parameter names.
 	 *
@@ -175,6 +174,7 @@ public class AnnotationParameterNameDiscoverer implements ParameterNameDiscovere
 	 * @author Rob Winch
 	 * @since 3.2
 	 */
+	@FunctionalInterface
 	private interface ParameterNameFactory<T extends AccessibleObject> {
 
 		/**
diff --git a/core/src/main/java/org/springframework/security/core/parameters/DefaultSecurityParameterNameDiscoverer.java b/core/src/main/java/org/springframework/security/core/parameters/DefaultSecurityParameterNameDiscoverer.java
index b708508192..7a7b339917 100644
--- a/core/src/main/java/org/springframework/security/core/parameters/DefaultSecurityParameterNameDiscoverer.java
+++ b/core/src/main/java/org/springframework/security/core/parameters/DefaultSecurityParameterNameDiscoverer.java
@@ -21,9 +21,6 @@ import java.util.HashSet;
 import java.util.List;
 import java.util.Set;
 
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
 import org.springframework.core.DefaultParameterNameDiscoverer;
 import org.springframework.core.LocalVariableTableParameterNameDiscoverer;
 import org.springframework.core.ParameterNameDiscoverer;
@@ -52,8 +49,6 @@ import org.springframework.util.ClassUtils;
  */
 public class DefaultSecurityParameterNameDiscoverer extends PrioritizedParameterNameDiscoverer {
 
-	private final Log logger = LogFactory.getLog(getClass());
-
 	private static final String DATA_PARAM_CLASSNAME = "org.springframework.data.repository.query.Param";
 
 	private static final boolean DATA_PARAM_PRESENT = ClassUtils.isPresent(DATA_PARAM_CLASSNAME,
@@ -79,14 +74,12 @@ public class DefaultSecurityParameterNameDiscoverer extends PrioritizedParameter
 		for (ParameterNameDiscoverer discover : parameterNameDiscovers) {
 			addDiscoverer(discover);
 		}
-
 		Set<String> annotationClassesToUse = new HashSet<>(2);
 		annotationClassesToUse.add("org.springframework.security.access.method.P");
 		annotationClassesToUse.add(P.class.getName());
 		if (DATA_PARAM_PRESENT) {
 			annotationClassesToUse.add(DATA_PARAM_CLASSNAME);
 		}
-
 		addDiscoverer(new AnnotationParameterNameDiscoverer(annotationClassesToUse));
 		addDiscoverer(new DefaultParameterNameDiscoverer());
 	}
diff --git a/core/src/main/java/org/springframework/security/core/session/SessionRegistryImpl.java b/core/src/main/java/org/springframework/security/core/session/SessionRegistryImpl.java
index 0d648d8c38..73623f1bc4 100644
--- a/core/src/main/java/org/springframework/security/core/session/SessionRegistryImpl.java
+++ b/core/src/main/java/org/springframework/security/core/session/SessionRegistryImpl.java
@@ -30,6 +30,7 @@ import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
 import org.springframework.context.ApplicationListener;
+import org.springframework.core.log.LogMessage;
 import org.springframework.util.Assert;
 
 /**
@@ -74,33 +75,26 @@ public class SessionRegistryImpl implements SessionRegistry, ApplicationListener
 
 	@Override
 	public List<SessionInformation> getAllSessions(Object principal, boolean includeExpiredSessions) {
-		final Set<String> sessionsUsedByPrincipal = this.principals.get(principal);
-
+		Set<String> sessionsUsedByPrincipal = this.principals.get(principal);
 		if (sessionsUsedByPrincipal == null) {
 			return Collections.emptyList();
 		}
-
 		List<SessionInformation> list = new ArrayList<>(sessionsUsedByPrincipal.size());
-
 		for (String sessionId : sessionsUsedByPrincipal) {
 			SessionInformation sessionInformation = getSessionInformation(sessionId);
-
 			if (sessionInformation == null) {
 				continue;
 			}
-
 			if (includeExpiredSessions || !sessionInformation.isExpired()) {
 				list.add(sessionInformation);
 			}
 		}
-
 		return list;
 	}
 
 	@Override
 	public SessionInformation getSessionInformation(String sessionId) {
 		Assert.hasText(sessionId, "SessionId required as per interface contract");
-
 		return this.sessionIds.get(sessionId);
 	}
 
@@ -123,9 +117,7 @@ public class SessionRegistryImpl implements SessionRegistry, ApplicationListener
 	@Override
 	public void refreshLastRequest(String sessionId) {
 		Assert.hasText(sessionId, "SessionId required as per interface contract");
-
 		SessionInformation info = getSessionInformation(sessionId);
-
 		if (info != null) {
 			info.refreshLastRequest();
 		}
@@ -135,26 +127,19 @@ public class SessionRegistryImpl implements SessionRegistry, ApplicationListener
 	public void registerNewSession(String sessionId, Object principal) {
 		Assert.hasText(sessionId, "SessionId required as per interface contract");
 		Assert.notNull(principal, "Principal required as per interface contract");
-
 		if (getSessionInformation(sessionId) != null) {
 			removeSessionInformation(sessionId);
 		}
-
 		if (this.logger.isDebugEnabled()) {
-			this.logger.debug("Registering session " + sessionId + ", for principal " + principal);
+			this.logger.debug(LogMessage.format("Registering session %s, for principal %s", sessionId, principal));
 		}
-
 		this.sessionIds.put(sessionId, new SessionInformation(principal, sessionId, new Date()));
-
 		this.principals.compute(principal, (key, sessionsUsedByPrincipal) -> {
 			if (sessionsUsedByPrincipal == null) {
 				sessionsUsedByPrincipal = new CopyOnWriteArraySet<>();
 			}
 			sessionsUsedByPrincipal.add(sessionId);
-
-			if (this.logger.isTraceEnabled()) {
-				this.logger.trace("Sessions used by '" + principal + "' : " + sessionsUsedByPrincipal);
-			}
+			this.logger.trace(LogMessage.format("Sessions used by '%s' : %s", principal, sessionsUsedByPrincipal));
 			return sessionsUsedByPrincipal;
 		});
 	}
@@ -162,37 +147,25 @@ public class SessionRegistryImpl implements SessionRegistry, ApplicationListener
 	@Override
 	public void removeSessionInformation(String sessionId) {
 		Assert.hasText(sessionId, "SessionId required as per interface contract");
-
 		SessionInformation info = getSessionInformation(sessionId);
-
 		if (info == null) {
 			return;
 		}
-
 		if (this.logger.isTraceEnabled()) {
 			this.logger.debug("Removing session " + sessionId + " from set of registered sessions");
 		}
-
 		this.sessionIds.remove(sessionId);
-
 		this.principals.computeIfPresent(info.getPrincipal(), (key, sessionsUsedByPrincipal) -> {
-			if (this.logger.isDebugEnabled()) {
-				this.logger.debug("Removing session " + sessionId + " from principal's set of registered sessions");
-			}
-
+			this.logger.debug(
+					LogMessage.format("Removing session %s from principal's set of registered sessions", sessionId));
 			sessionsUsedByPrincipal.remove(sessionId);
-
 			if (sessionsUsedByPrincipal.isEmpty()) {
 				// No need to keep object in principals Map anymore
-				if (this.logger.isDebugEnabled()) {
-					this.logger.debug("Removing principal " + info.getPrincipal() + " from registry");
-				}
+				this.logger.debug(LogMessage.format("Removing principal %s from registry", info.getPrincipal()));
 				sessionsUsedByPrincipal = null;
 			}
-
-			if (this.logger.isTraceEnabled()) {
-				this.logger.trace("Sessions used by '" + info.getPrincipal() + "' : " + sessionsUsedByPrincipal);
-			}
+			this.logger.trace(
+					LogMessage.format("Sessions used by '%s' : %s", info.getPrincipal(), sessionsUsedByPrincipal));
 			return sessionsUsedByPrincipal;
 		});
 	}
diff --git a/core/src/main/java/org/springframework/security/core/token/KeyBasedPersistenceTokenService.java b/core/src/main/java/org/springframework/security/core/token/KeyBasedPersistenceTokenService.java
index 4e5297ab5d..cf3f0f0206 100644
--- a/core/src/main/java/org/springframework/security/core/token/KeyBasedPersistenceTokenService.java
+++ b/core/src/main/java/org/springframework/security/core/token/KeyBasedPersistenceTokenService.java
@@ -89,13 +89,14 @@ public class KeyBasedPersistenceTokenService implements TokenService, Initializi
 		String serverSecret = computeServerSecretApplicableAt(creationTime);
 		String pseudoRandomNumber = generatePseudoRandomNumber();
 		String content = creationTime + ":" + pseudoRandomNumber + ":" + extendedInformation;
+		String key = computeKey(serverSecret, content);
+		return new DefaultToken(key, creationTime, extendedInformation);
+	}
 
-		// Compute key
+	private String computeKey(String serverSecret, String content) {
 		String sha512Hex = Sha512DigestUtils.shaHex(content + ":" + serverSecret);
 		String keyPayload = content + ":" + sha512Hex;
-		String key = Utf8.decode(Base64.getEncoder().encode(Utf8.encode(keyPayload)));
-
-		return new DefaultToken(key, creationTime, extendedInformation);
+		return Utf8.decode(Base64.getEncoder().encode(Utf8.encode(keyPayload)));
 	}
 
 	@Override
@@ -106,18 +107,15 @@ public class KeyBasedPersistenceTokenService implements TokenService, Initializi
 		String[] tokens = StringUtils
 				.delimitedListToStringArray(Utf8.decode(Base64.getDecoder().decode(Utf8.encode(key))), ":");
 		Assert.isTrue(tokens.length >= 4, () -> "Expected 4 or more tokens but found " + tokens.length);
-
 		long creationTime;
 		try {
 			creationTime = Long.decode(tokens[0]);
 		}
-		catch (NumberFormatException nfe) {
+		catch (NumberFormatException ex) {
 			throw new IllegalArgumentException("Expected number but found " + tokens[0]);
 		}
-
 		String serverSecret = computeServerSecretApplicableAt(creationTime);
 		String pseudoRandomNumber = tokens[1];
-
 		// Permit extendedInfo to itself contain ":" characters
 		StringBuilder extendedInfo = new StringBuilder();
 		for (int i = 2; i < tokens.length - 1; i++) {
@@ -126,14 +124,11 @@ public class KeyBasedPersistenceTokenService implements TokenService, Initializi
 			}
 			extendedInfo.append(tokens[i]);
 		}
-
 		String sha1Hex = tokens[tokens.length - 1];
-
 		// Verification
 		String content = creationTime + ":" + pseudoRandomNumber + ":" + extendedInfo.toString();
 		String expectedSha512Hex = Sha512DigestUtils.shaHex(content + ":" + serverSecret);
 		Assert.isTrue(expectedSha512Hex.equals(sha1Hex), "Key verification failure");
-
 		return new DefaultToken(key, creationTime, extendedInfo.toString());
 	}
 
diff --git a/core/src/main/java/org/springframework/security/core/token/SecureRandomFactoryBean.java b/core/src/main/java/org/springframework/security/core/token/SecureRandomFactoryBean.java
index 2231f82006..2e73c5dcf7 100644
--- a/core/src/main/java/org/springframework/security/core/token/SecureRandomFactoryBean.java
+++ b/core/src/main/java/org/springframework/security/core/token/SecureRandomFactoryBean.java
@@ -38,19 +38,16 @@ public class SecureRandomFactoryBean implements FactoryBean<SecureRandom> {
 
 	@Override
 	public SecureRandom getObject() throws Exception {
-		SecureRandom rnd = SecureRandom.getInstance(this.algorithm);
-
+		SecureRandom random = SecureRandom.getInstance(this.algorithm);
 		// Request the next bytes, thus eagerly incurring the expense of default
 		// seeding and to prevent the see from replacing the entire state
-		rnd.nextBytes(new byte[1]);
-
+		random.nextBytes(new byte[1]);
 		if (this.seed != null) {
 			// Seed specified, so use it
 			byte[] seedBytes = FileCopyUtils.copyToByteArray(this.seed.getInputStream());
-			rnd.setSeed(seedBytes);
+			random.setSeed(seedBytes);
 		}
-
-		return rnd;
+		return random;
 	}
 
 	@Override
diff --git a/core/src/main/java/org/springframework/security/core/userdetails/MapReactiveUserDetailsService.java b/core/src/main/java/org/springframework/security/core/userdetails/MapReactiveUserDetailsService.java
index 2b465afda5..430bdbe493 100644
--- a/core/src/main/java/org/springframework/security/core/userdetails/MapReactiveUserDetailsService.java
+++ b/core/src/main/java/org/springframework/security/core/userdetails/MapReactiveUserDetailsService.java
@@ -72,10 +72,15 @@ public class MapReactiveUserDetailsService implements ReactiveUserDetailsService
 
 	@Override
 	public Mono<UserDetails> updatePassword(UserDetails user, String newPassword) {
-		return Mono.just(user).map((u) -> User.withUserDetails(u).password(newPassword).build()).doOnNext((u) -> {
-			String key = getKey(user.getUsername());
-			this.users.put(key, u);
-		});
+		return Mono.just(user).map((userDetails) -> withNewPassword(userDetails, newPassword))
+				.doOnNext((userDetails) -> {
+					String key = getKey(user.getUsername());
+					this.users.put(key, userDetails);
+				});
+	}
+
+	private UserDetails withNewPassword(UserDetails userDetails, String newPassword) {
+		return User.withUserDetails(userDetails).password(newPassword).build();
 	}
 
 	private String getKey(String username) {
diff --git a/core/src/main/java/org/springframework/security/core/userdetails/User.java b/core/src/main/java/org/springframework/security/core/userdetails/User.java
index d2587154b8..1b88028c8f 100644
--- a/core/src/main/java/org/springframework/security/core/userdetails/User.java
+++ b/core/src/main/java/org/springframework/security/core/userdetails/User.java
@@ -107,11 +107,8 @@ public class User implements UserDetails, CredentialsContainer {
 	public User(String username, String password, boolean enabled, boolean accountNonExpired,
 			boolean credentialsNonExpired, boolean accountNonLocked,
 			Collection<? extends GrantedAuthority> authorities) {
-
-		if (((username == null) || "".equals(username)) || (password == null)) {
-			throw new IllegalArgumentException("Cannot pass null or empty values to constructor");
-		}
-
+		Assert.isTrue(username != null && !"".equals(username) && password != null,
+				"Cannot pass null or empty values to constructor");
 		this.username = username;
 		this.password = password;
 		this.enabled = enabled;
@@ -166,12 +163,10 @@ public class User implements UserDetails, CredentialsContainer {
 		// Ensure array iteration order is predictable (as per
 		// UserDetails.getAuthorities() contract and SEC-717)
 		SortedSet<GrantedAuthority> sortedAuthorities = new TreeSet<>(new AuthorityComparator());
-
 		for (GrantedAuthority grantedAuthority : authorities) {
 			Assert.notNull(grantedAuthority, "GrantedAuthority list cannot contain any null elements");
 			sortedAuthorities.add(grantedAuthority);
 		}
-
 		return sortedAuthorities;
 	}
 
@@ -183,9 +178,9 @@ public class User implements UserDetails, CredentialsContainer {
 	 * the same principal.
 	 */
 	@Override
-	public boolean equals(Object rhs) {
-		if (rhs instanceof User) {
-			return this.username.equals(((User) rhs).username);
+	public boolean equals(Object obj) {
+		if (obj instanceof User) {
+			return this.username.equals(((User) obj).username);
 		}
 		return false;
 	}
@@ -208,24 +203,20 @@ public class User implements UserDetails, CredentialsContainer {
 		sb.append("AccountNonExpired: ").append(this.accountNonExpired).append("; ");
 		sb.append("credentialsNonExpired: ").append(this.credentialsNonExpired).append("; ");
 		sb.append("AccountNonLocked: ").append(this.accountNonLocked).append("; ");
-
 		if (!this.authorities.isEmpty()) {
 			sb.append("Granted Authorities: ");
-
 			boolean first = true;
 			for (GrantedAuthority auth : this.authorities) {
 				if (!first) {
 					sb.append(",");
 				}
 				first = false;
-
 				sb.append(auth);
 			}
 		}
 		else {
 			sb.append("Not granted any authorities");
 		}
-
 		return sb.toString();
 	}
 
@@ -303,8 +294,8 @@ public class User implements UserDetails, CredentialsContainer {
 	 */
 	@Deprecated
 	public static UserBuilder withDefaultPasswordEncoder() {
-		logger.warn(
-				"User.withDefaultPasswordEncoder() is considered unsafe for production and is only intended for sample applications.");
+		logger.warn("User.withDefaultPasswordEncoder() is considered unsafe for production "
+				+ "and is only intended for sample applications.");
 		PasswordEncoder encoder = PasswordEncoderFactories.createDelegatingPasswordEncoder();
 		return builder().passwordEncoder(encoder::encode);
 	}
@@ -323,17 +314,14 @@ public class User implements UserDetails, CredentialsContainer {
 		@Override
 		public int compare(GrantedAuthority g1, GrantedAuthority g2) {
 			// Neither should ever be null as each entry is checked before adding it to
-			// the set.
-			// If the authority is null, it is a custom authority and should precede
-			// others.
+			// the set. If the authority is null, it is a custom authority and should
+			// precede others.
 			if (g2.getAuthority() == null) {
 				return -1;
 			}
-
 			if (g1.getAuthority() == null) {
 				return 1;
 			}
-
 			return g1.getAuthority().compareTo(g2.getAuthority());
 		}
 
diff --git a/core/src/main/java/org/springframework/security/core/userdetails/cache/EhCacheBasedUserCache.java b/core/src/main/java/org/springframework/security/core/userdetails/cache/EhCacheBasedUserCache.java
index b61e3a135e..201199ffeb 100644
--- a/core/src/main/java/org/springframework/security/core/userdetails/cache/EhCacheBasedUserCache.java
+++ b/core/src/main/java/org/springframework/security/core/userdetails/cache/EhCacheBasedUserCache.java
@@ -22,6 +22,7 @@ import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
 import org.springframework.beans.factory.InitializingBean;
+import org.springframework.core.log.LogMessage;
 import org.springframework.security.core.userdetails.UserCache;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.util.Assert;
@@ -50,35 +51,19 @@ public class EhCacheBasedUserCache implements UserCache, InitializingBean {
 	@Override
 	public UserDetails getUserFromCache(String username) {
 		Element element = this.cache.get(username);
-
-		if (logger.isDebugEnabled()) {
-			logger.debug("Cache hit: " + (element != null) + "; username: " + username);
-		}
-
-		if (element == null) {
-			return null;
-		}
-		else {
-			return (UserDetails) element.getValue();
-		}
+		logger.debug(LogMessage.of(() -> "Cache hit: " + (element != null) + "; username: " + username));
+		return (element != null) ? (UserDetails) element.getValue() : null;
 	}
 
 	@Override
 	public void putUserInCache(UserDetails user) {
 		Element element = new Element(user.getUsername(), user);
-
-		if (logger.isDebugEnabled()) {
-			logger.debug("Cache put: " + element.getKey());
-		}
-
+		logger.debug(LogMessage.of(() -> "Cache put: " + element.getKey()));
 		this.cache.put(element);
 	}
 
 	public void removeUserFromCache(UserDetails user) {
-		if (logger.isDebugEnabled()) {
-			logger.debug("Cache remove: " + user.getUsername());
-		}
-
+		logger.debug(LogMessage.of(() -> "Cache remove: " + user.getUsername()));
 		this.removeUserFromCache(user.getUsername());
 	}
 
diff --git a/core/src/main/java/org/springframework/security/core/userdetails/cache/SpringCacheBasedUserCache.java b/core/src/main/java/org/springframework/security/core/userdetails/cache/SpringCacheBasedUserCache.java
index 50f4b46464..f0cae216e5 100644
--- a/core/src/main/java/org/springframework/security/core/userdetails/cache/SpringCacheBasedUserCache.java
+++ b/core/src/main/java/org/springframework/security/core/userdetails/cache/SpringCacheBasedUserCache.java
@@ -20,6 +20,7 @@ import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
 import org.springframework.cache.Cache;
+import org.springframework.core.log.LogMessage;
 import org.springframework.security.core.userdetails.UserCache;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.util.Assert;
@@ -44,32 +45,18 @@ public class SpringCacheBasedUserCache implements UserCache {
 	@Override
 	public UserDetails getUserFromCache(String username) {
 		Cache.ValueWrapper element = (username != null) ? this.cache.get(username) : null;
-
-		if (logger.isDebugEnabled()) {
-			logger.debug("Cache hit: " + (element != null) + "; username: " + username);
-		}
-
-		if (element == null) {
-			return null;
-		}
-		else {
-			return (UserDetails) element.get();
-		}
+		logger.debug(LogMessage.of(() -> "Cache hit: " + (element != null) + "; username: " + username));
+		return (element != null) ? (UserDetails) element.get() : null;
 	}
 
 	@Override
 	public void putUserInCache(UserDetails user) {
-		if (logger.isDebugEnabled()) {
-			logger.debug("Cache put: " + user.getUsername());
-		}
+		logger.debug(LogMessage.of(() -> "Cache put: " + user.getUsername()));
 		this.cache.put(user.getUsername(), user);
 	}
 
 	public void removeUserFromCache(UserDetails user) {
-		if (logger.isDebugEnabled()) {
-			logger.debug("Cache remove: " + user.getUsername());
-		}
-
+		logger.debug(LogMessage.of(() -> "Cache remove: " + user.getUsername()));
 		this.removeUserFromCache(user.getUsername());
 	}
 
diff --git a/core/src/main/java/org/springframework/security/core/userdetails/jdbc/JdbcDaoImpl.java b/core/src/main/java/org/springframework/security/core/userdetails/jdbc/JdbcDaoImpl.java
index 565c28b7a9..de2f058080 100644
--- a/core/src/main/java/org/springframework/security/core/userdetails/jdbc/JdbcDaoImpl.java
+++ b/core/src/main/java/org/springframework/security/core/userdetails/jdbc/JdbcDaoImpl.java
@@ -171,37 +171,26 @@ public class JdbcDaoImpl extends JdbcDaoSupport implements UserDetailsService, M
 	@Override
 	public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
 		List<UserDetails> users = loadUsersByUsername(username);
-
 		if (users.size() == 0) {
 			this.logger.debug("Query returned no results for user '" + username + "'");
-
 			throw new UsernameNotFoundException(this.messages.getMessage("JdbcDaoImpl.notFound",
 					new Object[] { username }, "Username {0} not found"));
 		}
-
 		UserDetails user = users.get(0); // contains no GrantedAuthority[]
-
 		Set<GrantedAuthority> dbAuthsSet = new HashSet<>();
-
 		if (this.enableAuthorities) {
 			dbAuthsSet.addAll(loadUserAuthorities(user.getUsername()));
 		}
-
 		if (this.enableGroups) {
 			dbAuthsSet.addAll(loadGroupAuthorities(user.getUsername()));
 		}
-
 		List<GrantedAuthority> dbAuths = new ArrayList<>(dbAuthsSet);
-
 		addCustomAuthorities(user.getUsername(), dbAuths);
-
 		if (dbAuths.size() == 0) {
 			this.logger.debug("User '" + username + "' has no authorities and will be treated as 'not found'");
-
 			throw new UsernameNotFoundException(this.messages.getMessage("JdbcDaoImpl.noAuthority",
 					new Object[] { username }, "User {0} has no GrantedAuthority"));
 		}
-
 		return createUserDetails(username, user, dbAuths);
 	}
 
@@ -225,7 +214,6 @@ public class JdbcDaoImpl extends JdbcDaoSupport implements UserDetailsService, M
 	protected List<GrantedAuthority> loadUserAuthorities(String username) {
 		return getJdbcTemplate().query(this.authoritiesByUsernameQuery, new String[] { username }, (rs, rowNum) -> {
 			String roleName = JdbcDaoImpl.this.rolePrefix + rs.getString(2);
-
 			return new SimpleGrantedAuthority(roleName);
 		});
 	}
@@ -239,7 +227,6 @@ public class JdbcDaoImpl extends JdbcDaoSupport implements UserDetailsService, M
 		return getJdbcTemplate().query(this.groupAuthoritiesByUsernameQuery, new String[] { username },
 				(rs, rowNum) -> {
 					String roleName = getRolePrefix() + rs.getString(3);
-
 					return new SimpleGrantedAuthority(roleName);
 				});
 	}
@@ -256,11 +243,9 @@ public class JdbcDaoImpl extends JdbcDaoSupport implements UserDetailsService, M
 	protected UserDetails createUserDetails(String username, UserDetails userFromUserQuery,
 			List<GrantedAuthority> combinedAuthorities) {
 		String returnUsername = userFromUserQuery.getUsername();
-
 		if (!this.usernameBasedPrimaryKey) {
 			returnUsername = username;
 		}
-
 		return new User(returnUsername, userFromUserQuery.getPassword(), userFromUserQuery.isEnabled(),
 				userFromUserQuery.isAccountNonExpired(), userFromUserQuery.isCredentialsNonExpired(),
 				userFromUserQuery.isAccountNonLocked(), combinedAuthorities);
diff --git a/core/src/main/java/org/springframework/security/core/userdetails/memory/UserAttributeEditor.java b/core/src/main/java/org/springframework/security/core/userdetails/memory/UserAttributeEditor.java
index 163c502bbb..09f10c18d0 100644
--- a/core/src/main/java/org/springframework/security/core/userdetails/memory/UserAttributeEditor.java
+++ b/core/src/main/java/org/springframework/security/core/userdetails/memory/UserAttributeEditor.java
@@ -32,42 +32,32 @@ public class UserAttributeEditor extends PropertyEditorSupport {
 
 	@Override
 	public void setAsText(String s) throws IllegalArgumentException {
-		if (StringUtils.hasText(s)) {
-			String[] tokens = StringUtils.commaDelimitedListToStringArray(s);
-			UserAttribute userAttrib = new UserAttribute();
-
-			List<String> authoritiesAsStrings = new ArrayList<>();
-
-			for (int i = 0; i < tokens.length; i++) {
-				String currentToken = tokens[i].trim();
-
-				if (i == 0) {
-					userAttrib.setPassword(currentToken);
-				}
-				else {
-					if (currentToken.toLowerCase().equals("enabled")) {
-						userAttrib.setEnabled(true);
-					}
-					else if (currentToken.toLowerCase().equals("disabled")) {
-						userAttrib.setEnabled(false);
-					}
-					else {
-						authoritiesAsStrings.add(currentToken);
-					}
-				}
-			}
-			userAttrib.setAuthoritiesAsString(authoritiesAsStrings);
-
-			if (userAttrib.isValid()) {
-				setValue(userAttrib);
+		if (!StringUtils.hasText(s)) {
+			setValue(null);
+			return;
+		}
+		String[] tokens = StringUtils.commaDelimitedListToStringArray(s);
+		UserAttribute userAttrib = new UserAttribute();
+		List<String> authoritiesAsStrings = new ArrayList<>();
+		for (int i = 0; i < tokens.length; i++) {
+			String currentToken = tokens[i].trim();
+			if (i == 0) {
+				userAttrib.setPassword(currentToken);
 			}
 			else {
-				setValue(null);
+				if (currentToken.toLowerCase().equals("enabled")) {
+					userAttrib.setEnabled(true);
+				}
+				else if (currentToken.toLowerCase().equals("disabled")) {
+					userAttrib.setEnabled(false);
+				}
+				else {
+					authoritiesAsStrings.add(currentToken);
+				}
 			}
 		}
-		else {
-			setValue(null);
-		}
+		userAttrib.setAuthoritiesAsString(authoritiesAsStrings);
+		setValue(userAttrib.isValid() ? userAttrib : null);
 	}
 
 }
diff --git a/core/src/main/java/org/springframework/security/jackson2/SecurityJackson2Modules.java b/core/src/main/java/org/springframework/security/jackson2/SecurityJackson2Modules.java
index 03e24ae4a7..febd2b755c 100644
--- a/core/src/main/java/org/springframework/security/jackson2/SecurityJackson2Modules.java
+++ b/core/src/main/java/org/springframework/security/jackson2/SecurityJackson2Modules.java
@@ -42,6 +42,7 @@ import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
 import org.springframework.core.annotation.AnnotationUtils;
+import org.springframework.core.log.LogMessage;
 import org.springframework.util.ClassUtils;
 
 /**
@@ -97,22 +98,17 @@ public final class SecurityJackson2Modules {
 
 	@SuppressWarnings("unchecked")
 	private static Module loadAndGetInstance(String className, ClassLoader loader) {
-		Module instance = null;
 		try {
 			Class<? extends Module> securityModule = (Class<? extends Module>) ClassUtils.forName(className, loader);
 			if (securityModule != null) {
-				if (logger.isDebugEnabled()) {
-					logger.debug("Loaded module " + className + ", now registering");
-				}
-				instance = securityModule.newInstance();
+				logger.debug(LogMessage.format("Loaded module %s, now registering", className));
+				return securityModule.newInstance();
 			}
 		}
 		catch (Exception ex) {
-			if (logger.isDebugEnabled()) {
-				logger.debug("Cannot load module " + className, ex);
-			}
+			logger.debug(LogMessage.format("Cannot load module %s", className), ex);
 		}
-		return instance;
+		return null;
 	}
 
 	/**
@@ -193,12 +189,23 @@ public final class SecurityJackson2Modules {
 	 */
 	static class AllowlistTypeIdResolver implements TypeIdResolver {
 
-		private static final Set<String> ALLOWLIST_CLASS_NAMES = Collections
-				.unmodifiableSet(new HashSet(Arrays.asList("java.util.ArrayList", "java.util.Collections$EmptyList",
-						"java.util.Collections$EmptyMap", "java.util.Collections$UnmodifiableRandomAccessList",
-						"java.util.Collections$SingletonList", "java.util.Date", "java.time.Instant", "java.net.URL",
-						"java.util.TreeMap", "java.util.HashMap", "java.util.LinkedHashMap",
-						"org.springframework.security.core.context.SecurityContextImpl")));
+		private static final Set<String> ALLOWLIST_CLASS_NAMES;
+		static {
+			Set<String> names = new HashSet<>();
+			names.add("java.util.ArrayList");
+			names.add("java.util.Collections$EmptyList");
+			names.add("java.util.Collections$EmptyMap");
+			names.add("java.util.Collections$UnmodifiableRandomAccessList");
+			names.add("java.util.Collections$SingletonList");
+			names.add("java.util.Date");
+			names.add("java.time.Instant");
+			names.add("java.net.URL");
+			names.add("java.util.TreeMap");
+			names.add("java.util.HashMap");
+			names.add("java.util.LinkedHashMap");
+			names.add("org.springframework.security.core.context.SecurityContextImpl");
+			ALLOWLIST_CLASS_NAMES = Collections.unmodifiableSet(names);
+		}
 
 		private final TypeIdResolver delegate;
 
diff --git a/core/src/main/java/org/springframework/security/jackson2/UserDeserializer.java b/core/src/main/java/org/springframework/security/jackson2/UserDeserializer.java
index fd91f1ad9f..8363acc332 100644
--- a/core/src/main/java/org/springframework/security/jackson2/UserDeserializer.java
+++ b/core/src/main/java/org/springframework/security/jackson2/UserDeserializer.java
@@ -42,6 +42,9 @@ import org.springframework.security.core.userdetails.User;
  */
 class UserDeserializer extends JsonDeserializer<User> {
 
+	private static final TypeReference<Set<SimpleGrantedAuthority>> SIMPLE_GRANTED_AUTHORITY_SET = new TypeReference<Set<SimpleGrantedAuthority>>() {
+	};
+
 	/**
 	 * This method will create {@link User} object. It will ensure successful object
 	 * creation even if password key is null in serialized json, because credentials may
@@ -58,15 +61,17 @@ class UserDeserializer extends JsonDeserializer<User> {
 		ObjectMapper mapper = (ObjectMapper) jp.getCodec();
 		JsonNode jsonNode = mapper.readTree(jp);
 		Set<? extends GrantedAuthority> authorities = mapper.convertValue(jsonNode.get("authorities"),
-				new TypeReference<Set<SimpleGrantedAuthority>>() {
-				});
-		JsonNode password = readJsonNode(jsonNode, "password");
-		User result = new User(readJsonNode(jsonNode, "username").asText(), password.asText(""),
-				readJsonNode(jsonNode, "enabled").asBoolean(), readJsonNode(jsonNode, "accountNonExpired").asBoolean(),
-				readJsonNode(jsonNode, "credentialsNonExpired").asBoolean(),
-				readJsonNode(jsonNode, "accountNonLocked").asBoolean(), authorities);
-
-		if (password.asText(null) == null) {
+				SIMPLE_GRANTED_AUTHORITY_SET);
+		JsonNode passwordNode = readJsonNode(jsonNode, "password");
+		String username = readJsonNode(jsonNode, "username").asText();
+		String password = passwordNode.asText("");
+		boolean enabled = readJsonNode(jsonNode, "enabled").asBoolean();
+		boolean accountNonExpired = readJsonNode(jsonNode, "accountNonExpired").asBoolean();
+		boolean credentialsNonExpired = readJsonNode(jsonNode, "credentialsNonExpired").asBoolean();
+		boolean accountNonLocked = readJsonNode(jsonNode, "accountNonLocked").asBoolean();
+		User result = new User(username, password, enabled, accountNonExpired, credentialsNonExpired, accountNonLocked,
+				authorities);
+		if (passwordNode.asText(null) == null) {
 			result.eraseCredentials();
 		}
 		return result;
diff --git a/core/src/main/java/org/springframework/security/jackson2/UsernamePasswordAuthenticationTokenDeserializer.java b/core/src/main/java/org/springframework/security/jackson2/UsernamePasswordAuthenticationTokenDeserializer.java
index 25e47eac9b..c5d815ad79 100644
--- a/core/src/main/java/org/springframework/security/jackson2/UsernamePasswordAuthenticationTokenDeserializer.java
+++ b/core/src/main/java/org/springframework/security/jackson2/UsernamePasswordAuthenticationTokenDeserializer.java
@@ -19,11 +19,13 @@ package org.springframework.security.jackson2;
 import java.io.IOException;
 import java.util.List;
 
+import com.fasterxml.jackson.core.JsonParseException;
 import com.fasterxml.jackson.core.JsonParser;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.core.type.TypeReference;
 import com.fasterxml.jackson.databind.DeserializationContext;
 import com.fasterxml.jackson.databind.JsonDeserializer;
+import com.fasterxml.jackson.databind.JsonMappingException;
 import com.fasterxml.jackson.databind.JsonNode;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.databind.node.MissingNode;
@@ -48,6 +50,12 @@ import org.springframework.security.core.GrantedAuthority;
  */
 class UsernamePasswordAuthenticationTokenDeserializer extends JsonDeserializer<UsernamePasswordAuthenticationToken> {
 
+	private static final TypeReference<List<GrantedAuthority>> GRANTED_AUTHORITY_LIST = new TypeReference<List<GrantedAuthority>>() {
+	};
+
+	private static final TypeReference<Object> OBJECT = new TypeReference<Object>() {
+	};
+
 	/**
 	 * This method construct {@link UsernamePasswordAuthenticationToken} object from
 	 * serialized json.
@@ -60,47 +68,44 @@ class UsernamePasswordAuthenticationTokenDeserializer extends JsonDeserializer<U
 	@Override
 	public UsernamePasswordAuthenticationToken deserialize(JsonParser jp, DeserializationContext ctxt)
 			throws IOException, JsonProcessingException {
-		UsernamePasswordAuthenticationToken token = null;
 		ObjectMapper mapper = (ObjectMapper) jp.getCodec();
 		JsonNode jsonNode = mapper.readTree(jp);
 		Boolean authenticated = readJsonNode(jsonNode, "authenticated").asBoolean();
 		JsonNode principalNode = readJsonNode(jsonNode, "principal");
-		Object principal = null;
-		if (principalNode.isObject()) {
-			principal = mapper.readValue(principalNode.traverse(mapper), Object.class);
-		}
-		else {
-			principal = principalNode.asText();
-		}
+		Object principal = getPrincipal(mapper, principalNode);
 		JsonNode credentialsNode = readJsonNode(jsonNode, "credentials");
-		Object credentials;
-		if (credentialsNode.isNull() || credentialsNode.isMissingNode()) {
-			credentials = null;
-		}
-		else {
-			credentials = credentialsNode.asText();
-		}
+		Object credentials = getCredentials(credentialsNode);
 		List<GrantedAuthority> authorities = mapper.readValue(readJsonNode(jsonNode, "authorities").traverse(mapper),
-				new TypeReference<List<GrantedAuthority>>() {
-				});
-		if (authenticated) {
-			token = new UsernamePasswordAuthenticationToken(principal, credentials, authorities);
-		}
-		else {
-			token = new UsernamePasswordAuthenticationToken(principal, credentials);
-		}
+				GRANTED_AUTHORITY_LIST);
+		UsernamePasswordAuthenticationToken token = (!authenticated)
+				? new UsernamePasswordAuthenticationToken(principal, credentials)
+				: new UsernamePasswordAuthenticationToken(principal, credentials, authorities);
 		JsonNode detailsNode = readJsonNode(jsonNode, "details");
 		if (detailsNode.isNull() || detailsNode.isMissingNode()) {
 			token.setDetails(null);
 		}
 		else {
-			Object details = mapper.readValue(detailsNode.toString(), new TypeReference<Object>() {
-			});
+			Object details = mapper.readValue(detailsNode.toString(), OBJECT);
 			token.setDetails(details);
 		}
 		return token;
 	}
 
+	private Object getCredentials(JsonNode credentialsNode) {
+		if (credentialsNode.isNull() || credentialsNode.isMissingNode()) {
+			return null;
+		}
+		return credentialsNode.asText();
+	}
+
+	private Object getPrincipal(ObjectMapper mapper, JsonNode principalNode)
+			throws IOException, JsonParseException, JsonMappingException {
+		if (principalNode.isObject()) {
+			return mapper.readValue(principalNode.traverse(mapper), Object.class);
+		}
+		return principalNode.asText();
+	}
+
 	private JsonNode readJsonNode(JsonNode jsonNode, String field) {
 		return jsonNode.has(field) ? jsonNode.get(field) : MissingNode.getInstance();
 	}
diff --git a/core/src/main/java/org/springframework/security/provisioning/InMemoryUserDetailsManager.java b/core/src/main/java/org/springframework/security/provisioning/InMemoryUserDetailsManager.java
index 762a0e3785..346c481cf8 100644
--- a/core/src/main/java/org/springframework/security/provisioning/InMemoryUserDetailsManager.java
+++ b/core/src/main/java/org/springframework/security/provisioning/InMemoryUserDetailsManager.java
@@ -25,6 +25,7 @@ import java.util.Properties;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
+import org.springframework.core.log.LogMessage;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
@@ -74,21 +75,21 @@ public class InMemoryUserDetailsManager implements UserDetailsManager, UserDetai
 	public InMemoryUserDetailsManager(Properties users) {
 		Enumeration<?> names = users.propertyNames();
 		UserAttributeEditor editor = new UserAttributeEditor();
-
 		while (names.hasMoreElements()) {
 			String name = (String) names.nextElement();
 			editor.setAsText(users.getProperty(name));
 			UserAttribute attr = (UserAttribute) editor.getValue();
-			UserDetails user = new User(name, attr.getPassword(), attr.isEnabled(), true, true, true,
-					attr.getAuthorities());
-			createUser(user);
+			createUser(createUserDetails(name, attr));
 		}
 	}
 
+	private User createUserDetails(String name, UserAttribute attr) {
+		return new User(name, attr.getPassword(), attr.isEnabled(), true, true, true, attr.getAuthorities());
+	}
+
 	@Override
 	public void createUser(UserDetails user) {
 		Assert.isTrue(!userExists(user.getUsername()), "user should not exist");
-
 		this.users.put(user.getUsername().toLowerCase(), new MutableUser(user));
 	}
 
@@ -100,7 +101,6 @@ public class InMemoryUserDetailsManager implements UserDetailsManager, UserDetai
 	@Override
 	public void updateUser(UserDetails user) {
 		Assert.isTrue(userExists(user.getUsername()), "user should exist");
-
 		this.users.put(user.getUsername().toLowerCase(), new MutableUser(user));
 	}
 
@@ -112,34 +112,24 @@ public class InMemoryUserDetailsManager implements UserDetailsManager, UserDetai
 	@Override
 	public void changePassword(String oldPassword, String newPassword) {
 		Authentication currentUser = SecurityContextHolder.getContext().getAuthentication();
-
 		if (currentUser == null) {
 			// This would indicate bad coding somewhere
 			throw new AccessDeniedException(
 					"Can't change password as no Authentication object found in context " + "for current user.");
 		}
-
 		String username = currentUser.getName();
-
-		this.logger.debug("Changing password for user '" + username + "'");
-
+		this.logger.debug(LogMessage.format("Changing password for user '%s'", username));
 		// If an authentication manager has been set, re-authenticate the user with the
 		// supplied password.
 		if (this.authenticationManager != null) {
-			this.logger.debug("Reauthenticating user '" + username + "' for password change request.");
-
+			this.logger.debug(LogMessage.format("Reauthenticating user '%s' for password change request.", username));
 			this.authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(username, oldPassword));
 		}
 		else {
 			this.logger.debug("No authentication manager set. Password won't be re-checked.");
 		}
-
 		MutableUserDetails user = this.users.get(username);
-
-		if (user == null) {
-			throw new IllegalStateException("Current user doesn't exist in database.");
-		}
-
+		Assert.state(user != null, "Current user doesn't exist in database.");
 		user.setPassword(newPassword);
 	}
 
@@ -154,11 +144,9 @@ public class InMemoryUserDetailsManager implements UserDetailsManager, UserDetai
 	@Override
 	public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
 		UserDetails user = this.users.get(username.toLowerCase());
-
 		if (user == null) {
 			throw new UsernameNotFoundException(username);
 		}
-
 		return new User(user.getUsername(), user.getPassword(), user.isEnabled(), user.isAccountNonExpired(),
 				user.isCredentialsNonExpired(), user.isAccountNonLocked(), user.getAuthorities());
 	}
diff --git a/core/src/main/java/org/springframework/security/provisioning/JdbcUserDetailsManager.java b/core/src/main/java/org/springframework/security/provisioning/JdbcUserDetailsManager.java
index f3d6e7ee8a..070b0f3f13 100644
--- a/core/src/main/java/org/springframework/security/provisioning/JdbcUserDetailsManager.java
+++ b/core/src/main/java/org/springframework/security/provisioning/JdbcUserDetailsManager.java
@@ -16,6 +16,8 @@
 
 package org.springframework.security.provisioning;
 
+import java.sql.ResultSet;
+import java.sql.SQLException;
 import java.util.Collection;
 import java.util.List;
 
@@ -25,6 +27,7 @@ import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
 import org.springframework.context.ApplicationContextException;
+import org.springframework.core.log.LogMessage;
 import org.springframework.dao.IncorrectResultSizeDataAccessException;
 import org.springframework.jdbc.core.PreparedStatementSetter;
 import org.springframework.security.access.AccessDeniedException;
@@ -60,7 +63,6 @@ import org.springframework.util.Assert;
  */
 public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsManager, GroupManager {
 
-	// UserDetailsManager SQL
 	public static final String DEF_CREATE_USER_SQL = "insert into users (username, password, enabled) values (?,?,?)";
 
 	public static final String DEF_DELETE_USER_SQL = "delete from users where username = ?";
@@ -75,7 +77,6 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
 
 	public static final String DEF_CHANGE_PASSWORD_SQL = "update users set password = ? where username = ?";
 
-	// GroupManager SQL
 	public static final String DEF_FIND_GROUPS_SQL = "select group_name from groups";
 
 	public static final String DEF_FIND_USERS_IN_GROUP_SQL = "select username from group_members gm, groups g "
@@ -160,10 +161,9 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
 	@Override
 	protected void initDao() throws ApplicationContextException {
 		if (this.authenticationManager == null) {
-			this.logger.info("No authentication manager set. Reauthentication of users when changing passwords will "
-					+ "not be performed.");
+			this.logger.info(
+					"No authentication manager set. Reauthentication of users when changing passwords will not be performed.");
 		}
-
 		super.initDao();
 	}
 
@@ -173,36 +173,33 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
 	 */
 	@Override
 	protected List<UserDetails> loadUsersByUsername(String username) {
-		return getJdbcTemplate().query(getUsersByUsernameQuery(), new String[] { username }, (rs, rowNum) -> {
+		return getJdbcTemplate().query(getUsersByUsernameQuery(), new String[] { username }, this::mapToUser);
+	}
 
-			String userName = rs.getString(1);
-			String password = rs.getString(2);
-			boolean enabled = rs.getBoolean(3);
-
-			boolean accLocked = false;
-			boolean accExpired = false;
-			boolean credsExpired = false;
-
-			if (rs.getMetaData().getColumnCount() > 3) {
-				// NOTE: acc_locked, acc_expired and creds_expired are also to be loaded
-				accLocked = rs.getBoolean(4);
-				accExpired = rs.getBoolean(5);
-				credsExpired = rs.getBoolean(6);
-			}
-			return new User(userName, password, enabled, !accExpired, !credsExpired, !accLocked,
-					AuthorityUtils.NO_AUTHORITIES);
-		});
+	private UserDetails mapToUser(ResultSet rs, int rowNum) throws SQLException {
+		String userName = rs.getString(1);
+		String password = rs.getString(2);
+		boolean enabled = rs.getBoolean(3);
+		boolean accLocked = false;
+		boolean accExpired = false;
+		boolean credsExpired = false;
+		if (rs.getMetaData().getColumnCount() > 3) {
+			// NOTE: acc_locked, acc_expired and creds_expired are also to be loaded
+			accLocked = rs.getBoolean(4);
+			accExpired = rs.getBoolean(5);
+			credsExpired = rs.getBoolean(6);
+		}
+		return new User(userName, password, enabled, !accExpired, !credsExpired, !accLocked,
+				AuthorityUtils.NO_AUTHORITIES);
 	}
 
 	@Override
 	public void createUser(final UserDetails user) {
 		validateUserDetails(user);
-
 		getJdbcTemplate().update(this.createUserSql, (ps) -> {
 			ps.setString(1, user.getUsername());
 			ps.setString(2, user.getPassword());
 			ps.setBoolean(3, user.isEnabled());
-
 			int paramCount = ps.getParameterMetaData().getParameterCount();
 			if (paramCount > 3) {
 				// NOTE: acc_locked, acc_expired and creds_expired are also to be inserted
@@ -211,7 +208,6 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
 				ps.setBoolean(6, !user.isCredentialsNonExpired());
 			}
 		});
-
 		if (getEnableAuthorities()) {
 			insertUserAuthorities(user);
 		}
@@ -220,11 +216,9 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
 	@Override
 	public void updateUser(final UserDetails user) {
 		validateUserDetails(user);
-
 		getJdbcTemplate().update(this.updateUserSql, (ps) -> {
 			ps.setString(1, user.getPassword());
 			ps.setBoolean(2, user.isEnabled());
-
 			int paramCount = ps.getParameterMetaData().getParameterCount();
 			if (paramCount == 3) {
 				ps.setString(3, user.getUsername());
@@ -234,17 +228,13 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
 				ps.setBoolean(3, !user.isAccountNonLocked());
 				ps.setBoolean(4, !user.isAccountNonExpired());
 				ps.setBoolean(5, !user.isCredentialsNonExpired());
-
 				ps.setString(6, user.getUsername());
 			}
-
 		});
-
 		if (getEnableAuthorities()) {
 			deleteUserAuthorities(user.getUsername());
 			insertUserAuthorities(user);
 		}
-
 		this.userCache.removeUserFromCache(user.getUsername());
 	}
 
@@ -270,42 +260,32 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
 	@Override
 	public void changePassword(String oldPassword, String newPassword) throws AuthenticationException {
 		Authentication currentUser = SecurityContextHolder.getContext().getAuthentication();
-
 		if (currentUser == null) {
 			// This would indicate bad coding somewhere
 			throw new AccessDeniedException(
 					"Can't change password as no Authentication object found in context " + "for current user.");
 		}
-
 		String username = currentUser.getName();
-
 		// If an authentication manager has been set, re-authenticate the user with the
 		// supplied password.
 		if (this.authenticationManager != null) {
-			this.logger.debug("Reauthenticating user '" + username + "' for password change request.");
-
+			this.logger.debug(LogMessage.format("Reauthenticating user '%s' for password change request.", username));
 			this.authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(username, oldPassword));
 		}
 		else {
 			this.logger.debug("No authentication manager set. Password won't be re-checked.");
 		}
-
 		this.logger.debug("Changing password for user '" + username + "'");
-
 		getJdbcTemplate().update(this.changePasswordSql, newPassword, username);
-
 		SecurityContextHolder.getContext().setAuthentication(createNewAuthentication(currentUser, newPassword));
-
 		this.userCache.removeUserFromCache(username);
 	}
 
 	protected Authentication createNewAuthentication(Authentication currentAuth, String newPassword) {
 		UserDetails user = loadUserByUsername(currentAuth.getName());
-
 		UsernamePasswordAuthenticationToken newAuthentication = new UsernamePasswordAuthenticationToken(user, null,
 				user.getAuthorities());
 		newAuthentication.setDetails(currentAuth.getDetails());
-
 		return newAuthentication;
 	}
 
@@ -313,12 +293,10 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
 	public boolean userExists(String username) {
 		List<String> users = getJdbcTemplate().queryForList(this.userExistsSql, new String[] { username },
 				String.class);
-
 		if (users.size() > 1) {
 			throw new IncorrectResultSizeDataAccessException("More than one user found with name '" + username + "'",
 					1);
 		}
-
 		return users.size() == 1;
 	}
 
@@ -337,16 +315,12 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
 	public void createGroup(final String groupName, final List<GrantedAuthority> authorities) {
 		Assert.hasText(groupName, "groupName should have text");
 		Assert.notNull(authorities, "authorities cannot be null");
-
 		this.logger.debug("Creating new group '" + groupName + "' with authorities "
 				+ AuthorityUtils.authorityListToSet(authorities));
-
 		getJdbcTemplate().update(this.insertGroupSql, groupName);
-
-		final int groupId = findGroupId(groupName);
-
+		int groupId = findGroupId(groupName);
 		for (GrantedAuthority a : authorities) {
-			final String authority = a.getAuthority();
+			String authority = a.getAuthority();
 			getJdbcTemplate().update(this.insertGroupAuthoritySql, (ps) -> {
 				ps.setInt(1, groupId);
 				ps.setString(2, authority);
@@ -358,8 +332,7 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
 	public void deleteGroup(String groupName) {
 		this.logger.debug("Deleting group '" + groupName + "'");
 		Assert.hasText(groupName, "groupName should have text");
-
-		final int id = findGroupId(groupName);
+		int id = findGroupId(groupName);
 		PreparedStatementSetter groupIdPSS = (ps) -> ps.setInt(1, id);
 		getJdbcTemplate().update(this.deleteGroupMembersSql, groupIdPSS);
 		getJdbcTemplate().update(this.deleteGroupAuthoritiesSql, groupIdPSS);
@@ -371,7 +344,6 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
 		this.logger.debug("Changing group name from '" + oldName + "' to '" + newName + "'");
 		Assert.hasText(oldName, "oldName should have text");
 		Assert.hasText(newName, "newName should have text");
-
 		getJdbcTemplate().update(this.renameGroupSql, newName, oldName);
 	}
 
@@ -380,13 +352,11 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
 		this.logger.debug("Adding user '" + username + "' to group '" + groupName + "'");
 		Assert.hasText(username, "username should have text");
 		Assert.hasText(groupName, "groupName should have text");
-
-		final int id = findGroupId(groupName);
+		int id = findGroupId(groupName);
 		getJdbcTemplate().update(this.insertGroupMemberSql, (ps) -> {
 			ps.setInt(1, id);
 			ps.setString(2, username);
 		});
-
 		this.userCache.removeUserFromCache(username);
 	}
 
@@ -395,14 +365,11 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
 		this.logger.debug("Removing user '" + username + "' to group '" + groupName + "'");
 		Assert.hasText(username, "username should have text");
 		Assert.hasText(groupName, "groupName should have text");
-
-		final int id = findGroupId(groupName);
-
+		int id = findGroupId(groupName);
 		getJdbcTemplate().update(this.deleteGroupMemberSql, (ps) -> {
 			ps.setInt(1, id);
 			ps.setString(2, username);
 		});
-
 		this.userCache.removeUserFromCache(username);
 	}
 
@@ -410,12 +377,13 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
 	public List<GrantedAuthority> findGroupAuthorities(String groupName) {
 		this.logger.debug("Loading authorities for group '" + groupName + "'");
 		Assert.hasText(groupName, "groupName should have text");
+		return getJdbcTemplate().query(this.groupAuthoritiesSql, new String[] { groupName },
+				this::mapToGrantedAuthority);
+	}
 
-		return getJdbcTemplate().query(this.groupAuthoritiesSql, new String[] { groupName }, (rs, rowNum) -> {
-			String roleName = getRolePrefix() + rs.getString(3);
-
-			return new SimpleGrantedAuthority(roleName);
-		});
+	private GrantedAuthority mapToGrantedAuthority(ResultSet rs, int rowNum) throws SQLException {
+		String roleName = getRolePrefix() + rs.getString(3);
+		return new SimpleGrantedAuthority(roleName);
 	}
 
 	@Override
@@ -423,9 +391,7 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
 		this.logger.debug("Removing authority '" + authority + "' from group '" + groupName + "'");
 		Assert.hasText(groupName, "groupName should have text");
 		Assert.notNull(authority, "authority cannot be null");
-
-		final int id = findGroupId(groupName);
-
+		int id = findGroupId(groupName);
 		getJdbcTemplate().update(this.deleteGroupAuthoritySql, (ps) -> {
 			ps.setInt(1, id);
 			ps.setString(2, authority.getAuthority());
@@ -437,8 +403,7 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
 		this.logger.debug("Adding authority '" + authority + "' to group '" + groupName + "'");
 		Assert.hasText(groupName, "groupName should have text");
 		Assert.notNull(authority, "authority cannot be null");
-
-		final int id = findGroupId(groupName);
+		int id = findGroupId(groupName);
 		getJdbcTemplate().update(this.insertGroupAuthoritySql, (ps) -> {
 			ps.setInt(1, id);
 			ps.setString(2, authority.getAuthority());
@@ -571,7 +536,6 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
 
 	private void validateAuthorities(Collection<? extends GrantedAuthority> authorities) {
 		Assert.notNull(authorities, "Authorities list must not be null");
-
 		for (GrantedAuthority authority : authorities) {
 			Assert.notNull(authority, "Authorities list contains a null entry");
 			Assert.hasText(authority.getAuthority(), "getAuthority() method must return a non-empty string");
diff --git a/core/src/main/java/org/springframework/security/task/DelegatingSecurityContextAsyncTaskExecutor.java b/core/src/main/java/org/springframework/security/task/DelegatingSecurityContextAsyncTaskExecutor.java
index f52d99c86d..3bbba07a0e 100644
--- a/core/src/main/java/org/springframework/security/task/DelegatingSecurityContextAsyncTaskExecutor.java
+++ b/core/src/main/java/org/springframework/security/task/DelegatingSecurityContextAsyncTaskExecutor.java
@@ -61,20 +61,17 @@ public class DelegatingSecurityContextAsyncTaskExecutor extends DelegatingSecuri
 
 	@Override
 	public final void execute(Runnable task, long startTimeout) {
-		task = wrap(task);
-		getDelegate().execute(task, startTimeout);
+		getDelegate().execute(wrap(task), startTimeout);
 	}
 
 	@Override
 	public final Future<?> submit(Runnable task) {
-		task = wrap(task);
-		return getDelegate().submit(task);
+		return getDelegate().submit(wrap(task));
 	}
 
 	@Override
 	public final <T> Future<T> submit(Callable<T> task) {
-		task = wrap(task);
-		return getDelegate().submit(task);
+		return getDelegate().submit(wrap(task));
 	}
 
 	private AsyncTaskExecutor getDelegate() {
diff --git a/core/src/main/java/org/springframework/security/util/FieldUtils.java b/core/src/main/java/org/springframework/security/util/FieldUtils.java
index be6de9d0e6..261d264b0d 100644
--- a/core/src/main/java/org/springframework/security/util/FieldUtils.java
+++ b/core/src/main/java/org/springframework/security/util/FieldUtils.java
@@ -42,16 +42,14 @@ public final class FieldUtils {
 	public static Field getField(Class<?> clazz, String fieldName) throws IllegalStateException {
 		Assert.notNull(clazz, "Class required");
 		Assert.hasText(fieldName, "Field name required");
-
 		try {
 			return clazz.getDeclaredField(fieldName);
 		}
-		catch (NoSuchFieldException nsf) {
+		catch (NoSuchFieldException ex) {
 			// Try superclass
 			if (clazz.getSuperclass() != null) {
 				return getField(clazz.getSuperclass(), fieldName);
 			}
-
 			throw new IllegalStateException("Could not locate field '" + fieldName + "' on class " + clazz);
 		}
 	}
@@ -68,7 +66,6 @@ public final class FieldUtils {
 		String[] nestedFields = StringUtils.tokenizeToStringArray(fieldName, ".");
 		Class<?> componentClass = bean.getClass();
 		Object value = bean;
-
 		for (String nestedField : nestedFields) {
 			Field field = getField(componentClass, nestedField);
 			field.setAccessible(true);
@@ -77,29 +74,24 @@ public final class FieldUtils {
 				componentClass = value.getClass();
 			}
 		}
-
 		return value;
 
 	}
 
 	public static Object getProtectedFieldValue(String protectedField, Object object) {
 		Field field = FieldUtils.getField(object.getClass(), protectedField);
-
 		try {
 			field.setAccessible(true);
-
 			return field.get(object);
 		}
 		catch (Exception ex) {
 			ReflectionUtils.handleReflectionException(ex);
-
 			return null; // unreachable - previous line throws exception
 		}
 	}
 
 	public static void setProtectedFieldValue(String protectedField, Object object, Object newValue) {
 		Field field = FieldUtils.getField(object.getClass(), protectedField);
-
 		try {
 			field.setAccessible(true);
 			field.set(object, newValue);
diff --git a/core/src/main/java/org/springframework/security/util/MethodInvocationUtils.java b/core/src/main/java/org/springframework/security/util/MethodInvocationUtils.java
index 09d44f5760..26ade0d092 100644
--- a/core/src/main/java/org/springframework/security/util/MethodInvocationUtils.java
+++ b/core/src/main/java/org/springframework/security/util/MethodInvocationUtils.java
@@ -50,19 +50,15 @@ public final class MethodInvocationUtils {
 	 */
 	public static MethodInvocation create(Object object, String methodName, Object... args) {
 		Assert.notNull(object, "Object required");
-
 		Class<?>[] classArgs = null;
-
 		if (args != null) {
 			classArgs = new Class<?>[args.length];
-
 			for (int i = 0; i < args.length; i++) {
 				classArgs[i] = args[i].getClass();
 			}
 		}
-
-		// Determine the type that declares the requested method, taking into account
-		// proxies
+		// Determine the type that declares the requested method,
+		// taking into account proxies
 		Class<?> target = AopUtils.getTargetClass(object);
 		if (object instanceof Advised) {
 			Advised a = (Advised) object;
@@ -75,13 +71,12 @@ public final class MethodInvocationUtils {
 						target = possibleInterface;
 						break;
 					}
-					catch (Exception ignored) {
+					catch (Exception ex) {
 						// try the next one
 					}
 				}
 			}
 		}
-
 		return createFromClass(object, target, methodName, classArgs, args);
 	}
 
@@ -100,21 +95,17 @@ public final class MethodInvocationUtils {
 	 * problem
 	 */
 	public static MethodInvocation createFromClass(Class<?> clazz, String methodName) {
-		MethodInvocation mi = createFromClass(null, clazz, methodName, null, null);
-
-		if (mi == null) {
-			for (Method m : clazz.getDeclaredMethods()) {
-				if (m.getName().equals(methodName)) {
-					if (mi != null) {
-						throw new IllegalArgumentException(
-								"The class " + clazz + " has more than one method named" + " '" + methodName + "'");
-					}
-					mi = new SimpleMethodInvocation(null, m);
+		MethodInvocation invocation = createFromClass(null, clazz, methodName, null, null);
+		if (invocation == null) {
+			for (Method method : clazz.getDeclaredMethods()) {
+				if (method.getName().equals(methodName)) {
+					Assert.isTrue(invocation == null,
+							() -> "The class " + clazz + " has more than one method named" + " '" + methodName + "'");
+					invocation = new SimpleMethodInvocation(null, method);
 				}
 			}
 		}
-
-		return mi;
+		return invocation;
 	}
 
 	/**
@@ -134,17 +125,13 @@ public final class MethodInvocationUtils {
 			Class<?>[] classArgs, Object[] args) {
 		Assert.notNull(clazz, "Class required");
 		Assert.hasText(methodName, "MethodName required");
-
-		Method method;
-
 		try {
-			method = clazz.getMethod(methodName, classArgs);
+			Method method = clazz.getMethod(methodName, classArgs);
+			return new SimpleMethodInvocation(targetObject, method, args);
 		}
 		catch (NoSuchMethodException ex) {
 			return null;
 		}
-
-		return new SimpleMethodInvocation(targetObject, method, args);
 	}
 
 }

From da22e9714758f3bd8056f45b2cf5a9eaf5fa158a Mon Sep 17 00:00:00 2001
From: Phillip Webb <pwebb@vmware.com>
Date: Thu, 30 Jul 2020 23:36:42 -0700
Subject: [PATCH 53/84] Polish spring-security-crypto main code

Manually polish `spring-security-crypto` following the formatting
and checkstyle fixes.

Issue gh-8945
---
 .../crypto/argon2/Argon2EncodingUtils.java    | 34 ++--------
 .../crypto/argon2/Argon2PasswordEncoder.java  | 19 ++----
 .../crypto/bcrypt/BCryptPasswordEncoder.java  | 32 +++++----
 .../security/crypto/codec/Hex.java            |  9 +--
 .../security/crypto/codec/Utf8.java           |  1 -
 .../crypto/encrypt/AesBytesEncryptor.java     | 66 ++++++++++---------
 .../BouncyCastleAesCbcBytesEncryptor.java     |  7 +-
 .../BouncyCastleAesGcmBytesEncryptor.java     |  7 +-
 .../security/crypto/encrypt/Encryptors.java   |  6 +-
 .../factory/PasswordEncoderFactories.java     |  1 -
 .../keygen/SecureRandomBytesKeyGenerator.java |  4 +-
 .../password/LdapShaPasswordEncoder.java      | 62 +++++++----------
 .../security/crypto/password/Md4.java         |  3 -
 .../crypto/password/Md4PasswordEncoder.java   |  6 +-
 .../MessageDigestPasswordEncoder.java         |  5 +-
 .../crypto/password/NoOpPasswordEncoder.java  | 10 +--
 .../crypto/password/PasswordEncoderUtils.java |  6 +-
 .../password/Pbkdf2PasswordEncoder.java       |  2 +-
 .../password/StandardPasswordEncoder.java     |  4 +-
 .../crypto/scrypt/SCryptPasswordEncoder.java  | 14 ----
 20 files changed, 105 insertions(+), 193 deletions(-)

diff --git a/crypto/src/main/java/org/springframework/security/crypto/argon2/Argon2EncodingUtils.java b/crypto/src/main/java/org/springframework/security/crypto/argon2/Argon2EncodingUtils.java
index 1cdeb21016..4502d58ee0 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/argon2/Argon2EncodingUtils.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/argon2/Argon2EncodingUtils.java
@@ -58,7 +58,6 @@ final class Argon2EncodingUtils {
 	 */
 	static String encode(byte[] hash, Argon2Parameters parameters) throws IllegalArgumentException {
 		StringBuilder stringBuilder = new StringBuilder();
-
 		switch (parameters.getType()) {
 		case Argon2Parameters.ARGON2_d:
 			stringBuilder.append("$argon2d");
@@ -74,13 +73,10 @@ final class Argon2EncodingUtils {
 		}
 		stringBuilder.append("$v=").append(parameters.getVersion()).append("$m=").append(parameters.getMemory())
 				.append(",t=").append(parameters.getIterations()).append(",p=").append(parameters.getLanes());
-
 		if (parameters.getSalt() != null) {
 			stringBuilder.append("$").append(b64encoder.encodeToString(parameters.getSalt()));
 		}
-
 		stringBuilder.append("$").append(b64encoder.encodeToString(hash));
-
 		return stringBuilder.toString();
 	}
 
@@ -106,15 +102,11 @@ final class Argon2EncodingUtils {
 	 */
 	static Argon2Hash decode(String encodedHash) throws IllegalArgumentException {
 		Argon2Parameters.Builder paramsBuilder;
-
 		String[] parts = encodedHash.split("\\$");
-
 		if (parts.length < 4) {
 			throw new IllegalArgumentException("Invalid encoded Argon2-hash");
 		}
-
 		int currentPart = 1;
-
 		switch (parts[currentPart++]) {
 		case "argon2d":
 			paramsBuilder = new Argon2Parameters.Builder(Argon2Parameters.ARGON2_d);
@@ -128,41 +120,27 @@ final class Argon2EncodingUtils {
 		default:
 			throw new IllegalArgumentException("Invalid algorithm type: " + parts[0]);
 		}
-
 		if (parts[currentPart].startsWith("v=")) {
 			paramsBuilder.withVersion(Integer.parseInt(parts[currentPart].substring(2)));
 			currentPart++;
 		}
-
 		String[] performanceParams = parts[currentPart++].split(",");
-
 		if (performanceParams.length != 3) {
 			throw new IllegalArgumentException("Amount of performance parameters invalid");
 		}
-
-		if (performanceParams[0].startsWith("m=")) {
-			paramsBuilder.withMemoryAsKB(Integer.parseInt(performanceParams[0].substring(2)));
-		}
-		else {
+		if (!performanceParams[0].startsWith("m=")) {
 			throw new IllegalArgumentException("Invalid memory parameter");
 		}
-
-		if (performanceParams[1].startsWith("t=")) {
-			paramsBuilder.withIterations(Integer.parseInt(performanceParams[1].substring(2)));
-		}
-		else {
+		paramsBuilder.withMemoryAsKB(Integer.parseInt(performanceParams[0].substring(2)));
+		if (!performanceParams[1].startsWith("t=")) {
 			throw new IllegalArgumentException("Invalid iterations parameter");
 		}
-
-		if (performanceParams[2].startsWith("p=")) {
-			paramsBuilder.withParallelism(Integer.parseInt(performanceParams[2].substring(2)));
-		}
-		else {
+		paramsBuilder.withIterations(Integer.parseInt(performanceParams[1].substring(2)));
+		if (!performanceParams[2].startsWith("p=")) {
 			throw new IllegalArgumentException("Invalid parallelity parameter");
 		}
-
+		paramsBuilder.withParallelism(Integer.parseInt(performanceParams[2].substring(2)));
 		paramsBuilder.withSalt(b64decoder.decode(parts[currentPart++]));
-
 		return new Argon2Hash(b64decoder.decode(parts[currentPart]), paramsBuilder.build());
 	}
 
diff --git a/crypto/src/main/java/org/springframework/security/crypto/argon2/Argon2PasswordEncoder.java b/crypto/src/main/java/org/springframework/security/crypto/argon2/Argon2PasswordEncoder.java
index cca1800628..9a87152cc4 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/argon2/Argon2PasswordEncoder.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/argon2/Argon2PasswordEncoder.java
@@ -68,30 +68,27 @@ public class Argon2PasswordEncoder implements PasswordEncoder {
 
 	private final BytesKeyGenerator saltGenerator;
 
+	public Argon2PasswordEncoder() {
+		this(DEFAULT_SALT_LENGTH, DEFAULT_HASH_LENGTH, DEFAULT_PARALLELISM, DEFAULT_MEMORY, DEFAULT_ITERATIONS);
+	}
+
 	public Argon2PasswordEncoder(int saltLength, int hashLength, int parallelism, int memory, int iterations) {
 		this.hashLength = hashLength;
 		this.parallelism = parallelism;
 		this.memory = memory;
 		this.iterations = iterations;
-
 		this.saltGenerator = KeyGenerators.secureRandom(saltLength);
 	}
 
-	public Argon2PasswordEncoder() {
-		this(DEFAULT_SALT_LENGTH, DEFAULT_HASH_LENGTH, DEFAULT_PARALLELISM, DEFAULT_MEMORY, DEFAULT_ITERATIONS);
-	}
-
 	@Override
 	public String encode(CharSequence rawPassword) {
 		byte[] salt = this.saltGenerator.generateKey();
 		byte[] hash = new byte[this.hashLength];
-
 		Argon2Parameters params = new Argon2Parameters.Builder(Argon2Parameters.ARGON2_id).withSalt(salt)
 				.withParallelism(this.parallelism).withMemoryAsKB(this.memory).withIterations(this.iterations).build();
 		Argon2BytesGenerator generator = new Argon2BytesGenerator();
 		generator.init(params);
 		generator.generateBytes(rawPassword.toString().toCharArray(), hash);
-
 		return Argon2EncodingUtils.encode(hash, params);
 	}
 
@@ -101,9 +98,7 @@ public class Argon2PasswordEncoder implements PasswordEncoder {
 			this.logger.warn("password hash is null");
 			return false;
 		}
-
 		Argon2EncodingUtils.Argon2Hash decoded;
-
 		try {
 			decoded = Argon2EncodingUtils.decode(encodedPassword);
 		}
@@ -111,13 +106,10 @@ public class Argon2PasswordEncoder implements PasswordEncoder {
 			this.logger.warn("Malformed password hash", ex);
 			return false;
 		}
-
 		byte[] hashBytes = new byte[decoded.getHash().length];
-
 		Argon2BytesGenerator generator = new Argon2BytesGenerator();
 		generator.init(decoded.getParameters());
 		generator.generateBytes(rawPassword.toString().toCharArray(), hashBytes);
-
 		return constantTimeArrayEquals(decoded.getHash(), hashBytes);
 	}
 
@@ -127,9 +119,7 @@ public class Argon2PasswordEncoder implements PasswordEncoder {
 			this.logger.warn("password hash is null");
 			return false;
 		}
-
 		Argon2Parameters parameters = Argon2EncodingUtils.decode(encodedPassword).getParameters();
-
 		return parameters.getMemory() < this.memory || parameters.getIterations() < this.iterations;
 	}
 
@@ -137,7 +127,6 @@ public class Argon2PasswordEncoder implements PasswordEncoder {
 		if (expected.length != actual.length) {
 			return false;
 		}
-
 		int result = 0;
 		for (int i = 0; i < expected.length; i++) {
 			result |= expected[i] ^ actual[i];
diff --git a/crypto/src/main/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoder.java b/crypto/src/main/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoder.java
index 43311f6f03..d17511b033 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoder.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoder.java
@@ -106,33 +106,30 @@ public class BCryptPasswordEncoder implements PasswordEncoder {
 		if (rawPassword == null) {
 			throw new IllegalArgumentException("rawPassword cannot be null");
 		}
-
-		String salt;
-		if (this.random != null) {
-			salt = BCrypt.gensalt(this.version.getVersion(), this.strength, this.random);
-		}
-		else {
-			salt = BCrypt.gensalt(this.version.getVersion(), this.strength);
-		}
+		String salt = getSalt();
 		return BCrypt.hashpw(rawPassword.toString(), salt);
 	}
 
+	private String getSalt() {
+		if (this.random != null) {
+			return BCrypt.gensalt(this.version.getVersion(), this.strength, this.random);
+		}
+		return BCrypt.gensalt(this.version.getVersion(), this.strength);
+	}
+
 	@Override
 	public boolean matches(CharSequence rawPassword, String encodedPassword) {
 		if (rawPassword == null) {
 			throw new IllegalArgumentException("rawPassword cannot be null");
 		}
-
 		if (encodedPassword == null || encodedPassword.length() == 0) {
 			this.logger.warn("Empty encoded password");
 			return false;
 		}
-
 		if (!this.BCRYPT_PATTERN.matcher(encodedPassword).matches()) {
 			this.logger.warn("Encoded password does not look like BCrypt");
 			return false;
 		}
-
 		return BCrypt.checkpw(rawPassword.toString(), encodedPassword);
 	}
 
@@ -142,15 +139,12 @@ public class BCryptPasswordEncoder implements PasswordEncoder {
 			this.logger.warn("Empty encoded password");
 			return false;
 		}
-
 		Matcher matcher = this.BCRYPT_PATTERN.matcher(encodedPassword);
 		if (!matcher.matches()) {
 			throw new IllegalArgumentException("Encoded password does not look like BCrypt: " + encodedPassword);
 		}
-		else {
-			int strength = Integer.parseInt(matcher.group(2));
-			return strength < this.strength;
-		}
+		int strength = Integer.parseInt(matcher.group(2));
+		return strength < this.strength;
 	}
 
 	/**
@@ -160,7 +154,11 @@ public class BCryptPasswordEncoder implements PasswordEncoder {
 	 */
 	public enum BCryptVersion {
 
-		$2A("$2a"), $2Y("$2y"), $2B("$2b");
+		$2A("$2a"),
+
+		$2Y("$2y"),
+
+		$2B("$2b");
 
 		private final String version;
 
diff --git a/crypto/src/main/java/org/springframework/security/crypto/codec/Hex.java b/crypto/src/main/java/org/springframework/security/crypto/codec/Hex.java
index 48360ca934..2691e75550 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/codec/Hex.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/codec/Hex.java
@@ -27,8 +27,7 @@ package org.springframework.security.crypto.codec;
  */
 public final class Hex {
 
-	private static final char[] HEX = { '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e',
-			'f' };
+	private static final char[] HEX = "0123456789abcdef".toCharArray();
 
 	private Hex() {
 	}
@@ -36,7 +35,6 @@ public final class Hex {
 	public static char[] encode(byte[] bytes) {
 		final int nBytes = bytes.length;
 		char[] result = new char[2 * nBytes];
-
 		int j = 0;
 		for (byte aByte : bytes) {
 			// Char for top 4 bits
@@ -44,23 +42,18 @@ public final class Hex {
 			// Bottom 4
 			result[j++] = HEX[(0x0F & aByte)];
 		}
-
 		return result;
 	}
 
 	public static byte[] decode(CharSequence s) {
 		int nChars = s.length();
-
 		if (nChars % 2 != 0) {
 			throw new IllegalArgumentException("Hex-encoded string must have an even number of characters");
 		}
-
 		byte[] result = new byte[nChars / 2];
-
 		for (int i = 0; i < nChars; i += 2) {
 			int msb = Character.digit(s.charAt(i), 16);
 			int lsb = Character.digit(s.charAt(i + 1), 16);
-
 			if (msb < 0 || lsb < 0) {
 				throw new IllegalArgumentException(
 						"Detected a Non-hex character at " + (i + 1) + " or " + (i + 2) + " position");
diff --git a/crypto/src/main/java/org/springframework/security/crypto/codec/Utf8.java b/crypto/src/main/java/org/springframework/security/crypto/codec/Utf8.java
index 7dd723a99b..093de89fdd 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/codec/Utf8.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/codec/Utf8.java
@@ -44,7 +44,6 @@ public final class Utf8 {
 			ByteBuffer bytes = CHARSET.newEncoder().encode(CharBuffer.wrap(string));
 			byte[] bytesCopy = new byte[bytes.limit()];
 			System.arraycopy(bytes.array(), 0, bytesCopy, 0, bytes.limit());
-
 			return bytesCopy;
 		}
 		catch (CharacterCodingException ex) {
diff --git a/crypto/src/main/java/org/springframework/security/crypto/encrypt/AesBytesEncryptor.java b/crypto/src/main/java/org/springframework/security/crypto/encrypt/AesBytesEncryptor.java
index bed724b6af..d8f2fc12b6 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/encrypt/AesBytesEncryptor.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/encrypt/AesBytesEncryptor.java
@@ -52,38 +52,6 @@ public final class AesBytesEncryptor implements BytesEncryptor {
 
 	private static final String AES_GCM_ALGORITHM = "AES/GCM/NoPadding";
 
-	public enum CipherAlgorithm {
-
-		CBC(AES_CBC_ALGORITHM, NULL_IV_GENERATOR), GCM(AES_GCM_ALGORITHM, KeyGenerators.secureRandom(16));
-
-		private BytesKeyGenerator ivGenerator;
-
-		private String name;
-
-		CipherAlgorithm(String name, BytesKeyGenerator ivGenerator) {
-			this.name = name;
-			this.ivGenerator = ivGenerator;
-		}
-
-		@Override
-		public String toString() {
-			return this.name;
-		}
-
-		public AlgorithmParameterSpec getParameterSpec(byte[] iv) {
-			return (this != CBC) ? new GCMParameterSpec(128, iv) : new IvParameterSpec(iv);
-		}
-
-		public Cipher createCipher() {
-			return CipherUtils.newCipher(this.toString());
-		}
-
-		public BytesKeyGenerator defaultIvGenerator() {
-			return this.ivGenerator;
-		}
-
-	}
-
 	public AesBytesEncryptor(String password, CharSequence salt) {
 		this(password, salt, null);
 	}
@@ -159,4 +127,38 @@ public final class AesBytesEncryptor implements BytesEncryptor {
 
 	};
 
+	public enum CipherAlgorithm {
+
+		CBC(AES_CBC_ALGORITHM, NULL_IV_GENERATOR),
+
+		GCM(AES_GCM_ALGORITHM, KeyGenerators.secureRandom(16));
+
+		private BytesKeyGenerator ivGenerator;
+
+		private String name;
+
+		CipherAlgorithm(String name, BytesKeyGenerator ivGenerator) {
+			this.name = name;
+			this.ivGenerator = ivGenerator;
+		}
+
+		@Override
+		public String toString() {
+			return this.name;
+		}
+
+		public AlgorithmParameterSpec getParameterSpec(byte[] iv) {
+			return (this != CBC) ? new GCMParameterSpec(128, iv) : new IvParameterSpec(iv);
+		}
+
+		public Cipher createCipher() {
+			return CipherUtils.newCipher(this.toString());
+		}
+
+		public BytesKeyGenerator defaultIvGenerator() {
+			return this.ivGenerator;
+		}
+
+	}
+
 }
diff --git a/crypto/src/main/java/org/springframework/security/crypto/encrypt/BouncyCastleAesCbcBytesEncryptor.java b/crypto/src/main/java/org/springframework/security/crypto/encrypt/BouncyCastleAesCbcBytesEncryptor.java
index 84181d885b..3aa6e6eab3 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/encrypt/BouncyCastleAesCbcBytesEncryptor.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/encrypt/BouncyCastleAesCbcBytesEncryptor.java
@@ -33,7 +33,6 @@ import org.springframework.security.crypto.util.EncodingUtils;
  * "AES/CBC/PKCS5Padding".
  *
  * @author William Tran
- *
  */
 public class BouncyCastleAesCbcBytesEncryptor extends BouncyCastleAesBytesEncryptor {
 
@@ -46,10 +45,9 @@ public class BouncyCastleAesCbcBytesEncryptor extends BouncyCastleAesBytesEncryp
 	}
 
 	@Override
+	@SuppressWarnings("deprecation")
 	public byte[] encrypt(byte[] bytes) {
 		byte[] iv = this.ivGenerator.generateKey();
-
-		@SuppressWarnings("deprecation")
 		PaddedBufferedBlockCipher blockCipher = new PaddedBufferedBlockCipher(
 				new CBCBlockCipher(new org.bouncycastle.crypto.engines.AESFastEngine()), new PKCS7Padding());
 		blockCipher.init(true, new ParametersWithIV(this.secretKey, iv));
@@ -58,11 +56,10 @@ public class BouncyCastleAesCbcBytesEncryptor extends BouncyCastleAesBytesEncryp
 	}
 
 	@Override
+	@SuppressWarnings("deprecation")
 	public byte[] decrypt(byte[] encryptedBytes) {
 		byte[] iv = EncodingUtils.subArray(encryptedBytes, 0, this.ivGenerator.getKeyLength());
 		encryptedBytes = EncodingUtils.subArray(encryptedBytes, this.ivGenerator.getKeyLength(), encryptedBytes.length);
-
-		@SuppressWarnings("deprecation")
 		PaddedBufferedBlockCipher blockCipher = new PaddedBufferedBlockCipher(
 				new CBCBlockCipher(new org.bouncycastle.crypto.engines.AESFastEngine()), new PKCS7Padding());
 		blockCipher.init(false, new ParametersWithIV(this.secretKey, iv));
diff --git a/crypto/src/main/java/org/springframework/security/crypto/encrypt/BouncyCastleAesGcmBytesEncryptor.java b/crypto/src/main/java/org/springframework/security/crypto/encrypt/BouncyCastleAesGcmBytesEncryptor.java
index 044d6a2a77..cce6dd6d99 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/encrypt/BouncyCastleAesGcmBytesEncryptor.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/encrypt/BouncyCastleAesGcmBytesEncryptor.java
@@ -44,23 +44,20 @@ public class BouncyCastleAesGcmBytesEncryptor extends BouncyCastleAesBytesEncryp
 	}
 
 	@Override
+	@SuppressWarnings("deprecation")
 	public byte[] encrypt(byte[] bytes) {
 		byte[] iv = this.ivGenerator.generateKey();
-
-		@SuppressWarnings("deprecation")
 		GCMBlockCipher blockCipher = new GCMBlockCipher(new org.bouncycastle.crypto.engines.AESFastEngine());
 		blockCipher.init(true, new AEADParameters(this.secretKey, 128, iv, null));
-
 		byte[] encrypted = process(blockCipher, bytes);
 		return (iv != null) ? EncodingUtils.concatenate(iv, encrypted) : encrypted;
 	}
 
 	@Override
+	@SuppressWarnings("deprecation")
 	public byte[] decrypt(byte[] encryptedBytes) {
 		byte[] iv = EncodingUtils.subArray(encryptedBytes, 0, this.ivGenerator.getKeyLength());
 		encryptedBytes = EncodingUtils.subArray(encryptedBytes, this.ivGenerator.getKeyLength(), encryptedBytes.length);
-
-		@SuppressWarnings("deprecation")
 		GCMBlockCipher blockCipher = new GCMBlockCipher(new org.bouncycastle.crypto.engines.AESFastEngine());
 		blockCipher.init(false, new AEADParameters(this.secretKey, 128, iv, null));
 		return process(blockCipher, encryptedBytes);
diff --git a/crypto/src/main/java/org/springframework/security/crypto/encrypt/Encryptors.java b/crypto/src/main/java/org/springframework/security/crypto/encrypt/Encryptors.java
index e4e2b88f1d..ff7505b289 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/encrypt/Encryptors.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/encrypt/Encryptors.java
@@ -113,13 +113,13 @@ public final class Encryptors {
 	 * environments where working with plain text strings is desired for simplicity.
 	 */
 	public static TextEncryptor noOpText() {
-		return NO_OP_TEXT_INSTANCE;
+		return NoOpTextEncryptor.INSTANCE;
 	}
 
-	private static final TextEncryptor NO_OP_TEXT_INSTANCE = new NoOpTextEncryptor();
-
 	private static final class NoOpTextEncryptor implements TextEncryptor {
 
+		static final TextEncryptor INSTANCE = new NoOpTextEncryptor();
+
 		@Override
 		public String encrypt(String text) {
 			return text;
diff --git a/crypto/src/main/java/org/springframework/security/crypto/factory/PasswordEncoderFactories.java b/crypto/src/main/java/org/springframework/security/crypto/factory/PasswordEncoderFactories.java
index a3f995d23d..eb27d4a058 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/factory/PasswordEncoderFactories.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/factory/PasswordEncoderFactories.java
@@ -78,7 +78,6 @@ public final class PasswordEncoderFactories {
 				new org.springframework.security.crypto.password.MessageDigestPasswordEncoder("SHA-256"));
 		encoders.put("sha256", new org.springframework.security.crypto.password.StandardPasswordEncoder());
 		encoders.put("argon2", new Argon2PasswordEncoder());
-
 		return new DelegatingPasswordEncoder(encodingId, encoders);
 	}
 
diff --git a/crypto/src/main/java/org/springframework/security/crypto/keygen/SecureRandomBytesKeyGenerator.java b/crypto/src/main/java/org/springframework/security/crypto/keygen/SecureRandomBytesKeyGenerator.java
index b50bbe3bf5..e3cb10adfe 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/keygen/SecureRandomBytesKeyGenerator.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/keygen/SecureRandomBytesKeyGenerator.java
@@ -28,6 +28,8 @@ import java.security.SecureRandom;
  */
 final class SecureRandomBytesKeyGenerator implements BytesKeyGenerator {
 
+	private static final int DEFAULT_KEY_LENGTH = 8;
+
 	private final SecureRandom random;
 
 	private final int keyLength;
@@ -59,6 +61,4 @@ final class SecureRandomBytesKeyGenerator implements BytesKeyGenerator {
 		return bytes;
 	}
 
-	private static final int DEFAULT_KEY_LENGTH = 8;
-
 }
diff --git a/crypto/src/main/java/org/springframework/security/crypto/password/LdapShaPasswordEncoder.java b/crypto/src/main/java/org/springframework/security/crypto/password/LdapShaPasswordEncoder.java
index 808e908c05..eb9687c0fc 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/password/LdapShaPasswordEncoder.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/password/LdapShaPasswordEncoder.java
@@ -75,11 +75,9 @@ public class LdapShaPasswordEncoder implements PasswordEncoder {
 		if (salt == null) {
 			return hash;
 		}
-
 		byte[] hashAndSalt = new byte[hash.length + salt.length];
 		System.arraycopy(hash, 0, hashAndSalt, 0, hash.length);
 		System.arraycopy(salt, 0, hashAndSalt, hash.length, salt.length);
-
 		return hashAndSalt;
 	}
 
@@ -98,42 +96,39 @@ public class LdapShaPasswordEncoder implements PasswordEncoder {
 	}
 
 	private String encode(CharSequence rawPassword, byte[] salt) {
-		MessageDigest sha;
+		MessageDigest sha = getSha(rawPassword);
+		if (salt != null) {
+			sha.update(salt);
+		}
+		byte[] hash = combineHashAndSalt(sha.digest(), salt);
+		String prefix = getPrefix(salt);
+		return prefix + Utf8.decode(Base64.getEncoder().encode(hash));
+	}
 
+	private MessageDigest getSha(CharSequence rawPassword) {
 		try {
-			sha = MessageDigest.getInstance("SHA");
+			MessageDigest sha = MessageDigest.getInstance("SHA");
 			sha.update(Utf8.encode(rawPassword));
+			return sha;
 		}
 		catch (java.security.NoSuchAlgorithmException ex) {
 			throw new IllegalStateException("No SHA implementation available!");
 		}
+	}
 
-		if (salt != null) {
-			sha.update(salt);
-		}
-
-		byte[] hash = combineHashAndSalt(sha.digest(), salt);
-
-		String prefix;
-
+	private String getPrefix(byte[] salt) {
 		if (salt == null || salt.length == 0) {
-			prefix = this.forceLowerCasePrefix ? SHA_PREFIX_LC : SHA_PREFIX;
+			return this.forceLowerCasePrefix ? SHA_PREFIX_LC : SHA_PREFIX;
 		}
-		else {
-			prefix = this.forceLowerCasePrefix ? SSHA_PREFIX_LC : SSHA_PREFIX;
-		}
-
-		return prefix + Utf8.decode(Base64.getEncoder().encode(hash));
+		return this.forceLowerCasePrefix ? SSHA_PREFIX_LC : SSHA_PREFIX;
 	}
 
 	private byte[] extractSalt(String encPass) {
 		String encPassNoLabel = encPass.substring(6);
-
 		byte[] hashAndSalt = Base64.getDecoder().decode(encPassNoLabel.getBytes());
 		int saltLength = hashAndSalt.length - SHA_LENGTH;
 		byte[] salt = new byte[saltLength];
 		System.arraycopy(hashAndSalt, SHA_LENGTH, salt, 0, saltLength);
-
 		return salt;
 	}
 
@@ -151,28 +146,24 @@ public class LdapShaPasswordEncoder implements PasswordEncoder {
 
 	private boolean matches(String rawPassword, String encodedPassword) {
 		String prefix = extractPrefix(encodedPassword);
-
 		if (prefix == null) {
 			return PasswordEncoderUtils.equals(encodedPassword, rawPassword);
 		}
+		byte[] salt = getSalt(encodedPassword, prefix);
+		int startOfHash = prefix.length();
+		String encodedRawPass = encode(rawPassword, salt).substring(startOfHash);
+		return PasswordEncoderUtils.equals(encodedRawPass, encodedPassword.substring(startOfHash));
+	}
 
-		byte[] salt;
+	private byte[] getSalt(String encodedPassword, String prefix) {
 		if (prefix.equals(SSHA_PREFIX) || prefix.equals(SSHA_PREFIX_LC)) {
-			salt = extractSalt(encodedPassword);
+			return extractSalt(encodedPassword);
 		}
-		else if (!prefix.equals(SHA_PREFIX) && !prefix.equals(SHA_PREFIX_LC)) {
+		if (!prefix.equals(SHA_PREFIX) && !prefix.equals(SHA_PREFIX_LC)) {
 			throw new IllegalArgumentException("Unsupported password prefix '" + prefix + "'");
 		}
-		else {
-			// Standard SHA
-			salt = null;
-		}
-
-		int startOfHash = prefix.length();
-
-		String encodedRawPass = encode(rawPassword, salt).substring(startOfHash);
-
-		return PasswordEncoderUtils.equals(encodedRawPass, encodedPassword.substring(startOfHash));
+		// Standard SHA
+		return null;
 	}
 
 	/**
@@ -182,13 +173,10 @@ public class LdapShaPasswordEncoder implements PasswordEncoder {
 		if (!encPass.startsWith("{")) {
 			return null;
 		}
-
 		int secondBrace = encPass.lastIndexOf('}');
-
 		if (secondBrace < 0) {
 			throw new IllegalArgumentException("Couldn't find closing brace for SHA prefix");
 		}
-
 		return encPass.substring(0, secondBrace + 1);
 	}
 
diff --git a/crypto/src/main/java/org/springframework/security/crypto/password/Md4.java b/crypto/src/main/java/org/springframework/security/crypto/password/Md4.java
index 29511f2358..d201531ed0 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/password/Md4.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/password/Md4.java
@@ -76,16 +76,13 @@ class Md4 {
 			update(this.buffer, 0);
 			this.bufferOffset = 0;
 		}
-
 		while (this.bufferOffset < C) {
 			this.buffer[this.bufferOffset++] = (byte) 0x00;
 		}
-
 		long bitCount = this.byteCount * 8;
 		for (int i = 0; i < 64; i += 8) {
 			this.buffer[this.bufferOffset++] = (byte) (bitCount >>> (i));
 		}
-
 		update(this.buffer, 0);
 		digest(buffer, offset);
 	}
diff --git a/crypto/src/main/java/org/springframework/security/crypto/password/Md4PasswordEncoder.java b/crypto/src/main/java/org/springframework/security/crypto/password/Md4PasswordEncoder.java
index 035d132709..f02583ae7f 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/password/Md4PasswordEncoder.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/password/Md4PasswordEncoder.java
@@ -111,10 +111,8 @@ public class Md4PasswordEncoder implements PasswordEncoder {
 		}
 		String saltedPassword = rawPassword + salt;
 		byte[] saltedPasswordBytes = Utf8.encode(saltedPassword);
-
 		Md4 md4 = new Md4();
 		md4.update(saltedPasswordBytes, 0, saltedPasswordBytes.length);
-
 		byte[] digest = md4.digest();
 		String encoded = encode(digest);
 		return salt + encoded;
@@ -124,9 +122,7 @@ public class Md4PasswordEncoder implements PasswordEncoder {
 		if (this.encodeHashAsBase64) {
 			return Utf8.decode(Base64.getEncoder().encode(digest));
 		}
-		else {
-			return new String(Hex.encode(digest));
-		}
+		return new String(Hex.encode(digest));
 	}
 
 	/**
diff --git a/crypto/src/main/java/org/springframework/security/crypto/password/MessageDigestPasswordEncoder.java b/crypto/src/main/java/org/springframework/security/crypto/password/MessageDigestPasswordEncoder.java
index 606e5b6923..cdc6032677 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/password/MessageDigestPasswordEncoder.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/password/MessageDigestPasswordEncoder.java
@@ -123,7 +123,6 @@ public class MessageDigestPasswordEncoder implements PasswordEncoder {
 
 	private String digest(String salt, CharSequence rawPassword) {
 		String saltedPassword = rawPassword + salt;
-
 		byte[] digest = this.digester.digest(Utf8.encode(saltedPassword));
 		String encoded = encode(digest);
 		return salt + encoded;
@@ -133,9 +132,7 @@ public class MessageDigestPasswordEncoder implements PasswordEncoder {
 		if (this.encodeHashAsBase64) {
 			return Utf8.decode(Base64.getEncoder().encode(digest));
 		}
-		else {
-			return new String(Hex.encode(digest));
-		}
+		return new String(Hex.encode(digest));
 	}
 
 	/**
diff --git a/crypto/src/main/java/org/springframework/security/crypto/password/NoOpPasswordEncoder.java b/crypto/src/main/java/org/springframework/security/crypto/password/NoOpPasswordEncoder.java
index 05feed195e..d092acf3ee 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/password/NoOpPasswordEncoder.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/password/NoOpPasswordEncoder.java
@@ -33,6 +33,11 @@ package org.springframework.security.crypto.password;
 @Deprecated
 public final class NoOpPasswordEncoder implements PasswordEncoder {
 
+	private static final PasswordEncoder INSTANCE = new NoOpPasswordEncoder();
+
+	private NoOpPasswordEncoder() {
+	}
+
 	@Override
 	public String encode(CharSequence rawPassword) {
 		return rawPassword.toString();
@@ -50,9 +55,4 @@ public final class NoOpPasswordEncoder implements PasswordEncoder {
 		return INSTANCE;
 	}
 
-	private static final PasswordEncoder INSTANCE = new NoOpPasswordEncoder();
-
-	private NoOpPasswordEncoder() {
-	}
-
 }
diff --git a/crypto/src/main/java/org/springframework/security/crypto/password/PasswordEncoderUtils.java b/crypto/src/main/java/org/springframework/security/crypto/password/PasswordEncoderUtils.java
index bcd0decacd..4e1a69a949 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/password/PasswordEncoderUtils.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/password/PasswordEncoderUtils.java
@@ -39,17 +39,13 @@ final class PasswordEncoderUtils {
 	static boolean equals(String expected, String actual) {
 		byte[] expectedBytes = bytesUtf8(expected);
 		byte[] actualBytes = bytesUtf8(actual);
-
 		return MessageDigest.isEqual(expectedBytes, actualBytes);
 	}
 
 	private static byte[] bytesUtf8(String s) {
-		if (s == null) {
-			return null;
-		}
 		// need to check if Utf8.encode() runs in constant time (probably not).
 		// This may leak length of string.
-		return Utf8.encode(s);
+		return (s != null) ? Utf8.encode(s) : null;
 	}
 
 }
diff --git a/crypto/src/main/java/org/springframework/security/crypto/password/Pbkdf2PasswordEncoder.java b/crypto/src/main/java/org/springframework/security/crypto/password/Pbkdf2PasswordEncoder.java
index 12854c95c7..73e660417c 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/password/Pbkdf2PasswordEncoder.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/password/Pbkdf2PasswordEncoder.java
@@ -112,11 +112,11 @@ public class Pbkdf2PasswordEncoder implements PasswordEncoder {
 		String algorithmName = secretKeyFactoryAlgorithm.name();
 		try {
 			SecretKeyFactory.getInstance(algorithmName);
+			this.algorithm = algorithmName;
 		}
 		catch (NoSuchAlgorithmException ex) {
 			throw new IllegalArgumentException("Invalid algorithm '" + algorithmName + "'.", ex);
 		}
-		this.algorithm = algorithmName;
 	}
 
 	/**
diff --git a/crypto/src/main/java/org/springframework/security/crypto/password/StandardPasswordEncoder.java b/crypto/src/main/java/org/springframework/security/crypto/password/StandardPasswordEncoder.java
index b93b775f94..e19e445ce2 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/password/StandardPasswordEncoder.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/password/StandardPasswordEncoder.java
@@ -50,6 +50,8 @@ import org.springframework.security.crypto.util.EncodingUtils;
 @Deprecated
 public final class StandardPasswordEncoder implements PasswordEncoder {
 
+	private static final int DEFAULT_ITERATIONS = 1024;
+
 	private final Digester digester;
 
 	private final byte[] secret;
@@ -104,6 +106,4 @@ public final class StandardPasswordEncoder implements PasswordEncoder {
 		return Hex.decode(encodedPassword);
 	}
 
-	private static final int DEFAULT_ITERATIONS = 1024;
-
 }
diff --git a/crypto/src/main/java/org/springframework/security/crypto/scrypt/SCryptPasswordEncoder.java b/crypto/src/main/java/org/springframework/security/crypto/scrypt/SCryptPasswordEncoder.java
index 01d1410130..98bafd4be2 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/scrypt/SCryptPasswordEncoder.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/scrypt/SCryptPasswordEncoder.java
@@ -109,7 +109,6 @@ public class SCryptPasswordEncoder implements PasswordEncoder {
 		if (saltLength < 1 || saltLength > Integer.MAX_VALUE) {
 			throw new IllegalArgumentException("Salt length must be >= 1 and <= " + Integer.MAX_VALUE);
 		}
-
 		this.cpuCost = cpuCost;
 		this.memoryCost = memoryCost;
 		this.parallelization = parallelization;
@@ -136,56 +135,43 @@ public class SCryptPasswordEncoder implements PasswordEncoder {
 		if (encodedPassword == null || encodedPassword.isEmpty()) {
 			return false;
 		}
-
 		String[] parts = encodedPassword.split("\\$");
-
 		if (parts.length != 4) {
 			throw new IllegalArgumentException("Encoded password does not look like SCrypt: " + encodedPassword);
 		}
-
 		long params = Long.parseLong(parts[1], 16);
-
 		int cpuCost = (int) Math.pow(2, params >> 16 & 0xffff);
 		int memoryCost = (int) params >> 8 & 0xff;
 		int parallelization = (int) params & 0xff;
-
 		return cpuCost < this.cpuCost || memoryCost < this.memoryCost || parallelization < this.parallelization;
 	}
 
 	private boolean decodeAndCheckMatches(CharSequence rawPassword, String encodedPassword) {
 		String[] parts = encodedPassword.split("\\$");
-
 		if (parts.length != 4) {
 			return false;
 		}
-
 		long params = Long.parseLong(parts[1], 16);
 		byte[] salt = decodePart(parts[2]);
 		byte[] derived = decodePart(parts[3]);
-
 		int cpuCost = (int) Math.pow(2, params >> 16 & 0xffff);
 		int memoryCost = (int) params >> 8 & 0xff;
 		int parallelization = (int) params & 0xff;
-
 		byte[] generated = SCrypt.generate(Utf8.encode(rawPassword), salt, cpuCost, memoryCost, parallelization,
 				this.keyLength);
-
 		return MessageDigest.isEqual(derived, generated);
 	}
 
 	private String digest(CharSequence rawPassword, byte[] salt) {
 		byte[] derived = SCrypt.generate(Utf8.encode(rawPassword), salt, this.cpuCost, this.memoryCost,
 				this.parallelization, this.keyLength);
-
 		String params = Long.toString(
 				((int) (Math.log(this.cpuCost) / Math.log(2)) << 16L) | this.memoryCost << 8 | this.parallelization,
 				16);
-
 		StringBuilder sb = new StringBuilder((salt.length + derived.length) * 2);
 		sb.append("$").append(params).append('$');
 		sb.append(encodePart(salt)).append('$');
 		sb.append(encodePart(derived));
-
 		return sb.toString();
 	}
 

From 48957b42fe907c7b29a2782f9de8bc4a446fd016 Mon Sep 17 00:00:00 2001
From: Phillip Webb <pwebb@vmware.com>
Date: Fri, 31 Jul 2020 10:54:06 -0700
Subject: [PATCH 54/84] Polish spring-security-data main code

Manually polish `spring-security-data` following the formatting
and checkstyle fixes.

Issue gh-8945
---
 .../repository/query/SecurityEvaluationContextExtension.java     | 1 -
 1 file changed, 1 deletion(-)

diff --git a/data/src/main/java/org/springframework/security/data/repository/query/SecurityEvaluationContextExtension.java b/data/src/main/java/org/springframework/security/data/repository/query/SecurityEvaluationContextExtension.java
index 6b85649b08..3696904a9a 100644
--- a/data/src/main/java/org/springframework/security/data/repository/query/SecurityEvaluationContextExtension.java
+++ b/data/src/main/java/org/springframework/security/data/repository/query/SecurityEvaluationContextExtension.java
@@ -114,7 +114,6 @@ public class SecurityEvaluationContextExtension implements EvaluationContextExte
 		if (this.authentication != null) {
 			return this.authentication;
 		}
-
 		SecurityContext context = SecurityContextHolder.getContext();
 		return context.getAuthentication();
 	}

From 554ef627fbe537887d4133f75339b88de66ca84a Mon Sep 17 00:00:00 2001
From: Phillip Webb <pwebb@vmware.com>
Date: Fri, 31 Jul 2020 12:05:12 -0700
Subject: [PATCH 55/84] Polish spring-security-ldap main code

Manually polish `spring-security-ldap` following the formatting
and checkstyle fixes.

Issue gh-8945
---
 .../ldap/DefaultLdapUsernameToDnMapper.java   |   2 -
 .../DefaultSpringSecurityContextSource.java   |  36 ++----
 .../security/ldap/LdapEncoder.java            |  96 ++++----------
 .../security/ldap/LdapUtils.java              |  27 +---
 .../ldap/SpringSecurityLdapTemplate.java      | 117 ++++++------------
 .../AbstractLdapAuthenticationProvider.java   |  18 +--
 .../AbstractLdapAuthenticator.java            |   4 -
 .../authentication/BindAuthenticator.java     |  24 +---
 .../LdapAuthenticationProvider.java           |  14 +--
 .../ldap/authentication/LdapEncoder.java      |  96 ++++----------
 .../PasswordComparisonAuthenticator.java      |  14 +--
 .../SpringSecurityAuthenticationSource.java   |  17 +--
 ...veDirectoryLdapAuthenticationProvider.java |  59 +++------
 .../PasswordPolicyAwareContextSource.java     |  38 ++----
 .../ldap/ppolicy/PasswordPolicyControl.java   |   4 +-
 .../PasswordPolicyControlExtractor.java       |   2 -
 .../ppolicy/PasswordPolicyControlFactory.java |   1 -
 .../ppolicy/PasswordPolicyErrorStatus.java    |  32 ++---
 .../PasswordPolicyResponseControl.java        |  84 -------------
 .../search/FilterBasedLdapUserSearch.java     |  23 +---
 .../ldap/server/ApacheDSContainer.java        |  92 ++++----------
 .../ldap/server/UnboundIdContainer.java       |   5 -
 .../DefaultLdapAuthoritiesPopulator.java      |  32 +----
 .../ldap/userdetails/InetOrgPerson.java       |   2 +-
 .../InetOrgPersonContextMapper.java           |   3 -
 .../ldap/userdetails/LdapAuthority.java       |  32 ++---
 .../ldap/userdetails/LdapUserDetailsImpl.java |   8 --
 .../userdetails/LdapUserDetailsManager.java   |  67 ++--------
 .../userdetails/LdapUserDetailsMapper.java    |  24 +---
 .../userdetails/LdapUserDetailsService.java   |   1 -
 .../NestedLdapAuthoritiesPopulator.java       |  31 ++---
 .../security/ldap/userdetails/Person.java     |   9 +-
 .../ldap/userdetails/PersonContextMapper.java |   4 -
 33 files changed, 241 insertions(+), 777 deletions(-)

diff --git a/ldap/src/main/java/org/springframework/security/ldap/DefaultLdapUsernameToDnMapper.java b/ldap/src/main/java/org/springframework/security/ldap/DefaultLdapUsernameToDnMapper.java
index 7cb9753c20..e4c0ac0e08 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/DefaultLdapUsernameToDnMapper.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/DefaultLdapUsernameToDnMapper.java
@@ -47,9 +47,7 @@ public class DefaultLdapUsernameToDnMapper implements LdapUsernameToDnMapper {
 	@Override
 	public DistinguishedName buildDn(String username) {
 		DistinguishedName dn = new DistinguishedName(this.userDnBase);
-
 		dn.add(this.usernameAttribute, username);
-
 		return dn;
 	}
 
diff --git a/ldap/src/main/java/org/springframework/security/ldap/DefaultSpringSecurityContextSource.java b/ldap/src/main/java/org/springframework/security/ldap/DefaultSpringSecurityContextSource.java
index 6307c3d92a..f9c6293712 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/DefaultSpringSecurityContextSource.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/DefaultSpringSecurityContextSource.java
@@ -51,8 +51,6 @@ public class DefaultSpringSecurityContextSource extends LdapContextSource {
 
 	protected final Log logger = LogFactory.getLog(getClass());
 
-	private String rootDn;
-
 	/**
 	 * Create and initialize an instance which will connect to the supplied LDAP URL. If
 	 * you want to use more than one server for fail-over, rather use the
@@ -62,44 +60,36 @@ public class DefaultSpringSecurityContextSource extends LdapContextSource {
 	 */
 	public DefaultSpringSecurityContextSource(String providerUrl) {
 		Assert.hasLength(providerUrl, "An LDAP connection URL must be supplied.");
-
-		StringTokenizer st = new StringTokenizer(providerUrl);
-
+		StringTokenizer tokenizer = new StringTokenizer(providerUrl);
 		ArrayList<String> urls = new ArrayList<>();
-
 		// Work out rootDn from the first URL and check that the other URLs (if any) match
-		while (st.hasMoreTokens()) {
-			String url = st.nextToken();
+		String rootDn = null;
+		while (tokenizer.hasMoreTokens()) {
+			String url = tokenizer.nextToken();
 			String urlRootDn = LdapUtils.parseRootDnFromUrl(url);
-
 			urls.add(url.substring(0, url.lastIndexOf(urlRootDn)));
-
 			this.logger.info(" URL '" + url + "', root DN is '" + urlRootDn + "'");
-
-			if (this.rootDn == null) {
-				this.rootDn = urlRootDn;
-			}
-			else if (!this.rootDn.equals(urlRootDn)) {
-				throw new IllegalArgumentException("Root DNs must be the same when using multiple URLs");
-			}
+			Assert.isTrue(rootDn == null || rootDn.equals(urlRootDn),
+					"Root DNs must be the same when using multiple URLs");
+			rootDn = (rootDn != null) ? rootDn : urlRootDn;
 		}
-
 		setUrls(urls.toArray(new String[0]));
-		setBase(this.rootDn);
+		setBase(rootDn);
 		setPooled(true);
 		setAuthenticationStrategy(new SimpleDirContextAuthenticationStrategy() {
+
 			@Override
 			@SuppressWarnings("rawtypes")
 			public void setupEnvironment(Hashtable env, String dn, String password) {
 				super.setupEnvironment(env, dn, password);
-				// Remove the pooling flag unless we are authenticating as the 'manager'
-				// user.
+				// Remove the pooling flag unless authenticating as the 'manager' user.
 				if (!DefaultSpringSecurityContextSource.this.userDn.equals(dn)
 						&& env.containsKey(SUN_LDAP_POOLING_FLAG)) {
 					DefaultSpringSecurityContextSource.this.logger.debug("Removing pooling flag for user " + dn);
 					env.remove(SUN_LDAP_POOLING_FLAG);
 				}
 			}
+
 		});
 	}
 
@@ -146,16 +136,13 @@ public class DefaultSpringSecurityContextSource extends LdapContextSource {
 	private static String buildProviderUrl(List<String> urls, String baseDn) {
 		Assert.notNull(baseDn, "The Base DN for the LDAP server must not be null.");
 		Assert.notEmpty(urls, "At least one LDAP server URL must be provided.");
-
 		String trimmedBaseDn = baseDn.trim();
 		StringBuilder providerUrl = new StringBuilder();
-
 		for (String serverUrl : urls) {
 			String trimmedUrl = serverUrl.trim();
 			if ("".equals(trimmedUrl)) {
 				continue;
 			}
-
 			providerUrl.append(trimmedUrl);
 			if (!trimmedUrl.endsWith("/")) {
 				providerUrl.append("/");
@@ -163,7 +150,6 @@ public class DefaultSpringSecurityContextSource extends LdapContextSource {
 			providerUrl.append(trimmedBaseDn);
 			providerUrl.append(" ");
 		}
-
 		return providerUrl.toString();
 
 	}
diff --git a/ldap/src/main/java/org/springframework/security/ldap/LdapEncoder.java b/ldap/src/main/java/org/springframework/security/ldap/LdapEncoder.java
index 5727f668af..a3911aa180 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/LdapEncoder.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/LdapEncoder.java
@@ -34,18 +34,11 @@ final class LdapEncoder {
 	private static final int HEX = 16;
 
 	private static String[] NAME_ESCAPE_TABLE = new String[96];
-
-	private static String[] FILTER_ESCAPE_TABLE = new String['\\' + 1];
-
 	static {
-
-		// Name encoding table -------------------------------------
-
 		// all below 0x20 (control chars)
 		for (char c = 0; c < ' '; c++) {
 			NAME_ESCAPE_TABLE[c] = "\\" + toTwoCharHex(c);
 		}
-
 		NAME_ESCAPE_TABLE['#'] = "\\#";
 		NAME_ESCAPE_TABLE[','] = "\\,";
 		NAME_ESCAPE_TABLE[';'] = "\\;";
@@ -55,21 +48,21 @@ final class LdapEncoder {
 		NAME_ESCAPE_TABLE['>'] = "\\>";
 		NAME_ESCAPE_TABLE['\"'] = "\\\"";
 		NAME_ESCAPE_TABLE['\\'] = "\\\\";
+	}
 
-		// Filter encoding table -------------------------------------
+	private static String[] FILTER_ESCAPE_TABLE = new String['\\' + 1];
 
+	static {
 		// fill with char itself
 		for (char c = 0; c < FILTER_ESCAPE_TABLE.length; c++) {
 			FILTER_ESCAPE_TABLE[c] = String.valueOf(c);
 		}
-
 		// escapes (RFC2254)
 		FILTER_ESCAPE_TABLE['*'] = "\\2a";
 		FILTER_ESCAPE_TABLE['('] = "\\28";
 		FILTER_ESCAPE_TABLE[')'] = "\\29";
 		FILTER_ESCAPE_TABLE['\\'] = "\\5c";
 		FILTER_ESCAPE_TABLE[0] = "\\00";
-
 	}
 
 	/**
@@ -79,15 +72,8 @@ final class LdapEncoder {
 	}
 
 	protected static String toTwoCharHex(char c) {
-
 		String raw = Integer.toHexString(c).toUpperCase();
-
-		if (raw.length() > 1) {
-			return raw;
-		}
-		else {
-			return "0" + raw;
-		}
+		return (raw.length() > 1) ? raw : "0" + raw;
 	}
 
 	/**
@@ -96,29 +82,15 @@ final class LdapEncoder {
 	 * @return a properly escaped representation of the supplied value.
 	 */
 	static String filterEncode(String value) {
-
 		if (value == null) {
 			return null;
 		}
-
-		// make buffer roomy
 		StringBuilder encodedValue = new StringBuilder(value.length() * 2);
-
 		int length = value.length();
-
 		for (int i = 0; i < length; i++) {
-
-			char c = value.charAt(i);
-
-			if (c < FILTER_ESCAPE_TABLE.length) {
-				encodedValue.append(FILTER_ESCAPE_TABLE[c]);
-			}
-			else {
-				// default: add the char
-				encodedValue.append(c);
-			}
+			char ch = value.charAt(i);
+			encodedValue.append((ch < FILTER_ESCAPE_TABLE.length) ? FILTER_ESCAPE_TABLE[ch] : ch);
 		}
-
 		return encodedValue.toString();
 	}
 
@@ -141,43 +113,31 @@ final class LdapEncoder {
 	 * @return The escaped value.
 	 */
 	static String nameEncode(String value) {
-
 		if (value == null) {
 			return null;
 		}
-
-		// make buffer roomy
 		StringBuilder encodedValue = new StringBuilder(value.length() * 2);
-
 		int length = value.length();
 		int last = length - 1;
-
 		for (int i = 0; i < length; i++) {
-
 			char c = value.charAt(i);
-
 			// space first or last
 			if (c == ' ' && (i == 0 || i == last)) {
 				encodedValue.append("\\ ");
 				continue;
 			}
-
+			// check in table for escapes
 			if (c < NAME_ESCAPE_TABLE.length) {
-				// check in table for escapes
 				String esc = NAME_ESCAPE_TABLE[c];
-
 				if (esc != null) {
 					encodedValue.append(esc);
 					continue;
 				}
 			}
-
 			// default: add the char
 			encodedValue.append(c);
 		}
-
 		return encodedValue.toString();
-
 	}
 
 	/**
@@ -188,43 +148,32 @@ final class LdapEncoder {
 	 * @throws BadLdapGrammarException
 	 */
 	static String nameDecode(String value) throws BadLdapGrammarException {
-
 		if (value == null) {
 			return null;
 		}
-
-		// make buffer same size
 		StringBuilder decoded = new StringBuilder(value.length());
-
 		int i = 0;
 		while (i < value.length()) {
 			char currentChar = value.charAt(i);
 			if (currentChar == '\\') {
+				// Ending with a single backslash is not allowed
 				if (value.length() <= i + 1) {
-					// Ending with a single backslash is not allowed
 					throw new BadLdapGrammarException("Unexpected end of value " + "unterminated '\\'");
 				}
+				char nextChar = value.charAt(i + 1);
+				if (isNormalBackslashEscape(nextChar)) {
+					decoded.append(nextChar);
+					i += 2;
+				}
 				else {
-					char nextChar = value.charAt(i + 1);
-					if (nextChar == ',' || nextChar == '=' || nextChar == '+' || nextChar == '<' || nextChar == '>'
-							|| nextChar == '#' || nextChar == ';' || nextChar == '\\' || nextChar == '\"'
-							|| nextChar == ' ') {
-						// Normal backslash escape
-						decoded.append(nextChar);
-						i += 2;
-					}
-					else {
-						if (value.length() <= i + 2) {
-							throw new BadLdapGrammarException(
-									"Unexpected end of value " + "expected special or hex, found '" + nextChar + "'");
-						}
-						else {
-							// This should be a hex value
-							String hexString = "" + nextChar + value.charAt(i + 2);
-							decoded.append((char) Integer.parseInt(hexString, HEX));
-							i += 3;
-						}
+					if (value.length() <= i + 2) {
+						throw new BadLdapGrammarException(
+								"Unexpected end of value " + "expected special or hex, found '" + nextChar + "'");
 					}
+					// This should be a hex value
+					String hexString = "" + nextChar + value.charAt(i + 2);
+					decoded.append((char) Integer.parseInt(hexString, HEX));
+					i += 3;
 				}
 			}
 			else {
@@ -238,4 +187,9 @@ final class LdapEncoder {
 
 	}
 
+	private static boolean isNormalBackslashEscape(char nextChar) {
+		return nextChar == ',' || nextChar == '=' || nextChar == '+' || nextChar == '<' || nextChar == '>'
+				|| nextChar == '#' || nextChar == ';' || nextChar == '\\' || nextChar == '\"' || nextChar == ' ';
+	}
+
 }
diff --git a/ldap/src/main/java/org/springframework/security/ldap/LdapUtils.java b/ldap/src/main/java/org/springframework/security/ldap/LdapUtils.java
index 6bcb430b03..a222bf48a8 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/LdapUtils.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/LdapUtils.java
@@ -47,7 +47,6 @@ public final class LdapUtils {
 		if (ctx instanceof DirContextAdapter) {
 			return;
 		}
-
 		try {
 			if (ctx != null) {
 				ctx.close();
@@ -81,24 +80,17 @@ public final class LdapUtils {
 	 * @throws NamingException any exceptions thrown by the context are propagated.
 	 */
 	public static String getRelativeName(String fullDn, Context baseCtx) throws NamingException {
-
 		String baseDn = baseCtx.getNameInNamespace();
-
 		if (baseDn.length() == 0) {
 			return fullDn;
 		}
-
 		DistinguishedName base = new DistinguishedName(baseDn);
 		DistinguishedName full = new DistinguishedName(fullDn);
-
 		if (base.equals(full)) {
 			return "";
 		}
-
 		Assert.isTrue(full.startsWith(base), "Full DN does not start with base DN");
-
 		full.removeFirst(base);
-
 		return full.toString();
 	}
 
@@ -108,28 +100,22 @@ public final class LdapUtils {
 	 */
 	public static DistinguishedName getFullDn(DistinguishedName dn, Context baseCtx) throws NamingException {
 		DistinguishedName baseDn = new DistinguishedName(baseCtx.getNameInNamespace());
-
 		if (dn.contains(baseDn)) {
 			return dn;
 		}
-
 		baseDn.append(dn);
-
 		return baseDn;
 	}
 
 	public static String convertPasswordToString(Object passObj) {
 		Assert.notNull(passObj, "Password object to convert must not be null");
-
 		if (passObj instanceof byte[]) {
 			return Utf8.decode((byte[]) passObj);
 		}
-		else if (passObj instanceof String) {
+		if (passObj instanceof String) {
 			return (String) passObj;
 		}
-		else {
-			throw new IllegalArgumentException("Password object was not a String or byte array.");
-		}
+		throw new IllegalArgumentException("Password object was not a String or byte array.");
 	}
 
 	/**
@@ -143,9 +129,7 @@ public final class LdapUtils {
 	 */
 	public static String parseRootDnFromUrl(String url) {
 		Assert.hasLength(url, "url must have length");
-
 		String urlRootDn;
-
 		if (url.startsWith("ldap:") || url.startsWith("ldaps:")) {
 			URI uri = parseLdapUrl(url);
 			urlRootDn = uri.getRawPath();
@@ -154,11 +138,9 @@ public final class LdapUtils {
 			// Assume it's an embedded server
 			urlRootDn = url;
 		}
-
 		if (urlRootDn.startsWith("/")) {
 			urlRootDn = urlRootDn.substring(1);
 		}
-
 		return urlRootDn;
 	}
 
@@ -173,14 +155,11 @@ public final class LdapUtils {
 
 	private static URI parseLdapUrl(String url) {
 		Assert.hasLength(url, "url must have length");
-
 		try {
 			return new URI(url);
 		}
 		catch (URISyntaxException ex) {
-			IllegalArgumentException iae = new IllegalArgumentException("Unable to parse url: " + url);
-			iae.initCause(ex);
-			throw iae;
+			throw new IllegalArgumentException("Unable to parse url: " + url, ex);
 		}
 	}
 
diff --git a/ldap/src/main/java/org/springframework/security/ldap/SpringSecurityLdapTemplate.java b/ldap/src/main/java/org/springframework/security/ldap/SpringSecurityLdapTemplate.java
index ce0b69e61b..08c281b1e9 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/SpringSecurityLdapTemplate.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/SpringSecurityLdapTemplate.java
@@ -37,6 +37,7 @@ import javax.naming.directory.SearchResult;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
+import org.springframework.core.log.LogMessage;
 import org.springframework.dao.IncorrectResultSizeDataAccessException;
 import org.springframework.ldap.core.ContextExecutor;
 import org.springframework.ldap.core.ContextMapper;
@@ -46,6 +47,7 @@ import org.springframework.ldap.core.DirContextOperations;
 import org.springframework.ldap.core.DistinguishedName;
 import org.springframework.ldap.core.LdapTemplate;
 import org.springframework.util.Assert;
+import org.springframework.util.ObjectUtils;
 
 /**
  * Extension of Spring LDAP's LdapTemplate class which adds extra functionality required
@@ -76,7 +78,6 @@ public class SpringSecurityLdapTemplate extends LdapTemplate {
 	public SpringSecurityLdapTemplate(ContextSource contextSource) {
 		Assert.notNull(contextSource, "ContextSource cannot be null");
 		setContextSource(contextSource);
-
 		this.searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE);
 	}
 
@@ -88,31 +89,18 @@ public class SpringSecurityLdapTemplate extends LdapTemplate {
 	 * @param value the value to be checked against the directory value
 	 * @return true if the supplied value matches that in the directory
 	 */
-	public boolean compare(final String dn, final String attributeName, final Object value) {
-		final String comparisonFilter = "(" + attributeName + "={0})";
-
-		class LdapCompareCallback implements ContextExecutor {
-
-			@Override
-			public Object executeWithContext(DirContext ctx) throws NamingException {
-				SearchControls ctls = new SearchControls();
-				ctls.setReturningAttributes(NO_ATTRS);
-				ctls.setSearchScope(SearchControls.OBJECT_SCOPE);
-
-				NamingEnumeration<SearchResult> results = ctx.search(dn, comparisonFilter, new Object[] { value },
-						ctls);
-
-				Boolean match = results.hasMore();
-				LdapUtils.closeEnumeration(results);
-
-				return match;
-			}
-
-		}
-
-		Boolean matches = (Boolean) executeReadOnly(new LdapCompareCallback());
-
-		return matches;
+	public boolean compare(String dn, String attributeName, Object value) {
+		String comparisonFilter = "(" + attributeName + "={0})";
+		return executeReadOnly((ctx) -> {
+			SearchControls searchControls = new SearchControls();
+			searchControls.setReturningAttributes(NO_ATTRS);
+			searchControls.setSearchScope(SearchControls.OBJECT_SCOPE);
+			Object[] params = new Object[] { value };
+			NamingEnumeration<SearchResult> results = ctx.search(dn, comparisonFilter, params, searchControls);
+			Boolean match = results.hasMore();
+			LdapUtils.closeEnumeration(results);
+			return match;
+		});
 	}
 
 	/**
@@ -123,12 +111,8 @@ public class SpringSecurityLdapTemplate extends LdapTemplate {
 	 * @return the object created by the mapper
 	 */
 	public DirContextOperations retrieveEntry(final String dn, final String[] attributesToRetrieve) {
-
 		return (DirContextOperations) executeReadOnly((ContextExecutor) (ctx) -> {
 			Attributes attrs = ctx.getAttributes(dn, attributesToRetrieve);
-
-			// Object object = ctx.lookup(LdapUtils.getRelativeName(dn, ctx));
-
 			return new DirContextAdapter(attrs, new DistinguishedName(dn),
 					new DistinguishedName(ctx.getNameInNamespace()));
 		});
@@ -174,27 +158,23 @@ public class SpringSecurityLdapTemplate extends LdapTemplate {
 	 * entries. The attribute name is the key for each set of values. In addition each map
 	 * contains the DN as a String with the key predefined key {@link #DN_KEY}.
 	 */
-	public Set<Map<String, List<String>>> searchForMultipleAttributeValues(final String base, final String filter,
-			final Object[] params, final String[] attributeNames) {
+	public Set<Map<String, List<String>>> searchForMultipleAttributeValues(String base, String filter, Object[] params,
+			String[] attributeNames) {
 		// Escape the params acording to RFC2254
 		Object[] encodedParams = new String[params.length];
-
 		for (int i = 0; i < params.length; i++) {
 			encodedParams[i] = LdapEncoder.filterEncode(params[i].toString());
 		}
-
 		String formattedFilter = MessageFormat.format(filter, encodedParams);
-		logger.debug("Using filter: " + formattedFilter);
-
-		final HashSet<Map<String, List<String>>> set = new HashSet<>();
-
+		logger.debug(LogMessage.format("Using filter: %s", formattedFilter));
+		HashSet<Map<String, List<String>>> result = new HashSet<>();
 		ContextMapper roleMapper = (ctx) -> {
 			DirContextAdapter adapter = (DirContextAdapter) ctx;
 			Map<String, List<String>> record = new HashMap<>();
-			if (attributeNames == null || attributeNames.length == 0) {
+			if (ObjectUtils.isEmpty(attributeNames)) {
 				try {
-					for (NamingEnumeration ae = adapter.getAttributes().getAll(); ae.hasMore();) {
-						Attribute attr = (Attribute) ae.next();
+					for (NamingEnumeration enumeration = adapter.getAttributes().getAll(); enumeration.hasMore();) {
+						Attribute attr = (Attribute) enumeration.next();
 						extractStringAttributeValues(adapter, record, attr.getID());
 					}
 				}
@@ -208,17 +188,14 @@ public class SpringSecurityLdapTemplate extends LdapTemplate {
 				}
 			}
 			record.put(DN_KEY, Arrays.asList(getAdapterDN(adapter)));
-			set.add(record);
+			result.add(record);
 			return null;
 		};
-
 		SearchControls ctls = new SearchControls();
 		ctls.setSearchScope(this.searchControls.getSearchScope());
 		ctls.setReturningAttributes((attributeNames != null && attributeNames.length > 0) ? attributeNames : null);
-
 		search(base, formattedFilter, ctls, roleMapper);
-
-		return set;
+		return result;
 	}
 
 	/**
@@ -246,27 +223,23 @@ public class SpringSecurityLdapTemplate extends LdapTemplate {
 			String attributeName) {
 		Object[] values = adapter.getObjectAttributes(attributeName);
 		if (values == null || values.length == 0) {
-			if (logger.isDebugEnabled()) {
-				logger.debug("No attribute value found for '" + attributeName + "'");
-			}
+			logger.debug(LogMessage.format("No attribute value found for '%s'", attributeName));
 			return;
 		}
-		List<String> svalues = new ArrayList<>();
-		for (Object o : values) {
-			if (o != null) {
-				if (String.class.isAssignableFrom(o.getClass())) {
-					svalues.add((String) o);
+		List<String> stringValues = new ArrayList<>();
+		for (Object value : values) {
+			if (value != null) {
+				if (String.class.isAssignableFrom(value.getClass())) {
+					stringValues.add((String) value);
 				}
 				else {
-					if (logger.isDebugEnabled()) {
-						logger.debug("Attribute:" + attributeName + " contains a non string value of type["
-								+ o.getClass() + "]");
-					}
-					svalues.add(o.toString());
+					logger.debug(LogMessage.format("Attribute:%s contains a non string value of type[%s]",
+							attributeName, value.getClass()));
+					stringValues.add(value.toString());
 				}
 			}
 		}
-		record.put(attributeName, svalues);
+		record.put(attributeName, stringValues);
 	}
 
 	/**
@@ -283,8 +256,7 @@ public class SpringSecurityLdapTemplate extends LdapTemplate {
 	 * @throws IncorrectResultSizeDataAccessException if no results are found or the
 	 * search returns more than one result.
 	 */
-	public DirContextOperations searchForSingleEntry(final String base, final String filter, final Object[] params) {
-
+	public DirContextOperations searchForSingleEntry(String base, String filter, Object[] params) {
 		return (DirContextOperations) executeReadOnly((ContextExecutor) (ctx) -> searchForSingleEntryInternal(ctx,
 				this.searchControls, base, filter, params));
 	}
@@ -298,22 +270,15 @@ public class SpringSecurityLdapTemplate extends LdapTemplate {
 		final DistinguishedName searchBaseDn = new DistinguishedName(base);
 		final NamingEnumeration<SearchResult> resultsEnum = ctx.search(searchBaseDn, filter, params,
 				buildControls(searchControls));
-
-		if (logger.isDebugEnabled()) {
-			logger.debug("Searching for entry under DN '" + ctxBaseDn + "', base = '" + searchBaseDn + "', filter = '"
-					+ filter + "'");
-		}
-
+		logger.debug(LogMessage.format("Searching for entry under DN '%s', base = '%s', filter = '%s'", ctxBaseDn,
+				searchBaseDn, filter));
 		Set<DirContextOperations> results = new HashSet<>();
 		try {
 			while (resultsEnum.hasMore()) {
 				SearchResult searchResult = resultsEnum.next();
 				DirContextAdapter dca = (DirContextAdapter) searchResult.getObject();
 				Assert.notNull(dca, "No object returned by search, DirContext is not correctly configured");
-
-				if (logger.isDebugEnabled()) {
-					logger.debug("Found DN: " + dca.getDn());
-				}
+				logger.debug(LogMessage.format("Found DN: %s", dca.getDn()));
 				results.add(dca);
 			}
 		}
@@ -321,15 +286,9 @@ public class SpringSecurityLdapTemplate extends LdapTemplate {
 			LdapUtils.closeEnumeration(resultsEnum);
 			logger.info("Ignoring PartialResultException");
 		}
-
-		if (results.size() == 0) {
-			throw new IncorrectResultSizeDataAccessException(1, 0);
-		}
-
-		if (results.size() > 1) {
+		if (results.size() != 1) {
 			throw new IncorrectResultSizeDataAccessException(1, results.size());
 		}
-
 		return results.iterator().next();
 	}
 
diff --git a/ldap/src/main/java/org/springframework/security/ldap/authentication/AbstractLdapAuthenticationProvider.java b/ldap/src/main/java/org/springframework/security/ldap/authentication/AbstractLdapAuthenticationProvider.java
index c8cc25f645..69dd517de6 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/authentication/AbstractLdapAuthenticationProvider.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/authentication/AbstractLdapAuthenticationProvider.java
@@ -24,6 +24,7 @@ import org.apache.commons.logging.LogFactory;
 import org.springframework.context.MessageSource;
 import org.springframework.context.MessageSourceAware;
 import org.springframework.context.support.MessageSourceAccessor;
+import org.springframework.core.log.LogMessage;
 import org.springframework.ldap.core.DirContextOperations;
 import org.springframework.security.authentication.AuthenticationProvider;
 import org.springframework.security.authentication.BadCredentialsException;
@@ -64,33 +65,22 @@ public abstract class AbstractLdapAuthenticationProvider implements Authenticati
 		Assert.isInstanceOf(UsernamePasswordAuthenticationToken.class, authentication,
 				() -> this.messages.getMessage("LdapAuthenticationProvider.onlySupports",
 						"Only UsernamePasswordAuthenticationToken is supported"));
-
-		final UsernamePasswordAuthenticationToken userToken = (UsernamePasswordAuthenticationToken) authentication;
-
+		UsernamePasswordAuthenticationToken userToken = (UsernamePasswordAuthenticationToken) authentication;
 		String username = userToken.getName();
 		String password = (String) authentication.getCredentials();
-
-		if (this.logger.isDebugEnabled()) {
-			this.logger.debug("Processing authentication request for user: " + username);
-		}
-
+		this.logger.debug(LogMessage.format("Processing authentication request for user: %s", username));
 		if (!StringUtils.hasLength(username)) {
 			throw new BadCredentialsException(
 					this.messages.getMessage("LdapAuthenticationProvider.emptyUsername", "Empty Username"));
 		}
-
 		if (!StringUtils.hasLength(password)) {
 			throw new BadCredentialsException(
 					this.messages.getMessage("AbstractLdapAuthenticationProvider.emptyPassword", "Empty Password"));
 		}
-
 		Assert.notNull(password, "Null password was supplied in authentication token");
-
 		DirContextOperations userData = doAuthentication(userToken);
-
 		UserDetails user = this.userDetailsContextMapper.mapUserFromContext(userData, authentication.getName(),
 				loadUserAuthorities(userData, authentication.getName(), (String) authentication.getCredentials()));
-
 		return createSuccessfulAuthentication(userToken, user);
 	}
 
@@ -111,11 +101,9 @@ public abstract class AbstractLdapAuthenticationProvider implements Authenticati
 			UserDetails user) {
 		Object password = this.useAuthenticationRequestCredentials ? authentication.getCredentials()
 				: user.getPassword();
-
 		UsernamePasswordAuthenticationToken result = new UsernamePasswordAuthenticationToken(user, password,
 				this.authoritiesMapper.mapAuthorities(user.getAuthorities()));
 		result.setDetails(authentication.getDetails());
-
 		return result;
 	}
 
diff --git a/ldap/src/main/java/org/springframework/security/ldap/authentication/AbstractLdapAuthenticator.java b/ldap/src/main/java/org/springframework/security/ldap/authentication/AbstractLdapAuthenticator.java
index e3f5148c8b..346aa1ca4d 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/authentication/AbstractLdapAuthenticator.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/authentication/AbstractLdapAuthenticator.java
@@ -91,16 +91,13 @@ public abstract class AbstractLdapAuthenticator implements LdapAuthenticator, In
 		if (this.userDnFormat == null) {
 			return Collections.emptyList();
 		}
-
 		List<String> userDns = new ArrayList<>(this.userDnFormat.length);
 		String[] args = new String[] { LdapEncoder.nameEncode(username) };
-
 		synchronized (this.userDnFormat) {
 			for (MessageFormat formatter : this.userDnFormat) {
 				userDns.add(formatter.format(args));
 			}
 		}
-
 		return userDns;
 	}
 
@@ -134,7 +131,6 @@ public abstract class AbstractLdapAuthenticator implements LdapAuthenticator, In
 		Assert.notNull(dnPattern, "The array of DN patterns cannot be set to null");
 		// this.userDnPattern = dnPattern;
 		this.userDnFormat = new MessageFormat[dnPattern.length];
-
 		for (int i = 0; i < dnPattern.length; i++) {
 			this.userDnFormat[i] = new MessageFormat(dnPattern[i]);
 		}
diff --git a/ldap/src/main/java/org/springframework/security/ldap/authentication/BindAuthenticator.java b/ldap/src/main/java/org/springframework/security/ldap/authentication/BindAuthenticator.java
index ccac1f3822..1c4fa66eff 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/authentication/BindAuthenticator.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/authentication/BindAuthenticator.java
@@ -22,6 +22,7 @@ import javax.naming.directory.DirContext;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
+import org.springframework.core.log.LogMessage;
 import org.springframework.ldap.NamingException;
 import org.springframework.ldap.core.DirContextAdapter;
 import org.springframework.ldap.core.DirContextOperations;
@@ -51,7 +52,6 @@ public class BindAuthenticator extends AbstractLdapAuthenticator {
 	 * provided.
 	 * @param contextSource the BaseLdapPathContextSource instance against which bind
 	 * operations will be performed.
-	 *
 	 */
 	public BindAuthenticator(BaseLdapPathContextSource contextSource) {
 		super(contextSource);
@@ -62,37 +62,30 @@ public class BindAuthenticator extends AbstractLdapAuthenticator {
 		DirContextOperations user = null;
 		Assert.isInstanceOf(UsernamePasswordAuthenticationToken.class, authentication,
 				"Can only process UsernamePasswordAuthenticationToken objects");
-
 		String username = authentication.getName();
 		String password = (String) authentication.getCredentials();
-
 		if (!StringUtils.hasLength(password)) {
-			logger.debug("Rejecting empty password for user " + username);
+			logger.debug(LogMessage.format("Rejecting empty password for user %s", username));
 			throw new BadCredentialsException(
 					this.messages.getMessage("BindAuthenticator.emptyPassword", "Empty Password"));
 		}
-
 		// If DN patterns are configured, try authenticating with them directly
 		for (String dn : getUserDns(username)) {
 			user = bindWithDn(dn, username, password);
-
 			if (user != null) {
 				break;
 			}
 		}
-
 		// Otherwise use the configured search object to find the user and authenticate
 		// with the returned DN.
 		if (user == null && getUserSearch() != null) {
 			DirContextOperations userFromSearch = getUserSearch().searchForUser(username);
 			user = bindWithDn(userFromSearch.getDn().toString(), username, password, userFromSearch.getAttributes());
 		}
-
 		if (user == null) {
 			throw new BadCredentialsException(
 					this.messages.getMessage("BindAuthenticator.badCredentials", "Bad credentials"));
 		}
-
 		return user;
 	}
 
@@ -105,26 +98,20 @@ public class BindAuthenticator extends AbstractLdapAuthenticator {
 		DistinguishedName userDn = new DistinguishedName(userDnStr);
 		DistinguishedName fullDn = new DistinguishedName(userDn);
 		fullDn.prepend(ctxSource.getBaseLdapPath());
-
-		logger.debug("Attempting to bind as " + fullDn);
-
+		logger.debug(LogMessage.format("Attempting to bind as %s", fullDn));
 		DirContext ctx = null;
 		try {
 			ctx = getContextSource().getContext(fullDn.toString(), password);
 			// Check for password policy control
 			PasswordPolicyControl ppolicy = PasswordPolicyControlExtractor.extractControl(ctx);
-
 			logger.debug("Retrieving attributes...");
 			if (attrs == null || attrs.size() == 0) {
 				attrs = ctx.getAttributes(userDn, getUserAttributes());
 			}
-
 			DirContextAdapter result = new DirContextAdapter(attrs, userDn, ctxSource.getBaseLdapPath());
-
 			if (ppolicy != null) {
 				result.setAttributeValue(ppolicy.getID(), ppolicy);
 			}
-
 			return result;
 		}
 		catch (NamingException ex) {
@@ -145,7 +132,6 @@ public class BindAuthenticator extends AbstractLdapAuthenticator {
 		finally {
 			LdapUtils.closeContext(ctx);
 		}
-
 		return null;
 	}
 
@@ -155,9 +141,7 @@ public class BindAuthenticator extends AbstractLdapAuthenticator {
 	 * logger.
 	 */
 	protected void handleBindException(String userDn, String username, Throwable cause) {
-		if (logger.isDebugEnabled()) {
-			logger.debug("Failed to bind as " + userDn + ": " + cause);
-		}
+		logger.debug(LogMessage.format("Failed to bind as %s: %s", userDn, cause));
 	}
 
 }
diff --git a/ldap/src/main/java/org/springframework/security/ldap/authentication/LdapAuthenticationProvider.java b/ldap/src/main/java/org/springframework/security/ldap/authentication/LdapAuthenticationProvider.java
index 6cf5d300b2..9b4573a0db 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/authentication/LdapAuthenticationProvider.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/authentication/LdapAuthenticationProvider.java
@@ -173,23 +173,21 @@ public class LdapAuthenticationProvider extends AbstractLdapAuthenticationProvid
 		try {
 			return getAuthenticator().authenticate(authentication);
 		}
-		catch (PasswordPolicyException ppe) {
+		catch (PasswordPolicyException ex) {
 			// The only reason a ppolicy exception can occur during a bind is that the
 			// account is locked.
 			throw new LockedException(
-					this.messages.getMessage(ppe.getStatus().getErrorCode(), ppe.getStatus().getDefaultMessage()));
+					this.messages.getMessage(ex.getStatus().getErrorCode(), ex.getStatus().getDefaultMessage()));
 		}
-		catch (UsernameNotFoundException notFound) {
+		catch (UsernameNotFoundException ex) {
 			if (this.hideUserNotFoundExceptions) {
 				throw new BadCredentialsException(
 						this.messages.getMessage("LdapAuthenticationProvider.badCredentials", "Bad credentials"));
 			}
-			else {
-				throw notFound;
-			}
+			throw ex;
 		}
-		catch (NamingException ldapAccessFailure) {
-			throw new InternalAuthenticationServiceException(ldapAccessFailure.getMessage(), ldapAccessFailure);
+		catch (NamingException ex) {
+			throw new InternalAuthenticationServiceException(ex.getMessage(), ex);
 		}
 	}
 
diff --git a/ldap/src/main/java/org/springframework/security/ldap/authentication/LdapEncoder.java b/ldap/src/main/java/org/springframework/security/ldap/authentication/LdapEncoder.java
index ae6d6c67c7..f79f4843ae 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/authentication/LdapEncoder.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/authentication/LdapEncoder.java
@@ -34,18 +34,11 @@ final class LdapEncoder {
 	private static final int HEX = 16;
 
 	private static String[] NAME_ESCAPE_TABLE = new String[96];
-
-	private static String[] FILTER_ESCAPE_TABLE = new String['\\' + 1];
-
 	static {
-
-		// Name encoding table -------------------------------------
-
 		// all below 0x20 (control chars)
 		for (char c = 0; c < ' '; c++) {
 			NAME_ESCAPE_TABLE[c] = "\\" + toTwoCharHex(c);
 		}
-
 		NAME_ESCAPE_TABLE['#'] = "\\#";
 		NAME_ESCAPE_TABLE[','] = "\\,";
 		NAME_ESCAPE_TABLE[';'] = "\\;";
@@ -55,21 +48,21 @@ final class LdapEncoder {
 		NAME_ESCAPE_TABLE['>'] = "\\>";
 		NAME_ESCAPE_TABLE['\"'] = "\\\"";
 		NAME_ESCAPE_TABLE['\\'] = "\\\\";
+	}
 
-		// Filter encoding table -------------------------------------
+	private static String[] FILTER_ESCAPE_TABLE = new String['\\' + 1];
 
+	static {
 		// fill with char itself
 		for (char c = 0; c < FILTER_ESCAPE_TABLE.length; c++) {
 			FILTER_ESCAPE_TABLE[c] = String.valueOf(c);
 		}
-
 		// escapes (RFC2254)
 		FILTER_ESCAPE_TABLE['*'] = "\\2a";
 		FILTER_ESCAPE_TABLE['('] = "\\28";
 		FILTER_ESCAPE_TABLE[')'] = "\\29";
 		FILTER_ESCAPE_TABLE['\\'] = "\\5c";
 		FILTER_ESCAPE_TABLE[0] = "\\00";
-
 	}
 
 	/**
@@ -79,15 +72,8 @@ final class LdapEncoder {
 	}
 
 	protected static String toTwoCharHex(char c) {
-
 		String raw = Integer.toHexString(c).toUpperCase();
-
-		if (raw.length() > 1) {
-			return raw;
-		}
-		else {
-			return "0" + raw;
-		}
+		return (raw.length() > 1) ? raw : "0" + raw;
 	}
 
 	/**
@@ -96,29 +82,15 @@ final class LdapEncoder {
 	 * @return a properly escaped representation of the supplied value.
 	 */
 	static String filterEncode(String value) {
-
 		if (value == null) {
 			return null;
 		}
-
-		// make buffer roomy
 		StringBuilder encodedValue = new StringBuilder(value.length() * 2);
-
 		int length = value.length();
-
 		for (int i = 0; i < length; i++) {
-
-			char c = value.charAt(i);
-
-			if (c < FILTER_ESCAPE_TABLE.length) {
-				encodedValue.append(FILTER_ESCAPE_TABLE[c]);
-			}
-			else {
-				// default: add the char
-				encodedValue.append(c);
-			}
+			char ch = value.charAt(i);
+			encodedValue.append((ch < FILTER_ESCAPE_TABLE.length) ? FILTER_ESCAPE_TABLE[ch] : ch);
 		}
-
 		return encodedValue.toString();
 	}
 
@@ -141,43 +113,31 @@ final class LdapEncoder {
 	 * @return The escaped value.
 	 */
 	static String nameEncode(String value) {
-
 		if (value == null) {
 			return null;
 		}
-
-		// make buffer roomy
 		StringBuilder encodedValue = new StringBuilder(value.length() * 2);
-
 		int length = value.length();
 		int last = length - 1;
-
 		for (int i = 0; i < length; i++) {
-
 			char c = value.charAt(i);
-
 			// space first or last
 			if (c == ' ' && (i == 0 || i == last)) {
 				encodedValue.append("\\ ");
 				continue;
 			}
-
+			// check in table for escapes
 			if (c < NAME_ESCAPE_TABLE.length) {
-				// check in table for escapes
 				String esc = NAME_ESCAPE_TABLE[c];
-
 				if (esc != null) {
 					encodedValue.append(esc);
 					continue;
 				}
 			}
-
 			// default: add the char
 			encodedValue.append(c);
 		}
-
 		return encodedValue.toString();
-
 	}
 
 	/**
@@ -188,43 +148,32 @@ final class LdapEncoder {
 	 * @throws BadLdapGrammarException
 	 */
 	static String nameDecode(String value) throws BadLdapGrammarException {
-
 		if (value == null) {
 			return null;
 		}
-
-		// make buffer same size
 		StringBuilder decoded = new StringBuilder(value.length());
-
 		int i = 0;
 		while (i < value.length()) {
 			char currentChar = value.charAt(i);
 			if (currentChar == '\\') {
+				// Ending with a single backslash is not allowed
 				if (value.length() <= i + 1) {
-					// Ending with a single backslash is not allowed
 					throw new BadLdapGrammarException("Unexpected end of value " + "unterminated '\\'");
 				}
+				char nextChar = value.charAt(i + 1);
+				if (isNormalBackslashEscape(nextChar)) {
+					decoded.append(nextChar);
+					i += 2;
+				}
 				else {
-					char nextChar = value.charAt(i + 1);
-					if (nextChar == ',' || nextChar == '=' || nextChar == '+' || nextChar == '<' || nextChar == '>'
-							|| nextChar == '#' || nextChar == ';' || nextChar == '\\' || nextChar == '\"'
-							|| nextChar == ' ') {
-						// Normal backslash escape
-						decoded.append(nextChar);
-						i += 2;
-					}
-					else {
-						if (value.length() <= i + 2) {
-							throw new BadLdapGrammarException(
-									"Unexpected end of value " + "expected special or hex, found '" + nextChar + "'");
-						}
-						else {
-							// This should be a hex value
-							String hexString = "" + nextChar + value.charAt(i + 2);
-							decoded.append((char) Integer.parseInt(hexString, HEX));
-							i += 3;
-						}
+					if (value.length() <= i + 2) {
+						throw new BadLdapGrammarException(
+								"Unexpected end of value " + "expected special or hex, found '" + nextChar + "'");
 					}
+					// This should be a hex value
+					String hexString = "" + nextChar + value.charAt(i + 2);
+					decoded.append((char) Integer.parseInt(hexString, HEX));
+					i += 3;
 				}
 			}
 			else {
@@ -238,4 +187,9 @@ final class LdapEncoder {
 
 	}
 
+	private static boolean isNormalBackslashEscape(char nextChar) {
+		return nextChar == ',' || nextChar == '=' || nextChar == '+' || nextChar == '<' || nextChar == '>'
+				|| nextChar == '#' || nextChar == ';' || nextChar == '\\' || nextChar == '\"' || nextChar == ' ';
+	}
+
 }
diff --git a/ldap/src/main/java/org/springframework/security/ldap/authentication/PasswordComparisonAuthenticator.java b/ldap/src/main/java/org/springframework/security/ldap/authentication/PasswordComparisonAuthenticator.java
index 790b513f7e..a64b8b0368 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/authentication/PasswordComparisonAuthenticator.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/authentication/PasswordComparisonAuthenticator.java
@@ -19,6 +19,7 @@ package org.springframework.security.ldap.authentication;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
+import org.springframework.core.log.LogMessage;
 import org.springframework.ldap.NameNotFoundException;
 import org.springframework.ldap.core.DirContextOperations;
 import org.springframework.ldap.core.support.BaseLdapPathContextSource;
@@ -66,13 +67,10 @@ public final class PasswordComparisonAuthenticator extends AbstractLdapAuthentic
 		Assert.isInstanceOf(UsernamePasswordAuthenticationToken.class, authentication,
 				"Can only process UsernamePasswordAuthenticationToken objects");
 		// locate the user and check the password
-
 		DirContextOperations user = null;
 		String username = authentication.getName();
 		String password = (String) authentication.getCredentials();
-
 		SpringSecurityLdapTemplate ldapTemplate = new SpringSecurityLdapTemplate(getContextSource());
-
 		for (String userDn : getUserDns(username)) {
 			try {
 				user = ldapTemplate.retrieveEntry(userDn, getUserAttributes());
@@ -83,24 +81,20 @@ public final class PasswordComparisonAuthenticator extends AbstractLdapAuthentic
 				break;
 			}
 		}
-
 		if (user == null && getUserSearch() != null) {
 			user = getUserSearch().searchForUser(username);
 		}
-
 		if (user == null) {
 			throw new UsernameNotFoundException("User not found: " + username);
 		}
-
 		if (logger.isDebugEnabled()) {
-			logger.debug("Performing LDAP compare of password attribute '" + this.passwordAttributeName + "' for user '"
-					+ user.getDn() + "'");
+			logger.debug(LogMessage.format("Performing LDAP compare of password attribute '%s' for user '%s'",
+					this.passwordAttributeName, user.getDn()));
 		}
-
 		if (this.usePasswordAttrCompare && isPasswordAttrCompare(user, password)) {
 			return user;
 		}
-		else if (isLdapPasswordCompare(user, ldapTemplate, password)) {
+		if (isLdapPasswordCompare(user, ldapTemplate, password)) {
 			return user;
 		}
 		throw new BadCredentialsException(
diff --git a/ldap/src/main/java/org/springframework/security/ldap/authentication/SpringSecurityAuthenticationSource.java b/ldap/src/main/java/org/springframework/security/ldap/authentication/SpringSecurityAuthenticationSource.java
index abafcb7e8b..14584623fc 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/authentication/SpringSecurityAuthenticationSource.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/authentication/SpringSecurityAuthenticationSource.java
@@ -47,28 +47,21 @@ public class SpringSecurityAuthenticationSource implements AuthenticationSource
 	@Override
 	public String getPrincipal() {
 		Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
-
 		if (authentication == null) {
 			log.warn("No Authentication object set in SecurityContext - returning empty String as Principal");
 			return "";
 		}
-
 		Object principal = authentication.getPrincipal();
-
 		if (principal instanceof LdapUserDetails) {
 			LdapUserDetails details = (LdapUserDetails) principal;
 			return details.getDn();
 		}
-		else if (authentication instanceof AnonymousAuthenticationToken) {
-			if (log.isDebugEnabled()) {
-				log.debug("Anonymous Authentication, returning empty String as Principal");
-			}
+		if (authentication instanceof AnonymousAuthenticationToken) {
+			log.debug("Anonymous Authentication, returning empty String as Principal");
 			return "";
 		}
-		else {
-			throw new IllegalArgumentException(
-					"The principal property of the authentication object" + "needs to be an LdapUserDetails.");
-		}
+		throw new IllegalArgumentException(
+				"The principal property of the authentication object" + "needs to be an LdapUserDetails.");
 	}
 
 	/**
@@ -77,12 +70,10 @@ public class SpringSecurityAuthenticationSource implements AuthenticationSource
 	@Override
 	public String getCredentials() {
 		Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
-
 		if (authentication == null) {
 			log.warn("No Authentication object set in SecurityContext - returning empty String as Credentials");
 			return "";
 		}
-
 		return (String) authentication.getCredentials();
 	}
 
diff --git a/ldap/src/main/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProvider.java b/ldap/src/main/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProvider.java
index 40b82b5d01..381b3c3179 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProvider.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProvider.java
@@ -22,6 +22,7 @@ import java.util.Arrays;
 import java.util.Collection;
 import java.util.HashMap;
 import java.util.Hashtable;
+import java.util.List;
 import java.util.Map;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
@@ -34,6 +35,7 @@ import javax.naming.directory.DirContext;
 import javax.naming.directory.SearchControls;
 import javax.naming.ldap.InitialLdapContext;
 
+import org.springframework.core.log.LogMessage;
 import org.springframework.dao.IncorrectResultSizeDataAccessException;
 import org.springframework.ldap.CommunicationException;
 import org.springframework.ldap.core.DirContextOperations;
@@ -161,7 +163,6 @@ public final class ActiveDirectoryLdapAuthenticationProvider extends AbstractLda
 		String username = auth.getName();
 		String password = (String) auth.getCredentials();
 		DirContext ctx = null;
-
 		try {
 			ctx = bindAsUser(username, password);
 			return searchForUser(ctx, username);
@@ -186,30 +187,23 @@ public final class ActiveDirectoryLdapAuthenticationProvider extends AbstractLda
 	protected Collection<? extends GrantedAuthority> loadUserAuthorities(DirContextOperations userData, String username,
 			String password) {
 		String[] groups = userData.getStringAttributes("memberOf");
-
 		if (groups == null) {
 			this.logger.debug("No values for 'memberOf' attribute.");
-
 			return AuthorityUtils.NO_AUTHORITIES;
 		}
-
 		if (this.logger.isDebugEnabled()) {
 			this.logger.debug("'memberOf' attribute values: " + Arrays.asList(groups));
 		}
-
-		ArrayList<GrantedAuthority> authorities = new ArrayList<>(groups.length);
-
+		List<GrantedAuthority> authorities = new ArrayList<>(groups.length);
 		for (String group : groups) {
 			authorities.add(new SimpleGrantedAuthority(new DistinguishedName(group).removeLast().getValue()));
 		}
-
 		return authorities;
 	}
 
 	private DirContext bindAsUser(String username, String password) {
 		// TODO. add DNS lookup based on domain
 		final String bindUrl = this.url;
-
 		Hashtable<String, Object> env = new Hashtable<>();
 		env.put(Context.SECURITY_AUTHENTICATION, "simple");
 		String bindPrincipal = createBindPrincipal(username);
@@ -219,7 +213,6 @@ public final class ActiveDirectoryLdapAuthenticationProvider extends AbstractLda
 		env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
 		env.put(Context.OBJECT_FACTORIES, DefaultDirObjectFactory.class.getName());
 		env.putAll(this.contextEnvironmentProperties);
-
 		try {
 			return this.contextFactory.createContext(env);
 		}
@@ -228,28 +221,20 @@ public final class ActiveDirectoryLdapAuthenticationProvider extends AbstractLda
 				handleBindException(bindPrincipal, ex);
 				throw badCredentials(ex);
 			}
-			else {
-				throw LdapUtils.convertLdapException(ex);
-			}
+			throw LdapUtils.convertLdapException(ex);
 		}
 	}
 
 	private void handleBindException(String bindPrincipal, NamingException exception) {
-		if (this.logger.isDebugEnabled()) {
-			this.logger.debug("Authentication for " + bindPrincipal + " failed:" + exception);
-		}
-
+		this.logger.debug(LogMessage.format("Authentication for %s failed:%s", bindPrincipal, exception));
 		handleResolveObj(exception);
-
 		int subErrorCode = parseSubErrorCode(exception.getMessage());
-
 		if (subErrorCode <= 0) {
 			this.logger.debug("Failed to locate AD-specific sub-error code in message");
 			return;
 		}
-
-		this.logger.info("Active Directory authentication failed: " + subCodeToLogMessage(subErrorCode));
-
+		this.logger.info(
+				LogMessage.of(() -> "Active Directory authentication failed: " + subCodeToLogMessage(subErrorCode)));
 		if (this.convertSubErrorCodesToExceptions) {
 			raiseExceptionForErrorCode(subErrorCode, exception);
 		}
@@ -264,12 +249,10 @@ public final class ActiveDirectoryLdapAuthenticationProvider extends AbstractLda
 	}
 
 	private int parseSubErrorCode(String message) {
-		Matcher m = SUB_ERROR_CODE.matcher(message);
-
-		if (m.matches()) {
-			return Integer.parseInt(m.group(1), 16);
+		Matcher matcher = SUB_ERROR_CODE.matcher(message);
+		if (matcher.matches()) {
+			return Integer.parseInt(matcher.group(1), 16);
 		}
-
 		return -1;
 	}
 
@@ -313,7 +296,6 @@ public final class ActiveDirectoryLdapAuthenticationProvider extends AbstractLda
 		case ACCOUNT_LOCKED:
 			return "Account locked";
 		}
-
 		return "Unknown (error code " + Integer.toHexString(code) + ")";
 	}
 
@@ -334,7 +316,6 @@ public final class ActiveDirectoryLdapAuthenticationProvider extends AbstractLda
 	private DirContextOperations searchForUser(DirContext context, String username) throws NamingException {
 		SearchControls searchControls = new SearchControls();
 		searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE);
-
 		String bindPrincipal = createBindPrincipal(username);
 		String searchRoot = (this.rootDn != null) ? this.rootDn : searchRootFromPrincipal(bindPrincipal);
 
@@ -342,45 +323,40 @@ public final class ActiveDirectoryLdapAuthenticationProvider extends AbstractLda
 			return SpringSecurityLdapTemplate.searchForSingleEntryInternal(context, searchControls, searchRoot,
 					this.searchFilter, new Object[] { bindPrincipal, username });
 		}
-		catch (CommunicationException ldapCommunicationException) {
-			throw badLdapConnection(ldapCommunicationException);
+		catch (CommunicationException ex) {
+			throw badLdapConnection(ex);
 		}
-		catch (IncorrectResultSizeDataAccessException incorrectResults) {
-			// Search should never return multiple results if properly configured - just
-			// rethrow
-			if (incorrectResults.getActualSize() != 0) {
-				throw incorrectResults;
+		catch (IncorrectResultSizeDataAccessException ex) {
+			// Search should never return multiple results if properly configured -
+			if (ex.getActualSize() != 0) {
+				throw ex;
 			}
 			// If we found no results, then the username/password did not match
 			UsernameNotFoundException userNameNotFoundException = new UsernameNotFoundException(
-					"User " + username + " not found in directory.", incorrectResults);
+					"User " + username + " not found in directory.", ex);
 			throw badCredentials(userNameNotFoundException);
 		}
 	}
 
 	private String searchRootFromPrincipal(String bindPrincipal) {
 		int atChar = bindPrincipal.lastIndexOf('@');
-
 		if (atChar < 0) {
 			this.logger.debug("User principal '" + bindPrincipal
 					+ "' does not contain the domain, and no domain has been configured");
 			throw badCredentials();
 		}
-
 		return rootDnFromDomain(bindPrincipal.substring(atChar + 1, bindPrincipal.length()));
 	}
 
 	private String rootDnFromDomain(String domain) {
 		String[] tokens = StringUtils.tokenizeToStringArray(domain, ".");
 		StringBuilder root = new StringBuilder();
-
 		for (String token : tokens) {
 			if (root.length() > 0) {
 				root.append(',');
 			}
 			root.append("dc=").append(token);
 		}
-
 		return root.toString();
 	}
 
@@ -388,7 +364,6 @@ public final class ActiveDirectoryLdapAuthenticationProvider extends AbstractLda
 		if (this.domain == null || username.toLowerCase().endsWith(this.domain)) {
 			return username;
 		}
-
 		return username + "@" + this.domain;
 	}
 
diff --git a/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyAwareContextSource.java b/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyAwareContextSource.java
index c364899d77..6fb79ffd4f 100755
--- a/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyAwareContextSource.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyAwareContextSource.java
@@ -23,6 +23,7 @@ import javax.naming.directory.DirContext;
 import javax.naming.ldap.Control;
 import javax.naming.ldap.LdapContext;
 
+import org.springframework.core.log.LogMessage;
 import org.springframework.ldap.support.LdapUtils;
 import org.springframework.security.ldap.DefaultSpringSecurityContextSource;
 
@@ -49,45 +50,30 @@ public class PasswordPolicyAwareContextSource extends DefaultSpringSecurityConte
 		if (principal.equals(this.userDn)) {
 			return super.getContext(principal, credentials);
 		}
-
-		final boolean debug = this.logger.isDebugEnabled();
-
-		if (debug) {
-			this.logger.debug("Binding as '" + this.userDn + "', prior to reconnect as user '" + principal + "'");
-		}
-
+		this.logger
+				.debug(LogMessage.format("Binding as '%s', prior to reconnect as user '%s'", this.userDn, principal));
 		// First bind as manager user before rebinding as the specific principal.
 		LdapContext ctx = (LdapContext) super.getContext(this.userDn, this.password);
-
 		Control[] rctls = { new PasswordPolicyControl(false) };
-
 		try {
 			ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, principal);
 			ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, credentials);
 			ctx.reconnect(rctls);
 		}
-		catch (javax.naming.NamingException ne) {
+		catch (javax.naming.NamingException ex) {
 			PasswordPolicyResponseControl ctrl = PasswordPolicyControlExtractor.extractControl(ctx);
-			if (debug) {
-				this.logger.debug("Failed to obtain context", ne);
+			if (this.logger.isDebugEnabled()) {
+				this.logger.debug("Failed to obtain context", ex);
 				this.logger.debug("Password policy response: " + ctrl);
 			}
-
 			LdapUtils.closeContext(ctx);
-
-			if (ctrl != null) {
-				if (ctrl.isLocked()) {
-					throw new PasswordPolicyException(ctrl.getErrorStatus());
-				}
+			if (ctrl != null && ctrl.isLocked()) {
+				throw new PasswordPolicyException(ctrl.getErrorStatus());
 			}
-
-			throw LdapUtils.convertLdapException(ne);
+			throw LdapUtils.convertLdapException(ex);
 		}
-
-		if (debug) {
-			this.logger.debug("PPolicy control returned: " + PasswordPolicyControlExtractor.extractControl(ctx));
-		}
-
+		this.logger.debug(
+				LogMessage.of(() -> "PPolicy control returned: " + PasswordPolicyControlExtractor.extractControl(ctx)));
 		return ctx;
 	}
 
@@ -95,9 +81,7 @@ public class PasswordPolicyAwareContextSource extends DefaultSpringSecurityConte
 	@SuppressWarnings("unchecked")
 	protected Hashtable getAuthenticatedEnv(String principal, String credentials) {
 		Hashtable env = super.getAuthenticatedEnv(principal, credentials);
-
 		env.put(LdapContext.CONTROL_FACTORIES, PasswordPolicyControlFactory.class.getName());
-
 		return env;
 	}
 
diff --git a/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControl.java b/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControl.java
index 36b5832c94..84eb48cdf9 100755
--- a/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControl.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControl.java
@@ -32,7 +32,9 @@ import javax.naming.ldap.Control;
  */
 public class PasswordPolicyControl implements Control {
 
-	/** OID of the Password Policy Control */
+	/**
+	 * OID of the Password Policy Control
+	 */
 	public static final String OID = "1.3.6.1.4.1.42.2.27.8.5.1";
 
 	private final boolean critical;
diff --git a/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControlExtractor.java b/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControlExtractor.java
index 6c6341bfd5..79f007e408 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControlExtractor.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControlExtractor.java
@@ -45,13 +45,11 @@ public final class PasswordPolicyControlExtractor {
 		catch (javax.naming.NamingException ex) {
 			logger.error("Failed to obtain response controls", ex);
 		}
-
 		for (int i = 0; ctrls != null && i < ctrls.length; i++) {
 			if (ctrls[i] instanceof PasswordPolicyResponseControl) {
 				return (PasswordPolicyResponseControl) ctrls[i];
 			}
 		}
-
 		return null;
 	}
 
diff --git a/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControlFactory.java b/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControlFactory.java
index 84780ae9f5..0bb3e274a2 100755
--- a/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControlFactory.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControlFactory.java
@@ -39,7 +39,6 @@ public class PasswordPolicyControlFactory extends ControlFactory {
 		if (ctl.getID().equals(PasswordPolicyControl.OID)) {
 			return new PasswordPolicyResponseControl(ctl.getEncodedValue());
 		}
-
 		return null;
 	}
 
diff --git a/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyErrorStatus.java b/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyErrorStatus.java
index 0b134f3daf..b81bc34eab 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyErrorStatus.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyErrorStatus.java
@@ -41,20 +41,24 @@ package org.springframework.security.ldap.ppolicy;
  */
 public enum PasswordPolicyErrorStatus {
 
-	PASSWORD_EXPIRED("ppolicy.expired", "Your password has expired"), ACCOUNT_LOCKED("ppolicy.locked",
-			"Account is locked"), CHANGE_AFTER_RESET("ppolicy.change.after.reset",
-					"Your password must be changed after being reset"), PASSWORD_MOD_NOT_ALLOWED(
-							"ppolicy.mod.not.allowed",
-							"Password cannot be changed"), MUST_SUPPLY_OLD_PASSWORD("ppolicy.must.supply.old.password",
-									"The old password must be supplied"), INSUFFICIENT_PASSWORD_QUALITY(
-											"ppolicy.insufficient.password.quality",
-											"The supplied password is of insufficient quality"), PASSWORD_TOO_SHORT(
-													"ppolicy.password.too.short",
-													"The supplied password is too short"), PASSWORD_TOO_YOUNG(
-															"ppolicy.password.too.young",
-															"Your password was changed too recently to be changed again"), PASSWORD_IN_HISTORY(
-																	"ppolicy.password.in.history",
-																	"The supplied password has already been used");
+	PASSWORD_EXPIRED("ppolicy.expired", "Your password has expired"),
+
+	ACCOUNT_LOCKED("ppolicy.locked", "Account is locked"),
+
+	CHANGE_AFTER_RESET("ppolicy.change.after.reset", "Your password must be changed after being reset"),
+
+	PASSWORD_MOD_NOT_ALLOWED("ppolicy.mod.not.allowed", "Password cannot be changed"),
+
+	MUST_SUPPLY_OLD_PASSWORD("ppolicy.must.supply.old.password", "The old password must be supplied"),
+
+	INSUFFICIENT_PASSWORD_QUALITY("ppolicy.insufficient.password.quality",
+			"The supplied password is of insufficient quality"),
+
+	PASSWORD_TOO_SHORT("ppolicy.password.too.short", "The supplied password is too short"),
+
+	PASSWORD_TOO_YOUNG("ppolicy.password.too.young", "Your password was changed too recently to be changed again"),
+
+	PASSWORD_IN_HISTORY("ppolicy.password.in.history", "The supplied password has already been used");
 
 	private final String errorCode;
 
diff --git a/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyResponseControl.java b/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyResponseControl.java
index da45f0db7f..bb1c8b0898 100755
--- a/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyResponseControl.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyResponseControl.java
@@ -77,10 +77,7 @@ public class PasswordPolicyResponseControl extends PasswordPolicyControl {
 	 */
 	public PasswordPolicyResponseControl(byte[] encodedValue) {
 		this.encodedValue = encodedValue;
-
-		// PPolicyDecoder decoder = new JLdapDecoder();
 		PPolicyDecoder decoder = new NetscapeDecoder();
-
 		try {
 			decoder.decode();
 		}
@@ -162,23 +159,18 @@ public class PasswordPolicyResponseControl extends PasswordPolicyControl {
 	@Override
 	public String toString() {
 		StringBuilder sb = new StringBuilder("PasswordPolicyResponseControl");
-
 		if (hasError()) {
 			sb.append(", error: ").append(this.errorStatus.getDefaultMessage());
 		}
-
 		if (this.graceLoginsRemaining != Integer.MAX_VALUE) {
 			sb.append(", warning: ").append(this.graceLoginsRemaining).append(" grace logins remain");
 		}
-
 		if (this.timeBeforeExpiration != Integer.MAX_VALUE) {
 			sb.append(", warning: time before expiration is ").append(this.timeBeforeExpiration);
 		}
-
 		if (!hasError() && !hasWarning()) {
 			sb.append(" (no error, no warning)");
 		}
-
 		return sb.toString();
 	}
 
@@ -198,24 +190,17 @@ public class PasswordPolicyResponseControl extends PasswordPolicyControl {
 			int[] bread = { 0 };
 			BERSequence seq = (BERSequence) BERElement.getElement(new SpecificTagDecoder(),
 					new ByteArrayInputStream(PasswordPolicyResponseControl.this.encodedValue), bread);
-
 			int size = seq.size();
-
 			if (logger.isDebugEnabled()) {
 				logger.debug("PasswordPolicyResponse, ASN.1 sequence has " + size + " elements");
 			}
-
 			for (int i = 0; i < seq.size(); i++) {
 				BERTag elt = (BERTag) seq.elementAt(i);
-
 				int tag = elt.getTag() & 0x1F;
-
 				if (tag == 0) {
 					BERChoice warning = (BERChoice) elt.getValue();
-
 					BERTag content = (BERTag) warning.getValue();
 					int value = ((BERInteger) content.getValue()).getValue();
-
 					if ((content.getTag() & 0x1F) == 0) {
 						PasswordPolicyResponseControl.this.timeBeforeExpiration = value;
 					}
@@ -241,19 +226,15 @@ public class PasswordPolicyResponseControl extends PasswordPolicyControl {
 					boolean[] implicit) throws IOException {
 				tag &= 0x1F;
 				implicit[0] = false;
-
 				if (tag == 0) {
 					// Either the choice or the time before expiry within it
 					if (this.inChoice == null) {
 						setInChoice(true);
-
 						// Read the choice length from the stream (ignored)
 						BERElement.readLengthOctets(stream, bytesRead);
-
 						int[] componentLength = new int[1];
 						BERElement choice = new BERChoice(decoder, stream, componentLength);
 						bytesRead[0] += componentLength[0];
-
 						// inChoice = null;
 						return choice;
 					}
@@ -267,7 +248,6 @@ public class PasswordPolicyResponseControl extends PasswordPolicyControl {
 					if (this.inChoice == null) {
 						// The enumeration
 						setInChoice(false);
-
 						return new BEREnumerated(stream, bytesRead);
 					}
 					else {
@@ -277,7 +257,6 @@ public class PasswordPolicyResponseControl extends PasswordPolicyControl {
 						}
 					}
 				}
-
 				throw new DataRetrievalFailureException("Unexpected tag " + tag);
 			}
 
@@ -289,67 +268,4 @@ public class PasswordPolicyResponseControl extends PasswordPolicyControl {
 
 	}
 
-	/** Decoder based on the OpenLDAP/Novell JLDAP library */
-
-	// private class JLdapDecoder implements PPolicyDecoder {
-	//
-	// public void decode() throws IOException {
-	//
-	// LBERDecoder decoder = new LBERDecoder();
-	//
-	// ASN1Sequence seq = (ASN1Sequence)decoder.decode(encodedValue);
-	//
-	// if(seq == null) {
-	//
-	// }
-	//
-	// int size = seq.size();
-	//
-	// if(logger.isDebugEnabled()) {
-	// logger.debug("PasswordPolicyResponse, ASN.1 sequence has " +
-	// size + " elements");
-	// }
-	//
-	// for(int i=0; i < size; i++) {
-	//
-	// ASN1Tagged taggedObject = (ASN1Tagged)seq.get(i);
-	//
-	// int tag = taggedObject.getIdentifier().getTag();
-	//
-	// ASN1OctetString value = (ASN1OctetString)taggedObject.taggedValue();
-	// byte[] content = value.byteValue();
-	//
-	// if(tag == 0) {
-	// parseWarning(content, decoder);
-	//
-	// } else if(tag == 1) {
-	// // Error: set the code to the value
-	// errorCode = content[0];
-	// }
-	// }
-	// }
-	//
-	// private void parseWarning(byte[] content, LBERDecoder decoder) {
-	// // It's the warning (choice). Parse the number and set either the
-	// // expiry time or number of logins remaining.
-	// ASN1Tagged taggedObject = (ASN1Tagged)decoder.decode(content);
-	// int contentTag = taggedObject.getIdentifier().getTag();
-	// content = ((ASN1OctetString)taggedObject.taggedValue()).byteValue();
-	// int number;
-	//
-	// try {
-	// number = ((Long)decoder.decodeNumeric(new ByteArrayInputStream(content),
-	// content.length)).intValue();
-	// } catch(IOException ex) {
-	// throw new LdapDataAccessException("Failed to parse number ", ex);
-	// }
-	//
-	// if(contentTag == 0) {
-	// timeBeforeExpiration = number;
-	// } else if (contentTag == 1) {
-	// graceLoginsRemaining = number;
-	// }
-	// }
-	// }
-
 }
diff --git a/ldap/src/main/java/org/springframework/security/ldap/search/FilterBasedLdapUserSearch.java b/ldap/src/main/java/org/springframework/security/ldap/search/FilterBasedLdapUserSearch.java
index 6475ae7546..86c6b4e8e7 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/search/FilterBasedLdapUserSearch.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/search/FilterBasedLdapUserSearch.java
@@ -21,6 +21,7 @@ import javax.naming.directory.SearchControls;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
+import org.springframework.core.log.LogMessage;
 import org.springframework.dao.IncorrectResultSizeDataAccessException;
 import org.springframework.ldap.core.ContextSource;
 import org.springframework.ldap.core.DirContextOperations;
@@ -73,13 +74,10 @@ public class FilterBasedLdapUserSearch implements LdapUserSearch {
 		Assert.notNull(contextSource, "contextSource must not be null");
 		Assert.notNull(searchFilter, "searchFilter must not be null.");
 		Assert.notNull(searchBase, "searchBase must not be null (an empty string is acceptable).");
-
 		this.searchFilter = searchFilter;
 		this.contextSource = contextSource;
 		this.searchBase = searchBase;
-
 		setSearchSubtree(true);
-
 		if (searchBase.length() == 0) {
 			logger.info(
 					"SearchBase not set. Searches will be performed from the root: " + contextSource.getBaseLdapPath());
@@ -95,26 +93,18 @@ public class FilterBasedLdapUserSearch implements LdapUserSearch {
 	 */
 	@Override
 	public DirContextOperations searchForUser(String username) {
-		if (logger.isDebugEnabled()) {
-			logger.debug("Searching for user '" + username + "', with user search " + this);
-		}
-
+		logger.debug(LogMessage.of(() -> "Searching for user '" + username + "', with user search " + this));
 		SpringSecurityLdapTemplate template = new SpringSecurityLdapTemplate(this.contextSource);
-
 		template.setSearchControls(this.searchControls);
-
 		try {
-
 			return template.searchForSingleEntry(this.searchBase, this.searchFilter, new String[] { username });
-
 		}
-		catch (IncorrectResultSizeDataAccessException notFound) {
-			if (notFound.getActualSize() == 0) {
+		catch (IncorrectResultSizeDataAccessException ex) {
+			if (ex.getActualSize() == 0) {
 				throw new UsernameNotFoundException("User " + username + " not found in directory.");
 			}
-			// Search should never return multiple results if properly configured, so just
-			// rethrow
-			throw notFound;
+			// Search should never return multiple results if properly configured
+			throw ex;
 		}
 	}
 
@@ -161,7 +151,6 @@ public class FilterBasedLdapUserSearch implements LdapUserSearch {
 	@Override
 	public String toString() {
 		StringBuilder sb = new StringBuilder();
-
 		sb.append("[ searchFilter: '").append(this.searchFilter).append("', ");
 		sb.append("searchBase: '").append(this.searchBase).append("'");
 		sb.append(", scope: ").append(
diff --git a/ldap/src/main/java/org/springframework/security/ldap/server/ApacheDSContainer.java b/ldap/src/main/java/org/springframework/security/ldap/server/ApacheDSContainer.java
index 917ca80ffd..eb1eb79093 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/server/ApacheDSContainer.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/server/ApacheDSContainer.java
@@ -113,22 +113,12 @@ public class ApacheDSContainer implements InitializingBean, DisposableBean, Life
 		this.ldifResources = ldifs;
 		this.service = new DefaultDirectoryService();
 		List<Interceptor> list = new ArrayList<>();
-
 		list.add(new NormalizationInterceptor());
 		list.add(new AuthenticationInterceptor());
 		list.add(new ReferralInterceptor());
-		// list.add( new AciAuthorizationInterceptor() );
-		// list.add( new DefaultAuthorizationInterceptor() );
 		list.add(new ExceptionInterceptor());
-		// list.add( new ChangeLogInterceptor() );
 		list.add(new OperationalAttributeInterceptor());
-		// list.add( new SchemaInterceptor() );
 		list.add(new SubentryInterceptor());
-		// list.add( new CollectiveAttributeInterceptor() );
-		// list.add( new EventInterceptor() );
-		// list.add( new TriggerInterceptor() );
-		// list.add( new JournalInterceptor() );
-
 		this.service.setInterceptors(list);
 		this.partition = new JdbmPartition();
 		this.partition.setId("rootPartition");
@@ -145,21 +135,16 @@ public class ApacheDSContainer implements InitializingBean, DisposableBean, Life
 	public void afterPropertiesSet() throws Exception {
 		if (this.workingDir == null) {
 			String apacheWorkDir = System.getProperty("apacheDSWorkDir");
-
 			if (apacheWorkDir == null) {
 				apacheWorkDir = createTempDirectory("apacheds-spring-security-");
 			}
-
 			setWorkingDirectory(new File(apacheWorkDir));
 		}
-		if (this.ldapOverSslEnabled && this.keyStoreFile == null) {
-			throw new IllegalArgumentException("When LdapOverSsl is enabled, the keyStoreFile property must be set.");
-		}
-
+		Assert.isTrue(!this.ldapOverSslEnabled || this.keyStoreFile != null,
+				"When LdapOverSsl is enabled, the keyStoreFile property must be set.");
 		this.server = new LdapServer();
 		this.server.setDirectoryService(this.service);
 		// AbstractLdapIntegrationTests assume IPv4, so we specify the same here
-
 		this.transport = new TcpTransport(this.port);
 		if (this.ldapOverSslEnabled) {
 			this.transport.setEnableSSL(true);
@@ -182,18 +167,13 @@ public class ApacheDSContainer implements InitializingBean, DisposableBean, Life
 
 	public void setWorkingDirectory(File workingDir) {
 		Assert.notNull(workingDir, "workingDir cannot be null");
-
 		this.logger.info("Setting working directory for LDAP_PROVIDER: " + workingDir.getAbsolutePath());
-
-		if (workingDir.exists()) {
-			throw new IllegalArgumentException("The specified working directory '" + workingDir.getAbsolutePath()
-					+ "' already exists. Another directory service instance may be using it or it may be from a "
-					+ " previous unclean shutdown. Please confirm and delete it or configure a different "
-					+ "working directory");
-		}
-
+		Assert.isTrue(!workingDir.exists(),
+				"The specified working directory '" + workingDir.getAbsolutePath()
+						+ "' already exists. Another directory service instance may be using it or it may be from a "
+						+ " previous unclean shutdown. Please confirm and delete it or configure a different "
+						+ "working directory");
 		this.workingDir = workingDir;
-
 		this.service.setWorkingDirectory(workingDir);
 	}
 
@@ -250,11 +230,7 @@ public class ApacheDSContainer implements InitializingBean, DisposableBean, Life
 		if (isRunning()) {
 			return;
 		}
-
-		if (this.service.isStarted()) {
-			throw new IllegalStateException("DirectoryService is already running.");
-		}
-
+		Assert.state(!this.service.isStarted(), "DirectoryService is already running.");
 		this.logger.info("Starting directory server...");
 		try {
 			this.service.startup();
@@ -263,7 +239,6 @@ public class ApacheDSContainer implements InitializingBean, DisposableBean, Life
 		catch (Exception ex) {
 			throw new RuntimeException("Server startup failed", ex);
 		}
-
 		try {
 			this.service.getAdminSession().lookup(this.partition.getSuffixDn());
 		}
@@ -273,13 +248,10 @@ public class ApacheDSContainer implements InitializingBean, DisposableBean, Life
 		catch (Exception ex) {
 			this.logger.error("Lookup failed", ex);
 		}
-
 		SocketAcceptor socketAcceptor = this.server.getSocketAcceptor(this.transport);
 		InetSocketAddress localAddress = socketAcceptor.getLocalAddress();
 		this.localPort = localAddress.getPort();
-
 		this.running = true;
-
 		try {
 			importLdifs();
 		}
@@ -308,7 +280,6 @@ public class ApacheDSContainer implements InitializingBean, DisposableBean, Life
 		if (!isRunning()) {
 			return;
 		}
-
 		this.logger.info("Shutting down directory server ...");
 		try {
 			this.server.stop();
@@ -318,9 +289,7 @@ public class ApacheDSContainer implements InitializingBean, DisposableBean, Life
 			this.logger.error("Shutdown failed", ex);
 			return;
 		}
-
 		this.running = false;
-
 		if (this.workingDir.exists()) {
 			this.logger.info("Deleting working directory " + this.workingDir.getAbsolutePath());
 			deleteDir(this.workingDir);
@@ -329,43 +298,31 @@ public class ApacheDSContainer implements InitializingBean, DisposableBean, Life
 
 	private void importLdifs() throws Exception {
 		// Import any ldif files
-		Resource[] ldifs;
-
-		if (this.ctxt == null) {
-			// Not running within an app context
-			ldifs = new PathMatchingResourcePatternResolver().getResources(this.ldifResources);
-		}
-		else {
-			ldifs = this.ctxt.getResources(this.ldifResources);
-		}
-
+		Resource[] ldifs = (this.ctxt != null) ? this.ctxt.getResources(this.ldifResources)
+				: new PathMatchingResourcePatternResolver().getResources(this.ldifResources);
 		// Note that we can't just import using the ServerContext returned
 		// from starting Apache DS, apparently because of the long-running issue
 		// DIRSERVER-169.
 		// We need a standard context.
 		// DirContext dirContext = contextSource.getReadWriteContext();
-
 		if (ldifs == null || ldifs.length == 0) {
 			return;
 		}
+		Assert.isTrue(ldifs.length == 1, () -> "More than one LDIF resource found with the supplied pattern:"
+				+ this.ldifResources + " Got " + Arrays.toString(ldifs));
+		String ldifFile = getLdifFile(ldifs);
+		this.logger.info("Loading LDIF file: " + ldifFile);
+		LdifFileLoader loader = new LdifFileLoader(this.service.getAdminSession(), new File(ldifFile), null,
+				getClass().getClassLoader());
+		loader.execute();
+	}
 
-		if (ldifs.length == 1) {
-			String ldifFile;
-
-			try {
-				ldifFile = ldifs[0].getFile().getAbsolutePath();
-			}
-			catch (IOException ex) {
-				ldifFile = ldifs[0].getURI().toString();
-			}
-			this.logger.info("Loading LDIF file: " + ldifFile);
-			LdifFileLoader loader = new LdifFileLoader(this.service.getAdminSession(), new File(ldifFile), null,
-					getClass().getClassLoader());
-			loader.execute();
+	private String getLdifFile(Resource[] ldifs) throws IOException {
+		try {
+			return ldifs[0].getFile().getAbsolutePath();
 		}
-		else {
-			throw new IllegalArgumentException("More than one LDIF resource found with the supplied pattern:"
-					+ this.ldifResources + " Got " + Arrays.toString(ldifs));
+		catch (IOException ex) {
+			return ldifs[0].getURI().toString();
 		}
 	}
 
@@ -373,7 +330,6 @@ public class ApacheDSContainer implements InitializingBean, DisposableBean, Life
 		String parentTempDir = System.getProperty("java.io.tmpdir");
 		String fileNamePrefix = prefix + System.nanoTime();
 		String fileName = fileNamePrefix;
-
 		for (int i = 0; i < 1000; i++) {
 			File tempDir = new File(parentTempDir, fileName);
 			if (!tempDir.exists()) {
@@ -381,7 +337,6 @@ public class ApacheDSContainer implements InitializingBean, DisposableBean, Life
 			}
 			fileName = fileNamePrefix + "~" + i;
 		}
-
 		throw new IOException(
 				"Failed to create a temporary directory for file at " + new File(parentTempDir, fileNamePrefix));
 	}
@@ -396,7 +351,6 @@ public class ApacheDSContainer implements InitializingBean, DisposableBean, Life
 				}
 			}
 		}
-
 		return dir.delete();
 	}
 
diff --git a/ldap/src/main/java/org/springframework/security/ldap/server/UnboundIdContainer.java b/ldap/src/main/java/org/springframework/security/ldap/server/UnboundIdContainer.java
index 3a50a0f838..269b8adae1 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/server/UnboundIdContainer.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/server/UnboundIdContainer.java
@@ -85,20 +85,16 @@ public class UnboundIdContainer implements InitializingBean, DisposableBean, Lif
 		if (isRunning()) {
 			return;
 		}
-
 		try {
 			InMemoryDirectoryServerConfig config = new InMemoryDirectoryServerConfig(this.defaultPartitionSuffix);
 			config.addAdditionalBindCredentials("uid=admin,ou=system", "secret");
-
 			config.setListenerConfigs(InMemoryListenerConfig.createLDAPConfig("LDAP", this.port));
 			config.setEnforceSingleStructuralObjectClass(false);
 			config.setEnforceAttributeSyntaxCompliance(true);
-
 			DN dn = new DN(this.defaultPartitionSuffix);
 			Entry entry = new Entry(dn);
 			entry.addAttribute("objectClass", "top", "domain", "extensibleObject");
 			entry.addAttribute("dc", dn.getRDN().getAttributeValues()[0]);
-
 			InMemoryDirectoryServer directoryServer = new InMemoryDirectoryServer(config);
 			directoryServer.add(entry);
 			importLdif(directoryServer);
@@ -110,7 +106,6 @@ public class UnboundIdContainer implements InitializingBean, DisposableBean, Lif
 		catch (LDAPException ex) {
 			throw new RuntimeException("Server startup failed", ex);
 		}
-
 	}
 
 	private void importLdif(InMemoryDirectoryServer directoryServer) {
diff --git a/ldap/src/main/java/org/springframework/security/ldap/userdetails/DefaultLdapAuthoritiesPopulator.java b/ldap/src/main/java/org/springframework/security/ldap/userdetails/DefaultLdapAuthoritiesPopulator.java
index 2fd023c839..8ef21554c4 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/userdetails/DefaultLdapAuthoritiesPopulator.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/userdetails/DefaultLdapAuthoritiesPopulator.java
@@ -29,6 +29,7 @@ import javax.naming.directory.SearchControls;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
+import org.springframework.core.log.LogMessage;
 import org.springframework.ldap.core.ContextSource;
 import org.springframework.ldap.core.DirContextOperations;
 import org.springframework.ldap.core.LdapTemplate;
@@ -161,21 +162,17 @@ public class DefaultLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator
 		this.ldapTemplate = new SpringSecurityLdapTemplate(contextSource);
 		getLdapTemplate().setSearchControls(getSearchControls());
 		this.groupSearchBase = groupSearchBase;
-
 		if (groupSearchBase == null) {
 			logger.info("groupSearchBase is null. No group search will be performed.");
 		}
 		else if (groupSearchBase.length() == 0) {
 			logger.info("groupSearchBase is empty. Searches will be performed from the context source base");
 		}
-
 		this.authorityMapper = (record) -> {
 			String role = record.get(this.groupRoleAttribute).get(0);
-
 			if (this.convertToUpperCase) {
 				role = role.toUpperCase();
 			}
-
 			return new SimpleGrantedAuthority(this.rolePrefix + role);
 		};
 	}
@@ -202,26 +199,17 @@ public class DefaultLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator
 	@Override
 	public final Collection<GrantedAuthority> getGrantedAuthorities(DirContextOperations user, String username) {
 		String userDn = user.getNameInNamespace();
-
-		if (logger.isDebugEnabled()) {
-			logger.debug("Getting authorities for user " + userDn);
-		}
-
+		logger.debug(LogMessage.format("Getting authorities for user %s", userDn));
 		Set<GrantedAuthority> roles = getGroupMembershipRoles(userDn, username);
-
 		Set<GrantedAuthority> extraRoles = getAdditionalRoles(user, username);
-
 		if (extraRoles != null) {
 			roles.addAll(extraRoles);
 		}
-
 		if (this.defaultRole != null) {
 			roles.add(this.defaultRole);
 		}
-
 		List<GrantedAuthority> result = new ArrayList<>(roles.size());
 		result.addAll(roles);
-
 		return result;
 	}
 
@@ -229,26 +217,16 @@ public class DefaultLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator
 		if (getGroupSearchBase() == null) {
 			return new HashSet<>();
 		}
-
 		Set<GrantedAuthority> authorities = new HashSet<>();
-
-		if (logger.isDebugEnabled()) {
-			logger.debug("Searching for roles for user '" + username + "', DN = " + "'" + userDn + "', with filter "
-					+ this.groupSearchFilter + " in search base '" + getGroupSearchBase() + "'");
-		}
-
+		logger.debug(LogMessage.of(() -> "Searching for roles for user '" + username + "', DN = " + "'" + userDn
+				+ "', with filter " + this.groupSearchFilter + " in search base '" + getGroupSearchBase() + "'"));
 		Set<Map<String, List<String>>> userRoles = getLdapTemplate().searchForMultipleAttributeValues(
 				getGroupSearchBase(), this.groupSearchFilter, new String[] { userDn, username },
 				new String[] { this.groupRoleAttribute });
-
-		if (logger.isDebugEnabled()) {
-			logger.debug("Roles from search: " + userRoles);
-		}
-
+		logger.debug(LogMessage.of(() -> "Roles from search: " + userRoles));
 		for (Map<String, List<String>> role : userRoles) {
 			authorities.add(this.authorityMapper.apply(role));
 		}
-
 		return authorities;
 	}
 
diff --git a/ldap/src/main/java/org/springframework/security/ldap/userdetails/InetOrgPerson.java b/ldap/src/main/java/org/springframework/security/ldap/userdetails/InetOrgPerson.java
index 3ef3427b09..2c70b4f425 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/userdetails/InetOrgPerson.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/userdetails/InetOrgPerson.java
@@ -27,7 +27,7 @@ import org.springframework.security.core.SpringSecurityCoreVersion;
  * <p>
  * The username will be mapped from the <tt>uid</tt> attribute by default.
  *
- * @author Luke
+ * @author Luke Taylor
  */
 public class InetOrgPerson extends Person {
 
diff --git a/ldap/src/main/java/org/springframework/security/ldap/userdetails/InetOrgPersonContextMapper.java b/ldap/src/main/java/org/springframework/security/ldap/userdetails/InetOrgPersonContextMapper.java
index 95866535aa..a5770becd8 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/userdetails/InetOrgPersonContextMapper.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/userdetails/InetOrgPersonContextMapper.java
@@ -33,10 +33,8 @@ public class InetOrgPersonContextMapper implements UserDetailsContextMapper {
 	public UserDetails mapUserFromContext(DirContextOperations ctx, String username,
 			Collection<? extends GrantedAuthority> authorities) {
 		InetOrgPerson.Essence p = new InetOrgPerson.Essence(ctx);
-
 		p.setUsername(username);
 		p.setAuthorities(authorities);
-
 		return p.createUserDetails();
 
 	}
@@ -44,7 +42,6 @@ public class InetOrgPersonContextMapper implements UserDetailsContextMapper {
 	@Override
 	public void mapUserToContext(UserDetails user, DirContextAdapter ctx) {
 		Assert.isInstanceOf(InetOrgPerson.class, user, "UserDetails must be an InetOrgPerson instance");
-
 		InetOrgPerson p = (InetOrgPerson) user;
 		p.populateContext(ctx);
 	}
diff --git a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapAuthority.java b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapAuthority.java
index e60b6c8f2c..9e89a5d631 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapAuthority.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapAuthority.java
@@ -55,7 +55,6 @@ public class LdapAuthority implements GrantedAuthority {
 	public LdapAuthority(String role, String dn, Map<String, List<String>> attributes) {
 		Assert.notNull(role, "role can not be null");
 		Assert.notNull(dn, "dn can not be null");
-
 		this.role = role;
 		this.dn = dn;
 		this.attributes = attributes;
@@ -87,10 +86,7 @@ public class LdapAuthority implements GrantedAuthority {
 		if (this.attributes != null) {
 			result = this.attributes.get(name);
 		}
-		if (result == null) {
-			result = Collections.emptyList();
-		}
-		return result;
+		return (result != null) ? result : Collections.emptyList();
 	}
 
 	/**
@@ -100,17 +96,9 @@ public class LdapAuthority implements GrantedAuthority {
 	 */
 	public String getFirstAttributeValue(String name) {
 		List<String> result = getAttributeValues(name);
-		if (result.isEmpty()) {
-			return null;
-		}
-		else {
-			return result.get(0);
-		}
+		return (!result.isEmpty()) ? result.get(0) : null;
 	}
 
-	/**
-	 * {@inheritDoc}
-	 */
 	@Override
 	public String getAuthority() {
 		return this.role;
@@ -118,23 +106,21 @@ public class LdapAuthority implements GrantedAuthority {
 
 	/**
 	 * Compares the LdapAuthority based on {@link #getAuthority()} and {@link #getDn()}
-	 * values {@inheritDoc}
+	 * values.
 	 */
 	@Override
-	public boolean equals(Object o) {
-		if (this == o) {
+	public boolean equals(Object obj) {
+		if (this == obj) {
 			return true;
 		}
-		if (!(o instanceof LdapAuthority)) {
+		if (!(obj instanceof LdapAuthority)) {
 			return false;
 		}
-
-		LdapAuthority that = (LdapAuthority) o;
-
-		if (!this.dn.equals(that.dn)) {
+		LdapAuthority other = (LdapAuthority) obj;
+		if (!this.dn.equals(other.dn)) {
 			return false;
 		}
-		return this.role.equals(that.role);
+		return this.role.equals(other.role);
 	}
 
 	@Override
diff --git a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsImpl.java b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsImpl.java
index 8985e401af..29a7323e3d 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsImpl.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsImpl.java
@@ -154,11 +154,9 @@ public class LdapUserDetailsImpl implements LdapUserDetails, PasswordPolicyData
 		sb.append("AccountNonExpired: ").append(this.accountNonExpired).append("; ");
 		sb.append("CredentialsNonExpired: ").append(this.credentialsNonExpired).append("; ");
 		sb.append("AccountNonLocked: ").append(this.accountNonLocked).append("; ");
-
 		if (this.getAuthorities() != null && !this.getAuthorities().isEmpty()) {
 			sb.append("Granted Authorities: ");
 			boolean first = true;
-
 			for (Object authority : this.getAuthorities()) {
 				if (first) {
 					first = false;
@@ -166,14 +164,12 @@ public class LdapUserDetailsImpl implements LdapUserDetails, PasswordPolicyData
 				else {
 					sb.append(", ");
 				}
-
 				sb.append(authority.toString());
 			}
 		}
 		else {
 			sb.append("Not granted any authorities");
 		}
-
 		return sb.toString();
 	}
 
@@ -231,13 +227,9 @@ public class LdapUserDetailsImpl implements LdapUserDetails, PasswordPolicyData
 			Assert.notNull(this.instance, "Essence can only be used to create a single instance");
 			Assert.notNull(this.instance.username, "username must not be null");
 			Assert.notNull(this.instance.getDn(), "Distinguished name must not be null");
-
 			this.instance.authorities = Collections.unmodifiableList(this.mutableAuthorities);
-
 			LdapUserDetails newInstance = this.instance;
-
 			this.instance = null;
-
 			return newInstance;
 		}
 
diff --git a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsManager.java b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsManager.java
index b2faf060bc..b2baff26a3 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsManager.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsManager.java
@@ -40,6 +40,7 @@ import javax.naming.ldap.LdapContext;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
+import org.springframework.core.log.LogMessage;
 import org.springframework.ldap.core.AttributesMapper;
 import org.springframework.ldap.core.AttributesMapperCallbackHandler;
 import org.springframework.ldap.core.ContextExecutor;
@@ -116,12 +117,9 @@ public class LdapUserDetailsManager implements UserDetailsManager {
 	/** Default context mapper used to create a set of roles from a list of attributes */
 	private AttributesMapper roleMapper = (attributes) -> {
 		Attribute roleAttr = attributes.get(this.groupRoleAttributeName);
-
 		NamingEnumeration<?> ne = roleAttr.getAll();
-		// assert ne.hasMore();
 		Object group = ne.next();
 		String role = group.toString();
-
 		return new SimpleGrantedAuthority(this.rolePrefix + role.toUpperCase());
 	};
 
@@ -137,11 +135,8 @@ public class LdapUserDetailsManager implements UserDetailsManager {
 	public UserDetails loadUserByUsername(String username) {
 		DistinguishedName dn = this.usernameMapper.buildDn(username);
 		List<GrantedAuthority> authorities = getUserAuthorities(dn, username);
-
-		this.logger.debug("Loading user '" + username + "' with DN '" + dn + "'");
-
+		this.logger.debug(LogMessage.format("Loading user '%s' with DN '%s'", username, dn));
 		DirContextAdapter userCtx = loadUserAsContext(dn, username);
-
 		return this.userDetailsMapper.mapUserFromContext(userCtx, username, authorities);
 	}
 
@@ -151,8 +146,8 @@ public class LdapUserDetailsManager implements UserDetailsManager {
 				Attributes attrs = ctx.getAttributes(dn, this.attributesToRetrieve);
 				return new DirContextAdapter(attrs, LdapUtils.getFullDn(dn, ctx));
 			}
-			catch (NameNotFoundException notFound) {
-				throw new UsernameNotFoundException("User " + username + " not found", notFound);
+			catch (NameNotFoundException ex) {
+				throw new UsernameNotFoundException("User " + username + " not found", ex);
 			}
 		});
 	}
@@ -187,13 +182,9 @@ public class LdapUserDetailsManager implements UserDetailsManager {
 		Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
 		Assert.notNull(authentication,
 				"No authentication object found in security context. Can't change current user's password!");
-
 		String username = authentication.getName();
-
-		this.logger.debug("Changing password for user '" + username);
-
+		this.logger.debug(LogMessage.format("Changing password for user '%s'", username));
 		DistinguishedName userDn = this.usernameMapper.buildDn(username);
-
 		if (this.usePasswordModifyExtensionOperation) {
 			changePasswordUsingExtensionOperation(userDn, oldPassword, newPassword);
 		}
@@ -214,13 +205,10 @@ public class LdapUserDetailsManager implements UserDetailsManager {
 			DistinguishedName fullDn = LdapUtils.getFullDn(dn, ctx);
 			SearchControls ctrls = new SearchControls();
 			ctrls.setReturningAttributes(new String[] { this.groupRoleAttributeName });
-
 			return ctx.search(this.groupSearchBase, this.groupSearchFilter, new String[] { fullDn.toUrl(), username },
 					ctrls);
 		};
-
 		AttributesMapperCallbackHandler roleCollector = new AttributesMapperCallbackHandler(this.roleMapper);
-
 		this.template.search(se, roleCollector);
 		return roleCollector.getList();
 	}
@@ -230,38 +218,28 @@ public class LdapUserDetailsManager implements UserDetailsManager {
 		DirContextAdapter ctx = new DirContextAdapter();
 		copyToContext(user, ctx);
 		DistinguishedName dn = this.usernameMapper.buildDn(user.getUsername());
-
-		this.logger.debug("Creating new user '" + user.getUsername() + "' with DN '" + dn + "'");
-
+		this.logger.debug(LogMessage.format("Creating new user '%s' with DN '%s'", user.getUsername(), dn));
 		this.template.bind(dn, ctx, null);
-
-		// Check for any existing authorities which might be set for this DN and remove
-		// them
+		// Check for any existing authorities which might be set for this
+		// DN and remove them
 		List<GrantedAuthority> authorities = getUserAuthorities(dn, user.getUsername());
-
 		if (authorities.size() > 0) {
 			removeAuthorities(dn, authorities);
 		}
-
 		addAuthorities(dn, user.getAuthorities());
 	}
 
 	@Override
 	public void updateUser(UserDetails user) {
 		DistinguishedName dn = this.usernameMapper.buildDn(user.getUsername());
-
-		this.logger.debug("Updating user '" + user.getUsername() + "' with DN '" + dn + "'");
-
+		this.logger.debug(LogMessage.format("Updating new user '%s' with DN '%s'", user.getUsername(), dn));
 		List<GrantedAuthority> authorities = getUserAuthorities(dn, user.getUsername());
-
 		DirContextAdapter ctx = loadUserAsContext(dn, user.getUsername());
 		ctx.setUpdateMode(true);
 		copyToContext(user, ctx);
-
 		// Remove the objectclass attribute from the list of mods (if present).
 		List<ModificationItem> mods = new LinkedList<>(Arrays.asList(ctx.getModificationItems()));
 		ListIterator<ModificationItem> modIt = mods.listIterator();
-
 		while (modIt.hasNext()) {
 			ModificationItem mod = modIt.next();
 			Attribute a = mod.getAttribute();
@@ -269,9 +247,7 @@ public class LdapUserDetailsManager implements UserDetailsManager {
 				modIt.remove();
 			}
 		}
-
 		this.template.modifyAttributes(dn, mods.toArray(new ModificationItem[0]));
-
 		// template.rebind(dn, ctx, null);
 		// Remove the old authorities and replace them with the new one
 		removeAuthorities(dn, authorities);
@@ -288,7 +264,6 @@ public class LdapUserDetailsManager implements UserDetailsManager {
 	@Override
 	public boolean userExists(String username) {
 		DistinguishedName dn = this.usernameMapper.buildDn(username);
-
 		try {
 			Object obj = this.template.lookup(dn);
 			if (obj instanceof Context) {
@@ -309,7 +284,6 @@ public class LdapUserDetailsManager implements UserDetailsManager {
 	protected DistinguishedName buildGroupDn(String group) {
 		DistinguishedName dn = new DistinguishedName(this.groupSearchBase);
 		dn.add(this.groupRoleAttributeName, group.toLowerCase());
-
 		return dn;
 	}
 
@@ -333,7 +307,6 @@ public class LdapUserDetailsManager implements UserDetailsManager {
 				DistinguishedName fullDn = LdapUtils.getFullDn(userDn, ctx);
 				ModificationItem addGroup = new ModificationItem(modType,
 						new BasicAttribute(this.groupMemberAttributeName, fullDn.toUrl()));
-
 				ctx.modifyAttributes(buildGroupDn(group), new ModificationItem[] { addGroup });
 			}
 			return null;
@@ -342,11 +315,9 @@ public class LdapUserDetailsManager implements UserDetailsManager {
 
 	private String convertAuthorityToGroup(GrantedAuthority authority) {
 		String group = authority.getAuthority();
-
 		if (group.startsWith(this.rolePrefix)) {
 			group = group.substring(this.rolePrefix.length());
 		}
-
 		return group;
 	}
 
@@ -419,15 +390,12 @@ public class LdapUserDetailsManager implements UserDetailsManager {
 
 	private void changePasswordUsingAttributeModification(DistinguishedName userDn, String oldPassword,
 			String newPassword) {
-
-		final ModificationItem[] passwordChange = new ModificationItem[] { new ModificationItem(
-				DirContext.REPLACE_ATTRIBUTE, new BasicAttribute(this.passwordAttributeName, newPassword)) };
-
+		ModificationItem[] passwordChange = new ModificationItem[] { new ModificationItem(DirContext.REPLACE_ATTRIBUTE,
+				new BasicAttribute(this.passwordAttributeName, newPassword)) };
 		if (oldPassword == null) {
 			this.template.modifyAttributes(userDn, passwordChange);
 			return;
 		}
-
 		this.template.executeReadWrite((dirCtx) -> {
 			LdapContext ctx = (LdapContext) dirCtx;
 			ctx.removeFromEnvironment("com.sun.jndi.ldap.connect.pool");
@@ -440,23 +408,17 @@ public class LdapUserDetailsManager implements UserDetailsManager {
 			catch (javax.naming.AuthenticationException ex) {
 				throw new BadCredentialsException("Authentication for password change failed.");
 			}
-
 			ctx.modifyAttributes(userDn, passwordChange);
-
 			return null;
 		});
-
 	}
 
 	private void changePasswordUsingExtensionOperation(DistinguishedName userDn, String oldPassword,
 			String newPassword) {
-
 		this.template.executeReadWrite((dirCtx) -> {
 			LdapContext ctx = (LdapContext) dirCtx;
-
 			String userIdentity = LdapUtils.getFullDn(userDn, ctx).encode();
 			PasswordModifyRequest request = new PasswordModifyRequest(userIdentity, oldPassword, newPassword);
-
 			try {
 				return ctx.extendedOperation(request);
 			}
@@ -493,19 +455,15 @@ public class LdapUserDetailsManager implements UserDetailsManager {
 
 		PasswordModifyRequest(String userIdentity, String oldPassword, String newPassword) {
 			ByteArrayOutputStream elements = new ByteArrayOutputStream();
-
 			if (userIdentity != null) {
 				berEncode(USER_IDENTITY_OCTET_TYPE, userIdentity.getBytes(), elements);
 			}
-
 			if (oldPassword != null) {
 				berEncode(OLD_PASSWORD_OCTET_TYPE, oldPassword.getBytes(), elements);
 			}
-
 			if (newPassword != null) {
 				berEncode(NEW_PASSWORD_OCTET_TYPE, newPassword.getBytes(), elements);
 			}
-
 			berEncode(SEQUENCE_TYPE, elements.toByteArray(), this.value);
 		}
 
@@ -532,9 +490,7 @@ public class LdapUserDetailsManager implements UserDetailsManager {
 		 */
 		private void berEncode(byte type, byte[] src, ByteArrayOutputStream dest) {
 			int length = src.length;
-
 			dest.write(type);
-
 			if (length < 128) {
 				dest.write(length);
 			}
@@ -560,7 +516,6 @@ public class LdapUserDetailsManager implements UserDetailsManager {
 				dest.write((byte) ((length >> 8) & 0xFF));
 				dest.write((byte) (length & 0xFF));
 			}
-
 			try {
 				dest.write(src);
 			}
diff --git a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsMapper.java b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsMapper.java
index ba974652da..56e724a075 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsMapper.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsMapper.java
@@ -21,6 +21,7 @@ import java.util.Collection;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
+import org.springframework.core.log.LogMessage;
 import org.springframework.ldap.core.DirContextAdapter;
 import org.springframework.ldap.core.DirContextOperations;
 import org.springframework.security.core.GrantedAuthority;
@@ -53,56 +54,41 @@ public class LdapUserDetailsMapper implements UserDetailsContextMapper {
 	public UserDetails mapUserFromContext(DirContextOperations ctx, String username,
 			Collection<? extends GrantedAuthority> authorities) {
 		String dn = ctx.getNameInNamespace();
-
-		this.logger.debug("Mapping user details from context with DN: " + dn);
-
+		this.logger.debug(LogMessage.format("Mapping user details from context with DN: %s", dn));
 		LdapUserDetailsImpl.Essence essence = new LdapUserDetailsImpl.Essence();
 		essence.setDn(dn);
-
 		Object passwordValue = ctx.getObjectAttribute(this.passwordAttributeName);
-
 		if (passwordValue != null) {
 			essence.setPassword(mapPassword(passwordValue));
 		}
-
 		essence.setUsername(username);
-
 		// Map the roles
 		for (int i = 0; (this.roleAttributes != null) && (i < this.roleAttributes.length); i++) {
 			String[] rolesForAttribute = ctx.getStringAttributes(this.roleAttributes[i]);
-
 			if (rolesForAttribute == null) {
-				this.logger.debug("Couldn't read role attribute '" + this.roleAttributes[i] + "' for user " + dn);
+				this.logger.debug(
+						LogMessage.format("Couldn't read role attribute '%s' for user $s", this.roleAttributes[i], dn));
 				continue;
 			}
-
 			for (String role : rolesForAttribute) {
 				GrantedAuthority authority = createAuthority(role);
-
 				if (authority != null) {
 					essence.addAuthority(authority);
 				}
 			}
 		}
-
 		// Add the supplied authorities
-
 		for (GrantedAuthority authority : authorities) {
 			essence.addAuthority(authority);
 		}
-
 		// Check for PPolicy data
-
 		PasswordPolicyResponseControl ppolicy = (PasswordPolicyResponseControl) ctx
 				.getObjectAttribute(PasswordPolicyControl.OID);
-
 		if (ppolicy != null) {
 			essence.setTimeBeforeExpiration(ppolicy.getTimeBeforeExpiration());
 			essence.setGraceLoginsRemaining(ppolicy.getGraceLoginsRemaining());
 		}
-
 		return essence.createUserDetails();
-
 	}
 
 	@Override
@@ -118,12 +104,10 @@ public class LdapUserDetailsMapper implements UserDetailsContextMapper {
 	 * @return a String representation of the password.
 	 */
 	protected String mapPassword(Object passwordValue) {
-
 		if (!(passwordValue instanceof String)) {
 			// Assume it's binary
 			passwordValue = new String((byte[]) passwordValue);
 		}
-
 		return (String) passwordValue;
 
 	}
diff --git a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsService.java b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsService.java
index bc5ee9fc03..94a592c68e 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsService.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsService.java
@@ -57,7 +57,6 @@ public class LdapUserDetailsService implements UserDetailsService {
 	@Override
 	public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
 		DirContextOperations userData = this.userSearch.searchForUser(username);
-
 		return this.userDetailsMapper.mapUserFromContext(userData, username,
 				this.authoritiesPopulator.getGrantedAuthorities(userData, username));
 	}
diff --git a/ldap/src/main/java/org/springframework/security/ldap/userdetails/NestedLdapAuthoritiesPopulator.java b/ldap/src/main/java/org/springframework/security/ldap/userdetails/NestedLdapAuthoritiesPopulator.java
index 0507597bf0..33d55d7c5b 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/userdetails/NestedLdapAuthoritiesPopulator.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/userdetails/NestedLdapAuthoritiesPopulator.java
@@ -24,6 +24,7 @@ import java.util.Set;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
+import org.springframework.core.log.LogMessage;
 import org.springframework.ldap.core.ContextSource;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.ldap.SpringSecurityLdapTemplate;
@@ -144,19 +145,13 @@ public class NestedLdapAuthoritiesPopulator extends DefaultLdapAuthoritiesPopula
 		super(contextSource, groupSearchBase);
 	}
 
-	/**
-	 * {@inheritDoc}
-	 */
 	@Override
 	public Set<GrantedAuthority> getGroupMembershipRoles(String userDn, String username) {
 		if (getGroupSearchBase() == null) {
 			return new HashSet<>();
 		}
-
 		Set<GrantedAuthority> authorities = new HashSet<>();
-
 		performNestedSearch(userDn, username, authorities, getMaxSearchDepth());
-
 		return authorities;
 	}
 
@@ -171,34 +166,23 @@ public class NestedLdapAuthoritiesPopulator extends DefaultLdapAuthoritiesPopula
 	private void performNestedSearch(String userDn, String username, Set<GrantedAuthority> authorities, int depth) {
 		if (depth == 0) {
 			// back out of recursion
-			if (logger.isDebugEnabled()) {
-				logger.debug("Search aborted, max depth reached," + " for roles for user '" + username + "', DN = "
-						+ "'" + userDn + "', with filter " + getGroupSearchFilter() + " in search base '"
-						+ getGroupSearchBase() + "'");
-			}
+			logger.debug(LogMessage.of(() -> "Search aborted, max depth reached," + " for roles for user '" + username
+					+ "', DN = " + "'" + userDn + "', with filter " + getGroupSearchFilter() + " in search base '"
+					+ getGroupSearchBase() + "'"));
 			return;
 		}
-
-		if (logger.isDebugEnabled()) {
-			logger.debug("Searching for roles for user '" + username + "', DN = " + "'" + userDn + "', with filter "
-					+ getGroupSearchFilter() + " in search base '" + getGroupSearchBase() + "'");
-		}
-
+		logger.debug(LogMessage.of(() -> "Searching for roles for user '" + username + "', DN = " + "'" + userDn
+				+ "', with filter " + getGroupSearchFilter() + " in search base '" + getGroupSearchBase() + "'"));
 		if (getAttributeNames() == null) {
 			setAttributeNames(new HashSet<>());
 		}
 		if (StringUtils.hasText(getGroupRoleAttribute()) && !getAttributeNames().contains(getGroupRoleAttribute())) {
 			getAttributeNames().add(getGroupRoleAttribute());
 		}
-
 		Set<Map<String, List<String>>> userRoles = getLdapTemplate().searchForMultipleAttributeValues(
 				getGroupSearchBase(), getGroupSearchFilter(), new String[] { userDn, username },
 				getAttributeNames().toArray(new String[0]));
-
-		if (logger.isDebugEnabled()) {
-			logger.debug("Roles from search: " + userRoles);
-		}
-
+		logger.debug(LogMessage.format("Roles from search: %s", userRoles));
 		for (Map<String, List<String>> record : userRoles) {
 			boolean circular = false;
 			String dn = record.get(SpringSecurityLdapTemplate.DN_KEY).get(0);
@@ -220,7 +204,6 @@ public class NestedLdapAuthoritiesPopulator extends DefaultLdapAuthoritiesPopula
 			if (!circular) {
 				performNestedSearch(dn, roleName, authorities, (depth - 1));
 			}
-
 		}
 	}
 
diff --git a/ldap/src/main/java/org/springframework/security/ldap/userdetails/Person.java b/ldap/src/main/java/org/springframework/security/ldap/userdetails/Person.java
index 0fd4b8d9d9..5dbc580cf8 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/userdetails/Person.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/userdetails/Person.java
@@ -76,7 +76,6 @@ public class Person extends LdapUserDetailsImpl {
 		adapter.setAttributeValues("cn", getCn());
 		adapter.setAttributeValue("description", getDescription());
 		adapter.setAttributeValue("telephoneNumber", getTelephoneNumber());
-
 		if (getPassword() != null) {
 			adapter.setAttributeValue("userPassword", getPassword());
 		}
@@ -95,11 +94,9 @@ public class Person extends LdapUserDetailsImpl {
 			setSn(ctx.getStringAttribute("sn"));
 			setDescription(ctx.getStringAttribute("description"));
 			setTelephoneNumber(ctx.getStringAttribute("telephoneNumber"));
-			Object passo = ctx.getObjectAttribute("userPassword");
-
-			if (passo != null) {
-				String password = LdapUtils.convertPasswordToString(passo);
-				setPassword(password);
+			Object password = ctx.getObjectAttribute("userPassword");
+			if (password != null) {
+				setPassword(LdapUtils.convertPasswordToString(password));
 			}
 		}
 
diff --git a/ldap/src/main/java/org/springframework/security/ldap/userdetails/PersonContextMapper.java b/ldap/src/main/java/org/springframework/security/ldap/userdetails/PersonContextMapper.java
index b4fc788d1d..3662112afa 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/userdetails/PersonContextMapper.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/userdetails/PersonContextMapper.java
@@ -33,18 +33,14 @@ public class PersonContextMapper implements UserDetailsContextMapper {
 	public UserDetails mapUserFromContext(DirContextOperations ctx, String username,
 			Collection<? extends GrantedAuthority> authorities) {
 		Person.Essence p = new Person.Essence(ctx);
-
 		p.setUsername(username);
 		p.setAuthorities(authorities);
-
 		return p.createUserDetails();
-
 	}
 
 	@Override
 	public void mapUserToContext(UserDetails user, DirContextAdapter ctx) {
 		Assert.isInstanceOf(Person.class, user, "UserDetails must be a Person instance");
-
 		Person p = (Person) user;
 		p.populateContext(ctx);
 	}

From ad1dbf425fbffaee27dcdd7fcb5f27d41805604e Mon Sep 17 00:00:00 2001
From: Phillip Webb <pwebb@vmware.com>
Date: Fri, 31 Jul 2020 13:46:39 -0700
Subject: [PATCH 56/84] Polish spring-security-messaging main code

Manually polish `spring-security-messaging` following the formatting
and checkstyle fixes.

Issue gh-8945
---
 .../EvaluationContextPostProcessor.java       |  3 +-
 ...dMessageSecurityMetadataSourceFactory.java |  8 ++--
 .../MessageExpressionConfigAttribute.java     |  2 +-
 .../expression/MessageExpressionVoter.java    | 10 ++---
 .../DefaultMessageSecurityMetadataSource.java |  2 -
 ...thenticationPrincipalArgumentResolver.java |  8 +---
 .../SecurityContextChannelInterceptor.java    | 41 ++++++++-----------
 ...thenticationPrincipalArgumentResolver.java |  9 +---
 ...urrentSecurityContextArgumentResolver.java |  9 +---
 .../AbstractMessageMatcherComposite.java      | 12 ++++--
 .../util/matcher/AndMessageMatcher.java       |  9 ++--
 .../util/matcher/MessageMatcher.java          | 16 ++++----
 .../util/matcher/OrMessageMatcher.java        |  9 ++--
 .../SimpDestinationMessageMatcher.java        | 13 ++----
 .../util/matcher/SimpMessageTypeMatcher.java  |  2 -
 .../web/csrf/CsrfChannelInterceptor.java      | 10 ++---
 16 files changed, 60 insertions(+), 103 deletions(-)

diff --git a/messaging/src/main/java/org/springframework/security/messaging/access/expression/EvaluationContextPostProcessor.java b/messaging/src/main/java/org/springframework/security/messaging/access/expression/EvaluationContextPostProcessor.java
index 72cd1f8bc2..ef7a10f438 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/access/expression/EvaluationContextPostProcessor.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/access/expression/EvaluationContextPostProcessor.java
@@ -19,8 +19,7 @@ package org.springframework.security.messaging.access.expression;
 import org.springframework.expression.EvaluationContext;
 
 /**
- *
- * /** Allows post processing the {@link EvaluationContext}
+ * Allows post processing the {@link EvaluationContext}
  *
  * <p>
  * This API is intentionally kept package scope as it may evolve over time.
diff --git a/messaging/src/main/java/org/springframework/security/messaging/access/expression/ExpressionBasedMessageSecurityMetadataSourceFactory.java b/messaging/src/main/java/org/springframework/security/messaging/access/expression/ExpressionBasedMessageSecurityMetadataSourceFactory.java
index 0fba7760b7..a819ce4cd3 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/access/expression/ExpressionBasedMessageSecurityMetadataSourceFactory.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/access/expression/ExpressionBasedMessageSecurityMetadataSourceFactory.java
@@ -38,6 +38,9 @@ import org.springframework.security.messaging.util.matcher.MessageMatcher;
  */
 public final class ExpressionBasedMessageSecurityMetadataSourceFactory {
 
+	private ExpressionBasedMessageSecurityMetadataSourceFactory() {
+	}
+
 	/**
 	 * Create a {@link MessageSecurityMetadataSource} that uses {@link MessageMatcher}
 	 * mapped to Spring Expressions. Each entry is considered in order and only the first
@@ -108,9 +111,7 @@ public final class ExpressionBasedMessageSecurityMetadataSourceFactory {
 	public static MessageSecurityMetadataSource createExpressionMessageMetadataSource(
 			LinkedHashMap<MessageMatcher<?>, String> matcherToExpression,
 			SecurityExpressionHandler<Message<Object>> handler) {
-
 		LinkedHashMap<MessageMatcher<?>, Collection<ConfigAttribute>> matcherToAttrs = new LinkedHashMap<>();
-
 		for (Map.Entry<MessageMatcher<?>, String> entry : matcherToExpression.entrySet()) {
 			MessageMatcher<?> matcher = entry.getKey();
 			String rawExpression = entry.getValue();
@@ -121,7 +122,4 @@ public final class ExpressionBasedMessageSecurityMetadataSourceFactory {
 		return new DefaultMessageSecurityMetadataSource(matcherToAttrs);
 	}
 
-	private ExpressionBasedMessageSecurityMetadataSourceFactory() {
-	}
-
 }
diff --git a/messaging/src/main/java/org/springframework/security/messaging/access/expression/MessageExpressionConfigAttribute.java b/messaging/src/main/java/org/springframework/security/messaging/access/expression/MessageExpressionConfigAttribute.java
index 598ca2e339..e663c4f06a 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/access/expression/MessageExpressionConfigAttribute.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/access/expression/MessageExpressionConfigAttribute.java
@@ -69,7 +69,7 @@ class MessageExpressionConfigAttribute implements ConfigAttribute, EvaluationCon
 	@Override
 	public EvaluationContext postProcess(EvaluationContext ctx, Message<?> message) {
 		if (this.matcher instanceof SimpDestinationMessageMatcher) {
-			final Map<String, String> variables = ((SimpDestinationMessageMatcher) this.matcher)
+			Map<String, String> variables = ((SimpDestinationMessageMatcher) this.matcher)
 					.extractPathVariables(message);
 			for (Map.Entry<String, String> entry : variables.entrySet()) {
 				ctx.setVariable(entry.getKey(), entry.getValue());
diff --git a/messaging/src/main/java/org/springframework/security/messaging/access/expression/MessageExpressionVoter.java b/messaging/src/main/java/org/springframework/security/messaging/access/expression/MessageExpressionVoter.java
index 3ec994cd77..b097df8c1e 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/access/expression/MessageExpressionVoter.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/access/expression/MessageExpressionVoter.java
@@ -44,19 +44,15 @@ public class MessageExpressionVoter<T> implements AccessDecisionVoter<Message<T>
 
 	@Override
 	public int vote(Authentication authentication, Message<T> message, Collection<ConfigAttribute> attributes) {
-		assert authentication != null;
-		assert message != null;
-		assert attributes != null;
-
+		Assert.notNull(authentication, "authentication must not be null");
+		Assert.notNull(message, "message must not be null");
+		Assert.notNull(attributes, "attributes must not be null");
 		MessageExpressionConfigAttribute attr = findConfigAttribute(attributes);
-
 		if (attr == null) {
 			return ACCESS_ABSTAIN;
 		}
-
 		EvaluationContext ctx = this.expressionHandler.createEvaluationContext(authentication, message);
 		ctx = attr.postProcess(ctx, message);
-
 		return ExpressionUtils.evaluateAsBoolean(attr.getAuthorizeExpression(), ctx) ? ACCESS_GRANTED : ACCESS_DENIED;
 	}
 
diff --git a/messaging/src/main/java/org/springframework/security/messaging/access/intercept/DefaultMessageSecurityMetadataSource.java b/messaging/src/main/java/org/springframework/security/messaging/access/intercept/DefaultMessageSecurityMetadataSource.java
index c1f3057c87..6e3eb8ba41 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/access/intercept/DefaultMessageSecurityMetadataSource.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/access/intercept/DefaultMessageSecurityMetadataSource.java
@@ -65,11 +65,9 @@ public final class DefaultMessageSecurityMetadataSource implements MessageSecuri
 	@Override
 	public Collection<ConfigAttribute> getAllConfigAttributes() {
 		Set<ConfigAttribute> allAttributes = new HashSet<>();
-
 		for (Collection<ConfigAttribute> entry : this.messageMap.values()) {
 			allAttributes.addAll(entry);
 		}
-
 		return allAttributes;
 	}
 
diff --git a/messaging/src/main/java/org/springframework/security/messaging/context/AuthenticationPrincipalArgumentResolver.java b/messaging/src/main/java/org/springframework/security/messaging/context/AuthenticationPrincipalArgumentResolver.java
index 031752ffef..58cd4f720e 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/context/AuthenticationPrincipalArgumentResolver.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/context/AuthenticationPrincipalArgumentResolver.java
@@ -98,26 +98,20 @@ public final class AuthenticationPrincipalArgumentResolver implements HandlerMet
 			return null;
 		}
 		Object principal = authentication.getPrincipal();
-
 		AuthenticationPrincipal authPrincipal = findMethodAnnotation(AuthenticationPrincipal.class, parameter);
-
 		String expressionToParse = authPrincipal.expression();
 		if (StringUtils.hasLength(expressionToParse)) {
 			StandardEvaluationContext context = new StandardEvaluationContext();
 			context.setRootObject(principal);
 			context.setVariable("this", principal);
-
 			Expression expression = this.parser.parseExpression(expressionToParse);
 			principal = expression.getValue(context);
 		}
-
 		if (principal != null && !parameter.getParameterType().isAssignableFrom(principal.getClass())) {
 			if (authPrincipal.errorOnInvalidType()) {
 				throw new ClassCastException(principal + " is not assignable to " + parameter.getParameterType());
 			}
-			else {
-				return null;
-			}
+			return null;
 		}
 		return principal;
 	}
diff --git a/messaging/src/main/java/org/springframework/security/messaging/context/SecurityContextChannelInterceptor.java b/messaging/src/main/java/org/springframework/security/messaging/context/SecurityContextChannelInterceptor.java
index 409043edcb..594cfcacba 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/context/SecurityContextChannelInterceptor.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/context/SecurityContextChannelInterceptor.java
@@ -43,9 +43,9 @@ import org.springframework.util.Assert;
 public final class SecurityContextChannelInterceptor extends ChannelInterceptorAdapter
 		implements ExecutorChannelInterceptor {
 
-	private final SecurityContext EMPTY_CONTEXT = SecurityContextHolder.createEmptyContext();
+	private static final SecurityContext EMPTY_CONTEXT = SecurityContextHolder.createEmptyContext();
 
-	private static final ThreadLocal<Stack<SecurityContext>> ORIGINAL_CONTEXT = new ThreadLocal<>();
+	private static final ThreadLocal<Stack<SecurityContext>> originalContext = new ThreadLocal<>();
 
 	private final String authenticationHeaderName;
 
@@ -110,46 +110,41 @@ public final class SecurityContextChannelInterceptor extends ChannelInterceptorA
 
 	private void setup(Message<?> message) {
 		SecurityContext currentContext = SecurityContextHolder.getContext();
-
-		Stack<SecurityContext> contextStack = ORIGINAL_CONTEXT.get();
+		Stack<SecurityContext> contextStack = originalContext.get();
 		if (contextStack == null) {
 			contextStack = new Stack<>();
-			ORIGINAL_CONTEXT.set(contextStack);
+			originalContext.set(contextStack);
 		}
 		contextStack.push(currentContext);
-
 		Object user = message.getHeaders().get(this.authenticationHeaderName);
-
-		Authentication authentication;
-		if ((user instanceof Authentication)) {
-			authentication = (Authentication) user;
-		}
-		else {
-			authentication = this.anonymous;
-		}
+		Authentication authentication = getAuthentication(user);
 		SecurityContext context = SecurityContextHolder.createEmptyContext();
 		context.setAuthentication(authentication);
 		SecurityContextHolder.setContext(context);
 	}
 
-	private void cleanup() {
-		Stack<SecurityContext> contextStack = ORIGINAL_CONTEXT.get();
+	private Authentication getAuthentication(Object user) {
+		if ((user instanceof Authentication)) {
+			return (Authentication) user;
+		}
+		return this.anonymous;
+	}
 
+	private void cleanup() {
+		Stack<SecurityContext> contextStack = originalContext.get();
 		if (contextStack == null || contextStack.isEmpty()) {
 			SecurityContextHolder.clearContext();
-			ORIGINAL_CONTEXT.remove();
+			originalContext.remove();
 			return;
 		}
-
-		SecurityContext originalContext = contextStack.pop();
-
+		SecurityContext context = contextStack.pop();
 		try {
-			if (this.EMPTY_CONTEXT.equals(originalContext)) {
+			if (SecurityContextChannelInterceptor.EMPTY_CONTEXT.equals(context)) {
 				SecurityContextHolder.clearContext();
-				ORIGINAL_CONTEXT.remove();
+				originalContext.remove();
 			}
 			else {
-				SecurityContextHolder.setContext(originalContext);
+				SecurityContextHolder.setContext(context);
 			}
 		}
 		catch (Throwable ex) {
diff --git a/messaging/src/main/java/org/springframework/security/messaging/handler/invocation/reactive/AuthenticationPrincipalArgumentResolver.java b/messaging/src/main/java/org/springframework/security/messaging/handler/invocation/reactive/AuthenticationPrincipalArgumentResolver.java
index 237b79cc13..a857232d44 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/handler/invocation/reactive/AuthenticationPrincipalArgumentResolver.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/handler/invocation/reactive/AuthenticationPrincipalArgumentResolver.java
@@ -134,28 +134,21 @@ public class AuthenticationPrincipalArgumentResolver implements HandlerMethodArg
 
 	private Object resolvePrincipal(MethodParameter parameter, Object principal) {
 		AuthenticationPrincipal authPrincipal = findMethodAnnotation(AuthenticationPrincipal.class, parameter);
-
 		String expressionToParse = authPrincipal.expression();
 		if (StringUtils.hasLength(expressionToParse)) {
 			StandardEvaluationContext context = new StandardEvaluationContext();
 			context.setRootObject(principal);
 			context.setVariable("this", principal);
 			context.setBeanResolver(this.beanResolver);
-
 			Expression expression = this.parser.parseExpression(expressionToParse);
 			principal = expression.getValue(context);
 		}
-
 		if (isInvalidType(parameter, principal)) {
-
 			if (authPrincipal.errorOnInvalidType()) {
 				throw new ClassCastException(principal + " is not assignable to " + parameter.getParameterType());
 			}
-			else {
-				return null;
-			}
+			return null;
 		}
-
 		return principal;
 	}
 
diff --git a/messaging/src/main/java/org/springframework/security/messaging/handler/invocation/reactive/CurrentSecurityContextArgumentResolver.java b/messaging/src/main/java/org/springframework/security/messaging/handler/invocation/reactive/CurrentSecurityContextArgumentResolver.java
index 4b835e3f97..89491d2b17 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/handler/invocation/reactive/CurrentSecurityContextArgumentResolver.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/handler/invocation/reactive/CurrentSecurityContextArgumentResolver.java
@@ -133,28 +133,21 @@ public class CurrentSecurityContextArgumentResolver implements HandlerMethodArgu
 
 	private Object resolveSecurityContext(MethodParameter parameter, Object securityContext) {
 		CurrentSecurityContext contextAnno = findMethodAnnotation(CurrentSecurityContext.class, parameter);
-
 		String expressionToParse = contextAnno.expression();
 		if (StringUtils.hasLength(expressionToParse)) {
 			StandardEvaluationContext context = new StandardEvaluationContext();
 			context.setRootObject(securityContext);
 			context.setVariable("this", securityContext);
 			context.setBeanResolver(this.beanResolver);
-
 			Expression expression = this.parser.parseExpression(expressionToParse);
 			securityContext = expression.getValue(context);
 		}
-
 		if (isInvalidType(parameter, securityContext)) {
-
 			if (contextAnno.errorOnInvalidType()) {
 				throw new ClassCastException(securityContext + " is not assignable to " + parameter.getParameterType());
 			}
-			else {
-				return null;
-			}
+			return null;
 		}
-
 		return securityContext;
 	}
 
diff --git a/messaging/src/main/java/org/springframework/security/messaging/util/matcher/AbstractMessageMatcherComposite.java b/messaging/src/main/java/org/springframework/security/messaging/util/matcher/AbstractMessageMatcherComposite.java
index fc1ca1f2c0..bf899ba1df 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/util/matcher/AbstractMessageMatcherComposite.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/util/matcher/AbstractMessageMatcherComposite.java
@@ -31,7 +31,13 @@ import org.springframework.util.Assert;
  */
 public abstract class AbstractMessageMatcherComposite<T> implements MessageMatcher<T> {
 
-	protected final Log LOGGER = LogFactory.getLog(getClass());
+	protected final Log logger = LogFactory.getLog(getClass());
+
+	/**
+	 * @deprecated since 5.4 in favor of {@link #logger}
+	 */
+	@Deprecated
+	protected final Log LOGGER = this.logger;
 
 	private final List<MessageMatcher<T>> messageMatchers;
 
@@ -41,9 +47,7 @@ public abstract class AbstractMessageMatcherComposite<T> implements MessageMatch
 	 */
 	AbstractMessageMatcherComposite(List<MessageMatcher<T>> messageMatchers) {
 		Assert.notEmpty(messageMatchers, "messageMatchers must contain a value");
-		if (messageMatchers.contains(null)) {
-			throw new IllegalArgumentException("messageMatchers cannot contain null values");
-		}
+		Assert.isTrue(!messageMatchers.contains(null), "messageMatchers cannot contain null values");
 		this.messageMatchers = messageMatchers;
 
 	}
diff --git a/messaging/src/main/java/org/springframework/security/messaging/util/matcher/AndMessageMatcher.java b/messaging/src/main/java/org/springframework/security/messaging/util/matcher/AndMessageMatcher.java
index 45767fc56e..6edc0c4ef4 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/util/matcher/AndMessageMatcher.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/util/matcher/AndMessageMatcher.java
@@ -18,6 +18,7 @@ package org.springframework.security.messaging.util.matcher;
 
 import java.util.List;
 
+import org.springframework.core.log.LogMessage;
 import org.springframework.messaging.Message;
 
 /**
@@ -49,15 +50,13 @@ public final class AndMessageMatcher<T> extends AbstractMessageMatcherComposite<
 	@Override
 	public boolean matches(Message<? extends T> message) {
 		for (MessageMatcher<T> matcher : getMessageMatchers()) {
-			if (this.LOGGER.isDebugEnabled()) {
-				this.LOGGER.debug("Trying to match using " + matcher);
-			}
+			this.logger.debug(LogMessage.format("Trying to match using %s", matcher));
 			if (!matcher.matches(message)) {
-				this.LOGGER.debug("Did not match");
+				this.logger.debug("Did not match");
 				return false;
 			}
 		}
-		this.LOGGER.debug("All messageMatchers returned true");
+		this.logger.debug("All messageMatchers returned true");
 		return true;
 	}
 
diff --git a/messaging/src/main/java/org/springframework/security/messaging/util/matcher/MessageMatcher.java b/messaging/src/main/java/org/springframework/security/messaging/util/matcher/MessageMatcher.java
index 50d401ba3b..ffafb72a6a 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/util/matcher/MessageMatcher.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/util/matcher/MessageMatcher.java
@@ -26,17 +26,11 @@ import org.springframework.messaging.Message;
  */
 public interface MessageMatcher<T> {
 
-	/**
-	 * Returns true if the {@link Message} matches, else false
-	 * @param message the {@link Message} to match on
-	 * @return true if the {@link Message} matches, else false
-	 */
-	boolean matches(Message<? extends T> message);
-
 	/**
 	 * Matches every {@link Message}
 	 */
 	MessageMatcher<Object> ANY_MESSAGE = new MessageMatcher<Object>() {
+
 		@Override
 		public boolean matches(Message<?> message) {
 			return true;
@@ -46,6 +40,14 @@ public interface MessageMatcher<T> {
 		public String toString() {
 			return "ANY_MESSAGE";
 		}
+
 	};
 
+	/**
+	 * Returns true if the {@link Message} matches, else false
+	 * @param message the {@link Message} to match on
+	 * @return true if the {@link Message} matches, else false
+	 */
+	boolean matches(Message<? extends T> message);
+
 }
diff --git a/messaging/src/main/java/org/springframework/security/messaging/util/matcher/OrMessageMatcher.java b/messaging/src/main/java/org/springframework/security/messaging/util/matcher/OrMessageMatcher.java
index fb9971cde3..010fe7aecf 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/util/matcher/OrMessageMatcher.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/util/matcher/OrMessageMatcher.java
@@ -18,6 +18,7 @@ package org.springframework.security.messaging.util.matcher;
 
 import java.util.List;
 
+import org.springframework.core.log.LogMessage;
 import org.springframework.messaging.Message;
 
 /**
@@ -49,15 +50,13 @@ public final class OrMessageMatcher<T> extends AbstractMessageMatcherComposite<T
 	@Override
 	public boolean matches(Message<? extends T> message) {
 		for (MessageMatcher<T> matcher : getMessageMatchers()) {
-			if (this.LOGGER.isDebugEnabled()) {
-				this.LOGGER.debug("Trying to match using " + matcher);
-			}
+			this.logger.debug(LogMessage.format("Trying to match using %s", matcher));
 			if (matcher.matches(message)) {
-				this.LOGGER.debug("matched");
+				this.logger.debug("matched");
 				return true;
 			}
 		}
-		this.LOGGER.debug("No matches found");
+		this.logger.debug("No matches found");
 		return false;
 	}
 
diff --git a/messaging/src/main/java/org/springframework/security/messaging/util/matcher/SimpDestinationMessageMatcher.java b/messaging/src/main/java/org/springframework/security/messaging/util/matcher/SimpDestinationMessageMatcher.java
index 39a52b3beb..d4ae0e15d6 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/util/matcher/SimpDestinationMessageMatcher.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/util/matcher/SimpDestinationMessageMatcher.java
@@ -107,11 +107,8 @@ public final class SimpDestinationMessageMatcher implements MessageMatcher<Objec
 	private SimpDestinationMessageMatcher(String pattern, SimpMessageType type, PathMatcher pathMatcher) {
 		Assert.notNull(pattern, "pattern cannot be null");
 		Assert.notNull(pathMatcher, "pathMatcher cannot be null");
-		if (!isTypeWithDestination(type)) {
-			throw new IllegalArgumentException(
-					"SimpMessageType " + type + " does not contain a destination and so cannot be matched on.");
-		}
-
+		Assert.isTrue(isTypeWithDestination(type),
+				() -> "SimpMessageType " + type + " does not contain a destination and so cannot be matched on.");
 		this.matcher = pathMatcher;
 		this.messageTypeMatcher = (type != null) ? new SimpMessageTypeMatcher(type) : ANY_MESSAGE;
 		this.pattern = pattern;
@@ -122,7 +119,6 @@ public final class SimpDestinationMessageMatcher implements MessageMatcher<Objec
 		if (!this.messageTypeMatcher.matches(message)) {
 			return false;
 		}
-
 		String destination = SimpMessageHeaderAccessor.getDestination(message.getHeaders());
 		return destination != null && this.matcher.match(this.pattern, destination);
 	}
@@ -144,10 +140,7 @@ public final class SimpDestinationMessageMatcher implements MessageMatcher<Objec
 	}
 
 	private boolean isTypeWithDestination(SimpMessageType type) {
-		if (type == null) {
-			return true;
-		}
-		return SimpMessageType.MESSAGE.equals(type) || SimpMessageType.SUBSCRIBE.equals(type);
+		return type == null || SimpMessageType.MESSAGE.equals(type) || SimpMessageType.SUBSCRIBE.equals(type);
 	}
 
 	/**
diff --git a/messaging/src/main/java/org/springframework/security/messaging/util/matcher/SimpMessageTypeMatcher.java b/messaging/src/main/java/org/springframework/security/messaging/util/matcher/SimpMessageTypeMatcher.java
index 82fc578cb7..00aa6e8a64 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/util/matcher/SimpMessageTypeMatcher.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/util/matcher/SimpMessageTypeMatcher.java
@@ -49,7 +49,6 @@ public class SimpMessageTypeMatcher implements MessageMatcher<Object> {
 	public boolean matches(Message<?> message) {
 		MessageHeaders headers = message.getHeaders();
 		SimpMessageType messageType = SimpMessageHeaderAccessor.getMessageType(headers);
-
 		return this.typeToMatch == messageType;
 	}
 
@@ -63,7 +62,6 @@ public class SimpMessageTypeMatcher implements MessageMatcher<Object> {
 		}
 		SimpMessageTypeMatcher otherMatcher = (SimpMessageTypeMatcher) other;
 		return ObjectUtils.nullSafeEquals(this.typeToMatch, otherMatcher.typeToMatch);
-
 	}
 
 	@Override
diff --git a/messaging/src/main/java/org/springframework/security/messaging/web/csrf/CsrfChannelInterceptor.java b/messaging/src/main/java/org/springframework/security/messaging/web/csrf/CsrfChannelInterceptor.java
index e9b26e7f2f..059b34bddb 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/web/csrf/CsrfChannelInterceptor.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/web/csrf/CsrfChannelInterceptor.java
@@ -46,23 +46,19 @@ public final class CsrfChannelInterceptor extends ChannelInterceptorAdapter {
 		if (!this.matcher.matches(message)) {
 			return message;
 		}
-
 		Map<String, Object> sessionAttributes = SimpMessageHeaderAccessor.getSessionAttributes(message.getHeaders());
 		CsrfToken expectedToken = (sessionAttributes != null)
 				? (CsrfToken) sessionAttributes.get(CsrfToken.class.getName()) : null;
-
 		if (expectedToken == null) {
 			throw new MissingCsrfTokenException(null);
 		}
-
 		String actualTokenValue = SimpMessageHeaderAccessor.wrap(message)
 				.getFirstNativeHeader(expectedToken.getHeaderName());
-
 		boolean csrfCheckPassed = expectedToken.getToken().equals(actualTokenValue);
-		if (csrfCheckPassed) {
-			return message;
+		if (!csrfCheckPassed) {
+			throw new InvalidCsrfTokenException(expectedToken, actualTokenValue);
 		}
-		throw new InvalidCsrfTokenException(expectedToken, actualTokenValue);
+		return message;
 	}
 
 }

From 7a715f908601a5ee72b7d62dc5eba4b0bfc47f2b Mon Sep 17 00:00:00 2001
From: Phillip Webb <pwebb@vmware.com>
Date: Fri, 31 Jul 2020 19:24:40 -0700
Subject: [PATCH 57/84] Polish spring-security-oauth2-client main code

Manually polish `spring-security-oauth-cleint` following the
formatting and checkstyle fixes.

Issue gh-8945
---
 ...ionCodeOAuth2AuthorizedClientProvider.java |  1 -
 ...eactiveOAuth2AuthorizedClientProvider.java |  1 -
 ...tServiceOAuth2AuthorizedClientManager.java | 26 ++---
 ...ReactiveOAuth2AuthorizedClientManager.java |  1 -
 ...entialsOAuth2AuthorizedClientProvider.java | 16 ++-
 ...eactiveOAuth2AuthorizedClientProvider.java |  8 +-
 .../JdbcOAuth2AuthorizedClientService.java    | 18 ----
 .../oauth2/client/OAuth2AuthorizeRequest.java |  3 +-
 ...asswordOAuth2AuthorizedClientProvider.java | 23 ++---
 ...eactiveOAuth2AuthorizedClientProvider.java |  7 --
 ...shTokenOAuth2AuthorizedClientProvider.java | 15 ++-
 ...eactiveOAuth2AuthorizedClientProvider.java |  4 -
 ...ientOAuth2AuthorizationFailureHandler.java | 38 +++----
 ...tiveOAuth2AuthorizationFailureHandler.java | 40 +++-----
 ...thorizationCodeAuthenticationProvider.java |  6 --
 ...tionCodeReactiveAuthenticationManager.java |  4 -
 .../OAuth2LoginAuthenticationProvider.java    | 11 +--
 .../OAuth2LoginAuthenticationToken.java       |  1 -
 ...th2LoginReactiveAuthenticationManager.java |  8 +-
 ...tAuthorizationCodeTokenResponseClient.java | 30 +++---
 ...tClientCredentialsTokenResponseClient.java | 30 +++---
 .../DefaultPasswordTokenResponseClient.java   | 30 +++---
 ...efaultRefreshTokenTokenResponseClient.java | 51 +++++-----
 ...sAuthorizationCodeTokenResponseClient.java | 99 +++++++++----------
 ...zationCodeGrantRequestEntityConverter.java |  4 -
 ...redentialsGrantRequestEntityConverter.java |  4 -
 ...h2PasswordGrantRequestEntityConverter.java |  4 -
 ...freshTokenGrantRequestEntityConverter.java |  4 -
 ...activeRefreshTokenTokenResponseClient.java |  2 -
 .../http/OAuth2ErrorResponseErrorHandler.java | 22 ++---
 .../ClientRegistrationDeserializer.java       |  6 +-
 .../oauth2/client/jackson2/JsonNodeUtils.java | 26 ++---
 ...Auth2AuthorizationRequestDeserializer.java | 48 ++++-----
 .../oauth2/client/jackson2/StdConverters.java | 14 +--
 ...thorizationCodeAuthenticationProvider.java | 91 ++++++++---------
 ...tionCodeReactiveAuthenticationManager.java | 28 +++---
 .../OidcIdTokenDecoderFactory.java            | 49 +++++----
 .../authentication/OidcIdTokenValidator.java  | 13 ---
 .../ReactiveOidcIdTokenDecoderFactory.java    | 49 +++++----
 .../OidcReactiveOAuth2UserService.java        |  6 +-
 .../client/oidc/userinfo/OidcUserRequest.java |  2 -
 .../oidc/userinfo/OidcUserRequestUtils.java   |  4 -
 .../client/oidc/userinfo/OidcUserService.java | 51 ++++------
 ...dcClientInitiatedLogoutSuccessHandler.java | 20 ++--
 ...ntInitiatedServerLogoutSuccessHandler.java | 10 +-
 .../registration/ClientRegistration.java      | 37 ++++---
 .../registration/ClientRegistrations.java     | 26 ++---
 .../InMemoryClientRegistrationRepository.java |  5 +-
 .../CustomUserTypesOAuth2UserService.java     | 14 +--
 .../userinfo/DefaultOAuth2UserService.java    | 26 +++--
 .../DefaultReactiveOAuth2UserService.java     | 56 +++++------
 .../OAuth2UserRequestEntityConverter.java     | 15 +--
 ...cipalOAuth2AuthorizedClientRepository.java |  5 +-
 ...ultOAuth2AuthorizationRequestResolver.java | 60 ++++++-----
 .../DefaultOAuth2AuthorizedClientManager.java |  6 --
 ...ReactiveOAuth2AuthorizedClientManager.java |  3 -
 .../OAuth2AuthorizationCodeGrantFilter.java   | 15 ---
 ...th2AuthorizationRequestRedirectFilter.java | 22 ++---
 .../web/OAuth2AuthorizationResponseUtils.java | 11 +--
 .../web/OAuth2LoginAuthenticationFilter.java  |  8 --
 ...Auth2AuthorizedClientArgumentResolver.java | 21 ++--
 ...uthorizedClientExchangeFilterFunction.java | 94 ++++++++----------
 ...uthorizedClientExchangeFilterFunction.java | 75 ++++++--------
 ...Auth2AuthorizedClientArgumentResolver.java | 10 +-
 ...erverOAuth2AuthorizedClientRepository.java | 15 +--
 ...verOAuth2AuthorizationRequestResolver.java | 40 ++++----
 ...OAuth2AuthorizationCodeGrantWebFilter.java |  5 +-
 ...AuthorizationRequestRedirectWebFilter.java |  5 +-
 .../OAuth2AuthorizationResponseUtils.java     | 11 +--
 ...erverOAuth2AuthorizedClientRepository.java |  1 -
 ...2ServerAuthorizationRequestRepository.java |  3 -
 71 files changed, 603 insertions(+), 914 deletions(-)

diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizationCodeOAuth2AuthorizedClientProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizationCodeOAuth2AuthorizedClientProvider.java
index d99b1a7384..2911fd90de 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizationCodeOAuth2AuthorizedClientProvider.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizationCodeOAuth2AuthorizedClientProvider.java
@@ -46,7 +46,6 @@ public final class AuthorizationCodeOAuth2AuthorizedClientProvider implements OA
 	@Nullable
 	public OAuth2AuthorizedClient authorize(OAuth2AuthorizationContext context) {
 		Assert.notNull(context, "context cannot be null");
-
 		if (AuthorizationGrantType.AUTHORIZATION_CODE.equals(
 				context.getClientRegistration().getAuthorizationGrantType()) && context.getAuthorizedClient() == null) {
 			// ClientAuthorizationRequiredException is caught by
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizationCodeReactiveOAuth2AuthorizedClientProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizationCodeReactiveOAuth2AuthorizedClientProvider.java
index acff2900ba..ab15fe304a 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizationCodeReactiveOAuth2AuthorizedClientProvider.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizationCodeReactiveOAuth2AuthorizedClientProvider.java
@@ -47,7 +47,6 @@ public final class AuthorizationCodeReactiveOAuth2AuthorizedClientProvider
 	@Override
 	public Mono<OAuth2AuthorizedClient> authorize(OAuth2AuthorizationContext context) {
 		Assert.notNull(context, "context cannot be null");
-
 		if (AuthorizationGrantType.AUTHORIZATION_CODE.equals(
 				context.getClientRegistration().getAuthorizationGrantType()) && context.getAuthorizedClient() == null) {
 			// ClientAuthorizationRequiredException is caught by
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizedClientServiceOAuth2AuthorizedClientManager.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizedClientServiceOAuth2AuthorizedClientManager.java
index e2a4d6a753..2d8490a2da 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizedClientServiceOAuth2AuthorizedClientManager.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizedClientServiceOAuth2AuthorizedClientManager.java
@@ -115,11 +115,9 @@ public final class AuthorizedClientServiceOAuth2AuthorizedClientManager implemen
 	@Override
 	public OAuth2AuthorizedClient authorize(OAuth2AuthorizeRequest authorizeRequest) {
 		Assert.notNull(authorizeRequest, "authorizeRequest cannot be null");
-
 		String clientRegistrationId = authorizeRequest.getClientRegistrationId();
 		OAuth2AuthorizedClient authorizedClient = authorizeRequest.getAuthorizedClient();
 		Authentication principal = authorizeRequest.getPrincipal();
-
 		OAuth2AuthorizationContext.Builder contextBuilder;
 		if (authorizedClient != null) {
 			contextBuilder = OAuth2AuthorizationContext.withAuthorizedClient(authorizedClient);
@@ -138,14 +136,8 @@ public final class AuthorizedClientServiceOAuth2AuthorizedClientManager implemen
 				contextBuilder = OAuth2AuthorizationContext.withClientRegistration(clientRegistration);
 			}
 		}
-		OAuth2AuthorizationContext authorizationContext = contextBuilder.principal(principal)
-				.attributes((attributes) -> {
-					Map<String, Object> contextAttributes = this.contextAttributesMapper.apply(authorizeRequest);
-					if (!CollectionUtils.isEmpty(contextAttributes)) {
-						attributes.putAll(contextAttributes);
-					}
-				}).build();
-
+		OAuth2AuthorizationContext authorizationContext = buildAuthorizationContext(authorizeRequest, principal,
+				contextBuilder);
 		try {
 			authorizedClient = this.authorizedClientProvider.authorize(authorizationContext);
 		}
@@ -153,7 +145,6 @@ public final class AuthorizedClientServiceOAuth2AuthorizedClientManager implemen
 			this.authorizationFailureHandler.onAuthorizationFailure(ex, principal, Collections.emptyMap());
 			throw ex;
 		}
-
 		if (authorizedClient != null) {
 			this.authorizationSuccessHandler.onAuthorizationSuccess(authorizedClient, principal,
 					Collections.emptyMap());
@@ -167,10 +158,21 @@ public final class AuthorizedClientServiceOAuth2AuthorizedClientManager implemen
 				return authorizationContext.getAuthorizedClient();
 			}
 		}
-
 		return authorizedClient;
 	}
 
+	private OAuth2AuthorizationContext buildAuthorizationContext(OAuth2AuthorizeRequest authorizeRequest,
+			Authentication principal, OAuth2AuthorizationContext.Builder contextBuilder) {
+		OAuth2AuthorizationContext authorizationContext = contextBuilder.principal(principal)
+				.attributes((attributes) -> {
+					Map<String, Object> contextAttributes = this.contextAttributesMapper.apply(authorizeRequest);
+					if (!CollectionUtils.isEmpty(contextAttributes)) {
+						attributes.putAll(contextAttributes);
+					}
+				}).build();
+		return authorizationContext;
+	}
+
 	/**
 	 * Sets the {@link OAuth2AuthorizedClientProvider} used for authorizing (or
 	 * re-authorizing) an OAuth 2.0 Client.
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager.java
index c1a6193e6f..2724d5b5e7 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager.java
@@ -120,7 +120,6 @@ public final class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager
 	@Override
 	public Mono<OAuth2AuthorizedClient> authorize(OAuth2AuthorizeRequest authorizeRequest) {
 		Assert.notNull(authorizeRequest, "authorizeRequest cannot be null");
-
 		return createAuthorizationContext(authorizeRequest)
 				.flatMap((authorizationContext) -> authorize(authorizationContext, authorizeRequest.getPrincipal()));
 	}
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ClientCredentialsOAuth2AuthorizedClientProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ClientCredentialsOAuth2AuthorizedClientProvider.java
index c6186fb34e..527b7bfd9f 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ClientCredentialsOAuth2AuthorizedClientProvider.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ClientCredentialsOAuth2AuthorizedClientProvider.java
@@ -64,39 +64,37 @@ public final class ClientCredentialsOAuth2AuthorizedClientProvider implements OA
 	@Nullable
 	public OAuth2AuthorizedClient authorize(OAuth2AuthorizationContext context) {
 		Assert.notNull(context, "context cannot be null");
-
 		ClientRegistration clientRegistration = context.getClientRegistration();
 		if (!AuthorizationGrantType.CLIENT_CREDENTIALS.equals(clientRegistration.getAuthorizationGrantType())) {
 			return null;
 		}
-
 		OAuth2AuthorizedClient authorizedClient = context.getAuthorizedClient();
 		if (authorizedClient != null && !hasTokenExpired(authorizedClient.getAccessToken())) {
 			// If client is already authorized but access token is NOT expired than no
 			// need for re-authorization
 			return null;
 		}
-
 		// As per spec, in section 4.4.3 Access Token Response
 		// https://tools.ietf.org/html/rfc6749#section-4.4.3
 		// A refresh token SHOULD NOT be included.
 		//
 		// Therefore, renewing an expired access token (re-authorization)
 		// is the same as acquiring a new access token (authorization).
-
 		OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest = new OAuth2ClientCredentialsGrantRequest(
 				clientRegistration);
+		OAuth2AccessTokenResponse tokenResponse = getTokenResponse(clientRegistration, clientCredentialsGrantRequest);
+		return new OAuth2AuthorizedClient(clientRegistration, context.getPrincipal().getName(),
+				tokenResponse.getAccessToken());
+	}
 
-		OAuth2AccessTokenResponse tokenResponse;
+	private OAuth2AccessTokenResponse getTokenResponse(ClientRegistration clientRegistration,
+			OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest) {
 		try {
-			tokenResponse = this.accessTokenResponseClient.getTokenResponse(clientCredentialsGrantRequest);
+			return this.accessTokenResponseClient.getTokenResponse(clientCredentialsGrantRequest);
 		}
 		catch (OAuth2AuthorizationException ex) {
 			throw new ClientAuthorizationException(ex.getError(), clientRegistration.getRegistrationId(), ex);
 		}
-
-		return new OAuth2AuthorizedClient(clientRegistration, context.getPrincipal().getName(),
-				tokenResponse.getAccessToken());
 	}
 
 	private boolean hasTokenExpired(AbstractOAuth2Token token) {
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ClientCredentialsReactiveOAuth2AuthorizedClientProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ClientCredentialsReactiveOAuth2AuthorizedClientProvider.java
index 9a22665efa..e8ec38f7cd 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ClientCredentialsReactiveOAuth2AuthorizedClientProvider.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ClientCredentialsReactiveOAuth2AuthorizedClientProvider.java
@@ -64,31 +64,27 @@ public final class ClientCredentialsReactiveOAuth2AuthorizedClientProvider
 	@Override
 	public Mono<OAuth2AuthorizedClient> authorize(OAuth2AuthorizationContext context) {
 		Assert.notNull(context, "context cannot be null");
-
 		ClientRegistration clientRegistration = context.getClientRegistration();
 		if (!AuthorizationGrantType.CLIENT_CREDENTIALS.equals(clientRegistration.getAuthorizationGrantType())) {
 			return Mono.empty();
 		}
-
 		OAuth2AuthorizedClient authorizedClient = context.getAuthorizedClient();
 		if (authorizedClient != null && !hasTokenExpired(authorizedClient.getAccessToken())) {
 			// If client is already authorized but access token is NOT expired than no
 			// need for re-authorization
 			return Mono.empty();
 		}
-
 		// As per spec, in section 4.4.3 Access Token Response
 		// https://tools.ietf.org/html/rfc6749#section-4.4.3
 		// A refresh token SHOULD NOT be included.
 		//
 		// Therefore, renewing an expired access token (re-authorization)
 		// is the same as acquiring a new access token (authorization).
-
 		return Mono.just(new OAuth2ClientCredentialsGrantRequest(clientRegistration))
 				.flatMap(this.accessTokenResponseClient::getTokenResponse)
 				.onErrorMap(OAuth2AuthorizationException.class,
-						(e) -> new ClientAuthorizationException(e.getError(), clientRegistration.getRegistrationId(),
-								e))
+						(ex) -> new ClientAuthorizationException(ex.getError(), clientRegistration.getRegistrationId(),
+								ex))
 				.map((tokenResponse) -> new OAuth2AuthorizedClient(clientRegistration, context.getPrincipal().getName(),
 						tokenResponse.getAccessToken()));
 	}
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/JdbcOAuth2AuthorizedClientService.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/JdbcOAuth2AuthorizedClientService.java
index 0927195e79..a31c655c4c 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/JdbcOAuth2AuthorizedClientService.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/JdbcOAuth2AuthorizedClientService.java
@@ -99,7 +99,6 @@ public class JdbcOAuth2AuthorizedClientService implements OAuth2AuthorizedClient
 	 */
 	public JdbcOAuth2AuthorizedClientService(JdbcOperations jdbcOperations,
 			ClientRegistrationRepository clientRegistrationRepository) {
-
 		Assert.notNull(jdbcOperations, "jdbcOperations cannot be null");
 		Assert.notNull(clientRegistrationRepository, "clientRegistrationRepository cannot be null");
 		this.jdbcOperations = jdbcOperations;
@@ -113,15 +112,12 @@ public class JdbcOAuth2AuthorizedClientService implements OAuth2AuthorizedClient
 			String principalName) {
 		Assert.hasText(clientRegistrationId, "clientRegistrationId cannot be empty");
 		Assert.hasText(principalName, "principalName cannot be empty");
-
 		SqlParameterValue[] parameters = new SqlParameterValue[] {
 				new SqlParameterValue(Types.VARCHAR, clientRegistrationId),
 				new SqlParameterValue(Types.VARCHAR, principalName) };
 		PreparedStatementSetter pss = new ArgumentPreparedStatementSetter(parameters);
-
 		List<OAuth2AuthorizedClient> result = this.jdbcOperations.query(LOAD_AUTHORIZED_CLIENT_SQL, pss,
 				this.authorizedClientRowMapper);
-
 		return !result.isEmpty() ? (T) result.get(0) : null;
 	}
 
@@ -129,10 +125,8 @@ public class JdbcOAuth2AuthorizedClientService implements OAuth2AuthorizedClient
 	public void saveAuthorizedClient(OAuth2AuthorizedClient authorizedClient, Authentication principal) {
 		Assert.notNull(authorizedClient, "authorizedClient cannot be null");
 		Assert.notNull(principal, "principal cannot be null");
-
 		boolean existsAuthorizedClient = null != this.loadAuthorizedClient(
 				authorizedClient.getClientRegistration().getRegistrationId(), principal.getName());
-
 		if (existsAuthorizedClient) {
 			updateAuthorizedClient(authorizedClient, principal);
 		}
@@ -149,14 +143,11 @@ public class JdbcOAuth2AuthorizedClientService implements OAuth2AuthorizedClient
 	private void updateAuthorizedClient(OAuth2AuthorizedClient authorizedClient, Authentication principal) {
 		List<SqlParameterValue> parameters = this.authorizedClientParametersMapper
 				.apply(new OAuth2AuthorizedClientHolder(authorizedClient, principal));
-
 		SqlParameterValue clientRegistrationIdParameter = parameters.remove(0);
 		SqlParameterValue principalNameParameter = parameters.remove(0);
 		parameters.add(clientRegistrationIdParameter);
 		parameters.add(principalNameParameter);
-
 		PreparedStatementSetter pss = new ArgumentPreparedStatementSetter(parameters.toArray());
-
 		this.jdbcOperations.update(UPDATE_AUTHORIZED_CLIENT_SQL, pss);
 	}
 
@@ -164,7 +155,6 @@ public class JdbcOAuth2AuthorizedClientService implements OAuth2AuthorizedClient
 		List<SqlParameterValue> parameters = this.authorizedClientParametersMapper
 				.apply(new OAuth2AuthorizedClientHolder(authorizedClient, principal));
 		PreparedStatementSetter pss = new ArgumentPreparedStatementSetter(parameters.toArray());
-
 		this.jdbcOperations.update(SAVE_AUTHORIZED_CLIENT_SQL, pss);
 	}
 
@@ -172,12 +162,10 @@ public class JdbcOAuth2AuthorizedClientService implements OAuth2AuthorizedClient
 	public void removeAuthorizedClient(String clientRegistrationId, String principalName) {
 		Assert.hasText(clientRegistrationId, "clientRegistrationId cannot be empty");
 		Assert.hasText(principalName, "principalName cannot be empty");
-
 		SqlParameterValue[] parameters = new SqlParameterValue[] {
 				new SqlParameterValue(Types.VARCHAR, clientRegistrationId),
 				new SqlParameterValue(Types.VARCHAR, principalName) };
 		PreparedStatementSetter pss = new ArgumentPreparedStatementSetter(parameters);
-
 		this.jdbcOperations.update(REMOVE_AUTHORIZED_CLIENT_SQL, pss);
 	}
 
@@ -229,7 +217,6 @@ public class JdbcOAuth2AuthorizedClientService implements OAuth2AuthorizedClient
 						"The ClientRegistration with id '" + clientRegistrationId + "' exists in the data source, "
 								+ "however, it was not found in the ClientRegistrationRepository.");
 			}
-
 			OAuth2AccessToken.TokenType tokenType = null;
 			if (OAuth2AccessToken.TokenType.BEARER.getValue().equalsIgnoreCase(rs.getString("access_token_type"))) {
 				tokenType = OAuth2AccessToken.TokenType.BEARER;
@@ -243,7 +230,6 @@ public class JdbcOAuth2AuthorizedClientService implements OAuth2AuthorizedClient
 				scopes = StringUtils.commaDelimitedListToSet(accessTokenScopes);
 			}
 			OAuth2AccessToken accessToken = new OAuth2AccessToken(tokenType, tokenValue, issuedAt, expiresAt, scopes);
-
 			OAuth2RefreshToken refreshToken = null;
 			byte[] refreshTokenValue = rs.getBytes("refresh_token_value");
 			if (refreshTokenValue != null) {
@@ -255,9 +241,7 @@ public class JdbcOAuth2AuthorizedClientService implements OAuth2AuthorizedClient
 				}
 				refreshToken = new OAuth2RefreshToken(tokenValue, issuedAt);
 			}
-
 			String principalName = rs.getString("principal_name");
-
 			return new OAuth2AuthorizedClient(clientRegistration, principalName, accessToken, refreshToken);
 		}
 
@@ -277,7 +261,6 @@ public class JdbcOAuth2AuthorizedClientService implements OAuth2AuthorizedClient
 			ClientRegistration clientRegistration = authorizedClient.getClientRegistration();
 			OAuth2AccessToken accessToken = authorizedClient.getAccessToken();
 			OAuth2RefreshToken refreshToken = authorizedClient.getRefreshToken();
-
 			List<SqlParameterValue> parameters = new ArrayList<>();
 			parameters.add(new SqlParameterValue(Types.VARCHAR, clientRegistration.getRegistrationId()));
 			parameters.add(new SqlParameterValue(Types.VARCHAR, principal.getName()));
@@ -301,7 +284,6 @@ public class JdbcOAuth2AuthorizedClientService implements OAuth2AuthorizedClient
 			}
 			parameters.add(new SqlParameterValue(Types.BLOB, refreshTokenValue));
 			parameters.add(new SqlParameterValue(Types.TIMESTAMP, refreshTokenIssuedAt));
-
 			return parameters;
 		}
 
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizeRequest.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizeRequest.java
index b4ef828a13..58a4ad3531 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizeRequest.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizeRequest.java
@@ -157,8 +157,8 @@ public final class OAuth2AuthorizeRequest {
 
 		private static Authentication createAuthentication(final String principalName) {
 			Assert.hasText(principalName, "principalName cannot be empty");
-
 			return new AbstractAuthenticationToken(null) {
+
 				@Override
 				public Object getCredentials() {
 					return "";
@@ -168,6 +168,7 @@ public final class OAuth2AuthorizeRequest {
 				public Object getPrincipal() {
 					return principalName;
 				}
+
 			};
 		}
 
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/PasswordOAuth2AuthorizedClientProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/PasswordOAuth2AuthorizedClientProvider.java
index a45b697dbf..931e862b79 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/PasswordOAuth2AuthorizedClientProvider.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/PasswordOAuth2AuthorizedClientProvider.java
@@ -77,48 +77,43 @@ public final class PasswordOAuth2AuthorizedClientProvider implements OAuth2Autho
 	@Nullable
 	public OAuth2AuthorizedClient authorize(OAuth2AuthorizationContext context) {
 		Assert.notNull(context, "context cannot be null");
-
 		ClientRegistration clientRegistration = context.getClientRegistration();
 		OAuth2AuthorizedClient authorizedClient = context.getAuthorizedClient();
-
 		if (!AuthorizationGrantType.PASSWORD.equals(clientRegistration.getAuthorizationGrantType())) {
 			return null;
 		}
-
 		String username = context.getAttribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME);
 		String password = context.getAttribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME);
 		if (!StringUtils.hasText(username) || !StringUtils.hasText(password)) {
 			return null;
 		}
-
 		if (authorizedClient != null && !hasTokenExpired(authorizedClient.getAccessToken())) {
 			// If client is already authorized and access token is NOT expired than no
 			// need for re-authorization
 			return null;
 		}
-
 		if (authorizedClient != null && hasTokenExpired(authorizedClient.getAccessToken())
 				&& authorizedClient.getRefreshToken() != null) {
 			// If client is already authorized and access token is expired and a refresh
-			// token is available,
-			// than return and allow RefreshTokenOAuth2AuthorizedClientProvider to handle
-			// the refresh
+			// token is available, than return and allow
+			// RefreshTokenOAuth2AuthorizedClientProvider to handle the refresh
 			return null;
 		}
-
 		OAuth2PasswordGrantRequest passwordGrantRequest = new OAuth2PasswordGrantRequest(clientRegistration, username,
 				password);
+		OAuth2AccessTokenResponse tokenResponse = getTokenResponse(clientRegistration, passwordGrantRequest);
+		return new OAuth2AuthorizedClient(clientRegistration, context.getPrincipal().getName(),
+				tokenResponse.getAccessToken(), tokenResponse.getRefreshToken());
+	}
 
-		OAuth2AccessTokenResponse tokenResponse;
+	private OAuth2AccessTokenResponse getTokenResponse(ClientRegistration clientRegistration,
+			OAuth2PasswordGrantRequest passwordGrantRequest) {
 		try {
-			tokenResponse = this.accessTokenResponseClient.getTokenResponse(passwordGrantRequest);
+			return this.accessTokenResponseClient.getTokenResponse(passwordGrantRequest);
 		}
 		catch (OAuth2AuthorizationException ex) {
 			throw new ClientAuthorizationException(ex.getError(), clientRegistration.getRegistrationId(), ex);
 		}
-
-		return new OAuth2AuthorizedClient(clientRegistration, context.getPrincipal().getName(),
-				tokenResponse.getAccessToken(), tokenResponse.getRefreshToken());
 	}
 
 	private boolean hasTokenExpired(AbstractOAuth2Token token) {
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/PasswordReactiveOAuth2AuthorizedClientProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/PasswordReactiveOAuth2AuthorizedClientProvider.java
index 3b34cf85d9..7240fef0cc 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/PasswordReactiveOAuth2AuthorizedClientProvider.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/PasswordReactiveOAuth2AuthorizedClientProvider.java
@@ -77,26 +77,21 @@ public final class PasswordReactiveOAuth2AuthorizedClientProvider implements Rea
 	@Override
 	public Mono<OAuth2AuthorizedClient> authorize(OAuth2AuthorizationContext context) {
 		Assert.notNull(context, "context cannot be null");
-
 		ClientRegistration clientRegistration = context.getClientRegistration();
 		OAuth2AuthorizedClient authorizedClient = context.getAuthorizedClient();
-
 		if (!AuthorizationGrantType.PASSWORD.equals(clientRegistration.getAuthorizationGrantType())) {
 			return Mono.empty();
 		}
-
 		String username = context.getAttribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME);
 		String password = context.getAttribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME);
 		if (!StringUtils.hasText(username) || !StringUtils.hasText(password)) {
 			return Mono.empty();
 		}
-
 		if (authorizedClient != null && !hasTokenExpired(authorizedClient.getAccessToken())) {
 			// If client is already authorized and access token is NOT expired than no
 			// need for re-authorization
 			return Mono.empty();
 		}
-
 		if (authorizedClient != null && hasTokenExpired(authorizedClient.getAccessToken())
 				&& authorizedClient.getRefreshToken() != null) {
 			// If client is already authorized and access token is expired and a refresh
@@ -105,10 +100,8 @@ public final class PasswordReactiveOAuth2AuthorizedClientProvider implements Rea
 			// handle the refresh
 			return Mono.empty();
 		}
-
 		OAuth2PasswordGrantRequest passwordGrantRequest = new OAuth2PasswordGrantRequest(clientRegistration, username,
 				password);
-
 		return Mono.just(passwordGrantRequest).flatMap(this.accessTokenResponseClient::getTokenResponse)
 				.onErrorMap(OAuth2AuthorizationException.class,
 						(e) -> new ClientAuthorizationException(e.getError(), clientRegistration.getRegistrationId(),
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RefreshTokenOAuth2AuthorizedClientProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RefreshTokenOAuth2AuthorizedClientProvider.java
index 794ce315df..04962922d9 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RefreshTokenOAuth2AuthorizedClientProvider.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RefreshTokenOAuth2AuthorizedClientProvider.java
@@ -75,13 +75,11 @@ public final class RefreshTokenOAuth2AuthorizedClientProvider implements OAuth2A
 	@Nullable
 	public OAuth2AuthorizedClient authorize(OAuth2AuthorizationContext context) {
 		Assert.notNull(context, "context cannot be null");
-
 		OAuth2AuthorizedClient authorizedClient = context.getAuthorizedClient();
 		if (authorizedClient == null || authorizedClient.getRefreshToken() == null
 				|| !hasTokenExpired(authorizedClient.getAccessToken())) {
 			return null;
 		}
-
 		Object requestScope = context.getAttribute(OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME);
 		Set<String> scopes = Collections.emptySet();
 		if (requestScope != null) {
@@ -89,22 +87,23 @@ public final class RefreshTokenOAuth2AuthorizedClientProvider implements OAuth2A
 					+ OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME + "'");
 			scopes = new HashSet<>(Arrays.asList((String[]) requestScope));
 		}
-
 		OAuth2RefreshTokenGrantRequest refreshTokenGrantRequest = new OAuth2RefreshTokenGrantRequest(
 				authorizedClient.getClientRegistration(), authorizedClient.getAccessToken(),
 				authorizedClient.getRefreshToken(), scopes);
+		OAuth2AccessTokenResponse tokenResponse = getTokenResponse(authorizedClient, refreshTokenGrantRequest);
+		return new OAuth2AuthorizedClient(context.getAuthorizedClient().getClientRegistration(),
+				context.getPrincipal().getName(), tokenResponse.getAccessToken(), tokenResponse.getRefreshToken());
+	}
 
-		OAuth2AccessTokenResponse tokenResponse;
+	private OAuth2AccessTokenResponse getTokenResponse(OAuth2AuthorizedClient authorizedClient,
+			OAuth2RefreshTokenGrantRequest refreshTokenGrantRequest) {
 		try {
-			tokenResponse = this.accessTokenResponseClient.getTokenResponse(refreshTokenGrantRequest);
+			return this.accessTokenResponseClient.getTokenResponse(refreshTokenGrantRequest);
 		}
 		catch (OAuth2AuthorizationException ex) {
 			throw new ClientAuthorizationException(ex.getError(),
 					authorizedClient.getClientRegistration().getRegistrationId(), ex);
 		}
-
-		return new OAuth2AuthorizedClient(context.getAuthorizedClient().getClientRegistration(),
-				context.getPrincipal().getName(), tokenResponse.getAccessToken(), tokenResponse.getRefreshToken());
 	}
 
 	private boolean hasTokenExpired(AbstractOAuth2Token token) {
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RefreshTokenReactiveOAuth2AuthorizedClientProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RefreshTokenReactiveOAuth2AuthorizedClientProvider.java
index d93f36e485..5f6e16369d 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RefreshTokenReactiveOAuth2AuthorizedClientProvider.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RefreshTokenReactiveOAuth2AuthorizedClientProvider.java
@@ -77,13 +77,11 @@ public final class RefreshTokenReactiveOAuth2AuthorizedClientProvider
 	@Override
 	public Mono<OAuth2AuthorizedClient> authorize(OAuth2AuthorizationContext context) {
 		Assert.notNull(context, "context cannot be null");
-
 		OAuth2AuthorizedClient authorizedClient = context.getAuthorizedClient();
 		if (authorizedClient == null || authorizedClient.getRefreshToken() == null
 				|| !hasTokenExpired(authorizedClient.getAccessToken())) {
 			return Mono.empty();
 		}
-
 		Object requestScope = context.getAttribute(OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME);
 		Set<String> scopes = Collections.emptySet();
 		if (requestScope != null) {
@@ -92,10 +90,8 @@ public final class RefreshTokenReactiveOAuth2AuthorizedClientProvider
 			scopes = new HashSet<>(Arrays.asList((String[]) requestScope));
 		}
 		ClientRegistration clientRegistration = context.getClientRegistration();
-
 		OAuth2RefreshTokenGrantRequest refreshTokenGrantRequest = new OAuth2RefreshTokenGrantRequest(clientRegistration,
 				authorizedClient.getAccessToken(), authorizedClient.getRefreshToken(), scopes);
-
 		return Mono.just(refreshTokenGrantRequest).flatMap(this.accessTokenResponseClient::getTokenResponse)
 				.onErrorMap(OAuth2AuthorizationException.class,
 						(e) -> new ClientAuthorizationException(e.getError(), clientRegistration.getRegistrationId(),
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RemoveAuthorizedClientOAuth2AuthorizationFailureHandler.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RemoveAuthorizedClientOAuth2AuthorizationFailureHandler.java
index aafaaa422f..3701e8457c 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RemoveAuthorizedClientOAuth2AuthorizationFailureHandler.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RemoveAuthorizedClientOAuth2AuthorizationFailureHandler.java
@@ -16,9 +16,9 @@
 
 package org.springframework.security.oauth2.client;
 
-import java.util.Arrays;
 import java.util.Collections;
 import java.util.HashSet;
+import java.util.LinkedHashSet;
 import java.util.Map;
 import java.util.Set;
 
@@ -47,26 +47,20 @@ public class RemoveAuthorizedClientOAuth2AuthorizationFailureHandler implements
 	 * {@link OAuth2AuthorizedClient}.
 	 * @see OAuth2ErrorCodes
 	 */
-	public static final Set<String> DEFAULT_REMOVE_AUTHORIZED_CLIENT_ERROR_CODES = Collections
-			.unmodifiableSet(new HashSet<>(Arrays.asList(
-					/*
-					 * Returned from Resource Servers when an access token provided is
-					 * expired, revoked, malformed, or invalid for other reasons.
-					 *
-					 * Note that this is needed because
-					 * ServletOAuth2AuthorizedClientExchangeFilterFunction delegates this
-					 * type of failure received from a Resource Server to this failure
-					 * handler.
-					 */
-					OAuth2ErrorCodes.INVALID_TOKEN,
-
-					/*
-					 * Returned from Authorization Servers when the authorization grant or
-					 * refresh token is invalid, expired, revoked, does not match the
-					 * redirection URI used in the authorization request, or was issued to
-					 * another client.
-					 */
-					OAuth2ErrorCodes.INVALID_GRANT)));
+	public static final Set<String> DEFAULT_REMOVE_AUTHORIZED_CLIENT_ERROR_CODES;
+	static {
+		Set<String> codes = new LinkedHashSet<>();
+		// Returned from Resource Servers when an access token provided is expired,
+		// revoked, malformed, or invalid for other reasons. Note that this is needed
+		// because ServletOAuth2AuthorizedClientExchangeFilterFunction delegates this type
+		// of failure received from a Resource Server to this failure handler.
+		codes.add(OAuth2ErrorCodes.INVALID_TOKEN);
+		// Returned from Authorization Servers when the authorization grant or refresh
+		// token is invalid, expired, revoked, does not match the redirection URI used in
+		// the authorization request, or was issued to another client.
+		codes.add(OAuth2ErrorCodes.INVALID_GRANT);
+		DEFAULT_REMOVE_AUTHORIZED_CLIENT_ERROR_CODES = Collections.unmodifiableSet(codes);
+	}
 
 	/**
 	 * The OAuth 2.0 error codes which will trigger removal of an
@@ -116,10 +110,8 @@ public class RemoveAuthorizedClientOAuth2AuthorizationFailureHandler implements
 	@Override
 	public void onAuthorizationFailure(OAuth2AuthorizationException authorizationException, Authentication principal,
 			Map<String, Object> attributes) {
-
 		if (authorizationException instanceof ClientAuthorizationException
 				&& hasRemovalErrorCode(authorizationException)) {
-
 			ClientAuthorizationException clientAuthorizationException = (ClientAuthorizationException) authorizationException;
 			this.delegate.removeAuthorizedClient(clientAuthorizationException.getClientRegistrationId(), principal,
 					attributes);
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler.java
index 0c7b295fb2..0e7edd67d7 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler.java
@@ -16,9 +16,9 @@
 
 package org.springframework.security.oauth2.client;
 
-import java.util.Arrays;
 import java.util.Collections;
 import java.util.HashSet;
+import java.util.LinkedHashSet;
 import java.util.Map;
 import java.util.Set;
 
@@ -47,24 +47,20 @@ public class RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler
 	 * client.
 	 * @see OAuth2ErrorCodes
 	 */
-	public static final Set<String> DEFAULT_REMOVE_AUTHORIZED_CLIENT_ERROR_CODES = Collections
-			.unmodifiableSet(new HashSet<>(Arrays.asList(
-					/*
-					 * Returned from resource servers when an access token provided is
-					 * expired, revoked, malformed, or invalid for other reasons.
-					 *
-					 * Note that this is needed because the
-					 * ServerOAuth2AuthorizedClientExchangeFilterFunction delegates this
-					 * type of failure received from a resource server to this failure
-					 * handler.
-					 */
-					OAuth2ErrorCodes.INVALID_TOKEN,
-					/*
-					 * Returned from authorization servers when a refresh token is
-					 * invalid, expired, revoked, does not match the redirection URI used
-					 * in the authorization request, or was issued to another client.
-					 */
-					OAuth2ErrorCodes.INVALID_GRANT)));
+	public static final Set<String> DEFAULT_REMOVE_AUTHORIZED_CLIENT_ERROR_CODES;
+	static {
+		Set<String> codes = new LinkedHashSet<>();
+		// Returned from resource servers when an access token provided is expired,
+		// revoked, malformed, or invalid for other reasons. Note that this is needed
+		// because the ServerOAuth2AuthorizedClientExchangeFilterFunction delegates this
+		// type of failure received from a resource server to this failure handler.
+		codes.add(OAuth2ErrorCodes.INVALID_TOKEN);
+		// Returned from authorization servers when a refresh token is invalid, expired,
+		// revoked, does not match the redirection URI used in the authorization request,
+		// or was issued to another client.
+		codes.add(OAuth2ErrorCodes.INVALID_GRANT);
+		DEFAULT_REMOVE_AUTHORIZED_CLIENT_ERROR_CODES = Collections.unmodifiableSet(codes);
+	}
 
 	/**
 	 * A delegate that removes an {@link OAuth2AuthorizedClient} from a
@@ -116,17 +112,13 @@ public class RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler
 	@Override
 	public Mono<Void> onAuthorizationFailure(OAuth2AuthorizationException authorizationException,
 			Authentication principal, Map<String, Object> attributes) {
-
 		if (authorizationException instanceof ClientAuthorizationException
 				&& hasRemovalErrorCode(authorizationException)) {
-
 			ClientAuthorizationException clientAuthorizationException = (ClientAuthorizationException) authorizationException;
 			return this.delegate.removeAuthorizedClient(clientAuthorizationException.getClientRegistrationId(),
 					principal, attributes);
 		}
-		else {
-			return Mono.empty();
-		}
+		return Mono.empty();
 	}
 
 	/**
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationProvider.java
index 64d870d790..efcf42a19a 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationProvider.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationProvider.java
@@ -64,7 +64,6 @@ public class OAuth2AuthorizationCodeAuthenticationProvider implements Authentica
 	 */
 	public OAuth2AuthorizationCodeAuthenticationProvider(
 			OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient) {
-
 		Assert.notNull(accessTokenResponseClient, "accessTokenResponseClient cannot be null");
 		this.accessTokenResponseClient = accessTokenResponseClient;
 	}
@@ -72,30 +71,25 @@ public class OAuth2AuthorizationCodeAuthenticationProvider implements Authentica
 	@Override
 	public Authentication authenticate(Authentication authentication) throws AuthenticationException {
 		OAuth2AuthorizationCodeAuthenticationToken authorizationCodeAuthentication = (OAuth2AuthorizationCodeAuthenticationToken) authentication;
-
 		OAuth2AuthorizationResponse authorizationResponse = authorizationCodeAuthentication.getAuthorizationExchange()
 				.getAuthorizationResponse();
 		if (authorizationResponse.statusError()) {
 			throw new OAuth2AuthorizationException(authorizationResponse.getError());
 		}
-
 		OAuth2AuthorizationRequest authorizationRequest = authorizationCodeAuthentication.getAuthorizationExchange()
 				.getAuthorizationRequest();
 		if (!authorizationResponse.getState().equals(authorizationRequest.getState())) {
 			OAuth2Error oauth2Error = new OAuth2Error(INVALID_STATE_PARAMETER_ERROR_CODE);
 			throw new OAuth2AuthorizationException(oauth2Error);
 		}
-
 		OAuth2AccessTokenResponse accessTokenResponse = this.accessTokenResponseClient.getTokenResponse(
 				new OAuth2AuthorizationCodeGrantRequest(authorizationCodeAuthentication.getClientRegistration(),
 						authorizationCodeAuthentication.getAuthorizationExchange()));
-
 		OAuth2AuthorizationCodeAuthenticationToken authenticationResult = new OAuth2AuthorizationCodeAuthenticationToken(
 				authorizationCodeAuthentication.getClientRegistration(),
 				authorizationCodeAuthentication.getAuthorizationExchange(), accessTokenResponse.getAccessToken(),
 				accessTokenResponse.getRefreshToken(), accessTokenResponse.getAdditionalParameters());
 		authenticationResult.setDetails(authorizationCodeAuthentication.getDetails());
-
 		return authenticationResult;
 	}
 
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeReactiveAuthenticationManager.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeReactiveAuthenticationManager.java
index 034ed3efb7..a2497f5978 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeReactiveAuthenticationManager.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeReactiveAuthenticationManager.java
@@ -84,23 +84,19 @@ public class OAuth2AuthorizationCodeReactiveAuthenticationManager implements Rea
 	public Mono<Authentication> authenticate(Authentication authentication) {
 		return Mono.defer(() -> {
 			OAuth2AuthorizationCodeAuthenticationToken token = (OAuth2AuthorizationCodeAuthenticationToken) authentication;
-
 			OAuth2AuthorizationResponse authorizationResponse = token.getAuthorizationExchange()
 					.getAuthorizationResponse();
 			if (authorizationResponse.statusError()) {
 				return Mono.error(new OAuth2AuthorizationException(authorizationResponse.getError()));
 			}
-
 			OAuth2AuthorizationRequest authorizationRequest = token.getAuthorizationExchange()
 					.getAuthorizationRequest();
 			if (!authorizationResponse.getState().equals(authorizationRequest.getState())) {
 				OAuth2Error oauth2Error = new OAuth2Error(INVALID_STATE_PARAMETER_ERROR_CODE);
 				return Mono.error(new OAuth2AuthorizationException(oauth2Error));
 			}
-
 			OAuth2AuthorizationCodeGrantRequest authzRequest = new OAuth2AuthorizationCodeGrantRequest(
 					token.getClientRegistration(), token.getAuthorizationExchange());
-
 			return this.accessTokenResponseClient.getTokenResponse(authzRequest).map(onSuccess(token));
 		});
 	}
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProvider.java
index e20e0006e9..a82d320e53 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProvider.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProvider.java
@@ -83,7 +83,6 @@ public class OAuth2LoginAuthenticationProvider implements AuthenticationProvider
 	public OAuth2LoginAuthenticationProvider(
 			OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient,
 			OAuth2UserService<OAuth2UserRequest, OAuth2User> userService) {
-
 		Assert.notNull(userService, "userService cannot be null");
 		this.authorizationCodeAuthenticationProvider = new OAuth2AuthorizationCodeAuthenticationProvider(
 				accessTokenResponseClient);
@@ -93,10 +92,8 @@ public class OAuth2LoginAuthenticationProvider implements AuthenticationProvider
 	@Override
 	public Authentication authenticate(Authentication authentication) throws AuthenticationException {
 		OAuth2LoginAuthenticationToken loginAuthenticationToken = (OAuth2LoginAuthenticationToken) authentication;
-
 		// Section 3.1.2.1 Authentication Request -
-		// https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
-		// scope
+		// https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest scope
 		// REQUIRED. OpenID Connect requests MUST contain the "openid" scope value.
 		if (loginAuthenticationToken.getAuthorizationExchange().getAuthorizationRequest().getScopes()
 				.contains("openid")) {
@@ -104,7 +101,6 @@ public class OAuth2LoginAuthenticationProvider implements AuthenticationProvider
 			// and let OidcAuthorizationCodeAuthenticationProvider handle it instead
 			return null;
 		}
-
 		OAuth2AuthorizationCodeAuthenticationToken authorizationCodeAuthenticationToken;
 		try {
 			authorizationCodeAuthenticationToken = (OAuth2AuthorizationCodeAuthenticationToken) this.authorizationCodeAuthenticationProvider
@@ -116,21 +112,16 @@ public class OAuth2LoginAuthenticationProvider implements AuthenticationProvider
 			OAuth2Error oauth2Error = ex.getError();
 			throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
 		}
-
 		OAuth2AccessToken accessToken = authorizationCodeAuthenticationToken.getAccessToken();
 		Map<String, Object> additionalParameters = authorizationCodeAuthenticationToken.getAdditionalParameters();
-
 		OAuth2User oauth2User = this.userService.loadUser(new OAuth2UserRequest(
 				loginAuthenticationToken.getClientRegistration(), accessToken, additionalParameters));
-
 		Collection<? extends GrantedAuthority> mappedAuthorities = this.authoritiesMapper
 				.mapAuthorities(oauth2User.getAuthorities());
-
 		OAuth2LoginAuthenticationToken authenticationResult = new OAuth2LoginAuthenticationToken(
 				loginAuthenticationToken.getClientRegistration(), loginAuthenticationToken.getAuthorizationExchange(),
 				oauth2User, mappedAuthorities, accessToken, authorizationCodeAuthenticationToken.getRefreshToken());
 		authenticationResult.setDetails(loginAuthenticationToken.getDetails());
-
 		return authenticationResult;
 	}
 
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationToken.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationToken.java
index cbfe8b709f..afbe15784f 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationToken.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationToken.java
@@ -66,7 +66,6 @@ public class OAuth2LoginAuthenticationToken extends AbstractAuthenticationToken
 	 */
 	public OAuth2LoginAuthenticationToken(ClientRegistration clientRegistration,
 			OAuth2AuthorizationExchange authorizationExchange) {
-
 		super(Collections.emptyList());
 		Assert.notNull(clientRegistration, "clientRegistration cannot be null");
 		Assert.notNull(authorizationExchange, "authorizationExchange cannot be null");
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginReactiveAuthenticationManager.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginReactiveAuthenticationManager.java
index 1d3dae2fbe..e4b72951b5 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginReactiveAuthenticationManager.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginReactiveAuthenticationManager.java
@@ -88,18 +88,15 @@ public class OAuth2LoginReactiveAuthenticationManager implements ReactiveAuthent
 	public Mono<Authentication> authenticate(Authentication authentication) {
 		return Mono.defer(() -> {
 			OAuth2AuthorizationCodeAuthenticationToken token = (OAuth2AuthorizationCodeAuthenticationToken) authentication;
-
 			// Section 3.1.2.1 Authentication Request -
-			// https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
-			// scope REQUIRED. OpenID Connect requests MUST contain the "openid" scope
-			// value.
+			// https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest scope
+			// REQUIRED. OpenID Connect requests MUST contain the "openid" scope value.
 			if (token.getAuthorizationExchange().getAuthorizationRequest().getScopes().contains("openid")) {
 				// This is an OpenID Connect Authentication Request so return null
 				// and let OidcAuthorizationCodeReactiveAuthenticationManager handle it
 				// instead once one is created
 				return Mono.empty();
 			}
-
 			return this.authorizationCodeManager.authenticate(token)
 					.onErrorMap(OAuth2AuthorizationException.class,
 							(e) -> new OAuth2AuthenticationException(e.getError(), e.getError().toString()))
@@ -128,7 +125,6 @@ public class OAuth2LoginReactiveAuthenticationManager implements ReactiveAuthent
 		return this.userService.loadUser(userRequest).map((oauth2User) -> {
 			Collection<? extends GrantedAuthority> mappedAuthorities = this.authoritiesMapper
 					.mapAuthorities(oauth2User.getAuthorities());
-
 			OAuth2LoginAuthenticationToken authenticationResult = new OAuth2LoginAuthenticationToken(
 					authentication.getClientRegistration(), authentication.getAuthorizationExchange(), oauth2User,
 					mappedAuthorities, accessToken, authentication.getRefreshToken());
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/DefaultAuthorizationCodeTokenResponseClient.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/DefaultAuthorizationCodeTokenResponseClient.java
index 46ea462465..064c7362d6 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/DefaultAuthorizationCodeTokenResponseClient.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/DefaultAuthorizationCodeTokenResponseClient.java
@@ -74,23 +74,9 @@ public final class DefaultAuthorizationCodeTokenResponseClient
 	public OAuth2AccessTokenResponse getTokenResponse(
 			OAuth2AuthorizationCodeGrantRequest authorizationCodeGrantRequest) {
 		Assert.notNull(authorizationCodeGrantRequest, "authorizationCodeGrantRequest cannot be null");
-
 		RequestEntity<?> request = this.requestEntityConverter.convert(authorizationCodeGrantRequest);
-
-		ResponseEntity<OAuth2AccessTokenResponse> response;
-		try {
-			response = this.restOperations.exchange(request, OAuth2AccessTokenResponse.class);
-		}
-		catch (RestClientException ex) {
-			OAuth2Error oauth2Error = new OAuth2Error(INVALID_TOKEN_RESPONSE_ERROR_CODE,
-					"An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response: "
-							+ ex.getMessage(),
-					null);
-			throw new OAuth2AuthorizationException(oauth2Error, ex);
-		}
-
+		ResponseEntity<OAuth2AccessTokenResponse> response = getResponse(request);
 		OAuth2AccessTokenResponse tokenResponse = response.getBody();
-
 		if (CollectionUtils.isEmpty(tokenResponse.getAccessToken().getScopes())) {
 			// As per spec, in Section 5.1 Successful Access Token Response
 			// https://tools.ietf.org/html/rfc6749#section-5.1
@@ -99,10 +85,22 @@ public final class DefaultAuthorizationCodeTokenResponseClient
 			tokenResponse = OAuth2AccessTokenResponse.withResponse(tokenResponse)
 					.scopes(authorizationCodeGrantRequest.getClientRegistration().getScopes()).build();
 		}
-
 		return tokenResponse;
 	}
 
+	private ResponseEntity<OAuth2AccessTokenResponse> getResponse(RequestEntity<?> request) {
+		try {
+			return this.restOperations.exchange(request, OAuth2AccessTokenResponse.class);
+		}
+		catch (RestClientException ex) {
+			OAuth2Error oauth2Error = new OAuth2Error(INVALID_TOKEN_RESPONSE_ERROR_CODE,
+					"An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response: "
+							+ ex.getMessage(),
+					null);
+			throw new OAuth2AuthorizationException(oauth2Error, ex);
+		}
+	}
+
 	/**
 	 * Sets the {@link Converter} used for converting the
 	 * {@link OAuth2AuthorizationCodeGrantRequest} to a {@link RequestEntity}
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/DefaultClientCredentialsTokenResponseClient.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/DefaultClientCredentialsTokenResponseClient.java
index b74fcad2fa..a216d75b09 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/DefaultClientCredentialsTokenResponseClient.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/DefaultClientCredentialsTokenResponseClient.java
@@ -74,23 +74,9 @@ public final class DefaultClientCredentialsTokenResponseClient
 	public OAuth2AccessTokenResponse getTokenResponse(
 			OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest) {
 		Assert.notNull(clientCredentialsGrantRequest, "clientCredentialsGrantRequest cannot be null");
-
 		RequestEntity<?> request = this.requestEntityConverter.convert(clientCredentialsGrantRequest);
-
-		ResponseEntity<OAuth2AccessTokenResponse> response;
-		try {
-			response = this.restOperations.exchange(request, OAuth2AccessTokenResponse.class);
-		}
-		catch (RestClientException ex) {
-			OAuth2Error oauth2Error = new OAuth2Error(INVALID_TOKEN_RESPONSE_ERROR_CODE,
-					"An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response: "
-							+ ex.getMessage(),
-					null);
-			throw new OAuth2AuthorizationException(oauth2Error, ex);
-		}
-
+		ResponseEntity<OAuth2AccessTokenResponse> response = getResponse(request);
 		OAuth2AccessTokenResponse tokenResponse = response.getBody();
-
 		if (CollectionUtils.isEmpty(tokenResponse.getAccessToken().getScopes())) {
 			// As per spec, in Section 5.1 Successful Access Token Response
 			// https://tools.ietf.org/html/rfc6749#section-5.1
@@ -99,10 +85,22 @@ public final class DefaultClientCredentialsTokenResponseClient
 			tokenResponse = OAuth2AccessTokenResponse.withResponse(tokenResponse)
 					.scopes(clientCredentialsGrantRequest.getClientRegistration().getScopes()).build();
 		}
-
 		return tokenResponse;
 	}
 
+	private ResponseEntity<OAuth2AccessTokenResponse> getResponse(RequestEntity<?> request) {
+		try {
+			return this.restOperations.exchange(request, OAuth2AccessTokenResponse.class);
+		}
+		catch (RestClientException ex) {
+			OAuth2Error oauth2Error = new OAuth2Error(INVALID_TOKEN_RESPONSE_ERROR_CODE,
+					"An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response: "
+							+ ex.getMessage(),
+					null);
+			throw new OAuth2AuthorizationException(oauth2Error, ex);
+		}
+	}
+
 	/**
 	 * Sets the {@link Converter} used for converting the
 	 * {@link OAuth2ClientCredentialsGrantRequest} to a {@link RequestEntity}
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/DefaultPasswordTokenResponseClient.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/DefaultPasswordTokenResponseClient.java
index cea3eee2f9..047e787885 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/DefaultPasswordTokenResponseClient.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/DefaultPasswordTokenResponseClient.java
@@ -73,23 +73,9 @@ public final class DefaultPasswordTokenResponseClient
 	@Override
 	public OAuth2AccessTokenResponse getTokenResponse(OAuth2PasswordGrantRequest passwordGrantRequest) {
 		Assert.notNull(passwordGrantRequest, "passwordGrantRequest cannot be null");
-
 		RequestEntity<?> request = this.requestEntityConverter.convert(passwordGrantRequest);
-
-		ResponseEntity<OAuth2AccessTokenResponse> response;
-		try {
-			response = this.restOperations.exchange(request, OAuth2AccessTokenResponse.class);
-		}
-		catch (RestClientException ex) {
-			OAuth2Error oauth2Error = new OAuth2Error(INVALID_TOKEN_RESPONSE_ERROR_CODE,
-					"An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response: "
-							+ ex.getMessage(),
-					null);
-			throw new OAuth2AuthorizationException(oauth2Error, ex);
-		}
-
+		ResponseEntity<OAuth2AccessTokenResponse> response = getResponse(request);
 		OAuth2AccessTokenResponse tokenResponse = response.getBody();
-
 		if (CollectionUtils.isEmpty(tokenResponse.getAccessToken().getScopes())) {
 			// As per spec, in Section 5.1 Successful Access Token Response
 			// https://tools.ietf.org/html/rfc6749#section-5.1
@@ -98,10 +84,22 @@ public final class DefaultPasswordTokenResponseClient
 			tokenResponse = OAuth2AccessTokenResponse.withResponse(tokenResponse)
 					.scopes(passwordGrantRequest.getClientRegistration().getScopes()).build();
 		}
-
 		return tokenResponse;
 	}
 
+	private ResponseEntity<OAuth2AccessTokenResponse> getResponse(RequestEntity<?> request) {
+		try {
+			return this.restOperations.exchange(request, OAuth2AccessTokenResponse.class);
+		}
+		catch (RestClientException ex) {
+			OAuth2Error oauth2Error = new OAuth2Error(INVALID_TOKEN_RESPONSE_ERROR_CODE,
+					"An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response: "
+							+ ex.getMessage(),
+					null);
+			throw new OAuth2AuthorizationException(oauth2Error, ex);
+		}
+	}
+
 	/**
 	 * Sets the {@link Converter} used for converting the
 	 * {@link OAuth2PasswordGrantRequest} to a {@link RequestEntity} representation of the
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/DefaultRefreshTokenTokenResponseClient.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/DefaultRefreshTokenTokenResponseClient.java
index 657ab72c7d..8550d077c0 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/DefaultRefreshTokenTokenResponseClient.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/DefaultRefreshTokenTokenResponseClient.java
@@ -69,12 +69,32 @@ public final class DefaultRefreshTokenTokenResponseClient
 	@Override
 	public OAuth2AccessTokenResponse getTokenResponse(OAuth2RefreshTokenGrantRequest refreshTokenGrantRequest) {
 		Assert.notNull(refreshTokenGrantRequest, "refreshTokenGrantRequest cannot be null");
-
 		RequestEntity<?> request = this.requestEntityConverter.convert(refreshTokenGrantRequest);
+		ResponseEntity<OAuth2AccessTokenResponse> response = getResponse(request);
+		OAuth2AccessTokenResponse tokenResponse = response.getBody();
+		if (CollectionUtils.isEmpty(tokenResponse.getAccessToken().getScopes())
+				|| tokenResponse.getRefreshToken() == null) {
+			OAuth2AccessTokenResponse.Builder tokenResponseBuilder = OAuth2AccessTokenResponse
+					.withResponse(tokenResponse);
+			if (CollectionUtils.isEmpty(tokenResponse.getAccessToken().getScopes())) {
+				// As per spec, in Section 5.1 Successful Access Token Response
+				// https://tools.ietf.org/html/rfc6749#section-5.1
+				// If AccessTokenResponse.scope is empty, then default to the scope
+				// originally requested by the client in the Token Request
+				tokenResponseBuilder.scopes(refreshTokenGrantRequest.getAccessToken().getScopes());
+			}
+			if (tokenResponse.getRefreshToken() == null) {
+				// Reuse existing refresh token
+				tokenResponseBuilder.refreshToken(refreshTokenGrantRequest.getRefreshToken().getTokenValue());
+			}
+			tokenResponse = tokenResponseBuilder.build();
+		}
+		return tokenResponse;
+	}
 
-		ResponseEntity<OAuth2AccessTokenResponse> response;
+	private ResponseEntity<OAuth2AccessTokenResponse> getResponse(RequestEntity<?> request) {
 		try {
-			response = this.restOperations.exchange(request, OAuth2AccessTokenResponse.class);
+			return this.restOperations.exchange(request, OAuth2AccessTokenResponse.class);
 		}
 		catch (RestClientException ex) {
 			OAuth2Error oauth2Error = new OAuth2Error(INVALID_TOKEN_RESPONSE_ERROR_CODE,
@@ -83,31 +103,6 @@ public final class DefaultRefreshTokenTokenResponseClient
 					null);
 			throw new OAuth2AuthorizationException(oauth2Error, ex);
 		}
-
-		OAuth2AccessTokenResponse tokenResponse = response.getBody();
-
-		if (CollectionUtils.isEmpty(tokenResponse.getAccessToken().getScopes())
-				|| tokenResponse.getRefreshToken() == null) {
-			OAuth2AccessTokenResponse.Builder tokenResponseBuilder = OAuth2AccessTokenResponse
-					.withResponse(tokenResponse);
-
-			if (CollectionUtils.isEmpty(tokenResponse.getAccessToken().getScopes())) {
-				// As per spec, in Section 5.1 Successful Access Token Response
-				// https://tools.ietf.org/html/rfc6749#section-5.1
-				// If AccessTokenResponse.scope is empty, then default to the scope
-				// originally requested by the client in the Token Request
-				tokenResponseBuilder.scopes(refreshTokenGrantRequest.getAccessToken().getScopes());
-			}
-
-			if (tokenResponse.getRefreshToken() == null) {
-				// Reuse existing refresh token
-				tokenResponseBuilder.refreshToken(refreshTokenGrantRequest.getRefreshToken().getTokenValue());
-			}
-
-			tokenResponse = tokenResponseBuilder.build();
-		}
-
-		return tokenResponse;
 	}
 
 	/**
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/NimbusAuthorizationCodeTokenResponseClient.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/NimbusAuthorizationCodeTokenResponseClient.java
index 83c38dbe43..0f8b6a54ef 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/NimbusAuthorizationCodeTokenResponseClient.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/NimbusAuthorizationCodeTokenResponseClient.java
@@ -81,7 +81,6 @@ public class NimbusAuthorizationCodeTokenResponseClient
 	@Override
 	public OAuth2AccessTokenResponse getTokenResponse(OAuth2AuthorizationCodeGrantRequest authorizationGrantRequest) {
 		ClientRegistration clientRegistration = authorizationGrantRequest.getClientRegistration();
-
 		// Build the authorization code grant request for the token endpoint
 		AuthorizationCode authorizationCode = new AuthorizationCode(
 				authorizationGrantRequest.getAuthorizationExchange().getAuthorizationResponse().getCode());
@@ -89,19 +88,43 @@ public class NimbusAuthorizationCodeTokenResponseClient
 				authorizationGrantRequest.getAuthorizationExchange().getAuthorizationRequest().getRedirectUri());
 		AuthorizationGrant authorizationCodeGrant = new AuthorizationCodeGrant(authorizationCode, redirectUri);
 		URI tokenUri = toURI(clientRegistration.getProviderDetails().getTokenUri());
-
 		// Set the credentials to authenticate the client at the token endpoint
 		ClientID clientId = new ClientID(clientRegistration.getClientId());
 		Secret clientSecret = new Secret(clientRegistration.getClientSecret());
-		ClientAuthentication clientAuthentication;
-		if (ClientAuthenticationMethod.POST.equals(clientRegistration.getClientAuthenticationMethod())) {
-			clientAuthentication = new ClientSecretPost(clientId, clientSecret);
+		boolean isPost = ClientAuthenticationMethod.POST.equals(clientRegistration.getClientAuthenticationMethod());
+		ClientAuthentication clientAuthentication = isPost ? new ClientSecretPost(clientId, clientSecret)
+				: new ClientSecretBasic(clientId, clientSecret);
+		com.nimbusds.oauth2.sdk.TokenResponse tokenResponse = getTokenResponse(authorizationCodeGrant, tokenUri,
+				clientAuthentication);
+		if (!tokenResponse.indicatesSuccess()) {
+			TokenErrorResponse tokenErrorResponse = (TokenErrorResponse) tokenResponse;
+			ErrorObject errorObject = tokenErrorResponse.getErrorObject();
+			throw new OAuth2AuthorizationException(getOAuthError(errorObject));
 		}
-		else {
-			clientAuthentication = new ClientSecretBasic(clientId, clientSecret);
+		AccessTokenResponse accessTokenResponse = (AccessTokenResponse) tokenResponse;
+		String accessToken = accessTokenResponse.getTokens().getAccessToken().getValue();
+		OAuth2AccessToken.TokenType accessTokenType = null;
+		if (OAuth2AccessToken.TokenType.BEARER.getValue()
+				.equalsIgnoreCase(accessTokenResponse.getTokens().getAccessToken().getType().getValue())) {
+			accessTokenType = OAuth2AccessToken.TokenType.BEARER;
 		}
+		long expiresIn = accessTokenResponse.getTokens().getAccessToken().getLifetime();
+		// As per spec, in section 5.1 Successful Access Token Response
+		// https://tools.ietf.org/html/rfc6749#section-5.1
+		// If AccessTokenResponse.scope is empty, then default to the scope
+		// originally requested by the client in the Authorization Request
+		Set<String> scopes = getScopes(authorizationGrantRequest, accessTokenResponse);
+		String refreshToken = null;
+		if (accessTokenResponse.getTokens().getRefreshToken() != null) {
+			refreshToken = accessTokenResponse.getTokens().getRefreshToken().getValue();
+		}
+		Map<String, Object> additionalParameters = new LinkedHashMap<>(accessTokenResponse.getCustomParameters());
+		return OAuth2AccessTokenResponse.withToken(accessToken).tokenType(accessTokenType).expiresIn(expiresIn)
+				.scopes(scopes).refreshToken(refreshToken).additionalParameters(additionalParameters).build();
+	}
 
-		com.nimbusds.oauth2.sdk.TokenResponse tokenResponse;
+	private com.nimbusds.oauth2.sdk.TokenResponse getTokenResponse(AuthorizationGrant authorizationCodeGrant,
+			URI tokenUri, ClientAuthentication clientAuthentication) {
 		try {
 			// Send the Access Token request
 			TokenRequest tokenRequest = new TokenRequest(tokenUri, clientAuthentication, authorizationCodeGrant);
@@ -109,7 +132,7 @@ public class NimbusAuthorizationCodeTokenResponseClient
 			httpRequest.setAccept(MediaType.APPLICATION_JSON_VALUE);
 			httpRequest.setConnectTimeout(30000);
 			httpRequest.setReadTimeout(30000);
-			tokenResponse = com.nimbusds.oauth2.sdk.TokenResponse.parse(httpRequest.send());
+			return com.nimbusds.oauth2.sdk.TokenResponse.parse(httpRequest.send());
 		}
 		catch (ParseException | IOException ex) {
 			OAuth2Error oauth2Error = new OAuth2Error(INVALID_TOKEN_RESPONSE_ERROR_CODE,
@@ -118,55 +141,25 @@ public class NimbusAuthorizationCodeTokenResponseClient
 					null);
 			throw new OAuth2AuthorizationException(oauth2Error, ex);
 		}
+	}
 
-		if (!tokenResponse.indicatesSuccess()) {
-			TokenErrorResponse tokenErrorResponse = (TokenErrorResponse) tokenResponse;
-			ErrorObject errorObject = tokenErrorResponse.getErrorObject();
-			OAuth2Error oauth2Error;
-			if (errorObject == null) {
-				oauth2Error = new OAuth2Error(OAuth2ErrorCodes.SERVER_ERROR);
-			}
-			else {
-				oauth2Error = new OAuth2Error(
-						(errorObject.getCode() != null) ? errorObject.getCode() : OAuth2ErrorCodes.SERVER_ERROR,
-						errorObject.getDescription(),
-						(errorObject.getURI() != null) ? errorObject.getURI().toString() : null);
-			}
-			throw new OAuth2AuthorizationException(oauth2Error);
-		}
-
-		AccessTokenResponse accessTokenResponse = (AccessTokenResponse) tokenResponse;
-
-		String accessToken = accessTokenResponse.getTokens().getAccessToken().getValue();
-		OAuth2AccessToken.TokenType accessTokenType = null;
-		if (OAuth2AccessToken.TokenType.BEARER.getValue()
-				.equalsIgnoreCase(accessTokenResponse.getTokens().getAccessToken().getType().getValue())) {
-			accessTokenType = OAuth2AccessToken.TokenType.BEARER;
-		}
-		long expiresIn = accessTokenResponse.getTokens().getAccessToken().getLifetime();
-
-		// As per spec, in section 5.1 Successful Access Token Response
-		// https://tools.ietf.org/html/rfc6749#section-5.1
-		// If AccessTokenResponse.scope is empty, then default to the scope
-		// originally requested by the client in the Authorization Request
-		Set<String> scopes;
+	private Set<String> getScopes(OAuth2AuthorizationCodeGrantRequest authorizationGrantRequest,
+			AccessTokenResponse accessTokenResponse) {
 		if (CollectionUtils.isEmpty(accessTokenResponse.getTokens().getAccessToken().getScope())) {
-			scopes = new LinkedHashSet<>(
+			return new LinkedHashSet<>(
 					authorizationGrantRequest.getAuthorizationExchange().getAuthorizationRequest().getScopes());
 		}
-		else {
-			scopes = new LinkedHashSet<>(accessTokenResponse.getTokens().getAccessToken().getScope().toStringList());
+		return new LinkedHashSet<>(accessTokenResponse.getTokens().getAccessToken().getScope().toStringList());
+	}
+
+	private OAuth2Error getOAuthError(ErrorObject errorObject) {
+		if (errorObject == null) {
+			return new OAuth2Error(OAuth2ErrorCodes.SERVER_ERROR);
 		}
-
-		String refreshToken = null;
-		if (accessTokenResponse.getTokens().getRefreshToken() != null) {
-			refreshToken = accessTokenResponse.getTokens().getRefreshToken().getValue();
-		}
-
-		Map<String, Object> additionalParameters = new LinkedHashMap<>(accessTokenResponse.getCustomParameters());
-
-		return OAuth2AccessTokenResponse.withToken(accessToken).tokenType(accessTokenType).expiresIn(expiresIn)
-				.scopes(scopes).refreshToken(refreshToken).additionalParameters(additionalParameters).build();
+		String errorCode = (errorObject.getCode() != null) ? errorObject.getCode() : OAuth2ErrorCodes.SERVER_ERROR;
+		String description = errorObject.getDescription();
+		String uri = (errorObject.getURI() != null) ? errorObject.getURI().toString() : null;
+		return new OAuth2Error(errorCode, description, uri);
 	}
 
 	private static URI toURI(String uriStr) {
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestEntityConverter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestEntityConverter.java
index 15eae1f504..a77470c0de 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestEntityConverter.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestEntityConverter.java
@@ -53,12 +53,10 @@ public class OAuth2AuthorizationCodeGrantRequestEntityConverter
 	@Override
 	public RequestEntity<?> convert(OAuth2AuthorizationCodeGrantRequest authorizationCodeGrantRequest) {
 		ClientRegistration clientRegistration = authorizationCodeGrantRequest.getClientRegistration();
-
 		HttpHeaders headers = OAuth2AuthorizationGrantRequestEntityUtils.getTokenRequestHeaders(clientRegistration);
 		MultiValueMap<String, String> formParameters = this.buildFormParameters(authorizationCodeGrantRequest);
 		URI uri = UriComponentsBuilder.fromUriString(clientRegistration.getProviderDetails().getTokenUri()).build()
 				.toUri();
-
 		return new RequestEntity<>(formParameters, headers, HttpMethod.POST, uri);
 	}
 
@@ -73,7 +71,6 @@ public class OAuth2AuthorizationCodeGrantRequestEntityConverter
 			OAuth2AuthorizationCodeGrantRequest authorizationCodeGrantRequest) {
 		ClientRegistration clientRegistration = authorizationCodeGrantRequest.getClientRegistration();
 		OAuth2AuthorizationExchange authorizationExchange = authorizationCodeGrantRequest.getAuthorizationExchange();
-
 		MultiValueMap<String, String> formParameters = new LinkedMultiValueMap<>();
 		formParameters.add(OAuth2ParameterNames.GRANT_TYPE, authorizationCodeGrantRequest.getGrantType().getValue());
 		formParameters.add(OAuth2ParameterNames.CODE, authorizationExchange.getAuthorizationResponse().getCode());
@@ -92,7 +89,6 @@ public class OAuth2AuthorizationCodeGrantRequestEntityConverter
 		if (codeVerifier != null) {
 			formParameters.add(PkceParameterNames.CODE_VERIFIER, codeVerifier);
 		}
-
 		return formParameters;
 	}
 
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestEntityConverter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestEntityConverter.java
index 81467775da..b555aabd1b 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestEntityConverter.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestEntityConverter.java
@@ -53,12 +53,10 @@ public class OAuth2ClientCredentialsGrantRequestEntityConverter
 	@Override
 	public RequestEntity<?> convert(OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest) {
 		ClientRegistration clientRegistration = clientCredentialsGrantRequest.getClientRegistration();
-
 		HttpHeaders headers = OAuth2AuthorizationGrantRequestEntityUtils.getTokenRequestHeaders(clientRegistration);
 		MultiValueMap<String, String> formParameters = this.buildFormParameters(clientCredentialsGrantRequest);
 		URI uri = UriComponentsBuilder.fromUriString(clientRegistration.getProviderDetails().getTokenUri()).build()
 				.toUri();
-
 		return new RequestEntity<>(formParameters, headers, HttpMethod.POST, uri);
 	}
 
@@ -72,7 +70,6 @@ public class OAuth2ClientCredentialsGrantRequestEntityConverter
 	private MultiValueMap<String, String> buildFormParameters(
 			OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest) {
 		ClientRegistration clientRegistration = clientCredentialsGrantRequest.getClientRegistration();
-
 		MultiValueMap<String, String> formParameters = new LinkedMultiValueMap<>();
 		formParameters.add(OAuth2ParameterNames.GRANT_TYPE, clientCredentialsGrantRequest.getGrantType().getValue());
 		if (!CollectionUtils.isEmpty(clientRegistration.getScopes())) {
@@ -83,7 +80,6 @@ public class OAuth2ClientCredentialsGrantRequestEntityConverter
 			formParameters.add(OAuth2ParameterNames.CLIENT_ID, clientRegistration.getClientId());
 			formParameters.add(OAuth2ParameterNames.CLIENT_SECRET, clientRegistration.getClientSecret());
 		}
-
 		return formParameters;
 	}
 
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2PasswordGrantRequestEntityConverter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2PasswordGrantRequestEntityConverter.java
index 0a9caee61f..1bef0f8404 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2PasswordGrantRequestEntityConverter.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2PasswordGrantRequestEntityConverter.java
@@ -53,12 +53,10 @@ public class OAuth2PasswordGrantRequestEntityConverter
 	@Override
 	public RequestEntity<?> convert(OAuth2PasswordGrantRequest passwordGrantRequest) {
 		ClientRegistration clientRegistration = passwordGrantRequest.getClientRegistration();
-
 		HttpHeaders headers = OAuth2AuthorizationGrantRequestEntityUtils.getTokenRequestHeaders(clientRegistration);
 		MultiValueMap<String, String> formParameters = buildFormParameters(passwordGrantRequest);
 		URI uri = UriComponentsBuilder.fromUriString(clientRegistration.getProviderDetails().getTokenUri()).build()
 				.toUri();
-
 		return new RequestEntity<>(formParameters, headers, HttpMethod.POST, uri);
 	}
 
@@ -71,7 +69,6 @@ public class OAuth2PasswordGrantRequestEntityConverter
 	 */
 	private MultiValueMap<String, String> buildFormParameters(OAuth2PasswordGrantRequest passwordGrantRequest) {
 		ClientRegistration clientRegistration = passwordGrantRequest.getClientRegistration();
-
 		MultiValueMap<String, String> formParameters = new LinkedMultiValueMap<>();
 		formParameters.add(OAuth2ParameterNames.GRANT_TYPE, passwordGrantRequest.getGrantType().getValue());
 		formParameters.add(OAuth2ParameterNames.USERNAME, passwordGrantRequest.getUsername());
@@ -84,7 +81,6 @@ public class OAuth2PasswordGrantRequestEntityConverter
 			formParameters.add(OAuth2ParameterNames.CLIENT_ID, clientRegistration.getClientId());
 			formParameters.add(OAuth2ParameterNames.CLIENT_SECRET, clientRegistration.getClientSecret());
 		}
-
 		return formParameters;
 	}
 
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2RefreshTokenGrantRequestEntityConverter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2RefreshTokenGrantRequestEntityConverter.java
index 3012797171..bd22022bf8 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2RefreshTokenGrantRequestEntityConverter.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2RefreshTokenGrantRequestEntityConverter.java
@@ -53,12 +53,10 @@ public class OAuth2RefreshTokenGrantRequestEntityConverter
 	@Override
 	public RequestEntity<?> convert(OAuth2RefreshTokenGrantRequest refreshTokenGrantRequest) {
 		ClientRegistration clientRegistration = refreshTokenGrantRequest.getClientRegistration();
-
 		HttpHeaders headers = OAuth2AuthorizationGrantRequestEntityUtils.getTokenRequestHeaders(clientRegistration);
 		MultiValueMap<String, String> formParameters = buildFormParameters(refreshTokenGrantRequest);
 		URI uri = UriComponentsBuilder.fromUriString(clientRegistration.getProviderDetails().getTokenUri()).build()
 				.toUri();
-
 		return new RequestEntity<>(formParameters, headers, HttpMethod.POST, uri);
 	}
 
@@ -71,7 +69,6 @@ public class OAuth2RefreshTokenGrantRequestEntityConverter
 	 */
 	private MultiValueMap<String, String> buildFormParameters(OAuth2RefreshTokenGrantRequest refreshTokenGrantRequest) {
 		ClientRegistration clientRegistration = refreshTokenGrantRequest.getClientRegistration();
-
 		MultiValueMap<String, String> formParameters = new LinkedMultiValueMap<>();
 		formParameters.add(OAuth2ParameterNames.GRANT_TYPE, refreshTokenGrantRequest.getGrantType().getValue());
 		formParameters.add(OAuth2ParameterNames.REFRESH_TOKEN,
@@ -84,7 +81,6 @@ public class OAuth2RefreshTokenGrantRequestEntityConverter
 			formParameters.add(OAuth2ParameterNames.CLIENT_ID, clientRegistration.getClientId());
 			formParameters.add(OAuth2ParameterNames.CLIENT_SECRET, clientRegistration.getClientSecret());
 		}
-
 		return formParameters;
 	}
 
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveRefreshTokenTokenResponseClient.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveRefreshTokenTokenResponseClient.java
index 6fb61850ff..ee09608f20 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveRefreshTokenTokenResponseClient.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveRefreshTokenTokenResponseClient.java
@@ -68,12 +68,10 @@ public final class WebClientReactiveRefreshTokenTokenResponseClient
 	@Override
 	OAuth2AccessTokenResponse populateTokenResponse(OAuth2RefreshTokenGrantRequest grantRequest,
 			OAuth2AccessTokenResponse accessTokenResponse) {
-
 		if (!CollectionUtils.isEmpty(accessTokenResponse.getAccessToken().getScopes())
 				&& accessTokenResponse.getRefreshToken() != null) {
 			return accessTokenResponse;
 		}
-
 		OAuth2AccessTokenResponse.Builder tokenResponseBuilder = OAuth2AccessTokenResponse
 				.withResponse(accessTokenResponse);
 		if (CollectionUtils.isEmpty(accessTokenResponse.getAccessToken().getScopes())) {
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/http/OAuth2ErrorResponseErrorHandler.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/http/OAuth2ErrorResponseErrorHandler.java
index 95464eeb74..2b50b967ac 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/http/OAuth2ErrorResponseErrorHandler.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/http/OAuth2ErrorResponseErrorHandler.java
@@ -55,14 +55,12 @@ public class OAuth2ErrorResponseErrorHandler implements ResponseErrorHandler {
 		if (!HttpStatus.BAD_REQUEST.equals(response.getStatusCode())) {
 			this.defaultErrorHandler.handleError(response);
 		}
-
 		// A Bearer Token Error may be in the WWW-Authenticate response header
 		// See https://tools.ietf.org/html/rfc6750#section-3
 		OAuth2Error oauth2Error = this.readErrorFromWwwAuthenticate(response.getHeaders());
 		if (oauth2Error == null) {
 			oauth2Error = this.oauth2ErrorConverter.read(OAuth2Error.class, response);
 		}
-
 		throw new OAuth2AuthorizationException(oauth2Error);
 	}
 
@@ -71,21 +69,21 @@ public class OAuth2ErrorResponseErrorHandler implements ResponseErrorHandler {
 		if (!StringUtils.hasText(wwwAuthenticateHeader)) {
 			return null;
 		}
-
-		BearerTokenError bearerTokenError;
-		try {
-			bearerTokenError = BearerTokenError.parse(wwwAuthenticateHeader);
-		}
-		catch (Exception ex) {
-			return null;
-		}
-
+		BearerTokenError bearerTokenError = getBearerToken(wwwAuthenticateHeader);
 		String errorCode = (bearerTokenError.getCode() != null) ? bearerTokenError.getCode()
 				: OAuth2ErrorCodes.SERVER_ERROR;
 		String errorDescription = bearerTokenError.getDescription();
 		String errorUri = (bearerTokenError.getURI() != null) ? bearerTokenError.getURI().toString() : null;
-
 		return new OAuth2Error(errorCode, errorDescription, errorUri);
 	}
 
+	private BearerTokenError getBearerToken(String wwwAuthenticateHeader) {
+		try {
+			return BearerTokenError.parse(wwwAuthenticateHeader);
+		}
+		catch (Exception ex) {
+			return null;
+		}
+	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/ClientRegistrationDeserializer.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/ClientRegistrationDeserializer.java
index 9b8faa2ec5..d8cfde2efc 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/ClientRegistrationDeserializer.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/ClientRegistrationDeserializer.java
@@ -52,7 +52,6 @@ final class ClientRegistrationDeserializer extends JsonDeserializer<ClientRegist
 		JsonNode clientRegistrationNode = mapper.readTree(parser);
 		JsonNode providerDetailsNode = JsonNodeUtils.findObjectNode(clientRegistrationNode, "providerDetails");
 		JsonNode userInfoEndpointNode = JsonNodeUtils.findObjectNode(providerDetailsNode, "userInfoEndpoint");
-
 		return ClientRegistration
 				.withRegistrationId(JsonNodeUtils.findStringValue(clientRegistrationNode, "registrationId"))
 				.clientId(JsonNodeUtils.findStringValue(clientRegistrationNode, "clientId"))
@@ -62,8 +61,7 @@ final class ClientRegistrationDeserializer extends JsonDeserializer<ClientRegist
 				.authorizationGrantType(AUTHORIZATION_GRANT_TYPE_CONVERTER
 						.convert(JsonNodeUtils.findObjectNode(clientRegistrationNode, "authorizationGrantType")))
 				.redirectUri(JsonNodeUtils.findStringValue(clientRegistrationNode, "redirectUri"))
-				.scope(JsonNodeUtils.findValue(clientRegistrationNode, "scopes", JsonNodeUtils.SET_TYPE_REFERENCE,
-						mapper))
+				.scope(JsonNodeUtils.findValue(clientRegistrationNode, "scopes", JsonNodeUtils.STRING_SET, mapper))
 				.clientName(JsonNodeUtils.findStringValue(clientRegistrationNode, "clientName"))
 				.authorizationUri(JsonNodeUtils.findStringValue(providerDetailsNode, "authorizationUri"))
 				.tokenUri(JsonNodeUtils.findStringValue(providerDetailsNode, "tokenUri"))
@@ -74,7 +72,7 @@ final class ClientRegistrationDeserializer extends JsonDeserializer<ClientRegist
 				.jwkSetUri(JsonNodeUtils.findStringValue(providerDetailsNode, "jwkSetUri"))
 				.issuerUri(JsonNodeUtils.findStringValue(providerDetailsNode, "issuerUri"))
 				.providerConfigurationMetadata(JsonNodeUtils.findValue(providerDetailsNode, "configurationMetadata",
-						JsonNodeUtils.MAP_TYPE_REFERENCE, mapper))
+						JsonNodeUtils.STRING_OBJECT_MAP, mapper))
 				.build();
 	}
 
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/JsonNodeUtils.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/JsonNodeUtils.java
index 3b1dff6da6..351295efe6 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/JsonNodeUtils.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/JsonNodeUtils.java
@@ -31,20 +31,18 @@ import com.fasterxml.jackson.databind.ObjectMapper;
  */
 abstract class JsonNodeUtils {
 
-	static final TypeReference<Set<String>> SET_TYPE_REFERENCE = new TypeReference<Set<String>>() {
+	static final TypeReference<Set<String>> STRING_SET = new TypeReference<Set<String>>() {
 	};
-	static final TypeReference<Map<String, Object>> MAP_TYPE_REFERENCE = new TypeReference<Map<String, Object>>() {
+
+	static final TypeReference<Map<String, Object>> STRING_OBJECT_MAP = new TypeReference<Map<String, Object>>() {
 	};
 
 	static String findStringValue(JsonNode jsonNode, String fieldName) {
 		if (jsonNode == null) {
 			return null;
 		}
-		JsonNode nodeValue = jsonNode.findValue(fieldName);
-		if (nodeValue != null && nodeValue.isTextual()) {
-			return nodeValue.asText();
-		}
-		return null;
+		JsonNode value = jsonNode.findValue(fieldName);
+		return (value != null && value.isTextual()) ? value.asText() : null;
 	}
 
 	static <T> T findValue(JsonNode jsonNode, String fieldName, TypeReference<T> valueTypeReference,
@@ -52,22 +50,16 @@ abstract class JsonNodeUtils {
 		if (jsonNode == null) {
 			return null;
 		}
-		JsonNode nodeValue = jsonNode.findValue(fieldName);
-		if (nodeValue != null && nodeValue.isContainerNode()) {
-			return mapper.convertValue(nodeValue, valueTypeReference);
-		}
-		return null;
+		JsonNode value = jsonNode.findValue(fieldName);
+		return (value != null && value.isContainerNode()) ? mapper.convertValue(value, valueTypeReference) : null;
 	}
 
 	static JsonNode findObjectNode(JsonNode jsonNode, String fieldName) {
 		if (jsonNode == null) {
 			return null;
 		}
-		JsonNode nodeValue = jsonNode.findValue(fieldName);
-		if (nodeValue != null && nodeValue.isObject()) {
-			return nodeValue;
-		}
-		return null;
+		JsonNode value = jsonNode.findValue(fieldName);
+		return (value != null && value.isObject()) ? value : null;
 	}
 
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizationRequestDeserializer.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizationRequestDeserializer.java
index 01a31eb502..00e717bb8f 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizationRequestDeserializer.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizationRequestDeserializer.java
@@ -28,6 +28,7 @@ import com.fasterxml.jackson.databind.util.StdConverter;
 
 import org.springframework.security.oauth2.core.AuthorizationGrantType;
 import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
+import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest.Builder;
 
 /**
  * A {@code JsonDeserializer} for {@link OAuth2AuthorizationRequest}.
@@ -45,35 +46,36 @@ final class OAuth2AuthorizationRequestDeserializer extends JsonDeserializer<OAut
 	public OAuth2AuthorizationRequest deserialize(JsonParser parser, DeserializationContext context)
 			throws IOException {
 		ObjectMapper mapper = (ObjectMapper) parser.getCodec();
-		JsonNode authorizationRequestNode = mapper.readTree(parser);
+		JsonNode root = mapper.readTree(parser);
+		return deserialize(parser, mapper, root);
+	}
 
+	private OAuth2AuthorizationRequest deserialize(JsonParser parser, ObjectMapper mapper, JsonNode root)
+			throws JsonParseException {
 		AuthorizationGrantType authorizationGrantType = AUTHORIZATION_GRANT_TYPE_CONVERTER
-				.convert(JsonNodeUtils.findObjectNode(authorizationRequestNode, "authorizationGrantType"));
+				.convert(JsonNodeUtils.findObjectNode(root, "authorizationGrantType"));
+		Builder builder = getBuilder(parser, authorizationGrantType);
+		builder.authorizationUri(JsonNodeUtils.findStringValue(root, "authorizationUri"));
+		builder.clientId(JsonNodeUtils.findStringValue(root, "clientId"));
+		builder.redirectUri(JsonNodeUtils.findStringValue(root, "redirectUri"));
+		builder.scopes(JsonNodeUtils.findValue(root, "scopes", JsonNodeUtils.STRING_SET, mapper));
+		builder.state(JsonNodeUtils.findStringValue(root, "state"));
+		builder.additionalParameters(
+				JsonNodeUtils.findValue(root, "additionalParameters", JsonNodeUtils.STRING_OBJECT_MAP, mapper));
+		builder.authorizationRequestUri(JsonNodeUtils.findStringValue(root, "authorizationRequestUri"));
+		builder.attributes(JsonNodeUtils.findValue(root, "attributes", JsonNodeUtils.STRING_OBJECT_MAP, mapper));
+		return builder.build();
+	}
 
-		OAuth2AuthorizationRequest.Builder builder;
+	private OAuth2AuthorizationRequest.Builder getBuilder(JsonParser parser,
+			AuthorizationGrantType authorizationGrantType) throws JsonParseException {
 		if (AuthorizationGrantType.AUTHORIZATION_CODE.equals(authorizationGrantType)) {
-			builder = OAuth2AuthorizationRequest.authorizationCode();
+			return OAuth2AuthorizationRequest.authorizationCode();
 		}
-		else if (AuthorizationGrantType.IMPLICIT.equals(authorizationGrantType)) {
-			builder = OAuth2AuthorizationRequest.implicit();
+		if (AuthorizationGrantType.IMPLICIT.equals(authorizationGrantType)) {
+			return OAuth2AuthorizationRequest.implicit();
 		}
-		else {
-			throw new JsonParseException(parser, "Invalid authorizationGrantType");
-		}
-
-		return builder.authorizationUri(JsonNodeUtils.findStringValue(authorizationRequestNode, "authorizationUri"))
-				.clientId(JsonNodeUtils.findStringValue(authorizationRequestNode, "clientId"))
-				.redirectUri(JsonNodeUtils.findStringValue(authorizationRequestNode, "redirectUri"))
-				.scopes(JsonNodeUtils
-						.findValue(authorizationRequestNode, "scopes", JsonNodeUtils.SET_TYPE_REFERENCE, mapper))
-				.state(JsonNodeUtils.findStringValue(authorizationRequestNode, "state"))
-				.additionalParameters(JsonNodeUtils.findValue(authorizationRequestNode, "additionalParameters",
-						JsonNodeUtils.MAP_TYPE_REFERENCE, mapper))
-				.authorizationRequestUri(
-						JsonNodeUtils.findStringValue(authorizationRequestNode, "authorizationRequestUri"))
-				.attributes(JsonNodeUtils.findValue(authorizationRequestNode, "attributes",
-						JsonNodeUtils.MAP_TYPE_REFERENCE, mapper))
-				.build();
+		throw new JsonParseException(parser, "Invalid authorizationGrantType");
 	}
 
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/StdConverters.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/StdConverters.java
index 3fc82a57e1..9d5afd26c1 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/StdConverters.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/StdConverters.java
@@ -53,10 +53,10 @@ abstract class StdConverters {
 			if (ClientAuthenticationMethod.BASIC.getValue().equalsIgnoreCase(value)) {
 				return ClientAuthenticationMethod.BASIC;
 			}
-			else if (ClientAuthenticationMethod.POST.getValue().equalsIgnoreCase(value)) {
+			if (ClientAuthenticationMethod.POST.getValue().equalsIgnoreCase(value)) {
 				return ClientAuthenticationMethod.POST;
 			}
-			else if (ClientAuthenticationMethod.NONE.getValue().equalsIgnoreCase(value)) {
+			if (ClientAuthenticationMethod.NONE.getValue().equalsIgnoreCase(value)) {
 				return ClientAuthenticationMethod.NONE;
 			}
 			return null;
@@ -72,13 +72,13 @@ abstract class StdConverters {
 			if (AuthorizationGrantType.AUTHORIZATION_CODE.getValue().equalsIgnoreCase(value)) {
 				return AuthorizationGrantType.AUTHORIZATION_CODE;
 			}
-			else if (AuthorizationGrantType.IMPLICIT.getValue().equalsIgnoreCase(value)) {
+			if (AuthorizationGrantType.IMPLICIT.getValue().equalsIgnoreCase(value)) {
 				return AuthorizationGrantType.IMPLICIT;
 			}
-			else if (AuthorizationGrantType.CLIENT_CREDENTIALS.getValue().equalsIgnoreCase(value)) {
+			if (AuthorizationGrantType.CLIENT_CREDENTIALS.getValue().equalsIgnoreCase(value)) {
 				return AuthorizationGrantType.CLIENT_CREDENTIALS;
 			}
-			else if (AuthorizationGrantType.PASSWORD.getValue().equalsIgnoreCase(value)) {
+			if (AuthorizationGrantType.PASSWORD.getValue().equalsIgnoreCase(value)) {
 				return AuthorizationGrantType.PASSWORD;
 			}
 			return null;
@@ -94,10 +94,10 @@ abstract class StdConverters {
 			if (AuthenticationMethod.HEADER.getValue().equalsIgnoreCase(value)) {
 				return AuthenticationMethod.HEADER;
 			}
-			else if (AuthenticationMethod.FORM.getValue().equalsIgnoreCase(value)) {
+			if (AuthenticationMethod.FORM.getValue().equalsIgnoreCase(value)) {
 				return AuthenticationMethod.FORM;
 			}
-			else if (AuthenticationMethod.QUERY.getValue().equalsIgnoreCase(value)) {
+			if (AuthenticationMethod.QUERY.getValue().equalsIgnoreCase(value)) {
 				return AuthenticationMethod.QUERY;
 			}
 			return null;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProvider.java
index e4409457d9..9c956fcfcc 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProvider.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProvider.java
@@ -110,7 +110,6 @@ public class OidcAuthorizationCodeAuthenticationProvider implements Authenticati
 	public OidcAuthorizationCodeAuthenticationProvider(
 			OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient,
 			OAuth2UserService<OidcUserRequest, OidcUser> userService) {
-
 		Assert.notNull(accessTokenResponseClient, "accessTokenResponseClient cannot be null");
 		Assert.notNull(userService, "userService cannot be null");
 		this.accessTokenResponseClient = accessTokenResponseClient;
@@ -120,7 +119,6 @@ public class OidcAuthorizationCodeAuthenticationProvider implements Authenticati
 	@Override
 	public Authentication authenticate(Authentication authentication) throws AuthenticationException {
 		OAuth2LoginAuthenticationToken authorizationCodeAuthentication = (OAuth2LoginAuthenticationToken) authentication;
-
 		// Section 3.1.2.1 Authentication Request -
 		// https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
 		// scope
@@ -131,35 +129,20 @@ public class OidcAuthorizationCodeAuthenticationProvider implements Authenticati
 			// and let OAuth2LoginAuthenticationProvider handle it instead
 			return null;
 		}
-
 		OAuth2AuthorizationRequest authorizationRequest = authorizationCodeAuthentication.getAuthorizationExchange()
 				.getAuthorizationRequest();
 		OAuth2AuthorizationResponse authorizationResponse = authorizationCodeAuthentication.getAuthorizationExchange()
 				.getAuthorizationResponse();
-
 		if (authorizationResponse.statusError()) {
 			throw new OAuth2AuthenticationException(authorizationResponse.getError(),
 					authorizationResponse.getError().toString());
 		}
-
 		if (!authorizationResponse.getState().equals(authorizationRequest.getState())) {
 			OAuth2Error oauth2Error = new OAuth2Error(INVALID_STATE_PARAMETER_ERROR_CODE);
 			throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
 		}
-
-		OAuth2AccessTokenResponse accessTokenResponse;
-		try {
-			accessTokenResponse = this.accessTokenResponseClient.getTokenResponse(
-					new OAuth2AuthorizationCodeGrantRequest(authorizationCodeAuthentication.getClientRegistration(),
-							authorizationCodeAuthentication.getAuthorizationExchange()));
-		}
-		catch (OAuth2AuthorizationException ex) {
-			OAuth2Error oauth2Error = ex.getError();
-			throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
-		}
-
+		OAuth2AccessTokenResponse accessTokenResponse = getResponse(authorizationCodeAuthentication);
 		ClientRegistration clientRegistration = authorizationCodeAuthentication.getClientRegistration();
-
 		Map<String, Object> additionalParameters = accessTokenResponse.getAdditionalParameters();
 		if (!additionalParameters.containsKey(OidcParameterNames.ID_TOKEN)) {
 			OAuth2Error invalidIdTokenError = new OAuth2Error(INVALID_ID_TOKEN_ERROR_CODE,
@@ -169,39 +152,54 @@ public class OidcAuthorizationCodeAuthenticationProvider implements Authenticati
 			throw new OAuth2AuthenticationException(invalidIdTokenError, invalidIdTokenError.toString());
 		}
 		OidcIdToken idToken = createOidcToken(clientRegistration, accessTokenResponse);
-
-		// Validate nonce
-		String requestNonce = authorizationRequest.getAttribute(OidcParameterNames.NONCE);
-		if (requestNonce != null) {
-			String nonceHash;
-			try {
-				nonceHash = createHash(requestNonce);
-			}
-			catch (NoSuchAlgorithmException ex) {
-				OAuth2Error oauth2Error = new OAuth2Error(INVALID_NONCE_ERROR_CODE);
-				throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
-			}
-			String nonceHashClaim = idToken.getNonce();
-			if (nonceHashClaim == null || !nonceHashClaim.equals(nonceHash)) {
-				OAuth2Error oauth2Error = new OAuth2Error(INVALID_NONCE_ERROR_CODE);
-				throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
-			}
-		}
-
+		validateNonce(authorizationRequest, idToken);
 		OidcUser oidcUser = this.userService.loadUser(new OidcUserRequest(clientRegistration,
 				accessTokenResponse.getAccessToken(), idToken, additionalParameters));
 		Collection<? extends GrantedAuthority> mappedAuthorities = this.authoritiesMapper
 				.mapAuthorities(oidcUser.getAuthorities());
-
 		OAuth2LoginAuthenticationToken authenticationResult = new OAuth2LoginAuthenticationToken(
 				authorizationCodeAuthentication.getClientRegistration(),
 				authorizationCodeAuthentication.getAuthorizationExchange(), oidcUser, mappedAuthorities,
 				accessTokenResponse.getAccessToken(), accessTokenResponse.getRefreshToken());
 		authenticationResult.setDetails(authorizationCodeAuthentication.getDetails());
-
 		return authenticationResult;
 	}
 
+	private OAuth2AccessTokenResponse getResponse(OAuth2LoginAuthenticationToken authorizationCodeAuthentication) {
+		try {
+			return this.accessTokenResponseClient.getTokenResponse(
+					new OAuth2AuthorizationCodeGrantRequest(authorizationCodeAuthentication.getClientRegistration(),
+							authorizationCodeAuthentication.getAuthorizationExchange()));
+		}
+		catch (OAuth2AuthorizationException ex) {
+			OAuth2Error oauth2Error = ex.getError();
+			throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
+		}
+	}
+
+	private void validateNonce(OAuth2AuthorizationRequest authorizationRequest, OidcIdToken idToken) {
+		String requestNonce = authorizationRequest.getAttribute(OidcParameterNames.NONCE);
+		if (requestNonce == null) {
+			return;
+		}
+		String nonceHash = getNonceHash(requestNonce);
+		String nonceHashClaim = idToken.getNonce();
+		if (nonceHashClaim == null || !nonceHashClaim.equals(nonceHash)) {
+			OAuth2Error oauth2Error = new OAuth2Error(INVALID_NONCE_ERROR_CODE);
+			throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
+		}
+	}
+
+	private String getNonceHash(String requestNonce) {
+		try {
+			return createHash(requestNonce);
+		}
+		catch (NoSuchAlgorithmException ex) {
+			OAuth2Error oauth2Error = new OAuth2Error(INVALID_NONCE_ERROR_CODE);
+			throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
+		}
+	}
+
 	/**
 	 * Sets the {@link JwtDecoderFactory} used for {@link OidcIdToken} signature
 	 * verification. The factory returns a {@link JwtDecoder} associated to the provided
@@ -235,18 +233,21 @@ public class OidcAuthorizationCodeAuthenticationProvider implements Authenticati
 	private OidcIdToken createOidcToken(ClientRegistration clientRegistration,
 			OAuth2AccessTokenResponse accessTokenResponse) {
 		JwtDecoder jwtDecoder = this.jwtDecoderFactory.createDecoder(clientRegistration);
-		Jwt jwt;
+		Jwt jwt = getJwt(accessTokenResponse, jwtDecoder);
+		OidcIdToken idToken = new OidcIdToken(jwt.getTokenValue(), jwt.getIssuedAt(), jwt.getExpiresAt(),
+				jwt.getClaims());
+		return idToken;
+	}
+
+	private Jwt getJwt(OAuth2AccessTokenResponse accessTokenResponse, JwtDecoder jwtDecoder) {
 		try {
-			jwt = jwtDecoder
-					.decode((String) accessTokenResponse.getAdditionalParameters().get(OidcParameterNames.ID_TOKEN));
+			Map<String, Object> parameters = accessTokenResponse.getAdditionalParameters();
+			return jwtDecoder.decode((String) parameters.get(OidcParameterNames.ID_TOKEN));
 		}
 		catch (JwtException ex) {
 			OAuth2Error invalidIdTokenError = new OAuth2Error(INVALID_ID_TOKEN_ERROR_CODE, ex.getMessage(), null);
 			throw new OAuth2AuthenticationException(invalidIdTokenError, invalidIdTokenError.toString(), ex);
 		}
-		OidcIdToken idToken = new OidcIdToken(jwt.getTokenValue(), jwt.getIssuedAt(), jwt.getExpiresAt(),
-				jwt.getClaims());
-		return idToken;
 	}
 
 	static String createHash(String nonce) throws NoSuchAlgorithmException {
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManager.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManager.java
index 02f5fdfe97..a328b08b13 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManager.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManager.java
@@ -114,7 +114,6 @@ public class OidcAuthorizationCodeReactiveAuthenticationManager implements React
 	public Mono<Authentication> authenticate(Authentication authentication) {
 		return Mono.defer(() -> {
 			OAuth2AuthorizationCodeAuthenticationToken authorizationCodeAuthentication = (OAuth2AuthorizationCodeAuthenticationToken) authentication;
-
 			// Section 3.1.2.1 Authentication Request -
 			// https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
 			// scope REQUIRED. OpenID Connect requests MUST contain the "openid" scope
@@ -125,26 +124,21 @@ public class OidcAuthorizationCodeReactiveAuthenticationManager implements React
 				// and let OAuth2LoginReactiveAuthenticationManager handle it instead
 				return Mono.empty();
 			}
-
 			OAuth2AuthorizationRequest authorizationRequest = authorizationCodeAuthentication.getAuthorizationExchange()
 					.getAuthorizationRequest();
 			OAuth2AuthorizationResponse authorizationResponse = authorizationCodeAuthentication
 					.getAuthorizationExchange().getAuthorizationResponse();
-
 			if (authorizationResponse.statusError()) {
 				return Mono.error(new OAuth2AuthenticationException(authorizationResponse.getError(),
 						authorizationResponse.getError().toString()));
 			}
-
 			if (!authorizationResponse.getState().equals(authorizationRequest.getState())) {
 				OAuth2Error oauth2Error = new OAuth2Error(INVALID_STATE_PARAMETER_ERROR_CODE);
 				return Mono.error(new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString()));
 			}
-
 			OAuth2AuthorizationCodeGrantRequest authzRequest = new OAuth2AuthorizationCodeGrantRequest(
 					authorizationCodeAuthentication.getClientRegistration(),
 					authorizationCodeAuthentication.getAuthorizationExchange());
-
 			return this.accessTokenResponseClient.getTokenResponse(authzRequest).flatMap(
 					(accessTokenResponse) -> authenticationResult(authorizationCodeAuthentication, accessTokenResponse))
 					.onErrorMap(OAuth2AuthorizationException.class,
@@ -190,7 +184,6 @@ public class OidcAuthorizationCodeReactiveAuthenticationManager implements React
 		OAuth2AccessToken accessToken = accessTokenResponse.getAccessToken();
 		ClientRegistration clientRegistration = authorizationCodeAuthentication.getClientRegistration();
 		Map<String, Object> additionalParameters = accessTokenResponse.getAdditionalParameters();
-
 		if (!additionalParameters.containsKey(OidcParameterNames.ID_TOKEN)) {
 			OAuth2Error invalidIdTokenError = new OAuth2Error(INVALID_ID_TOKEN_ERROR_CODE,
 					"Missing (required) ID Token in Token Response for Client Registration: "
@@ -198,14 +191,12 @@ public class OidcAuthorizationCodeReactiveAuthenticationManager implements React
 					null);
 			return Mono.error(new OAuth2AuthenticationException(invalidIdTokenError, invalidIdTokenError.toString()));
 		}
-
 		return createOidcToken(clientRegistration, accessTokenResponse)
 				.doOnNext((idToken) -> validateNonce(authorizationCodeAuthentication, idToken))
 				.map((idToken) -> new OidcUserRequest(clientRegistration, accessToken, idToken, additionalParameters))
 				.flatMap(this.userService::loadUser).map((oauth2User) -> {
 					Collection<? extends GrantedAuthority> mappedAuthorities = this.authoritiesMapper
 							.mapAuthorities(oauth2User.getAuthorities());
-
 					return new OAuth2LoginAuthenticationToken(authorizationCodeAuthentication.getClientRegistration(),
 							authorizationCodeAuthentication.getAuthorizationExchange(), oauth2User, mappedAuthorities,
 							accessToken, accessTokenResponse.getRefreshToken());
@@ -225,14 +216,7 @@ public class OidcAuthorizationCodeReactiveAuthenticationManager implements React
 		String requestNonce = authorizationCodeAuthentication.getAuthorizationExchange().getAuthorizationRequest()
 				.getAttribute(OidcParameterNames.NONCE);
 		if (requestNonce != null) {
-			String nonceHash;
-			try {
-				nonceHash = createHash(requestNonce);
-			}
-			catch (NoSuchAlgorithmException ex) {
-				OAuth2Error oauth2Error = new OAuth2Error(INVALID_NONCE_ERROR_CODE);
-				throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
-			}
+			String nonceHash = getNonceHash(requestNonce);
 			String nonceHashClaim = idToken.getNonce();
 			if (nonceHashClaim == null || !nonceHashClaim.equals(nonceHash)) {
 				OAuth2Error oauth2Error = new OAuth2Error(INVALID_NONCE_ERROR_CODE);
@@ -243,6 +227,16 @@ public class OidcAuthorizationCodeReactiveAuthenticationManager implements React
 		return Mono.just(idToken);
 	}
 
+	private static String getNonceHash(String requestNonce) {
+		try {
+			return createHash(requestNonce);
+		}
+		catch (NoSuchAlgorithmException ex) {
+			OAuth2Error oauth2Error = new OAuth2Error(INVALID_NONCE_ERROR_CODE);
+			throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
+		}
+	}
+
 	static String createHash(String nonce) throws NoSuchAlgorithmException {
 		MessageDigest md = MessageDigest.getInstance("SHA-256");
 		byte[] digest = md.digest(nonce.getBytes(StandardCharsets.US_ASCII));
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenDecoderFactory.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenDecoderFactory.java
index 5eedbdc2b9..a349ddbe0e 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenDecoderFactory.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenDecoderFactory.java
@@ -20,6 +20,7 @@ import java.net.URL;
 import java.nio.charset.StandardCharsets;
 import java.time.Instant;
 import java.util.Collection;
+import java.util.Collections;
 import java.util.HashMap;
 import java.util.Map;
 import java.util.concurrent.ConcurrentHashMap;
@@ -66,15 +67,16 @@ public final class OidcIdTokenDecoderFactory implements JwtDecoderFactory<Client
 
 	private static final String MISSING_SIGNATURE_VERIFIER_ERROR_CODE = "missing_signature_verifier";
 
-	private static Map<JwsAlgorithm, String> jcaAlgorithmMappings = new HashMap<JwsAlgorithm, String>() {
-		{
-			put(MacAlgorithm.HS256, "HmacSHA256");
-			put(MacAlgorithm.HS384, "HmacSHA384");
-			put(MacAlgorithm.HS512, "HmacSHA512");
-		}
+	private static final Map<JwsAlgorithm, String> JCA_ALGORITHM_MAPPINGS;
+	static {
+		Map<JwsAlgorithm, String> mappings = new HashMap<>();
+		mappings.put(MacAlgorithm.HS256, "HmacSHA256");
+		mappings.put(MacAlgorithm.HS384, "HmacSHA384");
+		mappings.put(MacAlgorithm.HS512, "HmacSHA512");
+		JCA_ALGORITHM_MAPPINGS = Collections.unmodifiableMap(mappings);
 	};
 
-	private static final Converter<Map<String, Object>, Map<String, Object>> DEFAULT_CLAIM_TYPE_CONVERTER = new ClaimTypeConverter(
+	private static final ClaimTypeConverter DEFAULT_CLAIM_TYPE_CONVERTER = new ClaimTypeConverter(
 			createDefaultClaimTypeConverters());
 
 	private final Map<String, JwtDecoder> jwtDecoders = new ConcurrentHashMap<>();
@@ -100,23 +102,22 @@ public final class OidcIdTokenDecoderFactory implements JwtDecoderFactory<Client
 		Converter<Object, ?> stringConverter = getConverter(TypeDescriptor.valueOf(String.class));
 		Converter<Object, ?> collectionStringConverter = getConverter(
 				TypeDescriptor.collection(Collection.class, TypeDescriptor.valueOf(String.class)));
-
-		Map<String, Converter<Object, ?>> claimTypeConverters = new HashMap<>();
-		claimTypeConverters.put(IdTokenClaimNames.ISS, urlConverter);
-		claimTypeConverters.put(IdTokenClaimNames.AUD, collectionStringConverter);
-		claimTypeConverters.put(IdTokenClaimNames.NONCE, stringConverter);
-		claimTypeConverters.put(IdTokenClaimNames.EXP, instantConverter);
-		claimTypeConverters.put(IdTokenClaimNames.IAT, instantConverter);
-		claimTypeConverters.put(IdTokenClaimNames.AUTH_TIME, instantConverter);
-		claimTypeConverters.put(IdTokenClaimNames.AMR, collectionStringConverter);
-		claimTypeConverters.put(StandardClaimNames.EMAIL_VERIFIED, booleanConverter);
-		claimTypeConverters.put(StandardClaimNames.PHONE_NUMBER_VERIFIED, booleanConverter);
-		claimTypeConverters.put(StandardClaimNames.UPDATED_AT, instantConverter);
-		return claimTypeConverters;
+		Map<String, Converter<Object, ?>> converters = new HashMap<>();
+		converters.put(IdTokenClaimNames.ISS, urlConverter);
+		converters.put(IdTokenClaimNames.AUD, collectionStringConverter);
+		converters.put(IdTokenClaimNames.NONCE, stringConverter);
+		converters.put(IdTokenClaimNames.EXP, instantConverter);
+		converters.put(IdTokenClaimNames.IAT, instantConverter);
+		converters.put(IdTokenClaimNames.AUTH_TIME, instantConverter);
+		converters.put(IdTokenClaimNames.AMR, collectionStringConverter);
+		converters.put(StandardClaimNames.EMAIL_VERIFIED, booleanConverter);
+		converters.put(StandardClaimNames.PHONE_NUMBER_VERIFIED, booleanConverter);
+		converters.put(StandardClaimNames.UPDATED_AT, instantConverter);
+		return converters;
 	}
 
 	private static Converter<Object, ?> getConverter(TypeDescriptor targetDescriptor) {
-		final TypeDescriptor sourceDescriptor = TypeDescriptor.valueOf(Object.class);
+		TypeDescriptor sourceDescriptor = TypeDescriptor.valueOf(Object.class);
 		return (source) -> ClaimConversionService.getSharedInstance().convert(source, sourceDescriptor,
 				targetDescriptor);
 	}
@@ -165,7 +166,7 @@ public final class OidcIdTokenDecoderFactory implements JwtDecoderFactory<Client
 			}
 			return NimbusJwtDecoder.withJwkSetUri(jwkSetUri).jwsAlgorithm((SignatureAlgorithm) jwsAlgorithm).build();
 		}
-		else if (jwsAlgorithm != null && MacAlgorithm.class.isAssignableFrom(jwsAlgorithm.getClass())) {
+		if (jwsAlgorithm != null && MacAlgorithm.class.isAssignableFrom(jwsAlgorithm.getClass())) {
 			// https://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation
 			//
 			// 8. If the JWT alg Header Parameter uses a MAC based algorithm such as
@@ -176,7 +177,6 @@ public final class OidcIdTokenDecoderFactory implements JwtDecoderFactory<Client
 			// For MAC based algorithms, the behavior is unspecified if the aud is
 			// multi-valued or
 			// if an azp value is present that is different than the aud value.
-
 			String clientSecret = clientRegistration.getClientSecret();
 			if (!StringUtils.hasText(clientSecret)) {
 				OAuth2Error oauth2Error = new OAuth2Error(MISSING_SIGNATURE_VERIFIER_ERROR_CODE,
@@ -187,10 +187,9 @@ public final class OidcIdTokenDecoderFactory implements JwtDecoderFactory<Client
 				throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
 			}
 			SecretKeySpec secretKeySpec = new SecretKeySpec(clientSecret.getBytes(StandardCharsets.UTF_8),
-					jcaAlgorithmMappings.get(jwsAlgorithm));
+					JCA_ALGORITHM_MAPPINGS.get(jwsAlgorithm));
 			return NimbusJwtDecoder.withSecretKey(secretKeySpec).macAlgorithm((MacAlgorithm) jwsAlgorithm).build();
 		}
-
 		OAuth2Error oauth2Error = new OAuth2Error(MISSING_SIGNATURE_VERIFIER_ERROR_CODE,
 				"Failed to find a Signature Verifier for Client Registration: '"
 						+ clientRegistration.getRegistrationId()
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenValidator.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenValidator.java
index 639e7c3fbc..2d53babd6d 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenValidator.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenValidator.java
@@ -68,21 +68,17 @@ public final class OidcIdTokenValidator implements OAuth2TokenValidator<Jwt> {
 	public OAuth2TokenValidatorResult validate(Jwt idToken) {
 		// 3.1.3.7 ID Token Validation
 		// https://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation
-
 		Map<String, Object> invalidClaims = validateRequiredClaims(idToken);
 		if (!invalidClaims.isEmpty()) {
 			return OAuth2TokenValidatorResult.failure(invalidIdToken(invalidClaims));
 		}
-
 		// 2. The Issuer Identifier for the OpenID Provider (which is typically obtained
 		// during Discovery)
 		// MUST exactly match the value of the iss (issuer) Claim.
 		String metadataIssuer = this.clientRegistration.getProviderDetails().getIssuerUri();
-
 		if (metadataIssuer != null && !Objects.equals(metadataIssuer, idToken.getIssuer().toExternalForm())) {
 			invalidClaims.put(IdTokenClaimNames.ISS, idToken.getIssuer());
 		}
-
 		// 3. The Client MUST validate that the aud (audience) Claim contains its
 		// client_id value
 		// registered at the Issuer identified by the iss (issuer) Claim as an audience.
@@ -93,31 +89,26 @@ public final class OidcIdTokenValidator implements OAuth2TokenValidator<Jwt> {
 		if (!idToken.getAudience().contains(this.clientRegistration.getClientId())) {
 			invalidClaims.put(IdTokenClaimNames.AUD, idToken.getAudience());
 		}
-
 		// 4. If the ID Token contains multiple audiences,
 		// the Client SHOULD verify that an azp Claim is present.
 		String authorizedParty = idToken.getClaimAsString(IdTokenClaimNames.AZP);
 		if (idToken.getAudience().size() > 1 && authorizedParty == null) {
 			invalidClaims.put(IdTokenClaimNames.AZP, authorizedParty);
 		}
-
 		// 5. If an azp (authorized party) Claim is present,
 		// the Client SHOULD verify that its client_id is the Claim Value.
 		if (authorizedParty != null && !authorizedParty.equals(this.clientRegistration.getClientId())) {
 			invalidClaims.put(IdTokenClaimNames.AZP, authorizedParty);
 		}
-
 		// 7. The alg value SHOULD be the default of RS256 or the algorithm sent by the
 		// Client
 		// in the id_token_signed_response_alg parameter during Registration.
 		// TODO Depends on gh-4413
-
 		// 9. The current time MUST be before the time represented by the exp Claim.
 		Instant now = Instant.now(this.clock);
 		if (now.minus(this.clockSkew).isAfter(idToken.getExpiresAt())) {
 			invalidClaims.put(IdTokenClaimNames.EXP, idToken.getExpiresAt());
 		}
-
 		// 10. The iat Claim can be used to reject tokens that were issued too far away
 		// from the current time,
 		// limiting the amount of time that nonces need to be stored to prevent attacks.
@@ -125,11 +116,9 @@ public final class OidcIdTokenValidator implements OAuth2TokenValidator<Jwt> {
 		if (now.plus(this.clockSkew).isBefore(idToken.getIssuedAt())) {
 			invalidClaims.put(IdTokenClaimNames.IAT, idToken.getIssuedAt());
 		}
-
 		if (!invalidClaims.isEmpty()) {
 			return OAuth2TokenValidatorResult.failure(invalidIdToken(invalidClaims));
 		}
-
 		return OAuth2TokenValidatorResult.success();
 	}
 
@@ -164,7 +153,6 @@ public final class OidcIdTokenValidator implements OAuth2TokenValidator<Jwt> {
 
 	private static Map<String, Object> validateRequiredClaims(Jwt idToken) {
 		Map<String, Object> requiredClaims = new HashMap<>();
-
 		URL issuer = idToken.getIssuer();
 		if (issuer == null) {
 			requiredClaims.put(IdTokenClaimNames.ISS, issuer);
@@ -185,7 +173,6 @@ public final class OidcIdTokenValidator implements OAuth2TokenValidator<Jwt> {
 		if (issuedAt == null) {
 			requiredClaims.put(IdTokenClaimNames.IAT, issuedAt);
 		}
-
 		return requiredClaims;
 	}
 
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/ReactiveOidcIdTokenDecoderFactory.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/ReactiveOidcIdTokenDecoderFactory.java
index a231bb0d57..ec4b0bcbfa 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/ReactiveOidcIdTokenDecoderFactory.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/ReactiveOidcIdTokenDecoderFactory.java
@@ -20,6 +20,7 @@ import java.net.URL;
 import java.nio.charset.StandardCharsets;
 import java.time.Instant;
 import java.util.Collection;
+import java.util.Collections;
 import java.util.HashMap;
 import java.util.Map;
 import java.util.concurrent.ConcurrentHashMap;
@@ -66,15 +67,16 @@ public final class ReactiveOidcIdTokenDecoderFactory implements ReactiveJwtDecod
 
 	private static final String MISSING_SIGNATURE_VERIFIER_ERROR_CODE = "missing_signature_verifier";
 
-	private static Map<JwsAlgorithm, String> jcaAlgorithmMappings = new HashMap<JwsAlgorithm, String>() {
-		{
-			put(MacAlgorithm.HS256, "HmacSHA256");
-			put(MacAlgorithm.HS384, "HmacSHA384");
-			put(MacAlgorithm.HS512, "HmacSHA512");
-		}
-	};
+	private static final Map<JwsAlgorithm, String> JCA_ALGORITHM_MAPPINGS;
+	static {
+		Map<JwsAlgorithm, String> mappings = new HashMap<JwsAlgorithm, String>();
+		mappings.put(MacAlgorithm.HS256, "HmacSHA256");
+		mappings.put(MacAlgorithm.HS384, "HmacSHA384");
+		mappings.put(MacAlgorithm.HS512, "HmacSHA512");
+		JCA_ALGORITHM_MAPPINGS = Collections.unmodifiableMap(mappings);
+	}
 
-	private static final Converter<Map<String, Object>, Map<String, Object>> DEFAULT_CLAIM_TYPE_CONVERTER = new ClaimTypeConverter(
+	private static final ClaimTypeConverter DEFAULT_CLAIM_TYPE_CONVERTER = new ClaimTypeConverter(
 			createDefaultClaimTypeConverters());
 
 	private final Map<String, ReactiveJwtDecoder> jwtDecoders = new ConcurrentHashMap<>();
@@ -100,19 +102,18 @@ public final class ReactiveOidcIdTokenDecoderFactory implements ReactiveJwtDecod
 		Converter<Object, ?> stringConverter = getConverter(TypeDescriptor.valueOf(String.class));
 		Converter<Object, ?> collectionStringConverter = getConverter(
 				TypeDescriptor.collection(Collection.class, TypeDescriptor.valueOf(String.class)));
-
-		Map<String, Converter<Object, ?>> claimTypeConverters = new HashMap<>();
-		claimTypeConverters.put(IdTokenClaimNames.ISS, urlConverter);
-		claimTypeConverters.put(IdTokenClaimNames.AUD, collectionStringConverter);
-		claimTypeConverters.put(IdTokenClaimNames.NONCE, stringConverter);
-		claimTypeConverters.put(IdTokenClaimNames.EXP, instantConverter);
-		claimTypeConverters.put(IdTokenClaimNames.IAT, instantConverter);
-		claimTypeConverters.put(IdTokenClaimNames.AUTH_TIME, instantConverter);
-		claimTypeConverters.put(IdTokenClaimNames.AMR, collectionStringConverter);
-		claimTypeConverters.put(StandardClaimNames.EMAIL_VERIFIED, booleanConverter);
-		claimTypeConverters.put(StandardClaimNames.PHONE_NUMBER_VERIFIED, booleanConverter);
-		claimTypeConverters.put(StandardClaimNames.UPDATED_AT, instantConverter);
-		return claimTypeConverters;
+		Map<String, Converter<Object, ?>> converters = new HashMap<>();
+		converters.put(IdTokenClaimNames.ISS, urlConverter);
+		converters.put(IdTokenClaimNames.AUD, collectionStringConverter);
+		converters.put(IdTokenClaimNames.NONCE, stringConverter);
+		converters.put(IdTokenClaimNames.EXP, instantConverter);
+		converters.put(IdTokenClaimNames.IAT, instantConverter);
+		converters.put(IdTokenClaimNames.AUTH_TIME, instantConverter);
+		converters.put(IdTokenClaimNames.AMR, collectionStringConverter);
+		converters.put(StandardClaimNames.EMAIL_VERIFIED, booleanConverter);
+		converters.put(StandardClaimNames.PHONE_NUMBER_VERIFIED, booleanConverter);
+		converters.put(StandardClaimNames.UPDATED_AT, instantConverter);
+		return converters;
 	}
 
 	private static Converter<Object, ?> getConverter(TypeDescriptor targetDescriptor) {
@@ -153,7 +154,6 @@ public final class ReactiveOidcIdTokenDecoderFactory implements ReactiveJwtDecod
 			// 7. The alg value SHOULD be the default of RS256 or the algorithm sent by
 			// the Client
 			// in the id_token_signed_response_alg parameter during Registration.
-
 			String jwkSetUri = clientRegistration.getProviderDetails().getJwkSetUri();
 			if (!StringUtils.hasText(jwkSetUri)) {
 				OAuth2Error oauth2Error = new OAuth2Error(MISSING_SIGNATURE_VERIFIER_ERROR_CODE,
@@ -166,7 +166,7 @@ public final class ReactiveOidcIdTokenDecoderFactory implements ReactiveJwtDecod
 			return NimbusReactiveJwtDecoder.withJwkSetUri(jwkSetUri).jwsAlgorithm((SignatureAlgorithm) jwsAlgorithm)
 					.build();
 		}
-		else if (jwsAlgorithm != null && MacAlgorithm.class.isAssignableFrom(jwsAlgorithm.getClass())) {
+		if (jwsAlgorithm != null && MacAlgorithm.class.isAssignableFrom(jwsAlgorithm.getClass())) {
 			// https://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation
 			//
 			// 8. If the JWT alg Header Parameter uses a MAC based algorithm such as
@@ -188,11 +188,10 @@ public final class ReactiveOidcIdTokenDecoderFactory implements ReactiveJwtDecod
 				throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
 			}
 			SecretKeySpec secretKeySpec = new SecretKeySpec(clientSecret.getBytes(StandardCharsets.UTF_8),
-					jcaAlgorithmMappings.get(jwsAlgorithm));
+					JCA_ALGORITHM_MAPPINGS.get(jwsAlgorithm));
 			return NimbusReactiveJwtDecoder.withSecretKey(secretKeySpec).macAlgorithm((MacAlgorithm) jwsAlgorithm)
 					.build();
 		}
-
 		OAuth2Error oauth2Error = new OAuth2Error(MISSING_SIGNATURE_VERIFIER_ERROR_CODE,
 				"Failed to find a Signature Verifier for Client Registration: '"
 						+ clientRegistration.getRegistrationId()
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcReactiveOAuth2UserService.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcReactiveOAuth2UserService.java
index fced8acd0a..28a7f8c92c 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcReactiveOAuth2UserService.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcReactiveOAuth2UserService.java
@@ -81,7 +81,6 @@ public class OidcReactiveOAuth2UserService implements ReactiveOAuth2UserService<
 	public static Map<String, Converter<Object, ?>> createDefaultClaimTypeConverters() {
 		Converter<Object, ?> booleanConverter = getConverter(TypeDescriptor.valueOf(Boolean.class));
 		Converter<Object, ?> instantConverter = getConverter(TypeDescriptor.valueOf(Instant.class));
-
 		Map<String, Converter<Object, ?>> claimTypeConverters = new HashMap<>();
 		claimTypeConverters.put(StandardClaimNames.EMAIL_VERIFIED, booleanConverter);
 		claimTypeConverters.put(StandardClaimNames.PHONE_NUMBER_VERIFIED, booleanConverter);
@@ -113,9 +112,7 @@ public class OidcReactiveOAuth2UserService implements ReactiveOAuth2UserService<
 						return new DefaultOidcUser(authorities, userRequest.getIdToken(), userInfo,
 								userNameAttributeName);
 					}
-					else {
-						return new DefaultOidcUser(authorities, userRequest.getIdToken(), userInfo);
-					}
+					return new DefaultOidcUser(authorities, userRequest.getIdToken(), userInfo);
 				});
 	}
 
@@ -123,7 +120,6 @@ public class OidcReactiveOAuth2UserService implements ReactiveOAuth2UserService<
 		if (!OidcUserRequestUtils.shouldRetrieveUserInfo(userRequest)) {
 			return Mono.empty();
 		}
-
 		return this.oauth2UserService.loadUser(userRequest).map(OAuth2User::getAttributes)
 				.map((claims) -> convertClaims(claims, userRequest.getClientRegistration())).map(OidcUserInfo::new)
 				.doOnNext((userInfo) -> {
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequest.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequest.java
index d7ef47081b..19f78658d6 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequest.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequest.java
@@ -47,7 +47,6 @@ public class OidcUserRequest extends OAuth2UserRequest {
 	 * @param idToken the ID Token
 	 */
 	public OidcUserRequest(ClientRegistration clientRegistration, OAuth2AccessToken accessToken, OidcIdToken idToken) {
-
 		this(clientRegistration, accessToken, idToken, Collections.emptyMap());
 	}
 
@@ -61,7 +60,6 @@ public class OidcUserRequest extends OAuth2UserRequest {
 	 */
 	public OidcUserRequest(ClientRegistration clientRegistration, OAuth2AccessToken accessToken, OidcIdToken idToken,
 			Map<String, Object> additionalParameters) {
-
 		super(clientRegistration, accessToken, additionalParameters);
 		Assert.notNull(idToken, "idToken cannot be null");
 		this.idToken = idToken;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestUtils.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestUtils.java
index 6045a44fa9..e8e6362479 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestUtils.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestUtils.java
@@ -46,10 +46,8 @@ final class OidcUserRequestUtils {
 		// Auto-disabled if UserInfo Endpoint URI is not provided
 		ClientRegistration clientRegistration = userRequest.getClientRegistration();
 		if (StringUtils.isEmpty(clientRegistration.getProviderDetails().getUserInfoEndpoint().getUri())) {
-
 			return false;
 		}
-
 		// The Claims requested by the profile, email, address, and phone scope values
 		// are returned from the UserInfo Endpoint (as described in Section 5.3.2),
 		// when a response_type value is used that results in an Access Token being
@@ -60,13 +58,11 @@ final class OidcUserRequestUtils {
 		// The Authorization Code Grant Flow, which is response_type=code, results in an
 		// Access Token being issued.
 		if (AuthorizationGrantType.AUTHORIZATION_CODE.equals(clientRegistration.getAuthorizationGrantType())) {
-
 			// Return true if there is at least one match between the authorized scope(s)
 			// and UserInfo scope(s)
 			return CollectionUtils.containsAny(userRequest.getAccessToken().getScopes(),
 					userRequest.getClientRegistration().getScopes());
 		}
-
 		return false;
 	}
 
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserService.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserService.java
index 6f83c525fa..31f181213a 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserService.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserService.java
@@ -30,6 +30,7 @@ import org.springframework.core.convert.converter.Converter;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
+import org.springframework.security.oauth2.client.registration.ClientRegistration.ProviderDetails;
 import org.springframework.security.oauth2.client.userinfo.DefaultOAuth2UserService;
 import org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest;
 import org.springframework.security.oauth2.client.userinfo.OAuth2UserService;
@@ -87,7 +88,6 @@ public class OidcUserService implements OAuth2UserService<OidcUserRequest, OidcU
 	public static Map<String, Converter<Object, ?>> createDefaultClaimTypeConverters() {
 		Converter<Object, ?> booleanConverter = getConverter(TypeDescriptor.valueOf(Boolean.class));
 		Converter<Object, ?> instantConverter = getConverter(TypeDescriptor.valueOf(Instant.class));
-
 		Map<String, Converter<Object, ?>> claimTypeConverters = new HashMap<>();
 		claimTypeConverters.put(StandardClaimNames.EMAIL_VERIFIED, booleanConverter);
 		claimTypeConverters.put(StandardClaimNames.PHONE_NUMBER_VERIFIED, booleanConverter);
@@ -96,7 +96,7 @@ public class OidcUserService implements OAuth2UserService<OidcUserRequest, OidcU
 	}
 
 	private static Converter<Object, ?> getConverter(TypeDescriptor targetDescriptor) {
-		final TypeDescriptor sourceDescriptor = TypeDescriptor.valueOf(Object.class);
+		TypeDescriptor sourceDescriptor = TypeDescriptor.valueOf(Object.class);
 		return (source) -> ClaimConversionService.getSharedInstance().convert(source, sourceDescriptor,
 				targetDescriptor);
 	}
@@ -107,26 +107,14 @@ public class OidcUserService implements OAuth2UserService<OidcUserRequest, OidcU
 		OidcUserInfo userInfo = null;
 		if (this.shouldRetrieveUserInfo(userRequest)) {
 			OAuth2User oauth2User = this.oauth2UserService.loadUser(userRequest);
-
-			Map<String, Object> claims;
-			Converter<Map<String, Object>, Map<String, Object>> claimTypeConverter = this.claimTypeConverterFactory
-					.apply(userRequest.getClientRegistration());
-			if (claimTypeConverter != null) {
-				claims = claimTypeConverter.convert(oauth2User.getAttributes());
-			}
-			else {
-				claims = DEFAULT_CLAIM_TYPE_CONVERTER.convert(oauth2User.getAttributes());
-			}
+			Map<String, Object> claims = getClaims(userRequest, oauth2User);
 			userInfo = new OidcUserInfo(claims);
-
 			// https://openid.net/specs/openid-connect-core-1_0.html#UserInfoResponse
-
 			// 1) The sub (subject) Claim MUST always be returned in the UserInfo Response
 			if (userInfo.getSubject() == null) {
 				OAuth2Error oauth2Error = new OAuth2Error(INVALID_USER_INFO_RESPONSE_ERROR_CODE);
 				throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
 			}
-
 			// 2) Due to the possibility of token substitution attacks (see Section
 			// 16.11),
 			// the UserInfo Response is not guaranteed to be about the End-User
@@ -139,36 +127,39 @@ public class OidcUserService implements OAuth2UserService<OidcUserRequest, OidcU
 				throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
 			}
 		}
-
 		Set<GrantedAuthority> authorities = new LinkedHashSet<>();
 		authorities.add(new OidcUserAuthority(userRequest.getIdToken(), userInfo));
 		OAuth2AccessToken token = userRequest.getAccessToken();
 		for (String authority : token.getScopes()) {
 			authorities.add(new SimpleGrantedAuthority("SCOPE_" + authority));
 		}
+		return getUser(userRequest, userInfo, authorities);
+	}
 
-		OidcUser user;
+	private Map<String, Object> getClaims(OidcUserRequest userRequest, OAuth2User oauth2User) {
+		Converter<Map<String, Object>, Map<String, Object>> converter = this.claimTypeConverterFactory
+				.apply(userRequest.getClientRegistration());
+		if (converter != null) {
+			return converter.convert(oauth2User.getAttributes());
+		}
+		return DEFAULT_CLAIM_TYPE_CONVERTER.convert(oauth2User.getAttributes());
+	}
 
-		String userNameAttributeName = userRequest.getClientRegistration().getProviderDetails().getUserInfoEndpoint()
-				.getUserNameAttributeName();
+	private OidcUser getUser(OidcUserRequest userRequest, OidcUserInfo userInfo, Set<GrantedAuthority> authorities) {
+		ProviderDetails providerDetails = userRequest.getClientRegistration().getProviderDetails();
+		String userNameAttributeName = providerDetails.getUserInfoEndpoint().getUserNameAttributeName();
 		if (StringUtils.hasText(userNameAttributeName)) {
-			user = new DefaultOidcUser(authorities, userRequest.getIdToken(), userInfo, userNameAttributeName);
+			return new DefaultOidcUser(authorities, userRequest.getIdToken(), userInfo, userNameAttributeName);
 		}
-		else {
-			user = new DefaultOidcUser(authorities, userRequest.getIdToken(), userInfo);
-		}
-
-		return user;
+		return new DefaultOidcUser(authorities, userRequest.getIdToken(), userInfo);
 	}
 
 	private boolean shouldRetrieveUserInfo(OidcUserRequest userRequest) {
 		// Auto-disabled if UserInfo Endpoint URI is not provided
-		if (StringUtils
-				.isEmpty(userRequest.getClientRegistration().getProviderDetails().getUserInfoEndpoint().getUri())) {
-
+		ProviderDetails providerDetails = userRequest.getClientRegistration().getProviderDetails();
+		if (StringUtils.isEmpty(providerDetails.getUserInfoEndpoint().getUri())) {
 			return false;
 		}
-
 		// The Claims requested by the profile, email, address, and phone scope values
 		// are returned from the UserInfo Endpoint (as described in Section 5.3.2),
 		// when a response_type value is used that results in an Access Token being
@@ -180,13 +171,11 @@ public class OidcUserService implements OAuth2UserService<OidcUserRequest, OidcU
 		// Access Token being issued.
 		if (AuthorizationGrantType.AUTHORIZATION_CODE
 				.equals(userRequest.getClientRegistration().getAuthorizationGrantType())) {
-
 			// Return true if there is at least one match between the authorized scope(s)
 			// and accessible scope(s)
 			return this.accessibleScopes.isEmpty()
 					|| CollectionUtils.containsAny(userRequest.getAccessToken().getScopes(), this.accessibleScopes);
 		}
-
 		return false;
 	}
 
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/web/logout/OidcClientInitiatedLogoutSuccessHandler.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/web/logout/OidcClientInitiatedLogoutSuccessHandler.java
index b3e6e04b8e..bbca08f101 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/web/logout/OidcClientInitiatedLogoutSuccessHandler.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/web/logout/OidcClientInitiatedLogoutSuccessHandler.java
@@ -26,6 +26,7 @@ import javax.servlet.http.HttpServletResponse;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
+import org.springframework.security.oauth2.client.registration.ClientRegistration.ProviderDetails;
 import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
 import org.springframework.security.oauth2.core.oidc.user.OidcUser;
 import org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler;
@@ -59,36 +60,29 @@ public final class OidcClientInitiatedLogoutSuccessHandler extends SimpleUrlLogo
 	protected String determineTargetUrl(HttpServletRequest request, HttpServletResponse response,
 			Authentication authentication) {
 		String targetUrl = null;
-		URI endSessionEndpoint;
 		if (authentication instanceof OAuth2AuthenticationToken && authentication.getPrincipal() instanceof OidcUser) {
 			String registrationId = ((OAuth2AuthenticationToken) authentication).getAuthorizedClientRegistrationId();
 			ClientRegistration clientRegistration = this.clientRegistrationRepository
 					.findByRegistrationId(registrationId);
-			endSessionEndpoint = this.endSessionEndpoint(clientRegistration);
+			URI endSessionEndpoint = this.endSessionEndpoint(clientRegistration);
 			if (endSessionEndpoint != null) {
 				String idToken = idToken(authentication);
 				URI postLogoutRedirectUri = postLogoutRedirectUri(request);
 				targetUrl = endpointUri(endSessionEndpoint, idToken, postLogoutRedirectUri);
 			}
 		}
-		if (targetUrl == null) {
-			targetUrl = super.determineTargetUrl(request, response);
-		}
-
-		return targetUrl;
+		return (targetUrl != null) ? targetUrl : super.determineTargetUrl(request, response);
 	}
 
 	private URI endSessionEndpoint(ClientRegistration clientRegistration) {
-		URI result = null;
 		if (clientRegistration != null) {
-			Object endSessionEndpoint = clientRegistration.getProviderDetails().getConfigurationMetadata()
-					.get("end_session_endpoint");
+			ProviderDetails providerDetails = clientRegistration.getProviderDetails();
+			Object endSessionEndpoint = providerDetails.getConfigurationMetadata().get("end_session_endpoint");
 			if (endSessionEndpoint != null) {
-				result = URI.create(endSessionEndpoint.toString());
+				return URI.create(endSessionEndpoint.toString());
 			}
 		}
-
-		return result;
+		return null;
 	}
 
 	private String idToken(Authentication authentication) {
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/web/server/logout/OidcClientInitiatedServerLogoutSuccessHandler.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/web/server/logout/OidcClientInitiatedServerLogoutSuccessHandler.java
index c4d82104bb..b824847627 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/web/server/logout/OidcClientInitiatedServerLogoutSuccessHandler.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/web/server/logout/OidcClientInitiatedServerLogoutSuccessHandler.java
@@ -66,14 +66,10 @@ public class OidcClientInitiatedServerLogoutSuccessHandler implements ServerLogo
 	 */
 	public OidcClientInitiatedServerLogoutSuccessHandler(
 			ReactiveClientRegistrationRepository clientRegistrationRepository) {
-
 		Assert.notNull(clientRegistrationRepository, "clientRegistrationRepository cannot be null");
 		this.clientRegistrationRepository = clientRegistrationRepository;
 	}
 
-	/**
-	 * {@inheritDoc}
-	 */
 	@Override
 	public Mono<Void> onLogoutSuccess(WebFilterExchange exchange, Authentication authentication) {
 		return Mono.just(authentication).filter(OAuth2AuthenticationToken.class::isInstance)
@@ -95,16 +91,14 @@ public class OidcClientInitiatedServerLogoutSuccessHandler implements ServerLogo
 	}
 
 	private URI endSessionEndpoint(ClientRegistration clientRegistration) {
-		URI result = null;
 		if (clientRegistration != null) {
 			Object endSessionEndpoint = clientRegistration.getProviderDetails().getConfigurationMetadata()
 					.get("end_session_endpoint");
 			if (endSessionEndpoint != null) {
-				result = URI.create(endSessionEndpoint.toString());
+				return URI.create(endSessionEndpoint.toString());
 			}
 		}
-
-		return result;
+		return null;
 	}
 
 	private URI endpointUri(URI endSessionEndpoint, String idToken, URI postLogoutRedirectUri) {
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistration.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistration.java
index 353049076a..10815a03f4 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistration.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistration.java
@@ -620,26 +620,29 @@ public final class ClientRegistration implements Serializable {
 
 		private ClientRegistration create() {
 			ClientRegistration clientRegistration = new ClientRegistration();
-
 			clientRegistration.registrationId = this.registrationId;
 			clientRegistration.clientId = this.clientId;
 			clientRegistration.clientSecret = StringUtils.hasText(this.clientSecret) ? this.clientSecret : "";
-			if (this.clientAuthenticationMethod != null) {
-				clientRegistration.clientAuthenticationMethod = this.clientAuthenticationMethod;
-			}
-			else {
-				if (AuthorizationGrantType.AUTHORIZATION_CODE.equals(this.authorizationGrantType)
-						&& !StringUtils.hasText(this.clientSecret)) {
-					clientRegistration.clientAuthenticationMethod = ClientAuthenticationMethod.NONE;
-				}
-				else {
-					clientRegistration.clientAuthenticationMethod = ClientAuthenticationMethod.BASIC;
-				}
-			}
+			clientRegistration.clientAuthenticationMethod = (this.clientAuthenticationMethod != null)
+					? this.clientAuthenticationMethod : deduceClientAuthenticationMethod(clientRegistration);
 			clientRegistration.authorizationGrantType = this.authorizationGrantType;
 			clientRegistration.redirectUri = this.redirectUri;
 			clientRegistration.scopes = this.scopes;
+			clientRegistration.providerDetails = createProviderDetails(clientRegistration);
+			clientRegistration.clientName = StringUtils.hasText(this.clientName) ? this.clientName
+					: this.registrationId;
+			return clientRegistration;
+		}
 
+		private ClientAuthenticationMethod deduceClientAuthenticationMethod(ClientRegistration clientRegistration) {
+			if (AuthorizationGrantType.AUTHORIZATION_CODE.equals(this.authorizationGrantType)
+					&& !StringUtils.hasText(this.clientSecret)) {
+				return ClientAuthenticationMethod.NONE;
+			}
+			return ClientAuthenticationMethod.BASIC;
+		}
+
+		private ProviderDetails createProviderDetails(ClientRegistration clientRegistration) {
 			ProviderDetails providerDetails = clientRegistration.new ProviderDetails();
 			providerDetails.authorizationUri = this.authorizationUri;
 			providerDetails.tokenUri = this.tokenUri;
@@ -649,12 +652,7 @@ public final class ClientRegistration implements Serializable {
 			providerDetails.jwkSetUri = this.jwkSetUri;
 			providerDetails.issuerUri = this.issuerUri;
 			providerDetails.configurationMetadata = Collections.unmodifiableMap(this.configurationMetadata);
-			clientRegistration.providerDetails = providerDetails;
-
-			clientRegistration.clientName = StringUtils.hasText(this.clientName) ? this.clientName
-					: this.registrationId;
-
-			return clientRegistration;
+			return providerDetails;
 		}
 
 		private void validateAuthorizationCodeGrantType() {
@@ -696,7 +694,6 @@ public final class ClientRegistration implements Serializable {
 			if (this.scopes == null) {
 				return;
 			}
-
 			for (String scope : this.scopes) {
 				Assert.isTrue(validateScope(scope), "scope \"" + scope + "\" contains invalid characters");
 			}
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistrations.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistrations.java
index 875c7ca257..95e817f0d3 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistrations.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistrations.java
@@ -150,7 +150,6 @@ public final class ClientRegistrations {
 	private static Supplier<ClientRegistration.Builder> oidc(URI issuer) {
 		URI uri = UriComponentsBuilder.fromUri(issuer).replacePath(issuer.getPath() + OIDC_METADATA_PATH)
 				.build(Collections.emptyMap());
-
 		return () -> {
 			RequestEntity<Void> request = RequestEntity.get(uri).build();
 			Map<String, Object> configuration = rest.exchange(request, typeReference).getBody();
@@ -182,12 +181,10 @@ public final class ClientRegistrations {
 			Map<String, Object> configuration = rest.exchange(request, typeReference).getBody();
 			AuthorizationServerMetadata metadata = parse(configuration, AuthorizationServerMetadata::parse);
 			ClientRegistration.Builder builder = withProviderConfiguration(metadata, issuer.toASCIIString());
-
 			URI jwkSetUri = metadata.getJWKSetURI();
 			if (jwkSetUri != null) {
 				builder.jwkSetUri(jwkSetUri.toASCIIString());
 			}
-
 			String userinfoEndpoint = (String) configuration.get("userinfo_endpoint");
 			if (userinfoEndpoint != null) {
 				builder.userInfoUri(userinfoEndpoint);
@@ -221,7 +218,6 @@ public final class ClientRegistrations {
 	}
 
 	private static <T> T parse(Map<String, Object> body, ThrowingFunction<JSONObject, T, ParseException> parser) {
-
 		try {
 			return parser.apply(new JSONObject(body));
 		}
@@ -233,25 +229,19 @@ public final class ClientRegistrations {
 	private static ClientRegistration.Builder withProviderConfiguration(AuthorizationServerMetadata metadata,
 			String issuer) {
 		String metadataIssuer = metadata.getIssuer().getValue();
-		if (!issuer.equals(metadataIssuer)) {
-			throw new IllegalStateException(
-					"The Issuer \"" + metadataIssuer + "\" provided in the configuration metadata did "
-							+ "not match the requested issuer \"" + issuer + "\"");
-		}
-
+		Assert.state(issuer.equals(metadataIssuer),
+				() -> "The Issuer \"" + metadataIssuer + "\" provided in the configuration metadata did "
+						+ "not match the requested issuer \"" + issuer + "\"");
 		String name = URI.create(issuer).getHost();
 		ClientAuthenticationMethod method = getClientAuthenticationMethod(issuer,
 				metadata.getTokenEndpointAuthMethods());
 		List<GrantType> grantTypes = metadata.getGrantTypes();
 		// If null, the default includes authorization_code
-		if (grantTypes != null && !grantTypes.contains(GrantType.AUTHORIZATION_CODE)) {
-			throw new IllegalArgumentException(
-					"Only AuthorizationGrantType.AUTHORIZATION_CODE is supported. The issuer \"" + issuer
-							+ "\" returned a configuration of " + grantTypes);
-		}
+		Assert.isTrue(grantTypes == null || grantTypes.contains(GrantType.AUTHORIZATION_CODE),
+				"Only AuthorizationGrantType.AUTHORIZATION_CODE is supported. The issuer \"" + issuer
+						+ "\" returned a configuration of " + grantTypes);
 		List<String> scopes = getScopes(metadata);
 		Map<String, Object> configurationMetadata = new LinkedHashMap<>(metadata.toJSONObject());
-
 		return ClientRegistration.withRegistrationId(name).userNameAttributeName(IdTokenClaimNames.SUB).scope(scopes)
 				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).clientAuthenticationMethod(method)
 				.redirectUri("{baseUrl}/{action}/oauth2/code/{registrationId}")
@@ -284,9 +274,7 @@ public final class ClientRegistrations {
 			// If null, default to "openid" which must be supported
 			return Collections.singletonList(OidcScopes.OPENID);
 		}
-		else {
-			return scope.toStringList();
-		}
+		return scope.toStringList();
 	}
 
 	private interface ThrowingFunction<S, T, E extends Throwable> {
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/InMemoryClientRegistrationRepository.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/InMemoryClientRegistrationRepository.java
index 67f656e963..f0092368f3 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/InMemoryClientRegistrationRepository.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/InMemoryClientRegistrationRepository.java
@@ -67,9 +67,8 @@ public final class InMemoryClientRegistrationRepository
 	private static Map<String, ClientRegistration> toUnmodifiableConcurrentMap(List<ClientRegistration> registrations) {
 		ConcurrentHashMap<String, ClientRegistration> result = new ConcurrentHashMap<>();
 		for (ClientRegistration registration : registrations) {
-			if (result.containsKey(registration.getRegistrationId())) {
-				throw new IllegalStateException(String.format("Duplicate key %s", registration.getRegistrationId()));
-			}
+			Assert.state(!result.containsKey(registration.getRegistrationId()),
+					() -> String.format("Duplicate key %s", registration.getRegistrationId()));
 			result.put(registration.getRegistrationId(), registration);
 		}
 		return Collections.unmodifiableMap(result);
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/CustomUserTypesOAuth2UserService.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/CustomUserTypesOAuth2UserService.java
index 5416809838..d5b8d0ab85 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/CustomUserTypesOAuth2UserService.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/CustomUserTypesOAuth2UserService.java
@@ -88,22 +88,22 @@ public class CustomUserTypesOAuth2UserService implements OAuth2UserService<OAuth
 		if (customUserType == null) {
 			return null;
 		}
-
 		RequestEntity<?> request = this.requestEntityConverter.convert(userRequest);
+		ResponseEntity<? extends OAuth2User> response = getResponse(customUserType, request);
+		OAuth2User oauth2User = response.getBody();
+		return oauth2User;
+	}
 
-		ResponseEntity<? extends OAuth2User> response;
+	private ResponseEntity<? extends OAuth2User> getResponse(Class<? extends OAuth2User> customUserType,
+			RequestEntity<?> request) {
 		try {
-			response = this.restOperations.exchange(request, customUserType);
+			return this.restOperations.exchange(request, customUserType);
 		}
 		catch (RestClientException ex) {
 			OAuth2Error oauth2Error = new OAuth2Error(INVALID_USER_INFO_RESPONSE_ERROR_CODE,
 					"An error occurred while attempting to retrieve the UserInfo Resource: " + ex.getMessage(), null);
 			throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString(), ex);
 		}
-
-		OAuth2User oauth2User = response.getBody();
-
-		return oauth2User;
 	}
 
 	/**
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DefaultOAuth2UserService.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DefaultOAuth2UserService.java
index 09dd2f4045..78d797d38f 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DefaultOAuth2UserService.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DefaultOAuth2UserService.java
@@ -87,7 +87,6 @@ public class DefaultOAuth2UserService implements OAuth2UserService<OAuth2UserReq
 	@Override
 	public OAuth2User loadUser(OAuth2UserRequest userRequest) throws OAuth2AuthenticationException {
 		Assert.notNull(userRequest, "userRequest cannot be null");
-
 		if (!StringUtils
 				.hasText(userRequest.getClientRegistration().getProviderDetails().getUserInfoEndpoint().getUri())) {
 			OAuth2Error oauth2Error = new OAuth2Error(MISSING_USER_INFO_URI_ERROR_CODE,
@@ -105,12 +104,21 @@ public class DefaultOAuth2UserService implements OAuth2UserService<OAuth2UserReq
 					null);
 			throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
 		}
-
 		RequestEntity<?> request = this.requestEntityConverter.convert(userRequest);
+		ResponseEntity<Map<String, Object>> response = getResponse(userRequest, request);
+		Map<String, Object> userAttributes = response.getBody();
+		Set<GrantedAuthority> authorities = new LinkedHashSet<>();
+		authorities.add(new OAuth2UserAuthority(userAttributes));
+		OAuth2AccessToken token = userRequest.getAccessToken();
+		for (String authority : token.getScopes()) {
+			authorities.add(new SimpleGrantedAuthority("SCOPE_" + authority));
+		}
+		return new DefaultOAuth2User(authorities, userAttributes, userNameAttributeName);
+	}
 
-		ResponseEntity<Map<String, Object>> response;
+	private ResponseEntity<Map<String, Object>> getResponse(OAuth2UserRequest userRequest, RequestEntity<?> request) {
 		try {
-			response = this.restOperations.exchange(request, PARAMETERIZED_RESPONSE_TYPE);
+			return this.restOperations.exchange(request, PARAMETERIZED_RESPONSE_TYPE);
 		}
 		catch (OAuth2AuthorizationException ex) {
 			OAuth2Error oauth2Error = ex.getError();
@@ -145,16 +153,6 @@ public class DefaultOAuth2UserService implements OAuth2UserService<OAuth2UserReq
 					"An error occurred while attempting to retrieve the UserInfo Resource: " + ex.getMessage(), null);
 			throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString(), ex);
 		}
-
-		Map<String, Object> userAttributes = response.getBody();
-		Set<GrantedAuthority> authorities = new LinkedHashSet<>();
-		authorities.add(new OAuth2UserAuthority(userAttributes));
-		OAuth2AccessToken token = userRequest.getAccessToken();
-		for (String authority : token.getScopes()) {
-			authorities.add(new SimpleGrantedAuthority("SCOPE_" + authority));
-		}
-
-		return new DefaultOAuth2User(authorities, userAttributes, userNameAttributeName);
 	}
 
 	/**
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserService.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserService.java
index 9d7212c9e7..cd195f29b6 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserService.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserService.java
@@ -74,13 +74,18 @@ public class DefaultReactiveOAuth2UserService implements ReactiveOAuth2UserServi
 
 	private static final String MISSING_USER_NAME_ATTRIBUTE_ERROR_CODE = "missing_user_name_attribute";
 
+	private static final ParameterizedTypeReference<Map<String, Object>> STRING_OBJECT_MAP = new ParameterizedTypeReference<Map<String, Object>>() {
+	};
+
+	private static final ParameterizedTypeReference<Map<String, String>> STRING_STRING_MAP = new ParameterizedTypeReference<Map<String, String>>() {
+	};
+
 	private WebClient webClient = WebClient.create();
 
 	@Override
 	public Mono<OAuth2User> loadUser(OAuth2UserRequest userRequest) throws OAuth2AuthenticationException {
 		return Mono.defer(() -> {
 			Assert.notNull(userRequest, "userRequest cannot be null");
-
 			String userInfoUri = userRequest.getClientRegistration().getProviderDetails().getUserInfoEndpoint()
 					.getUri();
 			if (!StringUtils.hasText(userInfoUri)) {
@@ -99,32 +104,17 @@ public class DefaultReactiveOAuth2UserService implements ReactiveOAuth2UserServi
 						null);
 				throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
 			}
-
-			ParameterizedTypeReference<Map<String, Object>> typeReference = new ParameterizedTypeReference<Map<String, Object>>() {
-			};
-
 			AuthenticationMethod authenticationMethod = userRequest.getClientRegistration().getProviderDetails()
 					.getUserInfoEndpoint().getAuthenticationMethod();
-			WebClient.RequestHeadersSpec<?> requestHeadersSpec;
-			if (AuthenticationMethod.FORM.equals(authenticationMethod)) {
-				requestHeadersSpec = this.webClient.post().uri(userInfoUri)
-						.header(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_VALUE)
-						.header(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_FORM_URLENCODED_VALUE)
-						.syncBody("access_token=" + userRequest.getAccessToken().getTokenValue());
-			}
-			else {
-				requestHeadersSpec = this.webClient.get().uri(userInfoUri)
-						.header(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_VALUE)
-						.headers((headers) -> headers.setBearerAuth(userRequest.getAccessToken().getTokenValue()));
-			}
+			WebClient.RequestHeadersSpec<?> requestHeadersSpec = getRequestHeaderSpec(userRequest, userInfoUri,
+					authenticationMethod);
 			Mono<Map<String, Object>> userAttributes = requestHeadersSpec.retrieve()
 					.onStatus((s) -> s != HttpStatus.OK, (response) -> parse(response).map((userInfoErrorResponse) -> {
 						String description = userInfoErrorResponse.getErrorObject().getDescription();
 						OAuth2Error oauth2Error = new OAuth2Error(INVALID_USER_INFO_RESPONSE_ERROR_CODE, description,
 								null);
 						throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
-					})).bodyToMono(typeReference);
-
+					})).bodyToMono(DefaultReactiveOAuth2UserService.STRING_OBJECT_MAP);
 			return userAttributes.map((attrs) -> {
 				GrantedAuthority authority = new OAuth2UserAuthority(attrs);
 				Set<GrantedAuthority> authorities = new HashSet<>();
@@ -136,13 +126,13 @@ public class DefaultReactiveOAuth2UserService implements ReactiveOAuth2UserServi
 
 				return new DefaultOAuth2User(authorities, attrs, userNameAttributeName);
 			}).onErrorMap(IOException.class,
-					(e) -> new AuthenticationServiceException("Unable to access the userInfoEndpoint " + userInfoUri,
-							e))
-					.onErrorMap(UnsupportedMediaTypeException.class, (e) -> {
+					(ex) -> new AuthenticationServiceException("Unable to access the userInfoEndpoint " + userInfoUri,
+							ex))
+					.onErrorMap(UnsupportedMediaTypeException.class, (ex) -> {
 						String errorMessage = "An error occurred while attempting to retrieve the UserInfo Resource from '"
 								+ userRequest.getClientRegistration().getProviderDetails().getUserInfoEndpoint()
 										.getUri()
-								+ "': response contains invalid content type '" + e.getContentType().toString() + "'. "
+								+ "': response contains invalid content type '" + ex.getContentType().toString() + "'. "
 								+ "The UserInfo Response should return a JSON object (content type 'application/json') "
 								+ "that contains a collection of name and value pairs of the claims about the authenticated End-User. "
 								+ "Please ensure the UserInfo Uri in UserInfoEndpoint for Client Registration '"
@@ -151,7 +141,7 @@ public class DefaultReactiveOAuth2UserService implements ReactiveOAuth2UserServi
 								+ "as defined in OpenID Connect 1.0: 'https://openid.net/specs/openid-connect-core-1_0.html#UserInfo'";
 						OAuth2Error oauth2Error = new OAuth2Error(INVALID_USER_INFO_RESPONSE_ERROR_CODE, errorMessage,
 								null);
-						throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString(), e);
+						throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString(), ex);
 					}).onErrorMap((t) -> !(t instanceof AuthenticationServiceException), (t) -> {
 						OAuth2Error oauth2Error = new OAuth2Error(INVALID_USER_INFO_RESPONSE_ERROR_CODE,
 								"An error occurred reading the UserInfo Success response: " + t.getMessage(), null);
@@ -160,6 +150,17 @@ public class DefaultReactiveOAuth2UserService implements ReactiveOAuth2UserServi
 		});
 	}
 
+	private WebClient.RequestHeadersSpec<?> getRequestHeaderSpec(OAuth2UserRequest userRequest, String userInfoUri,
+			AuthenticationMethod authenticationMethod) {
+		if (AuthenticationMethod.FORM.equals(authenticationMethod)) {
+			return this.webClient.post().uri(userInfoUri).header(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_VALUE)
+					.header(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_FORM_URLENCODED_VALUE)
+					.syncBody("access_token=" + userRequest.getAccessToken().getTokenValue());
+		}
+		return this.webClient.get().uri(userInfoUri).header(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_VALUE)
+				.headers((headers) -> headers.setBearerAuth(userRequest.getAccessToken().getTokenValue()));
+	}
+
 	/**
 	 * Sets the {@link WebClient} used for retrieving the user endpoint
 	 * @param webClient the client to use
@@ -170,18 +171,13 @@ public class DefaultReactiveOAuth2UserService implements ReactiveOAuth2UserServi
 	}
 
 	private static Mono<UserInfoErrorResponse> parse(ClientResponse httpResponse) {
-
 		String wwwAuth = httpResponse.headers().asHttpHeaders().getFirst(HttpHeaders.WWW_AUTHENTICATE);
-
 		if (!StringUtils.isEmpty(wwwAuth)) {
 			// Bearer token error?
 			return Mono.fromCallable(() -> UserInfoErrorResponse.parse(wwwAuth));
 		}
-
-		ParameterizedTypeReference<Map<String, String>> typeReference = new ParameterizedTypeReference<Map<String, String>>() {
-		};
 		// Other error?
-		return httpResponse.bodyToMono(typeReference)
+		return httpResponse.bodyToMono(STRING_STRING_MAP)
 				.map((body) -> new UserInfoErrorResponse(ErrorObject.parse(new JSONObject(body))));
 	}
 
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequestEntityConverter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequestEntityConverter.java
index a27dc7b37e..9a7a3c8dd8 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequestEntityConverter.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequestEntityConverter.java
@@ -54,12 +54,7 @@ public class OAuth2UserRequestEntityConverter implements Converter<OAuth2UserReq
 	@Override
 	public RequestEntity<?> convert(OAuth2UserRequest userRequest) {
 		ClientRegistration clientRegistration = userRequest.getClientRegistration();
-
-		HttpMethod httpMethod = HttpMethod.GET;
-		if (AuthenticationMethod.FORM
-				.equals(clientRegistration.getProviderDetails().getUserInfoEndpoint().getAuthenticationMethod())) {
-			httpMethod = HttpMethod.POST;
-		}
+		HttpMethod httpMethod = getHttpMethod(clientRegistration);
 		HttpHeaders headers = new HttpHeaders();
 		headers.setAccept(Collections.singletonList(MediaType.APPLICATION_JSON));
 		URI uri = UriComponentsBuilder
@@ -80,4 +75,12 @@ public class OAuth2UserRequestEntityConverter implements Converter<OAuth2UserReq
 		return request;
 	}
 
+	private HttpMethod getHttpMethod(ClientRegistration clientRegistration) {
+		if (AuthenticationMethod.FORM
+				.equals(clientRegistration.getProviderDetails().getUserInfoEndpoint().getAuthenticationMethod())) {
+			return HttpMethod.POST;
+		}
+		return HttpMethod.GET;
+	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthenticatedPrincipalOAuth2AuthorizedClientRepository.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthenticatedPrincipalOAuth2AuthorizedClientRepository.java
index f6bcd82df5..246f729aa9 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthenticatedPrincipalOAuth2AuthorizedClientRepository.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthenticatedPrincipalOAuth2AuthorizedClientRepository.java
@@ -79,10 +79,7 @@ public final class AuthenticatedPrincipalOAuth2AuthorizedClientRepository implem
 		if (this.isPrincipalAuthenticated(principal)) {
 			return this.authorizedClientService.loadAuthorizedClient(clientRegistrationId, principal.getName());
 		}
-		else {
-			return this.anonymousAuthorizedClientRepository.loadAuthorizedClient(clientRegistrationId, principal,
-					request);
-		}
+		return this.anonymousAuthorizedClientRepository.loadAuthorizedClient(clientRegistrationId, principal, request);
 	}
 
 	@Override
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolver.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolver.java
index a333239355..252c6f803d 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolver.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolver.java
@@ -143,41 +143,13 @@ public final class DefaultOAuth2AuthorizationRequestResolver implements OAuth2Au
 		if (registrationId == null) {
 			return null;
 		}
-
 		ClientRegistration clientRegistration = this.clientRegistrationRepository.findByRegistrationId(registrationId);
 		if (clientRegistration == null) {
 			throw new IllegalArgumentException("Invalid Client Registration with Id: " + registrationId);
 		}
-
 		Map<String, Object> attributes = new HashMap<>();
 		attributes.put(OAuth2ParameterNames.REGISTRATION_ID, clientRegistration.getRegistrationId());
-
-		OAuth2AuthorizationRequest.Builder builder;
-		if (AuthorizationGrantType.AUTHORIZATION_CODE.equals(clientRegistration.getAuthorizationGrantType())) {
-			builder = OAuth2AuthorizationRequest.authorizationCode();
-			Map<String, Object> additionalParameters = new HashMap<>();
-			if (!CollectionUtils.isEmpty(clientRegistration.getScopes())
-					&& clientRegistration.getScopes().contains(OidcScopes.OPENID)) {
-				// Section 3.1.2.1 Authentication Request -
-				// https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
-				// scope
-				// REQUIRED. OpenID Connect requests MUST contain the "openid" scope
-				// value.
-				addNonceParameters(attributes, additionalParameters);
-			}
-			if (ClientAuthenticationMethod.NONE.equals(clientRegistration.getClientAuthenticationMethod())) {
-				addPkceParameters(attributes, additionalParameters);
-			}
-			builder.additionalParameters(additionalParameters);
-		}
-		else if (AuthorizationGrantType.IMPLICIT.equals(clientRegistration.getAuthorizationGrantType())) {
-			builder = OAuth2AuthorizationRequest.implicit();
-		}
-		else {
-			throw new IllegalArgumentException(
-					"Invalid Authorization Grant Type (" + clientRegistration.getAuthorizationGrantType().getValue()
-							+ ") for Client Registration with Id: " + clientRegistration.getRegistrationId());
-		}
+		OAuth2AuthorizationRequest.Builder builder = getBuilder(clientRegistration, attributes);
 
 		String redirectUriStr = expandRedirectUri(request, clientRegistration, redirectUriAction);
 
@@ -191,6 +163,33 @@ public final class DefaultOAuth2AuthorizationRequestResolver implements OAuth2Au
 		return builder.build();
 	}
 
+	private OAuth2AuthorizationRequest.Builder getBuilder(ClientRegistration clientRegistration,
+			Map<String, Object> attributes) {
+		if (AuthorizationGrantType.AUTHORIZATION_CODE.equals(clientRegistration.getAuthorizationGrantType())) {
+			OAuth2AuthorizationRequest.Builder builder = OAuth2AuthorizationRequest.authorizationCode();
+			Map<String, Object> additionalParameters = new HashMap<>();
+			if (!CollectionUtils.isEmpty(clientRegistration.getScopes())
+					&& clientRegistration.getScopes().contains(OidcScopes.OPENID)) {
+				// Section 3.1.2.1 Authentication Request -
+				// https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest scope
+				// REQUIRED. OpenID Connect requests MUST contain the "openid" scope
+				// value.
+				addNonceParameters(attributes, additionalParameters);
+			}
+			if (ClientAuthenticationMethod.NONE.equals(clientRegistration.getClientAuthenticationMethod())) {
+				addPkceParameters(attributes, additionalParameters);
+			}
+			builder.additionalParameters(additionalParameters);
+			return builder;
+		}
+		if (AuthorizationGrantType.IMPLICIT.equals(clientRegistration.getAuthorizationGrantType())) {
+			return OAuth2AuthorizationRequest.implicit();
+		}
+		throw new IllegalArgumentException(
+				"Invalid Authorization Grant Type (" + clientRegistration.getAuthorizationGrantType().getValue()
+						+ ") for Client Registration with Id: " + clientRegistration.getRegistrationId());
+	}
+
 	private String resolveRegistrationId(HttpServletRequest request) {
 		if (this.authorizationRequestMatcher.matches(request)) {
 			return this.authorizationRequestMatcher.matcher(request).getVariables()
@@ -220,7 +219,6 @@ public final class DefaultOAuth2AuthorizationRequestResolver implements OAuth2Au
 			String action) {
 		Map<String, String> uriVariables = new HashMap<>();
 		uriVariables.put("registrationId", clientRegistration.getRegistrationId());
-
 		UriComponents uriComponents = UriComponentsBuilder.fromHttpUrl(UrlUtils.buildFullRequestUrl(request))
 				.replacePath(request.getContextPath()).replaceQuery(null).fragment(null).build();
 		String scheme = uriComponents.getScheme();
@@ -238,9 +236,7 @@ public final class DefaultOAuth2AuthorizationRequestResolver implements OAuth2Au
 		}
 		uriVariables.put("basePath", (path != null) ? path : "");
 		uriVariables.put("baseUrl", uriComponents.toUriString());
-
 		uriVariables.put("action", (action != null) ? action : "");
-
 		return UriComponentsBuilder.fromUriString(clientRegistration.getRedirectUri()).buildAndExpand(uriVariables)
 				.toUriString();
 	}
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManager.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManager.java
index 6d21a1a243..5f4b3111fe 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManager.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManager.java
@@ -131,16 +131,13 @@ public final class DefaultOAuth2AuthorizedClientManager implements OAuth2Authori
 	@Override
 	public OAuth2AuthorizedClient authorize(OAuth2AuthorizeRequest authorizeRequest) {
 		Assert.notNull(authorizeRequest, "authorizeRequest cannot be null");
-
 		String clientRegistrationId = authorizeRequest.getClientRegistrationId();
 		OAuth2AuthorizedClient authorizedClient = authorizeRequest.getAuthorizedClient();
 		Authentication principal = authorizeRequest.getPrincipal();
-
 		HttpServletRequest servletRequest = getHttpServletRequestOrDefault(authorizeRequest.getAttributes());
 		Assert.notNull(servletRequest, "servletRequest cannot be null");
 		HttpServletResponse servletResponse = getHttpServletResponseOrDefault(authorizeRequest.getAttributes());
 		Assert.notNull(servletResponse, "servletResponse cannot be null");
-
 		OAuth2AuthorizationContext.Builder contextBuilder;
 		if (authorizedClient != null) {
 			contextBuilder = OAuth2AuthorizationContext.withAuthorizedClient(authorizedClient);
@@ -166,7 +163,6 @@ public final class DefaultOAuth2AuthorizedClientManager implements OAuth2Authori
 						attributes.putAll(contextAttributes);
 					}
 				}).build();
-
 		try {
 			authorizedClient = this.authorizedClientProvider.authorize(authorizationContext);
 		}
@@ -175,7 +171,6 @@ public final class DefaultOAuth2AuthorizedClientManager implements OAuth2Authori
 					createAttributes(servletRequest, servletResponse));
 			throw ex;
 		}
-
 		if (authorizedClient != null) {
 			this.authorizationSuccessHandler.onAuthorizationSuccess(authorizedClient, principal,
 					createAttributes(servletRequest, servletResponse));
@@ -189,7 +184,6 @@ public final class DefaultOAuth2AuthorizedClientManager implements OAuth2Authori
 				return authorizationContext.getAuthorizedClient();
 			}
 		}
-
 		return authorizedClient;
 	}
 
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultReactiveOAuth2AuthorizedClientManager.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultReactiveOAuth2AuthorizedClientManager.java
index 7ee459ad6a..69dbf4e9bc 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultReactiveOAuth2AuthorizedClientManager.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultReactiveOAuth2AuthorizedClientManager.java
@@ -136,10 +136,8 @@ public final class DefaultReactiveOAuth2AuthorizedClientManager implements React
 	@Override
 	public Mono<OAuth2AuthorizedClient> authorize(OAuth2AuthorizeRequest authorizeRequest) {
 		Assert.notNull(authorizeRequest, "authorizeRequest cannot be null");
-
 		String clientRegistrationId = authorizeRequest.getClientRegistrationId();
 		Authentication principal = authorizeRequest.getPrincipal();
-
 		return Mono.justOrEmpty(authorizeRequest.<ServerWebExchange>getAttribute(ServerWebExchange.class.getName()))
 				.switchIfEmpty(currentServerWebExchangeMono)
 				.switchIfEmpty(Mono.error(() -> new IllegalArgumentException("serverWebExchange cannot be null")))
@@ -183,7 +181,6 @@ public final class DefaultReactiveOAuth2AuthorizedClientManager implements React
 	 */
 	private Mono<OAuth2AuthorizedClient> authorize(OAuth2AuthorizationContext authorizationContext,
 			Authentication principal, ServerWebExchange serverWebExchange) {
-
 		return this.authorizedClientProvider.authorize(authorizationContext)
 				// Delegate to the authorizationSuccessHandler of the successful
 				// authorization
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilter.java
index f86c761178..f8bc3b13b2 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilter.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilter.java
@@ -161,12 +161,10 @@ public class OAuth2AuthorizationCodeGrantFilter extends OncePerRequestFilter {
 	@Override
 	protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
 			throws ServletException, IOException {
-
 		if (matchesAuthorizationResponse(request)) {
 			processAuthorizationResponse(request, response);
 			return;
 		}
-
 		filterChain.doFilter(request, response);
 	}
 
@@ -180,7 +178,6 @@ public class OAuth2AuthorizationCodeGrantFilter extends OncePerRequestFilter {
 		if (authorizationRequest == null) {
 			return false;
 		}
-
 		// Compare redirect_uri
 		UriComponents requestUri = UriComponentsBuilder.fromUriString(UrlUtils.buildFullRequestUrl(request)).build();
 		UriComponents redirectUri = UriComponentsBuilder.fromUriString(authorizationRequest.getRedirectUri()).build();
@@ -193,7 +190,6 @@ public class OAuth2AuthorizationCodeGrantFilter extends OncePerRequestFilter {
 		// before doing an exact comparison with the authorizationRequest.getRedirectUri()
 		// parameters (if any)
 		requestUriParameters.retainAll(redirectUriParameters);
-
 		if (Objects.equals(requestUri.getScheme(), redirectUri.getScheme())
 				&& Objects.equals(requestUri.getUserInfo(), redirectUri.getUserInfo())
 				&& Objects.equals(requestUri.getHost(), redirectUri.getHost())
@@ -207,24 +203,18 @@ public class OAuth2AuthorizationCodeGrantFilter extends OncePerRequestFilter {
 
 	private void processAuthorizationResponse(HttpServletRequest request, HttpServletResponse response)
 			throws IOException {
-
 		OAuth2AuthorizationRequest authorizationRequest = this.authorizationRequestRepository
 				.removeAuthorizationRequest(request, response);
-
 		String registrationId = authorizationRequest.getAttribute(OAuth2ParameterNames.REGISTRATION_ID);
 		ClientRegistration clientRegistration = this.clientRegistrationRepository.findByRegistrationId(registrationId);
-
 		MultiValueMap<String, String> params = OAuth2AuthorizationResponseUtils.toMultiMap(request.getParameterMap());
 		String redirectUri = UrlUtils.buildFullRequestUrl(request);
 		OAuth2AuthorizationResponse authorizationResponse = OAuth2AuthorizationResponseUtils.convert(params,
 				redirectUri);
-
 		OAuth2AuthorizationCodeAuthenticationToken authenticationRequest = new OAuth2AuthorizationCodeAuthenticationToken(
 				clientRegistration, new OAuth2AuthorizationExchange(authorizationRequest, authorizationResponse));
 		authenticationRequest.setDetails(this.authenticationDetailsSource.buildDetails(request));
-
 		OAuth2AuthorizationCodeAuthenticationToken authenticationResult;
-
 		try {
 			authenticationResult = (OAuth2AuthorizationCodeAuthenticationToken) this.authenticationManager
 					.authenticate(authenticationRequest);
@@ -242,24 +232,19 @@ public class OAuth2AuthorizationCodeGrantFilter extends OncePerRequestFilter {
 			this.redirectStrategy.sendRedirect(request, response, uriBuilder.build().encode().toString());
 			return;
 		}
-
 		Authentication currentAuthentication = SecurityContextHolder.getContext().getAuthentication();
 		String principalName = (currentAuthentication != null) ? currentAuthentication.getName() : "anonymousUser";
-
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(
 				authenticationResult.getClientRegistration(), principalName, authenticationResult.getAccessToken(),
 				authenticationResult.getRefreshToken());
-
 		this.authorizedClientRepository.saveAuthorizedClient(authorizedClient, currentAuthentication, request,
 				response);
-
 		String redirectUrl = authorizationRequest.getRedirectUri();
 		SavedRequest savedRequest = this.requestCache.getRequest(request, response);
 		if (savedRequest != null) {
 			redirectUrl = savedRequest.getRedirectUrl();
 			this.requestCache.removeRequest(request, response);
 		}
-
 		this.redirectStrategy.sendRedirect(request, response, redirectUrl);
 	}
 
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilter.java
index 670ca8006d..2e9c62c993 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilter.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilter.java
@@ -23,6 +23,7 @@ import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.springframework.core.log.LogMessage;
 import org.springframework.http.HttpStatus;
 import org.springframework.security.oauth2.client.ClientAuthorizationRequiredException;
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
@@ -162,7 +163,6 @@ public class OAuth2AuthorizationRequestRedirectFilter extends OncePerRequestFilt
 	@Override
 	protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
 			throws ServletException, IOException {
-
 		try {
 			OAuth2AuthorizationRequest authorizationRequest = this.authorizationRequestResolver.resolve(request);
 			if (authorizationRequest != null) {
@@ -170,11 +170,10 @@ public class OAuth2AuthorizationRequestRedirectFilter extends OncePerRequestFilt
 				return;
 			}
 		}
-		catch (Exception failed) {
-			this.unsuccessfulRedirectForAuthorization(request, response, failed);
+		catch (Exception ex) {
+			this.unsuccessfulRedirectForAuthorization(request, response, ex);
 			return;
 		}
-
 		try {
 			filterChain.doFilter(request, response);
 		}
@@ -201,22 +200,18 @@ public class OAuth2AuthorizationRequestRedirectFilter extends OncePerRequestFilt
 				}
 				return;
 			}
-
 			if (ex instanceof ServletException) {
 				throw (ServletException) ex;
 			}
-			else if (ex instanceof RuntimeException) {
+			if (ex instanceof RuntimeException) {
 				throw (RuntimeException) ex;
 			}
-			else {
-				throw new RuntimeException(ex);
-			}
+			throw new RuntimeException(ex);
 		}
 	}
 
 	private void sendRedirectForAuthorization(HttpServletRequest request, HttpServletResponse response,
 			OAuth2AuthorizationRequest authorizationRequest) throws IOException {
-
 		if (AuthorizationGrantType.AUTHORIZATION_CODE.equals(authorizationRequest.getGrantType())) {
 			this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, request, response);
 		}
@@ -225,11 +220,8 @@ public class OAuth2AuthorizationRequestRedirectFilter extends OncePerRequestFilt
 	}
 
 	private void unsuccessfulRedirectForAuthorization(HttpServletRequest request, HttpServletResponse response,
-			Exception failed) throws IOException {
-
-		if (this.logger.isErrorEnabled()) {
-			this.logger.error("Authorization Request failed: " + failed.toString(), failed);
-		}
+			Exception ex) throws IOException {
+		this.logger.error(LogMessage.format("Authorization Request failed: %s", ex, ex));
 		response.sendError(HttpStatus.INTERNAL_SERVER_ERROR.value(),
 				HttpStatus.INTERNAL_SERVER_ERROR.getReasonPhrase());
 	}
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationResponseUtils.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationResponseUtils.java
index b4020ee9e3..8fdbf17b0f 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationResponseUtils.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationResponseUtils.java
@@ -66,16 +66,13 @@ final class OAuth2AuthorizationResponseUtils {
 		String code = request.getFirst(OAuth2ParameterNames.CODE);
 		String errorCode = request.getFirst(OAuth2ParameterNames.ERROR);
 		String state = request.getFirst(OAuth2ParameterNames.STATE);
-
 		if (StringUtils.hasText(code)) {
 			return OAuth2AuthorizationResponse.success(code).redirectUri(redirectUri).state(state).build();
 		}
-		else {
-			String errorDescription = request.getFirst(OAuth2ParameterNames.ERROR_DESCRIPTION);
-			String errorUri = request.getFirst(OAuth2ParameterNames.ERROR_URI);
-			return OAuth2AuthorizationResponse.error(errorCode).redirectUri(redirectUri)
-					.errorDescription(errorDescription).errorUri(errorUri).state(state).build();
-		}
+		String errorDescription = request.getFirst(OAuth2ParameterNames.ERROR_DESCRIPTION);
+		String errorUri = request.getFirst(OAuth2ParameterNames.ERROR_URI);
+		return OAuth2AuthorizationResponse.error(errorCode).redirectUri(redirectUri).errorDescription(errorDescription)
+				.errorUri(errorUri).state(state).build();
 	}
 
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilter.java
index 24103d8097..2583b1a9a2 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilter.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilter.java
@@ -158,20 +158,17 @@ public class OAuth2LoginAuthenticationFilter extends AbstractAuthenticationProce
 	@Override
 	public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
 			throws AuthenticationException {
-
 		MultiValueMap<String, String> params = OAuth2AuthorizationResponseUtils.toMultiMap(request.getParameterMap());
 		if (!OAuth2AuthorizationResponseUtils.isAuthorizationResponse(params)) {
 			OAuth2Error oauth2Error = new OAuth2Error(OAuth2ErrorCodes.INVALID_REQUEST);
 			throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
 		}
-
 		OAuth2AuthorizationRequest authorizationRequest = this.authorizationRequestRepository
 				.removeAuthorizationRequest(request, response);
 		if (authorizationRequest == null) {
 			OAuth2Error oauth2Error = new OAuth2Error(AUTHORIZATION_REQUEST_NOT_FOUND_ERROR_CODE);
 			throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
 		}
-
 		String registrationId = authorizationRequest.getAttribute(OAuth2ParameterNames.REGISTRATION_ID);
 		ClientRegistration clientRegistration = this.clientRegistrationRepository.findByRegistrationId(registrationId);
 		if (clientRegistration == null) {
@@ -183,26 +180,21 @@ public class OAuth2LoginAuthenticationFilter extends AbstractAuthenticationProce
 				.build().toUriString();
 		OAuth2AuthorizationResponse authorizationResponse = OAuth2AuthorizationResponseUtils.convert(params,
 				redirectUri);
-
 		Object authenticationDetails = this.authenticationDetailsSource.buildDetails(request);
 		OAuth2LoginAuthenticationToken authenticationRequest = new OAuth2LoginAuthenticationToken(clientRegistration,
 				new OAuth2AuthorizationExchange(authorizationRequest, authorizationResponse));
 		authenticationRequest.setDetails(authenticationDetails);
-
 		OAuth2LoginAuthenticationToken authenticationResult = (OAuth2LoginAuthenticationToken) this
 				.getAuthenticationManager().authenticate(authenticationRequest);
-
 		OAuth2AuthenticationToken oauth2Authentication = new OAuth2AuthenticationToken(
 				authenticationResult.getPrincipal(), authenticationResult.getAuthorities(),
 				authenticationResult.getClientRegistration().getRegistrationId());
 		oauth2Authentication.setDetails(authenticationDetails);
-
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(
 				authenticationResult.getClientRegistration(), oauth2Authentication.getName(),
 				authenticationResult.getAccessToken(), authenticationResult.getRefreshToken());
 
 		this.authorizedClientRepository.saveAuthorizedClient(authorizedClient, oauth2Authentication, request, response);
-
 		return oauth2Authentication;
 	}
 
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolver.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolver.java
index 4a5680a752..66f81abc45 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolver.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolver.java
@@ -114,46 +114,38 @@ public final class OAuth2AuthorizedClientArgumentResolver implements HandlerMeth
 	@Override
 	public Object resolveArgument(MethodParameter parameter, @Nullable ModelAndViewContainer mavContainer,
 			NativeWebRequest webRequest, @Nullable WebDataBinderFactory binderFactory) {
-
 		String clientRegistrationId = this.resolveClientRegistrationId(parameter);
 		if (StringUtils.isEmpty(clientRegistrationId)) {
 			throw new IllegalArgumentException("Unable to resolve the Client Registration Identifier. "
 					+ "It must be provided via @RegisteredOAuth2AuthorizedClient(\"client1\") or "
 					+ "@RegisteredOAuth2AuthorizedClient(registrationId = \"client1\").");
 		}
-
 		Authentication principal = SecurityContextHolder.getContext().getAuthentication();
 		if (principal == null) {
 			principal = ANONYMOUS_AUTHENTICATION;
 		}
 		HttpServletRequest servletRequest = webRequest.getNativeRequest(HttpServletRequest.class);
 		HttpServletResponse servletResponse = webRequest.getNativeResponse(HttpServletResponse.class);
-
 		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest.withClientRegistrationId(clientRegistrationId)
 				.principal(principal).attribute(HttpServletRequest.class.getName(), servletRequest)
 				.attribute(HttpServletResponse.class.getName(), servletResponse).build();
-
 		return this.authorizedClientManager.authorize(authorizeRequest);
 	}
 
 	private String resolveClientRegistrationId(MethodParameter parameter) {
 		RegisteredOAuth2AuthorizedClient authorizedClientAnnotation = AnnotatedElementUtils
 				.findMergedAnnotation(parameter.getParameter(), RegisteredOAuth2AuthorizedClient.class);
-
 		Authentication principal = SecurityContextHolder.getContext().getAuthentication();
-
-		String clientRegistrationId = null;
 		if (!StringUtils.isEmpty(authorizedClientAnnotation.registrationId())) {
-			clientRegistrationId = authorizedClientAnnotation.registrationId();
+			return authorizedClientAnnotation.registrationId();
 		}
-		else if (!StringUtils.isEmpty(authorizedClientAnnotation.value())) {
-			clientRegistrationId = authorizedClientAnnotation.value();
+		if (!StringUtils.isEmpty(authorizedClientAnnotation.value())) {
+			return authorizedClientAnnotation.value();
 		}
-		else if (principal != null && OAuth2AuthenticationToken.class.isAssignableFrom(principal.getClass())) {
-			clientRegistrationId = ((OAuth2AuthenticationToken) principal).getAuthorizedClientRegistrationId();
+		if (principal != null && OAuth2AuthenticationToken.class.isAssignableFrom(principal.getClass())) {
+			return ((OAuth2AuthenticationToken) principal).getAuthorizedClientRegistrationId();
 		}
-
-		return clientRegistrationId;
+		return null;
 	}
 
 	/**
@@ -184,7 +176,6 @@ public final class OAuth2AuthorizedClientArgumentResolver implements HandlerMeth
 
 	private void updateDefaultAuthorizedClientManager(
 			OAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest> clientCredentialsTokenResponseClient) {
-
 		OAuth2AuthorizedClientProvider authorizedClientProvider = OAuth2AuthorizedClientProviderBuilder.builder()
 				.authorizationCode().refreshToken()
 				.clientCredentials(
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunction.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunction.java
index 6e9b5f09f4..8cf8ae34b9 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunction.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunction.java
@@ -206,12 +206,10 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements
 	public ServerOAuth2AuthorizedClientExchangeFilterFunction(
 			ReactiveClientRegistrationRepository clientRegistrationRepository,
 			ServerOAuth2AuthorizedClientRepository authorizedClientRepository) {
-
 		ReactiveOAuth2AuthorizationFailureHandler authorizationFailureHandler = new RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler(
 				(clientRegistrationId, principal, attributes) -> authorizedClientRepository.removeAuthorizedClient(
 						clientRegistrationId, principal,
 						(ServerWebExchange) attributes.get(ServerWebExchange.class.getName())));
-
 		this.authorizedClientManager = createDefaultAuthorizedClientManager(clientRegistrationRepository,
 				authorizedClientRepository, authorizationFailureHandler);
 		this.clientResponseHandler = new AuthorizationFailureForwarder(authorizationFailureHandler);
@@ -222,7 +220,6 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements
 			ReactiveClientRegistrationRepository clientRegistrationRepository,
 			ServerOAuth2AuthorizedClientRepository authorizedClientRepository,
 			ReactiveOAuth2AuthorizationFailureHandler authorizationFailureHandler) {
-
 		// gh-7544
 		if (authorizedClientRepository instanceof UnAuthenticatedServerOAuth2AuthorizedClientRepository) {
 			UnAuthenticatedReactiveOAuth2AuthorizedClientManager unauthenticatedAuthorizedClientManager = new UnAuthenticatedReactiveOAuth2AuthorizedClientManager(
@@ -234,11 +231,9 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements
 							.authorizationCode().refreshToken().clientCredentials().password().build());
 			return unauthenticatedAuthorizedClientManager;
 		}
-
 		DefaultReactiveOAuth2AuthorizedClientManager authorizedClientManager = new DefaultReactiveOAuth2AuthorizedClientManager(
 				clientRegistrationRepository, authorizedClientRepository);
 		authorizedClientManager.setAuthorizationFailureHandler(authorizationFailureHandler);
-
 		return authorizedClientManager;
 	}
 
@@ -444,9 +439,7 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements
 
 	private Mono<OAuth2AuthorizeRequest> authorizeRequest(ClientRequest request) {
 		Mono<String> clientRegistrationId = effectiveClientRegistrationId(request);
-
 		Mono<Optional<ServerWebExchange>> serverWebExchange = effectiveServerWebExchange(request);
-
 		return Mono.zip(clientRegistrationId, this.currentAuthenticationMono, serverWebExchange).map((t3) -> {
 			OAuth2AuthorizeRequest.Builder builder = OAuth2AuthorizeRequest.withClientRegistrationId(t3.getT1())
 					.principal(t3.getT2());
@@ -488,7 +481,6 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements
 	private Mono<OAuth2AuthorizeRequest> reauthorizeRequest(ClientRequest request,
 			OAuth2AuthorizedClient authorizedClient) {
 		Mono<Optional<ServerWebExchange>> serverWebExchange = effectiveServerWebExchange(request);
-
 		return Mono.zip(this.currentAuthenticationMono, serverWebExchange).map((t2) -> {
 			OAuth2AuthorizeRequest.Builder builder = OAuth2AuthorizeRequest.withAuthorizedClient(authorizedClient)
 					.principal(t2.getT1());
@@ -561,27 +553,39 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements
 		@Override
 		public Mono<OAuth2AuthorizedClient> authorize(OAuth2AuthorizeRequest authorizeRequest) {
 			Assert.notNull(authorizeRequest, "authorizeRequest cannot be null");
-
 			String clientRegistrationId = authorizeRequest.getClientRegistrationId();
 			Authentication principal = authorizeRequest.getPrincipal();
+			return Mono.justOrEmpty(authorizeRequest.getAuthorizedClient())
+					.switchIfEmpty(loadAuthorizedClient(clientRegistrationId, principal))
+					.flatMap((authorizedClient) -> reauthorize(authorizedClient, authorizeRequest, principal))
+					.switchIfEmpty(findAndAuthorize(clientRegistrationId, principal));
+		}
 
-			return Mono.justOrEmpty(authorizeRequest.getAuthorizedClient()).switchIfEmpty(Mono.defer(
-					() -> this.authorizedClientRepository.loadAuthorizedClient(clientRegistrationId, principal, null)))
-					.flatMap((authorizedClient) -> // Re-authorize
-					Mono.just(OAuth2AuthorizationContext.withAuthorizedClient(authorizedClient).principal(principal)
-							.build()).flatMap((authorizationContext) -> authorize(authorizationContext, principal))
-							// Default to the existing authorizedClient if the client
-							// was not re-authorized
-							.defaultIfEmpty((authorizeRequest.getAuthorizedClient() != null)
-									? authorizeRequest.getAuthorizedClient() : authorizedClient))
-					.switchIfEmpty(Mono.defer(() ->
-					// Authorize
-					this.clientRegistrationRepository.findByRegistrationId(clientRegistrationId)
-							.switchIfEmpty(Mono.error(() -> new IllegalArgumentException(
-									"Could not find ClientRegistration with id '" + clientRegistrationId + "'")))
-							.flatMap((clientRegistration) -> Mono.just(OAuth2AuthorizationContext
-									.withClientRegistration(clientRegistration).principal(principal).build()))
-							.flatMap((authorizationContext) -> authorize(authorizationContext, principal))));
+		private Mono<OAuth2AuthorizedClient> loadAuthorizedClient(String clientRegistrationId,
+				Authentication principal) {
+			return Mono.defer(
+					() -> this.authorizedClientRepository.loadAuthorizedClient(clientRegistrationId, principal, null));
+		}
+
+		private Mono<OAuth2AuthorizedClient> reauthorize(OAuth2AuthorizedClient authorizedClient,
+				OAuth2AuthorizeRequest authorizeRequest, Authentication principal) {
+			return Mono
+					.just(OAuth2AuthorizationContext.withAuthorizedClient(authorizedClient).principal(principal)
+							.build())
+					.flatMap((authorizationContext) -> authorize(authorizationContext, principal))
+					// Default to the existing authorizedClient if the client was not
+					// re-authorized
+					.defaultIfEmpty((authorizeRequest.getAuthorizedClient() != null)
+							? authorizeRequest.getAuthorizedClient() : authorizedClient);
+		}
+
+		private Mono<OAuth2AuthorizedClient> findAndAuthorize(String clientRegistrationId, Authentication principal) {
+			return Mono.defer(() -> this.clientRegistrationRepository.findByRegistrationId(clientRegistrationId)
+					.switchIfEmpty(Mono.error(() -> new IllegalArgumentException(
+							"Could not find ClientRegistration with id '" + clientRegistrationId + "'")))
+					.flatMap((clientRegistration) -> Mono.just(OAuth2AuthorizationContext
+							.withClientRegistration(clientRegistration).principal(principal).build()))
+					.flatMap((authorizationContext) -> authorize(authorizationContext, principal)));
 		}
 
 		/**
@@ -597,7 +601,6 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements
 		 */
 		private Mono<OAuth2AuthorizedClient> authorize(OAuth2AuthorizationContext authorizationContext,
 				Authentication principal) {
-
 			return this.authorizedClientProvider.authorize(authorizationContext)
 					// Delegates to the authorizationSuccessHandler of the successful
 					// authorization
@@ -642,7 +645,6 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements
 		private AuthorizationFailureForwarder(ReactiveOAuth2AuthorizationFailureHandler authorizationFailureHandler) {
 			Assert.notNull(authorizationFailureHandler, "authorizationFailureHandler cannot be null");
 			this.authorizationFailureHandler = authorizationFailureHandler;
-
 			Map<Integer, String> httpStatusToOAuth2Error = new HashMap<>();
 			httpStatusToOAuth2Error.put(HttpStatus.UNAUTHORIZED.value(), OAuth2ErrorCodes.INVALID_TOKEN);
 			httpStatusToOAuth2Error.put(HttpStatus.FORBIDDEN.value(), OAuth2ErrorCodes.INSUFFICIENT_SCOPE);
@@ -661,17 +663,12 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements
 		private Mono<Void> handleResponse(ClientRequest request, ClientResponse response) {
 			return Mono.justOrEmpty(resolveErrorIfPossible(response)).flatMap((oauth2Error) -> {
 				Mono<Optional<ServerWebExchange>> serverWebExchange = effectiveServerWebExchange(request);
-
 				Mono<String> clientRegistrationId = effectiveClientRegistrationId(request);
-
 				return Mono
 						.zip(ServerOAuth2AuthorizedClientExchangeFilterFunction.this.currentAuthenticationMono,
 								serverWebExchange, clientRegistrationId)
-						.flatMap((tuple3) -> handleAuthorizationFailure(tuple3.getT1(), // Authentication
-																						// principal
-								tuple3.getT2().orElse(null), // ServerWebExchange exchange
-								new ClientAuthorizationException(oauth2Error, tuple3.getT3()))); // String
-																									// clientRegistrationId
+						.flatMap((zipped) -> handleAuthorizationFailure(zipped.getT1(), zipped.getT2(),
+								new ClientAuthorizationException(oauth2Error, zipped.getT3())));
 			});
 		}
 
@@ -720,18 +717,12 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements
 				WebClientResponseException exception) {
 			return Mono.justOrEmpty(resolveErrorIfPossible(exception.getRawStatusCode())).flatMap((oauth2Error) -> {
 				Mono<Optional<ServerWebExchange>> serverWebExchange = effectiveServerWebExchange(request);
-
 				Mono<String> clientRegistrationId = effectiveClientRegistrationId(request);
-
 				return Mono
 						.zip(ServerOAuth2AuthorizedClientExchangeFilterFunction.this.currentAuthenticationMono,
 								serverWebExchange, clientRegistrationId)
-						.flatMap((tuple3) -> handleAuthorizationFailure(tuple3.getT1(), // Authentication
-																						// principal
-								tuple3.getT2().orElse(null), // ServerWebExchange exchange
-								new ClientAuthorizationException(oauth2Error, tuple3.getT3(), // String
-																								// clientRegistrationId
-										exception)));
+						.flatMap((zipped) -> handleAuthorizationFailure(zipped.getT1(), zipped.getT2(),
+								new ClientAuthorizationException(oauth2Error, zipped.getT3(), exception)));
 			});
 		}
 
@@ -745,14 +736,10 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements
 		 */
 		private Mono<Void> handleAuthorizationException(ClientRequest request, OAuth2AuthorizationException exception) {
 			Mono<Optional<ServerWebExchange>> serverWebExchange = effectiveServerWebExchange(request);
-
-			return Mono.zip(ServerOAuth2AuthorizedClientExchangeFilterFunction.this.currentAuthenticationMono,
-					serverWebExchange).flatMap(
-							(tuple2) -> handleAuthorizationFailure(tuple2.getT1(), // Authentication
-																					// principal
-									tuple2.getT2().orElse(null), // ServerWebExchange
-																	// exchange
-									exception));
+			return Mono
+					.zip(ServerOAuth2AuthorizedClientExchangeFilterFunction.this.currentAuthenticationMono,
+							serverWebExchange)
+					.flatMap((zipped) -> handleAuthorizationFailure(zipped.getT1(), zipped.getT2(), exception));
 		}
 
 		/**
@@ -763,11 +750,10 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements
 		 * @return a {@link Mono} that completes empty after the authorization failure
 		 * handler completes.
 		 */
-		private Mono<Void> handleAuthorizationFailure(Authentication principal, ServerWebExchange exchange,
+		private Mono<Void> handleAuthorizationFailure(Authentication principal, Optional<ServerWebExchange> exchange,
 				OAuth2AuthorizationException exception) {
-
 			return this.authorizationFailureHandler.onAuthorizationFailure(exception, principal,
-					createAttributes(exchange));
+					createAttributes(exchange.orElse(null)));
 		}
 
 		private Map<String, Object> createAttributes(ServerWebExchange exchange) {
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunction.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunction.java
index aa6a237fdb..4fe3bf5fa3 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunction.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunction.java
@@ -218,12 +218,9 @@ public final class ServletOAuth2AuthorizedClientExchangeFilterFunction implement
 	public ServletOAuth2AuthorizedClientExchangeFilterFunction(
 			ClientRegistrationRepository clientRegistrationRepository,
 			OAuth2AuthorizedClientRepository authorizedClientRepository) {
-
 		OAuth2AuthorizationFailureHandler authorizationFailureHandler = new RemoveAuthorizedClientOAuth2AuthorizationFailureHandler(
-				(clientRegistrationId, principal, attributes) -> authorizedClientRepository.removeAuthorizedClient(
-						clientRegistrationId, principal,
-						(HttpServletRequest) attributes.get(HttpServletRequest.class.getName()),
-						(HttpServletResponse) attributes.get(HttpServletResponse.class.getName())));
+				(clientRegistrationId, principal, attributes) -> removeAuthorizedClient(authorizedClientRepository,
+						clientRegistrationId, principal, attributes));
 		DefaultOAuth2AuthorizedClientManager defaultAuthorizedClientManager = new DefaultOAuth2AuthorizedClientManager(
 				clientRegistrationRepository, authorizedClientRepository);
 		defaultAuthorizedClientManager.setAuthorizationFailureHandler(authorizationFailureHandler);
@@ -232,6 +229,13 @@ public final class ServletOAuth2AuthorizedClientExchangeFilterFunction implement
 		this.clientResponseHandler = new AuthorizationFailureForwarder(authorizationFailureHandler);
 	}
 
+	private void removeAuthorizedClient(OAuth2AuthorizedClientRepository authorizedClientRepository,
+			String clientRegistrationId, Authentication principal, Map<String, Object> attributes) {
+		HttpServletRequest request = getRequest(attributes);
+		HttpServletResponse response = getResponse(attributes);
+		authorizedClientRepository.removeAuthorizedClient(clientRegistrationId, principal, request, response);
+	}
+
 	/**
 	 * Sets the {@link OAuth2AccessTokenResponseClient} used for getting an
 	 * {@link OAuth2AuthorizedClient} for the client_credentials grant.
@@ -453,9 +457,7 @@ public final class ServletOAuth2AuthorizedClientExchangeFilterFunction implement
 				|| !request.attribute(AUTHENTICATION_ATTR_NAME).isPresent()) {
 			return mergeRequestAttributesFromContext(request);
 		}
-		else {
-			return Mono.just(request);
-		}
+		return Mono.just(request);
 	}
 
 	private Mono<ClientRequest> mergeRequestAttributesFromContext(ClientRequest request) {
@@ -530,23 +532,13 @@ public final class ServletOAuth2AuthorizedClientExchangeFilterFunction implement
 		}
 		HttpServletRequest servletRequest = getRequest(attrs);
 		HttpServletResponse servletResponse = getResponse(attrs);
-
 		OAuth2AuthorizeRequest.Builder builder = OAuth2AuthorizeRequest.withClientRegistrationId(clientRegistrationId)
 				.principal(authentication);
-		builder.attributes((attributes) -> {
-			if (servletRequest != null) {
-				attributes.put(HttpServletRequest.class.getName(), servletRequest);
-			}
-			if (servletResponse != null) {
-				attributes.put(HttpServletResponse.class.getName(), servletResponse);
-			}
-		});
+		builder.attributes((attributes) -> addToAttributes(attributes, servletRequest, servletResponse));
 		OAuth2AuthorizeRequest authorizeRequest = builder.build();
-
-		// NOTE:
-		// 'authorizedClientManager.authorize()' needs to be executed
-		// on a dedicated thread via subscribeOn(Schedulers.boundedElastic())
-		// since it performs a blocking I/O operation using RestTemplate internally
+		// NOTE: 'authorizedClientManager.authorize()' needs to be executed on a dedicated
+		// thread via subscribeOn(Schedulers.boundedElastic()) since it performs a
+		// blocking I/O operation using RestTemplate internally
 		return Mono.fromSupplier(() -> this.authorizedClientManager.authorize(authorizeRequest))
 				.subscribeOn(Schedulers.boundedElastic());
 	}
@@ -563,27 +555,27 @@ public final class ServletOAuth2AuthorizedClientExchangeFilterFunction implement
 		}
 		HttpServletRequest servletRequest = getRequest(attrs);
 		HttpServletResponse servletResponse = getResponse(attrs);
-
 		OAuth2AuthorizeRequest.Builder builder = OAuth2AuthorizeRequest.withAuthorizedClient(authorizedClient)
 				.principal(authentication);
-		builder.attributes((attributes) -> {
-			if (servletRequest != null) {
-				attributes.put(HttpServletRequest.class.getName(), servletRequest);
-			}
-			if (servletResponse != null) {
-				attributes.put(HttpServletResponse.class.getName(), servletResponse);
-			}
-		});
+		builder.attributes((attributes) -> addToAttributes(attributes, servletRequest, servletResponse));
 		OAuth2AuthorizeRequest reauthorizeRequest = builder.build();
-
-		// NOTE:
-		// 'authorizedClientManager.authorize()' needs to be executed
-		// on a dedicated thread via subscribeOn(Schedulers.boundedElastic())
-		// since it performs a blocking I/O operation using RestTemplate internally
+		// NOTE: 'authorizedClientManager.authorize()' needs to be executed on a dedicated
+		// thread via subscribeOn(Schedulers.boundedElastic()) since it performs a
+		// blocking I/O operation using RestTemplate internally
 		return Mono.fromSupplier(() -> this.authorizedClientManager.authorize(reauthorizeRequest))
 				.subscribeOn(Schedulers.boundedElastic());
 	}
 
+	private void addToAttributes(Map<String, Object> attributes, HttpServletRequest servletRequest,
+			HttpServletResponse servletResponse) {
+		if (servletRequest != null) {
+			attributes.put(HTTP_SERVLET_REQUEST_ATTR_NAME, servletRequest);
+		}
+		if (servletResponse != null) {
+			attributes.put(HTTP_SERVLET_RESPONSE_ATTR_NAME, servletResponse);
+		}
+	}
+
 	private ClientRequest bearer(ClientRequest request, OAuth2AuthorizedClient authorizedClient) {
 		return ClientRequest.from(request)
 				.headers((headers) -> headers.setBearerAuth(authorizedClient.getAccessToken().getTokenValue()))
@@ -612,8 +604,8 @@ public final class ServletOAuth2AuthorizedClientExchangeFilterFunction implement
 
 	private static Authentication createAuthentication(final String principalName) {
 		Assert.hasText(principalName, "principalName cannot be empty");
-
 		return new AbstractAuthenticationToken(null) {
+
 			@Override
 			public Object getCredentials() {
 				return "";
@@ -656,7 +648,6 @@ public final class ServletOAuth2AuthorizedClientExchangeFilterFunction implement
 		private AuthorizationFailureForwarder(OAuth2AuthorizationFailureHandler authorizationFailureHandler) {
 			Assert.notNull(authorizationFailureHandler, "authorizationFailureHandler cannot be null");
 			this.authorizationFailureHandler = authorizationFailureHandler;
-
 			Map<Integer, String> httpStatusToOAuth2Error = new HashMap<>();
 			httpStatusToOAuth2Error.put(HttpStatus.UNAUTHORIZED.value(), OAuth2ErrorCodes.INVALID_TOKEN);
 			httpStatusToOAuth2Error.put(HttpStatus.FORBIDDEN.value(), OAuth2ErrorCodes.INSUFFICIENT_SCOPE);
@@ -679,14 +670,11 @@ public final class ServletOAuth2AuthorizedClientExchangeFilterFunction implement
 				if (authorizedClient == null) {
 					return Mono.empty();
 				}
-
 				ClientAuthorizationException authorizationException = new ClientAuthorizationException(oauth2Error,
 						authorizedClient.getClientRegistration().getRegistrationId());
-
 				Authentication principal = createAuthentication(authorizedClient.getPrincipalName());
 				HttpServletRequest servletRequest = getRequest(attrs);
 				HttpServletResponse servletResponse = getResponse(attrs);
-
 				return handleAuthorizationFailure(authorizationException, principal, servletRequest, servletResponse);
 			});
 		}
@@ -740,14 +728,11 @@ public final class ServletOAuth2AuthorizedClientExchangeFilterFunction implement
 				if (authorizedClient == null) {
 					return Mono.empty();
 				}
-
 				ClientAuthorizationException authorizationException = new ClientAuthorizationException(oauth2Error,
 						authorizedClient.getClientRegistration().getRegistrationId(), exception);
-
 				Authentication principal = createAuthentication(authorizedClient.getPrincipalName());
 				HttpServletRequest servletRequest = getRequest(attrs);
 				HttpServletResponse servletResponse = getResponse(attrs);
-
 				return handleAuthorizationFailure(authorizationException, principal, servletRequest, servletResponse);
 			});
 		}
@@ -769,11 +754,9 @@ public final class ServletOAuth2AuthorizedClientExchangeFilterFunction implement
 				if (authorizedClient == null) {
 					return Mono.empty();
 				}
-
 				Authentication principal = createAuthentication(authorizedClient.getPrincipalName());
 				HttpServletRequest servletRequest = getRequest(attrs);
 				HttpServletResponse servletResponse = getResponse(attrs);
-
 				return handleAuthorizationFailure(authorizationException, principal, servletRequest, servletResponse);
 			});
 		}
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/result/method/annotation/OAuth2AuthorizedClientArgumentResolver.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/result/method/annotation/OAuth2AuthorizedClientArgumentResolver.java
index b014eb2dd6..eed58f7918 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/result/method/annotation/OAuth2AuthorizedClientArgumentResolver.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/result/method/annotation/OAuth2AuthorizedClientArgumentResolver.java
@@ -105,28 +105,24 @@ public final class OAuth2AuthorizedClientArgumentResolver implements HandlerMeth
 		return Mono.defer(() -> {
 			RegisteredOAuth2AuthorizedClient authorizedClientAnnotation = AnnotatedElementUtils
 					.findMergedAnnotation(parameter.getParameter(), RegisteredOAuth2AuthorizedClient.class);
-
 			String clientRegistrationId = StringUtils.hasLength(authorizedClientAnnotation.registrationId())
 					? authorizedClientAnnotation.registrationId() : null;
-
 			return authorizeRequest(clientRegistrationId, exchange).flatMap(this.authorizedClientManager::authorize);
 		});
 	}
 
 	private Mono<OAuth2AuthorizeRequest> authorizeRequest(String registrationId, ServerWebExchange exchange) {
 		Mono<Authentication> defaultedAuthentication = currentAuthentication();
-
 		Mono<String> defaultedRegistrationId = Mono.justOrEmpty(registrationId)
 				.switchIfEmpty(clientRegistrationId(defaultedAuthentication))
 				.switchIfEmpty(Mono.error(() -> new IllegalArgumentException(
 						"The clientRegistrationId could not be resolved. Please provide one")));
-
 		Mono<ServerWebExchange> defaultedExchange = Mono.justOrEmpty(exchange)
 				.switchIfEmpty(currentServerWebExchange());
-
 		return Mono.zip(defaultedRegistrationId, defaultedAuthentication, defaultedExchange)
-				.map((t3) -> OAuth2AuthorizeRequest.withClientRegistrationId(t3.getT1()).principal(t3.getT2())
-						.attribute(ServerWebExchange.class.getName(), t3.getT3()).build());
+				.map((zipped) -> OAuth2AuthorizeRequest.withClientRegistrationId(zipped.getT1())
+						.principal(zipped.getT2()).attribute(ServerWebExchange.class.getName(), zipped.getT3())
+						.build());
 	}
 
 	private Mono<Authentication> currentAuthentication() {
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/AuthenticatedPrincipalServerOAuth2AuthorizedClientRepository.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/AuthenticatedPrincipalServerOAuth2AuthorizedClientRepository.java
index 0c6e56a17c..56c180e0f0 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/AuthenticatedPrincipalServerOAuth2AuthorizedClientRepository.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/AuthenticatedPrincipalServerOAuth2AuthorizedClientRepository.java
@@ -83,10 +83,7 @@ public final class AuthenticatedPrincipalServerOAuth2AuthorizedClientRepository
 		if (this.isPrincipalAuthenticated(principal)) {
 			return this.authorizedClientService.loadAuthorizedClient(clientRegistrationId, principal.getName());
 		}
-		else {
-			return this.anonymousAuthorizedClientRepository.loadAuthorizedClient(clientRegistrationId, principal,
-					exchange);
-		}
+		return this.anonymousAuthorizedClientRepository.loadAuthorizedClient(clientRegistrationId, principal, exchange);
 	}
 
 	@Override
@@ -95,9 +92,7 @@ public final class AuthenticatedPrincipalServerOAuth2AuthorizedClientRepository
 		if (this.isPrincipalAuthenticated(principal)) {
 			return this.authorizedClientService.saveAuthorizedClient(authorizedClient, principal);
 		}
-		else {
-			return this.anonymousAuthorizedClientRepository.saveAuthorizedClient(authorizedClient, principal, exchange);
-		}
+		return this.anonymousAuthorizedClientRepository.saveAuthorizedClient(authorizedClient, principal, exchange);
 	}
 
 	@Override
@@ -106,10 +101,8 @@ public final class AuthenticatedPrincipalServerOAuth2AuthorizedClientRepository
 		if (this.isPrincipalAuthenticated(principal)) {
 			return this.authorizedClientService.removeAuthorizedClient(clientRegistrationId, principal.getName());
 		}
-		else {
-			return this.anonymousAuthorizedClientRepository.removeAuthorizedClient(clientRegistrationId, principal,
-					exchange);
-		}
+		return this.anonymousAuthorizedClientRepository.removeAuthorizedClient(clientRegistrationId, principal,
+				exchange);
 	}
 
 	private boolean isPrincipalAuthenticated(Authentication authentication) {
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolver.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolver.java
index af0df46d5c..e5a9e60362 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolver.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolver.java
@@ -153,13 +153,23 @@ public class DefaultServerOAuth2AuthorizationRequestResolver implements ServerOA
 	private OAuth2AuthorizationRequest authorizationRequest(ServerWebExchange exchange,
 			ClientRegistration clientRegistration) {
 		String redirectUriStr = expandRedirectUri(exchange.getRequest(), clientRegistration);
-
 		Map<String, Object> attributes = new HashMap<>();
 		attributes.put(OAuth2ParameterNames.REGISTRATION_ID, clientRegistration.getRegistrationId());
+		OAuth2AuthorizationRequest.Builder builder = getBuilder(clientRegistration, attributes);
+		builder.clientId(clientRegistration.getClientId())
+				.authorizationUri(clientRegistration.getProviderDetails().getAuthorizationUri())
+				.redirectUri(redirectUriStr).scopes(clientRegistration.getScopes())
+				.state(this.stateGenerator.generateKey()).attributes(attributes);
 
-		OAuth2AuthorizationRequest.Builder builder;
+		this.authorizationRequestCustomizer.accept(builder);
+
+		return builder.build();
+	}
+
+	private OAuth2AuthorizationRequest.Builder getBuilder(ClientRegistration clientRegistration,
+			Map<String, Object> attributes) {
 		if (AuthorizationGrantType.AUTHORIZATION_CODE.equals(clientRegistration.getAuthorizationGrantType())) {
-			builder = OAuth2AuthorizationRequest.authorizationCode();
+			OAuth2AuthorizationRequest.Builder builder = OAuth2AuthorizationRequest.authorizationCode();
 			Map<String, Object> additionalParameters = new HashMap<>();
 			if (!CollectionUtils.isEmpty(clientRegistration.getScopes())
 					&& clientRegistration.getScopes().contains(OidcScopes.OPENID)) {
@@ -174,23 +184,14 @@ public class DefaultServerOAuth2AuthorizationRequestResolver implements ServerOA
 				addPkceParameters(attributes, additionalParameters);
 			}
 			builder.additionalParameters(additionalParameters);
+			return builder;
 		}
-		else if (AuthorizationGrantType.IMPLICIT.equals(clientRegistration.getAuthorizationGrantType())) {
-			builder = OAuth2AuthorizationRequest.implicit();
+		if (AuthorizationGrantType.IMPLICIT.equals(clientRegistration.getAuthorizationGrantType())) {
+			return OAuth2AuthorizationRequest.implicit();
 		}
-		else {
-			throw new IllegalArgumentException(
-					"Invalid Authorization Grant Type (" + clientRegistration.getAuthorizationGrantType().getValue()
-							+ ") for Client Registration with Id: " + clientRegistration.getRegistrationId());
-		}
-		builder.clientId(clientRegistration.getClientId())
-				.authorizationUri(clientRegistration.getProviderDetails().getAuthorizationUri())
-				.redirectUri(redirectUriStr).scopes(clientRegistration.getScopes())
-				.state(this.stateGenerator.generateKey()).attributes(attributes);
-
-		this.authorizationRequestCustomizer.accept(builder);
-
-		return builder.build();
+		throw new IllegalArgumentException(
+				"Invalid Authorization Grant Type (" + clientRegistration.getAuthorizationGrantType().getValue()
+						+ ") for Client Registration with Id: " + clientRegistration.getRegistrationId());
 	}
 
 	/**
@@ -213,7 +214,6 @@ public class DefaultServerOAuth2AuthorizationRequestResolver implements ServerOA
 	private static String expandRedirectUri(ServerHttpRequest request, ClientRegistration clientRegistration) {
 		Map<String, String> uriVariables = new HashMap<>();
 		uriVariables.put("registrationId", clientRegistration.getRegistrationId());
-
 		UriComponents uriComponents = UriComponentsBuilder.fromUri(request.getURI())
 				.replacePath(request.getPath().contextPath().value()).replaceQuery(null).fragment(null).build();
 		String scheme = uriComponents.getScheme();
@@ -231,13 +231,11 @@ public class DefaultServerOAuth2AuthorizationRequestResolver implements ServerOA
 		}
 		uriVariables.put("basePath", (path != null) ? path : "");
 		uriVariables.put("baseUrl", uriComponents.toUriString());
-
 		String action = "";
 		if (AuthorizationGrantType.AUTHORIZATION_CODE.equals(clientRegistration.getAuthorizationGrantType())) {
 			action = "login";
 		}
 		uriVariables.put("action", action);
-
 		return UriComponentsBuilder.fromUriString(clientRegistration.getRedirectUri()).buildAndExpand(uriVariables)
 				.toUriString();
 	}
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationCodeGrantWebFilter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationCodeGrantWebFilter.java
index b7e68fbe8a..7406bb76fe 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationCodeGrantWebFilter.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationCodeGrantWebFilter.java
@@ -206,7 +206,7 @@ public class OAuth2AuthorizationCodeGrantWebFilter implements WebFilter {
 				.filter(ServerWebExchangeMatcher.MatchResult::isMatch)
 				.flatMap((matchResult) -> this.authenticationConverter.convert(exchange).onErrorMap(
 						OAuth2AuthorizationException.class,
-						(e) -> new OAuth2AuthenticationException(e.getError(), e.getError().toString())))
+						(ex) -> new OAuth2AuthenticationException(ex.getError(), ex.getError().toString())))
 				.switchIfEmpty(chain.filter(exchange).then(Mono.empty()))
 				.flatMap((token) -> authenticate(exchange, chain, token))
 				.onErrorResume(AuthenticationException.class, (e) -> this.authenticationFailureHandler
@@ -217,7 +217,7 @@ public class OAuth2AuthorizationCodeGrantWebFilter implements WebFilter {
 		WebFilterExchange webFilterExchange = new WebFilterExchange(exchange, chain);
 		return this.authenticationManager.authenticate(token)
 				.onErrorMap(OAuth2AuthorizationException.class,
-						(e) -> new OAuth2AuthenticationException(e.getError(), e.getError().toString()))
+						(ex) -> new OAuth2AuthenticationException(ex.getError(), ex.getError().toString()))
 				.switchIfEmpty(Mono.defer(
 						() -> Mono.error(new IllegalStateException("No provider found for " + token.getClass()))))
 				.flatMap((authentication) -> onAuthenticationSuccess(authentication, webFilterExchange))
@@ -258,7 +258,6 @@ public class OAuth2AuthorizationCodeGrantWebFilter implements WebFilter {
 		// before doing an exact comparison with the authorizationRequest.getRedirectUri()
 		// parameters (if any)
 		requestUriParameters.retainAll(redirectUriParameters);
-
 		if (Objects.equals(requestUri.getScheme(), redirectUri.getScheme())
 				&& Objects.equals(requestUri.getUserInfo(), redirectUri.getUserInfo())
 				&& Objects.equals(requestUri.getHost(), redirectUri.getHost())
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationRequestRedirectWebFilter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationRequestRedirectWebFilter.java
index b1ae82caaf..f9f539d608 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationRequestRedirectWebFilter.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationRequestRedirectWebFilter.java
@@ -130,8 +130,8 @@ public class OAuth2AuthorizationRequestRedirectWebFilter implements WebFilter {
 		return this.authorizationRequestResolver.resolve(exchange)
 				.switchIfEmpty(chain.filter(exchange).then(Mono.empty()))
 				.onErrorResume(ClientAuthorizationRequiredException.class,
-						(e) -> this.requestCache.saveRequest(exchange)
-								.then(this.authorizationRequestResolver.resolve(exchange, e.getClientRegistrationId())))
+						(ex) -> this.requestCache.saveRequest(exchange).then(
+								this.authorizationRequestResolver.resolve(exchange, ex.getClientRegistrationId())))
 				.flatMap((clientRegistration) -> sendRedirectForAuthorization(exchange, clientRegistration));
 	}
 
@@ -143,7 +143,6 @@ public class OAuth2AuthorizationRequestRedirectWebFilter implements WebFilter {
 				saveAuthorizationRequest = this.authorizationRequestRepository
 						.saveAuthorizationRequest(authorizationRequest, exchange);
 			}
-
 			URI redirectUri = UriComponentsBuilder.fromUriString(authorizationRequest.getAuthorizationRequestUri())
 					.build(true).toUri();
 			return saveAuthorizationRequest
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationResponseUtils.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationResponseUtils.java
index 1d35f6b131..1c3d3f9810 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationResponseUtils.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationResponseUtils.java
@@ -66,16 +66,13 @@ final class OAuth2AuthorizationResponseUtils {
 		String code = request.getFirst(OAuth2ParameterNames.CODE);
 		String errorCode = request.getFirst(OAuth2ParameterNames.ERROR);
 		String state = request.getFirst(OAuth2ParameterNames.STATE);
-
 		if (StringUtils.hasText(code)) {
 			return OAuth2AuthorizationResponse.success(code).redirectUri(redirectUri).state(state).build();
 		}
-		else {
-			String errorDescription = request.getFirst(OAuth2ParameterNames.ERROR_DESCRIPTION);
-			String errorUri = request.getFirst(OAuth2ParameterNames.ERROR_URI);
-			return OAuth2AuthorizationResponse.error(errorCode).redirectUri(redirectUri)
-					.errorDescription(errorDescription).errorUri(errorUri).state(state).build();
-		}
+		String errorDescription = request.getFirst(OAuth2ParameterNames.ERROR_DESCRIPTION);
+		String errorUri = request.getFirst(OAuth2ParameterNames.ERROR_URI);
+		return OAuth2AuthorizationResponse.error(errorCode).redirectUri(redirectUri).errorDescription(errorDescription)
+				.errorUri(errorUri).state(state).build();
 	}
 
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/UnAuthenticatedServerOAuth2AuthorizedClientRepository.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/UnAuthenticatedServerOAuth2AuthorizedClientRepository.java
index fe9c8e0c77..1073e32fa7 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/UnAuthenticatedServerOAuth2AuthorizedClientRepository.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/UnAuthenticatedServerOAuth2AuthorizedClientRepository.java
@@ -53,7 +53,6 @@ public class UnAuthenticatedServerOAuth2AuthorizedClientRepository implements Se
 		Assert.notNull(clientRegistrationId, "clientRegistrationId cannot be null");
 		Assert.isNull(serverWebExchange, "serverWebExchange must be null");
 		Assert.isTrue(isUnauthenticated(authentication), "The user " + authentication + " should not be authenticated");
-
 		return Mono.fromSupplier(() -> (T) this.clientRegistrationIdToAuthorizedClient.get(clientRegistrationId));
 	}
 
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/WebSessionOAuth2ServerAuthorizationRequestRepository.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/WebSessionOAuth2ServerAuthorizationRequestRepository.java
index b987ef0b2f..0ed7126a85 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/WebSessionOAuth2ServerAuthorizationRequestRepository.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/WebSessionOAuth2ServerAuthorizationRequestRepository.java
@@ -121,14 +121,11 @@ public final class WebSessionOAuth2ServerAuthorizationRequestRepository
 
 	private Mono<Map<String, OAuth2AuthorizationRequest>> saveStateToAuthorizationRequest(ServerWebExchange exchange) {
 		Assert.notNull(exchange, "exchange cannot be null");
-
 		return getSessionAttributes(exchange).doOnNext((sessionAttrs) -> {
 			Object stateToAuthzRequest = sessionAttrs.get(this.sessionAttributeName);
-
 			if (stateToAuthzRequest == null) {
 				stateToAuthzRequest = new HashMap<String, OAuth2AuthorizationRequest>();
 			}
-
 			// No matter stateToAuthzRequest was in session or not, we should always put
 			// it into session again
 			// in case of redis or hazelcast session. #6215

From a577871bcaf128fdcfac65e0d61e86ac94b59109 Mon Sep 17 00:00:00 2001
From: Phillip Webb <pwebb@vmware.com>
Date: Fri, 31 Jul 2020 21:36:01 -0700
Subject: [PATCH 58/84] Polish spring-security-oauth2-core main code

Manually polish `spring-security-oauth-core` following the
formatting and checkstyle fixes.

Issue gh-8945
---
 .../oauth2/core/AbstractOAuth2Token.java      |  2 -
 .../security/oauth2/core/ClaimAccessor.java   | 24 +++------
 .../DefaultOAuth2AuthenticatedPrincipal.java  |  8 ---
 .../core/DelegatingOAuth2TokenValidator.java  |  6 ---
 .../core/OAuth2TokenValidatorResult.java      |  6 +--
 .../core/converter/ClaimTypeConverter.java    |  2 -
 ...MapOAuth2AccessTokenResponseConverter.java | 54 ++++++++++---------
 .../endpoint/OAuth2AccessTokenResponse.java   |  1 -
 ...OAuth2AccessTokenResponseMapConverter.java | 16 +++---
 .../endpoint/OAuth2AuthorizationRequest.java  |  3 --
 .../endpoint/OAuth2AuthorizationResponse.java |  1 -
 .../http/converter/HttpMessageConverters.java |  4 +-
 ...cessTokenResponseHttpMessageConverter.java | 15 +++---
 .../OAuth2ErrorHttpMessageConverter.java      | 20 +++----
 .../oidc/DefaultAddressStandardClaim.java     |  3 --
 .../oauth2/core/oidc/OidcUserInfo.java        |  2 -
 .../core/oidc/user/OidcUserAuthority.java     |  2 -
 .../oauth2/core/user/DefaultOAuth2User.java   |  2 -
 .../oauth2/core/user/OAuth2UserAuthority.java |  2 -
 ...Auth2AccessTokenResponseBodyExtractor.java | 45 ++++++++--------
 20 files changed, 84 insertions(+), 134 deletions(-)

diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/AbstractOAuth2Token.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/AbstractOAuth2Token.java
index 1d4e1daf0d..036347bd8e 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/AbstractOAuth2Token.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/AbstractOAuth2Token.java
@@ -97,9 +97,7 @@ public abstract class AbstractOAuth2Token implements Serializable {
 		if (obj == null || this.getClass() != obj.getClass()) {
 			return false;
 		}
-
 		AbstractOAuth2Token other = (AbstractOAuth2Token) obj;
-
 		if (!this.getTokenValue().equals(other.getTokenValue())) {
 			return false;
 		}
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/ClaimAccessor.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/ClaimAccessor.java
index 849033bdfa..70998b06e4 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/ClaimAccessor.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/ClaimAccessor.java
@@ -97,10 +97,8 @@ public interface ClaimAccessor {
 		}
 		Object claimValue = getClaims().get(claim);
 		Instant convertedValue = ClaimConversionService.getSharedInstance().convert(claimValue, Instant.class);
-		if (convertedValue == null) {
-			throw new IllegalArgumentException(
-					"Unable to convert claim '" + claim + "' of type '" + claimValue.getClass() + "' to Instant.");
-		}
+		Assert.isTrue(convertedValue != null,
+				() -> "Unable to convert claim '" + claim + "' of type '" + claimValue.getClass() + "' to Instant.");
 		return convertedValue;
 	}
 
@@ -115,10 +113,8 @@ public interface ClaimAccessor {
 		}
 		Object claimValue = getClaims().get(claim);
 		URL convertedValue = ClaimConversionService.getSharedInstance().convert(claimValue, URL.class);
-		if (convertedValue == null) {
-			throw new IllegalArgumentException(
-					"Unable to convert claim '" + claim + "' of type '" + claimValue.getClass() + "' to URL.");
-		}
+		Assert.isTrue(convertedValue != null,
+				() -> "Unable to convert claim '" + claim + "' of type '" + claimValue.getClass() + "' to URL.");
 		return convertedValue;
 	}
 
@@ -140,10 +136,8 @@ public interface ClaimAccessor {
 		Object claimValue = getClaims().get(claim);
 		Map<String, Object> convertedValue = (Map<String, Object>) ClaimConversionService.getSharedInstance()
 				.convert(claimValue, sourceDescriptor, targetDescriptor);
-		if (convertedValue == null) {
-			throw new IllegalArgumentException(
-					"Unable to convert claim '" + claim + "' of type '" + claimValue.getClass() + "' to Map.");
-		}
+		Assert.isTrue(convertedValue != null,
+				() -> "Unable to convert claim '" + claim + "' of type '" + claimValue.getClass() + "' to Map.");
 		return convertedValue;
 	}
 
@@ -165,10 +159,8 @@ public interface ClaimAccessor {
 		Object claimValue = getClaims().get(claim);
 		List<String> convertedValue = (List<String>) ClaimConversionService.getSharedInstance().convert(claimValue,
 				sourceDescriptor, targetDescriptor);
-		if (convertedValue == null) {
-			throw new IllegalArgumentException(
-					"Unable to convert claim '" + claim + "' of type '" + claimValue.getClass() + "' to List.");
-		}
+		Assert.isTrue(convertedValue != null,
+				() -> "Unable to convert claim '" + claim + "' of type '" + claimValue.getClass() + "' to List.");
 		return convertedValue;
 	}
 
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/DefaultOAuth2AuthenticatedPrincipal.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/DefaultOAuth2AuthenticatedPrincipal.java
index e537ad953d..aaacad14a6 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/DefaultOAuth2AuthenticatedPrincipal.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/DefaultOAuth2AuthenticatedPrincipal.java
@@ -48,7 +48,6 @@ public final class DefaultOAuth2AuthenticatedPrincipal implements OAuth2Authenti
 	 */
 	public DefaultOAuth2AuthenticatedPrincipal(Map<String, Object> attributes,
 			Collection<GrantedAuthority> authorities) {
-
 		this(null, attributes, authorities);
 	}
 
@@ -61,7 +60,6 @@ public final class DefaultOAuth2AuthenticatedPrincipal implements OAuth2Authenti
 	 */
 	public DefaultOAuth2AuthenticatedPrincipal(String name, Map<String, Object> attributes,
 			Collection<GrantedAuthority> authorities) {
-
 		Assert.notEmpty(attributes, "attributes cannot be empty");
 		this.attributes = Collections.unmodifiableMap(attributes);
 		this.authorities = (authorities != null) ? Collections.unmodifiableCollection(authorities)
@@ -78,17 +76,11 @@ public final class DefaultOAuth2AuthenticatedPrincipal implements OAuth2Authenti
 		return this.attributes;
 	}
 
-	/**
-	 * {@inheritDoc}
-	 */
 	@Override
 	public Collection<? extends GrantedAuthority> getAuthorities() {
 		return this.authorities;
 	}
 
-	/**
-	 * {@inheritDoc}
-	 */
 	@Override
 	public String getName() {
 		return this.name;
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/DelegatingOAuth2TokenValidator.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/DelegatingOAuth2TokenValidator.java
index 3a37ec669f..e16cf7fef3 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/DelegatingOAuth2TokenValidator.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/DelegatingOAuth2TokenValidator.java
@@ -40,7 +40,6 @@ public final class DelegatingOAuth2TokenValidator<T extends AbstractOAuth2Token>
 	 */
 	public DelegatingOAuth2TokenValidator(Collection<OAuth2TokenValidator<T>> tokenValidators) {
 		Assert.notNull(tokenValidators, "tokenValidators cannot be null");
-
 		this.tokenValidators = new ArrayList<>(tokenValidators);
 	}
 
@@ -53,17 +52,12 @@ public final class DelegatingOAuth2TokenValidator<T extends AbstractOAuth2Token>
 		this(Arrays.asList(tokenValidators));
 	}
 
-	/**
-	 * {@inheritDoc}
-	 */
 	@Override
 	public OAuth2TokenValidatorResult validate(T token) {
 		Collection<OAuth2Error> errors = new ArrayList<>();
-
 		for (OAuth2TokenValidator<T> validator : this.tokenValidators) {
 			errors.addAll(validator.validate(token).getErrors());
 		}
-
 		return OAuth2TokenValidatorResult.failure(errors);
 	}
 
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2TokenValidatorResult.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2TokenValidatorResult.java
index 4a7b4bc1cc..a8baab9c4f 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2TokenValidatorResult.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2TokenValidatorResult.java
@@ -80,11 +80,7 @@ public final class OAuth2TokenValidatorResult {
 	 * @return an {@link OAuth2TokenValidatorResult} with the errors specified
 	 */
 	public static OAuth2TokenValidatorResult failure(Collection<OAuth2Error> errors) {
-		if (errors.isEmpty()) {
-			return NO_ERRORS;
-		}
-
-		return new OAuth2TokenValidatorResult(errors);
+		return (errors.isEmpty()) ? NO_ERRORS : new OAuth2TokenValidatorResult(errors);
 	}
 
 }
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ClaimTypeConverter.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ClaimTypeConverter.java
index 9f03f1f1f2..1eb661f2a4 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ClaimTypeConverter.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ClaimTypeConverter.java
@@ -52,7 +52,6 @@ public final class ClaimTypeConverter implements Converter<Map<String, Object>,
 		if (CollectionUtils.isEmpty(claims)) {
 			return claims;
 		}
-
 		Map<String, Object> result = new HashMap<>(claims);
 		this.claimTypeConverters.forEach((claimName, typeConverter) -> {
 			if (claims.containsKey(claimName)) {
@@ -63,7 +62,6 @@ public final class ClaimTypeConverter implements Converter<Map<String, Object>,
 				}
 			}
 		});
-
 		return result;
 	}
 
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/MapOAuth2AccessTokenResponseConverter.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/MapOAuth2AccessTokenResponseConverter.java
index ebfcc40d80..fefa9eb7c3 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/MapOAuth2AccessTokenResponseConverter.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/MapOAuth2AccessTokenResponseConverter.java
@@ -45,39 +45,45 @@ public final class MapOAuth2AccessTokenResponseConverter
 	@Override
 	public OAuth2AccessTokenResponse convert(Map<String, String> tokenResponseParameters) {
 		String accessToken = tokenResponseParameters.get(OAuth2ParameterNames.ACCESS_TOKEN);
-
-		OAuth2AccessToken.TokenType accessTokenType = null;
-		if (OAuth2AccessToken.TokenType.BEARER.getValue()
-				.equalsIgnoreCase(tokenResponseParameters.get(OAuth2ParameterNames.TOKEN_TYPE))) {
-			accessTokenType = OAuth2AccessToken.TokenType.BEARER;
-		}
-
-		long expiresIn = 0;
-		if (tokenResponseParameters.containsKey(OAuth2ParameterNames.EXPIRES_IN)) {
-			try {
-				expiresIn = Long.parseLong(tokenResponseParameters.get(OAuth2ParameterNames.EXPIRES_IN));
-			}
-			catch (NumberFormatException ex) {
-			}
-		}
-
-		Set<String> scopes = Collections.emptySet();
-		if (tokenResponseParameters.containsKey(OAuth2ParameterNames.SCOPE)) {
-			String scope = tokenResponseParameters.get(OAuth2ParameterNames.SCOPE);
-			scopes = new HashSet<>(Arrays.asList(StringUtils.delimitedListToStringArray(scope, " ")));
-		}
-
+		OAuth2AccessToken.TokenType accessTokenType = getAccessTokenType(tokenResponseParameters);
+		long expiresIn = getExpiresIn(tokenResponseParameters);
+		Set<String> scopes = getScopes(tokenResponseParameters);
 		String refreshToken = tokenResponseParameters.get(OAuth2ParameterNames.REFRESH_TOKEN);
-
 		Map<String, Object> additionalParameters = new LinkedHashMap<>();
 		for (Map.Entry<String, String> entry : tokenResponseParameters.entrySet()) {
 			if (!TOKEN_RESPONSE_PARAMETER_NAMES.contains(entry.getKey())) {
 				additionalParameters.put(entry.getKey(), entry.getValue());
 			}
 		}
-
 		return OAuth2AccessTokenResponse.withToken(accessToken).tokenType(accessTokenType).expiresIn(expiresIn)
 				.scopes(scopes).refreshToken(refreshToken).additionalParameters(additionalParameters).build();
 	}
 
+	private OAuth2AccessToken.TokenType getAccessTokenType(Map<String, String> tokenResponseParameters) {
+		if (OAuth2AccessToken.TokenType.BEARER.getValue()
+				.equalsIgnoreCase(tokenResponseParameters.get(OAuth2ParameterNames.TOKEN_TYPE))) {
+			return OAuth2AccessToken.TokenType.BEARER;
+		}
+		return null;
+	}
+
+	private long getExpiresIn(Map<String, String> tokenResponseParameters) {
+		if (tokenResponseParameters.containsKey(OAuth2ParameterNames.EXPIRES_IN)) {
+			try {
+				return Long.parseLong(tokenResponseParameters.get(OAuth2ParameterNames.EXPIRES_IN));
+			}
+			catch (NumberFormatException ex) {
+			}
+		}
+		return 0;
+	}
+
+	private Set<String> getScopes(Map<String, String> tokenResponseParameters) {
+		if (tokenResponseParameters.containsKey(OAuth2ParameterNames.SCOPE)) {
+			String scope = tokenResponseParameters.get(OAuth2ParameterNames.SCOPE);
+			return new HashSet<>(Arrays.asList(StringUtils.delimitedListToStringArray(scope, " ")));
+		}
+		return Collections.emptySet();
+	}
+
 }
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponse.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponse.java
index 6d5197350a..c09f36e909 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponse.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponse.java
@@ -187,7 +187,6 @@ public final class OAuth2AccessTokenResponse {
 		public OAuth2AccessTokenResponse build() {
 			Instant issuedAt = getIssuedAt();
 			Instant expiresAt = getExpiresAt();
-
 			OAuth2AccessTokenResponse accessTokenResponse = new OAuth2AccessTokenResponse();
 			accessTokenResponse.accessToken = new OAuth2AccessToken(this.tokenType, this.tokenValue, issuedAt,
 					expiresAt, this.scopes);
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseMapConverter.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseMapConverter.java
index 03a55c808f..443f03ccee 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseMapConverter.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseMapConverter.java
@@ -39,15 +39,9 @@ public final class OAuth2AccessTokenResponseMapConverter
 	@Override
 	public Map<String, String> convert(OAuth2AccessTokenResponse tokenResponse) {
 		Map<String, String> parameters = new HashMap<>();
-
-		long expiresIn = -1;
-		if (tokenResponse.getAccessToken().getExpiresAt() != null) {
-			expiresIn = ChronoUnit.SECONDS.between(Instant.now(), tokenResponse.getAccessToken().getExpiresAt());
-		}
-
 		parameters.put(OAuth2ParameterNames.ACCESS_TOKEN, tokenResponse.getAccessToken().getTokenValue());
 		parameters.put(OAuth2ParameterNames.TOKEN_TYPE, tokenResponse.getAccessToken().getTokenType().getValue());
-		parameters.put(OAuth2ParameterNames.EXPIRES_IN, String.valueOf(expiresIn));
+		parameters.put(OAuth2ParameterNames.EXPIRES_IN, String.valueOf(getExpiresIn(tokenResponse)));
 		if (!CollectionUtils.isEmpty(tokenResponse.getAccessToken().getScopes())) {
 			parameters.put(OAuth2ParameterNames.SCOPE,
 					StringUtils.collectionToDelimitedString(tokenResponse.getAccessToken().getScopes(), " "));
@@ -60,8 +54,14 @@ public final class OAuth2AccessTokenResponseMapConverter
 				parameters.put(entry.getKey(), entry.getValue().toString());
 			}
 		}
-
 		return parameters;
 	}
 
+	private long getExpiresIn(OAuth2AccessTokenResponse tokenResponse) {
+		if (tokenResponse.getAccessToken().getExpiresAt() != null) {
+			return ChronoUnit.SECONDS.between(Instant.now(), tokenResponse.getAccessToken().getExpiresAt());
+		}
+		return -1;
+	}
+
 }
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequest.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequest.java
index b86c189a65..ec04c68a55 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequest.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequest.java
@@ -215,7 +215,6 @@ public final class OAuth2AuthorizationRequest implements Serializable {
 	 */
 	public static Builder from(OAuth2AuthorizationRequest authorizationRequest) {
 		Assert.notNull(authorizationRequest, "authorizationRequest cannot be null");
-
 		return new Builder(authorizationRequest.getGrantType())
 				.authorizationUri(authorizationRequest.getAuthorizationUri())
 				.clientId(authorizationRequest.getClientId()).redirectUri(authorizationRequest.getRedirectUri())
@@ -440,7 +439,6 @@ public final class OAuth2AuthorizationRequest implements Serializable {
 			if (AuthorizationGrantType.IMPLICIT.equals(this.authorizationGrantType)) {
 				Assert.hasText(this.redirectUri, "redirectUri cannot be empty");
 			}
-
 			OAuth2AuthorizationRequest authorizationRequest = new OAuth2AuthorizationRequest();
 			authorizationRequest.authorizationUri = this.authorizationUri;
 			authorizationRequest.authorizationGrantType = this.authorizationGrantType;
@@ -454,7 +452,6 @@ public final class OAuth2AuthorizationRequest implements Serializable {
 			authorizationRequest.attributes = Collections.unmodifiableMap(this.attributes);
 			authorizationRequest.authorizationRequestUri = StringUtils.hasText(this.authorizationRequestUri)
 					? this.authorizationRequestUri : this.buildAuthorizationRequestUri();
-
 			return authorizationRequest;
 		}
 
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationResponse.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationResponse.java
index 6a09409aec..d0142d046d 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationResponse.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationResponse.java
@@ -205,7 +205,6 @@ public final class OAuth2AuthorizationResponse {
 				throw new IllegalArgumentException("code and errorCode cannot both be set");
 			}
 			Assert.hasText(this.redirectUri, "redirectUri cannot be empty");
-
 			OAuth2AuthorizationResponse authorizationResponse = new OAuth2AuthorizationResponse();
 			authorizationResponse.redirectUri = this.redirectUri;
 			authorizationResponse.state = this.state;
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/http/converter/HttpMessageConverters.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/http/converter/HttpMessageConverters.java
index e80d147d1a..b95d1e8a63 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/http/converter/HttpMessageConverters.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/http/converter/HttpMessageConverters.java
@@ -52,10 +52,10 @@ final class HttpMessageConverters {
 		if (jackson2Present) {
 			return new MappingJackson2HttpMessageConverter();
 		}
-		else if (gsonPresent) {
+		if (gsonPresent) {
 			return new GsonHttpMessageConverter();
 		}
-		else if (jsonbPresent) {
+		if (jsonbPresent) {
 			return new JsonbHttpMessageConverter();
 		}
 		return null;
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/http/converter/OAuth2AccessTokenResponseHttpMessageConverter.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/http/converter/OAuth2AccessTokenResponseHttpMessageConverter.java
index f714634822..5203ce484c 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/http/converter/OAuth2AccessTokenResponseHttpMessageConverter.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/http/converter/OAuth2AccessTokenResponseHttpMessageConverter.java
@@ -50,7 +50,7 @@ public class OAuth2AccessTokenResponseHttpMessageConverter
 
 	private static final Charset DEFAULT_CHARSET = StandardCharsets.UTF_8;
 
-	private static final ParameterizedTypeReference<Map<String, Object>> PARAMETERIZED_RESPONSE_TYPE = new ParameterizedTypeReference<Map<String, Object>>() {
+	private static final ParameterizedTypeReference<Map<String, Object>> STRING_OBJECT_MAP = new ParameterizedTypeReference<Map<String, Object>>() {
 	};
 
 	private GenericHttpMessageConverter<Object> jsonMessageConverter = HttpMessageConverters.getJsonMessageConverter();
@@ -69,16 +69,14 @@ public class OAuth2AccessTokenResponseHttpMessageConverter
 	}
 
 	@Override
+	@SuppressWarnings("unchecked")
 	protected OAuth2AccessTokenResponse readInternal(Class<? extends OAuth2AccessTokenResponse> clazz,
 			HttpInputMessage inputMessage) throws HttpMessageNotReadableException {
-
 		try {
-			// gh-6463
-			// Parse parameter values as Object in order to handle potential JSON Object
-			// and then convert values to String
-			@SuppressWarnings("unchecked")
+			// gh-6463: Parse parameter values as Object in order to handle potential JSON
+			// Object and then convert values to String
 			Map<String, Object> tokenResponseParameters = (Map<String, Object>) this.jsonMessageConverter
-					.read(PARAMETERIZED_RESPONSE_TYPE.getType(), null, inputMessage);
+					.read(STRING_OBJECT_MAP.getType(), null, inputMessage);
 			return this.tokenResponseConverter.convert(tokenResponseParameters.entrySet().stream()
 					.collect(Collectors.toMap(Map.Entry::getKey, (entry) -> String.valueOf(entry.getValue()))));
 		}
@@ -92,10 +90,9 @@ public class OAuth2AccessTokenResponseHttpMessageConverter
 	@Override
 	protected void writeInternal(OAuth2AccessTokenResponse tokenResponse, HttpOutputMessage outputMessage)
 			throws HttpMessageNotWritableException {
-
 		try {
 			Map<String, String> tokenResponseParameters = this.tokenResponseParametersConverter.convert(tokenResponse);
-			this.jsonMessageConverter.write(tokenResponseParameters, PARAMETERIZED_RESPONSE_TYPE.getType(),
+			this.jsonMessageConverter.write(tokenResponseParameters, STRING_OBJECT_MAP.getType(),
 					MediaType.APPLICATION_JSON, outputMessage);
 		}
 		catch (Exception ex) {
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/http/converter/OAuth2ErrorHttpMessageConverter.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/http/converter/OAuth2ErrorHttpMessageConverter.java
index 9ed1069af5..aa82f778f9 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/http/converter/OAuth2ErrorHttpMessageConverter.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/http/converter/OAuth2ErrorHttpMessageConverter.java
@@ -49,7 +49,7 @@ public class OAuth2ErrorHttpMessageConverter extends AbstractHttpMessageConverte
 
 	private static final Charset DEFAULT_CHARSET = StandardCharsets.UTF_8;
 
-	private static final ParameterizedTypeReference<Map<String, Object>> PARAMETERIZED_RESPONSE_TYPE = new ParameterizedTypeReference<Map<String, Object>>() {
+	private static final ParameterizedTypeReference<Map<String, Object>> STRING_OBJECT_MAP = new ParameterizedTypeReference<Map<String, Object>>() {
 	};
 
 	private GenericHttpMessageConverter<Object> jsonMessageConverter = HttpMessageConverters.getJsonMessageConverter();
@@ -68,16 +68,14 @@ public class OAuth2ErrorHttpMessageConverter extends AbstractHttpMessageConverte
 	}
 
 	@Override
+	@SuppressWarnings("unchecked")
 	protected OAuth2Error readInternal(Class<? extends OAuth2Error> clazz, HttpInputMessage inputMessage)
 			throws HttpMessageNotReadableException {
-
 		try {
-			// gh-8157
-			// Parse parameter values as Object in order to handle potential JSON Object
-			// and then convert values to String
-			@SuppressWarnings("unchecked")
+			// gh-8157: Parse parameter values as Object in order to handle potential JSON
+			// Object and then convert values to String
 			Map<String, Object> errorParameters = (Map<String, Object>) this.jsonMessageConverter
-					.read(PARAMETERIZED_RESPONSE_TYPE.getType(), null, inputMessage);
+					.read(STRING_OBJECT_MAP.getType(), null, inputMessage);
 			return this.errorConverter.convert(errorParameters.entrySet().stream()
 					.collect(Collectors.toMap(Map.Entry::getKey, (entry) -> String.valueOf(entry.getValue()))));
 		}
@@ -90,11 +88,10 @@ public class OAuth2ErrorHttpMessageConverter extends AbstractHttpMessageConverte
 	@Override
 	protected void writeInternal(OAuth2Error oauth2Error, HttpOutputMessage outputMessage)
 			throws HttpMessageNotWritableException {
-
 		try {
 			Map<String, String> errorParameters = this.errorParametersConverter.convert(oauth2Error);
-			this.jsonMessageConverter.write(errorParameters, PARAMETERIZED_RESPONSE_TYPE.getType(),
-					MediaType.APPLICATION_JSON, outputMessage);
+			this.jsonMessageConverter.write(errorParameters, STRING_OBJECT_MAP.getType(), MediaType.APPLICATION_JSON,
+					outputMessage);
 		}
 		catch (Exception ex) {
 			throw new HttpMessageNotWritableException(
@@ -136,7 +133,6 @@ public class OAuth2ErrorHttpMessageConverter extends AbstractHttpMessageConverte
 			String errorCode = parameters.get(OAuth2ParameterNames.ERROR);
 			String errorDescription = parameters.get(OAuth2ParameterNames.ERROR_DESCRIPTION);
 			String errorUri = parameters.get(OAuth2ParameterNames.ERROR_URI);
-
 			return new OAuth2Error(errorCode, errorDescription, errorUri);
 		}
 
@@ -151,7 +147,6 @@ public class OAuth2ErrorHttpMessageConverter extends AbstractHttpMessageConverte
 		@Override
 		public Map<String, String> convert(OAuth2Error oauth2Error) {
 			Map<String, String> parameters = new HashMap<>();
-
 			parameters.put(OAuth2ParameterNames.ERROR, oauth2Error.getErrorCode());
 			if (StringUtils.hasText(oauth2Error.getDescription())) {
 				parameters.put(OAuth2ParameterNames.ERROR_DESCRIPTION, oauth2Error.getDescription());
@@ -159,7 +154,6 @@ public class OAuth2ErrorHttpMessageConverter extends AbstractHttpMessageConverte
 			if (StringUtils.hasText(oauth2Error.getUri())) {
 				parameters.put(OAuth2ParameterNames.ERROR_URI, oauth2Error.getUri());
 			}
-
 			return parameters;
 		}
 
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/DefaultAddressStandardClaim.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/DefaultAddressStandardClaim.java
index e5ffcdc544..5d6a59cf97 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/DefaultAddressStandardClaim.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/DefaultAddressStandardClaim.java
@@ -80,9 +80,7 @@ public final class DefaultAddressStandardClaim implements AddressStandardClaim {
 		if (obj == null || !AddressStandardClaim.class.isAssignableFrom(obj.getClass())) {
 			return false;
 		}
-
 		AddressStandardClaim other = (AddressStandardClaim) obj;
-
 		if ((this.getFormatted() != null) ? !this.getFormatted().equals(other.getFormatted())
 				: other.getFormatted() != null) {
 			return false;
@@ -238,7 +236,6 @@ public final class DefaultAddressStandardClaim implements AddressStandardClaim {
 			address.region = this.region;
 			address.postalCode = this.postalCode;
 			address.country = this.country;
-
 			return address;
 		}
 
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/OidcUserInfo.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/OidcUserInfo.java
index e0086500e1..812a03ddd7 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/OidcUserInfo.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/OidcUserInfo.java
@@ -74,9 +74,7 @@ public class OidcUserInfo implements StandardClaimAccessor, Serializable {
 		if (obj == null || this.getClass() != obj.getClass()) {
 			return false;
 		}
-
 		OidcUserInfo that = (OidcUserInfo) obj;
-
 		return this.getClaims().equals(that.getClaims());
 	}
 
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/OidcUserAuthority.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/OidcUserAuthority.java
index fb57773904..73bcdf624d 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/OidcUserAuthority.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/OidcUserAuthority.java
@@ -98,9 +98,7 @@ public class OidcUserAuthority extends OAuth2UserAuthority {
 		if (!super.equals(obj)) {
 			return false;
 		}
-
 		OidcUserAuthority that = (OidcUserAuthority) obj;
-
 		if (!this.getIdToken().equals(that.getIdToken())) {
 			return false;
 		}
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/user/DefaultOAuth2User.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/user/DefaultOAuth2User.java
index 2d621c1ae6..31fb080f50 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/user/DefaultOAuth2User.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/user/DefaultOAuth2User.java
@@ -106,9 +106,7 @@ public class DefaultOAuth2User implements OAuth2User, Serializable {
 		if (obj == null || this.getClass() != obj.getClass()) {
 			return false;
 		}
-
 		DefaultOAuth2User that = (DefaultOAuth2User) obj;
-
 		if (!this.getName().equals(that.getName())) {
 			return false;
 		}
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/user/OAuth2UserAuthority.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/user/OAuth2UserAuthority.java
index 7f6ebbd0f6..ead74cbaff 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/user/OAuth2UserAuthority.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/user/OAuth2UserAuthority.java
@@ -81,9 +81,7 @@ public class OAuth2UserAuthority implements GrantedAuthority {
 		if (obj == null || this.getClass() != obj.getClass()) {
 			return false;
 		}
-
 		OAuth2UserAuthority that = (OAuth2UserAuthority) obj;
-
 		if (!this.getAuthority().equals(that.getAuthority())) {
 			return false;
 		}
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/web/reactive/function/OAuth2AccessTokenResponseBodyExtractor.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/web/reactive/function/OAuth2AccessTokenResponseBodyExtractor.java
index 1cb8553fc7..5154cb07a8 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/web/reactive/function/OAuth2AccessTokenResponseBodyExtractor.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/web/reactive/function/OAuth2AccessTokenResponseBodyExtractor.java
@@ -53,18 +53,20 @@ class OAuth2AccessTokenResponseBodyExtractor
 
 	private static final String INVALID_TOKEN_RESPONSE_ERROR_CODE = "invalid_token_response";
 
+	private static final ParameterizedTypeReference<Map<String, Object>> STRING_OBJECT_MAP = new ParameterizedTypeReference<Map<String, Object>>() {
+	};
+
 	OAuth2AccessTokenResponseBodyExtractor() {
 	}
 
 	@Override
 	public Mono<OAuth2AccessTokenResponse> extract(ReactiveHttpInputMessage inputMessage, Context context) {
-		ParameterizedTypeReference<Map<String, Object>> type = new ParameterizedTypeReference<Map<String, Object>>() {
-		};
-		BodyExtractor<Mono<Map<String, Object>>, ReactiveHttpInputMessage> delegate = BodyExtractors.toMono(type);
+		BodyExtractor<Mono<Map<String, Object>>, ReactiveHttpInputMessage> delegate = BodyExtractors
+				.toMono(STRING_OBJECT_MAP);
 		return delegate.extract(inputMessage, context)
-				.onErrorMap((e) -> new OAuth2AuthorizationException(
-						invalidTokenResponse("An error occurred parsing the Access Token response: " + e.getMessage()),
-						e))
+				.onErrorMap((ex) -> new OAuth2AuthorizationException(
+						invalidTokenResponse("An error occurred parsing the Access Token response: " + ex.getMessage()),
+						ex))
 				.switchIfEmpty(Mono.error(() -> new OAuth2AuthorizationException(
 						invalidTokenResponse("Empty OAuth 2.0 Access Token Response"))))
 				.map(OAuth2AccessTokenResponseBodyExtractor::parse)
@@ -76,10 +78,10 @@ class OAuth2AccessTokenResponseBodyExtractor
 		try {
 			return TokenResponse.parse(new JSONObject(json));
 		}
-		catch (ParseException pe) {
+		catch (ParseException ex) {
 			OAuth2Error oauth2Error = invalidTokenResponse(
-					"An error occurred parsing the Access Token response: " + pe.getMessage());
-			throw new OAuth2AuthorizationException(oauth2Error, pe);
+					"An error occurred parsing the Access Token response: " + ex.getMessage());
+			throw new OAuth2AuthorizationException(oauth2Error, ex);
 		}
 	}
 
@@ -93,19 +95,20 @@ class OAuth2AccessTokenResponseBodyExtractor
 		}
 		TokenErrorResponse tokenErrorResponse = (TokenErrorResponse) tokenResponse;
 		ErrorObject errorObject = tokenErrorResponse.getErrorObject();
-		OAuth2Error oauth2Error;
-		if (errorObject == null) {
-			oauth2Error = new OAuth2Error(OAuth2ErrorCodes.SERVER_ERROR);
-		}
-		else {
-			oauth2Error = new OAuth2Error(
-					(errorObject.getCode() != null) ? errorObject.getCode() : OAuth2ErrorCodes.SERVER_ERROR,
-					errorObject.getDescription(),
-					(errorObject.getURI() != null) ? errorObject.getURI().toString() : null);
-		}
+		OAuth2Error oauth2Error = getOAuth2Error(errorObject);
 		return Mono.error(new OAuth2AuthorizationException(oauth2Error));
 	}
 
+	private static OAuth2Error getOAuth2Error(ErrorObject errorObject) {
+		if (errorObject == null) {
+			return new OAuth2Error(OAuth2ErrorCodes.SERVER_ERROR);
+		}
+		String code = (errorObject.getCode() != null) ? errorObject.getCode() : OAuth2ErrorCodes.SERVER_ERROR;
+		String description = errorObject.getDescription();
+		String uri = (errorObject.getURI() != null) ? errorObject.getURI().toString() : null;
+		return new OAuth2Error(code, description, uri);
+	}
+
 	private static OAuth2AccessTokenResponse oauth2AccessTokenResponse(AccessTokenResponse accessTokenResponse) {
 		AccessToken accessToken = accessTokenResponse.getTokens().getAccessToken();
 		OAuth2AccessToken.TokenType accessTokenType = null;
@@ -113,17 +116,13 @@ class OAuth2AccessTokenResponseBodyExtractor
 			accessTokenType = OAuth2AccessToken.TokenType.BEARER;
 		}
 		long expiresIn = accessToken.getLifetime();
-
 		Set<String> scopes = (accessToken.getScope() != null)
 				? new LinkedHashSet<>(accessToken.getScope().toStringList()) : Collections.emptySet();
-
 		String refreshToken = null;
 		if (accessTokenResponse.getTokens().getRefreshToken() != null) {
 			refreshToken = accessTokenResponse.getTokens().getRefreshToken().getValue();
 		}
-
 		Map<String, Object> additionalParameters = new LinkedHashMap<>(accessTokenResponse.getCustomParameters());
-
 		return OAuth2AccessTokenResponse.withToken(accessToken.getValue()).tokenType(accessTokenType)
 				.expiresIn(expiresIn).scopes(scopes).refreshToken(refreshToken)
 				.additionalParameters(additionalParameters).build();

From 20aa8bef2577fe3ad3dcdb7103be9e2edff8b20e Mon Sep 17 00:00:00 2001
From: Phillip Webb <pwebb@vmware.com>
Date: Fri, 31 Jul 2020 22:16:50 -0700
Subject: [PATCH 59/84] Polish spring-security-oauth2-jose main code

Manually polish `spring-security-oauth-jose` following the
formatting and checkstyle fixes.

Issue gh-8945
---
 .../oauth2/jose/jws/MacAlgorithm.java         | 18 ++--
 .../oauth2/jose/jws/SignatureAlgorithm.java   | 18 ++--
 .../oauth2/jwt/JwtClaimValidator.java         |  9 +-
 .../JwtDecoderProviderConfigurationUtils.java | 25 +++---
 .../security/oauth2/jwt/JwtDecoders.java      |  7 +-
 .../oauth2/jwt/JwtIssuerValidator.java        |  3 -
 .../oauth2/jwt/JwtTimestampValidator.java     | 11 +--
 .../oauth2/jwt/JwtValidationException.java    |  1 -
 .../security/oauth2/jwt/JwtValidators.java    |  6 +-
 .../jwt/MappedJwtClaimSetConverter.java       | 14 +---
 .../security/oauth2/jwt/NimbusJwtDecoder.java | 83 +++++++------------
 .../jwt/NimbusJwtDecoderJwkSupport.java       |  1 -
 .../oauth2/jwt/NimbusReactiveJwtDecoder.java  | 59 +++++--------
 .../oauth2/jwt/ReactiveJwtDecoders.java       |  7 +-
 .../oauth2/jwt/ReactiveRemoteJWKSource.java   |  9 --
 15 files changed, 96 insertions(+), 175 deletions(-)

diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jose/jws/MacAlgorithm.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jose/jws/MacAlgorithm.java
index ad75edfa5c..110d21896f 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jose/jws/MacAlgorithm.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jose/jws/MacAlgorithm.java
@@ -55,6 +55,15 @@ public enum MacAlgorithm implements JwsAlgorithm {
 		this.name = name;
 	}
 
+	/**
+	 * Returns the algorithm name.
+	 * @return the algorithm name
+	 */
+	@Override
+	public String getName() {
+		return this.name;
+	}
+
 	/**
 	 * Attempt to resolve the provided algorithm name to a {@code MacAlgorithm}.
 	 * @param name the algorithm name
@@ -69,13 +78,4 @@ public enum MacAlgorithm implements JwsAlgorithm {
 		return null;
 	}
 
-	/**
-	 * Returns the algorithm name.
-	 * @return the algorithm name
-	 */
-	@Override
-	public String getName() {
-		return this.name;
-	}
-
 }
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jose/jws/SignatureAlgorithm.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jose/jws/SignatureAlgorithm.java
index 1e6e85c7f7..f27ea53f16 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jose/jws/SignatureAlgorithm.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jose/jws/SignatureAlgorithm.java
@@ -85,6 +85,15 @@ public enum SignatureAlgorithm implements JwsAlgorithm {
 		this.name = name;
 	}
 
+	/**
+	 * Returns the algorithm name.
+	 * @return the algorithm name
+	 */
+	@Override
+	public String getName() {
+		return this.name;
+	}
+
 	/**
 	 * Attempt to resolve the provided algorithm name to a {@code SignatureAlgorithm}.
 	 * @param name the algorithm name
@@ -99,13 +108,4 @@ public enum SignatureAlgorithm implements JwsAlgorithm {
 		return null;
 	}
 
-	/**
-	 * Returns the algorithm name.
-	 * @return the algorithm name
-	 */
-	@Override
-	public String getName() {
-		return this.name;
-	}
-
 }
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtClaimValidator.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtClaimValidator.java
index 0e39cf0abd..73c13c7dc2 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtClaimValidator.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtClaimValidator.java
@@ -58,9 +58,6 @@ public final class JwtClaimValidator<T> implements OAuth2TokenValidator<Jwt> {
 				"https://tools.ietf.org/html/rfc6750#section-3.1");
 	}
 
-	/**
-	 * {@inheritDoc}
-	 */
 	@Override
 	public OAuth2TokenValidatorResult validate(Jwt token) {
 		Assert.notNull(token, "token cannot be null");
@@ -68,10 +65,8 @@ public final class JwtClaimValidator<T> implements OAuth2TokenValidator<Jwt> {
 		if (this.test.test(claimValue)) {
 			return OAuth2TokenValidatorResult.success();
 		}
-		else {
-			this.logger.debug(this.error.getDescription());
-			return OAuth2TokenValidatorResult.failure(this.error);
-		}
+		this.logger.debug(this.error.getDescription());
+		return OAuth2TokenValidatorResult.failure(this.error);
 	}
 
 }
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtDecoderProviderConfigurationUtils.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtDecoderProviderConfigurationUtils.java
index e895ad2950..3aba32e867 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtDecoderProviderConfigurationUtils.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtDecoderProviderConfigurationUtils.java
@@ -23,6 +23,7 @@ import java.util.Map;
 import org.springframework.core.ParameterizedTypeReference;
 import org.springframework.http.RequestEntity;
 import org.springframework.http.ResponseEntity;
+import org.springframework.util.Assert;
 import org.springframework.web.client.HttpClientErrorException;
 import org.springframework.web.client.RestTemplate;
 import org.springframework.web.util.UriComponentsBuilder;
@@ -46,7 +47,7 @@ final class JwtDecoderProviderConfigurationUtils {
 
 	private static final RestTemplate rest = new RestTemplate();
 
-	private static final ParameterizedTypeReference<Map<String, Object>> typeReference = new ParameterizedTypeReference<Map<String, Object>>() {
+	private static final ParameterizedTypeReference<Map<String, Object>> STRING_OBJECT_MAP = new ParameterizedTypeReference<Map<String, Object>>() {
 	};
 
 	private JwtDecoderProviderConfigurationUtils() {
@@ -62,14 +63,16 @@ final class JwtDecoderProviderConfigurationUtils {
 	}
 
 	static void validateIssuer(Map<String, Object> configuration, String issuer) {
-		String metadataIssuer = "(unavailable)";
+		String metadataIssuer = getMetadataIssuer(configuration);
+		Assert.state(issuer.equals(metadataIssuer), () -> "The Issuer \"" + metadataIssuer
+				+ "\" provided in the configuration did not " + "match the requested issuer \"" + issuer + "\"");
+	}
+
+	private static String getMetadataIssuer(Map<String, Object> configuration) {
 		if (configuration.containsKey("issuer")) {
-			metadataIssuer = configuration.get("issuer").toString();
-		}
-		if (!issuer.equals(metadataIssuer)) {
-			throw new IllegalStateException("The Issuer \"" + metadataIssuer
-					+ "\" provided in the configuration did not " + "match the requested issuer \"" + issuer + "\"");
+			return configuration.get("issuer").toString();
 		}
+		return "(unavailable)";
 	}
 
 	private static Map<String, Object> getConfiguration(String issuer, URI... uris) {
@@ -77,13 +80,9 @@ final class JwtDecoderProviderConfigurationUtils {
 		for (URI uri : uris) {
 			try {
 				RequestEntity<Void> request = RequestEntity.get(uri).build();
-				ResponseEntity<Map<String, Object>> response = rest.exchange(request, typeReference);
+				ResponseEntity<Map<String, Object>> response = rest.exchange(request, STRING_OBJECT_MAP);
 				Map<String, Object> configuration = response.getBody();
-
-				if (configuration.get("jwks_uri") == null) {
-					throw new IllegalArgumentException("The public JWK set URI must not be null");
-				}
-
+				Assert.isTrue(configuration.get("jwks_uri") != null, "The public JWK set URI must not be null");
 				return configuration;
 			}
 			catch (IllegalArgumentException ex) {
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtDecoders.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtDecoders.java
index ad6c9274f1..d109cc0d2d 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtDecoders.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtDecoders.java
@@ -34,6 +34,9 @@ import org.springframework.util.Assert;
  */
 public final class JwtDecoders {
 
+	private JwtDecoders() {
+	}
+
 	/**
 	 * Creates a {@link JwtDecoder} using the provided <a href=
 	 * "https://openid.net/specs/openid-connect-core-1_0.html#IssuerIdentifier">Issuer</a>
@@ -105,11 +108,7 @@ public final class JwtDecoders {
 		OAuth2TokenValidator<Jwt> jwtValidator = JwtValidators.createDefaultWithIssuer(issuer);
 		NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder.withJwkSetUri(configuration.get("jwks_uri").toString()).build();
 		jwtDecoder.setJwtValidator(jwtValidator);
-
 		return jwtDecoder;
 	}
 
-	private JwtDecoders() {
-	}
-
 }
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtIssuerValidator.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtIssuerValidator.java
index 00b894d86e..61c5d11882 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtIssuerValidator.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtIssuerValidator.java
@@ -39,9 +39,6 @@ public final class JwtIssuerValidator implements OAuth2TokenValidator<Jwt> {
 		this.validator = new JwtClaimValidator(JwtClaimNames.ISS, issuer::equals);
 	}
 
-	/**
-	 * {@inheritDoc}
-	 */
 	@Override
 	public OAuth2TokenValidatorResult validate(Jwt token) {
 		Assert.notNull(token, "token cannot be null");
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtTimestampValidator.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtTimestampValidator.java
index 5685e30793..0fb72aca00 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtTimestampValidator.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtTimestampValidator.java
@@ -68,31 +68,23 @@ public final class JwtTimestampValidator implements OAuth2TokenValidator<Jwt> {
 		this.clockSkew = clockSkew;
 	}
 
-	/**
-	 * {@inheritDoc}
-	 */
 	@Override
 	public OAuth2TokenValidatorResult validate(Jwt jwt) {
 		Assert.notNull(jwt, "jwt cannot be null");
-
 		Instant expiry = jwt.getExpiresAt();
-
 		if (expiry != null) {
 			if (Instant.now(this.clock).minus(this.clockSkew).isAfter(expiry)) {
 				OAuth2Error oAuth2Error = createOAuth2Error(String.format("Jwt expired at %s", jwt.getExpiresAt()));
 				return OAuth2TokenValidatorResult.failure(oAuth2Error);
 			}
 		}
-
 		Instant notBefore = jwt.getNotBefore();
-
 		if (notBefore != null) {
 			if (Instant.now(this.clock).plus(this.clockSkew).isBefore(notBefore)) {
 				OAuth2Error oAuth2Error = createOAuth2Error(String.format("Jwt used before %s", jwt.getNotBefore()));
 				return OAuth2TokenValidatorResult.failure(oAuth2Error);
 			}
 		}
-
 		return OAuth2TokenValidatorResult.success();
 	}
 
@@ -103,8 +95,7 @@ public final class JwtTimestampValidator implements OAuth2TokenValidator<Jwt> {
 	}
 
 	/**
-	 * ' Use this {@link Clock} with {@link Instant#now()} for assessing timestamp
-	 * validity
+	 * Use this {@link Clock} with {@link Instant#now()} for assessing timestamp validity
 	 * @param clock
 	 */
 	public void setClock(Clock clock) {
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtValidationException.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtValidationException.java
index d0d2dde0b3..94568d2dc6 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtValidationException.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtValidationException.java
@@ -54,7 +54,6 @@ public class JwtValidationException extends BadJwtException {
 	 */
 	public JwtValidationException(String message, Collection<OAuth2Error> errors) {
 		super(message);
-
 		Assert.notEmpty(errors, "errors cannot be empty");
 		this.errors = new ArrayList<>(errors);
 	}
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtValidators.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtValidators.java
index ca49e7bae9..4d13ce52ab 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtValidators.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtValidators.java
@@ -32,6 +32,9 @@ import org.springframework.security.oauth2.core.OAuth2TokenValidator;
  */
 public final class JwtValidators {
 
+	private JwtValidators() {
+	}
+
 	/**
 	 * <p>
 	 * Create a {@link Jwt} Validator that contains all standard validators when an issuer
@@ -69,7 +72,4 @@ public final class JwtValidators {
 		return new DelegatingOAuth2TokenValidator<>(Arrays.asList(new JwtTimestampValidator()));
 	}
 
-	private JwtValidators() {
-	}
-
 }
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/MappedJwtClaimSetConverter.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/MappedJwtClaimSetConverter.java
index d5c6c23670..221c6d730c 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/MappedJwtClaimSetConverter.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/MappedJwtClaimSetConverter.java
@@ -93,11 +93,9 @@ public final class MappedJwtClaimSetConverter implements Converter<Map<String, O
 	 */
 	public static MappedJwtClaimSetConverter withDefaults(Map<String, Converter<Object, ?>> claimTypeConverters) {
 		Assert.notNull(claimTypeConverters, "claimTypeConverters cannot be null");
-
 		Converter<Object, ?> stringConverter = getConverter(STRING_TYPE_DESCRIPTOR);
 		Converter<Object, ?> collectionStringConverter = getConverter(
 				TypeDescriptor.collection(Collection.class, STRING_TYPE_DESCRIPTOR));
-
 		Map<String, Converter<Object, ?>> claimNameToConverter = new HashMap<>();
 		claimNameToConverter.put(JwtClaimNames.AUD, collectionStringConverter);
 		claimNameToConverter.put(JwtClaimNames.EXP, MappedJwtClaimSetConverter::convertInstant);
@@ -107,7 +105,6 @@ public final class MappedJwtClaimSetConverter implements Converter<Map<String, O
 		claimNameToConverter.put(JwtClaimNames.NBF, MappedJwtClaimSetConverter::convertInstant);
 		claimNameToConverter.put(JwtClaimNames.SUB, stringConverter);
 		claimNameToConverter.putAll(claimTypeConverters);
-
 		return new MappedJwtClaimSetConverter(claimNameToConverter);
 	}
 
@@ -120,9 +117,7 @@ public final class MappedJwtClaimSetConverter implements Converter<Map<String, O
 			return null;
 		}
 		Instant result = (Instant) CONVERSION_SERVICE.convert(source, OBJECT_TYPE_DESCRIPTOR, INSTANT_TYPE_DESCRIPTOR);
-		if (result == null) {
-			throw new IllegalStateException("Could not coerce " + source + " into an Instant");
-		}
+		Assert.state(result != null, () -> "Could not coerce " + source + " into an Instant");
 		return result;
 	}
 
@@ -145,24 +140,17 @@ public final class MappedJwtClaimSetConverter implements Converter<Map<String, O
 		return (String) CONVERSION_SERVICE.convert(source, OBJECT_TYPE_DESCRIPTOR, STRING_TYPE_DESCRIPTOR);
 	}
 
-	/**
-	 * {@inheritDoc}
-	 */
 	@Override
 	public Map<String, Object> convert(Map<String, Object> claims) {
 		Assert.notNull(claims, "claims cannot be null");
-
 		Map<String, Object> mappedClaims = this.delegate.convert(claims);
-
 		mappedClaims = removeClaims(mappedClaims);
 		mappedClaims = addClaims(mappedClaims);
-
 		Instant issuedAt = (Instant) mappedClaims.get(JwtClaimNames.IAT);
 		Instant expiresAt = (Instant) mappedClaims.get(JwtClaimNames.EXP);
 		if (issuedAt == null && expiresAt != null) {
 			mappedClaims.put(JwtClaimNames.IAT, expiresAt.minusSeconds(1));
 		}
-
 		return mappedClaims;
 	}
 
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoder.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoder.java
index aa76a21151..632d755cc7 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoder.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoder.java
@@ -145,19 +145,15 @@ public final class NimbusJwtDecoder implements JwtDecoder {
 		try {
 			// Verify the signature
 			JWTClaimsSet jwtClaimsSet = this.jwtProcessor.process(parsedJwt, null);
-
 			Map<String, Object> headers = new LinkedHashMap<>(parsedJwt.getHeader().toJSONObject());
 			Map<String, Object> claims = this.claimSetConverter.convert(jwtClaimsSet.getClaims());
-
 			return Jwt.withTokenValue(token).headers((h) -> h.putAll(headers)).claims((c) -> c.putAll(claims)).build();
 		}
 		catch (RemoteKeySourceException ex) {
 			if (ex.getCause() instanceof ParseException) {
 				throw new JwtException(String.format(DECODING_ERROR_MESSAGE_TEMPLATE, "Malformed Jwk set"));
 			}
-			else {
-				throw new JwtException(String.format(DECODING_ERROR_MESSAGE_TEMPLATE, ex.getMessage()), ex);
-			}
+			throw new JwtException(String.format(DECODING_ERROR_MESSAGE_TEMPLATE, ex.getMessage()), ex);
 		}
 		catch (JOSEException ex) {
 			throw new JwtException(String.format(DECODING_ERROR_MESSAGE_TEMPLATE, ex.getMessage()), ex);
@@ -166,9 +162,7 @@ public final class NimbusJwtDecoder implements JwtDecoder {
 			if (ex.getCause() instanceof ParseException) {
 				throw new BadJwtException(String.format(DECODING_ERROR_MESSAGE_TEMPLATE, "Malformed payload"));
 			}
-			else {
-				throw new BadJwtException(String.format(DECODING_ERROR_MESSAGE_TEMPLATE, ex.getMessage()), ex);
-			}
+			throw new BadJwtException(String.format(DECODING_ERROR_MESSAGE_TEMPLATE, ex.getMessage()), ex);
 		}
 	}
 
@@ -176,20 +170,21 @@ public final class NimbusJwtDecoder implements JwtDecoder {
 		OAuth2TokenValidatorResult result = this.jwtValidator.validate(jwt);
 		if (result.hasErrors()) {
 			Collection<OAuth2Error> errors = result.getErrors();
-			String validationErrorString = "Unable to validate Jwt";
-			for (OAuth2Error oAuth2Error : errors) {
-				if (!StringUtils.isEmpty(oAuth2Error.getDescription())) {
-					validationErrorString = String.format(DECODING_ERROR_MESSAGE_TEMPLATE,
-							oAuth2Error.getDescription());
-					break;
-				}
-			}
-			throw new JwtValidationException(validationErrorString, result.getErrors());
+			String validationErrorString = getJwtValidationExceptionMessage(errors);
+			throw new JwtValidationException(validationErrorString, errors);
 		}
-
 		return jwt;
 	}
 
+	private String getJwtValidationExceptionMessage(Collection<OAuth2Error> errors) {
+		for (OAuth2Error oAuth2Error : errors) {
+			if (!StringUtils.isEmpty(oAuth2Error.getDescription())) {
+				return String.format(DECODING_ERROR_MESSAGE_TEMPLATE, oAuth2Error.getDescription());
+			}
+		}
+		return "Unable to validate Jwt";
+	}
+
 	/**
 	 * Use the given <a href="https://tools.ietf.org/html/rfc7517#section-5">JWK Set</a>
 	 * uri.
@@ -316,14 +311,12 @@ public final class NimbusJwtDecoder implements JwtDecoder {
 			if (this.signatureAlgorithms.isEmpty()) {
 				return new JWSVerificationKeySelector<>(JWSAlgorithm.RS256, jwkSource);
 			}
-			else {
-				Set<JWSAlgorithm> jwsAlgorithms = new HashSet<>();
-				for (SignatureAlgorithm signatureAlgorithm : this.signatureAlgorithms) {
-					JWSAlgorithm jwsAlgorithm = JWSAlgorithm.parse(signatureAlgorithm.getName());
-					jwsAlgorithms.add(jwsAlgorithm);
-				}
-				return new JWSVerificationKeySelector<>(jwsAlgorithms, jwkSource);
+			Set<JWSAlgorithm> jwsAlgorithms = new HashSet<>();
+			for (SignatureAlgorithm signatureAlgorithm : this.signatureAlgorithms) {
+				JWSAlgorithm jwsAlgorithm = JWSAlgorithm.parse(signatureAlgorithm.getName());
+				jwsAlgorithms.add(jwsAlgorithm);
 			}
+			return new JWSVerificationKeySelector<>(jwsAlgorithms, jwkSource);
 		}
 
 		JWKSource<SecurityContext> jwkSource(ResourceRetriever jwkSetRetriever) {
@@ -339,13 +332,10 @@ public final class NimbusJwtDecoder implements JwtDecoder {
 			JWKSource<SecurityContext> jwkSource = jwkSource(jwkSetRetriever);
 			ConfigurableJWTProcessor<SecurityContext> jwtProcessor = new DefaultJWTProcessor<>();
 			jwtProcessor.setJWSKeySelector(jwsKeySelector(jwkSource));
-
 			// Spring Security validates the claim set independent from Nimbus
 			jwtProcessor.setJWTClaimsSetVerifier((claims, context) -> {
 			});
-
 			this.jwtProcessorCustomizer.accept(jwtProcessor);
-
 			return jwtProcessor;
 		}
 
@@ -397,10 +387,10 @@ public final class NimbusJwtDecoder implements JwtDecoder {
 
 			@Override
 			public Resource retrieveResource(URL url) throws IOException {
-				String jwkSet;
 				try {
-					jwkSet = this.cache.get(url.toString(),
+					String jwkSet = this.cache.get(url.toString(),
 							() -> this.resourceRetriever.retrieveResource(url).getContent());
+					return new Resource(jwkSet, "UTF-8");
 				}
 				catch (Cache.ValueRetrievalException ex) {
 					Throwable thrownByValueLoader = ex.getCause();
@@ -412,8 +402,6 @@ public final class NimbusJwtDecoder implements JwtDecoder {
 				catch (Exception ex) {
 					throw new IOException(ex);
 				}
-
-				return new Resource(jwkSet, "UTF-8");
 			}
 
 		}
@@ -433,21 +421,21 @@ public final class NimbusJwtDecoder implements JwtDecoder {
 			public Resource retrieveResource(URL url) throws IOException {
 				HttpHeaders headers = new HttpHeaders();
 				headers.setAccept(Arrays.asList(MediaType.APPLICATION_JSON, APPLICATION_JWK_SET_JSON));
+				ResponseEntity<String> response = getResponse(url, headers);
+				if (response.getStatusCodeValue() != 200) {
+					throw new IOException(response.toString());
+				}
+				return new Resource(response.getBody(), "UTF-8");
+			}
 
-				ResponseEntity<String> response;
+			private ResponseEntity<String> getResponse(URL url, HttpHeaders headers) throws IOException {
 				try {
 					RequestEntity<Void> request = new RequestEntity<>(headers, HttpMethod.GET, url.toURI());
-					response = this.restOperations.exchange(request, String.class);
+					return this.restOperations.exchange(request, String.class);
 				}
 				catch (Exception ex) {
 					throw new IOException(ex);
 				}
-
-				if (response.getStatusCodeValue() != 200) {
-					throw new IOException(response.toString());
-				}
-
-				return new Resource(response.getBody(), "UTF-8");
 			}
 
 		}
@@ -506,22 +494,16 @@ public final class NimbusJwtDecoder implements JwtDecoder {
 		}
 
 		JWTProcessor<SecurityContext> processor() {
-			if (!JWSAlgorithm.Family.RSA.contains(this.jwsAlgorithm)) {
-				throw new IllegalStateException(
-						"The provided key is of type RSA; " + "however the signature algorithm is of some other type: "
-								+ this.jwsAlgorithm + ". Please indicate one of RS256, RS384, or RS512.");
-			}
-
+			Assert.state(JWSAlgorithm.Family.RSA.contains(this.jwsAlgorithm),
+					() -> "The provided key is of type RSA; however the signature algorithm is of some other type: "
+							+ this.jwsAlgorithm + ". Please indicate one of RS256, RS384, or RS512.");
 			JWSKeySelector<SecurityContext> jwsKeySelector = new SingleKeyJWSKeySelector<>(this.jwsAlgorithm, this.key);
 			DefaultJWTProcessor<SecurityContext> jwtProcessor = new DefaultJWTProcessor<>();
 			jwtProcessor.setJWSKeySelector(jwsKeySelector);
-
 			// Spring Security validates the claim set independent from Nimbus
 			jwtProcessor.setJWTClaimsSetVerifier((claims, context) -> {
 			});
-
 			this.jwtProcessorCustomizer.accept(jwtProcessor);
-
 			return jwtProcessor;
 		}
 
@@ -599,13 +581,10 @@ public final class NimbusJwtDecoder implements JwtDecoder {
 					this.secretKey);
 			DefaultJWTProcessor<SecurityContext> jwtProcessor = new DefaultJWTProcessor<>();
 			jwtProcessor.setJWSKeySelector(jwsKeySelector);
-
 			// Spring Security validates the claim set independent from Nimbus
 			jwtProcessor.setJWTClaimsSetVerifier((claims, context) -> {
 			});
-
 			this.jwtProcessorCustomizer.accept(jwtProcessor);
-
 			return jwtProcessor;
 		}
 
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderJwkSupport.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderJwkSupport.java
index 5fa2de4f65..cb3e8a7b6f 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderJwkSupport.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderJwkSupport.java
@@ -79,7 +79,6 @@ public final class NimbusJwtDecoderJwkSupport implements JwtDecoder {
 	public NimbusJwtDecoderJwkSupport(String jwkSetUrl, String jwsAlgorithm) {
 		Assert.hasText(jwkSetUrl, "jwkSetUrl cannot be empty");
 		Assert.hasText(jwsAlgorithm, "jwsAlgorithm cannot be empty");
-
 		this.jwtDecoderBuilder = NimbusJwtDecoder.withJwkSetUri(jwkSetUrl)
 				.jwsAlgorithm(SignatureAlgorithm.from(jwsAlgorithm));
 		this.delegate = makeDelegate();
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoder.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoder.java
index fa457aa1e2..95909265ac 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoder.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoder.java
@@ -161,8 +161,8 @@ public final class NimbusReactiveJwtDecoder implements ReactiveJwtDecoder {
 		try {
 			return this.jwtProcessor.convert(parsedToken).map((set) -> createJwt(parsedToken, set))
 					.map(this::validateJwt)
-					.onErrorMap((e) -> !(e instanceof IllegalStateException) && !(e instanceof JwtException),
-							(e) -> new JwtException("An error occurred while attempting to decode the Jwt: ", e));
+					.onErrorMap((ex) -> !(ex instanceof IllegalStateException) && !(ex instanceof JwtException),
+							(ex) -> new JwtException("An error occurred while attempting to decode the Jwt: ", ex));
 		}
 		catch (JwtException ex) {
 			throw ex;
@@ -176,7 +176,6 @@ public final class NimbusReactiveJwtDecoder implements ReactiveJwtDecoder {
 		try {
 			Map<String, Object> headers = new LinkedHashMap<>(parsedJwt.getHeader().toJSONObject());
 			Map<String, Object> claims = this.claimSetConverter.convert(jwtClaimsSet.getClaims());
-
 			return Jwt.withTokenValue(parsedJwt.getParsedString()).headers((h) -> h.putAll(headers))
 					.claims((c) -> c.putAll(claims)).build();
 		}
@@ -189,19 +188,21 @@ public final class NimbusReactiveJwtDecoder implements ReactiveJwtDecoder {
 		OAuth2TokenValidatorResult result = this.jwtValidator.validate(jwt);
 		if (result.hasErrors()) {
 			Collection<OAuth2Error> errors = result.getErrors();
-			String validationErrorString = "Unable to validate Jwt";
-			for (OAuth2Error oAuth2Error : errors) {
-				if (!StringUtils.isEmpty(oAuth2Error.getDescription())) {
-					validationErrorString = oAuth2Error.getDescription();
-					break;
-				}
-			}
+			String validationErrorString = getJwtValidationExceptionMessage(errors);
 			throw new JwtValidationException(validationErrorString, errors);
 		}
-
 		return jwt;
 	}
 
+	private String getJwtValidationExceptionMessage(Collection<OAuth2Error> errors) {
+		for (OAuth2Error oAuth2Error : errors) {
+			if (!StringUtils.isEmpty(oAuth2Error.getDescription())) {
+				return oAuth2Error.getDescription();
+			}
+		}
+		return "Unable to validate Jwt";
+	}
+
 	/**
 	 * Use the given <a href="https://tools.ietf.org/html/rfc7517#section-5">JWK Set</a>
 	 * uri to validate JWTs.
@@ -353,14 +354,12 @@ public final class NimbusReactiveJwtDecoder implements ReactiveJwtDecoder {
 			if (this.signatureAlgorithms.isEmpty()) {
 				return new JWSVerificationKeySelector<>(JWSAlgorithm.RS256, jwkSource);
 			}
-			else {
-				Set<JWSAlgorithm> jwsAlgorithms = new HashSet<>();
-				for (SignatureAlgorithm signatureAlgorithm : this.signatureAlgorithms) {
-					JWSAlgorithm jwsAlgorithm = JWSAlgorithm.parse(signatureAlgorithm.getName());
-					jwsAlgorithms.add(jwsAlgorithm);
-				}
-				return new JWSVerificationKeySelector<>(jwsAlgorithms, jwkSource);
+			Set<JWSAlgorithm> jwsAlgorithms = new HashSet<>();
+			for (SignatureAlgorithm signatureAlgorithm : this.signatureAlgorithms) {
+				JWSAlgorithm jwsAlgorithm = JWSAlgorithm.parse(signatureAlgorithm.getName());
+				jwsAlgorithms.add(jwsAlgorithm);
 			}
+			return new JWSVerificationKeySelector<>(jwsAlgorithms, jwkSource);
 		}
 
 		Converter<JWT, Mono<JWTClaimsSet>> processor() {
@@ -370,16 +369,14 @@ public final class NimbusReactiveJwtDecoder implements ReactiveJwtDecoder {
 			jwtProcessor.setJWSKeySelector(jwsKeySelector);
 			jwtProcessor.setJWTClaimsSetVerifier((claims, context) -> {
 			});
-
 			this.jwtProcessorCustomizer.accept(jwtProcessor);
-
 			ReactiveRemoteJWKSource source = new ReactiveRemoteJWKSource(this.jwkSetUri);
 			source.setWebClient(this.webClient);
-
 			Function<JWSAlgorithm, Boolean> expectedJwsAlgorithms = getExpectedJwsAlgorithms(jwsKeySelector);
 			return (jwt) -> {
 				JWKSelector selector = createSelector(expectedJwsAlgorithms, jwt.getHeader());
-				return source.get(selector).onErrorMap((e) -> new IllegalStateException("Could not obtain the keys", e))
+				return source.get(selector)
+						.onErrorMap((ex) -> new IllegalStateException("Could not obtain the keys", ex))
 						.map((jwkList) -> createClaimsSet(jwtProcessor, jwt, new JWKSecurityContext(jwkList)));
 			};
 		}
@@ -396,7 +393,6 @@ public final class NimbusReactiveJwtDecoder implements ReactiveJwtDecoder {
 			if (!expectedJwsAlgorithms.apply(jwsHeader.getAlgorithm())) {
 				throw new BadJwtException("Unsupported algorithm of " + header.getAlgorithm());
 			}
-
 			return new JWKSelector(JWKMatcher.forJWSHeader(jwsHeader));
 		}
 
@@ -463,22 +459,16 @@ public final class NimbusReactiveJwtDecoder implements ReactiveJwtDecoder {
 		}
 
 		Converter<JWT, Mono<JWTClaimsSet>> processor() {
-			if (!JWSAlgorithm.Family.RSA.contains(this.jwsAlgorithm)) {
-				throw new IllegalStateException(
-						"The provided key is of type RSA; " + "however the signature algorithm is of some other type: "
-								+ this.jwsAlgorithm + ". Please indicate one of RS256, RS384, or RS512.");
-			}
-
+			Assert.state(JWSAlgorithm.Family.RSA.contains(this.jwsAlgorithm),
+					() -> "The provided key is of type RSA; however the signature algorithm is of some other type: "
+							+ this.jwsAlgorithm + ". Please indicate one of RS256, RS384, or RS512.");
 			JWSKeySelector<SecurityContext> jwsKeySelector = new SingleKeyJWSKeySelector<>(this.jwsAlgorithm, this.key);
 			DefaultJWTProcessor<SecurityContext> jwtProcessor = new DefaultJWTProcessor<>();
 			jwtProcessor.setJWSKeySelector(jwsKeySelector);
-
 			// Spring Security validates the claim set independent from Nimbus
 			jwtProcessor.setJWTClaimsSetVerifier((claims, context) -> {
 			});
-
 			this.jwtProcessorCustomizer.accept(jwtProcessor);
-
 			return (jwt) -> Mono.just(createClaimsSet(jwtProcessor, jwt, null));
 		}
 
@@ -550,13 +540,10 @@ public final class NimbusReactiveJwtDecoder implements ReactiveJwtDecoder {
 					this.secretKey);
 			DefaultJWTProcessor<SecurityContext> jwtProcessor = new DefaultJWTProcessor<>();
 			jwtProcessor.setJWSKeySelector(jwsKeySelector);
-
 			// Spring Security validates the claim set independent from Nimbus
 			jwtProcessor.setJWTClaimsSetVerifier((claims, context) -> {
 			});
-
 			this.jwtProcessorCustomizer.accept(jwtProcessor);
-
 			return (jwt) -> Mono.just(createClaimsSet(jwtProcessor, jwt, null));
 		}
 
@@ -626,9 +613,7 @@ public final class NimbusReactiveJwtDecoder implements ReactiveJwtDecoder {
 			jwtProcessor.setJWSKeySelector(jwsKeySelector);
 			jwtProcessor.setJWTClaimsSetVerifier((claims, context) -> {
 			});
-
 			this.jwtProcessorCustomizer.accept(jwtProcessor);
-
 			return (jwt) -> {
 				if (jwt instanceof SignedJWT) {
 					return this.jwkSource.apply((SignedJWT) jwt)
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveJwtDecoders.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveJwtDecoders.java
index ef5102d01c..c279cc5819 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveJwtDecoders.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveJwtDecoders.java
@@ -33,6 +33,9 @@ import org.springframework.util.Assert;
  */
 public final class ReactiveJwtDecoders {
 
+	private ReactiveJwtDecoders() {
+	}
+
 	/**
 	 * Creates a {@link ReactiveJwtDecoder} using the provided <a href=
 	 * "https://openid.net/specs/openid-connect-core-1_0.html#IssuerIdentifier">Issuer</a>
@@ -106,11 +109,7 @@ public final class ReactiveJwtDecoders {
 		NimbusReactiveJwtDecoder jwtDecoder = NimbusReactiveJwtDecoder
 				.withJwkSetUri(configuration.get("jwks_uri").toString()).build();
 		jwtDecoder.setJwtValidator(jwtValidator);
-
 		return jwtDecoder;
 	}
 
-	private ReactiveJwtDecoders() {
-	}
-
 }
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveRemoteJWKSource.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveRemoteJWKSource.java
index 28b4640b68..ec2bc3f901 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveRemoteJWKSource.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveRemoteJWKSource.java
@@ -63,29 +63,23 @@ class ReactiveRemoteJWKSource implements ReactiveJWKSource {
 		return Mono.defer(() -> {
 			// Run the selector on the JWK set
 			List<JWK> matches = jwkSelector.select(jwkSet);
-
 			if (!matches.isEmpty()) {
 				// Success
 				return Mono.just(matches);
 			}
-
 			// Refresh the JWK set if the sought key ID is not in the cached JWK set
-
 			// Looking for JWK with specific ID?
 			String soughtKeyID = getFirstSpecifiedKeyID(jwkSelector.getMatcher());
 			if (soughtKeyID == null) {
 				// No key ID specified, return no matches
 				return Mono.just(Collections.emptyList());
 			}
-
 			if (jwkSet.getKeyByKeyId(soughtKeyID) != null) {
 				// The key ID exists in the cached JWK set, matching
 				// failed for some other reason, return no matches
 				return Mono.just(Collections.emptyList());
 			}
-
 			return Mono.empty();
-
 		});
 	}
 
@@ -114,13 +108,10 @@ class ReactiveRemoteJWKSource implements ReactiveJWKSource {
 	 * @return The first key ID, {@code null} if none.
 	 */
 	protected static String getFirstSpecifiedKeyID(final JWKMatcher jwkMatcher) {
-
 		Set<String> keyIDs = jwkMatcher.getKeyIDs();
-
 		if (keyIDs == null || keyIDs.isEmpty()) {
 			return null;
 		}
-
 		for (String id : keyIDs) {
 			if (id != null) {
 				return id;

From ba19a9e4b6d65050c6e9520801f98c6f4975d5fa Mon Sep 17 00:00:00 2001
From: Phillip Webb <pwebb@vmware.com>
Date: Fri, 31 Jul 2020 22:28:23 -0700
Subject: [PATCH 60/84] Polish spring-security-oauth2-resource-server main code

Manually polish `spring-security-oauth-resource-server`
following the formatting and checkstyle fixes.

Issue gh-8945
---
 .../BearerTokenAuthenticationToken.java       | 10 +-------
 .../server/resource/BearerTokenError.java     |  2 --
 .../server/resource/BearerTokenErrors.java    | 12 ++++-----
 ...bstractOAuth2TokenAuthenticationToken.java |  6 -----
 .../BearerTokenAuthentication.java            |  6 +----
 .../JwtAuthenticationConverter.java           |  1 -
 .../JwtAuthenticationProvider.java            | 18 ++++++-------
 .../JwtAuthenticationToken.java               |  3 ---
 ...JwtBearerTokenAuthenticationConverter.java |  2 --
 .../JwtGrantedAuthoritiesConverter.java       | 11 ++------
 ...ReactiveAuthenticationManagerResolver.java |  5 +---
 .../JwtReactiveAuthenticationManager.java     |  5 +---
 .../OpaqueTokenAuthenticationProvider.java    | 16 ++++++------
 ...queTokenReactiveAuthenticationManager.java |  5 +---
 .../NimbusOpaqueTokenIntrospector.java        | 12 ---------
 ...NimbusReactiveOpaqueTokenIntrospector.java | 10 ++------
 ...h2IntrospectionAuthenticatedPrincipal.java |  8 ------
 .../BearerTokenAuthenticationEntryPoint.java  | 15 -----------
 .../web/BearerTokenAuthenticationFilter.java  | 17 +------------
 .../web/DefaultBearerTokenResolver.java       | 25 +++++++------------
 .../BearerTokenAccessDeniedHandler.java       |  8 ------
 .../BearerTokenServerAccessDeniedHandler.java |  5 ----
 .../ServerBearerExchangeFilterFunction.java   |  3 ---
 .../ServletBearerExchangeFilterFunction.java  |  3 ---
 ...erTokenServerAuthenticationEntryPoint.java |  9 -------
 ...verBearerTokenAuthenticationConverter.java | 20 +++++++--------
 26 files changed, 48 insertions(+), 189 deletions(-)

diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/BearerTokenAuthenticationToken.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/BearerTokenAuthenticationToken.java
index a1b6ecc0e7..940ee7b676 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/BearerTokenAuthenticationToken.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/BearerTokenAuthenticationToken.java
@@ -40,7 +40,7 @@ public class BearerTokenAuthenticationToken extends AbstractAuthenticationToken
 
 	private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
 
-	private String token;
+	private final String token;
 
 	/**
 	 * Create a {@code BearerTokenAuthenticationToken} using the provided parameter(s)
@@ -48,9 +48,7 @@ public class BearerTokenAuthenticationToken extends AbstractAuthenticationToken
 	 */
 	public BearerTokenAuthenticationToken(String token) {
 		super(Collections.emptyList());
-
 		Assert.hasText(token, "token cannot be empty");
-
 		this.token = token;
 	}
 
@@ -65,17 +63,11 @@ public class BearerTokenAuthenticationToken extends AbstractAuthenticationToken
 		return this.token;
 	}
 
-	/**
-	 * {@inheritDoc}
-	 */
 	@Override
 	public Object getCredentials() {
 		return this.getToken();
 	}
 
-	/**
-	 * {@inheritDoc}
-	 */
 	@Override
 	public Object getPrincipal() {
 		return this.getToken();
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/BearerTokenError.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/BearerTokenError.java
index 0fa0463d5c..ef97c711c0 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/BearerTokenError.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/BearerTokenError.java
@@ -59,7 +59,6 @@ public final class BearerTokenError extends OAuth2Error {
 			String scope) {
 		super(errorCode, description, errorUri);
 		Assert.notNull(httpStatus, "httpStatus cannot be null");
-
 		Assert.isTrue(isDescriptionValid(description),
 				"description contains invalid ASCII characters, it must conform to RFC 6750");
 		Assert.isTrue(isErrorCodeValid(errorCode),
@@ -67,7 +66,6 @@ public final class BearerTokenError extends OAuth2Error {
 		Assert.isTrue(isErrorUriValid(errorUri),
 				"errorUri contains invalid ASCII characters, it must conform to RFC 6750");
 		Assert.isTrue(isScopeValid(scope), "scope contains invalid ASCII characters, it must conform to RFC 6750");
-
 		this.httpStatus = httpStatus;
 		this.scope = scope;
 	}
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/BearerTokenErrors.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/BearerTokenErrors.java
index 357cefe7dd..eaa90b8692 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/BearerTokenErrors.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/BearerTokenErrors.java
@@ -36,6 +36,9 @@ public final class BearerTokenErrors {
 
 	private static final String DEFAULT_URI = "https://tools.ietf.org/html/rfc6750#section-3.1";
 
+	private BearerTokenErrors() {
+	}
+
 	/**
 	 * Create a {@link BearerTokenError} caused by an invalid request
 	 * @param message a description of the error
@@ -46,7 +49,7 @@ public final class BearerTokenErrors {
 			return new BearerTokenError(BearerTokenErrorCodes.INVALID_REQUEST, HttpStatus.BAD_REQUEST, message,
 					DEFAULT_URI);
 		}
-		catch (IllegalArgumentException malformed) {
+		catch (IllegalArgumentException ex) {
 			// some third-party library error messages are not suitable for RFC 6750's
 			// error message charset
 			return DEFAULT_INVALID_REQUEST;
@@ -63,7 +66,7 @@ public final class BearerTokenErrors {
 			return new BearerTokenError(BearerTokenErrorCodes.INVALID_TOKEN, HttpStatus.UNAUTHORIZED, message,
 					DEFAULT_URI);
 		}
-		catch (IllegalArgumentException malformed) {
+		catch (IllegalArgumentException ex) {
 			// some third-party library error messages are not suitable for RFC 6750's
 			// error message charset
 			return DEFAULT_INVALID_TOKEN;
@@ -80,14 +83,11 @@ public final class BearerTokenErrors {
 			return new BearerTokenError(BearerTokenErrorCodes.INSUFFICIENT_SCOPE, HttpStatus.FORBIDDEN, message,
 					DEFAULT_URI, scope);
 		}
-		catch (IllegalArgumentException malformed) {
+		catch (IllegalArgumentException ex) {
 			// some third-party library error messages are not suitable for RFC 6750's
 			// error message charset
 			return DEFAULT_INSUFFICIENT_SCOPE;
 		}
 	}
 
-	private BearerTokenErrors() {
-	}
-
 }
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/AbstractOAuth2TokenAuthenticationToken.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/AbstractOAuth2TokenAuthenticationToken.java
index 8992f5be8d..d221136802 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/AbstractOAuth2TokenAuthenticationToken.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/AbstractOAuth2TokenAuthenticationToken.java
@@ -84,17 +84,11 @@ public abstract class AbstractOAuth2TokenAuthenticationToken<T extends AbstractO
 		this.token = token;
 	}
 
-	/**
-	 * {@inheritDoc}
-	 */
 	@Override
 	public Object getPrincipal() {
 		return this.principal;
 	}
 
-	/**
-	 * {@inheritDoc}
-	 */
 	@Override
 	public Object getCredentials() {
 		return this.credentials;
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/BearerTokenAuthentication.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/BearerTokenAuthentication.java
index ea57b85691..1e70e86b89 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/BearerTokenAuthentication.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/BearerTokenAuthentication.java
@@ -40,7 +40,7 @@ public class BearerTokenAuthentication extends AbstractOAuth2TokenAuthentication
 
 	private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
 
-	private Map<String, Object> attributes;
+	private final Map<String, Object> attributes;
 
 	/**
 	 * Constructs a {@link BearerTokenAuthentication} with the provided arguments
@@ -50,7 +50,6 @@ public class BearerTokenAuthentication extends AbstractOAuth2TokenAuthentication
 	 */
 	public BearerTokenAuthentication(OAuth2AuthenticatedPrincipal principal, OAuth2AccessToken credentials,
 			Collection<? extends GrantedAuthority> authorities) {
-
 		super(credentials, principal, credentials, authorities);
 		Assert.isTrue(credentials.getTokenType() == OAuth2AccessToken.TokenType.BEARER,
 				"credentials must be a bearer token");
@@ -58,9 +57,6 @@ public class BearerTokenAuthentication extends AbstractOAuth2TokenAuthentication
 		setAuthenticated(true);
 	}
 
-	/**
-	 * {@inheritDoc}
-	 */
 	@Override
 	public Map<String, Object> getTokenAttributes() {
 		return this.attributes;
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationConverter.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationConverter.java
index 9cd153f925..1962e03aac 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationConverter.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationConverter.java
@@ -43,7 +43,6 @@ public class JwtAuthenticationConverter implements Converter<Jwt, AbstractAuthen
 		if (this.principalClaimName == null) {
 			return new JwtAuthenticationToken(jwt, authorities);
 		}
-
 		String name = jwt.getClaim(this.principalClaimName);
 		return new JwtAuthenticationToken(jwt, authorities, name);
 	}
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationProvider.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationProvider.java
index 3cc4726477..953fee3c19 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationProvider.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationProvider.java
@@ -80,10 +80,15 @@ public final class JwtAuthenticationProvider implements AuthenticationProvider {
 	@Override
 	public Authentication authenticate(Authentication authentication) throws AuthenticationException {
 		BearerTokenAuthenticationToken bearer = (BearerTokenAuthenticationToken) authentication;
+		Jwt jwt = getJwt(bearer);
+		AbstractAuthenticationToken token = this.jwtAuthenticationConverter.convert(jwt);
+		token.setDetails(bearer.getDetails());
+		return token;
+	}
 
-		Jwt jwt;
+	private Jwt getJwt(BearerTokenAuthenticationToken bearer) {
 		try {
-			jwt = this.jwtDecoder.decode(bearer.getToken());
+			return this.jwtDecoder.decode(bearer.getToken());
 		}
 		catch (BadJwtException failed) {
 			throw new InvalidBearerTokenException(failed.getMessage(), failed);
@@ -91,16 +96,8 @@ public final class JwtAuthenticationProvider implements AuthenticationProvider {
 		catch (JwtException failed) {
 			throw new AuthenticationServiceException(failed.getMessage(), failed);
 		}
-
-		AbstractAuthenticationToken token = this.jwtAuthenticationConverter.convert(jwt);
-		token.setDetails(bearer.getDetails());
-
-		return token;
 	}
 
-	/**
-	 * {@inheritDoc}
-	 */
 	@Override
 	public boolean supports(Class<?> authentication) {
 		return BearerTokenAuthenticationToken.class.isAssignableFrom(authentication);
@@ -108,7 +105,6 @@ public final class JwtAuthenticationProvider implements AuthenticationProvider {
 
 	public void setJwtAuthenticationConverter(
 			Converter<Jwt, ? extends AbstractAuthenticationToken> jwtAuthenticationConverter) {
-
 		Assert.notNull(jwtAuthenticationConverter, "jwtAuthenticationConverter cannot be null");
 		this.jwtAuthenticationConverter = jwtAuthenticationConverter;
 	}
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationToken.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationToken.java
index 7745a17a57..e389e5e93c 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationToken.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationToken.java
@@ -72,9 +72,6 @@ public class JwtAuthenticationToken extends AbstractOAuth2TokenAuthenticationTok
 		this.name = name;
 	}
 
-	/**
-	 * {@inheritDoc}
-	 */
 	@Override
 	public Map<String, Object> getTokenAttributes() {
 		return this.getToken().getClaims();
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtBearerTokenAuthenticationConverter.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtBearerTokenAuthenticationConverter.java
index 726c98a61a..f548c8ac2c 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtBearerTokenAuthenticationConverter.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtBearerTokenAuthenticationConverter.java
@@ -52,10 +52,8 @@ public final class JwtBearerTokenAuthenticationConverter implements Converter<Jw
 		OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, jwt.getTokenValue(),
 				jwt.getIssuedAt(), jwt.getExpiresAt());
 		Map<String, Object> attributes = jwt.getClaims();
-
 		AbstractAuthenticationToken token = this.jwtAuthenticationConverter.convert(jwt);
 		Collection<GrantedAuthority> authorities = token.getAuthorities();
-
 		OAuth2AuthenticatedPrincipal principal = new DefaultOAuth2AuthenticatedPrincipal(attributes, authorities);
 		return new BearerTokenAuthentication(principal, accessToken, authorities);
 	}
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtGrantedAuthoritiesConverter.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtGrantedAuthoritiesConverter.java
index 0e800a6d95..d126984a21 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtGrantedAuthoritiesConverter.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtGrantedAuthoritiesConverter.java
@@ -84,11 +84,9 @@ public final class JwtGrantedAuthoritiesConverter implements Converter<Jwt, Coll
 	}
 
 	private String getAuthoritiesClaimName(Jwt jwt) {
-
 		if (this.authoritiesClaimName != null) {
 			return this.authoritiesClaimName;
 		}
-
 		for (String claimName : WELL_KNOWN_AUTHORITIES_CLAIM_NAMES) {
 			if (jwt.containsClaim(claimName)) {
 				return claimName;
@@ -99,24 +97,19 @@ public final class JwtGrantedAuthoritiesConverter implements Converter<Jwt, Coll
 
 	private Collection<String> getAuthorities(Jwt jwt) {
 		String claimName = getAuthoritiesClaimName(jwt);
-
 		if (claimName == null) {
 			return Collections.emptyList();
 		}
-
 		Object authorities = jwt.getClaim(claimName);
 		if (authorities instanceof String) {
 			if (StringUtils.hasText((String) authorities)) {
 				return Arrays.asList(((String) authorities).split(" "));
 			}
-			else {
-				return Collections.emptyList();
-			}
+			return Collections.emptyList();
 		}
-		else if (authorities instanceof Collection) {
+		if (authorities instanceof Collection) {
 			return (Collection<String>) authorities;
 		}
-
 		return Collections.emptyList();
 	}
 
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerReactiveAuthenticationManagerResolver.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerReactiveAuthenticationManagerResolver.java
index e4741235e3..701c9c4b34 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerReactiveAuthenticationManagerResolver.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerReactiveAuthenticationManagerResolver.java
@@ -110,7 +110,6 @@ public final class JwtIssuerReactiveAuthenticationManagerResolver
 	 */
 	public JwtIssuerReactiveAuthenticationManagerResolver(
 			ReactiveAuthenticationManagerResolver<String> issuerAuthenticationManagerResolver) {
-
 		Assert.notNull(issuerAuthenticationManagerResolver, "issuerAuthenticationManagerResolver cannot be null");
 		this.issuerAuthenticationManagerResolver = issuerAuthenticationManagerResolver;
 	}
@@ -141,9 +140,7 @@ public final class JwtIssuerReactiveAuthenticationManagerResolver
 					if (issuer == null) {
 						throw new InvalidBearerTokenException("Missing issuer");
 					}
-					else {
-						return issuer;
-					}
+					return issuer;
 				}
 				catch (Exception ex) {
 					throw new InvalidBearerTokenException(ex.getMessage(), ex);
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtReactiveAuthenticationManager.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtReactiveAuthenticationManager.java
index 4b8641f323..2cf613c783 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtReactiveAuthenticationManager.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtReactiveAuthenticationManager.java
@@ -65,7 +65,6 @@ public final class JwtReactiveAuthenticationManager implements ReactiveAuthentic
 	 */
 	public void setJwtAuthenticationConverter(
 			Converter<Jwt, ? extends Mono<? extends AbstractAuthenticationToken>> jwtAuthenticationConverter) {
-
 		Assert.notNull(jwtAuthenticationConverter, "jwtAuthenticationConverter cannot be null");
 		this.jwtAuthenticationConverter = jwtAuthenticationConverter;
 	}
@@ -74,9 +73,7 @@ public final class JwtReactiveAuthenticationManager implements ReactiveAuthentic
 		if (ex instanceof BadJwtException) {
 			return new InvalidBearerTokenException(ex.getMessage(), ex);
 		}
-		else {
-			return new AuthenticationServiceException(ex.getMessage(), ex);
-		}
+		return new AuthenticationServiceException(ex.getMessage(), ex);
 	}
 
 }
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenAuthenticationProvider.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenAuthenticationProvider.java
index ff96d7a279..6554f2b0bb 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenAuthenticationProvider.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenAuthenticationProvider.java
@@ -86,10 +86,15 @@ public final class OpaqueTokenAuthenticationProvider implements AuthenticationPr
 			return null;
 		}
 		BearerTokenAuthenticationToken bearer = (BearerTokenAuthenticationToken) authentication;
+		OAuth2AuthenticatedPrincipal principal = getOAuth2AuthenticatedPrincipal(bearer);
+		AbstractAuthenticationToken result = convert(principal, bearer.getToken());
+		result.setDetails(bearer.getDetails());
+		return result;
+	}
 
-		OAuth2AuthenticatedPrincipal principal;
+	private OAuth2AuthenticatedPrincipal getOAuth2AuthenticatedPrincipal(BearerTokenAuthenticationToken bearer) {
 		try {
-			principal = this.introspector.introspect(bearer.getToken());
+			return this.introspector.introspect(bearer.getToken());
 		}
 		catch (BadOpaqueTokenException failed) {
 			throw new InvalidBearerTokenException(failed.getMessage());
@@ -97,15 +102,8 @@ public final class OpaqueTokenAuthenticationProvider implements AuthenticationPr
 		catch (OAuth2IntrospectionException failed) {
 			throw new AuthenticationServiceException(failed.getMessage());
 		}
-
-		AbstractAuthenticationToken result = convert(principal, bearer.getToken());
-		result.setDetails(bearer.getDetails());
-		return result;
 	}
 
-	/**
-	 * {@inheritDoc}
-	 */
 	@Override
 	public boolean supports(Class<?> authentication) {
 		return BearerTokenAuthenticationToken.class.isAssignableFrom(authentication);
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenReactiveAuthenticationManager.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenReactiveAuthenticationManager.java
index dfd7fbd211..679e44fa2a 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenReactiveAuthenticationManager.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenReactiveAuthenticationManager.java
@@ -84,7 +84,6 @@ public class OpaqueTokenReactiveAuthenticationManager implements ReactiveAuthent
 		return this.introspector.introspect(token).map((principal) -> {
 			Instant iat = principal.getAttribute(OAuth2IntrospectionClaimNames.ISSUED_AT);
 			Instant exp = principal.getAttribute(OAuth2IntrospectionClaimNames.EXPIRES_AT);
-
 			// construct token
 			OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, token, iat, exp);
 			return new BearerTokenAuthentication(principal, accessToken, principal.getAuthorities());
@@ -95,9 +94,7 @@ public class OpaqueTokenReactiveAuthenticationManager implements ReactiveAuthent
 		if (ex instanceof BadOpaqueTokenException) {
 			return new InvalidBearerTokenException(ex.getMessage(), ex);
 		}
-		else {
-			return new AuthenticationServiceException(ex.getMessage(), ex);
-		}
+		return new AuthenticationServiceException(ex.getMessage(), ex);
 	}
 
 }
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/NimbusOpaqueTokenIntrospector.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/NimbusOpaqueTokenIntrospector.java
index bbeae6fe85..a1d427712f 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/NimbusOpaqueTokenIntrospector.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/NimbusOpaqueTokenIntrospector.java
@@ -74,7 +74,6 @@ public class NimbusOpaqueTokenIntrospector implements OpaqueTokenIntrospector {
 		Assert.notNull(introspectionUri, "introspectionUri cannot be null");
 		Assert.notNull(clientId, "clientId cannot be null");
 		Assert.notNull(clientSecret, "clientSecret cannot be null");
-
 		this.requestEntityConverter = this.defaultRequestEntityConverter(URI.create(introspectionUri));
 		RestTemplate restTemplate = new RestTemplate();
 		restTemplate.getInterceptors().add(new BasicAuthenticationInterceptor(clientId, clientSecret));
@@ -92,7 +91,6 @@ public class NimbusOpaqueTokenIntrospector implements OpaqueTokenIntrospector {
 	public NimbusOpaqueTokenIntrospector(String introspectionUri, RestOperations restOperations) {
 		Assert.notNull(introspectionUri, "introspectionUri cannot be null");
 		Assert.notNull(restOperations, "restOperations cannot be null");
-
 		this.requestEntityConverter = this.defaultRequestEntityConverter(URI.create(introspectionUri));
 		this.restOperations = restOperations;
 	}
@@ -117,27 +115,21 @@ public class NimbusOpaqueTokenIntrospector implements OpaqueTokenIntrospector {
 		return body;
 	}
 
-	/**
-	 * {@inheritDoc}
-	 */
 	@Override
 	public OAuth2AuthenticatedPrincipal introspect(String token) {
 		RequestEntity<?> requestEntity = this.requestEntityConverter.convert(token);
 		if (requestEntity == null) {
 			throw new OAuth2IntrospectionException("requestEntityConverter returned a null entity");
 		}
-
 		ResponseEntity<String> responseEntity = makeRequest(requestEntity);
 		HTTPResponse httpResponse = adaptToNimbusResponse(responseEntity);
 		TokenIntrospectionResponse introspectionResponse = parseNimbusResponse(httpResponse);
 		TokenIntrospectionSuccessResponse introspectionSuccessResponse = castToNimbusSuccess(introspectionResponse);
-
 		// relying solely on the authorization server to validate this token (not checking
 		// 'exp', for example)
 		if (!introspectionSuccessResponse.isActive()) {
 			throw new BadOpaqueTokenException("Provided token isn't active");
 		}
-
 		return convertClaimsSet(introspectionSuccessResponse);
 	}
 
@@ -149,7 +141,6 @@ public class NimbusOpaqueTokenIntrospector implements OpaqueTokenIntrospector {
 	 */
 	public void setRequestEntityConverter(Converter<String, RequestEntity<?>> requestEntityConverter) {
 		Assert.notNull(requestEntityConverter, "requestEntityConverter cannot be null");
-
 		this.requestEntityConverter = requestEntityConverter;
 	}
 
@@ -166,7 +157,6 @@ public class NimbusOpaqueTokenIntrospector implements OpaqueTokenIntrospector {
 		HTTPResponse response = new HTTPResponse(responseEntity.getStatusCodeValue());
 		response.setHeader(HttpHeaders.CONTENT_TYPE, responseEntity.getHeaders().getContentType().toString());
 		response.setContent(responseEntity.getBody());
-
 		if (response.getStatusCode() != HTTPResponse.SC_OK) {
 			throw new OAuth2IntrospectionException("Introspection endpoint responded with " + response.getStatusCode());
 		}
@@ -219,12 +209,10 @@ public class NimbusOpaqueTokenIntrospector implements OpaqueTokenIntrospector {
 		if (response.getScope() != null) {
 			List<String> scopes = Collections.unmodifiableList(response.getScope().toStringList());
 			claims.put(OAuth2IntrospectionClaimNames.SCOPE, scopes);
-
 			for (String scope : scopes) {
 				authorities.add(new SimpleGrantedAuthority(this.authorityPrefix + scope));
 			}
 		}
-
 		return new OAuth2IntrospectionAuthenticatedPrincipal(claims, authorities);
 	}
 
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/NimbusReactiveOpaqueTokenIntrospector.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/NimbusReactiveOpaqueTokenIntrospector.java
index 5a6603b8a0..28eca19b62 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/NimbusReactiveOpaqueTokenIntrospector.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/NimbusReactiveOpaqueTokenIntrospector.java
@@ -54,9 +54,9 @@ import org.springframework.web.reactive.function.client.WebClient;
  */
 public class NimbusReactiveOpaqueTokenIntrospector implements ReactiveOpaqueTokenIntrospector {
 
-	private URI introspectionUri;
+	private final URI introspectionUri;
 
-	private WebClient webClient;
+	private final WebClient webClient;
 
 	private String authorityPrefix = "SCOPE_";
 
@@ -71,7 +71,6 @@ public class NimbusReactiveOpaqueTokenIntrospector implements ReactiveOpaqueToke
 		Assert.hasText(introspectionUri, "introspectionUri cannot be empty");
 		Assert.hasText(clientId, "clientId cannot be empty");
 		Assert.notNull(clientSecret, "clientSecret cannot be null");
-
 		this.introspectionUri = URI.create(introspectionUri);
 		this.webClient = WebClient.builder().defaultHeaders((h) -> h.setBasicAuth(clientId, clientSecret)).build();
 	}
@@ -85,14 +84,10 @@ public class NimbusReactiveOpaqueTokenIntrospector implements ReactiveOpaqueToke
 	public NimbusReactiveOpaqueTokenIntrospector(String introspectionUri, WebClient webClient) {
 		Assert.hasText(introspectionUri, "introspectionUri cannot be null");
 		Assert.notNull(webClient, "webClient cannot be null");
-
 		this.introspectionUri = URI.create(introspectionUri);
 		this.webClient = webClient;
 	}
 
-	/**
-	 * {@inheritDoc}
-	 */
 	@Override
 	public Mono<OAuth2AuthenticatedPrincipal> introspect(String token) {
 		return Mono.just(token).flatMap(this::makeRequest).flatMap(this::adaptToNimbusResponse)
@@ -177,7 +172,6 @@ public class NimbusReactiveOpaqueTokenIntrospector implements ReactiveOpaqueToke
 				authorities.add(new SimpleGrantedAuthority(this.authorityPrefix + scope));
 			}
 		}
-
 		return new OAuth2IntrospectionAuthenticatedPrincipal(claims, authorities);
 	}
 
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/OAuth2IntrospectionAuthenticatedPrincipal.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/OAuth2IntrospectionAuthenticatedPrincipal.java
index 338ff3ec56..08ec004143 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/OAuth2IntrospectionAuthenticatedPrincipal.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/OAuth2IntrospectionAuthenticatedPrincipal.java
@@ -45,7 +45,6 @@ public final class OAuth2IntrospectionAuthenticatedPrincipal
 	 */
 	public OAuth2IntrospectionAuthenticatedPrincipal(Map<String, Object> attributes,
 			Collection<GrantedAuthority> authorities) {
-
 		this.delegate = new DefaultOAuth2AuthenticatedPrincipal(attributes, authorities);
 	}
 
@@ -58,7 +57,6 @@ public final class OAuth2IntrospectionAuthenticatedPrincipal
 	 */
 	public OAuth2IntrospectionAuthenticatedPrincipal(String name, Map<String, Object> attributes,
 			Collection<GrantedAuthority> authorities) {
-
 		this.delegate = new DefaultOAuth2AuthenticatedPrincipal(name, attributes, authorities);
 	}
 
@@ -81,17 +79,11 @@ public final class OAuth2IntrospectionAuthenticatedPrincipal
 		return this.delegate.getAuthorities();
 	}
 
-	/**
-	 * {@inheritDoc}
-	 */
 	@Override
 	public String getName() {
 		return this.delegate.getName();
 	}
 
-	/**
-	 * {@inheritDoc}
-	 */
 	@Override
 	public Map<String, Object> getClaims() {
 		return getAttributes();
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationEntryPoint.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationEntryPoint.java
index b92d88ac19..f28cdd2c3b 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationEntryPoint.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationEntryPoint.java
@@ -59,41 +59,29 @@ public final class BearerTokenAuthenticationEntryPoint implements Authentication
 	@Override
 	public void commence(HttpServletRequest request, HttpServletResponse response,
 			AuthenticationException authException) {
-
 		HttpStatus status = HttpStatus.UNAUTHORIZED;
-
 		Map<String, String> parameters = new LinkedHashMap<>();
-
 		if (this.realmName != null) {
 			parameters.put("realm", this.realmName);
 		}
-
 		if (authException instanceof OAuth2AuthenticationException) {
 			OAuth2Error error = ((OAuth2AuthenticationException) authException).getError();
-
 			parameters.put("error", error.getErrorCode());
-
 			if (StringUtils.hasText(error.getDescription())) {
 				parameters.put("error_description", error.getDescription());
 			}
-
 			if (StringUtils.hasText(error.getUri())) {
 				parameters.put("error_uri", error.getUri());
 			}
-
 			if (error instanceof BearerTokenError) {
 				BearerTokenError bearerTokenError = (BearerTokenError) error;
-
 				if (StringUtils.hasText(bearerTokenError.getScope())) {
 					parameters.put("scope", bearerTokenError.getScope());
 				}
-
 				status = ((BearerTokenError) error).getHttpStatus();
 			}
 		}
-
 		String wwwAuthenticate = computeWWWAuthenticateHeaderValue(parameters);
-
 		response.addHeader(HttpHeaders.WWW_AUTHENTICATE, wwwAuthenticate);
 		response.setStatus(status.value());
 	}
@@ -109,20 +97,17 @@ public final class BearerTokenAuthenticationEntryPoint implements Authentication
 	private static String computeWWWAuthenticateHeaderValue(Map<String, String> parameters) {
 		StringBuilder wwwAuthenticate = new StringBuilder();
 		wwwAuthenticate.append("Bearer");
-
 		if (!parameters.isEmpty()) {
 			wwwAuthenticate.append(" ");
 			int i = 0;
 			for (Map.Entry<String, String> entry : parameters.entrySet()) {
 				wwwAuthenticate.append(entry.getKey()).append("=\"").append(entry.getValue()).append("\"");
-
 				if (i != parameters.size() - 1) {
 					wwwAuthenticate.append(", ");
 				}
 				i++;
 			}
 		}
-
 		return wwwAuthenticate.toString();
 	}
 
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationFilter.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationFilter.java
index 4abad2a8df..e69618545e 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationFilter.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationFilter.java
@@ -74,7 +74,6 @@ public final class BearerTokenAuthenticationFilter extends OncePerRequestFilter
 	 */
 	public BearerTokenAuthenticationFilter(
 			AuthenticationManagerResolver<HttpServletRequest> authenticationManagerResolver) {
-
 		Assert.notNull(authenticationManagerResolver, "authenticationManagerResolver cannot be null");
 		this.authenticationManagerResolver = authenticationManagerResolver;
 	}
@@ -101,11 +100,7 @@ public final class BearerTokenAuthenticationFilter extends OncePerRequestFilter
 	@Override
 	protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
 			throws ServletException, IOException {
-
-		final boolean debug = this.logger.isDebugEnabled();
-
 		String token;
-
 		try {
 			token = this.bearerTokenResolver.resolve(request);
 		}
@@ -113,33 +108,23 @@ public final class BearerTokenAuthenticationFilter extends OncePerRequestFilter
 			this.authenticationEntryPoint.commence(request, response, invalid);
 			return;
 		}
-
 		if (token == null) {
 			filterChain.doFilter(request, response);
 			return;
 		}
-
 		BearerTokenAuthenticationToken authenticationRequest = new BearerTokenAuthenticationToken(token);
-
 		authenticationRequest.setDetails(this.authenticationDetailsSource.buildDetails(request));
-
 		try {
 			AuthenticationManager authenticationManager = this.authenticationManagerResolver.resolve(request);
 			Authentication authenticationResult = authenticationManager.authenticate(authenticationRequest);
-
 			SecurityContext context = SecurityContextHolder.createEmptyContext();
 			context.setAuthentication(authenticationResult);
 			SecurityContextHolder.setContext(context);
-
 			filterChain.doFilter(request, response);
 		}
 		catch (AuthenticationException failed) {
 			SecurityContextHolder.clearContext();
-
-			if (debug) {
-				this.logger.debug("Authentication request for failed!", failed);
-			}
-
+			this.logger.debug("Authentication request for failed!", failed);
 			this.authenticationFailureHandler.onAuthenticationFailure(request, response, failed);
 		}
 	}
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/DefaultBearerTokenResolver.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/DefaultBearerTokenResolver.java
index aea2208569..db2fd78187 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/DefaultBearerTokenResolver.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/DefaultBearerTokenResolver.java
@@ -46,9 +46,6 @@ public final class DefaultBearerTokenResolver implements BearerTokenResolver {
 
 	private String bearerTokenHeaderName = HttpHeaders.AUTHORIZATION;
 
-	/**
-	 * {@inheritDoc}
-	 */
 	@Override
 	public String resolve(HttpServletRequest request) {
 		String authorizationHeaderToken = resolveFromAuthorizationHeader(request);
@@ -61,7 +58,7 @@ public final class DefaultBearerTokenResolver implements BearerTokenResolver {
 			}
 			return authorizationHeaderToken;
 		}
-		else if (parameterToken != null && isParameterTokenSupportedForRequest(request)) {
+		if (parameterToken != null && isParameterTokenSupportedForRequest(request)) {
 			return parameterToken;
 		}
 		return null;
@@ -104,17 +101,15 @@ public final class DefaultBearerTokenResolver implements BearerTokenResolver {
 
 	private String resolveFromAuthorizationHeader(HttpServletRequest request) {
 		String authorization = request.getHeader(this.bearerTokenHeaderName);
-		if (StringUtils.startsWithIgnoreCase(authorization, "bearer")) {
-			Matcher matcher = authorizationPattern.matcher(authorization);
-
-			if (!matcher.matches()) {
-				BearerTokenError error = BearerTokenErrors.invalidToken("Bearer token is malformed");
-				throw new OAuth2AuthenticationException(error);
-			}
-
-			return matcher.group("token");
+		if (!StringUtils.startsWithIgnoreCase(authorization, "bearer")) {
+			return null;
 		}
-		return null;
+		Matcher matcher = authorizationPattern.matcher(authorization);
+		if (!matcher.matches()) {
+			BearerTokenError error = BearerTokenErrors.invalidToken("Bearer token is malformed");
+			throw new OAuth2AuthenticationException(error);
+		}
+		return matcher.group("token");
 	}
 
 	private static String resolveFromRequestParameters(HttpServletRequest request) {
@@ -122,11 +117,9 @@ public final class DefaultBearerTokenResolver implements BearerTokenResolver {
 		if (values == null || values.length == 0) {
 			return null;
 		}
-
 		if (values.length == 1) {
 			return values[0];
 		}
-
 		BearerTokenError error = BearerTokenErrors.invalidRequest("Found multiple bearer tokens in the request");
 		throw new OAuth2AuthenticationException(error);
 	}
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/access/BearerTokenAccessDeniedHandler.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/access/BearerTokenAccessDeniedHandler.java
index 452f940d8c..043412492f 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/access/BearerTokenAccessDeniedHandler.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/access/BearerTokenAccessDeniedHandler.java
@@ -59,22 +59,17 @@ public final class BearerTokenAccessDeniedHandler implements AccessDeniedHandler
 	@Override
 	public void handle(HttpServletRequest request, HttpServletResponse response,
 			AccessDeniedException accessDeniedException) {
-
 		Map<String, String> parameters = new LinkedHashMap<>();
-
 		if (this.realmName != null) {
 			parameters.put("realm", this.realmName);
 		}
-
 		if (request.getUserPrincipal() instanceof AbstractOAuth2TokenAuthenticationToken) {
 			parameters.put("error", BearerTokenErrorCodes.INSUFFICIENT_SCOPE);
 			parameters.put("error_description",
 					"The request requires higher privileges than provided by the access token.");
 			parameters.put("error_uri", "https://tools.ietf.org/html/rfc6750#section-3.1");
 		}
-
 		String wwwAuthenticate = computeWWWAuthenticateHeaderValue(parameters);
-
 		response.addHeader(HttpHeaders.WWW_AUTHENTICATE, wwwAuthenticate);
 		response.setStatus(HttpStatus.FORBIDDEN.value());
 	}
@@ -90,20 +85,17 @@ public final class BearerTokenAccessDeniedHandler implements AccessDeniedHandler
 	private static String computeWWWAuthenticateHeaderValue(Map<String, String> parameters) {
 		StringBuilder wwwAuthenticate = new StringBuilder();
 		wwwAuthenticate.append("Bearer");
-
 		if (!parameters.isEmpty()) {
 			wwwAuthenticate.append(" ");
 			int i = 0;
 			for (Map.Entry<String, String> entry : parameters.entrySet()) {
 				wwwAuthenticate.append(entry.getKey()).append("=\"").append(entry.getValue()).append("\"");
-
 				if (i != parameters.size() - 1) {
 					wwwAuthenticate.append(", ");
 				}
 				i++;
 			}
 		}
-
 		return wwwAuthenticate.toString();
 	}
 
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/access/server/BearerTokenServerAccessDeniedHandler.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/access/server/BearerTokenServerAccessDeniedHandler.java
index a6b7884de0..3c07c3892a 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/access/server/BearerTokenServerAccessDeniedHandler.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/access/server/BearerTokenServerAccessDeniedHandler.java
@@ -55,13 +55,10 @@ public class BearerTokenServerAccessDeniedHandler implements ServerAccessDeniedH
 
 	@Override
 	public Mono<Void> handle(ServerWebExchange exchange, AccessDeniedException denied) {
-
 		Map<String, String> parameters = new LinkedHashMap<>();
-
 		if (this.realmName != null) {
 			parameters.put("realm", this.realmName);
 		}
-
 		return exchange.getPrincipal().filter(AbstractOAuth2TokenAuthenticationToken.class::isInstance)
 				.map((token) -> errorMessageParameters(parameters)).switchIfEmpty(Mono.just(parameters))
 				.flatMap((params) -> respond(exchange, params));
@@ -80,7 +77,6 @@ public class BearerTokenServerAccessDeniedHandler implements ServerAccessDeniedH
 		parameters.put("error_description",
 				"The request requires higher privileges than provided by the access token.");
 		parameters.put("error_uri", "https://tools.ietf.org/html/rfc6750#section-3.1");
-
 		return parameters;
 	}
 
@@ -105,7 +101,6 @@ public class BearerTokenServerAccessDeniedHandler implements ServerAccessDeniedH
 				i++;
 			}
 		}
-
 		return wwwAuthenticate.toString();
 	}
 
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServerBearerExchangeFilterFunction.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServerBearerExchangeFilterFunction.java
index 19d4839f1e..edb902bbee 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServerBearerExchangeFilterFunction.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServerBearerExchangeFilterFunction.java
@@ -51,9 +51,6 @@ import org.springframework.web.reactive.function.client.ExchangeFunction;
  */
 public final class ServerBearerExchangeFilterFunction implements ExchangeFilterFunction {
 
-	/**
-	 * {@inheritDoc}
-	 */
 	@Override
 	public Mono<ClientResponse> filter(ClientRequest request, ExchangeFunction next) {
 		return oauth2Token().map((token) -> bearer(request, token)).defaultIfEmpty(request).flatMap(next::exchange);
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServletBearerExchangeFilterFunction.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServletBearerExchangeFilterFunction.java
index 556c326cdd..f6a34f21c6 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServletBearerExchangeFilterFunction.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServletBearerExchangeFilterFunction.java
@@ -62,9 +62,6 @@ public final class ServletBearerExchangeFilterFunction implements ExchangeFilter
 
 	static final String SECURITY_REACTOR_CONTEXT_ATTRIBUTES_KEY = "org.springframework.security.SECURITY_CONTEXT_ATTRIBUTES";
 
-	/**
-	 * {@inheritDoc}
-	 */
 	@Override
 	public Mono<ClientResponse> filter(ClientRequest request, ExchangeFunction next) {
 		return oauth2Token().map((token) -> bearer(request, token)).defaultIfEmpty(request).flatMap(next::exchange);
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/server/BearerTokenServerAuthenticationEntryPoint.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/server/BearerTokenServerAuthenticationEntryPoint.java
index 3e8ded5d9c..167fa10c0b 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/server/BearerTokenServerAuthenticationEntryPoint.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/server/BearerTokenServerAuthenticationEntryPoint.java
@@ -59,7 +59,6 @@ public final class BearerTokenServerAuthenticationEntryPoint implements ServerAu
 	public Mono<Void> commence(ServerWebExchange exchange, AuthenticationException authException) {
 		return Mono.defer(() -> {
 			HttpStatus status = getStatus(authException);
-
 			Map<String, String> parameters = createParameters(authException);
 			String wwwAuthenticate = computeWWWAuthenticateHeaderValue(parameters);
 			ServerHttpResponse response = exchange.getResponse();
@@ -74,23 +73,17 @@ public final class BearerTokenServerAuthenticationEntryPoint implements ServerAu
 		if (this.realmName != null) {
 			parameters.put("realm", this.realmName);
 		}
-
 		if (authException instanceof OAuth2AuthenticationException) {
 			OAuth2Error error = ((OAuth2AuthenticationException) authException).getError();
-
 			parameters.put("error", error.getErrorCode());
-
 			if (StringUtils.hasText(error.getDescription())) {
 				parameters.put("error_description", error.getDescription());
 			}
-
 			if (StringUtils.hasText(error.getUri())) {
 				parameters.put("error_uri", error.getUri());
 			}
-
 			if (error instanceof BearerTokenError) {
 				BearerTokenError bearerTokenError = (BearerTokenError) error;
-
 				if (StringUtils.hasText(bearerTokenError.getScope())) {
 					parameters.put("scope", bearerTokenError.getScope());
 				}
@@ -112,7 +105,6 @@ public final class BearerTokenServerAuthenticationEntryPoint implements ServerAu
 	private static String computeWWWAuthenticateHeaderValue(Map<String, String> parameters) {
 		StringBuilder wwwAuthenticate = new StringBuilder();
 		wwwAuthenticate.append("Bearer");
-
 		if (!parameters.isEmpty()) {
 			wwwAuthenticate.append(" ");
 			int i = 0;
@@ -124,7 +116,6 @@ public final class BearerTokenServerAuthenticationEntryPoint implements ServerAu
 				i++;
 			}
 		}
-
 		return wwwAuthenticate.toString();
 	}
 
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/server/ServerBearerTokenAuthenticationConverter.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/server/ServerBearerTokenAuthenticationConverter.java
index dff1306dba..e4d3d6dfc9 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/server/ServerBearerTokenAuthenticationConverter.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/server/ServerBearerTokenAuthenticationConverter.java
@@ -74,7 +74,7 @@ public class ServerBearerTokenAuthenticationConverter implements ServerAuthentic
 			}
 			return authorizationHeaderToken;
 		}
-		else if (parameterToken != null && isParameterTokenSupportedForRequest(request)) {
+		if (parameterToken != null && isParameterTokenSupportedForRequest(request)) {
 			return parameterToken;
 		}
 		return null;
@@ -107,17 +107,15 @@ public class ServerBearerTokenAuthenticationConverter implements ServerAuthentic
 
 	private String resolveFromAuthorizationHeader(HttpHeaders headers) {
 		String authorization = headers.getFirst(this.bearerTokenHeaderName);
-		if (StringUtils.startsWithIgnoreCase(authorization, "bearer")) {
-			Matcher matcher = authorizationPattern.matcher(authorization);
-
-			if (!matcher.matches()) {
-				BearerTokenError error = invalidTokenError();
-				throw new OAuth2AuthenticationException(error);
-			}
-
-			return matcher.group("token");
+		if (!StringUtils.startsWithIgnoreCase(authorization, "bearer")) {
+			return null;
 		}
-		return null;
+		Matcher matcher = authorizationPattern.matcher(authorization);
+		if (!matcher.matches()) {
+			BearerTokenError error = invalidTokenError();
+			throw new OAuth2AuthenticationException(error);
+		}
+		return matcher.group("token");
 	}
 
 	private static BearerTokenError invalidTokenError() {

From 5924ed885b73f6a40e0fce8573c0474f5766971c Mon Sep 17 00:00:00 2001
From: Phillip Webb <pwebb@vmware.com>
Date: Fri, 31 Jul 2020 22:33:29 -0700
Subject: [PATCH 61/84] Polish spring-security-openid main code

Manually polish `spring-security-openid` following the formatting
and checkstyle fixes.

Issue gh-8945
---
 .../security/openid/OpenID4JavaConsumer.java  | 45 +++++----------
 .../openid/OpenIDAuthenticationFilter.java    | 25 +--------
 .../openid/OpenIDAuthenticationProvider.java  | 55 ++++++++-----------
 .../openid/OpenIDAuthenticationToken.java     |  1 -
 .../openid/RegexBasedAxFetchListFactory.java  |  1 -
 5 files changed, 38 insertions(+), 89 deletions(-)

diff --git a/openid/src/main/java/org/springframework/security/openid/OpenID4JavaConsumer.java b/openid/src/main/java/org/springframework/security/openid/OpenID4JavaConsumer.java
index aa8dac2356..33e65240e8 100644
--- a/openid/src/main/java/org/springframework/security/openid/OpenID4JavaConsumer.java
+++ b/openid/src/main/java/org/springframework/security/openid/OpenID4JavaConsumer.java
@@ -80,27 +80,28 @@ public class OpenID4JavaConsumer implements OpenIDConsumer {
 	@Override
 	public String beginConsumption(HttpServletRequest req, String identityUrl, String returnToUrl, String realm)
 			throws OpenIDConsumerException {
-		List<DiscoveryInformation> discoveries;
+		List<DiscoveryInformation> discoveries = getDiscoveries(identityUrl);
+		DiscoveryInformation information = this.consumerManager.associate(discoveries);
+		req.getSession().setAttribute(DISCOVERY_INFO_KEY, information);
+		AuthRequest authReq = getAuthRequest(req, identityUrl, returnToUrl, realm, information);
+		return authReq.getDestinationUrl(true);
+	}
 
+	private List<DiscoveryInformation> getDiscoveries(String identityUrl) throws OpenIDConsumerException {
 		try {
-			discoveries = this.consumerManager.discover(identityUrl);
+			return this.consumerManager.discover(identityUrl);
 		}
 		catch (DiscoveryException ex) {
 			throw new OpenIDConsumerException("Error during discovery", ex);
 		}
+	}
 
-		DiscoveryInformation information = this.consumerManager.associate(discoveries);
-		req.getSession().setAttribute(DISCOVERY_INFO_KEY, information);
-
-		AuthRequest authReq;
-
+	private AuthRequest getAuthRequest(HttpServletRequest req, String identityUrl, String returnToUrl, String realm,
+			DiscoveryInformation information) throws OpenIDConsumerException {
 		try {
-			authReq = this.consumerManager.authenticate(information, returnToUrl, realm);
-
+			AuthRequest authReq = this.consumerManager.authenticate(information, returnToUrl, realm);
 			this.logger.debug("Looking up attribute fetch list for identifier: " + identityUrl);
-
 			List<OpenIDAttribute> attributesToFetch = this.attributesToFetchFactory.createAttributeList(identityUrl);
-
 			if (!attributesToFetch.isEmpty()) {
 				req.getSession().setAttribute(ATTRIBUTE_LIST_KEY, attributesToFetch);
 				FetchRequest fetchRequest = FetchRequest.createFetchRequest();
@@ -112,12 +113,11 @@ public class OpenID4JavaConsumer implements OpenIDConsumer {
 				}
 				authReq.addExtension(fetchRequest);
 			}
+			return authReq;
 		}
 		catch (MessageException | ConsumerException ex) {
 			throw new OpenIDConsumerException("Error processing ConsumerManager authentication", ex);
 		}
-
-		return authReq.getDestinationUrl(true);
 	}
 
 	@Override
@@ -125,42 +125,32 @@ public class OpenID4JavaConsumer implements OpenIDConsumer {
 		// extract the parameters from the authentication response
 		// (which comes in as a HTTP request from the OpenID provider)
 		ParameterList openidResp = new ParameterList(request.getParameterMap());
-
 		// retrieve the previously stored discovery information
 		DiscoveryInformation discovered = (DiscoveryInformation) request.getSession().getAttribute(DISCOVERY_INFO_KEY);
-
 		if (discovered == null) {
 			throw new OpenIDConsumerException(
 					"DiscoveryInformation is not available. Possible causes are lost session or replay attack");
 		}
-
 		List<OpenIDAttribute> attributesToFetch = (List<OpenIDAttribute>) request.getSession()
 				.getAttribute(ATTRIBUTE_LIST_KEY);
-
 		request.getSession().removeAttribute(DISCOVERY_INFO_KEY);
 		request.getSession().removeAttribute(ATTRIBUTE_LIST_KEY);
-
 		// extract the receiving URL from the HTTP request
 		StringBuffer receivingURL = request.getRequestURL();
 		String queryString = request.getQueryString();
-
 		if (StringUtils.hasLength(queryString)) {
 			receivingURL.append("?").append(request.getQueryString());
 		}
-
 		// verify the response
 		VerificationResult verification;
-
 		try {
 			verification = this.consumerManager.verify(receivingURL.toString(), openidResp, discovered);
 		}
 		catch (MessageException | AssociationException | DiscoveryException ex) {
 			throw new OpenIDConsumerException("Error verifying openid response", ex);
 		}
-
 		// examine the verification result and extract the verified identifier
 		Identifier verified = verification.getVerifiedId();
-
 		if (verified == null) {
 			Identifier id = discovered.getClaimedIdentifier();
 			return new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.FAILURE,
@@ -168,30 +158,23 @@ public class OpenID4JavaConsumer implements OpenIDConsumer {
 					"Verification status message: [" + verification.getStatusMsg() + "]",
 					Collections.<OpenIDAttribute>emptyList());
 		}
-
 		List<OpenIDAttribute> attributes = fetchAxAttributes(verification.getAuthResponse(), attributesToFetch);
-
 		return new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.SUCCESS, verified.getIdentifier(),
 				"some message", attributes);
 	}
 
 	List<OpenIDAttribute> fetchAxAttributes(Message authSuccess, List<OpenIDAttribute> attributesToFetch)
 			throws OpenIDConsumerException {
-
 		if (attributesToFetch == null || !authSuccess.hasExtension(AxMessage.OPENID_NS_AX)) {
 			return Collections.emptyList();
 		}
-
 		this.logger.debug("Extracting attributes retrieved by attribute exchange");
-
 		List<OpenIDAttribute> attributes = Collections.emptyList();
-
 		try {
 			MessageExtension ext = authSuccess.getExtension(AxMessage.OPENID_NS_AX);
 			if (ext instanceof FetchResponse) {
 				FetchResponse fetchResp = (FetchResponse) ext;
 				attributes = new ArrayList<>(attributesToFetch.size());
-
 				for (OpenIDAttribute attr : attributesToFetch) {
 					List<String> values = fetchResp.getAttributeValues(attr.getName());
 					if (!values.isEmpty()) {
@@ -205,11 +188,9 @@ public class OpenID4JavaConsumer implements OpenIDConsumer {
 		catch (MessageException ex) {
 			throw new OpenIDConsumerException("Attribute retrieval failed", ex);
 		}
-
 		if (this.logger.isDebugEnabled()) {
 			this.logger.debug("Retrieved attributes" + attributes);
 		}
-
 		return attributes;
 	}
 
diff --git a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationFilter.java b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationFilter.java
index a8d65af41c..c0c3cffbb8 100644
--- a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationFilter.java
+++ b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationFilter.java
@@ -95,7 +95,6 @@ public class OpenIDAuthenticationFilter extends AbstractAuthenticationProcessing
 	@Override
 	public void afterPropertiesSet() {
 		super.afterPropertiesSet();
-
 		if (this.consumer == null) {
 			try {
 				this.consumer = new OpenID4JavaConsumer();
@@ -104,7 +103,6 @@ public class OpenIDAuthenticationFilter extends AbstractAuthenticationProcessing
 				throw new IllegalArgumentException("Failed to initialize OpenID", ex);
 			}
 		}
-
 		if (this.returnToUrlParameters.isEmpty() && getRememberMeServices() instanceof AbstractRememberMeServices) {
 			this.returnToUrlParameters = new HashSet<>();
 			this.returnToUrlParameters.add(((AbstractRememberMeServices) getRememberMeServices()).getParameter());
@@ -124,12 +122,9 @@ public class OpenIDAuthenticationFilter extends AbstractAuthenticationProcessing
 	public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
 			throws AuthenticationException, IOException {
 		OpenIDAuthenticationToken token;
-
 		String identity = request.getParameter("openid.identity");
-
 		if (!StringUtils.hasText(identity)) {
 			String claimedIdentity = obtainUsername(request);
-
 			try {
 				String returnToUrl = buildReturnToUrl(request);
 				String realm = lookupRealm(returnToUrl);
@@ -139,7 +134,6 @@ public class OpenIDAuthenticationFilter extends AbstractAuthenticationProcessing
 					this.logger.debug("Redirecting to " + openIdUrl);
 				}
 				response.sendRedirect(openIdUrl);
-
 				// Indicate to parent class that authentication is continuing.
 				return null;
 			}
@@ -149,34 +143,27 @@ public class OpenIDAuthenticationFilter extends AbstractAuthenticationProcessing
 						"Unable to process claimed identity '" + claimedIdentity + "'");
 			}
 		}
-
 		if (this.logger.isDebugEnabled()) {
 			this.logger.debug("Supplied OpenID identity is " + identity);
 		}
-
 		try {
 			token = this.consumer.endConsumption(request);
 		}
-		catch (OpenIDConsumerException oice) {
-			throw new AuthenticationServiceException("Consumer error", oice);
+		catch (OpenIDConsumerException ex) {
+			throw new AuthenticationServiceException("Consumer error", ex);
 		}
-
 		token.setDetails(this.authenticationDetailsSource.buildDetails(request));
-
 		// delegate to the authentication provider
 		Authentication authentication = this.getAuthenticationManager().authenticate(token);
-
 		return authentication;
 	}
 
 	protected String lookupRealm(String returnToUrl) {
 		String mapping = this.realmMapping.get(returnToUrl);
-
 		if (mapping == null) {
 			try {
 				URL url = new URL(returnToUrl);
 				int port = url.getPort();
-
 				StringBuilder realmBuffer = new StringBuilder(returnToUrl.length()).append(url.getProtocol())
 						.append("://").append(url.getHost());
 				if (port > 0) {
@@ -189,7 +176,6 @@ public class OpenIDAuthenticationFilter extends AbstractAuthenticationProcessing
 				this.logger.warn("returnToUrl was not a valid URL: [" + returnToUrl + "]", ex);
 			}
 		}
-
 		return mapping;
 	}
 
@@ -201,25 +187,20 @@ public class OpenIDAuthenticationFilter extends AbstractAuthenticationProcessing
 	 */
 	protected String buildReturnToUrl(HttpServletRequest request) {
 		StringBuffer sb = request.getRequestURL();
-
 		Iterator<String> iterator = this.returnToUrlParameters.iterator();
 		boolean isFirst = true;
-
 		while (iterator.hasNext()) {
 			String name = iterator.next();
 			// Assume for simplicity that there is only one value
 			String value = request.getParameter(name);
-
 			if (value == null) {
 				continue;
 			}
-
 			if (isFirst) {
 				sb.append("?");
 				isFirst = false;
 			}
 			sb.append(utf8UrlEncode(name)).append("=").append(utf8UrlEncode(value));
-
 			if (iterator.hasNext()) {
 				sb.append("&");
 			}
@@ -232,12 +213,10 @@ public class OpenIDAuthenticationFilter extends AbstractAuthenticationProcessing
 	 */
 	protected String obtainUsername(HttpServletRequest req) {
 		String claimedIdentity = req.getParameter(this.claimedIdentityFieldName);
-
 		if (!StringUtils.hasText(claimedIdentity)) {
 			this.logger.error("No claimed identity supplied in authentication request");
 			return "";
 		}
-
 		return claimedIdentity.trim();
 	}
 
diff --git a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationProvider.java b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationProvider.java
index d823896056..b1f71d54ff 100644
--- a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationProvider.java
+++ b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationProvider.java
@@ -66,42 +66,33 @@ public class OpenIDAuthenticationProvider implements AuthenticationProvider, Ini
 
 	@Override
 	public Authentication authenticate(final Authentication authentication) throws AuthenticationException {
-
 		if (!supports(authentication.getClass())) {
 			return null;
 		}
-
-		if (authentication instanceof OpenIDAuthenticationToken) {
-			OpenIDAuthenticationToken response = (OpenIDAuthenticationToken) authentication;
-			OpenIDAuthenticationStatus status = response.getStatus();
-
-			// handle the various possibilities
-			if (status == OpenIDAuthenticationStatus.SUCCESS) {
-				// Lookup user details
-				UserDetails userDetails = this.userDetailsService.loadUserDetails(response);
-
-				return createSuccessfulAuthentication(userDetails, response);
-
-			}
-			else if (status == OpenIDAuthenticationStatus.CANCELLED) {
-				throw new AuthenticationCancelledException("Log in cancelled");
-			}
-			else if (status == OpenIDAuthenticationStatus.ERROR) {
-				throw new AuthenticationServiceException("Error message from server: " + response.getMessage());
-			}
-			else if (status == OpenIDAuthenticationStatus.FAILURE) {
-				throw new BadCredentialsException("Log in failed - identity could not be verified");
-			}
-			else if (status == OpenIDAuthenticationStatus.SETUP_NEEDED) {
-				throw new AuthenticationServiceException(
-						"The server responded setup was needed, which shouldn't happen");
-			}
-			else {
-				throw new AuthenticationServiceException("Unrecognized return value " + status.toString());
-			}
+		if (!(authentication instanceof OpenIDAuthenticationToken)) {
+			return null;
 		}
-
-		return null;
+		OpenIDAuthenticationToken response = (OpenIDAuthenticationToken) authentication;
+		OpenIDAuthenticationStatus status = response.getStatus();
+		// handle the various possibilities
+		if (status == OpenIDAuthenticationStatus.SUCCESS) {
+			// Lookup user details
+			UserDetails userDetails = this.userDetailsService.loadUserDetails(response);
+			return createSuccessfulAuthentication(userDetails, response);
+		}
+		if (status == OpenIDAuthenticationStatus.CANCELLED) {
+			throw new AuthenticationCancelledException("Log in cancelled");
+		}
+		if (status == OpenIDAuthenticationStatus.ERROR) {
+			throw new AuthenticationServiceException("Error message from server: " + response.getMessage());
+		}
+		if (status == OpenIDAuthenticationStatus.FAILURE) {
+			throw new BadCredentialsException("Log in failed - identity could not be verified");
+		}
+		if (status == OpenIDAuthenticationStatus.SETUP_NEEDED) {
+			throw new AuthenticationServiceException("The server responded setup was needed, which shouldn't happen");
+		}
+		throw new AuthenticationServiceException("Unrecognized return value " + status.toString());
 	}
 
 	/**
diff --git a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationToken.java b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationToken.java
index 00192b67aa..3a3d0de93e 100644
--- a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationToken.java
+++ b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationToken.java
@@ -63,7 +63,6 @@ public class OpenIDAuthenticationToken extends AbstractAuthenticationToken {
 	 * Created by the <tt>OpenIDAuthenticationProvider</tt> on successful authentication.
 	 * @param principal usually the <tt>UserDetails</tt> returned by the configured
 	 * <tt>UserDetailsService</tt> used by the <tt>OpenIDAuthenticationProvider</tt>.
-	 *
 	 */
 	public OpenIDAuthenticationToken(Object principal, Collection<? extends GrantedAuthority> authorities,
 			String identityUrl, List<OpenIDAttribute> attributes) {
diff --git a/openid/src/main/java/org/springframework/security/openid/RegexBasedAxFetchListFactory.java b/openid/src/main/java/org/springframework/security/openid/RegexBasedAxFetchListFactory.java
index 12a98ef511..9a41eb1090 100644
--- a/openid/src/main/java/org/springframework/security/openid/RegexBasedAxFetchListFactory.java
+++ b/openid/src/main/java/org/springframework/security/openid/RegexBasedAxFetchListFactory.java
@@ -57,7 +57,6 @@ public class RegexBasedAxFetchListFactory implements AxFetchListFactory {
 				return entry.getValue();
 			}
 		}
-
 		return Collections.emptyList();
 	}
 

From 16819be43710e3a9de0e6094d000b8b75b707c56 Mon Sep 17 00:00:00 2001
From: Phillip Webb <pwebb@vmware.com>
Date: Fri, 31 Jul 2020 22:36:11 -0700
Subject: [PATCH 62/84] Polish spring-security-remoting main code

Manually polish `spring-security-remoting` following the formatting
and checkstyle fixes.

Issue gh-8945
---
 .../security/remoting/dns/JndiDnsResolver.java    |  7 +------
 .../rmi/ContextPropagatingRemoteInvocation.java   | 15 +++------------
 2 files changed, 4 insertions(+), 18 deletions(-)

diff --git a/remoting/src/main/java/org/springframework/security/remoting/dns/JndiDnsResolver.java b/remoting/src/main/java/org/springframework/security/remoting/dns/JndiDnsResolver.java
index d0be53f5f0..fb406cb15c 100644
--- a/remoting/src/main/java/org/springframework/security/remoting/dns/JndiDnsResolver.java
+++ b/remoting/src/main/java/org/springframework/security/remoting/dns/JndiDnsResolver.java
@@ -98,7 +98,6 @@ public class JndiDnsResolver implements DnsResolver {
 			// (highest number)
 			int highestPriority = -1;
 			int highestWeight = -1;
-
 			for (NamingEnumeration<?> recordEnum = dnsRecord.getAll(); recordEnum.hasMoreElements();) {
 				String[] record = recordEnum.next().toString().split(" ");
 				if (record.length != 4) {
@@ -123,7 +122,6 @@ public class JndiDnsResolver implements DnsResolver {
 		catch (NamingException ex) {
 			throw new DnsLookupException("DNS lookup failed for service " + serviceType + " at " + domain, ex);
 		}
-
 		// remove the "." at the end
 		if (result.endsWith(".")) {
 			result = result.substring(0, result.length() - 1);
@@ -134,7 +132,6 @@ public class JndiDnsResolver implements DnsResolver {
 	private Attribute lookup(String query, DirContext ictx, String recordType) {
 		try {
 			Attributes dnsResult = ictx.getAttributes(query, new String[] { recordType });
-
 			return dnsResult.get(recordType);
 		}
 		catch (NamingException ex) {
@@ -152,14 +149,12 @@ public class JndiDnsResolver implements DnsResolver {
 			Hashtable<String, String> env = new Hashtable<>();
 			env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.dns.DnsContextFactory");
 			env.put(Context.PROVIDER_URL, "dns:"); // This is needed for IBM JDK/JRE
-			InitialDirContext ictx;
 			try {
-				ictx = new InitialDirContext(env);
+				return new InitialDirContext(env);
 			}
 			catch (NamingException ex) {
 				throw new DnsLookupException("Cannot create InitialDirContext for DNS lookup", ex);
 			}
-			return ictx;
 		}
 
 	}
diff --git a/remoting/src/main/java/org/springframework/security/remoting/rmi/ContextPropagatingRemoteInvocation.java b/remoting/src/main/java/org/springframework/security/remoting/rmi/ContextPropagatingRemoteInvocation.java
index 0f6bffb0c9..56563301ae 100644
--- a/remoting/src/main/java/org/springframework/security/remoting/rmi/ContextPropagatingRemoteInvocation.java
+++ b/remoting/src/main/java/org/springframework/security/remoting/rmi/ContextPropagatingRemoteInvocation.java
@@ -22,6 +22,7 @@ import org.aopalliance.intercept.MethodInvocation;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
+import org.springframework.core.log.LogMessage;
 import org.springframework.remoting.support.RemoteInvocation;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
@@ -61,7 +62,6 @@ public class ContextPropagatingRemoteInvocation extends RemoteInvocation {
 	public ContextPropagatingRemoteInvocation(MethodInvocation methodInvocation) {
 		super(methodInvocation);
 		Authentication currentUser = SecurityContextHolder.getContext().getAuthentication();
-
 		if (currentUser != null) {
 			this.principal = currentUser.getName();
 			Object userCredentials = currentUser.getCredentials();
@@ -71,7 +71,6 @@ public class ContextPropagatingRemoteInvocation extends RemoteInvocation {
 			this.credentials = null;
 			this.principal = null;
 		}
-
 		if (logger.isDebugEnabled()) {
 			logger.debug("RemoteInvocation now has principal: " + this.principal);
 			if (this.credentials == null) {
@@ -95,26 +94,18 @@ public class ContextPropagatingRemoteInvocation extends RemoteInvocation {
 	@Override
 	public Object invoke(Object targetObject)
 			throws NoSuchMethodException, IllegalAccessException, InvocationTargetException {
-
 		if (this.principal != null) {
 			Authentication request = createAuthenticationRequest(this.principal, this.credentials);
 			request.setAuthenticated(false);
 			SecurityContextHolder.getContext().setAuthentication(request);
-
-			if (logger.isDebugEnabled()) {
-				logger.debug("Set SecurityContextHolder to contain: " + request);
-			}
+			logger.debug(LogMessage.format("Set SecurityContextHolder to contain: %s", request));
 		}
-
 		try {
 			return super.invoke(targetObject);
 		}
 		finally {
 			SecurityContextHolder.clearContext();
-
-			if (logger.isDebugEnabled()) {
-				logger.debug("Cleared SecurityContextHolder.");
-			}
+			logger.debug("Cleared SecurityContextHolder.");
 		}
 	}
 

From e8094b8cf2bc9fa6d0f7a5509c431b1dbbf4e149 Mon Sep 17 00:00:00 2001
From: Phillip Webb <pwebb@vmware.com>
Date: Fri, 31 Jul 2020 22:41:38 -0700
Subject: [PATCH 63/84] Polish spring-security-rsocket main code

Manually polish `spring-security-rsocket` following the formatting
and checkstyle fixes.

Issue gh-8945
---
 .../AnonymousPayloadInterceptor.java               |  6 +++---
 .../AuthenticationPayloadExchangeConverter.java    |  4 ++--
 ...xchangeMatcherReactiveAuthorizationManager.java |  3 ++-
 .../rsocket/core/PayloadSocketAcceptor.java        |  2 --
 .../metadata/BasicAuthenticationDecoder.java       |  1 -
 .../util/matcher/PayloadExchangeMatchers.java      | 14 ++++++++++----
 .../util/matcher/RoutePayloadExchangeMatcher.java  |  5 ++---
 7 files changed, 19 insertions(+), 16 deletions(-)

diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/authentication/AnonymousPayloadInterceptor.java b/rsocket/src/main/java/org/springframework/security/rsocket/authentication/AnonymousPayloadInterceptor.java
index e659bb6850..ae1b9e2846 100644
--- a/rsocket/src/main/java/org/springframework/security/rsocket/authentication/AnonymousPayloadInterceptor.java
+++ b/rsocket/src/main/java/org/springframework/security/rsocket/authentication/AnonymousPayloadInterceptor.java
@@ -39,11 +39,11 @@ import org.springframework.util.Assert;
  */
 public class AnonymousPayloadInterceptor implements PayloadInterceptor, Ordered {
 
-	private String key;
+	private final String key;
 
-	private Object principal;
+	private final Object principal;
 
-	private List<GrantedAuthority> authorities;
+	private final List<GrantedAuthority> authorities;
 
 	private int order;
 
diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadExchangeConverter.java b/rsocket/src/main/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadExchangeConverter.java
index ebc4d6cfc2..25e3d82611 100644
--- a/rsocket/src/main/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadExchangeConverter.java
+++ b/rsocket/src/main/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadExchangeConverter.java
@@ -56,7 +56,7 @@ public class AuthenticationPayloadExchangeConverter implements PayloadExchangeAu
 	private static final MimeType AUTHENTICATION_MIME_TYPE = MimeTypeUtils
 			.parseMimeType(WellKnownMimeType.MESSAGE_RSOCKET_AUTHENTICATION.getString());
 
-	private MetadataExtractor metadataExtractor = createDefaultExtractor();
+	private final MetadataExtractor metadataExtractor = createDefaultExtractor();
 
 	@Override
 	public Mono<Authentication> convert(PayloadExchange exchange) {
@@ -79,7 +79,7 @@ public class AuthenticationPayloadExchangeConverter implements PayloadExchangeAu
 		if (WellKnownAuthType.SIMPLE.equals(wellKnownAuthType)) {
 			return simple(rawAuthentication);
 		}
-		else if (WellKnownAuthType.BEARER.equals(wellKnownAuthType)) {
+		if (WellKnownAuthType.BEARER.equals(wellKnownAuthType)) {
 			return bearer(rawAuthentication);
 		}
 		throw new IllegalArgumentException("Unknown Mime Type " + wellKnownAuthType);
diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/authorization/PayloadExchangeMatcherReactiveAuthorizationManager.java b/rsocket/src/main/java/org/springframework/security/rsocket/authorization/PayloadExchangeMatcherReactiveAuthorizationManager.java
index 13e43d15ca..295d460b2f 100644
--- a/rsocket/src/main/java/org/springframework/security/rsocket/authorization/PayloadExchangeMatcherReactiveAuthorizationManager.java
+++ b/rsocket/src/main/java/org/springframework/security/rsocket/authorization/PayloadExchangeMatcherReactiveAuthorizationManager.java
@@ -28,6 +28,7 @@ import org.springframework.security.core.Authentication;
 import org.springframework.security.rsocket.api.PayloadExchange;
 import org.springframework.security.rsocket.util.matcher.PayloadExchangeAuthorizationContext;
 import org.springframework.security.rsocket.util.matcher.PayloadExchangeMatcher;
+import org.springframework.security.rsocket.util.matcher.PayloadExchangeMatcher.MatchResult;
 import org.springframework.security.rsocket.util.matcher.PayloadExchangeMatcherEntry;
 import org.springframework.util.Assert;
 
@@ -53,7 +54,7 @@ public final class PayloadExchangeMatcherReactiveAuthorizationManager
 	public Mono<AuthorizationDecision> check(Mono<Authentication> authentication, PayloadExchange exchange) {
 		return Flux.fromIterable(this.mappings)
 				.concatMap((mapping) -> mapping.getMatcher().matches(exchange)
-						.filter(PayloadExchangeMatcher.MatchResult::isMatch).map((r) -> r.getVariables())
+						.filter(PayloadExchangeMatcher.MatchResult::isMatch).map(MatchResult::getVariables)
 						.flatMap((variables) -> mapping.getEntry().check(authentication,
 								new PayloadExchangeAuthorizationContext(exchange, variables))))
 				.next().switchIfEmpty(Mono.fromCallable(() -> new AuthorizationDecision(false)));
diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/core/PayloadSocketAcceptor.java b/rsocket/src/main/java/org/springframework/security/rsocket/core/PayloadSocketAcceptor.java
index 71e4383b50..ebd0ed7d5c 100644
--- a/rsocket/src/main/java/org/springframework/security/rsocket/core/PayloadSocketAcceptor.java
+++ b/rsocket/src/main/java/org/springframework/security/rsocket/core/PayloadSocketAcceptor.java
@@ -66,10 +66,8 @@ class PayloadSocketAcceptor implements SocketAcceptor {
 	public Mono<RSocket> accept(ConnectionSetupPayload setup, RSocket sendingSocket) {
 		MimeType dataMimeType = parseMimeType(setup.dataMimeType(), this.defaultDataMimeType);
 		Assert.notNull(dataMimeType, "No `dataMimeType` in ConnectionSetupPayload and no default value");
-
 		MimeType metadataMimeType = parseMimeType(setup.metadataMimeType(), this.defaultMetadataMimeType);
 		Assert.notNull(metadataMimeType, "No `metadataMimeType` in ConnectionSetupPayload and no default value");
-
 		// FIXME do we want to make the sendingSocket available in the PayloadExchange
 		return intercept(setup, dataMimeType, metadataMimeType)
 				.flatMap(
diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/metadata/BasicAuthenticationDecoder.java b/rsocket/src/main/java/org/springframework/security/rsocket/metadata/BasicAuthenticationDecoder.java
index 07ba2ab348..9876fa477e 100644
--- a/rsocket/src/main/java/org/springframework/security/rsocket/metadata/BasicAuthenticationDecoder.java
+++ b/rsocket/src/main/java/org/springframework/security/rsocket/metadata/BasicAuthenticationDecoder.java
@@ -48,7 +48,6 @@ public class BasicAuthenticationDecoder extends AbstractDecoder<UsernamePassword
 		return Flux.from(input).map(DataBuffer::asByteBuffer).map((byteBuffer) -> {
 			byte[] sizeBytes = new byte[4];
 			byteBuffer.get(sizeBytes);
-
 			int usernameSize = 4;
 			byte[] usernameBytes = new byte[usernameSize];
 			byteBuffer.get(usernameBytes);
diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/util/matcher/PayloadExchangeMatchers.java b/rsocket/src/main/java/org/springframework/security/rsocket/util/matcher/PayloadExchangeMatchers.java
index 4285f158e4..ef96a1b1c9 100644
--- a/rsocket/src/main/java/org/springframework/security/rsocket/util/matcher/PayloadExchangeMatchers.java
+++ b/rsocket/src/main/java/org/springframework/security/rsocket/util/matcher/PayloadExchangeMatchers.java
@@ -24,37 +24,43 @@ import org.springframework.security.rsocket.api.PayloadExchangeType;
 /**
  * @author Rob Winch
  */
-public abstract class PayloadExchangeMatchers {
+public final class PayloadExchangeMatchers {
+
+	private PayloadExchangeMatchers() {
+	}
 
 	public static PayloadExchangeMatcher setup() {
 		return new PayloadExchangeMatcher() {
+
 			@Override
 			public Mono<MatchResult> matches(PayloadExchange exchange) {
 				return PayloadExchangeType.SETUP.equals(exchange.getType()) ? MatchResult.match()
 						: MatchResult.notMatch();
 			}
+
 		};
 	}
 
 	public static PayloadExchangeMatcher anyRequest() {
 		return new PayloadExchangeMatcher() {
+
 			@Override
 			public Mono<MatchResult> matches(PayloadExchange exchange) {
 				return exchange.getType().isRequest() ? MatchResult.match() : MatchResult.notMatch();
 			}
+
 		};
 	}
 
 	public static PayloadExchangeMatcher anyExchange() {
 		return new PayloadExchangeMatcher() {
+
 			@Override
 			public Mono<MatchResult> matches(PayloadExchange exchange) {
 				return MatchResult.match();
 			}
+
 		};
 	}
 
-	private PayloadExchangeMatchers() {
-	}
-
 }
diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/util/matcher/RoutePayloadExchangeMatcher.java b/rsocket/src/main/java/org/springframework/security/rsocket/util/matcher/RoutePayloadExchangeMatcher.java
index ca9fe9d9ef..d4c4ab8dbe 100644
--- a/rsocket/src/main/java/org/springframework/security/rsocket/util/matcher/RoutePayloadExchangeMatcher.java
+++ b/rsocket/src/main/java/org/springframework/security/rsocket/util/matcher/RoutePayloadExchangeMatcher.java
@@ -26,10 +26,9 @@ import org.springframework.security.rsocket.api.PayloadExchange;
 import org.springframework.util.Assert;
 import org.springframework.util.RouteMatcher;
 
+// FIXME: Pay attention to the package this goes into. It requires spring-messaging for the MetadataExtractor.
+
 /**
- * FIXME: Pay attention to the package this goes into. It requires spring-messaging for
- * the MetadataExtractor.
- *
  * @author Rob Winch
  * @since 5.2
  */

From 1f03608b739ba61b7d334a1a37d8a5bc5add4ef2 Mon Sep 17 00:00:00 2001
From: Phillip Webb <pwebb@vmware.com>
Date: Fri, 31 Jul 2020 22:59:05 -0700
Subject: [PATCH 64/84] Polish spring-security-saml2 main code

Manually polish `spring-security-saml2` following the formatting
and checkstyle fixes.

Issue gh-8945
---
 .../core/OpenSamlInitializationService.java   |  33 ++--
 .../saml2/core/Saml2X509Credential.java       |  18 +-
 .../credentials/Saml2X509Credential.java      |  30 ++--
 .../DefaultSaml2AuthenticatedPrincipal.java   |   1 -
 .../OpenSamlAuthenticationProvider.java       | 160 +++++++-----------
 .../OpenSamlAuthenticationRequestFactory.java |  11 --
 .../Saml2AuthenticationException.java         |   2 +-
 .../Saml2AuthenticationToken.java             |   1 -
 .../Saml2PostAuthenticationRequest.java       |   1 -
 .../Saml2RedirectAuthenticationRequest.java   |   1 -
 .../metadata/OpenSamlMetadataResolver.java    |   8 -
 ...gistrationBuilderHttpMessageConverter.java |  39 +++--
 .../RelyingPartyRegistration.java             |   6 -
 .../servlet/filter/Saml2ServletUtils.java     |   2 -
 ...aml2WebSsoAuthenticationRequestFilter.java |  56 +++---
 ...faultRelyingPartyRegistrationResolver.java |   3 -
 ...2AuthenticationRequestContextResolver.java |   3 -
 .../Saml2AuthenticationTokenConverter.java    |  13 +-
 .../service/web/Saml2MetadataFilter.java      |   4 -
 .../security/saml2/core/Saml2Utils.java       |  17 +-
 20 files changed, 179 insertions(+), 230 deletions(-)

diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/core/OpenSamlInitializationService.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/core/OpenSamlInitializationService.java
index d617fdafc1..a923760be1 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/core/OpenSamlInitializationService.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/core/OpenSamlInitializationService.java
@@ -118,27 +118,15 @@ public final class OpenSamlInitializationService {
 	private static boolean initialize(Consumer<XMLObjectProviderRegistry> registryConsumer) {
 		if (initialized.compareAndSet(false, true)) {
 			log.trace("Initializing OpenSAML");
-
 			try {
 				InitializationService.initialize();
 			}
 			catch (Exception ex) {
 				throw new Saml2Exception(ex);
 			}
-
 			BasicParserPool parserPool = new BasicParserPool();
 			parserPool.setMaxPoolSize(50);
-
-			Map<String, Boolean> parserBuilderFeatures = new HashMap<>();
-			parserBuilderFeatures.put("http://apache.org/xml/features/disallow-doctype-decl", Boolean.TRUE);
-			parserBuilderFeatures.put(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
-			parserBuilderFeatures.put("http://xml.org/sax/features/external-general-entities", Boolean.FALSE);
-			parserBuilderFeatures.put("http://apache.org/xml/features/validation/schema/normalized-value",
-					Boolean.FALSE);
-			parserBuilderFeatures.put("http://xml.org/sax/features/external-parameter-entities", Boolean.FALSE);
-			parserBuilderFeatures.put("http://apache.org/xml/features/dom/defer-node-expansion", Boolean.FALSE);
-			parserPool.setBuilderFeatures(parserBuilderFeatures);
-
+			parserPool.setBuilderFeatures(getParserBuilderFeatures());
 			try {
 				parserPool.initialize();
 			}
@@ -146,16 +134,23 @@ public final class OpenSamlInitializationService {
 				throw new Saml2Exception(ex);
 			}
 			XMLObjectProviderRegistrySupport.setParserPool(parserPool);
-
 			registryConsumer.accept(ConfigurationService.get(XMLObjectProviderRegistry.class));
-
 			log.debug("Initialized OpenSAML");
 			return true;
 		}
-		else {
-			log.debug("Refused to re-initialize OpenSAML");
-			return false;
-		}
+		log.debug("Refused to re-initialize OpenSAML");
+		return false;
+	}
+
+	private static Map<String, Boolean> getParserBuilderFeatures() {
+		Map<String, Boolean> parserBuilderFeatures = new HashMap<>();
+		parserBuilderFeatures.put("http://apache.org/xml/features/disallow-doctype-decl", Boolean.TRUE);
+		parserBuilderFeatures.put(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
+		parserBuilderFeatures.put("http://xml.org/sax/features/external-general-entities", Boolean.FALSE);
+		parserBuilderFeatures.put("http://apache.org/xml/features/validation/schema/normalized-value", Boolean.FALSE);
+		parserBuilderFeatures.put("http://xml.org/sax/features/external-parameter-entities", Boolean.FALSE);
+		parserBuilderFeatures.put("http://apache.org/xml/features/dom/defer-node-expansion", Boolean.FALSE);
+		return parserBuilderFeatures;
 	}
 
 }
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/core/Saml2X509Credential.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/core/Saml2X509Credential.java
index 170739cee6..4fde34733c 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/core/Saml2X509Credential.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/core/Saml2X509Credential.java
@@ -37,12 +37,6 @@ import org.springframework.util.Assert;
  */
 public final class Saml2X509Credential {
 
-	public enum Saml2X509CredentialType {
-
-		VERIFICATION, ENCRYPTION, SIGNING, DECRYPTION,
-
-	}
-
 	private final PrivateKey privateKey;
 
 	private final X509Certificate certificate;
@@ -225,4 +219,16 @@ public final class Saml2X509Credential {
 		}
 	}
 
+	public enum Saml2X509CredentialType {
+
+		VERIFICATION,
+
+		ENCRYPTION,
+
+		SIGNING,
+
+		DECRYPTION,
+
+	}
+
 }
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/credentials/Saml2X509Credential.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/credentials/Saml2X509Credential.java
index f139890141..0649f09e3d 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/credentials/Saml2X509Credential.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/credentials/Saml2X509Credential.java
@@ -39,18 +39,6 @@ import org.springframework.util.Assert;
 @Deprecated
 public class Saml2X509Credential {
 
-	/**
-	 * @deprecated Use
-	 * {@link org.springframework.security.saml2.core.Saml2X509Credential.Saml2X509CredentialType}
-	 * instead
-	 */
-	@Deprecated
-	public enum Saml2X509CredentialType {
-
-		VERIFICATION, ENCRYPTION, SIGNING, DECRYPTION,
-
-	}
-
 	private final PrivateKey privateKey;
 
 	private final X509Certificate certificate;
@@ -199,4 +187,22 @@ public class Saml2X509Credential {
 		}
 	}
 
+	/**
+	 * @deprecated Use
+	 * {@link org.springframework.security.saml2.core.Saml2X509Credential.Saml2X509CredentialType}
+	 * instead
+	 */
+	@Deprecated
+	public enum Saml2X509CredentialType {
+
+		VERIFICATION,
+
+		ENCRYPTION,
+
+		SIGNING,
+
+		DECRYPTION,
+
+	}
+
 }
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/DefaultSaml2AuthenticatedPrincipal.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/DefaultSaml2AuthenticatedPrincipal.java
index b282f581db..8e1ac9270b 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/DefaultSaml2AuthenticatedPrincipal.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/DefaultSaml2AuthenticatedPrincipal.java
@@ -37,7 +37,6 @@ public class DefaultSaml2AuthenticatedPrincipal implements Saml2AuthenticatedPri
 	public DefaultSaml2AuthenticatedPrincipal(String name, Map<String, List<Object>> attributes) {
 		Assert.notNull(name, "name cannot be null");
 		Assert.notNull(attributes, "attributes cannot be null");
-
 		this.name = name;
 		this.attributes = attributes;
 	}
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProvider.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProvider.java
index 3c1f122d1a..796c006402 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProvider.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProvider.java
@@ -100,6 +100,7 @@ import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 
 import org.springframework.core.convert.converter.Converter;
+import org.springframework.core.log.LogMessage;
 import org.springframework.security.authentication.AbstractAuthenticationToken;
 import org.springframework.security.authentication.AuthenticationProvider;
 import org.springframework.security.core.Authentication;
@@ -182,24 +183,16 @@ public final class OpenSamlAuthenticationProvider implements AuthenticationProvi
 
 	private Duration responseTimeValidationSkew = Duration.ofMinutes(5);
 
-	private Function<Saml2AuthenticationToken, Converter<Response, AbstractAuthenticationToken>> authenticationConverter = (
-			token) -> (response) -> {
-				Assertion assertion = CollectionUtils.firstElement(response.getAssertions());
-				String username = assertion.getSubject().getNameID().getValue();
-				Map<String, List<Object>> attributes = getAssertionAttributes(assertion);
-				return new Saml2Authentication(new DefaultSaml2AuthenticatedPrincipal(username, attributes),
-						token.getSaml2Response(),
-						this.authoritiesMapper.mapAuthorities(getAssertionAuthorities(assertion)));
-			};
+	private Function<Saml2AuthenticationToken, Converter<Response, AbstractAuthenticationToken>> authenticationConverter = this::getAuthenticationConverter;
 
 	private Converter<Saml2AuthenticationToken, SignatureTrustEngine> signatureTrustEngineConverter = new SignatureTrustEngineConverter();
 
-	private Converter<Tuple, SAML20AssertionValidator> assertionValidatorConverter = new SAML20AssertionValidatorConverter();
+	private Converter<TokenAndResponse, SAML20AssertionValidator> assertionValidatorConverter = new SAML20AssertionValidatorConverter();
 
 	private Collection<ConditionValidator> conditionValidators = Collections
 			.singleton(new AudienceRestrictionConditionValidator());
 
-	private Converter<Tuple, ValidationContext> validationContextConverter = new ValidationContextConverter();
+	private Converter<TokenAndResponse, ValidationContext> validationContextConverter = new ValidationContextConverter();
 
 	private Converter<Saml2AuthenticationToken, Decrypter> decrypterConverter = new DecrypterConverter();
 
@@ -220,7 +213,6 @@ public final class OpenSamlAuthenticationProvider implements AuthenticationProvi
 	 * @since 5.4
 	 */
 	public void setConditionValidators(Collection<ConditionValidator> conditionValidators) {
-
 		Assert.notEmpty(conditionValidators, "conditionValidators cannot be empty");
 		this.conditionValidators = conditionValidators;
 	}
@@ -231,8 +223,8 @@ public final class OpenSamlAuthenticationProvider implements AuthenticationProvi
 	 * @param validationContextConverter the strategy to use
 	 * @since 5.4
 	 */
-	public void setValidationContextConverter(Converter<Tuple, ValidationContext> validationContextConverter) {
-
+	public void setValidationContextConverter(
+			Converter<TokenAndResponse, ValidationContext> validationContextConverter) {
 		Assert.notNull(validationContextConverter, "validationContextConverter cannot be empty");
 		this.validationContextConverter = validationContextConverter;
 	}
@@ -289,13 +281,10 @@ public final class OpenSamlAuthenticationProvider implements AuthenticationProvi
 			throw ex;
 		}
 		catch (Exception ex) {
-			throw authException(Saml2ErrorCodes.INTERNAL_VALIDATION_ERROR, ex.getMessage(), ex);
+			throw createAuthenticationException(Saml2ErrorCodes.INTERNAL_VALIDATION_ERROR, ex.getMessage(), ex);
 		}
 	}
 
-	/**
-	 * {@inheritDoc}
-	 */
 	@Override
 	public boolean supports(Class<?> authentication) {
 		return authentication != null && Saml2AuthenticationToken.class.isAssignableFrom(authentication);
@@ -313,39 +302,32 @@ public final class OpenSamlAuthenticationProvider implements AuthenticationProvi
 			return (Response) this.responseUnmarshaller.unmarshall(element);
 		}
 		catch (Exception ex) {
-			throw authException(Saml2ErrorCodes.MALFORMED_RESPONSE_DATA, ex.getMessage(), ex);
+			throw createAuthenticationException(Saml2ErrorCodes.MALFORMED_RESPONSE_DATA, ex.getMessage(), ex);
 		}
 	}
 
 	private void process(Saml2AuthenticationToken token, Response response) {
 		String issuer = response.getIssuer().getValue();
-		if (logger.isDebugEnabled()) {
-			logger.debug("Processing SAML response from " + issuer);
-		}
-
+		logger.debug(LogMessage.format("Processing SAML response from %s", issuer));
 		boolean responseSigned = response.isSigned();
 		Map<String, Saml2AuthenticationException> validationExceptions = validateResponse(token, response);
-
 		Decrypter decrypter = this.decrypterConverter.convert(token);
 		List<Assertion> assertions = decryptAssertions(decrypter, response);
 		if (!isSigned(responseSigned, assertions)) {
-			throw authException(Saml2ErrorCodes.INVALID_SIGNATURE,
-					"Either the response or one of the assertions is unsigned. "
-							+ "Please either sign the response or all of the assertions.");
+			String description = "Either the response or one of the assertions is unsigned. "
+					+ "Please either sign the response or all of the assertions.";
+			throw createAuthenticationException(Saml2ErrorCodes.INVALID_SIGNATURE, description, null);
 		}
 		validationExceptions.putAll(validateAssertions(token, response));
-
 		Assertion firstAssertion = CollectionUtils.firstElement(response.getAssertions());
 		NameID nameId = decryptPrincipal(decrypter, firstAssertion);
 		if (nameId == null || nameId.getValue() == null) {
-			validationExceptions.put(Saml2ErrorCodes.SUBJECT_NOT_FOUND, authException(Saml2ErrorCodes.SUBJECT_NOT_FOUND,
-					"Assertion [" + firstAssertion.getID() + "] is missing a subject"));
+			String description = "Assertion [" + firstAssertion.getID() + "] is missing a subject";
+			validationExceptions.put(Saml2ErrorCodes.SUBJECT_NOT_FOUND,
+					createAuthenticationException(Saml2ErrorCodes.SUBJECT_NOT_FOUND, description, null));
 		}
-
 		if (validationExceptions.isEmpty()) {
-			if (logger.isDebugEnabled()) {
-				logger.debug("Successfully processed SAML Response [" + response.getID() + "]");
-			}
+			logger.debug(LogMessage.of(() -> "Successfully processed SAML Response [" + response.getID() + "]"));
 		}
 		else {
 			if (logger.isTraceEnabled()) {
@@ -357,7 +339,6 @@ public final class OpenSamlAuthenticationProvider implements AuthenticationProvi
 						+ response.getID() + "]");
 			}
 		}
-
 		if (!validationExceptions.isEmpty()) {
 			throw validationExceptions.values().iterator().next();
 		}
@@ -365,21 +346,17 @@ public final class OpenSamlAuthenticationProvider implements AuthenticationProvi
 
 	private Map<String, Saml2AuthenticationException> validateResponse(Saml2AuthenticationToken token,
 			Response response) {
-
-		Map<String, Saml2AuthenticationException> validationExceptions = new HashMap<>();
+		Map<String, Saml2AuthenticationException> exceptions = new HashMap<>();
 		String issuer = response.getIssuer().getValue();
-
 		if (response.isSigned()) {
 			SAMLSignatureProfileValidator profileValidator = new SAMLSignatureProfileValidator();
 			try {
 				profileValidator.validate(response.getSignature());
 			}
 			catch (Exception ex) {
-				validationExceptions.put(Saml2ErrorCodes.INVALID_SIGNATURE,
-						authException(Saml2ErrorCodes.INVALID_SIGNATURE,
-								"Invalid signature for SAML Response [" + response.getID() + "]: ", ex));
+				String message = "Invalid signature for SAML Response [" + response.getID() + "]: ";
+				addValidationException(exceptions, Saml2ErrorCodes.INVALID_SIGNATURE, message, ex);
 			}
-
 			try {
 				CriteriaSet criteriaSet = new CriteriaSet();
 				criteriaSet.add(new EvaluableEntityIDCredentialCriterion(new EntityIdCriterion(issuer)));
@@ -387,34 +364,27 @@ public final class OpenSamlAuthenticationProvider implements AuthenticationProvi
 						new EvaluableProtocolRoleDescriptorCriterion(new ProtocolCriterion(SAMLConstants.SAML20P_NS)));
 				criteriaSet.add(new EvaluableUsageCredentialCriterion(new UsageCriterion(UsageType.SIGNING)));
 				if (!this.signatureTrustEngineConverter.convert(token).validate(response.getSignature(), criteriaSet)) {
-					validationExceptions.put(Saml2ErrorCodes.INVALID_SIGNATURE,
-							authException(Saml2ErrorCodes.INVALID_SIGNATURE,
-									"Invalid signature for SAML Response [" + response.getID() + "]"));
+					String message = "Invalid signature for SAML Response [" + response.getID() + "]";
+					addValidationException(exceptions, Saml2ErrorCodes.INVALID_SIGNATURE, message, null);
 				}
 			}
 			catch (Exception ex) {
-				validationExceptions.put(Saml2ErrorCodes.INVALID_SIGNATURE,
-						authException(Saml2ErrorCodes.INVALID_SIGNATURE,
-								"Invalid signature for SAML Response [" + response.getID() + "]: ", ex));
+				String message = "Invalid signature for SAML Response [" + response.getID() + "]: ";
+				addValidationException(exceptions, Saml2ErrorCodes.INVALID_SIGNATURE, message, ex);
 			}
 		}
-
 		String destination = response.getDestination();
 		String location = token.getRelyingPartyRegistration().getAssertionConsumerServiceLocation();
 		if (StringUtils.hasText(destination) && !destination.equals(location)) {
 			String message = "Invalid destination [" + destination + "] for SAML response [" + response.getID() + "]";
-			validationExceptions.put(Saml2ErrorCodes.INVALID_DESTINATION,
-					authException(Saml2ErrorCodes.INVALID_DESTINATION, message));
+			addValidationException(exceptions, Saml2ErrorCodes.INVALID_DESTINATION, message, null);
 		}
-
 		String assertingPartyEntityId = token.getRelyingPartyRegistration().getAssertingPartyDetails().getEntityId();
 		if (!StringUtils.hasText(issuer) || !issuer.equals(assertingPartyEntityId)) {
 			String message = String.format("Invalid issuer [%s] for SAML response [%s]", issuer, response.getID());
-			validationExceptions.put(Saml2ErrorCodes.INVALID_ISSUER,
-					authException(Saml2ErrorCodes.INVALID_ISSUER, message));
+			addValidationException(exceptions, Saml2ErrorCodes.INVALID_ISSUER, message, null);
 		}
-
-		return validationExceptions;
+		return exceptions;
 	}
 
 	private List<Assertion> decryptAssertions(Decrypter decrypter, Response response) {
@@ -425,7 +395,7 @@ public final class OpenSamlAuthenticationProvider implements AuthenticationProvi
 				assertions.add(assertion);
 			}
 			catch (DecryptionException ex) {
-				throw authException(Saml2ErrorCodes.DECRYPTION_ERROR, ex.getMessage(), ex);
+				throw createAuthenticationException(Saml2ErrorCodes.DECRYPTION_ERROR, ex.getMessage(), ex);
 			}
 		}
 		response.getAssertions().addAll(assertions);
@@ -436,52 +406,47 @@ public final class OpenSamlAuthenticationProvider implements AuthenticationProvi
 			Response response) {
 		List<Assertion> assertions = response.getAssertions();
 		if (assertions.isEmpty()) {
-			throw authException(Saml2ErrorCodes.MALFORMED_RESPONSE_DATA, "No assertions found in response.");
+			throw createAuthenticationException(Saml2ErrorCodes.MALFORMED_RESPONSE_DATA,
+					"No assertions found in response.", null);
 		}
-
-		Map<String, Saml2AuthenticationException> validationExceptions = new LinkedHashMap<>();
-		if (logger.isDebugEnabled()) {
-			logger.debug("Validating " + assertions.size() + " assertions");
-		}
-
-		Tuple tuple = new Tuple(token, response);
+		Map<String, Saml2AuthenticationException> exceptions = new LinkedHashMap<>();
+		logger.debug(LogMessage.format("Validating %s assertions", assertions.size()));
+		TokenAndResponse tuple = new TokenAndResponse(token, response);
 		SAML20AssertionValidator validator = this.assertionValidatorConverter.convert(tuple);
 		ValidationContext context = this.validationContextConverter.convert(tuple);
 		for (Assertion assertion : assertions) {
-			if (logger.isTraceEnabled()) {
-				logger.trace("Validating assertion " + assertion.getID());
-			}
+			logger.trace(LogMessage.format("Validating assertion %s", assertion.getID()));
 			try {
 				if (validator.validate(assertion, context) != ValidationResult.VALID) {
 					String message = String.format("Invalid assertion [%s] for SAML response [%s]: %s",
 							assertion.getID(), ((Response) assertion.getParent()).getID(),
 							context.getValidationFailureMessage());
-					validationExceptions.put(Saml2ErrorCodes.INVALID_ASSERTION,
-							authException(Saml2ErrorCodes.INVALID_ASSERTION, message));
+					addValidationException(exceptions, Saml2ErrorCodes.INVALID_ASSERTION, message, null);
 				}
 			}
 			catch (Exception ex) {
 				String message = String.format("Invalid assertion [%s] for SAML response [%s]: %s", assertion.getID(),
 						((Response) assertion.getParent()).getID(), ex.getMessage());
-				validationExceptions.put(Saml2ErrorCodes.INVALID_ASSERTION,
-						authException(Saml2ErrorCodes.INVALID_ASSERTION, message, ex));
+				addValidationException(exceptions, Saml2ErrorCodes.INVALID_ASSERTION, message, ex);
 			}
 		}
+		return exceptions;
+	}
 
-		return validationExceptions;
+	private void addValidationException(Map<String, Saml2AuthenticationException> exceptions, String code,
+			String message, Exception cause) {
+		exceptions.put(code, createAuthenticationException(code, message, cause));
 	}
 
 	private boolean isSigned(boolean responseSigned, List<Assertion> assertions) {
 		if (responseSigned) {
 			return true;
 		}
-
 		for (Assertion assertion : assertions) {
 			if (!assertion.isSigned()) {
 				return false;
 			}
 		}
-
 		return true;
 	}
 
@@ -498,7 +463,7 @@ public final class OpenSamlAuthenticationProvider implements AuthenticationProvi
 			return nameId;
 		}
 		catch (DecryptionException ex) {
-			throw authException(Saml2ErrorCodes.DECRYPTION_ERROR, ex.getMessage(), ex);
+			throw createAuthenticationException(Saml2ErrorCodes.DECRYPTION_ERROR, ex.getMessage(), ex);
 		}
 	}
 
@@ -506,7 +471,6 @@ public final class OpenSamlAuthenticationProvider implements AuthenticationProvi
 		Map<String, List<Object>> attributeMap = new LinkedHashMap<>();
 		for (AttributeStatement attributeStatement : assertion.getAttributeStatements()) {
 			for (Attribute attribute : attributeStatement.getAttributes()) {
-
 				List<Object> attributeValues = new ArrayList<>();
 				for (XMLObject xmlObject : attribute.getAttributeValues()) {
 					Object attributeValue = getXmlObjectValue(xmlObject);
@@ -515,7 +479,6 @@ public final class OpenSamlAuthenticationProvider implements AuthenticationProvi
 					}
 				}
 				attributeMap.put(attribute.getName(), attributeValues);
-
 			}
 		}
 		return attributeMap;
@@ -559,20 +522,22 @@ public final class OpenSamlAuthenticationProvider implements AuthenticationProvi
 		return xsAny.getTextContent();
 	}
 
-	private static Saml2Error validationError(String code, String description) {
-		return new Saml2Error(code, description);
+	private Converter<Response, AbstractAuthenticationToken> getAuthenticationConverter(
+			Saml2AuthenticationToken token) {
+		return (response) -> convertAuthenticationToken(token, response);
 	}
 
-	private static Saml2AuthenticationException authException(String code, String description)
-			throws Saml2AuthenticationException {
-
-		return new Saml2AuthenticationException(validationError(code, description));
+	private AbstractAuthenticationToken convertAuthenticationToken(Saml2AuthenticationToken token, Response response) {
+		Assertion assertion = CollectionUtils.firstElement(response.getAssertions());
+		String username = assertion.getSubject().getNameID().getValue();
+		Map<String, List<Object>> attributes = getAssertionAttributes(assertion);
+		return new Saml2Authentication(new DefaultSaml2AuthenticatedPrincipal(username, attributes),
+				token.getSaml2Response(), this.authoritiesMapper.mapAuthorities(getAssertionAuthorities(assertion)));
 	}
 
-	private static Saml2AuthenticationException authException(String code, String description, Exception cause)
-			throws Saml2AuthenticationException {
-
-		return new Saml2AuthenticationException(validationError(code, description), cause);
+	private static Saml2AuthenticationException createAuthenticationException(String code, String message,
+			Exception cause) {
+		return new Saml2AuthenticationException(new Saml2Error(code, message), cause);
 	}
 
 	private static class SignatureTrustEngineConverter
@@ -596,10 +561,10 @@ public final class OpenSamlAuthenticationProvider implements AuthenticationProvi
 
 	}
 
-	private class ValidationContextConverter implements Converter<Tuple, ValidationContext> {
+	private class ValidationContextConverter implements Converter<TokenAndResponse, ValidationContext> {
 
 		@Override
-		public ValidationContext convert(Tuple tuple) {
+		public ValidationContext convert(TokenAndResponse tuple) {
 			String audience = tuple.authentication.getRelyingPartyRegistration().getEntityId();
 			String recipient = tuple.authentication.getRelyingPartyRegistration().getAssertionConsumerServiceLocation();
 			Map<String, Object> params = new HashMap<>();
@@ -607,17 +572,14 @@ public final class OpenSamlAuthenticationProvider implements AuthenticationProvi
 					OpenSamlAuthenticationProvider.this.responseTimeValidationSkew.toMillis());
 			params.put(SAML2AssertionValidationParameters.COND_VALID_AUDIENCES, Collections.singleton(audience));
 			params.put(SAML2AssertionValidationParameters.SC_VALID_RECIPIENTS, Collections.singleton(recipient));
-			params.put(SAML2AssertionValidationParameters.SIGNATURE_REQUIRED, false); // this
-																						// verification
-																						// is
-																						// performed
-			// earlier
+			// this verification is performed earlier
+			params.put(SAML2AssertionValidationParameters.SIGNATURE_REQUIRED, false);
 			return new ValidationContext(params);
 		}
 
 	}
 
-	private class SAML20AssertionValidatorConverter implements Converter<Tuple, SAML20AssertionValidator> {
+	private class SAML20AssertionValidatorConverter implements Converter<TokenAndResponse, SAML20AssertionValidator> {
 
 		private final Collection<SubjectConfirmationValidator> subjects = new ArrayList<>();
 
@@ -638,7 +600,7 @@ public final class OpenSamlAuthenticationProvider implements AuthenticationProvi
 		}
 
 		@Override
-		public SAML20AssertionValidator convert(Tuple tuple) {
+		public SAML20AssertionValidator convert(TokenAndResponse tuple) {
 			Collection<ConditionValidator> conditions = OpenSamlAuthenticationProvider.this.conditionValidators;
 			return new SAML20AssertionValidator(conditions, this.subjects, this.statements,
 					OpenSamlAuthenticationProvider.this.signatureTrustEngineConverter.convert(tuple.authentication),
@@ -674,13 +636,13 @@ public final class OpenSamlAuthenticationProvider implements AuthenticationProvi
 	 *
 	 * @since 5.4
 	 */
-	public static final class Tuple {
+	public static final class TokenAndResponse {
 
 		private final Saml2AuthenticationToken authentication;
 
 		private final Response response;
 
-		private Tuple(Saml2AuthenticationToken authentication, Response response) {
+		private TokenAndResponse(Saml2AuthenticationToken authentication, Response response) {
 			this.authentication = authentication;
 			this.response = response;
 		}
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationRequestFactory.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationRequestFactory.java
index af788ed70b..c883cf32de 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationRequestFactory.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationRequestFactory.java
@@ -117,22 +117,15 @@ public class OpenSamlAuthenticationRequestFactory implements Saml2Authentication
 		throw new IllegalArgumentException("No signing credential provided");
 	}
 
-	/**
-	 * {@inheritDoc}
-	 */
 	@Override
 	public Saml2PostAuthenticationRequest createPostAuthenticationRequest(Saml2AuthenticationRequestContext context) {
 		AuthnRequest authnRequest = createAuthnRequest(context);
 		String xml = context.getRelyingPartyRegistration().getAssertingPartyDetails().getWantAuthnRequestsSigned()
 				? serialize(sign(authnRequest, context.getRelyingPartyRegistration())) : serialize(authnRequest);
-
 		return Saml2PostAuthenticationRequest.withAuthenticationRequestContext(context)
 				.samlRequest(Saml2Utils.samlEncode(xml.getBytes(StandardCharsets.UTF_8))).build();
 	}
 
-	/**
-	 * {@inheritDoc}
-	 */
 	@Override
 	public Saml2RedirectAuthenticationRequest createRedirectAuthenticationRequest(
 			Saml2AuthenticationRequestContext context) {
@@ -141,7 +134,6 @@ public class OpenSamlAuthenticationRequestFactory implements Saml2Authentication
 		Builder result = Saml2RedirectAuthenticationRequest.withAuthenticationRequestContext(context);
 		String deflatedAndEncoded = Saml2Utils.samlEncode(Saml2Utils.samlDeflate(xml));
 		result.samlRequest(deflatedAndEncoded).relayState(context.getRelayState());
-
 		if (context.getRelyingPartyRegistration().getAssertingPartyDetails().getWantAuthnRequestsSigned()) {
 			Collection<Saml2X509Credential> signingCredentials = context.getRelyingPartyRegistration()
 					.getSigningX509Credentials();
@@ -154,7 +146,6 @@ public class OpenSamlAuthenticationRequestFactory implements Saml2Authentication
 			}
 			throw new Saml2Exception("No signing credential provided");
 		}
-
 		return result.build();
 	}
 
@@ -266,12 +257,10 @@ public class OpenSamlAuthenticationRequestFactory implements Saml2Authentication
 					.append(UriUtils.encode(relayState, StandardCharsets.ISO_8859_1)).append("&");
 		}
 		queryString.append("SigAlg").append("=").append(UriUtils.encode(algorithmUri, StandardCharsets.ISO_8859_1));
-
 		try {
 			byte[] rawSignature = XMLSigningUtil.signWithURI(credential, algorithmUri,
 					queryString.toString().getBytes(StandardCharsets.UTF_8));
 			String b64Signature = Saml2Utils.samlEncode(rawSignature);
-
 			Map<String, String> result = new LinkedHashMap<>();
 			result.put("SAMLRequest", samlRequest);
 			if (StringUtils.hasText(relayState)) {
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationException.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationException.java
index 64807dbfba..a4f4610833 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationException.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationException.java
@@ -56,7 +56,7 @@ public class Saml2AuthenticationException extends AuthenticationException {
 	 * @param cause the root cause
 	 */
 	public Saml2AuthenticationException(Saml2Error error, Throwable cause) {
-		this(error, cause.getMessage(), cause);
+		this(error, (cause != null) ? cause.getMessage() : error.getDescription(), cause);
 	}
 
 	/**
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationToken.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationToken.java
index c235157147..5f4f8fdb33 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationToken.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationToken.java
@@ -52,7 +52,6 @@ public class Saml2AuthenticationToken extends AbstractAuthenticationToken {
 	 * @since 5.4
 	 */
 	public Saml2AuthenticationToken(RelyingPartyRegistration relyingPartyRegistration, String saml2Response) {
-
 		super(Collections.emptyList());
 		Assert.notNull(relyingPartyRegistration, "relyingPartyRegistration cannot be null");
 		Assert.notNull(saml2Response, "saml2Response cannot be null");
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2PostAuthenticationRequest.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2PostAuthenticationRequest.java
index bfaff2db48..5fc84dd078 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2PostAuthenticationRequest.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2PostAuthenticationRequest.java
@@ -60,7 +60,6 @@ public class Saml2PostAuthenticationRequest extends AbstractSaml2AuthenticationR
 	public static final class Builder extends AbstractSaml2AuthenticationRequest.Builder<Builder> {
 
 		private Builder() {
-			super();
 		}
 
 		/**
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2RedirectAuthenticationRequest.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2RedirectAuthenticationRequest.java
index b74518a459..80fec1d392 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2RedirectAuthenticationRequest.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2RedirectAuthenticationRequest.java
@@ -87,7 +87,6 @@ public final class Saml2RedirectAuthenticationRequest extends AbstractSaml2Authe
 		private String signature;
 
 		private Builder() {
-			super();
 		}
 
 		/**
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/metadata/OpenSamlMetadataResolver.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/metadata/OpenSamlMetadataResolver.java
index 0684e0b866..edcd9c35c6 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/metadata/OpenSamlMetadataResolver.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/metadata/OpenSamlMetadataResolver.java
@@ -67,17 +67,12 @@ public final class OpenSamlMetadataResolver implements Saml2MetadataResolver {
 		Assert.notNull(this.entityDescriptorMarshaller, "entityDescriptorMarshaller cannot be null");
 	}
 
-	/**
-	 * {@inheritDoc}
-	 */
 	@Override
 	public String resolve(RelyingPartyRegistration relyingPartyRegistration) {
 		EntityDescriptor entityDescriptor = build(EntityDescriptor.ELEMENT_QNAME);
 		entityDescriptor.setEntityID(relyingPartyRegistration.getEntityId());
-
 		SPSSODescriptor spSsoDescriptor = buildSpSsoDescriptor(relyingPartyRegistration);
 		entityDescriptor.getRoleDescriptors(SPSSODescriptor.DEFAULT_ELEMENT_NAME).add(spSsoDescriptor);
-
 		return serialize(entityDescriptor);
 	}
 
@@ -107,17 +102,14 @@ public final class OpenSamlMetadataResolver implements Saml2MetadataResolver {
 		KeyInfo keyInfo = build(KeyInfo.DEFAULT_ELEMENT_NAME);
 		X509Certificate x509Certificate = build(X509Certificate.DEFAULT_ELEMENT_NAME);
 		X509Data x509Data = build(X509Data.DEFAULT_ELEMENT_NAME);
-
 		try {
 			x509Certificate.setValue(new String(Base64.getEncoder().encode(certificate.getEncoded())));
 		}
 		catch (CertificateEncodingException ex) {
 			throw new Saml2Exception("Cannot encode certificate " + certificate.toString());
 		}
-
 		x509Data.getX509Certificates().add(x509Certificate);
 		keyInfo.getX509Datas().add(x509Data);
-
 		keyDescriptor.setUse(usageType);
 		keyDescriptor.setKeyInfo(keyInfo);
 		return keyDescriptor;
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverter.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverter.java
index 52aa839ddd..1aefa5489d 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverter.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverter.java
@@ -96,37 +96,24 @@ public class OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverter
 		this.parserPool = registry.getParserPool();
 	}
 
-	/**
-	 * {@inheritDoc}
-	 */
 	@Override
 	public boolean canRead(Class<?> clazz, MediaType mediaType) {
 		return RelyingPartyRegistration.Builder.class.isAssignableFrom(clazz);
 	}
 
-	/**
-	 * {@inheritDoc}
-	 */
 	@Override
 	public boolean canWrite(Class<?> clazz, MediaType mediaType) {
 		return false;
 	}
 
-	/**
-	 * {@inheritDoc}
-	 */
 	@Override
 	public List<MediaType> getSupportedMediaTypes() {
 		return Arrays.asList(MediaType.APPLICATION_XML, MediaType.TEXT_XML);
 	}
 
-	/**
-	 * {@inheritDoc}
-	 */
 	@Override
 	public RelyingPartyRegistration.Builder read(Class<? extends RelyingPartyRegistration.Builder> clazz,
 			HttpInputMessage inputMessage) throws IOException, HttpMessageNotReadableException {
-
 		EntityDescriptor descriptor = entityDescriptor(inputMessage.getBody());
 		IDPSSODescriptor idpssoDescriptor = descriptor.getIDPSSODescriptor(SAMLConstants.SAML20P_NS);
 		if (idpssoDescriptor == null) {
@@ -184,6 +171,32 @@ public class OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverter
 				"Metadata response is missing a SingleSignOnService, necessary for sending AuthnRequests");
 	}
 
+	private List<Saml2X509Credential> getVerification(IDPSSODescriptor idpssoDescriptor) {
+		List<Saml2X509Credential> verification = new ArrayList<>();
+		for (KeyDescriptor keyDescriptor : idpssoDescriptor.getKeyDescriptors()) {
+			if (keyDescriptor.getUse().equals(UsageType.SIGNING)) {
+				List<X509Certificate> certificates = certificates(keyDescriptor);
+				for (X509Certificate certificate : certificates) {
+					verification.add(Saml2X509Credential.verification(certificate));
+				}
+			}
+		}
+		return verification;
+	}
+
+	private List<Saml2X509Credential> getEncryption(IDPSSODescriptor idpssoDescriptor) {
+		List<Saml2X509Credential> encryption = new ArrayList<>();
+		for (KeyDescriptor keyDescriptor : idpssoDescriptor.getKeyDescriptors()) {
+			if (keyDescriptor.getUse().equals(UsageType.ENCRYPTION)) {
+				List<X509Certificate> certificates = certificates(keyDescriptor);
+				for (X509Certificate certificate : certificates) {
+					encryption.add(Saml2X509Credential.encryption(certificate));
+				}
+			}
+		}
+		return encryption;
+	}
+
 	private List<X509Certificate> certificates(KeyDescriptor keyDescriptor) {
 		try {
 			return KeyInfoSupport.getCertificates(keyDescriptor.getKeyInfo());
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistration.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistration.java
index ccbf33791f..51e0571679 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistration.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistration.java
@@ -28,8 +28,6 @@ import java.util.function.Consumer;
 import java.util.function.Function;
 
 import org.springframework.security.saml2.core.Saml2X509Credential;
-import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails;
-import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.ProviderDetails;
 import org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationFilter;
 import org.springframework.util.Assert;
 
@@ -94,7 +92,6 @@ public final class RelyingPartyRegistration {
 			Collection<org.springframework.security.saml2.credentials.Saml2X509Credential> credentials,
 			Collection<Saml2X509Credential> decryptionX509Credentials,
 			Collection<Saml2X509Credential> signingX509Credentials) {
-
 		Assert.hasText(registrationId, "registrationId cannot be empty");
 		Assert.hasText(entityId, "entityId cannot be empty");
 		Assert.hasText(assertionConsumerServiceLocation, "assertionConsumerServiceLocation cannot be empty");
@@ -332,7 +329,6 @@ public final class RelyingPartyRegistration {
 
 	private List<org.springframework.security.saml2.credentials.Saml2X509Credential> filterCredentials(
 			Function<org.springframework.security.saml2.credentials.Saml2X509Credential, Boolean> filter) {
-
 		List<org.springframework.security.saml2.credentials.Saml2X509Credential> result = new LinkedList<>();
 		for (org.springframework.security.saml2.credentials.Saml2X509Credential c : this.credentials) {
 			if (filter.apply(c)) {
@@ -447,7 +443,6 @@ public final class RelyingPartyRegistration {
 				Collection<Saml2X509Credential> verificationX509Credentials,
 				Collection<Saml2X509Credential> encryptionX509Credentials, String singleSignOnServiceLocation,
 				Saml2MessageBinding singleSignOnServiceBinding) {
-
 			Assert.hasText(entityId, "entityId cannot be null or empty");
 			Assert.notNull(verificationX509Credentials, "verificationX509Credentials cannot be null");
 			for (Saml2X509Credential credential : verificationX509Credentials) {
@@ -1038,7 +1033,6 @@ public final class RelyingPartyRegistration {
 			for (Saml2X509Credential credential : this.providerDetails.assertingPartyDetailsBuilder.encryptionX509Credentials) {
 				this.credentials.add(toDeprecated(credential));
 			}
-
 			return new RelyingPartyRegistration(this.registrationId, this.entityId,
 					this.assertionConsumerServiceLocation, this.assertionConsumerServiceBinding,
 					this.providerDetails.build(), this.credentials, this.decryptionX509Credentials,
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2ServletUtils.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2ServletUtils.java
index ce062757dc..d6544958aa 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2ServletUtils.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2ServletUtils.java
@@ -41,7 +41,6 @@ final class Saml2ServletUtils {
 		if (!StringUtils.hasText(template)) {
 			return baseUrl;
 		}
-
 		String entityId = relyingParty.getAssertingPartyDetails().getEntityId();
 		String registrationId = relyingParty.getRegistrationId();
 		Map<String, String> uriVariables = new HashMap<>();
@@ -64,7 +63,6 @@ final class Saml2ServletUtils {
 		uriVariables.put("baseUrl", uriComponents.toUriString());
 		uriVariables.put("entityId", StringUtils.hasText(entityId) ? entityId : "");
 		uriVariables.put("registrationId", StringUtils.hasText(registrationId) ? registrationId : "");
-
 		return UriComponentsBuilder.fromUriString(template).buildAndExpand(uriVariables).toUriString();
 	}
 
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationRequestFilter.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationRequestFilter.java
index 14b4e1396b..731c6a3c66 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationRequestFilter.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationRequestFilter.java
@@ -131,13 +131,9 @@ public class Saml2WebSsoAuthenticationRequestFilter extends OncePerRequestFilter
 		this.redirectMatcher = redirectMatcher;
 	}
 
-	/**
-	 * {@inheritDoc}
-	 */
 	@Override
 	protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
 			throws ServletException, IOException {
-
 		MatchResult matcher = this.redirectMatcher.matcher(request);
 		if (!matcher.isMatch()) {
 			filterChain.doFilter(request, response);
@@ -192,26 +188,42 @@ public class Saml2WebSsoAuthenticationRequestFilter extends OncePerRequestFilter
 		String authenticationRequestUri = authenticationRequest.getAuthenticationRequestUri();
 		String relayState = authenticationRequest.getRelayState();
 		String samlRequest = authenticationRequest.getSamlRequest();
-		StringBuilder postHtml = new StringBuilder().append("<!DOCTYPE html>\n").append("<html>\n")
-				.append("    <head>\n").append("        <meta charset=\"utf-8\" />\n").append("    </head>\n")
-				.append("    <body onload=\"document.forms[0].submit()\">\n").append("        <noscript>\n")
-				.append("            <p>\n")
-				.append("                <strong>Note:</strong> Since your browser does not support JavaScript,\n")
-				.append("                you must press the Continue button once to proceed.\n")
-				.append("            </p>\n").append("        </noscript>\n").append("        \n")
-				.append("        <form action=\"").append(authenticationRequestUri).append("\" method=\"post\">\n")
-				.append("            <div>\n")
-				.append("                <input type=\"hidden\" name=\"SAMLRequest\" value=\"")
-				.append(HtmlUtils.htmlEscape(samlRequest)).append("\"/>\n");
+		StringBuilder html = new StringBuilder();
+		html.append("<!DOCTYPE html>\n");
+		html.append("<html>\n").append("    <head>\n");
+		html.append("        <meta charset=\"utf-8\" />\n");
+		html.append("    </head>\n");
+		html.append("    <body onload=\"document.forms[0].submit()\">\n");
+		html.append("        <noscript>\n");
+		html.append("            <p>\n");
+		html.append("                <strong>Note:</strong> Since your browser does not support JavaScript,\n");
+		html.append("                you must press the Continue button once to proceed.\n");
+		html.append("            </p>\n");
+		html.append("        </noscript>\n");
+		html.append("        \n");
+		html.append("        <form action=\"");
+		html.append(authenticationRequestUri);
+		html.append("\" method=\"post\">\n");
+		html.append("            <div>\n");
+		html.append("                <input type=\"hidden\" name=\"SAMLRequest\" value=\"");
+		html.append(HtmlUtils.htmlEscape(samlRequest));
+		html.append("\"/>\n");
 		if (StringUtils.hasText(relayState)) {
-			postHtml.append("                <input type=\"hidden\" name=\"RelayState\" value=\"")
-					.append(HtmlUtils.htmlEscape(relayState)).append("\"/>\n");
+			html.append("                <input type=\"hidden\" name=\"RelayState\" value=\"");
+			html.append(HtmlUtils.htmlEscape(relayState));
+			html.append("\"/>\n");
 		}
-		postHtml.append("            </div>\n").append("            <noscript>\n").append("                <div>\n")
-				.append("                    <input type=\"submit\" value=\"Continue\"/>\n")
-				.append("                </div>\n").append("            </noscript>\n").append("        </form>\n")
-				.append("        \n").append("    </body>\n").append("</html>");
-		return postHtml.toString();
+		html.append("            </div>\n");
+		html.append("            <noscript>\n");
+		html.append("                <div>\n");
+		html.append("                    <input type=\"submit\" value=\"Continue\"/>\n");
+		html.append("                </div>\n");
+		html.append("            </noscript>\n");
+		html.append("        </form>\n");
+		html.append("        \n");
+		html.append("    </body>\n");
+		html.append("</html>");
+		return html.toString();
 	}
 
 }
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/DefaultRelyingPartyRegistrationResolver.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/DefaultRelyingPartyRegistrationResolver.java
index 45c6c27d95..10b667847c 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/DefaultRelyingPartyRegistrationResolver.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/DefaultRelyingPartyRegistrationResolver.java
@@ -52,7 +52,6 @@ public final class DefaultRelyingPartyRegistrationResolver
 
 	public DefaultRelyingPartyRegistrationResolver(
 			RelyingPartyRegistrationRepository relyingPartyRegistrationRepository) {
-
 		Assert.notNull(relyingPartyRegistrationRepository, "relyingPartyRegistrationRepository cannot be null");
 		this.relyingPartyRegistrationRepository = relyingPartyRegistrationRepository;
 	}
@@ -68,7 +67,6 @@ public final class DefaultRelyingPartyRegistrationResolver
 		if (relyingPartyRegistration == null) {
 			return null;
 		}
-
 		String applicationUri = getApplicationUri(request);
 		Function<String, String> templateResolver = templateResolver(applicationUri, relyingPartyRegistration);
 		String relyingPartyEntityId = templateResolver.apply(relyingPartyRegistration.getEntityId());
@@ -104,7 +102,6 @@ public final class DefaultRelyingPartyRegistrationResolver
 		uriVariables.put("baseUrl", uriComponents.toUriString());
 		uriVariables.put("entityId", StringUtils.hasText(entityId) ? entityId : "");
 		uriVariables.put("registrationId", StringUtils.hasText(registrationId) ? registrationId : "");
-
 		return UriComponentsBuilder.fromUriString(template).buildAndExpand(uriVariables).toUriString();
 	}
 
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/DefaultSaml2AuthenticationRequestContextResolver.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/DefaultSaml2AuthenticationRequestContextResolver.java
index c6f40dc24d..a6cdb3ed91 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/DefaultSaml2AuthenticationRequestContextResolver.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/DefaultSaml2AuthenticationRequestContextResolver.java
@@ -47,9 +47,6 @@ public final class DefaultSaml2AuthenticationRequestContextResolver
 		this.relyingPartyRegistrationResolver = relyingPartyRegistrationResolver;
 	}
 
-	/**
-	 * {@inheritDoc}
-	 */
 	@Override
 	public Saml2AuthenticationRequestContext resolve(HttpServletRequest request) {
 		Assert.notNull(request, "request cannot be null");
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationTokenConverter.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationTokenConverter.java
index b86475ba97..bcce7e6fa8 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationTokenConverter.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationTokenConverter.java
@@ -60,9 +60,6 @@ public final class Saml2AuthenticationTokenConverter implements AuthenticationCo
 		this.relyingPartyRegistrationResolver = relyingPartyRegistrationResolver;
 	}
 
-	/**
-	 * {@inheritDoc}
-	 */
 	@Override
 	public Saml2AuthenticationToken convert(HttpServletRequest request) {
 		RelyingPartyRegistration relyingPartyRegistration = this.relyingPartyRegistrationResolver.convert(request);
@@ -82,9 +79,7 @@ public final class Saml2AuthenticationTokenConverter implements AuthenticationCo
 		if (HttpMethod.GET.matches(request.getMethod())) {
 			return samlInflate(b);
 		}
-		else {
-			return new String(b, StandardCharsets.UTF_8);
-		}
+		return new String(b, StandardCharsets.UTF_8);
 	}
 
 	private byte[] samlDecode(String s) {
@@ -94,9 +89,9 @@ public final class Saml2AuthenticationTokenConverter implements AuthenticationCo
 	private String samlInflate(byte[] b) {
 		try {
 			ByteArrayOutputStream out = new ByteArrayOutputStream();
-			InflaterOutputStream iout = new InflaterOutputStream(out, new Inflater(true));
-			iout.write(b);
-			iout.finish();
+			InflaterOutputStream inflaterOutputStream = new InflaterOutputStream(out, new Inflater(true));
+			inflaterOutputStream.write(b);
+			inflaterOutputStream.finish();
 			return new String(out.toByteArray(), StandardCharsets.UTF_8);
 		}
 		catch (IOException ex) {
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilter.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilter.java
index d06f63d663..9e328cb6c3 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilter.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilter.java
@@ -60,19 +60,16 @@ public final class Saml2MetadataFilter extends OncePerRequestFilter {
 	@Override
 	protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
 			throws ServletException, IOException {
-
 		RequestMatcher.MatchResult matcher = this.requestMatcher.matcher(request);
 		if (!matcher.isMatch()) {
 			chain.doFilter(request, response);
 			return;
 		}
-
 		RelyingPartyRegistration relyingPartyRegistration = this.relyingPartyRegistrationConverter.convert(request);
 		if (relyingPartyRegistration == null) {
 			response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
 			return;
 		}
-
 		String metadata = this.saml2MetadataResolver.resolve(relyingPartyRegistration);
 		String registrationId = relyingPartyRegistration.getRegistrationId();
 		writeMetadataToResponse(response, registrationId, metadata);
@@ -80,7 +77,6 @@ public final class Saml2MetadataFilter extends OncePerRequestFilter {
 
 	private void writeMetadataToResponse(HttpServletResponse response, String registrationId, String metadata)
 			throws IOException {
-
 		response.setContentType(MediaType.APPLICATION_XML_VALUE);
 		response.setHeader(HttpHeaders.CONTENT_DISPOSITION,
 				"attachment; filename=\"saml-" + registrationId + "-metadata.xml\"");
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/core/Saml2Utils.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/core/Saml2Utils.java
index 0a80ee0ed4..a518b911a3 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/core/Saml2Utils.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/core/Saml2Utils.java
@@ -45,11 +45,12 @@ public final class Saml2Utils {
 
 	public static byte[] samlDeflate(String s) {
 		try {
-			ByteArrayOutputStream b = new ByteArrayOutputStream();
-			DeflaterOutputStream deflater = new DeflaterOutputStream(b, new Deflater(Deflater.DEFLATED, true));
-			deflater.write(s.getBytes(StandardCharsets.UTF_8));
-			deflater.finish();
-			return b.toByteArray();
+			ByteArrayOutputStream out = new ByteArrayOutputStream();
+			DeflaterOutputStream deflaterOutputStream = new DeflaterOutputStream(out,
+					new Deflater(Deflater.DEFLATED, true));
+			deflaterOutputStream.write(s.getBytes(StandardCharsets.UTF_8));
+			deflaterOutputStream.finish();
+			return out.toByteArray();
 		}
 		catch (IOException ex) {
 			throw new Saml2Exception("Unable to deflate string", ex);
@@ -59,9 +60,9 @@ public final class Saml2Utils {
 	public static String samlInflate(byte[] b) {
 		try {
 			ByteArrayOutputStream out = new ByteArrayOutputStream();
-			InflaterOutputStream iout = new InflaterOutputStream(out, new Inflater(true));
-			iout.write(b);
-			iout.finish();
+			InflaterOutputStream inflaterOutputStream = new InflaterOutputStream(out, new Inflater(true));
+			inflaterOutputStream.write(b);
+			inflaterOutputStream.finish();
 			return new String(out.toByteArray(), StandardCharsets.UTF_8);
 		}
 		catch (IOException ex) {

From 2ca6256b89361902b6d6baad2862508d91c75f5c Mon Sep 17 00:00:00 2001
From: Phillip Webb <pwebb@vmware.com>
Date: Fri, 31 Jul 2020 23:03:43 -0700
Subject: [PATCH 65/84] Polish spring-security-taglibs main code

Manually polish `spring-security-taglibs` following the formatting
and checkstyle fixes.

Issue gh-8945
---
 .../security/taglibs/TagLibConfig.java        | 11 ++----
 .../taglibs/authz/AbstractAuthorizeTag.java   | 37 ++++---------------
 .../taglibs/authz/AccessControlListTag.java   | 26 ++-----------
 .../taglibs/authz/AuthenticationTag.java      |  4 --
 .../taglibs/authz/JspAuthorizeTag.java        |  6 ---
 .../taglibs/csrf/AbstractCsrfTag.java         |  2 -
 6 files changed, 15 insertions(+), 71 deletions(-)

diff --git a/taglibs/src/main/java/org/springframework/security/taglibs/TagLibConfig.java b/taglibs/src/main/java/org/springframework/security/taglibs/TagLibConfig.java
index dfbe370fde..64083a679a 100644
--- a/taglibs/src/main/java/org/springframework/security/taglibs/TagLibConfig.java
+++ b/taglibs/src/main/java/org/springframework/security/taglibs/TagLibConfig.java
@@ -33,19 +33,18 @@ public final class TagLibConfig {
 	static Log logger = LogFactory.getLog("spring-security-taglibs");
 
 	static final boolean DISABLE_UI_SECURITY;
+
 	static final String SECURED_UI_PREFIX;
+
 	static final String SECURED_UI_SUFFIX;
 
 	static {
 		String db = System.getProperty("spring.security.disableUISecurity");
 		String prefix = System.getProperty("spring.security.securedUIPrefix");
 		String suffix = System.getProperty("spring.security.securedUISuffix");
-
 		SECURED_UI_PREFIX = (prefix != null) ? prefix : "<span class=\"securityHiddenUI\">";
 		SECURED_UI_SUFFIX = (suffix != null) ? suffix : "</span>";
-
 		DISABLE_UI_SECURITY = "true".equals(db);
-
 		if (DISABLE_UI_SECURITY) {
 			logger.warn("***** UI security is disabled. All unauthorized content will be displayed *****");
 		}
@@ -60,11 +59,7 @@ public final class TagLibConfig {
 	 * @param authorized whether the user is authorized to see the content or not
 	 */
 	public static int evalOrSkip(boolean authorized) {
-		if (authorized || DISABLE_UI_SECURITY) {
-			return Tag.EVAL_BODY_INCLUDE;
-		}
-
-		return Tag.SKIP_BODY;
+		return (authorized || DISABLE_UI_SECURITY) ? Tag.EVAL_BODY_INCLUDE : Tag.SKIP_BODY;
 	}
 
 	public static boolean isUiSecurityDisabled() {
diff --git a/taglibs/src/main/java/org/springframework/security/taglibs/authz/AbstractAuthorizeTag.java b/taglibs/src/main/java/org/springframework/security/taglibs/authz/AbstractAuthorizeTag.java
index 803f569d89..95fb17928f 100644
--- a/taglibs/src/main/java/org/springframework/security/taglibs/authz/AbstractAuthorizeTag.java
+++ b/taglibs/src/main/java/org/springframework/security/taglibs/authz/AbstractAuthorizeTag.java
@@ -93,22 +93,13 @@ public abstract class AbstractAuthorizeTag {
 	 * @throws IOException
 	 */
 	public boolean authorize() throws IOException {
-		boolean isAuthorized;
-
 		if (StringUtils.hasText(getAccess())) {
-			isAuthorized = authorizeUsingAccessExpression();
-
+			return authorizeUsingAccessExpression();
 		}
-		else if (StringUtils.hasText(getUrl())) {
-			isAuthorized = authorizeUsingUrlCheck();
-
+		if (StringUtils.hasText(getUrl())) {
+			return authorizeUsingUrlCheck();
 		}
-		else {
-			isAuthorized = false;
-
-		}
-
-		return isAuthorized;
+		return false;
 	}
 
 	/**
@@ -122,18 +113,14 @@ public abstract class AbstractAuthorizeTag {
 		if (SecurityContextHolder.getContext().getAuthentication() == null) {
 			return false;
 		}
-
 		SecurityExpressionHandler<FilterInvocation> handler = getExpressionHandler();
-
 		Expression accessExpression;
 		try {
 			accessExpression = handler.getExpressionParser().parseExpression(getAccess());
-
 		}
 		catch (ParseException ex) {
 			throw new IOException(ex);
 		}
-
 		return ExpressionUtils.evaluateAsBoolean(accessExpression, createExpressionEvaluationContext(handler));
 	}
 
@@ -144,7 +131,6 @@ public abstract class AbstractAuthorizeTag {
 		FilterInvocation f = new FilterInvocation(getRequest(), getResponse(), (request, response) -> {
 			throw new UnsupportedOperationException();
 		});
-
 		return handler.createEvaluationContext(SecurityContextHolder.getContext().getAuthentication(), f);
 	}
 
@@ -184,21 +170,17 @@ public abstract class AbstractAuthorizeTag {
 		this.method = (method != null) ? method.toUpperCase() : null;
 	}
 
-	/*------------- Private helper methods  -----------------*/
-
 	@SuppressWarnings({ "unchecked", "rawtypes" })
 	private SecurityExpressionHandler<FilterInvocation> getExpressionHandler() throws IOException {
 		ApplicationContext appContext = SecurityWebApplicationContextUtils
 				.findRequiredWebApplicationContext(getServletContext());
 		Map<String, SecurityExpressionHandler> handlers = appContext.getBeansOfType(SecurityExpressionHandler.class);
-
-		for (SecurityExpressionHandler h : handlers.values()) {
-			if (FilterInvocation.class
-					.equals(GenericTypeResolver.resolveTypeArgument(h.getClass(), SecurityExpressionHandler.class))) {
-				return h;
+		for (SecurityExpressionHandler handler : handlers.values()) {
+			if (FilterInvocation.class.equals(
+					GenericTypeResolver.resolveTypeArgument(handler.getClass(), SecurityExpressionHandler.class))) {
+				return handler;
 			}
 		}
-
 		throw new IOException("No visible WebSecurityExpressionHandler instance could be found in the application "
 				+ "context. There must be at least one in order to support expressions in JSP 'authorize' tags.");
 	}
@@ -209,17 +191,14 @@ public abstract class AbstractAuthorizeTag {
 		if (privEvaluatorFromRequest != null) {
 			return privEvaluatorFromRequest;
 		}
-
 		ApplicationContext ctx = SecurityWebApplicationContextUtils
 				.findRequiredWebApplicationContext(getServletContext());
 		Map<String, WebInvocationPrivilegeEvaluator> wipes = ctx.getBeansOfType(WebInvocationPrivilegeEvaluator.class);
-
 		if (wipes.size() == 0) {
 			throw new IOException(
 					"No visible WebInvocationPrivilegeEvaluator instance could be found in the application "
 							+ "context. There must be at least one in order to support the use of URL access checks in 'authorize' tags.");
 		}
-
 		return (WebInvocationPrivilegeEvaluator) wipes.values().toArray()[0];
 	}
 
diff --git a/taglibs/src/main/java/org/springframework/security/taglibs/authz/AccessControlListTag.java b/taglibs/src/main/java/org/springframework/security/taglibs/authz/AccessControlListTag.java
index 0b8ce61b4e..16904672a6 100644
--- a/taglibs/src/main/java/org/springframework/security/taglibs/authz/AccessControlListTag.java
+++ b/taglibs/src/main/java/org/springframework/security/taglibs/authz/AccessControlListTag.java
@@ -72,35 +72,23 @@ public class AccessControlListTag extends TagSupport {
 		if ((null == this.hasPermission) || "".equals(this.hasPermission)) {
 			return skipBody();
 		}
-
 		initializeIfRequired();
-
 		if (this.domainObject == null) {
-			if (logger.isDebugEnabled()) {
-				logger.debug("domainObject resolved to null, so including tag body");
-			}
-
+			logger.debug("domainObject resolved to null, so including tag body");
 			// Of course they have access to a null object!
 			return evalBody();
 		}
-
 		Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
 		if (authentication == null) {
-			if (logger.isDebugEnabled()) {
-				logger.debug(
-						"SecurityContextHolder did not return a non-null Authentication object, so skipping tag body");
-			}
-
+			logger.debug("SecurityContextHolder did not return a non-null Authentication object, so skipping tag body");
 			return skipBody();
 		}
-
 		List<Object> requiredPermissions = parseHasPermission(this.hasPermission);
 		for (Object requiredPermission : requiredPermissions) {
 			if (!this.permissionEvaluator.hasPermission(authentication, this.domainObject, requiredPermission)) {
 				return skipBody();
 			}
 		}
-
 		return evalBody();
 	}
 
@@ -112,7 +100,7 @@ public class AccessControlListTag extends TagSupport {
 			try {
 				parsedPermission = Integer.parseInt(permissionToParse);
 			}
-			catch (NumberFormatException notBitMask) {
+			catch (NumberFormatException ex) {
 			}
 			parsedPermissions.add(parsedPermission);
 		}
@@ -141,7 +129,6 @@ public class AccessControlListTag extends TagSupport {
 	 */
 	protected ApplicationContext getContext(PageContext pageContext) {
 		ServletContext servletContext = pageContext.getServletContext();
-
 		return SecurityWebApplicationContextUtils.findRequiredWebApplicationContext(servletContext);
 	}
 
@@ -157,27 +144,22 @@ public class AccessControlListTag extends TagSupport {
 		if (this.applicationContext != null) {
 			return;
 		}
-
 		this.applicationContext = getContext(this.pageContext);
-
 		this.permissionEvaluator = getBeanOfType(PermissionEvaluator.class);
 	}
 
 	private <T> T getBeanOfType(Class<T> type) throws JspException {
 		Map<String, T> map = this.applicationContext.getBeansOfType(type);
-
 		for (ApplicationContext context = this.applicationContext.getParent(); context != null; context = context
 				.getParent()) {
 			map.putAll(context.getBeansOfType(type));
 		}
-
 		if (map.size() == 0) {
 			return null;
 		}
-		else if (map.size() == 1) {
+		if (map.size() == 1) {
 			return map.values().iterator().next();
 		}
-
 		throw new JspException("Found incorrect number of " + type.getSimpleName() + " instances in "
 				+ "application context - you must have only have one!");
 	}
diff --git a/taglibs/src/main/java/org/springframework/security/taglibs/authz/AuthenticationTag.java b/taglibs/src/main/java/org/springframework/security/taglibs/authz/AuthenticationTag.java
index e65e4e00b7..d7fd43627c 100644
--- a/taglibs/src/main/java/org/springframework/security/taglibs/authz/AuthenticationTag.java
+++ b/taglibs/src/main/java/org/springframework/security/taglibs/authz/AuthenticationTag.java
@@ -91,13 +91,10 @@ public class AuthenticationTag extends TagSupport {
 					|| (SecurityContextHolder.getContext().getAuthentication() == null)) {
 				return Tag.EVAL_PAGE;
 			}
-
 			Authentication auth = SecurityContextHolder.getContext().getAuthentication();
-
 			if (auth.getPrincipal() == null) {
 				return Tag.EVAL_PAGE;
 			}
-
 			try {
 				BeanWrapperImpl wrapper = new BeanWrapperImpl(auth);
 				result = wrapper.getPropertyValue(this.property);
@@ -106,7 +103,6 @@ public class AuthenticationTag extends TagSupport {
 				throw new JspException(ex);
 			}
 		}
-
 		if (this.var != null) {
 			/*
 			 * Store the result, letting an IllegalArgumentException propagate back if the
diff --git a/taglibs/src/main/java/org/springframework/security/taglibs/authz/JspAuthorizeTag.java b/taglibs/src/main/java/org/springframework/security/taglibs/authz/JspAuthorizeTag.java
index f1ae9512d8..e5b4cedb78 100644
--- a/taglibs/src/main/java/org/springframework/security/taglibs/authz/JspAuthorizeTag.java
+++ b/taglibs/src/main/java/org/springframework/security/taglibs/authz/JspAuthorizeTag.java
@@ -68,17 +68,13 @@ public class JspAuthorizeTag extends AbstractAuthorizeTag implements Tag {
 	public int doStartTag() throws JspException {
 		try {
 			this.authorized = super.authorize();
-
 			if (!this.authorized && TagLibConfig.isUiSecurityDisabled()) {
 				this.pageContext.getOut().write(TagLibConfig.getSecuredUiPrefix());
 			}
-
 			if (this.var != null) {
 				this.pageContext.setAttribute(this.var, this.authorized, PageContext.PAGE_SCOPE);
 			}
-
 			return TagLibConfig.evalOrSkip(this.authorized);
-
 		}
 		catch (IOException ex) {
 			throw new JspException(ex);
@@ -105,7 +101,6 @@ public class JspAuthorizeTag extends AbstractAuthorizeTag implements Tag {
 		catch (IOException ex) {
 			throw new JspException(ex);
 		}
-
 		return EVAL_PAGE;
 	}
 
@@ -222,7 +217,6 @@ public class JspAuthorizeTag extends AbstractAuthorizeTag implements Tag {
 		@Override
 		public Object lookupVariable(String name) {
 			Object result = this.delegate.lookupVariable(name);
-
 			if (result == null) {
 				result = JspAuthorizeTag.this.pageContext.findAttribute(name);
 			}
diff --git a/taglibs/src/main/java/org/springframework/security/taglibs/csrf/AbstractCsrfTag.java b/taglibs/src/main/java/org/springframework/security/taglibs/csrf/AbstractCsrfTag.java
index 65509ddba4..d9ad9145d2 100644
--- a/taglibs/src/main/java/org/springframework/security/taglibs/csrf/AbstractCsrfTag.java
+++ b/taglibs/src/main/java/org/springframework/security/taglibs/csrf/AbstractCsrfTag.java
@@ -33,7 +33,6 @@ abstract class AbstractCsrfTag extends TagSupport {
 
 	@Override
 	public int doEndTag() throws JspException {
-
 		CsrfToken token = (CsrfToken) this.pageContext.getRequest().getAttribute(CsrfToken.class.getName());
 		if (token != null) {
 			try {
@@ -43,7 +42,6 @@ abstract class AbstractCsrfTag extends TagSupport {
 				throw new JspException(ex);
 			}
 		}
-
 		return EVAL_PAGE;
 	}
 

From ef951bae90a388217564f60529134ea9b2094b9d Mon Sep 17 00:00:00 2001
From: Phillip Webb <pwebb@vmware.com>
Date: Fri, 31 Jul 2020 23:19:43 -0700
Subject: [PATCH 66/84] Polish spring-security-test main code

Manually polish `spring-security-test` following the formatting
and checkstyle fixes.

Issue gh-8945
---
 .../context/TestSecurityContextHolder.java    |  9 +--
 .../ReactorContextTestExecutionListener.java  |  8 +-
 .../context/support/TestExecutionEvent.java   |  1 +
 .../WithMockUserSecurityContextFactory.java   | 13 +---
 ...hSecurityContextTestExecutionListener.java |  1 -
 ...WithUserDetailsSecurityContextFactory.java |  2 +-
 .../server/SecurityMockServerConfigurers.java | 36 ++++-----
 .../SecurityMockMvcRequestBuilders.java       | 33 +++-----
 .../SecurityMockMvcRequestPostProcessors.java | 76 ++++++-------------
 .../SecurityMockMvcResultMatchers.java        | 26 +++----
 .../setup/SecurityMockMvcConfigurer.java      | 19 ++---
 .../test/web/support/WebTestUtils.java        | 23 +++---
 12 files changed, 88 insertions(+), 159 deletions(-)

diff --git a/test/src/main/java/org/springframework/security/test/context/TestSecurityContextHolder.java b/test/src/main/java/org/springframework/security/test/context/TestSecurityContextHolder.java
index e2602f4d9c..f62938d499 100644
--- a/test/src/main/java/org/springframework/security/test/context/TestSecurityContextHolder.java
+++ b/test/src/main/java/org/springframework/security/test/context/TestSecurityContextHolder.java
@@ -56,12 +56,14 @@ import org.springframework.util.Assert;
  * @author Rob Winch
  * @author Tadaya Tsuyukubo
  * @since 4.0
- *
  */
 public final class TestSecurityContextHolder {
 
 	private static final ThreadLocal<SecurityContext> contextHolder = new ThreadLocal<>();
 
+	private TestSecurityContextHolder() {
+	}
+
 	/**
 	 * Clears the {@link SecurityContext} from {@link TestSecurityContextHolder} and
 	 * {@link SecurityContextHolder}.
@@ -77,12 +79,10 @@ public final class TestSecurityContextHolder {
 	 */
 	public static SecurityContext getContext() {
 		SecurityContext ctx = contextHolder.get();
-
 		if (ctx == null) {
 			ctx = getDefaultContext();
 			contextHolder.set(ctx);
 		}
-
 		return ctx;
 	}
 
@@ -120,7 +120,4 @@ public final class TestSecurityContextHolder {
 		return SecurityContextHolder.getContext();
 	}
 
-	private TestSecurityContextHolder() {
-	}
-
 }
diff --git a/test/src/main/java/org/springframework/security/test/context/support/ReactorContextTestExecutionListener.java b/test/src/main/java/org/springframework/security/test/context/support/ReactorContextTestExecutionListener.java
index c38cb5ad63..dd6dbad701 100644
--- a/test/src/main/java/org/springframework/security/test/context/support/ReactorContextTestExecutionListener.java
+++ b/test/src/main/java/org/springframework/security/test/context/support/ReactorContextTestExecutionListener.java
@@ -52,9 +52,11 @@ public class ReactorContextTestExecutionListener extends DelegatingTestExecution
 	}
 
 	private static TestExecutionListener createDelegate() {
-		return ClassUtils.isPresent(HOOKS_CLASS_NAME, ReactorContextTestExecutionListener.class.getClassLoader())
-				? new DelegateTestExecutionListener() : new AbstractTestExecutionListener() {
-				};
+		if (!ClassUtils.isPresent(HOOKS_CLASS_NAME, ReactorContextTestExecutionListener.class.getClassLoader())) {
+			return new AbstractTestExecutionListener() {
+			};
+		}
+		return new DelegateTestExecutionListener();
 	}
 
 	/**
diff --git a/test/src/main/java/org/springframework/security/test/context/support/TestExecutionEvent.java b/test/src/main/java/org/springframework/security/test/context/support/TestExecutionEvent.java
index e778c552c4..6ea8ed13d0 100644
--- a/test/src/main/java/org/springframework/security/test/context/support/TestExecutionEvent.java
+++ b/test/src/main/java/org/springframework/security/test/context/support/TestExecutionEvent.java
@@ -33,6 +33,7 @@ public enum TestExecutionEvent {
 	 * event.
 	 */
 	TEST_METHOD,
+
 	/**
 	 * Associated to
 	 * {@link org.springframework.test.context.TestExecutionListener#beforeTestExecution(TestContext)}
diff --git a/test/src/main/java/org/springframework/security/test/context/support/WithMockUserSecurityContextFactory.java b/test/src/main/java/org/springframework/security/test/context/support/WithMockUserSecurityContextFactory.java
index 203b0bb599..513723c1f1 100644
--- a/test/src/main/java/org/springframework/security/test/context/support/WithMockUserSecurityContextFactory.java
+++ b/test/src/main/java/org/springframework/security/test/context/support/WithMockUserSecurityContextFactory.java
@@ -27,6 +27,7 @@ import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.core.userdetails.User;
+import org.springframework.util.Assert;
 import org.springframework.util.StringUtils;
 
 /**
@@ -41,21 +42,14 @@ final class WithMockUserSecurityContextFactory implements WithSecurityContextFac
 	@Override
 	public SecurityContext createSecurityContext(WithMockUser withUser) {
 		String username = StringUtils.hasLength(withUser.username()) ? withUser.username() : withUser.value();
-		if (username == null) {
-			throw new IllegalArgumentException(
-					withUser + " cannot have null username on both username and value properties");
-		}
-
+		Assert.notNull(username, () -> withUser + " cannot have null username on both username and value properties");
 		List<GrantedAuthority> grantedAuthorities = new ArrayList<>();
 		for (String authority : withUser.authorities()) {
 			grantedAuthorities.add(new SimpleGrantedAuthority(authority));
 		}
-
 		if (grantedAuthorities.isEmpty()) {
 			for (String role : withUser.roles()) {
-				if (role.startsWith("ROLE_")) {
-					throw new IllegalArgumentException("roles cannot start with ROLE_ Got " + role);
-				}
+				Assert.isTrue(!role.startsWith("ROLE_"), () -> "roles cannot start with ROLE_ Got " + role);
 				grantedAuthorities.add(new SimpleGrantedAuthority("ROLE_" + role));
 			}
 		}
@@ -63,7 +57,6 @@ final class WithMockUserSecurityContextFactory implements WithSecurityContextFac
 			throw new IllegalStateException("You cannot define roles attribute " + Arrays.asList(withUser.roles())
 					+ " with authorities attribute " + Arrays.asList(withUser.authorities()));
 		}
-
 		User principal = new User(username, withUser.password(), true, true, true, true, grantedAuthorities);
 		Authentication authentication = new UsernamePasswordAuthenticationToken(principal, principal.getPassword(),
 				principal.getAuthorities());
diff --git a/test/src/main/java/org/springframework/security/test/context/support/WithSecurityContextTestExecutionListener.java b/test/src/main/java/org/springframework/security/test/context/support/WithSecurityContextTestExecutionListener.java
index 862f79962b..e184e6a28d 100644
--- a/test/src/main/java/org/springframework/security/test/context/support/WithSecurityContextTestExecutionListener.java
+++ b/test/src/main/java/org/springframework/security/test/context/support/WithSecurityContextTestExecutionListener.java
@@ -68,7 +68,6 @@ public class WithSecurityContextTestExecutionListener extends AbstractTestExecut
 		if (testSecurityContext == null) {
 			return;
 		}
-
 		Supplier<SecurityContext> supplier = testSecurityContext.getSecurityContextSupplier();
 		if (testSecurityContext.getTestExecutionEvent() == TestExecutionEvent.TEST_METHOD) {
 			TestSecurityContextHolder.setContext(supplier.get());
diff --git a/test/src/main/java/org/springframework/security/test/context/support/WithUserDetailsSecurityContextFactory.java b/test/src/main/java/org/springframework/security/test/context/support/WithUserDetailsSecurityContextFactory.java
index 3816316ab1..cabc9e348b 100644
--- a/test/src/main/java/org/springframework/security/test/context/support/WithUserDetailsSecurityContextFactory.java
+++ b/test/src/main/java/org/springframework/security/test/context/support/WithUserDetailsSecurityContextFactory.java
@@ -84,7 +84,7 @@ final class WithUserDetailsSecurityContextFactory implements WithSecurityContext
 					: this.beans.getBean(ReactiveUserDetailsService.class);
 			return new ReactiveUserDetailsServiceAdapter(reactiveUserDetailsService);
 		}
-		catch (NoSuchBeanDefinitionException | BeanNotOfRequiredTypeException notReactive) {
+		catch (NoSuchBeanDefinitionException | BeanNotOfRequiredTypeException ex) {
 			return null;
 		}
 	}
diff --git a/test/src/main/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurers.java b/test/src/main/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurers.java
index 98375bc6ee..6b21de46cc 100644
--- a/test/src/main/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurers.java
+++ b/test/src/main/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurers.java
@@ -108,10 +108,12 @@ public final class SecurityMockServerConfigurers {
 	 */
 	public static MockServerConfigurer springSecurity() {
 		return new MockServerConfigurer() {
+
 			@Override
 			public void beforeServerCreated(WebHttpHandlerBuilder builder) {
 				builder.filters((filters) -> filters.add(0, new MutatorFilter()));
 			}
+
 		};
 	}
 
@@ -992,26 +994,22 @@ public final class SecurityMockServerConfigurers {
 		}
 
 		private Collection<GrantedAuthority> getAuthorities() {
-			if (this.authorities == null) {
-				Set<GrantedAuthority> authorities = new LinkedHashSet<>();
-				authorities.add(new OidcUserAuthority(getOidcIdToken(), getOidcUserInfo()));
-				for (String authority : this.accessToken.getScopes()) {
-					authorities.add(new SimpleGrantedAuthority("SCOPE_" + authority));
-				}
-				return authorities;
-			}
-			else {
+			if (this.authorities != null) {
 				return this.authorities;
 			}
+			Set<GrantedAuthority> authorities = new LinkedHashSet<>();
+			authorities.add(new OidcUserAuthority(getOidcIdToken(), getOidcUserInfo()));
+			for (String authority : this.accessToken.getScopes()) {
+				authorities.add(new SimpleGrantedAuthority("SCOPE_" + authority));
+			}
+			return authorities;
 		}
 
 		private OidcIdToken getOidcIdToken() {
-			if (this.idToken == null) {
-				return new OidcIdToken("id-token", null, null, Collections.singletonMap(IdTokenClaimNames.SUB, "user"));
-			}
-			else {
+			if (this.idToken != null) {
 				return this.idToken;
 			}
+			return new OidcIdToken("id-token", null, null, Collections.singletonMap(IdTokenClaimNames.SUB, "user"));
 		}
 
 		private OidcUserInfo getOidcUserInfo() {
@@ -1071,7 +1069,6 @@ public final class SecurityMockServerConfigurers {
 		 */
 		public OAuth2ClientMutator clientRegistration(
 				Consumer<ClientRegistration.Builder> clientRegistrationConfigurer) {
-
 			ClientRegistration.Builder builder = clientRegistrationBuilder();
 			clientRegistrationConfigurer.accept(builder);
 			this.clientRegistration = builder.build();
@@ -1108,7 +1105,6 @@ public final class SecurityMockServerConfigurers {
 
 		@Override
 		public void afterConfigureAdded(WebTestClient.MockServerSpec<?> serverSpec) {
-
 		}
 
 		@Override
@@ -1134,10 +1130,8 @@ public final class SecurityMockServerConfigurers {
 		}
 
 		private OAuth2AuthorizedClient getClient() {
-			if (this.clientRegistration == null) {
-				throw new IllegalArgumentException(
-						"Please specify a ClientRegistration via one " + "of the clientRegistration methods");
-			}
+			Assert.notNull(this.clientRegistration,
+					"Please specify a ClientRegistration via one of the clientRegistration methods");
 			return new OAuth2AuthorizedClient(this.clientRegistration, this.principalName, this.accessToken);
 		}
 
@@ -1173,9 +1167,7 @@ public final class SecurityMockServerConfigurers {
 					OAuth2AuthorizedClient client = exchange.getAttribute(TOKEN_ATTR_NAME);
 					return Mono.just(client);
 				}
-				else {
-					return this.delegate.authorize(authorizeRequest);
-				}
+				return this.delegate.authorize(authorizeRequest);
 			}
 
 			static void enable(ServerWebExchange exchange) {
diff --git a/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestBuilders.java b/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestBuilders.java
index 98754c1369..58058b4537 100644
--- a/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestBuilders.java
+++ b/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestBuilders.java
@@ -36,10 +36,12 @@ import static org.springframework.test.web.servlet.request.MockMvcRequestBuilder
  *
  * @author Rob Winch
  * @since 4.0
- *
  */
 public final class SecurityMockMvcRequestBuilders {
 
+	private SecurityMockMvcRequestBuilders() {
+	}
+
 	/**
 	 * Creates a request (including any necessary {@link CsrfToken}) that will submit a
 	 * form based login to POST "/login".
@@ -91,18 +93,18 @@ public final class SecurityMockMvcRequestBuilders {
 
 		private Mergeable parent;
 
+		private LogoutRequestBuilder() {
+		}
+
 		@Override
 		public MockHttpServletRequest buildRequest(ServletContext servletContext) {
 			MockHttpServletRequestBuilder logoutRequest = post(this.logoutUrl).accept(MediaType.TEXT_HTML,
 					MediaType.ALL);
-
 			if (this.parent != null) {
 				logoutRequest = (MockHttpServletRequestBuilder) logoutRequest.merge(this.parent);
 			}
-
 			MockHttpServletRequest request = logoutRequest.buildRequest(servletContext);
 			logoutRequest.postProcessRequest(request);
-
 			return this.postProcessor.postProcessRequest(request);
 		}
 
@@ -141,12 +143,7 @@ public final class SecurityMockMvcRequestBuilders {
 				this.parent = (Mergeable) parent;
 				return this;
 			}
-			else {
-				throw new IllegalArgumentException("Cannot merge with [" + parent.getClass().getName() + "]");
-			}
-		}
-
-		private LogoutRequestBuilder() {
+			throw new IllegalArgumentException("Cannot merge with [" + parent.getClass().getName() + "]");
 		}
 
 	}
@@ -175,18 +172,18 @@ public final class SecurityMockMvcRequestBuilders {
 
 		private RequestPostProcessor postProcessor = csrf();
 
+		private FormLoginRequestBuilder() {
+		}
+
 		@Override
 		public MockHttpServletRequest buildRequest(ServletContext servletContext) {
 			MockHttpServletRequestBuilder loginRequest = post(this.loginProcessingUrl).accept(this.acceptMediaType)
 					.param(this.usernameParam, this.username).param(this.passwordParam, this.password);
-
 			if (this.parent != null) {
 				loginRequest = (MockHttpServletRequestBuilder) loginRequest.merge(this.parent);
 			}
-
 			MockHttpServletRequest request = loginRequest.buildRequest(servletContext);
 			loginRequest.postProcessRequest(request);
-
 			return this.postProcessor.postProcessRequest(request);
 		}
 
@@ -305,17 +302,9 @@ public final class SecurityMockMvcRequestBuilders {
 				this.parent = (Mergeable) parent;
 				return this;
 			}
-			else {
-				throw new IllegalArgumentException("Cannot merge with [" + parent.getClass().getName() + "]");
-			}
+			throw new IllegalArgumentException("Cannot merge with [" + parent.getClass().getName() + "]");
 		}
 
-		private FormLoginRequestBuilder() {
-		}
-
-	}
-
-	private SecurityMockMvcRequestBuilders() {
 	}
 
 }
diff --git a/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessors.java b/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessors.java
index 975c684174..a1d88b2e09 100644
--- a/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessors.java
+++ b/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessors.java
@@ -116,6 +116,9 @@ import org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandl
  */
 public final class SecurityMockMvcRequestPostProcessors {
 
+	private SecurityMockMvcRequestPostProcessors() {
+	}
+
 	/**
 	 * Creates a DigestRequestPostProcessor that enables easily adding digest based
 	 * authentication to a request.
@@ -634,7 +637,6 @@ public final class SecurityMockMvcRequestPostProcessors {
 			String toDigest = expiryTime + ":" + "key";
 			String signatureValue = md5Hex(toDigest);
 			String nonceValue = expiryTime + ":" + signatureValue;
-
 			return new String(Base64.getEncoder().encode(nonceValue.getBytes()));
 		}
 
@@ -649,7 +651,6 @@ public final class SecurityMockMvcRequestPostProcessors {
 
 		@Override
 		public MockHttpServletRequest postProcessRequest(MockHttpServletRequest request) {
-
 			request.addHeader("Authorization", createAuthorizationHeader(request));
 			return request;
 		}
@@ -676,28 +677,19 @@ public final class SecurityMockMvcRequestPostProcessors {
 			String a1Md5 = encodePasswordInA1Format(username, realm, password);
 			String a2 = httpMethod + ":" + uri;
 			String a2Md5 = md5Hex(a2);
-
-			String digest;
-
 			if (qop == null) {
 				// as per RFC 2069 compliant clients (also reaffirmed by RFC 2617)
-				digest = a1Md5 + ":" + nonce + ":" + a2Md5;
+				return md5Hex(a1Md5 + ":" + nonce + ":" + a2Md5);
 			}
-			else if ("auth".equals(qop)) {
+			if ("auth".equals(qop)) {
 				// As per RFC 2617 compliant clients
-				digest = a1Md5 + ":" + nonce + ":" + nc + ":" + cnonce + ":" + qop + ":" + a2Md5;
+				return md5Hex(a1Md5 + ":" + nonce + ":" + nc + ":" + cnonce + ":" + qop + ":" + a2Md5);
 			}
-			else {
-				throw new IllegalArgumentException("This method does not support a qop: '" + qop + "'");
-			}
-
-			return md5Hex(digest);
+			throw new IllegalArgumentException("This method does not support a qop: '" + qop + "'");
 		}
 
 		static String encodePasswordInA1Format(String username, String realm, String password) {
-			String a1 = username + ":" + realm + ":" + password;
-
-			return md5Hex(a1);
+			return md5Hex(username + ":" + realm + ":" + password);
 		}
 
 		private static String md5Hex(String a2) {
@@ -736,15 +728,11 @@ public final class SecurityMockMvcRequestPostProcessors {
 				securityContextRepository = new TestSecurityContextRepository(securityContextRepository);
 				WebTestUtils.setSecurityContextRepository(request, securityContextRepository);
 			}
-
 			HttpServletResponse response = new MockHttpServletResponse();
-
 			HttpRequestResponseHolder requestResponseHolder = new HttpRequestResponseHolder(request, response);
 			securityContextRepository.loadContext(requestResponseHolder);
-
 			request = requestResponseHolder.getRequest();
 			response = requestResponseHolder.getResponse();
-
 			securityContextRepository.saveContext(securityContext, request, response);
 		}
 
@@ -812,12 +800,10 @@ public final class SecurityMockMvcRequestPostProcessors {
 			if (existingContext != null) {
 				return request;
 			}
-
 			SecurityContext context = TestSecurityContextHolder.getContext();
 			if (!this.EMPTY.equals(context)) {
 				save(context, request);
 			}
-
 			return request;
 		}
 
@@ -889,7 +875,6 @@ public final class SecurityMockMvcRequestPostProcessors {
 		UserDetailsRequestPostProcessor(UserDetails user) {
 			Authentication token = new UsernamePasswordAuthenticationToken(user, user.getPassword(),
 					user.getAuthorities());
-
 			this.delegate = new AuthenticationRequestPostProcessor(token);
 		}
 
@@ -948,13 +933,9 @@ public final class SecurityMockMvcRequestPostProcessors {
 		public UserRequestPostProcessor roles(String... roles) {
 			List<GrantedAuthority> authorities = new ArrayList<>(roles.length);
 			for (String role : roles) {
-				if (role.startsWith(ROLE_PREFIX)) {
-					throw new IllegalArgumentException("Role should not start with " + ROLE_PREFIX
-							+ " since this method automatically prefixes with this value. Got " + role);
-				}
-				else {
-					authorities.add(new SimpleGrantedAuthority(ROLE_PREFIX + role));
-				}
+				Assert.isTrue(!role.startsWith(ROLE_PREFIX), () -> "Role should not start with " + ROLE_PREFIX
+						+ " since this method automatically prefixes with this value. Got " + role);
+				authorities.add(new SimpleGrantedAuthority(ROLE_PREFIX + role));
 			}
 			this.authorities = authorities;
 			return this;
@@ -1027,8 +1008,7 @@ public final class SecurityMockMvcRequestPostProcessors {
 		private String headerValue;
 
 		private HttpBasicRequestPostProcessor(String username, String password) {
-			byte[] toEncode;
-			toEncode = (username + ":" + password).getBytes(StandardCharsets.UTF_8);
+			byte[] toEncode = (username + ":" + password).getBytes(StandardCharsets.UTF_8);
 			this.headerValue = "Basic " + new String(Base64.getEncoder().encode(toEncode));
 		}
 
@@ -1356,7 +1336,6 @@ public final class SecurityMockMvcRequestPostProcessors {
 			OAuth2User oauth2User = this.oauth2User.get();
 			OAuth2AuthenticationToken token = new OAuth2AuthenticationToken(oauth2User, oauth2User.getAuthorities(),
 					this.clientRegistration.getRegistrationId());
-
 			request = new AuthenticationRequestPostProcessor(token).postProcessRequest(request);
 			return new OAuth2ClientRequestPostProcessor().clientRegistration(this.clientRegistration)
 					.principalName(oauth2User.getName()).accessToken(this.accessToken).postProcessRequest(request);
@@ -1504,26 +1483,22 @@ public final class SecurityMockMvcRequestPostProcessors {
 		}
 
 		private Collection<GrantedAuthority> getAuthorities() {
-			if (this.authorities == null) {
-				Set<GrantedAuthority> authorities = new LinkedHashSet<>();
-				authorities.add(new OidcUserAuthority(getOidcIdToken(), getOidcUserInfo()));
-				for (String authority : this.accessToken.getScopes()) {
-					authorities.add(new SimpleGrantedAuthority("SCOPE_" + authority));
-				}
-				return authorities;
-			}
-			else {
+			if (this.authorities != null) {
 				return this.authorities;
 			}
+			Set<GrantedAuthority> authorities = new LinkedHashSet<>();
+			authorities.add(new OidcUserAuthority(getOidcIdToken(), getOidcUserInfo()));
+			for (String authority : this.accessToken.getScopes()) {
+				authorities.add(new SimpleGrantedAuthority("SCOPE_" + authority));
+			}
+			return authorities;
 		}
 
 		private OidcIdToken getOidcIdToken() {
-			if (this.idToken == null) {
-				return new OidcIdToken("id-token", null, null, Collections.singletonMap(IdTokenClaimNames.SUB, "user"));
-			}
-			else {
+			if (this.idToken != null) {
 				return this.idToken;
 			}
+			return new OidcIdToken("id-token", null, null, Collections.singletonMap(IdTokenClaimNames.SUB, "user"));
 		}
 
 		private OidcUserInfo getOidcUserInfo() {
@@ -1577,7 +1552,6 @@ public final class SecurityMockMvcRequestPostProcessors {
 		 */
 		public OAuth2ClientRequestPostProcessor clientRegistration(
 				Consumer<ClientRegistration.Builder> clientRegistrationConfigurer) {
-
 			ClientRegistration.Builder builder = clientRegistrationBuilder();
 			clientRegistrationConfigurer.accept(builder);
 			this.clientRegistration = builder.build();
@@ -1613,7 +1587,6 @@ public final class SecurityMockMvcRequestPostProcessors {
 			}
 			OAuth2AuthorizedClient client = new OAuth2AuthorizedClient(this.clientRegistration, this.principalName,
 					this.accessToken);
-
 			OAuth2AuthorizedClientManager authorizationClientManager = OAuth2ClientServletTestUtils
 					.getOAuth2AuthorizedClientManager(request);
 			if (!(authorizationClientManager instanceof TestOAuth2AuthorizedClientManager)) {
@@ -1654,9 +1627,7 @@ public final class SecurityMockMvcRequestPostProcessors {
 				if (isEnabled(request)) {
 					return (OAuth2AuthorizedClient) request.getAttribute(TOKEN_ATTR_NAME);
 				}
-				else {
-					return this.delegate.authorize(authorizeRequest);
-				}
+				return this.delegate.authorize(authorizeRequest);
 			}
 
 			static void enable(HttpServletRequest request) {
@@ -1762,7 +1733,4 @@ public final class SecurityMockMvcRequestPostProcessors {
 
 	}
 
-	private SecurityMockMvcRequestPostProcessors() {
-	}
-
 }
diff --git a/test/src/main/java/org/springframework/security/test/web/servlet/response/SecurityMockMvcResultMatchers.java b/test/src/main/java/org/springframework/security/test/web/servlet/response/SecurityMockMvcResultMatchers.java
index 3f7f7355aa..d27f1c5afb 100644
--- a/test/src/main/java/org/springframework/security/test/web/servlet/response/SecurityMockMvcResultMatchers.java
+++ b/test/src/main/java/org/springframework/security/test/web/servlet/response/SecurityMockMvcResultMatchers.java
@@ -43,6 +43,9 @@ import org.springframework.test.web.servlet.ResultMatcher;
  */
 public final class SecurityMockMvcResultMatchers {
 
+	private SecurityMockMvcResultMatchers() {
+	}
+
 	/**
 	 * {@link ResultMatcher} that verifies that a specified user is authenticated.
 	 * @return the {@link AuthenticatedMatcher} to use
@@ -90,29 +93,26 @@ public final class SecurityMockMvcResultMatchers {
 
 		private Consumer<Authentication> assertAuthentication;
 
+		AuthenticatedMatcher() {
+		}
+
 		@Override
 		public void match(MvcResult result) {
 			SecurityContext context = load(result);
-
 			Authentication auth = context.getAuthentication();
-
 			AssertionErrors.assertTrue("Authentication should not be null", auth != null);
-
 			if (this.assertAuthentication != null) {
 				this.assertAuthentication.accept(auth);
 			}
-
 			if (this.expectedContext != null) {
 				AssertionErrors.assertEquals(this.expectedContext + " does not equal " + context, this.expectedContext,
 						context);
 			}
-
 			if (this.expectedAuthentication != null) {
 				AssertionErrors.assertEquals(
 						this.expectedAuthentication + " does not equal " + context.getAuthentication(),
 						this.expectedAuthentication, context.getAuthentication());
 			}
-
 			if (this.expectedAuthenticationPrincipal != null) {
 				AssertionErrors.assertTrue("Authentication cannot be null", context.getAuthentication() != null);
 				AssertionErrors.assertEquals(
@@ -120,14 +120,12 @@ public final class SecurityMockMvcResultMatchers {
 								+ context.getAuthentication().getPrincipal(),
 						this.expectedAuthenticationPrincipal, context.getAuthentication().getPrincipal());
 			}
-
 			if (this.expectedAuthenticationName != null) {
 				AssertionErrors.assertTrue("Authentication cannot be null", auth != null);
 				String name = auth.getName();
 				AssertionErrors.assertEquals(this.expectedAuthenticationName + " does not equal " + name,
 						this.expectedAuthenticationName, name);
 			}
-
 			if (this.expectedGrantedAuthorities != null) {
 				AssertionErrors.assertTrue("Authentication cannot be null", auth != null);
 				Collection<? extends GrantedAuthority> authorities = auth.getAuthorities();
@@ -222,9 +220,6 @@ public final class SecurityMockMvcResultMatchers {
 			return withAuthorities(authorities);
 		}
 
-		AuthenticatedMatcher() {
-		}
-
 	}
 
 	/**
@@ -238,6 +233,9 @@ public final class SecurityMockMvcResultMatchers {
 
 		private AuthenticationTrustResolver trustResolver = new AuthenticationTrustResolverImpl();
 
+		private UnAuthenticatedMatcher() {
+		}
+
 		@Override
 		public void match(MvcResult result) {
 			SecurityContext context = load(result);
@@ -247,12 +245,6 @@ public final class SecurityMockMvcResultMatchers {
 					authentication == null || this.trustResolver.isAnonymous(authentication));
 		}
 
-		private UnAuthenticatedMatcher() {
-		}
-
-	}
-
-	private SecurityMockMvcResultMatchers() {
 	}
 
 }
diff --git a/test/src/main/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurer.java b/test/src/main/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurer.java
index 0a0df842c3..98173963c1 100644
--- a/test/src/main/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurer.java
+++ b/test/src/main/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurer.java
@@ -29,6 +29,7 @@ import org.springframework.security.config.BeanIds;
 import org.springframework.test.web.servlet.request.RequestPostProcessor;
 import org.springframework.test.web.servlet.setup.ConfigurableMockMvcBuilder;
 import org.springframework.test.web.servlet.setup.MockMvcConfigurerAdapter;
+import org.springframework.util.Assert;
 import org.springframework.web.context.WebApplicationContext;
 
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.testSecurityContext;
@@ -72,15 +73,11 @@ final class SecurityMockMvcConfigurer extends MockMvcConfigurerAdapter {
 		if (getSpringSecurityFilterChain() == null && context.containsBean(securityBeanId)) {
 			setSpringSecurityFitlerChain(context.getBean(securityBeanId, Filter.class));
 		}
-
-		if (getSpringSecurityFilterChain() == null) {
-			throw new IllegalStateException("springSecurityFilterChain cannot be null. Ensure a Bean with the name "
-					+ securityBeanId + " implementing Filter is present or inject the Filter to be used.");
-		}
-
+		Assert.state(getSpringSecurityFilterChain() != null,
+				() -> "springSecurityFilterChain cannot be null. Ensure a Bean with the name " + securityBeanId
+						+ " implementing Filter is present or inject the Filter to be used.");
 		// This is used by other test support to obtain the FilterChainProxy
 		context.getServletContext().setAttribute(BeanIds.SPRING_SECURITY_FILTER_CHAIN, getSpringSecurityFilterChain());
-
 		return testSecurityContext();
 	}
 
@@ -118,11 +115,9 @@ final class SecurityMockMvcConfigurer extends MockMvcConfigurerAdapter {
 
 		Filter getDelegate() {
 			Filter result = this.delegate;
-			if (result == null) {
-				throw new IllegalStateException(
-						"delegate cannot be null. Ensure a Bean with the name " + BeanIds.SPRING_SECURITY_FILTER_CHAIN
-								+ " implementing Filter is present or inject the Filter to be used.");
-			}
+			Assert.state(result != null,
+					() -> "delegate cannot be null. Ensure a Bean with the name " + BeanIds.SPRING_SECURITY_FILTER_CHAIN
+							+ " implementing Filter is present or inject the Filter to be used.");
 			return result;
 		}
 
diff --git a/test/src/main/java/org/springframework/security/test/web/support/WebTestUtils.java b/test/src/main/java/org/springframework/security/test/web/support/WebTestUtils.java
index 5c657163a1..8f9a79f51d 100644
--- a/test/src/main/java/org/springframework/security/test/web/support/WebTestUtils.java
+++ b/test/src/main/java/org/springframework/security/test/web/support/WebTestUtils.java
@@ -47,6 +47,9 @@ public abstract class WebTestUtils {
 
 	private static final CsrfTokenRepository DEFAULT_TOKEN_REPO = new HttpSessionCsrfTokenRepository();
 
+	private WebTestUtils() {
+	}
+
 	/**
 	 * Gets the {@link SecurityContextRepository} for the specified
 	 * {@link HttpServletRequest}. If one is not found, a default
@@ -134,18 +137,16 @@ public abstract class WebTestUtils {
 		}
 		WebApplicationContext webApplicationContext = WebApplicationContextUtils
 				.getWebApplicationContext(servletContext);
-		if (webApplicationContext != null) {
-			try {
-				return webApplicationContext.getBean(AbstractSecurityWebApplicationInitializer.DEFAULT_FILTER_NAME,
-						Filter.class);
-			}
-			catch (NoSuchBeanDefinitionException notFound) {
-			}
+		if (webApplicationContext == null) {
+			return null;
+		}
+		try {
+			String beanName = AbstractSecurityWebApplicationInitializer.DEFAULT_FILTER_NAME;
+			return webApplicationContext.getBean(beanName, Filter.class);
+		}
+		catch (NoSuchBeanDefinitionException ex) {
+			return null;
 		}
-		return null;
-	}
-
-	private WebTestUtils() {
 	}
 
 }

From 5bdd7571088ea7c34f90b1162cc5abcbca127ee1 Mon Sep 17 00:00:00 2001
From: Phillip Webb <pwebb@vmware.com>
Date: Mon, 3 Aug 2020 22:57:18 -0700
Subject: [PATCH 67/84] Polish spring-security-web main code

Manually polish `spring-security-web` following the formatting
and checkstyle fixes.

Issue gh-8945
---
 .../web/AuthenticationEntryPoint.java         |   1 -
 .../security/web/DefaultRedirectStrategy.java |  24 +-
 .../web/DefaultSecurityFilterChain.java       |   3 +-
 .../security/web/FilterChainProxy.java        |  86 ++--
 .../security/web/FilterInvocation.java        |  19 +-
 .../security/web/PortMapperImpl.java          |  18 +-
 .../security/web/PortResolverImpl.java        |  21 +-
 .../web/access/AccessDeniedHandlerImpl.java   |  34 +-
 ...efaultWebInvocationPrivilegeEvaluator.java |  31 +-
 .../access/ExceptionTranslationFilter.java    | 105 ++---
 .../channel/AbstractRetryEntryPoint.java      |  22 +-
 .../channel/ChannelDecisionManagerImpl.java   |  13 +-
 .../channel/ChannelProcessingFilter.java      |  51 +--
 .../web/access/channel/ChannelProcessor.java  |   1 -
 .../channel/InsecureChannelProcessor.java     |   5 +-
 .../channel/SecureChannelProcessor.java       |   1 -
 ...ariableEvaluationContextPostProcessor.java |  46 +-
 ...ilterInvocationSecurityMetadataSource.java |  41 +-
 .../access/expression/WebExpressionVoter.java |  25 +-
 .../expression/WebSecurityExpressionRoot.java |   9 +-
 ...ilterInvocationSecurityMetadataSource.java |   7 +-
 .../intercept/FilterSecurityInterceptor.java  |  43 +-
 .../web/access/intercept/RequestKey.java      |   1 -
 ...bstractAuthenticationProcessingFilter.java |  60 +--
 ...AuthenticationTargetUrlRequestHandler.java |  14 +-
 .../AnonymousAuthenticationFilter.java        |  24 +-
 ...uthenticationEntryPointFailureHandler.java |   2 +-
 .../authentication/AuthenticationFilter.java  |   6 -
 .../DelegatingAuthenticationEntryPoint.java   |  18 +-
 ...elegatingAuthenticationFailureHandler.java |   3 -
 ...onMappingAuthenticationFailureHandler.java |   1 -
 .../Http403ForbiddenEntryPoint.java           |   4 +-
 .../LoginUrlAuthenticationEntryPoint.java     |  77 ++--
 ...uestAwareAuthenticationSuccessHandler.java |   5 -
 ...SimpleUrlAuthenticationFailureHandler.java |  31 +-
 ...SimpleUrlAuthenticationSuccessHandler.java |   8 +-
 .../UsernamePasswordAuthenticationFilter.java |  17 +-
 .../WebAuthenticationDetails.java             |  27 +-
 .../logout/CookieClearingLogoutHandler.java   |   8 +-
 .../authentication/logout/LogoutFilter.java   |  18 +-
 .../logout/SecurityContextLogoutHandler.java  |   5 +-
 ...tractPreAuthenticatedProcessingFilter.java |  74 +---
 ...reAuthenticatedAuthenticationProvider.java |  26 +-
 ...edAuthoritiesWebAuthenticationDetails.java |   1 -
 .../RequestAttributeAuthenticationFilter.java |   3 -
 .../RequestHeaderAuthenticationFilter.java    |   3 -
 ...ticatedWebAuthenticationDetailsSource.java |  16 +-
 .../J2eePreAuthenticatedProcessingFilter.java |   5 +-
 .../WebXmlMappableAttributesRetriever.java    |  27 +-
 .../DefaultWASUsernameAndGroupsExtractor.java |  73 ++--
 ...pherePreAuthenticatedProcessingFilter.java |   5 +-
 ...ticatedWebAuthenticationDetailsSource.java |   6 +-
 .../x509/SubjectDnX509PrincipalExtractor.java |  16 +-
 .../x509/X509AuthenticationFilter.java        |  20 +-
 .../AbstractRememberMeServices.java           |  74 +---
 .../InMemoryTokenRepositoryImpl.java          |   7 -
 .../rememberme/JdbcTokenRepositoryImpl.java   |  26 +-
 ...ersistentTokenBasedRememberMeServices.java |  27 +-
 .../RememberMeAuthenticationFilter.java       |  91 ++--
 .../TokenBasedRememberMeServices.java         |  91 ++--
 ...ractSessionFixationProtectionStrategy.java |  13 +-
 ...ompositeSessionAuthenticationStrategy.java |  10 +-
 ...tSessionControlAuthenticationStrategy.java |  11 +-
 .../SessionFixationProtectionStrategy.java    |  29 +-
 .../switchuser/SwitchUserFilter.java          |  86 ++--
 .../ui/DefaultLoginPageGeneratingFilter.java  | 146 ++++---
 .../ui/DefaultLogoutPageGeneratingFilter.java |  48 ++-
 .../www/BasicAuthenticationConverter.java     |  23 +-
 .../www/BasicAuthenticationFilter.java        |  69 +--
 .../authentication/www/DigestAuthUtils.java   |  60 +--
 .../www/DigestAuthenticationEntryPoint.java   |  36 +-
 .../www/DigestAuthenticationFilter.java       | 132 ++----
 ...thenticationPrincipalArgumentResolver.java |   4 +-
 ...ractSecurityWebApplicationInitializer.java |  11 +-
 .../HttpSessionSecurityContextRepository.java | 140 ++-----
 ...ContextOnUpdateOrErrorResponseWrapper.java |   2 +-
 .../SecurityContextPersistenceFilter.java     |  32 +-
 .../WebAsyncManagerIntegrationFilter.java     |   2 -
 .../SecurityWebApplicationContextUtils.java   |  26 +-
 .../web/csrf/CookieCsrfTokenRepository.java   |  25 +-
 .../web/csrf/CsrfAuthenticationStrategy.java  |   2 -
 .../security/web/csrf/CsrfFilter.java         |  23 +-
 .../security/web/csrf/CsrfToken.java          |   1 -
 .../web/csrf/LazyCsrfTokenRepository.java     |   8 +-
 .../security/web/debug/DebugFilter.java       |  26 +-
 .../web/firewall/DefaultHttpFirewall.java     |  34 +-
 .../web/firewall/FirewalledResponse.java      |   6 +-
 .../HttpStatusRequestRejectedHandler.java     |   8 +-
 .../security/web/firewall/RequestWrapper.java |  24 +-
 .../web/firewall/StrictHttpFirewall.java      | 395 +++++++++---------
 .../security/web/header/Header.java           |  14 +-
 .../web/header/HeaderWriterFilter.java        |   1 -
 .../writers/ClearSiteDataHeaderWriter.java    |  23 +-
 .../ContentSecurityPolicyHeaderWriter.java    |   2 +-
 .../web/header/writers/HpkpHeaderWriter.java  |  28 +-
 .../web/header/writers/HstsHeaderWriter.java  |  18 +-
 .../writers/ReferrerPolicyHeaderWriter.java   |  21 +-
 ...ractRequestParameterAllowFromStrategy.java |   9 +-
 .../XFrameOptionsHeaderWriter.java            |  14 +-
 .../security/web/http/SecurityHeaders.java    |   6 +-
 .../web/jaasapi/JaasApiIntegrationFilter.java |  31 +-
 ...icatedAuthenticationTokenDeserializer.java |  25 +-
 ...thenticationPrincipalArgumentResolver.java |  15 +-
 ...urrentSecurityContextArgumentResolver.java |  21 +-
 ...thenticationPrincipalArgumentResolver.java |  26 +-
 ...urrentSecurityContextArgumentResolver.java |  30 +-
 .../web/savedrequest/CookieRequestCache.java  |  92 ++--
 .../web/savedrequest/DefaultSavedRequest.java |  61 +--
 .../security/web/savedrequest/Enumerator.java |   3 -
 .../web/savedrequest/FastHttpDateFormat.java  |  61 ++-
 .../savedrequest/HttpSessionRequestCache.java |  36 +-
 .../savedrequest/RequestCacheAwareFilter.java |   2 -
 .../web/savedrequest/SavedCookie.java         |  20 +-
 .../SavedRequestAwareWrapper.java             |  30 +-
 .../server/DefaultServerRedirectStrategy.java |   5 +-
 ...egatingServerAuthenticationEntryPoint.java |  25 +-
 ...erverHttpBasicAuthenticationConverter.java |  16 +-
 .../web/server/WebFilterChainProxy.java       |   3 +-
 .../AnonymousAuthenticationWebFilter.java     |  14 +-
 ...tionConverterServerWebExchangeMatcher.java |   2 +-
 .../AuthenticationWebFilter.java              |  12 +-
 ...PreAuthenticatedAuthenticationManager.java |   7 +-
 .../ServerX509AuthenticationConverter.java    |  18 +-
 .../authentication/SwitchUserWebFilter.java   |  52 +--
 .../logout/LogoutWebFilter.java               |   5 +-
 .../authorization/AuthorizationWebFilter.java |  14 +-
 ...elegatingReactiveAuthorizationManager.java |   9 +-
 ...geDelegatingServerAccessDeniedHandler.java |   2 +-
 .../context/ReactorContextWebFilter.java      |   4 +-
 .../SecurityContextServerWebExchange.java     |   2 +-
 ...essionServerSecurityContextRepository.java |  23 +-
 .../csrf/CookieServerCsrfTokenRepository.java |   2 -
 .../web/server/csrf/CsrfWebFilter.java        |   8 +-
 .../web/server/csrf/DefaultCsrfToken.java     |  16 +-
 .../WebSessionServerCsrfTokenRepository.java  |   4 +-
 .../ClearSiteDataServerHttpHeadersWriter.java |  14 +-
 ...SecurityPolicyServerHttpHeadersWriter.java |  13 +-
 .../FeaturePolicyServerHttpHeadersWriter.java |   9 +-
 ...ReferrerPolicyServerHttpHeadersWriter.java |  20 +-
 ...nsportSecurityServerHttpHeadersWriter.java |   9 +-
 .../XFrameOptionsServerHttpHeadersWriter.java |   8 +-
 ...XXssProtectionServerHttpHeadersWriter.java |  11 +-
 .../jackson2/WebServerJackson2Module.java     |   6 +-
 .../CookieServerRequestCache.java             |   8 +-
 .../WebSessionServerRequestCache.java         |   9 +-
 .../transport/HttpsRedirectWebFilter.java     |  11 +-
 .../ui/LoginPageGeneratingWebFilter.java      |  65 +--
 .../ui/LogoutPageGeneratingWebFilter.java     |  40 +-
 .../matcher/AndServerWebExchangeMatcher.java  |  16 +-
 .../MediaTypeServerWebExchangeMatcher.java    |  15 +-
 .../NegatedServerWebExchangeMatcher.java      |  13 +-
 .../matcher/OrServerWebExchangeMatcher.java   |  18 +-
 .../matcher/ServerWebExchangeMatchers.java    |   8 +-
 .../csrf/CsrfRequestDataValueProcessor.java   |   1 -
 .../util/matcher/MvcRequestMatcher.java       |   4 -
 .../HttpServlet3RequestFactory.java           |  24 +-
 ...urityContextHolderAwareRequestWrapper.java |  18 +-
 .../web/session/ConcurrentSessionFilter.java  |  25 +-
 .../session/HttpSessionDestroyedEvent.java    |   4 -
 .../session/HttpSessionEventPublisher.java    |  34 +-
 .../SessionInformationExpiredEvent.java       |   4 +-
 .../web/session/SessionManagementFilter.java  |  25 +-
 .../security/web/util/RedirectUrlBuilder.java |  12 +-
 .../security/web/util/TextEscapeUtils.java    |  36 +-
 .../security/web/util/ThrowableAnalyzer.java  |  29 +-
 .../security/web/util/UrlUtils.java           |  19 +-
 .../web/util/matcher/AndRequestMatcher.java   |   9 +-
 .../util/matcher/AntPathRequestMatcher.java   |  35 +-
 .../web/util/matcher/AnyRequestMatcher.java   |   6 +-
 .../util/matcher/ELRequestMatcherContext.java |  10 +-
 .../web/util/matcher/IpAddressMatcher.java    |  10 -
 .../util/matcher/MediaTypeRequestMatcher.java |  17 +-
 .../util/matcher/NegatedRequestMatcher.java   |   5 +-
 .../web/util/matcher/OrRequestMatcher.java    |   9 +-
 .../web/util/matcher/RegexRequestMatcher.java |  26 +-
 .../matcher/RequestHeaderRequestMatcher.java  |   1 -
 .../JdbcTokenRepositoryImplTests.java         |  11 +-
 ...tingReactiveAuthorizationManagerTests.java |  10 +-
 178 files changed, 1676 insertions(+), 2791 deletions(-)

diff --git a/web/src/main/java/org/springframework/security/web/AuthenticationEntryPoint.java b/web/src/main/java/org/springframework/security/web/AuthenticationEntryPoint.java
index eb47070ccc..ef59b28453 100644
--- a/web/src/main/java/org/springframework/security/web/AuthenticationEntryPoint.java
+++ b/web/src/main/java/org/springframework/security/web/AuthenticationEntryPoint.java
@@ -45,7 +45,6 @@ public interface AuthenticationEntryPoint {
 	 * @param request that resulted in an <code>AuthenticationException</code>
 	 * @param response so that the user agent can begin authentication
 	 * @param authException that caused the invocation
-	 *
 	 */
 	void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException)
 			throws IOException, ServletException;
diff --git a/web/src/main/java/org/springframework/security/web/DefaultRedirectStrategy.java b/web/src/main/java/org/springframework/security/web/DefaultRedirectStrategy.java
index 6175bac52b..b135699766 100644
--- a/web/src/main/java/org/springframework/security/web/DefaultRedirectStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/DefaultRedirectStrategy.java
@@ -24,7 +24,9 @@ import javax.servlet.http.HttpServletResponse;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
+import org.springframework.core.log.LogMessage;
 import org.springframework.security.web.util.UrlUtils;
+import org.springframework.util.Assert;
 
 /**
  * Simple implementation of <tt>RedirectStrategy</tt> which is the default used throughout
@@ -51,11 +53,7 @@ public class DefaultRedirectStrategy implements RedirectStrategy {
 	public void sendRedirect(HttpServletRequest request, HttpServletResponse response, String url) throws IOException {
 		String redirectUrl = calculateRedirectUrl(request.getContextPath(), url);
 		redirectUrl = response.encodeRedirectURL(redirectUrl);
-
-		if (this.logger.isDebugEnabled()) {
-			this.logger.debug("Redirecting to '" + redirectUrl + "'");
-		}
-
+		this.logger.debug(LogMessage.format("Redirecting to '%s'", redirectUrl));
 		response.sendRedirect(redirectUrl);
 	}
 
@@ -64,30 +62,20 @@ public class DefaultRedirectStrategy implements RedirectStrategy {
 			if (isContextRelative()) {
 				return url;
 			}
-			else {
-				return contextPath + url;
-			}
+			return contextPath + url;
 		}
-
 		// Full URL, including http(s)://
-
 		if (!isContextRelative()) {
 			return url;
 		}
-
-		if (!url.contains(contextPath)) {
-			throw new IllegalArgumentException("The fully qualified URL does not include context path.");
-		}
-
+		Assert.isTrue(url.contains(contextPath), "The fully qualified URL does not include context path.");
 		// Calculate the relative URL from the fully qualified URL, minus the last
 		// occurrence of the scheme and base context.
-		url = url.substring(url.lastIndexOf("://") + 3); // strip off scheme
+		url = url.substring(url.lastIndexOf("://") + 3);
 		url = url.substring(url.indexOf(contextPath) + contextPath.length());
-
 		if (url.length() > 1 && url.charAt(0) == '/') {
 			url = url.substring(1);
 		}
-
 		return url;
 	}
 
diff --git a/web/src/main/java/org/springframework/security/web/DefaultSecurityFilterChain.java b/web/src/main/java/org/springframework/security/web/DefaultSecurityFilterChain.java
index 8786a86a1c..6e52979b6e 100644
--- a/web/src/main/java/org/springframework/security/web/DefaultSecurityFilterChain.java
+++ b/web/src/main/java/org/springframework/security/web/DefaultSecurityFilterChain.java
@@ -26,6 +26,7 @@ import javax.servlet.http.HttpServletRequest;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
+import org.springframework.core.log.LogMessage;
 import org.springframework.security.web.util.matcher.RequestMatcher;
 
 /**
@@ -47,7 +48,7 @@ public final class DefaultSecurityFilterChain implements SecurityFilterChain {
 	}
 
 	public DefaultSecurityFilterChain(RequestMatcher requestMatcher, List<Filter> filters) {
-		logger.info("Creating filter chain: " + requestMatcher + ", " + filters);
+		logger.info(LogMessage.format("Creating filter chain: %s, %s", requestMatcher, filters));
 		this.requestMatcher = requestMatcher;
 		this.filters = new ArrayList<>(filters);
 	}
diff --git a/web/src/main/java/org/springframework/security/web/FilterChainProxy.java b/web/src/main/java/org/springframework/security/web/FilterChainProxy.java
index 47bb405a83..6a71c73e26 100644
--- a/web/src/main/java/org/springframework/security/web/FilterChainProxy.java
+++ b/web/src/main/java/org/springframework/security/web/FilterChainProxy.java
@@ -32,6 +32,7 @@ import javax.servlet.http.HttpServletResponse;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
+import org.springframework.core.log.LogMessage;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.web.firewall.DefaultRequestRejectedHandler;
 import org.springframework.security.web.firewall.FirewalledRequest;
@@ -173,47 +174,37 @@ public class FilterChainProxy extends GenericFilterBean {
 	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
 			throws IOException, ServletException {
 		boolean clearContext = request.getAttribute(FILTER_APPLIED) == null;
-		if (clearContext) {
-			try {
-				request.setAttribute(FILTER_APPLIED, Boolean.TRUE);
-				doFilterInternal(request, response, chain);
-			}
-			catch (RequestRejectedException ex) {
-				this.requestRejectedHandler.handle((HttpServletRequest) request, (HttpServletResponse) response, ex);
-			}
-			finally {
-				SecurityContextHolder.clearContext();
-				request.removeAttribute(FILTER_APPLIED);
-			}
-		}
-		else {
+		if (!clearContext) {
 			doFilterInternal(request, response, chain);
+			return;
+		}
+		try {
+			request.setAttribute(FILTER_APPLIED, Boolean.TRUE);
+			doFilterInternal(request, response, chain);
+		}
+		catch (RequestRejectedException ex) {
+			this.requestRejectedHandler.handle((HttpServletRequest) request, (HttpServletResponse) response, ex);
+		}
+		finally {
+			SecurityContextHolder.clearContext();
+			request.removeAttribute(FILTER_APPLIED);
 		}
 	}
 
 	private void doFilterInternal(ServletRequest request, ServletResponse response, FilterChain chain)
 			throws IOException, ServletException {
-
-		FirewalledRequest fwRequest = this.firewall.getFirewalledRequest((HttpServletRequest) request);
-		HttpServletResponse fwResponse = this.firewall.getFirewalledResponse((HttpServletResponse) response);
-
-		List<Filter> filters = getFilters(fwRequest);
-
+		FirewalledRequest firewallRequest = this.firewall.getFirewalledRequest((HttpServletRequest) request);
+		HttpServletResponse firewallResponse = this.firewall.getFirewalledResponse((HttpServletResponse) response);
+		List<Filter> filters = getFilters(firewallRequest);
 		if (filters == null || filters.size() == 0) {
-			if (logger.isDebugEnabled()) {
-				logger.debug(UrlUtils.buildRequestUrl(fwRequest)
-						+ ((filters != null) ? " has an empty filter list" : " has no matching filters"));
-			}
-
-			fwRequest.reset();
-
-			chain.doFilter(fwRequest, fwResponse);
-
+			logger.debug(LogMessage.of(() -> UrlUtils.buildRequestUrl(firewallRequest)
+					+ ((filters != null) ? " has an empty filter list" : " has no matching filters")));
+			firewallRequest.reset();
+			chain.doFilter(firewallRequest, firewallResponse);
 			return;
 		}
-
-		VirtualFilterChain vfc = new VirtualFilterChain(fwRequest, chain, filters);
-		vfc.doFilter(fwRequest, fwResponse);
+		VirtualFilterChain virtualFilterChain = new VirtualFilterChain(firewallRequest, chain, filters);
+		virtualFilterChain.doFilter(firewallRequest, firewallResponse);
 	}
 
 	/**
@@ -227,7 +218,6 @@ public class FilterChainProxy extends GenericFilterBean {
 				return chain.getFilters();
 			}
 		}
-
 		return null;
 	}
 
@@ -286,7 +276,6 @@ public class FilterChainProxy extends GenericFilterBean {
 		sb.append("Filter Chains: ");
 		sb.append(this.filterChains);
 		sb.append("]");
-
 		return sb.toString();
 	}
 
@@ -317,30 +306,19 @@ public class FilterChainProxy extends GenericFilterBean {
 		@Override
 		public void doFilter(ServletRequest request, ServletResponse response) throws IOException, ServletException {
 			if (this.currentPosition == this.size) {
-				if (logger.isDebugEnabled()) {
-					logger.debug(UrlUtils.buildRequestUrl(this.firewalledRequest)
-							+ " reached end of additional filter chain; proceeding with original chain");
-				}
-
+				logger.debug(LogMessage.of(() -> UrlUtils.buildRequestUrl(this.firewalledRequest)
+						+ " reached end of additional filter chain; proceeding with original chain"));
 				// Deactivate path stripping as we exit the security filter chain
 				this.firewalledRequest.reset();
-
 				this.originalChain.doFilter(request, response);
+				return;
 			}
-			else {
-				this.currentPosition++;
-
-				Filter nextFilter = this.additionalFilters.get(this.currentPosition - 1);
-
-				if (logger.isDebugEnabled()) {
-					logger.debug(
-							UrlUtils.buildRequestUrl(this.firewalledRequest) + " at position " + this.currentPosition
-									+ " of " + this.size + " in additional filter chain; firing Filter: '"
-									+ nextFilter.getClass().getSimpleName() + "'");
-				}
-
-				nextFilter.doFilter(request, response, this);
-			}
+			this.currentPosition++;
+			Filter nextFilter = this.additionalFilters.get(this.currentPosition - 1);
+			logger.debug(LogMessage.of(() -> UrlUtils.buildRequestUrl(this.firewalledRequest) + " at position "
+					+ this.currentPosition + " of " + this.size + " in additional filter chain; firing Filter: '"
+					+ nextFilter.getClass().getSimpleName() + "'"));
+			nextFilter.doFilter(request, response, this);
 		}
 
 	}
diff --git a/web/src/main/java/org/springframework/security/web/FilterInvocation.java b/web/src/main/java/org/springframework/security/web/FilterInvocation.java
index 879b1ce94b..1062c4eedc 100644
--- a/web/src/main/java/org/springframework/security/web/FilterInvocation.java
+++ b/web/src/main/java/org/springframework/security/web/FilterInvocation.java
@@ -37,6 +37,7 @@ import javax.servlet.http.HttpServletResponse;
 
 import org.springframework.http.HttpHeaders;
 import org.springframework.security.web.util.UrlUtils;
+import org.springframework.util.Assert;
 
 /**
  * Holds objects associated with a HTTP filter.
@@ -65,10 +66,7 @@ public class FilterInvocation {
 	private HttpServletResponse response;
 
 	public FilterInvocation(ServletRequest request, ServletResponse response, FilterChain chain) {
-		if ((request == null) || (response == null) || (chain == null)) {
-			throw new IllegalArgumentException("Cannot pass null values to constructor");
-		}
-
+		Assert.isTrue(request != null && response != null && chain != null, "Cannot pass null values to constructor");
 		this.request = (HttpServletRequest) request;
 		this.response = (HttpServletResponse) response;
 		this.chain = chain;
@@ -84,9 +82,7 @@ public class FilterInvocation {
 
 	public FilterInvocation(String contextPath, String servletPath, String pathInfo, String query, String method) {
 		DummyRequest request = new DummyRequest();
-		if (contextPath == null) {
-			contextPath = "/cp";
-		}
+		contextPath = (contextPath != null) ? contextPath : "/cp";
 		request.setContextPath(contextPath);
 		request.setServletPath(servletPath);
 		request.setRequestURI(contextPath + servletPath + ((pathInfo != null) ? pathInfo : ""));
@@ -256,9 +252,7 @@ public class FilterInvocation {
 			if (value == null) {
 				return -1;
 			}
-			else {
-				return Integer.parseInt(value);
-			}
+			return Integer.parseInt(value);
 		}
 
 		void addHeader(String name, String value) {
@@ -267,8 +261,8 @@ public class FilterInvocation {
 
 		@Override
 		public String getParameter(String name) {
-			String[] arr = this.parameters.get(name);
-			return (arr != null && arr.length > 0) ? arr[0] : null;
+			String[] array = this.parameters.get(name);
+			return (array != null && array.length > 0) ? array[0] : null;
 		}
 
 		@Override
@@ -317,7 +311,6 @@ public class FilterInvocation {
 		private Object invokeDefaultMethodForJdk8(Object proxy, Method method, Object[] args) throws Throwable {
 			Constructor<Lookup> constructor = Lookup.class.getDeclaredConstructor(Class.class);
 			constructor.setAccessible(true);
-
 			Class<?> clazz = method.getDeclaringClass();
 			return constructor.newInstance(clazz).in(clazz).unreflectSpecial(method, clazz).bindTo(proxy)
 					.invokeWithArguments(args);
diff --git a/web/src/main/java/org/springframework/security/web/PortMapperImpl.java b/web/src/main/java/org/springframework/security/web/PortMapperImpl.java
index 9b5f416ea5..947cc93c62 100644
--- a/web/src/main/java/org/springframework/security/web/PortMapperImpl.java
+++ b/web/src/main/java/org/springframework/security/web/PortMapperImpl.java
@@ -56,7 +56,6 @@ public class PortMapperImpl implements PortMapper {
 				return httpPort;
 			}
 		}
-
 		return null;
 	}
 
@@ -88,24 +87,19 @@ public class PortMapperImpl implements PortMapper {
 	 */
 	public void setPortMappings(Map<String, String> newMappings) {
 		Assert.notNull(newMappings, "A valid list of HTTPS port mappings must be provided");
-
 		this.httpsPortMappings.clear();
-
 		for (Map.Entry<String, String> entry : newMappings.entrySet()) {
 			Integer httpPort = Integer.valueOf(entry.getKey());
 			Integer httpsPort = Integer.valueOf(entry.getValue());
-
-			if ((httpPort < 1) || (httpPort > 65535) || (httpsPort < 1) || (httpsPort > 65535)) {
-				throw new IllegalArgumentException(
-						"one or both ports out of legal range: " + httpPort + ", " + httpsPort);
-			}
-
+			Assert.isTrue(isInPortRange(httpPort) && isInPortRange(httpsPort),
+					() -> "one or both ports out of legal range: " + httpPort + ", " + httpsPort);
 			this.httpsPortMappings.put(httpPort, httpsPort);
 		}
+		Assert.isTrue(!this.httpsPortMappings.isEmpty(), "must map at least one port");
+	}
 
-		if (this.httpsPortMappings.size() < 1) {
-			throw new IllegalArgumentException("must map at least one port");
-		}
+	private boolean isInPortRange(int port) {
+		return port >= 1 && port <= 65535;
 	}
 
 }
diff --git a/web/src/main/java/org/springframework/security/web/PortResolverImpl.java b/web/src/main/java/org/springframework/security/web/PortResolverImpl.java
index e17edef87b..faa01d83c3 100644
--- a/web/src/main/java/org/springframework/security/web/PortResolverImpl.java
+++ b/web/src/main/java/org/springframework/security/web/PortResolverImpl.java
@@ -45,24 +45,19 @@ public class PortResolverImpl implements PortResolver {
 	@Override
 	public int getServerPort(ServletRequest request) {
 		int serverPort = request.getServerPort();
-		Integer portLookup = null;
-
 		String scheme = request.getScheme().toLowerCase();
+		Integer mappedPort = getMappedPort(serverPort, scheme);
+		return (mappedPort != null) ? mappedPort : serverPort;
+	}
 
+	private Integer getMappedPort(int serverPort, String scheme) {
 		if ("http".equals(scheme)) {
-			portLookup = this.portMapper.lookupHttpPort(serverPort);
-
+			return this.portMapper.lookupHttpPort(serverPort);
 		}
-		else if ("https".equals(scheme)) {
-			portLookup = this.portMapper.lookupHttpsPort(serverPort);
+		if ("https".equals(scheme)) {
+			return this.portMapper.lookupHttpsPort(serverPort);
 		}
-
-		if (portLookup != null) {
-			// IE 6 bug
-			serverPort = portLookup;
-		}
-
-		return serverPort;
+		return null;
 	}
 
 	public void setPortMapper(PortMapper portMapper) {
diff --git a/web/src/main/java/org/springframework/security/web/access/AccessDeniedHandlerImpl.java b/web/src/main/java/org/springframework/security/web/access/AccessDeniedHandlerImpl.java
index f129b4d8bc..26315b9ec0 100644
--- a/web/src/main/java/org/springframework/security/web/access/AccessDeniedHandlerImpl.java
+++ b/web/src/main/java/org/springframework/security/web/access/AccessDeniedHandlerImpl.java
@@ -18,7 +18,6 @@ package org.springframework.security.web.access;
 
 import java.io.IOException;
 
-import javax.servlet.RequestDispatcher;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
@@ -29,6 +28,7 @@ import org.apache.commons.logging.LogFactory;
 import org.springframework.http.HttpStatus;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.web.WebAttributes;
+import org.springframework.util.Assert;
 
 /**
  * Base implementation of {@link AccessDeniedHandler}.
@@ -52,22 +52,19 @@ public class AccessDeniedHandlerImpl implements AccessDeniedHandler {
 	@Override
 	public void handle(HttpServletRequest request, HttpServletResponse response,
 			AccessDeniedException accessDeniedException) throws IOException, ServletException {
-		if (!response.isCommitted()) {
-			if (this.errorPage != null) {
-				// Put exception into request scope (perhaps of use to a view)
-				request.setAttribute(WebAttributes.ACCESS_DENIED_403, accessDeniedException);
-
-				// Set the 403 status code.
-				response.setStatus(HttpStatus.FORBIDDEN.value());
-
-				// forward to error page.
-				RequestDispatcher dispatcher = request.getRequestDispatcher(this.errorPage);
-				dispatcher.forward(request, response);
-			}
-			else {
-				response.sendError(HttpStatus.FORBIDDEN.value(), HttpStatus.FORBIDDEN.getReasonPhrase());
-			}
+		if (response.isCommitted()) {
+			return;
 		}
+		if (this.errorPage == null) {
+			response.sendError(HttpStatus.FORBIDDEN.value(), HttpStatus.FORBIDDEN.getReasonPhrase());
+			return;
+		}
+		// Put exception into request scope (perhaps of use to a view)
+		request.setAttribute(WebAttributes.ACCESS_DENIED_403, accessDeniedException);
+		// Set the 403 status code.
+		response.setStatus(HttpStatus.FORBIDDEN.value());
+		// forward to error page.
+		request.getRequestDispatcher(this.errorPage).forward(request, response);
 	}
 
 	/**
@@ -78,10 +75,7 @@ public class AccessDeniedHandlerImpl implements AccessDeniedHandler {
 	 * limitations
 	 */
 	public void setErrorPage(String errorPage) {
-		if ((errorPage != null) && !errorPage.startsWith("/")) {
-			throw new IllegalArgumentException("errorPage must begin with '/'");
-		}
-
+		Assert.isTrue(errorPage == null || errorPage.startsWith("/"), "errorPage must begin with '/'");
 		this.errorPage = errorPage;
 	}
 
diff --git a/web/src/main/java/org/springframework/security/web/access/DefaultWebInvocationPrivilegeEvaluator.java b/web/src/main/java/org/springframework/security/web/access/DefaultWebInvocationPrivilegeEvaluator.java
index 92ceac2ba7..7030d29c46 100644
--- a/web/src/main/java/org/springframework/security/web/access/DefaultWebInvocationPrivilegeEvaluator.java
+++ b/web/src/main/java/org/springframework/security/web/access/DefaultWebInvocationPrivilegeEvaluator.java
@@ -21,6 +21,7 @@ import java.util.Collection;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
+import org.springframework.core.log.LogMessage;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.access.intercept.AbstractSecurityInterceptor;
@@ -47,7 +48,6 @@ public class DefaultWebInvocationPrivilegeEvaluator implements WebInvocationPriv
 				"AbstractSecurityInterceptor does not support FilterInvocations");
 		Assert.notNull(securityInterceptor.getAccessDecisionManager(),
 				"AbstractSecurityInterceptor must provide a non-null AccessDecisionManager");
-
 		this.securityInterceptor = securityInterceptor;
 	}
 
@@ -82,34 +82,23 @@ public class DefaultWebInvocationPrivilegeEvaluator implements WebInvocationPriv
 	@Override
 	public boolean isAllowed(String contextPath, String uri, String method, Authentication authentication) {
 		Assert.notNull(uri, "uri parameter is required");
-
-		FilterInvocation fi = new FilterInvocation(contextPath, uri, method);
-		Collection<ConfigAttribute> attrs = this.securityInterceptor.obtainSecurityMetadataSource().getAttributes(fi);
-
-		if (attrs == null) {
-			if (this.securityInterceptor.isRejectPublicInvocations()) {
-				return false;
-			}
-
-			return true;
+		FilterInvocation filterInvocation = new FilterInvocation(contextPath, uri, method);
+		Collection<ConfigAttribute> attributes = this.securityInterceptor.obtainSecurityMetadataSource()
+				.getAttributes(filterInvocation);
+		if (attributes == null) {
+			return (!this.securityInterceptor.isRejectPublicInvocations());
 		}
-
 		if (authentication == null) {
 			return false;
 		}
-
 		try {
-			this.securityInterceptor.getAccessDecisionManager().decide(authentication, fi, attrs);
+			this.securityInterceptor.getAccessDecisionManager().decide(authentication, filterInvocation, attributes);
+			return true;
 		}
-		catch (AccessDeniedException unauthorized) {
-			if (logger.isDebugEnabled()) {
-				logger.debug(fi.toString() + " denied for " + authentication.toString(), unauthorized);
-			}
-
+		catch (AccessDeniedException ex) {
+			logger.debug(LogMessage.format("%s denied for %s", filterInvocation, authentication), ex);
 			return false;
 		}
-
-		return true;
 	}
 
 }
diff --git a/web/src/main/java/org/springframework/security/web/access/ExceptionTranslationFilter.java b/web/src/main/java/org/springframework/security/web/access/ExceptionTranslationFilter.java
index 2ff4908806..dd0360aa87 100644
--- a/web/src/main/java/org/springframework/security/web/access/ExceptionTranslationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/access/ExceptionTranslationFilter.java
@@ -26,6 +26,7 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import org.springframework.context.support.MessageSourceAccessor;
+import org.springframework.core.log.LogMessage;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.authentication.AuthenticationTrustResolver;
 import org.springframework.security.authentication.AuthenticationTrustResolverImpl;
@@ -107,14 +108,15 @@ public class ExceptionTranslationFilter extends GenericFilterBean {
 	}
 
 	@Override
-	public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
+	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
 			throws IOException, ServletException {
-		HttpServletRequest request = (HttpServletRequest) req;
-		HttpServletResponse response = (HttpServletResponse) res;
+		doFilter((HttpServletRequest) request, (HttpServletResponse) response, chain);
+	}
 
+	private void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
+			throws IOException, ServletException {
 		try {
 			chain.doFilter(request, response);
-
 			this.logger.debug("Chain processed normally");
 		}
 		catch (IOException ex) {
@@ -123,38 +125,36 @@ public class ExceptionTranslationFilter extends GenericFilterBean {
 		catch (Exception ex) {
 			// Try to extract a SpringSecurityException from the stacktrace
 			Throwable[] causeChain = this.throwableAnalyzer.determineCauseChain(ex);
-			RuntimeException ase = (AuthenticationException) this.throwableAnalyzer
+			RuntimeException securityException = (AuthenticationException) this.throwableAnalyzer
 					.getFirstThrowableOfType(AuthenticationException.class, causeChain);
-
-			if (ase == null) {
-				ase = (AccessDeniedException) this.throwableAnalyzer
+			if (securityException == null) {
+				securityException = (AccessDeniedException) this.throwableAnalyzer
 						.getFirstThrowableOfType(AccessDeniedException.class, causeChain);
 			}
-
-			if (ase != null) {
-				if (response.isCommitted()) {
-					throw new ServletException(
-							"Unable to handle the Spring Security Exception because the response is already committed.",
-							ex);
-				}
-				handleSpringSecurityException(request, response, chain, ase);
+			if (securityException == null) {
+				rethrow(ex);
 			}
-			else {
-				// Rethrow ServletExceptions and RuntimeExceptions as-is
-				if (ex instanceof ServletException) {
-					throw (ServletException) ex;
-				}
-				else if (ex instanceof RuntimeException) {
-					throw (RuntimeException) ex;
-				}
-
-				// Wrap other Exceptions. This shouldn't actually happen
-				// as we've already covered all the possibilities for doFilter
-				throw new RuntimeException(ex);
+			if (response.isCommitted()) {
+				throw new ServletException("Unable to handle the Spring Security Exception "
+						+ "because the response is already committed.", ex);
 			}
+			handleSpringSecurityException(request, response, chain, securityException);
 		}
 	}
 
+	private void rethrow(Exception ex) throws ServletException {
+		// Rethrow ServletExceptions and RuntimeExceptions as-is
+		if (ex instanceof ServletException) {
+			throw (ServletException) ex;
+		}
+		if (ex instanceof RuntimeException) {
+			throw (RuntimeException) ex;
+		}
+		// Wrap other Exceptions. This shouldn't actually happen
+		// as we've already covered all the possibilities for doFilter
+		throw new RuntimeException(ex);
+	}
+
 	public AuthenticationEntryPoint getAuthenticationEntryPoint() {
 		return this.authenticationEntryPoint;
 	}
@@ -166,32 +166,36 @@ public class ExceptionTranslationFilter extends GenericFilterBean {
 	private void handleSpringSecurityException(HttpServletRequest request, HttpServletResponse response,
 			FilterChain chain, RuntimeException exception) throws IOException, ServletException {
 		if (exception instanceof AuthenticationException) {
-			this.logger.debug("Authentication exception occurred; redirecting to authentication entry point",
-					exception);
-
-			sendStartAuthentication(request, response, chain, (AuthenticationException) exception);
+			handleAuthenticationException(request, response, chain, (AuthenticationException) exception);
 		}
 		else if (exception instanceof AccessDeniedException) {
-			Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
-			if (this.authenticationTrustResolver.isAnonymous(authentication)
-					|| this.authenticationTrustResolver.isRememberMe(authentication)) {
-				this.logger.debug(
-						"Access is denied (user is " + (this.authenticationTrustResolver.isAnonymous(authentication)
-								? "anonymous" : "not fully authenticated")
-								+ "); redirecting to authentication entry point",
-						exception);
+			handleAccessDeniedException(request, response, chain, (AccessDeniedException) exception);
+		}
+	}
 
-				sendStartAuthentication(request, response, chain,
-						new InsufficientAuthenticationException(
-								this.messages.getMessage("ExceptionTranslationFilter.insufficientAuthentication",
-										"Full authentication is required to access this resource")));
-			}
-			else {
-				this.logger.debug("Access is denied (user is not anonymous); delegating to AccessDeniedHandler",
-						exception);
+	private void handleAuthenticationException(HttpServletRequest request, HttpServletResponse response,
+			FilterChain chain, AuthenticationException exception) throws ServletException, IOException {
+		this.logger.debug("Authentication exception occurred; redirecting to authentication entry point", exception);
+		sendStartAuthentication(request, response, chain, exception);
+	}
 
-				this.accessDeniedHandler.handle(request, response, (AccessDeniedException) exception);
-			}
+	private void handleAccessDeniedException(HttpServletRequest request, HttpServletResponse response,
+			FilterChain chain, AccessDeniedException exception) throws ServletException, IOException {
+		Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
+		boolean isAnonymous = this.authenticationTrustResolver.isAnonymous(authentication);
+		if (isAnonymous || this.authenticationTrustResolver.isRememberMe(authentication)) {
+			this.logger.debug(LogMessage
+					.of(() -> "Access is denied (user is " + (isAnonymous ? "anonymous" : "not fully authenticated")
+							+ "); redirecting to authentication entry point"),
+					exception);
+			sendStartAuthentication(request, response, chain,
+					new InsufficientAuthenticationException(
+							this.messages.getMessage("ExceptionTranslationFilter.insufficientAuthentication",
+									"Full authentication is required to access this resource")));
+		}
+		else {
+			this.logger.debug("Access is denied (user is not anonymous); delegating to AccessDeniedHandler", exception);
+			this.accessDeniedHandler.handle(request, response, exception);
 		}
 	}
 
@@ -232,7 +236,6 @@ public class ExceptionTranslationFilter extends GenericFilterBean {
 		@Override
 		protected void initExtractorMap() {
 			super.initExtractorMap();
-
 			registerExtractor(ServletException.class, (throwable) -> {
 				ThrowableAnalyzer.verifyThrowableHierarchy(throwable, ServletException.class);
 				return ((ServletException) throwable).getRootCause();
diff --git a/web/src/main/java/org/springframework/security/web/access/channel/AbstractRetryEntryPoint.java b/web/src/main/java/org/springframework/security/web/access/channel/AbstractRetryEntryPoint.java
index 607ada7667..81fd2279b4 100644
--- a/web/src/main/java/org/springframework/security/web/access/channel/AbstractRetryEntryPoint.java
+++ b/web/src/main/java/org/springframework/security/web/access/channel/AbstractRetryEntryPoint.java
@@ -24,6 +24,7 @@ import javax.servlet.http.HttpServletResponse;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
+import org.springframework.core.log.LogMessage;
 import org.springframework.security.web.DefaultRedirectStrategy;
 import org.springframework.security.web.PortMapper;
 import org.springframework.security.web.PortMapperImpl;
@@ -43,10 +44,14 @@ public abstract class AbstractRetryEntryPoint implements ChannelEntryPoint {
 
 	private PortResolver portResolver = new PortResolverImpl();
 
-	/** The scheme ("http://" or "https://") */
+	/**
+	 * The scheme ("http://" or "https://")
+	 */
 	private final String scheme;
 
-	/** The standard port for the scheme (80 for http, 443 for https) */
+	/**
+	 * The standard port for the scheme (80 for http, 443 for https)
+	 */
 	private final int standardPort;
 
 	private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
@@ -60,21 +65,14 @@ public abstract class AbstractRetryEntryPoint implements ChannelEntryPoint {
 	public void commence(HttpServletRequest request, HttpServletResponse response) throws IOException {
 		String queryString = request.getQueryString();
 		String redirectUrl = request.getRequestURI() + ((queryString != null) ? ("?" + queryString) : "");
-
 		Integer currentPort = this.portResolver.getServerPort(request);
 		Integer redirectPort = getMappedPort(currentPort);
-
 		if (redirectPort != null) {
 			boolean includePort = redirectPort != this.standardPort;
-
-			redirectUrl = this.scheme + request.getServerName() + ((includePort) ? (":" + redirectPort) : "")
-					+ redirectUrl;
+			String port = (includePort) ? (":" + redirectPort) : "";
+			redirectUrl = this.scheme + request.getServerName() + port + redirectUrl;
 		}
-
-		if (this.logger.isDebugEnabled()) {
-			this.logger.debug("Redirecting to: " + redirectUrl);
-		}
-
+		this.logger.debug(LogMessage.format("Redirecting to: %s", redirectUrl));
 		this.redirectStrategy.sendRedirect(request, response, redirectUrl);
 	}
 
diff --git a/web/src/main/java/org/springframework/security/web/access/channel/ChannelDecisionManagerImpl.java b/web/src/main/java/org/springframework/security/web/access/channel/ChannelDecisionManagerImpl.java
index 2266f457ac..5f6e05b29b 100644
--- a/web/src/main/java/org/springframework/security/web/access/channel/ChannelDecisionManagerImpl.java
+++ b/web/src/main/java/org/springframework/security/web/access/channel/ChannelDecisionManagerImpl.java
@@ -64,10 +64,8 @@ public class ChannelDecisionManagerImpl implements ChannelDecisionManager, Initi
 				return;
 			}
 		}
-
 		for (ChannelProcessor processor : this.channelProcessors) {
 			processor.decide(invocation, config);
-
 			if (invocation.getResponse().isCommitted()) {
 				break;
 			}
@@ -79,11 +77,10 @@ public class ChannelDecisionManagerImpl implements ChannelDecisionManager, Initi
 	}
 
 	@SuppressWarnings("cast")
-	public void setChannelProcessors(List<?> newList) {
-		Assert.notEmpty(newList, "A list of ChannelProcessors is required");
-		this.channelProcessors = new ArrayList<>(newList.size());
-
-		for (Object currentObject : newList) {
+	public void setChannelProcessors(List<?> channelProcessors) {
+		Assert.notEmpty(channelProcessors, "A list of ChannelProcessors is required");
+		this.channelProcessors = new ArrayList<>(channelProcessors.size());
+		for (Object currentObject : channelProcessors) {
 			Assert.isInstanceOf(ChannelProcessor.class, currentObject, () -> "ChannelProcessor "
 					+ currentObject.getClass().getName() + " must implement ChannelProcessor");
 			this.channelProcessors.add((ChannelProcessor) currentObject);
@@ -95,13 +92,11 @@ public class ChannelDecisionManagerImpl implements ChannelDecisionManager, Initi
 		if (ANY_CHANNEL.equals(attribute.getAttribute())) {
 			return true;
 		}
-
 		for (ChannelProcessor processor : this.channelProcessors) {
 			if (processor.supports(attribute)) {
 				return true;
 			}
 		}
-
 		return false;
 	}
 
diff --git a/web/src/main/java/org/springframework/security/web/access/channel/ChannelProcessingFilter.java b/web/src/main/java/org/springframework/security/web/access/channel/ChannelProcessingFilter.java
index 2d7d8c6992..b9dc1acb3e 100644
--- a/web/src/main/java/org/springframework/security/web/access/channel/ChannelProcessingFilter.java
+++ b/web/src/main/java/org/springframework/security/web/access/channel/ChannelProcessingFilter.java
@@ -28,6 +28,7 @@ import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.springframework.core.log.LogMessage;
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.web.FilterInvocation;
 import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
@@ -93,35 +94,26 @@ public class ChannelProcessingFilter extends GenericFilterBean {
 	public void afterPropertiesSet() {
 		Assert.notNull(this.securityMetadataSource, "securityMetadataSource must be specified");
 		Assert.notNull(this.channelDecisionManager, "channelDecisionManager must be specified");
-
-		Collection<ConfigAttribute> attrDefs = this.securityMetadataSource.getAllConfigAttributes();
-
-		if (attrDefs == null) {
-			if (this.logger.isWarnEnabled()) {
-				this.logger.warn(
-						"Could not validate configuration attributes as the FilterInvocationSecurityMetadataSource did "
-								+ "not return any attributes");
-			}
-
+		Collection<ConfigAttribute> attributes = this.securityMetadataSource.getAllConfigAttributes();
+		if (attributes == null) {
+			this.logger.warn("Could not validate configuration attributes as the "
+					+ "FilterInvocationSecurityMetadataSource did not return any attributes");
 			return;
 		}
+		Set<ConfigAttribute> unsupportedAttributes = getUnsupportedAttributes(attributes);
+		Assert.isTrue(unsupportedAttributes.isEmpty(),
+				() -> "Unsupported configuration attributes: " + unsupportedAttributes);
+		this.logger.info("Validated configuration attributes");
+	}
 
+	private Set<ConfigAttribute> getUnsupportedAttributes(Collection<ConfigAttribute> attrDefs) {
 		Set<ConfigAttribute> unsupportedAttributes = new HashSet<>();
-
 		for (ConfigAttribute attr : attrDefs) {
 			if (!this.channelDecisionManager.supports(attr)) {
 				unsupportedAttributes.add(attr);
 			}
 		}
-
-		if (unsupportedAttributes.size() == 0) {
-			if (this.logger.isInfoEnabled()) {
-				this.logger.info("Validated configuration attributes");
-			}
-		}
-		else {
-			throw new IllegalArgumentException("Unsupported configuration attributes: " + unsupportedAttributes);
-		}
+		return unsupportedAttributes;
 	}
 
 	@Override
@@ -129,22 +121,15 @@ public class ChannelProcessingFilter extends GenericFilterBean {
 			throws IOException, ServletException {
 		HttpServletRequest request = (HttpServletRequest) req;
 		HttpServletResponse response = (HttpServletResponse) res;
-
-		FilterInvocation fi = new FilterInvocation(request, response, chain);
-		Collection<ConfigAttribute> attr = this.securityMetadataSource.getAttributes(fi);
-
-		if (attr != null) {
-			if (this.logger.isDebugEnabled()) {
-				this.logger.debug("Request: " + fi.toString() + "; ConfigAttributes: " + attr);
-			}
-
-			this.channelDecisionManager.decide(fi, attr);
-
-			if (fi.getResponse().isCommitted()) {
+		FilterInvocation filterInvocation = new FilterInvocation(request, response, chain);
+		Collection<ConfigAttribute> attributes = this.securityMetadataSource.getAttributes(filterInvocation);
+		if (attributes != null) {
+			this.logger.debug(LogMessage.format("Request: %s; ConfigAttributes: %s", filterInvocation, attributes));
+			this.channelDecisionManager.decide(filterInvocation, attributes);
+			if (filterInvocation.getResponse().isCommitted()) {
 				return;
 			}
 		}
-
 		chain.doFilter(request, response);
 	}
 
diff --git a/web/src/main/java/org/springframework/security/web/access/channel/ChannelProcessor.java b/web/src/main/java/org/springframework/security/web/access/channel/ChannelProcessor.java
index 1aca25bf4b..19cb406f35 100644
--- a/web/src/main/java/org/springframework/security/web/access/channel/ChannelProcessor.java
+++ b/web/src/main/java/org/springframework/security/web/access/channel/ChannelProcessor.java
@@ -40,7 +40,6 @@ public interface ChannelProcessor {
 	/**
 	 * Decided whether the presented {@link FilterInvocation} provides the appropriate
 	 * level of channel security based on the requested list of <tt>ConfigAttribute</tt>s.
-	 *
 	 */
 	void decide(FilterInvocation invocation, Collection<ConfigAttribute> config) throws IOException, ServletException;
 
diff --git a/web/src/main/java/org/springframework/security/web/access/channel/InsecureChannelProcessor.java b/web/src/main/java/org/springframework/security/web/access/channel/InsecureChannelProcessor.java
index 6f4d7b43bc..3c214f73d7 100644
--- a/web/src/main/java/org/springframework/security/web/access/channel/InsecureChannelProcessor.java
+++ b/web/src/main/java/org/springframework/security/web/access/channel/InsecureChannelProcessor.java
@@ -55,10 +55,7 @@ public class InsecureChannelProcessor implements InitializingBean, ChannelProces
 	@Override
 	public void decide(FilterInvocation invocation, Collection<ConfigAttribute> config)
 			throws IOException, ServletException {
-		if ((invocation == null) || (config == null)) {
-			throw new IllegalArgumentException("Nulls cannot be provided");
-		}
-
+		Assert.isTrue(invocation != null && config != null, "Nulls cannot be provided");
 		for (ConfigAttribute attribute : config) {
 			if (supports(attribute)) {
 				if (invocation.getHttpRequest().isSecure()) {
diff --git a/web/src/main/java/org/springframework/security/web/access/channel/SecureChannelProcessor.java b/web/src/main/java/org/springframework/security/web/access/channel/SecureChannelProcessor.java
index 4e0f501208..507bd67906 100644
--- a/web/src/main/java/org/springframework/security/web/access/channel/SecureChannelProcessor.java
+++ b/web/src/main/java/org/springframework/security/web/access/channel/SecureChannelProcessor.java
@@ -56,7 +56,6 @@ public class SecureChannelProcessor implements InitializingBean, ChannelProcesso
 	public void decide(FilterInvocation invocation, Collection<ConfigAttribute> config)
 			throws IOException, ServletException {
 		Assert.isTrue((invocation != null) && (config != null), "Nulls cannot be provided");
-
 		for (ConfigAttribute attribute : config) {
 			if (supports(attribute)) {
 				if (!invocation.getHttpRequest().isSecure()) {
diff --git a/web/src/main/java/org/springframework/security/web/access/expression/AbstractVariableEvaluationContextPostProcessor.java b/web/src/main/java/org/springframework/security/web/access/expression/AbstractVariableEvaluationContextPostProcessor.java
index e562ea1e4b..b15a7c02ff 100644
--- a/web/src/main/java/org/springframework/security/web/access/expression/AbstractVariableEvaluationContextPostProcessor.java
+++ b/web/src/main/java/org/springframework/security/web/access/expression/AbstractVariableEvaluationContextPostProcessor.java
@@ -41,25 +41,37 @@ abstract class AbstractVariableEvaluationContextPostProcessor
 
 	@Override
 	public final EvaluationContext postProcess(EvaluationContext context, FilterInvocation invocation) {
-		final HttpServletRequest request = invocation.getHttpRequest();
-		return new DelegatingEvaluationContext(context) {
-			private Map<String, String> variables;
-
-			@Override
-			public Object lookupVariable(String name) {
-				Object result = super.lookupVariable(name);
-				if (result != null) {
-					return result;
-				}
-				if (this.variables == null) {
-					this.variables = extractVariables(request);
-				}
-				return this.variables.get(name);
-			}
-
-		};
+		return new VariableEvaluationContext(context, invocation.getHttpRequest());
 	}
 
 	abstract Map<String, String> extractVariables(HttpServletRequest request);
 
+	/**
+	 * {@link DelegatingEvaluationContext} to expose variable.
+	 */
+	class VariableEvaluationContext extends DelegatingEvaluationContext {
+
+		private final HttpServletRequest request;
+
+		private Map<String, String> variables;
+
+		VariableEvaluationContext(EvaluationContext delegate, HttpServletRequest request) {
+			super(delegate);
+			this.request = request;
+		}
+
+		@Override
+		public Object lookupVariable(String name) {
+			Object result = super.lookupVariable(name);
+			if (result != null) {
+				return result;
+			}
+			if (this.variables == null) {
+				this.variables = extractVariables(this.request);
+			}
+			return this.variables.get(name);
+		}
+
+	}
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/access/expression/ExpressionBasedFilterInvocationSecurityMetadataSource.java b/web/src/main/java/org/springframework/security/web/access/expression/ExpressionBasedFilterInvocationSecurityMetadataSource.java
index b8e4838794..c1b50f2140 100644
--- a/web/src/main/java/org/springframework/security/web/access/expression/ExpressionBasedFilterInvocationSecurityMetadataSource.java
+++ b/web/src/main/java/org/springframework/security/web/access/expression/ExpressionBasedFilterInvocationSecurityMetadataSource.java
@@ -20,6 +20,7 @@ import java.util.ArrayList;
 import java.util.Collection;
 import java.util.LinkedHashMap;
 import java.util.Map;
+import java.util.function.BiConsumer;
 
 import javax.servlet.http.HttpServletRequest;
 
@@ -58,29 +59,29 @@ public final class ExpressionBasedFilterInvocationSecurityMetadataSource
 	private static LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>> processMap(
 			LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>> requestMap, ExpressionParser parser) {
 		Assert.notNull(parser, "SecurityExpressionHandler returned a null parser object");
+		LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>> processed = new LinkedHashMap<>(requestMap);
+		requestMap.forEach((request, value) -> process(parser, request, value, processed::put));
+		return processed;
+	}
 
-		LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>> requestToExpressionAttributesMap = new LinkedHashMap<>(
-				requestMap);
-
-		for (Map.Entry<RequestMatcher, Collection<ConfigAttribute>> entry : requestMap.entrySet()) {
-			RequestMatcher request = entry.getKey();
-			Assert.isTrue(entry.getValue().size() == 1, () -> "Expected a single expression attribute for " + request);
-			ArrayList<ConfigAttribute> attributes = new ArrayList<>(1);
-			String expression = entry.getValue().toArray(new ConfigAttribute[1])[0].getAttribute();
-			logger.debug("Adding web access control expression '" + expression + "', for " + request);
-
-			AbstractVariableEvaluationContextPostProcessor postProcessor = createPostProcessor(request);
-			try {
-				attributes.add(new WebExpressionConfigAttribute(parser.parseExpression(expression), postProcessor));
-			}
-			catch (ParseException ex) {
-				throw new IllegalArgumentException("Failed to parse expression '" + expression + "'");
-			}
-
-			requestToExpressionAttributesMap.put(request, attributes);
+	private static void process(ExpressionParser parser, RequestMatcher request, Collection<ConfigAttribute> value,
+			BiConsumer<RequestMatcher, Collection<ConfigAttribute>> consumer) {
+		String expression = getExpression(request, value);
+		logger.debug("Adding web access control expression '" + expression + "', for " + request);
+		AbstractVariableEvaluationContextPostProcessor postProcessor = createPostProcessor(request);
+		ArrayList<ConfigAttribute> processed = new ArrayList<>(1);
+		try {
+			processed.add(new WebExpressionConfigAttribute(parser.parseExpression(expression), postProcessor));
 		}
+		catch (ParseException ex) {
+			throw new IllegalArgumentException("Failed to parse expression '" + expression + "'");
+		}
+		consumer.accept(request, processed);
+	}
 
-		return requestToExpressionAttributesMap;
+	private static String getExpression(RequestMatcher request, Collection<ConfigAttribute> value) {
+		Assert.isTrue(value.size() == 1, () -> "Expected a single expression attribute for " + request);
+		return value.toArray(new ConfigAttribute[1])[0].getAttribute();
 	}
 
 	private static AbstractVariableEvaluationContextPostProcessor createPostProcessor(RequestMatcher request) {
diff --git a/web/src/main/java/org/springframework/security/web/access/expression/WebExpressionVoter.java b/web/src/main/java/org/springframework/security/web/access/expression/WebExpressionVoter.java
index 88db17f211..0822cb1532 100644
--- a/web/src/main/java/org/springframework/security/web/access/expression/WebExpressionVoter.java
+++ b/web/src/main/java/org/springframework/security/web/access/expression/WebExpressionVoter.java
@@ -25,6 +25,7 @@ import org.springframework.security.access.expression.ExpressionUtils;
 import org.springframework.security.access.expression.SecurityExpressionHandler;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.web.FilterInvocation;
+import org.springframework.util.Assert;
 
 /**
  * Voter which handles web authorisation decisions.
@@ -37,21 +38,19 @@ public class WebExpressionVoter implements AccessDecisionVoter<FilterInvocation>
 	private SecurityExpressionHandler<FilterInvocation> expressionHandler = new DefaultWebSecurityExpressionHandler();
 
 	@Override
-	public int vote(Authentication authentication, FilterInvocation fi, Collection<ConfigAttribute> attributes) {
-		assert authentication != null;
-		assert fi != null;
-		assert attributes != null;
-
-		WebExpressionConfigAttribute weca = findConfigAttribute(attributes);
-
-		if (weca == null) {
+	public int vote(Authentication authentication, FilterInvocation filterInvocation,
+			Collection<ConfigAttribute> attributes) {
+		Assert.notNull(authentication, "authentication must not be null");
+		Assert.notNull(filterInvocation, "filterInvocation must not be null");
+		Assert.notNull(attributes, "attributes must not be null");
+		WebExpressionConfigAttribute webExpressionConfigAttribute = findConfigAttribute(attributes);
+		if (webExpressionConfigAttribute == null) {
 			return ACCESS_ABSTAIN;
 		}
-
-		EvaluationContext ctx = this.expressionHandler.createEvaluationContext(authentication, fi);
-		ctx = weca.postProcess(ctx, fi);
-
-		return ExpressionUtils.evaluateAsBoolean(weca.getAuthorizeExpression(), ctx) ? ACCESS_GRANTED : ACCESS_DENIED;
+		EvaluationContext ctx = webExpressionConfigAttribute.postProcess(
+				this.expressionHandler.createEvaluationContext(authentication, filterInvocation), filterInvocation);
+		return ExpressionUtils.evaluateAsBoolean(webExpressionConfigAttribute.getAuthorizeExpression(), ctx)
+				? ACCESS_GRANTED : ACCESS_DENIED;
 	}
 
 	private WebExpressionConfigAttribute findConfigAttribute(Collection<ConfigAttribute> attributes) {
diff --git a/web/src/main/java/org/springframework/security/web/access/expression/WebSecurityExpressionRoot.java b/web/src/main/java/org/springframework/security/web/access/expression/WebSecurityExpressionRoot.java
index 70fd24f022..91bc2df290 100644
--- a/web/src/main/java/org/springframework/security/web/access/expression/WebSecurityExpressionRoot.java
+++ b/web/src/main/java/org/springframework/security/web/access/expression/WebSecurityExpressionRoot.java
@@ -29,13 +29,13 @@ import org.springframework.security.web.util.matcher.IpAddressMatcher;
  */
 public class WebSecurityExpressionRoot extends SecurityExpressionRoot {
 
-	// private FilterInvocation filterInvocation;
-	/** Allows direct access to the request object */
+	/**
+	 * Allows direct access to the request object
+	 */
 	public final HttpServletRequest request;
 
 	public WebSecurityExpressionRoot(Authentication a, FilterInvocation fi) {
 		super(a);
-		// this.filterInvocation = fi;
 		this.request = fi.getRequest();
 	}
 
@@ -47,7 +47,8 @@ public class WebSecurityExpressionRoot extends SecurityExpressionRoot {
 	 * @return true if the IP address of the current request is in the required range.
 	 */
 	public boolean hasIpAddress(String ipAddress) {
-		return (new IpAddressMatcher(ipAddress).matches(this.request));
+		IpAddressMatcher matcher = new IpAddressMatcher(ipAddress);
+		return matcher.matches(this.request);
 	}
 
 }
diff --git a/web/src/main/java/org/springframework/security/web/access/intercept/DefaultFilterInvocationSecurityMetadataSource.java b/web/src/main/java/org/springframework/security/web/access/intercept/DefaultFilterInvocationSecurityMetadataSource.java
index 91507ec62d..5f2661a32f 100644
--- a/web/src/main/java/org/springframework/security/web/access/intercept/DefaultFilterInvocationSecurityMetadataSource.java
+++ b/web/src/main/java/org/springframework/security/web/access/intercept/DefaultFilterInvocationSecurityMetadataSource.java
@@ -65,18 +65,13 @@ public class DefaultFilterInvocationSecurityMetadataSource implements FilterInvo
 	 */
 	public DefaultFilterInvocationSecurityMetadataSource(
 			LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>> requestMap) {
-
 		this.requestMap = requestMap;
 	}
 
 	@Override
 	public Collection<ConfigAttribute> getAllConfigAttributes() {
 		Set<ConfigAttribute> allAttributes = new HashSet<>();
-
-		for (Map.Entry<RequestMatcher, Collection<ConfigAttribute>> entry : this.requestMap.entrySet()) {
-			allAttributes.addAll(entry.getValue());
-		}
-
+		this.requestMap.values().forEach(allAttributes::addAll);
 		return allAttributes;
 	}
 
diff --git a/web/src/main/java/org/springframework/security/web/access/intercept/FilterSecurityInterceptor.java b/web/src/main/java/org/springframework/security/web/access/intercept/FilterSecurityInterceptor.java
index 43d84624cc..1472a1a05e 100644
--- a/web/src/main/java/org/springframework/security/web/access/intercept/FilterSecurityInterceptor.java
+++ b/web/src/main/java/org/springframework/security/web/access/intercept/FilterSecurityInterceptor.java
@@ -78,8 +78,7 @@ public class FilterSecurityInterceptor extends AbstractSecurityInterceptor imple
 	@Override
 	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
 			throws IOException, ServletException {
-		FilterInvocation fi = new FilterInvocation(request, response, chain);
-		invoke(fi);
+		invoke(new FilterInvocation(request, response, chain));
 	}
 
 	public FilterInvocationSecurityMetadataSource getSecurityMetadataSource() {
@@ -100,30 +99,30 @@ public class FilterSecurityInterceptor extends AbstractSecurityInterceptor imple
 		return FilterInvocation.class;
 	}
 
-	public void invoke(FilterInvocation fi) throws IOException, ServletException {
-		if ((fi.getRequest() != null) && (fi.getRequest().getAttribute(FILTER_APPLIED) != null)
-				&& this.observeOncePerRequest) {
+	public void invoke(FilterInvocation filterInvocation) throws IOException, ServletException {
+		if (isApplied(filterInvocation) && this.observeOncePerRequest) {
 			// filter already applied to this request and user wants us to observe
 			// once-per-request handling, so don't re-do security checking
-			fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
+			filterInvocation.getChain().doFilter(filterInvocation.getRequest(), filterInvocation.getResponse());
+			return;
 		}
-		else {
-			// first time this request being called, so perform security checking
-			if (fi.getRequest() != null && this.observeOncePerRequest) {
-				fi.getRequest().setAttribute(FILTER_APPLIED, Boolean.TRUE);
-			}
-
-			InterceptorStatusToken token = super.beforeInvocation(fi);
-
-			try {
-				fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
-			}
-			finally {
-				super.finallyInvocation(token);
-			}
-
-			super.afterInvocation(token, null);
+		// first time this request being called, so perform security checking
+		if (filterInvocation.getRequest() != null && this.observeOncePerRequest) {
+			filterInvocation.getRequest().setAttribute(FILTER_APPLIED, Boolean.TRUE);
 		}
+		InterceptorStatusToken token = super.beforeInvocation(filterInvocation);
+		try {
+			filterInvocation.getChain().doFilter(filterInvocation.getRequest(), filterInvocation.getResponse());
+		}
+		finally {
+			super.finallyInvocation(token);
+		}
+		super.afterInvocation(token, null);
+	}
+
+	private boolean isApplied(FilterInvocation filterInvocation) {
+		return (filterInvocation.getRequest() != null)
+				&& (filterInvocation.getRequest().getAttribute(FILTER_APPLIED) != null);
 	}
 
 	/**
diff --git a/web/src/main/java/org/springframework/security/web/access/intercept/RequestKey.java b/web/src/main/java/org/springframework/security/web/access/intercept/RequestKey.java
index 8e6c569313..b608e4f8b3 100644
--- a/web/src/main/java/org/springframework/security/web/access/intercept/RequestKey.java
+++ b/web/src/main/java/org/springframework/security/web/access/intercept/RequestKey.java
@@ -77,7 +77,6 @@ public class RequestKey {
 		}
 		sb.append(this.url);
 		sb.append("]");
-
 		return sb.toString();
 	}
 
diff --git a/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilter.java b/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilter.java
index a0ae2461d1..f4f135979f 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilter.java
@@ -30,6 +30,7 @@ import org.springframework.context.ApplicationEventPublisherAware;
 import org.springframework.context.MessageSource;
 import org.springframework.context.MessageSourceAware;
 import org.springframework.context.support.MessageSourceAccessor;
+import org.springframework.core.log.LogMessage;
 import org.springframework.security.authentication.AuthenticationDetailsSource;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.InternalAuthenticationServiceException;
@@ -206,52 +207,39 @@ public abstract class AbstractAuthenticationProcessingFilter extends GenericFilt
 	 * </ol>
 	 */
 	@Override
-	public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
+	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
 			throws IOException, ServletException {
+		doFilter((HttpServletRequest) request, (HttpServletResponse) response, chain);
+	}
 
-		HttpServletRequest request = (HttpServletRequest) req;
-		HttpServletResponse response = (HttpServletResponse) res;
-
+	private void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
+			throws IOException, ServletException {
 		if (!requiresAuthentication(request, response)) {
 			chain.doFilter(request, response);
-
 			return;
 		}
-
-		if (this.logger.isDebugEnabled()) {
-			this.logger.debug("Request is to process authentication");
-		}
-
-		Authentication authResult;
-
+		this.logger.debug("Request is to process authentication");
 		try {
-			authResult = attemptAuthentication(request, response);
-			if (authResult == null) {
+			Authentication authenticationResult = attemptAuthentication(request, response);
+			if (authenticationResult == null) {
 				// return immediately as subclass has indicated that it hasn't completed
-				// authentication
 				return;
 			}
-			this.sessionStrategy.onAuthentication(authResult, request, response);
+			this.sessionStrategy.onAuthentication(authenticationResult, request, response);
+			// Authentication success
+			if (this.continueChainBeforeSuccessfulAuthentication) {
+				chain.doFilter(request, response);
+			}
+			successfulAuthentication(request, response, chain, authenticationResult);
 		}
 		catch (InternalAuthenticationServiceException failed) {
 			this.logger.error("An internal error occurred while trying to authenticate the user.", failed);
 			unsuccessfulAuthentication(request, response, failed);
-
-			return;
 		}
-		catch (AuthenticationException failed) {
+		catch (AuthenticationException ex) {
 			// Authentication failed
-			unsuccessfulAuthentication(request, response, failed);
-
-			return;
+			unsuccessfulAuthentication(request, response, ex);
 		}
-
-		// Authentication success
-		if (this.continueChainBeforeSuccessfulAuthentication) {
-			chain.doFilter(request, response);
-		}
-
-		successfulAuthentication(request, response, chain, authResult);
 	}
 
 	/**
@@ -316,20 +304,13 @@ public abstract class AbstractAuthenticationProcessingFilter extends GenericFilt
 	 */
 	protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain,
 			Authentication authResult) throws IOException, ServletException {
-
-		if (this.logger.isDebugEnabled()) {
-			this.logger.debug("Authentication success. Updating SecurityContextHolder to contain: " + authResult);
-		}
-
+		this.logger.debug(
+				LogMessage.format("Authentication success. Updating SecurityContextHolder to contain: %s", authResult));
 		SecurityContextHolder.getContext().setAuthentication(authResult);
-
 		this.rememberMeServices.loginSuccess(request, response, authResult);
-
-		// Fire event
 		if (this.eventPublisher != null) {
 			this.eventPublisher.publishEvent(new InteractiveAuthenticationSuccessEvent(authResult, this.getClass()));
 		}
-
 		this.successHandler.onAuthenticationSuccess(request, response, authResult);
 	}
 
@@ -347,15 +328,12 @@ public abstract class AbstractAuthenticationProcessingFilter extends GenericFilt
 	protected void unsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response,
 			AuthenticationException failed) throws IOException, ServletException {
 		SecurityContextHolder.clearContext();
-
 		if (this.logger.isDebugEnabled()) {
 			this.logger.debug("Authentication request failed: " + failed.toString(), failed);
 			this.logger.debug("Updated SecurityContextHolder to contain null Authentication");
 			this.logger.debug("Delegating to authentication failure handler " + this.failureHandler);
 		}
-
 		this.rememberMeServices.loginFail(request, response);
-
 		this.failureHandler.onAuthenticationFailure(request, response, failed);
 	}
 
diff --git a/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationTargetUrlRequestHandler.java b/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationTargetUrlRequestHandler.java
index 32e38c8525..f52b0a2a96 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationTargetUrlRequestHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationTargetUrlRequestHandler.java
@@ -25,6 +25,7 @@ import javax.servlet.http.HttpServletResponse;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
+import org.springframework.core.log.LogMessage;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.web.DefaultRedirectStrategy;
 import org.springframework.security.web.RedirectStrategy;
@@ -84,18 +85,16 @@ public abstract class AbstractAuthenticationTargetUrlRequestHandler {
 	protected void handle(HttpServletRequest request, HttpServletResponse response, Authentication authentication)
 			throws IOException, ServletException {
 		String targetUrl = determineTargetUrl(request, response, authentication);
-
 		if (response.isCommitted()) {
-			this.logger.debug("Response has already been committed. Unable to redirect to " + targetUrl);
+			this.logger.debug(
+					LogMessage.format("Response has already been committed. Unable to redirect to %s", targetUrl));
 			return;
 		}
-
 		this.redirectStrategy.sendRedirect(request, response, targetUrl);
 	}
 
 	/**
 	 * Builds the target URL according to the logic defined in the main class Javadoc
-	 *
 	 * @since 5.2
 	 */
 	protected String determineTargetUrl(HttpServletRequest request, HttpServletResponse response,
@@ -110,30 +109,23 @@ public abstract class AbstractAuthenticationTargetUrlRequestHandler {
 		if (isAlwaysUseDefaultTargetUrl()) {
 			return this.defaultTargetUrl;
 		}
-
 		// Check for the parameter and use that if available
 		String targetUrl = null;
-
 		if (this.targetUrlParameter != null) {
 			targetUrl = request.getParameter(this.targetUrlParameter);
-
 			if (StringUtils.hasText(targetUrl)) {
 				this.logger.debug("Found targetUrlParameter in request: " + targetUrl);
-
 				return targetUrl;
 			}
 		}
-
 		if (this.useReferer && !StringUtils.hasLength(targetUrl)) {
 			targetUrl = request.getHeader("Referer");
 			this.logger.debug("Using Referer header: " + targetUrl);
 		}
-
 		if (!StringUtils.hasText(targetUrl)) {
 			targetUrl = this.defaultTargetUrl;
 			this.logger.debug("Using default Url: " + targetUrl);
 		}
-
 		return targetUrl;
 	}
 
diff --git a/web/src/main/java/org/springframework/security/web/authentication/AnonymousAuthenticationFilter.java b/web/src/main/java/org/springframework/security/web/authentication/AnonymousAuthenticationFilter.java
index fcd57272fe..1b29bebbe2 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/AnonymousAuthenticationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/AnonymousAuthenticationFilter.java
@@ -26,6 +26,7 @@ import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
 
 import org.springframework.beans.factory.InitializingBean;
+import org.springframework.core.log.LogMessage;
 import org.springframework.security.authentication.AnonymousAuthenticationToken;
 import org.springframework.security.authentication.AuthenticationDetailsSource;
 import org.springframework.security.core.Authentication;
@@ -85,31 +86,24 @@ public class AnonymousAuthenticationFilter extends GenericFilterBean implements
 	@Override
 	public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
 			throws IOException, ServletException {
-
 		if (SecurityContextHolder.getContext().getAuthentication() == null) {
 			SecurityContextHolder.getContext().setAuthentication(createAuthentication((HttpServletRequest) req));
-
-			if (this.logger.isDebugEnabled()) {
-				this.logger.debug("Populated SecurityContextHolder with anonymous token: '"
-						+ SecurityContextHolder.getContext().getAuthentication() + "'");
-			}
+			this.logger.debug(LogMessage.of(() -> "Populated SecurityContextHolder with anonymous token: '"
+					+ SecurityContextHolder.getContext().getAuthentication() + "'"));
 		}
 		else {
-			if (this.logger.isDebugEnabled()) {
-				this.logger.debug("SecurityContextHolder not populated with anonymous token, as it already contained: '"
-						+ SecurityContextHolder.getContext().getAuthentication() + "'");
-			}
+			this.logger.debug(LogMessage
+					.of(() -> "SecurityContextHolder not populated with anonymous token, as it already contained: '"
+							+ SecurityContextHolder.getContext().getAuthentication() + "'"));
 		}
-
 		chain.doFilter(req, res);
 	}
 
 	protected Authentication createAuthentication(HttpServletRequest request) {
-		AnonymousAuthenticationToken auth = new AnonymousAuthenticationToken(this.key, this.principal,
+		AnonymousAuthenticationToken token = new AnonymousAuthenticationToken(this.key, this.principal,
 				this.authorities);
-		auth.setDetails(this.authenticationDetailsSource.buildDetails(request));
-
-		return auth;
+		token.setDetails(this.authenticationDetailsSource.buildDetails(request));
+		return token;
 	}
 
 	public void setAuthenticationDetailsSource(
diff --git a/web/src/main/java/org/springframework/security/web/authentication/AuthenticationEntryPointFailureHandler.java b/web/src/main/java/org/springframework/security/web/authentication/AuthenticationEntryPointFailureHandler.java
index f0f375b8ba..0c6040f099 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/AuthenticationEntryPointFailureHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/AuthenticationEntryPointFailureHandler.java
@@ -29,7 +29,7 @@ import org.springframework.util.Assert;
 /**
  * Adapts a {@link AuthenticationEntryPoint} into a {@link AuthenticationFailureHandler}
  *
- * @author sbespalov
+ * @author Sergey Bespalov
  * @since 5.2.0
  */
 public class AuthenticationEntryPointFailureHandler implements AuthenticationFailureHandler {
diff --git a/web/src/main/java/org/springframework/security/web/authentication/AuthenticationFilter.java b/web/src/main/java/org/springframework/security/web/authentication/AuthenticationFilter.java
index 25f0f1e0b9..89cb9cc5d9 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/AuthenticationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/AuthenticationFilter.java
@@ -84,7 +84,6 @@ public class AuthenticationFilter extends OncePerRequestFilter {
 			AuthenticationConverter authenticationConverter) {
 		Assert.notNull(authenticationManagerResolver, "authenticationManagerResolver cannot be null");
 		Assert.notNull(authenticationConverter, "authenticationConverter cannot be null");
-
 		this.authenticationManagerResolver = authenticationManagerResolver;
 		this.authenticationConverter = authenticationConverter;
 	}
@@ -142,19 +141,16 @@ public class AuthenticationFilter extends OncePerRequestFilter {
 			filterChain.doFilter(request, response);
 			return;
 		}
-
 		try {
 			Authentication authenticationResult = attemptAuthentication(request, response);
 			if (authenticationResult == null) {
 				filterChain.doFilter(request, response);
 				return;
 			}
-
 			HttpSession session = request.getSession(false);
 			if (session != null) {
 				request.changeSessionId();
 			}
-
 			successfulAuthentication(request, response, filterChain, authenticationResult);
 		}
 		catch (AuthenticationException ex) {
@@ -182,13 +178,11 @@ public class AuthenticationFilter extends OncePerRequestFilter {
 		if (authentication == null) {
 			return null;
 		}
-
 		AuthenticationManager authenticationManager = this.authenticationManagerResolver.resolve(request);
 		Authentication authenticationResult = authenticationManager.authenticate(authentication);
 		if (authenticationResult == null) {
 			throw new ServletException("AuthenticationManager should not return null Authentication object.");
 		}
-
 		return authenticationResult;
 	}
 
diff --git a/web/src/main/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPoint.java b/web/src/main/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPoint.java
index d9d2a5cbbd..d67dbf604f 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPoint.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPoint.java
@@ -27,6 +27,7 @@ import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
 import org.springframework.beans.factory.InitializingBean;
+import org.springframework.core.log.LogMessage;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.web.AuthenticationEntryPoint;
 import org.springframework.security.web.util.matcher.ELRequestMatcher;
@@ -62,7 +63,7 @@ import org.springframework.util.Assert;
  */
 public class DelegatingAuthenticationEntryPoint implements AuthenticationEntryPoint, InitializingBean {
 
-	private final Log logger = LogFactory.getLog(getClass());
+	private static final Log logger = LogFactory.getLog(DelegatingAuthenticationEntryPoint.class);
 
 	private final LinkedHashMap<RequestMatcher, AuthenticationEntryPoint> entryPoints;
 
@@ -75,25 +76,16 @@ public class DelegatingAuthenticationEntryPoint implements AuthenticationEntryPo
 	@Override
 	public void commence(HttpServletRequest request, HttpServletResponse response,
 			AuthenticationException authException) throws IOException, ServletException {
-
 		for (RequestMatcher requestMatcher : this.entryPoints.keySet()) {
-			if (this.logger.isDebugEnabled()) {
-				this.logger.debug("Trying to match using " + requestMatcher);
-			}
+			logger.debug(LogMessage.format("Trying to match using %s", requestMatcher));
 			if (requestMatcher.matches(request)) {
 				AuthenticationEntryPoint entryPoint = this.entryPoints.get(requestMatcher);
-				if (this.logger.isDebugEnabled()) {
-					this.logger.debug("Match found! Executing " + entryPoint);
-				}
+				logger.debug(LogMessage.format("Match found! Executing %s", entryPoint));
 				entryPoint.commence(request, response, authException);
 				return;
 			}
 		}
-
-		if (this.logger.isDebugEnabled()) {
-			this.logger.debug("No match found. Using default entry point " + this.defaultEntryPoint);
-		}
-
+		logger.debug(LogMessage.format("No match found. Using default entry point %s", this.defaultEntryPoint));
 		// No EntryPoint matched, use defaultEntryPoint
 		this.defaultEntryPoint.commence(request, response, authException);
 	}
diff --git a/web/src/main/java/org/springframework/security/web/authentication/DelegatingAuthenticationFailureHandler.java b/web/src/main/java/org/springframework/security/web/authentication/DelegatingAuthenticationFailureHandler.java
index 41ec7712a8..4891c1ea83 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/DelegatingAuthenticationFailureHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/DelegatingAuthenticationFailureHandler.java
@@ -62,9 +62,6 @@ public class DelegatingAuthenticationFailureHandler implements AuthenticationFai
 		this.defaultHandler = defaultHandler;
 	}
 
-	/**
-	 * {@inheritDoc}
-	 */
 	@Override
 	public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
 			AuthenticationException exception) throws IOException, ServletException {
diff --git a/web/src/main/java/org/springframework/security/web/authentication/ExceptionMappingAuthenticationFailureHandler.java b/web/src/main/java/org/springframework/security/web/authentication/ExceptionMappingAuthenticationFailureHandler.java
index a85603ea7b..5a619000f3 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/ExceptionMappingAuthenticationFailureHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/ExceptionMappingAuthenticationFailureHandler.java
@@ -49,7 +49,6 @@ public class ExceptionMappingAuthenticationFailureHandler extends SimpleUrlAuthe
 	public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
 			AuthenticationException exception) throws IOException, ServletException {
 		String url = this.failureUrlMap.get(exception.getClass().getName());
-
 		if (url != null) {
 			getRedirectStrategy().sendRedirect(request, response, url);
 		}
diff --git a/web/src/main/java/org/springframework/security/web/authentication/Http403ForbiddenEntryPoint.java b/web/src/main/java/org/springframework/security/web/authentication/Http403ForbiddenEntryPoint.java
index bff458f006..216654945c 100755
--- a/web/src/main/java/org/springframework/security/web/authentication/Http403ForbiddenEntryPoint.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/Http403ForbiddenEntryPoint.java
@@ -55,9 +55,7 @@ public class Http403ForbiddenEntryPoint implements AuthenticationEntryPoint {
 	@Override
 	public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException arg2)
 			throws IOException {
-		if (logger.isDebugEnabled()) {
-			logger.debug("Pre-authenticated entry point called. Rejecting access");
-		}
+		logger.debug("Pre-authenticated entry point called. Rejecting access");
 		response.sendError(HttpServletResponse.SC_FORBIDDEN, "Access Denied");
 	}
 
diff --git a/web/src/main/java/org/springframework/security/web/authentication/LoginUrlAuthenticationEntryPoint.java b/web/src/main/java/org/springframework/security/web/authentication/LoginUrlAuthenticationEntryPoint.java
index ca59b6842f..08de9369c0 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/LoginUrlAuthenticationEntryPoint.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/LoginUrlAuthenticationEntryPoint.java
@@ -27,6 +27,7 @@ import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
 import org.springframework.beans.factory.InitializingBean;
+import org.springframework.core.log.LogMessage;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.web.AuthenticationEntryPoint;
 import org.springframework.security.web.DefaultRedirectStrategy;
@@ -93,9 +94,8 @@ public class LoginUrlAuthenticationEntryPoint implements AuthenticationEntryPoin
 	public void afterPropertiesSet() {
 		Assert.isTrue(StringUtils.hasText(this.loginFormUrl) && UrlUtils.isValidRedirectUrl(this.loginFormUrl),
 				"loginFormUrl must be specified and must be a valid redirect URL");
-		if (this.useForward && UrlUtils.isAbsoluteUrl(this.loginFormUrl)) {
-			throw new IllegalArgumentException("useForward must be false if using an absolute loginFormURL");
-		}
+		Assert.isTrue(!this.useForward || !UrlUtils.isAbsoluteUrl(this.loginFormUrl),
+				"useForward must be false if using an absolute loginFormURL");
 		Assert.notNull(this.portMapper, "portMapper must be specified");
 		Assert.notNull(this.portResolver, "portResolver must be specified");
 	}
@@ -110,7 +110,6 @@ public class LoginUrlAuthenticationEntryPoint implements AuthenticationEntryPoin
 	 */
 	protected String determineUrlToUseForThisRequest(HttpServletRequest request, HttpServletResponse response,
 			AuthenticationException exception) {
-
 		return getLoginFormUrl();
 	}
 
@@ -120,75 +119,55 @@ public class LoginUrlAuthenticationEntryPoint implements AuthenticationEntryPoin
 	@Override
 	public void commence(HttpServletRequest request, HttpServletResponse response,
 			AuthenticationException authException) throws IOException, ServletException {
-
-		String redirectUrl = null;
-
-		if (this.useForward) {
-
-			if (this.forceHttps && "http".equals(request.getScheme())) {
-				// First redirect the current request to HTTPS.
-				// When that request is received, the forward to the login page will be
-				// used.
-				redirectUrl = buildHttpsRedirectUrlForRequest(request);
-			}
-
-			if (redirectUrl == null) {
-				String loginForm = determineUrlToUseForThisRequest(request, response, authException);
-
-				if (logger.isDebugEnabled()) {
-					logger.debug("Server side forward to: " + loginForm);
-				}
-
-				RequestDispatcher dispatcher = request.getRequestDispatcher(loginForm);
-
-				dispatcher.forward(request, response);
-
-				return;
-			}
-		}
-		else {
+		if (!this.useForward) {
 			// redirect to login page. Use https if forceHttps true
-
-			redirectUrl = buildRedirectUrlToLoginPage(request, response, authException);
-
+			String redirectUrl = buildRedirectUrlToLoginPage(request, response, authException);
+			this.redirectStrategy.sendRedirect(request, response, redirectUrl);
+			return;
 		}
-
-		this.redirectStrategy.sendRedirect(request, response, redirectUrl);
+		String redirectUrl = null;
+		if (this.forceHttps && "http".equals(request.getScheme())) {
+			// First redirect the current request to HTTPS. When that request is received,
+			// the forward to the login page will be used.
+			redirectUrl = buildHttpsRedirectUrlForRequest(request);
+		}
+		if (redirectUrl != null) {
+			this.redirectStrategy.sendRedirect(request, response, redirectUrl);
+			return;
+		}
+		String loginForm = determineUrlToUseForThisRequest(request, response, authException);
+		logger.debug(LogMessage.format("Server side forward to: %s", loginForm));
+		RequestDispatcher dispatcher = request.getRequestDispatcher(loginForm);
+		dispatcher.forward(request, response);
+		return;
 	}
 
 	protected String buildRedirectUrlToLoginPage(HttpServletRequest request, HttpServletResponse response,
 			AuthenticationException authException) {
-
 		String loginForm = determineUrlToUseForThisRequest(request, response, authException);
-
 		if (UrlUtils.isAbsoluteUrl(loginForm)) {
 			return loginForm;
 		}
-
 		int serverPort = this.portResolver.getServerPort(request);
 		String scheme = request.getScheme();
-
 		RedirectUrlBuilder urlBuilder = new RedirectUrlBuilder();
-
 		urlBuilder.setScheme(scheme);
 		urlBuilder.setServerName(request.getServerName());
 		urlBuilder.setPort(serverPort);
 		urlBuilder.setContextPath(request.getContextPath());
 		urlBuilder.setPathInfo(loginForm);
-
 		if (this.forceHttps && "http".equals(scheme)) {
 			Integer httpsPort = this.portMapper.lookupHttpsPort(serverPort);
-
 			if (httpsPort != null) {
 				// Overwrite scheme and port in the redirect URL
 				urlBuilder.setScheme("https");
 				urlBuilder.setPort(httpsPort);
 			}
 			else {
-				logger.warn("Unable to redirect to HTTPS as no port mapping found for HTTP port " + serverPort);
+				logger.warn(LogMessage.format("Unable to redirect to HTTPS as no port mapping found for HTTP port %s",
+						serverPort));
 			}
 		}
-
 		return urlBuilder.getUrl();
 	}
 
@@ -197,10 +176,8 @@ public class LoginUrlAuthenticationEntryPoint implements AuthenticationEntryPoin
 	 * current request to HTTPS, before doing a forward to the login page.
 	 */
 	protected String buildHttpsRedirectUrlForRequest(HttpServletRequest request) throws IOException, ServletException {
-
 		int serverPort = this.portResolver.getServerPort(request);
 		Integer httpsPort = this.portMapper.lookupHttpsPort(serverPort);
-
 		if (httpsPort != null) {
 			RedirectUrlBuilder urlBuilder = new RedirectUrlBuilder();
 			urlBuilder.setScheme("https");
@@ -210,13 +187,11 @@ public class LoginUrlAuthenticationEntryPoint implements AuthenticationEntryPoin
 			urlBuilder.setServletPath(request.getServletPath());
 			urlBuilder.setPathInfo(request.getPathInfo());
 			urlBuilder.setQuery(request.getQueryString());
-
 			return urlBuilder.getUrl();
 		}
-
 		// Fall through to server-side forward with warning message
-		logger.warn("Unable to redirect to HTTPS as no port mapping found for HTTP port " + serverPort);
-
+		logger.warn(
+				LogMessage.format("Unable to redirect to HTTPS as no port mapping found for HTTP port %s", serverPort));
 		return null;
 	}
 
diff --git a/web/src/main/java/org/springframework/security/web/authentication/SavedRequestAwareAuthenticationSuccessHandler.java b/web/src/main/java/org/springframework/security/web/authentication/SavedRequestAwareAuthenticationSuccessHandler.java
index 8eab8096ca..3fa3802948 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/SavedRequestAwareAuthenticationSuccessHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/SavedRequestAwareAuthenticationSuccessHandler.java
@@ -74,10 +74,8 @@ public class SavedRequestAwareAuthenticationSuccessHandler extends SimpleUrlAuth
 	public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
 			Authentication authentication) throws ServletException, IOException {
 		SavedRequest savedRequest = this.requestCache.getRequest(request, response);
-
 		if (savedRequest == null) {
 			super.onAuthenticationSuccess(request, response, authentication);
-
 			return;
 		}
 		String targetUrlParameter = getTargetUrlParameter();
@@ -85,12 +83,9 @@ public class SavedRequestAwareAuthenticationSuccessHandler extends SimpleUrlAuth
 				|| (targetUrlParameter != null && StringUtils.hasText(request.getParameter(targetUrlParameter)))) {
 			this.requestCache.removeRequest(request, response);
 			super.onAuthenticationSuccess(request, response, authentication);
-
 			return;
 		}
-
 		clearAuthenticationAttributes(request);
-
 		// Use the DefaultSavedRequest URL
 		String targetUrl = savedRequest.getRedirectUrl();
 		this.logger.debug("Redirecting to DefaultSavedRequest Url: " + targetUrl);
diff --git a/web/src/main/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationFailureHandler.java b/web/src/main/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationFailureHandler.java
index f376014279..8eba0ffa1d 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationFailureHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationFailureHandler.java
@@ -76,24 +76,19 @@ public class SimpleUrlAuthenticationFailureHandler implements AuthenticationFail
 	@Override
 	public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
 			AuthenticationException exception) throws IOException, ServletException {
-
 		if (this.defaultFailureUrl == null) {
 			this.logger.debug("No failure URL set, sending 401 Unauthorized error");
-
 			response.sendError(HttpStatus.UNAUTHORIZED.value(), HttpStatus.UNAUTHORIZED.getReasonPhrase());
+			return;
+		}
+		saveException(request, exception);
+		if (this.forwardToDestination) {
+			this.logger.debug("Forwarding to " + this.defaultFailureUrl);
+			request.getRequestDispatcher(this.defaultFailureUrl).forward(request, response);
 		}
 		else {
-			saveException(request, exception);
-
-			if (this.forwardToDestination) {
-				this.logger.debug("Forwarding to " + this.defaultFailureUrl);
-
-				request.getRequestDispatcher(this.defaultFailureUrl).forward(request, response);
-			}
-			else {
-				this.logger.debug("Redirecting to " + this.defaultFailureUrl);
-				this.redirectStrategy.sendRedirect(request, response, this.defaultFailureUrl);
-			}
+			this.logger.debug("Redirecting to " + this.defaultFailureUrl);
+			this.redirectStrategy.sendRedirect(request, response, this.defaultFailureUrl);
 		}
 	}
 
@@ -108,13 +103,11 @@ public class SimpleUrlAuthenticationFailureHandler implements AuthenticationFail
 	protected final void saveException(HttpServletRequest request, AuthenticationException exception) {
 		if (this.forwardToDestination) {
 			request.setAttribute(WebAttributes.AUTHENTICATION_EXCEPTION, exception);
+			return;
 		}
-		else {
-			HttpSession session = request.getSession(false);
-
-			if (session != null || this.allowSessionCreation) {
-				request.getSession().setAttribute(WebAttributes.AUTHENTICATION_EXCEPTION, exception);
-			}
+		HttpSession session = request.getSession(false);
+		if (session != null || this.allowSessionCreation) {
+			request.getSession().setAttribute(WebAttributes.AUTHENTICATION_EXCEPTION, exception);
 		}
 	}
 
diff --git a/web/src/main/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationSuccessHandler.java b/web/src/main/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationSuccessHandler.java
index 4a7647239a..b8ac058cd8 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationSuccessHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationSuccessHandler.java
@@ -59,7 +59,6 @@ public class SimpleUrlAuthenticationSuccessHandler extends AbstractAuthenticatio
 	@Override
 	public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
 			Authentication authentication) throws IOException, ServletException {
-
 		handle(request, response, authentication);
 		clearAuthenticationAttributes(request);
 	}
@@ -70,12 +69,9 @@ public class SimpleUrlAuthenticationSuccessHandler extends AbstractAuthenticatio
 	 */
 	protected final void clearAuthenticationAttributes(HttpServletRequest request) {
 		HttpSession session = request.getSession(false);
-
-		if (session == null) {
-			return;
+		if (session != null) {
+			session.removeAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
 		}
-
-		session.removeAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
 	}
 
 }
diff --git a/web/src/main/java/org/springframework/security/web/authentication/UsernamePasswordAuthenticationFilter.java b/web/src/main/java/org/springframework/security/web/authentication/UsernamePasswordAuthenticationFilter.java
index b1f94f7e3f..e1a444594f 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/UsernamePasswordAuthenticationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/UsernamePasswordAuthenticationFilter.java
@@ -74,25 +74,14 @@ public class UsernamePasswordAuthenticationFilter extends AbstractAuthentication
 		if (this.postOnly && !request.getMethod().equals("POST")) {
 			throw new AuthenticationServiceException("Authentication method not supported: " + request.getMethod());
 		}
-
 		String username = obtainUsername(request);
-		String password = obtainPassword(request);
-
-		if (username == null) {
-			username = "";
-		}
-
-		if (password == null) {
-			password = "";
-		}
-
+		username = (username != null) ? username : "";
 		username = username.trim();
-
+		String password = obtainPassword(request);
+		password = (password != null) ? password : "";
 		UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username, password);
-
 		// Allow subclasses to set the "details" property
 		setDetails(request, authRequest);
-
 		return this.getAuthenticationManager().authenticate(authRequest);
 	}
 
diff --git a/web/src/main/java/org/springframework/security/web/authentication/WebAuthenticationDetails.java b/web/src/main/java/org/springframework/security/web/authentication/WebAuthenticationDetails.java
index 24eef04985..41052b4fb9 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/WebAuthenticationDetails.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/WebAuthenticationDetails.java
@@ -44,7 +44,6 @@ public class WebAuthenticationDetails implements Serializable {
 	 */
 	public WebAuthenticationDetails(HttpServletRequest request) {
 		this.remoteAddress = request.getRemoteAddr();
-
 		HttpSession session = request.getSession(false);
 		this.sessionId = (session != null) ? session.getId() : null;
 	}
@@ -62,39 +61,31 @@ public class WebAuthenticationDetails implements Serializable {
 	@Override
 	public boolean equals(Object obj) {
 		if (obj instanceof WebAuthenticationDetails) {
-			WebAuthenticationDetails rhs = (WebAuthenticationDetails) obj;
-
-			if ((this.remoteAddress == null) && (rhs.getRemoteAddress() != null)) {
+			WebAuthenticationDetails other = (WebAuthenticationDetails) obj;
+			if ((this.remoteAddress == null) && (other.getRemoteAddress() != null)) {
 				return false;
 			}
-
-			if ((this.remoteAddress != null) && (rhs.getRemoteAddress() == null)) {
+			if ((this.remoteAddress != null) && (other.getRemoteAddress() == null)) {
 				return false;
 			}
-
 			if (this.remoteAddress != null) {
-				if (!this.remoteAddress.equals(rhs.getRemoteAddress())) {
+				if (!this.remoteAddress.equals(other.getRemoteAddress())) {
 					return false;
 				}
 			}
-
-			if ((this.sessionId == null) && (rhs.getSessionId() != null)) {
+			if ((this.sessionId == null) && (other.getSessionId() != null)) {
 				return false;
 			}
-
-			if ((this.sessionId != null) && (rhs.getSessionId() == null)) {
+			if ((this.sessionId != null) && (other.getSessionId() == null)) {
 				return false;
 			}
-
 			if (this.sessionId != null) {
-				if (!this.sessionId.equals(rhs.getSessionId())) {
+				if (!this.sessionId.equals(other.getSessionId())) {
 					return false;
 				}
 			}
-
 			return true;
 		}
-
 		return false;
 	}
 
@@ -118,15 +109,12 @@ public class WebAuthenticationDetails implements Serializable {
 	@Override
 	public int hashCode() {
 		int code = 7654;
-
 		if (this.remoteAddress != null) {
 			code = code * (this.remoteAddress.hashCode() % 7);
 		}
-
 		if (this.sessionId != null) {
 			code = code * (this.sessionId.hashCode() % 7);
 		}
-
 		return code;
 	}
 
@@ -136,7 +124,6 @@ public class WebAuthenticationDetails implements Serializable {
 		sb.append(super.toString()).append(": ");
 		sb.append("RemoteIpAddress: ").append(this.getRemoteAddress()).append("; ");
 		sb.append("SessionId: ").append(this.getSessionId());
-
 		return sb.toString();
 	}
 
diff --git a/web/src/main/java/org/springframework/security/web/authentication/logout/CookieClearingLogoutHandler.java b/web/src/main/java/org/springframework/security/web/authentication/logout/CookieClearingLogoutHandler.java
index 70272a7893..e47c07dce1 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/logout/CookieClearingLogoutHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/logout/CookieClearingLogoutHandler.java
@@ -43,15 +43,14 @@ public final class CookieClearingLogoutHandler implements LogoutHandler {
 		Assert.notNull(cookiesToClear, "List of cookies cannot be null");
 		List<Function<HttpServletRequest, Cookie>> cookieList = new ArrayList<>();
 		for (String cookieName : cookiesToClear) {
-			Function<HttpServletRequest, Cookie> f = (request) -> {
+			cookieList.add((request) -> {
 				Cookie cookie = new Cookie(cookieName, null);
 				String cookiePath = request.getContextPath() + "/";
 				cookie.setPath(cookiePath);
 				cookie.setMaxAge(0);
 				cookie.setSecure(request.isSecure());
 				return cookie;
-			};
-			cookieList.add(f);
+			});
 		}
 		this.cookiesToClear = cookieList;
 	}
@@ -65,8 +64,7 @@ public final class CookieClearingLogoutHandler implements LogoutHandler {
 		List<Function<HttpServletRequest, Cookie>> cookieList = new ArrayList<>();
 		for (Cookie cookie : cookiesToClear) {
 			Assert.isTrue(cookie.getMaxAge() == 0, "Cookie maxAge must be 0");
-			Function<HttpServletRequest, Cookie> f = (request) -> cookie;
-			cookieList.add(f);
+			cookieList.add((request) -> cookie);
 		}
 		this.cookiesToClear = cookieList;
 	}
diff --git a/web/src/main/java/org/springframework/security/web/authentication/logout/LogoutFilter.java b/web/src/main/java/org/springframework/security/web/authentication/logout/LogoutFilter.java
index ff9ad94f07..54ec8ee6bb 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/logout/LogoutFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/logout/LogoutFilter.java
@@ -25,6 +25,7 @@ import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.springframework.core.log.LogMessage;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.web.util.UrlUtils;
@@ -83,25 +84,20 @@ public class LogoutFilter extends GenericFilterBean {
 	}
 
 	@Override
-	public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
+	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
 			throws IOException, ServletException {
-		HttpServletRequest request = (HttpServletRequest) req;
-		HttpServletResponse response = (HttpServletResponse) res;
+		doFilter((HttpServletRequest) request, (HttpServletResponse) response, chain);
+	}
 
+	private void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
+			throws IOException, ServletException {
 		if (requiresLogout(request, response)) {
 			Authentication auth = SecurityContextHolder.getContext().getAuthentication();
-
-			if (this.logger.isDebugEnabled()) {
-				this.logger.debug("Logging out user '" + auth + "' and transferring to logout destination");
-			}
-
+			this.logger.debug(LogMessage.format("Logging out user '%s' and transferring to logout destination", auth));
 			this.handler.logout(request, response, auth);
-
 			this.logoutSuccessHandler.onLogoutSuccess(request, response, auth);
-
 			return;
 		}
-
 		chain.doFilter(request, response);
 	}
 
diff --git a/web/src/main/java/org/springframework/security/web/authentication/logout/SecurityContextLogoutHandler.java b/web/src/main/java/org/springframework/security/web/authentication/logout/SecurityContextLogoutHandler.java
index de82f99994..76c5104553 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/logout/SecurityContextLogoutHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/logout/SecurityContextLogoutHandler.java
@@ -23,6 +23,7 @@ import javax.servlet.http.HttpSession;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
+import org.springframework.core.log.LogMessage;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.core.context.SecurityContextHolder;
@@ -61,16 +62,14 @@ public class SecurityContextLogoutHandler implements LogoutHandler {
 		if (this.invalidateHttpSession) {
 			HttpSession session = request.getSession(false);
 			if (session != null) {
-				this.logger.debug("Invalidating session: " + session.getId());
+				this.logger.debug(LogMessage.format("Invalidating session: %s", session.getId()));
 				session.invalidate();
 			}
 		}
-
 		if (this.clearAuthentication) {
 			SecurityContext context = SecurityContextHolder.getContext();
 			context.setAuthentication(null);
 		}
-
 		SecurityContextHolder.clearContext();
 	}
 
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilter.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilter.java
index 65b1fa56ed..b31cd91473 100755
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilter.java
@@ -28,6 +28,7 @@ import javax.servlet.http.HttpSession;
 
 import org.springframework.context.ApplicationEventPublisher;
 import org.springframework.context.ApplicationEventPublisherAware;
+import org.springframework.core.log.LogMessage;
 import org.springframework.security.authentication.AuthenticationDetailsSource;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.event.InteractiveAuthenticationSuccessEvent;
@@ -124,16 +125,11 @@ public abstract class AbstractPreAuthenticatedProcessingFilter extends GenericFi
 	@Override
 	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
 			throws IOException, ServletException {
-
-		if (this.logger.isDebugEnabled()) {
-			this.logger
-					.debug("Checking secure context token: " + SecurityContextHolder.getContext().getAuthentication());
-		}
-
+		this.logger.debug(LogMessage
+				.of(() -> "Checking secure context token: " + SecurityContextHolder.getContext().getAuthentication()));
 		if (this.requiresAuthenticationRequestMatcher.matches((HttpServletRequest) request)) {
 			doAuthenticate((HttpServletRequest) request, (HttpServletResponse) response);
 		}
-
 		chain.doFilter(request, response);
 	}
 
@@ -156,21 +152,15 @@ public abstract class AbstractPreAuthenticatedProcessingFilter extends GenericFi
 	 * @return true if the principal has changed, else false
 	 */
 	protected boolean principalChanged(HttpServletRequest request, Authentication currentAuthentication) {
-
 		Object principal = getPreAuthenticatedPrincipal(request);
-
 		if ((principal instanceof String) && currentAuthentication.getName().equals(principal)) {
 			return false;
 		}
-
 		if (principal != null && principal.equals(currentAuthentication.getPrincipal())) {
 			return false;
 		}
-
-		if (this.logger.isDebugEnabled()) {
-			this.logger
-					.debug("Pre-authenticated principal has changed to " + principal + " and will be reauthenticated");
-		}
+		this.logger.debug(LogMessage.format("Pre-authenticated principal has changed to %s and will be reauthenticated",
+				principal));
 		return true;
 	}
 
@@ -179,35 +169,24 @@ public abstract class AbstractPreAuthenticatedProcessingFilter extends GenericFi
 	 */
 	private void doAuthenticate(HttpServletRequest request, HttpServletResponse response)
 			throws IOException, ServletException {
-		Authentication authResult;
-
 		Object principal = getPreAuthenticatedPrincipal(request);
-		Object credentials = getPreAuthenticatedCredentials(request);
-
 		if (principal == null) {
-			if (this.logger.isDebugEnabled()) {
-				this.logger.debug("No pre-authenticated principal found in request");
-			}
-
+			this.logger.debug("No pre-authenticated principal found in request");
 			return;
 		}
-
-		if (this.logger.isDebugEnabled()) {
-			this.logger.debug("preAuthenticatedPrincipal = " + principal + ", trying to authenticate");
-		}
-
+		this.logger.debug(LogMessage.format("preAuthenticatedPrincipal = %s, trying to authenticate", principal));
+		Object credentials = getPreAuthenticatedCredentials(request);
 		try {
-			PreAuthenticatedAuthenticationToken authRequest = new PreAuthenticatedAuthenticationToken(principal,
-					credentials);
-			authRequest.setDetails(this.authenticationDetailsSource.buildDetails(request));
-			authResult = this.authenticationManager.authenticate(authRequest);
-			successfulAuthentication(request, response, authResult);
+			PreAuthenticatedAuthenticationToken authenticationRequest = new PreAuthenticatedAuthenticationToken(
+					principal, credentials);
+			authenticationRequest.setDetails(this.authenticationDetailsSource.buildDetails(request));
+			Authentication authenticationResult = this.authenticationManager.authenticate(authenticationRequest);
+			successfulAuthentication(request, response, authenticationResult);
 		}
-		catch (AuthenticationException failed) {
-			unsuccessfulAuthentication(request, response, failed);
-
+		catch (AuthenticationException ex) {
+			unsuccessfulAuthentication(request, response, ex);
 			if (!this.continueFilterChainOnUnsuccessfulAuthentication) {
-				throw failed;
+				throw ex;
 			}
 		}
 	}
@@ -218,15 +197,11 @@ public abstract class AbstractPreAuthenticatedProcessingFilter extends GenericFi
 	 */
 	protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response,
 			Authentication authResult) throws IOException, ServletException {
-		if (this.logger.isDebugEnabled()) {
-			this.logger.debug("Authentication success: " + authResult);
-		}
+		this.logger.debug(LogMessage.format("Authentication success: %s", authResult));
 		SecurityContextHolder.getContext().setAuthentication(authResult);
-		// Fire event
 		if (this.eventPublisher != null) {
 			this.eventPublisher.publishEvent(new InteractiveAuthenticationSuccessEvent(authResult, this.getClass()));
 		}
-
 		if (this.authenticationSuccessHandler != null) {
 			this.authenticationSuccessHandler.onAuthenticationSuccess(request, response, authResult);
 		}
@@ -241,12 +216,8 @@ public abstract class AbstractPreAuthenticatedProcessingFilter extends GenericFi
 	protected void unsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response,
 			AuthenticationException failed) throws IOException, ServletException {
 		SecurityContextHolder.clearContext();
-
-		if (this.logger.isDebugEnabled()) {
-			this.logger.debug("Cleared security context due to exception", failed);
-		}
+		this.logger.debug("Cleared security context due to exception", failed);
 		request.setAttribute(WebAttributes.AUTHENTICATION_EXCEPTION, failed);
-
 		if (this.authenticationFailureHandler != null) {
 			this.authenticationFailureHandler.onAuthenticationFailure(request, response, failed);
 		}
@@ -355,36 +326,27 @@ public abstract class AbstractPreAuthenticatedProcessingFilter extends GenericFi
 
 		@Override
 		public boolean matches(HttpServletRequest request) {
-
 			Authentication currentUser = SecurityContextHolder.getContext().getAuthentication();
-
 			if (currentUser == null) {
 				return true;
 			}
-
 			if (!AbstractPreAuthenticatedProcessingFilter.this.checkForPrincipalChanges) {
 				return false;
 			}
-
 			if (!principalChanged(request, currentUser)) {
 				return false;
 			}
-
 			AbstractPreAuthenticatedProcessingFilter.this.logger
 					.debug("Pre-authenticated principal has changed and will be reauthenticated");
-
 			if (AbstractPreAuthenticatedProcessingFilter.this.invalidateSessionOnPrincipalChange) {
 				SecurityContextHolder.clearContext();
-
 				HttpSession session = request.getSession(false);
-
 				if (session != null) {
 					AbstractPreAuthenticatedProcessingFilter.this.logger.debug("Invalidating existing session");
 					session.invalidate();
 					request.getSession();
 				}
 			}
-
 			return true;
 		}
 
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationProvider.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationProvider.java
index f34e36fbaa..320797d077 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationProvider.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationProvider.java
@@ -21,6 +21,7 @@ import org.apache.commons.logging.LogFactory;
 
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.core.Ordered;
+import org.springframework.core.log.LogMessage;
 import org.springframework.security.authentication.AccountStatusUserDetailsChecker;
 import org.springframework.security.authentication.AuthenticationProvider;
 import org.springframework.security.authentication.BadCredentialsException;
@@ -50,11 +51,11 @@ public class PreAuthenticatedAuthenticationProvider implements AuthenticationPro
 
 	private static final Log logger = LogFactory.getLog(PreAuthenticatedAuthenticationProvider.class);
 
-	private AuthenticationUserDetailsService<PreAuthenticatedAuthenticationToken> preAuthenticatedUserDetailsService = null;
+	private AuthenticationUserDetailsService<PreAuthenticatedAuthenticationToken> preAuthenticatedUserDetailsService;
 
 	private UserDetailsChecker userDetailsChecker = new AccountStatusUserDetailsChecker();
 
-	private boolean throwExceptionWhenTokenRejected = false;
+	private boolean throwExceptionWhenTokenRejected;
 
 	private int order = -1; // default: same as non-ordered
 
@@ -77,38 +78,27 @@ public class PreAuthenticatedAuthenticationProvider implements AuthenticationPro
 		if (!supports(authentication.getClass())) {
 			return null;
 		}
-
-		if (logger.isDebugEnabled()) {
-			logger.debug("PreAuthenticated authentication request: " + authentication);
-		}
-
+		logger.debug(LogMessage.format("PreAuthenticated authentication request: %s", authentication));
 		if (authentication.getPrincipal() == null) {
 			logger.debug("No pre-authenticated principal found in request.");
-
 			if (this.throwExceptionWhenTokenRejected) {
 				throw new BadCredentialsException("No pre-authenticated principal found in request.");
 			}
 			return null;
 		}
-
 		if (authentication.getCredentials() == null) {
 			logger.debug("No pre-authenticated credentials found in request.");
-
 			if (this.throwExceptionWhenTokenRejected) {
 				throw new BadCredentialsException("No pre-authenticated credentials found in request.");
 			}
 			return null;
 		}
-
-		UserDetails ud = this.preAuthenticatedUserDetailsService
+		UserDetails userDetails = this.preAuthenticatedUserDetailsService
 				.loadUserDetails((PreAuthenticatedAuthenticationToken) authentication);
-
-		this.userDetailsChecker.check(ud);
-
-		PreAuthenticatedAuthenticationToken result = new PreAuthenticatedAuthenticationToken(ud,
-				authentication.getCredentials(), ud.getAuthorities());
+		this.userDetailsChecker.check(userDetails);
+		PreAuthenticatedAuthenticationToken result = new PreAuthenticatedAuthenticationToken(userDetails,
+				authentication.getCredentials(), userDetails.getAuthorities());
 		result.setDetails(authentication.getDetails());
-
 		return result;
 	}
 
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails.java
index f104f2d514..f9534b5a90 100755
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails.java
@@ -46,7 +46,6 @@ public class PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails extends
 	public PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails(HttpServletRequest request,
 			Collection<? extends GrantedAuthority> authorities) {
 		super(request);
-
 		List<GrantedAuthority> temp = new ArrayList<>(authorities.size());
 		temp.addAll(authorities);
 		this.authorities = Collections.unmodifiableList(temp);
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/RequestAttributeAuthenticationFilter.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/RequestAttributeAuthenticationFilter.java
index 7eb9693acc..6d9176a230 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/RequestAttributeAuthenticationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/RequestAttributeAuthenticationFilter.java
@@ -59,12 +59,10 @@ public class RequestAttributeAuthenticationFilter extends AbstractPreAuthenticat
 	@Override
 	protected Object getPreAuthenticatedPrincipal(HttpServletRequest request) {
 		String principal = (String) request.getAttribute(this.principalEnvironmentVariable);
-
 		if (principal == null && this.exceptionIfVariableMissing) {
 			throw new PreAuthenticatedCredentialsNotFoundException(
 					this.principalEnvironmentVariable + " variable not found in request.");
 		}
-
 		return principal;
 	}
 
@@ -78,7 +76,6 @@ public class RequestAttributeAuthenticationFilter extends AbstractPreAuthenticat
 		if (this.credentialsEnvironmentVariable != null) {
 			return request.getAttribute(this.credentialsEnvironmentVariable);
 		}
-
 		return "N/A";
 	}
 
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/RequestHeaderAuthenticationFilter.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/RequestHeaderAuthenticationFilter.java
index 0af0c4e55f..4f5fbee3f5 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/RequestHeaderAuthenticationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/RequestHeaderAuthenticationFilter.java
@@ -60,12 +60,10 @@ public class RequestHeaderAuthenticationFilter extends AbstractPreAuthenticatedP
 	@Override
 	protected Object getPreAuthenticatedPrincipal(HttpServletRequest request) {
 		String principal = request.getHeader(this.principalRequestHeader);
-
 		if (principal == null && this.exceptionIfHeaderMissing) {
 			throw new PreAuthenticatedCredentialsNotFoundException(
 					this.principalRequestHeader + " header not found in request.");
 		}
-
 		return principal;
 	}
 
@@ -79,7 +77,6 @@ public class RequestHeaderAuthenticationFilter extends AbstractPreAuthenticatedP
 		if (this.credentialsRequestHeader != null) {
 			return request.getHeader(this.credentialsRequestHeader);
 		}
-
 		return "N/A";
 	}
 
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource.java
index b819a575d6..4fbd010402 100755
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource.java
@@ -27,6 +27,7 @@ import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
 import org.springframework.beans.factory.InitializingBean;
+import org.springframework.core.log.LogMessage;
 import org.springframework.security.authentication.AuthenticationDetailsSource;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.mapping.Attributes2GrantedAuthoritiesMapper;
@@ -76,13 +77,11 @@ public class J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource implements
 	 */
 	protected Collection<String> getUserRoles(HttpServletRequest request) {
 		ArrayList<String> j2eeUserRolesList = new ArrayList<>();
-
 		for (String role : this.j2eeMappableRoles) {
 			if (request.isUserInRole(role)) {
 				j2eeUserRolesList.add(role);
 			}
 		}
-
 		return j2eeUserRolesList;
 	}
 
@@ -93,19 +92,14 @@ public class J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource implements
 	 */
 	@Override
 	public PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails buildDetails(HttpServletRequest context) {
-
 		Collection<String> j2eeUserRoles = getUserRoles(context);
-		Collection<? extends GrantedAuthority> userGas = this.j2eeUserRoles2GrantedAuthoritiesMapper
+		Collection<? extends GrantedAuthority> userGrantedAuthorities = this.j2eeUserRoles2GrantedAuthoritiesMapper
 				.getGrantedAuthorities(j2eeUserRoles);
-
 		if (this.logger.isDebugEnabled()) {
-			this.logger.debug("J2EE roles [" + j2eeUserRoles + "] mapped to Granted Authorities: [" + userGas + "]");
+			this.logger.debug(LogMessage.format("J2EE roles [%s] mapped to Granted Authorities: [%s]", j2eeUserRoles,
+					userGrantedAuthorities));
 		}
-
-		PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails result = new PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails(
-				context, userGas);
-
-		return result;
+		return new PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails(context, userGrantedAuthorities);
 	}
 
 	/**
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/J2eePreAuthenticatedProcessingFilter.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/J2eePreAuthenticatedProcessingFilter.java
index 4fce63bd38..6d5a5dfa52 100755
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/J2eePreAuthenticatedProcessingFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/J2eePreAuthenticatedProcessingFilter.java
@@ -18,6 +18,7 @@ package org.springframework.security.web.authentication.preauth.j2ee;
 
 import javax.servlet.http.HttpServletRequest;
 
+import org.springframework.core.log.LogMessage;
 import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter;
 
 /**
@@ -36,9 +37,7 @@ public class J2eePreAuthenticatedProcessingFilter extends AbstractPreAuthenticat
 	@Override
 	protected Object getPreAuthenticatedPrincipal(HttpServletRequest httpRequest) {
 		Object principal = (httpRequest.getUserPrincipal() != null) ? httpRequest.getUserPrincipal().getName() : null;
-		if (this.logger.isDebugEnabled()) {
-			this.logger.debug("PreAuthenticated J2EE principal: " + principal);
-		}
+		this.logger.debug(LogMessage.format("PreAuthenticated J2EE principal: %s", principal));
 		return principal;
 	}
 
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/WebXmlMappableAttributesRetriever.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/WebXmlMappableAttributesRetriever.java
index a7b685853f..18d01fb706 100755
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/WebXmlMappableAttributesRetriever.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/WebXmlMappableAttributesRetriever.java
@@ -22,6 +22,7 @@ import java.io.StringReader;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.HashSet;
+import java.util.List;
 import java.util.Set;
 
 import javax.xml.parsers.DocumentBuilder;
@@ -43,6 +44,7 @@ import org.springframework.context.ResourceLoaderAware;
 import org.springframework.core.io.Resource;
 import org.springframework.core.io.ResourceLoader;
 import org.springframework.security.core.authority.mapping.MappableAttributesRetriever;
+import org.springframework.util.Assert;
 
 /**
  * This <tt>MappableAttributesRetriever</tt> implementation reads the list of defined J2EE
@@ -82,17 +84,17 @@ public class WebXmlMappableAttributesRetriever
 		Resource webXml = this.resourceLoader.getResource("/WEB-INF/web.xml");
 		Document doc = getDocument(webXml.getInputStream());
 		NodeList webApp = doc.getElementsByTagName("web-app");
-		if (webApp.getLength() != 1) {
-			throw new IllegalArgumentException("Failed to find 'web-app' element in resource" + webXml);
-		}
+		Assert.isTrue(webApp.getLength() == 1, () -> "Failed to find 'web-app' element in resource" + webXml);
 		NodeList securityRoles = ((Element) webApp.item(0)).getElementsByTagName("security-role");
+		List<String> roleNames = getRoleNames(webXml, securityRoles);
+		this.mappableAttributes = Collections.unmodifiableSet(new HashSet<>(roleNames));
+	}
 
+	private List<String> getRoleNames(Resource webXml, NodeList securityRoles) {
 		ArrayList<String> roleNames = new ArrayList<>();
-
 		for (int i = 0; i < securityRoles.getLength(); i++) {
-			Element secRoleElt = (Element) securityRoles.item(i);
-			NodeList roles = secRoleElt.getElementsByTagName("role-name");
-
+			Element securityRoleElement = (Element) securityRoles.item(i);
+			NodeList roles = securityRoleElement.getElementsByTagName("role-name");
 			if (roles.getLength() > 0) {
 				String roleName = roles.item(0).getTextContent().trim();
 				roleNames.add(roleName);
@@ -102,22 +104,19 @@ public class WebXmlMappableAttributesRetriever
 				this.logger.info("No security-role elements found in " + webXml);
 			}
 		}
-
-		this.mappableAttributes = Collections.unmodifiableSet(new HashSet<>(roleNames));
+		return roleNames;
 	}
 
 	/**
 	 * @return Document for the specified InputStream
 	 */
 	private Document getDocument(InputStream aStream) {
-		Document doc;
 		try {
 			DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
 			factory.setValidating(false);
-			DocumentBuilder db = factory.newDocumentBuilder();
-			db.setEntityResolver(new MyEntityResolver());
-			doc = db.parse(aStream);
-			return doc;
+			DocumentBuilder builder = factory.newDocumentBuilder();
+			builder.setEntityResolver(new MyEntityResolver());
+			return builder.parse(aStream);
 		}
 		catch (FactoryConfigurationError | IOException | SAXException | ParserConfigurationException ex) {
 			throw new RuntimeException("Unable to parse document object", ex);
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/DefaultWASUsernameAndGroupsExtractor.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/DefaultWASUsernameAndGroupsExtractor.java
index a95723a3a4..a934a0e35e 100755
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/DefaultWASUsernameAndGroupsExtractor.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/DefaultWASUsernameAndGroupsExtractor.java
@@ -31,6 +31,8 @@ import javax.security.auth.Subject;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
+import org.springframework.core.log.LogMessage;
+
 /**
  * WebSphere Security helper class to allow retrieval of the current username and groups.
  * <p>
@@ -75,9 +77,7 @@ final class DefaultWASUsernameAndGroupsExtractor implements WASUsernameAndGroups
 	 * @return String the security name for the given subject
 	 */
 	private static String getSecurityName(final Subject subject) {
-		if (logger.isDebugEnabled()) {
-			logger.debug("Determining Websphere security name for subject " + subject);
-		}
+		logger.debug(LogMessage.format("Determining Websphere security name for subject %s", subject));
 		String userSecurityName = null;
 		if (subject != null) {
 			// SEC-803
@@ -86,9 +86,7 @@ final class DefaultWASUsernameAndGroupsExtractor implements WASUsernameAndGroups
 				userSecurityName = (String) invokeMethod(getSecurityNameMethod(), credential);
 			}
 		}
-		if (logger.isDebugEnabled()) {
-			logger.debug("Websphere security name is " + userSecurityName + " for subject " + subject);
-		}
+		logger.debug(LogMessage.format("Websphere security name is %s for subject %s", subject, userSecurityName));
 		return userSecurityName;
 	}
 
@@ -119,69 +117,56 @@ final class DefaultWASUsernameAndGroupsExtractor implements WASUsernameAndGroups
 	 */
 	@SuppressWarnings("unchecked")
 	private static List<String> getWebSphereGroups(final String securityName) {
-		Context ic = null;
+		Context context = null;
 		try {
 			// TODO: Cache UserRegistry object
-			ic = new InitialContext();
-			Object objRef = ic.lookup(USER_REGISTRY);
+			context = new InitialContext();
+			Object objRef = context.lookup(USER_REGISTRY);
 			Object userReg = invokeMethod(getNarrowMethod(), null, objRef,
 					Class.forName("com.ibm.websphere.security.UserRegistry"));
-			if (logger.isDebugEnabled()) {
-				logger.debug("Determining WebSphere groups for user " + securityName + " using WebSphere UserRegistry "
-						+ userReg);
-			}
-			final Collection groups = (Collection) invokeMethod(getGroupsForUserMethod(), userReg,
+			logger.debug(LogMessage.format("Determining WebSphere groups for user %s using WebSphere UserRegistry %s",
+					securityName, userReg));
+			final Collection<String> groups = (Collection<String>) invokeMethod(getGroupsForUserMethod(), userReg,
 					new Object[] { securityName });
-			if (logger.isDebugEnabled()) {
-				logger.debug("Groups for user " + securityName + ": " + groups.toString());
-			}
-
-			return new ArrayList(groups);
+			logger.debug(LogMessage.format("Groups for user %s: %s", securityName, groups));
+			return new ArrayList<String>(groups);
 		}
 		catch (Exception ex) {
 			logger.error("Exception occured while looking up groups for user", ex);
 			throw new RuntimeException("Exception occured while looking up groups for user", ex);
 		}
 		finally {
-			try {
-				if (ic != null) {
-					ic.close();
-				}
-			}
-			catch (NamingException ex) {
-				logger.debug("Exception occured while closing context", ex);
+			closeContext(context);
+		}
+	}
+
+	private static void closeContext(Context context) {
+		try {
+			if (context != null) {
+				context.close();
 			}
 		}
+		catch (NamingException ex) {
+			logger.debug("Exception occured while closing context", ex);
+		}
 	}
 
 	private static Object invokeMethod(Method method, Object instance, Object... args) {
 		try {
 			return method.invoke(instance, args);
 		}
-		catch (IllegalArgumentException ex) {
-			logger.error("Error while invoking method " + method.getClass().getName() + "." + method.getName() + "("
-					+ Arrays.asList(args) + ")", ex);
-			throw new RuntimeException("Error while invoking method " + method.getClass().getName() + "."
-					+ method.getName() + "(" + Arrays.asList(args) + ")", ex);
-		}
-		catch (IllegalAccessException ex) {
-			logger.error("Error while invoking method " + method.getClass().getName() + "." + method.getName() + "("
-					+ Arrays.asList(args) + ")", ex);
-			throw new RuntimeException("Error while invoking method " + method.getClass().getName() + "."
-					+ method.getName() + "(" + Arrays.asList(args) + ")", ex);
-		}
-		catch (InvocationTargetException ex) {
-			logger.error("Error while invoking method " + method.getClass().getName() + "." + method.getName() + "("
-					+ Arrays.asList(args) + ")", ex);
-			throw new RuntimeException("Error while invoking method " + method.getClass().getName() + "."
-					+ method.getName() + "(" + Arrays.asList(args) + ")", ex);
+		catch (IllegalArgumentException | IllegalAccessException | InvocationTargetException ex) {
+			String message = "Error while invoking method " + method.getClass().getName() + "." + method.getName() + "("
+					+ Arrays.asList(args) + ")";
+			logger.error(message, ex);
+			throw new RuntimeException(message, ex);
 		}
 	}
 
 	private static Method getMethod(String className, String methodName, String[] parameterTypeNames) {
 		try {
 			Class<?> c = Class.forName(className);
-			final int len = parameterTypeNames.length;
+			int len = parameterTypeNames.length;
 			Class<?>[] parameterTypes = new Class[len];
 			for (int i = 0; i < len; i++) {
 				parameterTypes[i] = Class.forName(parameterTypeNames[i]);
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedProcessingFilter.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedProcessingFilter.java
index f867d52a82..e58ee0b182 100755
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedProcessingFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedProcessingFilter.java
@@ -18,6 +18,7 @@ package org.springframework.security.web.authentication.preauth.websphere;
 
 import javax.servlet.http.HttpServletRequest;
 
+import org.springframework.core.log.LogMessage;
 import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter;
 
 /**
@@ -51,9 +52,7 @@ public class WebSpherePreAuthenticatedProcessingFilter extends AbstractPreAuthen
 	@Override
 	protected Object getPreAuthenticatedPrincipal(HttpServletRequest httpRequest) {
 		Object principal = this.wasHelper.getCurrentUserName();
-		if (this.logger.isDebugEnabled()) {
-			this.logger.debug("PreAuthenticated WebSphere principal: " + principal);
-		}
+		this.logger.debug(LogMessage.format("PreAuthenticated WebSphere principal: %s", principal));
 		return principal;
 	}
 
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedWebAuthenticationDetailsSource.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedWebAuthenticationDetailsSource.java
index fdb6f1a3aa..5f52f928f6 100755
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedWebAuthenticationDetailsSource.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedWebAuthenticationDetailsSource.java
@@ -24,6 +24,7 @@ import javax.servlet.http.HttpServletRequest;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
+import org.springframework.core.log.LogMessage;
 import org.springframework.security.authentication.AuthenticationDetailsSource;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.mapping.Attributes2GrantedAuthoritiesMapper;
@@ -68,9 +69,8 @@ public class WebSpherePreAuthenticatedWebAuthenticationDetailsSource implements
 		List<String> webSphereGroups = this.wasHelper.getGroupsForCurrentUser();
 		Collection<? extends GrantedAuthority> userGas = this.webSphereGroups2GrantedAuthoritiesMapper
 				.getGrantedAuthorities(webSphereGroups);
-		if (this.logger.isDebugEnabled()) {
-			this.logger.debug("WebSphere groups: " + webSphereGroups + " mapped to Granted Authorities: " + userGas);
-		}
+		this.logger.debug(
+				LogMessage.format("WebSphere groups: %s mapped to Granted Authorities: %s", webSphereGroups, userGas));
 		return userGas;
 	}
 
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/x509/SubjectDnX509PrincipalExtractor.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/x509/SubjectDnX509PrincipalExtractor.java
index e590ff70b2..56e5c33b9e 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/x509/SubjectDnX509PrincipalExtractor.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/x509/SubjectDnX509PrincipalExtractor.java
@@ -25,6 +25,7 @@ import org.apache.commons.logging.LogFactory;
 
 import org.springframework.context.MessageSource;
 import org.springframework.context.support.MessageSourceAccessor;
+import org.springframework.core.log.LogMessage;
 import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.core.SpringSecurityMessageSource;
 import org.springframework.util.Assert;
@@ -58,24 +59,15 @@ public class SubjectDnX509PrincipalExtractor implements X509PrincipalExtractor {
 	public Object extractPrincipal(X509Certificate clientCert) {
 		// String subjectDN = clientCert.getSubjectX500Principal().getName();
 		String subjectDN = clientCert.getSubjectDN().getName();
-
-		this.logger.debug("Subject DN is '" + subjectDN + "'");
-
+		this.logger.debug(LogMessage.format("Subject DN is '%s'", subjectDN));
 		Matcher matcher = this.subjectDnPattern.matcher(subjectDN);
-
 		if (!matcher.find()) {
 			throw new BadCredentialsException(this.messages.getMessage("SubjectDnX509PrincipalExtractor.noMatching",
 					new Object[] { subjectDN }, "No matching pattern was found in subject DN: {0}"));
 		}
-
-		if (matcher.groupCount() != 1) {
-			throw new IllegalArgumentException("Regular expression must contain a single group ");
-		}
-
+		Assert.isTrue(matcher.groupCount() == 1, "Regular expression must contain a single group ");
 		String username = matcher.group(1);
-
-		this.logger.debug("Extracted Principal name is '" + username + "'");
-
+		this.logger.debug(LogMessage.format("Extracted Principal name is '%s'", username));
 		return username;
 	}
 
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/x509/X509AuthenticationFilter.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/x509/X509AuthenticationFilter.java
index cdb4190ded..1692df44d0 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/x509/X509AuthenticationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/x509/X509AuthenticationFilter.java
@@ -20,6 +20,7 @@ import java.security.cert.X509Certificate;
 
 import javax.servlet.http.HttpServletRequest;
 
+import org.springframework.core.log.LogMessage;
 import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter;
 
 /**
@@ -32,12 +33,7 @@ public class X509AuthenticationFilter extends AbstractPreAuthenticatedProcessing
 	@Override
 	protected Object getPreAuthenticatedPrincipal(HttpServletRequest request) {
 		X509Certificate cert = extractClientCertificate(request);
-
-		if (cert == null) {
-			return null;
-		}
-
-		return this.principalExtractor.extractPrincipal(cert);
+		return (cert != null) ? this.principalExtractor.extractPrincipal(cert) : null;
 	}
 
 	@Override
@@ -47,19 +43,11 @@ public class X509AuthenticationFilter extends AbstractPreAuthenticatedProcessing
 
 	private X509Certificate extractClientCertificate(HttpServletRequest request) {
 		X509Certificate[] certs = (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate");
-
 		if (certs != null && certs.length > 0) {
-			if (this.logger.isDebugEnabled()) {
-				this.logger.debug("X.509 client authentication certificate:" + certs[0]);
-			}
-
+			this.logger.debug(LogMessage.format("X.509 client authentication certificate:%s", certs[0]));
 			return certs[0];
 		}
-
-		if (this.logger.isDebugEnabled()) {
-			this.logger.debug("No client certificate found in request.");
-		}
-
+		this.logger.debug("No client certificate found in request.");
 		return null;
 	}
 
diff --git a/web/src/main/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServices.java b/web/src/main/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServices.java
index a250449dc8..1d25067d37 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServices.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServices.java
@@ -31,6 +31,7 @@ import org.apache.commons.logging.LogFactory;
 
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.context.support.MessageSourceAccessor;
+import org.springframework.core.log.LogMessage;
 import org.springframework.security.authentication.AccountStatusException;
 import org.springframework.security.authentication.AccountStatusUserDetailsChecker;
 import org.springframework.security.authentication.AuthenticationDetailsSource;
@@ -118,47 +119,38 @@ public abstract class AbstractRememberMeServices implements RememberMeServices,
 	@Override
 	public final Authentication autoLogin(HttpServletRequest request, HttpServletResponse response) {
 		String rememberMeCookie = extractRememberMeCookie(request);
-
 		if (rememberMeCookie == null) {
 			return null;
 		}
-
 		this.logger.debug("Remember-me cookie detected");
-
 		if (rememberMeCookie.length() == 0) {
 			this.logger.debug("Cookie was empty");
 			cancelCookie(request, response);
 			return null;
 		}
-
-		UserDetails user = null;
-
 		try {
 			String[] cookieTokens = decodeCookie(rememberMeCookie);
-			user = processAutoLoginCookie(cookieTokens, request, response);
+			UserDetails user = processAutoLoginCookie(cookieTokens, request, response);
 			this.userDetailsChecker.check(user);
-
 			this.logger.debug("Remember-me cookie accepted");
-
 			return createSuccessfulAuthentication(request, user);
 		}
-		catch (CookieTheftException cte) {
+		catch (CookieTheftException ex) {
 			cancelCookie(request, response);
-			throw cte;
+			throw ex;
 		}
-		catch (UsernameNotFoundException noUser) {
-			this.logger.debug("Remember-me login was valid but corresponding user not found.", noUser);
+		catch (UsernameNotFoundException ex) {
+			this.logger.debug("Remember-me login was valid but corresponding user not found.", ex);
 		}
-		catch (InvalidCookieException invalidCookie) {
-			this.logger.debug("Invalid remember-me cookie: " + invalidCookie.getMessage());
+		catch (InvalidCookieException ex) {
+			this.logger.debug("Invalid remember-me cookie: " + ex.getMessage());
 		}
-		catch (AccountStatusException statusInvalid) {
-			this.logger.debug("Invalid UserDetails: " + statusInvalid.getMessage());
+		catch (AccountStatusException ex) {
+			this.logger.debug("Invalid UserDetails: " + ex.getMessage());
 		}
 		catch (RememberMeAuthenticationException ex) {
 			this.logger.debug(ex.getMessage());
 		}
-
 		cancelCookie(request, response);
 		return null;
 	}
@@ -172,17 +164,14 @@ public abstract class AbstractRememberMeServices implements RememberMeServices,
 	 */
 	protected String extractRememberMeCookie(HttpServletRequest request) {
 		Cookie[] cookies = request.getCookies();
-
 		if ((cookies == null) || (cookies.length == 0)) {
 			return null;
 		}
-
 		for (Cookie cookie : cookies) {
 			if (this.cookieName.equals(cookie.getName())) {
 				return cookie.getValue();
 			}
 		}
-
 		return null;
 	}
 
@@ -216,18 +205,14 @@ public abstract class AbstractRememberMeServices implements RememberMeServices,
 		for (int j = 0; j < cookieValue.length() % 4; j++) {
 			cookieValue = cookieValue + "=";
 		}
-
 		try {
 			Base64.getDecoder().decode(cookieValue.getBytes());
 		}
 		catch (IllegalArgumentException ex) {
 			throw new InvalidCookieException("Cookie token was not Base64 encoded; value was '" + cookieValue + "'");
 		}
-
 		String cookieAsPlainText = new String(Base64.getDecoder().decode(cookieValue.getBytes()));
-
 		String[] tokens = StringUtils.delimitedListToStringArray(cookieAsPlainText, DELIMITER);
-
 		for (int i = 0; i < tokens.length; i++) {
 			try {
 				tokens[i] = URLDecoder.decode(tokens[i], StandardCharsets.UTF_8.toString());
@@ -236,7 +221,6 @@ public abstract class AbstractRememberMeServices implements RememberMeServices,
 				this.logger.error(ex.getMessage(), ex);
 			}
 		}
-
 		return tokens;
 	}
 
@@ -254,20 +238,15 @@ public abstract class AbstractRememberMeServices implements RememberMeServices,
 			catch (UnsupportedEncodingException ex) {
 				this.logger.error(ex.getMessage(), ex);
 			}
-
 			if (i < cookieTokens.length - 1) {
 				sb.append(DELIMITER);
 			}
 		}
-
 		String value = sb.toString();
-
 		sb = new StringBuilder(new String(Base64.getEncoder().encode(value.getBytes())));
-
 		while (sb.charAt(sb.length() - 1) == '=') {
 			sb.deleteCharAt(sb.length() - 1);
 		}
-
 		return sb.toString();
 	}
 
@@ -293,12 +272,10 @@ public abstract class AbstractRememberMeServices implements RememberMeServices,
 	@Override
 	public final void loginSuccess(HttpServletRequest request, HttpServletResponse response,
 			Authentication successfulAuthentication) {
-
 		if (!rememberMeRequested(request, this.parameter)) {
 			this.logger.debug("Remember-me login not requested.");
 			return;
 		}
-
 		onLoginSuccess(request, response, successfulAuthentication);
 	}
 
@@ -324,20 +301,15 @@ public abstract class AbstractRememberMeServices implements RememberMeServices,
 		if (this.alwaysRemember) {
 			return true;
 		}
-
 		String paramValue = request.getParameter(parameter);
-
 		if (paramValue != null) {
 			if (paramValue.equalsIgnoreCase("true") || paramValue.equalsIgnoreCase("on")
 					|| paramValue.equalsIgnoreCase("yes") || paramValue.equals("1")) {
 				return true;
 			}
 		}
-
-		if (this.logger.isDebugEnabled()) {
-			this.logger.debug("Did not send remember-me cookie (principal did not set parameter '" + parameter + "')");
-		}
-
+		this.logger.debug(
+				LogMessage.format("Did not send remember-me cookie (principal did not set parameter '%s')", parameter));
 		return false;
 	}
 
@@ -370,12 +342,7 @@ public abstract class AbstractRememberMeServices implements RememberMeServices,
 		if (this.cookieDomain != null) {
 			cookie.setDomain(this.cookieDomain);
 		}
-		if (this.useSecureCookie == null) {
-			cookie.setSecure(request.isSecure());
-		}
-		else {
-			cookie.setSecure(this.useSecureCookie);
-		}
+		cookie.setSecure((this.useSecureCookie != null) ? this.useSecureCookie : request.isSecure());
 		response.addCookie(cookie);
 	}
 
@@ -402,16 +369,8 @@ public abstract class AbstractRememberMeServices implements RememberMeServices,
 		if (maxAge < 1) {
 			cookie.setVersion(1);
 		}
-
-		if (this.useSecureCookie == null) {
-			cookie.setSecure(request.isSecure());
-		}
-		else {
-			cookie.setSecure(this.useSecureCookie);
-		}
-
+		cookie.setSecure((this.useSecureCookie != null) ? this.useSecureCookie : request.isSecure());
 		cookie.setHttpOnly(true);
-
 		response.addCookie(cookie);
 	}
 
@@ -426,9 +385,8 @@ public abstract class AbstractRememberMeServices implements RememberMeServices,
 	 */
 	@Override
 	public void logout(HttpServletRequest request, HttpServletResponse response, Authentication authentication) {
-		if (this.logger.isDebugEnabled()) {
-			this.logger.debug("Logout of user " + ((authentication != null) ? authentication.getName() : "Unknown"));
-		}
+		this.logger.debug(LogMessage
+				.of(() -> "Logout of user " + ((authentication != null) ? authentication.getName() : "Unknown")));
 		cancelCookie(request, response);
 	}
 
diff --git a/web/src/main/java/org/springframework/security/web/authentication/rememberme/InMemoryTokenRepositoryImpl.java b/web/src/main/java/org/springframework/security/web/authentication/rememberme/InMemoryTokenRepositoryImpl.java
index aadf83fc7c..9eecb9778a 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/rememberme/InMemoryTokenRepositoryImpl.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/rememberme/InMemoryTokenRepositoryImpl.java
@@ -36,21 +36,17 @@ public class InMemoryTokenRepositoryImpl implements PersistentTokenRepository {
 	@Override
 	public synchronized void createNewToken(PersistentRememberMeToken token) {
 		PersistentRememberMeToken current = this.seriesTokens.get(token.getSeries());
-
 		if (current != null) {
 			throw new DataIntegrityViolationException("Series Id '" + token.getSeries() + "' already exists!");
 		}
-
 		this.seriesTokens.put(token.getSeries(), token);
 	}
 
 	@Override
 	public synchronized void updateToken(String series, String tokenValue, Date lastUsed) {
 		PersistentRememberMeToken token = getTokenForSeries(series);
-
 		PersistentRememberMeToken newToken = new PersistentRememberMeToken(token.getUsername(), series, tokenValue,
 				new Date());
-
 		// Store it, overwriting the existing one.
 		this.seriesTokens.put(series, newToken);
 	}
@@ -63,12 +59,9 @@ public class InMemoryTokenRepositoryImpl implements PersistentTokenRepository {
 	@Override
 	public synchronized void removeUserTokens(String username) {
 		Iterator<String> series = this.seriesTokens.keySet().iterator();
-
 		while (series.hasNext()) {
 			String seriesId = series.next();
-
 			PersistentRememberMeToken token = this.seriesTokens.get(seriesId);
-
 			if (username.equals(token.getUsername())) {
 				series.remove();
 			}
diff --git a/web/src/main/java/org/springframework/security/web/authentication/rememberme/JdbcTokenRepositoryImpl.java b/web/src/main/java/org/springframework/security/web/authentication/rememberme/JdbcTokenRepositoryImpl.java
index bc14f0dd54..e33c5e6a3c 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/rememberme/JdbcTokenRepositoryImpl.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/rememberme/JdbcTokenRepositoryImpl.java
@@ -16,8 +16,11 @@
 
 package org.springframework.security.web.authentication.rememberme;
 
+import java.sql.ResultSet;
+import java.sql.SQLException;
 import java.util.Date;
 
+import org.springframework.core.log.LogMessage;
 import org.springframework.dao.DataAccessException;
 import org.springframework.dao.EmptyResultDataAccessException;
 import org.springframework.dao.IncorrectResultSizeDataAccessException;
@@ -87,27 +90,26 @@ public class JdbcTokenRepositoryImpl extends JdbcDaoSupport implements Persisten
 	@Override
 	public PersistentRememberMeToken getTokenForSeries(String seriesId) {
 		try {
-			return getJdbcTemplate().queryForObject(this.tokensBySeriesSql,
-					(rs, rowNum) -> new PersistentRememberMeToken(rs.getString(1), rs.getString(2), rs.getString(3),
-							rs.getTimestamp(4)),
-					seriesId);
+			return getJdbcTemplate().queryForObject(this.tokensBySeriesSql, this::createRememberMeToken, seriesId);
 		}
-		catch (EmptyResultDataAccessException zeroResults) {
-			if (this.logger.isDebugEnabled()) {
-				this.logger.debug("Querying token for series '" + seriesId + "' returned no results.", zeroResults);
-			}
+		catch (EmptyResultDataAccessException ex) {
+			this.logger.debug(LogMessage.format("Querying token for series '%s' returned no results.", seriesId), ex);
 		}
-		catch (IncorrectResultSizeDataAccessException moreThanOne) {
-			this.logger.error("Querying token for series '" + seriesId + "' returned more than one value. Series"
-					+ " should be unique");
+		catch (IncorrectResultSizeDataAccessException ex) {
+			this.logger.error(LogMessage.format(
+					"Querying token for series '%s' returned more than one value. Series" + " should be unique",
+					seriesId));
 		}
 		catch (DataAccessException ex) {
 			this.logger.error("Failed to load token for series " + seriesId, ex);
 		}
-
 		return null;
 	}
 
+	private PersistentRememberMeToken createRememberMeToken(ResultSet rs, int rowNum) throws SQLException {
+		return new PersistentRememberMeToken(rs.getString(1), rs.getString(2), rs.getString(3), rs.getTimestamp(4));
+	}
+
 	@Override
 	public void removeUserTokens(String username) {
 		getJdbcTemplate().update(this.removeUserTokensSql, username);
diff --git a/web/src/main/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServices.java b/web/src/main/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServices.java
index 8288d3e4a5..9914275ca2 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServices.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServices.java
@@ -24,6 +24,7 @@ import java.util.Date;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.springframework.core.log.LogMessage;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
@@ -93,47 +94,35 @@ public class PersistentTokenBasedRememberMeServices extends AbstractRememberMeSe
 	@Override
 	protected UserDetails processAutoLoginCookie(String[] cookieTokens, HttpServletRequest request,
 			HttpServletResponse response) {
-
 		if (cookieTokens.length != 2) {
 			throw new InvalidCookieException("Cookie token did not contain " + 2 + " tokens, but contained '"
 					+ Arrays.asList(cookieTokens) + "'");
 		}
-
-		final String presentedSeries = cookieTokens[0];
-		final String presentedToken = cookieTokens[1];
-
+		String presentedSeries = cookieTokens[0];
+		String presentedToken = cookieTokens[1];
 		PersistentRememberMeToken token = this.tokenRepository.getTokenForSeries(presentedSeries);
-
 		if (token == null) {
 			// No series match, so we can't authenticate using this cookie
 			throw new RememberMeAuthenticationException("No persistent token found for series id: " + presentedSeries);
 		}
-
 		// We have a match for this user/series combination
 		if (!presentedToken.equals(token.getTokenValue())) {
 			// Token doesn't match series value. Delete all logins for this user and throw
 			// an exception to warn them.
 			this.tokenRepository.removeUserTokens(token.getUsername());
-
 			throw new CookieTheftException(this.messages.getMessage(
 					"PersistentTokenBasedRememberMeServices.cookieStolen",
 					"Invalid remember-me token (Series/token) mismatch. Implies previous cookie theft attack."));
 		}
-
 		if (token.getDate().getTime() + getTokenValiditySeconds() * 1000L < System.currentTimeMillis()) {
 			throw new RememberMeAuthenticationException("Remember-me login has expired");
 		}
-
 		// Token also matches, so login is valid. Update the token value, keeping the
 		// *same* series number.
-		if (this.logger.isDebugEnabled()) {
-			this.logger.debug("Refreshing persistent login token for user '" + token.getUsername() + "', series '"
-					+ token.getSeries() + "'");
-		}
-
+		this.logger.debug(LogMessage.format("Refreshing persistent login token for user '%s', series '%s'",
+				token.getUsername(), token.getSeries()));
 		PersistentRememberMeToken newToken = new PersistentRememberMeToken(token.getUsername(), token.getSeries(),
 				generateTokenData(), new Date());
-
 		try {
 			this.tokenRepository.updateToken(newToken.getSeries(), newToken.getTokenValue(), newToken.getDate());
 			addCookie(newToken, request, response);
@@ -142,7 +131,6 @@ public class PersistentTokenBasedRememberMeServices extends AbstractRememberMeSe
 			this.logger.error("Failed to update token: ", ex);
 			throw new RememberMeAuthenticationException("Autologin failed due to data access problem");
 		}
-
 		return getUserDetailsService().loadUserByUsername(token.getUsername());
 	}
 
@@ -155,9 +143,7 @@ public class PersistentTokenBasedRememberMeServices extends AbstractRememberMeSe
 	protected void onLoginSuccess(HttpServletRequest request, HttpServletResponse response,
 			Authentication successfulAuthentication) {
 		String username = successfulAuthentication.getName();
-
-		this.logger.debug("Creating new persistent login for user " + username);
-
+		this.logger.debug(LogMessage.format("Creating new persistent login for user %s", username));
 		PersistentRememberMeToken persistentToken = new PersistentRememberMeToken(username, generateSeriesData(),
 				generateTokenData(), new Date());
 		try {
@@ -172,7 +158,6 @@ public class PersistentTokenBasedRememberMeServices extends AbstractRememberMeSe
 	@Override
 	public void logout(HttpServletRequest request, HttpServletResponse response, Authentication authentication) {
 		super.logout(request, response, authentication);
-
 		if (authentication != null) {
 			this.tokenRepository.removeUserTokens(authentication.getName());
 		}
diff --git a/web/src/main/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationFilter.java b/web/src/main/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationFilter.java
index 8fb4a860d3..f41fd586a4 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationFilter.java
@@ -27,6 +27,7 @@ import javax.servlet.http.HttpServletResponse;
 
 import org.springframework.context.ApplicationEventPublisher;
 import org.springframework.context.ApplicationEventPublisherAware;
+import org.springframework.core.log.LogMessage;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.event.InteractiveAuthenticationSuccessEvent;
 import org.springframework.security.core.Authentication;
@@ -86,66 +87,50 @@ public class RememberMeAuthenticationFilter extends GenericFilterBean implements
 	}
 
 	@Override
-	public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
+	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
 			throws IOException, ServletException {
-		HttpServletRequest request = (HttpServletRequest) req;
-		HttpServletResponse response = (HttpServletResponse) res;
-
-		if (SecurityContextHolder.getContext().getAuthentication() == null) {
-			Authentication rememberMeAuth = this.rememberMeServices.autoLogin(request, response);
-
-			if (rememberMeAuth != null) {
-				// Attempt authenticaton via AuthenticationManager
-				try {
-					rememberMeAuth = this.authenticationManager.authenticate(rememberMeAuth);
-
-					// Store to SecurityContextHolder
-					SecurityContextHolder.getContext().setAuthentication(rememberMeAuth);
-
-					onSuccessfulAuthentication(request, response, rememberMeAuth);
-
-					if (this.logger.isDebugEnabled()) {
-						this.logger.debug("SecurityContextHolder populated with remember-me token: '"
-								+ SecurityContextHolder.getContext().getAuthentication() + "'");
-					}
-
-					// Fire event
-					if (this.eventPublisher != null) {
-						this.eventPublisher.publishEvent(new InteractiveAuthenticationSuccessEvent(
-								SecurityContextHolder.getContext().getAuthentication(), this.getClass()));
-					}
-
-					if (this.successHandler != null) {
-						this.successHandler.onAuthenticationSuccess(request, response, rememberMeAuth);
-
-						return;
-					}
+		doFilter((HttpServletRequest) request, (HttpServletResponse) response, chain);
+	}
 
+	private void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
+			throws IOException, ServletException {
+		if (SecurityContextHolder.getContext().getAuthentication() != null) {
+			this.logger.debug(LogMessage
+					.of(() -> "SecurityContextHolder not populated with remember-me token, as it already contained: '"
+							+ SecurityContextHolder.getContext().getAuthentication() + "'"));
+			chain.doFilter(request, response);
+			return;
+		}
+		Authentication rememberMeAuth = this.rememberMeServices.autoLogin(request, response);
+		if (rememberMeAuth != null) {
+			// Attempt authenticaton via AuthenticationManager
+			try {
+				rememberMeAuth = this.authenticationManager.authenticate(rememberMeAuth);
+				// Store to SecurityContextHolder
+				SecurityContextHolder.getContext().setAuthentication(rememberMeAuth);
+				onSuccessfulAuthentication(request, response, rememberMeAuth);
+				this.logger.debug(LogMessage.of(() -> "SecurityContextHolder populated with remember-me token: '"
+						+ SecurityContextHolder.getContext().getAuthentication() + "'"));
+				if (this.eventPublisher != null) {
+					this.eventPublisher.publishEvent(new InteractiveAuthenticationSuccessEvent(
+							SecurityContextHolder.getContext().getAuthentication(), this.getClass()));
 				}
-				catch (AuthenticationException authenticationException) {
-					if (this.logger.isDebugEnabled()) {
-						this.logger.debug("SecurityContextHolder not populated with remember-me token, as "
-								+ "AuthenticationManager rejected Authentication returned by RememberMeServices: '"
-								+ rememberMeAuth + "'; invalidating remember-me token", authenticationException);
-					}
-
-					this.rememberMeServices.loginFail(request, response);
-
-					onUnsuccessfulAuthentication(request, response, authenticationException);
+				if (this.successHandler != null) {
+					this.successHandler.onAuthenticationSuccess(request, response, rememberMeAuth);
+					return;
 				}
 			}
-
-			chain.doFilter(request, response);
-		}
-		else {
-			if (this.logger.isDebugEnabled()) {
-				this.logger
-						.debug("SecurityContextHolder not populated with remember-me token, as it already contained: '"
-								+ SecurityContextHolder.getContext().getAuthentication() + "'");
+			catch (AuthenticationException ex) {
+				this.logger.debug(LogMessage
+						.format("SecurityContextHolder not populated with remember-me token, as AuthenticationManager "
+								+ "rejected Authentication returned by RememberMeServices: '%s'; "
+								+ "invalidating remember-me token", rememberMeAuth),
+						ex);
+				this.rememberMeServices.loginFail(request, response);
+				onUnsuccessfulAuthentication(request, response, ex);
 			}
-
-			chain.doFilter(request, response);
 		}
+		chain.doFilter(request, response);
 	}
 
 	/**
diff --git a/web/src/main/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServices.java b/web/src/main/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServices.java
index d75d228ed2..2facda2bc1 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServices.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServices.java
@@ -90,52 +90,43 @@ public class TokenBasedRememberMeServices extends AbstractRememberMeServices {
 	@Override
 	protected UserDetails processAutoLoginCookie(String[] cookieTokens, HttpServletRequest request,
 			HttpServletResponse response) {
-
 		if (cookieTokens.length != 3) {
 			throw new InvalidCookieException(
 					"Cookie token did not contain 3" + " tokens, but contained '" + Arrays.asList(cookieTokens) + "'");
 		}
+		long tokenExpiryTime = getTokenExpiryTime(cookieTokens);
+		if (isTokenExpired(tokenExpiryTime)) {
+			throw new InvalidCookieException("Cookie token[1] has expired (expired on '" + new Date(tokenExpiryTime)
+					+ "'; current time is '" + new Date() + "')");
+		}
+		// Check the user exists. Defer lookup until after expiry time checked, to
+		// possibly avoid expensive database call.
+		UserDetails userDetails = getUserDetailsService().loadUserByUsername(cookieTokens[0]);
+		Assert.notNull(userDetails, () -> "UserDetailsService " + getUserDetailsService()
+				+ " returned null for username " + cookieTokens[0] + ". " + "This is an interface contract violation");
+		// Check signature of token matches remaining details. Must do this after user
+		// lookup, as we need the DAO-derived password. If efficiency was a major issue,
+		// just add in a UserCache implementation, but recall that this method is usually
+		// only called once per HttpSession - if the token is valid, it will cause
+		// SecurityContextHolder population, whilst if invalid, will cause the cookie to
+		// be cancelled.
+		String expectedTokenSignature = makeTokenSignature(tokenExpiryTime, userDetails.getUsername(),
+				userDetails.getPassword());
+		if (!equals(expectedTokenSignature, cookieTokens[2])) {
+			throw new InvalidCookieException("Cookie token[2] contained signature '" + cookieTokens[2]
+					+ "' but expected '" + expectedTokenSignature + "'");
+		}
+		return userDetails;
+	}
 
-		long tokenExpiryTime;
-
+	private long getTokenExpiryTime(String[] cookieTokens) {
 		try {
-			tokenExpiryTime = new Long(cookieTokens[1]);
+			return new Long(cookieTokens[1]);
 		}
 		catch (NumberFormatException nfe) {
 			throw new InvalidCookieException(
 					"Cookie token[1] did not contain a valid number (contained '" + cookieTokens[1] + "')");
 		}
-
-		if (isTokenExpired(tokenExpiryTime)) {
-			throw new InvalidCookieException("Cookie token[1] has expired (expired on '" + new Date(tokenExpiryTime)
-					+ "'; current time is '" + new Date() + "')");
-		}
-
-		// Check the user exists.
-		// Defer lookup until after expiry time checked, to possibly avoid expensive
-		// database call.
-
-		UserDetails userDetails = getUserDetailsService().loadUserByUsername(cookieTokens[0]);
-
-		Assert.notNull(userDetails, () -> "UserDetailsService " + getUserDetailsService()
-				+ " returned null for username " + cookieTokens[0] + ". " + "This is an interface contract violation");
-
-		// Check signature of token matches remaining details.
-		// Must do this after user lookup, as we need the DAO-derived password.
-		// If efficiency was a major issue, just add in a UserCache implementation,
-		// but recall that this method is usually only called once per HttpSession - if
-		// the token is valid,
-		// it will cause SecurityContextHolder population, whilst if invalid, will cause
-		// the cookie to be cancelled.
-		String expectedTokenSignature = makeTokenSignature(tokenExpiryTime, userDetails.getUsername(),
-				userDetails.getPassword());
-
-		if (!equals(expectedTokenSignature, cookieTokens[2])) {
-			throw new InvalidCookieException("Cookie token[2] contained signature '" + cookieTokens[2]
-					+ "' but expected '" + expectedTokenSignature + "'");
-		}
-
-		return userDetails;
 	}
 
 	/**
@@ -144,15 +135,13 @@ public class TokenBasedRememberMeServices extends AbstractRememberMeServices {
 	 */
 	protected String makeTokenSignature(long tokenExpiryTime, String username, String password) {
 		String data = username + ":" + tokenExpiryTime + ":" + password + ":" + getKey();
-		MessageDigest digest;
 		try {
-			digest = MessageDigest.getInstance("MD5");
+			MessageDigest digest = MessageDigest.getInstance("MD5");
+			return new String(Hex.encode(digest.digest(data.getBytes())));
 		}
 		catch (NoSuchAlgorithmException ex) {
 			throw new IllegalStateException("No MD5 algorithm available!");
 		}
-
-		return new String(Hex.encode(digest.digest(data.getBytes())));
 	}
 
 	protected boolean isTokenExpired(long tokenExpiryTime) {
@@ -162,10 +151,8 @@ public class TokenBasedRememberMeServices extends AbstractRememberMeServices {
 	@Override
 	public void onLoginSuccess(HttpServletRequest request, HttpServletResponse response,
 			Authentication successfulAuthentication) {
-
 		String username = retrieveUserName(successfulAuthentication);
 		String password = retrievePassword(successfulAuthentication);
-
 		// If unable to find a username and password, just abort as
 		// TokenBasedRememberMeServices is
 		// unable to construct a valid token in this case.
@@ -173,27 +160,21 @@ public class TokenBasedRememberMeServices extends AbstractRememberMeServices {
 			this.logger.debug("Unable to retrieve username");
 			return;
 		}
-
 		if (!StringUtils.hasLength(password)) {
 			UserDetails user = getUserDetailsService().loadUserByUsername(username);
 			password = user.getPassword();
-
 			if (!StringUtils.hasLength(password)) {
 				this.logger.debug("Unable to obtain password for user: " + username);
 				return;
 			}
 		}
-
 		int tokenLifetime = calculateLoginLifetime(request, successfulAuthentication);
 		long expiryTime = System.currentTimeMillis();
 		// SEC-949
 		expiryTime += 1000L * ((tokenLifetime < 0) ? TWO_WEEKS_S : tokenLifetime);
-
 		String signatureValue = makeTokenSignature(expiryTime, username, password);
-
 		setCookie(new String[] { username, Long.toString(expiryTime), signatureValue }, tokenLifetime, request,
 				response);
-
 		if (this.logger.isDebugEnabled()) {
 			this.logger.debug(
 					"Added remember-me cookie for user '" + username + "', expiry: '" + new Date(expiryTime) + "'");
@@ -223,21 +204,17 @@ public class TokenBasedRememberMeServices extends AbstractRememberMeServices {
 		if (isInstanceOfUserDetails(authentication)) {
 			return ((UserDetails) authentication.getPrincipal()).getUsername();
 		}
-		else {
-			return authentication.getPrincipal().toString();
-		}
+		return authentication.getPrincipal().toString();
 	}
 
 	protected String retrievePassword(Authentication authentication) {
 		if (isInstanceOfUserDetails(authentication)) {
 			return ((UserDetails) authentication.getPrincipal()).getPassword();
 		}
-		else {
-			if (authentication.getCredentials() == null) {
-				return null;
-			}
+		if (authentication.getCredentials() != null) {
 			return authentication.getCredentials().toString();
 		}
+		return null;
 	}
 
 	private boolean isInstanceOfUserDetails(Authentication authentication) {
@@ -250,15 +227,11 @@ public class TokenBasedRememberMeServices extends AbstractRememberMeServices {
 	private static boolean equals(String expected, String actual) {
 		byte[] expectedBytes = bytesUtf8(expected);
 		byte[] actualBytes = bytesUtf8(actual);
-
 		return MessageDigest.isEqual(expectedBytes, actualBytes);
 	}
 
 	private static byte[] bytesUtf8(String s) {
-		if (s == null) {
-			return null;
-		}
-		return Utf8.encode(s);
+		return (s != null) ? Utf8.encode(s) : null;
 	}
 
 }
diff --git a/web/src/main/java/org/springframework/security/web/authentication/session/AbstractSessionFixationProtectionStrategy.java b/web/src/main/java/org/springframework/security/web/authentication/session/AbstractSessionFixationProtectionStrategy.java
index 5ff51a6131..c4f497bf1b 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/session/AbstractSessionFixationProtectionStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/session/AbstractSessionFixationProtectionStrategy.java
@@ -73,35 +73,26 @@ public abstract class AbstractSessionFixationProtectionStrategy
 	public void onAuthentication(Authentication authentication, HttpServletRequest request,
 			HttpServletResponse response) {
 		boolean hadSessionAlready = request.getSession(false) != null;
-
 		if (!hadSessionAlready && !this.alwaysCreateSession) {
 			// Session fixation isn't a problem if there's no session
-
 			return;
 		}
-
 		// Create new session if necessary
 		HttpSession session = request.getSession();
-
 		if (hadSessionAlready && request.isRequestedSessionIdValid()) {
-
 			String originalSessionId;
 			String newSessionId;
 			Object mutex = WebUtils.getSessionMutex(session);
 			synchronized (mutex) {
 				// We need to migrate to a new session
 				originalSessionId = session.getId();
-
 				session = applySessionFixation(request);
 				newSessionId = session.getId();
 			}
-
 			if (originalSessionId.equals(newSessionId)) {
-				this.logger.warn(
-						"Your servlet container did not change the session ID when a new session was created. You will"
-								+ " not be adequately protected against session-fixation attacks");
+				this.logger.warn("Your servlet container did not change the session ID when a new session "
+						+ "was created. You will not be adequately protected against session-fixation attacks");
 			}
-
 			onSessionChange(originalSessionId, session, authentication);
 		}
 	}
diff --git a/web/src/main/java/org/springframework/security/web/authentication/session/CompositeSessionAuthenticationStrategy.java b/web/src/main/java/org/springframework/security/web/authentication/session/CompositeSessionAuthenticationStrategy.java
index d58303fa46..b1e53ec772 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/session/CompositeSessionAuthenticationStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/session/CompositeSessionAuthenticationStrategy.java
@@ -25,6 +25,7 @@ import javax.servlet.http.HttpSession;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
+import org.springframework.core.log.LogMessage;
 import org.springframework.security.core.Authentication;
 import org.springframework.util.Assert;
 
@@ -63,10 +64,7 @@ public class CompositeSessionAuthenticationStrategy implements SessionAuthentica
 	public CompositeSessionAuthenticationStrategy(List<SessionAuthenticationStrategy> delegateStrategies) {
 		Assert.notEmpty(delegateStrategies, "delegateStrategies cannot be null or empty");
 		for (SessionAuthenticationStrategy strategy : delegateStrategies) {
-			if (strategy == null) {
-				throw new IllegalArgumentException(
-						"delegateStrategies cannot contain null entires. Got " + delegateStrategies);
-			}
+			Assert.notNull(strategy, () -> "delegateStrategies cannot contain null entires. Got " + delegateStrategies);
 		}
 		this.delegateStrategies = delegateStrategies;
 	}
@@ -75,9 +73,7 @@ public class CompositeSessionAuthenticationStrategy implements SessionAuthentica
 	public void onAuthentication(Authentication authentication, HttpServletRequest request,
 			HttpServletResponse response) throws SessionAuthenticationException {
 		for (SessionAuthenticationStrategy delegate : this.delegateStrategies) {
-			if (this.logger.isDebugEnabled()) {
-				this.logger.debug("Delegating to " + delegate);
-			}
+			this.logger.debug(LogMessage.format("Delegating to %s", delegate));
 			delegate.onAuthentication(authentication, request, response);
 		}
 	}
diff --git a/web/src/main/java/org/springframework/security/web/authentication/session/ConcurrentSessionControlAuthenticationStrategy.java b/web/src/main/java/org/springframework/security/web/authentication/session/ConcurrentSessionControlAuthenticationStrategy.java
index e91ad70f07..7e96cf3d75 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/session/ConcurrentSessionControlAuthenticationStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/session/ConcurrentSessionControlAuthenticationStrategy.java
@@ -94,26 +94,19 @@ public class ConcurrentSessionControlAuthenticationStrategy
 	@Override
 	public void onAuthentication(Authentication authentication, HttpServletRequest request,
 			HttpServletResponse response) {
-
-		final List<SessionInformation> sessions = this.sessionRegistry.getAllSessions(authentication.getPrincipal(),
-				false);
-
+		List<SessionInformation> sessions = this.sessionRegistry.getAllSessions(authentication.getPrincipal(), false);
 		int sessionCount = sessions.size();
 		int allowedSessions = getMaximumSessionsForThisUser(authentication);
-
 		if (sessionCount < allowedSessions) {
 			// They haven't got too many login sessions running at present
 			return;
 		}
-
 		if (allowedSessions == -1) {
 			// We permit unlimited logins
 			return;
 		}
-
 		if (sessionCount == allowedSessions) {
 			HttpSession session = request.getSession(false);
-
 			if (session != null) {
 				// Only permit it though if this request is associated with one of the
 				// already registered sessions
@@ -126,7 +119,6 @@ public class ConcurrentSessionControlAuthenticationStrategy
 			// If the session is null, a new one will be created by the parent class,
 			// exceeding the allowed number
 		}
-
 		allowableSessionsExceeded(sessions, allowedSessions, this.sessionRegistry);
 	}
 
@@ -157,7 +149,6 @@ public class ConcurrentSessionControlAuthenticationStrategy
 					this.messages.getMessage("ConcurrentSessionControlAuthenticationStrategy.exceededAllowed",
 							new Object[] { allowableSessions }, "Maximum sessions of {0} for this principal exceeded"));
 		}
-
 		// Determine least recently used sessions, and mark them for invalidation
 		sessions.sort(Comparator.comparing(SessionInformation::getLastRequest));
 		int maximumSessionsExceededBy = sessions.size() - allowableSessions + 1;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/session/SessionFixationProtectionStrategy.java b/web/src/main/java/org/springframework/security/web/authentication/session/SessionFixationProtectionStrategy.java
index cd761c28fe..842ba85b77 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/session/SessionFixationProtectionStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/session/SessionFixationProtectionStrategy.java
@@ -23,6 +23,8 @@ import java.util.Map;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpSession;
 
+import org.springframework.core.log.LogMessage;
+
 /**
  * Uses {@code HttpServletRequest.invalidate()} to protect against session fixation
  * attacks.
@@ -82,21 +84,13 @@ public class SessionFixationProtectionStrategy extends AbstractSessionFixationPr
 	final HttpSession applySessionFixation(HttpServletRequest request) {
 		HttpSession session = request.getSession();
 		String originalSessionId = session.getId();
-		if (this.logger.isDebugEnabled()) {
-			this.logger.debug("Invalidating session with Id '" + originalSessionId + "' "
-					+ (this.migrateSessionAttributes ? "and" : "without") + " migrating attributes.");
-		}
-
+		this.logger.debug(LogMessage.of(() -> "Invalidating session with Id '" + originalSessionId + "' "
+				+ (this.migrateSessionAttributes ? "and" : "without") + " migrating attributes."));
 		Map<String, Object> attributesToMigrate = extractAttributes(session);
 		int maxInactiveIntervalToMigrate = session.getMaxInactiveInterval();
-
 		session.invalidate();
 		session = request.getSession(true); // we now have a new session
-
-		if (this.logger.isDebugEnabled()) {
-			this.logger.debug("Started new session: " + session.getId());
-		}
-
+		this.logger.debug(LogMessage.format("Started new session: %s", session.getId()));
 		transferAttributes(attributesToMigrate, session);
 		if (this.migrateSessionAttributes) {
 			session.setMaxInactiveInterval(maxInactiveIntervalToMigrate);
@@ -111,27 +105,22 @@ public class SessionFixationProtectionStrategy extends AbstractSessionFixationPr
 	 */
 	void transferAttributes(Map<String, Object> attributes, HttpSession newSession) {
 		if (attributes != null) {
-			for (Map.Entry<String, Object> entry : attributes.entrySet()) {
-				newSession.setAttribute(entry.getKey(), entry.getValue());
-			}
+			attributes.forEach(newSession::setAttribute);
 		}
 	}
 
 	@SuppressWarnings("unchecked")
 	private HashMap<String, Object> createMigratedAttributeMap(HttpSession session) {
 		HashMap<String, Object> attributesToMigrate = new HashMap<>();
-
-		Enumeration enumer = session.getAttributeNames();
-
-		while (enumer.hasMoreElements()) {
-			String key = (String) enumer.nextElement();
+		Enumeration<String> enumeration = session.getAttributeNames();
+		while (enumeration.hasMoreElements()) {
+			String key = enumeration.nextElement();
 			if (!this.migrateSessionAttributes && !key.startsWith("SPRING_SECURITY_")) {
 				// Only retain Spring Security attributes
 				continue;
 			}
 			attributesToMigrate.put(key, session.getAttribute(key));
 		}
-
 		return attributesToMigrate;
 	}
 
diff --git a/web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilter.java b/web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilter.java
index 58e1e4fb44..6fff566ed7 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilter.java
@@ -34,6 +34,7 @@ import org.springframework.context.ApplicationEventPublisherAware;
 import org.springframework.context.MessageSource;
 import org.springframework.context.MessageSourceAware;
 import org.springframework.context.support.MessageSourceAccessor;
+import org.springframework.core.log.LogMessage;
 import org.springframework.security.authentication.AccountExpiredException;
 import org.springframework.security.authentication.AccountStatusUserDetailsChecker;
 import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
@@ -149,7 +150,6 @@ public class SwitchUserFilter extends GenericFilterBean implements ApplicationEv
 			Assert.isNull(this.successHandler, "You cannot set both successHandler and targetUrl");
 			this.successHandler = new SimpleUrlAuthenticationSuccessHandler(this.targetUrl);
 		}
-
 		if (this.failureHandler == null) {
 			this.failureHandler = (this.switchFailureUrl != null)
 					? new SimpleUrlAuthenticationFailureHandler(this.switchFailureUrl)
@@ -161,20 +161,20 @@ public class SwitchUserFilter extends GenericFilterBean implements ApplicationEv
 	}
 
 	@Override
-	public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
+	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
 			throws IOException, ServletException {
-		HttpServletRequest request = (HttpServletRequest) req;
-		HttpServletResponse response = (HttpServletResponse) res;
+		doFilter((HttpServletRequest) request, (HttpServletResponse) response, chain);
+	}
 
+	private void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
+			throws IOException, ServletException {
 		// check for switch or exit request
 		if (requiresSwitchUser(request)) {
 			// if set, attempt switch and store original
 			try {
 				Authentication targetUser = attemptSwitchUser(request);
-
 				// update the current context to the new target user
 				SecurityContextHolder.getContext().setAuthentication(targetUser);
-
 				// redirect to target url
 				this.successHandler.onAuthenticationSuccess(request, response, targetUser);
 			}
@@ -182,22 +182,17 @@ public class SwitchUserFilter extends GenericFilterBean implements ApplicationEv
 				this.logger.debug("Switch User failed", ex);
 				this.failureHandler.onAuthenticationFailure(request, response, ex);
 			}
-
 			return;
 		}
-		else if (requiresExitUser(request)) {
+		if (requiresExitUser(request)) {
 			// get the original authentication object (if exists)
 			Authentication originalUser = attemptExitUser(request);
-
 			// update the current context back to the original user
 			SecurityContextHolder.getContext().setAuthentication(originalUser);
-
 			// redirect to target url
 			this.successHandler.onAuthenticationSuccess(request, response, originalUser);
-
 			return;
 		}
-
 		chain.doFilter(request, response);
 	}
 
@@ -214,33 +209,19 @@ public class SwitchUserFilter extends GenericFilterBean implements ApplicationEv
 	 */
 	protected Authentication attemptSwitchUser(HttpServletRequest request) throws AuthenticationException {
 		UsernamePasswordAuthenticationToken targetUserRequest;
-
 		String username = request.getParameter(this.usernameParameter);
-
-		if (username == null) {
-			username = "";
-		}
-
-		if (this.logger.isDebugEnabled()) {
-			this.logger.debug("Attempt to switch to user [" + username + "]");
-		}
-
+		username = (username != null) ? username : "";
+		this.logger.debug(LogMessage.format("Attempt to switch to user [%s]", username));
 		UserDetails targetUser = this.userDetailsService.loadUserByUsername(username);
 		this.userDetailsChecker.check(targetUser);
-
 		// OK, create the switch user token
 		targetUserRequest = createSwitchUserToken(request, targetUser);
-
-		if (this.logger.isDebugEnabled()) {
-			this.logger.debug("Switch User Token [" + targetUserRequest + "]");
-		}
-
+		this.logger.debug(LogMessage.format("Switch User Token [%s]", targetUserRequest));
 		// publish event
 		if (this.eventPublisher != null) {
 			this.eventPublisher.publishEvent(new AuthenticationSwitchUserEvent(
 					SecurityContextHolder.getContext().getAuthentication(), targetUser));
 		}
-
 		return targetUserRequest;
 	}
 
@@ -256,35 +237,28 @@ public class SwitchUserFilter extends GenericFilterBean implements ApplicationEv
 			throws AuthenticationCredentialsNotFoundException {
 		// need to check to see if the current user has a SwitchUserGrantedAuthority
 		Authentication current = SecurityContextHolder.getContext().getAuthentication();
-
-		if (null == current) {
+		if (current == null) {
 			throw new AuthenticationCredentialsNotFoundException(this.messages
 					.getMessage("SwitchUserFilter.noCurrentUser", "No current user associated with this request"));
 		}
-
 		// check to see if the current user did actual switch to another user
 		// if so, get the original source user so we can switch back
 		Authentication original = getSourceAuthentication(current);
-
 		if (original == null) {
 			this.logger.debug("Could not find original user Authentication object!");
 			throw new AuthenticationCredentialsNotFoundException(this.messages.getMessage(
 					"SwitchUserFilter.noOriginalAuthentication", "Could not find original Authentication object"));
 		}
-
 		// get the source user details
 		UserDetails originalUser = null;
 		Object obj = original.getPrincipal();
-
 		if ((obj != null) && obj instanceof UserDetails) {
 			originalUser = (UserDetails) obj;
 		}
-
 		// publish event
 		if (this.eventPublisher != null) {
 			this.eventPublisher.publishEvent(new AuthenticationSwitchUserEvent(current, originalUser));
 		}
-
 		return original;
 	}
 
@@ -299,45 +273,38 @@ public class SwitchUserFilter extends GenericFilterBean implements ApplicationEv
 	 */
 	private UsernamePasswordAuthenticationToken createSwitchUserToken(HttpServletRequest request,
 			UserDetails targetUser) {
-
 		UsernamePasswordAuthenticationToken targetUserRequest;
-
 		// grant an additional authority that contains the original Authentication object
 		// which will be used to 'exit' from the current switched user.
-
-		Authentication currentAuth;
-
-		try {
-			// SEC-1763. Check first if we are already switched.
-			currentAuth = attemptExitUser(request);
-		}
-		catch (AuthenticationCredentialsNotFoundException ex) {
-			currentAuth = SecurityContextHolder.getContext().getAuthentication();
-		}
-
-		GrantedAuthority switchAuthority = new SwitchUserGrantedAuthority(this.switchAuthorityRole, currentAuth);
-
+		Authentication currentAuthentication = getCurrentAuthentication(request);
+		GrantedAuthority switchAuthority = new SwitchUserGrantedAuthority(this.switchAuthorityRole,
+				currentAuthentication);
 		// get the original authorities
 		Collection<? extends GrantedAuthority> orig = targetUser.getAuthorities();
-
 		// Allow subclasses to change the authorities to be granted
 		if (this.switchUserAuthorityChanger != null) {
-			orig = this.switchUserAuthorityChanger.modifyGrantedAuthorities(targetUser, currentAuth, orig);
+			orig = this.switchUserAuthorityChanger.modifyGrantedAuthorities(targetUser, currentAuthentication, orig);
 		}
-
 		// add the new switch user authority
 		List<GrantedAuthority> newAuths = new ArrayList<>(orig);
 		newAuths.add(switchAuthority);
-
 		// create the new authentication token
 		targetUserRequest = new UsernamePasswordAuthenticationToken(targetUser, targetUser.getPassword(), newAuths);
-
 		// set details
 		targetUserRequest.setDetails(this.authenticationDetailsSource.buildDetails(request));
-
 		return targetUserRequest;
 	}
 
+	private Authentication getCurrentAuthentication(HttpServletRequest request) {
+		try {
+			// SEC-1763. Check first if we are already switched.
+			return attemptExitUser(request);
+		}
+		catch (AuthenticationCredentialsNotFoundException ex) {
+			return SecurityContextHolder.getContext().getAuthentication();
+		}
+	}
+
 	/**
 	 * Find the original <code>Authentication</code> object from the current user's
 	 * granted authorities. A successfully switched user should have a
@@ -349,10 +316,8 @@ public class SwitchUserFilter extends GenericFilterBean implements ApplicationEv
 	 */
 	private Authentication getSourceAuthentication(Authentication current) {
 		Authentication original = null;
-
 		// iterate over granted authorities and find the 'switch user' authority
 		Collection<? extends GrantedAuthority> authorities = current.getAuthorities();
-
 		for (GrantedAuthority auth : authorities) {
 			// check for switch user type of authority
 			if (auth instanceof SwitchUserGrantedAuthority) {
@@ -360,7 +325,6 @@ public class SwitchUserFilter extends GenericFilterBean implements ApplicationEv
 				this.logger.debug("Found original switch user granted authority [" + original + "]");
 			}
 		}
-
 		return original;
 	}
 
diff --git a/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLoginPageGeneratingFilter.java b/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLoginPageGeneratingFilter.java
index f3c96da440..06f0955c65 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLoginPageGeneratingFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLoginPageGeneratingFilter.java
@@ -112,24 +112,28 @@ public class DefaultLoginPageGeneratingFilter extends GenericFilterBean {
 		this.logoutSuccessUrl = DEFAULT_LOGIN_PAGE_URL + "?logout";
 		this.failureUrl = DEFAULT_LOGIN_PAGE_URL + "?" + ERROR_PARAMETER_NAME;
 		if (authFilter != null) {
-			this.formLoginEnabled = true;
-			this.usernameParameter = authFilter.getUsernameParameter();
-			this.passwordParameter = authFilter.getPasswordParameter();
-
-			if (authFilter.getRememberMeServices() instanceof AbstractRememberMeServices) {
-				this.rememberMeParameter = ((AbstractRememberMeServices) authFilter.getRememberMeServices())
-						.getParameter();
-			}
+			initAuthFilter(authFilter);
 		}
-
 		if (openIDFilter != null) {
-			this.openIdEnabled = true;
-			this.openIDusernameParameter = "openid_identifier";
+			initOpenIdFilter(openIDFilter);
+		}
+	}
 
-			if (openIDFilter.getRememberMeServices() instanceof AbstractRememberMeServices) {
-				this.openIDrememberMeParameter = ((AbstractRememberMeServices) openIDFilter.getRememberMeServices())
-						.getParameter();
-			}
+	private void initAuthFilter(UsernamePasswordAuthenticationFilter authFilter) {
+		this.formLoginEnabled = true;
+		this.usernameParameter = authFilter.getUsernameParameter();
+		this.passwordParameter = authFilter.getPasswordParameter();
+		if (authFilter.getRememberMeServices() instanceof AbstractRememberMeServices) {
+			this.rememberMeParameter = ((AbstractRememberMeServices) authFilter.getRememberMeServices()).getParameter();
+		}
+	}
+
+	private void initOpenIdFilter(AbstractAuthenticationProcessingFilter openIDFilter) {
+		this.openIdEnabled = true;
+		this.openIDusernameParameter = "openid_identifier";
+		if (openIDFilter.getRememberMeServices() instanceof AbstractRememberMeServices) {
+			this.openIDrememberMeParameter = ((AbstractRememberMeServices) openIDFilter.getRememberMeServices())
+					.getParameter();
 		}
 	}
 
@@ -214,11 +218,13 @@ public class DefaultLoginPageGeneratingFilter extends GenericFilterBean {
 	}
 
 	@Override
-	public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
+	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
 			throws IOException, ServletException {
-		HttpServletRequest request = (HttpServletRequest) req;
-		HttpServletResponse response = (HttpServletResponse) res;
+		doFilter((HttpServletRequest) request, (HttpServletResponse) response, chain);
+	}
 
+	private void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
+			throws IOException, ServletException {
 		boolean loginError = isErrorPage(request);
 		boolean logoutSuccess = isLogoutSuccess(request);
 		if (isLoginUrlRequest(request) || loginError || logoutSuccess) {
@@ -226,66 +232,69 @@ public class DefaultLoginPageGeneratingFilter extends GenericFilterBean {
 			response.setContentType("text/html;charset=UTF-8");
 			response.setContentLength(loginPageHtml.getBytes(StandardCharsets.UTF_8).length);
 			response.getWriter().write(loginPageHtml);
-
 			return;
 		}
-
 		chain.doFilter(request, response);
 	}
 
 	private String generateLoginPageHtml(HttpServletRequest request, boolean loginError, boolean logoutSuccess) {
 		String errorMsg = "Invalid credentials";
-
 		if (loginError) {
 			HttpSession session = request.getSession(false);
-
 			if (session != null) {
 				AuthenticationException ex = (AuthenticationException) session
 						.getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
 				errorMsg = (ex != null) ? ex.getMessage() : "Invalid credentials";
 			}
 		}
-
-		StringBuilder sb = new StringBuilder();
-
-		sb.append("<!DOCTYPE html>\n" + "<html lang=\"en\">\n" + "  <head>\n" + "    <meta charset=\"utf-8\">\n"
-				+ "    <meta name=\"viewport\" content=\"width=device-width, initial-scale=1, shrink-to-fit=no\">\n"
-				+ "    <meta name=\"description\" content=\"\">\n" + "    <meta name=\"author\" content=\"\">\n"
-				+ "    <title>Please sign in</title>\n"
-				+ "    <link href=\"https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-/Y6pD6FV/Vv2HJnA6t+vslU6fwYXjCFtcEpHbNJ0lyAFsXTsjBbfaDjzALeQsN6M\" crossorigin=\"anonymous\">\n"
-				+ "    <link href=\"https://getbootstrap.com/docs/4.0/examples/signin/signin.css\" rel=\"stylesheet\" crossorigin=\"anonymous\"/>\n"
-				+ "  </head>\n" + "  <body>\n" + "     <div class=\"container\">\n");
-
 		String contextPath = request.getContextPath();
+		StringBuilder sb = new StringBuilder();
+		sb.append("<!DOCTYPE html>\n");
+		sb.append("<html lang=\"en\">\n");
+		sb.append("  <head>\n");
+		sb.append("    <meta charset=\"utf-8\">\n");
+		sb.append("    <meta name=\"viewport\" content=\"width=device-width, initial-scale=1, shrink-to-fit=no\">\n");
+		sb.append("    <meta name=\"description\" content=\"\">\n");
+		sb.append("    <meta name=\"author\" content=\"\">\n");
+		sb.append("    <title>Please sign in</title>\n");
+		sb.append("    <link href=\"https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta/css/bootstrap.min.css\" "
+				+ "rel=\"stylesheet\" integrity=\"sha384-/Y6pD6FV/Vv2HJnA6t+vslU6fwYXjCFtcEpHbNJ0lyAFsXTsjBbfaDjzALeQsN6M\" crossorigin=\"anonymous\">\n");
+		sb.append("    <link href=\"https://getbootstrap.com/docs/4.0/examples/signin/signin.css\" "
+				+ "rel=\"stylesheet\" crossorigin=\"anonymous\"/>\n");
+		sb.append("  </head>\n");
+		sb.append("  <body>\n");
+		sb.append("     <div class=\"container\">\n");
 		if (this.formLoginEnabled) {
 			sb.append("      <form class=\"form-signin\" method=\"post\" action=\"" + contextPath
-					+ this.authenticationUrl + "\">\n"
-					+ "        <h2 class=\"form-signin-heading\">Please sign in</h2>\n"
-					+ createError(loginError, errorMsg) + createLogoutSuccess(logoutSuccess) + "        <p>\n"
-					+ "          <label for=\"username\" class=\"sr-only\">Username</label>\n"
-					+ "          <input type=\"text\" id=\"username\" name=\"" + this.usernameParameter
-					+ "\" class=\"form-control\" placeholder=\"Username\" required autofocus>\n" + "        </p>\n"
-					+ "        <p>\n" + "          <label for=\"password\" class=\"sr-only\">Password</label>\n"
-					+ "          <input type=\"password\" id=\"password\" name=\"" + this.passwordParameter
-					+ "\" class=\"form-control\" placeholder=\"Password\" required>\n" + "        </p>\n"
-					+ createRememberMe(this.rememberMeParameter) + renderHiddenInputs(request)
-					+ "        <button class=\"btn btn-lg btn-primary btn-block\" type=\"submit\">Sign in</button>\n"
-					+ "      </form>\n");
+					+ this.authenticationUrl + "\">\n");
+			sb.append("        <h2 class=\"form-signin-heading\">Please sign in</h2>\n");
+			sb.append(createError(loginError, errorMsg) + createLogoutSuccess(logoutSuccess) + "        <p>\n");
+			sb.append("          <label for=\"username\" class=\"sr-only\">Username</label>\n");
+			sb.append("          <input type=\"text\" id=\"username\" name=\"" + this.usernameParameter
+					+ "\" class=\"form-control\" placeholder=\"Username\" required autofocus>\n");
+			sb.append("        </p>\n");
+			sb.append("        <p>\n");
+			sb.append("          <label for=\"password\" class=\"sr-only\">Password</label>\n");
+			sb.append("          <input type=\"password\" id=\"password\" name=\"" + this.passwordParameter
+					+ "\" class=\"form-control\" placeholder=\"Password\" required>\n");
+			sb.append("        </p>\n");
+			sb.append(createRememberMe(this.rememberMeParameter) + renderHiddenInputs(request));
+			sb.append("        <button class=\"btn btn-lg btn-primary btn-block\" type=\"submit\">Sign in</button>\n");
+			sb.append("      </form>\n");
 		}
-
 		if (this.openIdEnabled) {
 			sb.append("      <form name=\"oidf\" class=\"form-signin\" method=\"post\" action=\"" + contextPath
-					+ this.openIDauthenticationUrl + "\">\n"
-					+ "        <h2 class=\"form-signin-heading\">Login with OpenID Identity</h2>\n"
-					+ createError(loginError, errorMsg) + createLogoutSuccess(logoutSuccess) + "        <p>\n"
-					+ "          <label for=\"username\" class=\"sr-only\">Identity</label>\n"
-					+ "          <input type=\"text\" id=\"username\" name=\"" + this.openIDusernameParameter
-					+ "\" class=\"form-control\" placeholder=\"Username\" required autofocus>\n" + "        </p>\n"
-					+ createRememberMe(this.openIDrememberMeParameter) + renderHiddenInputs(request)
-					+ "        <button class=\"btn btn-lg btn-primary btn-block\" type=\"submit\">Sign in</button>\n"
-					+ "      </form>\n");
+					+ this.openIDauthenticationUrl + "\">\n");
+			sb.append("        <h2 class=\"form-signin-heading\">Login with OpenID Identity</h2>\n");
+			sb.append(createError(loginError, errorMsg) + createLogoutSuccess(logoutSuccess) + "        <p>\n");
+			sb.append("          <label for=\"username\" class=\"sr-only\">Identity</label>\n");
+			sb.append("          <input type=\"text\" id=\"username\" name=\"" + this.openIDusernameParameter
+					+ "\" class=\"form-control\" placeholder=\"Username\" required autofocus>\n");
+			sb.append("        </p>\n");
+			sb.append(createRememberMe(this.openIDrememberMeParameter) + renderHiddenInputs(request));
+			sb.append("        <button class=\"btn btn-lg btn-primary btn-block\" type=\"submit\">Sign in</button>\n");
+			sb.append("      </form>\n");
 		}
-
 		if (this.oauth2LoginEnabled) {
 			sb.append("<h2 class=\"form-signin-heading\">Login with OAuth 2.0</h2>");
 			sb.append(createError(loginError, errorMsg));
@@ -303,7 +312,6 @@ public class DefaultLoginPageGeneratingFilter extends GenericFilterBean {
 			}
 			sb.append("</table>\n");
 		}
-
 		if (this.saml2LoginEnabled) {
 			sb.append("<h2 class=\"form-signin-heading\">Login with SAML 2.0</h2>");
 			sb.append(createError(loginError, errorMsg));
@@ -323,15 +331,17 @@ public class DefaultLoginPageGeneratingFilter extends GenericFilterBean {
 		}
 		sb.append("</div>\n");
 		sb.append("</body></html>");
-
 		return sb.toString();
 	}
 
 	private String renderHiddenInputs(HttpServletRequest request) {
 		StringBuilder sb = new StringBuilder();
 		for (Map.Entry<String, String> input : this.resolveHiddenInputs.apply(request).entrySet()) {
-			sb.append("<input name=\"").append(input.getKey()).append("\" type=\"hidden\" value=\"")
-					.append(input.getValue()).append("\" />\n");
+			sb.append("<input name=\"");
+			sb.append(input.getKey());
+			sb.append("\" type=\"hidden\" value=\"");
+			sb.append(input.getValue());
+			sb.append("\" />\n");
 		}
 		return sb.toString();
 	}
@@ -356,13 +366,17 @@ public class DefaultLoginPageGeneratingFilter extends GenericFilterBean {
 	}
 
 	private static String createError(boolean isError, String message) {
-		return isError ? "<div class=\"alert alert-danger\" role=\"alert\">" + HtmlUtils.htmlEscape(message) + "</div>"
-				: "";
+		if (!isError) {
+			return "";
+		}
+		return "<div class=\"alert alert-danger\" role=\"alert\">" + HtmlUtils.htmlEscape(message) + "</div>";
 	}
 
 	private static String createLogoutSuccess(boolean isLogoutSuccess) {
-		return isLogoutSuccess ? "<div class=\"alert alert-success\" role=\"alert\">You have been signed out</div>"
-				: "";
+		if (!isLogoutSuccess) {
+			return "";
+		}
+		return "<div class=\"alert alert-success\" role=\"alert\">You have been signed out</div>";
 	}
 
 	private boolean matches(HttpServletRequest request, String url) {
@@ -371,20 +385,16 @@ public class DefaultLoginPageGeneratingFilter extends GenericFilterBean {
 		}
 		String uri = request.getRequestURI();
 		int pathParamIndex = uri.indexOf(';');
-
 		if (pathParamIndex > 0) {
 			// strip everything after the first semi-colon
 			uri = uri.substring(0, pathParamIndex);
 		}
-
 		if (request.getQueryString() != null) {
 			uri += "?" + request.getQueryString();
 		}
-
 		if ("".equals(request.getContextPath())) {
 			return uri.equals(url);
 		}
-
 		return uri.equals(request.getContextPath() + url);
 	}
 
diff --git a/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLogoutPageGeneratingFilter.java b/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLogoutPageGeneratingFilter.java
index 7dae48a336..84f6cde296 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLogoutPageGeneratingFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLogoutPageGeneratingFilter.java
@@ -55,21 +55,34 @@ public class DefaultLogoutPageGeneratingFilter extends OncePerRequestFilter {
 	}
 
 	private void renderLogout(HttpServletRequest request, HttpServletResponse response) throws IOException {
-		String page = "<!DOCTYPE html>\n" + "<html lang=\"en\">\n" + "  <head>\n" + "    <meta charset=\"utf-8\">\n"
-				+ "    <meta name=\"viewport\" content=\"width=device-width, initial-scale=1, shrink-to-fit=no\">\n"
-				+ "    <meta name=\"description\" content=\"\">\n" + "    <meta name=\"author\" content=\"\">\n"
-				+ "    <title>Confirm Log Out?</title>\n"
-				+ "    <link href=\"https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-/Y6pD6FV/Vv2HJnA6t+vslU6fwYXjCFtcEpHbNJ0lyAFsXTsjBbfaDjzALeQsN6M\" crossorigin=\"anonymous\">\n"
-				+ "    <link href=\"https://getbootstrap.com/docs/4.0/examples/signin/signin.css\" rel=\"stylesheet\" crossorigin=\"anonymous\"/>\n"
-				+ "  </head>\n" + "  <body>\n" + "     <div class=\"container\">\n"
-				+ "      <form class=\"form-signin\" method=\"post\" action=\"" + request.getContextPath()
-				+ "/logout\">\n" + "        <h2 class=\"form-signin-heading\">Are you sure you want to log out?</h2>\n"
-				+ renderHiddenInputs(request)
-				+ "        <button class=\"btn btn-lg btn-primary btn-block\" type=\"submit\">Log Out</button>\n"
-				+ "      </form>\n" + "    </div>\n" + "  </body>\n" + "</html>";
-
+		StringBuilder sb = new StringBuilder();
+		sb.append("<!DOCTYPE html>\n");
+		sb.append("<html lang=\"en\">\n");
+		sb.append("  <head>\n");
+		sb.append("    <meta charset=\"utf-8\">\n");
+		sb.append("    <meta name=\"viewport\" content=\"width=device-width, initial-scale=1, shrink-to-fit=no\">\n");
+		sb.append("    <meta name=\"description\" content=\"\">\n");
+		sb.append("    <meta name=\"author\" content=\"\">\n");
+		sb.append("    <title>Confirm Log Out?</title>\n");
+		sb.append("    <link href=\"https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta/css/bootstrap.min.css\" "
+				+ "rel=\"stylesheet\" integrity=\"sha384-/Y6pD6FV/Vv2HJnA6t+vslU6fwYXjCFtcEpHbNJ0lyAFsXTsjBbfaDjzALeQsN6M\" "
+				+ "crossorigin=\"anonymous\">\n");
+		sb.append("    <link href=\"https://getbootstrap.com/docs/4.0/examples/signin/signin.css\" "
+				+ "rel=\"stylesheet\" crossorigin=\"anonymous\"/>\n");
+		sb.append("  </head>\n");
+		sb.append("  <body>\n");
+		sb.append("     <div class=\"container\">\n");
+		sb.append("      <form class=\"form-signin\" method=\"post\" action=\"" + request.getContextPath()
+				+ "/logout\">\n");
+		sb.append("        <h2 class=\"form-signin-heading\">Are you sure you want to log out?</h2>\n");
+		sb.append(renderHiddenInputs(request)
+				+ "        <button class=\"btn btn-lg btn-primary btn-block\" type=\"submit\">Log Out</button>\n");
+		sb.append("      </form>\n");
+		sb.append("    </div>\n");
+		sb.append("  </body>\n");
+		sb.append("</html>");
 		response.setContentType("text/html;charset=UTF-8");
-		response.getWriter().write(page);
+		response.getWriter().write(sb.toString());
 	}
 
 	/**
@@ -86,8 +99,11 @@ public class DefaultLogoutPageGeneratingFilter extends OncePerRequestFilter {
 	private String renderHiddenInputs(HttpServletRequest request) {
 		StringBuilder sb = new StringBuilder();
 		for (Map.Entry<String, String> input : this.resolveHiddenInputs.apply(request).entrySet()) {
-			sb.append("<input name=\"").append(input.getKey()).append("\" type=\"hidden\" value=\"")
-					.append(input.getValue()).append("\" />\n");
+			sb.append("<input name=\"");
+			sb.append(input.getKey());
+			sb.append("\" type=\"hidden\" value=\"");
+			sb.append(input.getValue());
+			sb.append("\" />\n");
 		}
 		return sb.toString();
 	}
diff --git a/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationConverter.java b/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationConverter.java
index fdbbb743bf..2e39a67624 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationConverter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationConverter.java
@@ -80,29 +80,17 @@ public class BasicAuthenticationConverter implements AuthenticationConverter {
 		if (header == null) {
 			return null;
 		}
-
 		header = header.trim();
 		if (!StringUtils.startsWithIgnoreCase(header, AUTHENTICATION_SCHEME_BASIC)) {
 			return null;
 		}
-
 		if (header.equalsIgnoreCase(AUTHENTICATION_SCHEME_BASIC)) {
 			throw new BadCredentialsException("Empty basic authentication token");
 		}
-
 		byte[] base64Token = header.substring(6).getBytes(StandardCharsets.UTF_8);
-		byte[] decoded;
-		try {
-			decoded = Base64.getDecoder().decode(base64Token);
-		}
-		catch (IllegalArgumentException ex) {
-			throw new BadCredentialsException("Failed to decode basic authentication token");
-		}
-
+		byte[] decoded = decode(base64Token);
 		String token = new String(decoded, getCredentialsCharset(request));
-
 		int delim = token.indexOf(":");
-
 		if (delim == -1) {
 			throw new BadCredentialsException("Invalid basic authentication token");
 		}
@@ -112,6 +100,15 @@ public class BasicAuthenticationConverter implements AuthenticationConverter {
 		return result;
 	}
 
+	private byte[] decode(byte[] base64Token) {
+		try {
+			return Base64.getDecoder().decode(base64Token);
+		}
+		catch (IllegalArgumentException ex) {
+			throw new BadCredentialsException("Failed to decode basic authentication token");
+		}
+	}
+
 	protected Charset getCredentialsCharset(HttpServletRequest request) {
 		return getCredentialsCharset();
 	}
diff --git a/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilter.java b/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilter.java
index 620179bebe..199eb1d429 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilter.java
@@ -24,6 +24,7 @@ import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.springframework.core.log.LogMessage;
 import org.springframework.security.authentication.AnonymousAuthenticationToken;
 import org.springframework.security.authentication.AuthenticationDetailsSource;
 import org.springframework.security.authentication.AuthenticationManager;
@@ -132,7 +133,6 @@ public class BasicAuthenticationFilter extends OncePerRequestFilter {
 	@Override
 	public void afterPropertiesSet() {
 		Assert.notNull(this.authenticationManager, "An AuthenticationManager is required");
-
 		if (!isIgnoreFailure()) {
 			Assert.notNull(this.authenticationEntryPoint, "An AuthenticationEntryPoint is required");
 		}
@@ -141,53 +141,34 @@ public class BasicAuthenticationFilter extends OncePerRequestFilter {
 	@Override
 	protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
 			throws IOException, ServletException {
-		final boolean debug = this.logger.isDebugEnabled();
 		try {
 			UsernamePasswordAuthenticationToken authRequest = this.authenticationConverter.convert(request);
 			if (authRequest == null) {
 				chain.doFilter(request, response);
 				return;
 			}
-
 			String username = authRequest.getName();
-
-			if (debug) {
-				this.logger.debug("Basic Authentication Authorization header found for user '" + username + "'");
-			}
-
+			this.logger.debug(
+					LogMessage.format("Basic Authentication Authorization header found for user '%s'", username));
 			if (authenticationIsRequired(username)) {
 				Authentication authResult = this.authenticationManager.authenticate(authRequest);
-
-				if (debug) {
-					this.logger.debug("Authentication success: " + authResult);
-				}
-
+				this.logger.debug(LogMessage.format("Authentication success: %s", authResult));
 				SecurityContextHolder.getContext().setAuthentication(authResult);
-
 				this.rememberMeServices.loginSuccess(request, response, authResult);
-
 				onSuccessfulAuthentication(request, response, authResult);
 			}
-
 		}
-		catch (AuthenticationException failed) {
+		catch (AuthenticationException ex) {
 			SecurityContextHolder.clearContext();
-
-			if (debug) {
-				this.logger.debug("Authentication request for failed!", failed);
-			}
-
+			this.logger.debug("Authentication request for failed!", ex);
 			this.rememberMeServices.loginFail(request, response);
-
-			onUnsuccessfulAuthentication(request, response, failed);
-
+			onUnsuccessfulAuthentication(request, response, ex);
 			if (this.ignoreFailure) {
 				chain.doFilter(request, response);
 			}
 			else {
-				this.authenticationEntryPoint.commence(request, response, failed);
+				this.authenticationEntryPoint.commence(request, response, ex);
 			}
-
 			return;
 		}
 
@@ -196,40 +177,26 @@ public class BasicAuthenticationFilter extends OncePerRequestFilter {
 
 	private boolean authenticationIsRequired(String username) {
 		// Only reauthenticate if username doesn't match SecurityContextHolder and user
-		// isn't authenticated
-		// (see SEC-53)
+		// isn't authenticated (see SEC-53)
 		Authentication existingAuth = SecurityContextHolder.getContext().getAuthentication();
-
 		if (existingAuth == null || !existingAuth.isAuthenticated()) {
 			return true;
 		}
-
 		// Limit username comparison to providers which use usernames (ie
-		// UsernamePasswordAuthenticationToken)
-		// (see SEC-348)
-
+		// UsernamePasswordAuthenticationToken) (see SEC-348)
 		if (existingAuth instanceof UsernamePasswordAuthenticationToken && !existingAuth.getName().equals(username)) {
 			return true;
 		}
-
 		// Handle unusual condition where an AnonymousAuthenticationToken is already
-		// present
-		// This shouldn't happen very often, as BasicProcessingFitler is meant to be
-		// earlier in the filter
-		// chain than AnonymousAuthenticationFilter. Nevertheless, presence of both an
-		// AnonymousAuthenticationToken
-		// together with a BASIC authentication request header should indicate
-		// reauthentication using the
+		// present. This shouldn't happen very often, as BasicProcessingFitler is meant to
+		// be earlier in the filter chain than AnonymousAuthenticationFilter.
+		// Nevertheless, presence of both an AnonymousAuthenticationToken together with a
+		// BASIC authentication request header should indicate reauthentication using the
 		// BASIC protocol is desirable. This behaviour is also consistent with that
-		// provided by form and digest,
-		// both of which force re-authentication if the respective header is detected (and
-		// in doing so replace
-		// any existing AnonymousAuthenticationToken). See SEC-610.
-		if (existingAuth instanceof AnonymousAuthenticationToken) {
-			return true;
-		}
-
-		return false;
+		// provided by form and digest, both of which force re-authentication if the
+		// respective header is detected (and in doing so replace/ any existing
+		// AnonymousAuthenticationToken). See SEC-610.
+		return (existingAuth instanceof AnonymousAuthenticationToken);
 	}
 
 	protected void onSuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response,
diff --git a/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthUtils.java b/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthUtils.java
index 506dd648dd..a3621e4225 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthUtils.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthUtils.java
@@ -44,18 +44,14 @@ final class DigestAuthUtils {
 		if (str == null) {
 			return null;
 		}
-
 		int len = str.length();
-
 		if (len == 0) {
 			return EMPTY_STRING_ARRAY;
 		}
-
 		List<String> list = new ArrayList<>();
 		int i = 0;
 		int start = 0;
 		boolean match = false;
-
 		while (i < len) {
 			if (str.charAt(i) == '"') {
 				i++;
@@ -83,7 +79,6 @@ final class DigestAuthUtils {
 		if (match) {
 			list.add(str.substring(start, i));
 		}
-
 		return list.toArray(new String[0]);
 	}
 
@@ -108,32 +103,19 @@ final class DigestAuthUtils {
 	static String generateDigest(boolean passwordAlreadyEncoded, String username, String realm, String password,
 			String httpMethod, String uri, String qop, String nonce, String nc, String cnonce)
 			throws IllegalArgumentException {
-		String a1Md5;
 		String a2 = httpMethod + ":" + uri;
+		String a1Md5 = (!passwordAlreadyEncoded) ? DigestAuthUtils.encodePasswordInA1Format(username, realm, password)
+				: password;
 		String a2Md5 = md5Hex(a2);
-
-		if (passwordAlreadyEncoded) {
-			a1Md5 = password;
-		}
-		else {
-			a1Md5 = DigestAuthUtils.encodePasswordInA1Format(username, realm, password);
-		}
-
-		String digest;
-
 		if (qop == null) {
 			// as per RFC 2069 compliant clients (also reaffirmed by RFC 2617)
-			digest = a1Md5 + ":" + nonce + ":" + a2Md5;
+			return md5Hex(a1Md5 + ":" + nonce + ":" + a2Md5);
 		}
-		else if ("auth".equals(qop)) {
+		if ("auth".equals(qop)) {
 			// As per RFC 2617 compliant clients
-			digest = a1Md5 + ":" + nonce + ":" + nc + ":" + cnonce + ":" + qop + ":" + a2Md5;
+			return md5Hex(a1Md5 + ":" + nonce + ":" + nc + ":" + cnonce + ":" + qop + ":" + a2Md5);
 		}
-		else {
-			throw new IllegalArgumentException("This method does not support a qop: '" + qop + "'");
-		}
-
-		return md5Hex(digest);
+		throw new IllegalArgumentException("This method does not support a qop: '" + qop + "'");
 	}
 
 	/**
@@ -157,28 +139,15 @@ final class DigestAuthUtils {
 		if ((array == null) || (array.length == 0)) {
 			return null;
 		}
-
 		Map<String, String> map = new HashMap<>();
-
 		for (String s : array) {
-			String postRemove;
-
-			if (removeCharacters == null) {
-				postRemove = s;
-			}
-			else {
-				postRemove = StringUtils.replace(s, removeCharacters, "");
-			}
-
+			String postRemove = (removeCharacters != null) ? StringUtils.replace(s, removeCharacters, "") : s;
 			String[] splitThisArrayElement = split(postRemove, delimiter);
-
 			if (splitThisArrayElement == null) {
 				continue;
 			}
-
 			map.put(splitThisArrayElement[0].trim(), splitThisArrayElement[1].trim());
 		}
-
 		return map;
 	}
 
@@ -196,33 +165,24 @@ final class DigestAuthUtils {
 	static String[] split(String toSplit, String delimiter) {
 		Assert.hasLength(toSplit, "Cannot split a null or empty string");
 		Assert.hasLength(delimiter, "Cannot use a null or empty delimiter to split a string");
-
-		if (delimiter.length() != 1) {
-			throw new IllegalArgumentException("Delimiter can only be one character in length");
-		}
-
+		Assert.isTrue(delimiter.length() == 1, "Delimiter can only be one character in length");
 		int offset = toSplit.indexOf(delimiter);
-
 		if (offset < 0) {
 			return null;
 		}
-
 		String beforeDelimiter = toSplit.substring(0, offset);
 		String afterDelimiter = toSplit.substring(offset + 1);
-
 		return new String[] { beforeDelimiter, afterDelimiter };
 	}
 
 	static String md5Hex(String data) {
-		MessageDigest digest;
 		try {
-			digest = MessageDigest.getInstance("MD5");
+			MessageDigest digest = MessageDigest.getInstance("MD5");
+			return new String(Hex.encode(digest.digest(data.getBytes())));
 		}
 		catch (NoSuchAlgorithmException ex) {
 			throw new IllegalStateException("No MD5 algorithm available!");
 		}
-
-		return new String(Hex.encode(digest.digest(data.getBytes())));
 	}
 
 }
diff --git a/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthenticationEntryPoint.java b/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthenticationEntryPoint.java
index 6fe4b6b4e5..ac547cabb5 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthenticationEntryPoint.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthenticationEntryPoint.java
@@ -27,9 +27,11 @@ import org.apache.commons.logging.LogFactory;
 
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.core.Ordered;
+import org.springframework.core.log.LogMessage;
 import org.springframework.http.HttpStatus;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.web.AuthenticationEntryPoint;
+import org.springframework.util.Assert;
 
 /**
  * Used by the <code>SecurityEnforcementFilter</code> to commence authentication via the
@@ -68,44 +70,30 @@ public class DigestAuthenticationEntryPoint implements AuthenticationEntryPoint,
 
 	@Override
 	public void afterPropertiesSet() {
-		if ((this.realmName == null) || "".equals(this.realmName)) {
-			throw new IllegalArgumentException("realmName must be specified");
-		}
-
-		if ((this.key == null) || "".equals(this.key)) {
-			throw new IllegalArgumentException("key must be specified");
-		}
+		Assert.hasLength(this.realmName, "realmName must be specified");
+		Assert.hasLength(this.key, "key must be specified");
 	}
 
 	@Override
 	public void commence(HttpServletRequest request, HttpServletResponse response,
 			AuthenticationException authException) throws IOException {
-		HttpServletResponse httpResponse = response;
-
-		// compute a nonce (do not use remote IP address due to proxy farms)
-		// format of nonce is:
-		// base64(expirationTime + ":" + md5Hex(expirationTime + ":" + key))
+		// compute a nonce (do not use remote IP address due to proxy farms) format of
+		// nonce is: base64(expirationTime + ":" + md5Hex(expirationTime + ":" + key))
 		long expiryTime = System.currentTimeMillis() + (this.nonceValiditySeconds * 1000);
 		String signatureValue = DigestAuthUtils.md5Hex(expiryTime + ":" + this.key);
 		String nonceValue = expiryTime + ":" + signatureValue;
 		String nonceValueBase64 = new String(Base64.getEncoder().encode(nonceValue.getBytes()));
-
-		// qop is quality of protection, as defined by RFC 2617.
-		// we do not use opaque due to IE violation of RFC 2617 in not
-		// representing opaque on subsequent requests in same session.
+		// qop is quality of protection, as defined by RFC 2617. We do not use opaque due
+		// to IE violation of RFC 2617 in not representing opaque on subsequent requests
+		// in same session.
 		String authenticateHeader = "Digest realm=\"" + this.realmName + "\", " + "qop=\"auth\", nonce=\""
 				+ nonceValueBase64 + "\"";
-
 		if (authException instanceof NonceExpiredException) {
 			authenticateHeader = authenticateHeader + ", stale=\"true\"";
 		}
-
-		if (logger.isDebugEnabled()) {
-			logger.debug("WWW-Authenticate header sent to user agent: " + authenticateHeader);
-		}
-
-		httpResponse.addHeader("WWW-Authenticate", authenticateHeader);
-		httpResponse.sendError(HttpStatus.UNAUTHORIZED.value(), HttpStatus.UNAUTHORIZED.getReasonPhrase());
+		logger.debug(LogMessage.format("WWW-Authenticate header sent to user agent: %s", authenticateHeader));
+		response.addHeader("WWW-Authenticate", authenticateHeader);
+		response.sendError(HttpStatus.UNAUTHORIZED.value(), HttpStatus.UNAUTHORIZED.getReasonPhrase());
 	}
 
 	public String getKey() {
diff --git a/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilter.java b/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilter.java
index abda070507..12cc3af722 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilter.java
@@ -33,6 +33,7 @@ import org.apache.commons.logging.LogFactory;
 import org.springframework.context.MessageSource;
 import org.springframework.context.MessageSourceAware;
 import org.springframework.context.support.MessageSourceAccessor;
+import org.springframework.core.log.LogMessage;
 import org.springframework.security.authentication.AuthenticationDetailsSource;
 import org.springframework.security.authentication.AuthenticationServiceException;
 import org.springframework.security.authentication.BadCredentialsException;
@@ -112,136 +113,105 @@ public class DigestAuthenticationFilter extends GenericFilterBean implements Mes
 	}
 
 	@Override
-	public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
+	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
 			throws IOException, ServletException {
-		HttpServletRequest request = (HttpServletRequest) req;
-		HttpServletResponse response = (HttpServletResponse) res;
+		doFilter((HttpServletRequest) request, (HttpServletResponse) response, chain);
+	}
 
+	private void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
+			throws IOException, ServletException {
 		String header = request.getHeader("Authorization");
-
 		if (header == null || !header.startsWith("Digest ")) {
 			chain.doFilter(request, response);
-
 			return;
 		}
-
-		if (logger.isDebugEnabled()) {
-			logger.debug("Digest Authorization header received from user agent: " + header);
-		}
-
+		logger.debug(LogMessage.format("Digest Authorization header received from user agent: %s", header));
 		DigestData digestAuth = new DigestData(header);
-
 		try {
 			digestAuth.validateAndDecode(this.authenticationEntryPoint.getKey(),
 					this.authenticationEntryPoint.getRealmName());
 		}
 		catch (BadCredentialsException ex) {
 			fail(request, response, ex);
-
 			return;
 		}
-
-		// Lookup password for presented username
-		// NB: DAO-provided password MUST be clear text - not encoded/salted
-		// (unless this instance's passwordAlreadyEncoded property is 'false')
+		// Lookup password for presented username. N.B. DAO-provided password MUST be
+		// clear text - not encoded/salted (unless this instance's passwordAlreadyEncoded
+		// property is 'false')
 		boolean cacheWasUsed = true;
 		UserDetails user = this.userCache.getUserFromCache(digestAuth.getUsername());
 		String serverDigestMd5;
-
 		try {
 			if (user == null) {
 				cacheWasUsed = false;
 				user = this.userDetailsService.loadUserByUsername(digestAuth.getUsername());
-
 				if (user == null) {
 					throw new AuthenticationServiceException(
 							"AuthenticationDao returned null, which is an interface contract violation");
 				}
-
 				this.userCache.putUserInCache(user);
 			}
-
 			serverDigestMd5 = digestAuth.calculateServerDigest(user.getPassword(), request.getMethod());
-
 			// If digest is incorrect, try refreshing from backend and recomputing
 			if (!serverDigestMd5.equals(digestAuth.getResponse()) && cacheWasUsed) {
-				if (logger.isDebugEnabled()) {
-					logger.debug(
-							"Digest comparison failure; trying to refresh user from DAO in case password had changed");
-				}
-
+				logger.debug("Digest comparison failure; trying to refresh user from DAO in case password had changed");
 				user = this.userDetailsService.loadUserByUsername(digestAuth.getUsername());
 				this.userCache.putUserInCache(user);
 				serverDigestMd5 = digestAuth.calculateServerDigest(user.getPassword(), request.getMethod());
 			}
-
 		}
-		catch (UsernameNotFoundException notFound) {
-			fail(request, response,
-					new BadCredentialsException(this.messages.getMessage("DigestAuthenticationFilter.usernameNotFound",
-							new Object[] { digestAuth.getUsername() }, "Username {0} not found")));
-
+		catch (UsernameNotFoundException ex) {
+			String message = this.messages.getMessage("DigestAuthenticationFilter.usernameNotFound",
+					new Object[] { digestAuth.getUsername() }, "Username {0} not found");
+			fail(request, response, new BadCredentialsException(message));
 			return;
 		}
-
 		// If digest is still incorrect, definitely reject authentication attempt
 		if (!serverDigestMd5.equals(digestAuth.getResponse())) {
-			if (logger.isDebugEnabled()) {
-				logger.debug("Expected response: '" + serverDigestMd5 + "' but received: '" + digestAuth.getResponse()
-						+ "'; is AuthenticationDao returning clear text passwords?");
-			}
-
-			fail(request, response, new BadCredentialsException(
-					this.messages.getMessage("DigestAuthenticationFilter.incorrectResponse", "Incorrect response")));
+			logger.debug(LogMessage.format(
+					"Expected response: '%s' but received: '%s'; is AuthenticationDao returning clear text passwords?",
+					serverDigestMd5, digestAuth.getResponse()));
+			String message = this.messages.getMessage("DigestAuthenticationFilter.incorrectResponse",
+					"Incorrect response");
+			fail(request, response, new BadCredentialsException(message));
 			return;
 		}
-
 		// To get this far, the digest must have been valid
 		// Check the nonce has not expired
 		// We do this last so we can direct the user agent its nonce is stale
 		// but the request was otherwise appearing to be valid
 		if (digestAuth.isNonceExpired()) {
-			fail(request, response, new NonceExpiredException(this.messages
-					.getMessage("DigestAuthenticationFilter.nonceExpired", "Nonce has expired/timed out")));
-
+			String message = this.messages.getMessage("DigestAuthenticationFilter.nonceExpired",
+					"Nonce has expired/timed out");
+			fail(request, response, new NonceExpiredException(message));
 			return;
 		}
-
-		if (logger.isDebugEnabled()) {
-			logger.debug("Authentication success for user: '" + digestAuth.getUsername() + "' with response: '"
-					+ digestAuth.getResponse() + "'");
-		}
-
+		logger.debug(LogMessage.format("Authentication success for user: '%s' with response: '%s'",
+				digestAuth.getUsername(), digestAuth.getResponse()));
 		Authentication authentication = createSuccessfulAuthentication(request, user);
 		SecurityContext context = SecurityContextHolder.createEmptyContext();
 		context.setAuthentication(authentication);
 		SecurityContextHolder.setContext(context);
-
 		chain.doFilter(request, response);
 	}
 
 	private Authentication createSuccessfulAuthentication(HttpServletRequest request, UserDetails user) {
-		UsernamePasswordAuthenticationToken authRequest;
-		if (this.createAuthenticatedToken) {
-			authRequest = new UsernamePasswordAuthenticationToken(user, user.getPassword(), user.getAuthorities());
-		}
-		else {
-			authRequest = new UsernamePasswordAuthenticationToken(user, user.getPassword());
-		}
-
+		UsernamePasswordAuthenticationToken authRequest = getAuthRequest(user);
 		authRequest.setDetails(this.authenticationDetailsSource.buildDetails(request));
-
 		return authRequest;
 	}
 
+	private UsernamePasswordAuthenticationToken getAuthRequest(UserDetails user) {
+		if (this.createAuthenticatedToken) {
+			return new UsernamePasswordAuthenticationToken(user, user.getPassword(), user.getAuthorities());
+		}
+		return new UsernamePasswordAuthenticationToken(user, user.getPassword());
+	}
+
 	private void fail(HttpServletRequest request, HttpServletResponse response, AuthenticationException failed)
 			throws IOException, ServletException {
 		SecurityContextHolder.getContext().setAuthentication(null);
-
-		if (logger.isDebugEnabled()) {
-			logger.debug(failed);
-		}
-
+		logger.debug(failed);
 		this.authenticationEntryPoint.commence(request, response, failed);
 	}
 
@@ -326,7 +296,6 @@ public class DigestAuthenticationFilter extends GenericFilterBean implements Mes
 			this.section212response = header.substring(7);
 			String[] headerEntries = DigestAuthUtils.splitIgnoringQuotes(this.section212response, ',');
 			Map<String, String> headerMap = DigestAuthUtils.splitEachArrayElementAndCreateMap(headerEntries, "=", "\"");
-
 			this.username = headerMap.get("username");
 			this.realm = headerMap.get("realm");
 			this.nonce = headerMap.get("nonce");
@@ -335,11 +304,9 @@ public class DigestAuthenticationFilter extends GenericFilterBean implements Mes
 			this.qop = headerMap.get("qop"); // RFC 2617 extension
 			this.nc = headerMap.get("nc"); // RFC 2617 extension
 			this.cnonce = headerMap.get("cnonce"); // RFC 2617 extension
-
-			if (logger.isDebugEnabled()) {
-				logger.debug("Extracted username: '" + this.username + "'; realm: '" + this.realm + "'; nonce: '"
-						+ this.nonce + "'; uri: '" + this.uri + "'; response: '" + this.response + "'");
-			}
+			logger.debug(
+					LogMessage.format("Extracted username: '%s'; realm: '%s'; nonce: '%s'; uri: '%s'; response: '%s'",
+							this.username, this.realm, this.nonce, this.uri, this.response));
 		}
 
 		void validateAndDecode(String entryPointKey, String expectedRealm) throws BadCredentialsException {
@@ -353,23 +320,18 @@ public class DigestAuthenticationFilter extends GenericFilterBean implements Mes
 			// Check all required parameters for an "auth" qop were supplied (ie RFC 2617)
 			if ("auth".equals(this.qop)) {
 				if ((this.nc == null) || (this.cnonce == null)) {
-					if (logger.isDebugEnabled()) {
-						logger.debug("extracted nc: '" + this.nc + "'; cnonce: '" + this.cnonce + "'");
-					}
-
+					logger.debug(LogMessage.format("extracted nc: '%s'; cnonce: '%s'", this.nc, this.cnonce));
 					throw new BadCredentialsException(DigestAuthenticationFilter.this.messages.getMessage(
 							"DigestAuthenticationFilter.missingAuth", new Object[] { this.section212response },
 							"Missing mandatory digest value; received header {0}"));
 				}
 			}
-
 			// Check realm name equals what we expected
 			if (!expectedRealm.equals(this.realm)) {
 				throw new BadCredentialsException(DigestAuthenticationFilter.this.messages.getMessage(
 						"DigestAuthenticationFilter.incorrectRealm", new Object[] { this.realm, expectedRealm },
 						"Response realm name '{0}' does not match system realm name of '{1}'"));
 			}
-
 			// Check nonce was Base64 encoded (as sent by DigestAuthenticationEntryPoint)
 			try {
 				Base64.getDecoder().decode(this.nonce.getBytes());
@@ -379,21 +341,16 @@ public class DigestAuthenticationFilter extends GenericFilterBean implements Mes
 						DigestAuthenticationFilter.this.messages.getMessage("DigestAuthenticationFilter.nonceEncoding",
 								new Object[] { this.nonce }, "Nonce is not encoded in Base64; received nonce {0}"));
 			}
-
-			// Decode nonce from Base64
-			// format of nonce is:
-			// base64(expirationTime + ":" + md5Hex(expirationTime + ":" + key))
+			// Decode nonce from Base64 format of nonce is: base64(expirationTime + ":" +
+			// md5Hex(expirationTime + ":" + key))
 			String nonceAsPlainText = new String(Base64.getDecoder().decode(this.nonce.getBytes()));
 			String[] nonceTokens = StringUtils.delimitedListToStringArray(nonceAsPlainText, ":");
-
 			if (nonceTokens.length != 2) {
 				throw new BadCredentialsException(DigestAuthenticationFilter.this.messages.getMessage(
 						"DigestAuthenticationFilter.nonceNotTwoTokens", new Object[] { nonceAsPlainText },
 						"Nonce should have yielded two tokens but was {0}"));
 			}
-
 			// Extract expiry time from nonce
-
 			try {
 				this.nonceExpiryTime = new Long(nonceTokens[0]);
 			}
@@ -402,10 +359,8 @@ public class DigestAuthenticationFilter extends GenericFilterBean implements Mes
 						"DigestAuthenticationFilter.nonceNotNumeric", new Object[] { nonceAsPlainText },
 						"Nonce token should have yielded a numeric first token, but was {0}"));
 			}
-
 			// Check signature of nonce matches this expiry time
 			String expectedNonceSignature = DigestAuthUtils.md5Hex(this.nonceExpiryTime + ":" + entryPointKey);
-
 			if (!expectedNonceSignature.equals(nonceTokens[1])) {
 				throw new BadCredentialsException(DigestAuthenticationFilter.this.messages.getMessage(
 						"DigestAuthenticationFilter.nonceCompromised", new Object[] { nonceAsPlainText },
@@ -414,9 +369,8 @@ public class DigestAuthenticationFilter extends GenericFilterBean implements Mes
 		}
 
 		String calculateServerDigest(String password, String httpMethod) {
-			// Compute the expected response-digest (will be in hex form)
-
-			// Don't catch IllegalArgumentException (already checked validity)
+			// Compute the expected response-digest (will be in hex form). Don't catch
+			// IllegalArgumentException (already checked validity)
 			return DigestAuthUtils.generateDigest(DigestAuthenticationFilter.this.passwordAlreadyEncoded, this.username,
 					this.realm, password, httpMethod, this.uri, this.qop, this.nonce, this.nc, this.cnonce);
 		}
diff --git a/web/src/main/java/org/springframework/security/web/bind/support/AuthenticationPrincipalArgumentResolver.java b/web/src/main/java/org/springframework/security/web/bind/support/AuthenticationPrincipalArgumentResolver.java
index fcda61caf1..2ff185989c 100644
--- a/web/src/main/java/org/springframework/security/web/bind/support/AuthenticationPrincipalArgumentResolver.java
+++ b/web/src/main/java/org/springframework/security/web/bind/support/AuthenticationPrincipalArgumentResolver.java
@@ -105,9 +105,7 @@ public final class AuthenticationPrincipalArgumentResolver implements HandlerMet
 			if (authPrincipal.errorOnInvalidType()) {
 				throw new ClassCastException(principal + " is not assignable to " + parameter.getParameterType());
 			}
-			else {
-				return null;
-			}
+			return null;
 		}
 		return principal;
 	}
diff --git a/web/src/main/java/org/springframework/security/web/context/AbstractSecurityWebApplicationInitializer.java b/web/src/main/java/org/springframework/security/web/context/AbstractSecurityWebApplicationInitializer.java
index f722374ab1..2df5c7a2eb 100644
--- a/web/src/main/java/org/springframework/security/web/context/AbstractSecurityWebApplicationInitializer.java
+++ b/web/src/main/java/org/springframework/security/web/context/AbstractSecurityWebApplicationInitializer.java
@@ -173,11 +173,8 @@ public abstract class AbstractSecurityWebApplicationInitializer implements WebAp
 	 */
 	private void registerFilters(ServletContext servletContext, boolean insertBeforeOtherFilters, Filter... filters) {
 		Assert.notEmpty(filters, "filters cannot be null or empty");
-
 		for (Filter filter : filters) {
-			if (filter == null) {
-				throw new IllegalArgumentException("filters cannot contain null values. Got " + Arrays.asList(filters));
-			}
+			Assert.notNull(filter, () -> "filters cannot contain null values. Got " + Arrays.asList(filters));
 			String filterName = Conventions.getVariableName(filter);
 			registerFilter(servletContext, insertBeforeOtherFilters, filterName, filter);
 		}
@@ -195,10 +192,8 @@ public abstract class AbstractSecurityWebApplicationInitializer implements WebAp
 	private void registerFilter(ServletContext servletContext, boolean insertBeforeOtherFilters, String filterName,
 			Filter filter) {
 		Dynamic registration = servletContext.addFilter(filterName, filter);
-		if (registration == null) {
-			throw new IllegalStateException("Duplicate Filter registration for '" + filterName
-					+ "'. Check to ensure the Filter is only configured once.");
-		}
+		Assert.state(registration != null, () -> "Duplicate Filter registration for '" + filterName
+				+ "'. Check to ensure the Filter is only configured once.");
 		registration.setAsyncSupported(isAsyncSecuritySupported());
 		EnumSet<DispatcherType> dispatcherTypes = getSecurityDispatcherTypes();
 		registration.addMappingForUrlPatterns(dispatcherTypes, !insertBeforeOtherFilters, "/*");
diff --git a/web/src/main/java/org/springframework/security/web/context/HttpSessionSecurityContextRepository.java b/web/src/main/java/org/springframework/security/web/context/HttpSessionSecurityContextRepository.java
index c0e9b958a6..e58ad9ef6b 100644
--- a/web/src/main/java/org/springframework/security/web/context/HttpSessionSecurityContextRepository.java
+++ b/web/src/main/java/org/springframework/security/web/context/HttpSessionSecurityContextRepository.java
@@ -28,6 +28,7 @@ import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
 import org.springframework.core.annotation.AnnotationUtils;
+import org.springframework.core.log.LogMessage;
 import org.springframework.security.authentication.AuthenticationTrustResolver;
 import org.springframework.security.authentication.AuthenticationTrustResolverImpl;
 import org.springframework.security.core.Authentication;
@@ -115,24 +116,18 @@ public class HttpSessionSecurityContextRepository implements SecurityContextRepo
 		HttpServletRequest request = requestResponseHolder.getRequest();
 		HttpServletResponse response = requestResponseHolder.getResponse();
 		HttpSession httpSession = request.getSession(false);
-
 		SecurityContext context = readSecurityContextFromSession(httpSession);
-
 		if (context == null) {
-			if (this.logger.isDebugEnabled()) {
-				this.logger.debug("No SecurityContext was available from the HttpSession: " + httpSession + ". "
-						+ "A new one will be created.");
-			}
+			this.logger.debug(LogMessage.format(
+					"No SecurityContext was available from the HttpSession: %s. A new one will be created.",
+					httpSession));
 			context = generateNewContext();
 
 		}
-
 		SaveToSessionResponseWrapper wrappedResponse = new SaveToSessionResponseWrapper(response, request,
 				httpSession != null, context);
 		requestResponseHolder.setResponse(wrappedResponse);
-
 		requestResponseHolder.setRequest(new SaveToSessionRequestWrapper(request, wrappedResponse));
-
 		return context;
 	}
 
@@ -140,13 +135,10 @@ public class HttpSessionSecurityContextRepository implements SecurityContextRepo
 	public void saveContext(SecurityContext context, HttpServletRequest request, HttpServletResponse response) {
 		SaveContextOnUpdateOrErrorResponseWrapper responseWrapper = WebUtils.getNativeResponse(response,
 				SaveContextOnUpdateOrErrorResponseWrapper.class);
-		if (responseWrapper == null) {
-			throw new IllegalStateException("Cannot invoke saveContext on response " + response
-					+ ". You must use the HttpRequestResponseHolder.response after invoking loadContext");
-		}
-		// saveContext() might already be called by the response wrapper
-		// if something in the chain called sendError() or sendRedirect(). This ensures we
-		// only call it
+		Assert.state(responseWrapper != null, () -> "Cannot invoke saveContext on response " + response
+				+ ". You must use the HttpRequestResponseHolder.response after invoking loadContext");
+		// saveContext() might already be called by the response wrapper if something in
+		// the chain called sendError() or sendRedirect(). This ensures we only call it
 		// once per request.
 		if (!responseWrapper.isContextSaved()) {
 			responseWrapper.saveContext(context);
@@ -156,11 +148,9 @@ public class HttpSessionSecurityContextRepository implements SecurityContextRepo
 	@Override
 	public boolean containsContext(HttpServletRequest request) {
 		HttpSession session = request.getSession(false);
-
 		if (session == null) {
 			return false;
 		}
-
 		return session.getAttribute(this.springSecurityContextKey) != null;
 	}
 
@@ -168,47 +158,30 @@ public class HttpSessionSecurityContextRepository implements SecurityContextRepo
 	 * @param httpSession the session obtained from the request.
 	 */
 	private SecurityContext readSecurityContextFromSession(HttpSession httpSession) {
-		final boolean debug = this.logger.isDebugEnabled();
-
 		if (httpSession == null) {
-			if (debug) {
-				this.logger.debug("No HttpSession currently exists");
-			}
-
+			this.logger.debug("No HttpSession currently exists");
 			return null;
 		}
-
 		// Session exists, so try to obtain a context from it.
-
 		Object contextFromSession = httpSession.getAttribute(this.springSecurityContextKey);
-
 		if (contextFromSession == null) {
-			if (debug) {
-				this.logger.debug("HttpSession returned null object for SPRING_SECURITY_CONTEXT");
-			}
-
+			this.logger.debug("HttpSession returned null object for SPRING_SECURITY_CONTEXT");
 			return null;
 		}
 
 		// We now have the security context object from the session.
 		if (!(contextFromSession instanceof SecurityContext)) {
-			if (this.logger.isWarnEnabled()) {
-				this.logger.warn(this.springSecurityContextKey + " did not contain a SecurityContext but contained: '"
-						+ contextFromSession + "'; are you improperly modifying the HttpSession directly "
-						+ "(you should always use SecurityContextHolder) or using the HttpSession attribute "
-						+ "reserved for this class?");
-			}
-
+			this.logger.warn(LogMessage.format(
+					"%s did not contain a SecurityContext but contained: '%s'; are you improperly "
+							+ "modifying the HttpSession directly (you should always use SecurityContextHolder) "
+							+ "or using the HttpSession attribute reserved for this class?",
+					this.springSecurityContextKey, contextFromSession));
 			return null;
 		}
 
-		if (debug) {
-			this.logger.debug("Obtained a valid SecurityContext from " + this.springSecurityContextKey + ": '"
-					+ contextFromSession + "'");
-		}
-
+		this.logger.debug(LogMessage.format("Obtained a valid SecurityContext from %s: '%s'",
+				this.springSecurityContextKey, contextFromSession));
 		// Everything OK. The only non-null return from this method.
-
 		return (SecurityContext) contextFromSession;
 	}
 
@@ -306,6 +279,8 @@ public class HttpSessionSecurityContextRepository implements SecurityContextRepo
 	 */
 	final class SaveToSessionResponseWrapper extends SaveContextOnUpdateOrErrorResponseWrapper {
 
+		private final Log logger = HttpSessionSecurityContextRepository.this.logger;
+
 		private final HttpServletRequest request;
 
 		private final boolean httpSessionExistedAtStartOfRequest;
@@ -349,41 +324,29 @@ public class HttpSessionSecurityContextRepository implements SecurityContextRepo
 		protected void saveContext(SecurityContext context) {
 			final Authentication authentication = context.getAuthentication();
 			HttpSession httpSession = this.request.getSession(false);
-
+			String springSecurityContextKey = HttpSessionSecurityContextRepository.this.springSecurityContextKey;
 			// See SEC-776
 			if (authentication == null
 					|| HttpSessionSecurityContextRepository.this.trustResolver.isAnonymous(authentication)) {
-				if (HttpSessionSecurityContextRepository.this.logger.isDebugEnabled()) {
-					HttpSessionSecurityContextRepository.this.logger.debug(
-							"SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.");
-				}
-
+				this.logger.debug("SecurityContext is empty or contents are anonymous - "
+						+ "context will not be stored in HttpSession.");
 				if (httpSession != null && this.authBeforeExecution != null) {
 					// SEC-1587 A non-anonymous context may still be in the session
 					// SEC-1735 remove if the contextBeforeExecution was not anonymous
-					httpSession.removeAttribute(HttpSessionSecurityContextRepository.this.springSecurityContextKey);
+					httpSession.removeAttribute(springSecurityContextKey);
 				}
 				return;
 			}
-
-			if (httpSession == null) {
-				httpSession = createNewSessionIfAllowed(context);
-			}
-
+			httpSession = (httpSession != null) ? httpSession : createNewSessionIfAllowed(context);
 			// If HttpSession exists, store current SecurityContext but only if it has
 			// actually changed in this thread (see SEC-37, SEC-1307, SEC-1528)
 			if (httpSession != null) {
 				// We may have a new session, so check also whether the context attribute
 				// is set SEC-1561
-				if (contextChanged(context) || httpSession
-						.getAttribute(HttpSessionSecurityContextRepository.this.springSecurityContextKey) == null) {
-					httpSession.setAttribute(HttpSessionSecurityContextRepository.this.springSecurityContextKey,
-							context);
-
-					if (HttpSessionSecurityContextRepository.this.logger.isDebugEnabled()) {
-						HttpSessionSecurityContextRepository.this.logger
-								.debug("SecurityContext '" + context + "' stored to HttpSession: '" + httpSession);
-					}
+				if (contextChanged(context) || httpSession.getAttribute(springSecurityContextKey) == null) {
+					httpSession.setAttribute(springSecurityContextKey, context);
+					this.logger.debug(LogMessage.format("SecurityContext '%s' stored to HttpSession: '%s'", context,
+							httpSession));
 				}
 			}
 		}
@@ -396,56 +359,37 @@ public class HttpSessionSecurityContextRepository implements SecurityContextRepo
 			if (isTransientAuthentication(context.getAuthentication())) {
 				return null;
 			}
-
 			if (this.httpSessionExistedAtStartOfRequest) {
-				if (HttpSessionSecurityContextRepository.this.logger.isDebugEnabled()) {
-					HttpSessionSecurityContextRepository.this.logger
-							.debug("HttpSession is now null, but was not null at start of request; "
-									+ "session was invalidated, so do not create a new session");
-				}
-
+				this.logger.debug("HttpSession is now null, but was not null at start of request; "
+						+ "session was invalidated, so do not create a new session");
 				return null;
 			}
-
 			if (!HttpSessionSecurityContextRepository.this.allowSessionCreation) {
-				if (HttpSessionSecurityContextRepository.this.logger.isDebugEnabled()) {
-					HttpSessionSecurityContextRepository.this.logger.debug("The HttpSession is currently null, and the "
-							+ HttpSessionSecurityContextRepository.class.getSimpleName()
-							+ " is prohibited from creating an HttpSession "
-							+ "(because the allowSessionCreation property is false) - SecurityContext thus not "
-							+ "stored for next request");
-				}
-
+				this.logger.debug("The HttpSession is currently null, and the "
+						+ HttpSessionSecurityContextRepository.class.getSimpleName()
+						+ " is prohibited from creating an HttpSession "
+						+ "(because the allowSessionCreation property is false) - SecurityContext thus not "
+						+ "stored for next request");
 				return null;
 			}
 			// Generate a HttpSession only if we need to
-
 			if (HttpSessionSecurityContextRepository.this.contextObject.equals(context)) {
-				if (HttpSessionSecurityContextRepository.this.logger.isDebugEnabled()) {
-					HttpSessionSecurityContextRepository.this.logger.debug(
-							"HttpSession is null, but SecurityContext has not changed from default empty context: ' "
-									+ context + "'; not creating HttpSession or storing SecurityContext");
-				}
-
+				this.logger.debug(LogMessage.format(
+						"HttpSession is null, but SecurityContext has not changed from "
+								+ "default empty context: '%s'; not creating HttpSession or storing SecurityContext",
+						context));
 				return null;
 			}
-
-			if (HttpSessionSecurityContextRepository.this.logger.isDebugEnabled()) {
-				HttpSessionSecurityContextRepository.this.logger
-						.debug("HttpSession being created as SecurityContext is non-default");
-			}
-
+			this.logger.debug("HttpSession being created as SecurityContext is non-default");
 			try {
 				return this.request.getSession(true);
 			}
 			catch (IllegalStateException ex) {
 				// Response must already be committed, therefore can't create a new
 				// session
-				HttpSessionSecurityContextRepository.this.logger
-						.warn("Failed to create a session, as response has been committed. Unable to store"
-								+ " SecurityContext.");
+				this.logger.warn("Failed to create a session, as response has been committed. "
+						+ "Unable to store SecurityContext.");
 			}
-
 			return null;
 		}
 
diff --git a/web/src/main/java/org/springframework/security/web/context/SaveContextOnUpdateOrErrorResponseWrapper.java b/web/src/main/java/org/springframework/security/web/context/SaveContextOnUpdateOrErrorResponseWrapper.java
index ab021a8525..4fb534a565 100644
--- a/web/src/main/java/org/springframework/security/web/context/SaveContextOnUpdateOrErrorResponseWrapper.java
+++ b/web/src/main/java/org/springframework/security/web/context/SaveContextOnUpdateOrErrorResponseWrapper.java
@@ -44,7 +44,7 @@ public abstract class SaveContextOnUpdateOrErrorResponseWrapper extends OnCommit
 
 	private boolean contextSaved = false;
 
-	/* See SEC-1052 */
+	// See SEC-1052
 	private final boolean disableUrlRewriting;
 
 	/**
diff --git a/web/src/main/java/org/springframework/security/web/context/SecurityContextPersistenceFilter.java b/web/src/main/java/org/springframework/security/web/context/SecurityContextPersistenceFilter.java
index 67a623cf3d..0077c71d46 100644
--- a/web/src/main/java/org/springframework/security/web/context/SecurityContextPersistenceFilter.java
+++ b/web/src/main/java/org/springframework/security/web/context/SecurityContextPersistenceFilter.java
@@ -26,6 +26,7 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 
+import org.springframework.core.log.LogMessage;
 import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.web.filter.GenericFilterBean;
@@ -74,49 +75,36 @@ public class SecurityContextPersistenceFilter extends GenericFilterBean {
 	}
 
 	@Override
-	public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
+	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
 			throws IOException, ServletException {
-		HttpServletRequest request = (HttpServletRequest) req;
-		HttpServletResponse response = (HttpServletResponse) res;
+		doFilter((HttpServletRequest) request, (HttpServletResponse) response, chain);
+	}
 
+	private void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
+			throws IOException, ServletException {
+		// ensure that filter is only applied once per request
 		if (request.getAttribute(FILTER_APPLIED) != null) {
-			// ensure that filter is only applied once per request
 			chain.doFilter(request, response);
 			return;
 		}
-
-		final boolean debug = this.logger.isDebugEnabled();
-
 		request.setAttribute(FILTER_APPLIED, Boolean.TRUE);
-
 		if (this.forceEagerSessionCreation) {
 			HttpSession session = request.getSession();
-
-			if (debug && session.isNew()) {
-				this.logger.debug("Eagerly created session: " + session.getId());
-			}
+			this.logger.debug(LogMessage.format("Eagerly created session: %s", session.getId()));
 		}
-
 		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, response);
 		SecurityContext contextBeforeChainExecution = this.repo.loadContext(holder);
-
 		try {
 			SecurityContextHolder.setContext(contextBeforeChainExecution);
-
 			chain.doFilter(holder.getRequest(), holder.getResponse());
-
 		}
 		finally {
 			SecurityContext contextAfterChainExecution = SecurityContextHolder.getContext();
-			// Crucial removal of SecurityContextHolder contents - do this before anything
-			// else.
+			// Crucial removal of SecurityContextHolder contents before anything else.
 			SecurityContextHolder.clearContext();
 			this.repo.saveContext(contextAfterChainExecution, holder.getRequest(), holder.getResponse());
 			request.removeAttribute(FILTER_APPLIED);
-
-			if (debug) {
-				this.logger.debug("SecurityContextHolder now cleared, as request processing completed");
-			}
+			this.logger.debug("SecurityContextHolder now cleared, as request processing completed");
 		}
 	}
 
diff --git a/web/src/main/java/org/springframework/security/web/context/request/async/WebAsyncManagerIntegrationFilter.java b/web/src/main/java/org/springframework/security/web/context/request/async/WebAsyncManagerIntegrationFilter.java
index 8f2f091bfc..dbe0c65f4c 100644
--- a/web/src/main/java/org/springframework/security/web/context/request/async/WebAsyncManagerIntegrationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/context/request/async/WebAsyncManagerIntegrationFilter.java
@@ -46,14 +46,12 @@ public final class WebAsyncManagerIntegrationFilter extends OncePerRequestFilter
 	protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
 			throws ServletException, IOException {
 		WebAsyncManager asyncManager = WebAsyncUtils.getAsyncManager(request);
-
 		SecurityContextCallableProcessingInterceptor securityProcessingInterceptor = (SecurityContextCallableProcessingInterceptor) asyncManager
 				.getCallableInterceptor(CALLABLE_INTERCEPTOR_KEY);
 		if (securityProcessingInterceptor == null) {
 			asyncManager.registerCallableInterceptor(CALLABLE_INTERCEPTOR_KEY,
 					new SecurityContextCallableProcessingInterceptor());
 		}
-
 		filterChain.doFilter(request, response);
 	}
 
diff --git a/web/src/main/java/org/springframework/security/web/context/support/SecurityWebApplicationContextUtils.java b/web/src/main/java/org/springframework/security/web/context/support/SecurityWebApplicationContextUtils.java
index ba4721eee8..98e267e04e 100644
--- a/web/src/main/java/org/springframework/security/web/context/support/SecurityWebApplicationContextUtils.java
+++ b/web/src/main/java/org/springframework/security/web/context/support/SecurityWebApplicationContextUtils.java
@@ -20,6 +20,7 @@ import java.util.Enumeration;
 
 import javax.servlet.ServletContext;
 
+import org.springframework.util.Assert;
 import org.springframework.web.context.WebApplicationContext;
 import org.springframework.web.context.support.WebApplicationContextUtils;
 
@@ -47,11 +48,10 @@ public abstract class SecurityWebApplicationContextUtils extends WebApplicationC
 	 * @see ServletContext#getAttributeNames()
 	 */
 	public static WebApplicationContext findRequiredWebApplicationContext(ServletContext servletContext) {
-		WebApplicationContext wac = _findWebApplicationContext(servletContext);
-		if (wac == null) {
-			throw new IllegalStateException("No WebApplicationContext found: no ContextLoaderListener registered?");
-		}
-		return wac;
+		WebApplicationContext webApplicationContext = compatiblyFindWebApplicationContext(servletContext);
+		Assert.state(webApplicationContext != null,
+				"No WebApplicationContext found: no ContextLoaderListener registered?");
+		return webApplicationContext;
 	}
 
 	/**
@@ -59,23 +59,21 @@ public abstract class SecurityWebApplicationContextUtils extends WebApplicationC
 	 * spring framework 4.1.x.
 	 * @see #findWebApplicationContext(ServletContext)
 	 */
-	private static WebApplicationContext _findWebApplicationContext(ServletContext sc) {
-		WebApplicationContext wac = getWebApplicationContext(sc);
-		if (wac == null) {
+	private static WebApplicationContext compatiblyFindWebApplicationContext(ServletContext sc) {
+		WebApplicationContext webApplicationContext = getWebApplicationContext(sc);
+		if (webApplicationContext == null) {
 			Enumeration<String> attrNames = sc.getAttributeNames();
 			while (attrNames.hasMoreElements()) {
 				String attrName = attrNames.nextElement();
 				Object attrValue = sc.getAttribute(attrName);
 				if (attrValue instanceof WebApplicationContext) {
-					if (wac != null) {
-						throw new IllegalStateException("No unique WebApplicationContext found: more than one "
-								+ "DispatcherServlet registered with publishContext=true?");
-					}
-					wac = (WebApplicationContext) attrValue;
+					Assert.state(webApplicationContext == null, "No unique WebApplicationContext found: more than one "
+							+ "DispatcherServlet registered with publishContext=true?");
+					webApplicationContext = (WebApplicationContext) attrValue;
 				}
 			}
 		}
-		return wac;
+		return webApplicationContext;
 	}
 
 }
diff --git a/web/src/main/java/org/springframework/security/web/csrf/CookieCsrfTokenRepository.java b/web/src/main/java/org/springframework/security/web/csrf/CookieCsrfTokenRepository.java
index 761785fb8e..473dbaf56c 100644
--- a/web/src/main/java/org/springframework/security/web/csrf/CookieCsrfTokenRepository.java
+++ b/web/src/main/java/org/springframework/security/web/csrf/CookieCsrfTokenRepository.java
@@ -69,30 +69,13 @@ public final class CookieCsrfTokenRepository implements CsrfTokenRepository {
 	public void saveToken(CsrfToken token, HttpServletRequest request, HttpServletResponse response) {
 		String tokenValue = (token != null) ? token.getToken() : "";
 		Cookie cookie = new Cookie(this.cookieName, tokenValue);
-		if (this.secure == null) {
-			cookie.setSecure(request.isSecure());
-		}
-		else {
-			cookie.setSecure(this.secure);
-		}
-
-		if (this.cookiePath != null && !this.cookiePath.isEmpty()) {
-			cookie.setPath(this.cookiePath);
-		}
-		else {
-			cookie.setPath(this.getRequestContext(request));
-		}
-		if (token == null) {
-			cookie.setMaxAge(0);
-		}
-		else {
-			cookie.setMaxAge(-1);
-		}
+		cookie.setSecure((this.secure != null) ? this.secure : request.isSecure());
+		cookie.setPath(StringUtils.hasLength(this.cookiePath) ? this.cookiePath : this.getRequestContext(request));
+		cookie.setMaxAge((token != null) ? -1 : 0);
 		cookie.setHttpOnly(this.cookieHttpOnly);
-		if (this.cookieDomain != null && !this.cookieDomain.isEmpty()) {
+		if (StringUtils.hasLength(this.cookieDomain)) {
 			cookie.setDomain(this.cookieDomain);
 		}
-
 		response.addCookie(cookie);
 	}
 
diff --git a/web/src/main/java/org/springframework/security/web/csrf/CsrfAuthenticationStrategy.java b/web/src/main/java/org/springframework/security/web/csrf/CsrfAuthenticationStrategy.java
index 60af71fbea..54de46b586 100644
--- a/web/src/main/java/org/springframework/security/web/csrf/CsrfAuthenticationStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/csrf/CsrfAuthenticationStrategy.java
@@ -51,10 +51,8 @@ public final class CsrfAuthenticationStrategy implements SessionAuthenticationSt
 		boolean containsToken = this.csrfTokenRepository.loadToken(request) != null;
 		if (containsToken) {
 			this.csrfTokenRepository.saveToken(null, request, response);
-
 			CsrfToken newToken = this.csrfTokenRepository.generateToken(request);
 			this.csrfTokenRepository.saveToken(newToken, request, response);
-
 			request.setAttribute(CsrfToken.class.getName(), newToken);
 			request.setAttribute(newToken.getParameterName(), newToken);
 		}
diff --git a/web/src/main/java/org/springframework/security/web/csrf/CsrfFilter.java b/web/src/main/java/org/springframework/security/web/csrf/CsrfFilter.java
index e2b34d8f46..8f91907895 100644
--- a/web/src/main/java/org/springframework/security/web/csrf/CsrfFilter.java
+++ b/web/src/main/java/org/springframework/security/web/csrf/CsrfFilter.java
@@ -29,6 +29,8 @@ import javax.servlet.http.HttpSession;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
+import org.springframework.core.log.LogMessage;
+import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.web.access.AccessDeniedHandler;
 import org.springframework.security.web.access.AccessDeniedHandlerImpl;
 import org.springframework.security.web.util.UrlUtils;
@@ -97,39 +99,30 @@ public final class CsrfFilter extends OncePerRequestFilter {
 	protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
 			throws ServletException, IOException {
 		request.setAttribute(HttpServletResponse.class.getName(), response);
-
 		CsrfToken csrfToken = this.tokenRepository.loadToken(request);
-		final boolean missingToken = csrfToken == null;
+		boolean missingToken = (csrfToken == null);
 		if (missingToken) {
 			csrfToken = this.tokenRepository.generateToken(request);
 			this.tokenRepository.saveToken(csrfToken, request, response);
 		}
 		request.setAttribute(CsrfToken.class.getName(), csrfToken);
 		request.setAttribute(csrfToken.getParameterName(), csrfToken);
-
 		if (!this.requireCsrfProtectionMatcher.matches(request)) {
 			filterChain.doFilter(request, response);
 			return;
 		}
-
 		String actualToken = request.getHeader(csrfToken.getHeaderName());
 		if (actualToken == null) {
 			actualToken = request.getParameter(csrfToken.getParameterName());
 		}
 		if (!csrfToken.getToken().equals(actualToken)) {
-			if (this.logger.isDebugEnabled()) {
-				this.logger.debug("Invalid CSRF token found for " + UrlUtils.buildFullRequestUrl(request));
-			}
-			if (missingToken) {
-				this.accessDeniedHandler.handle(request, response, new MissingCsrfTokenException(actualToken));
-			}
-			else {
-				this.accessDeniedHandler.handle(request, response,
-						new InvalidCsrfTokenException(csrfToken, actualToken));
-			}
+			this.logger.debug(
+					LogMessage.of(() -> "Invalid CSRF token found for " + UrlUtils.buildFullRequestUrl(request)));
+			AccessDeniedException exception = (!missingToken) ? new InvalidCsrfTokenException(csrfToken, actualToken)
+					: new MissingCsrfTokenException(actualToken);
+			this.accessDeniedHandler.handle(request, response, exception);
 			return;
 		}
-
 		filterChain.doFilter(request, response);
 	}
 
diff --git a/web/src/main/java/org/springframework/security/web/csrf/CsrfToken.java b/web/src/main/java/org/springframework/security/web/csrf/CsrfToken.java
index 9a2cb42a75..bc59a2e496 100644
--- a/web/src/main/java/org/springframework/security/web/csrf/CsrfToken.java
+++ b/web/src/main/java/org/springframework/security/web/csrf/CsrfToken.java
@@ -24,7 +24,6 @@ import java.io.Serializable;
  * @author Rob Winch
  * @since 3.2
  * @see DefaultCsrfToken
- *
  */
 public interface CsrfToken extends Serializable {
 
diff --git a/web/src/main/java/org/springframework/security/web/csrf/LazyCsrfTokenRepository.java b/web/src/main/java/org/springframework/security/web/csrf/LazyCsrfTokenRepository.java
index fcb044a327..b0f4263f2a 100644
--- a/web/src/main/java/org/springframework/security/web/csrf/LazyCsrfTokenRepository.java
+++ b/web/src/main/java/org/springframework/security/web/csrf/LazyCsrfTokenRepository.java
@@ -87,11 +87,8 @@ public final class LazyCsrfTokenRepository implements CsrfTokenRepository {
 
 	private HttpServletResponse getResponse(HttpServletRequest request) {
 		HttpServletResponse response = (HttpServletResponse) request.getAttribute(HTTP_RESPONSE_ATTR);
-		if (response == null) {
-			throw new IllegalArgumentException(
-					"The HttpServletRequest attribute must contain an HttpServletResponse for the attribute "
-							+ HTTP_RESPONSE_ATTR);
-		}
+		Assert.notNull(response, () -> "The HttpServletRequest attribute must contain an HttpServletResponse "
+				+ "for the attribute " + HTTP_RESPONSE_ATTR);
 		return response;
 	}
 
@@ -166,7 +163,6 @@ public final class LazyCsrfTokenRepository implements CsrfTokenRepository {
 			if (this.tokenRepository == null) {
 				return;
 			}
-
 			synchronized (this) {
 				if (this.tokenRepository != null) {
 					this.tokenRepository.saveToken(this.delegate, this.request, this.response);
diff --git a/web/src/main/java/org/springframework/security/web/debug/DebugFilter.java b/web/src/main/java/org/springframework/security/web/debug/DebugFilter.java
index c1fa2cb84a..a25b7927ac 100644
--- a/web/src/main/java/org/springframework/security/web/debug/DebugFilter.java
+++ b/web/src/main/java/org/springframework/security/web/debug/DebugFilter.java
@@ -50,35 +50,35 @@ public final class DebugFilter implements Filter {
 
 	static final String ALREADY_FILTERED_ATTR_NAME = DebugFilter.class.getName().concat(".FILTERED");
 
-	private final FilterChainProxy fcp;
+	private final FilterChainProxy filterChainProxy;
 
 	private final Logger logger = new Logger();
 
-	public DebugFilter(FilterChainProxy fcp) {
-		this.fcp = fcp;
+	public DebugFilter(FilterChainProxy filterChainProxy) {
+		this.filterChainProxy = filterChainProxy;
 	}
 
 	@Override
-	public void doFilter(ServletRequest srvltRequest, ServletResponse srvltResponse, FilterChain filterChain)
+	public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain)
 			throws ServletException, IOException {
-
-		if (!(srvltRequest instanceof HttpServletRequest) || !(srvltResponse instanceof HttpServletResponse)) {
+		if (!(request instanceof HttpServletRequest) || !(response instanceof HttpServletResponse)) {
 			throw new ServletException("DebugFilter just supports HTTP requests");
 		}
-		HttpServletRequest request = (HttpServletRequest) srvltRequest;
-		HttpServletResponse response = (HttpServletResponse) srvltResponse;
+		doFilter((HttpServletRequest) request, (HttpServletResponse) response, filterChain);
+	}
 
+	private void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
+			throws IOException, ServletException {
 		List<Filter> filters = getFilters(request);
 		this.logger.info("Request received for " + request.getMethod() + " '" + UrlUtils.buildRequestUrl(request)
 				+ "':\n\n" + request + "\n\n" + "servletPath:" + request.getServletPath() + "\n" + "pathInfo:"
 				+ request.getPathInfo() + "\n" + "headers: \n" + formatHeaders(request) + "\n\n"
 				+ formatFilters(filters));
-
 		if (request.getAttribute(ALREADY_FILTERED_ATTR_NAME) == null) {
 			invokeWithWrappedRequest(request, response, filterChain);
 		}
 		else {
-			this.fcp.doFilter(request, response, filterChain);
+			this.filterChainProxy.doFilter(request, response, filterChain);
 		}
 	}
 
@@ -87,7 +87,7 @@ public final class DebugFilter implements Filter {
 		request.setAttribute(ALREADY_FILTERED_ATTR_NAME, Boolean.TRUE);
 		request = new DebugRequestWrapper(request);
 		try {
-			this.fcp.doFilter(request, response, filterChain);
+			this.filterChainProxy.doFilter(request, response, filterChain);
 		}
 		finally {
 			request.removeAttribute(ALREADY_FILTERED_ATTR_NAME);
@@ -134,7 +134,7 @@ public final class DebugFilter implements Filter {
 	}
 
 	private List<Filter> getFilters(HttpServletRequest request) {
-		for (SecurityFilterChain chain : this.fcp.getFilterChains()) {
+		for (SecurityFilterChain chain : this.filterChainProxy.getFilterChains()) {
 			if (chain.matches(request)) {
 				return chain.getFilters();
 			}
@@ -163,11 +163,9 @@ public final class DebugFilter implements Filter {
 		public HttpSession getSession() {
 			boolean sessionExists = super.getSession(false) != null;
 			HttpSession session = super.getSession();
-
 			if (!sessionExists) {
 				DebugRequestWrapper.logger.info("New HTTP session created: " + session.getId(), true);
 			}
-
 			return session;
 		}
 
diff --git a/web/src/main/java/org/springframework/security/web/firewall/DefaultHttpFirewall.java b/web/src/main/java/org/springframework/security/web/firewall/DefaultHttpFirewall.java
index ed6b51922a..aec01583a5 100644
--- a/web/src/main/java/org/springframework/security/web/firewall/DefaultHttpFirewall.java
+++ b/web/src/main/java/org/springframework/security/web/firewall/DefaultHttpFirewall.java
@@ -50,19 +50,17 @@ public class DefaultHttpFirewall implements HttpFirewall {
 
 	@Override
 	public FirewalledRequest getFirewalledRequest(HttpServletRequest request) throws RequestRejectedException {
-		FirewalledRequest fwr = new RequestWrapper(request);
-
-		if (!isNormalized(fwr.getServletPath()) || !isNormalized(fwr.getPathInfo())) {
-			throw new RequestRejectedException("Un-normalized paths are not supported: " + fwr.getServletPath()
-					+ ((fwr.getPathInfo() != null) ? fwr.getPathInfo() : ""));
+		FirewalledRequest firewalledRequest = new RequestWrapper(request);
+		if (!isNormalized(firewalledRequest.getServletPath()) || !isNormalized(firewalledRequest.getPathInfo())) {
+			throw new RequestRejectedException(
+					"Un-normalized paths are not supported: " + firewalledRequest.getServletPath()
+							+ ((firewalledRequest.getPathInfo() != null) ? firewalledRequest.getPathInfo() : ""));
 		}
-
-		String requestURI = fwr.getRequestURI();
+		String requestURI = firewalledRequest.getRequestURI();
 		if (containsInvalidUrlEncodedSlash(requestURI)) {
 			throw new RequestRejectedException("The requestURI cannot contain encoded slash. Got " + requestURI);
 		}
-
-		return fwr;
+		return firewalledRequest;
 	}
 
 	@Override
@@ -89,11 +87,9 @@ public class DefaultHttpFirewall implements HttpFirewall {
 		if (this.allowUrlEncodedSlash || uri == null) {
 			return false;
 		}
-
 		if (uri.contains("%2f") || uri.contains("%2F")) {
 			return true;
 		}
-
 		return false;
 	}
 
@@ -107,22 +103,18 @@ public class DefaultHttpFirewall implements HttpFirewall {
 		if (path == null) {
 			return true;
 		}
-
-		for (int j = path.length(); j > 0;) {
-			int i = path.lastIndexOf('/', j - 1);
-			int gap = j - i;
-
-			if (gap == 2 && path.charAt(i + 1) == '.') {
+		for (int i = path.length(); i > 0;) {
+			int slashIndex = path.lastIndexOf('/', i - 1);
+			int gap = i - slashIndex;
+			if (gap == 2 && path.charAt(slashIndex + 1) == '.') {
 				// ".", "/./" or "/."
 				return false;
 			}
-			else if (gap == 3 && path.charAt(i + 1) == '.' && path.charAt(i + 2) == '.') {
+			if (gap == 3 && path.charAt(slashIndex + 1) == '.' && path.charAt(slashIndex + 2) == '.') {
 				return false;
 			}
-
-			j = i;
+			i = slashIndex;
 		}
-
 		return true;
 	}
 
diff --git a/web/src/main/java/org/springframework/security/web/firewall/FirewalledResponse.java b/web/src/main/java/org/springframework/security/web/firewall/FirewalledResponse.java
index 83db1f9932..0f0bca9b1c 100644
--- a/web/src/main/java/org/springframework/security/web/firewall/FirewalledResponse.java
+++ b/web/src/main/java/org/springframework/security/web/firewall/FirewalledResponse.java
@@ -22,6 +22,8 @@ import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpServletResponseWrapper;
 
+import org.springframework.util.Assert;
+
 /**
  * @author Luke Taylor
  * @author Eddú Meléndez
@@ -71,9 +73,7 @@ class FirewalledResponse extends HttpServletResponseWrapper {
 	}
 
 	void validateCrlf(String name, String value) {
-		if (hasCrlf(name) || hasCrlf(value)) {
-			throw new IllegalArgumentException("Invalid characters (CR/LF) in header " + name);
-		}
+		Assert.isTrue(!hasCrlf(name) && !hasCrlf(value), () -> "Invalid characters (CR/LF) in header " + name);
 	}
 
 	private boolean hasCrlf(String value) {
diff --git a/web/src/main/java/org/springframework/security/web/firewall/HttpStatusRequestRejectedHandler.java b/web/src/main/java/org/springframework/security/web/firewall/HttpStatusRequestRejectedHandler.java
index 0946038da9..36a9df93e2 100644
--- a/web/src/main/java/org/springframework/security/web/firewall/HttpStatusRequestRejectedHandler.java
+++ b/web/src/main/java/org/springframework/security/web/firewall/HttpStatusRequestRejectedHandler.java
@@ -24,6 +24,8 @@ import javax.servlet.http.HttpServletResponse;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
+import org.springframework.core.log.LogMessage;
+
 /**
  * A simple implementation of {@link RequestRejectedHandler} that sends an error with
  * configurable status code.
@@ -55,10 +57,8 @@ public class HttpStatusRequestRejectedHandler implements RequestRejectedHandler
 	@Override
 	public void handle(HttpServletRequest request, HttpServletResponse response,
 			RequestRejectedException requestRejectedException) throws IOException {
-		if (logger.isDebugEnabled()) {
-			logger.debug("Rejecting request due to: " + requestRejectedException.getMessage(),
-					requestRejectedException);
-		}
+		logger.debug(LogMessage.format("Rejecting request due to: %s", requestRejectedException.getMessage()),
+				requestRejectedException);
 		response.sendError(this.httpError);
 	}
 
diff --git a/web/src/main/java/org/springframework/security/web/firewall/RequestWrapper.java b/web/src/main/java/org/springframework/security/web/firewall/RequestWrapper.java
index d0c559af22..80a41a0a82 100644
--- a/web/src/main/java/org/springframework/security/web/firewall/RequestWrapper.java
+++ b/web/src/main/java/org/springframework/security/web/firewall/RequestWrapper.java
@@ -74,10 +74,8 @@ final class RequestWrapper extends FirewalledRequest {
 		if (path == null) {
 			return null;
 		}
-
-		int scIndex = path.indexOf(';');
-
-		if (scIndex < 0) {
+		int semicolonIndex = path.indexOf(';');
+		if (semicolonIndex < 0) {
 			int doubleSlashIndex = path.indexOf("//");
 			if (doubleSlashIndex < 0) {
 				// Most likely case, no parameters in any segment and no '//', so no
@@ -85,29 +83,23 @@ final class RequestWrapper extends FirewalledRequest {
 				return path;
 			}
 		}
-
-		StringTokenizer st = new StringTokenizer(path, "/");
+		StringTokenizer tokenizer = new StringTokenizer(path, "/");
 		StringBuilder stripped = new StringBuilder(path.length());
-
 		if (path.charAt(0) == '/') {
 			stripped.append('/');
 		}
-
-		while (st.hasMoreTokens()) {
-			String segment = st.nextToken();
-			scIndex = segment.indexOf(';');
-
-			if (scIndex >= 0) {
-				segment = segment.substring(0, scIndex);
+		while (tokenizer.hasMoreTokens()) {
+			String segment = tokenizer.nextToken();
+			semicolonIndex = segment.indexOf(';');
+			if (semicolonIndex >= 0) {
+				segment = segment.substring(0, semicolonIndex);
 			}
 			stripped.append(segment).append('/');
 		}
-
 		// Remove the trailing slash if the original path didn't have one
 		if (path.charAt(path.length() - 1) != '/') {
 			stripped.deleteCharAt(stripped.length() - 1);
 		}
-
 		return stripped.toString();
 	}
 
diff --git a/web/src/main/java/org/springframework/security/web/firewall/StrictHttpFirewall.java b/web/src/main/java/org/springframework/security/web/firewall/StrictHttpFirewall.java
index f8893c0c55..9aa6868aca 100644
--- a/web/src/main/java/org/springframework/security/web/firewall/StrictHttpFirewall.java
+++ b/web/src/main/java/org/springframework/security/web/firewall/StrictHttpFirewall.java
@@ -31,6 +31,7 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import org.springframework.http.HttpMethod;
+import org.springframework.util.Assert;
 
 /**
  * <p>
@@ -83,7 +84,7 @@ public class StrictHttpFirewall implements HttpFirewall {
 	 * Used to specify to {@link #setAllowedHttpMethods(Collection)} that any HTTP method
 	 * should be allowed.
 	 */
-	private static final Set<String> ALLOW_ANY_HTTP_METHOD = Collections.unmodifiableSet(Collections.emptySet());
+	private static final Set<String> ALLOW_ANY_HTTP_METHOD = Collections.emptySet();
 
 	private static final String ENCODED_PERCENT = "%25";
 
@@ -165,15 +166,9 @@ public class StrictHttpFirewall implements HttpFirewall {
 	 * @see #setUnsafeAllowAnyHttpMethod(boolean)
 	 */
 	public void setAllowedHttpMethods(Collection<String> allowedHttpMethods) {
-		if (allowedHttpMethods == null) {
-			throw new IllegalArgumentException("allowedHttpMethods cannot be null");
-		}
-		if (allowedHttpMethods == ALLOW_ANY_HTTP_METHOD) {
-			this.allowedHttpMethods = ALLOW_ANY_HTTP_METHOD;
-		}
-		else {
-			this.allowedHttpMethods = new HashSet<>(allowedHttpMethods);
-		}
+		Assert.notNull(allowedHttpMethods, "allowedHttpMethods cannot be null");
+		this.allowedHttpMethods = (allowedHttpMethods != ALLOW_ANY_HTTP_METHOD) ? new HashSet<>(allowedHttpMethods)
+				: ALLOW_ANY_HTTP_METHOD;
 	}
 
 	/**
@@ -361,9 +356,7 @@ public class StrictHttpFirewall implements HttpFirewall {
 	 * @see Character#isDefined(int)
 	 */
 	public void setAllowedHeaderNames(Predicate<String> allowedHeaderNames) {
-		if (allowedHeaderNames == null) {
-			throw new IllegalArgumentException("allowedHeaderNames cannot be null");
-		}
+		Assert.notNull(allowedHeaderNames, "allowedHeaderNames cannot be null");
 		this.allowedHeaderNames = allowedHeaderNames;
 	}
 
@@ -378,28 +371,20 @@ public class StrictHttpFirewall implements HttpFirewall {
 	 * @see Character#isDefined(int)
 	 */
 	public void setAllowedHeaderValues(Predicate<String> allowedHeaderValues) {
-		if (allowedHeaderValues == null) {
-			throw new IllegalArgumentException("allowedHeaderValues cannot be null");
-		}
+		Assert.notNull(allowedHeaderValues, "allowedHeaderValues cannot be null");
 		this.allowedHeaderValues = allowedHeaderValues;
 	}
 
-	/*
+	/**
 	 * Determines which parameter names should be allowed. The default is to reject header
-	 * names that contain ISO control characters and characters that are not defined. </p>
-	 *
+	 * names that contain ISO control characters and characters that are not defined.
 	 * @param allowedParameterNames the predicate for testing parameter names
-	 *
-	 * @see Character#isISOControl(int)
-	 *
-	 * @see Character#isDefined(int)
-	 *
 	 * @since 5.4
+	 * @see Character#isISOControl(int)
+	 * @see Character#isDefined(int)
 	 */
 	public void setAllowedParameterNames(Predicate<String> allowedParameterNames) {
-		if (allowedParameterNames == null) {
-			throw new IllegalArgumentException("allowedParameterNames cannot be null");
-		}
+		Assert.notNull(allowedParameterNames, "allowedParameterNames cannot be null");
 		this.allowedParameterNames = allowedParameterNames;
 	}
 
@@ -412,9 +397,7 @@ public class StrictHttpFirewall implements HttpFirewall {
 	 * @since 5.4
 	 */
 	public void setAllowedParameterValues(Predicate<String> allowedParameterValues) {
-		if (allowedParameterValues == null) {
-			throw new IllegalArgumentException("allowedParameterValues cannot be null");
-		}
+		Assert.notNull(allowedParameterValues, "allowedParameterValues cannot be null");
 		this.allowedParameterValues = allowedParameterValues;
 	}
 
@@ -426,9 +409,7 @@ public class StrictHttpFirewall implements HttpFirewall {
 	 * @since 5.2
 	 */
 	public void setAllowedHostnames(Predicate<String> allowedHostnames) {
-		if (allowedHostnames == null) {
-			throw new IllegalArgumentException("allowedHostnames cannot be null");
-		}
+		Assert.notNull(allowedHostnames, "allowedHostnames cannot be null");
 		this.allowedHostnames = allowedHostnames;
 	}
 
@@ -447,173 +428,15 @@ public class StrictHttpFirewall implements HttpFirewall {
 		rejectForbiddenHttpMethod(request);
 		rejectedBlocklistedUrls(request);
 		rejectedUntrustedHosts(request);
-
 		if (!isNormalized(request)) {
 			throw new RequestRejectedException("The request was rejected because the URL was not normalized.");
 		}
-
 		String requestUri = request.getRequestURI();
 		if (!containsOnlyPrintableAsciiCharacters(requestUri)) {
 			throw new RequestRejectedException(
 					"The requestURI was rejected because it can only contain printable ASCII characters.");
 		}
-		return new FirewalledRequest(request) {
-			@Override
-			public long getDateHeader(String name) {
-				if (!StrictHttpFirewall.this.allowedHeaderNames.test(name)) {
-					throw new RequestRejectedException(
-							"The request was rejected because the header name \"" + name + "\" is not allowed.");
-				}
-				return super.getDateHeader(name);
-			}
-
-			@Override
-			public int getIntHeader(String name) {
-				if (!StrictHttpFirewall.this.allowedHeaderNames.test(name)) {
-					throw new RequestRejectedException(
-							"The request was rejected because the header name \"" + name + "\" is not allowed.");
-				}
-				return super.getIntHeader(name);
-			}
-
-			@Override
-			public String getHeader(String name) {
-				if (!StrictHttpFirewall.this.allowedHeaderNames.test(name)) {
-					throw new RequestRejectedException(
-							"The request was rejected because the header name \"" + name + "\" is not allowed.");
-				}
-				String value = super.getHeader(name);
-				if (value != null && !StrictHttpFirewall.this.allowedHeaderValues.test(value)) {
-					throw new RequestRejectedException(
-							"The request was rejected because the header value \"" + value + "\" is not allowed.");
-				}
-				return value;
-			}
-
-			@Override
-			public Enumeration<String> getHeaders(String name) {
-				if (!StrictHttpFirewall.this.allowedHeaderNames.test(name)) {
-					throw new RequestRejectedException(
-							"The request was rejected because the header name \"" + name + "\" is not allowed.");
-				}
-
-				Enumeration<String> valuesEnumeration = super.getHeaders(name);
-				return new Enumeration<String>() {
-					@Override
-					public boolean hasMoreElements() {
-						return valuesEnumeration.hasMoreElements();
-					}
-
-					@Override
-					public String nextElement() {
-						String value = valuesEnumeration.nextElement();
-						if (!StrictHttpFirewall.this.allowedHeaderValues.test(value)) {
-							throw new RequestRejectedException("The request was rejected because the header value \""
-									+ value + "\" is not allowed.");
-						}
-						return value;
-					}
-				};
-			}
-
-			@Override
-			public Enumeration<String> getHeaderNames() {
-				Enumeration<String> namesEnumeration = super.getHeaderNames();
-				return new Enumeration<String>() {
-					@Override
-					public boolean hasMoreElements() {
-						return namesEnumeration.hasMoreElements();
-					}
-
-					@Override
-					public String nextElement() {
-						String name = namesEnumeration.nextElement();
-						if (!StrictHttpFirewall.this.allowedHeaderNames.test(name)) {
-							throw new RequestRejectedException("The request was rejected because the header name \""
-									+ name + "\" is not allowed.");
-						}
-						return name;
-					}
-				};
-			}
-
-			@Override
-			public String getParameter(String name) {
-				if (!StrictHttpFirewall.this.allowedParameterNames.test(name)) {
-					throw new RequestRejectedException(
-							"The request was rejected because the parameter name \"" + name + "\" is not allowed.");
-				}
-				String value = super.getParameter(name);
-				if (value != null && !StrictHttpFirewall.this.allowedParameterValues.test(value)) {
-					throw new RequestRejectedException(
-							"The request was rejected because the parameter value \"" + value + "\" is not allowed.");
-				}
-				return value;
-			}
-
-			@Override
-			public Map<String, String[]> getParameterMap() {
-				Map<String, String[]> parameterMap = super.getParameterMap();
-				for (Map.Entry<String, String[]> entry : parameterMap.entrySet()) {
-					String name = entry.getKey();
-					String[] values = entry.getValue();
-					if (!StrictHttpFirewall.this.allowedParameterNames.test(name)) {
-						throw new RequestRejectedException(
-								"The request was rejected because the parameter name \"" + name + "\" is not allowed.");
-					}
-					for (String value : values) {
-						if (!StrictHttpFirewall.this.allowedParameterValues.test(value)) {
-							throw new RequestRejectedException("The request was rejected because the parameter value \""
-									+ value + "\" is not allowed.");
-						}
-					}
-				}
-				return parameterMap;
-			}
-
-			@Override
-			public Enumeration<String> getParameterNames() {
-				Enumeration<String> namesEnumeration = super.getParameterNames();
-				return new Enumeration<String>() {
-					@Override
-					public boolean hasMoreElements() {
-						return namesEnumeration.hasMoreElements();
-					}
-
-					@Override
-					public String nextElement() {
-						String name = namesEnumeration.nextElement();
-						if (!StrictHttpFirewall.this.allowedParameterNames.test(name)) {
-							throw new RequestRejectedException("The request was rejected because the parameter name \""
-									+ name + "\" is not allowed.");
-						}
-						return name;
-					}
-				};
-			}
-
-			@Override
-			public String[] getParameterValues(String name) {
-				if (!StrictHttpFirewall.this.allowedParameterNames.test(name)) {
-					throw new RequestRejectedException(
-							"The request was rejected because the parameter name \"" + name + "\" is not allowed.");
-				}
-				String[] values = super.getParameterValues(name);
-				if (values != null) {
-					for (String value : values) {
-						if (!StrictHttpFirewall.this.allowedParameterValues.test(value)) {
-							throw new RequestRejectedException("The request was rejected because the parameter value \""
-									+ value + "\" is not allowed.");
-						}
-					}
-				}
-				return values;
-			}
-
-			@Override
-			public void reset() {
-			}
-		};
+		return new StrictFirewalledRequest(request);
 	}
 
 	private void rejectForbiddenHttpMethod(HttpServletRequest request) {
@@ -705,12 +528,11 @@ public class StrictHttpFirewall implements HttpFirewall {
 	private static boolean containsOnlyPrintableAsciiCharacters(String uri) {
 		int length = uri.length();
 		for (int i = 0; i < length; i++) {
-			char c = uri.charAt(i);
-			if (c < '\u0020' || c > '\u007e') {
+			char ch = uri.charAt(i);
+			if (ch < '\u0020' || ch > '\u007e') {
 				return false;
 			}
 		}
-
 		return true;
 	}
 
@@ -728,22 +550,17 @@ public class StrictHttpFirewall implements HttpFirewall {
 		if (path == null) {
 			return true;
 		}
-
-		for (int j = path.length(); j > 0;) {
-			int i = path.lastIndexOf('/', j - 1);
-			int gap = j - i;
-
-			if (gap == 2 && path.charAt(i + 1) == '.') {
-				// ".", "/./" or "/."
+		for (int i = path.length(); i > 0;) {
+			int slashIndex = path.lastIndexOf('/', i - 1);
+			int gap = i - slashIndex;
+			if (gap == 2 && path.charAt(slashIndex + 1) == '.') {
+				return false; // ".", "/./" or "/."
+			}
+			if (gap == 3 && path.charAt(slashIndex + 1) == '.' && path.charAt(slashIndex + 2) == '.') {
 				return false;
 			}
-			else if (gap == 3 && path.charAt(i + 1) == '.' && path.charAt(i + 2) == '.') {
-				return false;
-			}
-
-			j = i;
+			i = slashIndex;
 		}
-
 		return true;
 	}
 
@@ -782,4 +599,166 @@ public class StrictHttpFirewall implements HttpFirewall {
 		return getDecodedUrlBlocklist();
 	}
 
+	/**
+	 * Strict {@link FirewalledRequest}.
+	 */
+	private class StrictFirewalledRequest extends FirewalledRequest {
+
+		StrictFirewalledRequest(HttpServletRequest request) {
+			super(request);
+		}
+
+		@Override
+		public long getDateHeader(String name) {
+			validateAllowedHeaderName(name);
+			return super.getDateHeader(name);
+		}
+
+		@Override
+		public int getIntHeader(String name) {
+			validateAllowedHeaderName(name);
+			return super.getIntHeader(name);
+		}
+
+		@Override
+		public String getHeader(String name) {
+			validateAllowedHeaderName(name);
+			String value = super.getHeader(name);
+			if (value != null) {
+				validateAllowedHeaderValue(value);
+			}
+			return value;
+		}
+
+		@Override
+		public Enumeration<String> getHeaders(String name) {
+			validateAllowedHeaderName(name);
+			Enumeration<String> headers = super.getHeaders(name);
+			return new Enumeration<String>() {
+
+				@Override
+				public boolean hasMoreElements() {
+					return headers.hasMoreElements();
+				}
+
+				@Override
+				public String nextElement() {
+					String value = headers.nextElement();
+					validateAllowedHeaderValue(value);
+					return value;
+				}
+
+			};
+		}
+
+		@Override
+		public Enumeration<String> getHeaderNames() {
+			Enumeration<String> names = super.getHeaderNames();
+			return new Enumeration<String>() {
+
+				@Override
+				public boolean hasMoreElements() {
+					return names.hasMoreElements();
+				}
+
+				@Override
+				public String nextElement() {
+					String headerNames = names.nextElement();
+					validateAllowedHeaderName(headerNames);
+					return headerNames;
+				}
+
+			};
+		}
+
+		@Override
+		public String getParameter(String name) {
+			validateAllowedParameterName(name);
+			String value = super.getParameter(name);
+			if (value != null) {
+				validateAllowedParameterValue(value);
+			}
+			return value;
+		}
+
+		@Override
+		public Map<String, String[]> getParameterMap() {
+			Map<String, String[]> parameterMap = super.getParameterMap();
+			for (Map.Entry<String, String[]> entry : parameterMap.entrySet()) {
+				String name = entry.getKey();
+				String[] values = entry.getValue();
+				validateAllowedParameterName(name);
+				for (String value : values) {
+					validateAllowedParameterValue(value);
+				}
+			}
+			return parameterMap;
+		}
+
+		@Override
+		public Enumeration<String> getParameterNames() {
+			Enumeration<String> paramaterNames = super.getParameterNames();
+			return new Enumeration<String>() {
+
+				@Override
+				public boolean hasMoreElements() {
+					return paramaterNames.hasMoreElements();
+				}
+
+				@Override
+				public String nextElement() {
+					String name = paramaterNames.nextElement();
+					validateAllowedParameterName(name);
+					return name;
+				}
+
+			};
+		}
+
+		@Override
+		public String[] getParameterValues(String name) {
+			validateAllowedParameterName(name);
+			String[] values = super.getParameterValues(name);
+			if (values != null) {
+				for (String value : values) {
+					validateAllowedParameterValue(value);
+				}
+			}
+			return values;
+		}
+
+		private void validateAllowedHeaderName(String headerNames) {
+			if (!StrictHttpFirewall.this.allowedHeaderNames.test(headerNames)) {
+				throw new RequestRejectedException(
+						"The request was rejected because the header name \"" + headerNames + "\" is not allowed.");
+			}
+		}
+
+		private void validateAllowedHeaderValue(String value) {
+			if (!StrictHttpFirewall.this.allowedHeaderValues.test(value)) {
+				throw new RequestRejectedException(
+						"The request was rejected because the header value \"" + value + "\" is not allowed.");
+			}
+		}
+
+		private void validateAllowedParameterName(String name) {
+			if (!StrictHttpFirewall.this.allowedParameterNames.test(name)) {
+				throw new RequestRejectedException(
+						"The request was rejected because the parameter name \"" + name + "\" is not allowed.");
+			}
+		}
+
+		private void validateAllowedParameterValue(String value) {
+			if (!StrictHttpFirewall.this.allowedParameterValues.test(value)) {
+				throw new RequestRejectedException(
+						"The request was rejected because the parameter value \"" + value + "\" is not allowed.");
+			}
+		}
+
+		@Override
+		public void reset() {
+		}
+
+	};
+
 }
diff --git a/web/src/main/java/org/springframework/security/web/header/Header.java b/web/src/main/java/org/springframework/security/web/header/Header.java
index b1c6aa1576..2356914712 100644
--- a/web/src/main/java/org/springframework/security/web/header/Header.java
+++ b/web/src/main/java/org/springframework/security/web/header/Header.java
@@ -62,20 +62,18 @@ public final class Header {
 	}
 
 	@Override
-	public boolean equals(Object o) {
-		if (this == o) {
+	public boolean equals(Object obj) {
+		if (this == obj) {
 			return true;
 		}
-		if (o == null || getClass() != o.getClass()) {
+		if (obj == null || getClass() != obj.getClass()) {
 			return false;
 		}
-
-		Header header = (Header) o;
-
-		if (!this.headerName.equals(header.headerName)) {
+		Header other = (Header) obj;
+		if (!this.headerName.equals(other.headerName)) {
 			return false;
 		}
-		return this.headerValues.equals(header.headerValues);
+		return this.headerValues.equals(other.headerValues);
 	}
 
 	@Override
diff --git a/web/src/main/java/org/springframework/security/web/header/HeaderWriterFilter.java b/web/src/main/java/org/springframework/security/web/header/HeaderWriterFilter.java
index f59983f47c..38529ecc86 100644
--- a/web/src/main/java/org/springframework/security/web/header/HeaderWriterFilter.java
+++ b/web/src/main/java/org/springframework/security/web/header/HeaderWriterFilter.java
@@ -68,7 +68,6 @@ public class HeaderWriterFilter extends OncePerRequestFilter {
 	@Override
 	protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
 			throws ServletException, IOException {
-
 		if (this.shouldWriteHeadersEagerly) {
 			doHeadersBefore(request, response, filterChain);
 		}
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/ClearSiteDataHeaderWriter.java b/web/src/main/java/org/springframework/security/web/header/writers/ClearSiteDataHeaderWriter.java
index 3ba25039a8..d4df85fbee 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/ClearSiteDataHeaderWriter.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/ClearSiteDataHeaderWriter.java
@@ -22,6 +22,7 @@ import javax.servlet.http.HttpServletResponse;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
+import org.springframework.core.log.LogMessage;
 import org.springframework.security.web.header.HeaderWriter;
 import org.springframework.security.web.util.matcher.RequestMatcher;
 import org.springframework.util.Assert;
@@ -76,10 +77,9 @@ public final class ClearSiteDataHeaderWriter implements HeaderWriter {
 				response.setHeader(CLEAR_SITE_DATA_HEADER, this.headerValue);
 			}
 		}
-		else if (this.logger.isDebugEnabled()) {
-			this.logger.debug("Not injecting Clear-Site-Data header since it did not match the " + "requestMatcher "
-					+ this.requestMatcher);
-		}
+		this.logger.debug(
+				LogMessage.format("Not injecting Clear-Site-Data header since it did not match the requestMatcher %s",
+						this.requestMatcher));
 	}
 
 	private String transformToHeaderValue(Directive... directives) {
@@ -97,14 +97,19 @@ public final class ClearSiteDataHeaderWriter implements HeaderWriter {
 	}
 
 	/**
-	 * <p>
-	 * Represents the directive values expected by the {@link ClearSiteDataHeaderWriter}
-	 * </p>
-	 * .
+	 * Represents the directive values expected by the {@link ClearSiteDataHeaderWriter}.
 	 */
 	public enum Directive {
 
-		CACHE("cache"), COOKIES("cookies"), STORAGE("storage"), EXECUTION_CONTEXTS("executionContexts"), ALL("*");
+		CACHE("cache"),
+
+		COOKIES("cookies"),
+
+		STORAGE("storage"),
+
+		EXECUTION_CONTEXTS("executionContexts"),
+
+		ALL("*");
 
 		private final String headerValue;
 
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/ContentSecurityPolicyHeaderWriter.java b/web/src/main/java/org/springframework/security/web/header/writers/ContentSecurityPolicyHeaderWriter.java
index a782869052..5de10d04b8 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/ContentSecurityPolicyHeaderWriter.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/ContentSecurityPolicyHeaderWriter.java
@@ -117,7 +117,7 @@ public final class ContentSecurityPolicyHeaderWriter implements HeaderWriter {
 	 */
 	@Override
 	public void writeHeaders(HttpServletRequest request, HttpServletResponse response) {
-		String headerName = !this.reportOnly ? CONTENT_SECURITY_POLICY_HEADER
+		String headerName = (!this.reportOnly) ? CONTENT_SECURITY_POLICY_HEADER
 				: CONTENT_SECURITY_POLICY_REPORT_ONLY_HEADER;
 		if (!response.containsHeader(headerName)) {
 			response.setHeader(headerName, this.policyDirectives);
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/HpkpHeaderWriter.java b/web/src/main/java/org/springframework/security/web/header/writers/HpkpHeaderWriter.java
index 89de450887..31ee296fde 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/HpkpHeaderWriter.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/HpkpHeaderWriter.java
@@ -174,19 +174,17 @@ public final class HpkpHeaderWriter implements HeaderWriter {
 
 	@Override
 	public void writeHeaders(HttpServletRequest request, HttpServletResponse response) {
-		if (this.requestMatcher.matches(request)) {
-			if (!this.pins.isEmpty()) {
-				String headerName = this.reportOnly ? HPKP_RO_HEADER_NAME : HPKP_HEADER_NAME;
-				if (!response.containsHeader(headerName)) {
-					response.setHeader(headerName, this.hpkpHeaderValue);
-				}
-			}
-			if (this.logger.isDebugEnabled()) {
-				this.logger.debug("Not injecting HPKP header since there aren't any pins");
-			}
-		}
-		else if (this.logger.isDebugEnabled()) {
+		if (!this.requestMatcher.matches(request)) {
 			this.logger.debug("Not injecting HPKP header since it wasn't a secure connection");
+			return;
+		}
+		if (this.pins.isEmpty()) {
+			this.logger.debug("Not injecting HPKP header since there aren't any pins");
+			return;
+		}
+		String headerName = (this.reportOnly) ? HPKP_RO_HEADER_NAME : HPKP_HEADER_NAME;
+		if (!response.containsHeader(headerName)) {
+			response.setHeader(headerName, this.hpkpHeaderValue);
 		}
 	}
 
@@ -294,9 +292,7 @@ public final class HpkpHeaderWriter implements HeaderWriter {
 	 * @throws IllegalArgumentException if maxAgeInSeconds is negative
 	 */
 	public void setMaxAgeInSeconds(long maxAgeInSeconds) {
-		if (maxAgeInSeconds < 0) {
-			throw new IllegalArgumentException("maxAgeInSeconds must be non-negative. Got " + maxAgeInSeconds);
-		}
+		Assert.isTrue(maxAgeInSeconds > 0, () -> "maxAgeInSeconds must be non-negative. Got " + maxAgeInSeconds);
 		this.maxAgeInSeconds = maxAgeInSeconds;
 		updateHpkpHeaderValue();
 	}
@@ -414,11 +410,11 @@ public final class HpkpHeaderWriter implements HeaderWriter {
 	public void setReportUri(String reportUri) {
 		try {
 			this.reportUri = new URI(reportUri);
+			updateHpkpHeaderValue();
 		}
 		catch (URISyntaxException ex) {
 			throw new IllegalArgumentException(ex);
 		}
-		updateHpkpHeaderValue();
 	}
 
 	private void updateHpkpHeaderValue() {
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/HstsHeaderWriter.java b/web/src/main/java/org/springframework/security/web/header/writers/HstsHeaderWriter.java
index 7d1ee6b5e5..c88bc5af87 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/HstsHeaderWriter.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/HstsHeaderWriter.java
@@ -22,6 +22,7 @@ import javax.servlet.http.HttpServletResponse;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
+import org.springframework.core.log.LogMessage;
 import org.springframework.security.web.header.HeaderWriter;
 import org.springframework.security.web.util.matcher.RequestMatcher;
 import org.springframework.util.Assert;
@@ -148,14 +149,13 @@ public final class HstsHeaderWriter implements HeaderWriter {
 
 	@Override
 	public void writeHeaders(HttpServletRequest request, HttpServletResponse response) {
-		if (this.requestMatcher.matches(request)) {
-			if (!response.containsHeader(HSTS_HEADER_NAME)) {
-				response.setHeader(HSTS_HEADER_NAME, this.hstsHeaderValue);
-			}
+		if (!this.requestMatcher.matches(request)) {
+			this.logger.debug(LogMessage.format(
+					"Not injecting HSTS header since it did not match the requestMatcher %s", this.requestMatcher));
+			return;
 		}
-		else if (this.logger.isDebugEnabled()) {
-			this.logger.debug(
-					"Not injecting HSTS header since it did not match the requestMatcher " + this.requestMatcher);
+		if (!response.containsHeader(HSTS_HEADER_NAME)) {
+			response.setHeader(HSTS_HEADER_NAME, this.hstsHeaderValue);
 		}
 	}
 
@@ -188,9 +188,7 @@ public final class HstsHeaderWriter implements HeaderWriter {
 	 * @throws IllegalArgumentException if maxAgeInSeconds is negative
 	 */
 	public void setMaxAgeInSeconds(long maxAgeInSeconds) {
-		if (maxAgeInSeconds < 0) {
-			throw new IllegalArgumentException("maxAgeInSeconds must be non-negative. Got " + maxAgeInSeconds);
-		}
+		Assert.isTrue(maxAgeInSeconds >= 0, () -> "maxAgeInSeconds must be non-negative. Got " + maxAgeInSeconds);
 		this.maxAgeInSeconds = maxAgeInSeconds;
 		updateHstsHeaderValue();
 	}
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/ReferrerPolicyHeaderWriter.java b/web/src/main/java/org/springframework/security/web/header/writers/ReferrerPolicyHeaderWriter.java
index 0397c999cf..eab56fc389 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/ReferrerPolicyHeaderWriter.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/ReferrerPolicyHeaderWriter.java
@@ -100,10 +100,21 @@ public class ReferrerPolicyHeaderWriter implements HeaderWriter {
 
 	public enum ReferrerPolicy {
 
-		NO_REFERRER("no-referrer"), NO_REFERRER_WHEN_DOWNGRADE("no-referrer-when-downgrade"), SAME_ORIGIN(
-				"same-origin"), ORIGIN("origin"), STRICT_ORIGIN("strict-origin"), ORIGIN_WHEN_CROSS_ORIGIN(
-						"origin-when-cross-origin"), STRICT_ORIGIN_WHEN_CROSS_ORIGIN(
-								"strict-origin-when-cross-origin"), UNSAFE_URL("unsafe-url");
+		NO_REFERRER("no-referrer"),
+
+		NO_REFERRER_WHEN_DOWNGRADE("no-referrer-when-downgrade"),
+
+		SAME_ORIGIN("same-origin"),
+
+		ORIGIN("origin"),
+
+		STRICT_ORIGIN("strict-origin"),
+
+		ORIGIN_WHEN_CROSS_ORIGIN("origin-when-cross-origin"),
+
+		STRICT_ORIGIN_WHEN_CROSS_ORIGIN("strict-origin-when-cross-origin"),
+
+		UNSAFE_URL("unsafe-url");
 
 		private static final Map<String, ReferrerPolicy> REFERRER_POLICIES;
 
@@ -115,7 +126,7 @@ public class ReferrerPolicyHeaderWriter implements HeaderWriter {
 			REFERRER_POLICIES = Collections.unmodifiableMap(referrerPolicies);
 		}
 
-		private String policy;
+		private final String policy;
 
 		ReferrerPolicy(String policy) {
 			this.policy = policy;
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/AbstractRequestParameterAllowFromStrategy.java b/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/AbstractRequestParameterAllowFromStrategy.java
index 0426ccdec0..104a6cb234 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/AbstractRequestParameterAllowFromStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/AbstractRequestParameterAllowFromStrategy.java
@@ -21,6 +21,7 @@ import javax.servlet.http.HttpServletRequest;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
+import org.springframework.core.log.LogMessage;
 import org.springframework.util.Assert;
 import org.springframework.util.StringUtils;
 
@@ -52,15 +53,11 @@ public abstract class AbstractRequestParameterAllowFromStrategy implements Allow
 	@Override
 	public String getAllowFromValue(HttpServletRequest request) {
 		String allowFromOrigin = request.getParameter(this.allowFromParameterName);
-		if (this.log.isDebugEnabled()) {
-			this.log.debug("Supplied origin '" + allowFromOrigin + "'");
-		}
+		this.log.debug(LogMessage.format("Supplied origin '%s'", allowFromOrigin));
 		if (StringUtils.hasText(allowFromOrigin) && allowed(allowFromOrigin)) {
 			return allowFromOrigin;
 		}
-		else {
-			return "DENY";
-		}
+		return "DENY";
 	}
 
 	/**
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/XFrameOptionsHeaderWriter.java b/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/XFrameOptionsHeaderWriter.java
index cf094d753b..9cecae5cc4 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/XFrameOptionsHeaderWriter.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/XFrameOptionsHeaderWriter.java
@@ -55,10 +55,9 @@ public final class XFrameOptionsHeaderWriter implements HeaderWriter {
 	 */
 	public XFrameOptionsHeaderWriter(XFrameOptionsMode frameOptionsMode) {
 		Assert.notNull(frameOptionsMode, "frameOptionsMode cannot be null");
-		if (XFrameOptionsMode.ALLOW_FROM.equals(frameOptionsMode)) {
-			throw new IllegalArgumentException(
-					"ALLOW_FROM requires an AllowFromStrategy. Please use FrameOptionsHeaderWriter(AllowFromStrategy allowFromStrategy) instead");
-		}
+		Assert.isTrue(!XFrameOptionsMode.ALLOW_FROM.equals(frameOptionsMode),
+				"ALLOW_FROM requires an AllowFromStrategy. Please use "
+						+ "FrameOptionsHeaderWriter(AllowFromStrategy allowFromStrategy) instead");
 		this.frameOptionsMode = frameOptionsMode;
 		this.allowFromStrategy = null;
 	}
@@ -113,7 +112,10 @@ public final class XFrameOptionsHeaderWriter implements HeaderWriter {
 	 */
 	public enum XFrameOptionsMode {
 
-		DENY("DENY"), SAMEORIGIN("SAMEORIGIN"),
+		DENY("DENY"),
+
+		SAMEORIGIN("SAMEORIGIN"),
+
 		/**
 		 * @deprecated ALLOW-FROM is an obsolete directive that no longer works in modern
 		 * browsers. Instead use Content-Security-Policy with the <a href=
@@ -123,7 +125,7 @@ public final class XFrameOptionsHeaderWriter implements HeaderWriter {
 		@Deprecated
 		ALLOW_FROM("ALLOW-FROM");
 
-		private String mode;
+		private final String mode;
 
 		XFrameOptionsMode(String mode) {
 			this.mode = mode;
diff --git a/web/src/main/java/org/springframework/security/web/http/SecurityHeaders.java b/web/src/main/java/org/springframework/security/web/http/SecurityHeaders.java
index a7d399e275..33ea76a989 100644
--- a/web/src/main/java/org/springframework/security/web/http/SecurityHeaders.java
+++ b/web/src/main/java/org/springframework/security/web/http/SecurityHeaders.java
@@ -29,6 +29,9 @@ import org.springframework.util.Assert;
  */
 public final class SecurityHeaders {
 
+	private SecurityHeaders() {
+	}
+
 	/**
 	 * Sets the provided value as a Bearer token in a header with the name of
 	 * {@link HttpHeaders#AUTHORIZATION}
@@ -40,7 +43,4 @@ public final class SecurityHeaders {
 		return (headers) -> headers.set(HttpHeaders.AUTHORIZATION, "Bearer " + bearerTokenValue);
 	}
 
-	private SecurityHeaders() {
-	}
-
 }
diff --git a/web/src/main/java/org/springframework/security/web/jaasapi/JaasApiIntegrationFilter.java b/web/src/main/java/org/springframework/security/web/jaasapi/JaasApiIntegrationFilter.java
index 49e9ff9272..bda60ba088 100644
--- a/web/src/main/java/org/springframework/security/web/jaasapi/JaasApiIntegrationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/jaasapi/JaasApiIntegrationFilter.java
@@ -27,6 +27,7 @@ import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
 
+import org.springframework.core.log.LogMessage;
 import org.springframework.security.authentication.jaas.JaasAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
@@ -70,34 +71,26 @@ public class JaasApiIntegrationFilter extends GenericFilterBean {
 	 * </p>
 	 */
 	@Override
-	public final void doFilter(final ServletRequest request, final ServletResponse response, final FilterChain chain)
+	public final void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
 			throws ServletException, IOException {
 
 		Subject subject = obtainSubject(request);
 		if (subject == null && this.createEmptySubject) {
-			if (this.logger.isDebugEnabled()) {
-				this.logger.debug(
-						"Subject returned was null and createEmtpySubject is true; creating new empty subject to run as.");
-			}
+			this.logger.debug("Subject returned was null and createEmtpySubject is true; "
+					+ "creating new empty subject to run as.");
 			subject = new Subject();
 		}
 		if (subject == null) {
-			if (this.logger.isDebugEnabled()) {
-				this.logger.debug("Subject is null continue running with no Subject.");
-			}
+			this.logger.debug("Subject is null continue running with no Subject.");
 			chain.doFilter(request, response);
 			return;
 		}
-		final PrivilegedExceptionAction<Object> continueChain = () -> {
-			chain.doFilter(request, response);
-			return null;
-		};
-
-		if (this.logger.isDebugEnabled()) {
-			this.logger.debug("Running as Subject " + subject);
-		}
+		this.logger.debug(LogMessage.format("Running as Subject %s", subject));
 		try {
-			Subject.doAs(subject, continueChain);
+			Subject.doAs(subject, (PrivilegedExceptionAction<Object>) () -> {
+				chain.doFilter(request, response);
+				return null;
+			});
 		}
 		catch (PrivilegedActionException ex) {
 			throw new ServletException(ex.getMessage(), ex);
@@ -121,9 +114,7 @@ public class JaasApiIntegrationFilter extends GenericFilterBean {
 	 */
 	protected Subject obtainSubject(ServletRequest request) {
 		Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
-		if (this.logger.isDebugEnabled()) {
-			this.logger.debug("Attempting to obtainSubject using authentication : " + authentication);
-		}
+		this.logger.debug(LogMessage.format("Attempting to obtainSubject using authentication : %s", authentication));
 		if (authentication == null) {
 			return null;
 		}
diff --git a/web/src/main/java/org/springframework/security/web/jackson2/PreAuthenticatedAuthenticationTokenDeserializer.java b/web/src/main/java/org/springframework/security/web/jackson2/PreAuthenticatedAuthenticationTokenDeserializer.java
index b1742dcc8b..0993091f5c 100644
--- a/web/src/main/java/org/springframework/security/web/jackson2/PreAuthenticatedAuthenticationTokenDeserializer.java
+++ b/web/src/main/java/org/springframework/security/web/jackson2/PreAuthenticatedAuthenticationTokenDeserializer.java
@@ -46,6 +46,9 @@ import org.springframework.security.web.authentication.preauth.PreAuthenticatedA
  */
 class PreAuthenticatedAuthenticationTokenDeserializer extends JsonDeserializer<PreAuthenticatedAuthenticationToken> {
 
+	private static final TypeReference<List<GrantedAuthority>> GRANTED_AUTHORITY_LIST = new TypeReference<List<GrantedAuthority>>() {
+	};
+
 	/**
 	 * This method construct {@link PreAuthenticatedAuthenticationToken} object from
 	 * serialized json.
@@ -58,28 +61,18 @@ class PreAuthenticatedAuthenticationTokenDeserializer extends JsonDeserializer<P
 	@Override
 	public PreAuthenticatedAuthenticationToken deserialize(JsonParser jp, DeserializationContext ctxt)
 			throws IOException, JsonProcessingException {
-		PreAuthenticatedAuthenticationToken token = null;
 		ObjectMapper mapper = (ObjectMapper) jp.getCodec();
 		JsonNode jsonNode = mapper.readTree(jp);
 		Boolean authenticated = readJsonNode(jsonNode, "authenticated").asBoolean();
 		JsonNode principalNode = readJsonNode(jsonNode, "principal");
-		Object principal = null;
-		if (principalNode.isObject()) {
-			principal = mapper.readValue(principalNode.traverse(mapper), Object.class);
-		}
-		else {
-			principal = principalNode.asText();
-		}
+		Object principal = (!principalNode.isObject()) ? principalNode.asText()
+				: mapper.readValue(principalNode.traverse(mapper), Object.class);
 		Object credentials = readJsonNode(jsonNode, "credentials").asText();
 		List<GrantedAuthority> authorities = mapper.readValue(readJsonNode(jsonNode, "authorities").traverse(mapper),
-				new TypeReference<List<GrantedAuthority>>() {
-				});
-		if (authenticated) {
-			token = new PreAuthenticatedAuthenticationToken(principal, credentials, authorities);
-		}
-		else {
-			token = new PreAuthenticatedAuthenticationToken(principal, credentials);
-		}
+				GRANTED_AUTHORITY_LIST);
+		PreAuthenticatedAuthenticationToken token = (!authenticated)
+				? new PreAuthenticatedAuthenticationToken(principal, credentials)
+				: new PreAuthenticatedAuthenticationToken(principal, credentials, authorities);
 		token.setDetails(readJsonNode(jsonNode, "details"));
 		return token;
 	}
diff --git a/web/src/main/java/org/springframework/security/web/method/annotation/AuthenticationPrincipalArgumentResolver.java b/web/src/main/java/org/springframework/security/web/method/annotation/AuthenticationPrincipalArgumentResolver.java
index eb455c75cf..c54a81d3b8 100644
--- a/web/src/main/java/org/springframework/security/web/method/annotation/AuthenticationPrincipalArgumentResolver.java
+++ b/web/src/main/java/org/springframework/security/web/method/annotation/AuthenticationPrincipalArgumentResolver.java
@@ -104,28 +104,21 @@ public final class AuthenticationPrincipalArgumentResolver implements HandlerMet
 			return null;
 		}
 		Object principal = authentication.getPrincipal();
-
-		AuthenticationPrincipal authPrincipal = findMethodAnnotation(AuthenticationPrincipal.class, parameter);
-
-		String expressionToParse = authPrincipal.expression();
+		AuthenticationPrincipal annotation = findMethodAnnotation(AuthenticationPrincipal.class, parameter);
+		String expressionToParse = annotation.expression();
 		if (StringUtils.hasLength(expressionToParse)) {
 			StandardEvaluationContext context = new StandardEvaluationContext();
 			context.setRootObject(principal);
 			context.setVariable("this", principal);
 			context.setBeanResolver(this.beanResolver);
-
 			Expression expression = this.parser.parseExpression(expressionToParse);
 			principal = expression.getValue(context);
 		}
-
 		if (principal != null && !parameter.getParameterType().isAssignableFrom(principal.getClass())) {
-
-			if (authPrincipal.errorOnInvalidType()) {
+			if (annotation.errorOnInvalidType()) {
 				throw new ClassCastException(principal + " is not assignable to " + parameter.getParameterType());
 			}
-			else {
-				return null;
-			}
+			return null;
 		}
 		return principal;
 	}
diff --git a/web/src/main/java/org/springframework/security/web/method/annotation/CurrentSecurityContextArgumentResolver.java b/web/src/main/java/org/springframework/security/web/method/annotation/CurrentSecurityContextArgumentResolver.java
index 007ddc7ceb..6cbdb0c2d2 100644
--- a/web/src/main/java/org/springframework/security/web/method/annotation/CurrentSecurityContextArgumentResolver.java
+++ b/web/src/main/java/org/springframework/security/web/method/annotation/CurrentSecurityContextArgumentResolver.java
@@ -79,17 +79,11 @@ public final class CurrentSecurityContextArgumentResolver implements HandlerMeth
 
 	private BeanResolver beanResolver;
 
-	/**
-	 * {@inheritDoc}
-	 */
 	@Override
 	public boolean supportsParameter(MethodParameter parameter) {
 		return findMethodAnnotation(CurrentSecurityContext.class, parameter) != null;
 	}
 
-	/**
-	 * {@inheritDoc}
-	 */
 	@Override
 	public Object resolveArgument(MethodParameter parameter, ModelAndViewContainer mavContainer,
 			NativeWebRequest webRequest, WebDataBinderFactory binderFactory) {
@@ -98,29 +92,22 @@ public final class CurrentSecurityContextArgumentResolver implements HandlerMeth
 			return null;
 		}
 		Object securityContextResult = securityContext;
-
-		CurrentSecurityContext securityContextAnnotation = findMethodAnnotation(CurrentSecurityContext.class,
-				parameter);
-
-		String expressionToParse = securityContextAnnotation.expression();
+		CurrentSecurityContext annotation = findMethodAnnotation(CurrentSecurityContext.class, parameter);
+		String expressionToParse = annotation.expression();
 		if (StringUtils.hasLength(expressionToParse)) {
 			StandardEvaluationContext context = new StandardEvaluationContext();
 			context.setRootObject(securityContext);
 			context.setVariable("this", securityContext);
-
 			Expression expression = this.parser.parseExpression(expressionToParse);
 			securityContextResult = expression.getValue(context);
 		}
-
 		if (securityContextResult != null
 				&& !parameter.getParameterType().isAssignableFrom(securityContextResult.getClass())) {
-			if (securityContextAnnotation.errorOnInvalidType()) {
+			if (annotation.errorOnInvalidType()) {
 				throw new ClassCastException(
 						securityContextResult + " is not assignable to " + parameter.getParameterType());
 			}
-			else {
-				return null;
-			}
+			return null;
 		}
 		return securityContextResult;
 	}
diff --git a/web/src/main/java/org/springframework/security/web/reactive/result/method/annotation/AuthenticationPrincipalArgumentResolver.java b/web/src/main/java/org/springframework/security/web/reactive/result/method/annotation/AuthenticationPrincipalArgumentResolver.java
index 6068d82f9d..5be69521ab 100644
--- a/web/src/main/java/org/springframework/security/web/reactive/result/method/annotation/AuthenticationPrincipalArgumentResolver.java
+++ b/web/src/main/java/org/springframework/security/web/reactive/result/method/annotation/AuthenticationPrincipalArgumentResolver.java
@@ -72,37 +72,31 @@ public class AuthenticationPrincipalArgumentResolver extends HandlerMethodArgume
 	public Mono<Object> resolveArgument(MethodParameter parameter, BindingContext bindingContext,
 			ServerWebExchange exchange) {
 		ReactiveAdapter adapter = getAdapterRegistry().getAdapter(parameter.getParameterType());
-		return ReactiveSecurityContextHolder.getContext().map(SecurityContext::getAuthentication).flatMap((a) -> {
-			Object p = resolvePrincipal(parameter, a.getPrincipal());
-			Mono<Object> principal = Mono.justOrEmpty(p);
-			return (adapter != null) ? Mono.just(adapter.fromPublisher(principal)) : principal;
-		});
+		return ReactiveSecurityContextHolder.getContext().map(SecurityContext::getAuthentication)
+				.flatMap((authentication) -> {
+					Mono<Object> principal = Mono
+							.justOrEmpty(resolvePrincipal(parameter, authentication.getPrincipal()));
+					return (adapter != null) ? Mono.just(adapter.fromPublisher(principal)) : principal;
+				});
 	}
 
 	private Object resolvePrincipal(MethodParameter parameter, Object principal) {
-		AuthenticationPrincipal authPrincipal = findMethodAnnotation(AuthenticationPrincipal.class, parameter);
-
-		String expressionToParse = authPrincipal.expression();
+		AuthenticationPrincipal annotation = findMethodAnnotation(AuthenticationPrincipal.class, parameter);
+		String expressionToParse = annotation.expression();
 		if (StringUtils.hasLength(expressionToParse)) {
 			StandardEvaluationContext context = new StandardEvaluationContext();
 			context.setRootObject(principal);
 			context.setVariable("this", principal);
 			context.setBeanResolver(this.beanResolver);
-
 			Expression expression = this.parser.parseExpression(expressionToParse);
 			principal = expression.getValue(context);
 		}
-
 		if (isInvalidType(parameter, principal)) {
-
-			if (authPrincipal.errorOnInvalidType()) {
+			if (annotation.errorOnInvalidType()) {
 				throw new ClassCastException(principal + " is not assignable to " + parameter.getParameterType());
 			}
-			else {
-				return null;
-			}
+			return null;
 		}
-
 		return principal;
 	}
 
diff --git a/web/src/main/java/org/springframework/security/web/reactive/result/method/annotation/CurrentSecurityContextArgumentResolver.java b/web/src/main/java/org/springframework/security/web/reactive/result/method/annotation/CurrentSecurityContextArgumentResolver.java
index 101749642f..a02a9c30b9 100644
--- a/web/src/main/java/org/springframework/security/web/reactive/result/method/annotation/CurrentSecurityContextArgumentResolver.java
+++ b/web/src/main/java/org/springframework/security/web/reactive/result/method/annotation/CurrentSecurityContextArgumentResolver.java
@@ -65,17 +65,11 @@ public class CurrentSecurityContextArgumentResolver extends HandlerMethodArgumen
 		this.beanResolver = beanResolver;
 	}
 
-	/**
-	 * {@inheritDoc}
-	 */
 	@Override
 	public boolean supportsParameter(MethodParameter parameter) {
 		return findMethodAnnotation(CurrentSecurityContext.class, parameter) != null;
 	}
 
-	/**
-	 * {@inheritDoc}
-	 */
 	@Override
 	public Mono<Object> resolveArgument(MethodParameter parameter, BindingContext bindingContext,
 			ServerWebExchange exchange) {
@@ -84,10 +78,10 @@ public class CurrentSecurityContextArgumentResolver extends HandlerMethodArgumen
 		if (reactiveSecurityContext == null) {
 			return null;
 		}
-		return reactiveSecurityContext.flatMap((a) -> {
-			Object p = resolveSecurityContext(parameter, a);
-			Mono<Object> o = Mono.justOrEmpty(p);
-			return (adapter != null) ? Mono.just(adapter.fromPublisher(o)) : o;
+		return reactiveSecurityContext.flatMap((securityContext) -> {
+			Mono<Object> resolvedSecurityContext = Mono.justOrEmpty(resolveSecurityContext(parameter, securityContext));
+			return (adapter != null) ? Mono.just(adapter.fromPublisher(resolvedSecurityContext))
+					: resolvedSecurityContext;
 		});
 
 	}
@@ -100,32 +94,24 @@ public class CurrentSecurityContextArgumentResolver extends HandlerMethodArgumen
 	 * @return the resolved object from expression.
 	 */
 	private Object resolveSecurityContext(MethodParameter parameter, SecurityContext securityContext) {
-		CurrentSecurityContext securityContextAnnotation = findMethodAnnotation(CurrentSecurityContext.class,
-				parameter);
-
+		CurrentSecurityContext annotation = findMethodAnnotation(CurrentSecurityContext.class, parameter);
 		Object securityContextResult = securityContext;
-
-		String expressionToParse = securityContextAnnotation.expression();
+		String expressionToParse = annotation.expression();
 		if (StringUtils.hasLength(expressionToParse)) {
 			StandardEvaluationContext context = new StandardEvaluationContext();
 			context.setRootObject(securityContext);
 			context.setVariable("this", securityContext);
 			context.setBeanResolver(this.beanResolver);
-
 			Expression expression = this.parser.parseExpression(expressionToParse);
 			securityContextResult = expression.getValue(context);
 		}
-
 		if (isInvalidType(parameter, securityContextResult)) {
-			if (securityContextAnnotation.errorOnInvalidType()) {
+			if (annotation.errorOnInvalidType()) {
 				throw new ClassCastException(
 						securityContextResult + " is not assignable to " + parameter.getParameterType());
 			}
-			else {
-				return null;
-			}
+			return null;
 		}
-
 		return securityContextResult;
 	}
 
diff --git a/web/src/main/java/org/springframework/security/web/savedrequest/CookieRequestCache.java b/web/src/main/java/org/springframework/security/web/savedrequest/CookieRequestCache.java
index 3117a37016..1afefeba74 100644
--- a/web/src/main/java/org/springframework/security/web/savedrequest/CookieRequestCache.java
+++ b/web/src/main/java/org/springframework/security/web/savedrequest/CookieRequestCache.java
@@ -55,52 +55,49 @@ public class CookieRequestCache implements RequestCache {
 
 	@Override
 	public void saveRequest(HttpServletRequest request, HttpServletResponse response) {
-		if (this.requestMatcher.matches(request)) {
-			String redirectUrl = UrlUtils.buildFullRequestUrl(request);
-			Cookie savedCookie = new Cookie(COOKIE_NAME, encodeCookie(redirectUrl));
-			savedCookie.setMaxAge(COOKIE_MAX_AGE);
-			savedCookie.setSecure(request.isSecure());
-			savedCookie.setPath(getCookiePath(request));
-			savedCookie.setHttpOnly(true);
-
-			response.addCookie(savedCookie);
-		}
-		else {
+		if (!this.requestMatcher.matches(request)) {
 			this.logger.debug("Request not saved as configured RequestMatcher did not match");
+			return;
 		}
+		String redirectUrl = UrlUtils.buildFullRequestUrl(request);
+		Cookie savedCookie = new Cookie(COOKIE_NAME, encodeCookie(redirectUrl));
+		savedCookie.setMaxAge(COOKIE_MAX_AGE);
+		savedCookie.setSecure(request.isSecure());
+		savedCookie.setPath(getCookiePath(request));
+		savedCookie.setHttpOnly(true);
+		response.addCookie(savedCookie);
 	}
 
 	@Override
 	public SavedRequest getRequest(HttpServletRequest request, HttpServletResponse response) {
 		Cookie savedRequestCookie = WebUtils.getCookie(request, COOKIE_NAME);
-		if (savedRequestCookie != null) {
-			final String originalURI = decodeCookie(savedRequestCookie.getValue());
-			UriComponents uriComponents = UriComponentsBuilder.fromUriString(originalURI).build();
-			DefaultSavedRequest.Builder builder = new DefaultSavedRequest.Builder();
-
-			int port = uriComponents.getPort();
-			if (port == -1) {
-				if ("https".equalsIgnoreCase(uriComponents.getScheme())) {
-					port = 443;
-				}
-				else {
-					port = 80;
-				}
-			}
-
-			final MultiValueMap<String, String> queryParams = uriComponents.getQueryParams();
-
-			if (!queryParams.isEmpty()) {
-				final HashMap<String, String[]> parameters = new HashMap<>(queryParams.size());
-				queryParams.forEach((key, value) -> parameters.put(key, value.toArray(new String[] {})));
-				builder.setParameters(parameters);
-			}
-
-			return builder.setScheme(uriComponents.getScheme()).setServerName(uriComponents.getHost())
-					.setRequestURI(uriComponents.getPath()).setQueryString(uriComponents.getQuery()).setServerPort(port)
-					.setMethod(request.getMethod()).build();
+		if (savedRequestCookie == null) {
+			return null;
 		}
-		return null;
+		String originalURI = decodeCookie(savedRequestCookie.getValue());
+		UriComponents uriComponents = UriComponentsBuilder.fromUriString(originalURI).build();
+		DefaultSavedRequest.Builder builder = new DefaultSavedRequest.Builder();
+		int port = getPort(uriComponents);
+		MultiValueMap<String, String> queryParams = uriComponents.getQueryParams();
+		if (!queryParams.isEmpty()) {
+			HashMap<String, String[]> parameters = new HashMap<>(queryParams.size());
+			queryParams.forEach((key, value) -> parameters.put(key, value.toArray(new String[] {})));
+			builder.setParameters(parameters);
+		}
+		return builder.setScheme(uriComponents.getScheme()).setServerName(uriComponents.getHost())
+				.setRequestURI(uriComponents.getPath()).setQueryString(uriComponents.getQuery()).setServerPort(port)
+				.setMethod(request.getMethod()).build();
+	}
+
+	private int getPort(UriComponents uriComponents) {
+		int port = uriComponents.getPort();
+		if (port != -1) {
+			return port;
+		}
+		if ("https".equalsIgnoreCase(uriComponents.getScheme())) {
+			return 443;
+		}
+		return 80;
 	}
 
 	@Override
@@ -110,10 +107,8 @@ public class CookieRequestCache implements RequestCache {
 			this.logger.debug("saved request doesn't match");
 			return null;
 		}
-		else {
-			this.removeRequest(request, response);
-			return new SavedRequestAwareWrapper(saved, request);
-		}
+		this.removeRequest(request, response);
+		return new SavedRequestAwareWrapper(saved, request);
 	}
 
 	@Override
@@ -135,21 +130,16 @@ public class CookieRequestCache implements RequestCache {
 	}
 
 	private static String getCookiePath(HttpServletRequest request) {
-		final String contextPath = request.getContextPath();
-		if (StringUtils.isEmpty(contextPath)) {
-			return "/";
-		}
-		return contextPath;
+		String contextPath = request.getContextPath();
+		return (!StringUtils.isEmpty(contextPath)) ? contextPath : "/";
 	}
 
 	private boolean matchesSavedRequest(HttpServletRequest request, SavedRequest savedRequest) {
 		if (savedRequest == null) {
 			return false;
 		}
-		else {
-			String currentUrl = UrlUtils.buildFullRequestUrl(request);
-			return savedRequest.getRedirectUrl().equals(currentUrl);
-		}
+		String currentUrl = UrlUtils.buildFullRequestUrl(request);
+		return savedRequest.getRedirectUrl().equals(currentUrl);
 	}
 
 	/**
diff --git a/web/src/main/java/org/springframework/security/web/savedrequest/DefaultSavedRequest.java b/web/src/main/java/org/springframework/security/web/savedrequest/DefaultSavedRequest.java
index 5b8b1aacd9..aaa8e995c2 100644
--- a/web/src/main/java/org/springframework/security/web/savedrequest/DefaultSavedRequest.java
+++ b/web/src/main/java/org/springframework/security/web/savedrequest/DefaultSavedRequest.java
@@ -33,6 +33,7 @@ import com.fasterxml.jackson.databind.annotation.JsonPOJOBuilder;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
+import org.springframework.core.log.LogMessage;
 import org.springframework.security.web.PortResolver;
 import org.springframework.security.web.util.UrlUtils;
 import org.springframework.util.Assert;
@@ -99,13 +100,10 @@ public class DefaultSavedRequest implements SavedRequest {
 	public DefaultSavedRequest(HttpServletRequest request, PortResolver portResolver) {
 		Assert.notNull(request, "Request required");
 		Assert.notNull(portResolver, "PortResolver required");
-
 		// Cookies
 		addCookies(request.getCookies());
-
 		// Headers
 		Enumeration<String> names = request.getHeaderNames();
-
 		while (names.hasMoreElements()) {
 			String name = names.nextElement();
 			// Skip If-Modified-Since and If-None-Match header. SEC-1412, SEC-1624.
@@ -113,18 +111,14 @@ public class DefaultSavedRequest implements SavedRequest {
 				continue;
 			}
 			Enumeration<String> values = request.getHeaders(name);
-
 			while (values.hasMoreElements()) {
 				this.addHeader(name, values.nextElement());
 			}
 		}
-
 		// Locales
 		addLocales(request.getLocales());
-
 		// Parameters
 		addParameters(request.getParameterMap());
-
 		// Primitives
 		this.method = request.getMethod();
 		this.pathInfo = request.getPathInfo();
@@ -170,8 +164,7 @@ public class DefaultSavedRequest implements SavedRequest {
 	}
 
 	private void addHeader(String name, String value) {
-		List<String> values = this.headers.computeIfAbsent(name, (k) -> new ArrayList<>());
-
+		List<String> values = this.headers.computeIfAbsent(name, (key) -> new ArrayList<>());
 		values.add(value);
 	}
 
@@ -200,9 +193,7 @@ public class DefaultSavedRequest implements SavedRequest {
 					this.addParameter(paramName, (String[]) paramValues);
 				}
 				else {
-					if (logger.isWarnEnabled()) {
-						logger.warn("ServletRequest.getParameterMap() returned non-String array");
-					}
+					logger.warn("ServletRequest.getParameterMap() returned non-String array");
 				}
 			}
 		}
@@ -221,44 +212,34 @@ public class DefaultSavedRequest implements SavedRequest {
 	 * @return true if the request is deemed to match this one.
 	 */
 	public boolean doesRequestMatch(HttpServletRequest request, PortResolver portResolver) {
-
 		if (!propertyEquals("pathInfo", this.pathInfo, request.getPathInfo())) {
 			return false;
 		}
-
 		if (!propertyEquals("queryString", this.queryString, request.getQueryString())) {
 			return false;
 		}
-
 		if (!propertyEquals("requestURI", this.requestURI, request.getRequestURI())) {
 			return false;
 		}
-
 		if (!"GET".equals(request.getMethod()) && "GET".equals(this.method)) {
 			// A save GET should not match an incoming non-GET method
 			return false;
 		}
-
 		if (!propertyEquals("serverPort", this.serverPort, portResolver.getServerPort(request))) {
 			return false;
 		}
-
 		if (!propertyEquals("requestURL", this.requestURL, request.getRequestURL().toString())) {
 			return false;
 		}
-
 		if (!propertyEquals("scheme", this.scheme, request.getScheme())) {
 			return false;
 		}
-
 		if (!propertyEquals("serverName", this.serverName, request.getServerName())) {
 			return false;
 		}
-
 		if (!propertyEquals("contextPath", this.contextPath, request.getContextPath())) {
 			return false;
 		}
-
 		return propertyEquals("servletPath", this.servletPath, request.getServletPath());
 
 	}
@@ -270,11 +251,9 @@ public class DefaultSavedRequest implements SavedRequest {
 	@Override
 	public List<Cookie> getCookies() {
 		List<Cookie> cookieList = new ArrayList<>(this.cookies.size());
-
 		for (SavedCookie savedCookie : this.cookies) {
 			cookieList.add(savedCookie.getCookie());
 		}
-
 		return cookieList;
 	}
 
@@ -296,12 +275,7 @@ public class DefaultSavedRequest implements SavedRequest {
 	@Override
 	public List<String> getHeaderValues(String name) {
 		List<String> values = this.headers.get(name);
-
-		if (values == null) {
-			return Collections.emptyList();
-		}
-
-		return values;
+		return (values != null) ? values : Collections.emptyList();
 	}
 
 	@Override
@@ -362,35 +336,19 @@ public class DefaultSavedRequest implements SavedRequest {
 
 	private boolean propertyEquals(String log, Object arg1, Object arg2) {
 		if ((arg1 == null) && (arg2 == null)) {
-			if (logger.isDebugEnabled()) {
-				logger.debug(log + ": both null (property equals)");
-			}
-
+			logger.debug(LogMessage.format("%s: both null (property equals)", log));
 			return true;
 		}
-
 		if (arg1 == null || arg2 == null) {
-			if (logger.isDebugEnabled()) {
-				logger.debug(log + ": arg1=" + arg1 + "; arg2=" + arg2 + " (property not equals)");
-			}
-
+			logger.debug(LogMessage.format("%s: arg1=%s; arg2=%s (property not equals)", log, arg1, arg2));
 			return false;
 		}
-
 		if (arg1.equals(arg2)) {
-			if (logger.isDebugEnabled()) {
-				logger.debug(log + ": arg1=" + arg1 + "; arg2=" + arg2 + " (property equals)");
-			}
-
+			logger.debug(LogMessage.format("%s: arg1=%s; arg2=%s (property equals)", log, arg1, arg2));
 			return true;
 		}
-		else {
-			if (logger.isDebugEnabled()) {
-				logger.debug(log + ": arg1=" + arg1 + "; arg2=" + arg2 + " (property not equals)");
-			}
-
-			return false;
-		}
+		logger.debug(LogMessage.format("%s: arg1=%s; arg2=%s (property not equals)", log, arg1, arg2));
+		return false;
 	}
 
 	@Override
@@ -514,7 +472,6 @@ public class DefaultSavedRequest implements SavedRequest {
 				savedRequest.locales.addAll(this.locales);
 			}
 			savedRequest.addParameters(this.parameters);
-
 			this.headers.remove(HEADER_IF_MODIFIED_SINCE);
 			this.headers.remove(HEADER_IF_NONE_MATCH);
 			for (Map.Entry<String, List<String>> entry : this.headers.entrySet()) {
diff --git a/web/src/main/java/org/springframework/security/web/savedrequest/Enumerator.java b/web/src/main/java/org/springframework/security/web/savedrequest/Enumerator.java
index 45e7e69983..fdcb553b55 100644
--- a/web/src/main/java/org/springframework/security/web/savedrequest/Enumerator.java
+++ b/web/src/main/java/org/springframework/security/web/savedrequest/Enumerator.java
@@ -78,17 +78,14 @@ public class Enumerator<T> implements Enumeration<T> {
 	 * @param clone true to clone iterator
 	 */
 	public Enumerator(Iterator<T> iterator, boolean clone) {
-
 		if (!clone) {
 			this.iterator = iterator;
 		}
 		else {
 			List<T> list = new ArrayList<>();
-
 			while (iterator.hasNext()) {
 				list.add(iterator.next());
 			}
-
 			this.iterator = list.iterator();
 		}
 	}
diff --git a/web/src/main/java/org/springframework/security/web/savedrequest/FastHttpDateFormat.java b/web/src/main/java/org/springframework/security/web/savedrequest/FastHttpDateFormat.java
index 58bdb08cfd..dd11a3c5b0 100644
--- a/web/src/main/java/org/springframework/security/web/savedrequest/FastHttpDateFormat.java
+++ b/web/src/main/java/org/springframework/security/web/savedrequest/FastHttpDateFormat.java
@@ -34,36 +34,49 @@ import java.util.TimeZone;
  */
 public final class FastHttpDateFormat {
 
-	/** HTTP date format. */
+	/**
+	 * HTTP date format.
+	 */
 	protected static final SimpleDateFormat format = new SimpleDateFormat("EEE, dd MMM yyyy HH:mm:ss zzz", Locale.US);
 
-	/** The set of SimpleDateFormat formats to use in <code>getDateHeader()</code>. */
+	/**
+	 * The set of SimpleDateFormat formats to use in <code>getDateHeader()</code>.
+	 */
 	protected static final SimpleDateFormat[] formats = {
 			new SimpleDateFormat("EEE, dd MMM yyyy HH:mm:ss zzz", Locale.US),
 			new SimpleDateFormat("EEEEEE, dd-MMM-yy HH:mm:ss zzz", Locale.US),
 			new SimpleDateFormat("EEE MMMM d HH:mm:ss yyyy", Locale.US) };
 
-	/** GMT time zone - all HTTP dates are on GMT */
+	/**
+	 * GMT time zone - all HTTP dates are on GMT
+	 */
 	protected static final TimeZone gmtZone = TimeZone.getTimeZone("GMT");
 
 	static {
 		format.setTimeZone(gmtZone);
-
 		formats[0].setTimeZone(gmtZone);
 		formats[1].setTimeZone(gmtZone);
 		formats[2].setTimeZone(gmtZone);
 	}
 
-	/** Instant on which the currentDate object was generated. */
+	/**
+	 * Instant on which the currentDate object was generated.
+	 */
 	protected static long currentDateGenerated = 0L;
 
-	/** Current formatted date. */
+	/**
+	 * Current formatted date.
+	 */
 	protected static String currentDate = null;
 
-	/** Formatter cache. */
+	/**
+	 * Formatter cache.
+	 */
 	protected static final HashMap<Long, String> formatCache = new HashMap<>();
 
-	/** Parser cache. */
+	/**
+	 * Parser cache.
+	 */
 	protected static final HashMap<String, Long> parseCache = new HashMap<>();
 
 	private FastHttpDateFormat() {
@@ -80,23 +93,18 @@ public final class FastHttpDateFormat {
 	public static String formatDate(long value, DateFormat threadLocalformat) {
 		String cachedDate = null;
 		Long longValue = value;
-
 		try {
 			cachedDate = formatCache.get(longValue);
 		}
-		catch (Exception ignored) {
+		catch (Exception ex) {
 		}
-
 		if (cachedDate != null) {
 			return cachedDate;
 		}
-
 		String newDate;
 		Date dateValue = new Date(value);
-
 		if (threadLocalformat != null) {
 			newDate = threadLocalformat.format(dateValue);
-
 			synchronized (formatCache) {
 				updateCache(formatCache, longValue, newDate);
 			}
@@ -107,7 +115,6 @@ public final class FastHttpDateFormat {
 				updateCache(formatCache, longValue, newDate);
 			}
 		}
-
 		return newDate;
 	}
 
@@ -117,7 +124,6 @@ public final class FastHttpDateFormat {
 	 */
 	public static String getCurrentDate() {
 		long now = System.currentTimeMillis();
-
 		if ((now - currentDateGenerated) > 1000) {
 			synchronized (format) {
 				if ((now - currentDateGenerated) > 1000) {
@@ -126,7 +132,6 @@ public final class FastHttpDateFormat {
 				}
 			}
 		}
-
 		return currentDate;
 	}
 
@@ -138,19 +143,16 @@ public final class FastHttpDateFormat {
 	 */
 	private static Long internalParseDate(String value, DateFormat[] formats) {
 		Date date = null;
-
 		for (int i = 0; (date == null) && (i < formats.length); i++) {
 			try {
 				date = formats[i].parse(value);
 			}
-			catch (ParseException ignored) {
+			catch (ParseException ex) {
 			}
 		}
-
 		if (date == null) {
 			return null;
 		}
-
 		return date.getTime();
 	}
 
@@ -164,22 +166,17 @@ public final class FastHttpDateFormat {
 	 */
 	public static long parseDate(String value, DateFormat[] threadLocalformats) {
 		Long cachedDate = null;
-
 		try {
 			cachedDate = parseCache.get(value);
 		}
-		catch (Exception ignored) {
+		catch (Exception ex) {
 		}
-
 		if (cachedDate != null) {
 			return cachedDate;
 		}
-
 		Long date;
-
 		if (threadLocalformats != null) {
 			date = internalParseDate(value, threadLocalformats);
-
 			synchronized (parseCache) {
 				updateCache(parseCache, value, date);
 			}
@@ -190,13 +187,7 @@ public final class FastHttpDateFormat {
 				updateCache(parseCache, value, date);
 			}
 		}
-
-		if (date == null) {
-			return (-1L);
-		}
-		else {
-			return date;
-		}
+		return (date != null) ? date : -1L;
 	}
 
 	/**
@@ -210,11 +201,9 @@ public final class FastHttpDateFormat {
 		if (value == null) {
 			return;
 		}
-
 		if (cache.size() > 1000) {
 			cache.clear();
 		}
-
 		cache.put(key, value);
 	}
 
diff --git a/web/src/main/java/org/springframework/security/web/savedrequest/HttpSessionRequestCache.java b/web/src/main/java/org/springframework/security/web/savedrequest/HttpSessionRequestCache.java
index ba261fb0e7..a3ac70e4c1 100644
--- a/web/src/main/java/org/springframework/security/web/savedrequest/HttpSessionRequestCache.java
+++ b/web/src/main/java/org/springframework/security/web/savedrequest/HttpSessionRequestCache.java
@@ -23,6 +23,7 @@ import javax.servlet.http.HttpSession;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
+import org.springframework.core.log.LogMessage;
 import org.springframework.security.web.PortResolver;
 import org.springframework.security.web.PortResolverImpl;
 import org.springframework.security.web.util.UrlUtils;
@@ -57,37 +58,29 @@ public class HttpSessionRequestCache implements RequestCache {
 	 */
 	@Override
 	public void saveRequest(HttpServletRequest request, HttpServletResponse response) {
-		if (this.requestMatcher.matches(request)) {
-			DefaultSavedRequest savedRequest = new DefaultSavedRequest(request, this.portResolver);
-
-			if (this.createSessionAllowed || request.getSession(false) != null) {
-				// Store the HTTP request itself. Used by
-				// AbstractAuthenticationProcessingFilter
-				// for redirection after successful authentication (SEC-29)
-				request.getSession().setAttribute(this.sessionAttrName, savedRequest);
-				this.logger.debug("DefaultSavedRequest added to Session: " + savedRequest);
-			}
-		}
-		else {
+		if (!this.requestMatcher.matches(request)) {
 			this.logger.debug("Request not saved as configured RequestMatcher did not match");
+			return;
+		}
+		DefaultSavedRequest savedRequest = new DefaultSavedRequest(request, this.portResolver);
+		if (this.createSessionAllowed || request.getSession(false) != null) {
+			// Store the HTTP request itself. Used by
+			// AbstractAuthenticationProcessingFilter
+			// for redirection after successful authentication (SEC-29)
+			request.getSession().setAttribute(this.sessionAttrName, savedRequest);
+			this.logger.debug(LogMessage.format("DefaultSavedRequest added to Session: %s", savedRequest));
 		}
 	}
 
 	@Override
 	public SavedRequest getRequest(HttpServletRequest currentRequest, HttpServletResponse response) {
 		HttpSession session = currentRequest.getSession(false);
-
-		if (session != null) {
-			return (SavedRequest) session.getAttribute(this.sessionAttrName);
-		}
-
-		return null;
+		return (session != null) ? (SavedRequest) session.getAttribute(this.sessionAttrName) : null;
 	}
 
 	@Override
 	public void removeRequest(HttpServletRequest currentRequest, HttpServletResponse response) {
 		HttpSession session = currentRequest.getSession(false);
-
 		if (session != null) {
 			this.logger.debug("Removing DefaultSavedRequest from session if present");
 			session.removeAttribute(this.sessionAttrName);
@@ -97,14 +90,11 @@ public class HttpSessionRequestCache implements RequestCache {
 	@Override
 	public HttpServletRequest getMatchingRequest(HttpServletRequest request, HttpServletResponse response) {
 		SavedRequest saved = getRequest(request, response);
-
 		if (!matchesSavedRequest(request, saved)) {
 			this.logger.debug("saved request doesn't match");
 			return null;
 		}
-
 		removeRequest(request, response);
-
 		return new SavedRequestAwareWrapper(saved, request);
 	}
 
@@ -112,12 +102,10 @@ public class HttpSessionRequestCache implements RequestCache {
 		if (savedRequest == null) {
 			return false;
 		}
-
 		if (savedRequest instanceof DefaultSavedRequest) {
 			DefaultSavedRequest defaultSavedRequest = (DefaultSavedRequest) savedRequest;
 			return defaultSavedRequest.doesRequestMatch(request, this.portResolver);
 		}
-
 		String currentUrl = UrlUtils.buildFullRequestUrl(request);
 		return savedRequest.getRedirectUrl().equals(currentUrl);
 	}
diff --git a/web/src/main/java/org/springframework/security/web/savedrequest/RequestCacheAwareFilter.java b/web/src/main/java/org/springframework/security/web/savedrequest/RequestCacheAwareFilter.java
index 27657614c0..74b769c1ee 100644
--- a/web/src/main/java/org/springframework/security/web/savedrequest/RequestCacheAwareFilter.java
+++ b/web/src/main/java/org/springframework/security/web/savedrequest/RequestCacheAwareFilter.java
@@ -58,10 +58,8 @@ public class RequestCacheAwareFilter extends GenericFilterBean {
 	@Override
 	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
 			throws IOException, ServletException {
-
 		HttpServletRequest wrappedSavedRequest = this.requestCache.getMatchingRequest((HttpServletRequest) request,
 				(HttpServletResponse) response);
-
 		chain.doFilter((wrappedSavedRequest != null) ? wrappedSavedRequest : request, response);
 	}
 
diff --git a/web/src/main/java/org/springframework/security/web/savedrequest/SavedCookie.java b/web/src/main/java/org/springframework/security/web/savedrequest/SavedCookie.java
index 79f6651e74..9357e98fbe 100644
--- a/web/src/main/java/org/springframework/security/web/savedrequest/SavedCookie.java
+++ b/web/src/main/java/org/springframework/security/web/savedrequest/SavedCookie.java
@@ -93,24 +93,20 @@ public class SavedCookie implements Serializable {
 	}
 
 	public Cookie getCookie() {
-		Cookie c = new Cookie(getName(), getValue());
-
+		Cookie cookie = new Cookie(getName(), getValue());
 		if (getComment() != null) {
-			c.setComment(getComment());
+			cookie.setComment(getComment());
 		}
-
 		if (getDomain() != null) {
-			c.setDomain(getDomain());
+			cookie.setDomain(getDomain());
 		}
-
 		if (getPath() != null) {
-			c.setPath(getPath());
+			cookie.setPath(getPath());
 		}
-
-		c.setVersion(getVersion());
-		c.setMaxAge(getMaxAge());
-		c.setSecure(isSecure());
-		return c;
+		cookie.setVersion(getVersion());
+		cookie.setMaxAge(getMaxAge());
+		cookie.setSecure(isSecure());
+		return cookie;
 	}
 
 }
diff --git a/web/src/main/java/org/springframework/security/web/savedrequest/SavedRequestAwareWrapper.java b/web/src/main/java/org/springframework/security/web/savedrequest/SavedRequestAwareWrapper.java
index adee0172e6..dfd4726675 100644
--- a/web/src/main/java/org/springframework/security/web/savedrequest/SavedRequestAwareWrapper.java
+++ b/web/src/main/java/org/springframework/security/web/savedrequest/SavedRequestAwareWrapper.java
@@ -73,11 +73,9 @@ class SavedRequestAwareWrapper extends HttpServletRequestWrapper {
 	SavedRequestAwareWrapper(SavedRequest saved, HttpServletRequest request) {
 		super(request);
 		this.savedRequest = saved;
-
 		this.formats[0] = new SimpleDateFormat("EEE, dd MMM yyyy HH:mm:ss zzz", Locale.US);
 		this.formats[1] = new SimpleDateFormat("EEEEEE, dd-MMM-yy HH:mm:ss zzz", Locale.US);
 		this.formats[2] = new SimpleDateFormat("EEE MMMM d HH:mm:ss yyyy", Locale.US);
-
 		this.formats[0].setTimeZone(GMT_ZONE);
 		this.formats[1].setTimeZone(GMT_ZONE);
 		this.formats[2].setTimeZone(GMT_ZONE);
@@ -86,25 +84,20 @@ class SavedRequestAwareWrapper extends HttpServletRequestWrapper {
 	@Override
 	public long getDateHeader(String name) {
 		String value = getHeader(name);
-
 		if (value == null) {
 			return -1L;
 		}
-
 		// Attempt to convert the date header in a variety of formats
 		long result = FastHttpDateFormat.parseDate(value, this.formats);
-
 		if (result != -1L) {
 			return result;
 		}
-
 		throw new IllegalArgumentException(value);
 	}
 
 	@Override
 	public String getHeader(String name) {
 		List<String> values = this.savedRequest.getHeaderValues(name);
-
 		return values.isEmpty() ? null : values.get(0);
 	}
 
@@ -123,19 +116,12 @@ class SavedRequestAwareWrapper extends HttpServletRequestWrapper {
 	@Override
 	public int getIntHeader(String name) {
 		String value = getHeader(name);
-
-		if (value == null) {
-			return -1;
-		}
-		else {
-			return Integer.parseInt(value);
-		}
+		return (value != null) ? Integer.parseInt(value) : -1;
 	}
 
 	@Override
 	public Locale getLocale() {
 		List<Locale> locales = this.savedRequest.getLocales();
-
 		return locales.isEmpty() ? Locale.getDefault() : locales.get(0);
 	}
 
@@ -143,13 +129,11 @@ class SavedRequestAwareWrapper extends HttpServletRequestWrapper {
 	@SuppressWarnings("unchecked")
 	public Enumeration getLocales() {
 		List<Locale> locales = this.savedRequest.getLocales();
-
 		if (locales.isEmpty()) {
 			// Fall back to default locale
 			locales = new ArrayList<>(1);
 			locales.add(Locale.getDefault());
 		}
-
 		return new Enumerator<>(locales);
 	}
 
@@ -171,17 +155,13 @@ class SavedRequestAwareWrapper extends HttpServletRequestWrapper {
 	@Override
 	public String getParameter(String name) {
 		String value = super.getParameter(name);
-
 		if (value != null) {
 			return value;
 		}
-
 		String[] values = this.savedRequest.getParameterValues(name);
-
 		if (values == null || values.length == 0) {
 			return null;
 		}
-
 		return values[0];
 	}
 
@@ -190,11 +170,9 @@ class SavedRequestAwareWrapper extends HttpServletRequestWrapper {
 	public Map getParameterMap() {
 		Set<String> names = getCombinedParameterNames();
 		Map<String, String[]> parameterMap = new HashMap<>(names.size());
-
 		for (String name : names) {
 			parameterMap.put(name, getParameterValues(name));
 		}
-
 		return parameterMap;
 	}
 
@@ -203,7 +181,6 @@ class SavedRequestAwareWrapper extends HttpServletRequestWrapper {
 		Set<String> names = new HashSet<>();
 		names.addAll(super.getParameterMap().keySet());
 		names.addAll(this.savedRequest.getParameterMap().keySet());
-
 		return names;
 	}
 
@@ -217,19 +194,15 @@ class SavedRequestAwareWrapper extends HttpServletRequestWrapper {
 	public String[] getParameterValues(String name) {
 		String[] savedRequestParams = this.savedRequest.getParameterValues(name);
 		String[] wrappedRequestParams = super.getParameterValues(name);
-
 		if (savedRequestParams == null) {
 			return wrappedRequestParams;
 		}
-
 		if (wrappedRequestParams == null) {
 			return savedRequestParams;
 		}
-
 		// We have parameters in both saved and wrapped requests so have to merge them
 		List<String> wrappedParamsList = Arrays.asList(wrappedRequestParams);
 		List<String> combinedParams = new ArrayList<>(wrappedParamsList);
-
 		// We want to add all parameters of the saved request *apart from* duplicates of
 		// those already added
 		for (String savedRequestParam : savedRequestParams) {
@@ -237,7 +210,6 @@ class SavedRequestAwareWrapper extends HttpServletRequestWrapper {
 				combinedParams.add(savedRequestParam);
 			}
 		}
-
 		return combinedParams.toArray(new String[0]);
 	}
 
diff --git a/web/src/main/java/org/springframework/security/web/server/DefaultServerRedirectStrategy.java b/web/src/main/java/org/springframework/security/web/server/DefaultServerRedirectStrategy.java
index 36bf02a42b..4244880daf 100644
--- a/web/src/main/java/org/springframework/security/web/server/DefaultServerRedirectStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/server/DefaultServerRedirectStrategy.java
@@ -22,6 +22,7 @@ import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import reactor.core.publisher.Mono;
 
+import org.springframework.core.log.LogMessage;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.server.reactive.ServerHttpResponse;
 import org.springframework.util.Assert;
@@ -50,9 +51,7 @@ public class DefaultServerRedirectStrategy implements ServerRedirectStrategy {
 			ServerHttpResponse response = exchange.getResponse();
 			response.setStatusCode(this.httpStatus);
 			URI newLocation = createLocation(exchange, location);
-			if (logger.isDebugEnabled()) {
-				logger.debug("Redirecting to '" + newLocation + "'");
-			}
+			logger.debug(LogMessage.format("Redirecting to '%s'", newLocation));
 			response.getHeaders().setLocation(newLocation);
 		});
 	}
diff --git a/web/src/main/java/org/springframework/security/web/server/DelegatingServerAuthenticationEntryPoint.java b/web/src/main/java/org/springframework/security/web/server/DelegatingServerAuthenticationEntryPoint.java
index 633a996302..1a3ca56676 100644
--- a/web/src/main/java/org/springframework/security/web/server/DelegatingServerAuthenticationEntryPoint.java
+++ b/web/src/main/java/org/springframework/security/web/server/DelegatingServerAuthenticationEntryPoint.java
@@ -24,9 +24,11 @@ import org.apache.commons.logging.LogFactory;
 import reactor.core.publisher.Flux;
 import reactor.core.publisher.Mono;
 
+import org.springframework.core.log.LogMessage;
 import org.springframework.http.HttpStatus;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher;
+import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher.MatchResult;
 import org.springframework.util.Assert;
 import org.springframework.web.server.ServerWebExchange;
 
@@ -44,7 +46,7 @@ public class DelegatingServerAuthenticationEntryPoint implements ServerAuthentic
 
 	private final List<DelegateEntry> entryPoints;
 
-	private ServerAuthenticationEntryPoint defaultEntryPoint = (exchange, e) -> {
+	private ServerAuthenticationEntryPoint defaultEntryPoint = (exchange, ex) -> {
 		exchange.getResponse().setStatusCode(HttpStatus.UNAUTHORIZED);
 		return exchange.getResponse().setComplete();
 	};
@@ -61,23 +63,18 @@ public class DelegatingServerAuthenticationEntryPoint implements ServerAuthentic
 	@Override
 	public Mono<Void> commence(ServerWebExchange exchange, AuthenticationException ex) {
 		return Flux.fromIterable(this.entryPoints).filterWhen((entry) -> isMatch(exchange, entry)).next()
-				.map((entry) -> entry.getEntryPoint()).doOnNext((it) -> {
-					if (logger.isDebugEnabled()) {
-						logger.debug("Match found! Executing " + it);
-					}
-				}).switchIfEmpty(Mono.just(this.defaultEntryPoint).doOnNext((it) -> {
-					if (logger.isDebugEnabled()) {
-						logger.debug("No match found. Using default entry point " + this.defaultEntryPoint);
-					}
-				})).flatMap((entryPoint) -> entryPoint.commence(exchange, ex));
+				.map((entry) -> entry.getEntryPoint())
+				.doOnNext((entryPoint) -> logger.debug(LogMessage.format("Match found! Executing %s", entryPoint)))
+				.switchIfEmpty(Mono.just(this.defaultEntryPoint)
+						.doOnNext((entryPoint) -> logger.debug(LogMessage
+								.format("No match found. Using default entry point %s", this.defaultEntryPoint))))
+				.flatMap((entryPoint) -> entryPoint.commence(exchange, ex));
 	}
 
 	private Mono<Boolean> isMatch(ServerWebExchange exchange, DelegateEntry entry) {
 		ServerWebExchangeMatcher matcher = entry.getMatcher();
-		if (logger.isDebugEnabled()) {
-			logger.debug("Trying to match using " + matcher);
-		}
-		return matcher.matches(exchange).map((result) -> result.isMatch());
+		logger.debug(LogMessage.format("Trying to match using %s", matcher));
+		return matcher.matches(exchange).map(MatchResult::isMatch);
 	}
 
 	/**
diff --git a/web/src/main/java/org/springframework/security/web/server/ServerHttpBasicAuthenticationConverter.java b/web/src/main/java/org/springframework/security/web/server/ServerHttpBasicAuthenticationConverter.java
index e0afa30196..3f58b31ec7 100644
--- a/web/src/main/java/org/springframework/security/web/server/ServerHttpBasicAuthenticationConverter.java
+++ b/web/src/main/java/org/springframework/security/web/server/ServerHttpBasicAuthenticationConverter.java
@@ -47,26 +47,18 @@ public class ServerHttpBasicAuthenticationConverter implements Function<ServerWe
 	@Deprecated
 	public Mono<Authentication> apply(ServerWebExchange exchange) {
 		ServerHttpRequest request = exchange.getRequest();
-
 		String authorization = request.getHeaders().getFirst(HttpHeaders.AUTHORIZATION);
 		if (!StringUtils.startsWithIgnoreCase(authorization, "basic ")) {
 			return Mono.empty();
 		}
-
 		String credentials = (authorization.length() <= BASIC.length()) ? ""
 				: authorization.substring(BASIC.length(), authorization.length());
-		byte[] decodedCredentials = base64Decode(credentials);
-		String decodedAuthz = new String(decodedCredentials);
-		String[] userParts = decodedAuthz.split(":", 2);
-
-		if (userParts.length != 2) {
+		String decoded = new String(base64Decode(credentials));
+		String[] parts = decoded.split(":", 2);
+		if (parts.length != 2) {
 			return Mono.empty();
 		}
-
-		String username = userParts[0];
-		String password = userParts[1];
-
-		return Mono.just(new UsernamePasswordAuthenticationToken(username, password));
+		return Mono.just(new UsernamePasswordAuthenticationToken(parts[0], parts[1]));
 	}
 
 	private byte[] base64Decode(String value) {
diff --git a/web/src/main/java/org/springframework/security/web/server/WebFilterChainProxy.java b/web/src/main/java/org/springframework/security/web/server/WebFilterChainProxy.java
index 0e03b36497..f4654ab25f 100644
--- a/web/src/main/java/org/springframework/security/web/server/WebFilterChainProxy.java
+++ b/web/src/main/java/org/springframework/security/web/server/WebFilterChainProxy.java
@@ -52,8 +52,7 @@ public class WebFilterChainProxy implements WebFilter {
 				.filterWhen((securityWebFilterChain) -> securityWebFilterChain.matches(exchange)).next()
 				.switchIfEmpty(chain.filter(exchange).then(Mono.empty()))
 				.flatMap((securityWebFilterChain) -> securityWebFilterChain.getWebFilters().collectList())
-				.map((filters) -> new FilteringWebHandler((webHandler) -> chain.filter(webHandler), filters))
-				.map((handler) -> new DefaultWebFilterChain(handler))
+				.map((filters) -> new FilteringWebHandler(chain::filter, filters)).map(DefaultWebFilterChain::new)
 				.flatMap((securedChain) -> securedChain.filter(exchange));
 	}
 
diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/AnonymousAuthenticationWebFilter.java b/web/src/main/java/org/springframework/security/web/server/authentication/AnonymousAuthenticationWebFilter.java
index 131cf14796..9f212b2c19 100644
--- a/web/src/main/java/org/springframework/security/web/server/authentication/AnonymousAuthenticationWebFilter.java
+++ b/web/src/main/java/org/springframework/security/web/server/authentication/AnonymousAuthenticationWebFilter.java
@@ -22,6 +22,7 @@ import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import reactor.core.publisher.Mono;
 
+import org.springframework.core.log.LogMessage;
 import org.springframework.security.authentication.AnonymousAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.GrantedAuthority;
@@ -80,24 +81,19 @@ public class AnonymousAuthenticationWebFilter implements WebFilter {
 		return ReactiveSecurityContextHolder.getContext().switchIfEmpty(Mono.defer(() -> {
 			Authentication authentication = createAuthentication(exchange);
 			SecurityContext securityContext = new SecurityContextImpl(authentication);
-			if (logger.isDebugEnabled()) {
-				logger.debug("Populated SecurityContext with anonymous token: '" + authentication + "'");
-			}
+			logger.debug(LogMessage.format("Populated SecurityContext with anonymous token: '%s'", authentication));
 			return chain.filter(exchange)
 					.subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(securityContext)))
 					.then(Mono.empty());
 		})).flatMap((securityContext) -> {
-			if (logger.isDebugEnabled()) {
-				logger.debug("SecurityContext contains anonymous token: '" + securityContext.getAuthentication() + "'");
-			}
+			logger.debug(LogMessage.format("SecurityContext contains anonymous token: '%s'",
+					securityContext.getAuthentication()));
 			return chain.filter(exchange);
 		});
 	}
 
 	protected Authentication createAuthentication(ServerWebExchange exchange) {
-		AnonymousAuthenticationToken auth = new AnonymousAuthenticationToken(this.key, this.principal,
-				this.authorities);
-		return auth;
+		return new AnonymousAuthenticationToken(this.key, this.principal, this.authorities);
 	}
 
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/AuthenticationConverterServerWebExchangeMatcher.java b/web/src/main/java/org/springframework/security/web/server/authentication/AuthenticationConverterServerWebExchangeMatcher.java
index 8b60a584e7..adea58aef4 100644
--- a/web/src/main/java/org/springframework/security/web/server/authentication/AuthenticationConverterServerWebExchangeMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/server/authentication/AuthenticationConverterServerWebExchangeMatcher.java
@@ -44,7 +44,7 @@ public final class AuthenticationConverterServerWebExchangeMatcher implements Se
 	@Override
 	public Mono<MatchResult> matches(ServerWebExchange exchange) {
 		return this.serverAuthenticationConverter.convert(exchange).flatMap((a) -> MatchResult.match())
-				.onErrorResume((e) -> MatchResult.notMatch()).switchIfEmpty(MatchResult.notMatch());
+				.onErrorResume((ex) -> MatchResult.notMatch()).switchIfEmpty(MatchResult.notMatch());
 	}
 
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/AuthenticationWebFilter.java b/web/src/main/java/org/springframework/security/web/server/authentication/AuthenticationWebFilter.java
index b7d51de9d2..45178bb078 100644
--- a/web/src/main/java/org/springframework/security/web/server/authentication/AuthenticationWebFilter.java
+++ b/web/src/main/java/org/springframework/security/web/server/authentication/AuthenticationWebFilter.java
@@ -22,6 +22,7 @@ import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import reactor.core.publisher.Mono;
 
+import org.springframework.core.log.LogMessage;
 import org.springframework.security.authentication.ReactiveAuthenticationManager;
 import org.springframework.security.authentication.ReactiveAuthenticationManagerResolver;
 import org.springframework.security.core.Authentication;
@@ -111,8 +112,8 @@ public class AuthenticationWebFilter implements WebFilter {
 				.flatMap((matchResult) -> this.authenticationConverter.convert(exchange))
 				.switchIfEmpty(chain.filter(exchange).then(Mono.empty()))
 				.flatMap((token) -> authenticate(exchange, chain, token))
-				.onErrorResume(AuthenticationException.class, (e) -> this.authenticationFailureHandler
-						.onAuthenticationFailure(new WebFilterExchange(exchange, chain), e));
+				.onErrorResume(AuthenticationException.class, (ex) -> this.authenticationFailureHandler
+						.onAuthenticationFailure(new WebFilterExchange(exchange, chain), ex));
 	}
 
 	private Mono<Void> authenticate(ServerWebExchange exchange, WebFilterChain chain, Authentication token) {
@@ -122,11 +123,8 @@ public class AuthenticationWebFilter implements WebFilter {
 						() -> Mono.error(new IllegalStateException("No provider found for " + token.getClass()))))
 				.flatMap((authentication) -> onAuthenticationSuccess(authentication,
 						new WebFilterExchange(exchange, chain)))
-				.doOnError(AuthenticationException.class, (e) -> {
-					if (logger.isDebugEnabled()) {
-						logger.debug("Authentication failed: " + e.getMessage());
-					}
-				});
+				.doOnError(AuthenticationException.class,
+						(ex) -> logger.debug(LogMessage.format("Authentication failed: %s", ex.getMessage())));
 	}
 
 	protected Mono<Void> onAuthenticationSuccess(Authentication authentication, WebFilterExchange webFilterExchange) {
diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/ReactivePreAuthenticatedAuthenticationManager.java b/web/src/main/java/org/springframework/security/web/server/authentication/ReactivePreAuthenticatedAuthenticationManager.java
index d21ff1363f..f60ee37a6e 100644
--- a/web/src/main/java/org/springframework/security/web/server/authentication/ReactivePreAuthenticatedAuthenticationManager.java
+++ b/web/src/main/java/org/springframework/security/web/server/authentication/ReactivePreAuthenticatedAuthenticationManager.java
@@ -61,11 +61,10 @@ public class ReactivePreAuthenticatedAuthenticationManager implements ReactiveAu
 		return Mono.just(authentication).filter(this::supports).map(Authentication::getName)
 				.flatMap(this.userDetailsService::findByUsername)
 				.switchIfEmpty(Mono.error(() -> new UsernameNotFoundException("User not found")))
-				.doOnNext(this.userDetailsChecker::check).map((ud) -> {
-					PreAuthenticatedAuthenticationToken result = new PreAuthenticatedAuthenticationToken(ud,
-							authentication.getCredentials(), ud.getAuthorities());
+				.doOnNext(this.userDetailsChecker::check).map((userDetails) -> {
+					PreAuthenticatedAuthenticationToken result = new PreAuthenticatedAuthenticationToken(userDetails,
+							authentication.getCredentials(), userDetails.getAuthorities());
 					result.setDetails(authentication.getDetails());
-
 					return result;
 				});
 	}
diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/ServerX509AuthenticationConverter.java b/web/src/main/java/org/springframework/security/web/server/authentication/ServerX509AuthenticationConverter.java
index f7b9caae19..f94ebe91bc 100644
--- a/web/src/main/java/org/springframework/security/web/server/authentication/ServerX509AuthenticationConverter.java
+++ b/web/src/main/java/org/springframework/security/web/server/authentication/ServerX509AuthenticationConverter.java
@@ -50,28 +50,16 @@ public class ServerX509AuthenticationConverter implements ServerAuthenticationCo
 	public Mono<Authentication> convert(ServerWebExchange exchange) {
 		SslInfo sslInfo = exchange.getRequest().getSslInfo();
 		if (sslInfo == null) {
-			if (this.logger.isDebugEnabled()) {
-				this.logger.debug("No SslInfo provided with a request, skipping x509 authentication");
-			}
-
+			this.logger.debug("No SslInfo provided with a request, skipping x509 authentication");
 			return Mono.empty();
 		}
-
 		if (sslInfo.getPeerCertificates() == null || sslInfo.getPeerCertificates().length == 0) {
-			if (this.logger.isDebugEnabled()) {
-				this.logger.debug("No peer certificates found in SslInfo, skipping x509 authentication");
-			}
-
+			this.logger.debug("No peer certificates found in SslInfo, skipping x509 authentication");
 			return Mono.empty();
 		}
-
 		X509Certificate clientCertificate = sslInfo.getPeerCertificates()[0];
 		Object principal = this.principalExtractor.extractPrincipal(clientCertificate);
-
-		PreAuthenticatedAuthenticationToken authRequest = new PreAuthenticatedAuthenticationToken(principal,
-				clientCertificate);
-
-		return Mono.just(authRequest);
+		return Mono.just(new PreAuthenticatedAuthenticationToken(principal, clientCertificate));
 	}
 
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/SwitchUserWebFilter.java b/web/src/main/java/org/springframework/security/web/server/authentication/SwitchUserWebFilter.java
index 38f59f48f2..410da7cb6c 100644
--- a/web/src/main/java/org/springframework/security/web/server/authentication/SwitchUserWebFilter.java
+++ b/web/src/main/java/org/springframework/security/web/server/authentication/SwitchUserWebFilter.java
@@ -25,6 +25,7 @@ import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import reactor.core.publisher.Mono;
 
+import org.springframework.core.log.LogMessage;
 import org.springframework.http.HttpMethod;
 import org.springframework.lang.NonNull;
 import org.springframework.lang.Nullable;
@@ -125,11 +126,9 @@ public class SwitchUserWebFilter implements WebFilter {
 			@Nullable ServerAuthenticationFailureHandler failureHandler) {
 		Assert.notNull(userDetailsService, "userDetailsService must be specified");
 		Assert.notNull(successHandler, "successHandler must be specified");
-
 		this.userDetailsService = userDetailsService;
 		this.successHandler = successHandler;
 		this.failureHandler = failureHandler;
-
 		this.securityContextRepository = new WebSessionServerSecurityContextRepository();
 		this.userDetailsChecker = new AccountStatusUserDetailsChecker();
 	}
@@ -147,17 +146,10 @@ public class SwitchUserWebFilter implements WebFilter {
 			@Nullable String failureTargetUrl) {
 		Assert.notNull(userDetailsService, "userDetailsService must be specified");
 		Assert.notNull(successTargetUrl, "successTargetUrl must be specified");
-
 		this.userDetailsService = userDetailsService;
 		this.successHandler = new RedirectServerAuthenticationSuccessHandler(successTargetUrl);
-
-		if (failureTargetUrl != null) {
-			this.failureHandler = new RedirectServerAuthenticationFailureHandler(failureTargetUrl);
-		}
-		else {
-			this.failureHandler = null;
-		}
-
+		this.failureHandler = (failureTargetUrl != null)
+				? new RedirectServerAuthenticationFailureHandler(failureTargetUrl) : null;
 		this.securityContextRepository = new WebSessionServerSecurityContextRepository();
 		this.userDetailsChecker = new AccountStatusUserDetailsChecker();
 	}
@@ -165,7 +157,6 @@ public class SwitchUserWebFilter implements WebFilter {
 	@Override
 	public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
 		final WebFilterExchange webFilterExchange = new WebFilterExchange(exchange, chain);
-
 		return switchUser(webFilterExchange).switchIfEmpty(Mono.defer(() -> exitSwitchUser(webFilterExchange)))
 				.switchIfEmpty(Mono.defer(() -> chain.filter(exchange).then(Mono.empty())))
 				.flatMap((authentication) -> onAuthenticationSuccess(authentication, webFilterExchange))
@@ -185,10 +176,10 @@ public class SwitchUserWebFilter implements WebFilter {
 				.filter(ServerWebExchangeMatcher.MatchResult::isMatch)
 				.flatMap((matchResult) -> ReactiveSecurityContextHolder.getContext())
 				.map(SecurityContext::getAuthentication).flatMap((currentAuthentication) -> {
-					final String username = getUsername(webFilterExchange.getExchange());
+					String username = getUsername(webFilterExchange.getExchange());
 					return attemptSwitchUser(currentAuthentication, username);
-				}).onErrorResume(AuthenticationException.class, (e) -> onAuthenticationFailure(e, webFilterExchange)
-						.then(Mono.error(new SwitchUserAuthenticationException(e))));
+				}).onErrorResume(AuthenticationException.class, (ex) -> onAuthenticationFailure(ex, webFilterExchange)
+						.then(Mono.error(new SwitchUserAuthenticationException(ex))));
 	}
 
 	/**
@@ -220,11 +211,7 @@ public class SwitchUserWebFilter implements WebFilter {
 	@NonNull
 	private Mono<Authentication> attemptSwitchUser(Authentication currentAuthentication, String userName) {
 		Assert.notNull(userName, "The userName can not be null.");
-
-		if (this.logger.isDebugEnabled()) {
-			this.logger.debug("Attempt to switch to user [" + userName + "]");
-		}
-
+		this.logger.debug(LogMessage.format("Attempt to switch to user [%s]", userName));
 		return this.userDetailsService.findByUsername(userName)
 				.switchIfEmpty(Mono.error(this::noTargetAuthenticationException))
 				.doOnNext(this.userDetailsChecker::check)
@@ -233,19 +220,17 @@ public class SwitchUserWebFilter implements WebFilter {
 
 	@NonNull
 	private Authentication attemptExitUser(Authentication currentAuthentication) {
-		final Optional<Authentication> sourceAuthentication = extractSourceAuthentication(currentAuthentication);
-
+		Optional<Authentication> sourceAuthentication = extractSourceAuthentication(currentAuthentication);
 		if (!sourceAuthentication.isPresent()) {
 			this.logger.debug("Could not find original user Authentication object!");
 			throw noOriginalAuthenticationException();
 		}
-
 		return sourceAuthentication.get();
 	}
 
 	private Mono<Void> onAuthenticationSuccess(Authentication authentication, WebFilterExchange webFilterExchange) {
-		final ServerWebExchange exchange = webFilterExchange.getExchange();
-		final SecurityContextImpl securityContext = new SecurityContextImpl(authentication);
+		ServerWebExchange exchange = webFilterExchange.getExchange();
+		SecurityContextImpl securityContext = new SecurityContextImpl(authentication);
 		return this.securityContextRepository.save(exchange, securityContext)
 				.then(this.successHandler.onAuthenticationSuccess(webFilterExchange, authentication))
 				.subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(securityContext)));
@@ -259,21 +244,18 @@ public class SwitchUserWebFilter implements WebFilter {
 	}
 
 	private Authentication createSwitchUserToken(UserDetails targetUser, Authentication currentAuthentication) {
-		final Optional<Authentication> sourceAuthentication = extractSourceAuthentication(currentAuthentication);
-
+		Optional<Authentication> sourceAuthentication = extractSourceAuthentication(currentAuthentication);
 		if (sourceAuthentication.isPresent()) {
 			// SEC-1763. Check first if we are already switched.
-			this.logger.info("Found original switch user granted authority [" + sourceAuthentication.get() + "]");
+			this.logger.info(
+					LogMessage.format("Found original switch user granted authority [%s]", sourceAuthentication.get()));
 			currentAuthentication = sourceAuthentication.get();
 		}
-
-		final GrantedAuthority switchAuthority = new SwitchUserGrantedAuthority(ROLE_PREVIOUS_ADMINISTRATOR,
+		GrantedAuthority switchAuthority = new SwitchUserGrantedAuthority(ROLE_PREVIOUS_ADMINISTRATOR,
 				currentAuthentication);
-		final Collection<? extends GrantedAuthority> targetUserAuthorities = targetUser.getAuthorities();
-
-		final List<GrantedAuthority> extendedTargetUserAuthorities = new ArrayList<>(targetUserAuthorities);
+		Collection<? extends GrantedAuthority> targetUserAuthorities = targetUser.getAuthorities();
+		List<GrantedAuthority> extendedTargetUserAuthorities = new ArrayList<>(targetUserAuthorities);
 		extendedTargetUserAuthorities.add(switchAuthority);
-
 		return new UsernamePasswordAuthenticationToken(targetUser, targetUser.getPassword(),
 				extendedTargetUserAuthorities);
 	}
@@ -291,7 +273,7 @@ public class SwitchUserWebFilter implements WebFilter {
 		// iterate over granted authorities and find the 'switch user' authority
 		for (GrantedAuthority authority : currentAuthentication.getAuthorities()) {
 			if (authority instanceof SwitchUserGrantedAuthority) {
-				final SwitchUserGrantedAuthority switchAuthority = (SwitchUserGrantedAuthority) authority;
+				SwitchUserGrantedAuthority switchAuthority = (SwitchUserGrantedAuthority) authority;
 				return Optional.of(switchAuthority.getSource());
 			}
 		}
diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/logout/LogoutWebFilter.java b/web/src/main/java/org/springframework/security/web/server/authentication/logout/LogoutWebFilter.java
index a27b42d657..5f888db0f9 100644
--- a/web/src/main/java/org/springframework/security/web/server/authentication/logout/LogoutWebFilter.java
+++ b/web/src/main/java/org/springframework/security/web/server/authentication/logout/LogoutWebFilter.java
@@ -20,6 +20,7 @@ import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import reactor.core.publisher.Mono;
 
+import org.springframework.core.log.LogMessage;
 import org.springframework.http.HttpMethod;
 import org.springframework.security.authentication.AnonymousAuthenticationToken;
 import org.springframework.security.core.Authentication;
@@ -70,9 +71,7 @@ public class LogoutWebFilter implements WebFilter {
 	}
 
 	private Mono<Void> logout(WebFilterExchange webFilterExchange, Authentication authentication) {
-		if (logger.isDebugEnabled()) {
-			logger.debug("Logging out user '" + authentication + "' and transferring to logout destination");
-		}
+		logger.debug(LogMessage.format("Logging out user '%s' and transferring to logout destination", authentication));
 		return this.logoutHandler.logout(webFilterExchange, authentication)
 				.then(this.logoutSuccessHandler.onLogoutSuccess(webFilterExchange, authentication))
 				.subscriberContext(ReactiveSecurityContextHolder.clearContext());
diff --git a/web/src/main/java/org/springframework/security/web/server/authorization/AuthorizationWebFilter.java b/web/src/main/java/org/springframework/security/web/server/authorization/AuthorizationWebFilter.java
index 7c167f8265..6b8ee79eb5 100644
--- a/web/src/main/java/org/springframework/security/web/server/authorization/AuthorizationWebFilter.java
+++ b/web/src/main/java/org/springframework/security/web/server/authorization/AuthorizationWebFilter.java
@@ -20,6 +20,7 @@ import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import reactor.core.publisher.Mono;
 
+import org.springframework.core.log.LogMessage;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.authorization.ReactiveAuthorizationManager;
 import org.springframework.security.core.context.ReactiveSecurityContextHolder;
@@ -48,15 +49,10 @@ public class AuthorizationWebFilter implements WebFilter {
 		return ReactiveSecurityContextHolder.getContext().filter((c) -> c.getAuthentication() != null)
 				.map(SecurityContext::getAuthentication)
 				.as((authentication) -> this.authorizationManager.verify(authentication, exchange))
-				.doOnSuccess((it) -> {
-					if (logger.isDebugEnabled()) {
-						logger.debug("Authorization successful");
-					}
-				}).doOnError(AccessDeniedException.class, (e) -> {
-					if (logger.isDebugEnabled()) {
-						logger.debug("Authorization failed: " + e.getMessage());
-					}
-				}).switchIfEmpty(chain.filter(exchange));
+				.doOnSuccess((it) -> logger.debug("Authorization successful"))
+				.doOnError(AccessDeniedException.class,
+						(ex) -> logger.debug(LogMessage.format("Authorization failed: %s", ex.getMessage())))
+				.switchIfEmpty(chain.filter(exchange));
 	}
 
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/authorization/DelegatingReactiveAuthorizationManager.java b/web/src/main/java/org/springframework/security/web/server/authorization/DelegatingReactiveAuthorizationManager.java
index a7074b36f8..bfc0ff5a50 100644
--- a/web/src/main/java/org/springframework/security/web/server/authorization/DelegatingReactiveAuthorizationManager.java
+++ b/web/src/main/java/org/springframework/security/web/server/authorization/DelegatingReactiveAuthorizationManager.java
@@ -24,6 +24,7 @@ import org.apache.commons.logging.LogFactory;
 import reactor.core.publisher.Flux;
 import reactor.core.publisher.Mono;
 
+import org.springframework.core.log.LogMessage;
 import org.springframework.security.authorization.AuthorizationDecision;
 import org.springframework.security.authorization.ReactiveAuthorizationManager;
 import org.springframework.security.core.Authentication;
@@ -51,11 +52,9 @@ public final class DelegatingReactiveAuthorizationManager implements ReactiveAut
 	public Mono<AuthorizationDecision> check(Mono<Authentication> authentication, ServerWebExchange exchange) {
 		return Flux.fromIterable(this.mappings).concatMap((mapping) -> mapping.getMatcher().matches(exchange)
 				.filter(MatchResult::isMatch).map(MatchResult::getVariables).flatMap((variables) -> {
-					if (logger.isDebugEnabled()) {
-						logger.debug(
-								"Checking authorization on '" + exchange.getRequest().getPath().pathWithinApplication()
-										+ "' using " + mapping.getEntry());
-					}
+					logger.debug(LogMessage.of(() -> "Checking authorization on '"
+							+ exchange.getRequest().getPath().pathWithinApplication() + "' using "
+							+ mapping.getEntry()));
 					return mapping.getEntry().check(authentication, new AuthorizationContext(exchange, variables));
 				})).next().defaultIfEmpty(new AuthorizationDecision(false));
 	}
diff --git a/web/src/main/java/org/springframework/security/web/server/authorization/ServerWebExchangeDelegatingServerAccessDeniedHandler.java b/web/src/main/java/org/springframework/security/web/server/authorization/ServerWebExchangeDelegatingServerAccessDeniedHandler.java
index 9c7100da90..1fa697839c 100644
--- a/web/src/main/java/org/springframework/security/web/server/authorization/ServerWebExchangeDelegatingServerAccessDeniedHandler.java
+++ b/web/src/main/java/org/springframework/security/web/server/authorization/ServerWebExchangeDelegatingServerAccessDeniedHandler.java
@@ -39,7 +39,7 @@ public class ServerWebExchangeDelegatingServerAccessDeniedHandler implements Ser
 
 	private final List<DelegateEntry> handlers;
 
-	private ServerAccessDeniedHandler defaultHandler = (exchange, e) -> {
+	private ServerAccessDeniedHandler defaultHandler = (exchange, ex) -> {
 		exchange.getResponse().setStatusCode(HttpStatus.FORBIDDEN);
 		return exchange.getResponse().setComplete();
 	};
diff --git a/web/src/main/java/org/springframework/security/web/server/context/ReactorContextWebFilter.java b/web/src/main/java/org/springframework/security/web/server/context/ReactorContextWebFilter.java
index 724e884fff..f3b09650aa 100644
--- a/web/src/main/java/org/springframework/security/web/server/context/ReactorContextWebFilter.java
+++ b/web/src/main/java/org/springframework/security/web/server/context/ReactorContextWebFilter.java
@@ -44,8 +44,8 @@ public class ReactorContextWebFilter implements WebFilter {
 
 	@Override
 	public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
-		return chain.filter(exchange)
-				.subscriberContext((c) -> c.hasKey(SecurityContext.class) ? c : withSecurityContext(c, exchange));
+		return chain.filter(exchange).subscriberContext(
+				(context) -> context.hasKey(SecurityContext.class) ? context : withSecurityContext(context, exchange));
 	}
 
 	private Context withSecurityContext(Context mainContext, ServerWebExchange exchange) {
diff --git a/web/src/main/java/org/springframework/security/web/server/context/SecurityContextServerWebExchange.java b/web/src/main/java/org/springframework/security/web/server/context/SecurityContextServerWebExchange.java
index c4bd23556d..1ad1d1fa8a 100644
--- a/web/src/main/java/org/springframework/security/web/server/context/SecurityContextServerWebExchange.java
+++ b/web/src/main/java/org/springframework/security/web/server/context/SecurityContextServerWebExchange.java
@@ -44,7 +44,7 @@ public class SecurityContextServerWebExchange extends ServerWebExchangeDecorator
 	@Override
 	@SuppressWarnings("unchecked")
 	public <T extends Principal> Mono<T> getPrincipal() {
-		return this.context.map((c) -> (T) c.getAuthentication());
+		return this.context.map((context) -> (T) context.getAuthentication());
 	}
 
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/context/WebSessionServerSecurityContextRepository.java b/web/src/main/java/org/springframework/security/web/server/context/WebSessionServerSecurityContextRepository.java
index 3058a82e1e..3bd3ed8b8a 100644
--- a/web/src/main/java/org/springframework/security/web/server/context/WebSessionServerSecurityContextRepository.java
+++ b/web/src/main/java/org/springframework/security/web/server/context/WebSessionServerSecurityContextRepository.java
@@ -20,9 +20,11 @@ import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import reactor.core.publisher.Mono;
 
+import org.springframework.core.log.LogMessage;
 import org.springframework.security.core.context.SecurityContext;
 import org.springframework.util.Assert;
 import org.springframework.web.server.ServerWebExchange;
+import org.springframework.web.server.WebSession;
 
 /**
  * Stores the {@link SecurityContext} in the
@@ -59,31 +61,22 @@ public class WebSessionServerSecurityContextRepository implements ServerSecurity
 		return exchange.getSession().doOnNext((session) -> {
 			if (context == null) {
 				session.getAttributes().remove(this.springSecurityContextAttrName);
-				if (logger.isDebugEnabled()) {
-					logger.debug("Removed SecurityContext stored in WebSession: '" + session + "'");
-				}
+				logger.debug(LogMessage.format("Removed SecurityContext stored in WebSession: '%s'", session));
 			}
 			else {
 				session.getAttributes().put(this.springSecurityContextAttrName, context);
-				if (logger.isDebugEnabled()) {
-					logger.debug("Saved SecurityContext '" + context + "' in WebSession: '" + session + "'");
-				}
+				logger.debug(LogMessage.format("Saved SecurityContext '%s' in WebSession: '%s'", context, session));
 			}
-		}).flatMap((session) -> session.changeSessionId());
+		}).flatMap(WebSession::changeSessionId);
 	}
 
 	@Override
 	public Mono<SecurityContext> load(ServerWebExchange exchange) {
 		return exchange.getSession().flatMap((session) -> {
 			SecurityContext context = (SecurityContext) session.getAttribute(this.springSecurityContextAttrName);
-			if (logger.isDebugEnabled()) {
-				if (context == null) {
-					logger.debug("No SecurityContext found in WebSession: '" + session + "'");
-				}
-				else {
-					logger.debug("Found SecurityContext '" + context + "' in WebSession: '" + session + "'");
-				}
-			}
+			logger.debug((context != null)
+					? LogMessage.format("Found SecurityContext '%s' in WebSession: '%s'", context, session)
+					: LogMessage.format("No SecurityContext found in WebSession: '%s'", session));
 			return Mono.justOrEmpty(context);
 		});
 	}
diff --git a/web/src/main/java/org/springframework/security/web/server/csrf/CookieServerCsrfTokenRepository.java b/web/src/main/java/org/springframework/security/web/server/csrf/CookieServerCsrfTokenRepository.java
index 18fa4d6eeb..8b2c952911 100644
--- a/web/src/main/java/org/springframework/security/web/server/csrf/CookieServerCsrfTokenRepository.java
+++ b/web/src/main/java/org/springframework/security/web/server/csrf/CookieServerCsrfTokenRepository.java
@@ -77,10 +77,8 @@ public final class CookieServerCsrfTokenRepository implements ServerCsrfTokenRep
 			int maxAge = !tokenValue.isEmpty() ? -1 : 0;
 			String path = (this.cookiePath != null) ? this.cookiePath : getRequestContext(exchange.getRequest());
 			boolean secure = exchange.getRequest().getSslInfo() != null;
-
 			ResponseCookie cookie = ResponseCookie.from(this.cookieName, tokenValue).domain(this.cookieDomain)
 					.httpOnly(this.cookieHttpOnly).maxAge(maxAge).path(path).secure(secure).build();
-
 			exchange.getResponse().addCookie(cookie);
 		});
 	}
diff --git a/web/src/main/java/org/springframework/security/web/server/csrf/CsrfWebFilter.java b/web/src/main/java/org/springframework/security/web/server/csrf/CsrfWebFilter.java
index 87655dee60..46ffb2cafb 100644
--- a/web/src/main/java/org/springframework/security/web/server/csrf/CsrfWebFilter.java
+++ b/web/src/main/java/org/springframework/security/web/server/csrf/CsrfWebFilter.java
@@ -31,6 +31,7 @@ import org.springframework.http.server.reactive.ServerHttpRequest;
 import org.springframework.security.web.server.authorization.HttpStatusServerAccessDeniedHandler;
 import org.springframework.security.web.server.authorization.ServerAccessDeniedHandler;
 import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher;
+import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher.MatchResult;
 import org.springframework.util.Assert;
 import org.springframework.web.server.ServerWebExchange;
 import org.springframework.web.server.WebFilter;
@@ -115,12 +116,11 @@ public class CsrfWebFilter implements WebFilter {
 		if (Boolean.TRUE.equals(exchange.getAttribute(SHOULD_NOT_FILTER))) {
 			return chain.filter(exchange).then(Mono.empty());
 		}
-
-		return this.requireCsrfProtectionMatcher.matches(exchange).filter((matchResult) -> matchResult.isMatch())
+		return this.requireCsrfProtectionMatcher.matches(exchange).filter(MatchResult::isMatch)
 				.filter((matchResult) -> !exchange.getAttributes().containsKey(CsrfToken.class.getName()))
 				.flatMap((m) -> validateToken(exchange)).flatMap((m) -> continueFilterChain(exchange, chain))
 				.switchIfEmpty(continueFilterChain(exchange, chain).then(Mono.empty()))
-				.onErrorResume(CsrfException.class, (e) -> this.accessDeniedHandler.handle(exchange, e));
+				.onErrorResume(CsrfException.class, (ex) -> this.accessDeniedHandler.handle(exchange, ex));
 	}
 
 	public static void skipExchange(ServerWebExchange exchange) {
@@ -181,7 +181,7 @@ public class CsrfWebFilter implements WebFilter {
 		@Override
 		public Mono<MatchResult> matches(ServerWebExchange exchange) {
 			return Mono.just(exchange.getRequest()).flatMap((r) -> Mono.justOrEmpty(r.getMethod()))
-					.filter((m) -> ALLOWED_METHODS.contains(m)).flatMap((m) -> MatchResult.notMatch())
+					.filter(ALLOWED_METHODS::contains).flatMap((m) -> MatchResult.notMatch())
 					.switchIfEmpty(MatchResult.match());
 		}
 
diff --git a/web/src/main/java/org/springframework/security/web/server/csrf/DefaultCsrfToken.java b/web/src/main/java/org/springframework/security/web/server/csrf/DefaultCsrfToken.java
index 42fc487fe0..eb49369e6f 100644
--- a/web/src/main/java/org/springframework/security/web/server/csrf/DefaultCsrfToken.java
+++ b/web/src/main/java/org/springframework/security/web/server/csrf/DefaultCsrfToken.java
@@ -65,23 +65,21 @@ public final class DefaultCsrfToken implements CsrfToken {
 	}
 
 	@Override
-	public boolean equals(Object o) {
-		if (this == o) {
+	public boolean equals(Object obj) {
+		if (this == obj) {
 			return true;
 		}
-		if (o == null || !(o instanceof CsrfToken)) {
+		if (obj == null || !(obj instanceof CsrfToken)) {
 			return false;
 		}
-
-		CsrfToken that = (CsrfToken) o;
-
-		if (!getToken().equals(that.getToken())) {
+		CsrfToken other = (CsrfToken) obj;
+		if (!getToken().equals(other.getToken())) {
 			return false;
 		}
-		if (!getParameterName().equals(that.getParameterName())) {
+		if (!getParameterName().equals(other.getParameterName())) {
 			return false;
 		}
-		return getHeaderName().equals(that.getHeaderName());
+		return getHeaderName().equals(other.getHeaderName());
 	}
 
 	@Override
diff --git a/web/src/main/java/org/springframework/security/web/server/csrf/WebSessionServerCsrfTokenRepository.java b/web/src/main/java/org/springframework/security/web/server/csrf/WebSessionServerCsrfTokenRepository.java
index 57002cf9db..9a4714f58a 100644
--- a/web/src/main/java/org/springframework/security/web/server/csrf/WebSessionServerCsrfTokenRepository.java
+++ b/web/src/main/java/org/springframework/security/web/server/csrf/WebSessionServerCsrfTokenRepository.java
@@ -73,8 +73,8 @@ public class WebSessionServerCsrfTokenRepository implements ServerCsrfTokenRepos
 
 	@Override
 	public Mono<CsrfToken> loadToken(ServerWebExchange exchange) {
-		return exchange.getSession().filter((s) -> s.getAttributes().containsKey(this.sessionAttributeName))
-				.map((s) -> s.getAttribute(this.sessionAttributeName));
+		return exchange.getSession().filter((session) -> session.getAttributes().containsKey(this.sessionAttributeName))
+				.map((session) -> session.getAttribute(this.sessionAttributeName));
 	}
 
 	/**
diff --git a/web/src/main/java/org/springframework/security/web/server/header/ClearSiteDataServerHttpHeadersWriter.java b/web/src/main/java/org/springframework/security/web/server/header/ClearSiteDataServerHttpHeadersWriter.java
index 31b94b4692..1f44a9f5bb 100644
--- a/web/src/main/java/org/springframework/security/web/server/header/ClearSiteDataServerHttpHeadersWriter.java
+++ b/web/src/main/java/org/springframework/security/web/server/header/ClearSiteDataServerHttpHeadersWriter.java
@@ -58,9 +58,7 @@ public final class ClearSiteDataServerHttpHeadersWriter implements ServerHttpHea
 		if (isSecure(exchange)) {
 			return this.headerWriterDelegate.writeHttpHeaders(exchange);
 		}
-		else {
-			return Mono.empty();
-		}
+		return Mono.empty();
 	}
 
 	/**
@@ -72,7 +70,15 @@ public final class ClearSiteDataServerHttpHeadersWriter implements ServerHttpHea
 	 */
 	public enum Directive {
 
-		CACHE("cache"), COOKIES("cookies"), STORAGE("storage"), EXECUTION_CONTEXTS("executionContexts"), ALL("*");
+		CACHE("cache"),
+
+		COOKIES("cookies"),
+
+		STORAGE("storage"),
+
+		EXECUTION_CONTEXTS("executionContexts"),
+
+		ALL("*");
 
 		private final String headerValue;
 
diff --git a/web/src/main/java/org/springframework/security/web/server/header/ContentSecurityPolicyServerHttpHeadersWriter.java b/web/src/main/java/org/springframework/security/web/server/header/ContentSecurityPolicyServerHttpHeadersWriter.java
index b053b418af..f72bc5e14d 100644
--- a/web/src/main/java/org/springframework/security/web/server/header/ContentSecurityPolicyServerHttpHeadersWriter.java
+++ b/web/src/main/java/org/springframework/security/web/server/header/ContentSecurityPolicyServerHttpHeadersWriter.java
@@ -18,6 +18,7 @@ package org.springframework.security.web.server.header;
 
 import reactor.core.publisher.Mono;
 
+import org.springframework.security.web.server.header.StaticServerHttpHeadersWriter.Builder;
 import org.springframework.util.Assert;
 import org.springframework.web.server.ServerWebExchange;
 
@@ -67,16 +68,12 @@ public final class ContentSecurityPolicyServerHttpHeadersWriter implements Serve
 	}
 
 	private ServerHttpHeadersWriter createDelegate() {
-		if (this.policyDirectives != null) {
-			// @formatter:off
-		return StaticServerHttpHeadersWriter.builder()
-				.header(resolveHeader(this.reportOnly), this.policyDirectives)
-				.build();
-		// @formatter:on
-		}
-		else {
+		if (this.policyDirectives == null) {
 			return null;
 		}
+		Builder builder = StaticServerHttpHeadersWriter.builder();
+		builder.header(resolveHeader(this.reportOnly), this.policyDirectives);
+		return builder.build();
 	}
 
 	private static String resolveHeader(boolean reportOnly) {
diff --git a/web/src/main/java/org/springframework/security/web/server/header/FeaturePolicyServerHttpHeadersWriter.java b/web/src/main/java/org/springframework/security/web/server/header/FeaturePolicyServerHttpHeadersWriter.java
index 6cfe98e55e..ba79c9e467 100644
--- a/web/src/main/java/org/springframework/security/web/server/header/FeaturePolicyServerHttpHeadersWriter.java
+++ b/web/src/main/java/org/springframework/security/web/server/header/FeaturePolicyServerHttpHeadersWriter.java
@@ -18,6 +18,7 @@ package org.springframework.security.web.server.header;
 
 import reactor.core.publisher.Mono;
 
+import org.springframework.security.web.server.header.StaticServerHttpHeadersWriter.Builder;
 import org.springframework.util.Assert;
 import org.springframework.web.server.ServerWebExchange;
 
@@ -49,11 +50,9 @@ public final class FeaturePolicyServerHttpHeadersWriter implements ServerHttpHea
 	}
 
 	private static ServerHttpHeadersWriter createDelegate(String policyDirectives) {
-		// @formatter:off
-		return StaticServerHttpHeadersWriter.builder()
-				.header(FEATURE_POLICY, policyDirectives)
-				.build();
-		// @formatter:on
+		Builder builder = StaticServerHttpHeadersWriter.builder();
+		builder.header(FEATURE_POLICY, policyDirectives);
+		return builder.build();
 	}
 
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/header/ReferrerPolicyServerHttpHeadersWriter.java b/web/src/main/java/org/springframework/security/web/server/header/ReferrerPolicyServerHttpHeadersWriter.java
index 64457b09e1..ddc6ff59ef 100644
--- a/web/src/main/java/org/springframework/security/web/server/header/ReferrerPolicyServerHttpHeadersWriter.java
+++ b/web/src/main/java/org/springframework/security/web/server/header/ReferrerPolicyServerHttpHeadersWriter.java
@@ -22,6 +22,7 @@ import java.util.Map;
 
 import reactor.core.publisher.Mono;
 
+import org.springframework.security.web.server.header.StaticServerHttpHeadersWriter.Builder;
 import org.springframework.util.Assert;
 import org.springframework.web.server.ServerWebExchange;
 
@@ -57,25 +58,28 @@ public final class ReferrerPolicyServerHttpHeadersWriter implements ServerHttpHe
 	}
 
 	private static ServerHttpHeadersWriter createDelegate(ReferrerPolicy policy) {
-		// @formatter:off
-		return StaticServerHttpHeadersWriter.builder()
-				.header(REFERRER_POLICY, policy.getPolicy())
-				.build();
-		// @formatter:on
+		Builder builder = StaticServerHttpHeadersWriter.builder();
+		builder.header(REFERRER_POLICY, policy.getPolicy());
+		return builder.build();
 	}
 
 	public enum ReferrerPolicy {
 
-		// @formatter:off
 		NO_REFERRER("no-referrer"),
+
 		NO_REFERRER_WHEN_DOWNGRADE("no-referrer-when-downgrade"),
+
 		SAME_ORIGIN("same-origin"),
+
 		ORIGIN("origin"),
+
 		STRICT_ORIGIN("strict-origin"),
+
 		ORIGIN_WHEN_CROSS_ORIGIN("origin-when-cross-origin"),
+
 		STRICT_ORIGIN_WHEN_CROSS_ORIGIN("strict-origin-when-cross-origin"),
+
 		UNSAFE_URL("unsafe-url");
-		// @formatter:on
 
 		private static final Map<String, ReferrerPolicy> REFERRER_POLICIES;
 
@@ -87,7 +91,7 @@ public final class ReferrerPolicyServerHttpHeadersWriter implements ServerHttpHe
 			REFERRER_POLICIES = Collections.unmodifiableMap(referrerPolicies);
 		}
 
-		private String policy;
+		private final String policy;
 
 		ReferrerPolicy(String policy) {
 			this.policy = policy;
diff --git a/web/src/main/java/org/springframework/security/web/server/header/StrictTransportSecurityServerHttpHeadersWriter.java b/web/src/main/java/org/springframework/security/web/server/header/StrictTransportSecurityServerHttpHeadersWriter.java
index f4fcc58fa8..f9452233e7 100644
--- a/web/src/main/java/org/springframework/security/web/server/header/StrictTransportSecurityServerHttpHeadersWriter.java
+++ b/web/src/main/java/org/springframework/security/web/server/header/StrictTransportSecurityServerHttpHeadersWriter.java
@@ -20,6 +20,7 @@ import java.time.Duration;
 
 import reactor.core.publisher.Mono;
 
+import org.springframework.security.web.server.header.StaticServerHttpHeadersWriter.Builder;
 import org.springframework.web.server.ServerWebExchange;
 
 /**
@@ -40,9 +41,6 @@ public final class StrictTransportSecurityServerHttpHeadersWriter implements Ser
 
 	private ServerHttpHeadersWriter delegate;
 
-	/**
-	 *
-	 */
 	public StrictTransportSecurityServerHttpHeadersWriter() {
 		setIncludeSubDomains(true);
 		setMaxAge(Duration.ofDays(365L));
@@ -92,8 +90,9 @@ public final class StrictTransportSecurityServerHttpHeadersWriter implements Ser
 	}
 
 	private void updateDelegate() {
-		this.delegate = StaticServerHttpHeadersWriter.builder()
-				.header(STRICT_TRANSPORT_SECURITY, this.maxAge + this.subdomain + this.preload).build();
+		Builder builder = StaticServerHttpHeadersWriter.builder();
+		builder.header(STRICT_TRANSPORT_SECURITY, this.maxAge + this.subdomain + this.preload);
+		this.delegate = builder.build();
 	}
 
 	private boolean isSecure(ServerWebExchange exchange) {
diff --git a/web/src/main/java/org/springframework/security/web/server/header/XFrameOptionsServerHttpHeadersWriter.java b/web/src/main/java/org/springframework/security/web/server/header/XFrameOptionsServerHttpHeadersWriter.java
index 3e5beb7046..d6712fb287 100644
--- a/web/src/main/java/org/springframework/security/web/server/header/XFrameOptionsServerHttpHeadersWriter.java
+++ b/web/src/main/java/org/springframework/security/web/server/header/XFrameOptionsServerHttpHeadersWriter.java
@@ -18,6 +18,7 @@ package org.springframework.security.web.server.header;
 
 import reactor.core.publisher.Mono;
 
+import org.springframework.security.web.server.header.StaticServerHttpHeadersWriter.Builder;
 import org.springframework.web.server.ServerWebExchange;
 
 /**
@@ -67,6 +68,7 @@ public class XFrameOptionsServerHttpHeadersWriter implements ServerHttpHeadersWr
 		 * content in any frame.
 		 */
 		DENY,
+
 		/**
 		 * A browser receiving content with this header field MUST NOT display this
 		 * content in any frame from a page of different origin than the content itself.
@@ -79,9 +81,9 @@ public class XFrameOptionsServerHttpHeadersWriter implements ServerHttpHeadersWr
 	}
 
 	private static ServerHttpHeadersWriter createDelegate(Mode mode) {
-		// @formatter:off
-		return StaticServerHttpHeadersWriter.builder().header(X_FRAME_OPTIONS, mode.name()).build();
-		// @formatter:on
+		Builder builder = StaticServerHttpHeadersWriter.builder();
+		builder.header(X_FRAME_OPTIONS, mode.name());
+		return builder.build();
 
 	}
 
diff --git a/web/src/main/java/org/springframework/security/web/server/header/XXssProtectionServerHttpHeadersWriter.java b/web/src/main/java/org/springframework/security/web/server/header/XXssProtectionServerHttpHeadersWriter.java
index 2112d4afbb..2437ed3042 100644
--- a/web/src/main/java/org/springframework/security/web/server/header/XXssProtectionServerHttpHeadersWriter.java
+++ b/web/src/main/java/org/springframework/security/web/server/header/XXssProtectionServerHttpHeadersWriter.java
@@ -18,6 +18,8 @@ package org.springframework.security.web.server.header;
 
 import reactor.core.publisher.Mono;
 
+import org.springframework.security.web.server.header.StaticServerHttpHeadersWriter.Builder;
+import org.springframework.util.Assert;
 import org.springframework.web.server.ServerWebExchange;
 
 /**
@@ -86,16 +88,15 @@ public class XXssProtectionServerHttpHeadersWriter implements ServerHttpHeadersW
 	 * @param block the new value
 	 */
 	public void setBlock(boolean block) {
-		if (!this.enabled && block) {
-			throw new IllegalArgumentException("Cannot set block to true with enabled false");
-		}
+		Assert.isTrue(this.enabled || !block, "Cannot set block to true with enabled false");
 		this.block = block;
 		updateDelegate();
 	}
 
 	private void updateDelegate() {
-
-		this.delegate = StaticServerHttpHeadersWriter.builder().header(X_XSS_PROTECTION, createHeaderValue()).build();
+		Builder builder = StaticServerHttpHeadersWriter.builder();
+		builder.header(X_XSS_PROTECTION, createHeaderValue());
+		this.delegate = builder.build();
 	}
 
 	private String createHeaderValue() {
diff --git a/web/src/main/java/org/springframework/security/web/server/jackson2/WebServerJackson2Module.java b/web/src/main/java/org/springframework/security/web/server/jackson2/WebServerJackson2Module.java
index ce75493721..ceea54bdbc 100644
--- a/web/src/main/java/org/springframework/security/web/server/jackson2/WebServerJackson2Module.java
+++ b/web/src/main/java/org/springframework/security/web/server/jackson2/WebServerJackson2Module.java
@@ -40,8 +40,12 @@ import org.springframework.security.web.server.csrf.DefaultCsrfToken;
  */
 public class WebServerJackson2Module extends SimpleModule {
 
+	private static final String NAME = WebServerJackson2Module.class.getName();
+
+	private static final Version VERSION = new Version(1, 0, 0, null, null, null);
+
 	public WebServerJackson2Module() {
-		super(WebServerJackson2Module.class.getName(), new Version(1, 0, 0, null, null, null));
+		super(NAME, VERSION);
 	}
 
 	@Override
diff --git a/web/src/main/java/org/springframework/security/web/server/savedrequest/CookieServerRequestCache.java b/web/src/main/java/org/springframework/security/web/server/savedrequest/CookieServerRequestCache.java
index ca8bd11c79..6d92e9e8d0 100644
--- a/web/src/main/java/org/springframework/security/web/server/savedrequest/CookieServerRequestCache.java
+++ b/web/src/main/java/org/springframework/security/web/server/savedrequest/CookieServerRequestCache.java
@@ -25,6 +25,7 @@ import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import reactor.core.publisher.Mono;
 
+import org.springframework.core.log.LogMessage;
 import org.springframework.http.HttpCookie;
 import org.springframework.http.HttpMethod;
 import org.springframework.http.MediaType;
@@ -75,9 +76,7 @@ public class CookieServerRequestCache implements ServerRequestCache {
 				.map(ServerHttpResponse::getCookies).doOnNext((cookies) -> {
 					ResponseCookie redirectUriCookie = createRedirectUriCookie(exchange.getRequest());
 					cookies.add(REDIRECT_URI_COOKIE_NAME, redirectUriCookie);
-					if (logger.isDebugEnabled()) {
-						logger.debug("Request added to Cookie: " + redirectUriCookie);
-					}
+					logger.debug(LogMessage.format("Request added to Cookie: %s", redirectUriCookie));
 				}).then();
 	}
 
@@ -86,7 +85,7 @@ public class CookieServerRequestCache implements ServerRequestCache {
 		MultiValueMap<String, HttpCookie> cookieMap = exchange.getRequest().getCookies();
 		return Mono.justOrEmpty(cookieMap.getFirst(REDIRECT_URI_COOKIE_NAME)).map(HttpCookie::getValue)
 				.map(CookieServerRequestCache::decodeCookie)
-				.onErrorResume(IllegalArgumentException.class, (e) -> Mono.empty()).map(URI::create);
+				.onErrorResume(IllegalArgumentException.class, (ex) -> Mono.empty()).map(URI::create);
 	}
 
 	@Override
@@ -100,7 +99,6 @@ public class CookieServerRequestCache implements ServerRequestCache {
 		String path = request.getPath().pathWithinApplication().value();
 		String query = request.getURI().getRawQuery();
 		String redirectUri = path + ((query != null) ? "?" + query : "");
-
 		return createResponseCookie(request, encodeCookie(redirectUri), COOKIE_MAX_AGE);
 	}
 
diff --git a/web/src/main/java/org/springframework/security/web/server/savedrequest/WebSessionServerRequestCache.java b/web/src/main/java/org/springframework/security/web/server/savedrequest/WebSessionServerRequestCache.java
index 37822da309..df6374cf5b 100644
--- a/web/src/main/java/org/springframework/security/web/server/savedrequest/WebSessionServerRequestCache.java
+++ b/web/src/main/java/org/springframework/security/web/server/savedrequest/WebSessionServerRequestCache.java
@@ -23,6 +23,7 @@ import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import reactor.core.publisher.Mono;
 
+import org.springframework.core.log.LogMessage;
 import org.springframework.http.HttpMethod;
 import org.springframework.http.MediaType;
 import org.springframework.http.server.reactive.ServerHttpRequest;
@@ -72,9 +73,7 @@ public class WebSessionServerRequestCache implements ServerRequestCache {
 				.flatMap((m) -> exchange.getSession()).map(WebSession::getAttributes).doOnNext((attrs) -> {
 					String requestPath = pathInApplication(exchange.getRequest());
 					attrs.put(this.sessionAttrName, requestPath);
-					if (logger.isDebugEnabled()) {
-						logger.debug("Request added to WebSession: '" + requestPath + "'");
-					}
+					logger.debug(LogMessage.format("Request added to WebSession: '%s'", requestPath));
 				}).then();
 	}
 
@@ -91,9 +90,7 @@ public class WebSessionServerRequestCache implements ServerRequestCache {
 			String requestPath = pathInApplication(exchange.getRequest());
 			boolean removed = attributes.remove(this.sessionAttrName, requestPath);
 			if (removed) {
-				if (logger.isDebugEnabled()) {
-					logger.debug("Request removed from WebSession: '" + requestPath + "'");
-				}
+				logger.debug(LogMessage.format("Request removed from WebSession: '%s'", requestPath));
 			}
 			return removed;
 		}).map((attributes) -> exchange.getRequest());
diff --git a/web/src/main/java/org/springframework/security/web/server/transport/HttpsRedirectWebFilter.java b/web/src/main/java/org/springframework/security/web/server/transport/HttpsRedirectWebFilter.java
index da69b1b028..f1b7eadedc 100644
--- a/web/src/main/java/org/springframework/security/web/server/transport/HttpsRedirectWebFilter.java
+++ b/web/src/main/java/org/springframework/security/web/server/transport/HttpsRedirectWebFilter.java
@@ -51,9 +51,6 @@ public final class HttpsRedirectWebFilter implements WebFilter {
 
 	private final ServerRedirectStrategy redirectStrategy = new DefaultServerRedirectStrategy();
 
-	/**
-	 * {@inheritDoc}
-	 */
 	@Override
 	public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
 		return Mono.just(exchange).filter(this::isInsecure).flatMap(this.requiresHttpsRedirectMatcher::matches)
@@ -80,7 +77,6 @@ public final class HttpsRedirectWebFilter implements WebFilter {
 	 * @param requiresHttpsRedirectMatcher the {@link ServerWebExchangeMatcher} to use
 	 */
 	public void setRequiresHttpsRedirectMatcher(ServerWebExchangeMatcher requiresHttpsRedirectMatcher) {
-
 		Assert.notNull(requiresHttpsRedirectMatcher, "requiresHttpsRedirectMatcher cannot be null");
 		this.requiresHttpsRedirectMatcher = requiresHttpsRedirectMatcher;
 	}
@@ -91,17 +87,12 @@ public final class HttpsRedirectWebFilter implements WebFilter {
 
 	private URI createRedirectUri(ServerWebExchange exchange) {
 		int port = exchange.getRequest().getURI().getPort();
-
 		UriComponentsBuilder builder = UriComponentsBuilder.fromUri(exchange.getRequest().getURI());
-
 		if (port > 0) {
 			Integer httpsPort = this.portMapper.lookupHttpsPort(port);
-			if (httpsPort == null) {
-				throw new IllegalStateException("HTTP Port '" + port + "' does not have a corresponding HTTPS Port");
-			}
+			Assert.state(httpsPort != null, () -> "HTTP Port '" + port + "' does not have a corresponding HTTPS Port");
 			builder.port(httpsPort);
 		}
-
 		return builder.scheme("https").build().toUri();
 	}
 
diff --git a/web/src/main/java/org/springframework/security/web/server/ui/LoginPageGeneratingWebFilter.java b/web/src/main/java/org/springframework/security/web/server/ui/LoginPageGeneratingWebFilter.java
index 7f56d33c98..4248433f75 100644
--- a/web/src/main/java/org/springframework/security/web/server/ui/LoginPageGeneratingWebFilter.java
+++ b/web/src/main/java/org/springframework/security/web/server/ui/LoginPageGeneratingWebFilter.java
@@ -75,7 +75,6 @@ public class LoginPageGeneratingWebFilter implements WebFilter {
 	}
 
 	private Mono<DataBuffer> createBuffer(ServerWebExchange exchange) {
-
 		Mono<CsrfToken> token = exchange.getAttributeOrDefault(CsrfToken.class.getName(), Mono.empty());
 		return token.map(LoginPageGeneratingWebFilter::csrfToken).defaultIfEmpty("").map((csrfTokenHtmlInput) -> {
 			byte[] bytes = createPage(exchange, csrfTokenHtmlInput);
@@ -87,18 +86,29 @@ public class LoginPageGeneratingWebFilter implements WebFilter {
 	private byte[] createPage(ServerWebExchange exchange, String csrfTokenHtmlInput) {
 		MultiValueMap<String, String> queryParams = exchange.getRequest().getQueryParams();
 		String contextPath = exchange.getRequest().getPath().contextPath().value();
-		String page = "<!DOCTYPE html>\n" + "<html lang=\"en\">\n" + "  <head>\n" + "    <meta charset=\"utf-8\">\n"
-				+ "    <meta name=\"viewport\" content=\"width=device-width, initial-scale=1, shrink-to-fit=no\">\n"
-				+ "    <meta name=\"description\" content=\"\">\n" + "    <meta name=\"author\" content=\"\">\n"
-				+ "    <title>Please sign in</title>\n"
-				+ "    <link href=\"https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-/Y6pD6FV/Vv2HJnA6t+vslU6fwYXjCFtcEpHbNJ0lyAFsXTsjBbfaDjzALeQsN6M\" crossorigin=\"anonymous\">\n"
-				+ "    <link href=\"https://getbootstrap.com/docs/4.0/examples/signin/signin.css\" rel=\"stylesheet\" crossorigin=\"anonymous\"/>\n"
-				+ "  </head>\n" + "  <body>\n" + "     <div class=\"container\">\n"
-				+ formLogin(queryParams, contextPath, csrfTokenHtmlInput)
-				+ oauth2LoginLinks(queryParams, contextPath, this.oauth2AuthenticationUrlToClientName) + "    </div>\n"
-				+ "  </body>\n" + "</html>";
-
-		return page.getBytes(Charset.defaultCharset());
+		StringBuilder page = new StringBuilder();
+		page.append("<!DOCTYPE html>\n");
+		page.append("<html lang=\"en\">\n");
+		page.append("  <head>\n");
+		page.append("    <meta charset=\"utf-8\">\n");
+		page.append("    <meta name=\"viewport\" content=\"width=device-width, initial-scale=1, shrink-to-fit=no\">\n");
+		page.append("    <meta name=\"description\" content=\"\">\n");
+		page.append("    <meta name=\"author\" content=\"\">\n");
+		page.append("    <title>Please sign in</title>\n");
+		page.append("    <link href=\"https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta/css/bootstrap.min.css\" "
+				+ "rel=\"stylesheet\" integrity=\"sha384-/Y6pD6FV/Vv2HJnA6t+vslU6fwYXjCFtcEpHbNJ0lyAFsXTsjBbfaDjzALeQsN6M\" "
+				+ "crossorigin=\"anonymous\">\n");
+		page.append("    <link href=\"https://getbootstrap.com/docs/4.0/examples/signin/signin.css\" "
+				+ "rel=\"stylesheet\" crossorigin=\"anonymous\"/>\n");
+		page.append("  </head>\n");
+		page.append("  <body>\n");
+		page.append("     <div class=\"container\">\n");
+		page.append(formLogin(queryParams, contextPath, csrfTokenHtmlInput));
+		page.append(oauth2LoginLinks(queryParams, contextPath, this.oauth2AuthenticationUrlToClientName));
+		page.append("    </div>\n");
+		page.append("  </body>\n");
+		page.append("</html>");
+		return page.toString().getBytes(Charset.defaultCharset());
 	}
 
 	private String formLogin(MultiValueMap<String, String> queryParams, String contextPath, String csrfTokenHtmlInput) {
@@ -107,17 +117,24 @@ public class LoginPageGeneratingWebFilter implements WebFilter {
 		}
 		boolean isError = queryParams.containsKey("error");
 		boolean isLogoutSuccess = queryParams.containsKey("logout");
-		return "      <form class=\"form-signin\" method=\"post\" action=\"" + contextPath + "/login\">\n"
-				+ "        <h2 class=\"form-signin-heading\">Please sign in</h2>\n" + createError(isError)
-				+ createLogoutSuccess(isLogoutSuccess) + "        <p>\n"
-				+ "          <label for=\"username\" class=\"sr-only\">Username</label>\n"
-				+ "          <input type=\"text\" id=\"username\" name=\"username\" class=\"form-control\" placeholder=\"Username\" required autofocus>\n"
-				+ "        </p>\n" + "        <p>\n"
-				+ "          <label for=\"password\" class=\"sr-only\">Password</label>\n"
-				+ "          <input type=\"password\" id=\"password\" name=\"password\" class=\"form-control\" placeholder=\"Password\" required>\n"
-				+ "        </p>\n" + csrfTokenHtmlInput
-				+ "        <button class=\"btn btn-lg btn-primary btn-block\" type=\"submit\">Sign in</button>\n"
-				+ "      </form>\n";
+		StringBuilder page = new StringBuilder();
+		page.append("      <form class=\"form-signin\" method=\"post\" action=\"" + contextPath + "/login\">\n");
+		page.append("        <h2 class=\"form-signin-heading\">Please sign in</h2>\n");
+		page.append(createError(isError));
+		page.append(createLogoutSuccess(isLogoutSuccess));
+		page.append("        <p>\n");
+		page.append("          <label for=\"username\" class=\"sr-only\">Username</label>\n");
+		page.append("          <input type=\"text\" id=\"username\" name=\"username\" "
+				+ "class=\"form-control\" placeholder=\"Username\" required autofocus>\n");
+		page.append("        </p>\n" + "        <p>\n");
+		page.append("          <label for=\"password\" class=\"sr-only\">Password</label>\n");
+		page.append("          <input type=\"password\" id=\"password\" name=\"password\" "
+				+ "class=\"form-control\" placeholder=\"Password\" required>\n");
+		page.append("        </p>\n");
+		page.append(csrfTokenHtmlInput);
+		page.append("        <button class=\"btn btn-lg btn-primary btn-block\" type=\"submit\">Sign in</button>\n");
+		page.append("      </form>\n");
+		return page.toString();
 	}
 
 	private static String oauth2LoginLinks(MultiValueMap<String, String> queryParams, String contextPath,
diff --git a/web/src/main/java/org/springframework/security/web/server/ui/LogoutPageGeneratingWebFilter.java b/web/src/main/java/org/springframework/security/web/server/ui/LogoutPageGeneratingWebFilter.java
index b32c5af1b2..983ddb015b 100644
--- a/web/src/main/java/org/springframework/security/web/server/ui/LogoutPageGeneratingWebFilter.java
+++ b/web/src/main/java/org/springframework/security/web/server/ui/LogoutPageGeneratingWebFilter.java
@@ -54,7 +54,6 @@ public class LogoutPageGeneratingWebFilter implements WebFilter {
 		result.setStatusCode(HttpStatus.OK);
 		result.getHeaders().setContentType(MediaType.TEXT_HTML);
 		return result.writeWith(createBuffer(exchange));
-		// .doOnError( (error) -> DataBufferUtils.release(buffer));
 	}
 
 	private Mono<DataBuffer> createBuffer(ServerWebExchange exchange) {
@@ -67,20 +66,31 @@ public class LogoutPageGeneratingWebFilter implements WebFilter {
 	}
 
 	private static byte[] createPage(String csrfTokenHtmlInput) {
-		String page = "<!DOCTYPE html>\n" + "<html lang=\"en\">\n" + "  <head>\n" + "    <meta charset=\"utf-8\">\n"
-				+ "    <meta name=\"viewport\" content=\"width=device-width, initial-scale=1, shrink-to-fit=no\">\n"
-				+ "    <meta name=\"description\" content=\"\">\n" + "    <meta name=\"author\" content=\"\">\n"
-				+ "    <title>Confirm Log Out?</title>\n"
-				+ "    <link href=\"https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-/Y6pD6FV/Vv2HJnA6t+vslU6fwYXjCFtcEpHbNJ0lyAFsXTsjBbfaDjzALeQsN6M\" crossorigin=\"anonymous\">\n"
-				+ "    <link href=\"https://getbootstrap.com/docs/4.0/examples/signin/signin.css\" rel=\"stylesheet\" crossorigin=\"anonymous\"/>\n"
-				+ "  </head>\n" + "  <body>\n" + "     <div class=\"container\">\n"
-				+ "      <form class=\"form-signin\" method=\"post\" action=\"/logout\">\n"
-				+ "        <h2 class=\"form-signin-heading\">Are you sure you want to log out?</h2>\n"
-				+ csrfTokenHtmlInput
-				+ "        <button class=\"btn btn-lg btn-primary btn-block\" type=\"submit\">Log Out</button>\n"
-				+ "      </form>\n" + "    </div>\n" + "  </body>\n" + "</html>";
-
-		return page.getBytes(Charset.defaultCharset());
+		StringBuilder page = new StringBuilder();
+		page.append("<!DOCTYPE html>\n");
+		page.append("<html lang=\"en\">\n");
+		page.append("  <head>\n");
+		page.append("    <meta charset=\"utf-8\">\n");
+		page.append("    <meta name=\"viewport\" content=\"width=device-width, initial-scale=1, shrink-to-fit=no\">\n");
+		page.append("    <meta name=\"description\" content=\"\">\n");
+		page.append("    <meta name=\"author\" content=\"\">\n");
+		page.append("    <title>Confirm Log Out?</title>\n");
+		page.append("    <link href=\"https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta/css/bootstrap.min.css\" "
+				+ "rel=\"stylesheet\" integrity=\"sha384-/Y6pD6FV/Vv2HJnA6t+vslU6fwYXjCFtcEpHbNJ0lyAFsXTsjBbfaDjzALeQsN6M\" crossorigin=\"anonymous\">\n");
+		page.append("    <link href=\"https://getbootstrap.com/docs/4.0/examples/signin/signin.css\" "
+				+ "rel=\"stylesheet\" crossorigin=\"anonymous\"/>\n");
+		page.append("  </head>\n");
+		page.append("  <body>\n");
+		page.append("     <div class=\"container\">\n");
+		page.append("      <form class=\"form-signin\" method=\"post\" action=\"/logout\">\n");
+		page.append("        <h2 class=\"form-signin-heading\">Are you sure you want to log out?</h2>\n");
+		page.append(csrfTokenHtmlInput);
+		page.append("        <button class=\"btn btn-lg btn-primary btn-block\" type=\"submit\">Log Out</button>\n");
+		page.append("      </form>\n");
+		page.append("    </div>\n");
+		page.append("  </body>\n");
+		page.append("</html>");
+		return page.toString().getBytes(Charset.defaultCharset());
 	}
 
 	private static String csrfToken(CsrfToken token) {
diff --git a/web/src/main/java/org/springframework/security/web/server/util/matcher/AndServerWebExchangeMatcher.java b/web/src/main/java/org/springframework/security/web/server/util/matcher/AndServerWebExchangeMatcher.java
index d5f7ae92ec..c898b7639c 100644
--- a/web/src/main/java/org/springframework/security/web/server/util/matcher/AndServerWebExchangeMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/server/util/matcher/AndServerWebExchangeMatcher.java
@@ -26,6 +26,7 @@ import org.apache.commons.logging.LogFactory;
 import reactor.core.publisher.Flux;
 import reactor.core.publisher.Mono;
 
+import org.springframework.core.log.LogMessage;
 import org.springframework.util.Assert;
 import org.springframework.web.server.ServerWebExchange;
 
@@ -56,18 +57,13 @@ public class AndServerWebExchangeMatcher implements ServerWebExchangeMatcher {
 	public Mono<MatchResult> matches(ServerWebExchange exchange) {
 		return Mono.defer(() -> {
 			Map<String, Object> variables = new HashMap<>();
-			return Flux.fromIterable(this.matchers).doOnNext((it) -> {
-				if (logger.isDebugEnabled()) {
-					logger.debug("Trying to match using " + it);
-				}
-			}).flatMap((matcher) -> matcher.matches(exchange))
+			return Flux.fromIterable(this.matchers)
+					.doOnNext((matcher) -> logger.debug(LogMessage.format("Trying to match using %s", matcher)))
+					.flatMap((matcher) -> matcher.matches(exchange))
 					.doOnNext((matchResult) -> variables.putAll(matchResult.getVariables())).all(MatchResult::isMatch)
 					.flatMap((allMatch) -> allMatch ? MatchResult.match(variables) : MatchResult.notMatch())
-					.doOnNext((it) -> {
-						if (logger.isDebugEnabled()) {
-							logger.debug(it.isMatch() ? "All requestMatchers returned true" : "Did not match");
-						}
-					});
+					.doOnNext((matchResult) -> logger
+							.debug(matchResult.isMatch() ? "All requestMatchers returned true" : "Did not match"));
 		});
 	}
 
diff --git a/web/src/main/java/org/springframework/security/web/server/util/matcher/MediaTypeServerWebExchangeMatcher.java b/web/src/main/java/org/springframework/security/web/server/util/matcher/MediaTypeServerWebExchangeMatcher.java
index d455e37977..3ddc6b09df 100644
--- a/web/src/main/java/org/springframework/security/web/server/util/matcher/MediaTypeServerWebExchangeMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/server/util/matcher/MediaTypeServerWebExchangeMatcher.java
@@ -26,6 +26,7 @@ import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import reactor.core.publisher.Mono;
 
+import org.springframework.core.log.LogMessage;
 import org.springframework.http.InvalidMediaTypeException;
 import org.springframework.http.MediaType;
 import org.springframework.util.Assert;
@@ -80,13 +81,9 @@ public class MediaTypeServerWebExchangeMatcher implements ServerWebExchangeMatch
 			this.logger.debug("Failed to parse MediaTypes, returning false", ex);
 			return MatchResult.notMatch();
 		}
-		if (this.logger.isDebugEnabled()) {
-			this.logger.debug("httpRequestMediaTypes=" + httpRequestMediaTypes);
-		}
+		this.logger.debug(LogMessage.format("httpRequestMediaTypes=%s", httpRequestMediaTypes));
 		for (MediaType httpRequestMediaType : httpRequestMediaTypes) {
-			if (this.logger.isDebugEnabled()) {
-				this.logger.debug("Processing " + httpRequestMediaType);
-			}
+			this.logger.debug(LogMessage.format("Processing %s", httpRequestMediaType));
 			if (shouldIgnore(httpRequestMediaType)) {
 				this.logger.debug("Ignoring");
 				continue;
@@ -98,10 +95,8 @@ public class MediaTypeServerWebExchangeMatcher implements ServerWebExchangeMatch
 			}
 			for (MediaType matchingMediaType : this.matchingMediaTypes) {
 				boolean isCompatibleWith = matchingMediaType.isCompatibleWith(httpRequestMediaType);
-				if (this.logger.isDebugEnabled()) {
-					this.logger.debug(matchingMediaType + " .isCompatibleWith " + httpRequestMediaType + " = "
-							+ isCompatibleWith);
-				}
+				this.logger.debug(LogMessage.format("%s .isCompatibleWith %s = %s", matchingMediaType,
+						httpRequestMediaType, isCompatibleWith));
 				if (isCompatibleWith) {
 					return MatchResult.match();
 				}
diff --git a/web/src/main/java/org/springframework/security/web/server/util/matcher/NegatedServerWebExchangeMatcher.java b/web/src/main/java/org/springframework/security/web/server/util/matcher/NegatedServerWebExchangeMatcher.java
index e0b3b17993..ce414b4087 100644
--- a/web/src/main/java/org/springframework/security/web/server/util/matcher/NegatedServerWebExchangeMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/server/util/matcher/NegatedServerWebExchangeMatcher.java
@@ -20,6 +20,7 @@ import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import reactor.core.publisher.Mono;
 
+import org.springframework.core.log.LogMessage;
 import org.springframework.util.Assert;
 import org.springframework.web.server.ServerWebExchange;
 
@@ -44,12 +45,12 @@ public class NegatedServerWebExchangeMatcher implements ServerWebExchangeMatcher
 
 	@Override
 	public Mono<MatchResult> matches(ServerWebExchange exchange) {
-		return this.matcher.matches(exchange).flatMap((m) -> m.isMatch() ? MatchResult.notMatch() : MatchResult.match())
-				.doOnNext((it) -> {
-					if (logger.isDebugEnabled()) {
-						logger.debug("matches = " + it.isMatch());
-					}
-				});
+		return this.matcher.matches(exchange).flatMap(this::negate)
+				.doOnNext((matchResult) -> logger.debug(LogMessage.format("matches = %s", matchResult.isMatch())));
+	}
+
+	private Mono<MatchResult> negate(MatchResult matchResult) {
+		return matchResult.isMatch() ? MatchResult.notMatch() : MatchResult.match();
 	}
 
 	@Override
diff --git a/web/src/main/java/org/springframework/security/web/server/util/matcher/OrServerWebExchangeMatcher.java b/web/src/main/java/org/springframework/security/web/server/util/matcher/OrServerWebExchangeMatcher.java
index 5ceb1b1788..74eca6a7d4 100644
--- a/web/src/main/java/org/springframework/security/web/server/util/matcher/OrServerWebExchangeMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/server/util/matcher/OrServerWebExchangeMatcher.java
@@ -24,6 +24,7 @@ import org.apache.commons.logging.LogFactory;
 import reactor.core.publisher.Flux;
 import reactor.core.publisher.Mono;
 
+import org.springframework.core.log.LogMessage;
 import org.springframework.util.Assert;
 import org.springframework.web.server.ServerWebExchange;
 
@@ -52,21 +53,16 @@ public class OrServerWebExchangeMatcher implements ServerWebExchangeMatcher {
 
 	@Override
 	public Mono<MatchResult> matches(ServerWebExchange exchange) {
-		return Flux.fromIterable(this.matchers).doOnNext((it) -> {
-			if (logger.isDebugEnabled()) {
-				logger.debug("Trying to match using " + it);
-			}
-		}).flatMap((m) -> m.matches(exchange)).filter(MatchResult::isMatch).next().switchIfEmpty(MatchResult.notMatch())
-				.doOnNext((it) -> {
-					if (logger.isDebugEnabled()) {
-						logger.debug(it.isMatch() ? "matched" : "No matches found");
-					}
-				});
+		return Flux.fromIterable(this.matchers)
+				.doOnNext((matcher) -> logger.debug(LogMessage.format("Trying to match using %s", matcher)))
+				.flatMap((matcher) -> matcher.matches(exchange)).filter(MatchResult::isMatch).next()
+				.switchIfEmpty(MatchResult.notMatch())
+				.doOnNext((matchResult) -> logger.debug(matchResult.isMatch() ? "matched" : "No matches found"));
 	}
 
 	@Override
 	public String toString() {
-		return "OrServerWebExchangeMatcher{" + "matchers=" + this.matchers + '}';
+		return "OrServerWebExchangeMatcher{matchers=" + this.matchers + '}';
 	}
 
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/util/matcher/ServerWebExchangeMatchers.java b/web/src/main/java/org/springframework/security/web/server/util/matcher/ServerWebExchangeMatchers.java
index 9fe5da54a6..5b7bec52c7 100644
--- a/web/src/main/java/org/springframework/security/web/server/util/matcher/ServerWebExchangeMatchers.java
+++ b/web/src/main/java/org/springframework/security/web/server/util/matcher/ServerWebExchangeMatchers.java
@@ -32,6 +32,9 @@ import org.springframework.web.server.ServerWebExchange;
  */
 public abstract class ServerWebExchangeMatchers {
 
+	private ServerWebExchangeMatchers() {
+	}
+
 	/**
 	 * Creates a matcher that matches on the specific method and any of the provided
 	 * patterns.
@@ -75,14 +78,13 @@ public abstract class ServerWebExchangeMatchers {
 		// which otherwise can cause problems with adding multiple entries to an ordered
 		// LinkedHashMap
 		return new ServerWebExchangeMatcher() {
+
 			@Override
 			public Mono<MatchResult> matches(ServerWebExchange exchange) {
 				return ServerWebExchangeMatcher.MatchResult.match();
 			}
+
 		};
 	}
 
-	private ServerWebExchangeMatchers() {
-	}
-
 }
diff --git a/web/src/main/java/org/springframework/security/web/servlet/support/csrf/CsrfRequestDataValueProcessor.java b/web/src/main/java/org/springframework/security/web/servlet/support/csrf/CsrfRequestDataValueProcessor.java
index d904f4d1fe..1ea18dbe78 100644
--- a/web/src/main/java/org/springframework/security/web/servlet/support/csrf/CsrfRequestDataValueProcessor.java
+++ b/web/src/main/java/org/springframework/security/web/servlet/support/csrf/CsrfRequestDataValueProcessor.java
@@ -65,7 +65,6 @@ public final class CsrfRequestDataValueProcessor implements RequestDataValueProc
 			request.removeAttribute(this.DISABLE_CSRF_TOKEN_ATTR);
 			return Collections.emptyMap();
 		}
-
 		CsrfToken token = (CsrfToken) request.getAttribute(CsrfToken.class.getName());
 		if (token == null) {
 			return Collections.emptyMap();
diff --git a/web/src/main/java/org/springframework/security/web/servlet/util/matcher/MvcRequestMatcher.java b/web/src/main/java/org/springframework/security/web/servlet/util/matcher/MvcRequestMatcher.java
index 8ca395e047..415e6ca6c1 100644
--- a/web/src/main/java/org/springframework/security/web/servlet/util/matcher/MvcRequestMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/servlet/util/matcher/MvcRequestMatcher.java
@@ -127,17 +127,13 @@ public class MvcRequestMatcher implements RequestMatcher, RequestVariablesExtrac
 	public String toString() {
 		StringBuilder sb = new StringBuilder();
 		sb.append("Mvc [pattern='").append(this.pattern).append("'");
-
 		if (this.servletPath != null) {
 			sb.append(", servletPath='").append(this.servletPath).append("'");
 		}
-
 		if (this.method != null) {
 			sb.append(", ").append(this.method);
 		}
-
 		sb.append("]");
-
 		return sb.toString();
 	}
 
diff --git a/web/src/main/java/org/springframework/security/web/servletapi/HttpServlet3RequestFactory.java b/web/src/main/java/org/springframework/security/web/servletapi/HttpServlet3RequestFactory.java
index 22ca477e2d..3a2dd9d36d 100644
--- a/web/src/main/java/org/springframework/security/web/servletapi/HttpServlet3RequestFactory.java
+++ b/web/src/main/java/org/springframework/security/web/servletapi/HttpServlet3RequestFactory.java
@@ -17,7 +17,6 @@
 package org.springframework.security.web.servletapi;
 
 import java.io.IOException;
-import java.security.Principal;
 import java.util.List;
 
 import javax.servlet.AsyncContext;
@@ -225,17 +224,21 @@ final class HttpServlet3RequestFactory implements HttpServletRequestFactory {
 				super.login(username, password);
 				return;
 			}
-			Authentication authentication;
-			try {
-				authentication = authManager.authenticate(new UsernamePasswordAuthenticationToken(username, password));
-			}
-			catch (AuthenticationException loginFailed) {
-				SecurityContextHolder.clearContext();
-				throw new ServletException(loginFailed.getMessage(), loginFailed);
-			}
+			Authentication authentication = getAuthentication(authManager, username, password);
 			SecurityContextHolder.getContext().setAuthentication(authentication);
 		}
 
+		private Authentication getAuthentication(AuthenticationManager authManager, String username, String password)
+				throws ServletException {
+			try {
+				return authManager.authenticate(new UsernamePasswordAuthenticationToken(username, password));
+			}
+			catch (AuthenticationException ex) {
+				SecurityContextHolder.clearContext();
+				throw new ServletException(ex.getMessage(), ex);
+			}
+		}
+
 		@Override
 		public void logout() throws ServletException {
 			List<LogoutHandler> handlers = HttpServlet3RequestFactory.this.logoutHandlers;
@@ -252,8 +255,7 @@ final class HttpServlet3RequestFactory implements HttpServletRequestFactory {
 		}
 
 		private boolean isAuthenticated() {
-			Principal userPrincipal = getUserPrincipal();
-			return userPrincipal != null;
+			return getUserPrincipal() != null;
 		}
 
 	}
diff --git a/web/src/main/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestWrapper.java b/web/src/main/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestWrapper.java
index 42932190ff..e9d434e4e0 100644
--- a/web/src/main/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestWrapper.java
+++ b/web/src/main/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestWrapper.java
@@ -88,12 +88,7 @@ public class SecurityContextHolderAwareRequestWrapper extends HttpServletRequest
 	 */
 	private Authentication getAuthentication() {
 		Authentication auth = SecurityContextHolder.getContext().getAuthentication();
-
-		if (!this.trustResolver.isAnonymous(auth)) {
-			return auth;
-		}
-
-		return null;
+		return (!this.trustResolver.isAnonymous(auth)) ? auth : null;
 	}
 
 	/**
@@ -105,15 +100,12 @@ public class SecurityContextHolderAwareRequestWrapper extends HttpServletRequest
 	@Override
 	public String getRemoteUser() {
 		Authentication auth = getAuthentication();
-
 		if ((auth == null) || (auth.getPrincipal() == null)) {
 			return null;
 		}
-
 		if (auth.getPrincipal() instanceof UserDetails) {
 			return ((UserDetails) auth.getPrincipal()).getUsername();
 		}
-
 		return auth.getPrincipal().toString();
 	}
 
@@ -125,37 +117,29 @@ public class SecurityContextHolderAwareRequestWrapper extends HttpServletRequest
 	@Override
 	public Principal getUserPrincipal() {
 		Authentication auth = getAuthentication();
-
 		if ((auth == null) || (auth.getPrincipal() == null)) {
 			return null;
 		}
-
 		return auth;
 	}
 
 	private boolean isGranted(String role) {
 		Authentication auth = getAuthentication();
-
 		if (this.rolePrefix != null && role != null && !role.startsWith(this.rolePrefix)) {
 			role = this.rolePrefix + role;
 		}
-
 		if ((auth == null) || (auth.getPrincipal() == null)) {
 			return false;
 		}
-
 		Collection<? extends GrantedAuthority> authorities = auth.getAuthorities();
-
 		if (authorities == null) {
 			return false;
 		}
-
 		for (GrantedAuthority grantedAuthority : authorities) {
 			if (role.equals(grantedAuthority.getAuthority())) {
 				return true;
 			}
 		}
-
 		return false;
 	}
 
diff --git a/web/src/main/java/org/springframework/security/web/session/ConcurrentSessionFilter.java b/web/src/main/java/org/springframework/security/web/session/ConcurrentSessionFilter.java
index 8bdc2af005..57d5928ec0 100644
--- a/web/src/main/java/org/springframework/security/web/session/ConcurrentSessionFilter.java
+++ b/web/src/main/java/org/springframework/security/web/session/ConcurrentSessionFilter.java
@@ -27,6 +27,7 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 
+import org.springframework.core.log.LogMessage;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.core.session.SessionInformation;
@@ -101,7 +102,6 @@ public class ConcurrentSessionFilter extends GenericFilterBean {
 			HttpServletRequest request = event.getRequest();
 			HttpServletResponse response = event.getResponse();
 			SessionInformation info = event.getSessionInformation();
-
 			this.redirectStrategy.sendRedirect(request, response, determineExpiredUrl(request, info));
 		};
 	}
@@ -120,35 +120,30 @@ public class ConcurrentSessionFilter extends GenericFilterBean {
 	}
 
 	@Override
-	public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
+	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
 			throws IOException, ServletException {
-		HttpServletRequest request = (HttpServletRequest) req;
-		HttpServletResponse response = (HttpServletResponse) res;
+		doFilter((HttpServletRequest) request, (HttpServletResponse) response, chain);
+	}
 
+	private void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
+			throws IOException, ServletException {
 		HttpSession session = request.getSession(false);
-
 		if (session != null) {
 			SessionInformation info = this.sessionRegistry.getSessionInformation(session.getId());
-
 			if (info != null) {
 				if (info.isExpired()) {
 					// Expired - abort processing
-					if (this.logger.isDebugEnabled()) {
-						this.logger.debug("Requested session ID " + request.getRequestedSessionId() + " has expired.");
-					}
+					this.logger.debug(LogMessage
+							.of(() -> "Requested session ID " + request.getRequestedSessionId() + " has expired."));
 					doLogout(request, response);
-
 					this.sessionInformationExpiredStrategy
 							.onExpiredSessionDetected(new SessionInformationExpiredEvent(info, request, response));
 					return;
 				}
-				else {
-					// Non-expired - update last request date/time
-					this.sessionRegistry.refreshLastRequest(info.getSessionId());
-				}
+				// Non-expired - update last request date/time
+				this.sessionRegistry.refreshLastRequest(info.getSessionId());
 			}
 		}
-
 		chain.doFilter(request, response);
 	}
 
diff --git a/web/src/main/java/org/springframework/security/web/session/HttpSessionDestroyedEvent.java b/web/src/main/java/org/springframework/security/web/session/HttpSessionDestroyedEvent.java
index 7cce0db2b4..ec06003d64 100644
--- a/web/src/main/java/org/springframework/security/web/session/HttpSessionDestroyedEvent.java
+++ b/web/src/main/java/org/springframework/security/web/session/HttpSessionDestroyedEvent.java
@@ -47,11 +47,8 @@ public class HttpSessionDestroyedEvent extends SessionDestroyedEvent {
 	@Override
 	public List<SecurityContext> getSecurityContexts() {
 		HttpSession session = getSession();
-
 		Enumeration<String> attributes = session.getAttributeNames();
-
 		ArrayList<SecurityContext> contexts = new ArrayList<>();
-
 		while (attributes.hasMoreElements()) {
 			String attributeName = attributes.nextElement();
 			Object attributeValue = session.getAttribute(attributeName);
@@ -59,7 +56,6 @@ public class HttpSessionDestroyedEvent extends SessionDestroyedEvent {
 				contexts.add((SecurityContext) attributeValue);
 			}
 		}
-
 		return contexts;
 	}
 
diff --git a/web/src/main/java/org/springframework/security/web/session/HttpSessionEventPublisher.java b/web/src/main/java/org/springframework/security/web/session/HttpSessionEventPublisher.java
index 6dc5162626..146922129a 100644
--- a/web/src/main/java/org/springframework/security/web/session/HttpSessionEventPublisher.java
+++ b/web/src/main/java/org/springframework/security/web/session/HttpSessionEventPublisher.java
@@ -17,6 +17,7 @@
 package org.springframework.security.web.session;
 
 import javax.servlet.ServletContext;
+import javax.servlet.http.HttpSession;
 import javax.servlet.http.HttpSessionEvent;
 import javax.servlet.http.HttpSessionIdListener;
 import javax.servlet.http.HttpSessionListener;
@@ -25,6 +26,8 @@ import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
 import org.springframework.context.ApplicationContext;
+import org.springframework.context.ApplicationEvent;
+import org.springframework.core.log.LogMessage;
 import org.springframework.security.web.context.support.SecurityWebApplicationContextUtils;
 
 /**
@@ -59,14 +62,7 @@ public class HttpSessionEventPublisher implements HttpSessionListener, HttpSessi
 	 */
 	@Override
 	public void sessionCreated(HttpSessionEvent event) {
-		HttpSessionCreatedEvent e = new HttpSessionCreatedEvent(event.getSession());
-		Log log = LogFactory.getLog(LOGGER_NAME);
-
-		if (log.isDebugEnabled()) {
-			log.debug("Publishing event: " + e);
-		}
-
-		getContext(event.getSession().getServletContext()).publishEvent(e);
+		extracted(event.getSession(), new HttpSessionCreatedEvent(event.getSession()));
 	}
 
 	/**
@@ -76,26 +72,18 @@ public class HttpSessionEventPublisher implements HttpSessionListener, HttpSessi
 	 */
 	@Override
 	public void sessionDestroyed(HttpSessionEvent event) {
-		HttpSessionDestroyedEvent e = new HttpSessionDestroyedEvent(event.getSession());
-		Log log = LogFactory.getLog(LOGGER_NAME);
-
-		if (log.isDebugEnabled()) {
-			log.debug("Publishing event: " + e);
-		}
-
-		getContext(event.getSession().getServletContext()).publishEvent(e);
+		extracted(event.getSession(), new HttpSessionDestroyedEvent(event.getSession()));
 	}
 
 	@Override
 	public void sessionIdChanged(HttpSessionEvent event, String oldSessionId) {
-		HttpSessionIdChangedEvent e = new HttpSessionIdChangedEvent(event.getSession(), oldSessionId);
+		extracted(event.getSession(), new HttpSessionIdChangedEvent(event.getSession(), oldSessionId));
+	}
+
+	private void extracted(HttpSession session, ApplicationEvent e) {
 		Log log = LogFactory.getLog(LOGGER_NAME);
-
-		if (log.isDebugEnabled()) {
-			log.debug("Publishing event: " + e);
-		}
-
-		getContext(event.getSession().getServletContext()).publishEvent(e);
+		log.debug(LogMessage.format("Publishing event: %s", e));
+		getContext(session.getServletContext()).publishEvent(e);
 	}
 
 }
diff --git a/web/src/main/java/org/springframework/security/web/session/SessionInformationExpiredEvent.java b/web/src/main/java/org/springframework/security/web/session/SessionInformationExpiredEvent.java
index 7211a99e2a..c23c882d19 100644
--- a/web/src/main/java/org/springframework/security/web/session/SessionInformationExpiredEvent.java
+++ b/web/src/main/java/org/springframework/security/web/session/SessionInformationExpiredEvent.java
@@ -31,9 +31,9 @@ import org.springframework.util.Assert;
  */
 public final class SessionInformationExpiredEvent extends ApplicationEvent {
 
-	private HttpServletRequest request;
+	private final HttpServletRequest request;
 
-	private HttpServletResponse response;
+	private final HttpServletResponse response;
 
 	/**
 	 * Creates a new instance
diff --git a/web/src/main/java/org/springframework/security/web/session/SessionManagementFilter.java b/web/src/main/java/org/springframework/security/web/session/SessionManagementFilter.java
index 13ea888eb8..510aa072ac 100644
--- a/web/src/main/java/org/springframework/security/web/session/SessionManagementFilter.java
+++ b/web/src/main/java/org/springframework/security/web/session/SessionManagementFilter.java
@@ -25,6 +25,7 @@ import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.springframework.core.log.LogMessage;
 import org.springframework.security.authentication.AuthenticationTrustResolver;
 import org.springframework.security.authentication.AuthenticationTrustResolverImpl;
 import org.springframework.security.core.Authentication;
@@ -75,21 +76,20 @@ public class SessionManagementFilter extends GenericFilterBean {
 	}
 
 	@Override
-	public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
+	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
 			throws IOException, ServletException {
-		HttpServletRequest request = (HttpServletRequest) req;
-		HttpServletResponse response = (HttpServletResponse) res;
+		doFilter((HttpServletRequest) request, (HttpServletResponse) response, chain);
+	}
 
+	private void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
+			throws IOException, ServletException {
 		if (request.getAttribute(FILTER_APPLIED) != null) {
 			chain.doFilter(request, response);
 			return;
 		}
-
 		request.setAttribute(FILTER_APPLIED, Boolean.TRUE);
-
 		if (!this.securityContextRepository.containsContext(request)) {
 			Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
-
 			if (authentication != null && !this.trustResolver.isAnonymous(authentication)) {
 				// The user has been authenticated during the current request, so call the
 				// session strategy
@@ -101,23 +101,19 @@ public class SessionManagementFilter extends GenericFilterBean {
 					this.logger.debug("SessionAuthenticationStrategy rejected the authentication object", ex);
 					SecurityContextHolder.clearContext();
 					this.failureHandler.onAuthenticationFailure(request, response, ex);
-
 					return;
 				}
 				// Eagerly save the security context to make it available for any possible
-				// re-entrant
-				// requests which may occur before the current request completes.
-				// SEC-1396.
+				// re-entrant requests which may occur before the current request
+				// completes. SEC-1396.
 				this.securityContextRepository.saveContext(SecurityContextHolder.getContext(), request, response);
 			}
 			else {
 				// No security context or authentication present. Check for a session
 				// timeout
 				if (request.getRequestedSessionId() != null && !request.isRequestedSessionIdValid()) {
-					if (this.logger.isDebugEnabled()) {
-						this.logger.debug("Requested session ID " + request.getRequestedSessionId() + " is invalid.");
-					}
-
+					this.logger.debug(
+							LogMessage.format("Requested session ID %s is invalid.", request.getRequestedSessionId()));
 					if (this.invalidSessionStrategy != null) {
 						this.invalidSessionStrategy.onInvalidSessionDetected(request, response);
 						return;
@@ -125,7 +121,6 @@ public class SessionManagementFilter extends GenericFilterBean {
 				}
 			}
 		}
-
 		chain.doFilter(request, response);
 	}
 
diff --git a/web/src/main/java/org/springframework/security/web/util/RedirectUrlBuilder.java b/web/src/main/java/org/springframework/security/web/util/RedirectUrlBuilder.java
index f41e39f253..894b69e7a9 100644
--- a/web/src/main/java/org/springframework/security/web/util/RedirectUrlBuilder.java
+++ b/web/src/main/java/org/springframework/security/web/util/RedirectUrlBuilder.java
@@ -43,9 +43,7 @@ public class RedirectUrlBuilder {
 	private String query;
 
 	public void setScheme(String scheme) {
-		if (!("http".equals(scheme) | "https".equals(scheme))) {
-			throw new IllegalArgumentException("Unsupported scheme '" + scheme + "'");
-		}
+		Assert.isTrue("http".equals(scheme) || "https".equals(scheme), () -> "Unsupported scheme '" + scheme + "'");
 		this.scheme = scheme;
 	}
 
@@ -75,33 +73,25 @@ public class RedirectUrlBuilder {
 
 	public String getUrl() {
 		StringBuilder sb = new StringBuilder();
-
 		Assert.notNull(this.scheme, "scheme cannot be null");
 		Assert.notNull(this.serverName, "serverName cannot be null");
-
 		sb.append(this.scheme).append("://").append(this.serverName);
-
 		// Append the port number if it's not standard for the scheme
 		if (this.port != (this.scheme.equals("http") ? 80 : 443)) {
 			sb.append(":").append(this.port);
 		}
-
 		if (this.contextPath != null) {
 			sb.append(this.contextPath);
 		}
-
 		if (this.servletPath != null) {
 			sb.append(this.servletPath);
 		}
-
 		if (this.pathInfo != null) {
 			sb.append(this.pathInfo);
 		}
-
 		if (this.query != null) {
 			sb.append("?").append(this.query);
 		}
-
 		return sb.toString();
 	}
 
diff --git a/web/src/main/java/org/springframework/security/web/util/TextEscapeUtils.java b/web/src/main/java/org/springframework/security/web/util/TextEscapeUtils.java
index abedceb714..71653664c6 100644
--- a/web/src/main/java/org/springframework/security/web/util/TextEscapeUtils.java
+++ b/web/src/main/java/org/springframework/security/web/util/TextEscapeUtils.java
@@ -28,57 +28,51 @@ public abstract class TextEscapeUtils {
 		if (s == null || s.length() == 0) {
 			return s;
 		}
-
 		StringBuilder sb = new StringBuilder();
-
 		for (int i = 0; i < s.length(); i++) {
-			char c = s.charAt(i);
-
-			if (c >= 'a' && c <= 'z' || c >= 'A' && c <= 'Z' || c >= '0' && c <= '9') {
-				sb.append(c);
+			char ch = s.charAt(i);
+			if (ch >= 'a' && ch <= 'z' || ch >= 'A' && ch <= 'Z' || ch >= '0' && ch <= '9') {
+				sb.append(ch);
 			}
-			else if (c == '<') {
+			else if (ch == '<') {
 				sb.append("&lt;");
 			}
-			else if (c == '>') {
+			else if (ch == '>') {
 				sb.append("&gt;");
 			}
-			else if (c == '&') {
+			else if (ch == '&') {
 				sb.append("&amp;");
 			}
-			else if (Character.isWhitespace(c)) {
-				sb.append("&#").append((int) c).append(";");
+			else if (Character.isWhitespace(ch)) {
+				sb.append("&#").append((int) ch).append(";");
 			}
-			else if (Character.isISOControl(c)) {
+			else if (Character.isISOControl(ch)) {
 				// ignore control chars
 			}
-			else if (Character.isHighSurrogate(c)) {
+			else if (Character.isHighSurrogate(ch)) {
 				if (i + 1 >= s.length()) {
 					// Unexpected end
 					throw new IllegalArgumentException("Missing low surrogate character at end of string");
 				}
 				char low = s.charAt(i + 1);
-
 				if (!Character.isLowSurrogate(low)) {
 					throw new IllegalArgumentException(
 							"Expected low surrogate character but found value = " + (int) low);
 				}
-
-				int codePoint = Character.toCodePoint(c, low);
+				int codePoint = Character.toCodePoint(ch, low);
 				if (Character.isDefined(codePoint)) {
 					sb.append("&#").append(codePoint).append(";");
 				}
 				i++; // skip the next character as we have already dealt with it
 			}
-			else if (Character.isLowSurrogate(c)) {
-				throw new IllegalArgumentException("Unexpected low surrogate character, value = " + (int) c);
+			else if (Character.isLowSurrogate(ch)) {
+				throw new IllegalArgumentException("Unexpected low surrogate character, value = " + (int) ch);
 			}
-			else if (Character.isDefined(c)) {
-				sb.append("&#").append((int) c).append(";");
+			else if (Character.isDefined(ch)) {
+				sb.append("&#").append((int) ch).append(";");
 			}
 			// Ignore anything else
 		}
-
 		return sb.toString();
 	}
 
diff --git a/web/src/main/java/org/springframework/security/web/util/ThrowableAnalyzer.java b/web/src/main/java/org/springframework/security/web/util/ThrowableAnalyzer.java
index 73207cdcb1..2fac52493c 100755
--- a/web/src/main/java/org/springframework/security/web/util/ThrowableAnalyzer.java
+++ b/web/src/main/java/org/springframework/security/web/util/ThrowableAnalyzer.java
@@ -63,12 +63,10 @@ public class ThrowableAnalyzer {
 		if (class1.isAssignableFrom(class2)) {
 			return 1;
 		}
-		else if (class2.isAssignableFrom(class1)) {
+		if (class2.isAssignableFrom(class1)) {
 			return -1;
 		}
-		else {
-			return class1.getName().compareTo(class2.getName());
-		}
+		return class1.getName().compareTo(class2.getName());
 	};
 
 	/**
@@ -82,7 +80,6 @@ public class ThrowableAnalyzer {
 	 */
 	public ThrowableAnalyzer() {
 		this.extractorMap = new TreeMap<>(CLASS_HIERARCHY_COMPARATOR);
-
 		initExtractorMap();
 	}
 
@@ -97,7 +94,6 @@ public class ThrowableAnalyzer {
 	protected final void registerExtractor(Class<? extends Throwable> throwableType,
 			ThrowableCauseExtractor extractor) {
 		Assert.notNull(extractor, "Invalid extractor: null");
-
 		this.extractorMap.put(throwableType, extractor);
 	}
 
@@ -155,18 +151,13 @@ public class ThrowableAnalyzer {
 	 * @see #initExtractorMap()
 	 */
 	public final Throwable[] determineCauseChain(Throwable throwable) {
-		if (throwable == null) {
-			throw new IllegalArgumentException("Invalid throwable: null");
-		}
-
+		Assert.notNull(throwable, "Invalid throwable: null");
 		List<Throwable> chain = new ArrayList<>();
 		Throwable currentThrowable = throwable;
-
 		while (currentThrowable != null) {
 			chain.add(currentThrowable);
 			currentThrowable = extractCause(currentThrowable);
 		}
-
 		return chain.toArray(new Throwable[0]);
 	}
 
@@ -183,7 +174,6 @@ public class ThrowableAnalyzer {
 				return extractor.extractCause(throwable);
 			}
 		}
-
 		return null;
 	}
 
@@ -206,7 +196,6 @@ public class ThrowableAnalyzer {
 				}
 			}
 		}
-
 		return null;
 	}
 
@@ -226,16 +215,10 @@ public class ThrowableAnalyzer {
 		if (expectedBaseType == null) {
 			return;
 		}
-
-		if (throwable == null) {
-			throw new IllegalArgumentException("Invalid throwable: null");
-		}
+		Assert.notNull(throwable, "Invalid throwable: null");
 		Class<? extends Throwable> throwableType = throwable.getClass();
-
-		if (!expectedBaseType.isAssignableFrom(throwableType)) {
-			throw new IllegalArgumentException("Invalid type: '" + throwableType.getName()
-					+ "'. Has to be a subclass of '" + expectedBaseType.getName() + "'");
-		}
+		Assert.isTrue(expectedBaseType.isAssignableFrom(throwableType), () -> "Invalid type: '"
+				+ throwableType.getName() + "'. Has to be a subclass of '" + expectedBaseType.getName() + "'");
 	}
 
 }
diff --git a/web/src/main/java/org/springframework/security/web/util/UrlUtils.java b/web/src/main/java/org/springframework/security/web/util/UrlUtils.java
index 8ff574f66e..98f4bbf5c8 100644
--- a/web/src/main/java/org/springframework/security/web/util/UrlUtils.java
+++ b/web/src/main/java/org/springframework/security/web/util/UrlUtils.java
@@ -30,6 +30,8 @@ import javax.servlet.http.HttpServletRequest;
  */
 public final class UrlUtils {
 
+	private static final Pattern ABSOLUTE_URL = Pattern.compile("\\A[a-z0-9.+-]+://.*", Pattern.CASE_INSENSITIVE);
+
 	private UrlUtils() {
 	}
 
@@ -47,12 +49,9 @@ public final class UrlUtils {
 	 */
 	public static String buildFullRequestUrl(String scheme, String serverName, int serverPort, String requestURI,
 			String queryString) {
-
 		scheme = scheme.toLowerCase();
-
 		StringBuilder url = new StringBuilder();
 		url.append(scheme).append("://").append(serverName);
-
 		// Only add port if not default
 		if ("http".equals(scheme)) {
 			if (serverPort != 80) {
@@ -64,15 +63,12 @@ public final class UrlUtils {
 				url.append(":").append(serverPort);
 			}
 		}
-
 		// Use the requestURI as it is encoded (RFC 3986) and hence suitable for
 		// redirects.
 		url.append(requestURI);
-
 		if (queryString != null) {
 			url.append("?").append(queryString);
 		}
-
 		return url.toString();
 	}
 
@@ -104,9 +100,7 @@ public final class UrlUtils {
 	 */
 	private static String buildRequestUrl(String servletPath, String requestURI, String contextPath, String pathInfo,
 			String queryString) {
-
 		StringBuilder url = new StringBuilder();
-
 		if (servletPath != null) {
 			url.append(servletPath);
 			if (pathInfo != null) {
@@ -116,11 +110,9 @@ public final class UrlUtils {
 		else {
 			url.append(requestURI.substring(contextPath.length()));
 		}
-
 		if (queryString != null) {
 			url.append("?").append(queryString);
 		}
-
 		return url.toString();
 	}
 
@@ -136,12 +128,7 @@ public final class UrlUtils {
 	 * defined in RFC 1738.
 	 */
 	public static boolean isAbsoluteUrl(String url) {
-		if (url == null) {
-			return false;
-		}
-		final Pattern ABSOLUTE_URL = Pattern.compile("\\A[a-z0-9.+-]+://.*", Pattern.CASE_INSENSITIVE);
-
-		return ABSOLUTE_URL.matcher(url).matches();
+		return (url != null) ? ABSOLUTE_URL.matcher(url).matches() : false;
 	}
 
 }
diff --git a/web/src/main/java/org/springframework/security/web/util/matcher/AndRequestMatcher.java b/web/src/main/java/org/springframework/security/web/util/matcher/AndRequestMatcher.java
index 567dd989a0..d3c9808677 100644
--- a/web/src/main/java/org/springframework/security/web/util/matcher/AndRequestMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/util/matcher/AndRequestMatcher.java
@@ -24,6 +24,7 @@ import javax.servlet.http.HttpServletRequest;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
+import org.springframework.core.log.LogMessage;
 import org.springframework.util.Assert;
 
 /**
@@ -45,9 +46,7 @@ public final class AndRequestMatcher implements RequestMatcher {
 	 */
 	public AndRequestMatcher(List<RequestMatcher> requestMatchers) {
 		Assert.notEmpty(requestMatchers, "requestMatchers must contain a value");
-		if (requestMatchers.contains(null)) {
-			throw new IllegalArgumentException("requestMatchers cannot contain null values");
-		}
+		Assert.isTrue(!requestMatchers.contains(null), "requestMatchers cannot contain null values");
 		this.requestMatchers = requestMatchers;
 	}
 
@@ -62,9 +61,7 @@ public final class AndRequestMatcher implements RequestMatcher {
 	@Override
 	public boolean matches(HttpServletRequest request) {
 		for (RequestMatcher matcher : this.requestMatchers) {
-			if (this.logger.isDebugEnabled()) {
-				this.logger.debug("Trying to match using " + matcher);
-			}
+			this.logger.debug(LogMessage.format("Trying to match using %s", matcher));
 			if (!matcher.matches(request)) {
 				this.logger.debug("Did not match");
 				return false;
diff --git a/web/src/main/java/org/springframework/security/web/util/matcher/AntPathRequestMatcher.java b/web/src/main/java/org/springframework/security/web/util/matcher/AntPathRequestMatcher.java
index 0e707cfdfe..4b63dcda1a 100644
--- a/web/src/main/java/org/springframework/security/web/util/matcher/AntPathRequestMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/util/matcher/AntPathRequestMatcher.java
@@ -24,6 +24,7 @@ import javax.servlet.http.HttpServletRequest;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
+import org.springframework.core.log.LogMessage;
 import org.springframework.http.HttpMethod;
 import org.springframework.util.AntPathMatcher;
 import org.springframework.util.Assert;
@@ -116,7 +117,6 @@ public final class AntPathRequestMatcher implements RequestMatcher, RequestVaria
 			UrlPathHelper urlPathHelper) {
 		Assert.hasText(pattern, "Pattern cannot be null or empty");
 		this.caseSensitive = caseSensitive;
-
 		if (pattern.equals(MATCH_ALL) || pattern.equals("**")) {
 			pattern = MATCH_ALL;
 			this.matcher = null;
@@ -133,7 +133,6 @@ public final class AntPathRequestMatcher implements RequestMatcher, RequestVaria
 				this.matcher = new SpringAntMatcher(pattern, caseSensitive);
 			}
 		}
-
 		this.pattern = pattern;
 		this.httpMethod = StringUtils.hasText(httpMethod) ? HttpMethod.valueOf(httpMethod) : null;
 		this.urlPathHelper = urlPathHelper;
@@ -149,28 +148,17 @@ public final class AntPathRequestMatcher implements RequestMatcher, RequestVaria
 	public boolean matches(HttpServletRequest request) {
 		if (this.httpMethod != null && StringUtils.hasText(request.getMethod())
 				&& this.httpMethod != valueOf(request.getMethod())) {
-			if (logger.isDebugEnabled()) {
-				logger.debug("Request '" + request.getMethod() + " " + getRequestPath(request) + "'"
-						+ " doesn't match '" + this.httpMethod + " " + this.pattern + "'");
-			}
-
+			logger.debug(LogMessage.of(() -> "Request '" + request.getMethod() + " " + getRequestPath(request) + "'"
+					+ " doesn't match '" + this.httpMethod + " " + this.pattern + "'"));
 			return false;
 		}
-
 		if (this.pattern.equals(MATCH_ALL)) {
-			if (logger.isDebugEnabled()) {
-				logger.debug("Request '" + getRequestPath(request) + "' matched by universal pattern '/**'");
-			}
-
+			logger.debug(LogMessage
+					.of(() -> "Request '" + getRequestPath(request) + "' matched by universal pattern '/**'"));
 			return true;
 		}
-
 		String url = getRequestPath(request);
-
-		if (logger.isDebugEnabled()) {
-			logger.debug("Checking match of request : '" + url + "'; against '" + this.pattern + "'");
-		}
-
+		logger.debug(LogMessage.format("Checking match of request : '%s'; against '%s'", url, this.pattern));
 		return this.matcher.matches(url);
 	}
 
@@ -194,12 +182,10 @@ public final class AntPathRequestMatcher implements RequestMatcher, RequestVaria
 			return this.urlPathHelper.getPathWithinApplication(request);
 		}
 		String url = request.getServletPath();
-
 		String pathInfo = request.getPathInfo();
 		if (pathInfo != null) {
 			url = StringUtils.hasLength(url) ? url + pathInfo : pathInfo;
 		}
-
 		return url;
 	}
 
@@ -212,7 +198,6 @@ public final class AntPathRequestMatcher implements RequestMatcher, RequestVaria
 		if (!(obj instanceof AntPathRequestMatcher)) {
 			return false;
 		}
-
 		AntPathRequestMatcher other = (AntPathRequestMatcher) obj;
 		return this.pattern.equals(other.pattern) && this.httpMethod == other.httpMethod
 				&& this.caseSensitive == other.caseSensitive;
@@ -230,13 +215,10 @@ public final class AntPathRequestMatcher implements RequestMatcher, RequestVaria
 	public String toString() {
 		StringBuilder sb = new StringBuilder();
 		sb.append("Ant [pattern='").append(this.pattern).append("'");
-
 		if (this.httpMethod != null) {
 			sb.append(", ").append(this.httpMethod);
 		}
-
 		sb.append("]");
-
 		return sb.toString();
 	}
 
@@ -251,9 +233,8 @@ public final class AntPathRequestMatcher implements RequestMatcher, RequestVaria
 			return HttpMethod.valueOf(method);
 		}
 		catch (IllegalArgumentException ex) {
+			return null;
 		}
-
-		return null;
 	}
 
 	private interface Matcher {
@@ -306,7 +287,7 @@ public final class AntPathRequestMatcher implements RequestMatcher, RequestVaria
 		private final boolean caseSensitive;
 
 		private SubpathMatcher(String subpath, boolean caseSensitive) {
-			assert !subpath.contains("*");
+			Assert.isTrue(!subpath.contains("*"), "subpath cannot contain \"*\"");
 			this.subpath = caseSensitive ? subpath : subpath.toLowerCase();
 			this.length = subpath.length();
 			this.caseSensitive = caseSensitive;
diff --git a/web/src/main/java/org/springframework/security/web/util/matcher/AnyRequestMatcher.java b/web/src/main/java/org/springframework/security/web/util/matcher/AnyRequestMatcher.java
index 7d83e3cd0a..52a818cc5d 100644
--- a/web/src/main/java/org/springframework/security/web/util/matcher/AnyRequestMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/util/matcher/AnyRequestMatcher.java
@@ -28,6 +28,9 @@ public final class AnyRequestMatcher implements RequestMatcher {
 
 	public static final RequestMatcher INSTANCE = new AnyRequestMatcher();
 
+	private AnyRequestMatcher() {
+	}
+
 	@Override
 	public boolean matches(HttpServletRequest request) {
 		return true;
@@ -50,7 +53,4 @@ public final class AnyRequestMatcher implements RequestMatcher {
 		return "any request";
 	}
 
-	private AnyRequestMatcher() {
-	}
-
 }
diff --git a/web/src/main/java/org/springframework/security/web/util/matcher/ELRequestMatcherContext.java b/web/src/main/java/org/springframework/security/web/util/matcher/ELRequestMatcherContext.java
index de339c3d3a..d6988b3284 100644
--- a/web/src/main/java/org/springframework/security/web/util/matcher/ELRequestMatcherContext.java
+++ b/web/src/main/java/org/springframework/security/web/util/matcher/ELRequestMatcherContext.java
@@ -34,15 +34,7 @@ class ELRequestMatcherContext {
 
 	public boolean hasHeader(String headerName, String value) {
 		String header = this.request.getHeader(headerName);
-		if (!StringUtils.hasText(header)) {
-			return false;
-		}
-
-		if (header.contains(value)) {
-			return true;
-		}
-
-		return false;
+		return StringUtils.hasText(header) && header.contains(value);
 	}
 
 }
diff --git a/web/src/main/java/org/springframework/security/web/util/matcher/IpAddressMatcher.java b/web/src/main/java/org/springframework/security/web/util/matcher/IpAddressMatcher.java
index c53686db2d..2666905c6a 100644
--- a/web/src/main/java/org/springframework/security/web/util/matcher/IpAddressMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/util/matcher/IpAddressMatcher.java
@@ -47,7 +47,6 @@ public final class IpAddressMatcher implements RequestMatcher {
 	 * come.
 	 */
 	public IpAddressMatcher(String ipAddress) {
-
 		if (ipAddress.indexOf('/') > 0) {
 			String[] addressAndMask = StringUtils.split(ipAddress, "/");
 			ipAddress = addressAndMask[0];
@@ -68,33 +67,24 @@ public final class IpAddressMatcher implements RequestMatcher {
 
 	public boolean matches(String address) {
 		InetAddress remoteAddress = parseAddress(address);
-
 		if (!this.requiredAddress.getClass().equals(remoteAddress.getClass())) {
 			return false;
 		}
-
 		if (this.nMaskBits < 0) {
 			return remoteAddress.equals(this.requiredAddress);
 		}
-
 		byte[] remAddr = remoteAddress.getAddress();
 		byte[] reqAddr = this.requiredAddress.getAddress();
-
 		int nMaskFullBytes = this.nMaskBits / 8;
 		byte finalByte = (byte) (0xFF00 >> (this.nMaskBits & 0x07));
-
-		// System.out.println("Mask is " + new sun.misc.HexDumpEncoder().encode(mask));
-
 		for (int i = 0; i < nMaskFullBytes; i++) {
 			if (remAddr[i] != reqAddr[i]) {
 				return false;
 			}
 		}
-
 		if (finalByte != 0) {
 			return (remAddr[nMaskFullBytes] & finalByte) == (reqAddr[nMaskFullBytes] & finalByte);
 		}
-
 		return true;
 	}
 
diff --git a/web/src/main/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcher.java b/web/src/main/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcher.java
index 29c22f81c6..7178bc3ed6 100644
--- a/web/src/main/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcher.java
@@ -27,6 +27,7 @@ import javax.servlet.http.HttpServletRequest;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
+import org.springframework.core.log.LogMessage;
 import org.springframework.http.MediaType;
 import org.springframework.util.Assert;
 import org.springframework.web.HttpMediaTypeNotAcceptableException;
@@ -206,28 +207,22 @@ public final class MediaTypeRequestMatcher implements RequestMatcher {
 			this.logger.debug("Failed to parse MediaTypes, returning false", ex);
 			return false;
 		}
-		if (this.logger.isDebugEnabled()) {
-			this.logger.debug("httpRequestMediaTypes=" + httpRequestMediaTypes);
-		}
+		this.logger.debug(LogMessage.format("httpRequestMediaTypes=%s", httpRequestMediaTypes));
 		for (MediaType httpRequestMediaType : httpRequestMediaTypes) {
-			if (this.logger.isDebugEnabled()) {
-				this.logger.debug("Processing " + httpRequestMediaType);
-			}
+			this.logger.debug(LogMessage.format("Processing %s", httpRequestMediaType));
 			if (shouldIgnore(httpRequestMediaType)) {
 				this.logger.debug("Ignoring");
 				continue;
 			}
 			if (this.useEquals) {
 				boolean isEqualTo = this.matchingMediaTypes.contains(httpRequestMediaType);
-				this.logger.debug("isEqualTo " + isEqualTo);
+				this.logger.debug(LogMessage.format("isEqualTo %s", isEqualTo));
 				return isEqualTo;
 			}
 			for (MediaType matchingMediaType : this.matchingMediaTypes) {
 				boolean isCompatibleWith = matchingMediaType.isCompatibleWith(httpRequestMediaType);
-				if (this.logger.isDebugEnabled()) {
-					this.logger.debug(matchingMediaType + " .isCompatibleWith " + httpRequestMediaType + " = "
-							+ isCompatibleWith);
-				}
+				this.logger.debug(LogMessage.format("%s .isCompatibleWith %s = %s", matchingMediaType,
+						httpRequestMediaType, isCompatibleWith));
 				if (isCompatibleWith) {
 					return true;
 				}
diff --git a/web/src/main/java/org/springframework/security/web/util/matcher/NegatedRequestMatcher.java b/web/src/main/java/org/springframework/security/web/util/matcher/NegatedRequestMatcher.java
index f7e500a362..d31f6e6e36 100644
--- a/web/src/main/java/org/springframework/security/web/util/matcher/NegatedRequestMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/util/matcher/NegatedRequestMatcher.java
@@ -21,6 +21,7 @@ import javax.servlet.http.HttpServletRequest;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
+import org.springframework.core.log.LogMessage;
 import org.springframework.util.Assert;
 
 /**
@@ -50,9 +51,7 @@ public class NegatedRequestMatcher implements RequestMatcher {
 	@Override
 	public boolean matches(HttpServletRequest request) {
 		boolean result = !this.requestMatcher.matches(request);
-		if (this.logger.isDebugEnabled()) {
-			this.logger.debug("matches = " + result);
-		}
+		this.logger.debug(LogMessage.format("matches = %s", result));
 		return result;
 	}
 
diff --git a/web/src/main/java/org/springframework/security/web/util/matcher/OrRequestMatcher.java b/web/src/main/java/org/springframework/security/web/util/matcher/OrRequestMatcher.java
index cf501da94a..cacfa15af5 100644
--- a/web/src/main/java/org/springframework/security/web/util/matcher/OrRequestMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/util/matcher/OrRequestMatcher.java
@@ -24,6 +24,7 @@ import javax.servlet.http.HttpServletRequest;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
+import org.springframework.core.log.LogMessage;
 import org.springframework.util.Assert;
 
 /**
@@ -45,9 +46,7 @@ public final class OrRequestMatcher implements RequestMatcher {
 	 */
 	public OrRequestMatcher(List<RequestMatcher> requestMatchers) {
 		Assert.notEmpty(requestMatchers, "requestMatchers must contain a value");
-		if (requestMatchers.contains(null)) {
-			throw new IllegalArgumentException("requestMatchers cannot contain null values");
-		}
+		Assert.isTrue(!requestMatchers.contains(null), "requestMatchers cannot contain null values");
 		this.requestMatchers = requestMatchers;
 	}
 
@@ -62,9 +61,7 @@ public final class OrRequestMatcher implements RequestMatcher {
 	@Override
 	public boolean matches(HttpServletRequest request) {
 		for (RequestMatcher matcher : this.requestMatchers) {
-			if (this.logger.isDebugEnabled()) {
-				this.logger.debug("Trying to match using " + matcher);
-			}
+			this.logger.debug(LogMessage.format("Trying to match using %s", matcher));
 			if (matcher.matches(request)) {
 				this.logger.debug("matched");
 				return true;
diff --git a/web/src/main/java/org/springframework/security/web/util/matcher/RegexRequestMatcher.java b/web/src/main/java/org/springframework/security/web/util/matcher/RegexRequestMatcher.java
index 0e36a55a18..6d0bc19a1a 100644
--- a/web/src/main/java/org/springframework/security/web/util/matcher/RegexRequestMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/util/matcher/RegexRequestMatcher.java
@@ -23,6 +23,7 @@ import javax.servlet.http.HttpServletRequest;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
+import org.springframework.core.log.LogMessage;
 import org.springframework.http.HttpMethod;
 import org.springframework.util.StringUtils;
 
@@ -42,6 +43,8 @@ import org.springframework.util.StringUtils;
  */
 public final class RegexRequestMatcher implements RequestMatcher {
 
+	private static final int DEFAULT = 0;
+
 	private static final Log logger = LogFactory.getLog(RegexRequestMatcher.class);
 
 	private final Pattern pattern;
@@ -65,12 +68,7 @@ public final class RegexRequestMatcher implements RequestMatcher {
 	 * {@link Pattern#CASE_INSENSITIVE} flag set.
 	 */
 	public RegexRequestMatcher(String pattern, String httpMethod, boolean caseInsensitive) {
-		if (caseInsensitive) {
-			this.pattern = Pattern.compile(pattern, Pattern.CASE_INSENSITIVE);
-		}
-		else {
-			this.pattern = Pattern.compile(pattern);
-		}
+		this.pattern = Pattern.compile(pattern, caseInsensitive ? Pattern.CASE_INSENSITIVE : DEFAULT);
 		this.httpMethod = StringUtils.hasText(httpMethod) ? HttpMethod.valueOf(httpMethod) : null;
 	}
 
@@ -86,28 +84,20 @@ public final class RegexRequestMatcher implements RequestMatcher {
 		if (this.httpMethod != null && request.getMethod() != null && this.httpMethod != valueOf(request.getMethod())) {
 			return false;
 		}
-
 		String url = request.getServletPath();
 		String pathInfo = request.getPathInfo();
 		String query = request.getQueryString();
-
 		if (pathInfo != null || query != null) {
 			StringBuilder sb = new StringBuilder(url);
-
 			if (pathInfo != null) {
 				sb.append(pathInfo);
 			}
-
 			if (query != null) {
 				sb.append('?').append(query);
 			}
 			url = sb.toString();
 		}
-
-		if (logger.isDebugEnabled()) {
-			logger.debug("Checking match of request : '" + url + "'; against '" + this.pattern + "'");
-		}
-
+		logger.debug(LogMessage.format("Checking match of request : '%s'; against '%s'", url, this.pattern));
 		return this.pattern.matcher(url).matches();
 	}
 
@@ -122,22 +112,18 @@ public final class RegexRequestMatcher implements RequestMatcher {
 			return HttpMethod.valueOf(method);
 		}
 		catch (IllegalArgumentException ex) {
+			return null;
 		}
-
-		return null;
 	}
 
 	@Override
 	public String toString() {
 		StringBuilder sb = new StringBuilder();
 		sb.append("Regex [pattern='").append(this.pattern).append("'");
-
 		if (this.httpMethod != null) {
 			sb.append(", ").append(this.httpMethod);
 		}
-
 		sb.append("]");
-
 		return sb.toString();
 	}
 
diff --git a/web/src/main/java/org/springframework/security/web/util/matcher/RequestHeaderRequestMatcher.java b/web/src/main/java/org/springframework/security/web/util/matcher/RequestHeaderRequestMatcher.java
index 8faa366d61..8b476f37bc 100644
--- a/web/src/main/java/org/springframework/security/web/util/matcher/RequestHeaderRequestMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/util/matcher/RequestHeaderRequestMatcher.java
@@ -87,7 +87,6 @@ public final class RequestHeaderRequestMatcher implements RequestMatcher {
 		if (this.expectedHeaderValue == null) {
 			return actualHeaderValue != null;
 		}
-
 		return this.expectedHeaderValue.equals(actualHeaderValue);
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/authentication/rememberme/JdbcTokenRepositoryImplTests.java b/web/src/test/java/org/springframework/security/web/authentication/rememberme/JdbcTokenRepositoryImplTests.java
index 0835c51e80..6aaa1617cb 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/rememberme/JdbcTokenRepositoryImplTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/rememberme/JdbcTokenRepositoryImplTests.java
@@ -29,6 +29,7 @@ import org.junit.Before;
 import org.junit.BeforeClass;
 import org.junit.Test;
 import org.junit.runner.RunWith;
+import org.mockito.ArgumentCaptor;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
 
@@ -41,7 +42,6 @@ import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyString;
 import static org.mockito.ArgumentMatchers.eq;
-import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.verifyNoMoreInteractions;
@@ -133,14 +133,11 @@ public class JdbcTokenRepositoryImplTests {
 	// SEC-1964
 	@Test
 	public void retrievingTokenWithNoSeriesReturnsNull() {
-		given(this.logger.isDebugEnabled()).willReturn(true);
-
 		assertThat(this.repo.getTokenForSeries("missingSeries")).isNull();
-
-		verify(this.logger).isDebugEnabled();
-		verify(this.logger).debug(eq("Querying token for series 'missingSeries' returned no results."),
-				any(EmptyResultDataAccessException.class));
+		ArgumentCaptor<Object> captor = ArgumentCaptor.forClass(Object.class);
+		verify(this.logger).debug(captor.capture(), any(EmptyResultDataAccessException.class));
 		verifyNoMoreInteractions(this.logger);
+		assertThat(captor.getValue()).hasToString("Querying token for series 'missingSeries' returned no results.");
 	}
 
 	@Test
diff --git a/web/src/test/java/org/springframework/security/web/server/authorization/DelegatingReactiveAuthorizationManagerTests.java b/web/src/test/java/org/springframework/security/web/server/authorization/DelegatingReactiveAuthorizationManagerTests.java
index ec9056cd2f..c052bf2b2c 100644
--- a/web/src/test/java/org/springframework/security/web/server/authorization/DelegatingReactiveAuthorizationManagerTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authorization/DelegatingReactiveAuthorizationManagerTests.java
@@ -18,11 +18,12 @@ package org.springframework.security.web.server.authorization;
 
 import org.junit.Before;
 import org.junit.Test;
-import org.junit.runner.RunWith;
 import org.mockito.Mock;
-import org.mockito.junit.MockitoJUnitRunner;
+import org.mockito.MockitoAnnotations;
 import reactor.core.publisher.Mono;
 
+import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
+import org.springframework.mock.web.server.MockServerWebExchange;
 import org.springframework.security.authorization.AuthorityReactiveAuthorizationManager;
 import org.springframework.security.authorization.AuthorizationDecision;
 import org.springframework.security.core.Authentication;
@@ -40,7 +41,6 @@ import static org.mockito.Mockito.verifyZeroInteractions;
  * @author Rob Winch
  * @since 5.0
  */
-@RunWith(MockitoJUnitRunner.class)
 public class DelegatingReactiveAuthorizationManagerTests {
 
 	@Mock
@@ -55,7 +55,6 @@ public class DelegatingReactiveAuthorizationManagerTests {
 	@Mock
 	AuthorityReactiveAuthorizationManager<AuthorizationContext> delegate2;
 
-	@Mock
 	ServerWebExchange exchange;
 
 	@Mock
@@ -68,9 +67,12 @@ public class DelegatingReactiveAuthorizationManagerTests {
 
 	@Before
 	public void setup() {
+		MockitoAnnotations.initMocks(this);
 		this.manager = DelegatingReactiveAuthorizationManager.builder()
 				.add(new ServerWebExchangeMatcherEntry<>(this.match1, this.delegate1))
 				.add(new ServerWebExchangeMatcherEntry<>(this.match2, this.delegate2)).build();
+		MockServerHttpRequest request = MockServerHttpRequest.get("/test").build();
+		this.exchange = MockServerWebExchange.from(request);
 	}
 
 	@Test

From a5aa6b3d7f2f29cd45c40079b6cc1fa27fb85acc Mon Sep 17 00:00:00 2001
From: Phillip Webb <pwebb@vmware.com>
Date: Sat, 1 Aug 2020 19:33:21 -0700
Subject: [PATCH 68/84] Remove blank lines from all tests

Remove all blank lines from test code so that test methods are
visually grouped together. This generally helps to make the test
classes easer to scan, however, the "given" / "when" / "then"
blocks used by some tests are now not as easy to discern.

Issue gh-8945
---
 .../acls/AclFormattingUtilsTests.java         |  11 -
 .../AclPermissionCacheOptimizerTests.java     |   4 -
 .../acls/AclPermissionEvaluatorTests.java     |   6 -
 ...ationCollectionFilteringProviderTests.java |   3 -
 .../AclEntryAfterInvocationProviderTests.java |   4 -
 .../domain/AccessControlImplEntryTests.java   |   7 -
 .../security/acls/domain/AclImplTests.java    |  37 ---
 .../AclImplementationSecurityCheckTests.java  |  27 --
 .../acls/domain/AuditLoggerTests.java         |   1 -
 .../acls/domain/ObjectIdentityImplTests.java  |  11 -
 ...ectIdentityRetrievalStrategyImplTests.java |   2 -
 .../security/acls/domain/PermissionTests.java |   7 -
 .../AbstractBasicLookupStrategyTests.java     |  30 ---
 .../BasicLookupStrategyTestsDbHelper.java     |   2 -
 .../security/acls/jdbc/DatabaseSeeder.java    |   1 -
 .../acls/jdbc/EhCacheBasedAclCacheTests.java  |  34 ---
 .../acls/jdbc/JdbcAclServiceTests.java        |   8 -
 .../acls/jdbc/JdbcMutableAclServiceTests.java |  63 -----
 ...cMutableAclServiceTestsWithAclClassId.java |   2 -
 .../jdbc/SpringCacheBasedAclCacheTests.java   |  16 --
 .../acls/sid/SidRetrievalStrategyTests.java   |   4 -
 .../security/acls/sid/SidTests.java           |  25 --
 .../aspect/AnnotationSecurityAspectTests.java |   2 -
 .../AbstractStatelessTicketCacheTests.java    |   2 -
 .../CasAuthenticationProviderTests.java       |  43 ----
 .../CasAuthenticationTokenTests.java          |  20 --
 .../EhCacheBasedTicketCacheTests.java         |   7 -
 .../SpringCacheBasedTicketCacheTests.java     |   4 -
 .../CasAuthenticationTokenMixinTests.java     |   1 -
 .../web/CasAuthenticationEntryPointTests.java |  12 -
 .../cas/web/CasAuthenticationFilterTests.java |  15 --
 .../cas/web/ServicePropertiesTests.java       |   2 -
 ...aultServiceAuthenticationDetailsTests.java |   1 -
 .../rsocket/HelloRSocketITests.java           |   2 -
 .../config/annotation/rsocket/JwtITests.java  |   5 -
 ...RSocketMessageHandlerConnectionITests.java |  14 --
 .../rsocket/RSocketMessageHandlerITests.java  |  10 -
 .../rsocket/SimpleAuthenticationITests.java   |   3 -
 .../security/config/DataSourcePopulator.java  |   2 -
 .../config/FilterChainProxyConfigTests.java   |   7 -
 .../MockUserServiceBeanPostProcessor.java     |   1 -
 .../config/SecurityNamespaceHandlerTests.java |   3 -
 ...SecurityConfigurerAdapterClosureTests.java |   2 -
 .../SecurityConfigurerAdapterTests.java       |   1 -
 .../AuthenticationManagerBuilderTests.java    |  17 --
 .../NamespaceAuthenticationManagerTests.java  |   5 -
 .../NamespaceAuthenticationProviderTests.java |   2 -
 .../NamespaceJdbcUserServiceTests.java        |   3 -
 .../NamespacePasswordEncoderTests.java        |   4 -
 .../PasswordEncoderConfigurerTests.java       |   1 -
 ...thenticationConfigurationPublishTests.java |   1 -
 .../AuthenticationConfigurationTests.java     |  30 ---
 .../EnableGlobalAuthenticationTests.java      |   6 -
 ...AuthenticationProviderConfigurerTests.java |   1 -
 .../UserDetailsManagerConfigurerTests.java    |   7 -
 ...reBeanFactoryObjectPostProcessorTests.java |  15 --
 .../annotation/issue50/ApplicationConfig.java |   2 -
 .../EnableReactiveMethodSecurityTests.java    |  59 -----
 ...lobalMethodSecurityConfigurationTests.java |  30 +--
 ...lMethodSecurityExpressionHandlerTests.java |   6 -
 .../NamespaceGlobalMethodSecurityTests.java   |  44 ----
 ...ctiveMethodSecurityConfigurationTests.java |   9 -
 ...SampleEnableGlobalMethodSecurityTests.java |   4 -
 .../annotation/sec2758/Sec2758Tests.java      |   5 -
 ...RequestMatcherRegistryAnyMatcherTests.java |   5 -
 ...mpleWebSecurityConfigurerAdapterTests.java |  25 --
 ...curityConfigurerAdapterPowermockTests.java |   7 -
 .../WebSecurityConfigurerAdapterTests.java    |  23 --
 .../web/builders/HttpConfigurationTests.java  |   3 -
 .../web/builders/NamespaceHttpTests.java      |  40 ---
 .../web/builders/WebSecurityTests.java        |  23 --
 ...icationPrincipalArgumentResolverTests.java |   5 -
 .../configuration/EnableWebSecurityTests.java |   7 -
 .../HttpSecurityConfigurationTests.java       |  12 -
 .../OAuth2ClientConfigurationTests.java       |  17 --
 .../web/configuration/Sec2515Tests.java       |   1 -
 ...ntextConfigurationResourceServerTests.java |   3 -
 ...urityReactorContextConfigurationTests.java |  14 --
 .../WebMvcSecurityConfigurationTests.java     |   1 -
 .../WebSecurityConfigurationTests.java        |  31 ---
 .../configuration/sec2377/Sec2377Tests.java   |   2 -
 ...gAttributeRequestMatcherRegistryTests.java |   4 -
 .../configurers/AnonymousConfigurerTests.java |   4 -
 .../configurers/AuthorizeRequestsTests.java   |  82 ------
 .../ChannelSecurityConfigurerTests.java       |   6 -
 .../web/configurers/CorsConfigurerTests.java  |  12 -
 ...onfigurerIgnoringRequestMatchersTests.java |  12 -
 .../CsrfConfigurerNoWebMvcTests.java          |   3 -
 .../web/configurers/CsrfConfigurerTests.java  |  41 ---
 .../web/configurers/DefaultFiltersTests.java  |   4 -
 .../DefaultLoginPageConfigurerTests.java      |  18 --
 ...ingConfigurerAccessDeniedHandlerTests.java |   6 -
 .../ExceptionHandlingConfigurerTests.java     |  25 --
 ...essionUrlAuthorizationConfigurerTests.java |  51 ----
 .../configurers/FormLoginConfigurerTests.java |  38 ---
 .../HeadersConfigurerEagerHeadersTests.java   |   1 -
 .../configurers/HeadersConfigurerTests.java   |  34 ---
 .../configurers/HttpBasicConfigurerTests.java |   8 -
 .../HttpSecurityAntMatchersTests.java         |   5 -
 .../configurers/HttpSecurityLogoutTests.java  |   5 -
 .../HttpSecurityRequestMatchersTests.java     |  44 ----
 .../web/configurers/Issue55Tests.java         |   3 -
 .../web/configurers/JeeConfigurerTests.java   |   6 -
 .../LogoutConfigurerClearSiteDataTests.java   |   3 -
 .../configurers/LogoutConfigurerTests.java    |  18 --
 .../configurers/NamespaceHttpBasicTests.java  |  20 --
 .../NamespaceHttpFormLoginTests.java          |   9 -
 .../NamespaceHttpHeadersTests.java            |  12 -
 .../NamespaceHttpInterceptUrlTests.java       |   9 -
 .../configurers/NamespaceHttpJeeTests.java    |   7 -
 .../configurers/NamespaceHttpLogoutTests.java |   7 -
 .../NamespaceHttpOpenIDLoginTests.java        |   9 -
 .../NamespaceHttpPortMappingsTests.java       |   3 -
 .../NamespaceHttpRequestCacheTests.java       |   2 -
 ...aceHttpServerAccessDeniedHandlerTests.java |   3 -
 .../configurers/NamespaceHttpX509Tests.java   |   3 -
 .../configurers/NamespaceRememberMeTests.java |  27 --
 .../NamespaceSessionManagementTests.java      |  31 ---
 .../configurers/PermitAllSupportTests.java    |   1 -
 .../PortMapperConfigurerTests.java            |   3 -
 .../RememberMeConfigurerTests.java            |  16 --
 .../RequestCacheConfigurerTests.java          |  35 ---
 .../RequestMatcherConfigurerTests.java        |   2 -
 .../SecurityContextConfigurerTests.java       |   7 -
 .../ServletApiConfigurerTests.java            |  18 --
 ...ionManagementConfigurerServlet31Tests.java |   4 -
 ...tConfigurerSessionCreationPolicyTests.java |  10 -
 .../SessionManagementConfigurerTests.java     |  31 ---
 ...onfigurerTransientAuthenticationTests.java |   2 -
 .../UrlAuthorizationConfigurerTests.java      |  23 --
 .../configurers/UrlAuthorizationsTests.java   |   7 -
 .../web/configurers/X509ConfigurerTests.java  |   4 -
 .../client/OAuth2ClientConfigurerTests.java   |  20 --
 .../client/OAuth2LoginConfigurerTests.java    |  68 -----
 .../OAuth2ResourceServerConfigurerTests.java  | 236 ------------------
 .../openid/OpenIDLoginConfigurerTests.java    |  12 -
 .../saml2/Saml2LoginConfigurerTests.java      |   6 -
 ...geSecurityMetadataSourceRegistryTests.java |  31 ---
 .../reactive/EnableWebFluxSecurityTests.java  |  21 --
 .../ServerHttpSecurityConfigurationTests.java |   2 -
 .../WebFluxSecurityConfigurationTests.java    |   2 -
 ...SocketMessageBrokerConfigurerDocTests.java |   3 -
 ...WebSocketMessageBrokerConfigurerTests.java |  59 -----
 ...uthenticationConfigurationGh3935Tests.java |   3 -
 ...ationManagerBeanDefinitionParserTests.java |   3 -
 ...tionProviderBeanDefinitionParserTests.java |   5 -
 ...cUserServiceBeanDefinitionParserTests.java |   5 +-
 .../PasswordEncoderParserTests.java           |   2 -
 .../UserServiceBeanDefinitionParserTests.java |   1 -
 .../core/GrantedAuthorityDefaultsJcTests.java |  13 -
 .../GrantedAuthorityDefaultsXmlTests.java     |  13 -
 .../UserDetailsResourceFactoryBeanTests.java  |   6 -
 ...ityDebugBeanFactoryPostProcessorTests.java |   1 -
 .../security/config/doc/Element.java          |  12 -
 .../config/doc/SpringSecurityXsdParser.java   |  11 -
 .../security/config/doc/XmlNode.java          |   1 -
 .../security/config/doc/XmlParser.java        |   1 -
 .../security/config/doc/XmlSupport.java       |   1 -
 .../config/doc/XsdDocumentedTests.java        |  29 ---
 .../config/http/AccessDeniedConfigTests.java  |   5 -
 .../security/config/http/CsrfConfigTests.java |  67 -----
 .../DefaultFilterChainValidatorTests.java     |   3 -
 ...tadataSourceBeanDefinitionParserTests.java |   3 -
 .../FormLoginBeanDefinitionParserTests.java   |  19 --
 .../config/http/FormLoginConfigTests.java     |  29 ---
 .../security/config/http/HttpConfigTests.java |   7 -
 .../config/http/HttpCorsConfigTests.java      |  12 -
 .../config/http/HttpHeadersConfigTests.java   | 113 ---------
 .../config/http/HttpInterceptUrlTests.java    |   5 -
 .../config/http/InterceptUrlConfigTests.java  |  37 ---
 .../config/http/MiscHttpConfigTests.java      | 120 ---------
 .../http/MultiHttpBlockConfigTests.java       |   6 -
 .../config/http/NamespaceHttpBasicTests.java  |   5 -
 ...OAuth2ClientBeanDefinitionParserTests.java |  21 --
 .../OAuth2LoginBeanDefinitionParserTests.java |  66 -----
 ...sourceServerBeanDefinitionParserTests.java | 133 ----------
 .../config/http/OpenIDConfigTests.java        |  24 --
 .../http/PlaceHolderAndELConfigTests.java     |  32 ---
 .../config/http/RememberMeConfigTests.java    |  53 ----
 ...yContextHolderAwareRequestConfigTests.java |  53 ----
 ...SessionManagementConfigServlet31Tests.java |  12 -
 .../http/SessionManagementConfigTests.java    |  85 -------
 ...entConfigTransientAuthenticationTests.java |   2 -
 .../CustomHttpSecurityConfigurerTests.java    |  11 -
 ...thodSecurityBeanDefinitionParserTests.java |  15 --
 ...ptMethodsBeanDefinitionDecoratorTests.java |   3 -
 ...tationDrivenBeanDefinitionParserTests.java |   4 -
 .../security/config/method/Sec2196Tests.java  |   2 -
 ...tationDrivenBeanDefinitionParserTests.java |   5 -
 .../config/method/sec2136/Sec2136Tests.java   |   1 -
 ...egistrationsBeanDefinitionParserTests.java |  10 -
 .../config/test/SpringTestContext.java        |   2 -
 .../util/InMemoryXmlApplicationContext.java   |   1 -
 .../server/AuthorizeExchangeSpecTests.java    |  15 --
 .../config/web/server/CorsSpecTests.java      |   2 -
 .../server/ExceptionHandlingSpecTests.java    |  16 --
 .../config/web/server/FormLoginTests.java     |  57 -----
 .../config/web/server/HeaderSpecTests.java    |  42 +---
 .../web/server/HttpsRedirectSpecTests.java    |  17 --
 .../config/web/server/LogoutSpecTests.java    |  38 ---
 .../web/server/OAuth2ClientSpecTests.java     |  16 --
 .../config/web/server/OAuth2LoginTests.java   |  66 -----
 .../server/OAuth2ResourceServerSpecTests.java |  62 -----
 .../config/web/server/RequestCacheTests.java  |  15 --
 .../web/server/ServerHttpSecurityTests.java   |  64 -----
 .../WebSocketMessageBrokerConfigTests.java    |  80 ------
 .../server/HtmlUnitWebTestClient.java         |   4 -
 ...bTestClientHtmlUnitDriverBuilderTests.java |   6 -
 .../server/WebTestClientWebConnection.java    |   2 -
 ...SecurityInterceptorWithAopConfigTests.java |   9 -
 .../security/PopulatedDatabase.java           |   8 -
 .../security/TargetObject.java                |   2 -
 .../security/access/AuthorizedEventTests.java |   1 -
 .../security/access/SecurityConfigTests.java  |   6 -
 .../annotation/BusinessServiceImpl.java       |   1 -
 ...xpressionProtectedBusinessServiceImpl.java |   2 -
 .../annotation/Jsr250BusinessServiceImpl.java |   1 -
 ...r250MethodSecurityMetadataSourceTests.java |  12 -
 .../access/annotation/Jsr250VoterTests.java   |   4 -
 ...AnnotationSecurityMetadataSourceTests.java |  28 ---
 ...bstractSecurityExpressionHandlerTests.java |   1 -
 .../SecurityExpressionRootTests.java          |   2 -
 ...tMethodSecurityExpressionHandlerTests.java |  21 --
 .../method/MethodExpressionVoterTests.java    |   5 +-
 .../MethodSecurityExpressionRootTests.java    |   7 -
 ...AnnotationSecurityMetadataSourceTests.java |   9 -
 .../HierarchicalRolesTestHelper.java          |   5 -
 .../RoleHierarchyAuthoritiesMapperTests.java  |   5 -
 .../RoleHierarchyImplTests.java               |  26 --
 .../RoleHierarchyUtilsTests.java              |   7 -
 .../hierarchicalroles/TestHelperTests.java    |  15 --
 .../AbstractSecurityInterceptorTests.java     |   1 -
 .../AfterInvocationProviderManagerTests.java  |  12 -
 .../InterceptorStatusTokenTests.java          |   1 -
 .../RunAsImplAuthenticationProviderTests.java |   5 -
 .../intercept/RunAsManagerImplTests.java      |  15 --
 .../access/intercept/RunAsUserTokenTests.java |   1 -
 .../MethodSecurityInterceptorTests.java       |  13 -
 ...hodSecurityMetadataSourceAdvisorTests.java |   2 -
 ...AspectJMethodSecurityInterceptorTests.java |  11 -
 ...asedMethodSecurityMetadataSourceTests.java |   1 -
 ...thodInvocationPrivilegeEvaluatorTests.java |   7 -
 .../AbstractAccessDecisionManagerTests.java   |   9 -
 .../access/vote/AffirmativeBasedTests.java    |   5 -
 .../access/vote/AuthenticatedVoterTests.java  |   2 -
 .../access/vote/ConsensusBasedTests.java      |  14 --
 .../security/access/vote/DenyAgainVoter.java  |   3 -
 .../security/access/vote/DenyVoter.java       |   3 -
 .../access/vote/RoleHierarchyVoterTests.java  |   2 -
 .../access/vote/UnanimousBasedTests.java      |  16 --
 .../AbstractAuthenticationTokenTests.java     |  11 -
 .../AuthenticationTrustResolverImplTests.java |   2 -
 ...aultAuthenticationEventPublisherTests.java |   6 -
 ...ingReactiveAuthenticationManagerTests.java |   6 -
 .../authentication/ProviderManagerTests.java  |  20 --
 ...tiveAuthenticationManagerAdapterTests.java |   6 -
 ...ailsServiceAuthenticationManagerTests.java |  11 -
 .../TestingAuthenticationProviderTests.java   |   2 -
 .../TestingAuthenticationTokenTests.java      |   3 -
 ...oryReactiveAuthenticationManagerTests.java |  21 --
 ...rnamePasswordAuthenticationTokenTests.java |   6 -
 .../AnonymousAuthenticationProviderTests.java |   8 -
 .../AnonymousAuthenticationTokenTests.java    |  10 -
 .../dao/DaoAuthenticationProviderTests.java   |  90 -------
 .../event/AuthenticationEventTests.java       |   4 -
 .../event/LoggerListenerTests.java            |   2 -
 ...efaultJaasAuthenticationProviderTests.java |  21 --
 .../jaas/JaasAuthenticationProviderTests.java |  27 --
 .../authentication/jaas/JaasEventCheck.java   |   1 -
 .../authentication/jaas/Sec760Tests.java      |   2 -
 .../jaas/SecurityContextLoginModuleTests.java |   3 -
 .../jaas/TestAuthorityGranter.java            |   2 -
 .../authentication/jaas/TestLoginModule.java  |   7 -
 .../memory/InMemoryConfigurationTests.java    |   1 -
 .../RemoteAuthenticationManagerImplTests.java |   5 -
 .../RemoteAuthenticationProviderTests.java    |   9 -
 ...RememberMeAuthenticationProviderTests.java |   8 -
 .../RememberMeAuthenticationTokenTests.java   |  10 -
 ...atedReactiveAuthorizationManagerTests.java |   7 -
 ...rityReactiveAuthorizationManagerTests.java |  17 --
 ...elegatingSecurityContextRunnableTests.java |   1 -
 .../DelegatingApplicationListenerTests.java   |   4 -
 .../core/SpringSecurityCoreVersionTests.java  |  16 --
 .../SpringSecurityMessageSourceTests.java     |   5 -
 .../core/authority/AuthorityUtilsTests.java   |   2 -
 .../SimpleGrantedAuthorityTests.java          |   4 -
 .../mapping/SimpleAuthoritiesMapperTests.java |   3 -
 .../ReactiveSecurityContextHolderTests.java   |   9 -
 .../context/SecurityContextHolderTests.java   |   1 -
 ...tSecurityParameterNameDiscovererTests.java |   7 -
 .../core/session/SessionInformationTests.java |   4 -
 .../session/SessionRegistryImplTests.java     |  26 --
 .../core/token/DefaultTokenTests.java         |   2 -
 .../MapReactiveUserDetailsServiceTests.java   |   2 -
 .../userdetails/MockUserDetailsService.java   |   1 -
 .../security/core/userdetails/UserTests.java  |  14 --
 .../cache/EhCacheBasedUserCacheTests.java     |   6 -
 .../cache/SpringCacheBasedUserCacheTests.java |   3 -
 .../userdetails/jdbc/JdbcDaoImplTests.java    |  17 --
 .../memory/UserAttributeEditorTests.java      |   9 -
 ...nonymousAuthenticationTokenMixinTests.java |   1 -
 .../BadCredentialsExceptionMixinTests.java    |   1 -
 ...memberMeAuthenticationTokenMixinTests.java |   2 -
 .../jackson2/SecurityContextMixinTests.java   |   1 -
 .../SecurityJackson2ModulesTests.java         |   5 -
 .../SimpleGrantedAuthorityMixinTests.java     |   6 -
 .../jackson2/UserDeserializerTests.java       |   4 -
 .../InMemoryUserDetailsManagerTests.java      |   1 -
 .../JdbcUserDetailsManagerTests.java          |  32 ---
 .../security/util/FieldUtilsTests.java        |   2 -
 .../util/MethodInvocationUtilsTests.java      |   3 -
 .../argon2/Argon2PasswordEncoderTests.java    |  16 --
 .../bcrypt/BCryptPasswordEncoderTests.java    |   3 -
 .../security/crypto/bcrypt/BCryptTests.java   |   9 -
 .../security/crypto/codec/Utf8Tests.java      |   2 -
 .../encrypt/AesBytesEncryptorTests.java       |   5 -
 ...stleAesBytesEncryptorEquivalencyTests.java |   1 -
 .../crypto/encrypt/CryptoAssumptions.java     |   1 -
 .../PasswordEncoderFactoriesTests.java        |   1 -
 .../DelegatingPasswordEncoderTests.java       |  22 --
 .../password/LdapShaPasswordEncoderTests.java |   3 -
 .../password/Md4PasswordEncoderTests.java     |   1 -
 .../MessageDigestPasswordEncoderTests.java    |   1 -
 .../password/Pbkdf2PasswordEncoderTests.java  |   5 -
 .../scrypt/SCryptPasswordEncoderTests.java    |   5 -
 ...curityEvaluationContextExtensionTests.java |   4 -
 .../security/ldap/LdapUtilsTests.java         |   5 -
 ...ringSecurityAuthenticationSourceTests.java |   4 -
 .../ldap/SpringSecurityLdapTemplateTests.java |   3 -
 .../LdapAuthenticationProviderTests.java      |  16 --
 ...swordComparisonAuthenticatorMockTests.java |   6 -
 ...ectoryLdapAuthenticationProviderTests.java |  38 ---
 ...PasswordPolicyAwareContextSourceTests.java |   4 -
 .../PasswordPolicyControlFactoryTests.java    |   2 -
 .../PasswordPolicyResponseControlTests.java   |  10 -
 .../ldap/userdetails/InetOrgPersonTests.java  |   8 -
 .../userdetails/LdapUserDetailsImplTests.java |   1 -
 .../LdapUserDetailsMapperTests.java           |  14 --
 .../LdapUserDetailsServiceTests.java          |   4 -
 ...sServiceLdapAuthoritiesPopulatorTests.java |   2 -
 ...MessageSecurityExpressionHandlerTests.java |   5 -
 ...ageSecurityMetadataSourceFactoryTests.java |   7 -
 ...MessageExpressionConfigAttributeTests.java |   3 -
 .../MessageExpressionVoterTests.java          |   4 -
 .../ChannelSecurityInterceptorTests.java      |  12 -
 ...ultMessageSecurityMetadataSourceTests.java |   3 -
 ...ecurityContextChannelInterceptorTests.java |  36 ---
 .../handler/invocation/ResolvableMethod.java  |   7 -
 .../util/matcher/AndMessageMatcherTests.java  |   5 -
 .../util/matcher/OrMessageMatcherTests.java   |   5 -
 .../SimpDestinationMessageMatcherTests.java   |  18 --
 .../matcher/SimpMessageTypeMatcherTests.java  |   3 -
 .../web/csrf/CsrfChannelInterceptorTests.java |  13 -
 .../CsrfTokenHandshakeInterceptorTests.java   |   4 -
 ...deOAuth2AuthorizedClientProviderTests.java |   1 -
 ...veOAuth2AuthorizedClientProviderTests.java |   1 -
 ...iceOAuth2AuthorizedClientManagerTests.java |  37 ---
 ...iveOAuth2AuthorizedClientManagerTests.java |  84 -------
 ...lsOAuth2AuthorizedClientProviderTests.java |  12 -
 ...veOAuth2AuthorizedClientProviderTests.java |  12 -
 ...ngOAuth2AuthorizedClientProviderTests.java |   3 -
 ...veOAuth2AuthorizedClientProviderTests.java |   4 -
 ...oryOAuth2AuthorizedClientServiceTests.java |  10 -
 ...iveOAuth2AuthorizedClientServiceTests.java |   3 -
 ...dbcOAuth2AuthorizedClientServiceTests.java |  33 ---
 .../client/OAuth2AuthorizeRequestTests.java   |   3 -
 ...2AuthorizedClientProviderBuilderTests.java |  20 --
 .../client/OAuth2AuthorizedClientTests.java   |   1 -
 ...rdOAuth2AuthorizedClientProviderTests.java |  13 -
 ...veOAuth2AuthorizedClientProviderTests.java |  13 -
 ...2AuthorizedClientProviderBuilderTests.java |  35 ---
 ...enOAuth2AuthorizedClientProviderTests.java |  14 --
 ...veOAuth2AuthorizedClientProviderTests.java |  14 --
 .../OAuth2AuthenticationTokenTests.java       |   1 -
 ...zationCodeAuthenticationProviderTests.java |   8 -
 ...orizationCodeAuthenticationTokenTests.java |   2 -
 ...odeReactiveAuthenticationManagerTests.java |   5 -
 ...Auth2LoginAuthenticationProviderTests.java |  18 --
 .../OAuth2LoginAuthenticationTokenTests.java  |   2 -
 ...ginReactiveAuthenticationManagerTests.java |   8 -
 ...orizationCodeTokenResponseClientTests.java |  22 --
 ...ntCredentialsTokenResponseClientTests.java |  33 ---
 ...faultPasswordTokenResponseClientTests.java |  21 --
 ...tRefreshTokenTokenResponseClientTests.java |  22 --
 ...orizationCodeTokenResponseClientTests.java |  43 ----
 ...nCodeGrantRequestEntityConverterTests.java |  12 -
 ...th2AuthorizationCodeGrantRequestTests.java |   1 -
 ...tialsGrantRequestEntityConverterTests.java |   4 -
 ...th2ClientCredentialsGrantRequestTests.java |   2 -
 ...swordGrantRequestEntityConverterTests.java |   4 -
 ...TokenGrantRequestEntityConverterTests.java |   4 -
 ...orizationCodeTokenResponseClientTests.java |  28 ---
 ...ntCredentialsTokenResponseClientTests.java |  14 --
 ...ctivePasswordTokenResponseClientTests.java |  21 --
 ...eRefreshTokenTokenResponseClientTests.java |  22 --
 .../OAuth2ErrorResponseErrorHandlerTests.java |   4 -
 ...uth2AuthenticationExceptionMixinTests.java |   6 -
 .../OAuth2AuthenticationTokenMixinTests.java  |   2 -
 ...zationCodeAuthenticationProviderTests.java |  27 --
 ...odeReactiveAuthenticationManagerTests.java |  32 ---
 .../OidcIdTokenDecoderFactoryTests.java       |  12 -
 .../OidcIdTokenValidatorTests.java            |   2 -
 ...eactiveOidcIdTokenDecoderFactoryTests.java |  12 -
 .../OidcReactiveOAuth2UserServiceTests.java   |  15 --
 .../oidc/userinfo/OidcUserRequestTests.java   |   1 -
 .../userinfo/OidcUserRequestUtilsTests.java   |   3 -
 .../oidc/userinfo/OidcUserServiceTests.java   |  60 -----
 ...entInitiatedLogoutSuccessHandlerTests.java |  15 --
 ...tiatedServerLogoutSuccessHandlerTests.java |  20 --
 .../registration/ClientRegistrationTests.java |  11 -
 .../ClientRegistrationsTests.java             |  33 ---
 ...CustomUserTypesOAuth2UserServiceTests.java |  18 --
 .../DefaultOAuth2UserServiceTests.java        |  42 ----
 ...DefaultReactiveOAuth2UserServiceTests.java |  19 --
 .../DelegatingOAuth2UserServiceTests.java     |   4 -
 ...OAuth2UserRequestEntityConverterTests.java |   7 -
 .../userinfo/OAuth2UserRequestTests.java      |   1 -
 ...uth2AuthorizationRequestResolverTests.java |  27 --
 ...ultOAuth2AuthorizedClientManagerTests.java |  43 ----
 ...iveOAuth2AuthorizedClientManagerTests.java |  76 ------
 ...h2AuthorizationRequestRepositoryTests.java |  36 ---
 ...OAuth2AuthorizedClientRepositoryTests.java |   9 -
 ...uth2AuthorizationCodeGrantFilterTests.java |  36 ---
 ...thorizationRequestRedirectFilterTests.java |  43 ----
 .../OAuth2LoginAuthenticationFilterTests.java |  53 ----
 ...AuthorizedClientArgumentResolverTests.java |  14 --
 ...zedClientExchangeFilterFunctionITests.java |  28 ---
 ...izedClientExchangeFilterFunctionTests.java | 116 ---------
 ...zedClientExchangeFilterFunctionITests.java |  18 --
 ...izedClientExchangeFilterFunctionTests.java |  95 -------
 ...uth2AuthorizationRequestResolverTests.java |  21 --
 ...2AuthorizationCodeGrantWebFilterTests.java |  31 ---
 ...rizationRequestRedirectWebFilterTests.java |   2 -
 ...CodeAuthenticationTokenConverterTests.java |   6 -
 ...OAuth2AuthorizedClientRepositoryTests.java |   8 -
 ...erAuthorizationRequestRepositoryTests.java |  28 ---
 ...OAuth2AuthorizedClientRepositoryTests.java |   9 -
 ...uth2LoginAuthenticationWebFilterTests.java |   1 -
 .../oauth2/core/ClaimAccessorTests.java       |  10 -
 ...aultOAuth2AuthenticatedPrincipalTests.java |   2 -
 .../DelegatingOAuth2TokenValidatorTests.java  |  19 --
 .../oauth2/core/OAuth2AccessTokenTests.java   |   2 -
 .../oauth2/core/OAuth2ErrorTests.java         |   1 -
 .../core/OAuth2TokenValidatorResultTests.java |   2 -
 .../converter/ClaimTypeConverterTests.java    |   9 -
 ...uth2AccessTokenResponseConverterTests.java |   8 -
 ...2AccessTokenResponseMapConverterTests.java |   4 -
 .../OAuth2AccessTokenResponseTests.java       |  10 -
 .../OAuth2AuthorizationRequestTests.java      |  14 --
 ...okenResponseHttpMessageConverterTests.java |  19 --
 .../OAuth2ErrorHttpMessageConverterTests.java |  12 -
 .../DefaultAddressStandardClaimTests.java     |   3 -
 .../core/oidc/OidcIdTokenBuilderTests.java    |  18 --
 .../oauth2/core/oidc/OidcIdTokenTests.java    |   2 -
 .../core/oidc/OidcUserInfoBuilderTests.java   |  10 -
 .../oauth2/core/oidc/OidcUserInfoTests.java   |   4 -
 .../core/oidc/user/DefaultOidcUserTests.java  |   6 -
 .../oidc/user/OidcUserAuthorityTests.java     |   3 -
 .../core/user/DefaultOAuth2UserTests.java     |   1 -
 .../core/user/OAuth2UserAuthorityTests.java   |   1 -
 .../function/OAuth2BodyExtractorsTests.java   |  13 -
 .../security/oauth2/jose/TestKeys.java        |   3 -
 .../security/oauth2/jwt/JwtBuilderTests.java  |  21 --
 .../security/oauth2/jwt/JwtDecodersTests.java |   2 -
 .../oauth2/jwt/JwtIssuerValidatorTests.java   |   5 -
 .../security/oauth2/jwt/JwtTests.java         |   3 -
 .../jwt/JwtTimestampValidatorTests.java       |  28 ---
 .../jwt/MappedJwtClaimSetConverterTests.java  |  28 ---
 .../jwt/NimbusJwtDecoderJwkSupportTests.java  |  11 -
 .../oauth2/jwt/NimbusJwtDecoderTests.java     |  14 --
 .../jwt/NimbusReactiveJwtDecoderTests.java    |  19 --
 .../oauth2/jwt/ReactiveJwtDecodersTests.java  |  12 -
 .../jwt/ReactiveRemoteJWKSourceTests.java     |  11 -
 .../TestOAuth2AuthenticatedPrincipals.java    |   1 -
 .../BearerTokenAuthenticationTokenTests.java  |   1 -
 .../resource/BearerTokenErrorTests.java       |   2 -
 .../JwtAuthenticationConverterTests.java      |   8 -
 .../JwtAuthenticationProviderTests.java       |  13 -
 .../JwtAuthenticationTokenTests.java          |   8 -
 ...arerTokenAuthenticationConverterTests.java |   6 -
 .../JwtGrantedAuthoritiesConverterTests.java  |  32 ---
 ...uerAuthenticationManagerResolverTests.java |   8 -
 ...iveAuthenticationManagerResolverTests.java |   8 -
 ...JwtReactiveAuthenticationManagerTests.java |   8 -
 ...paqueTokenAuthenticationProviderTests.java |   8 -
 ...kenReactiveAuthenticationManagerTests.java |   8 -
 ...wtAuthenticationConverterAdapterTests.java |  17 --
 ...activeJwtAuthenticationConverterTests.java |   6 -
 ...antedAuthoritiesConverterAdapterTests.java |   3 -
 .../TestBearerTokenAuthentications.java       |   1 -
 .../NimbusOpaqueTokenIntrospectorTests.java   |  16 --
 ...sReactiveOpaqueTokenIntrospectorTests.java |  11 -
 ...rospectionAuthenticatedPrincipalTests.java |   5 -
 ...rerTokenAuthenticationEntryPointTests.java |  27 --
 .../BearerTokenAuthenticationFilterTests.java |  25 --
 .../web/DefaultBearerTokenResolverTests.java  |  17 --
 .../web/HeaderBearerTokenResolverTests.java   |   2 -
 .../BearerTokenAccessDeniedHandlerTests.java  |  12 -
 ...erTokenServerAccessDeniedHandlerTests.java |   9 -
 ...rverBearerExchangeFilterFunctionTests.java |   8 -
 ...vletBearerExchangeFilterFunctionTests.java |   8 -
 ...enServerAuthenticationEntryPointTests.java |  10 -
 ...arerTokenAuthenticationConverterTests.java |  16 --
 .../openid/OpenID4JavaConsumerTests.java      |  27 --
 .../OpenIDAuthenticationFilterTests.java      |   4 -
 .../OpenIDAuthenticationProviderTests.java    |  21 --
 .../remoting/dns/JndiDnsResolverTests.java    |   7 -
 ...SimpleHttpInvokerRequestExecutorTests.java |   6 -
 ...ntextPropagatingRemoteInvocationTests.java |  11 -
 .../AnonymousPayloadInterceptorTests.java     |   6 -
 ...AuthenticationPayloadInterceptorTests.java |   9 -
 .../AuthorizationPayloadInterceptorTests.java |  10 -
 ...cherReactiveAuthorizationManagerTests.java |   4 -
 .../core/PayloadInterceptorRSocketTests.java  |  59 -----
 ...PayloadSocketAcceptorInterceptorTests.java |  11 -
 .../core/PayloadSocketAcceptorTests.java      |  15 --
 .../BasicAuthenticationDecoderTests.java      |   2 -
 .../saml2/core/TestSaml2X509Credentials.java  |   1 -
 .../credentials/TestSaml2X509Credentials.java |   1 -
 ...faultSaml2AuthenticatedPrincipalTests.java |   4 -
 .../OpenSamlAuthenticationProviderTests.java  |  18 --
 ...SamlAuthenticationRequestFactoryTests.java |   3 -
 .../authentication/TestOpenSamlObjects.java   |  22 --
 .../OpenSamlMetadataResolverTests.java        |  10 -
 .../RelyingPartyRegistrationTests.java        |   1 -
 .../TestRelyingPartyRegistrations.java        |   3 -
 .../Saml2WebSsoAuthenticationFilterTests.java |   3 -
 ...ebSsoAuthenticationRequestFilterTests.java |   4 -
 ...enticationRequestContextResolverTests.java |   3 -
 .../service/web/Saml2MetadataFilterTests.java |  27 --
 .../security/taglibs/TldTests.java            |   5 -
 .../authz/AbstractAuthorizeTagTests.java      |   5 -
 .../authz/AccessControlListTagTests.java      |  16 --
 .../taglibs/authz/AuthenticationTagTests.java |   6 -
 .../taglibs/authz/AuthorizeTagTests.java      |   4 -
 .../taglibs/csrf/AbstractCsrfTagTests.java    |  11 -
 .../taglibs/csrf/CsrfInputTagTests.java       |   4 -
 .../taglibs/csrf/CsrfMetaTagsTagTests.java    |   4 -
 .../TestSecurityContextHolderTests.java       |   5 -
 .../SecurityTestExecutionListenerTests.java   |   1 -
 ...hMockCustomUserSecurityContextFactory.java |   1 -
 .../context/showcase/WithMockUserTests.java   |   1 -
 .../showcase/WithUserDetailsTests.java        |   1 -
 ...ctorContextTestExecutionListenerTests.java |  25 --
 .../support/WithAnonymousUserTests.java       |   3 -
 ...thMockUserSecurityContextFactoryTests.java |   6 -
 .../context/support/WithMockUserTests.java    |   4 -
 ...ityContextTestExcecutionListenerTests.java |  11 -
 ...rityContextTestExecutionListenerTests.java |  12 -
 ...serDetailsSecurityContextFactoryTests.java |   5 -
 .../context/support/WithUserDetailsTests.java |   4 -
 .../AbstractMockServerConfigurersTests.java   |   2 -
 ...yMockServerConfigurerOpaqueTokenTests.java |   8 -
 ...tyMockServerConfigurersAnnotatedTests.java |  12 -
 ...kServerConfigurersClassAnnotatedTests.java |   3 -
 ...SecurityMockServerConfigurersJwtTests.java |   6 -
 ...ockServerConfigurersOAuth2ClientTests.java |  11 -
 ...MockServerConfigurersOAuth2LoginTests.java |  12 -
 ...tyMockServerConfigurersOidcLoginTests.java |  13 -
 .../SecurityMockServerConfigurersTests.java   |  14 --
 .../web/servlet/request/Sec2935Tests.java     |   8 -
 ...yMockMvcRequestBuildersFormLoginTests.java |   7 -
 ...MockMvcRequestBuildersFormLogoutTests.java |   7 -
 ...uestPostProcessorsAuthenticationTests.java |   1 -
 ...RequestPostProcessorsCertificateTests.java |   4 -
 ...MockMvcRequestPostProcessorsCsrfTests.java |   2 -
 ...ckMvcRequestPostProcessorsDigestTests.java |   6 -
 ...yMockMvcRequestPostProcessorsJwtTests.java |   6 -
 ...equestPostProcessorsOAuth2ClientTests.java |   5 -
 ...RequestPostProcessorsOAuth2LoginTests.java |   7 -
 ...vcRequestPostProcessorsOidcLoginTests.java |   6 -
 ...RequestPostProcessorsOpaqueTokenTests.java |   5 -
 ...estPostProcessorsSecurityContextTests.java |   1 -
 ...ostProcessorsTestSecurityContextTests.java |   3 -
 ...RequestPostProcessorsUserDetailsTests.java |   1 -
 ...MockMvcRequestPostProcessorsUserTests.java |   8 -
 .../web/servlet/response/Gh3409Tests.java     |   3 -
 .../setup/SecurityMockMvcConfigurerTests.java |   7 -
 .../SecurityMockMvcConfigurersTests.java      |   2 -
 .../CustomConfigAuthenticationTests.java      |   1 -
 .../test/web/support/WebTestUtilsTests.java   |   6 -
 .../security/MockFilterConfig.java            |   1 -
 .../web/DefaultRedirectStrategyTests.java     |   5 -
 .../security/web/FilterChainProxyTests.java   |  11 -
 .../security/web/FilterInvocationTests.java   |   6 -
 .../security/web/PortMapperImplTests.java     |   8 -
 .../security/web/PortResolverImplTests.java   |   5 -
 ...tWebInvocationPrivilegeEvaluatorTests.java |   2 -
 .../DelegatingAccessDeniedHandlerTests.java   |   4 -
 .../ExceptionTranslationFilterTests.java      |  29 ---
 ...herDelegatingAccessDeniedHandlerTests.java |   6 -
 .../ChannelDecisionManagerImplTests.java      |  19 --
 .../channel/ChannelProcessingFilterTests.java |  27 --
 .../InsecureChannelProcessorTests.java        |  13 -
 .../channel/RetryWithHttpEntryPointTests.java |  15 --
 .../RetryWithHttpsEntryPointTests.java        |  15 --
 .../channel/SecureChannelProcessorTests.java  |  13 -
 ...leEvaluationContextPostProcessorTests.java |   2 -
 ...aultWebSecurityExpressionHandlerTests.java |   3 -
 .../DelegatingEvaluationContextTests.java     |  13 -
 .../expression/WebExpressionVoterTests.java   |   3 -
 .../WebSecurityExpressionRootTests.java       |   4 -
 ...InvocationSecurityMetadataSourceTests.java |  18 --
 .../FilterSecurityInterceptorTests.java       |  19 --
 .../web/access/intercept/RequestKeyTests.java |   4 -
 ...ctAuthenticationProcessingFilterTests.java |  61 -----
 .../AnonymousAuthenticationFilterTests.java   |   5 -
 .../AuthenticationFilterTests.java            |  29 ---
 ...DefaultLoginPageGeneratingFilterTests.java |  21 --
 ...gAuthenticationEntryPointContextTests.java |   2 -
 ...legatingAuthenticationEntryPointTests.java |   6 -
 ...tingAuthenticationFailureHandlerTests.java |  15 --
 ...pingAuthenticationFailureHandlerTests.java |   2 -
 ...rwardAuthenticaionSuccessHandlerTests.java |   3 -
 ...wardAuthenticationFailureHandlerTests.java |   3 -
 .../HttpStatusEntryPointTests.java            |   1 -
 ...LoginUrlAuthenticationEntryPointTests.java |  24 --
 ...wareAuthenticationSuccessHandlerTests.java |   4 -
 ...eUrlAuthenticationFailureHandlerTests.java |   6 -
 ...eUrlAuthenticationSuccessHandlerTests.java |  11 -
 ...namePasswordAuthenticationFilterTests.java |  15 --
 .../logout/CompositeLogoutHandlerTests.java   |  11 -
 .../DelegatingLogoutSuccessHandlerTests.java  |   8 -
 .../ForwardLogoutSuccessHandlerTests.java     |   7 -
 .../HeaderWriterLogoutHandlerTests.java       |   2 -
 ...tusReturningLogoutSuccessHandlerTests.java |   8 -
 .../logout/LogoutHandlerTests.java            |   4 -
 ...cessEventPublishingLogoutHandlerTests.java |   4 -
 .../SecurityContextLogoutHandlerTests.java    |   3 -
 ...PreAuthenticatedProcessingFilterTests.java |  42 ----
 ...henticatedAuthenticationProviderTests.java |   2 -
 ...AuthenticatedAuthenticationTokenTests.java |   8 +-
 ...tedAuthoritiesUserDetailsServiceTests.java |   2 -
 ...estAttributeAuthenticationFilterTests.java |   6 -
 ...equestHeaderAuthenticationFilterTests.java |   6 -
 ...edWebAuthenticationDetailsSourceTests.java |   3 -
 ...PreAuthenticatedProcessingFilterTests.java |   1 -
 .../WebXmlJ2eeDefinedRolesRetrieverTests.java |   2 -
 ...PreAuthenticatedProcessingFilterTests.java |   3 -
 .../preauth/x509/X509TestUtils.java           |   3 -
 .../AbstractRememberMeServicesTests.java      |  70 ------
 .../JdbcTokenRepositoryImplTests.java         |  15 --
 .../NullRememberMeServicesTests.java          |   1 -
 ...tentTokenBasedRememberMeServicesTests.java |   5 -
 .../RememberMeAuthenticationFilterTests.java  |  11 -
 .../TokenBasedRememberMeServicesTests.java    |  37 ---
 ...iteSessionAuthenticationStrategyTests.java |   4 -
 ...ionControlAuthenticationStrategyTests.java |  12 -
 ...terSessionAuthenticationStrategyTests.java |   1 -
 .../switchuser/SwitchUserFilterTests.java     |  67 -----
 ...efaultLogoutPageGeneratingFilterTests.java |   3 -
 .../BasicAuthenticationConverterTests.java    |   5 -
 .../BasicAuthenticationEntryPointTests.java   |   8 -
 .../www/BasicAuthenticationFilterTests.java   |  60 -----
 .../www/DigestAuthUtilsTests.java             |  14 --
 .../DigestAuthenticationEntryPointTests.java  |  20 --
 .../www/DigestAuthenticationFilterTests.java  |  73 ------
 .../ConcurrentSessionFilterTests.java         |  46 ----
 ...ecurityWebApplicationInitializerTests.java |  70 ------
 ...SessionSecurityContextRepositoryTests.java |  25 --
 ...xtOnUpdateOrErrorResponseWrapperTests.java |   1 -
 ...SecurityContextPersistenceFilterTests.java |   7 -
 ...extCallableProcessingInterceptorTests.java |   4 -
 ...WebAsyncManagerIntegrationFilterTests.java |   5 -
 .../csrf/CookieCsrfTokenRepositoryTests.java  |  36 ---
 .../csrf/CsrfAuthenticationStrategyTests.java |   5 -
 .../security/web/csrf/CsrfFilterTests.java    |  51 ----
 .../web/csrf/CsrfLogoutHandlerTests.java      |   1 -
 .../HttpSessionCsrfTokenRepositoryTests.java  |  15 --
 .../csrf/LazyCsrfTokenRepositoryTests.java    |   6 -
 .../security/web/debug/DebugFilterTests.java  |   8 -
 .../firewall/DefaultHttpFirewallTests.java    |   4 -
 .../web/firewall/FirewalledResponseTests.java |  17 --
 .../web/firewall/RequestWrapperTests.java     |   4 -
 .../web/firewall/StrictHttpFirewallTests.java |  52 ----
 .../web/header/HeaderWriterFilterTests.java   |  17 --
 .../CacheControlHeadersWriterTests.java       |   9 -
 .../ClearSiteDataHeaderWriterTests.java       |   4 -
 .../writers/CompositeHeaderWriterTests.java   |   2 -
 ...ontentSecurityPolicyHeaderWriterTests.java |   8 -
 ...gatingRequestMatcherHeaderWriterTests.java |   4 -
 .../FeaturePolicyHeaderWriterTests.java       |   1 -
 .../header/writers/HpkpHeaderWriterTests.java |  25 --
 .../header/writers/HstsHeaderWriterTests.java |  18 --
 .../ReferrerPolicyHeaderWriterTests.java      |   3 -
 .../writers/StaticHeaderWriterTests.java      |   5 -
 .../XContentTypeOptionsHeaderWriterTests.java |   1 -
 .../XXssProtectionHeaderWriterTests.java      |   8 -
 ...equestParameterAllowFromStrategyTests.java |   5 -
 .../FrameOptionsHeaderWriterTests.java        |  10 -
 .../RegExpAllowFromStrategyTests.java         |   3 -
 .../WhiteListedAllowFromStrategyTests.java    |   5 -
 .../XFrameOptionsHeaderWriterTests.java       |   2 -
 .../JaasApiIntegrationFilterTests.java        |   5 -
 .../web/jackson2/CookieMixinTests.java        |   1 -
 .../jackson2/DefaultCsrfTokenMixinTests.java  |   1 -
 .../DefaultSavedRequestMixinTests.java        |   3 -
 ...nticatedAuthenticationTokenMixinTests.java |   1 -
 .../web/jackson2/SavedCookieMixinTests.java   |   2 -
 .../WebAuthenticationDetailsMixinTests.java   |   3 -
 .../security/web/method/ResolvableMethod.java |   7 -
 .../CsrfTokenArgumentResolverTests.java       |   1 -
 ...tSecurityContextArgumentResolverTests.java |   1 -
 ...icationPrincipalArgumentResolverTests.java |  20 --
 .../CsrfRequestDataValueProcessorTests.java   |   1 -
 .../savedrequest/CookieRequestCacheTests.java |  16 --
 .../HttpSessionRequestCacheTests.java         |  10 -
 .../RequestCacheAwareFilterTests.java         |   7 -
 .../SavedRequestAwareWrapperTests.java        |   5 -
 .../savedrequest/SimpleSavedRequestTests.java |   7 -
 .../DefaultServerRedirectStrategyTests.java   |  11 -
 ...ngServerAuthenticationEntryPointTests.java |   4 -
 .../web/server/WebFilterChainProxyTests.java  |   2 -
 .../web/server/WebFilterExchangeTests.java    |   2 -
 ...AnonymousAuthenticationWebFilterTests.java |   2 -
 ...onverterServerWebExchangeMatcherTests.java |   5 -
 .../AuthenticationWebFilterTests.java         |  41 ---
 ...rverAuthenticationSuccessHandlerTests.java |   6 -
 ...icServerAuthenticationEntryPointTests.java |   5 -
 ...thenticatedAuthenticationManagerTests.java |   6 -
 ...ctServerAuthenticationEntryPointTests.java |   5 -
 ...rverAuthenticationFailureHandlerTests.java |   5 -
 ...rverAuthenticationSuccessHandlerTests.java |   5 -
 ...ticationEntryPointFailureHandlerTests.java |   1 -
 ...FormLoginAuthenticationConverterTests.java |   5 -
 ...HttpBasicAuthenticationConverterTests.java |   9 -
 ...erverX509AuthenticationConverterTests.java |   4 -
 .../SwitchUserWebFilterTests.java             |  69 -----
 .../DelegatingServerLogoutHandlerTests.java   |   4 -
 .../HeaderWriterServerLogoutHandlerTests.java |   2 -
 ...urningServerLogoutSuccessHandlerTests.java |   3 -
 .../logout/LogoutWebFilterTests.java          |   2 -
 .../AuthorizationWebFilterTests.java          |  12 -
 ...tingReactiveAuthorizationManagerTests.java |   4 -
 .../ExceptionTranslationWebFilterTests.java   |  13 -
 ...pStatusServerAccessDeniedHandlerTests.java |   5 -
 ...egatingServerAccessDeniedHandlerTests.java |   9 -
 ...pServerSecurityContextRepositoryTests.java |   2 -
 .../context/ReactorContextWebFilterTests.java |   6 -
 ...ontextServerWebExchangeWebFilterTests.java |   2 -
 ...nServerSecurityContextRepositoryTests.java |   8 -
 .../CookieServerCsrfTokenRepositoryTests.java |  15 --
 .../csrf/CsrfServerLogoutHandlerTests.java    |   1 -
 .../web/server/csrf/CsrfWebFilterTests.java   |  35 ---
 ...SessionServerCsrfTokenRepositoryTests.java |   9 -
 ...heControlServerHttpHeadersWriterTests.java |  10 -
 ...rSiteDataServerHttpHeadersWriterTests.java |   6 -
 ...CompositeServerHttpHeadersWriterTests.java |  11 -
 ...ityPolicyServerHttpHeadersWriterTests.java |   5 -
 ...urePolicyServerHttpHeadersWriterTests.java |   3 -
 .../HttpHeaderWriterWebFilterTests.java       |   6 -
 ...rerPolicyServerHttpHeadersWriterTests.java |   3 -
 .../StaticServerHttpHeadersWriterTests.java   |   8 -
 ...tSecurityServerHttpHeadersWriterTests.java |  10 -
 ...peOptionsServerHttpHeadersWriterTests.java |   3 -
 ...meOptionsServerHttpHeadersWriterTests.java |   7 -
 ...rotectionServerHttpHeadersWriterTests.java |   7 -
 .../DefaultCsrfServerTokenMixinTests.java     |   1 -
 .../CookieServerRequestCacheTests.java        |  14 --
 .../ServerRequestCacheWebFilterTests.java     |   4 -
 .../WebSessionServerRequestCacheTests.java    |  13 -
 .../HttpsRedirectWebFilterTests.java          |   5 -
 .../ui/LoginPageGeneratingWebFilterTests.java |   6 -
 .../AndServerWebExchangeMatcherTests.java     |  12 -
 ...ediaTypeServerWebExchangeMatcherTests.java |   5 -
 .../NegatedServerWebExchangeMatcherTests.java |   6 -
 .../OrServerWebExchangeMatcherTests.java      |   9 -
 ...hMatcherServerWebExchangeMatcherTests.java |   6 -
 .../ServerWebExchangeMatchersTests.java       |   2 -
 .../CsrfRequestDataValueProcessorTests.java   |   3 -
 .../util/matcher/MvcRequestMatcherTests.java  |  17 --
 ...yContextHolderAwareRequestFilterTests.java |  30 ---
 ...ContextHolderAwareRequestWrapperTests.java |  20 --
 ...ultSessionAuthenticationStrategyTests.java |  24 --
 .../HttpSessionEventPublisherTests.java       |  23 --
 .../session/SessionManagementFilterTests.java |  15 --
 .../util/OnCommittedResponseWrapperTests.java | 226 -----------------
 .../web/util/ThrowableAnalyzerTests.java      |  30 ---
 .../util/matcher/AndRequestMatcherTests.java  |   5 -
 .../matcher/AntPathRequestMatcherTests.java   |  10 -
 .../util/matcher/ELRequestMatcherTests.java   |   9 -
 .../util/matcher/IpAddressMatcherTests.java   |   3 -
 ...diaTypeRequestMatcherRequestHCNSTests.java |   8 -
 .../matcher/MediaTypeRequestMatcherTests.java |  27 --
 .../matcher/NegatedRequestMatcherTests.java   |   2 -
 .../util/matcher/OrRequestMatcherTests.java   |   5 -
 .../matcher/RegexRequestMatcherTests.java     |   7 -
 787 files changed, 9 insertions(+), 10241 deletions(-)

diff --git a/acl/src/test/java/org/springframework/security/acls/AclFormattingUtilsTests.java b/acl/src/test/java/org/springframework/security/acls/AclFormattingUtilsTests.java
index 268beeef5a..6f09d71890 100644
--- a/acl/src/test/java/org/springframework/security/acls/AclFormattingUtilsTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/AclFormattingUtilsTests.java
@@ -39,21 +39,18 @@ public class AclFormattingUtilsTests {
 		}
 		catch (IllegalArgumentException expected) {
 		}
-
 		try {
 			AclFormattingUtils.demergePatterns("SOME STRING", null);
 			fail("It should have thrown IllegalArgumentException");
 		}
 		catch (IllegalArgumentException expected) {
 		}
-
 		try {
 			AclFormattingUtils.demergePatterns("SOME STRING", "LONGER SOME STRING");
 			fail("It should have thrown IllegalArgumentException");
 		}
 		catch (IllegalArgumentException expected) {
 		}
-
 		try {
 			AclFormattingUtils.demergePatterns("SOME STRING", "SAME LENGTH");
 		}
@@ -68,7 +65,6 @@ public class AclFormattingUtilsTests {
 		String removeBits = "...............................R";
 		assertThat(AclFormattingUtils.demergePatterns(original, removeBits))
 				.isEqualTo("...........................A....");
-
 		assertThat(AclFormattingUtils.demergePatterns("ABCDEF", "......")).isEqualTo("ABCDEF");
 		assertThat(AclFormattingUtils.demergePatterns("ABCDEF", "GHIJKL")).isEqualTo("......");
 	}
@@ -81,21 +77,18 @@ public class AclFormattingUtilsTests {
 		}
 		catch (IllegalArgumentException expected) {
 		}
-
 		try {
 			AclFormattingUtils.mergePatterns("SOME STRING", null);
 			fail("It should have thrown IllegalArgumentException");
 		}
 		catch (IllegalArgumentException expected) {
 		}
-
 		try {
 			AclFormattingUtils.mergePatterns("SOME STRING", "LONGER SOME STRING");
 			fail("It should have thrown IllegalArgumentException");
 		}
 		catch (IllegalArgumentException expected) {
 		}
-
 		try {
 			AclFormattingUtils.mergePatterns("SOME STRING", "SAME LENGTH");
 		}
@@ -108,7 +101,6 @@ public class AclFormattingUtilsTests {
 		String original = "...............................R";
 		String extraBits = "...........................A....";
 		assertThat(AclFormattingUtils.mergePatterns(original, extraBits)).isEqualTo("...........................A...R");
-
 		assertThat(AclFormattingUtils.mergePatterns("ABCDEF", "......")).isEqualTo("ABCDEF");
 		assertThat(AclFormattingUtils.mergePatterns("ABCDEF", "GHIJKL")).isEqualTo("GHIJKL");
 	}
@@ -116,21 +108,18 @@ public class AclFormattingUtilsTests {
 	@Test
 	public final void testBinaryPrints() {
 		assertThat(AclFormattingUtils.printBinary(15)).isEqualTo("............................****");
-
 		try {
 			AclFormattingUtils.printBinary(15, Permission.RESERVED_ON);
 			fail("It should have thrown IllegalArgumentException");
 		}
 		catch (IllegalArgumentException notExpected) {
 		}
-
 		try {
 			AclFormattingUtils.printBinary(15, Permission.RESERVED_OFF);
 			fail("It should have thrown IllegalArgumentException");
 		}
 		catch (IllegalArgumentException notExpected) {
 		}
-
 		assertThat(AclFormattingUtils.printBinary(15, 'x')).isEqualTo("............................xxxx");
 	}
 
diff --git a/acl/src/test/java/org/springframework/security/acls/AclPermissionCacheOptimizerTests.java b/acl/src/test/java/org/springframework/security/acls/AclPermissionCacheOptimizerTests.java
index 968cf92093..844a2d4d86 100644
--- a/acl/src/test/java/org/springframework/security/acls/AclPermissionCacheOptimizerTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/AclPermissionCacheOptimizerTests.java
@@ -54,9 +54,7 @@ public class AclPermissionCacheOptimizerTests {
 		ObjectIdentity[] oids = { new ObjectIdentityImpl("A", "1"), new ObjectIdentityImpl("A", "2") };
 		given(oidStrat.getObjectIdentity(dos[0])).willReturn(oids[0]);
 		given(oidStrat.getObjectIdentity(dos[2])).willReturn(oids[1]);
-
 		pco.cachePermissionsFor(mock(Authentication.class), Arrays.asList(dos));
-
 		// AclService should be invoked with the list of required Oids
 		verify(service).readAclsById(eq(Arrays.asList(oids)), any(List.class));
 	}
@@ -69,9 +67,7 @@ public class AclPermissionCacheOptimizerTests {
 		SidRetrievalStrategy sids = mock(SidRetrievalStrategy.class);
 		pco.setObjectIdentityRetrievalStrategy(oids);
 		pco.setSidRetrievalStrategy(sids);
-
 		pco.cachePermissionsFor(mock(Authentication.class), Collections.emptyList());
-
 		verifyZeroInteractions(service, sids, oids);
 	}
 
diff --git a/acl/src/test/java/org/springframework/security/acls/AclPermissionEvaluatorTests.java b/acl/src/test/java/org/springframework/security/acls/AclPermissionEvaluatorTests.java
index 5bdc6a5446..a29c3ab3be 100644
--- a/acl/src/test/java/org/springframework/security/acls/AclPermissionEvaluatorTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/AclPermissionEvaluatorTests.java
@@ -50,10 +50,8 @@ public class AclPermissionEvaluatorTests {
 		pe.setObjectIdentityRetrievalStrategy(oidStrategy);
 		pe.setSidRetrievalStrategy(mock(SidRetrievalStrategy.class));
 		Acl acl = mock(Acl.class);
-
 		given(service.readAclById(any(ObjectIdentity.class), anyList())).willReturn(acl);
 		given(acl.isGranted(anyList(), anyList(), eq(false))).willReturn(true);
-
 		assertThat(pe.hasPermission(mock(Authentication.class), new Object(), "READ")).isTrue();
 	}
 
@@ -61,7 +59,6 @@ public class AclPermissionEvaluatorTests {
 	public void resolvePermissionNonEnglishLocale() {
 		Locale systemLocale = Locale.getDefault();
 		Locale.setDefault(new Locale("tr"));
-
 		AclService service = mock(AclService.class);
 		AclPermissionEvaluator pe = new AclPermissionEvaluator(service);
 		ObjectIdentity oid = mock(ObjectIdentity.class);
@@ -70,12 +67,9 @@ public class AclPermissionEvaluatorTests {
 		pe.setObjectIdentityRetrievalStrategy(oidStrategy);
 		pe.setSidRetrievalStrategy(mock(SidRetrievalStrategy.class));
 		Acl acl = mock(Acl.class);
-
 		given(service.readAclById(any(ObjectIdentity.class), anyList())).willReturn(acl);
 		given(acl.isGranted(anyList(), anyList(), eq(false))).willReturn(true);
-
 		assertThat(pe.hasPermission(mock(Authentication.class), new Object(), "write")).isTrue();
-
 		Locale.setDefault(systemLocale);
 	}
 
diff --git a/acl/src/test/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationCollectionFilteringProviderTests.java b/acl/src/test/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationCollectionFilteringProviderTests.java
index 55800137e0..296e306d5f 100644
--- a/acl/src/test/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationCollectionFilteringProviderTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationCollectionFilteringProviderTests.java
@@ -58,7 +58,6 @@ public class AclEntryAfterInvocationCollectionFilteringProviderTests {
 		provider.setObjectIdentityRetrievalStrategy(mock(ObjectIdentityRetrievalStrategy.class));
 		provider.setProcessDomainObjectClass(Object.class);
 		provider.setSidRetrievalStrategy(mock(SidRetrievalStrategy.class));
-
 		Object returned = provider.decide(mock(Authentication.class), new Object(),
 				SecurityConfig.createList("AFTER_ACL_COLLECTION_READ"),
 				new ArrayList(Arrays.asList(new Object(), new Object())));
@@ -76,7 +75,6 @@ public class AclEntryAfterInvocationCollectionFilteringProviderTests {
 		AclEntryAfterInvocationCollectionFilteringProvider provider = new AclEntryAfterInvocationCollectionFilteringProvider(
 				mock(AclService.class), Arrays.asList(mock(Permission.class)));
 		Object returned = new Object();
-
 		assertThat(returned).isSameAs(provider.decide(mock(Authentication.class), new Object(),
 				Collections.<ConfigAttribute>emptyList(), returned));
 	}
@@ -86,7 +84,6 @@ public class AclEntryAfterInvocationCollectionFilteringProviderTests {
 		AclService service = mock(AclService.class);
 		AclEntryAfterInvocationCollectionFilteringProvider provider = new AclEntryAfterInvocationCollectionFilteringProvider(
 				service, Arrays.asList(mock(Permission.class)));
-
 		assertThat(provider.decide(mock(Authentication.class), new Object(),
 				SecurityConfig.createList("AFTER_ACL_COLLECTION_READ"), null)).isNull();
 		verify(service, never()).readAclById(any(ObjectIdentity.class), any(List.class));
diff --git a/acl/src/test/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationProviderTests.java b/acl/src/test/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationProviderTests.java
index 5e8bb47953..b044f89c3a 100644
--- a/acl/src/test/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationProviderTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationProviderTests.java
@@ -74,7 +74,6 @@ public class AclEntryAfterInvocationProviderTests {
 		provider.setProcessDomainObjectClass(Object.class);
 		provider.setSidRetrievalStrategy(mock(SidRetrievalStrategy.class));
 		Object returned = new Object();
-
 		assertThat(returned).isSameAs(provider.decide(mock(Authentication.class), new Object(),
 				SecurityConfig.createList("AFTER_ACL_READ"), returned));
 	}
@@ -84,7 +83,6 @@ public class AclEntryAfterInvocationProviderTests {
 		AclEntryAfterInvocationProvider provider = new AclEntryAfterInvocationProvider(mock(AclService.class),
 				Arrays.asList(mock(Permission.class)));
 		Object returned = new Object();
-
 		assertThat(returned).isSameAs(provider.decide(mock(Authentication.class), new Object(),
 				Collections.<ConfigAttribute>emptyList(), returned));
 	}
@@ -96,7 +94,6 @@ public class AclEntryAfterInvocationProviderTests {
 		provider.setProcessDomainObjectClass(String.class);
 		// Not a String
 		Object returned = new Object();
-
 		assertThat(returned).isSameAs(provider.decide(mock(Authentication.class), new Object(),
 				SecurityConfig.createList("AFTER_ACL_READ"), returned));
 	}
@@ -133,7 +130,6 @@ public class AclEntryAfterInvocationProviderTests {
 		AclService service = mock(AclService.class);
 		AclEntryAfterInvocationProvider provider = new AclEntryAfterInvocationProvider(service,
 				Arrays.asList(mock(Permission.class)));
-
 		assertThat(provider.decide(mock(Authentication.class), new Object(),
 				SecurityConfig.createList("AFTER_ACL_COLLECTION_READ"), null)).isNull();
 		verify(service, never()).readAclById(any(ObjectIdentity.class), any(List.class));
diff --git a/acl/src/test/java/org/springframework/security/acls/domain/AccessControlImplEntryTests.java b/acl/src/test/java/org/springframework/security/acls/domain/AccessControlImplEntryTests.java
index c51bc86701..743f8ee3b8 100644
--- a/acl/src/test/java/org/springframework/security/acls/domain/AccessControlImplEntryTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/domain/AccessControlImplEntryTests.java
@@ -46,7 +46,6 @@ public class AccessControlImplEntryTests {
 		}
 		catch (IllegalArgumentException expected) {
 		}
-
 		// Check Sid field is present
 		try {
 			new AccessControlEntryImpl(null, mock(Acl.class), null, BasePermission.ADMINISTRATION, true, true, true);
@@ -54,7 +53,6 @@ public class AccessControlImplEntryTests {
 		}
 		catch (IllegalArgumentException expected) {
 		}
-
 		// Check Permission field is present
 		try {
 			new AccessControlEntryImpl(null, mock(Acl.class), new PrincipalSid("johndoe"), null, true, true, true);
@@ -68,11 +66,9 @@ public class AccessControlImplEntryTests {
 	public void testAccessControlEntryImplGetters() {
 		Acl mockAcl = mock(Acl.class);
 		Sid sid = new PrincipalSid("johndoe");
-
 		// Create a sample entry
 		AccessControlEntry ace = new AccessControlEntryImpl(1L, mockAcl, sid, BasePermission.ADMINISTRATION, true, true,
 				true);
-
 		// and check every get() method
 		assertThat(ace.getId()).isEqualTo(1L);
 		assertThat(ace.getAcl()).isEqualTo(mockAcl);
@@ -87,13 +83,10 @@ public class AccessControlImplEntryTests {
 	public void testEquals() {
 		final Acl mockAcl = mock(Acl.class);
 		final ObjectIdentity oid = mock(ObjectIdentity.class);
-
 		given(mockAcl.getObjectIdentity()).willReturn(oid);
 		Sid sid = new PrincipalSid("johndoe");
-
 		AccessControlEntry ace = new AccessControlEntryImpl(1L, mockAcl, sid, BasePermission.ADMINISTRATION, true, true,
 				true);
-
 		assertThat(ace).isNotNull();
 		assertThat(ace).isNotEqualTo(100L);
 		assertThat(ace).isEqualTo(ace);
diff --git a/acl/src/test/java/org/springframework/security/acls/domain/AclImplTests.java b/acl/src/test/java/org/springframework/security/acls/domain/AclImplTests.java
index 7427916de8..c86776a9c7 100644
--- a/acl/src/test/java/org/springframework/security/acls/domain/AclImplTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/domain/AclImplTests.java
@@ -156,7 +156,6 @@ public class AclImplTests {
 		MutableAcl acl = new AclImpl(this.objectIdentity, 1, this.authzStrategy, this.pgs, null, null, true,
 				new PrincipalSid("joe"));
 		MockAclService service = new MockAclService();
-
 		// Insert one permission
 		acl.insertAce(0, BasePermission.READ, new GrantedAuthoritySid("ROLE_TEST1"), true);
 		service.updateAcl(acl);
@@ -165,7 +164,6 @@ public class AclImplTests {
 		assertThat(acl).isEqualTo(acl.getEntries().get(0).getAcl());
 		assertThat(BasePermission.READ).isEqualTo(acl.getEntries().get(0).getPermission());
 		assertThat(acl.getEntries().get(0).getSid()).isEqualTo(new GrantedAuthoritySid("ROLE_TEST1"));
-
 		// Add a second permission
 		acl.insertAce(1, BasePermission.READ, new GrantedAuthoritySid("ROLE_TEST2"), true);
 		service.updateAcl(acl);
@@ -174,7 +172,6 @@ public class AclImplTests {
 		assertThat(acl).isEqualTo(acl.getEntries().get(1).getAcl());
 		assertThat(BasePermission.READ).isEqualTo(acl.getEntries().get(1).getPermission());
 		assertThat(acl.getEntries().get(1).getSid()).isEqualTo(new GrantedAuthoritySid("ROLE_TEST2"));
-
 		// Add a third permission, after the first one
 		acl.insertAce(1, BasePermission.WRITE, new GrantedAuthoritySid("ROLE_TEST3"), false);
 		service.updateAcl(acl);
@@ -193,11 +190,9 @@ public class AclImplTests {
 		MutableAcl acl = new AclImpl(this.objectIdentity, 1, this.authzStrategy, this.pgs, null, null, true,
 				new PrincipalSid("joe"));
 		MockAclService service = new MockAclService();
-
 		// Insert one permission
 		acl.insertAce(0, BasePermission.READ, new GrantedAuthoritySid("ROLE_TEST1"), true);
 		service.updateAcl(acl);
-
 		acl.insertAce(55, BasePermission.READ, new GrantedAuthoritySid("ROLE_TEST2"), true);
 	}
 
@@ -206,20 +201,17 @@ public class AclImplTests {
 		MutableAcl acl = new AclImpl(this.objectIdentity, 1, this.authzStrategy, this.pgs, null, null, true,
 				new PrincipalSid("joe"));
 		MockAclService service = new MockAclService();
-
 		// Add several permissions
 		acl.insertAce(0, BasePermission.READ, new GrantedAuthoritySid("ROLE_TEST1"), true);
 		acl.insertAce(1, BasePermission.READ, new GrantedAuthoritySid("ROLE_TEST2"), true);
 		acl.insertAce(2, BasePermission.READ, new GrantedAuthoritySid("ROLE_TEST3"), true);
 		service.updateAcl(acl);
-
 		// Delete first permission and check the order of the remaining permissions is
 		// kept
 		acl.deleteAce(0);
 		assertThat(acl.getEntries()).hasSize(2);
 		assertThat(acl.getEntries().get(0).getSid()).isEqualTo(new GrantedAuthoritySid("ROLE_TEST2"));
 		assertThat(acl.getEntries().get(1).getSid()).isEqualTo(new GrantedAuthoritySid("ROLE_TEST3"));
-
 		// Add one more permission and remove the permission in the middle
 		acl.insertAce(2, BasePermission.READ, new GrantedAuthoritySid("ROLE_TEST4"), true);
 		service.updateAcl(acl);
@@ -227,7 +219,6 @@ public class AclImplTests {
 		assertThat(acl.getEntries()).hasSize(2);
 		assertThat(acl.getEntries().get(0).getSid()).isEqualTo(new GrantedAuthoritySid("ROLE_TEST2"));
 		assertThat(acl.getEntries().get(1).getSid()).isEqualTo(new GrantedAuthoritySid("ROLE_TEST4"));
-
 		// Remove remaining permissions
 		acl.deleteAce(1);
 		acl.deleteAce(0);
@@ -274,17 +265,14 @@ public class AclImplTests {
 		auth.setAuthenticated(true);
 		SecurityContextHolder.getContext().setAuthentication(auth);
 		ObjectIdentity rootOid = new ObjectIdentityImpl(TARGET_CLASS, 100);
-
 		// Create an ACL which owner is not the authenticated principal
 		MutableAcl rootAcl = new AclImpl(rootOid, 1, this.authzStrategy, this.pgs, null, null, false,
 				new PrincipalSid("joe"));
-
 		// Grant some permissions
 		rootAcl.insertAce(0, BasePermission.READ, new PrincipalSid("ben"), false);
 		rootAcl.insertAce(1, BasePermission.WRITE, new PrincipalSid("scott"), true);
 		rootAcl.insertAce(2, BasePermission.WRITE, new PrincipalSid("rod"), false);
 		rootAcl.insertAce(3, BasePermission.WRITE, new GrantedAuthoritySid("WRITE_ACCESS_ROLE"), true);
-
 		// Check permissions granting
 		List<Permission> permissions = Arrays.asList(BasePermission.READ, BasePermission.CREATE);
 		List<Sid> sids = Arrays.asList(new PrincipalSid("ben"), new GrantedAuthoritySid("ROLE_GUEST"));
@@ -320,7 +308,6 @@ public class AclImplTests {
 		ObjectIdentity parentOid2 = new ObjectIdentityImpl(TARGET_CLASS, 102);
 		ObjectIdentity childOid1 = new ObjectIdentityImpl(TARGET_CLASS, 103);
 		ObjectIdentity childOid2 = new ObjectIdentityImpl(TARGET_CLASS, 104);
-
 		// Create ACLs
 		PrincipalSid joe = new PrincipalSid("joe");
 		MutableAcl grandParentAcl = new AclImpl(grandParentOid, 1, this.authzStrategy, this.pgs, null, null, false,
@@ -329,13 +316,11 @@ public class AclImplTests {
 		MutableAcl parentAcl2 = new AclImpl(parentOid2, 3, this.authzStrategy, this.pgs, null, null, true, joe);
 		MutableAcl childAcl1 = new AclImpl(childOid1, 4, this.authzStrategy, this.pgs, null, null, true, joe);
 		MutableAcl childAcl2 = new AclImpl(childOid2, 4, this.authzStrategy, this.pgs, null, null, false, joe);
-
 		// Create hierarchies
 		childAcl2.setParent(childAcl1);
 		childAcl1.setParent(parentAcl1);
 		parentAcl2.setParent(grandParentAcl);
 		parentAcl1.setParent(grandParentAcl);
-
 		// Add some permissions
 		grandParentAcl.insertAce(0, BasePermission.READ, new GrantedAuthoritySid("ROLE_USER_READ"), true);
 		grandParentAcl.insertAce(1, BasePermission.WRITE, new PrincipalSid("ben"), true);
@@ -345,7 +330,6 @@ public class AclImplTests {
 		parentAcl1.insertAce(1, BasePermission.DELETE, new PrincipalSid("scott"), false);
 		parentAcl2.insertAce(0, BasePermission.CREATE, new PrincipalSid("ben"), true);
 		childAcl1.insertAce(0, BasePermission.CREATE, new PrincipalSid("scott"), true);
-
 		// Check granting process for parent1
 		assertThat(parentAcl1.isGranted(READ, SCOTT, false)).isTrue();
 		assertThat(parentAcl1.isGranted(READ, Arrays.asList((Sid) new GrantedAuthoritySid("ROLE_USER_READ")), false))
@@ -353,18 +337,15 @@ public class AclImplTests {
 		assertThat(parentAcl1.isGranted(WRITE, BEN, false)).isTrue();
 		assertThat(parentAcl1.isGranted(DELETE, BEN, false)).isFalse();
 		assertThat(parentAcl1.isGranted(DELETE, SCOTT, false)).isFalse();
-
 		// Check granting process for parent2
 		assertThat(parentAcl2.isGranted(CREATE, BEN, false)).isTrue();
 		assertThat(parentAcl2.isGranted(WRITE, BEN, false)).isTrue();
 		assertThat(parentAcl2.isGranted(DELETE, BEN, false)).isFalse();
-
 		// Check granting process for child1
 		assertThat(childAcl1.isGranted(CREATE, SCOTT, false)).isTrue();
 		assertThat(childAcl1.isGranted(READ, Arrays.asList((Sid) new GrantedAuthoritySid("ROLE_USER_READ")), false))
 				.isTrue();
 		assertThat(childAcl1.isGranted(DELETE, BEN, false)).isFalse();
-
 		// Check granting process for child2 (doesn't inherit the permissions from its
 		// parent)
 		try {
@@ -389,21 +370,17 @@ public class AclImplTests {
 		MutableAcl acl = new AclImpl(this.objectIdentity, 1, this.authzStrategy, this.pgs, null, null, false,
 				new PrincipalSid("joe"));
 		MockAclService service = new MockAclService();
-
 		acl.insertAce(0, BasePermission.READ, new GrantedAuthoritySid("ROLE_USER_READ"), true);
 		acl.insertAce(1, BasePermission.WRITE, new GrantedAuthoritySid("ROLE_USER_READ"), true);
 		acl.insertAce(2, BasePermission.CREATE, new PrincipalSid("ben"), true);
 		service.updateAcl(acl);
-
 		assertThat(BasePermission.READ).isEqualTo(acl.getEntries().get(0).getPermission());
 		assertThat(BasePermission.WRITE).isEqualTo(acl.getEntries().get(1).getPermission());
 		assertThat(BasePermission.CREATE).isEqualTo(acl.getEntries().get(2).getPermission());
-
 		// Change each permission
 		acl.updateAce(0, BasePermission.CREATE);
 		acl.updateAce(1, BasePermission.DELETE);
 		acl.updateAce(2, BasePermission.READ);
-
 		// Check the change was successfully made
 		assertThat(BasePermission.CREATE).isEqualTo(acl.getEntries().get(0).getPermission());
 		assertThat(BasePermission.DELETE).isEqualTo(acl.getEntries().get(1).getPermission());
@@ -418,20 +395,16 @@ public class AclImplTests {
 		MutableAcl acl = new AclImpl(this.objectIdentity, 1, this.authzStrategy, this.pgs, null, null, false,
 				new PrincipalSid("joe"));
 		MockAclService service = new MockAclService();
-
 		acl.insertAce(0, BasePermission.READ, new GrantedAuthoritySid("ROLE_USER_READ"), true);
 		acl.insertAce(1, BasePermission.WRITE, new GrantedAuthoritySid("ROLE_USER_READ"), true);
 		service.updateAcl(acl);
-
 		assertThat(((AuditableAccessControlEntry) acl.getEntries().get(0)).isAuditFailure()).isFalse();
 		assertThat(((AuditableAccessControlEntry) acl.getEntries().get(1)).isAuditFailure()).isFalse();
 		assertThat(((AuditableAccessControlEntry) acl.getEntries().get(0)).isAuditSuccess()).isFalse();
 		assertThat(((AuditableAccessControlEntry) acl.getEntries().get(1)).isAuditSuccess()).isFalse();
-
 		// Change each permission
 		((AuditableAcl) acl).updateAuditing(0, true, true);
 		((AuditableAcl) acl).updateAuditing(1, true, true);
-
 		// Check the change was successfuly made
 		assertThat(acl.getEntries()).extracting("auditSuccess").containsOnly(true, true);
 		assertThat(acl.getEntries()).extracting("auditFailure").containsOnly(true, true);
@@ -452,20 +425,16 @@ public class AclImplTests {
 		acl.insertAce(0, BasePermission.READ, new GrantedAuthoritySid("ROLE_USER_READ"), true);
 		acl.insertAce(1, BasePermission.WRITE, new GrantedAuthoritySid("ROLE_USER_READ"), true);
 		service.updateAcl(acl);
-
 		assertThat(1).isEqualTo(acl.getId());
 		assertThat(identity).isEqualTo(acl.getObjectIdentity());
 		assertThat(new PrincipalSid("joe")).isEqualTo(acl.getOwner());
 		assertThat(acl.getParentAcl()).isNull();
 		assertThat(acl.isEntriesInheriting()).isTrue();
 		assertThat(acl.getEntries()).hasSize(2);
-
 		acl.setParent(parentAcl);
 		assertThat(parentAcl).isEqualTo(acl.getParentAcl());
-
 		acl.setEntriesInheriting(false);
 		assertThat(acl.isEntriesInheriting()).isFalse();
-
 		acl.setOwner(new PrincipalSid("ben"));
 		assertThat(new PrincipalSid("ben")).isEqualTo(acl.getOwner());
 	}
@@ -475,7 +444,6 @@ public class AclImplTests {
 		List<Sid> loadedSids = Arrays.asList(new PrincipalSid("ben"), new GrantedAuthoritySid("ROLE_IGNORED"));
 		MutableAcl acl = new AclImpl(this.objectIdentity, 1, this.authzStrategy, this.pgs, null, loadedSids, true,
 				new PrincipalSid("joe"));
-
 		assertThat(acl.isSidLoaded(loadedSids)).isTrue();
 		assertThat(acl.isSidLoaded(Arrays.asList(new GrantedAuthoritySid("ROLE_IGNORED"), new PrincipalSid("ben"))))
 				.isTrue();
@@ -534,7 +502,6 @@ public class AclImplTests {
 		AclImpl parentAcl = new AclImpl(this.objectIdentity, 1L, this.authzStrategy, this.mockAuditLogger);
 		AclImpl childAcl = new AclImpl(this.objectIdentity, 2L, this.authzStrategy, this.mockAuditLogger);
 		AclImpl changeParentAcl = new AclImpl(this.objectIdentity, 3L, this.authzStrategy, this.mockAuditLogger);
-
 		childAcl.setParent(parentAcl);
 		childAcl.setParent(changeParentAcl);
 	}
@@ -562,10 +529,8 @@ public class AclImplTests {
 		ObjectIdentity oid = new ObjectIdentityImpl("type", 1);
 		AclAuthorizationStrategy authStrategy = new AclAuthorizationStrategyImpl(new SimpleGrantedAuthority("role"));
 		PermissionGrantingStrategy grantingStrategy = new DefaultPermissionGrantingStrategy(new ConsoleAuditLogger());
-
 		AclImpl acl = new AclImpl(oid, 1L, authStrategy, grantingStrategy, null, null, false, sid);
 		AccessControlEntryImpl ace = new AccessControlEntryImpl(1L, acl, sid, BasePermission.READ, true, true, true);
-
 		Field fieldAces = FieldUtils.getField(AclImpl.class, "aces");
 		fieldAces.setAccessible(true);
 		List<AccessControlEntryImpl> aces = (List<AccessControlEntryImpl>) fieldAces.get(acl);
@@ -617,7 +582,6 @@ public class AclImplTests {
 			try {
 				newAces = (List) acesField.get(acl);
 				newAces.clear();
-
 				for (int i = 0; i < oldAces.size(); i++) {
 					AccessControlEntry ac = oldAces.get(i);
 					// Just give an ID to all this acl's aces, rest of the fields are just
@@ -630,7 +594,6 @@ public class AclImplTests {
 			catch (IllegalAccessException ex) {
 				ex.printStackTrace();
 			}
-
 			return acl;
 		}
 
diff --git a/acl/src/test/java/org/springframework/security/acls/domain/AclImplementationSecurityCheckTests.java b/acl/src/test/java/org/springframework/security/acls/domain/AclImplementationSecurityCheckTests.java
index b563914901..9a121f71ab 100644
--- a/acl/src/test/java/org/springframework/security/acls/domain/AclImplementationSecurityCheckTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/domain/AclImplementationSecurityCheckTests.java
@@ -58,18 +58,14 @@ public class AclImplementationSecurityCheckTests {
 				"ROLE_OWNERSHIP");
 		auth.setAuthenticated(true);
 		SecurityContextHolder.getContext().setAuthentication(auth);
-
 		ObjectIdentity identity = new ObjectIdentityImpl(TARGET_CLASS, 100L);
 		AclAuthorizationStrategy aclAuthorizationStrategy = new AclAuthorizationStrategyImpl(
 				new SimpleGrantedAuthority("ROLE_OWNERSHIP"), new SimpleGrantedAuthority("ROLE_AUDITING"),
 				new SimpleGrantedAuthority("ROLE_GENERAL"));
-
 		Acl acl = new AclImpl(identity, 1L, aclAuthorizationStrategy, new ConsoleAuditLogger());
-
 		aclAuthorizationStrategy.securityCheck(acl, AclAuthorizationStrategy.CHANGE_GENERAL);
 		aclAuthorizationStrategy.securityCheck(acl, AclAuthorizationStrategy.CHANGE_AUDITING);
 		aclAuthorizationStrategy.securityCheck(acl, AclAuthorizationStrategy.CHANGE_OWNERSHIP);
-
 		// Create another authorization strategy
 		AclAuthorizationStrategy aclAuthorizationStrategy2 = new AclAuthorizationStrategyImpl(
 				new SimpleGrantedAuthority("ROLE_ONE"), new SimpleGrantedAuthority("ROLE_TWO"),
@@ -102,21 +98,17 @@ public class AclImplementationSecurityCheckTests {
 		Authentication auth = new TestingAuthenticationToken("user", "password", "ROLE_GENERAL");
 		auth.setAuthenticated(true);
 		SecurityContextHolder.getContext().setAuthentication(auth);
-
 		ObjectIdentity identity = new ObjectIdentityImpl(TARGET_CLASS, 100L);
 		// Authorization strategy will require a different role for each access
 		AclAuthorizationStrategy aclAuthorizationStrategy = new AclAuthorizationStrategyImpl(
 				new SimpleGrantedAuthority("ROLE_OWNERSHIP"), new SimpleGrantedAuthority("ROLE_AUDITING"),
 				new SimpleGrantedAuthority("ROLE_GENERAL"));
-
 		// Let's give the principal the ADMINISTRATION permission, without
 		// granting access
 		MutableAcl aclFirstDeny = new AclImpl(identity, 1L, aclAuthorizationStrategy, new ConsoleAuditLogger());
 		aclFirstDeny.insertAce(0, BasePermission.ADMINISTRATION, new PrincipalSid(auth), false);
-
 		// The CHANGE_GENERAL test should pass as the principal has ROLE_GENERAL
 		aclAuthorizationStrategy.securityCheck(aclFirstDeny, AclAuthorizationStrategy.CHANGE_GENERAL);
-
 		// The CHANGE_AUDITING and CHANGE_OWNERSHIP should fail since the
 		// principal doesn't have these authorities,
 		// nor granting access
@@ -132,7 +124,6 @@ public class AclImplementationSecurityCheckTests {
 		}
 		catch (AccessDeniedException expected) {
 		}
-
 		// Add granting access to this principal
 		aclFirstDeny.insertAce(1, BasePermission.ADMINISTRATION, new PrincipalSid(auth), true);
 		// and try again for CHANGE_AUDITING - the first ACE's granting flag
@@ -143,27 +134,21 @@ public class AclImplementationSecurityCheckTests {
 		}
 		catch (AccessDeniedException expected) {
 		}
-
 		// Create another ACL and give the principal the ADMINISTRATION
 		// permission, with granting access
 		MutableAcl aclFirstAllow = new AclImpl(identity, 1L, aclAuthorizationStrategy, new ConsoleAuditLogger());
 		aclFirstAllow.insertAce(0, BasePermission.ADMINISTRATION, new PrincipalSid(auth), true);
-
 		// The CHANGE_AUDITING test should pass as there is one ACE with
 		// granting access
-
 		aclAuthorizationStrategy.securityCheck(aclFirstAllow, AclAuthorizationStrategy.CHANGE_AUDITING);
-
 		// Add a deny ACE and test again for CHANGE_AUDITING
 		aclFirstAllow.insertAce(1, BasePermission.ADMINISTRATION, new PrincipalSid(auth), false);
 		try {
 			aclAuthorizationStrategy.securityCheck(aclFirstAllow, AclAuthorizationStrategy.CHANGE_AUDITING);
-
 		}
 		catch (AccessDeniedException notExpected) {
 			fail("It shouldn't have thrown AccessDeniedException");
 		}
-
 		// Create an ACL with no ACE
 		MutableAcl aclNoACE = new AclImpl(identity, 1L, aclAuthorizationStrategy, new ConsoleAuditLogger());
 		try {
@@ -171,12 +156,10 @@ public class AclImplementationSecurityCheckTests {
 			fail("It should have thrown NotFoundException");
 		}
 		catch (NotFoundException expected) {
-
 		}
 		// and still grant access for CHANGE_GENERAL
 		try {
 			aclAuthorizationStrategy.securityCheck(aclNoACE, AclAuthorizationStrategy.CHANGE_GENERAL);
-
 		}
 		catch (NotFoundException expected) {
 			fail("It shouldn't have thrown NotFoundException");
@@ -189,19 +172,16 @@ public class AclImplementationSecurityCheckTests {
 		Authentication auth = new TestingAuthenticationToken("user", "password", "ROLE_GENERAL");
 		auth.setAuthenticated(true);
 		SecurityContextHolder.getContext().setAuthentication(auth);
-
 		ObjectIdentity identity = new ObjectIdentityImpl(TARGET_CLASS, 100);
 		// Authorization strategy will require a different role for each access
 		AclAuthorizationStrategy aclAuthorizationStrategy = new AclAuthorizationStrategyImpl(
 				new SimpleGrantedAuthority("ROLE_ONE"), new SimpleGrantedAuthority("ROLE_TWO"),
 				new SimpleGrantedAuthority("ROLE_GENERAL"));
-
 		// Let's give the principal an ADMINISTRATION permission, with granting
 		// access
 		MutableAcl parentAcl = new AclImpl(identity, 1, aclAuthorizationStrategy, new ConsoleAuditLogger());
 		parentAcl.insertAce(0, BasePermission.ADMINISTRATION, new PrincipalSid(auth), true);
 		MutableAcl childAcl = new AclImpl(identity, 2, aclAuthorizationStrategy, new ConsoleAuditLogger());
-
 		// Check against the 'child' acl, which doesn't offer any authorization
 		// rights on CHANGE_OWNERSHIP
 		try {
@@ -209,21 +189,17 @@ public class AclImplementationSecurityCheckTests {
 			fail("It should have thrown NotFoundException");
 		}
 		catch (NotFoundException expected) {
-
 		}
-
 		// Link the child with its parent and test again against the
 		// CHANGE_OWNERSHIP right
 		childAcl.setParent(parentAcl);
 		childAcl.setEntriesInheriting(true);
 		try {
 			aclAuthorizationStrategy.securityCheck(childAcl, AclAuthorizationStrategy.CHANGE_OWNERSHIP);
-
 		}
 		catch (NotFoundException expected) {
 			fail("It shouldn't have thrown NotFoundException");
 		}
-
 		// Create a root parent and link it to the middle parent
 		MutableAcl rootParentAcl = new AclImpl(identity, 1, aclAuthorizationStrategy, new ConsoleAuditLogger());
 		parentAcl = new AclImpl(identity, 1, aclAuthorizationStrategy, new ConsoleAuditLogger());
@@ -233,7 +209,6 @@ public class AclImplementationSecurityCheckTests {
 		childAcl.setParent(parentAcl);
 		try {
 			aclAuthorizationStrategy.securityCheck(childAcl, AclAuthorizationStrategy.CHANGE_OWNERSHIP);
-
 		}
 		catch (NotFoundException expected) {
 			fail("It shouldn't have thrown NotFoundException");
@@ -245,12 +220,10 @@ public class AclImplementationSecurityCheckTests {
 		Authentication auth = new TestingAuthenticationToken("user", "password", "ROLE_ONE");
 		auth.setAuthenticated(true);
 		SecurityContextHolder.getContext().setAuthentication(auth);
-
 		ObjectIdentity identity = new ObjectIdentityImpl(TARGET_CLASS, 100);
 		AclAuthorizationStrategy aclAuthorizationStrategy = new AclAuthorizationStrategyImpl(
 				new SimpleGrantedAuthority("ROLE_OWNERSHIP"), new SimpleGrantedAuthority("ROLE_AUDITING"),
 				new SimpleGrantedAuthority("ROLE_GENERAL"));
-
 		Acl acl = new AclImpl(identity, 1, aclAuthorizationStrategy,
 				new DefaultPermissionGrantingStrategy(new ConsoleAuditLogger()), null, null, false,
 				new PrincipalSid(auth));
diff --git a/acl/src/test/java/org/springframework/security/acls/domain/AuditLoggerTests.java b/acl/src/test/java/org/springframework/security/acls/domain/AuditLoggerTests.java
index 6542c73b59..e2abb35c01 100644
--- a/acl/src/test/java/org/springframework/security/acls/domain/AuditLoggerTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/domain/AuditLoggerTests.java
@@ -76,7 +76,6 @@ public class AuditLoggerTests {
 	@Test
 	public void successIsLoggedIfAceRequiresSuccessAudit() {
 		given(this.ace.isAuditSuccess()).willReturn(true);
-
 		this.logger.logIfNeeded(true, this.ace);
 		assertThat(this.bytes.toString()).startsWith("GRANTED due to ACE");
 	}
diff --git a/acl/src/test/java/org/springframework/security/acls/domain/ObjectIdentityImplTests.java b/acl/src/test/java/org/springframework/security/acls/domain/ObjectIdentityImplTests.java
index f4def65adc..309dc8776f 100644
--- a/acl/src/test/java/org/springframework/security/acls/domain/ObjectIdentityImplTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/domain/ObjectIdentityImplTests.java
@@ -42,7 +42,6 @@ public class ObjectIdentityImplTests {
 		}
 		catch (IllegalArgumentException expected) {
 		}
-
 		// Check String-Serializable constructor required field
 		try {
 			new ObjectIdentityImpl("", 1L);
@@ -50,7 +49,6 @@ public class ObjectIdentityImplTests {
 		}
 		catch (IllegalArgumentException expected) {
 		}
-
 		// Check Serializable parameter is not null
 		try {
 			new ObjectIdentityImpl(DOMAIN_CLASS, null);
@@ -58,7 +56,6 @@ public class ObjectIdentityImplTests {
 		}
 		catch (IllegalArgumentException expected) {
 		}
-
 		// The correct way of using String-Serializable constructor
 		try {
 			new ObjectIdentityImpl(DOMAIN_CLASS, 1L);
@@ -66,7 +63,6 @@ public class ObjectIdentityImplTests {
 		catch (IllegalArgumentException notExpected) {
 			fail("It shouldn't have thrown IllegalArgumentException");
 		}
-
 		// Check the Class-Serializable constructor
 		try {
 			new ObjectIdentityImpl(MockIdDomainObject.class, null);
@@ -91,9 +87,7 @@ public class ObjectIdentityImplTests {
 			fail("It should have thrown IdentityUnavailableException");
 		}
 		catch (IdentityUnavailableException expected) {
-
 		}
-
 		// getId() should return a non-null value
 		MockIdDomainObject mockId = new MockIdDomainObject();
 		try {
@@ -101,9 +95,7 @@ public class ObjectIdentityImplTests {
 			fail("It should have thrown IllegalArgumentException");
 		}
 		catch (IllegalArgumentException expected) {
-
 		}
-
 		// getId() should return a Serializable object
 		mockId.setId(new MockIdDomainObject());
 		try {
@@ -112,7 +104,6 @@ public class ObjectIdentityImplTests {
 		}
 		catch (IllegalArgumentException expected) {
 		}
-
 		// getId() should return a Serializable object
 		mockId.setId(100L);
 		try {
@@ -132,7 +123,6 @@ public class ObjectIdentityImplTests {
 		ObjectIdentity obj = new ObjectIdentityImpl(DOMAIN_CLASS, 1L);
 		MockIdDomainObject mockObj = new MockIdDomainObject();
 		mockObj.setId(1L);
-
 		String string = "SOME_STRING";
 		assertThat(string).isNotSameAs(obj);
 		assertThat(obj).isNotNull();
@@ -155,7 +145,6 @@ public class ObjectIdentityImplTests {
 	public void longAndIntegerIdsWithSameValueAreEqualAndHaveSameHashcode() {
 		ObjectIdentity obj = new ObjectIdentityImpl(Object.class, 5L);
 		ObjectIdentity obj2 = new ObjectIdentityImpl(Object.class, 5);
-
 		assertThat(obj2).isEqualTo(obj);
 		assertThat(obj2.hashCode()).isEqualTo(obj.hashCode());
 	}
diff --git a/acl/src/test/java/org/springframework/security/acls/domain/ObjectIdentityRetrievalStrategyImplTests.java b/acl/src/test/java/org/springframework/security/acls/domain/ObjectIdentityRetrievalStrategyImplTests.java
index ec2c572b95..b6787f893c 100644
--- a/acl/src/test/java/org/springframework/security/acls/domain/ObjectIdentityRetrievalStrategyImplTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/domain/ObjectIdentityRetrievalStrategyImplTests.java
@@ -34,10 +34,8 @@ public class ObjectIdentityRetrievalStrategyImplTests {
 	public void testObjectIdentityCreation() {
 		MockIdDomainObject domain = new MockIdDomainObject();
 		domain.setId(1);
-
 		ObjectIdentityRetrievalStrategy retStrategy = new ObjectIdentityRetrievalStrategyImpl();
 		ObjectIdentity identity = retStrategy.getObjectIdentity(domain);
-
 		assertThat(identity).isNotNull();
 		assertThat(new ObjectIdentityImpl(domain)).isEqualTo(identity);
 	}
diff --git a/acl/src/test/java/org/springframework/security/acls/domain/PermissionTests.java b/acl/src/test/java/org/springframework/security/acls/domain/PermissionTests.java
index 1d10aeb66c..5aef8e4c74 100644
--- a/acl/src/test/java/org/springframework/security/acls/domain/PermissionTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/domain/PermissionTests.java
@@ -62,26 +62,19 @@ public class PermissionTests {
 	@Test
 	public void stringConversion() {
 		this.permissionFactory.registerPublicPermissions(SpecialPermission.class);
-
 		assertThat(BasePermission.READ.toString()).isEqualTo("BasePermission[...............................R=1]");
-
 		assertThat(BasePermission.ADMINISTRATION.toString())
 				.isEqualTo("BasePermission[...........................A....=16]");
-
 		assertThat(new CumulativePermission().set(BasePermission.READ).toString())
 				.isEqualTo("CumulativePermission[...............................R=1]");
-
 		assertThat(
 				new CumulativePermission().set(SpecialPermission.ENTER).set(BasePermission.ADMINISTRATION).toString())
 						.isEqualTo("CumulativePermission[..........................EA....=48]");
-
 		assertThat(new CumulativePermission().set(BasePermission.ADMINISTRATION).set(BasePermission.READ).toString())
 				.isEqualTo("CumulativePermission[...........................A...R=17]");
-
 		assertThat(new CumulativePermission().set(BasePermission.ADMINISTRATION).set(BasePermission.READ)
 				.clear(BasePermission.ADMINISTRATION).toString())
 						.isEqualTo("CumulativePermission[...............................R=1]");
-
 		assertThat(new CumulativePermission().set(BasePermission.ADMINISTRATION).set(BasePermission.READ)
 				.clear(BasePermission.ADMINISTRATION).clear(BasePermission.READ).toString())
 						.isEqualTo("CumulativePermission[................................=0]");
diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/AbstractBasicLookupStrategyTests.java b/acl/src/test/java/org/springframework/security/acls/jdbc/AbstractBasicLookupStrategyTests.java
index 097be23708..6000bab596 100644
--- a/acl/src/test/java/org/springframework/security/acls/jdbc/AbstractBasicLookupStrategyTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/jdbc/AbstractBasicLookupStrategyTests.java
@@ -147,7 +147,6 @@ public abstract class AbstractBasicLookupStrategyTests {
 		ObjectIdentity middleParentOid = new ObjectIdentityImpl(TARGET_CLASS, 101L);
 		// Deliberately use an integer for the child, to reproduce bug report in SEC-819
 		ObjectIdentity childOid = new ObjectIdentityImpl(TARGET_CLASS, 102);
-
 		Map<ObjectIdentity, Acl> map = this.strategy
 				.readAclsById(Arrays.asList(topParentOid, middleParentOid, childOid), null);
 		checkEntries(topParentOid, middleParentOid, childOid, map);
@@ -158,15 +157,12 @@ public abstract class AbstractBasicLookupStrategyTests {
 		ObjectIdentity topParentOid = new ObjectIdentityImpl(TARGET_CLASS, 100);
 		ObjectIdentity middleParentOid = new ObjectIdentityImpl(TARGET_CLASS, 101L);
 		ObjectIdentity childOid = new ObjectIdentityImpl(TARGET_CLASS, 102L);
-
 		// Objects were put in cache
 		this.strategy.readAclsById(Arrays.asList(topParentOid, middleParentOid, childOid), null);
-
 		// Let's empty the database to force acls retrieval from cache
 		emptyDatabase();
 		Map<ObjectIdentity, Acl> map = this.strategy
 				.readAclsById(Arrays.asList(topParentOid, middleParentOid, childOid), null);
-
 		checkEntries(topParentOid, middleParentOid, childOid, map);
 	}
 
@@ -175,7 +171,6 @@ public abstract class AbstractBasicLookupStrategyTests {
 		ObjectIdentity topParentOid = new ObjectIdentityImpl(TARGET_CLASS, 100L);
 		ObjectIdentity middleParentOid = new ObjectIdentityImpl(TARGET_CLASS, 101);
 		ObjectIdentity childOid = new ObjectIdentityImpl(TARGET_CLASS, 102L);
-
 		// Set a batch size to allow multiple database queries in order to retrieve all
 		// acls
 		this.strategy.setBatchSize(1);
@@ -187,31 +182,25 @@ public abstract class AbstractBasicLookupStrategyTests {
 	private void checkEntries(ObjectIdentity topParentOid, ObjectIdentity middleParentOid, ObjectIdentity childOid,
 			Map<ObjectIdentity, Acl> map) {
 		assertThat(map).hasSize(3);
-
 		MutableAcl topParent = (MutableAcl) map.get(topParentOid);
 		MutableAcl middleParent = (MutableAcl) map.get(middleParentOid);
 		MutableAcl child = (MutableAcl) map.get(childOid);
-
 		// Check the retrieved versions has IDs
 		assertThat(topParent.getId()).isNotNull();
 		assertThat(middleParent.getId()).isNotNull();
 		assertThat(child.getId()).isNotNull();
-
 		// Check their parents were correctly retrieved
 		assertThat(topParent.getParentAcl()).isNull();
 		assertThat(middleParent.getParentAcl().getObjectIdentity()).isEqualTo(topParentOid);
 		assertThat(child.getParentAcl().getObjectIdentity()).isEqualTo(middleParentOid);
-
 		// Check their ACEs were correctly retrieved
 		assertThat(topParent.getEntries()).hasSize(2);
 		assertThat(middleParent.getEntries()).hasSize(1);
 		assertThat(child.getEntries()).hasSize(1);
-
 		// Check object identities were correctly retrieved
 		assertThat(topParent.getObjectIdentity()).isEqualTo(topParentOid);
 		assertThat(middleParent.getObjectIdentity()).isEqualTo(middleParentOid);
 		assertThat(child.getObjectIdentity()).isEqualTo(childOid);
-
 		// Check each entry
 		assertThat(topParent.isEntriesInheriting()).isTrue();
 		assertThat(Long.valueOf(1)).isEqualTo(topParent.getId());
@@ -222,14 +211,12 @@ public abstract class AbstractBasicLookupStrategyTests {
 		assertThat(((AuditableAccessControlEntry) topParent.getEntries().get(0)).isAuditFailure()).isFalse();
 		assertThat(((AuditableAccessControlEntry) topParent.getEntries().get(0)).isAuditSuccess()).isFalse();
 		assertThat((topParent.getEntries().get(0)).isGranting()).isTrue();
-
 		assertThat(Long.valueOf(2)).isEqualTo(topParent.getEntries().get(1).getId());
 		assertThat(topParent.getEntries().get(1).getPermission()).isEqualTo(BasePermission.WRITE);
 		assertThat(topParent.getEntries().get(1).getSid()).isEqualTo(new PrincipalSid("ben"));
 		assertThat(((AuditableAccessControlEntry) topParent.getEntries().get(1)).isAuditFailure()).isFalse();
 		assertThat(((AuditableAccessControlEntry) topParent.getEntries().get(1)).isAuditSuccess()).isFalse();
 		assertThat(topParent.getEntries().get(1).isGranting()).isFalse();
-
 		assertThat(middleParent.isEntriesInheriting()).isTrue();
 		assertThat(Long.valueOf(2)).isEqualTo(middleParent.getId());
 		assertThat(new PrincipalSid("ben")).isEqualTo(middleParent.getOwner());
@@ -239,7 +226,6 @@ public abstract class AbstractBasicLookupStrategyTests {
 		assertThat(((AuditableAccessControlEntry) middleParent.getEntries().get(0)).isAuditFailure()).isFalse();
 		assertThat(((AuditableAccessControlEntry) middleParent.getEntries().get(0)).isAuditSuccess()).isFalse();
 		assertThat(middleParent.getEntries().get(0).isGranting()).isTrue();
-
 		assertThat(child.isEntriesInheriting()).isTrue();
 		assertThat(Long.valueOf(3)).isEqualTo(child.getId());
 		assertThat(new PrincipalSid("ben")).isEqualTo(child.getOwner());
@@ -255,15 +241,12 @@ public abstract class AbstractBasicLookupStrategyTests {
 	public void testAllParentsAreRetrievedWhenChildIsLoaded() {
 		String query = "INSERT INTO acl_object_identity(ID,OBJECT_ID_CLASS,OBJECT_ID_IDENTITY,PARENT_OBJECT,OWNER_SID,ENTRIES_INHERITING) VALUES (6,2,103,1,1,1);";
 		getJdbcTemplate().execute(query);
-
 		ObjectIdentity topParentOid = new ObjectIdentityImpl(TARGET_CLASS, 100L);
 		ObjectIdentity middleParentOid = new ObjectIdentityImpl(TARGET_CLASS, 101L);
 		ObjectIdentity childOid = new ObjectIdentityImpl(TARGET_CLASS, 102L);
 		ObjectIdentity middleParent2Oid = new ObjectIdentityImpl(TARGET_CLASS, 103L);
-
 		// Retrieve the child
 		Map<ObjectIdentity, Acl> map = this.strategy.readAclsById(Arrays.asList(childOid), null);
-
 		// Check that the child and all its parents were retrieved
 		assertThat(map.get(childOid)).isNotNull();
 		assertThat(map.get(childOid).getObjectIdentity()).isEqualTo(childOid);
@@ -271,7 +254,6 @@ public abstract class AbstractBasicLookupStrategyTests {
 		assertThat(map.get(middleParentOid).getObjectIdentity()).isEqualTo(middleParentOid);
 		assertThat(map.get(topParentOid)).isNotNull();
 		assertThat(map.get(topParentOid).getObjectIdentity()).isEqualTo(topParentOid);
-
 		// The second parent shouldn't have been retrieved
 		assertThat(map.get(middleParent2Oid)).isNull();
 	}
@@ -287,26 +269,21 @@ public abstract class AbstractBasicLookupStrategyTests {
 				+ "INSERT INTO acl_object_identity(ID,OBJECT_ID_CLASS,OBJECT_ID_IDENTITY,PARENT_OBJECT,OWNER_SID,ENTRIES_INHERITING) VALUES (9,2,108,7,1,1);"
 				+ "INSERT INTO acl_entry(ID,ACL_OBJECT_IDENTITY,ACE_ORDER,SID,MASK,GRANTING,AUDIT_SUCCESS,AUDIT_FAILURE) VALUES (7,6,0,1,1,1,0,0)";
 		getJdbcTemplate().execute(query);
-
 		ObjectIdentity grandParentOid = new ObjectIdentityImpl(TARGET_CLASS, 104L);
 		ObjectIdentity parent1Oid = new ObjectIdentityImpl(TARGET_CLASS, 105L);
 		ObjectIdentity parent2Oid = new ObjectIdentityImpl(TARGET_CLASS, 106);
 		ObjectIdentity childOid = new ObjectIdentityImpl(TARGET_CLASS, 107);
-
 		// First lookup only child, thus populating the cache with grandParent,
 		// parent1
 		// and child
 		List<Permission> checkPermission = Arrays.asList(BasePermission.READ);
 		List<Sid> sids = Arrays.asList(BEN_SID);
 		List<ObjectIdentity> childOids = Arrays.asList(childOid);
-
 		this.strategy.setBatchSize(6);
 		Map<ObjectIdentity, Acl> foundAcls = this.strategy.readAclsById(childOids, sids);
-
 		Acl foundChildAcl = foundAcls.get(childOid);
 		assertThat(foundChildAcl).isNotNull();
 		assertThat(foundChildAcl.isGranted(checkPermission, sids, false)).isTrue();
-
 		// Search for object identities has to be done in the following order:
 		// last
 		// element have to be one which
@@ -315,12 +292,10 @@ public abstract class AbstractBasicLookupStrategyTests {
 		List<ObjectIdentity> allOids = Arrays.asList(grandParentOid, parent1Oid, parent2Oid, childOid);
 		try {
 			foundAcls = this.strategy.readAclsById(allOids, sids);
-
 		}
 		catch (NotFoundException notExpected) {
 			fail("It shouldn't have thrown NotFoundException");
 		}
-
 		Acl foundParent2Acl = foundAcls.get(parent2Oid);
 		assertThat(foundParent2Acl).isNotNull();
 		assertThat(foundParent2Acl.isGranted(checkPermission, sids, false)).isTrue();
@@ -329,18 +304,14 @@ public abstract class AbstractBasicLookupStrategyTests {
 	@Test(expected = IllegalArgumentException.class)
 	public void nullOwnerIsNotSupported() {
 		String query = "INSERT INTO acl_object_identity(ID,OBJECT_ID_CLASS,OBJECT_ID_IDENTITY,PARENT_OBJECT,OWNER_SID,ENTRIES_INHERITING) VALUES (6,2,104,null,null,1);";
-
 		getJdbcTemplate().execute(query);
-
 		ObjectIdentity oid = new ObjectIdentityImpl(TARGET_CLASS, 104L);
-
 		this.strategy.readAclsById(Arrays.asList(oid), Arrays.asList(BEN_SID));
 	}
 
 	@Test
 	public void testCreatePrincipalSid() {
 		Sid result = this.strategy.createSid(true, "sid");
-
 		assertThat(result.getClass()).isEqualTo(PrincipalSid.class);
 		assertThat(((PrincipalSid) result).getPrincipal()).isEqualTo("sid");
 	}
@@ -348,7 +319,6 @@ public abstract class AbstractBasicLookupStrategyTests {
 	@Test
 	public void testCreateGrantedAuthority() {
 		Sid result = this.strategy.createSid(false, "sid");
-
 		assertThat(result.getClass()).isEqualTo(GrantedAuthoritySid.class);
 		assertThat(((GrantedAuthoritySid) result).getGrantedAuthority()).isEqualTo("sid");
 	}
diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/BasicLookupStrategyTestsDbHelper.java b/acl/src/test/java/org/springframework/security/acls/jdbc/BasicLookupStrategyTestsDbHelper.java
index 16206dea2b..32a2547351 100644
--- a/acl/src/test/java/org/springframework/security/acls/jdbc/BasicLookupStrategyTestsDbHelper.java
+++ b/acl/src/test/java/org/springframework/security/acls/jdbc/BasicLookupStrategyTestsDbHelper.java
@@ -58,12 +58,10 @@ public class BasicLookupStrategyTestsDbHelper {
 		else {
 			connectionUrl = "jdbc:hsqldb:mem:lookupstrategytestWithAclClassIdType";
 			sqlClassPathResource = ACL_SCHEMA_SQL_FILE_WITH_ACL_CLASS_ID;
-
 		}
 		this.dataSource = new SingleConnectionDataSource(connectionUrl, "sa", "", true);
 		this.dataSource.setDriverClassName("org.hsqldb.jdbcDriver");
 		this.jdbcTemplate = new JdbcTemplate(this.dataSource);
-
 		Resource resource = new ClassPathResource(sqlClassPathResource);
 		String sql = new String(FileCopyUtils.copyToByteArray(resource.getInputStream()));
 		this.jdbcTemplate.execute(sql);
diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/DatabaseSeeder.java b/acl/src/test/java/org/springframework/security/acls/jdbc/DatabaseSeeder.java
index 9d2d6c2e5d..eca0b5d635 100644
--- a/acl/src/test/java/org/springframework/security/acls/jdbc/DatabaseSeeder.java
+++ b/acl/src/test/java/org/springframework/security/acls/jdbc/DatabaseSeeder.java
@@ -35,7 +35,6 @@ public class DatabaseSeeder {
 	public DatabaseSeeder(DataSource dataSource, Resource resource) throws IOException {
 		Assert.notNull(dataSource, "dataSource required");
 		Assert.notNull(resource, "resource required");
-
 		JdbcTemplate template = new JdbcTemplate(dataSource);
 		String sql = new String(FileCopyUtils.copyToByteArray(resource.getInputStream()));
 		template.execute(sql);
diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/EhCacheBasedAclCacheTests.java b/acl/src/test/java/org/springframework/security/acls/jdbc/EhCacheBasedAclCacheTests.java
index 04f496a43b..d293b50084 100644
--- a/acl/src/test/java/org/springframework/security/acls/jdbc/EhCacheBasedAclCacheTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/jdbc/EhCacheBasedAclCacheTests.java
@@ -82,12 +82,10 @@ public class EhCacheBasedAclCacheTests {
 		this.myCache = new EhCacheBasedAclCache(this.cache,
 				new DefaultPermissionGrantingStrategy(new ConsoleAuditLogger()),
 				new AclAuthorizationStrategyImpl(new SimpleGrantedAuthority("ROLE_USER")));
-
 		ObjectIdentity identity = new ObjectIdentityImpl(TARGET_CLASS, 100L);
 		AclAuthorizationStrategy aclAuthorizationStrategy = new AclAuthorizationStrategyImpl(
 				new SimpleGrantedAuthority("ROLE_OWNERSHIP"), new SimpleGrantedAuthority("ROLE_AUDITING"),
 				new SimpleGrantedAuthority("ROLE_GENERAL"));
-
 		this.acl = new AclImpl(identity, 1L, aclAuthorizationStrategy, new ConsoleAuditLogger());
 	}
 
@@ -111,7 +109,6 @@ public class EhCacheBasedAclCacheTests {
 		}
 		catch (IllegalArgumentException expected) {
 		}
-
 		try {
 			ObjectIdentity obj = null;
 			this.myCache.evictFromCache(obj);
@@ -119,7 +116,6 @@ public class EhCacheBasedAclCacheTests {
 		}
 		catch (IllegalArgumentException expected) {
 		}
-
 		try {
 			Serializable id = null;
 			this.myCache.getFromCache(id);
@@ -127,7 +123,6 @@ public class EhCacheBasedAclCacheTests {
 		}
 		catch (IllegalArgumentException expected) {
 		}
-
 		try {
 			ObjectIdentity obj = null;
 			this.myCache.getFromCache(obj);
@@ -135,7 +130,6 @@ public class EhCacheBasedAclCacheTests {
 		}
 		catch (IllegalArgumentException expected) {
 		}
-
 		try {
 			MutableAcl acl = null;
 			this.myCache.putInCache(acl);
@@ -154,17 +148,13 @@ public class EhCacheBasedAclCacheTests {
 		ObjectOutputStream oos = new ObjectOutputStream(fos);
 		oos.writeObject(this.acl);
 		oos.close();
-
 		FileInputStream fis = new FileInputStream(file);
 		ObjectInputStream ois = new ObjectInputStream(fis);
 		MutableAcl retrieved = (MutableAcl) ois.readObject();
 		ois.close();
-
 		assertThat(retrieved).isEqualTo(this.acl);
-
 		Object retrieved1 = FieldUtils.getProtectedFieldValue("aclAuthorizationStrategy", retrieved);
 		assertThat(retrieved1).isNull();
-
 		Object retrieved2 = FieldUtils.getProtectedFieldValue("permissionGrantingStrategy", retrieved);
 		assertThat(retrieved2).isNull();
 	}
@@ -172,14 +162,12 @@ public class EhCacheBasedAclCacheTests {
 	@Test
 	public void clearCache() {
 		this.myCache.clearCache();
-
 		verify(this.cache).removeAll();
 	}
 
 	@Test
 	public void putInCache() {
 		this.myCache.putInCache(this.acl);
-
 		verify(this.cache, times(2)).put(this.element.capture());
 		assertThat(this.element.getValue().getKey()).isEqualTo(this.acl.getId());
 		assertThat(this.element.getValue().getObjectValue()).isEqualTo(this.acl);
@@ -192,29 +180,21 @@ public class EhCacheBasedAclCacheTests {
 		Authentication auth = new TestingAuthenticationToken("user", "password", "ROLE_GENERAL");
 		auth.setAuthenticated(true);
 		SecurityContextHolder.getContext().setAuthentication(auth);
-
 		ObjectIdentity identityParent = new ObjectIdentityImpl(TARGET_CLASS, 2L);
 		AclAuthorizationStrategy aclAuthorizationStrategy = new AclAuthorizationStrategyImpl(
 				new SimpleGrantedAuthority("ROLE_OWNERSHIP"), new SimpleGrantedAuthority("ROLE_AUDITING"),
 				new SimpleGrantedAuthority("ROLE_GENERAL"));
 		MutableAcl parentAcl = new AclImpl(identityParent, 2L, aclAuthorizationStrategy, new ConsoleAuditLogger());
 		this.acl.setParent(parentAcl);
-
 		this.myCache.putInCache(this.acl);
-
 		verify(this.cache, times(4)).put(this.element.capture());
-
 		List<Element> allValues = this.element.getAllValues();
-
 		assertThat(allValues.get(0).getKey()).isEqualTo(parentAcl.getObjectIdentity());
 		assertThat(allValues.get(0).getObjectValue()).isEqualTo(parentAcl);
-
 		assertThat(allValues.get(1).getKey()).isEqualTo(parentAcl.getId());
 		assertThat(allValues.get(1).getObjectValue()).isEqualTo(parentAcl);
-
 		assertThat(allValues.get(2).getKey()).isEqualTo(this.acl.getObjectIdentity());
 		assertThat(allValues.get(2).getObjectValue()).isEqualTo(this.acl);
-
 		assertThat(allValues.get(3).getKey()).isEqualTo(this.acl.getId());
 		assertThat(allValues.get(3).getObjectValue()).isEqualTo(this.acl);
 	}
@@ -222,21 +202,16 @@ public class EhCacheBasedAclCacheTests {
 	@Test
 	public void getFromCacheSerializable() {
 		given(this.cache.get(this.acl.getId())).willReturn(new Element(this.acl.getId(), this.acl));
-
 		assertThat(this.myCache.getFromCache(this.acl.getId())).isEqualTo(this.acl);
 	}
 
 	@Test
 	public void getFromCacheSerializablePopulatesTransient() {
 		given(this.cache.get(this.acl.getId())).willReturn(new Element(this.acl.getId(), this.acl));
-
 		this.myCache.putInCache(this.acl);
-
 		ReflectionTestUtils.setField(this.acl, "permissionGrantingStrategy", null);
 		ReflectionTestUtils.setField(this.acl, "aclAuthorizationStrategy", null);
-
 		MutableAcl fromCache = this.myCache.getFromCache(this.acl.getId());
-
 		assertThat(ReflectionTestUtils.getField(fromCache, "aclAuthorizationStrategy")).isNotNull();
 		assertThat(ReflectionTestUtils.getField(fromCache, "permissionGrantingStrategy")).isNotNull();
 	}
@@ -244,21 +219,16 @@ public class EhCacheBasedAclCacheTests {
 	@Test
 	public void getFromCacheObjectIdentity() {
 		given(this.cache.get(this.acl.getId())).willReturn(new Element(this.acl.getId(), this.acl));
-
 		assertThat(this.myCache.getFromCache(this.acl.getId())).isEqualTo(this.acl);
 	}
 
 	@Test
 	public void getFromCacheObjectIdentityPopulatesTransient() {
 		given(this.cache.get(this.acl.getObjectIdentity())).willReturn(new Element(this.acl.getId(), this.acl));
-
 		this.myCache.putInCache(this.acl);
-
 		ReflectionTestUtils.setField(this.acl, "permissionGrantingStrategy", null);
 		ReflectionTestUtils.setField(this.acl, "aclAuthorizationStrategy", null);
-
 		MutableAcl fromCache = this.myCache.getFromCache(this.acl.getObjectIdentity());
-
 		assertThat(ReflectionTestUtils.getField(fromCache, "aclAuthorizationStrategy")).isNotNull();
 		assertThat(ReflectionTestUtils.getField(fromCache, "permissionGrantingStrategy")).isNotNull();
 	}
@@ -266,9 +236,7 @@ public class EhCacheBasedAclCacheTests {
 	@Test
 	public void evictCacheSerializable() {
 		given(this.cache.get(this.acl.getObjectIdentity())).willReturn(new Element(this.acl.getId(), this.acl));
-
 		this.myCache.evictFromCache(this.acl.getObjectIdentity());
-
 		verify(this.cache).remove(this.acl.getId());
 		verify(this.cache).remove(this.acl.getObjectIdentity());
 	}
@@ -276,9 +244,7 @@ public class EhCacheBasedAclCacheTests {
 	@Test
 	public void evictCacheObjectIdentity() {
 		given(this.cache.get(this.acl.getId())).willReturn(new Element(this.acl.getId(), this.acl));
-
 		this.myCache.evictFromCache(this.acl.getId());
-
 		verify(this.cache).remove(this.acl.getId());
 		verify(this.cache).remove(this.acl.getObjectIdentity());
 	}
diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcAclServiceTests.java b/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcAclServiceTests.java
index 3e5e09c2f7..a4ff652ef1 100644
--- a/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcAclServiceTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcAclServiceTests.java
@@ -97,7 +97,6 @@ public class JdbcAclServiceTests {
 		given(this.lookupStrategy.readAclsById(anyList(), anyList())).willReturn(result);
 		ObjectIdentity objectIdentity = new ObjectIdentityImpl(Object.class, 1);
 		List<Sid> sids = Arrays.<Sid>asList(new PrincipalSid("user"));
-
 		this.aclService.readAclById(objectIdentity, sids);
 	}
 
@@ -108,7 +107,6 @@ public class JdbcAclServiceTests {
 		Object[] args = { "1", "org.springframework.security.acls.jdbc.JdbcAclServiceTests$MockLongIdDomainObject" };
 		given(this.jdbcOperations.query(anyString(), eq(args), any(RowMapper.class))).willReturn(result);
 		ObjectIdentity objectIdentity = new ObjectIdentityImpl(MockLongIdDomainObject.class, 1L);
-
 		List<ObjectIdentity> objectIdentities = this.aclService.findChildren(objectIdentity);
 		assertThat(objectIdentities.size()).isEqualTo(1);
 		assertThat(objectIdentities.get(0).getIdentifier()).isEqualTo("5577");
@@ -117,7 +115,6 @@ public class JdbcAclServiceTests {
 	@Test
 	public void findNoChildren() {
 		ObjectIdentity objectIdentity = new ObjectIdentityImpl(MockLongIdDomainObject.class, 1L);
-
 		List<ObjectIdentity> objectIdentities = this.aclService.findChildren(objectIdentity);
 		assertThat(objectIdentities).isNull();
 	}
@@ -125,7 +122,6 @@ public class JdbcAclServiceTests {
 	@Test
 	public void findChildrenWithoutIdType() {
 		ObjectIdentity objectIdentity = new ObjectIdentityImpl(MockLongIdDomainObject.class, 4711L);
-
 		List<ObjectIdentity> objectIdentities = this.aclServiceIntegration.findChildren(objectIdentity);
 		assertThat(objectIdentities.size()).isEqualTo(1);
 		assertThat(objectIdentities.get(0).getType()).isEqualTo(MockUntypedIdDomainObject.class.getName());
@@ -135,7 +131,6 @@ public class JdbcAclServiceTests {
 	@Test
 	public void findChildrenForUnknownObject() {
 		ObjectIdentity objectIdentity = new ObjectIdentityImpl(Object.class, 33);
-
 		List<ObjectIdentity> objectIdentities = this.aclServiceIntegration.findChildren(objectIdentity);
 		assertThat(objectIdentities).isNull();
 	}
@@ -143,7 +138,6 @@ public class JdbcAclServiceTests {
 	@Test
 	public void findChildrenOfIdTypeLong() {
 		ObjectIdentity objectIdentity = new ObjectIdentityImpl("location", "US-PAL");
-
 		List<ObjectIdentity> objectIdentities = this.aclServiceIntegration.findChildren(objectIdentity);
 		assertThat(objectIdentities.size()).isEqualTo(2);
 		assertThat(objectIdentities.get(0).getType()).isEqualTo(MockLongIdDomainObject.class.getName());
@@ -155,7 +149,6 @@ public class JdbcAclServiceTests {
 	@Test
 	public void findChildrenOfIdTypeString() {
 		ObjectIdentity objectIdentity = new ObjectIdentityImpl("location", "US");
-
 		this.aclServiceIntegration.setAclClassIdSupported(true);
 		List<ObjectIdentity> objectIdentities = this.aclServiceIntegration.findChildren(objectIdentity);
 		assertThat(objectIdentities.size()).isEqualTo(1);
@@ -166,7 +159,6 @@ public class JdbcAclServiceTests {
 	@Test
 	public void findChildrenOfIdTypeUUID() {
 		ObjectIdentity objectIdentity = new ObjectIdentityImpl(MockUntypedIdDomainObject.class, 5000L);
-
 		this.aclServiceIntegration.setAclClassIdSupported(true);
 		List<ObjectIdentity> objectIdentities = this.aclServiceIntegration.findChildren(objectIdentity);
 		assertThat(objectIdentities.size()).isEqualTo(1);
diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTests.java b/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTests.java
index 9d70049f1a..fe44732540 100644
--- a/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTests.java
@@ -142,123 +142,97 @@ public class JdbcMutableAclServiceTests extends AbstractTransactionalJUnit4Sprin
 	@Transactional
 	public void testLifecycle() {
 		SecurityContextHolder.getContext().setAuthentication(this.auth);
-
 		MutableAcl topParent = this.jdbcMutableAclService.createAcl(getTopParentOid());
 		MutableAcl middleParent = this.jdbcMutableAclService.createAcl(getMiddleParentOid());
 		MutableAcl child = this.jdbcMutableAclService.createAcl(getChildOid());
-
 		// Specify the inheritance hierarchy
 		middleParent.setParent(topParent);
 		child.setParent(middleParent);
-
 		// Now let's add a couple of permissions
 		topParent.insertAce(0, BasePermission.READ, new PrincipalSid(this.auth), true);
 		topParent.insertAce(1, BasePermission.WRITE, new PrincipalSid(this.auth), false);
 		middleParent.insertAce(0, BasePermission.DELETE, new PrincipalSid(this.auth), true);
 		child.insertAce(0, BasePermission.DELETE, new PrincipalSid(this.auth), false);
-
 		// Explicitly save the changed ACL
 		this.jdbcMutableAclService.updateAcl(topParent);
 		this.jdbcMutableAclService.updateAcl(middleParent);
 		this.jdbcMutableAclService.updateAcl(child);
-
 		// Let's check if we can read them back correctly
 		Map<ObjectIdentity, Acl> map = this.jdbcMutableAclService
 				.readAclsById(Arrays.asList(getTopParentOid(), getMiddleParentOid(), getChildOid()));
 		assertThat(map).hasSize(3);
-
 		// Replace our current objects with their retrieved versions
 		topParent = (MutableAcl) map.get(getTopParentOid());
 		middleParent = (MutableAcl) map.get(getMiddleParentOid());
 		child = (MutableAcl) map.get(getChildOid());
-
 		// Check the retrieved versions has IDs
 		assertThat(topParent.getId()).isNotNull();
 		assertThat(middleParent.getId()).isNotNull();
 		assertThat(child.getId()).isNotNull();
-
 		// Check their parents were correctly persisted
 		assertThat(topParent.getParentAcl()).isNull();
 		assertThat(middleParent.getParentAcl().getObjectIdentity()).isEqualTo(getTopParentOid());
 		assertThat(child.getParentAcl().getObjectIdentity()).isEqualTo(getMiddleParentOid());
-
 		// Check their ACEs were correctly persisted
 		assertThat(topParent.getEntries()).hasSize(2);
 		assertThat(middleParent.getEntries()).hasSize(1);
 		assertThat(child.getEntries()).hasSize(1);
-
 		// Check the retrieved rights are correct
 		List<Permission> read = Arrays.asList(BasePermission.READ);
 		List<Permission> write = Arrays.asList(BasePermission.WRITE);
 		List<Permission> delete = Arrays.asList(BasePermission.DELETE);
 		List<Sid> pSid = Arrays.asList((Sid) new PrincipalSid(this.auth));
-
 		assertThat(topParent.isGranted(read, pSid, false)).isTrue();
 		assertThat(topParent.isGranted(write, pSid, false)).isFalse();
 		assertThat(middleParent.isGranted(delete, pSid, false)).isTrue();
 		assertThat(child.isGranted(delete, pSid, false)).isFalse();
-
 		try {
 			child.isGranted(Arrays.asList(BasePermission.ADMINISTRATION), pSid, false);
 			fail("Should have thrown NotFoundException");
 		}
 		catch (NotFoundException expected) {
-
 		}
-
 		// Now check the inherited rights (when not explicitly overridden) also look OK
 		assertThat(child.isGranted(read, pSid, false)).isTrue();
 		assertThat(child.isGranted(write, pSid, false)).isFalse();
 		assertThat(child.isGranted(delete, pSid, false)).isFalse();
-
 		// Next change the child so it doesn't inherit permissions from above
 		child.setEntriesInheriting(false);
 		this.jdbcMutableAclService.updateAcl(child);
 		child = (MutableAcl) this.jdbcMutableAclService.readAclById(getChildOid());
 		assertThat(child.isEntriesInheriting()).isFalse();
-
 		// Check the child permissions no longer inherit
 		assertThat(child.isGranted(delete, pSid, true)).isFalse();
-
 		try {
 			child.isGranted(read, pSid, true);
 			fail("Should have thrown NotFoundException");
 		}
 		catch (NotFoundException expected) {
-
 		}
-
 		try {
 			child.isGranted(write, pSid, true);
 			fail("Should have thrown NotFoundException");
 		}
 		catch (NotFoundException expected) {
-
 		}
-
 		// Let's add an identical permission to the child, but it'll appear AFTER the
 		// current permission, so has no impact
 		child.insertAce(1, BasePermission.DELETE, new PrincipalSid(this.auth), true);
-
 		// Let's also add another permission to the child
 		child.insertAce(2, BasePermission.CREATE, new PrincipalSid(this.auth), true);
-
 		// Save the changed child
 		this.jdbcMutableAclService.updateAcl(child);
 		child = (MutableAcl) this.jdbcMutableAclService.readAclById(getChildOid());
 		assertThat(child.getEntries()).hasSize(3);
-
 		// Output permissions
 		for (int i = 0; i < child.getEntries().size(); i++) {
 			System.out.println(child.getEntries().get(i));
 		}
-
 		// Check the permissions are as they should be
 		assertThat(child.isGranted(delete, pSid, true)).isFalse(); // as earlier
 																	// permission
 		// overrode
 		assertThat(child.isGranted(Arrays.asList(BasePermission.CREATE), pSid, true)).isTrue();
-
 		// Now check the first ACE (index 0) really is DELETE for our Sid and is
 		// non-granting
 		AccessControlEntry entry = child.getEntries().get(0);
@@ -266,15 +240,12 @@ public class JdbcMutableAclServiceTests extends AbstractTransactionalJUnit4Sprin
 		assertThat(entry.getSid()).isEqualTo(new PrincipalSid(this.auth));
 		assertThat(entry.isGranting()).isFalse();
 		assertThat(entry.getId()).isNotNull();
-
 		// Now delete that first ACE
 		child.deleteAce(0);
-
 		// Save and check it worked
 		child = this.jdbcMutableAclService.updateAcl(child);
 		assertThat(child.getEntries()).hasSize(2);
 		assertThat(child.isGranted(delete, pSid, false)).isTrue();
-
 		SecurityContextHolder.clearContext();
 	}
 
@@ -285,7 +256,6 @@ public class JdbcMutableAclServiceTests extends AbstractTransactionalJUnit4Sprin
 	@Transactional
 	public void deleteAclAlsoDeletesChildren() {
 		SecurityContextHolder.getContext().setAuthentication(this.auth);
-
 		this.jdbcMutableAclService.createAcl(getTopParentOid());
 		MutableAcl middleParent = this.jdbcMutableAclService.createAcl(getMiddleParentOid());
 		MutableAcl child = this.jdbcMutableAclService.createAcl(getChildOid());
@@ -294,27 +264,21 @@ public class JdbcMutableAclServiceTests extends AbstractTransactionalJUnit4Sprin
 		this.jdbcMutableAclService.updateAcl(child);
 		// Check the childOid really is a child of middleParentOid
 		Acl childAcl = this.jdbcMutableAclService.readAclById(getChildOid());
-
 		assertThat(childAcl.getParentAcl().getObjectIdentity()).isEqualTo(getMiddleParentOid());
-
 		// Delete the mid-parent and test if the child was deleted, as well
 		this.jdbcMutableAclService.deleteAcl(getMiddleParentOid(), true);
-
 		try {
 			this.jdbcMutableAclService.readAclById(getMiddleParentOid());
 			fail("It should have thrown NotFoundException");
 		}
 		catch (NotFoundException expected) {
-
 		}
 		try {
 			this.jdbcMutableAclService.readAclById(getChildOid());
 			fail("It should have thrown NotFoundException");
 		}
 		catch (NotFoundException expected) {
-
 		}
-
 		Acl acl = this.jdbcMutableAclService.readAclById(getTopParentOid());
 		assertThat(acl).isNotNull();
 		assertThat(getTopParentOid()).isEqualTo(acl.getObjectIdentity());
@@ -328,14 +292,12 @@ public class JdbcMutableAclServiceTests extends AbstractTransactionalJUnit4Sprin
 		}
 		catch (IllegalArgumentException expected) {
 		}
-
 		try {
 			new JdbcMutableAclService(this.dataSource, null, this.aclCache);
 			fail("It should have thrown IllegalArgumentException");
 		}
 		catch (IllegalArgumentException expected) {
 		}
-
 		try {
 			new JdbcMutableAclService(this.dataSource, this.lookupStrategy, null);
 			fail("It should have thrown IllegalArgumentException");
@@ -386,11 +348,9 @@ public class JdbcMutableAclServiceTests extends AbstractTransactionalJUnit4Sprin
 		SecurityContextHolder.getContext().setAuthentication(this.auth);
 		MutableAcl parent = this.jdbcMutableAclService.createAcl(getTopParentOid());
 		MutableAcl child = this.jdbcMutableAclService.createAcl(getMiddleParentOid());
-
 		// Specify the inheritance hierarchy
 		child.setParent(parent);
 		this.jdbcMutableAclService.updateAcl(child);
-
 		try {
 			this.jdbcMutableAclService.setForeignKeysInDatabase(false); // switch on FK
 			// checking in the
@@ -413,13 +373,11 @@ public class JdbcMutableAclServiceTests extends AbstractTransactionalJUnit4Sprin
 		MutableAcl child = this.jdbcMutableAclService.createAcl(getChildOid());
 		child.insertAce(0, BasePermission.DELETE, new PrincipalSid(this.auth), false);
 		this.jdbcMutableAclService.updateAcl(child);
-
 		// Remove the child and check all related database rows were removed accordingly
 		this.jdbcMutableAclService.deleteAcl(getChildOid(), false);
 		assertThat(this.jdbcTemplate.queryForList(SELECT_ALL_CLASSES, new Object[] { getTargetClass() })).hasSize(1);
 		assertThat(this.jdbcTemplate.queryForList("select * from acl_object_identity")).isEmpty();
 		assertThat(this.jdbcTemplate.queryForList("select * from acl_entry")).isEmpty();
-
 		// Check the cache
 		assertThat(this.aclCache.getFromCache(getChildOid())).isNull();
 		assertThat(this.aclCache.getFromCache(102L)).isNull();
@@ -432,7 +390,6 @@ public class JdbcMutableAclServiceTests extends AbstractTransactionalJUnit4Sprin
 		SecurityContextHolder.getContext().setAuthentication(this.auth);
 		ObjectIdentity oid = new ObjectIdentityImpl(TARGET_CLASS, 101);
 		this.jdbcMutableAclService.createAcl(oid);
-
 		assertThat(this.jdbcMutableAclService.readAclById(new ObjectIdentityImpl(TARGET_CLASS, 101L))).isNotNull();
 	}
 
@@ -445,27 +402,20 @@ public class JdbcMutableAclServiceTests extends AbstractTransactionalJUnit4Sprin
 		Authentication auth = new TestingAuthenticationToken("ben", "ignored", "ROLE_ADMINISTRATOR");
 		auth.setAuthenticated(true);
 		SecurityContextHolder.getContext().setAuthentication(auth);
-
 		ObjectIdentity parentOid = new ObjectIdentityImpl(TARGET_CLASS, 104L);
 		ObjectIdentity childOid = new ObjectIdentityImpl(TARGET_CLASS, 105L);
-
 		MutableAcl parent = this.jdbcMutableAclService.createAcl(parentOid);
 		MutableAcl child = this.jdbcMutableAclService.createAcl(childOid);
-
 		child.setParent(parent);
 		this.jdbcMutableAclService.updateAcl(child);
-
 		parent = (AclImpl) this.jdbcMutableAclService.readAclById(parentOid);
 		parent.insertAce(0, BasePermission.READ, new PrincipalSid("ben"), true);
 		this.jdbcMutableAclService.updateAcl(parent);
-
 		parent = (AclImpl) this.jdbcMutableAclService.readAclById(parentOid);
 		parent.insertAce(1, BasePermission.READ, new PrincipalSid("scott"), true);
 		this.jdbcMutableAclService.updateAcl(parent);
-
 		child = (MutableAcl) this.jdbcMutableAclService.readAclById(childOid);
 		parent = (MutableAcl) child.getParentAcl();
-
 		assertThat(parent.getEntries()).hasSize(2)
 				.withFailMessage("Fails because child has a stale reference to its parent");
 		assertThat(parent.getEntries().get(0).getPermission().getMask()).isEqualTo(1);
@@ -483,22 +433,16 @@ public class JdbcMutableAclServiceTests extends AbstractTransactionalJUnit4Sprin
 		Authentication auth = new TestingAuthenticationToken("system", "secret", "ROLE_IGNORED");
 		SecurityContextHolder.getContext().setAuthentication(auth);
 		ObjectIdentityImpl rootObject = new ObjectIdentityImpl(TARGET_CLASS, 1L);
-
 		MutableAcl parent = this.jdbcMutableAclService.createAcl(rootObject);
 		MutableAcl child = this.jdbcMutableAclService.createAcl(new ObjectIdentityImpl(TARGET_CLASS, 2L));
 		child.setParent(parent);
 		this.jdbcMutableAclService.updateAcl(child);
-
 		parent.insertAce(0, BasePermission.ADMINISTRATION, new GrantedAuthoritySid("ROLE_ADMINISTRATOR"), true);
 		this.jdbcMutableAclService.updateAcl(parent);
-
 		parent.insertAce(1, BasePermission.DELETE, new PrincipalSid("terry"), true);
 		this.jdbcMutableAclService.updateAcl(parent);
-
 		child = (MutableAcl) this.jdbcMutableAclService.readAclById(new ObjectIdentityImpl(TARGET_CLASS, 2L));
-
 		parent = (MutableAcl) child.getParentAcl();
-
 		assertThat(parent.getEntries()).hasSize(2);
 		assertThat(parent.getEntries().get(0).getPermission().getMask()).isEqualTo(16);
 		assertThat(parent.getEntries().get(0).getSid()).isEqualTo(new GrantedAuthoritySid("ROLE_ADMINISTRATOR"));
@@ -512,24 +456,19 @@ public class JdbcMutableAclServiceTests extends AbstractTransactionalJUnit4Sprin
 		Authentication auth = new TestingAuthenticationToken("ben", "ignored", "ROLE_ADMINISTRATOR");
 		auth.setAuthenticated(true);
 		SecurityContextHolder.getContext().setAuthentication(auth);
-
 		ObjectIdentity topParentOid = new ObjectIdentityImpl(TARGET_CLASS, 110L);
 		MutableAcl topParent = this.jdbcMutableAclService.createAcl(topParentOid);
-
 		// Add an ACE permission entry
 		Permission cm = new CumulativePermission().set(BasePermission.READ).set(BasePermission.ADMINISTRATION);
 		assertThat(cm.getMask()).isEqualTo(17);
 		Sid benSid = new PrincipalSid(auth);
 		topParent.insertAce(0, cm, benSid, true);
 		assertThat(topParent.getEntries()).hasSize(1);
-
 		// Explicitly save the changed ACL
 		topParent = this.jdbcMutableAclService.updateAcl(topParent);
-
 		// Check the mask was retrieved correctly
 		assertThat(topParent.getEntries().get(0).getPermission().getMask()).isEqualTo(17);
 		assertThat(topParent.isGranted(Arrays.asList(cm), Arrays.asList(benSid), true)).isTrue();
-
 		SecurityContextHolder.clearContext();
 	}
 
@@ -539,9 +478,7 @@ public class JdbcMutableAclServiceTests extends AbstractTransactionalJUnit4Sprin
 				new CustomJdbcMutableAclService(this.dataSource, this.lookupStrategy, this.aclCache));
 		CustomSid customSid = new CustomSid("Custom sid");
 		given(customJdbcMutableAclService.createOrRetrieveSidPrimaryKey("Custom sid", false, false)).willReturn(1L);
-
 		Long result = customJdbcMutableAclService.createOrRetrieveSidPrimaryKey(customSid, false);
-
 		assertThat(new Long(1L)).isEqualTo(result);
 	}
 
diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTestsWithAclClassId.java b/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTestsWithAclClassId.java
index f912ad7514..ab69977a56 100644
--- a/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTestsWithAclClassId.java
+++ b/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTestsWithAclClassId.java
@@ -75,11 +75,9 @@ public class JdbcMutableAclServiceTestsWithAclClassId extends JdbcMutableAclServ
 	@Transactional
 	public void identityWithUuidIdIsSupportedByCreateAcl() {
 		SecurityContextHolder.getContext().setAuthentication(getAuth());
-
 		UUID id = UUID.randomUUID();
 		ObjectIdentity oid = new ObjectIdentityImpl(TARGET_CLASS_WITH_UUID, id);
 		getJdbcMutableAclService().createAcl(oid);
-
 		assertThat(getJdbcMutableAclService().readAclById(new ObjectIdentityImpl(TARGET_CLASS_WITH_UUID, id)))
 				.isNotNull();
 	}
diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/SpringCacheBasedAclCacheTests.java b/acl/src/test/java/org/springframework/security/acls/jdbc/SpringCacheBasedAclCacheTests.java
index 3d2a9c7928..9a3bd62400 100644
--- a/acl/src/test/java/org/springframework/security/acls/jdbc/SpringCacheBasedAclCacheTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/jdbc/SpringCacheBasedAclCacheTests.java
@@ -89,37 +89,28 @@ public class SpringCacheBasedAclCacheTests {
 				new SimpleGrantedAuthority("ROLE_OWNERSHIP"), new SimpleGrantedAuthority("ROLE_AUDITING"),
 				new SimpleGrantedAuthority("ROLE_GENERAL"));
 		AuditLogger auditLogger = new ConsoleAuditLogger();
-
 		PermissionGrantingStrategy permissionGrantingStrategy = new DefaultPermissionGrantingStrategy(auditLogger);
 		SpringCacheBasedAclCache myCache = new SpringCacheBasedAclCache(cache, permissionGrantingStrategy,
 				aclAuthorizationStrategy);
 		MutableAcl acl = new AclImpl(identity, 1L, aclAuthorizationStrategy, auditLogger);
-
 		assertThat(realCache).isEmpty();
 		myCache.putInCache(acl);
-
 		// Check we can get from cache the same objects we put in
 		assertThat(acl).isEqualTo(myCache.getFromCache(1L));
 		assertThat(acl).isEqualTo(myCache.getFromCache(identity));
-
 		// Put another object in cache
 		ObjectIdentity identity2 = new ObjectIdentityImpl(TARGET_CLASS, 101L);
 		MutableAcl acl2 = new AclImpl(identity2, 2L, aclAuthorizationStrategy, new ConsoleAuditLogger());
-
 		myCache.putInCache(acl2);
-
 		// Try to evict an entry that doesn't exist
 		myCache.evictFromCache(3L);
 		myCache.evictFromCache(new ObjectIdentityImpl(TARGET_CLASS, 102L));
 		assertThat(realCache).hasSize(4);
-
 		myCache.evictFromCache(1L);
 		assertThat(realCache).hasSize(2);
-
 		// Check the second object inserted
 		assertThat(acl2).isEqualTo(myCache.getFromCache(2L));
 		assertThat(acl2).isEqualTo(myCache.getFromCache(identity2));
-
 		myCache.evictFromCache(identity2);
 		assertThat(realCache).isEmpty();
 	}
@@ -129,31 +120,24 @@ public class SpringCacheBasedAclCacheTests {
 	public void cacheOperationsAclWithParent() throws Exception {
 		Cache cache = getCache();
 		Map realCache = (Map) cache.getNativeCache();
-
 		Authentication auth = new TestingAuthenticationToken("user", "password", "ROLE_GENERAL");
 		auth.setAuthenticated(true);
 		SecurityContextHolder.getContext().setAuthentication(auth);
-
 		ObjectIdentity identity = new ObjectIdentityImpl(TARGET_CLASS, 1L);
 		ObjectIdentity identityParent = new ObjectIdentityImpl(TARGET_CLASS, 2L);
 		AclAuthorizationStrategy aclAuthorizationStrategy = new AclAuthorizationStrategyImpl(
 				new SimpleGrantedAuthority("ROLE_OWNERSHIP"), new SimpleGrantedAuthority("ROLE_AUDITING"),
 				new SimpleGrantedAuthority("ROLE_GENERAL"));
 		AuditLogger auditLogger = new ConsoleAuditLogger();
-
 		PermissionGrantingStrategy permissionGrantingStrategy = new DefaultPermissionGrantingStrategy(auditLogger);
 		SpringCacheBasedAclCache myCache = new SpringCacheBasedAclCache(cache, permissionGrantingStrategy,
 				aclAuthorizationStrategy);
-
 		MutableAcl acl = new AclImpl(identity, 1L, aclAuthorizationStrategy, auditLogger);
 		MutableAcl parentAcl = new AclImpl(identityParent, 2L, aclAuthorizationStrategy, auditLogger);
-
 		acl.setParent(parentAcl);
-
 		assertThat(realCache).isEmpty();
 		myCache.putInCache(acl);
 		assertThat(4).isEqualTo(realCache.size());
-
 		// Check we can get from cache the same objects we put in
 		AclImpl aclFromCache = (AclImpl) myCache.getFromCache(1L);
 		assertThat(aclFromCache).isEqualTo(acl);
diff --git a/acl/src/test/java/org/springframework/security/acls/sid/SidRetrievalStrategyTests.java b/acl/src/test/java/org/springframework/security/acls/sid/SidRetrievalStrategyTests.java
index 0d5d0617a6..5922f8f670 100644
--- a/acl/src/test/java/org/springframework/security/acls/sid/SidRetrievalStrategyTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/sid/SidRetrievalStrategyTests.java
@@ -50,16 +50,13 @@ public class SidRetrievalStrategyTests {
 	public void correctSidsAreRetrieved() {
 		SidRetrievalStrategy retrStrategy = new SidRetrievalStrategyImpl();
 		List<Sid> sids = retrStrategy.getSids(this.authentication);
-
 		assertThat(sids).isNotNull();
 		assertThat(sids).hasSize(4);
 		assertThat(sids.get(0)).isNotNull();
 		assertThat(sids.get(0) instanceof PrincipalSid).isTrue();
-
 		for (int i = 1; i < sids.size(); i++) {
 			assertThat(sids.get(i) instanceof GrantedAuthoritySid).isTrue();
 		}
-
 		assertThat(((PrincipalSid) sids.get(0)).getPrincipal()).isEqualTo("scott");
 		assertThat(((GrantedAuthoritySid) sids.get(1)).getGrantedAuthority()).isEqualTo("A");
 		assertThat(((GrantedAuthoritySid) sids.get(2)).getGrantedAuthority()).isEqualTo("B");
@@ -72,7 +69,6 @@ public class SidRetrievalStrategyTests {
 		List rhAuthorities = AuthorityUtils.createAuthorityList("D");
 		given(rh.getReachableGrantedAuthorities(anyCollection())).willReturn(rhAuthorities);
 		SidRetrievalStrategy strat = new SidRetrievalStrategyImpl(rh);
-
 		List<Sid> sids = strat.getSids(this.authentication);
 		assertThat(sids).hasSize(2);
 		assertThat(sids.get(0)).isNotNull();
diff --git a/acl/src/test/java/org/springframework/security/acls/sid/SidTests.java b/acl/src/test/java/org/springframework/security/acls/sid/SidTests.java
index c9ae5a238b..3b566e8c92 100644
--- a/acl/src/test/java/org/springframework/security/acls/sid/SidTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/sid/SidTests.java
@@ -46,17 +46,14 @@ public class SidTests {
 		}
 		catch (IllegalArgumentException expected) {
 		}
-
 		try {
 			new PrincipalSid("");
 			fail("It should have thrown IllegalArgumentException");
 		}
 		catch (IllegalArgumentException expected) {
 		}
-
 		new PrincipalSid("johndoe");
 		// throws no exception
-
 		// Check one Authentication-argument constructor
 		try {
 			Authentication authentication = null;
@@ -65,7 +62,6 @@ public class SidTests {
 		}
 		catch (IllegalArgumentException expected) {
 		}
-
 		try {
 			Authentication authentication = new TestingAuthenticationToken(null, "password");
 			new PrincipalSid(authentication);
@@ -73,7 +69,6 @@ public class SidTests {
 		}
 		catch (IllegalArgumentException expected) {
 		}
-
 		Authentication authentication = new TestingAuthenticationToken("johndoe", "password");
 		new PrincipalSid(authentication);
 		// throws no exception
@@ -88,25 +83,19 @@ public class SidTests {
 			fail("It should have thrown IllegalArgumentException");
 		}
 		catch (IllegalArgumentException expected) {
-
 		}
-
 		try {
 			new GrantedAuthoritySid("");
 			fail("It should have thrown IllegalArgumentException");
 		}
 		catch (IllegalArgumentException expected) {
-
 		}
-
 		try {
 			new GrantedAuthoritySid("ROLE_TEST");
-
 		}
 		catch (IllegalArgumentException notExpected) {
 			fail("It shouldn't have thrown IllegalArgumentException");
 		}
-
 		// Check one GrantedAuthority-argument constructor
 		try {
 			GrantedAuthority ga = null;
@@ -114,22 +103,17 @@ public class SidTests {
 			fail("It should have thrown IllegalArgumentException");
 		}
 		catch (IllegalArgumentException expected) {
-
 		}
-
 		try {
 			GrantedAuthority ga = new SimpleGrantedAuthority(null);
 			new GrantedAuthoritySid(ga);
 			fail("It should have thrown IllegalArgumentException");
 		}
 		catch (IllegalArgumentException expected) {
-
 		}
-
 		try {
 			GrantedAuthority ga = new SimpleGrantedAuthority("ROLE_TEST");
 			new GrantedAuthoritySid(ga);
-
 		}
 		catch (IllegalArgumentException notExpected) {
 			fail("It shouldn't have thrown IllegalArgumentException");
@@ -140,7 +124,6 @@ public class SidTests {
 	public void testPrincipalSidEquals() {
 		Authentication authentication = new TestingAuthenticationToken("johndoe", "password");
 		Sid principalSid = new PrincipalSid(authentication);
-
 		assertThat(principalSid.equals(null)).isFalse();
 		assertThat(principalSid.equals("DIFFERENT_TYPE_OBJECT")).isFalse();
 		assertThat(principalSid.equals(principalSid)).isTrue();
@@ -155,7 +138,6 @@ public class SidTests {
 	public void testGrantedAuthoritySidEquals() {
 		GrantedAuthority ga = new SimpleGrantedAuthority("ROLE_TEST");
 		Sid gaSid = new GrantedAuthoritySid(ga);
-
 		assertThat(gaSid.equals(null)).isFalse();
 		assertThat(gaSid.equals("DIFFERENT_TYPE_OBJECT")).isFalse();
 		assertThat(gaSid.equals(gaSid)).isTrue();
@@ -170,7 +152,6 @@ public class SidTests {
 	public void testPrincipalSidHashCode() {
 		Authentication authentication = new TestingAuthenticationToken("johndoe", "password");
 		Sid principalSid = new PrincipalSid(authentication);
-
 		assertThat(principalSid.hashCode()).isEqualTo("johndoe".hashCode());
 		assertThat(principalSid.hashCode()).isEqualTo(new PrincipalSid("johndoe").hashCode());
 		assertThat(principalSid.hashCode()).isNotEqualTo(new PrincipalSid("scott").hashCode());
@@ -182,7 +163,6 @@ public class SidTests {
 	public void testGrantedAuthoritySidHashCode() {
 		GrantedAuthority ga = new SimpleGrantedAuthority("ROLE_TEST");
 		Sid gaSid = new GrantedAuthoritySid(ga);
-
 		assertThat(gaSid.hashCode()).isEqualTo("ROLE_TEST".hashCode());
 		assertThat(gaSid.hashCode()).isEqualTo(new GrantedAuthoritySid("ROLE_TEST").hashCode());
 		assertThat(gaSid.hashCode()).isNotEqualTo(new GrantedAuthoritySid("ROLE_TEST_2").hashCode());
@@ -196,10 +176,8 @@ public class SidTests {
 		PrincipalSid principalSid = new PrincipalSid(authentication);
 		GrantedAuthority ga = new SimpleGrantedAuthority("ROLE_TEST");
 		GrantedAuthoritySid gaSid = new GrantedAuthoritySid(ga);
-
 		assertThat("johndoe".equals(principalSid.getPrincipal())).isTrue();
 		assertThat("scott".equals(principalSid.getPrincipal())).isFalse();
-
 		assertThat("ROLE_TEST".equals(gaSid.getGrantedAuthority())).isTrue();
 		assertThat("ROLE_TEST2".equals(gaSid.getGrantedAuthority())).isFalse();
 	}
@@ -209,7 +187,6 @@ public class SidTests {
 		User user = new User("user", "password", Collections.singletonList(new SimpleGrantedAuthority("ROLE_TEST")));
 		Authentication authentication = new TestingAuthenticationToken(user, "password");
 		PrincipalSid principalSid = new PrincipalSid(authentication);
-
 		assertThat("user").isEqualTo(principalSid.getPrincipal());
 	}
 
@@ -217,7 +194,6 @@ public class SidTests {
 	public void getPrincipalWhenPrincipalNotInstanceOfUserDetailsThenReturnsPrincipalName() {
 		Authentication authentication = new TestingAuthenticationToken("token", "password");
 		PrincipalSid principalSid = new PrincipalSid(authentication);
-
 		assertThat("token").isEqualTo(principalSid.getPrincipal());
 	}
 
@@ -225,7 +201,6 @@ public class SidTests {
 	public void getPrincipalWhenCustomAuthenticationPrincipalThenReturnsPrincipalName() {
 		Authentication authentication = new CustomAuthenticationToken(new CustomToken("token"), null);
 		PrincipalSid principalSid = new PrincipalSid(authentication);
-
 		assertThat("token").isEqualTo(principalSid.getPrincipal());
 	}
 
diff --git a/aspects/src/test/java/org/springframework/security/access/intercept/aspectj/aspect/AnnotationSecurityAspectTests.java b/aspects/src/test/java/org/springframework/security/access/intercept/aspectj/aspect/AnnotationSecurityAspectTests.java
index f7d81ac042..9c0923a18a 100644
--- a/aspects/src/test/java/org/springframework/security/access/intercept/aspectj/aspect/AnnotationSecurityAspectTests.java
+++ b/aspects/src/test/java/org/springframework/security/access/intercept/aspectj/aspect/AnnotationSecurityAspectTests.java
@@ -111,7 +111,6 @@ public class AnnotationSecurityAspectTests {
 	@Test(expected = AccessDeniedException.class)
 	public void internalPrivateCallIsIntercepted() {
 		SecurityContextHolder.getContext().setAuthentication(this.anne);
-
 		try {
 			this.secured.publicCallsPrivate();
 			fail("Expected AccessDeniedException");
@@ -124,7 +123,6 @@ public class AnnotationSecurityAspectTests {
 	@Test(expected = AccessDeniedException.class)
 	public void protectedMethodIsIntercepted() {
 		SecurityContextHolder.getContext().setAuthentication(this.anne);
-
 		this.secured.protectedMethod();
 	}
 
diff --git a/cas/src/test/java/org/springframework/security/cas/authentication/AbstractStatelessTicketCacheTests.java b/cas/src/test/java/org/springframework/security/cas/authentication/AbstractStatelessTicketCacheTests.java
index d9248e6eec..7f1233b7d5 100644
--- a/cas/src/test/java/org/springframework/security/cas/authentication/AbstractStatelessTicketCacheTests.java
+++ b/cas/src/test/java/org/springframework/security/cas/authentication/AbstractStatelessTicketCacheTests.java
@@ -35,11 +35,9 @@ public abstract class AbstractStatelessTicketCacheTests {
 	protected CasAuthenticationToken getToken() {
 		List<String> proxyList = new ArrayList<>();
 		proxyList.add("https://localhost/newPortal/login/cas");
-
 		User user = new User("rod", "password", true, true, true, true,
 				AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO"));
 		final Assertion assertion = new AssertionImpl("rod");
-
 		return new CasAuthenticationToken("key", user, "ST-0-ER94xMJmn6pha35CQRoZ",
 				AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO"), user, assertion);
 	}
diff --git a/cas/src/test/java/org/springframework/security/cas/authentication/CasAuthenticationProviderTests.java b/cas/src/test/java/org/springframework/security/cas/authentication/CasAuthenticationProviderTests.java
index 1d680d1683..d5bef694f1 100644
--- a/cas/src/test/java/org/springframework/security/cas/authentication/CasAuthenticationProviderTests.java
+++ b/cas/src/test/java/org/springframework/security/cas/authentication/CasAuthenticationProviderTests.java
@@ -71,7 +71,6 @@ public class CasAuthenticationProviderTests {
 		final ServiceProperties serviceProperties = new ServiceProperties();
 		serviceProperties.setSendRenew(false);
 		serviceProperties.setService("http://test.com");
-
 		return serviceProperties;
 	}
 
@@ -80,27 +79,20 @@ public class CasAuthenticationProviderTests {
 		CasAuthenticationProvider cap = new CasAuthenticationProvider();
 		cap.setAuthenticationUserDetailsService(new MockAuthoritiesPopulator());
 		cap.setKey("qwerty");
-
 		StatelessTicketCache cache = new MockStatelessTicketCache();
 		cap.setStatelessTicketCache(cache);
 		cap.setServiceProperties(makeServiceProperties());
-
 		cap.setTicketValidator(new MockTicketValidator(true));
 		cap.afterPropertiesSet();
-
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(
 				CasAuthenticationFilter.CAS_STATEFUL_IDENTIFIER, "ST-123");
 		token.setDetails("details");
-
 		Authentication result = cap.authenticate(token);
-
 		// Confirm ST-123 was NOT added to the cache
 		assertThat(cache.getByTicketId("ST-456") == null).isTrue();
-
 		if (!(result instanceof CasAuthenticationToken)) {
 			fail("Should have returned a CasAuthenticationToken");
 		}
-
 		CasAuthenticationToken casResult = (CasAuthenticationToken) result;
 		assertThat(casResult.getPrincipal()).isEqualTo(makeUserDetailsFromAuthoritiesPopulator());
 		assertThat(casResult.getCredentials()).isEqualTo("ST-123");
@@ -108,11 +100,9 @@ public class CasAuthenticationProviderTests {
 		assertThat(casResult.getAuthorities()).contains(new SimpleGrantedAuthority("ROLE_B"));
 		assertThat(casResult.getKeyHash()).isEqualTo(cap.getKey().hashCode());
 		assertThat(casResult.getDetails()).isEqualTo("details");
-
 		// Now confirm the CasAuthenticationToken is automatically re-accepted.
 		// To ensure TicketValidator not called again, set it to deliver an exception...
 		cap.setTicketValidator(new MockTicketValidator(false));
-
 		Authentication laterResult = cap.authenticate(result);
 		assertThat(laterResult).isEqualTo(result);
 	}
@@ -122,34 +112,26 @@ public class CasAuthenticationProviderTests {
 		CasAuthenticationProvider cap = new CasAuthenticationProvider();
 		cap.setAuthenticationUserDetailsService(new MockAuthoritiesPopulator());
 		cap.setKey("qwerty");
-
 		StatelessTicketCache cache = new MockStatelessTicketCache();
 		cap.setStatelessTicketCache(cache);
 		cap.setTicketValidator(new MockTicketValidator(true));
 		cap.setServiceProperties(makeServiceProperties());
 		cap.afterPropertiesSet();
-
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(
 				CasAuthenticationFilter.CAS_STATELESS_IDENTIFIER, "ST-456");
 		token.setDetails("details");
-
 		Authentication result = cap.authenticate(token);
-
 		// Confirm ST-456 was added to the cache
 		assertThat(cache.getByTicketId("ST-456") != null).isTrue();
-
 		if (!(result instanceof CasAuthenticationToken)) {
 			fail("Should have returned a CasAuthenticationToken");
 		}
-
 		assertThat(result.getPrincipal()).isEqualTo(makeUserDetailsFromAuthoritiesPopulator());
 		assertThat(result.getCredentials()).isEqualTo("ST-456");
 		assertThat(result.getDetails()).isEqualTo("details");
-
 		// Now try to authenticate again. To ensure TicketValidator not
 		// called again, set it to deliver an exception...
 		cap.setTicketValidator(new MockTicketValidator(false));
-
 		// Previously created UsernamePasswordAuthenticationToken is OK
 		Authentication newResult = cap.authenticate(token);
 		assertThat(newResult.getPrincipal()).isEqualTo(makeUserDetailsFromAuthoritiesPopulator());
@@ -163,22 +145,17 @@ public class CasAuthenticationProviderTests {
 		given(details.getServiceUrl()).willReturn(serviceUrl);
 		TicketValidator validator = mock(TicketValidator.class);
 		given(validator.validate(any(String.class), any(String.class))).willReturn(new AssertionImpl("rod"));
-
 		ServiceProperties serviceProperties = makeServiceProperties();
 		serviceProperties.setAuthenticateAllArtifacts(true);
-
 		CasAuthenticationProvider cap = new CasAuthenticationProvider();
 		cap.setAuthenticationUserDetailsService(new MockAuthoritiesPopulator());
 		cap.setKey("qwerty");
-
 		cap.setTicketValidator(validator);
 		cap.setServiceProperties(serviceProperties);
 		cap.afterPropertiesSet();
-
 		String ticket = "ST-456";
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(
 				CasAuthenticationFilter.CAS_STATELESS_IDENTIFIER, ticket);
-
 		Authentication result = cap.authenticate(token);
 	}
 
@@ -189,40 +166,31 @@ public class CasAuthenticationProviderTests {
 		given(details.getServiceUrl()).willReturn(serviceUrl);
 		TicketValidator validator = mock(TicketValidator.class);
 		given(validator.validate(any(String.class), any(String.class))).willReturn(new AssertionImpl("rod"));
-
 		ServiceProperties serviceProperties = makeServiceProperties();
 		serviceProperties.setAuthenticateAllArtifacts(true);
-
 		CasAuthenticationProvider cap = new CasAuthenticationProvider();
 		cap.setAuthenticationUserDetailsService(new MockAuthoritiesPopulator());
 		cap.setKey("qwerty");
-
 		cap.setTicketValidator(validator);
 		cap.setServiceProperties(serviceProperties);
 		cap.afterPropertiesSet();
-
 		String ticket = "ST-456";
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(
 				CasAuthenticationFilter.CAS_STATELESS_IDENTIFIER, ticket);
-
 		Authentication result = cap.authenticate(token);
 		verify(validator).validate(ticket, serviceProperties.getService());
-
 		serviceProperties.setAuthenticateAllArtifacts(true);
 		result = cap.authenticate(token);
 		verify(validator, times(2)).validate(ticket, serviceProperties.getService());
-
 		token.setDetails(details);
 		result = cap.authenticate(token);
 		verify(validator).validate(ticket, serviceUrl);
-
 		serviceProperties.setAuthenticateAllArtifacts(false);
 		serviceProperties.setService(null);
 		cap.setServiceProperties(serviceProperties);
 		cap.afterPropertiesSet();
 		result = cap.authenticate(token);
 		verify(validator, times(2)).validate(ticket, serviceUrl);
-
 		token.setDetails(new WebAuthenticationDetails(new MockHttpServletRequest()));
 		try {
 			cap.authenticate(token);
@@ -230,7 +198,6 @@ public class CasAuthenticationProviderTests {
 		}
 		catch (IllegalStateException success) {
 		}
-
 		cap.setServiceProperties(null);
 		cap.afterPropertiesSet();
 		try {
@@ -246,16 +213,13 @@ public class CasAuthenticationProviderTests {
 		CasAuthenticationProvider cap = new CasAuthenticationProvider();
 		cap.setAuthenticationUserDetailsService(new MockAuthoritiesPopulator());
 		cap.setKey("qwerty");
-
 		StatelessTicketCache cache = new MockStatelessTicketCache();
 		cap.setStatelessTicketCache(cache);
 		cap.setTicketValidator(new MockTicketValidator(true));
 		cap.setServiceProperties(makeServiceProperties());
 		cap.afterPropertiesSet();
-
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(
 				CasAuthenticationFilter.CAS_STATEFUL_IDENTIFIER, "");
-
 		cap.authenticate(token);
 	}
 
@@ -265,16 +229,13 @@ public class CasAuthenticationProviderTests {
 		CasAuthenticationProvider cap = new CasAuthenticationProvider();
 		cap.setAuthenticationUserDetailsService(new MockAuthoritiesPopulator());
 		cap.setKey("qwerty");
-
 		StatelessTicketCache cache = new MockStatelessTicketCache();
 		cap.setStatelessTicketCache(cache);
 		cap.setTicketValidator(new MockTicketValidator(true));
 		cap.setServiceProperties(makeServiceProperties());
 		cap.afterPropertiesSet();
-
 		CasAuthenticationToken token = new CasAuthenticationToken("WRONG_KEY", makeUserDetails(), "credentials",
 				AuthorityUtils.createAuthorityList("XX"), makeUserDetails(), assertion);
-
 		cap.authenticate(token);
 	}
 
@@ -329,7 +290,6 @@ public class CasAuthenticationProviderTests {
 		cap.setTicketValidator(new MockTicketValidator(true));
 		cap.setServiceProperties(makeServiceProperties());
 		cap.afterPropertiesSet();
-
 		// TODO disabled because why do we need to expose this?
 		// assertThat(cap.getUserDetailsService() != null).isTrue();
 		assertThat(cap.getKey()).isEqualTo("qwerty");
@@ -346,10 +306,8 @@ public class CasAuthenticationProviderTests {
 		cap.setTicketValidator(new MockTicketValidator(true));
 		cap.setServiceProperties(makeServiceProperties());
 		cap.afterPropertiesSet();
-
 		TestingAuthenticationToken token = new TestingAuthenticationToken("user", "password", "ROLE_A");
 		assertThat(cap.supports(TestingAuthenticationToken.class)).isFalse();
-
 		// Try it anyway
 		assertThat(cap.authenticate(token)).isNull();
 	}
@@ -363,7 +321,6 @@ public class CasAuthenticationProviderTests {
 		cap.setTicketValidator(new MockTicketValidator(true));
 		cap.setServiceProperties(makeServiceProperties());
 		cap.afterPropertiesSet();
-
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("some_normal_user",
 				"password", AuthorityUtils.createAuthorityList("ROLE_A"));
 		assertThat(cap.authenticate(token)).isNull();
diff --git a/cas/src/test/java/org/springframework/security/cas/authentication/CasAuthenticationTokenTests.java b/cas/src/test/java/org/springframework/security/cas/authentication/CasAuthenticationTokenTests.java
index 2de2cc4ea6..21278296c5 100644
--- a/cas/src/test/java/org/springframework/security/cas/authentication/CasAuthenticationTokenTests.java
+++ b/cas/src/test/java/org/springframework/security/cas/authentication/CasAuthenticationTokenTests.java
@@ -59,35 +59,30 @@ public class CasAuthenticationTokenTests {
 		}
 		catch (IllegalArgumentException expected) {
 		}
-
 		try {
 			new CasAuthenticationToken("key", null, "Password", this.ROLES, makeUserDetails(), assertion);
 			fail("Should have thrown IllegalArgumentException");
 		}
 		catch (IllegalArgumentException expected) {
 		}
-
 		try {
 			new CasAuthenticationToken("key", makeUserDetails(), null, this.ROLES, makeUserDetails(), assertion);
 			fail("Should have thrown IllegalArgumentException");
 		}
 		catch (IllegalArgumentException expected) {
 		}
-
 		try {
 			new CasAuthenticationToken("key", makeUserDetails(), "Password", this.ROLES, makeUserDetails(), null);
 			fail("Should have thrown IllegalArgumentException");
 		}
 		catch (IllegalArgumentException expected) {
 		}
-
 		try {
 			new CasAuthenticationToken("key", makeUserDetails(), "Password", this.ROLES, null, assertion);
 			fail("Should have thrown IllegalArgumentException");
 		}
 		catch (IllegalArgumentException expected) {
 		}
-
 		try {
 			new CasAuthenticationToken("key", makeUserDetails(), "Password",
 					AuthorityUtils.createAuthorityList("ROLE_1", null), makeUserDetails(), assertion);
@@ -106,13 +101,10 @@ public class CasAuthenticationTokenTests {
 	@Test
 	public void testEqualsWhenEqual() {
 		final Assertion assertion = new AssertionImpl("test");
-
 		CasAuthenticationToken token1 = new CasAuthenticationToken("key", makeUserDetails(), "Password", this.ROLES,
 				makeUserDetails(), assertion);
-
 		CasAuthenticationToken token2 = new CasAuthenticationToken("key", makeUserDetails(), "Password", this.ROLES,
 				makeUserDetails(), assertion);
-
 		assertThat(token2).isEqualTo(token1);
 	}
 
@@ -138,30 +130,24 @@ public class CasAuthenticationTokenTests {
 			fail("Should have thrown NoSuchMethodException");
 		}
 		catch (NoSuchMethodException expected) {
-
 		}
 	}
 
 	@Test
 	public void testNotEqualsDueToAbstractParentEqualsCheck() {
 		final Assertion assertion = new AssertionImpl("test");
-
 		CasAuthenticationToken token1 = new CasAuthenticationToken("key", makeUserDetails(), "Password", this.ROLES,
 				makeUserDetails(), assertion);
-
 		CasAuthenticationToken token2 = new CasAuthenticationToken("key", makeUserDetails("OTHER_NAME"), "Password",
 				this.ROLES, makeUserDetails(), assertion);
-
 		assertThat(!token1.equals(token2)).isTrue();
 	}
 
 	@Test
 	public void testNotEqualsDueToDifferentAuthenticationClass() {
 		final Assertion assertion = new AssertionImpl("test");
-
 		CasAuthenticationToken token1 = new CasAuthenticationToken("key", makeUserDetails(), "Password", this.ROLES,
 				makeUserDetails(), assertion);
-
 		UsernamePasswordAuthenticationToken token2 = new UsernamePasswordAuthenticationToken("Test", "Password",
 				this.ROLES);
 		assertThat(!token1.equals(token2)).isTrue();
@@ -170,13 +156,10 @@ public class CasAuthenticationTokenTests {
 	@Test
 	public void testNotEqualsDueToKey() {
 		final Assertion assertion = new AssertionImpl("test");
-
 		CasAuthenticationToken token1 = new CasAuthenticationToken("key", makeUserDetails(), "Password", this.ROLES,
 				makeUserDetails(), assertion);
-
 		CasAuthenticationToken token2 = new CasAuthenticationToken("DIFFERENT_KEY", makeUserDetails(), "Password",
 				this.ROLES, makeUserDetails(), assertion);
-
 		assertThat(!token1.equals(token2)).isTrue();
 	}
 
@@ -184,13 +167,10 @@ public class CasAuthenticationTokenTests {
 	public void testNotEqualsDueToAssertion() {
 		final Assertion assertion = new AssertionImpl("test");
 		final Assertion assertion2 = new AssertionImpl("test");
-
 		CasAuthenticationToken token1 = new CasAuthenticationToken("key", makeUserDetails(), "Password", this.ROLES,
 				makeUserDetails(), assertion);
-
 		CasAuthenticationToken token2 = new CasAuthenticationToken("key", makeUserDetails(), "Password", this.ROLES,
 				makeUserDetails(), assertion2);
-
 		assertThat(!token1.equals(token2)).isTrue();
 	}
 
diff --git a/cas/src/test/java/org/springframework/security/cas/authentication/EhCacheBasedTicketCacheTests.java b/cas/src/test/java/org/springframework/security/cas/authentication/EhCacheBasedTicketCacheTests.java
index e571254522..513158a479 100644
--- a/cas/src/test/java/org/springframework/security/cas/authentication/EhCacheBasedTicketCacheTests.java
+++ b/cas/src/test/java/org/springframework/security/cas/authentication/EhCacheBasedTicketCacheTests.java
@@ -52,17 +52,13 @@ public class EhCacheBasedTicketCacheTests extends AbstractStatelessTicketCacheTe
 		EhCacheBasedTicketCache cache = new EhCacheBasedTicketCache();
 		cache.setCache(cacheManager.getCache("castickets"));
 		cache.afterPropertiesSet();
-
 		final CasAuthenticationToken token = getToken();
-
 		// Check it gets stored in the cache
 		cache.putTicketInCache(token);
 		assertThat(cache.getByTicketId("ST-0-ER94xMJmn6pha35CQRoZ")).isEqualTo(token);
-
 		// Check it gets removed from the cache
 		cache.removeTicketFromCache(getToken());
 		assertThat(cache.getByTicketId("ST-0-ER94xMJmn6pha35CQRoZ")).isNull();
-
 		// Check it doesn't return values for null or unknown service tickets
 		assertThat(cache.getByTicketId(null)).isNull();
 		assertThat(cache.getByTicketId("UNKNOWN_SERVICE_TICKET")).isNull();
@@ -71,15 +67,12 @@ public class EhCacheBasedTicketCacheTests extends AbstractStatelessTicketCacheTe
 	@Test
 	public void testStartupDetectsMissingCache() throws Exception {
 		EhCacheBasedTicketCache cache = new EhCacheBasedTicketCache();
-
 		try {
 			cache.afterPropertiesSet();
 			fail("Should have thrown IllegalArgumentException");
 		}
 		catch (IllegalArgumentException expected) {
-
 		}
-
 		Ehcache myCache = cacheManager.getCache("castickets");
 		cache.setCache(myCache);
 		assertThat(cache.getCache()).isEqualTo(myCache);
diff --git a/cas/src/test/java/org/springframework/security/cas/authentication/SpringCacheBasedTicketCacheTests.java b/cas/src/test/java/org/springframework/security/cas/authentication/SpringCacheBasedTicketCacheTests.java
index b9bfffcd51..607ed39260 100644
--- a/cas/src/test/java/org/springframework/security/cas/authentication/SpringCacheBasedTicketCacheTests.java
+++ b/cas/src/test/java/org/springframework/security/cas/authentication/SpringCacheBasedTicketCacheTests.java
@@ -44,17 +44,13 @@ public class SpringCacheBasedTicketCacheTests extends AbstractStatelessTicketCac
 	@Test
 	public void testCacheOperation() throws Exception {
 		SpringCacheBasedTicketCache cache = new SpringCacheBasedTicketCache(cacheManager.getCache("castickets"));
-
 		final CasAuthenticationToken token = getToken();
-
 		// Check it gets stored in the cache
 		cache.putTicketInCache(token);
 		assertThat(cache.getByTicketId("ST-0-ER94xMJmn6pha35CQRoZ")).isEqualTo(token);
-
 		// Check it gets removed from the cache
 		cache.removeTicketFromCache(getToken());
 		assertThat(cache.getByTicketId("ST-0-ER94xMJmn6pha35CQRoZ")).isNull();
-
 		// Check it doesn't return values for null or unknown service tickets
 		assertThat(cache.getByTicketId(null)).isNull();
 		assertThat(cache.getByTicketId("UNKNOWN_SERVICE_TICKET")).isNull();
diff --git a/cas/src/test/java/org/springframework/security/cas/jackson2/CasAuthenticationTokenMixinTests.java b/cas/src/test/java/org/springframework/security/cas/jackson2/CasAuthenticationTokenMixinTests.java
index 7ed182ccc9..4eed00cbe9 100644
--- a/cas/src/test/java/org/springframework/security/cas/jackson2/CasAuthenticationTokenMixinTests.java
+++ b/cas/src/test/java/org/springframework/security/cas/jackson2/CasAuthenticationTokenMixinTests.java
@@ -74,7 +74,6 @@ public class CasAuthenticationTokenMixinTests {
 		+ "\"authorities\": " + AUTHORITIES_SET_JSON
 	+ "}";
 	// @formatter:on
-
 	private static final String CAS_TOKEN_JSON = "{"
 			+ "\"@class\": \"org.springframework.security.cas.authentication.CasAuthenticationToken\", "
 			+ "\"keyHash\": " + KEY.hashCode() + "," + "\"principal\": " + USER_JSON + ", " + "\"credentials\": "
diff --git a/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationEntryPointTests.java b/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationEntryPointTests.java
index 15cb9df2c4..825542cb79 100644
--- a/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationEntryPointTests.java
+++ b/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationEntryPointTests.java
@@ -38,7 +38,6 @@ public class CasAuthenticationEntryPointTests {
 	public void testDetectsMissingLoginFormUrl() throws Exception {
 		CasAuthenticationEntryPoint ep = new CasAuthenticationEntryPoint();
 		ep.setServiceProperties(new ServiceProperties());
-
 		try {
 			ep.afterPropertiesSet();
 			fail("Should have thrown IllegalArgumentException");
@@ -52,7 +51,6 @@ public class CasAuthenticationEntryPointTests {
 	public void testDetectsMissingServiceProperties() throws Exception {
 		CasAuthenticationEntryPoint ep = new CasAuthenticationEntryPoint();
 		ep.setLoginUrl("https://cas/login");
-
 		try {
 			ep.afterPropertiesSet();
 			fail("Should have thrown IllegalArgumentException");
@@ -67,7 +65,6 @@ public class CasAuthenticationEntryPointTests {
 		CasAuthenticationEntryPoint ep = new CasAuthenticationEntryPoint();
 		ep.setLoginUrl("https://cas/login");
 		assertThat(ep.getLoginUrl()).isEqualTo("https://cas/login");
-
 		ep.setServiceProperties(new ServiceProperties());
 		assertThat(ep.getServiceProperties() != null).isTrue();
 	}
@@ -77,19 +74,14 @@ public class CasAuthenticationEntryPointTests {
 		ServiceProperties sp = new ServiceProperties();
 		sp.setSendRenew(false);
 		sp.setService("https://mycompany.com/bigWebApp/login/cas");
-
 		CasAuthenticationEntryPoint ep = new CasAuthenticationEntryPoint();
 		ep.setLoginUrl("https://cas/login");
 		ep.setServiceProperties(sp);
-
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setRequestURI("/some_path");
-
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		ep.afterPropertiesSet();
 		ep.commence(request, response, null);
-
 		assertThat(
 				"https://cas/login?service=" + URLEncoder.encode("https://mycompany.com/bigWebApp/login/cas", "UTF-8"))
 						.isEqualTo(response.getRedirectedUrl());
@@ -100,16 +92,12 @@ public class CasAuthenticationEntryPointTests {
 		ServiceProperties sp = new ServiceProperties();
 		sp.setSendRenew(true);
 		sp.setService("https://mycompany.com/bigWebApp/login/cas");
-
 		CasAuthenticationEntryPoint ep = new CasAuthenticationEntryPoint();
 		ep.setLoginUrl("https://cas/login");
 		ep.setServiceProperties(sp);
-
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setRequestURI("/some_path");
-
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		ep.afterPropertiesSet();
 		ep.commence(request, response, null);
 		assertThat("https://cas/login?service="
diff --git a/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationFilterTests.java b/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationFilterTests.java
index e37c07619f..e704ecd3ff 100644
--- a/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationFilterTests.java
+++ b/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationFilterTests.java
@@ -69,12 +69,9 @@ public class CasAuthenticationFilterTests {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setServletPath("/login/cas");
 		request.addParameter("ticket", "ST-0-ER94xMJmn6pha35CQRoZ");
-
 		CasAuthenticationFilter filter = new CasAuthenticationFilter();
 		filter.setAuthenticationManager((a) -> a);
-
 		assertThat(filter.requiresAuthentication(request, new MockHttpServletResponse())).isTrue();
-
 		Authentication result = filter.attemptAuthentication(request, new MockHttpServletResponse());
 		assertThat(result != null).isTrue();
 	}
@@ -85,7 +82,6 @@ public class CasAuthenticationFilterTests {
 		filter.setAuthenticationManager((a) -> {
 			throw new BadCredentialsException("Rejected");
 		});
-
 		filter.attemptAuthentication(new MockHttpServletRequest(), new MockHttpServletResponse());
 	}
 
@@ -96,7 +92,6 @@ public class CasAuthenticationFilterTests {
 		filter.setFilterProcessesUrl(url);
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		request.setServletPath(url);
 		assertThat(filter.requiresAuthentication(request, response)).isTrue();
 	}
@@ -106,7 +101,6 @@ public class CasAuthenticationFilterTests {
 		CasAuthenticationFilter filter = new CasAuthenticationFilter();
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		request.setServletPath("/pgtCallback");
 		assertThat(filter.requiresAuthentication(request, response)).isFalse();
 		filter.setProxyReceptorUrl(request.getServletPath());
@@ -121,17 +115,14 @@ public class CasAuthenticationFilterTests {
 	public void testRequiresAuthenticationAuthAll() {
 		ServiceProperties properties = new ServiceProperties();
 		properties.setAuthenticateAllArtifacts(true);
-
 		String url = "/login/cas";
 		CasAuthenticationFilter filter = new CasAuthenticationFilter();
 		filter.setFilterProcessesUrl(url);
 		filter.setServiceProperties(properties);
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		request.setServletPath(url);
 		assertThat(filter.requiresAuthentication(request, response)).isTrue();
-
 		request.setServletPath("/other");
 		assertThat(filter.requiresAuthentication(request, response)).isFalse();
 		request.setParameter(properties.getArtifactParameter(), "value");
@@ -151,7 +142,6 @@ public class CasAuthenticationFilterTests {
 		CasAuthenticationFilter filter = new CasAuthenticationFilter();
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		request.setServletPath("/pgtCallback");
 		filter.setProxyGrantingTicketStorage(mock(ProxyGrantingTicketStorage.class));
 		filter.setProxyReceptorUrl(request.getServletPath());
@@ -171,20 +161,17 @@ public class CasAuthenticationFilterTests {
 		request.setServletPath("/authenticate");
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		FilterChain chain = mock(FilterChain.class);
-
 		CasAuthenticationFilter filter = new CasAuthenticationFilter();
 		filter.setServiceProperties(serviceProperties);
 		filter.setAuthenticationSuccessHandler(successHandler);
 		filter.setProxyGrantingTicketStorage(mock(ProxyGrantingTicketStorage.class));
 		filter.setAuthenticationManager(manager);
 		filter.afterPropertiesSet();
-
 		filter.doFilter(request, response, chain);
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull()
 				.withFailMessage("Authentication should not be null");
 		verify(chain).doFilter(request, response);
 		verifyZeroInteractions(successHandler);
-
 		// validate for when the filterProcessUrl matches
 		filter.setFilterProcessesUrl(request.getServletPath());
 		SecurityContextHolder.clearContext();
@@ -200,11 +187,9 @@ public class CasAuthenticationFilterTests {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		FilterChain chain = mock(FilterChain.class);
-
 		request.setServletPath("/pgtCallback");
 		filter.setProxyGrantingTicketStorage(mock(ProxyGrantingTicketStorage.class));
 		filter.setProxyReceptorUrl(request.getServletPath());
-
 		filter.doFilter(request, response, chain);
 		verifyZeroInteractions(chain);
 	}
diff --git a/cas/src/test/java/org/springframework/security/cas/web/ServicePropertiesTests.java b/cas/src/test/java/org/springframework/security/cas/web/ServicePropertiesTests.java
index 47bd7db94b..cc61ac93be 100644
--- a/cas/src/test/java/org/springframework/security/cas/web/ServicePropertiesTests.java
+++ b/cas/src/test/java/org/springframework/security/cas/web/ServicePropertiesTests.java
@@ -68,10 +68,8 @@ public class ServicePropertiesTests {
 			assertThat(sp.getArtifactParameter()).isEqualTo("notticket");
 			sp.setServiceParameter("notservice");
 			assertThat(sp.getServiceParameter()).isEqualTo("notservice");
-
 			sp.setService("https://mycompany.com/service");
 			assertThat(sp.getService()).isEqualTo("https://mycompany.com/service");
-
 			sp.afterPropertiesSet();
 		}
 	}
diff --git a/cas/src/test/java/org/springframework/security/cas/web/authentication/DefaultServiceAuthenticationDetailsTests.java b/cas/src/test/java/org/springframework/security/cas/web/authentication/DefaultServiceAuthenticationDetailsTests.java
index a292662cc4..d7d95ea3a7 100644
--- a/cas/src/test/java/org/springframework/security/cas/web/authentication/DefaultServiceAuthenticationDetailsTests.java
+++ b/cas/src/test/java/org/springframework/security/cas/web/authentication/DefaultServiceAuthenticationDetailsTests.java
@@ -55,7 +55,6 @@ public class DefaultServiceAuthenticationDetailsTests {
 		this.request.setRequestURI("/cas-sample/secure/");
 		this.artifactPattern = DefaultServiceAuthenticationDetails
 				.createArtifactPattern(ServiceProperties.DEFAULT_CAS_ARTIFACT_PARAMETER);
-
 	}
 
 	@After
diff --git a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/HelloRSocketITests.java b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/HelloRSocketITests.java
index a6809b8574..7262646c80 100644
--- a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/HelloRSocketITests.java
+++ b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/HelloRSocketITests.java
@@ -86,7 +86,6 @@ public class HelloRSocketITests {
 	public void retrieveMonoWhenSecureThenDenied() throws Exception {
 		this.requester = RSocketRequester.builder().rsocketStrategies(this.handler.getRSocketStrategies())
 				.connectTcp("localhost", this.server.address().getPort()).block();
-
 		String data = "rob";
 		assertThatCode(() -> this.requester.route("secure.retrieve-mono").data(data).retrieveMono(String.class).block())
 				.isNotNull();
@@ -106,7 +105,6 @@ public class HelloRSocketITests {
 		String hiRob = this.requester.route("secure.retrieve-mono")
 				.metadata(credentials, UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE).data(data)
 				.retrieveMono(String.class).block();
-
 		assertThat(hiRob).isEqualTo("Hi rob");
 		assertThat(this.controller.payloads).containsOnly(data);
 	}
diff --git a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/JwtITests.java b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/JwtITests.java
index 12e27e88c9..f8b30d7e51 100644
--- a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/JwtITests.java
+++ b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/JwtITests.java
@@ -102,9 +102,7 @@ public class JwtITests {
 		this.requester = requester()
 				.setupMetadata(credentials.getToken(), BearerTokenMetadata.BEARER_AUTHENTICATION_MIME_TYPE)
 				.connectTcp(this.server.address().getHostName(), this.server.address().getPort()).block();
-
 		String hiRob = this.requester.route("secure.retrieve-mono").data("rob").retrieveMono(String.class).block();
-
 		assertThat(hiRob).isEqualTo("Hi rob");
 	}
 
@@ -112,14 +110,11 @@ public class JwtITests {
 	public void routeWhenAuthenticationBearerThenAuthorized() {
 		MimeType authenticationMimeType = MimeTypeUtils
 				.parseMimeType(WellKnownMimeType.MESSAGE_RSOCKET_AUTHENTICATION.getString());
-
 		BearerTokenMetadata credentials = new BearerTokenMetadata("token");
 		given(this.decoder.decode(any())).willReturn(Mono.just(jwt()));
 		this.requester = requester().setupMetadata(credentials, authenticationMimeType)
 				.connectTcp(this.server.address().getHostName(), this.server.address().getPort()).block();
-
 		String hiRob = this.requester.route("secure.retrieve-mono").data("rob").retrieveMono(String.class).block();
-
 		assertThat(hiRob).isEqualTo("Hi rob");
 	}
 
diff --git a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerConnectionITests.java b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerConnectionITests.java
index 1a73888c74..ecacae6b21 100644
--- a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerConnectionITests.java
+++ b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerConnectionITests.java
@@ -94,9 +94,7 @@ public class RSocketMessageHandlerConnectionITests {
 		UsernamePasswordMetadata credentials = new UsernamePasswordMetadata("user", "password");
 		this.requester = requester().setupMetadata(credentials, UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE)
 				.connectTcp(this.server.address().getHostName(), this.server.address().getPort()).block();
-
 		String hiRob = this.requester.route("secure.retrieve-mono").data("rob").retrieveMono(String.class).block();
-
 		assertThat(hiRob).isEqualTo("Hi rob");
 	}
 
@@ -105,7 +103,6 @@ public class RSocketMessageHandlerConnectionITests {
 		UsernamePasswordMetadata credentials = new UsernamePasswordMetadata("user", "password");
 		this.requester = requester().setupMetadata(credentials, UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE)
 				.connectTcp(this.server.address().getHostName(), this.server.address().getPort()).block();
-
 		assertThatCode(() -> this.requester.route("secure.admin.retrieve-mono").data("data").retrieveMono(String.class)
 				.block()).isInstanceOf(ApplicationErrorException.class);
 	}
@@ -116,12 +113,10 @@ public class RSocketMessageHandlerConnectionITests {
 		this.requester = requester()
 				.setupMetadata(connectCredentials, UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE)
 				.connectTcp(this.server.address().getHostName(), this.server.address().getPort()).block();
-
 		String hiRob = this.requester.route("secure.admin.retrieve-mono")
 				.metadata(new UsernamePasswordMetadata("admin", "password"),
 						UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE)
 				.data("rob").retrieveMono(String.class).block();
-
 		assertThat(hiRob).isEqualTo("Hi rob");
 	}
 
@@ -131,12 +126,10 @@ public class RSocketMessageHandlerConnectionITests {
 		this.requester = requester()
 				.setupMetadata(connectCredentials, UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE)
 				.connectTcp(this.server.address().getHostName(), this.server.address().getPort()).block();
-
 		String hiUser = this.requester.route("secure.authority.retrieve-mono")
 				.metadata(new UsernamePasswordMetadata("admin", "password"),
 						UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE)
 				.data("Felipe").retrieveMono(String.class).block();
-
 		assertThat(hiUser).isEqualTo("Hi Felipe");
 	}
 
@@ -144,7 +137,6 @@ public class RSocketMessageHandlerConnectionITests {
 	public void connectWhenNotAuthenticated() {
 		this.requester = requester().connectTcp(this.server.address().getHostName(), this.server.address().getPort())
 				.block();
-
 		assertThatCode(() -> this.requester.route("retrieve-mono").data("data").retrieveMono(String.class).block())
 				.isNotNull();
 		// FIXME: https://github.com/rsocket/rsocket-java/issues/686
@@ -156,7 +148,6 @@ public class RSocketMessageHandlerConnectionITests {
 		UsernamePasswordMetadata credentials = new UsernamePasswordMetadata("evil", "password");
 		this.requester = requester().setupMetadata(credentials, UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE)
 				.connectTcp(this.server.address().getHostName(), this.server.address().getPort()).block();
-
 		assertThatCode(() -> this.requester.route("retrieve-mono").data("data").retrieveMono(String.class).block())
 				.isNotNull();
 		// FIXME: https://github.com/rsocket/rsocket-java/issues/686
@@ -168,7 +159,6 @@ public class RSocketMessageHandlerConnectionITests {
 		UsernamePasswordMetadata credentials = new UsernamePasswordMetadata("user", "password");
 		this.requester = requester().setupMetadata(credentials, UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE)
 				.connectTcp(this.server.address().getHostName(), this.server.address().getPort()).block();
-
 		assertThatCode(() -> this.requester.route("prohibit").data("data").retrieveMono(String.class).block())
 				.isInstanceOf(ApplicationErrorException.class);
 	}
@@ -178,9 +168,7 @@ public class RSocketMessageHandlerConnectionITests {
 		UsernamePasswordMetadata credentials = new UsernamePasswordMetadata("user", "password");
 		this.requester = requester().setupMetadata(credentials, UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE)
 				.connectTcp(this.server.address().getHostName(), this.server.address().getPort()).block();
-
 		String hiRob = this.requester.route("anyroute").data("rob").retrieveMono(String.class).block();
-
 		assertThat(hiRob).isEqualTo("Hi rob");
 	}
 
@@ -189,9 +177,7 @@ public class RSocketMessageHandlerConnectionITests {
 		UsernamePasswordMetadata credentials = new UsernamePasswordMetadata("admin", "password");
 		this.requester = requester().setupMetadata(credentials, UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE)
 				.connectTcp(this.server.address().getHostName(), this.server.address().getPort()).block();
-
 		String hiEbert = this.requester.route("management.users").data("admin").retrieveMono(String.class).block();
-
 		assertThat(hiEbert).isEqualTo("Hi admin");
 	}
 
diff --git a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerITests.java b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerITests.java
index eb22782c00..9b4f37a09d 100644
--- a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerITests.java
+++ b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerITests.java
@@ -79,7 +79,6 @@ public class RSocketMessageHandlerITests {
 		this.server = RSocketFactory.receive().frameDecoder(PayloadDecoder.ZERO_COPY)
 				.addSocketAcceptorPlugin(this.interceptor).acceptor(this.handler.responder())
 				.transport(TcpServerTransport.create("localhost", 0)).start().block();
-
 		this.requester = RSocketRequester.builder()
 				// .rsocketFactory((factory) ->
 				// factory.addRequesterPlugin(payloadInterceptor))
@@ -99,7 +98,6 @@ public class RSocketMessageHandlerITests {
 		String data = "rob";
 		assertThatCode(() -> this.requester.route("secure.retrieve-mono").data(data).retrieveMono(String.class).block())
 				.isInstanceOf(ApplicationErrorException.class).hasMessageContaining("Access Denied");
-
 		assertThat(this.controller.payloads).isEmpty();
 	}
 
@@ -111,7 +109,6 @@ public class RSocketMessageHandlerITests {
 				.metadata(credentials, UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE).data(data)
 				.retrieveMono(String.class).block()).isInstanceOf(ApplicationErrorException.class)
 						.hasMessageContaining("Invalid Credentials");
-
 		assertThat(this.controller.payloads).isEmpty();
 	}
 
@@ -122,7 +119,6 @@ public class RSocketMessageHandlerITests {
 		String hiRob = this.requester.route("secure.retrieve-mono")
 				.metadata(credentials, UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE).data(data)
 				.retrieveMono(String.class).block();
-
 		assertThat(hiRob).isEqualTo("Hi rob");
 		assertThat(this.controller.payloads).containsOnly(data);
 	}
@@ -131,7 +127,6 @@ public class RSocketMessageHandlerITests {
 	public void retrieveMonoWhenPublicThenGranted() throws Exception {
 		String data = "rob";
 		String hiRob = this.requester.route("retrieve-mono").data(data).retrieveMono(String.class).block();
-
 		assertThat(hiRob).isEqualTo("Hi rob");
 		assertThat(this.controller.payloads).containsOnly(data);
 	}
@@ -142,7 +137,6 @@ public class RSocketMessageHandlerITests {
 		assertThatCode(() -> this.requester.route("secure.retrieve-flux").data(data, String.class)
 				.retrieveFlux(String.class).collectList().block()).isInstanceOf(ApplicationErrorException.class)
 						.hasMessageContaining("Access Denied");
-
 		assertThat(this.controller.payloads).isEmpty();
 	}
 
@@ -151,7 +145,6 @@ public class RSocketMessageHandlerITests {
 		Flux<String> data = Flux.just("a", "b", "c");
 		List<String> hi = this.requester.route("retrieve-flux").data(data, String.class).retrieveFlux(String.class)
 				.collectList().block();
-
 		assertThat(hi).containsOnly("hello a", "hello b", "hello c");
 		assertThat(this.controller.payloads).containsOnlyElementsOf(data.collectList().block());
 	}
@@ -162,7 +155,6 @@ public class RSocketMessageHandlerITests {
 		assertThatCode(
 				() -> this.requester.route("secure.hello").data(data).retrieveFlux(String.class).collectList().block())
 						.isInstanceOf(ApplicationErrorException.class).hasMessageContaining("Access Denied");
-
 		assertThat(this.controller.payloads).isEmpty();
 	}
 
@@ -170,7 +162,6 @@ public class RSocketMessageHandlerITests {
 	public void sendWhenSecureThenDenied() throws Exception {
 		String data = "hi";
 		this.requester.route("secure.send").data(data).send().block();
-
 		assertThat(this.controller.payloads).isEmpty();
 	}
 
@@ -248,7 +239,6 @@ public class RSocketMessageHandlerITests {
 		@MessageMapping({ "secure.send", "send" })
 		Mono<Void> send(Mono<String> payload) {
 			return payload.doOnNext(this::add).then(Mono.fromRunnable(() -> doNotifyAll()));
-
 		}
 
 		private synchronized void doNotifyAll() {
diff --git a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/SimpleAuthenticationITests.java b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/SimpleAuthenticationITests.java
index fc3d4e01ed..29f1c3b495 100644
--- a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/SimpleAuthenticationITests.java
+++ b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/SimpleAuthenticationITests.java
@@ -92,7 +92,6 @@ public class SimpleAuthenticationITests {
 	public void retrieveMonoWhenSecureThenDenied() throws Exception {
 		this.requester = RSocketRequester.builder().rsocketStrategies(this.handler.getRSocketStrategies())
 				.connectTcp("localhost", this.server.address().getPort()).block();
-
 		String data = "rob";
 		assertThatCode(() -> this.requester.route("secure.retrieve-mono").data(data).retrieveMono(String.class).block())
 				.isInstanceOf(ApplicationErrorException.class);
@@ -103,7 +102,6 @@ public class SimpleAuthenticationITests {
 	public void retrieveMonoWhenAuthorizedThenGranted() {
 		MimeType authenticationMimeType = MimeTypeUtils
 				.parseMimeType(WellKnownMimeType.MESSAGE_RSOCKET_AUTHENTICATION.getString());
-
 		UsernamePasswordMetadata credentials = new UsernamePasswordMetadata("rob", "password");
 		this.requester = RSocketRequester.builder().setupMetadata(credentials, authenticationMimeType)
 				.rsocketStrategies(this.handler.getRSocketStrategies())
@@ -111,7 +109,6 @@ public class SimpleAuthenticationITests {
 		String data = "rob";
 		String hiRob = this.requester.route("secure.retrieve-mono").metadata(credentials, authenticationMimeType)
 				.data(data).retrieveMono(String.class).block();
-
 		assertThat(hiRob).isEqualTo("Hi rob");
 		assertThat(this.controller.payloads).containsOnly(data);
 	}
diff --git a/config/src/test/java/org/springframework/security/config/DataSourcePopulator.java b/config/src/test/java/org/springframework/security/config/DataSourcePopulator.java
index 53b57df075..103addaebd 100644
--- a/config/src/test/java/org/springframework/security/config/DataSourcePopulator.java
+++ b/config/src/test/java/org/springframework/security/config/DataSourcePopulator.java
@@ -34,13 +34,11 @@ public class DataSourcePopulator implements InitializingBean {
 	@Override
 	public void afterPropertiesSet() {
 		Assert.notNull(this.template, "dataSource required");
-
 		this.template.execute(
 				"CREATE TABLE USERS(USERNAME VARCHAR_IGNORECASE(50) NOT NULL PRIMARY KEY,PASSWORD VARCHAR_IGNORECASE(500) NOT NULL,ENABLED BOOLEAN NOT NULL);");
 		this.template.execute(
 				"CREATE TABLE AUTHORITIES(USERNAME VARCHAR_IGNORECASE(50) NOT NULL,AUTHORITY VARCHAR_IGNORECASE(50) NOT NULL,CONSTRAINT FK_AUTHORITIES_USERS FOREIGN KEY(USERNAME) REFERENCES USERS(USERNAME));");
 		this.template.execute("CREATE UNIQUE INDEX IX_AUTH_USERNAME ON AUTHORITIES(USERNAME,AUTHORITY);");
-
 		/*
 		 * Passwords encoded using MD5, NOT in Base64 format, with null as salt Encoded
 		 * password for rod is "koala" Encoded password for dianne is "emu" Encoded
diff --git a/config/src/test/java/org/springframework/security/config/FilterChainProxyConfigTests.java b/config/src/test/java/org/springframework/security/config/FilterChainProxyConfigTests.java
index 0730702b94..d570897460 100644
--- a/config/src/test/java/org/springframework/security/config/FilterChainProxyConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/FilterChainProxyConfigTests.java
@@ -111,7 +111,6 @@ public class FilterChainProxyConfigTests {
 	@Test
 	public void mixingPatternsAndPlaceholdersDoesntCauseOrderingIssues() {
 		FilterChainProxy fcp = this.appCtx.getBean("sec1235FilterChainProxy", FilterChainProxy.class);
-
 		List<SecurityFilterChain> chains = fcp.getFilterChains();
 		assertThat(getPattern(chains.get(0))).isEqualTo("/login*");
 		assertThat(getPattern(chains.get(1))).isEqualTo("/logout");
@@ -127,17 +126,14 @@ public class FilterChainProxyConfigTests {
 		List<Filter> filters = filterChainProxy.getFilters("/foo/blah;x=1");
 		assertThat(filters).hasSize(1);
 		assertThat(filters.get(0) instanceof SecurityContextHolderAwareRequestFilter).isTrue();
-
 		filters = filterChainProxy.getFilters("/some;x=2,y=3/other/path;z=4/blah");
 		assertThat(filters).isNotNull();
 		assertThat(filters).hasSize(3);
 		assertThat(filters.get(0) instanceof SecurityContextPersistenceFilter).isTrue();
 		assertThat(filters.get(1) instanceof SecurityContextHolderAwareRequestFilter).isTrue();
 		assertThat(filters.get(2) instanceof SecurityContextHolderAwareRequestFilter).isTrue();
-
 		filters = filterChainProxy.getFilters("/do/not/filter;x=7");
 		assertThat(filters).isEmpty();
-
 		filters = filterChainProxy.getFilters("/another/nonspecificmatch");
 		assertThat(filters).hasSize(3);
 		assertThat(filters.get(0) instanceof SecurityContextPersistenceFilter).isTrue();
@@ -148,13 +144,10 @@ public class FilterChainProxyConfigTests {
 	private void doNormalOperation(FilterChainProxy filterChainProxy) throws Exception {
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", "");
 		request.setServletPath("/foo/secure/super/somefile.html");
-
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		FilterChain chain = mock(FilterChain.class);
-
 		filterChainProxy.doFilter(request, response, chain);
 		verify(chain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
-
 		request.setServletPath("/a/path/which/doesnt/match/any/filter.html");
 		chain = mock(FilterChain.class);
 		filterChainProxy.doFilter(request, response, chain);
diff --git a/config/src/test/java/org/springframework/security/config/MockUserServiceBeanPostProcessor.java b/config/src/test/java/org/springframework/security/config/MockUserServiceBeanPostProcessor.java
index 1a08796e61..fdec646a62 100644
--- a/config/src/test/java/org/springframework/security/config/MockUserServiceBeanPostProcessor.java
+++ b/config/src/test/java/org/springframework/security/config/MockUserServiceBeanPostProcessor.java
@@ -37,7 +37,6 @@ public class MockUserServiceBeanPostProcessor implements BeanPostProcessor {
 		if (bean instanceof PostProcessedMockUserDetailsService) {
 			((PostProcessedMockUserDetailsService) bean).setPostProcessorWasHere("Hello from the post processor!");
 		}
-
 		return bean;
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/SecurityNamespaceHandlerTests.java b/config/src/test/java/org/springframework/security/config/SecurityNamespaceHandlerTests.java
index 9b7ccaf51a..454209e4f0 100644
--- a/config/src/test/java/org/springframework/security/config/SecurityNamespaceHandlerTests.java
+++ b/config/src/test/java/org/springframework/security/config/SecurityNamespaceHandlerTests.java
@@ -90,13 +90,10 @@ public class SecurityNamespaceHandlerTests {
 		PowerMockito.spy(ClassUtils.class);
 		PowerMockito.doThrow(new NoClassDefFoundError(className)).when(ClassUtils.class, "forName",
 				eq(FILTER_CHAIN_PROXY_CLASSNAME), any(ClassLoader.class));
-
 		Log logger = mock(Log.class);
 		SecurityNamespaceHandler handler = new SecurityNamespaceHandler();
 		ReflectionTestUtils.setField(handler, "logger", logger);
-
 		handler.init();
-
 		PowerMockito.verifyStatic(ClassUtils.class);
 		ClassUtils.forName(eq(FILTER_CHAIN_PROXY_CLASSNAME), any(ClassLoader.class));
 		verifyZeroInteractions(logger);
diff --git a/config/src/test/java/org/springframework/security/config/annotation/SecurityConfigurerAdapterClosureTests.java b/config/src/test/java/org/springframework/security/config/annotation/SecurityConfigurerAdapterClosureTests.java
index c1cf8715e9..b98c51df78 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/SecurityConfigurerAdapterClosureTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/SecurityConfigurerAdapterClosureTests.java
@@ -43,10 +43,8 @@ public class SecurityConfigurerAdapterClosureTests {
 				return l;
 			}
 		});
-
 		this.conf.init(builder);
 		this.conf.configure(builder);
-
 		assertThat(this.conf.list).contains("a");
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/SecurityConfigurerAdapterTests.java b/config/src/test/java/org/springframework/security/config/annotation/SecurityConfigurerAdapterTests.java
index b6e0a5a87b..9e6aeba683 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/SecurityConfigurerAdapterTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/SecurityConfigurerAdapterTests.java
@@ -36,7 +36,6 @@ public class SecurityConfigurerAdapterTests {
 	public void postProcessObjectPostProcessorsAreSorted() {
 		this.adapter.addObjectPostProcessor(new OrderedObjectPostProcessor(Ordered.LOWEST_PRECEDENCE));
 		this.adapter.addObjectPostProcessor(new OrderedObjectPostProcessor(Ordered.HIGHEST_PRECEDENCE));
-
 		assertThat(this.adapter.postProcess("hi"))
 				.isEqualTo("hi " + Ordered.HIGHEST_PRECEDENCE + " " + Ordered.LOWEST_PRECEDENCE);
 	}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/AuthenticationManagerBuilderTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/AuthenticationManagerBuilderTests.java
index fd6749db83..2c3a719c01 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/authentication/AuthenticationManagerBuilderTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/AuthenticationManagerBuilderTests.java
@@ -76,11 +76,9 @@ public class AuthenticationManagerBuilderTests {
 	public void buildWhenAddAuthenticationProviderThenDoesNotPerformRegistration() throws Exception {
 		ObjectPostProcessor<Object> opp = mock(ObjectPostProcessor.class);
 		AuthenticationProvider provider = mock(AuthenticationProvider.class);
-
 		AuthenticationManagerBuilder builder = new AuthenticationManagerBuilder(opp);
 		builder.authenticationProvider(provider);
 		builder.build();
-
 		verify(opp, never()).postProcess(provider);
 	}
 
@@ -92,13 +90,11 @@ public class AuthenticationManagerBuilderTests {
 		given(opp.postProcess(any())).willAnswer((a) -> a.getArgument(0));
 		AuthenticationManager am = new AuthenticationManagerBuilder(opp).authenticationEventPublisher(aep)
 				.inMemoryAuthentication().and().build();
-
 		try {
 			am.authenticate(new UsernamePasswordAuthenticationToken("user", "password"));
 		}
 		catch (AuthenticationException success) {
 		}
-
 		verify(aep).publishAuthenticationFailure(any(), any());
 	}
 
@@ -107,9 +103,7 @@ public class AuthenticationManagerBuilderTests {
 		this.spring.register(PasswordEncoderGlobalConfig.class).autowire();
 		AuthenticationManager manager = this.spring.getContext().getBean(AuthenticationConfiguration.class)
 				.getAuthenticationManager();
-
 		Authentication auth = manager.authenticate(new UsernamePasswordAuthenticationToken("user", "password"));
-
 		assertThat(auth.getName()).isEqualTo("user");
 		assertThat(auth.getAuthorities()).extracting(GrantedAuthority::getAuthority).containsOnly("ROLE_USER");
 	}
@@ -119,9 +113,7 @@ public class AuthenticationManagerBuilderTests {
 		this.spring.register(PasswordEncoderGlobalConfig.class).autowire();
 		AuthenticationManager manager = this.spring.getContext().getBean(AuthenticationConfiguration.class)
 				.getAuthenticationManager();
-
 		Authentication auth = manager.authenticate(new UsernamePasswordAuthenticationToken("user", "password"));
-
 		assertThat(auth.getName()).isEqualTo("user");
 		assertThat(auth.getAuthorities()).extracting(GrantedAuthority::getAuthority).containsOnly("ROLE_USER");
 	}
@@ -129,9 +121,7 @@ public class AuthenticationManagerBuilderTests {
 	@Test
 	public void authenticationManagerWhenMultipleProvidersThenWorks() throws Exception {
 		this.spring.register(MultiAuthenticationProvidersConfig.class).autowire();
-
 		this.mockMvc.perform(formLogin()).andExpect(authenticated().withUsername("user").withRoles("USER"));
-
 		this.mockMvc.perform(formLogin().user("admin"))
 				.andExpect(authenticated().withUsername("admin").withRoles("USER", "ADMIN"));
 	}
@@ -140,11 +130,9 @@ public class AuthenticationManagerBuilderTests {
 	public void buildWhenAuthenticationProviderThenIsConfigured() throws Exception {
 		ObjectPostProcessor<Object> opp = mock(ObjectPostProcessor.class);
 		AuthenticationProvider provider = mock(AuthenticationProvider.class);
-
 		AuthenticationManagerBuilder builder = new AuthenticationManagerBuilder(opp);
 		builder.authenticationProvider(provider);
 		builder.build();
-
 		assertThat(builder.isConfigured()).isTrue();
 	}
 
@@ -152,27 +140,22 @@ public class AuthenticationManagerBuilderTests {
 	public void buildWhenParentThenIsConfigured() throws Exception {
 		ObjectPostProcessor<Object> opp = mock(ObjectPostProcessor.class);
 		AuthenticationManager parent = mock(AuthenticationManager.class);
-
 		AuthenticationManagerBuilder builder = new AuthenticationManagerBuilder(opp);
 		builder.parentAuthenticationManager(parent);
 		builder.build();
-
 		assertThat(builder.isConfigured()).isTrue();
 	}
 
 	@Test
 	public void buildWhenNotConfiguredThenIsConfiguredFalse() throws Exception {
 		ObjectPostProcessor<Object> opp = mock(ObjectPostProcessor.class);
-
 		AuthenticationManagerBuilder builder = new AuthenticationManagerBuilder(opp);
 		builder.build();
-
 		assertThat(builder.isConfigured()).isFalse();
 	}
 
 	public void buildWhenUserFromProperties() throws Exception {
 		this.spring.register(UserFromPropertiesConfig.class).autowire();
-
 		this.mockMvc.perform(formLogin().user("joe", "joespassword"))
 				.andExpect(authenticated().withUsername("joe").withRoles("USER"));
 	}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationManagerTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationManagerTests.java
index a4ca8c40b1..d21faea9ea 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationManagerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationManagerTests.java
@@ -47,10 +47,8 @@ public class NamespaceAuthenticationManagerTests {
 	@Test
 	public void authenticationMangerWhenDefaultThenEraseCredentialsIsTrue() throws Exception {
 		this.spring.register(EraseCredentialsTrueDefaultConfig.class).autowire();
-
 		this.mockMvc.perform(formLogin())
 				.andExpect(authenticated().withAuthentication((a) -> assertThat(a.getCredentials()).isNull()));
-
 		this.mockMvc.perform(formLogin())
 				.andExpect(authenticated().withAuthentication((a) -> assertThat(a.getCredentials()).isNull()));
 		// no exception due to username being cleared out
@@ -59,10 +57,8 @@ public class NamespaceAuthenticationManagerTests {
 	@Test
 	public void authenticationMangerWhenEraseCredentialsIsFalseThenCredentialsNotNull() throws Exception {
 		this.spring.register(EraseCredentialsFalseConfig.class).autowire();
-
 		this.mockMvc.perform(formLogin())
 				.andExpect(authenticated().withAuthentication((a) -> assertThat(a.getCredentials()).isNotNull()));
-
 		this.mockMvc.perform(formLogin())
 				.andExpect(authenticated().withAuthentication((a) -> assertThat(a.getCredentials()).isNotNull()));
 		// no exception due to username being cleared out
@@ -72,7 +68,6 @@ public class NamespaceAuthenticationManagerTests {
 	// SEC-2533
 	public void authenticationManagerWhenGlobalAndEraseCredentialsIsFalseThenCredentialsNotNull() throws Exception {
 		this.spring.register(GlobalEraseCredentialsFalseConfig.class).autowire();
-
 		this.mockMvc.perform(SecurityMockMvcRequestBuilders.formLogin()).andExpect(SecurityMockMvcResultMatchers
 				.authenticated().withAuthentication((a) -> assertThat(a.getCredentials()).isNotNull()));
 	}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationProviderTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationProviderTests.java
index 61d1e1e660..f29882cea9 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationProviderTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationProviderTests.java
@@ -49,7 +49,6 @@ public class NamespaceAuthenticationProviderTests {
 	// authentication-provider@ref
 	public void authenticationProviderRef() throws Exception {
 		this.spring.register(AuthenticationProviderRefConfig.class).autowire();
-
 		this.mockMvc.perform(formLogin()).andExpect(authenticated().withUsername("user"));
 	}
 
@@ -57,7 +56,6 @@ public class NamespaceAuthenticationProviderTests {
 	// authentication-provider@user-service-ref
 	public void authenticationProviderUserServiceRef() throws Exception {
 		this.spring.register(AuthenticationProviderRefConfig.class).autowire();
-
 		this.mockMvc.perform(formLogin()).andExpect(authenticated().withUsername("user"));
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceJdbcUserServiceTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceJdbcUserServiceTests.java
index e8a4d77abe..58556a7463 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceJdbcUserServiceTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceJdbcUserServiceTests.java
@@ -53,14 +53,12 @@ public class NamespaceJdbcUserServiceTests {
 	@Test
 	public void jdbcUserService() throws Exception {
 		this.spring.register(DataSourceConfig.class, JdbcUserServiceConfig.class).autowire();
-
 		this.mockMvc.perform(formLogin()).andExpect(authenticated().withUsername("user"));
 	}
 
 	@Test
 	public void jdbcUserServiceCustom() throws Exception {
 		this.spring.register(CustomDataSourceConfig.class, CustomJdbcUserServiceSampleConfig.class).autowire();
-
 		this.mockMvc.perform(formLogin()).andExpect(authenticated().withUsername("user").withRoles("DBA", "USER"));
 	}
 
@@ -118,7 +116,6 @@ public class NamespaceJdbcUserServiceTests {
 				// jdbc-user-service@role-prefix
 				.rolePrefix("ROLE_");
 			// @formatter:on
-
 		}
 
 		static class CustomUserCache implements UserCache {
diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespacePasswordEncoderTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespacePasswordEncoderTests.java
index 1068e37d13..91759cd703 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespacePasswordEncoderTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespacePasswordEncoderTests.java
@@ -52,21 +52,18 @@ public class NamespacePasswordEncoderTests {
 	@Test
 	public void passwordEncoderRefWithInMemory() throws Exception {
 		this.spring.register(PasswordEncoderWithInMemoryConfig.class).autowire();
-
 		this.mockMvc.perform(formLogin()).andExpect(authenticated());
 	}
 
 	@Test
 	public void passwordEncoderRefWithJdbc() throws Exception {
 		this.spring.register(PasswordEncoderWithJdbcConfig.class).autowire();
-
 		this.mockMvc.perform(formLogin()).andExpect(authenticated());
 	}
 
 	@Test
 	public void passwordEncoderRefWithUserDetailsService() throws Exception {
 		this.spring.register(PasswordEncoderWithUserDetailsServiceConfig.class).autowire();
-
 		this.mockMvc.perform(formLogin()).andExpect(authenticated());
 	}
 
@@ -91,7 +88,6 @@ public class NamespacePasswordEncoderTests {
 
 		@Override
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
-
 			BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
 			// @formatter:off
 			auth
diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/PasswordEncoderConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/PasswordEncoderConfigurerTests.java
index 086f7cbc00..456efd48f6 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/authentication/PasswordEncoderConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/PasswordEncoderConfigurerTests.java
@@ -51,7 +51,6 @@ public class PasswordEncoderConfigurerTests {
 	@Test
 	public void passwordEncoderRefWhenAuthenticationManagerBuilderThenAuthenticationSuccess() throws Exception {
 		this.spring.register(PasswordEncoderNoAuthManagerLoadsConfig.class).autowire();
-
 		this.mockMvc.perform(formLogin()).andExpect(authenticated());
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationPublishTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationPublishTests.java
index 3194b6cff7..3c6ec39bf5 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationPublishTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationPublishTests.java
@@ -48,7 +48,6 @@ public class AuthenticationConfigurationPublishTests {
 	@Test
 	public void authenticationEventPublisherBeanUsedByDefault() {
 		this.authenticationManager.authenticate(new UsernamePasswordAuthenticationToken("user", "password"));
-
 		assertThat(this.listener.getEvents()).hasSize(1);
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationTests.java
index e02f237cd8..9c5c153200 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationTests.java
@@ -88,7 +88,6 @@ public class AuthenticationConfigurationTests {
 	public void orderingAutowiredOnEnableGlobalMethodSecurity() {
 		this.spring.register(AuthenticationTestConfiguration.class, GlobalMethodSecurityAutowiredConfig.class,
 				ServicesConfig.class).autowire();
-
 		SecurityContextHolder.getContext()
 				.setAuthentication(new TestingAuthenticationToken("user", "password", "ROLE_USER"));
 		this.service.run();
@@ -98,7 +97,6 @@ public class AuthenticationConfigurationTests {
 	public void orderingAutowiredOnEnableWebSecurity() {
 		this.spring.register(AuthenticationTestConfiguration.class, WebSecurityConfig.class,
 				GlobalMethodSecurityAutowiredConfig.class, ServicesConfig.class).autowire();
-
 		SecurityContextHolder.getContext()
 				.setAuthentication(new TestingAuthenticationToken("user", "password", "ROLE_USER"));
 		this.service.run();
@@ -108,7 +106,6 @@ public class AuthenticationConfigurationTests {
 	public void orderingAutowiredOnEnableWebMvcSecurity() {
 		this.spring.register(AuthenticationTestConfiguration.class, WebMvcSecurityConfig.class,
 				GlobalMethodSecurityAutowiredConfig.class, ServicesConfig.class).autowire();
-
 		SecurityContextHolder.getContext()
 				.setAuthentication(new TestingAuthenticationToken("user", "password", "ROLE_USER"));
 		this.service.run();
@@ -117,7 +114,6 @@ public class AuthenticationConfigurationTests {
 	@Test
 	public void getAuthenticationManagerWhenNoAuthenticationThenNull() throws Exception {
 		this.spring.register(AuthenticationConfiguration.class, ObjectPostProcessorConfiguration.class).autowire();
-
 		assertThat(this.spring.getContext().getBean(AuthenticationConfiguration.class).getAuthenticationManager())
 				.isNull();
 	}
@@ -126,7 +122,6 @@ public class AuthenticationConfigurationTests {
 	public void getAuthenticationManagerWhenNoOpGlobalAuthenticationConfigurerAdapterThenNull() throws Exception {
 		this.spring.register(AuthenticationConfiguration.class, ObjectPostProcessorConfiguration.class,
 				NoOpGlobalAuthenticationConfigurerAdapter.class).autowire();
-
 		assertThat(this.spring.getContext().getBean(AuthenticationConfiguration.class).getAuthenticationManager())
 				.isNull();
 	}
@@ -136,10 +131,8 @@ public class AuthenticationConfigurationTests {
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("user", "password");
 		this.spring.register(AuthenticationConfiguration.class, ObjectPostProcessorConfiguration.class,
 				UserGlobalAuthenticationConfigurerAdapter.class).autowire();
-
 		AuthenticationManager authentication = this.spring.getContext().getBean(AuthenticationConfiguration.class)
 				.getAuthenticationManager();
-
 		assertThat(authentication.authenticate(token).getName()).isEqualTo(token.getName());
 	}
 
@@ -148,11 +141,9 @@ public class AuthenticationConfigurationTests {
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("user", "password");
 		this.spring.register(AuthenticationConfiguration.class, ObjectPostProcessorConfiguration.class,
 				AuthenticationManagerBeanConfig.class).autowire();
-
 		AuthenticationManager authentication = this.spring.getContext().getBean(AuthenticationConfiguration.class)
 				.getAuthenticationManager();
 		given(authentication.authenticate(token)).willReturn(TestAuthentication.authenticatedUser());
-
 		assertThat(authentication.authenticate(token).getName()).isEqualTo(token.getName());
 	}
 
@@ -173,13 +164,10 @@ public class AuthenticationConfigurationTests {
 		config.setGlobalAuthenticationConfigurers(Arrays.asList(new ConfiguresInMemoryConfigurerAdapter(),
 				new BootGlobalAuthenticationConfigurerAdapter()));
 		AuthenticationManager authenticationManager = config.getAuthenticationManager();
-
 		authenticationManager.authenticate(new UsernamePasswordAuthenticationToken("user", "password"));
-
 		assertThatThrownBy(
 				() -> authenticationManager.authenticate(new UsernamePasswordAuthenticationToken("boot", "password")))
 						.isInstanceOf(AuthenticationException.class);
-
 	}
 
 	@Test
@@ -188,7 +176,6 @@ public class AuthenticationConfigurationTests {
 		AuthenticationConfiguration config = this.spring.getContext().getBean(AuthenticationConfiguration.class);
 		config.setGlobalAuthenticationConfigurers(Arrays.asList(new BootGlobalAuthenticationConfigurerAdapter()));
 		AuthenticationManager authenticationManager = config.getAuthenticationManager();
-
 		authenticationManager.authenticate(new UsernamePasswordAuthenticationToken("boot", "password"));
 	}
 
@@ -198,17 +185,14 @@ public class AuthenticationConfigurationTests {
 		this.spring.register(Sec2531Config.class).autowire();
 		ObjectPostProcessor<Object> opp = this.spring.getContext().getBean(ObjectPostProcessor.class);
 		given(opp.postProcess(any())).willAnswer((a) -> a.getArgument(0));
-
 		AuthenticationConfiguration config = this.spring.getContext().getBean(AuthenticationConfiguration.class);
 		config.getAuthenticationManager();
-
 		verify(opp).postProcess(any(ProxyFactoryBean.class));
 	}
 
 	@Test
 	public void getAuthenticationManagerWhenSec2822ThenCannotForceAuthenticationAlreadyBuilt() throws Exception {
 		this.spring.register(Sec2822WebSecurity.class, Sec2822UseAuth.class, Sec2822Config.class).autowire();
-
 		this.spring.getContext().getBean(AuthenticationConfiguration.class).getAuthenticationManager();
 		// no exception
 	}
@@ -222,9 +206,7 @@ public class AuthenticationConfigurationTests {
 		AuthenticationManager am = this.spring.getContext().getBean(AuthenticationConfiguration.class)
 				.getAuthenticationManager();
 		given(uds.loadUserByUsername("user")).willReturn(PasswordEncodedUser.user(), PasswordEncodedUser.user());
-
 		am.authenticate(new UsernamePasswordAuthenticationToken("user", "password"));
-
 		assertThatThrownBy(() -> am.authenticate(new UsernamePasswordAuthenticationToken("user", "invalid")))
 				.isInstanceOf(AuthenticationException.class);
 	}
@@ -239,9 +221,7 @@ public class AuthenticationConfigurationTests {
 				.getAuthenticationManager();
 		given(uds.loadUserByUsername("user")).willReturn(User.withUserDetails(user).build(),
 				User.withUserDetails(user).build());
-
 		am.authenticate(new UsernamePasswordAuthenticationToken("user", "password"));
-
 		assertThatThrownBy(() -> am.authenticate(new UsernamePasswordAuthenticationToken("user", "invalid")))
 				.isInstanceOf(AuthenticationException.class);
 	}
@@ -257,9 +237,7 @@ public class AuthenticationConfigurationTests {
 		given(manager.loadUserByUsername("user")).willReturn(User.withUserDetails(user).build(),
 				User.withUserDetails(user).build());
 		given(manager.updatePassword(any(), any())).willReturn(user);
-
 		am.authenticate(new UsernamePasswordAuthenticationToken("user", "password"));
-
 		verify(manager).updatePassword(eq(user), startsWith("{bcrypt}"));
 	}
 
@@ -272,7 +250,6 @@ public class AuthenticationConfigurationTests {
 				.getAuthenticationManager();
 		given(ap.supports(any())).willReturn(true);
 		given(ap.authenticate(any())).willReturn(TestAuthentication.authenticatedUser());
-
 		am.authenticate(new UsernamePasswordAuthenticationToken("user", "password"));
 	}
 
@@ -285,7 +262,6 @@ public class AuthenticationConfigurationTests {
 				.getAuthenticationManager();
 		given(ap.supports(any())).willReturn(true);
 		given(ap.authenticate(any())).willReturn(TestAuthentication.authenticatedUser());
-
 		am.authenticate(new UsernamePasswordAuthenticationToken("user", "password"));
 	}
 
@@ -314,9 +290,7 @@ public class AuthenticationConfigurationTests {
 			throws Exception {
 		this.spring.register(AuthenticationConfigurationSubclass.class).autowire();
 		AuthenticationManagerBuilder ap = this.spring.getContext().getBean(AuthenticationManagerBuilder.class);
-
 		this.spring.getContext().getBean(AuthenticationConfiguration.class).getAuthenticationManager();
-
 		assertThatThrownBy(ap::build).isInstanceOf(AlreadyBuiltException.class);
 	}
 
@@ -447,15 +421,11 @@ public class AuthenticationConfigurationTests {
 			if (auth.isConfigured()) {
 				return;
 			}
-
 			UserDetails user = User.withUserDetails(PasswordEncodedUser.user()).username("boot").build();
-
 			List<UserDetails> users = Arrays.asList(user);
 			InMemoryUserDetailsManager inMemory = new InMemoryUserDetailsManager(users);
-
 			DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
 			provider.setUserDetailsService(inMemory);
-
 			auth.authenticationProvider(provider);
 		}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/EnableGlobalAuthenticationTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/EnableGlobalAuthenticationTests.java
index 4f6d9e735f..8a5e0db601 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/EnableGlobalAuthenticationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/EnableGlobalAuthenticationTests.java
@@ -40,29 +40,23 @@ public class EnableGlobalAuthenticationTests {
 	@Test
 	public void authenticationConfigurationWhenGetAuthenticationManagerThenNotNull() throws Exception {
 		this.spring.register(Config.class).autowire();
-
 		AuthenticationConfiguration auth = this.spring.getContext().getBean(AuthenticationConfiguration.class);
-
 		assertThat(auth.getAuthenticationManager()).isNotNull();
 	}
 
 	@Test
 	public void enableGlobalAuthenticationWhenNoConfigurationAnnotationThenBeanProxyingEnabled() {
 		this.spring.register(BeanProxyEnabledByDefaultConfig.class).autowire();
-
 		Child childBean = this.spring.getContext().getBean(Child.class);
 		Parent parentBean = this.spring.getContext().getBean(Parent.class);
-
 		assertThat(parentBean.getChild()).isSameAs(childBean);
 	}
 
 	@Test
 	public void enableGlobalAuthenticationWhenProxyBeanMethodsFalseThenBeanProxyingDisabled() {
 		this.spring.register(BeanProxyDisabledConfig.class).autowire();
-
 		Child childBean = this.spring.getContext().getBean(Child.class);
 		Parent parentBean = this.spring.getContext().getBean(Parent.class);
-
 		assertThat(parentBean.getChild()).isNotSameAs(childBean);
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/configurers/ldap/LdapAuthenticationProviderConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/configurers/ldap/LdapAuthenticationProviderConfigurerTests.java
index fcadd1ec3d..40e9f8e149 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/authentication/configurers/ldap/LdapAuthenticationProviderConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/configurers/ldap/LdapAuthenticationProviderConfigurerTests.java
@@ -40,7 +40,6 @@ public class LdapAuthenticationProviderConfigurerTests {
 		assertThat(this.configurer.getAuthoritiesMapper()).isInstanceOf(SimpleAuthorityMapper.class);
 		this.configurer.authoritiesMapper(new NullAuthoritiesMapper());
 		assertThat(this.configurer.getAuthoritiesMapper()).isInstanceOf(NullAuthoritiesMapper.class);
-
 	}
 
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/configurers/provisioning/UserDetailsManagerConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/configurers/provisioning/UserDetailsManagerConfigurerTests.java
index a6e2e698c7..67a8747c78 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/authentication/configurers/provisioning/UserDetailsManagerConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/configurers/provisioning/UserDetailsManagerConfigurerTests.java
@@ -46,7 +46,6 @@ public class UserDetailsManagerConfigurerTests {
 		UserDetails userDetails = new UserDetailsManagerConfigurer<AuthenticationManagerBuilder, InMemoryUserDetailsManagerConfigurer<AuthenticationManagerBuilder>>(
 				this.userDetailsManager).withUser("user").password("password").roles("USER").disabled(true)
 						.accountExpired(true).accountLocked(true).credentialsExpired(true).build();
-
 		assertThat(userDetails.getUsername()).isEqualTo("user");
 		assertThat(userDetails.getPassword()).isEqualTo("password");
 		assertThat(userDetails.getAuthorities().stream().findFirst().get().getAuthority()).isEqualTo("ROLE_USER");
@@ -59,31 +58,25 @@ public class UserDetailsManagerConfigurerTests {
 	@Test
 	public void authoritiesWithGrantedAuthorityWorks() {
 		SimpleGrantedAuthority authority = new SimpleGrantedAuthority("ROLE_USER");
-
 		UserDetails userDetails = new UserDetailsManagerConfigurer<AuthenticationManagerBuilder, InMemoryUserDetailsManagerConfigurer<AuthenticationManagerBuilder>>(
 				this.userDetailsManager).withUser("user").password("password").authorities(authority).build();
-
 		assertThat(userDetails.getAuthorities().stream().findFirst().get()).isEqualTo(authority);
 	}
 
 	@Test
 	public void authoritiesWithStringAuthorityWorks() {
 		String authority = "ROLE_USER";
-
 		UserDetails userDetails = new UserDetailsManagerConfigurer<AuthenticationManagerBuilder, InMemoryUserDetailsManagerConfigurer<AuthenticationManagerBuilder>>(
 				this.userDetailsManager).withUser("user").password("password").authorities(authority).build();
-
 		assertThat(userDetails.getAuthorities().stream().findFirst().get().getAuthority()).isEqualTo(authority);
 	}
 
 	@Test
 	public void authoritiesWithAListOfGrantedAuthorityWorks() {
 		SimpleGrantedAuthority authority = new SimpleGrantedAuthority("ROLE_USER");
-
 		UserDetails userDetails = new UserDetailsManagerConfigurer<AuthenticationManagerBuilder, InMemoryUserDetailsManagerConfigurer<AuthenticationManagerBuilder>>(
 				this.userDetailsManager).withUser("user").password("password").authorities(Arrays.asList(authority))
 						.build();
-
 		assertThat(userDetails.getAuthorities().stream().findFirst().get()).isEqualTo(authority);
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/configuration/AutowireBeanFactoryObjectPostProcessorTests.java b/config/src/test/java/org/springframework/security/config/annotation/configuration/AutowireBeanFactoryObjectPostProcessorTests.java
index 78d24959c0..c0efa4c5e7 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/configuration/AutowireBeanFactoryObjectPostProcessorTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/configuration/AutowireBeanFactoryObjectPostProcessorTests.java
@@ -54,7 +54,6 @@ public class AutowireBeanFactoryObjectPostProcessorTests {
 	@Test
 	public void postProcessWhenApplicationContextAwareThenAwareInvoked() {
 		this.spring.register(Config.class).autowire();
-
 		ApplicationContextAware toPostProcess = mock(ApplicationContextAware.class);
 		this.objectObjectPostProcessor.postProcess(toPostProcess);
 		verify(toPostProcess).setApplicationContext(isNotNull());
@@ -63,17 +62,14 @@ public class AutowireBeanFactoryObjectPostProcessorTests {
 	@Test
 	public void postProcessWhenApplicationEventPublisherAwareThenAwareInvoked() {
 		this.spring.register(Config.class).autowire();
-
 		ApplicationEventPublisherAware toPostProcess = mock(ApplicationEventPublisherAware.class);
 		this.objectObjectPostProcessor.postProcess(toPostProcess);
 		verify(toPostProcess).setApplicationEventPublisher(isNotNull());
-
 	}
 
 	@Test
 	public void postProcessWhenBeanClassLoaderAwareThenAwareInvoked() {
 		this.spring.register(Config.class).autowire();
-
 		BeanClassLoaderAware toPostProcess = mock(BeanClassLoaderAware.class);
 		this.objectObjectPostProcessor.postProcess(toPostProcess);
 		verify(toPostProcess).setBeanClassLoader(isNotNull());
@@ -82,7 +78,6 @@ public class AutowireBeanFactoryObjectPostProcessorTests {
 	@Test
 	public void postProcessWhenBeanFactoryAwareThenAwareInvoked() {
 		this.spring.register(Config.class).autowire();
-
 		BeanFactoryAware toPostProcess = mock(BeanFactoryAware.class);
 		this.objectObjectPostProcessor.postProcess(toPostProcess);
 		verify(toPostProcess).setBeanFactory(isNotNull());
@@ -91,7 +86,6 @@ public class AutowireBeanFactoryObjectPostProcessorTests {
 	@Test
 	public void postProcessWhenEnvironmentAwareThenAwareInvoked() {
 		this.spring.register(Config.class).autowire();
-
 		EnvironmentAware toPostProcess = mock(EnvironmentAware.class);
 		this.objectObjectPostProcessor.postProcess(toPostProcess);
 		verify(toPostProcess).setEnvironment(isNotNull());
@@ -100,7 +94,6 @@ public class AutowireBeanFactoryObjectPostProcessorTests {
 	@Test
 	public void postProcessWhenMessageSourceAwareThenAwareInvoked() {
 		this.spring.register(Config.class).autowire();
-
 		MessageSourceAware toPostProcess = mock(MessageSourceAware.class);
 		this.objectObjectPostProcessor.postProcess(toPostProcess);
 		verify(toPostProcess).setMessageSource(isNotNull());
@@ -109,7 +102,6 @@ public class AutowireBeanFactoryObjectPostProcessorTests {
 	@Test
 	public void postProcessWhenServletContextAwareThenAwareInvoked() {
 		this.spring.register(Config.class).autowire();
-
 		ServletContextAware toPostProcess = mock(ServletContextAware.class);
 		this.objectObjectPostProcessor.postProcess(toPostProcess);
 		verify(toPostProcess).setServletContext(isNotNull());
@@ -118,21 +110,16 @@ public class AutowireBeanFactoryObjectPostProcessorTests {
 	@Test
 	public void postProcessWhenDisposableBeanThenAwareInvoked() throws Exception {
 		this.spring.register(Config.class).autowire();
-
 		DisposableBean toPostProcess = mock(DisposableBean.class);
 		this.objectObjectPostProcessor.postProcess(toPostProcess);
-
 		this.spring.getContext().close();
-
 		verify(toPostProcess).destroy();
 	}
 
 	@Test
 	public void postProcessWhenSmartInitializingSingletonThenAwareInvoked() {
 		this.spring.register(Config.class, SmartConfig.class).autowire();
-
 		SmartConfig config = this.spring.getContext().getBean(SmartConfig.class);
-
 		verify(config.toTest).afterSingletonsInstantiated();
 	}
 
@@ -140,9 +127,7 @@ public class AutowireBeanFactoryObjectPostProcessorTests {
 	// SEC-2382
 	public void autowireBeanFactoryWhenBeanNameAutoProxyCreatorThenWorks() {
 		this.spring.testConfigLocations("AutowireBeanFactoryObjectPostProcessorTests-aopconfig.xml").autowire();
-
 		MyAdvisedBean bean = this.spring.getContext().getBean(MyAdvisedBean.class);
-
 		assertThat(bean.doStuff()).isEqualTo("null");
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/issue50/ApplicationConfig.java b/config/src/test/java/org/springframework/security/config/annotation/issue50/ApplicationConfig.java
index fa946076f7..47535d1ce5 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/issue50/ApplicationConfig.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/issue50/ApplicationConfig.java
@@ -52,12 +52,10 @@ public class ApplicationConfig {
 		vendorAdapter.setDatabase(Database.HSQL);
 		vendorAdapter.setGenerateDdl(true);
 		vendorAdapter.setShowSql(true);
-
 		LocalContainerEntityManagerFactoryBean factory = new LocalContainerEntityManagerFactoryBean();
 		factory.setJpaVendorAdapter(vendorAdapter);
 		factory.setPackagesToScan(User.class.getPackage().getName());
 		factory.setDataSource(dataSource());
-
 		return factory;
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/EnableReactiveMethodSecurityTests.java b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/EnableReactiveMethodSecurityTests.java
index 751199fb55..44e6e6a0d3 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/EnableReactiveMethodSecurityTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/EnableReactiveMethodSecurityTests.java
@@ -81,23 +81,19 @@ public class EnableReactiveMethodSecurityTests {
 	@Test
 	public void monoWhenPermitAllThenAopDoesNotSubscribe() {
 		given(this.delegate.monoFindById(1L)).willReturn(Mono.from(this.result));
-
 		this.delegate.monoFindById(1L);
-
 		this.result.assertNoSubscribers();
 	}
 
 	@Test
 	public void monoWhenPermitAllThenSuccess() {
 		given(this.delegate.monoFindById(1L)).willReturn(Mono.just("success"));
-
 		StepVerifier.create(this.delegate.monoFindById(1L)).expectNext("success").verifyComplete();
 	}
 
 	@Test
 	public void monoPreAuthorizeHasRoleWhenGrantedThenSuccess() {
 		given(this.delegate.monoPreAuthorizeHasRoleFindById(1L)).willReturn(Mono.just("result"));
-
 		Mono<String> findById = this.messageService.monoPreAuthorizeHasRoleFindById(1L)
 				.subscriberContext(this.withAdmin);
 		StepVerifier.create(findById).expectNext("result").verifyComplete();
@@ -106,28 +102,23 @@ public class EnableReactiveMethodSecurityTests {
 	@Test
 	public void monoPreAuthorizeHasRoleWhenNoAuthenticationThenDenied() {
 		given(this.delegate.monoPreAuthorizeHasRoleFindById(1L)).willReturn(Mono.from(this.result));
-
 		Mono<String> findById = this.messageService.monoPreAuthorizeHasRoleFindById(1L);
 		StepVerifier.create(findById).expectError(AccessDeniedException.class).verify();
-
 		this.result.assertNoSubscribers();
 	}
 
 	@Test
 	public void monoPreAuthorizeHasRoleWhenNotAuthorizedThenDenied() {
 		given(this.delegate.monoPreAuthorizeHasRoleFindById(1L)).willReturn(Mono.from(this.result));
-
 		Mono<String> findById = this.messageService.monoPreAuthorizeHasRoleFindById(1L)
 				.subscriberContext(this.withUser);
 		StepVerifier.create(findById).expectError(AccessDeniedException.class).verify();
-
 		this.result.assertNoSubscribers();
 	}
 
 	@Test
 	public void monoPreAuthorizeBeanWhenGrantedThenSuccess() {
 		given(this.delegate.monoPreAuthorizeBeanFindById(2L)).willReturn(Mono.just("result"));
-
 		Mono<String> findById = this.messageService.monoPreAuthorizeBeanFindById(2L).subscriberContext(this.withAdmin);
 		StepVerifier.create(findById).expectNext("result").verifyComplete();
 	}
@@ -135,7 +126,6 @@ public class EnableReactiveMethodSecurityTests {
 	@Test
 	public void monoPreAuthorizeBeanWhenNotAuthenticatedAndGrantedThenSuccess() {
 		given(this.delegate.monoPreAuthorizeBeanFindById(2L)).willReturn(Mono.just("result"));
-
 		Mono<String> findById = this.messageService.monoPreAuthorizeBeanFindById(2L);
 		StepVerifier.create(findById).expectNext("result").verifyComplete();
 	}
@@ -143,27 +133,22 @@ public class EnableReactiveMethodSecurityTests {
 	@Test
 	public void monoPreAuthorizeBeanWhenNoAuthenticationThenDenied() {
 		given(this.delegate.monoPreAuthorizeBeanFindById(1L)).willReturn(Mono.from(this.result));
-
 		Mono<String> findById = this.messageService.monoPreAuthorizeBeanFindById(1L);
 		StepVerifier.create(findById).expectError(AccessDeniedException.class).verify();
-
 		this.result.assertNoSubscribers();
 	}
 
 	@Test
 	public void monoPreAuthorizeBeanWhenNotAuthorizedThenDenied() {
 		given(this.delegate.monoPreAuthorizeBeanFindById(1L)).willReturn(Mono.from(this.result));
-
 		Mono<String> findById = this.messageService.monoPreAuthorizeBeanFindById(1L).subscriberContext(this.withUser);
 		StepVerifier.create(findById).expectError(AccessDeniedException.class).verify();
-
 		this.result.assertNoSubscribers();
 	}
 
 	@Test
 	public void monoPostAuthorizeWhenAuthorizedThenSuccess() {
 		given(this.delegate.monoPostAuthorizeFindById(1L)).willReturn(Mono.just("user"));
-
 		Mono<String> findById = this.messageService.monoPostAuthorizeFindById(1L).subscriberContext(this.withUser);
 		StepVerifier.create(findById).expectNext("user").verifyComplete();
 	}
@@ -171,7 +156,6 @@ public class EnableReactiveMethodSecurityTests {
 	@Test
 	public void monoPostAuthorizeWhenNotAuthorizedThenDenied() {
 		given(this.delegate.monoPostAuthorizeBeanFindById(1L)).willReturn(Mono.just("not-authorized"));
-
 		Mono<String> findById = this.messageService.monoPostAuthorizeBeanFindById(1L).subscriberContext(this.withUser);
 		StepVerifier.create(findById).expectError(AccessDeniedException.class).verify();
 	}
@@ -179,7 +163,6 @@ public class EnableReactiveMethodSecurityTests {
 	@Test
 	public void monoPostAuthorizeWhenBeanAndAuthorizedThenSuccess() {
 		given(this.delegate.monoPostAuthorizeBeanFindById(2L)).willReturn(Mono.just("user"));
-
 		Mono<String> findById = this.messageService.monoPostAuthorizeBeanFindById(2L).subscriberContext(this.withUser);
 		StepVerifier.create(findById).expectNext("user").verifyComplete();
 	}
@@ -187,7 +170,6 @@ public class EnableReactiveMethodSecurityTests {
 	@Test
 	public void monoPostAuthorizeWhenBeanAndNotAuthenticatedAndAuthorizedThenSuccess() {
 		given(this.delegate.monoPostAuthorizeBeanFindById(2L)).willReturn(Mono.just("anonymous"));
-
 		Mono<String> findById = this.messageService.monoPostAuthorizeBeanFindById(2L);
 		StepVerifier.create(findById).expectNext("anonymous").verifyComplete();
 	}
@@ -195,33 +177,27 @@ public class EnableReactiveMethodSecurityTests {
 	@Test
 	public void monoPostAuthorizeWhenBeanAndNotAuthorizedThenDenied() {
 		given(this.delegate.monoPostAuthorizeBeanFindById(1L)).willReturn(Mono.just("not-authorized"));
-
 		Mono<String> findById = this.messageService.monoPostAuthorizeBeanFindById(1L).subscriberContext(this.withUser);
 		StepVerifier.create(findById).expectError(AccessDeniedException.class).verify();
 	}
 
 	// Flux tests
-
 	@Test
 	public void fluxWhenPermitAllThenAopDoesNotSubscribe() {
 		given(this.delegate.fluxFindById(1L)).willReturn(Flux.from(this.result));
-
 		this.delegate.fluxFindById(1L);
-
 		this.result.assertNoSubscribers();
 	}
 
 	@Test
 	public void fluxWhenPermitAllThenSuccess() {
 		given(this.delegate.fluxFindById(1L)).willReturn(Flux.just("success"));
-
 		StepVerifier.create(this.delegate.fluxFindById(1L)).expectNext("success").verifyComplete();
 	}
 
 	@Test
 	public void fluxPreAuthorizeHasRoleWhenGrantedThenSuccess() {
 		given(this.delegate.fluxPreAuthorizeHasRoleFindById(1L)).willReturn(Flux.just("result"));
-
 		Flux<String> findById = this.messageService.fluxPreAuthorizeHasRoleFindById(1L)
 				.subscriberContext(this.withAdmin);
 		StepVerifier.create(findById).consumeNextWith((s) -> AssertionsForClassTypes.assertThat(s).isEqualTo("result"))
@@ -231,28 +207,23 @@ public class EnableReactiveMethodSecurityTests {
 	@Test
 	public void fluxPreAuthorizeHasRoleWhenNoAuthenticationThenDenied() {
 		given(this.delegate.fluxPreAuthorizeHasRoleFindById(1L)).willReturn(Flux.from(this.result));
-
 		Flux<String> findById = this.messageService.fluxPreAuthorizeHasRoleFindById(1L);
 		StepVerifier.create(findById).expectError(AccessDeniedException.class).verify();
-
 		this.result.assertNoSubscribers();
 	}
 
 	@Test
 	public void fluxPreAuthorizeHasRoleWhenNotAuthorizedThenDenied() {
 		given(this.delegate.fluxPreAuthorizeHasRoleFindById(1L)).willReturn(Flux.from(this.result));
-
 		Flux<String> findById = this.messageService.fluxPreAuthorizeHasRoleFindById(1L)
 				.subscriberContext(this.withUser);
 		StepVerifier.create(findById).expectError(AccessDeniedException.class).verify();
-
 		this.result.assertNoSubscribers();
 	}
 
 	@Test
 	public void fluxPreAuthorizeBeanWhenGrantedThenSuccess() {
 		given(this.delegate.fluxPreAuthorizeBeanFindById(2L)).willReturn(Flux.just("result"));
-
 		Flux<String> findById = this.messageService.fluxPreAuthorizeBeanFindById(2L).subscriberContext(this.withAdmin);
 		StepVerifier.create(findById).expectNext("result").verifyComplete();
 	}
@@ -260,7 +231,6 @@ public class EnableReactiveMethodSecurityTests {
 	@Test
 	public void fluxPreAuthorizeBeanWhenNotAuthenticatedAndGrantedThenSuccess() {
 		given(this.delegate.fluxPreAuthorizeBeanFindById(2L)).willReturn(Flux.just("result"));
-
 		Flux<String> findById = this.messageService.fluxPreAuthorizeBeanFindById(2L);
 		StepVerifier.create(findById).expectNext("result").verifyComplete();
 	}
@@ -268,27 +238,22 @@ public class EnableReactiveMethodSecurityTests {
 	@Test
 	public void fluxPreAuthorizeBeanWhenNoAuthenticationThenDenied() {
 		given(this.delegate.fluxPreAuthorizeBeanFindById(1L)).willReturn(Flux.from(this.result));
-
 		Flux<String> findById = this.messageService.fluxPreAuthorizeBeanFindById(1L);
 		StepVerifier.create(findById).expectError(AccessDeniedException.class).verify();
-
 		this.result.assertNoSubscribers();
 	}
 
 	@Test
 	public void fluxPreAuthorizeBeanWhenNotAuthorizedThenDenied() {
 		given(this.delegate.fluxPreAuthorizeBeanFindById(1L)).willReturn(Flux.from(this.result));
-
 		Flux<String> findById = this.messageService.fluxPreAuthorizeBeanFindById(1L).subscriberContext(this.withUser);
 		StepVerifier.create(findById).expectError(AccessDeniedException.class).verify();
-
 		this.result.assertNoSubscribers();
 	}
 
 	@Test
 	public void fluxPostAuthorizeWhenAuthorizedThenSuccess() {
 		given(this.delegate.fluxPostAuthorizeFindById(1L)).willReturn(Flux.just("user"));
-
 		Flux<String> findById = this.messageService.fluxPostAuthorizeFindById(1L).subscriberContext(this.withUser);
 		StepVerifier.create(findById).expectNext("user").verifyComplete();
 	}
@@ -296,7 +261,6 @@ public class EnableReactiveMethodSecurityTests {
 	@Test
 	public void fluxPostAuthorizeWhenNotAuthorizedThenDenied() {
 		given(this.delegate.fluxPostAuthorizeBeanFindById(1L)).willReturn(Flux.just("not-authorized"));
-
 		Flux<String> findById = this.messageService.fluxPostAuthorizeBeanFindById(1L).subscriberContext(this.withUser);
 		StepVerifier.create(findById).expectError(AccessDeniedException.class).verify();
 	}
@@ -304,7 +268,6 @@ public class EnableReactiveMethodSecurityTests {
 	@Test
 	public void fluxPostAuthorizeWhenBeanAndAuthorizedThenSuccess() {
 		given(this.delegate.fluxPostAuthorizeBeanFindById(2L)).willReturn(Flux.just("user"));
-
 		Flux<String> findById = this.messageService.fluxPostAuthorizeBeanFindById(2L).subscriberContext(this.withUser);
 		StepVerifier.create(findById).expectNext("user").verifyComplete();
 	}
@@ -312,7 +275,6 @@ public class EnableReactiveMethodSecurityTests {
 	@Test
 	public void fluxPostAuthorizeWhenBeanAndNotAuthenticatedAndAuthorizedThenSuccess() {
 		given(this.delegate.fluxPostAuthorizeBeanFindById(2L)).willReturn(Flux.just("anonymous"));
-
 		Flux<String> findById = this.messageService.fluxPostAuthorizeBeanFindById(2L);
 		StepVerifier.create(findById).expectNext("anonymous").verifyComplete();
 	}
@@ -320,33 +282,27 @@ public class EnableReactiveMethodSecurityTests {
 	@Test
 	public void fluxPostAuthorizeWhenBeanAndNotAuthorizedThenDenied() {
 		given(this.delegate.fluxPostAuthorizeBeanFindById(1L)).willReturn(Flux.just("not-authorized"));
-
 		Flux<String> findById = this.messageService.fluxPostAuthorizeBeanFindById(1L).subscriberContext(this.withUser);
 		StepVerifier.create(findById).expectError(AccessDeniedException.class).verify();
 	}
 
 	// Publisher tests
-
 	@Test
 	public void publisherWhenPermitAllThenAopDoesNotSubscribe() {
 		given(this.delegate.publisherFindById(1L)).willReturn(this.result);
-
 		this.delegate.publisherFindById(1L);
-
 		this.result.assertNoSubscribers();
 	}
 
 	@Test
 	public void publisherWhenPermitAllThenSuccess() {
 		given(this.delegate.publisherFindById(1L)).willReturn(publisherJust("success"));
-
 		StepVerifier.create(this.delegate.publisherFindById(1L)).expectNext("success").verifyComplete();
 	}
 
 	@Test
 	public void publisherPreAuthorizeHasRoleWhenGrantedThenSuccess() {
 		given(this.delegate.publisherPreAuthorizeHasRoleFindById(1L)).willReturn(publisherJust("result"));
-
 		Publisher<String> findById = Flux.from(this.messageService.publisherPreAuthorizeHasRoleFindById(1L))
 				.subscriberContext(this.withAdmin);
 		StepVerifier.create(findById).consumeNextWith((s) -> AssertionsForClassTypes.assertThat(s).isEqualTo("result"))
@@ -356,28 +312,23 @@ public class EnableReactiveMethodSecurityTests {
 	@Test
 	public void publisherPreAuthorizeHasRoleWhenNoAuthenticationThenDenied() {
 		given(this.delegate.publisherPreAuthorizeHasRoleFindById(1L)).willReturn(this.result);
-
 		Publisher<String> findById = this.messageService.publisherPreAuthorizeHasRoleFindById(1L);
 		StepVerifier.create(findById).expectError(AccessDeniedException.class).verify();
-
 		this.result.assertNoSubscribers();
 	}
 
 	@Test
 	public void publisherPreAuthorizeHasRoleWhenNotAuthorizedThenDenied() {
 		given(this.delegate.publisherPreAuthorizeHasRoleFindById(1L)).willReturn(this.result);
-
 		Publisher<String> findById = Flux.from(this.messageService.publisherPreAuthorizeHasRoleFindById(1L))
 				.subscriberContext(this.withUser);
 		StepVerifier.create(findById).expectError(AccessDeniedException.class).verify();
-
 		this.result.assertNoSubscribers();
 	}
 
 	@Test
 	public void publisherPreAuthorizeBeanWhenGrantedThenSuccess() {
 		given(this.delegate.publisherPreAuthorizeBeanFindById(2L)).willReturn(publisherJust("result"));
-
 		Publisher<String> findById = Flux.from(this.messageService.publisherPreAuthorizeBeanFindById(2L))
 				.subscriberContext(this.withAdmin);
 		StepVerifier.create(findById).expectNext("result").verifyComplete();
@@ -386,7 +337,6 @@ public class EnableReactiveMethodSecurityTests {
 	@Test
 	public void publisherPreAuthorizeBeanWhenNotAuthenticatedAndGrantedThenSuccess() {
 		given(this.delegate.publisherPreAuthorizeBeanFindById(2L)).willReturn(publisherJust("result"));
-
 		Publisher<String> findById = this.messageService.publisherPreAuthorizeBeanFindById(2L);
 		StepVerifier.create(findById).expectNext("result").verifyComplete();
 	}
@@ -394,28 +344,23 @@ public class EnableReactiveMethodSecurityTests {
 	@Test
 	public void publisherPreAuthorizeBeanWhenNoAuthenticationThenDenied() {
 		given(this.delegate.publisherPreAuthorizeBeanFindById(1L)).willReturn(this.result);
-
 		Publisher<String> findById = this.messageService.publisherPreAuthorizeBeanFindById(1L);
 		StepVerifier.create(findById).expectError(AccessDeniedException.class).verify();
-
 		this.result.assertNoSubscribers();
 	}
 
 	@Test
 	public void publisherPreAuthorizeBeanWhenNotAuthorizedThenDenied() {
 		given(this.delegate.publisherPreAuthorizeBeanFindById(1L)).willReturn(this.result);
-
 		Publisher<String> findById = Flux.from(this.messageService.publisherPreAuthorizeBeanFindById(1L))
 				.subscriberContext(this.withUser);
 		StepVerifier.create(findById).expectError(AccessDeniedException.class).verify();
-
 		this.result.assertNoSubscribers();
 	}
 
 	@Test
 	public void publisherPostAuthorizeWhenAuthorizedThenSuccess() {
 		given(this.delegate.publisherPostAuthorizeFindById(1L)).willReturn(publisherJust("user"));
-
 		Publisher<String> findById = Flux.from(this.messageService.publisherPostAuthorizeFindById(1L))
 				.subscriberContext(this.withUser);
 		StepVerifier.create(findById).expectNext("user").verifyComplete();
@@ -424,7 +369,6 @@ public class EnableReactiveMethodSecurityTests {
 	@Test
 	public void publisherPostAuthorizeWhenNotAuthorizedThenDenied() {
 		given(this.delegate.publisherPostAuthorizeBeanFindById(1L)).willReturn(publisherJust("not-authorized"));
-
 		Publisher<String> findById = Flux.from(this.messageService.publisherPostAuthorizeBeanFindById(1L))
 				.subscriberContext(this.withUser);
 		StepVerifier.create(findById).expectError(AccessDeniedException.class).verify();
@@ -433,7 +377,6 @@ public class EnableReactiveMethodSecurityTests {
 	@Test
 	public void publisherPostAuthorizeWhenBeanAndAuthorizedThenSuccess() {
 		given(this.delegate.publisherPostAuthorizeBeanFindById(2L)).willReturn(publisherJust("user"));
-
 		Publisher<String> findById = Flux.from(this.messageService.publisherPostAuthorizeBeanFindById(2L))
 				.subscriberContext(this.withUser);
 		StepVerifier.create(findById).expectNext("user").verifyComplete();
@@ -442,7 +385,6 @@ public class EnableReactiveMethodSecurityTests {
 	@Test
 	public void publisherPostAuthorizeWhenBeanAndNotAuthenticatedAndAuthorizedThenSuccess() {
 		given(this.delegate.publisherPostAuthorizeBeanFindById(2L)).willReturn(publisherJust("anonymous"));
-
 		Publisher<String> findById = this.messageService.publisherPostAuthorizeBeanFindById(2L);
 		StepVerifier.create(findById).expectNext("anonymous").verifyComplete();
 	}
@@ -450,7 +392,6 @@ public class EnableReactiveMethodSecurityTests {
 	@Test
 	public void publisherPostAuthorizeWhenBeanAndNotAuthorizedThenDenied() {
 		given(this.delegate.publisherPostAuthorizeBeanFindById(1L)).willReturn(publisherJust("not-authorized"));
-
 		Publisher<String> findById = Flux.from(this.messageService.publisherPostAuthorizeBeanFindById(1L))
 				.subscriberContext(this.withUser);
 		StepVerifier.create(findById).expectError(AccessDeniedException.class).verify();
diff --git a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfigurationTests.java
index d5a8b8ef35..713839542b 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfigurationTests.java
@@ -110,13 +110,11 @@ public class GlobalMethodSecurityConfigurationTests {
 	@Test
 	public void methodSecurityAuthenticationManagerPublishesEvent() {
 		this.spring.register(InMemoryAuthWithGlobalMethodSecurityConfig.class).autowire();
-
 		try {
 			this.authenticationManager.authenticate(new UsernamePasswordAuthenticationToken("foo", "bar"));
 		}
 		catch (AuthenticationException ex) {
 		}
-
 		assertThat(this.events.getEvents()).extracting(Object::getClass)
 				.containsOnly((Class) AuthenticationFailureBadCredentialsEvent.class);
 	}
@@ -125,14 +123,10 @@ public class GlobalMethodSecurityConfigurationTests {
 	@WithMockUser
 	public void methodSecurityWhenAuthenticationTrustResolverIsBeanThenAutowires() {
 		this.spring.register(CustomTrustResolverConfig.class).autowire();
-
 		AuthenticationTrustResolver trustResolver = this.spring.getContext().getBean(AuthenticationTrustResolver.class);
 		given(trustResolver.isAnonymous(any())).willReturn(true, false);
-
 		assertThatThrownBy(() -> this.service.preAuthorizeNotAnonymous()).isInstanceOf(AccessDeniedException.class);
-
 		this.service.preAuthorizeNotAnonymous();
-
 		verify(trustResolver, atLeastOnce()).isAnonymous(any());
 	}
 
@@ -142,9 +136,7 @@ public class GlobalMethodSecurityConfigurationTests {
 	public void defaultWebSecurityExpressionHandlerHasBeanResolverSet() {
 		this.spring.register(ExpressionHandlerHasBeanResolverSetConfig.class).autowire();
 		Authz authz = this.spring.getContext().getBean(Authz.class);
-
 		assertThatThrownBy(() -> this.service.preAuthorizeBean(false)).isInstanceOf(AccessDeniedException.class);
-
 		this.service.preAuthorizeBean(true);
 	}
 
@@ -152,9 +144,7 @@ public class GlobalMethodSecurityConfigurationTests {
 	@WithMockUser
 	public void methodSecuritySupportsAnnotaitonsOnInterfaceParamerNames() {
 		this.spring.register(MethodSecurityServiceConfig.class).autowire();
-
 		assertThatThrownBy(() -> this.service.postAnnotation("deny")).isInstanceOf(AccessDeniedException.class);
-
 		this.service.postAnnotation("grant");
 		// no exception
 	}
@@ -165,17 +155,14 @@ public class GlobalMethodSecurityConfigurationTests {
 		this.spring.register(AutowirePermissionEvaluatorConfig.class).autowire();
 		PermissionEvaluator permission = this.spring.getContext().getBean(PermissionEvaluator.class);
 		given(permission.hasPermission(any(), eq("something"), eq("read"))).willReturn(true, false);
-
 		this.service.hasPermission("something");
 		// no exception
-
 		assertThatThrownBy(() -> this.service.hasPermission("something")).isInstanceOf(AccessDeniedException.class);
 	}
 
 	@Test
 	public void multiPermissionEvaluatorConfig() {
 		this.spring.register(MultiPermissionEvaluatorConfig.class).autowire();
-
 		// no exception
 	}
 
@@ -184,7 +171,6 @@ public class GlobalMethodSecurityConfigurationTests {
 	@WithMockUser
 	public void enableGlobalMethodSecurityWorksOnSuperclass() {
 		this.spring.register(ChildConfig.class).autowire();
-
 		assertThatThrownBy(() -> this.service.preAuthorize()).isInstanceOf(AccessDeniedException.class);
 	}
 
@@ -200,7 +186,6 @@ public class GlobalMethodSecurityConfigurationTests {
 				child.register(Sec2479ChildConfig.class);
 				child.refresh();
 				this.spring.context(child).autowire();
-
 				assertThatThrownBy(() -> this.service.preAuthorize()).isInstanceOf(AccessDeniedException.class);
 			}
 		}
@@ -209,9 +194,7 @@ public class GlobalMethodSecurityConfigurationTests {
 	@Test
 	public void enableGlobalMethodSecurityDoesNotTriggerEagerInitializationOfBeansInGlobalAuthenticationConfigurer() {
 		this.spring.register(Sec2815Config.class).autowire();
-
 		MockBeanPostProcessor pp = this.spring.getContext().getBean(MockBeanPostProcessor.class);
-
 		assertThat(pp.beforeInit).containsKeys("dataSource");
 		assertThat(pp.afterInit).containsKeys("dataSource");
 	}
@@ -220,9 +203,9 @@ public class GlobalMethodSecurityConfigurationTests {
 	@Test
 	public void globalSecurityProxiesSecurity() {
 		this.spring.register(Sec3005Config.class).autowire();
-
 		assertThat(this.service.getClass()).matches((c) -> !Proxy.isProxyClass(c), "is not proxy class");
 	}
+
 	//
 	// // gh-3797
 	// def preAuthorizeBeanSpel() {
@@ -241,14 +224,11 @@ public class GlobalMethodSecurityConfigurationTests {
 	// thrown(AccessDeniedException)
 	// }
 	//
-
 	@Test
 	@WithMockUser
 	public void preAuthorizeBeanSpel() {
 		this.spring.register(PreAuthorizeBeanSpelConfig.class).autowire();
-
 		assertThatThrownBy(() -> this.service.preAuthorizeBean(false)).isInstanceOf(AccessDeniedException.class);
-
 		this.service.preAuthorizeBean(true);
 	}
 
@@ -257,7 +237,6 @@ public class GlobalMethodSecurityConfigurationTests {
 	@WithMockUser
 	public void roleHierarchy() {
 		this.spring.register(RoleHierarchyConfig.class).autowire();
-
 		assertThatThrownBy(() -> this.service.preAuthorize()).isInstanceOf(AccessDeniedException.class);
 		this.service.preAuthorizeAdmin();
 	}
@@ -266,12 +245,9 @@ public class GlobalMethodSecurityConfigurationTests {
 	@WithMockUser(authorities = "ROLE:USER")
 	public void grantedAuthorityDefaultsAutowires() {
 		this.spring.register(CustomGrantedAuthorityConfig.class).autowire();
-
 		CustomGrantedAuthorityConfig.CustomAuthorityService customService = this.spring.getContext()
 				.getBean(CustomGrantedAuthorityConfig.CustomAuthorityService.class);
-
 		assertThatThrownBy(() -> this.service.preAuthorize()).isInstanceOf(AccessDeniedException.class);
-
 		customService.customPrefixRoleUser();
 		// no exception
 	}
@@ -280,12 +256,9 @@ public class GlobalMethodSecurityConfigurationTests {
 	@WithMockUser(authorities = "USER")
 	public void grantedAuthorityDefaultsWithEmptyRolePrefix() {
 		this.spring.register(EmptyRolePrefixGrantedAuthorityConfig.class).autowire();
-
 		EmptyRolePrefixGrantedAuthorityConfig.CustomAuthorityService customService = this.spring.getContext()
 				.getBean(EmptyRolePrefixGrantedAuthorityConfig.CustomAuthorityService.class);
-
 		assertThatThrownBy(() -> this.service.securedUser()).isInstanceOf(AccessDeniedException.class);
-
 		customService.emptyPrefixRoleUser();
 		// no exception
 	}
@@ -297,7 +270,6 @@ public class GlobalMethodSecurityConfigurationTests {
 				.getBean(MethodInterceptor.class);
 		MethodSecurityMetadataSource methodSecurityMetadataSource = this.spring.getContext()
 				.getBean(MethodSecurityMetadataSource.class);
-
 		assertThat(methodInterceptor.getSecurityMetadataSource()).isSameAs(methodSecurityMetadataSource);
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/NamespaceGlobalMethodSecurityExpressionHandlerTests.java b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/NamespaceGlobalMethodSecurityExpressionHandlerTests.java
index 3c0532b3f3..90d0d45f08 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/NamespaceGlobalMethodSecurityExpressionHandlerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/NamespaceGlobalMethodSecurityExpressionHandlerTests.java
@@ -54,9 +54,7 @@ public class NamespaceGlobalMethodSecurityExpressionHandlerTests {
 	@WithMockUser
 	public void methodSecurityWhenUsingCustomPermissionEvaluatorThenPreAuthorizesAccordingly() {
 		this.spring.register(CustomAccessDecisionManagerConfig.class, MethodSecurityServiceConfig.class).autowire();
-
 		assertThatCode(() -> this.service.hasPermission("granted")).doesNotThrowAnyException();
-
 		assertThatThrownBy(() -> this.service.hasPermission("denied")).isInstanceOf(AccessDeniedException.class);
 	}
 
@@ -64,9 +62,7 @@ public class NamespaceGlobalMethodSecurityExpressionHandlerTests {
 	@WithMockUser
 	public void methodSecurityWhenUsingCustomPermissionEvaluatorThenPostAuthorizesAccordingly() {
 		this.spring.register(CustomAccessDecisionManagerConfig.class, MethodSecurityServiceConfig.class).autowire();
-
 		assertThatCode(() -> this.service.postHasPermission("granted")).doesNotThrowAnyException();
-
 		assertThatThrownBy(() -> this.service.postHasPermission("denied")).isInstanceOf(AccessDeniedException.class);
 	}
 
@@ -76,7 +72,6 @@ public class NamespaceGlobalMethodSecurityExpressionHandlerTests {
 		@Override
 		protected MethodSecurityExpressionHandler createExpressionHandler() {
 			DefaultMethodSecurityExpressionHandler expressionHandler = new DefaultMethodSecurityExpressionHandler();
-
 			expressionHandler.setPermissionEvaluator(new PermissionEvaluator() {
 				@Override
 				public boolean hasPermission(Authentication authentication, Object targetDomainObject,
@@ -90,7 +85,6 @@ public class NamespaceGlobalMethodSecurityExpressionHandlerTests {
 					throw new UnsupportedOperationException();
 				}
 			});
-
 			return expressionHandler;
 		}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/NamespaceGlobalMethodSecurityTests.java b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/NamespaceGlobalMethodSecurityTests.java
index 5266e15d28..e61d475da5 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/NamespaceGlobalMethodSecurityTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/NamespaceGlobalMethodSecurityTests.java
@@ -78,18 +78,14 @@ public class NamespaceGlobalMethodSecurityTests {
 	@WithMockUser
 	public void methodSecurityWhenCustomAccessDecisionManagerThenAuthorizes() {
 		this.spring.register(CustomAccessDecisionManagerConfig.class, MethodSecurityServiceConfig.class).autowire();
-
 		assertThatThrownBy(() -> this.service.preAuthorize()).isInstanceOf(AccessDeniedException.class);
-
 		assertThatThrownBy(() -> this.service.secured()).isInstanceOf(AccessDeniedException.class);
-
 	}
 
 	@Test
 	@WithMockUser
 	public void methodSecurityWhenCustomAfterInvocationManagerThenAuthorizes() {
 		this.spring.register(CustomAfterInvocationManagerConfig.class, MethodSecurityServiceConfig.class).autowire();
-
 		assertThatThrownBy(() -> this.service.preAuthorizePermitAll()).isInstanceOf(AccessDeniedException.class);
 	}
 
@@ -97,7 +93,6 @@ public class NamespaceGlobalMethodSecurityTests {
 	@WithMockUser
 	public void methodSecurityWhenCustomAuthenticationManagerThenAuthorizes() {
 		this.spring.register(CustomAuthenticationConfig.class, MethodSecurityServiceConfig.class).autowire();
-
 		assertThatThrownBy(() -> this.service.preAuthorize()).isInstanceOf(UnsupportedOperationException.class);
 	}
 
@@ -105,15 +100,10 @@ public class NamespaceGlobalMethodSecurityTests {
 	@WithMockUser
 	public void methodSecurityWhenJsr250EnabledThenAuthorizes() {
 		this.spring.register(Jsr250Config.class, MethodSecurityServiceConfig.class).autowire();
-
 		assertThatCode(() -> this.service.preAuthorize()).doesNotThrowAnyException();
-
 		assertThatCode(() -> this.service.secured()).doesNotThrowAnyException();
-
 		assertThatThrownBy(() -> this.service.jsr250()).isInstanceOf(AccessDeniedException.class);
-
 		assertThatCode(() -> this.service.jsr250PermitAll()).doesNotThrowAnyException();
-
 	}
 
 	@Test
@@ -121,11 +111,8 @@ public class NamespaceGlobalMethodSecurityTests {
 	public void methodSecurityWhenCustomMethodSecurityMetadataSourceThenAuthorizes() {
 		this.spring.register(CustomMethodSecurityMetadataSourceConfig.class, MethodSecurityServiceConfig.class)
 				.autowire();
-
 		assertThatThrownBy(() -> this.service.preAuthorize()).isInstanceOf(AccessDeniedException.class);
-
 		assertThatThrownBy(() -> this.service.secured()).isInstanceOf(AccessDeniedException.class);
-
 		assertThatThrownBy(() -> this.service.jsr250()).isInstanceOf(AccessDeniedException.class);
 	}
 
@@ -133,12 +120,10 @@ public class NamespaceGlobalMethodSecurityTests {
 	@WithMockUser
 	public void contextRefreshWhenUsingAspectJThenAutowire() throws Exception {
 		this.spring.register(AspectJModeConfig.class, MethodSecurityServiceConfig.class).autowire();
-
 		assertThat(this.spring.getContext().getBean(
 				Class.forName("org.springframework.security.access.intercept.aspectj.aspect.AnnotationSecurityAspect")))
 						.isNotNull();
 		assertThat(this.spring.getContext().getBean(AspectJMethodSecurityInterceptor.class)).isNotNull();
-
 		// TODO diagnose why aspectj isn't weaving method security advice around
 		// MethodSecurityServiceImpl
 	}
@@ -146,24 +131,19 @@ public class NamespaceGlobalMethodSecurityTests {
 	@Test
 	public void contextRefreshWhenUsingAspectJAndCustomGlobalMethodSecurityConfigurationThenAutowire()
 			throws Exception {
-
 		this.spring.register(AspectJModeExtendsGMSCConfig.class).autowire();
-
 		assertThat(this.spring.getContext().getBean(
 				Class.forName("org.springframework.security.access.intercept.aspectj.aspect.AnnotationSecurityAspect")))
 						.isNotNull();
 		assertThat(this.spring.getContext().getBean(AspectJMethodSecurityInterceptor.class)).isNotNull();
-
 	}
 
 	@Test
 	@WithMockUser
 	public void methodSecurityWhenOrderSpecifiedThenConfigured() {
 		this.spring.register(CustomOrderConfig.class, MethodSecurityServiceConfig.class).autowire();
-
 		assertThat(this.spring.getContext().getBean("metaDataSourceAdvisor", MethodSecurityMetadataSourceAdvisor.class)
 				.getOrder()).isEqualTo(-135);
-
 		assertThatThrownBy(() -> this.service.jsr250()).isInstanceOf(AccessDeniedException.class);
 	}
 
@@ -171,10 +151,8 @@ public class NamespaceGlobalMethodSecurityTests {
 	@WithMockUser
 	public void methodSecurityWhenOrderUnspecifiedThenConfiguredToLowestPrecedence() {
 		this.spring.register(DefaultOrderConfig.class, MethodSecurityServiceConfig.class).autowire();
-
 		assertThat(this.spring.getContext().getBean("metaDataSourceAdvisor", MethodSecurityMetadataSourceAdvisor.class)
 				.getOrder()).isEqualTo(Ordered.LOWEST_PRECEDENCE);
-
 		assertThatThrownBy(() -> this.service.jsr250()).isInstanceOf(UnsupportedOperationException.class);
 	}
 
@@ -183,10 +161,8 @@ public class NamespaceGlobalMethodSecurityTests {
 	public void methodSecurityWhenOrderUnspecifiedAndCustomGlobalMethodSecurityConfigurationThenConfiguredToLowestPrecedence() {
 		this.spring.register(DefaultOrderExtendsMethodSecurityConfig.class, MethodSecurityServiceConfig.class)
 				.autowire();
-
 		assertThat(this.spring.getContext().getBean("metaDataSourceAdvisor", MethodSecurityMetadataSourceAdvisor.class)
 				.getOrder()).isEqualTo(Ordered.LOWEST_PRECEDENCE);
-
 		assertThatThrownBy(() -> this.service.jsr250()).isInstanceOf(UnsupportedOperationException.class);
 	}
 
@@ -194,11 +170,8 @@ public class NamespaceGlobalMethodSecurityTests {
 	@WithMockUser
 	public void methodSecurityWhenPrePostEnabledThenPreAuthorizes() {
 		this.spring.register(PreAuthorizeConfig.class, MethodSecurityServiceConfig.class).autowire();
-
 		assertThatCode(() -> this.service.secured()).doesNotThrowAnyException();
-
 		assertThatCode(() -> this.service.jsr250()).doesNotThrowAnyException();
-
 		assertThatThrownBy(() -> this.service.preAuthorize()).isInstanceOf(AccessDeniedException.class);
 	}
 
@@ -206,11 +179,8 @@ public class NamespaceGlobalMethodSecurityTests {
 	@WithMockUser
 	public void methodSecurityWhenPrePostEnabledAndCustomGlobalMethodSecurityConfigurationThenPreAuthorizes() {
 		this.spring.register(PreAuthorizeExtendsGMSCConfig.class, MethodSecurityServiceConfig.class).autowire();
-
 		assertThatCode(() -> this.service.secured()).doesNotThrowAnyException();
-
 		assertThatCode(() -> this.service.jsr250()).doesNotThrowAnyException();
-
 		assertThatThrownBy(() -> this.service.preAuthorize()).isInstanceOf(AccessDeniedException.class);
 	}
 
@@ -218,10 +188,8 @@ public class NamespaceGlobalMethodSecurityTests {
 	@WithMockUser
 	public void methodSecurityWhenProxyTargetClassThenDoesNotWireToInterface() {
 		this.spring.register(ProxyTargetClassConfig.class, MethodSecurityServiceConfig.class).autowire();
-
 		// make sure service was actually proxied
 		assertThat(this.service.getClass().getInterfaces()).doesNotContain(MethodSecurityService.class);
-
 		assertThatThrownBy(() -> this.service.preAuthorize()).isInstanceOf(AccessDeniedException.class);
 	}
 
@@ -229,9 +197,7 @@ public class NamespaceGlobalMethodSecurityTests {
 	@WithMockUser
 	public void methodSecurityWhenDefaultProxyThenWiresToInterface() {
 		this.spring.register(DefaultProxyConfig.class, MethodSecurityServiceConfig.class).autowire();
-
 		assertThat(this.service.getClass().getInterfaces()).contains(MethodSecurityService.class);
-
 		assertThatThrownBy(() -> this.service.preAuthorize()).isInstanceOf(AccessDeniedException.class);
 	}
 
@@ -239,7 +205,6 @@ public class NamespaceGlobalMethodSecurityTests {
 	@WithMockUser
 	public void methodSecurityWhenCustomRunAsManagerThenRunAsWrapsAuthentication() {
 		this.spring.register(CustomRunAsManagerConfig.class, MethodSecurityServiceConfig.class).autowire();
-
 		assertThat(this.service.runAs().getAuthorities())
 				.anyMatch((authority) -> "ROLE_RUN_AS_SUPER".equals(authority.getAuthority()));
 	}
@@ -248,13 +213,9 @@ public class NamespaceGlobalMethodSecurityTests {
 	@WithMockUser
 	public void methodSecurityWhenSecuredEnabledThenSecures() {
 		this.spring.register(SecuredConfig.class, MethodSecurityServiceConfig.class).autowire();
-
 		assertThatThrownBy(() -> this.service.secured()).isInstanceOf(AccessDeniedException.class);
-
 		assertThatCode(() -> this.service.securedUser()).doesNotThrowAnyException();
-
 		assertThatCode(() -> this.service.preAuthorize()).doesNotThrowAnyException();
-
 		assertThatCode(() -> this.service.jsr250()).doesNotThrowAnyException();
 	}
 
@@ -269,11 +230,8 @@ public class NamespaceGlobalMethodSecurityTests {
 	@WithMockUser
 	public void methodSecurityWhenImportingGlobalMethodSecurityConfigurationSubclassThenAuthorizes() {
 		this.spring.register(ImportSubclassGMSCConfig.class, MethodSecurityServiceConfig.class).autowire();
-
 		assertThatCode(() -> this.service.secured()).doesNotThrowAnyException();
-
 		assertThatCode(() -> this.service.jsr250()).doesNotThrowAnyException();
-
 		assertThatThrownBy(() -> this.service.preAuthorize()).isInstanceOf(AccessDeniedException.class);
 	}
 
@@ -320,7 +278,6 @@ public class NamespaceGlobalMethodSecurityTests {
 			@Override
 			public Object decide(Authentication authentication, Object object, Collection<ConfigAttribute> attributes,
 					Object returnedObject) throws AccessDeniedException {
-
 				throw new AccessDeniedException("custom AfterInvocationManager");
 			}
 
@@ -403,7 +360,6 @@ public class NamespaceGlobalMethodSecurityTests {
 				BeanDefinitionRegistry registry) {
 			BeanDefinitionBuilder advice = BeanDefinitionBuilder.rootBeanDefinition(ExceptingInterceptor.class);
 			registry.registerBeanDefinition("exceptingInterceptor", advice.getBeanDefinition());
-
 			BeanDefinitionBuilder advisor = BeanDefinitionBuilder
 					.rootBeanDefinition(MethodSecurityMetadataSourceAdvisor.class);
 			advisor.setRole(BeanDefinition.ROLE_INFRASTRUCTURE);
diff --git a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecurityConfigurationTests.java
index 961e0e3bf1..f4c7d66b2f 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecurityConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecurityConfigurationTests.java
@@ -46,15 +46,12 @@ public class ReactiveMethodSecurityConfigurationTests {
 	@Test
 	public void rolePrefixWithGrantedAuthorityDefaults() throws NoSuchMethodException {
 		this.spring.register(WithRolePrefixConfiguration.class).autowire();
-
 		TestingAuthenticationToken authentication = new TestingAuthenticationToken("principal", "credential",
 				"CUSTOM_ABC");
 		MockMethodInvocation methodInvocation = new MockMethodInvocation(new Foo(), Foo.class, "bar", String.class);
-
 		EvaluationContext context = this.methodSecurityExpressionHandler.createEvaluationContext(authentication,
 				methodInvocation);
 		SecurityExpressionRoot root = (SecurityExpressionRoot) context.getRootObject().getValue();
-
 		assertThat(root.hasRole("ROLE_ABC")).isFalse();
 		assertThat(root.hasRole("ROLE_CUSTOM_ABC")).isFalse();
 		assertThat(root.hasRole("CUSTOM_ABC")).isTrue();
@@ -64,15 +61,12 @@ public class ReactiveMethodSecurityConfigurationTests {
 	@Test
 	public void rolePrefixWithDefaultConfig() throws NoSuchMethodException {
 		this.spring.register(ReactiveMethodSecurityConfiguration.class).autowire();
-
 		TestingAuthenticationToken authentication = new TestingAuthenticationToken("principal", "credential",
 				"ROLE_ABC");
 		MockMethodInvocation methodInvocation = new MockMethodInvocation(new Foo(), Foo.class, "bar", String.class);
-
 		EvaluationContext context = this.methodSecurityExpressionHandler.createEvaluationContext(authentication,
 				methodInvocation);
 		SecurityExpressionRoot root = (SecurityExpressionRoot) context.getRootObject().getValue();
-
 		assertThat(root.hasRole("ROLE_ABC")).isTrue();
 		assertThat(root.hasRole("ABC")).isTrue();
 	}
@@ -80,15 +74,12 @@ public class ReactiveMethodSecurityConfigurationTests {
 	@Test
 	public void rolePrefixWithGrantedAuthorityDefaultsAndSubclassWithProxyingEnabled() throws NoSuchMethodException {
 		this.spring.register(SubclassConfig.class).autowire();
-
 		TestingAuthenticationToken authentication = new TestingAuthenticationToken("principal", "credential",
 				"ROLE_ABC");
 		MockMethodInvocation methodInvocation = new MockMethodInvocation(new Foo(), Foo.class, "bar", String.class);
-
 		EvaluationContext context = this.methodSecurityExpressionHandler.createEvaluationContext(authentication,
 				methodInvocation);
 		SecurityExpressionRoot root = (SecurityExpressionRoot) context.getRootObject().getValue();
-
 		assertThat(root.hasRole("ROLE_ABC")).isTrue();
 		assertThat(root.hasRole("ABC")).isTrue();
 	}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/SampleEnableGlobalMethodSecurityTests.java b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/SampleEnableGlobalMethodSecurityTests.java
index 91ad7a5c96..4984b241eb 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/SampleEnableGlobalMethodSecurityTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/SampleEnableGlobalMethodSecurityTests.java
@@ -60,19 +60,15 @@ public class SampleEnableGlobalMethodSecurityTests {
 	@Test
 	public void preAuthorize() {
 		this.spring.register(SampleWebSecurityConfig.class).autowire();
-
 		assertThat(this.methodSecurityService.secured()).isNull();
 		assertThat(this.methodSecurityService.jsr250()).isNull();
-
 		assertThatThrownBy(() -> this.methodSecurityService.preAuthorize()).isInstanceOf(AccessDeniedException.class);
 	}
 
 	@Test
 	public void customPermissionHandler() {
 		this.spring.register(CustomPermissionEvaluatorWebSecurityConfig.class).autowire();
-
 		assertThat(this.methodSecurityService.hasPermission("allowed")).isNull();
-
 		assertThatThrownBy(() -> this.methodSecurityService.hasPermission("denied"))
 				.isInstanceOf(AccessDeniedException.class);
 	}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/sec2758/Sec2758Tests.java b/config/src/test/java/org/springframework/security/config/annotation/sec2758/Sec2758Tests.java
index 80472bb588..bbca9375c7 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/sec2758/Sec2758Tests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/sec2758/Sec2758Tests.java
@@ -68,20 +68,15 @@ public class Sec2758Tests {
 	@WithMockUser(authorities = "CUSTOM")
 	@Test
 	public void requestWhenNullifyingRolePrefixThenPassivityRestored() throws Exception {
-
 		this.spring.register(SecurityConfig.class).autowire();
-
 		this.mvc.perform(get("/")).andExpect(status().isOk());
 	}
 
 	@WithMockUser(authorities = "CUSTOM")
 	@Test
 	public void methodSecurityWhenNullifyingRolePrefixThenPassivityRestored() {
-
 		this.spring.register(SecurityConfig.class).autowire();
-
 		assertThatCode(() -> this.service.doJsr250()).doesNotThrowAnyException();
-
 		assertThatCode(() -> this.service.doPreAuthorize()).doesNotThrowAnyException();
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistryAnyMatcherTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistryAnyMatcherTests.java
index bf6cbe1e3e..98232d5a6d 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistryAnyMatcherTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistryAnyMatcherTests.java
@@ -77,7 +77,6 @@ public class AbstractRequestMatcherRegistryAnyMatcherTests {
 				.anyRequest().authenticated()
 				.antMatchers("/demo/**").permitAll();
 			// @formatter:on
-
 		}
 
 	}
@@ -93,7 +92,6 @@ public class AbstractRequestMatcherRegistryAnyMatcherTests {
 				.anyRequest().authenticated()
 				.mvcMatchers("/demo/**").permitAll();
 			// @formatter:on
-
 		}
 
 	}
@@ -109,7 +107,6 @@ public class AbstractRequestMatcherRegistryAnyMatcherTests {
 				.anyRequest().authenticated()
 				.regexMatchers(".*").permitAll();
 			// @formatter:on
-
 		}
 
 	}
@@ -125,7 +122,6 @@ public class AbstractRequestMatcherRegistryAnyMatcherTests {
 				.anyRequest().authenticated()
 				.anyRequest().permitAll();
 			// @formatter:on
-
 		}
 
 	}
@@ -141,7 +137,6 @@ public class AbstractRequestMatcherRegistryAnyMatcherTests {
 				.anyRequest().authenticated()
 				.requestMatchers(new AntPathRequestMatcher("/**")).permitAll();
 			// @formatter:on
-
 		}
 
 	}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/SampleWebSecurityConfigurerAdapterTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/SampleWebSecurityConfigurerAdapterTests.java
index 53aff06eec..8250a819ad 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/SampleWebSecurityConfigurerAdapterTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/SampleWebSecurityConfigurerAdapterTests.java
@@ -69,7 +69,6 @@ public class SampleWebSecurityConfigurerAdapterTests {
 		this.request = new MockHttpServletRequest("GET", "");
 		this.response = new MockHttpServletResponse();
 		this.chain = new MockFilterChain();
-
 		CsrfToken csrfToken = new DefaultCsrfToken("X-CSRF-TOKEN", "_csrf", "CSRF-TOKEN-TEST");
 		new HttpSessionCsrfTokenRepository().saveToken(csrfToken, this.request, this.response);
 		this.request.setParameter(csrfToken.getParameterName(), csrfToken.getToken());
@@ -78,136 +77,112 @@ public class SampleWebSecurityConfigurerAdapterTests {
 	@Test
 	public void helloWorldSampleWhenRequestSecureResourceThenRedirectToLogin() throws Exception {
 		this.spring.register(HelloWorldWebSecurityConfigurerAdapter.class).autowire();
-
 		this.request.addHeader("Accept", "text/html");
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
 		assertThat(this.response.getRedirectedUrl()).isEqualTo("http://localhost/login");
 	}
 
 	@Test
 	public void helloWorldSampleWhenRequestLoginWithoutCredentialsThenRedirectToLogin() throws Exception {
 		this.spring.register(HelloWorldWebSecurityConfigurerAdapter.class).autowire();
-
 		this.request.setServletPath("/login");
 		this.request.setMethod("POST");
 		this.request.addHeader("Accept", "text/html");
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
 		assertThat(this.response.getRedirectedUrl()).isEqualTo("/login?error");
 	}
 
 	@Test
 	public void helloWorldSampleWhenRequestLoginWithValidCredentialsThenRedirectToIndex() throws Exception {
 		this.spring.register(HelloWorldWebSecurityConfigurerAdapter.class).autowire();
-
 		this.request.setServletPath("/login");
 		this.request.setMethod("POST");
 		this.request.addHeader("Accept", "text/html");
 		this.request.addParameter("username", "user");
 		this.request.addParameter("password", "password");
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
 		assertThat(this.response.getRedirectedUrl()).isEqualTo("/");
 	}
 
 	@Test
 	public void readmeSampleWhenRequestSecureResourceThenRedirectToLogin() throws Exception {
 		this.spring.register(SampleWebSecurityConfigurerAdapter.class).autowire();
-
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
 		assertThat(this.response.getRedirectedUrl()).isEqualTo("http://localhost/login");
 	}
 
 	@Test
 	public void readmeSampleWhenRequestLoginWithoutCredentialsThenRedirectToLogin() throws Exception {
 		this.spring.register(SampleWebSecurityConfigurerAdapter.class).autowire();
-
 		this.request.setServletPath("/login");
 		this.request.setMethod("POST");
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
 		assertThat(this.response.getRedirectedUrl()).isEqualTo("/login?error");
 	}
 
 	@Test
 	public void readmeSampleWhenRequestLoginWithValidCredentialsThenRedirectToIndex() throws Exception {
 		this.spring.register(SampleWebSecurityConfigurerAdapter.class).autowire();
-
 		this.request.setServletPath("/login");
 		this.request.setMethod("POST");
 		this.request.addParameter("username", "user");
 		this.request.addParameter("password", "password");
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
 		assertThat(this.response.getRedirectedUrl()).isEqualTo("/");
 	}
 
 	@Test
 	public void multiHttpSampleWhenRequestSecureResourceThenRedirectToLogin() throws Exception {
 		this.spring.register(SampleMultiHttpSecurityConfig.class).autowire();
-
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
 		assertThat(this.response.getRedirectedUrl()).isEqualTo("http://localhost/login");
 	}
 
 	@Test
 	public void multiHttpSampleWhenRequestLoginWithoutCredentialsThenRedirectToLogin() throws Exception {
 		this.spring.register(SampleMultiHttpSecurityConfig.class).autowire();
-
 		this.request.setServletPath("/login");
 		this.request.setMethod("POST");
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
 		assertThat(this.response.getRedirectedUrl()).isEqualTo("/login?error");
 	}
 
 	@Test
 	public void multiHttpSampleWhenRequestLoginWithValidCredentialsThenRedirectToIndex() throws Exception {
 		this.spring.register(SampleMultiHttpSecurityConfig.class).autowire();
-
 		this.request.setServletPath("/login");
 		this.request.setMethod("POST");
 		this.request.addParameter("username", "user");
 		this.request.addParameter("password", "password");
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
 		assertThat(this.response.getRedirectedUrl()).isEqualTo("/");
 	}
 
 	@Test
 	public void multiHttpSampleWhenRequestProtectedResourceThenStatusUnauthorized() throws Exception {
 		this.spring.register(SampleMultiHttpSecurityConfig.class).autowire();
-
 		this.request.setServletPath("/api/admin/test");
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
 	}
 
 	@Test
 	public void multiHttpSampleWhenRequestAdminResourceWithRegularUserThenStatusForbidden() throws Exception {
 		this.spring.register(SampleMultiHttpSecurityConfig.class).autowire();
-
 		this.request.setServletPath("/api/admin/test");
 		this.request.addHeader("Authorization",
 				"Basic " + Base64.getEncoder().encodeToString("user:password".getBytes()));
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_FORBIDDEN);
 	}
 
 	@Test
 	public void multiHttpSampleWhenRequestAdminResourceWithAdminUserThenStatusOk() throws Exception {
 		this.spring.register(SampleMultiHttpSecurityConfig.class).autowire();
-
 		this.request.setServletPath("/api/admin/test");
 		this.request.addHeader("Authorization",
 				"Basic " + Base64.getEncoder().encodeToString("admin:password".getBytes()));
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterPowermockTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterPowermockTests.java
index 7a46bdddcb..cccc804823 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterPowermockTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterPowermockTests.java
@@ -84,9 +84,7 @@ public class WebSecurityConfigurerAdapterPowermockTests {
 		PowerMockito
 				.when(SpringFactoriesLoader.loadFactories(AbstractHttpConfigurer.class, getClass().getClassLoader()))
 				.thenReturn(Arrays.<AbstractHttpConfigurer>asList(configurer));
-
 		loadConfig(Config.class);
-
 		assertThat(configurer.init).isTrue();
 		assertThat(configurer.configure).isTrue();
 	}
@@ -94,21 +92,16 @@ public class WebSecurityConfigurerAdapterPowermockTests {
 	@Test
 	public void loadConfigWhenDefaultConfigThenWebAsyncManagerIntegrationFilterAdded() throws Exception {
 		this.spring.register(WebAsyncPopulatedByDefaultConfig.class).autowire();
-
 		WebAsyncManager webAsyncManager = mock(WebAsyncManager.class);
-
 		this.mockMvc.perform(get("/").requestAttr(WebAsyncUtils.WEB_ASYNC_MANAGER_ATTRIBUTE, webAsyncManager));
-
 		ArgumentCaptor<CallableProcessingInterceptor> callableProcessingInterceptorArgCaptor = ArgumentCaptor
 				.forClass(CallableProcessingInterceptor.class);
 		verify(webAsyncManager, atLeastOnce()).registerCallableInterceptor(any(),
 				callableProcessingInterceptorArgCaptor.capture());
-
 		CallableProcessingInterceptor callableProcessingInterceptor = callableProcessingInterceptorArgCaptor
 				.getAllValues().stream()
 				.filter((e) -> SecurityContextCallableProcessingInterceptor.class.isAssignableFrom(e.getClass()))
 				.findFirst().orElse(null);
-
 		assertThat(callableProcessingInterceptor).isNotNull();
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterTests.java
index 8c0d1914f5..68b3b22b1e 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterTests.java
@@ -84,7 +84,6 @@ public class WebSecurityConfigurerAdapterTests {
 	@Test
 	public void loadConfigWhenRequestSecureThenDefaultSecurityHeadersReturned() throws Exception {
 		this.spring.register(HeadersArePopulatedByDefaultConfig.class).autowire();
-
 		this.mockMvc.perform(get("/").secure(true)).andExpect(header().string("X-Content-Type-Options", "nosniff"))
 				.andExpect(header().string("X-Frame-Options", "DENY"))
 				.andExpect(header().string("Strict-Transport-Security", "max-age=31536000 ; includeSubDomains"))
@@ -96,9 +95,7 @@ public class WebSecurityConfigurerAdapterTests {
 	@Test
 	public void loadConfigWhenRequestAuthenticateThenAuthenticationEventPublished() throws Exception {
 		this.spring.register(InMemoryAuthWithWebSecurityConfigurerAdapter.class).autowire();
-
 		this.mockMvc.perform(formLogin()).andExpect(status().is3xxRedirection());
-
 		assertThat(InMemoryAuthWithWebSecurityConfigurerAdapter.EVENTS).isNotEmpty();
 		assertThat(InMemoryAuthWithWebSecurityConfigurerAdapter.EVENTS).hasSize(1);
 	}
@@ -106,9 +103,7 @@ public class WebSecurityConfigurerAdapterTests {
 	@Test
 	public void loadConfigWhenInMemoryConfigureProtectedThenPasswordUpgraded() throws Exception {
 		this.spring.register(InMemoryConfigureProtectedConfig.class).autowire();
-
 		this.mockMvc.perform(formLogin()).andExpect(status().is3xxRedirection());
-
 		UserDetailsService uds = this.spring.getContext().getBean(UserDetailsService.class);
 		assertThat(uds.loadUserByUsername("user").getPassword()).startsWith("{bcrypt}");
 	}
@@ -116,9 +111,7 @@ public class WebSecurityConfigurerAdapterTests {
 	@Test
 	public void loadConfigWhenInMemoryConfigureGlobalThenPasswordUpgraded() throws Exception {
 		this.spring.register(InMemoryConfigureGlobalConfig.class).autowire();
-
 		this.mockMvc.perform(formLogin()).andExpect(status().is3xxRedirection());
-
 		UserDetailsService uds = this.spring.getContext().getBean(UserDetailsService.class);
 		assertThat(uds.loadUserByUsername("user").getPassword()).startsWith("{bcrypt}");
 	}
@@ -128,10 +121,8 @@ public class WebSecurityConfigurerAdapterTests {
 		OverrideContentNegotiationStrategySharedObjectConfig.CONTENT_NEGOTIATION_STRATEGY_BEAN = mock(
 				ContentNegotiationStrategy.class);
 		this.spring.register(OverrideContentNegotiationStrategySharedObjectConfig.class).autowire();
-
 		OverrideContentNegotiationStrategySharedObjectConfig securityConfig = this.spring.getContext()
 				.getBean(OverrideContentNegotiationStrategySharedObjectConfig.class);
-
 		assertThat(securityConfig.contentNegotiationStrategySharedObject).isNotNull();
 		assertThat(securityConfig.contentNegotiationStrategySharedObject)
 				.isSameAs(OverrideContentNegotiationStrategySharedObjectConfig.CONTENT_NEGOTIATION_STRATEGY_BEAN);
@@ -140,10 +131,8 @@ public class WebSecurityConfigurerAdapterTests {
 	@Test
 	public void loadConfigWhenDefaultContentNegotiationStrategyThenHeaderContentNegotiationStrategy() {
 		this.spring.register(ContentNegotiationStrategyDefaultSharedObjectConfig.class).autowire();
-
 		ContentNegotiationStrategyDefaultSharedObjectConfig securityConfig = this.spring.getContext()
 				.getBean(ContentNegotiationStrategyDefaultSharedObjectConfig.class);
-
 		assertThat(securityConfig.contentNegotiationStrategySharedObject).isNotNull();
 		assertThat(securityConfig.contentNegotiationStrategySharedObject)
 				.isInstanceOf(HeaderContentNegotiationStrategy.class);
@@ -152,9 +141,7 @@ public class WebSecurityConfigurerAdapterTests {
 	@Test
 	public void loadConfigWhenUserDetailsServiceHasCircularReferenceThenStillLoads() {
 		this.spring.register(RequiresUserDetailsServiceConfig.class, UserDetailsServiceConfig.class).autowire();
-
 		MyFilter myFilter = this.spring.getContext().getBean(MyFilter.class);
-
 		assertThatCode(() -> myFilter.userDetailsService.loadUserByUsername("user")).doesNotThrowAnyException();
 		assertThatExceptionOfType(UsernameNotFoundException.class)
 				.isThrownBy(() -> myFilter.userDetailsService.loadUserByUsername("admin"));
@@ -164,10 +151,8 @@ public class WebSecurityConfigurerAdapterTests {
 	@Test
 	public void loadConfigWhenSharedObjectsCreatedThenApplicationContextAdded() {
 		this.spring.register(ApplicationContextSharedObjectConfig.class).autowire();
-
 		ApplicationContextSharedObjectConfig securityConfig = this.spring.getContext()
 				.getBean(ApplicationContextSharedObjectConfig.class);
-
 		assertThat(securityConfig.applicationContextSharedObject).isNotNull();
 		assertThat(securityConfig.applicationContextSharedObject).isSameAs(this.spring.getContext());
 	}
@@ -176,9 +161,7 @@ public class WebSecurityConfigurerAdapterTests {
 	public void loadConfigWhenCustomAuthenticationTrustResolverBeanThenOverridesDefault() {
 		CustomTrustResolverConfig.AUTHENTICATION_TRUST_RESOLVER_BEAN = mock(AuthenticationTrustResolver.class);
 		this.spring.register(CustomTrustResolverConfig.class).autowire();
-
 		CustomTrustResolverConfig securityConfig = this.spring.getContext().getBean(CustomTrustResolverConfig.class);
-
 		assertThat(securityConfig.authenticationTrustResolverSharedObject).isNotNull();
 		assertThat(securityConfig.authenticationTrustResolverSharedObject)
 				.isSameAs(CustomTrustResolverConfig.AUTHENTICATION_TRUST_RESOLVER_BEAN);
@@ -195,12 +178,9 @@ public class WebSecurityConfigurerAdapterTests {
 	@Test
 	public void performWhenUsingAuthenticationEventPublisherBeanThenUses() throws Exception {
 		this.spring.register(CustomAuthenticationEventPublisherBean.class).autowire();
-
 		AuthenticationEventPublisher authenticationEventPublisher = this.spring.getContext()
 				.getBean(AuthenticationEventPublisher.class);
-
 		this.mockMvc.perform(get("/").with(httpBasic("user", "password")));
-
 		verify(authenticationEventPublisher).publishAuthenticationSuccess(any(Authentication.class));
 	}
 
@@ -208,14 +188,11 @@ public class WebSecurityConfigurerAdapterTests {
 	@Test
 	public void performWhenUsingAuthenticationEventPublisherInDslThenUses() throws Exception {
 		this.spring.register(CustomAuthenticationEventPublisherDsl.class).autowire();
-
 		AuthenticationEventPublisher authenticationEventPublisher = CustomAuthenticationEventPublisherDsl.EVENT_PUBLISHER;
-
 		this.mockMvc.perform(get("/").with(httpBasic("user", "password"))); // fails since
 																			// no
 																			// providers
 																			// configured
-
 		verify(authenticationEventPublisher).publishAuthenticationFailure(any(AuthenticationException.class),
 				any(Authentication.class));
 	}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/builders/HttpConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/builders/HttpConfigurationTests.java
index 404fcc566e..5fa3a802fa 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/builders/HttpConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/builders/HttpConfigurationTests.java
@@ -74,9 +74,7 @@ public class HttpConfigurationTests {
 	public void configureWhenAddFilterCasAuthenticationFilterThenFilterAdded() throws Exception {
 		CasAuthenticationFilterConfig.CAS_AUTHENTICATION_FILTER = spy(new CasAuthenticationFilter());
 		this.spring.register(CasAuthenticationFilterConfig.class).autowire();
-
 		this.mockMvc.perform(get("/"));
-
 		verify(CasAuthenticationFilterConfig.CAS_AUTHENTICATION_FILTER).doFilter(any(ServletRequest.class),
 				any(ServletResponse.class), any(FilterChain.class));
 	}
@@ -84,7 +82,6 @@ public class HttpConfigurationTests {
 	@Test
 	public void configureWhenConfigIsRequestMatchersJavadocThenAuthorizationApplied() throws Exception {
 		this.spring.register(RequestMatcherRegistryConfigs.class).autowire();
-
 		this.mockMvc.perform(get("/oauth/a")).andExpect(status().isUnauthorized());
 		this.mockMvc.perform(get("/oauth/b")).andExpect(status().isUnauthorized());
 		this.mockMvc.perform(get("/api/a")).andExpect(status().isUnauthorized());
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/builders/NamespaceHttpTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/builders/NamespaceHttpTests.java
index 3ae4b97201..4dbdf6dd1b 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/builders/NamespaceHttpTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/builders/NamespaceHttpTests.java
@@ -93,11 +93,8 @@ public class NamespaceHttpTests {
 		given(AccessDecisionManagerRefConfig.ACCESS_DECISION_MANAGER.supports(FilterInvocation.class)).willReturn(true);
 		given(AccessDecisionManagerRefConfig.ACCESS_DECISION_MANAGER.supports(any(ConfigAttribute.class)))
 				.willReturn(true);
-
 		this.spring.register(AccessDecisionManagerRefConfig.class).autowire();
-
 		this.mockMvc.perform(get("/"));
-
 		verify(AccessDecisionManagerRefConfig.ACCESS_DECISION_MANAGER, times(1)).decide(any(Authentication.class),
 				any(), anyCollection());
 	}
@@ -105,7 +102,6 @@ public class NamespaceHttpTests {
 	@Test // http@access-denied-page
 	public void configureWhenAccessDeniedPageSetAndRequestForbiddenThenForwardedToAccessDeniedPage() throws Exception {
 		this.spring.register(AccessDeniedPageConfig.class).autowire();
-
 		this.mockMvc.perform(get("/admin").with(user(PasswordEncodedUser.user()))).andExpect(status().isForbidden())
 				.andExpect(forwardedUrl("/AccessDeniedPage"));
 	}
@@ -114,19 +110,15 @@ public class NamespaceHttpTests {
 	public void configureWhenAuthenticationManagerProvidedThenVerifyUse() throws Exception {
 		AuthenticationManagerRefConfig.AUTHENTICATION_MANAGER = mock(AuthenticationManager.class);
 		this.spring.register(AuthenticationManagerRefConfig.class).autowire();
-
 		this.mockMvc.perform(formLogin());
-
 		verify(AuthenticationManagerRefConfig.AUTHENTICATION_MANAGER, times(1)).authenticate(any(Authentication.class));
 	}
 
 	@Test // http@create-session=always
 	public void configureWhenSessionCreationPolicyAlwaysThenSessionCreatedOnRequest() throws Exception {
 		this.spring.register(CreateSessionAlwaysConfig.class).autowire();
-
 		MvcResult mvcResult = this.mockMvc.perform(get("/")).andReturn();
 		HttpSession session = mvcResult.getRequest().getSession(false);
-
 		assertThat(session).isNotNull();
 		assertThat(session.isNew()).isTrue();
 	}
@@ -134,25 +126,19 @@ public class NamespaceHttpTests {
 	@Test // http@create-session=stateless
 	public void configureWhenSessionCreationPolicyStatelessThenSessionNotCreatedOnRequest() throws Exception {
 		this.spring.register(CreateSessionStatelessConfig.class).autowire();
-
 		MvcResult mvcResult = this.mockMvc.perform(get("/")).andReturn();
 		HttpSession session = mvcResult.getRequest().getSession(false);
-
 		assertThat(session).isNull();
 	}
 
 	@Test // http@create-session=ifRequired
 	public void configureWhenSessionCreationPolicyIfRequiredThenSessionCreatedWhenRequiredOnRequest() throws Exception {
 		this.spring.register(IfRequiredConfig.class).autowire();
-
 		MvcResult mvcResult = this.mockMvc.perform(get("/unsecure")).andReturn();
 		HttpSession session = mvcResult.getRequest().getSession(false);
-
 		assertThat(session).isNull();
-
 		mvcResult = this.mockMvc.perform(formLogin()).andReturn();
 		session = mvcResult.getRequest().getSession(false);
-
 		assertThat(session).isNotNull();
 		assertThat(session.isNew()).isTrue();
 	}
@@ -160,10 +146,8 @@ public class NamespaceHttpTests {
 	@Test // http@create-session=never
 	public void configureWhenSessionCreationPolicyNeverThenSessionNotCreatedOnRequest() throws Exception {
 		this.spring.register(CreateSessionNeverConfig.class).autowire();
-
 		MvcResult mvcResult = this.mockMvc.perform(get("/")).andReturn();
 		HttpSession session = mvcResult.getRequest().getSession(false);
-
 		assertThat(session).isNull();
 	}
 
@@ -171,7 +155,6 @@ public class NamespaceHttpTests {
 	public void configureWhenAuthenticationEntryPointSetAndRequestUnauthorizedThenRedirectedToAuthenticationEntryPoint()
 			throws Exception {
 		this.spring.register(EntryPointRefConfig.class).autowire();
-
 		this.mockMvc.perform(get("/")).andExpect(status().is3xxRedirection())
 				.andExpect(redirectedUrlPattern("**/entry-point"));
 	}
@@ -180,22 +163,17 @@ public class NamespaceHttpTests {
 	public void configureWhenJaasApiIntegrationFilterAddedThenJaasSubjectObtained() throws Exception {
 		LoginContext loginContext = mock(LoginContext.class);
 		given(loginContext.getSubject()).willReturn(new Subject());
-
 		JaasAuthenticationToken authenticationToken = mock(JaasAuthenticationToken.class);
 		given(authenticationToken.isAuthenticated()).willReturn(true);
 		given(authenticationToken.getLoginContext()).willReturn(loginContext);
-
 		this.spring.register(JaasApiProvisionConfig.class).autowire();
-
 		this.mockMvc.perform(get("/").with(authentication(authenticationToken)));
-
 		verify(loginContext, times(1)).getSubject();
 	}
 
 	@Test // http@realm
 	public void configureWhenHttpBasicAndRequestUnauthorizedThenReturnWWWAuthenticateWithRealm() throws Exception {
 		this.spring.register(RealmConfig.class).autowire();
-
 		this.mockMvc.perform(get("/")).andExpect(status().isUnauthorized())
 				.andExpect(header().string("WWW-Authenticate", "Basic realm=\"RealmConfig\""));
 	}
@@ -203,9 +181,7 @@ public class NamespaceHttpTests {
 	@Test // http@request-matcher-ref ant
 	public void configureWhenAntPatternMatchingThenAntPathRequestMatcherUsed() {
 		this.spring.register(RequestMatcherAntConfig.class).autowire();
-
 		FilterChainProxy filterChainProxy = this.spring.getContext().getBean(FilterChainProxy.class);
-
 		assertThat(filterChainProxy.getFilterChains().get(0)).isInstanceOf(DefaultSecurityFilterChain.class);
 		DefaultSecurityFilterChain securityFilterChain = (DefaultSecurityFilterChain) filterChainProxy.getFilterChains()
 				.get(0);
@@ -215,9 +191,7 @@ public class NamespaceHttpTests {
 	@Test // http@request-matcher-ref regex
 	public void configureWhenRegexPatternMatchingThenRegexRequestMatcherUsed() {
 		this.spring.register(RequestMatcherRegexConfig.class).autowire();
-
 		FilterChainProxy filterChainProxy = this.spring.getContext().getBean(FilterChainProxy.class);
-
 		assertThat(filterChainProxy.getFilterChains().get(0)).isInstanceOf(DefaultSecurityFilterChain.class);
 		DefaultSecurityFilterChain securityFilterChain = (DefaultSecurityFilterChain) filterChainProxy.getFilterChains()
 				.get(0);
@@ -227,9 +201,7 @@ public class NamespaceHttpTests {
 	@Test // http@request-matcher-ref
 	public void configureWhenRequestMatcherProvidedThenRequestMatcherUsed() {
 		this.spring.register(RequestMatcherRefConfig.class).autowire();
-
 		FilterChainProxy filterChainProxy = this.spring.getContext().getBean(FilterChainProxy.class);
-
 		assertThat(filterChainProxy.getFilterChains().get(0)).isInstanceOf(DefaultSecurityFilterChain.class);
 		DefaultSecurityFilterChain securityFilterChain = (DefaultSecurityFilterChain) filterChainProxy.getFilterChains()
 				.get(0);
@@ -240,9 +212,7 @@ public class NamespaceHttpTests {
 	@Test // http@security=none
 	public void configureWhenIgnoredAntPatternsThenAntPathRequestMatcherUsedWithNoFilters() {
 		this.spring.register(SecurityNoneConfig.class).autowire();
-
 		FilterChainProxy filterChainProxy = this.spring.getContext().getBean(FilterChainProxy.class);
-
 		assertThat(filterChainProxy.getFilterChains().get(0)).isInstanceOf(DefaultSecurityFilterChain.class);
 		DefaultSecurityFilterChain securityFilterChain = (DefaultSecurityFilterChain) filterChainProxy.getFilterChains()
 				.get(0);
@@ -250,7 +220,6 @@ public class NamespaceHttpTests {
 		assertThat(((AntPathRequestMatcher) securityFilterChain.getRequestMatcher()).getPattern())
 				.isEqualTo("/resources/**");
 		assertThat(securityFilterChain.getFilters()).isEmpty();
-
 		assertThat(filterChainProxy.getFilterChains().get(1)).isInstanceOf(DefaultSecurityFilterChain.class);
 		securityFilterChain = (DefaultSecurityFilterChain) filterChainProxy.getFilterChains().get(1);
 		assertThat(securityFilterChain.getRequestMatcher()).isInstanceOf(AntPathRequestMatcher.class);
@@ -262,7 +231,6 @@ public class NamespaceHttpTests {
 	@Test // http@security-context-repository-ref
 	public void configureWhenNullSecurityContextRepositoryThenSecurityContextNotSavedInSession() throws Exception {
 		this.spring.register(SecurityContextRepoConfig.class).autowire();
-
 		MvcResult mvcResult = this.mockMvc.perform(formLogin()).andReturn();
 		HttpSession session = mvcResult.getRequest().getSession(false);
 		assertThat(session).isNull();
@@ -271,9 +239,7 @@ public class NamespaceHttpTests {
 	@Test // http@servlet-api-provision=false
 	public void configureWhenServletApiDisabledThenRequestNotServletApiWrapper() throws Exception {
 		this.spring.register(ServletApiProvisionConfig.class, MainController.class).autowire();
-
 		this.mockMvc.perform(get("/"));
-
 		assertThat(MainController.HTTP_SERVLET_REQUEST_TYPE)
 				.isNotInstanceOf(SecurityContextHolderAwareRequestWrapper.class);
 	}
@@ -281,9 +247,7 @@ public class NamespaceHttpTests {
 	@Test // http@servlet-api-provision defaults to true
 	public void configureWhenServletApiDefaultThenRequestIsServletApiWrapper() throws Exception {
 		this.spring.register(ServletApiProvisionDefaultsConfig.class, MainController.class).autowire();
-
 		this.mockMvc.perform(get("/"));
-
 		assertThat(SecurityContextHolderAwareRequestWrapper.class)
 				.isAssignableFrom(MainController.HTTP_SERVLET_REQUEST_TYPE);
 	}
@@ -291,9 +255,7 @@ public class NamespaceHttpTests {
 	@Test // http@use-expressions=true
 	public void configureWhenUseExpressionsEnabledThenExpressionBasedSecurityMetadataSource() {
 		this.spring.register(UseExpressionsConfig.class).autowire();
-
 		UseExpressionsConfig config = this.spring.getContext().getBean(UseExpressionsConfig.class);
-
 		assertThat(ExpressionBasedFilterInvocationSecurityMetadataSource.class)
 				.isAssignableFrom(config.filterInvocationSecurityMetadataSourceType);
 	}
@@ -301,9 +263,7 @@ public class NamespaceHttpTests {
 	@Test // http@use-expressions=false
 	public void configureWhenUseExpressionsDisabledThenDefaultSecurityMetadataSource() {
 		this.spring.register(DisableUseExpressionsConfig.class).autowire();
-
 		DisableUseExpressionsConfig config = this.spring.getContext().getBean(DisableUseExpressionsConfig.class);
-
 		assertThat(DefaultFilterInvocationSecurityMetadataSource.class)
 				.isAssignableFrom(config.filterInvocationSecurityMetadataSourceType);
 	}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/builders/WebSecurityTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/builders/WebSecurityTests.java
index 25b5785f18..8e58db3ec9 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/builders/WebSecurityTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/builders/WebSecurityTests.java
@@ -75,66 +75,44 @@ public class WebSecurityTests {
 	@Test
 	public void ignoringMvcMatcher() throws Exception {
 		loadConfig(MvcMatcherConfig.class, LegacyMvcMatchingConfig.class);
-
 		this.request.setRequestURI("/path");
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
-
 		setup();
-
 		this.request.setRequestURI("/path.html");
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
-
 		setup();
-
 		this.request.setRequestURI("/path/");
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
-
 		setup();
-
 		this.request.setRequestURI("/other");
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
 	}
 
 	@Test
 	public void ignoringMvcMatcherServletPath() throws Exception {
 		loadConfig(MvcMatcherServletPathConfig.class, LegacyMvcMatchingConfig.class);
-
 		this.request.setServletPath("/spring");
 		this.request.setRequestURI("/spring/path");
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
-
 		setup();
-
 		this.request.setServletPath("/spring");
 		this.request.setRequestURI("/spring/path.html");
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
-
 		setup();
-
 		this.request.setServletPath("/spring");
 		this.request.setRequestURI("/spring/path/");
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
-
 		setup();
-
 		this.request.setServletPath("/other");
 		this.request.setRequestURI("/other/path");
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
 	}
 
@@ -143,7 +121,6 @@ public class WebSecurityTests {
 		this.context.register(configs);
 		this.context.setServletContext(new MockServletContext());
 		this.context.refresh();
-
 		this.context.getAutowireCapableBeanFactory().autowireBean(this);
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/AuthenticationPrincipalArgumentResolverTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/AuthenticationPrincipalArgumentResolverTests.java
index 8d5e1d5ca0..f66ab12ebd 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/AuthenticationPrincipalArgumentResolverTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/AuthenticationPrincipalArgumentResolverTests.java
@@ -67,9 +67,7 @@ public class AuthenticationPrincipalArgumentResolverTests {
 		context.setAuthentication(
 				new UsernamePasswordAuthenticationToken(user, user.getPassword(), user.getAuthorities()));
 		SecurityContextHolder.setContext(context);
-
 		MockMvc mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build();
-
 		mockMvc.perform(get("/users/self")).andExpect(status().isOk()).andExpect(content().string("extracted-user"));
 	}
 
@@ -84,12 +82,10 @@ public class AuthenticationPrincipalArgumentResolverTests {
 				.inMemoryAuthentication();
 			// @formatter:off
 		}
-
 		@Bean
 		public UsernameExtractor usernameExtractor() {
 			return new UsernameExtractor();
 		}
-
 		@RestController
 		static class UserController {
 			@GetMapping("/users/self")
@@ -98,7 +94,6 @@ public class AuthenticationPrincipalArgumentResolverTests {
 			}
 		}
 	}
-
 	static class UsernameExtractor {
 		public String extract(User u) {
 			return "extracted-" + u.getUsername();
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/EnableWebSecurityTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/EnableWebSecurityTests.java
index 15594e6498..96b058bd50 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/EnableWebSecurityTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/EnableWebSecurityTests.java
@@ -57,7 +57,6 @@ public class EnableWebSecurityTests {
 	@Test
 	public void configureWhenOverrideAuthenticationManagerBeanThenAuthenticationManagerBeanRegistered() {
 		this.spring.register(SecurityConfig.class).autowire();
-
 		AuthenticationManager authenticationManager = this.spring.getContext().getBean(AuthenticationManager.class);
 		Authentication authentication = authenticationManager
 				.authenticate(new UsernamePasswordAuthenticationToken("user", "password"));
@@ -73,7 +72,6 @@ public class EnableWebSecurityTests {
 	@Test
 	public void configureWhenEnableWebMvcThenAuthenticationPrincipalResolvable() throws Exception {
 		this.spring.register(AuthenticationPrincipalConfig.class).autowire();
-
 		this.mockMvc.perform(get("/").with(authentication(new TestingAuthenticationToken("user1", "password"))))
 				.andExpect(content().string("user1"));
 	}
@@ -81,7 +79,6 @@ public class EnableWebSecurityTests {
 	@Test
 	public void securityFilterChainWhenEnableWebMvcThenAuthenticationPrincipalResolvable() throws Exception {
 		this.spring.register(SecurityFilterChainAuthenticationPrincipalConfig.class).autowire();
-
 		this.mockMvc.perform(get("/").with(authentication(new TestingAuthenticationToken("user1", "password"))))
 				.andExpect(content().string("user1"));
 	}
@@ -89,20 +86,16 @@ public class EnableWebSecurityTests {
 	@Test
 	public void enableWebSecurityWhenNoConfigurationAnnotationThenBeanProxyingEnabled() {
 		this.spring.register(BeanProxyEnabledByDefaultConfig.class).autowire();
-
 		Child childBean = this.spring.getContext().getBean(Child.class);
 		Parent parentBean = this.spring.getContext().getBean(Parent.class);
-
 		assertThat(parentBean.getChild()).isSameAs(childBean);
 	}
 
 	@Test
 	public void enableWebSecurityWhenProxyBeanMethodsFalseThenBeanProxyingDisabled() {
 		this.spring.register(BeanProxyDisabledConfig.class).autowire();
-
 		Child childBean = this.spring.getContext().getBean(Child.class);
 		Parent parentBean = this.spring.getContext().getBean(Parent.class);
-
 		assertThat(parentBean.getChild()).isNotSameAs(childBean);
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfigurationTests.java
index 732eebe133..12818336b9 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfigurationTests.java
@@ -81,7 +81,6 @@ public class HttpSecurityConfigurationTests {
 	@Test
 	public void getWhenDefaultFilterChainBeanThenDefaultHeadersInResponse() throws Exception {
 		this.spring.register(DefaultWithFilterChainConfig.class).autowire();
-
 		MvcResult mvcResult = this.mockMvc.perform(get("/").secure(true))
 				.andExpect(header().string(HttpHeaders.X_CONTENT_TYPE_OPTIONS, "nosniff"))
 				.andExpect(header().string(HttpHeaders.X_FRAME_OPTIONS,
@@ -100,48 +99,39 @@ public class HttpSecurityConfigurationTests {
 	@Test
 	public void logoutWhenDefaultFilterChainBeanThenCreatesDefaultLogoutEndpoint() throws Exception {
 		this.spring.register(DefaultWithFilterChainConfig.class).autowire();
-
 		this.mockMvc.perform(post("/logout").with(csrf())).andExpect(redirectedUrl("/login?logout"));
 	}
 
 	@Test
 	public void loadConfigWhenDefaultConfigThenWebAsyncManagerIntegrationFilterAdded() throws Exception {
 		this.spring.register(DefaultWithFilterChainConfig.class, NameController.class).autowire();
-
 		MvcResult mvcResult = this.mockMvc.perform(get("/name").with(user("Bob"))).andExpect(request().asyncStarted())
 				.andReturn();
-
 		this.mockMvc.perform(asyncDispatch(mvcResult)).andExpect(status().isOk()).andExpect(content().string("Bob"));
 	}
 
 	@Test
 	public void getWhenDefaultFilterChainBeanThenAnonymousPermitted() throws Exception {
 		this.spring.register(AuthorizeRequestsConfig.class, UserDetailsConfig.class, BaseController.class).autowire();
-
 		this.mockMvc.perform(get("/")).andExpect(status().isOk());
 	}
 
 	@Test
 	public void authenticateWhenDefaultFilterChainBeanThenSessionIdChanges() throws Exception {
 		this.spring.register(SecurityEnabledConfig.class, UserDetailsConfig.class).autowire();
-
 		MockHttpSession session = new MockHttpSession();
 		String sessionId = session.getId();
-
 		MvcResult result = this.mockMvc.perform(
 				post("/login").param("username", "user").param("password", "password").session(session).with(csrf()))
 				.andReturn();
-
 		assertThat(result.getRequest().getSession(false).getId()).isNotEqualTo(sessionId);
 	}
 
 	@Test
 	public void authenticateWhenDefaultFilterChainBeanThenRedirectsToSavedRequest() throws Exception {
 		this.spring.register(SecurityEnabledConfig.class, UserDetailsConfig.class).autowire();
-
 		MockHttpSession session = (MockHttpSession) this.mockMvc.perform(get("/messages")).andReturn().getRequest()
 				.getSession();
-
 		this.mockMvc.perform(
 				post("/login").param("username", "user").param("password", "password").session(session).with(csrf()))
 				.andExpect(redirectedUrl("http://localhost/messages"));
@@ -150,7 +140,6 @@ public class HttpSecurityConfigurationTests {
 	@Test
 	public void authenticateWhenDefaultFilterChainBeanThenRolePrefixIsSet() throws Exception {
 		this.spring.register(SecurityEnabledConfig.class, UserDetailsConfig.class, UserController.class).autowire();
-
 		this.mockMvc
 				.perform(get("/user")
 						.with(authentication(new TestingAuthenticationToken("user", "password", "ROLE_USER"))))
@@ -160,7 +149,6 @@ public class HttpSecurityConfigurationTests {
 	@Test
 	public void loginWhenUsingDefaultsThenDefaultLoginPageGenerated() throws Exception {
 		this.spring.register(SecurityEnabledConfig.class).autowire();
-
 		this.mockMvc.perform(get("/login")).andExpect(status().isOk());
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfigurationTests.java
index bd872e58e4..815317885a 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfigurationTests.java
@@ -77,29 +77,23 @@ public class OAuth2ClientConfigurationTests {
 		String clientRegistrationId = "client1";
 		String principalName = "user1";
 		TestingAuthenticationToken authentication = new TestingAuthenticationToken(principalName, "password");
-
 		ClientRegistrationRepository clientRegistrationRepository = mock(ClientRegistrationRepository.class);
 		ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration()
 				.registrationId(clientRegistrationId).build();
 		given(clientRegistrationRepository.findByRegistrationId(eq(clientRegistrationId)))
 				.willReturn(clientRegistration);
-
 		OAuth2AuthorizedClientRepository authorizedClientRepository = mock(OAuth2AuthorizedClientRepository.class);
 		OAuth2AuthorizedClient authorizedClient = mock(OAuth2AuthorizedClient.class);
 		given(authorizedClient.getClientRegistration()).willReturn(clientRegistration);
 		given(authorizedClientRepository.loadAuthorizedClient(eq(clientRegistrationId), eq(authentication),
 				any(HttpServletRequest.class))).willReturn(authorizedClient);
-
 		OAuth2AccessToken accessToken = mock(OAuth2AccessToken.class);
 		given(authorizedClient.getAccessToken()).willReturn(accessToken);
-
 		OAuth2AccessTokenResponseClient accessTokenResponseClient = mock(OAuth2AccessTokenResponseClient.class);
-
 		OAuth2AuthorizedClientArgumentResolverConfig.CLIENT_REGISTRATION_REPOSITORY = clientRegistrationRepository;
 		OAuth2AuthorizedClientArgumentResolverConfig.AUTHORIZED_CLIENT_REPOSITORY = authorizedClientRepository;
 		OAuth2AuthorizedClientArgumentResolverConfig.ACCESS_TOKEN_RESPONSE_CLIENT = accessTokenResponseClient;
 		this.spring.register(OAuth2AuthorizedClientArgumentResolverConfig.class).autowire();
-
 		this.mockMvc
 				.perform(get("/authorized-client")
 						.with(SecurityMockMvcRequestPostProcessors.authentication(authentication)))
@@ -113,25 +107,20 @@ public class OAuth2ClientConfigurationTests {
 		String clientRegistrationId = "client1";
 		String principalName = "user1";
 		TestingAuthenticationToken authentication = new TestingAuthenticationToken(principalName, "password");
-
 		ClientRegistrationRepository clientRegistrationRepository = mock(ClientRegistrationRepository.class);
 		OAuth2AuthorizedClientRepository authorizedClientRepository = mock(OAuth2AuthorizedClientRepository.class);
 		OAuth2AccessTokenResponseClient accessTokenResponseClient = mock(OAuth2AccessTokenResponseClient.class);
-
 		ClientRegistration clientRegistration = TestClientRegistrations.clientCredentials()
 				.registrationId(clientRegistrationId).build();
 		given(clientRegistrationRepository.findByRegistrationId(clientRegistrationId)).willReturn(clientRegistration);
-
 		OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("access-token-1234")
 				.tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(300).build();
 		given(accessTokenResponseClient.getTokenResponse(any(OAuth2ClientCredentialsGrantRequest.class)))
 				.willReturn(accessTokenResponse);
-
 		OAuth2AuthorizedClientArgumentResolverConfig.CLIENT_REGISTRATION_REPOSITORY = clientRegistrationRepository;
 		OAuth2AuthorizedClientArgumentResolverConfig.AUTHORIZED_CLIENT_REPOSITORY = authorizedClientRepository;
 		OAuth2AuthorizedClientArgumentResolverConfig.ACCESS_TOKEN_RESPONSE_CLIENT = accessTokenResponseClient;
 		this.spring.register(OAuth2AuthorizedClientArgumentResolverConfig.class).autowire();
-
 		this.mockMvc
 				.perform(get("/authorized-client")
 						.with(SecurityMockMvcRequestPostProcessors.authentication(authentication)))
@@ -177,28 +166,22 @@ public class OAuth2ClientConfigurationTests {
 		String clientRegistrationId = "client1";
 		String principalName = "user1";
 		TestingAuthenticationToken authentication = new TestingAuthenticationToken(principalName, "password");
-
 		ClientRegistrationRepository clientRegistrationRepository = mock(ClientRegistrationRepository.class);
 		OAuth2AuthorizedClientRepository authorizedClientRepository = mock(OAuth2AuthorizedClientRepository.class);
 		OAuth2AuthorizedClientManager authorizedClientManager = mock(OAuth2AuthorizedClientManager.class);
-
 		ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration()
 				.registrationId(clientRegistrationId).build();
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(clientRegistration, principalName,
 				TestOAuth2AccessTokens.noScopes());
-
 		given(authorizedClientManager.authorize(any())).willReturn(authorizedClient);
-
 		OAuth2AuthorizedClientManagerRegisteredConfig.CLIENT_REGISTRATION_REPOSITORY = clientRegistrationRepository;
 		OAuth2AuthorizedClientManagerRegisteredConfig.AUTHORIZED_CLIENT_REPOSITORY = authorizedClientRepository;
 		OAuth2AuthorizedClientManagerRegisteredConfig.AUTHORIZED_CLIENT_MANAGER = authorizedClientManager;
 		this.spring.register(OAuth2AuthorizedClientManagerRegisteredConfig.class).autowire();
-
 		this.mockMvc
 				.perform(get("/authorized-client")
 						.with(SecurityMockMvcRequestPostProcessors.authentication(authentication)))
 				.andExpect(status().isOk()).andExpect(content().string("resolved"));
-
 		verify(authorizedClientManager).authorize(any());
 		verifyNoInteractions(clientRegistrationRepository);
 		verifyNoInteractions(authorizedClientRepository);
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/Sec2515Tests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/Sec2515Tests.java
index 37542b9fbb..77ee64ea66 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/Sec2515Tests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/Sec2515Tests.java
@@ -60,7 +60,6 @@ public class Sec2515Tests {
 				.getContext();
 		context.setClassLoader(new URLClassLoader(new URL[0], context.getClassLoader()));
 		this.spring.autowire();
-
 		assertThat(this.spring.getContext().getBean(AuthenticationManager.class)).isNotNull();
 	} // SEC-2515
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfigurationResourceServerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfigurationResourceServerTests.java
index a870dbc6e9..9f63464d12 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfigurationResourceServerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfigurationResourceServerTests.java
@@ -63,7 +63,6 @@ public class SecurityReactorContextConfigurationResourceServerTests {
 	public void requestWhenUsingFilterThenBearerTokenPropagated() throws Exception {
 		BearerTokenAuthentication authentication = TestBearerTokenAuthentications.bearer();
 		this.spring.register(BearerFilterConfig.class, WebServerConfig.class, Controller.class).autowire();
-
 		this.mockMvc.perform(get("/token").with(SecurityMockMvcRequestPostProcessors.authentication(authentication)))
 				.andExpect(status().isOk()).andExpect(content().string("Bearer token"));
 	}
@@ -73,7 +72,6 @@ public class SecurityReactorContextConfigurationResourceServerTests {
 	public void requestWhenNotUsingFilterThenBearerTokenNotPropagated() throws Exception {
 		BearerTokenAuthentication authentication = TestBearerTokenAuthentications.bearer();
 		this.spring.register(BearerFilterlessConfig.class, WebServerConfig.class, Controller.class).autowire();
-
 		this.mockMvc.perform(get("/token").with(SecurityMockMvcRequestPostProcessors.authentication(authentication)))
 				.andExpect(status().isOk()).andExpect(content().string(""));
 	}
@@ -155,7 +153,6 @@ public class SecurityReactorContextConfigurationResourceServerTests {
 			String header = request.getHeader("Authorization");
 			if (StringUtils.isBlank(header)) {
 				return response;
-
 			}
 			return response.setBody(header);
 		}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfigurationTests.java
index f4e09b2fe6..60e719b57a 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfigurationTests.java
@@ -106,10 +106,8 @@ public class SecurityReactorContextConfigurationTests {
 		RequestContextHolder
 				.setRequestAttributes(new ServletRequestAttributes(this.servletRequest, this.servletResponse));
 		SecurityContextHolder.getContext().setAuthentication(this.authentication);
-
 		String testKey = "test_key";
 		String testValue = "test_value";
-
 		BaseSubscriber<Object> parent = new BaseSubscriber<Object>() {
 			@Override
 			public Context currentContext() {
@@ -117,9 +115,7 @@ public class SecurityReactorContextConfigurationTests {
 			}
 		};
 		CoreSubscriber<Object> subscriber = this.subscriberRegistrar.createSubscriberIfNecessary(parent);
-
 		Context resultContext = subscriber.currentContext();
-
 		assertThat(resultContext.getOrEmpty(testKey)).hasValue(testValue);
 		Map<Object, Object> securityContextAttributes = resultContext
 				.getOrDefault(SecurityReactorContextSubscriber.SECURITY_CONTEXT_ATTRIBUTES, null);
@@ -134,7 +130,6 @@ public class SecurityReactorContextConfigurationTests {
 		RequestContextHolder
 				.setRequestAttributes(new ServletRequestAttributes(this.servletRequest, this.servletResponse));
 		SecurityContextHolder.getContext().setAuthentication(this.authentication);
-
 		Context parentContext = Context.of(SecurityReactorContextSubscriber.SECURITY_CONTEXT_ATTRIBUTES,
 				new HashMap<>());
 		BaseSubscriber<Object> parent = new BaseSubscriber<Object>() {
@@ -144,7 +139,6 @@ public class SecurityReactorContextConfigurationTests {
 			}
 		};
 		CoreSubscriber<Object> subscriber = this.subscriberRegistrar.createSubscriberIfNecessary(parent);
-
 		Context resultContext = subscriber.currentContext();
 		assertThat(resultContext).isSameAs(parentContext);
 	}
@@ -189,7 +183,6 @@ public class SecurityReactorContextConfigurationTests {
 				return null;
 			}
 		});
-
 		CoreSubscriber<Object> subscriber = this.subscriberRegistrar
 				.createSubscriberIfNecessary(Operators.emptySubscriber());
 		assertThat(subscriber).isInstanceOf(SecurityReactorContextConfiguration.SecurityReactorContextSubscriber.class);
@@ -200,14 +193,11 @@ public class SecurityReactorContextConfigurationTests {
 		// Trigger the importing of SecurityReactorContextConfiguration via
 		// OAuth2ImportSelector
 		this.spring.register(SecurityConfig.class).autowire();
-
 		// Setup for SecurityReactorContextSubscriberRegistrar
 		RequestContextHolder
 				.setRequestAttributes(new ServletRequestAttributes(this.servletRequest, this.servletResponse));
 		SecurityContextHolder.getContext().setAuthentication(this.authentication);
-
 		ClientResponse clientResponseOk = ClientResponse.create(HttpStatus.OK).build();
-
 		ExchangeFilterFunction filter = (req, next) -> Mono.subscriberContext()
 				.filter((ctx) -> ctx.hasKey(SecurityReactorContextSubscriber.SECURITY_CONTEXT_ATTRIBUTES))
 				.map((ctx) -> ctx.get(SecurityReactorContextSubscriber.SECURITY_CONTEXT_ATTRIBUTES)).cast(Map.class)
@@ -221,18 +211,14 @@ public class SecurityReactorContextConfigurationTests {
 						return ClientResponse.create(HttpStatus.NOT_FOUND).build();
 					}
 				});
-
 		ClientRequest clientRequest = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")).build();
 		MockExchangeFunction exchange = new MockExchangeFunction();
-
 		Map<Object, Object> expectedContextAttributes = new HashMap<>();
 		expectedContextAttributes.put(HttpServletRequest.class, this.servletRequest);
 		expectedContextAttributes.put(HttpServletResponse.class, this.servletResponse);
 		expectedContextAttributes.put(Authentication.class, this.authentication);
-
 		Mono<ClientResponse> clientResponseMono = filter.filter(clientRequest, exchange)
 				.flatMap((response) -> filter.filter(clientRequest, exchange));
-
 		StepVerifier.create(clientResponseMono).expectAccessibleContext()
 				.contains(SecurityReactorContextSubscriber.SECURITY_CONTEXT_ATTRIBUTES, expectedContextAttributes)
 				.then().expectNext(clientResponseOk).verifyComplete();
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebMvcSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebMvcSecurityConfigurationTests.java
index d3e2f8cce2..09d5c6d44b 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebMvcSecurityConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebMvcSecurityConfigurationTests.java
@@ -94,7 +94,6 @@ public class WebMvcSecurityConfigurationTests {
 	public void csrfToken() throws Exception {
 		CsrfToken csrfToken = new DefaultCsrfToken("headerName", "paramName", "token");
 		MockHttpServletRequestBuilder request = get("/csrf").requestAttr(CsrfToken.class.getName(), csrfToken);
-
 		this.mockMvc.perform(request).andExpect(assertResult(csrfToken));
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurationTests.java
index 534425c175..5950691cc5 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurationTests.java
@@ -89,30 +89,22 @@ public class WebSecurityConfigurationTests {
 	@Test
 	public void loadConfigWhenWebSecurityConfigurersHaveOrderThenFilterChainsOrdered() {
 		this.spring.register(SortedWebSecurityConfigurerAdaptersConfig.class).autowire();
-
 		FilterChainProxy filterChainProxy = this.spring.getContext().getBean(FilterChainProxy.class);
 		List<SecurityFilterChain> filterChains = filterChainProxy.getFilterChains();
 		assertThat(filterChains).hasSize(6);
-
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", "");
-
 		request.setServletPath("/ignore1");
 		assertThat(filterChains.get(0).matches(request)).isTrue();
 		assertThat(filterChains.get(0).getFilters()).isEmpty();
-
 		request.setServletPath("/ignore2");
 		assertThat(filterChains.get(1).matches(request)).isTrue();
 		assertThat(filterChains.get(1).getFilters()).isEmpty();
-
 		request.setServletPath("/role1/**");
 		assertThat(filterChains.get(2).matches(request)).isTrue();
-
 		request.setServletPath("/role2/**");
 		assertThat(filterChains.get(3).matches(request)).isTrue();
-
 		request.setServletPath("/role3/**");
 		assertThat(filterChains.get(4).matches(request)).isTrue();
-
 		request.setServletPath("/**");
 		assertThat(filterChains.get(5).matches(request)).isTrue();
 	}
@@ -120,22 +112,16 @@ public class WebSecurityConfigurationTests {
 	@Test
 	public void loadConfigWhenSecurityFilterChainsHaveOrderThenFilterChainsOrdered() {
 		this.spring.register(SortedSecurityFilterChainConfig.class).autowire();
-
 		FilterChainProxy filterChainProxy = this.spring.getContext().getBean(FilterChainProxy.class);
 		List<SecurityFilterChain> filterChains = filterChainProxy.getFilterChains();
 		assertThat(filterChains).hasSize(4);
-
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", "");
-
 		request.setServletPath("/role1/**");
 		assertThat(filterChains.get(0).matches(request)).isTrue();
-
 		request.setServletPath("/role2/**");
 		assertThat(filterChains.get(1).matches(request)).isTrue();
-
 		request.setServletPath("/role3/**");
 		assertThat(filterChains.get(2).matches(request)).isTrue();
-
 		request.setServletPath("/**");
 		assertThat(filterChains.get(3).matches(request)).isTrue();
 	}
@@ -143,7 +129,6 @@ public class WebSecurityConfigurationTests {
 	@Test
 	public void loadConfigWhenWebSecurityConfigurersHaveSameOrderThenThrowBeanCreationException() {
 		Throwable thrown = catchThrowable(() -> this.spring.register(DuplicateOrderConfig.class).autowire());
-
 		assertThat(thrown).isInstanceOf(BeanCreationException.class)
 				.hasMessageContaining("@Order on WebSecurityConfigurers must be unique")
 				.hasMessageContaining(DuplicateOrderConfig.WebConfigurer1.class.getName())
@@ -153,9 +138,7 @@ public class WebSecurityConfigurationTests {
 	@Test
 	public void loadConfigWhenWebInvocationPrivilegeEvaluatorSetThenIsRegistered() {
 		PrivilegeEvaluatorConfigurerAdapterConfig.PRIVILEGE_EVALUATOR = mock(WebInvocationPrivilegeEvaluator.class);
-
 		this.spring.register(PrivilegeEvaluatorConfigurerAdapterConfig.class).autowire();
-
 		assertThat(this.spring.getContext().getBean(WebInvocationPrivilegeEvaluator.class))
 				.isSameAs(PrivilegeEvaluatorConfigurerAdapterConfig.PRIVILEGE_EVALUATOR);
 	}
@@ -165,9 +148,7 @@ public class WebSecurityConfigurationTests {
 		WebSecurityExpressionHandlerConfig.EXPRESSION_HANDLER = mock(SecurityExpressionHandler.class);
 		given(WebSecurityExpressionHandlerConfig.EXPRESSION_HANDLER.getExpressionParser())
 				.willReturn(mock(ExpressionParser.class));
-
 		this.spring.register(WebSecurityExpressionHandlerConfig.class).autowire();
-
 		assertThat(this.spring.getContext().getBean(SecurityExpressionHandler.class))
 				.isSameAs(WebSecurityExpressionHandlerConfig.EXPRESSION_HANDLER);
 	}
@@ -176,7 +157,6 @@ public class WebSecurityConfigurationTests {
 	public void loadConfigWhenSecurityExpressionHandlerIsNullThenException() {
 		Throwable thrown = catchThrowable(
 				() -> this.spring.register(NullWebSecurityExpressionHandlerConfig.class).autowire());
-
 		assertThat(thrown).isInstanceOf(BeanCreationException.class);
 		assertThat(thrown).hasRootCauseExactlyInstanceOf(IllegalArgumentException.class);
 	}
@@ -184,7 +164,6 @@ public class WebSecurityConfigurationTests {
 	@Test
 	public void loadConfigWhenDefaultSecurityExpressionHandlerThenDefaultIsRegistered() {
 		this.spring.register(WebSecurityExpressionHandlerDefaultsConfig.class).autowire();
-
 		assertThat(this.spring.getContext().getBean(SecurityExpressionHandler.class))
 				.isInstanceOf(DefaultWebSecurityExpressionHandler.class);
 	}
@@ -195,7 +174,6 @@ public class WebSecurityConfigurationTests {
 		TestingAuthenticationToken authentication = new TestingAuthenticationToken("user", "notused", "ROLE_ADMIN");
 		FilterInvocation invocation = new FilterInvocation(new MockHttpServletRequest("GET", ""),
 				new MockHttpServletResponse(), new MockFilterChain());
-
 		AbstractSecurityExpressionHandler handler = this.spring.getContext()
 				.getBean(AbstractSecurityExpressionHandler.class);
 		EvaluationContext evaluationContext = handler.createEvaluationContext(authentication, invocation);
@@ -210,7 +188,6 @@ public class WebSecurityConfigurationTests {
 		TestingAuthenticationToken authentication = new TestingAuthenticationToken("user", "notused");
 		FilterInvocation invocation = new FilterInvocation(new MockHttpServletRequest("GET", ""),
 				new MockHttpServletResponse(), new MockFilterChain());
-
 		AbstractSecurityExpressionHandler handler = this.spring.getContext()
 				.getBean(AbstractSecurityExpressionHandler.class);
 		EvaluationContext evaluationContext = handler.createEvaluationContext(authentication, invocation);
@@ -222,7 +199,6 @@ public class WebSecurityConfigurationTests {
 	@Test
 	public void loadConfigWhenDefaultWebInvocationPrivilegeEvaluatorThenDefaultIsRegistered() {
 		this.spring.register(WebInvocationPrivilegeEvaluatorDefaultsConfig.class).autowire();
-
 		assertThat(this.spring.getContext().getBean(WebInvocationPrivilegeEvaluator.class))
 				.isInstanceOf(DefaultWebInvocationPrivilegeEvaluator.class);
 	}
@@ -239,7 +215,6 @@ public class WebSecurityConfigurationTests {
 	@Test
 	public void loadConfigWhenDefaultSecurityExpressionHandlerThenBeanResolverSet() throws Exception {
 		this.spring.register(DefaultExpressionHandlerSetsBeanResolverConfig.class).autowire();
-
 		this.mockMvc.perform(get("/")).andExpect(status().isOk());
 		this.mockMvc.perform(post("/")).andExpect(status().isForbidden());
 	}
@@ -248,14 +223,11 @@ public class WebSecurityConfigurationTests {
 	@Test
 	public void loadConfigWhenMultipleWebSecurityConfigurationThenContextLoads() {
 		this.spring.register(ParentConfig.class).autowire();
-
 		this.child.register(ChildConfig.class);
 		this.child.getContext().setParent(this.spring.getContext());
 		this.child.autowire();
-
 		assertThat(this.spring.getContext().getBean("springSecurityFilterChain")).isNotNull();
 		assertThat(this.child.getContext().getBean("springSecurityFilterChain")).isNotNull();
-
 		assertThat(this.spring.getContext().containsBean("springSecurityFilterChain")).isTrue();
 		assertThat(this.child.getContext().containsBean("springSecurityFilterChain")).isTrue();
 	}
@@ -271,17 +243,14 @@ public class WebSecurityConfigurationTests {
 	public void loadConfigWhenBeanProxyingEnabledAndSubclassThenFilterChainsCreated() {
 		this.spring.register(GlobalAuthenticationWebSecurityConfigurerAdaptersConfig.class, SubclassConfig.class)
 				.autowire();
-
 		FilterChainProxy filterChainProxy = this.spring.getContext().getBean(FilterChainProxy.class);
 		List<SecurityFilterChain> filterChains = filterChainProxy.getFilterChains();
-
 		assertThat(filterChains).hasSize(4);
 	}
 
 	@Test
 	public void loadConfigWhenBothAdapterAndFilterChainConfiguredThenException() {
 		Throwable thrown = catchThrowable(() -> this.spring.register(AdapterAndFilterChainConfig.class).autowire());
-
 		assertThat(thrown).isInstanceOf(BeanCreationException.class)
 				.hasRootCauseExactlyInstanceOf(IllegalStateException.class)
 				.hasMessageContaining("Found WebSecurityConfigurerAdapter as well as SecurityFilterChain.");
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/sec2377/Sec2377Tests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/sec2377/Sec2377Tests.java
index 57a1ca74f1..729c041d08 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/sec2377/Sec2377Tests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/sec2377/Sec2377Tests.java
@@ -39,10 +39,8 @@ public class Sec2377Tests {
 	@Test
 	public void refreshContextWhenParentAndChildRegisteredThenNoException() {
 		this.parent.register(Sec2377AConfig.class).autowire();
-
 		ConfigurableApplicationContext context = this.child.register(Sec2377BConfig.class).getContext();
 		context.setParent(this.parent.getContext());
-
 		this.child.autowire();
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AbstractConfigAttributeRequestMatcherRegistryTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AbstractConfigAttributeRequestMatcherRegistryTests.java
index c585d27f40..39a50575ff 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AbstractConfigAttributeRequestMatcherRegistryTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AbstractConfigAttributeRequestMatcherRegistryTests.java
@@ -41,7 +41,6 @@ public class AbstractConfigAttributeRequestMatcherRegistryTests {
 	@Test
 	public void testGetRequestMatcherIsTypeRegexMatcher() {
 		List<RequestMatcher> requestMatchers = this.registry.regexMatchers(HttpMethod.GET, "/a.*");
-
 		for (RequestMatcher requestMatcher : requestMatchers) {
 			assertThat(requestMatcher).isInstanceOf(RegexRequestMatcher.class);
 		}
@@ -50,7 +49,6 @@ public class AbstractConfigAttributeRequestMatcherRegistryTests {
 	@Test
 	public void testRequestMatcherIsTypeRegexMatcher() {
 		List<RequestMatcher> requestMatchers = this.registry.regexMatchers("/a.*");
-
 		for (RequestMatcher requestMatcher : requestMatchers) {
 			assertThat(requestMatcher).isInstanceOf(RegexRequestMatcher.class);
 		}
@@ -59,7 +57,6 @@ public class AbstractConfigAttributeRequestMatcherRegistryTests {
 	@Test
 	public void testGetRequestMatcherIsTypeAntPathRequestMatcher() {
 		List<RequestMatcher> requestMatchers = this.registry.antMatchers(HttpMethod.GET, "/a.*");
-
 		for (RequestMatcher requestMatcher : requestMatchers) {
 			assertThat(requestMatcher).isInstanceOf(AntPathRequestMatcher.class);
 		}
@@ -68,7 +65,6 @@ public class AbstractConfigAttributeRequestMatcherRegistryTests {
 	@Test
 	public void testRequestMatcherIsTypeAntPathRequestMatcher() {
 		List<RequestMatcher> requestMatchers = this.registry.antMatchers("/a.*");
-
 		for (RequestMatcher requestMatcher : requestMatchers) {
 			assertThat(requestMatcher).isInstanceOf(AntPathRequestMatcher.class);
 		}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AnonymousConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AnonymousConfigurerTests.java
index 71e4af4647..c25de5ebaf 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AnonymousConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AnonymousConfigurerTests.java
@@ -52,28 +52,24 @@ public class AnonymousConfigurerTests {
 	@Test
 	public void requestWhenAnonymousTwiceInvokedThenDoesNotOverride() throws Exception {
 		this.spring.register(InvokeTwiceDoesNotOverride.class, PrincipalController.class).autowire();
-
 		this.mockMvc.perform(get("/")).andExpect(content().string("principal"));
 	}
 
 	@Test
 	public void requestWhenAnonymousPrincipalInLambdaThenPrincipalUsed() throws Exception {
 		this.spring.register(AnonymousPrincipalInLambdaConfig.class, PrincipalController.class).autowire();
-
 		this.mockMvc.perform(get("/")).andExpect(content().string("principal"));
 	}
 
 	@Test
 	public void requestWhenAnonymousDisabledInLambdaThenRespondsWithForbidden() throws Exception {
 		this.spring.register(AnonymousDisabledInLambdaConfig.class, PrincipalController.class).autowire();
-
 		this.mockMvc.perform(get("/")).andExpect(status().isForbidden());
 	}
 
 	@Test
 	public void requestWhenAnonymousWithDefaultsInLambdaThenRespondsWithOk() throws Exception {
 		this.spring.register(AnonymousWithDefaultsInLambdaConfig.class, PrincipalController.class).autowire();
-
 		this.mockMvc.perform(get("/")).andExpect(status().isOk());
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AuthorizeRequestsTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AuthorizeRequestsTests.java
index 935e4c62d4..22792f926e 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AuthorizeRequestsTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AuthorizeRequestsTests.java
@@ -94,9 +94,7 @@ public class AuthorizeRequestsTests {
 	public void antMatchersMethodAndNoPatterns() throws Exception {
 		loadConfig(AntMatchersNoPatternsConfig.class);
 		this.request.setMethod("POST");
-
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_FORBIDDEN);
 	}
 
@@ -104,9 +102,7 @@ public class AuthorizeRequestsTests {
 	public void postWhenPostDenyAllInLambdaThenRespondsWithForbidden() throws Exception {
 		loadConfig(AntMatchersNoPatternsInLambdaConfig.class);
 		this.request.setMethod("POST");
-
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_FORBIDDEN);
 	}
 
@@ -114,18 +110,12 @@ public class AuthorizeRequestsTests {
 	@Test
 	public void antMatchersPathVariables() throws Exception {
 		loadConfig(AntPatchersPathVariables.class);
-
 		this.request.setServletPath("/user/user");
-
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
-
 		this.setup();
 		this.request.setServletPath("/user/deny");
-
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_FORBIDDEN);
 	}
 
@@ -133,18 +123,12 @@ public class AuthorizeRequestsTests {
 	@Test
 	public void antMatchersPathVariablesCaseInsensitive() throws Exception {
 		loadConfig(AntPatchersPathVariables.class);
-
 		this.request.setServletPath("/USER/user");
-
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
-
 		this.setup();
 		this.request.setServletPath("/USER/deny");
-
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_FORBIDDEN);
 	}
 
@@ -152,18 +136,12 @@ public class AuthorizeRequestsTests {
 	@Test
 	public void antMatchersPathVariablesCaseInsensitiveCamelCaseVariables() throws Exception {
 		loadConfig(AntMatchersPathVariablesCamelCaseVariables.class);
-
 		this.request.setServletPath("/USER/user");
-
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
-
 		this.setup();
 		this.request.setServletPath("/USER/deny");
-
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_FORBIDDEN);
 	}
 
@@ -171,185 +149,126 @@ public class AuthorizeRequestsTests {
 	@Test
 	public void roleHiearchy() throws Exception {
 		loadConfig(RoleHiearchyConfig.class);
-
 		SecurityContext securityContext = new SecurityContextImpl();
 		securityContext.setAuthentication(new UsernamePasswordAuthenticationToken("test", "notused",
 				AuthorityUtils.createAuthorityList("ROLE_USER")));
 		this.request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY,
 				securityContext);
-
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
 	}
 
 	@Test
 	public void mvcMatcher() throws Exception {
 		loadConfig(MvcMatcherConfig.class, LegacyMvcMatchingConfig.class);
-
 		this.request.setRequestURI("/path");
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
-
 		setup();
-
 		this.request.setRequestURI("/path.html");
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
-
 		setup();
-
 		this.request.setServletPath("/path/");
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
 	}
 
 	@Test
 	public void requestWhenMvcMatcherDenyAllThenRespondsWithUnauthorized() throws Exception {
 		loadConfig(MvcMatcherInLambdaConfig.class, LegacyMvcMatchingConfig.class);
-
 		this.request.setRequestURI("/path");
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
-
 		setup();
-
 		this.request.setRequestURI("/path.html");
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
-
 		setup();
-
 		this.request.setServletPath("/path/");
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
 	}
 
 	@Test
 	public void requestWhenMvcMatcherServletPathDenyAllThenMatchesOnServletPath() throws Exception {
 		loadConfig(MvcMatcherServletPathInLambdaConfig.class, LegacyMvcMatchingConfig.class);
-
 		this.request.setServletPath("/spring");
 		this.request.setRequestURI("/spring/path");
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
-
 		setup();
-
 		this.request.setServletPath("/spring");
 		this.request.setRequestURI("/spring/path.html");
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
-
 		setup();
-
 		this.request.setServletPath("/spring");
 		this.request.setRequestURI("/spring/path/");
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
-
 		setup();
-
 		this.request.setServletPath("/foo");
 		this.request.setRequestURI("/foo/path");
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
-
 		setup();
-
 		this.request.setServletPath("/");
 		this.request.setRequestURI("/path");
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
 	}
 
 	@Test
 	public void mvcMatcherPathVariables() throws Exception {
 		loadConfig(MvcMatcherPathVariablesConfig.class);
-
 		this.request.setRequestURI("/user/user");
-
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
-
 		this.setup();
 		this.request.setRequestURI("/user/deny");
-
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
 	}
 
 	@Test
 	public void requestWhenMvcMatcherPathVariablesThenMatchesOnPathVariables() throws Exception {
 		loadConfig(MvcMatcherPathVariablesInLambdaConfig.class);
-
 		this.request.setRequestURI("/user/user");
-
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
-
 		this.setup();
 		this.request.setRequestURI("/user/deny");
-
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
 	}
 
 	@Test
 	public void mvcMatcherServletPath() throws Exception {
 		loadConfig(MvcMatcherServletPathConfig.class, LegacyMvcMatchingConfig.class);
-
 		this.request.setServletPath("/spring");
 		this.request.setRequestURI("/spring/path");
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
-
 		setup();
-
 		this.request.setServletPath("/spring");
 		this.request.setRequestURI("/spring/path.html");
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
-
 		setup();
-
 		this.request.setServletPath("/spring");
 		this.request.setRequestURI("/spring/path/");
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
-
 		setup();
-
 		this.request.setServletPath("/foo");
 		this.request.setRequestURI("/foo/path");
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
-
 		setup();
-
 		this.request.setServletPath("/");
 		this.request.setRequestURI("/path");
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
 	}
 
@@ -358,7 +277,6 @@ public class AuthorizeRequestsTests {
 		this.context.register(configs);
 		this.context.setServletContext(this.servletContext);
 		this.context.refresh();
-
 		this.context.getAutowireCapableBeanFactory().autowireBean(this);
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ChannelSecurityConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ChannelSecurityConfigurerTests.java
index 11f93dafb3..491c1960ea 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ChannelSecurityConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ChannelSecurityConfigurerTests.java
@@ -56,7 +56,6 @@ public class ChannelSecurityConfigurerTests {
 	public void configureWhenRegisteringObjectPostProcessorThenInvokedOnInsecureChannelProcessor() {
 		ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class);
 		this.spring.register(ObjectPostProcessorConfig.class).autowire();
-
 		verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(InsecureChannelProcessor.class));
 	}
 
@@ -64,7 +63,6 @@ public class ChannelSecurityConfigurerTests {
 	public void configureWhenRegisteringObjectPostProcessorThenInvokedOnSecureChannelProcessor() {
 		ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class);
 		this.spring.register(ObjectPostProcessorConfig.class).autowire();
-
 		verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(SecureChannelProcessor.class));
 	}
 
@@ -72,7 +70,6 @@ public class ChannelSecurityConfigurerTests {
 	public void configureWhenRegisteringObjectPostProcessorThenInvokedOnChannelDecisionManagerImpl() {
 		ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class);
 		this.spring.register(ObjectPostProcessorConfig.class).autowire();
-
 		verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(ChannelDecisionManagerImpl.class));
 	}
 
@@ -80,21 +77,18 @@ public class ChannelSecurityConfigurerTests {
 	public void configureWhenRegisteringObjectPostProcessorThenInvokedOnChannelProcessingFilter() {
 		ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class);
 		this.spring.register(ObjectPostProcessorConfig.class).autowire();
-
 		verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(ChannelProcessingFilter.class));
 	}
 
 	@Test
 	public void requiresChannelWhenInvokesTwiceThenUsesOriginalRequiresSecure() throws Exception {
 		this.spring.register(DuplicateInvocationsDoesNotOverrideConfig.class).autowire();
-
 		this.mvc.perform(get("/")).andExpect(redirectedUrl("https://localhost/"));
 	}
 
 	@Test
 	public void requestWhenRequiresChannelConfiguredInLambdaThenRedirectsToHttps() throws Exception {
 		this.spring.register(RequiresChannelInLambdaConfig.class).autowire();
-
 		this.mvc.perform(get("/")).andExpect(redirectedUrl("https://localhost/"));
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CorsConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CorsConfigurerTests.java
index a238e07b2c..0530f29de3 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CorsConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CorsConfigurerTests.java
@@ -73,7 +73,6 @@ public class CorsConfigurerTests {
 	@Test
 	public void getWhenCrossOriginAnnotationThenRespondsWithCorsHeaders() throws Exception {
 		this.spring.register(MvcCorsConfig.class).autowire();
-
 		this.mvc.perform(get("/").header(HttpHeaders.ORIGIN, "https://example.com"))
 				.andExpect(header().exists("Access-Control-Allow-Origin"))
 				.andExpect(header().exists("X-Content-Type-Options"));
@@ -82,7 +81,6 @@ public class CorsConfigurerTests {
 	@Test
 	public void optionsWhenCrossOriginAnnotationThenRespondsWithCorsHeaders() throws Exception {
 		this.spring.register(MvcCorsConfig.class).autowire();
-
 		this.mvc.perform(options("/")
 				.header(org.springframework.http.HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, HttpMethod.POST.name())
 				.header(HttpHeaders.ORIGIN, "https://example.com")).andExpect(status().isOk())
@@ -93,7 +91,6 @@ public class CorsConfigurerTests {
 	@Test
 	public void getWhenDefaultsInLambdaAndCrossOriginAnnotationThenRespondsWithCorsHeaders() throws Exception {
 		this.spring.register(MvcCorsInLambdaConfig.class).autowire();
-
 		this.mvc.perform(get("/").header(HttpHeaders.ORIGIN, "https://example.com"))
 				.andExpect(header().exists("Access-Control-Allow-Origin"))
 				.andExpect(header().exists("X-Content-Type-Options"));
@@ -102,7 +99,6 @@ public class CorsConfigurerTests {
 	@Test
 	public void optionsWhenDefaultsInLambdaAndCrossOriginAnnotationThenRespondsWithCorsHeaders() throws Exception {
 		this.spring.register(MvcCorsInLambdaConfig.class).autowire();
-
 		this.mvc.perform(options("/")
 				.header(org.springframework.http.HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, HttpMethod.POST.name())
 				.header(HttpHeaders.ORIGIN, "https://example.com")).andExpect(status().isOk())
@@ -113,7 +109,6 @@ public class CorsConfigurerTests {
 	@Test
 	public void getWhenCorsConfigurationSourceBeanThenRespondsWithCorsHeaders() throws Exception {
 		this.spring.register(ConfigSourceConfig.class).autowire();
-
 		this.mvc.perform(get("/").header(HttpHeaders.ORIGIN, "https://example.com"))
 				.andExpect(header().exists("Access-Control-Allow-Origin"))
 				.andExpect(header().exists("X-Content-Type-Options"));
@@ -122,7 +117,6 @@ public class CorsConfigurerTests {
 	@Test
 	public void optionsWhenCorsConfigurationSourceBeanThenRespondsWithCorsHeaders() throws Exception {
 		this.spring.register(ConfigSourceConfig.class).autowire();
-
 		this.mvc.perform(options("/")
 				.header(org.springframework.http.HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, HttpMethod.POST.name())
 				.header(HttpHeaders.ORIGIN, "https://example.com")).andExpect(status().isOk())
@@ -134,7 +128,6 @@ public class CorsConfigurerTests {
 	public void getWhenMvcCorsInLambdaConfigAndCorsConfigurationSourceBeanThenRespondsWithCorsHeaders()
 			throws Exception {
 		this.spring.register(ConfigSourceInLambdaConfig.class).autowire();
-
 		this.mvc.perform(get("/").header(HttpHeaders.ORIGIN, "https://example.com"))
 				.andExpect(header().exists("Access-Control-Allow-Origin"))
 				.andExpect(header().exists("X-Content-Type-Options"));
@@ -144,7 +137,6 @@ public class CorsConfigurerTests {
 	public void optionsWhenMvcCorsInLambdaConfigAndCorsConfigurationSourceBeanThenRespondsWithCorsHeaders()
 			throws Exception {
 		this.spring.register(ConfigSourceInLambdaConfig.class).autowire();
-
 		this.mvc.perform(options("/")
 				.header(org.springframework.http.HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, HttpMethod.POST.name())
 				.header(HttpHeaders.ORIGIN, "https://example.com")).andExpect(status().isOk())
@@ -155,7 +147,6 @@ public class CorsConfigurerTests {
 	@Test
 	public void getWhenCorsFilterBeanThenRespondsWithCorsHeaders() throws Exception {
 		this.spring.register(CorsFilterConfig.class).autowire();
-
 		this.mvc.perform(get("/").header(HttpHeaders.ORIGIN, "https://example.com"))
 				.andExpect(header().exists("Access-Control-Allow-Origin"))
 				.andExpect(header().exists("X-Content-Type-Options"));
@@ -164,7 +155,6 @@ public class CorsConfigurerTests {
 	@Test
 	public void optionsWhenCorsFilterBeanThenRespondsWithCorsHeaders() throws Exception {
 		this.spring.register(CorsFilterConfig.class).autowire();
-
 		this.mvc.perform(options("/")
 				.header(org.springframework.http.HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, HttpMethod.POST.name())
 				.header(HttpHeaders.ORIGIN, "https://example.com")).andExpect(status().isOk())
@@ -175,7 +165,6 @@ public class CorsConfigurerTests {
 	@Test
 	public void getWhenConfigSourceInLambdaConfigAndCorsFilterBeanThenRespondsWithCorsHeaders() throws Exception {
 		this.spring.register(CorsFilterInLambdaConfig.class).autowire();
-
 		this.mvc.perform(get("/").header(HttpHeaders.ORIGIN, "https://example.com"))
 				.andExpect(header().exists("Access-Control-Allow-Origin"))
 				.andExpect(header().exists("X-Content-Type-Options"));
@@ -184,7 +173,6 @@ public class CorsConfigurerTests {
 	@Test
 	public void optionsWhenConfigSourceInLambdaConfigAndCorsFilterBeanThenRespondsWithCorsHeaders() throws Exception {
 		this.spring.register(CorsFilterInLambdaConfig.class).autowire();
-
 		this.mvc.perform(options("/")
 				.header(org.springframework.http.HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, HttpMethod.POST.name())
 				.header(HttpHeaders.ORIGIN, "https://example.com")).andExpect(status().isOk())
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerIgnoringRequestMatchersTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerIgnoringRequestMatchersTests.java
index 14c59ab078..7ae673cef3 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerIgnoringRequestMatchersTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerIgnoringRequestMatchersTests.java
@@ -50,43 +50,31 @@ public class CsrfConfigurerIgnoringRequestMatchersTests {
 	@Test
 	public void requestWhenIgnoringRequestMatchersThenAugmentedByConfiguredRequestMatcher() throws Exception {
 		this.spring.register(IgnoringRequestMatchers.class, BasicController.class).autowire();
-
 		this.mvc.perform(get("/path")).andExpect(status().isForbidden());
-
 		this.mvc.perform(post("/path")).andExpect(status().isOk());
 	}
 
 	@Test
 	public void requestWhenIgnoringRequestMatchersInLambdaThenAugmentedByConfiguredRequestMatcher() throws Exception {
 		this.spring.register(IgnoringRequestInLambdaMatchers.class, BasicController.class).autowire();
-
 		this.mvc.perform(get("/path")).andExpect(status().isForbidden());
-
 		this.mvc.perform(post("/path")).andExpect(status().isOk());
 	}
 
 	@Test
 	public void requestWhenIgnoringRequestMatcherThenUnionsWithConfiguredIgnoringAntMatchers() throws Exception {
-
 		this.spring.register(IgnoringPathsAndMatchers.class, BasicController.class).autowire();
-
 		this.mvc.perform(put("/csrf")).andExpect(status().isForbidden());
-
 		this.mvc.perform(post("/csrf")).andExpect(status().isOk());
-
 		this.mvc.perform(put("/no-csrf")).andExpect(status().isOk());
 	}
 
 	@Test
 	public void requestWhenIgnoringRequestMatcherInLambdaThenUnionsWithConfiguredIgnoringAntMatchers()
 			throws Exception {
-
 		this.spring.register(IgnoringPathsAndMatchersInLambdaConfig.class, BasicController.class).autowire();
-
 		this.mvc.perform(put("/csrf")).andExpect(status().isForbidden());
-
 		this.mvc.perform(post("/csrf")).andExpect(status().isOk());
-
 		this.mvc.perform(put("/no-csrf")).andExpect(status().isOk());
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerNoWebMvcTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerNoWebMvcTests.java
index 387ec6a009..108f04abb2 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerNoWebMvcTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerNoWebMvcTests.java
@@ -50,21 +50,18 @@ public class CsrfConfigurerNoWebMvcTests {
 	@Test
 	public void missingDispatcherServletPreventsCsrfRequestDataValueProcessor() {
 		loadContext(EnableWebConfig.class);
-
 		assertThat(this.context.containsBeanDefinition("requestDataValueProcessor")).isTrue();
 	}
 
 	@Test
 	public void findDispatcherServletPreventsCsrfRequestDataValueProcessor() {
 		loadContext(EnableWebMvcConfig.class);
-
 		assertThat(this.context.containsBeanDefinition("requestDataValueProcessor")).isTrue();
 	}
 
 	@Test
 	public void overrideCsrfRequestDataValueProcessor() {
 		loadContext(EnableWebOverrideRequestDataConfig.class);
-
 		assertThat(this.context.getBean(RequestDataValueProcessor.class).getClass())
 				.isNotEqualTo(CsrfRequestDataValueProcessor.class);
 	}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerTests.java
index 2162872879..dbdc70f79e 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerTests.java
@@ -96,7 +96,6 @@ public class CsrfConfigurerTests {
 		this.spring
 				.register(CsrfAppliedDefaultConfig.class, AllowHttpMethodsFirewallConfig.class, BasicController.class)
 				.autowire();
-
 		this.mvc.perform(post("/")).andExpect(status().isForbidden());
 	}
 
@@ -105,7 +104,6 @@ public class CsrfConfigurerTests {
 		this.spring
 				.register(CsrfAppliedDefaultConfig.class, AllowHttpMethodsFirewallConfig.class, BasicController.class)
 				.autowire();
-
 		this.mvc.perform(put("/")).andExpect(status().isForbidden());
 	}
 
@@ -114,7 +112,6 @@ public class CsrfConfigurerTests {
 		this.spring
 				.register(CsrfAppliedDefaultConfig.class, AllowHttpMethodsFirewallConfig.class, BasicController.class)
 				.autowire();
-
 		this.mvc.perform(patch("/")).andExpect(status().isForbidden());
 	}
 
@@ -123,7 +120,6 @@ public class CsrfConfigurerTests {
 		this.spring
 				.register(CsrfAppliedDefaultConfig.class, AllowHttpMethodsFirewallConfig.class, BasicController.class)
 				.autowire();
-
 		this.mvc.perform(delete("/")).andExpect(status().isForbidden());
 	}
 
@@ -132,7 +128,6 @@ public class CsrfConfigurerTests {
 		this.spring
 				.register(CsrfAppliedDefaultConfig.class, AllowHttpMethodsFirewallConfig.class, BasicController.class)
 				.autowire();
-
 		this.mvc.perform(request("INVALID", URI.create("/"))).andExpect(status().isForbidden());
 	}
 
@@ -141,7 +136,6 @@ public class CsrfConfigurerTests {
 		this.spring
 				.register(CsrfAppliedDefaultConfig.class, AllowHttpMethodsFirewallConfig.class, BasicController.class)
 				.autowire();
-
 		this.mvc.perform(get("/")).andExpect(status().isOk());
 	}
 
@@ -150,7 +144,6 @@ public class CsrfConfigurerTests {
 		this.spring
 				.register(CsrfAppliedDefaultConfig.class, AllowHttpMethodsFirewallConfig.class, BasicController.class)
 				.autowire();
-
 		this.mvc.perform(head("/")).andExpect(status().isOk());
 	}
 
@@ -159,7 +152,6 @@ public class CsrfConfigurerTests {
 		this.spring
 				.register(CsrfAppliedDefaultConfig.class, AllowHttpMethodsFirewallConfig.class, BasicController.class)
 				.autowire();
-
 		this.mvc.perform(request(HttpMethod.TRACE, "/")).andExpect(status().isOk());
 	}
 
@@ -168,28 +160,24 @@ public class CsrfConfigurerTests {
 		this.spring
 				.register(CsrfAppliedDefaultConfig.class, AllowHttpMethodsFirewallConfig.class, BasicController.class)
 				.autowire();
-
 		this.mvc.perform(options("/")).andExpect(status().isOk());
 	}
 
 	@Test
 	public void enableWebSecurityWhenDefaultConfigurationThenCreatesRequestDataValueProcessor() {
 		this.spring.register(CsrfAppliedDefaultConfig.class, AllowHttpMethodsFirewallConfig.class).autowire();
-
 		assertThat(this.spring.getContext().getBean(RequestDataValueProcessor.class)).isNotNull();
 	}
 
 	@Test
 	public void postWhenCsrfDisabledThenRespondsWithOk() throws Exception {
 		this.spring.register(DisableCsrfConfig.class, BasicController.class).autowire();
-
 		this.mvc.perform(post("/")).andExpect(status().isOk());
 	}
 
 	@Test
 	public void postWhenCsrfDisabledInLambdaThenRespondsWithOk() throws Exception {
 		this.spring.register(DisableCsrfInLambdaConfig.class, BasicController.class).autowire();
-
 		this.mvc.perform(post("/")).andExpect(status().isOk());
 	}
 
@@ -197,9 +185,7 @@ public class CsrfConfigurerTests {
 	@Test
 	public void loginWhenCsrfDisabledThenRedirectsToPreviousPostRequest() throws Exception {
 		this.spring.register(DisableCsrfEnablesRequestCacheConfig.class).autowire();
-
 		MvcResult mvcResult = this.mvc.perform(post("/to-save")).andReturn();
-
 		this.mvc.perform(post("/login").param("username", "user").param("password", "password")
 				.session((MockHttpSession) mvcResult.getRequest().getSession())).andExpect(status().isFound())
 				.andExpect(redirectedUrl("http://localhost/to-save"));
@@ -212,12 +198,10 @@ public class CsrfConfigurerTests {
 		given(CsrfDisablesPostRequestFromRequestCacheConfig.REPO.loadToken(any())).willReturn(csrfToken);
 		given(CsrfDisablesPostRequestFromRequestCacheConfig.REPO.generateToken(any())).willReturn(csrfToken);
 		this.spring.register(CsrfDisablesPostRequestFromRequestCacheConfig.class).autowire();
-
 		MvcResult mvcResult = this.mvc.perform(post("/some-url")).andReturn();
 		this.mvc.perform(post("/login").param("username", "user").param("password", "password").with(csrf())
 				.session((MockHttpSession) mvcResult.getRequest().getSession())).andExpect(status().isFound())
 				.andExpect(redirectedUrl("/"));
-
 		verify(CsrfDisablesPostRequestFromRequestCacheConfig.REPO, atLeastOnce())
 				.loadToken(any(HttpServletRequest.class));
 	}
@@ -229,12 +213,10 @@ public class CsrfConfigurerTests {
 		given(CsrfDisablesPostRequestFromRequestCacheConfig.REPO.loadToken(any())).willReturn(csrfToken);
 		given(CsrfDisablesPostRequestFromRequestCacheConfig.REPO.generateToken(any())).willReturn(csrfToken);
 		this.spring.register(CsrfDisablesPostRequestFromRequestCacheConfig.class).autowire();
-
 		MvcResult mvcResult = this.mvc.perform(get("/some-url")).andReturn();
 		this.mvc.perform(post("/login").param("username", "user").param("password", "password").with(csrf())
 				.session((MockHttpSession) mvcResult.getRequest().getSession())).andExpect(status().isFound())
 				.andExpect(redirectedUrl("http://localhost/some-url"));
-
 		verify(CsrfDisablesPostRequestFromRequestCacheConfig.REPO, atLeastOnce())
 				.loadToken(any(HttpServletRequest.class));
 	}
@@ -243,10 +225,8 @@ public class CsrfConfigurerTests {
 	@Test
 	public void postWhenCsrfEnabledAndSessionIsExpiredThenRespondsWithForbidden() throws Exception {
 		this.spring.register(InvalidSessionUrlConfig.class).autowire();
-
 		MvcResult mvcResult = this.mvc.perform(post("/").param("_csrf", "abc")).andExpect(status().isFound())
 				.andExpect(redirectedUrl("/error/sessionError")).andReturn();
-
 		this.mvc.perform(post("/").session((MockHttpSession) mvcResult.getRequest().getSession()))
 				.andExpect(status().isForbidden());
 	}
@@ -255,7 +235,6 @@ public class CsrfConfigurerTests {
 	public void requireCsrfProtectionMatcherWhenRequestDoesNotMatchThenRespondsWithOk() throws Exception {
 		this.spring.register(RequireCsrfProtectionMatcherConfig.class, BasicController.class).autowire();
 		given(RequireCsrfProtectionMatcherConfig.MATCHER.matches(any())).willReturn(false);
-
 		this.mvc.perform(get("/")).andExpect(status().isOk());
 	}
 
@@ -264,7 +243,6 @@ public class CsrfConfigurerTests {
 		RequireCsrfProtectionMatcherConfig.MATCHER = mock(RequestMatcher.class);
 		given(RequireCsrfProtectionMatcherConfig.MATCHER.matches(any())).willReturn(true);
 		this.spring.register(RequireCsrfProtectionMatcherConfig.class, BasicController.class).autowire();
-
 		this.mvc.perform(get("/")).andExpect(status().isForbidden());
 	}
 
@@ -273,7 +251,6 @@ public class CsrfConfigurerTests {
 		RequireCsrfProtectionMatcherInLambdaConfig.MATCHER = mock(RequestMatcher.class);
 		this.spring.register(RequireCsrfProtectionMatcherInLambdaConfig.class, BasicController.class).autowire();
 		given(RequireCsrfProtectionMatcherInLambdaConfig.MATCHER.matches(any())).willReturn(false);
-
 		this.mvc.perform(get("/")).andExpect(status().isOk());
 	}
 
@@ -282,7 +259,6 @@ public class CsrfConfigurerTests {
 		RequireCsrfProtectionMatcherInLambdaConfig.MATCHER = mock(RequestMatcher.class);
 		given(RequireCsrfProtectionMatcherInLambdaConfig.MATCHER.matches(any())).willReturn(true);
 		this.spring.register(RequireCsrfProtectionMatcherInLambdaConfig.class, BasicController.class).autowire();
-
 		this.mvc.perform(get("/")).andExpect(status().isForbidden());
 	}
 
@@ -292,7 +268,6 @@ public class CsrfConfigurerTests {
 		given(CsrfTokenRepositoryConfig.REPO.loadToken(any()))
 				.willReturn(new DefaultCsrfToken("X-CSRF-TOKEN", "_csrf", "token"));
 		this.spring.register(CsrfTokenRepositoryConfig.class, BasicController.class).autowire();
-
 		this.mvc.perform(get("/")).andExpect(status().isOk());
 		verify(CsrfTokenRepositoryConfig.REPO).loadToken(any(HttpServletRequest.class));
 	}
@@ -301,9 +276,7 @@ public class CsrfConfigurerTests {
 	public void logoutWhenCustomCsrfTokenRepositoryThenCsrfTokenIsCleared() throws Exception {
 		CsrfTokenRepositoryConfig.REPO = mock(CsrfTokenRepository.class);
 		this.spring.register(CsrfTokenRepositoryConfig.class, BasicController.class).autowire();
-
 		this.mvc.perform(post("/logout").with(csrf()).with(user("user")));
-
 		verify(CsrfTokenRepositoryConfig.REPO).saveToken(isNull(), any(HttpServletRequest.class),
 				any(HttpServletResponse.class));
 	}
@@ -315,10 +288,8 @@ public class CsrfConfigurerTests {
 		given(CsrfTokenRepositoryConfig.REPO.loadToken(any())).willReturn(csrfToken);
 		given(CsrfTokenRepositoryConfig.REPO.generateToken(any())).willReturn(csrfToken);
 		this.spring.register(CsrfTokenRepositoryConfig.class, BasicController.class).autowire();
-
 		this.mvc.perform(post("/login").with(csrf()).param("username", "user").param("password", "password"))
 				.andExpect(redirectedUrl("/"));
-
 		verify(CsrfTokenRepositoryConfig.REPO).saveToken(isNull(), any(HttpServletRequest.class),
 				any(HttpServletResponse.class));
 	}
@@ -329,7 +300,6 @@ public class CsrfConfigurerTests {
 		given(CsrfTokenRepositoryInLambdaConfig.REPO.loadToken(any()))
 				.willReturn(new DefaultCsrfToken("X-CSRF-TOKEN", "_csrf", "token"));
 		this.spring.register(CsrfTokenRepositoryInLambdaConfig.class, BasicController.class).autowire();
-
 		this.mvc.perform(get("/")).andExpect(status().isOk());
 		verify(CsrfTokenRepositoryInLambdaConfig.REPO).loadToken(any(HttpServletRequest.class));
 	}
@@ -338,9 +308,7 @@ public class CsrfConfigurerTests {
 	public void getWhenCustomAccessDeniedHandlerThenHandlerIsUsed() throws Exception {
 		AccessDeniedHandlerConfig.DENIED_HANDLER = mock(AccessDeniedHandler.class);
 		this.spring.register(AccessDeniedHandlerConfig.class, BasicController.class).autowire();
-
 		this.mvc.perform(post("/")).andExpect(status().isOk());
-
 		verify(AccessDeniedHandlerConfig.DENIED_HANDLER).handle(any(HttpServletRequest.class),
 				any(HttpServletResponse.class), any());
 	}
@@ -348,7 +316,6 @@ public class CsrfConfigurerTests {
 	@Test
 	public void loginWhenNoCsrfTokenThenRespondsWithForbidden() throws Exception {
 		this.spring.register(FormLoginConfig.class).autowire();
-
 		this.mvc.perform(post("/login").param("username", "user").param("password", "password"))
 				.andExpect(status().isForbidden()).andExpect(unauthenticated());
 	}
@@ -356,7 +323,6 @@ public class CsrfConfigurerTests {
 	@Test
 	public void logoutWhenNoCsrfTokenThenRespondsWithForbidden() throws Exception {
 		this.spring.register(FormLoginConfig.class).autowire();
-
 		this.mvc.perform(post("/logout").with(user("username"))).andExpect(status().isForbidden())
 				.andExpect(authenticated());
 	}
@@ -365,14 +331,12 @@ public class CsrfConfigurerTests {
 	@Test
 	public void logoutWhenCsrfEnabledAndGetRequestThenDoesNotLogout() throws Exception {
 		this.spring.register(FormLoginConfig.class).autowire();
-
 		this.mvc.perform(get("/logout").with(user("username"))).andExpect(authenticated());
 	}
 
 	@Test
 	public void logoutWhenGetRequestAndGetEnabledForLogoutThenLogsOut() throws Exception {
 		this.spring.register(LogoutAllowsGetConfig.class).autowire();
-
 		this.mvc.perform(get("/logout").with(user("username"))).andExpect(unauthenticated());
 	}
 
@@ -386,9 +350,7 @@ public class CsrfConfigurerTests {
 	@Test
 	public void getWhenDefaultCsrfTokenRepositoryThenDoesNotCreateSession() throws Exception {
 		this.spring.register(DefaultDoesNotCreateSession.class).autowire();
-
 		MvcResult mvcResult = this.mvc.perform(get("/")).andReturn();
-
 		assertThat(mvcResult.getRequest().getSession(false)).isNull();
 	}
 
@@ -401,12 +363,9 @@ public class CsrfConfigurerTests {
 	@Test
 	public void csrfAuthenticationStrategyConfiguredThenStrategyUsed() throws Exception {
 		CsrfAuthenticationStrategyConfig.STRATEGY = mock(SessionAuthenticationStrategy.class);
-
 		this.spring.register(CsrfAuthenticationStrategyConfig.class).autowire();
-
 		this.mvc.perform(post("/login").with(csrf()).param("username", "user").param("password", "password"))
 				.andExpect(redirectedUrl("/"));
-
 		verify(CsrfAuthenticationStrategyConfig.STRATEGY, atLeastOnce()).onAuthentication(any(Authentication.class),
 				any(HttpServletRequest.class), any(HttpServletResponse.class));
 	}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/DefaultFiltersTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/DefaultFiltersTests.java
index ef9220d001..f16d989226 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/DefaultFiltersTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/DefaultFiltersTests.java
@@ -100,10 +100,8 @@ public class DefaultFiltersTests {
 		assertThat(filterChains.size()).isEqualTo(2);
 		DefaultSecurityFilterChain firstFilter = (DefaultSecurityFilterChain) filterChains.get(0);
 		DefaultSecurityFilterChain secondFilter = (DefaultSecurityFilterChain) filterChains.get(1);
-
 		assertThat(firstFilter.getFilters().isEmpty()).isEqualTo(true);
 		assertThat(secondFilter.getRequestMatcher()).isInstanceOf(AnyRequestMatcher.class);
-
 		List<? extends Class<? extends Filter>> classes = secondFilter.getFilters().stream().map(Filter::getClass)
 				.collect(Collectors.toList());
 		assertThat(classes.contains(WebAsyncManagerIntegrationFilter.class)).isTrue();
@@ -125,11 +123,9 @@ public class DefaultFiltersTests {
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		MockHttpServletRequest request = new MockHttpServletRequest("POST", "");
 		request.setServletPath("/logout");
-
 		CsrfToken csrfToken = new DefaultCsrfToken("X-CSRF-TOKEN", "_csrf", "BaseSpringSpec_CSRFTOKEN");
 		new HttpSessionCsrfTokenRepository().saveToken(csrfToken, request, response);
 		request.setParameter(csrfToken.getParameterName(), csrfToken.getToken());
-
 		this.spring.getContext().getBean("springSecurityFilterChain", Filter.class).doFilter(request, response,
 				new MockFilterChain());
 		assertThat(response.getRedirectedUrl()).isEqualTo("/login?logout");
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/DefaultLoginPageConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/DefaultLoginPageConfigurerTests.java
index 3b398acaac..3b7ff75b02 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/DefaultLoginPageConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/DefaultLoginPageConfigurerTests.java
@@ -68,7 +68,6 @@ public class DefaultLoginPageConfigurerTests {
 	@Test
 	public void getWhenFormLoginEnabledThenRedirectsToLoginPage() throws Exception {
 		this.spring.register(DefaultLoginPageConfig.class).autowire();
-
 		this.mvc.perform(get("/")).andExpect(redirectedUrl("http://localhost/login"));
 	}
 
@@ -77,7 +76,6 @@ public class DefaultLoginPageConfigurerTests {
 		this.spring.register(DefaultLoginPageConfig.class).autowire();
 		CsrfToken csrfToken = new DefaultCsrfToken("X-CSRF-TOKEN", "_csrf", "BaseSpringSpec_CSRFTOKEN");
 		String csrfAttributeName = HttpSessionCsrfTokenRepository.class.getName().concat(".CSRF_TOKEN");
-
 		this.mvc.perform(get("/login").sessionAttr(csrfAttributeName, csrfToken))
 				.andExpect(content().string("<!DOCTYPE html>\n" + "<html lang=\"en\">\n" + "  <head>\n"
 						+ "    <meta charset=\"utf-8\">\n"
@@ -103,7 +101,6 @@ public class DefaultLoginPageConfigurerTests {
 	@Test
 	public void loginWhenNoCredentialsThenRedirectedToLoginPageWithError() throws Exception {
 		this.spring.register(DefaultLoginPageConfig.class).autowire();
-
 		this.mvc.perform(post("/login").with(csrf())).andExpect(redirectedUrl("/login?error"));
 	}
 
@@ -112,9 +109,7 @@ public class DefaultLoginPageConfigurerTests {
 		this.spring.register(DefaultLoginPageConfig.class).autowire();
 		CsrfToken csrfToken = new DefaultCsrfToken("X-CSRF-TOKEN", "_csrf", "BaseSpringSpec_CSRFTOKEN");
 		String csrfAttributeName = HttpSessionCsrfTokenRepository.class.getName().concat(".CSRF_TOKEN");
-
 		MvcResult mvcResult = this.mvc.perform(post("/login").with(csrf())).andReturn();
-
 		this.mvc.perform(get("/login?error").session((MockHttpSession) mvcResult.getRequest().getSession())
 				.sessionAttr(csrfAttributeName, csrfToken))
 				.andExpect(content().string("<!DOCTYPE html>\n" + "<html lang=\"en\">\n" + "  <head>\n"
@@ -142,7 +137,6 @@ public class DefaultLoginPageConfigurerTests {
 	@Test
 	public void loginWhenValidCredentialsThenRedirectsToDefaultSuccessPage() throws Exception {
 		this.spring.register(DefaultLoginPageConfig.class).autowire();
-
 		this.mvc.perform(post("/login").with(csrf()).param("username", "user").param("password", "password"))
 				.andExpect(redirectedUrl("/"));
 	}
@@ -152,7 +146,6 @@ public class DefaultLoginPageConfigurerTests {
 		this.spring.register(DefaultLoginPageConfig.class).autowire();
 		CsrfToken csrfToken = new DefaultCsrfToken("X-CSRF-TOKEN", "_csrf", "BaseSpringSpec_CSRFTOKEN");
 		String csrfAttributeName = HttpSessionCsrfTokenRepository.class.getName().concat(".CSRF_TOKEN");
-
 		this.mvc.perform(get("/login?logout").sessionAttr(csrfAttributeName, csrfToken))
 				.andExpect(content().string("<!DOCTYPE html>\n" + "<html lang=\"en\">\n" + "  <head>\n"
 						+ "    <meta charset=\"utf-8\">\n"
@@ -179,14 +172,12 @@ public class DefaultLoginPageConfigurerTests {
 	@Test
 	public void loginPageWhenLoggedOutAndCustomLogoutSuccessHandlerThenDoesNotRenderLoginPage() throws Exception {
 		this.spring.register(DefaultLoginPageCustomLogoutSuccessHandlerConfig.class).autowire();
-
 		this.mvc.perform(get("/login?logout")).andExpect(content().string(""));
 	}
 
 	@Test
 	public void loginPageWhenLoggedOutAndCustomLogoutSuccessUrlThenDoesNotRenderLoginPage() throws Exception {
 		this.spring.register(DefaultLoginPageCustomLogoutSuccessUrlConfig.class).autowire();
-
 		this.mvc.perform(get("/login?logout")).andExpect(content().string(""));
 	}
 
@@ -195,7 +186,6 @@ public class DefaultLoginPageConfigurerTests {
 		this.spring.register(DefaultLoginPageWithRememberMeConfig.class).autowire();
 		CsrfToken csrfToken = new DefaultCsrfToken("X-CSRF-TOKEN", "_csrf", "BaseSpringSpec_CSRFTOKEN");
 		String csrfAttributeName = HttpSessionCsrfTokenRepository.class.getName().concat(".CSRF_TOKEN");
-
 		this.mvc.perform(get("/login").sessionAttr(csrfAttributeName, csrfToken))
 				.andExpect(content().string("<!DOCTYPE html>\n" + "<html lang=\"en\">\n" + "  <head>\n"
 						+ "    <meta charset=\"utf-8\">\n"
@@ -223,10 +213,8 @@ public class DefaultLoginPageConfigurerTests {
 	@Test
 	public void loginPageWhenOpenIdLoginConfiguredThenOpedIdLoginPage() throws Exception {
 		this.spring.register(DefaultLoginPageWithOpenIDConfig.class).autowire();
-
 		CsrfToken csrfToken = new DefaultCsrfToken("X-CSRF-TOKEN", "_csrf", "BaseSpringSpec_CSRFTOKEN");
 		String csrfAttributeName = HttpSessionCsrfTokenRepository.class.getName().concat(".CSRF_TOKEN");
-
 		this.mvc.perform(get("/login").sessionAttr(csrfAttributeName, csrfToken))
 				.andExpect(content().string("<!DOCTYPE html>\n" + "<html lang=\"en\">\n" + "  <head>\n"
 						+ "    <meta charset=\"utf-8\">\n"
@@ -251,7 +239,6 @@ public class DefaultLoginPageConfigurerTests {
 		this.spring.register(DefaultLoginPageWithFormLoginOpenIDRememberMeConfig.class).autowire();
 		CsrfToken csrfToken = new DefaultCsrfToken("X-CSRF-TOKEN", "_csrf", "BaseSpringSpec_CSRFTOKEN");
 		String csrfAttributeName = HttpSessionCsrfTokenRepository.class.getName().concat(".CSRF_TOKEN");
-
 		this.mvc.perform(get("/login").sessionAttr(csrfAttributeName, csrfToken))
 				.andExpect(content().string("<!DOCTYPE html>\n" + "<html lang=\"en\">\n" + "  <head>\n"
 						+ "    <meta charset=\"utf-8\">\n"
@@ -290,7 +277,6 @@ public class DefaultLoginPageConfigurerTests {
 	public void configureWhenRegisteringObjectPostProcessorThenInvokedOnDefaultLoginPageGeneratingFilter() {
 		ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class);
 		this.spring.register(ObjectPostProcessorConfig.class).autowire();
-
 		verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(DefaultLoginPageGeneratingFilter.class));
 	}
 
@@ -298,7 +284,6 @@ public class DefaultLoginPageConfigurerTests {
 	public void configureWhenRegisteringObjectPostProcessorThenInvokedOnUsernamePasswordAuthenticationFilter() {
 		ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class);
 		this.spring.register(ObjectPostProcessorConfig.class).autowire();
-
 		verify(ObjectPostProcessorConfig.objectPostProcessor)
 				.postProcess(any(UsernamePasswordAuthenticationFilter.class));
 	}
@@ -307,7 +292,6 @@ public class DefaultLoginPageConfigurerTests {
 	public void configureWhenRegisteringObjectPostProcessorThenInvokedOnLoginUrlAuthenticationEntryPoint() {
 		ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class);
 		this.spring.register(ObjectPostProcessorConfig.class).autowire();
-
 		verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(LoginUrlAuthenticationEntryPoint.class));
 	}
 
@@ -315,14 +299,12 @@ public class DefaultLoginPageConfigurerTests {
 	public void configureWhenRegisteringObjectPostProcessorThenInvokedOnExceptionTranslationFilter() {
 		ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class);
 		this.spring.register(ObjectPostProcessorConfig.class).autowire();
-
 		verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(ExceptionTranslationFilter.class));
 	}
 
 	@Test
 	public void configureWhenAuthenticationEntryPointThenNoDefaultLoginPageGeneratingFilter() {
 		this.spring.register(DefaultLoginWithCustomAuthenticationEntryPointConfig.class).autowire();
-
 		FilterChainProxy filterChain = this.spring.getContext().getBean(FilterChainProxy.class);
 		assertThat(filterChain.getFilterChains().get(0).getFilters().stream()
 				.filter((filter) -> filter.getClass().isAssignableFrom(DefaultLoginPageGeneratingFilter.class)).count())
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurerAccessDeniedHandlerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurerAccessDeniedHandlerTests.java
index 139b2ab63b..1022b268e5 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurerAccessDeniedHandlerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurerAccessDeniedHandlerTests.java
@@ -55,9 +55,7 @@ public class ExceptionHandlingConfigurerAccessDeniedHandlerTests {
 	@WithMockUser(roles = "ANYTHING")
 	public void getWhenAccessDeniedOverriddenThenCustomizesResponseByRequest() throws Exception {
 		this.spring.register(RequestMatcherBasedAccessDeniedHandlerConfig.class).autowire();
-
 		this.mvc.perform(get("/hello")).andExpect(status().isIAmATeapot());
-
 		this.mvc.perform(get("/goodbye")).andExpect(status().isForbidden());
 	}
 
@@ -65,9 +63,7 @@ public class ExceptionHandlingConfigurerAccessDeniedHandlerTests {
 	@WithMockUser(roles = "ANYTHING")
 	public void getWhenAccessDeniedOverriddenInLambdaThenCustomizesResponseByRequest() throws Exception {
 		this.spring.register(RequestMatcherBasedAccessDeniedHandlerInLambdaConfig.class).autowire();
-
 		this.mvc.perform(get("/hello")).andExpect(status().isIAmATeapot());
-
 		this.mvc.perform(get("/goodbye")).andExpect(status().isForbidden());
 	}
 
@@ -75,9 +71,7 @@ public class ExceptionHandlingConfigurerAccessDeniedHandlerTests {
 	@WithMockUser(roles = "ANYTHING")
 	public void getWhenAccessDeniedOverriddenByOnlyOneHandlerThenAllRequestsUseThatHandler() throws Exception {
 		this.spring.register(SingleRequestMatcherAccessDeniedHandlerConfig.class).autowire();
-
 		this.mvc.perform(get("/hello")).andExpect(status().isIAmATeapot());
-
 		this.mvc.perform(get("/goodbye")).andExpect(status().isIAmATeapot());
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurerTests.java
index bc22565be6..594083644f 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurerTests.java
@@ -67,7 +67,6 @@ public class ExceptionHandlingConfigurerTests {
 	@Test
 	public void configureWhenRegisteringObjectPostProcessorThenInvokedOnExceptionTranslationFilter() {
 		this.spring.register(ObjectPostProcessorConfig.class, DefaultSecurityConfig.class).autowire();
-
 		verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(ExceptionTranslationFilter.class));
 	}
 
@@ -75,7 +74,6 @@ public class ExceptionHandlingConfigurerTests {
 	@Test
 	public void getWhenAcceptHeaderIsApplicationXhtmlXmlThenRespondsWith302() throws Exception {
 		this.spring.register(HttpBasicAndFormLoginEntryPointsConfig.class).autowire();
-
 		this.mvc.perform(get("/").header(HttpHeaders.ACCEPT, MediaType.APPLICATION_XHTML_XML))
 				.andExpect(status().isFound());
 	}
@@ -84,7 +82,6 @@ public class ExceptionHandlingConfigurerTests {
 	@Test
 	public void getWhenAcceptHeaderIsImageGifThenRespondsWith302() throws Exception {
 		this.spring.register(HttpBasicAndFormLoginEntryPointsConfig.class).autowire();
-
 		this.mvc.perform(get("/").header(HttpHeaders.ACCEPT, MediaType.IMAGE_GIF)).andExpect(status().isFound());
 	}
 
@@ -92,7 +89,6 @@ public class ExceptionHandlingConfigurerTests {
 	@Test
 	public void getWhenAcceptHeaderIsImageJpgThenRespondsWith302() throws Exception {
 		this.spring.register(HttpBasicAndFormLoginEntryPointsConfig.class).autowire();
-
 		this.mvc.perform(get("/").header(HttpHeaders.ACCEPT, MediaType.IMAGE_JPEG)).andExpect(status().isFound());
 	}
 
@@ -100,7 +96,6 @@ public class ExceptionHandlingConfigurerTests {
 	@Test
 	public void getWhenAcceptHeaderIsImagePngThenRespondsWith302() throws Exception {
 		this.spring.register(HttpBasicAndFormLoginEntryPointsConfig.class).autowire();
-
 		this.mvc.perform(get("/").header(HttpHeaders.ACCEPT, MediaType.IMAGE_PNG)).andExpect(status().isFound());
 	}
 
@@ -108,7 +103,6 @@ public class ExceptionHandlingConfigurerTests {
 	@Test
 	public void getWhenAcceptHeaderIsTextHtmlThenRespondsWith302() throws Exception {
 		this.spring.register(HttpBasicAndFormLoginEntryPointsConfig.class).autowire();
-
 		this.mvc.perform(get("/").header(HttpHeaders.ACCEPT, MediaType.TEXT_HTML)).andExpect(status().isFound());
 	}
 
@@ -116,7 +110,6 @@ public class ExceptionHandlingConfigurerTests {
 	@Test
 	public void getWhenAcceptHeaderIsTextPlainThenRespondsWith302() throws Exception {
 		this.spring.register(HttpBasicAndFormLoginEntryPointsConfig.class).autowire();
-
 		this.mvc.perform(get("/").header(HttpHeaders.ACCEPT, MediaType.TEXT_PLAIN)).andExpect(status().isFound());
 	}
 
@@ -124,7 +117,6 @@ public class ExceptionHandlingConfigurerTests {
 	@Test
 	public void getWhenAcceptHeaderIsApplicationAtomXmlThenRespondsWith401() throws Exception {
 		this.spring.register(HttpBasicAndFormLoginEntryPointsConfig.class).autowire();
-
 		this.mvc.perform(get("/").header(HttpHeaders.ACCEPT, MediaType.APPLICATION_ATOM_XML))
 				.andExpect(status().isUnauthorized());
 	}
@@ -133,7 +125,6 @@ public class ExceptionHandlingConfigurerTests {
 	@Test
 	public void getWhenAcceptHeaderIsApplicationFormUrlEncodedThenRespondsWith401() throws Exception {
 		this.spring.register(HttpBasicAndFormLoginEntryPointsConfig.class).autowire();
-
 		this.mvc.perform(get("/").header(HttpHeaders.ACCEPT, MediaType.APPLICATION_FORM_URLENCODED))
 				.andExpect(status().isUnauthorized());
 	}
@@ -142,7 +133,6 @@ public class ExceptionHandlingConfigurerTests {
 	@Test
 	public void getWhenAcceptHeaderIsApplicationJsonThenRespondsWith401() throws Exception {
 		this.spring.register(HttpBasicAndFormLoginEntryPointsConfig.class).autowire();
-
 		this.mvc.perform(get("/").header(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON))
 				.andExpect(status().isUnauthorized());
 	}
@@ -151,7 +141,6 @@ public class ExceptionHandlingConfigurerTests {
 	@Test
 	public void getWhenAcceptHeaderIsApplicationOctetStreamThenRespondsWith401() throws Exception {
 		this.spring.register(HttpBasicAndFormLoginEntryPointsConfig.class).autowire();
-
 		this.mvc.perform(get("/").header(HttpHeaders.ACCEPT, MediaType.APPLICATION_OCTET_STREAM))
 				.andExpect(status().isUnauthorized());
 	}
@@ -160,7 +149,6 @@ public class ExceptionHandlingConfigurerTests {
 	@Test
 	public void getWhenAcceptHeaderIsMultipartFormDataThenRespondsWith401() throws Exception {
 		this.spring.register(HttpBasicAndFormLoginEntryPointsConfig.class).autowire();
-
 		this.mvc.perform(get("/").header(HttpHeaders.ACCEPT, MediaType.MULTIPART_FORM_DATA))
 				.andExpect(status().isUnauthorized());
 	}
@@ -169,7 +157,6 @@ public class ExceptionHandlingConfigurerTests {
 	@Test
 	public void getWhenAcceptHeaderIsTextXmlThenRespondsWith401() throws Exception {
 		this.spring.register(HttpBasicAndFormLoginEntryPointsConfig.class).autowire();
-
 		this.mvc.perform(get("/").header(HttpHeaders.ACCEPT, MediaType.TEXT_XML)).andExpect(status().isUnauthorized());
 	}
 
@@ -177,14 +164,12 @@ public class ExceptionHandlingConfigurerTests {
 	@Test
 	public void getWhenAcceptIsAnyThenRespondsWith401() throws Exception {
 		this.spring.register(DefaultSecurityConfig.class).autowire();
-
 		this.mvc.perform(get("/").header(HttpHeaders.ACCEPT, MediaType.ALL)).andExpect(status().isUnauthorized());
 	}
 
 	@Test
 	public void getWhenAcceptIsChromeThenRespondsWith302() throws Exception {
 		this.spring.register(DefaultSecurityConfig.class).autowire();
-
 		this.mvc.perform(get("/").header(HttpHeaders.ACCEPT,
 				"text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8"))
 				.andExpect(status().isFound());
@@ -193,7 +178,6 @@ public class ExceptionHandlingConfigurerTests {
 	@Test
 	public void getWhenAcceptIsTextPlainAndXRequestedWithIsXHRThenRespondsWith401() throws Exception {
 		this.spring.register(HttpBasicAndFormLoginEntryPointsConfig.class).autowire();
-
 		this.mvc.perform(get("/").header("Accept", MediaType.TEXT_PLAIN).header("X-Requested-With", "XMLHttpRequest"))
 				.andExpect(status().isUnauthorized());
 	}
@@ -202,9 +186,7 @@ public class ExceptionHandlingConfigurerTests {
 	public void getWhenCustomContentNegotiationStrategyThenStrategyIsUsed() throws Exception {
 		this.spring.register(OverrideContentNegotiationStrategySharedObjectConfig.class, DefaultSecurityConfig.class)
 				.autowire();
-
 		this.mvc.perform(get("/"));
-
 		verify(OverrideContentNegotiationStrategySharedObjectConfig.CNS, atLeastOnce())
 				.resolveMediaTypes(any(NativeWebRequest.class));
 	}
@@ -212,7 +194,6 @@ public class ExceptionHandlingConfigurerTests {
 	@Test
 	public void getWhenUsingDefaultsAndUnauthenticatedThenRedirectsToLogin() throws Exception {
 		this.spring.register(DefaultHttpConfig.class).autowire();
-
 		this.mvc.perform(get("/").header(HttpHeaders.ACCEPT, "bogus/type"))
 				.andExpect(redirectedUrl("http://localhost/login"));
 	}
@@ -220,16 +201,13 @@ public class ExceptionHandlingConfigurerTests {
 	@Test
 	public void getWhenDeclaringHttpBasicBeforeFormLoginThenRespondsWith401() throws Exception {
 		this.spring.register(BasicAuthenticationEntryPointBeforeFormLoginConfig.class).autowire();
-
 		this.mvc.perform(get("/").header(HttpHeaders.ACCEPT, "bogus/type")).andExpect(status().isUnauthorized());
 	}
 
 	@Test
 	public void getWhenInvokingExceptionHandlingTwiceThenOriginalEntryPointUsed() throws Exception {
 		this.spring.register(InvokeTwiceDoesNotOverrideConfig.class).autowire();
-
 		this.mvc.perform(get("/"));
-
 		verify(InvokeTwiceDoesNotOverrideConfig.AEP).commence(any(HttpServletRequest.class),
 				any(HttpServletResponse.class), any(AuthenticationException.class));
 	}
@@ -278,17 +256,14 @@ public class ExceptionHandlingConfigurerTests {
 			// @formatter:off
 		}
 	}
-
 	@EnableWebSecurity
 	static class HttpBasicAndFormLoginEntryPointsConfig extends WebSecurityConfigurerAdapter {
-
 		@Override
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
 			auth
 				.inMemoryAuthentication()
 					.withUser("user").password("password").roles("USER");
 		}
-
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurerTests.java
index d4fb8ebf88..f1abe4e97a 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurerTests.java
@@ -93,7 +93,6 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 	@Test
 	public void configureWhenNoCustomAccessDecisionManagerThenUsesAffirmativeBased() {
 		this.spring.register(NoSpecificAccessDecisionManagerConfig.class).autowire();
-
 		verify(NoSpecificAccessDecisionManagerConfig.objectPostProcessor).postProcess(any(AffirmativeBased.class));
 	}
 
@@ -113,7 +112,6 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 	@Test
 	public void getWhenHasAnyAuthorityRoleUserConfiguredAndAuthorityIsRoleUserThenRespondsWithOk() throws Exception {
 		this.spring.register(RoleUserAnyAuthorityConfig.class, BasicController.class).autowire();
-
 		this.mvc.perform(get("/").with(user("user").authorities(new SimpleGrantedAuthority("ROLE_USER"))))
 				.andExpect(status().isOk());
 	}
@@ -122,7 +120,6 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 	public void getWhenHasAnyAuthorityRoleUserConfiguredAndAuthorityIsRoleAdminThenRespondsWithForbidden()
 			throws Exception {
 		this.spring.register(RoleUserAnyAuthorityConfig.class, BasicController.class).autowire();
-
 		this.mvc.perform(get("/").with(user("user").authorities(new SimpleGrantedAuthority("ROLE_ADMIN"))))
 				.andExpect(status().isForbidden());
 	}
@@ -130,14 +127,12 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 	@Test
 	public void getWhenHasAnyAuthorityRoleUserConfiguredAndNoAuthorityThenRespondsWithUnauthorized() throws Exception {
 		this.spring.register(RoleUserAnyAuthorityConfig.class, BasicController.class).autowire();
-
 		this.mvc.perform(get("/")).andExpect(status().isUnauthorized());
 	}
 
 	@Test
 	public void getWhenHasAuthorityRoleUserConfiguredAndAuthorityIsRoleUserThenRespondsWithOk() throws Exception {
 		this.spring.register(RoleUserAuthorityConfig.class, BasicController.class).autowire();
-
 		this.mvc.perform(get("/").with(user("user").authorities(new SimpleGrantedAuthority("ROLE_USER"))))
 				.andExpect(status().isOk());
 	}
@@ -146,7 +141,6 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 	public void getWhenHasAuthorityRoleUserConfiguredAndAuthorityIsRoleAdminThenRespondsWithForbidden()
 			throws Exception {
 		this.spring.register(RoleUserAuthorityConfig.class, BasicController.class).autowire();
-
 		this.mvc.perform(get("/").with(user("user").authorities(new SimpleGrantedAuthority("ROLE_ADMIN"))))
 				.andExpect(status().isForbidden());
 	}
@@ -154,14 +148,12 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 	@Test
 	public void getWhenHasAuthorityRoleUserConfiguredAndNoAuthorityThenRespondsWithUnauthorized() throws Exception {
 		this.spring.register(RoleUserAuthorityConfig.class, BasicController.class).autowire();
-
 		this.mvc.perform(get("/")).andExpect(status().isUnauthorized());
 	}
 
 	@Test
 	public void getWhenAuthorityRoleUserOrAdminRequiredAndAuthorityIsRoleUserThenRespondsWithOk() throws Exception {
 		this.spring.register(RoleUserOrRoleAdminAuthorityConfig.class, BasicController.class).autowire();
-
 		this.mvc.perform(get("/").with(user("user").authorities(new SimpleGrantedAuthority("ROLE_USER"))))
 				.andExpect(status().isOk());
 	}
@@ -169,7 +161,6 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 	@Test
 	public void getWhenAuthorityRoleUserOrAdminRequiredAndAuthorityIsRoleAdminThenRespondsWithOk() throws Exception {
 		this.spring.register(RoleUserOrRoleAdminAuthorityConfig.class, BasicController.class).autowire();
-
 		this.mvc.perform(get("/").with(user("user").authorities(new SimpleGrantedAuthority("ROLE_ADMIN"))))
 				.andExpect(status().isOk());
 	}
@@ -178,7 +169,6 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 	public void getWhenAuthorityRoleUserOrAdminRequiredAndAuthorityIsRoleOtherThenRespondsWithForbidden()
 			throws Exception {
 		this.spring.register(RoleUserOrRoleAdminAuthorityConfig.class, BasicController.class).autowire();
-
 		this.mvc.perform(get("/").with(user("user").authorities(new SimpleGrantedAuthority("ROLE_OTHER"))))
 				.andExpect(status().isForbidden());
 	}
@@ -186,49 +176,42 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 	@Test
 	public void getWhenAuthorityRoleUserOrAdminAuthRequiredAndNoUserThenRespondsWithUnauthorized() throws Exception {
 		this.spring.register(RoleUserOrRoleAdminAuthorityConfig.class, BasicController.class).autowire();
-
 		this.mvc.perform(get("/")).andExpect(status().isUnauthorized());
 	}
 
 	@Test
 	public void getWhenHasAnyRoleUserConfiguredAndRoleIsUserThenRespondsWithOk() throws Exception {
 		this.spring.register(RoleUserConfig.class, BasicController.class).autowire();
-
 		this.mvc.perform(get("/").with(user("user").roles("USER"))).andExpect(status().isOk());
 	}
 
 	@Test
 	public void getWhenHasAnyRoleUserConfiguredAndRoleIsAdminThenRespondsWithForbidden() throws Exception {
 		this.spring.register(RoleUserConfig.class, BasicController.class).autowire();
-
 		this.mvc.perform(get("/").with(user("user").roles("ADMIN"))).andExpect(status().isForbidden());
 	}
 
 	@Test
 	public void getWhenRoleUserOrAdminConfiguredAndRoleIsUserThenRespondsWithOk() throws Exception {
 		this.spring.register(RoleUserOrAdminConfig.class, BasicController.class).autowire();
-
 		this.mvc.perform(get("/").with(user("user").roles("USER"))).andExpect(status().isOk());
 	}
 
 	@Test
 	public void getWhenRoleUserOrAdminConfiguredAndRoleIsAdminThenRespondsWithOk() throws Exception {
 		this.spring.register(RoleUserOrAdminConfig.class, BasicController.class).autowire();
-
 		this.mvc.perform(get("/").with(user("user").roles("ADMIN"))).andExpect(status().isOk());
 	}
 
 	@Test
 	public void getWhenRoleUserOrAdminConfiguredAndRoleIsOtherThenRespondsWithForbidden() throws Exception {
 		this.spring.register(RoleUserOrAdminConfig.class, BasicController.class).autowire();
-
 		this.mvc.perform(get("/").with(user("user").roles("OTHER"))).andExpect(status().isForbidden());
 	}
 
 	@Test
 	public void getWhenHasIpAddressConfiguredAndIpAddressMatchesThenRespondsWithOk() throws Exception {
 		this.spring.register(HasIpAddressConfig.class, BasicController.class).autowire();
-
 		this.mvc.perform(get("/").with((request) -> {
 			request.setRemoteAddr("192.168.1.0");
 			return request;
@@ -238,7 +221,6 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 	@Test
 	public void getWhenHasIpAddressConfiguredAndIpAddressDoesNotMatchThenRespondsWithUnauthorized() throws Exception {
 		this.spring.register(HasIpAddressConfig.class, BasicController.class).autowire();
-
 		this.mvc.perform(get("/").with((request) -> {
 			request.setRemoteAddr("192.168.1.1");
 			return request;
@@ -248,28 +230,24 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 	@Test
 	public void getWhenAnonymousConfiguredAndAnonymousUserThenRespondsWithOk() throws Exception {
 		this.spring.register(AnonymousConfig.class, BasicController.class).autowire();
-
 		this.mvc.perform(get("/")).andExpect(status().isOk());
 	}
 
 	@Test
 	public void getWhenAnonymousConfiguredAndLoggedInUserThenRespondsWithForbidden() throws Exception {
 		this.spring.register(AnonymousConfig.class, BasicController.class).autowire();
-
 		this.mvc.perform(get("/").with(user("user"))).andExpect(status().isForbidden());
 	}
 
 	@Test
 	public void getWhenRememberMeConfiguredAndNoUserThenRespondsWithUnauthorized() throws Exception {
 		this.spring.register(RememberMeConfig.class, BasicController.class).autowire();
-
 		this.mvc.perform(get("/")).andExpect(status().isUnauthorized());
 	}
 
 	@Test
 	public void getWhenRememberMeConfiguredAndRememberMeTokenThenRespondsWithOk() throws Exception {
 		this.spring.register(RememberMeConfig.class, BasicController.class).autowire();
-
 		this.mvc.perform(get("/").with(authentication(
 				new RememberMeAuthenticationToken("key", "user", AuthorityUtils.createAuthorityList("ROLE_USER")))))
 				.andExpect(status().isOk());
@@ -278,28 +256,24 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 	@Test
 	public void getWhenDenyAllConfiguredAndNoUserThenRespondsWithUnauthorized() throws Exception {
 		this.spring.register(DenyAllConfig.class, BasicController.class).autowire();
-
 		this.mvc.perform(get("/")).andExpect(status().isUnauthorized());
 	}
 
 	@Test
 	public void getWheDenyAllConfiguredAndUserLoggedInThenRespondsWithForbidden() throws Exception {
 		this.spring.register(DenyAllConfig.class, BasicController.class).autowire();
-
 		this.mvc.perform(get("/").with(user("user").roles("USER"))).andExpect(status().isForbidden());
 	}
 
 	@Test
 	public void getWhenNotDenyAllConfiguredAndNoUserThenRespondsWithOk() throws Exception {
 		this.spring.register(NotDenyAllConfig.class, BasicController.class).autowire();
-
 		this.mvc.perform(get("/")).andExpect(status().isOk());
 	}
 
 	@Test
 	public void getWhenNotDenyAllConfiguredAndRememberMeTokenThenRespondsWithOk() throws Exception {
 		this.spring.register(NotDenyAllConfig.class, BasicController.class).autowire();
-
 		this.mvc.perform(get("/").with(authentication(
 				new RememberMeAuthenticationToken("key", "user", AuthorityUtils.createAuthorityList("ROLE_USER")))))
 				.andExpect(status().isOk());
@@ -308,7 +282,6 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 	@Test
 	public void getWhenFullyAuthenticatedConfiguredAndRememberMeTokenThenRespondsWithUnauthorized() throws Exception {
 		this.spring.register(FullyAuthenticatedConfig.class, BasicController.class).autowire();
-
 		this.mvc.perform(get("/").with(authentication(
 				new RememberMeAuthenticationToken("key", "user", AuthorityUtils.createAuthorityList("ROLE_USER")))))
 				.andExpect(status().isUnauthorized());
@@ -317,35 +290,30 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 	@Test
 	public void getWhenFullyAuthenticatedConfiguredAndUserThenRespondsWithOk() throws Exception {
 		this.spring.register(FullyAuthenticatedConfig.class, BasicController.class).autowire();
-
 		this.mvc.perform(get("/").with(user("user").roles("USER"))).andExpect(status().isOk());
 	}
 
 	@Test
 	public void getWhenAccessRoleUserOrGetRequestConfiguredThenRespondsWithOk() throws Exception {
 		this.spring.register(AccessConfig.class, BasicController.class).autowire();
-
 		this.mvc.perform(get("/")).andExpect(status().isOk());
 	}
 
 	@Test
 	public void postWhenAccessRoleUserOrGetRequestConfiguredAndRoleUserThenRespondsWithOk() throws Exception {
 		this.spring.register(AccessConfig.class, BasicController.class).autowire();
-
 		this.mvc.perform(post("/").with(csrf()).with(user("user").roles("USER"))).andExpect(status().isOk());
 	}
 
 	@Test
 	public void postWhenAccessRoleUserOrGetRequestConfiguredThenRespondsWithUnauthorized() throws Exception {
 		this.spring.register(AccessConfig.class, BasicController.class).autowire();
-
 		this.mvc.perform(post("/").with(csrf())).andExpect(status().isUnauthorized());
 	}
 
 	@Test
 	public void authorizeRequestsWhenInvokedTwiceThenUsesOriginalConfiguration() throws Exception {
 		this.spring.register(InvokeTwiceDoesNotResetConfig.class, BasicController.class).autowire();
-
 		this.mvc.perform(post("/").with(csrf())).andExpect(status().isUnauthorized());
 	}
 
@@ -358,58 +326,49 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 	public void configureWhenRegisteringObjectPostProcessorThenApplicationListenerInvokedOnAuthorizedEvent()
 			throws Exception {
 		this.spring.register(AuthorizedRequestsWithPostProcessorConfig.class).autowire();
-
 		this.mvc.perform(get("/"));
-
 		verify(AuthorizedRequestsWithPostProcessorConfig.AL).onApplicationEvent(any(AuthorizedEvent.class));
 	}
 
 	@Test
 	public void getWhenPermissionCheckAndRoleDoesNotMatchThenRespondsWithForbidden() throws Exception {
 		this.spring.register(UseBeansInExpressions.class, WildcardController.class).autowire();
-
 		this.mvc.perform(get("/admin").with(user("user").roles("USER"))).andExpect(status().isForbidden());
 	}
 
 	@Test
 	public void getWhenPermissionCheckAndRoleMatchesThenRespondsWithOk() throws Exception {
 		this.spring.register(UseBeansInExpressions.class, WildcardController.class).autowire();
-
 		this.mvc.perform(get("/user").with(user("user").roles("USER"))).andExpect(status().isOk());
 	}
 
 	@Test
 	public void getWhenPermissionCheckAndAuthenticationNameMatchesThenRespondsWithOk() throws Exception {
 		this.spring.register(UseBeansInExpressions.class, WildcardController.class).autowire();
-
 		this.mvc.perform(get("/allow").with(user("user").roles("USER"))).andExpect(status().isOk());
 	}
 
 	@Test
 	public void getWhenPermissionCheckAndAuthenticationNameDoesNotMatchThenRespondsWithForbidden() throws Exception {
 		this.spring.register(UseBeansInExpressions.class, WildcardController.class).autowire();
-
 		this.mvc.perform(get("/deny").with(user("user").roles("USER"))).andExpect(status().isForbidden());
 	}
 
 	@Test
 	public void getWhenCustomExpressionHandlerAndRoleDoesNotMatchThenRespondsWithForbidden() throws Exception {
 		this.spring.register(CustomExpressionRootConfig.class, WildcardController.class).autowire();
-
 		this.mvc.perform(get("/admin").with(user("user").roles("USER"))).andExpect(status().isForbidden());
 	}
 
 	@Test
 	public void getWhenCustomExpressionHandlerAndRoleMatchesThenRespondsWithOk() throws Exception {
 		this.spring.register(CustomExpressionRootConfig.class, WildcardController.class).autowire();
-
 		this.mvc.perform(get("/user").with(user("user").roles("USER"))).andExpect(status().isOk());
 	}
 
 	@Test
 	public void getWhenCustomExpressionHandlerAndAuthenticationNameMatchesThenRespondsWithOk() throws Exception {
 		this.spring.register(CustomExpressionRootConfig.class, WildcardController.class).autowire();
-
 		this.mvc.perform(get("/allow").with(user("user").roles("USER"))).andExpect(status().isOk());
 	}
 
@@ -417,7 +376,6 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 	public void getWhenCustomExpressionHandlerAndAuthenticationNameDoesNotMatchThenRespondsWithForbidden()
 			throws Exception {
 		this.spring.register(CustomExpressionRootConfig.class, WildcardController.class).autowire();
-
 		this.mvc.perform(get("/deny").with(user("user").roles("USER"))).andExpect(status().isForbidden());
 	}
 
@@ -425,7 +383,6 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 	@Test
 	public void configureWhenRegisteringObjectPostProcessorThenInvokedOnAccessDecisionManager() {
 		this.spring.register(Sec3011Config.class).autowire();
-
 		verify(Sec3011Config.objectPostProcessor).postProcess(any(AccessDecisionManager.class));
 	}
 
@@ -433,7 +390,6 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 	public void getWhenRegisteringPermissionEvaluatorAndPermissionWithIdAndTypeMatchesThenRespondsWithOk()
 			throws Exception {
 		this.spring.register(PermissionEvaluatorConfig.class, WildcardController.class).autowire();
-
 		this.mvc.perform(get("/allow")).andExpect(status().isOk());
 	}
 
@@ -441,7 +397,6 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 	public void getWhenRegisteringPermissionEvaluatorAndPermissionWithIdAndTypeDoesNotMatchThenRespondsWithForbidden()
 			throws Exception {
 		this.spring.register(PermissionEvaluatorConfig.class, WildcardController.class).autowire();
-
 		this.mvc.perform(get("/deny")).andExpect(status().isForbidden());
 	}
 
@@ -449,7 +404,6 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 	public void getWhenRegisteringPermissionEvaluatorAndPermissionWithObjectMatchesThenRespondsWithOk()
 			throws Exception {
 		this.spring.register(PermissionEvaluatorConfig.class, WildcardController.class).autowire();
-
 		this.mvc.perform(get("/allowObject")).andExpect(status().isOk());
 	}
 
@@ -457,21 +411,18 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 	public void getWhenRegisteringPermissionEvaluatorAndPermissionWithObjectDoesNotMatchThenRespondsWithForbidden()
 			throws Exception {
 		this.spring.register(PermissionEvaluatorConfig.class, WildcardController.class).autowire();
-
 		this.mvc.perform(get("/denyObject")).andExpect(status().isForbidden());
 	}
 
 	@Test
 	public void getWhenRegisteringRoleHierarchyAndRelatedRoleAllowedThenRespondsWithOk() throws Exception {
 		this.spring.register(RoleHierarchyConfig.class, WildcardController.class).autowire();
-
 		this.mvc.perform(get("/allow").with(user("user").roles("USER"))).andExpect(status().isOk());
 	}
 
 	@Test
 	public void getWhenRegisteringRoleHierarchyAndNoRelatedRolesAllowedThenRespondsWithForbidden() throws Exception {
 		this.spring.register(RoleHierarchyConfig.class, WildcardController.class).autowire();
-
 		this.mvc.perform(get("/deny").with(user("user").roles("USER"))).andExpect(status().isForbidden());
 	}
 
@@ -939,7 +890,6 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 		@Bean
 		PermissionEvaluator permissionEvaluator() {
 			return new PermissionEvaluator() {
-
 				@Override
 				public boolean hasPermission(Authentication authentication, Object targetDomainObject,
 						Object permission) {
@@ -951,7 +901,6 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 						Object permission) {
 					return "ID".equals(targetId) && "TYPE".equals(targetType) && "PERMISSION".equals(permission);
 				}
-
 			};
 		}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/FormLoginConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/FormLoginConfigurerTests.java
index 505d5313a4..af6618b1fa 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/FormLoginConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/FormLoginConfigurerTests.java
@@ -69,29 +69,22 @@ public class FormLoginConfigurerTests {
 	@Test
 	public void requestCache() throws Exception {
 		this.spring.register(RequestCacheConfig.class, AuthenticationTestConfiguration.class).autowire();
-
 		RequestCacheConfig config = this.spring.getContext().getBean(RequestCacheConfig.class);
-
 		this.mockMvc.perform(formLogin()).andExpect(authenticated());
-
 		verify(config.requestCache).getRequest(any(), any());
 	}
 
 	@Test
 	public void requestCacheAsBean() throws Exception {
 		this.spring.register(RequestCacheBeanConfig.class, AuthenticationTestConfiguration.class).autowire();
-
 		RequestCache requestCache = this.spring.getContext().getBean(RequestCache.class);
-
 		this.mockMvc.perform(formLogin()).andExpect(authenticated());
-
 		verify(requestCache).getRequest(any(), any());
 	}
 
 	@Test
 	public void loginWhenFormLoginConfiguredThenHasDefaultUsernameAndPasswordParameterNames() throws Exception {
 		this.spring.register(FormLoginConfig.class).autowire();
-
 		this.mockMvc.perform(formLogin().user("username", "user").password("password", "password"))
 				.andExpect(status().isFound()).andExpect(redirectedUrl("/"));
 	}
@@ -99,7 +92,6 @@ public class FormLoginConfigurerTests {
 	@Test
 	public void loginWhenFormLoginConfiguredThenHasDefaultFailureUrl() throws Exception {
 		this.spring.register(FormLoginConfig.class).autowire();
-
 		this.mockMvc.perform(formLogin().user("invalid")).andExpect(status().isFound())
 				.andExpect(redirectedUrl("/login?error"));
 	}
@@ -107,28 +99,24 @@ public class FormLoginConfigurerTests {
 	@Test
 	public void loginWhenFormLoginConfiguredThenHasDefaultSuccessUrl() throws Exception {
 		this.spring.register(FormLoginConfig.class).autowire();
-
 		this.mockMvc.perform(formLogin()).andExpect(status().isFound()).andExpect(redirectedUrl("/"));
 	}
 
 	@Test
 	public void getLoginPageWhenFormLoginConfiguredThenNotSecured() throws Exception {
 		this.spring.register(FormLoginConfig.class).autowire();
-
 		this.mockMvc.perform(get("/login")).andExpect(status().isFound());
 	}
 
 	@Test
 	public void loginWhenFormLoginConfiguredThenSecured() throws Exception {
 		this.spring.register(FormLoginConfig.class).autowire();
-
 		this.mockMvc.perform(post("/login")).andExpect(status().isForbidden());
 	}
 
 	@Test
 	public void requestProtectedWhenFormLoginConfiguredThenRedirectsToLogin() throws Exception {
 		this.spring.register(FormLoginConfig.class).autowire();
-
 		this.mockMvc.perform(get("/private")).andExpect(status().isFound())
 				.andExpect(redirectedUrl("http://localhost/login"));
 	}
@@ -136,7 +124,6 @@ public class FormLoginConfigurerTests {
 	@Test
 	public void loginWhenFormLoginDefaultsInLambdaThenHasDefaultUsernameAndPasswordParameterNames() throws Exception {
 		this.spring.register(FormLoginInLambdaConfig.class).autowire();
-
 		this.mockMvc.perform(formLogin().user("username", "user").password("password", "password"))
 				.andExpect(status().isFound()).andExpect(redirectedUrl("/"));
 	}
@@ -144,7 +131,6 @@ public class FormLoginConfigurerTests {
 	@Test
 	public void loginWhenFormLoginDefaultsInLambdaThenHasDefaultFailureUrl() throws Exception {
 		this.spring.register(FormLoginInLambdaConfig.class).autowire();
-
 		this.mockMvc.perform(formLogin().user("invalid")).andExpect(status().isFound())
 				.andExpect(redirectedUrl("/login?error"));
 	}
@@ -152,28 +138,24 @@ public class FormLoginConfigurerTests {
 	@Test
 	public void loginWhenFormLoginDefaultsInLambdaThenHasDefaultSuccessUrl() throws Exception {
 		this.spring.register(FormLoginInLambdaConfig.class).autowire();
-
 		this.mockMvc.perform(formLogin()).andExpect(status().isFound()).andExpect(redirectedUrl("/"));
 	}
 
 	@Test
 	public void getLoginPageWhenFormLoginDefaultsInLambdaThenNotSecured() throws Exception {
 		this.spring.register(FormLoginInLambdaConfig.class).autowire();
-
 		this.mockMvc.perform(get("/login")).andExpect(status().isOk());
 	}
 
 	@Test
 	public void loginWhenFormLoginDefaultsInLambdaThenSecured() throws Exception {
 		this.spring.register(FormLoginInLambdaConfig.class).autowire();
-
 		this.mockMvc.perform(post("/login")).andExpect(status().isForbidden());
 	}
 
 	@Test
 	public void requestProtectedWhenFormLoginDefaultsInLambdaThenRedirectsToLogin() throws Exception {
 		this.spring.register(FormLoginInLambdaConfig.class).autowire();
-
 		this.mockMvc.perform(get("/private")).andExpect(status().isFound())
 				.andExpect(redirectedUrl("http://localhost/login"));
 	}
@@ -181,21 +163,18 @@ public class FormLoginConfigurerTests {
 	@Test
 	public void getLoginPageWhenFormLoginPermitAllThenPermittedAndNoRedirect() throws Exception {
 		this.spring.register(FormLoginConfigPermitAll.class).autowire();
-
 		this.mockMvc.perform(get("/login")).andExpect(status().isOk()).andExpect(redirectedUrl(null));
 	}
 
 	@Test
 	public void getLoginPageWithErrorQueryWhenFormLoginPermitAllThenPermittedAndNoRedirect() throws Exception {
 		this.spring.register(FormLoginConfigPermitAll.class).autowire();
-
 		this.mockMvc.perform(get("/login?error")).andExpect(status().isOk()).andExpect(redirectedUrl(null));
 	}
 
 	@Test
 	public void loginWhenFormLoginPermitAllAndInvalidUserThenRedirectsToLoginPageWithError() throws Exception {
 		this.spring.register(FormLoginConfigPermitAll.class).autowire();
-
 		this.mockMvc.perform(formLogin().user("invalid")).andExpect(status().isFound())
 				.andExpect(redirectedUrl("/login?error"));
 	}
@@ -203,21 +182,18 @@ public class FormLoginConfigurerTests {
 	@Test
 	public void getLoginPageWhenCustomLoginPageThenPermittedAndNoRedirect() throws Exception {
 		this.spring.register(FormLoginDefaultsConfig.class).autowire();
-
 		this.mockMvc.perform(get("/authenticate")).andExpect(redirectedUrl(null));
 	}
 
 	@Test
 	public void getLoginPageWithErrorQueryWhenCustomLoginPageThenPermittedAndNoRedirect() throws Exception {
 		this.spring.register(FormLoginDefaultsConfig.class).autowire();
-
 		this.mockMvc.perform(get("/authenticate?error")).andExpect(redirectedUrl(null));
 	}
 
 	@Test
 	public void loginWhenCustomLoginPageAndInvalidUserThenRedirectsToCustomLoginPageWithError() throws Exception {
 		this.spring.register(FormLoginDefaultsConfig.class).autowire();
-
 		this.mockMvc.perform(formLogin("/authenticate").user("invalid")).andExpect(status().isFound())
 				.andExpect(redirectedUrl("/authenticate?error"));
 	}
@@ -225,35 +201,30 @@ public class FormLoginConfigurerTests {
 	@Test
 	public void logoutWhenCustomLoginPageThenRedirectsToCustomLoginPage() throws Exception {
 		this.spring.register(FormLoginDefaultsConfig.class).autowire();
-
 		this.mockMvc.perform(logout()).andExpect(redirectedUrl("/authenticate?logout"));
 	}
 
 	@Test
 	public void getLoginPageWithLogoutQueryWhenCustomLoginPageThenPermittedAndNoRedirect() throws Exception {
 		this.spring.register(FormLoginDefaultsConfig.class).autowire();
-
 		this.mockMvc.perform(get("/authenticate?logout")).andExpect(redirectedUrl(null));
 	}
 
 	@Test
 	public void getLoginPageWhenCustomLoginPageInLambdaThenPermittedAndNoRedirect() throws Exception {
 		this.spring.register(FormLoginDefaultsInLambdaConfig.class).autowire();
-
 		this.mockMvc.perform(get("/authenticate")).andExpect(redirectedUrl(null));
 	}
 
 	@Test
 	public void loginWhenCustomLoginProcessingUrlThenRedirectsToHome() throws Exception {
 		this.spring.register(FormLoginLoginProcessingUrlConfig.class).autowire();
-
 		this.mockMvc.perform(formLogin("/loginCheck")).andExpect(status().isFound()).andExpect(redirectedUrl("/"));
 	}
 
 	@Test
 	public void loginWhenCustomLoginProcessingUrlInLambdaThenRedirectsToHome() throws Exception {
 		this.spring.register(FormLoginLoginProcessingUrlInLambdaConfig.class).autowire();
-
 		this.mockMvc.perform(formLogin("/loginCheck")).andExpect(status().isFound()).andExpect(redirectedUrl("/"));
 	}
 
@@ -262,17 +233,14 @@ public class FormLoginConfigurerTests {
 		FormLoginUsesPortMapperConfig.PORT_MAPPER = mock(PortMapper.class);
 		given(FormLoginUsesPortMapperConfig.PORT_MAPPER.lookupHttpsPort(any())).willReturn(9443);
 		this.spring.register(FormLoginUsesPortMapperConfig.class).autowire();
-
 		this.mockMvc.perform(get("http://localhost:9090")).andExpect(status().isFound())
 				.andExpect(redirectedUrl("https://localhost:9443/login"));
-
 		verify(FormLoginUsesPortMapperConfig.PORT_MAPPER).lookupHttpsPort(any());
 	}
 
 	@Test
 	public void failureUrlWhenPermitAllAndFailureHandlerThenSecured() throws Exception {
 		this.spring.register(PermitAllIgnoresFailureHandlerConfig.class).autowire();
-
 		this.mockMvc.perform(get("/login?error")).andExpect(status().isFound())
 				.andExpect(redirectedUrl("http://localhost/login"));
 	}
@@ -280,21 +248,18 @@ public class FormLoginConfigurerTests {
 	@Test
 	public void formLoginWhenInvokedTwiceThenUsesOriginalUsernameParameter() throws Exception {
 		this.spring.register(DuplicateInvocationsDoesNotOverrideConfig.class).autowire();
-
 		this.mockMvc.perform(formLogin().user("custom-username", "user")).andExpect(authenticated());
 	}
 
 	@Test
 	public void loginWhenInvalidLoginAndFailureForwardUrlThenForwardsToFailureForwardUrl() throws Exception {
 		this.spring.register(FormLoginUserForwardAuthenticationSuccessAndFailureConfig.class).autowire();
-
 		this.mockMvc.perform(formLogin().user("invalid")).andExpect(forwardedUrl("/failure_forward_url"));
 	}
 
 	@Test
 	public void loginWhenSuccessForwardUrlThenForwardsToSuccessForwardUrl() throws Exception {
 		this.spring.register(FormLoginUserForwardAuthenticationSuccessAndFailureConfig.class).autowire();
-
 		this.mockMvc.perform(formLogin()).andExpect(forwardedUrl("/success_forward_url"));
 	}
 
@@ -302,7 +267,6 @@ public class FormLoginConfigurerTests {
 	public void configureWhenRegisteringObjectPostProcessorThenInvokedOnUsernamePasswordAuthenticationFilter() {
 		ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class);
 		this.spring.register(ObjectPostProcessorConfig.class).autowire();
-
 		verify(ObjectPostProcessorConfig.objectPostProcessor)
 				.postProcess(any(UsernamePasswordAuthenticationFilter.class));
 	}
@@ -311,7 +275,6 @@ public class FormLoginConfigurerTests {
 	public void configureWhenRegisteringObjectPostProcessorThenInvokedOnLoginUrlAuthenticationEntryPoint() {
 		ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class);
 		this.spring.register(ObjectPostProcessorConfig.class).autowire();
-
 		verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(LoginUrlAuthenticationEntryPoint.class));
 	}
 
@@ -319,7 +282,6 @@ public class FormLoginConfigurerTests {
 	public void configureWhenRegisteringObjectPostProcessorThenInvokedOnExceptionTranslationFilter() {
 		ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class);
 		this.spring.register(ObjectPostProcessorConfig.class).autowire();
-
 		verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(ExceptionTranslationFilter.class));
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerEagerHeadersTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerEagerHeadersTests.java
index 12d4c472cb..6dd607e894 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerEagerHeadersTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerEagerHeadersTests.java
@@ -48,7 +48,6 @@ public class HeadersConfigurerEagerHeadersTests {
 	@Test
 	public void requestWhenHeadersEagerlyConfiguredThenHeadersAreWritten() throws Exception {
 		this.spring.register(HeadersAtTheBeginningOfRequestConfig.class).autowire();
-
 		this.mvc.perform(get("/").secure(true)).andExpect(header().string("X-Content-Type-Options", "nosniff"))
 				.andExpect(header().string("X-Frame-Options", "DENY"))
 				.andExpect(header().string("Strict-Transport-Security", "max-age=31536000 ; includeSubDomains"))
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerTests.java
index 81a541d42d..c4da0f5809 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerTests.java
@@ -62,7 +62,6 @@ public class HeadersConfigurerTests {
 	@Test
 	public void getWhenHeadersConfiguredThenDefaultHeadersInResponse() throws Exception {
 		this.spring.register(HeadersConfig.class).autowire();
-
 		MvcResult mvcResult = this.mvc.perform(get("/").secure(true))
 				.andExpect(header().string(HttpHeaders.X_CONTENT_TYPE_OPTIONS, "nosniff"))
 				.andExpect(header().string(HttpHeaders.X_FRAME_OPTIONS, XFrameOptionsMode.DENY.name()))
@@ -80,7 +79,6 @@ public class HeadersConfigurerTests {
 	@Test
 	public void getWhenHeadersConfiguredInLambdaThenDefaultHeadersInResponse() throws Exception {
 		this.spring.register(HeadersInLambdaConfig.class).autowire();
-
 		MvcResult mvcResult = this.mvc.perform(get("/").secure(true))
 				.andExpect(header().string(HttpHeaders.X_CONTENT_TYPE_OPTIONS, "nosniff"))
 				.andExpect(header().string(HttpHeaders.X_FRAME_OPTIONS, XFrameOptionsMode.DENY.name()))
@@ -99,7 +97,6 @@ public class HeadersConfigurerTests {
 	public void getWhenHeaderDefaultsDisabledAndContentTypeConfiguredThenOnlyContentTypeHeaderInResponse()
 			throws Exception {
 		this.spring.register(ContentTypeOptionsConfig.class).autowire();
-
 		MvcResult mvcResult = this.mvc.perform(get("/"))
 				.andExpect(header().string(HttpHeaders.X_CONTENT_TYPE_OPTIONS, "nosniff")).andReturn();
 		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly(HttpHeaders.X_CONTENT_TYPE_OPTIONS);
@@ -108,7 +105,6 @@ public class HeadersConfigurerTests {
 	@Test
 	public void getWhenOnlyContentTypeConfiguredInLambdaThenOnlyContentTypeHeaderInResponse() throws Exception {
 		this.spring.register(ContentTypeOptionsInLambdaConfig.class).autowire();
-
 		MvcResult mvcResult = this.mvc.perform(get("/"))
 				.andExpect(header().string(HttpHeaders.X_CONTENT_TYPE_OPTIONS, "nosniff")).andReturn();
 		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly(HttpHeaders.X_CONTENT_TYPE_OPTIONS);
@@ -118,7 +114,6 @@ public class HeadersConfigurerTests {
 	public void getWhenHeaderDefaultsDisabledAndFrameOptionsConfiguredThenOnlyFrameOptionsHeaderInResponse()
 			throws Exception {
 		this.spring.register(FrameOptionsConfig.class).autowire();
-
 		MvcResult mvcResult = this.mvc.perform(get("/"))
 				.andExpect(header().string(HttpHeaders.X_FRAME_OPTIONS, XFrameOptionsMode.DENY.name())).andReturn();
 		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly(HttpHeaders.X_FRAME_OPTIONS);
@@ -128,7 +123,6 @@ public class HeadersConfigurerTests {
 	public void getWhenHeaderDefaultsDisabledAndHstsConfiguredThenOnlyStrictTransportSecurityHeaderInResponse()
 			throws Exception {
 		this.spring.register(HstsConfig.class).autowire();
-
 		MvcResult mvcResult = this.mvc.perform(get("/").secure(true))
 				.andExpect(
 						header().string(HttpHeaders.STRICT_TRANSPORT_SECURITY, "max-age=31536000 ; includeSubDomains"))
@@ -140,7 +134,6 @@ public class HeadersConfigurerTests {
 	public void getWhenHeaderDefaultsDisabledAndCacheControlConfiguredThenCacheControlAndExpiresAndPragmaHeadersInResponse()
 			throws Exception {
 		this.spring.register(CacheControlConfig.class).autowire();
-
 		MvcResult mvcResult = this.mvc.perform(get("/").secure(true))
 				.andExpect(header().string(HttpHeaders.CACHE_CONTROL, "no-cache, no-store, max-age=0, must-revalidate"))
 				.andExpect(header().string(HttpHeaders.EXPIRES, "0"))
@@ -153,7 +146,6 @@ public class HeadersConfigurerTests {
 	public void getWhenOnlyCacheControlConfiguredInLambdaThenCacheControlAndExpiresAndPragmaHeadersInResponse()
 			throws Exception {
 		this.spring.register(CacheControlInLambdaConfig.class).autowire();
-
 		MvcResult mvcResult = this.mvc.perform(get("/").secure(true))
 				.andExpect(header().string(HttpHeaders.CACHE_CONTROL, "no-cache, no-store, max-age=0, must-revalidate"))
 				.andExpect(header().string(HttpHeaders.EXPIRES, "0"))
@@ -166,7 +158,6 @@ public class HeadersConfigurerTests {
 	public void getWhenHeaderDefaultsDisabledAndXssProtectionConfiguredThenOnlyXssProtectionHeaderInResponse()
 			throws Exception {
 		this.spring.register(XssProtectionConfig.class).autowire();
-
 		MvcResult mvcResult = this.mvc.perform(get("/").secure(true))
 				.andExpect(header().string(HttpHeaders.X_XSS_PROTECTION, "1; mode=block")).andReturn();
 		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly(HttpHeaders.X_XSS_PROTECTION);
@@ -175,7 +166,6 @@ public class HeadersConfigurerTests {
 	@Test
 	public void getWhenOnlyXssProtectionConfiguredInLambdaThenOnlyXssProtectionHeaderInResponse() throws Exception {
 		this.spring.register(XssProtectionInLambdaConfig.class).autowire();
-
 		MvcResult mvcResult = this.mvc.perform(get("/").secure(true))
 				.andExpect(header().string(HttpHeaders.X_XSS_PROTECTION, "1; mode=block")).andReturn();
 		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly(HttpHeaders.X_XSS_PROTECTION);
@@ -184,7 +174,6 @@ public class HeadersConfigurerTests {
 	@Test
 	public void getWhenFrameOptionsSameOriginConfiguredThenFrameOptionsHeaderHasValueSameOrigin() throws Exception {
 		this.spring.register(HeadersCustomSameOriginConfig.class).autowire();
-
 		this.mvc.perform(get("/").secure(true))
 				.andExpect(header().string(HttpHeaders.X_FRAME_OPTIONS, XFrameOptionsMode.SAMEORIGIN.name()))
 				.andReturn();
@@ -194,7 +183,6 @@ public class HeadersConfigurerTests {
 	public void getWhenFrameOptionsSameOriginConfiguredInLambdaThenFrameOptionsHeaderHasValueSameOrigin()
 			throws Exception {
 		this.spring.register(HeadersCustomSameOriginInLambdaConfig.class).autowire();
-
 		this.mvc.perform(get("/").secure(true))
 				.andExpect(header().string(HttpHeaders.X_FRAME_OPTIONS, XFrameOptionsMode.SAMEORIGIN.name()))
 				.andReturn();
@@ -203,7 +191,6 @@ public class HeadersConfigurerTests {
 	@Test
 	public void getWhenHeaderDefaultsDisabledAndPublicHpkpWithNoPinThenNoHeadersInResponse() throws Exception {
 		this.spring.register(HpkpConfigNoPins.class).autowire();
-
 		MvcResult mvcResult = this.mvc.perform(get("/")).andReturn();
 		assertThat(mvcResult.getResponse().getHeaderNames()).isEmpty();
 	}
@@ -211,7 +198,6 @@ public class HeadersConfigurerTests {
 	@Test
 	public void getWhenSecureRequestAndHpkpWithPinThenPublicKeyPinsReportOnlyHeaderInResponse() throws Exception {
 		this.spring.register(HpkpConfig.class).autowire();
-
 		MvcResult mvcResult = this.mvc.perform(get("/").secure(true))
 				.andExpect(header().string(HttpHeaders.PUBLIC_KEY_PINS_REPORT_ONLY,
 						"max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\""))
@@ -222,7 +208,6 @@ public class HeadersConfigurerTests {
 	@Test
 	public void getWhenInsecureRequestHeaderDefaultsDisabledAndHpkpWithPinThenNoHeadersInResponse() throws Exception {
 		this.spring.register(HpkpConfig.class).autowire();
-
 		MvcResult mvcResult = this.mvc.perform(get("/")).andReturn();
 		assertThat(mvcResult.getResponse().getHeaderNames()).isEmpty();
 	}
@@ -231,7 +216,6 @@ public class HeadersConfigurerTests {
 	public void getWhenHpkpWithMultiplePinsThenPublicKeyPinsReportOnlyHeaderWithMultiplePinsInResponse()
 			throws Exception {
 		this.spring.register(HpkpConfigWithPins.class).autowire();
-
 		MvcResult mvcResult = this.mvc.perform(get("/").secure(true)).andExpect(header().string(
 				HttpHeaders.PUBLIC_KEY_PINS_REPORT_ONLY,
 				"max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\" ; pin-sha256=\"E9CZ9INDbd+2eRQozYqqbQ2yXLVKB9+xcprMF+44U1g=\""))
@@ -242,7 +226,6 @@ public class HeadersConfigurerTests {
 	@Test
 	public void getWhenHpkpWithCustomAgeThenPublicKeyPinsReportOnlyHeaderWithCustomAgeInResponse() throws Exception {
 		this.spring.register(HpkpConfigCustomAge.class).autowire();
-
 		MvcResult mvcResult = this.mvc.perform(get("/").secure(true))
 				.andExpect(header().string(HttpHeaders.PUBLIC_KEY_PINS_REPORT_ONLY,
 						"max-age=604800 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\""))
@@ -253,7 +236,6 @@ public class HeadersConfigurerTests {
 	@Test
 	public void getWhenHpkpWithReportOnlyFalseThenPublicKeyPinsHeaderInResponse() throws Exception {
 		this.spring.register(HpkpConfigTerminateConnection.class).autowire();
-
 		MvcResult mvcResult = this.mvc.perform(get("/").secure(true))
 				.andExpect(header().string(HttpHeaders.PUBLIC_KEY_PINS,
 						"max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\""))
@@ -265,7 +247,6 @@ public class HeadersConfigurerTests {
 	public void getWhenHpkpIncludeSubdomainThenPublicKeyPinsReportOnlyHeaderWithIncludeSubDomainsInResponse()
 			throws Exception {
 		this.spring.register(HpkpConfigIncludeSubDomains.class).autowire();
-
 		MvcResult mvcResult = this.mvc.perform(get("/").secure(true)).andExpect(header().string(
 				HttpHeaders.PUBLIC_KEY_PINS_REPORT_ONLY,
 				"max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\" ; includeSubDomains"))
@@ -276,7 +257,6 @@ public class HeadersConfigurerTests {
 	@Test
 	public void getWhenHpkpWithReportUriThenPublicKeyPinsReportOnlyHeaderWithReportUriInResponse() throws Exception {
 		this.spring.register(HpkpConfigWithReportURI.class).autowire();
-
 		MvcResult mvcResult = this.mvc.perform(get("/").secure(true)).andExpect(header().string(
 				HttpHeaders.PUBLIC_KEY_PINS_REPORT_ONLY,
 				"max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\" ; report-uri=\"https://example.net/pkp-report\""))
@@ -288,7 +268,6 @@ public class HeadersConfigurerTests {
 	public void getWhenHpkpWithReportUriAsStringThenPublicKeyPinsReportOnlyHeaderWithReportUriInResponse()
 			throws Exception {
 		this.spring.register(HpkpConfigWithReportURIAsString.class).autowire();
-
 		MvcResult mvcResult = this.mvc.perform(get("/").secure(true)).andExpect(header().string(
 				HttpHeaders.PUBLIC_KEY_PINS_REPORT_ONLY,
 				"max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\" ; report-uri=\"https://example.net/pkp-report\""))
@@ -300,7 +279,6 @@ public class HeadersConfigurerTests {
 	public void getWhenHpkpWithReportUriInLambdaThenPublicKeyPinsReportOnlyHeaderWithReportUriInResponse()
 			throws Exception {
 		this.spring.register(HpkpWithReportUriInLambdaConfig.class).autowire();
-
 		MvcResult mvcResult = this.mvc.perform(get("/").secure(true)).andExpect(header().string(
 				HttpHeaders.PUBLIC_KEY_PINS_REPORT_ONLY,
 				"max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\" ; report-uri=\"https://example.net/pkp-report\""))
@@ -311,7 +289,6 @@ public class HeadersConfigurerTests {
 	@Test
 	public void getWhenContentSecurityPolicyConfiguredThenContentSecurityPolicyHeaderInResponse() throws Exception {
 		this.spring.register(ContentSecurityPolicyDefaultConfig.class).autowire();
-
 		MvcResult mvcResult = this.mvc.perform(get("/").secure(true))
 				.andExpect(header().string(HttpHeaders.CONTENT_SECURITY_POLICY, "default-src 'self'")).andReturn();
 		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly(HttpHeaders.CONTENT_SECURITY_POLICY);
@@ -321,7 +298,6 @@ public class HeadersConfigurerTests {
 	public void getWhenContentSecurityPolicyWithReportOnlyThenContentSecurityPolicyReportOnlyHeaderInResponse()
 			throws Exception {
 		this.spring.register(ContentSecurityPolicyReportOnlyConfig.class).autowire();
-
 		MvcResult mvcResult = this.mvc.perform(get("/").secure(true))
 				.andExpect(header().string(HttpHeaders.CONTENT_SECURITY_POLICY_REPORT_ONLY,
 						"default-src 'self'; script-src trustedscripts.example.com"))
@@ -334,7 +310,6 @@ public class HeadersConfigurerTests {
 	public void getWhenContentSecurityPolicyWithReportOnlyInLambdaThenContentSecurityPolicyReportOnlyHeaderInResponse()
 			throws Exception {
 		this.spring.register(ContentSecurityPolicyReportOnlyInLambdaConfig.class).autowire();
-
 		MvcResult mvcResult = this.mvc.perform(get("/").secure(true))
 				.andExpect(header().string(HttpHeaders.CONTENT_SECURITY_POLICY_REPORT_ONLY,
 						"default-src 'self'; script-src trustedscripts.example.com"))
@@ -358,7 +333,6 @@ public class HeadersConfigurerTests {
 	@Test
 	public void configureWhenContentSecurityPolicyNoPolicyDirectivesInLambdaThenDefaultHeaderValue() throws Exception {
 		this.spring.register(ContentSecurityPolicyNoDirectivesInLambdaConfig.class).autowire();
-
 		MvcResult mvcResult = this.mvc.perform(get("/").secure(true))
 				.andExpect(header().string(HttpHeaders.CONTENT_SECURITY_POLICY, "default-src 'self'")).andReturn();
 		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly(HttpHeaders.CONTENT_SECURITY_POLICY);
@@ -367,7 +341,6 @@ public class HeadersConfigurerTests {
 	@Test
 	public void getWhenReferrerPolicyConfiguredThenReferrerPolicyHeaderInResponse() throws Exception {
 		this.spring.register(ReferrerPolicyDefaultConfig.class).autowire();
-
 		MvcResult mvcResult = this.mvc.perform(get("/").secure(true))
 				.andExpect(header().string("Referrer-Policy", ReferrerPolicy.NO_REFERRER.getPolicy())).andReturn();
 		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly("Referrer-Policy");
@@ -376,7 +349,6 @@ public class HeadersConfigurerTests {
 	@Test
 	public void getWhenReferrerPolicyInLambdaThenReferrerPolicyHeaderInResponse() throws Exception {
 		this.spring.register(ReferrerPolicyDefaultInLambdaConfig.class).autowire();
-
 		MvcResult mvcResult = this.mvc.perform(get("/").secure(true))
 				.andExpect(header().string("Referrer-Policy", ReferrerPolicy.NO_REFERRER.getPolicy())).andReturn();
 		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly("Referrer-Policy");
@@ -386,7 +358,6 @@ public class HeadersConfigurerTests {
 	public void getWhenReferrerPolicyConfiguredWithCustomValueThenReferrerPolicyHeaderWithCustomValueInResponse()
 			throws Exception {
 		this.spring.register(ReferrerPolicyCustomConfig.class).autowire();
-
 		MvcResult mvcResult = this.mvc.perform(get("/").secure(true))
 				.andExpect(header().string("Referrer-Policy", ReferrerPolicy.SAME_ORIGIN.getPolicy())).andReturn();
 		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly("Referrer-Policy");
@@ -395,7 +366,6 @@ public class HeadersConfigurerTests {
 	@Test
 	public void getWhenReferrerPolicyConfiguredWithCustomValueInLambdaThenCustomValueInResponse() throws Exception {
 		this.spring.register(ReferrerPolicyCustomInLambdaConfig.class).autowire();
-
 		MvcResult mvcResult = this.mvc.perform(get("/").secure(true))
 				.andExpect(header().string("Referrer-Policy", ReferrerPolicy.SAME_ORIGIN.getPolicy())).andReturn();
 		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly("Referrer-Policy");
@@ -404,7 +374,6 @@ public class HeadersConfigurerTests {
 	@Test
 	public void getWhenFeaturePolicyConfiguredThenFeaturePolicyHeaderInResponse() throws Exception {
 		this.spring.register(FeaturePolicyConfig.class).autowire();
-
 		MvcResult mvcResult = this.mvc.perform(get("/").secure(true))
 				.andExpect(header().string("Feature-Policy", "geolocation 'self'")).andReturn();
 		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly("Feature-Policy");
@@ -420,7 +389,6 @@ public class HeadersConfigurerTests {
 	public void getWhenHstsConfiguredWithPreloadThenStrictTransportSecurityHeaderWithPreloadInResponse()
 			throws Exception {
 		this.spring.register(HstsWithPreloadConfig.class).autowire();
-
 		MvcResult mvcResult = this.mvc.perform(get("/").secure(true)).andExpect(header()
 				.string(HttpHeaders.STRICT_TRANSPORT_SECURITY, "max-age=31536000 ; includeSubDomains ; preload"))
 				.andReturn();
@@ -431,7 +399,6 @@ public class HeadersConfigurerTests {
 	public void getWhenHstsConfiguredWithPreloadInLambdaThenStrictTransportSecurityHeaderWithPreloadInResponse()
 			throws Exception {
 		this.spring.register(HstsWithPreloadInLambdaConfig.class).autowire();
-
 		MvcResult mvcResult = this.mvc.perform(get("/").secure(true)).andExpect(header()
 				.string(HttpHeaders.STRICT_TRANSPORT_SECURITY, "max-age=31536000 ; includeSubDomains ; preload"))
 				.andReturn();
@@ -659,7 +626,6 @@ public class HeadersConfigurerTests {
 			Map<String, String> pins = new LinkedHashMap<>();
 			pins.put("d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=", "sha256");
 			pins.put("E9CZ9INDbd+2eRQozYqqbQ2yXLVKB9+xcprMF+44U1g=", "sha256");
-
 			// @formatter:off
 			http
 				.headers()
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpBasicConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpBasicConfigurerTests.java
index 493a85479d..2626139e22 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpBasicConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpBasicConfigurerTests.java
@@ -67,14 +67,12 @@ public class HttpBasicConfigurerTests {
 	@Test
 	public void configureWhenRegisteringObjectPostProcessorThenInvokedOnBasicAuthenticationFilter() {
 		this.spring.register(ObjectPostProcessorConfig.class).autowire();
-
 		verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(BasicAuthenticationFilter.class));
 	}
 
 	@Test
 	public void httpBasicWhenUsingDefaultsInLambdaThenResponseIncludesBasicChallenge() throws Exception {
 		this.spring.register(DefaultsLambdaEntryPointConfig.class).autowire();
-
 		this.mvc.perform(get("/")).andExpect(status().isUnauthorized())
 				.andExpect(header().string("WWW-Authenticate", "Basic realm=\"Realm\""));
 	}
@@ -83,7 +81,6 @@ public class HttpBasicConfigurerTests {
 	@Test
 	public void httpBasicWhenUsingDefaultsThenResponseIncludesBasicChallenge() throws Exception {
 		this.spring.register(DefaultsEntryPointConfig.class).autowire();
-
 		this.mvc.perform(get("/")).andExpect(status().isUnauthorized())
 				.andExpect(header().string("WWW-Authenticate", "Basic realm=\"Realm\""));
 	}
@@ -91,9 +88,7 @@ public class HttpBasicConfigurerTests {
 	@Test
 	public void httpBasicWhenUsingCustomAuthenticationEntryPointThenResponseIncludesBasicChallenge() throws Exception {
 		this.spring.register(CustomAuthenticationEntryPointConfig.class).autowire();
-
 		this.mvc.perform(get("/"));
-
 		verify(CustomAuthenticationEntryPointConfig.ENTRY_POINT).commence(any(HttpServletRequest.class),
 				any(HttpServletResponse.class), any(AuthenticationException.class));
 	}
@@ -101,9 +96,7 @@ public class HttpBasicConfigurerTests {
 	@Test
 	public void httpBasicWhenInvokedTwiceThenUsesOriginalEntryPoint() throws Exception {
 		this.spring.register(DuplicateDoesNotOverrideConfig.class).autowire();
-
 		this.mvc.perform(get("/"));
-
 		verify(DuplicateDoesNotOverrideConfig.ENTRY_POINT).commence(any(HttpServletRequest.class),
 				any(HttpServletResponse.class), any(AuthenticationException.class));
 	}
@@ -112,7 +105,6 @@ public class HttpBasicConfigurerTests {
 	@Test
 	public void httpBasicWhenRememberMeConfiguredThenSetsRememberMeCookie() throws Exception {
 		this.spring.register(BasicUsesRememberMeConfig.class).autowire();
-
 		this.mvc.perform(get("/").with(httpBasic("user", "password")).param("remember-me", "true"))
 				.andExpect(cookie().exists("remember-me"));
 	}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityAntMatchersTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityAntMatchersTests.java
index 5357ad70da..9690aed1dd 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityAntMatchersTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityAntMatchersTests.java
@@ -73,9 +73,7 @@ public class HttpSecurityAntMatchersTests {
 	public void antMatchersMethodAndNoPatterns() throws Exception {
 		loadConfig(AntMatchersNoPatternsConfig.class);
 		this.request.setMethod("POST");
-
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_FORBIDDEN);
 	}
 
@@ -84,9 +82,7 @@ public class HttpSecurityAntMatchersTests {
 	public void antMatchersMethodAndEmptyPatterns() throws Exception {
 		loadConfig(AntMatchersEmptyPatternsConfig.class);
 		this.request.setMethod("POST");
-
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
 	}
 
@@ -94,7 +90,6 @@ public class HttpSecurityAntMatchersTests {
 		this.context = new AnnotationConfigWebApplicationContext();
 		this.context.register(configs);
 		this.context.refresh();
-
 		this.context.getAutowireCapableBeanFactory().autowireBean(this);
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityLogoutTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityLogoutTests.java
index 11ac70b1a6..da18813b49 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityLogoutTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityLogoutTests.java
@@ -73,17 +73,13 @@ public class HttpSecurityLogoutTests {
 	@Test
 	public void clearAuthenticationFalse() throws Exception {
 		loadConfig(ClearAuthenticationFalseConfig.class);
-
 		SecurityContext currentContext = SecurityContextHolder.createEmptyContext();
 		currentContext.setAuthentication(new TestingAuthenticationToken("user", "password", "ROLE_USER"));
-
 		this.request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY,
 				currentContext);
 		this.request.setMethod("POST");
 		this.request.setServletPath("/logout");
-
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
 		assertThat(currentContext.getAuthentication()).isNotNull();
 	}
 
@@ -91,7 +87,6 @@ public class HttpSecurityLogoutTests {
 		this.context = new AnnotationConfigWebApplicationContext();
 		this.context.register(configs);
 		this.context.refresh();
-
 		this.context.getAutowireCapableBeanFactory().autowireBean(this);
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityRequestMatchersTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityRequestMatchersTests.java
index 652e5852aa..ca4ae5ff5b 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityRequestMatchersTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityRequestMatchersTests.java
@@ -78,135 +78,92 @@ public class HttpSecurityRequestMatchersTests {
 	@Test
 	public void mvcMatcher() throws Exception {
 		loadConfig(MvcMatcherConfig.class, LegacyMvcMatchingConfig.class);
-
 		this.request.setServletPath("/path");
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
-
 		setup();
-
 		this.request.setServletPath("/path.html");
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
-
 		setup();
-
 		this.request.setServletPath("/path/");
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
 	}
 
 	@Test
 	public void mvcMatcherGetFiltersNoUnsupportedMethodExceptionFromDummyRequest() {
 		loadConfig(MvcMatcherConfig.class);
-
 		assertThat(this.springSecurityFilterChain.getFilters("/path")).isNotEmpty();
 	}
 
 	@Test
 	public void requestMatchersMvcMatcher() throws Exception {
 		loadConfig(RequestMatchersMvcMatcherConfig.class, LegacyMvcMatchingConfig.class);
-
 		this.request.setServletPath("/path");
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
-
 		setup();
-
 		this.request.setServletPath("/path.html");
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
-
 		setup();
-
 		this.request.setServletPath("/path/");
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
 	}
 
 	@Test
 	public void requestMatchersWhenMvcMatcherInLambdaThenPathIsSecured() throws Exception {
 		loadConfig(RequestMatchersMvcMatcherInLambdaConfig.class, LegacyMvcMatchingConfig.class);
-
 		this.request.setServletPath("/path");
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
-
 		setup();
-
 		this.request.setServletPath("/path.html");
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
-
 		setup();
-
 		this.request.setServletPath("/path/");
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
 	}
 
 	@Test
 	public void requestMatchersMvcMatcherServletPath() throws Exception {
 		loadConfig(RequestMatchersMvcMatcherServeltPathConfig.class);
-
 		this.request.setServletPath("/spring");
 		this.request.setRequestURI("/spring/path");
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
-
 		setup();
-
 		this.request.setServletPath("");
 		this.request.setRequestURI("/path");
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
-
 		setup();
-
 		this.request.setServletPath("/other");
 		this.request.setRequestURI("/other/path");
-
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
 	}
 
 	@Test
 	public void requestMatcherWhensMvcMatcherServletPathInLambdaThenPathIsSecured() throws Exception {
 		loadConfig(RequestMatchersMvcMatcherServletPathInLambdaConfig.class);
-
 		this.request.setServletPath("/spring");
 		this.request.setRequestURI("/spring/path");
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
-
 		setup();
-
 		this.request.setServletPath("");
 		this.request.setRequestURI("/path");
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
-
 		setup();
-
 		this.request.setServletPath("/other");
 		this.request.setRequestURI("/other/path");
-
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
 	}
 
@@ -215,7 +172,6 @@ public class HttpSecurityRequestMatchersTests {
 		this.context.register(configs);
 		this.context.setServletContext(new MockServletContext());
 		this.context.refresh();
-
 		this.context.getAutowireCapableBeanFactory().autowireBean(this);
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/Issue55Tests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/Issue55Tests.java
index 0f3eefb8ed..bb9e239a48 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/Issue55Tests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/Issue55Tests.java
@@ -56,7 +56,6 @@ public class Issue55Tests {
 		TestingAuthenticationToken token = new TestingAuthenticationToken("test", "this");
 		this.spring.register(WebSecurityConfigurerAdapterDefaultsAuthManagerConfig.class);
 		this.spring.getContext().getBean(FilterChainProxy.class);
-
 		FilterSecurityInterceptor filter = (FilterSecurityInterceptor) findFilter(FilterSecurityInterceptor.class, 0);
 		assertThat(filter.getAuthenticationManager().authenticate(token)).isEqualTo(CustomAuthenticationManager.RESULT);
 	}
@@ -67,10 +66,8 @@ public class Issue55Tests {
 		TestingAuthenticationToken token = new TestingAuthenticationToken("test", "this");
 		this.spring.register(MultiWebSecurityConfigurerAdapterDefaultsAuthManagerConfig.class);
 		this.spring.getContext().getBean(FilterChainProxy.class);
-
 		FilterSecurityInterceptor filter = (FilterSecurityInterceptor) findFilter(FilterSecurityInterceptor.class, 0);
 		assertThat(filter.getAuthenticationManager().authenticate(token)).isEqualTo(CustomAuthenticationManager.RESULT);
-
 		FilterSecurityInterceptor secondFilter = (FilterSecurityInterceptor) findFilter(FilterSecurityInterceptor.class,
 				1);
 		assertThat(secondFilter.getAuthenticationManager().authenticate(token))
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/JeeConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/JeeConfigurerTests.java
index 485689185d..88e80b78bb 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/JeeConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/JeeConfigurerTests.java
@@ -61,7 +61,6 @@ public class JeeConfigurerTests {
 	public void configureWhenRegisteringObjectPostProcessorThenInvokedOnJ2eePreAuthenticatedProcessingFilter() {
 		ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class);
 		this.spring.register(ObjectPostProcessorConfig.class).autowire();
-
 		verify(ObjectPostProcessorConfig.objectPostProcessor)
 				.postProcess(any(J2eePreAuthenticatedProcessingFilter.class));
 	}
@@ -70,7 +69,6 @@ public class JeeConfigurerTests {
 	public void configureWhenRegisteringObjectPostProcessorThenInvokedOnJ2eeBasedPreAuthenticatedWebAuthenticationDetailsSource() {
 		ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class);
 		this.spring.register(ObjectPostProcessorConfig.class).autowire();
-
 		verify(ObjectPostProcessorConfig.objectPostProcessor)
 				.postProcess(any(J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource.class));
 	}
@@ -80,7 +78,6 @@ public class JeeConfigurerTests {
 		this.spring.register(InvokeTwiceDoesNotOverride.class).autowire();
 		Principal user = mock(Principal.class);
 		given(user.getName()).willReturn("user");
-
 		this.mvc.perform(get("/").principal(user).with((request) -> {
 			request.addUserRole("ROLE_ADMIN");
 			request.addUserRole("ROLE_USER");
@@ -93,7 +90,6 @@ public class JeeConfigurerTests {
 		this.spring.register(JeeMappableRolesConfig.class).autowire();
 		Principal user = mock(Principal.class);
 		given(user.getName()).willReturn("user");
-
 		this.mvc.perform(get("/").principal(user).with((request) -> {
 			request.addUserRole("ROLE_ADMIN");
 			request.addUserRole("ROLE_USER");
@@ -106,7 +102,6 @@ public class JeeConfigurerTests {
 		this.spring.register(JeeMappableAuthoritiesConfig.class).autowire();
 		Principal user = mock(Principal.class);
 		given(user.getName()).willReturn("user");
-
 		this.mvc.perform(get("/").principal(user).with((request) -> {
 			request.addUserRole("ROLE_ADMIN");
 			request.addUserRole("ROLE_USER");
@@ -124,7 +119,6 @@ public class JeeConfigurerTests {
 		given(user.getName()).willReturn("user");
 		given(JeeCustomAuthenticatedUserDetailsServiceConfig.authenticationUserDetailsService.loadUserDetails(any()))
 				.willReturn(userDetails);
-
 		this.mvc.perform(get("/").principal(user).with((request) -> {
 			request.addUserRole("ROLE_ADMIN");
 			request.addUserRole("ROLE_USER");
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurerClearSiteDataTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurerClearSiteDataTests.java
index ac8ed76df9..42b88900f7 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurerClearSiteDataTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurerClearSiteDataTests.java
@@ -67,7 +67,6 @@ public class LogoutConfigurerClearSiteDataTests {
 	@WithMockUser
 	public void logoutWhenRequestTypeGetThenHeaderNotPresentt() throws Exception {
 		this.spring.register(HttpLogoutConfig.class).autowire();
-
 		this.mvc.perform(get("/logout").secure(true).with(SecurityMockMvcRequestPostProcessors.csrf()))
 				.andExpect(header().doesNotExist(CLEAR_SITE_DATA_HEADER));
 	}
@@ -76,7 +75,6 @@ public class LogoutConfigurerClearSiteDataTests {
 	@WithMockUser
 	public void logoutWhenRequestTypePostAndNotSecureThenHeaderNotPresent() throws Exception {
 		this.spring.register(HttpLogoutConfig.class).autowire();
-
 		this.mvc.perform(post("/logout").with(SecurityMockMvcRequestPostProcessors.csrf()))
 				.andExpect(header().doesNotExist(CLEAR_SITE_DATA_HEADER));
 	}
@@ -85,7 +83,6 @@ public class LogoutConfigurerClearSiteDataTests {
 	@WithMockUser
 	public void logoutWhenRequestTypePostAndSecureThenHeaderIsPresent() throws Exception {
 		this.spring.register(HttpLogoutConfig.class).autowire();
-
 		this.mvc.perform(post("/logout").secure(true).with(SecurityMockMvcRequestPostProcessors.csrf()))
 				.andExpect(header().stringValues(CLEAR_SITE_DATA_HEADER, HEADER_VALUE));
 	}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurerTests.java
index c6a722e127..45bf708553 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurerTests.java
@@ -91,14 +91,12 @@ public class LogoutConfigurerTests {
 	@Test
 	public void configureWhenRegisteringObjectPostProcessorThenInvokedOnLogoutFilter() {
 		this.spring.register(ObjectPostProcessorConfig.class).autowire();
-
 		verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(LogoutFilter.class));
 	}
 
 	@Test
 	public void logoutWhenInvokedTwiceThenUsesOriginalLogoutUrl() throws Exception {
 		this.spring.register(DuplicateDoesNotOverrideConfig.class).autowire();
-
 		this.mvc.perform(post("/custom/logout").with(csrf())).andExpect(status().isFound())
 				.andExpect(redirectedUrl("/login?logout"));
 	}
@@ -107,42 +105,36 @@ public class LogoutConfigurerTests {
 	@Test
 	public void logoutWhenGetRequestAndCsrfDisabledThenRedirectsToLogin() throws Exception {
 		this.spring.register(CsrfDisabledConfig.class).autowire();
-
 		this.mvc.perform(get("/logout")).andExpect(status().isFound()).andExpect(redirectedUrl("/login?logout"));
 	}
 
 	@Test
 	public void logoutWhenPostRequestAndCsrfDisabledThenRedirectsToLogin() throws Exception {
 		this.spring.register(CsrfDisabledConfig.class).autowire();
-
 		this.mvc.perform(post("/logout")).andExpect(status().isFound()).andExpect(redirectedUrl("/login?logout"));
 	}
 
 	@Test
 	public void logoutWhenPutRequestAndCsrfDisabledThenRedirectsToLogin() throws Exception {
 		this.spring.register(CsrfDisabledConfig.class).autowire();
-
 		this.mvc.perform(put("/logout")).andExpect(status().isFound()).andExpect(redirectedUrl("/login?logout"));
 	}
 
 	@Test
 	public void logoutWhenDeleteRequestAndCsrfDisabledThenRedirectsToLogin() throws Exception {
 		this.spring.register(CsrfDisabledConfig.class).autowire();
-
 		this.mvc.perform(delete("/logout")).andExpect(status().isFound()).andExpect(redirectedUrl("/login?logout"));
 	}
 
 	@Test
 	public void logoutWhenGetRequestAndCsrfDisabledAndCustomLogoutUrlThenRedirectsToLogin() throws Exception {
 		this.spring.register(CsrfDisabledAndCustomLogoutConfig.class).autowire();
-
 		this.mvc.perform(get("/custom/logout")).andExpect(status().isFound()).andExpect(redirectedUrl("/login?logout"));
 	}
 
 	@Test
 	public void logoutWhenPostRequestAndCsrfDisabledAndCustomLogoutUrlThenRedirectsToLogin() throws Exception {
 		this.spring.register(CsrfDisabledAndCustomLogoutConfig.class).autowire();
-
 		this.mvc.perform(post("/custom/logout")).andExpect(status().isFound())
 				.andExpect(redirectedUrl("/login?logout"));
 	}
@@ -150,14 +142,12 @@ public class LogoutConfigurerTests {
 	@Test
 	public void logoutWhenPutRequestAndCsrfDisabledAndCustomLogoutUrlThenRedirectsToLogin() throws Exception {
 		this.spring.register(CsrfDisabledAndCustomLogoutConfig.class).autowire();
-
 		this.mvc.perform(put("/custom/logout")).andExpect(status().isFound()).andExpect(redirectedUrl("/login?logout"));
 	}
 
 	@Test
 	public void logoutWhenDeleteRequestAndCsrfDisabledAndCustomLogoutUrlThenRedirectsToLogin() throws Exception {
 		this.spring.register(CsrfDisabledAndCustomLogoutConfig.class).autowire();
-
 		this.mvc.perform(delete("/custom/logout")).andExpect(status().isFound())
 				.andExpect(redirectedUrl("/login?logout"));
 	}
@@ -165,7 +155,6 @@ public class LogoutConfigurerTests {
 	@Test
 	public void logoutWhenCustomLogoutUrlInLambdaThenRedirectsToLogin() throws Exception {
 		this.spring.register(CsrfDisabledAndCustomLogoutInLambdaConfig.class).autowire();
-
 		this.mvc.perform(get("/custom/logout")).andExpect(status().isFound()).andExpect(redirectedUrl("/login?logout"));
 	}
 
@@ -186,7 +175,6 @@ public class LogoutConfigurerTests {
 	@Test
 	public void rememberMeWhenRememberMeServicesNotLogoutHandlerThenRedirectsToLogin() throws Exception {
 		this.spring.register(RememberMeNoLogoutHandler.class).autowire();
-
 		this.mvc.perform(post("/logout").with(csrf())).andExpect(status().isFound())
 				.andExpect(redirectedUrl("/login?logout"));
 	}
@@ -194,7 +182,6 @@ public class LogoutConfigurerTests {
 	@Test
 	public void logoutWhenAcceptTextHtmlThenRedirectsToLogin() throws Exception {
 		this.spring.register(BasicSecurityConfig.class).autowire();
-
 		this.mvc.perform(
 				post("/logout").with(csrf()).with(user("user")).header(HttpHeaders.ACCEPT, MediaType.TEXT_HTML_VALUE))
 				.andExpect(status().isFound()).andExpect(redirectedUrl("/login?logout"));
@@ -204,7 +191,6 @@ public class LogoutConfigurerTests {
 	@Test
 	public void logoutWhenAcceptApplicationJsonThenReturnsStatusNoContent() throws Exception {
 		this.spring.register(BasicSecurityConfig.class).autowire();
-
 		this.mvc.perform(post("/logout").with(csrf()).with(user("user")).header(HttpHeaders.ACCEPT,
 				MediaType.APPLICATION_JSON_VALUE)).andExpect(status().isNoContent());
 	}
@@ -213,7 +199,6 @@ public class LogoutConfigurerTests {
 	@Test
 	public void logoutWhenAcceptAllThenReturnsStatusNoContent() throws Exception {
 		this.spring.register(BasicSecurityConfig.class).autowire();
-
 		this.mvc.perform(
 				post("/logout").with(csrf()).with(user("user")).header(HttpHeaders.ACCEPT, MediaType.ALL_VALUE))
 				.andExpect(status().isNoContent());
@@ -223,7 +208,6 @@ public class LogoutConfigurerTests {
 	@Test
 	public void logoutWhenAcceptFromChromeThenRedirectsToLogin() throws Exception {
 		this.spring.register(BasicSecurityConfig.class).autowire();
-
 		this.mvc.perform(post("/logout").with(csrf()).with(user("user")).header(HttpHeaders.ACCEPT,
 				"text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"))
 				.andExpect(status().isFound()).andExpect(redirectedUrl("/login?logout"));
@@ -233,7 +217,6 @@ public class LogoutConfigurerTests {
 	@Test
 	public void logoutWhenXMLHttpRequestThenReturnsStatusNoContent() throws Exception {
 		this.spring.register(BasicSecurityConfig.class).autowire();
-
 		this.mvc.perform(post("/logout").with(csrf()).with(user("user"))
 				.header(HttpHeaders.ACCEPT, "text/html,application/json").header("X-Requested-With", "XMLHttpRequest"))
 				.andExpect(status().isNoContent());
@@ -242,7 +225,6 @@ public class LogoutConfigurerTests {
 	@Test
 	public void logoutWhenDisabledThenLogoutUrlNotFound() throws Exception {
 		this.spring.register(LogoutDisabledConfig.class).autowire();
-
 		this.mvc.perform(post("/logout").with(csrf())).andExpect(status().isNotFound());
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpBasicTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpBasicTests.java
index 1d66dfce56..18e2fc89af 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpBasicTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpBasicTests.java
@@ -65,24 +65,18 @@ public class NamespaceHttpBasicTests {
 	@Test
 	public void basicAuthenticationWhenUsingDefaultsThenMatchesNamespace() throws Exception {
 		this.spring.register(HttpBasicConfig.class, UserConfig.class).autowire();
-
 		this.mvc.perform(get("/")).andExpect(status().isUnauthorized());
-
 		this.mvc.perform(get("/").with(httpBasic("user", "invalid"))).andExpect(status().isUnauthorized())
 				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, "Basic realm=\"Realm\""));
-
 		this.mvc.perform(get("/").with(httpBasic("user", "password"))).andExpect(status().isNotFound());
 	}
 
 	@Test
 	public void basicAuthenticationWhenUsingDefaultsInLambdaThenMatchesNamespace() throws Exception {
 		this.spring.register(HttpBasicLambdaConfig.class, UserConfig.class).autowire();
-
 		this.mvc.perform(get("/")).andExpect(status().isUnauthorized());
-
 		this.mvc.perform(get("/").with(httpBasic("user", "invalid"))).andExpect(status().isUnauthorized())
 				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, "Basic realm=\"Realm\""));
-
 		this.mvc.perform(get("/").with(httpBasic("user", "password"))).andExpect(status().isNotFound());
 	}
 
@@ -92,7 +86,6 @@ public class NamespaceHttpBasicTests {
 	@Test
 	public void basicAuthenticationWhenUsingCustomRealmThenMatchesNamespace() throws Exception {
 		this.spring.register(CustomHttpBasicConfig.class, UserConfig.class).autowire();
-
 		this.mvc.perform(get("/").with(httpBasic("user", "invalid"))).andExpect(status().isUnauthorized())
 				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, "Basic realm=\"Custom Realm\""));
 	}
@@ -100,7 +93,6 @@ public class NamespaceHttpBasicTests {
 	@Test
 	public void basicAuthenticationWhenUsingCustomRealmInLambdaThenMatchesNamespace() throws Exception {
 		this.spring.register(CustomHttpBasicLambdaConfig.class, UserConfig.class).autowire();
-
 		this.mvc.perform(get("/").with(httpBasic("user", "invalid"))).andExpect(status().isUnauthorized())
 				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, "Basic realm=\"Custom Realm\""));
 	}
@@ -111,12 +103,9 @@ public class NamespaceHttpBasicTests {
 	@Test
 	public void basicAuthenticationWhenUsingAuthenticationDetailsSourceRefThenMatchesNamespace() throws Exception {
 		this.spring.register(AuthenticationDetailsSourceHttpBasicConfig.class, UserConfig.class).autowire();
-
 		AuthenticationDetailsSource<HttpServletRequest, ?> source = this.spring.getContext()
 				.getBean(AuthenticationDetailsSource.class);
-
 		this.mvc.perform(get("/").with(httpBasic("user", "password")));
-
 		verify(source).buildDetails(any(HttpServletRequest.class));
 	}
 
@@ -124,12 +113,9 @@ public class NamespaceHttpBasicTests {
 	public void basicAuthenticationWhenUsingAuthenticationDetailsSourceRefInLambdaThenMatchesNamespace()
 			throws Exception {
 		this.spring.register(AuthenticationDetailsSourceHttpBasicLambdaConfig.class, UserConfig.class).autowire();
-
 		AuthenticationDetailsSource<HttpServletRequest, ?> source = this.spring.getContext()
 				.getBean(AuthenticationDetailsSource.class);
-
 		this.mvc.perform(get("/").with(httpBasic("user", "password")));
-
 		verify(source).buildDetails(any(HttpServletRequest.class));
 	}
 
@@ -139,22 +125,16 @@ public class NamespaceHttpBasicTests {
 	@Test
 	public void basicAuthenticationWhenUsingEntryPointRefThenMatchesNamespace() throws Exception {
 		this.spring.register(EntryPointRefHttpBasicConfig.class, UserConfig.class).autowire();
-
 		this.mvc.perform(get("/")).andExpect(status().is(999));
-
 		this.mvc.perform(get("/").with(httpBasic("user", "invalid"))).andExpect(status().is(999));
-
 		this.mvc.perform(get("/").with(httpBasic("user", "password"))).andExpect(status().isNotFound());
 	}
 
 	@Test
 	public void basicAuthenticationWhenUsingEntryPointRefInLambdaThenMatchesNamespace() throws Exception {
 		this.spring.register(EntryPointRefHttpBasicLambdaConfig.class, UserConfig.class).autowire();
-
 		this.mvc.perform(get("/")).andExpect(status().is(999));
-
 		this.mvc.perform(get("/").with(httpBasic("user", "invalid"))).andExpect(status().is(999));
-
 		this.mvc.perform(get("/").with(httpBasic("user", "password"))).andExpect(status().isNotFound());
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFormLoginTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFormLoginTests.java
index b080cf6754..074fa8a2ec 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFormLoginTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFormLoginTests.java
@@ -63,11 +63,8 @@ public class NamespaceHttpFormLoginTests {
 	@Test
 	public void formLoginWhenDefaultConfigurationThenMatchesNamespace() throws Exception {
 		this.spring.register(FormLoginConfig.class, UserDetailsServiceConfig.class).autowire();
-
 		this.mvc.perform(get("/")).andExpect(redirectedUrl("http://localhost/login"));
-
 		this.mvc.perform(post("/login").with(csrf())).andExpect(redirectedUrl("/login?error"));
-
 		this.mvc.perform(post("/login").param("username", "user").param("password", "password").with(csrf()))
 				.andExpect(redirectedUrl("/"));
 	}
@@ -75,12 +72,9 @@ public class NamespaceHttpFormLoginTests {
 	@Test
 	public void formLoginWithCustomEndpointsThenBehaviorMatchesNamespace() throws Exception {
 		this.spring.register(FormLoginCustomConfig.class, UserDetailsServiceConfig.class).autowire();
-
 		this.mvc.perform(get("/")).andExpect(redirectedUrl("http://localhost/authentication/login"));
-
 		this.mvc.perform(post("/authentication/login/process").with(csrf()))
 				.andExpect(redirectedUrl("/authentication/login?failed"));
-
 		this.mvc.perform(post("/authentication/login/process").param("username", "user").param("password", "password")
 				.with(csrf())).andExpect(redirectedUrl("/default"));
 	}
@@ -88,12 +82,9 @@ public class NamespaceHttpFormLoginTests {
 	@Test
 	public void formLoginWithCustomHandlersThenBehaviorMatchesNamespace() throws Exception {
 		this.spring.register(FormLoginCustomRefsConfig.class, UserDetailsServiceConfig.class).autowire();
-
 		this.mvc.perform(get("/")).andExpect(redirectedUrl("http://localhost/login"));
-
 		this.mvc.perform(post("/login").with(csrf())).andExpect(redirectedUrl("/custom/failure"));
 		verifyBean(WebAuthenticationDetailsSource.class).buildDetails(any(HttpServletRequest.class));
-
 		this.mvc.perform(post("/login").param("username", "user").param("password", "password").with(csrf()))
 				.andExpect(redirectedUrl("/custom/targetUrl"));
 	}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpHeadersTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpHeadersTests.java
index eef4ba934a..c9f11e767f 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpHeadersTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpHeadersTests.java
@@ -50,7 +50,6 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
 public class NamespaceHttpHeadersTests {
 
 	static final Map<String, String> defaultHeaders = new LinkedHashMap<>();
-
 	static {
 		defaultHeaders.put("X-Content-Type-Options", "nosniff");
 		defaultHeaders.put("X-Frame-Options", "DENY");
@@ -60,7 +59,6 @@ public class NamespaceHttpHeadersTests {
 		defaultHeaders.put("Pragma", "no-cache");
 		defaultHeaders.put("X-XSS-Protection", "1; mode=block");
 	}
-
 	@Rule
 	public final SpringTestRule spring = new SpringTestRule();
 
@@ -70,28 +68,24 @@ public class NamespaceHttpHeadersTests {
 	@Test
 	public void secureRequestWhenDefaultConfigThenBehaviorMatchesNamespace() throws Exception {
 		this.spring.register(HeadersDefaultConfig.class).autowire();
-
 		this.mvc.perform(get("/").secure(true)).andExpect(includesDefaults());
 	}
 
 	@Test
 	public void secureRequestWhenCacheControlOnlyThenBehaviorMatchesNamespace() throws Exception {
 		this.spring.register(HeadersCacheControlConfig.class).autowire();
-
 		this.mvc.perform(get("/").secure(true)).andExpect(includes("Cache-Control", "Expires", "Pragma"));
 	}
 
 	@Test
 	public void secureRequestWhenHstsOnlyThenBehaviorMatchesNamespace() throws Exception {
 		this.spring.register(HstsConfig.class).autowire();
-
 		this.mvc.perform(get("/").secure(true)).andExpect(includes("Strict-Transport-Security"));
 	}
 
 	@Test
 	public void requestWhenHstsCustomThenBehaviorMatchesNamespace() throws Exception {
 		this.spring.register(HstsCustomConfig.class).autowire();
-
 		this.mvc.perform(get("/"))
 				.andExpect(includes(Collections.singletonMap("Strict-Transport-Security", "max-age=15768000")));
 	}
@@ -99,14 +93,12 @@ public class NamespaceHttpHeadersTests {
 	@Test
 	public void requestWhenFrameOptionsSameOriginThenBehaviorMatchesNamespace() throws Exception {
 		this.spring.register(FrameOptionsSameOriginConfig.class).autowire();
-
 		this.mvc.perform(get("/")).andExpect(includes(Collections.singletonMap("X-Frame-Options", "SAMEORIGIN")));
 	}
 
 	@Test
 	public void requestWhenFrameOptionsAllowFromThenBehaviorMatchesNamespace() throws Exception {
 		this.spring.register(FrameOptionsAllowFromConfig.class).autowire();
-
 		this.mvc.perform(get("/"))
 				.andExpect(includes(Collections.singletonMap("X-Frame-Options", "ALLOW-FROM https://example.com")));
 	}
@@ -114,28 +106,24 @@ public class NamespaceHttpHeadersTests {
 	@Test
 	public void requestWhenXssOnlyThenBehaviorMatchesNamespace() throws Exception {
 		this.spring.register(XssProtectionConfig.class).autowire();
-
 		this.mvc.perform(get("/")).andExpect(includes("X-XSS-Protection"));
 	}
 
 	@Test
 	public void requestWhenXssCustomThenBehaviorMatchesNamespace() throws Exception {
 		this.spring.register(XssProtectionCustomConfig.class).autowire();
-
 		this.mvc.perform(get("/")).andExpect(includes(Collections.singletonMap("X-XSS-Protection", "1")));
 	}
 
 	@Test
 	public void requestWhenXContentTypeOptionsOnlyThenBehaviorMatchesNamespace() throws Exception {
 		this.spring.register(ContentTypeOptionsConfig.class).autowire();
-
 		this.mvc.perform(get("/")).andExpect(includes("X-Content-Type-Options"));
 	}
 
 	@Test
 	public void requestWhenCustomHeaderOnlyThenBehaviorMatchesNamespace() throws Exception {
 		this.spring.register(HeaderRefConfig.class).autowire();
-
 		this.mvc.perform(get("/"))
 				.andExpect(includes(Collections.singletonMap("customHeaderName", "customHeaderValue")));
 	}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpInterceptUrlTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpInterceptUrlTests.java
index e88dd304e4..bd4d5ac0a9 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpInterceptUrlTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpInterceptUrlTests.java
@@ -60,32 +60,26 @@ public class NamespaceHttpInterceptUrlTests {
 	@Test
 	public void unauthenticatedRequestWhenUrlRequiresAuthenticationThenBehaviorMatchesNamespace() throws Exception {
 		this.spring.register(HttpInterceptUrlConfig.class).autowire();
-
 		this.mvc.perform(get("/users")).andExpect(status().isForbidden());
 	}
 
 	@Test
 	public void authenticatedRequestWhenUrlRequiresElevatedPrivilegesThenBehaviorMatchesNamespace() throws Exception {
 		this.spring.register(HttpInterceptUrlConfig.class).autowire();
-
 		this.mvc.perform(get("/users").with(authentication(user("ROLE_USER")))).andExpect(status().isForbidden());
 	}
 
 	@Test
 	public void authenticatedRequestWhenAuthorizedThenBehaviorMatchesNamespace() throws Exception {
 		this.spring.register(HttpInterceptUrlConfig.class, BaseController.class).autowire();
-
 		this.mvc.perform(get("/users").with(authentication(user("ROLE_ADMIN")))).andExpect(status().isOk()).andReturn();
 	}
 
 	@Test
 	public void requestWhenMappedByPostInterceptUrlThenBehaviorMatchesNamespace() throws Exception {
 		this.spring.register(HttpInterceptUrlConfig.class, BaseController.class).autowire();
-
 		this.mvc.perform(get("/admin/post").with(authentication(user("ROLE_USER")))).andExpect(status().isOk());
-
 		this.mvc.perform(post("/admin/post").with(authentication(user("ROLE_USER")))).andExpect(status().isForbidden());
-
 		this.mvc.perform(post("/admin/post").with(csrf()).with(authentication(user("ROLE_ADMIN"))))
 				.andExpect(status().isOk());
 	}
@@ -93,11 +87,8 @@ public class NamespaceHttpInterceptUrlTests {
 	@Test
 	public void requestWhenRequiresChannelThenBehaviorMatchesNamespace() throws Exception {
 		this.spring.register(HttpInterceptUrlConfig.class).autowire();
-
 		this.mvc.perform(get("/login")).andExpect(redirectedUrl("https://localhost/login"));
-
 		this.mvc.perform(get("/secured/a")).andExpect(redirectedUrl("https://localhost/secured/a"));
-
 		this.mvc.perform(get("https://localhost/user")).andExpect(redirectedUrl("http://localhost/user"));
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpJeeTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpJeeTests.java
index 96a9287fe8..f83e15ba4a 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpJeeTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpJeeTests.java
@@ -62,10 +62,8 @@ public class NamespaceHttpJeeTests {
 	@Test
 	public void requestWhenJeeUserThenBehaviorDiffersFromNamespaceForRoleNames() throws Exception {
 		this.spring.register(JeeMappableRolesConfig.class, BaseController.class).autowire();
-
 		Principal user = mock(Principal.class);
 		given(user.getName()).willReturn("joe");
-
 		this.mvc.perform(get("/roles").principal(user).with((request) -> {
 			request.addUserRole("ROLE_admin");
 			request.addUserRole("ROLE_user");
@@ -77,18 +75,13 @@ public class NamespaceHttpJeeTests {
 	@Test
 	public void requestWhenCustomAuthenticatedUserDetailsServiceThenBehaviorMatchesNamespace() throws Exception {
 		this.spring.register(JeeUserServiceRefConfig.class, BaseController.class).autowire();
-
 		Principal user = mock(Principal.class);
 		given(user.getName()).willReturn("joe");
-
 		User result = new User(user.getName(), "N/A", true, true, true, true,
 				AuthorityUtils.createAuthorityList("ROLE_user"));
-
 		given(bean(AuthenticationUserDetailsService.class).loadUserDetails(any())).willReturn(result);
-
 		this.mvc.perform(get("/roles").principal(user)).andExpect(status().isOk())
 				.andExpect(content().string("ROLE_user"));
-
 		verifyBean(AuthenticationUserDetailsService.class).loadUserDetails(any());
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpLogoutTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpLogoutTests.java
index 3f69893ed9..8b93855cb9 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpLogoutTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpLogoutTests.java
@@ -72,7 +72,6 @@ public class NamespaceHttpLogoutTests {
 	@WithMockUser
 	public void logoutWhenUsingDefaultsThenMatchesNamespace() throws Exception {
 		this.spring.register(HttpLogoutConfig.class).autowire();
-
 		this.mvc.perform(post("/logout").with(csrf())).andExpect(authenticated(false))
 				.andExpect(redirectedUrl("/login?logout")).andExpect(noCookies()).andExpect(session(Objects::isNull));
 	}
@@ -81,7 +80,6 @@ public class NamespaceHttpLogoutTests {
 	@WithMockUser
 	public void logoutWhenDisabledInLambdaThenRespondsWithNotFound() throws Exception {
 		this.spring.register(HttpLogoutDisabledInLambdaConfig.class).autowire();
-
 		this.mvc.perform(post("/logout").with(csrf()).with(user("user"))).andExpect(status().isNotFound());
 	}
 
@@ -92,7 +90,6 @@ public class NamespaceHttpLogoutTests {
 	@WithMockUser
 	public void logoutWhenUsingVariousCustomizationsMatchesNamespace() throws Exception {
 		this.spring.register(CustomHttpLogoutConfig.class).autowire();
-
 		this.mvc.perform(post("/custom-logout").with(csrf())).andExpect(authenticated(false))
 				.andExpect(redirectedUrl("/logout-success"))
 				.andExpect((result) -> assertThat(result.getResponse().getCookies()).hasSize(1))
@@ -103,7 +100,6 @@ public class NamespaceHttpLogoutTests {
 	@WithMockUser
 	public void logoutWhenUsingVariousCustomizationsInLambdaThenMatchesNamespace() throws Exception {
 		this.spring.register(CustomHttpLogoutInLambdaConfig.class).autowire();
-
 		this.mvc.perform(post("/custom-logout").with(csrf())).andExpect(authenticated(false))
 				.andExpect(redirectedUrl("/logout-success"))
 				.andExpect((result) -> assertThat(result.getResponse().getCookies()).hasSize(1))
@@ -117,7 +113,6 @@ public class NamespaceHttpLogoutTests {
 	@WithMockUser
 	public void logoutWhenUsingSuccessHandlerRefThenMatchesNamespace() throws Exception {
 		this.spring.register(SuccessHandlerRefHttpLogoutConfig.class).autowire();
-
 		this.mvc.perform(post("/logout").with(csrf())).andExpect(authenticated(false))
 				.andExpect(redirectedUrl("/SuccessHandlerRefHttpLogoutConfig")).andExpect(noCookies())
 				.andExpect(session(Objects::isNull));
@@ -127,7 +122,6 @@ public class NamespaceHttpLogoutTests {
 	@WithMockUser
 	public void logoutWhenUsingSuccessHandlerRefInLambdaThenMatchesNamespace() throws Exception {
 		this.spring.register(SuccessHandlerRefHttpLogoutInLambdaConfig.class).autowire();
-
 		this.mvc.perform(post("/logout").with(csrf())).andExpect(authenticated(false))
 				.andExpect(redirectedUrl("/SuccessHandlerRefHttpLogoutConfig")).andExpect(noCookies())
 				.andExpect(session(Objects::isNull));
@@ -224,7 +218,6 @@ public class NamespaceHttpLogoutTests {
 		protected void configure(HttpSecurity http) throws Exception {
 			SimpleUrlLogoutSuccessHandler logoutSuccessHandler = new SimpleUrlLogoutSuccessHandler();
 			logoutSuccessHandler.setDefaultTargetUrl("/SuccessHandlerRefHttpLogoutConfig");
-
 			// @formatter:off
 			http
 				.logout((logout) -> logout.logoutSuccessHandler(logoutSuccessHandler));
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpOpenIDLoginTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpOpenIDLoginTests.java
index 373c29186a..26ad03f0de 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpOpenIDLoginTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpOpenIDLoginTests.java
@@ -104,18 +104,14 @@ public class NamespaceHttpOpenIDLoginTests {
 		given(OpenIDLoginAttributeExchangeConfig.CONSUMER_MANAGER.authenticate(any(DiscoveryInformation.class), any(),
 				any())).willReturn(mockAuthRequest);
 		this.spring.register(OpenIDLoginAttributeExchangeConfig.class).autowire();
-
 		try (MockWebServer server = new MockWebServer()) {
 			String endpoint = server.url("/").toString();
-
 			server.enqueue(new MockResponse().addHeader(YadisResolver.YADIS_XRDS_LOCATION, endpoint));
 			server.enqueue(new MockResponse()
 					.setBody(String.format("<XRDS><XRD><Service><URI>%s</URI></Service></XRD></XRDS>", endpoint)));
-
 			MvcResult mvcResult = this.mvc.perform(get("/login/openid")
 					.param(OpenIDAuthenticationFilter.DEFAULT_CLAIMED_IDENTITY_FIELD, "https://www.google.com/1"))
 					.andExpect(status().isFound()).andReturn();
-
 			Object attributeObject = mvcResult.getRequest().getSession()
 					.getAttribute("SPRING_SECURITY_OPEN_ID_ATTRIBUTES_FETCH_LIST");
 			assertThat(attributeObject).isInstanceOf(List.class);
@@ -144,25 +140,20 @@ public class NamespaceHttpOpenIDLoginTests {
 	public void openidLoginWithCustomHandlersThenBehaviorMatchesNamespace() throws Exception {
 		OpenIDAuthenticationToken token = new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.SUCCESS,
 				"identityUrl", "message", Arrays.asList(new OpenIDAttribute("name", "type")));
-
 		OpenIDLoginCustomRefsConfig.AUDS = mock(AuthenticationUserDetailsService.class);
 		given(OpenIDLoginCustomRefsConfig.AUDS.loadUserDetails(any(Authentication.class)))
 				.willReturn(new User("user", "password", AuthorityUtils.createAuthorityList("ROLE_USER")));
 		OpenIDLoginCustomRefsConfig.ADS = spy(new WebAuthenticationDetailsSource());
 		OpenIDLoginCustomRefsConfig.CONSUMER = mock(OpenIDConsumer.class);
-
 		this.spring.register(OpenIDLoginCustomRefsConfig.class, UserDetailsServiceConfig.class).autowire();
-
 		given(OpenIDLoginCustomRefsConfig.CONSUMER.endConsumption(any(HttpServletRequest.class)))
 				.willThrow(new AuthenticationServiceException("boom"));
 		this.mvc.perform(post("/login/openid").with(csrf()).param("openid.identity", "identity"))
 				.andExpect(redirectedUrl("/custom/failure"));
 		reset(OpenIDLoginCustomRefsConfig.CONSUMER);
-
 		given(OpenIDLoginCustomRefsConfig.CONSUMER.endConsumption(any(HttpServletRequest.class))).willReturn(token);
 		this.mvc.perform(post("/login/openid").with(csrf()).param("openid.identity", "identity"))
 				.andExpect(redirectedUrl("/custom/targetUrl"));
-
 		verify(OpenIDLoginCustomRefsConfig.AUDS).loadUserDetails(any(Authentication.class));
 		verify(OpenIDLoginCustomRefsConfig.ADS).buildDetails(any(Object.class));
 	}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpPortMappingsTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpPortMappingsTests.java
index 3d4d1a8874..011409d9fb 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpPortMappingsTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpPortMappingsTests.java
@@ -49,12 +49,9 @@ public class NamespaceHttpPortMappingsTests {
 	@Test
 	public void portMappingWhenRequestRequiresChannelThenBehaviorMatchesNamespace() throws Exception {
 		this.spring.register(HttpInterceptUrlWithPortMapperConfig.class).autowire();
-
 		this.mvc.perform(get("http://localhost:9080/login")).andExpect(redirectedUrl("https://localhost:9443/login"));
-
 		this.mvc.perform(get("http://localhost:9080/secured/a"))
 				.andExpect(redirectedUrl("https://localhost:9443/secured/a"));
-
 		this.mvc.perform(get("https://localhost:9443/user")).andExpect(redirectedUrl("http://localhost:9080/user"));
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpRequestCacheTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpRequestCacheTests.java
index a67380193c..be604a4b8a 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpRequestCacheTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpRequestCacheTests.java
@@ -68,9 +68,7 @@ public class NamespaceHttpRequestCacheTests {
 	@Test
 	public void requestWhenDefaultConfigurationThenUsesHttpSessionRequestCache() throws Exception {
 		this.spring.register(DefaultRequestCacheRefConfig.class).autowire();
-
 		MvcResult result = this.mvc.perform(get("/")).andExpect(status().isForbidden()).andReturn();
-
 		HttpSession session = result.getRequest().getSession(false);
 		assertThat(session).isNotNull();
 		assertThat(session.getAttribute("SPRING_SECURITY_SAVED_REQUEST")).isNotNull();
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpServerAccessDeniedHandlerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpServerAccessDeniedHandlerTests.java
index f431f397be..03c12efdb5 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpServerAccessDeniedHandlerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpServerAccessDeniedHandlerTests.java
@@ -69,7 +69,6 @@ public class NamespaceHttpServerAccessDeniedHandlerTests {
 	@Test
 	public void requestWhenCustomAccessDeniedPageInLambdaThenForwardedToCustomPage() throws Exception {
 		this.spring.register(AccessDeniedPageInLambdaConfig.class).autowire();
-
 		this.mvc.perform(get("/").with(authentication(user()))).andExpect(status().isForbidden())
 				.andExpect(forwardedUrl("/AccessDeniedPageConfig"));
 	}
@@ -85,9 +84,7 @@ public class NamespaceHttpServerAccessDeniedHandlerTests {
 	@Test
 	public void requestWhenCustomAccessDeniedHandlerInLambdaThenBehaviorMatchesNamespace() throws Exception {
 		this.spring.register(AccessDeniedHandlerRefInLambdaConfig.class).autowire();
-
 		this.mvc.perform(get("/").with(authentication(user())));
-
 		verify(AccessDeniedHandlerRefInLambdaConfig.accessDeniedHandler).handle(any(HttpServletRequest.class),
 				any(HttpServletResponse.class), any(AccessDeniedException.class));
 	}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpX509Tests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpX509Tests.java
index e6d6576183..5f30c3c7c8 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpX509Tests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpX509Tests.java
@@ -81,10 +81,8 @@ public class NamespaceHttpX509Tests {
 	@Test
 	public void x509AuthenticationWhenHasCustomAuthenticationDetailsSourceThenMatchesNamespace() throws Exception {
 		this.spring.register(AuthenticationDetailsSourceRefConfig.class, X509Controller.class).autowire();
-
 		X509Certificate certificate = loadCert("rod.cer");
 		this.mvc.perform(get("/whoami").with(x509(certificate))).andExpect(content().string("rod"));
-
 		verifyBean(AuthenticationDetailsSource.class).buildDetails(any());
 	}
 
@@ -183,7 +181,6 @@ public class NamespaceHttpX509Tests {
 
 		@Bean
 		AuthenticationDetailsSource<HttpServletRequest, PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails> authenticationDetailsSource() {
-
 			return mock(AuthenticationDetailsSource.class);
 		}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceRememberMeTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceRememberMeTests.java
index 949fea0e42..5a5347c334 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceRememberMeTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceRememberMeTests.java
@@ -82,19 +82,15 @@ public class NamespaceRememberMeTests {
 	public void rememberMeLoginWhenUsingDefaultsThenMatchesNamespace() throws Exception {
 		this.spring.register(RememberMeConfig.class, SecurityController.class).autowire();
 		MvcResult result = this.mvc.perform(post("/login").with(rememberMeLogin())).andReturn();
-
 		MockHttpSession session = (MockHttpSession) result.getRequest().getSession();
 		Cookie rememberMe = result.getResponse().getCookie("remember-me");
 		assertThat(rememberMe).isNotNull();
 		this.mvc.perform(get("/authentication-class").cookie(rememberMe))
 				.andExpect(content().string(RememberMeAuthenticationToken.class.getName()));
-
 		result = this.mvc.perform(post("/logout").with(csrf()).session(session).cookie(rememberMe))
 				.andExpect(redirectedUrl("/login?logout")).andReturn();
-
 		rememberMe = result.getResponse().getCookie("remember-me");
 		assertThat(rememberMe).isNotNull().extracting(Cookie::getMaxAge).isEqualTo(0);
-
 		this.mvc.perform(post("/authentication-class").with(csrf()).cookie(rememberMe))
 				.andExpect(redirectedUrl("http://localhost/login")).andReturn();
 	}
@@ -105,11 +101,9 @@ public class NamespaceRememberMeTests {
 	public void logoutWhenCustomRememberMeServicesDeclaredThenUses() throws Exception {
 		RememberMeServicesRefConfig.REMEMBER_ME_SERVICES = mock(RememberMeServicesWithoutLogoutHandler.class);
 		this.spring.register(RememberMeServicesRefConfig.class).autowire();
-
 		this.mvc.perform(get("/"));
 		verify(RememberMeServicesRefConfig.REMEMBER_ME_SERVICES).autoLogin(any(HttpServletRequest.class),
 				any(HttpServletResponse.class));
-
 		this.mvc.perform(post("/login").with(csrf()));
 		verify(RememberMeServicesRefConfig.REMEMBER_ME_SERVICES).loginFail(any(HttpServletRequest.class),
 				any(HttpServletResponse.class));
@@ -119,15 +113,11 @@ public class NamespaceRememberMeTests {
 	public void rememberMeLoginWhenAuthenticationSuccessHandlerDeclaredThenUses() throws Exception {
 		AuthSuccessConfig.SUCCESS_HANDLER = mock(AuthenticationSuccessHandler.class);
 		this.spring.register(AuthSuccessConfig.class).autowire();
-
 		MvcResult result = this.mvc.perform(post("/login").with(rememberMeLogin())).andReturn();
-
 		verifyZeroInteractions(AuthSuccessConfig.SUCCESS_HANDLER);
-
 		Cookie rememberMe = result.getResponse().getCookie("remember-me");
 		assertThat(rememberMe).isNotNull();
 		this.mvc.perform(get("/somewhere").cookie(rememberMe));
-
 		verify(AuthSuccessConfig.SUCCESS_HANDLER).onAuthenticationSuccess(any(HttpServletRequest.class),
 				any(HttpServletResponse.class), any(Authentication.class));
 	}
@@ -137,10 +127,8 @@ public class NamespaceRememberMeTests {
 		this.spring.register(WithoutKeyConfig.class, KeyConfig.class, SecurityController.class).autowire();
 		Cookie withoutKey = this.mvc.perform(post("/without-key/login").with(rememberMeLogin()))
 				.andExpect(redirectedUrl("/")).andReturn().getResponse().getCookie("remember-me");
-
 		this.mvc.perform(get("/somewhere").cookie(withoutKey)).andExpect(status().isFound())
 				.andExpect(redirectedUrl("http://localhost/login"));
-
 		Cookie withKey = this.mvc.perform(post("/login").with(rememberMeLogin())).andReturn().getResponse()
 				.getCookie("remember-me");
 		this.mvc.perform(get("/somewhere").cookie(withKey)).andExpect(status().isNotFound());
@@ -148,16 +136,13 @@ public class NamespaceRememberMeTests {
 
 	// http/remember-me@services-alias is not supported use standard aliasing instead
 	// (i.e. @Bean("alias"))
-
 	// http/remember-me@data-source-ref is not supported directly. Instead use
 	// http/remember-me@token-repository-ref example
 	@Test
 	public void rememberMeLoginWhenDeclaredTokenRepositoryThenMatchesNamespace() throws Exception {
 		TokenRepositoryRefConfig.TOKEN_REPOSITORY = mock(PersistentTokenRepository.class);
 		this.spring.register(TokenRepositoryRefConfig.class).autowire();
-
 		this.mvc.perform(post("/login").with(rememberMeLogin()));
-
 		verify(TokenRepositoryRefConfig.TOKEN_REPOSITORY).createNewToken(any(PersistentRememberMeToken.class));
 	}
 
@@ -166,7 +151,6 @@ public class NamespaceRememberMeTests {
 		this.spring.register(TokenValiditySecondsConfig.class).autowire();
 		Cookie expiredRememberMe = this.mvc.perform(post("/login").with(rememberMeLogin())).andReturn().getResponse()
 				.getCookie("remember-me");
-
 		assertThat(expiredRememberMe).extracting(Cookie::getMaxAge).isEqualTo(314);
 	}
 
@@ -175,7 +159,6 @@ public class NamespaceRememberMeTests {
 		this.spring.register(RememberMeConfig.class).autowire();
 		Cookie expiredRememberMe = this.mvc.perform(post("/login").with(rememberMeLogin())).andReturn().getResponse()
 				.getCookie("remember-me");
-
 		assertThat(expiredRememberMe).extracting(Cookie::getMaxAge).isEqualTo(AbstractRememberMeServices.TWO_WEEKS_S);
 	}
 
@@ -184,7 +167,6 @@ public class NamespaceRememberMeTests {
 		this.spring.register(UseSecureCookieConfig.class).autowire();
 		Cookie secureCookie = this.mvc.perform(post("/login").with(rememberMeLogin())).andReturn().getResponse()
 				.getCookie("remember-me");
-
 		assertThat(secureCookie).extracting(Cookie::getSecure).isEqualTo(true);
 	}
 
@@ -193,7 +175,6 @@ public class NamespaceRememberMeTests {
 		this.spring.register(RememberMeConfig.class).autowire();
 		Cookie secureCookie = this.mvc.perform(post("/login").with(rememberMeLogin()).secure(true)).andReturn()
 				.getResponse().getCookie("remember-me");
-
 		assertThat(secureCookie).extracting(Cookie::getSecure).isEqualTo(true);
 	}
 
@@ -202,7 +183,6 @@ public class NamespaceRememberMeTests {
 		this.spring.register(RememberMeParameterConfig.class).autowire();
 		Cookie rememberMe = this.mvc.perform(post("/login").with(rememberMeLogin("rememberMe", true))).andReturn()
 				.getResponse().getCookie("remember-me");
-
 		assertThat(rememberMe).isNotNull();
 	}
 
@@ -212,7 +192,6 @@ public class NamespaceRememberMeTests {
 		this.spring.register(RememberMeCookieNameConfig.class).autowire();
 		Cookie rememberMe = this.mvc.perform(post("/login").with(rememberMeLogin())).andReturn().getResponse()
 				.getCookie("rememberMe");
-
 		assertThat(rememberMe).isNotNull();
 	}
 
@@ -220,9 +199,7 @@ public class NamespaceRememberMeTests {
 	public void rememberMeLoginWhenGlobalUserDetailsServiceDeclaredThenMatchesNamespace() throws Exception {
 		DefaultsUserDetailsServiceWithDaoConfig.USERDETAILS_SERVICE = mock(UserDetailsService.class);
 		this.spring.register(DefaultsUserDetailsServiceWithDaoConfig.class).autowire();
-
 		this.mvc.perform(post("/login").with(rememberMeLogin()));
-
 		verify(DefaultsUserDetailsServiceWithDaoConfig.USERDETAILS_SERVICE).loadUserByUsername("user");
 	}
 
@@ -230,12 +207,9 @@ public class NamespaceRememberMeTests {
 	public void rememberMeLoginWhenUserDetailsServiceDeclaredThenMatchesNamespace() throws Exception {
 		UserServiceRefConfig.USERDETAILS_SERVICE = mock(UserDetailsService.class);
 		this.spring.register(UserServiceRefConfig.class).autowire();
-
 		given(UserServiceRefConfig.USERDETAILS_SERVICE.loadUserByUsername("user"))
 				.willReturn(new User("user", "password", AuthorityUtils.createAuthorityList("ROLE_USER")));
-
 		this.mvc.perform(post("/login").with(rememberMeLogin()));
-
 		verify(UserServiceRefConfig.USERDETAILS_SERVICE).loadUserByUsername("user");
 	}
 
@@ -363,7 +337,6 @@ public class NamespaceRememberMeTests {
 		protected void configure(HttpSecurity http) throws Exception {
 			// JdbcTokenRepositoryImpl tokenRepository = new JdbcTokenRepositoryImpl()
 			// tokenRepository.setDataSource(dataSource);
-
 			// @formatter:off
 			http
 				.formLogin()
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceSessionManagementTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceSessionManagementTests.java
index 6f08c7290a..8ddd312c45 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceSessionManagementTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceSessionManagementTests.java
@@ -82,20 +82,16 @@ public class NamespaceSessionManagementTests {
 	public void authenticateWhenDefaultSessionManagementThenMatchesNamespace() throws Exception {
 		this.spring.register(SessionManagementConfig.class, BasicController.class, UserDetailsServiceConfig.class)
 				.autowire();
-
 		MockHttpSession session = new MockHttpSession();
 		String sessionId = session.getId();
-
 		MvcResult result = this.mvc.perform(get("/auth").session(session).with(httpBasic("user", "password")))
 				.andExpect(session()).andReturn();
-
 		assertThat(result.getRequest().getSession(false).getId()).isNotEqualTo(sessionId);
 	}
 
 	@Test
 	public void authenticateWhenUsingInvalidSessionUrlThenMatchesNamespace() throws Exception {
 		this.spring.register(CustomSessionManagementConfig.class).autowire();
-
 		this.mvc.perform(get("/auth").with((request) -> {
 			request.setRequestedSessionIdValid(false);
 			request.setRequestedSessionId("id");
@@ -106,13 +102,11 @@ public class NamespaceSessionManagementTests {
 	@Test
 	public void authenticateWhenUsingExpiredUrlThenMatchesNamespace() throws Exception {
 		this.spring.register(CustomSessionManagementConfig.class).autowire();
-
 		MockHttpSession session = new MockHttpSession();
 		SessionInformation sessionInformation = new SessionInformation(new Object(), session.getId(), new Date(0));
 		sessionInformation.expireNow();
 		SessionRegistry sessionRegistry = this.spring.getContext().getBean(SessionRegistry.class);
 		given(sessionRegistry.getSessionInformation(session.getId())).willReturn(sessionInformation);
-
 		this.mvc.perform(get("/auth").session(session)).andExpect(redirectedUrl("/expired-session"));
 	}
 
@@ -120,9 +114,7 @@ public class NamespaceSessionManagementTests {
 	public void authenticateWhenUsingMaxSessionsThenMatchesNamespace() throws Exception {
 		this.spring.register(CustomSessionManagementConfig.class, BasicController.class, UserDetailsServiceConfig.class)
 				.autowire();
-
 		this.mvc.perform(get("/auth").with(httpBasic("user", "password"))).andExpect(status().isOk());
-
 		this.mvc.perform(get("/auth").with(httpBasic("user", "password")))
 				.andExpect(redirectedUrl("/session-auth-error"));
 	}
@@ -131,12 +123,10 @@ public class NamespaceSessionManagementTests {
 	public void authenticateWhenUsingFailureUrlThenMatchesNamespace() throws Exception {
 		this.spring.register(CustomSessionManagementConfig.class, BasicController.class, UserDetailsServiceConfig.class)
 				.autowire();
-
 		MockHttpServletRequest mock = spy(MockHttpServletRequest.class);
 		mock.setSession(new MockHttpSession());
 		given(mock.changeSessionId()).willThrow(SessionAuthenticationException.class);
 		mock.setMethod("GET");
-
 		this.mvc.perform(get("/auth").with((request) -> mock).with(httpBasic("user", "password")))
 				.andExpect(redirectedUrl("/session-auth-error"));
 	}
@@ -145,11 +135,8 @@ public class NamespaceSessionManagementTests {
 	public void authenticateWhenUsingSessionRegistryThenMatchesNamespace() throws Exception {
 		this.spring.register(CustomSessionManagementConfig.class, BasicController.class, UserDetailsServiceConfig.class)
 				.autowire();
-
 		SessionRegistry sessionRegistry = this.spring.getContext().getBean(SessionRegistry.class);
-
 		this.mvc.perform(get("/auth").with(httpBasic("user", "password"))).andExpect(status().isOk());
-
 		verify(sessionRegistry).registerNewSession(any(String.class), any(Object.class));
 	}
 
@@ -157,13 +144,11 @@ public class NamespaceSessionManagementTests {
 	@Test
 	public void authenticateWhenUsingCustomInvalidSessionStrategyThenMatchesNamespace() throws Exception {
 		this.spring.register(InvalidSessionStrategyConfig.class).autowire();
-
 		this.mvc.perform(get("/auth").with((request) -> {
 			request.setRequestedSessionIdValid(false);
 			request.setRequestedSessionId("id");
 			return request;
 		})).andExpect(status().isOk());
-
 		verifyBean(InvalidSessionStrategy.class).onInvalidSessionDetected(any(HttpServletRequest.class),
 				any(HttpServletResponse.class));
 	}
@@ -172,9 +157,7 @@ public class NamespaceSessionManagementTests {
 	public void authenticateWhenUsingCustomSessionAuthenticationStrategyThenMatchesNamespace() throws Exception {
 		this.spring.register(RefsSessionManagementConfig.class, BasicController.class, UserDetailsServiceConfig.class)
 				.autowire();
-
 		this.mvc.perform(get("/auth").with(httpBasic("user", "password"))).andExpect(status().isOk());
-
 		verifyBean(SessionAuthenticationStrategy.class).onAuthentication(any(Authentication.class),
 				any(HttpServletRequest.class), any(HttpServletResponse.class));
 	}
@@ -184,13 +167,11 @@ public class NamespaceSessionManagementTests {
 		this.spring
 				.register(SFPNoneSessionManagementConfig.class, BasicController.class, UserDetailsServiceConfig.class)
 				.autowire();
-
 		MockHttpSession givenSession = new MockHttpSession();
 		String givenSessionId = givenSession.getId();
 		MockHttpSession resultingSession = (MockHttpSession) this.mvc
 				.perform(get("/auth").session(givenSession).with(httpBasic("user", "password")))
 				.andExpect(status().isOk()).andReturn().getRequest().getSession(false);
-
 		assertThat(givenSessionId).isEqualTo(resultingSession.getId());
 	}
 
@@ -198,15 +179,12 @@ public class NamespaceSessionManagementTests {
 	public void authenticateWhenMigrateSessionFixationProtectionThenMatchesNamespace() throws Exception {
 		this.spring.register(SFPMigrateSessionManagementConfig.class, BasicController.class,
 				UserDetailsServiceConfig.class).autowire();
-
 		MockHttpSession givenSession = new MockHttpSession();
 		String givenSessionId = givenSession.getId();
 		givenSession.setAttribute("name", "value");
-
 		MockHttpSession resultingSession = (MockHttpSession) this.mvc
 				.perform(get("/auth").session(givenSession).with(httpBasic("user", "password")))
 				.andExpect(status().isOk()).andReturn().getRequest().getSession(false);
-
 		assertThat(givenSessionId).isNotEqualTo(resultingSession.getId());
 		assertThat(resultingSession.getAttribute("name")).isEqualTo("value");
 	}
@@ -215,25 +193,20 @@ public class NamespaceSessionManagementTests {
 	@Test
 	public void authenticateWhenUsingSessionFixationProtectionThenUsesNonNullEventPublisher() throws Exception {
 		this.spring.register(SFPPostProcessedConfig.class, UserDetailsServiceConfig.class).autowire();
-
 		this.mvc.perform(get("/auth").session(new MockHttpSession()).with(httpBasic("user", "password")))
 				.andExpect(status().isNotFound());
-
 		verifyBean(MockEventListener.class).onApplicationEvent(any(SessionFixationProtectionEvent.class));
 	}
 
 	@Test
 	public void authenticateWhenNewSessionFixationProtectionThenMatchesNamespace() throws Exception {
 		this.spring.register(SFPNewSessionSessionManagementConfig.class, UserDetailsServiceConfig.class).autowire();
-
 		MockHttpSession givenSession = new MockHttpSession();
 		String givenSessionId = givenSession.getId();
 		givenSession.setAttribute("name", "value");
-
 		MockHttpSession resultingSession = (MockHttpSession) this.mvc
 				.perform(get("/auth").session(givenSession).with(httpBasic("user", "password")))
 				.andExpect(status().isNotFound()).andReturn().getRequest().getSession(false);
-
 		assertThat(givenSessionId).isNotEqualTo(resultingSession.getId());
 		assertThat(resultingSession.getAttribute("name")).isNull();
 	}
@@ -465,11 +438,8 @@ public class NamespaceSessionManagementTests {
 				assertThat(result.getRequest().getSession(false)).isNull();
 				return;
 			}
-
 			assertThat(result.getRequest().getSession(false)).isNotNull();
-
 			MockHttpSession session = (MockHttpSession) result.getRequest().getSession(false);
-
 			if (this.valid != null) {
 				if (this.valid) {
 					assertThat(session.isInvalid()).isFalse();
@@ -478,7 +448,6 @@ public class NamespaceSessionManagementTests {
 					assertThat(session.isInvalid()).isTrue();
 				}
 			}
-
 			if (this.id != null) {
 				assertThat(session.getId()).isEqualTo(this.id);
 			}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/PermitAllSupportTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/PermitAllSupportTests.java
index f30939fb0d..ce7a15b331 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/PermitAllSupportTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/PermitAllSupportTests.java
@@ -49,7 +49,6 @@ public class PermitAllSupportTests {
 	@Test
 	public void performWhenUsingPermitAllExactUrlRequestMatcherThenMatchesExactUrl() throws Exception {
 		this.spring.register(PermitAllConfig.class).autowire();
-
 		this.mvc.perform(get("/app/xyz").contextPath("/app")).andExpect(status().isNotFound());
 		this.mvc.perform(get("/app/xyz?def").contextPath("/app")).andExpect(status().isFound());
 		this.mvc.perform(post("/app/abc?def").with(csrf()).contextPath("/app")).andExpect(status().isNotFound());
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/PortMapperConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/PortMapperConfigurerTests.java
index 6c7f1d59ea..bf21abbd7c 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/PortMapperConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/PortMapperConfigurerTests.java
@@ -47,21 +47,18 @@ public class PortMapperConfigurerTests {
 	@Test
 	public void requestWhenPortMapperTwiceInvokedThenDoesNotOverride() throws Exception {
 		this.spring.register(InvokeTwiceDoesNotOverride.class).autowire();
-
 		this.mockMvc.perform(get("http://localhost:543")).andExpect(redirectedUrl("https://localhost:123"));
 	}
 
 	@Test
 	public void requestWhenPortMapperHttpMapsToInLambdaThenRedirectsToHttpsPort() throws Exception {
 		this.spring.register(HttpMapsToInLambdaConfig.class).autowire();
-
 		this.mockMvc.perform(get("http://localhost:543")).andExpect(redirectedUrl("https://localhost:123"));
 	}
 
 	@Test
 	public void requestWhenCustomPortMapperInLambdaThenRedirectsToHttpsPort() throws Exception {
 		this.spring.register(CustomPortMapperInLambdaConfig.class).autowire();
-
 		this.mockMvc.perform(get("http://localhost:543")).andExpect(redirectedUrl("https://localhost:123"));
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurerTests.java
index 8ec6c1b5a7..54bc6ee582 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurerTests.java
@@ -81,7 +81,6 @@ public class RememberMeConfigurerTests {
 	@Test
 	public void postWhenNoUserDetailsServiceThenException() {
 		this.spring.register(NullUserDetailsConfig.class).autowire();
-
 		assertThatThrownBy(() -> this.mvc.perform(post("/login").param("username", "user").param("password", "password")
 				.param("remember-me", "true").with(csrf()))).hasMessageContaining("UserDetailsService is required");
 	}
@@ -89,7 +88,6 @@ public class RememberMeConfigurerTests {
 	@Test
 	public void configureWhenRegisteringObjectPostProcessorThenInvokedOnRememberMeAuthenticationFilter() {
 		this.spring.register(ObjectPostProcessorConfig.class).autowire();
-
 		verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(RememberMeAuthenticationFilter.class));
 	}
 
@@ -98,16 +96,13 @@ public class RememberMeConfigurerTests {
 		given(DuplicateDoesNotOverrideConfig.userDetailsService.loadUserByUsername(anyString()))
 				.willReturn(new User("user", "password", Collections.emptyList()));
 		this.spring.register(DuplicateDoesNotOverrideConfig.class).autowire();
-
 		this.mvc.perform(get("/").with(httpBasic("user", "password")).param("remember-me", "true"));
-
 		verify(DuplicateDoesNotOverrideConfig.userDetailsService).loadUserByUsername("user");
 	}
 
 	@Test
 	public void loginWhenRememberMeTrueThenRespondsWithRememberMeCookie() throws Exception {
 		this.spring.register(RememberMeConfig.class).autowire();
-
 		this.mvc.perform(post("/login").with(csrf()).param("username", "user").param("password", "password")
 				.param("remember-me", "true")).andExpect(cookie().exists("remember-me"));
 	}
@@ -115,11 +110,9 @@ public class RememberMeConfigurerTests {
 	@Test
 	public void getWhenRememberMeCookieThenAuthenticationIsRememberMeAuthenticationToken() throws Exception {
 		this.spring.register(RememberMeConfig.class).autowire();
-
 		MvcResult mvcResult = this.mvc.perform(post("/login").with(csrf()).param("username", "user")
 				.param("password", "password").param("remember-me", "true")).andReturn();
 		Cookie rememberMeCookie = mvcResult.getResponse().getCookie("remember-me");
-
 		this.mvc.perform(get("/abc").cookie(rememberMeCookie)).andExpect(authenticated()
 				.withAuthentication((auth) -> assertThat(auth).isInstanceOf(RememberMeAuthenticationToken.class)));
 	}
@@ -127,12 +120,10 @@ public class RememberMeConfigurerTests {
 	@Test
 	public void logoutWhenRememberMeCookieThenAuthenticationIsRememberMeCookieExpired() throws Exception {
 		this.spring.register(RememberMeConfig.class).autowire();
-
 		MvcResult mvcResult = this.mvc.perform(post("/login").with(csrf()).param("username", "user")
 				.param("password", "password").param("remember-me", "true")).andReturn();
 		Cookie rememberMeCookie = mvcResult.getResponse().getCookie("remember-me");
 		HttpSession session = mvcResult.getRequest().getSession();
-
 		this.mvc.perform(post("/logout").with(csrf()).cookie(rememberMeCookie).session((MockHttpSession) session))
 				.andExpect(redirectedUrl("/login?logout")).andExpect(cookie().maxAge("remember-me", 0));
 	}
@@ -140,7 +131,6 @@ public class RememberMeConfigurerTests {
 	@Test
 	public void getWhenRememberMeCookieAndLoggedOutThenRedirectsToLogin() throws Exception {
 		this.spring.register(RememberMeConfig.class).autowire();
-
 		MvcResult loginMvcResult = this.mvc.perform(post("/login").with(csrf()).param("username", "user")
 				.param("password", "password").param("remember-me", "true")).andReturn();
 		Cookie rememberMeCookie = loginMvcResult.getResponse().getCookie("remember-me");
@@ -149,7 +139,6 @@ public class RememberMeConfigurerTests {
 				.perform(post("/logout").with(csrf()).cookie(rememberMeCookie).session((MockHttpSession) session))
 				.andReturn();
 		Cookie expiredRememberMeCookie = logoutMvcResult.getResponse().getCookie("remember-me");
-
 		this.mvc.perform(get("/abc").with(csrf()).cookie(expiredRememberMeCookie))
 				.andExpect(redirectedUrl("http://localhost/login"));
 	}
@@ -157,7 +146,6 @@ public class RememberMeConfigurerTests {
 	@Test
 	public void loginWhenRememberMeConfiguredInLambdaThenRespondsWithRememberMeCookie() throws Exception {
 		this.spring.register(RememberMeInLambdaConfig.class).autowire();
-
 		this.mvc.perform(post("/login").with(csrf()).param("username", "user").param("password", "password")
 				.param("remember-me", "true")).andExpect(cookie().exists("remember-me"));
 	}
@@ -165,7 +153,6 @@ public class RememberMeConfigurerTests {
 	@Test
 	public void loginWhenRememberMeTrueAndCookieDomainThenRememberMeCookieHasDomain() throws Exception {
 		this.spring.register(RememberMeCookieDomainConfig.class).autowire();
-
 		this.mvc.perform(post("/login").with(csrf()).param("username", "user").param("password", "password")
 				.param("remember-me", "true")).andExpect(cookie().exists("remember-me"))
 				.andExpect(cookie().domain("remember-me", "spring.io"));
@@ -174,7 +161,6 @@ public class RememberMeConfigurerTests {
 	@Test
 	public void loginWhenRememberMeTrueAndCookieDomainInLambdaThenRememberMeCookieHasDomain() throws Exception {
 		this.spring.register(RememberMeCookieDomainInLambdaConfig.class).autowire();
-
 		this.mvc.perform(post("/login").with(csrf()).param("username", "user").param("password", "password")
 				.param("remember-me", "true")).andExpect(cookie().exists("remember-me"))
 				.andExpect(cookie().domain("remember-me", "spring.io"));
@@ -190,11 +176,9 @@ public class RememberMeConfigurerTests {
 	@Test
 	public void getWhenRememberMeCookieAndNoKeyConfiguredThenKeyFromRememberMeServicesIsUsed() throws Exception {
 		this.spring.register(FallbackRememberMeKeyConfig.class).autowire();
-
 		MvcResult mvcResult = this.mvc.perform(post("/login").with(csrf()).param("username", "user")
 				.param("password", "password").param("remember-me", "true")).andReturn();
 		Cookie rememberMeCookie = mvcResult.getResponse().getCookie("remember-me");
-
 		this.mvc.perform(get("/abc").cookie(rememberMeCookie)).andExpect(authenticated()
 				.withAuthentication((auth) -> assertThat(auth).isInstanceOf(RememberMeAuthenticationToken.class)));
 	}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestCacheConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestCacheConfigurerTests.java
index d769b5869d..5079480e76 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestCacheConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestCacheConfigurerTests.java
@@ -69,16 +69,13 @@ public class RequestCacheConfigurerTests {
 	@Test
 	public void configureWhenRegisteringObjectPostProcessorThenInvokedOnExceptionTranslationFilter() {
 		this.spring.register(ObjectPostProcessorConfig.class, DefaultSecurityConfig.class).autowire();
-
 		verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(RequestCacheAwareFilter.class));
 	}
 
 	@Test
 	public void getWhenInvokingExceptionHandlingTwiceThenOriginalEntryPointUsed() throws Exception {
 		this.spring.register(InvokeTwiceDoesNotOverrideConfig.class).autowire();
-
 		this.mvc.perform(get("/"));
-
 		verify(InvokeTwiceDoesNotOverrideConfig.requestCache).getMatchingRequest(any(HttpServletRequest.class),
 				any(HttpServletResponse.class));
 	}
@@ -86,10 +83,8 @@ public class RequestCacheConfigurerTests {
 	@Test
 	public void getWhenBookmarkedUrlIsFaviconIcoThenPostAuthenticationRedirectsToRoot() throws Exception {
 		this.spring.register(RequestCacheDefaultsConfig.class, DefaultSecurityConfig.class).autowire();
-
 		MockHttpSession session = (MockHttpSession) this.mvc.perform(get("/favicon.ico"))
 				.andExpect(redirectedUrl("http://localhost/login")).andReturn().getRequest().getSession();
-
 		this.mvc.perform(formLogin(session)).andExpect(redirectedUrl("/")); // ignores
 																			// favicon.ico
 	}
@@ -97,10 +92,8 @@ public class RequestCacheConfigurerTests {
 	@Test
 	public void getWhenBookmarkedUrlIsFaviconPngThenPostAuthenticationRedirectsToRoot() throws Exception {
 		this.spring.register(RequestCacheDefaultsConfig.class, DefaultSecurityConfig.class).autowire();
-
 		MockHttpSession session = (MockHttpSession) this.mvc.perform(get("/favicon.png"))
 				.andExpect(redirectedUrl("http://localhost/login")).andReturn().getRequest().getSession();
-
 		this.mvc.perform(formLogin(session)).andExpect(redirectedUrl("/")); // ignores
 																			// favicon.png
 	}
@@ -109,14 +102,11 @@ public class RequestCacheConfigurerTests {
 	@Test
 	public void getWhenBookmarkedRequestIsApplicationJsonThenPostAuthenticationRedirectsToRoot() throws Exception {
 		this.spring.register(RequestCacheDefaultsConfig.class, DefaultSecurityConfig.class).autowire();
-
 		MockHttpSession session = (MockHttpSession) this.mvc
 				.perform(get("/messages").header(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON))
 				.andExpect(redirectedUrl("http://localhost/login")).andReturn().getRequest().getSession();
-
 		this.mvc.perform(formLogin(session)).andExpect(redirectedUrl("/")); // ignores
 																			// application/json
-
 		// This is desirable since JSON requests are typically not invoked directly from
 		// the browser and we don't want the browser to replay them
 	}
@@ -125,13 +115,10 @@ public class RequestCacheConfigurerTests {
 	@Test
 	public void getWhenBookmarkedRequestIsXRequestedWithThenPostAuthenticationRedirectsToRoot() throws Exception {
 		this.spring.register(RequestCacheDefaultsConfig.class, DefaultSecurityConfig.class).autowire();
-
 		MockHttpSession session = (MockHttpSession) this.mvc
 				.perform(get("/messages").header("X-Requested-With", "XMLHttpRequest"))
 				.andExpect(redirectedUrl("http://localhost/login")).andReturn().getRequest().getSession();
-
 		this.mvc.perform(formLogin(session)).andExpect(redirectedUrl("/"));
-
 		// This is desirable since XHR requests are typically not invoked directly from
 		// the browser and we don't want the browser to replay them
 	}
@@ -139,14 +126,11 @@ public class RequestCacheConfigurerTests {
 	@Test
 	public void getWhenBookmarkedRequestIsTextEventStreamThenPostAuthenticationRedirectsToRoot() throws Exception {
 		this.spring.register(RequestCacheDefaultsConfig.class, DefaultSecurityConfig.class).autowire();
-
 		MockHttpSession session = (MockHttpSession) this.mvc
 				.perform(get("/messages").header(HttpHeaders.ACCEPT, MediaType.TEXT_EVENT_STREAM))
 				.andExpect(redirectedUrl("http://localhost/login")).andReturn().getRequest().getSession();
-
 		this.mvc.perform(formLogin(session)).andExpect(redirectedUrl("/")); // ignores
 																			// text/event-stream
-
 		// This is desirable since event-stream requests are typically not invoked
 		// directly from the browser and we don't want the browser to replay them
 	}
@@ -154,45 +138,37 @@ public class RequestCacheConfigurerTests {
 	@Test
 	public void getWhenBookmarkedRequestIsAllMediaTypeThenPostAuthenticationRemembers() throws Exception {
 		this.spring.register(RequestCacheDefaultsConfig.class, DefaultSecurityConfig.class).autowire();
-
 		MockHttpSession session = (MockHttpSession) this.mvc
 				.perform(get("/messages").header(HttpHeaders.ACCEPT, MediaType.ALL))
 				.andExpect(redirectedUrl("http://localhost/login")).andReturn().getRequest().getSession();
-
 		this.mvc.perform(formLogin(session)).andExpect(redirectedUrl("http://localhost/messages"));
 	}
 
 	@Test
 	public void getWhenBookmarkedRequestIsTextHtmlThenPostAuthenticationRemembers() throws Exception {
 		this.spring.register(RequestCacheDefaultsConfig.class, DefaultSecurityConfig.class).autowire();
-
 		MockHttpSession session = (MockHttpSession) this.mvc
 				.perform(get("/messages").header(HttpHeaders.ACCEPT, MediaType.TEXT_HTML))
 				.andExpect(redirectedUrl("http://localhost/login")).andReturn().getRequest().getSession();
-
 		this.mvc.perform(formLogin(session)).andExpect(redirectedUrl("http://localhost/messages"));
 	}
 
 	@Test
 	public void getWhenBookmarkedRequestIsChromeThenPostAuthenticationRemembers() throws Exception {
 		this.spring.register(RequestCacheDefaultsConfig.class, DefaultSecurityConfig.class).autowire();
-
 		MockHttpSession session = (MockHttpSession) this.mvc
 				.perform(get("/messages").header(HttpHeaders.ACCEPT,
 						"text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"))
 				.andExpect(redirectedUrl("http://localhost/login")).andReturn().getRequest().getSession();
-
 		this.mvc.perform(formLogin(session)).andExpect(redirectedUrl("http://localhost/messages"));
 	}
 
 	@Test
 	public void getWhenBookmarkedRequestIsRequestedWithAndroidThenPostAuthenticationRemembers() throws Exception {
 		this.spring.register(RequestCacheDefaultsConfig.class, DefaultSecurityConfig.class).autowire();
-
 		MockHttpSession session = (MockHttpSession) this.mvc
 				.perform(get("/messages").header("X-Requested-With", "com.android"))
 				.andExpect(redirectedUrl("http://localhost/login")).andReturn().getRequest().getSession();
-
 		this.mvc.perform(formLogin(session)).andExpect(redirectedUrl("http://localhost/messages"));
 	}
 
@@ -201,9 +177,7 @@ public class RequestCacheConfigurerTests {
 	public void getWhenRequestCacheIsDisabledThenExceptionTranslationFilterDoesNotStoreRequest() throws Exception {
 		this.spring.register(RequestCacheDisabledConfig.class,
 				ExceptionHandlingConfigurerTests.DefaultSecurityConfig.class).autowire();
-
 		MockHttpSession session = (MockHttpSession) this.mvc.perform(get("/bob")).andReturn().getRequest().getSession();
-
 		this.mvc.perform(formLogin(session)).andExpect(redirectedUrl("/"));
 	}
 
@@ -211,12 +185,9 @@ public class RequestCacheConfigurerTests {
 	@Test
 	public void postWhenRequestIsMultipartThenPostAuthenticationRedirectsToRoot() throws Exception {
 		this.spring.register(RequestCacheDefaultsConfig.class, DefaultSecurityConfig.class).autowire();
-
 		MockMultipartFile aFile = new MockMultipartFile("aFile", "A_FILE".getBytes());
-
 		MockHttpSession session = (MockHttpSession) this.mvc.perform(multipart("/upload").file(aFile)).andReturn()
 				.getRequest().getSession();
-
 		this.mvc.perform(formLogin(session)).andExpect(redirectedUrl("/"));
 	}
 
@@ -224,27 +195,21 @@ public class RequestCacheConfigurerTests {
 	public void getWhenRequestCacheIsDisabledInLambdaThenExceptionTranslationFilterDoesNotStoreRequest()
 			throws Exception {
 		this.spring.register(RequestCacheDisabledInLambdaConfig.class, DefaultSecurityConfig.class).autowire();
-
 		MockHttpSession session = (MockHttpSession) this.mvc.perform(get("/bob")).andReturn().getRequest().getSession();
-
 		this.mvc.perform(formLogin(session)).andExpect(redirectedUrl("/"));
 	}
 
 	@Test
 	public void getWhenRequestCacheInLambdaThenRedirectedToCachedPage() throws Exception {
 		this.spring.register(RequestCacheInLambdaConfig.class, DefaultSecurityConfig.class).autowire();
-
 		MockHttpSession session = (MockHttpSession) this.mvc.perform(get("/bob")).andReturn().getRequest().getSession();
-
 		this.mvc.perform(formLogin(session)).andExpect(redirectedUrl("http://localhost/bob"));
 	}
 
 	@Test
 	public void getWhenCustomRequestCacheInLambdaThenCustomRequestCacheUsed() throws Exception {
 		this.spring.register(CustomRequestCacheInLambdaConfig.class, DefaultSecurityConfig.class).autowire();
-
 		MockHttpSession session = (MockHttpSession) this.mvc.perform(get("/bob")).andReturn().getRequest().getSession();
-
 		this.mvc.perform(formLogin(session)).andExpect(redirectedUrl("/"));
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestMatcherConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestMatcherConfigurerTests.java
index e820678b2f..f0c8500cc1 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestMatcherConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestMatcherConfigurerTests.java
@@ -47,7 +47,6 @@ public class RequestMatcherConfigurerTests {
 	@Test
 	public void authorizeRequestsWhenInvokedMultipleTimesThenChainsPaths() throws Exception {
 		this.spring.register(Sec2908Config.class).autowire();
-
 		this.mvc.perform(get("/oauth/abc")).andExpect(status().isForbidden());
 		this.mvc.perform(get("/api/abc")).andExpect(status().isForbidden());
 	}
@@ -55,7 +54,6 @@ public class RequestMatcherConfigurerTests {
 	@Test
 	public void authorizeRequestsWhenInvokedMultipleTimesInLambdaThenChainsPaths() throws Exception {
 		this.spring.register(AuthorizeRequestInLambdaConfig.class).autowire();
-
 		this.mvc.perform(get("/oauth/abc")).andExpect(status().isForbidden());
 		this.mvc.perform(get("/api/abc")).andExpect(status().isForbidden());
 	}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SecurityContextConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SecurityContextConfigurerTests.java
index e3bb13407c..fc99c2772d 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SecurityContextConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SecurityContextConfigurerTests.java
@@ -67,7 +67,6 @@ public class SecurityContextConfigurerTests {
 	@Test
 	public void configureWhenRegisteringObjectPostProcessorThenInvokedOnSecurityContextPersistenceFilter() {
 		this.spring.register(ObjectPostProcessorConfig.class).autowire();
-
 		verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(SecurityContextPersistenceFilter.class));
 	}
 
@@ -75,9 +74,7 @@ public class SecurityContextConfigurerTests {
 	public void securityContextWhenInvokedTwiceThenUsesOriginalSecurityContextRepository() throws Exception {
 		this.spring.register(DuplicateDoesNotOverrideConfig.class).autowire();
 		given(DuplicateDoesNotOverrideConfig.SCR.loadContext(any())).willReturn(mock(SecurityContext.class));
-
 		this.mvc.perform(get("/"));
-
 		verify(DuplicateDoesNotOverrideConfig.SCR).loadContext(any(HttpRequestResponseHolder.class));
 	}
 
@@ -85,14 +82,12 @@ public class SecurityContextConfigurerTests {
 	@Test
 	public void securityContextWhenSecurityContextRepositoryNotConfiguredThenDoesNotThrowException() throws Exception {
 		this.spring.register(SecurityContextRepositoryDefaultsSecurityContextRepositoryConfig.class).autowire();
-
 		this.mvc.perform(get("/"));
 	}
 
 	@Test
 	public void requestWhenSecurityContextWithDefaultsInLambdaThenSessionIsCreated() throws Exception {
 		this.spring.register(SecurityContextWithDefaultsInLambdaConfig.class).autowire();
-
 		MvcResult mvcResult = this.mvc.perform(formLogin()).andReturn();
 		HttpSession session = mvcResult.getRequest().getSession(false);
 		assertThat(session).isNotNull();
@@ -101,7 +96,6 @@ public class SecurityContextConfigurerTests {
 	@Test
 	public void requestWhenSecurityContextDisabledInLambdaThenContextNotSavedInSession() throws Exception {
 		this.spring.register(SecurityContextDisabledInLambdaConfig.class).autowire();
-
 		MvcResult mvcResult = this.mvc.perform(formLogin()).andReturn();
 		HttpSession session = mvcResult.getRequest().getSession(false);
 		assertThat(session).isNull();
@@ -110,7 +104,6 @@ public class SecurityContextConfigurerTests {
 	@Test
 	public void requestWhenNullSecurityContextRepositoryInLambdaThenContextNotSavedInSession() throws Exception {
 		this.spring.register(NullSecurityContextRepositoryInLambdaConfig.class).autowire();
-
 		MvcResult mvcResult = this.mvc.perform(formLogin()).andReturn();
 		HttpSession session = mvcResult.getRequest().getSession(false);
 		assertThat(session).isNull();
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ServletApiConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ServletApiConfigurerTests.java
index 274b156c11..ed71acbf53 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ServletApiConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ServletApiConfigurerTests.java
@@ -88,7 +88,6 @@ public class ServletApiConfigurerTests {
 	@Test
 	public void configureWhenRegisteringObjectPostProcessorThenInvokedOnSecurityContextHolderAwareRequestFilter() {
 		this.spring.register(ObjectPostProcessorConfig.class).autowire();
-
 		verify(ObjectPostProcessorConfig.objectPostProcessor)
 				.postProcess(any(SecurityContextHolderAwareRequestFilter.class));
 	}
@@ -97,14 +96,12 @@ public class ServletApiConfigurerTests {
 	@Test
 	public void configureWhenUsingDefaultsThenAuthenticationManagerIsNotNull() {
 		this.spring.register(ServletApiConfig.class).autowire();
-
 		assertThat(this.spring.getContext().getBean("customAuthenticationManager")).isNotNull();
 	}
 
 	@Test
 	public void configureWhenUsingDefaultsThenAuthenticationEntryPointIsLogin() throws Exception {
 		this.spring.register(ServletApiConfig.class).autowire();
-
 		this.mvc.perform(formLogin()).andExpect(status().isFound());
 	}
 
@@ -112,7 +109,6 @@ public class ServletApiConfigurerTests {
 	@Test
 	public void configureWhenUsingDefaultsThenRolePrefixIsSet() throws Exception {
 		this.spring.register(ServletApiConfig.class, AdminController.class).autowire();
-
 		this.mvc.perform(
 				get("/admin").with(authentication(new TestingAuthenticationToken("user", "pass", "ROLE_ADMIN"))))
 				.andExpect(status().isOk());
@@ -121,9 +117,7 @@ public class ServletApiConfigurerTests {
 	@Test
 	public void requestWhenCustomAuthenticationEntryPointThenEntryPointUsed() throws Exception {
 		this.spring.register(CustomEntryPointConfig.class).autowire();
-
 		this.mvc.perform(get("/"));
-
 		verify(CustomEntryPointConfig.ENTRYPOINT).commence(any(HttpServletRequest.class),
 				any(HttpServletResponse.class), any(AuthenticationException.class));
 	}
@@ -131,11 +125,9 @@ public class ServletApiConfigurerTests {
 	@Test
 	public void servletApiWhenInvokedTwiceThenUsesOriginalRole() throws Exception {
 		this.spring.register(DuplicateInvocationsDoesNotOverrideConfig.class, AdminController.class).autowire();
-
 		this.mvc.perform(
 				get("/admin").with(user("user").authorities(AuthorityUtils.createAuthorityList("PERMISSION_ADMIN"))))
 				.andExpect(status().isOk());
-
 		this.mvc.perform(get("/admin").with(user("user").authorities(AuthorityUtils.createAuthorityList("ROLE_ADMIN"))))
 				.andExpect(status().isForbidden());
 	}
@@ -143,16 +135,13 @@ public class ServletApiConfigurerTests {
 	@Test
 	public void configureWhenSharedObjectTrustResolverThenTrustResolverUsed() throws Exception {
 		this.spring.register(SharedTrustResolverConfig.class).autowire();
-
 		this.mvc.perform(get("/"));
-
 		verify(SharedTrustResolverConfig.TR, atLeastOnce()).isAnonymous(any());
 	}
 
 	@Test
 	public void requestWhenServletApiWithDefaultsInLambdaThenUsesDefaultRolePrefix() throws Exception {
 		this.spring.register(ServletApiWithDefaultsInLambdaConfig.class, AdminController.class).autowire();
-
 		this.mvc.perform(get("/admin").with(user("user").authorities(AuthorityUtils.createAuthorityList("ROLE_ADMIN"))))
 				.andExpect(status().isOk());
 	}
@@ -160,11 +149,9 @@ public class ServletApiConfigurerTests {
 	@Test
 	public void requestWhenRolePrefixInLambdaThenUsesCustomRolePrefix() throws Exception {
 		this.spring.register(RolePrefixInLambdaConfig.class, AdminController.class).autowire();
-
 		this.mvc.perform(
 				get("/admin").with(user("user").authorities(AuthorityUtils.createAuthorityList("PERMISSION_ADMIN"))))
 				.andExpect(status().isOk());
-
 		this.mvc.perform(get("/admin").with(user("user").authorities(AuthorityUtils.createAuthorityList("ROLE_ADMIN"))))
 				.andExpect(status().isForbidden());
 	}
@@ -172,18 +159,13 @@ public class ServletApiConfigurerTests {
 	@Test
 	public void checkSecurityContextAwareAndLogoutFilterHasSameSizeAndHasLogoutSuccessEventPublishingLogoutHandler() {
 		this.spring.register(ServletApiWithLogoutConfig.class);
-
 		SecurityContextHolderAwareRequestFilter scaFilter = getFilter(SecurityContextHolderAwareRequestFilter.class);
 		LogoutFilter logoutFilter = getFilter(LogoutFilter.class);
-
 		LogoutHandler lfLogoutHandler = getFieldValue(logoutFilter, "handler");
 		assertThat(lfLogoutHandler).isInstanceOf(CompositeLogoutHandler.class);
-
 		List<LogoutHandler> scaLogoutHandlers = getFieldValue(scaFilter, "logoutHandlers");
 		List<LogoutHandler> lfLogoutHandlers = getFieldValue(lfLogoutHandler, "logoutHandlers");
-
 		assertThat(scaLogoutHandlers).hasSameSizeAs(lfLogoutHandlers);
-
 		assertThat(scaLogoutHandlers).hasAtLeastOneElementOfType(LogoutSuccessEventPublishingLogoutHandler.class);
 		assertThat(lfLogoutHandlers).hasAtLeastOneElementOfType(LogoutSuccessEventPublishingLogoutHandler.class);
 	}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerServlet31Tests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerServlet31Tests.java
index 10362b3eb7..53f7b0ec8a 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerServlet31Tests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerServlet31Tests.java
@@ -95,11 +95,8 @@ public class SessionManagementConfigurerServlet31Tests {
 		repository.saveToken(token, request, this.response);
 		request.setParameter(token.getParameterName(), token.getToken());
 		request.getSession().setAttribute("attribute1", "value1");
-
 		loadConfig(SessionManagementDefaultSessionFixationServlet31Config.class);
-
 		this.springSecurityFilterChain.doFilter(request, this.response, this.chain);
-
 		assertThat(request.getSession().getId()).isNotEqualTo(id);
 		assertThat(request.getSession().getAttribute("attribute1")).isEqualTo("value1");
 	}
@@ -116,7 +113,6 @@ public class SessionManagementConfigurerServlet31Tests {
 		HttpSessionSecurityContextRepository repo = new HttpSessionSecurityContextRepository();
 		HttpRequestResponseHolder requestResponseHolder = new HttpRequestResponseHolder(this.request, this.response);
 		repo.loadContext(requestResponseHolder);
-
 		SecurityContextImpl securityContextImpl = new SecurityContextImpl();
 		securityContextImpl.setAuthentication(auth);
 		repo.saveContext(securityContextImpl, requestResponseHolder.getRequest(), requestResponseHolder.getResponse());
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerSessionCreationPolicyTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerSessionCreationPolicyTests.java
index 11f60b1e9e..d86e005146 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerSessionCreationPolicyTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerSessionCreationPolicyTests.java
@@ -47,31 +47,22 @@ public class SessionManagementConfigurerSessionCreationPolicyTests {
 
 	@Test
 	public void getWhenSharedObjectSessionCreationPolicyConfigurationThenOverrides() throws Exception {
-
 		this.spring.register(StatelessCreateSessionSharedObjectConfig.class).autowire();
-
 		MvcResult result = this.mvc.perform(get("/")).andReturn();
-
 		assertThat(result.getRequest().getSession(false)).isNull();
 	}
 
 	@Test
 	public void getWhenUserSessionCreationPolicyConfigurationThenOverrides() throws Exception {
-
 		this.spring.register(StatelessCreateSessionUserConfig.class).autowire();
-
 		MvcResult result = this.mvc.perform(get("/")).andReturn();
-
 		assertThat(result.getRequest().getSession(false)).isNull();
 	}
 
 	@Test
 	public void getWhenDefaultsThenLoginChallengeCreatesSession() throws Exception {
-
 		this.spring.register(DefaultConfig.class, BasicController.class).autowire();
-
 		MvcResult result = this.mvc.perform(get("/")).andExpect(status().isUnauthorized()).andReturn();
-
 		assertThat(result.getRequest().getSession(false)).isNotNull();
 	}
 
@@ -96,7 +87,6 @@ public class SessionManagementConfigurerSessionCreationPolicyTests {
 			http
 					.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
 			// @formatter:on
-
 			http.setSharedObject(SessionCreationPolicy.class, SessionCreationPolicy.ALWAYS);
 		}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTests.java
index 095c01d59c..0c66f6da6f 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTests.java
@@ -83,9 +83,7 @@ public class SessionManagementConfigurerTests {
 	public void sessionManagementWhenConfiguredThenDoesNotOverrideRequestCache() throws Exception {
 		SessionManagementRequestCacheConfig.REQUEST_CACHE = mock(RequestCache.class);
 		this.spring.register(SessionManagementRequestCacheConfig.class).autowire();
-
 		this.mvc.perform(get("/"));
-
 		verify(SessionManagementRequestCacheConfig.REQUEST_CACHE).getMatchingRequest(any(HttpServletRequest.class),
 				any(HttpServletResponse.class));
 	}
@@ -96,9 +94,7 @@ public class SessionManagementConfigurerTests {
 		given(SessionManagementSecurityContextRepositoryConfig.SECURITY_CONTEXT_REPO
 				.loadContext(any(HttpRequestResponseHolder.class))).willReturn(mock(SecurityContext.class));
 		this.spring.register(SessionManagementSecurityContextRepositoryConfig.class).autowire();
-
 		this.mvc.perform(get("/"));
-
 		verify(SessionManagementSecurityContextRepositoryConfig.SECURITY_CONTEXT_REPO)
 				.saveContext(any(SecurityContext.class), any(HttpServletRequest.class), any(HttpServletResponse.class));
 	}
@@ -106,10 +102,8 @@ public class SessionManagementConfigurerTests {
 	@Test
 	public void sessionManagementWhenInvokedTwiceThenUsesOriginalSessionCreationPolicy() throws Exception {
 		this.spring.register(InvokeTwiceDoesNotOverride.class).autowire();
-
 		MvcResult mvcResult = this.mvc.perform(get("/")).andReturn();
 		HttpSession session = mvcResult.getRequest().getSession(false);
-
 		assertThat(session).isNull();
 	}
 
@@ -120,25 +114,20 @@ public class SessionManagementConfigurerTests {
 		this.spring.register(DisableSessionFixationEnableConcurrencyControlConfig.class).autowire();
 		MockHttpSession session = new MockHttpSession();
 		String sessionId = session.getId();
-
 		MvcResult mvcResult = this.mvc.perform(get("/").with(httpBasic("user", "password")).session(session))
 				.andExpect(status().isNotFound()).andReturn();
-
 		assertThat(mvcResult.getRequest().getSession().getId()).isEqualTo(sessionId);
 	}
 
 	@Test
 	public void authenticateWhenNewSessionFixationProtectionInLambdaThenCreatesNewSession() throws Exception {
 		this.spring.register(SFPNewSessionInLambdaConfig.class).autowire();
-
 		MockHttpSession givenSession = new MockHttpSession();
 		String givenSessionId = givenSession.getId();
 		givenSession.setAttribute("name", "value");
-
 		MockHttpSession resultingSession = (MockHttpSession) this.mvc
 				.perform(get("/auth").session(givenSession).with(httpBasic("user", "password")))
 				.andExpect(status().isNotFound()).andReturn().getRequest().getSession(false);
-
 		assertThat(givenSessionId).isNotEqualTo(resultingSession.getId());
 		assertThat(resultingSession.getAttribute("name")).isNull();
 	}
@@ -146,9 +135,7 @@ public class SessionManagementConfigurerTests {
 	@Test
 	public void loginWhenUserLoggedInAndMaxSessionsIsOneThenLoginPrevented() throws Exception {
 		this.spring.register(ConcurrencyControlConfig.class).autowire();
-
 		this.mvc.perform(post("/login").with(csrf()).param("username", "user").param("password", "password"));
-
 		this.mvc.perform(post("/login").with(csrf()).param("username", "user").param("password", "password"))
 				.andExpect(status().isFound()).andExpect(redirectedUrl("/login?error"));
 	}
@@ -156,13 +143,11 @@ public class SessionManagementConfigurerTests {
 	@Test
 	public void loginWhenUserSessionExpiredAndMaxSessionsIsOneThenLoggedIn() throws Exception {
 		this.spring.register(ConcurrencyControlConfig.class).autowire();
-
 		MvcResult mvcResult = this.mvc
 				.perform(post("/login").with(csrf()).param("username", "user").param("password", "password"))
 				.andReturn();
 		HttpSession authenticatedSession = mvcResult.getRequest().getSession();
 		this.spring.getContext().publishEvent(new HttpSessionDestroyedEvent(authenticatedSession));
-
 		this.mvc.perform(post("/login").with(csrf()).param("username", "user").param("password", "password"))
 				.andExpect(status().isFound()).andExpect(redirectedUrl("/"));
 	}
@@ -170,9 +155,7 @@ public class SessionManagementConfigurerTests {
 	@Test
 	public void loginWhenUserLoggedInAndMaxSessionsOneInLambdaThenLoginPrevented() throws Exception {
 		this.spring.register(ConcurrencyControlInLambdaConfig.class).autowire();
-
 		this.mvc.perform(post("/login").with(csrf()).param("username", "user").param("password", "password"));
-
 		this.mvc.perform(post("/login").with(csrf()).param("username", "user").param("password", "password"))
 				.andExpect(status().isFound()).andExpect(redirectedUrl("/login?error"));
 	}
@@ -180,10 +163,8 @@ public class SessionManagementConfigurerTests {
 	@Test
 	public void requestWhenSessionCreationPolicyStateLessInLambdaThenNoSessionCreated() throws Exception {
 		this.spring.register(SessionCreationPolicyStateLessInLambdaConfig.class).autowire();
-
 		MvcResult mvcResult = this.mvc.perform(get("/")).andReturn();
 		HttpSession session = mvcResult.getRequest().getSession(false);
-
 		assertThat(session).isNull();
 	}
 
@@ -191,7 +172,6 @@ public class SessionManagementConfigurerTests {
 	public void configureWhenRegisteringObjectPostProcessorThenInvokedOnSessionManagementFilter() {
 		ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class);
 		this.spring.register(ObjectPostProcessorConfig.class).autowire();
-
 		verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(SessionManagementFilter.class));
 	}
 
@@ -199,7 +179,6 @@ public class SessionManagementConfigurerTests {
 	public void configureWhenRegisteringObjectPostProcessorThenInvokedOnConcurrentSessionFilter() {
 		ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class);
 		this.spring.register(ObjectPostProcessorConfig.class).autowire();
-
 		verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(ConcurrentSessionFilter.class));
 	}
 
@@ -207,7 +186,6 @@ public class SessionManagementConfigurerTests {
 	public void configureWhenRegisteringObjectPostProcessorThenInvokedOnConcurrentSessionControlAuthenticationStrategy() {
 		ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class);
 		this.spring.register(ObjectPostProcessorConfig.class).autowire();
-
 		verify(ObjectPostProcessorConfig.objectPostProcessor)
 				.postProcess(any(ConcurrentSessionControlAuthenticationStrategy.class));
 	}
@@ -216,7 +194,6 @@ public class SessionManagementConfigurerTests {
 	public void configureWhenRegisteringObjectPostProcessorThenInvokedOnCompositeSessionAuthenticationStrategy() {
 		ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class);
 		this.spring.register(ObjectPostProcessorConfig.class).autowire();
-
 		verify(ObjectPostProcessorConfig.objectPostProcessor)
 				.postProcess(any(CompositeSessionAuthenticationStrategy.class));
 	}
@@ -225,7 +202,6 @@ public class SessionManagementConfigurerTests {
 	public void configureWhenRegisteringObjectPostProcessorThenInvokedOnRegisterSessionAuthenticationStrategy() {
 		ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class);
 		this.spring.register(ObjectPostProcessorConfig.class).autowire();
-
 		verify(ObjectPostProcessorConfig.objectPostProcessor)
 				.postProcess(any(RegisterSessionAuthenticationStrategy.class));
 	}
@@ -234,7 +210,6 @@ public class SessionManagementConfigurerTests {
 	public void configureWhenRegisteringObjectPostProcessorThenInvokedOnChangeSessionIdAuthenticationStrategy() {
 		ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class);
 		this.spring.register(ObjectPostProcessorConfig.class).autowire();
-
 		verify(ObjectPostProcessorConfig.objectPostProcessor)
 				.postProcess(any(ChangeSessionIdAuthenticationStrategy.class));
 	}
@@ -245,9 +220,7 @@ public class SessionManagementConfigurerTests {
 		SharedTrustResolverConfig.TR = mock(AuthenticationTrustResolver.class);
 		given(SharedTrustResolverConfig.TR.isAnonymous(any())).willReturn(false);
 		this.spring.register(SharedTrustResolverConfig.class).autowire();
-
 		MvcResult mvcResult = this.mvc.perform(get("/")).andReturn();
-
 		assertThat(mvcResult.getRequest().getSession(false)).isNotNull();
 	}
 
@@ -255,10 +228,8 @@ public class SessionManagementConfigurerTests {
 	public void whenOneSessionRegistryBeanThenUseIt() throws Exception {
 		SessionRegistryOneBeanConfig.SESSION_REGISTRY = mock(SessionRegistry.class);
 		this.spring.register(SessionRegistryOneBeanConfig.class).autowire();
-
 		MockHttpSession session = new MockHttpSession(this.spring.getContext().getServletContext());
 		this.mvc.perform(get("/").session(session));
-
 		verify(SessionRegistryOneBeanConfig.SESSION_REGISTRY).getSessionInformation(session.getId());
 	}
 
@@ -267,10 +238,8 @@ public class SessionManagementConfigurerTests {
 		SessionRegistryTwoBeansConfig.SESSION_REGISTRY_ONE = mock(SessionRegistry.class);
 		SessionRegistryTwoBeansConfig.SESSION_REGISTRY_TWO = mock(SessionRegistry.class);
 		this.spring.register(SessionRegistryTwoBeansConfig.class).autowire();
-
 		MockHttpSession session = new MockHttpSession(this.spring.getContext().getServletContext());
 		this.mvc.perform(get("/").session(session));
-
 		verifyNoInteractions(SessionRegistryTwoBeansConfig.SESSION_REGISTRY_ONE);
 		verifyNoInteractions(SessionRegistryTwoBeansConfig.SESSION_REGISTRY_TWO);
 	}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTransientAuthenticationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTransientAuthenticationTests.java
index 7323136e1c..c5b5dd2cc5 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTransientAuthenticationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTransientAuthenticationTests.java
@@ -50,7 +50,6 @@ public class SessionManagementConfigurerTransientAuthenticationTests {
 
 	@Test
 	public void postWhenTransientAuthenticationThenNoSessionCreated() throws Exception {
-
 		this.spring.register(WithTransientAuthenticationConfig.class).autowire();
 		MvcResult result = this.mvc.perform(post("/login")).andReturn();
 		assertThat(result.getRequest().getSession(false)).isNull();
@@ -58,7 +57,6 @@ public class SessionManagementConfigurerTransientAuthenticationTests {
 
 	@Test
 	public void postWhenTransientAuthenticationThenAlwaysSessionOverrides() throws Exception {
-
 		this.spring.register(AlwaysCreateSessionConfig.class).autowire();
 		MvcResult result = this.mvc.perform(post("/login")).andReturn();
 		assertThat(result.getRequest().getSession(false)).isNotNull();
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationConfigurerTests.java
index b9b61ad579..34dcb0f52d 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationConfigurerTests.java
@@ -78,67 +78,45 @@ public class UrlAuthorizationConfigurerTests {
 	@Test
 	public void mvcMatcher() throws Exception {
 		loadConfig(MvcMatcherConfig.class, LegacyMvcMatchingConfig.class);
-
 		this.request.setRequestURI("/path");
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
-
 		setup();
-
 		this.request.setRequestURI("/path.html");
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
-
 		setup();
-
 		this.request.setServletPath("/path/");
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
 	}
 
 	@Test
 	public void mvcMatcherServletPath() throws Exception {
 		loadConfig(MvcMatcherServletPathConfig.class, LegacyMvcMatchingConfig.class);
-
 		this.request.setServletPath("/spring");
 		this.request.setRequestURI("/spring/path");
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
-
 		setup();
-
 		this.request.setServletPath("/spring");
 		this.request.setRequestURI("/spring/path.html");
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
-
 		setup();
-
 		this.request.setServletPath("/spring");
 		this.request.setRequestURI("/spring/path/");
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
-
 		setup();
-
 		this.request.setServletPath("/foo");
 		this.request.setRequestURI("/foo/path");
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
-
 		setup();
-
 		this.request.setServletPath("/");
 		this.request.setRequestURI("/path");
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
 	}
 
@@ -152,7 +130,6 @@ public class UrlAuthorizationConfigurerTests {
 		this.context.register(configs);
 		this.context.setServletContext(new MockServletContext());
 		this.context.refresh();
-
 		this.context.getAutowireCapableBeanFactory().autowireBean(this);
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationsTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationsTests.java
index 5fe6a6b770..110b468030 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationsTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationsTests.java
@@ -61,7 +61,6 @@ public class UrlAuthorizationsTests {
 	@WithMockUser(authorities = "ROLE_USER")
 	public void hasAnyAuthorityWhenAuthoritySpecifiedThenMatchesAuthority() throws Exception {
 		this.spring.register(RoleConfig.class).autowire();
-
 		this.mvc.perform(get("/role-user-authority")).andExpect(status().isNotFound());
 		this.mvc.perform(get("/role-user")).andExpect(status().isNotFound());
 		this.mvc.perform(get("/role-admin-authority")).andExpect(status().isForbidden());
@@ -71,7 +70,6 @@ public class UrlAuthorizationsTests {
 	@WithMockUser(authorities = "ROLE_ADMIN")
 	public void hasAnyAuthorityWhenAuthoritiesSpecifiedThenMatchesAuthority() throws Exception {
 		this.spring.register(RoleConfig.class).autowire();
-
 		this.mvc.perform(get("/role-user-admin-authority")).andExpect(status().isNotFound());
 		this.mvc.perform(get("/role-user-admin")).andExpect(status().isNotFound());
 		this.mvc.perform(get("/role-user-authority")).andExpect(status().isForbidden());
@@ -81,7 +79,6 @@ public class UrlAuthorizationsTests {
 	@WithMockUser(roles = "USER")
 	public void hasAnyRoleWhenRoleSpecifiedThenMatchesRole() throws Exception {
 		this.spring.register(RoleConfig.class).autowire();
-
 		this.mvc.perform(get("/role-user")).andExpect(status().isNotFound());
 		this.mvc.perform(get("/role-admin")).andExpect(status().isForbidden());
 	}
@@ -90,7 +87,6 @@ public class UrlAuthorizationsTests {
 	@WithMockUser(roles = "ADMIN")
 	public void hasAnyRoleWhenRolesSpecifiedThenMatchesRole() throws Exception {
 		this.spring.register(RoleConfig.class).autowire();
-
 		this.mvc.perform(get("/role-admin-user")).andExpect(status().isNotFound());
 		this.mvc.perform(get("/role-user")).andExpect(status().isForbidden());
 	}
@@ -99,7 +95,6 @@ public class UrlAuthorizationsTests {
 	@WithMockUser(authorities = "USER")
 	public void hasAnyRoleWhenRoleSpecifiedThenDoesNotMatchAuthority() throws Exception {
 		this.spring.register(RoleConfig.class).autowire();
-
 		this.mvc.perform(get("/role-user")).andExpect(status().isForbidden());
 		this.mvc.perform(get("/role-admin")).andExpect(status().isForbidden());
 	}
@@ -107,7 +102,6 @@ public class UrlAuthorizationsTests {
 	@Test
 	public void configureWhenNoAccessDecisionManagerThenDefaultsToAffirmativeBased() {
 		this.spring.register(NoSpecificAccessDecisionManagerConfig.class).autowire();
-
 		FilterSecurityInterceptor interceptor = getFilter(FilterSecurityInterceptor.class);
 		assertThat(interceptor).isNotNull();
 		assertThat(interceptor).extracting("accessDecisionManager").isInstanceOf(AffirmativeBased.class);
@@ -151,7 +145,6 @@ public class UrlAuthorizationsTests {
 			ApplicationContext context = getApplicationContext();
 			UrlAuthorizationConfigurer<HttpSecurity>.StandardInterceptUrlRegistry registry = http
 					.apply(new UrlAuthorizationConfigurer(context)).getRegistry();
-
 			registry.antMatchers("/a").hasRole("ADMIN").anyRequest().hasRole("USER");
 		}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/X509ConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/X509ConfigurerTests.java
index 64ca605e85..655ed245be 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/X509ConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/X509ConfigurerTests.java
@@ -61,7 +61,6 @@ public class X509ConfigurerTests {
 	@Test
 	public void configureWhenRegisteringObjectPostProcessorThenInvokedOnX509AuthenticationFilter() {
 		this.spring.register(ObjectPostProcessorConfig.class).autowire();
-
 		verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(X509AuthenticationFilter.class));
 	}
 
@@ -69,7 +68,6 @@ public class X509ConfigurerTests {
 	public void x509WhenInvokedTwiceThenUsesOriginalSubjectPrincipalRegex() throws Exception {
 		this.spring.register(DuplicateDoesNotOverrideConfig.class).autowire();
 		X509Certificate certificate = loadCert("rodatexampledotcom.cer");
-
 		this.mvc.perform(get("/").with(x509(certificate))).andExpect(authenticated().withUsername("rod"));
 	}
 
@@ -77,7 +75,6 @@ public class X509ConfigurerTests {
 	public void x509WhenConfiguredInLambdaThenUsesDefaults() throws Exception {
 		this.spring.register(DefaultsInLambdaConfig.class).autowire();
 		X509Certificate certificate = loadCert("rod.cer");
-
 		this.mvc.perform(get("/").with(x509(certificate))).andExpect(authenticated().withUsername("rod"));
 	}
 
@@ -85,7 +82,6 @@ public class X509ConfigurerTests {
 	public void x509WhenSubjectPrincipalRegexInLambdaThenUsesRegexToExtractPrincipal() throws Exception {
 		this.spring.register(SubjectPrincipalRegexInLambdaConfig.class).autowire();
 		X509Certificate certificate = loadCert("rodatexampledotcom.cer");
-
 		this.mvc.perform(get("/").with(x509(certificate))).andExpect(authenticated().withUsername("rod"));
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerTests.java
index 7e96a853e8..f9a3df7356 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerTests.java
@@ -120,7 +120,6 @@ public class OAuth2ClientConfigurerTests {
 				authorizedClientService);
 		authorizationRequestResolver = new DefaultOAuth2AuthorizationRequestResolver(clientRegistrationRepository,
 				"/oauth2/authorization");
-
 		OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("access-token-1234")
 				.tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(300).build();
 		accessTokenResponseClient = mock(OAuth2AccessTokenResponseClient.class);
@@ -132,7 +131,6 @@ public class OAuth2ClientConfigurerTests {
 	@Test
 	public void configureWhenAuthorizationCodeRequestThenRedirectForAuthorization() throws Exception {
 		this.spring.register(OAuth2ClientConfig.class).autowire();
-
 		MvcResult mvcResult = this.mockMvc.perform(get("/oauth2/authorization/registration-1"))
 				.andExpect(status().is3xxRedirection()).andReturn();
 		assertThat(mvcResult.getResponse().getRedirectedUrl())
@@ -143,7 +141,6 @@ public class OAuth2ClientConfigurerTests {
 	@Test
 	public void configureWhenOauth2ClientInLambdaThenRedirectForAuthorization() throws Exception {
 		this.spring.register(OAuth2ClientInLambdaConfig.class).autowire();
-
 		MvcResult mvcResult = this.mockMvc.perform(get("/oauth2/authorization/registration-1"))
 				.andExpect(status().is3xxRedirection()).andReturn();
 		assertThat(mvcResult.getResponse().getRedirectedUrl())
@@ -154,7 +151,6 @@ public class OAuth2ClientConfigurerTests {
 	@Test
 	public void configureWhenAuthorizationCodeResponseSuccessThenAuthorizedClientSaved() throws Exception {
 		this.spring.register(OAuth2ClientConfig.class).autowire();
-
 		// Setup the Authorization Request in the session
 		Map<String, Object> attributes = new HashMap<>();
 		attributes.put(OAuth2ParameterNames.REGISTRATION_ID, this.registration1.getRegistrationId());
@@ -162,21 +158,16 @@ public class OAuth2ClientConfigurerTests {
 				.authorizationUri(this.registration1.getProviderDetails().getAuthorizationUri())
 				.clientId(this.registration1.getClientId()).redirectUri("http://localhost/client-1").state("state")
 				.attributes(attributes).build();
-
 		AuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository = new HttpSessionOAuth2AuthorizationRequestRepository();
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", "");
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, request, response);
-
 		MockHttpSession session = (MockHttpSession) request.getSession();
-
 		String principalName = "user1";
 		TestingAuthenticationToken authentication = new TestingAuthenticationToken(principalName, "password");
-
 		this.mockMvc.perform(get("/client-1").param(OAuth2ParameterNames.CODE, "code")
 				.param(OAuth2ParameterNames.STATE, "state").with(authentication(authentication)).session(session))
 				.andExpect(status().is3xxRedirection()).andExpect(redirectedUrl("http://localhost/client-1"));
-
 		OAuth2AuthorizedClient authorizedClient = authorizedClientRepository
 				.loadAuthorizedClient(this.registration1.getRegistrationId(), authentication, request);
 		assertThat(authorizedClient).isNotNull();
@@ -186,20 +177,17 @@ public class OAuth2ClientConfigurerTests {
 	public void configureWhenRequestCacheProvidedAndClientAuthorizationRequiredExceptionThrownThenRequestCacheUsed()
 			throws Exception {
 		this.spring.register(OAuth2ClientConfig.class).autowire();
-
 		MvcResult mvcResult = this.mockMvc.perform(get("/resource1").with(user("user1")))
 				.andExpect(status().is3xxRedirection()).andReturn();
 		assertThat(mvcResult.getResponse().getRedirectedUrl())
 				.matches("https://provider.com/oauth2/authorize\\?" + "response_type=code&client_id=client-1&"
 						+ "scope=user&state=.{15,}&" + "redirect_uri=http://localhost/client-1");
-
 		verify(requestCache).saveRequest(any(HttpServletRequest.class), any(HttpServletResponse.class));
 	}
 
 	@Test
 	public void configureWhenRequestCacheProvidedAndClientAuthorizationSucceedsThenRequestCacheUsed() throws Exception {
 		this.spring.register(OAuth2ClientConfig.class).autowire();
-
 		// Setup the Authorization Request in the session
 		Map<String, Object> attributes = new HashMap<>();
 		attributes.put(OAuth2ParameterNames.REGISTRATION_ID, this.registration1.getRegistrationId());
@@ -207,21 +195,16 @@ public class OAuth2ClientConfigurerTests {
 				.authorizationUri(this.registration1.getProviderDetails().getAuthorizationUri())
 				.clientId(this.registration1.getClientId()).redirectUri("http://localhost/client-1").state("state")
 				.attributes(attributes).build();
-
 		AuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository = new HttpSessionOAuth2AuthorizationRequestRepository();
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", "");
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, request, response);
-
 		MockHttpSession session = (MockHttpSession) request.getSession();
-
 		String principalName = "user1";
 		TestingAuthenticationToken authentication = new TestingAuthenticationToken(principalName, "password");
-
 		this.mockMvc.perform(get("/client-1").param(OAuth2ParameterNames.CODE, "code")
 				.param(OAuth2ParameterNames.STATE, "state").with(authentication(authentication)).session(session))
 				.andExpect(status().is3xxRedirection()).andExpect(redirectedUrl("http://localhost/client-1"));
-
 		verify(requestCache).getRequest(any(HttpServletRequest.class), any(HttpServletResponse.class));
 	}
 
@@ -234,12 +217,9 @@ public class OAuth2ClientConfigurerTests {
 		authorizationRequestResolver = mock(OAuth2AuthorizationRequestResolver.class);
 		given(authorizationRequestResolver.resolve(any()))
 				.willAnswer((invocation) -> defaultAuthorizationRequestResolver.resolve(invocation.getArgument(0)));
-
 		this.spring.register(OAuth2ClientConfig.class).autowire();
-
 		this.mockMvc.perform(get("/oauth2/authorization/registration-1")).andExpect(status().is3xxRedirection())
 				.andReturn();
-
 		verify(authorizationRequestResolver).resolve(any());
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurerTests.java
index 206b1157c2..6845659dce 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurerTests.java
@@ -157,18 +157,14 @@ public class OAuth2LoginConfigurerTests {
 	public void oauth2Login() throws Exception {
 		// setup application context
 		loadConfig(OAuth2LoginConfig.class);
-
 		// setup authorization request
 		OAuth2AuthorizationRequest authorizationRequest = createOAuth2AuthorizationRequest();
 		this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, this.request, this.response);
-
 		// setup authentication parameters
 		this.request.setParameter("code", "code123");
 		this.request.setParameter("state", authorizationRequest.getState());
-
 		// perform test
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain);
-
 		// assertions
 		Authentication authentication = this.securityContextRepository
 				.loadContext(new HttpRequestResponseHolder(this.request, this.response)).getAuthentication();
@@ -184,9 +180,7 @@ public class OAuth2LoginConfigurerTests {
 		this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, this.request, this.response);
 		this.request.setParameter("code", "code123");
 		this.request.setParameter("state", authorizationRequest.getState());
-
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain);
-
 		Authentication authentication = this.securityContextRepository
 				.loadContext(new HttpRequestResponseHolder(this.request, this.response)).getAuthentication();
 		assertThat(authentication.getAuthorities()).hasSize(1);
@@ -199,18 +193,14 @@ public class OAuth2LoginConfigurerTests {
 	public void oauth2LoginWhenSuccessThenAuthenticationSuccessEventPublished() throws Exception {
 		// setup application context
 		loadConfig(OAuth2LoginConfig.class);
-
 		// setup authorization request
 		OAuth2AuthorizationRequest authorizationRequest = createOAuth2AuthorizationRequest();
 		this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, this.request, this.response);
-
 		// setup authentication parameters
 		this.request.setParameter("code", "code123");
 		this.request.setParameter("state", authorizationRequest.getState());
-
 		// perform test
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain);
-
 		// assertions
 		assertThat(OAuth2LoginConfig.EVENTS).isNotEmpty();
 		assertThat(OAuth2LoginConfig.EVENTS).hasSize(1);
@@ -221,18 +211,14 @@ public class OAuth2LoginConfigurerTests {
 	public void oauth2LoginCustomWithConfigurer() throws Exception {
 		// setup application context
 		loadConfig(OAuth2LoginConfigCustomWithConfigurer.class);
-
 		// setup authorization request
 		OAuth2AuthorizationRequest authorizationRequest = createOAuth2AuthorizationRequest();
 		this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, this.request, this.response);
-
 		// setup authentication parameters
 		this.request.setParameter("code", "code123");
 		this.request.setParameter("state", authorizationRequest.getState());
-
 		// perform test
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain);
-
 		// assertions
 		Authentication authentication = this.securityContextRepository
 				.loadContext(new HttpRequestResponseHolder(this.request, this.response)).getAuthentication();
@@ -245,18 +231,14 @@ public class OAuth2LoginConfigurerTests {
 	public void oauth2LoginCustomWithBeanRegistration() throws Exception {
 		// setup application context
 		loadConfig(OAuth2LoginConfigCustomWithBeanRegistration.class);
-
 		// setup authorization request
 		OAuth2AuthorizationRequest authorizationRequest = createOAuth2AuthorizationRequest();
 		this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, this.request, this.response);
-
 		// setup authentication parameters
 		this.request.setParameter("code", "code123");
 		this.request.setParameter("state", authorizationRequest.getState());
-
 		// perform test
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain);
-
 		// assertions
 		Authentication authentication = this.securityContextRepository
 				.loadContext(new HttpRequestResponseHolder(this.request, this.response)).getAuthentication();
@@ -269,18 +251,14 @@ public class OAuth2LoginConfigurerTests {
 	public void oauth2LoginCustomWithUserServiceBeanRegistration() throws Exception {
 		// setup application context
 		loadConfig(OAuth2LoginConfigCustomUserServiceBeanRegistration.class);
-
 		// setup authorization request
 		OAuth2AuthorizationRequest authorizationRequest = createOAuth2AuthorizationRequest();
 		this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, this.request, this.response);
-
 		// setup authentication parameters
 		this.request.setParameter("code", "code123");
 		this.request.setParameter("state", authorizationRequest.getState());
-
 		// perform test
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain);
-
 		// assertions
 		Authentication authentication = this.securityContextRepository
 				.loadContext(new HttpRequestResponseHolder(this.request, this.response)).getAuthentication();
@@ -294,19 +272,15 @@ public class OAuth2LoginConfigurerTests {
 	public void oauth2LoginConfigLoginProcessingUrl() throws Exception {
 		// setup application context
 		loadConfig(OAuth2LoginConfigLoginProcessingUrl.class);
-
 		// setup authorization request
 		OAuth2AuthorizationRequest authorizationRequest = createOAuth2AuthorizationRequest();
 		this.request.setServletPath("/login/oauth2/google");
 		this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, this.request, this.response);
-
 		// setup authentication parameters
 		this.request.setParameter("code", "code123");
 		this.request.setParameter("state", authorizationRequest.getState());
-
 		// perform test
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain);
-
 		// assertions
 		Authentication authentication = this.securityContextRepository
 				.loadContext(new HttpRequestResponseHolder(this.request, this.response)).getAuthentication();
@@ -327,13 +301,10 @@ public class OAuth2LoginConfigurerTests {
 						"https://accounts.google.com/o/oauth2/v2/auth?response_type=code&client_id=clientId&scope=openid+profile+email&state=state&redirect_uri=http%3A%2F%2Flocalhost%2Flogin%2Foauth2%2Fcode%2Fgoogle&custom-param1=custom-value1")
 				.build();
 		given(resolver.resolve(any())).willReturn(result);
-
 		String requestUri = "/oauth2/authorization/google";
 		this.request = new MockHttpServletRequest("GET", requestUri);
 		this.request.setServletPath(requestUri);
-
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain);
-
 		assertThat(this.response.getRedirectedUrl()).isEqualTo(
 				"https://accounts.google.com/o/oauth2/v2/auth?response_type=code&client_id=clientId&scope=openid+profile+email&state=state&redirect_uri=http%3A%2F%2Flocalhost%2Flogin%2Foauth2%2Fcode%2Fgoogle&custom-param1=custom-value1");
 	}
@@ -350,13 +321,10 @@ public class OAuth2LoginConfigurerTests {
 						"https://accounts.google.com/o/oauth2/v2/auth?response_type=code&client_id=clientId&scope=openid+profile+email&state=state&redirect_uri=http%3A%2F%2Flocalhost%2Flogin%2Foauth2%2Fcode%2Fgoogle&custom-param1=custom-value1")
 				.build();
 		given(resolver.resolve(any())).willReturn(result);
-
 		String requestUri = "/oauth2/authorization/google";
 		this.request = new MockHttpServletRequest("GET", requestUri);
 		this.request.setServletPath(requestUri);
-
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain);
-
 		assertThat(this.response.getRedirectedUrl()).isEqualTo(
 				"https://accounts.google.com/o/oauth2/v2/auth?response_type=code&client_id=clientId&scope=openid+profile+email&state=state&redirect_uri=http%3A%2F%2Flocalhost%2Flogin%2Foauth2%2Fcode%2Fgoogle&custom-param1=custom-value1");
 	}
@@ -365,13 +333,10 @@ public class OAuth2LoginConfigurerTests {
 	@Test
 	public void oauth2LoginWithOneClientConfiguredThenRedirectForAuthorization() throws Exception {
 		loadConfig(OAuth2LoginConfig.class);
-
 		String requestUri = "/";
 		this.request = new MockHttpServletRequest("GET", requestUri);
 		this.request.setServletPath(requestUri);
-
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain);
-
 		assertThat(this.response.getRedirectedUrl()).matches("http://localhost/oauth2/authorization/google");
 	}
 
@@ -380,14 +345,11 @@ public class OAuth2LoginConfigurerTests {
 	public void oauth2LoginWithOneClientConfiguredAndRequestFaviconNotAuthenticatedThenRedirectDefaultLoginPage()
 			throws Exception {
 		loadConfig(OAuth2LoginConfig.class);
-
 		String requestUri = "/favicon.ico";
 		this.request = new MockHttpServletRequest("GET", requestUri);
 		this.request.setServletPath(requestUri);
 		this.request.addHeader(HttpHeaders.ACCEPT, new MediaType("image", "*").toString());
-
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain);
-
 		assertThat(this.response.getRedirectedUrl()).matches("http://localhost/login");
 	}
 
@@ -395,13 +357,10 @@ public class OAuth2LoginConfigurerTests {
 	@Test
 	public void oauth2LoginWithMultipleClientsConfiguredThenRedirectDefaultLoginPage() throws Exception {
 		loadConfig(OAuth2LoginConfigMultipleClients.class);
-
 		String requestUri = "/";
 		this.request = new MockHttpServletRequest("GET", requestUri);
 		this.request.setServletPath(requestUri);
-
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain);
-
 		assertThat(this.response.getRedirectedUrl()).matches("http://localhost/login");
 	}
 
@@ -410,40 +369,31 @@ public class OAuth2LoginConfigurerTests {
 	public void oauth2LoginWithOneClientConfiguredAndRequestXHRNotAuthenticatedThenDoesNotRedirectForAuthorization()
 			throws Exception {
 		loadConfig(OAuth2LoginConfig.class);
-
 		String requestUri = "/";
 		this.request = new MockHttpServletRequest("GET", requestUri);
 		this.request.setServletPath(requestUri);
 		this.request.addHeader("X-Requested-With", "XMLHttpRequest");
-
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain);
-
 		assertThat(this.response.getRedirectedUrl()).doesNotMatch("http://localhost/oauth2/authorization/google");
 	}
 
 	@Test
 	public void oauth2LoginWithCustomLoginPageThenRedirectCustomLoginPage() throws Exception {
 		loadConfig(OAuth2LoginConfigCustomLoginPage.class);
-
 		String requestUri = "/";
 		this.request = new MockHttpServletRequest("GET", requestUri);
 		this.request.setServletPath(requestUri);
-
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain);
-
 		assertThat(this.response.getRedirectedUrl()).matches("http://localhost/custom-login");
 	}
 
 	@Test
 	public void requestWhenOauth2LoginWithCustomLoginPageInLambdaThenRedirectCustomLoginPage() throws Exception {
 		loadConfig(OAuth2LoginConfigCustomLoginPageInLambda.class);
-
 		String requestUri = "/";
 		this.request = new MockHttpServletRequest("GET", requestUri);
 		this.request.setServletPath(requestUri);
-
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain);
-
 		assertThat(this.response.getRedirectedUrl()).matches("http://localhost/custom-login");
 	}
 
@@ -451,18 +401,14 @@ public class OAuth2LoginConfigurerTests {
 	public void oidcLogin() throws Exception {
 		// setup application context
 		loadConfig(OAuth2LoginConfig.class, JwtDecoderFactoryConfig.class);
-
 		// setup authorization request
 		OAuth2AuthorizationRequest authorizationRequest = createOAuth2AuthorizationRequest("openid");
 		this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, this.request, this.response);
-
 		// setup authentication parameters
 		this.request.setParameter("code", "code123");
 		this.request.setParameter("state", authorizationRequest.getState());
-
 		// perform test
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain);
-
 		// assertions
 		Authentication authentication = this.securityContextRepository
 				.loadContext(new HttpRequestResponseHolder(this.request, this.response)).getAuthentication();
@@ -475,18 +421,14 @@ public class OAuth2LoginConfigurerTests {
 	public void requestWhenOauth2LoginInLambdaAndOidcThenAuthenticationContainsOidcUserAuthority() throws Exception {
 		// setup application context
 		loadConfig(OAuth2LoginInLambdaConfig.class, JwtDecoderFactoryConfig.class);
-
 		// setup authorization request
 		OAuth2AuthorizationRequest authorizationRequest = createOAuth2AuthorizationRequest("openid");
 		this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, this.request, this.response);
-
 		// setup authentication parameters
 		this.request.setParameter("code", "code123");
 		this.request.setParameter("state", authorizationRequest.getState());
-
 		// perform test
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain);
-
 		// assertions
 		Authentication authentication = this.securityContextRepository
 				.loadContext(new HttpRequestResponseHolder(this.request, this.response)).getAuthentication();
@@ -499,18 +441,14 @@ public class OAuth2LoginConfigurerTests {
 	public void oidcLoginCustomWithConfigurer() throws Exception {
 		// setup application context
 		loadConfig(OAuth2LoginConfigCustomWithConfigurer.class, JwtDecoderFactoryConfig.class);
-
 		// setup authorization request
 		OAuth2AuthorizationRequest authorizationRequest = createOAuth2AuthorizationRequest("openid");
 		this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, this.request, this.response);
-
 		// setup authentication parameters
 		this.request.setParameter("code", "code123");
 		this.request.setParameter("state", authorizationRequest.getState());
-
 		// perform test
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain);
-
 		// assertions
 		Authentication authentication = this.securityContextRepository
 				.loadContext(new HttpRequestResponseHolder(this.request, this.response)).getAuthentication();
@@ -523,18 +461,14 @@ public class OAuth2LoginConfigurerTests {
 	public void oidcLoginCustomWithBeanRegistration() throws Exception {
 		// setup application context
 		loadConfig(OAuth2LoginConfigCustomWithBeanRegistration.class, JwtDecoderFactoryConfig.class);
-
 		// setup authorization request
 		OAuth2AuthorizationRequest authorizationRequest = createOAuth2AuthorizationRequest("openid");
 		this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, this.request, this.response);
-
 		// setup authentication parameters
 		this.request.setParameter("code", "code123");
 		this.request.setParameter("state", authorizationRequest.getState());
-
 		// perform test
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain);
-
 		// assertions
 		Authentication authentication = this.securityContextRepository
 				.loadContext(new HttpRequestResponseHolder(this.request, this.response)).getAuthentication();
@@ -555,10 +489,8 @@ public class OAuth2LoginConfigurerTests {
 	@Test
 	public void logoutWhenUsingOidcLogoutHandlerThenRedirects() throws Exception {
 		this.spring.register(OAuth2LoginConfigWithOidcLogoutSuccessHandler.class).autowire();
-
 		OAuth2AuthenticationToken token = new OAuth2AuthenticationToken(TestOidcUsers.create(),
 				AuthorityUtils.NO_AUTHORITIES, "registration-id");
-
 		this.mvc.perform(post("/logout").with(authentication(token)).with(csrf()))
 				.andExpect(redirectedUrl("https://logout?id_token_hint=id-token"));
 	}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java
index 407342ba0e..47540c3e06 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java
@@ -195,22 +195,18 @@ public class OAuth2ResourceServerConfigurerTests {
 
 	@Test
 	public void getWhenUsingDefaultsWithValidBearerTokenThenAcceptsRequest() throws Exception {
-
 		this.spring.register(RestOperationsConfig.class, DefaultConfig.class, BasicController.class).autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("ValidNoScopes");
-
 		this.mvc.perform(get("/").with(bearerToken(token))).andExpect(status().isOk())
 				.andExpect(content().string("ok"));
 	}
 
 	@Test
 	public void getWhenUsingDefaultsInLambdaWithValidBearerTokenThenAcceptsRequest() throws Exception {
-
 		this.spring.register(RestOperationsConfig.class, DefaultInLambdaConfig.class, BasicController.class).autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("ValidNoScopes");
-
 		this.mvc.perform(get("/").with(bearerToken(token))).andExpect(status().isOk())
 				.andExpect(content().string("ok"));
 	}
@@ -220,7 +216,6 @@ public class OAuth2ResourceServerConfigurerTests {
 		this.spring.register(WebServerConfig.class, JwkSetUriConfig.class, BasicController.class).autowire();
 		mockWebServer(jwks("Default"));
 		String token = this.token("ValidNoScopes");
-
 		this.mvc.perform(get("/").with(bearerToken(token))).andExpect(status().isOk())
 				.andExpect(content().string("ok"));
 	}
@@ -230,90 +225,73 @@ public class OAuth2ResourceServerConfigurerTests {
 		this.spring.register(WebServerConfig.class, JwkSetUriInLambdaConfig.class, BasicController.class).autowire();
 		mockWebServer(jwks("Default"));
 		String token = this.token("ValidNoScopes");
-
 		this.mvc.perform(get("/").with(bearerToken(token))).andExpect(status().isOk())
 				.andExpect(content().string("ok"));
 	}
 
 	@Test
 	public void getWhenUsingDefaultsWithExpiredBearerTokenThenInvalidToken() throws Exception {
-
 		this.spring.register(RestOperationsConfig.class, DefaultConfig.class, BasicController.class).autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("Expired");
-
 		this.mvc.perform(get("/").with(bearerToken(token))).andExpect(status().isUnauthorized())
 				.andExpect(invalidTokenHeader("An error occurred while attempting to decode the Jwt"));
 	}
 
 	@Test
 	public void getWhenUsingDefaultsWithBadJwkEndpointThenInvalidToken() throws Exception {
-
 		this.spring.register(RestOperationsConfig.class, DefaultConfig.class).autowire();
 		mockRestOperations("malformed");
 		String token = this.token("ValidNoScopes");
-
 		this.mvc.perform(get("/").with(bearerToken(token))).andExpect(status().isUnauthorized())
 				.andExpect(header().string("WWW-Authenticate", "Bearer"));
 	}
 
 	@Test
 	public void getWhenUsingDefaultsWithUnavailableJwkEndpointThenInvalidToken() throws Exception {
-
 		this.spring.register(WebServerConfig.class, JwkSetUriConfig.class).autowire();
 		this.web.shutdown();
 		String token = this.token("ValidNoScopes");
-
 		this.mvc.perform(get("/").with(bearerToken(token))).andExpect(status().isUnauthorized())
 				.andExpect(header().string("WWW-Authenticate", "Bearer"));
 	}
 
 	@Test
 	public void getWhenUsingDefaultsWithMalformedBearerTokenThenInvalidToken() throws Exception {
-
 		this.spring.register(JwkSetUriConfig.class).autowire();
-
 		this.mvc.perform(get("/").with(bearerToken("an\"invalid\"token"))).andExpect(status().isUnauthorized())
 				.andExpect(invalidTokenHeader("Bearer token is malformed"));
 	}
 
 	@Test
 	public void getWhenUsingDefaultsWithMalformedPayloadThenInvalidToken() throws Exception {
-
 		this.spring.register(RestOperationsConfig.class, DefaultConfig.class).autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("MalformedPayload");
-
 		this.mvc.perform(get("/").with(bearerToken(token))).andExpect(status().isUnauthorized()).andExpect(
 				invalidTokenHeader("An error occurred while attempting to decode the Jwt: Malformed payload"));
 	}
 
 	@Test
 	public void getWhenUsingDefaultsWithUnsignedBearerTokenThenInvalidToken() throws Exception {
-
 		this.spring.register(JwkSetUriConfig.class).autowire();
 		String token = this.token("Unsigned");
-
 		this.mvc.perform(get("/").with(bearerToken(token))).andExpect(status().isUnauthorized())
 				.andExpect(invalidTokenHeader("Unsupported algorithm of none"));
 	}
 
 	@Test
 	public void getWhenUsingDefaultsWithBearerTokenBeforeNotBeforeThenInvalidToken() throws Exception {
-
 		this.spring.register(RestOperationsConfig.class, DefaultConfig.class).autowire();
 		this.mockRestOperations(jwks("Default"));
 		String token = this.token("TooEarly");
-
 		this.mvc.perform(get("/").with(bearerToken(token))).andExpect(status().isUnauthorized())
 				.andExpect(invalidTokenHeader("An error occurred while attempting to decode the Jwt"));
 	}
 
 	@Test
 	public void getWhenUsingDefaultsWithBearerTokenInTwoPlacesThenInvalidRequest() throws Exception {
-
 		this.spring.register(JwkSetUriConfig.class).autowire();
-
 		this.mvc.perform(get("/").with(bearerToken("token")).with(bearerToken("token").asParam()))
 				.andExpect(status().isBadRequest())
 				.andExpect(invalidRequestHeader("Found multiple bearer tokens in the request"));
@@ -321,22 +299,17 @@ public class OAuth2ResourceServerConfigurerTests {
 
 	@Test
 	public void getWhenUsingDefaultsWithBearerTokenInTwoParametersThenInvalidRequest() throws Exception {
-
 		this.spring.register(JwkSetUriConfig.class).autowire();
-
 		MultiValueMap<String, String> params = new LinkedMultiValueMap<>();
 		params.add("access_token", "token1");
 		params.add("access_token", "token2");
-
 		this.mvc.perform(get("/").params(params)).andExpect(status().isBadRequest())
 				.andExpect(invalidRequestHeader("Found multiple bearer tokens in the request"));
 	}
 
 	@Test
 	public void postWhenUsingDefaultsWithBearerTokenAsFormParameterThenIgnoresToken() throws Exception {
-
 		this.spring.register(JwkSetUriConfig.class).autowire();
-
 		this.mvc.perform(post("/") // engage csrf
 				.with(bearerToken("token").asParam())).andExpect(status().isForbidden())
 				.andExpect(header().doesNotExist(HttpHeaders.WWW_AUTHENTICATE));
@@ -344,9 +317,7 @@ public class OAuth2ResourceServerConfigurerTests {
 
 	@Test
 	public void postWhenCsrfDisabledWithBearerTokenAsFormParameterThenIgnoresToken() throws Exception {
-
 		this.spring.register(CsrfDisabledConfig.class).autowire();
-
 		this.mvc.perform(post("/").with(bearerToken("token").asParam())).andExpect(status().isUnauthorized())
 				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, "Bearer"));
 	}
@@ -357,232 +328,184 @@ public class OAuth2ResourceServerConfigurerTests {
 		this.spring.register(RestOperationsConfig.class, AnonymousDisabledConfig.class).autowire();
 		mockRestOperations(jwks("Default"));
 		String token = token("ValidNoScopes");
-
 		this.mvc.perform(get("/authenticated").with(bearerToken(token))).andExpect(status().isNotFound());
 	}
 
 	@Test
 	public void getWhenUsingDefaultsWithNoBearerTokenThenUnauthorized() throws Exception {
-
 		this.spring.register(JwkSetUriConfig.class).autowire();
-
 		this.mvc.perform(get("/")).andExpect(status().isUnauthorized())
 				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, "Bearer"));
 	}
 
 	@Test
 	public void getWhenUsingDefaultsWithSufficientlyScopedBearerTokenThenAcceptsRequest() throws Exception {
-
 		this.spring.register(RestOperationsConfig.class, DefaultConfig.class, BasicController.class).autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("ValidMessageReadScope");
-
 		this.mvc.perform(get("/requires-read-scope").with(bearerToken(token))).andExpect(status().isOk())
 				.andExpect(content().string("[SCOPE_message:read]"));
 	}
 
 	@Test
 	public void getWhenUsingDefaultsWithInsufficientScopeThenInsufficientScopeError() throws Exception {
-
 		this.spring.register(RestOperationsConfig.class, DefaultConfig.class, BasicController.class).autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("ValidNoScopes");
-
 		this.mvc.perform(get("/requires-read-scope").with(bearerToken(token))).andExpect(status().isForbidden())
 				.andExpect(insufficientScopeHeader());
 	}
 
 	@Test
 	public void getWhenUsingDefaultsWithInsufficientScpThenInsufficientScopeError() throws Exception {
-
 		this.spring.register(RestOperationsConfig.class, DefaultConfig.class, BasicController.class).autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("ValidMessageWriteScp");
-
 		this.mvc.perform(get("/requires-read-scope").with(bearerToken(token))).andExpect(status().isForbidden())
 				.andExpect(insufficientScopeHeader());
 	}
 
 	@Test
 	public void getWhenUsingDefaultsAndAuthorizationServerHasNoMatchingKeyThenInvalidToken() throws Exception {
-
 		this.spring.register(RestOperationsConfig.class, DefaultConfig.class).autowire();
 		mockRestOperations(jwks("Empty"));
 		String token = this.token("ValidNoScopes");
-
 		this.mvc.perform(get("/").with(bearerToken(token))).andExpect(status().isUnauthorized())
 				.andExpect(invalidTokenHeader("An error occurred while attempting to decode the Jwt"));
 	}
 
 	@Test
 	public void getWhenUsingDefaultsAndAuthorizationServerHasMultipleMatchingKeysThenOk() throws Exception {
-
 		this.spring.register(RestOperationsConfig.class, DefaultConfig.class, BasicController.class).autowire();
 		mockRestOperations(jwks("TwoKeys"));
 		String token = this.token("ValidNoScopes");
-
 		this.mvc.perform(get("/authenticated").with(bearerToken(token))).andExpect(status().isOk())
 				.andExpect(content().string("test-subject"));
 	}
 
 	@Test
 	public void getWhenUsingDefaultsAndKeyMatchesByKidThenOk() throws Exception {
-
 		this.spring.register(RestOperationsConfig.class, DefaultConfig.class, BasicController.class).autowire();
 		mockRestOperations(jwks("TwoKeys"));
 		String token = this.token("Kid");
-
 		this.mvc.perform(get("/authenticated").with(bearerToken(token))).andExpect(status().isOk())
 				.andExpect(content().string("test-subject"));
 	}
 
 	@Test
 	public void getWhenUsingMethodSecurityWithValidBearerTokenThenAcceptsRequest() throws Exception {
-
 		this.spring.register(RestOperationsConfig.class, MethodSecurityConfig.class, BasicController.class).autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("ValidMessageReadScope");
-
 		this.mvc.perform(get("/ms-requires-read-scope").with(bearerToken(token))).andExpect(status().isOk())
 				.andExpect(content().string("[SCOPE_message:read]"));
 	}
 
 	@Test
 	public void getWhenUsingMethodSecurityWithValidBearerTokenHavingScpAttributeThenAcceptsRequest() throws Exception {
-
 		this.spring.register(RestOperationsConfig.class, MethodSecurityConfig.class, BasicController.class).autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("ValidMessageReadScp");
-
 		this.mvc.perform(get("/ms-requires-read-scope").with(bearerToken(token))).andExpect(status().isOk())
 				.andExpect(content().string("[SCOPE_message:read]"));
 	}
 
 	@Test
 	public void getWhenUsingMethodSecurityWithInsufficientScopeThenInsufficientScopeError() throws Exception {
-
 		this.spring.register(RestOperationsConfig.class, MethodSecurityConfig.class, BasicController.class).autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("ValidNoScopes");
-
 		this.mvc.perform(get("/ms-requires-read-scope").with(bearerToken(token))).andExpect(status().isForbidden())
 				.andExpect(insufficientScopeHeader());
-
 	}
 
 	@Test
 	public void getWhenUsingMethodSecurityWithInsufficientScpThenInsufficientScopeError() throws Exception {
-
 		this.spring.register(RestOperationsConfig.class, MethodSecurityConfig.class, BasicController.class).autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("ValidMessageWriteScp");
-
 		this.mvc.perform(get("/ms-requires-read-scope").with(bearerToken(token))).andExpect(status().isForbidden())
 				.andExpect(insufficientScopeHeader());
 	}
 
 	@Test
 	public void getWhenUsingMethodSecurityWithDenyAllThenInsufficientScopeError() throws Exception {
-
 		this.spring.register(RestOperationsConfig.class, MethodSecurityConfig.class, BasicController.class).autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("ValidMessageReadScope");
-
 		this.mvc.perform(get("/ms-deny").with(bearerToken(token))).andExpect(status().isForbidden())
 				.andExpect(insufficientScopeHeader());
 	}
 
 	@Test
 	public void postWhenUsingDefaultsWithValidBearerTokenAndNoCsrfTokenThenOk() throws Exception {
-
 		this.spring.register(RestOperationsConfig.class, DefaultConfig.class, BasicController.class).autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("ValidNoScopes");
-
 		this.mvc.perform(post("/authenticated").with(bearerToken(token))).andExpect(status().isOk())
 				.andExpect(content().string("test-subject"));
 	}
 
 	@Test
 	public void postWhenUsingDefaultsWithNoBearerTokenThenCsrfDenies() throws Exception {
-
 		this.spring.register(JwkSetUriConfig.class).autowire();
-
 		this.mvc.perform(post("/authenticated")).andExpect(status().isForbidden())
 				.andExpect(header().doesNotExist(HttpHeaders.WWW_AUTHENTICATE));
 	}
 
 	@Test
 	public void postWhenUsingDefaultsWithExpiredBearerTokenAndNoCsrfThenInvalidToken() throws Exception {
-
 		this.spring.register(RestOperationsConfig.class, DefaultConfig.class).autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("Expired");
-
 		this.mvc.perform(post("/authenticated").with(bearerToken(token))).andExpect(status().isUnauthorized())
 				.andExpect(invalidTokenHeader("An error occurred while attempting to decode the Jwt"));
 	}
 
 	@Test
 	public void requestWhenDefaultConfiguredThenSessionIsNotCreated() throws Exception {
-
 		this.spring.register(RestOperationsConfig.class, DefaultConfig.class, BasicController.class).autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("ValidNoScopes");
-
 		MvcResult result = this.mvc.perform(get("/").with(bearerToken(token))).andExpect(status().isOk()).andReturn();
-
 		assertThat(result.getRequest().getSession(false)).isNull();
 	}
 
 	@Test
 	public void requestWhenIntrospectionConfiguredThenSessionIsNotCreated() throws Exception {
-
 		this.spring.register(RestOperationsConfig.class, OpaqueTokenConfig.class, BasicController.class).autowire();
 		mockRestOperations(json("Active"));
-
 		MvcResult result = this.mvc.perform(get("/authenticated").with(bearerToken("token"))).andExpect(status().isOk())
 				.andExpect(content().string("test-subject")).andReturn();
-
 		assertThat(result.getRequest().getSession(false)).isNull();
 	}
 
 	@Test
 	public void requestWhenUsingDefaultsAndNoBearerTokenThenSessionIsCreated() throws Exception {
-
 		this.spring.register(JwkSetUriConfig.class, BasicController.class).autowire();
-
 		MvcResult result = this.mvc.perform(get("/")).andExpect(status().isUnauthorized()).andReturn();
-
 		assertThat(result.getRequest().getSession(false)).isNotNull();
 	}
 
 	@Test
 	public void requestWhenSessionManagementConfiguredThenUserConfigurationOverrides() throws Exception {
-
 		this.spring.register(RestOperationsConfig.class, AlwaysSessionCreationConfig.class, BasicController.class)
 				.autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("ValidNoScopes");
-
 		MvcResult result = this.mvc.perform(get("/").with(bearerToken(token))).andExpect(status().isOk()).andReturn();
-
 		assertThat(result.getRequest().getSession(false)).isNotNull();
 	}
 
 	@Test
 	public void requestWhenBearerTokenResolverAllowsRequestBodyThenEitherHeaderOrRequestBodyIsAccepted()
 			throws Exception {
-
 		this.spring.register(AllowBearerTokenInRequestBodyConfig.class, JwtDecoderConfig.class, BasicController.class)
 				.autowire();
-
 		JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class);
 		given(decoder.decode(anyString())).willReturn(JWT);
-
 		this.mvc.perform(get("/authenticated").with(bearerToken(JWT_TOKEN))).andExpect(status().isOk())
 				.andExpect(content().string(JWT_SUBJECT));
-
 		this.mvc.perform(post("/authenticated").param("access_token", JWT_TOKEN)).andExpect(status().isOk())
 				.andExpect(content().string(JWT_SUBJECT));
 	}
@@ -590,17 +513,13 @@ public class OAuth2ResourceServerConfigurerTests {
 	@Test
 	public void requestWhenBearerTokenResolverAllowsQueryParameterThenEitherHeaderOrQueryParameterIsAccepted()
 			throws Exception {
-
 		this.spring
 				.register(AllowBearerTokenAsQueryParameterConfig.class, JwtDecoderConfig.class, BasicController.class)
 				.autowire();
-
 		JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class);
 		given(decoder.decode(anyString())).willReturn(JWT);
-
 		this.mvc.perform(get("/authenticated").with(bearerToken(JWT_TOKEN))).andExpect(status().isOk())
 				.andExpect(content().string(JWT_SUBJECT));
-
 		this.mvc.perform(get("/authenticated").param("access_token", JWT_TOKEN)).andExpect(status().isOk())
 				.andExpect(content().string(JWT_SUBJECT));
 	}
@@ -608,13 +527,10 @@ public class OAuth2ResourceServerConfigurerTests {
 	@Test
 	public void requestWhenBearerTokenResolverAllowsRequestBodyAndRequestContainsTwoTokensThenInvalidRequest()
 			throws Exception {
-
 		this.spring.register(AllowBearerTokenInRequestBodyConfig.class, JwtDecoderConfig.class, BasicController.class)
 				.autowire();
-
 		JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class);
 		given(decoder.decode(anyString())).willReturn(JWT);
-
 		this.mvc.perform(
 				post("/authenticated").param("access_token", JWT_TOKEN).with(bearerToken(JWT_TOKEN)).with(csrf()))
 				.andExpect(status().isBadRequest())
@@ -624,14 +540,11 @@ public class OAuth2ResourceServerConfigurerTests {
 	@Test
 	public void requestWhenBearerTokenResolverAllowsQueryParameterAndRequestContainsTwoTokensThenInvalidRequest()
 			throws Exception {
-
 		this.spring
 				.register(AllowBearerTokenAsQueryParameterConfig.class, JwtDecoderConfig.class, BasicController.class)
 				.autowire();
-
 		JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class);
 		given(decoder.decode(anyString())).willReturn(JWT);
-
 		this.mvc.perform(get("/authenticated").with(bearerToken(JWT_TOKEN)).param("access_token", JWT_TOKEN))
 				.andExpect(status().isBadRequest())
 				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, containsString("invalid_request")));
@@ -641,16 +554,12 @@ public class OAuth2ResourceServerConfigurerTests {
 	public void getBearerTokenResolverWhenDuplicateResolverBeansAndAnotherOnTheDslThenTheDslOneIsUsed() {
 		BearerTokenResolver resolverBean = mock(BearerTokenResolver.class);
 		BearerTokenResolver resolver = mock(BearerTokenResolver.class);
-
 		GenericWebApplicationContext context = new GenericWebApplicationContext();
 		context.registerBean("resolverOne", BearerTokenResolver.class, () -> resolverBean);
 		context.registerBean("resolverTwo", BearerTokenResolver.class, () -> resolverBean);
 		this.spring.context(context).autowire();
-
 		OAuth2ResourceServerConfigurer oauth2 = new OAuth2ResourceServerConfigurer(context);
-
 		oauth2.bearerTokenResolver(resolver);
-
 		assertThat(oauth2.getBearerTokenResolver()).isEqualTo(resolver);
 	}
 
@@ -665,63 +574,46 @@ public class OAuth2ResourceServerConfigurerTests {
 	public void getBearerTokenResolverWhenResolverBeanAndAnotherOnTheDslThenTheDslOneIsUsed() {
 		BearerTokenResolver resolver = mock(BearerTokenResolver.class);
 		BearerTokenResolver resolverBean = mock(BearerTokenResolver.class);
-
 		GenericWebApplicationContext context = new GenericWebApplicationContext();
 		context.registerBean(BearerTokenResolver.class, () -> resolverBean);
 		this.spring.context(context).autowire();
-
 		OAuth2ResourceServerConfigurer oauth2 = new OAuth2ResourceServerConfigurer(context);
 		oauth2.bearerTokenResolver(resolver);
-
 		assertThat(oauth2.getBearerTokenResolver()).isEqualTo(resolver);
 	}
 
 	@Test
 	public void getBearerTokenResolverWhenNoResolverSpecifiedThenTheDefaultIsUsed() {
 		ApplicationContext context = this.spring.context(new GenericWebApplicationContext()).getContext();
-
 		OAuth2ResourceServerConfigurer oauth2 = new OAuth2ResourceServerConfigurer(context);
-
 		assertThat(oauth2.getBearerTokenResolver()).isInstanceOf(DefaultBearerTokenResolver.class);
 	}
 
 	@Test
 	public void requestWhenCustomJwtDecoderWiredOnDslThenUsed() throws Exception {
-
 		this.spring.register(CustomJwtDecoderOnDsl.class, BasicController.class).autowire();
-
 		CustomJwtDecoderOnDsl config = this.spring.getContext().getBean(CustomJwtDecoderOnDsl.class);
 		JwtDecoder decoder = config.decoder();
-
 		given(decoder.decode(anyString())).willReturn(JWT);
-
 		this.mvc.perform(get("/authenticated").with(bearerToken(JWT_TOKEN))).andExpect(status().isOk())
 				.andExpect(content().string(JWT_SUBJECT));
 	}
 
 	@Test
 	public void requestWhenCustomJwtDecoderInLambdaOnDslThenUsed() throws Exception {
-
 		this.spring.register(CustomJwtDecoderInLambdaOnDsl.class, BasicController.class).autowire();
-
 		CustomJwtDecoderInLambdaOnDsl config = this.spring.getContext().getBean(CustomJwtDecoderInLambdaOnDsl.class);
 		JwtDecoder decoder = config.decoder();
-
 		given(decoder.decode(anyString())).willReturn(JWT);
-
 		this.mvc.perform(get("/authenticated").with(bearerToken(JWT_TOKEN))).andExpect(status().isOk())
 				.andExpect(content().string(JWT_SUBJECT));
 	}
 
 	@Test
 	public void requestWhenCustomJwtDecoderExposedAsBeanThenUsed() throws Exception {
-
 		this.spring.register(CustomJwtDecoderAsBean.class, BasicController.class).autowire();
-
 		JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class);
-
 		given(decoder.decode(anyString())).willReturn(JWT);
-
 		this.mvc.perform(get("/authenticated").with(bearerToken(JWT_TOKEN))).andExpect(status().isOk())
 				.andExpect(content().string(JWT_SUBJECT));
 	}
@@ -729,107 +621,77 @@ public class OAuth2ResourceServerConfigurerTests {
 	@Test
 	public void getJwtDecoderWhenConfiguredWithDecoderAndJwkSetUriThenLastOneWins() {
 		ApplicationContext context = mock(ApplicationContext.class);
-
 		OAuth2ResourceServerConfigurer.JwtConfigurer jwtConfigurer = new OAuth2ResourceServerConfigurer(context).jwt();
-
 		JwtDecoder decoder = mock(JwtDecoder.class);
-
 		jwtConfigurer.jwkSetUri(JWK_SET_URI);
 		jwtConfigurer.decoder(decoder);
-
 		assertThat(jwtConfigurer.getJwtDecoder()).isEqualTo(decoder);
-
 		jwtConfigurer = new OAuth2ResourceServerConfigurer(context).jwt();
-
 		jwtConfigurer.decoder(decoder);
 		jwtConfigurer.jwkSetUri(JWK_SET_URI);
-
 		assertThat(jwtConfigurer.getJwtDecoder()).isInstanceOf(NimbusJwtDecoder.class);
-
 	}
 
 	@Test
 	public void getJwtDecoderWhenConflictingJwtDecodersThenTheDslWiredOneTakesPrecedence() {
-
 		JwtDecoder decoderBean = mock(JwtDecoder.class);
 		JwtDecoder decoder = mock(JwtDecoder.class);
-
 		ApplicationContext context = mock(ApplicationContext.class);
 		given(context.getBean(JwtDecoder.class)).willReturn(decoderBean);
-
 		OAuth2ResourceServerConfigurer.JwtConfigurer jwtConfigurer = new OAuth2ResourceServerConfigurer(context).jwt();
 		jwtConfigurer.decoder(decoder);
-
 		assertThat(jwtConfigurer.getJwtDecoder()).isEqualTo(decoder);
 	}
 
 	@Test
 	public void getJwtDecoderWhenContextHasBeanAndUserConfiguresJwkSetUriThenJwkSetUriTakesPrecedence() {
-
 		JwtDecoder decoder = mock(JwtDecoder.class);
 		ApplicationContext context = mock(ApplicationContext.class);
 		given(context.getBean(JwtDecoder.class)).willReturn(decoder);
-
 		OAuth2ResourceServerConfigurer.JwtConfigurer jwtConfigurer = new OAuth2ResourceServerConfigurer(context).jwt();
-
 		jwtConfigurer.jwkSetUri(JWK_SET_URI);
-
 		assertThat(jwtConfigurer.getJwtDecoder()).isNotEqualTo(decoder);
 		assertThat(jwtConfigurer.getJwtDecoder()).isInstanceOf(NimbusJwtDecoder.class);
 	}
 
 	@Test
 	public void getJwtDecoderWhenTwoJwtDecoderBeansAndAnotherWiredOnDslThenDslWiredOneTakesPrecedence() {
-
 		JwtDecoder decoderBean = mock(JwtDecoder.class);
 		JwtDecoder decoder = mock(JwtDecoder.class);
-
 		GenericWebApplicationContext context = new GenericWebApplicationContext();
 		context.registerBean("decoderOne", JwtDecoder.class, () -> decoderBean);
 		context.registerBean("decoderTwo", JwtDecoder.class, () -> decoderBean);
 		this.spring.context(context).autowire();
-
 		OAuth2ResourceServerConfigurer.JwtConfigurer jwtConfigurer = new OAuth2ResourceServerConfigurer(context).jwt();
 		jwtConfigurer.decoder(decoder);
-
 		assertThat(jwtConfigurer.getJwtDecoder()).isEqualTo(decoder);
 	}
 
 	@Test
 	public void getJwtDecoderWhenTwoJwtDecoderBeansThenThrowsException() {
-
 		JwtDecoder decoder = mock(JwtDecoder.class);
 		GenericWebApplicationContext context = new GenericWebApplicationContext();
 		context.registerBean("decoderOne", JwtDecoder.class, () -> decoder);
 		context.registerBean("decoderTwo", JwtDecoder.class, () -> decoder);
-
 		this.spring.context(context).autowire();
-
 		OAuth2ResourceServerConfigurer.JwtConfigurer jwtConfigurer = new OAuth2ResourceServerConfigurer(context).jwt();
-
 		assertThatCode(() -> jwtConfigurer.getJwtDecoder()).isInstanceOf(NoUniqueBeanDefinitionException.class);
 	}
 
 	@Test
 	public void requestWhenRealmNameConfiguredThenUsesOnUnauthenticated() throws Exception {
-
 		this.spring.register(RealmNameConfiguredOnEntryPoint.class, JwtDecoderConfig.class).autowire();
-
 		JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class);
 		given(decoder.decode(anyString())).willThrow(JwtException.class);
-
 		this.mvc.perform(get("/authenticated").with(bearerToken("invalid_token"))).andExpect(status().isUnauthorized())
 				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer realm=\"myRealm\"")));
 	}
 
 	@Test
 	public void requestWhenRealmNameConfiguredThenUsesOnAccessDenied() throws Exception {
-
 		this.spring.register(RealmNameConfiguredOnAccessDeniedHandler.class, JwtDecoderConfig.class).autowire();
-
 		JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class);
 		given(decoder.decode(anyString())).willReturn(JWT);
-
 		this.mvc.perform(get("/authenticated").with(bearerToken("insufficiently_scoped")))
 				.andExpect(status().isForbidden())
 				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer realm=\"myRealm\"")));
@@ -851,100 +713,77 @@ public class OAuth2ResourceServerConfigurerTests {
 
 	@Test
 	public void requestWhenCustomJwtValidatorFailsThenCorrespondingErrorMessage() throws Exception {
-
 		this.spring.register(RestOperationsConfig.class, CustomJwtValidatorConfig.class).autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("ValidNoScopes");
-
 		OAuth2TokenValidator<Jwt> jwtValidator = this.spring.getContext().getBean(CustomJwtValidatorConfig.class)
 				.getJwtValidator();
-
 		OAuth2Error error = new OAuth2Error("custom-error", "custom-description", "custom-uri");
-
 		given(jwtValidator.validate(any(Jwt.class))).willReturn(OAuth2TokenValidatorResult.failure(error));
-
 		this.mvc.perform(get("/").with(bearerToken(token))).andExpect(status().isUnauthorized())
 				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, containsString("custom-description")));
 	}
 
 	@Test
 	public void requestWhenClockSkewSetThenTimestampWindowRelaxedAccordingly() throws Exception {
-
 		this.spring.register(RestOperationsConfig.class, UnexpiredJwtClockSkewConfig.class, BasicController.class)
 				.autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("ExpiresAt4687177990");
-
 		this.mvc.perform(get("/").with(bearerToken(token))).andExpect(status().isOk());
 	}
 
 	@Test
 	public void requestWhenClockSkewSetButJwtStillTooLateThenReportsExpired() throws Exception {
-
 		this.spring.register(RestOperationsConfig.class, ExpiredJwtClockSkewConfig.class, BasicController.class)
 				.autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("ExpiresAt4687177990");
-
 		this.mvc.perform(get("/").with(bearerToken(token))).andExpect(status().isUnauthorized())
 				.andExpect(invalidTokenHeader("Jwt expired at"));
 	}
 
 	@Test
 	public void requestWhenJwtAuthenticationConverterConfiguredOnDslThenIsUsed() throws Exception {
-
 		this.spring.register(JwtDecoderConfig.class, JwtAuthenticationConverterConfiguredOnDsl.class,
 				BasicController.class).autowire();
-
 		Converter<Jwt, JwtAuthenticationToken> jwtAuthenticationConverter = this.spring.getContext()
 				.getBean(JwtAuthenticationConverterConfiguredOnDsl.class).getJwtAuthenticationConverter();
 		given(jwtAuthenticationConverter.convert(JWT)).willReturn(JWT_AUTHENTICATION_TOKEN);
-
 		JwtDecoder jwtDecoder = this.spring.getContext().getBean(JwtDecoder.class);
 		given(jwtDecoder.decode(anyString())).willReturn(JWT);
-
 		this.mvc.perform(get("/").with(bearerToken(JWT_TOKEN))).andExpect(status().isOk());
-
 		verify(jwtAuthenticationConverter).convert(JWT);
 	}
 
 	@Test
 	public void requestWhenJwtAuthenticationConverterCustomizedAuthoritiesThenThoseAuthoritiesArePropagated()
 			throws Exception {
-
 		this.spring.register(JwtDecoderConfig.class, CustomAuthorityMappingConfig.class, BasicController.class)
 				.autowire();
-
 		JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class);
 		given(decoder.decode(JWT_TOKEN)).willReturn(JWT);
-
 		this.mvc.perform(get("/requires-read-scope").with(bearerToken(JWT_TOKEN))).andExpect(status().isOk());
 	}
 
 	@Test
 	public void requestWhenUsingPublicKeyAndValidTokenThenAuthenticates() throws Exception {
-
 		this.spring.register(SingleKeyConfig.class, BasicController.class).autowire();
 		String token = this.token("ValidNoScopes");
-
 		this.mvc.perform(get("/").with(bearerToken(token))).andExpect(status().isOk());
 	}
 
 	@Test
 	public void requestWhenUsingPublicKeyAndSignatureFailsThenReturnsInvalidToken() throws Exception {
-
 		this.spring.register(SingleKeyConfig.class).autowire();
 		String token = this.token("WrongSignature");
-
 		this.mvc.perform(get("/").with(bearerToken(token))).andExpect(invalidTokenHeader("signature"));
 	}
 
 	@Test
 	public void requestWhenUsingPublicKeyAlgorithmDoesNotMatchThenReturnsInvalidToken() throws Exception {
-
 		this.spring.register(SingleKeyConfig.class).autowire();
 		String token = this.token("WrongAlgorithm");
-
 		this.mvc.perform(get("/").with(bearerToken(token))).andExpect(invalidTokenHeader("algorithm"));
 	}
 
@@ -952,11 +791,8 @@ public class OAuth2ResourceServerConfigurerTests {
 	@Test
 	public void requestWhenUsingCustomAuthenticationEventPublisherThenUses() throws Exception {
 		this.spring.register(CustomAuthenticationEventPublisher.class).autowire();
-
 		given(bean(JwtDecoder.class).decode(anyString())).willThrow(new BadJwtException("problem"));
-
 		this.mvc.perform(get("/").with(bearerToken("token")));
-
 		verifyBean(AuthenticationEventPublisher.class)
 				.publishAuthenticationFailure(any(OAuth2AuthenticationException.class), any(Authentication.class));
 	}
@@ -964,12 +800,10 @@ public class OAuth2ResourceServerConfigurerTests {
 	@Test
 	public void getWhenCustomJwtAuthenticationManagerThenUsed() throws Exception {
 		this.spring.register(JwtAuthenticationManagerConfig.class, BasicController.class).autowire();
-
 		given(bean(AuthenticationProvider.class).authenticate(any(Authentication.class)))
 				.willReturn(JWT_AUTHENTICATION_TOKEN);
 		this.mvc.perform(get("/authenticated").with(bearerToken("token"))).andExpect(status().isOk())
 				.andExpect(content().string("mock-test-subject"));
-
 		verifyBean(AuthenticationProvider.class).authenticate(any(Authentication.class));
 	}
 
@@ -977,7 +811,6 @@ public class OAuth2ResourceServerConfigurerTests {
 	public void getWhenIntrospectingThenOk() throws Exception {
 		this.spring.register(RestOperationsConfig.class, OpaqueTokenConfig.class, BasicController.class).autowire();
 		mockRestOperations(json("Active"));
-
 		this.mvc.perform(get("/authenticated").with(bearerToken("token"))).andExpect(status().isOk())
 				.andExpect(content().string("test-subject"));
 	}
@@ -987,7 +820,6 @@ public class OAuth2ResourceServerConfigurerTests {
 		this.spring.register(RestOperationsConfig.class, OpaqueTokenInLambdaConfig.class, BasicController.class)
 				.autowire();
 		mockRestOperations(json("Active"));
-
 		this.mvc.perform(get("/authenticated").with(bearerToken("token"))).andExpect(status().isOk())
 				.andExpect(content().string("test-subject"));
 	}
@@ -996,7 +828,6 @@ public class OAuth2ResourceServerConfigurerTests {
 	public void getWhenIntrospectionFailsThenUnauthorized() throws Exception {
 		this.spring.register(RestOperationsConfig.class, OpaqueTokenConfig.class).autowire();
 		mockRestOperations(json("Inactive"));
-
 		this.mvc.perform(get("/").with(bearerToken("token"))).andExpect(status().isUnauthorized()).andExpect(
 				header().string(HttpHeaders.WWW_AUTHENTICATE, containsString("Provided token isn't active")));
 	}
@@ -1005,7 +836,6 @@ public class OAuth2ResourceServerConfigurerTests {
 	public void getWhenIntrospectionLacksScopeThenForbidden() throws Exception {
 		this.spring.register(RestOperationsConfig.class, OpaqueTokenConfig.class).autowire();
 		mockRestOperations(json("ActiveNoScopes"));
-
 		this.mvc.perform(get("/requires-read-scope").with(bearerToken("token"))).andExpect(status().isForbidden())
 				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, containsString("scope")));
 	}
@@ -1013,24 +843,20 @@ public class OAuth2ResourceServerConfigurerTests {
 	@Test
 	public void getWhenCustomIntrospectionAuthenticationManagerThenUsed() throws Exception {
 		this.spring.register(OpaqueTokenAuthenticationManagerConfig.class, BasicController.class).autowire();
-
 		given(bean(AuthenticationProvider.class).authenticate(any(Authentication.class)))
 				.willReturn(INTROSPECTION_AUTHENTICATION_TOKEN);
 		this.mvc.perform(get("/authenticated").with(bearerToken("token"))).andExpect(status().isOk())
 				.andExpect(content().string("mock-test-subject"));
-
 		verifyBean(AuthenticationProvider.class).authenticate(any(Authentication.class));
 	}
 
 	@Test
 	public void getWhenCustomIntrospectionAuthenticationManagerInLambdaThenUsed() throws Exception {
 		this.spring.register(OpaqueTokenAuthenticationManagerInLambdaConfig.class, BasicController.class).autowire();
-
 		given(bean(AuthenticationProvider.class).authenticate(any(Authentication.class)))
 				.willReturn(INTROSPECTION_AUTHENTICATION_TOKEN);
 		this.mvc.perform(get("/authenticated").with(bearerToken("token"))).andExpect(status().isOk())
 				.andExpect(content().string("mock-test-subject"));
-
 		verifyBean(AuthenticationProvider.class).authenticate(any(Authentication.class));
 	}
 
@@ -1043,26 +869,18 @@ public class OAuth2ResourceServerConfigurerTests {
 	@Test
 	public void getIntrospectionClientWhenConfiguredWithClientAndIntrospectionUriThenLastOneWins() {
 		ApplicationContext context = mock(ApplicationContext.class);
-
 		OAuth2ResourceServerConfigurer.OpaqueTokenConfigurer opaqueTokenConfigurer = new OAuth2ResourceServerConfigurer(
 				context).opaqueToken();
-
 		OpaqueTokenIntrospector client = mock(OpaqueTokenIntrospector.class);
-
 		opaqueTokenConfigurer.introspectionUri(INTROSPECTION_URI);
 		opaqueTokenConfigurer.introspectionClientCredentials(CLIENT_ID, CLIENT_SECRET);
 		opaqueTokenConfigurer.introspector(client);
-
 		assertThat(opaqueTokenConfigurer.getIntrospector()).isEqualTo(client);
-
 		opaqueTokenConfigurer = new OAuth2ResourceServerConfigurer(context).opaqueToken();
-
 		opaqueTokenConfigurer.introspector(client);
 		opaqueTokenConfigurer.introspectionUri(INTROSPECTION_URI);
 		opaqueTokenConfigurer.introspectionClientCredentials(CLIENT_ID, CLIENT_SECRET);
-
 		assertThat(opaqueTokenConfigurer.getIntrospector()).isInstanceOf(NimbusOpaqueTokenIntrospector.class);
-
 	}
 
 	@Test
@@ -1070,65 +888,48 @@ public class OAuth2ResourceServerConfigurerTests {
 		GenericApplicationContext context = new GenericApplicationContext();
 		registerMockBean(context, "introspectionClientOne", OpaqueTokenIntrospector.class);
 		registerMockBean(context, "introspectionClientTwo", OpaqueTokenIntrospector.class);
-
 		OAuth2ResourceServerConfigurer.OpaqueTokenConfigurer opaqueToken = new OAuth2ResourceServerConfigurer(context)
 				.opaqueToken();
 		opaqueToken.introspectionUri(INTROSPECTION_URI);
 		opaqueToken.introspectionClientCredentials(CLIENT_ID, CLIENT_SECRET);
-
 		assertThat(opaqueToken.getIntrospector()).isNotNull();
 	}
 
 	@Test
 	public void requestWhenBasicAndResourceServerEntryPointsThenMatchedByRequest() throws Exception {
-
 		this.spring.register(BasicAndResourceServerConfig.class, JwtDecoderConfig.class).autowire();
-
 		JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class);
 		given(decoder.decode(anyString())).willThrow(JwtException.class);
-
 		this.mvc.perform(get("/authenticated").with(httpBasic("some", "user"))).andExpect(status().isUnauthorized())
 				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, startsWith("Basic")));
-
 		this.mvc.perform(get("/authenticated")).andExpect(status().isUnauthorized())
 				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, startsWith("Basic")));
-
 		this.mvc.perform(get("/authenticated").with(bearerToken("invalid_token"))).andExpect(status().isUnauthorized())
 				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer")));
 	}
 
 	@Test
 	public void requestWhenFormLoginAndResourceServerEntryPointsThenSessionCreatedByRequest() throws Exception {
-
 		this.spring.register(FormAndResourceServerConfig.class, JwtDecoderConfig.class).autowire();
-
 		JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class);
 		given(decoder.decode(anyString())).willThrow(JwtException.class);
-
 		MvcResult result = this.mvc.perform(get("/authenticated")).andExpect(status().isFound())
 				.andExpect(redirectedUrl("http://localhost/login")).andReturn();
-
 		assertThat(result.getRequest().getSession(false)).isNotNull();
-
 		result = this.mvc.perform(get("/authenticated").with(bearerToken("token"))).andExpect(status().isUnauthorized())
 				.andReturn();
-
 		assertThat(result.getRequest().getSession(false)).isNull();
 	}
 
 	@Test
 	public void requestWhenDefaultAndResourceServerAccessDeniedHandlersThenMatchedByRequest() throws Exception {
-
 		this.spring
 				.register(ExceptionHandlingAndResourceServerWithAccessDeniedHandlerConfig.class, JwtDecoderConfig.class)
 				.autowire();
-
 		JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class);
 		given(decoder.decode(anyString())).willReturn(JWT);
-
 		this.mvc.perform(get("/authenticated").with(httpBasic("basic-user", "basic-password")))
 				.andExpect(status().isForbidden()).andExpect(header().doesNotExist(HttpHeaders.WWW_AUTHENTICATE));
-
 		this.mvc.perform(get("/authenticated").with(bearerToken("insufficiently_scoped")))
 				.andExpect(status().isForbidden())
 				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer")));
@@ -1136,15 +937,12 @@ public class OAuth2ResourceServerConfigurerTests {
 
 	@Test
 	public void getWhenAlsoUsingHttpBasicThenCorrectProviderEngages() throws Exception {
-
 		this.spring.register(RestOperationsConfig.class, BasicAndResourceServerConfig.class, BasicController.class)
 				.autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("ValidNoScopes");
-
 		this.mvc.perform(get("/authenticated").with(bearerToken(token))).andExpect(status().isOk())
 				.andExpect(content().string("test-subject"));
-
 		this.mvc.perform(get("/authenticated").with(httpBasic("basic-user", "basic-password")))
 				.andExpect(status().isOk()).andExpect(content().string("basic-user"));
 	}
@@ -1153,12 +951,10 @@ public class OAuth2ResourceServerConfigurerTests {
 	public void getAuthenticationManagerWhenConfiguredAuthenticationManagerThenTakesPrecedence() {
 		ApplicationContext context = mock(ApplicationContext.class);
 		HttpSecurityBuilder http = mock(HttpSecurityBuilder.class);
-
 		OAuth2ResourceServerConfigurer oauth2ResourceServer = new OAuth2ResourceServerConfigurer(context);
 		AuthenticationManager authenticationManager = mock(AuthenticationManager.class);
 		oauth2ResourceServer.jwt().authenticationManager(authenticationManager).decoder(mock(JwtDecoder.class));
 		assertThat(oauth2ResourceServer.getAuthenticationManager(http)).isSameAs(authenticationManager);
-
 		oauth2ResourceServer = new OAuth2ResourceServerConfigurer(context);
 		oauth2ResourceServer.opaqueToken().authenticationManager(authenticationManager)
 				.introspector(mock(OpaqueTokenIntrospector.class));
@@ -1169,7 +965,6 @@ public class OAuth2ResourceServerConfigurerTests {
 	@Test
 	public void getWhenMultipleIssuersThenUsesIssuerClaimToDifferentiate() throws Exception {
 		this.spring.register(WebServerConfig.class, MultipleIssuersConfig.class, BasicController.class).autowire();
-
 		MockWebServer server = this.spring.getContext().getBean(MockWebServer.class);
 		String metadata = "{\n" + "    \"issuer\": \"%s\", \n" + "    \"jwks_uri\": \"%s/.well-known/jwks.json\" \n"
 				+ "}";
@@ -1180,36 +975,28 @@ public class OAuth2ResourceServerConfigurerTests {
 		String jwtOne = jwtFromIssuer(issuerOne);
 		String jwtTwo = jwtFromIssuer(issuerTwo);
 		String jwtThree = jwtFromIssuer(issuerThree);
-
 		mockWebServer(String.format(metadata, issuerOne, issuerOne));
 		mockWebServer(jwkSet);
-
 		this.mvc.perform(get("/authenticated").with(bearerToken(jwtOne))).andExpect(status().isOk())
 				.andExpect(content().string("test-subject"));
-
 		mockWebServer(String.format(metadata, issuerTwo, issuerTwo));
 		mockWebServer(jwkSet);
-
 		this.mvc.perform(get("/authenticated").with(bearerToken(jwtTwo))).andExpect(status().isOk())
 				.andExpect(content().string("test-subject"));
-
 		mockWebServer(String.format(metadata, issuerThree, issuerThree));
 		mockWebServer(jwkSet);
-
 		this.mvc.perform(get("/authenticated").with(bearerToken(jwtThree))).andExpect(status().isUnauthorized())
 				.andExpect(invalidTokenHeader("Invalid issuer"));
 	}
 
 	@Test
 	public void configuredWhenMissingJwtAuthenticationProviderThenWiringException() {
-
 		assertThatCode(() -> this.spring.register(JwtlessConfig.class).autowire())
 				.isInstanceOf(BeanCreationException.class).hasMessageContaining("neither was found");
 	}
 
 	@Test
 	public void configureWhenMissingJwkSetUriThenWiringException() {
-
 		assertThatCode(() -> this.spring.register(JwtHalfConfiguredConfig.class).autowire())
 				.isInstanceOf(BeanCreationException.class).hasMessageContaining("No qualifying bean of type");
 	}
@@ -1230,22 +1017,17 @@ public class OAuth2ResourceServerConfigurerTests {
 	@Test
 	public void getJwtAuthenticationConverterWhenNoConverterSpecifiedThenTheDefaultIsUsed() {
 		ApplicationContext context = this.spring.context(new GenericWebApplicationContext()).getContext();
-
 		OAuth2ResourceServerConfigurer.JwtConfigurer jwtConfigurer = new OAuth2ResourceServerConfigurer(context).jwt();
-
 		assertThat(jwtConfigurer.getJwtAuthenticationConverter()).isInstanceOf(JwtAuthenticationConverter.class);
 	}
 
 	@Test
 	public void getJwtAuthenticationConverterWhenConverterBeanSpecified() {
 		JwtAuthenticationConverter converterBean = new JwtAuthenticationConverter();
-
 		GenericWebApplicationContext context = new GenericWebApplicationContext();
 		context.registerBean(JwtAuthenticationConverter.class, () -> converterBean);
 		this.spring.context(context).autowire();
-
 		OAuth2ResourceServerConfigurer.JwtConfigurer jwtConfigurer = new OAuth2ResourceServerConfigurer(context).jwt();
-
 		assertThat(jwtConfigurer.getJwtAuthenticationConverter()).isEqualTo(converterBean);
 	}
 
@@ -1253,14 +1035,11 @@ public class OAuth2ResourceServerConfigurerTests {
 	public void getJwtAuthenticationConverterWhenConverterBeanAndAnotherOnTheDslThenTheDslOneIsUsed() {
 		JwtAuthenticationConverter converter = new JwtAuthenticationConverter();
 		JwtAuthenticationConverter converterBean = new JwtAuthenticationConverter();
-
 		GenericWebApplicationContext context = new GenericWebApplicationContext();
 		context.registerBean(JwtAuthenticationConverter.class, () -> converterBean);
 		this.spring.context(context).autowire();
-
 		OAuth2ResourceServerConfigurer.JwtConfigurer jwtConfigurer = new OAuth2ResourceServerConfigurer(context).jwt();
 		jwtConfigurer.jwtAuthenticationConverter(converter);
-
 		assertThat(jwtConfigurer.getJwtAuthenticationConverter()).isEqualTo(converter);
 	}
 
@@ -1268,29 +1047,23 @@ public class OAuth2ResourceServerConfigurerTests {
 	public void getJwtAuthenticationConverterWhenDuplicateConverterBeansAndAnotherOnTheDslThenTheDslOneIsUsed() {
 		JwtAuthenticationConverter converter = new JwtAuthenticationConverter();
 		JwtAuthenticationConverter converterBean = new JwtAuthenticationConverter();
-
 		GenericWebApplicationContext context = new GenericWebApplicationContext();
 		context.registerBean("converterOne", JwtAuthenticationConverter.class, () -> converterBean);
 		context.registerBean("converterTwo", JwtAuthenticationConverter.class, () -> converterBean);
 		this.spring.context(context).autowire();
-
 		OAuth2ResourceServerConfigurer.JwtConfigurer jwtConfigurer = new OAuth2ResourceServerConfigurer(context).jwt();
 		jwtConfigurer.jwtAuthenticationConverter(converter);
-
 		assertThat(jwtConfigurer.getJwtAuthenticationConverter()).isEqualTo(converter);
 	}
 
 	@Test
 	public void getJwtAuthenticationConverterWhenDuplicateConverterBeansThenThrowsException() {
 		JwtAuthenticationConverter converterBean = new JwtAuthenticationConverter();
-
 		GenericWebApplicationContext context = new GenericWebApplicationContext();
 		context.registerBean("converterOne", JwtAuthenticationConverter.class, () -> converterBean);
 		context.registerBean("converterTwo", JwtAuthenticationConverter.class, () -> converterBean);
 		this.spring.context(context).autowire();
-
 		OAuth2ResourceServerConfigurer.JwtConfigurer jwtConfigurer = new OAuth2ResourceServerConfigurer(context).jwt();
-
 		assertThatCode(jwtConfigurer::getJwtAuthenticationConverter)
 				.isInstanceOf(NoUniqueBeanDefinitionException.class);
 	}
@@ -1947,7 +1720,6 @@ public class OAuth2ResourceServerConfigurerTests {
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			this.jwtDecoder.setJwtValidator(this.jwtValidator);
-
 			// @formatter:off
 			http
 				.oauth2ResourceServer()
@@ -1973,9 +1745,7 @@ public class OAuth2ResourceServerConfigurerTests {
 					ZoneId.systemDefault());
 			JwtTimestampValidator jwtValidator = new JwtTimestampValidator(Duration.ofHours(1));
 			jwtValidator.setClock(nearlyAnHourFromTokenExpiry);
-
 			this.jwtDecoder.setJwtValidator(jwtValidator);
-
 			// @formatter:off
 			http
 				.oauth2ResourceServer()
@@ -1997,16 +1767,13 @@ public class OAuth2ResourceServerConfigurerTests {
 					ZoneId.systemDefault());
 			JwtTimestampValidator jwtValidator = new JwtTimestampValidator(Duration.ofHours(1));
 			jwtValidator.setClock(justOverOneHourAfterExpiry);
-
 			this.jwtDecoder.setJwtValidator(jwtValidator);
-
 			// @formatter:off
 			http
 				.oauth2ResourceServer()
 					.jwt();
 		}
 	}
-
 	@EnableWebSecurity
 	static class SingleKeyConfig extends WebSecurityConfigurerAdapter {
 		byte[] spec = Base64.getDecoder().decode(
@@ -2017,7 +1784,6 @@ public class OAuth2ResourceServerConfigurerTests {
 				"iZCtPzL/IffDUcfhLQteGebhW8A6eUHgpD5A1PQ+JCw/G7UOzZAjjDjtNM2eqm8j" +
 				"+Ms/gqnm4MiCZ4E+9pDN77CAAPVN7kuX6ejs9KBXpk01z48i9fORYk9u7rAkh1Hu" +
 				"QwIDAQAB");
-
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:off
@@ -2202,7 +1968,6 @@ public class OAuth2ResourceServerConfigurerTests {
 			String issuerTwo = this.web.url("/issuerTwo").toString();
 			JwtIssuerAuthenticationManagerResolver authenticationManagerResolver = new JwtIssuerAuthenticationManagerResolver(
 					issuerOne, issuerTwo);
-
 			// @formatter:off
 			http
 				.oauth2ResourceServer()
@@ -2367,7 +2132,6 @@ public class OAuth2ResourceServerConfigurerTests {
 			else {
 				request.addHeader("Authorization", "Bearer " + this.token);
 			}
-
 			return request;
 		}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurerTests.java
index 66d8cf2701..e4dfd717b0 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurerTests.java
@@ -71,7 +71,6 @@ public class OpenIDLoginConfigurerTests {
 	public void configureWhenRegisteringObjectPostProcessorThenInvokedOnOpenIDAuthenticationFilter() {
 		ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class);
 		this.spring.register(ObjectPostProcessorConfig.class).autowire();
-
 		verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(OpenIDAuthenticationFilter.class));
 	}
 
@@ -79,14 +78,12 @@ public class OpenIDLoginConfigurerTests {
 	public void configureWhenRegisteringObjectPostProcessorThenInvokedOnOpenIDAuthenticationProvider() {
 		ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class);
 		this.spring.register(ObjectPostProcessorConfig.class).autowire();
-
 		verify(ObjectPostProcessorConfig.objectPostProcessor).postProcess(any(OpenIDAuthenticationProvider.class));
 	}
 
 	@Test
 	public void openidLoginWhenInvokedTwiceThenUsesOriginalLoginPage() throws Exception {
 		this.spring.register(InvokeTwiceDoesNotOverrideConfig.class).autowire();
-
 		this.mvc.perform(get("/")).andExpect(status().isFound())
 				.andExpect(redirectedUrl("http://localhost/login/custom"));
 	}
@@ -94,7 +91,6 @@ public class OpenIDLoginConfigurerTests {
 	@Test
 	public void requestWhenOpenIdLoginPageInLambdaThenRedirectsToLoginPAge() throws Exception {
 		this.spring.register(OpenIdLoginPageInLambdaConfig.class).autowire();
-
 		this.mvc.perform(get("/")).andExpect(status().isFound())
 				.andExpect(redirectedUrl("http://localhost/login/custom"));
 	}
@@ -109,18 +105,14 @@ public class OpenIDLoginConfigurerTests {
 		given(OpenIdAttributesInLambdaConfig.CONSUMER_MANAGER.authenticate(any(DiscoveryInformation.class), any(),
 				any())).willReturn(mockAuthRequest);
 		this.spring.register(OpenIdAttributesInLambdaConfig.class).autowire();
-
 		try (MockWebServer server = new MockWebServer()) {
 			String endpoint = server.url("/").toString();
-
 			server.enqueue(new MockResponse().addHeader(YadisResolver.YADIS_XRDS_LOCATION, endpoint));
 			server.enqueue(new MockResponse()
 					.setBody(String.format("<XRDS><XRD><Service><URI>%s</URI></Service></XRD></XRDS>", endpoint)));
-
 			MvcResult mvcResult = this.mvc.perform(
 					get("/login/openid").param(OpenIDAuthenticationFilter.DEFAULT_CLAIMED_IDENTITY_FIELD, endpoint))
 					.andExpect(status().isFound()).andReturn();
-
 			Object attributeObject = mvcResult.getRequest().getSession()
 					.getAttribute("SPRING_SECURITY_OPEN_ID_ATTRIBUTES_FETCH_LIST");
 			assertThat(attributeObject).isInstanceOf(List.class);
@@ -147,18 +139,14 @@ public class OpenIDLoginConfigurerTests {
 		given(OpenIdAttributesNullNameConfig.CONSUMER_MANAGER.authenticate(any(DiscoveryInformation.class), any(),
 				any())).willReturn(mockAuthRequest);
 		this.spring.register(OpenIdAttributesNullNameConfig.class).autowire();
-
 		try (MockWebServer server = new MockWebServer()) {
 			String endpoint = server.url("/").toString();
-
 			server.enqueue(new MockResponse().addHeader(YadisResolver.YADIS_XRDS_LOCATION, endpoint));
 			server.enqueue(new MockResponse()
 					.setBody(String.format("<XRDS><XRD><Service><URI>%s</URI></Service></XRD></XRDS>", endpoint)));
-
 			MvcResult mvcResult = this.mvc.perform(
 					get("/login/openid").param(OpenIDAuthenticationFilter.DEFAULT_CLAIMED_IDENTITY_FIELD, endpoint))
 					.andExpect(status().isFound()).andReturn();
-
 			Object attributeObject = mvcResult.getRequest().getSession()
 					.getAttribute("SPRING_SECURITY_OPEN_ID_ATTRIBUTES_FETCH_LIST");
 			assertThat(attributeObject).isInstanceOf(List.class);
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurerTests.java
index 601473a3e6..1b3462112e 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurerTests.java
@@ -169,7 +169,6 @@ public class Saml2LoginConfigurerTests {
 	@Test
 	public void saml2LoginWhenCustomAuthenticationRequestContextResolverThenUses() throws Exception {
 		this.spring.register(CustomAuthenticationRequestContextResolver.class).autowire();
-
 		Saml2AuthenticationRequestContext context = TestSaml2AuthenticationRequestContexts
 				.authenticationRequestContext().build();
 		Saml2AuthenticationRequestContextResolver resolver = CustomAuthenticationRequestContextResolver.resolver;
@@ -181,7 +180,6 @@ public class Saml2LoginConfigurerTests {
 	@Test
 	public void authenticationRequestWhenAuthnRequestConsumerResolverThenUses() throws Exception {
 		this.spring.register(CustomAuthnRequestConsumerResolver.class).autowire();
-
 		MvcResult result = this.mvc.perform(get("/saml2/authenticate/registration-id")).andReturn();
 		UriComponents components = UriComponentsBuilder.fromHttpUrl(result.getResponse().getRedirectedUrl()).build();
 		String samlRequest = components.getQueryParams().getFirst("SAMLRequest");
@@ -228,10 +226,8 @@ public class Saml2LoginConfigurerTests {
 		// setup authentication parameters
 		this.request.setParameter("SAMLResponse",
 				Base64.getEncoder().encodeToString("saml2-xml-response-object".getBytes()));
-
 		// perform test
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain);
-
 		// assertions
 		Authentication authentication = this.securityContextRepository
 				.loadContext(new HttpRequestResponseHolder(this.request, this.response)).getAuthentication();
@@ -263,7 +259,6 @@ public class Saml2LoginConfigurerTests {
 
 	private static AuthenticationManager getAuthenticationManagerMock(String role) {
 		return new AuthenticationManager() {
-
 			@Override
 			public Authentication authenticate(Authentication authentication) throws AuthenticationException {
 				if (!supports(authentication.getClass())) {
@@ -306,7 +301,6 @@ public class Saml2LoginConfigurerTests {
 					return provider;
 				}
 			};
-
 			http.saml2Login().addObjectPostProcessor(processor);
 			super.configure(http);
 		}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistryTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistryTests.java
index ec88b8feae..5c9908836c 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistryTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistryTests.java
@@ -62,13 +62,10 @@ public class MessageSecurityMetadataSourceRegistryTests {
 		this.message = MessageBuilder.withPayload("Hi")
 				.setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "price.stock.1.2").build();
 		this.messages.simpDestPathMatcher(new AntPathMatcher(".")).simpDestMatchers("price.stock.*").permitAll();
-
 		assertThat(getAttribute()).isNull();
-
 		this.message = MessageBuilder.withPayload("Hi")
 				.setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "price.stock.1.2").build();
 		this.messages.simpDestPathMatcher(new AntPathMatcher(".")).simpDestMatchers("price.stock.**").permitAll();
-
 		assertThat(getAttribute()).isEqualTo("permitAll");
 	}
 
@@ -77,13 +74,10 @@ public class MessageSecurityMetadataSourceRegistryTests {
 		this.message = MessageBuilder.withPayload("Hi")
 				.setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "price.stock.1.2").build();
 		this.messages.simpDestMatchers("price.stock.*").permitAll().simpDestPathMatcher(new AntPathMatcher("."));
-
 		assertThat(getAttribute()).isNull();
-
 		this.message = MessageBuilder.withPayload("Hi")
 				.setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "price.stock.1.2").build();
 		this.messages.simpDestMatchers("price.stock.**").permitAll().simpDestPathMatcher(new AntPathMatcher("."));
-
 		assertThat(getAttribute()).isEqualTo("permitAll");
 	}
 
@@ -95,7 +89,6 @@ public class MessageSecurityMetadataSourceRegistryTests {
 	@Test
 	public void matchersFalse() {
 		this.messages.matchers(this.matcher).permitAll();
-
 		assertThat(getAttribute()).isNull();
 	}
 
@@ -103,35 +96,30 @@ public class MessageSecurityMetadataSourceRegistryTests {
 	public void matchersTrue() {
 		given(this.matcher.matches(this.message)).willReturn(true);
 		this.messages.matchers(this.matcher).permitAll();
-
 		assertThat(getAttribute()).isEqualTo("permitAll");
 	}
 
 	@Test
 	public void simpDestMatchersExact() {
 		this.messages.simpDestMatchers("location").permitAll();
-
 		assertThat(getAttribute()).isEqualTo("permitAll");
 	}
 
 	@Test
 	public void simpDestMatchersMulti() {
 		this.messages.simpDestMatchers("admin/**", "api/**").hasRole("ADMIN").simpDestMatchers("location").permitAll();
-
 		assertThat(getAttribute()).isEqualTo("permitAll");
 	}
 
 	@Test
 	public void simpDestMatchersRole() {
 		this.messages.simpDestMatchers("admin/**", "location/**").hasRole("ADMIN").anyMessage().denyAll();
-
 		assertThat(getAttribute()).isEqualTo("hasRole('ROLE_ADMIN')");
 	}
 
 	@Test
 	public void simpDestMatchersAnyRole() {
 		this.messages.simpDestMatchers("admin/**", "location/**").hasAnyRole("ADMIN", "ROOT").anyMessage().denyAll();
-
 		assertThat(getAttribute()).isEqualTo("hasAnyRole('ROLE_ADMIN','ROLE_ROOT')");
 	}
 
@@ -139,7 +127,6 @@ public class MessageSecurityMetadataSourceRegistryTests {
 	public void simpDestMatchersAuthority() {
 		this.messages.simpDestMatchers("admin/**", "location/**").hasAuthority("ROLE_ADMIN").anyMessage()
 				.fullyAuthenticated();
-
 		assertThat(getAttribute()).isEqualTo("hasAuthority('ROLE_ADMIN')");
 	}
 
@@ -147,7 +134,6 @@ public class MessageSecurityMetadataSourceRegistryTests {
 	public void simpDestMatchersAccess() {
 		String expected = "hasRole('ROLE_ADMIN') and fullyAuthenticated";
 		this.messages.simpDestMatchers("admin/**", "location/**").access(expected).anyMessage().denyAll();
-
 		assertThat(getAttribute()).isEqualTo(expected);
 	}
 
@@ -155,56 +141,48 @@ public class MessageSecurityMetadataSourceRegistryTests {
 	public void simpDestMatchersAnyAuthority() {
 		this.messages.simpDestMatchers("admin/**", "location/**").hasAnyAuthority("ROLE_ADMIN", "ROLE_ROOT")
 				.anyMessage().denyAll();
-
 		assertThat(getAttribute()).isEqualTo("hasAnyAuthority('ROLE_ADMIN','ROLE_ROOT')");
 	}
 
 	@Test
 	public void simpDestMatchersRememberMe() {
 		this.messages.simpDestMatchers("admin/**", "location/**").rememberMe().anyMessage().denyAll();
-
 		assertThat(getAttribute()).isEqualTo("rememberMe");
 	}
 
 	@Test
 	public void simpDestMatchersAnonymous() {
 		this.messages.simpDestMatchers("admin/**", "location/**").anonymous().anyMessage().denyAll();
-
 		assertThat(getAttribute()).isEqualTo("anonymous");
 	}
 
 	@Test
 	public void simpDestMatchersFullyAuthenticated() {
 		this.messages.simpDestMatchers("admin/**", "location/**").fullyAuthenticated().anyMessage().denyAll();
-
 		assertThat(getAttribute()).isEqualTo("fullyAuthenticated");
 	}
 
 	@Test
 	public void simpDestMatchersDenyAll() {
 		this.messages.simpDestMatchers("admin/**", "location/**").denyAll().anyMessage().permitAll();
-
 		assertThat(getAttribute()).isEqualTo("denyAll");
 	}
 
 	@Test
 	public void simpDestMessageMatchersNotMatch() {
 		this.messages.simpMessageDestMatchers("admin/**").denyAll().anyMessage().permitAll();
-
 		assertThat(getAttribute()).isEqualTo("permitAll");
 	}
 
 	@Test
 	public void simpDestMessageMatchersMatch() {
 		this.messages.simpMessageDestMatchers("location/**").denyAll().anyMessage().permitAll();
-
 		assertThat(getAttribute()).isEqualTo("denyAll");
 	}
 
 	@Test
 	public void simpDestSubscribeMatchersNotMatch() {
 		this.messages.simpSubscribeDestMatchers("location/**").denyAll().anyMessage().permitAll();
-
 		assertThat(getAttribute()).isEqualTo("permitAll");
 	}
 
@@ -212,16 +190,13 @@ public class MessageSecurityMetadataSourceRegistryTests {
 	public void simpDestSubscribeMatchersMatch() {
 		this.message = MessageBuilder.fromMessage(this.message)
 				.setHeader(SimpMessageHeaderAccessor.MESSAGE_TYPE_HEADER, SimpMessageType.SUBSCRIBE).build();
-
 		this.messages.simpSubscribeDestMatchers("location/**").denyAll().anyMessage().permitAll();
-
 		assertThat(getAttribute()).isEqualTo("denyAll");
 	}
 
 	@Test
 	public void nullDestMatcherNotMatches() {
 		this.messages.nullDestMatcher().denyAll().anyMessage().permitAll();
-
 		assertThat(getAttribute()).isEqualTo("permitAll");
 	}
 
@@ -229,16 +204,13 @@ public class MessageSecurityMetadataSourceRegistryTests {
 	public void nullDestMatcherMatch() {
 		this.message = MessageBuilder.withPayload("Hi")
 				.setHeader(SimpMessageHeaderAccessor.MESSAGE_TYPE_HEADER, SimpMessageType.CONNECT).build();
-
 		this.messages.nullDestMatcher().denyAll().anyMessage().permitAll();
-
 		assertThat(getAttribute()).isEqualTo("denyAll");
 	}
 
 	@Test
 	public void simpTypeMatchersMatch() {
 		this.messages.simpTypeMatchers(SimpMessageType.MESSAGE).denyAll().anyMessage().permitAll();
-
 		assertThat(getAttribute()).isEqualTo("denyAll");
 	}
 
@@ -246,14 +218,12 @@ public class MessageSecurityMetadataSourceRegistryTests {
 	public void simpTypeMatchersMatchMulti() {
 		this.messages.simpTypeMatchers(SimpMessageType.CONNECT, SimpMessageType.MESSAGE).denyAll().anyMessage()
 				.permitAll();
-
 		assertThat(getAttribute()).isEqualTo("denyAll");
 	}
 
 	@Test
 	public void simpTypeMatchersNotMatch() {
 		this.messages.simpTypeMatchers(SimpMessageType.CONNECT).denyAll().anyMessage().permitAll();
-
 		assertThat(getAttribute()).isEqualTo("permitAll");
 	}
 
@@ -261,7 +231,6 @@ public class MessageSecurityMetadataSourceRegistryTests {
 	public void simpTypeMatchersNotMatchMulti() {
 		this.messages.simpTypeMatchers(SimpMessageType.CONNECT, SimpMessageType.DISCONNECT).denyAll().anyMessage()
 				.permitAll();
-
 		assertThat(getAttribute()).isEqualTo("permitAll");
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurityTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurityTests.java
index f4024587df..683c35f2bd 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurityTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurityTests.java
@@ -90,9 +90,7 @@ public class EnableWebFluxSecurityTests {
 	@Test
 	public void defaultRequiresAuthentication() {
 		this.spring.register(Config.class).autowire();
-
 		WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.springSecurityFilterChain).build();
-
 		client.get().uri("/").exchange().expectStatus().isUnauthorized().expectBody().isEmpty();
 	}
 
@@ -100,18 +98,14 @@ public class EnableWebFluxSecurityTests {
 	@Test
 	public void defaultMediaAllThenUnAuthorized() {
 		this.spring.register(Config.class).autowire();
-
 		WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.springSecurityFilterChain).build();
-
 		client.get().uri("/").accept(MediaType.ALL).exchange().expectStatus().isUnauthorized().expectBody().isEmpty();
 	}
 
 	@Test
 	public void authenticateWhenBasicThenNoSession() {
 		this.spring.register(Config.class).autowire();
-
 		WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.springSecurityFilterChain).build();
-
 		FluxExchangeResult<String> result = client.get().headers((headers) -> headers.setBasicAuth("user", "password"))
 				.exchange().expectStatus().isOk().returnResult(String.class);
 		result.assertWithDiagnostics(() -> assertThat(result.getResponseCookies().isEmpty()));
@@ -133,7 +127,6 @@ public class EnableWebFluxSecurityTests {
 										.map(SecurityContext::getAuthentication).flatMap((principal) -> exchange
 												.getResponse().writeWith(Mono.just(toDataBuffer(principal.getName())))))
 				.build();
-
 		client.get().uri("/").exchange().expectStatus().isOk().expectBody(String.class)
 				.consumeWith((result) -> assertThat(result.getResponseBody()).isEqualTo(currentPrincipal.getName()));
 	}
@@ -148,7 +141,6 @@ public class EnableWebFluxSecurityTests {
 										.map(SecurityContext::getAuthentication).flatMap((principal) -> exchange
 												.getResponse().writeWith(Mono.just(toDataBuffer(principal.getName())))))
 				.build();
-
 		client.get().uri("/").headers((headers) -> headers.setBasicAuth("user", "password")).exchange().expectStatus()
 				.isOk().expectBody(String.class)
 				.consumeWith((result) -> assertThat(result.getResponseBody()).isEqualTo("user"));
@@ -157,7 +149,6 @@ public class EnableWebFluxSecurityTests {
 	@Test
 	public void requestDataValueProcessor() {
 		this.spring.register(Config.class).autowire();
-
 		ConfigurableApplicationContext context = this.spring.getContext();
 		CsrfRequestDataValueProcessor rdvp = context.getBean(AbstractView.REQUEST_DATA_VALUE_PROCESSOR_BEAN_NAME,
 				CsrfRequestDataValueProcessor.class);
@@ -174,7 +165,6 @@ public class EnableWebFluxSecurityTests {
 										.map(SecurityContext::getAuthentication).flatMap((principal) -> exchange
 												.getResponse().writeWith(Mono.just(toDataBuffer(principal.getName())))))
 				.build();
-
 		client.get().uri("/").headers((headers) -> headers.setBasicAuth("user", "password")).exchange().expectStatus()
 				.isOk().expectBody(String.class)
 				.consumeWith((result) -> assertThat(result.getResponseBody()).isEqualTo("user"));
@@ -184,9 +174,7 @@ public class EnableWebFluxSecurityTests {
 	public void passwordUpdateManagerUsed() {
 		this.spring.register(MapReactiveUserDetailsServiceConfig.class).autowire();
 		WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.springSecurityFilterChain).build();
-
 		client.get().uri("/").headers((h) -> h.setBasicAuth("user", "password")).exchange().expectStatus().isOk();
-
 		ReactiveUserDetailsService users = this.spring.getContext().getBean(ReactiveUserDetailsService.class);
 		assertThat(users.findByUsername("user").block().getPassword()).startsWith("{bcrypt}");
 	}
@@ -198,7 +186,6 @@ public class EnableWebFluxSecurityTests {
 				chain) -> Mono.subscriberContext().flatMap((c) -> c.<Mono<Principal>>get(Authentication.class)).flatMap(
 						(principal) -> exchange.getResponse().writeWith(Mono.just(toDataBuffer(principal.getName())))))
 				.build();
-
 		MultiValueMap<String, String> data = new LinkedMultiValueMap<>();
 		data.add("username", "user");
 		data.add("password", "password");
@@ -211,9 +198,7 @@ public class EnableWebFluxSecurityTests {
 	public void multiWorks() {
 		this.spring.register(MultiSecurityHttpConfig.class).autowire();
 		WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.springSecurityFilterChain).build();
-
 		client.get().uri("/api/test").exchange().expectStatus().isUnauthorized().expectBody().isEmpty();
-
 		client.get().uri("/test").exchange().expectStatus().isOk();
 	}
 
@@ -221,9 +206,7 @@ public class EnableWebFluxSecurityTests {
 	@WithMockUser
 	public void authenticationPrincipalArgumentResolverWhenSpelThenWorks() {
 		this.spring.register(AuthenticationPrincipalConfig.class).autowire();
-
 		WebTestClient client = WebTestClient.bindToApplicationContext(this.spring.getContext()).build();
-
 		client.get().uri("/spel").exchange().expectStatus().isOk().expectBody(String.class).isEqualTo("user");
 	}
 
@@ -236,20 +219,16 @@ public class EnableWebFluxSecurityTests {
 	@Test
 	public void enableWebFluxSecurityWhenNoConfigurationAnnotationThenBeanProxyingEnabled() {
 		this.spring.register(BeanProxyEnabledByDefaultConfig.class).autowire();
-
 		Child childBean = this.spring.getContext().getBean(Child.class);
 		Parent parentBean = this.spring.getContext().getBean(Parent.class);
-
 		assertThat(parentBean.getChild()).isSameAs(childBean);
 	}
 
 	@Test
 	public void enableWebFluxSecurityWhenProxyBeanMethodsFalseThenBeanProxyingDisabled() {
 		this.spring.register(BeanProxyDisabledConfig.class).autowire();
-
 		Child childBean = this.spring.getContext().getBean(Child.class);
 		Parent parentBean = this.spring.getContext().getBean(Parent.class);
-
 		assertThat(parentBean.getChild()).isNotSameAs(childBean);
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfigurationTests.java
index 4a7c033ea2..b791eba328 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfigurationTests.java
@@ -41,7 +41,6 @@ public class ServerHttpSecurityConfigurationTests {
 		this.spring.register(ServerHttpSecurityConfiguration.class, ReactiveAuthenticationTestConfiguration.class,
 				WebFluxSecurityConfiguration.class).autowire();
 		ServerHttpSecurity serverHttpSecurity = this.spring.getContext().getBean(ServerHttpSecurity.class);
-
 		assertThat(serverHttpSecurity).isNotNull();
 	}
 
@@ -50,7 +49,6 @@ public class ServerHttpSecurityConfigurationTests {
 		this.spring.register(SubclassConfig.class, ReactiveAuthenticationTestConfiguration.class,
 				WebFluxSecurityConfiguration.class).autowire();
 		ServerHttpSecurity serverHttpSecurity = this.spring.getContext().getBean(ServerHttpSecurity.class);
-
 		assertThat(serverHttpSecurity).isNotNull();
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/reactive/WebFluxSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/reactive/WebFluxSecurityConfigurationTests.java
index fed6517951..43fb7fb1da 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/reactive/WebFluxSecurityConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/reactive/WebFluxSecurityConfigurationTests.java
@@ -41,7 +41,6 @@ public class WebFluxSecurityConfigurationTests {
 		this.spring.register(ServerHttpSecurityConfiguration.class, ReactiveAuthenticationTestConfiguration.class,
 				WebFluxSecurityConfiguration.class).autowire();
 		WebFilterChainProxy webFilterChainProxy = this.spring.getContext().getBean(WebFilterChainProxy.class);
-
 		assertThat(webFilterChainProxy).isNotNull();
 	}
 
@@ -50,7 +49,6 @@ public class WebFluxSecurityConfigurationTests {
 		this.spring.register(ServerHttpSecurityConfiguration.class, ReactiveAuthenticationTestConfiguration.class,
 				WebFluxSecurityConfigurationTests.SubclassConfig.class).autowire();
 		WebFilterChainProxy webFilterChainProxy = this.spring.getContext().getBean(WebFilterChainProxy.class);
-
 		assertThat(webFilterChainProxy).isNotNull();
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerDocTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerDocTests.java
index 5b38a0668c..de09d8ec07 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerDocTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerDocTests.java
@@ -75,9 +75,7 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerDocTests {
 	@Test
 	public void securityMappings() {
 		loadConfig(WebSocketSecurityConfig.class);
-
 		clientInboundChannel().send(message("/user/queue/errors", SimpMessageType.SUBSCRIBE));
-
 		try {
 			clientInboundChannel().send(message("/denyAll", SimpMessageType.MESSAGE));
 			fail("Expected Exception");
@@ -140,7 +138,6 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerDocTests {
 					.simpSubscribeDestMatchers("/user/**", "/topic/friends/*").hasRole("USER") // <4>
 					.simpTypeMatchers(SimpMessageType.MESSAGE, SimpMessageType.SUBSCRIBE).denyAll() // <5>
 					.anyMessage().denyAll(); // <6>
-
 		}
 
 	}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerTests.java
index 4aecda3869..37a4687617 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerTests.java
@@ -107,9 +107,7 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
 	@Test
 	public void simpleRegistryMappings() {
 		loadConfig(SockJsSecurityConfig.class);
-
 		clientInboundChannel().send(message("/permitAll"));
-
 		try {
 			clientInboundChannel().send(message("/denyAll"));
 			fail("Expected Exception");
@@ -122,7 +120,6 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
 	@Test
 	public void annonymousSupported() {
 		loadConfig(SockJsSecurityConfig.class);
-
 		this.messageUser = null;
 		clientInboundChannel().send(message("/permitAll"));
 	}
@@ -131,7 +128,6 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
 	@Test
 	public void beanResolver() {
 		loadConfig(SockJsSecurityConfig.class);
-
 		this.messageUser = null;
 		clientInboundChannel().send(message("/beanResolver"));
 	}
@@ -139,11 +135,9 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
 	@Test
 	public void addsAuthenticationPrincipalResolver() {
 		loadConfig(SockJsSecurityConfig.class);
-
 		MessageChannel messageChannel = clientInboundChannel();
 		Message<String> message = message("/permitAll/authentication");
 		messageChannel.send(message);
-
 		assertThat(this.context.getBean(MyController.class).authenticationPrincipal)
 				.isEqualTo((String) this.messageUser.getPrincipal());
 	}
@@ -151,11 +145,9 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
 	@Test
 	public void addsAuthenticationPrincipalResolverWhenNoAuthorization() {
 		loadConfig(NoInboundSecurityConfig.class);
-
 		MessageChannel messageChannel = clientInboundChannel();
 		Message<String> message = message("/permitAll/authentication");
 		messageChannel.send(message);
-
 		assertThat(this.context.getBean(MyController.class).authenticationPrincipal)
 				.isEqualTo((String) this.messageUser.getPrincipal());
 	}
@@ -163,11 +155,9 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
 	@Test
 	public void addsCsrfProtectionWhenNoAuthorization() {
 		loadConfig(NoInboundSecurityConfig.class);
-
 		SimpMessageHeaderAccessor headers = SimpMessageHeaderAccessor.create(SimpMessageType.CONNECT);
 		Message<?> message = message(headers, "/authentication");
 		MessageChannel messageChannel = clientInboundChannel();
-
 		try {
 			messageChannel.send(message);
 			fail("Expected Exception");
@@ -180,11 +170,9 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
 	@Test
 	public void csrfProtectionForConnect() {
 		loadConfig(SockJsSecurityConfig.class);
-
 		SimpMessageHeaderAccessor headers = SimpMessageHeaderAccessor.create(SimpMessageType.CONNECT);
 		Message<?> message = message(headers, "/authentication");
 		MessageChannel messageChannel = clientInboundChannel();
-
 		try {
 			messageChannel.send(message);
 			fail("Expected Exception");
@@ -197,73 +185,57 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
 	@Test
 	public void csrfProtectionDisabledForConnect() {
 		loadConfig(CsrfDisabledSockJsSecurityConfig.class);
-
 		SimpMessageHeaderAccessor headers = SimpMessageHeaderAccessor.create(SimpMessageType.CONNECT);
 		Message<?> message = message(headers, "/permitAll/connect");
 		MessageChannel messageChannel = clientInboundChannel();
-
 		messageChannel.send(message);
 	}
 
 	@Test
 	public void csrfProtectionDefinedByBean() {
 		loadConfig(SockJsProxylessSecurityConfig.class);
-
 		MessageChannel messageChannel = clientInboundChannel();
 		CsrfChannelInterceptor csrfChannelInterceptor = this.context.getBean(CsrfChannelInterceptor.class);
-
 		assertThat(((AbstractMessageChannel) messageChannel).getInterceptors()).contains(csrfChannelInterceptor);
 	}
 
 	@Test
 	public void messagesConnectUseCsrfTokenHandshakeInterceptor() throws Exception {
-
 		loadConfig(SockJsSecurityConfig.class);
-
 		SimpMessageHeaderAccessor headers = SimpMessageHeaderAccessor.create(SimpMessageType.CONNECT);
 		Message<?> message = message(headers, "/authentication");
 		MockHttpServletRequest request = sockjsHttpRequest("/chat");
 		HttpRequestHandler handler = handler(request);
-
 		handler.handleRequest(request, new MockHttpServletResponse());
-
 		assertHandshake(request);
 	}
 
 	@Test
 	public void messagesConnectUseCsrfTokenHandshakeInterceptorMultipleMappings() throws Exception {
 		loadConfig(SockJsSecurityConfig.class);
-
 		SimpMessageHeaderAccessor headers = SimpMessageHeaderAccessor.create(SimpMessageType.CONNECT);
 		Message<?> message = message(headers, "/authentication");
 		MockHttpServletRequest request = sockjsHttpRequest("/other");
 		HttpRequestHandler handler = handler(request);
-
 		handler.handleRequest(request, new MockHttpServletResponse());
-
 		assertHandshake(request);
 	}
 
 	@Test
 	public void messagesConnectWebSocketUseCsrfTokenHandshakeInterceptor() throws Exception {
 		loadConfig(WebSocketSecurityConfig.class);
-
 		SimpMessageHeaderAccessor headers = SimpMessageHeaderAccessor.create(SimpMessageType.CONNECT);
 		Message<?> message = message(headers, "/authentication");
 		MockHttpServletRequest request = websocketHttpRequest("/websocket");
 		HttpRequestHandler handler = handler(request);
-
 		handler.handleRequest(request, new MockHttpServletResponse());
-
 		assertHandshake(request);
 	}
 
 	@Test
 	public void msmsRegistryCustomPatternMatcher() {
 		loadConfig(MsmsRegistryCustomPatternMatcherConfig.class);
-
 		clientInboundChannel().send(message("/app/a.b"));
-
 		try {
 			clientInboundChannel().send(message("/app/a.b.c"));
 			fail("Expected Exception");
@@ -276,9 +248,7 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
 	@Test
 	public void overrideMsmsRegistryCustomPatternMatcher() {
 		loadConfig(OverrideMsmsRegistryCustomPatternMatcherConfig.class);
-
 		clientInboundChannel().send(message("/app/a/b"));
-
 		try {
 			clientInboundChannel().send(message("/app/a/b/c"));
 			fail("Expected Exception");
@@ -291,9 +261,7 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
 	@Test
 	public void defaultPatternMatcher() {
 		loadConfig(DefaultPatternMatcherConfig.class);
-
 		clientInboundChannel().send(message("/app/a/b"));
-
 		try {
 			clientInboundChannel().send(message("/app/a/b/c"));
 			fail("Expected Exception");
@@ -306,9 +274,7 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
 	@Test
 	public void customExpression() {
 		loadConfig(CustomExpressionConfig.class);
-
 		clientInboundChannel().send(message("/denyRob"));
-
 		this.messageUser = new TestingAuthenticationToken("rob", "password", "ROLE_USER");
 		try {
 			clientInboundChannel().send(message("/denyRob"));
@@ -321,24 +287,19 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
 
 	@Test
 	public void channelSecurityInterceptorUsesMetadataSourceBeanWhenProxyingDisabled() {
-
 		loadConfig(SockJsProxylessSecurityConfig.class);
-
 		ChannelSecurityInterceptor channelSecurityInterceptor = this.context.getBean(ChannelSecurityInterceptor.class);
 		MessageSecurityMetadataSource messageSecurityMetadataSource = this.context
 				.getBean(MessageSecurityMetadataSource.class);
-
 		assertThat(channelSecurityInterceptor.obtainSecurityMetadataSource()).isSameAs(messageSecurityMetadataSource);
 	}
 
 	@Test
 	public void securityContextChannelInterceptorDefinedByBean() {
 		loadConfig(SockJsProxylessSecurityConfig.class);
-
 		MessageChannel messageChannel = clientInboundChannel();
 		SecurityContextChannelInterceptor securityContextChannelInterceptor = this.context
 				.getBean(SecurityContextChannelInterceptor.class);
-
 		assertThat(((AbstractMessageChannel) messageChannel).getInterceptors())
 				.contains(securityContextChannelInterceptor);
 	}
@@ -346,10 +307,8 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
 	@Test
 	public void inboundChannelSecurityDefinedByBean() {
 		loadConfig(SockJsProxylessSecurityConfig.class);
-
 		MessageChannel messageChannel = clientInboundChannel();
 		ChannelSecurityInterceptor inboundChannelSecurity = this.context.getBean(ChannelSecurityInterceptor.class);
-
 		assertThat(((AbstractMessageChannel) messageChannel).getInterceptors()).contains(inboundChannelSecurity);
 	}
 
@@ -377,7 +336,6 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
 		request.setAttribute(HandlerMapping.PATH_WITHIN_HANDLER_MAPPING_ATTRIBUTE, "/289/tpyx6mde/websocket");
 		request.setRequestURI(mapping + "/289/tpyx6mde/websocket");
 		request.getSession().setAttribute(this.sessionAttr, "sessionValue");
-
 		request.setAttribute(CsrfToken.class.getName(), this.token);
 		return request;
 	}
@@ -423,7 +381,6 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
 				.setHandshakeHandler(testHandshakeHandler());
 		}
 		// @formatter:on
-
 		// @formatter:off
 		@Override
 		protected void configureInbound(MessageSecurityMetadataSourceRegistry messages) {
@@ -432,7 +389,6 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
 				.anyMessage().denyAll();
 		}
 		// @formatter:on
-
 		@Override
 		public void configureMessageBroker(MessageBrokerRegistry registry) {
 			registry.setPathMatcher(new AntPathMatcher("."));
@@ -461,7 +417,6 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
 				.setHandshakeHandler(testHandshakeHandler());
 		}
 		// @formatter:on
-
 		// @formatter:off
 		@Override
 		protected void configureInbound(MessageSecurityMetadataSourceRegistry messages) {
@@ -471,7 +426,6 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
 				.anyMessage().denyAll();
 		}
 		// @formatter:on
-
 		@Override
 		public void configureMessageBroker(MessageBrokerRegistry registry) {
 			registry.setPathMatcher(new AntPathMatcher("."));
@@ -499,7 +453,6 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
 				.setHandshakeHandler(testHandshakeHandler());
 		}
 		// @formatter:on
-
 		// @formatter:off
 		@Override
 		protected void configureInbound(MessageSecurityMetadataSourceRegistry messages) {
@@ -508,7 +461,6 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
 				.anyMessage().denyAll();
 		}
 		// @formatter:on
-
 		@Override
 		public void configureMessageBroker(MessageBrokerRegistry registry) {
 			registry.enableSimpleBroker("/queue/", "/topic/");
@@ -535,7 +487,6 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
 				.setHandshakeHandler(testHandshakeHandler());
 		}
 		// @formatter:on
-
 		// @formatter:off
 		@Override
 		protected void configureInbound(MessageSecurityMetadataSourceRegistry messages) {
@@ -543,24 +494,19 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
 				.anyMessage().access("denyRob()");
 		}
 		// @formatter:on
-
 		@Bean
 		static SecurityExpressionHandler<Message<Object>> messageSecurityExpressionHandler() {
 			return new DefaultMessageSecurityExpressionHandler<Object>() {
-
 				@Override
 				protected SecurityExpressionOperations createSecurityExpressionRoot(Authentication authentication,
 						Message<Object> invocation) {
 					return new MessageSecurityExpressionRoot(authentication, invocation) {
-
 						public boolean denyRob() {
 							Authentication auth = getAuthentication();
 							return auth != null && !"rob".equals(auth.getName());
 						}
-
 					};
 				}
-
 			};
 		}
 
@@ -646,7 +592,6 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
 		public void registerStompEndpoints(StompEndpointRegistry registry) {
 			registry.addEndpoint("/other").setHandshakeHandler(testHandshakeHandler()).withSockJS()
 					.setInterceptors(new HttpSessionHandshakeInterceptor());
-
 			registry.addEndpoint("/chat").setHandshakeHandler(testHandshakeHandler()).withSockJS()
 					.setInterceptors(new HttpSessionHandshakeInterceptor());
 		}
@@ -660,7 +605,6 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
 				.anyMessage().denyAll();
 		}
 		// @formatter:on
-
 		@Override
 		public void configureMessageBroker(MessageBrokerRegistry registry) {
 			registry.enableSimpleBroker("/queue/", "/topic/");
@@ -703,7 +647,6 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
 		@Override
 		public void registerStompEndpoints(StompEndpointRegistry registry) {
 			registry.addEndpoint("/other").withSockJS().setInterceptors(new HttpSessionHandshakeInterceptor());
-
 			registry.addEndpoint("/chat").withSockJS().setInterceptors(new HttpSessionHandshakeInterceptor());
 		}
 
@@ -754,7 +697,6 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
 				.anyMessage().denyAll();
 		}
 		// @formatter:on
-
 		@Bean
 		public TestHandshakeHandler testHandshakeHandler() {
 			return new TestHandshakeHandler();
@@ -787,7 +729,6 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
 					.anyMessage().denyAll();
 		}
 		// @formatter:on
-
 		@Bean
 		public TestHandshakeHandler testHandshakeHandler() {
 			return new TestHandshakeHandler();
diff --git a/config/src/test/java/org/springframework/security/config/authentication/AuthenticationConfigurationGh3935Tests.java b/config/src/test/java/org/springframework/security/config/authentication/AuthenticationConfigurationGh3935Tests.java
index b688bba746..bdc4383017 100644
--- a/config/src/test/java/org/springframework/security/config/authentication/AuthenticationConfigurationGh3935Tests.java
+++ b/config/src/test/java/org/springframework/security/config/authentication/AuthenticationConfigurationGh3935Tests.java
@@ -69,13 +69,10 @@ public class AuthenticationConfigurationGh3935Tests {
 		String username = "user";
 		String password = "password";
 		given(this.uds.loadUserByUsername(username)).willReturn(PasswordEncodedUser.user());
-
 		AuthenticationManager authenticationManager = this.adapter.authenticationManager;
 		assertThat(authenticationManager).isNotNull();
-
 		Authentication auth = authenticationManager
 				.authenticate(new UsernamePasswordAuthenticationToken(username, password));
-
 		verify(this.uds).loadUserByUsername(username);
 		assertThat(auth.getPrincipal()).isEqualTo(PasswordEncodedUser.user());
 	}
diff --git a/config/src/test/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParserTests.java
index 790bb61c2d..e47536021a 100644
--- a/config/src/test/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParserTests.java
@@ -64,12 +64,10 @@ public class AuthenticationManagerBeanDefinitionParserTests {
 		ConfigurableApplicationContext appContext = this.spring.context(CONTEXT).getContext();
 		AuthListener listener = new AuthListener();
 		appContext.addApplicationListener(listener);
-
 		ProviderManager pm = (ProviderManager) appContext.getBeansOfType(ProviderManager.class).values().toArray()[0];
 		Object eventPublisher = FieldUtils.getFieldValue(pm, "eventPublisher");
 		assertThat(eventPublisher).isNotNull();
 		assertThat(eventPublisher instanceof DefaultAuthenticationEventPublisher).isTrue();
-
 		pm.authenticate(new UsernamePasswordAuthenticationToken("bob", "bobspassword"));
 		assertThat(listener.events).hasSize(1);
 	}
@@ -99,7 +97,6 @@ public class AuthenticationManagerBeanDefinitionParserTests {
 						+ "<user-service>" + "  <user name='user' password='password' authorities='ROLE_A,ROLE_B' />"
 						+ "</user-service>" + "<http/>")
 				.mockMvcAfterSpringSecurityOk().autowire();
-
 		this.mockMvc.perform(get("/").with(httpBasic("user", "password"))).andExpect(status().isOk());
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/authentication/AuthenticationProviderBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/authentication/AuthenticationProviderBeanDefinitionParserTests.java
index 42d9b70229..bfdf477d64 100644
--- a/config/src/test/java/org/springframework/security/config/authentication/AuthenticationProviderBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/authentication/AuthenticationProviderBeanDefinitionParserTests.java
@@ -72,7 +72,6 @@ public class AuthenticationProviderBeanDefinitionParserTests {
 		setContext(" <authentication-provider>" + "        <password-encoder hash='bcrypt'/>" + "        <user-service>"
 				+ "            <user name='bob' password='$2a$05$dRmjl1T05J7rvCPD2NgsHesCEJHww3pdmesUhjM3PD4m/gaEYyx/G' authorities='ROLE_A' />"
 				+ "        </user-service>" + "    </authentication-provider>");
-
 		getProvider().authenticate(this.bob);
 	}
 
@@ -84,7 +83,6 @@ public class AuthenticationProviderBeanDefinitionParserTests {
 				+ "        </user-service>" + "    </authentication-provider>" + " </authentication-manager>"
 				+ " <b:bean id='passwordEncoder'  class='" + MessageDigestPasswordEncoder.class.getName() + "'>"
 				+ "     <b:constructor-arg value='MD5'/>" + " </b:bean>");
-
 		getProvider().authenticate(this.bob);
 	}
 
@@ -95,7 +93,6 @@ public class AuthenticationProviderBeanDefinitionParserTests {
 				+ "            <user name='bob' password='{SSHA}PpuEwfdj7M1rs0C2W4ssSM2XEN/Y6S5U' authorities='ROLE_A' />"
 				+ "        </user-service>" + "    </authentication-provider>" + " </authentication-manager>"
 				+ " <b:bean id='passwordEncoder'  class='" + LdapShaPasswordEncoder.class.getName() + "'/>");
-
 		getProvider().authenticate(this.bob);
 	}
 
@@ -108,7 +105,6 @@ public class AuthenticationProviderBeanDefinitionParserTests {
 				+ " <b:bean id='passwordEncoder'  class='" + MessageDigestPasswordEncoder.class.getName() + "'>"
 				+ "     <b:constructor-arg value='MD5'/>" + "     <b:property name='encodeHashAsBase64' value='true'/>"
 				+ " </b:bean>");
-
 		getProvider().authenticate(this.bob);
 	}
 
@@ -127,7 +123,6 @@ public class AuthenticationProviderBeanDefinitionParserTests {
 	private AuthenticationProvider getProvider() {
 		List<AuthenticationProvider> providers = ((ProviderManager) this.appContext
 				.getBean(BeanIds.AUTHENTICATION_MANAGER)).getProviders();
-
 		return providers.get(0);
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/authentication/JdbcUserServiceBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/authentication/JdbcUserServiceBeanDefinitionParserTests.java
index cf8c3eaabd..38a41e0730 100644
--- a/config/src/test/java/org/springframework/security/config/authentication/JdbcUserServiceBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/authentication/JdbcUserServiceBeanDefinitionParserTests.java
@@ -45,9 +45,8 @@ public class JdbcUserServiceBeanDefinitionParserTests {
 	private static String USER_CACHE_XML = "<b:bean id='userCache' class='org.springframework.security.authentication.dao.MockUserCache'/>";
 
 	private static String DATA_SOURCE = "    <b:bean id='populator' class='org.springframework.security.config.DataSourcePopulator'>"
-			+ "        <b:property name='dataSource' ref='dataSource'/>" + "    </b:bean>" +
-
-			"    <b:bean id='dataSource' class='org.springframework.security.TestDataSource'>"
+			+ "        <b:property name='dataSource' ref='dataSource'/>" + "    </b:bean>"
+			+ "    <b:bean id='dataSource' class='org.springframework.security.TestDataSource'>"
 			+ "        <b:constructor-arg value='jdbcnamespaces'/>" + "    </b:bean>";
 
 	private InMemoryXmlApplicationContext appContext;
diff --git a/config/src/test/java/org/springframework/security/config/authentication/PasswordEncoderParserTests.java b/config/src/test/java/org/springframework/security/config/authentication/PasswordEncoderParserTests.java
index 226f633822..8820c19a7f 100644
--- a/config/src/test/java/org/springframework/security/config/authentication/PasswordEncoderParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/authentication/PasswordEncoderParserTests.java
@@ -44,7 +44,6 @@ public class PasswordEncoderParserTests {
 		this.spring.configLocations(
 				"classpath:org/springframework/security/config/authentication/PasswordEncoderParserTests-default.xml")
 				.mockMvcAfterSpringSecurityOk().autowire();
-
 		this.mockMvc.perform(get("/").with(httpBasic("user", "password"))).andExpect(status().isOk());
 	}
 
@@ -53,7 +52,6 @@ public class PasswordEncoderParserTests {
 		this.spring.configLocations(
 				"classpath:org/springframework/security/config/authentication/PasswordEncoderParserTests-bean.xml")
 				.mockMvcAfterSpringSecurityOk().autowire();
-
 		this.mockMvc.perform(get("/").with(httpBasic("user", "password"))).andExpect(status().isOk());
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/authentication/UserServiceBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/authentication/UserServiceBeanDefinitionParserTests.java
index 2879c6343f..b86b6f9ed8 100644
--- a/config/src/test/java/org/springframework/security/config/authentication/UserServiceBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/authentication/UserServiceBeanDefinitionParserTests.java
@@ -120,7 +120,6 @@ public class UserServiceBeanDefinitionParserTests {
 	public void multipleTopLevelUseWithoutIdThrowsException() {
 		setContext("<user-service properties='classpath:org/springframework/security/config/users.properties'/>"
 				+ "<user-service properties='classpath:org/springframework/security/config/users.properties'/>");
-
 	}
 
 	@Test(expected = FatalBeanException.class)
diff --git a/config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsJcTests.java b/config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsJcTests.java
index 14298cf186..49025a33c3 100644
--- a/config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsJcTests.java
+++ b/config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsJcTests.java
@@ -70,7 +70,6 @@ public class GrantedAuthorityDefaultsJcTests {
 	@Before
 	public void setup() {
 		setup("USER");
-
 		this.request = new MockHttpServletRequest("GET", "");
 		this.request.setMethod("GET");
 		this.response = new MockHttpServletResponse();
@@ -87,22 +86,17 @@ public class GrantedAuthorityDefaultsJcTests {
 		SecurityContext context = SecurityContextHolder.getContext();
 		this.request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY,
 				context);
-
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
 	}
 
 	@Test
 	public void doFilterDenied() throws Exception {
 		setup("DENIED");
-
 		SecurityContext context = SecurityContextHolder.getContext();
 		this.request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY,
 				context);
-
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_FORBIDDEN);
 	}
 
@@ -119,14 +113,12 @@ public class GrantedAuthorityDefaultsJcTests {
 	@Test(expected = AccessDeniedException.class)
 	public void messageDenied() {
 		setup("DENIED");
-
 		this.messageService.getMessage();
 	}
 
 	@Test(expected = AccessDeniedException.class)
 	public void jsrMessageDenied() {
 		setup("DENIED");
-
 		this.messageService.getJsrMessage();
 	}
 
@@ -136,9 +128,7 @@ public class GrantedAuthorityDefaultsJcTests {
 		SecurityContext context = SecurityContextHolder.getContext();
 		this.request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY,
 				context);
-
 		this.chain = new MockFilterChain() {
-
 			@Override
 			public void doFilter(ServletRequest request, ServletResponse response)
 					throws IOException, ServletException {
@@ -147,11 +137,8 @@ public class GrantedAuthorityDefaultsJcTests {
 				assertThat(httpRequest.isUserInRole("INVALID")).isFalse();
 				super.doFilter(request, response);
 			}
-
 		};
-
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
 		assertThat(this.chain.getRequest()).isNotNull();
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsXmlTests.java b/config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsXmlTests.java
index 6de129cf68..d8dad3d308 100644
--- a/config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsXmlTests.java
+++ b/config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsXmlTests.java
@@ -63,7 +63,6 @@ public class GrantedAuthorityDefaultsXmlTests {
 	@Before
 	public void setup() {
 		setup("USER");
-
 		this.request = new MockHttpServletRequest("GET", "");
 		this.request.setMethod("GET");
 		this.response = new MockHttpServletResponse();
@@ -80,22 +79,17 @@ public class GrantedAuthorityDefaultsXmlTests {
 		SecurityContext context = SecurityContextHolder.getContext();
 		this.request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY,
 				context);
-
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
 	}
 
 	@Test
 	public void doFilterDenied() throws Exception {
 		setup("DENIED");
-
 		SecurityContext context = SecurityContextHolder.getContext();
 		this.request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY,
 				context);
-
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_FORBIDDEN);
 	}
 
@@ -112,14 +106,12 @@ public class GrantedAuthorityDefaultsXmlTests {
 	@Test(expected = AccessDeniedException.class)
 	public void messageDenied() {
 		setup("DENIED");
-
 		this.messageService.getMessage();
 	}
 
 	@Test(expected = AccessDeniedException.class)
 	public void jsrMessageDenied() {
 		setup("DENIED");
-
 		this.messageService.getJsrMessage();
 	}
 
@@ -129,9 +121,7 @@ public class GrantedAuthorityDefaultsXmlTests {
 		SecurityContext context = SecurityContextHolder.getContext();
 		this.request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY,
 				context);
-
 		this.chain = new MockFilterChain() {
-
 			@Override
 			public void doFilter(ServletRequest request, ServletResponse response)
 					throws IOException, ServletException {
@@ -140,11 +130,8 @@ public class GrantedAuthorityDefaultsXmlTests {
 				assertThat(httpRequest.isUserInRole("INVALID")).isFalse();
 				super.doFilter(request, response);
 			}
-
 		};
-
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
 		assertThat(this.chain.getRequest()).isNotNull();
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/core/userdetails/UserDetailsResourceFactoryBeanTests.java b/config/src/test/java/org/springframework/security/config/core/userdetails/UserDetailsResourceFactoryBeanTests.java
index 5e476818cb..223f082498 100644
--- a/config/src/test/java/org/springframework/security/config/core/userdetails/UserDetailsResourceFactoryBeanTests.java
+++ b/config/src/test/java/org/springframework/security/config/core/userdetails/UserDetailsResourceFactoryBeanTests.java
@@ -52,7 +52,6 @@ public class UserDetailsResourceFactoryBeanTests {
 	@Test
 	public void getObjectWhenPropertiesResourceLocationNullThenThrowsIllegalStateException() {
 		this.factory.setResourceLoader(this.resourceLoader);
-
 		assertThatThrownBy(() -> this.factory.getObject()).isInstanceOf(IllegalArgumentException.class)
 				.hasStackTraceContaining("resource cannot be null if resourceLocation is null");
 	}
@@ -60,23 +59,19 @@ public class UserDetailsResourceFactoryBeanTests {
 	@Test
 	public void getObjectWhenPropertiesResourceLocationSingleUserThenThrowsGetsSingleUser() throws Exception {
 		this.factory.setResourceLocation("classpath:users.properties");
-
 		Collection<UserDetails> users = this.factory.getObject();
-
 		assertLoaded();
 	}
 
 	@Test
 	public void getObjectWhenPropertiesResourceSingleUserThenThrowsGetsSingleUser() throws Exception {
 		this.factory.setResource(new InMemoryResource("user=password,ROLE_USER"));
-
 		assertLoaded();
 	}
 
 	@Test
 	public void getObjectWhenInvalidUserThenThrowsMeaningfulException() {
 		this.factory.setResource(new InMemoryResource("user=invalidFormatHere"));
-
 		assertThatThrownBy(() -> this.factory.getObject()).isInstanceOf(IllegalStateException.class)
 				.hasStackTraceContaining("user").hasStackTraceContaining("invalidFormatHere");
 	}
@@ -84,7 +79,6 @@ public class UserDetailsResourceFactoryBeanTests {
 	@Test
 	public void getObjectWhenStringSingleUserThenGetsSingleUser() throws Exception {
 		this.factory = UserDetailsResourceFactoryBean.fromString("user=password,ROLE_USER");
-
 		assertLoaded();
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/debug/SecurityDebugBeanFactoryPostProcessorTests.java b/config/src/test/java/org/springframework/security/config/debug/SecurityDebugBeanFactoryPostProcessorTests.java
index 4f991d9d11..4d885e2116 100644
--- a/config/src/test/java/org/springframework/security/config/debug/SecurityDebugBeanFactoryPostProcessorTests.java
+++ b/config/src/test/java/org/springframework/security/config/debug/SecurityDebugBeanFactoryPostProcessorTests.java
@@ -41,7 +41,6 @@ public class SecurityDebugBeanFactoryPostProcessorTests {
 		this.spring.configLocations(
 				"classpath:org/springframework/security/config/debug/SecurityDebugBeanFactoryPostProcessorTests-context.xml")
 				.autowire();
-
 		assertThat(this.spring.getContext().getBean(BeanIds.SPRING_SECURITY_FILTER_CHAIN))
 				.isInstanceOf(DebugFilter.class);
 		assertThat(this.spring.getContext().getBean(BeanIds.FILTER_CHAIN_PROXY)).isInstanceOf(FilterChainProxy.class);
diff --git a/config/src/test/java/org/springframework/security/config/doc/Element.java b/config/src/test/java/org/springframework/security/config/doc/Element.java
index 6a6bd75181..365bcfb5b9 100644
--- a/config/src/test/java/org/springframework/security/config/doc/Element.java
+++ b/config/src/test/java/org/springframework/security/config/doc/Element.java
@@ -129,45 +129,33 @@ public class Element {
 	public Collection<String> getIds() {
 		Collection<String> ids = new ArrayList<>();
 		ids.add(getId());
-
 		this.childElmts.values().forEach((elmt) -> ids.add(elmt.getId()));
-
 		this.attrs.forEach((attr) -> ids.add(attr.getId()));
-
 		if (!this.childElmts.isEmpty()) {
 			ids.add(getId() + "-children");
 		}
-
 		if (!this.attrs.isEmpty()) {
 			ids.add(getId() + "-attributes");
 		}
-
 		if (!this.parentElmts.isEmpty()) {
 			ids.add(getId() + "-parents");
 		}
-
 		return ids;
 	}
 
 	public Map<String, Element> getAllChildElmts() {
 		Map<String, Element> result = new HashMap<>();
-
 		this.childElmts.values()
 				.forEach((elmt) -> elmt.subGrps.forEach((subElmt) -> result.put(subElmt.name, subElmt)));
-
 		result.putAll(this.childElmts);
-
 		return result;
 	}
 
 	public Map<String, Element> getAllParentElmts() {
 		Map<String, Element> result = new HashMap<>();
-
 		this.parentElmts.values()
 				.forEach((elmt) -> elmt.subGrps.forEach((subElmt) -> result.put(subElmt.name, subElmt)));
-
 		result.putAll(this.parentElmts);
-
 		return result;
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/doc/SpringSecurityXsdParser.java b/config/src/test/java/org/springframework/security/config/doc/SpringSecurityXsdParser.java
index 1181230cf0..d30bcd0025 100644
--- a/config/src/test/java/org/springframework/security/config/doc/SpringSecurityXsdParser.java
+++ b/config/src/test/java/org/springframework/security/config/doc/SpringSecurityXsdParser.java
@@ -60,7 +60,6 @@ public class SpringSecurityXsdParser {
 	 */
 	private Map<String, Element> elements(XmlNode node) {
 		Map<String, Element> elementNameToElement = new HashMap<>();
-
 		node.children().forEach((child) -> {
 			if ("element".equals(child.simpleName())) {
 				Element e = elmt(child);
@@ -70,7 +69,6 @@ public class SpringSecurityXsdParser {
 				elementNameToElement.putAll(elements(child));
 			}
 		});
-
 		return elementNameToElement;
 	}
 
@@ -90,7 +88,6 @@ public class SpringSecurityXsdParser {
 				attrs.addAll(attrs(c));
 			}
 		});
-
 		return attrs;
 	}
 
@@ -102,7 +99,6 @@ public class SpringSecurityXsdParser {
 	 */
 	private Collection<Attribute> attrgrps(XmlNode element) {
 		Collection<Attribute> attrgrp = new ArrayList<>();
-
 		element.children().forEach((c) -> {
 			if (!"element".equals(c.simpleName())) {
 				if ("attributeGroup".equals(c.simpleName())) {
@@ -120,7 +116,6 @@ public class SpringSecurityXsdParser {
 				}
 			}
 		});
-
 		return attrgrp;
 	}
 
@@ -129,7 +124,6 @@ public class SpringSecurityXsdParser {
 		while (!"schema".equals(root.simpleName())) {
 			root = root.parent().get();
 		}
-
 		return expand(root).filter((node) -> name.equals(node.attribute("name"))).findFirst()
 				.orElseThrow(IllegalArgumentException::new);
 	}
@@ -185,12 +179,10 @@ public class SpringSecurityXsdParser {
 			name = name.split(":")[1];
 			n = findNode(n, name);
 		}
-
 		if (this.elementNameToElement.containsKey(name)) {
 			return this.elementNameToElement.get(name);
 		}
 		this.attrElmts.add(name);
-
 		Element e = new Element();
 		e.setName(n.attribute("name"));
 		e.setDesc(desc(n));
@@ -199,15 +191,12 @@ public class SpringSecurityXsdParser {
 		e.getAttrs().addAll(attrgrps(n));
 		e.getAttrs().forEach((attr) -> attr.setElmt(e));
 		e.getChildElmts().values().forEach((element) -> element.getParentElmts().put(e.getName(), e));
-
 		String subGrpName = n.attribute("substitutionGroup");
 		if (!StringUtils.isEmpty(subGrpName)) {
 			Element subGrp = elmt(findNode(n, subGrpName.split(":")[1]));
 			subGrp.getSubGrps().add(e);
 		}
-
 		this.elementNameToElement.put(name, e);
-
 		return e;
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/doc/XmlNode.java b/config/src/test/java/org/springframework/security/config/doc/XmlNode.java
index 173efac460..2897c63b1d 100644
--- a/config/src/test/java/org/springframework/security/config/doc/XmlNode.java
+++ b/config/src/test/java/org/springframework/security/config/doc/XmlNode.java
@@ -45,7 +45,6 @@ public class XmlNode {
 
 	public Stream<XmlNode> children() {
 		NodeList children = this.node.getChildNodes();
-
 		return IntStream.range(0, children.getLength()).mapToObj(children::item).map(XmlNode::new);
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/doc/XmlParser.java b/config/src/test/java/org/springframework/security/config/doc/XmlParser.java
index c7b07a8aae..218f6cc5e1 100644
--- a/config/src/test/java/org/springframework/security/config/doc/XmlParser.java
+++ b/config/src/test/java/org/springframework/security/config/doc/XmlParser.java
@@ -40,7 +40,6 @@ public class XmlParser implements AutoCloseable {
 		try {
 			DocumentBuilderFactory dbFactory = DocumentBuilderFactory.newInstance();
 			DocumentBuilder dBuilder = dbFactory.newDocumentBuilder();
-
 			return new XmlNode(dBuilder.parse(this.xml));
 		}
 		catch (IOException | ParserConfigurationException | SAXException ex) {
diff --git a/config/src/test/java/org/springframework/security/config/doc/XmlSupport.java b/config/src/test/java/org/springframework/security/config/doc/XmlSupport.java
index d83b0f3279..dc6337ec42 100644
--- a/config/src/test/java/org/springframework/security/config/doc/XmlSupport.java
+++ b/config/src/test/java/org/springframework/security/config/doc/XmlSupport.java
@@ -33,7 +33,6 @@ public class XmlSupport {
 	public XmlNode parse(String location) throws IOException {
 		ClassPathResource resource = new ClassPathResource(location);
 		this.parser = new XmlParser(resource.getInputStream());
-
 		return this.parser.parse();
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/doc/XsdDocumentedTests.java b/config/src/test/java/org/springframework/security/config/doc/XsdDocumentedTests.java
index d07647fda1..e845eb1f89 100644
--- a/config/src/test/java/org/springframework/security/config/doc/XsdDocumentedTests.java
+++ b/config/src/test/java/org/springframework/security/config/doc/XsdDocumentedTests.java
@@ -68,34 +68,28 @@ public class XsdDocumentedTests {
 	@Test
 	public void parseWhenLatestXsdThenAllNamedSecurityFiltersAreDefinedAndOrderedProperly() throws IOException {
 		XmlNode root = this.xml.parse(this.schemaDocumentLocation);
-
 		List<String> nodes = root.child("schema").map(XmlNode::children).orElse(Stream.empty())
 				.filter((node) -> "simpleType".equals(node.simpleName())
 						&& "named-security-filter".equals(node.attribute("name")))
 				.flatMap(XmlNode::children).flatMap(XmlNode::children).map((node) -> node.attribute("value"))
 				.filter(StringUtils::isNotEmpty).collect(Collectors.toList());
-
 		SecurityFiltersAssertions.assertEquals(nodes);
 	}
 
 	@Test
 	public void parseWhen31XsdThenAllNamedSecurityFiltersAreDefinedAndOrderedProperly() throws IOException {
-
 		List<String> expected = Arrays.asList("FIRST", "CHANNEL_FILTER", "SECURITY_CONTEXT_FILTER",
 				"CONCURRENT_SESSION_FILTER", "LOGOUT_FILTER", "X509_FILTER", "PRE_AUTH_FILTER", "CAS_FILTER",
 				"FORM_LOGIN_FILTER", "OPENID_FILTER", "LOGIN_PAGE_FILTER", "DIGEST_AUTH_FILTER", "BASIC_AUTH_FILTER",
 				"REQUEST_CACHE_FILTER", "SERVLET_API_SUPPORT_FILTER", "JAAS_API_SUPPORT_FILTER", "REMEMBER_ME_FILTER",
 				"ANONYMOUS_FILTER", "SESSION_MANAGEMENT_FILTER", "EXCEPTION_TRANSLATION_FILTER",
 				"FILTER_SECURITY_INTERCEPTOR", "SWITCH_USER_FILTER", "LAST");
-
 		XmlNode root = this.xml.parse(this.schema31xDocumentLocation);
-
 		List<String> nodes = root.child("schema").map(XmlNode::children).orElse(Stream.empty())
 				.filter((node) -> "simpleType".equals(node.simpleName())
 						&& "named-security-filter".equals(node.attribute("name")))
 				.flatMap(XmlNode::children).flatMap(XmlNode::children).map((node) -> node.attribute("value"))
 				.filter(StringUtils::isNotEmpty).collect(Collectors.toList());
-
 		assertThat(nodes).isEqualTo(expected);
 	}
 
@@ -108,11 +102,8 @@ public class XsdDocumentedTests {
 	 */
 	@Test
 	public void sizeWhenReadingFilesystemThenIsCorrectNumberOfSchemaFiles() throws IOException {
-
 		ClassPathResource resource = new ClassPathResource(this.schemaDocumentLocation);
-
 		String[] schemas = resource.getFile().getParentFile().list((dir, name) -> name.endsWith(".xsd"));
-
 		assertThat(schemas.length).isEqualTo(16)
 				.withFailMessage("the count is equal to 16, if not then schemaDocument needs updating");
 	}
@@ -125,19 +116,14 @@ public class XsdDocumentedTests {
 	 */
 	@Test
 	public void countReferencesWhenReviewingDocumentationThenEntireSchemaIsIncluded() throws IOException {
-
 		Map<String, Element> elementsByElementName = this.xml.elementsByElementName(this.schemaDocumentLocation);
-
 		List<String> documentIds = Files.lines(Paths.get(this.referenceLocation))
 				.filter((line) -> line.matches("\\[\\[(nsa-.*)\\]\\]"))
 				.map((line) -> line.substring(2, line.length() - 2)).collect(Collectors.toList());
-
 		Set<String> expectedIds = elementsByElementName.values().stream()
 				.flatMap((element) -> element.getIds().stream()).collect(Collectors.toSet());
-
 		documentIds.removeAll(this.ignoredIds);
 		expectedIds.removeAll(this.ignoredIds);
-
 		assertThat(documentIds).containsAll(expectedIds);
 		assertThat(expectedIds).containsAll(documentIds);
 	}
@@ -149,18 +135,14 @@ public class XsdDocumentedTests {
 	 */
 	@Test
 	public void countLinksWhenReviewingDocumentationThenParentsAndChildrenAreCorrectlyLinked() throws IOException {
-
 		Map<String, List<String>> docAttrNameToChildren = new HashMap<>();
 		Map<String, List<String>> docAttrNameToParents = new HashMap<>();
-
 		String docAttrName = null;
 		Map<String, List<String>> currentDocAttrNameToElmt = null;
-
 		List<String> lines = Files.readAllLines(Paths.get(this.referenceLocation));
 		for (String line : lines) {
 			if (line.matches("^\\[\\[.*\\]\\]$")) {
 				String id = line.substring(2, line.length() - 2);
-
 				if (id.endsWith("-children")) {
 					docAttrName = id.substring(0, id.length() - 9);
 					currentDocAttrNameToElmt = docAttrNameToChildren;
@@ -174,7 +156,6 @@ public class XsdDocumentedTests {
 					docAttrName = null;
 				}
 			}
-
 			if (docAttrName != null && currentDocAttrNameToElmt != null) {
 				String expression = "^\\* <<(nsa-.*),.*>>$";
 				if (line.matches(expression)) {
@@ -183,25 +164,20 @@ public class XsdDocumentedTests {
 				}
 			}
 		}
-
 		Map<String, Element> elementNameToElement = this.xml.elementsByElementName(this.schemaDocumentLocation);
-
 		Map<String, List<String>> schemaAttrNameToChildren = new HashMap<>();
 		Map<String, List<String>> schemaAttrNameToParents = new HashMap<>();
-
 		elementNameToElement.entrySet().stream().forEach((entry) -> {
 			String key = "nsa-" + entry.getKey();
 			if (this.ignoredIds.contains(key)) {
 				return;
 			}
-
 			List<String> parentIds = entry.getValue().getAllParentElmts().values().stream()
 					.filter((element) -> !this.ignoredIds.contains(element.getId())).map((element) -> element.getId())
 					.sorted().collect(Collectors.toList());
 			if (!parentIds.isEmpty()) {
 				schemaAttrNameToParents.put(key, parentIds);
 			}
-
 			List<String> childIds = entry.getValue().getAllChildElmts().values().stream()
 					.filter((element) -> !this.ignoredIds.contains(element.getId())).map((element) -> element.getId())
 					.sorted().collect(Collectors.toList());
@@ -209,7 +185,6 @@ public class XsdDocumentedTests {
 				schemaAttrNameToChildren.put(key, childIds);
 			}
 		});
-
 		assertThat(docAttrNameToChildren).isEqualTo(schemaAttrNameToChildren);
 		assertThat(docAttrNameToParents).isEqualTo(schemaAttrNameToParents);
 	}
@@ -220,19 +195,15 @@ public class XsdDocumentedTests {
 	 */
 	@Test
 	public void countWhenReviewingDocumentationThenAllElementsDocumented() throws IOException {
-
 		Map<String, Element> elementNameToElement = this.xml.elementsByElementName(this.schemaDocumentLocation);
-
 		String notDocElmtIds = elementNameToElement.values().stream()
 				.filter((element) -> StringUtils.isEmpty(element.getDesc())
 						&& !this.ignoredIds.contains(element.getId()))
 				.map((element) -> element.getId()).sorted().collect(Collectors.joining("\n"));
-
 		String notDocAttrIds = elementNameToElement.values().stream().flatMap((element) -> element.getAttrs().stream())
 				.filter((element) -> StringUtils.isEmpty(element.getDesc())
 						&& !this.ignoredIds.contains(element.getId()))
 				.map((element) -> element.getId()).sorted().collect(Collectors.joining("\n"));
-
 		assertThat(notDocElmtIds).isEmpty();
 		assertThat(notDocAttrIds).isEmpty();
 	}
diff --git a/config/src/test/java/org/springframework/security/config/http/AccessDeniedConfigTests.java b/config/src/test/java/org/springframework/security/config/http/AccessDeniedConfigTests.java
index f64d56ad3d..3535309aa8 100644
--- a/config/src/test/java/org/springframework/security/config/http/AccessDeniedConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/AccessDeniedConfigTests.java
@@ -59,7 +59,6 @@ public class AccessDeniedConfigTests {
 	@Test
 	public void configureWhenAccessDeniedHandlerIsMissingLeadingSlashThenException() {
 		SpringTestContext context = this.spring.configLocations(this.xml("NoLeadingSlash"));
-
 		assertThatThrownBy(() -> context.autowire()).isInstanceOf(BeanCreationException.class)
 				.hasMessageContaining("errorPage must begin with '/'");
 	}
@@ -67,16 +66,13 @@ public class AccessDeniedConfigTests {
 	@Test
 	@WithMockUser
 	public void configureWhenAccessDeniedHandlerRefThenAutowire() throws Exception {
-
 		this.spring.configLocations(this.xml("AccessDeniedHandler")).autowire();
-
 		this.mvc.perform(get("/")).andExpect(status().is(HttpStatus.GONE_410));
 	}
 
 	@Test
 	public void configureWhenAccessDeniedHandlerUsesPathAndRefThenException() {
 		SpringTestContext context = this.spring.configLocations(this.xml("UsesPathAndRef"));
-
 		assertThatThrownBy(() -> context.autowire()).isInstanceOf(BeanDefinitionParsingException.class)
 				.hasMessageContaining("attribute error-page cannot be used together with the 'ref' attribute");
 	}
@@ -90,7 +86,6 @@ public class AccessDeniedConfigTests {
 		@Override
 		public void handle(HttpServletRequest request, HttpServletResponse response,
 				AccessDeniedException accessDeniedException) {
-
 			response.setStatus(HttpStatus.GONE_410);
 		}
 
diff --git a/config/src/test/java/org/springframework/security/config/http/CsrfConfigTests.java b/config/src/test/java/org/springframework/security/config/http/CsrfConfigTests.java
index 0f3bc46d77..f9924f0c3b 100644
--- a/config/src/test/java/org/springframework/security/config/http/CsrfConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/CsrfConfigTests.java
@@ -90,35 +90,30 @@ public class CsrfConfigTests {
 	@Test
 	public void postWhenDefaultConfigurationThenForbiddenSinceCsrfIsEnabled() throws Exception {
 		this.spring.configLocations(this.xml("AutoConfig")).autowire();
-
 		this.mvc.perform(post("/csrf")).andExpect(status().isForbidden()).andExpect(csrfCreated());
 	}
 
 	@Test
 	public void putWhenDefaultConfigurationThenForbiddenSinceCsrfIsEnabled() throws Exception {
 		this.spring.configLocations(this.xml("AutoConfig")).autowire();
-
 		this.mvc.perform(put("/csrf")).andExpect(status().isForbidden()).andExpect(csrfCreated());
 	}
 
 	@Test
 	public void patchWhenDefaultConfigurationThenForbiddenSinceCsrfIsEnabled() throws Exception {
 		this.spring.configLocations(this.xml("AutoConfig")).autowire();
-
 		this.mvc.perform(patch("/csrf")).andExpect(status().isForbidden()).andExpect(csrfCreated());
 	}
 
 	@Test
 	public void deleteWhenDefaultConfigurationThenForbiddenSinceCsrfIsEnabled() throws Exception {
 		this.spring.configLocations(this.xml("AutoConfig")).autowire();
-
 		this.mvc.perform(delete("/csrf")).andExpect(status().isForbidden()).andExpect(csrfCreated());
 	}
 
 	@Test
 	public void invalidWhenDefaultConfigurationThenForbiddenSinceCsrfIsEnabled() throws Exception {
 		this.spring.configLocations(this.xml("AutoConfig")).autowire();
-
 		this.mvc.perform(request("INVALID", new URI("/csrf"))).andExpect(status().isForbidden())
 				.andExpect(csrfCreated());
 	}
@@ -126,76 +121,64 @@ public class CsrfConfigTests {
 	@Test
 	public void getWhenDefaultConfigurationThenCsrfIsEnabled() throws Exception {
 		this.spring.configLocations(this.xml("shared-controllers"), this.xml("AutoConfig")).autowire();
-
 		this.mvc.perform(get("/csrf")).andExpect(csrfInBody());
 	}
 
 	@Test
 	public void headWhenDefaultConfigurationThenCsrfIsEnabled() throws Exception {
 		this.spring.configLocations(this.xml("shared-controllers"), this.xml("AutoConfig")).autowire();
-
 		this.mvc.perform(head("/csrf-in-header")).andExpect(csrfInHeader());
 	}
 
 	@Test
 	public void traceWhenDefaultConfigurationThenCsrfIsEnabled() throws Exception {
 		this.spring.configLocations(this.xml("shared-controllers"), this.xml("AutoConfig")).autowire();
-
 		MockMvc traceEnabled = MockMvcBuilders.webAppContextSetup(this.spring.getContext()).apply(springSecurity())
 				.addDispatcherServletCustomizer((dispatcherServlet) -> dispatcherServlet.setDispatchTraceRequest(true))
 				.build();
-
 		traceEnabled.perform(request(HttpMethod.TRACE, "/csrf-in-header")).andExpect(csrfInHeader());
 	}
 
 	@Test
 	public void optionsWhenDefaultConfigurationThenCsrfIsEnabled() throws Exception {
 		this.spring.configLocations(this.xml("shared-controllers"), this.xml("AutoConfig")).autowire();
-
 		this.mvc.perform(options("/csrf-in-header")).andExpect(csrfInHeader());
 	}
 
 	@Test
 	public void postWhenCsrfDisabledThenRequestAllowed() throws Exception {
 		this.spring.configLocations(this.xml("shared-controllers"), this.xml("CsrfDisabled")).autowire();
-
 		this.mvc.perform(post("/ok")).andExpect(status().isOk());
-
 		assertThat(getFilter(this.spring, CsrfFilter.class)).isNull();
 	}
 
 	@Test
 	public void postWhenCsrfElementEnabledThenForbidden() throws Exception {
 		this.spring.configLocations(this.xml("CsrfEnabled")).autowire();
-
 		this.mvc.perform(post("/csrf")).andExpect(status().isForbidden()).andExpect(csrfCreated());
 	}
 
 	@Test
 	public void putWhenCsrfElementEnabledThenForbidden() throws Exception {
 		this.spring.configLocations(this.xml("CsrfEnabled")).autowire();
-
 		this.mvc.perform(put("/csrf")).andExpect(status().isForbidden()).andExpect(csrfCreated());
 	}
 
 	@Test
 	public void patchWhenCsrfElementEnabledThenForbidden() throws Exception {
 		this.spring.configLocations(this.xml("CsrfEnabled")).autowire();
-
 		this.mvc.perform(patch("/csrf")).andExpect(status().isForbidden()).andExpect(csrfCreated());
 	}
 
 	@Test
 	public void deleteWhenCsrfElementEnabledThenForbidden() throws Exception {
 		this.spring.configLocations(this.xml("CsrfEnabled")).autowire();
-
 		this.mvc.perform(delete("/csrf")).andExpect(status().isForbidden()).andExpect(csrfCreated());
 	}
 
 	@Test
 	public void invalidWhenCsrfElementEnabledThenForbidden() throws Exception {
 		this.spring.configLocations(this.xml("CsrfEnabled")).autowire();
-
 		this.mvc.perform(request("INVALID", new URI("/csrf"))).andExpect(status().isForbidden())
 				.andExpect(csrfCreated());
 	}
@@ -203,63 +186,51 @@ public class CsrfConfigTests {
 	@Test
 	public void getWhenCsrfElementEnabledThenOk() throws Exception {
 		this.spring.configLocations(this.xml("shared-controllers"), this.xml("CsrfEnabled")).autowire();
-
 		this.mvc.perform(get("/csrf")).andExpect(csrfInBody());
 	}
 
 	@Test
 	public void headWhenCsrfElementEnabledThenOk() throws Exception {
 		this.spring.configLocations(this.xml("shared-controllers"), this.xml("CsrfEnabled")).autowire();
-
 		this.mvc.perform(head("/csrf-in-header")).andExpect(csrfInHeader());
 	}
 
 	@Test
 	public void traceWhenCsrfElementEnabledThenOk() throws Exception {
 		this.spring.configLocations(this.xml("shared-controllers"), this.xml("CsrfEnabled")).autowire();
-
 		MockMvc traceEnabled = MockMvcBuilders.webAppContextSetup(this.spring.getContext()).apply(springSecurity())
 				.addDispatcherServletCustomizer((dispatcherServlet) -> dispatcherServlet.setDispatchTraceRequest(true))
 				.build();
-
 		traceEnabled.perform(request(HttpMethod.TRACE, "/csrf-in-header")).andExpect(csrfInHeader());
 	}
 
 	@Test
 	public void optionsWhenCsrfElementEnabledThenOk() throws Exception {
 		this.spring.configLocations(this.xml("shared-controllers"), this.xml("CsrfEnabled")).autowire();
-
 		this.mvc.perform(options("/csrf-in-header")).andExpect(csrfInHeader());
 	}
 
 	@Test
 	public void autowireWhenCsrfElementEnabledThenCreatesCsrfRequestDataValueProcessor() {
 		this.spring.configLocations(this.xml("CsrfEnabled")).autowire();
-
 		assertThat(this.spring.getContext().getBean(RequestDataValueProcessor.class)).isNotNull();
 	}
 
 	@Test
 	public void postWhenUsingCsrfAndCustomAccessDeniedHandlerThenTheHandlerIsAppropriatelyEngaged() throws Exception {
-
 		this.spring.configLocations(this.xml("WithAccessDeniedHandler"), this.xml("shared-access-denied-handler"))
 				.autowire();
-
 		this.mvc.perform(post("/ok")).andExpect(status().isIAmATeapot());
 	}
 
 	@Test
 	public void postWhenHasCsrfTokenButSessionExpiresThenRequestIsCancelledAfterSuccessfulAuthentication()
 			throws Exception {
-
 		this.spring.configLocations(this.xml("CsrfEnabled")).autowire();
-
 		// simulates a request that has no authentication (e.g. session time-out)
 		MvcResult result = this.mvc.perform(post("/authenticated").with(csrf()))
 				.andExpect(redirectedUrl("http://localhost/login")).andReturn();
-
 		MockHttpSession session = (MockHttpSession) result.getRequest().getSession();
-
 		// if the request cache is consulted, then it will redirect back to /some-url,
 		// which we don't want
 		this.mvc.perform(
@@ -270,15 +241,11 @@ public class CsrfConfigTests {
 	@Test
 	public void getWhenHasCsrfTokenButSessionExpiresThenRequestIsRememeberedAfterSuccessfulAuthentication()
 			throws Exception {
-
 		this.spring.configLocations(this.xml("CsrfEnabled")).autowire();
-
 		// simulates a request that has no authentication (e.g. session time-out)
 		MvcResult result = this.mvc.perform(get("/authenticated")).andExpect(redirectedUrl("http://localhost/login"))
 				.andReturn();
-
 		MockHttpSession session = (MockHttpSession) result.getRequest().getSession();
-
 		// if the request cache is consulted, then it will redirect back to /some-url,
 		// which we do want
 		this.mvc.perform(
@@ -292,85 +259,58 @@ public class CsrfConfigTests {
 	@Test
 	public void postWhenUsingCsrfAndCustomSessionManagementAndNoSessionThenStillRedirectsToInvalidSessionUrl()
 			throws Exception {
-
 		this.spring.configLocations(this.xml("WithSessionManagement")).autowire();
-
 		MvcResult result = this.mvc.perform(post("/ok").param("_csrf", "abc"))
 				.andExpect(redirectedUrl("/error/sessionError")).andReturn();
-
 		MockHttpSession session = (MockHttpSession) result.getRequest().getSession();
-
 		this.mvc.perform(post("/csrf").session(session)).andExpect(status().isForbidden());
 	}
 
 	@Test
 	public void requestWhenUsingCustomRequestMatcherConfiguredThenAppliesAccordingly() throws Exception {
-
 		SpringTestContext context = this.spring.configLocations(this.xml("shared-controllers"),
 				this.xml("WithRequestMatcher"), this.xml("mock-request-matcher"));
-
 		context.autowire();
-
 		RequestMatcher matcher = context.getContext().getBean(RequestMatcher.class);
 		given(matcher.matches(any(HttpServletRequest.class))).willReturn(false);
-
 		this.mvc.perform(post("/ok")).andExpect(status().isOk());
-
 		given(matcher.matches(any(HttpServletRequest.class))).willReturn(true);
-
 		this.mvc.perform(get("/ok")).andExpect(status().isForbidden());
 	}
 
 	@Test
 	public void getWhenDefaultConfigurationThenSessionNotImmediatelyCreated() throws Exception {
-
 		this.spring.configLocations(this.xml("shared-controllers"), this.xml("AutoConfig")).autowire();
-
 		MvcResult result = this.mvc.perform(get("/ok")).andExpect(status().isOk()).andReturn();
-
 		assertThat(result.getRequest().getSession(false)).isNull();
 	}
 
 	@Test
 	@WithMockUser
 	public void postWhenCsrfMismatchesThenForbidden() throws Exception {
-
 		this.spring.configLocations(this.xml("shared-controllers"), this.xml("AutoConfig")).autowire();
-
 		MvcResult result = this.mvc.perform(get("/ok")).andReturn();
-
 		MockHttpSession session = (MockHttpSession) result.getRequest().getSession();
-
 		this.mvc.perform(post("/ok").session(session).with(csrf().useInvalidToken())).andExpect(status().isForbidden());
 	}
 
 	@Test
 	public void loginWhenDefaultConfigurationThenCsrfCleared() throws Exception {
-
 		this.spring.configLocations(this.xml("shared-controllers"), this.xml("AutoConfig")).autowire();
-
 		MvcResult result = this.mvc.perform(get("/csrf")).andReturn();
-
 		MockHttpSession session = (MockHttpSession) result.getRequest().getSession();
-
 		this.mvc.perform(
 				post("/login").param("username", "user").param("password", "password").session(session).with(csrf()))
 				.andExpect(status().isFound());
-
 		this.mvc.perform(get("/csrf").session(session)).andExpect(csrfChanged(result));
 	}
 
 	@Test
 	public void logoutWhenDefaultConfigurationThenCsrfCleared() throws Exception {
-
 		this.spring.configLocations(this.xml("shared-controllers"), this.xml("AutoConfig")).autowire();
-
 		MvcResult result = this.mvc.perform(get("/csrf")).andReturn();
-
 		MockHttpSession session = (MockHttpSession) result.getRequest().getSession();
-
 		this.mvc.perform(post("/logout").session(session).with(csrf())).andExpect(status().isFound());
-
 		this.mvc.perform(get("/csrf").session(session)).andExpect(csrfChanged(result));
 	}
 
@@ -380,30 +320,24 @@ public class CsrfConfigTests {
 	@Test
 	@WithMockUser
 	public void logoutWhenDefaultConfigurationThenDisabled() throws Exception {
-
 		this.spring.configLocations(this.xml("shared-controllers"), this.xml("CsrfEnabled")).autowire();
-
 		this.mvc.perform(get("/logout")).andExpect(status().isOk()); // renders form to
 																		// log out but
 																		// does not
 																		// perform a
 																		// redirect
-
 		// still logged in
 		this.mvc.perform(get("/authenticated")).andExpect(status().isOk());
 	}
 
 	private <T extends Filter> T getFilter(SpringTestContext context, Class<T> type) {
 		FilterChainProxy chain = context.getContext().getBean(FilterChainProxy.class);
-
 		List<Filter> filters = chain.getFilters("/any");
-
 		for (Filter filter : filters) {
 			if (type.isAssignableFrom(filter.getClass())) {
 				return (T) filter;
 			}
 		}
-
 		return null;
 	}
 
@@ -469,7 +403,6 @@ public class CsrfConfigTests {
 		@Override
 		public void handle(HttpServletRequest request, HttpServletResponse response,
 				AccessDeniedException accessDeniedException) {
-
 			response.setStatus(HttpStatus.IM_A_TEAPOT_418);
 		}
 
diff --git a/config/src/test/java/org/springframework/security/config/http/DefaultFilterChainValidatorTests.java b/config/src/test/java/org/springframework/security/config/http/DefaultFilterChainValidatorTests.java
index 8376784dd6..61895a4994 100644
--- a/config/src/test/java/org/springframework/security/config/http/DefaultFilterChainValidatorTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/DefaultFilterChainValidatorTests.java
@@ -78,7 +78,6 @@ public class DefaultFilterChainValidatorTests {
 				this.fsi);
 		this.fcp = new FilterChainProxy(securityChain);
 		this.validator = new DefaultFilterChainValidator();
-
 		ReflectionTestUtils.setField(this.validator, "logger", this.logger);
 	}
 
@@ -101,9 +100,7 @@ public class DefaultFilterChainValidatorTests {
 		FilterInvocationSecurityMetadataSource customMetaDataSource = mock(
 				FilterInvocationSecurityMetadataSource.class);
 		this.fsi.setSecurityMetadataSource(customMetaDataSource);
-
 		this.validator.validate(this.fcp);
-
 		verify(customMetaDataSource).getAttributes(any());
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/http/FilterSecurityMetadataSourceBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/http/FilterSecurityMetadataSourceBeanDefinitionParserTests.java
index f6f1cadeb2..ae8f77e96c 100644
--- a/config/src/test/java/org/springframework/security/config/http/FilterSecurityMetadataSourceBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/FilterSecurityMetadataSourceBeanDefinitionParserTests.java
@@ -73,7 +73,6 @@ public class FilterSecurityMetadataSourceBeanDefinitionParserTests {
 		setContext("<filter-security-metadata-source id='fids'>"
 				+ "   <intercept-url pattern='/**' access=\"hasRole('ROLE_A')\" />"
 				+ "</filter-security-metadata-source>");
-
 		ExpressionBasedFilterInvocationSecurityMetadataSource fids = (ExpressionBasedFilterInvocationSecurityMetadataSource) this.appContext
 				.getBean("fids");
 		ConfigAttribute[] cad = fids.getAttributes(createFilterInvocation("/anything", "GET"))
@@ -122,9 +121,7 @@ public class FilterSecurityMetadataSourceBeanDefinitionParserTests {
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", "");
 		request.setRequestURI(null);
 		request.setMethod(method);
-
 		request.setServletPath(path);
-
 		return new FilterInvocation(request, new MockHttpServletResponse(), new MockFilterChain());
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/http/FormLoginBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/http/FormLoginBeanDefinitionParserTests.java
index fcfe8904df..dcde29317a 100644
--- a/config/src/test/java/org/springframework/security/config/http/FormLoginBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/FormLoginBeanDefinitionParserTests.java
@@ -50,9 +50,7 @@ public class FormLoginBeanDefinitionParserTests {
 
 	@Test
 	public void getLoginWhenAutoConfigThenShowsDefaultLoginPage() throws Exception {
-
 		this.spring.configLocations(this.xml("Simple")).autowire();
-
 		String expectedContent = "<!DOCTYPE html>\n" + "<html lang=\"en\">\n" + "  <head>\n"
 				+ "    <meta charset=\"utf-8\">\n"
 				+ "    <meta name=\"viewport\" content=\"width=device-width, initial-scale=1, shrink-to-fit=no\">\n"
@@ -71,23 +69,18 @@ public class FormLoginBeanDefinitionParserTests {
 				+ "        </p>\n"
 				+ "        <button class=\"btn btn-lg btn-primary btn-block\" type=\"submit\">Sign in</button>\n"
 				+ "      </form>\n" + "</div>\n" + "</body></html>";
-
 		this.mvc.perform(get("/login")).andExpect(content().string(expectedContent));
 	}
 
 	@Test
 	public void getLogoutWhenAutoConfigThenShowsDefaultLogoutPage() throws Exception {
-
 		this.spring.configLocations(this.xml("AutoConfig")).autowire();
-
 		this.mvc.perform(get("/logout")).andExpect(content().string(containsString("action=\"/logout\"")));
 	}
 
 	@Test
 	public void getLoginWhenConfiguredWithCustomAttributesThenLoginPageReflects() throws Exception {
-
 		this.spring.configLocations(this.xml("WithCustomAttributes")).autowire();
-
 		String expectedContent = "<!DOCTYPE html>\n" + "<html lang=\"en\">\n" + "  <head>\n"
 				+ "    <meta charset=\"utf-8\">\n"
 				+ "    <meta name=\"viewport\" content=\"width=device-width, initial-scale=1, shrink-to-fit=no\">\n"
@@ -106,17 +99,13 @@ public class FormLoginBeanDefinitionParserTests {
 				+ "        </p>\n"
 				+ "        <button class=\"btn btn-lg btn-primary btn-block\" type=\"submit\">Sign in</button>\n"
 				+ "      </form>\n" + "</div>\n" + "</body></html>";
-
 		this.mvc.perform(get("/login")).andExpect(content().string(expectedContent));
-
 		this.mvc.perform(get("/logout")).andExpect(status().is3xxRedirection());
 	}
 
 	@Test
 	public void getLoginWhenConfiguredForOpenIdThenLoginPageReflects() throws Exception {
-
 		this.spring.configLocations(this.xml("WithOpenId")).autowire();
-
 		String expectedContent = "<!DOCTYPE html>\n" + "<html lang=\"en\">\n" + "  <head>\n"
 				+ "    <meta charset=\"utf-8\">\n"
 				+ "    <meta name=\"viewport\" content=\"width=device-width, initial-scale=1, shrink-to-fit=no\">\n"
@@ -142,15 +131,12 @@ public class FormLoginBeanDefinitionParserTests {
 				+ "        </p>\n"
 				+ "        <button class=\"btn btn-lg btn-primary btn-block\" type=\"submit\">Sign in</button>\n"
 				+ "      </form>\n" + "</div>\n" + "</body></html>";
-
 		this.mvc.perform(get("/login")).andExpect(content().string(expectedContent));
 	}
 
 	@Test
 	public void getLoginWhenConfiguredForOpenIdWithCustomAttributesThenLoginPageReflects() throws Exception {
-
 		this.spring.configLocations(this.xml("WithOpenIdCustomAttributes")).autowire();
-
 		String expectedContent = "<!DOCTYPE html>\n" + "<html lang=\"en\">\n" + "  <head>\n"
 				+ "    <meta charset=\"utf-8\">\n"
 				+ "    <meta name=\"viewport\" content=\"width=device-width, initial-scale=1, shrink-to-fit=no\">\n"
@@ -176,15 +162,12 @@ public class FormLoginBeanDefinitionParserTests {
 				+ "        </p>\n"
 				+ "        <button class=\"btn btn-lg btn-primary btn-block\" type=\"submit\">Sign in</button>\n"
 				+ "      </form>\n" + "</div>\n" + "</body></html>";
-
 		this.mvc.perform(get("/login")).andExpect(content().string(expectedContent));
 	}
 
 	@Test
 	public void failedLoginWhenConfiguredWithCustomAuthenticationFailureThenForwardsAccordingly() throws Exception {
-
 		this.spring.configLocations(this.xml("WithAuthenticationFailureForwardUrl")).autowire();
-
 		this.mvc.perform(post("/login").param("username", "bob").param("password", "invalidpassword"))
 				.andExpect(status().isOk()).andExpect(forwardedUrl("/failure_forward_url"))
 				.andExpect(request().attribute(WebAttributes.AUTHENTICATION_EXCEPTION, not(nullValue())));
@@ -192,9 +175,7 @@ public class FormLoginBeanDefinitionParserTests {
 
 	@Test
 	public void successfulLoginWhenConfiguredWithCustomAuthenticationSuccessThenForwardsAccordingly() throws Exception {
-
 		this.spring.configLocations(this.xml("WithAuthenticationSuccessForwardUrl")).autowire();
-
 		this.mvc.perform(post("/login").param("username", "user").param("password", "password"))
 				.andExpect(status().isOk()).andExpect(forwardedUrl("/success_forward_url"));
 	}
diff --git a/config/src/test/java/org/springframework/security/config/http/FormLoginConfigTests.java b/config/src/test/java/org/springframework/security/config/http/FormLoginConfigTests.java
index 7e55dde548..faa60c2bc5 100644
--- a/config/src/test/java/org/springframework/security/config/http/FormLoginConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/FormLoginConfigTests.java
@@ -66,66 +66,51 @@ public class FormLoginConfigTests {
 
 	@Test
 	public void getProtectedPageWhenFormLoginConfiguredThenRedirectsToDefaultLoginPage() throws Exception {
-
 		this.spring.configLocations(this.xml("WithAntRequestMatcher")).autowire();
-
 		this.mvc.perform(get("/")).andExpect(redirectedUrl("http://localhost/login"));
 	}
 
 	@Test
 	public void authenticateWhenDefaultTargetUrlConfiguredThenRedirectsAccordingly() throws Exception {
-
 		this.spring.configLocations(this.xml("WithDefaultTargetUrl")).autowire();
-
 		this.mvc.perform(post("/login").param("username", "user").param("password", "password").with(csrf()))
 				.andExpect(redirectedUrl("/default"));
 	}
 
 	@Test
 	public void authenticateWhenConfiguredWithSpelThenRedirectsAccordingly() throws Exception {
-
 		this.spring.configLocations(this.xml("UsingSpel")).autowire();
-
 		this.mvc.perform(post("/login").param("username", "user").param("password", "password").with(csrf()))
 				.andExpect(redirectedUrl(WebConfigUtilsTests.URL + "/default"));
-
 		this.mvc.perform(post("/login").param("username", "user").param("password", "wrong").with(csrf()))
 				.andExpect(redirectedUrl(WebConfigUtilsTests.URL + "/failure"));
-
 		this.mvc.perform(get("/")).andExpect(redirectedUrl("http://localhost" + WebConfigUtilsTests.URL + "/login"));
 	}
 
 	@Test
 	public void autowireWhenLoginPageIsMisconfiguredThenDetects() {
-
 		assertThatThrownBy(() -> this.spring.configLocations(this.xml("NoLeadingSlashLoginPage")).autowire())
 				.isInstanceOf(BeanCreationException.class);
 	}
 
 	@Test
 	public void autowireWhenDefaultTargetUrlIsMisconfiguredThenDetects() {
-
 		assertThatThrownBy(() -> this.spring.configLocations(this.xml("NoLeadingSlashDefaultTargetUrl")).autowire())
 				.isInstanceOf(BeanCreationException.class);
 	}
 
 	@Test
 	public void authenticateWhenCustomHandlerBeansConfiguredThenInvokesAccordingly() throws Exception {
-
 		this.spring.configLocations(this.xml("WithSuccessAndFailureHandlers")).autowire();
-
 		this.mvc.perform(post("/login").param("username", "user").param("password", "password").with(csrf()))
 				.andExpect(status().isIAmATeapot());
-
 		this.mvc.perform(post("/login").param("username", "user").param("password", "wrong").with(csrf()))
 				.andExpect(status().isIAmATeapot());
 	}
 
 	@Test
 	public void authenticateWhenCustomUsernameAndPasswordParametersThenSucceeds() throws Exception {
-
 		this.spring.configLocations(this.xml("WithUsernameAndPasswordParameters")).autowire();
-
 		this.mvc.perform(post("/login").param("xname", "user").param("xpass", "password").with(csrf()))
 				.andExpect(redirectedUrl("/"));
 	}
@@ -136,28 +121,21 @@ public class FormLoginConfigTests {
 	@Test
 	public void autowireWhenCustomLoginPageIsSlashLoginThenNoDefaultLoginPageGeneratingFilterIsWired()
 			throws Exception {
-
 		this.spring.configLocations(this.xml("ForSec2919")).autowire();
-
 		this.mvc.perform(get("/login")).andExpect(content().string("teapot"));
-
 		assertThat(getFilter(this.spring.getContext(), DefaultLoginPageGeneratingFilter.class)).isNull();
 	}
 
 	@Test
 	public void authenticateWhenCsrfIsEnabledThenRequiresToken() throws Exception {
-
 		this.spring.configLocations(this.xml("WithCsrfEnabled")).autowire();
-
 		this.mvc.perform(post("/login").param("username", "user").param("password", "password"))
 				.andExpect(status().isForbidden());
 	}
 
 	@Test
 	public void authenticateWhenCsrfIsDisabledThenDoesNotRequireToken() throws Exception {
-
 		this.spring.configLocations(this.xml("WithCsrfDisabled")).autowire();
-
 		this.mvc.perform(post("/login").param("username", "user").param("password", "password"))
 				.andExpect(status().isFound());
 	}
@@ -169,24 +147,19 @@ public class FormLoginConfigTests {
 	@Test
 	public void authenticateWhenLoginPageIsSlashLoginAndAuthenticationFailsThenRedirectContainsErrorParameter()
 			throws Exception {
-
 		this.spring.configLocations(this.xml("ForSec3147")).autowire();
-
 		this.mvc.perform(post("/login").param("username", "user").param("password", "wrong").with(csrf()))
 				.andExpect(redirectedUrl("/login?error"));
 	}
 
 	private Filter getFilter(ApplicationContext context, Class<? extends Filter> filterClass) {
 		FilterChainProxy filterChain = context.getBean(BeanIds.FILTER_CHAIN_PROXY, FilterChainProxy.class);
-
 		List<Filter> filters = filterChain.getFilters("/any");
-
 		for (Filter filter : filters) {
 			if (filter.getClass() == filterClass) {
 				return filter;
 			}
 		}
-
 		return null;
 	}
 
@@ -210,14 +183,12 @@ public class FormLoginConfigTests {
 		@Override
 		public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
 				AuthenticationException exception) {
-
 			response.setStatus(HttpStatus.I_AM_A_TEAPOT.value());
 		}
 
 		@Override
 		public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
 				Authentication authentication) {
-
 			response.setStatus(HttpStatus.I_AM_A_TEAPOT.value());
 		}
 
diff --git a/config/src/test/java/org/springframework/security/config/http/HttpConfigTests.java b/config/src/test/java/org/springframework/security/config/http/HttpConfigTests.java
index e0eacfd369..d3de9aab8d 100644
--- a/config/src/test/java/org/springframework/security/config/http/HttpConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/HttpConfigTests.java
@@ -51,25 +51,18 @@ public class HttpConfigTests {
 
 	@Test
 	public void getWhenUsingMinimalConfigurationThenRedirectsToLogin() throws Exception {
-
 		this.spring.configLocations(this.xml("Minimal")).autowire();
-
 		this.mvc.perform(get("/")).andExpect(status().isFound()).andExpect(redirectedUrl("http://localhost/login"));
 	}
 
 	@Test
 	public void getWhenUsingMinimalConfigurationThenPreventsSessionAsUrlParameter() throws Exception {
-
 		this.spring.configLocations(this.xml("Minimal")).autowire();
-
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", "/");
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		FilterChainProxy proxy = this.spring.getContext().getBean(FilterChainProxy.class);
-
 		proxy.doFilter(request, new EncodeUrlDenyingHttpServletResponseWrapper(response), (req, resp) -> {
 		});
-
 		assertThat(response.getStatus()).isEqualTo(HttpStatus.SC_MOVED_TEMPORARILY);
 		assertThat(response.getRedirectedUrl()).isEqualTo("http://localhost/login");
 	}
diff --git a/config/src/test/java/org/springframework/security/config/http/HttpCorsConfigTests.java b/config/src/test/java/org/springframework/security/config/http/HttpCorsConfigTests.java
index 3809b4f5a1..6f3b20db83 100644
--- a/config/src/test/java/org/springframework/security/config/http/HttpCorsConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/HttpCorsConfigTests.java
@@ -66,36 +66,27 @@ public class HttpCorsConfigTests {
 
 	@Test
 	public void getWhenUsingCorsThenDoesSpringSecurityCorsHandshake() throws Exception {
-
 		this.spring.configLocations(this.xml("WithCors")).autowire();
-
 		this.mvc.perform(get("/").with(this.approved())).andExpect(corsResponseHeaders())
 				.andExpect((status().isIAmATeapot()));
-
 		this.mvc.perform(options("/").with(this.preflight())).andExpect(corsResponseHeaders())
 				.andExpect(status().isOk());
 	}
 
 	@Test
 	public void getWhenUsingCustomCorsConfigurationSourceThenDoesSpringSecurityCorsHandshake() throws Exception {
-
 		this.spring.configLocations(this.xml("WithCorsConfigurationSource")).autowire();
-
 		this.mvc.perform(get("/").with(this.approved())).andExpect(corsResponseHeaders())
 				.andExpect((status().isIAmATeapot()));
-
 		this.mvc.perform(options("/").with(this.preflight())).andExpect(corsResponseHeaders())
 				.andExpect(status().isOk());
 	}
 
 	@Test
 	public void getWhenUsingCustomCorsFilterThenDoesSPringSecurityCorsHandshake() throws Exception {
-
 		this.spring.configLocations(this.xml("WithCorsFilter")).autowire();
-
 		this.mvc.perform(get("/").with(this.approved())).andExpect(corsResponseHeaders())
 				.andExpect((status().isIAmATeapot()));
-
 		this.mvc.perform(options("/").with(this.preflight())).andExpect(corsResponseHeaders())
 				.andExpect(status().isOk());
 	}
@@ -115,12 +106,10 @@ public class HttpCorsConfigTests {
 	private RequestPostProcessor cors(boolean preflight) {
 		return (request) -> {
 			request.addHeader(HttpHeaders.ORIGIN, "https://example.com");
-
 			if (preflight) {
 				request.setMethod(HttpMethod.OPTIONS.name());
 				request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, HttpMethod.POST.name());
 			}
-
 			return request;
 		};
 	}
@@ -149,7 +138,6 @@ public class HttpCorsConfigTests {
 			CorsConfiguration configuration = new CorsConfiguration();
 			configuration.setAllowedOrigins(Arrays.asList("*"));
 			configuration.setAllowedMethods(Arrays.asList(RequestMethod.GET.name(), RequestMethod.POST.name()));
-
 			super.registerCorsConfiguration("/**", configuration);
 		}
 
diff --git a/config/src/test/java/org/springframework/security/config/http/HttpHeadersConfigTests.java b/config/src/test/java/org/springframework/security/config/http/HttpHeadersConfigTests.java
index ef52dec747..da112ae731 100644
--- a/config/src/test/java/org/springframework/security/config/http/HttpHeadersConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/HttpHeadersConfigTests.java
@@ -51,7 +51,6 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
 public class HttpHeadersConfigTests {
 
 	private static final String CONFIG_LOCATION_PREFIX = "classpath:org/springframework/security/config/http/HttpHeadersConfigTests";
-
 	static final Map<String, String> defaultHeaders = ImmutableMap.<String, String>builder()
 			.put("X-Content-Type-Options", "nosniff").put("X-Frame-Options", "DENY")
 			.put("Strict-Transport-Security", "max-age=31536000 ; includeSubDomains")
@@ -66,39 +65,28 @@ public class HttpHeadersConfigTests {
 
 	@Test
 	public void requestWhenHeadersDisabledThenResponseExcludesAllSecureHeaders() throws Exception {
-
 		this.spring.configLocations(this.xml("HeadersDisabled")).autowire();
-
 		this.mvc.perform(get("/")).andExpect(status().isOk()).andExpect(excludesDefaults());
 	}
 
 	@Test
 	public void requestWhenHeadersDisabledViaPlaceholderThenResponseExcludesAllSecureHeaders() throws Exception {
-
 		System.setProperty("security.headers.disabled", "true");
-
 		this.spring.configLocations(this.xml("DisabledWithPlaceholder")).autowire();
-
 		this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(excludesDefaults());
 	}
 
 	@Test
 	public void requestWhenHeadersEnabledViaPlaceholderThenResponseIncludesAllSecureHeaders() throws Exception {
-
 		System.setProperty("security.headers.disabled", "false");
-
 		this.spring.configLocations(this.xml("DisabledWithPlaceholder")).autowire();
-
 		this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(includesDefaults());
 	}
 
 	@Test
 	public void requestWhenHeadersDisabledRefMissingPlaceholderThenResponseIncludesAllSecureHeaders() throws Exception {
-
 		System.clearProperty("security.headers.disabled");
-
 		this.spring.configLocations(this.xml("DisabledWithPlaceholder")).autowire();
-
 		this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(includesDefaults());
 	}
 
@@ -111,28 +99,21 @@ public class HttpHeadersConfigTests {
 
 	@Test
 	public void requestWhenHeadersEnabledThenResponseContainsAllSecureHeaders() throws Exception {
-
 		this.spring.configLocations(this.xml("DefaultConfig")).autowire();
-
 		this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(includesDefaults());
 	}
 
 	@Test
 	public void requestWhenHeadersElementUsedThenResponseContainsAllSecureHeaders() throws Exception {
-
 		this.spring.configLocations(this.xml("HeadersEnabled")).autowire();
-
 		this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(includesDefaults());
 	}
 
 	@Test
 	public void requestWhenFrameOptionsConfiguredThenIncludesHeader() throws Exception {
-
 		Map<String, String> headers = new HashMap(defaultHeaders);
 		headers.put("X-Frame-Options", "SAMEORIGIN");
-
 		this.spring.configLocations(this.xml("WithFrameOptions")).autowire();
-
 		this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(includes(headers));
 	}
 
@@ -141,86 +122,63 @@ public class HttpHeadersConfigTests {
 	 */
 	@Test
 	public void requestWhenDefaultsDisabledWithNoOverrideThenExcludesAllSecureHeaders() throws Exception {
-
 		this.spring.configLocations(this.xml("DefaultsDisabledWithNoOverride")).autowire();
-
 		this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(excludesDefaults());
 	}
 
 	@Test
 	public void requestWhenDefaultsDisabledWithPlaceholderTrueThenExcludesAllSecureHeaders() throws Exception {
-
 		System.setProperty("security.headers.defaults.disabled", "true");
-
 		this.spring.configLocations(this.xml("DefaultsDisabledWithPlaceholder")).autowire();
-
 		this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(excludesDefaults());
 	}
 
 	@Test
 	public void requestWhenDefaultsDisabledWithPlaceholderFalseThenIncludeAllSecureHeaders() throws Exception {
-
 		System.setProperty("security.headers.defaults.disabled", "false");
-
 		this.spring.configLocations(this.xml("DefaultsDisabledWithPlaceholder")).autowire();
-
 		this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(includesDefaults());
 	}
 
 	@Test
 	public void requestWhenDefaultsDisabledWithPlaceholderMissingThenIncludeAllSecureHeaders() throws Exception {
-
 		System.clearProperty("security.headers.defaults.disabled");
-
 		this.spring.configLocations(this.xml("DefaultsDisabledWithPlaceholder")).autowire();
-
 		this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(includesDefaults());
 	}
 
 	@Test
 	public void requestWhenUsingContentTypeOptionsThenDefaultsToNoSniff() throws Exception {
-
 		Set<String> excludedHeaders = new HashSet<>(defaultHeaders.keySet());
 		excludedHeaders.remove("X-Content-Type-Options");
-
 		this.spring.configLocations(this.xml("DefaultsDisabledWithContentTypeOptions")).autowire();
-
 		this.mvc.perform(get("/")).andExpect(status().isOk())
 				.andExpect(header().string("X-Content-Type-Options", "nosniff")).andExpect(excludes(excludedHeaders));
 	}
 
 	@Test
 	public void requestWhenUsingFrameOptionsThenDefaultsToDeny() throws Exception {
-
 		Set<String> excludedHeaders = new HashSet<>(defaultHeaders.keySet());
 		excludedHeaders.remove("X-Frame-Options");
-
 		this.spring.configLocations(this.xml("DefaultsDisabledWithFrameOptions")).autowire();
-
 		this.mvc.perform(get("/")).andExpect(status().isOk()).andExpect(header().string("X-Frame-Options", "DENY"))
 				.andExpect(excludes(excludedHeaders));
 	}
 
 	@Test
 	public void requestWhenUsingFrameOptionsDenyThenRespondsWithDeny() throws Exception {
-
 		Set<String> excludedHeaders = new HashSet<>(defaultHeaders.keySet());
 		excludedHeaders.remove("X-Frame-Options");
-
 		this.spring.configLocations(this.xml("DefaultsDisabledWithFrameOptionsDeny")).autowire();
-
 		this.mvc.perform(get("/")).andExpect(status().isOk()).andExpect(header().string("X-Frame-Options", "DENY"))
 				.andExpect(excludes(excludedHeaders));
 	}
 
 	@Test
 	public void requestWhenUsingFrameOptionsSameOriginThenRespondsWithSameOrigin() throws Exception {
-
 		Set<String> excludedHeaders = new HashSet<>(defaultHeaders.keySet());
 		excludedHeaders.remove("X-Frame-Options");
-
 		this.spring.configLocations(this.xml("DefaultsDisabledWithFrameOptionsSameOrigin")).autowire();
-
 		this.mvc.perform(get("/")).andExpect(status().isOk())
 				.andExpect(header().string("X-Frame-Options", "SAMEORIGIN")).andExpect(excludes(excludedHeaders));
 	}
@@ -249,12 +207,9 @@ public class HttpHeadersConfigTests {
 
 	@Test
 	public void requestWhenUsingFrameOptionsAllowFromThenRespondsWithAllowFrom() throws Exception {
-
 		Set<String> excludedHeaders = new HashSet<>(defaultHeaders.keySet());
 		excludedHeaders.remove("X-Frame-Options");
-
 		this.spring.configLocations(this.xml("DefaultsDisabledWithFrameOptionsAllowFrom")).autowire();
-
 		this.mvc.perform(get("/")).andExpect(status().isOk())
 				.andExpect(header().string("X-Frame-Options", "ALLOW-FROM https://example.org"))
 				.andExpect(excludes(excludedHeaders));
@@ -262,34 +217,26 @@ public class HttpHeadersConfigTests {
 
 	@Test
 	public void requestWhenUsingFrameOptionsAllowFromWhitelistThenRespondsWithAllowFrom() throws Exception {
-
 		Set<String> excludedHeaders = new HashSet<>(defaultHeaders.keySet());
 		excludedHeaders.remove("X-Frame-Options");
-
 		this.spring.configLocations(this.xml("DefaultsDisabledWithFrameOptionsAllowFromWhitelist")).autowire();
-
 		this.mvc.perform(get("/").param("from", "https://example.org")).andExpect(status().isOk())
 				.andExpect(header().string("X-Frame-Options", "ALLOW-FROM https://example.org"))
 				.andExpect(excludes(excludedHeaders));
-
 		this.mvc.perform(get("/")).andExpect(status().isOk()).andExpect(header().string("X-Frame-Options", "DENY"))
 				.andExpect(excludes(excludedHeaders));
 	}
 
 	@Test
 	public void requestWhenUsingCustomHeaderThenRespondsWithThatHeader() throws Exception {
-
 		this.spring.configLocations(this.xml("DefaultsDisabledWithCustomHeader")).autowire();
-
 		this.mvc.perform(get("/")).andExpect(status().isOk()).andExpect(header().string("a", "b"))
 				.andExpect(header().string("c", "d")).andExpect(excludesDefaults());
 	}
 
 	@Test
 	public void requestWhenUsingCustomHeaderWriterThenRespondsWithThatHeader() throws Exception {
-
 		this.spring.configLocations(this.xml("DefaultsDisabledWithCustomHeaderWriter")).autowire();
-
 		this.mvc.perform(get("/")).andExpect(status().isOk()).andExpect(header().string("abc", "def"))
 				.andExpect(excludesDefaults());
 	}
@@ -309,36 +256,27 @@ public class HttpHeadersConfigTests {
 
 	@Test
 	public void requestWhenUsingXssProtectionThenDefaultsToModeBlock() throws Exception {
-
 		Set<String> excludedHeaders = new HashSet<>(defaultHeaders.keySet());
 		excludedHeaders.remove("X-XSS-Protection");
-
 		this.spring.configLocations(this.xml("DefaultsDisabledWithXssProtection")).autowire();
-
 		this.mvc.perform(get("/")).andExpect(status().isOk())
 				.andExpect(header().string("X-XSS-Protection", "1; mode=block")).andExpect(excludes(excludedHeaders));
 	}
 
 	@Test
 	public void requestWhenEnablingXssProtectionThenDefaultsToModeBlock() throws Exception {
-
 		Set<String> excludedHeaders = new HashSet<>(defaultHeaders.keySet());
 		excludedHeaders.remove("X-XSS-Protection");
-
 		this.spring.configLocations(this.xml("DefaultsDisabledWithXssProtectionEnabled")).autowire();
-
 		this.mvc.perform(get("/")).andExpect(status().isOk())
 				.andExpect(header().string("X-XSS-Protection", "1; mode=block")).andExpect(excludes(excludedHeaders));
 	}
 
 	@Test
 	public void requestWhenDisablingXssProtectionThenDefaultsToZero() throws Exception {
-
 		Set<String> excludedHeaders = new HashSet<>(defaultHeaders.keySet());
 		excludedHeaders.remove("X-XSS-Protection");
-
 		this.spring.configLocations(this.xml("DefaultsDisabledWithXssProtectionDisabled")).autowire();
-
 		this.mvc.perform(get("/")).andExpect(status().isOk()).andExpect(header().string("X-XSS-Protection", "0"))
 				.andExpect(excludes(excludedHeaders));
 	}
@@ -353,24 +291,18 @@ public class HttpHeadersConfigTests {
 
 	@Test
 	public void requestWhenUsingCacheControlThenRespondsWithCorrespondingHeaders() throws Exception {
-
 		Map<String, String> includedHeaders = ImmutableMap.<String, String>builder()
 				.put("Cache-Control", "no-cache, no-store, max-age=0, must-revalidate").put("Expires", "0")
 				.put("Pragma", "no-cache").build();
-
 		this.spring.configLocations(this.xml("DefaultsDisabledWithCacheControl")).autowire();
-
 		this.mvc.perform(get("/")).andExpect(status().isOk()).andExpect(includes(includedHeaders));
 	}
 
 	@Test
 	public void requestWhenUsingHstsThenRespondsWithHstsHeader() throws Exception {
-
 		Set<String> excludedHeaders = new HashSet<>(defaultHeaders.keySet());
 		excludedHeaders.remove("Strict-Transport-Security");
-
 		this.spring.configLocations(this.xml("DefaultsDisabledWithHsts")).autowire();
-
 		this.mvc.perform(get("/").secure(true)).andExpect(status().isOk())
 				.andExpect(header().string("Strict-Transport-Security", "max-age=31536000 ; includeSubDomains"))
 				.andExpect(excludes(excludedHeaders));
@@ -378,20 +310,15 @@ public class HttpHeadersConfigTests {
 
 	@Test
 	public void insecureRequestWhenUsingHstsThenExcludesHstsHeader() throws Exception {
-
 		this.spring.configLocations(this.xml("DefaultsDisabledWithHsts")).autowire();
-
 		this.mvc.perform(get("/")).andExpect(status().isOk()).andExpect(excludesDefaults());
 	}
 
 	@Test
 	public void insecureRequestWhenUsingCustomHstsRequestMatcherThenIncludesHstsHeader() throws Exception {
-
 		Set<String> excludedHeaders = new HashSet<>(defaultHeaders.keySet());
 		excludedHeaders.remove("Strict-Transport-Security");
-
 		this.spring.configLocations(this.xml("DefaultsDisabledWithCustomHstsRequestMatcher")).autowire();
-
 		this.mvc.perform(get("/")).andExpect(status().isOk())
 				.andExpect(header().string("Strict-Transport-Security", "max-age=1"))
 				.andExpect(excludes(excludedHeaders));
@@ -414,7 +341,6 @@ public class HttpHeadersConfigTests {
 	@Test
 	public void requestWhenUsingHpkpThenIncludesHpkpHeader() throws Exception {
 		this.spring.configLocations(this.xml("DefaultsDisabledWithHpkp")).autowire();
-
 		this.mvc.perform(get("/").secure(true)).andExpect(status().isOk())
 				.andExpect(header().string("Public-Key-Pins-Report-Only",
 						"max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\""))
@@ -424,7 +350,6 @@ public class HttpHeadersConfigTests {
 	@Test
 	public void requestWhenUsingHpkpDefaultsThenIncludesHpkpHeaderUsingSha256() throws Exception {
 		this.spring.configLocations(this.xml("DefaultsDisabledWithHpkpDefaults")).autowire();
-
 		this.mvc.perform(get("/").secure(true)).andExpect(status().isOk())
 				.andExpect(header().string("Public-Key-Pins-Report-Only",
 						"max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\""))
@@ -434,7 +359,6 @@ public class HttpHeadersConfigTests {
 	@Test
 	public void insecureRequestWhenUsingHpkpThenExcludesHpkpHeader() throws Exception {
 		this.spring.configLocations(this.xml("DefaultsDisabledWithHpkpDefaults")).autowire();
-
 		this.mvc.perform(get("/")).andExpect(status().isOk())
 				.andExpect(header().doesNotExist("Public-Key-Pins-Report-Only")).andExpect(excludesDefaults());
 	}
@@ -442,7 +366,6 @@ public class HttpHeadersConfigTests {
 	@Test
 	public void requestWhenUsingHpkpCustomMaxAgeThenIncludesHpkpHeaderAccordingly() throws Exception {
 		this.spring.configLocations(this.xml("DefaultsDisabledWithHpkpMaxAge")).autowire();
-
 		this.mvc.perform(get("/").secure(true)).andExpect(status().isOk())
 				.andExpect(header().string("Public-Key-Pins-Report-Only",
 						"max-age=604800 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\""))
@@ -452,7 +375,6 @@ public class HttpHeadersConfigTests {
 	@Test
 	public void requestWhenUsingHpkpReportThenIncludesHpkpHeaderAccordingly() throws Exception {
 		this.spring.configLocations(this.xml("DefaultsDisabledWithHpkpReport")).autowire();
-
 		this.mvc.perform(get("/").secure(true)).andExpect(status().isOk())
 				.andExpect(header().string("Public-Key-Pins",
 						"max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\""))
@@ -462,7 +384,6 @@ public class HttpHeadersConfigTests {
 	@Test
 	public void requestWhenUsingHpkpIncludeSubdomainsThenIncludesHpkpHeaderAccordingly() throws Exception {
 		this.spring.configLocations(this.xml("DefaultsDisabledWithHpkpIncludeSubdomains")).autowire();
-
 		this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(header().string(
 				"Public-Key-Pins-Report-Only",
 				"max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\" ; includeSubDomains"))
@@ -472,7 +393,6 @@ public class HttpHeadersConfigTests {
 	@Test
 	public void requestWhenUsingHpkpReportUriThenIncludesHpkpHeaderAccordingly() throws Exception {
 		this.spring.configLocations(this.xml("DefaultsDisabledWithHpkpReportUri")).autowire();
-
 		this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(header().string(
 				"Public-Key-Pins-Report-Only",
 				"max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\" ; report-uri=\"https://example.net/pkp-report\""))
@@ -481,68 +401,51 @@ public class HttpHeadersConfigTests {
 
 	@Test
 	public void requestWhenCacheControlDisabledThenExcludesHeader() throws Exception {
-
 		Collection<String> cacheControl = Arrays.asList("Cache-Control", "Expires", "Pragma");
 		Map<String, String> allButCacheControl = remove(defaultHeaders, cacheControl);
-
 		this.spring.configLocations(this.xml("CacheControlDisabled")).autowire();
-
 		this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(includes(allButCacheControl))
 				.andExpect(excludes(cacheControl));
 	}
 
 	@Test
 	public void requestWhenContentTypeOptionsDisabledThenExcludesHeader() throws Exception {
-
 		Collection<String> contentTypeOptions = Arrays.asList("X-Content-Type-Options");
 		Map<String, String> allButContentTypeOptions = remove(defaultHeaders, contentTypeOptions);
-
 		this.spring.configLocations(this.xml("ContentTypeOptionsDisabled")).autowire();
-
 		this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(includes(allButContentTypeOptions))
 				.andExpect(excludes(contentTypeOptions));
 	}
 
 	@Test
 	public void requestWhenHstsDisabledThenExcludesHeader() throws Exception {
-
 		Collection<String> hsts = Arrays.asList("Strict-Transport-Security");
 		Map<String, String> allButHsts = remove(defaultHeaders, hsts);
-
 		this.spring.configLocations(this.xml("HstsDisabled")).autowire();
-
 		this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(includes(allButHsts))
 				.andExpect(excludes(hsts));
 	}
 
 	@Test
 	public void requestWhenHpkpDisabledThenExcludesHeader() throws Exception {
-
 		this.spring.configLocations(this.xml("HpkpDisabled")).autowire();
-
 		this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(includesDefaults());
 	}
 
 	@Test
 	public void requestWhenFrameOptionsDisabledThenExcludesHeader() throws Exception {
-
 		Collection<String> frameOptions = Arrays.asList("X-Frame-Options");
 		Map<String, String> allButFrameOptions = remove(defaultHeaders, frameOptions);
-
 		this.spring.configLocations(this.xml("FrameOptionsDisabled")).autowire();
-
 		this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(includes(allButFrameOptions))
 				.andExpect(excludes(frameOptions));
 	}
 
 	@Test
 	public void requestWhenXssProtectionDisabledThenExcludesHeader() throws Exception {
-
 		Collection<String> xssProtection = Arrays.asList("X-XSS-Protection");
 		Map<String, String> allButXssProtection = remove(defaultHeaders, xssProtection);
-
 		this.spring.configLocations(this.xml("XssProtectionDisabled")).autowire();
-
 		this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(includes(allButXssProtection))
 				.andExpect(excludes(xssProtection));
 	}
@@ -589,29 +492,22 @@ public class HttpHeadersConfigTests {
 
 	@Test
 	public void requestWhenContentSecurityPolicyDirectivesConfiguredThenIncludesDirectives() throws Exception {
-
 		Map<String, String> includedHeaders = new HashMap<>(defaultHeaders);
 		includedHeaders.put("Content-Security-Policy", "default-src 'self'");
-
 		this.spring.configLocations(this.xml("ContentSecurityPolicyWithPolicyDirectives")).autowire();
-
 		this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(includes(includedHeaders));
 	}
 
 	@Test
 	public void requestWhenHeadersDisabledAndContentSecurityPolicyConfiguredThenExcludesHeader() throws Exception {
-
 		this.spring.configLocations(this.xml("HeadersDisabledWithContentSecurityPolicy")).autowire();
-
 		this.mvc.perform(get("/")).andExpect(status().isOk()).andExpect(excludesDefaults())
 				.andExpect(excludes("Content-Security-Policy"));
 	}
 
 	@Test
 	public void requestWhenDefaultsDisabledAndContentSecurityPolicyConfiguredThenIncludesHeader() throws Exception {
-
 		this.spring.configLocations(this.xml("DefaultsDisabledWithContentSecurityPolicy")).autowire();
-
 		this.mvc.perform(get("/")).andExpect(status().isOk()).andExpect(excludesDefaults())
 				.andExpect(header().string("Content-Security-Policy", "default-src 'self'"));
 	}
@@ -626,30 +522,23 @@ public class HttpHeadersConfigTests {
 	@Test
 	public void requestWhenContentSecurityPolicyConfiguredWithReportOnlyThenIncludesReportOnlyHeader()
 			throws Exception {
-
 		Map<String, String> includedHeaders = new HashMap<>(defaultHeaders);
 		includedHeaders.put("Content-Security-Policy-Report-Only",
 				"default-src https:; report-uri https://example.org/");
-
 		this.spring.configLocations(this.xml("ContentSecurityPolicyWithReportOnly")).autowire();
-
 		this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(includes(includedHeaders));
 	}
 
 	@Test
 	public void requestWhenReferrerPolicyConfiguredThenResponseDefaultsToNoReferrer() throws Exception {
-
 		this.spring.configLocations(this.xml("DefaultsDisabledWithReferrerPolicy")).autowire();
-
 		this.mvc.perform(get("/")).andExpect(status().isOk()).andExpect(excludesDefaults())
 				.andExpect(header().string("Referrer-Policy", "no-referrer"));
 	}
 
 	@Test
 	public void requestWhenReferrerPolicyConfiguredWithSameOriginThenRespondsWithSameOrigin() throws Exception {
-
 		this.spring.configLocations(this.xml("DefaultsDisabledWithReferrerPolicySameOrigin")).autowire();
-
 		this.mvc.perform(get("/")).andExpect(status().isOk()).andExpect(excludesDefaults())
 				.andExpect(header().string("Referrer-Policy", "same-origin"));
 	}
@@ -684,11 +573,9 @@ public class HttpHeadersConfigTests {
 
 	private static <K, V> Map<K, V> remove(Map<K, V> map, Collection<K> keys) {
 		Map<K, V> copy = new HashMap<>(map);
-
 		for (K key : keys) {
 			copy.remove(key);
 		}
-
 		return copy;
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/http/HttpInterceptUrlTests.java b/config/src/test/java/org/springframework/security/config/http/HttpInterceptUrlTests.java
index 614c072d60..671a392dae 100644
--- a/config/src/test/java/org/springframework/security/config/http/HttpInterceptUrlTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/HttpInterceptUrlTests.java
@@ -48,11 +48,8 @@ public class HttpInterceptUrlTests {
 	@Test
 	public void interceptUrlWhenRequestMatcherRefThenWorks() throws Exception {
 		loadConfig("interceptUrlWhenRequestMatcherRefThenWorks.xml");
-
 		this.mockMvc.perform(get("/foo")).andExpect(status().isUnauthorized());
-
 		this.mockMvc.perform(get("/FOO")).andExpect(status().isUnauthorized());
-
 		this.mockMvc.perform(get("/other")).andExpect(status().isOk());
 	}
 
@@ -65,9 +62,7 @@ public class HttpInterceptUrlTests {
 		context.setServletContext(new MockServletContext());
 		context.refresh();
 		this.context = context;
-
 		context.getAutowireCapableBeanFactory().autowireBean(this);
-
 		Filter springSecurityFilterChain = context.getBean("springSecurityFilterChain", Filter.class);
 		this.mockMvc = MockMvcBuilders.standaloneSetup(new FooController()).addFilters(springSecurityFilterChain)
 				.build();
diff --git a/config/src/test/java/org/springframework/security/config/http/InterceptUrlConfigTests.java b/config/src/test/java/org/springframework/security/config/http/InterceptUrlConfigTests.java
index 07b4708f9e..1b7d40c339 100644
--- a/config/src/test/java/org/springframework/security/config/http/InterceptUrlConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/InterceptUrlConfigTests.java
@@ -64,11 +64,8 @@ public class InterceptUrlConfigTests {
 	 */
 	@Test
 	public void requestWhenMethodIsSpecifiedThenItIsNotGivenPriority() throws Exception {
-
 		this.spring.configLocations(this.xml("Sec2256")).autowire();
-
 		this.mvc.perform(post("/path").with(httpBasic("user", "password"))).andExpect(status().isOk());
-
 		this.mvc.perform(get("/path").with(httpBasic("user", "password"))).andExpect(status().isOk());
 	}
 
@@ -77,24 +74,16 @@ public class InterceptUrlConfigTests {
 	 */
 	@Test
 	public void requestWhenUsingPatchThenAuthorizesRequestsAccordingly() throws Exception {
-
 		this.spring.configLocations(this.xml("PatchMethod")).autowire();
-
 		this.mvc.perform(get("/path").with(httpBasic("user", "password"))).andExpect(status().isOk());
-
 		this.mvc.perform(patch("/path").with(httpBasic("user", "password"))).andExpect(status().isForbidden());
-
 		this.mvc.perform(patch("/path").with(httpBasic("admin", "password"))).andExpect(status().isOk());
-
 	}
 
 	@Test
 	public void requestWhenUsingHasAnyRoleThenAuthorizesRequestsAccordingly() throws Exception {
-
 		this.spring.configLocations(this.xml("HasAnyRole")).autowire();
-
 		this.mvc.perform(get("/path").with(httpBasic("user", "password"))).andExpect(status().isOk());
-
 		this.mvc.perform(get("/path").with(httpBasic("admin", "password"))).andExpect(status().isForbidden());
 	}
 
@@ -103,14 +92,10 @@ public class InterceptUrlConfigTests {
 	 */
 	@Test
 	public void requestWhenUsingPathVariablesThenAuthorizesRequestsAccordingly() throws Exception {
-
 		this.spring.configLocations(this.xml("PathVariables")).autowire();
-
 		this.mvc.perform(get("/path/user/path").with(httpBasic("user", "password"))).andExpect(status().isOk());
-
 		this.mvc.perform(get("/path/otheruser/path").with(httpBasic("user", "password")))
 				.andExpect(status().isForbidden());
-
 		this.mvc.perform(get("/path").with(httpBasic("user", "password"))).andExpect(status().isForbidden());
 	}
 
@@ -119,14 +104,10 @@ public class InterceptUrlConfigTests {
 	 */
 	@Test
 	public void requestWhenUsingCamelCasePathVariablesThenAuthorizesRequestsAccordingly() throws Exception {
-
 		this.spring.configLocations(this.xml("CamelCasePathVariables")).autowire();
-
 		this.mvc.perform(get("/path/user/path").with(httpBasic("user", "password"))).andExpect(status().isOk());
-
 		this.mvc.perform(get("/path/otheruser/path").with(httpBasic("user", "password")))
 				.andExpect(status().isForbidden());
-
 		this.mvc.perform(get("/PATH/user/path").with(httpBasic("user", "password"))).andExpect(status().isForbidden());
 	}
 
@@ -135,55 +116,37 @@ public class InterceptUrlConfigTests {
 	 */
 	@Test
 	public void requestWhenUsingPathVariablesAndTypeConversionThenAuthorizesRequestsAccordingly() throws Exception {
-
 		this.spring.configLocations(this.xml("TypeConversionPathVariables")).autowire();
-
 		this.mvc.perform(get("/path/1/path").with(httpBasic("user", "password"))).andExpect(status().isOk());
-
 		this.mvc.perform(get("/path/2/path").with(httpBasic("user", "password"))).andExpect(status().isForbidden());
-
 	}
 
 	@Test
 	public void requestWhenUsingMvcMatchersThenAuthorizesRequestsAccordingly() throws Exception {
-
 		this.spring.configLocations(this.xml("MvcMatchers")).autowire();
-
 		this.mvc.perform(get("/path")).andExpect(status().isUnauthorized());
-
 		this.mvc.perform(get("/path.html")).andExpect(status().isUnauthorized());
-
 		this.mvc.perform(get("/path/")).andExpect(status().isUnauthorized());
 	}
 
 	@Test
 	public void requestWhenUsingMvcMatchersAndPathVariablesThenAuthorizesRequestsAccordingly() throws Exception {
-
 		this.spring.configLocations(this.xml("MvcMatchersPathVariables")).autowire();
-
 		this.mvc.perform(get("/path/user/path").with(httpBasic("user", "password"))).andExpect(status().isOk());
-
 		this.mvc.perform(get("/path/otheruser/path").with(httpBasic("user", "password")))
 				.andExpect(status().isForbidden());
-
 		this.mvc.perform(get("/PATH/user/path").with(httpBasic("user", "password"))).andExpect(status().isForbidden());
 	}
 
 	@Test
 	public void requestWhenUsingMvcMatchersAndServletPathThenAuthorizesRequestsAccordingly() throws Exception {
-
 		this.spring.configLocations(this.xml("MvcMatchersServletPath")).autowire();
-
 		MockServletContext servletContext = mockServletContext("/spring");
 		ConfigurableWebApplicationContext context = this.spring.getContext();
 		context.setServletContext(servletContext);
-
 		this.mvc.perform(get("/spring/path").servletPath("/spring")).andExpect(status().isUnauthorized());
-
 		this.mvc.perform(get("/spring/path.html").servletPath("/spring")).andExpect(status().isUnauthorized());
-
 		this.mvc.perform(get("/spring/path/").servletPath("/spring")).andExpect(status().isUnauthorized());
-
 	}
 
 	@Test
diff --git a/config/src/test/java/org/springframework/security/config/http/MiscHttpConfigTests.java b/config/src/test/java/org/springframework/security/config/http/MiscHttpConfigTests.java
index 56c9106964..1438a39056 100644
--- a/config/src/test/java/org/springframework/security/config/http/MiscHttpConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/MiscHttpConfigTests.java
@@ -161,41 +161,29 @@ public class MiscHttpConfigTests {
 
 	@Test
 	public void requestWhenUsingDebugFilterAndPatternIsNotConfigureForSecurityThenRespondsOk() throws Exception {
-
 		this.spring.configLocations(xml("NoSecurityForPattern")).autowire();
-
 		this.mvc.perform(get("/unprotected")).andExpect(status().isNotFound());
-
 		this.mvc.perform(get("/nomatch")).andExpect(status().isNotFound());
 	}
 
 	@Test
 	public void requestWhenHttpPatternUsesRegexMatchingThenMatchesAccordingly() throws Exception {
-
 		this.spring.configLocations(xml("RegexSecurityPattern")).autowire();
-
 		this.mvc.perform(get("/protected")).andExpect(status().isUnauthorized());
-
 		this.mvc.perform(get("/unprotected")).andExpect(status().isNotFound());
 	}
 
 	@Test
 	public void requestWhenHttpPatternUsesCiRegexMatchingThenMatchesAccordingly() throws Exception {
-
 		this.spring.configLocations(xml("CiRegexSecurityPattern")).autowire();
-
 		this.mvc.perform(get("/ProTectEd")).andExpect(status().isUnauthorized());
-
 		this.mvc.perform(get("/UnProTectEd")).andExpect(status().isNotFound());
 	}
 
 	@Test
 	public void requestWhenHttpPatternUsesCustomRequestMatcherThenMatchesAccordingly() throws Exception {
-
 		this.spring.configLocations(xml("CustomRequestMatcher")).autowire();
-
 		this.mvc.perform(get("/protected")).andExpect(status().isUnauthorized());
-
 		this.mvc.perform(get("/unprotected")).andExpect(status().isNotFound());
 	}
 
@@ -204,94 +192,64 @@ public class MiscHttpConfigTests {
 	 */
 	@Test
 	public void requestWhenUsingMinimalConfigurationThenHonorsAnonymousEndpoints() throws Exception {
-
 		this.spring.configLocations(xml("AnonymousEndpoints")).autowire();
-
 		this.mvc.perform(get("/protected")).andExpect(status().isUnauthorized());
-
 		this.mvc.perform(get("/unprotected")).andExpect(status().isNotFound());
-
 		assertThat(getFilter(AnonymousAuthenticationFilter.class)).isNotNull();
 	}
 
 	@Test
 	public void requestWhenAnonymousIsDisabledThenRejectsAnonymousEndpoints() throws Exception {
-
 		this.spring.configLocations(xml("AnonymousDisabled")).autowire();
-
 		this.mvc.perform(get("/protected")).andExpect(status().isUnauthorized());
-
 		this.mvc.perform(get("/unprotected")).andExpect(status().isUnauthorized());
-
 		assertThat(getFilter(AnonymousAuthenticationFilter.class)).isNull();
 	}
 
 	@Test
 	public void requestWhenAnonymousUsesCustomAttributesThenRespondsWithThoseAttributes() throws Exception {
-
 		this.spring.configLocations(xml("AnonymousCustomAttributes")).autowire();
-
 		this.mvc.perform(get("/protected").with(httpBasic("user", "password"))).andExpect(status().isForbidden());
-
 		this.mvc.perform(get("/protected")).andExpect(status().isOk()).andExpect(content().string("josh"));
-
 		this.mvc.perform(get("/customKey")).andExpect(status().isOk())
 				.andExpect(content().string(String.valueOf("myCustomKey".hashCode())));
 	}
 
 	@Test
 	public void requestWhenAnonymousUsesMultipleGrantedAuthoritiesThenRespondsWithThoseAttributes() throws Exception {
-
 		this.spring.configLocations(xml("AnonymousMultipleAuthorities")).autowire();
-
 		this.mvc.perform(get("/protected").with(httpBasic("user", "password"))).andExpect(status().isForbidden());
-
 		this.mvc.perform(get("/protected")).andExpect(status().isOk()).andExpect(content().string("josh"));
-
 		this.mvc.perform(get("/customKey")).andExpect(status().isOk())
 				.andExpect(content().string(String.valueOf("myCustomKey".hashCode())));
 	}
 
 	@Test
 	public void requestWhenInterceptUrlMatchesMethodThenSecuresAccordingly() throws Exception {
-
 		this.spring.configLocations(xml("InterceptUrlMethod")).autowire();
-
 		this.mvc.perform(get("/protected").with(httpBasic("user", "password"))).andExpect(status().isOk());
-
 		this.mvc.perform(post("/protected").with(httpBasic("user", "password"))).andExpect(status().isForbidden());
-
 		this.mvc.perform(post("/protected").with(httpBasic("poster", "password"))).andExpect(status().isOk());
-
 		this.mvc.perform(delete("/protected").with(httpBasic("poster", "password"))).andExpect(status().isForbidden());
-
 		this.mvc.perform(delete("/protected").with(httpBasic("admin", "password"))).andExpect(status().isOk());
 	}
 
 	@Test
 	public void requestWhenInterceptUrlMatchesMethodAndRequiresHttpsThenSecuresAccordingly() throws Exception {
-
 		this.spring.configLocations(xml("InterceptUrlMethodRequiresHttps")).autowire();
-
 		this.mvc.perform(post("/protected").with(csrf())).andExpect(status().isOk());
-
 		this.mvc.perform(get("/protected").secure(true).with(httpBasic("user", "password")))
 				.andExpect(status().isForbidden());
-
 		this.mvc.perform(get("/protected").secure(true).with(httpBasic("admin", "password")))
 				.andExpect(status().isOk());
 	}
 
 	@Test
 	public void requestWhenInterceptUrlMatchesAnyPatternAndRequiresHttpsThenSecuresAccordingly() throws Exception {
-
 		this.spring.configLocations(xml("InterceptUrlMethodRequiresHttpsAny")).autowire();
-
 		this.mvc.perform(post("/protected").with(csrf())).andExpect(status().isOk());
-
 		this.mvc.perform(get("/protected").secure(true).with(httpBasic("user", "password")))
 				.andExpect(status().isForbidden());
-
 		this.mvc.perform(get("/protected").secure(true).with(httpBasic("admin", "password")))
 				.andExpect(status().isOk());
 	}
@@ -299,20 +257,15 @@ public class MiscHttpConfigTests {
 	@Test
 	public void configureWhenOncePerRequestIsFalseThenFilterSecurityInterceptorExercisedForForwards() {
 		this.spring.configLocations(xml("OncePerRequest")).autowire();
-
 		FilterSecurityInterceptor filterSecurityInterceptor = getFilter(FilterSecurityInterceptor.class);
 		assertThat(filterSecurityInterceptor.isObserveOncePerRequest()).isFalse();
 	}
 
 	@Test
 	public void requestWhenCustomHttpBasicEntryPointRefThenInvokesOnCommence() throws Exception {
-
 		this.spring.configLocations(xml("CustomHttpBasicEntryPointRef")).autowire();
-
 		AuthenticationEntryPoint entryPoint = this.spring.getContext().getBean(AuthenticationEntryPoint.class);
-
 		this.mvc.perform(get("/protected")).andExpect(status().isOk());
-
 		verify(entryPoint).commence(any(HttpServletRequest.class), any(HttpServletResponse.class),
 				any(AuthenticationException.class));
 	}
@@ -326,7 +279,6 @@ public class MiscHttpConfigTests {
 	@Test
 	public void getWhenPortsMappedThenRedirectedAccordingly() throws Exception {
 		this.spring.configLocations(xml("PortsMappedInterceptUrlMethodRequiresAny")).autowire();
-
 		this.mvc.perform(get("http://localhost:9080/protected"))
 				.andExpect(redirectedUrl("https://localhost:9443/protected"));
 	}
@@ -335,11 +287,8 @@ public class MiscHttpConfigTests {
 	public void configureWhenCustomFiltersThenAddedToChainInCorrectOrder() {
 		System.setProperty("customFilterRef", "userFilter");
 		this.spring.configLocations(xml("CustomFilters")).autowire();
-
 		List<Filter> filters = getFilters("/");
-
 		Class<?> userFilterClass = this.spring.getContext().getBean("userFilter").getClass();
-
 		assertThat(filters).extracting((Extractor<Filter, Class<?>>) (filter) -> filter.getClass()).containsSubsequence(
 				userFilterClass, userFilterClass, SecurityContextPersistenceFilter.class, LogoutFilter.class,
 				userFilterClass);
@@ -354,7 +303,6 @@ public class MiscHttpConfigTests {
 	@Test
 	public void configureWhenUsingX509ThenAddsX509FilterCorrectly() {
 		this.spring.configLocations(xml("X509")).autowire();
-
 		assertThat(getFilters("/")).extracting((Extractor<Filter, Class<?>>) (filter) -> filter.getClass())
 				.containsSubsequence(CsrfFilter.class, X509AuthenticationFilter.class,
 						ExceptionTranslationFilter.class);
@@ -364,7 +312,6 @@ public class MiscHttpConfigTests {
 	public void getWhenUsingX509AndPropertyPlaceholderThenSubjectPrincipalRegexIsConfigured() throws Exception {
 		System.setProperty("subject_principal_regex", "OU=(.*?)(?:,|$)");
 		this.spring.configLocations(xml("X509")).autowire();
-
 		this.mvc.perform(get("/protected")
 				.with(x509("classpath:org/springframework/security/config/http/MiscHttpConfigTests-certificate.pem")))
 				.andExpect(status().isOk());
@@ -379,9 +326,7 @@ public class MiscHttpConfigTests {
 	@Test
 	public void logoutWhenSpecifyingCookiesToDeleteThenSetCookieAdded() throws Exception {
 		this.spring.configLocations(xml("DeleteCookies")).autowire();
-
 		MvcResult result = this.mvc.perform(post("/logout").with(csrf())).andReturn();
-
 		List<String> values = result.getResponse().getHeaders("Set-Cookie");
 		assertThat(values.size()).isEqualTo(2);
 		assertThat(values).extracting((value) -> value.split("=")[0]).contains("JSESSIONID", "mycookie");
@@ -390,29 +335,22 @@ public class MiscHttpConfigTests {
 	@Test
 	public void logoutWhenSpecifyingSuccessHandlerRefThenResponseHandledAccordingly() throws Exception {
 		this.spring.configLocations(xml("LogoutSuccessHandlerRef")).autowire();
-
 		this.mvc.perform(post("/logout").with(csrf())).andExpect(redirectedUrl("/logoutSuccessEndpoint"));
 	}
 
 	@Test
 	public void getWhenUnauthenticatedThenUsesConfiguredRequestCache() throws Exception {
 		this.spring.configLocations(xml("RequestCache")).autowire();
-
 		RequestCache requestCache = this.spring.getContext().getBean(RequestCache.class);
-
 		this.mvc.perform(get("/"));
-
 		verify(requestCache).saveRequest(any(HttpServletRequest.class), any(HttpServletResponse.class));
 	}
 
 	@Test
 	public void getWhenUnauthenticatedThenUsesConfiguredAuthenticationEntryPoint() throws Exception {
 		this.spring.configLocations(xml("EntryPoint")).autowire();
-
 		AuthenticationEntryPoint entryPoint = this.spring.getContext().getBean(AuthenticationEntryPoint.class);
-
 		this.mvc.perform(get("/"));
-
 		verify(entryPoint).commence(any(HttpServletRequest.class), any(HttpServletResponse.class),
 				any(AuthenticationException.class));
 	}
@@ -426,38 +364,29 @@ public class MiscHttpConfigTests {
 	@Test
 	public void configureWhenUsingCustomUserDetailsServiceThenBeanPostProcessorsAreStillApplied() {
 		this.spring.configLocations(xml("Sec750")).autowire();
-
 		BeanNameCollectingPostProcessor postProcessor = this.spring.getContext()
 				.getBean(BeanNameCollectingPostProcessor.class);
-
 		assertThat(postProcessor.getBeforeInitPostProcessedBeans()).contains("authenticationProvider", "userService");
 		assertThat(postProcessor.getAfterInitPostProcessedBeans()).contains("authenticationProvider", "userService");
-
 	}
 
 	/* SEC-934 */
 	@Test
 	public void getWhenUsingTwoIdenticalInterceptUrlsThenTheSecondTakesPrecedence() throws Exception {
 		this.spring.configLocations(xml("Sec934")).autowire();
-
 		this.mvc.perform(get("/protected").with(httpBasic("user", "password"))).andExpect(status().isOk());
-
 		this.mvc.perform(get("/protected").with(httpBasic("admin", "password"))).andExpect(status().isForbidden());
 	}
 
 	@Test
 	public void getWhenAuthenticatingThenConsultsCustomSecurityContextRepository() throws Exception {
 		this.spring.configLocations(xml("SecurityContextRepository")).autowire();
-
 		SecurityContextRepository repository = this.spring.getContext().getBean(SecurityContextRepository.class);
 		SecurityContext context = new SecurityContextImpl(new TestingAuthenticationToken("user", "password"));
 		given(repository.loadContext(any(HttpRequestResponseHolder.class))).willReturn(context);
-
 		MvcResult result = this.mvc.perform(get("/protected").with(httpBasic("user", "password")))
 				.andExpect(status().isOk()).andReturn();
-
 		assertThat(result.getRequest().getSession(false)).isNotNull();
-
 		verify(repository, atLeastOnce()).saveContext(any(SecurityContext.class), any(HttpServletRequest.class),
 				any(HttpServletResponse.class));
 	}
@@ -465,25 +394,18 @@ public class MiscHttpConfigTests {
 	@Test
 	public void getWhenUsingInterceptUrlExpressionsThenAuthorizesAccordingly() throws Exception {
 		this.spring.configLocations(xml("InterceptUrlExpressions")).autowire();
-
 		this.mvc.perform(get("/protected").with(httpBasic("admin", "password"))).andExpect(status().isOk());
-
 		this.mvc.perform(get("/protected").with(httpBasic("user", "password"))).andExpect(status().isForbidden());
-
 		this.mvc.perform(get("/unprotected").with(httpBasic("user", "password"))).andExpect(status().isOk());
-
 	}
 
 	@Test
 	public void getWhenUsingCustomExpressionHandlerThenAuthorizesAccordingly() throws Exception {
 		this.spring.configLocations(xml("ExpressionHandler")).autowire();
-
 		PermissionEvaluator permissionEvaluator = this.spring.getContext().getBean(PermissionEvaluator.class);
 		given(permissionEvaluator.hasPermission(any(Authentication.class), any(Object.class), any(Object.class)))
 				.willReturn(false);
-
 		this.mvc.perform(get("/").with(httpBasic("user", "password"))).andExpect(status().isForbidden());
-
 		verify(permissionEvaluator).hasPermission(any(Authentication.class), any(Object.class), any(Object.class));
 	}
 
@@ -491,26 +413,19 @@ public class MiscHttpConfigTests {
 	public void configureWhenProtectingLoginPageThenWarningLogged() {
 		ByteArrayOutputStream baos = new ByteArrayOutputStream();
 		redirectLogsTo(baos, DefaultFilterChainValidator.class);
-
 		this.spring.configLocations(xml("ProtectedLoginPage")).autowire();
-
 		assertThat(baos.toString()).contains("[WARN]");
 	}
 
 	@Test
 	public void configureWhenUsingDisableUrlRewritingThenRedirectIsNotEncodedByResponse()
 			throws IOException, ServletException {
-
 		this.spring.configLocations(xml("DisableUrlRewriting")).autowire();
-
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", "/");
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		FilterChainProxy proxy = this.spring.getContext().getBean(FilterChainProxy.class);
-
 		proxy.doFilter(request, new EncodeUrlDenyingHttpServletResponseWrapper(response), (req, resp) -> {
 		});
-
 		assertThat(response.getStatus()).isEqualTo(HttpStatus.SC_MOVED_TEMPORARILY);
 		assertThat(response.getRedirectedUrl()).isEqualTo("http://localhost/login");
 	}
@@ -520,11 +435,9 @@ public class MiscHttpConfigTests {
 		assertThatCode(
 				() -> this.spring.configLocations(MiscHttpConfigTests.xml("MissingUserDetailsService")).autowire())
 						.isInstanceOf(BeansException.class);
-
 		try (XmlWebApplicationContext parent = new XmlWebApplicationContext()) {
 			parent.setConfigLocations(MiscHttpConfigTests.xml("AutoConfig"));
 			parent.refresh();
-
 			try (XmlWebApplicationContext child = new XmlWebApplicationContext()) {
 				child.setParent(parent);
 				child.setConfigLocation(MiscHttpConfigTests.xml("MissingUserDetailsService"));
@@ -536,9 +449,7 @@ public class MiscHttpConfigTests {
 	@Test
 	public void loginWhenConfiguredWithNoInternalAuthenticationProvidersThenSuccessfullyAuthenticates()
 			throws Exception {
-
 		this.spring.configLocations(xml("NoInternalAuthenticationProviders")).autowire();
-
 		this.mvc.perform(post("/login").param("username", "user").param("password", "password"))
 				.andExpect(redirectedUrl("/"));
 	}
@@ -546,16 +457,13 @@ public class MiscHttpConfigTests {
 	@Test
 	public void loginWhenUsingDefaultsThenErasesCredentialsAfterAuthentication() throws Exception {
 		this.spring.configLocations(xml("HttpBasic")).autowire();
-
 		this.mvc.perform(get("/password").with(httpBasic("user", "password"))).andExpect(content().string(""));
 	}
 
 	@Test
 	public void loginWhenAuthenticationManagerConfiguredToEraseCredentialsThenErasesCredentialsAfterAuthentication()
 			throws Exception {
-
 		this.spring.configLocations(xml("AuthenticationManagerEraseCredentials")).autowire();
-
 		this.mvc.perform(get("/password").with(httpBasic("user", "password"))).andExpect(content().string(""));
 	}
 
@@ -565,28 +473,22 @@ public class MiscHttpConfigTests {
 	@Test
 	public void loginWhenAuthenticationManagerRefConfiguredToKeepCredentialsThenKeepsCredentialsAfterAuthentication()
 			throws Exception {
-
 		this.spring.configLocations(xml("AuthenticationManagerRefKeepCredentials")).autowire();
-
 		this.mvc.perform(get("/password").with(httpBasic("user", "password"))).andExpect(content().string("password"));
 	}
 
 	@Test
 	public void loginWhenAuthenticationManagerRefIsNotAProviderManagerThenKeepsCredentialsAccordingly()
 			throws Exception {
-
 		this.spring.configLocations(xml("AuthenticationManagerRefNotProviderManager")).autowire();
-
 		this.mvc.perform(get("/password").with(httpBasic("user", "password"))).andExpect(content().string("password"));
 	}
 
 	@Test
 	public void loginWhenJeeFilterThenExtractsRoles() throws Exception {
 		this.spring.configLocations(xml("JeeFilter")).autowire();
-
 		Principal user = mock(Principal.class);
 		given(user.getName()).willReturn("joe");
-
 		this.mvc.perform(get("/roles").principal(user).with((request) -> {
 			request.addUserRole("admin");
 			request.addUserRole("user");
@@ -598,26 +500,19 @@ public class MiscHttpConfigTests {
 	@Test
 	public void loginWhenUsingCustomAuthenticationDetailsSourceRefThenAuthenticationSourcesDetailsAccordingly()
 			throws Exception {
-
 		this.spring.configLocations(xml("CustomAuthenticationDetailsSourceRef")).autowire();
-
 		Object details = mock(Object.class);
 		AuthenticationDetailsSource source = this.spring.getContext().getBean(AuthenticationDetailsSource.class);
 		given(source.buildDetails(any(Object.class))).willReturn(details);
-
 		this.mvc.perform(get("/details").with(httpBasic("user", "password")))
 				.andExpect(content().string(details.getClass().getName()));
-
 		this.mvc.perform(get("/details")
 				.with(x509("classpath:org/springframework/security/config/http/MiscHttpConfigTests-certificate.pem")))
 				.andExpect(content().string(details.getClass().getName()));
-
 		MockHttpSession session = (MockHttpSession) this.mvc
 				.perform(post("/login").param("username", "user").param("password", "password").with(csrf()))
 				.andReturn().getRequest().getSession(false);
-
 		this.mvc.perform(get("/details").session(session)).andExpect(content().string(details.getClass().getName()));
-
 		assertThat(ReflectionTestUtils.getField(getFilter(OpenIDAuthenticationFilter.class),
 				"authenticationDetailsSource")).isEqualTo(source);
 	}
@@ -625,29 +520,24 @@ public class MiscHttpConfigTests {
 	@Test
 	public void loginWhenUsingJaasApiProvisionThenJaasSubjectContainsUsername() throws Exception {
 		this.spring.configLocations(xml("Jaas")).autowire();
-
 		AuthorityGranter granter = this.spring.getContext().getBean(AuthorityGranter.class);
 		given(granter.grant(any(Principal.class))).willReturn(new HashSet<>(Arrays.asList("USER")));
-
 		this.mvc.perform(get("/username").with(httpBasic("user", "password"))).andExpect(content().string("user"));
 	}
 
 	@Test
 	public void getWhenUsingCustomHttpFirewallThenFirewallIsInvoked() throws Exception {
 		this.spring.configLocations(xml("HttpFirewall")).autowire();
-
 		FirewalledRequest request = new FirewalledRequest(new MockHttpServletRequest()) {
 			@Override
 			public void reset() {
 			}
 		};
 		HttpServletResponse response = new MockHttpServletResponse();
-
 		HttpFirewall firewall = this.spring.getContext().getBean(HttpFirewall.class);
 		given(firewall.getFirewalledRequest(any(HttpServletRequest.class))).willReturn(request);
 		given(firewall.getFirewalledResponse(any(HttpServletResponse.class))).willReturn(response);
 		this.mvc.perform(get("/unprotected"));
-
 		verify(firewall).getFirewalledRequest(any(HttpServletRequest.class));
 		verify(firewall).getFirewalledResponse(any(HttpServletResponse.class));
 	}
@@ -655,22 +545,18 @@ public class MiscHttpConfigTests {
 	@Test
 	public void getWhenUsingCustomRequestRejectedHandlerThenRequestRejectedHandlerIsInvoked() throws Exception {
 		this.spring.configLocations(xml("RequestRejectedHandler")).autowire();
-
 		HttpServletResponse response = new MockHttpServletResponse();
-
 		RequestRejectedException rejected = new RequestRejectedException("failed");
 		HttpFirewall firewall = this.spring.getContext().getBean(HttpFirewall.class);
 		RequestRejectedHandler requestRejectedHandler = this.spring.getContext().getBean(RequestRejectedHandler.class);
 		given(firewall.getFirewalledRequest(any(HttpServletRequest.class))).willThrow(rejected);
 		this.mvc.perform(get("/unprotected"));
-
 		verify(requestRejectedHandler).handle(any(), any(), any());
 	}
 
 	@Test
 	public void getWhenUsingCustomAccessDecisionManagerThenAuthorizesAccordingly() throws Exception {
 		this.spring.configLocations(xml("CustomAccessDecisionManager")).autowire();
-
 		this.mvc.perform(get("/unprotected").with(httpBasic("user", "password"))).andExpect(status().isForbidden());
 	}
 
@@ -680,16 +566,13 @@ public class MiscHttpConfigTests {
 	@Test
 	public void authenticateWhenUsingPortMapperThenRedirectsAppropriately() throws Exception {
 		this.spring.configLocations(xml("PortsMappedRequiresHttps")).autowire();
-
 		MockHttpSession session = (MockHttpSession) this.mvc.perform(get("https://localhost:9080/protected"))
 				.andExpect(redirectedUrl("https://localhost:9443/login")).andReturn().getRequest().getSession(false);
-
 		session = (MockHttpSession) this.mvc
 				.perform(post("/login").param("username", "user").param("password", "password").session(session)
 						.with(csrf()))
 				.andExpect(redirectedUrl("https://localhost:9443/protected")).andReturn().getRequest()
 				.getSession(false);
-
 		this.mvc.perform(get("http://localhost:9080/protected").session(session))
 				.andExpect(redirectedUrl("https://localhost:9443/protected"));
 	}
@@ -715,7 +598,6 @@ public class MiscHttpConfigTests {
 
 	private void assertThatFiltersMatchExpectedAutoConfigList(String url) {
 		Iterator<Filter> filters = getFilters(url).iterator();
-
 		assertThat(filters.next()).isInstanceOf(SecurityContextPersistenceFilter.class);
 		assertThat(filters.next()).isInstanceOf(WebAsyncManagerIntegrationFilter.class);
 		assertThat(filters.next()).isInstanceOf(HeaderWriterFilter.class);
@@ -768,11 +650,9 @@ public class MiscHttpConfigTests {
 		@GetMapping("/customKey")
 		String customKey() {
 			Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
-
 			if (authentication != null && authentication instanceof AnonymousAuthenticationToken) {
 				return String.valueOf(((AnonymousAuthenticationToken) authentication).getKeyHash());
 			}
-
 			return null;
 		}
 
diff --git a/config/src/test/java/org/springframework/security/config/http/MultiHttpBlockConfigTests.java b/config/src/test/java/org/springframework/security/config/http/MultiHttpBlockConfigTests.java
index dd3fb990e3..4c19f1d5d2 100644
--- a/config/src/test/java/org/springframework/security/config/http/MultiHttpBlockConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/MultiHttpBlockConfigTests.java
@@ -52,12 +52,9 @@ public class MultiHttpBlockConfigTests {
 
 	@Test
 	public void requestWhenUsingMutuallyExclusiveHttpElementsThenIsRoutedAccordingly() throws Exception {
-
 		this.spring.configLocations(this.xml("DistinctHttpElements")).autowire();
-
 		this.mvc.perform(MockMvcRequestBuilders.get("/first").with(httpBasic("user", "password")))
 				.andExpect(status().isOk());
-
 		this.mvc.perform(post("/second/login").param("username", "user").param("password", "password").with(csrf()))
 				.andExpect(status().isFound()).andExpect(redirectedUrl("/"));
 	}
@@ -80,11 +77,8 @@ public class MultiHttpBlockConfigTests {
 	@Test
 	public void requestWhenTargettingAuthenticationManagersToCorrespondingHttpElementsThenAuthenticationProceeds()
 			throws Exception {
-
 		this.spring.configLocations(this.xml("Sec1937")).autowire();
-
 		this.mvc.perform(get("/first").with(httpBasic("first", "password")).with(csrf())).andExpect(status().isOk());
-
 		this.mvc.perform(post("/second/login").param("username", "second").param("password", "password").with(csrf()))
 				.andExpect(redirectedUrl("/"));
 	}
diff --git a/config/src/test/java/org/springframework/security/config/http/NamespaceHttpBasicTests.java b/config/src/test/java/org/springframework/security/config/http/NamespaceHttpBasicTests.java
index 028ccf8f6a..166757825d 100644
--- a/config/src/test/java/org/springframework/security/config/http/NamespaceHttpBasicTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/NamespaceHttpBasicTests.java
@@ -88,12 +88,9 @@ public class NamespaceHttpBasicTests {
 			"	<b:bean id=\"passwordEncoder\"\n" +
 			"		class=\"org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder\" />");
 			// @formatter:on
-
 		this.request.addHeader("Authorization",
 				"Basic " + Base64.getEncoder().encodeToString("user:test".getBytes("UTF-8")));
-
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
 	}
 
@@ -108,9 +105,7 @@ public class NamespaceHttpBasicTests {
 			"\n" +
 			"	<authentication-manager />");
 		// @formatter:on
-
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
 		assertThat(this.response.getHeader("WWW-Authenticate")).isEqualTo("Basic realm=\"Realm\"");
 	}
diff --git a/config/src/test/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserTests.java
index 0b0842641d..a6ade1e729 100644
--- a/config/src/test/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserTests.java
@@ -100,7 +100,6 @@ public class OAuth2ClientBeanDefinitionParserTests {
 	@Test
 	public void requestWhenAuthorizeThenRedirect() throws Exception {
 		this.spring.configLocations(xml("Minimal")).autowire();
-
 		MvcResult result = this.mvc.perform(get("/oauth2/authorization/google")).andExpect(status().is3xxRedirection())
 				.andReturn();
 		assertThat(result.getResponse().getRedirectedUrl()).matches(
@@ -111,58 +110,46 @@ public class OAuth2ClientBeanDefinitionParserTests {
 	@Test
 	public void requestWhenCustomClientRegistrationRepositoryThenCalled() throws Exception {
 		this.spring.configLocations(xml("CustomClientRegistrationRepository")).autowire();
-
 		ClientRegistration clientRegistration = CommonOAuth2Provider.GOOGLE.getBuilder("google")
 				.clientId("google-client-id").clientSecret("google-client-secret")
 				.redirectUri("http://localhost/callback/google").scope("scope1", "scope2").build();
 		given(this.clientRegistrationRepository.findByRegistrationId(any())).willReturn(clientRegistration);
-
 		MvcResult result = this.mvc.perform(get("/oauth2/authorization/google")).andExpect(status().is3xxRedirection())
 				.andReturn();
 		assertThat(result.getResponse().getRedirectedUrl()).matches(
 				"https://accounts.google.com/o/oauth2/v2/auth\\?" + "response_type=code&client_id=google-client-id&"
 						+ "scope=scope1%20scope2&state=.{15,}&redirect_uri=http://localhost/callback/google");
-
 		verify(this.clientRegistrationRepository).findByRegistrationId(any());
 	}
 
 	@Test
 	public void requestWhenCustomAuthorizationRequestResolverThenCalled() throws Exception {
 		this.spring.configLocations(xml("CustomConfiguration")).autowire();
-
 		ClientRegistration clientRegistration = this.clientRegistrationRepository.findByRegistrationId("google");
-
 		OAuth2AuthorizationRequest authorizationRequest = createAuthorizationRequest(clientRegistration);
 		given(this.authorizationRequestResolver.resolve(any())).willReturn(authorizationRequest);
-
 		this.mvc.perform(get("/oauth2/authorization/google")).andExpect(status().is3xxRedirection())
 				.andExpect(redirectedUrl("https://accounts.google.com/o/oauth2/v2/auth?"
 						+ "response_type=code&client_id=google-client-id&"
 						+ "scope=scope1%20scope2&state=state&redirect_uri=http://localhost/callback/google"));
-
 		verify(this.authorizationRequestResolver).resolve(any());
 	}
 
 	@Test
 	public void requestWhenAuthorizationResponseMatchThenProcess() throws Exception {
 		this.spring.configLocations(xml("CustomConfiguration")).autowire();
-
 		ClientRegistration clientRegistration = this.clientRegistrationRepository.findByRegistrationId("google");
-
 		OAuth2AuthorizationRequest authorizationRequest = createAuthorizationRequest(clientRegistration);
 		given(this.authorizationRequestRepository.loadAuthorizationRequest(any())).willReturn(authorizationRequest);
 		given(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any()))
 				.willReturn(authorizationRequest);
-
 		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build();
 		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse);
-
 		MultiValueMap<String, String> params = new LinkedMultiValueMap<>();
 		params.add("code", "code123");
 		params.add("state", authorizationRequest.getState());
 		this.mvc.perform(get(authorizationRequest.getRedirectUri()).params(params))
 				.andExpect(status().is3xxRedirection()).andExpect(redirectedUrl(authorizationRequest.getRedirectUri()));
-
 		ArgumentCaptor<OAuth2AuthorizedClient> authorizedClientCaptor = ArgumentCaptor
 				.forClass(OAuth2AuthorizedClient.class);
 		verify(this.authorizedClientRepository).saveAuthorizedClient(authorizedClientCaptor.capture(), any(), any(),
@@ -176,23 +163,18 @@ public class OAuth2ClientBeanDefinitionParserTests {
 	@Test
 	public void requestWhenCustomAuthorizedClientServiceThenCalled() throws Exception {
 		this.spring.configLocations(xml("CustomAuthorizedClientService")).autowire();
-
 		ClientRegistration clientRegistration = this.clientRegistrationRepository.findByRegistrationId("google");
-
 		OAuth2AuthorizationRequest authorizationRequest = createAuthorizationRequest(clientRegistration);
 		given(this.authorizationRequestRepository.loadAuthorizationRequest(any())).willReturn(authorizationRequest);
 		given(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any()))
 				.willReturn(authorizationRequest);
-
 		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build();
 		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse);
-
 		MultiValueMap<String, String> params = new LinkedMultiValueMap<>();
 		params.add("code", "code123");
 		params.add("state", authorizationRequest.getState());
 		this.mvc.perform(get(authorizationRequest.getRedirectUri()).params(params))
 				.andExpect(status().is3xxRedirection()).andExpect(redirectedUrl(authorizationRequest.getRedirectUri()));
-
 		verify(this.authorizedClientService).saveAuthorizedClient(any(), any());
 	}
 
@@ -200,13 +182,10 @@ public class OAuth2ClientBeanDefinitionParserTests {
 	@Test
 	public void requestWhenAuthorizedClientFoundThenMethodArgumentResolved() throws Exception {
 		this.spring.configLocations(xml("AuthorizedClientArgumentResolver")).autowire();
-
 		ClientRegistration clientRegistration = this.clientRegistrationRepository.findByRegistrationId("google");
-
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(clientRegistration, "user",
 				TestOAuth2AccessTokens.noScopes());
 		given(this.authorizedClientRepository.loadAuthorizedClient(any(), any(), any())).willReturn(authorizedClient);
-
 		this.mvc.perform(get("/authorized-client")).andExpect(status().isOk()).andExpect(content().string("resolved"));
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/http/OAuth2LoginBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/http/OAuth2LoginBeanDefinitionParserTests.java
index 190fd7e704..50e77f770c 100644
--- a/config/src/test/java/org/springframework/security/config/http/OAuth2LoginBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/OAuth2LoginBeanDefinitionParserTests.java
@@ -144,9 +144,7 @@ public class OAuth2LoginBeanDefinitionParserTests {
 	@Test
 	public void requestLoginWhenMultiClientRegistrationThenReturnLoginPageWithClients() throws Exception {
 		this.spring.configLocations(this.xml("MultiClientRegistration")).autowire();
-
 		MvcResult result = this.mvc.perform(get("/login")).andExpect(status().is2xxSuccessful()).andReturn();
-
 		assertThat(result.getResponse().getContentAsString())
 				.contains("<a href=\"/oauth2/authorization/google-login\">Google</a>");
 		assertThat(result.getResponse().getContentAsString())
@@ -157,10 +155,8 @@ public class OAuth2LoginBeanDefinitionParserTests {
 	@Test
 	public void requestWhenSingleClientRegistrationThenAutoRedirect() throws Exception {
 		this.spring.configLocations(this.xml("SingleClientRegistration")).autowire();
-
 		this.mvc.perform(get("/")).andExpect(status().is3xxRedirection())
 				.andExpect(redirectedUrl("http://localhost/oauth2/authorization/google-login"));
-
 		verify(this.requestCache).saveRequest(any(), any());
 	}
 
@@ -169,7 +165,6 @@ public class OAuth2LoginBeanDefinitionParserTests {
 	public void requestWhenSingleClientRegistrationAndRequestFaviconNotAuthenticatedThenRedirectDefaultLoginPage()
 			throws Exception {
 		this.spring.configLocations(this.xml("SingleClientRegistration")).autowire();
-
 		this.mvc.perform(get("/favicon.ico").accept(new MediaType("image", "*"))).andExpect(status().is3xxRedirection())
 				.andExpect(redirectedUrl("http://localhost/login"));
 	}
@@ -179,7 +174,6 @@ public class OAuth2LoginBeanDefinitionParserTests {
 	public void requestWhenSingleClientRegistrationAndRequestXHRNotAuthenticatedThenDoesNotRedirectForAuthorization()
 			throws Exception {
 		this.spring.configLocations(this.xml("SingleClientRegistration")).autowire();
-
 		this.mvc.perform(get("/").header("X-Requested-With", "XMLHttpRequest")).andExpect(status().is3xxRedirection())
 				.andExpect(redirectedUrl("http://localhost/login"));
 	}
@@ -188,12 +182,10 @@ public class OAuth2LoginBeanDefinitionParserTests {
 	public void requestWhenAuthorizationRequestNotFoundThenThrowAuthenticationException() throws Exception {
 		this.spring.configLocations(this.xml("SingleClientRegistration-WithCustomAuthenticationFailureHandler"))
 				.autowire();
-
 		MultiValueMap<String, String> params = new LinkedMultiValueMap<>();
 		params.add("code", "code123");
 		params.add("state", "state123");
 		this.mvc.perform(get("/login/oauth2/code/google").params(params));
-
 		ArgumentCaptor<AuthenticationException> exceptionCaptor = ArgumentCaptor
 				.forClass(AuthenticationException.class);
 		verify(this.authenticationFailureHandler).onAuthenticationFailure(any(), any(), exceptionCaptor.capture());
@@ -206,25 +198,20 @@ public class OAuth2LoginBeanDefinitionParserTests {
 	@Test
 	public void requestWhenAuthorizationResponseValidThenAuthenticate() throws Exception {
 		this.spring.configLocations(this.xml("MultiClientRegistration-WithCustomConfiguration")).autowire();
-
 		Map<String, Object> attributes = new HashMap<>();
 		attributes.put(OAuth2ParameterNames.REGISTRATION_ID, "github-login");
 		OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request()
 				.attributes(attributes).build();
 		given(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any()))
 				.willReturn(authorizationRequest);
-
 		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build();
 		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse);
-
 		OAuth2User oauth2User = TestOAuth2Users.create();
 		given(this.oauth2UserService.loadUser(any())).willReturn(oauth2User);
-
 		MultiValueMap<String, String> params = new LinkedMultiValueMap<>();
 		params.add("code", "code123");
 		params.add("state", authorizationRequest.getState());
 		this.mvc.perform(get("/login/oauth2/code/github-login").params(params)).andExpect(status().is2xxSuccessful());
-
 		ArgumentCaptor<Authentication> authenticationCaptor = ArgumentCaptor.forClass(Authentication.class);
 		verify(this.authenticationSuccessHandler).onAuthenticationSuccess(any(), any(), authenticationCaptor.capture());
 		Authentication authentication = authenticationCaptor.getValue();
@@ -235,25 +222,20 @@ public class OAuth2LoginBeanDefinitionParserTests {
 	@Test
 	public void requestWhenAuthorizationResponseValidThenAuthenticationSuccessEventPublished() throws Exception {
 		this.spring.configLocations(this.xml("MultiClientRegistration-WithCustomConfiguration")).autowire();
-
 		Map<String, Object> attributes = new HashMap<>();
 		attributes.put(OAuth2ParameterNames.REGISTRATION_ID, "github-login");
 		OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request()
 				.attributes(attributes).build();
 		given(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any()))
 				.willReturn(authorizationRequest);
-
 		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build();
 		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse);
-
 		OAuth2User oauth2User = TestOAuth2Users.create();
 		given(this.oauth2UserService.loadUser(any())).willReturn(oauth2User);
-
 		MultiValueMap<String, String> params = new LinkedMultiValueMap<>();
 		params.add("code", "code123");
 		params.add("state", authorizationRequest.getState());
 		this.mvc.perform(get("/login/oauth2/code/github-login").params(params));
-
 		verify(this.authenticationSuccessListener).onApplicationEvent(any(AuthenticationSuccessEvent.class));
 	}
 
@@ -261,27 +243,22 @@ public class OAuth2LoginBeanDefinitionParserTests {
 	public void requestWhenOidcAuthenticationResponseValidThenJwtDecoderFactoryCalled() throws Exception {
 		this.spring.configLocations(this.xml("SingleClientRegistration-WithJwtDecoderFactoryAndDefaultSuccessHandler"))
 				.autowire();
-
 		Map<String, Object> attributes = new HashMap<>();
 		attributes.put(OAuth2ParameterNames.REGISTRATION_ID, "google-login");
 		OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.oidcRequest()
 				.attributes(attributes).build();
 		given(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any()))
 				.willReturn(authorizationRequest);
-
 		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.oidcAccessTokenResponse()
 				.build();
 		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse);
-
 		Jwt jwt = TestJwts.user();
 		given(this.jwtDecoderFactory.createDecoder(any())).willReturn((token) -> jwt);
-
 		MultiValueMap<String, String> params = new LinkedMultiValueMap<>();
 		params.add("code", "code123");
 		params.add("state", authorizationRequest.getState());
 		this.mvc.perform(get("/login/oauth2/code/google-login").params(params)).andExpect(status().is3xxRedirection())
 				.andExpect(redirectedUrl("/"));
-
 		verify(this.jwtDecoderFactory).createDecoder(any());
 		verify(this.requestCache).getRequest(any(), any());
 	}
@@ -290,28 +267,22 @@ public class OAuth2LoginBeanDefinitionParserTests {
 	@Test
 	public void requestWhenCustomGrantedAuthoritiesMapperThenCalled() throws Exception {
 		this.spring.configLocations(this.xml("MultiClientRegistration-WithCustomGrantedAuthorities")).autowire();
-
 		Map<String, Object> attributes = new HashMap<>();
 		attributes.put(OAuth2ParameterNames.REGISTRATION_ID, "github-login");
 		OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request()
 				.attributes(attributes).build();
 		given(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any()))
 				.willReturn(authorizationRequest);
-
 		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build();
 		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse);
-
 		OAuth2User oauth2User = TestOAuth2Users.create();
 		given(this.oauth2UserService.loadUser(any())).willReturn(oauth2User);
-
 		given(this.userAuthoritiesMapper.mapAuthorities(any()))
 				.willReturn((Collection) AuthorityUtils.createAuthorityList("ROLE_OAUTH2_USER"));
-
 		MultiValueMap<String, String> params = new LinkedMultiValueMap<>();
 		params.add("code", "code123");
 		params.add("state", authorizationRequest.getState());
 		this.mvc.perform(get("/login/oauth2/code/github-login").params(params)).andExpect(status().is2xxSuccessful());
-
 		ArgumentCaptor<Authentication> authenticationCaptor = ArgumentCaptor.forClass(Authentication.class);
 		verify(this.authenticationSuccessHandler).onAuthenticationSuccess(any(), any(), authenticationCaptor.capture());
 		Authentication authentication = authenticationCaptor.getValue();
@@ -319,25 +290,19 @@ public class OAuth2LoginBeanDefinitionParserTests {
 		assertThat(authentication.getAuthorities()).hasSize(1);
 		assertThat(authentication.getAuthorities()).first().isInstanceOf(SimpleGrantedAuthority.class)
 				.hasToString("ROLE_OAUTH2_USER");
-
 		// re-setup for OIDC test
 		attributes = new HashMap<>();
 		attributes.put(OAuth2ParameterNames.REGISTRATION_ID, "google-login");
 		authorizationRequest = TestOAuth2AuthorizationRequests.oidcRequest().attributes(attributes).build();
 		given(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any()))
 				.willReturn(authorizationRequest);
-
 		accessTokenResponse = TestOAuth2AccessTokenResponses.oidcAccessTokenResponse().build();
 		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse);
-
 		Jwt jwt = TestJwts.user();
 		given(this.jwtDecoderFactory.createDecoder(any())).willReturn((token) -> jwt);
-
 		given(this.userAuthoritiesMapper.mapAuthorities(any()))
 				.willReturn((Collection) AuthorityUtils.createAuthorityList("ROLE_OIDC_USER"));
-
 		this.mvc.perform(get("/login/oauth2/code/google-login").params(params)).andExpect(status().is2xxSuccessful());
-
 		authenticationCaptor = ArgumentCaptor.forClass(Authentication.class);
 		verify(this.authenticationSuccessHandler, times(2)).onAuthenticationSuccess(any(), any(),
 				authenticationCaptor.capture());
@@ -352,25 +317,20 @@ public class OAuth2LoginBeanDefinitionParserTests {
 	@Test
 	public void requestWhenCustomLoginProcessingUrlThenProcessAuthentication() throws Exception {
 		this.spring.configLocations(this.xml("MultiClientRegistration-WithCustomLoginProcessingUrl")).autowire();
-
 		Map<String, Object> attributes = new HashMap<>();
 		attributes.put(OAuth2ParameterNames.REGISTRATION_ID, "github-login");
 		OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request()
 				.attributes(attributes).build();
 		given(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any()))
 				.willReturn(authorizationRequest);
-
 		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build();
 		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse);
-
 		OAuth2User oauth2User = TestOAuth2Users.create();
 		given(this.oauth2UserService.loadUser(any())).willReturn(oauth2User);
-
 		MultiValueMap<String, String> params = new LinkedMultiValueMap<>();
 		params.add("code", "code123");
 		params.add("state", authorizationRequest.getState());
 		this.mvc.perform(get("/login/oauth2/github-login").params(params)).andExpect(status().is2xxSuccessful());
-
 		ArgumentCaptor<Authentication> authenticationCaptor = ArgumentCaptor.forClass(Authentication.class);
 		verify(this.authenticationSuccessHandler).onAuthenticationSuccess(any(), any(), authenticationCaptor.capture());
 		Authentication authentication = authenticationCaptor.getValue();
@@ -382,9 +342,7 @@ public class OAuth2LoginBeanDefinitionParserTests {
 	public void requestWhenCustomAuthorizationRequestResolverThenCalled() throws Exception {
 		this.spring.configLocations(this.xml("SingleClientRegistration-WithCustomAuthorizationRequestResolver"))
 				.autowire();
-
 		this.mvc.perform(get("/oauth2/authorization/google-login")).andExpect(status().is3xxRedirection());
-
 		verify(this.authorizationRequestResolver).resolve(any());
 	}
 
@@ -392,7 +350,6 @@ public class OAuth2LoginBeanDefinitionParserTests {
 	@Test
 	public void requestWhenMultiClientRegistrationThenRedirectDefaultLoginPage() throws Exception {
 		this.spring.configLocations(this.xml("MultiClientRegistration")).autowire();
-
 		this.mvc.perform(get("/")).andExpect(status().is3xxRedirection())
 				.andExpect(redirectedUrl("http://localhost/login"));
 	}
@@ -400,7 +357,6 @@ public class OAuth2LoginBeanDefinitionParserTests {
 	@Test
 	public void requestWhenCustomLoginPageThenRedirectCustomLoginPage() throws Exception {
 		this.spring.configLocations(this.xml("SingleClientRegistration-WithCustomLoginPage")).autowire();
-
 		this.mvc.perform(get("/")).andExpect(status().is3xxRedirection())
 				.andExpect(redirectedUrl("http://localhost/custom-login"));
 	}
@@ -410,7 +366,6 @@ public class OAuth2LoginBeanDefinitionParserTests {
 	public void requestWhenSingleClientRegistrationAndFormLoginConfiguredThenRedirectDefaultLoginPage()
 			throws Exception {
 		this.spring.configLocations(this.xml("SingleClientRegistration-WithFormLogin")).autowire();
-
 		this.mvc.perform(get("/")).andExpect(status().is3xxRedirection())
 				.andExpect(redirectedUrl("http://localhost/login"));
 	}
@@ -418,84 +373,66 @@ public class OAuth2LoginBeanDefinitionParserTests {
 	@Test
 	public void requestWhenCustomClientRegistrationRepositoryThenCalled() throws Exception {
 		this.spring.configLocations(this.xml("WithCustomClientRegistrationRepository")).autowire();
-
 		ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build();
 		given(this.clientRegistrationRepository.findByRegistrationId(any())).willReturn(clientRegistration);
-
 		Map<String, Object> attributes = new HashMap<>();
 		attributes.put(OAuth2ParameterNames.REGISTRATION_ID, clientRegistration.getRegistrationId());
 		OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request()
 				.attributes(attributes).build();
 		given(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any()))
 				.willReturn(authorizationRequest);
-
 		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build();
 		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse);
-
 		OAuth2User oauth2User = TestOAuth2Users.create();
 		given(this.oauth2UserService.loadUser(any())).willReturn(oauth2User);
-
 		MultiValueMap<String, String> params = new LinkedMultiValueMap<>();
 		params.add("code", "code123");
 		params.add("state", authorizationRequest.getState());
 		this.mvc.perform(get("/login/oauth2/code/" + clientRegistration.getRegistrationId()).params(params));
-
 		verify(this.clientRegistrationRepository).findByRegistrationId(clientRegistration.getRegistrationId());
 	}
 
 	@Test
 	public void requestWhenCustomAuthorizedClientRepositoryThenCalled() throws Exception {
 		this.spring.configLocations(this.xml("WithCustomAuthorizedClientRepository")).autowire();
-
 		ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build();
 		given(this.clientRegistrationRepository.findByRegistrationId(any())).willReturn(clientRegistration);
-
 		Map<String, Object> attributes = new HashMap<>();
 		attributes.put(OAuth2ParameterNames.REGISTRATION_ID, clientRegistration.getRegistrationId());
 		OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request()
 				.attributes(attributes).build();
 		given(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any()))
 				.willReturn(authorizationRequest);
-
 		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build();
 		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse);
-
 		OAuth2User oauth2User = TestOAuth2Users.create();
 		given(this.oauth2UserService.loadUser(any())).willReturn(oauth2User);
-
 		MultiValueMap<String, String> params = new LinkedMultiValueMap<>();
 		params.add("code", "code123");
 		params.add("state", authorizationRequest.getState());
 		this.mvc.perform(get("/login/oauth2/code/" + clientRegistration.getRegistrationId()).params(params));
-
 		verify(this.authorizedClientRepository).saveAuthorizedClient(any(), any(), any(), any());
 	}
 
 	@Test
 	public void requestWhenCustomAuthorizedClientServiceThenCalled() throws Exception {
 		this.spring.configLocations(this.xml("WithCustomAuthorizedClientService")).autowire();
-
 		ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build();
 		given(this.clientRegistrationRepository.findByRegistrationId(any())).willReturn(clientRegistration);
-
 		Map<String, Object> attributes = new HashMap<>();
 		attributes.put(OAuth2ParameterNames.REGISTRATION_ID, clientRegistration.getRegistrationId());
 		OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request()
 				.attributes(attributes).build();
 		given(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any()))
 				.willReturn(authorizationRequest);
-
 		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build();
 		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse);
-
 		OAuth2User oauth2User = TestOAuth2Users.create();
 		given(this.oauth2UserService.loadUser(any())).willReturn(oauth2User);
-
 		MultiValueMap<String, String> params = new LinkedMultiValueMap<>();
 		params.add("code", "code123");
 		params.add("state", authorizationRequest.getState());
 		this.mvc.perform(get("/login/oauth2/code/" + clientRegistration.getRegistrationId()).params(params));
-
 		verify(this.authorizedClientService).saveAuthorizedClient(any(), any());
 	}
 
@@ -503,13 +440,10 @@ public class OAuth2LoginBeanDefinitionParserTests {
 	@Test
 	public void requestWhenAuthorizedClientFoundThenMethodArgumentResolved() throws Exception {
 		this.spring.configLocations(xml("AuthorizedClientArgumentResolver")).autowire();
-
 		ClientRegistration clientRegistration = this.clientRegistrationRepository.findByRegistrationId("google-login");
-
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(clientRegistration, "user",
 				TestOAuth2AccessTokens.noScopes());
 		given(this.authorizedClientRepository.loadAuthorizedClient(any(), any(), any())).willReturn(authorizedClient);
-
 		this.mvc.perform(get("/authorized-client")).andExpect(status().isOk()).andExpect(content().string("resolved"));
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParserTests.java
index aa233653b1..9ba660ea3a 100644
--- a/config/src/test/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParserTests.java
@@ -138,7 +138,6 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 		this.spring.configLocations(xml("JwtRestOperations"), xml("Jwt")).autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("ValidNoScopes");
-
 		this.mvc.perform(get("/").header("Authorization", "Bearer " + token)).andExpect(status().isNotFound());
 	}
 
@@ -147,59 +146,48 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 		this.spring.configLocations(xml("WebServer"), xml("JwkSetUri")).autowire();
 		mockWebServer(jwks("Default"));
 		String token = this.token("ValidNoScopes");
-
 		this.mvc.perform(get("/").header("Authorization", "Bearer " + token)).andExpect(status().isNotFound());
 	}
 
 	@Test
 	public void getWhenExpiredBearerTokenThenInvalidToken() throws Exception {
-
 		this.spring.configLocations(xml("JwtRestOperations"), xml("Jwt")).autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("Expired");
-
 		this.mvc.perform(get("/").header("Authorization", "Bearer " + token)).andExpect(status().isUnauthorized())
 				.andExpect(invalidTokenHeader("An error occurred while attempting to decode the Jwt"));
 	}
 
 	@Test
 	public void getWhenBadJwkEndpointThenInvalidToken() throws Exception {
-
 		this.spring.configLocations(xml("JwtRestOperations"), xml("Jwt")).autowire();
 		mockRestOperations("malformed");
 		String token = this.token("ValidNoScopes");
-
 		this.mvc.perform(get("/").header("Authorization", "Bearer " + token)).andExpect(status().isUnauthorized())
 				.andExpect(header().string("WWW-Authenticate", "Bearer"));
 	}
 
 	@Test
 	public void getWhenUnavailableJwkEndpointThenInvalidToken() throws Exception {
-
 		this.spring.configLocations(xml("WebServer"), xml("JwkSetUri")).autowire();
 		this.web.shutdown();
 		String token = this.token("ValidNoScopes");
-
 		this.mvc.perform(get("/").header("Authorization", "Bearer " + token)).andExpect(status().isUnauthorized())
 				.andExpect(header().string("WWW-Authenticate", "Bearer"));
 	}
 
 	@Test
 	public void getWhenMalformedBearerTokenThenInvalidToken() throws Exception {
-
 		this.spring.configLocations(xml("JwkSetUri")).autowire();
-
 		this.mvc.perform(get("/").header("Authorization", "Bearer an\"invalid\"token"))
 				.andExpect(status().isUnauthorized()).andExpect(invalidTokenHeader("Bearer token is malformed"));
 	}
 
 	@Test
 	public void getWhenMalformedPayloadThenInvalidToken() throws Exception {
-
 		this.spring.configLocations(xml("JwtRestOperations"), xml("Jwt")).autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("MalformedPayload");
-
 		this.mvc.perform(get("/").header("Authorization", "Bearer " + token)).andExpect(status().isUnauthorized())
 				.andExpect(
 						invalidTokenHeader("An error occurred while attempting to decode the Jwt: Malformed payload"));
@@ -207,30 +195,24 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 
 	@Test
 	public void getWhenUnsignedBearerTokenThenInvalidToken() throws Exception {
-
 		this.spring.configLocations(xml("JwkSetUri")).autowire();
 		String token = this.token("Unsigned");
-
 		this.mvc.perform(get("/").header("Authorization", "Bearer " + token)).andExpect(status().isUnauthorized())
 				.andExpect(invalidTokenHeader("Unsupported algorithm of none"));
 	}
 
 	@Test
 	public void getWhenBearerTokenBeforeNotBeforeThenInvalidToken() throws Exception {
-
 		this.spring.configLocations(xml("JwtRestOperations"), xml("Jwt")).autowire();
 		this.mockRestOperations(jwks("Default"));
 		String token = this.token("TooEarly");
-
 		this.mvc.perform(get("/").header("Authorization", "Bearer " + token)).andExpect(status().isUnauthorized())
 				.andExpect(invalidTokenHeader("An error occurred while attempting to decode the Jwt"));
 	}
 
 	@Test
 	public void getWhenBearerTokenInTwoPlacesThenInvalidRequest() throws Exception {
-
 		this.spring.configLocations(xml("JwkSetUri")).autowire();
-
 		this.mvc.perform(get("/").header("Authorization", "Bearer token").param("access_token", "token"))
 				.andExpect(status().isBadRequest())
 				.andExpect(invalidRequestHeader("Found multiple bearer tokens in the request"));
@@ -238,22 +220,17 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 
 	@Test
 	public void getWhenBearerTokenInTwoParametersThenInvalidRequest() throws Exception {
-
 		this.spring.configLocations(xml("JwkSetUri")).autowire();
-
 		MultiValueMap<String, String> params = new LinkedMultiValueMap<>();
 		params.add("access_token", "token1");
 		params.add("access_token", "token2");
-
 		this.mvc.perform(get("/").params(params)).andExpect(status().isBadRequest())
 				.andExpect(invalidRequestHeader("Found multiple bearer tokens in the request"));
 	}
 
 	@Test
 	public void postWhenBearerTokenAsFormParameterThenIgnoresToken() throws Exception {
-
 		this.spring.configLocations(xml("JwkSetUri")).autowire();
-
 		this.mvc.perform(post("/") // engage csrf
 				.param("access_token", "token")).andExpect(status().isForbidden())
 				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, "Bearer")); // different
@@ -263,95 +240,77 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 
 	@Test
 	public void getWhenNoBearerTokenThenUnauthorized() throws Exception {
-
 		this.spring.configLocations(xml("JwkSetUri")).autowire();
-
 		this.mvc.perform(get("/")).andExpect(status().isUnauthorized())
 				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, "Bearer"));
 	}
 
 	@Test
 	public void getWhenSufficientlyScopedBearerTokenThenAcceptsRequest() throws Exception {
-
 		this.spring.configLocations(xml("JwtRestOperations"), xml("Jwt")).autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("ValidMessageReadScope");
-
 		this.mvc.perform(get("/requires-read-scope").header("Authorization", "Bearer " + token))
 				.andExpect(status().isNotFound());
 	}
 
 	@Test
 	public void getWhenInsufficientScopeThenInsufficientScopeError() throws Exception {
-
 		this.spring.configLocations(xml("JwtRestOperations"), xml("Jwt")).autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("ValidNoScopes");
-
 		this.mvc.perform(get("/requires-read-scope").header("Authorization", "Bearer " + token))
 				.andExpect(status().isForbidden()).andExpect(insufficientScopeHeader());
 	}
 
 	@Test
 	public void getWhenInsufficientScpThenInsufficientScopeError() throws Exception {
-
 		this.spring.configLocations(xml("JwtRestOperations"), xml("Jwt")).autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("ValidMessageWriteScp");
-
 		this.mvc.perform(get("/requires-read-scope").header("Authorization", "Bearer " + token))
 				.andExpect(status().isForbidden()).andExpect(insufficientScopeHeader());
 	}
 
 	@Test
 	public void getWhenAuthorizationServerHasNoMatchingKeyThenInvalidToken() throws Exception {
-
 		this.spring.configLocations(xml("JwtRestOperations"), xml("Jwt")).autowire();
 		mockRestOperations(jwks("Empty"));
 		String token = this.token("ValidNoScopes");
-
 		this.mvc.perform(get("/").header("Authorization", "Bearer " + token)).andExpect(status().isUnauthorized())
 				.andExpect(invalidTokenHeader("An error occurred while attempting to decode the Jwt"));
 	}
 
 	@Test
 	public void getWhenAuthorizationServerHasMultipleMatchingKeysThenOk() throws Exception {
-
 		this.spring.configLocations(xml("JwtRestOperations"), xml("Jwt")).autowire();
 		mockRestOperations(jwks("TwoKeys"));
 		String token = this.token("ValidNoScopes");
-
 		this.mvc.perform(get("/authenticated").header("Authorization", "Bearer " + token))
 				.andExpect(status().isNotFound());
 	}
 
 	@Test
 	public void getWhenKeyMatchesByKidThenOk() throws Exception {
-
 		this.spring.configLocations(xml("JwtRestOperations"), xml("Jwt")).autowire();
 		mockRestOperations(jwks("TwoKeys"));
 		String token = this.token("Kid");
-
 		this.mvc.perform(get("/authenticated").header("Authorization", "Bearer " + token))
 				.andExpect(status().isNotFound());
 	}
 
 	@Test
 	public void postWhenValidBearerTokenAndNoCsrfTokenThenOk() throws Exception {
-
 		this.spring.configLocations(xml("JwtRestOperations"), xml("Jwt")).autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("ValidNoScopes");
-
 		this.mvc.perform(post("/authenticated").header("Authorization", "Bearer " + token))
 				.andExpect(status().isNotFound());
 	}
 
 	@Test
 	public void postWhenNoBearerTokenThenCsrfDenies() throws Exception {
-
 		this.spring.configLocations(xml("JwkSetUri")).autowire();
-
 		this.mvc.perform(post("/authenticated")).andExpect(status().isForbidden())
 				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, "Bearer")); // different
 																						// from
@@ -360,11 +319,9 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 
 	@Test
 	public void postWhenExpiredBearerTokenAndNoCsrfThenInvalidToken() throws Exception {
-
 		this.spring.configLocations(xml("JwtRestOperations"), xml("Jwt")).autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("Expired");
-
 		this.mvc.perform(post("/authenticated").header("Authorization", "Bearer " + token))
 				.andExpect(status().isUnauthorized())
 				.andExpect(invalidTokenHeader("An error occurred while attempting to decode the Jwt"));
@@ -372,49 +329,37 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 
 	@Test
 	public void requestWhenJwtThenSessionIsNotCreated() throws Exception {
-
 		this.spring.configLocations(xml("JwtRestOperations"), xml("Jwt")).autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("ValidNoScopes");
-
 		MvcResult result = this.mvc.perform(get("/").header("Authorization", "Bearer " + token))
 				.andExpect(status().isNotFound()).andReturn();
-
 		assertThat(result.getRequest().getSession(false)).isNull();
 	}
 
 	@Test
 	public void requestWhenIntrospectionThenSessionIsNotCreated() throws Exception {
-
 		this.spring.configLocations(xml("WebServer"), xml("IntrospectionUri")).autowire();
 		mockWebServer(json("Active"));
-
 		MvcResult result = this.mvc.perform(get("/authenticated").header("Authorization", "Bearer token"))
 				.andExpect(status().isNotFound()).andReturn();
-
 		assertThat(result.getRequest().getSession(false)).isNull();
 	}
 
 	@Test
 	public void requestWhenNoBearerTokenThenSessionIsCreated() throws Exception {
-
 		this.spring.configLocations(xml("JwkSetUri")).autowire();
-
 		MvcResult result = this.mvc.perform(get("/")).andExpect(status().isUnauthorized()).andReturn();
-
 		assertThat(result.getRequest().getSession(false)).isNotNull();
 	}
 
 	@Test
 	public void requestWhenSessionManagementConfiguredThenUses() throws Exception {
-
 		this.spring.configLocations(xml("JwtRestOperations"), xml("AlwaysSessionCreation")).autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("ValidNoScopes");
-
 		MvcResult result = this.mvc.perform(get("/").header("Authorization", "Bearer " + token))
 				.andExpect(status().isNotFound()).andReturn();
-
 		assertThat(result.getRequest().getSession(false)).isNotNull();
 	}
 
@@ -422,15 +367,11 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 	public void getWhenCustomBearerTokenResolverThenUses() throws Exception {
 		this.spring.configLocations(xml("MockBearerTokenResolver"), xml("MockJwtDecoder"), xml("BearerTokenResolver"))
 				.autowire();
-
 		JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class);
 		given(decoder.decode("token")).willReturn(TestJwts.jwt().build());
-
 		BearerTokenResolver bearerTokenResolver = this.spring.getContext().getBean(BearerTokenResolver.class);
 		given(bearerTokenResolver.resolve(any(HttpServletRequest.class))).willReturn("token");
-
 		this.mvc.perform(get("/")).andExpect(status().isNotFound());
-
 		verify(decoder).decode("token");
 		verify(bearerTokenResolver).resolve(any(HttpServletRequest.class));
 	}
@@ -438,41 +379,30 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 	@Test
 	public void requestWhenBearerTokenResolverAllowsRequestBodyThenEitherHeaderOrRequestBodyIsAccepted()
 			throws Exception {
-
 		this.spring.configLocations(xml("MockJwtDecoder"), xml("AllowBearerTokenInBody")).autowire();
-
 		JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class);
 		given(decoder.decode(anyString())).willReturn(TestJwts.jwt().build());
-
 		this.mvc.perform(get("/authenticated").header("Authorization", "Bearer token"))
 				.andExpect(status().isNotFound());
-
 		this.mvc.perform(post("/authenticated").param("access_token", "token")).andExpect(status().isNotFound());
 	}
 
 	@Test
 	public void requestWhenBearerTokenResolverAllowsQueryParameterThenEitherHeaderOrQueryParameterIsAccepted()
 			throws Exception {
-
 		this.spring.configLocations(xml("MockJwtDecoder"), xml("AllowBearerTokenInQuery")).autowire();
-
 		JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class);
 		given(decoder.decode(anyString())).willReturn(TestJwts.jwt().build());
-
 		this.mvc.perform(get("/authenticated").header("Authorization", "Bearer token"))
 				.andExpect(status().isNotFound());
-
 		this.mvc.perform(get("/authenticated").param("access_token", "token")).andExpect(status().isNotFound());
-
 		verify(decoder, times(2)).decode("token");
 	}
 
 	@Test
 	public void requestWhenBearerTokenResolverAllowsRequestBodyAndRequestContainsTwoTokensThenInvalidRequest()
 			throws Exception {
-
 		this.spring.configLocations(xml("MockJwtDecoder"), xml("AllowBearerTokenInBody")).autowire();
-
 		this.mvc.perform(post("/authenticated").param("access_token", "token").header("Authorization", "Bearer token")
 				.with(csrf())).andExpect(status().isBadRequest())
 				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, containsString("invalid_request")));
@@ -481,9 +411,7 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 	@Test
 	public void requestWhenBearerTokenResolverAllowsQueryParameterAndRequestContainsTwoTokensThenInvalidRequest()
 			throws Exception {
-
 		this.spring.configLocations(xml("MockJwtDecoder"), xml("AllowBearerTokenInQuery")).autowire();
-
 		this.mvc.perform(get("/authenticated").header("Authorization", "Bearer token").param("access_token", "token"))
 				.andExpect(status().isBadRequest())
 				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, containsString("invalid_request")));
@@ -493,22 +421,16 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 	public void getBearerTokenResolverWhenNoResolverSpecifiedThenTheDefaultIsUsed() {
 		OAuth2ResourceServerBeanDefinitionParser oauth2 = new OAuth2ResourceServerBeanDefinitionParser(
 				mock(BeanReference.class), mock(List.class), mock(Map.class), mock(Map.class), mock(List.class));
-
 		assertThat(oauth2.getBearerTokenResolver(mock(Element.class))).isInstanceOf(RootBeanDefinition.class);
 	}
 
 	@Test
 	public void requestWhenCustomJwtDecoderThenUsed() throws Exception {
-
 		this.spring.configLocations(xml("MockJwtDecoder"), xml("Jwt")).autowire();
-
 		JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class);
-
 		given(decoder.decode(anyString())).willReturn(TestJwts.jwt().build());
-
 		this.mvc.perform(get("/authenticated").header("Authorization", "Bearer token"))
 				.andExpect(status().isNotFound());
-
 		verify(decoder).decode("token");
 	}
 
@@ -520,12 +442,9 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 
 	@Test
 	public void requestWhenRealmNameConfiguredThenUsesOnUnauthenticated() throws Exception {
-
 		this.spring.configLocations(xml("MockJwtDecoder"), xml("AuthenticationEntryPoint")).autowire();
-
 		JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class);
 		Mockito.when(decoder.decode(anyString())).thenThrow(JwtException.class);
-
 		this.mvc.perform(get("/authenticated").header("Authorization", "Bearer invalid_token"))
 				.andExpect(status().isUnauthorized())
 				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer realm=\"myRealm\"")));
@@ -533,12 +452,9 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 
 	@Test
 	public void requestWhenRealmNameConfiguredThenUsesOnAccessDenied() throws Exception {
-
 		this.spring.configLocations(xml("MockJwtDecoder"), xml("AccessDeniedHandler")).autowire();
-
 		JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class);
 		given(decoder.decode(anyString())).willReturn(TestJwts.jwt().build());
-
 		this.mvc.perform(get("/authenticated").header("Authorization", "Bearer insufficiently_scoped"))
 				.andExpect(status().isForbidden())
 				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer realm=\"myRealm\"")));
@@ -546,86 +462,66 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 
 	@Test
 	public void requestWhenCustomJwtValidatorFailsThenCorrespondingErrorMessage() throws Exception {
-
 		this.spring.configLocations(xml("MockJwtValidator"), xml("Jwt")).autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("ValidNoScopes");
-
 		OAuth2TokenValidator<Jwt> jwtValidator = this.spring.getContext().getBean(OAuth2TokenValidator.class);
-
 		OAuth2Error error = new OAuth2Error("custom-error", "custom-description", "custom-uri");
-
 		given(jwtValidator.validate(any(Jwt.class))).willReturn(OAuth2TokenValidatorResult.failure(error));
-
 		this.mvc.perform(get("/").header("Authorization", "Bearer " + token)).andExpect(status().isUnauthorized())
 				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, containsString("custom-description")));
 	}
 
 	@Test
 	public void requestWhenClockSkewSetThenTimestampWindowRelaxedAccordingly() throws Exception {
-
 		this.spring.configLocations(xml("UnexpiredJwtClockSkew"), xml("Jwt")).autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("ExpiresAt4687177990");
-
 		this.mvc.perform(get("/").header("Authorization", "Bearer " + token)).andExpect(status().isNotFound());
 	}
 
 	@Test
 	public void requestWhenClockSkewSetButJwtStillTooLateThenReportsExpired() throws Exception {
-
 		this.spring.configLocations(xml("ExpiredJwtClockSkew"), xml("Jwt")).autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("ExpiresAt4687177990");
-
 		this.mvc.perform(get("/").header("Authorization", "Bearer " + token)).andExpect(status().isUnauthorized())
 				.andExpect(invalidTokenHeader("Jwt expired at"));
 	}
 
 	@Test
 	public void requestWhenJwtAuthenticationConverterThenUsed() throws Exception {
-
 		this.spring.configLocations(xml("MockJwtDecoder"), xml("MockJwtAuthenticationConverter"),
 				xml("JwtAuthenticationConverter")).autowire();
-
 		Converter<Jwt, JwtAuthenticationToken> jwtAuthenticationConverter = (Converter<Jwt, JwtAuthenticationToken>) this.spring
 				.getContext().getBean("jwtAuthenticationConverter");
 		given(jwtAuthenticationConverter.convert(any(Jwt.class)))
 				.willReturn(new JwtAuthenticationToken(TestJwts.jwt().build(), Collections.emptyList()));
-
 		JwtDecoder jwtDecoder = this.spring.getContext().getBean(JwtDecoder.class);
 		given(jwtDecoder.decode(anyString())).willReturn(TestJwts.jwt().build());
-
 		this.mvc.perform(get("/").header("Authorization", "Bearer token")).andExpect(status().isNotFound());
-
 		verify(jwtAuthenticationConverter).convert(any(Jwt.class));
 	}
 
 	@Test
 	public void requestWhenUsingPublicKeyAndValidTokenThenAuthenticates() throws Exception {
-
 		this.spring.configLocations(xml("SingleKey"), xml("Jwt")).autowire();
 		String token = this.token("ValidNoScopes");
-
 		this.mvc.perform(get("/").header("Authorization", "Bearer " + token)).andExpect(status().isNotFound());
 	}
 
 	@Test
 	public void requestWhenUsingPublicKeyAndSignatureFailsThenReturnsInvalidToken() throws Exception {
-
 		this.spring.configLocations(xml("SingleKey"), xml("Jwt")).autowire();
 		String token = this.token("WrongSignature");
-
 		this.mvc.perform(get("/").header("Authorization", "Bearer " + token))
 				.andExpect(invalidTokenHeader("signature"));
 	}
 
 	@Test
 	public void requestWhenUsingPublicKeyAlgorithmDoesNotMatchThenReturnsInvalidToken() throws Exception {
-
 		this.spring.configLocations(xml("SingleKey"), xml("Jwt")).autowire();
 		String token = this.token("WrongAlgorithm");
-
 		this.mvc.perform(get("/").header("Authorization", "Bearer " + token))
 				.andExpect(invalidTokenHeader("algorithm"));
 	}
@@ -634,7 +530,6 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 	public void getWhenIntrospectingThenOk() throws Exception {
 		this.spring.configLocations(xml("OpaqueTokenRestOperations"), xml("OpaqueToken")).autowire();
 		mockRestOperations(json("Active"));
-
 		this.mvc.perform(get("/authenticated").header("Authorization", "Bearer token"))
 				.andExpect(status().isNotFound());
 	}
@@ -643,7 +538,6 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 	public void getWhenIntrospectionFailsThenUnauthorized() throws Exception {
 		this.spring.configLocations(xml("OpaqueTokenRestOperations"), xml("OpaqueToken")).autowire();
 		mockRestOperations(json("Inactive"));
-
 		this.mvc.perform(get("/").header("Authorization", "Bearer token")).andExpect(status().isUnauthorized())
 				.andExpect(
 						header().string(HttpHeaders.WWW_AUTHENTICATE, containsString("Provided token isn't active")));
@@ -653,7 +547,6 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 	public void getWhenIntrospectionLacksScopeThenForbidden() throws Exception {
 		this.spring.configLocations(xml("OpaqueTokenRestOperations"), xml("OpaqueToken")).autowire();
 		mockRestOperations(json("ActiveNoScopes"));
-
 		this.mvc.perform(get("/requires-read-scope").header("Authorization", "Bearer token"))
 				.andExpect(status().isForbidden())
 				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, containsString("scope")));
@@ -674,21 +567,17 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 	@Test
 	public void getWhenAuthenticationManagerResolverThenUses() throws Exception {
 		this.spring.configLocations(xml("AuthenticationManagerResolver")).autowire();
-
 		AuthenticationManagerResolver<HttpServletRequest> authenticationManagerResolver = this.spring.getContext()
 				.getBean(AuthenticationManagerResolver.class);
 		given(authenticationManagerResolver.resolve(any(HttpServletRequest.class))).willReturn(
 				(authentication) -> new JwtAuthenticationToken(TestJwts.jwt().build(), Collections.emptyList()));
-
 		this.mvc.perform(get("/").header("Authorization", "Bearer token")).andExpect(status().isNotFound());
-
 		verify(authenticationManagerResolver).resolve(any(HttpServletRequest.class));
 	}
 
 	@Test
 	public void getWhenMultipleIssuersThenUsesIssuerClaimToDifferentiate() throws Exception {
 		this.spring.configLocations(xml("WebServer"), xml("MultipleIssuers")).autowire();
-
 		MockWebServer server = this.spring.getContext().getBean(MockWebServer.class);
 		String metadata = "{\n" + "    \"issuer\": \"%s\", \n" + "    \"jwks_uri\": \"%s/.well-known/jwks.json\" \n"
 				+ "}";
@@ -699,22 +588,16 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 		String jwtOne = jwtFromIssuer(issuerOne);
 		String jwtTwo = jwtFromIssuer(issuerTwo);
 		String jwtThree = jwtFromIssuer(issuerThree);
-
 		mockWebServer(String.format(metadata, issuerOne, issuerOne));
 		mockWebServer(jwkSet);
-
 		this.mvc.perform(get("/authenticated").header("Authorization", "Bearer " + jwtOne))
 				.andExpect(status().isNotFound());
-
 		mockWebServer(String.format(metadata, issuerTwo, issuerTwo));
 		mockWebServer(jwkSet);
-
 		this.mvc.perform(get("/authenticated").header("Authorization", "Bearer " + jwtTwo))
 				.andExpect(status().isNotFound());
-
 		mockWebServer(String.format(metadata, issuerThree, issuerThree));
 		mockWebServer(jwkSet);
-
 		this.mvc.perform(get("/authenticated").header("Authorization", "Bearer " + jwtThree))
 				.andExpect(status().isUnauthorized()).andExpect(invalidTokenHeader("Invalid issuer"));
 	}
@@ -722,18 +605,13 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 	@Test
 	public void requestWhenBasicAndResourceServerEntryPointsThenBearerTokenPresides() throws Exception {
 		// different from DSL
-
 		this.spring.configLocations(xml("MockJwtDecoder"), xml("BasicAndResourceServer")).autowire();
-
 		JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class);
 		given(decoder.decode(anyString())).willThrow(JwtException.class);
-
 		this.mvc.perform(get("/authenticated").with(httpBasic("some", "user"))).andExpect(status().isUnauthorized())
 				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, startsWith("Basic")));
-
 		this.mvc.perform(get("/authenticated")).andExpect(status().isUnauthorized())
 				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer")));
-
 		this.mvc.perform(get("/authenticated").header("Authorization", "Bearer invalid_token"))
 				.andExpect(status().isUnauthorized())
 				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer")));
@@ -742,32 +620,23 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 	@Test
 	public void requestWhenFormLoginAndResourceServerEntryPointsThenSessionCreatedByRequest() throws Exception {
 		// different from DSL
-
 		this.spring.configLocations(xml("MockJwtDecoder"), xml("FormAndResourceServer")).autowire();
-
 		JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class);
 		given(decoder.decode(anyString())).willThrow(JwtException.class);
-
 		MvcResult result = this.mvc.perform(get("/authenticated")).andExpect(status().isUnauthorized()).andReturn();
-
 		assertThat(result.getRequest().getSession(false)).isNotNull();
-
 		result = this.mvc.perform(get("/authenticated").header("Authorization", "Bearer token"))
 				.andExpect(status().isUnauthorized()).andReturn();
-
 		assertThat(result.getRequest().getSession(false)).isNull();
 	}
 
 	@Test
 	public void getWhenAlsoUsingHttpBasicThenCorrectProviderEngages() throws Exception {
-
 		this.spring.configLocations(xml("JwtRestOperations"), xml("BasicAndResourceServer")).autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("ValidNoScopes");
-
 		this.mvc.perform(get("/authenticated").header("Authorization", "Bearer " + token))
 				.andExpect(status().isNotFound());
-
 		this.mvc.perform(get("/authenticated").with(httpBasic("user", "password"))).andExpect(status().isNotFound());
 	}
 
@@ -800,11 +669,9 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 				.willReturn(true);
 		Element child = mock(Element.class);
 		ParserContext pc = new ParserContext(mock(XmlReaderContext.class), mock(BeanDefinitionParserDelegate.class));
-
 		parser.validateConfiguration(element, child, null, pc);
 		verify(pc.getReaderContext()).error(anyString(), eq(element));
 		reset(pc.getReaderContext());
-
 		parser.validateConfiguration(element, null, child, pc);
 		verify(pc.getReaderContext()).error(anyString(), eq(element));
 	}
diff --git a/config/src/test/java/org/springframework/security/config/http/OpenIDConfigTests.java b/config/src/test/java/org/springframework/security/config/http/OpenIDConfigTests.java
index fad993004f..7017e60822 100644
--- a/config/src/test/java/org/springframework/security/config/http/OpenIDConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/OpenIDConfigTests.java
@@ -72,63 +72,47 @@ public class OpenIDConfigTests {
 
 	@Test
 	public void requestWhenOpenIDAndFormLoginBothConfiguredThenRedirectsToGeneratedLoginPage() throws Exception {
-
 		this.spring.configLocations(this.xml("WithFormLogin")).autowire();
-
 		this.mvc.perform(get("/")).andExpect(status().isFound()).andExpect(redirectedUrl("http://localhost/login"));
-
 		assertThat(getFilter(DefaultLoginPageGeneratingFilter.class)).isNotNull();
 	}
 
 	@Test
 	public void requestWhenOpenIDAndFormLoginWithFormLoginPageConfiguredThenFormLoginPageWins() throws Exception {
-
 		this.spring.configLocations(this.xml("WithFormLoginPage")).autowire();
-
 		this.mvc.perform(get("/")).andExpect(status().isFound()).andExpect(redirectedUrl("http://localhost/form-page"));
 	}
 
 	@Test
 	public void requestWhenOpenIDAndFormLoginWithOpenIDLoginPageConfiguredThenOpenIDLoginPageWins() throws Exception {
-
 		this.spring.configLocations(this.xml("WithOpenIDLoginPageAndFormLogin")).autowire();
-
 		this.mvc.perform(get("/")).andExpect(status().isFound())
 				.andExpect(redirectedUrl("http://localhost/openid-page"));
 	}
 
 	@Test
 	public void configureWhenOpenIDAndFormLoginBothConfigureLoginPagesThenWiringException() {
-
 		assertThatCode(() -> this.spring.configLocations(this.xml("WithFormLoginAndOpenIDLoginPages")).autowire())
 				.isInstanceOf(BeanDefinitionParsingException.class);
 	}
 
 	@Test
 	public void requestWhenOpenIDAndRememberMeConfiguredThenRememberMePassedToIdp() throws Exception {
-
 		this.spring.configLocations(this.xml("WithRememberMe")).autowire();
-
 		OpenIDAuthenticationFilter openIDFilter = getFilter(OpenIDAuthenticationFilter.class);
-
 		String openIdEndpointUrl = "https://testopenid.com?openid.return_to=";
 		Set<String> returnToUrlParameters = new HashSet<>();
 		returnToUrlParameters.add(AbstractRememberMeServices.DEFAULT_PARAMETER);
 		openIDFilter.setReturnToUrlParameters(returnToUrlParameters);
-
 		OpenIDConsumer consumer = mock(OpenIDConsumer.class);
 		given(consumer.beginConsumption(any(HttpServletRequest.class), anyString(), anyString(), anyString()))
 				.will((invocation) -> openIdEndpointUrl + invocation.getArgument(2));
 		openIDFilter.setConsumer(consumer);
-
 		String expectedReturnTo = new StringBuilder("http://localhost/login/openid").append("?")
 				.append(AbstractRememberMeServices.DEFAULT_PARAMETER).append("=").append("on").toString();
-
 		this.mvc.perform(get("/")).andExpect(status().isFound()).andExpect(redirectedUrl("http://localhost/login"));
-
 		this.mvc.perform(get("/login")).andExpect(status().isOk())
 				.andExpect(content().string(containsString(AbstractRememberMeServices.DEFAULT_PARAMETER)));
-
 		this.mvc.perform(get("/login/openid")
 				.param(OpenIDAuthenticationFilter.DEFAULT_CLAIMED_IDENTITY_FIELD, "https://ww1.openid.com")
 				.param(AbstractRememberMeServices.DEFAULT_PARAMETER, "on")).andExpect(status().isFound())
@@ -137,21 +121,16 @@ public class OpenIDConfigTests {
 
 	@Test
 	public void requestWhenAttributeExchangeConfiguredThenFetchAttributesPassedToIdp() throws Exception {
-
 		this.spring.configLocations(this.xml("WithOpenIDAttributes")).autowire();
-
 		OpenIDAuthenticationFilter openIDFilter = getFilter(OpenIDAuthenticationFilter.class);
 		OpenID4JavaConsumer consumer = getFieldValue(openIDFilter, "consumer");
 		ConsumerManager manager = getFieldValue(consumer, "consumerManager");
 		manager.setMaxAssocAttempts(0);
-
 		try (MockWebServer server = new MockWebServer()) {
 			String endpoint = server.url("/").toString();
-
 			server.enqueue(new MockResponse().addHeader(YadisResolver.YADIS_XRDS_LOCATION, endpoint));
 			server.enqueue(new MockResponse()
 					.setBody(String.format("<XRDS><XRD><Service><URI>%s</URI></Service></XRD></XRDS>", endpoint)));
-
 			this.mvc.perform(
 					get("/login/openid").param(OpenIDAuthenticationFilter.DEFAULT_CLAIMED_IDENTITY_FIELD, endpoint))
 					.andExpect(status().isFound())
@@ -169,11 +148,8 @@ public class OpenIDConfigTests {
 	@Test
 	public void requestWhenLoginPageConfiguredWithPhraseLoginThenRedirectsOnlyToUserGeneratedLoginPage()
 			throws Exception {
-
 		this.spring.configLocations(this.xml("Sec2919")).autowire();
-
 		assertThat(getFilter(DefaultLoginPageGeneratingFilter.class)).isNull();
-
 		this.mvc.perform(get("/login")).andExpect(status().isOk()).andExpect(content().string("a custom login page"));
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/http/PlaceHolderAndELConfigTests.java b/config/src/test/java/org/springframework/security/config/http/PlaceHolderAndELConfigTests.java
index e413874758..13478ad795 100644
--- a/config/src/test/java/org/springframework/security/config/http/PlaceHolderAndELConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/PlaceHolderAndELConfigTests.java
@@ -52,11 +52,8 @@ public class PlaceHolderAndELConfigTests {
 
 	@Test
 	public void getWhenUsingPlaceholderThenUnsecuredPatternCorrectlyConfigured() throws Exception {
-
 		System.setProperty("pattern.nofilters", "/unsecured");
-
 		this.spring.configLocations(this.xml("UnsecuredPattern")).autowire();
-
 		this.mvc.perform(get("/unsecured")).andExpect(status().isOk());
 	}
 
@@ -65,27 +62,19 @@ public class PlaceHolderAndELConfigTests {
 	 */
 	@Test
 	public void loginWhenUsingPlaceholderThenInterceptUrlsAndFormLoginWorks() throws Exception {
-
 		System.setProperty("secure.Url", "/secured");
 		System.setProperty("secure.role", "ROLE_NUNYA");
 		System.setProperty("login.page", "/loginPage");
 		System.setProperty("default.target", "/defaultTarget");
 		System.setProperty("auth.failure", "/authFailure");
-
 		this.spring.configLocations(this.xml("InterceptUrlAndFormLogin")).autowire();
-
 		// login-page setting
-
 		this.mvc.perform(get("/secured")).andExpect(redirectedUrl("http://localhost/loginPage"));
-
 		// login-processing-url setting
 		// default-target-url setting
-
 		this.mvc.perform(post("/loginPage").param("username", "user").param("password", "password"))
 				.andExpect(redirectedUrl("/defaultTarget"));
-
 		// authentication-failure-url setting
-
 		this.mvc.perform(post("/loginPage").param("username", "user").param("password", "wrong"))
 				.andExpect(redirectedUrl("/authFailure"));
 	}
@@ -95,44 +84,31 @@ public class PlaceHolderAndELConfigTests {
 	 */
 	@Test
 	public void loginWhenUsingSpELThenInterceptUrlsAndFormLoginWorks() throws Exception {
-
 		System.setProperty("secure.url", "/secured");
 		System.setProperty("secure.role", "ROLE_NUNYA");
 		System.setProperty("login.page", "/loginPage");
 		System.setProperty("default.target", "/defaultTarget");
 		System.setProperty("auth.failure", "/authFailure");
-
 		this.spring.configLocations(this.xml("InterceptUrlAndFormLoginWithSpEL")).autowire();
-
 		// login-page setting
-
 		this.mvc.perform(get("/secured")).andExpect(redirectedUrl("http://localhost/loginPage"));
-
 		// login-processing-url setting
 		// default-target-url setting
-
 		this.mvc.perform(post("/loginPage").param("username", "user").param("password", "password"))
 				.andExpect(redirectedUrl("/defaultTarget"));
-
 		// authentication-failure-url setting
-
 		this.mvc.perform(post("/loginPage").param("username", "user").param("password", "wrong"))
 				.andExpect(redirectedUrl("/authFailure"));
-
 	}
 
 	@Test
 	@WithMockUser
 	public void requestWhenUsingPlaceholderOrSpELThenPortMapperWorks() throws Exception {
-
 		System.setProperty("http", "9080");
 		System.setProperty("https", "9443");
-
 		this.spring.configLocations(this.xml("PortMapping")).autowire();
-
 		this.mvc.perform(get("http://localhost:9080/secured")).andExpect(status().isFound())
 				.andExpect(redirectedUrl("https://localhost:9443/secured"));
-
 		this.mvc.perform(get("https://localhost:9443/unsecured")).andExpect(status().isFound())
 				.andExpect(redirectedUrl("http://localhost:9080/unsecured"));
 	}
@@ -140,12 +116,9 @@ public class PlaceHolderAndELConfigTests {
 	@Test
 	@WithMockUser
 	public void requestWhenUsingPlaceholderThenRequiresChannelWorks() throws Exception {
-
 		System.setProperty("secure.url", "/secured");
 		System.setProperty("required.channel", "https");
-
 		this.spring.configLocations(this.xml("RequiresChannel")).autowire();
-
 		this.mvc.perform(get("http://localhost/secured")).andExpect(status().isFound())
 				.andExpect(redirectedUrl("https://localhost/secured"));
 	}
@@ -153,20 +126,15 @@ public class PlaceHolderAndELConfigTests {
 	@Test
 	@WithMockUser
 	public void requestWhenUsingPlaceholderThenAccessDeniedPageWorks() throws Exception {
-
 		System.setProperty("accessDenied", "/go-away");
-
 		this.spring.configLocations(this.xml("AccessDeniedPage")).autowire();
-
 		this.mvc.perform(get("/secured")).andExpect(forwardedUrl("/go-away"));
 	}
 
 	@Test
 	@WithMockUser
 	public void requestWhenUsingSpELThenAccessDeniedPageWorks() throws Exception {
-
 		this.spring.configLocations(this.xml("AccessDeniedPageWithSpEL")).autowire();
-
 		this.mvc.perform(get("/secured")).andExpect(forwardedUrl("/go-away"));
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/http/RememberMeConfigTests.java b/config/src/test/java/org/springframework/security/config/http/RememberMeConfigTests.java
index e16b8ec2b1..46fc53c570 100644
--- a/config/src/test/java/org/springframework/security/config/http/RememberMeConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/RememberMeConfigTests.java
@@ -69,17 +69,12 @@ public class RememberMeConfigTests {
 
 	@Test
 	public void requestWithRememberMeWhenUsingCustomTokenRepositoryThenAutomaticallyReauthenticates() throws Exception {
-
 		this.spring.configLocations(this.xml("WithTokenRepository")).autowire();
-
 		MvcResult result = this.rememberAuthentication("user", "password")
 				.andExpect(cookie().secure(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, false))
 				.andReturn();
-
 		Cookie cookie = rememberMeCookie(result);
-
 		this.mvc.perform(get("/authenticated").cookie(cookie)).andExpect(status().isOk());
-
 		JdbcTemplate template = this.spring.getContext().getBean(JdbcTemplate.class);
 		int count = template.queryForObject("select count(*) from persistent_logins", int.class);
 		assertThat(count).isEqualTo(1);
@@ -87,42 +82,30 @@ public class RememberMeConfigTests {
 
 	@Test
 	public void requestWithRememberMeWhenUsingCustomDataSourceThenAutomaticallyReauthenticates() throws Exception {
-
 		this.spring.configLocations(this.xml("WithDataSource")).autowire();
-
 		TestDataSource dataSource = this.spring.getContext().getBean(TestDataSource.class);
 		JdbcTemplate template = new JdbcTemplate(dataSource);
 		template.execute(JdbcTokenRepositoryImpl.CREATE_TABLE_SQL);
-
 		MvcResult result = this.rememberAuthentication("user", "password")
 				.andExpect(cookie().secure(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, false))
 				.andReturn();
-
 		Cookie cookie = rememberMeCookie(result);
-
 		this.mvc.perform(get("/authenticated").cookie(cookie)).andExpect(status().isOk());
-
 		int count = template.queryForObject("select count(*) from persistent_logins", int.class);
 		assertThat(count).isEqualTo(1);
 	}
 
 	@Test
 	public void requestWithRememberMeWhenUsingAuthenticationSuccessHandlerThenInvokesHandler() throws Exception {
-
 		this.spring.configLocations(this.xml("WithAuthenticationSuccessHandler")).autowire();
-
 		TestDataSource dataSource = this.spring.getContext().getBean(TestDataSource.class);
 		JdbcTemplate template = new JdbcTemplate(dataSource);
 		template.execute(JdbcTokenRepositoryImpl.CREATE_TABLE_SQL);
-
 		MvcResult result = this.rememberAuthentication("user", "password")
 				.andExpect(cookie().secure(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, false))
 				.andReturn();
-
 		Cookie cookie = rememberMeCookie(result);
-
 		this.mvc.perform(get("/authenticated").cookie(cookie)).andExpect(redirectedUrl("/target"));
-
 		int count = template.queryForObject("select count(*) from persistent_logins", int.class);
 		assertThat(count).isEqualTo(1);
 	}
@@ -131,16 +114,12 @@ public class RememberMeConfigTests {
 	public void requestWithRememberMeWhenUsingCustomRememberMeServicesThenAuthenticates() throws Exception {
 		// SEC-1281 - using key with external services
 		this.spring.configLocations(this.xml("WithServicesRef")).autowire();
-
 		MvcResult result = this.rememberAuthentication("user", "password")
 				.andExpect(cookie().secure(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, false))
 				.andExpect(cookie().maxAge(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, 5000))
 				.andReturn();
-
 		Cookie cookie = rememberMeCookie(result);
-
 		this.mvc.perform(get("/authenticated").cookie(cookie)).andExpect(status().isOk());
-
 		// SEC-909
 		this.mvc.perform(post("/logout").cookie(cookie).with(csrf()))
 				.andExpect(cookie().maxAge(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, 0))
@@ -149,13 +128,9 @@ public class RememberMeConfigTests {
 
 	@Test
 	public void logoutWhenUsingRememberMeDefaultsThenCookieIsCancelled() throws Exception {
-
 		this.spring.configLocations(this.xml("DefaultConfig")).autowire();
-
 		MvcResult result = this.rememberAuthentication("user", "password").andReturn();
-
 		Cookie cookie = rememberMeCookie(result);
-
 		this.mvc.perform(post("/logout").cookie(cookie).with(csrf()))
 				.andExpect(cookie().maxAge(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, 0));
 	}
@@ -163,23 +138,17 @@ public class RememberMeConfigTests {
 	@Test
 	public void requestWithRememberMeWhenTokenValidityIsConfiguredThenCookieReflectsCorrectExpiration()
 			throws Exception {
-
 		this.spring.configLocations(this.xml("TokenValidity")).autowire();
-
 		MvcResult result = this.rememberAuthentication("user", "password")
 				.andExpect(cookie().maxAge(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, 10000))
 				.andReturn();
-
 		Cookie cookie = rememberMeCookie(result);
-
 		this.mvc.perform(get("/authenticated").cookie(cookie)).andExpect(status().isOk());
 	}
 
 	@Test
 	public void requestWithRememberMeWhenTokenValidityIsNegativeThenCookieReflectsCorrectExpiration() throws Exception {
-
 		this.spring.configLocations(this.xml("NegativeTokenValidity")).autowire();
-
 		this.rememberAuthentication("user", "password")
 				.andExpect(cookie().maxAge(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, -1));
 	}
@@ -193,18 +162,14 @@ public class RememberMeConfigTests {
 	@Test
 	public void requestWithRememberMeWhenTokenValidityIsResolvedByPropertyPlaceholderThenCookieReflectsCorrectExpiration()
 			throws Exception {
-
 		this.spring.configLocations(this.xml("Sec2165")).autowire();
-
 		this.rememberAuthentication("user", "password")
 				.andExpect(cookie().maxAge(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, 30));
 	}
 
 	@Test
 	public void requestWithRememberMeWhenUseSecureCookieIsTrueThenCookieIsSecure() throws Exception {
-
 		this.spring.configLocations(this.xml("SecureCookie")).autowire();
-
 		this.rememberAuthentication("user", "password")
 				.andExpect(cookie().secure(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, true));
 	}
@@ -214,9 +179,7 @@ public class RememberMeConfigTests {
 	 */
 	@Test
 	public void requestWithRememberMeWhenUseSecureCookieIsFalseThenCookieIsNotSecure() throws Exception {
-
 		this.spring.configLocations(this.xml("Sec1827")).autowire();
-
 		this.rememberAuthentication("user", "password")
 				.andExpect(cookie().secure(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, false));
 	}
@@ -232,17 +195,12 @@ public class RememberMeConfigTests {
 	public void requestWithRememberMeWhenUsingCustomUserDetailsServiceThenInvokesThisUserDetailsService()
 			throws Exception {
 		this.spring.configLocations(this.xml("WithUserDetailsService")).autowire();
-
 		UserDetailsService userDetailsService = this.spring.getContext().getBean(UserDetailsService.class);
 		given(userDetailsService.loadUserByUsername("user"))
 				.willAnswer((invocation) -> new User("user", "{noop}password", Collections.emptyList()));
-
 		MvcResult result = this.rememberAuthentication("user", "password").andReturn();
-
 		Cookie cookie = rememberMeCookie(result);
-
 		this.mvc.perform(get("/authenticated").cookie(cookie)).andExpect(status().isOk());
-
 		verify(userDetailsService, atLeastOnce()).loadUserByUsername("user");
 	}
 
@@ -251,14 +209,10 @@ public class RememberMeConfigTests {
 	 */
 	@Test
 	public void requestWithRememberMeWhenExcludingBasicAuthenticationFilterThenStillReauthenticates() throws Exception {
-
 		this.spring.configLocations(this.xml("Sec742")).autowire();
-
 		MvcResult result = this.mvc.perform(login("user", "password").param("remember-me", "true").with(csrf()))
 				.andExpect(redirectedUrl("/messageList.html")).andReturn();
-
 		Cookie cookie = rememberMeCookie(result);
-
 		this.mvc.perform(get("/authenticated").cookie(cookie)).andExpect(status().isOk());
 	}
 
@@ -267,15 +221,11 @@ public class RememberMeConfigTests {
 	 */
 	@Test
 	public void requestWithRememberMeWhenUsingCustomRememberMeParameterThenReauthenticates() throws Exception {
-
 		this.spring.configLocations(this.xml("WithRememberMeParameter")).autowire();
-
 		MvcResult result = this.mvc
 				.perform(login("user", "password").param("custom-remember-me-parameter", "true").with(csrf()))
 				.andExpect(redirectedUrl("/")).andReturn();
-
 		Cookie cookie = rememberMeCookie(result);
-
 		this.mvc.perform(get("/authenticated").cookie(cookie)).andExpect(status().isOk());
 	}
 
@@ -290,9 +240,7 @@ public class RememberMeConfigTests {
 	 */
 	@Test
 	public void authenticateWhenUsingCustomRememberMeCookieNameThenIssuesCookieWithThatName() throws Exception {
-
 		this.spring.configLocations(this.xml("WithRememberMeCookie")).autowire();
-
 		this.rememberAuthentication("user", "password").andExpect(cookie().exists("custom-remember-me-cookie"));
 	}
 
@@ -309,7 +257,6 @@ public class RememberMeConfigTests {
 	}
 
 	private ResultActions rememberAuthentication(String username, String password) throws Exception {
-
 		return this.mvc.perform(
 				login(username, password).param(AbstractRememberMeServices.DEFAULT_PARAMETER, "true").with(csrf()))
 				.andExpect(redirectedUrl("/"));
diff --git a/config/src/test/java/org/springframework/security/config/http/SecurityContextHolderAwareRequestConfigTests.java b/config/src/test/java/org/springframework/security/config/http/SecurityContextHolderAwareRequestConfigTests.java
index ddb27b5cf5..d0ecc45474 100644
--- a/config/src/test/java/org/springframework/security/config/http/SecurityContextHolderAwareRequestConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/SecurityContextHolderAwareRequestConfigTests.java
@@ -66,132 +66,89 @@ public class SecurityContextHolderAwareRequestConfigTests {
 
 	@Test
 	public void servletLoginWhenUsingDefaultConfigurationThenUsesSpringSecurity() throws Exception {
-
 		this.spring.configLocations(this.xml("Simple")).autowire();
-
 		this.mvc.perform(get("/good-login")).andExpect(status().isOk()).andExpect(content().string("user"));
 	}
 
 	@Test
 	public void servletAuthenticateWhenUsingDefaultConfigurationThenUsesSpringSecurity() throws Exception {
-
 		this.spring.configLocations(this.xml("Simple")).autowire();
-
 		this.mvc.perform(get("/authenticate")).andExpect(status().isFound())
 				.andExpect(redirectedUrl("http://localhost/login"));
 	}
 
 	@Test
 	public void servletLogoutWhenUsingDefaultConfigurationThenUsesSpringSecurity() throws Exception {
-
 		this.spring.configLocations(this.xml("Simple")).autowire();
-
 		MvcResult result = this.mvc.perform(get("/good-login")).andReturn();
-
 		MockHttpSession session = (MockHttpSession) result.getRequest().getSession(false);
-
 		assertThat(session).isNotNull();
-
 		result = this.mvc.perform(get("/do-logout").session(session)).andExpect(status().isOk())
 				.andExpect(content().string("")).andReturn();
-
 		session = (MockHttpSession) result.getRequest().getSession(false);
-
 		assertThat(session).isNull();
 	}
 
 	@Test
 	public void servletAuthenticateWhenUsingHttpBasicThenUsesSpringSecurity() throws Exception {
-
 		this.spring.configLocations(this.xml("HttpBasic")).autowire();
-
 		this.mvc.perform(get("/authenticate")).andExpect(status().isUnauthorized())
 				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, containsString("discworld")));
 	}
 
 	@Test
 	public void servletAuthenticateWhenUsingFormLoginThenUsesSpringSecurity() throws Exception {
-
 		this.spring.configLocations(this.xml("FormLogin")).autowire();
-
 		this.mvc.perform(get("/authenticate")).andExpect(status().isFound())
 				.andExpect(redirectedUrl("http://localhost/login"));
 	}
 
 	@Test
 	public void servletLoginWhenUsingMultipleHttpConfigsThenUsesSpringSecurity() throws Exception {
-
 		this.spring.configLocations(this.xml("MultiHttp")).autowire();
-
 		this.mvc.perform(get("/good-login")).andExpect(status().isOk()).andExpect(content().string("user"));
-
 		this.mvc.perform(get("/v2/good-login")).andExpect(status().isOk()).andExpect(content().string("user2"));
 	}
 
 	@Test
 	public void servletAuthenticateWhenUsingMultipleHttpConfigsThenUsesSpringSecurity() throws Exception {
-
 		this.spring.configLocations(this.xml("MultiHttp")).autowire();
-
 		this.mvc.perform(get("/authenticate")).andExpect(status().isFound())
 				.andExpect(redirectedUrl("http://localhost/login"));
-
 		this.mvc.perform(get("/v2/authenticate")).andExpect(status().isFound())
 				.andExpect(redirectedUrl("http://localhost/login2"));
-
 	}
 
 	@Test
 	public void servletLogoutWhenUsingMultipleHttpConfigsThenUsesSpringSecurity() throws Exception {
-
 		this.spring.configLocations(this.xml("MultiHttp")).autowire();
-
 		MvcResult result = this.mvc.perform(get("/good-login")).andReturn();
-
 		MockHttpSession session = (MockHttpSession) result.getRequest().getSession(false);
-
 		assertThat(session).isNotNull();
-
 		result = this.mvc.perform(get("/do-logout").session(session)).andExpect(status().isOk())
 				.andExpect(content().string("")).andReturn();
-
 		session = (MockHttpSession) result.getRequest().getSession(false);
-
 		assertThat(session).isNotNull();
-
 		result = this.mvc.perform(get("/v2/good-login")).andReturn();
-
 		session = (MockHttpSession) result.getRequest().getSession(false);
-
 		assertThat(session).isNotNull();
-
 		result = this.mvc.perform(get("/v2/do-logout").session(session)).andExpect(status().isOk())
 				.andExpect(content().string("")).andReturn();
-
 		session = (MockHttpSession) result.getRequest().getSession(false);
-
 		assertThat(session).isNull();
 	}
 
 	@Test
 	public void servletLogoutWhenUsingCustomLogoutThenUsesSpringSecurity() throws Exception {
-
 		this.spring.configLocations(this.xml("Logout")).autowire();
-
 		this.mvc.perform(get("/authenticate")).andExpect(status().isFound())
 				.andExpect(redirectedUrl("http://localhost/signin"));
-
 		MvcResult result = this.mvc.perform(get("/good-login")).andReturn();
-
 		MockHttpSession session = (MockHttpSession) result.getRequest().getSession(false);
-
 		assertThat(session).isNotNull();
-
 		result = this.mvc.perform(get("/do-logout").session(session)).andExpect(status().isOk())
 				.andExpect(content().string("")).andExpect(cookie().maxAge("JSESSIONID", 0)).andReturn();
-
 		session = (MockHttpSession) result.getRequest().getSession(false);
-
 		assertThat(session).isNotNull();
 	}
 
@@ -201,9 +158,7 @@ public class SecurityContextHolderAwareRequestConfigTests {
 	@Test
 	@WithMockUser
 	public void servletIsUserInRoleWhenUsingDefaultConfigThenRoleIsSet() throws Exception {
-
 		this.spring.configLocations(this.xml("Simple")).autowire();
-
 		this.mvc.perform(get("/role")).andExpect(content().string("true"));
 	}
 
@@ -216,33 +171,26 @@ public class SecurityContextHolderAwareRequestConfigTests {
 
 		@GetMapping("/v2/good-login")
 		public String v2Login(HttpServletRequest request) throws ServletException {
-
 			request.login("user2", "password2");
-
 			return this.principal();
 		}
 
 		@GetMapping("/good-login")
 		public String login(HttpServletRequest request) throws ServletException {
-
 			request.login("user", "password");
-
 			return this.principal();
 		}
 
 		@GetMapping("/v2/authenticate")
 		public String v2Authenticate(HttpServletRequest request, HttpServletResponse response)
 				throws IOException, ServletException {
-
 			return this.authenticate(request, response);
 		}
 
 		@GetMapping("/authenticate")
 		public String authenticate(HttpServletRequest request, HttpServletResponse response)
 				throws IOException, ServletException {
-
 			request.authenticate(response);
-
 			return this.principal();
 		}
 
@@ -254,7 +202,6 @@ public class SecurityContextHolderAwareRequestConfigTests {
 		@GetMapping("/do-logout")
 		public String logout(HttpServletRequest request) throws ServletException {
 			request.logout();
-
 			return this.principal();
 		}
 
diff --git a/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigServlet31Tests.java b/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigServlet31Tests.java
index 6575395228..7995b13de2 100644
--- a/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigServlet31Tests.java
+++ b/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigServlet31Tests.java
@@ -90,40 +90,29 @@ public class SessionManagementConfigServlet31Tests {
 		request.setMethod("POST");
 		request.setParameter("username", "user");
 		request.setParameter("password", "password");
-
 		request.getSession().setAttribute("attribute1", "value1");
-
 		String id = request.getSession().getId();
-
 		loadContext("<http>\n" + "        <form-login/>\n" + "        <session-management/>\n"
 				+ "        <csrf disabled='true'/>\n" + "    </http>" + XML_AUTHENTICATION_MANAGER);
-
 		this.springSecurityFilterChain.doFilter(request, this.response, this.chain);
-
 		assertThat(request.getSession().getId()).isNotEqualTo(id);
 		assertThat(request.getSession().getAttribute("attribute1")).isEqualTo("value1");
 	}
 
 	@Test
 	public void changeSessionId() throws Exception {
-
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", "");
 		request.getSession();
 		request.setServletPath("/login");
 		request.setMethod("POST");
 		request.setParameter("username", "user");
 		request.setParameter("password", "password");
-
 		String id = request.getSession().getId();
-
 		loadContext("<http>\n" + "        <form-login/>\n"
 				+ "        <session-management session-fixation-protection='changeSessionId'/>\n"
 				+ "        <csrf disabled='true'/>\n" + "    </http>" + XML_AUTHENTICATION_MANAGER);
-
 		this.springSecurityFilterChain.doFilter(request, this.response, this.chain);
-
 		assertThat(request.getSession().getId()).isNotEqualTo(id);
-
 	}
 
 	private void loadContext(String context) {
@@ -135,7 +124,6 @@ public class SessionManagementConfigServlet31Tests {
 		HttpSessionSecurityContextRepository repo = new HttpSessionSecurityContextRepository();
 		HttpRequestResponseHolder requestResponseHolder = new HttpRequestResponseHolder(this.request, this.response);
 		repo.loadContext(requestResponseHolder);
-
 		SecurityContextImpl securityContextImpl = new SecurityContextImpl();
 		securityContextImpl.setAuthentication(auth);
 		repo.saveContext(securityContextImpl, requestResponseHolder.getRequest(), requestResponseHolder.getResponse());
diff --git a/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigTests.java b/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigTests.java
index f7bd58f0b0..cdd74a6916 100644
--- a/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigTests.java
@@ -92,52 +92,41 @@ public class SessionManagementConfigTests {
 	@Test
 	public void requestWhenCreateSessionAlwaysThenAlwaysCreatesSession() throws Exception {
 		this.spring.configLocations(this.xml("CreateSessionAlways")).autowire();
-
 		MockHttpServletRequest request = get("/").buildRequest(this.servletContext());
 		MockHttpServletResponse response = request(request, this.spring.getContext());
-
 		assertThat(response.getStatus()).isEqualTo(HttpStatus.SC_OK);
 		assertThat(request.getSession(false)).isNotNull();
 	}
 
 	@Test
 	public void requestWhenCreateSessionIsSetToNeverThenDoesNotCreateSessionOnLoginChallenge() throws Exception {
-
 		this.spring.configLocations(this.xml("CreateSessionNever")).autowire();
-
 		MockHttpServletRequest request = get("/auth").buildRequest(this.servletContext());
 		MockHttpServletResponse response = request(request, this.spring.getContext());
-
 		assertThat(response.getStatus()).isEqualTo(HttpStatus.SC_MOVED_TEMPORARILY);
 		assertThat(request.getSession(false)).isNull();
 	}
 
 	@Test
 	public void requestWhenCreateSessionIsSetToNeverThenDoesNotCreateSessionOnLogin() throws Exception {
-
 		this.spring.configLocations(this.xml("CreateSessionNever")).autowire();
-
 		MockHttpServletRequest request = post("/login").param("username", "user").param("password", "password")
 				.buildRequest(this.servletContext());
 		request = csrf().postProcessRequest(request);
 		MockHttpServletResponse response = request(request, this.spring.getContext());
-
 		assertThat(response.getStatus()).isEqualTo(HttpStatus.SC_MOVED_TEMPORARILY);
 		assertThat(request.getSession(false)).isNull();
 	}
 
 	@Test
 	public void requestWhenCreateSessionIsSetToNeverThenUsesExistingSession() throws Exception {
-
 		this.spring.configLocations(this.xml("CreateSessionNever")).autowire();
-
 		MockHttpServletRequest request = post("/login").param("username", "user").param("password", "password")
 				.buildRequest(this.servletContext());
 		request = csrf().postProcessRequest(request);
 		MockHttpSession session = new MockHttpSession();
 		request.setSession(session);
 		MockHttpServletResponse response = request(request, this.spring.getContext());
-
 		assertThat(response.getStatus()).isEqualTo(HttpStatus.SC_MOVED_TEMPORARILY);
 		assertThat(request.getSession(false)).isNotNull();
 		assertThat(request.getSession(false)
@@ -146,72 +135,56 @@ public class SessionManagementConfigTests {
 
 	@Test
 	public void requestWhenCreateSessionIsSetToStatelessThenDoesNotCreateSessionOnLoginChallenge() throws Exception {
-
 		this.spring.configLocations(this.xml("CreateSessionStateless")).autowire();
-
 		this.mvc.perform(get("/auth")).andExpect(status().isFound()).andExpect(session().exists(false));
 	}
 
 	@Test
 	public void requestWhenCreateSessionIsSetToStatelessThenDoesNotCreateSessionOnLogin() throws Exception {
-
 		this.spring.configLocations(this.xml("CreateSessionStateless")).autowire();
-
 		this.mvc.perform(post("/login").param("username", "user").param("password", "password").with(csrf()))
 				.andExpect(status().isFound()).andExpect(session().exists(false));
 	}
 
 	@Test
 	public void requestWhenCreateSessionIsSetToStatelessThenIgnoresExistingSession() throws Exception {
-
 		this.spring.configLocations(this.xml("CreateSessionStateless")).autowire();
-
 		MvcResult result = this.mvc
 				.perform(post("/login").param("username", "user").param("password", "password")
 						.session(new MockHttpSession()).with(csrf()))
 				.andExpect(status().isFound()).andExpect(session()).andReturn();
-
 		assertThat(result.getRequest().getSession(false)
 				.getAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY)).isNull();
 	}
 
 	@Test
 	public void requestWhenCreateSessionIsSetToIfRequiredThenDoesNotCreateSessionOnPublicInvocation() throws Exception {
-
 		this.spring.configLocations(this.xml("CreateSessionIfRequired")).autowire();
-
 		ServletContext servletContext = this.mvc.getDispatcherServlet().getServletContext();
 		MockHttpServletRequest request = get("/").buildRequest(servletContext);
 		MockHttpServletResponse response = request(request, this.spring.getContext());
-
 		assertThat(response.getStatus()).isEqualTo(HttpStatus.SC_OK);
 		assertThat(request.getSession(false)).isNull();
 	}
 
 	@Test
 	public void requestWhenCreateSessionIsSetToIfRequiredThenCreatesSessionOnLoginChallenge() throws Exception {
-
 		this.spring.configLocations(this.xml("CreateSessionIfRequired")).autowire();
-
 		ServletContext servletContext = this.mvc.getDispatcherServlet().getServletContext();
 		MockHttpServletRequest request = get("/auth").buildRequest(servletContext);
 		MockHttpServletResponse response = request(request, this.spring.getContext());
-
 		assertThat(response.getStatus()).isEqualTo(HttpStatus.SC_MOVED_TEMPORARILY);
 		assertThat(request.getSession(false)).isNotNull();
 	}
 
 	@Test
 	public void requestWhenCreateSessionIsSetToIfRequiredThenCreatesSessionOnLogin() throws Exception {
-
 		this.spring.configLocations(this.xml("CreateSessionIfRequired")).autowire();
-
 		ServletContext servletContext = this.mvc.getDispatcherServlet().getServletContext();
 		MockHttpServletRequest request = post("/login").param("username", "user").param("password", "password")
 				.buildRequest(servletContext);
 		request = csrf().postProcessRequest(request);
 		MockHttpServletResponse response = request(request, this.spring.getContext());
-
 		assertThat(response.getStatus()).isEqualTo(HttpStatus.SC_MOVED_TEMPORARILY);
 		assertThat(request.getSession(false)).isNotNull();
 	}
@@ -221,12 +194,9 @@ public class SessionManagementConfigTests {
 	 */
 	@Test
 	public void requestWhenRejectingUserBasedOnMaxSessionsExceededThenDoesNotCreateSession() throws Exception {
-
 		this.spring.configLocations(this.xml("Sec1208")).autowire();
-
 		this.mvc.perform(get("/auth").with(httpBasic("user", "password"))).andExpect(status().isOk())
 				.andExpect(session());
-
 		this.mvc.perform(get("/auth").with(httpBasic("user", "password"))).andExpect(status().isUnauthorized())
 				.andExpect(session().exists(false));
 	}
@@ -237,9 +207,7 @@ public class SessionManagementConfigTests {
 	@Test
 	public void requestWhenSessionFixationProtectionDisabledAndConcurrencyControlEnabledThenSessionNotInvalidated()
 			throws Exception {
-
 		this.spring.configLocations(this.xml("Sec2137")).autowire();
-
 		MockHttpSession session = new MockHttpSession();
 		this.mvc.perform(get("/auth").session(session).with(httpBasic("user", "password"))).andExpect(status().isOk())
 				.andExpect(session().id(session.getId()));
@@ -248,15 +216,12 @@ public class SessionManagementConfigTests {
 	@Test
 	public void autowireWhenExportingSessionRegistryBeanThenAvailableForWiring() {
 		this.spring.configLocations(this.xml("ConcurrencyControlSessionRegistryAlias")).autowire();
-
 		this.sessionRegistryIsValid();
 	}
 
 	@Test
 	public void requestWhenExpiredUrlIsSetThenInvalidatesSessionAndRedirects() throws Exception {
-
 		this.spring.configLocations(this.xml("ConcurrencyControlExpiredUrl")).autowire();
-
 		this.mvc.perform(get("/auth").session(this.expiredSession()).with(httpBasic("user", "password")))
 				.andExpect(redirectedUrl("/expired")).andExpect(session().exists(false));
 	}
@@ -264,9 +229,7 @@ public class SessionManagementConfigTests {
 	@Test
 	public void requestWhenConcurrencyControlAndCustomLogoutHandlersAreSetThenAllAreInvokedWhenSessionExpires()
 			throws Exception {
-
 		this.spring.configLocations(this.xml("ConcurrencyControlLogoutAndRememberMeHandlers")).autowire();
-
 		this.mvc.perform(get("/auth").session(this.expiredSession()).with(httpBasic("user", "password")))
 				.andExpect(status().isOk()).andExpect(cookie().maxAge("testCookie", 0))
 				.andExpect(cookie().exists("rememberMeCookie")).andExpect(session().valid(true));
@@ -274,9 +237,7 @@ public class SessionManagementConfigTests {
 
 	@Test
 	public void requestWhenConcurrencyControlAndRememberMeAreSetThenInvokedWhenSessionExpires() throws Exception {
-
 		this.spring.configLocations(this.xml("ConcurrencyControlRememberMeHandler")).autowire();
-
 		this.mvc.perform(get("/auth").session(this.expiredSession()).with(httpBasic("user", "password")))
 				.andExpect(status().isOk()).andExpect(cookie().exists("rememberMeCookie"))
 				.andExpect(session().exists(false));
@@ -287,25 +248,18 @@ public class SessionManagementConfigTests {
 	 */
 	@Test
 	public void autowireWhenConcurrencyControlIsSetThenLogoutHandlersGetAuthenticationObject() throws Exception {
-
 		this.spring.configLocations(this.xml("ConcurrencyControlCustomLogoutHandler")).autowire();
-
 		MvcResult result = this.mvc.perform(get("/auth").with(httpBasic("user", "password"))).andExpect(session())
 				.andReturn();
-
 		MockHttpSession session = (MockHttpSession) result.getRequest().getSession(false);
-
 		SessionRegistry sessionRegistry = this.spring.getContext().getBean(SessionRegistry.class);
 		sessionRegistry.getSessionInformation(session.getId()).expireNow();
-
 		this.mvc.perform(get("/auth").session(session)).andExpect(header().string("X-Username", "user"));
 	}
 
 	@Test
 	public void requestWhenConcurrencyControlIsSetThenDefaultsToResponseBodyExpirationResponse() throws Exception {
-
 		this.spring.configLocations(this.xml("ConcurrencyControlSessionRegistryAlias")).autowire();
-
 		this.mvc.perform(get("/auth").session(this.expiredSession()).with(httpBasic("user", "password")))
 				.andExpect(content().string("This session has been expired (possibly due to multiple concurrent "
 						+ "logins being attempted as the same user)."));
@@ -313,71 +267,53 @@ public class SessionManagementConfigTests {
 
 	@Test
 	public void requestWhenCustomSessionAuthenticationStrategyThenInvokesOnAuthentication() throws Exception {
-
 		this.spring.configLocations(this.xml("SessionAuthenticationStrategyRef")).autowire();
-
 		this.mvc.perform(get("/auth").with(httpBasic("user", "password"))).andExpect(status().isIAmATeapot());
 	}
 
 	@Test
 	public void autowireWhenSessionRegistryRefIsSetThenAvailableForWiring() {
 		this.spring.configLocations(this.xml("ConcurrencyControlSessionRegistryRef")).autowire();
-
 		this.sessionRegistryIsValid();
 	}
 
 	@Test
 	public void requestWhenMaxSessionsIsSetThenErrorsWhenExceeded() throws Exception {
-
 		this.spring.configLocations(this.xml("ConcurrencyControlMaxSessions")).autowire();
-
 		this.mvc.perform(get("/auth").with(httpBasic("user", "password"))).andExpect(status().isOk());
-
 		this.mvc.perform(get("/auth").with(httpBasic("user", "password"))).andExpect(status().isOk());
-
 		this.mvc.perform(get("/auth").with(httpBasic("user", "password"))).andExpect(redirectedUrl("/max-exceeded"));
 	}
 
 	@Test
 	public void autowireWhenSessionFixationProtectionIsNoneAndCsrfDisabledThenSessionManagementFilterIsNotWired() {
-
 		this.spring.configLocations(this.xml("NoSessionManagementFilter")).autowire();
-
 		assertThat(this.getFilter(SessionManagementFilter.class)).isNull();
 	}
 
 	@Test
 	public void requestWhenSessionFixationProtectionIsNoneThenSessionNotInvalidated() throws Exception {
-
 		this.spring.configLocations(this.xml("SessionFixationProtectionNone")).autowire();
-
 		MockHttpSession session = new MockHttpSession();
 		String sessionId = session.getId();
-
 		this.mvc.perform(get("/auth").session(session).with(httpBasic("user", "password")))
 				.andExpect(session().id(sessionId));
 	}
 
 	@Test
 	public void requestWhenSessionFixationProtectionIsMigrateSessionThenSessionIsReplaced() throws Exception {
-
 		this.spring.configLocations(this.xml("SessionFixationProtectionMigrateSession")).autowire();
-
 		MockHttpSession session = new MockHttpSession();
 		String sessionId = session.getId();
-
 		MvcResult result = this.mvc.perform(get("/auth").session(session).with(httpBasic("user", "password")))
 				.andExpect(session()).andReturn();
-
 		assertThat(result.getRequest().getSession(false).getId()).isNotEqualTo(sessionId);
 	}
 
 	@Test
 	public void requestWhenSessionFixationProtectionIsNoneAndInvalidSessionUrlIsSetThenStillRedirectsOnInvalidSession()
 			throws Exception {
-
 		this.spring.configLocations(this.xml("SessionFixationProtectionNoneWithInvalidSessionUrl")).autowire();
-
 		this.mvc.perform(get("/auth").with((request) -> {
 			request.setRequestedSessionId("1");
 			request.setRequestedSessionIdValid(false);
@@ -387,9 +323,7 @@ public class SessionManagementConfigTests {
 
 	private void sessionRegistryIsValid() {
 		SessionRegistry sessionRegistry = this.spring.getContext().getBean("sessionRegistry", SessionRegistry.class);
-
 		assertThat(sessionRegistry).isNotNull();
-
 		assertThat(this.getFilter(ConcurrentSessionFilter.class)).returns(sessionRegistry,
 				this::extractSessionRegistry);
 		assertThat(this.getFilter(UsernamePasswordAuthenticationFilter.class)).returns(sessionRegistry,
@@ -433,37 +367,26 @@ public class SessionManagementConfigTests {
 	 */
 	@Test
 	public void checkConcurrencyAndLogoutFilterHasSameSizeAndHasLogoutSuccessEventPublishingLogoutHandler() {
-
 		this.spring.configLocations(this.xml("ConcurrencyControlLogoutAndRememberMeHandlers")).autowire();
-
 		ConcurrentSessionFilter concurrentSessionFilter = getFilter(ConcurrentSessionFilter.class);
 		LogoutFilter logoutFilter = getFilter(LogoutFilter.class);
-
 		LogoutHandler csfLogoutHandler = getFieldValue(concurrentSessionFilter, "handlers");
 		LogoutHandler lfLogoutHandler = getFieldValue(logoutFilter, "handler");
-
 		assertThat(csfLogoutHandler).isInstanceOf(CompositeLogoutHandler.class);
 		assertThat(lfLogoutHandler).isInstanceOf(CompositeLogoutHandler.class);
-
 		List<LogoutHandler> csfLogoutHandlers = getFieldValue(csfLogoutHandler, "logoutHandlers");
 		List<LogoutHandler> lfLogoutHandlers = getFieldValue(lfLogoutHandler, "logoutHandlers");
-
 		assertThat(csfLogoutHandlers).hasSameSizeAs(lfLogoutHandlers);
-
 		assertThat(csfLogoutHandlers).hasAtLeastOneElementOfType(LogoutSuccessEventPublishingLogoutHandler.class);
 		assertThat(lfLogoutHandlers).hasAtLeastOneElementOfType(LogoutSuccessEventPublishingLogoutHandler.class);
 	}
 
 	private static MockHttpServletResponse request(MockHttpServletRequest request, ApplicationContext context)
 			throws IOException, ServletException {
-
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		FilterChainProxy proxy = context.getBean(FilterChainProxy.class);
-
 		proxy.doFilter(request, new EncodeUrlDenyingHttpServletResponseWrapper(response), (req, resp) -> {
 		});
-
 		return response;
 	}
 
@@ -481,7 +404,6 @@ public class SessionManagementConfigTests {
 
 	private List<Filter> getFilters() {
 		FilterChainProxy proxy = this.spring.getContext().getBean(FilterChainProxy.class);
-
 		return proxy.getFilters("/");
 	}
 
@@ -499,7 +421,6 @@ public class SessionManagementConfigTests {
 		@Override
 		public void onAuthentication(Authentication authentication, HttpServletRequest request,
 				HttpServletResponse response) throws SessionAuthenticationException {
-
 			response.setStatus(org.springframework.http.HttpStatus.I_AM_A_TEAPOT.value());
 		}
 
@@ -514,13 +435,11 @@ public class SessionManagementConfigTests {
 
 		@Override
 		public void loginFail(HttpServletRequest request, HttpServletResponse response) {
-
 		}
 
 		@Override
 		public void loginSuccess(HttpServletRequest request, HttpServletResponse response,
 				Authentication successfulAuthentication) {
-
 		}
 
 		@Override
@@ -574,11 +493,8 @@ public class SessionManagementConfigTests {
 				assertThat(result.getRequest().getSession(false)).isNull();
 				return;
 			}
-
 			assertThat(result.getRequest().getSession(false)).isNotNull();
-
 			MockHttpSession session = (MockHttpSession) result.getRequest().getSession(false);
-
 			if (this.valid != null) {
 				if (this.valid) {
 					assertThat(session.isInvalid()).isFalse();
@@ -587,7 +503,6 @@ public class SessionManagementConfigTests {
 					assertThat(session.isInvalid()).isTrue();
 				}
 			}
-
 			if (this.id != null) {
 				assertThat(session.getId()).isEqualTo(this.id);
 			}
diff --git a/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigTransientAuthenticationTests.java b/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigTransientAuthenticationTests.java
index aa9ab7a33f..8e2df3e6e9 100644
--- a/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigTransientAuthenticationTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigTransientAuthenticationTests.java
@@ -47,7 +47,6 @@ public class SessionManagementConfigTransientAuthenticationTests {
 
 	@Test
 	public void postWhenTransientAuthenticationThenNoSessionCreated() throws Exception {
-
 		this.spring.configLocations(this.xml("WithTransientAuthentication")).autowire();
 		MvcResult result = this.mvc.perform(post("/login")).andReturn();
 		assertThat(result.getRequest().getSession(false)).isNull();
@@ -55,7 +54,6 @@ public class SessionManagementConfigTransientAuthenticationTests {
 
 	@Test
 	public void postWhenTransientAuthenticationThenAlwaysSessionOverrides() throws Exception {
-
 		this.spring.configLocations(this.xml("CreateSessionAlwaysWithTransientAuthentication")).autowire();
 		MvcResult result = this.mvc.perform(post("/login")).andReturn();
 		assertThat(result.getRequest().getSession(false)).isNotNull();
diff --git a/config/src/test/java/org/springframework/security/config/http/customconfigurer/CustomHttpSecurityConfigurerTests.java b/config/src/test/java/org/springframework/security/config/http/customconfigurer/CustomHttpSecurityConfigurerTests.java
index 9f715ddce9..9b770c28ae 100644
--- a/config/src/test/java/org/springframework/security/config/http/customconfigurer/CustomHttpSecurityConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/customconfigurer/CustomHttpSecurityConfigurerTests.java
@@ -75,11 +75,8 @@ public class CustomHttpSecurityConfigurerTests {
 	@Test
 	public void customConfiguerPermitAll() throws Exception {
 		loadContext(Config.class);
-
 		this.request.setPathInfo("/public/something");
-
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
 	}
 
@@ -87,9 +84,7 @@ public class CustomHttpSecurityConfigurerTests {
 	public void customConfiguerFormLogin() throws Exception {
 		loadContext(Config.class);
 		this.request.setPathInfo("/requires-authentication");
-
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
 		assertThat(this.response.getRedirectedUrl()).endsWith("/custom");
 	}
 
@@ -98,9 +93,7 @@ public class CustomHttpSecurityConfigurerTests {
 		loadContext(ConfigCustomize.class);
 		this.request.setPathInfo("/public/something");
 		this.request.setMethod("POST");
-
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
 	}
 
@@ -108,9 +101,7 @@ public class CustomHttpSecurityConfigurerTests {
 	public void customConfiguerCustomizeFormLogin() throws Exception {
 		loadContext(ConfigCustomize.class);
 		this.request.setPathInfo("/requires-authentication");
-
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
-
 		assertThat(this.response.getRedirectedUrl()).endsWith("/other");
 	}
 
@@ -136,7 +127,6 @@ public class CustomHttpSecurityConfigurerTests {
 			// Typically externalize this as a properties file
 			Properties properties = new Properties();
 			properties.setProperty("permitAllPattern", "/public/**");
-
 			PropertyPlaceholderConfigurer propertyPlaceholderConfigurer = new PropertyPlaceholderConfigurer();
 			propertyPlaceholderConfigurer.setProperties(properties);
 			return propertyPlaceholderConfigurer;
@@ -164,7 +154,6 @@ public class CustomHttpSecurityConfigurerTests {
 			// Typically externalize this as a properties file
 			Properties properties = new Properties();
 			properties.setProperty("permitAllPattern", "/public/**");
-
 			PropertyPlaceholderConfigurer propertyPlaceholderConfigurer = new PropertyPlaceholderConfigurer();
 			propertyPlaceholderConfigurer.setProperties(properties);
 			return propertyPlaceholderConfigurer;
diff --git a/config/src/test/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParserTests.java
index 3e0088b38a..f4f2fe7f62 100644
--- a/config/src/test/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParserTests.java
@@ -96,7 +96,6 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
 	@Test(expected = AuthenticationCredentialsNotFoundException.class)
 	public void targetShouldPreventProtectedMethodInvocationWithNoContext() {
 		loadContext();
-
 		this.target.someUserMethod1();
 	}
 
@@ -105,9 +104,7 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
 		loadContext();
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("user", "password");
 		SecurityContextHolder.getContext().setAuthentication(token);
-
 		this.target.someUserMethod1();
-
 		// SEC-1213. Check the order
 		Advisor[] advisors = ((Advised) this.target).getAdvisors();
 		assertThat(advisors).hasSize(1);
@@ -119,9 +116,7 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
 		loadContext();
 		TestingAuthenticationToken token = new TestingAuthenticationToken("Test", "Password", "ROLE_SOMEOTHERROLE");
 		token.setAuthenticated(true);
-
 		SecurityContextHolder.getContext().setAuthentication(token);
-
 		this.target.someAdminMethod();
 	}
 
@@ -132,10 +127,8 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
 						+ "<global-method-security />" + "<authentication-manager>"
 						+ "   <authentication-provider user-service-ref='myUserService'/>" + "</authentication-manager>"
 						+ "<b:bean id='beanPostProcessor' class='org.springframework.security.config.MockUserServiceBeanPostProcessor'/>");
-
 		PostProcessedMockUserDetailsService service = (PostProcessedMockUserDetailsService) this.appContext
 				.getBean("myUserService");
-
 		assertThat(service.getPostProcessorWasHere()).isEqualTo("Hello from the post processor!");
 	}
 
@@ -147,12 +140,10 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
 				+ "<b:bean id='myUserService' class='org.springframework.security.config.PostProcessedMockUserDetailsService'/>"
 				+ "<aop:aspectj-autoproxy />" + "<authentication-manager>"
 				+ "   <authentication-provider user-service-ref='myUserService'/>" + "</authentication-manager>");
-
 		UserDetailsService service = (UserDetailsService) this.appContext.getBean("myUserService");
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password",
 				AuthorityUtils.createAuthorityList("ROLE_SOMEOTHERROLE"));
 		SecurityContextHolder.getContext().setAuthentication(token);
-
 		service.loadUserByUsername("notused");
 	}
 
@@ -169,7 +160,6 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
 		// someOther(int) should not be matched by someOther(String), but should require
 		// ROLE_USER
 		this.target.someOther(0);
-
 		try {
 			// String version should required admin role
 			this.target.someOther("somestring");
@@ -190,7 +180,6 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
 		this.target = (BusinessService) this.appContext.getBean("target");
 		// String method should not be protected
 		this.target.someOther("somestring");
-
 		// All others should require ROLE_USER
 		try {
 			this.target.someOther(0);
@@ -198,7 +187,6 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
 		}
 		catch (AuthenticationCredentialsNotFoundException expected) {
 		}
-
 		SecurityContextHolder.getContext()
 				.setAuthentication(new UsernamePasswordAuthenticationToken("user", "password"));
 		this.target.someOther(0);
@@ -217,7 +205,6 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
 				+ "    <b:property name='serviceUrl' value='http://localhost:8080/SomeService'/>"
 				+ "    <b:property name='serviceInterface' value='org.springframework.security.access.annotation.BusinessService'/>"
 				+ "</b:bean>" + ConfigTestUtils.AUTH_PROVIDER_XML);
-
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password",
 				AuthorityUtils.createAuthorityList("ROLE_SOMEOTHERROLE"));
 		SecurityContextHolder.getContext().setAuthentication(token);
@@ -226,7 +213,6 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
 	}
 
 	// Expression configuration tests
-
 	@SuppressWarnings("unchecked")
 	@Test
 	public void expressionVoterAndAfterInvocationProviderUseSameExpressionHandlerInstance() throws Exception {
@@ -341,7 +327,6 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
 		props.addPropertyValue("key", "blah");
 		parent.registerSingleton("runAsMgr", RunAsManagerImpl.class, props);
 		parent.refresh();
-
 		setContext("<global-method-security run-as-manager-ref='runAsMgr'/>" + ConfigTestUtils.AUTH_PROVIDER_XML,
 				parent);
 		RunAsManagerImpl ram = (RunAsManagerImpl) this.appContext.getBean("runAsMgr");
diff --git a/config/src/test/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecoratorTests.java b/config/src/test/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecoratorTests.java
index 4771006d75..0316daf0fe 100644
--- a/config/src/test/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecoratorTests.java
+++ b/config/src/test/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecoratorTests.java
@@ -74,7 +74,6 @@ public class InterceptMethodsBeanDefinitionDecoratorTests implements Application
 		assertThat(this.appContext.getBeansOfType(ApplicationListener.class)).hasSize(1);
 		assertThat(this.appContext.getBeanNamesForType(ApplicationListener.class)).hasSize(1);
 		this.appContext.publishEvent(new AuthenticationSuccessEvent(new TestingAuthenticationToken("user", "")));
-
 		assertThat(this.target).isInstanceOf(ApplicationListener.class);
 	}
 
@@ -93,7 +92,6 @@ public class InterceptMethodsBeanDefinitionDecoratorTests implements Application
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password",
 				AuthorityUtils.createAuthorityList("ROLE_USER"));
 		SecurityContextHolder.getContext().setAuthentication(token);
-
 		this.target.doSomething();
 	}
 
@@ -102,7 +100,6 @@ public class InterceptMethodsBeanDefinitionDecoratorTests implements Application
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password",
 				AuthorityUtils.createAuthorityList("ROLE_SOMEOTHERROLE"));
 		SecurityContextHolder.getContext().setAuthentication(token);
-
 		this.target.doSomething();
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/method/Jsr250AnnotationDrivenBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/method/Jsr250AnnotationDrivenBeanDefinitionParserTests.java
index 20b5183888..46ca86f261 100644
--- a/config/src/test/java/org/springframework/security/config/method/Jsr250AnnotationDrivenBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/method/Jsr250AnnotationDrivenBeanDefinitionParserTests.java
@@ -64,7 +64,6 @@ public class Jsr250AnnotationDrivenBeanDefinitionParserTests {
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password",
 				AuthorityUtils.createAuthorityList("ROLE_USER"));
 		SecurityContextHolder.getContext().setAuthentication(token);
-
 		this.target.someOther(0);
 	}
 
@@ -73,7 +72,6 @@ public class Jsr250AnnotationDrivenBeanDefinitionParserTests {
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password",
 				AuthorityUtils.createAuthorityList("ROLE_USER"));
 		SecurityContextHolder.getContext().setAuthentication(token);
-
 		this.target.someUserMethod1();
 	}
 
@@ -82,7 +80,6 @@ public class Jsr250AnnotationDrivenBeanDefinitionParserTests {
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password",
 				AuthorityUtils.createAuthorityList("ROLE_SOMEOTHERROLE"));
 		SecurityContextHolder.getContext().setAuthentication(token);
-
 		this.target.someAdminMethod();
 	}
 
@@ -91,7 +88,6 @@ public class Jsr250AnnotationDrivenBeanDefinitionParserTests {
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password",
 				AuthorityUtils.createAuthorityList("ROLE_USER"));
 		SecurityContextHolder.getContext().setAuthentication(token);
-
 		this.target.rolesAllowedUser();
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/method/Sec2196Tests.java b/config/src/test/java/org/springframework/security/config/method/Sec2196Tests.java
index 083b3c2b7f..7814a7f7d6 100644
--- a/config/src/test/java/org/springframework/security/config/method/Sec2196Tests.java
+++ b/config/src/test/java/org/springframework/security/config/method/Sec2196Tests.java
@@ -38,7 +38,6 @@ public class Sec2196Tests {
 	public void genericMethodsProtected() {
 		loadContext("<global-method-security secured-annotations=\"enabled\" pre-post-annotations=\"enabled\"/>"
 				+ "<b:bean class='" + Service.class.getName() + "'/>");
-
 		SecurityContextHolder.getContext()
 				.setAuthentication(new TestingAuthenticationToken("test", "pass", "ROLE_USER"));
 		Service service = this.context.getBean(Service.class);
@@ -49,7 +48,6 @@ public class Sec2196Tests {
 	public void genericMethodsAllowed() {
 		loadContext("<global-method-security secured-annotations=\"enabled\" pre-post-annotations=\"enabled\"/>"
 				+ "<b:bean class='" + Service.class.getName() + "'/>");
-
 		SecurityContextHolder.getContext()
 				.setAuthentication(new TestingAuthenticationToken("test", "pass", "saveUsers"));
 		Service service = this.context.getBean(Service.class);
diff --git a/config/src/test/java/org/springframework/security/config/method/SecuredAnnotationDrivenBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/method/SecuredAnnotationDrivenBeanDefinitionParserTests.java
index 3d46358d09..c7f1cc54a2 100644
--- a/config/src/test/java/org/springframework/security/config/method/SecuredAnnotationDrivenBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/method/SecuredAnnotationDrivenBeanDefinitionParserTests.java
@@ -73,7 +73,6 @@ public class SecuredAnnotationDrivenBeanDefinitionParserTests {
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password",
 				AuthorityUtils.createAuthorityList("ROLE_USER"));
 		SecurityContextHolder.getContext().setAuthentication(token);
-
 		this.target.someUserMethod1();
 	}
 
@@ -82,7 +81,6 @@ public class SecuredAnnotationDrivenBeanDefinitionParserTests {
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password",
 				AuthorityUtils.createAuthorityList("ROLE_SOMEOTHER"));
 		SecurityContextHolder.getContext().setAuthentication(token);
-
 		this.target.someAdminMethod();
 	}
 
@@ -101,7 +99,6 @@ public class SecuredAnnotationDrivenBeanDefinitionParserTests {
 		catch (AuthenticationCredentialsNotFoundException expected) {
 		}
 		SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken("u", "p", "ROLE_A"));
-
 		BusinessService chompedTarget = (BusinessService) serializeAndDeserialize(this.target);
 		chompedTarget.someAdminMethod();
 	}
@@ -113,11 +110,9 @@ public class SecuredAnnotationDrivenBeanDefinitionParserTests {
 		oos.flush();
 		baos.flush();
 		byte[] bytes = baos.toByteArray();
-
 		ByteArrayInputStream is = new ByteArrayInputStream(bytes);
 		ObjectInputStream ois = new ObjectInputStream(is);
 		Object o2 = ois.readObject();
-
 		return o2;
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/method/sec2136/Sec2136Tests.java b/config/src/test/java/org/springframework/security/config/method/sec2136/Sec2136Tests.java
index a78f32bf76..4951e56206 100644
--- a/config/src/test/java/org/springframework/security/config/method/sec2136/Sec2136Tests.java
+++ b/config/src/test/java/org/springframework/security/config/method/sec2136/Sec2136Tests.java
@@ -32,7 +32,6 @@ public class Sec2136Tests {
 
 	@Test
 	public void configurationLoads() {
-
 	}
 
 }
diff --git a/config/src/test/java/org/springframework/security/config/oauth2/client/ClientRegistrationsBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/oauth2/client/ClientRegistrationsBeanDefinitionParserTests.java
index 2c593e80dc..c20e3c7b59 100644
--- a/config/src/test/java/org/springframework/security/config/oauth2/client/ClientRegistrationsBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/oauth2/client/ClientRegistrationsBeanDefinitionParserTests.java
@@ -100,15 +100,11 @@ public class ClientRegistrationsBeanDefinitionParserTests {
 		this.server = new MockWebServer();
 		this.server.start();
 		String serverUrl = this.server.url("/").toString();
-
 		String discoveryResponse = OIDC_DISCOVERY_RESPONSE.replace("${issuer-uri}", serverUrl);
 		this.server.enqueue(jsonResponse(discoveryResponse));
-
 		String contextConfig = ISSUER_URI_XML_CONFIG.replace("${issuer-uri}", serverUrl);
 		this.spring.context(contextConfig).autowire();
-
 		assertThat(this.clientRegistrationRepository).isInstanceOf(InMemoryClientRegistrationRepository.class);
-
 		ClientRegistration googleRegistration = this.clientRegistrationRepository.findByRegistrationId("google-login");
 		assertThat(googleRegistration).isNotNull();
 		assertThat(googleRegistration.getRegistrationId()).isEqualTo("google-login");
@@ -120,7 +116,6 @@ public class ClientRegistrationsBeanDefinitionParserTests {
 		assertThat(googleRegistration.getScopes())
 				.isEqualTo(StringUtils.commaDelimitedListToSet("openid,profile,email"));
 		assertThat(googleRegistration.getClientName()).isEqualTo(serverUrl);
-
 		ProviderDetails googleProviderDetails = googleRegistration.getProviderDetails();
 		assertThat(googleProviderDetails).isNotNull();
 		assertThat(googleProviderDetails.getAuthorizationUri()).isEqualTo("https://example.com/o/oauth2/v2/auth");
@@ -138,9 +133,7 @@ public class ClientRegistrationsBeanDefinitionParserTests {
 	public void parseWhenMultipleClientsConfiguredThenAvailableInRepository() {
 		this.spring.configLocations(ClientRegistrationsBeanDefinitionParserTests.xml("MultiClientRegistration"))
 				.autowire();
-
 		assertThat(this.clientRegistrationRepository).isInstanceOf(InMemoryClientRegistrationRepository.class);
-
 		ClientRegistration googleRegistration = this.clientRegistrationRepository.findByRegistrationId("google-login");
 		assertThat(googleRegistration).isNotNull();
 		assertThat(googleRegistration.getRegistrationId()).isEqualTo("google-login");
@@ -152,7 +145,6 @@ public class ClientRegistrationsBeanDefinitionParserTests {
 		assertThat(googleRegistration.getScopes())
 				.isEqualTo(StringUtils.commaDelimitedListToSet("openid,profile,email"));
 		assertThat(googleRegistration.getClientName()).isEqualTo("Google");
-
 		ProviderDetails googleProviderDetails = googleRegistration.getProviderDetails();
 		assertThat(googleProviderDetails).isNotNull();
 		assertThat(googleProviderDetails.getAuthorizationUri())
@@ -165,7 +157,6 @@ public class ClientRegistrationsBeanDefinitionParserTests {
 		assertThat(googleProviderDetails.getUserInfoEndpoint().getUserNameAttributeName()).isEqualTo("sub");
 		assertThat(googleProviderDetails.getJwkSetUri()).isEqualTo("https://www.googleapis.com/oauth2/v3/certs");
 		assertThat(googleProviderDetails.getIssuerUri()).isEqualTo("https://accounts.google.com");
-
 		ClientRegistration githubRegistration = this.clientRegistrationRepository.findByRegistrationId("github-login");
 		assertThat(githubRegistration).isNotNull();
 		assertThat(githubRegistration.getRegistrationId()).isEqualTo("github-login");
@@ -177,7 +168,6 @@ public class ClientRegistrationsBeanDefinitionParserTests {
 		assertThat(googleRegistration.getScopes())
 				.isEqualTo(StringUtils.commaDelimitedListToSet("openid,profile,email"));
 		assertThat(githubRegistration.getClientName()).isEqualTo("Github");
-
 		ProviderDetails githubProviderDetails = githubRegistration.getProviderDetails();
 		assertThat(githubProviderDetails).isNotNull();
 		assertThat(githubProviderDetails.getAuthorizationUri()).isEqualTo("https://github.com/login/oauth/authorize");
diff --git a/config/src/test/java/org/springframework/security/config/test/SpringTestContext.java b/config/src/test/java/org/springframework/security/config/test/SpringTestContext.java
index 9da52a47c7..dba5ac9173 100644
--- a/config/src/test/java/org/springframework/security/config/test/SpringTestContext.java
+++ b/config/src/test/java/org/springframework/security/config/test/SpringTestContext.java
@@ -128,13 +128,11 @@ public class SpringTestContext implements Closeable {
 		this.context.setServletContext(new MockServletContext());
 		this.context.setServletConfig(new MockServletConfig());
 		this.context.refresh();
-
 		if (this.context.containsBean(BeanIds.SPRING_SECURITY_FILTER_CHAIN)) {
 			MockMvc mockMvc = MockMvcBuilders.webAppContextSetup(this.context).apply(springSecurity())
 					.apply(new AddFilter()).build();
 			this.context.getBeanFactory().registerResolvableDependency(MockMvc.class, mockMvc);
 		}
-
 		AutowiredAnnotationBeanPostProcessor bpp = new AutowiredAnnotationBeanPostProcessor();
 		bpp.setBeanFactory(this.context.getBeanFactory());
 		bpp.processInjection(this.test);
diff --git a/config/src/test/java/org/springframework/security/config/util/InMemoryXmlApplicationContext.java b/config/src/test/java/org/springframework/security/config/util/InMemoryXmlApplicationContext.java
index 5ba707036e..865462456d 100644
--- a/config/src/test/java/org/springframework/security/config/util/InMemoryXmlApplicationContext.java
+++ b/config/src/test/java/org/springframework/security/config/util/InMemoryXmlApplicationContext.java
@@ -42,7 +42,6 @@ public class InMemoryXmlApplicationContext extends AbstractXmlApplicationContext
 			+ "http://www.springframework.org/schema/context https://www.springframework.org/schema/context/spring-context-2.5.xsd\n"
 			+ "http://www.springframework.org/schema/security https://www.springframework.org/schema/security/spring-security-";
 	static final String BEANS_CLOSE = "</b:beans>\n";
-
 	static final String SPRING_SECURITY_VERSION = "5.4";
 
 	Resource inMemoryXml;
diff --git a/config/src/test/java/org/springframework/security/config/web/server/AuthorizeExchangeSpecTests.java b/config/src/test/java/org/springframework/security/config/web/server/AuthorizeExchangeSpecTests.java
index 1fec30b4fc..22e87bbe62 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/AuthorizeExchangeSpecTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/AuthorizeExchangeSpecTests.java
@@ -35,30 +35,20 @@ public class AuthorizeExchangeSpecTests {
 	public void antMatchersWhenMethodAndPatternsThenDiscriminatesByMethod() {
 		this.http.csrf().disable().authorizeExchange().pathMatchers(HttpMethod.POST, "/a", "/b").denyAll().anyExchange()
 				.permitAll();
-
 		WebTestClient client = buildClient();
-
 		client.get().uri("/a").exchange().expectStatus().isOk();
-
 		client.get().uri("/b").exchange().expectStatus().isOk();
-
 		client.post().uri("/a").exchange().expectStatus().isUnauthorized();
-
 		client.post().uri("/b").exchange().expectStatus().isUnauthorized();
 	}
 
 	@Test
 	public void antMatchersWhenPatternsThenAnyMethod() {
 		this.http.csrf().disable().authorizeExchange().pathMatchers("/a", "/b").denyAll().anyExchange().permitAll();
-
 		WebTestClient client = buildClient();
-
 		client.get().uri("/a").exchange().expectStatus().isUnauthorized();
-
 		client.get().uri("/b").exchange().expectStatus().isUnauthorized();
-
 		client.post().uri("/a").exchange().expectStatus().isUnauthorized();
-
 		client.post().uri("/b").exchange().expectStatus().isUnauthorized();
 	}
 
@@ -66,15 +56,10 @@ public class AuthorizeExchangeSpecTests {
 	public void antMatchersWhenPatternsInLambdaThenAnyMethod() {
 		this.http.csrf(ServerHttpSecurity.CsrfSpec::disable).authorizeExchange(
 				(exchanges) -> exchanges.pathMatchers("/a", "/b").denyAll().anyExchange().permitAll());
-
 		WebTestClient client = buildClient();
-
 		client.get().uri("/a").exchange().expectStatus().isUnauthorized();
-
 		client.get().uri("/b").exchange().expectStatus().isUnauthorized();
-
 		client.post().uri("/a").exchange().expectStatus().isUnauthorized();
-
 		client.post().uri("/b").exchange().expectStatus().isUnauthorized();
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/web/server/CorsSpecTests.java b/config/src/test/java/org/springframework/security/config/web/server/CorsSpecTests.java
index 33e1d2e9c0..7499e9c240 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/CorsSpecTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/CorsSpecTests.java
@@ -105,9 +105,7 @@ public class CorsSpecTests {
 		WebTestClient client = buildClient();
 		FluxExchangeResult<String> response = client.get().uri("https://example.com/")
 				.headers((h) -> h.setOrigin("https://origin.example.com")).exchange().returnResult(String.class);
-
 		Map<String, List<String>> responseHeaders = response.getResponseHeaders();
-
 		if (!this.expectedHeaders.isEmpty()) {
 			assertThat(responseHeaders).describedAs(response.toString()).containsAllEntriesOf(this.expectedHeaders);
 		}
diff --git a/config/src/test/java/org/springframework/security/config/web/server/ExceptionHandlingSpecTests.java b/config/src/test/java/org/springframework/security/config/web/server/ExceptionHandlingSpecTests.java
index 470536e558..4b3ffae2ce 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/ExceptionHandlingSpecTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/ExceptionHandlingSpecTests.java
@@ -42,9 +42,7 @@ public class ExceptionHandlingSpecTests {
 	public void defaultAuthenticationEntryPoint() {
 		SecurityWebFilterChain securityWebFilter = this.http.csrf().disable().authorizeExchange().anyExchange()
 				.authenticated().and().exceptionHandling().and().build();
-
 		WebTestClient client = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build();
-
 		client.get().uri("/test").exchange().expectStatus().isUnauthorized().expectHeader()
 				.valueMatches("WWW-Authenticate", "Basic.*");
 	}
@@ -54,9 +52,7 @@ public class ExceptionHandlingSpecTests {
 		SecurityWebFilterChain securityWebFilter = this.http
 				.authorizeExchange((exchanges) -> exchanges.anyExchange().authenticated())
 				.exceptionHandling(withDefaults()).build();
-
 		WebTestClient client = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build();
-
 		client.get().uri("/test").exchange().expectStatus().isUnauthorized().expectHeader()
 				.valueMatches("WWW-Authenticate", "Basic.*");
 	}
@@ -66,9 +62,7 @@ public class ExceptionHandlingSpecTests {
 		SecurityWebFilterChain securityWebFilter = this.http.csrf().disable().authorizeExchange().anyExchange()
 				.authenticated().and().exceptionHandling()
 				.authenticationEntryPoint(redirectServerAuthenticationEntryPoint("/auth")).and().build();
-
 		WebTestClient client = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build();
-
 		client.get().uri("/test").exchange().expectStatus().isFound().expectHeader().valueMatches("Location", ".*");
 	}
 
@@ -79,9 +73,7 @@ public class ExceptionHandlingSpecTests {
 				.exceptionHandling((exceptionHandling) -> exceptionHandling
 						.authenticationEntryPoint(redirectServerAuthenticationEntryPoint("/auth")))
 				.build();
-
 		WebTestClient client = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build();
-
 		client.get().uri("/test").exchange().expectStatus().isFound().expectHeader().valueMatches("Location", ".*");
 	}
 
@@ -89,9 +81,7 @@ public class ExceptionHandlingSpecTests {
 	public void defaultAccessDeniedHandler() {
 		SecurityWebFilterChain securityWebFilter = this.http.csrf().disable().httpBasic().and().authorizeExchange()
 				.anyExchange().hasRole("ADMIN").and().exceptionHandling().and().build();
-
 		WebTestClient client = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build();
-
 		client.get().uri("/admin").headers((headers) -> headers.setBasicAuth("user", "password")).exchange()
 				.expectStatus().isForbidden();
 	}
@@ -101,9 +91,7 @@ public class ExceptionHandlingSpecTests {
 		SecurityWebFilterChain securityWebFilter = this.http.httpBasic(withDefaults())
 				.authorizeExchange((exchanges) -> exchanges.anyExchange().hasRole("ADMIN"))
 				.exceptionHandling(withDefaults()).build();
-
 		WebTestClient client = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build();
-
 		client.get().uri("/admin").headers((headers) -> headers.setBasicAuth("user", "password")).exchange()
 				.expectStatus().isForbidden();
 	}
@@ -113,9 +101,7 @@ public class ExceptionHandlingSpecTests {
 		SecurityWebFilterChain securityWebFilter = this.http.csrf().disable().httpBasic().and().authorizeExchange()
 				.anyExchange().hasRole("ADMIN").and().exceptionHandling()
 				.accessDeniedHandler(httpStatusServerAccessDeniedHandler(HttpStatus.BAD_REQUEST)).and().build();
-
 		WebTestClient client = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build();
-
 		client.get().uri("/admin").headers((headers) -> headers.setBasicAuth("user", "password")).exchange()
 				.expectStatus().isBadRequest();
 	}
@@ -127,9 +113,7 @@ public class ExceptionHandlingSpecTests {
 				.exceptionHandling((exceptionHandling) -> exceptionHandling
 						.accessDeniedHandler(httpStatusServerAccessDeniedHandler(HttpStatus.BAD_REQUEST)))
 				.build();
-
 		WebTestClient client = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build();
-
 		client.get().uri("/admin").headers((headers) -> headers.setBasicAuth("user", "password")).exchange()
 				.expectStatus().isBadRequest();
 	}
diff --git a/config/src/test/java/org/springframework/security/config/web/server/FormLoginTests.java b/config/src/test/java/org/springframework/security/config/web/server/FormLoginTests.java
index 791d064c70..cf96b628a1 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/FormLoginTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/FormLoginTests.java
@@ -70,22 +70,14 @@ public class FormLoginTests {
 	public void defaultLoginPage() {
 		SecurityWebFilterChain securityWebFilter = this.http.authorizeExchange().anyExchange().authenticated().and()
 				.formLogin().and().build();
-
 		WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build();
-
 		WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build();
-
 		DefaultLoginPage loginPage = HomePage.to(driver, DefaultLoginPage.class).assertAt();
-
 		loginPage = loginPage.loginForm().username("user").password("invalid").submit(DefaultLoginPage.class)
 				.assertError();
-
 		HomePage homePage = loginPage.loginForm().username("user").password("password").submit(HomePage.class);
-
 		homePage.assertAt();
-
 		loginPage = DefaultLogoutPage.to(driver).assertAt().logout();
-
 		loginPage.assertAt().assertLogout();
 	}
 
@@ -94,22 +86,14 @@ public class FormLoginTests {
 		SecurityWebFilterChain securityWebFilter = this.http
 				.authorizeExchange((exchanges) -> exchanges.anyExchange().authenticated()).formLogin(withDefaults())
 				.build();
-
 		WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build();
-
 		WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build();
-
 		DefaultLoginPage loginPage = HomePage.to(driver, DefaultLoginPage.class).assertAt();
-
 		loginPage = loginPage.loginForm().username("user").password("invalid").submit(DefaultLoginPage.class)
 				.assertError();
-
 		HomePage homePage = loginPage.loginForm().username("user").password("password").submit(HomePage.class);
-
 		homePage.assertAt();
-
 		loginPage = DefaultLogoutPage.to(driver).assertAt().logout();
-
 		loginPage.assertAt().assertLogout();
 	}
 
@@ -117,17 +101,12 @@ public class FormLoginTests {
 	public void customLoginPage() {
 		SecurityWebFilterChain securityWebFilter = this.http.authorizeExchange().pathMatchers("/login").permitAll()
 				.anyExchange().authenticated().and().formLogin().loginPage("/login").and().build();
-
 		WebTestClient webTestClient = WebTestClient
 				.bindToController(new CustomLoginPageController(), new WebTestClientBuilder.Http200RestController())
 				.webFilter(new WebFilterChainProxy(securityWebFilter)).build();
-
 		WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build();
-
 		CustomLoginPage loginPage = HomePage.to(driver, CustomLoginPage.class).assertAt();
-
 		HomePage homePage = loginPage.loginForm().username("user").password("password").submit(HomePage.class);
-
 		homePage.assertAt();
 	}
 
@@ -137,17 +116,12 @@ public class FormLoginTests {
 				.authorizeExchange(
 						(exchanges) -> exchanges.pathMatchers("/login").permitAll().anyExchange().authenticated())
 				.formLogin((formLogin) -> formLogin.loginPage("/login")).build();
-
 		WebTestClient webTestClient = WebTestClient
 				.bindToController(new CustomLoginPageController(), new WebTestClientBuilder.Http200RestController())
 				.webFilter(new WebFilterChainProxy(securityWebFilter)).build();
-
 		WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build();
-
 		CustomLoginPage loginPage = HomePage.to(driver, CustomLoginPage.class).assertAt();
-
 		HomePage homePage = loginPage.loginForm().username("user").password("password").submit(HomePage.class);
-
 		homePage.assertAt();
 	}
 
@@ -156,15 +130,10 @@ public class FormLoginTests {
 		SecurityWebFilterChain securityWebFilter = this.http.authorizeExchange().pathMatchers("/login", "/failure")
 				.permitAll().anyExchange().authenticated().and().formLogin()
 				.authenticationFailureHandler(new RedirectServerAuthenticationFailureHandler("/failure")).and().build();
-
 		WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build();
-
 		WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build();
-
 		DefaultLoginPage loginPage = HomePage.to(driver, DefaultLoginPage.class).assertAt();
-
 		loginPage.loginForm().username("invalid").password("invalid").submit(HomePage.class);
-
 		assertThat(driver.getCurrentUrl()).endsWith("/failure");
 	}
 
@@ -173,13 +142,9 @@ public class FormLoginTests {
 		SecurityWebFilterChain securityWebFilter = this.http.authorizeExchange().pathMatchers("/login", "/sign-in")
 				.permitAll().anyExchange().authenticated().and().formLogin()
 				.requiresAuthenticationMatcher(new PathPatternParserServerWebExchangeMatcher("/sign-in")).and().build();
-
 		WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build();
-
 		WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build();
-
 		driver.get("http://localhost/sign-in");
-
 		assertThat(driver.getCurrentUrl()).endsWith("/login?error");
 	}
 
@@ -188,15 +153,10 @@ public class FormLoginTests {
 		SecurityWebFilterChain securityWebFilter = this.http.authorizeExchange().anyExchange().authenticated().and()
 				.formLogin().authenticationSuccessHandler(new RedirectServerAuthenticationSuccessHandler("/custom"))
 				.and().build();
-
 		WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build();
-
 		WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build();
-
 		DefaultLoginPage loginPage = DefaultLoginPage.to(driver).assertAt();
-
 		HomePage homePage = loginPage.loginForm().username("user").password("password").submit(HomePage.class);
-
 		assertThat(driver.getCurrentUrl()).endsWith("/custom");
 	}
 
@@ -204,25 +164,17 @@ public class FormLoginTests {
 	public void customAuthenticationManager() {
 		ReactiveAuthenticationManager defaultAuthenticationManager = mock(ReactiveAuthenticationManager.class);
 		ReactiveAuthenticationManager customAuthenticationManager = mock(ReactiveAuthenticationManager.class);
-
 		given(defaultAuthenticationManager.authenticate(any()))
 				.willThrow(new RuntimeException("should not interact with default auth manager"));
 		given(customAuthenticationManager.authenticate(any()))
 				.willReturn(Mono.just(new TestingAuthenticationToken("user", "password", "ROLE_USER", "ROLE_ADMIN")));
-
 		SecurityWebFilterChain securityWebFilter = this.http.authenticationManager(defaultAuthenticationManager)
 				.formLogin().authenticationManager(customAuthenticationManager).and().build();
-
 		WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build();
-
 		WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build();
-
 		DefaultLoginPage loginPage = DefaultLoginPage.to(driver).assertAt();
-
 		HomePage homePage = loginPage.loginForm().username("user").password("password").submit(HomePage.class);
-
 		homePage.assertAt();
-
 		verifyZeroInteractions(defaultAuthenticationManager);
 	}
 
@@ -230,28 +182,19 @@ public class FormLoginTests {
 	public void formLoginSecurityContextRepository() {
 		ServerSecurityContextRepository defaultSecContextRepository = mock(ServerSecurityContextRepository.class);
 		ServerSecurityContextRepository formLoginSecContextRepository = mock(ServerSecurityContextRepository.class);
-
 		TestingAuthenticationToken token = new TestingAuthenticationToken("rob", "rob", "ROLE_USER");
-
 		given(defaultSecContextRepository.save(any(), any())).willReturn(Mono.empty());
 		given(defaultSecContextRepository.load(any())).willReturn(authentication(token));
 		given(formLoginSecContextRepository.save(any(), any())).willReturn(Mono.empty());
 		given(formLoginSecContextRepository.load(any())).willReturn(authentication(token));
-
 		SecurityWebFilterChain securityWebFilter = this.http.authorizeExchange().anyExchange().authenticated().and()
 				.securityContextRepository(defaultSecContextRepository).formLogin()
 				.securityContextRepository(formLoginSecContextRepository).and().build();
-
 		WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build();
-
 		WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build();
-
 		DefaultLoginPage loginPage = DefaultLoginPage.to(driver).assertAt();
-
 		HomePage homePage = loginPage.loginForm().username("user").password("password").submit(HomePage.class);
-
 		homePage.assertAt();
-
 		verify(defaultSecContextRepository, atLeastOnce()).load(any());
 		verify(formLoginSecContextRepository).save(any(), any());
 	}
diff --git a/config/src/test/java/org/springframework/security/config/web/server/HeaderSpecTests.java b/config/src/test/java/org/springframework/security/config/web/server/HeaderSpecTests.java
index a168b477f7..5efabbd93e 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/HeaderSpecTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/HeaderSpecTests.java
@@ -77,39 +77,32 @@ public class HeaderSpecTests {
 	@Test
 	public void headersWhenDisableThenNoSecurityHeaders() {
 		new HashSet<>(this.expectedHeaders.keySet()).forEach(this::expectHeaderNamesNotPresent);
-
 		this.http.headers().disable();
-
 		assertHeaders();
 	}
 
 	@Test
 	public void headersWhenDisableInLambdaThenNoSecurityHeaders() {
 		new HashSet<>(this.expectedHeaders.keySet()).forEach(this::expectHeaderNamesNotPresent);
-
 		this.http.headers((headers) -> headers.disable());
-
 		assertHeaders();
 	}
 
 	@Test
 	public void headersWhenDisableAndInvokedExplicitlyThenDefautsUsed() {
 		this.http.headers().disable().headers();
-
 		assertHeaders();
 	}
 
 	@Test
 	public void headersWhenDefaultsThenAllDefaultsWritten() {
 		this.http.headers();
-
 		assertHeaders();
 	}
 
 	@Test
 	public void headersWhenDefaultsInLambdaThenAllDefaultsWritten() {
 		this.http.headers(withDefaults());
-
 		assertHeaders();
 	}
 
@@ -117,7 +110,6 @@ public class HeaderSpecTests {
 	public void headersWhenCacheDisableThenCacheNotWritten() {
 		expectHeaderNamesNotPresent(HttpHeaders.CACHE_CONTROL, HttpHeaders.PRAGMA, HttpHeaders.EXPIRES);
 		this.http.headers().cache().disable();
-
 		assertHeaders();
 	}
 
@@ -125,7 +117,6 @@ public class HeaderSpecTests {
 	public void headersWhenCacheDisableInLambdaThenCacheNotWritten() {
 		expectHeaderNamesNotPresent(HttpHeaders.CACHE_CONTROL, HttpHeaders.PRAGMA, HttpHeaders.EXPIRES);
 		this.http.headers((headers) -> headers.cache((cache) -> cache.disable()));
-
 		assertHeaders();
 	}
 
@@ -133,7 +124,6 @@ public class HeaderSpecTests {
 	public void headersWhenContentOptionsDisableThenContentTypeOptionsNotWritten() {
 		expectHeaderNamesNotPresent(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS);
 		this.http.headers().contentTypeOptions().disable();
-
 		assertHeaders();
 	}
 
@@ -142,7 +132,6 @@ public class HeaderSpecTests {
 		expectHeaderNamesNotPresent(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS);
 		this.http
 				.headers((headers) -> headers.contentTypeOptions((contentTypeOptions) -> contentTypeOptions.disable()));
-
 		assertHeaders();
 	}
 
@@ -150,7 +139,6 @@ public class HeaderSpecTests {
 	public void headersWhenHstsDisableThenHstsNotWritten() {
 		expectHeaderNamesNotPresent(StrictTransportSecurityServerHttpHeadersWriter.STRICT_TRANSPORT_SECURITY);
 		this.http.headers().hsts().disable();
-
 		assertHeaders();
 	}
 
@@ -158,7 +146,6 @@ public class HeaderSpecTests {
 	public void headersWhenHstsDisableInLambdaThenHstsNotWritten() {
 		expectHeaderNamesNotPresent(StrictTransportSecurityServerHttpHeadersWriter.STRICT_TRANSPORT_SECURITY);
 		this.http.headers((headers) -> headers.hsts((hsts) -> hsts.disable()));
-
 		assertHeaders();
 	}
 
@@ -168,7 +155,6 @@ public class HeaderSpecTests {
 		this.expectedHeaders.add(StrictTransportSecurityServerHttpHeadersWriter.STRICT_TRANSPORT_SECURITY,
 				"max-age=60");
 		this.http.headers().hsts().maxAge(Duration.ofSeconds(60)).includeSubdomains(false);
-
 		assertHeaders();
 	}
 
@@ -179,7 +165,6 @@ public class HeaderSpecTests {
 				"max-age=60");
 		this.http.headers(
 				(headers) -> headers.hsts((hsts) -> hsts.maxAge(Duration.ofSeconds(60)).includeSubdomains(false)));
-
 		assertHeaders();
 	}
 
@@ -189,7 +174,6 @@ public class HeaderSpecTests {
 		this.expectedHeaders.add(StrictTransportSecurityServerHttpHeadersWriter.STRICT_TRANSPORT_SECURITY,
 				"max-age=60 ; includeSubDomains ; preload");
 		this.http.headers().hsts().maxAge(Duration.ofSeconds(60)).preload(true);
-
 		assertHeaders();
 	}
 
@@ -199,7 +183,6 @@ public class HeaderSpecTests {
 		this.expectedHeaders.add(StrictTransportSecurityServerHttpHeadersWriter.STRICT_TRANSPORT_SECURITY,
 				"max-age=60 ; includeSubDomains ; preload");
 		this.http.headers((headers) -> headers.hsts((hsts) -> hsts.maxAge(Duration.ofSeconds(60)).preload(true)));
-
 		assertHeaders();
 	}
 
@@ -207,7 +190,6 @@ public class HeaderSpecTests {
 	public void headersWhenFrameOptionsDisableThenFrameOptionsNotWritten() {
 		expectHeaderNamesNotPresent(XFrameOptionsServerHttpHeadersWriter.X_FRAME_OPTIONS);
 		this.http.headers().frameOptions().disable();
-
 		assertHeaders();
 	}
 
@@ -215,7 +197,6 @@ public class HeaderSpecTests {
 	public void headersWhenFrameOptionsDisableInLambdaThenFrameOptionsNotWritten() {
 		expectHeaderNamesNotPresent(XFrameOptionsServerHttpHeadersWriter.X_FRAME_OPTIONS);
 		this.http.headers((headers) -> headers.frameOptions((frameOptions) -> frameOptions.disable()));
-
 		assertHeaders();
 	}
 
@@ -223,7 +204,6 @@ public class HeaderSpecTests {
 	public void headersWhenFrameOptionsModeThenFrameOptionsCustomMode() {
 		this.expectedHeaders.set(XFrameOptionsServerHttpHeadersWriter.X_FRAME_OPTIONS, "SAMEORIGIN");
 		this.http.headers().frameOptions().mode(XFrameOptionsServerHttpHeadersWriter.Mode.SAMEORIGIN);
-
 		assertHeaders();
 	}
 
@@ -232,7 +212,6 @@ public class HeaderSpecTests {
 		this.expectedHeaders.set(XFrameOptionsServerHttpHeadersWriter.X_FRAME_OPTIONS, "SAMEORIGIN");
 		this.http.headers((headers) -> headers.frameOptions(
 				(frameOptions) -> frameOptions.mode(XFrameOptionsServerHttpHeadersWriter.Mode.SAMEORIGIN)));
-
 		assertHeaders();
 	}
 
@@ -240,7 +219,6 @@ public class HeaderSpecTests {
 	public void headersWhenXssProtectionDisableThenXssProtectionNotWritten() {
 		expectHeaderNamesNotPresent("X-Xss-Protection");
 		this.http.headers().xssProtection().disable();
-
 		assertHeaders();
 	}
 
@@ -248,7 +226,6 @@ public class HeaderSpecTests {
 	public void headersWhenXssProtectionDisableInLambdaThenXssProtectionNotWritten() {
 		expectHeaderNamesNotPresent("X-Xss-Protection");
 		this.http.headers((headers) -> headers.xssProtection((xssProtection) -> xssProtection.disable()));
-
 		assertHeaders();
 	}
 
@@ -256,9 +233,7 @@ public class HeaderSpecTests {
 	public void headersWhenFeaturePolicyEnabledThenFeaturePolicyWritten() {
 		String policyDirectives = "Feature-Policy";
 		this.expectedHeaders.add(FeaturePolicyServerHttpHeadersWriter.FEATURE_POLICY, policyDirectives);
-
 		this.http.headers().featurePolicy(policyDirectives);
-
 		assertHeaders();
 	}
 
@@ -267,9 +242,7 @@ public class HeaderSpecTests {
 		String policyDirectives = "default-src 'self'";
 		this.expectedHeaders.add(ContentSecurityPolicyServerHttpHeadersWriter.CONTENT_SECURITY_POLICY,
 				policyDirectives);
-
 		this.http.headers().contentSecurityPolicy(policyDirectives);
-
 		assertHeaders();
 	}
 
@@ -278,9 +251,7 @@ public class HeaderSpecTests {
 		String expectedPolicyDirectives = "default-src 'self'";
 		this.expectedHeaders.add(ContentSecurityPolicyServerHttpHeadersWriter.CONTENT_SECURITY_POLICY,
 				expectedPolicyDirectives);
-
 		this.http.headers((headers) -> headers.contentSecurityPolicy(withDefaults()));
-
 		assertHeaders();
 	}
 
@@ -289,10 +260,8 @@ public class HeaderSpecTests {
 		String policyDirectives = "default-src 'self' *.trusted.com";
 		this.expectedHeaders.add(ContentSecurityPolicyServerHttpHeadersWriter.CONTENT_SECURITY_POLICY,
 				policyDirectives);
-
 		this.http.headers((headers) -> headers.contentSecurityPolicy(
 				(contentSecurityPolicy) -> contentSecurityPolicy.policyDirectives(policyDirectives)));
-
 		assertHeaders();
 	}
 
@@ -301,7 +270,6 @@ public class HeaderSpecTests {
 		this.expectedHeaders.add(ReferrerPolicyServerHttpHeadersWriter.REFERRER_POLICY,
 				ReferrerPolicy.NO_REFERRER.getPolicy());
 		this.http.headers().referrerPolicy();
-
 		assertHeaders();
 	}
 
@@ -310,7 +278,6 @@ public class HeaderSpecTests {
 		this.expectedHeaders.add(ReferrerPolicyServerHttpHeadersWriter.REFERRER_POLICY,
 				ReferrerPolicy.NO_REFERRER.getPolicy());
 		this.http.headers((headers) -> headers.referrerPolicy(withDefaults()));
-
 		assertHeaders();
 	}
 
@@ -319,7 +286,6 @@ public class HeaderSpecTests {
 		this.expectedHeaders.add(ReferrerPolicyServerHttpHeadersWriter.REFERRER_POLICY,
 				ReferrerPolicy.NO_REFERRER_WHEN_DOWNGRADE.getPolicy());
 		this.http.headers().referrerPolicy(ReferrerPolicy.NO_REFERRER_WHEN_DOWNGRADE);
-
 		assertHeaders();
 	}
 
@@ -329,7 +295,6 @@ public class HeaderSpecTests {
 				ReferrerPolicy.NO_REFERRER_WHEN_DOWNGRADE.getPolicy());
 		this.http.headers((headers) -> headers
 				.referrerPolicy((referrerPolicy) -> referrerPolicy.policy(ReferrerPolicy.NO_REFERRER_WHEN_DOWNGRADE)));
-
 		assertHeaders();
 	}
 
@@ -337,10 +302,7 @@ public class HeaderSpecTests {
 	public void headersWhenCustomHeadersWriter() {
 		this.expectedHeaders.add(CUSTOM_HEADER, CUSTOM_VALUE);
 		this.http.headers((headers) -> headers.writer((exchange) -> Mono.just(exchange)
-				.doOnNext((it) -> it.getResponse().getHeaders().add(CUSTOM_HEADER, CUSTOM_VALUE)).then()
-
-		));
-
+				.doOnNext((it) -> it.getResponse().getHeaders().add(CUSTOM_HEADER, CUSTOM_VALUE)).then()));
 		assertHeaders();
 	}
 
@@ -355,9 +317,7 @@ public class HeaderSpecTests {
 		WebTestClient client = buildClient();
 		FluxExchangeResult<String> response = client.get().uri("https://example.com/").exchange()
 				.returnResult(String.class);
-
 		Map<String, List<String>> responseHeaders = response.getResponseHeaders();
-
 		if (!this.expectedHeaders.isEmpty()) {
 			assertThat(responseHeaders).describedAs(response.toString()).containsAllEntriesOf(this.expectedHeaders);
 		}
diff --git a/config/src/test/java/org/springframework/security/config/web/server/HttpsRedirectSpecTests.java b/config/src/test/java/org/springframework/security/config/web/server/HttpsRedirectSpecTests.java
index f31818b22b..9df6cc1c16 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/HttpsRedirectSpecTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/HttpsRedirectSpecTests.java
@@ -55,14 +55,12 @@ public class HttpsRedirectSpecTests {
 	@Test
 	public void getWhenSecureThenDoesNotRedirect() {
 		this.spring.register(RedirectToHttpConfig.class).autowire();
-
 		this.client.get().uri("https://localhost").exchange().expectStatus().isNotFound();
 	}
 
 	@Test
 	public void getWhenInsecureThenRespondsWithRedirectToSecure() {
 		this.spring.register(RedirectToHttpConfig.class).autowire();
-
 		this.client.get().uri("http://localhost").exchange().expectStatus().isFound().expectHeader()
 				.valueEquals(HttpHeaders.LOCATION, "https://localhost");
 	}
@@ -70,7 +68,6 @@ public class HttpsRedirectSpecTests {
 	@Test
 	public void getWhenInsecureAndRedirectConfiguredInLambdaThenRespondsWithRedirectToSecure() {
 		this.spring.register(RedirectToHttpsInLambdaConfig.class).autowire();
-
 		this.client.get().uri("http://localhost").exchange().expectStatus().isFound().expectHeader()
 				.valueEquals(HttpHeaders.LOCATION, "https://localhost");
 	}
@@ -78,9 +75,7 @@ public class HttpsRedirectSpecTests {
 	@Test
 	public void getWhenInsecureAndPathRequiresTransportSecurityThenRedirects() {
 		this.spring.register(SometimesRedirectToHttpsConfig.class).autowire();
-
 		this.client.get().uri("http://localhost:8080").exchange().expectStatus().isNotFound();
-
 		this.client.get().uri("http://localhost:8080/secure").exchange().expectStatus().isFound().expectHeader()
 				.valueEquals(HttpHeaders.LOCATION, "https://localhost:8443/secure");
 	}
@@ -88,9 +83,7 @@ public class HttpsRedirectSpecTests {
 	@Test
 	public void getWhenInsecureAndPathRequiresTransportSecurityInLambdaThenRedirects() {
 		this.spring.register(SometimesRedirectToHttpsInLambdaConfig.class).autowire();
-
 		this.client.get().uri("http://localhost:8080").exchange().expectStatus().isNotFound();
-
 		this.client.get().uri("http://localhost:8080/secure").exchange().expectStatus().isFound().expectHeader()
 				.valueEquals(HttpHeaders.LOCATION, "https://localhost:8443/secure");
 	}
@@ -98,10 +91,8 @@ public class HttpsRedirectSpecTests {
 	@Test
 	public void getWhenInsecureAndUsingCustomPortMapperThenRespondsWithRedirectToSecurePort() {
 		this.spring.register(RedirectToHttpsViaCustomPortsConfig.class).autowire();
-
 		PortMapper portMapper = this.spring.getContext().getBean(PortMapper.class);
 		given(portMapper.lookupHttpsPort(4080)).willReturn(4443);
-
 		this.client.get().uri("http://localhost:4080").exchange().expectStatus().isFound().expectHeader()
 				.valueEquals(HttpHeaders.LOCATION, "https://localhost:4443");
 	}
@@ -109,10 +100,8 @@ public class HttpsRedirectSpecTests {
 	@Test
 	public void getWhenInsecureAndUsingCustomPortMapperInLambdaThenRespondsWithRedirectToSecurePort() {
 		this.spring.register(RedirectToHttpsViaCustomPortsInLambdaConfig.class).autowire();
-
 		PortMapper portMapper = this.spring.getContext().getBean(PortMapper.class);
 		given(portMapper.lookupHttpsPort(4080)).willReturn(4443);
-
 		this.client.get().uri("http://localhost:4080").exchange().expectStatus().isFound().expectHeader()
 				.valueEquals(HttpHeaders.LOCATION, "https://localhost:4443");
 	}
@@ -127,7 +116,6 @@ public class HttpsRedirectSpecTests {
 			http
 				.redirectToHttps();
 			// @formatter:on
-
 			return http.build();
 		}
 
@@ -143,7 +131,6 @@ public class HttpsRedirectSpecTests {
 			http
 				.redirectToHttps(withDefaults());
 			// @formatter:on
-
 			return http.build();
 		}
 
@@ -160,7 +147,6 @@ public class HttpsRedirectSpecTests {
 				.redirectToHttps()
 					.httpsRedirectWhen(new PathPatternParserServerWebExchangeMatcher("/secure"));
 			// @formatter:on
-
 			return http.build();
 		}
 
@@ -179,7 +165,6 @@ public class HttpsRedirectSpecTests {
 						.httpsRedirectWhen(new PathPatternParserServerWebExchangeMatcher("/secure"))
 				);
 			// @formatter:on
-
 			return http.build();
 		}
 
@@ -196,7 +181,6 @@ public class HttpsRedirectSpecTests {
 				.redirectToHttps()
 					.portMapper(portMapper());
 			// @formatter:on
-
 			return http.build();
 		}
 
@@ -220,7 +204,6 @@ public class HttpsRedirectSpecTests {
 						.portMapper(portMapper())
 				);
 			// @formatter:on
-
 			return http.build();
 		}
 
diff --git a/config/src/test/java/org/springframework/security/config/web/server/LogoutSpecTests.java b/config/src/test/java/org/springframework/security/config/web/server/LogoutSpecTests.java
index 7f4b247184..bd8822247d 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/LogoutSpecTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/LogoutSpecTests.java
@@ -41,24 +41,16 @@ public class LogoutSpecTests {
 	public void defaultLogout() {
 		SecurityWebFilterChain securityWebFilter = this.http.authorizeExchange().anyExchange().authenticated().and()
 				.formLogin().and().build();
-
 		WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build();
-
 		WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build();
-
 		FormLoginTests.DefaultLoginPage loginPage = FormLoginTests.HomePage
 				.to(driver, FormLoginTests.DefaultLoginPage.class).assertAt();
-
 		loginPage = loginPage.loginForm().username("user").password("invalid")
 				.submit(FormLoginTests.DefaultLoginPage.class).assertError();
-
 		FormLoginTests.HomePage homePage = loginPage.loginForm().username("user").password("password")
 				.submit(FormLoginTests.HomePage.class);
-
 		homePage.assertAt();
-
 		loginPage = FormLoginTests.DefaultLogoutPage.to(driver).assertAt().logout();
-
 		loginPage.assertAt().assertLogout();
 	}
 
@@ -67,24 +59,16 @@ public class LogoutSpecTests {
 		SecurityWebFilterChain securityWebFilter = this.http.authorizeExchange().anyExchange().authenticated().and()
 				.formLogin().and().logout().requiresLogout(ServerWebExchangeMatchers.pathMatchers("/custom-logout"))
 				.and().build();
-
 		WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build();
-
 		WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build();
-
 		FormLoginTests.DefaultLoginPage loginPage = FormLoginTests.HomePage
 				.to(driver, FormLoginTests.DefaultLoginPage.class).assertAt();
-
 		loginPage = loginPage.loginForm().username("user").password("invalid")
 				.submit(FormLoginTests.DefaultLoginPage.class).assertError();
-
 		FormLoginTests.HomePage homePage = loginPage.loginForm().username("user").password("password")
 				.submit(FormLoginTests.HomePage.class);
-
 		homePage.assertAt();
-
 		driver.get("http://localhost/custom-logout");
-
 		FormLoginTests.DefaultLoginPage.create(driver).assertAt().assertLogout();
 	}
 
@@ -95,24 +79,16 @@ public class LogoutSpecTests {
 				.formLogin(withDefaults())
 				.logout((logout) -> logout.requiresLogout(ServerWebExchangeMatchers.pathMatchers("/custom-logout")))
 				.build();
-
 		WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build();
-
 		WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build();
-
 		FormLoginTests.DefaultLoginPage loginPage = FormLoginTests.HomePage
 				.to(driver, FormLoginTests.DefaultLoginPage.class).assertAt();
-
 		loginPage = loginPage.loginForm().username("user").password("invalid")
 				.submit(FormLoginTests.DefaultLoginPage.class).assertError();
-
 		FormLoginTests.HomePage homePage = loginPage.loginForm().username("user").password("password")
 				.submit(FormLoginTests.HomePage.class);
-
 		homePage.assertAt();
-
 		driver.get("http://localhost/custom-logout");
-
 		FormLoginTests.DefaultLoginPage.create(driver).assertAt().assertLogout();
 	}
 
@@ -120,21 +96,14 @@ public class LogoutSpecTests {
 	public void logoutWhenDisabledThenPostToLogoutDoesNothing() {
 		SecurityWebFilterChain securityWebFilter = this.http.authorizeExchange().anyExchange().authenticated().and()
 				.formLogin().and().logout().disable().build();
-
 		WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build();
-
 		WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build();
-
 		FormLoginTests.DefaultLoginPage loginPage = FormLoginTests.HomePage
 				.to(driver, FormLoginTests.DefaultLoginPage.class).assertAt();
-
 		FormLoginTests.HomePage homePage = loginPage.loginForm().username("user").password("password")
 				.submit(FormLoginTests.HomePage.class);
-
 		homePage.assertAt();
-
 		FormLoginTests.DefaultLogoutPage.to(driver).assertAt().logout();
-
 		homePage.assertAt();
 	}
 
@@ -144,21 +113,14 @@ public class LogoutSpecTests {
 		repository.setSpringSecurityContextAttrName("CUSTOM_CONTEXT_ATTR");
 		SecurityWebFilterChain securityWebFilter = this.http.securityContextRepository(repository).authorizeExchange()
 				.anyExchange().authenticated().and().formLogin().and().logout().and().build();
-
 		WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build();
-
 		WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build();
-
 		FormLoginTests.DefaultLoginPage loginPage = FormLoginTests.HomePage
 				.to(driver, FormLoginTests.DefaultLoginPage.class).assertAt();
-
 		FormLoginTests.HomePage homePage = loginPage.loginForm().username("user").password("password")
 				.submit(FormLoginTests.HomePage.class);
-
 		homePage.assertAt();
-
 		FormLoginTests.DefaultLogoutPage.to(driver).assertAt().logout();
-
 		FormLoginTests.HomePage.to(driver, FormLoginTests.DefaultLoginPage.class).assertAt();
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/web/server/OAuth2ClientSpecTests.java b/config/src/test/java/org/springframework/security/config/web/server/OAuth2ClientSpecTests.java
index 6000f4da54..b4f5599fad 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/OAuth2ClientSpecTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/OAuth2ClientSpecTests.java
@@ -96,7 +96,6 @@ public class OAuth2ClientSpecTests {
 		given(repository.findByRegistrationId(any()))
 				.willReturn(Mono.just(TestClientRegistrations.clientRegistration().build()));
 		given(authorizedClientRepository.loadAuthorizedClient(any(), any(), any())).willReturn(Mono.empty());
-
 		this.client.get().uri("/").exchange().expectStatus().is3xxRedirection();
 	}
 
@@ -110,7 +109,6 @@ public class OAuth2ClientSpecTests {
 		given(repository.findByRegistrationId(any()))
 				.willReturn(Mono.just(TestClientRegistrations.clientRegistration().build()));
 		given(authorizedClientRepository.loadAuthorizedClient(any(), any(), any())).willReturn(Mono.empty());
-
 		this.client.get().uri("/").exchange().expectStatus().is3xxRedirection();
 	}
 
@@ -118,14 +116,11 @@ public class OAuth2ClientSpecTests {
 	public void oauth2ClientWhenCustomObjectsThenUsed() {
 		this.spring.register(ClientRegistrationConfig.class, OAuth2ClientCustomConfig.class,
 				AuthorizedClientController.class).autowire();
-
 		OAuth2ClientCustomConfig config = this.spring.getContext().getBean(OAuth2ClientCustomConfig.class);
-
 		ServerAuthenticationConverter converter = config.authenticationConverter;
 		ReactiveAuthenticationManager manager = config.manager;
 		ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository = config.authorizationRequestRepository;
 		ServerRequestCache requestCache = config.requestCache;
-
 		OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request()
 				.redirectUri("/authorize/oauth2/code/registration-id").build();
 		OAuth2AuthorizationResponse authorizationResponse = TestOAuth2AuthorizationResponses.success()
@@ -133,22 +128,18 @@ public class OAuth2ClientSpecTests {
 		OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(authorizationRequest,
 				authorizationResponse);
 		OAuth2AccessToken accessToken = TestOAuth2AccessTokens.noScopes();
-
 		OAuth2AuthorizationCodeAuthenticationToken result = new OAuth2AuthorizationCodeAuthenticationToken(
 				this.registration, authorizationExchange, accessToken);
-
 		given(authorizationRequestRepository.loadAuthorizationRequest(any()))
 				.willReturn(Mono.just(authorizationRequest));
 		given(converter.convert(any())).willReturn(Mono.just(new TestingAuthenticationToken("a", "b", "c")));
 		given(manager.authenticate(any())).willReturn(Mono.just(result));
 		given(requestCache.getRedirectUri(any())).willReturn(Mono.just(URI.create("/saved-request")));
-
 		this.client.get()
 				.uri((uriBuilder) -> uriBuilder.path("/authorize/oauth2/code/registration-id")
 						.queryParam(OAuth2ParameterNames.CODE, "code").queryParam(OAuth2ParameterNames.STATE, "state")
 						.build())
 				.exchange().expectStatus().is3xxRedirection();
-
 		verify(converter).convert(any());
 		verify(manager).authenticate(any());
 		verify(requestCache).getRedirectUri(any());
@@ -158,15 +149,12 @@ public class OAuth2ClientSpecTests {
 	public void oauth2ClientWhenCustomObjectsInLambdaThenUsed() {
 		this.spring.register(ClientRegistrationConfig.class, OAuth2ClientInLambdaCustomConfig.class,
 				AuthorizedClientController.class).autowire();
-
 		OAuth2ClientInLambdaCustomConfig config = this.spring.getContext()
 				.getBean(OAuth2ClientInLambdaCustomConfig.class);
-
 		ServerAuthenticationConverter converter = config.authenticationConverter;
 		ReactiveAuthenticationManager manager = config.manager;
 		ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository = config.authorizationRequestRepository;
 		ServerRequestCache requestCache = config.requestCache;
-
 		OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request()
 				.redirectUri("/authorize/oauth2/code/registration-id").build();
 		OAuth2AuthorizationResponse authorizationResponse = TestOAuth2AuthorizationResponses.success()
@@ -174,22 +162,18 @@ public class OAuth2ClientSpecTests {
 		OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(authorizationRequest,
 				authorizationResponse);
 		OAuth2AccessToken accessToken = TestOAuth2AccessTokens.noScopes();
-
 		OAuth2AuthorizationCodeAuthenticationToken result = new OAuth2AuthorizationCodeAuthenticationToken(
 				this.registration, authorizationExchange, accessToken);
-
 		given(authorizationRequestRepository.loadAuthorizationRequest(any()))
 				.willReturn(Mono.just(authorizationRequest));
 		given(converter.convert(any())).willReturn(Mono.just(new TestingAuthenticationToken("a", "b", "c")));
 		given(manager.authenticate(any())).willReturn(Mono.just(result));
 		given(requestCache.getRedirectUri(any())).willReturn(Mono.just(URI.create("/saved-request")));
-
 		this.client.get()
 				.uri((uriBuilder) -> uriBuilder.path("/authorize/oauth2/code/registration-id")
 						.queryParam(OAuth2ParameterNames.CODE, "code").queryParam(OAuth2ParameterNames.STATE, "state")
 						.build())
 				.exchange().expectStatus().is3xxRedirection();
-
 		verify(converter).convert(any());
 		verify(manager).authenticate(any());
 		verify(requestCache).getRedirectUri(any());
diff --git a/config/src/test/java/org/springframework/security/config/web/server/OAuth2LoginTests.java b/config/src/test/java/org/springframework/security/config/web/server/OAuth2LoginTests.java
index c6809ca45b..94256acd27 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/OAuth2LoginTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/OAuth2LoginTests.java
@@ -141,11 +141,8 @@ public class OAuth2LoginTests {
 	@Test
 	public void defaultLoginPageWithMultipleClientRegistrationsThenLinks() {
 		this.spring.register(OAuth2LoginWithMultipleClientRegistrations.class).autowire();
-
 		WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(this.springSecurity).build();
-
 		WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build();
-
 		FormLoginTests.DefaultLoginPage loginPage = FormLoginTests.HomePage
 				.to(driver, FormLoginTests.DefaultLoginPage.class).assertAt().assertLoginFormNotPresent().oauth2Login()
 				.assertClientRegistrationByName(OAuth2LoginTests.github.getClientName()).and();
@@ -154,14 +151,10 @@ public class OAuth2LoginTests {
 	@Test
 	public void defaultLoginPageWithSingleClientRegistrationThenRedirect() {
 		this.spring.register(OAuth2LoginWithSingleClientRegistrations.class).autowire();
-
 		WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(new GitHubWebFilter(), this.springSecurity)
 				.build();
-
 		WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build();
-
 		driver.get("http://localhost/");
-
 		assertThat(driver.getCurrentUrl()).startsWith("https://github.com/login/oauth/authorize");
 	}
 
@@ -169,7 +162,6 @@ public class OAuth2LoginTests {
 	@Test
 	public void defaultLoginPageWithSingleClientRegistrationAndXhrRequestThenDoesNotRedirectForAuthorization() {
 		this.spring.register(OAuth2LoginWithSingleClientRegistrations.class, WebFluxConfig.class).autowire();
-
 		this.client.get().uri("/").header("X-Requested-With", "XMLHttpRequest").exchange().expectStatus()
 				.is3xxRedirection().expectHeader().valueEquals(HttpHeaders.LOCATION, "/login");
 	}
@@ -178,21 +170,16 @@ public class OAuth2LoginTests {
 	public void oauth2AuthorizeWhenCustomObjectsThenUsed() {
 		this.spring.register(OAuth2LoginWithSingleClientRegistrations.class, OAuth2AuthorizeWithMockObjectsConfig.class,
 				AuthorizedClientController.class).autowire();
-
 		OAuth2AuthorizeWithMockObjectsConfig config = this.spring.getContext()
 				.getBean(OAuth2AuthorizeWithMockObjectsConfig.class);
-
 		ServerOAuth2AuthorizedClientRepository authorizedClientRepository = config.authorizedClientRepository;
 		ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository = config.authorizationRequestRepository;
 		ServerRequestCache requestCache = config.requestCache;
-
 		given(authorizedClientRepository.loadAuthorizedClient(any(), any(), any())).willReturn(Mono.empty());
 		given(authorizationRequestRepository.saveAuthorizationRequest(any(), any())).willReturn(Mono.empty());
 		given(requestCache.removeMatchingRequest(any())).willReturn(Mono.empty());
 		given(requestCache.saveRequest(any())).willReturn(Mono.empty());
-
 		this.client.get().uri("/").exchange().expectStatus().is3xxRedirection();
-
 		verify(authorizedClientRepository).loadAuthorizedClient(any(), any(), any());
 		verify(authorizationRequestRepository).saveAuthorizationRequest(any(), any());
 		verify(requestCache).saveRequest(any());
@@ -202,11 +189,8 @@ public class OAuth2LoginTests {
 	public void oauth2LoginWhenCustomObjectsThenUsed() {
 		this.spring.register(OAuth2LoginWithSingleClientRegistrations.class,
 				OAuth2LoginMockAuthenticationManagerConfig.class).autowire();
-
 		String redirectLocation = "/custom-redirect-location";
-
 		WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(this.springSecurity).build();
-
 		OAuth2LoginMockAuthenticationManagerConfig config = this.spring.getContext()
 				.getBean(OAuth2LoginMockAuthenticationManagerConfig.class);
 		ServerAuthenticationConverter converter = config.authenticationConverter;
@@ -214,14 +198,11 @@ public class OAuth2LoginTests {
 		ServerWebExchangeMatcher matcher = config.matcher;
 		ServerOAuth2AuthorizationRequestResolver resolver = config.resolver;
 		ServerAuthenticationSuccessHandler successHandler = config.successHandler;
-
 		OAuth2AuthorizationExchange exchange = TestOAuth2AuthorizationExchanges.success();
 		OAuth2User user = TestOAuth2Users.create();
 		OAuth2AccessToken accessToken = TestOAuth2AccessTokens.noScopes();
-
 		OAuth2LoginAuthenticationToken result = new OAuth2LoginAuthenticationToken(github, exchange, user,
 				user.getAuthorities(), accessToken);
-
 		given(converter.convert(any())).willReturn(Mono.just(new TestingAuthenticationToken("a", "b", "c")));
 		given(manager.authenticate(any())).willReturn(Mono.just(result));
 		given(matcher.matches(any())).willReturn(ServerWebExchangeMatcher.MatchResult.match());
@@ -229,14 +210,11 @@ public class OAuth2LoginTests {
 		given(successHandler.onAuthenticationSuccess(any(), any())).willAnswer((Answer<Mono<Void>>) (invocation) -> {
 			WebFilterExchange webFilterExchange = invocation.getArgument(0);
 			Authentication authentication = invocation.getArgument(1);
-
 			return new RedirectServerAuthenticationSuccessHandler(redirectLocation)
 					.onAuthenticationSuccess(webFilterExchange, authentication);
 		});
-
 		webTestClient.get().uri("/login/oauth2/code/github").exchange().expectStatus().is3xxRedirection().expectHeader()
 				.valueEquals("Location", redirectLocation);
-
 		verify(converter).convert(any());
 		verify(manager).authenticate(any());
 		verify(matcher).matches(any());
@@ -248,12 +226,9 @@ public class OAuth2LoginTests {
 	public void oauth2LoginFailsWhenCustomObjectsThenUsed() {
 		this.spring.register(OAuth2LoginWithSingleClientRegistrations.class,
 				OAuth2LoginMockAuthenticationManagerConfig.class).autowire();
-
 		String redirectLocation = "/custom-redirect-location";
 		String failureRedirectLocation = "/failure-redirect-location";
-
 		WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(this.springSecurity).build();
-
 		OAuth2LoginMockAuthenticationManagerConfig config = this.spring.getContext()
 				.getBean(OAuth2LoginMockAuthenticationManagerConfig.class);
 		ServerAuthenticationConverter converter = config.authenticationConverter;
@@ -262,7 +237,6 @@ public class OAuth2LoginTests {
 		ServerOAuth2AuthorizationRequestResolver resolver = config.resolver;
 		ServerAuthenticationSuccessHandler successHandler = config.successHandler;
 		ServerAuthenticationFailureHandler failureHandler = config.failureHandler;
-
 		given(converter.convert(any())).willReturn(Mono.just(new TestingAuthenticationToken("a", "b", "c")));
 		given(manager.authenticate(any()))
 				.willReturn(Mono.error(new OAuth2AuthenticationException(new OAuth2Error("error"), "message")));
@@ -271,21 +245,17 @@ public class OAuth2LoginTests {
 		given(successHandler.onAuthenticationSuccess(any(), any())).willAnswer((Answer<Mono<Void>>) (invocation) -> {
 			WebFilterExchange webFilterExchange = invocation.getArgument(0);
 			Authentication authentication = invocation.getArgument(1);
-
 			return new RedirectServerAuthenticationSuccessHandler(redirectLocation)
 					.onAuthenticationSuccess(webFilterExchange, authentication);
 		});
 		given(failureHandler.onAuthenticationFailure(any(), any())).willAnswer((Answer<Mono<Void>>) (invocation) -> {
 			WebFilterExchange webFilterExchange = invocation.getArgument(0);
 			AuthenticationException authenticationException = invocation.getArgument(1);
-
 			return new RedirectServerAuthenticationFailureHandler(failureRedirectLocation)
 					.onAuthenticationFailure(webFilterExchange, authenticationException);
 		});
-
 		webTestClient.get().uri("/login/oauth2/code/github").exchange().expectStatus().is3xxRedirection().expectHeader()
 				.valueEquals("Location", failureRedirectLocation);
-
 		verify(converter).convert(any());
 		verify(manager).authenticate(any());
 		verify(matcher).matches(any());
@@ -297,11 +267,8 @@ public class OAuth2LoginTests {
 	public void oauth2LoginWhenCustomObjectsInLambdaThenUsed() {
 		this.spring.register(OAuth2LoginWithSingleClientRegistrations.class,
 				OAuth2LoginMockAuthenticationManagerInLambdaConfig.class).autowire();
-
 		String redirectLocation = "/custom-redirect-location";
-
 		WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(this.springSecurity).build();
-
 		OAuth2LoginMockAuthenticationManagerInLambdaConfig config = this.spring.getContext()
 				.getBean(OAuth2LoginMockAuthenticationManagerInLambdaConfig.class);
 		ServerAuthenticationConverter converter = config.authenticationConverter;
@@ -309,14 +276,11 @@ public class OAuth2LoginTests {
 		ServerWebExchangeMatcher matcher = config.matcher;
 		ServerOAuth2AuthorizationRequestResolver resolver = config.resolver;
 		ServerAuthenticationSuccessHandler successHandler = config.successHandler;
-
 		OAuth2AuthorizationExchange exchange = TestOAuth2AuthorizationExchanges.success();
 		OAuth2User user = TestOAuth2Users.create();
 		OAuth2AccessToken accessToken = TestOAuth2AccessTokens.noScopes();
-
 		OAuth2LoginAuthenticationToken result = new OAuth2LoginAuthenticationToken(github, exchange, user,
 				user.getAuthorities(), accessToken);
-
 		given(converter.convert(any())).willReturn(Mono.just(new TestingAuthenticationToken("a", "b", "c")));
 		given(manager.authenticate(any())).willReturn(Mono.just(result));
 		given(matcher.matches(any())).willReturn(ServerWebExchangeMatcher.MatchResult.match());
@@ -324,14 +288,11 @@ public class OAuth2LoginTests {
 		given(successHandler.onAuthenticationSuccess(any(), any())).willAnswer((Answer<Mono<Void>>) (invocation) -> {
 			WebFilterExchange webFilterExchange = invocation.getArgument(0);
 			Authentication authentication = invocation.getArgument(1);
-
 			return new RedirectServerAuthenticationSuccessHandler(redirectLocation)
 					.onAuthenticationSuccess(webFilterExchange, authentication);
 		});
-
 		webTestClient.get().uri("/login/oauth2/code/github").exchange().expectStatus().is3xxRedirection().expectHeader()
 				.valueEquals("Location", redirectLocation);
-
 		verify(converter).convert(any());
 		verify(manager).authenticate(any());
 		verify(matcher).matches(any());
@@ -343,26 +304,20 @@ public class OAuth2LoginTests {
 	public void oauth2LoginWhenCustomBeansThenUsed() {
 		this.spring.register(OAuth2LoginWithMultipleClientRegistrations.class, OAuth2LoginWithCustomBeansConfig.class)
 				.autowire();
-
 		WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(this.springSecurity).build();
-
 		OAuth2LoginWithCustomBeansConfig config = this.spring.getContext()
 				.getBean(OAuth2LoginWithCustomBeansConfig.class);
-
 		OAuth2AuthorizationRequest request = TestOAuth2AuthorizationRequests.request().scope("openid").build();
 		OAuth2AuthorizationResponse response = TestOAuth2AuthorizationResponses.success().build();
 		OAuth2AuthorizationExchange exchange = new OAuth2AuthorizationExchange(request, response);
 		OAuth2AccessToken accessToken = TestOAuth2AccessTokens.scopes("openid");
 		OAuth2AuthorizationCodeAuthenticationToken token = new OAuth2AuthorizationCodeAuthenticationToken(google,
 				exchange, accessToken);
-
 		ServerAuthenticationConverter converter = config.authenticationConverter;
 		given(converter.convert(any())).willReturn(Mono.just(token));
-
 		ServerSecurityContextRepository securityContextRepository = config.securityContextRepository;
 		given(securityContextRepository.save(any(), any())).willReturn(Mono.empty());
 		given(securityContextRepository.load(any())).willReturn(authentication(token));
-
 		Map<String, Object> additionalParameters = new HashMap<>();
 		additionalParameters.put(OidcParameterNames.ID_TOKEN, "id-token");
 		OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken(accessToken.getTokenValue())
@@ -370,13 +325,10 @@ public class OAuth2LoginTests {
 				.additionalParameters(additionalParameters).build();
 		ReactiveOAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> tokenResponseClient = config.tokenResponseClient;
 		given(tokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse));
-
 		OidcUser user = TestOidcUsers.create();
 		ReactiveOAuth2UserService<OidcUserRequest, OidcUser> userService = config.userService;
 		given(userService.loadUser(any())).willReturn(Mono.just(user));
-
 		webTestClient.get().uri("/login/oauth2/code/google").exchange().expectStatus().is3xxRedirection();
-
 		verify(config.jwtDecoderFactory).createDecoder(any());
 		verify(tokenResponseClient).getTokenResponse(any());
 		verify(securityContextRepository).save(any(), any());
@@ -387,26 +339,20 @@ public class OAuth2LoginTests {
 	public void oauth2LoginWhenAccessTokenRequestFailsThenDefaultRedirectToLogin() {
 		this.spring.register(OAuth2LoginWithMultipleClientRegistrations.class, OAuth2LoginWithCustomBeansConfig.class)
 				.autowire();
-
 		WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(this.springSecurity).build();
-
 		OAuth2AuthorizationRequest request = TestOAuth2AuthorizationRequests.request().scope("openid").build();
 		OAuth2AuthorizationResponse response = TestOAuth2AuthorizationResponses.success().build();
 		OAuth2AuthorizationExchange exchange = new OAuth2AuthorizationExchange(request, response);
 		OAuth2AccessToken accessToken = TestOAuth2AccessTokens.scopes("openid");
 		OAuth2AuthorizationCodeAuthenticationToken authenticationToken = new OAuth2AuthorizationCodeAuthenticationToken(
 				google, exchange, accessToken);
-
 		OAuth2LoginWithCustomBeansConfig config = this.spring.getContext()
 				.getBean(OAuth2LoginWithCustomBeansConfig.class);
-
 		ServerAuthenticationConverter converter = config.authenticationConverter;
 		given(converter.convert(any())).willReturn(Mono.just(authenticationToken));
-
 		ReactiveOAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> tokenResponseClient = config.tokenResponseClient;
 		OAuth2Error oauth2Error = new OAuth2Error("invalid_request", "Invalid request", null);
 		given(tokenResponseClient.getTokenResponse(any())).willThrow(new OAuth2AuthenticationException(oauth2Error));
-
 		webTestClient.get().uri("/login/oauth2/code/google").exchange().expectStatus().is3xxRedirection().expectHeader()
 				.valueEquals("Location", "/login?error");
 	}
@@ -416,22 +362,17 @@ public class OAuth2LoginTests {
 	public void oauth2LoginWhenIdTokenValidationFailsThenDefaultRedirectToLogin() {
 		this.spring.register(OAuth2LoginWithMultipleClientRegistrations.class, OAuth2LoginWithCustomBeansConfig.class)
 				.autowire();
-
 		WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(this.springSecurity).build();
-
 		OAuth2LoginWithCustomBeansConfig config = this.spring.getContext()
 				.getBean(OAuth2LoginWithCustomBeansConfig.class);
-
 		OAuth2AuthorizationRequest request = TestOAuth2AuthorizationRequests.request().scope("openid").build();
 		OAuth2AuthorizationResponse response = TestOAuth2AuthorizationResponses.success().build();
 		OAuth2AuthorizationExchange exchange = new OAuth2AuthorizationExchange(request, response);
 		OAuth2AccessToken accessToken = TestOAuth2AccessTokens.scopes("openid");
 		OAuth2AuthorizationCodeAuthenticationToken authenticationToken = new OAuth2AuthorizationCodeAuthenticationToken(
 				google, exchange, accessToken);
-
 		ServerAuthenticationConverter converter = config.authenticationConverter;
 		given(converter.convert(any())).willReturn(Mono.just(authenticationToken));
-
 		Map<String, Object> additionalParameters = new HashMap<>();
 		additionalParameters.put(OidcParameterNames.ID_TOKEN, "id-token");
 		OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken(accessToken.getTokenValue())
@@ -439,12 +380,10 @@ public class OAuth2LoginTests {
 				.additionalParameters(additionalParameters).build();
 		ReactiveOAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> tokenResponseClient = config.tokenResponseClient;
 		given(tokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse));
-
 		ReactiveJwtDecoderFactory<ClientRegistration> jwtDecoderFactory = config.jwtDecoderFactory;
 		OAuth2Error oauth2Error = new OAuth2Error("invalid_id_token", "Invalid ID Token", null);
 		given(jwtDecoderFactory.createDecoder(any())).willReturn((token) -> Mono
 				.error(new JwtValidationException("ID Token validation failed", Collections.singleton(oauth2Error))));
-
 		webTestClient.get().uri("/login/oauth2/code/google").exchange().expectStatus().is3xxRedirection().expectHeader()
 				.valueEquals("Location", "/login?error");
 	}
@@ -452,13 +391,10 @@ public class OAuth2LoginTests {
 	@Test
 	public void logoutWhenUsingOidcLogoutHandlerThenRedirects() {
 		this.spring.register(OAuth2LoginConfigWithOidcLogoutSuccessHandler.class).autowire();
-
 		OAuth2AuthenticationToken token = new OAuth2AuthenticationToken(TestOidcUsers.create(),
 				AuthorityUtils.NO_AUTHORITIES, getBean(ClientRegistration.class).getRegistrationId());
-
 		ServerSecurityContextRepository repository = getBean(ServerSecurityContextRepository.class);
 		given(repository.load(any())).willReturn(authentication(token));
-
 		this.client.post().uri("/logout").exchange().expectHeader().valueEquals("Location",
 				"https://logout?id_token_hint=id-token");
 	}
@@ -467,9 +403,7 @@ public class OAuth2LoginTests {
 	@Test
 	public void oauth2LoginWhenAuthenticationConverterFailsThenDefaultRedirectToLogin() {
 		this.spring.register(OAuth2LoginWithMultipleClientRegistrations.class).autowire();
-
 		WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(this.springSecurity).build();
-
 		webTestClient.get().uri("/login/oauth2/code/google").exchange().expectStatus().is3xxRedirection().expectHeader()
 				.valueEquals("Location", "/login?error");
 	}
diff --git a/config/src/test/java/org/springframework/security/config/web/server/OAuth2ResourceServerSpecTests.java b/config/src/test/java/org/springframework/security/config/web/server/OAuth2ResourceServerSpecTests.java
index 019ced220c..301644ccd1 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/OAuth2ResourceServerSpecTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/OAuth2ResourceServerSpecTests.java
@@ -134,7 +134,6 @@ public class OAuth2ResourceServerSpecTests {
 	@Test
 	public void getWhenValidThenReturnsOk() {
 		this.spring.register(PublicKeyConfig.class, RootController.class).autowire();
-
 		this.client.get().headers((headers) -> headers.setBearerAuth(this.messageReadToken)).exchange().expectStatus()
 				.isOk();
 	}
@@ -142,7 +141,6 @@ public class OAuth2ResourceServerSpecTests {
 	@Test
 	public void getWhenExpiredThenReturnsInvalidToken() {
 		this.spring.register(PublicKeyConfig.class).autowire();
-
 		this.client.get().headers((headers) -> headers.setBearerAuth(this.expired)).exchange().expectStatus()
 				.isUnauthorized().expectHeader()
 				.value(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer error=\"invalid_token\""));
@@ -151,7 +149,6 @@ public class OAuth2ResourceServerSpecTests {
 	@Test
 	public void getWhenUnsignedThenReturnsInvalidToken() {
 		this.spring.register(PublicKeyConfig.class).autowire();
-
 		this.client.get().headers((headers) -> headers.setBearerAuth(this.unsignedToken)).exchange().expectStatus()
 				.isUnauthorized().expectHeader()
 				.value(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer error=\"invalid_token\""));
@@ -160,7 +157,6 @@ public class OAuth2ResourceServerSpecTests {
 	@Test
 	public void getWhenEmptyBearerTokenThenReturnsInvalidToken() {
 		this.spring.register(PublicKeyConfig.class).autowire();
-
 		this.client.get().headers((headers) -> headers.add("Authorization", "Bearer ")).exchange().expectStatus()
 				.isUnauthorized().expectHeader()
 				.value(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer error=\"invalid_token\""));
@@ -169,7 +165,6 @@ public class OAuth2ResourceServerSpecTests {
 	@Test
 	public void getWhenValidTokenAndPublicKeyInLambdaThenReturnsOk() {
 		this.spring.register(PublicKeyInLambdaConfig.class, RootController.class).autowire();
-
 		this.client.get().headers((headers) -> headers.setBearerAuth(this.messageReadToken)).exchange().expectStatus()
 				.isOk();
 	}
@@ -177,7 +172,6 @@ public class OAuth2ResourceServerSpecTests {
 	@Test
 	public void getWhenExpiredTokenAndPublicKeyInLambdaThenReturnsInvalidToken() {
 		this.spring.register(PublicKeyInLambdaConfig.class).autowire();
-
 		this.client.get().headers((headers) -> headers.setBearerAuth(this.expired)).exchange().expectStatus()
 				.isUnauthorized().expectHeader()
 				.value(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer error=\"invalid_token\""));
@@ -186,7 +180,6 @@ public class OAuth2ResourceServerSpecTests {
 	@Test
 	public void getWhenValidUsingPlaceholderThenReturnsOk() {
 		this.spring.register(PlaceholderConfig.class, RootController.class).autowire();
-
 		this.client.get().headers((headers) -> headers.setBearerAuth(this.messageReadToken)).exchange().expectStatus()
 				.isOk();
 	}
@@ -194,22 +187,17 @@ public class OAuth2ResourceServerSpecTests {
 	@Test
 	public void getWhenCustomDecoderThenAuthenticatesAccordingly() {
 		this.spring.register(CustomDecoderConfig.class, RootController.class).autowire();
-
 		ReactiveJwtDecoder jwtDecoder = this.spring.getContext().getBean(ReactiveJwtDecoder.class);
 		given(jwtDecoder.decode(anyString())).willReturn(Mono.just(this.jwt));
-
 		this.client.get().headers((headers) -> headers.setBearerAuth("token")).exchange().expectStatus().isOk();
-
 		verify(jwtDecoder).decode(anyString());
 	}
 
 	@Test
 	public void getWhenUsingJwkSetUriThenConsultsAccordingly() {
 		this.spring.register(JwkSetUriConfig.class, RootController.class).autowire();
-
 		MockWebServer mockWebServer = this.spring.getContext().getBean(MockWebServer.class);
 		mockWebServer.enqueue(new MockResponse().setBody(this.jwkSet));
-
 		this.client.get().headers((headers) -> headers.setBearerAuth(this.messageReadTokenWithKid)).exchange()
 				.expectStatus().isOk();
 	}
@@ -217,10 +205,8 @@ public class OAuth2ResourceServerSpecTests {
 	@Test
 	public void getWhenUsingJwkSetUriInLambdaThenConsultsAccordingly() {
 		this.spring.register(JwkSetUriInLambdaConfig.class, RootController.class).autowire();
-
 		MockWebServer mockWebServer = this.spring.getContext().getBean(MockWebServer.class);
 		mockWebServer.enqueue(new MockResponse().setBody(this.jwkSet));
-
 		this.client.get().headers((headers) -> headers.setBearerAuth(this.messageReadTokenWithKid)).exchange()
 				.expectStatus().isOk();
 	}
@@ -228,12 +214,10 @@ public class OAuth2ResourceServerSpecTests {
 	@Test
 	public void getWhenUsingCustomAuthenticationManagerThenUsesItAccordingly() {
 		this.spring.register(CustomAuthenticationManagerConfig.class).autowire();
-
 		ReactiveAuthenticationManager authenticationManager = this.spring.getContext()
 				.getBean(ReactiveAuthenticationManager.class);
 		given(authenticationManager.authenticate(any(Authentication.class)))
 				.willReturn(Mono.error(new OAuth2AuthenticationException(new OAuth2Error("mock-failure"))));
-
 		this.client.get().headers((headers) -> headers.setBearerAuth(this.messageReadToken)).exchange().expectStatus()
 				.isUnauthorized().expectHeader()
 				.value(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer error=\"mock-failure\""));
@@ -242,12 +226,10 @@ public class OAuth2ResourceServerSpecTests {
 	@Test
 	public void getWhenUsingCustomAuthenticationManagerInLambdaThenUsesItAccordingly() {
 		this.spring.register(CustomAuthenticationManagerInLambdaConfig.class).autowire();
-
 		ReactiveAuthenticationManager authenticationManager = this.spring.getContext()
 				.getBean(ReactiveAuthenticationManager.class);
 		given(authenticationManager.authenticate(any(Authentication.class)))
 				.willReturn(Mono.error(new OAuth2AuthenticationException(new OAuth2Error("mock-failure"))));
-
 		this.client.get().headers((headers) -> headers.setBearerAuth(this.messageReadToken)).exchange().expectStatus()
 				.isUnauthorized().expectHeader()
 				.value(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer error=\"mock-failure\""));
@@ -256,18 +238,14 @@ public class OAuth2ResourceServerSpecTests {
 	@Test
 	public void getWhenUsingCustomAuthenticationManagerResolverThenUsesItAccordingly() {
 		this.spring.register(CustomAuthenticationManagerResolverConfig.class).autowire();
-
 		ReactiveAuthenticationManagerResolver<ServerWebExchange> authenticationManagerResolver = this.spring
 				.getContext().getBean(ReactiveAuthenticationManagerResolver.class);
-
 		ReactiveAuthenticationManager authenticationManager = this.spring.getContext()
 				.getBean(ReactiveAuthenticationManager.class);
-
 		given(authenticationManagerResolver.resolve(any(ServerWebExchange.class)))
 				.willReturn(Mono.just(authenticationManager));
 		given(authenticationManager.authenticate(any(Authentication.class)))
 				.willReturn(Mono.error(new OAuth2AuthenticationException(new OAuth2Error("mock-failure"))));
-
 		this.client.get().headers((headers) -> headers.setBearerAuth(this.messageReadToken)).exchange().expectStatus()
 				.isUnauthorized().expectHeader()
 				.value(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer error=\"mock-failure\""));
@@ -276,7 +254,6 @@ public class OAuth2ResourceServerSpecTests {
 	@Test
 	public void postWhenSignedThenReturnsOk() {
 		this.spring.register(PublicKeyConfig.class, RootController.class).autowire();
-
 		this.client.post().headers((headers) -> headers.setBearerAuth(this.messageReadToken)).exchange().expectStatus()
 				.isOk();
 	}
@@ -284,7 +261,6 @@ public class OAuth2ResourceServerSpecTests {
 	@Test
 	public void getWhenTokenHasInsufficientScopeThenReturnsInsufficientScope() {
 		this.spring.register(DenyAllConfig.class, RootController.class).autowire();
-
 		this.client.get().headers((headers) -> headers.setBearerAuth(this.messageReadToken)).exchange().expectStatus()
 				.isForbidden().expectHeader()
 				.value(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer error=\"insufficient_scope\""));
@@ -293,21 +269,18 @@ public class OAuth2ResourceServerSpecTests {
 	@Test
 	public void postWhenMissingTokenThenReturnsForbidden() {
 		this.spring.register(PublicKeyConfig.class, RootController.class).autowire();
-
 		this.client.post().exchange().expectStatus().isForbidden();
 	}
 
 	@Test
 	public void getWhenCustomBearerTokenServerAuthenticationConverterThenResponds() {
 		this.spring.register(CustomBearerTokenServerAuthenticationConverter.class, RootController.class).autowire();
-
 		this.client.get().cookie("TOKEN", this.messageReadToken).exchange().expectStatus().isOk();
 	}
 
 	@Test
 	public void getWhenSignedAndCustomConverterThenConverts() {
 		this.spring.register(CustomJwtAuthenticationConverterConfig.class, RootController.class).autowire();
-
 		this.client.get().headers((headers) -> headers.setBearerAuth(this.messageReadToken)).exchange().expectStatus()
 				.isOk();
 	}
@@ -315,14 +288,12 @@ public class OAuth2ResourceServerSpecTests {
 	@Test
 	public void getWhenCustomBearerTokenEntryPointThenResponds() {
 		this.spring.register(CustomErrorHandlingConfig.class).autowire();
-
 		this.client.get().uri("/authenticated").exchange().expectStatus().isEqualTo(HttpStatus.I_AM_A_TEAPOT);
 	}
 
 	@Test
 	public void getWhenCustomBearerTokenDeniedHandlerThenResponds() {
 		this.spring.register(CustomErrorHandlingConfig.class).autowire();
-
 		this.client.get().uri("/unobtainable").headers((headers) -> headers.setBearerAuth(this.messageReadToken))
 				.exchange().expectStatus().isEqualTo(HttpStatus.BANDWIDTH_LIMIT_EXCEEDED);
 	}
@@ -332,14 +303,11 @@ public class OAuth2ResourceServerSpecTests {
 		GenericWebApplicationContext context = autowireWebServerGenericWebApplicationContext();
 		ServerHttpSecurity http = new ServerHttpSecurity();
 		http.setApplicationContext(context);
-
 		ReactiveJwtDecoder beanWiredJwtDecoder = mock(ReactiveJwtDecoder.class);
 		ReactiveJwtDecoder dslWiredJwtDecoder = mock(ReactiveJwtDecoder.class);
 		context.registerBean(ReactiveJwtDecoder.class, () -> beanWiredJwtDecoder);
-
 		ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec jwt = http.oauth2ResourceServer().jwt();
 		jwt.jwtDecoder(dslWiredJwtDecoder);
-
 		assertThat(jwt.getJwtDecoder()).isEqualTo(dslWiredJwtDecoder);
 	}
 
@@ -348,15 +316,12 @@ public class OAuth2ResourceServerSpecTests {
 		GenericWebApplicationContext context = autowireWebServerGenericWebApplicationContext();
 		ServerHttpSecurity http = new ServerHttpSecurity();
 		http.setApplicationContext(context);
-
 		ReactiveJwtDecoder beanWiredJwtDecoder = mock(ReactiveJwtDecoder.class);
 		ReactiveJwtDecoder dslWiredJwtDecoder = mock(ReactiveJwtDecoder.class);
 		context.registerBean("firstJwtDecoder", ReactiveJwtDecoder.class, () -> beanWiredJwtDecoder);
 		context.registerBean("secondJwtDecoder", ReactiveJwtDecoder.class, () -> beanWiredJwtDecoder);
-
 		ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec jwt = http.oauth2ResourceServer().jwt();
 		jwt.jwtDecoder(dslWiredJwtDecoder);
-
 		assertThat(jwt.getJwtDecoder()).isEqualTo(dslWiredJwtDecoder);
 	}
 
@@ -365,13 +330,10 @@ public class OAuth2ResourceServerSpecTests {
 		GenericWebApplicationContext context = autowireWebServerGenericWebApplicationContext();
 		ServerHttpSecurity http = new ServerHttpSecurity();
 		http.setApplicationContext(context);
-
 		ReactiveJwtDecoder beanWiredJwtDecoder = mock(ReactiveJwtDecoder.class);
 		context.registerBean("firstJwtDecoder", ReactiveJwtDecoder.class, () -> beanWiredJwtDecoder);
 		context.registerBean("secondJwtDecoder", ReactiveJwtDecoder.class, () -> beanWiredJwtDecoder);
-
 		ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec jwt = http.oauth2ResourceServer().jwt();
-
 		assertThatCode(() -> jwt.getJwtDecoder()).isInstanceOf(NoUniqueBeanDefinitionException.class);
 	}
 
@@ -380,9 +342,7 @@ public class OAuth2ResourceServerSpecTests {
 		GenericWebApplicationContext context = autowireWebServerGenericWebApplicationContext();
 		ServerHttpSecurity http = new ServerHttpSecurity();
 		http.setApplicationContext(context);
-
 		ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec jwt = http.oauth2ResourceServer().jwt();
-
 		assertThatCode(() -> jwt.getJwtDecoder()).isInstanceOf(NoSuchBeanDefinitionException.class);
 	}
 
@@ -391,7 +351,6 @@ public class OAuth2ResourceServerSpecTests {
 		this.spring.register(IntrospectionConfig.class, RootController.class).autowire();
 		this.spring.getContext().getBean(MockWebServer.class)
 				.setDispatcher(requiresAuth(this.clientId, this.clientSecret, this.active));
-
 		this.client.get().headers((headers) -> headers.setBearerAuth(this.messageReadToken)).exchange().expectStatus()
 				.isOk();
 	}
@@ -401,7 +360,6 @@ public class OAuth2ResourceServerSpecTests {
 		this.spring.register(IntrospectionInLambdaConfig.class, RootController.class).autowire();
 		this.spring.getContext().getBean(MockWebServer.class)
 				.setDispatcher(requiresAuth(this.clientId, this.clientSecret, this.active));
-
 		this.client.get().headers((headers) -> headers.setBearerAuth(this.messageReadToken)).exchange().expectStatus()
 				.isOk();
 	}
@@ -440,7 +398,6 @@ public class OAuth2ResourceServerSpecTests {
 	private static RSAPublicKey publicKey() {
 		String modulus = "26323220897278656456354815752829448539647589990395639665273015355787577386000316054335559633864476469390247312823732994485311378484154955583861993455004584140858982659817218753831620205191028763754231454775026027780771426040997832758235764611119743390612035457533732596799927628476322029280486807310749948064176545712270582940917249337311592011920620009965129181413510845780806191965771671528886508636605814099711121026468495328702234901200169245493126030184941412539949521815665744267183140084667383643755535107759061065656273783542590997725982989978433493861515415520051342321336460543070448417126615154138673620797";
 		String exponent = "65537";
-
 		RSAPublicKeySpec spec = new RSAPublicKeySpec(new BigInteger(modulus), new BigInteger(exponent));
 		RSAPublicKey rsaPublicKey = null;
 		try {
@@ -537,14 +494,12 @@ public class OAuth2ResourceServerSpecTests {
 		@Bean
 		SecurityWebFilterChain springSecurity(ServerHttpSecurity http) {
 			String jwkSetUri = mockWebServer().url("/.well-known/jwks.json").toString();
-
 			// @formatter:off
 			http
 				.oauth2ResourceServer()
 					.jwt()
 						.jwkSetUri(jwkSetUri);
 			// @formatter:on
-
 			return http.build();
 		}
 
@@ -569,7 +524,6 @@ public class OAuth2ResourceServerSpecTests {
 		@Bean
 		SecurityWebFilterChain springSecurity(ServerHttpSecurity http) {
 			String jwkSetUri = mockWebServer().url("/.well-known/jwks.json").toString();
-
 			// @formatter:off
 			http
 				.oauth2ResourceServer((oauth2ResourceServer) ->
@@ -580,7 +534,6 @@ public class OAuth2ResourceServerSpecTests {
 						)
 				);
 			// @formatter:on
-
 			return http.build();
 		}
 
@@ -609,7 +562,6 @@ public class OAuth2ResourceServerSpecTests {
 				.oauth2ResourceServer()
 					.jwt();
 			// @formatter:on
-
 			return http.build();
 		}
 
@@ -635,7 +587,6 @@ public class OAuth2ResourceServerSpecTests {
 					.jwt()
 						.publicKey(publicKey());
 			// @formatter:on
-
 			return http.build();
 		}
 
@@ -653,7 +604,6 @@ public class OAuth2ResourceServerSpecTests {
 					.jwt()
 						.authenticationManager(authenticationManager());
 			// @formatter:on
-
 			return http.build();
 		}
 
@@ -680,7 +630,6 @@ public class OAuth2ResourceServerSpecTests {
 						)
 				);
 			// @formatter:on
-
 			return http.build();
 		}
 
@@ -705,7 +654,6 @@ public class OAuth2ResourceServerSpecTests {
 				.oauth2ResourceServer()
 					.authenticationManagerResolver(authenticationManagerResolver());
 			// @formatter:on
-
 			return http.build();
 		}
 
@@ -737,7 +685,6 @@ public class OAuth2ResourceServerSpecTests {
 					.jwt()
 						.publicKey(publicKey());
 			// @formatter:on
-
 			return http.build();
 		}
 
@@ -765,19 +712,16 @@ public class OAuth2ResourceServerSpecTests {
 						.jwtAuthenticationConverter(jwtAuthenticationConverter())
 						.publicKey(publicKey());
 			// @formatter:on
-
 			return http.build();
 		}
 
 		@Bean
 		Converter<Jwt, Mono<AbstractAuthenticationToken>> jwtAuthenticationConverter() {
-
 			JwtAuthenticationConverter converter = new JwtAuthenticationConverter();
 			converter.setJwtGrantedAuthoritiesConverter((jwt) -> {
 				String[] claims = ((String) jwt.getClaims().get("scope")).split(" ");
 				return Stream.of(claims).map(SimpleGrantedAuthority::new).collect(Collectors.toList());
 			});
-
 			return new ReactiveJwtAuthenticationConverterAdapter(converter);
 		}
 
@@ -801,7 +745,6 @@ public class OAuth2ResourceServerSpecTests {
 					.jwt()
 						.publicKey(publicKey());
 			// @formatter:on
-
 			return http.build();
 		}
 
@@ -816,7 +759,6 @@ public class OAuth2ResourceServerSpecTests {
 		@Bean
 		SecurityWebFilterChain springSecurity(ServerHttpSecurity http) {
 			String introspectionUri = mockWebServer().url("/introspect").toString();
-
 			// @formatter:off
 			http
 				.oauth2ResourceServer()
@@ -824,7 +766,6 @@ public class OAuth2ResourceServerSpecTests {
 						.introspectionUri(introspectionUri)
 						.introspectionClientCredentials("client", "secret");
 			// @formatter:on
-
 			return http.build();
 		}
 
@@ -849,7 +790,6 @@ public class OAuth2ResourceServerSpecTests {
 		@Bean
 		SecurityWebFilterChain springSecurity(ServerHttpSecurity http) {
 			String introspectionUri = mockWebServer().url("/introspect").toString();
-
 			// @formatter:off
 			http
 				.oauth2ResourceServer((oauth2ResourceServer) ->
@@ -861,7 +801,6 @@ public class OAuth2ResourceServerSpecTests {
 						)
 				);
 			// @formatter:on
-
 			return http.build();
 		}
 
@@ -892,7 +831,6 @@ public class OAuth2ResourceServerSpecTests {
 					.authenticationManagerResolver(mock(ReactiveAuthenticationManagerResolver.class))
 					.opaqueToken();
 			// @formatter:on
-
 			return http.build();
 		}
 
diff --git a/config/src/test/java/org/springframework/security/config/web/server/RequestCacheTests.java b/config/src/test/java/org/springframework/security/config/web/server/RequestCacheTests.java
index cccf0f0df9..a9331c95e2 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/RequestCacheTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/RequestCacheTests.java
@@ -49,17 +49,12 @@ public class RequestCacheTests {
 	public void defaultFormLoginRequestCache() {
 		SecurityWebFilterChain securityWebFilter = this.http.authorizeExchange().anyExchange().authenticated().and()
 				.formLogin().and().build();
-
 		WebTestClient webTestClient = WebTestClient
 				.bindToController(new SecuredPageController(), new WebTestClientBuilder.Http200RestController())
 				.webFilter(new WebFilterChainProxy(securityWebFilter)).build();
-
 		WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build();
-
 		DefaultLoginPage loginPage = SecuredPage.to(driver, DefaultLoginPage.class).assertAt();
-
 		SecuredPage securedPage = loginPage.loginForm().username("user").password("password").submit(SecuredPage.class);
-
 		securedPage.assertAt();
 	}
 
@@ -67,17 +62,12 @@ public class RequestCacheTests {
 	public void requestCacheNoOp() {
 		SecurityWebFilterChain securityWebFilter = this.http.authorizeExchange().anyExchange().authenticated().and()
 				.formLogin().and().requestCache().requestCache(NoOpServerRequestCache.getInstance()).and().build();
-
 		WebTestClient webTestClient = WebTestClient
 				.bindToController(new SecuredPageController(), new WebTestClientBuilder.Http200RestController())
 				.webFilter(new WebFilterChainProxy(securityWebFilter)).build();
-
 		WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build();
-
 		DefaultLoginPage loginPage = SecuredPage.to(driver, DefaultLoginPage.class).assertAt();
-
 		HomePage securedPage = loginPage.loginForm().username("user").password("password").submit(HomePage.class);
-
 		securedPage.assertAt();
 	}
 
@@ -88,17 +78,12 @@ public class RequestCacheTests {
 				.formLogin(withDefaults())
 				.requestCache((requestCache) -> requestCache.requestCache(NoOpServerRequestCache.getInstance()))
 				.build();
-
 		WebTestClient webTestClient = WebTestClient
 				.bindToController(new SecuredPageController(), new WebTestClientBuilder.Http200RestController())
 				.webFilter(new WebFilterChainProxy(securityWebFilter)).build();
-
 		WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build();
-
 		DefaultLoginPage loginPage = SecuredPage.to(driver, DefaultLoginPage.class).assertAt();
-
 		HomePage securedPage = loginPage.loginForm().username("user").password("password").submit(HomePage.class);
-
 		securedPage.assertAt();
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/web/server/ServerHttpSecurityTests.java b/config/src/test/java/org/springframework/security/config/web/server/ServerHttpSecurityTests.java
index a23964ceec..521b17c3ee 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/ServerHttpSecurityTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/ServerHttpSecurityTests.java
@@ -109,12 +109,9 @@ public class ServerHttpSecurityTests {
 		TestPublisher<SecurityContext> securityContext = TestPublisher.create();
 		given(this.contextRepository.load(any())).willReturn(securityContext.mono());
 		this.http.securityContextRepository(this.contextRepository);
-
 		WebTestClient client = buildClient();
-
 		FluxExchangeResult<String> result = client.get().uri("/").exchange().expectHeader()
 				.valueMatches(HttpHeaders.CACHE_CONTROL, ".+").returnResult(String.class);
-
 		assertThat(result.getResponseCookies()).isEmpty();
 		// there is no need to try and load the SecurityContext by default
 		securityContext.assertWasNotSubscribed();
@@ -124,19 +121,15 @@ public class ServerHttpSecurityTests {
 	public void basic() {
 		given(this.authenticationManager.authenticate(any()))
 				.willReturn(Mono.just(new TestingAuthenticationToken("rob", "rob", "ROLE_USER", "ROLE_ADMIN")));
-
 		this.http.httpBasic();
 		this.http.authenticationManager(this.authenticationManager);
 		ServerHttpSecurity.AuthorizeExchangeSpec authorize = this.http.authorizeExchange();
 		authorize.anyExchange().authenticated();
-
 		WebTestClient client = buildClient();
-
 		EntityExchangeResult<String> result = client.get().uri("/")
 				.headers((headers) -> headers.setBasicAuth("rob", "rob")).exchange().expectStatus().isOk()
 				.expectHeader().valueMatches(HttpHeaders.CACHE_CONTROL, ".+").expectBody(String.class)
 				.consumeWith((b) -> assertThat(b.getResponseBody()).isEqualTo("ok")).returnResult();
-
 		assertThat(result.getResponseCookies().getFirst("SESSION")).isNull();
 	}
 
@@ -144,27 +137,22 @@ public class ServerHttpSecurityTests {
 	public void basicWithGlobalWebSessionServerSecurityContextRepository() {
 		given(this.authenticationManager.authenticate(any()))
 				.willReturn(Mono.just(new TestingAuthenticationToken("rob", "rob", "ROLE_USER", "ROLE_ADMIN")));
-
 		this.http.securityContextRepository(new WebSessionServerSecurityContextRepository());
 		this.http.httpBasic();
 		this.http.authenticationManager(this.authenticationManager);
 		ServerHttpSecurity.AuthorizeExchangeSpec authorize = this.http.authorizeExchange();
 		authorize.anyExchange().authenticated();
-
 		WebTestClient client = buildClient();
-
 		EntityExchangeResult<String> result = client.get().uri("/")
 				.headers((headers) -> headers.setBasicAuth("rob", "rob")).exchange().expectStatus().isOk()
 				.expectHeader().valueMatches(HttpHeaders.CACHE_CONTROL, ".+").expectBody(String.class)
 				.consumeWith((b) -> assertThat(b.getResponseBody()).isEqualTo("ok")).returnResult();
-
 		assertThat(result.getResponseCookies().getFirst("SESSION")).isNotNull();
 	}
 
 	@Test
 	public void basicWhenNoCredentialsThenUnauthorized() {
 		this.http.authorizeExchange().anyExchange().authenticated();
-
 		WebTestClient client = buildClient();
 		client.get().uri("/").exchange().expectStatus().isUnauthorized().expectHeader()
 				.valueMatches(HttpHeaders.CACHE_CONTROL, ".+").expectBody().isEmpty();
@@ -173,23 +161,18 @@ public class ServerHttpSecurityTests {
 	@Test
 	public void buildWhenServerWebExchangeFromContextThenFound() {
 		SecurityWebFilterChain filter = this.http.build();
-
 		WebTestClient client = WebTestClient.bindToController(new SubscriberContextController())
 				.webFilter(new WebFilterChainProxy(filter)).build();
-
 		client.get().uri("/foo/bar").exchange().expectBody(String.class).isEqualTo("/foo/bar");
 	}
 
 	@Test
 	public void csrfServerLogoutHandlerNotAppliedIfCsrfIsntEnabled() {
 		SecurityWebFilterChain securityWebFilterChain = this.http.csrf().disable().build();
-
 		assertThat(getWebFilter(securityWebFilterChain, CsrfWebFilter.class)).isNotPresent();
-
 		Optional<ServerLogoutHandler> logoutHandler = getWebFilter(securityWebFilterChain, LogoutWebFilter.class)
 				.map((logoutWebFilter) -> (ServerLogoutHandler) ReflectionTestUtils.getField(logoutWebFilter,
 						LogoutWebFilter.class, "logoutHandler"));
-
 		assertThat(logoutHandler).get().isExactlyInstanceOf(SecurityContextServerLogoutHandler.class);
 	}
 
@@ -197,15 +180,12 @@ public class ServerHttpSecurityTests {
 	public void csrfServerLogoutHandlerAppliedIfCsrfIsEnabled() {
 		SecurityWebFilterChain securityWebFilterChain = this.http.csrf().csrfTokenRepository(this.csrfTokenRepository)
 				.and().build();
-
 		assertThat(getWebFilter(securityWebFilterChain, CsrfWebFilter.class)).get()
 				.extracting((csrfWebFilter) -> ReflectionTestUtils.getField(csrfWebFilter, "csrfTokenRepository"))
 				.isEqualTo(this.csrfTokenRepository);
-
 		Optional<ServerLogoutHandler> logoutHandler = getWebFilter(securityWebFilterChain, LogoutWebFilter.class)
 				.map((logoutWebFilter) -> (ServerLogoutHandler) ReflectionTestUtils.getField(logoutWebFilter,
 						LogoutWebFilter.class, "logoutHandler"));
-
 		assertThat(logoutHandler).get().isExactlyInstanceOf(DelegatingServerLogoutHandler.class)
 				.extracting((delegatingLogoutHandler) -> ((List<ServerLogoutHandler>) ReflectionTestUtils
 						.getField(delegatingLogoutHandler, DelegatingServerLogoutHandler.class, "delegates")).stream()
@@ -220,10 +200,8 @@ public class ServerHttpSecurityTests {
 				.addFilterAfter(new TestWebFilter(), SecurityWebFiltersOrder.SECURITY_CONTEXT_SERVER_WEB_EXCHANGE)
 				.build();
 		List filters = securityWebFilterChain.getWebFilters().map(WebFilter::getClass).collectList().block();
-
 		assertThat(filters).isNotNull().isNotEmpty().containsSequence(SecurityContextServerWebExchangeWebFilter.class,
 				TestWebFilter.class);
-
 	}
 
 	@Test
@@ -233,10 +211,8 @@ public class ServerHttpSecurityTests {
 				.addFilterBefore(new TestWebFilter(), SecurityWebFiltersOrder.SECURITY_CONTEXT_SERVER_WEB_EXCHANGE)
 				.build();
 		List filters = securityWebFilterChain.getWebFilters().map(WebFilter::getClass).collectList().block();
-
 		assertThat(filters).isNotNull().isNotEmpty().containsSequence(TestWebFilter.class,
 				SecurityContextServerWebExchangeWebFilter.class);
-
 	}
 
 	@Test
@@ -244,9 +220,7 @@ public class ServerHttpSecurityTests {
 		SecurityWebFilterChain securityFilterChain = this.http.anonymous().and().build();
 		WebTestClient client = WebTestClientBuilder.bindToControllerAndWebFilters(
 				AnonymousAuthenticationWebFilterTests.HttpMeController.class, securityFilterChain).build();
-
 		client.get().uri("/me").exchange().expectStatus().isOk().expectBody(String.class).isEqualTo("anonymousUser");
-
 	}
 
 	@Test
@@ -254,7 +228,6 @@ public class ServerHttpSecurityTests {
 		SecurityWebFilterChain securityFilterChain = this.http.anonymous(withDefaults()).build();
 		WebTestClient client = WebTestClientBuilder.bindToControllerAndWebFilters(
 				AnonymousAuthenticationWebFilterTests.HttpMeController.class, securityFilterChain).build();
-
 		client.get().uri("/me").exchange().expectStatus().isOk().expectBody(String.class).isEqualTo("anonymousUser");
 	}
 
@@ -262,19 +235,15 @@ public class ServerHttpSecurityTests {
 	public void basicWithAnonymous() {
 		given(this.authenticationManager.authenticate(any()))
 				.willReturn(Mono.just(new TestingAuthenticationToken("rob", "rob", "ROLE_USER", "ROLE_ADMIN")));
-
 		this.http.httpBasic().and().anonymous();
 		this.http.authenticationManager(this.authenticationManager);
 		ServerHttpSecurity.AuthorizeExchangeSpec authorize = this.http.authorizeExchange();
 		authorize.anyExchange().hasAuthority("ROLE_ADMIN");
-
 		WebTestClient client = buildClient();
-
 		EntityExchangeResult<String> result = client.get().uri("/")
 				.headers((headers) -> headers.setBasicAuth("rob", "rob")).exchange().expectStatus().isOk()
 				.expectHeader().valueMatches(HttpHeaders.CACHE_CONTROL, ".+").expectBody(String.class)
 				.consumeWith((b) -> assertThat(b.getResponseBody()).isEqualTo("ok")).returnResult();
-
 		assertThat(result.getResponseCookies().getFirst("SESSION")).isNull();
 	}
 
@@ -287,13 +256,10 @@ public class ServerHttpSecurityTests {
 		this.http.authenticationManager(this.authenticationManager);
 		ServerHttpSecurity.AuthorizeExchangeSpec authorize = this.http.authorizeExchange();
 		authorize.anyExchange().authenticated();
-
 		WebTestClient client = buildClient();
-
 		EntityExchangeResult<String> result = client.get().uri("/").exchange().expectStatus().isUnauthorized()
 				.expectHeader().value(HttpHeaders.WWW_AUTHENTICATE, (value) -> assertThat(value).contains("myrealm"))
 				.expectBody(String.class).returnResult();
-
 		assertThat(result.getResponseCookies().getFirst("SESSION")).isNull();
 	}
 
@@ -306,13 +272,10 @@ public class ServerHttpSecurityTests {
 		this.http.authenticationManager(this.authenticationManager);
 		ServerHttpSecurity.AuthorizeExchangeSpec authorize = this.http.authorizeExchange();
 		authorize.anyExchange().authenticated();
-
 		WebTestClient client = buildClient();
-
 		EntityExchangeResult<String> result = client.get().uri("/").exchange().expectStatus().isUnauthorized()
 				.expectHeader().value(HttpHeaders.WWW_AUTHENTICATE, (value) -> assertThat(value).contains("myrealm"))
 				.expectBody(String.class).returnResult();
-
 		assertThat(result.getResponseCookies().getFirst("SESSION")).isNull();
 	}
 
@@ -321,15 +284,12 @@ public class ServerHttpSecurityTests {
 		ReactiveAuthenticationManager customAuthenticationManager = mock(ReactiveAuthenticationManager.class);
 		given(customAuthenticationManager.authenticate(any()))
 				.willReturn(Mono.just(new TestingAuthenticationToken("rob", "rob", "ROLE_USER", "ROLE_ADMIN")));
-
 		SecurityWebFilterChain securityFilterChain = this.http.httpBasic()
 				.authenticationManager(customAuthenticationManager).and().build();
 		WebFilterChainProxy springSecurityFilterChain = new WebFilterChainProxy(securityFilterChain);
 		WebTestClient client = WebTestClientBuilder.bindToWebFilters(springSecurityFilterChain).build();
-
 		client.get().uri("/").headers((headers) -> headers.setBasicAuth("rob", "rob")).exchange().expectStatus().isOk()
 				.expectBody(String.class).consumeWith((b) -> assertThat(b.getResponseBody()).isEqualTo("ok"));
-
 		verifyZeroInteractions(this.authenticationManager);
 	}
 
@@ -338,15 +298,12 @@ public class ServerHttpSecurityTests {
 		ReactiveAuthenticationManager customAuthenticationManager = mock(ReactiveAuthenticationManager.class);
 		given(customAuthenticationManager.authenticate(any()))
 				.willReturn(Mono.just(new TestingAuthenticationToken("rob", "rob", "ROLE_USER", "ROLE_ADMIN")));
-
 		SecurityWebFilterChain securityFilterChain = this.http
 				.httpBasic((httpBasic) -> httpBasic.authenticationManager(customAuthenticationManager)).build();
 		WebFilterChainProxy springSecurityFilterChain = new WebFilterChainProxy(securityFilterChain);
 		WebTestClient client = WebTestClientBuilder.bindToWebFilters(springSecurityFilterChain).build();
-
 		client.get().uri("/").headers((headers) -> headers.setBasicAuth("rob", "rob")).exchange().expectStatus().isOk()
 				.expectBody(String.class).consumeWith((b) -> assertThat(b.getResponseBody()).isEqualTo("ok"));
-
 		verifyZeroInteractions(this.authenticationManager);
 		verify(customAuthenticationManager).authenticate(any(Authentication.class));
 	}
@@ -356,12 +313,9 @@ public class ServerHttpSecurityTests {
 	public void addsX509FilterWhenX509AuthenticationIsConfigured() {
 		X509PrincipalExtractor mockExtractor = mock(X509PrincipalExtractor.class);
 		ReactiveAuthenticationManager mockAuthenticationManager = mock(ReactiveAuthenticationManager.class);
-
 		this.http.x509().principalExtractor(mockExtractor).authenticationManager(mockAuthenticationManager).and();
-
 		SecurityWebFilterChain securityWebFilterChain = this.http.build();
 		WebFilter x509WebFilter = securityWebFilterChain.getWebFilters().filter(this::isX509Filter).blockFirst();
-
 		assertThat(x509WebFilter).isNotNull();
 	}
 
@@ -369,33 +323,26 @@ public class ServerHttpSecurityTests {
 	public void x509WhenCustomizedThenAddsX509Filter() {
 		X509PrincipalExtractor mockExtractor = mock(X509PrincipalExtractor.class);
 		ReactiveAuthenticationManager mockAuthenticationManager = mock(ReactiveAuthenticationManager.class);
-
 		this.http.x509(
 				(x509) -> x509.principalExtractor(mockExtractor).authenticationManager(mockAuthenticationManager));
-
 		SecurityWebFilterChain securityWebFilterChain = this.http.build();
 		WebFilter x509WebFilter = securityWebFilterChain.getWebFilters().filter(this::isX509Filter).blockFirst();
-
 		assertThat(x509WebFilter).isNotNull();
 	}
 
 	@Test
 	public void addsX509FilterWhenX509AuthenticationIsConfiguredWithDefaults() {
 		this.http.x509();
-
 		SecurityWebFilterChain securityWebFilterChain = this.http.build();
 		WebFilter x509WebFilter = securityWebFilterChain.getWebFilters().filter(this::isX509Filter).blockFirst();
-
 		assertThat(x509WebFilter).isNotNull();
 	}
 
 	@Test
 	public void x509WhenDefaultsThenAddsX509Filter() {
 		this.http.x509(withDefaults());
-
 		SecurityWebFilterChain securityWebFilterChain = this.http.build();
 		WebFilter x509WebFilter = securityWebFilterChain.getWebFilters().filter(this::isX509Filter).blockFirst();
-
 		assertThat(x509WebFilter).isNotNull();
 	}
 
@@ -404,7 +351,6 @@ public class ServerHttpSecurityTests {
 		SecurityWebFilterChain securityFilterChain = this.http.csrf((csrf) -> csrf.disable()).build();
 		WebFilterChainProxy springSecurityFilterChain = new WebFilterChainProxy(securityFilterChain);
 		WebTestClient client = WebTestClientBuilder.bindToWebFilters(springSecurityFilterChain).build();
-
 		client.post().uri("/").exchange().expectStatus().isOk();
 	}
 
@@ -416,9 +362,7 @@ public class ServerHttpSecurityTests {
 				.csrf((csrf) -> csrf.csrfTokenRepository(customServerCsrfTokenRepository)).build();
 		WebFilterChainProxy springSecurityFilterChain = new WebFilterChainProxy(securityFilterChain);
 		WebTestClient client = WebTestClientBuilder.bindToWebFilters(springSecurityFilterChain).build();
-
 		client.post().uri("/").exchange().expectStatus().isForbidden();
-
 		verify(customServerCsrfTokenRepository).loadToken(any());
 	}
 
@@ -427,17 +371,14 @@ public class ServerHttpSecurityTests {
 		ServerRequestCache requestCache = spy(new WebSessionServerRequestCache());
 		ReactiveClientRegistrationRepository clientRegistrationRepository = mock(
 				ReactiveClientRegistrationRepository.class);
-
 		SecurityWebFilterChain securityFilterChain = this.http.oauth2Login()
 				.clientRegistrationRepository(clientRegistrationRepository).and().authorizeExchange().anyExchange()
 				.authenticated().and().requestCache((c) -> c.requestCache(requestCache)).build();
-
 		WebTestClient client = WebTestClientBuilder.bindToWebFilters(securityFilterChain).build();
 		client.get().uri("/test").exchange();
 		ArgumentCaptor<ServerWebExchange> captor = ArgumentCaptor.forClass(ServerWebExchange.class);
 		verify(requestCache).saveRequest(captor.capture());
 		assertThat(captor.getValue().getRequest().getURI().toString()).isEqualTo("/test");
-
 		OAuth2LoginAuthenticationWebFilter authenticationWebFilter = getWebFilter(securityFilterChain,
 				OAuth2LoginAuthenticationWebFilter.class).get();
 		Object handler = ReflectionTestUtils.getField(authenticationWebFilter, "authenticationSuccessHandler");
@@ -450,19 +391,14 @@ public class ServerHttpSecurityTests {
 				ServerAuthorizationRequestRepository.class);
 		ReactiveClientRegistrationRepository clientRegistrationRepository = mock(
 				ReactiveClientRegistrationRepository.class);
-
 		OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request().build();
-
 		given(authorizationRequestRepository.removeAuthorizationRequest(any()))
 				.willReturn(Mono.just(authorizationRequest));
-
 		SecurityWebFilterChain securityFilterChain = this.http.oauth2Login()
 				.clientRegistrationRepository(clientRegistrationRepository)
 				.authorizationRequestRepository(authorizationRequestRepository).and().build();
-
 		WebTestClient client = WebTestClientBuilder.bindToWebFilters(securityFilterChain).build();
 		client.get().uri("/login/oauth2/code/registration-id").exchange();
-
 		verify(authorizationRequestRepository).removeAuthorizationRequest(any());
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/websocket/WebSocketMessageBrokerConfigTests.java b/config/src/test/java/org/springframework/security/config/websocket/WebSocketMessageBrokerConfigTests.java
index 4bd2d1e9f3..8d760858d5 100644
--- a/config/src/test/java/org/springframework/security/config/websocket/WebSocketMessageBrokerConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/websocket/WebSocketMessageBrokerConfigTests.java
@@ -102,9 +102,7 @@ public class WebSocketMessageBrokerConfigTests {
 	@Test
 	public void sendWhenNoIdSpecifiedThenIntegratesWithClientInboundChannel() {
 		this.spring.configLocations(xml("NoIdConfig")).autowire();
-
 		this.clientInboundChannel.send(message("/permitAll"));
-
 		assertThatThrownBy(() -> this.clientInboundChannel.send(message("/denyAll")))
 				.hasCauseInstanceOf(AccessDeniedException.class);
 	}
@@ -112,214 +110,165 @@ public class WebSocketMessageBrokerConfigTests {
 	@Test
 	public void sendWhenAnonymousMessageWithConnectMessageTypeThenPermitted() {
 		this.spring.configLocations(xml("NoIdConfig")).autowire();
-
 		SimpMessageHeaderAccessor headers = SimpMessageHeaderAccessor.create(SimpMessageType.CONNECT);
 		headers.setNativeHeader(this.token.getHeaderName(), this.token.getToken());
-
 		assertThatCode(() -> this.clientInboundChannel.send(message("/permitAll", headers))).doesNotThrowAnyException();
 	}
 
 	@Test
 	public void sendWhenAnonymousMessageWithConnectAckMessageTypeThenPermitted() {
 		this.spring.configLocations(xml("NoIdConfig")).autowire();
-
 		Message<?> message = message("/permitAll", SimpMessageType.CONNECT_ACK);
-
 		assertThatCode(send(message)).doesNotThrowAnyException();
 	}
 
 	@Test
 	public void sendWhenAnonymousMessageWithDisconnectMessageTypeThenPermitted() {
 		this.spring.configLocations(xml("NoIdConfig")).autowire();
-
 		Message<?> message = message("/permitAll", SimpMessageType.DISCONNECT);
-
 		assertThatCode(send(message)).doesNotThrowAnyException();
 	}
 
 	@Test
 	public void sendWhenAnonymousMessageWithDisconnectAckMessageTypeThenPermitted() {
 		this.spring.configLocations(xml("NoIdConfig")).autowire();
-
 		Message<?> message = message("/permitAll", SimpMessageType.DISCONNECT_ACK);
-
 		assertThatCode(send(message)).doesNotThrowAnyException();
 	}
 
 	@Test
 	public void sendWhenAnonymousMessageWithHeartbeatMessageTypeThenPermitted() {
 		this.spring.configLocations(xml("NoIdConfig")).autowire();
-
 		Message<?> message = message("/permitAll", SimpMessageType.HEARTBEAT);
-
 		assertThatCode(send(message)).doesNotThrowAnyException();
 	}
 
 	@Test
 	public void sendWhenAnonymousMessageWithMessageMessageTypeThenPermitted() {
 		this.spring.configLocations(xml("NoIdConfig")).autowire();
-
 		Message<?> message = message("/permitAll", SimpMessageType.MESSAGE);
-
 		assertThatCode(send(message)).doesNotThrowAnyException();
 	}
 
 	@Test
 	public void sendWhenAnonymousMessageWithOtherMessageTypeThenPermitted() {
 		this.spring.configLocations(xml("NoIdConfig")).autowire();
-
 		Message<?> message = message("/permitAll", SimpMessageType.OTHER);
-
 		assertThatCode(send(message)).doesNotThrowAnyException();
 	}
 
 	@Test
 	public void sendWhenAnonymousMessageWithSubscribeMessageTypeThenPermitted() {
 		this.spring.configLocations(xml("NoIdConfig")).autowire();
-
 		Message<?> message = message("/permitAll", SimpMessageType.SUBSCRIBE);
-
 		assertThatCode(send(message)).doesNotThrowAnyException();
 	}
 
 	@Test
 	public void sendWhenAnonymousMessageWithUnsubscribeMessageTypeThenPermitted() {
 		this.spring.configLocations(xml("NoIdConfig")).autowire();
-
 		Message<?> message = message("/permitAll", SimpMessageType.UNSUBSCRIBE);
-
 		assertThatCode(send(message)).doesNotThrowAnyException();
 	}
 
 	@Test
 	public void sendWhenConnectWithoutCsrfTokenThenDenied() {
 		this.spring.configLocations(xml("SyncConfig")).autowire();
-
 		Message<?> message = message("/message", SimpMessageType.CONNECT);
-
 		assertThatThrownBy(send(message)).hasCauseInstanceOf(InvalidCsrfTokenException.class);
 	}
 
 	@Test
 	public void sendWhenConnectWithSameOriginDisabledThenCsrfTokenNotRequired() {
 		this.spring.configLocations(xml("SyncSameOriginDisabledConfig")).autowire();
-
 		Message<?> message = message("/message", SimpMessageType.CONNECT);
-
 		assertThatCode(send(message)).doesNotThrowAnyException();
 	}
 
 	@Test
 	public void sendWhenInterceptWiredForMessageTypeThenDeniesOnTypeMismatch() {
 		this.spring.configLocations(xml("MessageInterceptTypeConfig")).autowire();
-
 		Message<?> message = message("/permitAll", SimpMessageType.MESSAGE);
-
 		assertThatCode(send(message)).doesNotThrowAnyException();
-
 		message = message("/permitAll", SimpMessageType.UNSUBSCRIBE);
-
 		assertThatThrownBy(send(message)).hasCauseInstanceOf(AccessDeniedException.class);
-
 		message = message("/anyOther", SimpMessageType.MESSAGE);
-
 		assertThatThrownBy(send(message)).hasCauseInstanceOf(AccessDeniedException.class);
 	}
 
 	@Test
 	public void sendWhenInterceptWiredForSubscribeTypeThenDeniesOnTypeMismatch() {
 		this.spring.configLocations(xml("SubscribeInterceptTypeConfig")).autowire();
-
 		Message<?> message = message("/permitAll", SimpMessageType.SUBSCRIBE);
-
 		assertThatCode(send(message)).doesNotThrowAnyException();
-
 		message = message("/permitAll", SimpMessageType.UNSUBSCRIBE);
-
 		assertThatThrownBy(send(message)).hasCauseInstanceOf(AccessDeniedException.class);
-
 		message = message("/anyOther", SimpMessageType.SUBSCRIBE);
-
 		assertThatThrownBy(send(message)).hasCauseInstanceOf(AccessDeniedException.class);
 	}
 
 	@Test
 	public void configureWhenUsingConnectMessageTypeThenAutowireFails() {
 		ThrowingCallable bad = () -> this.spring.configLocations(xml("ConnectInterceptTypeConfig")).autowire();
-
 		assertThatThrownBy(bad).isInstanceOf(BeanDefinitionParsingException.class);
 	}
 
 	@Test
 	public void configureWhenUsingConnectAckMessageTypeThenAutowireFails() {
 		ThrowingCallable bad = () -> this.spring.configLocations(xml("ConnectAckInterceptTypeConfig")).autowire();
-
 		assertThatThrownBy(bad).isInstanceOf(BeanDefinitionParsingException.class);
 	}
 
 	@Test
 	public void configureWhenUsingDisconnectMessageTypeThenAutowireFails() {
 		ThrowingCallable bad = () -> this.spring.configLocations(xml("DisconnectInterceptTypeConfig")).autowire();
-
 		assertThatThrownBy(bad).isInstanceOf(BeanDefinitionParsingException.class);
 	}
 
 	@Test
 	public void configureWhenUsingDisconnectAckMessageTypeThenAutowireFails() {
 		ThrowingCallable bad = () -> this.spring.configLocations(xml("DisconnectAckInterceptTypeConfig")).autowire();
-
 		assertThatThrownBy(bad).isInstanceOf(BeanDefinitionParsingException.class);
 	}
 
 	@Test
 	public void configureWhenUsingHeartbeatMessageTypeThenAutowireFails() {
 		ThrowingCallable bad = () -> this.spring.configLocations(xml("HeartbeatInterceptTypeConfig")).autowire();
-
 		assertThatThrownBy(bad).isInstanceOf(BeanDefinitionParsingException.class);
 	}
 
 	@Test
 	public void configureWhenUsingOtherMessageTypeThenAutowireFails() {
 		ThrowingCallable bad = () -> this.spring.configLocations(xml("OtherInterceptTypeConfig")).autowire();
-
 		assertThatThrownBy(bad).isInstanceOf(BeanDefinitionParsingException.class);
 	}
 
 	@Test
 	public void configureWhenUsingUnsubscribeMessageTypeThenAutowireFails() {
 		ThrowingCallable bad = () -> this.spring.configLocations(xml("UnsubscribeInterceptTypeConfig")).autowire();
-
 		assertThatThrownBy(bad).isInstanceOf(BeanDefinitionParsingException.class);
 	}
 
 	@Test
 	public void sendWhenNoIdMessageThenAuthenticationPrincipalResolved() {
 		this.spring.configLocations(xml("SyncConfig")).autowire();
-
 		this.clientInboundChannel.send(message("/message"));
-
 		assertThat(this.messageController.username).isEqualTo("anonymous");
 	}
 
 	@Test
 	public void requestWhenConnectMessageThenUsesCsrfTokenHandshakeInterceptor() throws Exception {
 		this.spring.configLocations(xml("SyncConfig")).autowire();
-
 		WebApplicationContext context = this.spring.getContext();
 		MockMvc mvc = MockMvcBuilders.webAppContextSetup(context).build();
-
 		String csrfAttributeName = CsrfToken.class.getName();
 		String customAttributeName = this.getClass().getName();
-
 		MvcResult result = mvc.perform(get("/app").requestAttr(csrfAttributeName, this.token)
 				.sessionAttr(customAttributeName, "attributeValue")).andReturn();
-
 		CsrfToken handshakeToken = (CsrfToken) this.testHandshakeHandler.attributes.get(csrfAttributeName);
 		String handshakeValue = (String) this.testHandshakeHandler.attributes.get(customAttributeName);
 		String sessionValue = (String) result.getRequest().getSession().getAttribute(customAttributeName);
-
 		assertThat(handshakeToken).isEqualTo(this.token).withFailMessage("CsrfToken is populated");
-
 		assertThat(handshakeValue).isEqualTo(sessionValue)
 				.withFailMessage("Explicitly listed session variables are not overridden");
 	}
@@ -327,22 +276,16 @@ public class WebSocketMessageBrokerConfigTests {
 	@Test
 	public void requestWhenConnectMessageAndUsingSockJsThenUsesCsrfTokenHandshakeInterceptor() throws Exception {
 		this.spring.configLocations(xml("SyncSockJsConfig")).autowire();
-
 		WebApplicationContext context = this.spring.getContext();
 		MockMvc mvc = MockMvcBuilders.webAppContextSetup(context).build();
-
 		String csrfAttributeName = CsrfToken.class.getName();
 		String customAttributeName = this.getClass().getName();
-
 		MvcResult result = mvc.perform(get("/app/289/tpyx6mde/websocket").requestAttr(csrfAttributeName, this.token)
 				.sessionAttr(customAttributeName, "attributeValue")).andReturn();
-
 		CsrfToken handshakeToken = (CsrfToken) this.testHandshakeHandler.attributes.get(csrfAttributeName);
 		String handshakeValue = (String) this.testHandshakeHandler.attributes.get(customAttributeName);
 		String sessionValue = (String) result.getRequest().getSession().getAttribute(customAttributeName);
-
 		assertThat(handshakeToken).isEqualTo(this.token).withFailMessage("CsrfToken is populated");
-
 		assertThat(handshakeValue).isEqualTo(sessionValue)
 				.withFailMessage("Explicitly listed session variables are not overridden");
 	}
@@ -350,31 +293,23 @@ public class WebSocketMessageBrokerConfigTests {
 	@Test
 	public void sendWhenNoIdSpecifiedThenCustomArgumentResolversAreNotOverridden() {
 		this.spring.configLocations(xml("SyncCustomArgumentResolverConfig")).autowire();
-
 		this.clientInboundChannel.send(message("/message-with-argument"));
-
 		assertThat(this.messageWithArgumentController.messageArgument).isNotNull();
 	}
 
 	@Test
 	public void sendWhenUsingCustomPathMatcherThenSecurityAppliesIt() {
 		this.spring.configLocations(xml("CustomPathMatcherConfig")).autowire();
-
 		Message<?> message = message("/denyAll.a");
-
 		assertThatThrownBy(send(message)).hasCauseInstanceOf(AccessDeniedException.class);
-
 		message = message("/denyAll.a.b");
-
 		assertThatCode(send(message)).doesNotThrowAnyException();
 	}
 
 	@Test
 	public void sendWhenIdSpecifiedThenSecurityDoesNotIntegrateWithClientInboundChannel() {
 		this.spring.configLocations(xml("IdConfig")).autowire();
-
 		Message<?> message = message("/denyAll");
-
 		assertThatCode(send(message)).doesNotThrowAnyException();
 	}
 
@@ -382,18 +317,14 @@ public class WebSocketMessageBrokerConfigTests {
 	@WithMockUser
 	public void sendWhenIdSpecifiedAndExplicitlyIntegratedWhenBrokerUsesClientInboundChannel() {
 		this.spring.configLocations(xml("IdIntegratedConfig")).autowire();
-
 		Message<?> message = message("/denyAll");
-
 		assertThatThrownBy(send(message)).hasCauseInstanceOf(AccessDeniedException.class);
 	}
 
 	@Test
 	public void sendWhenNoIdSpecifiedThenSecurityDoesntOverrideCustomInterceptors() {
 		this.spring.configLocations(xml("CustomInterceptorConfig")).autowire();
-
 		Message<?> message = message("/throwAll");
-
 		assertThatThrownBy(send(message)).hasCauseInstanceOf(UnsupportedOperationException.class);
 	}
 
@@ -401,9 +332,7 @@ public class WebSocketMessageBrokerConfigTests {
 	@WithMockUser(username = "nile")
 	public void sendWhenCustomExpressionHandlerThenAuthorizesAccordingly() {
 		this.spring.configLocations(xml("CustomExpressionHandlerConfig")).autowire();
-
 		Message<?> message = message("/denyNile");
-
 		assertThatThrownBy(send(message)).hasCauseInstanceOf(AccessDeniedException.class);
 	}
 
@@ -428,13 +357,10 @@ public class WebSocketMessageBrokerConfigTests {
 		headers.setSessionId("123");
 		headers.setSessionAttributes(new HashMap<>());
 		headers.setDestination(destination);
-
 		if (SecurityContextHolder.getContext().getAuthentication() != null) {
 			headers.setUser(SecurityContextHolder.getContext().getAuthentication());
 		}
-
 		headers.getSessionAttributes().put(CsrfToken.class.getName(), this.token);
-
 		return new GenericMessage<>("hi", headers.getMessageHeaders());
 	}
 
@@ -491,9 +417,7 @@ public class WebSocketMessageBrokerConfigTests {
 		public boolean doHandshake(ServerHttpRequest request,
 				org.springframework.http.server.ServerHttpResponse response, WebSocketHandler wsHandler,
 				Map<String, Object> attributes) throws HandshakeFailureException {
-
 			this.attributes = attributes;
-
 			return true;
 		}
 
@@ -510,7 +434,6 @@ public class WebSocketMessageBrokerConfigTests {
 
 		@Override
 		public void postProcessBeanFactory(ConfigurableListableBeanFactory beanFactory) throws BeansException {
-
 		}
 
 	}
@@ -529,14 +452,11 @@ public class WebSocketMessageBrokerConfigTests {
 		@Override
 		protected SecurityExpressionOperations createSecurityExpressionRoot(Authentication authentication,
 				Message<Object> invocation) {
-
 			return new MessageSecurityExpressionRoot(authentication, invocation) {
-
 				public boolean denyNile() {
 					Authentication auth = getAuthentication();
 					return auth != null && !"nile".equals(auth.getName());
 				}
-
 			};
 		}
 
diff --git a/config/src/test/java/org/springframework/security/htmlunit/server/HtmlUnitWebTestClient.java b/config/src/test/java/org/springframework/security/htmlunit/server/HtmlUnitWebTestClient.java
index 4f673aa2ef..9ac5684868 100644
--- a/config/src/test/java/org/springframework/security/htmlunit/server/HtmlUnitWebTestClient.java
+++ b/config/src/test/java/org/springframework/security/htmlunit/server/HtmlUnitWebTestClient.java
@@ -63,7 +63,6 @@ final class HtmlUnitWebTestClient {
 		contentType(request, webRequest);
 		cookies(request, webRequest);
 		headers(request, webRequest);
-
 		return content(request, webRequest).exchange().returnResult(String.class);
 	}
 
@@ -109,7 +108,6 @@ final class HtmlUnitWebTestClient {
 				request.cookie(cookieName, cookieValue);
 			}
 		}
-
 		Set<com.gargoylesoftware.htmlunit.util.Cookie> managedCookies = this.webClient.getCookies(webRequest.getUrl());
 		for (com.gargoylesoftware.htmlunit.util.Cookie cookie : managedCookies) {
 			request.cookie(cookie.getName(), cookie.getValue());
@@ -156,10 +154,8 @@ final class HtmlUnitWebTestClient {
 						.headers((headers) -> headers.addAll(request.headers()))
 						.cookies((cookies) -> cookies.addAll(request.cookies()))
 						.attributes((attributes) -> attributes.putAll(request.attributes())).build();
-
 				return next.exchange(redirect).flatMap((r) -> redirectIfNecessary(request, next, r));
 			}
-
 			return Mono.just(response);
 		}
 
diff --git a/config/src/test/java/org/springframework/security/htmlunit/server/WebTestClientHtmlUnitDriverBuilderTests.java b/config/src/test/java/org/springframework/security/htmlunit/server/WebTestClientHtmlUnitDriverBuilderTests.java
index 7f509d7f1a..1c734077a8 100644
--- a/config/src/test/java/org/springframework/security/htmlunit/server/WebTestClientHtmlUnitDriverBuilderTests.java
+++ b/config/src/test/java/org/springframework/security/htmlunit/server/WebTestClientHtmlUnitDriverBuilderTests.java
@@ -46,9 +46,7 @@ public class WebTestClientHtmlUnitDriverBuilderTests {
 	public void helloWorld() {
 		WebTestClient webTestClient = WebTestClient.bindToController(new HelloWorldController()).build();
 		WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build();
-
 		driver.get("http://localhost/");
-
 		assertThat(driver.getPageSource()).contains("Hello World");
 	}
 
@@ -56,13 +54,9 @@ public class WebTestClientHtmlUnitDriverBuilderTests {
 	public void cookies() {
 		WebTestClient webTestClient = WebTestClient.bindToController(new CookieController()).build();
 		WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build();
-
 		driver.get("http://localhost/cookie");
-
 		assertThat(driver.getPageSource()).contains("theCookie");
-
 		driver.get("http://localhost/cookie/delete");
-
 		assertThat(driver.getPageSource()).contains("null");
 	}
 
diff --git a/config/src/test/java/org/springframework/security/htmlunit/server/WebTestClientWebConnection.java b/config/src/test/java/org/springframework/security/htmlunit/server/WebTestClientWebConnection.java
index f7dd640175..a2fed90d58 100644
--- a/config/src/test/java/org/springframework/security/htmlunit/server/WebTestClientWebConnection.java
+++ b/config/src/test/java/org/springframework/security/htmlunit/server/WebTestClientWebConnection.java
@@ -50,7 +50,6 @@ public class WebTestClientWebConnection implements WebConnection {
 		Assert.notNull(webTestClient, "MockMvc must not be null");
 		Assert.notNull(webClient, "WebClient must not be null");
 		validateContextPath(contextPath);
-
 		this.webClient = webClient;
 		this.webTestClient = webTestClient;
 		this.contextPath = contextPath;
@@ -82,7 +81,6 @@ public class WebTestClientWebConnection implements WebConnection {
 	@Override
 	public WebResponse getResponse(WebRequest webRequest) throws IOException {
 		long startTime = System.currentTimeMillis();
-
 		FluxExchangeResult<String> exchangeResult = this.requestBuilder.getResponse(webRequest);
 		webRequest.setUrl(exchangeResult.getUrl().toURL());
 		return new MockWebResponseBuilder(startTime, webRequest, exchangeResult).build();
diff --git a/config/src/test/java/org/springframework/security/intercept/method/aopalliance/MethodSecurityInterceptorWithAopConfigTests.java b/config/src/test/java/org/springframework/security/intercept/method/aopalliance/MethodSecurityInterceptorWithAopConfigTests.java
index dd8575d432..2710091266 100644
--- a/config/src/test/java/org/springframework/security/intercept/method/aopalliance/MethodSecurityInterceptorWithAopConfigTests.java
+++ b/config/src/test/java/org/springframework/security/intercept/method/aopalliance/MethodSecurityInterceptorWithAopConfigTests.java
@@ -41,12 +41,10 @@ public class MethodSecurityInterceptorWithAopConfigTests {
 			+ "            <user name='bob' password='bobspassword' authorities='ROLE_USER,ROLE_ADMIN' />"
 			+ "            <user name='bill' password='billspassword' authorities='ROLE_USER' />"
 			+ "        </user-service>" + "    </authentication-provider>" + "</authentication-manager>";
-
 	static final String ACCESS_MANAGER_XML = "<b:bean id='accessDecisionManager' class='org.springframework.security.access.vote.AffirmativeBased'>"
 			+ "   <b:constructor-arg>"
 			+ "       <b:list><b:bean class='org.springframework.security.access.vote.RoleVoter'/></b:list>"
 			+ "   </b:constructor-arg>" + "</b:bean>";
-
 	static final String TARGET_BEAN_AND_INTERCEPTOR = "<b:bean id='target' class='org.springframework.security.TargetObject'/>"
 			+ "<b:bean id='securityInterceptor' class='org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor' autowire='byType' >"
 			+ "     <b:property name='securityMetadataSource'>" + "         <method-security-metadata-source>"
@@ -77,9 +75,7 @@ public class MethodSecurityInterceptorWithAopConfigTests {
 				+ "     <aop:pointcut id='targetMethods' expression='execution(* org.springframework.security.TargetObject.*(..))'/>"
 				+ "     <aop:advisor advice-ref='securityInterceptor' pointcut-ref='targetMethods' />" + "</aop:config>"
 				+ TARGET_BEAN_AND_INTERCEPTOR + AUTH_PROVIDER_XML + ACCESS_MANAGER_XML);
-
 		ITargetObject target = (ITargetObject) this.appContext.getBean("target");
-
 		// Check both against interface and class
 		try {
 			target.makeLowerCase("TEST");
@@ -87,7 +83,6 @@ public class MethodSecurityInterceptorWithAopConfigTests {
 		}
 		catch (AuthenticationCredentialsNotFoundException expected) {
 		}
-
 		target.makeUpperCase("test");
 	}
 
@@ -101,18 +96,14 @@ public class MethodSecurityInterceptorWithAopConfigTests {
 						+ "       </b:list>" + "   </b:property>"
 						+ "   <b:property name='proxyTargetClass' value='false'/>" + "</b:bean>"
 						+ TARGET_BEAN_AND_INTERCEPTOR + AUTH_PROVIDER_XML + ACCESS_MANAGER_XML);
-
 		ITargetObject target = (ITargetObject) this.appContext.getBean("target");
-
 		try {
 			target.makeLowerCase("TEST");
 			fail("AuthenticationCredentialsNotFoundException expected");
 		}
 		catch (AuthenticationCredentialsNotFoundException expected) {
 		}
-
 		target.makeUpperCase("test");
-
 	}
 
 	private void setContext(String context) {
diff --git a/core/src/test/java/org/springframework/security/PopulatedDatabase.java b/core/src/test/java/org/springframework/security/PopulatedDatabase.java
index f450a2bb76..2ff999577a 100644
--- a/core/src/test/java/org/springframework/security/PopulatedDatabase.java
+++ b/core/src/test/java/org/springframework/security/PopulatedDatabase.java
@@ -37,14 +37,12 @@ public final class PopulatedDatabase {
 		if (dataSource == null) {
 			setupDataSource();
 		}
-
 		return dataSource;
 	}
 
 	private static void setupDataSource() {
 		dataSource = new TestDataSource("springsecuritytest");
 		JdbcTemplate template = new JdbcTemplate(dataSource);
-
 		template.execute(
 				"CREATE TABLE USERS(USERNAME VARCHAR_IGNORECASE(50) NOT NULL PRIMARY KEY,PASSWORD VARCHAR_IGNORECASE(500) NOT NULL,ENABLED BOOLEAN NOT NULL)");
 		template.execute(
@@ -77,18 +75,15 @@ public final class PopulatedDatabase {
 				"INSERT INTO acl_object_identity VALUES (5, 'org.springframework.security.acl.DomainObject:5', 3, 'org.springframework.security.acl.basic.SimpleAclEntry');");
 		template.execute(
 				"INSERT INTO acl_object_identity VALUES (6, 'org.springframework.security.acl.DomainObject:6', 3, 'org.springframework.security.acl.basic.SimpleAclEntry');");
-
 		// ----- BEGIN deviation from normal sample data load script -----
 		template.execute(
 				"INSERT INTO acl_object_identity VALUES (7, 'org.springframework.security.acl.DomainObject:7', 3, 'some.invalid.acl.entry.class');");
-
 		// ----- FINISH deviation from normal sample data load script -----
 		template.execute("INSERT INTO acl_permission VALUES (null, 1, 'ROLE_SUPERVISOR', 1);");
 		template.execute("INSERT INTO acl_permission VALUES (null, 2, 'ROLE_SUPERVISOR', 0);");
 		template.execute("INSERT INTO acl_permission VALUES (null, 2, 'rod', 2);");
 		template.execute("INSERT INTO acl_permission VALUES (null, 3, 'scott', 14);");
 		template.execute("INSERT INTO acl_permission VALUES (null, 6, 'scott', 1);");
-
 		createGroupTables(template);
 		insertGroupData(template);
 	}
@@ -106,13 +101,11 @@ public final class PopulatedDatabase {
 	public static void insertGroupData(JdbcTemplate template) {
 		template.execute("INSERT INTO USERS VALUES('jerry','password',TRUE)");
 		template.execute("INSERT INTO USERS VALUES('tom','password',TRUE)");
-
 		template.execute("INSERT INTO GROUPS VALUES (0, 'GROUP_0')");
 		template.execute("INSERT INTO GROUPS VALUES (1, 'GROUP_1')");
 		template.execute("INSERT INTO GROUPS VALUES (2, 'GROUP_2')");
 		// Group 3 isn't used
 		template.execute("INSERT INTO GROUPS VALUES (3, 'GROUP_3')");
-
 		template.execute("INSERT INTO GROUP_AUTHORITIES VALUES (0, 'ROLE_A')");
 		template.execute("INSERT INTO GROUP_AUTHORITIES VALUES (1, 'ROLE_B')");
 		template.execute("INSERT INTO GROUP_AUTHORITIES VALUES (1, 'ROLE_C')");
@@ -121,7 +114,6 @@ public final class PopulatedDatabase {
 		template.execute("INSERT INTO GROUP_AUTHORITIES VALUES (2, 'ROLE_C')");
 		template.execute("INSERT INTO GROUP_AUTHORITIES VALUES (3, 'ROLE_D')");
 		template.execute("INSERT INTO GROUP_AUTHORITIES VALUES (3, 'ROLE_E')");
-
 		template.execute("INSERT INTO GROUP_MEMBERS VALUES (0, 'jerry', 0)");
 		template.execute("INSERT INTO GROUP_MEMBERS VALUES (1, 'jerry', 1)");
 		// tom has groups with overlapping roles
diff --git a/core/src/test/java/org/springframework/security/TargetObject.java b/core/src/test/java/org/springframework/security/TargetObject.java
index 5f98437350..b936d69043 100644
--- a/core/src/test/java/org/springframework/security/TargetObject.java
+++ b/core/src/test/java/org/springframework/security/TargetObject.java
@@ -47,7 +47,6 @@ public class TargetObject implements ITargetObject {
 	@Override
 	public String makeLowerCase(String input) {
 		Authentication auth = SecurityContextHolder.getContext().getAuthentication();
-
 		if (auth == null) {
 			return input.toLowerCase() + " Authentication empty";
 		}
@@ -67,7 +66,6 @@ public class TargetObject implements ITargetObject {
 	@Override
 	public String makeUpperCase(String input) {
 		Authentication auth = SecurityContextHolder.getContext().getAuthentication();
-
 		return input.toUpperCase() + " " + auth.getClass().getName() + " " + auth.isAuthenticated();
 	}
 
diff --git a/core/src/test/java/org/springframework/security/access/AuthorizedEventTests.java b/core/src/test/java/org/springframework/security/access/AuthorizedEventTests.java
index 94de0f1f15..9b6fee171e 100644
--- a/core/src/test/java/org/springframework/security/access/AuthorizedEventTests.java
+++ b/core/src/test/java/org/springframework/security/access/AuthorizedEventTests.java
@@ -37,7 +37,6 @@ public class AuthorizedEventTests {
 
 	@Test(expected = IllegalArgumentException.class)
 	public void testRejectsNulls2() {
-
 		new AuthorizedEvent(new SimpleMethodInvocation(), null, new UsernamePasswordAuthenticationToken("foo", "bar"));
 	}
 
diff --git a/core/src/test/java/org/springframework/security/access/SecurityConfigTests.java b/core/src/test/java/org/springframework/security/access/SecurityConfigTests.java
index 40c2165865..7cc22aff20 100644
--- a/core/src/test/java/org/springframework/security/access/SecurityConfigTests.java
+++ b/core/src/test/java/org/springframework/security/access/SecurityConfigTests.java
@@ -53,23 +53,17 @@ public class SecurityConfigTests {
 		SecurityConfig security1 = new SecurityConfig("TEST");
 		SecurityConfig security2 = new SecurityConfig("TEST");
 		assertThat(security2).isEqualTo(security1);
-
 		// SEC-311: Must observe symmetry requirement of Object.equals(Object) contract
 		String securityString1 = "TEST";
 		assertThat(securityString1).isNotSameAs(security1);
-
 		String securityString2 = "NOT_EQUAL";
 		assertThat(!security1.equals(securityString2)).isTrue();
-
 		SecurityConfig security3 = new SecurityConfig("NOT_EQUAL");
 		assertThat(!security1.equals(security3)).isTrue();
-
 		MockConfigAttribute mock1 = new MockConfigAttribute("TEST");
 		assertThat(security1).isEqualTo(mock1);
-
 		MockConfigAttribute mock2 = new MockConfigAttribute("NOT_EQUAL");
 		assertThat(security1).isNotEqualTo(mock2);
-
 		Integer int1 = 987;
 		assertThat(security1).isNotEqualTo(int1);
 	}
diff --git a/core/src/test/java/org/springframework/security/access/annotation/BusinessServiceImpl.java b/core/src/test/java/org/springframework/security/access/annotation/BusinessServiceImpl.java
index 705632467e..0e732bf480 100644
--- a/core/src/test/java/org/springframework/security/access/annotation/BusinessServiceImpl.java
+++ b/core/src/test/java/org/springframework/security/access/annotation/BusinessServiceImpl.java
@@ -75,7 +75,6 @@ public class BusinessServiceImpl<E extends Entity> implements BusinessService {
 
 	@Override
 	public void rolesAllowedUser() {
-
 	}
 
 }
diff --git a/core/src/test/java/org/springframework/security/access/annotation/ExpressionProtectedBusinessServiceImpl.java b/core/src/test/java/org/springframework/security/access/annotation/ExpressionProtectedBusinessServiceImpl.java
index eec3144daa..9d1b066d01 100644
--- a/core/src/test/java/org/springframework/security/access/annotation/ExpressionProtectedBusinessServiceImpl.java
+++ b/core/src/test/java/org/springframework/security/access/annotation/ExpressionProtectedBusinessServiceImpl.java
@@ -71,12 +71,10 @@ public class ExpressionProtectedBusinessServiceImpl implements BusinessService {
 
 	@PreAuthorize("#x == 'x' and @number.intValue() == 1294 ")
 	public void methodWithBeanNamePropertyAccessExpression(String x) {
-
 	}
 
 	@Override
 	public void rolesAllowedUser() {
-
 	}
 
 }
diff --git a/core/src/test/java/org/springframework/security/access/annotation/Jsr250BusinessServiceImpl.java b/core/src/test/java/org/springframework/security/access/annotation/Jsr250BusinessServiceImpl.java
index 3472f49f1c..09aa5ae48c 100644
--- a/core/src/test/java/org/springframework/security/access/annotation/Jsr250BusinessServiceImpl.java
+++ b/core/src/test/java/org/springframework/security/access/annotation/Jsr250BusinessServiceImpl.java
@@ -76,7 +76,6 @@ public class Jsr250BusinessServiceImpl implements BusinessService {
 	@Override
 	@RolesAllowed({ "USER" })
 	public void rolesAllowedUser() {
-
 	}
 
 }
diff --git a/core/src/test/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSourceTests.java b/core/src/test/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSourceTests.java
index e072ee4b4c..642674a887 100644
--- a/core/src/test/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSourceTests.java
+++ b/core/src/test/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSourceTests.java
@@ -91,7 +91,6 @@ public class Jsr250MethodSecurityMetadataSourceTests {
 	@Test
 	public void customDefaultRolePrefix() throws Exception {
 		this.mds.setDefaultRolePrefix("CUSTOMPREFIX_");
-
 		ConfigAttribute[] accessAttributes = findAttributes("adminMethod");
 		assertThat(accessAttributes).hasSize(1);
 		assertThat(accessAttributes[0].toString()).isEqualTo("CUSTOMPREFIX_ADMIN");
@@ -100,7 +99,6 @@ public class Jsr250MethodSecurityMetadataSourceTests {
 	@Test
 	public void emptyDefaultRolePrefix() throws Exception {
 		this.mds.setDefaultRolePrefix("");
-
 		ConfigAttribute[] accessAttributes = findAttributes("adminMethod");
 		assertThat(accessAttributes).hasSize(1);
 		assertThat(accessAttributes[0].toString()).isEqualTo("ADMIN");
@@ -109,7 +107,6 @@ public class Jsr250MethodSecurityMetadataSourceTests {
 	@Test
 	public void nullDefaultRolePrefix() throws Exception {
 		this.mds.setDefaultRolePrefix(null);
-
 		ConfigAttribute[] accessAttributes = findAttributes("adminMethod");
 		assertThat(accessAttributes).hasSize(1);
 		assertThat(accessAttributes[0].toString()).isEqualTo("ADMIN");
@@ -123,7 +120,6 @@ public class Jsr250MethodSecurityMetadataSourceTests {
 	}
 
 	// JSR-250 Spec Tests
-
 	/**
 	 * Class-level annotations only affect the class they annotate and their members, that
 	 * is, its methods and fields. They never affect a member declared by a superclass,
@@ -134,7 +130,6 @@ public class Jsr250MethodSecurityMetadataSourceTests {
 	public void classLevelAnnotationsOnlyAffectTheClassTheyAnnotateAndTheirMembers() throws Exception {
 		Child target = new Child();
 		MockMethodInvocation mi = new MockMethodInvocation(target, target.getClass(), "notOverriden");
-
 		Collection<ConfigAttribute> accessAttributes = this.mds.getAttributes(mi);
 		assertThat(accessAttributes).isNull();
 	}
@@ -143,7 +138,6 @@ public class Jsr250MethodSecurityMetadataSourceTests {
 	public void classLevelAnnotationsOnlyAffectTheClassTheyAnnotateAndTheirMembersOverriden() throws Exception {
 		Child target = new Child();
 		MockMethodInvocation mi = new MockMethodInvocation(target, target.getClass(), "overriden");
-
 		Collection<ConfigAttribute> accessAttributes = this.mds.getAttributes(mi);
 		assertThat(accessAttributes).hasSize(1);
 		assertThat(accessAttributes.toArray()[0].toString()).isEqualTo("ROLE_DERIVED");
@@ -153,7 +147,6 @@ public class Jsr250MethodSecurityMetadataSourceTests {
 	public void classLevelAnnotationsImpactMemberLevel() throws Exception {
 		Child target = new Child();
 		MockMethodInvocation mi = new MockMethodInvocation(target, target.getClass(), "defaults");
-
 		Collection<ConfigAttribute> accessAttributes = this.mds.getAttributes(mi);
 		assertThat(accessAttributes).hasSize(1);
 		assertThat(accessAttributes.toArray()[0].toString()).isEqualTo("ROLE_DERIVED");
@@ -163,7 +156,6 @@ public class Jsr250MethodSecurityMetadataSourceTests {
 	public void classLevelAnnotationsIgnoredByExplicitMemberAnnotation() throws Exception {
 		Child target = new Child();
 		MockMethodInvocation mi = new MockMethodInvocation(target, target.getClass(), "explicitMethod");
-
 		Collection<ConfigAttribute> accessAttributes = this.mds.getAttributes(mi);
 		assertThat(accessAttributes).hasSize(1);
 		assertThat(accessAttributes.toArray()[0].toString()).isEqualTo("ROLE_EXPLICIT");
@@ -178,7 +170,6 @@ public class Jsr250MethodSecurityMetadataSourceTests {
 	public void interfacesNeverContributeAnnotationsMethodLevel() throws Exception {
 		Parent target = new Parent();
 		MockMethodInvocation mi = new MockMethodInvocation(target, target.getClass(), "interfaceMethod");
-
 		Collection<ConfigAttribute> accessAttributes = this.mds.getAttributes(mi);
 		assertThat(accessAttributes).isEmpty();
 	}
@@ -187,7 +178,6 @@ public class Jsr250MethodSecurityMetadataSourceTests {
 	public void interfacesNeverContributeAnnotationsClassLevel() throws Exception {
 		Parent target = new Parent();
 		MockMethodInvocation mi = new MockMethodInvocation(target, target.getClass(), "notOverriden");
-
 		Collection<ConfigAttribute> accessAttributes = this.mds.getAttributes(mi);
 		assertThat(accessAttributes).isEmpty();
 	}
@@ -196,7 +186,6 @@ public class Jsr250MethodSecurityMetadataSourceTests {
 	public void annotationsOnOverriddenMemberIgnored() throws Exception {
 		Child target = new Child();
 		MockMethodInvocation mi = new MockMethodInvocation(target, target.getClass(), "overridenIgnored");
-
 		Collection<ConfigAttribute> accessAttributes = this.mds.getAttributes(mi);
 		assertThat(accessAttributes).hasSize(1);
 		assertThat(accessAttributes.toArray()[0].toString()).isEqualTo("ROLE_DERIVED");
@@ -234,7 +223,6 @@ public class Jsr250MethodSecurityMetadataSourceTests {
 	}
 
 	// JSR-250 Spec
-
 	@RolesAllowed("IPARENT")
 	interface IParent {
 
diff --git a/core/src/test/java/org/springframework/security/access/annotation/Jsr250VoterTests.java b/core/src/test/java/org/springframework/security/access/annotation/Jsr250VoterTests.java
index 8e7f5536fc..412d2fe93f 100644
--- a/core/src/test/java/org/springframework/security/access/annotation/Jsr250VoterTests.java
+++ b/core/src/test/java/org/springframework/security/access/annotation/Jsr250VoterTests.java
@@ -38,21 +38,17 @@ public class Jsr250VoterTests {
 	public void supportsMultipleRolesCorrectly() {
 		List<ConfigAttribute> attrs = new ArrayList<>();
 		Jsr250Voter voter = new Jsr250Voter();
-
 		attrs.add(new Jsr250SecurityConfig("A"));
 		attrs.add(new Jsr250SecurityConfig("B"));
 		attrs.add(new Jsr250SecurityConfig("C"));
-
 		assertThat(voter.vote(new TestingAuthenticationToken("user", "pwd", "A"), new Object(), attrs))
 				.isEqualTo(AccessDecisionVoter.ACCESS_GRANTED);
 		assertThat(voter.vote(new TestingAuthenticationToken("user", "pwd", "B"), new Object(), attrs))
 				.isEqualTo(AccessDecisionVoter.ACCESS_GRANTED);
 		assertThat(voter.vote(new TestingAuthenticationToken("user", "pwd", "C"), new Object(), attrs))
 				.isEqualTo(AccessDecisionVoter.ACCESS_GRANTED);
-
 		assertThat(voter.vote(new TestingAuthenticationToken("user", "pwd", "NONE"), new Object(), attrs))
 				.isEqualTo(AccessDecisionVoter.ACCESS_DENIED);
-
 		assertThat(voter.vote(new TestingAuthenticationToken("user", "pwd", "A"), new Object(),
 				SecurityConfig.createList("A", "B", "C"))).isEqualTo(AccessDecisionVoter.ACCESS_ABSTAIN);
 	}
diff --git a/core/src/test/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSourceTests.java b/core/src/test/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSourceTests.java
index 842aa93485..a607b56874 100644
--- a/core/src/test/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSourceTests.java
+++ b/core/src/test/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSourceTests.java
@@ -54,39 +54,29 @@ public class SecuredAnnotationSecurityMetadataSourceTests {
 	@Test
 	public void genericsSuperclassDeclarationsAreIncludedWhenSubclassesOverride() {
 		Method method = null;
-
 		try {
 			method = DepartmentServiceImpl.class.getMethod("someUserMethod3", new Class[] { Department.class });
 		}
 		catch (NoSuchMethodException unexpected) {
 			fail("Should be a superMethod called 'someUserMethod3' on class!");
 		}
-
 		Collection<ConfigAttribute> attrs = this.mds.findAttributes(method, DepartmentServiceImpl.class);
-
 		assertThat(attrs).isNotNull();
-
 		// expect 1 attribute
 		assertThat(attrs.size() == 1).as("Did not find 1 attribute").isTrue();
-
 		// should have 1 SecurityConfig
 		for (ConfigAttribute sc : attrs) {
 			assertThat(sc.getAttribute()).as("Found an incorrect role").isEqualTo("ROLE_ADMIN");
 		}
-
 		Method superMethod = null;
-
 		try {
 			superMethod = DepartmentServiceImpl.class.getMethod("someUserMethod3", new Class[] { Entity.class });
 		}
 		catch (NoSuchMethodException unexpected) {
 			fail("Should be a superMethod called 'someUserMethod3' on class!");
 		}
-
 		Collection<ConfigAttribute> superAttrs = this.mds.findAttributes(superMethod, DepartmentServiceImpl.class);
-
 		assertThat(superAttrs).isNotNull();
-
 		// This part of the test relates to SEC-274
 		// expect 1 attribute
 		assertThat(superAttrs).as("Did not find 1 attribute").hasSize(1);
@@ -99,41 +89,31 @@ public class SecuredAnnotationSecurityMetadataSourceTests {
 	@Test
 	public void classLevelAttributesAreFound() {
 		Collection<ConfigAttribute> attrs = this.mds.findAttributes(BusinessService.class);
-
 		assertThat(attrs).isNotNull();
-
 		// expect 1 annotation
 		assertThat(attrs).hasSize(1);
-
 		// should have 1 SecurityConfig
 		SecurityConfig sc = (SecurityConfig) attrs.toArray()[0];
-
 		assertThat(sc.getAttribute()).isEqualTo("ROLE_USER");
 	}
 
 	@Test
 	public void methodLevelAttributesAreFound() {
 		Method method = null;
-
 		try {
 			method = BusinessService.class.getMethod("someUserAndAdminMethod", new Class[] {});
 		}
 		catch (NoSuchMethodException unexpected) {
 			fail("Should be a method called 'someUserAndAdminMethod' on class!");
 		}
-
 		Collection<ConfigAttribute> attrs = this.mds.findAttributes(method, BusinessService.class);
-
 		// expect 2 attributes
 		assertThat(attrs).hasSize(2);
-
 		boolean user = false;
 		boolean admin = false;
-
 		// should have 2 SecurityConfigs
 		for (ConfigAttribute sc : attrs) {
 			assertThat(sc).isInstanceOf(SecurityConfig.class);
-
 			if (sc.getAttribute().equals("ROLE_USER")) {
 				user = true;
 			}
@@ -141,7 +121,6 @@ public class SecuredAnnotationSecurityMetadataSourceTests {
 				admin = true;
 			}
 		}
-
 		// expect to have ROLE_USER and ROLE_ADMIN
 		assertThat(user).isEqualTo(admin).isTrue();
 	}
@@ -159,9 +138,7 @@ public class SecuredAnnotationSecurityMetadataSourceTests {
 	public void annotatedAnnotationAtClassLevelIsDetected() throws Exception {
 		MockMethodInvocation annotatedAtClassLevel = new MockMethodInvocation(new AnnotatedAnnotationAtClassLevel(),
 				ReturnVoid.class, "doSomething", List.class);
-
 		ConfigAttribute[] attrs = this.mds.getAttributes(annotatedAtClassLevel).toArray(new ConfigAttribute[0]);
-
 		assertThat(attrs).hasSize(1);
 		assertThat(attrs).extracting("attribute").containsOnly("CUSTOM");
 	}
@@ -170,9 +147,7 @@ public class SecuredAnnotationSecurityMetadataSourceTests {
 	public void annotatedAnnotationAtInterfaceLevelIsDetected() throws Exception {
 		MockMethodInvocation annotatedAtInterfaceLevel = new MockMethodInvocation(
 				new AnnotatedAnnotationAtInterfaceLevel(), ReturnVoid2.class, "doSomething", List.class);
-
 		ConfigAttribute[] attrs = this.mds.getAttributes(annotatedAtInterfaceLevel).toArray(new ConfigAttribute[0]);
-
 		assertThat(attrs).hasSize(1);
 		assertThat(attrs).extracting("attribute").containsOnly("CUSTOM");
 	}
@@ -182,7 +157,6 @@ public class SecuredAnnotationSecurityMetadataSourceTests {
 		MockMethodInvocation annotatedAtMethodLevel = new MockMethodInvocation(new AnnotatedAnnotationAtMethodLevel(),
 				ReturnVoid.class, "doSomething", List.class);
 		ConfigAttribute[] attrs = this.mds.getAttributes(annotatedAtMethodLevel).toArray(new ConfigAttribute[0]);
-
 		assertThat(attrs).hasSize(1);
 		assertThat(attrs).extracting("attribute").containsOnly("CUSTOM");
 	}
@@ -223,7 +197,6 @@ public class SecuredAnnotationSecurityMetadataSourceTests {
 	}
 
 	// SEC-1491 Related classes. PoC for custom annotation with enum value.
-
 	@CustomSecurityAnnotation(SecurityEnum.ADMIN)
 	interface CustomAnnotatedService {
 
@@ -262,7 +235,6 @@ public class SecuredAnnotationSecurityMetadataSourceTests {
 		@Override
 		public Collection<? extends ConfigAttribute> extractAttributes(CustomSecurityAnnotation securityAnnotation) {
 			SecurityEnum[] values = securityAnnotation.value();
-
 			return EnumSet.copyOf(Arrays.asList(values));
 		}
 
diff --git a/core/src/test/java/org/springframework/security/access/expression/AbstractSecurityExpressionHandlerTests.java b/core/src/test/java/org/springframework/security/access/expression/AbstractSecurityExpressionHandlerTests.java
index c9522feca6..f8c6b653a2 100644
--- a/core/src/test/java/org/springframework/security/access/expression/AbstractSecurityExpressionHandlerTests.java
+++ b/core/src/test/java/org/springframework/security/access/expression/AbstractSecurityExpressionHandlerTests.java
@@ -51,7 +51,6 @@ public class AbstractSecurityExpressionHandlerTests {
 	@Test
 	public void beanNamesAreCorrectlyResolved() {
 		this.handler.setApplicationContext(new AnnotationConfigApplicationContext(TestConfiguration.class));
-
 		Expression expression = this.handler.getExpressionParser()
 				.parseExpression("@number10.compareTo(@number20) < 0");
 		assertThat(expression.getValue(this.handler.createEvaluationContext(mock(Authentication.class), new Object())))
diff --git a/core/src/test/java/org/springframework/security/access/expression/SecurityExpressionRootTests.java b/core/src/test/java/org/springframework/security/access/expression/SecurityExpressionRootTests.java
index c1e953f363..9cb6564f61 100644
--- a/core/src/test/java/org/springframework/security/access/expression/SecurityExpressionRootTests.java
+++ b/core/src/test/java/org/springframework/security/access/expression/SecurityExpressionRootTests.java
@@ -64,7 +64,6 @@ public class SecurityExpressionRootTests {
 	@Test
 	public void roleHierarchySupportIsCorrectlyUsedInEvaluatingRoles() {
 		this.root.setRoleHierarchy((authorities) -> AuthorityUtils.createAuthorityList("ROLE_C"));
-
 		assertThat(this.root.hasRole("C")).isTrue();
 		assertThat(this.root.hasAuthority("ROLE_C")).isTrue();
 		assertThat(this.root.hasRole("A")).isFalse();
@@ -98,7 +97,6 @@ public class SecurityExpressionRootTests {
 	public void hasRoleDoesNotAddDefaultPrefixForAlreadyPrefixedRoles() {
 		SecurityExpressionRoot root = new SecurityExpressionRoot(JOE) {
 		};
-
 		assertThat(root.hasRole("ROLE_A")).isTrue();
 		assertThat(root.hasRole("ROLE_NO")).isFalse();
 	}
diff --git a/core/src/test/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandlerTests.java b/core/src/test/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandlerTests.java
index f2f1047f61..0cc3343ca5 100644
--- a/core/src/test/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandlerTests.java
+++ b/core/src/test/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandlerTests.java
@@ -77,11 +77,9 @@ public class DefaultMethodSecurityExpressionHandlerTests {
 	@Test
 	public void createEvaluationContextCustomTrustResolver() {
 		this.handler.setTrustResolver(this.trustResolver);
-
 		Expression expression = this.handler.getExpressionParser().parseExpression("anonymous");
 		EvaluationContext context = this.handler.createEvaluationContext(this.authentication, this.methodInvocation);
 		expression.getValue(context, Boolean.class);
-
 		verify(this.trustResolver).isAnonymous(this.authentication);
 	}
 
@@ -92,13 +90,9 @@ public class DefaultMethodSecurityExpressionHandlerTests {
 		map.put("key1", "value1");
 		map.put("key2", "value2");
 		map.put("key3", "value3");
-
 		Expression expression = this.handler.getExpressionParser().parseExpression("filterObject.key eq 'key2'");
-
 		EvaluationContext context = this.handler.createEvaluationContext(this.authentication, this.methodInvocation);
-
 		Object filtered = this.handler.filter(map, expression, context);
-
 		assertThat(filtered == map);
 		Map<String, String> result = ((Map<String, String>) filtered);
 		assertThat(result.size() == 1);
@@ -113,13 +107,9 @@ public class DefaultMethodSecurityExpressionHandlerTests {
 		map.put("key1", "value1");
 		map.put("key2", "value2");
 		map.put("key3", "value3");
-
 		Expression expression = this.handler.getExpressionParser().parseExpression("filterObject.value eq 'value3'");
-
 		EvaluationContext context = this.handler.createEvaluationContext(this.authentication, this.methodInvocation);
-
 		Object filtered = this.handler.filter(map, expression, context);
-
 		assertThat(filtered == map);
 		Map<String, String> result = ((Map<String, String>) filtered);
 		assertThat(result.size() == 1);
@@ -134,14 +124,10 @@ public class DefaultMethodSecurityExpressionHandlerTests {
 		map.put("key1", "value1");
 		map.put("key2", "value2");
 		map.put("key3", "value3");
-
 		Expression expression = this.handler.getExpressionParser()
 				.parseExpression("(filterObject.key eq 'key1') or (filterObject.value eq 'value2')");
-
 		EvaluationContext context = this.handler.createEvaluationContext(this.authentication, this.methodInvocation);
-
 		Object filtered = this.handler.filter(map, expression, context);
-
 		assertThat(filtered == map);
 		Map<String, String> result = ((Map<String, String>) filtered);
 		assertThat(result.size() == 2);
@@ -153,13 +139,9 @@ public class DefaultMethodSecurityExpressionHandlerTests {
 	@SuppressWarnings("unchecked")
 	public void filterWhenUsingStreamThenFiltersStream() {
 		final Stream<String> stream = Stream.of("1", "2", "3");
-
 		Expression expression = this.handler.getExpressionParser().parseExpression("filterObject ne '2'");
-
 		EvaluationContext context = this.handler.createEvaluationContext(this.authentication, this.methodInvocation);
-
 		Object filtered = this.handler.filter(stream, expression, context);
-
 		assertThat(filtered).isInstanceOf(Stream.class);
 		List<String> list = ((Stream<String>) filtered).collect(Collectors.toList());
 		assertThat(list).containsExactly("1", "3");
@@ -169,11 +151,8 @@ public class DefaultMethodSecurityExpressionHandlerTests {
 	public void filterStreamWhenClosedThenUpstreamGetsClosed() {
 		final Stream<?> upstream = mock(Stream.class);
 		doReturn(Stream.<String>empty()).when(upstream).filter(any());
-
 		Expression expression = this.handler.getExpressionParser().parseExpression("true");
-
 		EvaluationContext context = this.handler.createEvaluationContext(this.authentication, this.methodInvocation);
-
 		((Stream) this.handler.filter(upstream, expression, context)).close();
 		verify(upstream).close();
 	}
diff --git a/core/src/test/java/org/springframework/security/access/expression/method/MethodExpressionVoterTests.java b/core/src/test/java/org/springframework/security/access/expression/method/MethodExpressionVoterTests.java
index d60ef97c45..d409c4054d 100644
--- a/core/src/test/java/org/springframework/security/access/expression/method/MethodExpressionVoterTests.java
+++ b/core/src/test/java/org/springframework/security/access/expression/method/MethodExpressionVoterTests.java
@@ -113,9 +113,8 @@ public class MethodExpressionVoterTests {
 	@Test
 	public void ruleDefinedInAClassMethodIsApplied() throws Exception {
 		MethodInvocation mi = new SimpleMethodInvocation(new TargetImpl(), methodTakingAString(), "joe");
-		assertThat(
-
-				this.am.vote(this.joe, mi, createAttributes(new PreInvocationExpressionAttribute(null, null,
+		assertThat(this.am.vote(this.joe, mi,
+				createAttributes(new PreInvocationExpressionAttribute(null, null,
 						"T(org.springframework.security.access.expression.method.SecurityRules).isJoe(#argument)"))))
 								.isEqualTo(AccessDecisionVoter.ACCESS_GRANTED);
 	}
diff --git a/core/src/test/java/org/springframework/security/access/expression/method/MethodSecurityExpressionRootTests.java b/core/src/test/java/org/springframework/security/access/expression/method/MethodSecurityExpressionRootTests.java
index 43ee1027ad..e6c8910fd8 100644
--- a/core/src/test/java/org/springframework/security/access/expression/method/MethodSecurityExpressionRootTests.java
+++ b/core/src/test/java/org/springframework/security/access/expression/method/MethodSecurityExpressionRootTests.java
@@ -64,7 +64,6 @@ public class MethodSecurityExpressionRootTests {
 	public void canCallMethodsOnVariables() {
 		this.ctx.setVariable("var", "somestring");
 		Expression e = this.parser.parseExpression("#var.length() == 10");
-
 		assertThat(ExpressionUtils.evaluateAsBoolean(e, this.ctx)).isTrue();
 	}
 
@@ -87,9 +86,7 @@ public class MethodSecurityExpressionRootTests {
 		this.ctx.setVariable("domainObject", dummyDomainObject);
 		this.root.setPermissionEvaluator(pe);
 		given(pe.hasPermission(this.user, dummyDomainObject, "ignored")).willReturn(false);
-
 		assertThat(this.root.hasPermission(dummyDomainObject, "ignored")).isFalse();
-
 	}
 
 	@Test
@@ -99,7 +96,6 @@ public class MethodSecurityExpressionRootTests {
 		this.ctx.setVariable("domainObject", dummyDomainObject);
 		this.root.setPermissionEvaluator(pe);
 		given(pe.hasPermission(this.user, dummyDomainObject, "ignored")).willReturn(true);
-
 		assertThat(this.root.hasPermission(dummyDomainObject, "ignored")).isTrue();
 	}
 
@@ -110,7 +106,6 @@ public class MethodSecurityExpressionRootTests {
 		final PermissionEvaluator pe = mock(PermissionEvaluator.class);
 		this.root.setPermissionEvaluator(pe);
 		given(pe.hasPermission(eq(this.user), eq(dummyDomainObject), any(Integer.class))).willReturn(true, true, false);
-
 		Expression e = this.parser.parseExpression("hasPermission(#domainObject, 0xA)");
 		// evaluator returns true
 		assertThat(ExpressionUtils.evaluateAsBoolean(e, this.ctx)).isTrue();
@@ -135,12 +130,10 @@ public class MethodSecurityExpressionRootTests {
 		this.root.setPermissionEvaluator(pe);
 		given(pe.hasPermission(this.user, targetObject, i)).willReturn(true, false);
 		given(pe.hasPermission(this.user, "x", i)).willReturn(true);
-
 		Expression e = this.parser.parseExpression("hasPermission(this, 2)");
 		assertThat(ExpressionUtils.evaluateAsBoolean(e, this.ctx)).isTrue();
 		e = this.parser.parseExpression("hasPermission(this, 2)");
 		assertThat(ExpressionUtils.evaluateAsBoolean(e, this.ctx)).isFalse();
-
 		e = this.parser.parseExpression("hasPermission(this.x, 2)");
 		assertThat(ExpressionUtils.evaluateAsBoolean(e, this.ctx)).isTrue();
 	}
diff --git a/core/src/test/java/org/springframework/security/access/expression/method/PrePostAnnotationSecurityMetadataSourceTests.java b/core/src/test/java/org/springframework/security/access/expression/method/PrePostAnnotationSecurityMetadataSourceTests.java
index bf024683f3..c7e19fbf89 100644
--- a/core/src/test/java/org/springframework/security/access/expression/method/PrePostAnnotationSecurityMetadataSourceTests.java
+++ b/core/src/test/java/org/springframework/security/access/expression/method/PrePostAnnotationSecurityMetadataSourceTests.java
@@ -88,7 +88,6 @@ public class PrePostAnnotationSecurityMetadataSourceTests {
 	@Test
 	public void classLevelPreAnnotationIsPickedUpWhenNoMethodLevelExists() {
 		ConfigAttribute[] attrs = this.mds.getAttributes(this.voidImpl1).toArray(new ConfigAttribute[0]);
-
 		assertThat(attrs).hasSize(1);
 		assertThat(attrs[0] instanceof PreInvocationExpressionAttribute).isTrue();
 		PreInvocationExpressionAttribute pre = (PreInvocationExpressionAttribute) attrs[0];
@@ -100,7 +99,6 @@ public class PrePostAnnotationSecurityMetadataSourceTests {
 	@Test
 	public void mixedClassAndMethodPreAnnotationsAreBothIncluded() {
 		ConfigAttribute[] attrs = this.mds.getAttributes(this.voidImpl2).toArray(new ConfigAttribute[0]);
-
 		assertThat(attrs).hasSize(1);
 		assertThat(attrs[0] instanceof PreInvocationExpressionAttribute).isTrue();
 		PreInvocationExpressionAttribute pre = (PreInvocationExpressionAttribute) attrs[0];
@@ -112,7 +110,6 @@ public class PrePostAnnotationSecurityMetadataSourceTests {
 	@Test
 	public void methodWithPreFilterOnlyIsAllowed() {
 		ConfigAttribute[] attrs = this.mds.getAttributes(this.voidImpl3).toArray(new ConfigAttribute[0]);
-
 		assertThat(attrs).hasSize(1);
 		assertThat(attrs[0] instanceof PreInvocationExpressionAttribute).isTrue();
 		PreInvocationExpressionAttribute pre = (PreInvocationExpressionAttribute) attrs[0];
@@ -124,7 +121,6 @@ public class PrePostAnnotationSecurityMetadataSourceTests {
 	@Test
 	public void methodWithPostFilterOnlyIsAllowed() {
 		ConfigAttribute[] attrs = this.mds.getAttributes(this.listImpl1).toArray(new ConfigAttribute[0]);
-
 		assertThat(attrs).hasSize(2);
 		assertThat(attrs[0] instanceof PreInvocationExpressionAttribute).isTrue();
 		assertThat(attrs[1] instanceof PostInvocationExpressionAttribute).isTrue();
@@ -138,7 +134,6 @@ public class PrePostAnnotationSecurityMetadataSourceTests {
 	@Test
 	public void interfaceAttributesAreIncluded() {
 		ConfigAttribute[] attrs = this.mds.getAttributes(this.notherListImpl1).toArray(new ConfigAttribute[0]);
-
 		assertThat(attrs).hasSize(1);
 		assertThat(attrs[0] instanceof PreInvocationExpressionAttribute).isTrue();
 		PreInvocationExpressionAttribute pre = (PreInvocationExpressionAttribute) attrs[0];
@@ -151,7 +146,6 @@ public class PrePostAnnotationSecurityMetadataSourceTests {
 	@Test
 	public void classAttributesTakesPrecedeceOverInterfaceAttributes() {
 		ConfigAttribute[] attrs = this.mds.getAttributes(this.notherListImpl2).toArray(new ConfigAttribute[0]);
-
 		assertThat(attrs).hasSize(1);
 		assertThat(attrs[0] instanceof PreInvocationExpressionAttribute).isTrue();
 		PreInvocationExpressionAttribute pre = (PreInvocationExpressionAttribute) attrs[0];
@@ -164,7 +158,6 @@ public class PrePostAnnotationSecurityMetadataSourceTests {
 	@Test
 	public void customAnnotationAtClassLevelIsDetected() {
 		ConfigAttribute[] attrs = this.mds.getAttributes(this.annotatedAtClassLevel).toArray(new ConfigAttribute[0]);
-
 		assertThat(attrs).hasSize(1);
 	}
 
@@ -172,14 +165,12 @@ public class PrePostAnnotationSecurityMetadataSourceTests {
 	public void customAnnotationAtInterfaceLevelIsDetected() {
 		ConfigAttribute[] attrs = this.mds.getAttributes(this.annotatedAtInterfaceLevel)
 				.toArray(new ConfigAttribute[0]);
-
 		assertThat(attrs).hasSize(1);
 	}
 
 	@Test
 	public void customAnnotationAtMethodLevelIsDetected() {
 		ConfigAttribute[] attrs = this.mds.getAttributes(this.annotatedAtMethodLevel).toArray(new ConfigAttribute[0]);
-
 		assertThat(attrs).hasSize(1);
 	}
 
diff --git a/core/src/test/java/org/springframework/security/access/hierarchicalroles/HierarchicalRolesTestHelper.java b/core/src/test/java/org/springframework/security/access/hierarchicalroles/HierarchicalRolesTestHelper.java
index 8d2a9fdff3..b8df1e837e 100755
--- a/core/src/test/java/org/springframework/security/access/hierarchicalroles/HierarchicalRolesTestHelper.java
+++ b/core/src/test/java/org/springframework/security/access/hierarchicalroles/HierarchicalRolesTestHelper.java
@@ -36,7 +36,6 @@ public abstract class HierarchicalRolesTestHelper {
 		if (authorities1 == null && authorities2 == null) {
 			return true;
 		}
-
 		if (authorities1 == null || authorities2 == null) {
 			return false;
 		}
@@ -48,7 +47,6 @@ public abstract class HierarchicalRolesTestHelper {
 		if (authorities1 == null && authorities2 == null) {
 			return true;
 		}
-
 		if (authorities1 == null || authorities2 == null) {
 			return false;
 		}
@@ -60,7 +58,6 @@ public abstract class HierarchicalRolesTestHelper {
 		if (authorities == null) {
 			return null;
 		}
-
 		List<String> result = new ArrayList<>(authorities.size());
 		for (GrantedAuthority authority : authorities) {
 			result.add(authority.getAuthority());
@@ -70,12 +67,10 @@ public abstract class HierarchicalRolesTestHelper {
 
 	public static List<GrantedAuthority> createAuthorityList(final String... roles) {
 		List<GrantedAuthority> authorities = new ArrayList<>(roles.length);
-
 		for (final String role : roles) {
 			// Use non SimpleGrantedAuthority (SEC-863)
 			authorities.add((GrantedAuthority) () -> role);
 		}
-
 		return authorities;
 	}
 
diff --git a/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyAuthoritiesMapperTests.java b/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyAuthoritiesMapperTests.java
index 0d373bf9d9..58beb183f3 100644
--- a/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyAuthoritiesMapperTests.java
+++ b/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyAuthoritiesMapperTests.java
@@ -35,16 +35,11 @@ public class RoleHierarchyAuthoritiesMapperTests {
 		RoleHierarchyImpl rh = new RoleHierarchyImpl();
 		rh.setHierarchy("ROLE_A > ROLE_B\nROLE_B > ROLE_C");
 		RoleHierarchyAuthoritiesMapper mapper = new RoleHierarchyAuthoritiesMapper(rh);
-
 		Collection<? extends GrantedAuthority> authorities = mapper
 				.mapAuthorities(AuthorityUtils.createAuthorityList("ROLE_A", "ROLE_D"));
-
 		assertThat(authorities).hasSize(4);
-
 		mapper = new RoleHierarchyAuthoritiesMapper(new NullRoleHierarchy());
-
 		authorities = mapper.mapAuthorities(AuthorityUtils.createAuthorityList("ROLE_A", "ROLE_D"));
-
 		assertThat(authorities).hasSize(2);
 	}
 
diff --git a/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyImplTests.java b/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyImplTests.java
index 7f337dac51..0bd68d1955 100644
--- a/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyImplTests.java
+++ b/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyImplTests.java
@@ -38,27 +38,21 @@ public class RoleHierarchyImplTests {
 	public void testRoleHierarchyWithNullOrEmptyAuthorities() {
 		List<GrantedAuthority> authorities0 = null;
 		List<GrantedAuthority> authorities1 = new ArrayList<>();
-
 		RoleHierarchyImpl roleHierarchyImpl = new RoleHierarchyImpl();
 		roleHierarchyImpl.setHierarchy("ROLE_A > ROLE_B");
-
 		assertThat(roleHierarchyImpl.getReachableGrantedAuthorities(authorities0)).isNotNull();
 		assertThat(roleHierarchyImpl.getReachableGrantedAuthorities(authorities0)).isEmpty();
-
 		assertThat(roleHierarchyImpl.getReachableGrantedAuthorities(authorities1)).isNotNull();
 		assertThat(roleHierarchyImpl.getReachableGrantedAuthorities(authorities1)).isEmpty();
 	}
 
 	@Test
 	public void testSimpleRoleHierarchy() {
-
 		List<GrantedAuthority> authorities0 = AuthorityUtils.createAuthorityList("ROLE_0");
 		List<GrantedAuthority> authorities1 = AuthorityUtils.createAuthorityList("ROLE_A");
 		List<GrantedAuthority> authorities2 = AuthorityUtils.createAuthorityList("ROLE_A", "ROLE_B");
-
 		RoleHierarchyImpl roleHierarchyImpl = new RoleHierarchyImpl();
 		roleHierarchyImpl.setHierarchy("ROLE_A > ROLE_B");
-
 		assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(
 				roleHierarchyImpl.getReachableGrantedAuthorities(authorities0), authorities0)).isTrue();
 		assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(
@@ -73,13 +67,10 @@ public class RoleHierarchyImplTests {
 		List<GrantedAuthority> authorities2 = AuthorityUtils.createAuthorityList("ROLE_A", "ROLE_B", "ROLE_C");
 		List<GrantedAuthority> authorities3 = AuthorityUtils.createAuthorityList("ROLE_A", "ROLE_B", "ROLE_C",
 				"ROLE_D");
-
 		RoleHierarchyImpl roleHierarchyImpl = new RoleHierarchyImpl();
-
 		roleHierarchyImpl.setHierarchy("ROLE_A > ROLE_B\nROLE_B > ROLE_C");
 		assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(
 				roleHierarchyImpl.getReachableGrantedAuthorities(authorities1), authorities2)).isTrue();
-
 		roleHierarchyImpl.setHierarchy("ROLE_A > ROLE_B\nROLE_B > ROLE_C\nROLE_C > ROLE_D");
 		assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(
 				roleHierarchyImpl.getReachableGrantedAuthorities(authorities1), authorities3)).isTrue();
@@ -96,10 +87,8 @@ public class RoleHierarchyImplTests {
 		List<GrantedAuthority> authoritiesOutput3 = AuthorityUtils.createAuthorityList("ROLE_C", "ROLE_D");
 		List<GrantedAuthority> authoritiesInput4 = AuthorityUtils.createAuthorityList("ROLE_D");
 		List<GrantedAuthority> authoritiesOutput4 = AuthorityUtils.createAuthorityList("ROLE_D");
-
 		RoleHierarchyImpl roleHierarchyImpl = new RoleHierarchyImpl();
 		roleHierarchyImpl.setHierarchy("ROLE_A > ROLE_B\nROLE_A > ROLE_C\nROLE_C > ROLE_D\nROLE_B > ROLE_D");
-
 		assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(
 				roleHierarchyImpl.getReachableGrantedAuthorities(authoritiesInput1), authoritiesOutput1)).isTrue();
 		assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(
@@ -113,28 +102,24 @@ public class RoleHierarchyImplTests {
 	@Test
 	public void testCyclesInRoleHierarchy() {
 		RoleHierarchyImpl roleHierarchyImpl = new RoleHierarchyImpl();
-
 		try {
 			roleHierarchyImpl.setHierarchy("ROLE_A > ROLE_A");
 			fail("Cycle in role hierarchy was not detected!");
 		}
 		catch (CycleInRoleHierarchyException ex) {
 		}
-
 		try {
 			roleHierarchyImpl.setHierarchy("ROLE_A > ROLE_B\nROLE_B > ROLE_A");
 			fail("Cycle in role hierarchy was not detected!");
 		}
 		catch (CycleInRoleHierarchyException ex) {
 		}
-
 		try {
 			roleHierarchyImpl.setHierarchy("ROLE_A > ROLE_B\nROLE_B > ROLE_C\nROLE_C > ROLE_A");
 			fail("Cycle in role hierarchy was not detected!");
 		}
 		catch (CycleInRoleHierarchyException ex) {
 		}
-
 		try {
 			roleHierarchyImpl.setHierarchy(
 					"ROLE_A > ROLE_B\nROLE_B > ROLE_C\nROLE_C > ROLE_E\nROLE_E > ROLE_D\nROLE_D > ROLE_B");
@@ -142,7 +127,6 @@ public class RoleHierarchyImplTests {
 		}
 		catch (CycleInRoleHierarchyException ex) {
 		}
-
 		try {
 			roleHierarchyImpl.setHierarchy("ROLE_C > ROLE_B\nROLE_B > ROLE_A\nROLE_A > ROLE_B");
 			fail("Cycle in role hierarchy was not detected!");
@@ -154,7 +138,6 @@ public class RoleHierarchyImplTests {
 	@Test
 	public void testNoCyclesInRoleHierarchy() {
 		RoleHierarchyImpl roleHierarchyImpl = new RoleHierarchyImpl();
-
 		try {
 			roleHierarchyImpl.setHierarchy("ROLE_A > ROLE_B\nROLE_A > ROLE_C\nROLE_C > ROLE_D\nROLE_B > ROLE_D");
 		}
@@ -166,14 +149,11 @@ public class RoleHierarchyImplTests {
 	// SEC-863
 	@Test
 	public void testSimpleRoleHierarchyWithCustomGrantedAuthorityImplementation() {
-
 		List<GrantedAuthority> authorities0 = HierarchicalRolesTestHelper.createAuthorityList("ROLE_0");
 		List<GrantedAuthority> authorities1 = HierarchicalRolesTestHelper.createAuthorityList("ROLE_A");
 		List<GrantedAuthority> authorities2 = HierarchicalRolesTestHelper.createAuthorityList("ROLE_A", "ROLE_B");
-
 		RoleHierarchyImpl roleHierarchyImpl = new RoleHierarchyImpl();
 		roleHierarchyImpl.setHierarchy("ROLE_A > ROLE_B");
-
 		assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthoritiesCompareByAuthorityString(
 				roleHierarchyImpl.getReachableGrantedAuthorities(authorities0), authorities0)).isTrue();
 		assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthoritiesCompareByAuthorityString(
@@ -188,13 +168,10 @@ public class RoleHierarchyImplTests {
 		List<GrantedAuthority> authorities2 = AuthorityUtils.createAuthorityList("ROLE A", "ROLE B", "ROLE>C");
 		List<GrantedAuthority> authorities3 = AuthorityUtils.createAuthorityList("ROLE A", "ROLE B", "ROLE>C",
 				"ROLE D");
-
 		RoleHierarchyImpl roleHierarchyImpl = new RoleHierarchyImpl();
-
 		roleHierarchyImpl.setHierarchy("ROLE A > ROLE B\nROLE B > ROLE>C");
 		assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(
 				roleHierarchyImpl.getReachableGrantedAuthorities(authorities1), authorities2)).isTrue();
-
 		roleHierarchyImpl.setHierarchy("ROLE A > ROLE B\nROLE B > ROLE>C\nROLE>C > ROLE D");
 		assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(
 				roleHierarchyImpl.getReachableGrantedAuthorities(authorities1), authorities3)).isTrue();
@@ -209,7 +186,6 @@ public class RoleHierarchyImplTests {
 		RoleHierarchyImpl roleHierarchyImpl = new RoleHierarchyImpl();
 		roleHierarchyImpl.setHierarchy(
 				"ROLE_A > ROLE_B\n" + "ROLE_B > ROLE_AUTHENTICATED\n" + "ROLE_AUTHENTICATED > ROLE_UNAUTHENTICATED");
-
 		assertThat(roleHierarchyImpl.getReachableGrantedAuthorities(flatAuthorities))
 				.containsExactlyInAnyOrderElementsOf(allAuthorities);
 	}
@@ -223,7 +199,6 @@ public class RoleHierarchyImplTests {
 		RoleHierarchyImpl roleHierarchyImpl = new RoleHierarchyImpl();
 		roleHierarchyImpl
 				.setHierarchy("ROLE_HIGHEST > ROLE_HIGHER\n" + "ROLE_HIGHER > ROLE_LOW\n" + "ROLE_LOW > ROLE_LOWER");
-
 		assertThat(roleHierarchyImpl.getReachableGrantedAuthorities(flatAuthorities))
 				.containsExactlyInAnyOrderElementsOf(allAuthorities);
 	}
@@ -236,7 +211,6 @@ public class RoleHierarchyImplTests {
 				"ROLE_LOW", "ROLE_LOWER");
 		RoleHierarchyImpl roleHierarchyImpl = new RoleHierarchyImpl();
 		roleHierarchyImpl.setHierarchy("ROLE_HIGHEST > ROLE_HIGHER > ROLE_LOW > ROLE_LOWER");
-
 		assertThat(roleHierarchyImpl.getReachableGrantedAuthorities(flatAuthorities))
 				.containsExactlyInAnyOrderElementsOf(allAuthorities);
 	}
diff --git a/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyUtilsTests.java b/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyUtilsTests.java
index 6684a2e9d7..ae08fd1249 100644
--- a/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyUtilsTests.java
+++ b/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyUtilsTests.java
@@ -44,14 +44,11 @@ public class RoleHierarchyUtilsTests {
 				"ROLE_B > ROLE_D" + EOL +
 				"ROLE_C > ROLE_D" + EOL;
 		// @formatter:on
-
 		Map<String, List<String>> roleHierarchyMap = new TreeMap<>();
 		roleHierarchyMap.put("ROLE_A", Arrays.asList("ROLE_B", "ROLE_C"));
 		roleHierarchyMap.put("ROLE_B", Arrays.asList("ROLE_D"));
 		roleHierarchyMap.put("ROLE_C", Arrays.asList("ROLE_D"));
-
 		String roleHierarchy = RoleHierarchyUtils.roleHierarchyFromMap(roleHierarchyMap);
-
 		assertThat(roleHierarchy).isEqualTo(expectedRoleHierarchy);
 	}
 
@@ -69,7 +66,6 @@ public class RoleHierarchyUtilsTests {
 	public void roleHierarchyFromMapWhenRoleNullThenThrowsIllegalArgumentException() {
 		Map<String, List<String>> roleHierarchyMap = new HashMap<>();
 		roleHierarchyMap.put(null, Arrays.asList("ROLE_B", "ROLE_C"));
-
 		RoleHierarchyUtils.roleHierarchyFromMap(roleHierarchyMap);
 	}
 
@@ -77,7 +73,6 @@ public class RoleHierarchyUtilsTests {
 	public void roleHierarchyFromMapWhenRoleEmptyThenThrowsIllegalArgumentException() {
 		Map<String, List<String>> roleHierarchyMap = new HashMap<>();
 		roleHierarchyMap.put("", Arrays.asList("ROLE_B", "ROLE_C"));
-
 		RoleHierarchyUtils.roleHierarchyFromMap(roleHierarchyMap);
 	}
 
@@ -85,7 +80,6 @@ public class RoleHierarchyUtilsTests {
 	public void roleHierarchyFromMapWhenImpliedRolesNullThenThrowsIllegalArgumentException() {
 		Map<String, List<String>> roleHierarchyMap = new HashMap<>();
 		roleHierarchyMap.put("ROLE_A", null);
-
 		RoleHierarchyUtils.roleHierarchyFromMap(roleHierarchyMap);
 	}
 
@@ -93,7 +87,6 @@ public class RoleHierarchyUtilsTests {
 	public void roleHierarchyFromMapWhenImpliedRolesEmptyThenThrowsIllegalArgumentException() {
 		Map<String, List<String>> roleHierarchyMap = new HashMap<>();
 		roleHierarchyMap.put("ROLE_A", Collections.<String>emptyList());
-
 		RoleHierarchyUtils.roleHierarchyFromMap(roleHierarchyMap);
 	}
 
diff --git a/core/src/test/java/org/springframework/security/access/hierarchicalroles/TestHelperTests.java b/core/src/test/java/org/springframework/security/access/hierarchicalroles/TestHelperTests.java
index 54570c4759..111b94b8f5 100644
--- a/core/src/test/java/org/springframework/security/access/hierarchicalroles/TestHelperTests.java
+++ b/core/src/test/java/org/springframework/security/access/hierarchicalroles/TestHelperTests.java
@@ -42,12 +42,10 @@ public class TestHelperTests {
 		List<GrantedAuthority> authorities3 = AuthorityUtils.createAuthorityList("ROLE_A", "ROLE_C");
 		List<GrantedAuthority> authorities4 = AuthorityUtils.createAuthorityList("ROLE_A");
 		List<GrantedAuthority> authorities5 = AuthorityUtils.createAuthorityList("ROLE_A", "ROLE_A");
-
 		assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(null, null)).isTrue();
 		assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(authorities1, authorities1)).isTrue();
 		assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(authorities1, authorities2)).isTrue();
 		assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(authorities2, authorities1)).isTrue();
-
 		assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(null, authorities1)).isFalse();
 		assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(authorities1, null)).isFalse();
 		assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(authorities1, authorities3)).isFalse();
@@ -65,42 +63,32 @@ public class TestHelperTests {
 		Collection<GrantedAuthority> authorities3 = AuthorityUtils.createAuthorityList("ROLE_A", "ROLE_C");
 		Collection<GrantedAuthority> authorities4 = AuthorityUtils.createAuthorityList("ROLE_A");
 		Collection<GrantedAuthority> authorities5 = AuthorityUtils.createAuthorityList("ROLE_A", "ROLE_A");
-
 		List<String> authoritiesStrings1 = new ArrayList<>();
 		authoritiesStrings1.add("ROLE_A");
 		authoritiesStrings1.add("ROLE_B");
-
 		List<String> authoritiesStrings2 = new ArrayList<>();
 		authoritiesStrings2.add("ROLE_B");
 		authoritiesStrings2.add("ROLE_A");
-
 		List<String> authoritiesStrings3 = new ArrayList<>();
 		authoritiesStrings3.add("ROLE_A");
 		authoritiesStrings3.add("ROLE_C");
-
 		List<String> authoritiesStrings4 = new ArrayList<>();
 		authoritiesStrings4.add("ROLE_A");
-
 		List<String> authoritiesStrings5 = new ArrayList<>();
 		authoritiesStrings5.add("ROLE_A");
 		authoritiesStrings5.add("ROLE_A");
-
 		assertThat(CollectionUtils.isEqualCollection(
 				HierarchicalRolesTestHelper.toCollectionOfAuthorityStrings(authorities1), authoritiesStrings1))
 						.isTrue();
-
 		assertThat(CollectionUtils.isEqualCollection(
 				HierarchicalRolesTestHelper.toCollectionOfAuthorityStrings(authorities2), authoritiesStrings2))
 						.isTrue();
-
 		assertThat(CollectionUtils.isEqualCollection(
 				HierarchicalRolesTestHelper.toCollectionOfAuthorityStrings(authorities3), authoritiesStrings3))
 						.isTrue();
-
 		assertThat(CollectionUtils.isEqualCollection(
 				HierarchicalRolesTestHelper.toCollectionOfAuthorityStrings(authorities4), authoritiesStrings4))
 						.isTrue();
-
 		assertThat(CollectionUtils.isEqualCollection(
 				HierarchicalRolesTestHelper.toCollectionOfAuthorityStrings(authorities5), authoritiesStrings5))
 						.isTrue();
@@ -114,12 +102,10 @@ public class TestHelperTests {
 		List<GrantedAuthority> authorities3 = AuthorityUtils.createAuthorityList("ROLE_A", "ROLE_C");
 		List<GrantedAuthority> authorities4 = AuthorityUtils.createAuthorityList("ROLE_A");
 		List<GrantedAuthority> authorities5 = AuthorityUtils.createAuthorityList("ROLE_A", "ROLE_A");
-
 		assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(null, null)).isTrue();
 		assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(authorities1, authorities1)).isTrue();
 		assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(authorities1, authorities2)).isTrue();
 		assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(authorities2, authorities1)).isTrue();
-
 		assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(null, authorities1)).isFalse();
 		assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(authorities1, null)).isFalse();
 		assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(authorities1, authorities3)).isFalse();
@@ -144,7 +130,6 @@ public class TestHelperTests {
 		List<GrantedAuthority> authorities1 = HierarchicalRolesTestHelper.createAuthorityList("ROLE_A");
 		assertThat(authorities1).hasSize(1);
 		assertThat(authorities1.get(0).getAuthority()).isEqualTo("ROLE_A");
-
 		List<GrantedAuthority> authorities2 = HierarchicalRolesTestHelper.createAuthorityList("ROLE_A", "ROLE_C");
 		assertThat(authorities2).hasSize(2);
 		assertThat(authorities2.get(0).getAuthority()).isEqualTo("ROLE_A");
diff --git a/core/src/test/java/org/springframework/security/access/intercept/AbstractSecurityInterceptorTests.java b/core/src/test/java/org/springframework/security/access/intercept/AbstractSecurityInterceptorTests.java
index 67f6e1aa86..6a4047cbae 100644
--- a/core/src/test/java/org/springframework/security/access/intercept/AbstractSecurityInterceptorTests.java
+++ b/core/src/test/java/org/springframework/security/access/intercept/AbstractSecurityInterceptorTests.java
@@ -36,7 +36,6 @@ public class AbstractSecurityInterceptorTests {
 	@Test(expected = IllegalArgumentException.class)
 	public void detectsIfInvocationPassedIncompatibleSecureObject() {
 		MockSecurityInterceptorWhichOnlySupportsStrings si = new MockSecurityInterceptorWhichOnlySupportsStrings();
-
 		si.setRunAsManager(mock(RunAsManager.class));
 		si.setAuthenticationManager(mock(AuthenticationManager.class));
 		si.setAfterInvocationManager(mock(AfterInvocationManager.class));
diff --git a/core/src/test/java/org/springframework/security/access/intercept/AfterInvocationProviderManagerTests.java b/core/src/test/java/org/springframework/security/access/intercept/AfterInvocationProviderManagerTests.java
index 6244ad3a4f..f6fc8ec922 100644
--- a/core/src/test/java/org/springframework/security/access/intercept/AfterInvocationProviderManagerTests.java
+++ b/core/src/test/java/org/springframework/security/access/intercept/AfterInvocationProviderManagerTests.java
@@ -51,25 +51,19 @@ public class AfterInvocationProviderManagerTests {
 		manager.setProviders(list);
 		assertThat(manager.getProviders()).isEqualTo(list);
 		manager.afterPropertiesSet();
-
 		List<ConfigAttribute> attr1 = SecurityConfig.createList(new String[] { "GIVE_ME_SWAP1" });
 		List<ConfigAttribute> attr2 = SecurityConfig.createList(new String[] { "GIVE_ME_SWAP2" });
 		List<ConfigAttribute> attr3 = SecurityConfig.createList(new String[] { "GIVE_ME_SWAP3" });
 		List<ConfigAttribute> attr2and3 = SecurityConfig.createList(new String[] { "GIVE_ME_SWAP2", "GIVE_ME_SWAP3" });
 		List<ConfigAttribute> attr4 = SecurityConfig.createList(new String[] { "NEVER_CAUSES_SWAP" });
-
 		assertThat(manager.decide(null, new SimpleMethodInvocation(), attr1, "content-before-swapping"))
 				.isEqualTo("swap1");
-
 		assertThat(manager.decide(null, new SimpleMethodInvocation(), attr2, "content-before-swapping"))
 				.isEqualTo("swap2");
-
 		assertThat(manager.decide(null, new SimpleMethodInvocation(), attr3, "content-before-swapping"))
 				.isEqualTo("swap3");
-
 		assertThat(manager.decide(null, new SimpleMethodInvocation(), attr4, "content-before-swapping"))
 				.isEqualTo("content-before-swapping");
-
 		assertThat(manager.decide(null, new SimpleMethodInvocation(), attr2and3, "content-before-swapping"))
 				.isEqualTo("swap3");
 	}
@@ -78,7 +72,6 @@ public class AfterInvocationProviderManagerTests {
 	public void testRejectsEmptyProvidersList() {
 		AfterInvocationProviderManager manager = new AfterInvocationProviderManager();
 		List list = new Vector();
-
 		try {
 			manager.setProviders(list);
 			fail("Should have thrown IllegalArgumentException");
@@ -95,7 +88,6 @@ public class AfterInvocationProviderManagerTests {
 		list.add(new MockAfterInvocationProvider("swap1", MethodInvocation.class, new SecurityConfig("GIVE_ME_SWAP1")));
 		list.add(45);
 		list.add(new MockAfterInvocationProvider("swap3", MethodInvocation.class, new SecurityConfig("GIVE_ME_SWAP3")));
-
 		try {
 			manager.setProviders(list);
 			fail("Should have thrown IllegalArgumentException");
@@ -108,7 +100,6 @@ public class AfterInvocationProviderManagerTests {
 	@Test
 	public void testRejectsNullProvidersList() throws Exception {
 		AfterInvocationProviderManager manager = new AfterInvocationProviderManager();
-
 		try {
 			manager.afterPropertiesSet();
 			fail("Should have thrown IllegalArgumentException");
@@ -127,7 +118,6 @@ public class AfterInvocationProviderManagerTests {
 		list.add(new MockAfterInvocationProvider("swap3", MethodInvocation.class, new SecurityConfig("GIVE_ME_SWAP3")));
 		manager.setProviders(list);
 		manager.afterPropertiesSet();
-
 		assertThat(manager.supports(new SecurityConfig("UNKNOWN_ATTRIB"))).isFalse();
 		assertThat(manager.supports(new SecurityConfig("GIVE_ME_SWAP2"))).isTrue();
 	}
@@ -141,7 +131,6 @@ public class AfterInvocationProviderManagerTests {
 		list.add(new MockAfterInvocationProvider("swap3", MethodInvocation.class, new SecurityConfig("GIVE_ME_SWAP3")));
 		manager.setProviders(list);
 		manager.afterPropertiesSet();
-
 		// assertFalse(manager.supports(FilterInvocation.class));
 		assertThat(manager.supports(MethodInvocation.class)).isTrue();
 	}
@@ -171,7 +160,6 @@ public class AfterInvocationProviderManagerTests {
 			if (config.contains(this.configAttribute)) {
 				return this.forceReturnObject;
 			}
-
 			return returnedObject;
 		}
 
diff --git a/core/src/test/java/org/springframework/security/access/intercept/InterceptorStatusTokenTests.java b/core/src/test/java/org/springframework/security/access/intercept/InterceptorStatusTokenTests.java
index f745614c0f..eb6947816a 100644
--- a/core/src/test/java/org/springframework/security/access/intercept/InterceptorStatusTokenTests.java
+++ b/core/src/test/java/org/springframework/security/access/intercept/InterceptorStatusTokenTests.java
@@ -42,7 +42,6 @@ public class InterceptorStatusTokenTests {
 		MethodInvocation mi = new SimpleMethodInvocation();
 		SecurityContext ctx = SecurityContextHolder.createEmptyContext();
 		InterceptorStatusToken token = new InterceptorStatusToken(ctx, true, attr, mi);
-
 		assertThat(token.isContextHolderRefreshRequired()).isTrue();
 		assertThat(token.getAttributes()).isEqualTo(attr);
 		assertThat(token.getSecureObject()).isEqualTo(mi);
diff --git a/core/src/test/java/org/springframework/security/access/intercept/RunAsImplAuthenticationProviderTests.java b/core/src/test/java/org/springframework/security/access/intercept/RunAsImplAuthenticationProviderTests.java
index b19767152a..620806f5ff 100644
--- a/core/src/test/java/org/springframework/security/access/intercept/RunAsImplAuthenticationProviderTests.java
+++ b/core/src/test/java/org/springframework/security/access/intercept/RunAsImplAuthenticationProviderTests.java
@@ -38,7 +38,6 @@ public class RunAsImplAuthenticationProviderTests {
 				AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO"), UsernamePasswordAuthenticationToken.class);
 		RunAsImplAuthenticationProvider provider = new RunAsImplAuthenticationProvider();
 		provider.setKey("hello_world");
-
 		provider.authenticate(token);
 	}
 
@@ -48,11 +47,8 @@ public class RunAsImplAuthenticationProviderTests {
 				AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO"), UsernamePasswordAuthenticationToken.class);
 		RunAsImplAuthenticationProvider provider = new RunAsImplAuthenticationProvider();
 		provider.setKey("my_password");
-
 		Authentication result = provider.authenticate(token);
-
 		Assert.assertTrue("Should have returned RunAsUserToken", result instanceof RunAsUserToken);
-
 		RunAsUserToken resultCast = (RunAsUserToken) result;
 		assertThat(resultCast.getKeyHash()).isEqualTo("my_password".hashCode());
 	}
@@ -60,7 +56,6 @@ public class RunAsImplAuthenticationProviderTests {
 	@Test(expected = IllegalArgumentException.class)
 	public void testStartupFailsIfNoKey() throws Exception {
 		RunAsImplAuthenticationProvider provider = new RunAsImplAuthenticationProvider();
-
 		provider.afterPropertiesSet();
 	}
 
diff --git a/core/src/test/java/org/springframework/security/access/intercept/RunAsManagerImplTests.java b/core/src/test/java/org/springframework/security/access/intercept/RunAsManagerImplTests.java
index c58c4a193f..31503300c3 100644
--- a/core/src/test/java/org/springframework/security/access/intercept/RunAsManagerImplTests.java
+++ b/core/src/test/java/org/springframework/security/access/intercept/RunAsManagerImplTests.java
@@ -45,10 +45,8 @@ public class RunAsManagerImplTests {
 	public void testDoesNotReturnAdditionalAuthoritiesIfCalledWithoutARunAsSetting() {
 		UsernamePasswordAuthenticationToken inputToken = new UsernamePasswordAuthenticationToken("Test", "Password",
 				AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO"));
-
 		RunAsManagerImpl runAs = new RunAsManagerImpl();
 		runAs.setKey("my_password");
-
 		Authentication resultingToken = runAs.buildRunAs(inputToken, new Object(),
 				SecurityConfig.createList("SOMETHING_WE_IGNORE"));
 		assertThat(resultingToken).isNull();
@@ -58,23 +56,18 @@ public class RunAsManagerImplTests {
 	public void testRespectsRolePrefix() {
 		UsernamePasswordAuthenticationToken inputToken = new UsernamePasswordAuthenticationToken("Test", "Password",
 				AuthorityUtils.createAuthorityList("ONE", "TWO"));
-
 		RunAsManagerImpl runAs = new RunAsManagerImpl();
 		runAs.setKey("my_password");
 		runAs.setRolePrefix("FOOBAR_");
-
 		Authentication result = runAs.buildRunAs(inputToken, new Object(),
 				SecurityConfig.createList("RUN_AS_SOMETHING"));
-
 		assertThat(result instanceof RunAsUserToken).withFailMessage("Should have returned a RunAsUserToken").isTrue();
 		assertThat(result.getPrincipal()).isEqualTo(inputToken.getPrincipal());
 		assertThat(result.getCredentials()).isEqualTo(inputToken.getCredentials());
 		Set<String> authorities = AuthorityUtils.authorityListToSet(result.getAuthorities());
-
 		assertThat(authorities.contains("FOOBAR_RUN_AS_SOMETHING")).isTrue();
 		assertThat(authorities.contains("ONE")).isTrue();
 		assertThat(authorities.contains("TWO")).isTrue();
-
 		RunAsUserToken resultCast = (RunAsUserToken) result;
 		assertThat(resultCast.getKeyHash()).isEqualTo("my_password".hashCode());
 	}
@@ -83,25 +76,19 @@ public class RunAsManagerImplTests {
 	public void testReturnsAdditionalGrantedAuthorities() {
 		UsernamePasswordAuthenticationToken inputToken = new UsernamePasswordAuthenticationToken("Test", "Password",
 				AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO"));
-
 		RunAsManagerImpl runAs = new RunAsManagerImpl();
 		runAs.setKey("my_password");
-
 		Authentication result = runAs.buildRunAs(inputToken, new Object(),
 				SecurityConfig.createList("RUN_AS_SOMETHING"));
-
 		if (!(result instanceof RunAsUserToken)) {
 			fail("Should have returned a RunAsUserToken");
 		}
-
 		assertThat(result.getPrincipal()).isEqualTo(inputToken.getPrincipal());
 		assertThat(result.getCredentials()).isEqualTo(inputToken.getCredentials());
-
 		Set<String> authorities = AuthorityUtils.authorityListToSet(result.getAuthorities());
 		assertThat(authorities.contains("ROLE_RUN_AS_SOMETHING")).isTrue();
 		assertThat(authorities.contains("ROLE_ONE")).isTrue();
 		assertThat(authorities.contains("ROLE_TWO")).isTrue();
-
 		RunAsUserToken resultCast = (RunAsUserToken) result;
 		assertThat(resultCast.getKeyHash()).isEqualTo("my_password".hashCode());
 	}
@@ -109,13 +96,11 @@ public class RunAsManagerImplTests {
 	@Test
 	public void testStartupDetectsMissingKey() throws Exception {
 		RunAsManagerImpl runAs = new RunAsManagerImpl();
-
 		try {
 			runAs.afterPropertiesSet();
 			fail("Should have thrown IllegalArgumentException");
 		}
 		catch (IllegalArgumentException expected) {
-
 		}
 	}
 
diff --git a/core/src/test/java/org/springframework/security/access/intercept/RunAsUserTokenTests.java b/core/src/test/java/org/springframework/security/access/intercept/RunAsUserTokenTests.java
index 50d5fd3d70..b8b151b27a 100644
--- a/core/src/test/java/org/springframework/security/access/intercept/RunAsUserTokenTests.java
+++ b/core/src/test/java/org/springframework/security/access/intercept/RunAsUserTokenTests.java
@@ -53,7 +53,6 @@ public class RunAsUserTokenTests {
 	@Test
 	public void testNoArgConstructorDoesntExist() {
 		Class<RunAsUserToken> clazz = RunAsUserToken.class;
-
 		try {
 			clazz.getDeclaredConstructor((Class[]) null);
 			fail("Should have thrown NoSuchMethodException");
diff --git a/core/src/test/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptorTests.java b/core/src/test/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptorTests.java
index b510aeb697..aa8ff61359 100644
--- a/core/src/test/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptorTests.java
+++ b/core/src/test/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptorTests.java
@@ -198,7 +198,6 @@ public class MethodSecurityInterceptorTests {
 		given(this.adm.supports(MethodInvocation.class)).willReturn(true);
 		given(this.mds.supports(MethodInvocation.class)).willReturn(true);
 		given(this.mds.getAllConfigAttributes()).willReturn(null);
-
 		this.interceptor.setValidateConfigAttributes(true);
 		this.interceptor.afterPropertiesSet();
 		verify(this.adm, never()).supports(any(ConfigAttribute.class));
@@ -224,10 +223,8 @@ public class MethodSecurityInterceptorTests {
 	public void callIsntMadeWhenAuthenticationManagerRejectsAuthentication() {
 		final TestingAuthenticationToken token = new TestingAuthenticationToken("Test", "Password");
 		SecurityContextHolder.getContext().setAuthentication(token);
-
 		mdsReturnsUserRole();
 		given(this.authman.authenticate(token)).willThrow(new BadCredentialsException("rejected"));
-
 		this.advisedTarget.makeLowerCase("HELLO");
 	}
 
@@ -237,9 +234,7 @@ public class MethodSecurityInterceptorTests {
 		this.interceptor.setPublishAuthorizationSuccess(true);
 		SecurityContextHolder.getContext().setAuthentication(this.token);
 		mdsReturnsUserRole();
-
 		String result = this.advisedTarget.makeLowerCase("HELLO");
-
 		// Note we check the isAuthenticated remained true in following line
 		assertThat(result)
 				.isEqualTo("hello org.springframework.security.authentication.TestingAuthenticationToken true");
@@ -256,7 +251,6 @@ public class MethodSecurityInterceptorTests {
 		given(this.authman.authenticate(this.token)).willReturn(this.token);
 		willThrow(new AccessDeniedException("rejected")).given(this.adm).decide(any(Authentication.class),
 				any(MethodInvocation.class), any(List.class));
-
 		try {
 			this.advisedTarget.makeUpperCase("HELLO");
 			fail("Expected Exception");
@@ -282,7 +276,6 @@ public class MethodSecurityInterceptorTests {
 		this.interceptor.setRunAsManager(runAs);
 		mdsReturnsUserRole();
 		given(runAs.buildRunAs(eq(this.token), any(MethodInvocation.class), any(List.class))).willReturn(runAsToken);
-
 		String result = this.advisedTarget.makeUpperCase("hello");
 		assertThat(result).isEqualTo("HELLO org.springframework.security.access.intercept.RunAsUserToken true");
 		// Check we've changed back
@@ -304,14 +297,12 @@ public class MethodSecurityInterceptorTests {
 		this.interceptor.setRunAsManager(runAs);
 		mdsReturnsUserRole();
 		given(runAs.buildRunAs(eq(this.token), any(MethodInvocation.class), any(List.class))).willReturn(runAsToken);
-
 		try {
 			this.advisedTarget.makeUpperCase("hello");
 			fail("Expected Exception");
 		}
 		catch (RuntimeException success) {
 		}
-
 		// Check we've changed back
 		assertThat(SecurityContextHolder.getContext()).isSameAs(ctx);
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(this.token);
@@ -329,19 +320,15 @@ public class MethodSecurityInterceptorTests {
 		this.token.setAuthenticated(true);
 		SecurityContextHolder.getContext().setAuthentication(this.token);
 		mdsReturnsUserRole();
-
 		AfterInvocationManager aim = mock(AfterInvocationManager.class);
 		this.interceptor.setAfterInvocationManager(aim);
-
 		given(mi.proceed()).willThrow(new Throwable());
-
 		try {
 			this.interceptor.invoke(mi);
 			fail("Expected exception");
 		}
 		catch (Throwable expected) {
 		}
-
 		verifyZeroInteractions(aim);
 	}
 
diff --git a/core/src/test/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisorTests.java b/core/src/test/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisorTests.java
index d9ea3b8857..297705c6e5 100644
--- a/core/src/test/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisorTests.java
+++ b/core/src/test/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisorTests.java
@@ -39,7 +39,6 @@ public class MethodSecurityMetadataSourceAdvisorTests {
 	public void testAdvisorReturnsFalseWhenMethodInvocationNotDefined() throws Exception {
 		Class<TargetObject> clazz = TargetObject.class;
 		Method method = clazz.getMethod("makeLowerCase", new Class[] { String.class });
-
 		MethodSecurityMetadataSource mds = mock(MethodSecurityMetadataSource.class);
 		given(mds.getAttributes(method, clazz)).willReturn(null);
 		MethodSecurityMetadataSourceAdvisor advisor = new MethodSecurityMetadataSourceAdvisor("", mds, "");
@@ -50,7 +49,6 @@ public class MethodSecurityMetadataSourceAdvisorTests {
 	public void testAdvisorReturnsTrueWhenMethodInvocationIsDefined() throws Exception {
 		Class<TargetObject> clazz = TargetObject.class;
 		Method method = clazz.getMethod("countLength", new Class[] { String.class });
-
 		MethodSecurityMetadataSource mds = mock(MethodSecurityMetadataSource.class);
 		given(mds.getAttributes(method, clazz)).willReturn(SecurityConfig.createList("ROLE_A"));
 		MethodSecurityMetadataSourceAdvisor advisor = new MethodSecurityMetadataSourceAdvisor("", mds, "");
diff --git a/core/src/test/java/org/springframework/security/access/intercept/aspectj/AspectJMethodSecurityInterceptorTests.java b/core/src/test/java/org/springframework/security/access/intercept/aspectj/AspectJMethodSecurityInterceptorTests.java
index f156277895..6ea44ac332 100644
--- a/core/src/test/java/org/springframework/security/access/intercept/aspectj/AspectJMethodSecurityInterceptorTests.java
+++ b/core/src/test/java/org/springframework/security/access/intercept/aspectj/AspectJMethodSecurityInterceptorTests.java
@@ -114,7 +114,6 @@ public class AspectJMethodSecurityInterceptorTests {
 		SecurityContextHolder.getContext().setAuthentication(this.token);
 		this.interceptor.invoke(this.joinPoint, this.aspectJCallback);
 		verify(this.aspectJCallback).proceedWithObject();
-
 		// Just try the other method too
 		this.interceptor.invoke(this.joinPoint);
 	}
@@ -123,7 +122,6 @@ public class AspectJMethodSecurityInterceptorTests {
 	@Test
 	public void callbackIsNotInvokedWhenPermissionDenied() {
 		willThrow(new AccessDeniedException("denied")).given(this.adm).decide(any(), any(), any());
-
 		SecurityContextHolder.getContext().setAuthentication(this.token);
 		try {
 			this.interceptor.invoke(this.joinPoint, this.aspectJCallback);
@@ -138,7 +136,6 @@ public class AspectJMethodSecurityInterceptorTests {
 	public void adapterHoldsCorrectData() {
 		TargetObject to = new TargetObject();
 		Method m = ClassUtils.getMethodIfAvailable(TargetObject.class, "countLength", new Class[] { String.class });
-
 		given(this.joinPoint.getTarget()).willReturn(to);
 		given(this.joinPoint.getArgs()).willReturn(new Object[] { "Hi" });
 		MethodInvocationAdapter mia = new MethodInvocationAdapter(this.joinPoint);
@@ -152,19 +149,15 @@ public class AspectJMethodSecurityInterceptorTests {
 	public void afterInvocationManagerIsNotInvokedIfExceptionIsRaised() {
 		this.token.setAuthenticated(true);
 		SecurityContextHolder.getContext().setAuthentication(this.token);
-
 		AfterInvocationManager aim = mock(AfterInvocationManager.class);
 		this.interceptor.setAfterInvocationManager(aim);
-
 		given(this.aspectJCallback.proceedWithObject()).willThrow(new RuntimeException());
-
 		try {
 			this.interceptor.invoke(this.joinPoint, this.aspectJCallback);
 			fail("Expected exception");
 		}
 		catch (RuntimeException expected) {
 		}
-
 		verifyZeroInteractions(aim);
 	}
 
@@ -181,14 +174,12 @@ public class AspectJMethodSecurityInterceptorTests {
 		this.interceptor.setRunAsManager(runAs);
 		given(runAs.buildRunAs(eq(this.token), any(MethodInvocation.class), any(List.class))).willReturn(runAsToken);
 		given(this.aspectJCallback.proceedWithObject()).willThrow(new RuntimeException());
-
 		try {
 			this.interceptor.invoke(this.joinPoint, this.aspectJCallback);
 			fail("Expected Exception");
 		}
 		catch (RuntimeException success) {
 		}
-
 		// Check we've changed back
 		assertThat(SecurityContextHolder.getContext()).isSameAs(ctx);
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(this.token);
@@ -207,14 +198,12 @@ public class AspectJMethodSecurityInterceptorTests {
 		this.interceptor.setRunAsManager(runAs);
 		given(runAs.buildRunAs(eq(this.token), any(MethodInvocation.class), any(List.class))).willReturn(runAsToken);
 		given(this.joinPoint.proceed()).willThrow(new RuntimeException());
-
 		try {
 			this.interceptor.invoke(this.joinPoint);
 			fail("Expected Exception");
 		}
 		catch (RuntimeException success) {
 		}
-
 		// Check we've changed back
 		assertThat(SecurityContextHolder.getContext()).isSameAs(ctx);
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(this.token);
diff --git a/core/src/test/java/org/springframework/security/access/intercept/method/MapBasedMethodSecurityMetadataSourceTests.java b/core/src/test/java/org/springframework/security/access/intercept/method/MapBasedMethodSecurityMetadataSourceTests.java
index 9236bb38d8..ae3c44b91e 100644
--- a/core/src/test/java/org/springframework/security/access/intercept/method/MapBasedMethodSecurityMetadataSourceTests.java
+++ b/core/src/test/java/org/springframework/security/access/intercept/method/MapBasedMethodSecurityMetadataSourceTests.java
@@ -64,7 +64,6 @@ public class MapBasedMethodSecurityMetadataSourceTests {
 	public void methodsWithDifferentArgumentsAreMatchedCorrectly() {
 		this.mds.addSecureMethod(MockService.class, this.someMethodInteger, this.ROLE_A);
 		this.mds.addSecureMethod(MockService.class, this.someMethodString, this.ROLE_B);
-
 		assertThat(this.mds.getAttributes(this.someMethodInteger, MockService.class)).isEqualTo(this.ROLE_A);
 		assertThat(this.mds.getAttributes(this.someMethodString, MockService.class)).isEqualTo(this.ROLE_B);
 	}
diff --git a/core/src/test/java/org/springframework/security/access/intercept/method/MethodInvocationPrivilegeEvaluatorTests.java b/core/src/test/java/org/springframework/security/access/intercept/method/MethodInvocationPrivilegeEvaluatorTests.java
index bd0a55037d..a9e89fa1e5 100644
--- a/core/src/test/java/org/springframework/security/access/intercept/method/MethodInvocationPrivilegeEvaluatorTests.java
+++ b/core/src/test/java/org/springframework/security/access/intercept/method/MethodInvocationPrivilegeEvaluatorTests.java
@@ -78,13 +78,10 @@ public class MethodInvocationPrivilegeEvaluatorTests {
 	public void allowsAccessUsingCreate() throws Exception {
 		Object object = new TargetObject();
 		final MethodInvocation mi = MethodInvocationUtils.create(object, "makeLowerCase", "foobar");
-
 		MethodInvocationPrivilegeEvaluator mipe = new MethodInvocationPrivilegeEvaluator();
 		given(this.mds.getAttributes(mi)).willReturn(this.role);
-
 		mipe.setSecurityInterceptor(this.interceptor);
 		mipe.afterPropertiesSet();
-
 		assertThat(mipe.isAllowed(mi, this.token)).isTrue();
 	}
 
@@ -95,7 +92,6 @@ public class MethodInvocationPrivilegeEvaluatorTests {
 		MethodInvocationPrivilegeEvaluator mipe = new MethodInvocationPrivilegeEvaluator();
 		mipe.setSecurityInterceptor(this.interceptor);
 		given(this.mds.getAttributes(mi)).willReturn(this.role);
-
 		assertThat(mipe.isAllowed(mi, this.token)).isTrue();
 	}
 
@@ -107,7 +103,6 @@ public class MethodInvocationPrivilegeEvaluatorTests {
 		mipe.setSecurityInterceptor(this.interceptor);
 		given(this.mds.getAttributes(mi)).willReturn(this.role);
 		willThrow(new AccessDeniedException("rejected")).given(this.adm).decide(this.token, mi, this.role);
-
 		assertThat(mipe.isAllowed(mi, this.token)).isFalse();
 	}
 
@@ -115,12 +110,10 @@ public class MethodInvocationPrivilegeEvaluatorTests {
 	public void declinesAccessUsingCreateFromClass() {
 		final MethodInvocation mi = MethodInvocationUtils.createFromClass(new OtherTargetObject(), ITargetObject.class,
 				"makeLowerCase", new Class[] { String.class }, new Object[] { "helloWorld" });
-
 		MethodInvocationPrivilegeEvaluator mipe = new MethodInvocationPrivilegeEvaluator();
 		mipe.setSecurityInterceptor(this.interceptor);
 		given(this.mds.getAttributes(mi)).willReturn(this.role);
 		willThrow(new AccessDeniedException("rejected")).given(this.adm).decide(this.token, mi, this.role);
-
 		assertThat(mipe.isAllowed(mi, this.token)).isFalse();
 	}
 
diff --git a/core/src/test/java/org/springframework/security/access/vote/AbstractAccessDecisionManagerTests.java b/core/src/test/java/org/springframework/security/access/vote/AbstractAccessDecisionManagerTests.java
index 46e5985dab..b0cfe45d60 100644
--- a/core/src/test/java/org/springframework/security/access/vote/AbstractAccessDecisionManagerTests.java
+++ b/core/src/test/java/org/springframework/security/access/vote/AbstractAccessDecisionManagerTests.java
@@ -54,9 +54,7 @@ public class AbstractAccessDecisionManagerTests {
 		List list = new Vector();
 		list.add(new DenyVoter());
 		list.add(new MockStringOnlyVoter());
-
 		MockDecisionManagerImpl mock = new MockDecisionManagerImpl(list);
-
 		assertThat(mock.supports(String.class)).isTrue();
 		assertThat(!mock.supports(Integer.class)).isTrue();
 	}
@@ -68,12 +66,9 @@ public class AbstractAccessDecisionManagerTests {
 		DenyAgainVoter denyVoter = new DenyAgainVoter();
 		list.add(voter);
 		list.add(denyVoter);
-
 		MockDecisionManagerImpl mock = new MockDecisionManagerImpl(list);
-
 		ConfigAttribute attr = new SecurityConfig("DENY_AGAIN_FOR_SURE");
 		assertThat(mock.supports(attr)).isTrue();
-
 		ConfigAttribute badAttr = new SecurityConfig("WE_DONT_SUPPORT_THIS");
 		assertThat(!mock.supports(badAttr)).isTrue();
 	}
@@ -92,13 +87,11 @@ public class AbstractAccessDecisionManagerTests {
 	@Test
 	public void testRejectsEmptyList() {
 		List list = new Vector();
-
 		try {
 			new MockDecisionManagerImpl(list);
 			fail("Should have thrown IllegalArgumentException");
 		}
 		catch (IllegalArgumentException expected) {
-
 		}
 	}
 
@@ -109,7 +102,6 @@ public class AbstractAccessDecisionManagerTests {
 			fail("Should have thrown IllegalArgumentException");
 		}
 		catch (IllegalArgumentException expected) {
-
 		}
 	}
 
@@ -126,7 +118,6 @@ public class AbstractAccessDecisionManagerTests {
 			fail("Should have thrown IllegalArgumentException");
 		}
 		catch (IllegalArgumentException expected) {
-
 		}
 	}
 
diff --git a/core/src/test/java/org/springframework/security/access/vote/AffirmativeBasedTests.java b/core/src/test/java/org/springframework/security/access/vote/AffirmativeBasedTests.java
index e03cbc3cb9..d11135de93 100644
--- a/core/src/test/java/org/springframework/security/access/vote/AffirmativeBasedTests.java
+++ b/core/src/test/java/org/springframework/security/access/vote/AffirmativeBasedTests.java
@@ -56,11 +56,9 @@ public class AffirmativeBasedTests {
 	@Before
 	@SuppressWarnings("unchecked")
 	public void setup() {
-
 		this.grant = mock(AccessDecisionVoter.class);
 		this.abstain = mock(AccessDecisionVoter.class);
 		this.deny = mock(AccessDecisionVoter.class);
-
 		given(this.grant.vote(any(Authentication.class), any(Object.class), any(List.class)))
 				.willReturn(AccessDecisionVoter.ACCESS_GRANTED);
 		given(this.abstain.vote(any(Authentication.class), any(Object.class), any(List.class)))
@@ -71,7 +69,6 @@ public class AffirmativeBasedTests {
 
 	@Test
 	public void oneAffirmativeVoteOneDenyVoteOneAbstainVoteGrantsAccess() throws Exception {
-
 		this.mgr = new AffirmativeBased(
 				Arrays.<AccessDecisionVoter<? extends Object>>asList(this.grant, this.deny, this.abstain));
 		this.mgr.afterPropertiesSet();
@@ -104,7 +101,6 @@ public class AffirmativeBasedTests {
 		this.mgr = new AffirmativeBased(
 				Arrays.<AccessDecisionVoter<? extends Object>>asList(this.abstain, this.abstain, this.abstain));
 		assertThat(!this.mgr.isAllowIfAllAbstainDecisions()).isTrue(); // check default
-
 		this.mgr.decide(this.user, new Object(), this.attrs);
 	}
 
@@ -114,7 +110,6 @@ public class AffirmativeBasedTests {
 				Arrays.<AccessDecisionVoter<? extends Object>>asList(this.abstain, this.abstain, this.abstain));
 		this.mgr.setAllowIfAllAbstainDecisions(true);
 		assertThat(this.mgr.isAllowIfAllAbstainDecisions()).isTrue(); // check changed
-
 		this.mgr.decide(this.user, new Object(), this.attrs);
 	}
 
diff --git a/core/src/test/java/org/springframework/security/access/vote/AuthenticatedVoterTests.java b/core/src/test/java/org/springframework/security/access/vote/AuthenticatedVoterTests.java
index 4cc37d0c70..595bd55fc9 100644
--- a/core/src/test/java/org/springframework/security/access/vote/AuthenticatedVoterTests.java
+++ b/core/src/test/java/org/springframework/security/access/vote/AuthenticatedVoterTests.java
@@ -82,13 +82,11 @@ public class AuthenticatedVoterTests {
 	@Test
 	public void testSetterRejectsNull() {
 		AuthenticatedVoter voter = new AuthenticatedVoter();
-
 		try {
 			voter.setAuthenticationTrustResolver(null);
 			fail("Expected IAE");
 		}
 		catch (IllegalArgumentException expected) {
-
 		}
 	}
 
diff --git a/core/src/test/java/org/springframework/security/access/vote/ConsensusBasedTests.java b/core/src/test/java/org/springframework/security/access/vote/ConsensusBasedTests.java
index 0392e921c1..647387d2aa 100644
--- a/core/src/test/java/org/springframework/security/access/vote/ConsensusBasedTests.java
+++ b/core/src/test/java/org/springframework/security/access/vote/ConsensusBasedTests.java
@@ -43,9 +43,7 @@ public class ConsensusBasedTests {
 		ConsensusBased mgr = makeDecisionManager();
 		mgr.setAllowIfEqualGrantedDeniedDecisions(false);
 		assertThat(!mgr.isAllowIfEqualGrantedDeniedDecisions()).isTrue(); // check changed
-
 		List<ConfigAttribute> config = SecurityConfig.createList("ROLE_1", "DENY_FOR_SURE");
-
 		mgr.decide(auth, new Object(), config);
 	}
 
@@ -53,29 +51,22 @@ public class ConsensusBasedTests {
 	public void testOneAffirmativeVoteOneDenyVoteOneAbstainVoteGrantsAccessWithDefault() {
 		TestingAuthenticationToken auth = makeTestToken();
 		ConsensusBased mgr = makeDecisionManager();
-
 		assertThat(mgr.isAllowIfEqualGrantedDeniedDecisions()).isTrue(); // check default
-
 		List<ConfigAttribute> config = SecurityConfig.createList("ROLE_1", "DENY_FOR_SURE");
-
 		mgr.decide(auth, new Object(), config);
-
 	}
 
 	@Test
 	public void testOneAffirmativeVoteTwoAbstainVotesGrantsAccess() {
 		TestingAuthenticationToken auth = makeTestToken();
 		ConsensusBased mgr = makeDecisionManager();
-
 		mgr.decide(auth, new Object(), SecurityConfig.createList("ROLE_2"));
-
 	}
 
 	@Test(expected = AccessDeniedException.class)
 	public void testOneDenyVoteTwoAbstainVotesDeniesAccess() {
 		TestingAuthenticationToken auth = makeTestToken();
 		ConsensusBased mgr = makeDecisionManager();
-
 		mgr.decide(auth, new Object(), SecurityConfig.createList("ROLE_WE_DO_NOT_HAVE"));
 		fail("Should have thrown AccessDeniedException");
 	}
@@ -84,9 +75,7 @@ public class ConsensusBasedTests {
 	public void testThreeAbstainVotesDeniesAccessWithDefault() {
 		TestingAuthenticationToken auth = makeTestToken();
 		ConsensusBased mgr = makeDecisionManager();
-
 		assertThat(!mgr.isAllowIfAllAbstainDecisions()).isTrue(); // check default
-
 		mgr.decide(auth, new Object(), SecurityConfig.createList("IGNORED_BY_ALL"));
 	}
 
@@ -96,7 +85,6 @@ public class ConsensusBasedTests {
 		ConsensusBased mgr = makeDecisionManager();
 		mgr.setAllowIfAllAbstainDecisions(true);
 		assertThat(mgr.isAllowIfAllAbstainDecisions()).isTrue(); // check changed
-
 		mgr.decide(auth, new Object(), SecurityConfig.createList("IGNORED_BY_ALL"));
 	}
 
@@ -104,7 +92,6 @@ public class ConsensusBasedTests {
 	public void testTwoAffirmativeVotesTwoAbstainVotesGrantsAccess() {
 		TestingAuthenticationToken auth = makeTestToken();
 		ConsensusBased mgr = makeDecisionManager();
-
 		mgr.decide(auth, new Object(), SecurityConfig.createList("ROLE_1", "ROLE_2"));
 	}
 
@@ -116,7 +103,6 @@ public class ConsensusBasedTests {
 		voters.add(roleVoter);
 		voters.add(denyForSureVoter);
 		voters.add(denyAgainForSureVoter);
-
 		return new ConsensusBased(voters);
 	}
 
diff --git a/core/src/test/java/org/springframework/security/access/vote/DenyAgainVoter.java b/core/src/test/java/org/springframework/security/access/vote/DenyAgainVoter.java
index f6e2977982..4d59a0173b 100644
--- a/core/src/test/java/org/springframework/security/access/vote/DenyAgainVoter.java
+++ b/core/src/test/java/org/springframework/security/access/vote/DenyAgainVoter.java
@@ -48,15 +48,12 @@ public class DenyAgainVoter implements AccessDecisionVoter<Object> {
 	@Override
 	public int vote(Authentication authentication, Object object, Collection<ConfigAttribute> attributes) {
 		Iterator<ConfigAttribute> iter = attributes.iterator();
-
 		while (iter.hasNext()) {
 			ConfigAttribute attribute = iter.next();
-
 			if (this.supports(attribute)) {
 				return ACCESS_DENIED;
 			}
 		}
-
 		return ACCESS_ABSTAIN;
 	}
 
diff --git a/core/src/test/java/org/springframework/security/access/vote/DenyVoter.java b/core/src/test/java/org/springframework/security/access/vote/DenyVoter.java
index ae548752f1..b20964b020 100644
--- a/core/src/test/java/org/springframework/security/access/vote/DenyVoter.java
+++ b/core/src/test/java/org/springframework/security/access/vote/DenyVoter.java
@@ -50,15 +50,12 @@ public class DenyVoter implements AccessDecisionVoter<Object> {
 	@Override
 	public int vote(Authentication authentication, Object object, Collection<ConfigAttribute> attributes) {
 		Iterator<ConfigAttribute> iter = attributes.iterator();
-
 		while (iter.hasNext()) {
 			ConfigAttribute attribute = iter.next();
-
 			if (this.supports(attribute)) {
 				return ACCESS_DENIED;
 			}
 		}
-
 		return ACCESS_ABSTAIN;
 	}
 
diff --git a/core/src/test/java/org/springframework/security/access/vote/RoleHierarchyVoterTests.java b/core/src/test/java/org/springframework/security/access/vote/RoleHierarchyVoterTests.java
index 9dd3cc940d..806ec7416b 100644
--- a/core/src/test/java/org/springframework/security/access/vote/RoleHierarchyVoterTests.java
+++ b/core/src/test/java/org/springframework/security/access/vote/RoleHierarchyVoterTests.java
@@ -31,11 +31,9 @@ public class RoleHierarchyVoterTests {
 	public void hierarchicalRoleIsIncludedInDecision() {
 		RoleHierarchyImpl roleHierarchyImpl = new RoleHierarchyImpl();
 		roleHierarchyImpl.setHierarchy("ROLE_A > ROLE_B");
-
 		// User has role A, role B is required
 		TestingAuthenticationToken auth = new TestingAuthenticationToken("user", "password", "ROLE_A");
 		RoleHierarchyVoter voter = new RoleHierarchyVoter(roleHierarchyImpl);
-
 		assertThat(voter.vote(auth, new Object(), SecurityConfig.createList("ROLE_B")))
 				.isEqualTo(AccessDecisionVoter.ACCESS_GRANTED);
 	}
diff --git a/core/src/test/java/org/springframework/security/access/vote/UnanimousBasedTests.java b/core/src/test/java/org/springframework/security/access/vote/UnanimousBasedTests.java
index 2c204ea270..943d31da0a 100644
--- a/core/src/test/java/org/springframework/security/access/vote/UnanimousBasedTests.java
+++ b/core/src/test/java/org/springframework/security/access/vote/UnanimousBasedTests.java
@@ -51,7 +51,6 @@ public class UnanimousBasedTests {
 	private UnanimousBased makeDecisionManagerWithFooBarPrefix() {
 		RoleVoter roleVoter = new RoleVoter();
 		roleVoter.setRolePrefix("FOOBAR_");
-
 		DenyVoter denyForSureVoter = new DenyVoter();
 		DenyAgainVoter denyAgainForSureVoter = new DenyAgainVoter();
 		List<AccessDecisionVoter<? extends Object>> voters = new Vector<>();
@@ -73,9 +72,7 @@ public class UnanimousBasedTests {
 	public void testOneAffirmativeVoteOneDenyVoteOneAbstainVoteDeniesAccess() {
 		TestingAuthenticationToken auth = makeTestToken();
 		UnanimousBased mgr = makeDecisionManager();
-
 		List<ConfigAttribute> config = SecurityConfig.createList(new String[] { "ROLE_1", "DENY_FOR_SURE" });
-
 		try {
 			mgr.decide(auth, new Object(), config);
 			fail("Should have thrown AccessDeniedException");
@@ -88,9 +85,7 @@ public class UnanimousBasedTests {
 	public void testOneAffirmativeVoteTwoAbstainVotesGrantsAccess() {
 		TestingAuthenticationToken auth = makeTestToken();
 		UnanimousBased mgr = makeDecisionManager();
-
 		List<ConfigAttribute> config = SecurityConfig.createList("ROLE_2");
-
 		mgr.decide(auth, new Object(), config);
 	}
 
@@ -98,9 +93,7 @@ public class UnanimousBasedTests {
 	public void testOneDenyVoteTwoAbstainVotesDeniesAccess() {
 		TestingAuthenticationToken auth = makeTestToken();
 		UnanimousBased mgr = makeDecisionManager();
-
 		List<ConfigAttribute> config = SecurityConfig.createList("ROLE_WE_DO_NOT_HAVE");
-
 		try {
 			mgr.decide(auth, new Object(), config);
 			fail("Should have thrown AccessDeniedException");
@@ -113,9 +106,7 @@ public class UnanimousBasedTests {
 	public void testRoleVoterPrefixObserved() {
 		TestingAuthenticationToken auth = makeTestTokenWithFooBarPrefix();
 		UnanimousBased mgr = makeDecisionManagerWithFooBarPrefix();
-
 		List<ConfigAttribute> config = SecurityConfig.createList(new String[] { "FOOBAR_1", "FOOBAR_2" });
-
 		mgr.decide(auth, new Object(), config);
 	}
 
@@ -123,11 +114,8 @@ public class UnanimousBasedTests {
 	public void testThreeAbstainVotesDeniesAccessWithDefault() {
 		TestingAuthenticationToken auth = makeTestToken();
 		UnanimousBased mgr = makeDecisionManager();
-
 		assertThat(!mgr.isAllowIfAllAbstainDecisions()).isTrue(); // check default
-
 		List<ConfigAttribute> config = SecurityConfig.createList("IGNORED_BY_ALL");
-
 		try {
 			mgr.decide(auth, new Object(), config);
 			fail("Should have thrown AccessDeniedException");
@@ -142,9 +130,7 @@ public class UnanimousBasedTests {
 		UnanimousBased mgr = makeDecisionManager();
 		mgr.setAllowIfAllAbstainDecisions(true);
 		assertThat(mgr.isAllowIfAllAbstainDecisions()).isTrue(); // check changed
-
 		List<ConfigAttribute> config = SecurityConfig.createList("IGNORED_BY_ALL");
-
 		mgr.decide(auth, new Object(), config);
 	}
 
@@ -152,9 +138,7 @@ public class UnanimousBasedTests {
 	public void testTwoAffirmativeVotesTwoAbstainVotesGrantsAccess() {
 		TestingAuthenticationToken auth = makeTestToken();
 		UnanimousBased mgr = makeDecisionManager();
-
 		List<ConfigAttribute> config = SecurityConfig.createList(new String[] { "ROLE_1", "ROLE_2" });
-
 		mgr.decide(auth, new Object(), config);
 	}
 
diff --git a/core/src/test/java/org/springframework/security/authentication/AbstractAuthenticationTokenTests.java b/core/src/test/java/org/springframework/security/authentication/AbstractAuthenticationTokenTests.java
index fa7219294a..90c0f82f4a 100644
--- a/core/src/test/java/org/springframework/security/authentication/AbstractAuthenticationTokenTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/AbstractAuthenticationTokenTests.java
@@ -51,7 +51,6 @@ public class AbstractAuthenticationTokenTests {
 		MockAuthenticationImpl token = new MockAuthenticationImpl("Test", "Password", this.authorities);
 		List<GrantedAuthority> gotAuthorities = (List<GrantedAuthority>) token.getAuthorities();
 		assertThat(gotAuthorities).isNotSameAs(this.authorities);
-
 		gotAuthorities.set(0, new SimpleGrantedAuthority("ROLE_SUPER_USER"));
 	}
 
@@ -70,9 +69,7 @@ public class AbstractAuthenticationTokenTests {
 		MockAuthenticationImpl token3 = new MockAuthenticationImpl(null, null, AuthorityUtils.NO_AUTHORITIES);
 		assertThat(token2.hashCode()).isEqualTo(token1.hashCode());
 		assertThat(token1.hashCode() != token3.hashCode()).isTrue();
-
 		token2.setAuthenticated(true);
-
 		assertThat(token1.hashCode() != token2.hashCode()).isTrue();
 	}
 
@@ -81,25 +78,19 @@ public class AbstractAuthenticationTokenTests {
 		MockAuthenticationImpl token1 = new MockAuthenticationImpl("Test", "Password", this.authorities);
 		MockAuthenticationImpl token2 = new MockAuthenticationImpl("Test", "Password", this.authorities);
 		assertThat(token2).isEqualTo(token1);
-
 		MockAuthenticationImpl token3 = new MockAuthenticationImpl("Test", "Password_Changed", this.authorities);
 		assertThat(!token1.equals(token3)).isTrue();
-
 		MockAuthenticationImpl token4 = new MockAuthenticationImpl("Test_Changed", "Password", this.authorities);
 		assertThat(!token1.equals(token4)).isTrue();
-
 		MockAuthenticationImpl token5 = new MockAuthenticationImpl("Test", "Password",
 				AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO_CHANGED"));
 		assertThat(!token1.equals(token5)).isTrue();
-
 		MockAuthenticationImpl token6 = new MockAuthenticationImpl("Test", "Password",
 				AuthorityUtils.createAuthorityList("ROLE_ONE"));
 		assertThat(!token1.equals(token6)).isTrue();
-
 		MockAuthenticationImpl token7 = new MockAuthenticationImpl("Test", "Password", null);
 		assertThat(!token1.equals(token7)).isTrue();
 		assertThat(!token7.equals(token1)).isTrue();
-
 		assertThat(!token1.equals(100)).isTrue();
 	}
 
@@ -126,10 +117,8 @@ public class AbstractAuthenticationTokenTests {
 	@Test
 	public void testGetNameWhenPrincipalIsAuthenticatedPrincipal() {
 		String principalName = "test";
-
 		AuthenticatedPrincipal principal = mock(AuthenticatedPrincipal.class);
 		given(principal.getName()).willReturn(principalName);
-
 		MockAuthenticationImpl token = new MockAuthenticationImpl(principal, "Password", this.authorities);
 		assertThat(token.getName()).isEqualTo(principalName);
 		verify(principal, times(1)).getName();
diff --git a/core/src/test/java/org/springframework/security/authentication/AuthenticationTrustResolverImplTests.java b/core/src/test/java/org/springframework/security/authentication/AuthenticationTrustResolverImplTests.java
index 63010817d8..fa476f0738 100644
--- a/core/src/test/java/org/springframework/security/authentication/AuthenticationTrustResolverImplTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/AuthenticationTrustResolverImplTests.java
@@ -55,11 +55,9 @@ public class AuthenticationTrustResolverImplTests {
 	@Test
 	public void testGettersSetters() {
 		AuthenticationTrustResolverImpl trustResolver = new AuthenticationTrustResolverImpl();
-
 		assertThat(AnonymousAuthenticationToken.class).isEqualTo(trustResolver.getAnonymousClass());
 		trustResolver.setAnonymousClass(TestingAuthenticationToken.class);
 		assertThat(trustResolver.getAnonymousClass()).isEqualTo(TestingAuthenticationToken.class);
-
 		assertThat(RememberMeAuthenticationToken.class).isEqualTo(trustResolver.getRememberMeClass());
 		trustResolver.setRememberMeClass(TestingAuthenticationToken.class);
 		assertThat(trustResolver.getRememberMeClass()).isEqualTo(TestingAuthenticationToken.class);
diff --git a/core/src/test/java/org/springframework/security/authentication/DefaultAuthenticationEventPublisherTests.java b/core/src/test/java/org/springframework/security/authentication/DefaultAuthenticationEventPublisherTests.java
index 111e33cb3b..6a7ac10f3e 100644
--- a/core/src/test/java/org/springframework/security/authentication/DefaultAuthenticationEventPublisherTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/DefaultAuthenticationEventPublisherTests.java
@@ -57,7 +57,6 @@ public class DefaultAuthenticationEventPublisherTests {
 		ApplicationEventPublisher appPublisher = mock(ApplicationEventPublisher.class);
 		this.publisher.setApplicationEventPublisher(appPublisher);
 		Authentication a = mock(Authentication.class);
-
 		Exception cause = new Exception();
 		Object extraInfo = new Object();
 		this.publisher.publishAuthenticationFailure(new BadCredentialsException(""), a);
@@ -94,7 +93,6 @@ public class DefaultAuthenticationEventPublisherTests {
 		this.publisher.setApplicationEventPublisher(appPublisher);
 		this.publisher.publishAuthenticationSuccess(mock(Authentication.class));
 		verify(appPublisher).publishEvent(isA(AuthenticationSuccessEvent.class));
-
 		this.publisher.setApplicationEventPublisher(null);
 		// Should be ignored with null app publisher
 		this.publisher.publishAuthenticationSuccess(mock(Authentication.class));
@@ -107,7 +105,6 @@ public class DefaultAuthenticationEventPublisherTests {
 		p.put(MockAuthenticationException.class.getName(), AuthenticationFailureDisabledEvent.class.getName());
 		this.publisher.setAdditionalExceptionMappings(p);
 		ApplicationEventPublisher appPublisher = mock(ApplicationEventPublisher.class);
-
 		this.publisher.setApplicationEventPublisher(appPublisher);
 		this.publisher.publishAuthenticationFailure(new MockAuthenticationException("test"),
 				mock(Authentication.class));
@@ -129,7 +126,6 @@ public class DefaultAuthenticationEventPublisherTests {
 		p.put(MockAuthenticationException.class.getName(), AuthenticationFailureDisabledEvent.class.getName());
 		this.publisher.setAdditionalExceptionMappings(p);
 		ApplicationEventPublisher appPublisher = mock(ApplicationEventPublisher.class);
-
 		this.publisher.setApplicationEventPublisher(appPublisher);
 		this.publisher.publishAuthenticationFailure(new AuthenticationException("") {
 		}, mock(Authentication.class));
@@ -166,7 +162,6 @@ public class DefaultAuthenticationEventPublisherTests {
 		mappings.put(MockAuthenticationException.class, AuthenticationFailureDisabledEvent.class);
 		this.publisher.setAdditionalExceptionMappings(mappings);
 		ApplicationEventPublisher appPublisher = mock(ApplicationEventPublisher.class);
-
 		this.publisher.setApplicationEventPublisher(appPublisher);
 		this.publisher.publishAuthenticationFailure(new MockAuthenticationException("test"),
 				mock(Authentication.class));
@@ -184,7 +179,6 @@ public class DefaultAuthenticationEventPublisherTests {
 		this.publisher = new DefaultAuthenticationEventPublisher();
 		this.publisher.setDefaultAuthenticationFailureEvent(AuthenticationFailureBadCredentialsEvent.class);
 		ApplicationEventPublisher appPublisher = mock(ApplicationEventPublisher.class);
-
 		this.publisher.setApplicationEventPublisher(appPublisher);
 		this.publisher.publishAuthenticationFailure(new AuthenticationException("") {
 		}, mock(Authentication.class));
diff --git a/core/src/test/java/org/springframework/security/authentication/DelegatingReactiveAuthenticationManagerTests.java b/core/src/test/java/org/springframework/security/authentication/DelegatingReactiveAuthenticationManagerTests.java
index 23394aef94..71e73e044c 100644
--- a/core/src/test/java/org/springframework/security/authentication/DelegatingReactiveAuthenticationManagerTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/DelegatingReactiveAuthenticationManagerTests.java
@@ -51,10 +51,8 @@ public class DelegatingReactiveAuthenticationManagerTests {
 	public void authenticateWhenEmptyAndNotThenReturnsNotEmpty() {
 		given(this.delegate1.authenticate(any())).willReturn(Mono.empty());
 		given(this.delegate2.authenticate(any())).willReturn(Mono.just(this.authentication));
-
 		DelegatingReactiveAuthenticationManager manager = new DelegatingReactiveAuthenticationManager(this.delegate1,
 				this.delegate2);
-
 		assertThat(manager.authenticate(this.authentication).block()).isEqualTo(this.authentication);
 	}
 
@@ -64,20 +62,16 @@ public class DelegatingReactiveAuthenticationManagerTests {
 		// flatMap)
 		given(this.delegate1.authenticate(any()))
 				.willReturn(Mono.just(this.authentication).delayElement(Duration.ofMillis(100)));
-
 		DelegatingReactiveAuthenticationManager manager = new DelegatingReactiveAuthenticationManager(this.delegate1,
 				this.delegate2);
-
 		StepVerifier.create(manager.authenticate(this.authentication)).expectNext(this.authentication).verifyComplete();
 	}
 
 	@Test
 	public void authenticateWhenBadCredentialsThenDelegate2NotInvokedAndError() {
 		given(this.delegate1.authenticate(any())).willReturn(Mono.error(new BadCredentialsException("Test")));
-
 		DelegatingReactiveAuthenticationManager manager = new DelegatingReactiveAuthenticationManager(this.delegate1,
 				this.delegate2);
-
 		StepVerifier.create(manager.authenticate(this.authentication)).expectError(BadCredentialsException.class)
 				.verify();
 	}
diff --git a/core/src/test/java/org/springframework/security/authentication/ProviderManagerTests.java b/core/src/test/java/org/springframework/security/authentication/ProviderManagerTests.java
index 711ffccfac..b75f9dcf8c 100644
--- a/core/src/test/java/org/springframework/security/authentication/ProviderManagerTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/ProviderManagerTests.java
@@ -69,7 +69,6 @@ public class ProviderManagerTests {
 		ProviderManager mgr = makeProviderManager();
 		Authentication result = mgr.authenticate(token);
 		assertThat(result.getCredentials()).isNull();
-
 		mgr.setEraseCredentialsAfterAuthentication(false);
 		token = new UsernamePasswordAuthenticationToken("Test", "Password");
 		result = mgr.authenticate(token);
@@ -82,7 +81,6 @@ public class ProviderManagerTests {
 		ProviderManager mgr = new ProviderManager(createProviderWhichReturns(a));
 		AuthenticationEventPublisher publisher = mock(AuthenticationEventPublisher.class);
 		mgr.setAuthenticationEventPublisher(publisher);
-
 		Authentication result = mgr.authenticate(a);
 		assertThat(result).isEqualTo(a);
 		verify(publisher).publishAuthenticationSuccess(result);
@@ -95,7 +93,6 @@ public class ProviderManagerTests {
 				Arrays.asList(createProviderWhichReturns(null), createProviderWhichReturns(a)));
 		AuthenticationEventPublisher publisher = mock(AuthenticationEventPublisher.class);
 		mgr.setAuthenticationEventPublisher(publisher);
-
 		Authentication result = mgr.authenticate(a);
 		assertThat(result).isSameAs(a);
 		verify(publisher).publishAuthenticationSuccess(result);
@@ -130,7 +127,6 @@ public class ProviderManagerTests {
 	public void detailsAreNotSetOnAuthenticationTokenIfAlreadySetByProvider() {
 		Object requestDetails = "(Request Details)";
 		final Object resultDetails = "(Result Details)";
-
 		// A provider which sets the details object
 		AuthenticationProvider provider = new AuthenticationProvider() {
 			@Override
@@ -144,12 +140,9 @@ public class ProviderManagerTests {
 				return true;
 			}
 		};
-
 		ProviderManager authMgr = new ProviderManager(provider);
-
 		TestingAuthenticationToken request = createAuthenticationToken();
 		request.setDetails(requestDetails);
-
 		Authentication result = authMgr.authenticate(request);
 		assertThat(result.getDetails()).isEqualTo(resultDetails);
 	}
@@ -158,10 +151,8 @@ public class ProviderManagerTests {
 	public void detailsAreSetOnAuthenticationTokenIfNotAlreadySetByProvider() {
 		Object details = new Object();
 		ProviderManager authMgr = makeProviderManager();
-
 		TestingAuthenticationToken request = createAuthenticationToken();
 		request.setDetails(details);
-
 		Authentication result = authMgr.authenticate(request);
 		assertThat(result.getCredentials()).isNotNull();
 		assertThat(result.getDetails()).isSameAs(details);
@@ -178,7 +169,6 @@ public class ProviderManagerTests {
 
 	@Test
 	public void authenticationExceptionIsRethrownIfNoLaterProviderAuthenticates() {
-
 		ProviderManager mgr = new ProviderManager(Arrays
 				.asList(createProviderWhichThrows(new BadCredentialsException("")), createProviderWhichReturns(null)));
 		try {
@@ -195,9 +185,7 @@ public class ProviderManagerTests {
 		AuthenticationProvider iThrowAccountStatusException = createProviderWhichThrows(new AccountStatusException("") {
 		});
 		AuthenticationProvider otherProvider = mock(AuthenticationProvider.class);
-
 		ProviderManager authMgr = new ProviderManager(Arrays.asList(iThrowAccountStatusException, otherProvider));
-
 		try {
 			authMgr.authenticate(mock(Authentication.class));
 			fail("Expected AccountStatusException");
@@ -239,13 +227,11 @@ public class ProviderManagerTests {
 		AuthenticationEventPublisher publisher = mock(AuthenticationEventPublisher.class);
 		AuthenticationManager parent = mock(AuthenticationManager.class);
 		given(parent.authenticate(authReq)).willThrow(new ProviderNotFoundException(""));
-
 		// Set a provider that throws an exception - this is the exception we expect to be
 		// propagated
 		ProviderManager mgr = new ProviderManager(
 				Collections.singletonList(createProviderWhichThrows(new BadCredentialsException(""))), parent);
 		mgr.setAuthenticationEventPublisher(publisher);
-
 		try {
 			mgr.authenticate(authReq);
 			fail("Expected exception");
@@ -302,7 +288,6 @@ public class ProviderManagerTests {
 		ProviderManager mgr = new ProviderManager(Arrays.asList(createProviderWhichThrows(expected),
 				createProviderWhichThrows(new BadCredentialsException("Oops"))), null);
 		final Authentication authReq = mock(Authentication.class);
-
 		try {
 			mgr.authenticate(authReq);
 			fail("Expected Exception");
@@ -318,13 +303,10 @@ public class ProviderManagerTests {
 		ProviderManager parentMgr = new ProviderManager(createProviderWhichThrows(badCredentialsExParent));
 		ProviderManager childMgr = new ProviderManager(Collections.singletonList(
 				createProviderWhichThrows(new BadCredentialsException("Bad Credentials in child"))), parentMgr);
-
 		AuthenticationEventPublisher publisher = mock(AuthenticationEventPublisher.class);
 		parentMgr.setAuthenticationEventPublisher(publisher);
 		childMgr.setAuthenticationEventPublisher(publisher);
-
 		final Authentication authReq = mock(Authentication.class);
-
 		try {
 			childMgr.authenticate(authReq);
 			fail("Expected exception");
@@ -341,7 +323,6 @@ public class ProviderManagerTests {
 		AuthenticationProvider provider = mock(AuthenticationProvider.class);
 		given(provider.supports(any(Class.class))).willReturn(true);
 		given(provider.authenticate(any(Authentication.class))).willThrow(ex);
-
 		return provider;
 	}
 
@@ -349,7 +330,6 @@ public class ProviderManagerTests {
 		AuthenticationProvider provider = mock(AuthenticationProvider.class);
 		given(provider.supports(any(Class.class))).willReturn(true);
 		given(provider.authenticate(any(Authentication.class))).willReturn(a);
-
 		return provider;
 	}
 
diff --git a/core/src/test/java/org/springframework/security/authentication/ReactiveAuthenticationManagerAdapterTests.java b/core/src/test/java/org/springframework/security/authentication/ReactiveAuthenticationManagerAdapterTests.java
index 99cb38c3d3..7a4bbb3740 100644
--- a/core/src/test/java/org/springframework/security/authentication/ReactiveAuthenticationManagerAdapterTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/ReactiveAuthenticationManagerAdapterTests.java
@@ -64,27 +64,21 @@ public class ReactiveAuthenticationManagerAdapterTests {
 	public void authenticateWhenSuccessThenSuccess() {
 		given(this.delegate.authenticate(any())).willReturn(this.authentication);
 		given(this.authentication.isAuthenticated()).willReturn(true);
-
 		Authentication result = this.manager.authenticate(this.authentication).block();
-
 		assertThat(result).isEqualTo(this.authentication);
 	}
 
 	@Test
 	public void authenticateWhenReturnNotAuthenticatedThenError() {
 		given(this.delegate.authenticate(any())).willReturn(this.authentication);
-
 		Authentication result = this.manager.authenticate(this.authentication).block();
-
 		assertThat(result).isNull();
 	}
 
 	@Test
 	public void authenticateWhenBadCredentialsThenError() {
 		given(this.delegate.authenticate(any())).willThrow(new BadCredentialsException("Failed"));
-
 		Mono<Authentication> result = this.manager.authenticate(this.authentication);
-
 		StepVerifier.create(result).expectError(BadCredentialsException.class).verify();
 	}
 
diff --git a/core/src/test/java/org/springframework/security/authentication/ReactiveUserDetailsServiceAuthenticationManagerTests.java b/core/src/test/java/org/springframework/security/authentication/ReactiveUserDetailsServiceAuthenticationManagerTests.java
index d6fd522756..1887df9bb3 100644
--- a/core/src/test/java/org/springframework/security/authentication/ReactiveUserDetailsServiceAuthenticationManagerTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/ReactiveUserDetailsServiceAuthenticationManagerTests.java
@@ -71,11 +71,9 @@ public class ReactiveUserDetailsServiceAuthenticationManagerTests {
 	@Test
 	public void authenticateWhenUserNotFoundThenBadCredentials() {
 		given(this.repository.findByUsername(this.username)).willReturn(Mono.empty());
-
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(this.username,
 				this.password);
 		Mono<Authentication> authentication = this.manager.authenticate(token);
-
 		StepVerifier.create(authentication).expectError(BadCredentialsException.class).verify();
 	}
 
@@ -88,11 +86,9 @@ public class ReactiveUserDetailsServiceAuthenticationManagerTests {
 			.build();
 		// @formatter:on
 		given(this.repository.findByUsername(user.getUsername())).willReturn(Mono.just(user));
-
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(this.username,
 				this.password + "INVALID");
 		Mono<Authentication> authentication = this.manager.authenticate(token);
-
 		StepVerifier.create(authentication).expectError(BadCredentialsException.class).verify();
 	}
 
@@ -105,11 +101,9 @@ public class ReactiveUserDetailsServiceAuthenticationManagerTests {
 			.build();
 		// @formatter:on
 		given(this.repository.findByUsername(user.getUsername())).willReturn(Mono.just(user));
-
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(this.username,
 				this.password);
 		Authentication authentication = this.manager.authenticate(token).block();
-
 		assertThat(authentication).isEqualTo(authentication);
 	}
 
@@ -119,11 +113,9 @@ public class ReactiveUserDetailsServiceAuthenticationManagerTests {
 		given(this.passwordEncoder.matches(any(), any())).willReturn(true);
 		User user = new User(this.username, this.password, AuthorityUtils.createAuthorityList("ROLE_USER"));
 		given(this.repository.findByUsername(user.getUsername())).willReturn(Mono.just(user));
-
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(this.username,
 				this.password);
 		Authentication authentication = this.manager.authenticate(token).block();
-
 		assertThat(authentication).isEqualTo(authentication);
 	}
 
@@ -133,12 +125,9 @@ public class ReactiveUserDetailsServiceAuthenticationManagerTests {
 		given(this.passwordEncoder.matches(any(), any())).willReturn(false);
 		User user = new User(this.username, this.password, AuthorityUtils.createAuthorityList("ROLE_USER"));
 		given(this.repository.findByUsername(user.getUsername())).willReturn(Mono.just(user));
-
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(this.username,
 				this.password);
-
 		Mono<Authentication> authentication = this.manager.authenticate(token);
-
 		StepVerifier.create(authentication).expectError(BadCredentialsException.class).verify();
 	}
 
diff --git a/core/src/test/java/org/springframework/security/authentication/TestingAuthenticationProviderTests.java b/core/src/test/java/org/springframework/security/authentication/TestingAuthenticationProviderTests.java
index ec2a84e921..1435300fc8 100644
--- a/core/src/test/java/org/springframework/security/authentication/TestingAuthenticationProviderTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/TestingAuthenticationProviderTests.java
@@ -35,9 +35,7 @@ public class TestingAuthenticationProviderTests {
 		TestingAuthenticationProvider provider = new TestingAuthenticationProvider();
 		TestingAuthenticationToken token = new TestingAuthenticationToken("Test", "Password", "ROLE_ONE", "ROLE_TWO");
 		Authentication result = provider.authenticate(token);
-
 		assertThat(result instanceof TestingAuthenticationToken).isTrue();
-
 		TestingAuthenticationToken castResult = (TestingAuthenticationToken) result;
 		assertThat(castResult.getPrincipal()).isEqualTo("Test");
 		assertThat(castResult.getCredentials()).isEqualTo("Password");
diff --git a/core/src/test/java/org/springframework/security/authentication/TestingAuthenticationTokenTests.java b/core/src/test/java/org/springframework/security/authentication/TestingAuthenticationTokenTests.java
index 35ec2095b7..8b7c6f4617 100644
--- a/core/src/test/java/org/springframework/security/authentication/TestingAuthenticationTokenTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/TestingAuthenticationTokenTests.java
@@ -32,7 +32,6 @@ public class TestingAuthenticationTokenTests {
 	@Test
 	public void constructorWhenNoAuthoritiesThenUnauthenticated() {
 		TestingAuthenticationToken unauthenticated = new TestingAuthenticationToken("principal", "credentials");
-
 		assertThat(unauthenticated.isAuthenticated()).isFalse();
 	}
 
@@ -40,7 +39,6 @@ public class TestingAuthenticationTokenTests {
 	public void constructorWhenArityAuthoritiesThenAuthenticated() {
 		TestingAuthenticationToken authenticated = new TestingAuthenticationToken("principal", "credentials",
 				"authority");
-
 		assertThat(authenticated.isAuthenticated()).isTrue();
 	}
 
@@ -48,7 +46,6 @@ public class TestingAuthenticationTokenTests {
 	public void constructorWhenCollectionAuthoritiesThenAuthenticated() {
 		TestingAuthenticationToken authenticated = new TestingAuthenticationToken("principal", "credentials",
 				Arrays.asList(new SimpleGrantedAuthority("authority")));
-
 		assertThat(authenticated.isAuthenticated()).isTrue();
 	}
 
diff --git a/core/src/test/java/org/springframework/security/authentication/UserDetailsRepositoryReactiveAuthenticationManagerTests.java b/core/src/test/java/org/springframework/security/authentication/UserDetailsRepositoryReactiveAuthenticationManagerTests.java
index 1718a05da4..8c6362b14e 100644
--- a/core/src/test/java/org/springframework/security/authentication/UserDetailsRepositoryReactiveAuthenticationManagerTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/UserDetailsRepositoryReactiveAuthenticationManagerTests.java
@@ -72,7 +72,6 @@ public class UserDetailsRepositoryReactiveAuthenticationManagerTests {
 		.roles("USER")
 		.build();
 	// @formatter:on
-
 	private UserDetailsRepositoryReactiveAuthenticationManager manager;
 
 	@Before
@@ -97,9 +96,7 @@ public class UserDetailsRepositoryReactiveAuthenticationManagerTests {
 		this.manager.setPasswordEncoder(this.encoder);
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(this.user,
 				this.user.getPassword());
-
 		Authentication result = this.manager.authenticate(token).block();
-
 		verify(this.scheduler).schedule(any());
 	}
 
@@ -115,9 +112,7 @@ public class UserDetailsRepositoryReactiveAuthenticationManagerTests {
 		this.manager.setUserDetailsPasswordService(this.userDetailsPasswordService);
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(this.user,
 				this.user.getPassword());
-
 		Authentication result = this.manager.authenticate(token).block();
-
 		verify(this.encoder).encode(this.user.getPassword());
 		verify(this.userDetailsPasswordService).updatePassword(eq(this.user), eq(encodedPassword));
 	}
@@ -130,9 +125,7 @@ public class UserDetailsRepositoryReactiveAuthenticationManagerTests {
 		this.manager.setUserDetailsPasswordService(this.userDetailsPasswordService);
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(this.user,
 				this.user.getPassword());
-
 		assertThatThrownBy(() -> this.manager.authenticate(token).block()).isInstanceOf(BadCredentialsException.class);
-
 		verifyZeroInteractions(this.userDetailsPasswordService);
 	}
 
@@ -145,9 +138,7 @@ public class UserDetailsRepositoryReactiveAuthenticationManagerTests {
 		this.manager.setUserDetailsPasswordService(this.userDetailsPasswordService);
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(this.user,
 				this.user.getPassword());
-
 		Authentication result = this.manager.authenticate(token).block();
-
 		verifyZeroInteractions(this.userDetailsPasswordService);
 	}
 
@@ -158,11 +149,9 @@ public class UserDetailsRepositoryReactiveAuthenticationManagerTests {
 		given(this.encoder.matches(any(), any())).willReturn(true);
 		this.manager.setPasswordEncoder(this.encoder);
 		this.manager.setPostAuthenticationChecks(this.postAuthenticationChecks);
-
 		assertThatExceptionOfType(LockedException.class).isThrownBy(() -> this.manager
 				.authenticate(new UsernamePasswordAuthenticationToken(this.user, this.user.getPassword())).block())
 				.withMessage("account is locked");
-
 		verify(this.postAuthenticationChecks).check(eq(this.user));
 	}
 
@@ -171,12 +160,9 @@ public class UserDetailsRepositoryReactiveAuthenticationManagerTests {
 		given(this.userDetailsService.findByUsername(any())).willReturn(Mono.just(this.user));
 		given(this.encoder.matches(any(), any())).willReturn(true);
 		this.manager.setPasswordEncoder(this.encoder);
-
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(this.user,
 				this.user.getPassword());
-
 		this.manager.authenticate(token).block();
-
 		verifyZeroInteractions(this.postAuthenticationChecks);
 	}
 
@@ -191,10 +177,8 @@ public class UserDetailsRepositoryReactiveAuthenticationManagerTests {
 				.build();
 		// @formatter:on
 		given(this.userDetailsService.findByUsername(any())).willReturn(Mono.just(expiredUser));
-
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(expiredUser,
 				expiredUser.getPassword());
-
 		this.manager.authenticate(token).block();
 	}
 
@@ -209,17 +193,14 @@ public class UserDetailsRepositoryReactiveAuthenticationManagerTests {
 				.build();
 		// @formatter:on
 		given(this.userDetailsService.findByUsername(any())).willReturn(Mono.just(lockedUser));
-
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(lockedUser,
 				lockedUser.getPassword());
-
 		this.manager.authenticate(token).block();
 	}
 
 	@Test(expected = DisabledException.class)
 	public void authenticateWhenAccountDisabledThenException() {
 		this.manager.setPasswordEncoder(this.encoder);
-
 		// @formatter:off
 		UserDetails disabledUser = User.withUsername("user")
 				.password("password")
@@ -228,10 +209,8 @@ public class UserDetailsRepositoryReactiveAuthenticationManagerTests {
 				.build();
 		// @formatter:on
 		given(this.userDetailsService.findByUsername(any())).willReturn(Mono.just(disabledUser));
-
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(disabledUser,
 				disabledUser.getPassword());
-
 		this.manager.authenticate(token).block();
 	}
 
diff --git a/core/src/test/java/org/springframework/security/authentication/UsernamePasswordAuthenticationTokenTests.java b/core/src/test/java/org/springframework/security/authentication/UsernamePasswordAuthenticationTokenTests.java
index 7ea4eaab20..61cd51ecef 100644
--- a/core/src/test/java/org/springframework/security/authentication/UsernamePasswordAuthenticationTokenTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/UsernamePasswordAuthenticationTokenTests.java
@@ -34,26 +34,20 @@ public class UsernamePasswordAuthenticationTokenTests {
 	public void authenticatedPropertyContractIsSatisfied() {
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password",
 				AuthorityUtils.NO_AUTHORITIES);
-
 		// check default given we passed some GrantedAuthorty[]s (well, we passed empty
 		// list)
 		assertThat(token.isAuthenticated()).isTrue();
-
 		// check explicit set to untrusted (we can safely go from trusted to untrusted,
 		// but not the reverse)
 		token.setAuthenticated(false);
 		assertThat(!token.isAuthenticated()).isTrue();
-
 		// Now let's create a UsernamePasswordAuthenticationToken without any
 		// GrantedAuthorty[]s (different constructor)
 		token = new UsernamePasswordAuthenticationToken("Test", "Password");
-
 		assertThat(!token.isAuthenticated()).isTrue();
-
 		// check we're allowed to still set it to untrusted
 		token.setAuthenticated(false);
 		assertThat(!token.isAuthenticated()).isTrue();
-
 		// check denied changing it to trusted
 		try {
 			token.setAuthenticated(true);
diff --git a/core/src/test/java/org/springframework/security/authentication/anonymous/AnonymousAuthenticationProviderTests.java b/core/src/test/java/org/springframework/security/authentication/anonymous/AnonymousAuthenticationProviderTests.java
index 81745b88c2..808cb36347 100644
--- a/core/src/test/java/org/springframework/security/authentication/anonymous/AnonymousAuthenticationProviderTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/anonymous/AnonymousAuthenticationProviderTests.java
@@ -38,10 +38,8 @@ public class AnonymousAuthenticationProviderTests {
 	@Test
 	public void testDetectsAnInvalidKey() {
 		AnonymousAuthenticationProvider aap = new AnonymousAuthenticationProvider("qwerty");
-
 		AnonymousAuthenticationToken token = new AnonymousAuthenticationToken("WRONG_KEY", "Test",
 				AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO"));
-
 		try {
 			aap.authenticate(token);
 			fail("Should have thrown BadCredentialsException");
@@ -57,7 +55,6 @@ public class AnonymousAuthenticationProviderTests {
 			fail("Should have thrown IllegalArgumentException");
 		}
 		catch (IllegalArgumentException expected) {
-
 		}
 	}
 
@@ -70,10 +67,8 @@ public class AnonymousAuthenticationProviderTests {
 	@Test
 	public void testIgnoresClassesItDoesNotSupport() {
 		AnonymousAuthenticationProvider aap = new AnonymousAuthenticationProvider("qwerty");
-
 		TestingAuthenticationToken token = new TestingAuthenticationToken("user", "password", "ROLE_A");
 		assertThat(aap.supports(TestingAuthenticationToken.class)).isFalse();
-
 		// Try it anyway
 		assertThat(aap.authenticate(token)).isNull();
 	}
@@ -81,12 +76,9 @@ public class AnonymousAuthenticationProviderTests {
 	@Test
 	public void testNormalOperation() {
 		AnonymousAuthenticationProvider aap = new AnonymousAuthenticationProvider("qwerty");
-
 		AnonymousAuthenticationToken token = new AnonymousAuthenticationToken("qwerty", "Test",
 				AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO"));
-
 		Authentication result = aap.authenticate(token);
-
 		assertThat(token).isEqualTo(result);
 	}
 
diff --git a/core/src/test/java/org/springframework/security/authentication/anonymous/AnonymousAuthenticationTokenTests.java b/core/src/test/java/org/springframework/security/authentication/anonymous/AnonymousAuthenticationTokenTests.java
index 05fd37fb78..298a43e633 100644
--- a/core/src/test/java/org/springframework/security/authentication/anonymous/AnonymousAuthenticationTokenTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/anonymous/AnonymousAuthenticationTokenTests.java
@@ -46,21 +46,18 @@ public class AnonymousAuthenticationTokenTests {
 		}
 		catch (IllegalArgumentException expected) {
 		}
-
 		try {
 			new AnonymousAuthenticationToken("key", null, ROLES_12);
 			fail("Should have thrown IllegalArgumentException");
 		}
 		catch (IllegalArgumentException expected) {
 		}
-
 		try {
 			new AnonymousAuthenticationToken("key", "Test", null);
 			fail("Should have thrown IllegalArgumentException");
 		}
 		catch (IllegalArgumentException expected) {
 		}
-
 		try {
 			new AnonymousAuthenticationToken("key", "Test", AuthorityUtils.NO_AUTHORITIES);
 			fail("Should have thrown IllegalArgumentException");
@@ -73,14 +70,12 @@ public class AnonymousAuthenticationTokenTests {
 	public void testEqualsWhenEqual() {
 		AnonymousAuthenticationToken token1 = new AnonymousAuthenticationToken("key", "Test", ROLES_12);
 		AnonymousAuthenticationToken token2 = new AnonymousAuthenticationToken("key", "Test", ROLES_12);
-
 		assertThat(token2).isEqualTo(token1);
 	}
 
 	@Test
 	public void testGetters() {
 		AnonymousAuthenticationToken token = new AnonymousAuthenticationToken("key", "Test", ROLES_12);
-
 		assertThat(token.getKeyHash()).isEqualTo("key".hashCode());
 		assertThat(token.getPrincipal()).isEqualTo("Test");
 		assertThat(token.getCredentials()).isEqualTo("");
@@ -91,7 +86,6 @@ public class AnonymousAuthenticationTokenTests {
 	@Test
 	public void testNoArgConstructorDoesntExist() {
 		Class<?> clazz = AnonymousAuthenticationToken.class;
-
 		try {
 			clazz.getDeclaredConstructor((Class[]) null);
 			fail("Should have thrown NoSuchMethodException");
@@ -104,7 +98,6 @@ public class AnonymousAuthenticationTokenTests {
 	public void testNotEqualsDueToAbstractParentEqualsCheck() {
 		AnonymousAuthenticationToken token1 = new AnonymousAuthenticationToken("key", "Test", ROLES_12);
 		AnonymousAuthenticationToken token2 = new AnonymousAuthenticationToken("key", "DIFFERENT_PRINCIPAL", ROLES_12);
-
 		assertThat(token1.equals(token2)).isFalse();
 	}
 
@@ -113,16 +106,13 @@ public class AnonymousAuthenticationTokenTests {
 		AnonymousAuthenticationToken token1 = new AnonymousAuthenticationToken("key", "Test", ROLES_12);
 		UsernamePasswordAuthenticationToken token2 = new UsernamePasswordAuthenticationToken("Test", "Password",
 				ROLES_12);
-
 		assertThat(token1.equals(token2)).isFalse();
 	}
 
 	@Test
 	public void testNotEqualsDueToKey() {
 		AnonymousAuthenticationToken token1 = new AnonymousAuthenticationToken("key", "Test", ROLES_12);
-
 		AnonymousAuthenticationToken token2 = new AnonymousAuthenticationToken("DIFFERENT_KEY", "Test", ROLES_12);
-
 		assertThat(token1.equals(token2)).isFalse();
 	}
 
diff --git a/core/src/test/java/org/springframework/security/authentication/dao/DaoAuthenticationProviderTests.java b/core/src/test/java/org/springframework/security/authentication/dao/DaoAuthenticationProviderTests.java
index ca50e2d215..8429503319 100644
--- a/core/src/test/java/org/springframework/security/authentication/dao/DaoAuthenticationProviderTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/dao/DaoAuthenticationProviderTests.java
@@ -74,17 +74,14 @@ public class DaoAuthenticationProviderTests {
 	@Test
 	public void testAuthenticateFailsForIncorrectPasswordCase() {
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("rod", "KOala");
-
 		DaoAuthenticationProvider provider = createProvider();
 		provider.setUserDetailsService(new MockUserDetailsServiceUserRod());
 		provider.setUserCache(new MockUserCache());
-
 		try {
 			provider.authenticate(token);
 			fail("Should have thrown BadCredentialsException");
 		}
 		catch (BadCredentialsException expected) {
-
 		}
 	}
 
@@ -94,105 +91,86 @@ public class DaoAuthenticationProviderTests {
 		DaoAuthenticationProvider provider = createProvider();
 		provider.setUserDetailsService(new MockUserDetailsServiceUserRod());
 		provider.setUserCache(new MockUserCache());
-
 		UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken("rod", null);
 		try {
 			provider.authenticate(authenticationToken);
 			fail("Expected BadCredenialsException");
 		}
 		catch (BadCredentialsException expected) {
-
 		}
 	}
 
 	@Test
 	public void testAuthenticateFailsIfAccountExpired() {
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("peter", "opal");
-
 		DaoAuthenticationProvider provider = createProvider();
 		provider.setUserDetailsService(new MockUserDetailsServiceUserPeterAccountExpired());
 		provider.setUserCache(new MockUserCache());
-
 		try {
 			provider.authenticate(token);
 			fail("Should have thrown AccountExpiredException");
 		}
 		catch (AccountExpiredException expected) {
-
 		}
 	}
 
 	@Test
 	public void testAuthenticateFailsIfAccountLocked() {
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("peter", "opal");
-
 		DaoAuthenticationProvider provider = createProvider();
 		provider.setUserDetailsService(new MockUserDetailsServiceUserPeterAccountLocked());
 		provider.setUserCache(new MockUserCache());
-
 		try {
 			provider.authenticate(token);
 			fail("Should have thrown LockedException");
 		}
 		catch (LockedException expected) {
-
 		}
 	}
 
 	@Test
 	public void testAuthenticateFailsIfCredentialsExpired() {
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("peter", "opal");
-
 		DaoAuthenticationProvider provider = createProvider();
 		provider.setUserDetailsService(new MockUserDetailsServiceUserPeterCredentialsExpired());
 		provider.setUserCache(new MockUserCache());
-
 		try {
 			provider.authenticate(token);
 			fail("Should have thrown CredentialsExpiredException");
 		}
 		catch (CredentialsExpiredException expected) {
-
 		}
-
 		// Check that wrong password causes BadCredentialsException, rather than
 		// CredentialsExpiredException
 		token = new UsernamePasswordAuthenticationToken("peter", "wrong_password");
-
 		try {
 			provider.authenticate(token);
 			fail("Should have thrown BadCredentialsException");
 		}
 		catch (BadCredentialsException expected) {
-
 		}
 	}
 
 	@Test
 	public void testAuthenticateFailsIfUserDisabled() {
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("peter", "opal");
-
 		DaoAuthenticationProvider provider = createProvider();
 		provider.setUserDetailsService(new MockUserDetailsServiceUserPeter());
 		provider.setUserCache(new MockUserCache());
-
 		try {
 			provider.authenticate(token);
 			fail("Should have thrown DisabledException");
 		}
 		catch (DisabledException expected) {
-
 		}
 	}
 
 	@Test
 	public void testAuthenticateFailsWhenAuthenticationDaoHasBackendFailure() {
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("rod", "koala");
-
 		DaoAuthenticationProvider provider = createProvider();
 		provider.setUserDetailsService(new MockUserDetailsServiceSimulateBackendError());
 		provider.setUserCache(new MockUserCache());
-
 		try {
 			provider.authenticate(token);
 			fail("Should have thrown InternalAuthenticationServiceException");
@@ -204,116 +182,95 @@ public class DaoAuthenticationProviderTests {
 	@Test
 	public void testAuthenticateFailsWithEmptyUsername() {
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(null, "koala");
-
 		DaoAuthenticationProvider provider = createProvider();
 		provider.setUserDetailsService(new MockUserDetailsServiceUserRod());
 		provider.setUserCache(new MockUserCache());
-
 		try {
 			provider.authenticate(token);
 			fail("Should have thrown BadCredentialsException");
 		}
 		catch (BadCredentialsException expected) {
-
 		}
 	}
 
 	@Test
 	public void testAuthenticateFailsWithInvalidPassword() {
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("rod", "INVALID_PASSWORD");
-
 		DaoAuthenticationProvider provider = createProvider();
 		provider.setUserDetailsService(new MockUserDetailsServiceUserRod());
 		provider.setUserCache(new MockUserCache());
-
 		try {
 			provider.authenticate(token);
 			fail("Should have thrown BadCredentialsException");
 		}
 		catch (BadCredentialsException expected) {
-
 		}
 	}
 
 	@Test
 	public void testAuthenticateFailsWithInvalidUsernameAndHideUserNotFoundExceptionFalse() {
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("INVALID_USER", "koala");
-
 		DaoAuthenticationProvider provider = createProvider();
 		provider.setHideUserNotFoundExceptions(false); // we want
 														// UsernameNotFoundExceptions
 		provider.setUserDetailsService(new MockUserDetailsServiceUserRod());
 		provider.setUserCache(new MockUserCache());
-
 		try {
 			provider.authenticate(token);
 			fail("Should have thrown UsernameNotFoundException");
 		}
 		catch (UsernameNotFoundException expected) {
-
 		}
 	}
 
 	@Test
 	public void testAuthenticateFailsWithInvalidUsernameAndHideUserNotFoundExceptionsWithDefaultOfTrue() {
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("INVALID_USER", "koala");
-
 		DaoAuthenticationProvider provider = createProvider();
 		assertThat(provider.isHideUserNotFoundExceptions()).isTrue();
 		provider.setUserDetailsService(new MockUserDetailsServiceUserRod());
 		provider.setUserCache(new MockUserCache());
-
 		try {
 			provider.authenticate(token);
 			fail("Should have thrown BadCredentialsException");
 		}
 		catch (BadCredentialsException expected) {
-
 		}
 	}
 
 	@Test
 	public void testAuthenticateFailsWithInvalidUsernameAndChangePasswordEncoder() {
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("INVALID_USER", "koala");
-
 		DaoAuthenticationProvider provider = createProvider();
 		assertThat(provider.isHideUserNotFoundExceptions()).isTrue();
 		provider.setUserDetailsService(new MockUserDetailsServiceUserRod());
 		provider.setUserCache(new MockUserCache());
-
 		try {
 			provider.authenticate(token);
 			fail("Should have thrown BadCredentialsException");
 		}
 		catch (BadCredentialsException expected) {
-
 		}
-
 		provider.setPasswordEncoder(PasswordEncoderFactories.createDelegatingPasswordEncoder());
-
 		try {
 			provider.authenticate(token);
 			fail("Should have thrown BadCredentialsException");
 		}
 		catch (BadCredentialsException expected) {
-
 		}
 	}
 
 	@Test
 	public void testAuthenticateFailsWithMixedCaseUsernameIfDefaultChanged() {
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("RoD", "koala");
-
 		DaoAuthenticationProvider provider = createProvider();
 		provider.setUserDetailsService(new MockUserDetailsServiceUserRod());
 		provider.setUserCache(new MockUserCache());
-
 		try {
 			provider.authenticate(token);
 			fail("Should have thrown BadCredentialsException");
 		}
 		catch (BadCredentialsException expected) {
-
 		}
 	}
 
@@ -321,17 +278,13 @@ public class DaoAuthenticationProviderTests {
 	public void testAuthenticates() {
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("rod", "koala");
 		token.setDetails("192.168.0.1");
-
 		DaoAuthenticationProvider provider = createProvider();
 		provider.setUserDetailsService(new MockUserDetailsServiceUserRod());
 		provider.setUserCache(new MockUserCache());
-
 		Authentication result = provider.authenticate(token);
-
 		if (!(result instanceof UsernamePasswordAuthenticationToken)) {
 			fail("Should have returned instance of UsernamePasswordAuthenticationToken");
 		}
-
 		UsernamePasswordAuthenticationToken castResult = (UsernamePasswordAuthenticationToken) result;
 		assertThat(castResult.getPrincipal().getClass()).isEqualTo(User.class);
 		assertThat(castResult.getCredentials()).isEqualTo("koala");
@@ -342,42 +295,32 @@ public class DaoAuthenticationProviderTests {
 	@Test
 	public void testAuthenticatesASecondTime() {
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("rod", "koala");
-
 		DaoAuthenticationProvider provider = createProvider();
 		provider.setUserDetailsService(new MockUserDetailsServiceUserRod());
 		provider.setUserCache(new MockUserCache());
-
 		Authentication result = provider.authenticate(token);
-
 		if (!(result instanceof UsernamePasswordAuthenticationToken)) {
 			fail("Should have returned instance of UsernamePasswordAuthenticationToken");
 		}
-
 		// Now try to authenticate with the previous result (with its UserDetails)
 		Authentication result2 = provider.authenticate(result);
-
 		if (!(result2 instanceof UsernamePasswordAuthenticationToken)) {
 			fail("Should have returned instance of UsernamePasswordAuthenticationToken");
 		}
-
 		assertThat(result2.getCredentials()).isEqualTo(result.getCredentials());
 	}
 
 	@Test
 	public void testAuthenticatesWithForcePrincipalAsString() {
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("rod", "koala");
-
 		DaoAuthenticationProvider provider = createProvider();
 		provider.setUserDetailsService(new MockUserDetailsServiceUserRod());
 		provider.setUserCache(new MockUserCache());
 		provider.setForcePrincipalAsString(true);
-
 		Authentication result = provider.authenticate(token);
-
 		if (!(result instanceof UsernamePasswordAuthenticationToken)) {
 			fail("Should have returned instance of UsernamePasswordAuthenticationToken");
 		}
-
 		UsernamePasswordAuthenticationToken castResult = (UsernamePasswordAuthenticationToken) result;
 		assertThat(castResult.getPrincipal().getClass()).isEqualTo(String.class);
 		assertThat(castResult.getPrincipal()).isEqualTo("rod");
@@ -388,7 +331,6 @@ public class DaoAuthenticationProviderTests {
 		String password = "password";
 		String encodedPassword = "encoded";
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("user", password);
-
 		PasswordEncoder encoder = mock(PasswordEncoder.class);
 		UserDetailsService userDetailsService = mock(UserDetailsService.class);
 		UserDetailsPasswordService passwordManager = mock(UserDetailsPasswordService.class);
@@ -396,16 +338,13 @@ public class DaoAuthenticationProviderTests {
 		provider.setPasswordEncoder(encoder);
 		provider.setUserDetailsService(userDetailsService);
 		provider.setUserDetailsPasswordService(passwordManager);
-
 		UserDetails user = PasswordEncodedUser.user();
 		given(encoder.matches(any(), any())).willReturn(true);
 		given(encoder.upgradeEncoding(any())).willReturn(true);
 		given(encoder.encode(any())).willReturn(encodedPassword);
 		given(userDetailsService.loadUserByUsername(any())).willReturn(user);
 		given(passwordManager.updatePassword(any(), any())).willReturn(user);
-
 		Authentication result = provider.authenticate(token);
-
 		verify(encoder).encode(password);
 		verify(passwordManager).updatePassword(eq(user), eq(encodedPassword));
 	}
@@ -413,7 +352,6 @@ public class DaoAuthenticationProviderTests {
 	@Test
 	public void authenticateWhenBadCredentialsAndPasswordManagerThenNoUpdate() {
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("user", "password");
-
 		PasswordEncoder encoder = mock(PasswordEncoder.class);
 		UserDetailsService userDetailsService = mock(UserDetailsService.class);
 		UserDetailsPasswordService passwordManager = mock(UserDetailsPasswordService.class);
@@ -421,20 +359,16 @@ public class DaoAuthenticationProviderTests {
 		provider.setPasswordEncoder(encoder);
 		provider.setUserDetailsService(userDetailsService);
 		provider.setUserDetailsPasswordService(passwordManager);
-
 		UserDetails user = PasswordEncodedUser.user();
 		given(encoder.matches(any(), any())).willReturn(false);
 		given(userDetailsService.loadUserByUsername(any())).willReturn(user);
-
 		assertThatThrownBy(() -> provider.authenticate(token)).isInstanceOf(BadCredentialsException.class);
-
 		verifyZeroInteractions(passwordManager);
 	}
 
 	@Test
 	public void authenticateWhenNotUpgradeAndPasswordManagerThenNoUpdate() {
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("user", "password");
-
 		PasswordEncoder encoder = mock(PasswordEncoder.class);
 		UserDetailsService userDetailsService = mock(UserDetailsService.class);
 		UserDetailsPasswordService passwordManager = mock(UserDetailsPasswordService.class);
@@ -442,24 +376,19 @@ public class DaoAuthenticationProviderTests {
 		provider.setPasswordEncoder(encoder);
 		provider.setUserDetailsService(userDetailsService);
 		provider.setUserDetailsPasswordService(passwordManager);
-
 		UserDetails user = PasswordEncodedUser.user();
 		given(encoder.matches(any(), any())).willReturn(true);
 		given(encoder.upgradeEncoding(any())).willReturn(false);
 		given(userDetailsService.loadUserByUsername(any())).willReturn(user);
-
 		Authentication result = provider.authenticate(token);
-
 		verifyZeroInteractions(passwordManager);
 	}
 
 	@Test
 	public void testDetectsNullBeingReturnedFromAuthenticationDao() {
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("rod", "koala");
-
 		DaoAuthenticationProvider provider = createProvider();
 		provider.setUserDetailsService(new MockUserDetailsServiceReturnsNull());
-
 		try {
 			provider.authenticate(token);
 			fail("Should have thrown AuthenticationServiceException");
@@ -475,10 +404,8 @@ public class DaoAuthenticationProviderTests {
 		DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
 		provider.setPasswordEncoder(new BCryptPasswordEncoder());
 		assertThat(provider.getPasswordEncoder().getClass()).isEqualTo(BCryptPasswordEncoder.class);
-
 		provider.setUserCache(new EhCacheBasedUserCache());
 		assertThat(provider.getUserCache().getClass()).isEqualTo(EhCacheBasedUserCache.class);
-
 		assertThat(provider.isForcePrincipalAsString()).isFalse();
 		provider.setForcePrincipalAsString(true);
 		assertThat(provider.isForcePrincipalAsString()).isTrue();
@@ -487,26 +414,20 @@ public class DaoAuthenticationProviderTests {
 	@Test
 	public void testGoesBackToAuthenticationDaoToObtainLatestPasswordIfCachedPasswordSeemsIncorrect() {
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("rod", "koala");
-
 		MockUserDetailsServiceUserRod authenticationDao = new MockUserDetailsServiceUserRod();
 		MockUserCache cache = new MockUserCache();
 		DaoAuthenticationProvider provider = createProvider();
 		provider.setUserDetailsService(authenticationDao);
 		provider.setUserCache(cache);
-
 		// This will work, as password still "koala"
 		provider.authenticate(token);
-
 		// Check "rod = koala" ended up in the cache
 		assertThat(cache.getUserFromCache("rod").getPassword()).isEqualTo("koala");
-
 		// Now change the password the AuthenticationDao will return
 		authenticationDao.setPassword("easternLongNeckTurtle");
-
 		// Now try authentication again, with the new password
 		token = new UsernamePasswordAuthenticationToken("rod", "easternLongNeckTurtle");
 		provider.authenticate(token);
-
 		// To get this far, the new password was accepted
 		// Check the cache was updated
 		assertThat(cache.getUserFromCache("rod").getPassword()).isEqualTo("easternLongNeckTurtle");
@@ -515,13 +436,11 @@ public class DaoAuthenticationProviderTests {
 	@Test
 	public void testStartupFailsIfNoAuthenticationDao() throws Exception {
 		DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
-
 		try {
 			provider.afterPropertiesSet();
 			fail("Should have thrown IllegalArgumentException");
 		}
 		catch (IllegalArgumentException expected) {
-
 		}
 	}
 
@@ -531,13 +450,11 @@ public class DaoAuthenticationProviderTests {
 		provider.setUserDetailsService(new MockUserDetailsServiceUserRod());
 		assertThat(provider.getUserCache().getClass()).isEqualTo(NullUserCache.class);
 		provider.setUserCache(null);
-
 		try {
 			provider.afterPropertiesSet();
 			fail("Should have thrown IllegalArgumentException");
 		}
 		catch (IllegalArgumentException expected) {
-
 		}
 	}
 
@@ -549,7 +466,6 @@ public class DaoAuthenticationProviderTests {
 		provider.setUserCache(new MockUserCache());
 		assertThat(provider.getUserDetailsService()).isEqualTo(userDetailsService);
 		provider.afterPropertiesSet();
-
 	}
 
 	@Test
@@ -576,7 +492,6 @@ public class DaoAuthenticationProviderTests {
 		}
 		catch (UsernameNotFoundException success) {
 		}
-
 		// ensure encoder invoked w/ non-null strings since PasswordEncoder impls may fail
 		// if encoded password is null
 		verify(encoder).matches(isA(String.class), isA(String.class));
@@ -629,16 +544,13 @@ public class DaoAuthenticationProviderTests {
 		MockUserDetailsServiceUserRod userDetailsService = new MockUserDetailsServiceUserRod();
 		userDetailsService.password = encoder.encode((CharSequence) foundUser.getCredentials());
 		provider.setUserDetailsService(userDetailsService);
-
 		int sampleSize = 100;
-
 		List<Long> userFoundTimes = new ArrayList<>(sampleSize);
 		for (int i = 0; i < sampleSize; i++) {
 			long start = System.currentTimeMillis();
 			provider.authenticate(foundUser);
 			userFoundTimes.add(System.currentTimeMillis() - start);
 		}
-
 		List<Long> userNotFoundTimes = new ArrayList<>(sampleSize);
 		for (int i = 0; i < sampleSize; i++) {
 			long start = System.currentTimeMillis();
@@ -650,7 +562,6 @@ public class DaoAuthenticationProviderTests {
 			}
 			userNotFoundTimes.add(System.currentTimeMillis() - start);
 		}
-
 		double userFoundAvg = avg(userFoundTimes);
 		double userNotFoundAvg = avg(userNotFoundTimes);
 		assertThat(Math.abs(userNotFoundAvg - userFoundAvg) <= 3).withFailMessage("User not found average "
@@ -679,7 +590,6 @@ public class DaoAuthenticationProviderTests {
 		}
 		catch (UsernameNotFoundException success) {
 		}
-
 		verify(encoder, times(0)).matches(anyString(), anyString());
 	}
 
diff --git a/core/src/test/java/org/springframework/security/authentication/event/AuthenticationEventTests.java b/core/src/test/java/org/springframework/security/authentication/event/AuthenticationEventTests.java
index 1f5bf770ff..d843593f5c 100644
--- a/core/src/test/java/org/springframework/security/authentication/event/AuthenticationEventTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/event/AuthenticationEventTests.java
@@ -37,7 +37,6 @@ public class AuthenticationEventTests {
 		UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken("Principal",
 				"Credentials");
 		authentication.setDetails("127.0.0.1");
-
 		return authentication;
 	}
 
@@ -60,13 +59,11 @@ public class AuthenticationEventTests {
 	@Test
 	public void testRejectsNullAuthentication() {
 		AuthenticationException exception = new DisabledException("TEST");
-
 		try {
 			new AuthenticationFailureDisabledEvent(null, exception);
 			fail("Should have thrown IllegalArgumentException");
 		}
 		catch (IllegalArgumentException expected) {
-
 		}
 	}
 
@@ -77,7 +74,6 @@ public class AuthenticationEventTests {
 			fail("Should have thrown IllegalArgumentException");
 		}
 		catch (IllegalArgumentException expected) {
-
 		}
 	}
 
diff --git a/core/src/test/java/org/springframework/security/authentication/event/LoggerListenerTests.java b/core/src/test/java/org/springframework/security/authentication/event/LoggerListenerTests.java
index e75590f5c4..4d788d4377 100644
--- a/core/src/test/java/org/springframework/security/authentication/event/LoggerListenerTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/event/LoggerListenerTests.java
@@ -33,7 +33,6 @@ public class LoggerListenerTests {
 		UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken("Principal",
 				"Credentials");
 		authentication.setDetails("127.0.0.1");
-
 		return authentication;
 	}
 
@@ -43,7 +42,6 @@ public class LoggerListenerTests {
 				new LockedException("TEST"));
 		LoggerListener listener = new LoggerListener();
 		listener.onApplicationEvent(event);
-
 	}
 
 }
diff --git a/core/src/test/java/org/springframework/security/authentication/jaas/DefaultJaasAuthenticationProviderTests.java b/core/src/test/java/org/springframework/security/authentication/jaas/DefaultJaasAuthenticationProviderTests.java
index ce23ea8c54..e075c6184d 100644
--- a/core/src/test/java/org/springframework/security/authentication/jaas/DefaultJaasAuthenticationProviderTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/jaas/DefaultJaasAuthenticationProviderTests.java
@@ -80,7 +80,6 @@ public class DefaultJaasAuthenticationProviderTests {
 		given(configuration.getAppConfigurationEntry(this.provider.getLoginContextName())).willReturn(aces);
 		this.token = new UsernamePasswordAuthenticationToken("user", "password");
 		ReflectionTestUtils.setField(this.provider, "log", this.log);
-
 	}
 
 	@Test(expected = IllegalArgumentException.class)
@@ -119,7 +118,6 @@ public class DefaultJaasAuthenticationProviderTests {
 		}
 		catch (AuthenticationException success) {
 		}
-
 		verifyFailedLogin();
 	}
 
@@ -131,7 +129,6 @@ public class DefaultJaasAuthenticationProviderTests {
 		}
 		catch (AuthenticationException success) {
 		}
-
 		verifyFailedLogin();
 	}
 
@@ -141,13 +138,10 @@ public class DefaultJaasAuthenticationProviderTests {
 		SecurityContext securityContext = mock(SecurityContext.class);
 		JaasAuthenticationToken token = mock(JaasAuthenticationToken.class);
 		LoginContext context = mock(LoginContext.class);
-
 		given(event.getSecurityContexts()).willReturn(Arrays.asList(securityContext));
 		given(securityContext.getAuthentication()).willReturn(token);
 		given(token.getLoginContext()).willReturn(context);
-
 		this.provider.onApplicationEvent(event);
-
 		verify(event).getSecurityContexts();
 		verify(securityContext).getAuthentication();
 		verify(token).getLoginContext();
@@ -158,9 +152,7 @@ public class DefaultJaasAuthenticationProviderTests {
 	@Test
 	public void logoutNullSession() {
 		SessionDestroyedEvent event = mock(SessionDestroyedEvent.class);
-
 		this.provider.handleLogout(event);
-
 		verify(event).getSecurityContexts();
 		verify(this.log).debug(anyString());
 		verifyNoMoreInteractions(event);
@@ -170,11 +162,8 @@ public class DefaultJaasAuthenticationProviderTests {
 	public void logoutNullAuthentication() {
 		SessionDestroyedEvent event = mock(SessionDestroyedEvent.class);
 		SecurityContext securityContext = mock(SecurityContext.class);
-
 		given(event.getSecurityContexts()).willReturn(Arrays.asList(securityContext));
-
 		this.provider.handleLogout(event);
-
 		verify(event).getSecurityContexts();
 		verify(event).getSecurityContexts();
 		verify(securityContext).getAuthentication();
@@ -185,12 +174,9 @@ public class DefaultJaasAuthenticationProviderTests {
 	public void logoutNonJaasAuthentication() {
 		SessionDestroyedEvent event = mock(SessionDestroyedEvent.class);
 		SecurityContext securityContext = mock(SecurityContext.class);
-
 		given(event.getSecurityContexts()).willReturn(Arrays.asList(securityContext));
 		given(securityContext.getAuthentication()).willReturn(this.token);
-
 		this.provider.handleLogout(event);
-
 		verify(event).getSecurityContexts();
 		verify(event).getSecurityContexts();
 		verify(securityContext).getAuthentication();
@@ -202,15 +188,12 @@ public class DefaultJaasAuthenticationProviderTests {
 		SessionDestroyedEvent event = mock(SessionDestroyedEvent.class);
 		SecurityContext securityContext = mock(SecurityContext.class);
 		JaasAuthenticationToken token = mock(JaasAuthenticationToken.class);
-
 		given(event.getSecurityContexts()).willReturn(Arrays.asList(securityContext));
 		given(securityContext.getAuthentication()).willReturn(token);
-
 		this.provider.onApplicationEvent(event);
 		verify(event).getSecurityContexts();
 		verify(securityContext).getAuthentication();
 		verify(token).getLoginContext();
-
 		verifyNoMoreInteractions(event, securityContext, token);
 	}
 
@@ -221,14 +204,11 @@ public class DefaultJaasAuthenticationProviderTests {
 		JaasAuthenticationToken token = mock(JaasAuthenticationToken.class);
 		LoginContext context = mock(LoginContext.class);
 		LoginException loginException = new LoginException("Failed Login");
-
 		given(event.getSecurityContexts()).willReturn(Arrays.asList(securityContext));
 		given(securityContext.getAuthentication()).willReturn(token);
 		given(token.getLoginContext()).willReturn(context);
 		willThrow(loginException).given(context).logout();
-
 		this.provider.onApplicationEvent(event);
-
 		verify(event).getSecurityContexts();
 		verify(securityContext).getAuthentication();
 		verify(token).getLoginContext();
@@ -241,7 +221,6 @@ public class DefaultJaasAuthenticationProviderTests {
 	public void publishNullPublisher() {
 		this.provider.setApplicationEventPublisher(null);
 		AuthenticationException ae = new BadCredentialsException("Failed to login");
-
 		this.provider.publishFailureEvent(this.token, ae);
 		this.provider.publishSuccessEvent(this.token);
 	}
diff --git a/core/src/test/java/org/springframework/security/authentication/jaas/JaasAuthenticationProviderTests.java b/core/src/test/java/org/springframework/security/authentication/jaas/JaasAuthenticationProviderTests.java
index f474ce4c40..6f59331bbf 100644
--- a/core/src/test/java/org/springframework/security/authentication/jaas/JaasAuthenticationProviderTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/jaas/JaasAuthenticationProviderTests.java
@@ -79,7 +79,6 @@ public class JaasAuthenticationProviderTests {
 		}
 		catch (AuthenticationException ex) {
 		}
-
 		assertThat(this.eventCheck.failedEvent).as("Failure event not fired").isNotNull();
 		assertThat(this.eventCheck.failedEvent.getException()).withFailMessage("Failure event exception was null")
 				.isNotNull();
@@ -94,7 +93,6 @@ public class JaasAuthenticationProviderTests {
 		}
 		catch (AuthenticationException ex) {
 		}
-
 		assertThat(this.eventCheck.failedEvent).as("Failure event not fired").isNotNull();
 		assertThat(this.eventCheck.failedEvent.getException()).withFailMessage("Failure event exception was null")
 				.isNotNull();
@@ -105,9 +103,7 @@ public class JaasAuthenticationProviderTests {
 	public void testConfigurationLoop() throws Exception {
 		String resName = "/" + getClass().getName().replace('.', '/') + ".conf";
 		URL url = getClass().getResource(resName);
-
 		Security.setProperty("login.config.url.1", url.toString());
-
 		setUp();
 		testFull();
 	}
@@ -119,7 +115,6 @@ public class JaasAuthenticationProviderTests {
 		myJaasProvider.setAuthorityGranters(this.jaasProvider.getAuthorityGranters());
 		myJaasProvider.setCallbackHandlers(this.jaasProvider.getCallbackHandlers());
 		myJaasProvider.setLoginContextName(this.jaasProvider.getLoginContextName());
-
 		try {
 			myJaasProvider.afterPropertiesSet();
 			fail("Should have thrown ApplicationContextException");
@@ -136,7 +131,6 @@ public class JaasAuthenticationProviderTests {
 		// Create temp directory with a space in the name
 		File configDir = new File(System.getProperty("java.io.tmpdir") + File.separator + "jaas test");
 		configDir.deleteOnExit();
-
 		if (configDir.exists()) {
 			configDir.delete();
 		}
@@ -149,14 +143,12 @@ public class JaasAuthenticationProviderTests {
 				"JAASTestBlah {" + "org.springframework.security.authentication.jaas.TestLoginModule required;" + "};");
 		pw.flush();
 		pw.close();
-
 		JaasAuthenticationProvider myJaasProvider = new JaasAuthenticationProvider();
 		myJaasProvider.setApplicationEventPublisher(this.context);
 		myJaasProvider.setLoginConfig(new FileSystemResource(configFile));
 		myJaasProvider.setAuthorityGranters(this.jaasProvider.getAuthorityGranters());
 		myJaasProvider.setCallbackHandlers(this.jaasProvider.getCallbackHandlers());
 		myJaasProvider.setLoginContextName(this.jaasProvider.getLoginContextName());
-
 		myJaasProvider.afterPropertiesSet();
 	}
 
@@ -168,7 +160,6 @@ public class JaasAuthenticationProviderTests {
 		myJaasProvider.setCallbackHandlers(this.jaasProvider.getCallbackHandlers());
 		myJaasProvider.setLoginConfig(this.jaasProvider.getLoginConfig());
 		myJaasProvider.setLoginContextName(null);
-
 		try {
 			myJaasProvider.afterPropertiesSet();
 			fail("Should have thrown IllegalArgumentException");
@@ -176,9 +167,7 @@ public class JaasAuthenticationProviderTests {
 		catch (IllegalArgumentException expected) {
 			assertThat(expected.getMessage()).startsWith("loginContextName must be set on");
 		}
-
 		myJaasProvider.setLoginContextName("");
-
 		try {
 			myJaasProvider.afterPropertiesSet();
 			fail("Should have thrown IllegalArgumentException");
@@ -192,25 +181,19 @@ public class JaasAuthenticationProviderTests {
 	public void testFull() {
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("user", "password",
 				AuthorityUtils.createAuthorityList("ROLE_ONE"));
-
 		assertThat(this.jaasProvider.supports(UsernamePasswordAuthenticationToken.class)).isTrue();
-
 		Authentication auth = this.jaasProvider.authenticate(token);
-
 		assertThat(this.jaasProvider.getAuthorityGranters()).isNotNull();
 		assertThat(this.jaasProvider.getCallbackHandlers()).isNotNull();
 		assertThat(this.jaasProvider.getLoginConfig()).isNotNull();
 		assertThat(this.jaasProvider.getLoginContextName()).isNotNull();
-
 		Collection<? extends GrantedAuthority> list = auth.getAuthorities();
 		Set<String> set = AuthorityUtils.authorityListToSet(list);
-
 		assertThat(set.contains("ROLE_ONE")).withFailMessage("GrantedAuthorities should not contain ROLE_ONE")
 				.isFalse();
 		assertThat(set.contains("ROLE_TEST1")).withFailMessage("GrantedAuthorities should contain ROLE_TEST1").isTrue();
 		assertThat(set.contains("ROLE_TEST2")).withFailMessage("GrantedAuthorities should contain ROLE_TEST2").isTrue();
 		boolean foundit = false;
-
 		for (GrantedAuthority a : list) {
 			if (a instanceof JaasGrantedAuthority) {
 				JaasGrantedAuthority grant = (JaasGrantedAuthority) a;
@@ -219,9 +202,7 @@ public class JaasAuthenticationProviderTests {
 				foundit = true;
 			}
 		}
-
 		assertThat(foundit).as("Could not find a JaasGrantedAuthority").isTrue();
-
 		assertThat(this.eventCheck.successEvent).as("Success event should be fired").isNotNull();
 		assertThat(this.eventCheck.successEvent.getAuthentication()).withFailMessage("Auth objects should be equal")
 				.isEqualTo(auth);
@@ -237,7 +218,6 @@ public class JaasAuthenticationProviderTests {
 	public void testLoginExceptionResolver() {
 		assertThat(this.jaasProvider.getLoginExceptionResolver()).isNotNull();
 		this.jaasProvider.setLoginExceptionResolver((e) -> new LockedException("This is just a test!"));
-
 		try {
 			this.jaasProvider.authenticate(new UsernamePasswordAuthenticationToken("user", "password"));
 		}
@@ -251,26 +231,19 @@ public class JaasAuthenticationProviderTests {
 	@Test
 	public void testLogout() throws Exception {
 		MockLoginContext loginContext = new MockLoginContext(this.jaasProvider.getLoginContextName());
-
 		JaasAuthenticationToken token = new JaasAuthenticationToken(null, null, loginContext);
-
 		SecurityContext context = SecurityContextHolder.createEmptyContext();
 		context.setAuthentication(token);
-
 		SessionDestroyedEvent event = mock(SessionDestroyedEvent.class);
 		given(event.getSecurityContexts()).willReturn(Arrays.asList(context));
-
 		this.jaasProvider.handleLogout(event);
-
 		assertThat(loginContext.loggedOut).isTrue();
 	}
 
 	@Test
 	public void testNullDefaultAuthorities() {
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("user", "password");
-
 		assertThat(this.jaasProvider.supports(UsernamePasswordAuthenticationToken.class)).isTrue();
-
 		Authentication auth = this.jaasProvider.authenticate(token);
 		assertThat(auth.getAuthorities()).withFailMessage("Only ROLE_TEST1 and ROLE_TEST2 should have been returned")
 				.hasSize(2);
diff --git a/core/src/test/java/org/springframework/security/authentication/jaas/JaasEventCheck.java b/core/src/test/java/org/springframework/security/authentication/jaas/JaasEventCheck.java
index 565ea98356..7efedeecb6 100644
--- a/core/src/test/java/org/springframework/security/authentication/jaas/JaasEventCheck.java
+++ b/core/src/test/java/org/springframework/security/authentication/jaas/JaasEventCheck.java
@@ -35,7 +35,6 @@ public class JaasEventCheck implements ApplicationListener<JaasAuthenticationEve
 		if (event instanceof JaasAuthenticationFailedEvent) {
 			this.failedEvent = (JaasAuthenticationFailedEvent) event;
 		}
-
 		if (event instanceof JaasAuthenticationSuccessEvent) {
 			this.successEvent = (JaasAuthenticationSuccessEvent) event;
 		}
diff --git a/core/src/test/java/org/springframework/security/authentication/jaas/Sec760Tests.java b/core/src/test/java/org/springframework/security/authentication/jaas/Sec760Tests.java
index 2d8d455032..bec12f7be4 100644
--- a/core/src/test/java/org/springframework/security/authentication/jaas/Sec760Tests.java
+++ b/core/src/test/java/org/springframework/security/authentication/jaas/Sec760Tests.java
@@ -46,7 +46,6 @@ public class Sec760Tests {
 		p1.setAuthorityGranters(new AuthorityGranter[] { new TestAuthorityGranter() });
 		p1.afterPropertiesSet();
 		testAuthenticate(p1);
-
 		p2.setLoginConfig(new ClassPathResource(resolveConfigFile("/test2.conf")));
 		p2.setLoginContextName("test2");
 		p2.setCallbackHandlers(new JaasAuthenticationCallbackHandler[] { new TestCallbackHandler(),
@@ -59,7 +58,6 @@ public class Sec760Tests {
 	private void testAuthenticate(JaasAuthenticationProvider p1) {
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("user", "password",
 				AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO"));
-
 		Authentication auth = p1.authenticate(token);
 		assertThat(auth).isNotNull();
 	}
diff --git a/core/src/test/java/org/springframework/security/authentication/jaas/SecurityContextLoginModuleTests.java b/core/src/test/java/org/springframework/security/authentication/jaas/SecurityContextLoginModuleTests.java
index 3f27e71d85..8090324520 100644
--- a/core/src/test/java/org/springframework/security/authentication/jaas/SecurityContextLoginModuleTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/jaas/SecurityContextLoginModuleTests.java
@@ -95,7 +95,6 @@ public class SecurityContextLoginModuleTests {
 		this.module.login();
 		assertThat(this.module.logout()).as("Should return true as it succeeds").isTrue();
 		assertThat(this.module.getAuthentication()).as("Authentication should be null").isNull();
-
 		assertThat(this.subject.getPrincipals().contains(this.auth))
 				.withFailMessage("Principals should not contain the authentication after logout").isFalse();
 	}
@@ -114,10 +113,8 @@ public class SecurityContextLoginModuleTests {
 	@Test
 	public void testNullAuthenticationInSecurityContextIgnored() throws Exception {
 		this.module = new SecurityContextLoginModule();
-
 		Map<String, String> options = new HashMap<>();
 		options.put("ignoreMissingAuthentication", "true");
-
 		this.module.initialize(this.subject, null, null, options);
 		SecurityContextHolder.getContext().setAuthentication(null);
 		assertThat(this.module.login()).as("Should return false and ask to be ignored").isFalse();
diff --git a/core/src/test/java/org/springframework/security/authentication/jaas/TestAuthorityGranter.java b/core/src/test/java/org/springframework/security/authentication/jaas/TestAuthorityGranter.java
index fbab33f747..2a557097a3 100644
--- a/core/src/test/java/org/springframework/security/authentication/jaas/TestAuthorityGranter.java
+++ b/core/src/test/java/org/springframework/security/authentication/jaas/TestAuthorityGranter.java
@@ -28,12 +28,10 @@ public class TestAuthorityGranter implements AuthorityGranter {
 	@Override
 	public Set<String> grant(Principal principal) {
 		Set<String> rtnSet = new HashSet<>();
-
 		if (principal.getName().equals("TEST_PRINCIPAL")) {
 			rtnSet.add("ROLE_TEST1");
 			rtnSet.add("ROLE_TEST2");
 		}
-
 		return rtnSet;
 	}
 
diff --git a/core/src/test/java/org/springframework/security/authentication/jaas/TestLoginModule.java b/core/src/test/java/org/springframework/security/authentication/jaas/TestLoginModule.java
index ab0d94fe90..b00267effc 100644
--- a/core/src/test/java/org/springframework/security/authentication/jaas/TestLoginModule.java
+++ b/core/src/test/java/org/springframework/security/authentication/jaas/TestLoginModule.java
@@ -52,14 +52,11 @@ public class TestLoginModule implements LoginModule {
 	@SuppressWarnings("unchecked")
 	public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) {
 		this.subject = subject;
-
 		try {
 			TextInputCallback textCallback = new TextInputCallback("prompt");
 			NameCallback nameCallback = new NameCallback("prompt");
 			PasswordCallback passwordCallback = new PasswordCallback("prompt", false);
-
 			callbackHandler.handle(new Callback[] { textCallback, nameCallback, passwordCallback });
-
 			this.password = new String(passwordCallback.getPassword());
 			this.user = nameCallback.getName();
 		}
@@ -73,15 +70,11 @@ public class TestLoginModule implements LoginModule {
 		if (!this.user.equals("user")) {
 			throw new LoginException("Bad User");
 		}
-
 		if (!this.password.equals("password")) {
 			throw new LoginException("Bad Password");
 		}
-
 		this.subject.getPrincipals().add(() -> "TEST_PRINCIPAL");
-
 		this.subject.getPrincipals().add(() -> "NULL_PRINCIPAL");
-
 		return true;
 	}
 
diff --git a/core/src/test/java/org/springframework/security/authentication/jaas/memory/InMemoryConfigurationTests.java b/core/src/test/java/org/springframework/security/authentication/jaas/memory/InMemoryConfigurationTests.java
index 58bb0120f5..c1f4f8be7f 100644
--- a/core/src/test/java/org/springframework/security/authentication/jaas/memory/InMemoryConfigurationTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/jaas/memory/InMemoryConfigurationTests.java
@@ -45,7 +45,6 @@ public class InMemoryConfigurationTests {
 	public void setUp() {
 		this.defaultEntries = new AppConfigurationEntry[] { new AppConfigurationEntry(TestLoginModule.class.getName(),
 				LoginModuleControlFlag.REQUIRED, Collections.<String, Object>emptyMap()) };
-
 		this.mappedEntries = Collections.<String, AppConfigurationEntry[]>singletonMap("name",
 				new AppConfigurationEntry[] { new AppConfigurationEntry(TestLoginModule.class.getName(),
 						LoginModuleControlFlag.OPTIONAL, Collections.<String, Object>emptyMap()) });
diff --git a/core/src/test/java/org/springframework/security/authentication/rcp/RemoteAuthenticationManagerImplTests.java b/core/src/test/java/org/springframework/security/authentication/rcp/RemoteAuthenticationManagerImplTests.java
index 3602d38288..a52f73ace0 100644
--- a/core/src/test/java/org/springframework/security/authentication/rcp/RemoteAuthenticationManagerImplTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/rcp/RemoteAuthenticationManagerImplTests.java
@@ -41,24 +41,20 @@ public class RemoteAuthenticationManagerImplTests {
 		AuthenticationManager am = mock(AuthenticationManager.class);
 		given(am.authenticate(any(Authentication.class))).willThrow(new BadCredentialsException(""));
 		manager.setAuthenticationManager(am);
-
 		manager.attemptAuthentication("rod", "password");
 	}
 
 	@Test
 	public void testStartupChecksAuthenticationManagerSet() throws Exception {
 		RemoteAuthenticationManagerImpl manager = new RemoteAuthenticationManagerImpl();
-
 		try {
 			manager.afterPropertiesSet();
 			fail("Should have thrown IllegalArgumentException");
 		}
 		catch (IllegalArgumentException expected) {
 		}
-
 		manager.setAuthenticationManager(mock(AuthenticationManager.class));
 		manager.afterPropertiesSet();
-
 	}
 
 	@Test
@@ -67,7 +63,6 @@ public class RemoteAuthenticationManagerImplTests {
 		AuthenticationManager am = mock(AuthenticationManager.class);
 		given(am.authenticate(any(Authentication.class))).willReturn(new TestingAuthenticationToken("u", "p", "A"));
 		manager.setAuthenticationManager(am);
-
 		manager.attemptAuthentication("rod", "password");
 	}
 
diff --git a/core/src/test/java/org/springframework/security/authentication/rcp/RemoteAuthenticationProviderTests.java b/core/src/test/java/org/springframework/security/authentication/rcp/RemoteAuthenticationProviderTests.java
index ed48fbfe87..42b37a73c8 100644
--- a/core/src/test/java/org/springframework/security/authentication/rcp/RemoteAuthenticationProviderTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/rcp/RemoteAuthenticationProviderTests.java
@@ -39,13 +39,11 @@ public class RemoteAuthenticationProviderTests {
 	public void testExceptionsGetPassedBackToCaller() {
 		RemoteAuthenticationProvider provider = new RemoteAuthenticationProvider();
 		provider.setRemoteAuthenticationManager(new MockRemoteAuthenticationManager(false));
-
 		try {
 			provider.authenticate(new UsernamePasswordAuthenticationToken("rod", "password"));
 			fail("Should have thrown RemoteAuthenticationException");
 		}
 		catch (RemoteAuthenticationException expected) {
-
 		}
 	}
 
@@ -59,25 +57,20 @@ public class RemoteAuthenticationProviderTests {
 	@Test
 	public void testStartupChecksAuthenticationManagerSet() throws Exception {
 		RemoteAuthenticationProvider provider = new RemoteAuthenticationProvider();
-
 		try {
 			provider.afterPropertiesSet();
 			fail("Should have thrown IllegalArgumentException");
 		}
 		catch (IllegalArgumentException expected) {
-
 		}
-
 		provider.setRemoteAuthenticationManager(new MockRemoteAuthenticationManager(true));
 		provider.afterPropertiesSet();
-
 	}
 
 	@Test
 	public void testSuccessfulAuthenticationCreatesObject() {
 		RemoteAuthenticationProvider provider = new RemoteAuthenticationProvider();
 		provider.setRemoteAuthenticationManager(new MockRemoteAuthenticationManager(true));
-
 		Authentication result = provider.authenticate(new UsernamePasswordAuthenticationToken("rod", "password"));
 		assertThat(result.getPrincipal()).isEqualTo("rod");
 		assertThat(result.getCredentials()).isEqualTo("password");
@@ -88,14 +81,12 @@ public class RemoteAuthenticationProviderTests {
 	public void testNullCredentialsDoesNotCauseNullPointerException() {
 		RemoteAuthenticationProvider provider = new RemoteAuthenticationProvider();
 		provider.setRemoteAuthenticationManager(new MockRemoteAuthenticationManager(false));
-
 		try {
 			provider.authenticate(new UsernamePasswordAuthenticationToken("rod", null));
 			fail("Expected Exception");
 		}
 		catch (RemoteAuthenticationException success) {
 		}
-
 	}
 
 	@Test
diff --git a/core/src/test/java/org/springframework/security/authentication/rememberme/RememberMeAuthenticationProviderTests.java b/core/src/test/java/org/springframework/security/authentication/rememberme/RememberMeAuthenticationProviderTests.java
index 3673f6b05e..169e9802cd 100644
--- a/core/src/test/java/org/springframework/security/authentication/rememberme/RememberMeAuthenticationProviderTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/rememberme/RememberMeAuthenticationProviderTests.java
@@ -38,10 +38,8 @@ public class RememberMeAuthenticationProviderTests {
 	@Test
 	public void testDetectsAnInvalidKey() {
 		RememberMeAuthenticationProvider aap = new RememberMeAuthenticationProvider("qwerty");
-
 		RememberMeAuthenticationToken token = new RememberMeAuthenticationToken("WRONG_KEY", "Test",
 				AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO"));
-
 		try {
 			aap.authenticate(token);
 			fail("Should have thrown BadCredentialsException");
@@ -57,7 +55,6 @@ public class RememberMeAuthenticationProviderTests {
 			fail("Should have thrown IllegalArgumentException");
 		}
 		catch (IllegalArgumentException expected) {
-
 		}
 	}
 
@@ -71,10 +68,8 @@ public class RememberMeAuthenticationProviderTests {
 	@Test
 	public void testIgnoresClassesItDoesNotSupport() {
 		RememberMeAuthenticationProvider aap = new RememberMeAuthenticationProvider("qwerty");
-
 		TestingAuthenticationToken token = new TestingAuthenticationToken("user", "password", "ROLE_A");
 		assertThat(aap.supports(TestingAuthenticationToken.class)).isFalse();
-
 		// Try it anyway
 		assertThat(aap.authenticate(token)).isNull();
 	}
@@ -82,12 +77,9 @@ public class RememberMeAuthenticationProviderTests {
 	@Test
 	public void testNormalOperation() {
 		RememberMeAuthenticationProvider aap = new RememberMeAuthenticationProvider("qwerty");
-
 		RememberMeAuthenticationToken token = new RememberMeAuthenticationToken("qwerty", "Test",
 				AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO"));
-
 		Authentication result = aap.authenticate(token);
-
 		assertThat(token).isEqualTo(result);
 	}
 
diff --git a/core/src/test/java/org/springframework/security/authentication/rememberme/RememberMeAuthenticationTokenTests.java b/core/src/test/java/org/springframework/security/authentication/rememberme/RememberMeAuthenticationTokenTests.java
index 492566f564..6bdf73bd5d 100644
--- a/core/src/test/java/org/springframework/security/authentication/rememberme/RememberMeAuthenticationTokenTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/rememberme/RememberMeAuthenticationTokenTests.java
@@ -45,17 +45,13 @@ public class RememberMeAuthenticationTokenTests {
 			fail("Should have thrown IllegalArgumentException");
 		}
 		catch (IllegalArgumentException expected) {
-
 		}
-
 		try {
 			new RememberMeAuthenticationToken("key", null, ROLES_12);
 			fail("Should have thrown IllegalArgumentException");
 		}
 		catch (IllegalArgumentException expected) {
-
 		}
-
 		try {
 			List<GrantedAuthority> authsContainingNull = new ArrayList<>();
 			authsContainingNull.add(null);
@@ -63,7 +59,6 @@ public class RememberMeAuthenticationTokenTests {
 			fail("Should have thrown IllegalArgumentException");
 		}
 		catch (IllegalArgumentException expected) {
-
 		}
 	}
 
@@ -71,14 +66,12 @@ public class RememberMeAuthenticationTokenTests {
 	public void testEqualsWhenEqual() {
 		RememberMeAuthenticationToken token1 = new RememberMeAuthenticationToken("key", "Test", ROLES_12);
 		RememberMeAuthenticationToken token2 = new RememberMeAuthenticationToken("key", "Test", ROLES_12);
-
 		assertThat(token2).isEqualTo(token1);
 	}
 
 	@Test
 	public void testGetters() {
 		RememberMeAuthenticationToken token = new RememberMeAuthenticationToken("key", "Test", ROLES_12);
-
 		assertThat(token.getKeyHash()).isEqualTo("key".hashCode());
 		assertThat(token.getPrincipal()).isEqualTo("Test");
 		assertThat(token.getCredentials()).isEqualTo("");
@@ -92,7 +85,6 @@ public class RememberMeAuthenticationTokenTests {
 		RememberMeAuthenticationToken token1 = new RememberMeAuthenticationToken("key", "Test", ROLES_12);
 		RememberMeAuthenticationToken token2 = new RememberMeAuthenticationToken("key", "DIFFERENT_PRINCIPAL",
 				ROLES_12);
-
 		assertThat(token1.equals(token2)).isFalse();
 	}
 
@@ -101,7 +93,6 @@ public class RememberMeAuthenticationTokenTests {
 		RememberMeAuthenticationToken token1 = new RememberMeAuthenticationToken("key", "Test", ROLES_12);
 		UsernamePasswordAuthenticationToken token2 = new UsernamePasswordAuthenticationToken("Test", "Password",
 				ROLES_12);
-
 		assertThat(token1.equals(token2)).isFalse();
 	}
 
@@ -109,7 +100,6 @@ public class RememberMeAuthenticationTokenTests {
 	public void testNotEqualsDueToKey() {
 		RememberMeAuthenticationToken token1 = new RememberMeAuthenticationToken("key", "Test", ROLES_12);
 		RememberMeAuthenticationToken token2 = new RememberMeAuthenticationToken("DIFFERENT_KEY", "Test", ROLES_12);
-
 		assertThat(token1.equals(token2)).isFalse();
 	}
 
diff --git a/core/src/test/java/org/springframework/security/authorization/AuthenticatedReactiveAuthorizationManagerTests.java b/core/src/test/java/org/springframework/security/authorization/AuthenticatedReactiveAuthorizationManagerTests.java
index 788fb05eb1..b9a333abbb 100644
--- a/core/src/test/java/org/springframework/security/authorization/AuthenticatedReactiveAuthorizationManagerTests.java
+++ b/core/src/test/java/org/springframework/security/authorization/AuthenticatedReactiveAuthorizationManagerTests.java
@@ -46,39 +46,32 @@ public class AuthenticatedReactiveAuthorizationManagerTests {
 	@Test
 	public void checkWhenAuthenticatedThenReturnTrue() {
 		given(this.authentication.isAuthenticated()).willReturn(true);
-
 		boolean granted = this.manager.check(Mono.just(this.authentication), null).block().isGranted();
-
 		assertThat(granted).isTrue();
 	}
 
 	@Test
 	public void checkWhenNotAuthenticatedThenReturnFalse() {
 		boolean granted = this.manager.check(Mono.just(this.authentication), null).block().isGranted();
-
 		assertThat(granted).isFalse();
 	}
 
 	@Test
 	public void checkWhenEmptyThenReturnFalse() {
 		boolean granted = this.manager.check(Mono.empty(), null).block().isGranted();
-
 		assertThat(granted).isFalse();
 	}
 
 	@Test
 	public void checkWhenAnonymousAuthenticatedThenReturnFalse() {
 		AnonymousAuthenticationToken anonymousAuthenticationToken = mock(AnonymousAuthenticationToken.class);
-
 		boolean granted = this.manager.check(Mono.just(anonymousAuthenticationToken), null).block().isGranted();
-
 		assertThat(granted).isFalse();
 	}
 
 	@Test
 	public void checkWhenErrorThenError() {
 		Mono<AuthorizationDecision> result = this.manager.check(Mono.error(new RuntimeException("ooops")), null);
-
 		StepVerifier.create(result).expectError().verify();
 	}
 
diff --git a/core/src/test/java/org/springframework/security/authorization/AuthorityReactiveAuthorizationManagerTests.java b/core/src/test/java/org/springframework/security/authorization/AuthorityReactiveAuthorizationManagerTests.java
index eeb5fe479d..096e983924 100644
--- a/core/src/test/java/org/springframework/security/authorization/AuthorityReactiveAuthorizationManagerTests.java
+++ b/core/src/test/java/org/springframework/security/authorization/AuthorityReactiveAuthorizationManagerTests.java
@@ -46,21 +46,18 @@ public class AuthorityReactiveAuthorizationManagerTests {
 	@Test
 	public void checkWhenHasAuthorityAndNotAuthenticatedThenReturnFalse() {
 		boolean granted = this.manager.check(Mono.just(this.authentication), null).block().isGranted();
-
 		assertThat(granted).isFalse();
 	}
 
 	@Test
 	public void checkWhenHasAuthorityAndEmptyThenReturnFalse() {
 		boolean granted = this.manager.check(Mono.empty(), null).block().isGranted();
-
 		assertThat(granted).isFalse();
 	}
 
 	@Test
 	public void checkWhenHasAuthorityAndErrorThenError() {
 		Mono<AuthorizationDecision> result = this.manager.check(Mono.error(new RuntimeException("ooops")), null);
-
 		StepVerifier.create(result).expectError().verify();
 	}
 
@@ -68,27 +65,21 @@ public class AuthorityReactiveAuthorizationManagerTests {
 	public void checkWhenHasAuthorityAndAuthenticatedAndNoAuthoritiesThenReturnFalse() {
 		given(this.authentication.isAuthenticated()).willReturn(true);
 		given(this.authentication.getAuthorities()).willReturn(Collections.emptyList());
-
 		boolean granted = this.manager.check(Mono.just(this.authentication), null).block().isGranted();
-
 		assertThat(granted).isFalse();
 	}
 
 	@Test
 	public void checkWhenHasAuthorityAndAuthenticatedAndWrongAuthoritiesThenReturnFalse() {
 		this.authentication = new TestingAuthenticationToken("rob", "secret", "ROLE_ADMIN");
-
 		boolean granted = this.manager.check(Mono.just(this.authentication), null).block().isGranted();
-
 		assertThat(granted).isFalse();
 	}
 
 	@Test
 	public void checkWhenHasAuthorityAndAuthorizedThenReturnTrue() {
 		this.authentication = new TestingAuthenticationToken("rob", "secret", "ADMIN");
-
 		boolean granted = this.manager.check(Mono.just(this.authentication), null).block().isGranted();
-
 		assertThat(granted).isTrue();
 	}
 
@@ -96,9 +87,7 @@ public class AuthorityReactiveAuthorizationManagerTests {
 	public void checkWhenHasRoleAndAuthorizedThenReturnTrue() {
 		this.manager = AuthorityReactiveAuthorizationManager.hasRole("ADMIN");
 		this.authentication = new TestingAuthenticationToken("rob", "secret", "ROLE_ADMIN");
-
 		boolean granted = this.manager.check(Mono.just(this.authentication), null).block().isGranted();
-
 		assertThat(granted).isTrue();
 	}
 
@@ -106,9 +95,7 @@ public class AuthorityReactiveAuthorizationManagerTests {
 	public void checkWhenHasRoleAndNotAuthorizedThenReturnFalse() {
 		this.manager = AuthorityReactiveAuthorizationManager.hasRole("ADMIN");
 		this.authentication = new TestingAuthenticationToken("rob", "secret", "ADMIN");
-
 		boolean granted = this.manager.check(Mono.just(this.authentication), null).block().isGranted();
-
 		assertThat(granted).isFalse();
 	}
 
@@ -117,9 +104,7 @@ public class AuthorityReactiveAuthorizationManagerTests {
 		this.manager = AuthorityReactiveAuthorizationManager.hasAnyRole("GENERAL", "USER", "TEST");
 		this.authentication = new TestingAuthenticationToken("rob", "secret", "ROLE_USER", "ROLE_AUDITING",
 				"ROLE_ADMIN");
-
 		boolean granted = this.manager.check(Mono.just(this.authentication), null).block().isGranted();
-
 		assertThat(granted).isTrue();
 	}
 
@@ -127,9 +112,7 @@ public class AuthorityReactiveAuthorizationManagerTests {
 	public void checkWhenHasAnyRoleAndNotAuthorizedThenReturnFalse() {
 		this.manager = AuthorityReactiveAuthorizationManager.hasAnyRole("GENERAL", "USER", "TEST");
 		this.authentication = new TestingAuthenticationToken("rob", "secret", "USER", "AUDITING", "ADMIN");
-
 		boolean granted = this.manager.check(Mono.just(this.authentication), null).block().isGranted();
-
 		assertThat(granted).isFalse();
 	}
 
diff --git a/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextRunnableTests.java b/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextRunnableTests.java
index 265ab85f16..3c47bc6416 100644
--- a/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextRunnableTests.java
+++ b/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextRunnableTests.java
@@ -66,7 +66,6 @@ public class DelegatingSecurityContextRunnableTests {
 			assertThat(SecurityContextHolder.getContext()).isEqualTo(this.securityContext);
 			return null;
 		}).given(this.delegate).run();
-
 		this.executor = Executors.newFixedThreadPool(1);
 	}
 
diff --git a/core/src/test/java/org/springframework/security/context/DelegatingApplicationListenerTests.java b/core/src/test/java/org/springframework/security/context/DelegatingApplicationListenerTests.java
index 7f087dfbab..86d242ad66 100644
--- a/core/src/test/java/org/springframework/security/context/DelegatingApplicationListenerTests.java
+++ b/core/src/test/java/org/springframework/security/context/DelegatingApplicationListenerTests.java
@@ -51,7 +51,6 @@ public class DelegatingApplicationListenerTests {
 	@Test
 	public void processEventNull() {
 		this.listener.onApplicationEvent(null);
-
 		verify(this.delegate, never()).onApplicationEvent(any(ApplicationEvent.class));
 	}
 
@@ -60,14 +59,12 @@ public class DelegatingApplicationListenerTests {
 		given(this.delegate.supportsEventType(this.event.getClass())).willReturn(true);
 		given(this.delegate.supportsSourceType(this.event.getSource().getClass())).willReturn(true);
 		this.listener.onApplicationEvent(this.event);
-
 		verify(this.delegate).onApplicationEvent(this.event);
 	}
 
 	@Test
 	public void processEventEventTypeNotSupported() {
 		this.listener.onApplicationEvent(this.event);
-
 		verify(this.delegate, never()).onApplicationEvent(any(ApplicationEvent.class));
 	}
 
@@ -75,7 +72,6 @@ public class DelegatingApplicationListenerTests {
 	public void processEventSourceTypeNotSupported() {
 		given(this.delegate.supportsEventType(this.event.getClass())).willReturn(true);
 		this.listener.onApplicationEvent(this.event);
-
 		verify(this.delegate, never()).onApplicationEvent(any(ApplicationEvent.class));
 	}
 
diff --git a/core/src/test/java/org/springframework/security/core/SpringSecurityCoreVersionTests.java b/core/src/test/java/org/springframework/security/core/SpringSecurityCoreVersionTests.java
index 292c9d1680..33b297c385 100644
--- a/core/src/test/java/org/springframework/security/core/SpringSecurityCoreVersionTests.java
+++ b/core/src/test/java/org/springframework/security/core/SpringSecurityCoreVersionTests.java
@@ -63,20 +63,16 @@ public class SpringSecurityCoreVersionTests {
 	public void springVersionIsUpToDate() {
 		// Property is set by the build script
 		String springVersion = System.getProperty("springVersion");
-
 		assertThat(SpringSecurityCoreVersion.MIN_SPRING_VERSION).isEqualTo(springVersion);
 	}
 
 	@Test
 	public void serialVersionMajorAndMinorVersionMatchBuildVersion() {
 		String version = System.getProperty("springSecurityVersion");
-
 		// Strip patch version
 		String serialVersion = String.valueOf(SpringSecurityCoreVersion.SERIAL_VERSION_UID).substring(0, 2);
-
 		assertThat(serialVersion.charAt(0)).isEqualTo(version.charAt(0));
 		assertThat(serialVersion.charAt(1)).isEqualTo(version.charAt(2));
-
 	}
 
 	// SEC-2295
@@ -87,9 +83,7 @@ public class SpringSecurityCoreVersionTests {
 		PowerMockito.spy(SpringVersion.class);
 		PowerMockito.doReturn(version).when(SpringSecurityCoreVersion.class, "getVersion");
 		PowerMockito.doReturn(version).when(SpringVersion.class, "getVersion");
-
 		performChecks();
-
 		verifyZeroInteractions(this.logger);
 	}
 
@@ -99,9 +93,7 @@ public class SpringSecurityCoreVersionTests {
 		PowerMockito.spy(SpringVersion.class);
 		PowerMockito.doReturn("1").when(SpringSecurityCoreVersion.class, "getVersion");
 		PowerMockito.doReturn(null).when(SpringVersion.class, "getVersion");
-
 		performChecks();
-
 		verifyZeroInteractions(this.logger);
 	}
 
@@ -111,9 +103,7 @@ public class SpringSecurityCoreVersionTests {
 		PowerMockito.spy(SpringVersion.class);
 		PowerMockito.doReturn("3").when(SpringSecurityCoreVersion.class, "getVersion");
 		PowerMockito.doReturn("2").when(SpringVersion.class, "getVersion");
-
 		performChecks();
-
 		verify(this.logger, times(1)).warn(any());
 	}
 
@@ -123,9 +113,7 @@ public class SpringSecurityCoreVersionTests {
 		PowerMockito.spy(SpringVersion.class);
 		PowerMockito.doReturn("4.0.0.RELEASE").when(SpringSecurityCoreVersion.class, "getVersion");
 		PowerMockito.doReturn("4.0.0.RELEASE").when(SpringVersion.class, "getVersion");
-
 		performChecks();
-
 		verify(this.logger, never()).warn(any());
 	}
 
@@ -137,9 +125,7 @@ public class SpringSecurityCoreVersionTests {
 		PowerMockito.spy(SpringVersion.class);
 		PowerMockito.doReturn("3.2.0.RELEASE").when(SpringSecurityCoreVersion.class, "getVersion");
 		PowerMockito.doReturn("3.2.10.RELEASE").when(SpringVersion.class, "getVersion");
-
 		performChecks(minSpringVersion);
-
 		verify(this.logger, never()).warn(any());
 	}
 
@@ -150,9 +136,7 @@ public class SpringSecurityCoreVersionTests {
 		PowerMockito.doReturn("3").when(SpringSecurityCoreVersion.class, "getVersion");
 		PowerMockito.doReturn("2").when(SpringVersion.class, "getVersion");
 		System.setProperty(getDisableChecksProperty(), Boolean.TRUE.toString());
-
 		performChecks();
-
 		verifyZeroInteractions(this.logger);
 	}
 
diff --git a/core/src/test/java/org/springframework/security/core/SpringSecurityMessageSourceTests.java b/core/src/test/java/org/springframework/security/core/SpringSecurityMessageSourceTests.java
index e9de5e9787..b795c3609b 100644
--- a/core/src/test/java/org/springframework/security/core/SpringSecurityMessageSourceTests.java
+++ b/core/src/test/java/org/springframework/security/core/SpringSecurityMessageSourceTests.java
@@ -42,12 +42,10 @@ public class SpringSecurityMessageSourceTests {
 		// Change Locale to English
 		Locale before = LocaleContextHolder.getLocale();
 		LocaleContextHolder.setLocale(Locale.FRENCH);
-
 		// Cause a message to be generated
 		MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
 		assertThat("Le jeton nonce est compromis FOOBAR").isEqualTo(messages.getMessage(
 				"DigestAuthenticationFilter.nonceCompromised", new Object[] { "FOOBAR" }, "ERROR - FAILED TO LOOKUP"));
-
 		// Revert to original Locale
 		LocaleContextHolder.setLocale(before);
 	}
@@ -57,14 +55,11 @@ public class SpringSecurityMessageSourceTests {
 	public void germanSystemLocaleWithEnglishLocaleContextHolder() {
 		Locale beforeSystem = Locale.getDefault();
 		Locale.setDefault(Locale.GERMAN);
-
 		Locale beforeHolder = LocaleContextHolder.getLocale();
 		LocaleContextHolder.setLocale(Locale.US);
-
 		MessageSourceAccessor msgs = SpringSecurityMessageSource.getAccessor();
 		assertThat("Access is denied")
 				.isEqualTo(msgs.getMessage("AbstractAccessDecisionManager.accessDenied", "Ooops"));
-
 		// Revert to original Locale
 		Locale.setDefault(beforeSystem);
 		LocaleContextHolder.setLocale(beforeHolder);
diff --git a/core/src/test/java/org/springframework/security/core/authority/AuthorityUtilsTests.java b/core/src/test/java/org/springframework/security/core/authority/AuthorityUtilsTests.java
index 5d3ff6a689..34af08348f 100644
--- a/core/src/test/java/org/springframework/security/core/authority/AuthorityUtilsTests.java
+++ b/core/src/test/java/org/springframework/security/core/authority/AuthorityUtilsTests.java
@@ -34,9 +34,7 @@ public class AuthorityUtilsTests {
 	public void commaSeparatedStringIsParsedCorrectly() {
 		List<GrantedAuthority> authorityArray = AuthorityUtils
 				.commaSeparatedStringToAuthorityList(" ROLE_A, B, C, ROLE_D\n,\n E ");
-
 		Set<String> authorities = AuthorityUtils.authorityListToSet(authorityArray);
-
 		assertThat(authorities.contains("B")).isTrue();
 		assertThat(authorities.contains("C")).isTrue();
 		assertThat(authorities.contains("E")).isTrue();
diff --git a/core/src/test/java/org/springframework/security/core/authority/SimpleGrantedAuthorityTests.java b/core/src/test/java/org/springframework/security/core/authority/SimpleGrantedAuthorityTests.java
index 5380b81d71..09177a9fef 100644
--- a/core/src/test/java/org/springframework/security/core/authority/SimpleGrantedAuthorityTests.java
+++ b/core/src/test/java/org/springframework/security/core/authority/SimpleGrantedAuthorityTests.java
@@ -35,14 +35,10 @@ public class SimpleGrantedAuthorityTests {
 		SimpleGrantedAuthority auth1 = new SimpleGrantedAuthority("TEST");
 		assertThat(auth1).isEqualTo(auth1);
 		assertThat(new SimpleGrantedAuthority("TEST")).isEqualTo(auth1);
-
 		assertThat(auth1.equals("TEST")).isFalse();
-
 		SimpleGrantedAuthority auth3 = new SimpleGrantedAuthority("NOT_EQUAL");
 		assertThat(!auth1.equals(auth3)).isTrue();
-
 		assertThat(auth1.equals(mock(GrantedAuthority.class))).isFalse();
-
 		assertThat(auth1.equals(222)).isFalse();
 	}
 
diff --git a/core/src/test/java/org/springframework/security/core/authority/mapping/SimpleAuthoritiesMapperTests.java b/core/src/test/java/org/springframework/security/core/authority/mapping/SimpleAuthoritiesMapperTests.java
index f1515a3661..35781b5f30 100644
--- a/core/src/test/java/org/springframework/security/core/authority/mapping/SimpleAuthoritiesMapperTests.java
+++ b/core/src/test/java/org/springframework/security/core/authority/mapping/SimpleAuthoritiesMapperTests.java
@@ -57,13 +57,11 @@ public class SimpleAuthoritiesMapperTests {
 		assertThat(mapped).hasSize(2);
 		assertThat(mapped.contains("AaA")).isTrue();
 		assertThat(mapped.contains("Bbb")).isTrue();
-
 		mapper.setConvertToLowerCase(true);
 		mapped = AuthorityUtils.authorityListToSet(mapper.mapAuthorities(toMap));
 		assertThat(mapped).hasSize(2);
 		assertThat(mapped.contains("aaa")).isTrue();
 		assertThat(mapped.contains("bbb")).isTrue();
-
 		mapper.setConvertToLowerCase(false);
 		mapper.setConvertToUpperCase(true);
 		mapped = AuthorityUtils.authorityListToSet(mapper.mapAuthorities(toMap));
@@ -76,7 +74,6 @@ public class SimpleAuthoritiesMapperTests {
 	public void duplicatesAreRemoved() {
 		SimpleAuthorityMapper mapper = new SimpleAuthorityMapper();
 		mapper.setConvertToUpperCase(true);
-
 		Set<String> mapped = AuthorityUtils
 				.authorityListToSet(mapper.mapAuthorities(AuthorityUtils.createAuthorityList("AaA", "AAA")));
 		assertThat(mapped).hasSize(1);
diff --git a/core/src/test/java/org/springframework/security/core/context/ReactiveSecurityContextHolderTests.java b/core/src/test/java/org/springframework/security/core/context/ReactiveSecurityContextHolderTests.java
index eb915d7e32..0cbad90105 100644
--- a/core/src/test/java/org/springframework/security/core/context/ReactiveSecurityContextHolderTests.java
+++ b/core/src/test/java/org/springframework/security/core/context/ReactiveSecurityContextHolderTests.java
@@ -32,7 +32,6 @@ public class ReactiveSecurityContextHolderTests {
 	@Test
 	public void getContextWhenEmpty() {
 		Mono<SecurityContext> context = ReactiveSecurityContextHolder.getContext();
-
 		StepVerifier.create(context).verifyComplete();
 	}
 
@@ -40,23 +39,19 @@ public class ReactiveSecurityContextHolderTests {
 	public void setContextAndGetContextThenEmitsContext() {
 		SecurityContext expectedContext = new SecurityContextImpl(
 				new TestingAuthenticationToken("user", "password", "ROLE_USER"));
-
 		Mono<SecurityContext> context = Mono.subscriberContext()
 				.flatMap((c) -> ReactiveSecurityContextHolder.getContext())
 				.subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(expectedContext)));
-
 		StepVerifier.create(context).expectNext(expectedContext).verifyComplete();
 	}
 
 	@Test
 	public void demo() {
 		Authentication authentication = new TestingAuthenticationToken("user", "password", "ROLE_USER");
-
 		Mono<String> messageByUsername = ReactiveSecurityContextHolder.getContext()
 				.map(SecurityContext::getAuthentication).map(Authentication::getName)
 				.flatMap(this::findMessageByUsername)
 				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication));
-
 		StepVerifier.create(messageByUsername).expectNext("Hi user").verifyComplete();
 	}
 
@@ -68,23 +63,19 @@ public class ReactiveSecurityContextHolderTests {
 	public void setContextAndClearAndGetContextThenEmitsEmpty() {
 		SecurityContext expectedContext = new SecurityContextImpl(
 				new TestingAuthenticationToken("user", "password", "ROLE_USER"));
-
 		Mono<SecurityContext> context = Mono.subscriberContext()
 				.flatMap((c) -> ReactiveSecurityContextHolder.getContext())
 				.subscriberContext(ReactiveSecurityContextHolder.clearContext())
 				.subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(expectedContext)));
-
 		StepVerifier.create(context).verifyComplete();
 	}
 
 	@Test
 	public void setAuthenticationAndGetContextThenEmitsContext() {
 		Authentication expectedAuthentication = new TestingAuthenticationToken("user", "password", "ROLE_USER");
-
 		Mono<Authentication> authentication = Mono.subscriberContext()
 				.flatMap((c) -> ReactiveSecurityContextHolder.getContext()).map(SecurityContext::getAuthentication)
 				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(expectedAuthentication));
-
 		StepVerifier.create(authentication).expectNext(expectedAuthentication).verifyComplete();
 	}
 
diff --git a/core/src/test/java/org/springframework/security/core/context/SecurityContextHolderTests.java b/core/src/test/java/org/springframework/security/core/context/SecurityContextHolderTests.java
index c8a22279cb..7ea8a2eca8 100644
--- a/core/src/test/java/org/springframework/security/core/context/SecurityContextHolderTests.java
+++ b/core/src/test/java/org/springframework/security/core/context/SecurityContextHolderTests.java
@@ -60,7 +60,6 @@ public class SecurityContextHolderTests {
 			fail("Should have rejected null");
 		}
 		catch (IllegalArgumentException expected) {
-
 		}
 	}
 
diff --git a/core/src/test/java/org/springframework/security/core/parameters/DefaultSecurityParameterNameDiscovererTests.java b/core/src/test/java/org/springframework/security/core/parameters/DefaultSecurityParameterNameDiscovererTests.java
index 8f1cb7ee62..bbaf08c7a1 100644
--- a/core/src/test/java/org/springframework/security/core/parameters/DefaultSecurityParameterNameDiscovererTests.java
+++ b/core/src/test/java/org/springframework/security/core/parameters/DefaultSecurityParameterNameDiscovererTests.java
@@ -48,15 +48,12 @@ public class DefaultSecurityParameterNameDiscovererTests {
 	public void constructorDefault() {
 		List<ParameterNameDiscoverer> discoverers = (List<ParameterNameDiscoverer>) ReflectionTestUtils
 				.getField(this.discoverer, "parameterNameDiscoverers");
-
 		assertThat(discoverers).hasSize(2);
-
 		ParameterNameDiscoverer annotationDisc = discoverers.get(0);
 		assertThat(annotationDisc).isInstanceOf(AnnotationParameterNameDiscoverer.class);
 		Set<String> annotationsToUse = (Set<String>) ReflectionTestUtils.getField(annotationDisc,
 				"annotationClassesToUse");
 		assertThat(annotationsToUse).containsOnly("org.springframework.security.access.method.P", P.class.getName());
-
 		assertThat(discoverers.get(1).getClass()).isEqualTo(DefaultParameterNameDiscoverer.class);
 	}
 
@@ -64,19 +61,15 @@ public class DefaultSecurityParameterNameDiscovererTests {
 	public void constructorDiscoverers() {
 		this.discoverer = new DefaultSecurityParameterNameDiscoverer(
 				Arrays.asList(new LocalVariableTableParameterNameDiscoverer()));
-
 		List<ParameterNameDiscoverer> discoverers = (List<ParameterNameDiscoverer>) ReflectionTestUtils
 				.getField(this.discoverer, "parameterNameDiscoverers");
-
 		assertThat(discoverers).hasSize(3);
 		assertThat(discoverers.get(0)).isInstanceOf(LocalVariableTableParameterNameDiscoverer.class);
-
 		ParameterNameDiscoverer annotationDisc = discoverers.get(1);
 		assertThat(annotationDisc).isInstanceOf(AnnotationParameterNameDiscoverer.class);
 		Set<String> annotationsToUse = (Set<String>) ReflectionTestUtils.getField(annotationDisc,
 				"annotationClassesToUse");
 		assertThat(annotationsToUse).containsOnly("org.springframework.security.access.method.P", P.class.getName());
-
 		assertThat(discoverers.get(2)).isInstanceOf(DefaultParameterNameDiscoverer.class);
 	}
 
diff --git a/core/src/test/java/org/springframework/security/core/session/SessionInformationTests.java b/core/src/test/java/org/springframework/security/core/session/SessionInformationTests.java
index f2d1cbbcaf..626fcea0ed 100644
--- a/core/src/test/java/org/springframework/security/core/session/SessionInformationTests.java
+++ b/core/src/test/java/org/springframework/security/core/session/SessionInformationTests.java
@@ -34,16 +34,12 @@ public class SessionInformationTests {
 		Object principal = "Some principal object";
 		String sessionId = "1234567890";
 		Date currentDate = new Date();
-
 		SessionInformation info = new SessionInformation(principal, sessionId, currentDate);
 		assertThat(info.getPrincipal()).isEqualTo(principal);
 		assertThat(info.getSessionId()).isEqualTo(sessionId);
 		assertThat(info.getLastRequest()).isEqualTo(currentDate);
-
 		Thread.sleep(10);
-
 		info.refreshLastRequest();
-
 		assertThat(info.getLastRequest().after(currentDate)).isTrue();
 	}
 
diff --git a/core/src/test/java/org/springframework/security/core/session/SessionRegistryImplTests.java b/core/src/test/java/org/springframework/security/core/session/SessionRegistryImplTests.java
index 404722f8cb..df9ea8376d 100644
--- a/core/src/test/java/org/springframework/security/core/session/SessionRegistryImplTests.java
+++ b/core/src/test/java/org/springframework/security/core/session/SessionRegistryImplTests.java
@@ -44,10 +44,8 @@ public class SessionRegistryImplTests {
 	public void sessionDestroyedEventRemovesSessionFromRegistry() {
 		Object principal = "Some principal object";
 		final String sessionId = "zzzz";
-
 		// Register new Session
 		this.sessionRegistry.registerNewSession(sessionId, principal);
-
 		// De-register session via an ApplicationEvent
 		this.sessionRegistry.onApplicationEvent(new SessionDestroyedEvent("") {
 			@Override
@@ -60,7 +58,6 @@ public class SessionRegistryImplTests {
 				return null;
 			}
 		});
-
 		// Check attempts to retrieve cleared session return null
 		assertThat(this.sessionRegistry.getSessionInformation(sessionId)).isNull();
 	}
@@ -70,10 +67,8 @@ public class SessionRegistryImplTests {
 		Object principal = "Some principal object";
 		final String sessionId = "zzzz";
 		final String newSessionId = "123";
-
 		// Register new Session
 		this.sessionRegistry.registerNewSession(sessionId, principal);
-
 		// De-register session via an ApplicationEvent
 		this.sessionRegistry.onApplicationEvent(new SessionIdChangedEvent("") {
 			@Override
@@ -86,7 +81,6 @@ public class SessionRegistryImplTests {
 				return newSessionId;
 			}
 		});
-
 		assertThat(this.sessionRegistry.getSessionInformation(sessionId)).isNull();
 		assertThat(this.sessionRegistry.getSessionInformation(newSessionId)).isNotNull();
 		assertThat(this.sessionRegistry.getSessionInformation(newSessionId).getPrincipal()).isEqualTo(principal);
@@ -99,11 +93,9 @@ public class SessionRegistryImplTests {
 		String sessionId1 = "1234567890";
 		String sessionId2 = "9876543210";
 		String sessionId3 = "5432109876";
-
 		this.sessionRegistry.registerNewSession(sessionId1, principal1);
 		this.sessionRegistry.registerNewSession(sessionId2, principal1);
 		this.sessionRegistry.registerNewSession(sessionId3, principal2);
-
 		assertThat(this.sessionRegistry.getAllPrincipals()).hasSize(2);
 		assertThat(this.sessionRegistry.getAllPrincipals().contains(principal1)).isTrue();
 		assertThat(this.sessionRegistry.getAllPrincipals().contains(principal2)).isTrue();
@@ -115,32 +107,24 @@ public class SessionRegistryImplTests {
 		String sessionId = "1234567890";
 		// Register new Session
 		this.sessionRegistry.registerNewSession(sessionId, principal);
-
 		// Retrieve existing session by session ID
 		Date currentDateTime = this.sessionRegistry.getSessionInformation(sessionId).getLastRequest();
 		assertThat(this.sessionRegistry.getSessionInformation(sessionId).getPrincipal()).isEqualTo(principal);
 		assertThat(this.sessionRegistry.getSessionInformation(sessionId).getSessionId()).isEqualTo(sessionId);
 		assertThat(this.sessionRegistry.getSessionInformation(sessionId).getLastRequest()).isNotNull();
-
 		// Retrieve existing session by principal
 		assertThat(this.sessionRegistry.getAllSessions(principal, false)).hasSize(1);
-
 		// Sleep to ensure SessionRegistryImpl will update time
 		Thread.sleep(1000);
-
 		// Update request date/time
 		this.sessionRegistry.refreshLastRequest(sessionId);
-
 		Date retrieved = this.sessionRegistry.getSessionInformation(sessionId).getLastRequest();
 		assertThat(retrieved.after(currentDateTime)).isTrue();
-
 		// Check it retrieves correctly when looked up via principal
 		assertThat(this.sessionRegistry.getAllSessions(principal, false).get(0).getLastRequest()).isCloseTo(retrieved,
 				2000L);
-
 		// Clear session information
 		this.sessionRegistry.removeSessionInformation(sessionId);
-
 		// Check attempts to retrieve cleared session return null
 		assertThat(this.sessionRegistry.getSessionInformation(sessionId)).isNull();
 		assertThat(this.sessionRegistry.getAllSessions(principal, false)).isEmpty();
@@ -151,21 +135,17 @@ public class SessionRegistryImplTests {
 		Object principal = "Some principal object";
 		String sessionId1 = "1234567890";
 		String sessionId2 = "9876543210";
-
 		this.sessionRegistry.registerNewSession(sessionId1, principal);
 		List<SessionInformation> sessions = this.sessionRegistry.getAllSessions(principal, false);
 		assertThat(sessions).hasSize(1);
 		assertThat(contains(sessionId1, principal)).isTrue();
-
 		this.sessionRegistry.registerNewSession(sessionId2, principal);
 		sessions = this.sessionRegistry.getAllSessions(principal, false);
 		assertThat(sessions).hasSize(2);
 		assertThat(contains(sessionId2, principal)).isTrue();
-
 		// Expire one session
 		SessionInformation session = this.sessionRegistry.getSessionInformation(sessionId2);
 		session.expireNow();
-
 		// Check retrieval still correct
 		assertThat(this.sessionRegistry.getSessionInformation(sessionId2).isExpired()).isTrue();
 		assertThat(this.sessionRegistry.getSessionInformation(sessionId1).isExpired()).isFalse();
@@ -176,22 +156,18 @@ public class SessionRegistryImplTests {
 		Object principal = "Some principal object";
 		String sessionId1 = "1234567890";
 		String sessionId2 = "9876543210";
-
 		this.sessionRegistry.registerNewSession(sessionId1, principal);
 		List<SessionInformation> sessions = this.sessionRegistry.getAllSessions(principal, false);
 		assertThat(sessions).hasSize(1);
 		assertThat(contains(sessionId1, principal)).isTrue();
-
 		this.sessionRegistry.registerNewSession(sessionId2, principal);
 		sessions = this.sessionRegistry.getAllSessions(principal, false);
 		assertThat(sessions).hasSize(2);
 		assertThat(contains(sessionId2, principal)).isTrue();
-
 		this.sessionRegistry.removeSessionInformation(sessionId1);
 		sessions = this.sessionRegistry.getAllSessions(principal, false);
 		assertThat(sessions).hasSize(1);
 		assertThat(contains(sessionId2, principal)).isTrue();
-
 		this.sessionRegistry.removeSessionInformation(sessionId2);
 		assertThat(this.sessionRegistry.getSessionInformation(sessionId2)).isNull();
 		assertThat(this.sessionRegistry.getAllSessions(principal, false)).isEmpty();
@@ -199,13 +175,11 @@ public class SessionRegistryImplTests {
 
 	private boolean contains(String sessionId, Object principal) {
 		List<SessionInformation> info = this.sessionRegistry.getAllSessions(principal, false);
-
 		for (SessionInformation sessionInformation : info) {
 			if (sessionId.equals(sessionInformation.getSessionId())) {
 				return true;
 			}
 		}
-
 		return false;
 	}
 
diff --git a/core/src/test/java/org/springframework/security/core/token/DefaultTokenTests.java b/core/src/test/java/org/springframework/security/core/token/DefaultTokenTests.java
index 5a392720ac..1dc583b84b 100644
--- a/core/src/test/java/org/springframework/security/core/token/DefaultTokenTests.java
+++ b/core/src/test/java/org/springframework/security/core/token/DefaultTokenTests.java
@@ -35,7 +35,6 @@ public class DefaultTokenTests {
 		String key = "key";
 		long created = new Date().getTime();
 		String extendedInformation = "extended";
-
 		DefaultToken t1 = new DefaultToken(key, created, extendedInformation);
 		DefaultToken t2 = new DefaultToken(key, created, extendedInformation);
 		assertThat(t2).isEqualTo(t1);
@@ -52,7 +51,6 @@ public class DefaultTokenTests {
 	public void testEqualityWithDifferentExtendedInformation3() {
 		String key = "key";
 		long created = new Date().getTime();
-
 		DefaultToken t1 = new DefaultToken(key, created, "length1");
 		DefaultToken t2 = new DefaultToken(key, created, "longerLength2");
 		assertThat(t1).isNotEqualTo(t2);
diff --git a/core/src/test/java/org/springframework/security/core/userdetails/MapReactiveUserDetailsServiceTests.java b/core/src/test/java/org/springframework/security/core/userdetails/MapReactiveUserDetailsServiceTests.java
index f9d983a406..a6f8760871 100644
--- a/core/src/test/java/org/springframework/security/core/userdetails/MapReactiveUserDetailsServiceTests.java
+++ b/core/src/test/java/org/springframework/security/core/userdetails/MapReactiveUserDetailsServiceTests.java
@@ -33,7 +33,6 @@ public class MapReactiveUserDetailsServiceTests {
 			.roles("USER")
 			.build();
 	// @formatter:on
-
 	private MapReactiveUserDetailsService users = new MapReactiveUserDetailsService(Arrays.asList(USER_DETAILS));
 
 	@Test(expected = IllegalArgumentException.class)
@@ -71,7 +70,6 @@ public class MapReactiveUserDetailsServiceTests {
 		assertThat(foundUser.getPassword()).isNotEmpty();
 		foundUser.eraseCredentials();
 		assertThat(foundUser.getPassword()).isNull();
-
 		foundUser = this.users.findByUsername(USER_DETAILS.getUsername()).cast(User.class).block();
 		assertThat(foundUser.getPassword()).isNotEmpty();
 	}
diff --git a/core/src/test/java/org/springframework/security/core/userdetails/MockUserDetailsService.java b/core/src/test/java/org/springframework/security/core/userdetails/MockUserDetailsService.java
index 3a2a074971..5a771a6ed9 100644
--- a/core/src/test/java/org/springframework/security/core/userdetails/MockUserDetailsService.java
+++ b/core/src/test/java/org/springframework/security/core/userdetails/MockUserDetailsService.java
@@ -49,7 +49,6 @@ public class MockUserDetailsService implements UserDetailsService {
 		if (this.users.get(username) == null) {
 			throw new UsernameNotFoundException("User not found: " + username);
 		}
-
 		return this.users.get(username);
 	}
 
diff --git a/core/src/test/java/org/springframework/security/core/userdetails/UserTests.java b/core/src/test/java/org/springframework/security/core/userdetails/UserTests.java
index 920d6a249f..4ac32d65ba 100644
--- a/core/src/test/java/org/springframework/security/core/userdetails/UserTests.java
+++ b/core/src/test/java/org/springframework/security/core/userdetails/UserTests.java
@@ -44,7 +44,6 @@ public class UserTests {
 	@Test
 	public void equalsReturnsTrueIfUsernamesAreTheSame() {
 		User user1 = new User("rod", "koala", true, true, true, true, ROLE_12);
-
 		assertThat(user1).isNotNull();
 		assertThat(user1).isNotEqualTo("A STRING");
 		assertThat(user1).isEqualTo(user1);
@@ -56,7 +55,6 @@ public class UserTests {
 		User user1 = new User("rod", "koala", true, true, true, true, ROLE_12);
 		Set<UserDetails> users = new HashSet<>();
 		users.add(user1);
-
 		assertThat(users).contains(new User("rod", "koala", true, true, true, true, ROLE_12));
 		assertThat(users).contains(new User("rod", "anotherpass", false, false, false, false,
 				AuthorityUtils.createAuthorityList("ROLE_X")));
@@ -66,7 +64,6 @@ public class UserTests {
 	@Test
 	public void testNoArgConstructorDoesntExist() {
 		Class<User> clazz = User.class;
-
 		try {
 			clazz.getDeclaredConstructor((Class[]) null);
 			fail("Should have thrown NoSuchMethodException");
@@ -83,14 +80,12 @@ public class UserTests {
 		}
 		catch (IllegalArgumentException expected) {
 		}
-
 		try {
 			new User("rod", null, true, true, true, true, ROLE_12);
 			fail("Should have thrown IllegalArgumentException");
 		}
 		catch (IllegalArgumentException expected) {
 		}
-
 		try {
 			List<GrantedAuthority> auths = AuthorityUtils.createAuthorityList("ROLE_ONE");
 			auths.add(null);
@@ -145,9 +140,7 @@ public class UserTests {
 	@Test
 	public void withUserDetailsWhenAllEnabled() {
 		User expected = new User("rob", "pass", true, true, true, true, ROLE_12);
-
 		UserDetails actual = User.withUserDetails(expected).build();
-
 		assertThat(actual.getUsername()).isEqualTo(expected.getUsername());
 		assertThat(actual.getPassword()).isEqualTo(expected.getPassword());
 		assertThat(actual.getAuthorities()).isEqualTo(expected.getAuthorities());
@@ -160,9 +153,7 @@ public class UserTests {
 	@Test
 	public void withUserDetailsWhenAllDisabled() {
 		User expected = new User("rob", "pass", false, false, false, false, ROLE_12);
-
 		UserDetails actual = User.withUserDetails(expected).build();
-
 		assertThat(actual.getUsername()).isEqualTo(expected.getUsername());
 		assertThat(actual.getPassword()).isEqualTo(expected.getPassword());
 		assertThat(actual.getAuthorities()).isEqualTo(expected.getAuthorities());
@@ -175,10 +166,8 @@ public class UserTests {
 	@Test
 	public void withUserWhenDetailsPasswordEncoderThenEncodes() {
 		UserDetails userDetails = User.withUsername("user").password("password").roles("USER").build();
-
 		UserDetails withEncodedPassword = User.withUserDetails(userDetails).passwordEncoder((p) -> p + "encoded")
 				.build();
-
 		assertThat(withEncodedPassword.getPassword()).isEqualTo("passwordencoded");
 	}
 
@@ -186,7 +175,6 @@ public class UserTests {
 	public void withUsernameWhenPasswordEncoderAndPasswordThenEncodes() {
 		UserDetails withEncodedPassword = User.withUsername("user").password("password")
 				.passwordEncoder((p) -> p + "encoded").roles("USER").build();
-
 		assertThat(withEncodedPassword.getPassword()).isEqualTo("passwordencoded");
 	}
 
@@ -199,7 +187,6 @@ public class UserTests {
 			.roles("USER")
 			.build();
 		// @formatter:on
-
 		assertThat(withEncodedPassword.getPassword()).isEqualTo("passwordencoded");
 	}
 
@@ -214,7 +201,6 @@ public class UserTests {
 			.roles("USER")
 			.build();
 		// @formatter:on
-
 		assertThat(withEncodedPassword.getPassword()).isEqualTo("passwordencoded");
 	}
 
diff --git a/core/src/test/java/org/springframework/security/core/userdetails/cache/EhCacheBasedUserCacheTests.java b/core/src/test/java/org/springframework/security/core/userdetails/cache/EhCacheBasedUserCacheTests.java
index 1d989dbe98..45f1887853 100644
--- a/core/src/test/java/org/springframework/security/core/userdetails/cache/EhCacheBasedUserCacheTests.java
+++ b/core/src/test/java/org/springframework/security/core/userdetails/cache/EhCacheBasedUserCacheTests.java
@@ -53,7 +53,6 @@ public class EhCacheBasedUserCacheTests {
 	private Ehcache getCache() {
 		Ehcache cache = cacheManager.getCache("ehcacheusercachetests");
 		cache.removeAll();
-
 		return cache;
 	}
 
@@ -67,15 +66,12 @@ public class EhCacheBasedUserCacheTests {
 		EhCacheBasedUserCache cache = new EhCacheBasedUserCache();
 		cache.setCache(getCache());
 		cache.afterPropertiesSet();
-
 		// Check it gets stored in the cache
 		cache.putUserInCache(getUser());
 		assertThat(getUser().getPassword()).isEqualTo(cache.getUserFromCache(getUser().getUsername()).getPassword());
-
 		// Check it gets removed from the cache
 		cache.removeUserFromCache(getUser());
 		assertThat(cache.getUserFromCache(getUser().getUsername())).isNull();
-
 		// Check it doesn't return values for null or unknown users
 		assertThat(cache.getUserFromCache(null)).isNull();
 		assertThat(cache.getUserFromCache("UNKNOWN_USER")).isNull();
@@ -84,10 +80,8 @@ public class EhCacheBasedUserCacheTests {
 	@Test(expected = IllegalArgumentException.class)
 	public void startupDetectsMissingCache() throws Exception {
 		EhCacheBasedUserCache cache = new EhCacheBasedUserCache();
-
 		cache.afterPropertiesSet();
 		fail("Should have thrown IllegalArgumentException");
-
 		Ehcache myCache = getCache();
 		cache.setCache(myCache);
 		assertThat(cache.getCache()).isEqualTo(myCache);
diff --git a/core/src/test/java/org/springframework/security/core/userdetails/cache/SpringCacheBasedUserCacheTests.java b/core/src/test/java/org/springframework/security/core/userdetails/cache/SpringCacheBasedUserCacheTests.java
index 7fa442e322..44bf44bade 100644
--- a/core/src/test/java/org/springframework/security/core/userdetails/cache/SpringCacheBasedUserCacheTests.java
+++ b/core/src/test/java/org/springframework/security/core/userdetails/cache/SpringCacheBasedUserCacheTests.java
@@ -64,15 +64,12 @@ public class SpringCacheBasedUserCacheTests {
 	@Test
 	public void cacheOperationsAreSuccessful() throws Exception {
 		SpringCacheBasedUserCache cache = new SpringCacheBasedUserCache(getCache());
-
 		// Check it gets stored in the cache
 		cache.putUserInCache(getUser());
 		assertThat(getUser().getPassword()).isEqualTo(cache.getUserFromCache(getUser().getUsername()).getPassword());
-
 		// Check it gets removed from the cache
 		cache.removeUserFromCache(getUser());
 		assertThat(cache.getUserFromCache(getUser().getUsername())).isNull();
-
 		// Check it doesn't return values for null or unknown users
 		assertThat(cache.getUserFromCache(null)).isNull();
 		assertThat(cache.getUserFromCache("UNKNOWN_USER")).isNull();
diff --git a/core/src/test/java/org/springframework/security/core/userdetails/jdbc/JdbcDaoImplTests.java b/core/src/test/java/org/springframework/security/core/userdetails/jdbc/JdbcDaoImplTests.java
index bfad0a615e..90f45656b4 100644
--- a/core/src/test/java/org/springframework/security/core/userdetails/jdbc/JdbcDaoImplTests.java
+++ b/core/src/test/java/org/springframework/security/core/userdetails/jdbc/JdbcDaoImplTests.java
@@ -43,7 +43,6 @@ public class JdbcDaoImplTests {
 		JdbcDaoImpl dao = new JdbcDaoImpl();
 		dao.setDataSource(PopulatedDatabase.getDataSource());
 		dao.afterPropertiesSet();
-
 		return dao;
 	}
 
@@ -52,7 +51,6 @@ public class JdbcDaoImplTests {
 		dao.setDataSource(PopulatedDatabase.getDataSource());
 		dao.setRolePrefix("ARBITRARY_PREFIX_");
 		dao.afterPropertiesSet();
-
 		return dao;
 	}
 
@@ -63,7 +61,6 @@ public class JdbcDaoImplTests {
 		assertThat(user.getUsername()).isEqualTo("rod");
 		assertThat(user.getPassword()).isEqualTo("koala");
 		assertThat(user.isEnabled()).isTrue();
-
 		assertThat(AuthorityUtils.authorityListToSet(user.getAuthorities())).contains("ROLE_TELLER");
 		assertThat(AuthorityUtils.authorityListToSet(user.getAuthorities())).contains("ROLE_SUPERVISOR");
 	}
@@ -88,7 +85,6 @@ public class JdbcDaoImplTests {
 		JdbcDaoImpl dao = new JdbcDaoImpl();
 		dao.setAuthoritiesByUsernameQuery("SELECT * FROM FOO");
 		assertThat(dao.getAuthoritiesByUsernameQuery()).isEqualTo("SELECT * FROM FOO");
-
 		dao.setUsersByUsernameQuery("SELECT USERS FROM FOO");
 		assertThat(dao.getUsersByUsernameQuery()).isEqualTo("SELECT USERS FROM FOO");
 	}
@@ -96,7 +92,6 @@ public class JdbcDaoImplTests {
 	@Test
 	public void testLookupFailsIfUserHasNoGrantedAuthorities() throws Exception {
 		JdbcDaoImpl dao = makePopulatedJdbcDao();
-
 		try {
 			dao.loadUserByUsername("cooper");
 			fail("Should have thrown UsernameNotFoundException");
@@ -108,13 +103,11 @@ public class JdbcDaoImplTests {
 	@Test
 	public void testLookupFailsWithWrongUsername() throws Exception {
 		JdbcDaoImpl dao = makePopulatedJdbcDao();
-
 		try {
 			dao.loadUserByUsername("UNKNOWN_USER");
 			fail("Should have thrown UsernameNotFoundException");
 		}
 		catch (UsernameNotFoundException expected) {
-
 		}
 	}
 
@@ -129,11 +122,9 @@ public class JdbcDaoImplTests {
 	public void testRolePrefixWorks() throws Exception {
 		JdbcDaoImpl dao = makePopulatedJdbcDaoWithRolePrefix();
 		assertThat(dao.getRolePrefix()).isEqualTo("ARBITRARY_PREFIX_");
-
 		UserDetails user = dao.loadUserByUsername("rod");
 		assertThat(user.getUsername()).isEqualTo("rod");
 		assertThat(user.getAuthorities()).hasSize(2);
-
 		assertThat(AuthorityUtils.authorityListToSet(user.getAuthorities())).contains("ARBITRARY_PREFIX_ROLE_TELLER");
 		assertThat(AuthorityUtils.authorityListToSet(user.getAuthorities()))
 				.contains("ARBITRARY_PREFIX_ROLE_SUPERVISOR");
@@ -144,7 +135,6 @@ public class JdbcDaoImplTests {
 		JdbcDaoImpl dao = makePopulatedJdbcDao();
 		dao.setEnableAuthorities(false);
 		dao.setEnableGroups(true);
-
 		UserDetails jerry = dao.loadUserByUsername("jerry");
 		assertThat(jerry.getAuthorities()).hasSize(3);
 	}
@@ -162,34 +152,29 @@ public class JdbcDaoImplTests {
 	@Test
 	public void testStartupFailsIfDataSourceNotSet() {
 		JdbcDaoImpl dao = new JdbcDaoImpl();
-
 		try {
 			dao.afterPropertiesSet();
 			fail("Should have thrown IllegalArgumentException");
 		}
 		catch (IllegalArgumentException expected) {
-
 		}
 	}
 
 	@Test
 	public void testStartupFailsIfUserMapSetToNull() {
 		JdbcDaoImpl dao = new JdbcDaoImpl();
-
 		try {
 			dao.setDataSource(null);
 			dao.afterPropertiesSet();
 			fail("Should have thrown IllegalArgumentException");
 		}
 		catch (IllegalArgumentException expected) {
-
 		}
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void setMessageSourceWhenNullThenThrowsException() {
 		JdbcDaoImpl dao = new JdbcDaoImpl();
-
 		dao.setMessageSource(null);
 	}
 
@@ -199,9 +184,7 @@ public class JdbcDaoImplTests {
 		JdbcDaoImpl dao = new JdbcDaoImpl();
 		dao.setMessageSource(source);
 		String code = "code";
-
 		dao.getMessages().getMessage(code);
-
 		verify(source).getMessage(eq(code), any(), any());
 	}
 
diff --git a/core/src/test/java/org/springframework/security/core/userdetails/memory/UserAttributeEditorTests.java b/core/src/test/java/org/springframework/security/core/userdetails/memory/UserAttributeEditorTests.java
index 757d05bbeb..1d700855e8 100644
--- a/core/src/test/java/org/springframework/security/core/userdetails/memory/UserAttributeEditorTests.java
+++ b/core/src/test/java/org/springframework/security/core/userdetails/memory/UserAttributeEditorTests.java
@@ -31,7 +31,6 @@ public class UserAttributeEditorTests {
 	public void testCorrectOperationWithTrailingSpaces() {
 		UserAttributeEditor editor = new UserAttributeEditor();
 		editor.setAsText("password ,ROLE_ONE,ROLE_TWO ");
-
 		UserAttribute user = (UserAttribute) editor.getValue();
 		assertThat(user.getPassword()).isEqualTo("password");
 		assertThat(user.getAuthorities()).hasSize(2);
@@ -43,7 +42,6 @@ public class UserAttributeEditorTests {
 	public void testCorrectOperationWithoutEnabledDisabledKeyword() {
 		UserAttributeEditor editor = new UserAttributeEditor();
 		editor.setAsText("password,ROLE_ONE,ROLE_TWO");
-
 		UserAttribute user = (UserAttribute) editor.getValue();
 		assertThat(user.isValid()).isTrue();
 		assertThat(user.isEnabled()).isTrue(); // default
@@ -57,7 +55,6 @@ public class UserAttributeEditorTests {
 	public void testDisabledKeyword() {
 		UserAttributeEditor editor = new UserAttributeEditor();
 		editor.setAsText("password,disabled,ROLE_ONE,ROLE_TWO");
-
 		UserAttribute user = (UserAttribute) editor.getValue();
 		assertThat(user.isValid()).isTrue();
 		assertThat(!user.isEnabled()).isTrue();
@@ -71,7 +68,6 @@ public class UserAttributeEditorTests {
 	public void testEmptyStringReturnsNull() {
 		UserAttributeEditor editor = new UserAttributeEditor();
 		editor.setAsText("");
-
 		UserAttribute user = (UserAttribute) editor.getValue();
 		assertThat(user == null).isTrue();
 	}
@@ -80,7 +76,6 @@ public class UserAttributeEditorTests {
 	public void testEnabledKeyword() {
 		UserAttributeEditor editor = new UserAttributeEditor();
 		editor.setAsText("password,ROLE_ONE,enabled,ROLE_TWO");
-
 		UserAttribute user = (UserAttribute) editor.getValue();
 		assertThat(user.isValid()).isTrue();
 		assertThat(user.isEnabled()).isTrue();
@@ -94,7 +89,6 @@ public class UserAttributeEditorTests {
 	public void testMalformedStringReturnsNull() {
 		UserAttributeEditor editor = new UserAttributeEditor();
 		editor.setAsText("MALFORMED_STRING");
-
 		UserAttribute user = (UserAttribute) editor.getValue();
 		assertThat(user == null).isTrue();
 	}
@@ -103,7 +97,6 @@ public class UserAttributeEditorTests {
 	public void testNoPasswordOrRolesReturnsNull() {
 		UserAttributeEditor editor = new UserAttributeEditor();
 		editor.setAsText("disabled");
-
 		UserAttribute user = (UserAttribute) editor.getValue();
 		assertThat(user == null).isTrue();
 	}
@@ -112,7 +105,6 @@ public class UserAttributeEditorTests {
 	public void testNoRolesReturnsNull() {
 		UserAttributeEditor editor = new UserAttributeEditor();
 		editor.setAsText("password,enabled");
-
 		UserAttribute user = (UserAttribute) editor.getValue();
 		assertThat(user == null).isTrue();
 	}
@@ -121,7 +113,6 @@ public class UserAttributeEditorTests {
 	public void testNullReturnsNull() {
 		UserAttributeEditor editor = new UserAttributeEditor();
 		editor.setAsText(null);
-
 		UserAttribute user = (UserAttribute) editor.getValue();
 		assertThat(user == null).isTrue();
 	}
diff --git a/core/src/test/java/org/springframework/security/jackson2/AnonymousAuthenticationTokenMixinTests.java b/core/src/test/java/org/springframework/security/jackson2/AnonymousAuthenticationTokenMixinTests.java
index 1efa6f4b62..924364f352 100644
--- a/core/src/test/java/org/springframework/security/jackson2/AnonymousAuthenticationTokenMixinTests.java
+++ b/core/src/test/java/org/springframework/security/jackson2/AnonymousAuthenticationTokenMixinTests.java
@@ -48,7 +48,6 @@ public class AnonymousAuthenticationTokenMixinTests extends AbstractMixinTests {
 		+ "\"authorities\": " + SimpleGrantedAuthorityMixinTests.AUTHORITIES_ARRAYLIST_JSON
 	+ "}";
 	// @formatter:on
-
 	@Test
 	public void serializeAnonymousAuthenticationTokenTest() throws JsonProcessingException, JSONException {
 		User user = createDefaultUser();
diff --git a/core/src/test/java/org/springframework/security/jackson2/BadCredentialsExceptionMixinTests.java b/core/src/test/java/org/springframework/security/jackson2/BadCredentialsExceptionMixinTests.java
index 2fcc882be4..91dbb6750e 100644
--- a/core/src/test/java/org/springframework/security/jackson2/BadCredentialsExceptionMixinTests.java
+++ b/core/src/test/java/org/springframework/security/jackson2/BadCredentialsExceptionMixinTests.java
@@ -41,7 +41,6 @@ public class BadCredentialsExceptionMixinTests extends AbstractMixinTests {
 		+ "\"suppressed\": [\"[Ljava.lang.Throwable;\",[]]"
 		+ "}";
 	// @formatter:on
-
 	@Test
 	public void serializeBadCredentialsExceptionMixinTest() throws JsonProcessingException, JSONException {
 		BadCredentialsException exception = new BadCredentialsException("message");
diff --git a/core/src/test/java/org/springframework/security/jackson2/RememberMeAuthenticationTokenMixinTests.java b/core/src/test/java/org/springframework/security/jackson2/RememberMeAuthenticationTokenMixinTests.java
index 9500354e97..85b05860e8 100644
--- a/core/src/test/java/org/springframework/security/jackson2/RememberMeAuthenticationTokenMixinTests.java
+++ b/core/src/test/java/org/springframework/security/jackson2/RememberMeAuthenticationTokenMixinTests.java
@@ -48,7 +48,6 @@ public class RememberMeAuthenticationTokenMixinTests extends AbstractMixinTests
 		+ "\"authorities\": " + SimpleGrantedAuthorityMixinTests.AUTHORITIES_ARRAYLIST_JSON
 	+ "}";
 	// @formatter:on
-
 	// @formatter:off
 	private static final String REMEMBERME_AUTH_STRINGPRINCIPAL_JSON = "{"
 		+ "\"@class\": \"org.springframework.security.authentication.RememberMeAuthenticationToken\","
@@ -59,7 +58,6 @@ public class RememberMeAuthenticationTokenMixinTests extends AbstractMixinTests
 		+ "\"authorities\": " + SimpleGrantedAuthorityMixinTests.AUTHORITIES_ARRAYLIST_JSON
 	+ "}";
 	// @formatter:on
-
 	@Test(expected = IllegalArgumentException.class)
 	public void testWithNullPrincipal() {
 		new RememberMeAuthenticationToken("key", null, Collections.<GrantedAuthority>emptyList());
diff --git a/core/src/test/java/org/springframework/security/jackson2/SecurityContextMixinTests.java b/core/src/test/java/org/springframework/security/jackson2/SecurityContextMixinTests.java
index ab9405c986..8f2806079f 100644
--- a/core/src/test/java/org/springframework/security/jackson2/SecurityContextMixinTests.java
+++ b/core/src/test/java/org/springframework/security/jackson2/SecurityContextMixinTests.java
@@ -44,7 +44,6 @@ public class SecurityContextMixinTests extends AbstractMixinTests {
 		+ "\"authentication\": " + UsernamePasswordAuthenticationTokenMixinTests.AUTHENTICATED_STRINGPRINCIPAL_JSON
 	+ "}";
 	// @formatter:on
-
 	@Test
 	public void securityContextSerializeTest() throws JsonProcessingException, JSONException {
 		SecurityContext context = new SecurityContextImpl();
diff --git a/core/src/test/java/org/springframework/security/jackson2/SecurityJackson2ModulesTests.java b/core/src/test/java/org/springframework/security/jackson2/SecurityJackson2ModulesTests.java
index d053a451b9..106750a1e6 100644
--- a/core/src/test/java/org/springframework/security/jackson2/SecurityJackson2ModulesTests.java
+++ b/core/src/test/java/org/springframework/security/jackson2/SecurityJackson2ModulesTests.java
@@ -58,7 +58,6 @@ public class SecurityJackson2ModulesTests {
 	public void readValueWhenExplicitDefaultTypingAfterSecuritySetupThenReadsAsSpecificType() throws Exception {
 		this.mapper.enableDefaultTyping(ObjectMapper.DefaultTyping.NON_FINAL, JsonTypeInfo.As.PROPERTY);
 		String content = "{\"@class\":\"org.springframework.security.jackson2.SecurityJackson2ModulesTests$NotAllowlisted\",\"property\":\"bar\"}";
-
 		assertThat(this.mapper.readValue(content, Object.class)).isInstanceOf(NotAllowlisted.class);
 	}
 
@@ -68,14 +67,12 @@ public class SecurityJackson2ModulesTests {
 		this.mapper.enableDefaultTyping(ObjectMapper.DefaultTyping.NON_FINAL, JsonTypeInfo.As.PROPERTY);
 		SecurityJackson2Modules.enableDefaultTyping(this.mapper);
 		String content = "{\"@class\":\"org.springframework.security.jackson2.SecurityJackson2ModulesTests$NotAllowlisted\",\"property\":\"bar\"}";
-
 		assertThat(this.mapper.readValue(content, Object.class)).isInstanceOf(NotAllowlisted.class);
 	}
 
 	@Test
 	public void readValueWhenAnnotatedThenReadsAsSpecificType() throws Exception {
 		String content = "{\"@class\":\"org.springframework.security.jackson2.SecurityJackson2ModulesTests$NotAllowlistedButAnnotated\",\"property\":\"bar\"}";
-
 		assertThat(this.mapper.readValue(content, Object.class)).isInstanceOf(NotAllowlistedButAnnotated.class);
 	}
 
@@ -83,7 +80,6 @@ public class SecurityJackson2ModulesTests {
 	public void readValueWhenMixinProvidedThenReadsAsSpecificType() throws Exception {
 		this.mapper.addMixIn(NotAllowlisted.class, NotAllowlistedMixin.class);
 		String content = "{\"@class\":\"org.springframework.security.jackson2.SecurityJackson2ModulesTests$NotAllowlisted\",\"property\":\"bar\"}";
-
 		assertThat(this.mapper.readValue(content, Object.class)).isInstanceOf(NotAllowlisted.class);
 	}
 
@@ -91,7 +87,6 @@ public class SecurityJackson2ModulesTests {
 	public void readValueWhenHashMapThenReadsAsSpecificType() throws Exception {
 		this.mapper.addMixIn(NotAllowlisted.class, NotAllowlistedMixin.class);
 		String content = "{\"@class\":\"java.util.HashMap\"}";
-
 		assertThat(this.mapper.readValue(content, Object.class)).isInstanceOf(HashMap.class);
 	}
 
diff --git a/core/src/test/java/org/springframework/security/jackson2/SimpleGrantedAuthorityMixinTests.java b/core/src/test/java/org/springframework/security/jackson2/SimpleGrantedAuthorityMixinTests.java
index 2786cd2b24..05d67d7323 100644
--- a/core/src/test/java/org/springframework/security/jackson2/SimpleGrantedAuthorityMixinTests.java
+++ b/core/src/test/java/org/springframework/security/jackson2/SimpleGrantedAuthorityMixinTests.java
@@ -36,18 +36,12 @@ public class SimpleGrantedAuthorityMixinTests extends AbstractMixinTests {
 
 	// @formatter:off
 	public static final String AUTHORITY_JSON = "{\"@class\": \"org.springframework.security.core.authority.SimpleGrantedAuthority\", \"authority\": \"ROLE_USER\"}";
-
 	public static final String AUTHORITIES_ARRAYLIST_JSON = "[\"java.util.Collections$UnmodifiableRandomAccessList\", [" + AUTHORITY_JSON + "]]";
-
 	public static final String AUTHORITIES_SET_JSON = "[\"java.util.Collections$UnmodifiableSet\", [" + AUTHORITY_JSON + "]]";
-
 	public static final String NO_AUTHORITIES_ARRAYLIST_JSON = "[\"java.util.Collections$UnmodifiableRandomAccessList\", []]";
-
 	public static final String EMPTY_AUTHORITIES_ARRAYLIST_JSON = "[\"java.util.Collections$EmptyList\", []]";
-
 	public static final String NO_AUTHORITIES_SET_JSON = "[\"java.util.Collections$UnmodifiableSet\", []]";
 	// @formatter:on
-
 	@Test
 	public void serializeSimpleGrantedAuthorityTest() throws JsonProcessingException, JSONException {
 		SimpleGrantedAuthority authority = new SimpleGrantedAuthority("ROLE_USER");
diff --git a/core/src/test/java/org/springframework/security/jackson2/UserDeserializerTests.java b/core/src/test/java/org/springframework/security/jackson2/UserDeserializerTests.java
index f7d902486b..299b4f9026 100644
--- a/core/src/test/java/org/springframework/security/jackson2/UserDeserializerTests.java
+++ b/core/src/test/java/org/springframework/security/jackson2/UserDeserializerTests.java
@@ -53,7 +53,6 @@ public class UserDeserializerTests extends AbstractMixinTests {
 		+ "\"authorities\": " + SimpleGrantedAuthorityMixinTests.AUTHORITIES_SET_JSON
 	+ "}";
 	// @formatter:on
-
 	@Test
 	public void serializeUserTest() throws JsonProcessingException, JSONException {
 		User user = createDefaultUser();
@@ -72,14 +71,12 @@ public class UserDeserializerTests extends AbstractMixinTests {
 	public void deserializeUserWithNullPasswordEmptyAuthorityTest() throws IOException {
 		String userJsonWithoutPasswordString = USER_JSON.replace(SimpleGrantedAuthorityMixinTests.AUTHORITIES_SET_JSON,
 				"[]");
-
 		this.mapper.readValue(userJsonWithoutPasswordString, User.class);
 	}
 
 	@Test
 	public void deserializeUserWithNullPasswordNoAuthorityTest() throws Exception {
 		String userJsonWithoutPasswordString = removeNode(userWithNoAuthoritiesJson(), this.mapper, "password");
-
 		User user = this.mapper.readValue(userJsonWithoutPasswordString, User.class);
 		assertThat(user).isNotNull();
 		assertThat(user.getUsername()).isEqualTo("admin");
@@ -107,7 +104,6 @@ public class UserDeserializerTests extends AbstractMixinTests {
 	private String removeNode(String json, ObjectMapper mapper, String toRemove) throws Exception {
 		ObjectNode node = mapper.getFactory().createParser(json).readValueAsTree();
 		node.remove(toRemove);
-
 		String result = mapper.writeValueAsString(node);
 		JSONAssert.assertNotEquals(json, result, false);
 		return result;
diff --git a/core/src/test/java/org/springframework/security/provisioning/InMemoryUserDetailsManagerTests.java b/core/src/test/java/org/springframework/security/provisioning/InMemoryUserDetailsManagerTests.java
index c3c4816c06..cca7f4d75b 100644
--- a/core/src/test/java/org/springframework/security/provisioning/InMemoryUserDetailsManagerTests.java
+++ b/core/src/test/java/org/springframework/security/provisioning/InMemoryUserDetailsManagerTests.java
@@ -44,7 +44,6 @@ public class InMemoryUserDetailsManagerTests {
 	@Test
 	public void changePasswordWhenUsernameIsNotInLowercase() {
 		UserDetails userNotLowerCase = User.withUserDetails(PasswordEncodedUser.user()).username("User").build();
-
 		String newPassword = "newPassword";
 		this.manager.updatePassword(userNotLowerCase, newPassword);
 		assertThat(this.manager.loadUserByUsername(userNotLowerCase.getUsername()).getPassword())
diff --git a/core/src/test/java/org/springframework/security/provisioning/JdbcUserDetailsManagerTests.java b/core/src/test/java/org/springframework/security/provisioning/JdbcUserDetailsManagerTests.java
index 413bff2c53..ddb9a46d7e 100644
--- a/core/src/test/java/org/springframework/security/provisioning/JdbcUserDetailsManagerTests.java
+++ b/core/src/test/java/org/springframework/security/provisioning/JdbcUserDetailsManagerTests.java
@@ -97,7 +97,6 @@ public class JdbcUserDetailsManagerTests {
 		this.manager.setChangePasswordSql(JdbcUserDetailsManager.DEF_CHANGE_PASSWORD_SQL);
 		this.manager.initDao();
 		this.template = this.manager.getJdbcTemplate();
-
 		this.template.execute("create table users(username varchar(20) not null primary key,"
 				+ "password varchar(20) not null, enabled boolean not null)");
 		this.template
@@ -121,7 +120,6 @@ public class JdbcUserDetailsManagerTests {
 		this.template.execute("alter table users add column acc_locked boolean default false not null");
 		this.template.execute("alter table users add column acc_expired boolean default false not null");
 		this.template.execute("alter table users add column creds_expired boolean default false not null");
-
 		this.manager.setUsersByUsernameQuery(
 				"select username,password,enabled, acc_locked, acc_expired, creds_expired from users where username = ?");
 		this.manager.setCreateUserSql(
@@ -133,22 +131,17 @@ public class JdbcUserDetailsManagerTests {
 	@Test
 	public void createUserInsertsCorrectData() {
 		this.manager.createUser(joe);
-
 		UserDetails joe2 = this.manager.loadUserByUsername("joe");
-
 		assertThat(joe2).isEqualTo(joe);
 	}
 
 	@Test
 	public void createUserInsertsCorrectDataWithLocking() {
 		setUpAccLockingColumns();
-
 		UserDetails user = new User("joe", "pass", true, false, true, false,
 				AuthorityUtils.createAuthorityList("A", "B"));
 		this.manager.createUser(user);
-
 		UserDetails user2 = this.manager.loadUserByUsername(user.getUsername());
-
 		assertThat(user2).isEqualToComparingFieldByField(user);
 	}
 
@@ -156,7 +149,6 @@ public class JdbcUserDetailsManagerTests {
 	public void deleteUserRemovesUserDataAndAuthoritiesAndClearsCache() {
 		insertJoe();
 		this.manager.deleteUser("joe");
-
 		assertThat(this.template.queryForList(SELECT_JOE_SQL)).isEmpty();
 		assertThat(this.template.queryForList(SELECT_JOE_AUTHORITIES_SQL)).isEmpty();
 		assertThat(this.cache.getUserMap().containsKey("joe")).isFalse();
@@ -167,11 +159,8 @@ public class JdbcUserDetailsManagerTests {
 		insertJoe();
 		User newJoe = new User("joe", "newpassword", false, true, true, true,
 				AuthorityUtils.createAuthorityList(new String[] { "D", "F", "E" }));
-
 		this.manager.updateUser(newJoe);
-
 		UserDetails joe = this.manager.loadUserByUsername("joe");
-
 		assertThat(joe).isEqualTo(newJoe);
 		assertThat(this.cache.getUserMap().containsKey("joe")).isFalse();
 	}
@@ -179,16 +168,11 @@ public class JdbcUserDetailsManagerTests {
 	@Test
 	public void updateUserChangesDataCorrectlyAndClearsCacheWithLocking() {
 		setUpAccLockingColumns();
-
 		insertJoe();
-
 		User newJoe = new User("joe", "newpassword", false, false, false, true,
 				AuthorityUtils.createAuthorityList("D", "F", "E"));
-
 		this.manager.updateUser(newJoe);
-
 		UserDetails joe = this.manager.loadUserByUsername(newJoe.getUsername());
-
 		assertThat(joe).isEqualToComparingFieldByField(newJoe);
 		assertThat(this.cache.getUserMap().containsKey(newJoe.getUsername())).isFalse();
 	}
@@ -216,7 +200,6 @@ public class JdbcUserDetailsManagerTests {
 		authenticateJoe();
 		this.manager.changePassword("wrongpassword", "newPassword");
 		UserDetails newJoe = this.manager.loadUserByUsername("joe");
-
 		assertThat(newJoe.getPassword()).isEqualTo("newPassword");
 		assertThat(this.cache.getUserMap().containsKey("joe")).isFalse();
 	}
@@ -227,11 +210,9 @@ public class JdbcUserDetailsManagerTests {
 		Authentication currentAuth = authenticateJoe();
 		AuthenticationManager am = mock(AuthenticationManager.class);
 		given(am.authenticate(currentAuth)).willReturn(currentAuth);
-
 		this.manager.setAuthenticationManager(am);
 		this.manager.changePassword("password", "newPassword");
 		UserDetails newJoe = this.manager.loadUserByUsername("joe");
-
 		assertThat(newJoe.getPassword()).isEqualTo("newPassword");
 		// The password in the context should also be altered
 		Authentication newAuth = SecurityContextHolder.getContext().getAuthentication();
@@ -247,16 +228,13 @@ public class JdbcUserDetailsManagerTests {
 		authenticateJoe();
 		AuthenticationManager am = mock(AuthenticationManager.class);
 		given(am.authenticate(any(Authentication.class))).willThrow(new BadCredentialsException(""));
-
 		this.manager.setAuthenticationManager(am);
-
 		try {
 			this.manager.changePassword("password", "newPassword");
 			fail("Expected BadCredentialsException");
 		}
 		catch (BadCredentialsException expected) {
 		}
-
 		// Check password hasn't changed.
 		UserDetails newJoe = this.manager.loadUserByUsername("joe");
 		assertThat(newJoe.getPassword()).isEqualTo("password");
@@ -268,7 +246,6 @@ public class JdbcUserDetailsManagerTests {
 	public void findAllGroupsReturnsExpectedGroupNames() {
 		List<String> groups = this.manager.findAllGroups();
 		assertThat(groups).hasSize(4);
-
 		Collections.sort(groups);
 		assertThat(groups.get(0)).isEqualTo("GROUP_0");
 		assertThat(groups.get(1)).isEqualTo("GROUP_1");
@@ -289,10 +266,8 @@ public class JdbcUserDetailsManagerTests {
 	@SuppressWarnings("unchecked")
 	public void createGroupInsertsCorrectData() {
 		this.manager.createGroup("TEST_GROUP", AuthorityUtils.createAuthorityList("ROLE_X", "ROLE_Y"));
-
 		List roles = this.template.queryForList("select ga.authority from groups g, group_authorities ga "
 				+ "where ga.group_id = g.id " + "and g.group_name = 'TEST_GROUP'");
-
 		assertThat(roles).hasSize(2);
 	}
 
@@ -302,7 +277,6 @@ public class JdbcUserDetailsManagerTests {
 		this.manager.deleteGroup("GROUP_1");
 		this.manager.deleteGroup("GROUP_2");
 		this.manager.deleteGroup("GROUP_3");
-
 		assertThat(this.template.queryForList("select * from group_authorities")).isEmpty();
 		assertThat(this.template.queryForList("select * from group_members")).isEmpty();
 		assertThat(this.template.queryForList("select id from groups")).isEmpty();
@@ -311,7 +285,6 @@ public class JdbcUserDetailsManagerTests {
 	@Test
 	public void renameGroupIsSuccessful() {
 		this.manager.renameGroup("GROUP_0", "GROUP_X");
-
 		assertThat(this.template.queryForObject("select id from groups where group_name = 'GROUP_X'", Integer.class))
 				.isZero();
 	}
@@ -319,14 +292,12 @@ public class JdbcUserDetailsManagerTests {
 	@Test
 	public void addingGroupUserSetsCorrectData() {
 		this.manager.addUserToGroup("tom", "GROUP_0");
-
 		assertThat(this.template.queryForList("select username from group_members where group_id = 0")).hasSize(2);
 	}
 
 	@Test
 	public void removeUserFromGroupDeletesGroupMemberRow() {
 		this.manager.removeUserFromGroup("jerry", "GROUP_1");
-
 		assertThat(this.template.queryForList("select group_id from group_members where username = 'jerry'"))
 				.hasSize(1);
 	}
@@ -341,7 +312,6 @@ public class JdbcUserDetailsManagerTests {
 	public void addGroupAuthorityInsertsCorrectGroupAuthorityRow() {
 		GrantedAuthority auth = new SimpleGrantedAuthority("ROLE_X");
 		this.manager.addGroupAuthority("GROUP_0", auth);
-
 		this.template.queryForObject(
 				"select authority from group_authorities where authority = 'ROLE_X' and group_id = 0", String.class);
 	}
@@ -351,7 +321,6 @@ public class JdbcUserDetailsManagerTests {
 		GrantedAuthority auth = new SimpleGrantedAuthority("ROLE_A");
 		this.manager.removeGroupAuthority("GROUP_0", auth);
 		assertThat(this.template.queryForList("select authority from group_authorities where group_id = 0")).isEmpty();
-
 		this.manager.removeGroupAuthority("GROUP_2", auth);
 		assertThat(this.template.queryForList("select authority from group_authorities where group_id = 2")).hasSize(2);
 	}
@@ -388,7 +357,6 @@ public class JdbcUserDetailsManagerTests {
 		UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("joe", "password",
 				joe.getAuthorities());
 		SecurityContextHolder.getContext().setAuthentication(auth);
-
 		return auth;
 	}
 
diff --git a/core/src/test/java/org/springframework/security/util/FieldUtilsTests.java b/core/src/test/java/org/springframework/security/util/FieldUtilsTests.java
index 51835d2133..2d7317b7a1 100644
--- a/core/src/test/java/org/springframework/security/util/FieldUtilsTests.java
+++ b/core/src/test/java/org/springframework/security/util/FieldUtilsTests.java
@@ -28,12 +28,10 @@ public class FieldUtilsTests {
 	@Test
 	public void gettingAndSettingProtectedFieldIsSuccessful() throws Exception {
 		Object tc = new TestClass();
-
 		assertThat(FieldUtils.getProtectedFieldValue("protectedField", tc)).isEqualTo("x");
 		assertThat(FieldUtils.getFieldValue(tc, "nested.protectedField")).isEqualTo("z");
 		FieldUtils.setProtectedFieldValue("protectedField", tc, "y");
 		assertThat(FieldUtils.getProtectedFieldValue("protectedField", tc)).isEqualTo("y");
-
 		try {
 			FieldUtils.getProtectedFieldValue("nonExistentField", tc);
 		}
diff --git a/core/src/test/java/org/springframework/security/util/MethodInvocationUtilsTests.java b/core/src/test/java/org/springframework/security/util/MethodInvocationUtilsTests.java
index aa099fb9c0..7bc823f2bb 100644
--- a/core/src/test/java/org/springframework/security/util/MethodInvocationUtilsTests.java
+++ b/core/src/test/java/org/springframework/security/util/MethodInvocationUtilsTests.java
@@ -61,14 +61,11 @@ public class MethodInvocationUtilsTests {
 		AdvisedTarget t = new AdvisedTarget();
 		// Just lie about interfaces
 		t.setInterfaces(new Class[] { Serializable.class, MethodInvocation.class, Blah.class });
-
 		MethodInvocation mi = MethodInvocationUtils.create(t, "blah");
 		assertThat(mi).isNotNull();
-
 		t.setProxyTargetClass(true);
 		mi = MethodInvocationUtils.create(t, "blah");
 		assertThat(mi).isNotNull();
-
 		assertThat(MethodInvocationUtils.create(t, "blah", "non-existent arg")).isNull();
 	}
 
diff --git a/crypto/src/test/java/org/springframework/security/crypto/argon2/Argon2PasswordEncoderTests.java b/crypto/src/test/java/org/springframework/security/crypto/argon2/Argon2PasswordEncoderTests.java
index dce328f4b3..23fde39954 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/argon2/Argon2PasswordEncoderTests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/argon2/Argon2PasswordEncoderTests.java
@@ -89,7 +89,6 @@ public class Argon2PasswordEncoderTests {
 	public void matchesWhenGeneratedWithDifferentEncoderThenTrue() {
 		Argon2PasswordEncoder oldEncoder = new Argon2PasswordEncoder(20, 64, 4, 256, 4);
 		Argon2PasswordEncoder newEncoder = new Argon2PasswordEncoder();
-
 		String password = "secret";
 		String oldEncodedPassword = oldEncoder.encode(password);
 		assertThat(newEncoder.matches(password, oldEncodedPassword)).isTrue();
@@ -113,9 +112,7 @@ public class Argon2PasswordEncoderTests {
 	@Test
 	public void encodeWhenUsingPredictableSaltThenEqualTestHash() throws Exception {
 		injectPredictableSaltGen();
-
 		String hash = this.encoder.encode("sometestpassword");
-
 		assertThat(hash).isEqualTo(
 				"$argon2id$v=19$m=4096,t=3,p=1$QUFBQUFBQUFBQUFBQUFBQQ$hmmTNyJlwbb6HAvFoHFWF+u03fdb0F2qA+39oPlcAqo");
 	}
@@ -125,7 +122,6 @@ public class Argon2PasswordEncoderTests {
 		this.encoder = new Argon2PasswordEncoder(16, 32, 4, 512, 5);
 		injectPredictableSaltGen();
 		String hash = this.encoder.encode("sometestpassword");
-
 		assertThat(hash).isEqualTo(
 				"$argon2id$v=19$m=512,t=5,p=4$QUFBQUFBQUFBQUFBQUFBQQ$PNv4C3K50bz3rmON+LtFpdisD7ePieLNq+l5iUHgc1k");
 	}
@@ -133,16 +129,13 @@ public class Argon2PasswordEncoderTests {
 	@Test
 	public void upgradeEncodingWhenSameEncodingThenFalse() {
 		String hash = this.encoder.encode("password");
-
 		assertThat(this.encoder.upgradeEncoding(hash)).isFalse();
 	}
 
 	@Test
 	public void upgradeEncodingWhenSameStandardParamsThenFalse() {
 		Argon2PasswordEncoder newEncoder = new Argon2PasswordEncoder();
-
 		String hash = this.encoder.encode("password");
-
 		assertThat(newEncoder.upgradeEncoding(hash)).isFalse();
 	}
 
@@ -150,9 +143,7 @@ public class Argon2PasswordEncoderTests {
 	public void upgradeEncodingWhenSameCustomParamsThenFalse() {
 		Argon2PasswordEncoder oldEncoder = new Argon2PasswordEncoder(20, 64, 4, 256, 4);
 		Argon2PasswordEncoder newEncoder = new Argon2PasswordEncoder(20, 64, 4, 256, 4);
-
 		String hash = oldEncoder.encode("password");
-
 		assertThat(newEncoder.upgradeEncoding(hash)).isFalse();
 	}
 
@@ -160,9 +151,7 @@ public class Argon2PasswordEncoderTests {
 	public void upgradeEncodingWhenHashHasLowerMemoryThenTrue() {
 		Argon2PasswordEncoder oldEncoder = new Argon2PasswordEncoder(20, 64, 4, 256, 4);
 		Argon2PasswordEncoder newEncoder = new Argon2PasswordEncoder(20, 64, 4, 512, 4);
-
 		String hash = oldEncoder.encode("password");
-
 		assertThat(newEncoder.upgradeEncoding(hash)).isTrue();
 	}
 
@@ -170,9 +159,7 @@ public class Argon2PasswordEncoderTests {
 	public void upgradeEncodingWhenHashHasLowerIterationsThenTrue() {
 		Argon2PasswordEncoder oldEncoder = new Argon2PasswordEncoder(20, 64, 4, 256, 4);
 		Argon2PasswordEncoder newEncoder = new Argon2PasswordEncoder(20, 64, 4, 256, 5);
-
 		String hash = oldEncoder.encode("password");
-
 		assertThat(newEncoder.upgradeEncoding(hash)).isTrue();
 	}
 
@@ -180,9 +167,7 @@ public class Argon2PasswordEncoderTests {
 	public void upgradeEncodingWhenHashHasHigherParamsThenFalse() {
 		Argon2PasswordEncoder oldEncoder = new Argon2PasswordEncoder(20, 64, 4, 256, 4);
 		Argon2PasswordEncoder newEncoder = new Argon2PasswordEncoder(20, 64, 4, 128, 3);
-
 		String hash = oldEncoder.encode("password");
-
 		assertThat(newEncoder.upgradeEncoding(hash)).isFalse();
 	}
 
@@ -205,7 +190,6 @@ public class Argon2PasswordEncoderTests {
 		byte[] bytes = new byte[16];
 		Arrays.fill(bytes, (byte) 0x41);
 		Mockito.when(this.keyGeneratorMock.generateKey()).thenReturn(bytes);
-
 		// we can't use the @InjectMock-annotation because the salt-generator is set in
 		// the constructor
 		// and Mockito will only inject mocks if they are null
diff --git a/crypto/src/test/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoderTests.java b/crypto/src/test/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoderTests.java
index 1b88c0fc09..b9c9c1072f 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoderTests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoderTests.java
@@ -113,7 +113,6 @@ public class BCryptPasswordEncoderTests {
 		BCryptPasswordEncoder encoder = new BCryptPasswordEncoder(8);
 		String result = encoder.encode("password");
 		assertThat(encoder.matches("password", result)).isTrue();
-
 	}
 
 	@Test
@@ -169,10 +168,8 @@ public class BCryptPasswordEncoderTests {
 	public void upgradeFromLowerStrength() {
 		BCryptPasswordEncoder weakEncoder = new BCryptPasswordEncoder(5);
 		BCryptPasswordEncoder strongEncoder = new BCryptPasswordEncoder(15);
-
 		String weakPassword = weakEncoder.encode("password");
 		String strongPassword = strongEncoder.encode("password");
-
 		assertThat(weakEncoder.upgradeEncoding(strongPassword)).isFalse();
 		assertThat(strongEncoder.upgradeEncoding(weakPassword)).isTrue();
 	}
diff --git a/crypto/src/test/java/org/springframework/security/crypto/bcrypt/BCryptTests.java b/crypto/src/test/java/org/springframework/security/crypto/bcrypt/BCryptTests.java
index 7fcd8739c9..010c1e9c8e 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/bcrypt/BCryptTests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/bcrypt/BCryptTests.java
@@ -11,7 +11,6 @@
 // WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 // ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 // OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-
 package org.springframework.security.crypto.bcrypt;
 
 import java.util.ArrayList;
@@ -141,7 +140,6 @@ public class BCryptTests {
 				"$2y$06$sYDFHqOcXTjBgOsqC0WCKeMd3T1UhHuWQSxncLGtXDLMrcE6vFDti"));
 		testObjectsString.add(new TestObject<>("~!@#$%^&*()      ~!@#$%^&*()PNBFRD", "$2y$06$6Xm0gCw4g7ZNDCEp4yTise",
 				"$2y$06$6Xm0gCw4g7ZNDCEp4yTisez0kSdpXEl66MvdxGidnmChIe8dFmMnq"));
-
 		testObjectsByteArray = new ArrayList<>();
 		testObjectsByteArray.add(new TestObject<>(new byte[] {}, "$2a$06$fPIsBO8qRqkjj273rfaOI.",
 				"$2a$06$fPIsBO8qRqkjj273rfaOI.uiVGfgi6Z1Iz.vZr11mi/38o09TUVCy"));
@@ -315,11 +313,9 @@ public class BCryptTests {
 		print("BCrypt.hashpw w/ international chars: ");
 		String pw1 = "ππππππππ";
 		String pw2 = "????????";
-
 		String h1 = BCrypt.hashpw(pw1, BCrypt.gensalt());
 		assertThat(BCrypt.checkpw(pw2, h1)).isFalse();
 		print(".");
-
 		String h2 = BCrypt.hashpw(pw2, BCrypt.gensalt());
 		assertThat(BCrypt.checkpw(pw1, h2)).isFalse();
 		print(".");
@@ -386,15 +382,12 @@ public class BCryptTests {
 	@Test
 	public void testBase64EncodeDecode() {
 		byte[] ba = new byte[3];
-
 		for (int b = 0; b <= 0xFF; b++) {
 			for (int i = 0; i < ba.length; i++) {
 				Arrays.fill(ba, (byte) 0);
 				ba[i] = (byte) b;
-
 				String s = encode_base64(ba, 3);
 				assertThat(s.length()).isEqualTo(4);
-
 				byte[] decoded = BCrypt.decode_base64(s, 3);
 				assertThat(decoded).isEqualTo(ba);
 			}
@@ -452,10 +445,8 @@ public class BCryptTests {
 	public void equalsOnStringsIsCorrect() {
 		assertThat(BCrypt.equalsNoEarlyReturn("", "")).isTrue();
 		assertThat(BCrypt.equalsNoEarlyReturn("test", "test")).isTrue();
-
 		assertThat(BCrypt.equalsNoEarlyReturn("test", "")).isFalse();
 		assertThat(BCrypt.equalsNoEarlyReturn("", "test")).isFalse();
-
 		assertThat(BCrypt.equalsNoEarlyReturn("test", "pass")).isFalse();
 	}
 
diff --git a/crypto/src/test/java/org/springframework/security/crypto/codec/Utf8Tests.java b/crypto/src/test/java/org/springframework/security/crypto/codec/Utf8Tests.java
index 9a66e090d9..4c1b202df8 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/codec/Utf8Tests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/codec/Utf8Tests.java
@@ -33,9 +33,7 @@ public class Utf8Tests {
 		byte[] bytes = Utf8.encode("6048b75ed560785c");
 		assertThat(bytes).hasSize(16);
 		assertThat(Arrays.equals("6048b75ed560785c".getBytes("UTF-8"), bytes)).isTrue();
-
 		String decoded = Utf8.decode(bytes);
-
 		assertThat(decoded).isEqualTo("6048b75ed560785c");
 	}
 
diff --git a/crypto/src/test/java/org/springframework/security/crypto/encrypt/AesBytesEncryptorTests.java b/crypto/src/test/java/org/springframework/security/crypto/encrypt/AesBytesEncryptorTests.java
index 0d1a9b678b..d806b028cb 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/encrypt/AesBytesEncryptorTests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/encrypt/AesBytesEncryptorTests.java
@@ -67,7 +67,6 @@ public class AesBytesEncryptorTests {
 		byte[] encryption = encryptor.encrypt(this.secret.getBytes());
 		assertThat(new String(Hex.encode(encryption)))
 				.isEqualTo("4b0febebd439db7ca77153cb254520c3b7232ac29355d07869433f1ecf55fe94");
-
 		byte[] decryption = encryptor.decrypt(encryption);
 		assertThat(new String(decryption)).isEqualTo(this.secret);
 	}
@@ -77,11 +76,9 @@ public class AesBytesEncryptorTests {
 		CryptoAssumptions.assumeGCMJCE();
 		AesBytesEncryptor encryptor = new AesBytesEncryptor(this.password, this.hexSalt, this.generator,
 				CipherAlgorithm.GCM);
-
 		byte[] encryption = encryptor.encrypt(this.secret.getBytes());
 		assertThat(new String(Hex.encode(encryption)))
 				.isEqualTo("4b0febebd439db7ca77153cb254520c3e4d61ae38207b4e42b820d311dc3d4e0e2f37ed5ee");
-
 		byte[] decryption = encryptor.decrypt(encryption);
 		assertThat(new String(decryption)).isEqualTo(this.secret);
 	}
@@ -92,11 +89,9 @@ public class AesBytesEncryptorTests {
 		PBEKeySpec keySpec = new PBEKeySpec(this.password.toCharArray(), Hex.decode(this.hexSalt), 1024, 256);
 		SecretKey secretKey = CipherUtils.newSecretKey(SecretKeyFactoryAlgorithm.PBKDF2WithHmacSHA1.name(), keySpec);
 		AesBytesEncryptor encryptor = new AesBytesEncryptor(secretKey, this.generator, CipherAlgorithm.GCM);
-
 		byte[] encryption = encryptor.encrypt(this.secret.getBytes());
 		assertThat(new String(Hex.encode(encryption)))
 				.isEqualTo("4b0febebd439db7ca77153cb254520c3e4d61ae38207b4e42b820d311dc3d4e0e2f37ed5ee");
-
 		byte[] decryption = encryptor.decrypt(encryption);
 		assertThat(new String(decryption)).isEqualTo(this.secret);
 	}
diff --git a/crypto/src/test/java/org/springframework/security/crypto/encrypt/BouncyCastleAesBytesEncryptorEquivalencyTests.java b/crypto/src/test/java/org/springframework/security/crypto/encrypt/BouncyCastleAesBytesEncryptorEquivalencyTests.java
index 56a70c073d..44506004d1 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/encrypt/BouncyCastleAesBytesEncryptorEquivalencyTests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/encrypt/BouncyCastleAesBytesEncryptorEquivalencyTests.java
@@ -102,7 +102,6 @@ public class BouncyCastleAesBytesEncryptorEquivalencyTests {
 			Assert.assertArrayEquals(this.testData, leftDecrypted);
 			Assert.assertArrayEquals(this.testData, rightDecrypted);
 		}
-
 	}
 
 	private void testCompatibility(BytesEncryptor left, BytesEncryptor right) {
diff --git a/crypto/src/test/java/org/springframework/security/crypto/encrypt/CryptoAssumptions.java b/crypto/src/test/java/org/springframework/security/crypto/encrypt/CryptoAssumptions.java
index 3feeb87868..3fca2601c8 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/encrypt/CryptoAssumptions.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/encrypt/CryptoAssumptions.java
@@ -52,7 +52,6 @@ public final class CryptoAssumptions {
 			throw new AssumptionViolatedException(cipherAlgorithm + " padding not available, skipping test", ex);
 		}
 		Assume.assumeTrue("AES key length of 256 not allowed, skipping test", aes256Available);
-
 	}
 
 }
diff --git a/crypto/src/test/java/org/springframework/security/crypto/factory/PasswordEncoderFactoriesTests.java b/crypto/src/test/java/org/springframework/security/crypto/factory/PasswordEncoderFactoriesTests.java
index 7aff4acdd3..89143fae4e 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/factory/PasswordEncoderFactoriesTests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/factory/PasswordEncoderFactoriesTests.java
@@ -35,7 +35,6 @@ public class PasswordEncoderFactoriesTests {
 	@Test
 	public void encodeWhenDefaultThenBCryptUsed() {
 		String encodedPassword = this.encoder.encode(this.rawPassword);
-
 		assertThat(encodedPassword).startsWith("{bcrypt}");
 		assertThat(this.encoder.matches(this.rawPassword, encodedPassword)).isTrue();
 	}
diff --git a/crypto/src/test/java/org/springframework/security/crypto/password/DelegatingPasswordEncoderTests.java b/crypto/src/test/java/org/springframework/security/crypto/password/DelegatingPasswordEncoderTests.java
index e53288afcc..c98fd1016b 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/password/DelegatingPasswordEncoderTests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/password/DelegatingPasswordEncoderTests.java
@@ -69,7 +69,6 @@ public class DelegatingPasswordEncoderTests {
 		this.delegates = new HashMap<>();
 		this.delegates.put(this.bcryptId, this.bcrypt);
 		this.delegates.put("noop", this.noop);
-
 		this.passwordEncoder = new DelegatingPasswordEncoder(this.bcryptId, this.delegates);
 	}
 
@@ -92,9 +91,7 @@ public class DelegatingPasswordEncoderTests {
 	public void matchesWhenCustomDefaultPasswordEncoderForMatchesThenDelegates() {
 		String encodedPassword = "{unmapped}" + this.rawPassword;
 		this.passwordEncoder.setDefaultPasswordEncoderForMatches(this.invalidId);
-
 		assertThat(this.passwordEncoder.matches(this.rawPassword, encodedPassword)).isFalse();
-
 		verify(this.invalidId).matches(this.rawPassword, encodedPassword);
 		verifyZeroInteractions(this.bcrypt, this.noop);
 	}
@@ -102,16 +99,13 @@ public class DelegatingPasswordEncoderTests {
 	@Test
 	public void encodeWhenValidThenUsesIdForEncode() {
 		given(this.bcrypt.encode(this.rawPassword)).willReturn(this.encodedPassword);
-
 		assertThat(this.passwordEncoder.encode(this.rawPassword)).isEqualTo(this.bcryptEncodedPassword);
 	}
 
 	@Test
 	public void matchesWhenBCryptThenDelegatesToBCrypt() {
 		given(this.bcrypt.matches(this.rawPassword, this.encodedPassword)).willReturn(true);
-
 		assertThat(this.passwordEncoder.matches(this.rawPassword, this.bcryptEncodedPassword)).isTrue();
-
 		verify(this.bcrypt).matches(this.rawPassword, this.encodedPassword);
 		verifyZeroInteractions(this.noop);
 	}
@@ -119,9 +113,7 @@ public class DelegatingPasswordEncoderTests {
 	@Test
 	public void matchesWhenNoopThenDelegatesToNoop() {
 		given(this.noop.matches(this.rawPassword, this.encodedPassword)).willReturn(true);
-
 		assertThat(this.passwordEncoder.matches(this.rawPassword, this.noopEncodedPassword)).isTrue();
-
 		verify(this.noop).matches(this.rawPassword, this.encodedPassword);
 		verifyZeroInteractions(this.bcrypt);
 	}
@@ -131,7 +123,6 @@ public class DelegatingPasswordEncoderTests {
 		assertThatThrownBy(() -> this.passwordEncoder.matches(this.rawPassword, "{unmapped}" + this.rawPassword))
 				.isInstanceOf(IllegalArgumentException.class)
 				.hasMessage("There is no PasswordEncoder mapped for the id \"unmapped\"");
-
 		verifyZeroInteractions(this.bcrypt, this.noop);
 	}
 
@@ -140,7 +131,6 @@ public class DelegatingPasswordEncoderTests {
 		assertThatThrownBy(() -> this.passwordEncoder.matches(this.rawPassword, "{bcrypt" + this.rawPassword))
 				.isInstanceOf(IllegalArgumentException.class)
 				.hasMessage("There is no PasswordEncoder mapped for the id \"null\"");
-
 		verifyZeroInteractions(this.bcrypt, this.noop);
 	}
 
@@ -149,7 +139,6 @@ public class DelegatingPasswordEncoderTests {
 		assertThatThrownBy(() -> this.passwordEncoder.matches(this.rawPassword, "bcrypt}" + this.rawPassword))
 				.isInstanceOf(IllegalArgumentException.class)
 				.hasMessage("There is no PasswordEncoder mapped for the id \"null\"");
-
 		verifyZeroInteractions(this.bcrypt, this.noop);
 	}
 
@@ -158,7 +147,6 @@ public class DelegatingPasswordEncoderTests {
 		assertThatThrownBy(() -> this.passwordEncoder.matches(this.rawPassword, "{}" + this.rawPassword))
 				.isInstanceOf(IllegalArgumentException.class)
 				.hasMessage("There is no PasswordEncoder mapped for the id \"\"");
-
 		verifyZeroInteractions(this.bcrypt, this.noop);
 	}
 
@@ -167,20 +155,16 @@ public class DelegatingPasswordEncoderTests {
 		assertThatThrownBy(() -> this.passwordEncoder.matches(this.rawPassword, "invalid" + this.bcryptEncodedPassword))
 				.isInstanceOf(IllegalArgumentException.class)
 				.hasMessage("There is no PasswordEncoder mapped for the id \"null\"");
-
 		verifyZeroInteractions(this.bcrypt, this.noop);
 	}
 
 	@Test
 	public void matchesWhenIdIsNullThenFalse() {
 		this.delegates = new Hashtable<>(this.delegates);
-
 		DelegatingPasswordEncoder passwordEncoder = new DelegatingPasswordEncoder(this.bcryptId, this.delegates);
-
 		assertThatThrownBy(() -> passwordEncoder.matches(this.rawPassword, this.rawPassword))
 				.isInstanceOf(IllegalArgumentException.class)
 				.hasMessage("There is no PasswordEncoder mapped for the id \"null\"");
-
 		verifyZeroInteractions(this.bcrypt, this.noop);
 	}
 
@@ -189,9 +173,7 @@ public class DelegatingPasswordEncoderTests {
 		this.delegates.put(null, this.invalidId);
 		this.passwordEncoder = new DelegatingPasswordEncoder(this.bcryptId, this.delegates);
 		given(this.invalidId.matches(this.rawPassword, this.encodedPassword)).willReturn(true);
-
 		assertThat(this.passwordEncoder.matches(this.rawPassword, this.encodedPassword)).isTrue();
-
 		verify(this.invalidId).matches(this.rawPassword, this.encodedPassword);
 		verifyZeroInteractions(this.bcrypt, this.noop);
 	}
@@ -219,23 +201,19 @@ public class DelegatingPasswordEncoderTests {
 	@Test
 	public void upgradeEncodingWhenSameIdAndEncoderFalseThenEncoderDecidesFalse() {
 		assertThat(this.passwordEncoder.upgradeEncoding(this.bcryptEncodedPassword)).isFalse();
-
 		verify(this.bcrypt).upgradeEncoding(this.encodedPassword);
 	}
 
 	@Test
 	public void upgradeEncodingWhenSameIdAndEncoderTrueThenEncoderDecidesTrue() {
 		given(this.bcrypt.upgradeEncoding(any())).willReturn(true);
-
 		assertThat(this.passwordEncoder.upgradeEncoding(this.bcryptEncodedPassword)).isTrue();
-
 		verify(this.bcrypt).upgradeEncoding(this.encodedPassword);
 	}
 
 	@Test
 	public void upgradeEncodingWhenDifferentIdThenTrue() {
 		assertThat(this.passwordEncoder.upgradeEncoding(this.noopEncodedPassword)).isTrue();
-
 		verifyZeroInteractions(this.bcrypt);
 	}
 
diff --git a/crypto/src/test/java/org/springframework/security/crypto/password/LdapShaPasswordEncoderTests.java b/crypto/src/test/java/org/springframework/security/crypto/password/LdapShaPasswordEncoderTests.java
index dfd72f22af..c2ba10087f 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/password/LdapShaPasswordEncoderTests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/password/LdapShaPasswordEncoderTests.java
@@ -83,14 +83,11 @@ public class LdapShaPasswordEncoderTests {
 	public void correctPrefixCaseIsUsed() {
 		this.sha.setForceLowerCasePrefix(false);
 		assertThat(this.sha.encode("somepassword").startsWith("{SSHA}"));
-
 		this.sha.setForceLowerCasePrefix(true);
 		assertThat(this.sha.encode("somepassword").startsWith("{ssha}"));
-
 		this.sha = new LdapShaPasswordEncoder(KeyGenerators.shared(0));
 		this.sha.setForceLowerCasePrefix(false);
 		assertThat(this.sha.encode("somepassword").startsWith("{SHA}"));
-
 		this.sha.setForceLowerCasePrefix(true);
 		assertThat(this.sha.encode("somepassword").startsWith("{SSHA}"));
 	}
diff --git a/crypto/src/test/java/org/springframework/security/crypto/password/Md4PasswordEncoderTests.java b/crypto/src/test/java/org/springframework/security/crypto/password/Md4PasswordEncoderTests.java
index b36ac74940..a1de26c6c3 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/password/Md4PasswordEncoderTests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/password/Md4PasswordEncoderTests.java
@@ -62,7 +62,6 @@ public class Md4PasswordEncoderTests {
 		String rawPassword = "password";
 		Md4PasswordEncoder md4 = new Md4PasswordEncoder();
 		String encodedPassword = md4.encode(rawPassword);
-
 		assertThat(md4.matches(rawPassword, encodedPassword)).isTrue();
 	}
 
diff --git a/crypto/src/test/java/org/springframework/security/crypto/password/MessageDigestPasswordEncoderTests.java b/crypto/src/test/java/org/springframework/security/crypto/password/MessageDigestPasswordEncoderTests.java
index a430e8108e..057545ca41 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/password/MessageDigestPasswordEncoderTests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/password/MessageDigestPasswordEncoderTests.java
@@ -95,7 +95,6 @@ public class MessageDigestPasswordEncoderTests {
 		MessageDigestPasswordEncoder pe = new MessageDigestPasswordEncoder("SHA-1");
 		String raw = "abc123";
 		assertThat(pe.matches(raw, "{THIS_IS_A_SALT}b2f50ffcbd3407fe9415c062d55f54731f340d32"));
-
 	}
 
 	@Test
diff --git a/crypto/src/test/java/org/springframework/security/crypto/password/Pbkdf2PasswordEncoderTests.java b/crypto/src/test/java/org/springframework/security/crypto/password/Pbkdf2PasswordEncoderTests.java
index 3da34c5daf..bd54171718 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/password/Pbkdf2PasswordEncoderTests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/password/Pbkdf2PasswordEncoderTests.java
@@ -71,14 +71,12 @@ public class Pbkdf2PasswordEncoderTests {
 		byte[] originalBytes = Hex.decode(originalEncodedPassword);
 		byte[] fixedBytes = Arrays.copyOfRange(originalBytes, saltLength, originalBytes.length);
 		String fixedHex = String.valueOf(Hex.encode(fixedBytes));
-
 		assertThat(fixedHex).isEqualTo(encodedPassword);
 	}
 
 	@Test
 	public void encodeAndMatchWhenBase64ThenSuccess() {
 		this.encoder.setEncodeHashAsBase64(true);
-
 		String rawPassword = "password";
 		String encodedPassword = this.encoder.encode(rawPassword);
 		assertThat(this.encoder.matches(rawPassword, encodedPassword)).isTrue();
@@ -89,7 +87,6 @@ public class Pbkdf2PasswordEncoderTests {
 		this.encoder.setEncodeHashAsBase64(true);
 		String rawPassword = "password";
 		String encodedPassword = "3FOwOMcDgxP+z1x/sv184LFY2WVD+ZGMgYP3LPOSmCcDmk1XPYvcCQ==";
-
 		assertThat(this.encoder.matches(rawPassword, encodedPassword)).isTrue();
 		java.util.Base64.getDecoder().decode(encodedPassword); // validate can decode as
 																// Base64
@@ -98,7 +95,6 @@ public class Pbkdf2PasswordEncoderTests {
 	@Test
 	public void encodeAndMatchWhenSha256ThenSuccess() {
 		this.encoder.setAlgorithm(Pbkdf2PasswordEncoder.SecretKeyFactoryAlgorithm.PBKDF2WithHmacSHA256);
-
 		String rawPassword = "password";
 		String encodedPassword = this.encoder.encode(rawPassword);
 		assertThat(this.encoder.matches(rawPassword, encodedPassword)).isTrue();
@@ -107,7 +103,6 @@ public class Pbkdf2PasswordEncoderTests {
 	@Test
 	public void matchWhenSha256ThenSuccess() {
 		this.encoder.setAlgorithm(Pbkdf2PasswordEncoder.SecretKeyFactoryAlgorithm.PBKDF2WithHmacSHA256);
-
 		String rawPassword = "password";
 		String encodedPassword = "821447f994e2b04c5014e31fa9fca4ae1cc9f2188c4ed53d3ddb5ba7980982b51a0ecebfc0b81a79";
 		assertThat(this.encoder.matches(rawPassword, encodedPassword)).isTrue();
diff --git a/crypto/src/test/java/org/springframework/security/crypto/scrypt/SCryptPasswordEncoderTests.java b/crypto/src/test/java/org/springframework/security/crypto/scrypt/SCryptPasswordEncoderTests.java
index 22fa4d5ffe..6dcd99865a 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/scrypt/SCryptPasswordEncoderTests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/scrypt/SCryptPasswordEncoderTests.java
@@ -68,7 +68,6 @@ public class SCryptPasswordEncoderTests {
 	public void samePasswordWithDifferentParams() {
 		SCryptPasswordEncoder oldEncoder = new SCryptPasswordEncoder(16384, 8, 1, 32, 64);
 		SCryptPasswordEncoder newEncoder = new SCryptPasswordEncoder();
-
 		String password = "secret";
 		String oldEncodedPassword = oldEncoder.encode(password);
 		assertThat(newEncoder.matches(password, oldEncodedPassword)).isTrue();
@@ -140,10 +139,8 @@ public class SCryptPasswordEncoderTests {
 	public void upgradeEncodingWhenWeakerToStrongerThenFalse() {
 		SCryptPasswordEncoder weakEncoder = new SCryptPasswordEncoder((int) Math.pow(2, 10), 4, 1, 32, 64);
 		SCryptPasswordEncoder strongEncoder = new SCryptPasswordEncoder((int) Math.pow(2, 16), 8, 1, 32, 64);
-
 		String weakPassword = weakEncoder.encode("password");
 		String strongPassword = strongEncoder.encode("password");
-
 		assertThat(weakEncoder.upgradeEncoding(strongPassword)).isFalse();
 	}
 
@@ -151,10 +148,8 @@ public class SCryptPasswordEncoderTests {
 	public void upgradeEncodingWhenStrongerToWeakerThenTrue() {
 		SCryptPasswordEncoder weakEncoder = new SCryptPasswordEncoder((int) Math.pow(2, 10), 4, 1, 32, 64);
 		SCryptPasswordEncoder strongEncoder = new SCryptPasswordEncoder((int) Math.pow(2, 16), 8, 1, 32, 64);
-
 		String weakPassword = weakEncoder.encode("password");
 		String strongPassword = strongEncoder.encode("password");
-
 		assertThat(strongEncoder.upgradeEncoding(weakPassword)).isTrue();
 	}
 
diff --git a/data/src/test/java/org/springframework/security/data/repository/query/SecurityEvaluationContextExtensionTests.java b/data/src/test/java/org/springframework/security/data/repository/query/SecurityEvaluationContextExtensionTests.java
index 38cd7e3f01..b4937afebb 100644
--- a/data/src/test/java/org/springframework/security/data/repository/query/SecurityEvaluationContextExtensionTests.java
+++ b/data/src/test/java/org/springframework/security/data/repository/query/SecurityEvaluationContextExtensionTests.java
@@ -49,7 +49,6 @@ public class SecurityEvaluationContextExtensionTests {
 	public void getRootObjectSecurityContextHolderAuthentication() {
 		TestingAuthenticationToken authentication = new TestingAuthenticationToken("user", "password", "ROLE_USER");
 		SecurityContextHolder.getContext().setAuthentication(authentication);
-
 		assertThat(getRoot().getAuthentication()).isSameAs(authentication);
 	}
 
@@ -57,10 +56,8 @@ public class SecurityEvaluationContextExtensionTests {
 	public void getRootObjectExplicitAuthenticationOverridesSecurityContextHolder() {
 		TestingAuthenticationToken explicit = new TestingAuthenticationToken("explicit", "password", "ROLE_EXPLICIT");
 		this.securityExtension = new SecurityEvaluationContextExtension(explicit);
-
 		TestingAuthenticationToken authentication = new TestingAuthenticationToken("user", "password", "ROLE_USER");
 		SecurityContextHolder.getContext().setAuthentication(authentication);
-
 		assertThat(getRoot().getAuthentication()).isSameAs(explicit);
 	}
 
@@ -68,7 +65,6 @@ public class SecurityEvaluationContextExtensionTests {
 	public void getRootObjectExplicitAuthentication() {
 		TestingAuthenticationToken explicit = new TestingAuthenticationToken("explicit", "password", "ROLE_EXPLICIT");
 		this.securityExtension = new SecurityEvaluationContextExtension(explicit);
-
 		assertThat(getRoot().getAuthentication()).isSameAs(explicit);
 	}
 
diff --git a/ldap/src/test/java/org/springframework/security/ldap/LdapUtilsTests.java b/ldap/src/test/java/org/springframework/security/ldap/LdapUtilsTests.java
index 7978c18b4b..ae84d19654 100644
--- a/ldap/src/test/java/org/springframework/security/ldap/LdapUtilsTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/LdapUtilsTests.java
@@ -37,16 +37,13 @@ public class LdapUtilsTests {
 	public void testCloseContextSwallowsNamingException() throws Exception {
 		final DirContext dirCtx = mock(DirContext.class);
 		willThrow(new NamingException()).given(dirCtx).close();
-
 		LdapUtils.closeContext(dirCtx);
 	}
 
 	@Test
 	public void testGetRelativeNameReturnsEmptyStringForDnEqualToBaseName() throws Exception {
 		final DirContext mockCtx = mock(DirContext.class);
-
 		given(mockCtx.getNameInNamespace()).willReturn("dc=springframework,dc=org");
-
 		assertThat(LdapUtils.getRelativeName("dc=springframework,dc=org", mockCtx)).isEqualTo("");
 	}
 
@@ -54,7 +51,6 @@ public class LdapUtilsTests {
 	public void testGetRelativeNameReturnsFullDnWithEmptyBaseName() throws Exception {
 		final DirContext mockCtx = mock(DirContext.class);
 		given(mockCtx.getNameInNamespace()).willReturn("");
-
 		assertThat(LdapUtils.getRelativeName("cn=jane,dc=springframework,dc=org", mockCtx))
 				.isEqualTo("cn=jane,dc=springframework,dc=org");
 	}
@@ -63,7 +59,6 @@ public class LdapUtilsTests {
 	public void testGetRelativeNameWorksWithArbitrarySpaces() throws Exception {
 		final DirContext mockCtx = mock(DirContext.class);
 		given(mockCtx.getNameInNamespace()).willReturn("dc=springsecurity,dc = org");
-
 		assertThat(LdapUtils.getRelativeName("cn=jane smith, dc = springsecurity , dc=org", mockCtx))
 				.isEqualTo("cn=jane smith");
 	}
diff --git a/ldap/src/test/java/org/springframework/security/ldap/SpringSecurityAuthenticationSourceTests.java b/ldap/src/test/java/org/springframework/security/ldap/SpringSecurityAuthenticationSourceTests.java
index e7e0b487f1..1b8f25afad 100644
--- a/ldap/src/test/java/org/springframework/security/ldap/SpringSecurityAuthenticationSourceTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/SpringSecurityAuthenticationSourceTests.java
@@ -52,7 +52,6 @@ public class SpringSecurityAuthenticationSourceTests {
 	@Test
 	public void principalIsEmptyForAnonymousUser() {
 		AuthenticationSource source = new SpringSecurityAuthenticationSource();
-
 		SecurityContextHolder.getContext().setAuthentication(
 				new AnonymousAuthenticationToken("key", "anonUser", AuthorityUtils.createAuthorityList("ignored")));
 		assertThat(source.getPrincipal()).isEqualTo("");
@@ -62,7 +61,6 @@ public class SpringSecurityAuthenticationSourceTests {
 	public void getPrincipalRejectsNonLdapUserDetailsObject() {
 		AuthenticationSource source = new SpringSecurityAuthenticationSource();
 		SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken(new Object(), "password"));
-
 		source.getPrincipal();
 	}
 
@@ -70,7 +68,6 @@ public class SpringSecurityAuthenticationSourceTests {
 	public void expectedCredentialsAreReturned() {
 		AuthenticationSource source = new SpringSecurityAuthenticationSource();
 		SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken(new Object(), "password"));
-
 		assertThat(source.getCredentials()).isEqualTo("password");
 	}
 
@@ -82,7 +79,6 @@ public class SpringSecurityAuthenticationSourceTests {
 		AuthenticationSource source = new SpringSecurityAuthenticationSource();
 		SecurityContextHolder.getContext()
 				.setAuthentication(new TestingAuthenticationToken(user.createUserDetails(), null));
-
 		assertThat(source.getPrincipal()).isEqualTo("uid=joe,ou=users");
 	}
 
diff --git a/ldap/src/test/java/org/springframework/security/ldap/SpringSecurityLdapTemplateTests.java b/ldap/src/test/java/org/springframework/security/ldap/SpringSecurityLdapTemplateTests.java
index 082392d6d5..5494ae1490 100644
--- a/ldap/src/test/java/org/springframework/security/ldap/SpringSecurityLdapTemplateTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/SpringSecurityLdapTemplateTests.java
@@ -60,16 +60,13 @@ public class SpringSecurityLdapTemplateTests {
 		String searchResultName = "ldap://example.com/dc=springframework,dc=org";
 		Object[] params = new Object[] {};
 		DirContextAdapter searchResultObject = mock(DirContextAdapter.class);
-
 		given(this.ctx.search(any(DistinguishedName.class), eq(filter), eq(params), this.searchControls.capture()))
 				.willReturn(this.resultsEnum);
 		given(this.resultsEnum.hasMore()).willReturn(true, false);
 		given(this.resultsEnum.next()).willReturn(this.searchResult);
 		given(this.searchResult.getObject()).willReturn(searchResultObject);
-
 		SpringSecurityLdapTemplate.searchForSingleEntryInternal(this.ctx, mock(SearchControls.class), base, filter,
 				params);
-
 		assertThat(this.searchControls.getValue().getReturningObjFlag()).isTrue();
 	}
 
diff --git a/ldap/src/test/java/org/springframework/security/ldap/authentication/LdapAuthenticationProviderTests.java b/ldap/src/test/java/org/springframework/security/ldap/authentication/LdapAuthenticationProviderTests.java
index fc090ac0a7..cf6b6eefcc 100644
--- a/ldap/src/test/java/org/springframework/security/ldap/authentication/LdapAuthenticationProviderTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/authentication/LdapAuthenticationProviderTests.java
@@ -53,7 +53,6 @@ public class LdapAuthenticationProviderTests {
 	public void testSupportsUsernamePasswordAuthenticationToken() {
 		LdapAuthenticationProvider ldapProvider = new LdapAuthenticationProvider(new MockAuthenticator(),
 				new MockAuthoritiesPopulator());
-
 		assertThat(ldapProvider.supports(UsernamePasswordAuthenticationToken.class)).isTrue();
 	}
 
@@ -61,7 +60,6 @@ public class LdapAuthenticationProviderTests {
 	public void testDefaultMapperIsSet() {
 		LdapAuthenticationProvider ldapProvider = new LdapAuthenticationProvider(new MockAuthenticator(),
 				new MockAuthoritiesPopulator());
-
 		assertThat(ldapProvider.getUserDetailsContextMapper() instanceof LdapUserDetailsMapper).isTrue();
 	}
 
@@ -69,14 +67,12 @@ public class LdapAuthenticationProviderTests {
 	public void testEmptyOrNullUserNameThrowsException() {
 		LdapAuthenticationProvider ldapProvider = new LdapAuthenticationProvider(new MockAuthenticator(),
 				new MockAuthoritiesPopulator());
-
 		try {
 			ldapProvider.authenticate(new UsernamePasswordAuthenticationToken(null, "password"));
 			fail("Expected BadCredentialsException for empty username");
 		}
 		catch (BadCredentialsException expected) {
 		}
-
 		try {
 			ldapProvider.authenticate(new UsernamePasswordAuthenticationToken("", "bobspassword"));
 			fail("Expected BadCredentialsException for null username");
@@ -90,7 +86,6 @@ public class LdapAuthenticationProviderTests {
 		final LdapAuthenticator authenticator = mock(LdapAuthenticator.class);
 		final UsernamePasswordAuthenticationToken joe = new UsernamePasswordAuthenticationToken("joe", "password");
 		given(authenticator.authenticate(joe)).willThrow(new UsernameNotFoundException("nobody"));
-
 		LdapAuthenticationProvider provider = new LdapAuthenticationProvider(authenticator);
 		provider.authenticate(joe);
 	}
@@ -100,7 +95,6 @@ public class LdapAuthenticationProviderTests {
 		final LdapAuthenticator authenticator = mock(LdapAuthenticator.class);
 		final UsernamePasswordAuthenticationToken joe = new UsernamePasswordAuthenticationToken("joe", "password");
 		given(authenticator.authenticate(joe)).willThrow(new UsernameNotFoundException("nobody"));
-
 		LdapAuthenticationProvider provider = new LdapAuthenticationProvider(authenticator);
 		provider.setHideUserNotFoundExceptions(false);
 		provider.authenticate(joe);
@@ -113,9 +107,7 @@ public class LdapAuthenticationProviderTests {
 		LdapUserDetailsMapper userMapper = new LdapUserDetailsMapper();
 		userMapper.setRoleAttributes(new String[] { "ou" });
 		ldapProvider.setUserDetailsContextMapper(userMapper);
-
 		assertThat(ldapProvider.getAuthoritiesPopulator()).isNotNull();
-
 		UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken("ben",
 				"benspassword");
 		Object authDetails = new Object();
@@ -128,7 +120,6 @@ public class LdapAuthenticationProviderTests {
 		assertThat(user.getPassword()).isEqualTo("{SHA}nFCebWjxfaLbHHG1Qk5UU4trbvQ=");
 		assertThat(user.getUsername()).isEqualTo("ben");
 		assertThat(populator.getRequestedUsername()).isEqualTo("ben");
-
 		assertThat(AuthorityUtils.authorityListToSet(user.getAuthorities())).contains("ROLE_FROM_ENTRY");
 		assertThat(AuthorityUtils.authorityListToSet(user.getAuthorities())).contains("ROLE_FROM_POPULATOR");
 	}
@@ -138,12 +129,10 @@ public class LdapAuthenticationProviderTests {
 		LdapAuthenticationProvider ldapProvider = new LdapAuthenticationProvider(new MockAuthenticator(),
 				new MockAuthoritiesPopulator());
 		ldapProvider.setUseAuthenticationRequestCredentials(false);
-
 		UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken("ben",
 				"benspassword");
 		Authentication authResult = ldapProvider.authenticate(authRequest);
 		assertThat(authResult.getCredentials()).isEqualTo("{SHA}nFCebWjxfaLbHHG1Qk5UU4trbvQ=");
-
 	}
 
 	@Test
@@ -166,7 +155,6 @@ public class LdapAuthenticationProviderTests {
 		LdapAuthenticator mockAuthenticator = mock(LdapAuthenticator.class);
 		CommunicationException expectedCause = new CommunicationException(new javax.naming.CommunicationException());
 		given(mockAuthenticator.authenticate(authRequest)).willThrow(expectedCause);
-
 		LdapAuthenticationProvider ldapProvider = new LdapAuthenticationProvider(mockAuthenticator);
 		try {
 			ldapProvider.authenticate(authRequest);
@@ -185,19 +173,15 @@ public class LdapAuthenticationProviderTests {
 			ctx.setAttributeValue("ou", "FROM_ENTRY");
 			String username = authentication.getName();
 			String password = (String) authentication.getCredentials();
-
 			if (username.equals("ben") && password.equals("benspassword")) {
 				ctx.setDn(new DistinguishedName("cn=ben,ou=people,dc=springframework,dc=org"));
 				ctx.setAttributeValue("userPassword", "{SHA}nFCebWjxfaLbHHG1Qk5UU4trbvQ=");
-
 				return ctx;
 			}
 			else if (username.equals("jen") && password.equals("")) {
 				ctx.setDn(new DistinguishedName("cn=jen,ou=people,dc=springframework,dc=org"));
-
 				return ctx;
 			}
-
 			throw new BadCredentialsException("Authentication failed.");
 		}
 
diff --git a/ldap/src/test/java/org/springframework/security/ldap/authentication/PasswordComparisonAuthenticatorMockTests.java b/ldap/src/test/java/org/springframework/security/ldap/authentication/PasswordComparisonAuthenticatorMockTests.java
index e5c10d8798..7a1a8e35bd 100644
--- a/ldap/src/test/java/org/springframework/security/ldap/authentication/PasswordComparisonAuthenticatorMockTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/authentication/PasswordComparisonAuthenticatorMockTests.java
@@ -43,22 +43,16 @@ public class PasswordComparisonAuthenticatorMockTests {
 		final BaseLdapPathContextSource source = mock(BaseLdapPathContextSource.class);
 		final BasicAttributes attrs = new BasicAttributes();
 		attrs.put(new BasicAttribute("uid", "bob"));
-
 		PasswordComparisonAuthenticator authenticator = new PasswordComparisonAuthenticator(source);
-
 		authenticator.setUserDnPatterns(new String[] { "cn={0},ou=people" });
-
 		// Get the mock to return an empty attribute set
 		given(source.getReadOnlyContext()).willReturn(dirCtx);
 		given(dirCtx.getAttributes(eq("cn=Bob,ou=people"), any(String[].class))).willReturn(attrs);
 		given(dirCtx.getNameInNamespace()).willReturn("dc=springframework,dc=org");
-
 		// Setup a single return value (i.e. success)
 		final NamingEnumeration searchResults = new BasicAttributes("", null).getAll();
-
 		given(dirCtx.search(eq("cn=Bob,ou=people"), eq("(userPassword={0})"), any(Object[].class),
 				any(SearchControls.class))).willReturn(searchResults);
-
 		authenticator.authenticate(new UsernamePasswordAuthenticationToken("Bob", "bobspassword"));
 	}
 
diff --git a/ldap/src/test/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProviderTests.java b/ldap/src/test/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProviderTests.java
index b3c3a78d34..8272ec247f 100644
--- a/ldap/src/test/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProviderTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProviderTests.java
@@ -98,43 +98,33 @@ public class ActiveDirectoryLdapAuthenticationProviderTests {
 	@Test
 	public void customSearchFilterIsUsedForSuccessfulAuthentication() throws Exception {
 		String customSearchFilter = "(&(objectClass=user)(sAMAccountName={0}))";
-
 		DirContext ctx = mock(DirContext.class);
 		given(ctx.getNameInNamespace()).willReturn("");
-
 		DirContextAdapter dca = new DirContextAdapter();
 		SearchResult sr = new SearchResult("CN=Joe Jannsen,CN=Users", dca, dca.getAttributes());
 		given(ctx.search(any(Name.class), eq(customSearchFilter), any(Object[].class), any(SearchControls.class)))
 				.willReturn(new MockNamingEnumeration(sr));
-
 		ActiveDirectoryLdapAuthenticationProvider customProvider = new ActiveDirectoryLdapAuthenticationProvider(
 				"mydomain.eu", "ldap://192.168.1.200/");
 		customProvider.contextFactory = createContextFactoryReturning(ctx);
-
 		customProvider.setSearchFilter(customSearchFilter);
 		Authentication result = customProvider.authenticate(this.joe);
-
 		assertThat(result.isAuthenticated()).isTrue();
 	}
 
 	@Test
 	public void defaultSearchFilter() throws Exception {
 		final String defaultSearchFilter = "(&(objectClass=user)(userPrincipalName={0}))";
-
 		DirContext ctx = mock(DirContext.class);
 		given(ctx.getNameInNamespace()).willReturn("");
-
 		DirContextAdapter dca = new DirContextAdapter();
 		SearchResult sr = new SearchResult("CN=Joe Jannsen,CN=Users", dca, dca.getAttributes());
 		given(ctx.search(any(Name.class), eq(defaultSearchFilter), any(Object[].class), any(SearchControls.class)))
 				.willReturn(new MockNamingEnumeration(sr));
-
 		ActiveDirectoryLdapAuthenticationProvider customProvider = new ActiveDirectoryLdapAuthenticationProvider(
 				"mydomain.eu", "ldap://192.168.1.200/");
 		customProvider.contextFactory = createContextFactoryReturning(ctx);
-
 		Authentication result = customProvider.authenticate(this.joe);
-
 		assertThat(result.isAuthenticated()).isTrue();
 		verify(ctx).search(any(DistinguishedName.class), eq(defaultSearchFilter), any(Object[].class),
 				any(SearchControls.class));
@@ -145,21 +135,16 @@ public class ActiveDirectoryLdapAuthenticationProviderTests {
 	public void bindPrincipalAndUsernameUsed() throws Exception {
 		final String defaultSearchFilter = "(&(objectClass=user)(userPrincipalName={0}))";
 		ArgumentCaptor<Object[]> captor = ArgumentCaptor.forClass(Object[].class);
-
 		DirContext ctx = mock(DirContext.class);
 		given(ctx.getNameInNamespace()).willReturn("");
-
 		DirContextAdapter dca = new DirContextAdapter();
 		SearchResult sr = new SearchResult("CN=Joe Jannsen,CN=Users", dca, dca.getAttributes());
 		given(ctx.search(any(Name.class), eq(defaultSearchFilter), captor.capture(), any(SearchControls.class)))
 				.willReturn(new MockNamingEnumeration(sr));
-
 		ActiveDirectoryLdapAuthenticationProvider customProvider = new ActiveDirectoryLdapAuthenticationProvider(
 				"mydomain.eu", "ldap://192.168.1.200/");
 		customProvider.contextFactory = createContextFactoryReturning(ctx);
-
 		Authentication result = customProvider.authenticate(this.joe);
-
 		assertThat(captor.getValue()).containsExactly("joe@mydomain.eu", "joe");
 		assertThat(result.isAuthenticated()).isTrue();
 	}
@@ -179,20 +164,17 @@ public class ActiveDirectoryLdapAuthenticationProviderTests {
 		this.provider = new ActiveDirectoryLdapAuthenticationProvider(null, "ldap://192.168.1.200/");
 		DirContext ctx = mock(DirContext.class);
 		given(ctx.getNameInNamespace()).willReturn("");
-
 		DirContextAdapter dca = new DirContextAdapter();
 		SearchResult sr = new SearchResult("CN=Joe Jannsen,CN=Users", dca, dca.getAttributes());
 		given(ctx.search(eq(new DistinguishedName("DC=mydomain,DC=eu")), any(String.class), any(Object[].class),
 				any(SearchControls.class))).willReturn(new MockNamingEnumeration(sr));
 		this.provider.contextFactory = createContextFactoryReturning(ctx);
-
 		try {
 			this.provider.authenticate(this.joe);
 			fail("Expected BadCredentialsException for user with no domain information");
 		}
 		catch (BadCredentialsException expected) {
 		}
-
 		this.provider.authenticate(new UsernamePasswordAuthenticationToken("joe@mydomain.eu", "password"));
 	}
 
@@ -202,9 +184,7 @@ public class ActiveDirectoryLdapAuthenticationProviderTests {
 		given(ctx.getNameInNamespace()).willReturn("");
 		given(ctx.search(any(Name.class), any(String.class), any(Object[].class), any(SearchControls.class)))
 				.willThrow(new NameNotFoundException());
-
 		this.provider.contextFactory = createContextFactoryReturning(ctx);
-
 		this.provider.authenticate(this.joe);
 	}
 
@@ -215,9 +195,7 @@ public class ActiveDirectoryLdapAuthenticationProviderTests {
 		given(ctx.getNameInNamespace()).willReturn("");
 		given(ctx.search(any(Name.class), any(String.class), any(Object[].class), any(SearchControls.class)))
 				.willReturn(new EmptyEnumeration<>());
-
 		this.provider.contextFactory = createContextFactoryReturning(ctx);
-
 		this.provider.authenticate(this.joe);
 	}
 
@@ -239,9 +217,7 @@ public class ActiveDirectoryLdapAuthenticationProviderTests {
 		given(searchResults.next()).willReturn(searchResult);
 		given(ctx.search(any(Name.class), any(String.class), any(Object[].class), any(SearchControls.class)))
 				.willReturn(searchResults);
-
 		this.provider.contextFactory = createContextFactoryReturning(ctx);
-
 		this.provider.authenticate(this.joe);
 	}
 
@@ -274,7 +250,6 @@ public class ActiveDirectoryLdapAuthenticationProviderTests {
 		this.provider.contextFactory = createContextFactoryThrowing(
 				new AuthenticationException(msg + dataCode + ", xxxx]"));
 		this.provider.setConvertSubErrorCodesToExceptions(true);
-
 		this.thrown.expect(BadCredentialsException.class);
 		this.thrown.expect(new BaseMatcher<BadCredentialsException>() {
 			private Matcher<Object> causeInstance = CoreMatchers
@@ -297,21 +272,18 @@ public class ActiveDirectoryLdapAuthenticationProviderTests {
 				this.causeDataCode.describeTo(desc);
 			}
 		});
-
 		this.provider.authenticate(this.joe);
 	}
 
 	@Test(expected = CredentialsExpiredException.class)
 	public void expiredPasswordIsCorrectlyMapped() {
 		this.provider.contextFactory = createContextFactoryThrowing(new AuthenticationException(msg + "532, xxxx]"));
-
 		try {
 			this.provider.authenticate(this.joe);
 			fail("BadCredentialsException should had been thrown");
 		}
 		catch (BadCredentialsException expected) {
 		}
-
 		this.provider.setConvertSubErrorCodesToExceptions(true);
 		this.provider.authenticate(this.joe);
 	}
@@ -379,7 +351,6 @@ public class ActiveDirectoryLdapAuthenticationProviderTests {
 		ActiveDirectoryLdapAuthenticationProvider provider = new ActiveDirectoryLdapAuthenticationProvider(
 				"mydomain.eu", EXISTING_LDAP_PROVIDER, "dc=ad,dc=eu,dc=mydomain");
 		checkAuthentication("dc=ad,dc=eu,dc=mydomain", provider);
-
 	}
 
 	@Test(expected = IllegalArgumentException.class)
@@ -395,10 +366,8 @@ public class ActiveDirectoryLdapAuthenticationProviderTests {
 	@Test
 	public void contextEnvironmentPropertiesUsed() {
 		Hashtable<String, Object> env = new Hashtable<>();
-
 		env.put("java.naming.ldap.factory.socket", "unknown.package.NonExistingSocketFactory");
 		this.provider.setContextEnvironmentProperties(env);
-
 		try {
 			this.provider.authenticate(this.joe);
 			fail("CommunicationException was expected with a root cause of ClassNotFoundException");
@@ -433,24 +402,17 @@ public class ActiveDirectoryLdapAuthenticationProviderTests {
 			throws NamingException {
 		DirContext ctx = mock(DirContext.class);
 		given(ctx.getNameInNamespace()).willReturn("");
-
 		DirContextAdapter dca = new DirContextAdapter();
 		SearchResult sr = new SearchResult("CN=Joe Jannsen,CN=Users", dca, dca.getAttributes());
 		@SuppressWarnings("deprecation")
 		DistinguishedName searchBaseDn = new DistinguishedName(rootDn);
 		given(ctx.search(eq(searchBaseDn), any(String.class), any(Object[].class), any(SearchControls.class)))
 				.willReturn(new MockNamingEnumeration(sr)).willReturn(new MockNamingEnumeration(sr));
-
 		provider.contextFactory = createContextFactoryReturning(ctx);
-
 		Authentication result = provider.authenticate(this.joe);
-
 		assertThat(result.getAuthorities()).isEmpty();
-
 		dca.addAttributeValue("memberOf", "CN=Admin,CN=Users,DC=mydomain,DC=eu");
-
 		result = provider.authenticate(this.joe);
-
 		assertThat(result.getAuthorities()).hasSize(1);
 	}
 
diff --git a/ldap/src/test/java/org/springframework/security/ldap/ppolicy/PasswordPolicyAwareContextSourceTests.java b/ldap/src/test/java/org/springframework/security/ldap/ppolicy/PasswordPolicyAwareContextSourceTests.java
index 0f0ffef89f..84cc77f851 100644
--- a/ldap/src/test/java/org/springframework/security/ldap/ppolicy/PasswordPolicyAwareContextSourceTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/ppolicy/PasswordPolicyAwareContextSourceTests.java
@@ -54,7 +54,6 @@ public class PasswordPolicyAwareContextSourceTests {
 				if ("manager".equals(env.get(Context.SECURITY_PRINCIPAL))) {
 					return PasswordPolicyAwareContextSourceTests.this.ctx;
 				}
-
 				return null;
 			}
 		};
@@ -71,7 +70,6 @@ public class PasswordPolicyAwareContextSourceTests {
 	@Test(expected = UncategorizedLdapException.class)
 	public void standardExceptionIsPropagatedWhenExceptionRaisedAndNoControlsAreSet() throws Exception {
 		willThrow(new NamingException("some LDAP exception")).given(this.ctx).reconnect(any(Control[].class));
-
 		this.ctxSource.getContext("user", "ignored");
 	}
 
@@ -79,9 +77,7 @@ public class PasswordPolicyAwareContextSourceTests {
 	public void lockedPasswordPolicyControlRaisesPasswordPolicyException() throws Exception {
 		given(this.ctx.getResponseControls()).willReturn(new Control[] {
 				new PasswordPolicyResponseControl(PasswordPolicyResponseControlTests.OPENLDAP_LOCKED_CTRL) });
-
 		willThrow(new NamingException("locked message")).given(this.ctx).reconnect(any(Control[].class));
-
 		this.ctxSource.getContext("user", "ignored");
 	}
 
diff --git a/ldap/src/test/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControlFactoryTests.java b/ldap/src/test/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControlFactoryTests.java
index 2572727594..50babf5437 100644
--- a/ldap/src/test/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControlFactoryTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControlFactoryTests.java
@@ -33,7 +33,6 @@ public class PasswordPolicyControlFactoryTests {
 	public void returnsNullForUnrecognisedOID() {
 		PasswordPolicyControlFactory ctrlFactory = new PasswordPolicyControlFactory();
 		Control wrongCtrl = mock(Control.class);
-
 		given(wrongCtrl.getID()).willReturn("wrongId");
 		assertThat(ctrlFactory.getControlInstance(wrongCtrl)).isNull();
 	}
@@ -42,7 +41,6 @@ public class PasswordPolicyControlFactoryTests {
 	public void returnsControlForCorrectOID() {
 		PasswordPolicyControlFactory ctrlFactory = new PasswordPolicyControlFactory();
 		Control control = mock(Control.class);
-
 		given(control.getID()).willReturn(PasswordPolicyControl.OID);
 		given(control.getEncodedValue()).willReturn(PasswordPolicyResponseControlTests.OPENLDAP_LOCKED_CTRL);
 		Control result = ctrlFactory.getControlInstance(control);
diff --git a/ldap/src/test/java/org/springframework/security/ldap/ppolicy/PasswordPolicyResponseControlTests.java b/ldap/src/test/java/org/springframework/security/ldap/ppolicy/PasswordPolicyResponseControlTests.java
index ebca7d35ba..0422f10ef7 100644
--- a/ldap/src/test/java/org/springframework/security/ldap/ppolicy/PasswordPolicyResponseControlTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/ppolicy/PasswordPolicyResponseControlTests.java
@@ -66,7 +66,6 @@ public class PasswordPolicyResponseControlTests {
 	//
 	// //com.sun.jndi.ldap.LdapPoolManager.showStats(System.out);
 	// }
-
 	// private PasswordPolicyResponseControl getPPolicyResponseCtl(InitialLdapContext ctx)
 	// throws NamingException {
 	// Control[] ctrls = ctx.getResponseControls();
@@ -79,13 +78,10 @@ public class PasswordPolicyResponseControlTests {
 	//
 	// return null;
 	// }
-
 	@Test
 	public void openLDAP33SecondsTillPasswordExpiryCtrlIsParsedCorrectly() {
 		byte[] ctrlBytes = { 0x30, 0x05, (byte) 0xA0, 0x03, (byte) 0xA0, 0x1, 0x21 };
-
 		PasswordPolicyResponseControl ctrl = new PasswordPolicyResponseControl(ctrlBytes);
-
 		assertThat(ctrl.hasWarning()).isTrue();
 		assertThat(ctrl.getTimeBeforeExpiration()).isEqualTo(33);
 	}
@@ -93,9 +89,7 @@ public class PasswordPolicyResponseControlTests {
 	@Test
 	public void openLDAP496GraceLoginsRemainingCtrlIsParsedCorrectly() {
 		byte[] ctrlBytes = { 0x30, 0x06, (byte) 0xA0, 0x04, (byte) 0xA1, 0x02, 0x01, (byte) 0xF0 };
-
 		PasswordPolicyResponseControl ctrl = new PasswordPolicyResponseControl(ctrlBytes);
-
 		assertThat(ctrl.hasWarning()).isTrue();
 		assertThat(ctrl.getGraceLoginsRemaining()).isEqualTo(496);
 	}
@@ -105,7 +99,6 @@ public class PasswordPolicyResponseControlTests {
 	@Test
 	public void openLDAP5GraceLoginsRemainingCtrlIsParsedCorrectly() {
 		PasswordPolicyResponseControl ctrl = new PasswordPolicyResponseControl(OPENLDAP_5_LOGINS_REMAINING_CTRL);
-
 		assertThat(ctrl.hasWarning()).isTrue();
 		assertThat(ctrl.getGraceLoginsRemaining()).isEqualTo(5);
 	}
@@ -115,7 +108,6 @@ public class PasswordPolicyResponseControlTests {
 	@Test
 	public void openLDAPAccountLockedCtrlIsParsedCorrectly() {
 		PasswordPolicyResponseControl ctrl = new PasswordPolicyResponseControl(OPENLDAP_LOCKED_CTRL);
-
 		assertThat(ctrl.hasError() && ctrl.isLocked()).isTrue();
 		assertThat(ctrl.hasWarning()).isFalse();
 	}
@@ -123,9 +115,7 @@ public class PasswordPolicyResponseControlTests {
 	@Test
 	public void openLDAPPasswordExpiredCtrlIsParsedCorrectly() {
 		byte[] ctrlBytes = { 0x30, 0x03, (byte) 0xA1, 0x01, 0x00 };
-
 		PasswordPolicyResponseControl ctrl = new PasswordPolicyResponseControl(ctrlBytes);
-
 		assertThat(ctrl.hasError() && ctrl.isExpired()).isTrue();
 		assertThat(ctrl.hasWarning()).isFalse();
 	}
diff --git a/ldap/src/test/java/org/springframework/security/ldap/userdetails/InetOrgPersonTests.java b/ldap/src/test/java/org/springframework/security/ldap/userdetails/InetOrgPersonTests.java
index 1f1e767efe..5e007f84ed 100644
--- a/ldap/src/test/java/org/springframework/security/ldap/userdetails/InetOrgPersonTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/userdetails/InetOrgPersonTests.java
@@ -35,7 +35,6 @@ public class InetOrgPersonTests {
 	public void testUsernameIsMappedFromContextUidIfNotSet() {
 		InetOrgPerson.Essence essence = new InetOrgPerson.Essence(createUserContext());
 		InetOrgPerson p = (InetOrgPerson) essence.createUserDetails();
-
 		assertThat(p.getUsername()).isEqualTo("ghengis");
 	}
 
@@ -55,7 +54,6 @@ public class InetOrgPersonTests {
 		InetOrgPerson.Essence essence = new InetOrgPerson.Essence(createUserContext());
 		essence.setUsername("joe");
 		InetOrgPerson p = (InetOrgPerson) essence.createUserDetails();
-
 		assertThat(p.getUsername()).isEqualTo("joe");
 		assertThat(p.getUid()).isEqualTo("ghengis");
 	}
@@ -64,7 +62,6 @@ public class InetOrgPersonTests {
 	public void attributesMapCorrectlyFromContext() {
 		InetOrgPerson.Essence essence = new InetOrgPerson.Essence(createUserContext());
 		InetOrgPerson p = (InetOrgPerson) essence.createUserDetails();
-
 		assertThat(p.getCarLicense()).isEqualTo("HORS1");
 		assertThat(p.getMail()).isEqualTo("ghengis@mongolia");
 		assertThat(p.getGivenName()).isEqualTo("Ghengis");
@@ -89,7 +86,6 @@ public class InetOrgPersonTests {
 	public void testPasswordIsSetFromContextUserPassword() {
 		InetOrgPerson.Essence essence = new InetOrgPerson.Essence(createUserContext());
 		InetOrgPerson p = (InetOrgPerson) essence.createUserDetails();
-
 		assertThat(p.getPassword()).isEqualTo("pillage");
 	}
 
@@ -102,7 +98,6 @@ public class InetOrgPersonTests {
 		ctx2.setDn(new DistinguishedName("ignored=ignored"));
 		InetOrgPerson p = (InetOrgPerson) (new InetOrgPerson.Essence(ctx1)).createUserDetails();
 		p.populateContext(ctx2);
-
 		assertThat(ctx2).isEqualTo(ctx1);
 	}
 
@@ -116,13 +111,11 @@ public class InetOrgPersonTests {
 		InetOrgPerson p = (InetOrgPerson) (new InetOrgPerson.Essence(ctx1)).createUserDetails();
 		InetOrgPerson p2 = (InetOrgPerson) new InetOrgPerson.Essence(p).createUserDetails();
 		p2.populateContext(ctx2);
-
 		assertThat(ctx2).isEqualTo(ctx1);
 	}
 
 	private DirContextAdapter createUserContext() {
 		DirContextAdapter ctx = new DirContextAdapter();
-
 		ctx.setDn(new DistinguishedName("ignored=ignored"));
 		ctx.setAttributeValue("uid", "ghengis");
 		ctx.setAttributeValue("userPassword", "pillage");
@@ -147,7 +140,6 @@ public class InetOrgPersonTests {
 		ctx.setAttributeValue("sn", "Khan");
 		ctx.setAttributeValue("street", "Westward Avenue");
 		ctx.setAttributeValue("telephoneNumber", "+442075436521");
-
 		return ctx;
 	}
 
diff --git a/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsImplTests.java b/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsImplTests.java
index 7671e06211..e803d89288 100644
--- a/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsImplTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsImplTests.java
@@ -35,7 +35,6 @@ public class LdapUserDetailsImplTests {
 		mutableLdapUserDetails.setDn("uid=username1,ou=people,dc=example,dc=com");
 		mutableLdapUserDetails.setUsername("username1");
 		mutableLdapUserDetails.setPassword("password");
-
 		LdapUserDetails ldapUserDetails = mutableLdapUserDetails.createUserDetails();
 		assertThat(ldapUserDetails).isInstanceOf(CredentialsContainer.class);
 		ldapUserDetails.eraseCredentials();
diff --git a/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsMapperTests.java b/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsMapperTests.java
index 40dfe14fc9..e0205051e3 100644
--- a/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsMapperTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsMapperTests.java
@@ -40,17 +40,12 @@ public class LdapUserDetailsMapperTests {
 		LdapUserDetailsMapper mapper = new LdapUserDetailsMapper();
 		mapper.setConvertToUpperCase(false);
 		mapper.setRolePrefix("");
-
 		mapper.setRoleAttributes(new String[] { "userRole" });
-
 		DirContextAdapter ctx = new DirContextAdapter();
-
 		ctx.setAttributeValues("userRole", new String[] { "X", "Y", "Z" });
 		ctx.setAttributeValue("uid", "ani");
-
 		LdapUserDetailsImpl user = (LdapUserDetailsImpl) mapper.mapUserFromContext(ctx, "ani",
 				AuthorityUtils.NO_AUTHORITIES);
-
 		assertThat(user.getAuthorities()).hasSize(3);
 	}
 
@@ -60,18 +55,13 @@ public class LdapUserDetailsMapperTests {
 	@Test
 	public void testNonRetrievedRoleAttributeIsIgnored() {
 		LdapUserDetailsMapper mapper = new LdapUserDetailsMapper();
-
 		mapper.setRoleAttributes(new String[] { "userRole", "nonRetrievedAttribute" });
-
 		BasicAttributes attrs = new BasicAttributes();
 		attrs.put(new BasicAttribute("userRole", "x"));
-
 		DirContextAdapter ctx = new DirContextAdapter(attrs, new DistinguishedName("cn=someName"));
 		ctx.setAttributeValue("uid", "ani");
-
 		LdapUserDetailsImpl user = (LdapUserDetailsImpl) mapper.mapUserFromContext(ctx, "ani",
 				AuthorityUtils.NO_AUTHORITIES);
-
 		assertThat(user.getAuthorities()).hasSize(1);
 		assertThat(AuthorityUtils.authorityListToSet(user.getAuthorities())).contains("ROLE_X");
 	}
@@ -79,17 +69,13 @@ public class LdapUserDetailsMapperTests {
 	@Test
 	public void testPasswordAttributeIsMappedCorrectly() {
 		LdapUserDetailsMapper mapper = new LdapUserDetailsMapper();
-
 		mapper.setPasswordAttributeName("myappsPassword");
 		BasicAttributes attrs = new BasicAttributes();
 		attrs.put(new BasicAttribute("myappsPassword", "mypassword".getBytes()));
-
 		DirContextAdapter ctx = new DirContextAdapter(attrs, new DistinguishedName("cn=someName"));
 		ctx.setAttributeValue("uid", "ani");
-
 		LdapUserDetails user = (LdapUserDetailsImpl) mapper.mapUserFromContext(ctx, "ani",
 				AuthorityUtils.NO_AUTHORITIES);
-
 		assertThat(user.getPassword()).isEqualTo("mypassword");
 	}
 
diff --git a/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsServiceTests.java b/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsServiceTests.java
index 5ef160ca9a..3dfd7c53dd 100644
--- a/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsServiceTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsServiceTests.java
@@ -52,13 +52,10 @@ public class LdapUserDetailsServiceTests {
 	@Test
 	public void correctAuthoritiesAreReturned() {
 		DirContextAdapter userData = new DirContextAdapter(new DistinguishedName("uid=joe"));
-
 		LdapUserDetailsService service = new LdapUserDetailsService(new MockUserSearch(userData),
 				new MockAuthoritiesPopulator());
 		service.setUserDetailsMapper(new LdapUserDetailsMapper());
-
 		UserDetails user = service.loadUserByUsername("doesntmatterwegetjoeanyway");
-
 		Set<String> authorities = AuthorityUtils.authorityListToSet(user.getAuthorities());
 		assertThat(authorities).hasSize(1);
 		assertThat(authorities.contains("ROLE_FROM_POPULATOR")).isTrue();
@@ -67,7 +64,6 @@ public class LdapUserDetailsServiceTests {
 	@Test
 	public void nullPopulatorConstructorReturnsEmptyAuthoritiesList() {
 		DirContextAdapter userData = new DirContextAdapter(new DistinguishedName("uid=joe"));
-
 		LdapUserDetailsService service = new LdapUserDetailsService(new MockUserSearch(userData));
 		UserDetails user = service.loadUserByUsername("doesntmatterwegetjoeanyway");
 		assertThat(user.getAuthorities()).isEmpty();
diff --git a/ldap/src/test/java/org/springframework/security/ldap/userdetails/UserDetailsServiceLdapAuthoritiesPopulatorTests.java b/ldap/src/test/java/org/springframework/security/ldap/userdetails/UserDetailsServiceLdapAuthoritiesPopulatorTests.java
index cfdb2267c4..09ea5382e6 100644
--- a/ldap/src/test/java/org/springframework/security/ldap/userdetails/UserDetailsServiceLdapAuthoritiesPopulatorTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/userdetails/UserDetailsServiceLdapAuthoritiesPopulatorTests.java
@@ -44,10 +44,8 @@ public class UserDetailsServiceLdapAuthoritiesPopulatorTests {
 		given(uds.loadUserByUsername("joe")).willReturn(user);
 		List authorities = AuthorityUtils.createAuthorityList("ROLE_USER");
 		given(user.getAuthorities()).willReturn(authorities);
-
 		UserDetailsServiceLdapAuthoritiesPopulator populator = new UserDetailsServiceLdapAuthoritiesPopulator(uds);
 		Collection<? extends GrantedAuthority> auths = populator.getGrantedAuthorities(new DirContextAdapter(), "joe");
-
 		assertThat(auths).hasSize(1);
 		assertThat(AuthorityUtils.authorityListToSet(auths).contains("ROLE_USER")).isTrue();
 	}
diff --git a/messaging/src/test/java/org/springframework/security/messaging/access/expression/DefaultMessageSecurityExpressionHandlerTests.java b/messaging/src/test/java/org/springframework/security/messaging/access/expression/DefaultMessageSecurityExpressionHandlerTests.java
index 3a23553cca..13277bc737 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/access/expression/DefaultMessageSecurityExpressionHandlerTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/access/expression/DefaultMessageSecurityExpressionHandlerTests.java
@@ -56,7 +56,6 @@ public class DefaultMessageSecurityExpressionHandlerTests {
 	@Before
 	public void setup() {
 		this.handler = new DefaultMessageSecurityExpressionHandler<>();
-
 		this.message = new GenericMessage<>("");
 		this.authentication = new AnonymousAuthenticationToken("key", "anonymous",
 				AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS"));
@@ -67,7 +66,6 @@ public class DefaultMessageSecurityExpressionHandlerTests {
 	public void trustResolverPopulated() {
 		EvaluationContext context = this.handler.createEvaluationContext(this.authentication, this.message);
 		Expression expression = this.handler.getExpressionParser().parseExpression("authenticated");
-
 		assertThat(ExpressionUtils.evaluateAsBoolean(expression, context)).isFalse();
 	}
 
@@ -82,7 +80,6 @@ public class DefaultMessageSecurityExpressionHandlerTests {
 		EvaluationContext context = this.handler.createEvaluationContext(this.authentication, this.message);
 		Expression expression = this.handler.getExpressionParser().parseExpression("authenticated");
 		given(this.trustResolver.isAnonymous(this.authentication)).willReturn(false);
-
 		assertThat(ExpressionUtils.evaluateAsBoolean(expression, context)).isTrue();
 	}
 
@@ -94,7 +91,6 @@ public class DefaultMessageSecurityExpressionHandlerTests {
 		this.handler.setRoleHierarchy(roleHierarchy);
 		EvaluationContext context = this.handler.createEvaluationContext(this.authentication, this.message);
 		Expression expression = this.handler.getExpressionParser().parseExpression("hasRole('ROLE_USER')");
-
 		assertThat(ExpressionUtils.evaluateAsBoolean(expression, context)).isTrue();
 	}
 
@@ -104,7 +100,6 @@ public class DefaultMessageSecurityExpressionHandlerTests {
 		EvaluationContext context = this.handler.createEvaluationContext(this.authentication, this.message);
 		Expression expression = this.handler.getExpressionParser().parseExpression("hasPermission(message, 'read')");
 		given(this.permissionEvaluator.hasPermission(this.authentication, this.message, "read")).willReturn(true);
-
 		assertThat(ExpressionUtils.evaluateAsBoolean(expression, context)).isTrue();
 	}
 
diff --git a/messaging/src/test/java/org/springframework/security/messaging/access/expression/ExpressionBasedMessageSecurityMetadataSourceFactoryTests.java b/messaging/src/test/java/org/springframework/security/messaging/access/expression/ExpressionBasedMessageSecurityMetadataSourceFactoryTests.java
index 98a01be6b5..f4a66f8761 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/access/expression/ExpressionBasedMessageSecurityMetadataSourceFactoryTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/access/expression/ExpressionBasedMessageSecurityMetadataSourceFactoryTests.java
@@ -66,7 +66,6 @@ public class ExpressionBasedMessageSecurityMetadataSourceFactoryTests {
 		this.matcherToExpression = new LinkedHashMap<>();
 		this.matcherToExpression.put(this.matcher1, this.expression1);
 		this.matcherToExpression.put(this.matcher2, this.expression2);
-
 		this.source = ExpressionBasedMessageSecurityMetadataSourceFactory
 				.createExpressionMessageMetadataSource(this.matcherToExpression);
 		this.rootObject = new MessageSecurityExpressionRoot(this.authentication, this.message);
@@ -74,18 +73,14 @@ public class ExpressionBasedMessageSecurityMetadataSourceFactoryTests {
 
 	@Test
 	public void createExpressionMessageMetadataSourceNoMatch() {
-
 		Collection<ConfigAttribute> attrs = this.source.getAttributes(this.message);
-
 		assertThat(attrs).isNull();
 	}
 
 	@Test
 	public void createExpressionMessageMetadataSourceMatchFirst() {
 		given(this.matcher1.matches(this.message)).willReturn(true);
-
 		Collection<ConfigAttribute> attrs = this.source.getAttributes(this.message);
-
 		assertThat(attrs).hasSize(1);
 		ConfigAttribute attr = attrs.iterator().next();
 		assertThat(attr).isInstanceOf(MessageExpressionConfigAttribute.class);
@@ -96,9 +91,7 @@ public class ExpressionBasedMessageSecurityMetadataSourceFactoryTests {
 	@Test
 	public void createExpressionMessageMetadataSourceMatchSecond() {
 		given(this.matcher2.matches(this.message)).willReturn(true);
-
 		Collection<ConfigAttribute> attrs = this.source.getAttributes(this.message);
-
 		assertThat(attrs).hasSize(1);
 		ConfigAttribute attr = attrs.iterator().next();
 		assertThat(attr).isInstanceOf(MessageExpressionConfigAttribute.class);
diff --git a/messaging/src/test/java/org/springframework/security/messaging/access/expression/MessageExpressionConfigAttributeTests.java b/messaging/src/test/java/org/springframework/security/messaging/access/expression/MessageExpressionConfigAttributeTests.java
index 0add3f1d23..27918fa51a 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/access/expression/MessageExpressionConfigAttributeTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/access/expression/MessageExpressionConfigAttributeTests.java
@@ -74,7 +74,6 @@ public class MessageExpressionConfigAttributeTests {
 	@Test
 	public void toStringUsesExpressionString() {
 		given(this.expression.getExpressionString()).willReturn("toString");
-
 		assertThat(this.attribute.toString()).isEqualTo(this.expression.getExpressionString());
 	}
 
@@ -84,10 +83,8 @@ public class MessageExpressionConfigAttributeTests {
 		Message<?> message = MessageBuilder.withPayload("M")
 				.setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "/topics/someTopic/sub1").build();
 		EvaluationContext context = mock(EvaluationContext.class);
-
 		this.attribute = new MessageExpressionConfigAttribute(this.expression, matcher);
 		this.attribute.postProcess(context, message);
-
 		verify(context).setVariable("topic", "someTopic");
 	}
 
diff --git a/messaging/src/test/java/org/springframework/security/messaging/access/expression/MessageExpressionVoterTests.java b/messaging/src/test/java/org/springframework/security/messaging/access/expression/MessageExpressionVoterTests.java
index fcd38b0553..700e2714cb 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/access/expression/MessageExpressionVoterTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/access/expression/MessageExpressionVoterTests.java
@@ -71,7 +71,6 @@ public class MessageExpressionVoterTests {
 	public void setup() {
 		this.attributes = Arrays
 				.<ConfigAttribute>asList(new MessageExpressionConfigAttribute(this.expression, this.matcher));
-
 		this.voter = new MessageExpressionVoter();
 	}
 
@@ -127,10 +126,8 @@ public class MessageExpressionVoterTests {
 		given(this.expressionHandler.createEvaluationContext(this.authentication, this.message))
 				.willReturn(this.evaluationContext);
 		given(this.expression.getValue(this.evaluationContext, Boolean.class)).willReturn(true);
-
 		assertThat(this.voter.vote(this.authentication, this.message, this.attributes))
 				.isEqualTo(AccessDecisionVoter.ACCESS_GRANTED);
-
 		verify(this.expressionHandler).createEvaluationContext(this.authentication, this.message);
 	}
 
@@ -144,7 +141,6 @@ public class MessageExpressionVoterTests {
 		this.attributes = Arrays.<ConfigAttribute>asList(configAttribute);
 		given(configAttribute.postProcess(this.evaluationContext, this.message)).willReturn(this.evaluationContext);
 		given(this.expression.getValue(any(EvaluationContext.class), eq(Boolean.class))).willReturn(true);
-
 		assertThat(this.voter.vote(this.authentication, this.message, this.attributes))
 				.isEqualTo(AccessDecisionVoter.ACCESS_GRANTED);
 		verify(configAttribute).postProcess(this.evaluationContext, this.message);
diff --git a/messaging/src/test/java/org/springframework/security/messaging/access/intercept/ChannelSecurityInterceptorTests.java b/messaging/src/test/java/org/springframework/security/messaging/access/intercept/ChannelSecurityInterceptorTests.java
index 43da6ad2f6..94d546c32e 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/access/intercept/ChannelSecurityInterceptorTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/access/intercept/ChannelSecurityInterceptorTests.java
@@ -77,7 +77,6 @@ public class ChannelSecurityInterceptorTests {
 		this.interceptor = new ChannelSecurityInterceptor(this.source);
 		this.interceptor.setAccessDecisionManager(this.accessDecisionManager);
 		this.interceptor.setRunAsManager(this.runAsManager);
-
 		this.originalAuth = new TestingAuthenticationToken("user", "pass", "ROLE_USER");
 		SecurityContextHolder.getContext().setAuthentication(this.originalAuth);
 	}
@@ -110,9 +109,7 @@ public class ChannelSecurityInterceptorTests {
 	@Test
 	public void preSendGrant() {
 		given(this.source.getAttributes(this.message)).willReturn(this.attrs);
-
 		Message<?> result = this.interceptor.preSend(this.message, this.channel);
-
 		assertThat(result).isSameAs(this.message);
 	}
 
@@ -121,7 +118,6 @@ public class ChannelSecurityInterceptorTests {
 		given(this.source.getAttributes(this.message)).willReturn(this.attrs);
 		willThrow(new AccessDeniedException("")).given(this.accessDecisionManager).decide(any(Authentication.class),
 				eq(this.message), eq(this.attrs));
-
 		this.interceptor.preSend(this.message, this.channel);
 	}
 
@@ -131,13 +127,9 @@ public class ChannelSecurityInterceptorTests {
 		given(this.source.getAttributes(this.message)).willReturn(this.attrs);
 		given(this.runAsManager.buildRunAs(any(Authentication.class), any(), any(Collection.class)))
 				.willReturn(this.runAs);
-
 		Message<?> preSend = this.interceptor.preSend(this.message, this.channel);
-
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(this.runAs);
-
 		this.interceptor.postSend(preSend, this.channel, true);
-
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(this.originalAuth);
 	}
 
@@ -152,13 +144,9 @@ public class ChannelSecurityInterceptorTests {
 		given(this.source.getAttributes(this.message)).willReturn(this.attrs);
 		given(this.runAsManager.buildRunAs(any(Authentication.class), any(), any(Collection.class)))
 				.willReturn(this.runAs);
-
 		Message<?> preSend = this.interceptor.preSend(this.message, this.channel);
-
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(this.runAs);
-
 		this.interceptor.afterSendCompletion(preSend, this.channel, true, new RuntimeException());
-
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(this.originalAuth);
 	}
 
diff --git a/messaging/src/test/java/org/springframework/security/messaging/access/intercept/DefaultMessageSecurityMetadataSourceTests.java b/messaging/src/test/java/org/springframework/security/messaging/access/intercept/DefaultMessageSecurityMetadataSourceTests.java
index 037958cb4d..4bf00db940 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/access/intercept/DefaultMessageSecurityMetadataSourceTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/access/intercept/DefaultMessageSecurityMetadataSourceTests.java
@@ -63,7 +63,6 @@ public class DefaultMessageSecurityMetadataSourceTests {
 		this.messageMap = new LinkedHashMap<>();
 		this.messageMap.put(this.matcher1, Arrays.<ConfigAttribute>asList(this.config1));
 		this.messageMap.put(this.matcher2, Arrays.<ConfigAttribute>asList(this.config2));
-
 		this.source = new DefaultMessageSecurityMetadataSource(this.messageMap);
 	}
 
@@ -75,14 +74,12 @@ public class DefaultMessageSecurityMetadataSourceTests {
 	@Test
 	public void getAttributesFirst() {
 		given(this.matcher1.matches(this.message)).willReturn(true);
-
 		assertThat(this.source.getAttributes(this.message)).containsOnly(this.config1);
 	}
 
 	@Test
 	public void getAttributesSecond() {
 		given(this.matcher1.matches(this.message)).willReturn(true);
-
 		assertThat(this.source.getAttributes(this.message)).containsOnly(this.config2);
 	}
 
diff --git a/messaging/src/test/java/org/springframework/security/messaging/context/SecurityContextChannelInterceptorTests.java b/messaging/src/test/java/org/springframework/security/messaging/context/SecurityContextChannelInterceptorTests.java
index 43656244ad..c11683c321 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/context/SecurityContextChannelInterceptorTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/context/SecurityContextChannelInterceptorTests.java
@@ -63,7 +63,6 @@ public class SecurityContextChannelInterceptorTests {
 		this.messageBuilder = MessageBuilder.withPayload("payload");
 		this.expectedAnonymous = new AnonymousAuthenticationToken("key", "anonymous",
 				AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS"));
-
 		this.interceptor = new SecurityContextChannelInterceptor();
 	}
 
@@ -82,18 +81,14 @@ public class SecurityContextChannelInterceptorTests {
 		String headerName = "header";
 		this.interceptor = new SecurityContextChannelInterceptor(headerName);
 		this.messageBuilder.setHeader(headerName, this.authentication);
-
 		this.interceptor.preSend(this.messageBuilder.build(), this.channel);
-
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(this.authentication);
 	}
 
 	@Test
 	public void preSendUserSet() {
 		this.messageBuilder.setHeader(SimpMessageHeaderAccessor.USER_HEADER, this.authentication);
-
 		this.interceptor.preSend(this.messageBuilder.build(), this.channel);
-
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(this.authentication);
 	}
 
@@ -107,9 +102,7 @@ public class SecurityContextChannelInterceptorTests {
 		this.expectedAnonymous = new AnonymousAuthenticationToken("customKey", "customAnonymous",
 				AuthorityUtils.createAuthorityList("ROLE_CUSTOM"));
 		this.interceptor.setAnonymousAuthentication(this.expectedAnonymous);
-
 		this.interceptor.preSend(this.messageBuilder.build(), this.channel);
-
 		assertAnonymous();
 	}
 
@@ -117,9 +110,7 @@ public class SecurityContextChannelInterceptorTests {
 	@Test
 	public void preSendUserNotAuthentication() {
 		this.messageBuilder.setHeader(SimpMessageHeaderAccessor.USER_HEADER, this.principal);
-
 		this.interceptor.preSend(this.messageBuilder.build(), this.channel);
-
 		assertAnonymous();
 	}
 
@@ -127,7 +118,6 @@ public class SecurityContextChannelInterceptorTests {
 	@Test
 	public void preSendUserNotSet() {
 		this.interceptor.preSend(this.messageBuilder.build(), this.channel);
-
 		assertAnonymous();
 	}
 
@@ -135,32 +125,26 @@ public class SecurityContextChannelInterceptorTests {
 	@Test
 	public void preSendUserNotSetCustomAnonymous() {
 		this.interceptor.preSend(this.messageBuilder.build(), this.channel);
-
 		assertAnonymous();
 	}
 
 	@Test
 	public void afterSendCompletion() {
 		SecurityContextHolder.getContext().setAuthentication(this.authentication);
-
 		this.interceptor.afterSendCompletion(this.messageBuilder.build(), this.channel, true, null);
-
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
 	}
 
 	@Test
 	public void afterSendCompletionNullAuthentication() {
 		this.interceptor.afterSendCompletion(this.messageBuilder.build(), this.channel, true, null);
-
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
 	}
 
 	@Test
 	public void beforeHandleUserSet() {
 		this.messageBuilder.setHeader(SimpMessageHeaderAccessor.USER_HEADER, this.authentication);
-
 		this.interceptor.beforeHandle(this.messageBuilder.build(), this.channel, this.handler);
-
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(this.authentication);
 	}
 
@@ -168,9 +152,7 @@ public class SecurityContextChannelInterceptorTests {
 	@Test
 	public void beforeHandleUserNotAuthentication() {
 		this.messageBuilder.setHeader(SimpMessageHeaderAccessor.USER_HEADER, this.principal);
-
 		this.interceptor.beforeHandle(this.messageBuilder.build(), this.channel, this.handler);
-
 		assertAnonymous();
 	}
 
@@ -178,23 +160,19 @@ public class SecurityContextChannelInterceptorTests {
 	@Test
 	public void beforeHandleUserNotSet() {
 		this.interceptor.beforeHandle(this.messageBuilder.build(), this.channel, this.handler);
-
 		assertAnonymous();
 	}
 
 	@Test
 	public void afterMessageHandledUserNotSet() {
 		this.interceptor.afterMessageHandled(this.messageBuilder.build(), this.channel, this.handler, null);
-
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
 	}
 
 	@Test
 	public void afterMessageHandled() {
 		SecurityContextHolder.getContext().setAuthentication(this.authentication);
-
 		this.interceptor.afterMessageHandled(this.messageBuilder.build(), this.channel, this.handler, null);
-
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
 	}
 
@@ -203,14 +181,10 @@ public class SecurityContextChannelInterceptorTests {
 	public void restoresOriginalContext() {
 		TestingAuthenticationToken original = new TestingAuthenticationToken("original", "original", "ROLE_USER");
 		SecurityContextHolder.getContext().setAuthentication(original);
-
 		this.messageBuilder.setHeader(SimpMessageHeaderAccessor.USER_HEADER, this.authentication);
 		this.interceptor.beforeHandle(this.messageBuilder.build(), this.channel, this.handler);
-
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(this.authentication);
-
 		this.interceptor.afterMessageHandled(this.messageBuilder.build(), this.channel, this.handler, null);
-
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(original);
 	}
 
@@ -222,35 +196,25 @@ public class SecurityContextChannelInterceptorTests {
 	public void restoresOriginalContextNestedThreeDeep() {
 		AnonymousAuthenticationToken anonymous = new AnonymousAuthenticationToken("key", "anonymous",
 				AuthorityUtils.createAuthorityList("ROLE_USER"));
-
 		TestingAuthenticationToken origional = new TestingAuthenticationToken("original", "origional", "ROLE_USER");
 		SecurityContextHolder.getContext().setAuthentication(origional);
-
 		this.messageBuilder.setHeader(SimpMessageHeaderAccessor.USER_HEADER, this.authentication);
 		this.interceptor.beforeHandle(this.messageBuilder.build(), this.channel, this.handler);
-
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(this.authentication);
-
 		// start send websocket
 		this.messageBuilder.setHeader(SimpMessageHeaderAccessor.USER_HEADER, null);
 		this.interceptor.beforeHandle(this.messageBuilder.build(), this.channel, this.handler);
-
 		assertThat(SecurityContextHolder.getContext().getAuthentication().getName()).isEqualTo(anonymous.getName());
-
 		this.interceptor.afterMessageHandled(this.messageBuilder.build(), this.channel, this.handler, null);
-
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(this.authentication);
 		// end send websocket
-
 		this.interceptor.afterMessageHandled(this.messageBuilder.build(), this.channel, this.handler, null);
-
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(origional);
 	}
 
 	private void assertAnonymous() {
 		Authentication currentAuthentication = SecurityContextHolder.getContext().getAuthentication();
 		assertThat(currentAuthentication).isInstanceOf(AnonymousAuthenticationToken.class);
-
 		AnonymousAuthenticationToken anonymous = (AnonymousAuthenticationToken) currentAuthentication;
 		assertThat(anonymous.getName()).isEqualTo(this.expectedAnonymous.getName());
 		assertThat(anonymous.getAuthorities()).containsOnlyElementsOf(this.expectedAnonymous.getAuthorities());
diff --git a/messaging/src/test/java/org/springframework/security/messaging/handler/invocation/ResolvableMethod.java b/messaging/src/test/java/org/springframework/security/messaging/handler/invocation/ResolvableMethod.java
index a22a63ee0a..f7e259aeed 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/handler/invocation/ResolvableMethod.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/handler/invocation/ResolvableMethod.java
@@ -265,17 +265,14 @@ public final class ResolvableMethod {
 			factory.addAdvice(interceptor);
 			return (T) factory.getProxy();
 		}
-
 		else {
 			Enhancer enhancer = new Enhancer();
 			enhancer.setSuperclass(type);
 			enhancer.setInterfaces(new Class<?>[] { Supplier.class });
 			enhancer.setNamingPolicy(SpringNamingPolicy.INSTANCE);
 			enhancer.setCallbackType(org.springframework.cglib.proxy.MethodInterceptor.class);
-
 			Class<?> proxyClass = enhancer.createClass();
 			Object proxy = null;
-
 			if (objenesis.isWorthTrying()) {
 				try {
 					proxy = objenesis.newInstance(proxyClass, enhancer.getUseCache());
@@ -284,7 +281,6 @@ public final class ResolvableMethod {
 					logger.debug("Objenesis failed, falling back to default constructor", ex);
 				}
 			}
-
 			if (proxy == null) {
 				try {
 					proxy = ReflectionUtils.accessibleConstructor(proxyClass).newInstance();
@@ -295,7 +291,6 @@ public final class ResolvableMethod {
 							ex);
 				}
 			}
-
 			((Factory) proxy).setCallbacks(new Callback[] { interceptor });
 			return (T) proxy;
 		}
@@ -440,7 +435,6 @@ public final class ResolvableMethod {
 		}
 
 		// Build & resolve shortcuts...
-
 		/**
 		 * Resolve and return the {@code Method} equivalent to:
 		 * <p>
@@ -489,7 +483,6 @@ public final class ResolvableMethod {
 		 */
 		public MethodParameter resolveReturnType(Class<?> returnType, ResolvableType generic,
 				ResolvableType... generics) {
-
 			return returning(returnType, generic, generics).method().returnType();
 		}
 
diff --git a/messaging/src/test/java/org/springframework/security/messaging/util/matcher/AndMessageMatcherTests.java b/messaging/src/test/java/org/springframework/security/messaging/util/matcher/AndMessageMatcherTests.java
index dd740ed3c2..368b50d839 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/util/matcher/AndMessageMatcherTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/util/matcher/AndMessageMatcherTests.java
@@ -79,7 +79,6 @@ public class AndMessageMatcherTests {
 	public void matchesSingleTrue() {
 		given(this.delegate.matches(this.message)).willReturn(true);
 		this.matcher = new AndMessageMatcher<>(this.delegate);
-
 		assertThat(this.matcher.matches(this.message)).isTrue();
 	}
 
@@ -88,7 +87,6 @@ public class AndMessageMatcherTests {
 		given(this.delegate.matches(this.message)).willReturn(true);
 		given(this.delegate2.matches(this.message)).willReturn(true);
 		this.matcher = new AndMessageMatcher<>(this.delegate, this.delegate2);
-
 		assertThat(this.matcher.matches(this.message)).isTrue();
 	}
 
@@ -96,7 +94,6 @@ public class AndMessageMatcherTests {
 	public void matchesSingleFalse() {
 		given(this.delegate.matches(this.message)).willReturn(false);
 		this.matcher = new AndMessageMatcher<>(this.delegate);
-
 		assertThat(this.matcher.matches(this.message)).isFalse();
 	}
 
@@ -104,7 +101,6 @@ public class AndMessageMatcherTests {
 	public void matchesMultiBothFalse() {
 		given(this.delegate.matches(this.message)).willReturn(false);
 		this.matcher = new AndMessageMatcher<>(this.delegate, this.delegate2);
-
 		assertThat(this.matcher.matches(this.message)).isFalse();
 	}
 
@@ -113,7 +109,6 @@ public class AndMessageMatcherTests {
 		given(this.delegate.matches(this.message)).willReturn(true);
 		given(this.delegate2.matches(this.message)).willReturn(false);
 		this.matcher = new AndMessageMatcher<>(this.delegate, this.delegate2);
-
 		assertThat(this.matcher.matches(this.message)).isFalse();
 	}
 
diff --git a/messaging/src/test/java/org/springframework/security/messaging/util/matcher/OrMessageMatcherTests.java b/messaging/src/test/java/org/springframework/security/messaging/util/matcher/OrMessageMatcherTests.java
index 157dd8c772..51aa9f3040 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/util/matcher/OrMessageMatcherTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/util/matcher/OrMessageMatcherTests.java
@@ -79,7 +79,6 @@ public class OrMessageMatcherTests {
 	public void matchesSingleTrue() {
 		given(this.delegate.matches(this.message)).willReturn(true);
 		this.matcher = new OrMessageMatcher<>(this.delegate);
-
 		assertThat(this.matcher.matches(this.message)).isTrue();
 	}
 
@@ -87,7 +86,6 @@ public class OrMessageMatcherTests {
 	public void matchesMultiTrue() {
 		given(this.delegate.matches(this.message)).willReturn(true);
 		this.matcher = new OrMessageMatcher<>(this.delegate, this.delegate2);
-
 		assertThat(this.matcher.matches(this.message)).isTrue();
 	}
 
@@ -95,7 +93,6 @@ public class OrMessageMatcherTests {
 	public void matchesSingleFalse() {
 		given(this.delegate.matches(this.message)).willReturn(false);
 		this.matcher = new OrMessageMatcher<>(this.delegate);
-
 		assertThat(this.matcher.matches(this.message)).isFalse();
 	}
 
@@ -104,7 +101,6 @@ public class OrMessageMatcherTests {
 		given(this.delegate.matches(this.message)).willReturn(false);
 		given(this.delegate2.matches(this.message)).willReturn(false);
 		this.matcher = new OrMessageMatcher<>(this.delegate, this.delegate2);
-
 		assertThat(this.matcher.matches(this.message)).isFalse();
 	}
 
@@ -112,7 +108,6 @@ public class OrMessageMatcherTests {
 	public void matchesMultiSingleFalse() {
 		given(this.delegate.matches(this.message)).willReturn(true);
 		this.matcher = new OrMessageMatcher<>(this.delegate, this.delegate2);
-
 		assertThat(this.matcher.matches(this.message)).isTrue();
 	}
 
diff --git a/messaging/src/test/java/org/springframework/security/messaging/util/matcher/SimpDestinationMessageMatcherTests.java b/messaging/src/test/java/org/springframework/security/messaging/util/matcher/SimpDestinationMessageMatcherTests.java
index ed1ed3d9fc..9161a95ff8 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/util/matcher/SimpDestinationMessageMatcherTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/util/matcher/SimpDestinationMessageMatcherTests.java
@@ -59,74 +59,59 @@ public class SimpDestinationMessageMatcherTests {
 	@Test
 	public void matchesAllWithDestination() {
 		this.messageBuilder.setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "/destination/1");
-
 		assertThat(this.matcher.matches(this.messageBuilder.build())).isTrue();
 	}
 
 	@Test
 	public void matchesSpecificWithDestination() {
 		this.matcher = new SimpDestinationMessageMatcher("/destination/1");
-
 		this.messageBuilder.setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "/destination/1");
-
 		assertThat(this.matcher.matches(this.messageBuilder.build())).isTrue();
 	}
 
 	@Test
 	public void matchesFalseWithDestination() {
 		this.matcher = new SimpDestinationMessageMatcher("/nomatch");
-
 		this.messageBuilder.setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "/destination/1");
-
 		assertThat(this.matcher.matches(this.messageBuilder.build())).isFalse();
 	}
 
 	@Test
 	public void matchesFalseMessageTypeNotDisconnectType() {
 		this.matcher = SimpDestinationMessageMatcher.createMessageMatcher("/match", this.pathMatcher);
-
 		this.messageBuilder.setHeader(SimpMessageHeaderAccessor.MESSAGE_TYPE_HEADER, SimpMessageType.DISCONNECT);
-
 		assertThat(this.matcher.matches(this.messageBuilder.build())).isFalse();
 	}
 
 	@Test
 	public void matchesTrueMessageType() {
 		this.matcher = SimpDestinationMessageMatcher.createMessageMatcher("/match", this.pathMatcher);
-
 		this.messageBuilder.setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "/match");
 		this.messageBuilder.setHeader(SimpMessageHeaderAccessor.MESSAGE_TYPE_HEADER, SimpMessageType.MESSAGE);
-
 		assertThat(this.matcher.matches(this.messageBuilder.build())).isTrue();
 	}
 
 	@Test
 	public void matchesTrueSubscribeType() {
 		this.matcher = SimpDestinationMessageMatcher.createSubscribeMatcher("/match", this.pathMatcher);
-
 		this.messageBuilder.setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "/match");
 		this.messageBuilder.setHeader(SimpMessageHeaderAccessor.MESSAGE_TYPE_HEADER, SimpMessageType.SUBSCRIBE);
-
 		assertThat(this.matcher.matches(this.messageBuilder.build())).isTrue();
 	}
 
 	@Test
 	public void matchesNullMessageType() {
 		this.matcher = new SimpDestinationMessageMatcher("/match");
-
 		this.messageBuilder.setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "/match");
 		this.messageBuilder.setHeader(SimpMessageHeaderAccessor.MESSAGE_TYPE_HEADER, SimpMessageType.MESSAGE);
-
 		assertThat(this.matcher.matches(this.messageBuilder.build())).isTrue();
 	}
 
 	@Test
 	public void extractPathVariablesFromDestination() {
 		this.matcher = new SimpDestinationMessageMatcher("/topics/{topic}/**");
-
 		this.messageBuilder.setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "/topics/someTopic/sub1");
 		this.messageBuilder.setHeader(SimpMessageHeaderAccessor.MESSAGE_TYPE_HEADER, SimpMessageType.MESSAGE);
-
 		assertThat(this.matcher.extractPathVariables(this.messageBuilder.build()).get("topic")).isEqualTo("someTopic");
 	}
 
@@ -139,11 +124,8 @@ public class SimpDestinationMessageMatcherTests {
 	@Test
 	public void typeConstructorParameterIsTransmitted() {
 		this.matcher = SimpDestinationMessageMatcher.createMessageMatcher("/match", this.pathMatcher);
-
 		MessageMatcher<Object> expectedTypeMatcher = new SimpMessageTypeMatcher(SimpMessageType.MESSAGE);
-
 		assertThat(this.matcher.getMessageTypeMatcher()).isEqualTo(expectedTypeMatcher);
-
 	}
 
 }
diff --git a/messaging/src/test/java/org/springframework/security/messaging/util/matcher/SimpMessageTypeMatcherTests.java b/messaging/src/test/java/org/springframework/security/messaging/util/matcher/SimpMessageTypeMatcherTests.java
index 08b727f0fe..c6f6b72b7d 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/util/matcher/SimpMessageTypeMatcherTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/util/matcher/SimpMessageTypeMatcherTests.java
@@ -44,7 +44,6 @@ public class SimpMessageTypeMatcherTests {
 	public void matchesMessageMessageTrue() {
 		Message<String> message = MessageBuilder.withPayload("Hi")
 				.setHeader(SimpMessageHeaderAccessor.MESSAGE_TYPE_HEADER, SimpMessageType.MESSAGE).build();
-
 		assertThat(this.matcher.matches(message)).isTrue();
 	}
 
@@ -52,14 +51,12 @@ public class SimpMessageTypeMatcherTests {
 	public void matchesMessageConnectFalse() {
 		Message<String> message = MessageBuilder.withPayload("Hi")
 				.setHeader(SimpMessageHeaderAccessor.MESSAGE_TYPE_HEADER, SimpMessageType.CONNECT).build();
-
 		assertThat(this.matcher.matches(message)).isFalse();
 	}
 
 	@Test
 	public void matchesMessageNullFalse() {
 		Message<String> message = MessageBuilder.withPayload("Hi").build();
-
 		assertThat(this.matcher.matches(message)).isFalse();
 	}
 
diff --git a/messaging/src/test/java/org/springframework/security/messaging/web/csrf/CsrfChannelInterceptorTests.java b/messaging/src/test/java/org/springframework/security/messaging/web/csrf/CsrfChannelInterceptorTests.java
index 9ec31982c2..f7d1e6d76c 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/web/csrf/CsrfChannelInterceptorTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/web/csrf/CsrfChannelInterceptorTests.java
@@ -51,7 +51,6 @@ public class CsrfChannelInterceptorTests {
 	public void setup() {
 		this.token = new DefaultCsrfToken("header", "param", "token");
 		this.interceptor = new CsrfChannelInterceptor();
-
 		this.messageHeaders = SimpMessageHeaderAccessor.create(SimpMessageType.CONNECT);
 		this.messageHeaders.setNativeHeader(this.token.getHeaderName(), this.token.getToken());
 		this.messageHeaders.setSessionAttributes(new HashMap<>());
@@ -66,84 +65,72 @@ public class CsrfChannelInterceptorTests {
 	@Test
 	public void preSendIgnoresConnectAck() {
 		this.messageHeaders = SimpMessageHeaderAccessor.create(SimpMessageType.CONNECT_ACK);
-
 		this.interceptor.preSend(message(), this.channel);
 	}
 
 	@Test
 	public void preSendIgnoresDisconnect() {
 		this.messageHeaders = SimpMessageHeaderAccessor.create(SimpMessageType.DISCONNECT);
-
 		this.interceptor.preSend(message(), this.channel);
 	}
 
 	@Test
 	public void preSendIgnoresDisconnectAck() {
 		this.messageHeaders = SimpMessageHeaderAccessor.create(SimpMessageType.DISCONNECT_ACK);
-
 		this.interceptor.preSend(message(), this.channel);
 	}
 
 	@Test
 	public void preSendIgnoresHeartbeat() {
 		this.messageHeaders = SimpMessageHeaderAccessor.create(SimpMessageType.HEARTBEAT);
-
 		this.interceptor.preSend(message(), this.channel);
 	}
 
 	@Test
 	public void preSendIgnoresMessage() {
 		this.messageHeaders = SimpMessageHeaderAccessor.create(SimpMessageType.MESSAGE);
-
 		this.interceptor.preSend(message(), this.channel);
 	}
 
 	@Test
 	public void preSendIgnoresOther() {
 		this.messageHeaders = SimpMessageHeaderAccessor.create(SimpMessageType.OTHER);
-
 		this.interceptor.preSend(message(), this.channel);
 	}
 
 	@Test
 	public void preSendIgnoresSubscribe() {
 		this.messageHeaders = SimpMessageHeaderAccessor.create(SimpMessageType.SUBSCRIBE);
-
 		this.interceptor.preSend(message(), this.channel);
 	}
 
 	@Test
 	public void preSendIgnoresUnsubscribe() {
 		this.messageHeaders = SimpMessageHeaderAccessor.create(SimpMessageType.UNSUBSCRIBE);
-
 		this.interceptor.preSend(message(), this.channel);
 	}
 
 	@Test(expected = InvalidCsrfTokenException.class)
 	public void preSendNoToken() {
 		this.messageHeaders.removeNativeHeader(this.token.getHeaderName());
-
 		this.interceptor.preSend(message(), this.channel);
 	}
 
 	@Test(expected = InvalidCsrfTokenException.class)
 	public void preSendInvalidToken() {
 		this.messageHeaders.setNativeHeader(this.token.getHeaderName(), this.token.getToken() + "invalid");
-
 		this.interceptor.preSend(message(), this.channel);
 	}
 
 	@Test(expected = MissingCsrfTokenException.class)
 	public void preSendMissingToken() {
 		this.messageHeaders.getSessionAttributes().clear();
-
 		this.interceptor.preSend(message(), this.channel);
 	}
 
 	@Test(expected = MissingCsrfTokenException.class)
 	public void preSendMissingTokenNullSessionAttributes() {
 		this.messageHeaders.setSessionAttributes(null);
-
 		this.interceptor.preSend(message(), this.channel);
 	}
 
diff --git a/messaging/src/test/java/org/springframework/security/messaging/web/socket/server/CsrfTokenHandshakeInterceptorTests.java b/messaging/src/test/java/org/springframework/security/messaging/web/socket/server/CsrfTokenHandshakeInterceptorTests.java
index 04e511db7f..b92390fecd 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/web/socket/server/CsrfTokenHandshakeInterceptorTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/web/socket/server/CsrfTokenHandshakeInterceptorTests.java
@@ -60,14 +60,12 @@ public class CsrfTokenHandshakeInterceptorTests {
 		this.httpRequest = new MockHttpServletRequest();
 		this.attributes = new HashMap<>();
 		this.request = new ServletServerHttpRequest(this.httpRequest);
-
 		this.interceptor = new CsrfTokenHandshakeInterceptor();
 	}
 
 	@Test
 	public void beforeHandshakeNoAttribute() throws Exception {
 		this.interceptor.beforeHandshake(this.request, this.response, this.wsHandler, this.attributes);
-
 		assertThat(this.attributes).isEmpty();
 	}
 
@@ -75,9 +73,7 @@ public class CsrfTokenHandshakeInterceptorTests {
 	public void beforeHandshake() throws Exception {
 		CsrfToken token = new DefaultCsrfToken("header", "param", "token");
 		this.httpRequest.setAttribute(CsrfToken.class.getName(), token);
-
 		this.interceptor.beforeHandshake(this.request, this.response, this.wsHandler, this.attributes);
-
 		assertThat(this.attributes.keySet()).containsOnly(CsrfToken.class.getName());
 		assertThat(this.attributes.values()).containsOnly(token);
 	}
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizationCodeOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizationCodeOAuth2AuthorizedClientProviderTests.java
index 5de8cb739c..bb777ce820 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizationCodeOAuth2AuthorizedClientProviderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizationCodeOAuth2AuthorizedClientProviderTests.java
@@ -61,7 +61,6 @@ public class AuthorizationCodeOAuth2AuthorizedClientProviderTests {
 	@Test
 	public void authorizeWhenNotAuthorizationCodeThenUnableToAuthorize() {
 		ClientRegistration clientCredentialsClient = TestClientRegistrations.clientCredentials().build();
-
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
 				.withClientRegistration(clientCredentialsClient).principal(this.principal).build();
 		assertThat(this.authorizedClientProvider.authorize(authorizationContext)).isNull();
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizationCodeReactiveOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizationCodeReactiveOAuth2AuthorizedClientProviderTests.java
index b64751f885..190af59bc3 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizationCodeReactiveOAuth2AuthorizedClientProviderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizationCodeReactiveOAuth2AuthorizedClientProviderTests.java
@@ -61,7 +61,6 @@ public class AuthorizationCodeReactiveOAuth2AuthorizedClientProviderTests {
 	@Test
 	public void authorizeWhenNotAuthorizationCodeThenUnableToAuthorize() {
 		ClientRegistration clientCredentialsClient = TestClientRegistrations.clientCredentials().build();
-
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
 				.withClientRegistration(clientCredentialsClient).principal(this.principal).build();
 		assertThat(this.authorizedClientProvider.authorize(authorizationContext).block()).isNull();
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceOAuth2AuthorizedClientManagerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceOAuth2AuthorizedClientManagerTests.java
index 8959d18c38..8de4368877 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceOAuth2AuthorizedClientManagerTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceOAuth2AuthorizedClientManagerTests.java
@@ -166,20 +166,16 @@ public class AuthorizedClientServiceOAuth2AuthorizedClientManagerTests {
 	public void authorizeWhenNotAuthorizedAndUnsupportedProviderThenNotAuthorized() {
 		given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
 				.willReturn(this.clientRegistration);
-
 		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
 				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
 				.build();
 		OAuth2AuthorizedClient authorizedClient = this.authorizedClientManager.authorize(authorizeRequest);
-
 		verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture());
 		verify(this.contextAttributesMapper).apply(eq(authorizeRequest));
-
 		OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue();
 		assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration);
 		assertThat(authorizationContext.getAuthorizedClient()).isNull();
 		assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal);
-
 		assertThat(authorizedClient).isNull();
 		verifyNoInteractions(this.authorizationSuccessHandler);
 		verify(this.authorizedClientService, never()).saveAuthorizedClient(any(), any());
@@ -190,23 +186,18 @@ public class AuthorizedClientServiceOAuth2AuthorizedClientManagerTests {
 	public void authorizeWhenNotAuthorizedAndSupportedProviderThenAuthorized() {
 		given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
 				.willReturn(this.clientRegistration);
-
 		given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
 				.willReturn(this.authorizedClient);
-
 		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
 				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
 				.build();
 		OAuth2AuthorizedClient authorizedClient = this.authorizedClientManager.authorize(authorizeRequest);
-
 		verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture());
 		verify(this.contextAttributesMapper).apply(eq(authorizeRequest));
-
 		OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue();
 		assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration);
 		assertThat(authorizationContext.getAuthorizedClient()).isNull();
 		assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal);
-
 		assertThat(authorizedClient).isSameAs(this.authorizedClient);
 		verify(this.authorizationSuccessHandler).onAuthorizationSuccess(eq(this.authorizedClient), eq(this.principal),
 				any());
@@ -220,26 +211,20 @@ public class AuthorizedClientServiceOAuth2AuthorizedClientManagerTests {
 				.willReturn(this.clientRegistration);
 		given(this.authorizedClientService.loadAuthorizedClient(eq(this.clientRegistration.getRegistrationId()),
 				eq(this.principal.getName()))).willReturn(this.authorizedClient);
-
 		OAuth2AuthorizedClient reauthorizedClient = new OAuth2AuthorizedClient(this.clientRegistration,
 				this.principal.getName(), TestOAuth2AccessTokens.noScopes(), TestOAuth2RefreshTokens.refreshToken());
-
 		given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
 				.willReturn(reauthorizedClient);
-
 		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
 				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
 				.build();
 		OAuth2AuthorizedClient authorizedClient = this.authorizedClientManager.authorize(authorizeRequest);
-
 		verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture());
 		verify(this.contextAttributesMapper).apply(eq(authorizeRequest));
-
 		OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue();
 		assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration);
 		assertThat(authorizationContext.getAuthorizedClient()).isSameAs(this.authorizedClient);
 		assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal);
-
 		assertThat(authorizedClient).isSameAs(reauthorizedClient);
 		verify(this.authorizationSuccessHandler).onAuthorizationSuccess(eq(reauthorizedClient), eq(this.principal),
 				any());
@@ -252,15 +237,12 @@ public class AuthorizedClientServiceOAuth2AuthorizedClientManagerTests {
 		OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient)
 				.principal(this.principal).build();
 		OAuth2AuthorizedClient authorizedClient = this.authorizedClientManager.authorize(reauthorizeRequest);
-
 		verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture());
 		verify(this.contextAttributesMapper).apply(eq(reauthorizeRequest));
-
 		OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue();
 		assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration);
 		assertThat(authorizationContext.getAuthorizedClient()).isSameAs(this.authorizedClient);
 		assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal);
-
 		assertThat(authorizedClient).isSameAs(this.authorizedClient);
 		verifyNoInteractions(this.authorizationSuccessHandler);
 		verify(this.authorizedClientService, never()).saveAuthorizedClient(any(), any());
@@ -271,22 +253,17 @@ public class AuthorizedClientServiceOAuth2AuthorizedClientManagerTests {
 	public void reauthorizeWhenSupportedProviderThenReauthorized() {
 		OAuth2AuthorizedClient reauthorizedClient = new OAuth2AuthorizedClient(this.clientRegistration,
 				this.principal.getName(), TestOAuth2AccessTokens.noScopes(), TestOAuth2RefreshTokens.refreshToken());
-
 		given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
 				.willReturn(reauthorizedClient);
-
 		OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient)
 				.principal(this.principal).build();
 		OAuth2AuthorizedClient authorizedClient = this.authorizedClientManager.authorize(reauthorizeRequest);
-
 		verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture());
 		verify(this.contextAttributesMapper).apply(eq(reauthorizeRequest));
-
 		OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue();
 		assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration);
 		assertThat(authorizationContext.getAuthorizedClient()).isSameAs(this.authorizedClient);
 		assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal);
-
 		assertThat(authorizedClient).isSameAs(reauthorizedClient);
 		verify(this.authorizationSuccessHandler).onAuthorizationSuccess(eq(reauthorizedClient), eq(this.principal),
 				any());
@@ -298,20 +275,15 @@ public class AuthorizedClientServiceOAuth2AuthorizedClientManagerTests {
 	public void reauthorizeWhenRequestAttributeScopeThenMappedToContext() {
 		OAuth2AuthorizedClient reauthorizedClient = new OAuth2AuthorizedClient(this.clientRegistration,
 				this.principal.getName(), TestOAuth2AccessTokens.noScopes(), TestOAuth2RefreshTokens.refreshToken());
-
 		given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
 				.willReturn(reauthorizedClient);
-
 		// Override the mock with the default
 		this.authorizedClientManager.setContextAttributesMapper(
 				new AuthorizedClientServiceOAuth2AuthorizedClientManager.DefaultContextAttributesMapper());
-
 		OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient)
 				.principal(this.principal).attribute(OAuth2ParameterNames.SCOPE, "read write").build();
 		OAuth2AuthorizedClient authorizedClient = this.authorizedClientManager.authorize(reauthorizeRequest);
-
 		verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture());
-
 		OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue();
 		assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration);
 		assertThat(authorizationContext.getAuthorizedClient()).isSameAs(this.authorizedClient);
@@ -321,7 +293,6 @@ public class AuthorizedClientServiceOAuth2AuthorizedClientManagerTests {
 		String[] requestScopeAttribute = authorizationContext
 				.getAttribute(OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME);
 		assertThat(requestScopeAttribute).contains("read", "write");
-
 		assertThat(authorizedClient).isSameAs(reauthorizedClient);
 		verify(this.authorizationSuccessHandler).onAuthorizationSuccess(eq(reauthorizedClient), eq(this.principal),
 				any());
@@ -333,16 +304,12 @@ public class AuthorizedClientServiceOAuth2AuthorizedClientManagerTests {
 		ClientAuthorizationException authorizationException = new ClientAuthorizationException(
 				new OAuth2Error(OAuth2ErrorCodes.INVALID_GRANT, null, null),
 				this.clientRegistration.getRegistrationId());
-
 		given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
 				.willThrow(authorizationException);
-
 		OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient)
 				.principal(this.principal).build();
-
 		assertThatCode(() -> this.authorizedClientManager.authorize(reauthorizeRequest))
 				.isEqualTo(authorizationException);
-
 		verify(this.authorizationFailureHandler).onAuthorizationFailure(eq(authorizationException), eq(this.principal),
 				any());
 		verify(this.authorizedClientService).removeAuthorizedClient(eq(this.clientRegistration.getRegistrationId()),
@@ -353,16 +320,12 @@ public class AuthorizedClientServiceOAuth2AuthorizedClientManagerTests {
 	public void reauthorizeWhenErrorCodeDoesNotMatchThenDoNotRemoveAuthorizedClient() {
 		ClientAuthorizationException authorizationException = new ClientAuthorizationException(
 				new OAuth2Error("non-matching-error-code", null, null), this.clientRegistration.getRegistrationId());
-
 		given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
 				.willThrow(authorizationException);
-
 		OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient)
 				.principal(this.principal).build();
-
 		assertThatCode(() -> this.authorizedClientManager.authorize(reauthorizeRequest))
 				.isEqualTo(authorizationException);
-
 		verify(this.authorizationFailureHandler).onAuthorizationFailure(eq(authorizationException), eq(this.principal),
 				any());
 		verifyNoInteractions(this.authorizedClientService);
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests.java
index 857ed535a1..aafb30ec73 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests.java
@@ -155,7 +155,6 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests {
 		given(this.clientRegistrationRepository.findByRegistrationId(clientRegistrationId)).willReturn(Mono.empty());
 		StepVerifier.create(this.authorizedClientManager.authorize(authorizeRequest))
 				.verifyError(IllegalArgumentException.class);
-
 	}
 
 	@SuppressWarnings("unchecked")
@@ -164,23 +163,18 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests {
 		given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
 				.willReturn(Mono.just(this.clientRegistration));
 		given(this.authorizedClientService.loadAuthorizedClient(any(), any())).willReturn(Mono.empty());
-
 		given(this.authorizedClientProvider.authorize(any())).willReturn(Mono.empty());
 		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
 				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
 				.build();
 		Mono<OAuth2AuthorizedClient> authorizedClient = this.authorizedClientManager.authorize(authorizeRequest);
-
 		StepVerifier.create(authorizedClient).verifyComplete();
-
 		verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture());
 		verify(this.contextAttributesMapper).apply(eq(authorizeRequest));
-
 		OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue();
 		assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration);
 		assertThat(authorizationContext.getAuthorizedClient()).isNull();
 		assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal);
-
 		verify(this.authorizedClientService, never()).saveAuthorizedClient(any(OAuth2AuthorizedClient.class),
 				eq(this.principal));
 	}
@@ -190,27 +184,20 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests {
 	public void authorizeWhenNotAuthorizedAndSupportedProviderThenAuthorized() {
 		given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
 				.willReturn(Mono.just(this.clientRegistration));
-
 		given(this.authorizedClientService.loadAuthorizedClient(any(), any())).willReturn(Mono.empty());
-
 		given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
 				.willReturn(Mono.just(this.authorizedClient));
-
 		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
 				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
 				.build();
 		Mono<OAuth2AuthorizedClient> authorizedClient = this.authorizedClientManager.authorize(authorizeRequest);
-
 		StepVerifier.create(authorizedClient).expectNext(this.authorizedClient).verifyComplete();
-
 		verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture());
 		verify(this.contextAttributesMapper).apply(eq(authorizeRequest));
-
 		OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue();
 		assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration);
 		assertThat(authorizationContext.getAuthorizedClient()).isNull();
 		assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal);
-
 		verify(this.authorizedClientService).saveAuthorizedClient(eq(this.authorizedClient), eq(this.principal));
 		this.saveAuthorizedClientProbe.assertWasSubscribed();
 		verify(this.authorizedClientService, never()).removeAuthorizedClient(any(), any());
@@ -221,31 +208,23 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests {
 	public void authorizeWhenNotAuthorizedAndSupportedProviderAndCustomSuccessHandlerThenInvokeCustomSuccessHandler() {
 		given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
 				.willReturn(Mono.just(this.clientRegistration));
-
 		given(this.authorizedClientService.loadAuthorizedClient(any(), any())).willReturn(Mono.empty());
-
 		given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
 				.willReturn(Mono.just(this.authorizedClient));
-
 		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
 				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
 				.build();
 		PublisherProbe<Void> authorizationSuccessHandlerProbe = PublisherProbe.empty();
 		this.authorizedClientManager.setAuthorizationSuccessHandler(
 				(client, principal, attributes) -> authorizationSuccessHandlerProbe.mono());
-
 		Mono<OAuth2AuthorizedClient> authorizedClient = this.authorizedClientManager.authorize(authorizeRequest);
-
 		StepVerifier.create(authorizedClient).expectNext(this.authorizedClient).verifyComplete();
-
 		verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture());
 		verify(this.contextAttributesMapper).apply(eq(authorizeRequest));
-
 		OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue();
 		assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration);
 		assertThat(authorizationContext.getAuthorizedClient()).isNull();
 		assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal);
-
 		authorizationSuccessHandlerProbe.assertWasSubscribed();
 		verify(this.authorizedClientService, never()).saveAuthorizedClient(any(), any());
 		verify(this.authorizedClientService, never()).removeAuthorizedClient(any(), any());
@@ -255,30 +234,22 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests {
 	public void authorizeWhenInvalidTokenThenRemoveAuthorizedClient() {
 		given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
 				.willReturn(Mono.just(this.clientRegistration));
-
 		given(this.authorizedClientService.loadAuthorizedClient(any(), any())).willReturn(Mono.empty());
-
 		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
 				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
 				.build();
-
 		ClientAuthorizationException exception = new ClientAuthorizationException(
 				new OAuth2Error(OAuth2ErrorCodes.INVALID_TOKEN, null, null),
 				this.clientRegistration.getRegistrationId());
-
 		given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
 				.willReturn(Mono.error(exception));
-
 		assertThatCode(() -> this.authorizedClientManager.authorize(authorizeRequest).block()).isEqualTo(exception);
-
 		verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture());
 		verify(this.contextAttributesMapper).apply(eq(authorizeRequest));
-
 		OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue();
 		assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration);
 		assertThat(authorizationContext.getAuthorizedClient()).isNull();
 		assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal);
-
 		verify(this.authorizedClientService).removeAuthorizedClient(eq(this.clientRegistration.getRegistrationId()),
 				eq(this.principal.getName()));
 		this.removeAuthorizedClientProbe.assertWasSubscribed();
@@ -289,30 +260,22 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests {
 	public void authorizeWhenInvalidGrantThenRemoveAuthorizedClient() {
 		given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
 				.willReturn(Mono.just(this.clientRegistration));
-
 		given(this.authorizedClientService.loadAuthorizedClient(any(), any())).willReturn(Mono.empty());
-
 		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
 				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
 				.build();
-
 		ClientAuthorizationException exception = new ClientAuthorizationException(
 				new OAuth2Error(OAuth2ErrorCodes.INVALID_GRANT, null, null),
 				this.clientRegistration.getRegistrationId());
-
 		given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
 				.willReturn(Mono.error(exception));
-
 		assertThatCode(() -> this.authorizedClientManager.authorize(authorizeRequest).block()).isEqualTo(exception);
-
 		verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture());
 		verify(this.contextAttributesMapper).apply(eq(authorizeRequest));
-
 		OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue();
 		assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration);
 		assertThat(authorizationContext.getAuthorizedClient()).isNull();
 		assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal);
-
 		verify(this.authorizedClientService).removeAuthorizedClient(eq(this.clientRegistration.getRegistrationId()),
 				eq(this.principal.getName()));
 		this.removeAuthorizedClientProbe.assertWasSubscribed();
@@ -323,30 +286,22 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests {
 	public void authorizeWhenServerErrorThenDoNotRemoveAuthorizedClient() {
 		given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
 				.willReturn(Mono.just(this.clientRegistration));
-
 		given(this.authorizedClientService.loadAuthorizedClient(any(), any())).willReturn(Mono.empty());
-
 		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
 				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
 				.build();
-
 		ClientAuthorizationException exception = new ClientAuthorizationException(
 				new OAuth2Error(OAuth2ErrorCodes.SERVER_ERROR, null, null),
 				this.clientRegistration.getRegistrationId());
-
 		given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
 				.willReturn(Mono.error(exception));
-
 		assertThatCode(() -> this.authorizedClientManager.authorize(authorizeRequest).block()).isEqualTo(exception);
-
 		verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture());
 		verify(this.contextAttributesMapper).apply(eq(authorizeRequest));
-
 		OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue();
 		assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration);
 		assertThat(authorizationContext.getAuthorizedClient()).isNull();
 		assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal);
-
 		verify(this.authorizedClientService, never()).removeAuthorizedClient(any(), any());
 		verify(this.authorizedClientService, never()).saveAuthorizedClient(any(), any());
 	}
@@ -355,29 +310,21 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests {
 	public void authorizeWhenOAuth2AuthorizationExceptionThenDoNotRemoveAuthorizedClient() {
 		given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
 				.willReturn(Mono.just(this.clientRegistration));
-
 		given(this.authorizedClientService.loadAuthorizedClient(any(), any())).willReturn(Mono.empty());
-
 		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
 				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
 				.build();
-
 		OAuth2AuthorizationException exception = new OAuth2AuthorizationException(
 				new OAuth2Error(OAuth2ErrorCodes.INVALID_GRANT, null, null));
-
 		given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
 				.willReturn(Mono.error(exception));
-
 		assertThatCode(() -> this.authorizedClientManager.authorize(authorizeRequest).block()).isEqualTo(exception);
-
 		verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture());
 		verify(this.contextAttributesMapper).apply(eq(authorizeRequest));
-
 		OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue();
 		assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration);
 		assertThat(authorizationContext.getAuthorizedClient()).isNull();
 		assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal);
-
 		verify(this.authorizedClientService, never()).removeAuthorizedClient(any(), any());
 		verify(this.authorizedClientService, never()).saveAuthorizedClient(any(), any());
 	}
@@ -386,33 +333,24 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests {
 	public void authorizeWhenOAuth2AuthorizationExceptionAndCustomFailureHandlerThenInvokeCustomFailureHandler() {
 		given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
 				.willReturn(Mono.just(this.clientRegistration));
-
 		given(this.authorizedClientService.loadAuthorizedClient(any(), any())).willReturn(Mono.empty());
-
 		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
 				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
 				.build();
-
 		OAuth2AuthorizationException exception = new OAuth2AuthorizationException(
 				new OAuth2Error(OAuth2ErrorCodes.INVALID_GRANT, null, null));
-
 		given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
 				.willReturn(Mono.error(exception));
-
 		PublisherProbe<Void> authorizationFailureHandlerProbe = PublisherProbe.empty();
 		this.authorizedClientManager.setAuthorizationFailureHandler(
 				(client, principal, attributes) -> authorizationFailureHandlerProbe.mono());
-
 		assertThatCode(() -> this.authorizedClientManager.authorize(authorizeRequest).block()).isEqualTo(exception);
-
 		verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture());
 		verify(this.contextAttributesMapper).apply(eq(authorizeRequest));
-
 		OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue();
 		assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration);
 		assertThat(authorizationContext.getAuthorizedClient()).isNull();
 		assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal);
-
 		authorizationFailureHandlerProbe.assertWasSubscribed();
 		verify(this.authorizedClientService, never()).removeAuthorizedClient(any(), any());
 		verify(this.authorizedClientService, never()).saveAuthorizedClient(any(), any());
@@ -425,27 +363,21 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests {
 				.willReturn(Mono.just(this.clientRegistration));
 		given(this.authorizedClientService.loadAuthorizedClient(eq(this.clientRegistration.getRegistrationId()),
 				eq(this.principal.getName()))).willReturn(Mono.just(this.authorizedClient));
-
 		OAuth2AuthorizedClient reauthorizedClient = new OAuth2AuthorizedClient(this.clientRegistration,
 				this.principal.getName(), TestOAuth2AccessTokens.noScopes(), TestOAuth2RefreshTokens.refreshToken());
-
 		given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
 				.willReturn(Mono.just(reauthorizedClient));
-
 		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
 				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
 				.build();
 		Mono<OAuth2AuthorizedClient> authorizedClient = this.authorizedClientManager.authorize(authorizeRequest);
-
 		StepVerifier.create(authorizedClient).expectNext(reauthorizedClient).verifyComplete();
 		verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture());
 		verify(this.contextAttributesMapper).apply(eq(authorizeRequest));
-
 		OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue();
 		assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration);
 		assertThat(authorizationContext.getAuthorizedClient()).isSameAs(this.authorizedClient);
 		assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal);
-
 		verify(this.authorizedClientService).saveAuthorizedClient(eq(reauthorizedClient), eq(this.principal));
 		this.saveAuthorizedClientProbe.assertWasSubscribed();
 		verify(this.authorizedClientService, never()).removeAuthorizedClient(any(), any());
@@ -458,16 +390,13 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests {
 		OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient)
 				.principal(this.principal).build();
 		Mono<OAuth2AuthorizedClient> authorizedClient = this.authorizedClientManager.authorize(reauthorizeRequest);
-
 		StepVerifier.create(authorizedClient).expectNext(this.authorizedClient).verifyComplete();
 		verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture());
 		verify(this.contextAttributesMapper).apply(eq(reauthorizeRequest));
-
 		OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue();
 		assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration);
 		assertThat(authorizationContext.getAuthorizedClient()).isSameAs(this.authorizedClient);
 		assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal);
-
 		verify(this.authorizedClientService, never()).saveAuthorizedClient(any(OAuth2AuthorizedClient.class),
 				eq(this.principal));
 	}
@@ -477,24 +406,18 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests {
 	public void reauthorizeWhenSupportedProviderThenReauthorized() {
 		OAuth2AuthorizedClient reauthorizedClient = new OAuth2AuthorizedClient(this.clientRegistration,
 				this.principal.getName(), TestOAuth2AccessTokens.noScopes(), TestOAuth2RefreshTokens.refreshToken());
-
 		given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
 				.willReturn(Mono.just(reauthorizedClient));
-
 		OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient)
 				.principal(this.principal).build();
 		Mono<OAuth2AuthorizedClient> authorizedClient = this.authorizedClientManager.authorize(reauthorizeRequest);
-
 		StepVerifier.create(authorizedClient).expectNext(reauthorizedClient).verifyComplete();
-
 		verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture());
 		verify(this.contextAttributesMapper).apply(eq(reauthorizeRequest));
-
 		OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue();
 		assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration);
 		assertThat(authorizationContext.getAuthorizedClient()).isSameAs(this.authorizedClient);
 		assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal);
-
 		verify(this.authorizedClientService).saveAuthorizedClient(eq(reauthorizedClient), eq(this.principal));
 		this.saveAuthorizedClientProbe.assertWasSubscribed();
 		verify(this.authorizedClientService, never()).removeAuthorizedClient(any(), any());
@@ -505,24 +428,18 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests {
 	public void reauthorizeWhenRequestAttributeScopeThenMappedToContext() {
 		OAuth2AuthorizedClient reauthorizedClient = new OAuth2AuthorizedClient(this.clientRegistration,
 				this.principal.getName(), TestOAuth2AccessTokens.noScopes(), TestOAuth2RefreshTokens.refreshToken());
-
 		given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
 				.willReturn(Mono.just(reauthorizedClient));
-
 		OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient)
 				.principal(this.principal).attribute(OAuth2ParameterNames.SCOPE, "read write").build();
-
 		this.authorizedClientManager.setContextAttributesMapper(
 				new AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager.DefaultContextAttributesMapper());
 		Mono<OAuth2AuthorizedClient> authorizedClient = this.authorizedClientManager.authorize(reauthorizeRequest);
-
 		StepVerifier.create(authorizedClient).expectNext(reauthorizedClient).verifyComplete();
 		verify(this.authorizedClientService).saveAuthorizedClient(eq(reauthorizedClient), eq(this.principal));
 		this.saveAuthorizedClientProbe.assertWasSubscribed();
 		verify(this.authorizedClientService, never()).removeAuthorizedClient(any(), any());
-
 		verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture());
-
 		OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue();
 		assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration);
 		assertThat(authorizationContext.getAuthorizedClient()).isSameAs(this.authorizedClient);
@@ -532,7 +449,6 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests {
 		String[] requestScopeAttribute = authorizationContext
 				.getAttribute(OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME);
 		assertThat(requestScopeAttribute).contains("read", "write");
-
 	}
 
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ClientCredentialsOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ClientCredentialsOAuth2AuthorizedClientProviderTests.java
index 4cc00ed3f7..3fd7402466 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ClientCredentialsOAuth2AuthorizedClientProviderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ClientCredentialsOAuth2AuthorizedClientProviderTests.java
@@ -96,7 +96,6 @@ public class ClientCredentialsOAuth2AuthorizedClientProviderTests {
 	@Test
 	public void authorizeWhenNotClientCredentialsThenUnableToAuthorize() {
 		ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build();
-
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
 				.withClientRegistration(clientRegistration).principal(this.principal).build();
 		assertThat(this.authorizedClientProvider.authorize(authorizationContext)).isNull();
@@ -106,11 +105,9 @@ public class ClientCredentialsOAuth2AuthorizedClientProviderTests {
 	public void authorizeWhenClientCredentialsAndNotAuthorizedThenAuthorize() {
 		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build();
 		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse);
-
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
 				.withClientRegistration(this.clientRegistration).principal(this.principal).build();
 		OAuth2AuthorizedClient authorizedClient = this.authorizedClientProvider.authorize(authorizationContext);
-
 		assertThat(authorizedClient.getClientRegistration()).isSameAs(this.clientRegistration);
 		assertThat(authorizedClient.getPrincipalName()).isEqualTo(this.principal.getName());
 		assertThat(authorizedClient.getAccessToken()).isEqualTo(accessTokenResponse.getAccessToken());
@@ -124,14 +121,11 @@ public class ClientCredentialsOAuth2AuthorizedClientProviderTests {
 				issuedAt, expiresAt);
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration,
 				this.principal.getName(), accessToken);
-
 		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build();
 		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse);
-
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
 				.withAuthorizedClient(authorizedClient).principal(this.principal).build();
 		authorizedClient = this.authorizedClientProvider.authorize(authorizationContext);
-
 		assertThat(authorizedClient.getClientRegistration()).isSameAs(this.clientRegistration);
 		assertThat(authorizedClient.getPrincipalName()).isEqualTo(this.principal.getName());
 		assertThat(authorizedClient.getAccessToken()).isEqualTo(accessTokenResponse.getAccessToken());
@@ -141,7 +135,6 @@ public class ClientCredentialsOAuth2AuthorizedClientProviderTests {
 	public void authorizeWhenClientCredentialsAndTokenNotExpiredThenNotReauthorize() {
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration,
 				this.principal.getName(), TestOAuth2AccessTokens.noScopes());
-
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
 				.withAuthorizedClient(authorizedClient).principal(this.principal).build();
 		assertThat(this.authorizedClientProvider.authorize(authorizationContext)).isNull();
@@ -157,19 +150,14 @@ public class ClientCredentialsOAuth2AuthorizedClientProviderTests {
 				"access-token-1234", issuedAt, expiresAt);
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration,
 				this.principal.getName(), expiresInOneMinAccessToken);
-
 		// Shorten the lifespan of the access token by 90 seconds, which will ultimately
 		// force it to expire on the client
 		this.authorizedClientProvider.setClockSkew(Duration.ofSeconds(90));
-
 		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build();
 		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse);
-
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
 				.withAuthorizedClient(authorizedClient).principal(this.principal).build();
-
 		OAuth2AuthorizedClient reauthorizedClient = this.authorizedClientProvider.authorize(authorizationContext);
-
 		assertThat(reauthorizedClient.getClientRegistration()).isSameAs(this.clientRegistration);
 		assertThat(reauthorizedClient.getPrincipalName()).isEqualTo(this.principal.getName());
 		assertThat(reauthorizedClient.getAccessToken()).isEqualTo(accessTokenResponse.getAccessToken());
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ClientCredentialsReactiveOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ClientCredentialsReactiveOAuth2AuthorizedClientProviderTests.java
index 32ba665c88..b6014bf6c4 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ClientCredentialsReactiveOAuth2AuthorizedClientProviderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ClientCredentialsReactiveOAuth2AuthorizedClientProviderTests.java
@@ -97,7 +97,6 @@ public class ClientCredentialsReactiveOAuth2AuthorizedClientProviderTests {
 	@Test
 	public void authorizeWhenNotClientCredentialsThenUnableToAuthorize() {
 		ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build();
-
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
 				.withClientRegistration(clientRegistration).principal(this.principal).build();
 		assertThat(this.authorizedClientProvider.authorize(authorizationContext).block()).isNull();
@@ -107,11 +106,9 @@ public class ClientCredentialsReactiveOAuth2AuthorizedClientProviderTests {
 	public void authorizeWhenClientCredentialsAndNotAuthorizedThenAuthorize() {
 		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build();
 		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse));
-
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
 				.withClientRegistration(this.clientRegistration).principal(this.principal).build();
 		OAuth2AuthorizedClient authorizedClient = this.authorizedClientProvider.authorize(authorizationContext).block();
-
 		assertThat(authorizedClient.getClientRegistration()).isSameAs(this.clientRegistration);
 		assertThat(authorizedClient.getPrincipalName()).isEqualTo(this.principal.getName());
 		assertThat(authorizedClient.getAccessToken()).isEqualTo(accessTokenResponse.getAccessToken());
@@ -125,14 +122,11 @@ public class ClientCredentialsReactiveOAuth2AuthorizedClientProviderTests {
 				issuedAt, expiresAt);
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration,
 				this.principal.getName(), accessToken);
-
 		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build();
 		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse));
-
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
 				.withAuthorizedClient(authorizedClient).principal(this.principal).build();
 		authorizedClient = this.authorizedClientProvider.authorize(authorizationContext).block();
-
 		assertThat(authorizedClient.getClientRegistration()).isSameAs(this.clientRegistration);
 		assertThat(authorizedClient.getPrincipalName()).isEqualTo(this.principal.getName());
 		assertThat(authorizedClient.getAccessToken()).isEqualTo(accessTokenResponse.getAccessToken());
@@ -142,7 +136,6 @@ public class ClientCredentialsReactiveOAuth2AuthorizedClientProviderTests {
 	public void authorizeWhenClientCredentialsAndTokenNotExpiredThenNotReauthorize() {
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration,
 				this.principal.getName(), TestOAuth2AccessTokens.noScopes());
-
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
 				.withAuthorizedClient(authorizedClient).principal(this.principal).build();
 		assertThat(this.authorizedClientProvider.authorize(authorizationContext).block()).isNull();
@@ -158,20 +151,15 @@ public class ClientCredentialsReactiveOAuth2AuthorizedClientProviderTests {
 				"access-token-1234", issuedAt, expiresAt);
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration,
 				this.principal.getName(), expiresInOneMinAccessToken);
-
 		// Shorten the lifespan of the access token by 90 seconds, which will ultimately
 		// force it to expire on the client
 		this.authorizedClientProvider.setClockSkew(Duration.ofSeconds(90));
-
 		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build();
 		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse));
-
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
 				.withAuthorizedClient(authorizedClient).principal(this.principal).build();
-
 		OAuth2AuthorizedClient reauthorizedClient = this.authorizedClientProvider.authorize(authorizationContext)
 				.block();
-
 		assertThat(reauthorizedClient.getClientRegistration()).isSameAs(this.clientRegistration);
 		assertThat(reauthorizedClient.getPrincipalName()).isEqualTo(this.principal.getName());
 		assertThat(reauthorizedClient.getAccessToken()).isEqualTo(accessTokenResponse.getAccessToken());
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/DelegatingOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/DelegatingOAuth2AuthorizedClientProviderTests.java
index ae155f6966..cd86c5d416 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/DelegatingOAuth2AuthorizedClientProviderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/DelegatingOAuth2AuthorizedClientProviderTests.java
@@ -61,10 +61,8 @@ public class DelegatingOAuth2AuthorizedClientProviderTests {
 		ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build();
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(clientRegistration, principal.getName(),
 				TestOAuth2AccessTokens.noScopes());
-
 		OAuth2AuthorizedClientProvider authorizedClientProvider = mock(OAuth2AuthorizedClientProvider.class);
 		given(authorizedClientProvider.authorize(any())).willReturn(authorizedClient);
-
 		DelegatingOAuth2AuthorizedClientProvider delegate = new DelegatingOAuth2AuthorizedClientProvider(
 				mock(OAuth2AuthorizedClientProvider.class), mock(OAuth2AuthorizedClientProvider.class),
 				authorizedClientProvider);
@@ -79,7 +77,6 @@ public class DelegatingOAuth2AuthorizedClientProviderTests {
 		ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build();
 		OAuth2AuthorizationContext context = OAuth2AuthorizationContext.withClientRegistration(clientRegistration)
 				.principal(new TestingAuthenticationToken("principal", "password")).build();
-
 		DelegatingOAuth2AuthorizedClientProvider delegate = new DelegatingOAuth2AuthorizedClientProvider(
 				mock(OAuth2AuthorizedClientProvider.class), mock(OAuth2AuthorizedClientProvider.class));
 		assertThat(delegate.authorize(context)).isNull();
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/DelegatingReactiveOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/DelegatingReactiveOAuth2AuthorizedClientProviderTests.java
index a9f81cf137..802465922c 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/DelegatingReactiveOAuth2AuthorizedClientProviderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/DelegatingReactiveOAuth2AuthorizedClientProviderTests.java
@@ -62,7 +62,6 @@ public class DelegatingReactiveOAuth2AuthorizedClientProviderTests {
 		ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build();
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(clientRegistration, principal.getName(),
 				TestOAuth2AccessTokens.noScopes());
-
 		ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider1 = mock(
 				ReactiveOAuth2AuthorizedClientProvider.class);
 		given(authorizedClientProvider1.authorize(any())).willReturn(Mono.empty());
@@ -72,7 +71,6 @@ public class DelegatingReactiveOAuth2AuthorizedClientProviderTests {
 		ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider3 = mock(
 				ReactiveOAuth2AuthorizedClientProvider.class);
 		given(authorizedClientProvider3.authorize(any())).willReturn(Mono.just(authorizedClient));
-
 		DelegatingReactiveOAuth2AuthorizedClientProvider delegate = new DelegatingReactiveOAuth2AuthorizedClientProvider(
 				authorizedClientProvider1, authorizedClientProvider2, authorizedClientProvider3);
 		OAuth2AuthorizationContext context = OAuth2AuthorizationContext.withClientRegistration(clientRegistration)
@@ -86,14 +84,12 @@ public class DelegatingReactiveOAuth2AuthorizedClientProviderTests {
 		ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build();
 		OAuth2AuthorizationContext context = OAuth2AuthorizationContext.withClientRegistration(clientRegistration)
 				.principal(new TestingAuthenticationToken("principal", "password")).build();
-
 		ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider1 = mock(
 				ReactiveOAuth2AuthorizedClientProvider.class);
 		given(authorizedClientProvider1.authorize(any())).willReturn(Mono.empty());
 		ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider2 = mock(
 				ReactiveOAuth2AuthorizedClientProvider.class);
 		given(authorizedClientProvider2.authorize(any())).willReturn(Mono.empty());
-
 		DelegatingReactiveOAuth2AuthorizedClientProvider delegate = new DelegatingReactiveOAuth2AuthorizedClientProvider(
 				authorizedClientProvider1, authorizedClientProvider2);
 		assertThat(delegate.authorize(context).block()).isNull();
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryOAuth2AuthorizedClientServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryOAuth2AuthorizedClientServiceTests.java
index d86f847cbf..17288536a1 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryOAuth2AuthorizedClientServiceTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryOAuth2AuthorizedClientServiceTests.java
@@ -73,13 +73,11 @@ public class InMemoryOAuth2AuthorizedClientServiceTests {
 	@Test
 	public void constructorWhenAuthorizedClientsProvidedThenUseProvidedAuthorizedClients() {
 		String registrationId = this.registration3.getRegistrationId();
-
 		Map<OAuth2AuthorizedClientId, OAuth2AuthorizedClient> authorizedClients = Collections.singletonMap(
 				new OAuth2AuthorizedClientId(this.registration3.getRegistrationId(), this.principalName1),
 				mock(OAuth2AuthorizedClient.class));
 		ClientRegistrationRepository clientRegistrationRepository = mock(ClientRegistrationRepository.class);
 		given(clientRegistrationRepository.findByRegistrationId(eq(registrationId))).willReturn(this.registration3);
-
 		InMemoryOAuth2AuthorizedClientService authorizedClientService = new InMemoryOAuth2AuthorizedClientService(
 				clientRegistrationRepository, authorizedClients);
 		assertThat((Object) authorizedClientService.loadAuthorizedClient(registrationId, this.principalName1))
@@ -114,11 +112,9 @@ public class InMemoryOAuth2AuthorizedClientServiceTests {
 	public void loadAuthorizedClientWhenClientRegistrationFoundAndAssociatedToPrincipalThenReturnAuthorizedClient() {
 		Authentication authentication = mock(Authentication.class);
 		given(authentication.getName()).willReturn(this.principalName1);
-
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration1, this.principalName1,
 				mock(OAuth2AccessToken.class));
 		this.authorizedClientService.saveAuthorizedClient(authorizedClient, authentication);
-
 		OAuth2AuthorizedClient loadedAuthorizedClient = this.authorizedClientService
 				.loadAuthorizedClient(this.registration1.getRegistrationId(), this.principalName1);
 		assertThat(loadedAuthorizedClient).isEqualTo(authorizedClient);
@@ -138,11 +134,9 @@ public class InMemoryOAuth2AuthorizedClientServiceTests {
 	public void saveAuthorizedClientWhenSavedThenCanLoad() {
 		Authentication authentication = mock(Authentication.class);
 		given(authentication.getName()).willReturn(this.principalName2);
-
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration3, this.principalName2,
 				mock(OAuth2AccessToken.class));
 		this.authorizedClientService.saveAuthorizedClient(authorizedClient, authentication);
-
 		OAuth2AuthorizedClient loadedAuthorizedClient = this.authorizedClientService
 				.loadAuthorizedClient(this.registration3.getRegistrationId(), this.principalName2);
 		assertThat(loadedAuthorizedClient).isEqualTo(authorizedClient);
@@ -162,18 +156,14 @@ public class InMemoryOAuth2AuthorizedClientServiceTests {
 	public void removeAuthorizedClientWhenSavedThenRemoved() {
 		Authentication authentication = mock(Authentication.class);
 		given(authentication.getName()).willReturn(this.principalName2);
-
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration2, this.principalName2,
 				mock(OAuth2AccessToken.class));
 		this.authorizedClientService.saveAuthorizedClient(authorizedClient, authentication);
-
 		OAuth2AuthorizedClient loadedAuthorizedClient = this.authorizedClientService
 				.loadAuthorizedClient(this.registration2.getRegistrationId(), this.principalName2);
 		assertThat(loadedAuthorizedClient).isNotNull();
-
 		this.authorizedClientService.removeAuthorizedClient(this.registration2.getRegistrationId(),
 				this.principalName2);
-
 		loadedAuthorizedClient = this.authorizedClientService
 				.loadAuthorizedClient(this.registration2.getRegistrationId(), this.principalName2);
 		assertThat(loadedAuthorizedClient).isNull();
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryReactiveOAuth2AuthorizedClientServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryReactiveOAuth2AuthorizedClientServiceTests.java
index d782405489..6855cd5846 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryReactiveOAuth2AuthorizedClientServiceTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryReactiveOAuth2AuthorizedClientServiceTests.java
@@ -139,7 +139,6 @@ public class InMemoryReactiveOAuth2AuthorizedClientServiceTests {
 		Mono<OAuth2AuthorizedClient> saveAndLoad = this.authorizedClientService
 				.saveAuthorizedClient(authorizedClient, this.principal)
 				.then(this.authorizedClientService.loadAuthorizedClient(this.clientRegistrationId, this.principalName));
-
 		StepVerifier.create(saveAndLoad).expectNext(authorizedClient).verifyComplete();
 	}
 
@@ -198,7 +197,6 @@ public class InMemoryReactiveOAuth2AuthorizedClientServiceTests {
 		Mono<Void> saveAndDeleteAndLoad = this.authorizedClientService
 				.saveAuthorizedClient(authorizedClient, this.principal).then(this.authorizedClientService
 						.removeAuthorizedClient(this.clientRegistrationId, this.principalName));
-
 		StepVerifier.create(saveAndDeleteAndLoad).verifyComplete();
 	}
 
@@ -213,7 +211,6 @@ public class InMemoryReactiveOAuth2AuthorizedClientServiceTests {
 				.then(this.authorizedClientService.removeAuthorizedClient(this.clientRegistrationId,
 						this.principalName))
 				.then(this.authorizedClientService.loadAuthorizedClient(this.clientRegistrationId, this.principalName));
-
 		StepVerifier.create(saveAndDeleteAndLoad).verifyComplete();
 	}
 
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/JdbcOAuth2AuthorizedClientServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/JdbcOAuth2AuthorizedClientServiceTests.java
index d2d2931620..49b7fbb3fa 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/JdbcOAuth2AuthorizedClientServiceTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/JdbcOAuth2AuthorizedClientServiceTests.java
@@ -150,12 +150,9 @@ public class JdbcOAuth2AuthorizedClientServiceTests {
 	public void loadAuthorizedClientWhenExistsThenReturnAuthorizedClient() {
 		Authentication principal = createPrincipal();
 		OAuth2AuthorizedClient expected = createAuthorizedClient(principal, this.clientRegistration);
-
 		this.authorizedClientService.saveAuthorizedClient(expected, principal);
-
 		OAuth2AuthorizedClient authorizedClient = this.authorizedClientService
 				.loadAuthorizedClient(this.clientRegistration.getRegistrationId(), principal.getName());
-
 		assertThat(authorizedClient).isNotNull();
 		assertThat(authorizedClient.getClientRegistration()).isEqualTo(expected.getClientRegistration());
 		assertThat(authorizedClient.getPrincipalName()).isEqualTo(expected.getPrincipalName());
@@ -179,9 +176,7 @@ public class JdbcOAuth2AuthorizedClientServiceTests {
 		given(this.clientRegistrationRepository.findByRegistrationId(any())).willReturn(null);
 		Authentication principal = createPrincipal();
 		OAuth2AuthorizedClient expected = createAuthorizedClient(principal, this.clientRegistration);
-
 		this.authorizedClientService.saveAuthorizedClient(expected, principal);
-
 		assertThatThrownBy(() -> this.authorizedClientService
 				.loadAuthorizedClient(this.clientRegistration.getRegistrationId(), principal.getName()))
 						.isInstanceOf(DataRetrievalFailureException.class)
@@ -192,7 +187,6 @@ public class JdbcOAuth2AuthorizedClientServiceTests {
 	@Test
 	public void saveAuthorizedClientWhenAuthorizedClientIsNullThenThrowIllegalArgumentException() {
 		Authentication principal = createPrincipal();
-
 		assertThatThrownBy(() -> this.authorizedClientService.saveAuthorizedClient(null, principal))
 				.isInstanceOf(IllegalArgumentException.class).hasMessage("authorizedClient cannot be null");
 	}
@@ -201,7 +195,6 @@ public class JdbcOAuth2AuthorizedClientServiceTests {
 	public void saveAuthorizedClientWhenPrincipalIsNullThenThrowIllegalArgumentException() {
 		Authentication principal = createPrincipal();
 		OAuth2AuthorizedClient authorizedClient = createAuthorizedClient(principal, this.clientRegistration);
-
 		assertThatThrownBy(() -> this.authorizedClientService.saveAuthorizedClient(authorizedClient, null))
 				.isInstanceOf(IllegalArgumentException.class).hasMessage("principal cannot be null");
 	}
@@ -210,12 +203,9 @@ public class JdbcOAuth2AuthorizedClientServiceTests {
 	public void saveAuthorizedClientWhenSaveThenLoadReturnsSaved() {
 		Authentication principal = createPrincipal();
 		OAuth2AuthorizedClient expected = createAuthorizedClient(principal, this.clientRegistration);
-
 		this.authorizedClientService.saveAuthorizedClient(expected, principal);
-
 		OAuth2AuthorizedClient authorizedClient = this.authorizedClientService
 				.loadAuthorizedClient(this.clientRegistration.getRegistrationId(), principal.getName());
-
 		assertThat(authorizedClient).isNotNull();
 		assertThat(authorizedClient.getClientRegistration()).isEqualTo(expected.getClientRegistration());
 		assertThat(authorizedClient.getPrincipalName()).isEqualTo(expected.getPrincipalName());
@@ -232,16 +222,12 @@ public class JdbcOAuth2AuthorizedClientServiceTests {
 				.isEqualTo(expected.getRefreshToken().getTokenValue());
 		assertThat(authorizedClient.getRefreshToken().getIssuedAt()).isCloseTo(expected.getRefreshToken().getIssuedAt(),
 				within(1, ChronoUnit.MILLIS));
-
 		// Test save/load of NOT NULL attributes only
 		principal = createPrincipal();
 		expected = createAuthorizedClient(principal, this.clientRegistration, true);
-
 		this.authorizedClientService.saveAuthorizedClient(expected, principal);
-
 		authorizedClient = this.authorizedClientService
 				.loadAuthorizedClient(this.clientRegistration.getRegistrationId(), principal.getName());
-
 		assertThat(authorizedClient).isNotNull();
 		assertThat(authorizedClient.getClientRegistration()).isEqualTo(expected.getClientRegistration());
 		assertThat(authorizedClient.getPrincipalName()).isEqualTo(expected.getPrincipalName());
@@ -263,15 +249,12 @@ public class JdbcOAuth2AuthorizedClientServiceTests {
 		Authentication principal = createPrincipal();
 		OAuth2AuthorizedClient authorizedClient = createAuthorizedClient(principal, this.clientRegistration);
 		this.authorizedClientService.saveAuthorizedClient(authorizedClient, principal);
-
 		// When a client with the same principal and registration id is saved
 		OAuth2AuthorizedClient updatedClient = createAuthorizedClient(principal, this.clientRegistration);
 		this.authorizedClientService.saveAuthorizedClient(updatedClient, principal);
-
 		// Then the saved client is updated
 		OAuth2AuthorizedClient savedClient = this.authorizedClientService
 				.loadAuthorizedClient(this.clientRegistration.getRegistrationId(), principal.getName());
-
 		assertThat(savedClient).isNotNull();
 		assertThat(savedClient.getClientRegistration()).isEqualTo(updatedClient.getClientRegistration());
 		assertThat(savedClient.getPrincipalName()).isEqualTo(updatedClient.getPrincipalName());
@@ -299,14 +282,11 @@ public class JdbcOAuth2AuthorizedClientServiceTests {
 		JdbcOAuth2AuthorizedClientService.OAuth2AuthorizedClientParametersMapper authorizedClientParametersMapper = spy(
 				new JdbcOAuth2AuthorizedClientService.OAuth2AuthorizedClientParametersMapper());
 		this.authorizedClientService.setAuthorizedClientParametersMapper(authorizedClientParametersMapper);
-
 		Authentication principal = createPrincipal();
 		OAuth2AuthorizedClient authorizedClient = createAuthorizedClient(principal, this.clientRegistration);
-
 		this.authorizedClientService.saveAuthorizedClient(authorizedClient, principal);
 		this.authorizedClientService.loadAuthorizedClient(this.clientRegistration.getRegistrationId(),
 				principal.getName());
-
 		verify(authorizedClientRowMapper).mapRow(any(), anyInt());
 		verify(authorizedClientParametersMapper).apply(any());
 	}
@@ -328,16 +308,12 @@ public class JdbcOAuth2AuthorizedClientServiceTests {
 	public void removeAuthorizedClientWhenExistsThenRemoved() {
 		Authentication principal = createPrincipal();
 		OAuth2AuthorizedClient authorizedClient = createAuthorizedClient(principal, this.clientRegistration);
-
 		this.authorizedClientService.saveAuthorizedClient(authorizedClient, principal);
-
 		authorizedClient = this.authorizedClientService
 				.loadAuthorizedClient(this.clientRegistration.getRegistrationId(), principal.getName());
 		assertThat(authorizedClient).isNotNull();
-
 		this.authorizedClientService.removeAuthorizedClient(this.clientRegistration.getRegistrationId(),
 				principal.getName());
-
 		authorizedClient = this.authorizedClientService
 				.loadAuthorizedClient(this.clientRegistration.getRegistrationId(), principal.getName());
 		assertThat(authorizedClient).isNull();
@@ -347,19 +323,14 @@ public class JdbcOAuth2AuthorizedClientServiceTests {
 	public void tableDefinitionWhenCustomThenAbleToOverride() {
 		CustomTableDefinitionJdbcOAuth2AuthorizedClientService customAuthorizedClientService = new CustomTableDefinitionJdbcOAuth2AuthorizedClientService(
 				new JdbcTemplate(createDb("custom-oauth2-client-schema.sql")), this.clientRegistrationRepository);
-
 		Authentication principal = createPrincipal();
 		OAuth2AuthorizedClient authorizedClient = createAuthorizedClient(principal, this.clientRegistration);
-
 		customAuthorizedClientService.saveAuthorizedClient(authorizedClient, principal);
-
 		authorizedClient = customAuthorizedClientService
 				.loadAuthorizedClient(this.clientRegistration.getRegistrationId(), principal.getName());
 		assertThat(authorizedClient).isNotNull();
-
 		customAuthorizedClientService.removeAuthorizedClient(this.clientRegistration.getRegistrationId(),
 				principal.getName());
-
 		authorizedClient = customAuthorizedClientService
 				.loadAuthorizedClient(this.clientRegistration.getRegistrationId(), principal.getName());
 		assertThat(authorizedClient).isNull();
@@ -473,7 +444,6 @@ public class JdbcOAuth2AuthorizedClientServiceTests {
 							"The ClientRegistration with id '" + clientRegistrationId + "' exists in the data source, "
 									+ "however, it was not found in the ClientRegistrationRepository.");
 				}
-
 				OAuth2AccessToken.TokenType tokenType = null;
 				if (OAuth2AccessToken.TokenType.BEARER.getValue().equalsIgnoreCase(rs.getString("accessTokenType"))) {
 					tokenType = OAuth2AccessToken.TokenType.BEARER;
@@ -488,7 +458,6 @@ public class JdbcOAuth2AuthorizedClientServiceTests {
 				}
 				OAuth2AccessToken accessToken = new OAuth2AccessToken(tokenType, tokenValue, issuedAt, expiresAt,
 						scopes);
-
 				OAuth2RefreshToken refreshToken = null;
 				byte[] refreshTokenValue = rs.getBytes("refreshTokenValue");
 				if (refreshTokenValue != null) {
@@ -500,9 +469,7 @@ public class JdbcOAuth2AuthorizedClientServiceTests {
 					}
 					refreshToken = new OAuth2RefreshToken(tokenValue, issuedAt);
 				}
-
 				String principalName = rs.getString("principalName");
-
 				return new OAuth2AuthorizedClient(clientRegistration, principalName, accessToken, refreshToken);
 			}
 
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizeRequestTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizeRequestTests.java
index 5d2d0c8418..cf348d52cd 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizeRequestTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizeRequestTests.java
@@ -78,7 +78,6 @@ public class OAuth2AuthorizeRequestTests {
 					attrs.put("name1", "value1");
 					attrs.put("name2", "value2");
 				}).build();
-
 		assertThat(authorizeRequest.getClientRegistrationId()).isEqualTo(this.clientRegistration.getRegistrationId());
 		assertThat(authorizeRequest.getAuthorizedClient()).isNull();
 		assertThat(authorizeRequest.getPrincipal()).isEqualTo(this.principal);
@@ -92,7 +91,6 @@ public class OAuth2AuthorizeRequestTests {
 					attrs.put("name1", "value1");
 					attrs.put("name2", "value2");
 				}).build();
-
 		assertThat(authorizeRequest.getClientRegistrationId())
 				.isEqualTo(this.authorizedClient.getClientRegistration().getRegistrationId());
 		assertThat(authorizeRequest.getAuthorizedClient()).isEqualTo(this.authorizedClient);
@@ -105,7 +103,6 @@ public class OAuth2AuthorizeRequestTests {
 		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
 				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal("principalName")
 				.build();
-
 		assertThat(authorizeRequest.getClientRegistrationId()).isEqualTo(this.clientRegistration.getRegistrationId());
 		assertThat(authorizeRequest.getAuthorizedClient()).isNull();
 		assertThat(authorizeRequest.getPrincipal().getName()).isEqualTo("principalName");
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientProviderBuilderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientProviderBuilderTests.java
index fae43f8872..c1639e420c 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientProviderBuilderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientProviderBuilderTests.java
@@ -90,7 +90,6 @@ public class OAuth2AuthorizedClientProviderBuilderTests {
 	public void buildWhenAuthorizationCodeProviderThenProviderAuthorizes() {
 		OAuth2AuthorizedClientProvider authorizedClientProvider = OAuth2AuthorizedClientProviderBuilder.builder()
 				.authorizationCode().build();
-
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
 				.withClientRegistration(TestClientRegistrations.clientRegistration().build()).principal(this.principal)
 				.build();
@@ -104,15 +103,12 @@ public class OAuth2AuthorizedClientProviderBuilderTests {
 				.refreshToken(
 						(configurer) -> configurer.accessTokenResponseClient(this.refreshTokenTokenResponseClient))
 				.build();
-
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(
 				TestClientRegistrations.clientRegistration().build(), this.principal.getName(), expiredAccessToken(),
 				TestOAuth2RefreshTokens.refreshToken());
-
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
 				.withAuthorizedClient(authorizedClient).principal(this.principal).build();
 		OAuth2AuthorizedClient reauthorizedClient = authorizedClientProvider.authorize(authorizationContext);
-
 		assertThat(reauthorizedClient).isNotNull();
 		verify(this.accessTokenClient).exchange(any(RequestEntity.class), eq(OAuth2AccessTokenResponse.class));
 	}
@@ -123,12 +119,10 @@ public class OAuth2AuthorizedClientProviderBuilderTests {
 				.clientCredentials(
 						(configurer) -> configurer.accessTokenResponseClient(this.clientCredentialsTokenResponseClient))
 				.build();
-
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
 				.withClientRegistration(TestClientRegistrations.clientCredentials().build()).principal(this.principal)
 				.build();
 		OAuth2AuthorizedClient authorizedClient = authorizedClientProvider.authorize(authorizationContext);
-
 		assertThat(authorizedClient).isNotNull();
 		verify(this.accessTokenClient).exchange(any(RequestEntity.class), eq(OAuth2AccessTokenResponse.class));
 	}
@@ -138,13 +132,11 @@ public class OAuth2AuthorizedClientProviderBuilderTests {
 		OAuth2AuthorizedClientProvider authorizedClientProvider = OAuth2AuthorizedClientProviderBuilder.builder()
 				.password((configurer) -> configurer.accessTokenResponseClient(this.passwordTokenResponseClient))
 				.build();
-
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
 				.withClientRegistration(TestClientRegistrations.password().build()).principal(this.principal)
 				.attribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, "username")
 				.attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, "password").build();
 		OAuth2AuthorizedClient authorizedClient = authorizedClientProvider.authorize(authorizationContext);
-
 		assertThat(authorizedClient).isNotNull();
 		verify(this.accessTokenClient).exchange(any(RequestEntity.class), eq(OAuth2AccessTokenResponse.class));
 	}
@@ -159,44 +151,35 @@ public class OAuth2AuthorizedClientProviderBuilderTests {
 						(configurer) -> configurer.accessTokenResponseClient(this.clientCredentialsTokenResponseClient))
 				.password((configurer) -> configurer.accessTokenResponseClient(this.passwordTokenResponseClient))
 				.build();
-
 		ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build();
-
 		// authorization_code
 		OAuth2AuthorizationContext authorizationCodeContext = OAuth2AuthorizationContext
 				.withClientRegistration(clientRegistration).principal(this.principal).build();
 		assertThatThrownBy(() -> authorizedClientProvider.authorize(authorizationCodeContext))
 				.isInstanceOf(ClientAuthorizationRequiredException.class);
-
 		// refresh_token
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(clientRegistration,
 				this.principal.getName(), expiredAccessToken(), TestOAuth2RefreshTokens.refreshToken());
-
 		OAuth2AuthorizationContext refreshTokenContext = OAuth2AuthorizationContext
 				.withAuthorizedClient(authorizedClient).principal(this.principal).build();
 		OAuth2AuthorizedClient reauthorizedClient = authorizedClientProvider.authorize(refreshTokenContext);
-
 		assertThat(reauthorizedClient).isNotNull();
 		verify(this.accessTokenClient, times(1)).exchange(any(RequestEntity.class),
 				eq(OAuth2AccessTokenResponse.class));
-
 		// client_credentials
 		OAuth2AuthorizationContext clientCredentialsContext = OAuth2AuthorizationContext
 				.withClientRegistration(TestClientRegistrations.clientCredentials().build()).principal(this.principal)
 				.build();
 		authorizedClient = authorizedClientProvider.authorize(clientCredentialsContext);
-
 		assertThat(authorizedClient).isNotNull();
 		verify(this.accessTokenClient, times(2)).exchange(any(RequestEntity.class),
 				eq(OAuth2AccessTokenResponse.class));
-
 		// password
 		OAuth2AuthorizationContext passwordContext = OAuth2AuthorizationContext
 				.withClientRegistration(TestClientRegistrations.password().build()).principal(this.principal)
 				.attribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, "username")
 				.attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, "password").build();
 		authorizedClient = authorizedClientProvider.authorize(passwordContext);
-
 		assertThat(authorizedClient).isNotNull();
 		verify(this.accessTokenClient, times(3)).exchange(any(RequestEntity.class),
 				eq(OAuth2AccessTokenResponse.class));
@@ -205,15 +188,12 @@ public class OAuth2AuthorizedClientProviderBuilderTests {
 	@Test
 	public void buildWhenCustomProviderThenProviderCalled() {
 		OAuth2AuthorizedClientProvider customProvider = mock(OAuth2AuthorizedClientProvider.class);
-
 		OAuth2AuthorizedClientProvider authorizedClientProvider = OAuth2AuthorizedClientProviderBuilder.builder()
 				.provider(customProvider).build();
-
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
 				.withClientRegistration(TestClientRegistrations.clientRegistration().build()).principal(this.principal)
 				.build();
 		authorizedClientProvider.authorize(authorizationContext);
-
 		verify(customProvider).authorize(any(OAuth2AuthorizationContext.class));
 	}
 
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientTests.java
index 8e5e4a8a9f..a91d541770 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientTests.java
@@ -65,7 +65,6 @@ public class OAuth2AuthorizedClientTests {
 	public void constructorWhenAllParametersProvidedAndValidThenCreated() {
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration,
 				this.principalName, this.accessToken);
-
 		assertThat(authorizedClient.getClientRegistration()).isEqualTo(this.clientRegistration);
 		assertThat(authorizedClient.getPrincipalName()).isEqualTo(this.principalName);
 		assertThat(authorizedClient.getAccessToken()).isEqualTo(this.accessToken);
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/PasswordOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/PasswordOAuth2AuthorizedClientProviderTests.java
index 3f74f56885..8ded488091 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/PasswordOAuth2AuthorizedClientProviderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/PasswordOAuth2AuthorizedClientProviderTests.java
@@ -96,7 +96,6 @@ public class PasswordOAuth2AuthorizedClientProviderTests {
 	@Test
 	public void authorizeWhenNotPasswordThenUnableToAuthorize() {
 		ClientRegistration clientRegistration = TestClientRegistrations.clientCredentials().build();
-
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
 				.withClientRegistration(clientRegistration).principal(this.principal).build();
 		assertThat(this.authorizedClientProvider.authorize(authorizationContext)).isNull();
@@ -124,13 +123,11 @@ public class PasswordOAuth2AuthorizedClientProviderTests {
 	public void authorizeWhenPasswordAndNotAuthorizedThenAuthorize() {
 		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build();
 		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse);
-
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
 				.withClientRegistration(this.clientRegistration).principal(this.principal)
 				.attribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, "username")
 				.attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, "password").build();
 		OAuth2AuthorizedClient authorizedClient = this.authorizedClientProvider.authorize(authorizationContext);
-
 		assertThat(authorizedClient.getClientRegistration()).isSameAs(this.clientRegistration);
 		assertThat(authorizedClient.getPrincipalName()).isEqualTo(this.principal.getName());
 		assertThat(authorizedClient.getAccessToken()).isEqualTo(accessTokenResponse.getAccessToken());
@@ -144,21 +141,17 @@ public class PasswordOAuth2AuthorizedClientProviderTests {
 				"access-token-expired", issuedAt, expiresAt);
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration,
 				this.principal.getName(), accessToken); // without refresh token
-
 		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build();
 		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse);
-
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
 				.withAuthorizedClient(authorizedClient)
 				.attribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, "username")
 				.attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, "password").principal(this.principal)
 				.build();
 		authorizedClient = this.authorizedClientProvider.authorize(authorizationContext);
-
 		assertThat(authorizedClient.getClientRegistration()).isSameAs(this.clientRegistration);
 		assertThat(authorizedClient.getPrincipalName()).isEqualTo(this.principal.getName());
 		assertThat(authorizedClient.getAccessToken()).isEqualTo(accessTokenResponse.getAccessToken());
-
 	}
 
 	@Test
@@ -171,7 +164,6 @@ public class PasswordOAuth2AuthorizedClientProviderTests {
 				this.principal.getName(), accessToken, TestOAuth2RefreshTokens.refreshToken()); // with
 																								// refresh
 																								// token
-
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
 				.withAuthorizedClient(authorizedClient)
 				.attribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, "username")
@@ -191,22 +183,17 @@ public class PasswordOAuth2AuthorizedClientProviderTests {
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration,
 				this.principal.getName(), expiresInOneMinAccessToken); // without refresh
 																		// token
-
 		// Shorten the lifespan of the access token by 90 seconds, which will ultimately
 		// force it to expire on the client
 		this.authorizedClientProvider.setClockSkew(Duration.ofSeconds(90));
-
 		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build();
 		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse);
-
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
 				.withAuthorizedClient(authorizedClient)
 				.attribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, "username")
 				.attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, "password").principal(this.principal)
 				.build();
-
 		OAuth2AuthorizedClient reauthorizedClient = this.authorizedClientProvider.authorize(authorizationContext);
-
 		assertThat(reauthorizedClient.getClientRegistration()).isSameAs(this.clientRegistration);
 		assertThat(reauthorizedClient.getPrincipalName()).isEqualTo(this.principal.getName());
 		assertThat(reauthorizedClient.getAccessToken()).isEqualTo(accessTokenResponse.getAccessToken());
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/PasswordReactiveOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/PasswordReactiveOAuth2AuthorizedClientProviderTests.java
index e1803063c8..53f11ad2db 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/PasswordReactiveOAuth2AuthorizedClientProviderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/PasswordReactiveOAuth2AuthorizedClientProviderTests.java
@@ -97,7 +97,6 @@ public class PasswordReactiveOAuth2AuthorizedClientProviderTests {
 	@Test
 	public void authorizeWhenNotPasswordThenUnableToAuthorize() {
 		ClientRegistration clientRegistration = TestClientRegistrations.clientCredentials().build();
-
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
 				.withClientRegistration(clientRegistration).principal(this.principal).build();
 		assertThat(this.authorizedClientProvider.authorize(authorizationContext).block()).isNull();
@@ -125,13 +124,11 @@ public class PasswordReactiveOAuth2AuthorizedClientProviderTests {
 	public void authorizeWhenPasswordAndNotAuthorizedThenAuthorize() {
 		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build();
 		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse));
-
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
 				.withClientRegistration(this.clientRegistration).principal(this.principal)
 				.attribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, "username")
 				.attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, "password").build();
 		OAuth2AuthorizedClient authorizedClient = this.authorizedClientProvider.authorize(authorizationContext).block();
-
 		assertThat(authorizedClient.getClientRegistration()).isSameAs(this.clientRegistration);
 		assertThat(authorizedClient.getPrincipalName()).isEqualTo(this.principal.getName());
 		assertThat(authorizedClient.getAccessToken()).isEqualTo(accessTokenResponse.getAccessToken());
@@ -145,21 +142,17 @@ public class PasswordReactiveOAuth2AuthorizedClientProviderTests {
 				"access-token-expired", issuedAt, expiresAt);
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration,
 				this.principal.getName(), accessToken); // without refresh token
-
 		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build();
 		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse));
-
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
 				.withAuthorizedClient(authorizedClient)
 				.attribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, "username")
 				.attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, "password").principal(this.principal)
 				.build();
 		authorizedClient = this.authorizedClientProvider.authorize(authorizationContext).block();
-
 		assertThat(authorizedClient.getClientRegistration()).isSameAs(this.clientRegistration);
 		assertThat(authorizedClient.getPrincipalName()).isEqualTo(this.principal.getName());
 		assertThat(authorizedClient.getAccessToken()).isEqualTo(accessTokenResponse.getAccessToken());
-
 	}
 
 	@Test
@@ -172,7 +165,6 @@ public class PasswordReactiveOAuth2AuthorizedClientProviderTests {
 				this.principal.getName(), accessToken, TestOAuth2RefreshTokens.refreshToken()); // with
 																								// refresh
 																								// token
-
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
 				.withAuthorizedClient(authorizedClient)
 				.attribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, "username")
@@ -192,23 +184,18 @@ public class PasswordReactiveOAuth2AuthorizedClientProviderTests {
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration,
 				this.principal.getName(), expiresInOneMinAccessToken); // without refresh
 																		// token
-
 		// Shorten the lifespan of the access token by 90 seconds, which will ultimately
 		// force it to expire on the client
 		this.authorizedClientProvider.setClockSkew(Duration.ofSeconds(90));
-
 		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build();
 		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse));
-
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
 				.withAuthorizedClient(authorizedClient)
 				.attribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, "username")
 				.attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, "password").principal(this.principal)
 				.build();
-
 		OAuth2AuthorizedClient reauthorizedClient = this.authorizedClientProvider.authorize(authorizationContext)
 				.block();
-
 		assertThat(reauthorizedClient.getClientRegistration()).isSameAs(this.clientRegistration);
 		assertThat(reauthorizedClient.getPrincipalName()).isEqualTo(this.principal.getName());
 		assertThat(reauthorizedClient.getAccessToken()).isEqualTo(accessTokenResponse.getAccessToken());
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientProviderBuilderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientProviderBuilderTests.java
index 12d2d4bb63..a43dba1211 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientProviderBuilderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientProviderBuilderTests.java
@@ -81,7 +81,6 @@ public class ReactiveOAuth2AuthorizedClientProviderBuilderTests {
 	public void buildWhenAuthorizationCodeProviderThenProviderAuthorizes() {
 		ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider = ReactiveOAuth2AuthorizedClientProviderBuilder
 				.builder().authorizationCode().build();
-
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
 				.withClientRegistration(this.clientRegistrationBuilder.build()).principal(this.principal).build();
 		assertThatThrownBy(() -> authorizedClientProvider.authorize(authorizationContext).block())
@@ -93,21 +92,15 @@ public class ReactiveOAuth2AuthorizedClientProviderBuilderTests {
 		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
 				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
-
 		ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider = ReactiveOAuth2AuthorizedClientProviderBuilder
 				.builder().refreshToken().build();
-
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistrationBuilder.build(),
 				this.principal.getName(), expiredAccessToken(), TestOAuth2RefreshTokens.refreshToken());
-
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
 				.withAuthorizedClient(authorizedClient).principal(this.principal).build();
 		OAuth2AuthorizedClient reauthorizedClient = authorizedClientProvider.authorize(authorizationContext).block();
-
 		assertThat(reauthorizedClient).isNotNull();
-
 		assertThat(this.server.getRequestCount()).isEqualTo(1);
-
 		RecordedRequest recordedRequest = this.server.takeRequest();
 		String formParameters = recordedRequest.getBody().readUtf8();
 		assertThat(formParameters).contains("grant_type=refresh_token");
@@ -118,20 +111,15 @@ public class ReactiveOAuth2AuthorizedClientProviderBuilderTests {
 		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
 				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
-
 		ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider = ReactiveOAuth2AuthorizedClientProviderBuilder
 				.builder().clientCredentials().build();
-
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
 				.withClientRegistration(this.clientRegistrationBuilder
 						.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS).build())
 				.principal(this.principal).build();
 		OAuth2AuthorizedClient authorizedClient = authorizedClientProvider.authorize(authorizationContext).block();
-
 		assertThat(authorizedClient).isNotNull();
-
 		assertThat(this.server.getRequestCount()).isEqualTo(1);
-
 		RecordedRequest recordedRequest = this.server.takeRequest();
 		String formParameters = recordedRequest.getBody().readUtf8();
 		assertThat(formParameters).contains("grant_type=client_credentials");
@@ -142,21 +130,16 @@ public class ReactiveOAuth2AuthorizedClientProviderBuilderTests {
 		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
 				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
-
 		ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider = ReactiveOAuth2AuthorizedClientProviderBuilder
 				.builder().password().build();
-
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
 				.withClientRegistration(
 						this.clientRegistrationBuilder.authorizationGrantType(AuthorizationGrantType.PASSWORD).build())
 				.principal(this.principal).attribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, "username")
 				.attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, "password").build();
 		OAuth2AuthorizedClient authorizedClient = authorizedClientProvider.authorize(authorizationContext).block();
-
 		assertThat(authorizedClient).isNotNull();
-
 		assertThat(this.server.getRequestCount()).isEqualTo(1);
-
 		RecordedRequest recordedRequest = this.server.takeRequest();
 		String formParameters = recordedRequest.getBody().readUtf8();
 		assertThat(formParameters).contains("grant_type=password");
@@ -169,47 +152,35 @@ public class ReactiveOAuth2AuthorizedClientProviderBuilderTests {
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
-
 		ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider = ReactiveOAuth2AuthorizedClientProviderBuilder
 				.builder().authorizationCode().refreshToken().clientCredentials().password().build();
-
 		// authorization_code
 		OAuth2AuthorizationContext authorizationCodeContext = OAuth2AuthorizationContext
 				.withClientRegistration(this.clientRegistrationBuilder.build()).principal(this.principal).build();
 		assertThatThrownBy(() -> authorizedClientProvider.authorize(authorizationCodeContext).block())
 				.isInstanceOf(ClientAuthorizationRequiredException.class);
-
 		// refresh_token
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistrationBuilder.build(),
 				this.principal.getName(), expiredAccessToken(), TestOAuth2RefreshTokens.refreshToken());
-
 		OAuth2AuthorizationContext refreshTokenContext = OAuth2AuthorizationContext
 				.withAuthorizedClient(authorizedClient).principal(this.principal).build();
 		OAuth2AuthorizedClient reauthorizedClient = authorizedClientProvider.authorize(refreshTokenContext).block();
-
 		assertThat(reauthorizedClient).isNotNull();
-
 		assertThat(this.server.getRequestCount()).isEqualTo(1);
-
 		RecordedRequest recordedRequest = this.server.takeRequest();
 		String formParameters = recordedRequest.getBody().readUtf8();
 		assertThat(formParameters).contains("grant_type=refresh_token");
-
 		// client_credentials
 		OAuth2AuthorizationContext clientCredentialsContext = OAuth2AuthorizationContext
 				.withClientRegistration(this.clientRegistrationBuilder
 						.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS).build())
 				.principal(this.principal).build();
 		authorizedClient = authorizedClientProvider.authorize(clientCredentialsContext).block();
-
 		assertThat(authorizedClient).isNotNull();
-
 		assertThat(this.server.getRequestCount()).isEqualTo(2);
-
 		recordedRequest = this.server.takeRequest();
 		formParameters = recordedRequest.getBody().readUtf8();
 		assertThat(formParameters).contains("grant_type=client_credentials");
-
 		// password
 		OAuth2AuthorizationContext passwordContext = OAuth2AuthorizationContext
 				.withClientRegistration(
@@ -217,11 +188,8 @@ public class ReactiveOAuth2AuthorizedClientProviderBuilderTests {
 				.principal(this.principal).attribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, "username")
 				.attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, "password").build();
 		authorizedClient = authorizedClientProvider.authorize(passwordContext).block();
-
 		assertThat(authorizedClient).isNotNull();
-
 		assertThat(this.server.getRequestCount()).isEqualTo(3);
-
 		recordedRequest = this.server.takeRequest();
 		formParameters = recordedRequest.getBody().readUtf8();
 		assertThat(formParameters).contains("grant_type=password");
@@ -231,14 +199,11 @@ public class ReactiveOAuth2AuthorizedClientProviderBuilderTests {
 	public void buildWhenCustomProviderThenProviderCalled() {
 		ReactiveOAuth2AuthorizedClientProvider customProvider = mock(ReactiveOAuth2AuthorizedClientProvider.class);
 		given(customProvider.authorize(any())).willReturn(Mono.empty());
-
 		ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider = ReactiveOAuth2AuthorizedClientProviderBuilder
 				.builder().provider(customProvider).build();
-
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
 				.withClientRegistration(this.clientRegistrationBuilder.build()).principal(this.principal).build();
 		authorizedClientProvider.authorize(authorizationContext).block();
-
 		verify(customProvider).authorize(any(OAuth2AuthorizationContext.class));
 	}
 
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/RefreshTokenOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/RefreshTokenOAuth2AuthorizedClientProviderTests.java
index e78a1d9898..ee63d83c36 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/RefreshTokenOAuth2AuthorizedClientProviderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/RefreshTokenOAuth2AuthorizedClientProviderTests.java
@@ -117,7 +117,6 @@ public class RefreshTokenOAuth2AuthorizedClientProviderTests {
 	public void authorizeWhenAuthorizedAndRefreshTokenIsNullThenUnableToReauthorize() {
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration,
 				this.principal.getName(), this.authorizedClient.getAccessToken());
-
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
 				.withAuthorizedClient(authorizedClient).principal(this.principal).build();
 		assertThat(this.authorizedClientProvider.authorize(authorizationContext)).isNull();
@@ -127,7 +126,6 @@ public class RefreshTokenOAuth2AuthorizedClientProviderTests {
 	public void authorizeWhenAuthorizedAndAccessTokenNotExpiredThenNotReauthorize() {
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration,
 				this.principal.getName(), TestOAuth2AccessTokens.noScopes(), this.authorizedClient.getRefreshToken());
-
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
 				.withAuthorizedClient(authorizedClient).principal(this.principal).build();
 		assertThat(this.authorizedClientProvider.authorize(authorizationContext)).isNull();
@@ -139,7 +137,6 @@ public class RefreshTokenOAuth2AuthorizedClientProviderTests {
 		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse()
 				.refreshToken("new-refresh-token").build();
 		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse);
-
 		Instant now = Instant.now();
 		Instant issuedAt = now.minus(Duration.ofMinutes(60));
 		Instant expiresAt = now.minus(Duration.ofMinutes(1));
@@ -147,16 +144,12 @@ public class RefreshTokenOAuth2AuthorizedClientProviderTests {
 				"access-token-1234", issuedAt, expiresAt);
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration,
 				this.principal.getName(), expiresInOneMinAccessToken, this.authorizedClient.getRefreshToken());
-
 		// Shorten the lifespan of the access token by 90 seconds, which will ultimately
 		// force it to expire on the client
 		this.authorizedClientProvider.setClockSkew(Duration.ofSeconds(90));
-
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
 				.withAuthorizedClient(authorizedClient).principal(this.principal).build();
-
 		OAuth2AuthorizedClient reauthorizedClient = this.authorizedClientProvider.authorize(authorizationContext);
-
 		assertThat(reauthorizedClient.getClientRegistration()).isSameAs(this.clientRegistration);
 		assertThat(reauthorizedClient.getPrincipalName()).isEqualTo(this.principal.getName());
 		assertThat(reauthorizedClient.getAccessToken()).isEqualTo(accessTokenResponse.getAccessToken());
@@ -168,12 +161,9 @@ public class RefreshTokenOAuth2AuthorizedClientProviderTests {
 		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse()
 				.refreshToken("new-refresh-token").build();
 		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse);
-
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
 				.withAuthorizedClient(this.authorizedClient).principal(this.principal).build();
-
 		OAuth2AuthorizedClient reauthorizedClient = this.authorizedClientProvider.authorize(authorizationContext);
-
 		assertThat(reauthorizedClient.getClientRegistration()).isSameAs(this.clientRegistration);
 		assertThat(reauthorizedClient.getPrincipalName()).isEqualTo(this.principal.getName());
 		assertThat(reauthorizedClient.getAccessToken()).isEqualTo(accessTokenResponse.getAccessToken());
@@ -185,14 +175,11 @@ public class RefreshTokenOAuth2AuthorizedClientProviderTests {
 		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse()
 				.refreshToken("new-refresh-token").build();
 		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse);
-
 		String[] requestScope = new String[] { "read", "write" };
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
 				.withAuthorizedClient(this.authorizedClient).principal(this.principal)
 				.attribute(OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME, requestScope).build();
-
 		this.authorizedClientProvider.authorize(authorizationContext);
-
 		ArgumentCaptor<OAuth2RefreshTokenGrantRequest> refreshTokenGrantRequestArgCaptor = ArgumentCaptor
 				.forClass(OAuth2RefreshTokenGrantRequest.class);
 		verify(this.accessTokenResponseClient).getTokenResponse(refreshTokenGrantRequestArgCaptor.capture());
@@ -206,7 +193,6 @@ public class RefreshTokenOAuth2AuthorizedClientProviderTests {
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
 				.withAuthorizedClient(this.authorizedClient).principal(this.principal)
 				.attribute(OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME, invalidRequestScope).build();
-
 		assertThatThrownBy(() -> this.authorizedClientProvider.authorize(authorizationContext))
 				.isInstanceOf(IllegalArgumentException.class)
 				.hasMessageStartingWith("The context attribute must be of type String[] '"
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/RefreshTokenReactiveOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/RefreshTokenReactiveOAuth2AuthorizedClientProviderTests.java
index 06f9e27527..07dcd2b7a1 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/RefreshTokenReactiveOAuth2AuthorizedClientProviderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/RefreshTokenReactiveOAuth2AuthorizedClientProviderTests.java
@@ -118,7 +118,6 @@ public class RefreshTokenReactiveOAuth2AuthorizedClientProviderTests {
 	public void authorizeWhenAuthorizedAndRefreshTokenIsNullThenUnableToReauthorize() {
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration,
 				this.principal.getName(), this.authorizedClient.getAccessToken());
-
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
 				.withAuthorizedClient(authorizedClient).principal(this.principal).build();
 		assertThat(this.authorizedClientProvider.authorize(authorizationContext).block()).isNull();
@@ -128,7 +127,6 @@ public class RefreshTokenReactiveOAuth2AuthorizedClientProviderTests {
 	public void authorizeWhenAuthorizedAndAccessTokenNotExpiredThenNotReauthorize() {
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration,
 				this.principal.getName(), TestOAuth2AccessTokens.noScopes(), this.authorizedClient.getRefreshToken());
-
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
 				.withAuthorizedClient(authorizedClient).principal(this.principal).build();
 		assertThat(this.authorizedClientProvider.authorize(authorizationContext).block()).isNull();
@@ -140,7 +138,6 @@ public class RefreshTokenReactiveOAuth2AuthorizedClientProviderTests {
 		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse()
 				.refreshToken("new-refresh-token").build();
 		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse));
-
 		Instant now = Instant.now();
 		Instant issuedAt = now.minus(Duration.ofMinutes(60));
 		Instant expiresAt = now.minus(Duration.ofMinutes(1));
@@ -148,17 +145,13 @@ public class RefreshTokenReactiveOAuth2AuthorizedClientProviderTests {
 				"access-token-1234", issuedAt, expiresAt);
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration,
 				this.principal.getName(), expiresInOneMinAccessToken, this.authorizedClient.getRefreshToken());
-
 		// Shorten the lifespan of the access token by 90 seconds, which will ultimately
 		// force it to expire on the client
 		this.authorizedClientProvider.setClockSkew(Duration.ofSeconds(90));
-
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
 				.withAuthorizedClient(authorizedClient).principal(this.principal).build();
-
 		OAuth2AuthorizedClient reauthorizedClient = this.authorizedClientProvider.authorize(authorizationContext)
 				.block();
-
 		assertThat(reauthorizedClient.getClientRegistration()).isSameAs(this.clientRegistration);
 		assertThat(reauthorizedClient.getPrincipalName()).isEqualTo(this.principal.getName());
 		assertThat(reauthorizedClient.getAccessToken()).isEqualTo(accessTokenResponse.getAccessToken());
@@ -170,13 +163,10 @@ public class RefreshTokenReactiveOAuth2AuthorizedClientProviderTests {
 		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse()
 				.refreshToken("new-refresh-token").build();
 		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse));
-
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
 				.withAuthorizedClient(this.authorizedClient).principal(this.principal).build();
-
 		OAuth2AuthorizedClient reauthorizedClient = this.authorizedClientProvider.authorize(authorizationContext)
 				.block();
-
 		assertThat(reauthorizedClient.getClientRegistration()).isSameAs(this.clientRegistration);
 		assertThat(reauthorizedClient.getPrincipalName()).isEqualTo(this.principal.getName());
 		assertThat(reauthorizedClient.getAccessToken()).isEqualTo(accessTokenResponse.getAccessToken());
@@ -188,14 +178,11 @@ public class RefreshTokenReactiveOAuth2AuthorizedClientProviderTests {
 		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse()
 				.refreshToken("new-refresh-token").build();
 		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse));
-
 		String[] requestScope = new String[] { "read", "write" };
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
 				.withAuthorizedClient(this.authorizedClient).principal(this.principal)
 				.attribute(OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME, requestScope).build();
-
 		this.authorizedClientProvider.authorize(authorizationContext).block();
-
 		ArgumentCaptor<OAuth2RefreshTokenGrantRequest> refreshTokenGrantRequestArgCaptor = ArgumentCaptor
 				.forClass(OAuth2RefreshTokenGrantRequest.class);
 		verify(this.accessTokenResponseClient).getTokenResponse(refreshTokenGrantRequestArgCaptor.capture());
@@ -209,7 +196,6 @@ public class RefreshTokenReactiveOAuth2AuthorizedClientProviderTests {
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
 				.withAuthorizedClient(this.authorizedClient).principal(this.principal)
 				.attribute(OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME, invalidRequestScope).build();
-
 		assertThatThrownBy(() -> this.authorizedClientProvider.authorize(authorizationContext).block())
 				.isInstanceOf(IllegalArgumentException.class)
 				.hasMessageStartingWith("The context attribute must be of type String[] '"
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthenticationTokenTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthenticationTokenTests.java
index a2dfa39428..c250c84f06 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthenticationTokenTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthenticationTokenTests.java
@@ -72,7 +72,6 @@ public class OAuth2AuthenticationTokenTests {
 	public void constructorWhenAllParametersProvidedAndValidThenCreated() {
 		OAuth2AuthenticationToken authentication = new OAuth2AuthenticationToken(this.principal, this.authorities,
 				this.authorizedClientRegistrationId);
-
 		assertThat(authentication.getPrincipal()).isEqualTo(this.principal);
 		assertThat(authentication.getCredentials()).isEqualTo("");
 		assertThat(authentication.getAuthorities()).isEqualTo(this.authorities);
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationProviderTests.java
index 3d82ba7717..251dbb8fc9 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationProviderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationProviderTests.java
@@ -84,7 +84,6 @@ public class OAuth2AuthorizationCodeAuthenticationProviderTests {
 				.errorCode(OAuth2ErrorCodes.INVALID_REQUEST).build();
 		OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(this.authorizationRequest,
 				authorizationResponse);
-
 		assertThatThrownBy(() -> this.authenticationProvider.authenticate(
 				new OAuth2AuthorizationCodeAuthenticationToken(this.clientRegistration, authorizationExchange)))
 						.isInstanceOf(OAuth2AuthorizationException.class)
@@ -97,7 +96,6 @@ public class OAuth2AuthorizationCodeAuthenticationProviderTests {
 				.build();
 		OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(this.authorizationRequest,
 				authorizationResponse);
-
 		assertThatThrownBy(() -> this.authenticationProvider.authenticate(
 				new OAuth2AuthorizationCodeAuthenticationToken(this.clientRegistration, authorizationExchange)))
 						.isInstanceOf(OAuth2AuthorizationException.class)
@@ -109,13 +107,11 @@ public class OAuth2AuthorizationCodeAuthenticationProviderTests {
 		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse()
 				.refreshToken("refresh").build();
 		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse);
-
 		OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(this.authorizationRequest,
 				TestOAuth2AuthorizationResponses.success().build());
 		OAuth2AuthorizationCodeAuthenticationToken authenticationResult = (OAuth2AuthorizationCodeAuthenticationToken) this.authenticationProvider
 				.authenticate(
 						new OAuth2AuthorizationCodeAuthenticationToken(this.clientRegistration, authorizationExchange));
-
 		assertThat(authenticationResult.isAuthenticated()).isTrue();
 		assertThat(authenticationResult.getPrincipal()).isEqualTo(this.clientRegistration.getClientId());
 		assertThat(authenticationResult.getCredentials())
@@ -133,18 +129,14 @@ public class OAuth2AuthorizationCodeAuthenticationProviderTests {
 		Map<String, Object> additionalParameters = new HashMap<>();
 		additionalParameters.put("param1", "value1");
 		additionalParameters.put("param2", "value2");
-
 		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse()
 				.additionalParameters(additionalParameters).build();
 		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse);
-
 		OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(this.authorizationRequest,
 				TestOAuth2AuthorizationResponses.success().build());
-
 		OAuth2AuthorizationCodeAuthenticationToken authentication = (OAuth2AuthorizationCodeAuthenticationToken) this.authenticationProvider
 				.authenticate(
 						new OAuth2AuthorizationCodeAuthenticationToken(this.clientRegistration, authorizationExchange));
-
 		assertThat(authentication.getAdditionalParameters())
 				.containsAllEntriesOf(accessTokenResponse.getAdditionalParameters());
 	}
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationTokenTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationTokenTests.java
index f3d4a0900e..c93b774a3c 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationTokenTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationTokenTests.java
@@ -69,7 +69,6 @@ public class OAuth2AuthorizationCodeAuthenticationTokenTests {
 	public void constructorAuthorizationRequestResponseWhenAllParametersProvidedAndValidThenCreated() {
 		OAuth2AuthorizationCodeAuthenticationToken authentication = new OAuth2AuthorizationCodeAuthenticationToken(
 				this.clientRegistration, this.authorizationExchange);
-
 		assertThat(authentication.getPrincipal()).isEqualTo(this.clientRegistration.getClientId());
 		assertThat(authentication.getCredentials())
 				.isEqualTo(this.authorizationExchange.getAuthorizationResponse().getCode());
@@ -103,7 +102,6 @@ public class OAuth2AuthorizationCodeAuthenticationTokenTests {
 	public void constructorTokenRequestResponseWhenAllParametersProvidedAndValidThenCreated() {
 		OAuth2AuthorizationCodeAuthenticationToken authentication = new OAuth2AuthorizationCodeAuthenticationToken(
 				this.clientRegistration, this.authorizationExchange, this.accessToken);
-
 		assertThat(authentication.getPrincipal()).isEqualTo(this.clientRegistration.getClientId());
 		assertThat(authentication.getCredentials()).isEqualTo(this.accessToken.getTokenValue());
 		assertThat(authentication.getAuthorities()).isEqualTo(Collections.emptyList());
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeReactiveAuthenticationManagerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeReactiveAuthenticationManagerTests.java
index 1e956bd75d..459ac5c5b9 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeReactiveAuthenticationManagerTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeReactiveAuthenticationManagerTests.java
@@ -82,18 +82,14 @@ public class OAuth2AuthorizationCodeReactiveAuthenticationManagerTests {
 	@Test
 	public void authenticateWhenValidThenSuccess() {
 		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(this.tokenResponse.build()));
-
 		OAuth2AuthorizationCodeAuthenticationToken result = authenticate();
-
 		assertThat(result).isNotNull();
 	}
 
 	@Test
 	public void authenticateWhenEmptyThenEmpty() {
 		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.empty());
-
 		OAuth2AuthorizationCodeAuthenticationToken result = authenticate();
-
 		assertThat(result).isNull();
 	}
 
@@ -101,7 +97,6 @@ public class OAuth2AuthorizationCodeReactiveAuthenticationManagerTests {
 	public void authenticateWhenOAuth2AuthorizationExceptionThenOAuth2AuthorizationException() {
 		given(this.accessTokenResponseClient.getTokenResponse(any()))
 				.willReturn(Mono.error(() -> new OAuth2AuthorizationException(new OAuth2Error("error"))));
-
 		assertThatCode(() -> authenticate()).isInstanceOf(OAuth2AuthorizationException.class);
 	}
 
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProviderTests.java
index 7833f2ab05..9d25859dfa 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProviderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProviderTests.java
@@ -125,10 +125,8 @@ public class OAuth2LoginAuthenticationProviderTests {
 				.build();
 		OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(authorizationRequest,
 				this.authorizationResponse);
-
 		OAuth2LoginAuthenticationToken authentication = (OAuth2LoginAuthenticationToken) this.authenticationProvider
 				.authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, authorizationExchange));
-
 		assertThat(authentication).isNull();
 	}
 
@@ -136,12 +134,10 @@ public class OAuth2LoginAuthenticationProviderTests {
 	public void authenticateWhenAuthorizationErrorResponseThenThrowOAuth2AuthenticationException() {
 		this.exception.expect(OAuth2AuthenticationException.class);
 		this.exception.expectMessage(containsString(OAuth2ErrorCodes.INVALID_REQUEST));
-
 		OAuth2AuthorizationResponse authorizationResponse = TestOAuth2AuthorizationResponses.error()
 				.errorCode(OAuth2ErrorCodes.INVALID_REQUEST).build();
 		OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(this.authorizationRequest,
 				authorizationResponse);
-
 		this.authenticationProvider
 				.authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, authorizationExchange));
 	}
@@ -150,12 +146,10 @@ public class OAuth2LoginAuthenticationProviderTests {
 	public void authenticateWhenAuthorizationResponseStateNotEqualAuthorizationRequestStateThenThrowOAuth2AuthenticationException() {
 		this.exception.expect(OAuth2AuthenticationException.class);
 		this.exception.expectMessage(containsString("invalid_state_parameter"));
-
 		OAuth2AuthorizationResponse authorizationResponse = TestOAuth2AuthorizationResponses.success().state("67890")
 				.build();
 		OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(this.authorizationRequest,
 				authorizationResponse);
-
 		this.authenticationProvider
 				.authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, authorizationExchange));
 	}
@@ -164,15 +158,12 @@ public class OAuth2LoginAuthenticationProviderTests {
 	public void authenticateWhenLoginSuccessThenReturnAuthentication() {
 		OAuth2AccessTokenResponse accessTokenResponse = this.accessTokenSuccessResponse();
 		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse);
-
 		OAuth2User principal = mock(OAuth2User.class);
 		List<GrantedAuthority> authorities = AuthorityUtils.createAuthorityList("ROLE_USER");
 		given(principal.getAuthorities()).willAnswer((Answer<List<GrantedAuthority>>) (invocation) -> authorities);
 		given(this.userService.loadUser(any())).willReturn(principal);
-
 		OAuth2LoginAuthenticationToken authentication = (OAuth2LoginAuthenticationToken) this.authenticationProvider
 				.authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, this.authorizationExchange));
-
 		assertThat(authentication.isAuthenticated()).isTrue();
 		assertThat(authentication.getPrincipal()).isEqualTo(principal);
 		assertThat(authentication.getCredentials()).isEqualTo("");
@@ -187,21 +178,17 @@ public class OAuth2LoginAuthenticationProviderTests {
 	public void authenticateWhenAuthoritiesMapperSetThenReturnMappedAuthorities() {
 		OAuth2AccessTokenResponse accessTokenResponse = this.accessTokenSuccessResponse();
 		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse);
-
 		OAuth2User principal = mock(OAuth2User.class);
 		List<GrantedAuthority> authorities = AuthorityUtils.createAuthorityList("ROLE_USER");
 		given(principal.getAuthorities()).willAnswer((Answer<List<GrantedAuthority>>) (invocation) -> authorities);
 		given(this.userService.loadUser(any())).willReturn(principal);
-
 		List<GrantedAuthority> mappedAuthorities = AuthorityUtils.createAuthorityList("ROLE_OAUTH2_USER");
 		GrantedAuthoritiesMapper authoritiesMapper = mock(GrantedAuthoritiesMapper.class);
 		given(authoritiesMapper.mapAuthorities(anyCollection()))
 				.willAnswer((Answer<List<GrantedAuthority>>) (invocation) -> mappedAuthorities);
 		this.authenticationProvider.setAuthoritiesMapper(authoritiesMapper);
-
 		OAuth2LoginAuthenticationToken authentication = (OAuth2LoginAuthenticationToken) this.authenticationProvider
 				.authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, this.authorizationExchange));
-
 		assertThat(authentication.getAuthorities()).isEqualTo(mappedAuthorities);
 	}
 
@@ -210,16 +197,13 @@ public class OAuth2LoginAuthenticationProviderTests {
 	public void authenticateWhenTokenSuccessResponseThenAdditionalParametersAddedToUserRequest() {
 		OAuth2AccessTokenResponse accessTokenResponse = this.accessTokenSuccessResponse();
 		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse);
-
 		OAuth2User principal = mock(OAuth2User.class);
 		List<GrantedAuthority> authorities = AuthorityUtils.createAuthorityList("ROLE_USER");
 		given(principal.getAuthorities()).willAnswer((Answer<List<GrantedAuthority>>) (invocation) -> authorities);
 		ArgumentCaptor<OAuth2UserRequest> userRequestArgCaptor = ArgumentCaptor.forClass(OAuth2UserRequest.class);
 		given(this.userService.loadUser(userRequestArgCaptor.capture())).willReturn(principal);
-
 		this.authenticationProvider
 				.authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, this.authorizationExchange));
-
 		assertThat(userRequestArgCaptor.getValue().getAdditionalParameters())
 				.containsAllEntriesOf(accessTokenResponse.getAdditionalParameters());
 	}
@@ -230,11 +214,9 @@ public class OAuth2LoginAuthenticationProviderTests {
 		Map<String, Object> additionalParameters = new HashMap<>();
 		additionalParameters.put("param1", "value1");
 		additionalParameters.put("param2", "value2");
-
 		return OAuth2AccessTokenResponse.withToken("access-token-1234").tokenType(OAuth2AccessToken.TokenType.BEARER)
 				.expiresIn(expiresAt.getEpochSecond()).scopes(scopes).refreshToken("refresh-token-1234")
 				.additionalParameters(additionalParameters).build();
-
 	}
 
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationTokenTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationTokenTests.java
index 8a50f56c84..cb83eef68b 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationTokenTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationTokenTests.java
@@ -76,7 +76,6 @@ public class OAuth2LoginAuthenticationTokenTests {
 	public void constructorAuthorizationRequestResponseWhenAllParametersProvidedAndValidThenCreated() {
 		OAuth2LoginAuthenticationToken authentication = new OAuth2LoginAuthenticationToken(this.clientRegistration,
 				this.authorizationExchange);
-
 		assertThat(authentication.getPrincipal()).isNull();
 		assertThat(authentication.getCredentials()).isEqualTo("");
 		assertThat(authentication.getAuthorities()).isEqualTo(Collections.emptyList());
@@ -126,7 +125,6 @@ public class OAuth2LoginAuthenticationTokenTests {
 	public void constructorTokenRequestResponseWhenAllParametersProvidedAndValidThenCreated() {
 		OAuth2LoginAuthenticationToken authentication = new OAuth2LoginAuthenticationToken(this.clientRegistration,
 				this.authorizationExchange, this.principal, this.authorities, this.accessToken);
-
 		assertThat(authentication.getPrincipal()).isEqualTo(this.principal);
 		assertThat(authentication.getCredentials()).isEqualTo("");
 		assertThat(authentication.getAuthorities()).isEqualTo(this.authorities);
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginReactiveAuthenticationManagerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginReactiveAuthenticationManagerTests.java
index 977feff17d..9309ba2db3 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginReactiveAuthenticationManagerTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginReactiveAuthenticationManagerTests.java
@@ -113,9 +113,7 @@ public class OAuth2LoginReactiveAuthenticationManagerTests {
 		// we didn't do anything because it should cause a ClassCastException (as verified
 		// below)
 		TestingAuthenticationToken token = new TestingAuthenticationToken("a", "b");
-
 		assertThatCode(() -> this.manager.authenticate(token)).doesNotThrowAnyException();
-
 		assertThatThrownBy(() -> this.manager.authenticate(token).block()).isInstanceOf(Throwable.class);
 	}
 
@@ -157,10 +155,8 @@ public class OAuth2LoginReactiveAuthenticationManagerTests {
 		DefaultOAuth2User user = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("ROLE_USER"),
 				Collections.singletonMap("user", "rob"), "user");
 		given(this.userService.loadUser(any())).willReturn(Mono.just(user));
-
 		OAuth2LoginAuthenticationToken result = (OAuth2LoginAuthenticationToken) this.manager.authenticate(loginToken())
 				.block();
-
 		assertThat(result.getPrincipal()).isEqualTo(user);
 		assertThat(result.getAuthorities()).containsOnlyElementsOf(user.getAuthorities());
 		assertThat(result.isAuthenticated()).isTrue();
@@ -179,9 +175,7 @@ public class OAuth2LoginReactiveAuthenticationManagerTests {
 				Collections.singletonMap("user", "rob"), "user");
 		ArgumentCaptor<OAuth2UserRequest> userRequestArgCaptor = ArgumentCaptor.forClass(OAuth2UserRequest.class);
 		given(this.userService.loadUser(userRequestArgCaptor.capture())).willReturn(Mono.just(user));
-
 		this.manager.authenticate(loginToken()).block();
-
 		assertThat(userRequestArgCaptor.getValue().getAdditionalParameters())
 				.containsAllEntriesOf(accessTokenResponse.getAdditionalParameters());
 	}
@@ -199,10 +193,8 @@ public class OAuth2LoginReactiveAuthenticationManagerTests {
 		given(authoritiesMapper.mapAuthorities(anyCollection()))
 				.willAnswer((Answer<List<GrantedAuthority>>) (invocation) -> mappedAuthorities);
 		this.manager.setAuthoritiesMapper(authoritiesMapper);
-
 		OAuth2LoginAuthenticationToken result = (OAuth2LoginAuthenticationToken) this.manager.authenticate(loginToken())
 				.block();
-
 		assertThat(result.getAuthorities()).isEqualTo(mappedAuthorities);
 	}
 
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultAuthorizationCodeTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultAuthorizationCodeTokenResponseClientTests.java
index 458ab5ab3e..9338e165b5 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultAuthorizationCodeTokenResponseClientTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultAuthorizationCodeTokenResponseClientTests.java
@@ -98,25 +98,19 @@ public class DefaultAuthorizationCodeTokenResponseClientTests {
 				+ "   \"custom_parameter_1\": \"custom-value-1\",\n" + "   \"custom_parameter_2\": \"custom-value-2\"\n"
 				+ "}\n";
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
-
 		Instant expiresAtBefore = Instant.now().plusSeconds(3600);
-
 		OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient
 				.getTokenResponse(this.authorizationCodeGrantRequest());
-
 		Instant expiresAtAfter = Instant.now().plusSeconds(3600);
-
 		RecordedRequest recordedRequest = this.server.takeRequest();
 		assertThat(recordedRequest.getMethod()).isEqualTo(HttpMethod.POST.toString());
 		assertThat(recordedRequest.getHeader(HttpHeaders.ACCEPT)).isEqualTo(MediaType.APPLICATION_JSON_UTF8_VALUE);
 		assertThat(recordedRequest.getHeader(HttpHeaders.CONTENT_TYPE))
 				.isEqualTo(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8");
-
 		String formParameters = recordedRequest.getBody().readUtf8();
 		assertThat(formParameters).contains("grant_type=authorization_code");
 		assertThat(formParameters).contains("code=code-1234");
 		assertThat(formParameters).contains("redirect_uri=https%3A%2F%2Fclient.com%2Fcallback%2Fclient-1");
-
 		assertThat(accessTokenResponse.getAccessToken().getTokenValue()).isEqualTo("access-token-1234");
 		assertThat(accessTokenResponse.getAccessToken().getTokenType()).isEqualTo(OAuth2AccessToken.TokenType.BEARER);
 		assertThat(accessTokenResponse.getAccessToken().getExpiresAt()).isBetween(expiresAtBefore, expiresAtAfter);
@@ -132,9 +126,7 @@ public class DefaultAuthorizationCodeTokenResponseClientTests {
 		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
 				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
-
 		this.tokenResponseClient.getTokenResponse(this.authorizationCodeGrantRequest());
-
 		RecordedRequest recordedRequest = this.server.takeRequest();
 		assertThat(recordedRequest.getHeader(HttpHeaders.AUTHORIZATION)).startsWith("Basic ");
 	}
@@ -144,15 +136,11 @@ public class DefaultAuthorizationCodeTokenResponseClientTests {
 		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
 				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
-
 		ClientRegistration clientRegistration = this.from(this.clientRegistration)
 				.clientAuthenticationMethod(ClientAuthenticationMethod.POST).build();
-
 		this.tokenResponseClient.getTokenResponse(this.authorizationCodeGrantRequest(clientRegistration));
-
 		RecordedRequest recordedRequest = this.server.takeRequest();
 		assertThat(recordedRequest.getHeader(HttpHeaders.AUTHORIZATION)).isNull();
-
 		String formParameters = recordedRequest.getBody().readUtf8();
 		assertThat(formParameters).contains("client_id=client-1");
 		assertThat(formParameters).contains("client_secret=secret");
@@ -163,7 +151,6 @@ public class DefaultAuthorizationCodeTokenResponseClientTests {
 		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
 				+ "   \"token_type\": \"not-bearer\",\n" + "   \"expires_in\": \"3600\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
-
 		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(this.authorizationCodeGrantRequest()))
 				.isInstanceOf(OAuth2AuthorizationException.class)
 				.hasMessageContaining(
@@ -175,7 +162,6 @@ public class DefaultAuthorizationCodeTokenResponseClientTests {
 	public void getTokenResponseWhenSuccessResponseAndMissingTokenTypeParameterThenThrowOAuth2AuthorizationException() {
 		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
-
 		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(this.authorizationCodeGrantRequest()))
 				.isInstanceOf(OAuth2AuthorizationException.class)
 				.hasMessageContaining(
@@ -189,10 +175,8 @@ public class DefaultAuthorizationCodeTokenResponseClientTests {
 				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\",\n"
 				+ "   \"refresh_token\": \"refresh-token-1234\",\n" + "   \"scope\": \"read\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
-
 		OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient
 				.getTokenResponse(this.authorizationCodeGrantRequest());
-
 		assertThat(accessTokenResponse.getAccessToken().getScopes()).containsExactly("read");
 	}
 
@@ -202,10 +186,8 @@ public class DefaultAuthorizationCodeTokenResponseClientTests {
 				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\",\n"
 				+ "   \"refresh_token\": \"refresh-token-1234\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
-
 		OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient
 				.getTokenResponse(this.authorizationCodeGrantRequest());
-
 		assertThat(accessTokenResponse.getAccessToken().getScopes()).containsExactly("read", "write");
 	}
 
@@ -213,7 +195,6 @@ public class DefaultAuthorizationCodeTokenResponseClientTests {
 	public void getTokenResponseWhenTokenUriInvalidThenThrowOAuth2AuthorizationException() {
 		String invalidTokenUri = "https://invalid-provider.com/oauth2/token";
 		ClientRegistration clientRegistration = this.from(this.clientRegistration).tokenUri(invalidTokenUri).build();
-
 		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(this.authorizationCodeGrantRequest(
 				clientRegistration))).isInstanceOf(OAuth2AuthorizationException.class).hasMessageContaining(
 						"[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response");
@@ -228,7 +209,6 @@ public class DefaultAuthorizationCodeTokenResponseClientTests {
 				+ "   \"custom_parameter_2\": \"custom-value-2\"\n";
 		// "}\n"; // Make the JSON invalid/malformed
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
-
 		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(this.authorizationCodeGrantRequest()))
 				.isInstanceOf(OAuth2AuthorizationException.class).hasMessageContaining(
 						"[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response");
@@ -238,7 +218,6 @@ public class DefaultAuthorizationCodeTokenResponseClientTests {
 	public void getTokenResponseWhenErrorResponseThenThrowOAuth2AuthorizationException() {
 		String accessTokenErrorResponse = "{\n" + "   \"error\": \"unauthorized_client\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(accessTokenErrorResponse).setResponseCode(400));
-
 		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(this.authorizationCodeGrantRequest()))
 				.isInstanceOf(OAuth2AuthorizationException.class).hasMessageContaining("[unauthorized_client]");
 	}
@@ -246,7 +225,6 @@ public class DefaultAuthorizationCodeTokenResponseClientTests {
 	@Test
 	public void getTokenResponseWhenServerErrorResponseThenThrowOAuth2AuthorizationException() {
 		this.server.enqueue(new MockResponse().setResponseCode(500));
-
 		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(this.authorizationCodeGrantRequest()))
 				.isInstanceOf(OAuth2AuthorizationException.class).hasMessageContaining(
 						"[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response");
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultClientCredentialsTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultClientCredentialsTokenResponseClientTests.java
index e7c0cfd370..a7e28cf954 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultClientCredentialsTokenResponseClientTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultClientCredentialsTokenResponseClientTests.java
@@ -92,27 +92,20 @@ public class DefaultClientCredentialsTokenResponseClientTests {
 				+ "   \"scope\": \"read write\",\n" + "   \"custom_parameter_1\": \"custom-value-1\",\n"
 				+ "   \"custom_parameter_2\": \"custom-value-2\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
-
 		Instant expiresAtBefore = Instant.now().plusSeconds(3600);
-
 		OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest = new OAuth2ClientCredentialsGrantRequest(
 				this.clientRegistration);
-
 		OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient
 				.getTokenResponse(clientCredentialsGrantRequest);
-
 		Instant expiresAtAfter = Instant.now().plusSeconds(3600);
-
 		RecordedRequest recordedRequest = this.server.takeRequest();
 		assertThat(recordedRequest.getMethod()).isEqualTo(HttpMethod.POST.toString());
 		assertThat(recordedRequest.getHeader(HttpHeaders.ACCEPT)).isEqualTo(MediaType.APPLICATION_JSON_UTF8_VALUE);
 		assertThat(recordedRequest.getHeader(HttpHeaders.CONTENT_TYPE))
 				.isEqualTo(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8");
-
 		String formParameters = recordedRequest.getBody().readUtf8();
 		assertThat(formParameters).contains("grant_type=client_credentials");
 		assertThat(formParameters).contains("scope=read+write");
-
 		assertThat(accessTokenResponse.getAccessToken().getTokenValue()).isEqualTo("access-token-1234");
 		assertThat(accessTokenResponse.getAccessToken().getTokenType()).isEqualTo(OAuth2AccessToken.TokenType.BEARER);
 		assertThat(accessTokenResponse.getAccessToken().getExpiresAt()).isBetween(expiresAtBefore, expiresAtAfter);
@@ -128,12 +121,9 @@ public class DefaultClientCredentialsTokenResponseClientTests {
 		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
 				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
-
 		OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest = new OAuth2ClientCredentialsGrantRequest(
 				this.clientRegistration);
-
 		this.tokenResponseClient.getTokenResponse(clientCredentialsGrantRequest);
-
 		RecordedRequest recordedRequest = this.server.takeRequest();
 		assertThat(recordedRequest.getHeader(HttpHeaders.AUTHORIZATION)).startsWith("Basic ");
 	}
@@ -143,18 +133,13 @@ public class DefaultClientCredentialsTokenResponseClientTests {
 		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
 				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
-
 		ClientRegistration clientRegistration = this.from(this.clientRegistration)
 				.clientAuthenticationMethod(ClientAuthenticationMethod.POST).build();
-
 		OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest = new OAuth2ClientCredentialsGrantRequest(
 				clientRegistration);
-
 		this.tokenResponseClient.getTokenResponse(clientCredentialsGrantRequest);
-
 		RecordedRequest recordedRequest = this.server.takeRequest();
 		assertThat(recordedRequest.getHeader(HttpHeaders.AUTHORIZATION)).isNull();
-
 		String formParameters = recordedRequest.getBody().readUtf8();
 		assertThat(formParameters).contains("client_id=client-1");
 		assertThat(formParameters).contains("client_secret=secret");
@@ -165,10 +150,8 @@ public class DefaultClientCredentialsTokenResponseClientTests {
 		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
 				+ "   \"token_type\": \"not-bearer\",\n" + "   \"expires_in\": \"3600\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
-
 		OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest = new OAuth2ClientCredentialsGrantRequest(
 				this.clientRegistration);
-
 		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(clientCredentialsGrantRequest))
 				.isInstanceOf(OAuth2AuthorizationException.class)
 				.hasMessageContaining(
@@ -180,10 +163,8 @@ public class DefaultClientCredentialsTokenResponseClientTests {
 	public void getTokenResponseWhenSuccessResponseAndMissingTokenTypeParameterThenThrowOAuth2AuthorizationException() {
 		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
-
 		OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest = new OAuth2ClientCredentialsGrantRequest(
 				this.clientRegistration);
-
 		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(clientCredentialsGrantRequest))
 				.isInstanceOf(OAuth2AuthorizationException.class)
 				.hasMessageContaining(
@@ -197,13 +178,10 @@ public class DefaultClientCredentialsTokenResponseClientTests {
 				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\",\n" + "   \"scope\": \"read\"\n"
 				+ "}\n";
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
-
 		OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest = new OAuth2ClientCredentialsGrantRequest(
 				this.clientRegistration);
-
 		OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient
 				.getTokenResponse(clientCredentialsGrantRequest);
-
 		assertThat(accessTokenResponse.getAccessToken().getScopes()).containsExactly("read");
 	}
 
@@ -212,13 +190,10 @@ public class DefaultClientCredentialsTokenResponseClientTests {
 		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
 				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
-
 		OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest = new OAuth2ClientCredentialsGrantRequest(
 				this.clientRegistration);
-
 		OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient
 				.getTokenResponse(clientCredentialsGrantRequest);
-
 		assertThat(accessTokenResponse.getAccessToken().getScopes()).containsExactly("read", "write");
 	}
 
@@ -226,10 +201,8 @@ public class DefaultClientCredentialsTokenResponseClientTests {
 	public void getTokenResponseWhenTokenUriInvalidThenThrowOAuth2AuthorizationException() {
 		String invalidTokenUri = "https://invalid-provider.com/oauth2/token";
 		ClientRegistration clientRegistration = this.from(this.clientRegistration).tokenUri(invalidTokenUri).build();
-
 		OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest = new OAuth2ClientCredentialsGrantRequest(
 				clientRegistration);
-
 		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(clientCredentialsGrantRequest))
 				.isInstanceOf(OAuth2AuthorizationException.class).hasMessageContaining(
 						"[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response");
@@ -243,10 +216,8 @@ public class DefaultClientCredentialsTokenResponseClientTests {
 				+ "   \"custom_parameter_2\": \"custom-value-2\"\n";
 		// "}\n"; // Make the JSON invalid/malformed
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
-
 		OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest = new OAuth2ClientCredentialsGrantRequest(
 				this.clientRegistration);
-
 		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(clientCredentialsGrantRequest))
 				.isInstanceOf(OAuth2AuthorizationException.class).hasMessageContaining(
 						"[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response");
@@ -256,10 +227,8 @@ public class DefaultClientCredentialsTokenResponseClientTests {
 	public void getTokenResponseWhenErrorResponseThenThrowOAuth2AuthorizationException() {
 		String accessTokenErrorResponse = "{\n" + "   \"error\": \"unauthorized_client\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(accessTokenErrorResponse).setResponseCode(400));
-
 		OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest = new OAuth2ClientCredentialsGrantRequest(
 				this.clientRegistration);
-
 		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(clientCredentialsGrantRequest))
 				.isInstanceOf(OAuth2AuthorizationException.class).hasMessageContaining("[unauthorized_client]");
 	}
@@ -267,10 +236,8 @@ public class DefaultClientCredentialsTokenResponseClientTests {
 	@Test
 	public void getTokenResponseWhenServerErrorResponseThenThrowOAuth2AuthorizationException() {
 		this.server.enqueue(new MockResponse().setResponseCode(500));
-
 		OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest = new OAuth2ClientCredentialsGrantRequest(
 				this.clientRegistration);
-
 		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(clientCredentialsGrantRequest))
 				.isInstanceOf(OAuth2AuthorizationException.class).hasMessageContaining(
 						"[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response");
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultPasswordTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultPasswordTokenResponseClientTests.java
index 0f24023a2e..31e196cf00 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultPasswordTokenResponseClientTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultPasswordTokenResponseClientTests.java
@@ -93,29 +93,22 @@ public class DefaultPasswordTokenResponseClientTests {
 		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
 				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
-
 		Instant expiresAtBefore = Instant.now().plusSeconds(3600);
-
 		ClientRegistration clientRegistration = this.clientRegistrationBuilder.build();
 		OAuth2PasswordGrantRequest passwordGrantRequest = new OAuth2PasswordGrantRequest(clientRegistration,
 				this.username, this.password);
-
 		OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient.getTokenResponse(passwordGrantRequest);
-
 		Instant expiresAtAfter = Instant.now().plusSeconds(3600);
-
 		RecordedRequest recordedRequest = this.server.takeRequest();
 		assertThat(recordedRequest.getMethod()).isEqualTo(HttpMethod.POST.toString());
 		assertThat(recordedRequest.getHeader(HttpHeaders.ACCEPT)).isEqualTo(MediaType.APPLICATION_JSON_UTF8_VALUE);
 		assertThat(recordedRequest.getHeader(HttpHeaders.CONTENT_TYPE))
 				.isEqualTo(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8");
-
 		String formParameters = recordedRequest.getBody().readUtf8();
 		assertThat(formParameters).contains("grant_type=password");
 		assertThat(formParameters).contains("username=user1");
 		assertThat(formParameters).contains("password=password");
 		assertThat(formParameters).contains("scope=read+write");
-
 		assertThat(accessTokenResponse.getAccessToken().getTokenValue()).isEqualTo("access-token-1234");
 		assertThat(accessTokenResponse.getAccessToken().getTokenType()).isEqualTo(OAuth2AccessToken.TokenType.BEARER);
 		assertThat(accessTokenResponse.getAccessToken().getExpiresAt()).isBetween(expiresAtBefore, expiresAtAfter);
@@ -129,17 +122,13 @@ public class DefaultPasswordTokenResponseClientTests {
 		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
 				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
-
 		ClientRegistration clientRegistration = this.clientRegistrationBuilder
 				.clientAuthenticationMethod(ClientAuthenticationMethod.POST).build();
 		OAuth2PasswordGrantRequest passwordGrantRequest = new OAuth2PasswordGrantRequest(clientRegistration,
 				this.username, this.password);
-
 		this.tokenResponseClient.getTokenResponse(passwordGrantRequest);
-
 		RecordedRequest recordedRequest = this.server.takeRequest();
 		assertThat(recordedRequest.getHeader(HttpHeaders.AUTHORIZATION)).isNull();
-
 		String formParameters = recordedRequest.getBody().readUtf8();
 		assertThat(formParameters).contains("client_id=client-id");
 		assertThat(formParameters).contains("client_secret=client-secret");
@@ -150,10 +139,8 @@ public class DefaultPasswordTokenResponseClientTests {
 		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
 				+ "   \"token_type\": \"not-bearer\",\n" + "   \"expires_in\": \"3600\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
-
 		OAuth2PasswordGrantRequest passwordGrantRequest = new OAuth2PasswordGrantRequest(
 				this.clientRegistrationBuilder.build(), this.username, this.password);
-
 		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(passwordGrantRequest))
 				.isInstanceOf(OAuth2AuthorizationException.class)
 				.hasMessageContaining(
@@ -167,16 +154,12 @@ public class DefaultPasswordTokenResponseClientTests {
 				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\",\n" + "   \"scope\": \"read\"\n"
 				+ "}\n";
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
-
 		OAuth2PasswordGrantRequest passwordGrantRequest = new OAuth2PasswordGrantRequest(
 				this.clientRegistrationBuilder.build(), this.username, this.password);
-
 		OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient.getTokenResponse(passwordGrantRequest);
-
 		RecordedRequest recordedRequest = this.server.takeRequest();
 		String formParameters = recordedRequest.getBody().readUtf8();
 		assertThat(formParameters).contains("scope=read");
-
 		assertThat(accessTokenResponse.getAccessToken().getScopes()).containsExactly("read");
 	}
 
@@ -184,10 +167,8 @@ public class DefaultPasswordTokenResponseClientTests {
 	public void getTokenResponseWhenErrorResponseThenThrowOAuth2AuthorizationException() {
 		String accessTokenErrorResponse = "{\n" + "   \"error\": \"unauthorized_client\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(accessTokenErrorResponse).setResponseCode(400));
-
 		OAuth2PasswordGrantRequest passwordGrantRequest = new OAuth2PasswordGrantRequest(
 				this.clientRegistrationBuilder.build(), this.username, this.password);
-
 		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(passwordGrantRequest))
 				.isInstanceOf(OAuth2AuthorizationException.class).hasMessageContaining("[unauthorized_client]");
 	}
@@ -195,10 +176,8 @@ public class DefaultPasswordTokenResponseClientTests {
 	@Test
 	public void getTokenResponseWhenServerErrorResponseThenThrowOAuth2AuthorizationException() {
 		this.server.enqueue(new MockResponse().setResponseCode(500));
-
 		OAuth2PasswordGrantRequest passwordGrantRequest = new OAuth2PasswordGrantRequest(
 				this.clientRegistrationBuilder.build(), this.username, this.password);
-
 		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(passwordGrantRequest))
 				.isInstanceOf(OAuth2AuthorizationException.class).hasMessageContaining(
 						"[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response");
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultRefreshTokenTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultRefreshTokenTokenResponseClientTests.java
index d4f5b66239..a4cd6dd27d 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultRefreshTokenTokenResponseClientTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultRefreshTokenTokenResponseClientTests.java
@@ -97,28 +97,21 @@ public class DefaultRefreshTokenTokenResponseClientTests {
 		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
 				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
-
 		Instant expiresAtBefore = Instant.now().plusSeconds(3600);
-
 		OAuth2RefreshTokenGrantRequest refreshTokenGrantRequest = new OAuth2RefreshTokenGrantRequest(
 				this.clientRegistrationBuilder.build(), this.accessToken, this.refreshToken);
-
 		OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient
 				.getTokenResponse(refreshTokenGrantRequest);
-
 		Instant expiresAtAfter = Instant.now().plusSeconds(3600);
-
 		RecordedRequest recordedRequest = this.server.takeRequest();
 		assertThat(recordedRequest.getMethod()).isEqualTo(HttpMethod.POST.toString());
 		assertThat(recordedRequest.getHeader(HttpHeaders.ACCEPT)).isEqualTo(MediaType.APPLICATION_JSON_UTF8_VALUE);
 		assertThat(recordedRequest.getHeader(HttpHeaders.CONTENT_TYPE))
 				.isEqualTo(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8");
 		assertThat(recordedRequest.getHeader(HttpHeaders.AUTHORIZATION)).startsWith("Basic ");
-
 		String formParameters = recordedRequest.getBody().readUtf8();
 		assertThat(formParameters).contains("grant_type=refresh_token");
 		assertThat(formParameters).contains("refresh_token=refresh-token");
-
 		assertThat(accessTokenResponse.getAccessToken().getTokenValue()).isEqualTo("access-token-1234");
 		assertThat(accessTokenResponse.getAccessToken().getTokenType()).isEqualTo(OAuth2AccessToken.TokenType.BEARER);
 		assertThat(accessTokenResponse.getAccessToken().getExpiresAt()).isBetween(expiresAtBefore, expiresAtAfter);
@@ -132,18 +125,13 @@ public class DefaultRefreshTokenTokenResponseClientTests {
 		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
 				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
-
 		ClientRegistration clientRegistration = this.clientRegistrationBuilder
 				.clientAuthenticationMethod(ClientAuthenticationMethod.POST).build();
-
 		OAuth2RefreshTokenGrantRequest refreshTokenGrantRequest = new OAuth2RefreshTokenGrantRequest(clientRegistration,
 				this.accessToken, this.refreshToken);
-
 		this.tokenResponseClient.getTokenResponse(refreshTokenGrantRequest);
-
 		RecordedRequest recordedRequest = this.server.takeRequest();
 		assertThat(recordedRequest.getHeader(HttpHeaders.AUTHORIZATION)).isNull();
-
 		String formParameters = recordedRequest.getBody().readUtf8();
 		assertThat(formParameters).contains("client_id=client-id");
 		assertThat(formParameters).contains("client_secret=client-secret");
@@ -154,10 +142,8 @@ public class DefaultRefreshTokenTokenResponseClientTests {
 		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
 				+ "   \"token_type\": \"not-bearer\",\n" + "   \"expires_in\": \"3600\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
-
 		OAuth2RefreshTokenGrantRequest refreshTokenGrantRequest = new OAuth2RefreshTokenGrantRequest(
 				this.clientRegistrationBuilder.build(), this.accessToken, this.refreshToken);
-
 		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(refreshTokenGrantRequest))
 				.isInstanceOf(OAuth2AuthorizationException.class)
 				.hasMessageContaining(
@@ -171,18 +157,14 @@ public class DefaultRefreshTokenTokenResponseClientTests {
 				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\",\n" + "   \"scope\": \"read\"\n"
 				+ "}\n";
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
-
 		OAuth2RefreshTokenGrantRequest refreshTokenGrantRequest = new OAuth2RefreshTokenGrantRequest(
 				this.clientRegistrationBuilder.build(), this.accessToken, this.refreshToken,
 				Collections.singleton("read"));
-
 		OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient
 				.getTokenResponse(refreshTokenGrantRequest);
-
 		RecordedRequest recordedRequest = this.server.takeRequest();
 		String formParameters = recordedRequest.getBody().readUtf8();
 		assertThat(formParameters).contains("scope=read");
-
 		assertThat(accessTokenResponse.getAccessToken().getScopes()).containsExactly("read");
 	}
 
@@ -190,10 +172,8 @@ public class DefaultRefreshTokenTokenResponseClientTests {
 	public void getTokenResponseWhenErrorResponseThenThrowOAuth2AuthorizationException() {
 		String accessTokenErrorResponse = "{\n" + "   \"error\": \"unauthorized_client\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(accessTokenErrorResponse).setResponseCode(400));
-
 		OAuth2RefreshTokenGrantRequest refreshTokenGrantRequest = new OAuth2RefreshTokenGrantRequest(
 				this.clientRegistrationBuilder.build(), this.accessToken, this.refreshToken);
-
 		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(refreshTokenGrantRequest))
 				.isInstanceOf(OAuth2AuthorizationException.class).hasMessageContaining("[unauthorized_client]");
 	}
@@ -201,10 +181,8 @@ public class DefaultRefreshTokenTokenResponseClientTests {
 	@Test
 	public void getTokenResponseWhenServerErrorResponseThenThrowOAuth2AuthorizationException() {
 		this.server.enqueue(new MockResponse().setResponseCode(500));
-
 		OAuth2RefreshTokenGrantRequest refreshTokenGrantRequest = new OAuth2RefreshTokenGrantRequest(
 				this.clientRegistrationBuilder.build(), this.accessToken, this.refreshToken);
-
 		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(refreshTokenGrantRequest))
 				.isInstanceOf(OAuth2AuthorizationException.class).hasMessageContaining(
 						"[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response");
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/NimbusAuthorizationCodeTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/NimbusAuthorizationCodeTokenResponseClientTests.java
index 7f366ba058..a9bf107e9d 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/NimbusAuthorizationCodeTokenResponseClientTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/NimbusAuthorizationCodeTokenResponseClientTests.java
@@ -75,7 +75,6 @@ public class NimbusAuthorizationCodeTokenResponseClientTests {
 	@Test
 	public void getTokenResponseWhenSuccessResponseThenReturnAccessTokenResponse() throws Exception {
 		MockWebServer server = new MockWebServer();
-
 		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
 				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\",\n"
 				+ "   \"scope\": \"openid profile\",\n" + "	\"refresh_token\": \"refresh-token-1234\",\n"
@@ -84,20 +83,14 @@ public class NimbusAuthorizationCodeTokenResponseClientTests {
 		server.enqueue(new MockResponse().setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE)
 				.setBody(accessTokenSuccessResponse));
 		server.start();
-
 		String tokenUri = server.url("/oauth2/token").toString();
 		this.clientRegistrationBuilder.tokenUri(tokenUri);
-
 		Instant expiresAtBefore = Instant.now().plusSeconds(3600);
-
 		OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient
 				.getTokenResponse(new OAuth2AuthorizationCodeGrantRequest(this.clientRegistrationBuilder.build(),
 						this.authorizationExchange));
-
 		Instant expiresAtAfter = Instant.now().plusSeconds(3600);
-
 		server.shutdown();
-
 		assertThat(accessTokenResponse.getAccessToken().getTokenValue()).isEqualTo("access-token-1234");
 		assertThat(accessTokenResponse.getAccessToken().getTokenType()).isEqualTo(OAuth2AccessToken.TokenType.BEARER);
 		assertThat(accessTokenResponse.getAccessToken().getExpiresAt()).isBetween(expiresAtBefore, expiresAtAfter);
@@ -111,13 +104,11 @@ public class NimbusAuthorizationCodeTokenResponseClientTests {
 	@Test
 	public void getTokenResponseWhenRedirectUriMalformedThenThrowIllegalArgumentException() {
 		this.exception.expect(IllegalArgumentException.class);
-
 		String redirectUri = "http:\\example.com";
 		OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request()
 				.redirectUri(redirectUri).build();
 		OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(authorizationRequest,
 				this.authorizationResponse);
-
 		this.tokenResponseClient.getTokenResponse(
 				new OAuth2AuthorizationCodeGrantRequest(this.clientRegistrationBuilder.build(), authorizationExchange));
 	}
@@ -125,10 +116,8 @@ public class NimbusAuthorizationCodeTokenResponseClientTests {
 	@Test
 	public void getTokenResponseWhenTokenUriMalformedThenThrowIllegalArgumentException() {
 		this.exception.expect(IllegalArgumentException.class);
-
 		String tokenUri = "http:\\provider.com\\oauth2\\token";
 		this.clientRegistrationBuilder.tokenUri(tokenUri);
-
 		this.tokenResponseClient.getTokenResponse(new OAuth2AuthorizationCodeGrantRequest(
 				this.clientRegistrationBuilder.build(), this.authorizationExchange));
 	}
@@ -137,22 +126,17 @@ public class NimbusAuthorizationCodeTokenResponseClientTests {
 	public void getTokenResponseWhenSuccessResponseInvalidThenThrowOAuth2AuthorizationException() throws Exception {
 		this.exception.expect(OAuth2AuthorizationException.class);
 		this.exception.expectMessage(containsString("invalid_token_response"));
-
 		MockWebServer server = new MockWebServer();
-
 		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
 				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\",\n"
 				+ "   \"scope\": \"openid profile\",\n" + "   \"custom_parameter_1\": \"custom-value-1\",\n"
 				+ "   \"custom_parameter_2\": \"custom-value-2\"\n";
 		// "}\n"; // Make the JSON invalid/malformed
-
 		server.enqueue(new MockResponse().setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE)
 				.setBody(accessTokenSuccessResponse));
 		server.start();
-
 		String tokenUri = server.url("/oauth2/token").toString();
 		this.clientRegistrationBuilder.tokenUri(tokenUri);
-
 		try {
 			this.tokenResponseClient.getTokenResponse(new OAuth2AuthorizationCodeGrantRequest(
 					this.clientRegistrationBuilder.build(), this.authorizationExchange));
@@ -165,10 +149,8 @@ public class NimbusAuthorizationCodeTokenResponseClientTests {
 	@Test
 	public void getTokenResponseWhenTokenUriInvalidThenThrowOAuth2AuthorizationException() {
 		this.exception.expect(OAuth2AuthorizationException.class);
-
 		String tokenUri = "https://invalid-provider.com/oauth2/token";
 		this.clientRegistrationBuilder.tokenUri(tokenUri);
-
 		this.tokenResponseClient.getTokenResponse(new OAuth2AuthorizationCodeGrantRequest(
 				this.clientRegistrationBuilder.build(), this.authorizationExchange));
 	}
@@ -177,17 +159,13 @@ public class NimbusAuthorizationCodeTokenResponseClientTests {
 	public void getTokenResponseWhenErrorResponseThenThrowOAuth2AuthorizationException() throws Exception {
 		this.exception.expect(OAuth2AuthorizationException.class);
 		this.exception.expectMessage(containsString("unauthorized_client"));
-
 		MockWebServer server = new MockWebServer();
-
 		String accessTokenErrorResponse = "{\n" + "   \"error\": \"unauthorized_client\"\n" + "}\n";
 		server.enqueue(new MockResponse().setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE)
 				.setResponseCode(500).setBody(accessTokenErrorResponse));
 		server.start();
-
 		String tokenUri = server.url("/oauth2/token").toString();
 		this.clientRegistrationBuilder.tokenUri(tokenUri);
-
 		try {
 			this.tokenResponseClient.getTokenResponse(new OAuth2AuthorizationCodeGrantRequest(
 					this.clientRegistrationBuilder.build(), this.authorizationExchange));
@@ -202,15 +180,11 @@ public class NimbusAuthorizationCodeTokenResponseClientTests {
 	public void getTokenResponseWhenServerErrorResponseThenThrowOAuth2AuthorizationException() throws Exception {
 		this.exception.expect(OAuth2AuthorizationException.class);
 		this.exception.expectMessage(containsString("server_error"));
-
 		MockWebServer server = new MockWebServer();
-
 		server.enqueue(new MockResponse().setResponseCode(500));
 		server.start();
-
 		String tokenUri = server.url("/oauth2/token").toString();
 		this.clientRegistrationBuilder.tokenUri(tokenUri);
-
 		try {
 			this.tokenResponseClient.getTokenResponse(new OAuth2AuthorizationCodeGrantRequest(
 					this.clientRegistrationBuilder.build(), this.authorizationExchange));
@@ -225,19 +199,14 @@ public class NimbusAuthorizationCodeTokenResponseClientTests {
 			throws Exception {
 		this.exception.expect(OAuth2AuthorizationException.class);
 		this.exception.expectMessage(containsString("invalid_token_response"));
-
 		MockWebServer server = new MockWebServer();
-
 		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
 				+ "   \"token_type\": \"not-bearer\",\n" + "   \"expires_in\": \"3600\"\n" + "}\n";
-
 		server.enqueue(new MockResponse().setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE)
 				.setBody(accessTokenSuccessResponse));
 		server.start();
-
 		String tokenUri = server.url("/oauth2/token").toString();
 		this.clientRegistrationBuilder.tokenUri(tokenUri);
-
 		try {
 			this.tokenResponseClient.getTokenResponse(new OAuth2AuthorizationCodeGrantRequest(
 					this.clientRegistrationBuilder.build(), this.authorizationExchange));
@@ -251,27 +220,21 @@ public class NimbusAuthorizationCodeTokenResponseClientTests {
 	public void getTokenResponseWhenSuccessResponseIncludesScopeThenReturnAccessTokenResponseUsingResponseScope()
 			throws Exception {
 		MockWebServer server = new MockWebServer();
-
 		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
 				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\",\n"
 				+ "   \"scope\": \"openid profile\"\n" + "}\n";
 		server.enqueue(new MockResponse().setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE)
 				.setBody(accessTokenSuccessResponse));
 		server.start();
-
 		String tokenUri = server.url("/oauth2/token").toString();
 		this.clientRegistrationBuilder.tokenUri(tokenUri);
-
 		OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request()
 				.scope("openid", "profile", "email", "address").build();
 		OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(authorizationRequest,
 				this.authorizationResponse);
-
 		OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient.getTokenResponse(
 				new OAuth2AuthorizationCodeGrantRequest(this.clientRegistrationBuilder.build(), authorizationExchange));
-
 		server.shutdown();
-
 		assertThat(accessTokenResponse.getAccessToken().getScopes()).containsExactly("openid", "profile");
 	}
 
@@ -279,26 +242,20 @@ public class NimbusAuthorizationCodeTokenResponseClientTests {
 	public void getTokenResponseWhenSuccessResponseDoesNotIncludeScopeThenReturnAccessTokenResponseUsingRequestedScope()
 			throws Exception {
 		MockWebServer server = new MockWebServer();
-
 		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
 				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\"\n" + "}\n";
 		server.enqueue(new MockResponse().setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE)
 				.setBody(accessTokenSuccessResponse));
 		server.start();
-
 		String tokenUri = server.url("/oauth2/token").toString();
 		this.clientRegistrationBuilder.tokenUri(tokenUri);
-
 		OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request()
 				.scope("openid", "profile", "email", "address").build();
 		OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(authorizationRequest,
 				this.authorizationResponse);
-
 		OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient.getTokenResponse(
 				new OAuth2AuthorizationCodeGrantRequest(this.clientRegistrationBuilder.build(), authorizationExchange));
-
 		server.shutdown();
-
 		assertThat(accessTokenResponse.getAccessToken().getScopes()).containsExactly("openid", "profile", "email",
 				"address");
 	}
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestEntityConverterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestEntityConverterTests.java
index 5000346862..c75fc03315 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestEntityConverterTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestEntityConverterTests.java
@@ -74,19 +74,15 @@ public class OAuth2AuthorizationCodeGrantRequestEntityConverterTests {
 				authorizationResponse);
 		OAuth2AuthorizationCodeGrantRequest authorizationCodeGrantRequest = new OAuth2AuthorizationCodeGrantRequest(
 				clientRegistration, authorizationExchange);
-
 		RequestEntity<?> requestEntity = this.converter.convert(authorizationCodeGrantRequest);
-
 		assertThat(requestEntity.getMethod()).isEqualTo(HttpMethod.POST);
 		assertThat(requestEntity.getUrl().toASCIIString())
 				.isEqualTo(clientRegistration.getProviderDetails().getTokenUri());
-
 		HttpHeaders headers = requestEntity.getHeaders();
 		assertThat(headers.getAccept()).contains(MediaType.APPLICATION_JSON_UTF8);
 		assertThat(headers.getContentType())
 				.isEqualTo(MediaType.valueOf(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8"));
 		assertThat(headers.getFirst(HttpHeaders.AUTHORIZATION)).startsWith("Basic ");
-
 		MultiValueMap<String, String> formParameters = (MultiValueMap<String, String>) requestEntity.getBody();
 		assertThat(formParameters.getFirst(OAuth2ParameterNames.GRANT_TYPE))
 				.isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE.getValue());
@@ -101,35 +97,27 @@ public class OAuth2AuthorizationCodeGrantRequestEntityConverterTests {
 	public void convertWhenPkceGrantRequestValidThenConverts() {
 		ClientRegistration clientRegistration = this.clientRegistrationBuilder.clientAuthenticationMethod(null)
 				.clientSecret(null).build();
-
 		Map<String, Object> attributes = new HashMap<>();
 		attributes.put(PkceParameterNames.CODE_VERIFIER, "code-verifier-1234");
-
 		Map<String, Object> additionalParameters = new HashMap<>();
 		additionalParameters.put(PkceParameterNames.CODE_CHALLENGE, "code-challenge-1234");
 		additionalParameters.put(PkceParameterNames.CODE_CHALLENGE_METHOD, "S256");
-
 		OAuth2AuthorizationRequest authorizationRequest = this.authorizationRequestBuilder.attributes(attributes)
 				.additionalParameters(additionalParameters).build();
-
 		OAuth2AuthorizationResponse authorizationResponse = this.authorizationResponseBuilder.build();
 		OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(authorizationRequest,
 				authorizationResponse);
 		OAuth2AuthorizationCodeGrantRequest authorizationCodeGrantRequest = new OAuth2AuthorizationCodeGrantRequest(
 				clientRegistration, authorizationExchange);
-
 		RequestEntity<?> requestEntity = this.converter.convert(authorizationCodeGrantRequest);
-
 		assertThat(requestEntity.getMethod()).isEqualTo(HttpMethod.POST);
 		assertThat(requestEntity.getUrl().toASCIIString())
 				.isEqualTo(clientRegistration.getProviderDetails().getTokenUri());
-
 		HttpHeaders headers = requestEntity.getHeaders();
 		assertThat(headers.getAccept()).contains(MediaType.APPLICATION_JSON_UTF8);
 		assertThat(headers.getContentType())
 				.isEqualTo(MediaType.valueOf(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8"));
 		assertThat(headers.getFirst(HttpHeaders.AUTHORIZATION)).isNull();
-
 		MultiValueMap<String, String> formParameters = (MultiValueMap<String, String>) requestEntity.getBody();
 		assertThat(formParameters.getFirst(OAuth2ParameterNames.GRANT_TYPE))
 				.isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE.getValue());
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestTests.java
index 9771f072df..28c625f841 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestTests.java
@@ -58,7 +58,6 @@ public class OAuth2AuthorizationCodeGrantRequestTests {
 	public void constructorWhenAllParametersProvidedAndValidThenCreated() {
 		OAuth2AuthorizationCodeGrantRequest authorizationCodeGrantRequest = new OAuth2AuthorizationCodeGrantRequest(
 				this.clientRegistration, this.authorizationExchange);
-
 		assertThat(authorizationCodeGrantRequest.getClientRegistration()).isEqualTo(this.clientRegistration);
 		assertThat(authorizationCodeGrantRequest.getAuthorizationExchange()).isEqualTo(this.authorizationExchange);
 		assertThat(authorizationCodeGrantRequest.getGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestEntityConverterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestEntityConverterTests.java
index 4aa6632681..f5b402ed3e 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestEntityConverterTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestEntityConverterTests.java
@@ -56,19 +56,15 @@ public class OAuth2ClientCredentialsGrantRequestEntityConverterTests {
 	@Test
 	public void convertWhenGrantRequestValidThenConverts() {
 		RequestEntity<?> requestEntity = this.converter.convert(this.clientCredentialsGrantRequest);
-
 		ClientRegistration clientRegistration = this.clientCredentialsGrantRequest.getClientRegistration();
-
 		assertThat(requestEntity.getMethod()).isEqualTo(HttpMethod.POST);
 		assertThat(requestEntity.getUrl().toASCIIString())
 				.isEqualTo(clientRegistration.getProviderDetails().getTokenUri());
-
 		HttpHeaders headers = requestEntity.getHeaders();
 		assertThat(headers.getAccept()).contains(MediaType.APPLICATION_JSON_UTF8);
 		assertThat(headers.getContentType())
 				.isEqualTo(MediaType.valueOf(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8"));
 		assertThat(headers.getFirst(HttpHeaders.AUTHORIZATION)).startsWith("Basic ");
-
 		MultiValueMap<String, String> formParameters = (MultiValueMap<String, String>) requestEntity.getBody();
 		assertThat(formParameters.getFirst(OAuth2ParameterNames.GRANT_TYPE))
 				.isEqualTo(AuthorizationGrantType.CLIENT_CREDENTIALS.getValue());
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestTests.java
index f0bc076c22..1bb619e9b1 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestTests.java
@@ -55,7 +55,6 @@ public class OAuth2ClientCredentialsGrantRequestTests {
 				.clientId("client-1").authorizationGrantType(AuthorizationGrantType.IMPLICIT)
 				.redirectUri("https://localhost:8080/redirect-uri").authorizationUri("https://provider.com/oauth2/auth")
 				.clientName("Client 1").build();
-
 		assertThatThrownBy(() -> new OAuth2ClientCredentialsGrantRequest(clientRegistration))
 				.isInstanceOf(IllegalArgumentException.class).hasMessage(
 						"clientRegistration.authorizationGrantType must be AuthorizationGrantType.CLIENT_CREDENTIALS");
@@ -65,7 +64,6 @@ public class OAuth2ClientCredentialsGrantRequestTests {
 	public void constructorWhenValidParametersProvidedThenCreated() {
 		OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest = new OAuth2ClientCredentialsGrantRequest(
 				this.clientRegistration);
-
 		assertThat(clientCredentialsGrantRequest.getClientRegistration()).isEqualTo(this.clientRegistration);
 		assertThat(clientCredentialsGrantRequest.getGrantType()).isEqualTo(AuthorizationGrantType.CLIENT_CREDENTIALS);
 	}
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2PasswordGrantRequestEntityConverterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2PasswordGrantRequestEntityConverterTests.java
index af4378312c..2032c722b0 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2PasswordGrantRequestEntityConverterTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2PasswordGrantRequestEntityConverterTests.java
@@ -53,19 +53,15 @@ public class OAuth2PasswordGrantRequestEntityConverterTests {
 	@Test
 	public void convertWhenGrantRequestValidThenConverts() {
 		RequestEntity<?> requestEntity = this.converter.convert(this.passwordGrantRequest);
-
 		ClientRegistration clientRegistration = this.passwordGrantRequest.getClientRegistration();
-
 		assertThat(requestEntity.getMethod()).isEqualTo(HttpMethod.POST);
 		assertThat(requestEntity.getUrl().toASCIIString())
 				.isEqualTo(clientRegistration.getProviderDetails().getTokenUri());
-
 		HttpHeaders headers = requestEntity.getHeaders();
 		assertThat(headers.getAccept()).contains(MediaType.APPLICATION_JSON_UTF8);
 		assertThat(headers.getContentType())
 				.isEqualTo(MediaType.valueOf(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8"));
 		assertThat(headers.getFirst(HttpHeaders.AUTHORIZATION)).startsWith("Basic ");
-
 		MultiValueMap<String, String> formParameters = (MultiValueMap<String, String>) requestEntity.getBody();
 		assertThat(formParameters.getFirst(OAuth2ParameterNames.GRANT_TYPE))
 				.isEqualTo(AuthorizationGrantType.PASSWORD.getValue());
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2RefreshTokenGrantRequestEntityConverterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2RefreshTokenGrantRequestEntityConverterTests.java
index c53b600a3a..60c53bdeda 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2RefreshTokenGrantRequestEntityConverterTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2RefreshTokenGrantRequestEntityConverterTests.java
@@ -58,20 +58,16 @@ public class OAuth2RefreshTokenGrantRequestEntityConverterTests {
 	@Test
 	public void convertWhenGrantRequestValidThenConverts() {
 		RequestEntity<?> requestEntity = this.converter.convert(this.refreshTokenGrantRequest);
-
 		ClientRegistration clientRegistration = this.refreshTokenGrantRequest.getClientRegistration();
 		OAuth2RefreshToken refreshToken = this.refreshTokenGrantRequest.getRefreshToken();
-
 		assertThat(requestEntity.getMethod()).isEqualTo(HttpMethod.POST);
 		assertThat(requestEntity.getUrl().toASCIIString())
 				.isEqualTo(clientRegistration.getProviderDetails().getTokenUri());
-
 		HttpHeaders headers = requestEntity.getHeaders();
 		assertThat(headers.getAccept()).contains(MediaType.APPLICATION_JSON_UTF8);
 		assertThat(headers.getContentType())
 				.isEqualTo(MediaType.valueOf(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8"));
 		assertThat(headers.getFirst(HttpHeaders.AUTHORIZATION)).startsWith("Basic ");
-
 		MultiValueMap<String, String> formParameters = (MultiValueMap<String, String>) requestEntity.getBody();
 		assertThat(formParameters.getFirst(OAuth2ParameterNames.GRANT_TYPE))
 				.isEqualTo(AuthorizationGrantType.REFRESH_TOKEN.getValue());
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveAuthorizationCodeTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveAuthorizationCodeTokenResponseClientTests.java
index f2a2dba39e..f614700b0f 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveAuthorizationCodeTokenResponseClientTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveAuthorizationCodeTokenResponseClientTests.java
@@ -63,9 +63,7 @@ public class WebClientReactiveAuthorizationCodeTokenResponseClientTests {
 	public void setup() throws Exception {
 		this.server = new MockWebServer();
 		this.server.start();
-
 		String tokenUri = this.server.url("/oauth2/token").toString();
-
 		this.clientRegistration = TestClientRegistrations.clientRegistration().tokenUri(tokenUri);
 	}
 
@@ -82,18 +80,13 @@ public class WebClientReactiveAuthorizationCodeTokenResponseClientTests {
 				+ "   \"custom_parameter_1\": \"custom-value-1\",\n" + "   \"custom_parameter_2\": \"custom-value-2\"\n"
 				+ "}\n";
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
-
 		Instant expiresAtBefore = Instant.now().plusSeconds(3600);
-
 		OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient
 				.getTokenResponse(authorizationCodeGrantRequest()).block();
 		String body = this.server.takeRequest().getBody().readUtf8();
-
 		assertThat(body).isEqualTo(
 				"grant_type=authorization_code&code=code&redirect_uri=%7BbaseUrl%7D%2F%7Baction%7D%2Foauth2%2Fcode%2F%7BregistrationId%7D");
-
 		Instant expiresAtAfter = Instant.now().plusSeconds(3600);
-
 		assertThat(accessTokenResponse.getAccessToken().getTokenValue()).isEqualTo("access-token-1234");
 		assertThat(accessTokenResponse.getAccessToken().getTokenType()).isEqualTo(OAuth2AccessToken.TokenType.BEARER);
 		assertThat(accessTokenResponse.getAccessToken().getExpiresAt()).isBetween(expiresAtBefore, expiresAtAfter);
@@ -184,10 +177,8 @@ public class WebClientReactiveAuthorizationCodeTokenResponseClientTests {
 	@Test
 	public void getTokenResponseWhenErrorResponseThenThrowOAuth2AuthorizationException() {
 		String accessTokenErrorResponse = "{\n" + "   \"error\": \"unauthorized_client\"\n" + "}\n";
-
 		this.server.enqueue(
 				jsonResponse(accessTokenErrorResponse).setResponseCode(HttpStatus.INTERNAL_SERVER_ERROR.value()));
-
 		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(authorizationCodeGrantRequest()).block())
 				.isInstanceOfSatisfying(OAuth2AuthorizationException.class,
 						(e) -> assertThat(e.getError().getErrorCode()).isEqualTo("unauthorized_client"))
@@ -200,7 +191,6 @@ public class WebClientReactiveAuthorizationCodeTokenResponseClientTests {
 		String accessTokenErrorResponse = "{}";
 		this.server.enqueue(
 				jsonResponse(accessTokenErrorResponse).setResponseCode(HttpStatus.INTERNAL_SERVER_ERROR.value()));
-
 		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(authorizationCodeGrantRequest()).block())
 				.isInstanceOf(OAuth2AuthorizationException.class).hasMessageContaining("server_error");
 	}
@@ -209,9 +199,7 @@ public class WebClientReactiveAuthorizationCodeTokenResponseClientTests {
 	public void getTokenResponseWhenSuccessResponseAndNotBearerTokenTypeThenThrowOAuth2AuthorizationException() {
 		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
 				+ "   \"token_type\": \"not-bearer\",\n" + "   \"expires_in\": \"3600\"\n" + "}\n";
-
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
-
 		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(authorizationCodeGrantRequest()).block())
 				.isInstanceOf(OAuth2AuthorizationException.class).hasMessageContaining("invalid_token_response");
 	}
@@ -222,12 +210,9 @@ public class WebClientReactiveAuthorizationCodeTokenResponseClientTests {
 				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\",\n"
 				+ "   \"scope\": \"openid profile\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
-
 		this.clientRegistration.scope("openid", "profile", "email", "address");
-
 		OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient
 				.getTokenResponse(authorizationCodeGrantRequest()).block();
-
 		assertThat(accessTokenResponse.getAccessToken().getScopes()).containsExactly("openid", "profile");
 	}
 
@@ -236,12 +221,9 @@ public class WebClientReactiveAuthorizationCodeTokenResponseClientTests {
 		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
 				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
-
 		this.clientRegistration.scope("openid", "profile", "email", "address");
-
 		OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient
 				.getTokenResponse(authorizationCodeGrantRequest()).block();
-
 		assertThat(accessTokenResponse.getAccessToken().getScopes()).containsExactly("openid", "profile", "email",
 				"address");
 	}
@@ -272,19 +254,14 @@ public class WebClientReactiveAuthorizationCodeTokenResponseClientTests {
 	public void setCustomWebClientThenCustomWebClientIsUsed() {
 		WebClient customClient = mock(WebClient.class);
 		given(customClient.post()).willReturn(WebClient.builder().build().post());
-
 		this.tokenResponseClient.setWebClient(customClient);
-
 		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
 				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\",\n"
 				+ "   \"scope\": \"openid profile\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
-
 		this.clientRegistration.scope("openid", "profile", "email", "address");
-
 		OAuth2AccessTokenResponse response = this.tokenResponseClient.getTokenResponse(authorizationCodeGrantRequest())
 				.block();
-
 		verify(customClient, atLeastOnce()).post();
 	}
 
@@ -294,10 +271,8 @@ public class WebClientReactiveAuthorizationCodeTokenResponseClientTests {
 		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
 				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
-
 		this.tokenResponseClient.getTokenResponse(pkceAuthorizationCodeGrantRequest()).block();
 		String body = this.server.takeRequest().getBody().readUtf8();
-
 		assertThat(body).isEqualTo(
 				"grant_type=authorization_code&client_id=client-id&code=code&redirect_uri=%7BbaseUrl%7D%2F%7Baction%7D%2Foauth2%2Fcode%2F%7BregistrationId%7D&code_verifier=code-verifier-1234");
 	}
@@ -305,14 +280,11 @@ public class WebClientReactiveAuthorizationCodeTokenResponseClientTests {
 	private OAuth2AuthorizationCodeGrantRequest pkceAuthorizationCodeGrantRequest() {
 		ClientRegistration registration = this.clientRegistration.clientAuthenticationMethod(null).clientSecret(null)
 				.build();
-
 		Map<String, Object> attributes = new HashMap<>();
 		attributes.put(PkceParameterNames.CODE_VERIFIER, "code-verifier-1234");
-
 		Map<String, Object> additionalParameters = new HashMap<>();
 		additionalParameters.put(PkceParameterNames.CODE_CHALLENGE, "code-challenge-1234");
 		additionalParameters.put(PkceParameterNames.CODE_CHALLENGE_METHOD, "S256");
-
 		OAuth2AuthorizationRequest authorizationRequest = OAuth2AuthorizationRequest.authorizationCode()
 				.clientId(registration.getClientId()).state("state")
 				.authorizationUri(registration.getProviderDetails().getAuthorizationUri())
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveClientCredentialsTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveClientCredentialsTokenResponseClientTests.java
index 46ce905b07..7e47b19533 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveClientCredentialsTokenResponseClientTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveClientCredentialsTokenResponseClientTests.java
@@ -56,7 +56,6 @@ public class WebClientReactiveClientCredentialsTokenResponseClientTests {
 	public void setup() throws Exception {
 		this.server = new MockWebServer();
 		this.server.start();
-
 		this.clientRegistration = TestClientRegistrations.clientCredentials()
 				.tokenUri(this.server.url("/oauth2/token").uri().toASCIIString());
 	}
@@ -74,11 +73,9 @@ public class WebClientReactiveClientCredentialsTokenResponseClientTests {
 				+ "  \"refresh_token\":\"IwOGYzYTlmM2YxOTQ5MGE3YmNmMDFkNTVk\",\n" + "  \"scope\":\"create\"\n" + "}");
 		OAuth2ClientCredentialsGrantRequest request = new OAuth2ClientCredentialsGrantRequest(
 				this.clientRegistration.build());
-
 		OAuth2AccessTokenResponse response = this.client.getTokenResponse(request).block();
 		RecordedRequest actualRequest = this.server.takeRequest();
 		String body = actualRequest.getUtf8Body();
-
 		assertThat(response.getAccessToken()).isNotNull();
 		assertThat(actualRequest.getHeader(HttpHeaders.AUTHORIZATION))
 				.isEqualTo("Basic Y2xpZW50LWlkOmNsaWVudC1zZWNyZXQ=");
@@ -92,13 +89,10 @@ public class WebClientReactiveClientCredentialsTokenResponseClientTests {
 		enqueueJson("{\n" + "  \"access_token\":\"MTQ0NjJkZmQ5OTM2NDE1ZTZjNGZmZjI3\",\n"
 				+ "  \"token_type\":\"bearer\",\n" + "  \"expires_in\":3600,\n"
 				+ "  \"refresh_token\":\"IwOGYzYTlmM2YxOTQ5MGE3YmNmMDFkNTVk\",\n" + "  \"scope\":\"create\"\n" + "}");
-
 		OAuth2ClientCredentialsGrantRequest request = new OAuth2ClientCredentialsGrantRequest(registration);
-
 		OAuth2AccessTokenResponse response = this.client.getTokenResponse(request).block();
 		RecordedRequest actualRequest = this.server.takeRequest();
 		String body = actualRequest.getUtf8Body();
-
 		assertThat(response.getAccessToken()).isNotNull();
 		assertThat(actualRequest.getHeader(HttpHeaders.AUTHORIZATION)).isNull();
 		assertThat(body).isEqualTo(
@@ -112,9 +106,7 @@ public class WebClientReactiveClientCredentialsTokenResponseClientTests {
 				+ "  \"token_type\":\"bearer\",\n" + "  \"expires_in\":3600,\n"
 				+ "  \"refresh_token\":\"IwOGYzYTlmM2YxOTQ5MGE3YmNmMDFkNTVk\"\n" + "}");
 		OAuth2ClientCredentialsGrantRequest request = new OAuth2ClientCredentialsGrantRequest(registration);
-
 		OAuth2AccessTokenResponse response = this.client.getTokenResponse(request).block();
-
 		assertThat(response.getAccessToken().getScopes()).isEqualTo(registration.getScopes());
 	}
 
@@ -127,16 +119,13 @@ public class WebClientReactiveClientCredentialsTokenResponseClientTests {
 	public void setWebClientCustomThenCustomClientIsUsed() {
 		WebClient customClient = mock(WebClient.class);
 		given(customClient.post()).willReturn(WebClient.builder().build().post());
-
 		this.client.setWebClient(customClient);
 		ClientRegistration registration = this.clientRegistration.build();
 		enqueueJson("{\n" + "  \"access_token\":\"MTQ0NjJkZmQ5OTM2NDE1ZTZjNGZmZjI3\",\n"
 				+ "  \"token_type\":\"bearer\",\n" + "  \"expires_in\":3600,\n"
 				+ "  \"refresh_token\":\"IwOGYzYTlmM2YxOTQ5MGE3YmNmMDFkNTVk\"\n" + "}");
 		OAuth2ClientCredentialsGrantRequest request = new OAuth2ClientCredentialsGrantRequest(registration);
-
 		OAuth2AccessTokenResponse response = this.client.getTokenResponse(request).block();
-
 		verify(customClient, atLeastOnce()).post();
 	}
 
@@ -144,15 +133,12 @@ public class WebClientReactiveClientCredentialsTokenResponseClientTests {
 	public void getTokenResponseWhenInvalidResponse() throws WebClientResponseException {
 		ClientRegistration registration = this.clientRegistration.build();
 		enqueueUnexpectedResponse();
-
 		OAuth2ClientCredentialsGrantRequest request = new OAuth2ClientCredentialsGrantRequest(registration);
-
 		assertThatThrownBy(() -> this.client.getTokenResponse(request).block())
 				.isInstanceOfSatisfying(OAuth2AuthorizationException.class,
 						(e) -> assertThat(e.getError().getErrorCode()).isEqualTo("invalid_token_response"))
 				.hasMessageContaining("[invalid_token_response]")
 				.hasMessageContaining("Empty OAuth 2.0 Access Token Response");
-
 	}
 
 	private void enqueueUnexpectedResponse() {
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactivePasswordTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactivePasswordTokenResponseClientTests.java
index a131e93910..a48a48505c 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactivePasswordTokenResponseClientTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactivePasswordTokenResponseClientTests.java
@@ -85,30 +85,23 @@ public class WebClientReactivePasswordTokenResponseClientTests {
 		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
 				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
-
 		Instant expiresAtBefore = Instant.now().plusSeconds(3600);
-
 		ClientRegistration clientRegistration = this.clientRegistrationBuilder.build();
 		OAuth2PasswordGrantRequest passwordGrantRequest = new OAuth2PasswordGrantRequest(clientRegistration,
 				this.username, this.password);
-
 		OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient.getTokenResponse(passwordGrantRequest)
 				.block();
-
 		Instant expiresAtAfter = Instant.now().plusSeconds(3600);
-
 		RecordedRequest recordedRequest = this.server.takeRequest();
 		assertThat(recordedRequest.getMethod()).isEqualTo(HttpMethod.POST.toString());
 		assertThat(recordedRequest.getHeader(HttpHeaders.ACCEPT)).isEqualTo(MediaType.APPLICATION_JSON_VALUE);
 		assertThat(recordedRequest.getHeader(HttpHeaders.CONTENT_TYPE))
 				.isEqualTo(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8");
-
 		String formParameters = recordedRequest.getBody().readUtf8();
 		assertThat(formParameters).contains("grant_type=password");
 		assertThat(formParameters).contains("username=user1");
 		assertThat(formParameters).contains("password=password");
 		assertThat(formParameters).contains("scope=read+write");
-
 		assertThat(accessTokenResponse.getAccessToken().getTokenValue()).isEqualTo("access-token-1234");
 		assertThat(accessTokenResponse.getAccessToken().getTokenType()).isEqualTo(OAuth2AccessToken.TokenType.BEARER);
 		assertThat(accessTokenResponse.getAccessToken().getExpiresAt()).isBetween(expiresAtBefore, expiresAtAfter);
@@ -122,17 +115,13 @@ public class WebClientReactivePasswordTokenResponseClientTests {
 		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
 				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
-
 		ClientRegistration clientRegistration = this.clientRegistrationBuilder
 				.clientAuthenticationMethod(ClientAuthenticationMethod.POST).build();
 		OAuth2PasswordGrantRequest passwordGrantRequest = new OAuth2PasswordGrantRequest(clientRegistration,
 				this.username, this.password);
-
 		this.tokenResponseClient.getTokenResponse(passwordGrantRequest).block();
-
 		RecordedRequest recordedRequest = this.server.takeRequest();
 		assertThat(recordedRequest.getHeader(HttpHeaders.AUTHORIZATION)).isNull();
-
 		String formParameters = recordedRequest.getBody().readUtf8();
 		assertThat(formParameters).contains("client_id=client-id");
 		assertThat(formParameters).contains("client_secret=client-secret");
@@ -143,10 +132,8 @@ public class WebClientReactivePasswordTokenResponseClientTests {
 		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
 				+ "   \"token_type\": \"not-bearer\",\n" + "   \"expires_in\": \"3600\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
-
 		OAuth2PasswordGrantRequest passwordGrantRequest = new OAuth2PasswordGrantRequest(
 				this.clientRegistrationBuilder.build(), this.username, this.password);
-
 		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(passwordGrantRequest).block())
 				.isInstanceOfSatisfying(OAuth2AuthorizationException.class,
 						(e) -> assertThat(e.getError().getErrorCode()).isEqualTo("invalid_token_response"))
@@ -161,17 +148,13 @@ public class WebClientReactivePasswordTokenResponseClientTests {
 				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\",\n" + "   \"scope\": \"read\"\n"
 				+ "}\n";
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
-
 		OAuth2PasswordGrantRequest passwordGrantRequest = new OAuth2PasswordGrantRequest(
 				this.clientRegistrationBuilder.build(), this.username, this.password);
-
 		OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient.getTokenResponse(passwordGrantRequest)
 				.block();
-
 		RecordedRequest recordedRequest = this.server.takeRequest();
 		String formParameters = recordedRequest.getBody().readUtf8();
 		assertThat(formParameters).contains("scope=read");
-
 		assertThat(accessTokenResponse.getAccessToken().getScopes()).containsExactly("read");
 	}
 
@@ -179,10 +162,8 @@ public class WebClientReactivePasswordTokenResponseClientTests {
 	public void getTokenResponseWhenErrorResponseThenThrowOAuth2AuthorizationException() {
 		String accessTokenErrorResponse = "{\n" + "   \"error\": \"unauthorized_client\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(accessTokenErrorResponse).setResponseCode(400));
-
 		OAuth2PasswordGrantRequest passwordGrantRequest = new OAuth2PasswordGrantRequest(
 				this.clientRegistrationBuilder.build(), this.username, this.password);
-
 		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(passwordGrantRequest).block())
 				.isInstanceOfSatisfying(OAuth2AuthorizationException.class,
 						(e) -> assertThat(e.getError().getErrorCode()).isEqualTo("unauthorized_client"))
@@ -192,10 +173,8 @@ public class WebClientReactivePasswordTokenResponseClientTests {
 	@Test
 	public void getTokenResponseWhenServerErrorResponseThenThrowOAuth2AuthorizationException() {
 		this.server.enqueue(new MockResponse().setResponseCode(500));
-
 		OAuth2PasswordGrantRequest passwordGrantRequest = new OAuth2PasswordGrantRequest(
 				this.clientRegistrationBuilder.build(), this.username, this.password);
-
 		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(passwordGrantRequest).block())
 				.isInstanceOfSatisfying(OAuth2AuthorizationException.class,
 						(e) -> assertThat(e.getError().getErrorCode()).isEqualTo("invalid_token_response"))
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveRefreshTokenTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveRefreshTokenTokenResponseClientTests.java
index 4599d702e6..47a5cdcd24 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveRefreshTokenTokenResponseClientTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveRefreshTokenTokenResponseClientTests.java
@@ -91,28 +91,21 @@ public class WebClientReactiveRefreshTokenTokenResponseClientTests {
 		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
 				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
-
 		Instant expiresAtBefore = Instant.now().plusSeconds(3600);
-
 		OAuth2RefreshTokenGrantRequest refreshTokenGrantRequest = new OAuth2RefreshTokenGrantRequest(
 				this.clientRegistrationBuilder.build(), this.accessToken, this.refreshToken);
-
 		OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient
 				.getTokenResponse(refreshTokenGrantRequest).block();
-
 		Instant expiresAtAfter = Instant.now().plusSeconds(3600);
-
 		RecordedRequest recordedRequest = this.server.takeRequest();
 		assertThat(recordedRequest.getMethod()).isEqualTo(HttpMethod.POST.toString());
 		assertThat(recordedRequest.getHeader(HttpHeaders.ACCEPT)).isEqualTo(MediaType.APPLICATION_JSON_VALUE);
 		assertThat(recordedRequest.getHeader(HttpHeaders.CONTENT_TYPE))
 				.isEqualTo(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8");
 		assertThat(recordedRequest.getHeader(HttpHeaders.AUTHORIZATION)).startsWith("Basic ");
-
 		String formParameters = recordedRequest.getBody().readUtf8();
 		assertThat(formParameters).contains("grant_type=refresh_token");
 		assertThat(formParameters).contains("refresh_token=refresh-token");
-
 		assertThat(accessTokenResponse.getAccessToken().getTokenValue()).isEqualTo("access-token-1234");
 		assertThat(accessTokenResponse.getAccessToken().getTokenType()).isEqualTo(OAuth2AccessToken.TokenType.BEARER);
 		assertThat(accessTokenResponse.getAccessToken().getExpiresAt()).isBetween(expiresAtBefore, expiresAtAfter);
@@ -126,18 +119,13 @@ public class WebClientReactiveRefreshTokenTokenResponseClientTests {
 		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
 				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
-
 		ClientRegistration clientRegistration = this.clientRegistrationBuilder
 				.clientAuthenticationMethod(ClientAuthenticationMethod.POST).build();
-
 		OAuth2RefreshTokenGrantRequest refreshTokenGrantRequest = new OAuth2RefreshTokenGrantRequest(clientRegistration,
 				this.accessToken, this.refreshToken);
-
 		this.tokenResponseClient.getTokenResponse(refreshTokenGrantRequest).block();
-
 		RecordedRequest recordedRequest = this.server.takeRequest();
 		assertThat(recordedRequest.getHeader(HttpHeaders.AUTHORIZATION)).isNull();
-
 		String formParameters = recordedRequest.getBody().readUtf8();
 		assertThat(formParameters).contains("client_id=client-id");
 		assertThat(formParameters).contains("client_secret=client-secret");
@@ -148,10 +136,8 @@ public class WebClientReactiveRefreshTokenTokenResponseClientTests {
 		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
 				+ "   \"token_type\": \"not-bearer\",\n" + "   \"expires_in\": \"3600\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
-
 		OAuth2RefreshTokenGrantRequest refreshTokenGrantRequest = new OAuth2RefreshTokenGrantRequest(
 				this.clientRegistrationBuilder.build(), this.accessToken, this.refreshToken);
-
 		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(refreshTokenGrantRequest).block())
 				.isInstanceOf(OAuth2AuthorizationException.class).hasMessageContaining("[invalid_token_response]")
 				.hasMessageContaining("An error occurred parsing the Access Token response")
@@ -164,18 +150,14 @@ public class WebClientReactiveRefreshTokenTokenResponseClientTests {
 				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\",\n" + "   \"scope\": \"read\"\n"
 				+ "}\n";
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
-
 		OAuth2RefreshTokenGrantRequest refreshTokenGrantRequest = new OAuth2RefreshTokenGrantRequest(
 				this.clientRegistrationBuilder.build(), this.accessToken, this.refreshToken,
 				Collections.singleton("read"));
-
 		OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient
 				.getTokenResponse(refreshTokenGrantRequest).block();
-
 		RecordedRequest recordedRequest = this.server.takeRequest();
 		String formParameters = recordedRequest.getBody().readUtf8();
 		assertThat(formParameters).contains("scope=read");
-
 		assertThat(accessTokenResponse.getAccessToken().getScopes()).containsExactly("read");
 	}
 
@@ -183,10 +165,8 @@ public class WebClientReactiveRefreshTokenTokenResponseClientTests {
 	public void getTokenResponseWhenErrorResponseThenThrowOAuth2AuthorizationException() {
 		String accessTokenErrorResponse = "{\n" + "   \"error\": \"unauthorized_client\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(accessTokenErrorResponse).setResponseCode(400));
-
 		OAuth2RefreshTokenGrantRequest refreshTokenGrantRequest = new OAuth2RefreshTokenGrantRequest(
 				this.clientRegistrationBuilder.build(), this.accessToken, this.refreshToken);
-
 		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(refreshTokenGrantRequest).block())
 				.isInstanceOfSatisfying(OAuth2AuthorizationException.class,
 						(e) -> assertThat(e.getError().getErrorCode()).isEqualTo("unauthorized_client"))
@@ -196,10 +176,8 @@ public class WebClientReactiveRefreshTokenTokenResponseClientTests {
 	@Test
 	public void getTokenResponseWhenServerErrorResponseThenThrowOAuth2AuthorizationException() {
 		this.server.enqueue(new MockResponse().setResponseCode(500));
-
 		OAuth2RefreshTokenGrantRequest refreshTokenGrantRequest = new OAuth2RefreshTokenGrantRequest(
 				this.clientRegistrationBuilder.build(), this.accessToken, this.refreshToken);
-
 		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(refreshTokenGrantRequest).block())
 				.isInstanceOfSatisfying(OAuth2AuthorizationException.class,
 						(e) -> assertThat(e.getError().getErrorCode()).isEqualTo("invalid_token_response"))
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/http/OAuth2ErrorResponseErrorHandlerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/http/OAuth2ErrorResponseErrorHandlerTests.java
index 10815a3cc6..6eeade77ca 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/http/OAuth2ErrorResponseErrorHandlerTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/http/OAuth2ErrorResponseErrorHandlerTests.java
@@ -38,9 +38,7 @@ public class OAuth2ErrorResponseErrorHandlerTests {
 	public void handleErrorWhenErrorResponseBodyThenHandled() {
 		String errorResponse = "{\n" + "	\"error\": \"unauthorized_client\",\n"
 				+ "   \"error_description\": \"The client is not authorized\"\n" + "}\n";
-
 		MockClientHttpResponse response = new MockClientHttpResponse(errorResponse.getBytes(), HttpStatus.BAD_REQUEST);
-
 		assertThatThrownBy(() -> this.errorHandler.handleError(response))
 				.isInstanceOf(OAuth2AuthorizationException.class)
 				.hasMessage("[unauthorized_client] The client is not authorized");
@@ -49,10 +47,8 @@ public class OAuth2ErrorResponseErrorHandlerTests {
 	@Test
 	public void handleErrorWhenErrorResponseWwwAuthenticateHeaderThenHandled() {
 		String wwwAuthenticateHeader = "Bearer realm=\"auth-realm\" error=\"insufficient_scope\" error_description=\"The access token expired\"";
-
 		MockClientHttpResponse response = new MockClientHttpResponse(new byte[0], HttpStatus.BAD_REQUEST);
 		response.getHeaders().add(HttpHeaders.WWW_AUTHENTICATE, wwwAuthenticateHeader);
-
 		assertThatThrownBy(() -> this.errorHandler.handleError(response))
 				.isInstanceOf(OAuth2AuthorizationException.class)
 				.hasMessage("[insufficient_scope] The access token expired");
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationExceptionMixinTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationExceptionMixinTests.java
index 6bfcc4f2a9..e47de4a0a4 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationExceptionMixinTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationExceptionMixinTests.java
@@ -51,7 +51,6 @@ public class OAuth2AuthenticationExceptionMixinTests {
 		OAuth2AuthenticationException exception = new OAuth2AuthenticationException(
 				new OAuth2Error("[authorization_request_not_found]", "Authorization Request Not Found", "/foo/bar"),
 				"Authorization Request Not Found");
-
 		String serializedJson = this.mapper.writeValueAsString(exception);
 		String expected = asJson(exception);
 		JSONAssert.assertEquals(expected, serializedJson, true);
@@ -61,7 +60,6 @@ public class OAuth2AuthenticationExceptionMixinTests {
 	public void serializeWhenRequiredAttributesOnlyThenSerializes() throws Exception {
 		OAuth2AuthenticationException exception = new OAuth2AuthenticationException(
 				new OAuth2Error("[authorization_request_not_found]"));
-
 		String serializedJson = this.mapper.writeValueAsString(exception);
 		String expected = asJson(exception);
 		JSONAssert.assertEquals(expected, serializedJson, true);
@@ -79,13 +77,11 @@ public class OAuth2AuthenticationExceptionMixinTests {
 		OAuth2AuthenticationException expected = new OAuth2AuthenticationException(
 				new OAuth2Error("[authorization_request_not_found]", "Authorization Request Not Found", "/foo/bar"),
 				"Authorization Request Not Found");
-
 		OAuth2AuthenticationException exception = this.mapper.readValue(asJson(expected),
 				OAuth2AuthenticationException.class);
 		assertThat(exception).isNotNull();
 		assertThat(exception.getCause()).isNull();
 		assertThat(exception.getMessage()).isEqualTo(expected.getMessage());
-
 		OAuth2Error oauth2Error = exception.getError();
 		assertThat(oauth2Error).isNotNull();
 		assertThat(oauth2Error.getErrorCode()).isEqualTo(expected.getError().getErrorCode());
@@ -97,13 +93,11 @@ public class OAuth2AuthenticationExceptionMixinTests {
 	public void deserializeWhenRequiredAttributesOnlyThenDeserializes() throws Exception {
 		OAuth2AuthenticationException expected = new OAuth2AuthenticationException(
 				new OAuth2Error("[authorization_request_not_found]"));
-
 		OAuth2AuthenticationException exception = this.mapper.readValue(asJson(expected),
 				OAuth2AuthenticationException.class);
 		assertThat(exception).isNotNull();
 		assertThat(exception.getCause()).isNull();
 		assertThat(exception.getMessage()).isNull();
-
 		OAuth2Error oauth2Error = exception.getError();
 		assertThat(oauth2Error).isNotNull();
 		assertThat(oauth2Error.getErrorCode()).isEqualTo(expected.getError().getErrorCode());
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationTokenMixinTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationTokenMixinTests.java
index 6e7583df26..ad7e4f5752 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationTokenMixinTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationTokenMixinTests.java
@@ -73,7 +73,6 @@ public class OAuth2AuthenticationTokenMixinTests {
 		String expectedJson = asJson(authentication);
 		String json = this.mapper.writeValueAsString(authentication);
 		JSONAssert.assertEquals(expectedJson, json, true);
-
 		// OAuth2User
 		authentication = TestOAuth2AuthenticationTokens.authenticated();
 		expectedJson = asJson(authentication);
@@ -125,7 +124,6 @@ public class OAuth2AuthenticationTokenMixinTests {
 		OidcUserInfo expectedUserInfo = expectedOidcUser.getUserInfo();
 		OidcUserInfo userInfo = oidcUser.getUserInfo();
 		assertThat(userInfo.getClaims()).containsExactlyEntriesOf(expectedUserInfo.getClaims());
-
 		// OAuth2User
 		expectedAuthentication = TestOAuth2AuthenticationTokens.authenticated();
 		json = asJson(expectedAuthentication);
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProviderTests.java
index 2246bed695..531045c6e5 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProviderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProviderTests.java
@@ -127,7 +127,6 @@ public class OidcAuthorizationCodeAuthenticationProviderTests {
 		this.userService = mock(OAuth2UserService.class);
 		this.authenticationProvider = new OidcAuthorizationCodeAuthenticationProvider(this.accessTokenResponseClient,
 				this.userService);
-
 		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(this.accessTokenResponse);
 	}
 
@@ -166,10 +165,8 @@ public class OidcAuthorizationCodeAuthenticationProviderTests {
 				.build();
 		OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(authorizationRequest,
 				this.authorizationResponse);
-
 		OAuth2LoginAuthenticationToken authentication = (OAuth2LoginAuthenticationToken) this.authenticationProvider
 				.authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, authorizationExchange));
-
 		assertThat(authentication).isNull();
 	}
 
@@ -177,12 +174,10 @@ public class OidcAuthorizationCodeAuthenticationProviderTests {
 	public void authenticateWhenAuthorizationErrorResponseThenThrowOAuth2AuthenticationException() {
 		this.exception.expect(OAuth2AuthenticationException.class);
 		this.exception.expectMessage(containsString(OAuth2ErrorCodes.INVALID_SCOPE));
-
 		OAuth2AuthorizationResponse authorizationResponse = TestOAuth2AuthorizationResponses.error()
 				.errorCode(OAuth2ErrorCodes.INVALID_SCOPE).build();
 		OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(this.authorizationRequest,
 				authorizationResponse);
-
 		this.authenticationProvider
 				.authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, authorizationExchange));
 	}
@@ -191,12 +186,10 @@ public class OidcAuthorizationCodeAuthenticationProviderTests {
 	public void authenticateWhenAuthorizationResponseStateNotEqualAuthorizationRequestStateThenThrowOAuth2AuthenticationException() {
 		this.exception.expect(OAuth2AuthenticationException.class);
 		this.exception.expectMessage(containsString("invalid_state_parameter"));
-
 		OAuth2AuthorizationResponse authorizationResponse = TestOAuth2AuthorizationResponses.success().state("89012")
 				.build();
 		OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(this.authorizationRequest,
 				authorizationResponse);
-
 		this.authenticationProvider
 				.authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, authorizationExchange));
 	}
@@ -205,11 +198,9 @@ public class OidcAuthorizationCodeAuthenticationProviderTests {
 	public void authenticateWhenTokenResponseDoesNotContainIdTokenThenThrowOAuth2AuthenticationException() {
 		this.exception.expect(OAuth2AuthenticationException.class);
 		this.exception.expectMessage(containsString("invalid_id_token"));
-
 		OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse
 				.withResponse(this.accessTokenSuccessResponse()).additionalParameters(Collections.emptyMap()).build();
 		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse);
-
 		this.authenticationProvider
 				.authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, this.authorizationExchange));
 	}
@@ -218,9 +209,7 @@ public class OidcAuthorizationCodeAuthenticationProviderTests {
 	public void authenticateWhenJwkSetUriNotSetThenThrowOAuth2AuthenticationException() {
 		this.exception.expect(OAuth2AuthenticationException.class);
 		this.exception.expectMessage(containsString("missing_signature_verifier"));
-
 		ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().jwkSetUri(null).build();
-
 		this.authenticationProvider
 				.authenticate(new OAuth2LoginAuthenticationToken(clientRegistration, this.authorizationExchange));
 	}
@@ -229,11 +218,9 @@ public class OidcAuthorizationCodeAuthenticationProviderTests {
 	public void authenticateWhenIdTokenValidationErrorThenThrowOAuth2AuthenticationException() {
 		this.exception.expect(OAuth2AuthenticationException.class);
 		this.exception.expectMessage(containsString("[invalid_id_token] ID Token Validation Error"));
-
 		JwtDecoder jwtDecoder = mock(JwtDecoder.class);
 		given(jwtDecoder.decode(anyString())).willThrow(new JwtException("ID Token Validation Error"));
 		this.authenticationProvider.setJwtDecoderFactory((registration) -> jwtDecoder);
-
 		this.authenticationProvider
 				.authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, this.authorizationExchange));
 	}
@@ -242,7 +229,6 @@ public class OidcAuthorizationCodeAuthenticationProviderTests {
 	public void authenticateWhenIdTokenInvalidNonceThenThrowOAuth2AuthenticationException() {
 		this.exception.expect(OAuth2AuthenticationException.class);
 		this.exception.expectMessage(containsString("[invalid_nonce]"));
-
 		Map<String, Object> claims = new HashMap<>();
 		claims.put(IdTokenClaimNames.ISS, "https://provider.com");
 		claims.put(IdTokenClaimNames.SUB, "subject1");
@@ -250,7 +236,6 @@ public class OidcAuthorizationCodeAuthenticationProviderTests {
 		claims.put(IdTokenClaimNames.AZP, "client1");
 		claims.put(IdTokenClaimNames.NONCE, "invalid-nonce-hash");
 		this.setUpIdToken(claims);
-
 		this.authenticationProvider
 				.authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, this.authorizationExchange));
 	}
@@ -264,15 +249,12 @@ public class OidcAuthorizationCodeAuthenticationProviderTests {
 		claims.put(IdTokenClaimNames.AZP, "client1");
 		claims.put(IdTokenClaimNames.NONCE, this.nonceHash);
 		this.setUpIdToken(claims);
-
 		OidcUser principal = mock(OidcUser.class);
 		List<GrantedAuthority> authorities = AuthorityUtils.createAuthorityList("ROLE_USER");
 		given(principal.getAuthorities()).willAnswer((Answer<List<GrantedAuthority>>) (invocation) -> authorities);
 		given(this.userService.loadUser(any())).willReturn(principal);
-
 		OAuth2LoginAuthenticationToken authentication = (OAuth2LoginAuthenticationToken) this.authenticationProvider
 				.authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, this.authorizationExchange));
-
 		assertThat(authentication.isAuthenticated()).isTrue();
 		assertThat(authentication.getPrincipal()).isEqualTo(principal);
 		assertThat(authentication.getCredentials()).isEqualTo("");
@@ -292,21 +274,17 @@ public class OidcAuthorizationCodeAuthenticationProviderTests {
 		claims.put(IdTokenClaimNames.AZP, "client1");
 		claims.put(IdTokenClaimNames.NONCE, this.nonceHash);
 		this.setUpIdToken(claims);
-
 		OidcUser principal = mock(OidcUser.class);
 		List<GrantedAuthority> authorities = AuthorityUtils.createAuthorityList("ROLE_USER");
 		given(principal.getAuthorities()).willAnswer((Answer<List<GrantedAuthority>>) (invocation) -> authorities);
 		given(this.userService.loadUser(any())).willReturn(principal);
-
 		List<GrantedAuthority> mappedAuthorities = AuthorityUtils.createAuthorityList("ROLE_OIDC_USER");
 		GrantedAuthoritiesMapper authoritiesMapper = mock(GrantedAuthoritiesMapper.class);
 		given(authoritiesMapper.mapAuthorities(anyCollection()))
 				.willAnswer((Answer<List<GrantedAuthority>>) (invocation) -> mappedAuthorities);
 		this.authenticationProvider.setAuthoritiesMapper(authoritiesMapper);
-
 		OAuth2LoginAuthenticationToken authentication = (OAuth2LoginAuthenticationToken) this.authenticationProvider
 				.authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, this.authorizationExchange));
-
 		assertThat(authentication.getAuthorities()).isEqualTo(mappedAuthorities);
 	}
 
@@ -320,16 +298,13 @@ public class OidcAuthorizationCodeAuthenticationProviderTests {
 		claims.put(IdTokenClaimNames.AZP, "client1");
 		claims.put(IdTokenClaimNames.NONCE, this.nonceHash);
 		this.setUpIdToken(claims);
-
 		OidcUser principal = mock(OidcUser.class);
 		List<GrantedAuthority> authorities = AuthorityUtils.createAuthorityList("ROLE_USER");
 		given(principal.getAuthorities()).willAnswer((Answer<List<GrantedAuthority>>) (invocation) -> authorities);
 		ArgumentCaptor<OidcUserRequest> userRequestArgCaptor = ArgumentCaptor.forClass(OidcUserRequest.class);
 		given(this.userService.loadUser(userRequestArgCaptor.capture())).willReturn(principal);
-
 		this.authenticationProvider
 				.authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, this.authorizationExchange));
-
 		assertThat(userRequestArgCaptor.getValue().getAdditionalParameters())
 				.containsAllEntriesOf(this.accessTokenResponse.getAdditionalParameters());
 	}
@@ -348,11 +323,9 @@ public class OidcAuthorizationCodeAuthenticationProviderTests {
 		additionalParameters.put("param1", "value1");
 		additionalParameters.put("param2", "value2");
 		additionalParameters.put(OidcParameterNames.ID_TOKEN, "id-token");
-
 		return OAuth2AccessTokenResponse.withToken("access-token-1234").tokenType(OAuth2AccessToken.TokenType.BEARER)
 				.expiresIn(expiresAt.getEpochSecond()).scopes(scopes).refreshToken("refresh-token-1234")
 				.additionalParameters(additionalParameters).build();
-
 	}
 
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManagerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManagerTests.java
index ceb35a8a25..cd1157c53b 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManagerTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManagerTests.java
@@ -139,9 +139,7 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests {
 		// we didn't do anything because it should cause a ClassCastException (as verified
 		// below)
 		TestingAuthenticationToken token = new TestingAuthenticationToken("a", "b");
-
 		assertThatCode(() -> this.manager.authenticate(token)).doesNotThrowAnyException();
-
 		assertThatThrownBy(() -> this.manager.authenticate(token).block()).isInstanceOf(Throwable.class);
 	}
 
@@ -172,10 +170,8 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests {
 						Collections.singletonMap(OidcParameterNames.ID_TOKEN, this.idToken.getTokenValue()))
 				.build();
 		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse));
-
 		given(this.jwtDecoder.decode(any())).willThrow(new JwtException("ID Token Validation Error"));
 		this.manager.setJwtDecoderFactory((c) -> this.jwtDecoder);
-
 		assertThatThrownBy(() -> this.manager.authenticate(loginToken()).block())
 				.isInstanceOf(OAuth2AuthenticationException.class)
 				.hasMessageContaining("[invalid_id_token] ID Token Validation Error");
@@ -187,20 +183,16 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests {
 				.tokenType(OAuth2AccessToken.TokenType.BEARER).additionalParameters(
 						Collections.singletonMap(OidcParameterNames.ID_TOKEN, this.idToken.getTokenValue()))
 				.build();
-
 		OAuth2AuthorizationCodeAuthenticationToken authorizationCodeAuthentication = loginToken();
-
 		Map<String, Object> claims = new HashMap<>();
 		claims.put(IdTokenClaimNames.ISS, "https://issuer.example.com");
 		claims.put(IdTokenClaimNames.SUB, "sub");
 		claims.put(IdTokenClaimNames.AUD, Arrays.asList("client-id"));
 		claims.put(IdTokenClaimNames.NONCE, "invalid-nonce-hash");
 		Jwt idToken = TestJwts.jwt().claims((c) -> c.putAll(claims)).build();
-
 		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse));
 		given(this.jwtDecoder.decode(any())).willReturn(Mono.just(idToken));
 		this.manager.setJwtDecoderFactory((c) -> this.jwtDecoder);
-
 		assertThatThrownBy(() -> this.manager.authenticate(authorizationCodeAuthentication).block())
 				.isInstanceOf(OAuth2AuthenticationException.class).hasMessageContaining("[invalid_nonce]");
 	}
@@ -212,16 +204,13 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests {
 				.additionalParameters(Collections.singletonMap(OidcParameterNames.ID_TOKEN,
 						"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ."))
 				.build();
-
 		OAuth2AuthorizationCodeAuthenticationToken authorizationCodeAuthentication = loginToken();
-
 		Map<String, Object> claims = new HashMap<>();
 		claims.put(IdTokenClaimNames.ISS, "https://issuer.example.com");
 		claims.put(IdTokenClaimNames.SUB, "rob");
 		claims.put(IdTokenClaimNames.AUD, Arrays.asList("client-id"));
 		claims.put(IdTokenClaimNames.NONCE, this.nonceHash);
 		Jwt idToken = TestJwts.jwt().claims((c) -> c.putAll(claims)).build();
-
 		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse));
 		given(this.userService.loadUser(any())).willReturn(Mono.empty());
 		given(this.jwtDecoder.decode(any())).willReturn(Mono.just(idToken));
@@ -235,25 +224,20 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests {
 				.tokenType(OAuth2AccessToken.TokenType.BEARER).additionalParameters(
 						Collections.singletonMap(OidcParameterNames.ID_TOKEN, this.idToken.getTokenValue()))
 				.build();
-
 		OAuth2AuthorizationCodeAuthenticationToken authorizationCodeAuthentication = loginToken();
-
 		Map<String, Object> claims = new HashMap<>();
 		claims.put(IdTokenClaimNames.ISS, "https://issuer.example.com");
 		claims.put(IdTokenClaimNames.SUB, "rob");
 		claims.put(IdTokenClaimNames.AUD, Arrays.asList("client-id"));
 		claims.put(IdTokenClaimNames.NONCE, this.nonceHash);
 		Jwt idToken = TestJwts.jwt().claims((c) -> c.putAll(claims)).build();
-
 		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse));
 		DefaultOidcUser user = new DefaultOidcUser(AuthorityUtils.createAuthorityList("ROLE_USER"), this.idToken);
 		given(this.userService.loadUser(any())).willReturn(Mono.just(user));
 		given(this.jwtDecoder.decode(any())).willReturn(Mono.just(idToken));
 		this.manager.setJwtDecoderFactory((c) -> this.jwtDecoder);
-
 		OAuth2LoginAuthenticationToken result = (OAuth2LoginAuthenticationToken) this.manager
 				.authenticate(authorizationCodeAuthentication).block();
-
 		assertThat(result.getPrincipal()).isEqualTo(user);
 		assertThat(result.getAuthorities()).containsOnlyElementsOf(user.getAuthorities());
 		assertThat(result.isAuthenticated()).isTrue();
@@ -266,25 +250,20 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests {
 				.additionalParameters(
 						Collections.singletonMap(OidcParameterNames.ID_TOKEN, this.idToken.getTokenValue()))
 				.refreshToken("refresh-token").build();
-
 		OAuth2AuthorizationCodeAuthenticationToken authorizationCodeAuthentication = loginToken();
-
 		Map<String, Object> claims = new HashMap<>();
 		claims.put(IdTokenClaimNames.ISS, "https://issuer.example.com");
 		claims.put(IdTokenClaimNames.SUB, "rob");
 		claims.put(IdTokenClaimNames.AUD, Arrays.asList("client-id"));
 		claims.put(IdTokenClaimNames.NONCE, this.nonceHash);
 		Jwt idToken = TestJwts.jwt().claims((c) -> c.putAll(claims)).build();
-
 		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse));
 		DefaultOidcUser user = new DefaultOidcUser(AuthorityUtils.createAuthorityList("ROLE_USER"), this.idToken);
 		given(this.userService.loadUser(any())).willReturn(Mono.just(user));
 		given(this.jwtDecoder.decode(any())).willReturn(Mono.just(idToken));
 		this.manager.setJwtDecoderFactory((c) -> this.jwtDecoder);
-
 		OAuth2LoginAuthenticationToken result = (OAuth2LoginAuthenticationToken) this.manager
 				.authenticate(authorizationCodeAuthentication).block();
-
 		assertThat(result.getPrincipal()).isEqualTo(user);
 		assertThat(result.getAuthorities()).containsOnlyElementsOf(user.getAuthorities());
 		assertThat(result.isAuthenticated()).isTrue();
@@ -301,25 +280,20 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests {
 		additionalParameters.put("param2", "value2");
 		OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("foo")
 				.tokenType(OAuth2AccessToken.TokenType.BEARER).additionalParameters(additionalParameters).build();
-
 		OAuth2AuthorizationCodeAuthenticationToken authorizationCodeAuthentication = loginToken();
-
 		Map<String, Object> claims = new HashMap<>();
 		claims.put(IdTokenClaimNames.ISS, "https://issuer.example.com");
 		claims.put(IdTokenClaimNames.SUB, "rob");
 		claims.put(IdTokenClaimNames.AUD, Arrays.asList(clientRegistration.getClientId()));
 		claims.put(IdTokenClaimNames.NONCE, this.nonceHash);
 		Jwt idToken = TestJwts.jwt().claims((c) -> c.putAll(claims)).build();
-
 		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse));
 		DefaultOidcUser user = new DefaultOidcUser(AuthorityUtils.createAuthorityList("ROLE_USER"), this.idToken);
 		ArgumentCaptor<OidcUserRequest> userRequestArgCaptor = ArgumentCaptor.forClass(OidcUserRequest.class);
 		given(this.userService.loadUser(userRequestArgCaptor.capture())).willReturn(Mono.just(user));
 		given(this.jwtDecoder.decode(any())).willReturn(Mono.just(idToken));
 		this.manager.setJwtDecoderFactory((c) -> this.jwtDecoder);
-
 		this.manager.authenticate(authorizationCodeAuthentication).block();
-
 		assertThat(userRequestArgCaptor.getValue().getAdditionalParameters())
 				.containsAllEntriesOf(accessTokenResponse.getAdditionalParameters());
 	}
@@ -331,21 +305,17 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests {
 				.tokenType(OAuth2AccessToken.TokenType.BEARER).additionalParameters(
 						Collections.singletonMap(OidcParameterNames.ID_TOKEN, this.idToken.getTokenValue()))
 				.build();
-
 		OAuth2AuthorizationCodeAuthenticationToken authorizationCodeAuthentication = loginToken();
-
 		Map<String, Object> claims = new HashMap<>();
 		claims.put(IdTokenClaimNames.ISS, "https://issuer.example.com");
 		claims.put(IdTokenClaimNames.SUB, "rob");
 		claims.put(IdTokenClaimNames.AUD, Collections.singletonList(clientRegistration.getClientId()));
 		claims.put(IdTokenClaimNames.NONCE, this.nonceHash);
 		Jwt idToken = TestJwts.jwt().claims((c) -> c.putAll(claims)).build();
-
 		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse));
 		DefaultOidcUser user = new DefaultOidcUser(AuthorityUtils.createAuthorityList("ROLE_USER"), this.idToken);
 		ArgumentCaptor<OidcUserRequest> userRequestArgCaptor = ArgumentCaptor.forClass(OidcUserRequest.class);
 		given(this.userService.loadUser(userRequestArgCaptor.capture())).willReturn(Mono.just(user));
-
 		List<GrantedAuthority> mappedAuthorities = AuthorityUtils.createAuthorityList("ROLE_OIDC_USER");
 		GrantedAuthoritiesMapper authoritiesMapper = mock(GrantedAuthoritiesMapper.class);
 		given(authoritiesMapper.mapAuthorities(anyCollection()))
@@ -353,9 +323,7 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests {
 		given(this.jwtDecoder.decode(any())).willReturn(Mono.just(idToken));
 		this.manager.setJwtDecoderFactory((c) -> this.jwtDecoder);
 		this.manager.setAuthoritiesMapper(authoritiesMapper);
-
 		Authentication result = this.manager.authenticate(authorizationCodeAuthentication).block();
-
 		assertThat(result.getAuthorities()).isEqualTo(mappedAuthorities);
 	}
 
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenDecoderFactoryTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenDecoderFactoryTests.java
index 38ea444a74..c74a5fc23e 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenDecoderFactoryTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenDecoderFactoryTests.java
@@ -146,14 +146,10 @@ public class OidcIdTokenDecoderFactoryTests {
 	public void createDecoderWhenCustomJwtValidatorFactorySetThenApplied() {
 		Function<ClientRegistration, OAuth2TokenValidator<Jwt>> customJwtValidatorFactory = mock(Function.class);
 		this.idTokenDecoderFactory.setJwtValidatorFactory(customJwtValidatorFactory);
-
 		ClientRegistration clientRegistration = this.registration.build();
-
 		given(customJwtValidatorFactory.apply(same(clientRegistration)))
 				.willReturn(new OidcIdTokenValidator(clientRegistration));
-
 		this.idTokenDecoderFactory.createDecoder(clientRegistration);
-
 		verify(customJwtValidatorFactory).apply(same(clientRegistration));
 	}
 
@@ -161,13 +157,9 @@ public class OidcIdTokenDecoderFactoryTests {
 	public void createDecoderWhenCustomJwsAlgorithmResolverSetThenApplied() {
 		Function<ClientRegistration, JwsAlgorithm> customJwsAlgorithmResolver = mock(Function.class);
 		this.idTokenDecoderFactory.setJwsAlgorithmResolver(customJwsAlgorithmResolver);
-
 		ClientRegistration clientRegistration = this.registration.build();
-
 		given(customJwsAlgorithmResolver.apply(same(clientRegistration))).willReturn(MacAlgorithm.HS256);
-
 		this.idTokenDecoderFactory.createDecoder(clientRegistration);
-
 		verify(customJwsAlgorithmResolver).apply(same(clientRegistration));
 	}
 
@@ -176,14 +168,10 @@ public class OidcIdTokenDecoderFactoryTests {
 		Function<ClientRegistration, Converter<Map<String, Object>, Map<String, Object>>> customClaimTypeConverterFactory = mock(
 				Function.class);
 		this.idTokenDecoderFactory.setClaimTypeConverterFactory(customClaimTypeConverterFactory);
-
 		ClientRegistration clientRegistration = this.registration.build();
-
 		given(customClaimTypeConverterFactory.apply(same(clientRegistration)))
 				.willReturn(new ClaimTypeConverter(OidcIdTokenDecoderFactory.createDefaultClaimTypeConverters()));
-
 		this.idTokenDecoderFactory.createDecoder(clientRegistration);
-
 		verify(customClaimTypeConverterFactory).apply(same(clientRegistration));
 	}
 
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenValidatorTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenValidatorTests.java
index 8f1023628b..9c6aa401ec 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenValidatorTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenValidatorTests.java
@@ -102,7 +102,6 @@ public class OidcIdTokenValidatorTests {
 		 * issuer in the ID Token, the validation must fail
 		 */
 		this.registration = this.registration.issuerUri("https://somethingelse.com");
-
 		assertThat(this.validateIdToken()).hasSize(1).extracting(OAuth2Error::getDescription)
 				.allMatch((msg) -> msg.contains(IdTokenClaimNames.ISS));
 	}
@@ -114,7 +113,6 @@ public class OidcIdTokenValidatorTests {
 		 * in the ID Token, the validation must succeed
 		 */
 		this.registration = this.registration.issuerUri("https://example.com");
-
 		assertThat(this.validateIdToken()).isEmpty();
 	}
 
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/ReactiveOidcIdTokenDecoderFactoryTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/ReactiveOidcIdTokenDecoderFactoryTests.java
index 99d2525d1b..10a57382c1 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/ReactiveOidcIdTokenDecoderFactoryTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/ReactiveOidcIdTokenDecoderFactoryTests.java
@@ -146,14 +146,10 @@ public class ReactiveOidcIdTokenDecoderFactoryTests {
 	public void createDecoderWhenCustomJwtValidatorFactorySetThenApplied() {
 		Function<ClientRegistration, OAuth2TokenValidator<Jwt>> customJwtValidatorFactory = mock(Function.class);
 		this.idTokenDecoderFactory.setJwtValidatorFactory(customJwtValidatorFactory);
-
 		ClientRegistration clientRegistration = this.registration.build();
-
 		given(customJwtValidatorFactory.apply(same(clientRegistration)))
 				.willReturn(new OidcIdTokenValidator(clientRegistration));
-
 		this.idTokenDecoderFactory.createDecoder(clientRegistration);
-
 		verify(customJwtValidatorFactory).apply(same(clientRegistration));
 	}
 
@@ -161,13 +157,9 @@ public class ReactiveOidcIdTokenDecoderFactoryTests {
 	public void createDecoderWhenCustomJwsAlgorithmResolverSetThenApplied() {
 		Function<ClientRegistration, JwsAlgorithm> customJwsAlgorithmResolver = mock(Function.class);
 		this.idTokenDecoderFactory.setJwsAlgorithmResolver(customJwsAlgorithmResolver);
-
 		ClientRegistration clientRegistration = this.registration.build();
-
 		given(customJwsAlgorithmResolver.apply(same(clientRegistration))).willReturn(MacAlgorithm.HS256);
-
 		this.idTokenDecoderFactory.createDecoder(clientRegistration);
-
 		verify(customJwsAlgorithmResolver).apply(same(clientRegistration));
 	}
 
@@ -176,14 +168,10 @@ public class ReactiveOidcIdTokenDecoderFactoryTests {
 		Function<ClientRegistration, Converter<Map<String, Object>, Map<String, Object>>> customClaimTypeConverterFactory = mock(
 				Function.class);
 		this.idTokenDecoderFactory.setClaimTypeConverterFactory(customClaimTypeConverterFactory);
-
 		ClientRegistration clientRegistration = this.registration.build();
-
 		given(customClaimTypeConverterFactory.apply(same(clientRegistration)))
 				.willReturn(new ClaimTypeConverter(OidcIdTokenDecoderFactory.createDefaultClaimTypeConverters()));
-
 		this.idTokenDecoderFactory.createDecoder(clientRegistration);
-
 		verify(customClaimTypeConverterFactory).apply(same(clientRegistration));
 	}
 
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcReactiveOAuth2UserServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcReactiveOAuth2UserServiceTests.java
index 1d9af0f825..0289684cc6 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcReactiveOAuth2UserServiceTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcReactiveOAuth2UserServiceTests.java
@@ -104,18 +104,14 @@ public class OidcReactiveOAuth2UserServiceTests {
 	@Test
 	public void loadUserWhenUserInfoUriNullThenUserInfoNotRetrieved() {
 		this.registration.userInfoUri(null);
-
 		OidcUser user = this.userService.loadUser(userRequest()).block();
-
 		assertThat(user.getUserInfo()).isNull();
 	}
 
 	@Test
 	public void loadUserWhenOAuth2UserEmptyThenNullUserInfo() {
 		given(this.oauth2UserService.loadUser(any())).willReturn(Mono.empty());
-
 		OidcUser user = this.userService.loadUser(userRequest()).block();
-
 		assertThat(user.getUserInfo()).isNull();
 	}
 
@@ -124,7 +120,6 @@ public class OidcReactiveOAuth2UserServiceTests {
 		OAuth2User oauth2User = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("ROLE_USER"),
 				Collections.singletonMap("user", "rob"), "user");
 		given(this.oauth2UserService.loadUser(any())).willReturn(Mono.just(oauth2User));
-
 		assertThatCode(() -> this.userService.loadUser(userRequest()).block())
 				.isInstanceOf(OAuth2AuthenticationException.class);
 	}
@@ -137,7 +132,6 @@ public class OidcReactiveOAuth2UserServiceTests {
 		OAuth2User oauth2User = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("ROLE_USER"), attributes,
 				"user");
 		given(this.oauth2UserService.loadUser(any())).willReturn(Mono.just(oauth2User));
-
 		assertThatCode(() -> this.userService.loadUser(userRequest()).block())
 				.isInstanceOf(OAuth2AuthenticationException.class);
 	}
@@ -150,7 +144,6 @@ public class OidcReactiveOAuth2UserServiceTests {
 		OAuth2User oauth2User = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("ROLE_USER"), attributes,
 				"user");
 		given(this.oauth2UserService.loadUser(any())).willReturn(Mono.just(oauth2User));
-
 		assertThat(this.userService.loadUser(userRequest()).block().getUserInfo()).isNotNull();
 	}
 
@@ -163,7 +156,6 @@ public class OidcReactiveOAuth2UserServiceTests {
 		OAuth2User oauth2User = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("ROLE_USER"), attributes,
 				"user");
 		given(this.oauth2UserService.loadUser(any())).willReturn(Mono.just(oauth2User));
-
 		assertThat(this.userService.loadUser(userRequest()).block().getName()).isEqualTo("rob");
 	}
 
@@ -175,18 +167,13 @@ public class OidcReactiveOAuth2UserServiceTests {
 		OAuth2User oauth2User = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("ROLE_USER"), attributes,
 				"user");
 		given(this.oauth2UserService.loadUser(any())).willReturn(Mono.just(oauth2User));
-
 		OidcUserRequest userRequest = userRequest();
-
 		Function<ClientRegistration, Converter<Map<String, Object>, Map<String, Object>>> customClaimTypeConverterFactory = mock(
 				Function.class);
 		this.userService.setClaimTypeConverterFactory(customClaimTypeConverterFactory);
-
 		given(customClaimTypeConverterFactory.apply(same(userRequest.getClientRegistration())))
 				.willReturn(new ClaimTypeConverter(OidcReactiveOAuth2UserService.createDefaultClaimTypeConverters()));
-
 		this.userService.loadUser(userRequest).block().getUserInfo();
-
 		verify(customClaimTypeConverterFactory).apply(same(userRequest.getClientRegistration()));
 	}
 
@@ -196,7 +183,6 @@ public class OidcReactiveOAuth2UserServiceTests {
 		OidcUserRequest request = new OidcUserRequest(TestClientRegistrations.clientRegistration().build(),
 				TestOAuth2AccessTokens.scopes("message:read", "message:write"), TestOidcIdTokens.idToken().build());
 		OidcUser user = userService.loadUser(request).block();
-
 		assertThat(user.getAuthorities()).hasSize(3);
 		Iterator<? extends GrantedAuthority> authorities = user.getAuthorities().iterator();
 		assertThat(authorities.next()).isInstanceOf(OAuth2UserAuthority.class);
@@ -210,7 +196,6 @@ public class OidcReactiveOAuth2UserServiceTests {
 		OidcUserRequest request = new OidcUserRequest(TestClientRegistrations.clientRegistration().build(),
 				TestOAuth2AccessTokens.noScopes(), TestOidcIdTokens.idToken().build());
 		OidcUser user = userService.loadUser(request).block();
-
 		assertThat(user.getAuthorities()).hasSize(1);
 		Iterator<? extends GrantedAuthority> authorities = user.getAuthorities().iterator();
 		assertThat(authorities.next()).isInstanceOf(OAuth2UserAuthority.class);
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestTests.java
index 973c8a150d..412a1ed786 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestTests.java
@@ -82,7 +82,6 @@ public class OidcUserRequestTests {
 	public void constructorWhenAllParametersProvidedAndValidThenCreated() {
 		OidcUserRequest userRequest = new OidcUserRequest(this.clientRegistration, this.accessToken, this.idToken,
 				this.additionalParameters);
-
 		assertThat(userRequest.getClientRegistration()).isEqualTo(this.clientRegistration);
 		assertThat(userRequest.getAccessToken()).isEqualTo(this.accessToken);
 		assertThat(userRequest.getIdToken()).isEqualTo(this.idToken);
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestUtilsTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestUtilsTests.java
index 79fc3ad856..045ac4a3f5 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestUtilsTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestUtilsTests.java
@@ -52,21 +52,18 @@ public class OidcUserRequestUtilsTests {
 	@Test
 	public void shouldRetrieveUserInfoWhenNoUserInfoUriThenFalse() {
 		this.registration.userInfoUri(null);
-
 		assertThat(OidcUserRequestUtils.shouldRetrieveUserInfo(userRequest())).isFalse();
 	}
 
 	@Test
 	public void shouldRetrieveUserInfoWhenDifferentScopesThenFalse() {
 		this.registration.scope("notintoken");
-
 		assertThat(OidcUserRequestUtils.shouldRetrieveUserInfo(userRequest())).isFalse();
 	}
 
 	@Test
 	public void shouldRetrieveUserInfoWhenNotAuthorizationCodeThenFalse() {
 		this.registration.authorizationGrantType(AuthorizationGrantType.IMPLICIT);
-
 		assertThat(OidcUserRequestUtils.shouldRetrieveUserInfo(userRequest())).isFalse();
 	}
 
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserServiceTests.java
index 2517e8b4e5..73b0e8c68b 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserServiceTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserServiceTests.java
@@ -90,14 +90,11 @@ public class OidcUserServiceTests {
 		this.clientRegistrationBuilder = TestClientRegistrations.clientRegistration().userInfoUri(null)
 				.userInfoAuthenticationMethod(AuthenticationMethod.HEADER)
 				.userNameAttributeName(StandardClaimNames.SUB);
-
 		this.accessToken = TestOAuth2AccessTokens.scopes(OidcScopes.OPENID, OidcScopes.PROFILE);
-
 		Map<String, Object> idTokenClaims = new HashMap<>();
 		idTokenClaims.put(IdTokenClaimNames.ISS, "https://provider.com");
 		idTokenClaims.put(IdTokenClaimNames.SUB, "subject1");
 		this.idToken = new OidcIdToken("access-token", Instant.MIN, Instant.MAX, idTokenClaims);
-
 		this.userService.setOauth2UserService(new DefaultOAuth2UserService());
 	}
 
@@ -155,7 +152,6 @@ public class OidcUserServiceTests {
 		ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri("https://provider.com/user")
 				.build();
 		this.accessToken = TestOAuth2AccessTokens.scopes("scope1", "scope2");
-
 		OidcUser user = this.userService
 				.loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken));
 		assertThat(user.getUserInfo()).isNull();
@@ -168,14 +164,10 @@ public class OidcUserServiceTests {
 				+ "   \"given_name\": \"first\",\n" + "   \"family_name\": \"last\",\n"
 				+ "   \"preferred_username\": \"user1\",\n" + "   \"email\": \"user1@example.com\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(userInfoResponse));
-
 		String userInfoUri = this.server.url("/user").toString();
-
 		ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).build();
-
 		this.accessToken = TestOAuth2AccessTokens.scopes("scope1", "scope2");
 		this.userService.setAccessibleScopes(Collections.singleton("scope2"));
-
 		OidcUser user = this.userService
 				.loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken));
 		assertThat(user.getUserInfo()).isNotNull();
@@ -188,14 +180,10 @@ public class OidcUserServiceTests {
 				+ "   \"given_name\": \"first\",\n" + "   \"family_name\": \"last\",\n"
 				+ "   \"preferred_username\": \"user1\",\n" + "   \"email\": \"user1@example.com\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(userInfoResponse));
-
 		String userInfoUri = this.server.url("/user").toString();
-
 		ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).build();
-
 		this.accessToken = TestOAuth2AccessTokens.scopes("scope1", "scope2");
 		this.userService.setAccessibleScopes(Collections.emptySet());
-
 		OidcUser user = this.userService
 				.loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken));
 		assertThat(user.getUserInfo()).isNotNull();
@@ -208,11 +196,8 @@ public class OidcUserServiceTests {
 				+ "   \"given_name\": \"first\",\n" + "   \"family_name\": \"last\",\n"
 				+ "   \"preferred_username\": \"user1\",\n" + "   \"email\": \"user1@example.com\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(userInfoResponse));
-
 		String userInfoUri = this.server.url("/user").toString();
-
 		ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).build();
-
 		OidcUser user = this.userService
 				.loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken));
 		assertThat(user.getUserInfo()).isNotNull();
@@ -224,14 +209,10 @@ public class OidcUserServiceTests {
 				+ "   \"given_name\": \"first\",\n" + "   \"family_name\": \"last\",\n"
 				+ "   \"preferred_username\": \"user1\",\n" + "   \"email\": \"user1@example.com\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(userInfoResponse));
-
 		String userInfoUri = this.server.url("/user").toString();
-
 		ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).build();
-
 		OidcUser user = this.userService
 				.loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken));
-
 		assertThat(user.getIdToken()).isNotNull();
 		assertThat(user.getUserInfo()).isNotNull();
 		assertThat(user.getUserInfo().getClaims().size()).isEqualTo(6);
@@ -243,7 +224,6 @@ public class OidcUserServiceTests {
 		assertThat(user.getUserInfo().getFamilyName()).isEqualTo("last");
 		assertThat(user.getUserInfo().getPreferredUsername()).isEqualTo("user1");
 		assertThat(user.getUserInfo().getEmail()).isEqualTo("user1@example.com");
-
 		assertThat(user.getAuthorities().size()).isEqualTo(3);
 		assertThat(user.getAuthorities().iterator().next()).isInstanceOf(OidcUserAuthority.class);
 		OidcUserAuthority userAuthority = (OidcUserAuthority) user.getAuthorities().iterator().next();
@@ -257,16 +237,12 @@ public class OidcUserServiceTests {
 	public void loadUserWhenUserInfoSuccessResponseAndUserInfoSubjectIsNullThenThrowOAuth2AuthenticationException() {
 		this.exception.expect(OAuth2AuthenticationException.class);
 		this.exception.expectMessage(containsString("invalid_user_info_response"));
-
 		String userInfoResponse = "{\n" + "	\"email\": \"full_name@provider.com\",\n" + "	\"name\": \"full name\"\n"
 				+ "}\n";
 		this.server.enqueue(jsonResponse(userInfoResponse));
-
 		String userInfoUri = this.server.url("/user").toString();
-
 		ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri)
 				.userNameAttributeName(StandardClaimNames.EMAIL).build();
-
 		this.userService.loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken));
 	}
 
@@ -274,14 +250,10 @@ public class OidcUserServiceTests {
 	public void loadUserWhenUserInfoSuccessResponseAndUserInfoSubjectNotSameAsIdTokenSubjectThenThrowOAuth2AuthenticationException() {
 		this.exception.expect(OAuth2AuthenticationException.class);
 		this.exception.expectMessage(containsString("invalid_user_info_response"));
-
 		String userInfoResponse = "{\n" + "	\"sub\": \"other-subject\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(userInfoResponse));
-
 		String userInfoUri = this.server.url("/user").toString();
-
 		ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).build();
-
 		this.userService.loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken));
 	}
 
@@ -290,17 +262,13 @@ public class OidcUserServiceTests {
 		this.exception.expect(OAuth2AuthenticationException.class);
 		this.exception.expectMessage(containsString(
 				"[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource"));
-
 		String userInfoResponse = "{\n" + "	\"sub\": \"subject1\",\n" + "   \"name\": \"first last\",\n"
 				+ "   \"given_name\": \"first\",\n" + "   \"family_name\": \"last\",\n"
 				+ "   \"preferred_username\": \"user1\",\n" + "   \"email\": \"user1@example.com\"\n";
 		// "}\n"; // Make the JSON invalid/malformed
 		this.server.enqueue(jsonResponse(userInfoResponse));
-
 		String userInfoUri = this.server.url("/user").toString();
-
 		ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).build();
-
 		this.userService.loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken));
 	}
 
@@ -309,13 +277,9 @@ public class OidcUserServiceTests {
 		this.exception.expect(OAuth2AuthenticationException.class);
 		this.exception.expectMessage(containsString(
 				"[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource: 500 Server Error"));
-
 		this.server.enqueue(new MockResponse().setResponseCode(500));
-
 		String userInfoUri = this.server.url("/user").toString();
-
 		ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).build();
-
 		this.userService.loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken));
 	}
 
@@ -324,11 +288,8 @@ public class OidcUserServiceTests {
 		this.exception.expect(OAuth2AuthenticationException.class);
 		this.exception.expectMessage(containsString(
 				"[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource"));
-
 		String userInfoUri = "https://invalid-provider.com/user";
-
 		ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).build();
-
 		this.userService.loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken));
 	}
 
@@ -338,15 +299,11 @@ public class OidcUserServiceTests {
 				+ "   \"given_name\": \"first\",\n" + "   \"family_name\": \"last\",\n"
 				+ "   \"preferred_username\": \"user1\",\n" + "   \"email\": \"user1@example.com\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(userInfoResponse));
-
 		String userInfoUri = this.server.url("/user").toString();
-
 		ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri)
 				.userNameAttributeName(StandardClaimNames.EMAIL).build();
-
 		OidcUser user = this.userService
 				.loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken));
-
 		assertThat(user.getName()).isEqualTo("user1@example.com");
 	}
 
@@ -357,11 +314,8 @@ public class OidcUserServiceTests {
 				+ "   \"given_name\": \"first\",\n" + "   \"family_name\": \"last\",\n"
 				+ "   \"preferred_username\": \"user1\",\n" + "   \"email\": \"user1@example.com\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(userInfoResponse));
-
 		String userInfoUri = this.server.url("/user").toString();
-
 		ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).build();
-
 		this.userService.loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken));
 		assertThat(this.server.takeRequest(1, TimeUnit.SECONDS).getHeader(HttpHeaders.ACCEPT))
 				.isEqualTo(MediaType.APPLICATION_JSON_VALUE);
@@ -374,11 +328,8 @@ public class OidcUserServiceTests {
 				+ "   \"given_name\": \"first\",\n" + "   \"family_name\": \"last\",\n"
 				+ "   \"preferred_username\": \"user1\",\n" + "   \"email\": \"user1@example.com\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(userInfoResponse));
-
 		String userInfoUri = this.server.url("/user").toString();
-
 		ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).build();
-
 		this.userService.loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken));
 		RecordedRequest request = this.server.takeRequest();
 		assertThat(request.getMethod()).isEqualTo(HttpMethod.GET.name());
@@ -394,12 +345,9 @@ public class OidcUserServiceTests {
 				+ "   \"given_name\": \"first\",\n" + "   \"family_name\": \"last\",\n"
 				+ "   \"preferred_username\": \"user1\",\n" + "   \"email\": \"user1@example.com\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(userInfoResponse));
-
 		String userInfoUri = this.server.url("/user").toString();
-
 		ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri)
 				.userInfoAuthenticationMethod(AuthenticationMethod.FORM).build();
-
 		this.userService.loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken));
 		RecordedRequest request = this.server.takeRequest();
 		assertThat(request.getMethod()).isEqualTo(HttpMethod.POST.name());
@@ -414,20 +362,14 @@ public class OidcUserServiceTests {
 				+ "   \"given_name\": \"first\",\n" + "   \"family_name\": \"last\",\n"
 				+ "   \"preferred_username\": \"user1\",\n" + "   \"email\": \"user1@example.com\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(userInfoResponse));
-
 		String userInfoUri = this.server.url("/user").toString();
-
 		ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).build();
-
 		Function<ClientRegistration, Converter<Map<String, Object>, Map<String, Object>>> customClaimTypeConverterFactory = mock(
 				Function.class);
 		this.userService.setClaimTypeConverterFactory(customClaimTypeConverterFactory);
-
 		given(customClaimTypeConverterFactory.apply(same(clientRegistration)))
 				.willReturn(new ClaimTypeConverter(OidcUserService.createDefaultClaimTypeConverters()));
-
 		this.userService.loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken));
-
 		verify(customClaimTypeConverterFactory).apply(same(clientRegistration));
 	}
 
@@ -437,7 +379,6 @@ public class OidcUserServiceTests {
 		OidcUserRequest request = new OidcUserRequest(TestClientRegistrations.clientRegistration().build(),
 				TestOAuth2AccessTokens.scopes("message:read", "message:write"), TestOidcIdTokens.idToken().build());
 		OidcUser user = userService.loadUser(request);
-
 		assertThat(user.getAuthorities()).hasSize(3);
 		Iterator<? extends GrantedAuthority> authorities = user.getAuthorities().iterator();
 		assertThat(authorities.next()).isInstanceOf(OidcUserAuthority.class);
@@ -451,7 +392,6 @@ public class OidcUserServiceTests {
 		OidcUserRequest request = new OidcUserRequest(TestClientRegistrations.clientRegistration().build(),
 				TestOAuth2AccessTokens.noScopes(), TestOidcIdTokens.idToken().build());
 		OidcUser user = userService.loadUser(request);
-
 		assertThat(user.getAuthorities()).hasSize(1);
 		Iterator<? extends GrantedAuthority> authorities = user.getAuthorities().iterator();
 		assertThat(authorities.next()).isInstanceOf(OidcUserAuthority.class);
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/logout/OidcClientInitiatedLogoutSuccessHandlerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/logout/OidcClientInitiatedLogoutSuccessHandlerTests.java
index c55d019efe..a72c9059d6 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/logout/OidcClientInitiatedLogoutSuccessHandlerTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/logout/OidcClientInitiatedLogoutSuccessHandlerTests.java
@@ -72,21 +72,17 @@ public class OidcClientInitiatedLogoutSuccessHandlerTests {
 	public void logoutWhenOidcRedirectUrlConfiguredThenRedirects() throws IOException, ServletException {
 		OAuth2AuthenticationToken token = new OAuth2AuthenticationToken(TestOidcUsers.create(),
 				AuthorityUtils.NO_AUTHORITIES, this.registration.getRegistrationId());
-
 		this.request.setUserPrincipal(token);
 		this.handler.onLogoutSuccess(this.request, this.response, token);
-
 		assertThat(this.response.getRedirectedUrl()).isEqualTo("https://endpoint?id_token_hint=id-token");
 	}
 
 	@Test
 	public void logoutWhenNotOAuth2AuthenticationThenDefaults() throws IOException, ServletException {
 		Authentication token = mock(Authentication.class);
-
 		this.request.setUserPrincipal(token);
 		this.handler.setDefaultTargetUrl("https://default");
 		this.handler.onLogoutSuccess(this.request, this.response, token);
-
 		assertThat(this.response.getRedirectedUrl()).isEqualTo("https://default");
 	}
 
@@ -94,41 +90,32 @@ public class OidcClientInitiatedLogoutSuccessHandlerTests {
 	public void logoutWhenNotOidcUserThenDefaults() throws IOException, ServletException {
 		OAuth2AuthenticationToken token = new OAuth2AuthenticationToken(TestOAuth2Users.create(),
 				AuthorityUtils.NO_AUTHORITIES, this.registration.getRegistrationId());
-
 		this.request.setUserPrincipal(token);
 		this.handler.setDefaultTargetUrl("https://default");
 		this.handler.onLogoutSuccess(this.request, this.response, token);
-
 		assertThat(this.response.getRedirectedUrl()).isEqualTo("https://default");
 	}
 
 	@Test
 	public void logoutWhenClientRegistrationHasNoEndSessionEndpointThenDefaults() throws Exception {
-
 		ClientRegistration registration = TestClientRegistrations.clientRegistration().build();
 		ClientRegistrationRepository repository = new InMemoryClientRegistrationRepository(registration);
 		OidcClientInitiatedLogoutSuccessHandler handler = new OidcClientInitiatedLogoutSuccessHandler(repository);
-
 		OAuth2AuthenticationToken token = new OAuth2AuthenticationToken(TestOidcUsers.create(),
 				AuthorityUtils.NO_AUTHORITIES, registration.getRegistrationId());
-
 		this.request.setUserPrincipal(token);
 		handler.setDefaultTargetUrl("https://default");
 		handler.onLogoutSuccess(this.request, this.response, token);
-
 		assertThat(this.response.getRedirectedUrl()).isEqualTo("https://default");
 	}
 
 	@Test
 	public void logoutWhenUsingPostLogoutRedirectUriThenIncludesItInRedirect() throws IOException, ServletException {
-
 		OAuth2AuthenticationToken token = new OAuth2AuthenticationToken(TestOidcUsers.create(),
 				AuthorityUtils.NO_AUTHORITIES, this.registration.getRegistrationId());
-
 		this.handler.setPostLogoutRedirectUri(URI.create("https://postlogout?encodedparam=value"));
 		this.request.setUserPrincipal(token);
 		this.handler.onLogoutSuccess(this.request, this.response, token);
-
 		assertThat(this.response.getRedirectedUrl()).isEqualTo("https://endpoint?" + "id_token_hint=id-token&"
 				+ "post_logout_redirect_uri=https://postlogout?encodedparam%3Dvalue");
 	}
@@ -136,7 +123,6 @@ public class OidcClientInitiatedLogoutSuccessHandlerTests {
 	@Test
 	public void logoutWhenUsingPostLogoutRedirectUriTemplateThenBuildsItForRedirect()
 			throws IOException, ServletException {
-
 		OAuth2AuthenticationToken token = new OAuth2AuthenticationToken(TestOidcUsers.create(),
 				AuthorityUtils.NO_AUTHORITIES, this.registration.getRegistrationId());
 		this.handler.setPostLogoutRedirectUri("{baseUrl}");
@@ -145,7 +131,6 @@ public class OidcClientInitiatedLogoutSuccessHandlerTests {
 		this.request.setServerName("rp.example.org");
 		this.request.setUserPrincipal(token);
 		this.handler.onLogoutSuccess(this.request, this.response, token);
-
 		assertThat(this.response.getRedirectedUrl()).isEqualTo(
 				"https://endpoint?" + "id_token_hint=id-token&" + "post_logout_redirect_uri=https://rp.example.org");
 	}
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/server/logout/OidcClientInitiatedServerLogoutSuccessHandlerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/server/logout/OidcClientInitiatedServerLogoutSuccessHandlerTests.java
index 21103b9cde..b0465c0dc6 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/server/logout/OidcClientInitiatedServerLogoutSuccessHandlerTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/server/logout/OidcClientInitiatedServerLogoutSuccessHandlerTests.java
@@ -77,24 +77,19 @@ public class OidcClientInitiatedServerLogoutSuccessHandlerTests {
 	public void logoutWhenOidcRedirectUrlConfiguredThenRedirects() {
 		OAuth2AuthenticationToken token = new OAuth2AuthenticationToken(TestOidcUsers.create(),
 				AuthorityUtils.NO_AUTHORITIES, this.registration.getRegistrationId());
-
 		given(this.exchange.getPrincipal()).willReturn(Mono.just(token));
 		WebFilterExchange f = new WebFilterExchange(this.exchange, this.chain);
 		this.handler.onLogoutSuccess(f, token).block();
-
 		assertThat(redirectedUrl(this.exchange)).isEqualTo("https://endpoint?id_token_hint=id-token");
 	}
 
 	@Test
 	public void logoutWhenNotOAuth2AuthenticationThenDefaults() {
 		Authentication token = mock(Authentication.class);
-
 		given(this.exchange.getPrincipal()).willReturn(Mono.just(token));
 		WebFilterExchange f = new WebFilterExchange(this.exchange, this.chain);
-
 		this.handler.setLogoutSuccessUrl(URI.create("https://default"));
 		this.handler.onLogoutSuccess(f, token).block();
-
 		assertThat(redirectedUrl(this.exchange)).isEqualTo("https://default");
 	}
 
@@ -102,49 +97,37 @@ public class OidcClientInitiatedServerLogoutSuccessHandlerTests {
 	public void logoutWhenNotOidcUserThenDefaults() {
 		OAuth2AuthenticationToken token = new OAuth2AuthenticationToken(TestOAuth2Users.create(),
 				AuthorityUtils.NO_AUTHORITIES, this.registration.getRegistrationId());
-
 		given(this.exchange.getPrincipal()).willReturn(Mono.just(token));
 		WebFilterExchange f = new WebFilterExchange(this.exchange, this.chain);
-
 		this.handler.setLogoutSuccessUrl(URI.create("https://default"));
 		this.handler.onLogoutSuccess(f, token).block();
-
 		assertThat(redirectedUrl(this.exchange)).isEqualTo("https://default");
 	}
 
 	@Test
 	public void logoutWhenClientRegistrationHasNoEndSessionEndpointThenDefaults() {
-
 		ClientRegistration registration = TestClientRegistrations.clientRegistration().build();
 		ReactiveClientRegistrationRepository repository = new InMemoryReactiveClientRegistrationRepository(
 				registration);
 		OidcClientInitiatedServerLogoutSuccessHandler handler = new OidcClientInitiatedServerLogoutSuccessHandler(
 				repository);
-
 		OAuth2AuthenticationToken token = new OAuth2AuthenticationToken(TestOidcUsers.create(),
 				AuthorityUtils.NO_AUTHORITIES, registration.getRegistrationId());
-
 		given(this.exchange.getPrincipal()).willReturn(Mono.just(token));
 		WebFilterExchange f = new WebFilterExchange(this.exchange, this.chain);
-
 		handler.setLogoutSuccessUrl(URI.create("https://default"));
 		handler.onLogoutSuccess(f, token).block();
-
 		assertThat(redirectedUrl(this.exchange)).isEqualTo("https://default");
 	}
 
 	@Test
 	public void logoutWhenUsingPostLogoutRedirectUriThenIncludesItInRedirect() {
-
 		OAuth2AuthenticationToken token = new OAuth2AuthenticationToken(TestOidcUsers.create(),
 				AuthorityUtils.NO_AUTHORITIES, this.registration.getRegistrationId());
-
 		given(this.exchange.getPrincipal()).willReturn(Mono.just(token));
 		WebFilterExchange f = new WebFilterExchange(this.exchange, this.chain);
-
 		this.handler.setPostLogoutRedirectUri(URI.create("https://postlogout?encodedparam=value"));
 		this.handler.onLogoutSuccess(f, token).block();
-
 		assertThat(redirectedUrl(this.exchange)).isEqualTo("https://endpoint?" + "id_token_hint=id-token&"
 				+ "post_logout_redirect_uri=https://postlogout?encodedparam%3Dvalue");
 	}
@@ -152,17 +135,14 @@ public class OidcClientInitiatedServerLogoutSuccessHandlerTests {
 	@Test
 	public void logoutWhenUsingPostLogoutRedirectUriTemplateThenBuildsItForRedirect()
 			throws IOException, ServletException {
-
 		OAuth2AuthenticationToken token = new OAuth2AuthenticationToken(TestOidcUsers.create(),
 				AuthorityUtils.NO_AUTHORITIES, this.registration.getRegistrationId());
 		given(this.exchange.getPrincipal()).willReturn(Mono.just(token));
 		MockServerHttpRequest request = MockServerHttpRequest.get("https://rp.example.org/").build();
 		given(this.exchange.getRequest()).willReturn(request);
 		WebFilterExchange f = new WebFilterExchange(this.exchange, this.chain);
-
 		this.handler.setPostLogoutRedirectUri("{baseUrl}");
 		this.handler.onLogoutSuccess(f, token).block();
-
 		assertThat(redirectedUrl(this.exchange)).isEqualTo(
 				"https://endpoint?" + "id_token_hint=id-token&" + "post_logout_redirect_uri=https://rp.example.org");
 	}
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationTests.java
index db69a0ea48..f419a9c07f 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationTests.java
@@ -87,7 +87,6 @@ public class ClientRegistrationTests {
 				.scope(SCOPES.toArray(new String[0])).authorizationUri(AUTHORIZATION_URI).tokenUri(TOKEN_URI)
 				.userInfoAuthenticationMethod(AuthenticationMethod.FORM).jwkSetUri(JWK_SET_URI).issuerUri(ISSUER_URI)
 				.providerConfigurationMetadata(PROVIDER_CONFIGURATION_METADATA).clientName(CLIENT_NAME).build();
-
 		assertThat(registration.getRegistrationId()).isEqualTo(REGISTRATION_ID);
 		assertThat(registration.getClientId()).isEqualTo(CLIENT_ID);
 		assertThat(registration.getClientSecret()).isEqualTo(CLIENT_SECRET);
@@ -274,7 +273,6 @@ public class ClientRegistrationTests {
 				.authorizationGrantType(AuthorizationGrantType.IMPLICIT).redirectUri(REDIRECT_URI)
 				.scope(SCOPES.toArray(new String[0])).authorizationUri(AUTHORIZATION_URI)
 				.userInfoAuthenticationMethod(AuthenticationMethod.FORM).clientName(CLIENT_NAME).build();
-
 		assertThat(registration.getRegistrationId()).isEqualTo(REGISTRATION_ID);
 		assertThat(registration.getClientId()).isEqualTo(CLIENT_ID);
 		assertThat(registration.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.IMPLICIT);
@@ -345,7 +343,6 @@ public class ClientRegistrationTests {
 				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).redirectUri(REDIRECT_URI)
 				.scope(SCOPES.toArray(new String[0])).authorizationUri(AUTHORIZATION_URI).tokenUri(TOKEN_URI)
 				.jwkSetUri(JWK_SET_URI).clientName(CLIENT_NAME).build();
-
 		assertThat(registration.getRegistrationId()).isEqualTo(overriddenId);
 	}
 
@@ -355,7 +352,6 @@ public class ClientRegistrationTests {
 				.clientSecret(CLIENT_SECRET).clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
 				.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS).scope(SCOPES.toArray(new String[0]))
 				.tokenUri(TOKEN_URI).clientName(CLIENT_NAME).build();
-
 		assertThat(registration.getRegistrationId()).isEqualTo(REGISTRATION_ID);
 		assertThat(registration.getClientId()).isEqualTo(CLIENT_ID);
 		assertThat(registration.getClientSecret()).isEqualTo(CLIENT_SECRET);
@@ -425,7 +421,6 @@ public class ClientRegistrationTests {
 				.clientSecret(CLIENT_SECRET).clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
 				.authorizationGrantType(AuthorizationGrantType.PASSWORD).scope(SCOPES.toArray(new String[0]))
 				.tokenUri(TOKEN_URI).clientName(CLIENT_NAME).build();
-
 		assertThat(registration.getRegistrationId()).isEqualTo(REGISTRATION_ID);
 		assertThat(registration.getClientId()).isEqualTo(CLIENT_ID);
 		assertThat(registration.getClientSecret()).isEqualTo(CLIENT_SECRET);
@@ -483,7 +478,6 @@ public class ClientRegistrationTests {
 				.clientSecret(CLIENT_SECRET).clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
 				.authorizationGrantType(customGrantType).scope(SCOPES.toArray(new String[0])).tokenUri(TOKEN_URI)
 				.clientName(CLIENT_NAME).build();
-
 		assertThat(registration.getRegistrationId()).isEqualTo(REGISTRATION_ID);
 		assertThat(registration.getClientId()).isEqualTo(CLIENT_ID);
 		assertThat(registration.getClientSecret()).isEqualTo(CLIENT_SECRET);
@@ -518,12 +512,10 @@ public class ClientRegistrationTests {
 		assertThat(clientRegistration.getAuthorizationGrantType()).isEqualTo(updated.getAuthorizationGrantType());
 		assertThat(clientRegistration.getRedirectUri()).isEqualTo(updated.getRedirectUri());
 		assertThat(clientRegistration.getScopes()).isEqualTo(updated.getScopes());
-
 		ClientRegistration.ProviderDetails providerDetails = clientRegistration.getProviderDetails();
 		ClientRegistration.ProviderDetails updatedProviderDetails = updated.getProviderDetails();
 		assertThat(providerDetails.getAuthorizationUri()).isEqualTo(updatedProviderDetails.getAuthorizationUri());
 		assertThat(providerDetails.getTokenUri()).isEqualTo(updatedProviderDetails.getTokenUri());
-
 		ClientRegistration.ProviderDetails.UserInfoEndpoint userInfoEndpoint = providerDetails.getUserInfoEndpoint();
 		ClientRegistration.ProviderDetails.UserInfoEndpoint updatedUserInfoEndpoint = updatedProviderDetails
 				.getUserInfoEndpoint();
@@ -532,12 +524,10 @@ public class ClientRegistrationTests {
 				.isEqualTo(updatedUserInfoEndpoint.getAuthenticationMethod());
 		assertThat(userInfoEndpoint.getUserNameAttributeName())
 				.isEqualTo(updatedUserInfoEndpoint.getUserNameAttributeName());
-
 		assertThat(providerDetails.getJwkSetUri()).isEqualTo(updatedProviderDetails.getJwkSetUri());
 		assertThat(providerDetails.getIssuerUri()).isEqualTo(updatedProviderDetails.getIssuerUri());
 		assertThat(providerDetails.getConfigurationMetadata())
 				.isEqualTo(updatedProviderDetails.getConfigurationMetadata());
-
 		assertThat(clientRegistration.getClientName()).isEqualTo(updated.getClientName());
 	}
 
@@ -547,7 +537,6 @@ public class ClientRegistrationTests {
 		ClientRegistration updated = ClientRegistration.withClientRegistration(clientRegistration)
 				.clientSecret("a-new-secret").scope("a-new-scope")
 				.providerConfigurationMetadata(Collections.singletonMap("a-new-config", "a-new-value")).build();
-
 		assertThat(clientRegistration.getClientSecret()).isNotEqualTo(updated.getClientSecret());
 		assertThat(updated.getClientSecret()).isEqualTo("a-new-secret");
 		assertThat(clientRegistration.getScopes()).doesNotContain("a-new-scope");
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationsTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationsTests.java
index 61dc4e954a..4fa404c5e6 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationsTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationsTests.java
@@ -200,45 +200,35 @@ public class ClientRegistrationsTests {
 	@Test
 	public void issuerWhenScopesNullThenScopesDefaulted() throws Exception {
 		this.response.remove("scopes_supported");
-
 		ClientRegistration registration = registration("").build();
-
 		assertThat(registration.getScopes()).containsOnly("openid");
 	}
 
 	@Test
 	public void issuerWhenOidcFallbackScopesNullThenScopesDefaulted() throws Exception {
 		this.response.remove("scopes_supported");
-
 		ClientRegistration registration = registrationOidcFallback("", null).build();
-
 		assertThat(registration.getScopes()).containsOnly("openid");
 	}
 
 	@Test
 	public void issuerWhenOAuth2ScopesNullThenScopesDefaulted() throws Exception {
 		this.response.remove("scopes_supported");
-
 		ClientRegistration registration = registrationOAuth2("", null).build();
-
 		assertThat(registration.getScopes()).containsOnly("openid");
 	}
 
 	@Test
 	public void issuerWhenGrantTypesSupportedNullThenDefaulted() throws Exception {
 		this.response.remove("grant_types_supported");
-
 		ClientRegistration registration = registration("").build();
-
 		assertThat(registration.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
 	}
 
 	@Test
 	public void issuerWhenOAuth2GrantTypesSupportedNullThenDefaulted() throws Exception {
 		this.response.remove("grant_types_supported");
-
 		ClientRegistration registration = registrationOAuth2("", null).build();
-
 		assertThat(registration.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
 	}
 
@@ -249,7 +239,6 @@ public class ClientRegistrationsTests {
 	@Test
 	public void issuerWhenGrantTypesSupportedInvalidThenException() {
 		this.response.put("grant_types_supported", Arrays.asList("implicit"));
-
 		assertThatThrownBy(() -> registration("")).isInstanceOf(IllegalArgumentException.class)
 				.hasMessageContaining("Only AuthorizationGrantType.AUTHORIZATION_CODE is supported. The issuer \""
 						+ this.issuer + "\" returned a configuration of [implicit]");
@@ -258,7 +247,6 @@ public class ClientRegistrationsTests {
 	@Test
 	public void issuerWhenOAuth2GrantTypesSupportedInvalidThenException() {
 		this.response.put("grant_types_supported", Arrays.asList("implicit"));
-
 		assertThatThrownBy(() -> registrationOAuth2("", null)).isInstanceOf(IllegalArgumentException.class)
 				.hasMessageContaining("Only AuthorizationGrantType.AUTHORIZATION_CODE is supported. The issuer \""
 						+ this.issuer + "\" returned a configuration of [implicit]");
@@ -267,54 +255,42 @@ public class ClientRegistrationsTests {
 	@Test
 	public void issuerWhenTokenEndpointAuthMethodsNullThenDefaulted() throws Exception {
 		this.response.remove("token_endpoint_auth_methods_supported");
-
 		ClientRegistration registration = registration("").build();
-
 		assertThat(registration.getClientAuthenticationMethod()).isEqualTo(ClientAuthenticationMethod.BASIC);
 	}
 
 	@Test
 	public void issuerWhenOAuth2TokenEndpointAuthMethodsNullThenDefaulted() throws Exception {
 		this.response.remove("token_endpoint_auth_methods_supported");
-
 		ClientRegistration registration = registrationOAuth2("", null).build();
-
 		assertThat(registration.getClientAuthenticationMethod()).isEqualTo(ClientAuthenticationMethod.BASIC);
 	}
 
 	@Test
 	public void issuerWhenTokenEndpointAuthMethodsPostThenMethodIsPost() throws Exception {
 		this.response.put("token_endpoint_auth_methods_supported", Arrays.asList("client_secret_post"));
-
 		ClientRegistration registration = registration("").build();
-
 		assertThat(registration.getClientAuthenticationMethod()).isEqualTo(ClientAuthenticationMethod.POST);
 	}
 
 	@Test
 	public void issuerWhenOAuth2TokenEndpointAuthMethodsPostThenMethodIsPost() throws Exception {
 		this.response.put("token_endpoint_auth_methods_supported", Arrays.asList("client_secret_post"));
-
 		ClientRegistration registration = registrationOAuth2("", null).build();
-
 		assertThat(registration.getClientAuthenticationMethod()).isEqualTo(ClientAuthenticationMethod.POST);
 	}
 
 	@Test
 	public void issuerWhenTokenEndpointAuthMethodsNoneThenMethodIsNone() throws Exception {
 		this.response.put("token_endpoint_auth_methods_supported", Arrays.asList("none"));
-
 		ClientRegistration registration = registration("").build();
-
 		assertThat(registration.getClientAuthenticationMethod()).isEqualTo(ClientAuthenticationMethod.NONE);
 	}
 
 	@Test
 	public void issuerWhenOAuth2TokenEndpointAuthMethodsNoneThenMethodIsNone() throws Exception {
 		this.response.put("token_endpoint_auth_methods_supported", Arrays.asList("none"));
-
 		ClientRegistration registration = registrationOAuth2("", null).build();
-
 		assertThat(registration.getClientAuthenticationMethod()).isEqualTo(ClientAuthenticationMethod.NONE);
 	}
 
@@ -325,7 +301,6 @@ public class ClientRegistrationsTests {
 	@Test
 	public void issuerWhenTokenEndpointAuthMethodsInvalidThenException() {
 		this.response.put("token_endpoint_auth_methods_supported", Arrays.asList("tls_client_auth"));
-
 		assertThatThrownBy(() -> registration("")).isInstanceOf(IllegalArgumentException.class).hasMessageContaining(
 				"Only ClientAuthenticationMethod.BASIC, ClientAuthenticationMethod.POST and ClientAuthenticationMethod.NONE are supported. The issuer \""
 						+ this.issuer + "\" returned a configuration of [tls_client_auth]");
@@ -334,7 +309,6 @@ public class ClientRegistrationsTests {
 	@Test
 	public void issuerWhenOAuth2TokenEndpointAuthMethodsInvalidThenException() {
 		this.response.put("token_endpoint_auth_methods_supported", Arrays.asList("tls_client_auth"));
-
 		assertThatThrownBy(() -> registrationOAuth2("", null)).isInstanceOf(IllegalArgumentException.class)
 				.hasMessageContaining(
 						"Only ClientAuthenticationMethod.BASIC, ClientAuthenticationMethod.POST and ClientAuthenticationMethod.NONE are supported. The issuer \""
@@ -384,7 +358,6 @@ public class ClientRegistrationsTests {
 		MockResponse mockResponse = new MockResponse().setBody(body).setHeader(HttpHeaders.CONTENT_TYPE,
 				MediaType.APPLICATION_JSON_VALUE);
 		this.server.enqueue(mockResponse);
-
 		return ClientRegistrations.fromOidcIssuerLocation(this.issuer).clientId("client-id")
 				.clientSecret("client-secret");
 	}
@@ -394,7 +367,6 @@ public class ClientRegistrationsTests {
 		this.response.put("issuer", this.issuer);
 		this.issuer = this.server.url(path).toString();
 		final String responseBody = (body != null) ? body : this.mapper.writeValueAsString(this.response);
-
 		final Dispatcher dispatcher = new Dispatcher() {
 			@Override
 			public MockResponse dispatch(RecordedRequest request) {
@@ -406,9 +378,7 @@ public class ClientRegistrationsTests {
 				return new MockResponse().setResponseCode(404);
 			}
 		};
-
 		this.server.setDispatcher(dispatcher);
-
 		return ClientRegistrations.fromIssuerLocation(this.issuer).clientId("client-id").clientSecret("client-secret");
 	}
 
@@ -428,9 +398,7 @@ public class ClientRegistrationsTests {
 	private ClientRegistration.Builder registrationOidcFallback(String path, String body) throws Exception {
 		this.issuer = createIssuerFromServer(path);
 		this.response.put("issuer", this.issuer);
-
 		String responseBody = (body != null) ? body : this.mapper.writeValueAsString(this.response);
-
 		final Dispatcher dispatcher = new Dispatcher() {
 			@Override
 			public MockResponse dispatch(RecordedRequest request) {
@@ -443,7 +411,6 @@ public class ClientRegistrationsTests {
 			}
 		};
 		this.server.setDispatcher(dispatcher);
-
 		return ClientRegistrations.fromIssuerLocation(this.issuer).clientId("client-id").clientSecret("client-secret");
 	}
 
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/CustomUserTypesOAuth2UserServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/CustomUserTypesOAuth2UserServiceTests.java
index 7a37f60f92..9d5e3fdd3a 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/CustomUserTypesOAuth2UserServiceTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/CustomUserTypesOAuth2UserServiceTests.java
@@ -71,7 +71,6 @@ public class CustomUserTypesOAuth2UserServiceTests {
 		String registrationId = "client-registration-id-1";
 		this.clientRegistrationBuilder = TestClientRegistrations.clientRegistration().registrationId(registrationId);
 		this.accessToken = TestOAuth2AccessTokens.noScopes();
-
 		Map<String, Class<? extends OAuth2User>> customUserTypes = new HashMap<>();
 		customUserTypes.put(registrationId, CustomOAuth2User.class);
 		this.userService = new CustomUserTypesOAuth2UserService(customUserTypes);
@@ -116,7 +115,6 @@ public class CustomUserTypesOAuth2UserServiceTests {
 	public void loadUserWhenCustomUserTypeNotFoundThenReturnNull() {
 		ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration()
 				.registrationId("other-client-registration-id-1").build();
-
 		OAuth2User user = this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken));
 		assertThat(user).isNull();
 	}
@@ -126,20 +124,15 @@ public class CustomUserTypesOAuth2UserServiceTests {
 		String userInfoResponse = "{\n" + "	\"id\": \"12345\",\n" + "   \"name\": \"first last\",\n"
 				+ "   \"login\": \"user1\",\n" + "   \"email\": \"user1@example.com\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(userInfoResponse));
-
 		String userInfoUri = this.server.url("/user").toString();
-
 		ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).build();
-
 		OAuth2User user = this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken));
-
 		assertThat(user.getName()).isEqualTo("first last");
 		assertThat(user.getAttributes().size()).isEqualTo(4);
 		assertThat((String) user.getAttribute("id")).isEqualTo("12345");
 		assertThat((String) user.getAttribute("name")).isEqualTo("first last");
 		assertThat((String) user.getAttribute("login")).isEqualTo("user1");
 		assertThat((String) user.getAttribute("email")).isEqualTo("user1@example.com");
-
 		assertThat(user.getAuthorities().size()).isEqualTo(1);
 		assertThat(user.getAuthorities().iterator().next().getAuthority()).isEqualTo("ROLE_USER");
 	}
@@ -149,16 +142,12 @@ public class CustomUserTypesOAuth2UserServiceTests {
 		this.exception.expect(OAuth2AuthenticationException.class);
 		this.exception.expectMessage(containsString(
 				"[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource"));
-
 		String userInfoResponse = "{\n" + "	\"id\": \"12345\",\n" + "   \"name\": \"first last\",\n"
 				+ "   \"login\": \"user1\",\n" + "   \"email\": \"user1@example.com\"\n";
 		// "}\n"; // Make the JSON invalid/malformed
 		this.server.enqueue(jsonResponse(userInfoResponse));
-
 		String userInfoUri = this.server.url("/user").toString();
-
 		ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).build();
-
 		this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken));
 	}
 
@@ -167,13 +156,9 @@ public class CustomUserTypesOAuth2UserServiceTests {
 		this.exception.expect(OAuth2AuthenticationException.class);
 		this.exception.expectMessage(containsString(
 				"[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource: 500 Server Error"));
-
 		this.server.enqueue(new MockResponse().setResponseCode(500));
-
 		String userInfoUri = this.server.url("/user").toString();
-
 		ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).build();
-
 		this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken));
 	}
 
@@ -182,11 +167,8 @@ public class CustomUserTypesOAuth2UserServiceTests {
 		this.exception.expect(OAuth2AuthenticationException.class);
 		this.exception.expectMessage(containsString(
 				"[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource"));
-
 		String userInfoUri = "https://invalid-provider.com/user";
-
 		ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).build();
-
 		this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken));
 	}
 
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultOAuth2UserServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultOAuth2UserServiceTests.java
index cfb50cc055..43b8e3a7b0 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultOAuth2UserServiceTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultOAuth2UserServiceTests.java
@@ -112,7 +112,6 @@ public class DefaultOAuth2UserServiceTests {
 	public void loadUserWhenUserInfoUriIsNullThenThrowOAuth2AuthenticationException() {
 		this.exception.expect(OAuth2AuthenticationException.class);
 		this.exception.expectMessage(containsString("missing_user_info_uri"));
-
 		ClientRegistration clientRegistration = this.clientRegistrationBuilder.build();
 		this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken));
 	}
@@ -121,7 +120,6 @@ public class DefaultOAuth2UserServiceTests {
 	public void loadUserWhenUserNameAttributeNameIsNullThenThrowOAuth2AuthenticationException() {
 		this.exception.expect(OAuth2AuthenticationException.class);
 		this.exception.expectMessage(containsString("missing_user_name_attribute"));
-
 		ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri("https://provider.com/user")
 				.build();
 		this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken));
@@ -133,14 +131,10 @@ public class DefaultOAuth2UserServiceTests {
 				+ "   \"last-name\": \"last\",\n" + "   \"middle-name\": \"middle\",\n"
 				+ "   \"address\": \"address\",\n" + "   \"email\": \"user1@example.com\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(userInfoResponse));
-
 		String userInfoUri = this.server.url("/user").toString();
-
 		ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri)
 				.userInfoAuthenticationMethod(AuthenticationMethod.HEADER).userNameAttributeName("user-name").build();
-
 		OAuth2User user = this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken));
-
 		assertThat(user.getName()).isEqualTo("user1");
 		assertThat(user.getAttributes().size()).isEqualTo(6);
 		assertThat((String) user.getAttribute("user-name")).isEqualTo("user1");
@@ -149,7 +143,6 @@ public class DefaultOAuth2UserServiceTests {
 		assertThat((String) user.getAttribute("middle-name")).isEqualTo("middle");
 		assertThat((String) user.getAttribute("address")).isEqualTo("address");
 		assertThat((String) user.getAttribute("email")).isEqualTo("user1@example.com");
-
 		assertThat(user.getAuthorities().size()).isEqualTo(1);
 		assertThat(user.getAuthorities().iterator().next()).isInstanceOf(OAuth2UserAuthority.class);
 		OAuth2UserAuthority userAuthority = (OAuth2UserAuthority) user.getAuthorities().iterator().next();
@@ -162,18 +155,14 @@ public class DefaultOAuth2UserServiceTests {
 		this.exception.expect(OAuth2AuthenticationException.class);
 		this.exception.expectMessage(containsString(
 				"[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource"));
-
 		String userInfoResponse = "{\n" + "	\"user-name\": \"user1\",\n" + "   \"first-name\": \"first\",\n"
 				+ "   \"last-name\": \"last\",\n" + "   \"middle-name\": \"middle\",\n"
 				+ "   \"address\": \"address\",\n" + "   \"email\": \"user1@example.com\"\n";
 		// "}\n"; // Make the JSON invalid/malformed
 		this.server.enqueue(jsonResponse(userInfoResponse));
-
 		String userInfoUri = this.server.url("/user").toString();
-
 		ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri)
 				.userInfoAuthenticationMethod(AuthenticationMethod.HEADER).userNameAttributeName("user-name").build();
-
 		this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken));
 	}
 
@@ -184,19 +173,14 @@ public class DefaultOAuth2UserServiceTests {
 				"[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource"));
 		this.exception.expectMessage(
 				containsString("Error Code: insufficient_scope, Error Description: The access token expired"));
-
 		String wwwAuthenticateHeader = "Bearer realm=\"auth-realm\" error=\"insufficient_scope\" error_description=\"The access token expired\"";
-
 		MockResponse response = new MockResponse();
 		response.setHeader(HttpHeaders.WWW_AUTHENTICATE, wwwAuthenticateHeader);
 		response.setResponseCode(400);
 		this.server.enqueue(response);
-
 		String userInfoUri = this.server.url("/user").toString();
-
 		ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri)
 				.userInfoAuthenticationMethod(AuthenticationMethod.HEADER).userNameAttributeName("user-name").build();
-
 		this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken));
 	}
 
@@ -206,15 +190,11 @@ public class DefaultOAuth2UserServiceTests {
 		this.exception.expectMessage(containsString(
 				"[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource"));
 		this.exception.expectMessage(containsString("Error Code: invalid_token"));
-
 		String userInfoErrorResponse = "{\n" + "   \"error\": \"invalid_token\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(userInfoErrorResponse).setResponseCode(400));
-
 		String userInfoUri = this.server.url("/user").toString();
-
 		ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri)
 				.userInfoAuthenticationMethod(AuthenticationMethod.HEADER).userNameAttributeName("user-name").build();
-
 		this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken));
 	}
 
@@ -223,14 +203,10 @@ public class DefaultOAuth2UserServiceTests {
 		this.exception.expect(OAuth2AuthenticationException.class);
 		this.exception.expectMessage(containsString(
 				"[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource: 500 Server Error"));
-
 		this.server.enqueue(new MockResponse().setResponseCode(500));
-
 		String userInfoUri = this.server.url("/user").toString();
-
 		ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri)
 				.userInfoAuthenticationMethod(AuthenticationMethod.HEADER).userNameAttributeName("user-name").build();
-
 		this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken));
 	}
 
@@ -239,12 +215,9 @@ public class DefaultOAuth2UserServiceTests {
 		this.exception.expect(OAuth2AuthenticationException.class);
 		this.exception.expectMessage(containsString(
 				"[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource"));
-
 		String userInfoUri = "https://invalid-provider.com/user";
-
 		ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri)
 				.userInfoAuthenticationMethod(AuthenticationMethod.HEADER).userNameAttributeName("user-name").build();
-
 		this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken));
 	}
 
@@ -255,12 +228,9 @@ public class DefaultOAuth2UserServiceTests {
 				+ "   \"last-name\": \"last\",\n" + "   \"middle-name\": \"middle\",\n"
 				+ "   \"address\": \"address\",\n" + "   \"email\": \"user1@example.com\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(userInfoResponse));
-
 		String userInfoUri = this.server.url("/user").toString();
-
 		ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri)
 				.userInfoAuthenticationMethod(AuthenticationMethod.HEADER).userNameAttributeName("user-name").build();
-
 		this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken));
 		assertThat(this.server.takeRequest(1, TimeUnit.SECONDS).getHeader(HttpHeaders.ACCEPT))
 				.isEqualTo(MediaType.APPLICATION_JSON_VALUE);
@@ -273,12 +243,9 @@ public class DefaultOAuth2UserServiceTests {
 				+ "   \"last-name\": \"last\",\n" + "   \"middle-name\": \"middle\",\n"
 				+ "   \"address\": \"address\",\n" + "   \"email\": \"user1@example.com\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(userInfoResponse));
-
 		String userInfoUri = this.server.url("/user").toString();
-
 		ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri)
 				.userInfoAuthenticationMethod(AuthenticationMethod.HEADER).userNameAttributeName("user-name").build();
-
 		this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken));
 		RecordedRequest request = this.server.takeRequest();
 		assertThat(request.getMethod()).isEqualTo(HttpMethod.GET.name());
@@ -294,12 +261,9 @@ public class DefaultOAuth2UserServiceTests {
 				+ "   \"last-name\": \"last\",\n" + "   \"middle-name\": \"middle\",\n"
 				+ "   \"address\": \"address\",\n" + "   \"email\": \"user1@example.com\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(userInfoResponse));
-
 		String userInfoUri = this.server.url("/user").toString();
-
 		ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri)
 				.userInfoAuthenticationMethod(AuthenticationMethod.FORM).userNameAttributeName("user-name").build();
-
 		this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken));
 		RecordedRequest request = this.server.takeRequest();
 		assertThat(request.getMethod()).isEqualTo(HttpMethod.POST.name());
@@ -316,7 +280,6 @@ public class DefaultOAuth2UserServiceTests {
 		OAuth2UserRequest request = new OAuth2UserRequest(TestClientRegistrations.clientRegistration().build(),
 				TestOAuth2AccessTokens.scopes("message:read", "message:write"));
 		OAuth2User user = userService.loadUser(request);
-
 		assertThat(user.getAuthorities()).hasSize(3);
 		Iterator<? extends GrantedAuthority> authorities = user.getAuthorities().iterator();
 		assertThat(authorities.next()).isInstanceOf(OAuth2UserAuthority.class);
@@ -332,7 +295,6 @@ public class DefaultOAuth2UserServiceTests {
 		OAuth2UserRequest request = new OAuth2UserRequest(TestClientRegistrations.clientRegistration().build(),
 				TestOAuth2AccessTokens.noScopes());
 		OAuth2User user = userService.loadUser(request);
-
 		assertThat(user.getAuthorities()).hasSize(1);
 		Iterator<? extends GrantedAuthority> authorities = user.getAuthorities().iterator();
 		assertThat(authorities.next()).isInstanceOf(OAuth2UserAuthority.class);
@@ -342,20 +304,16 @@ public class DefaultOAuth2UserServiceTests {
 	@Test
 	public void loadUserWhenUserInfoSuccessResponseInvalidContentTypeThenThrowOAuth2AuthenticationException() {
 		String userInfoUri = this.server.url("/user").toString();
-
 		this.exception.expect(OAuth2AuthenticationException.class);
 		this.exception.expectMessage(containsString(
 				"[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource "
 						+ "from '" + userInfoUri + "': response contains invalid content type 'text/plain'."));
-
 		MockResponse response = new MockResponse();
 		response.setHeader(HttpHeaders.CONTENT_TYPE, MediaType.TEXT_PLAIN_VALUE);
 		response.setBody("invalid content type");
 		this.server.enqueue(response);
-
 		ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri)
 				.userInfoAuthenticationMethod(AuthenticationMethod.HEADER).userNameAttributeName("user-name").build();
-
 		this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken));
 	}
 
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserServiceTests.java
index 5476241816..fec781af6f 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserServiceTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserServiceTests.java
@@ -77,9 +77,7 @@ public class DefaultReactiveOAuth2UserServiceTests {
 	public void setup() throws Exception {
 		this.server = new MockWebServer();
 		this.server.start();
-
 		String userInfoUri = this.server.url("/user").toString();
-
 		this.clientRegistration = TestClientRegistrations.clientRegistration().userInfoUri(userInfoUri);
 	}
 
@@ -97,7 +95,6 @@ public class DefaultReactiveOAuth2UserServiceTests {
 	@Test
 	public void loadUserWhenUserInfoUriIsNullThenThrowOAuth2AuthenticationException() {
 		this.clientRegistration.userInfoUri(null);
-
 		StepVerifier.create(this.userService.loadUser(oauth2UserRequest())).expectErrorSatisfies((t) -> assertThat(t)
 				.isInstanceOf(OAuth2AuthenticationException.class).hasMessageContaining("missing_user_info_uri"))
 				.verify();
@@ -106,7 +103,6 @@ public class DefaultReactiveOAuth2UserServiceTests {
 	@Test
 	public void loadUserWhenUserNameAttributeNameIsNullThenThrowOAuth2AuthenticationException() {
 		this.clientRegistration.userNameAttributeName(null);
-
 		StepVerifier.create(this.userService.loadUser(oauth2UserRequest())).expectErrorSatisfies((t) -> assertThat(t)
 				.isInstanceOf(OAuth2AuthenticationException.class).hasMessageContaining("missing_user_name_attribute"))
 				.verify();
@@ -118,9 +114,7 @@ public class DefaultReactiveOAuth2UserServiceTests {
 				+ "   \"last-name\": \"last\",\n" + "   \"middle-name\": \"middle\",\n"
 				+ "   \"address\": \"address\",\n" + "   \"email\": \"user1@example.com\"\n" + "}\n";
 		enqueueApplicationJsonBody(userInfoResponse);
-
 		OAuth2User user = this.userService.loadUser(oauth2UserRequest()).block();
-
 		assertThat(user.getName()).isEqualTo("user1");
 		assertThat(user.getAttributes().size()).isEqualTo(6);
 		assertThat((String) user.getAttribute("id")).isEqualTo("user1");
@@ -129,7 +123,6 @@ public class DefaultReactiveOAuth2UserServiceTests {
 		assertThat((String) user.getAttribute("middle-name")).isEqualTo("middle");
 		assertThat((String) user.getAttribute("address")).isEqualTo("address");
 		assertThat((String) user.getAttribute("email")).isEqualTo("user1@example.com");
-
 		assertThat(user.getAuthorities().size()).isEqualTo(1);
 		assertThat(user.getAuthorities().iterator().next()).isInstanceOf(OAuth2UserAuthority.class);
 		OAuth2UserAuthority userAuthority = (OAuth2UserAuthority) user.getAuthorities().iterator().next();
@@ -145,9 +138,7 @@ public class DefaultReactiveOAuth2UserServiceTests {
 				+ "   \"last-name\": \"last\",\n" + "   \"middle-name\": \"middle\",\n"
 				+ "   \"address\": \"address\",\n" + "   \"email\": \"user1@example.com\"\n" + "}\n";
 		enqueueApplicationJsonBody(userInfoResponse);
-
 		this.userService.loadUser(oauth2UserRequest()).block();
-
 		RecordedRequest request = this.server.takeRequest();
 		assertThat(request.getMethod()).isEqualTo(HttpMethod.GET.name());
 		assertThat(request.getHeader(HttpHeaders.ACCEPT)).isEqualTo(MediaType.APPLICATION_JSON_VALUE);
@@ -163,9 +154,7 @@ public class DefaultReactiveOAuth2UserServiceTests {
 				+ "   \"last-name\": \"last\",\n" + "   \"middle-name\": \"middle\",\n"
 				+ "   \"address\": \"address\",\n" + "   \"email\": \"user1@example.com\"\n" + "}\n";
 		enqueueApplicationJsonBody(userInfoResponse);
-
 		this.userService.loadUser(oauth2UserRequest()).block();
-
 		RecordedRequest request = this.server.takeRequest();
 		assertThat(request.getMethod()).isEqualTo(HttpMethod.POST.name());
 		assertThat(request.getHeader(HttpHeaders.ACCEPT)).isEqualTo(MediaType.APPLICATION_JSON_VALUE);
@@ -180,7 +169,6 @@ public class DefaultReactiveOAuth2UserServiceTests {
 				+ "   \"address\": \"address\",\n" + "   \"email\": \"user1@example.com\"\n";
 		// "}\n"; // Make the JSON invalid/malformed
 		enqueueApplicationJsonBody(userInfoResponse);
-
 		assertThatThrownBy(() -> this.userService.loadUser(oauth2UserRequest()).block())
 				.isInstanceOf(OAuth2AuthenticationException.class).hasMessageContaining("invalid_user_info_response");
 	}
@@ -189,7 +177,6 @@ public class DefaultReactiveOAuth2UserServiceTests {
 	public void loadUserWhenUserInfoErrorResponseThenThrowOAuth2AuthenticationException() {
 		this.server.enqueue(new MockResponse().setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE)
 				.setResponseCode(500).setBody("{}"));
-
 		assertThatThrownBy(() -> this.userService.loadUser(oauth2UserRequest()).block())
 				.isInstanceOf(OAuth2AuthenticationException.class).hasMessageContaining("invalid_user_info_response");
 	}
@@ -209,7 +196,6 @@ public class DefaultReactiveOAuth2UserServiceTests {
 		OAuth2UserRequest request = new OAuth2UserRequest(TestClientRegistrations.clientRegistration().build(),
 				TestOAuth2AccessTokens.scopes("message:read", "message:write"));
 		OAuth2User user = userService.loadUser(request).block();
-
 		assertThat(user.getAuthorities()).hasSize(3);
 		Iterator<? extends GrantedAuthority> authorities = user.getAuthorities().iterator();
 		assertThat(authorities.next()).isInstanceOf(OAuth2UserAuthority.class);
@@ -225,7 +211,6 @@ public class DefaultReactiveOAuth2UserServiceTests {
 		OAuth2UserRequest request = new OAuth2UserRequest(TestClientRegistrations.clientRegistration().build(),
 				TestOAuth2AccessTokens.noScopes());
 		OAuth2User user = userService.loadUser(request).block();
-
 		assertThat(user.getAuthorities()).hasSize(1);
 		Iterator<? extends GrantedAuthority> authorities = user.getAuthorities().iterator();
 		assertThat(authorities.next()).isInstanceOf(OAuth2UserAuthority.class);
@@ -238,9 +223,7 @@ public class DefaultReactiveOAuth2UserServiceTests {
 		response.setHeader(HttpHeaders.CONTENT_TYPE, MediaType.TEXT_PLAIN_VALUE);
 		response.setBody("invalid content type");
 		this.server.enqueue(response);
-
 		OAuth2UserRequest userRequest = oauth2UserRequest();
-
 		assertThatThrownBy(() -> this.userService.loadUser(userRequest).block())
 				.isInstanceOf(OAuth2AuthenticationException.class).hasMessageContaining(
 						"[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource from '"
@@ -258,7 +241,6 @@ public class DefaultReactiveOAuth2UserServiceTests {
 		given(spec.retrieve()).willReturn(clientResponse);
 		given(clientResponse.onStatus(any(Predicate.class), any(Function.class))).willReturn(clientResponse);
 		given(clientResponse.bodyToMono(any(ParameterizedTypeReference.class))).willReturn(Mono.just(body));
-
 		DefaultReactiveOAuth2UserService userService = new DefaultReactiveOAuth2UserService();
 		userService.setWebClient(rest);
 		return userService;
@@ -269,7 +251,6 @@ public class DefaultReactiveOAuth2UserServiceTests {
 	}
 
 	private void enqueueApplicationJsonBody(String json) {
-
 		this.server.enqueue(
 				new MockResponse().setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE).setBody(json));
 	}
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DelegatingOAuth2UserServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DelegatingOAuth2UserServiceTests.java
index 45eb7fcd4d..f259c60ddf 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DelegatingOAuth2UserServiceTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DelegatingOAuth2UserServiceTests.java
@@ -62,10 +62,8 @@ public class DelegatingOAuth2UserServiceTests {
 		OAuth2UserService<OAuth2UserRequest, OAuth2User> userService3 = mock(OAuth2UserService.class);
 		OAuth2User mockUser = mock(OAuth2User.class);
 		given(userService3.loadUser(any(OAuth2UserRequest.class))).willReturn(mockUser);
-
 		DelegatingOAuth2UserService<OAuth2UserRequest, OAuth2User> delegatingUserService = new DelegatingOAuth2UserService<>(
 				Arrays.asList(userService1, userService2, userService3));
-
 		OAuth2User loadedUser = delegatingUserService.loadUser(mock(OAuth2UserRequest.class));
 		assertThat(loadedUser).isEqualTo(mockUser);
 	}
@@ -76,10 +74,8 @@ public class DelegatingOAuth2UserServiceTests {
 		OAuth2UserService<OAuth2UserRequest, OAuth2User> userService1 = mock(OAuth2UserService.class);
 		OAuth2UserService<OAuth2UserRequest, OAuth2User> userService2 = mock(OAuth2UserService.class);
 		OAuth2UserService<OAuth2UserRequest, OAuth2User> userService3 = mock(OAuth2UserService.class);
-
 		DelegatingOAuth2UserService<OAuth2UserRequest, OAuth2User> delegatingUserService = new DelegatingOAuth2UserService<>(
 				Arrays.asList(userService1, userService2, userService3));
-
 		OAuth2User loadedUser = delegatingUserService.loadUser(mock(OAuth2UserRequest.class));
 		assertThat(loadedUser).isNull();
 	}
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequestEntityConverterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequestEntityConverterTests.java
index 61e80e7aad..a4f975736f 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequestEntityConverterTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequestEntityConverterTests.java
@@ -49,13 +49,10 @@ public class OAuth2UserRequestEntityConverterTests {
 	public void convertWhenAuthenticationMethodHeaderThenGetRequest() {
 		ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build();
 		OAuth2UserRequest userRequest = new OAuth2UserRequest(clientRegistration, this.createAccessToken());
-
 		RequestEntity<?> requestEntity = this.converter.convert(userRequest);
-
 		assertThat(requestEntity.getMethod()).isEqualTo(HttpMethod.GET);
 		assertThat(requestEntity.getUrl().toASCIIString())
 				.isEqualTo(clientRegistration.getProviderDetails().getUserInfoEndpoint().getUri());
-
 		HttpHeaders headers = requestEntity.getHeaders();
 		assertThat(headers.getAccept()).contains(MediaType.APPLICATION_JSON);
 		assertThat(headers.getFirst(HttpHeaders.AUTHORIZATION))
@@ -68,18 +65,14 @@ public class OAuth2UserRequestEntityConverterTests {
 		ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration()
 				.userInfoAuthenticationMethod(AuthenticationMethod.FORM).build();
 		OAuth2UserRequest userRequest = new OAuth2UserRequest(clientRegistration, this.createAccessToken());
-
 		RequestEntity<?> requestEntity = this.converter.convert(userRequest);
-
 		assertThat(requestEntity.getMethod()).isEqualTo(HttpMethod.POST);
 		assertThat(requestEntity.getUrl().toASCIIString())
 				.isEqualTo(clientRegistration.getProviderDetails().getUserInfoEndpoint().getUri());
-
 		HttpHeaders headers = requestEntity.getHeaders();
 		assertThat(headers.getAccept()).contains(MediaType.APPLICATION_JSON);
 		assertThat(headers.getContentType())
 				.isEqualTo(MediaType.valueOf(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8"));
-
 		MultiValueMap<String, String> formParameters = (MultiValueMap<String, String>) requestEntity.getBody();
 		assertThat(formParameters.getFirst(OAuth2ParameterNames.ACCESS_TOKEN))
 				.isEqualTo(userRequest.getAccessToken().getTokenValue());
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequestTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequestTests.java
index 18edbf0661..85b13b8d83 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequestTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequestTests.java
@@ -77,7 +77,6 @@ public class OAuth2UserRequestTests {
 	public void constructorWhenAllParametersProvidedAndValidThenCreated() {
 		OAuth2UserRequest userRequest = new OAuth2UserRequest(this.clientRegistration, this.accessToken,
 				this.additionalParameters);
-
 		assertThat(userRequest.getClientRegistration()).isEqualTo(this.clientRegistration);
 		assertThat(userRequest.getAccessToken()).isEqualTo(this.accessToken);
 		assertThat(userRequest.getAdditionalParameters()).containsAllEntriesOf(this.additionalParameters);
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolverTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolverTests.java
index 832bce8902..ddcc33cc29 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolverTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolverTests.java
@@ -107,7 +107,6 @@ public class DefaultOAuth2AuthorizationRequestResolverTests {
 		String requestUri = "/path";
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri);
 		request.setServletPath(requestUri);
-
 		OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request);
 		assertThat(authorizationRequest).isNull();
 	}
@@ -120,9 +119,7 @@ public class DefaultOAuth2AuthorizationRequestResolverTests {
 		request.setContent("foo".getBytes(StandardCharsets.UTF_8));
 		request.setCharacterEncoding(StandardCharsets.UTF_8.name());
 		HttpServletRequest spyRequest = Mockito.spy(request);
-
 		this.resolver.resolve(spyRequest);
-
 		Mockito.verify(spyRequest, Mockito.never()).getReader();
 		Mockito.verify(spyRequest, Mockito.never()).getInputStream();
 		Mockito.verify(spyRequest, Mockito.never()).getParameter(ArgumentMatchers.anyString());
@@ -138,7 +135,6 @@ public class DefaultOAuth2AuthorizationRequestResolverTests {
 				+ "-invalid";
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri);
 		request.setServletPath(requestUri);
-
 		assertThatThrownBy(() -> this.resolver.resolve(request)).isInstanceOf(IllegalArgumentException.class)
 				.hasMessage(
 						"Invalid Client Registration with Id: " + clientRegistration.getRegistrationId() + "-invalid");
@@ -150,7 +146,6 @@ public class DefaultOAuth2AuthorizationRequestResolverTests {
 		String requestUri = this.authorizationRequestBaseUri + "/" + clientRegistration.getRegistrationId();
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri);
 		request.setServletPath(requestUri);
-
 		OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request);
 		assertThat(authorizationRequest).isNotNull();
 		assertThat(authorizationRequest.getAuthorizationUri())
@@ -178,7 +173,6 @@ public class DefaultOAuth2AuthorizationRequestResolverTests {
 		String requestUri = "/path";
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri);
 		request.setServletPath(requestUri);
-
 		OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request,
 				clientRegistration.getRegistrationId());
 		assertThat(authorizationRequest).isNotNull();
@@ -192,7 +186,6 @@ public class DefaultOAuth2AuthorizationRequestResolverTests {
 		String requestUri = this.authorizationRequestBaseUri + "/" + clientRegistration.getRegistrationId();
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri);
 		request.setServletPath(requestUri);
-
 		OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request);
 		assertThat(authorizationRequest.getRedirectUri()).isNotEqualTo(clientRegistration.getRedirectUri());
 		assertThat(authorizationRequest.getRedirectUri())
@@ -206,7 +199,6 @@ public class DefaultOAuth2AuthorizationRequestResolverTests {
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri);
 		request.setServerPort(8080);
 		request.setServletPath(requestUri);
-
 		OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request);
 		assertThat(authorizationRequest.getRedirectUri()).isNotEqualTo(clientRegistration.getRedirectUri());
 		assertThat(authorizationRequest.getRedirectUri())
@@ -221,7 +213,6 @@ public class DefaultOAuth2AuthorizationRequestResolverTests {
 		request.setScheme("https");
 		request.setServerPort(8081);
 		request.setServletPath(requestUri);
-
 		OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request);
 		assertThat(authorizationRequest.getRedirectUri()).isNotEqualTo(clientRegistration.getRedirectUri());
 		assertThat(authorizationRequest.getRedirectUri())
@@ -236,7 +227,6 @@ public class DefaultOAuth2AuthorizationRequestResolverTests {
 		request.setScheme("http");
 		request.setServerPort(80);
 		request.setServletPath(requestUri);
-
 		OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request);
 		assertThat(authorizationRequest.getRedirectUri()).isNotEqualTo(clientRegistration.getRedirectUri());
 		assertThat(authorizationRequest.getRedirectUri())
@@ -251,7 +241,6 @@ public class DefaultOAuth2AuthorizationRequestResolverTests {
 		request.setScheme("https");
 		request.setServerPort(443);
 		request.setServletPath(requestUri);
-
 		OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request);
 		assertThat(authorizationRequest.getRedirectUri()).isNotEqualTo(clientRegistration.getRedirectUri());
 		assertThat(authorizationRequest.getRedirectUri())
@@ -266,7 +255,6 @@ public class DefaultOAuth2AuthorizationRequestResolverTests {
 		request.setScheme("https");
 		request.setServerPort(-1);
 		request.setServletPath(requestUri);
-
 		OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request);
 		assertThat(authorizationRequest.getRedirectUri()).isNotEqualTo(clientRegistration.getRedirectUri());
 		assertThat(authorizationRequest.getRedirectUri())
@@ -281,7 +269,6 @@ public class DefaultOAuth2AuthorizationRequestResolverTests {
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri);
 		request.setServletPath(requestUri);
 		request.setQueryString("foo=bar");
-
 		OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request);
 		assertThat(authorizationRequest.getRedirectUri()).isNotEqualTo(clientRegistration.getRedirectUri());
 		assertThat(authorizationRequest.getRedirectUri())
@@ -297,7 +284,6 @@ public class DefaultOAuth2AuthorizationRequestResolverTests {
 		request.setServerName("localhost");
 		request.setServerPort(80);
 		request.setServletPath(requestUri);
-
 		OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request);
 		assertThat(authorizationRequest.getAuthorizationRequestUri())
 				.matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id&"
@@ -314,7 +300,6 @@ public class DefaultOAuth2AuthorizationRequestResolverTests {
 		request.setServerName("example.com");
 		request.setServerPort(443);
 		request.setServletPath(requestUri);
-
 		OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request);
 		assertThat(authorizationRequest.getAuthorizationRequestUri())
 				.matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id&"
@@ -328,7 +313,6 @@ public class DefaultOAuth2AuthorizationRequestResolverTests {
 		String requestUri = "/path";
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri);
 		request.setServletPath(requestUri);
-
 		OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request,
 				clientRegistration.getRegistrationId());
 		assertThat(authorizationRequest.getAuthorizationRequestUri())
@@ -343,7 +327,6 @@ public class DefaultOAuth2AuthorizationRequestResolverTests {
 		String requestUri = this.authorizationRequestBaseUri + "/" + clientRegistration.getRegistrationId();
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri);
 		request.setServletPath(requestUri);
-
 		OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request);
 		assertThat(authorizationRequest.getAuthorizationRequestUri())
 				.matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id-2&"
@@ -358,7 +341,6 @@ public class DefaultOAuth2AuthorizationRequestResolverTests {
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri);
 		request.addParameter("action", "authorize");
 		request.setServletPath(requestUri);
-
 		OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request);
 		assertThat(authorizationRequest.getAuthorizationRequestUri())
 				.matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id&"
@@ -373,7 +355,6 @@ public class DefaultOAuth2AuthorizationRequestResolverTests {
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri);
 		request.addParameter("action", "login");
 		request.setServletPath(requestUri);
-
 		OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request);
 		assertThat(authorizationRequest.getAuthorizationRequestUri())
 				.matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id-2&"
@@ -387,7 +368,6 @@ public class DefaultOAuth2AuthorizationRequestResolverTests {
 		String requestUri = this.authorizationRequestBaseUri + "/" + clientRegistration.getRegistrationId();
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri);
 		request.setServletPath(requestUri);
-
 		OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request);
 		assertThat(authorizationRequest).isNotNull();
 		assertThat(authorizationRequest.getAuthorizationUri())
@@ -422,7 +402,6 @@ public class DefaultOAuth2AuthorizationRequestResolverTests {
 		String requestUri = this.authorizationRequestBaseUri + "/" + clientRegistration.getRegistrationId();
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri);
 		request.setServletPath(requestUri);
-
 		OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request);
 		assertThat(authorizationRequest).isNotNull();
 		assertThat(authorizationRequest.getAuthorizationUri())
@@ -456,11 +435,9 @@ public class DefaultOAuth2AuthorizationRequestResolverTests {
 		String requestUri = this.authorizationRequestBaseUri + "/" + clientRegistration.getRegistrationId();
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri);
 		request.setServletPath(requestUri);
-
 		this.resolver.setAuthorizationRequestCustomizer(
 				(customizer) -> customizer.additionalParameters((params) -> params.remove(OidcParameterNames.NONCE))
 						.attributes((attrs) -> attrs.remove(OidcParameterNames.NONCE)));
-
 		OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request);
 		assertThat(authorizationRequest.getAdditionalParameters()).doesNotContainKey(OidcParameterNames.NONCE);
 		assertThat(authorizationRequest.getAttributes()).doesNotContainKey(OidcParameterNames.NONCE);
@@ -477,13 +454,11 @@ public class DefaultOAuth2AuthorizationRequestResolverTests {
 		String requestUri = this.authorizationRequestBaseUri + "/" + clientRegistration.getRegistrationId();
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri);
 		request.setServletPath(requestUri);
-
 		this.resolver
 				.setAuthorizationRequestCustomizer((customizer) -> customizer.authorizationRequestUri((uriBuilder) -> {
 					uriBuilder.queryParam("param1", "value1");
 					return uriBuilder.build();
 				}));
-
 		OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request);
 		assertThat(authorizationRequest.getAuthorizationRequestUri())
 				.matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id&"
@@ -498,12 +473,10 @@ public class DefaultOAuth2AuthorizationRequestResolverTests {
 		String requestUri = this.authorizationRequestBaseUri + "/" + clientRegistration.getRegistrationId();
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri);
 		request.setServletPath(requestUri);
-
 		this.resolver.setAuthorizationRequestCustomizer((customizer) -> customizer.parameters((params) -> {
 			params.put("appid", params.get("client_id"));
 			params.remove("client_id");
 		}));
-
 		OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request);
 		assertThat(authorizationRequest.getAuthorizationRequestUri()).matches(
 				"https://example.com/login/oauth/authorize\\?" + "response_type=code&" + "scope=openid&state=.{15,}&"
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManagerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManagerTests.java
index 445dfa9fa6..4610f688c2 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManagerTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManagerTests.java
@@ -208,7 +208,6 @@ public class DefaultOAuth2AuthorizedClientManagerTests {
 	public void authorizeWhenNotAuthorizedAndUnsupportedProviderThenNotAuthorized() {
 		given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
 				.willReturn(this.clientRegistration);
-
 		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
 				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
 				.attributes((attrs) -> {
@@ -216,15 +215,12 @@ public class DefaultOAuth2AuthorizedClientManagerTests {
 					attrs.put(HttpServletResponse.class.getName(), this.response);
 				}).build();
 		OAuth2AuthorizedClient authorizedClient = this.authorizedClientManager.authorize(authorizeRequest);
-
 		verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture());
 		verify(this.contextAttributesMapper).apply(eq(authorizeRequest));
-
 		OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue();
 		assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration);
 		assertThat(authorizationContext.getAuthorizedClient()).isNull();
 		assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal);
-
 		assertThat(authorizedClient).isNull();
 		verifyNoInteractions(this.authorizationSuccessHandler);
 		verify(this.authorizedClientRepository, never()).saveAuthorizedClient(any(), any(), any(), any());
@@ -235,10 +231,8 @@ public class DefaultOAuth2AuthorizedClientManagerTests {
 	public void authorizeWhenNotAuthorizedAndSupportedProviderThenAuthorized() {
 		given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
 				.willReturn(this.clientRegistration);
-
 		given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
 				.willReturn(this.authorizedClient);
-
 		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
 				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
 				.attributes((attrs) -> {
@@ -246,15 +240,12 @@ public class DefaultOAuth2AuthorizedClientManagerTests {
 					attrs.put(HttpServletResponse.class.getName(), this.response);
 				}).build();
 		OAuth2AuthorizedClient authorizedClient = this.authorizedClientManager.authorize(authorizeRequest);
-
 		verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture());
 		verify(this.contextAttributesMapper).apply(eq(authorizeRequest));
-
 		OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue();
 		assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration);
 		assertThat(authorizationContext.getAuthorizedClient()).isNull();
 		assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal);
-
 		assertThat(authorizedClient).isSameAs(this.authorizedClient);
 		verify(this.authorizationSuccessHandler).onAuthorizationSuccess(eq(this.authorizedClient), eq(this.principal),
 				any());
@@ -269,13 +260,10 @@ public class DefaultOAuth2AuthorizedClientManagerTests {
 				.willReturn(this.clientRegistration);
 		given(this.authorizedClientRepository.loadAuthorizedClient(eq(this.clientRegistration.getRegistrationId()),
 				eq(this.principal), eq(this.request))).willReturn(this.authorizedClient);
-
 		OAuth2AuthorizedClient reauthorizedClient = new OAuth2AuthorizedClient(this.clientRegistration,
 				this.principal.getName(), TestOAuth2AccessTokens.noScopes(), TestOAuth2RefreshTokens.refreshToken());
-
 		given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
 				.willReturn(reauthorizedClient);
-
 		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
 				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
 				.attributes((attrs) -> {
@@ -283,15 +271,12 @@ public class DefaultOAuth2AuthorizedClientManagerTests {
 					attrs.put(HttpServletResponse.class.getName(), this.response);
 				}).build();
 		OAuth2AuthorizedClient authorizedClient = this.authorizedClientManager.authorize(authorizeRequest);
-
 		verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture());
 		verify(this.contextAttributesMapper).apply(any());
-
 		OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue();
 		assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration);
 		assertThat(authorizationContext.getAuthorizedClient()).isSameAs(this.authorizedClient);
 		assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal);
-
 		assertThat(authorizedClient).isSameAs(reauthorizedClient);
 		verify(this.authorizationSuccessHandler).onAuthorizationSuccess(eq(reauthorizedClient), eq(this.principal),
 				any());
@@ -303,10 +288,8 @@ public class DefaultOAuth2AuthorizedClientManagerTests {
 	public void authorizeWhenRequestParameterUsernamePasswordThenMappedToContext() {
 		given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
 				.willReturn(this.clientRegistration);
-
 		given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
 				.willReturn(this.authorizedClient);
-
 		// Set custom contextAttributesMapper
 		this.authorizedClientManager.setContextAttributesMapper((authorizeRequest) -> {
 			Map<String, Object> contextAttributes = new HashMap<>();
@@ -319,10 +302,8 @@ public class DefaultOAuth2AuthorizedClientManagerTests {
 			}
 			return contextAttributes;
 		});
-
 		this.request.addParameter(OAuth2ParameterNames.USERNAME, "username");
 		this.request.addParameter(OAuth2ParameterNames.PASSWORD, "password");
-
 		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
 				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
 				.attributes((attrs) -> {
@@ -330,9 +311,7 @@ public class DefaultOAuth2AuthorizedClientManagerTests {
 					attrs.put(HttpServletResponse.class.getName(), this.response);
 				}).build();
 		this.authorizedClientManager.authorize(authorizeRequest);
-
 		verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture());
-
 		OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue();
 		String username = authorizationContext.getAttribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME);
 		assertThat(username).isEqualTo("username");
@@ -349,15 +328,12 @@ public class DefaultOAuth2AuthorizedClientManagerTests {
 					attrs.put(HttpServletResponse.class.getName(), this.response);
 				}).build();
 		OAuth2AuthorizedClient authorizedClient = this.authorizedClientManager.authorize(reauthorizeRequest);
-
 		verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture());
 		verify(this.contextAttributesMapper).apply(eq(reauthorizeRequest));
-
 		OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue();
 		assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration);
 		assertThat(authorizationContext.getAuthorizedClient()).isSameAs(this.authorizedClient);
 		assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal);
-
 		assertThat(authorizedClient).isSameAs(this.authorizedClient);
 		verifyNoInteractions(this.authorizationSuccessHandler);
 		verify(this.authorizedClientRepository, never()).saveAuthorizedClient(any(OAuth2AuthorizedClient.class),
@@ -369,25 +345,20 @@ public class DefaultOAuth2AuthorizedClientManagerTests {
 	public void reauthorizeWhenSupportedProviderThenReauthorized() {
 		OAuth2AuthorizedClient reauthorizedClient = new OAuth2AuthorizedClient(this.clientRegistration,
 				this.principal.getName(), TestOAuth2AccessTokens.noScopes(), TestOAuth2RefreshTokens.refreshToken());
-
 		given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
 				.willReturn(reauthorizedClient);
-
 		OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient)
 				.principal(this.principal).attributes((attrs) -> {
 					attrs.put(HttpServletRequest.class.getName(), this.request);
 					attrs.put(HttpServletResponse.class.getName(), this.response);
 				}).build();
 		OAuth2AuthorizedClient authorizedClient = this.authorizedClientManager.authorize(reauthorizeRequest);
-
 		verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture());
 		verify(this.contextAttributesMapper).apply(eq(reauthorizeRequest));
-
 		OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue();
 		assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration);
 		assertThat(authorizationContext.getAuthorizedClient()).isSameAs(this.authorizedClient);
 		assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal);
-
 		assertThat(authorizedClient).isSameAs(reauthorizedClient);
 		verify(this.authorizationSuccessHandler).onAuthorizationSuccess(eq(reauthorizedClient), eq(this.principal),
 				any());
@@ -399,25 +370,19 @@ public class DefaultOAuth2AuthorizedClientManagerTests {
 	public void reauthorizeWhenRequestParameterScopeThenMappedToContext() {
 		OAuth2AuthorizedClient reauthorizedClient = new OAuth2AuthorizedClient(this.clientRegistration,
 				this.principal.getName(), TestOAuth2AccessTokens.noScopes(), TestOAuth2RefreshTokens.refreshToken());
-
 		given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
 				.willReturn(reauthorizedClient);
-
 		// Override the mock with the default
 		this.authorizedClientManager
 				.setContextAttributesMapper(new DefaultOAuth2AuthorizedClientManager.DefaultContextAttributesMapper());
-
 		this.request.addParameter(OAuth2ParameterNames.SCOPE, "read write");
-
 		OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient)
 				.principal(this.principal).attributes((attrs) -> {
 					attrs.put(HttpServletRequest.class.getName(), this.request);
 					attrs.put(HttpServletResponse.class.getName(), this.response);
 				}).build();
 		this.authorizedClientManager.authorize(reauthorizeRequest);
-
 		verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture());
-
 		OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue();
 		String[] requestScopeAttribute = authorizationContext
 				.getAttribute(OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME);
@@ -429,19 +394,15 @@ public class DefaultOAuth2AuthorizedClientManagerTests {
 		ClientAuthorizationException authorizationException = new ClientAuthorizationException(
 				new OAuth2Error(OAuth2ErrorCodes.INVALID_GRANT, null, null),
 				this.clientRegistration.getRegistrationId());
-
 		given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
 				.willThrow(authorizationException);
-
 		OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient)
 				.principal(this.principal).attributes((attrs) -> {
 					attrs.put(HttpServletRequest.class.getName(), this.request);
 					attrs.put(HttpServletResponse.class.getName(), this.response);
 				}).build();
-
 		assertThatCode(() -> this.authorizedClientManager.authorize(reauthorizeRequest))
 				.isEqualTo(authorizationException);
-
 		verify(this.authorizationFailureHandler).onAuthorizationFailure(eq(authorizationException), eq(this.principal),
 				any());
 		verify(this.authorizedClientRepository).removeAuthorizedClient(eq(this.clientRegistration.getRegistrationId()),
@@ -452,19 +413,15 @@ public class DefaultOAuth2AuthorizedClientManagerTests {
 	public void reauthorizeWhenErrorCodeDoesNotMatchThenDoNotRemoveAuthorizedClient() {
 		ClientAuthorizationException authorizationException = new ClientAuthorizationException(
 				new OAuth2Error("non-matching-error-code", null, null), this.clientRegistration.getRegistrationId());
-
 		given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
 				.willThrow(authorizationException);
-
 		OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient)
 				.principal(this.principal).attributes((attrs) -> {
 					attrs.put(HttpServletRequest.class.getName(), this.request);
 					attrs.put(HttpServletResponse.class.getName(), this.response);
 				}).build();
-
 		assertThatCode(() -> this.authorizedClientManager.authorize(reauthorizeRequest))
 				.isEqualTo(authorizationException);
-
 		verify(this.authorizationFailureHandler).onAuthorizationFailure(eq(authorizationException), eq(this.principal),
 				any());
 		verifyNoInteractions(this.authorizedClientRepository);
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultReactiveOAuth2AuthorizedClientManagerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultReactiveOAuth2AuthorizedClientManagerTests.java
index 0548e9fbff..a80ca4ee9d 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultReactiveOAuth2AuthorizedClientManagerTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultReactiveOAuth2AuthorizedClientManagerTests.java
@@ -199,21 +199,17 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests {
 	public void authorizeWhenNotAuthorizedAndUnsupportedProviderThenNotAuthorized() {
 		given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
 				.willReturn(Mono.just(this.clientRegistration));
-
 		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
 				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
 				.build();
 		OAuth2AuthorizedClient authorizedClient = this.authorizedClientManager.authorize(authorizeRequest)
 				.subscriberContext(this.context).block();
-
 		verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture());
 		verify(this.contextAttributesMapper).apply(eq(authorizeRequest));
-
 		OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue();
 		assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration);
 		assertThat(authorizationContext.getAuthorizedClient()).isNull();
 		assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal);
-
 		assertThat(authorizedClient).isNull();
 		this.loadAuthorizedClientProbe.assertWasSubscribed();
 		this.saveAuthorizedClientProbe.assertWasNotSubscribed();
@@ -226,21 +222,17 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests {
 				.willReturn(Mono.just(this.clientRegistration));
 		given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
 				.willReturn(Mono.just(this.authorizedClient));
-
 		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
 				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
 				.build();
 		OAuth2AuthorizedClient authorizedClient = this.authorizedClientManager.authorize(authorizeRequest)
 				.subscriberContext(this.context).block();
-
 		verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture());
 		verify(this.contextAttributesMapper).apply(eq(authorizeRequest));
-
 		OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue();
 		assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration);
 		assertThat(authorizationContext.getAuthorizedClient()).isNull();
 		assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal);
-
 		assertThat(authorizedClient).isSameAs(this.authorizedClient);
 		verify(this.authorizedClientRepository).saveAuthorizedClient(eq(this.authorizedClient), eq(this.principal),
 				eq(this.serverWebExchange));
@@ -255,26 +247,20 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests {
 				.willReturn(Mono.just(this.clientRegistration));
 		given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
 				.willReturn(Mono.just(this.authorizedClient));
-
 		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
 				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
 				.build();
-
 		PublisherProbe<Void> authorizationSuccessHandlerProbe = PublisherProbe.empty();
 		this.authorizedClientManager.setAuthorizationSuccessHandler(
 				(client, principal, attributes) -> authorizationSuccessHandlerProbe.mono());
-
 		OAuth2AuthorizedClient authorizedClient = this.authorizedClientManager.authorize(authorizeRequest)
 				.subscriberContext(this.context).block();
-
 		verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture());
 		verify(this.contextAttributesMapper).apply(eq(authorizeRequest));
-
 		OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue();
 		assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration);
 		assertThat(authorizationContext.getAuthorizedClient()).isNull();
 		assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal);
-
 		assertThat(authorizedClient).isSameAs(this.authorizedClient);
 		authorizationSuccessHandlerProbe.assertWasSubscribed();
 		verify(this.authorizedClientRepository, never()).saveAuthorizedClient(any(), any(), any());
@@ -286,30 +272,23 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests {
 	public void authorizeWhenInvalidTokenThenRemoveAuthorizedClient() {
 		given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
 				.willReturn(Mono.just(this.clientRegistration));
-
 		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
 				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
 				.build();
-
 		ClientAuthorizationException exception = new ClientAuthorizationException(
 				new OAuth2Error(OAuth2ErrorCodes.INVALID_TOKEN, null, null),
 				this.clientRegistration.getRegistrationId());
-
 		given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
 				.willReturn(Mono.error(exception));
-
 		assertThatCode(
 				() -> this.authorizedClientManager.authorize(authorizeRequest).subscriberContext(this.context).block())
 						.isEqualTo(exception);
-
 		verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture());
 		verify(this.contextAttributesMapper).apply(eq(authorizeRequest));
-
 		OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue();
 		assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration);
 		assertThat(authorizationContext.getAuthorizedClient()).isNull();
 		assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal);
-
 		verify(this.authorizedClientRepository).removeAuthorizedClient(eq(this.clientRegistration.getRegistrationId()),
 				eq(this.principal), eq(this.serverWebExchange));
 		this.removeAuthorizedClientProbe.assertWasSubscribed();
@@ -321,30 +300,23 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests {
 	public void authorizeWhenInvalidGrantThenRemoveAuthorizedClient() {
 		given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
 				.willReturn(Mono.just(this.clientRegistration));
-
 		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
 				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
 				.build();
-
 		ClientAuthorizationException exception = new ClientAuthorizationException(
 				new OAuth2Error(OAuth2ErrorCodes.INVALID_GRANT, null, null),
 				this.clientRegistration.getRegistrationId());
-
 		given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
 				.willReturn(Mono.error(exception));
-
 		assertThatCode(
 				() -> this.authorizedClientManager.authorize(authorizeRequest).subscriberContext(this.context).block())
 						.isEqualTo(exception);
-
 		verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture());
 		verify(this.contextAttributesMapper).apply(eq(authorizeRequest));
-
 		OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue();
 		assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration);
 		assertThat(authorizationContext.getAuthorizedClient()).isNull();
 		assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal);
-
 		verify(this.authorizedClientRepository).removeAuthorizedClient(eq(this.clientRegistration.getRegistrationId()),
 				eq(this.principal), eq(this.serverWebExchange));
 		this.removeAuthorizedClientProbe.assertWasSubscribed();
@@ -356,30 +328,23 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests {
 	public void authorizeWhenServerErrorThenDoNotRemoveAuthorizedClient() {
 		given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
 				.willReturn(Mono.just(this.clientRegistration));
-
 		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
 				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
 				.build();
-
 		ClientAuthorizationException exception = new ClientAuthorizationException(
 				new OAuth2Error(OAuth2ErrorCodes.SERVER_ERROR, null, null),
 				this.clientRegistration.getRegistrationId());
-
 		given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
 				.willReturn(Mono.error(exception));
-
 		assertThatCode(
 				() -> this.authorizedClientManager.authorize(authorizeRequest).subscriberContext(this.context).block())
 						.isEqualTo(exception);
-
 		verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture());
 		verify(this.contextAttributesMapper).apply(eq(authorizeRequest));
-
 		OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue();
 		assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration);
 		assertThat(authorizationContext.getAuthorizedClient()).isNull();
 		assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal);
-
 		verify(this.authorizedClientRepository, never()).removeAuthorizedClient(any(), any(), any());
 		verify(this.authorizedClientRepository, never()).saveAuthorizedClient(any(), any(), any());
 	}
@@ -389,29 +354,22 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests {
 	public void authorizeWhenOAuth2AuthorizationExceptionThenDoNotRemoveAuthorizedClient() {
 		given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
 				.willReturn(Mono.just(this.clientRegistration));
-
 		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
 				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
 				.build();
-
 		OAuth2AuthorizationException exception = new OAuth2AuthorizationException(
 				new OAuth2Error(OAuth2ErrorCodes.INVALID_GRANT, null, null));
-
 		given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
 				.willReturn(Mono.error(exception));
-
 		assertThatCode(
 				() -> this.authorizedClientManager.authorize(authorizeRequest).subscriberContext(this.context).block())
 						.isEqualTo(exception);
-
 		verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture());
 		verify(this.contextAttributesMapper).apply(eq(authorizeRequest));
-
 		OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue();
 		assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration);
 		assertThat(authorizationContext.getAuthorizedClient()).isNull();
 		assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal);
-
 		verify(this.authorizedClientRepository, never()).removeAuthorizedClient(any(), any(), any());
 		verify(this.authorizedClientRepository, never()).saveAuthorizedClient(any(), any(), any());
 	}
@@ -421,33 +379,25 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests {
 	public void authorizeWhenOAuth2AuthorizationExceptionAndCustomFailureHandlerThenInvokeCustomFailureHandler() {
 		given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
 				.willReturn(Mono.just(this.clientRegistration));
-
 		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
 				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
 				.build();
-
 		OAuth2AuthorizationException exception = new OAuth2AuthorizationException(
 				new OAuth2Error(OAuth2ErrorCodes.INVALID_GRANT, null, null));
-
 		given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
 				.willReturn(Mono.error(exception));
-
 		PublisherProbe<Void> authorizationFailureHandlerProbe = PublisherProbe.empty();
 		this.authorizedClientManager.setAuthorizationFailureHandler(
 				(client, principal, attributes) -> authorizationFailureHandlerProbe.mono());
-
 		assertThatCode(
 				() -> this.authorizedClientManager.authorize(authorizeRequest).subscriberContext(this.context).block())
 						.isEqualTo(exception);
-
 		verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture());
 		verify(this.contextAttributesMapper).apply(eq(authorizeRequest));
-
 		OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue();
 		assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration);
 		assertThat(authorizationContext.getAuthorizedClient()).isNull();
 		assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal);
-
 		authorizationFailureHandlerProbe.assertWasSubscribed();
 		verify(this.authorizedClientRepository, never()).removeAuthorizedClient(any(), any(), any());
 		verify(this.authorizedClientRepository, never()).saveAuthorizedClient(any(), any(), any());
@@ -461,27 +411,21 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests {
 		this.loadAuthorizedClientProbe = PublisherProbe.of(Mono.just(this.authorizedClient));
 		given(this.authorizedClientRepository.loadAuthorizedClient(eq(this.clientRegistration.getRegistrationId()),
 				eq(this.principal), eq(this.serverWebExchange))).willReturn(this.loadAuthorizedClientProbe.mono());
-
 		OAuth2AuthorizedClient reauthorizedClient = new OAuth2AuthorizedClient(this.clientRegistration,
 				this.principal.getName(), TestOAuth2AccessTokens.noScopes(), TestOAuth2RefreshTokens.refreshToken());
-
 		given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
 				.willReturn(Mono.just(reauthorizedClient));
-
 		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
 				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
 				.build();
 		OAuth2AuthorizedClient authorizedClient = this.authorizedClientManager.authorize(authorizeRequest)
 				.subscriberContext(this.context).block();
-
 		verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture());
 		verify(this.contextAttributesMapper).apply(any());
-
 		OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue();
 		assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration);
 		assertThat(authorizationContext.getAuthorizedClient()).isSameAs(this.authorizedClient);
 		assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal);
-
 		assertThat(authorizedClient).isSameAs(reauthorizedClient);
 		verify(this.authorizedClientRepository).saveAuthorizedClient(eq(reauthorizedClient), eq(this.principal),
 				eq(this.serverWebExchange));
@@ -493,10 +437,8 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests {
 	public void authorizeWhenRequestFormParameterUsernamePasswordThenMappedToContext() {
 		given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
 				.willReturn(Mono.just(this.clientRegistration));
-
 		given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
 				.willReturn(Mono.just(this.authorizedClient));
-
 		// Set custom contextAttributesMapper capable of mapping the form parameters
 		this.authorizedClientManager.setContextAttributesMapper((authorizeRequest) -> currentServerWebExchange()
 				.flatMap(ServerWebExchange::getFormData).map((formData) -> {
@@ -507,19 +449,15 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests {
 					contextAttributes.put(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, password);
 					return contextAttributes;
 				}));
-
 		this.serverWebExchange = MockServerWebExchange.builder(MockServerHttpRequest.post("/")
 				.contentType(MediaType.APPLICATION_FORM_URLENCODED).body("username=username&password=password"))
 				.build();
 		this.context = Context.of(ServerWebExchange.class, this.serverWebExchange);
-
 		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
 				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
 				.build();
 		this.authorizedClientManager.authorize(authorizeRequest).subscriberContext(this.context).block();
-
 		verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture());
-
 		OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue();
 		String username = authorizationContext.getAttribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME);
 		assertThat(username).isEqualTo("username");
@@ -534,15 +472,12 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests {
 				.principal(this.principal).build();
 		OAuth2AuthorizedClient authorizedClient = this.authorizedClientManager.authorize(reauthorizeRequest)
 				.subscriberContext(this.context).block();
-
 		verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture());
 		verify(this.contextAttributesMapper).apply(eq(reauthorizeRequest));
-
 		OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue();
 		assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration);
 		assertThat(authorizationContext.getAuthorizedClient()).isSameAs(this.authorizedClient);
 		assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal);
-
 		assertThat(authorizedClient).isSameAs(this.authorizedClient);
 		this.saveAuthorizedClientProbe.assertWasNotSubscribed();
 	}
@@ -552,23 +487,18 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests {
 	public void reauthorizeWhenSupportedProviderThenReauthorized() {
 		OAuth2AuthorizedClient reauthorizedClient = new OAuth2AuthorizedClient(this.clientRegistration,
 				this.principal.getName(), TestOAuth2AccessTokens.noScopes(), TestOAuth2RefreshTokens.refreshToken());
-
 		given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
 				.willReturn(Mono.just(reauthorizedClient));
-
 		OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient)
 				.principal(this.principal).build();
 		OAuth2AuthorizedClient authorizedClient = this.authorizedClientManager.authorize(reauthorizeRequest)
 				.subscriberContext(this.context).block();
-
 		verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture());
 		verify(this.contextAttributesMapper).apply(eq(reauthorizeRequest));
-
 		OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue();
 		assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration);
 		assertThat(authorizationContext.getAuthorizedClient()).isSameAs(this.authorizedClient);
 		assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal);
-
 		assertThat(authorizedClient).isSameAs(reauthorizedClient);
 		verify(this.authorizedClientRepository).saveAuthorizedClient(eq(reauthorizedClient), eq(this.principal),
 				eq(this.serverWebExchange));
@@ -580,24 +510,18 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests {
 	public void reauthorizeWhenRequestParameterScopeThenMappedToContext() {
 		OAuth2AuthorizedClient reauthorizedClient = new OAuth2AuthorizedClient(this.clientRegistration,
 				this.principal.getName(), TestOAuth2AccessTokens.noScopes(), TestOAuth2RefreshTokens.refreshToken());
-
 		given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
 				.willReturn(Mono.just(reauthorizedClient));
-
 		// Override the mock with the default
 		this.authorizedClientManager.setContextAttributesMapper(
 				new DefaultReactiveOAuth2AuthorizedClientManager.DefaultContextAttributesMapper());
-
 		this.serverWebExchange = MockServerWebExchange
 				.builder(MockServerHttpRequest.get("/").queryParam(OAuth2ParameterNames.SCOPE, "read write")).build();
 		this.context = Context.of(ServerWebExchange.class, this.serverWebExchange);
-
 		OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient)
 				.principal(this.principal).build();
 		this.authorizedClientManager.authorize(reauthorizeRequest).subscriberContext(this.context).block();
-
 		verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture());
-
 		OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue();
 		String[] requestScopeAttribute = authorizationContext
 				.getAttribute(OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME);
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizationRequestRepositoryTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizationRequestRepositoryTests.java
index 36fca1a6f2..c28af93daa 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizationRequestRepositoryTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizationRequestRepositoryTests.java
@@ -53,7 +53,6 @@ public class HttpSessionOAuth2AuthorizationRequestRepositoryTests {
 		request.addParameter(OAuth2ParameterNames.STATE, "state-1234");
 		OAuth2AuthorizationRequest authorizationRequest = this.authorizationRequestRepository
 				.loadAuthorizationRequest(request);
-
 		assertThat(authorizationRequest).isNull();
 	}
 
@@ -61,14 +60,11 @@ public class HttpSessionOAuth2AuthorizationRequestRepositoryTests {
 	public void loadAuthorizationRequestWhenSavedThenReturnAuthorizationRequest() {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		OAuth2AuthorizationRequest authorizationRequest = createAuthorizationRequest().build();
-
 		this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, request, response);
 		request.addParameter(OAuth2ParameterNames.STATE, authorizationRequest.getState());
 		OAuth2AuthorizationRequest loadedAuthorizationRequest = this.authorizationRequestRepository
 				.loadAuthorizationRequest(request);
-
 		assertThat(loadedAuthorizationRequest).isEqualTo(authorizationRequest);
 	}
 
@@ -77,30 +73,24 @@ public class HttpSessionOAuth2AuthorizationRequestRepositoryTests {
 	public void loadAuthorizationRequestWhenMultipleSavedThenReturnMatchingAuthorizationRequest() {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		String state1 = "state-1122";
 		OAuth2AuthorizationRequest authorizationRequest1 = createAuthorizationRequest().state(state1).build();
 		this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest1, request, response);
-
 		String state2 = "state-3344";
 		OAuth2AuthorizationRequest authorizationRequest2 = createAuthorizationRequest().state(state2).build();
 		this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest2, request, response);
-
 		String state3 = "state-5566";
 		OAuth2AuthorizationRequest authorizationRequest3 = createAuthorizationRequest().state(state3).build();
 		this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest3, request, response);
-
 		request.addParameter(OAuth2ParameterNames.STATE, state1);
 		OAuth2AuthorizationRequest loadedAuthorizationRequest1 = this.authorizationRequestRepository
 				.loadAuthorizationRequest(request);
 		assertThat(loadedAuthorizationRequest1).isEqualTo(authorizationRequest1);
-
 		request.removeParameter(OAuth2ParameterNames.STATE);
 		request.addParameter(OAuth2ParameterNames.STATE, state2);
 		OAuth2AuthorizationRequest loadedAuthorizationRequest2 = this.authorizationRequestRepository
 				.loadAuthorizationRequest(request);
 		assertThat(loadedAuthorizationRequest2).isEqualTo(authorizationRequest2);
-
 		request.removeParameter(OAuth2ParameterNames.STATE);
 		request.addParameter(OAuth2ParameterNames.STATE, state3);
 		OAuth2AuthorizationRequest loadedAuthorizationRequest3 = this.authorizationRequestRepository
@@ -111,18 +101,15 @@ public class HttpSessionOAuth2AuthorizationRequestRepositoryTests {
 	@Test
 	public void loadAuthorizationRequestWhenSavedAndStateParameterNullThenReturnNull() {
 		MockHttpServletRequest request = new MockHttpServletRequest();
-
 		OAuth2AuthorizationRequest authorizationRequest = createAuthorizationRequest().build();
 		this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, request,
 				new MockHttpServletResponse());
-
 		assertThat(this.authorizationRequestRepository.loadAuthorizationRequest(request)).isNull();
 	}
 
 	@Test
 	public void saveAuthorizationRequestWhenHttpServletRequestIsNullThenThrowIllegalArgumentException() {
 		OAuth2AuthorizationRequest authorizationRequest = createAuthorizationRequest().build();
-
 		assertThatThrownBy(() -> this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest,
 				null, new MockHttpServletResponse())).isInstanceOf(IllegalArgumentException.class);
 	}
@@ -130,7 +117,6 @@ public class HttpSessionOAuth2AuthorizationRequestRepositoryTests {
 	@Test
 	public void saveAuthorizationRequestWhenHttpServletResponseIsNullThenThrowIllegalArgumentException() {
 		OAuth2AuthorizationRequest authorizationRequest = createAuthorizationRequest().build();
-
 		assertThatThrownBy(() -> this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest,
 				new MockHttpServletRequest(), null)).isInstanceOf(IllegalArgumentException.class);
 	}
@@ -146,15 +132,12 @@ public class HttpSessionOAuth2AuthorizationRequestRepositoryTests {
 	@Test
 	public void saveAuthorizationRequestWhenNotNullThenSaved() {
 		MockHttpServletRequest request = new MockHttpServletRequest();
-
 		OAuth2AuthorizationRequest authorizationRequest = createAuthorizationRequest().build();
 		this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, request,
 				new MockHttpServletResponse());
-
 		request.addParameter(OAuth2ParameterNames.STATE, authorizationRequest.getState());
 		OAuth2AuthorizationRequest loadedAuthorizationRequest = this.authorizationRequestRepository
 				.loadAuthorizationRequest(request);
-
 		assertThat(loadedAuthorizationRequest).isEqualTo(authorizationRequest);
 	}
 
@@ -162,15 +145,12 @@ public class HttpSessionOAuth2AuthorizationRequestRepositoryTests {
 	public void saveAuthorizationRequestWhenNoExistingSessionAndDistributedSessionThenSaved() {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setSession(new MockDistributedHttpSession());
-
 		OAuth2AuthorizationRequest authorizationRequest = createAuthorizationRequest().build();
 		this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, request,
 				new MockHttpServletResponse());
-
 		request.addParameter(OAuth2ParameterNames.STATE, authorizationRequest.getState());
 		OAuth2AuthorizationRequest loadedAuthorizationRequest = this.authorizationRequestRepository
 				.loadAuthorizationRequest(request);
-
 		assertThat(loadedAuthorizationRequest).isEqualTo(authorizationRequest);
 	}
 
@@ -178,19 +158,15 @@ public class HttpSessionOAuth2AuthorizationRequestRepositoryTests {
 	public void saveAuthorizationRequestWhenExistingSessionAndDistributedSessionThenSaved() {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setSession(new MockDistributedHttpSession());
-
 		OAuth2AuthorizationRequest authorizationRequest1 = createAuthorizationRequest().build();
 		this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest1, request,
 				new MockHttpServletResponse());
-
 		OAuth2AuthorizationRequest authorizationRequest2 = createAuthorizationRequest().build();
 		this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest2, request,
 				new MockHttpServletResponse());
-
 		request.addParameter(OAuth2ParameterNames.STATE, authorizationRequest2.getState());
 		OAuth2AuthorizationRequest loadedAuthorizationRequest = this.authorizationRequestRepository
 				.loadAuthorizationRequest(request);
-
 		assertThat(loadedAuthorizationRequest).isEqualTo(authorizationRequest2);
 	}
 
@@ -224,17 +200,13 @@ public class HttpSessionOAuth2AuthorizationRequestRepositoryTests {
 	public void removeAuthorizationRequestWhenSavedThenRemoved() {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		OAuth2AuthorizationRequest authorizationRequest = createAuthorizationRequest().build();
-
 		this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, request, response);
-
 		request.addParameter(OAuth2ParameterNames.STATE, authorizationRequest.getState());
 		OAuth2AuthorizationRequest removedAuthorizationRequest = this.authorizationRequestRepository
 				.removeAuthorizationRequest(request, response);
 		OAuth2AuthorizationRequest loadedAuthorizationRequest = this.authorizationRequestRepository
 				.loadAuthorizationRequest(request);
-
 		assertThat(removedAuthorizationRequest).isNotNull();
 		assertThat(loadedAuthorizationRequest).isNull();
 	}
@@ -244,18 +216,13 @@ public class HttpSessionOAuth2AuthorizationRequestRepositoryTests {
 	public void removeAuthorizationRequestWhenSavedThenRemovedFromSession() {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		OAuth2AuthorizationRequest authorizationRequest = createAuthorizationRequest().build();
-
 		this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, request, response);
-
 		request.addParameter(OAuth2ParameterNames.STATE, authorizationRequest.getState());
 		OAuth2AuthorizationRequest removedAuthorizationRequest = this.authorizationRequestRepository
 				.removeAuthorizationRequest(request, response);
-
 		String sessionAttributeName = HttpSessionOAuth2AuthorizationRequestRepository.class.getName()
 				+ ".AUTHORIZATION_REQUEST";
-
 		assertThat(removedAuthorizationRequest).isNotNull();
 		assertThat(request.getSession().getAttribute(sessionAttributeName)).isNull();
 	}
@@ -264,12 +231,9 @@ public class HttpSessionOAuth2AuthorizationRequestRepositoryTests {
 	public void removeAuthorizationRequestWhenNotSavedThenNotRemoved() {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.addParameter(OAuth2ParameterNames.STATE, "state-1234");
-
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		OAuth2AuthorizationRequest removedAuthorizationRequest = this.authorizationRequestRepository
 				.removeAuthorizationRequest(request, response);
-
 		assertThat(removedAuthorizationRequest).isNull();
 	}
 
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizedClientRepositoryTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizedClientRepositoryTests.java
index 34967f442e..7cf152bdbd 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizedClientRepositoryTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizedClientRepositoryTests.java
@@ -92,7 +92,6 @@ public class HttpSessionOAuth2AuthorizedClientRepositoryTests {
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration1, this.principalName1,
 				mock(OAuth2AccessToken.class));
 		this.authorizedClientRepository.saveAuthorizedClient(authorizedClient, null, this.request, this.response);
-
 		OAuth2AuthorizedClient loadedAuthorizedClient = this.authorizedClientRepository
 				.loadAuthorizedClient(this.registrationId1, null, this.request);
 		assertThat(loadedAuthorizedClient).isEqualTo(authorizedClient);
@@ -135,10 +134,8 @@ public class HttpSessionOAuth2AuthorizedClientRepositoryTests {
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration2, this.principalName1,
 				mock(OAuth2AccessToken.class));
 		this.authorizedClientRepository.saveAuthorizedClient(authorizedClient, null, this.request, this.response);
-
 		HttpSession session = this.request.getSession(false);
 		assertThat(session).isNotNull();
-
 		@SuppressWarnings("unchecked")
 		Map<String, OAuth2AuthorizedClient> authorizedClients = (Map<String, OAuth2AuthorizedClient>) session
 				.getAttribute(HttpSessionOAuth2AuthorizedClientRepository.class.getName() + ".AUTHORIZED_CLIENTS");
@@ -181,10 +178,8 @@ public class HttpSessionOAuth2AuthorizedClientRepositoryTests {
 		OAuth2AuthorizedClient authorizedClient1 = new OAuth2AuthorizedClient(this.registration1, this.principalName1,
 				mock(OAuth2AccessToken.class));
 		this.authorizedClientRepository.saveAuthorizedClient(authorizedClient1, null, this.request, this.response);
-
 		// Remove registrationId2 (never added so is not removed either)
 		this.authorizedClientRepository.removeAuthorizedClient(this.registrationId2, null, this.request, this.response);
-
 		OAuth2AuthorizedClient loadedAuthorizedClient1 = this.authorizedClientRepository
 				.loadAuthorizedClient(this.registrationId1, null, this.request);
 		assertThat(loadedAuthorizedClient1).isNotNull();
@@ -214,7 +209,6 @@ public class HttpSessionOAuth2AuthorizedClientRepositoryTests {
 				.loadAuthorizedClient(this.registrationId1, null, this.request);
 		assertThat(loadedAuthorizedClient).isSameAs(authorizedClient);
 		this.authorizedClientRepository.removeAuthorizedClient(this.registrationId1, null, this.request, this.response);
-
 		HttpSession session = this.request.getSession(false);
 		assertThat(session).isNotNull();
 		assertThat(session
@@ -227,13 +221,10 @@ public class HttpSessionOAuth2AuthorizedClientRepositoryTests {
 		OAuth2AuthorizedClient authorizedClient1 = new OAuth2AuthorizedClient(this.registration1, this.principalName1,
 				mock(OAuth2AccessToken.class));
 		this.authorizedClientRepository.saveAuthorizedClient(authorizedClient1, null, this.request, this.response);
-
 		OAuth2AuthorizedClient authorizedClient2 = new OAuth2AuthorizedClient(this.registration2, this.principalName1,
 				mock(OAuth2AccessToken.class));
 		this.authorizedClientRepository.saveAuthorizedClient(authorizedClient2, null, this.request, this.response);
-
 		this.authorizedClientRepository.removeAuthorizedClient(this.registrationId1, null, this.request, this.response);
-
 		OAuth2AuthorizedClient loadedAuthorizedClient2 = this.authorizedClientRepository
 				.loadAuthorizedClient(this.registrationId2, null, this.request);
 		assertThat(loadedAuthorizedClient2).isNotNull();
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilterTests.java
index 4977086d0b..b77b743985 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilterTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilterTests.java
@@ -157,9 +157,7 @@ public class OAuth2AuthorizationCodeGrantFilterTests {
 		// parameter.
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		FilterChain filterChain = mock(FilterChain.class);
-
 		this.filter.doFilter(request, response, filterChain);
-
 		verify(filterChain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
 	}
 
@@ -169,9 +167,7 @@ public class OAuth2AuthorizationCodeGrantFilterTests {
 		MockHttpServletRequest authorizationResponse = createAuthorizationResponse(authorizationRequest);
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		FilterChain filterChain = mock(FilterChain.class);
-
 		this.filter.doFilter(authorizationResponse, response, filterChain);
-
 		verify(filterChain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
 	}
 
@@ -184,9 +180,7 @@ public class OAuth2AuthorizationCodeGrantFilterTests {
 		this.setUpAuthorizationRequest(authorizationRequest, response, this.registration1);
 		authorizationResponse.setRequestURI(requestUri + "-no-match");
 		FilterChain filterChain = mock(FilterChain.class);
-
 		this.filter.doFilter(authorizationResponse, response, filterChain);
-
 		verify(filterChain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
 	}
 
@@ -206,7 +200,6 @@ public class OAuth2AuthorizationCodeGrantFilterTests {
 		MockHttpServletRequest authorizationResponse = createAuthorizationResponse(authorizationRequest);
 		this.filter.doFilter(authorizationResponse, response, filterChain);
 		verifyNoInteractions(filterChain);
-
 		// 2) redirect_uri with query parameters AND authorization response additional
 		// parameters
 		Map<String, String> additionalParameters = new LinkedHashMap<>();
@@ -231,7 +224,6 @@ public class OAuth2AuthorizationCodeGrantFilterTests {
 		this.setUpAuthorizationRequest(authorizationRequest, response, this.registration1);
 		this.setUpAuthenticationResult(this.registration1);
 		FilterChain filterChain = mock(FilterChain.class);
-
 		// 1) Parameter value
 		Map<String, String> parametersNotMatch = new LinkedHashMap<>(parameters);
 		parametersNotMatch.put("param2", "value8");
@@ -240,7 +232,6 @@ public class OAuth2AuthorizationCodeGrantFilterTests {
 		authorizationResponse.setSession(authorizationRequest.getSession());
 		this.filter.doFilter(authorizationResponse, response, filterChain);
 		verify(filterChain, times(1)).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
-
 		// 2) Parameter order
 		parametersNotMatch = new LinkedHashMap<>();
 		parametersNotMatch.put("param2", "value2");
@@ -249,7 +240,6 @@ public class OAuth2AuthorizationCodeGrantFilterTests {
 		authorizationResponse.setSession(authorizationRequest.getSession());
 		this.filter.doFilter(authorizationResponse, response, filterChain);
 		verify(filterChain, times(2)).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
-
 		// 3) Parameter missing
 		parametersNotMatch = new LinkedHashMap<>(parameters);
 		parametersNotMatch.remove("param2");
@@ -267,9 +257,7 @@ public class OAuth2AuthorizationCodeGrantFilterTests {
 		FilterChain filterChain = mock(FilterChain.class);
 		this.setUpAuthorizationRequest(authorizationRequest, response, this.registration1);
 		this.setUpAuthenticationResult(this.registration1);
-
 		this.filter.doFilter(authorizationResponse, response, filterChain);
-
 		assertThat(this.authorizationRequestRepository.loadAuthorizationRequest(authorizationResponse)).isNull();
 	}
 
@@ -280,13 +268,10 @@ public class OAuth2AuthorizationCodeGrantFilterTests {
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		FilterChain filterChain = mock(FilterChain.class);
 		this.setUpAuthorizationRequest(authorizationRequest, response, this.registration1);
-
 		OAuth2Error error = new OAuth2Error(OAuth2ErrorCodes.INVALID_GRANT);
 		given(this.authenticationManager.authenticate(any(Authentication.class)))
 				.willThrow(new OAuth2AuthorizationException(error));
-
 		this.filter.doFilter(authorizationResponse, response, filterChain);
-
 		assertThat(response.getRedirectedUrl()).isEqualTo("http://localhost/callback/client-1?error=invalid_grant");
 	}
 
@@ -298,9 +283,7 @@ public class OAuth2AuthorizationCodeGrantFilterTests {
 		FilterChain filterChain = mock(FilterChain.class);
 		this.setUpAuthorizationRequest(authorizationRequest, response, this.registration1);
 		this.setUpAuthenticationResult(this.registration1);
-
 		this.filter.doFilter(authorizationResponse, response, filterChain);
-
 		OAuth2AuthorizedClient authorizedClient = this.authorizedClientService
 				.loadAuthorizedClient(this.registration1.getRegistrationId(), this.principalName1);
 		assertThat(authorizedClient).isNotNull();
@@ -318,9 +301,7 @@ public class OAuth2AuthorizationCodeGrantFilterTests {
 		FilterChain filterChain = mock(FilterChain.class);
 		this.setUpAuthorizationRequest(authorizationRequest, response, this.registration1);
 		this.setUpAuthenticationResult(this.registration1);
-
 		this.filter.doFilter(authorizationResponse, response, filterChain);
-
 		assertThat(response.getRedirectedUrl()).isEqualTo("http://localhost/callback/client-1");
 	}
 
@@ -338,9 +319,7 @@ public class OAuth2AuthorizationCodeGrantFilterTests {
 		FilterChain filterChain = mock(FilterChain.class);
 		this.setUpAuthorizationRequest(request, response, this.registration1);
 		this.setUpAuthenticationResult(this.registration1);
-
 		this.filter.doFilter(request, response, filterChain);
-
 		assertThat(response.getRedirectedUrl()).isEqualTo("http://localhost/saved-request");
 	}
 
@@ -349,19 +328,14 @@ public class OAuth2AuthorizationCodeGrantFilterTests {
 		MockHttpServletRequest authorizationRequest = createAuthorizationRequest("/callback/client-1");
 		MockHttpServletRequest authorizationResponse = createAuthorizationResponse(authorizationRequest);
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		FilterChain filterChain = mock(FilterChain.class);
 		this.setUpAuthorizationRequest(authorizationRequest, response, this.registration1);
 		this.setUpAuthenticationResult(this.registration1);
-
 		RequestCache requestCache = spy(HttpSessionRequestCache.class);
 		this.filter.setRequestCache(requestCache);
-
 		authorizationRequest.setRequestURI("/saved-request");
 		requestCache.saveRequest(authorizationRequest, response);
-
 		this.filter.doFilter(authorizationResponse, response, filterChain);
-
 		verify(requestCache).getRequest(any(HttpServletRequest.class), any(HttpServletResponse.class));
 		assertThat(response.getRedirectedUrl()).isEqualTo("http://localhost/saved-request");
 	}
@@ -374,26 +348,21 @@ public class OAuth2AuthorizationCodeGrantFilterTests {
 		SecurityContext securityContext = SecurityContextHolder.createEmptyContext();
 		securityContext.setAuthentication(anonymousPrincipal);
 		SecurityContextHolder.setContext(securityContext);
-
 		MockHttpServletRequest authorizationRequest = createAuthorizationRequest("/callback/client-1");
 		MockHttpServletRequest authorizationResponse = createAuthorizationResponse(authorizationRequest);
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		FilterChain filterChain = mock(FilterChain.class);
 		this.setUpAuthorizationRequest(authorizationRequest, response, this.registration1);
 		this.setUpAuthenticationResult(this.registration1);
-
 		this.filter.doFilter(authorizationResponse, response, filterChain);
-
 		OAuth2AuthorizedClient authorizedClient = this.authorizedClientRepository.loadAuthorizedClient(
 				this.registration1.getRegistrationId(), anonymousPrincipal, authorizationResponse);
 		assertThat(authorizedClient).isNotNull();
 		assertThat(authorizedClient.getClientRegistration()).isEqualTo(this.registration1);
 		assertThat(authorizedClient.getPrincipalName()).isEqualTo(anonymousPrincipal.getName());
 		assertThat(authorizedClient.getAccessToken()).isNotNull();
-
 		HttpSession session = authorizationResponse.getSession(false);
 		assertThat(session).isNotNull();
-
 		@SuppressWarnings("unchecked")
 		Map<String, OAuth2AuthorizedClient> authorizedClients = (Map<String, OAuth2AuthorizedClient>) session
 				.getAttribute(HttpSessionOAuth2AuthorizedClientRepository.class.getName() + ".AUTHORIZED_CLIENTS");
@@ -407,26 +376,21 @@ public class OAuth2AuthorizationCodeGrantFilterTests {
 			throws Exception {
 		SecurityContext securityContext = SecurityContextHolder.createEmptyContext();
 		SecurityContextHolder.setContext(securityContext); // null Authentication
-
 		MockHttpServletRequest authorizationRequest = createAuthorizationRequest("/callback/client-1");
 		MockHttpServletRequest authorizationResponse = createAuthorizationResponse(authorizationRequest);
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		FilterChain filterChain = mock(FilterChain.class);
 		this.setUpAuthorizationRequest(authorizationRequest, response, this.registration1);
 		this.setUpAuthenticationResult(this.registration1);
-
 		this.filter.doFilter(authorizationResponse, response, filterChain);
-
 		OAuth2AuthorizedClient authorizedClient = this.authorizedClientRepository
 				.loadAuthorizedClient(this.registration1.getRegistrationId(), null, authorizationResponse);
 		assertThat(authorizedClient).isNotNull();
 		assertThat(authorizedClient.getClientRegistration()).isEqualTo(this.registration1);
 		assertThat(authorizedClient.getPrincipalName()).isEqualTo("anonymousUser");
 		assertThat(authorizedClient.getAccessToken()).isNotNull();
-
 		HttpSession session = authorizationResponse.getSession(false);
 		assertThat(session).isNotNull();
-
 		@SuppressWarnings("unchecked")
 		Map<String, OAuth2AuthorizedClient> authorizedClients = (Map<String, OAuth2AuthorizedClient>) session
 				.getAttribute(HttpSessionOAuth2AuthorizedClientRepository.class.getName() + ".AUTHORIZED_CLIENTS");
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilterTests.java
index c5e2ece886..26020004c6 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilterTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilterTests.java
@@ -125,9 +125,7 @@ public class OAuth2AuthorizationRequestRedirectFilterTests {
 		request.setServletPath(requestUri);
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		FilterChain filterChain = mock(FilterChain.class);
-
 		this.filter.doFilter(request, response, filterChain);
-
 		verify(filterChain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
 	}
 
@@ -139,11 +137,8 @@ public class OAuth2AuthorizationRequestRedirectFilterTests {
 		request.setServletPath(requestUri);
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		FilterChain filterChain = mock(FilterChain.class);
-
 		this.filter.doFilter(request, response, filterChain);
-
 		verifyZeroInteractions(filterChain);
-
 		assertThat(response.getStatus()).isEqualTo(HttpStatus.INTERNAL_SERVER_ERROR.value());
 		assertThat(response.getErrorMessage()).isEqualTo(HttpStatus.INTERNAL_SERVER_ERROR.getReasonPhrase());
 	}
@@ -156,11 +151,8 @@ public class OAuth2AuthorizationRequestRedirectFilterTests {
 		request.setServletPath(requestUri);
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		FilterChain filterChain = mock(FilterChain.class);
-
 		this.filter.doFilter(request, response, filterChain);
-
 		verifyZeroInteractions(filterChain);
-
 		assertThat(response.getRedirectedUrl()).matches("https://example.com/login/oauth/authorize\\?"
 				+ "response_type=code&client_id=client-id&" + "scope=read:user&state=.{15,}&"
 				+ "redirect_uri=http://localhost/login/oauth2/code/registration-id");
@@ -174,13 +166,10 @@ public class OAuth2AuthorizationRequestRedirectFilterTests {
 		request.setServletPath(requestUri);
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		FilterChain filterChain = mock(FilterChain.class);
-
 		AuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository = mock(
 				AuthorizationRequestRepository.class);
 		this.filter.setAuthorizationRequestRepository(authorizationRequestRepository);
-
 		this.filter.doFilter(request, response, filterChain);
-
 		verifyZeroInteractions(filterChain);
 		verify(authorizationRequestRepository).saveAuthorizationRequest(any(OAuth2AuthorizationRequest.class),
 				any(HttpServletRequest.class), any(HttpServletResponse.class));
@@ -194,11 +183,8 @@ public class OAuth2AuthorizationRequestRedirectFilterTests {
 		request.setServletPath(requestUri);
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		FilterChain filterChain = mock(FilterChain.class);
-
 		this.filter.doFilter(request, response, filterChain);
-
 		verifyZeroInteractions(filterChain);
-
 		assertThat(response.getRedirectedUrl()).matches("https://example.com/login/oauth/authorize\\?"
 				+ "response_type=token&client_id=client-id&" + "scope=read:user&state=.{15,}&"
 				+ "redirect_uri=http://localhost/authorize/oauth2/implicit/registration-3");
@@ -212,13 +198,10 @@ public class OAuth2AuthorizationRequestRedirectFilterTests {
 		request.setServletPath(requestUri);
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		FilterChain filterChain = mock(FilterChain.class);
-
 		AuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository = mock(
 				AuthorizationRequestRepository.class);
 		this.filter.setAuthorizationRequestRepository(authorizationRequestRepository);
-
 		this.filter.doFilter(request, response, filterChain);
-
 		verifyZeroInteractions(filterChain);
 		verify(authorizationRequestRepository, times(0)).saveAuthorizationRequest(any(OAuth2AuthorizationRequest.class),
 				any(HttpServletRequest.class), any(HttpServletResponse.class));
@@ -229,17 +212,13 @@ public class OAuth2AuthorizationRequestRedirectFilterTests {
 		String authorizationRequestBaseUri = "/custom/authorization";
 		this.filter = new OAuth2AuthorizationRequestRedirectFilter(this.clientRegistrationRepository,
 				authorizationRequestBaseUri);
-
 		String requestUri = authorizationRequestBaseUri + "/" + this.registration1.getRegistrationId();
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri);
 		request.setServletPath(requestUri);
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		FilterChain filterChain = mock(FilterChain.class);
-
 		this.filter.doFilter(request, response, filterChain);
-
 		verifyZeroInteractions(filterChain);
-
 		assertThat(response.getRedirectedUrl()).matches("https://example.com/login/oauth/authorize\\?"
 				+ "response_type=code&client_id=client-id&" + "scope=read:user&state=.{15,}&"
 				+ "redirect_uri=http://localhost/login/oauth2/code/registration-id");
@@ -253,14 +232,10 @@ public class OAuth2AuthorizationRequestRedirectFilterTests {
 		request.setServletPath(requestUri);
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		FilterChain filterChain = mock(FilterChain.class);
-
 		willThrow(new ClientAuthorizationRequiredException(this.registration1.getRegistrationId())).given(filterChain)
 				.doFilter(any(ServletRequest.class), any(ServletResponse.class));
-
 		this.filter.doFilter(request, response, filterChain);
-
 		verify(filterChain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
-
 		assertThat(response.getRedirectedUrl()).matches("https://example.com/login/oauth/authorize\\?"
 				+ "response_type=code&client_id=client-id&" + "scope=read:user&state=.{15,}&"
 				+ "redirect_uri=http://localhost/authorize/oauth2/code/registration-id");
@@ -275,19 +250,13 @@ public class OAuth2AuthorizationRequestRedirectFilterTests {
 		request.setServletPath(requestUri);
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		FilterChain filterChain = mock(FilterChain.class);
-
 		willThrow(new ClientAuthorizationRequiredException(this.registration1.getRegistrationId())).given(filterChain)
 				.doFilter(any(ServletRequest.class), any(ServletResponse.class));
-
 		OAuth2AuthorizationRequestResolver resolver = mock(OAuth2AuthorizationRequestResolver.class);
 		OAuth2AuthorizationRequestRedirectFilter filter = new OAuth2AuthorizationRequestRedirectFilter(resolver);
-
 		filter.doFilter(request, response, filterChain);
-
 		verify(filterChain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
-
 		verifyZeroInteractions(filterChain);
-
 		assertThat(response.getStatus()).isEqualTo(HttpStatus.INTERNAL_SERVER_ERROR.value());
 		assertThat(response.getErrorMessage()).isEqualTo(HttpStatus.INTERNAL_SERVER_ERROR.getReasonPhrase());
 	}
@@ -303,22 +272,17 @@ public class OAuth2AuthorizationRequestRedirectFilterTests {
 		request.addParameter("idp", "https://other.provider.com");
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		FilterChain filterChain = mock(FilterChain.class);
-
 		OAuth2AuthorizationRequestResolver defaultAuthorizationRequestResolver = new DefaultOAuth2AuthorizationRequestResolver(
 				this.clientRegistrationRepository,
 				OAuth2AuthorizationRequestRedirectFilter.DEFAULT_AUTHORIZATION_REQUEST_BASE_URI);
-
 		OAuth2AuthorizationRequestResolver resolver = mock(OAuth2AuthorizationRequestResolver.class);
 		OAuth2AuthorizationRequest result = OAuth2AuthorizationRequest
 				.from(defaultAuthorizationRequestResolver.resolve(request))
 				.additionalParameters(Collections.singletonMap("idp", request.getParameter("idp"))).build();
 		given(resolver.resolve(any())).willReturn(result);
 		OAuth2AuthorizationRequestRedirectFilter filter = new OAuth2AuthorizationRequestRedirectFilter(resolver);
-
 		filter.doFilter(request, response, filterChain);
-
 		verifyZeroInteractions(filterChain);
-
 		assertThat(response.getRedirectedUrl()).matches("https://example.com/login/oauth/authorize\\?"
 				+ "response_type=code&client_id=client-id&" + "scope=read:user&state=.{15,}&"
 				+ "redirect_uri=http://localhost/login/oauth2/code/registration-id&"
@@ -337,13 +301,10 @@ public class OAuth2AuthorizationRequestRedirectFilterTests {
 		request.addParameter(loginHintParamName, "user@provider.com");
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		FilterChain filterChain = mock(FilterChain.class);
-
 		OAuth2AuthorizationRequestResolver defaultAuthorizationRequestResolver = new DefaultOAuth2AuthorizationRequestResolver(
 				this.clientRegistrationRepository,
 				OAuth2AuthorizationRequestRedirectFilter.DEFAULT_AUTHORIZATION_REQUEST_BASE_URI);
-
 		OAuth2AuthorizationRequestResolver resolver = mock(OAuth2AuthorizationRequestResolver.class);
-
 		OAuth2AuthorizationRequest defaultAuthorizationRequest = defaultAuthorizationRequestResolver.resolve(request);
 		Map<String, Object> additionalParameters = new HashMap<>(defaultAuthorizationRequest.getAdditionalParameters());
 		additionalParameters.put(loginHintParamName, request.getParameter(loginHintParamName));
@@ -355,13 +316,9 @@ public class OAuth2AuthorizationRequestRedirectFilterTests {
 				.additionalParameters(Collections.singletonMap("idp", request.getParameter("idp")))
 				.authorizationRequestUri(customAuthorizationRequestUri).build();
 		given(resolver.resolve(any())).willReturn(result);
-
 		OAuth2AuthorizationRequestRedirectFilter filter = new OAuth2AuthorizationRequestRedirectFilter(resolver);
-
 		filter.doFilter(request, response, filterChain);
-
 		verifyZeroInteractions(filterChain);
-
 		assertThat(response.getRedirectedUrl()).matches("https://example.com/login/oauth/authorize\\?"
 				+ "response_type=code&client_id=client-id&" + "scope=read:user&state=.{15,}&"
 				+ "redirect_uri=http://localhost/login/oauth2/code/registration-id&"
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilterTests.java
index 7237f3f046..2a783cc03e 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilterTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilterTests.java
@@ -158,9 +158,7 @@ public class OAuth2LoginAuthenticationFilterTests {
 		request.setServletPath(requestUri);
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		FilterChain filterChain = mock(FilterChain.class);
-
 		this.filter.doFilter(request, response, filterChain);
-
 		verify(filterChain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
 		verify(this.filter, never()).attemptAuthentication(any(HttpServletRequest.class),
 				any(HttpServletResponse.class));
@@ -174,17 +172,13 @@ public class OAuth2LoginAuthenticationFilterTests {
 		// NOTE:
 		// A valid Authorization Response contains either a 'code' or 'error' parameter.
 		// Don't set it to force an invalid Authorization Response.
-
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		FilterChain filterChain = mock(FilterChain.class);
-
 		this.filter.doFilter(request, response, filterChain);
-
 		ArgumentCaptor<AuthenticationException> authenticationExceptionArgCaptor = ArgumentCaptor
 				.forClass(AuthenticationException.class);
 		verify(this.failureHandler).onAuthenticationFailure(any(HttpServletRequest.class),
 				any(HttpServletResponse.class), authenticationExceptionArgCaptor.capture());
-
 		assertThat(authenticationExceptionArgCaptor.getValue()).isInstanceOf(OAuth2AuthenticationException.class);
 		OAuth2AuthenticationException authenticationException = (OAuth2AuthenticationException) authenticationExceptionArgCaptor
 				.getValue();
@@ -199,17 +193,13 @@ public class OAuth2LoginAuthenticationFilterTests {
 		request.setServletPath(requestUri);
 		request.addParameter(OAuth2ParameterNames.CODE, "code");
 		request.addParameter(OAuth2ParameterNames.STATE, "state");
-
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		FilterChain filterChain = mock(FilterChain.class);
-
 		this.filter.doFilter(request, response, filterChain);
-
 		ArgumentCaptor<AuthenticationException> authenticationExceptionArgCaptor = ArgumentCaptor
 				.forClass(AuthenticationException.class);
 		verify(this.failureHandler).onAuthenticationFailure(any(HttpServletRequest.class),
 				any(HttpServletResponse.class), authenticationExceptionArgCaptor.capture());
-
 		assertThat(authenticationExceptionArgCaptor.getValue()).isInstanceOf(OAuth2AuthenticationException.class);
 		OAuth2AuthenticationException authenticationException = (OAuth2AuthenticationException) authenticationExceptionArgCaptor
 				.getValue();
@@ -226,10 +216,8 @@ public class OAuth2LoginAuthenticationFilterTests {
 		request.setServletPath(requestUri);
 		request.addParameter(OAuth2ParameterNames.CODE, "code");
 		request.addParameter(OAuth2ParameterNames.STATE, "state");
-
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		FilterChain filterChain = mock(FilterChain.class);
-
 		ClientRegistration registrationNotFound = ClientRegistration.withRegistrationId("registration-not-found")
 				.clientId("client-1").clientSecret("secret")
 				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
@@ -239,14 +227,11 @@ public class OAuth2LoginAuthenticationFilterTests {
 				.userInfoUri("https://provider.com/oauth2/user").userNameAttributeName("id").clientName("client-1")
 				.build();
 		this.setUpAuthorizationRequest(request, response, registrationNotFound, state);
-
 		this.filter.doFilter(request, response, filterChain);
-
 		ArgumentCaptor<AuthenticationException> authenticationExceptionArgCaptor = ArgumentCaptor
 				.forClass(AuthenticationException.class);
 		verify(this.failureHandler).onAuthenticationFailure(any(HttpServletRequest.class),
 				any(HttpServletResponse.class), authenticationExceptionArgCaptor.capture());
-
 		assertThat(authenticationExceptionArgCaptor.getValue()).isInstanceOf(OAuth2AuthenticationException.class);
 		OAuth2AuthenticationException authenticationException = (OAuth2AuthenticationException) authenticationExceptionArgCaptor
 				.getValue();
@@ -261,15 +246,11 @@ public class OAuth2LoginAuthenticationFilterTests {
 		request.setServletPath(requestUri);
 		request.addParameter(OAuth2ParameterNames.CODE, "code");
 		request.addParameter(OAuth2ParameterNames.STATE, state);
-
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		FilterChain filterChain = mock(FilterChain.class);
-
 		this.setUpAuthorizationRequest(request, response, this.registration2, state);
 		this.setUpAuthenticationResult(this.registration2);
-
 		this.filter.doFilter(request, response, filterChain);
-
 		assertThat(this.authorizationRequestRepository.loadAuthorizationRequest(request)).isNull();
 	}
 
@@ -281,15 +262,11 @@ public class OAuth2LoginAuthenticationFilterTests {
 		request.setServletPath(requestUri);
 		request.addParameter(OAuth2ParameterNames.CODE, "code");
 		request.addParameter(OAuth2ParameterNames.STATE, state);
-
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		FilterChain filterChain = mock(FilterChain.class);
-
 		this.setUpAuthorizationRequest(request, response, this.registration1, state);
 		this.setUpAuthenticationResult(this.registration1);
-
 		this.filter.doFilter(request, response, filterChain);
-
 		OAuth2AuthorizedClient authorizedClient = this.authorizedClientRepository
 				.loadAuthorizedClient(this.registration1.getRegistrationId(), this.loginAuthentication, request);
 		assertThat(authorizedClient).isNotNull();
@@ -305,22 +282,17 @@ public class OAuth2LoginAuthenticationFilterTests {
 		this.filter = spy(new OAuth2LoginAuthenticationFilter(this.clientRegistrationRepository,
 				this.authorizedClientRepository, filterProcessesUrl));
 		this.filter.setAuthenticationManager(this.authenticationManager);
-
 		String requestUri = "/login/oauth2/custom/" + this.registration2.getRegistrationId();
 		String state = "state";
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri);
 		request.setServletPath(requestUri);
 		request.addParameter(OAuth2ParameterNames.CODE, "code");
 		request.addParameter(OAuth2ParameterNames.STATE, state);
-
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		FilterChain filterChain = mock(FilterChain.class);
-
 		this.setUpAuthorizationRequest(request, response, this.registration2, state);
 		this.setUpAuthenticationResult(this.registration2);
-
 		this.filter.doFilter(request, response, filterChain);
-
 		verifyZeroInteractions(filterChain);
 		verify(this.filter).attemptAuthentication(any(HttpServletRequest.class), any(HttpServletResponse.class));
 	}
@@ -338,25 +310,19 @@ public class OAuth2LoginAuthenticationFilterTests {
 		request.setServletPath(requestUri);
 		request.addParameter(OAuth2ParameterNames.CODE, "code");
 		request.addParameter(OAuth2ParameterNames.STATE, "state");
-
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		FilterChain filterChain = mock(FilterChain.class);
-
 		this.setUpAuthorizationRequest(request, response, this.registration2, state);
 		this.setUpAuthenticationResult(this.registration2);
-
 		this.filter.doFilter(request, response, filterChain);
-
 		ArgumentCaptor<Authentication> authenticationArgCaptor = ArgumentCaptor.forClass(Authentication.class);
 		verify(this.authenticationManager).authenticate(authenticationArgCaptor.capture());
-
 		OAuth2LoginAuthenticationToken authentication = (OAuth2LoginAuthenticationToken) authenticationArgCaptor
 				.getValue();
 		OAuth2AuthorizationRequest authorizationRequest = authentication.getAuthorizationExchange()
 				.getAuthorizationRequest();
 		OAuth2AuthorizationResponse authorizationResponse = authentication.getAuthorizationExchange()
 				.getAuthorizationResponse();
-
 		String expectedRedirectUri = "http://localhost/login/oauth2/code/registration-id-2";
 		assertThat(authorizationRequest.getRedirectUri()).isEqualTo(expectedRedirectUri);
 		assertThat(authorizationResponse.getRedirectUri()).isEqualTo(expectedRedirectUri);
@@ -375,25 +341,19 @@ public class OAuth2LoginAuthenticationFilterTests {
 		request.setServletPath(requestUri);
 		request.addParameter(OAuth2ParameterNames.CODE, "code");
 		request.addParameter(OAuth2ParameterNames.STATE, "state");
-
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		FilterChain filterChain = mock(FilterChain.class);
-
 		this.setUpAuthorizationRequest(request, response, this.registration2, state);
 		this.setUpAuthenticationResult(this.registration2);
-
 		this.filter.doFilter(request, response, filterChain);
-
 		ArgumentCaptor<Authentication> authenticationArgCaptor = ArgumentCaptor.forClass(Authentication.class);
 		verify(this.authenticationManager).authenticate(authenticationArgCaptor.capture());
-
 		OAuth2LoginAuthenticationToken authentication = (OAuth2LoginAuthenticationToken) authenticationArgCaptor
 				.getValue();
 		OAuth2AuthorizationRequest authorizationRequest = authentication.getAuthorizationExchange()
 				.getAuthorizationRequest();
 		OAuth2AuthorizationResponse authorizationResponse = authentication.getAuthorizationExchange()
 				.getAuthorizationResponse();
-
 		String expectedRedirectUri = "https://example.com/login/oauth2/code/registration-id-2";
 		assertThat(authorizationRequest.getRedirectUri()).isEqualTo(expectedRedirectUri);
 		assertThat(authorizationResponse.getRedirectUri()).isEqualTo(expectedRedirectUri);
@@ -412,25 +372,19 @@ public class OAuth2LoginAuthenticationFilterTests {
 		request.setServletPath(requestUri);
 		request.addParameter(OAuth2ParameterNames.CODE, "code");
 		request.addParameter(OAuth2ParameterNames.STATE, "state");
-
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		FilterChain filterChain = mock(FilterChain.class);
-
 		this.setUpAuthorizationRequest(request, response, this.registration2, state);
 		this.setUpAuthenticationResult(this.registration2);
-
 		this.filter.doFilter(request, response, filterChain);
-
 		ArgumentCaptor<Authentication> authenticationArgCaptor = ArgumentCaptor.forClass(Authentication.class);
 		verify(this.authenticationManager).authenticate(authenticationArgCaptor.capture());
-
 		OAuth2LoginAuthenticationToken authentication = (OAuth2LoginAuthenticationToken) authenticationArgCaptor
 				.getValue();
 		OAuth2AuthorizationRequest authorizationRequest = authentication.getAuthorizationExchange()
 				.getAuthorizationRequest();
 		OAuth2AuthorizationResponse authorizationResponse = authentication.getAuthorizationExchange()
 				.getAuthorizationResponse();
-
 		String expectedRedirectUri = "https://example.com:9090/login/oauth2/code/registration-id-2";
 		assertThat(authorizationRequest.getRedirectUri()).isEqualTo(expectedRedirectUri);
 		assertThat(authorizationResponse.getRedirectUri()).isEqualTo(expectedRedirectUri);
@@ -445,17 +399,12 @@ public class OAuth2LoginAuthenticationFilterTests {
 		request.setServletPath(requestUri);
 		request.addParameter(OAuth2ParameterNames.CODE, "code");
 		request.addParameter(OAuth2ParameterNames.STATE, state);
-
 		WebAuthenticationDetails webAuthenticationDetails = mock(WebAuthenticationDetails.class);
 		given(this.authenticationDetailsSource.buildDetails(any())).willReturn(webAuthenticationDetails);
-
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		this.setUpAuthorizationRequest(request, response, this.registration2, state);
 		this.setUpAuthenticationResult(this.registration2);
-
 		Authentication result = this.filter.attemptAuthentication(request, response);
-
 		assertThat(result.getDetails()).isEqualTo(webAuthenticationDetails);
 	}
 
@@ -473,12 +422,10 @@ public class OAuth2LoginAuthenticationFilterTests {
 	private String expandRedirectUri(HttpServletRequest request, ClientRegistration clientRegistration) {
 		String baseUrl = UriComponentsBuilder.fromHttpUrl(UrlUtils.buildFullRequestUrl(request)).replaceQuery(null)
 				.replacePath(request.getContextPath()).build().toUriString();
-
 		Map<String, String> uriVariables = new HashMap<>();
 		uriVariables.put("baseUrl", baseUrl);
 		uriVariables.put("action", "login");
 		uriVariables.put("registrationId", clientRegistration.getRegistrationId());
-
 		return UriComponentsBuilder.fromUriString(clientRegistration.getRedirectUri()).buildAndExpand(uriVariables)
 				.toUriString();
 	}
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolverTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolverTests.java
index 04b820fe0c..73cb3d8cff 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolverTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolverTests.java
@@ -108,7 +108,6 @@ public class OAuth2AuthorizedClientArgumentResolverTests {
 		SecurityContext securityContext = SecurityContextHolder.createEmptyContext();
 		securityContext.setAuthentication(this.authentication);
 		SecurityContextHolder.setContext(securityContext);
-
 		this.registration1 = ClientRegistration.withRegistrationId("client1").clientId("client-1")
 				.clientSecret("secret").clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
 				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
@@ -268,24 +267,19 @@ public class OAuth2AuthorizedClientArgumentResolverTests {
 				this.clientRegistrationRepository, this.authorizedClientRepository);
 		authorizedClientManager.setAuthorizedClientProvider(clientCredentialsAuthorizedClientProvider);
 		this.argumentResolver = new OAuth2AuthorizedClientArgumentResolver(authorizedClientManager);
-
 		OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("access-token-1234")
 				.tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(3600).build();
 		given(clientCredentialsTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse);
-
 		given(this.authorizedClientRepository.loadAuthorizedClient(anyString(), any(), any(HttpServletRequest.class)))
 				.willReturn(null);
 		MethodParameter methodParameter = this.getMethodParameter("clientCredentialsClient",
 				OAuth2AuthorizedClient.class);
-
 		OAuth2AuthorizedClient authorizedClient = (OAuth2AuthorizedClient) this.argumentResolver
 				.resolveArgument(methodParameter, null, new ServletWebRequest(this.request, this.response), null);
-
 		assertThat(authorizedClient).isNotNull();
 		assertThat(authorizedClient.getClientRegistration()).isSameAs(this.registration2);
 		assertThat(authorizedClient.getPrincipalName()).isEqualTo(this.principalName);
 		assertThat(authorizedClient.getAccessToken()).isSameAs(accessTokenResponse.getAccessToken());
-
 		verify(this.authorizedClientRepository).saveAuthorizedClient(eq(authorizedClient), eq(this.authentication),
 				any(HttpServletRequest.class), any(HttpServletResponse.class));
 	}
@@ -301,7 +295,6 @@ public class OAuth2AuthorizedClientArgumentResolverTests {
 		DefaultOAuth2AuthorizedClientManager authorizedClientManager = new DefaultOAuth2AuthorizedClientManager(
 				this.clientRegistrationRepository, this.authorizedClientRepository);
 		authorizedClientManager.setAuthorizedClientProvider(passwordAuthorizedClientProvider);
-
 		// Set custom contextAttributesMapper
 		authorizedClientManager.setContextAttributesMapper((authorizeRequest) -> {
 			Map<String, Object> contextAttributes = new HashMap<>();
@@ -314,28 +307,21 @@ public class OAuth2AuthorizedClientArgumentResolverTests {
 			}
 			return contextAttributes;
 		});
-
 		this.argumentResolver = new OAuth2AuthorizedClientArgumentResolver(authorizedClientManager);
-
 		OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("access-token-1234")
 				.tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(3600).build();
 		given(passwordTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse);
-
 		given(this.authorizedClientRepository.loadAuthorizedClient(anyString(), any(), any(HttpServletRequest.class)))
 				.willReturn(null);
 		MethodParameter methodParameter = this.getMethodParameter("passwordClient", OAuth2AuthorizedClient.class);
-
 		this.request.setParameter(OAuth2ParameterNames.USERNAME, "username");
 		this.request.setParameter(OAuth2ParameterNames.PASSWORD, "password");
-
 		OAuth2AuthorizedClient authorizedClient = (OAuth2AuthorizedClient) this.argumentResolver
 				.resolveArgument(methodParameter, null, new ServletWebRequest(this.request, this.response), null);
-
 		assertThat(authorizedClient).isNotNull();
 		assertThat(authorizedClient.getClientRegistration()).isSameAs(this.registration3);
 		assertThat(authorizedClient.getPrincipalName()).isEqualTo(this.principalName);
 		assertThat(authorizedClient.getAccessToken()).isSameAs(accessTokenResponse.getAccessToken());
-
 		verify(this.authorizedClientRepository).saveAuthorizedClient(eq(authorizedClient), eq(this.authentication),
 				any(HttpServletRequest.class), any(HttpServletResponse.class));
 	}
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionITests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionITests.java
index 041a5283d9..4d80f56666 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionITests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionITests.java
@@ -92,7 +92,6 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionITests {
 		final ServerOAuth2AuthorizedClientRepository delegate = new AuthenticatedPrincipalServerOAuth2AuthorizedClientRepository(
 				new InMemoryReactiveOAuth2AuthorizedClientService(this.clientRegistrationRepository));
 		this.authorizedClientRepository = spy(new ServerOAuth2AuthorizedClientRepository() {
-
 			@Override
 			public <T extends OAuth2AuthorizedClient> Mono<T> loadAuthorizedClient(String clientRegistrationId,
 					Authentication principal, ServerWebExchange exchange) {
@@ -110,7 +109,6 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionITests {
 					ServerWebExchange exchange) {
 				return delegate.removeAuthorizedClient(clientRegistrationId, principal, exchange);
 			}
-
 		});
 		this.authorizedClientFilter = new ServerOAuth2AuthorizedClientExchangeFilterFunction(
 				this.clientRegistrationRepository, this.authorizedClientRepository);
@@ -135,21 +133,17 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionITests {
 		String clientResponse = "{\n" + "	\"attribute1\": \"value1\",\n" + "	\"attribute2\": \"value2\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(accessTokenResponse));
 		this.server.enqueue(jsonResponse(clientResponse));
-
 		ClientRegistration clientRegistration = TestClientRegistrations.clientCredentials().tokenUri(this.serverUrl)
 				.build();
 		given(this.clientRegistrationRepository.findByRegistrationId(eq(clientRegistration.getRegistrationId())))
 				.willReturn(Mono.just(clientRegistration));
-
 		this.webClient.get().uri(this.serverUrl)
 				.attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction
 						.clientRegistrationId(clientRegistration.getRegistrationId()))
 				.retrieve().bodyToMono(String.class)
 				.subscriberContext(Context.of(ServerWebExchange.class, this.exchange))
 				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication)).block();
-
 		assertThat(this.server.getRequestCount()).isEqualTo(2);
-
 		ArgumentCaptor<OAuth2AuthorizedClient> authorizedClientCaptor = ArgumentCaptor
 				.forClass(OAuth2AuthorizedClient.class);
 		verify(this.authorizedClientRepository).saveAuthorizedClient(authorizedClientCaptor.capture(),
@@ -162,15 +156,12 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionITests {
 		String accessTokenResponse = "{\n" + "	\"access_token\": \"refreshed-access-token\",\n"
 				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\"\n" + "}\n";
 		String clientResponse = "{\n" + "	\"attribute1\": \"value1\",\n" + "	\"attribute2\": \"value2\"\n" + "}\n";
-
 		this.server.enqueue(jsonResponse(accessTokenResponse));
 		this.server.enqueue(jsonResponse(clientResponse));
-
 		ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().tokenUri(this.serverUrl)
 				.build();
 		given(this.clientRegistrationRepository.findByRegistrationId(eq(clientRegistration.getRegistrationId())))
 				.willReturn(Mono.just(clientRegistration));
-
 		Instant issuedAt = Instant.now().minus(Duration.ofDays(1));
 		Instant expiresAt = issuedAt.plus(Duration.ofHours(1));
 		OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,
@@ -180,16 +171,13 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionITests {
 				this.authentication.getName(), accessToken, refreshToken);
 		doReturn(Mono.just(authorizedClient)).when(this.authorizedClientRepository).loadAuthorizedClient(
 				eq(clientRegistration.getRegistrationId()), eq(this.authentication), eq(this.exchange));
-
 		this.webClient.get().uri(this.serverUrl)
 				.attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction
 						.clientRegistrationId(clientRegistration.getRegistrationId()))
 				.retrieve().bodyToMono(String.class)
 				.subscriberContext(Context.of(ServerWebExchange.class, this.exchange))
 				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication)).block();
-
 		assertThat(this.server.getRequestCount()).isEqualTo(2);
-
 		ArgumentCaptor<OAuth2AuthorizedClient> authorizedClientCaptor = ArgumentCaptor
 				.forClass(OAuth2AuthorizedClient.class);
 		verify(this.authorizedClientRepository).saveAuthorizedClient(authorizedClientCaptor.capture(),
@@ -205,25 +193,20 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionITests {
 				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\",\n"
 				+ "   \"scope\": \"read write\"\n" + "}\n";
 		String clientResponse = "{\n" + "	\"attribute1\": \"value1\",\n" + "	\"attribute2\": \"value2\"\n" + "}\n";
-
 		// Client 1
 		this.server.enqueue(jsonResponse(accessTokenResponse));
 		this.server.enqueue(jsonResponse(clientResponse));
-
 		ClientRegistration clientRegistration1 = TestClientRegistrations.clientCredentials().registrationId("client-1")
 				.tokenUri(this.serverUrl).build();
 		given(this.clientRegistrationRepository.findByRegistrationId(eq(clientRegistration1.getRegistrationId())))
 				.willReturn(Mono.just(clientRegistration1));
-
 		// Client 2
 		this.server.enqueue(jsonResponse(accessTokenResponse));
 		this.server.enqueue(jsonResponse(clientResponse));
-
 		ClientRegistration clientRegistration2 = TestClientRegistrations.clientCredentials().registrationId("client-2")
 				.tokenUri(this.serverUrl).build();
 		given(this.clientRegistrationRepository.findByRegistrationId(eq(clientRegistration2.getRegistrationId())))
 				.willReturn(Mono.just(clientRegistration2));
-
 		this.webClient.get().uri(this.serverUrl)
 				.attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction
 						.clientRegistrationId(clientRegistration1.getRegistrationId()))
@@ -234,9 +217,7 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionITests {
 						.retrieve().bodyToMono(String.class))
 				.subscriberContext(Context.of(ServerWebExchange.class, this.exchange))
 				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication)).block();
-
 		assertThat(this.server.getRequestCount()).isEqualTo(4);
-
 		ArgumentCaptor<OAuth2AuthorizedClient> authorizedClientCaptor = ArgumentCaptor
 				.forClass(OAuth2AuthorizedClient.class);
 		verify(this.authorizedClientRepository, times(2)).saveAuthorizedClient(authorizedClientCaptor.capture(),
@@ -258,12 +239,10 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionITests {
 		this.server.enqueue(new MockResponse().setResponseCode(HttpStatus.UNAUTHORIZED.value()));
 		this.server.enqueue(jsonResponse(accessTokenResponse));
 		this.server.enqueue(jsonResponse(clientResponse));
-
 		ClientRegistration clientRegistration = TestClientRegistrations.clientCredentials().tokenUri(this.serverUrl)
 				.build();
 		given(this.clientRegistrationRepository.findByRegistrationId(eq(clientRegistration.getRegistrationId())))
 				.willReturn(Mono.just(clientRegistration));
-
 		OAuth2AccessToken accessToken = TestOAuth2AccessTokens.scopes("read", "write");
 		OAuth2RefreshToken refreshToken = TestOAuth2RefreshTokens.refreshToken();
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(clientRegistration,
@@ -271,29 +250,22 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionITests {
 		doReturn(Mono.just(authorizedClient)).doReturn(Mono.empty()).when(this.authorizedClientRepository)
 				.loadAuthorizedClient(eq(clientRegistration.getRegistrationId()), eq(this.authentication),
 						eq(this.exchange));
-
 		Mono<String> requestMono = this.webClient.get().uri(this.serverUrl)
 				.attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction
 						.clientRegistrationId(clientRegistration.getRegistrationId()))
 				.retrieve().bodyToMono(String.class)
 				.subscriberContext(Context.of(ServerWebExchange.class, this.exchange))
 				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication));
-
 		// first try should fail, and remove the cached authorized client
 		assertThatCode(requestMono::block).isInstanceOfSatisfying(WebClientResponseException.class,
 				(e) -> assertThat(e.getStatusCode()).isEqualTo(HttpStatus.UNAUTHORIZED));
-
 		assertThat(this.server.getRequestCount()).isEqualTo(1);
-
 		verify(this.authorizedClientRepository, never()).saveAuthorizedClient(any(), any(), any());
 		verify(this.authorizedClientRepository).removeAuthorizedClient(eq(clientRegistration.getRegistrationId()),
 				eq(this.authentication), eq(this.exchange));
-
 		// second try should retrieve the authorized client and succeed
 		requestMono.block();
-
 		assertThat(this.server.getRequestCount()).isEqualTo(3);
-
 		ArgumentCaptor<OAuth2AuthorizedClient> authorizedClientCaptor = ArgumentCaptor
 				.forClass(OAuth2AuthorizedClient.class);
 		verify(this.authorizedClientRepository).saveAuthorizedClient(authorizedClientCaptor.capture(),
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionTests.java
index 3896a725ed..4f1905c770 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionTests.java
@@ -209,9 +209,7 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 	@Test
 	public void filterWhenAuthorizedClientNullThenAuthorizationHeaderNull() {
 		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")).build();
-
 		this.function.filter(request, this.exchange).block();
-
 		assertThat(this.exchange.getRequest().headers().getFirst(HttpHeaders.AUTHORIZATION)).isNull();
 	}
 
@@ -222,9 +220,7 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com"))
 				.attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient))
 				.build();
-
 		this.function.filter(request, this.exchange).subscriberContext(serverWebExchange()).block();
-
 		assertThat(this.exchange.getRequest().headers().getFirst(HttpHeaders.AUTHORIZATION))
 				.isEqualTo("Bearer " + this.accessToken.getTokenValue());
 	}
@@ -237,9 +233,7 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 				.header(HttpHeaders.AUTHORIZATION, "Existing")
 				.attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient))
 				.build();
-
 		this.function.filter(request, this.exchange).subscriberContext(serverWebExchange()).block();
-
 		HttpHeaders headers = this.exchange.getRequest().headers();
 		assertThat(headers.get(HttpHeaders.AUTHORIZATION)).containsOnly("Bearer " + this.accessToken.getTokenValue());
 	}
@@ -250,7 +244,6 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 				.tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(360).build();
 		given(this.clientCredentialsTokenResponseClient.getTokenResponse(any()))
 				.willReturn(Mono.just(accessTokenResponse));
-
 		ClientRegistration registration = TestClientRegistrations.clientCredentials().build();
 		Instant issuedAt = Instant.now().minus(Duration.ofDays(1));
 		Instant accessTokenExpiresAt = issuedAt.plus(Duration.ofHours(1));
@@ -258,20 +251,15 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 				this.accessToken.getTokenValue(), issuedAt, accessTokenExpiresAt);
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(registration, "principalName", accessToken,
 				null);
-
 		TestingAuthenticationToken authentication = new TestingAuthenticationToken("test", "this");
-
 		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com"))
 				.attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient))
 				.build();
-
 		this.function.filter(request, this.exchange)
 				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication))
 				.subscriberContext(serverWebExchange()).block();
-
 		verify(this.clientCredentialsTokenResponseClient).getTokenResponse(any());
 		verify(this.authorizedClientRepository).saveAuthorizedClient(any(), eq(authentication), any());
-
 		List<ClientRequest> requests = this.exchange.getRequests();
 		assertThat(requests).hasSize(1);
 		ClientRequest request1 = requests.get(0);
@@ -285,19 +273,15 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 	public void filterWhenClientCredentialsTokenNotExpiredThenUseCurrentToken() {
 		TestingAuthenticationToken authentication = new TestingAuthenticationToken("test", "this");
 		ClientRegistration registration = TestClientRegistrations.clientCredentials().build();
-
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(registration, "principalName",
 				this.accessToken, null);
 		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com"))
 				.attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient))
 				.build();
-
 		this.function.filter(request, this.exchange)
 				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication))
 				.subscriberContext(serverWebExchange()).block();
-
 		verify(this.clientCredentialsTokenResponseClient, never()).getTokenResponse(any());
-
 		List<ClientRequest> requests = this.exchange.getRequests();
 		assertThat(requests).hasSize(1);
 		ClientRequest request1 = requests.get(0);
@@ -312,7 +296,6 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		OAuth2AccessTokenResponse response = OAuth2AccessTokenResponse.withToken("token-1")
 				.tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(3600).refreshToken("refresh-1").build();
 		given(this.refreshTokenTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(response));
-
 		Instant issuedAt = Instant.now().minus(Duration.ofDays(1));
 		Instant accessTokenExpiresAt = issuedAt.plus(Duration.ofHours(1));
 		this.accessToken = new OAuth2AccessToken(this.accessToken.getTokenType(), this.accessToken.getTokenValue(),
@@ -320,27 +303,21 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", issuedAt);
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
 				this.accessToken, refreshToken);
-
 		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com"))
 				.attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient))
 				.build();
-
 		TestingAuthenticationToken authentication = new TestingAuthenticationToken("test", "this");
 		this.function.filter(request, this.exchange)
 				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication))
 				.subscriberContext(serverWebExchange()).block();
-
 		verify(this.refreshTokenTokenResponseClient).getTokenResponse(any());
 		verify(this.authorizedClientRepository).saveAuthorizedClient(this.authorizedClientCaptor.capture(),
 				eq(authentication), any());
-
 		OAuth2AuthorizedClient newAuthorizedClient = this.authorizedClientCaptor.getValue();
 		assertThat(newAuthorizedClient.getAccessToken()).isEqualTo(response.getAccessToken());
 		assertThat(newAuthorizedClient.getRefreshToken()).isEqualTo(response.getRefreshToken());
-
 		List<ClientRequest> requests = this.exchange.getRequests();
 		assertThat(requests).hasSize(1);
-
 		ClientRequest request0 = requests.get(0);
 		assertThat(request0.headers().getFirst(HttpHeaders.AUTHORIZATION)).isEqualTo("Bearer token-1");
 		assertThat(request0.url().toASCIIString()).isEqualTo("https://example.com");
@@ -354,26 +331,20 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 				.tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(3600).refreshToken("refresh-1").build();
 		given(this.refreshTokenTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(response));
 		Instant issuedAt = Instant.now().minus(Duration.ofDays(1));
-
 		Instant accessTokenExpiresAt = issuedAt.plus(Duration.ofHours(1));
 		this.accessToken = new OAuth2AccessToken(this.accessToken.getTokenType(), this.accessToken.getTokenValue(),
 				issuedAt, accessTokenExpiresAt);
-
 		OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", issuedAt);
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
 				this.accessToken, refreshToken);
 		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com"))
 				.attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient))
 				.build();
-
 		this.function.filter(request, this.exchange).subscriberContext(serverWebExchange()).block();
-
 		verify(this.refreshTokenTokenResponseClient).getTokenResponse(any());
 		verify(this.authorizedClientRepository).saveAuthorizedClient(any(), any(), any());
-
 		List<ClientRequest> requests = this.exchange.getRequests();
 		assertThat(requests).hasSize(1);
-
 		ClientRequest request0 = requests.get(0);
 		assertThat(request0.headers().getFirst(HttpHeaders.AUTHORIZATION)).isEqualTo("Bearer token-1");
 		assertThat(request0.url().toASCIIString()).isEqualTo("https://example.com");
@@ -388,12 +359,9 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com"))
 				.attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient))
 				.build();
-
 		this.function.filter(request, this.exchange).subscriberContext(serverWebExchange()).block();
-
 		List<ClientRequest> requests = this.exchange.getRequests();
 		assertThat(requests).hasSize(1);
-
 		ClientRequest request0 = requests.get(0);
 		assertThat(request0.headers().getFirst(HttpHeaders.AUTHORIZATION)).isEqualTo("Bearer token-0");
 		assertThat(request0.url().toASCIIString()).isEqualTo("https://example.com");
@@ -409,12 +377,9 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com"))
 				.attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient))
 				.build();
-
 		this.function.filter(request, this.exchange).subscriberContext(serverWebExchange()).block();
-
 		List<ClientRequest> requests = this.exchange.getRequests();
 		assertThat(requests).hasSize(1);
-
 		ClientRequest request0 = requests.get(0);
 		assertThat(request0.headers().getFirst(HttpHeaders.AUTHORIZATION)).isEqualTo("Bearer token-0");
 		assertThat(request0.url().toASCIIString()).isEqualTo("https://example.com");
@@ -425,27 +390,20 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 	@Test
 	public void filterWhenUnauthorizedThenInvokeFailureHandler() {
 		this.function.setAuthorizationFailureHandler(this.authorizationFailureHandler);
-
 		PublisherProbe<Void> publisherProbe = PublisherProbe.empty();
 		given(this.authorizationFailureHandler.onAuthorizationFailure(any(), any(), any()))
 				.willReturn(publisherProbe.mono());
-
 		OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", this.accessToken.getIssuedAt());
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
 				this.accessToken, refreshToken);
 		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com"))
 				.attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient))
 				.build();
-
 		given(this.exchange.getResponse().rawStatusCode()).willReturn(HttpStatus.UNAUTHORIZED.value());
-
 		this.function.filter(request, this.exchange).subscriberContext(serverWebExchange()).block();
-
 		assertThat(publisherProbe.wasSubscribed()).isTrue();
-
 		verify(this.authorizationFailureHandler).onAuthorizationFailure(this.authorizationExceptionCaptor.capture(),
 				this.authenticationCaptor.capture(), this.attributesCaptor.capture());
-
 		assertThat(this.authorizationExceptionCaptor.getValue())
 				.isInstanceOfSatisfying(ClientAuthorizationException.class, (e) -> {
 					assertThat(e.getClientRegistrationId()).isEqualTo(this.registration.getRegistrationId());
@@ -461,31 +419,23 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 	@Test
 	public void filterWhenUnauthorizedWithWebClientExceptionThenInvokeFailureHandler() {
 		this.function.setAuthorizationFailureHandler(this.authorizationFailureHandler);
-
 		PublisherProbe<Void> publisherProbe = PublisherProbe.empty();
 		given(this.authorizationFailureHandler.onAuthorizationFailure(any(), any(), any()))
 				.willReturn(publisherProbe.mono());
-
 		OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", this.accessToken.getIssuedAt());
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
 				this.accessToken, refreshToken);
 		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com"))
 				.attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient))
 				.build();
-
 		WebClientResponseException exception = WebClientResponseException.create(HttpStatus.UNAUTHORIZED.value(),
 				HttpStatus.UNAUTHORIZED.getReasonPhrase(), HttpHeaders.EMPTY, new byte[0], StandardCharsets.UTF_8);
-
 		ExchangeFunction throwingExchangeFunction = (r) -> Mono.error(exception);
-
 		assertThatCode(() -> this.function.filter(request, throwingExchangeFunction)
 				.subscriberContext(serverWebExchange()).block()).isEqualTo(exception);
-
 		assertThat(publisherProbe.wasSubscribed()).isTrue();
-
 		verify(this.authorizationFailureHandler).onAuthorizationFailure(this.authorizationExceptionCaptor.capture(),
 				this.authenticationCaptor.capture(), this.attributesCaptor.capture());
-
 		assertThat(this.authorizationExceptionCaptor.getValue())
 				.isInstanceOfSatisfying(ClientAuthorizationException.class, (e) -> {
 					assertThat(e.getClientRegistrationId()).isEqualTo(this.registration.getRegistrationId());
@@ -501,27 +451,20 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 	@Test
 	public void filterWhenForbiddenThenInvokeFailureHandler() {
 		this.function.setAuthorizationFailureHandler(this.authorizationFailureHandler);
-
 		PublisherProbe<Void> publisherProbe = PublisherProbe.empty();
 		given(this.authorizationFailureHandler.onAuthorizationFailure(any(), any(), any()))
 				.willReturn(publisherProbe.mono());
-
 		OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", this.accessToken.getIssuedAt());
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
 				this.accessToken, refreshToken);
 		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com"))
 				.attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient))
 				.build();
-
 		given(this.exchange.getResponse().rawStatusCode()).willReturn(HttpStatus.FORBIDDEN.value());
-
 		this.function.filter(request, this.exchange).subscriberContext(serverWebExchange()).block();
-
 		assertThat(publisherProbe.wasSubscribed()).isTrue();
-
 		verify(this.authorizationFailureHandler).onAuthorizationFailure(this.authorizationExceptionCaptor.capture(),
 				this.authenticationCaptor.capture(), this.attributesCaptor.capture());
-
 		assertThat(this.authorizationExceptionCaptor.getValue())
 				.isInstanceOfSatisfying(ClientAuthorizationException.class, (e) -> {
 					assertThat(e.getClientRegistrationId()).isEqualTo(this.registration.getRegistrationId());
@@ -537,31 +480,23 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 	@Test
 	public void filterWhenForbiddenWithWebClientExceptionThenInvokeFailureHandler() {
 		this.function.setAuthorizationFailureHandler(this.authorizationFailureHandler);
-
 		PublisherProbe<Void> publisherProbe = PublisherProbe.empty();
 		given(this.authorizationFailureHandler.onAuthorizationFailure(any(), any(), any()))
 				.willReturn(publisherProbe.mono());
-
 		OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", this.accessToken.getIssuedAt());
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
 				this.accessToken, refreshToken);
 		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com"))
 				.attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient))
 				.build();
-
 		WebClientResponseException exception = WebClientResponseException.create(HttpStatus.FORBIDDEN.value(),
 				HttpStatus.FORBIDDEN.getReasonPhrase(), HttpHeaders.EMPTY, new byte[0], StandardCharsets.UTF_8);
-
 		ExchangeFunction throwingExchangeFunction = (r) -> Mono.error(exception);
-
 		assertThatCode(() -> this.function.filter(request, throwingExchangeFunction)
 				.subscriberContext(serverWebExchange()).block()).isEqualTo(exception);
-
 		assertThat(publisherProbe.wasSubscribed()).isTrue();
-
 		verify(this.authorizationFailureHandler).onAuthorizationFailure(this.authorizationExceptionCaptor.capture(),
 				this.authenticationCaptor.capture(), this.attributesCaptor.capture());
-
 		assertThat(this.authorizationExceptionCaptor.getValue())
 				.isInstanceOfSatisfying(ClientAuthorizationException.class, (e) -> {
 					assertThat(e.getClientRegistrationId()).isEqualTo(this.registration.getRegistrationId());
@@ -577,18 +512,15 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 	@Test
 	public void filterWhenWWWAuthenticateHeaderIncludesErrorThenInvokeFailureHandler() {
 		this.function.setAuthorizationFailureHandler(this.authorizationFailureHandler);
-
 		PublisherProbe<Void> publisherProbe = PublisherProbe.empty();
 		given(this.authorizationFailureHandler.onAuthorizationFailure(any(), any(), any()))
 				.willReturn(publisherProbe.mono());
-
 		OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", this.accessToken.getIssuedAt());
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
 				this.accessToken, refreshToken);
 		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com"))
 				.attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient))
 				.build();
-
 		String wwwAuthenticateHeader = "Bearer error=\"insufficient_scope\", "
 				+ "error_description=\"The request requires higher privileges than provided by the access token.\", "
 				+ "error_uri=\"https://tools.ietf.org/html/rfc6750#section-3.1\"";
@@ -596,14 +528,10 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		given(headers.header(eq(HttpHeaders.WWW_AUTHENTICATE)))
 				.willReturn(Collections.singletonList(wwwAuthenticateHeader));
 		given(this.exchange.getResponse().headers()).willReturn(headers);
-
 		this.function.filter(request, this.exchange).subscriberContext(serverWebExchange()).block();
-
 		assertThat(publisherProbe.wasSubscribed()).isTrue();
-
 		verify(this.authorizationFailureHandler).onAuthorizationFailure(this.authorizationExceptionCaptor.capture(),
 				this.authenticationCaptor.capture(), this.attributesCaptor.capture());
-
 		assertThat(this.authorizationExceptionCaptor.getValue())
 				.isInstanceOfSatisfying(ClientAuthorizationException.class, (e) -> {
 					assertThat(e.getClientRegistrationId()).isEqualTo(this.registration.getRegistrationId());
@@ -622,31 +550,23 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 	@Test
 	public void filterWhenAuthorizationExceptionThenInvokeFailureHandler() {
 		this.function.setAuthorizationFailureHandler(this.authorizationFailureHandler);
-
 		PublisherProbe<Void> publisherProbe = PublisherProbe.empty();
 		given(this.authorizationFailureHandler.onAuthorizationFailure(any(), any(), any()))
 				.willReturn(publisherProbe.mono());
-
 		OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", this.accessToken.getIssuedAt());
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
 				this.accessToken, refreshToken);
 		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com"))
 				.attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient))
 				.build();
-
 		OAuth2AuthorizationException exception = new OAuth2AuthorizationException(
 				new OAuth2Error(OAuth2ErrorCodes.INVALID_TOKEN, null, null));
-
 		ExchangeFunction throwingExchangeFunction = (r) -> Mono.error(exception);
-
 		assertThatCode(() -> this.function.filter(request, throwingExchangeFunction)
 				.subscriberContext(serverWebExchange()).block()).isEqualTo(exception);
-
 		assertThat(publisherProbe.wasSubscribed()).isTrue();
-
 		verify(this.authorizationFailureHandler).onAuthorizationFailure(this.authorizationExceptionCaptor.capture(),
 				this.authenticationCaptor.capture(), this.attributesCaptor.capture());
-
 		assertThat(this.authorizationExceptionCaptor.getValue()).isSameAs(exception);
 		assertThat(this.authenticationCaptor.getValue()).isInstanceOf(AnonymousAuthenticationToken.class);
 		assertThat(this.attributesCaptor.getValue())
@@ -656,18 +576,14 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 	@Test
 	public void filterWhenOtherHttpStatusShouldNotInvokeFailureHandler() {
 		this.function.setAuthorizationFailureHandler(this.authorizationFailureHandler);
-
 		OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", this.accessToken.getIssuedAt());
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
 				this.accessToken, refreshToken);
 		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com"))
 				.attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient))
 				.build();
-
 		given(this.exchange.getResponse().rawStatusCode()).willReturn(HttpStatus.BAD_REQUEST.value());
-
 		this.function.filter(request, this.exchange).subscriberContext(serverWebExchange()).block();
-
 		verify(this.authorizationFailureHandler, never()).onAuthorizationFailure(any(), any(), any());
 	}
 
@@ -675,16 +591,13 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 	public void filterWhenPasswordClientNotAuthorizedThenGetNewToken() {
 		TestingAuthenticationToken authentication = new TestingAuthenticationToken("test", "this");
 		ClientRegistration registration = TestClientRegistrations.password().build();
-
 		OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("new-token")
 				.tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(360).build();
 		given(this.passwordTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse));
-
 		given(this.clientRegistrationRepository.findByRegistrationId(eq(registration.getRegistrationId())))
 				.willReturn(Mono.just(registration));
 		given(this.authorizedClientRepository.loadAuthorizedClient(eq(registration.getRegistrationId()),
 				eq(authentication), any())).willReturn(Mono.empty());
-
 		// Set custom contextAttributesMapper capable of mapping the form parameters
 		this.authorizedClientManager.setContextAttributesMapper((authorizeRequest) -> {
 			ServerWebExchange serverWebExchange = authorizeRequest.getAttribute(ServerWebExchange.class.getName());
@@ -699,23 +612,18 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 				return contextAttributes;
 			});
 		});
-
 		this.serverWebExchange = MockServerWebExchange.builder(MockServerHttpRequest.post("/")
 				.contentType(MediaType.APPLICATION_FORM_URLENCODED).body("username=username&password=password"))
 				.build();
-
 		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com"))
 				.attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction
 						.clientRegistrationId(registration.getRegistrationId()))
 				.build();
-
 		this.function.filter(request, this.exchange)
 				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication))
 				.subscriberContext(serverWebExchange()).block();
-
 		verify(this.passwordTokenResponseClient).getTokenResponse(any());
 		verify(this.authorizedClientRepository).saveAuthorizedClient(any(), eq(authentication), any());
-
 		List<ClientRequest> requests = this.exchange.getRequests();
 		assertThat(requests).hasSize(1);
 		ClientRequest request1 = requests.get(0);
@@ -736,12 +644,9 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 				.attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction
 						.clientRegistrationId(this.registration.getRegistrationId()))
 				.build();
-
 		this.function.filter(request, this.exchange).subscriberContext(serverWebExchange()).block();
-
 		List<ClientRequest> requests = this.exchange.getRequests();
 		assertThat(requests).hasSize(1);
-
 		ClientRequest request0 = requests.get(0);
 		assertThat(request0.headers().getFirst(HttpHeaders.AUTHORIZATION)).isEqualTo("Bearer token-0");
 		assertThat(request0.url().toASCIIString()).isEqualTo("https://example.com");
@@ -758,12 +663,9 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		given(this.authorizedClientRepository.loadAuthorizedClient(any(), any(), any()))
 				.willReturn(Mono.just(authorizedClient));
 		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")).build();
-
 		this.function.filter(request, this.exchange).subscriberContext(serverWebExchange()).block();
-
 		List<ClientRequest> requests = this.exchange.getRequests();
 		assertThat(requests).hasSize(1);
-
 		ClientRequest request0 = requests.get(0);
 		assertThat(request0.headers().getFirst(HttpHeaders.AUTHORIZATION)).isEqualTo("Bearer token-0");
 		assertThat(request0.url().toASCIIString()).isEqualTo("https://example.com");
@@ -774,14 +676,12 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 	@Test
 	public void filterWhenClientRegistrationIdFromAuthenticationThenAuthorizedClientResolved() {
 		this.function.setDefaultOAuth2AuthorizedClient(true);
-
 		OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", this.accessToken.getIssuedAt());
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
 				this.accessToken, refreshToken);
 		given(this.authorizedClientRepository.loadAuthorizedClient(any(), any(), any()))
 				.willReturn(Mono.just(authorizedClient));
 		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")).build();
-
 		OAuth2User user = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("ROLE_USER"),
 				Collections.singletonMap("user", "rob"), "user");
 		OAuth2AuthenticationToken authentication = new OAuth2AuthenticationToken(user, user.getAuthorities(),
@@ -789,10 +689,8 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		this.function.filter(request, this.exchange)
 				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication))
 				.subscriberContext(serverWebExchange()).block();
-
 		List<ClientRequest> requests = this.exchange.getRequests();
 		assertThat(requests).hasSize(1);
-
 		ClientRequest request0 = requests.get(0);
 		assertThat(request0.headers().getFirst(HttpHeaders.AUTHORIZATION)).isEqualTo("Bearer token-0");
 		assertThat(request0.url().toASCIIString()).isEqualTo("https://example.com");
@@ -803,18 +701,14 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 	@Test
 	public void filterWhenDefaultOAuth2AuthorizedClientFalseThenEmpty() {
 		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")).build();
-
 		OAuth2User user = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("ROLE_USER"),
 				Collections.singletonMap("user", "rob"), "user");
 		OAuth2AuthenticationToken authentication = new OAuth2AuthenticationToken(user, user.getAuthorities(),
 				"client-id");
-
 		this.function.filter(request, this.exchange)
 				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication)).block();
-
 		List<ClientRequest> requests = this.exchange.getRequests();
 		assertThat(requests).hasSize(1);
-
 		verifyZeroInteractions(this.clientRegistrationRepository, this.authorizedClientRepository);
 	}
 
@@ -829,9 +723,7 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 				.attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction
 						.clientRegistrationId(this.registration.getRegistrationId()))
 				.build();
-
 		this.function.filter(request, this.exchange).subscriberContext(serverWebExchange()).block();
-
 		verify(this.authorizedClientRepository).loadAuthorizedClient(eq(this.registration.getRegistrationId()), any(),
 				eq(this.serverWebExchange));
 	}
@@ -846,27 +738,21 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		this.function = new ServerOAuth2AuthorizedClientExchangeFilterFunction(this.clientRegistrationRepository,
 				unauthenticatedAuthorizedClientRepository);
 		this.function.setClientCredentialsTokenResponseClient(this.clientCredentialsTokenResponseClient);
-
 		OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("new-token")
 				.tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(360).build();
 		given(this.clientCredentialsTokenResponseClient.getTokenResponse(any()))
 				.willReturn(Mono.just(accessTokenResponse));
-
 		ClientRegistration registration = TestClientRegistrations.clientCredentials().build();
 		given(this.clientRegistrationRepository.findByRegistrationId(eq(registration.getRegistrationId())))
 				.willReturn(Mono.just(registration));
-
 		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com"))
 				.attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction
 						.clientRegistrationId(registration.getRegistrationId()))
 				.build();
-
 		this.function.filter(request, this.exchange).block();
-
 		verify(unauthenticatedAuthorizedClientRepository).loadAuthorizedClient(any(), any(), any());
 		verify(this.clientCredentialsTokenResponseClient).getTokenResponse(any());
 		verify(unauthenticatedAuthorizedClientRepository).saveAuthorizedClient(any(), any(), any());
-
 		List<ClientRequest> requests = this.exchange.getRequests();
 		assertThat(requests).hasSize(1);
 		ClientRequest request1 = requests.get(0);
@@ -891,7 +777,6 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		messageWriters.add(new FormHttpMessageWriter());
 		messageWriters.add(new EncoderHttpMessageWriter<>(CharSequenceEncoder.allMimeTypes()));
 		messageWriters.add(new MultipartHttpMessageWriter(messageWriters));
-
 		BodyInserter.Context context = new BodyInserter.Context() {
 			@Override
 			public List<HttpMessageWriter<?>> messageWriters() {
@@ -908,7 +793,6 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 				return new HashMap<>();
 			}
 		};
-
 		MockClientHttpRequest body = new MockClientHttpRequest(HttpMethod.GET, "/");
 		request.body().insert(body, context).block();
 		return body.getBodyAsString().block();
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionITests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionITests.java
index 7bd2bab3ae..06d676acaa 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionITests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionITests.java
@@ -152,22 +152,17 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionITests {
 				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\",\n"
 				+ "   \"scope\": \"read write\"\n" + "}\n";
 		String clientResponse = "{\n" + "	\"attribute1\": \"value1\",\n" + "	\"attribute2\": \"value2\"\n" + "}\n";
-
 		this.server.enqueue(jsonResponse(accessTokenResponse));
 		this.server.enqueue(jsonResponse(clientResponse));
-
 		ClientRegistration clientRegistration = TestClientRegistrations.clientCredentials().tokenUri(this.serverUrl)
 				.build();
 		given(this.clientRegistrationRepository.findByRegistrationId(eq(clientRegistration.getRegistrationId())))
 				.willReturn(clientRegistration);
-
 		this.webClient.get().uri(this.serverUrl)
 				.attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction
 						.clientRegistrationId(clientRegistration.getRegistrationId()))
 				.retrieve().bodyToMono(String.class).block();
-
 		assertThat(this.server.getRequestCount()).isEqualTo(2);
-
 		ArgumentCaptor<OAuth2AuthorizedClient> authorizedClientCaptor = ArgumentCaptor
 				.forClass(OAuth2AuthorizedClient.class);
 		verify(this.authorizedClientRepository).saveAuthorizedClient(authorizedClientCaptor.capture(),
@@ -180,15 +175,12 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionITests {
 		String accessTokenResponse = "{\n" + "	\"access_token\": \"refreshed-access-token\",\n"
 				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\"\n" + "}\n";
 		String clientResponse = "{\n" + "	\"attribute1\": \"value1\",\n" + "	\"attribute2\": \"value2\"\n" + "}\n";
-
 		this.server.enqueue(jsonResponse(accessTokenResponse));
 		this.server.enqueue(jsonResponse(clientResponse));
-
 		ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().tokenUri(this.serverUrl)
 				.build();
 		given(this.clientRegistrationRepository.findByRegistrationId(eq(clientRegistration.getRegistrationId())))
 				.willReturn(clientRegistration);
-
 		Instant issuedAt = Instant.now().minus(Duration.ofDays(1));
 		Instant expiresAt = issuedAt.plus(Duration.ofHours(1));
 		OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,
@@ -198,14 +190,11 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionITests {
 				this.authentication.getName(), accessToken, refreshToken);
 		doReturn(authorizedClient).when(this.authorizedClientRepository).loadAuthorizedClient(
 				eq(clientRegistration.getRegistrationId()), eq(this.authentication), eq(this.request));
-
 		this.webClient.get().uri(this.serverUrl)
 				.attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction
 						.clientRegistrationId(clientRegistration.getRegistrationId()))
 				.retrieve().bodyToMono(String.class).block();
-
 		assertThat(this.server.getRequestCount()).isEqualTo(2);
-
 		ArgumentCaptor<OAuth2AuthorizedClient> authorizedClientCaptor = ArgumentCaptor
 				.forClass(OAuth2AuthorizedClient.class);
 		verify(this.authorizedClientRepository).saveAuthorizedClient(authorizedClientCaptor.capture(),
@@ -221,25 +210,20 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionITests {
 				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\",\n"
 				+ "   \"scope\": \"read write\"\n" + "}\n";
 		String clientResponse = "{\n" + "	\"attribute1\": \"value1\",\n" + "	\"attribute2\": \"value2\"\n" + "}\n";
-
 		// Client 1
 		this.server.enqueue(jsonResponse(accessTokenResponse));
 		this.server.enqueue(jsonResponse(clientResponse));
-
 		ClientRegistration clientRegistration1 = TestClientRegistrations.clientCredentials().registrationId("client-1")
 				.tokenUri(this.serverUrl).build();
 		given(this.clientRegistrationRepository.findByRegistrationId(eq(clientRegistration1.getRegistrationId())))
 				.willReturn(clientRegistration1);
-
 		// Client 2
 		this.server.enqueue(jsonResponse(accessTokenResponse));
 		this.server.enqueue(jsonResponse(clientResponse));
-
 		ClientRegistration clientRegistration2 = TestClientRegistrations.clientCredentials().registrationId("client-2")
 				.tokenUri(this.serverUrl).build();
 		given(this.clientRegistrationRepository.findByRegistrationId(eq(clientRegistration2.getRegistrationId())))
 				.willReturn(clientRegistration2);
-
 		this.webClient.get().uri(this.serverUrl)
 				.attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction
 						.clientRegistrationId(clientRegistration1.getRegistrationId()))
@@ -249,9 +233,7 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionITests {
 								.clientRegistrationId(clientRegistration2.getRegistrationId()))
 						.retrieve().bodyToMono(String.class))
 				.subscriberContext(context()).block();
-
 		assertThat(this.server.getRequestCount()).isEqualTo(4);
-
 		ArgumentCaptor<OAuth2AuthorizedClient> authorizedClientCaptor = ArgumentCaptor
 				.forClass(OAuth2AuthorizedClient.class);
 		verify(this.authorizedClientRepository, times(2)).saveAuthorizedClient(authorizedClientCaptor.capture(),
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionTests.java
index c486b01ec4..1cdd07b662 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionTests.java
@@ -265,18 +265,14 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 	private Map<String, Object> getDefaultRequestAttributes() {
 		this.function.defaultRequest().accept(this.spec);
 		verify(this.spec).attributes(this.attrs.capture());
-
 		this.attrs.getValue().accept(this.result);
-
 		return this.result;
 	}
 
 	@Test
 	public void filterWhenAuthorizedClientNullThenAuthorizationHeaderNull() {
 		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")).build();
-
 		this.function.filter(request, this.exchange).block();
-
 		assertThat(this.exchange.getRequest().headers().getFirst(HttpHeaders.AUTHORIZATION)).isNull();
 	}
 
@@ -284,7 +280,6 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 	public void filterWhenAuthorizedClientThenAuthorizationHeader() {
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
 				this.accessToken);
-
 		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com"))
 				.attributes(
 						ServletOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient))
@@ -293,9 +288,7 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 				.attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction
 						.httpServletResponse(new MockHttpServletResponse()))
 				.build();
-
 		this.function.filter(request, this.exchange).block();
-
 		assertThat(this.exchange.getRequest().headers().getFirst(HttpHeaders.AUTHORIZATION))
 				.isEqualTo("Bearer " + this.accessToken.getTokenValue());
 	}
@@ -304,7 +297,6 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 	public void filterWhenExistingAuthorizationThenSingleAuthorizationHeader() {
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
 				this.accessToken);
-
 		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com"))
 				.header(HttpHeaders.AUTHORIZATION, "Existing")
 				.attributes(
@@ -314,9 +306,7 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 				.attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction
 						.httpServletResponse(new MockHttpServletResponse()))
 				.build();
-
 		this.function.filter(request, this.exchange).block();
-
 		HttpHeaders headers = this.exchange.getRequest().headers();
 		assertThat(headers.get(HttpHeaders.AUTHORIZATION)).containsOnly("Bearer " + this.accessToken.getTokenValue());
 	}
@@ -326,7 +316,6 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		OAuth2AccessTokenResponse response = OAuth2AccessTokenResponse.withToken("token-1")
 				.tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(3600).refreshToken("refresh-1").build();
 		given(this.refreshTokenTokenResponseClient.getTokenResponse(any())).willReturn(response);
-
 		Instant issuedAt = Instant.now().minus(Duration.ofDays(1));
 		Instant accessTokenExpiresAt = issuedAt.plus(Duration.ofHours(1));
 		this.accessToken = new OAuth2AccessToken(this.accessToken.getTokenType(), this.accessToken.getTokenValue(),
@@ -334,7 +323,6 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", issuedAt);
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
 				this.accessToken, refreshToken);
-
 		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com"))
 				.attributes(
 						ServletOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient))
@@ -344,20 +332,15 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 				.attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction
 						.httpServletResponse(new MockHttpServletResponse()))
 				.build();
-
 		this.function.filter(request, this.exchange).block();
-
 		verify(this.refreshTokenTokenResponseClient).getTokenResponse(any());
 		verify(this.authorizedClientRepository).saveAuthorizedClient(this.authorizedClientCaptor.capture(),
 				eq(this.authentication), any(), any());
-
 		OAuth2AuthorizedClient newAuthorizedClient = this.authorizedClientCaptor.getValue();
 		assertThat(newAuthorizedClient.getAccessToken()).isEqualTo(response.getAccessToken());
 		assertThat(newAuthorizedClient.getRefreshToken()).isEqualTo(response.getRefreshToken());
-
 		List<ClientRequest> requests = this.exchange.getRequests();
 		assertThat(requests).hasSize(1);
-
 		ClientRequest request0 = requests.get(0);
 		assertThat(request0.headers().getFirst(HttpHeaders.AUTHORIZATION)).isEqualTo("Bearer token-1");
 		assertThat(request0.url().toASCIIString()).isEqualTo("https://example.com");
@@ -371,20 +354,17 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 				.tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(3600)
 				// .refreshToken(xxx) // No refreshToken in response
 				.build();
-
 		RestOperations refreshTokenClient = mock(RestOperations.class);
 		given(refreshTokenClient.exchange(any(RequestEntity.class), eq(OAuth2AccessTokenResponse.class)))
 				.willReturn(new ResponseEntity(response, HttpStatus.OK));
 		DefaultRefreshTokenTokenResponseClient refreshTokenTokenResponseClient = new DefaultRefreshTokenTokenResponseClient();
 		refreshTokenTokenResponseClient.setRestOperations(refreshTokenClient);
-
 		RefreshTokenOAuth2AuthorizedClientProvider authorizedClientProvider = new RefreshTokenOAuth2AuthorizedClientProvider();
 		authorizedClientProvider.setAccessTokenResponseClient(refreshTokenTokenResponseClient);
 		DefaultOAuth2AuthorizedClientManager authorizedClientManager = new DefaultOAuth2AuthorizedClientManager(
 				this.clientRegistrationRepository, this.authorizedClientRepository);
 		authorizedClientManager.setAuthorizedClientProvider(authorizedClientProvider);
 		this.function = new ServletOAuth2AuthorizedClientExchangeFilterFunction(authorizedClientManager);
-
 		Instant issuedAt = Instant.now().minus(Duration.ofDays(1));
 		Instant accessTokenExpiresAt = issuedAt.plus(Duration.ofHours(1));
 		this.accessToken = new OAuth2AccessToken(this.accessToken.getTokenType(), this.accessToken.getTokenValue(),
@@ -392,7 +372,6 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", issuedAt);
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
 				this.accessToken, refreshToken);
-
 		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com"))
 				.attributes(
 						ServletOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient))
@@ -402,20 +381,15 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 				.attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction
 						.httpServletResponse(new MockHttpServletResponse()))
 				.build();
-
 		this.function.filter(request, this.exchange).block();
-
 		verify(refreshTokenClient).exchange(any(RequestEntity.class), eq(OAuth2AccessTokenResponse.class));
 		verify(this.authorizedClientRepository).saveAuthorizedClient(this.authorizedClientCaptor.capture(),
 				eq(this.authentication), any(), any());
-
 		OAuth2AuthorizedClient newAuthorizedClient = this.authorizedClientCaptor.getValue();
 		assertThat(newAuthorizedClient.getAccessToken()).isEqualTo(response.getAccessToken());
 		assertThat(newAuthorizedClient.getRefreshToken().getTokenValue()).isEqualTo(refreshToken.getTokenValue());
-
 		List<ClientRequest> requests = this.exchange.getRequests();
 		assertThat(requests).hasSize(1);
-
 		ClientRequest request0 = requests.get(0);
 		assertThat(request0.headers().getFirst(HttpHeaders.AUTHORIZATION)).isEqualTo("Bearer token-1");
 		assertThat(request0.url().toASCIIString()).isEqualTo("https://example.com");
@@ -428,7 +402,6 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		this.registration = TestClientRegistrations.clientCredentials().build();
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
 				this.accessToken, null);
-
 		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com"))
 				.attributes(
 						ServletOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient))
@@ -438,17 +411,12 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 				.attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction
 						.httpServletResponse(new MockHttpServletResponse()))
 				.build();
-
 		this.function.filter(request, this.exchange).block();
-
 		verify(this.authorizedClientRepository, never()).saveAuthorizedClient(any(), eq(this.authentication), any(),
 				any());
-
 		verify(this.clientCredentialsTokenResponseClient, never()).getTokenResponse(any());
-
 		List<ClientRequest> requests = this.exchange.getRequests();
 		assertThat(requests).hasSize(1);
-
 		ClientRequest request1 = requests.get(0);
 		assertThat(request1.headers().getFirst(HttpHeaders.AUTHORIZATION)).isEqualTo("Bearer token-0");
 		assertThat(request1.url().toASCIIString()).isEqualTo("https://example.com");
@@ -459,18 +427,14 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 	@Test
 	public void filterWhenClientCredentialsTokenExpiredThenGetNewToken() {
 		this.registration = TestClientRegistrations.clientCredentials().build();
-
 		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build();
 		given(this.clientCredentialsTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse);
-
 		Instant issuedAt = Instant.now().minus(Duration.ofDays(1));
 		Instant accessTokenExpiresAt = issuedAt.plus(Duration.ofHours(1));
 		this.accessToken = new OAuth2AccessToken(this.accessToken.getTokenType(), this.accessToken.getTokenValue(),
 				issuedAt, accessTokenExpiresAt);
-
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
 				this.accessToken, null);
-
 		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com"))
 				.attributes(
 						ServletOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient))
@@ -480,16 +444,11 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 				.attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction
 						.httpServletResponse(new MockHttpServletResponse()))
 				.build();
-
 		this.function.filter(request, this.exchange).block();
-
 		verify(this.authorizedClientRepository).saveAuthorizedClient(any(), eq(this.authentication), any(), any());
-
 		verify(this.clientCredentialsTokenResponseClient).getTokenResponse(any());
-
 		List<ClientRequest> requests = this.exchange.getRequests();
 		assertThat(requests).hasSize(1);
-
 		ClientRequest request1 = requests.get(0);
 		assertThat(request1.headers().getFirst(HttpHeaders.AUTHORIZATION)).isEqualTo("Bearer token");
 		assertThat(request1.url().toASCIIString()).isEqualTo("https://example.com");
@@ -502,11 +461,9 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("new-token")
 				.tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(360).build();
 		given(this.passwordTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse);
-
 		ClientRegistration registration = TestClientRegistrations.password().build();
 		given(this.clientRegistrationRepository.findByRegistrationId(eq(registration.getRegistrationId())))
 				.willReturn(registration);
-
 		// Set custom contextAttributesMapper
 		this.authorizedClientManager.setContextAttributesMapper((authorizeRequest) -> {
 			Map<String, Object> contextAttributes = new HashMap<>();
@@ -519,12 +476,10 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 			}
 			return contextAttributes;
 		});
-
 		MockHttpServletRequest servletRequest = new MockHttpServletRequest();
 		servletRequest.setParameter(OAuth2ParameterNames.USERNAME, "username");
 		servletRequest.setParameter(OAuth2ParameterNames.PASSWORD, "password");
 		MockHttpServletResponse servletResponse = new MockHttpServletResponse();
-
 		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com"))
 				.attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction
 						.clientRegistrationId(registration.getRegistrationId()))
@@ -532,12 +487,9 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 				.attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.httpServletRequest(servletRequest))
 				.attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.httpServletResponse(servletResponse))
 				.build();
-
 		this.function.filter(request, this.exchange).block();
-
 		verify(this.passwordTokenResponseClient).getTokenResponse(any());
 		verify(this.authorizedClientRepository).saveAuthorizedClient(any(), eq(this.authentication), any(), any());
-
 		List<ClientRequest> requests = this.exchange.getRequests();
 		assertThat(requests).hasSize(1);
 		ClientRequest request1 = requests.get(0);
@@ -552,7 +504,6 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		OAuth2AccessTokenResponse response = OAuth2AccessTokenResponse.withToken("token-1")
 				.tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(3600).refreshToken("refresh-1").build();
 		given(this.refreshTokenTokenResponseClient.getTokenResponse(any())).willReturn(response);
-
 		Instant issuedAt = Instant.now().minus(Duration.ofDays(1));
 		Instant accessTokenExpiresAt = issuedAt.plus(Duration.ofHours(1));
 		this.accessToken = new OAuth2AccessToken(this.accessToken.getTokenType(), this.accessToken.getTokenValue(),
@@ -560,7 +511,6 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", issuedAt);
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
 				this.accessToken, refreshToken);
-
 		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com"))
 				.attributes(
 						ServletOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient))
@@ -569,15 +519,11 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 				.attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction
 						.httpServletResponse(new MockHttpServletResponse()))
 				.build();
-
 		this.function.filter(request, this.exchange).block();
-
 		verify(this.refreshTokenTokenResponseClient).getTokenResponse(any());
 		verify(this.authorizedClientRepository).saveAuthorizedClient(any(), any(), any(), any());
-
 		List<ClientRequest> requests = this.exchange.getRequests();
 		assertThat(requests).hasSize(1);
-
 		ClientRequest request0 = requests.get(0);
 		assertThat(request0.headers().getFirst(HttpHeaders.AUTHORIZATION)).isEqualTo("Bearer token-1");
 		assertThat(request0.url().toASCIIString()).isEqualTo("https://example.com");
@@ -589,7 +535,6 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 	public void filterWhenRefreshTokenNullThenShouldRefreshFalse() {
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
 				this.accessToken);
-
 		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com"))
 				.attributes(
 						ServletOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient))
@@ -598,12 +543,9 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 				.attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction
 						.httpServletResponse(new MockHttpServletResponse()))
 				.build();
-
 		this.function.filter(request, this.exchange).block();
-
 		List<ClientRequest> requests = this.exchange.getRequests();
 		assertThat(requests).hasSize(1);
-
 		ClientRequest request0 = requests.get(0);
 		assertThat(request0.headers().getFirst(HttpHeaders.AUTHORIZATION)).isEqualTo("Bearer token-0");
 		assertThat(request0.url().toASCIIString()).isEqualTo("https://example.com");
@@ -616,7 +558,6 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", this.accessToken.getIssuedAt());
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
 				this.accessToken, refreshToken);
-
 		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com"))
 				.attributes(
 						ServletOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient))
@@ -625,12 +566,9 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 				.attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction
 						.httpServletResponse(new MockHttpServletResponse()))
 				.build();
-
 		this.function.filter(request, this.exchange).block();
-
 		List<ClientRequest> requests = this.exchange.getRequests();
 		assertThat(requests).hasSize(1);
-
 		ClientRequest request0 = requests.get(0);
 		assertThat(request0.headers().getFirst(HttpHeaders.AUTHORIZATION)).isEqualTo("Bearer token-0");
 		assertThat(request0.url().toASCIIString()).isEqualTo("https://example.com");
@@ -642,44 +580,33 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 	@Test
 	public void filterWhenChainedThenDefaultsStillAvailable() throws Exception {
 		this.function.setDefaultOAuth2AuthorizedClient(true);
-
 		MockHttpServletRequest servletRequest = new MockHttpServletRequest();
 		MockHttpServletResponse servletResponse = new MockHttpServletResponse();
-
 		OAuth2User user = mock(OAuth2User.class);
 		List<GrantedAuthority> authorities = AuthorityUtils.createAuthorityList("ROLE_USER");
 		OAuth2AuthenticationToken authentication = new OAuth2AuthenticationToken(user, authorities,
 				this.registration.getRegistrationId());
-
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
 				this.accessToken);
-
 		given(this.authorizedClientRepository.loadAuthorizedClient(
 				eq(authentication.getAuthorizedClientRegistrationId()), eq(authentication), eq(servletRequest)))
 						.willReturn(authorizedClient);
-
 		// Default request attributes set
 		final ClientRequest request1 = ClientRequest.create(HttpMethod.GET, URI.create("https://example1.com"))
 				.attributes((attrs) -> attrs.putAll(getDefaultRequestAttributes())).build();
-
 		// Default request attributes NOT set
 		final ClientRequest request2 = ClientRequest.create(HttpMethod.GET, URI.create("https://example2.com")).build();
-
 		Context context = context(servletRequest, servletResponse, authentication);
-
 		this.function.filter(request1, this.exchange)
 				.flatMap((response) -> this.function.filter(request2, this.exchange)).subscriberContext(context)
 				.block();
-
 		List<ClientRequest> requests = this.exchange.getRequests();
 		assertThat(requests).hasSize(2);
-
 		ClientRequest request = requests.get(0);
 		assertThat(request.headers().getFirst(HttpHeaders.AUTHORIZATION)).isEqualTo("Bearer token-0");
 		assertThat(request.url().toASCIIString()).isEqualTo("https://example1.com");
 		assertThat(request.method()).isEqualTo(HttpMethod.GET);
 		assertThat(getBody(request)).isEmpty();
-
 		request = requests.get(1);
 		assertThat(request.headers().getFirst(HttpHeaders.AUTHORIZATION)).isEqualTo("Bearer token-0");
 		assertThat(request.url().toASCIIString()).isEqualTo("https://example2.com");
@@ -708,16 +635,12 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 				.attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.httpServletRequest(servletRequest))
 				.attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.httpServletResponse(servletResponse))
 				.build();
-
 		given(this.exchange.getResponse().rawStatusCode()).willReturn(httpStatus.value());
 		given(this.exchange.getResponse().headers()).willReturn(mock(ClientResponse.Headers.class));
 		this.function.setAuthorizationFailureHandler(this.authorizationFailureHandler);
-
 		this.function.filter(request, this.exchange).block();
-
 		verify(this.authorizationFailureHandler).onAuthorizationFailure(this.authorizationExceptionCaptor.capture(),
 				this.authenticationCaptor.capture(), this.attributesCaptor.capture());
-
 		assertThat(this.authorizationExceptionCaptor.getValue())
 				.isInstanceOfSatisfying(ClientAuthorizationException.class, (e) -> {
 					assertThat(e.getClientRegistrationId()).isEqualTo(this.registration.getRegistrationId());
@@ -743,7 +666,6 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 				.attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.httpServletRequest(servletRequest))
 				.attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.httpServletResponse(servletResponse))
 				.build();
-
 		String wwwAuthenticateHeader = "Bearer error=\"insufficient_scope\", "
 				+ "error_description=\"The request requires higher privileges than provided by the access token.\", "
 				+ "error_uri=\"https://tools.ietf.org/html/rfc6750#section-3.1\"";
@@ -752,12 +674,9 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 				.willReturn(Collections.singletonList(wwwAuthenticateHeader));
 		given(this.exchange.getResponse().headers()).willReturn(headers);
 		this.function.setAuthorizationFailureHandler(this.authorizationFailureHandler);
-
 		this.function.filter(request, this.exchange).block();
-
 		verify(this.authorizationFailureHandler).onAuthorizationFailure(this.authorizationExceptionCaptor.capture(),
 				this.authenticationCaptor.capture(), this.attributesCaptor.capture());
-
 		assertThat(this.authorizationExceptionCaptor.getValue())
 				.isInstanceOfSatisfying(ClientAuthorizationException.class, (e) -> {
 					assertThat(e.getClientRegistrationId()).isEqualTo(this.registration.getRegistrationId());
@@ -788,7 +707,6 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 
 	private void assertHttpStatusWithWebClientExceptionInvokesFailureHandler(HttpStatus httpStatus,
 			String expectedErrorCode) {
-
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
 				this.accessToken);
 		MockHttpServletRequest servletRequest = new MockHttpServletRequest();
@@ -799,17 +717,13 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 				.attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.httpServletRequest(servletRequest))
 				.attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.httpServletResponse(servletResponse))
 				.build();
-
 		WebClientResponseException exception = WebClientResponseException.create(httpStatus.value(),
 				httpStatus.getReasonPhrase(), HttpHeaders.EMPTY, new byte[0], StandardCharsets.UTF_8);
 		ExchangeFunction throwingExchangeFunction = (r) -> Mono.error(exception);
 		this.function.setAuthorizationFailureHandler(this.authorizationFailureHandler);
-
 		assertThatCode(() -> this.function.filter(request, throwingExchangeFunction).block()).isEqualTo(exception);
-
 		verify(this.authorizationFailureHandler).onAuthorizationFailure(this.authorizationExceptionCaptor.capture(),
 				this.authenticationCaptor.capture(), this.attributesCaptor.capture());
-
 		assertThat(this.authorizationExceptionCaptor.getValue())
 				.isInstanceOfSatisfying(ClientAuthorizationException.class, (e) -> {
 					assertThat(e.getClientRegistrationId()).isEqualTo(this.registration.getRegistrationId());
@@ -835,18 +749,14 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 				.attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.httpServletRequest(servletRequest))
 				.attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.httpServletResponse(servletResponse))
 				.build();
-
 		OAuth2AuthorizationException authorizationException = new OAuth2AuthorizationException(
 				new OAuth2Error(OAuth2ErrorCodes.INVALID_TOKEN));
 		ExchangeFunction throwingExchangeFunction = (r) -> Mono.error(authorizationException);
 		this.function.setAuthorizationFailureHandler(this.authorizationFailureHandler);
-
 		assertThatCode(() -> this.function.filter(request, throwingExchangeFunction).block())
 				.isEqualTo(authorizationException);
-
 		verify(this.authorizationFailureHandler).onAuthorizationFailure(this.authorizationExceptionCaptor.capture(),
 				this.authenticationCaptor.capture(), this.attributesCaptor.capture());
-
 		assertThat(this.authorizationExceptionCaptor.getValue())
 				.isInstanceOfSatisfying(OAuth2AuthorizationException.class, (e) -> {
 					assertThat(e.getError().getErrorCode()).isEqualTo(authorizationException.getError().getErrorCode());
@@ -871,13 +781,10 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 				.attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.httpServletRequest(servletRequest))
 				.attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.httpServletResponse(servletResponse))
 				.build();
-
 		given(this.exchange.getResponse().rawStatusCode()).willReturn(HttpStatus.BAD_REQUEST.value());
 		given(this.exchange.getResponse().headers()).willReturn(mock(ClientResponse.Headers.class));
 		this.function.setAuthorizationFailureHandler(this.authorizationFailureHandler);
-
 		this.function.filter(request, this.exchange).block();
-
 		verifyNoInteractions(this.authorizationFailureHandler);
 	}
 
@@ -902,7 +809,6 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		messageWriters.add(new FormHttpMessageWriter());
 		messageWriters.add(new EncoderHttpMessageWriter<>(CharSequenceEncoder.allMimeTypes()));
 		messageWriters.add(new MultipartHttpMessageWriter(messageWriters));
-
 		BodyInserter.Context context = new BodyInserter.Context() {
 			@Override
 			public List<HttpMessageWriter<?>> messageWriters() {
@@ -919,7 +825,6 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 				return new HashMap<>();
 			}
 		};
-
 		MockClientHttpRequest body = new MockClientHttpRequest(HttpMethod.GET, "/");
 		request.body().insert(body, context).block();
 		return body.getBodyAsString().block();
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolverTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolverTests.java
index a85ef616f4..54967496b5 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolverTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolverTests.java
@@ -77,19 +77,15 @@ public class DefaultServerOAuth2AuthorizationRequestResolverTests {
 	@Test
 	public void resolveWhenClientRegistrationNotFoundMatchThenBadRequest() {
 		given(this.clientRegistrationRepository.findByRegistrationId(any())).willReturn(Mono.empty());
-
 		ResponseStatusException expected = catchThrowableOfType(() -> resolve("/oauth2/authorization/not-found-id"),
 				ResponseStatusException.class);
-
 		assertThat(expected.getStatus()).isEqualTo(HttpStatus.BAD_REQUEST);
 	}
 
 	@Test
 	public void resolveWhenClientRegistrationFoundThenWorks() {
 		given(this.clientRegistrationRepository.findByRegistrationId(any())).willReturn(Mono.just(this.registration));
-
 		OAuth2AuthorizationRequest request = resolve("/oauth2/authorization/not-found-id");
-
 		assertThat(request.getAuthorizationRequestUri())
 				.matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id&"
 						+ "scope=read:user&state=.*?&" + "redirect_uri=/login/oauth2/code/registration-id");
@@ -100,9 +96,7 @@ public class DefaultServerOAuth2AuthorizationRequestResolverTests {
 		given(this.clientRegistrationRepository.findByRegistrationId(any())).willReturn(Mono.just(this.registration));
 		ServerWebExchange exchange = MockServerWebExchange
 				.from(MockServerHttpRequest.get("/oauth2/authorization/id").header("X-Forwarded-Host", "evil.com"));
-
 		OAuth2AuthorizationRequest request = this.resolver.resolve(exchange).block();
-
 		assertThat(request.getAuthorizationRequestUri())
 				.matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id&"
 						+ "scope=read:user&state=.*?&" + "redirect_uri=/login/oauth2/code/registration-id");
@@ -113,12 +107,9 @@ public class DefaultServerOAuth2AuthorizationRequestResolverTests {
 		given(this.clientRegistrationRepository.findByRegistrationId(any()))
 				.willReturn(Mono.just(TestClientRegistrations.clientRegistration()
 						.clientAuthenticationMethod(ClientAuthenticationMethod.NONE).clientSecret(null).build()));
-
 		OAuth2AuthorizationRequest request = resolve("/oauth2/authorization/registration-id");
-
 		assertThat((String) request.getAttribute(PkceParameterNames.CODE_VERIFIER))
 				.matches("^([a-zA-Z0-9\\-\\.\\_\\~]){128}$");
-
 		assertThat(request.getAuthorizationRequestUri())
 				.matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id&"
 						+ "scope=read:user&state=.*?&" + "redirect_uri=/login/oauth2/code/registration-id&"
@@ -129,11 +120,8 @@ public class DefaultServerOAuth2AuthorizationRequestResolverTests {
 	public void resolveWhenAuthenticationRequestWithValidOidcClientThenResolves() {
 		given(this.clientRegistrationRepository.findByRegistrationId(any()))
 				.willReturn(Mono.just(TestClientRegistrations.clientRegistration().scope(OidcScopes.OPENID).build()));
-
 		OAuth2AuthorizationRequest request = resolve("/oauth2/authorization/registration-id");
-
 		assertThat((String) request.getAttribute(OidcParameterNames.NONCE)).matches("^([a-zA-Z0-9\\-\\.\\_\\~]){128}$");
-
 		assertThat(request.getAuthorizationRequestUri()).matches("https://example.com/login/oauth/authorize\\?"
 				+ "response_type=code&client_id=client-id&" + "scope=openid&state=.*?&"
 				+ "redirect_uri=/login/oauth2/code/registration-id&" + "nonce=([a-zA-Z0-9\\-\\.\\_\\~]){43}");
@@ -144,13 +132,10 @@ public class DefaultServerOAuth2AuthorizationRequestResolverTests {
 	public void resolveWhenAuthorizationRequestCustomizerRemovesNonceThenQueryExcludesNonce() {
 		given(this.clientRegistrationRepository.findByRegistrationId(any()))
 				.willReturn(Mono.just(TestClientRegistrations.clientRegistration().scope(OidcScopes.OPENID).build()));
-
 		this.resolver.setAuthorizationRequestCustomizer(
 				(customizer) -> customizer.additionalParameters((params) -> params.remove(OidcParameterNames.NONCE))
 						.attributes((attrs) -> attrs.remove(OidcParameterNames.NONCE)));
-
 		OAuth2AuthorizationRequest authorizationRequest = resolve("/oauth2/authorization/registration-id");
-
 		assertThat(authorizationRequest.getAdditionalParameters()).doesNotContainKey(OidcParameterNames.NONCE);
 		assertThat(authorizationRequest.getAttributes()).doesNotContainKey(OidcParameterNames.NONCE);
 		assertThat(authorizationRequest.getAttributes()).containsKey(OAuth2ParameterNames.REGISTRATION_ID);
@@ -163,15 +148,12 @@ public class DefaultServerOAuth2AuthorizationRequestResolverTests {
 	public void resolveWhenAuthorizationRequestCustomizerAddsParameterThenQueryIncludesParameter() {
 		given(this.clientRegistrationRepository.findByRegistrationId(any()))
 				.willReturn(Mono.just(TestClientRegistrations.clientRegistration().scope(OidcScopes.OPENID).build()));
-
 		this.resolver
 				.setAuthorizationRequestCustomizer((customizer) -> customizer.authorizationRequestUri((uriBuilder) -> {
 					uriBuilder.queryParam("param1", "value1");
 					return uriBuilder.build();
 				}));
-
 		OAuth2AuthorizationRequest authorizationRequest = resolve("/oauth2/authorization/registration-id");
-
 		assertThat(authorizationRequest.getAuthorizationRequestUri())
 				.matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id&"
 						+ "scope=openid&state=.{15,}&" + "redirect_uri=/login/oauth2/code/registration-id&"
@@ -182,14 +164,11 @@ public class DefaultServerOAuth2AuthorizationRequestResolverTests {
 	public void resolveWhenAuthorizationRequestCustomizerOverridesParameterThenQueryIncludesParameter() {
 		given(this.clientRegistrationRepository.findByRegistrationId(any()))
 				.willReturn(Mono.just(TestClientRegistrations.clientRegistration().scope(OidcScopes.OPENID).build()));
-
 		this.resolver.setAuthorizationRequestCustomizer((customizer) -> customizer.parameters((params) -> {
 			params.put("appid", params.get("client_id"));
 			params.remove("client_id");
 		}));
-
 		OAuth2AuthorizationRequest authorizationRequest = resolve("/oauth2/authorization/registration-id");
-
 		assertThat(authorizationRequest.getAuthorizationRequestUri())
 				.matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&"
 						+ "scope=openid&state=.{15,}&" + "redirect_uri=/login/oauth2/code/registration-id&"
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationCodeGrantWebFilterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationCodeGrantWebFilterTests.java
index 6b1369601a..56f527b658 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationCodeGrantWebFilterTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationCodeGrantWebFilterTests.java
@@ -121,9 +121,7 @@ public class OAuth2AuthorizationCodeGrantWebFilterTests {
 		MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/"));
 		DefaultWebFilterChain chain = new DefaultWebFilterChain((e) -> e.getResponse().setComplete(),
 				Collections.emptyList());
-
 		this.filter.filter(exchange, chain).block();
-
 		verifyNoInteractions(this.authenticationManager);
 	}
 
@@ -131,7 +129,6 @@ public class OAuth2AuthorizationCodeGrantWebFilterTests {
 	public void filterWhenMatchThenAuthorizedClientSaved() {
 		ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build();
 		given(this.clientRegistrationRepository.findByRegistrationId(any())).willReturn(Mono.just(clientRegistration));
-
 		MockServerHttpRequest authorizationRequest = createAuthorizationRequest("/authorization/callback");
 		OAuth2AuthorizationRequest oauth2AuthorizationRequest = createOAuth2AuthorizationRequest(authorizationRequest,
 				clientRegistration);
@@ -139,18 +136,14 @@ public class OAuth2AuthorizationCodeGrantWebFilterTests {
 				.willReturn(Mono.just(oauth2AuthorizationRequest));
 		given(this.authorizationRequestRepository.removeAuthorizationRequest(any()))
 				.willReturn(Mono.just(oauth2AuthorizationRequest));
-
 		given(this.authorizedClientRepository.saveAuthorizedClient(any(), any(), any())).willReturn(Mono.empty());
 		given(this.authenticationManager.authenticate(any()))
 				.willReturn(Mono.just(TestOAuth2AuthorizationCodeAuthenticationTokens.authenticated()));
-
 		MockServerHttpRequest authorizationResponse = createAuthorizationResponse(authorizationRequest);
 		MockServerWebExchange exchange = MockServerWebExchange.from(authorizationResponse);
 		DefaultWebFilterChain chain = new DefaultWebFilterChain((e) -> e.getResponse().setComplete(),
 				Collections.emptyList());
-
 		this.filter.filter(exchange, chain).block();
-
 		verify(this.authorizedClientRepository).saveAuthorizedClient(any(), any(AnonymousAuthenticationToken.class),
 				any());
 	}
@@ -163,7 +156,6 @@ public class OAuth2AuthorizationCodeGrantWebFilterTests {
 		given(this.authorizedClientRepository.saveAuthorizedClient(any(), any(), any())).willReturn(Mono.empty());
 		given(this.authenticationManager.authenticate(any()))
 				.willReturn(Mono.just(TestOAuth2AuthorizationCodeAuthenticationTokens.authenticated()));
-
 		// 1) redirect_uri with query parameters
 		Map<String, String> parameters = new LinkedHashMap<>();
 		parameters.put("param1", "value1");
@@ -175,15 +167,12 @@ public class OAuth2AuthorizationCodeGrantWebFilterTests {
 				.willReturn(Mono.just(oauth2AuthorizationRequest));
 		given(this.authorizationRequestRepository.removeAuthorizationRequest(any()))
 				.willReturn(Mono.just(oauth2AuthorizationRequest));
-
 		MockServerHttpRequest authorizationResponse = createAuthorizationResponse(authorizationRequest);
 		MockServerWebExchange exchange = MockServerWebExchange.from(authorizationResponse);
 		DefaultWebFilterChain chain = new DefaultWebFilterChain((e) -> e.getResponse().setComplete(),
 				Collections.emptyList());
-
 		this.filter.filter(exchange, chain).block();
 		verify(this.authenticationManager, times(1)).authenticate(any());
-
 		// 2) redirect_uri with query parameters AND authorization response additional
 		// parameters
 		Map<String, String> additionalParameters = new LinkedHashMap<>();
@@ -191,7 +180,6 @@ public class OAuth2AuthorizationCodeGrantWebFilterTests {
 		additionalParameters.put("auth-param2", "value2");
 		authorizationResponse = createAuthorizationResponse(authorizationRequest, additionalParameters);
 		exchange = MockServerWebExchange.from(authorizationResponse);
-
 		this.filter.filter(exchange, chain).block();
 		verify(this.authenticationManager, times(2)).authenticate(any());
 	}
@@ -209,7 +197,6 @@ public class OAuth2AuthorizationCodeGrantWebFilterTests {
 				clientRegistration);
 		given(this.authorizationRequestRepository.loadAuthorizationRequest(any()))
 				.willReturn(Mono.just(oauth2AuthorizationRequest));
-
 		// 1) Parameter value
 		Map<String, String> parametersNotMatch = new LinkedHashMap<>(parameters);
 		parametersNotMatch.put("param2", "value8");
@@ -218,26 +205,21 @@ public class OAuth2AuthorizationCodeGrantWebFilterTests {
 		MockServerWebExchange exchange = MockServerWebExchange.from(authorizationResponse);
 		DefaultWebFilterChain chain = new DefaultWebFilterChain((e) -> e.getResponse().setComplete(),
 				Collections.emptyList());
-
 		this.filter.filter(exchange, chain).block();
 		verifyNoInteractions(this.authenticationManager);
-
 		// 2) Parameter order
 		parametersNotMatch = new LinkedHashMap<>();
 		parametersNotMatch.put("param2", "value2");
 		parametersNotMatch.put("param1", "value1");
 		authorizationResponse = createAuthorizationResponse(createAuthorizationRequest(requestUri, parametersNotMatch));
 		exchange = MockServerWebExchange.from(authorizationResponse);
-
 		this.filter.filter(exchange, chain).block();
 		verifyNoInteractions(this.authenticationManager);
-
 		// 3) Parameter missing
 		parametersNotMatch = new LinkedHashMap<>(parameters);
 		parametersNotMatch.remove("param2");
 		authorizationResponse = createAuthorizationResponse(createAuthorizationRequest(requestUri, parametersNotMatch));
 		exchange = MockServerWebExchange.from(authorizationResponse);
-
 		this.filter.filter(exchange, chain).block();
 		verifyNoInteractions(this.authenticationManager);
 	}
@@ -249,7 +231,6 @@ public class OAuth2AuthorizationCodeGrantWebFilterTests {
 		given(this.authorizedClientRepository.saveAuthorizedClient(any(), any(), any())).willReturn(Mono.empty());
 		given(this.authenticationManager.authenticate(any()))
 				.willReturn(Mono.just(TestOAuth2AuthorizationCodeAuthenticationTokens.authenticated()));
-
 		MockServerHttpRequest authorizationRequest = createAuthorizationRequest("/authorization/callback");
 		OAuth2AuthorizationRequest oauth2AuthorizationRequest = createOAuth2AuthorizationRequest(authorizationRequest,
 				clientRegistration);
@@ -257,20 +238,15 @@ public class OAuth2AuthorizationCodeGrantWebFilterTests {
 				.willReturn(Mono.just(oauth2AuthorizationRequest));
 		given(this.authorizationRequestRepository.removeAuthorizationRequest(any()))
 				.willReturn(Mono.just(oauth2AuthorizationRequest));
-
 		MockServerHttpRequest authorizationResponse = createAuthorizationResponse(authorizationRequest);
 		MockServerWebExchange exchange = MockServerWebExchange.from(authorizationResponse);
 		DefaultWebFilterChain chain = new DefaultWebFilterChain((e) -> e.getResponse().setComplete(),
 				Collections.emptyList());
-
 		ServerRequestCache requestCache = mock(ServerRequestCache.class);
 		given(requestCache.getRedirectUri(any(ServerWebExchange.class)))
 				.willReturn(Mono.just(URI.create("/saved-request")));
-
 		this.filter.setRequestCache(requestCache);
-
 		this.filter.filter(exchange, chain).block();
-
 		verify(requestCache).getRedirectUri(exchange);
 		assertThat(exchange.getResponse().getHeaders().getLocation().toString()).isEqualTo("/saved-request");
 	}
@@ -280,7 +256,6 @@ public class OAuth2AuthorizationCodeGrantWebFilterTests {
 	public void filterWhenAuthenticationConverterThrowsOAuth2AuthorizationExceptionThenMappedToOAuth2AuthenticationException() {
 		ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build();
 		given(this.clientRegistrationRepository.findByRegistrationId(any())).willReturn(Mono.empty());
-
 		MockServerHttpRequest authorizationRequest = createAuthorizationRequest("/authorization/callback");
 		OAuth2AuthorizationRequest oauth2AuthorizationRequest = createOAuth2AuthorizationRequest(authorizationRequest,
 				clientRegistration);
@@ -288,12 +263,10 @@ public class OAuth2AuthorizationCodeGrantWebFilterTests {
 				.willReturn(Mono.just(oauth2AuthorizationRequest));
 		given(this.authorizationRequestRepository.removeAuthorizationRequest(any()))
 				.willReturn(Mono.just(oauth2AuthorizationRequest));
-
 		MockServerHttpRequest authorizationResponse = createAuthorizationResponse(authorizationRequest);
 		MockServerWebExchange exchange = MockServerWebExchange.from(authorizationResponse);
 		DefaultWebFilterChain chain = new DefaultWebFilterChain((e) -> e.getResponse().setComplete(),
 				Collections.emptyList());
-
 		assertThatThrownBy(() -> this.filter.filter(exchange, chain).block())
 				.isInstanceOf(OAuth2AuthenticationException.class)
 				.extracting((ex) -> ((OAuth2AuthenticationException) ex).getError()).extracting("errorCode")
@@ -306,7 +279,6 @@ public class OAuth2AuthorizationCodeGrantWebFilterTests {
 	public void filterWhenAuthenticationManagerThrowsOAuth2AuthorizationExceptionThenMappedToOAuth2AuthenticationException() {
 		ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build();
 		given(this.clientRegistrationRepository.findByRegistrationId(any())).willReturn(Mono.just(clientRegistration));
-
 		MockServerHttpRequest authorizationRequest = createAuthorizationRequest("/authorization/callback");
 		OAuth2AuthorizationRequest oauth2AuthorizationRequest = createOAuth2AuthorizationRequest(authorizationRequest,
 				clientRegistration);
@@ -314,15 +286,12 @@ public class OAuth2AuthorizationCodeGrantWebFilterTests {
 				.willReturn(Mono.just(oauth2AuthorizationRequest));
 		given(this.authorizationRequestRepository.removeAuthorizationRequest(any()))
 				.willReturn(Mono.just(oauth2AuthorizationRequest));
-
 		given(this.authenticationManager.authenticate(any()))
 				.willReturn(Mono.error(new OAuth2AuthorizationException(new OAuth2Error("authorization_error"))));
-
 		MockServerHttpRequest authorizationResponse = createAuthorizationResponse(authorizationRequest);
 		MockServerWebExchange exchange = MockServerWebExchange.from(authorizationResponse);
 		DefaultWebFilterChain chain = new DefaultWebFilterChain((e) -> e.getResponse().setComplete(),
 				Collections.emptyList());
-
 		assertThatThrownBy(() -> this.filter.filter(exchange, chain).block())
 				.isInstanceOf(OAuth2AuthenticationException.class)
 				.extracting((ex) -> ((OAuth2AuthenticationException) ex).getError()).extracting("errorCode")
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationRequestRedirectWebFilterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationRequestRedirectWebFilterTests.java
index b18bd9442b..f5c6f0c5f8 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationRequestRedirectWebFilterTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationRequestRedirectWebFilterTests.java
@@ -71,7 +71,6 @@ public class OAuth2AuthorizationRequestRedirectWebFilterTests {
 		this.filter.setAuthorizationRequestRepository(this.authzRequestRepository);
 		FilteringWebHandler webHandler = new FilteringWebHandler((e) -> e.getResponse().setComplete(),
 				Arrays.asList(this.filter));
-
 		this.client = WebTestClient.bindToWebHandler(webHandler).build();
 		given(this.clientRepository.findByRegistrationId(this.registration.getRegistrationId()))
 				.willReturn(Mono.just(this.registration));
@@ -88,7 +87,6 @@ public class OAuth2AuthorizationRequestRedirectWebFilterTests {
 	@Test
 	public void filterWhenDoesNotMatchThenClientRegistrationRepositoryNotSubscribed() {
 		this.client.get().exchange().expectStatus().isOk();
-
 		verifyZeroInteractions(this.clientRepository, this.authzRequestRepository);
 	}
 
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizationCodeAuthenticationTokenConverterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizationCodeAuthenticationTokenConverterTests.java
index b08e068cfa..aed902381d 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizationCodeAuthenticationTokenConverterTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizationCodeAuthenticationTokenConverterTests.java
@@ -85,7 +85,6 @@ public class ServerOAuth2AuthorizationCodeAuthenticationTokenConverterTests {
 	@Test
 	public void applyWhenAuthorizationRequestEmptyThenOAuth2AuthorizationException() {
 		given(this.authorizationRequestRepository.removeAuthorizationRequest(any())).willReturn(Mono.empty());
-
 		assertThatThrownBy(() -> applyConverter()).isInstanceOf(OAuth2AuthorizationException.class);
 	}
 
@@ -94,7 +93,6 @@ public class ServerOAuth2AuthorizationCodeAuthenticationTokenConverterTests {
 		this.authorizationRequest.attributes(Map::clear);
 		given(this.authorizationRequestRepository.removeAuthorizationRequest(any()))
 				.willReturn(Mono.just(this.authorizationRequest.build()));
-
 		assertThatThrownBy(() -> applyConverter()).isInstanceOf(OAuth2AuthorizationException.class)
 				.hasMessageContaining(
 						ServerOAuth2AuthorizationCodeAuthenticationTokenConverter.CLIENT_REGISTRATION_NOT_FOUND_ERROR_CODE);
@@ -105,7 +103,6 @@ public class ServerOAuth2AuthorizationCodeAuthenticationTokenConverterTests {
 		given(this.authorizationRequestRepository.removeAuthorizationRequest(any()))
 				.willReturn(Mono.just(this.authorizationRequest.build()));
 		given(this.clientRegistrationRepository.findByRegistrationId(any())).willReturn(Mono.empty());
-
 		assertThatThrownBy(() -> applyConverter()).isInstanceOf(OAuth2AuthorizationException.class)
 				.hasMessageContaining(
 						ServerOAuth2AuthorizationCodeAuthenticationTokenConverter.CLIENT_REGISTRATION_NOT_FOUND_ERROR_CODE);
@@ -118,7 +115,6 @@ public class ServerOAuth2AuthorizationCodeAuthenticationTokenConverterTests {
 				.willReturn(Mono.just(this.authorizationRequest.build()));
 		given(this.clientRegistrationRepository.findByRegistrationId(any()))
 				.willReturn(Mono.just(this.clientRegistration));
-
 		assertThat(applyConverter().getAuthorizationExchange().getAuthorizationResponse().getError().getErrorCode())
 				.isEqualTo("error");
 	}
@@ -130,9 +126,7 @@ public class ServerOAuth2AuthorizationCodeAuthenticationTokenConverterTests {
 				.willReturn(Mono.just(this.authorizationRequest.build()));
 		given(this.clientRegistrationRepository.findByRegistrationId(any()))
 				.willReturn(Mono.just(this.clientRegistration));
-
 		OAuth2AuthorizationCodeAuthenticationToken result = applyConverter();
-
 		OAuth2AuthorizationResponse exchange = result.getAuthorizationExchange().getAuthorizationResponse();
 		assertThat(exchange.getError()).isNull();
 		assertThat(exchange.getCode()).isEqualTo("code");
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/UnAuthenticatedServerOAuth2AuthorizedClientRepositoryTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/UnAuthenticatedServerOAuth2AuthorizedClientRepositoryTests.java
index 0e6ed8a94c..23c526bdf3 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/UnAuthenticatedServerOAuth2AuthorizedClientRepositoryTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/UnAuthenticatedServerOAuth2AuthorizedClientRepositoryTests.java
@@ -62,7 +62,6 @@ public class UnAuthenticatedServerOAuth2AuthorizedClientRepositoryTests {
 	}
 
 	// loadAuthorizedClient
-
 	@Test
 	public void loadAuthorizedClientWhenClientRegistrationIdNullThenIllegalArgumentException() {
 		this.clientRegistrationId = null;
@@ -96,7 +95,6 @@ public class UnAuthenticatedServerOAuth2AuthorizedClientRepositoryTests {
 	@Test
 	public void loadAuthorizedClientWhenFoundThenFound() {
 		this.repository.saveAuthorizedClient(this.authorizedClient, this.authentication, this.exchange).block();
-
 		assertThat(this.repository.loadAuthorizedClient(this.clientRegistrationId, this.authentication, this.exchange)
 				.block()).isEqualTo(this.authorizedClient);
 	}
@@ -107,10 +105,8 @@ public class UnAuthenticatedServerOAuth2AuthorizedClientRepositoryTests {
 				.registrationId("other-client-registration").build();
 		OAuth2AuthorizedClient otherAuthorizedClient = new OAuth2AuthorizedClient(otherClientRegistration,
 				"anonymousUser", this.authorizedClient.getAccessToken());
-
 		this.repository.saveAuthorizedClient(this.authorizedClient, this.authentication, this.exchange).block();
 		this.repository.saveAuthorizedClient(otherAuthorizedClient, this.authentication, this.exchange).block();
-
 		assertThat(this.repository.loadAuthorizedClient(this.clientRegistrationId, this.authentication, this.exchange)
 				.block()).isEqualTo(this.authorizedClient);
 	}
@@ -119,13 +115,11 @@ public class UnAuthenticatedServerOAuth2AuthorizedClientRepositoryTests {
 	public void loadAuthorizedClientWhenAnonymousThenFound() {
 		this.authentication = this.anonymous;
 		this.repository.saveAuthorizedClient(this.authorizedClient, this.authentication, this.exchange).block();
-
 		assertThat(this.repository.loadAuthorizedClient(this.clientRegistrationId, this.authentication, this.exchange)
 				.block()).isEqualTo(this.authorizedClient);
 	}
 
 	// saveAuthorizedClient
-
 	@Test
 	public void saveAuthorizedClientWhenAuthorizedClientNullThenIllegalArgumentException() {
 		this.authorizedClient = null;
@@ -151,7 +145,6 @@ public class UnAuthenticatedServerOAuth2AuthorizedClientRepositoryTests {
 	}
 
 	// removeAuthorizedClient
-
 	@Test
 	public void removeAuthorizedClientWhenClientRegistrationIdNullThenIllegalArgumentException() {
 		this.clientRegistrationId = null;
@@ -180,7 +173,6 @@ public class UnAuthenticatedServerOAuth2AuthorizedClientRepositoryTests {
 	public void removeAuthorizedClientWhenFoundThenFound() {
 		this.repository.saveAuthorizedClient(this.authorizedClient, this.authentication, this.exchange).block();
 		this.repository.removeAuthorizedClient(this.clientRegistrationId, this.authentication, this.exchange).block();
-
 		assertThat(this.repository.loadAuthorizedClient(this.clientRegistrationId, this.authentication, this.exchange)
 				.block()).isNull();
 	}
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/WebSessionOAuth2ServerAuthorizationRequestRepositoryTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/WebSessionOAuth2ServerAuthorizationRequestRepositoryTests.java
index 4b027dac97..13a50ed5ab 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/WebSessionOAuth2ServerAuthorizationRequestRepositoryTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/WebSessionOAuth2ServerAuthorizationRequestRepositoryTests.java
@@ -68,7 +68,6 @@ public class WebSessionOAuth2ServerAuthorizationRequestRepositoryTests {
 	@Test
 	public void loadAuthorizationRequestWhenNoSessionThenEmpty() {
 		StepVerifier.create(this.repository.loadAuthorizationRequest(this.exchange)).verifyComplete();
-
 		assertSessionStartedIs(false);
 	}
 
@@ -77,7 +76,6 @@ public class WebSessionOAuth2ServerAuthorizationRequestRepositoryTests {
 		Mono<OAuth2AuthorizationRequest> setAttrThenLoad = this.exchange.getSession().map(WebSession::getAttributes)
 				.doOnNext((attrs) -> attrs.put("foo", "bar"))
 				.then(this.repository.loadAuthorizationRequest(this.exchange));
-
 		StepVerifier.create(setAttrThenLoad).verifyComplete();
 	}
 
@@ -87,7 +85,6 @@ public class WebSessionOAuth2ServerAuthorizationRequestRepositoryTests {
 		Mono<OAuth2AuthorizationRequest> saveAndLoad = this.repository
 				.saveAuthorizationRequest(this.authorizationRequest, this.exchange)
 				.then(this.repository.loadAuthorizationRequest(this.exchange));
-
 		StepVerifier.create(saveAndLoad).verifyComplete();
 	}
 
@@ -104,25 +101,19 @@ public class WebSessionOAuth2ServerAuthorizationRequestRepositoryTests {
 		String oldState = "state0";
 		MockServerHttpRequest oldRequest = MockServerHttpRequest.get("/")
 				.queryParam(OAuth2ParameterNames.STATE, oldState).build();
-
 		OAuth2AuthorizationRequest oldAuthorizationRequest = OAuth2AuthorizationRequest.authorizationCode()
 				.authorizationUri("https://example.com/oauth2/authorize").clientId("client-id")
 				.redirectUri("http://localhost/client-1").state(oldState).build();
-
 		WebSessionManager sessionManager = (e) -> this.exchange.getSession();
-
 		this.exchange = new DefaultServerWebExchange(this.exchange.getRequest(), new MockServerHttpResponse(),
 				sessionManager, ServerCodecConfigurer.create(), new AcceptHeaderLocaleContextResolver());
 		ServerWebExchange oldExchange = new DefaultServerWebExchange(oldRequest, new MockServerHttpResponse(),
 				sessionManager, ServerCodecConfigurer.create(), new AcceptHeaderLocaleContextResolver());
-
 		Mono<OAuth2AuthorizationRequest> saveAndSaveAndLoad = this.repository
 				.saveAuthorizationRequest(oldAuthorizationRequest, oldExchange)
 				.then(this.repository.saveAuthorizationRequest(this.authorizationRequest, this.exchange))
 				.then(this.repository.loadAuthorizationRequest(oldExchange));
-
 		StepVerifier.create(saveAndSaveAndLoad).expectNext(oldAuthorizationRequest).verifyComplete();
-
 		StepVerifier.create(this.repository.loadAuthorizationRequest(this.exchange))
 				.expectNext(this.authorizationRequest).verifyComplete();
 	}
@@ -133,7 +124,6 @@ public class WebSessionOAuth2ServerAuthorizationRequestRepositoryTests {
 		assertThatThrownBy(() -> this.repository.saveAuthorizationRequest(this.authorizationRequest, this.exchange))
 				.isInstanceOf(IllegalArgumentException.class);
 		assertSessionStartedIs(false);
-
 	}
 
 	@Test
@@ -141,7 +131,6 @@ public class WebSessionOAuth2ServerAuthorizationRequestRepositoryTests {
 		this.exchange = null;
 		assertThatThrownBy(() -> this.repository.saveAuthorizationRequest(this.authorizationRequest, this.exchange))
 				.isInstanceOf(IllegalArgumentException.class);
-
 	}
 
 	@Test
@@ -162,9 +151,7 @@ public class WebSessionOAuth2ServerAuthorizationRequestRepositoryTests {
 		Mono<OAuth2AuthorizationRequest> saveAndRemove = this.repository
 				.saveAuthorizationRequest(this.authorizationRequest, this.exchange)
 				.then(this.repository.removeAuthorizationRequest(this.exchange));
-
 		StepVerifier.create(saveAndRemove).expectNext(this.authorizationRequest).verifyComplete();
-
 		StepVerifier.create(this.exchange.getSession().map(WebSession::getAttributes).map(Map::isEmpty))
 				.expectNext(true).verifyComplete();
 	}
@@ -178,7 +165,6 @@ public class WebSessionOAuth2ServerAuthorizationRequestRepositoryTests {
 		Mono<OAuth2AuthorizationRequest> saveAndRemove = this.repository
 				.saveAuthorizationRequest(this.authorizationRequest, this.exchange)
 				.then(this.repository.removeAuthorizationRequest(otherStateExchange));
-
 		StepVerifier.create(saveAndRemove).verifyComplete();
 	}
 
@@ -187,27 +173,20 @@ public class WebSessionOAuth2ServerAuthorizationRequestRepositoryTests {
 		String oldState = "state0";
 		MockServerHttpRequest oldRequest = MockServerHttpRequest.get("/")
 				.queryParam(OAuth2ParameterNames.STATE, oldState).build();
-
 		OAuth2AuthorizationRequest oldAuthorizationRequest = OAuth2AuthorizationRequest.authorizationCode()
 				.authorizationUri("https://example.com/oauth2/authorize").clientId("client-id")
 				.redirectUri("http://localhost/client-1").state(oldState).build();
-
 		WebSessionManager sessionManager = (e) -> this.exchange.getSession();
-
 		this.exchange = new DefaultServerWebExchange(this.exchange.getRequest(), new MockServerHttpResponse(),
 				sessionManager, ServerCodecConfigurer.create(), new AcceptHeaderLocaleContextResolver());
 		ServerWebExchange oldExchange = new DefaultServerWebExchange(oldRequest, new MockServerHttpResponse(),
 				sessionManager, ServerCodecConfigurer.create(), new AcceptHeaderLocaleContextResolver());
-
 		Mono<OAuth2AuthorizationRequest> saveAndSaveAndRemove = this.repository
 				.saveAuthorizationRequest(oldAuthorizationRequest, oldExchange)
 				.then(this.repository.saveAuthorizationRequest(this.authorizationRequest, this.exchange))
 				.then(this.repository.removeAuthorizationRequest(this.exchange));
-
 		StepVerifier.create(saveAndSaveAndRemove).expectNext(this.authorizationRequest).verifyComplete();
-
 		StepVerifier.create(this.repository.loadAuthorizationRequest(this.exchange)).verifyComplete();
-
 		StepVerifier.create(this.repository.loadAuthorizationRequest(oldExchange)).expectNext(oldAuthorizationRequest)
 				.verifyComplete();
 	}
@@ -218,30 +197,23 @@ public class WebSessionOAuth2ServerAuthorizationRequestRepositoryTests {
 		String oldState = "state0";
 		MockServerHttpRequest oldRequest = MockServerHttpRequest.get("/")
 				.queryParam(OAuth2ParameterNames.STATE, oldState).build();
-
 		OAuth2AuthorizationRequest oldAuthorizationRequest = OAuth2AuthorizationRequest.authorizationCode()
 				.authorizationUri("https://example.com/oauth2/authorize").clientId("client-id")
 				.redirectUri("http://localhost/client-1").state(oldState).build();
-
 		Map<String, Object> sessionAttrs = spy(new HashMap<>());
 		WebSession session = mock(WebSession.class);
 		given(session.getAttributes()).willReturn(sessionAttrs);
 		WebSessionManager sessionManager = (e) -> Mono.just(session);
-
 		this.exchange = new DefaultServerWebExchange(this.exchange.getRequest(), new MockServerHttpResponse(),
 				sessionManager, ServerCodecConfigurer.create(), new AcceptHeaderLocaleContextResolver());
 		ServerWebExchange oldExchange = new DefaultServerWebExchange(oldRequest, new MockServerHttpResponse(),
 				sessionManager, ServerCodecConfigurer.create(), new AcceptHeaderLocaleContextResolver());
-
 		Mono<OAuth2AuthorizationRequest> saveAndSaveAndRemove = this.repository
 				.saveAuthorizationRequest(oldAuthorizationRequest, oldExchange)
 				.then(this.repository.saveAuthorizationRequest(this.authorizationRequest, this.exchange))
 				.then(this.repository.removeAuthorizationRequest(this.exchange));
-
 		StepVerifier.create(saveAndSaveAndRemove).expectNext(this.authorizationRequest).verifyComplete();
-
 		StepVerifier.create(this.repository.loadAuthorizationRequest(this.exchange)).verifyComplete();
-
 		verify(sessionAttrs, times(3)).put(any(), any());
 	}
 
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/WebSessionServerOAuth2AuthorizedClientRepositoryTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/WebSessionServerOAuth2AuthorizedClientRepositoryTests.java
index 3a683952e2..e24d86bb86 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/WebSessionServerOAuth2AuthorizedClientRepositoryTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/WebSessionServerOAuth2AuthorizedClientRepositoryTests.java
@@ -81,7 +81,6 @@ public class WebSessionServerOAuth2AuthorizedClientRepositoryTests {
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration1, this.principalName1,
 				mock(OAuth2AccessToken.class));
 		this.authorizedClientRepository.saveAuthorizedClient(authorizedClient, null, this.exchange).block();
-
 		OAuth2AuthorizedClient loadedAuthorizedClient = this.authorizedClientRepository
 				.loadAuthorizedClient(this.registrationId1, null, this.exchange).block();
 		assertThat(loadedAuthorizedClient).isEqualTo(authorizedClient);
@@ -115,10 +114,8 @@ public class WebSessionServerOAuth2AuthorizedClientRepositoryTests {
 		OAuth2AuthorizedClient expected = new OAuth2AuthorizedClient(this.registration2, this.principalName1,
 				mock(OAuth2AccessToken.class));
 		this.authorizedClientRepository.saveAuthorizedClient(expected, null, this.exchange).block();
-
 		OAuth2AuthorizedClient result = this.authorizedClientRepository
 				.loadAuthorizedClient(this.registrationId2, null, this.exchange).block();
-
 		assertThat(result).isEqualTo(expected);
 	}
 
@@ -151,10 +148,8 @@ public class WebSessionServerOAuth2AuthorizedClientRepositoryTests {
 		OAuth2AuthorizedClient authorizedClient1 = new OAuth2AuthorizedClient(this.registration1, this.principalName1,
 				mock(OAuth2AccessToken.class));
 		this.authorizedClientRepository.saveAuthorizedClient(authorizedClient1, null, this.exchange).block();
-
 		// Remove registrationId2 (never added so is not removed either)
 		this.authorizedClientRepository.removeAuthorizedClient(this.registrationId2, null, this.exchange);
-
 		OAuth2AuthorizedClient loadedAuthorizedClient1 = this.authorizedClientRepository
 				.loadAuthorizedClient(this.registrationId1, null, this.exchange).block();
 		assertThat(loadedAuthorizedClient1).isNotNull();
@@ -184,7 +179,6 @@ public class WebSessionServerOAuth2AuthorizedClientRepositoryTests {
 				.loadAuthorizedClient(this.registrationId1, null, this.exchange).block();
 		assertThat(loadedAuthorizedClient).isSameAs(authorizedClient);
 		this.authorizedClientRepository.removeAuthorizedClient(this.registrationId1, null, this.exchange).block();
-
 		WebSession session = this.exchange.getSession().block();
 		assertThat(session).isNotNull();
 		assertThat(session.getAttributes()).isEmpty();
@@ -195,13 +189,10 @@ public class WebSessionServerOAuth2AuthorizedClientRepositoryTests {
 		OAuth2AuthorizedClient authorizedClient1 = new OAuth2AuthorizedClient(this.registration1, this.principalName1,
 				mock(OAuth2AccessToken.class));
 		this.authorizedClientRepository.saveAuthorizedClient(authorizedClient1, null, this.exchange).block();
-
 		OAuth2AuthorizedClient authorizedClient2 = new OAuth2AuthorizedClient(this.registration2, this.principalName1,
 				mock(OAuth2AccessToken.class));
 		this.authorizedClientRepository.saveAuthorizedClient(authorizedClient2, null, this.exchange).block();
-
 		this.authorizedClientRepository.removeAuthorizedClient(this.registrationId1, null, this.exchange).block();
-
 		OAuth2AuthorizedClient loadedAuthorizedClient2 = this.authorizedClientRepository
 				.loadAuthorizedClient(this.registrationId2, null, this.exchange).block();
 		assertThat(loadedAuthorizedClient2).isNotNull();
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/authentication/OAuth2LoginAuthenticationWebFilterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/authentication/OAuth2LoginAuthenticationWebFilterTests.java
index 5f262d97f6..195d8edd7e 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/authentication/OAuth2LoginAuthenticationWebFilterTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/authentication/OAuth2LoginAuthenticationWebFilterTests.java
@@ -81,7 +81,6 @@ public class OAuth2LoginAuthenticationWebFilterTests {
 	@Test
 	public void onAuthenticationSuccessWhenOAuth2LoginAuthenticationTokenThenSavesAuthorizedClient() {
 		this.filter.onAuthenticationSuccess(loginToken(), this.webFilterExchange).block();
-
 		verify(this.authorizedClientRepository).saveAuthorizedClient(any(), any(), any());
 	}
 
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/ClaimAccessorTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/ClaimAccessorTests.java
index 272e74c75c..e0c1524dc7 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/ClaimAccessorTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/ClaimAccessorTests.java
@@ -51,7 +51,6 @@ public class ClaimAccessorTests {
 		Instant expectedClaimValue = Instant.now();
 		String claimName = "date";
 		this.claims.put(claimName, Date.from(expectedClaimValue));
-
 		assertThat(this.claimAccessor.getClaimAsInstant(claimName)).isBetween(expectedClaimValue.minusSeconds(1),
 				expectedClaimValue.plusSeconds(1));
 	}
@@ -62,7 +61,6 @@ public class ClaimAccessorTests {
 		Instant expectedClaimValue = Instant.now();
 		String claimName = "longSeconds";
 		this.claims.put(claimName, expectedClaimValue.getEpochSecond());
-
 		assertThat(this.claimAccessor.getClaimAsInstant(claimName)).isBetween(expectedClaimValue.minusSeconds(1),
 				expectedClaimValue.plusSeconds(1));
 	}
@@ -72,7 +70,6 @@ public class ClaimAccessorTests {
 		Instant expectedClaimValue = Instant.now();
 		String claimName = "instant";
 		this.claims.put(claimName, expectedClaimValue);
-
 		assertThat(this.claimAccessor.getClaimAsInstant(claimName)).isBetween(expectedClaimValue.minusSeconds(1),
 				expectedClaimValue.plusSeconds(1));
 	}
@@ -83,7 +80,6 @@ public class ClaimAccessorTests {
 		Instant expectedClaimValue = Instant.now();
 		String claimName = "integerSeconds";
 		this.claims.put(claimName, Long.valueOf(expectedClaimValue.getEpochSecond()).intValue());
-
 		assertThat(this.claimAccessor.getClaimAsInstant(claimName)).isBetween(expectedClaimValue.minusSeconds(1),
 				expectedClaimValue.plusSeconds(1));
 	}
@@ -94,7 +90,6 @@ public class ClaimAccessorTests {
 		Instant expectedClaimValue = Instant.now();
 		String claimName = "doubleSeconds";
 		this.claims.put(claimName, Long.valueOf(expectedClaimValue.getEpochSecond()).doubleValue());
-
 		assertThat(this.claimAccessor.getClaimAsInstant(claimName)).isBetween(expectedClaimValue.minusSeconds(1),
 				expectedClaimValue.plusSeconds(1));
 	}
@@ -104,7 +99,6 @@ public class ClaimAccessorTests {
 	public void getClaimAsStringWhenValueIsNullThenReturnNull() {
 		String claimName = "claim-with-null-value";
 		this.claims.put(claimName, null);
-
 		assertThat(this.claimAccessor.getClaimAsString(claimName)).isNull();
 	}
 
@@ -120,9 +114,7 @@ public class ClaimAccessorTests {
 		List<String> expectedClaimValue = Arrays.asList("item1", "item2");
 		String claimName = "list";
 		this.claims.put(claimName, expectedClaimValue);
-
 		List<String> actualClaimValue = this.claimAccessor.getClaim(claimName);
-
 		assertThat(actualClaimValue).containsOnlyElementsOf(expectedClaimValue);
 	}
 
@@ -131,9 +123,7 @@ public class ClaimAccessorTests {
 		boolean expectedClaimValue = true;
 		String claimName = "boolean";
 		this.claims.put(claimName, expectedClaimValue);
-
 		boolean actualClaimValue = this.claimAccessor.getClaim(claimName);
-
 		assertThat(actualClaimValue).isEqualTo(expectedClaimValue);
 	}
 
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/DefaultOAuth2AuthenticatedPrincipalTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/DefaultOAuth2AuthenticatedPrincipalTests.java
index 012fc99b46..642d1217d0 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/DefaultOAuth2AuthenticatedPrincipalTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/DefaultOAuth2AuthenticatedPrincipalTests.java
@@ -45,7 +45,6 @@ public class DefaultOAuth2AuthenticatedPrincipalTests {
 	public void constructorWhenAttributesIsNullOrEmptyThenIllegalArgumentException() {
 		assertThatCode(() -> new DefaultOAuth2AuthenticatedPrincipal(null, this.authorities))
 				.isInstanceOf(IllegalArgumentException.class);
-
 		assertThatCode(() -> new DefaultOAuth2AuthenticatedPrincipal(Collections.emptyMap(), this.authorities))
 				.isInstanceOf(IllegalArgumentException.class);
 	}
@@ -55,7 +54,6 @@ public class DefaultOAuth2AuthenticatedPrincipalTests {
 		Collection<? extends GrantedAuthority> authorities = new DefaultOAuth2AuthenticatedPrincipal(this.attributes,
 				null).getAuthorities();
 		assertThat(authorities).isEmpty();
-
 		authorities = new DefaultOAuth2AuthenticatedPrincipal(this.attributes, Collections.emptyList())
 				.getAuthorities();
 		assertThat(authorities).isEmpty();
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/DelegatingOAuth2TokenValidatorTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/DelegatingOAuth2TokenValidatorTests.java
index 1eaf4be167..5e23cec5d9 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/DelegatingOAuth2TokenValidatorTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/DelegatingOAuth2TokenValidatorTests.java
@@ -42,7 +42,6 @@ public class DelegatingOAuth2TokenValidatorTests {
 	public void validateWhenNoValidatorsConfiguredThenReturnsSuccessfulResult() {
 		DelegatingOAuth2TokenValidator<AbstractOAuth2Token> tokenValidator = new DelegatingOAuth2TokenValidator<>();
 		AbstractOAuth2Token token = mock(AbstractOAuth2Token.class);
-
 		assertThat(tokenValidator.validate(token).hasErrors()).isFalse();
 	}
 
@@ -50,16 +49,12 @@ public class DelegatingOAuth2TokenValidatorTests {
 	public void validateWhenAnyValidatorFailsThenReturnsFailureResultContainingDetailFromFailingValidator() {
 		OAuth2TokenValidator<AbstractOAuth2Token> success = mock(OAuth2TokenValidator.class);
 		OAuth2TokenValidator<AbstractOAuth2Token> failure = mock(OAuth2TokenValidator.class);
-
 		given(success.validate(any(AbstractOAuth2Token.class))).willReturn(OAuth2TokenValidatorResult.success());
 		given(failure.validate(any(AbstractOAuth2Token.class))).willReturn(OAuth2TokenValidatorResult.failure(DETAIL));
-
 		DelegatingOAuth2TokenValidator<AbstractOAuth2Token> tokenValidator = new DelegatingOAuth2TokenValidator<>(
 				Arrays.asList(success, failure));
 		AbstractOAuth2Token token = mock(AbstractOAuth2Token.class);
-
 		OAuth2TokenValidatorResult result = tokenValidator.validate(token);
-
 		assertThat(result.hasErrors()).isTrue();
 		assertThat(result.getErrors()).containsExactly(DETAIL);
 	}
@@ -68,20 +63,15 @@ public class DelegatingOAuth2TokenValidatorTests {
 	public void validateWhenMultipleValidatorsFailThenReturnsFailureResultContainingAllDetails() {
 		OAuth2TokenValidator<AbstractOAuth2Token> firstFailure = mock(OAuth2TokenValidator.class);
 		OAuth2TokenValidator<AbstractOAuth2Token> secondFailure = mock(OAuth2TokenValidator.class);
-
 		OAuth2Error otherDetail = new OAuth2Error("another-error");
-
 		given(firstFailure.validate(any(AbstractOAuth2Token.class)))
 				.willReturn(OAuth2TokenValidatorResult.failure(DETAIL));
 		given(secondFailure.validate(any(AbstractOAuth2Token.class)))
 				.willReturn(OAuth2TokenValidatorResult.failure(otherDetail));
-
 		DelegatingOAuth2TokenValidator<AbstractOAuth2Token> tokenValidator = new DelegatingOAuth2TokenValidator<>(
 				firstFailure, secondFailure);
 		AbstractOAuth2Token token = mock(AbstractOAuth2Token.class);
-
 		OAuth2TokenValidatorResult result = tokenValidator.validate(token);
-
 		assertThat(result.hasErrors()).isTrue();
 		assertThat(result.getErrors()).containsExactly(DETAIL, otherDetail);
 	}
@@ -90,16 +80,12 @@ public class DelegatingOAuth2TokenValidatorTests {
 	public void validateWhenAllValidatorsSucceedThenReturnsSuccessfulResult() {
 		OAuth2TokenValidator<AbstractOAuth2Token> firstSuccess = mock(OAuth2TokenValidator.class);
 		OAuth2TokenValidator<AbstractOAuth2Token> secondSuccess = mock(OAuth2TokenValidator.class);
-
 		given(firstSuccess.validate(any(AbstractOAuth2Token.class))).willReturn(OAuth2TokenValidatorResult.success());
 		given(secondSuccess.validate(any(AbstractOAuth2Token.class))).willReturn(OAuth2TokenValidatorResult.success());
-
 		DelegatingOAuth2TokenValidator<AbstractOAuth2Token> tokenValidator = new DelegatingOAuth2TokenValidator<>(
 				Arrays.asList(firstSuccess, secondSuccess));
 		AbstractOAuth2Token token = mock(AbstractOAuth2Token.class);
-
 		OAuth2TokenValidatorResult result = tokenValidator.validate(token);
-
 		assertThat(result.hasErrors()).isFalse();
 		assertThat(result.getErrors()).isEmpty();
 	}
@@ -115,20 +101,15 @@ public class DelegatingOAuth2TokenValidatorTests {
 	public void constructorsWhenInvokedWithSameInputsThenResultInSameOutputs() {
 		OAuth2TokenValidator<AbstractOAuth2Token> firstSuccess = mock(OAuth2TokenValidator.class);
 		OAuth2TokenValidator<AbstractOAuth2Token> secondSuccess = mock(OAuth2TokenValidator.class);
-
 		given(firstSuccess.validate(any(AbstractOAuth2Token.class))).willReturn(OAuth2TokenValidatorResult.success());
 		given(secondSuccess.validate(any(AbstractOAuth2Token.class))).willReturn(OAuth2TokenValidatorResult.success());
-
 		DelegatingOAuth2TokenValidator<AbstractOAuth2Token> firstValidator = new DelegatingOAuth2TokenValidator<>(
 				Arrays.asList(firstSuccess, secondSuccess));
 		DelegatingOAuth2TokenValidator<AbstractOAuth2Token> secondValidator = new DelegatingOAuth2TokenValidator<>(
 				firstSuccess, secondSuccess);
-
 		AbstractOAuth2Token token = mock(AbstractOAuth2Token.class);
-
 		firstValidator.validate(token);
 		secondValidator.validate(token);
-
 		verify(firstSuccess, times(2)).validate(token);
 		verify(secondSuccess, times(2)).validate(token);
 	}
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2AccessTokenTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2AccessTokenTests.java
index 00486cab70..984c1b7804 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2AccessTokenTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2AccessTokenTests.java
@@ -72,7 +72,6 @@ public class OAuth2AccessTokenTests {
 	@Test
 	public void constructorWhenAllParametersProvidedAndValidThenCreated() {
 		OAuth2AccessToken accessToken = new OAuth2AccessToken(TOKEN_TYPE, TOKEN_VALUE, ISSUED_AT, EXPIRES_AT, SCOPES);
-
 		assertThat(accessToken.getTokenType()).isEqualTo(TOKEN_TYPE);
 		assertThat(accessToken.getTokenValue()).isEqualTo(TOKEN_VALUE);
 		assertThat(accessToken.getIssuedAt()).isEqualTo(ISSUED_AT);
@@ -86,7 +85,6 @@ public class OAuth2AccessTokenTests {
 		OAuth2AccessToken accessToken = new OAuth2AccessToken(TOKEN_TYPE, TOKEN_VALUE, ISSUED_AT, EXPIRES_AT, SCOPES);
 		byte[] serialized = SerializationUtils.serialize(accessToken);
 		accessToken = (OAuth2AccessToken) SerializationUtils.deserialize(serialized);
-
 		assertThat(serialized).isNotNull();
 		assertThat(accessToken.getTokenType()).isEqualTo(TOKEN_TYPE);
 		assertThat(accessToken.getTokenValue()).isEqualTo(TOKEN_VALUE);
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2ErrorTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2ErrorTests.java
index 4595dba640..fab4afdc2c 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2ErrorTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2ErrorTests.java
@@ -41,7 +41,6 @@ public class OAuth2ErrorTests {
 	@Test
 	public void constructorWhenAllParametersProvidedAndValidThenCreated() {
 		OAuth2Error error = new OAuth2Error(ERROR_CODE, ERROR_DESCRIPTION, ERROR_URI);
-
 		assertThat(error.getErrorCode()).isEqualTo(ERROR_CODE);
 		assertThat(error.getDescription()).isEqualTo(ERROR_DESCRIPTION);
 		assertThat(error.getUri()).isEqualTo(ERROR_URI);
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2TokenValidatorResultTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2TokenValidatorResultTests.java
index a029dd1bfe..e1aae08a90 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2TokenValidatorResultTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2TokenValidatorResultTests.java
@@ -38,7 +38,6 @@ public class OAuth2TokenValidatorResultTests {
 	@Test
 	public void failureWhenInvokedWithDetailReturnsFailureResultIncludingDetail() {
 		OAuth2TokenValidatorResult failure = OAuth2TokenValidatorResult.failure(DETAIL);
-
 		assertThat(failure.hasErrors()).isTrue();
 		assertThat(failure.getErrors()).containsExactly(DETAIL);
 	}
@@ -46,7 +45,6 @@ public class OAuth2TokenValidatorResultTests {
 	@Test
 	public void failureWhenInvokedWithMultipleDetailsReturnsFailureResultIncludingAll() {
 		OAuth2TokenValidatorResult failure = OAuth2TokenValidatorResult.failure(DETAIL, DETAIL);
-
 		assertThat(failure.hasErrors()).isTrue();
 		assertThat(failure.getErrors()).containsExactly(DETAIL, DETAIL);
 	}
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/converter/ClaimTypeConverterTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/converter/ClaimTypeConverterTests.java
index c295fa2694..d09bff9892 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/converter/ClaimTypeConverterTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/converter/ClaimTypeConverterTests.java
@@ -70,7 +70,6 @@ public class ClaimTypeConverterTests {
 				TypeDescriptor.collection(List.class, TypeDescriptor.valueOf(String.class)));
 		Converter<Object, ?> mapStringObjectConverter = getConverter(TypeDescriptor.map(Map.class,
 				TypeDescriptor.valueOf(String.class), TypeDescriptor.valueOf(Object.class)));
-
 		Map<String, Converter<Object, ?>> claimTypeConverters = new HashMap<>();
 		claimTypeConverters.put(STRING_CLAIM, stringConverter);
 		claimTypeConverters.put(BOOLEAN_CLAIM, booleanConverter);
@@ -117,7 +116,6 @@ public class ClaimTypeConverterTests {
 		mapIntegerObject.put(1, "value1");
 		Map<String, Object> mapStringObject = new HashMap<>();
 		mapStringObject.put("1", "value1");
-
 		Map<String, Object> claims = new HashMap<>();
 		claims.put(STRING_CLAIM, Boolean.TRUE);
 		claims.put(BOOLEAN_CLAIM, "true");
@@ -126,9 +124,7 @@ public class ClaimTypeConverterTests {
 		claims.put(COLLECTION_STRING_CLAIM, listNumber);
 		claims.put(LIST_STRING_CLAIM, listNumber);
 		claims.put(MAP_STRING_OBJECT_CLAIM, mapIntegerObject);
-
 		claims = this.claimTypeConverter.convert(claims);
-
 		assertThat(claims.get(STRING_CLAIM)).isEqualTo("true");
 		assertThat(claims.get(BOOLEAN_CLAIM)).isEqualTo(Boolean.TRUE);
 		assertThat(claims.get(INSTANT_CLAIM)).isEqualTo(instant);
@@ -147,7 +143,6 @@ public class ClaimTypeConverterTests {
 		List<String> listString = Lists.list("1", "2", "3", "4");
 		Map<String, Object> mapStringObject = new HashMap<>();
 		mapStringObject.put("1", "value1");
-
 		Map<String, Object> claims = new HashMap<>();
 		claims.put(STRING_CLAIM, string);
 		claims.put(BOOLEAN_CLAIM, bool);
@@ -156,9 +151,7 @@ public class ClaimTypeConverterTests {
 		claims.put(COLLECTION_STRING_CLAIM, listString);
 		claims.put(LIST_STRING_CLAIM, listString);
 		claims.put(MAP_STRING_OBJECT_CLAIM, mapStringObject);
-
 		claims = this.claimTypeConverter.convert(claims);
-
 		assertThat(claims.get(STRING_CLAIM)).isSameAs(string);
 		assertThat(claims.get(BOOLEAN_CLAIM)).isSameAs(bool);
 		assertThat(claims.get(INSTANT_CLAIM)).isSameAs(instant);
@@ -172,9 +165,7 @@ public class ClaimTypeConverterTests {
 	public void convertWhenConverterNotAvailableThenDoesNotConvert() {
 		Map<String, Object> claims = new HashMap<>();
 		claims.put("claim1", "value1");
-
 		claims = this.claimTypeConverter.convert(claims);
-
 		assertThat(claims.get("claim1")).isSameAs("value1");
 	}
 
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/MapOAuth2AccessTokenResponseConverterTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/MapOAuth2AccessTokenResponseConverterTests.java
index 8aa09301b4..715f4efa77 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/MapOAuth2AccessTokenResponseConverterTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/MapOAuth2AccessTokenResponseConverterTests.java
@@ -63,11 +63,9 @@ public class MapOAuth2AccessTokenResponseConverterTests {
 		Assert.assertTrue(scopes.contains("read"));
 		Assert.assertTrue(scopes.contains("write"));
 		Assert.assertEquals(3600, Duration.between(accessToken.getIssuedAt(), accessToken.getExpiresAt()).getSeconds());
-
 		OAuth2RefreshToken refreshToken = converted.getRefreshToken();
 		Assert.assertNotNull(refreshToken);
 		Assert.assertEquals("refresh-token-1234", refreshToken.getTokenValue());
-
 		Map<String, Object> additionalParameters = converted.getAdditionalParameters();
 		Assert.assertNotNull(additionalParameters);
 		Assert.assertEquals(2, additionalParameters.size());
@@ -88,12 +86,9 @@ public class MapOAuth2AccessTokenResponseConverterTests {
 		Set<String> scopes = accessToken.getScopes();
 		Assert.assertNotNull(scopes);
 		Assert.assertEquals(0, scopes.size());
-
 		Assert.assertEquals(1, Duration.between(accessToken.getIssuedAt(), accessToken.getExpiresAt()).getSeconds());
-
 		OAuth2RefreshToken refreshToken = converted.getRefreshToken();
 		Assert.assertNull(refreshToken);
-
 		Map<String, Object> additionalParameters = converted.getAdditionalParameters();
 		Assert.assertNotNull(additionalParameters);
 		Assert.assertEquals(0, additionalParameters.size());
@@ -113,12 +108,9 @@ public class MapOAuth2AccessTokenResponseConverterTests {
 		Set<String> scopes = accessToken.getScopes();
 		Assert.assertNotNull(scopes);
 		Assert.assertEquals(0, scopes.size());
-
 		Assert.assertEquals(1, Duration.between(accessToken.getIssuedAt(), accessToken.getExpiresAt()).getSeconds());
-
 		OAuth2RefreshToken refreshToken = converted.getRefreshToken();
 		Assert.assertNull(refreshToken);
-
 		Map<String, Object> additionalParameters = converted.getAdditionalParameters();
 		Assert.assertNotNull(additionalParameters);
 		Assert.assertEquals(0, additionalParameters.size());
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseMapConverterTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseMapConverterTests.java
index 7be9dd9717..1fb64a63f6 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseMapConverterTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseMapConverterTests.java
@@ -46,17 +46,14 @@ public class OAuth2AccessTokenResponseMapConverterTests {
 		Map<String, Object> additionalParameters = new HashMap<>();
 		additionalParameters.put("custom_parameter_1", "custom-value-1");
 		additionalParameters.put("custom_parameter_2", "custom-value-2");
-
 		Set<String> scopes = new HashSet<>();
 		scopes.add("read");
 		scopes.add("write");
-
 		OAuth2AccessTokenResponse build = OAuth2AccessTokenResponse.withToken("access-token-value-1234").expiresIn(3699)
 				.additionalParameters(additionalParameters).refreshToken("refresh-token-value-1234").scopes(scopes)
 				.tokenType(OAuth2AccessToken.TokenType.BEARER).build();
 		Map<String, String> result = this.messageConverter.convert(build);
 		Assert.assertEquals(7, result.size());
-
 		Assert.assertEquals("access-token-value-1234", result.get("access_token"));
 		Assert.assertEquals("refresh-token-value-1234", result.get("refresh_token"));
 		Assert.assertEquals("read write", result.get("scope"));
@@ -72,7 +69,6 @@ public class OAuth2AccessTokenResponseMapConverterTests {
 				.tokenType(OAuth2AccessToken.TokenType.BEARER).build();
 		Map<String, String> result = this.messageConverter.convert(build);
 		Assert.assertEquals(3, result.size());
-
 		Assert.assertEquals("access-token-value-1234", result.get("access_token"));
 		Assert.assertEquals("Bearer", result.get("token_type"));
 		Assert.assertNotNull(result.get("expires_in"));
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseTests.java
index 047dcc4c18..a9934d43b1 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseTests.java
@@ -77,11 +77,9 @@ public class OAuth2AccessTokenResponseTests {
 		Map<String, Object> additionalParameters = new HashMap<>();
 		additionalParameters.put("param1", "value1");
 		additionalParameters.put("param2", "value2");
-
 		OAuth2AccessTokenResponse tokenResponse = OAuth2AccessTokenResponse.withToken(TOKEN_VALUE)
 				.tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(expiresAt.toEpochMilli()).scopes(scopes)
 				.refreshToken(REFRESH_TOKEN_VALUE).additionalParameters(additionalParameters).build();
-
 		assertThat(tokenResponse.getAccessToken()).isNotNull();
 		assertThat(tokenResponse.getAccessToken().getTokenValue()).isEqualTo(TOKEN_VALUE);
 		assertThat(tokenResponse.getAccessToken().getTokenType()).isEqualTo(OAuth2AccessToken.TokenType.BEARER);
@@ -99,13 +97,10 @@ public class OAuth2AccessTokenResponseTests {
 		Map<String, Object> additionalParameters = new HashMap<>();
 		additionalParameters.put("param1", "value1");
 		additionalParameters.put("param2", "value2");
-
 		OAuth2AccessTokenResponse tokenResponse = OAuth2AccessTokenResponse.withToken(TOKEN_VALUE)
 				.tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(expiresAt.toEpochMilli()).scopes(scopes)
 				.refreshToken(REFRESH_TOKEN_VALUE).additionalParameters(additionalParameters).build();
-
 		OAuth2AccessTokenResponse withResponse = OAuth2AccessTokenResponse.withResponse(tokenResponse).build();
-
 		assertThat(withResponse.getAccessToken().getTokenValue())
 				.isEqualTo(tokenResponse.getAccessToken().getTokenValue());
 		assertThat(withResponse.getAccessToken().getTokenType()).isEqualTo(OAuth2AccessToken.TokenType.BEARER);
@@ -125,13 +120,10 @@ public class OAuth2AccessTokenResponseTests {
 		Map<String, Object> additionalParameters = new HashMap<>();
 		additionalParameters.put("param1", "value1");
 		additionalParameters.put("param2", "value2");
-
 		OAuth2AccessTokenResponse tokenResponse = OAuth2AccessTokenResponse.withToken(TOKEN_VALUE)
 				.tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(expiresAt.toEpochMilli()).scopes(scopes)
 				.additionalParameters(additionalParameters).build();
-
 		OAuth2AccessTokenResponse withResponse = OAuth2AccessTokenResponse.withResponse(tokenResponse).build();
-
 		assertThat(withResponse.getRefreshToken()).isNull();
 	}
 
@@ -139,11 +131,9 @@ public class OAuth2AccessTokenResponseTests {
 	public void buildWhenResponseAndExpiresInThenExpiresAtEqualToIssuedAtPlusExpiresIn() {
 		OAuth2AccessTokenResponse tokenResponse = OAuth2AccessTokenResponse.withToken(TOKEN_VALUE)
 				.tokenType(OAuth2AccessToken.TokenType.BEARER).build();
-
 		long expiresIn = 30;
 		OAuth2AccessTokenResponse withResponse = OAuth2AccessTokenResponse.withResponse(tokenResponse)
 				.expiresIn(expiresIn).build();
-
 		assertThat(withResponse.getAccessToken().getExpiresAt())
 				.isEqualTo(withResponse.getAccessToken().getIssuedAt().plusSeconds(expiresIn));
 	}
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequestTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequestTests.java
index e6c64edd15..3855e1eae8 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequestTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequestTests.java
@@ -120,16 +120,13 @@ public class OAuth2AuthorizationRequestTests {
 		Map<String, Object> additionalParameters = new HashMap<>();
 		additionalParameters.put("param1", "value1");
 		additionalParameters.put("param2", "value2");
-
 		Map<String, Object> attributes = new HashMap<>();
 		attributes.put("attribute1", "value1");
 		attributes.put("attribute2", "value2");
-
 		OAuth2AuthorizationRequest authorizationRequest = OAuth2AuthorizationRequest.authorizationCode()
 				.authorizationUri(AUTHORIZATION_URI).clientId(CLIENT_ID).redirectUri(REDIRECT_URI).scopes(SCOPES)
 				.state(STATE).additionalParameters(additionalParameters).attributes(attributes)
 				.authorizationRequestUri(AUTHORIZATION_URI).build();
-
 		assertThat(authorizationRequest.getAuthorizationUri()).isEqualTo(AUTHORIZATION_URI);
 		assertThat(authorizationRequest.getGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
 		assertThat(authorizationRequest.getResponseType()).isEqualTo(OAuth2AuthorizationResponseType.CODE);
@@ -147,7 +144,6 @@ public class OAuth2AuthorizationRequestTests {
 		OAuth2AuthorizationRequest authorizationRequest = OAuth2AuthorizationRequest.implicit()
 				.authorizationUri(AUTHORIZATION_URI).clientId(CLIENT_ID).redirectUri(REDIRECT_URI).scopes(SCOPES)
 				.state(STATE).build();
-
 		assertThat(authorizationRequest.getAuthorizationRequestUri())
 				.isEqualTo("https://provider.com/oauth2/authorize?" + "response_type=token&client_id=client-id&"
 						+ "scope=scope1%20scope2&state=state&" + "redirect_uri=https://example.com");
@@ -174,11 +170,9 @@ public class OAuth2AuthorizationRequestTests {
 		Map<String, Object> additionalParameters = new HashMap<>();
 		additionalParameters.put("param1", "value1");
 		additionalParameters.put("param2", "value2");
-
 		OAuth2AuthorizationRequest authorizationRequest = OAuth2AuthorizationRequest.authorizationCode()
 				.authorizationUri(AUTHORIZATION_URI).clientId(CLIENT_ID).redirectUri(REDIRECT_URI).scopes(SCOPES)
 				.state(STATE).additionalParameters(additionalParameters).build();
-
 		assertThat(authorizationRequest.getAuthorizationRequestUri()).isNotNull();
 		assertThat(authorizationRequest.getAuthorizationRequestUri()).isEqualTo("https://provider.com/oauth2/authorize?"
 				+ "response_type=code&client_id=client-id&" + "scope=scope1%20scope2&state=state&"
@@ -189,7 +183,6 @@ public class OAuth2AuthorizationRequestTests {
 	public void buildWhenRequiredParametersSetThenAuthorizationRequestUriIncludesRequiredParametersOnly() {
 		OAuth2AuthorizationRequest authorizationRequest = OAuth2AuthorizationRequest.authorizationCode()
 				.authorizationUri(AUTHORIZATION_URI).clientId(CLIENT_ID).build();
-
 		assertThat(authorizationRequest.getAuthorizationRequestUri())
 				.isEqualTo("https://provider.com/oauth2/authorize?response_type=code&client_id=client-id");
 	}
@@ -204,18 +197,14 @@ public class OAuth2AuthorizationRequestTests {
 		Map<String, Object> additionalParameters = new HashMap<>();
 		additionalParameters.put("param1", "value1");
 		additionalParameters.put("param2", "value2");
-
 		Map<String, Object> attributes = new HashMap<>();
 		attributes.put("attribute1", "value1");
 		attributes.put("attribute2", "value2");
-
 		OAuth2AuthorizationRequest authorizationRequest = OAuth2AuthorizationRequest.authorizationCode()
 				.authorizationUri(AUTHORIZATION_URI).clientId(CLIENT_ID).redirectUri(REDIRECT_URI).scopes(SCOPES)
 				.state(STATE).additionalParameters(additionalParameters).attributes(attributes).build();
-
 		OAuth2AuthorizationRequest authorizationRequestCopy = OAuth2AuthorizationRequest.from(authorizationRequest)
 				.build();
-
 		assertThat(authorizationRequestCopy.getAuthorizationUri())
 				.isEqualTo(authorizationRequest.getAuthorizationUri());
 		assertThat(authorizationRequestCopy.getGrantType()).isEqualTo(authorizationRequest.getGrantType());
@@ -235,7 +224,6 @@ public class OAuth2AuthorizationRequestTests {
 	public void buildWhenAuthorizationUriIncludesQueryParameterThenAuthorizationRequestUrlIncludesIt() {
 		OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request()
 				.authorizationUri(AUTHORIZATION_URI + "?param1=value1&param2=value2").build();
-
 		assertThat(authorizationRequest.getAuthorizationRequestUri()).isNotNull();
 		assertThat(authorizationRequest.getAuthorizationRequestUri()).isEqualTo("https://provider.com/oauth2/authorize?"
 				+ "param1=value1&param2=value2&" + "response_type=code&client_id=client-id&state=state&"
@@ -248,7 +236,6 @@ public class OAuth2AuthorizationRequestTests {
 				.authorizationUri(AUTHORIZATION_URI
 						+ "?claims=%7B%22userinfo%22%3A%7B%22email_verified%22%3A%7B%22essential%22%3Atrue%7D%7D%7D")
 				.build();
-
 		assertThat(authorizationRequest.getAuthorizationRequestUri()).isNotNull();
 		assertThat(authorizationRequest.getAuthorizationRequestUri()).isEqualTo("https://provider.com/oauth2/authorize?"
 				+ "claims=%7B%22userinfo%22%3A%7B%22email_verified%22%3A%7B%22essential%22%3Atrue%7D%7D%7D&"
@@ -264,7 +251,6 @@ public class OAuth2AuthorizationRequestTests {
 		additionalParameters.put('\u00e2' + "ge", "4" + '\u00bd');
 		OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request()
 				.additionalParameters(additionalParameters).build();
-
 		assertThat(authorizationRequest.getAuthorizationRequestUri()).isNotNull();
 		assertThat(authorizationRequest.getAuthorizationRequestUri()).isEqualTo(
 				"https://example.com/login/oauth/authorize?" + "response_type=code&client_id=client-id&state=state&"
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/http/converter/OAuth2AccessTokenResponseHttpMessageConverterTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/http/converter/OAuth2AccessTokenResponseHttpMessageConverterTests.java
index 2359547241..3a6f98a92f 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/http/converter/OAuth2AccessTokenResponseHttpMessageConverterTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/http/converter/OAuth2AccessTokenResponseHttpMessageConverterTests.java
@@ -80,12 +80,9 @@ public class OAuth2AccessTokenResponseHttpMessageConverterTests {
 				+ "   \"scope\": \"read write\",\n" + "   \"refresh_token\": \"refresh-token-1234\",\n"
 				+ "   \"custom_parameter_1\": \"custom-value-1\",\n" + "   \"custom_parameter_2\": \"custom-value-2\"\n"
 				+ "}\n";
-
 		MockClientHttpResponse response = new MockClientHttpResponse(tokenResponse.getBytes(), HttpStatus.OK);
-
 		OAuth2AccessTokenResponse accessTokenResponse = this.messageConverter
 				.readInternal(OAuth2AccessTokenResponse.class, response);
-
 		assertThat(accessTokenResponse.getAccessToken().getTokenValue()).isEqualTo("access-token-1234");
 		assertThat(accessTokenResponse.getAccessToken().getTokenType()).isEqualTo(OAuth2AccessToken.TokenType.BEARER);
 		assertThat(accessTokenResponse.getAccessToken().getExpiresAt())
@@ -94,7 +91,6 @@ public class OAuth2AccessTokenResponseHttpMessageConverterTests {
 		assertThat(accessTokenResponse.getRefreshToken().getTokenValue()).isEqualTo("refresh-token-1234");
 		assertThat(accessTokenResponse.getAdditionalParameters()).containsExactly(
 				entry("custom_parameter_1", "custom-value-1"), entry("custom_parameter_2", "custom-value-2"));
-
 	}
 
 	// gh-6463
@@ -107,12 +103,9 @@ public class OAuth2AccessTokenResponseHttpMessageConverterTests {
 				+ "   \"custom_object_2\": [\"value1\", \"value2\"],\n"
 				+ "   \"custom_parameter_1\": \"custom-value-1\",\n" + "   \"custom_parameter_2\": \"custom-value-2\"\n"
 				+ "}\n";
-
 		MockClientHttpResponse response = new MockClientHttpResponse(tokenResponse.getBytes(), HttpStatus.OK);
-
 		OAuth2AccessTokenResponse accessTokenResponse = this.messageConverter
 				.readInternal(OAuth2AccessTokenResponse.class, response);
-
 		assertThat(accessTokenResponse.getAccessToken().getTokenValue()).isEqualTo("access-token-1234");
 		assertThat(accessTokenResponse.getAccessToken().getTokenType()).isEqualTo(OAuth2AccessToken.TokenType.BEARER);
 		assertThat(accessTokenResponse.getAccessToken().getExpiresAt())
@@ -130,12 +123,9 @@ public class OAuth2AccessTokenResponseHttpMessageConverterTests {
 		String tokenResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
 				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": 3600,\n" + "   \"scope\": null,\n"
 				+ "   \"refresh_token\": \"refresh-token-1234\"\n" + "}\n";
-
 		MockClientHttpResponse response = new MockClientHttpResponse(tokenResponse.getBytes(), HttpStatus.OK);
-
 		OAuth2AccessTokenResponse accessTokenResponse = this.messageConverter
 				.readInternal(OAuth2AccessTokenResponse.class, response);
-
 		assertThat(accessTokenResponse.getAccessToken().getTokenValue()).isEqualTo("access-token-1234");
 		assertThat(accessTokenResponse.getAccessToken().getTokenType()).isEqualTo(OAuth2AccessToken.TokenType.BEARER);
 		assertThat(accessTokenResponse.getAccessToken().getExpiresAt())
@@ -149,11 +139,8 @@ public class OAuth2AccessTokenResponseHttpMessageConverterTests {
 		Converter tokenResponseConverter = mock(Converter.class);
 		given(tokenResponseConverter.convert(any())).willThrow(RuntimeException.class);
 		this.messageConverter.setTokenResponseConverter(tokenResponseConverter);
-
 		String tokenResponse = "{}";
-
 		MockClientHttpResponse response = new MockClientHttpResponse(tokenResponse.getBytes(), HttpStatus.OK);
-
 		assertThatThrownBy(() -> this.messageConverter.readInternal(OAuth2AccessTokenResponse.class, response))
 				.isInstanceOf(HttpMessageNotReadableException.class)
 				.hasMessageContaining("An error occurred reading the OAuth 2.0 Access Token Response");
@@ -166,15 +153,12 @@ public class OAuth2AccessTokenResponseHttpMessageConverterTests {
 		Map<String, Object> additionalParameters = new HashMap<>();
 		additionalParameters.put("custom_parameter_1", "custom-value-1");
 		additionalParameters.put("custom_parameter_2", "custom-value-2");
-
 		OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("access-token-1234")
 				.tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(expiresAt.toEpochMilli()).scopes(scopes)
 				.refreshToken("refresh-token-1234").additionalParameters(additionalParameters).build();
-
 		MockHttpOutputMessage outputMessage = new MockHttpOutputMessage();
 		this.messageConverter.writeInternal(accessTokenResponse, outputMessage);
 		String tokenResponse = outputMessage.getBodyAsString();
-
 		assertThat(tokenResponse).contains("\"access_token\":\"access-token-1234\"");
 		assertThat(tokenResponse).contains("\"token_type\":\"Bearer\"");
 		assertThat(tokenResponse).contains("\"expires_in\"");
@@ -189,13 +173,10 @@ public class OAuth2AccessTokenResponseHttpMessageConverterTests {
 		Converter tokenResponseParametersConverter = mock(Converter.class);
 		given(tokenResponseParametersConverter.convert(any())).willThrow(RuntimeException.class);
 		this.messageConverter.setTokenResponseParametersConverter(tokenResponseParametersConverter);
-
 		OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("access-token-1234")
 				.tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(Instant.now().plusSeconds(3600).toEpochMilli())
 				.build();
-
 		MockHttpOutputMessage outputMessage = new MockHttpOutputMessage();
-
 		assertThatThrownBy(() -> this.messageConverter.writeInternal(accessTokenResponse, outputMessage))
 				.isInstanceOf(HttpMessageNotWritableException.class)
 				.hasMessageContaining("An error occurred writing the OAuth 2.0 Access Token Response");
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/http/converter/OAuth2ErrorHttpMessageConverterTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/http/converter/OAuth2ErrorHttpMessageConverterTests.java
index 783f2f4de3..0e9dc1ad14 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/http/converter/OAuth2ErrorHttpMessageConverterTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/http/converter/OAuth2ErrorHttpMessageConverterTests.java
@@ -69,9 +69,7 @@ public class OAuth2ErrorHttpMessageConverterTests {
 		String errorResponse = "{\n" + "	\"error\": \"unauthorized_client\",\n"
 				+ "   \"error_description\": \"The client is not authorized\",\n"
 				+ "   \"error_uri\": \"https://tools.ietf.org/html/rfc6749#section-5.2\"\n" + "}\n";
-
 		MockClientHttpResponse response = new MockClientHttpResponse(errorResponse.getBytes(), HttpStatus.BAD_REQUEST);
-
 		OAuth2Error oauth2Error = this.messageConverter.readInternal(OAuth2Error.class, response);
 		assertThat(oauth2Error.getErrorCode()).isEqualTo("unauthorized_client");
 		assertThat(oauth2Error.getDescription()).isEqualTo("The client is not authorized");
@@ -84,9 +82,7 @@ public class OAuth2ErrorHttpMessageConverterTests {
 		String errorResponse = "{\n" + "	\"error\": \"unauthorized_client\",\n"
 				+ "   \"error_description\": \"The client is not authorized\",\n" + "   \"error_codes\": [65001],\n"
 				+ "   \"error_uri\": \"https://tools.ietf.org/html/rfc6749#section-5.2\"\n" + "}\n";
-
 		MockClientHttpResponse response = new MockClientHttpResponse(errorResponse.getBytes(), HttpStatus.BAD_REQUEST);
-
 		OAuth2Error oauth2Error = this.messageConverter.readInternal(OAuth2Error.class, response);
 		assertThat(oauth2Error.getErrorCode()).isEqualTo("unauthorized_client");
 		assertThat(oauth2Error.getDescription()).isEqualTo("The client is not authorized");
@@ -98,11 +94,8 @@ public class OAuth2ErrorHttpMessageConverterTests {
 		Converter errorConverter = mock(Converter.class);
 		given(errorConverter.convert(any())).willThrow(RuntimeException.class);
 		this.messageConverter.setErrorConverter(errorConverter);
-
 		String errorResponse = "{}";
-
 		MockClientHttpResponse response = new MockClientHttpResponse(errorResponse.getBytes(), HttpStatus.BAD_REQUEST);
-
 		assertThatThrownBy(() -> this.messageConverter.readInternal(OAuth2Error.class, response))
 				.isInstanceOf(HttpMessageNotReadableException.class)
 				.hasMessageContaining("An error occurred reading the OAuth 2.0 Error");
@@ -112,11 +105,9 @@ public class OAuth2ErrorHttpMessageConverterTests {
 	public void writeInternalWhenOAuth2ErrorThenWriteErrorResponse() throws Exception {
 		OAuth2Error oauth2Error = new OAuth2Error("unauthorized_client", "The client is not authorized",
 				"https://tools.ietf.org/html/rfc6749#section-5.2");
-
 		MockHttpOutputMessage outputMessage = new MockHttpOutputMessage();
 		this.messageConverter.writeInternal(oauth2Error, outputMessage);
 		String errorResponse = outputMessage.getBodyAsString();
-
 		assertThat(errorResponse).contains("\"error\":\"unauthorized_client\"");
 		assertThat(errorResponse).contains("\"error_description\":\"The client is not authorized\"");
 		assertThat(errorResponse).contains("\"error_uri\":\"https://tools.ietf.org/html/rfc6749#section-5.2\"");
@@ -127,12 +118,9 @@ public class OAuth2ErrorHttpMessageConverterTests {
 		Converter errorParametersConverter = mock(Converter.class);
 		given(errorParametersConverter.convert(any())).willThrow(RuntimeException.class);
 		this.messageConverter.setErrorParametersConverter(errorParametersConverter);
-
 		OAuth2Error oauth2Error = new OAuth2Error("unauthorized_client", "The client is not authorized",
 				"https://tools.ietf.org/html/rfc6749#section-5.2");
-
 		MockHttpOutputMessage outputMessage = new MockHttpOutputMessage();
-
 		assertThatThrownBy(() -> this.messageConverter.writeInternal(oauth2Error, outputMessage))
 				.isInstanceOf(HttpMessageNotWritableException.class)
 				.hasMessageContaining("An error occurred writing the OAuth 2.0 Error");
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/DefaultAddressStandardClaimTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/DefaultAddressStandardClaimTests.java
index d4f2ae75e0..ebe7aa9919 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/DefaultAddressStandardClaimTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/DefaultAddressStandardClaimTests.java
@@ -48,7 +48,6 @@ public class DefaultAddressStandardClaimTests {
 		AddressStandardClaim addressStandardClaim = new DefaultAddressStandardClaim.Builder().formatted(FORMATTED)
 				.streetAddress(STREET_ADDRESS).locality(LOCALITY).region(REGION).postalCode(POSTAL_CODE)
 				.country(COUNTRY).build();
-
 		assertThat(addressStandardClaim.getFormatted()).isEqualTo(FORMATTED);
 		assertThat(addressStandardClaim.getStreetAddress()).isEqualTo(STREET_ADDRESS);
 		assertThat(addressStandardClaim.getLocality()).isEqualTo(LOCALITY);
@@ -66,9 +65,7 @@ public class DefaultAddressStandardClaimTests {
 		addressFields.put(REGION_FIELD_NAME, REGION);
 		addressFields.put(POSTAL_CODE_FIELD_NAME, POSTAL_CODE);
 		addressFields.put(COUNTRY_FIELD_NAME, COUNTRY);
-
 		AddressStandardClaim addressStandardClaim = new DefaultAddressStandardClaim.Builder(addressFields).build();
-
 		assertThat(addressStandardClaim.getFormatted()).isEqualTo(FORMATTED);
 		assertThat(addressStandardClaim.getStreetAddress()).isEqualTo(STREET_ADDRESS);
 		assertThat(addressStandardClaim.getLocality()).isEqualTo(LOCALITY);
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcIdTokenBuilderTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcIdTokenBuilderTests.java
index dc9b96c0cf..adcce05236 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcIdTokenBuilderTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcIdTokenBuilderTests.java
@@ -31,16 +31,12 @@ public class OidcIdTokenBuilderTests {
 	@Test
 	public void buildWhenCalledTwiceThenGeneratesTwoOidcIdTokens() {
 		OidcIdToken.Builder idTokenBuilder = OidcIdToken.withTokenValue("token");
-
 		OidcIdToken first = idTokenBuilder.tokenValue("V1").claim("TEST_CLAIM_1", "C1").build();
-
 		OidcIdToken second = idTokenBuilder.tokenValue("V2").claim("TEST_CLAIM_1", "C2").claim("TEST_CLAIM_2", "C3")
 				.build();
-
 		assertThat(first.getClaims()).hasSize(1);
 		assertThat(first.getClaims().get("TEST_CLAIM_1")).isEqualTo("C1");
 		assertThat(first.getTokenValue()).isEqualTo("V1");
-
 		assertThat(second.getClaims()).hasSize(2);
 		assertThat(second.getClaims().get("TEST_CLAIM_1")).isEqualTo("C2");
 		assertThat(second.getClaims().get("TEST_CLAIM_2")).isEqualTo("C3");
@@ -50,15 +46,11 @@ public class OidcIdTokenBuilderTests {
 	@Test
 	public void expiresAtWhenUsingGenericOrNamedClaimMethodRequiresInstant() {
 		OidcIdToken.Builder idTokenBuilder = OidcIdToken.withTokenValue("token");
-
 		Instant now = Instant.now();
-
 		OidcIdToken idToken = idTokenBuilder.expiresAt(now).build();
 		assertThat(idToken.getExpiresAt()).isSameAs(now);
-
 		idToken = idTokenBuilder.expiresAt(now).build();
 		assertThat(idToken.getExpiresAt()).isSameAs(now);
-
 		assertThatCode(() -> idTokenBuilder.claim(IdTokenClaimNames.EXP, "not an instant").build())
 				.isInstanceOf(IllegalArgumentException.class);
 	}
@@ -66,15 +58,11 @@ public class OidcIdTokenBuilderTests {
 	@Test
 	public void issuedAtWhenUsingGenericOrNamedClaimMethodRequiresInstant() {
 		OidcIdToken.Builder idTokenBuilder = OidcIdToken.withTokenValue("token");
-
 		Instant now = Instant.now();
-
 		OidcIdToken idToken = idTokenBuilder.issuedAt(now).build();
 		assertThat(idToken.getIssuedAt()).isSameAs(now);
-
 		idToken = idTokenBuilder.issuedAt(now).build();
 		assertThat(idToken.getIssuedAt()).isSameAs(now);
-
 		assertThatCode(() -> idTokenBuilder.claim(IdTokenClaimNames.IAT, "not an instant").build())
 				.isInstanceOf(IllegalArgumentException.class);
 	}
@@ -82,13 +70,10 @@ public class OidcIdTokenBuilderTests {
 	@Test
 	public void subjectWhenUsingGenericOrNamedClaimMethodThenLastOneWins() {
 		OidcIdToken.Builder idTokenBuilder = OidcIdToken.withTokenValue("token");
-
 		String generic = new String("sub");
 		String named = new String("sub");
-
 		OidcIdToken idToken = idTokenBuilder.subject(named).claim(IdTokenClaimNames.SUB, generic).build();
 		assertThat(idToken.getSubject()).isSameAs(generic);
-
 		idToken = idTokenBuilder.claim(IdTokenClaimNames.SUB, generic).subject(named).build();
 		assertThat(idToken.getSubject()).isSameAs(named);
 	}
@@ -96,7 +81,6 @@ public class OidcIdTokenBuilderTests {
 	@Test
 	public void claimsWhenRemovingAClaimThenIsNotPresent() {
 		OidcIdToken.Builder idTokenBuilder = OidcIdToken.withTokenValue("token").claim("needs", "a claim");
-
 		OidcIdToken idToken = idTokenBuilder.subject("sub").claims((claims) -> claims.remove(IdTokenClaimNames.SUB))
 				.build();
 		assertThat(idToken.getSubject()).isNull();
@@ -105,11 +89,9 @@ public class OidcIdTokenBuilderTests {
 	@Test
 	public void claimsWhenAddingAClaimThenIsPresent() {
 		OidcIdToken.Builder idTokenBuilder = OidcIdToken.withTokenValue("token");
-
 		String name = new String("name");
 		String value = new String("value");
 		OidcIdToken idToken = idTokenBuilder.claims((claims) -> claims.put(name, value)).build();
-
 		assertThat(idToken.getClaims()).hasSize(1);
 		assertThat(idToken.getClaims().get(name)).isSameAs(value);
 	}
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcIdTokenTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcIdTokenTests.java
index 9e43b0449a..4f795c6f95 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcIdTokenTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcIdTokenTests.java
@@ -85,7 +85,6 @@ public class OidcIdTokenTests {
 	private static final Map<String, Object> CLAIMS;
 
 	private static final String ID_TOKEN_VALUE = "id-token-value";
-
 	static {
 		CLAIMS = new HashMap<>();
 		CLAIMS.put(ISS_CLAIM, ISS_VALUE);
@@ -117,7 +116,6 @@ public class OidcIdTokenTests {
 	public void constructorWhenParametersProvidedAndValidThenCreated() {
 		OidcIdToken idToken = new OidcIdToken(ID_TOKEN_VALUE, Instant.ofEpochMilli(IAT_VALUE),
 				Instant.ofEpochMilli(EXP_VALUE), CLAIMS);
-
 		assertThat(idToken.getClaims()).isEqualTo(CLAIMS);
 		assertThat(idToken.getTokenValue()).isEqualTo(ID_TOKEN_VALUE);
 		assertThat(idToken.getIssuer().toString()).isEqualTo(ISS_VALUE);
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcUserInfoBuilderTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcUserInfoBuilderTests.java
index fe5a579734..8877139e0f 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcUserInfoBuilderTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcUserInfoBuilderTests.java
@@ -28,14 +28,10 @@ public class OidcUserInfoBuilderTests {
 	@Test
 	public void buildWhenCalledTwiceThenGeneratesTwoOidcUserInfos() {
 		OidcUserInfo.Builder userInfoBuilder = OidcUserInfo.builder();
-
 		OidcUserInfo first = userInfoBuilder.claim("TEST_CLAIM_1", "C1").build();
-
 		OidcUserInfo second = userInfoBuilder.claim("TEST_CLAIM_1", "C2").claim("TEST_CLAIM_2", "C3").build();
-
 		assertThat(first.getClaims()).hasSize(1);
 		assertThat(first.getClaims().get("TEST_CLAIM_1")).isEqualTo("C1");
-
 		assertThat(second.getClaims()).hasSize(2);
 		assertThat(second.getClaims().get("TEST_CLAIM_1")).isEqualTo("C2");
 		assertThat(second.getClaims().get("TEST_CLAIM_2")).isEqualTo("C3");
@@ -44,13 +40,10 @@ public class OidcUserInfoBuilderTests {
 	@Test
 	public void subjectWhenUsingGenericOrNamedClaimMethodThenLastOneWins() {
 		OidcUserInfo.Builder userInfoBuilder = OidcUserInfo.builder();
-
 		String generic = new String("sub");
 		String named = new String("sub");
-
 		OidcUserInfo userInfo = userInfoBuilder.subject(named).claim(IdTokenClaimNames.SUB, generic).build();
 		assertThat(userInfo.getSubject()).isSameAs(generic);
-
 		userInfo = userInfoBuilder.claim(IdTokenClaimNames.SUB, generic).subject(named).build();
 		assertThat(userInfo.getSubject()).isSameAs(named);
 	}
@@ -58,7 +51,6 @@ public class OidcUserInfoBuilderTests {
 	@Test
 	public void claimsWhenRemovingAClaimThenIsNotPresent() {
 		OidcUserInfo.Builder userInfoBuilder = OidcUserInfo.builder().claim("needs", "a claim");
-
 		OidcUserInfo userInfo = userInfoBuilder.subject("sub").claims((claims) -> claims.remove(IdTokenClaimNames.SUB))
 				.build();
 		assertThat(userInfo.getSubject()).isNull();
@@ -67,11 +59,9 @@ public class OidcUserInfoBuilderTests {
 	@Test
 	public void claimsWhenAddingAClaimThenIsPresent() {
 		OidcUserInfo.Builder userInfoBuilder = OidcUserInfo.builder();
-
 		String name = new String("name");
 		String value = new String("value");
 		OidcUserInfo userInfo = userInfoBuilder.claims((claims) -> claims.put(name, value)).build();
-
 		assertThat(userInfo.getClaims()).hasSize(1);
 		assertThat(userInfo.getClaims().get(name)).isSameAs(value);
 	}
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcUserInfoTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcUserInfoTests.java
index 9146c9760c..53fe17d28d 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcUserInfoTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcUserInfoTests.java
@@ -113,7 +113,6 @@ public class OidcUserInfoTests {
 	private static final long UPDATED_AT_VALUE = Instant.now().minusSeconds(60).toEpochMilli();
 
 	private static final Map<String, Object> CLAIMS;
-
 	static {
 		CLAIMS = new HashMap<>();
 		CLAIMS.put(SUB_CLAIM, SUB_VALUE);
@@ -134,7 +133,6 @@ public class OidcUserInfoTests {
 		CLAIMS.put(LOCALE_CLAIM, LOCALE_VALUE);
 		CLAIMS.put(PHONE_NUMBER_CLAIM, PHONE_NUMBER_VALUE);
 		CLAIMS.put(PHONE_NUMBER_VERIFIED_CLAIM, PHONE_NUMBER_VERIFIED_VALUE);
-
 		ADDRESS_VALUE = new HashMap<>();
 		ADDRESS_VALUE.put(DefaultAddressStandardClaimTests.FORMATTED_FIELD_NAME,
 				DefaultAddressStandardClaimTests.FORMATTED);
@@ -148,7 +146,6 @@ public class OidcUserInfoTests {
 		ADDRESS_VALUE.put(DefaultAddressStandardClaimTests.COUNTRY_FIELD_NAME,
 				DefaultAddressStandardClaimTests.COUNTRY);
 		CLAIMS.put(ADDRESS_CLAIM, ADDRESS_VALUE);
-
 		CLAIMS.put(UPDATED_AT_CLAIM, UPDATED_AT_VALUE);
 	}
 
@@ -160,7 +157,6 @@ public class OidcUserInfoTests {
 	@Test
 	public void constructorWhenParametersProvidedAndValidThenCreated() {
 		OidcUserInfo userInfo = new OidcUserInfo(CLAIMS);
-
 		assertThat(userInfo.getClaims()).isEqualTo(CLAIMS);
 		assertThat(userInfo.getSubject()).isEqualTo(SUB_VALUE);
 		assertThat(userInfo.getFullName()).isEqualTo(NAME_VALUE);
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/user/DefaultOidcUserTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/user/DefaultOidcUserTests.java
index ef8501ead2..78dd8b494f 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/user/DefaultOidcUserTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/user/DefaultOidcUserTests.java
@@ -54,14 +54,12 @@ public class DefaultOidcUserTests {
 	private static final Map<String, Object> ID_TOKEN_CLAIMS = new HashMap<>();
 
 	private static final Map<String, Object> USER_INFO_CLAIMS = new HashMap<>();
-
 	static {
 		ID_TOKEN_CLAIMS.put(IdTokenClaimNames.ISS, "https://example.com");
 		ID_TOKEN_CLAIMS.put(IdTokenClaimNames.SUB, SUBJECT);
 		USER_INFO_CLAIMS.put(StandardClaimNames.NAME, NAME);
 		USER_INFO_CLAIMS.put(StandardClaimNames.EMAIL, EMAIL);
 	}
-
 	private static final OidcIdToken ID_TOKEN = new OidcIdToken("id-token-value", Instant.EPOCH, Instant.MAX,
 			ID_TOKEN_CLAIMS);
 
@@ -85,7 +83,6 @@ public class DefaultOidcUserTests {
 	@Test
 	public void constructorWhenAuthoritiesIdTokenProvidedThenCreated() {
 		DefaultOidcUser user = new DefaultOidcUser(AUTHORITIES, ID_TOKEN);
-
 		assertThat(user.getClaims()).containsOnlyKeys(IdTokenClaimNames.ISS, IdTokenClaimNames.SUB);
 		assertThat(user.getIdToken()).isEqualTo(ID_TOKEN);
 		assertThat(user.getName()).isEqualTo(SUBJECT);
@@ -97,7 +94,6 @@ public class DefaultOidcUserTests {
 	@Test
 	public void constructorWhenAuthoritiesIdTokenNameAttributeKeyProvidedThenCreated() {
 		DefaultOidcUser user = new DefaultOidcUser(AUTHORITIES, ID_TOKEN, IdTokenClaimNames.SUB);
-
 		assertThat(user.getClaims()).containsOnlyKeys(IdTokenClaimNames.ISS, IdTokenClaimNames.SUB);
 		assertThat(user.getIdToken()).isEqualTo(ID_TOKEN);
 		assertThat(user.getName()).isEqualTo(SUBJECT);
@@ -109,7 +105,6 @@ public class DefaultOidcUserTests {
 	@Test
 	public void constructorWhenAuthoritiesIdTokenUserInfoProvidedThenCreated() {
 		DefaultOidcUser user = new DefaultOidcUser(AUTHORITIES, ID_TOKEN, USER_INFO);
-
 		assertThat(user.getClaims()).containsOnlyKeys(IdTokenClaimNames.ISS, IdTokenClaimNames.SUB,
 				StandardClaimNames.NAME, StandardClaimNames.EMAIL);
 		assertThat(user.getIdToken()).isEqualTo(ID_TOKEN);
@@ -124,7 +119,6 @@ public class DefaultOidcUserTests {
 	@Test
 	public void constructorWhenAllParametersProvidedAndValidThenCreated() {
 		DefaultOidcUser user = new DefaultOidcUser(AUTHORITIES, ID_TOKEN, USER_INFO, StandardClaimNames.EMAIL);
-
 		assertThat(user.getClaims()).containsOnlyKeys(IdTokenClaimNames.ISS, IdTokenClaimNames.SUB,
 				StandardClaimNames.NAME, StandardClaimNames.EMAIL);
 		assertThat(user.getIdToken()).isEqualTo(ID_TOKEN);
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/user/OidcUserAuthorityTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/user/OidcUserAuthorityTests.java
index 4f83847331..d086c3eb99 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/user/OidcUserAuthorityTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/user/OidcUserAuthorityTests.java
@@ -48,14 +48,12 @@ public class OidcUserAuthorityTests {
 	private static final Map<String, Object> ID_TOKEN_CLAIMS = new HashMap<>();
 
 	private static final Map<String, Object> USER_INFO_CLAIMS = new HashMap<>();
-
 	static {
 		ID_TOKEN_CLAIMS.put(IdTokenClaimNames.ISS, "https://example.com");
 		ID_TOKEN_CLAIMS.put(IdTokenClaimNames.SUB, SUBJECT);
 		USER_INFO_CLAIMS.put(StandardClaimNames.NAME, NAME);
 		USER_INFO_CLAIMS.put(StandardClaimNames.EMAIL, EMAIL);
 	}
-
 	private static final OidcIdToken ID_TOKEN = new OidcIdToken("id-token-value", Instant.EPOCH, Instant.MAX,
 			ID_TOKEN_CLAIMS);
 
@@ -79,7 +77,6 @@ public class OidcUserAuthorityTests {
 	@Test
 	public void constructorWhenAllParametersProvidedAndValidThenCreated() {
 		OidcUserAuthority userAuthority = new OidcUserAuthority(AUTHORITY, ID_TOKEN, USER_INFO);
-
 		assertThat(userAuthority.getIdToken()).isEqualTo(ID_TOKEN);
 		assertThat(userAuthority.getUserInfo()).isEqualTo(USER_INFO);
 		assertThat(userAuthority.getAuthority()).isEqualTo(AUTHORITY);
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/user/DefaultOAuth2UserTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/user/DefaultOAuth2UserTests.java
index 88f20d81c1..c1643e86d5 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/user/DefaultOAuth2UserTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/user/DefaultOAuth2UserTests.java
@@ -79,7 +79,6 @@ public class DefaultOAuth2UserTests {
 	@Test
 	public void constructorWhenAllParametersProvidedAndValidThenCreated() {
 		DefaultOAuth2User user = new DefaultOAuth2User(AUTHORITIES, ATTRIBUTES, ATTRIBUTE_NAME_KEY);
-
 		assertThat(user.getName()).isEqualTo(USERNAME);
 		assertThat(user.getAuthorities()).hasSize(1);
 		assertThat(user.getAuthorities().iterator().next()).isEqualTo(AUTHORITY);
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/user/OAuth2UserAuthorityTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/user/OAuth2UserAuthorityTests.java
index 83d68e921e..b7b22d5541 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/user/OAuth2UserAuthorityTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/user/OAuth2UserAuthorityTests.java
@@ -52,7 +52,6 @@ public class OAuth2UserAuthorityTests {
 	@Test
 	public void constructorWhenAllParametersProvidedAndValidThenCreated() {
 		OAuth2UserAuthority userAuthority = new OAuth2UserAuthority(AUTHORITY, ATTRIBUTES);
-
 		assertThat(userAuthority.getAuthority()).isEqualTo(AUTHORITY);
 		assertThat(userAuthority.getAttributes()).isEqualTo(ATTRIBUTES);
 	}
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/web/reactive/function/OAuth2BodyExtractorsTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/web/reactive/function/OAuth2BodyExtractorsTests.java
index bfdd17de31..abe976ecc8 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/web/reactive/function/OAuth2BodyExtractorsTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/web/reactive/function/OAuth2BodyExtractorsTests.java
@@ -63,7 +63,6 @@ public class OAuth2BodyExtractorsTests {
 		messageReaders.add(new DecoderHttpMessageReader<>(StringDecoder.allMimeTypes()));
 		messageReaders.add(new DecoderHttpMessageReader<>(new Jackson2JsonDecoder()));
 		messageReaders.add(new FormHttpMessageReader());
-
 		this.hints = new HashMap<>();
 		this.context = new BodyExtractor.Context() {
 			@Override
@@ -87,13 +86,10 @@ public class OAuth2BodyExtractorsTests {
 	public void oauth2AccessTokenResponseWhenInvalidJsonThenException() {
 		BodyExtractor<Mono<OAuth2AccessTokenResponse>, ReactiveHttpInputMessage> extractor = OAuth2BodyExtractors
 				.oauth2AccessTokenResponse();
-
 		MockClientHttpResponse response = new MockClientHttpResponse(HttpStatus.OK);
 		response.getHeaders().setContentType(MediaType.APPLICATION_JSON);
 		response.setBody("{");
-
 		Mono<OAuth2AccessTokenResponse> result = extractor.extract(response, this.context);
-
 		assertThatCode(result::block).isInstanceOf(OAuth2AuthorizationException.class)
 				.hasMessageContaining("An error occurred parsing the Access Token response");
 	}
@@ -102,11 +98,8 @@ public class OAuth2BodyExtractorsTests {
 	public void oauth2AccessTokenResponseWhenEmptyThenException() {
 		BodyExtractor<Mono<OAuth2AccessTokenResponse>, ReactiveHttpInputMessage> extractor = OAuth2BodyExtractors
 				.oauth2AccessTokenResponse();
-
 		MockClientHttpResponse response = new MockClientHttpResponse(HttpStatus.OK);
-
 		Mono<OAuth2AccessTokenResponse> result = extractor.extract(response, this.context);
-
 		assertThatCode(result::block).isInstanceOf(OAuth2AuthorizationException.class)
 				.hasMessageContaining("Empty OAuth 2.0 Access Token Response");
 	}
@@ -115,17 +108,14 @@ public class OAuth2BodyExtractorsTests {
 	public void oauth2AccessTokenResponseWhenValidThenCreated() {
 		BodyExtractor<Mono<OAuth2AccessTokenResponse>, ReactiveHttpInputMessage> extractor = OAuth2BodyExtractors
 				.oauth2AccessTokenResponse();
-
 		MockClientHttpResponse response = new MockClientHttpResponse(HttpStatus.OK);
 		response.getHeaders().setContentType(MediaType.APPLICATION_JSON);
 		response.setBody(
 				"{\n" + "       \"access_token\":\"2YotnFZFEjr1zCsicMWpAA\",\n" + "       \"token_type\":\"Bearer\",\n"
 						+ "       \"expires_in\":3600,\n" + "       \"refresh_token\":\"tGzv3JOkF0XG5Qx2TlKWIA\",\n"
 						+ "       \"example_parameter\":\"example_value\"\n" + "     }");
-
 		Instant now = Instant.now();
 		OAuth2AccessTokenResponse result = extractor.extract(response, this.context).block();
-
 		assertThat(result.getAccessToken().getTokenValue()).isEqualTo("2YotnFZFEjr1zCsicMWpAA");
 		assertThat(result.getAccessToken().getTokenType()).isEqualTo(OAuth2AccessToken.TokenType.BEARER);
 		assertThat(result.getAccessToken().getExpiresAt()).isBetween(now.plusSeconds(3600), now.plusSeconds(3600 + 2));
@@ -138,17 +128,14 @@ public class OAuth2BodyExtractorsTests {
 	public void oauth2AccessTokenResponseWhenMultipleAttributeTypesThenCreated() {
 		BodyExtractor<Mono<OAuth2AccessTokenResponse>, ReactiveHttpInputMessage> extractor = OAuth2BodyExtractors
 				.oauth2AccessTokenResponse();
-
 		MockClientHttpResponse response = new MockClientHttpResponse(HttpStatus.OK);
 		response.getHeaders().setContentType(MediaType.APPLICATION_JSON);
 		response.setBody(
 				"{\n" + "       \"access_token\":\"2YotnFZFEjr1zCsicMWpAA\",\n" + "       \"token_type\":\"Bearer\",\n"
 						+ "       \"expires_in\":3600,\n" + "       \"refresh_token\":\"tGzv3JOkF0XG5Qx2TlKWIA\",\n"
 						+ "       \"subjson\":{}, \n" + "		  \"list\":[]  \n" + "     }");
-
 		Instant now = Instant.now();
 		OAuth2AccessTokenResponse result = extractor.extract(response, this.context).block();
-
 		assertThat(result.getAccessToken().getTokenValue()).isEqualTo("2YotnFZFEjr1zCsicMWpAA");
 		assertThat(result.getAccessToken().getTokenType()).isEqualTo(OAuth2AccessToken.TokenType.BEARER);
 		assertThat(result.getAccessToken().getExpiresAt()).isBetween(now.plusSeconds(3600), now.plusSeconds(3600 + 2));
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jose/TestKeys.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jose/TestKeys.java
index 6cde34191f..f0dba9b354 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jose/TestKeys.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jose/TestKeys.java
@@ -43,7 +43,6 @@ public final class TestKeys {
 			throw new IllegalStateException(ex);
 		}
 	}
-
 	public static final String DEFAULT_ENCODED_SECRET_KEY = "bCzY/M48bbkwBEWjmNSIEPfwApcvXOnkCxORBEbPr+4=";
 
 	public static final SecretKey DEFAULT_SECRET_KEY = new SecretKeySpec(
@@ -66,7 +65,6 @@ public final class TestKeys {
 			throw new IllegalArgumentException(ex);
 		}
 	}
-
 	public static final String DEFAULT_RSA_PRIVATE_KEY = "MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDcWWomvlNGyQhA"
 			+ "iB0TcN3sP2VuhZ1xNRPxr58lHswC9Cbtdc2hiSbe/sxAvU1i0O8vaXwICdzRZ1JM"
 			+ "g1TohG9zkqqjZDhyw1f1Ic6YR/OhE6NCpqERy97WMFeW6gJd1i5inHj/W19GAbqK"
@@ -94,7 +92,6 @@ public final class TestKeys {
 			+ "TszuiGTkrKcZy9G0wJqPztZZl2F2+bJgnA6nBEV7g5PA4Af+QSmaIhRwqGDAuROR" + "47jndeyIaMTNETEmOnms+as17g==";
 
 	public static final RSAPrivateKey DEFAULT_PRIVATE_KEY;
-
 	static {
 		PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(Base64.getDecoder().decode(DEFAULT_RSA_PRIVATE_KEY));
 		try {
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtBuilderTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtBuilderTests.java
index d91c78a928..efac7719f7 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtBuilderTests.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtBuilderTests.java
@@ -34,18 +34,14 @@ public class JwtBuilderTests {
 	@Test
 	public void buildWhenCalledTwiceThenGeneratesTwoJwts() {
 		Jwt.Builder jwtBuilder = Jwt.withTokenValue("token");
-
 		Jwt first = jwtBuilder.tokenValue("V1").header("TEST_HEADER_1", "H1").claim("TEST_CLAIM_1", "C1").build();
-
 		Jwt second = jwtBuilder.tokenValue("V2").header("TEST_HEADER_1", "H2").header("TEST_HEADER_2", "H3")
 				.claim("TEST_CLAIM_1", "C2").claim("TEST_CLAIM_2", "C3").build();
-
 		assertThat(first.getHeaders()).hasSize(1);
 		assertThat(first.getHeaders().get("TEST_HEADER_1")).isEqualTo("H1");
 		assertThat(first.getClaims()).hasSize(1);
 		assertThat(first.getClaims().get("TEST_CLAIM_1")).isEqualTo("C1");
 		assertThat(first.getTokenValue()).isEqualTo("V1");
-
 		assertThat(second.getHeaders()).hasSize(2);
 		assertThat(second.getHeaders().get("TEST_HEADER_1")).isEqualTo("H2");
 		assertThat(second.getHeaders().get("TEST_HEADER_2")).isEqualTo("H3");
@@ -58,15 +54,11 @@ public class JwtBuilderTests {
 	@Test
 	public void expiresAtWhenUsingGenericOrNamedClaimMethodRequiresInstant() {
 		Jwt.Builder jwtBuilder = Jwt.withTokenValue("token").header("needs", "a header");
-
 		Instant now = Instant.now();
-
 		Jwt jwt = jwtBuilder.expiresAt(now).build();
 		assertThat(jwt.getExpiresAt()).isSameAs(now);
-
 		jwt = jwtBuilder.expiresAt(now).build();
 		assertThat(jwt.getExpiresAt()).isSameAs(now);
-
 		assertThatCode(() -> jwtBuilder.claim(JwtClaimNames.EXP, "not an instant").build())
 				.isInstanceOf(IllegalArgumentException.class);
 	}
@@ -74,15 +66,11 @@ public class JwtBuilderTests {
 	@Test
 	public void issuedAtWhenUsingGenericOrNamedClaimMethodRequiresInstant() {
 		Jwt.Builder jwtBuilder = Jwt.withTokenValue("token").header("needs", "a header");
-
 		Instant now = Instant.now();
-
 		Jwt jwt = jwtBuilder.issuedAt(now).build();
 		assertThat(jwt.getIssuedAt()).isSameAs(now);
-
 		jwt = jwtBuilder.issuedAt(now).build();
 		assertThat(jwt.getIssuedAt()).isSameAs(now);
-
 		assertThatCode(() -> jwtBuilder.claim(JwtClaimNames.IAT, "not an instant").build())
 				.isInstanceOf(IllegalArgumentException.class);
 	}
@@ -90,13 +78,10 @@ public class JwtBuilderTests {
 	@Test
 	public void subjectWhenUsingGenericOrNamedClaimMethodThenLastOneWins() {
 		Jwt.Builder jwtBuilder = Jwt.withTokenValue("token").header("needs", "a header");
-
 		String generic = new String("sub");
 		String named = new String("sub");
-
 		Jwt jwt = jwtBuilder.subject(named).claim(JwtClaimNames.SUB, generic).build();
 		assertThat(jwt.getSubject()).isSameAs(generic);
-
 		jwt = jwtBuilder.claim(JwtClaimNames.SUB, generic).subject(named).build();
 		assertThat(jwt.getSubject()).isSameAs(named);
 	}
@@ -104,7 +89,6 @@ public class JwtBuilderTests {
 	@Test
 	public void claimsWhenRemovingAClaimThenIsNotPresent() {
 		Jwt.Builder jwtBuilder = Jwt.withTokenValue("token").claim("needs", "a claim").header("needs", "a header");
-
 		Jwt jwt = jwtBuilder.subject("sub").claims((claims) -> claims.remove(JwtClaimNames.SUB)).build();
 		assertThat(jwt.getSubject()).isNull();
 	}
@@ -112,11 +96,9 @@ public class JwtBuilderTests {
 	@Test
 	public void claimsWhenAddingAClaimThenIsPresent() {
 		Jwt.Builder jwtBuilder = Jwt.withTokenValue("token").header("needs", "a header");
-
 		String name = new String("name");
 		String value = new String("value");
 		Jwt jwt = jwtBuilder.claims((claims) -> claims.put(name, value)).build();
-
 		assertThat(jwt.getClaims()).hasSize(1);
 		assertThat(jwt.getClaims().get(name)).isSameAs(value);
 	}
@@ -124,7 +106,6 @@ public class JwtBuilderTests {
 	@Test
 	public void headersWhenRemovingAClaimThenIsNotPresent() {
 		Jwt.Builder jwtBuilder = Jwt.withTokenValue("token").claim("needs", "a claim").header("needs", "a header");
-
 		Jwt jwt = jwtBuilder.header("alg", "none").headers((headers) -> headers.remove("alg")).build();
 		assertThat(jwt.getHeaders().get("alg")).isNull();
 	}
@@ -132,11 +113,9 @@ public class JwtBuilderTests {
 	@Test
 	public void headersWhenAddingAClaimThenIsPresent() {
 		Jwt.Builder jwtBuilder = Jwt.withTokenValue("token").claim("needs", "a claim");
-
 		String name = new String("name");
 		String value = new String("value");
 		Jwt jwt = jwtBuilder.headers((headers) -> headers.put(name, value)).build();
-
 		assertThat(jwt.getHeaders()).hasSize(1);
 		assertThat(jwt.getHeaders().get(name)).isSameAs(value);
 	}
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtDecodersTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtDecodersTests.java
index 8f1be78bb3..c3206a37f3 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtDecodersTests.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtDecodersTests.java
@@ -219,7 +219,6 @@ public class JwtDecodersTests {
 
 	@Test
 	public void issuerWhenRequestedIssuerIsUnresponsiveThenThrowsIllegalArgumentException() throws Exception {
-
 		this.server.shutdown();
 		assertThatCode(() -> JwtDecoders.fromOidcIssuerLocation("https://issuer"))
 				.isInstanceOf(IllegalArgumentException.class);
@@ -228,7 +227,6 @@ public class JwtDecodersTests {
 	@Test
 	public void issuerWhenOidcFallbackRequestedIssuerIsUnresponsiveThenThrowsIllegalArgumentException()
 			throws Exception {
-
 		this.server.shutdown();
 		assertThatCode(() -> JwtDecoders.fromIssuerLocation("https://issuer"))
 				.isInstanceOf(IllegalArgumentException.class);
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtIssuerValidatorTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtIssuerValidatorTests.java
index c8f73f387a..501beb5fb9 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtIssuerValidatorTests.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtIssuerValidatorTests.java
@@ -36,23 +36,19 @@ public class JwtIssuerValidatorTests {
 	@Test
 	public void validateWhenIssuerMatchesThenReturnsSuccess() {
 		Jwt jwt = TestJwts.jwt().claim("iss", ISSUER).build();
-
 		assertThat(this.validator.validate(jwt)).isEqualTo(OAuth2TokenValidatorResult.success());
 	}
 
 	@Test
 	public void validateWhenIssuerMismatchesThenReturnsError() {
 		Jwt jwt = TestJwts.jwt().claim(JwtClaimNames.ISS, "https://other").build();
-
 		OAuth2TokenValidatorResult result = this.validator.validate(jwt);
-
 		assertThat(result.getErrors()).isNotEmpty();
 	}
 
 	@Test
 	public void validateWhenJwtHasNoIssuerThenReturnsError() {
 		Jwt jwt = TestJwts.jwt().claim(JwtClaimNames.AUD, "https://aud").build();
-
 		OAuth2TokenValidatorResult result = this.validator.validate(jwt);
 		assertThat(result.getErrors()).isNotEmpty();
 	}
@@ -62,7 +58,6 @@ public class JwtIssuerValidatorTests {
 	public void validateWhenIssuerMatchesAndIsNotAUriThenReturnsSuccess() {
 		Jwt jwt = TestJwts.jwt().claim(JwtClaimNames.ISS, "issuer").build();
 		JwtIssuerValidator validator = new JwtIssuerValidator("issuer");
-
 		assertThat(validator.validate(jwt)).isEqualTo(OAuth2TokenValidatorResult.success());
 	}
 
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtTests.java
index 924c5f85ca..cc2e99e373 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtTests.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtTests.java
@@ -69,11 +69,9 @@ public class JwtTests {
 	private static final Map<String, Object> CLAIMS;
 
 	private static final String JWT_TOKEN_VALUE = "jwt-token-value";
-
 	static {
 		HEADERS = new HashMap<>();
 		HEADERS.put("alg", JwsAlgorithms.RS256);
-
 		CLAIMS = new HashMap<>();
 		CLAIMS.put(ISS_CLAIM, ISS_VALUE);
 		CLAIMS.put(SUB_CLAIM, SUB_VALUE);
@@ -105,7 +103,6 @@ public class JwtTests {
 	public void constructorWhenParametersProvidedAndValidThenCreated() {
 		Jwt jwt = new Jwt(JWT_TOKEN_VALUE, Instant.ofEpochMilli(IAT_VALUE), Instant.ofEpochMilli(EXP_VALUE), HEADERS,
 				CLAIMS);
-
 		assertThat(jwt.getTokenValue()).isEqualTo(JWT_TOKEN_VALUE);
 		assertThat(jwt.getHeaders()).isEqualTo(HEADERS);
 		assertThat(jwt.getClaims()).isEqualTo(CLAIMS);
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtTimestampValidatorTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtTimestampValidatorTests.java
index cba1158652..8cac7c007c 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtTimestampValidatorTests.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtTimestampValidatorTests.java
@@ -54,28 +54,20 @@ public class JwtTimestampValidatorTests {
 	@Test
 	public void validateWhenJwtIsExpiredThenErrorMessageIndicatesExpirationTime() {
 		Instant oneHourAgo = Instant.now().minusSeconds(3600);
-
 		Jwt jwt = TestJwts.jwt().expiresAt(oneHourAgo).build();
-
 		JwtTimestampValidator jwtValidator = new JwtTimestampValidator();
-
 		Collection<OAuth2Error> details = jwtValidator.validate(jwt).getErrors();
 		Collection<String> messages = details.stream().map(OAuth2Error::getDescription).collect(Collectors.toList());
-
 		assertThat(messages).contains("Jwt expired at " + oneHourAgo);
 	}
 
 	@Test
 	public void validateWhenJwtIsTooEarlyThenErrorMessageIndicatesNotBeforeTime() {
 		Instant oneHourFromNow = Instant.now().plusSeconds(3600);
-
 		Jwt jwt = TestJwts.jwt().notBefore(oneHourFromNow).build();
-
 		JwtTimestampValidator jwtValidator = new JwtTimestampValidator();
-
 		Collection<OAuth2Error> details = jwtValidator.validate(jwt).getErrors();
 		Collection<String> messages = details.stream().map(OAuth2Error::getDescription).collect(Collectors.toList());
-
 		assertThat(messages).contains("Jwt used before " + oneHourFromNow);
 	}
 
@@ -83,54 +75,39 @@ public class JwtTimestampValidatorTests {
 	public void validateWhenConfiguredWithClockSkewThenValidatesUsingThatSkew() {
 		Duration oneDayOff = Duration.ofDays(1);
 		JwtTimestampValidator jwtValidator = new JwtTimestampValidator(oneDayOff);
-
 		Instant now = Instant.now();
 		Instant almostOneDayAgo = now.minus(oneDayOff).plusSeconds(10);
 		Instant almostOneDayFromNow = now.plus(oneDayOff).minusSeconds(10);
 		Instant justOverOneDayAgo = now.minus(oneDayOff).minusSeconds(10);
 		Instant justOverOneDayFromNow = now.plus(oneDayOff).plusSeconds(10);
-
 		Jwt jwt = TestJwts.jwt().expiresAt(almostOneDayAgo).notBefore(almostOneDayFromNow).build();
-
 		assertThat(jwtValidator.validate(jwt).hasErrors()).isFalse();
-
 		jwt = TestJwts.jwt().expiresAt(justOverOneDayAgo).build();
-
 		OAuth2TokenValidatorResult result = jwtValidator.validate(jwt);
 		Collection<String> messages = result.getErrors().stream().map(OAuth2Error::getDescription)
 				.collect(Collectors.toList());
-
 		assertThat(result.hasErrors()).isTrue();
 		assertThat(messages).contains("Jwt expired at " + justOverOneDayAgo);
-
 		jwt = TestJwts.jwt().notBefore(justOverOneDayFromNow).build();
-
 		result = jwtValidator.validate(jwt);
 		messages = result.getErrors().stream().map(OAuth2Error::getDescription).collect(Collectors.toList());
-
 		assertThat(result.hasErrors()).isTrue();
 		assertThat(messages).contains("Jwt used before " + justOverOneDayFromNow);
-
 	}
 
 	@Test
 	public void validateWhenConfiguredWithFixedClockThenValidatesUsingFixedTime() {
 		Jwt jwt = TestJwts.jwt().expiresAt(Instant.now(MOCK_NOW)).build();
-
 		JwtTimestampValidator jwtValidator = new JwtTimestampValidator(Duration.ofNanos(0));
 		jwtValidator.setClock(MOCK_NOW);
-
 		assertThat(jwtValidator.validate(jwt).hasErrors()).isFalse();
-
 		jwt = TestJwts.jwt().notBefore(Instant.now(MOCK_NOW)).build();
-
 		assertThat(jwtValidator.validate(jwt).hasErrors()).isFalse();
 	}
 
 	@Test
 	public void validateWhenNeitherExpiryNorNotBeforeIsSpecifiedThenReturnsSuccessfulResult() {
 		Jwt jwt = TestJwts.jwt().claims((c) -> c.remove(JwtClaimNames.EXP)).build();
-
 		JwtTimestampValidator jwtValidator = new JwtTimestampValidator();
 		assertThat(jwtValidator.validate(jwt).hasErrors()).isFalse();
 	}
@@ -138,7 +115,6 @@ public class JwtTimestampValidatorTests {
 	@Test
 	public void validateWhenNotBeforeIsValidAndExpiryIsNotSpecifiedThenReturnsSuccessfulResult() {
 		Jwt jwt = TestJwts.jwt().claims((c) -> c.remove(JwtClaimNames.EXP)).notBefore(Instant.MIN).build();
-
 		JwtTimestampValidator jwtValidator = new JwtTimestampValidator();
 		assertThat(jwtValidator.validate(jwt).hasErrors()).isFalse();
 	}
@@ -146,7 +122,6 @@ public class JwtTimestampValidatorTests {
 	@Test
 	public void validateWhenExpiryIsValidAndNotBeforeIsNotSpecifiedThenReturnsSuccessfulResult() {
 		Jwt jwt = TestJwts.jwt().build();
-
 		JwtTimestampValidator jwtValidator = new JwtTimestampValidator();
 		assertThat(jwtValidator.validate(jwt).hasErrors()).isFalse();
 	}
@@ -154,17 +129,14 @@ public class JwtTimestampValidatorTests {
 	@Test
 	public void validateWhenBothExpiryAndNotBeforeAreValidThenReturnsSuccessfulResult() {
 		Jwt jwt = TestJwts.jwt().expiresAt(Instant.now(MOCK_NOW)).notBefore(Instant.now(MOCK_NOW)).build();
-
 		JwtTimestampValidator jwtValidator = new JwtTimestampValidator(Duration.ofNanos(0));
 		jwtValidator.setClock(MOCK_NOW);
-
 		assertThat(jwtValidator.validate(jwt).hasErrors()).isFalse();
 	}
 
 	@Test
 	public void setClockWhenInvokedWithNullThenThrowsIllegalArgumentException() {
 		JwtTimestampValidator jwtValidator = new JwtTimestampValidator();
-
 		assertThatCode(() -> jwtValidator.setClock(null)).isInstanceOf(IllegalArgumentException.class);
 	}
 
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/MappedJwtClaimSetConverterTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/MappedJwtClaimSetConverterTests.java
index 540f668e5e..d27b08df2a 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/MappedJwtClaimSetConverterTests.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/MappedJwtClaimSetConverterTests.java
@@ -48,23 +48,18 @@ public class MappedJwtClaimSetConverterTests {
 		Instant at = Instant.ofEpochMilli(1000000000000L);
 		Converter<Object, Instant> expiresAtConverter = mock(Converter.class);
 		given(expiresAtConverter.convert(any())).willReturn(at);
-
 		MappedJwtClaimSetConverter converter = MappedJwtClaimSetConverter
 				.withDefaults(Collections.singletonMap(JwtClaimNames.EXP, expiresAtConverter));
-
 		Map<String, Object> source = new HashMap<>();
 		Map<String, Object> target = converter.convert(source);
-
 		assertThat(target.get(JwtClaimNames.IAT)).isEqualTo(Instant.ofEpochMilli(at.toEpochMilli()).minusSeconds(1));
 	}
 
 	@Test
 	public void convertWhenUsingDefaultsThenBasesIssuedAtOffOfExpiration() {
 		MappedJwtClaimSetConverter converter = MappedJwtClaimSetConverter.withDefaults(Collections.emptyMap());
-
 		Map<String, Object> source = Collections.singletonMap(JwtClaimNames.EXP, 1000000000L);
 		Map<String, Object> target = converter.convert(source);
-
 		assertThat(target.get(JwtClaimNames.EXP)).isEqualTo(Instant.ofEpochSecond(1000000000L));
 		assertThat(target.get(JwtClaimNames.IAT)).isEqualTo(Instant.ofEpochSecond(1000000000L).minusSeconds(1));
 	}
@@ -72,16 +67,12 @@ public class MappedJwtClaimSetConverterTests {
 	@Test
 	public void convertWhenUsingDefaultsThenCoercesAudienceAccordingToJwtSpec() {
 		MappedJwtClaimSetConverter converter = MappedJwtClaimSetConverter.withDefaults(Collections.emptyMap());
-
 		Map<String, Object> source = Collections.singletonMap(JwtClaimNames.AUD, "audience");
 		Map<String, Object> target = converter.convert(source);
-
 		assertThat(target.get(JwtClaimNames.AUD)).isInstanceOf(Collection.class);
 		assertThat(target.get(JwtClaimNames.AUD)).isEqualTo(Arrays.asList("audience"));
-
 		source = Collections.singletonMap(JwtClaimNames.AUD, Arrays.asList("one", "two"));
 		target = converter.convert(source);
-
 		assertThat(target.get(JwtClaimNames.AUD)).isInstanceOf(Collection.class);
 		assertThat(target.get(JwtClaimNames.AUD)).isEqualTo(Arrays.asList("one", "two"));
 	}
@@ -89,7 +80,6 @@ public class MappedJwtClaimSetConverterTests {
 	@Test
 	public void convertWhenUsingDefaultsThenCoercesAllAttributesInJwtSpec() {
 		MappedJwtClaimSetConverter converter = MappedJwtClaimSetConverter.withDefaults(Collections.emptyMap());
-
 		Map<String, Object> source = new HashMap<>();
 		source.put(JwtClaimNames.JTI, 1);
 		source.put(JwtClaimNames.AUD, "audience");
@@ -98,9 +88,7 @@ public class MappedJwtClaimSetConverterTests {
 		source.put(JwtClaimNames.ISS, "https://any.url");
 		source.put(JwtClaimNames.NBF, 1000000000);
 		source.put(JwtClaimNames.SUB, 1234);
-
 		Map<String, Object> target = converter.convert(source);
-
 		assertThat(target.get(JwtClaimNames.JTI)).isEqualTo("1");
 		assertThat(target.get(JwtClaimNames.AUD)).isEqualTo(Arrays.asList("audience"));
 		assertThat(target.get(JwtClaimNames.EXP)).isEqualTo(Instant.ofEpochSecond(2000000000L));
@@ -116,7 +104,6 @@ public class MappedJwtClaimSetConverterTests {
 		MappedJwtClaimSetConverter converter = MappedJwtClaimSetConverter
 				.withDefaults(Collections.singletonMap(JwtClaimNames.SUB, claimConverter));
 		given(claimConverter.convert(any(Object.class))).willReturn("1234");
-
 		Map<String, Object> source = new HashMap<>();
 		source.put(JwtClaimNames.JTI, 1);
 		source.put(JwtClaimNames.AUD, "audience");
@@ -125,9 +112,7 @@ public class MappedJwtClaimSetConverterTests {
 		source.put(JwtClaimNames.ISS, URI.create("https://any.url"));
 		source.put(JwtClaimNames.NBF, "1000000000");
 		source.put(JwtClaimNames.SUB, 2345);
-
 		Map<String, Object> target = converter.convert(source);
-
 		assertThat(target.get(JwtClaimNames.JTI)).isEqualTo("1");
 		assertThat(target.get(JwtClaimNames.AUD)).isEqualTo(Arrays.asList("audience"));
 		assertThat(target.get(JwtClaimNames.EXP)).isEqualTo(Instant.ofEpochSecond(2000000000L));
@@ -140,10 +125,8 @@ public class MappedJwtClaimSetConverterTests {
 	@Test
 	public void convertWhenConverterReturnsNullThenClaimIsRemoved() {
 		MappedJwtClaimSetConverter converter = MappedJwtClaimSetConverter.withDefaults(Collections.emptyMap());
-
 		Map<String, Object> source = Collections.singletonMap(JwtClaimNames.ISS, null);
 		Map<String, Object> target = converter.convert(source);
-
 		assertThat(target).doesNotContainKey(JwtClaimNames.ISS);
 	}
 
@@ -153,10 +136,8 @@ public class MappedJwtClaimSetConverterTests {
 		MappedJwtClaimSetConverter converter = MappedJwtClaimSetConverter
 				.withDefaults(Collections.singletonMap("custom-claim", claimConverter));
 		given(claimConverter.convert(any())).willReturn("custom-value");
-
 		Map<String, Object> source = new HashMap<>();
 		Map<String, Object> target = converter.convert(source);
-
 		assertThat(target.get("custom-claim")).isEqualTo("custom-value");
 	}
 
@@ -166,7 +147,6 @@ public class MappedJwtClaimSetConverterTests {
 		MappedJwtClaimSetConverter converter = new MappedJwtClaimSetConverter(
 				Collections.singletonMap(JwtClaimNames.SUB, claimConverter));
 		given(claimConverter.convert(any(Object.class))).willReturn("1234");
-
 		Map<String, Object> source = new HashMap<>();
 		source.put(JwtClaimNames.JTI, new Object());
 		source.put(JwtClaimNames.AUD, new Object());
@@ -175,9 +155,7 @@ public class MappedJwtClaimSetConverterTests {
 		source.put(JwtClaimNames.ISS, new Object());
 		source.put(JwtClaimNames.NBF, new Object());
 		source.put(JwtClaimNames.SUB, new Object());
-
 		Map<String, Object> target = converter.convert(source);
-
 		assertThat(target.get(JwtClaimNames.JTI)).isEqualTo(source.get(JwtClaimNames.JTI));
 		assertThat(target.get(JwtClaimNames.AUD)).isEqualTo(source.get(JwtClaimNames.AUD));
 		assertThat(target.get(JwtClaimNames.EXP)).isEqualTo(source.get(JwtClaimNames.EXP));
@@ -190,16 +168,12 @@ public class MappedJwtClaimSetConverterTests {
 	@Test
 	public void convertWhenUsingDefaultsThenFailedConversionThrowsIllegalStateException() {
 		MappedJwtClaimSetConverter converter = MappedJwtClaimSetConverter.withDefaults(Collections.emptyMap());
-
 		Map<String, Object> badIssuer = Collections.singletonMap(JwtClaimNames.ISS, "https://badly formed iss");
 		assertThatCode(() -> converter.convert(badIssuer)).isInstanceOf(IllegalStateException.class);
-
 		Map<String, Object> badIssuedAt = Collections.singletonMap(JwtClaimNames.IAT, "badly-formed-iat");
 		assertThatCode(() -> converter.convert(badIssuedAt)).isInstanceOf(IllegalStateException.class);
-
 		Map<String, Object> badExpiresAt = Collections.singletonMap(JwtClaimNames.EXP, "badly-formed-exp");
 		assertThatCode(() -> converter.convert(badExpiresAt)).isInstanceOf(IllegalStateException.class);
-
 		Map<String, Object> badNotBefore = Collections.singletonMap(JwtClaimNames.NBF, "badly-formed-nbf");
 		assertThatCode(() -> converter.convert(badNotBefore)).isInstanceOf(IllegalStateException.class);
 	}
@@ -208,7 +182,6 @@ public class MappedJwtClaimSetConverterTests {
 	@Test
 	public void convertWhenIssuerIsNotAUriThenConvertsToString() {
 		MappedJwtClaimSetConverter converter = MappedJwtClaimSetConverter.withDefaults(Collections.emptyMap());
-
 		Map<String, Object> nonUriIssuer = Collections.singletonMap(JwtClaimNames.ISS, "issuer");
 		Map<String, Object> target = converter.convert(nonUriIssuer);
 		assertThat(target.get(JwtClaimNames.ISS)).isEqualTo("issuer");
@@ -218,7 +191,6 @@ public class MappedJwtClaimSetConverterTests {
 	@Test
 	public void convertWhenIssuerIsOfTypeURLThenConvertsToString() throws Exception {
 		MappedJwtClaimSetConverter converter = MappedJwtClaimSetConverter.withDefaults(Collections.emptyMap());
-
 		Map<String, Object> issuer = Collections.singletonMap(JwtClaimNames.ISS, new URL("https://issuer"));
 		Map<String, Object> target = converter.convert(issuer);
 		assertThat(target.get(JwtClaimNames.ISS)).isEqualTo("https://issuer");
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderJwkSupportTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderJwkSupportTests.java
index 18a4a00aa2..b0b848f875 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderJwkSupportTests.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderJwkSupportTests.java
@@ -175,15 +175,11 @@ public class NimbusJwtDecoderJwkSupportTests {
 		try (MockWebServer server = new MockWebServer()) {
 			server.enqueue(new MockResponse().setBody(JWK_SET));
 			String jwkSetUrl = server.url("/.well-known/jwks.json").toString();
-
 			NimbusJwtDecoderJwkSupport decoder = new NimbusJwtDecoderJwkSupport(jwkSetUrl);
-
 			OAuth2Error failure = new OAuth2Error("mock-error", "mock-description", "mock-uri");
-
 			OAuth2TokenValidator<Jwt> jwtValidator = mock(OAuth2TokenValidator.class);
 			given(jwtValidator.validate(any(Jwt.class))).willReturn(OAuth2TokenValidatorResult.failure(failure));
 			decoder.setJwtValidator(jwtValidator);
-
 			assertThatCode(() -> decoder.decode(SIGNED_JWT)).isInstanceOf(JwtValidationException.class)
 					.hasMessageContaining("mock-description");
 		}
@@ -194,17 +190,13 @@ public class NimbusJwtDecoderJwkSupportTests {
 		try (MockWebServer server = new MockWebServer()) {
 			server.enqueue(new MockResponse().setBody(JWK_SET));
 			String jwkSetUrl = server.url("/.well-known/jwks.json").toString();
-
 			NimbusJwtDecoderJwkSupport decoder = new NimbusJwtDecoderJwkSupport(jwkSetUrl);
-
 			OAuth2Error firstFailure = new OAuth2Error("mock-error", "mock-description", "mock-uri");
 			OAuth2Error secondFailure = new OAuth2Error("another-error", "another-description", "another-uri");
 			OAuth2TokenValidatorResult result = OAuth2TokenValidatorResult.failure(firstFailure, secondFailure);
-
 			OAuth2TokenValidator<Jwt> jwtValidator = mock(OAuth2TokenValidator.class);
 			given(jwtValidator.validate(any(Jwt.class))).willReturn(result);
 			decoder.setJwtValidator(jwtValidator);
-
 			assertThatCode(() -> decoder.decode(SIGNED_JWT)).isInstanceOf(JwtValidationException.class)
 					.hasMessageContaining("mock-description")
 					.hasFieldOrPropertyWithValue("errors", Arrays.asList(firstFailure, secondFailure));
@@ -216,13 +208,10 @@ public class NimbusJwtDecoderJwkSupportTests {
 		try (MockWebServer server = new MockWebServer()) {
 			server.enqueue(new MockResponse().setBody(JWK_SET));
 			String jwkSetUrl = server.url("/.well-known/jwks.json").toString();
-
 			NimbusJwtDecoderJwkSupport decoder = new NimbusJwtDecoderJwkSupport(jwkSetUrl);
-
 			Converter<Map<String, Object>, Map<String, Object>> claimSetConverter = mock(Converter.class);
 			given(claimSetConverter.convert(any(Map.class))).willReturn(Collections.singletonMap("custom", "value"));
 			decoder.setClaimSetConverter(claimSetConverter);
-
 			Jwt jwt = decoder.decode(SIGNED_JWT);
 			assertThat(jwt.getClaims().size()).isEqualTo(1);
 			assertThat(jwt.getClaims().get("custom")).isEqualTo("value");
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderTests.java
index 32b04cc858..fcdd0e2c84 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderTests.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderTests.java
@@ -174,11 +174,9 @@ public class NimbusJwtDecoderTests {
 	@Test
 	public void decodeWhenJwtFailsValidationThenReturnsCorrespondingErrorMessage() {
 		OAuth2Error failure = new OAuth2Error("mock-error", "mock-description", "mock-uri");
-
 		OAuth2TokenValidator<Jwt> jwtValidator = mock(OAuth2TokenValidator.class);
 		given(jwtValidator.validate(any(Jwt.class))).willReturn(OAuth2TokenValidatorResult.failure(failure));
 		this.jwtDecoder.setJwtValidator(jwtValidator);
-
 		assertThatCode(() -> this.jwtDecoder.decode(SIGNED_JWT)).isInstanceOf(JwtValidationException.class)
 				.hasMessageContaining("mock-description");
 	}
@@ -188,11 +186,9 @@ public class NimbusJwtDecoderTests {
 		OAuth2Error firstFailure = new OAuth2Error("mock-error", "mock-description", "mock-uri");
 		OAuth2Error secondFailure = new OAuth2Error("another-error", "another-description", "another-uri");
 		OAuth2TokenValidatorResult result = OAuth2TokenValidatorResult.failure(firstFailure, secondFailure);
-
 		OAuth2TokenValidator<Jwt> jwtValidator = mock(OAuth2TokenValidator.class);
 		given(jwtValidator.validate(any(Jwt.class))).willReturn(result);
 		this.jwtDecoder.setJwtValidator(jwtValidator);
-
 		assertThatCode(() -> this.jwtDecoder.decode(SIGNED_JWT)).isInstanceOf(JwtValidationException.class)
 				.hasMessageContaining("mock-description")
 				.hasFieldOrPropertyWithValue("errors", Arrays.asList(firstFailure, secondFailure));
@@ -202,13 +198,11 @@ public class NimbusJwtDecoderTests {
 	public void decodeWhenReadingErrorPickTheFirstErrorMessage() {
 		OAuth2TokenValidator<Jwt> jwtValidator = mock(OAuth2TokenValidator.class);
 		this.jwtDecoder.setJwtValidator(jwtValidator);
-
 		OAuth2Error errorEmpty = new OAuth2Error("mock-error", "", "mock-uri");
 		OAuth2Error error = new OAuth2Error("mock-error", "mock-description", "mock-uri");
 		OAuth2Error error2 = new OAuth2Error("mock-error-second", "mock-description-second", "mock-uri-second");
 		OAuth2TokenValidatorResult result = OAuth2TokenValidatorResult.failure(errorEmpty, error, error2);
 		given(jwtValidator.validate(any(Jwt.class))).willReturn(result);
-
 		Assertions.assertThatCode(() -> this.jwtDecoder.decode(SIGNED_JWT)).isInstanceOf(JwtValidationException.class)
 				.hasMessageContaining("mock-description");
 	}
@@ -218,7 +212,6 @@ public class NimbusJwtDecoderTests {
 		Converter<Map<String, Object>, Map<String, Object>> claimSetConverter = mock(Converter.class);
 		given(claimSetConverter.convert(any(Map.class))).willReturn(Collections.singletonMap("custom", "value"));
 		this.jwtDecoder.setClaimSetConverter(claimSetConverter);
-
 		Jwt jwt = this.jwtDecoder.decode(SIGNED_JWT);
 		assertThat(jwt.getClaims().size()).isEqualTo(1);
 		assertThat(jwt.getClaims().get("custom")).isEqualTo("value");
@@ -229,9 +222,7 @@ public class NimbusJwtDecoderTests {
 	public void decodeWhenClaimSetConverterFailsThenBadJwtException() {
 		Converter<Map<String, Object>, Map<String, Object>> claimSetConverter = mock(Converter.class);
 		this.jwtDecoder.setClaimSetConverter(claimSetConverter);
-
 		given(claimSetConverter.convert(any(Map.class))).willThrow(new IllegalArgumentException("bad conversion"));
-
 		assertThatCode(() -> this.jwtDecoder.decode(SIGNED_JWT)).isInstanceOf(BadJwtException.class);
 	}
 
@@ -255,7 +246,6 @@ public class NimbusJwtDecoderTests {
 		try (MockWebServer server = new MockWebServer()) {
 			String jwkSetUri = server.url("/.well-known/jwks.json").toString();
 			NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder.withJwkSetUri(jwkSetUri).build();
-
 			server.shutdown();
 			assertThatCode(() -> jwtDecoder.decode(SIGNED_JWT)).isInstanceOf(JwtException.class)
 					.isNotInstanceOf(BadJwtException.class)
@@ -269,12 +259,10 @@ public class NimbusJwtDecoderTests {
 			Cache cache = new ConcurrentMapCache("test-jwk-set-cache");
 			String jwkSetUri = server.url("/.well-known/jwks.json").toString();
 			NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder.withJwkSetUri(jwkSetUri).cache(cache).build();
-
 			server.shutdown();
 			assertThatCode(() -> jwtDecoder.decode(SIGNED_JWT)).isInstanceOf(JwtException.class)
 					.isNotInstanceOf(BadJwtException.class)
 					.hasMessageContaining("An error occurred while attempting to decode the Jwt");
-
 		}
 	}
 
@@ -530,7 +518,6 @@ public class NimbusJwtDecoderTests {
 		assertThatCode(() -> jwtDecoder.decode(SIGNED_JWT)).isInstanceOf(JwtException.class)
 				.isNotInstanceOf(BadJwtException.class)
 				.hasMessageContaining("An error occurred while attempting to decode the Jwt");
-
 	}
 
 	// gh-8730
@@ -595,7 +582,6 @@ public class NimbusJwtDecoderTests {
 
 		@Override
 		public JWTClaimsSet process(SignedJWT signedJWT, SecurityContext context) throws BadJOSEException {
-
 			try {
 				return signedJWT.getJWTClaimsSet();
 			}
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoderTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoderTests.java
index fb9906cffc..237e3ba2c4 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoderTests.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoderTests.java
@@ -126,16 +126,13 @@ public class NimbusReactiveJwtDecoderTests {
 	@Test
 	public void decodeWhenInvalidUrl() {
 		this.decoder = new NimbusReactiveJwtDecoder("https://s");
-
 		assertThatCode(() -> this.decoder.decode(this.messageReadToken).block())
 				.isInstanceOf(IllegalStateException.class).hasCauseInstanceOf(UnknownHostException.class);
-
 	}
 
 	@Test
 	public void decodeWhenMessageReadScopeThenSuccess() {
 		Jwt jwt = this.decoder.decode(this.messageReadToken).block();
-
 		assertThat(jwt.getClaims().get("scope")).isEqualTo("message:read");
 	}
 
@@ -147,16 +144,13 @@ public class NimbusReactiveJwtDecoderTests {
 				.generatePublic(new X509EncodedKeySpec(bytes));
 		this.decoder = new NimbusReactiveJwtDecoder(publicKey);
 		String noKeyId = "eyJhbGciOiJSUzI1NiJ9.eyJzY29wZSI6IiIsImV4cCI6OTIyMzM3MjAwNjA5NjM3NX0.hNVuHSUkxdLZrDfqdmKcOi0ggmNaDuB4ZPxPtJl1gwBiXzIGN6Hwl24O2BfBZiHFKUTQDs4_RvzD71mEG3DvUrcKmdYWqIB1l8KNmxQLUDG-cAPIpJmRJgCh50tf8OhOE_Cb9E1HcsOUb47kT9iz-VayNBcmo6BmyZLdEGhsdGBrc3Mkz2dd_0PF38I2Hf_cuSjn9gBjFGtiPEXJvob3PEjVTSx_zvodT8D9p3An1R3YBZf5JSd1cQisrXgDX2k1Jmf7UKKWzgfyCgnEtRWWbsUdPqo3rSEY9GDC1iSQXsFTTC1FT_JJDkwzGf011fsU5O_Ko28TARibmKTCxAKNRQ";
-
 		assertThatCode(() -> this.decoder.decode(noKeyId).block()).doesNotThrowAnyException();
 	}
 
 	@Test
 	public void decodeWhenIssuedAtThenSuccess() {
 		String withIssuedAt = "eyJraWQiOiJrZXktaWQtMSIsImFsZyI6IlJTMjU2In0.eyJzY29wZSI6IiIsImV4cCI6OTIyMzM3MjAwNjA5NjM3NSwiaWF0IjoxNTI5OTQyNDQ4fQ.LBzAJO-FR-uJDHST61oX4kimuQjz6QMJPW_mvEXRB6A-fMQWpfTQ089eboipAqsb33XnwWth9ELju9HMWLk0FjlWVVzwObh9FcoKelmPNR8mZIlFG-pAYGgSwi8HufyLabXHntFavBiFtqwp_z9clSOFK1RxWvt3lywEbGgtCKve0BXOjfKWiH1qe4QKGixH-NFxidvz8Qd5WbJwyb9tChC6ZKoKPv7Jp-N5KpxkY-O2iUtINvn4xOSactUsvKHgF8ZzZjvJGzG57r606OZXaNtoElQzjAPU5xDGg5liuEJzfBhvqiWCLRmSuZ33qwp3aoBnFgEw0B85gsNe3ggABg";
-
 		Jwt jwt = this.decoder.decode(withIssuedAt).block();
-
 		assertThat(jwt.getClaims().get(JwtClaimNames.IAT)).isEqualTo(Instant.ofEpochSecond(1529942448L));
 	}
 
@@ -207,11 +201,9 @@ public class NimbusReactiveJwtDecoderTests {
 	public void decodeWhenUsingCustomValidatorThenValidatorIsInvoked() {
 		OAuth2TokenValidator jwtValidator = mock(OAuth2TokenValidator.class);
 		this.decoder.setJwtValidator(jwtValidator);
-
 		OAuth2Error error = new OAuth2Error("mock-error", "mock-description", "mock-uri");
 		OAuth2TokenValidatorResult result = OAuth2TokenValidatorResult.failure(error);
 		given(jwtValidator.validate(any(Jwt.class))).willReturn(result);
-
 		assertThatCode(() -> this.decoder.decode(this.messageReadToken).block())
 				.isInstanceOf(JwtValidationException.class).hasMessageContaining("mock-description");
 	}
@@ -220,13 +212,11 @@ public class NimbusReactiveJwtDecoderTests {
 	public void decodeWhenReadingErrorPickTheFirstErrorMessage() {
 		OAuth2TokenValidator<Jwt> jwtValidator = mock(OAuth2TokenValidator.class);
 		this.decoder.setJwtValidator(jwtValidator);
-
 		OAuth2Error errorEmpty = new OAuth2Error("mock-error", "", "mock-uri");
 		OAuth2Error error = new OAuth2Error("mock-error", "mock-description", "mock-uri");
 		OAuth2Error error2 = new OAuth2Error("mock-error-second", "mock-description-second", "mock-uri-second");
 		OAuth2TokenValidatorResult result = OAuth2TokenValidatorResult.failure(errorEmpty, error, error2);
 		given(jwtValidator.validate(any(Jwt.class))).willReturn(result);
-
 		assertThatCode(() -> this.decoder.decode(this.messageReadToken).block())
 				.isInstanceOf(JwtValidationException.class).hasMessageContaining("mock-description");
 	}
@@ -235,9 +225,7 @@ public class NimbusReactiveJwtDecoderTests {
 	public void decodeWhenUsingSignedJwtThenReturnsClaimsGivenByClaimSetConverter() {
 		Converter<Map<String, Object>, Map<String, Object>> claimSetConverter = mock(Converter.class);
 		this.decoder.setClaimSetConverter(claimSetConverter);
-
 		given(claimSetConverter.convert(any(Map.class))).willReturn(Collections.singletonMap("custom", "value"));
-
 		Jwt jwt = this.decoder.decode(this.messageReadToken).block();
 		assertThat(jwt.getClaims().size()).isEqualTo(1);
 		assertThat(jwt.getClaims().get("custom")).isEqualTo("value");
@@ -249,9 +237,7 @@ public class NimbusReactiveJwtDecoderTests {
 	public void decodeWhenClaimSetConverterFailsThenBadJwtException() {
 		Converter<Map<String, Object>, Map<String, Object>> claimSetConverter = mock(Converter.class);
 		this.decoder.setClaimSetConverter(claimSetConverter);
-
 		given(claimSetConverter.convert(any(Map.class))).willThrow(new IllegalArgumentException("bad conversion"));
-
 		assertThatCode(() -> this.decoder.decode(this.messageReadToken).block()).isInstanceOf(BadJwtException.class);
 	}
 
@@ -359,7 +345,6 @@ public class NimbusReactiveJwtDecoderTests {
 				.jwtProcessorCustomizer(
 						(p) -> p.setJWSTypeVerifier(new DefaultJOSEObjectTypeVerifier<>(new JOSEObjectType("JWS"))))
 				.build();
-
 		AssertionsForClassTypes.assertThatCode(() -> decoder.decode(this.rsa256).block())
 				.isInstanceOf(BadJwtException.class)
 				.hasRootCauseMessage("Required JOSE header \"typ\" (type) parameter is missing");
@@ -381,7 +366,6 @@ public class NimbusReactiveJwtDecoderTests {
 	public void decodeWhenCustomJwkSourceResolutionThenDecodes() {
 		NimbusReactiveJwtDecoder decoder = NimbusReactiveJwtDecoder
 				.withJwkSource((jwt) -> Flux.fromIterable(parseJWKSet(this.jwkSet).getKeys())).build();
-
 		assertThat(decoder.decode(this.messageReadToken).block()).extracting(Jwt::getExpiresAt).isNotNull();
 	}
 
@@ -392,7 +376,6 @@ public class NimbusReactiveJwtDecoderTests {
 				.jwtProcessorCustomizer(
 						(p) -> p.setJWSTypeVerifier(new DefaultJOSEObjectTypeVerifier<>(new JOSEObjectType("JWS"))))
 				.build();
-
 		assertThatCode(() -> decoder.decode(this.messageReadToken).block()).isInstanceOf(BadJwtException.class)
 				.hasRootCauseMessage("Required JOSE header \"typ\" (type) parameter is missing");
 	}
@@ -424,7 +407,6 @@ public class NimbusReactiveJwtDecoderTests {
 		JWTClaimsSet claimsSet = new JWTClaimsSet.Builder().subject("test-subject")
 				.expirationTime(Date.from(Instant.now().plusSeconds(60))).build();
 		SignedJWT signedJWT = signedJwt(secretKey, macAlgorithm, claimsSet);
-
 		this.decoder = NimbusReactiveJwtDecoder.withSecretKey(secretKey).macAlgorithm(macAlgorithm).build();
 		Jwt jwt = this.decoder.decode(signedJWT.serialize()).block();
 		assertThat(jwt.getSubject()).isEqualTo("test-subject");
@@ -449,7 +431,6 @@ public class NimbusReactiveJwtDecoderTests {
 		JWTClaimsSet claimsSet = new JWTClaimsSet.Builder().subject("test-subject")
 				.expirationTime(Date.from(Instant.now().plusSeconds(60))).build();
 		SignedJWT signedJWT = signedJwt(secretKey, macAlgorithm, claimsSet);
-
 		this.decoder = NimbusReactiveJwtDecoder.withSecretKey(secretKey).macAlgorithm(MacAlgorithm.HS512).build();
 		assertThatThrownBy(() -> this.decoder.decode(signedJWT.serialize()).block())
 				.isInstanceOf(BadJwtException.class);
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/ReactiveJwtDecodersTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/ReactiveJwtDecodersTests.java
index 99b9d516c7..bd106ef99a 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/ReactiveJwtDecodersTests.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/ReactiveJwtDecodersTests.java
@@ -90,9 +90,7 @@ public class ReactiveJwtDecodersTests {
 	@Test
 	public void issuerWhenResponseIsTypicalThenReturnedDecoderValidatesIssuer() {
 		prepareConfigurationResponse();
-
 		ReactiveJwtDecoder decoder = ReactiveJwtDecoders.fromOidcIssuerLocation(this.issuer);
-
 		assertThatCode(() -> decoder.decode(ISSUER_MISMATCH).block()).isInstanceOf(JwtValidationException.class)
 				.hasMessageContaining("The iss claim is not valid");
 	}
@@ -100,9 +98,7 @@ public class ReactiveJwtDecodersTests {
 	@Test
 	public void issuerWhenOidcFallbackResponseIsTypicalThenReturnedDecoderValidatesIssuer() {
 		prepareConfigurationResponseOidc();
-
 		ReactiveJwtDecoder decoder = ReactiveJwtDecoders.fromIssuerLocation(this.issuer);
-
 		assertThatCode(() -> decoder.decode(ISSUER_MISMATCH).block()).isInstanceOf(JwtValidationException.class)
 				.hasMessageContaining("The iss claim is not valid");
 	}
@@ -110,9 +106,7 @@ public class ReactiveJwtDecodersTests {
 	@Test
 	public void issuerWhenOAuth2ResponseIsTypicalThenReturnedDecoderValidatesIssuer() {
 		prepareConfigurationResponseOAuth2();
-
 		ReactiveJwtDecoder decoder = ReactiveJwtDecoders.fromIssuerLocation(this.issuer);
-
 		assertThatCode(() -> decoder.decode(ISSUER_MISMATCH).block()).isInstanceOf(JwtValidationException.class)
 				.hasMessageContaining("The iss claim is not valid");
 	}
@@ -120,7 +114,6 @@ public class ReactiveJwtDecodersTests {
 	@Test
 	public void issuerWhenResponseIsNonCompliantThenThrowsRuntimeException() {
 		prepareConfigurationResponse("{ \"missing_required_keys\" : \"and_values\" }");
-
 		assertThatCode(() -> ReactiveJwtDecoders.fromOidcIssuerLocation(this.issuer))
 				.isInstanceOf(RuntimeException.class);
 	}
@@ -167,7 +160,6 @@ public class ReactiveJwtDecodersTests {
 	@Test
 	public void issuerWhenResponseIsMalformedThenThrowsRuntimeException() {
 		prepareConfigurationResponse("malformed");
-
 		assertThatCode(() -> ReactiveJwtDecoders.fromOidcIssuerLocation(this.issuer))
 				.isInstanceOf(RuntimeException.class);
 	}
@@ -187,7 +179,6 @@ public class ReactiveJwtDecodersTests {
 	@Test
 	public void issuerWhenRespondingIssuerMismatchesRequestedIssuerThenThrowsIllegalStateException() {
 		prepareConfigurationResponse(String.format(DEFAULT_RESPONSE_TEMPLATE, this.issuer + "/wrong", this.issuer));
-
 		assertThatCode(() -> ReactiveJwtDecoders.fromOidcIssuerLocation(this.issuer))
 				.isInstanceOf(IllegalStateException.class);
 	}
@@ -209,9 +200,7 @@ public class ReactiveJwtDecodersTests {
 
 	@Test
 	public void issuerWhenRequestedIssuerIsUnresponsiveThenThrowsIllegalArgumentException() throws Exception {
-
 		this.server.shutdown();
-
 		assertThatCode(() -> ReactiveJwtDecoders.fromOidcIssuerLocation("https://issuer"))
 				.isInstanceOf(IllegalArgumentException.class);
 	}
@@ -219,7 +208,6 @@ public class ReactiveJwtDecodersTests {
 	@Test
 	public void issuerWhenOidcFallbackRequestedIssuerIsUnresponsiveThenThrowsIllegalArgumentException()
 			throws Exception {
-
 		this.server.shutdown();
 		assertThatCode(() -> ReactiveJwtDecoders.fromIssuerLocation("https://issuer"))
 				.isInstanceOf(IllegalArgumentException.class);
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/ReactiveRemoteJWKSourceTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/ReactiveRemoteJWKSourceTests.java
index 6a2960afee..312d5bdc9c 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/ReactiveRemoteJWKSourceTests.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/ReactiveRemoteJWKSourceTests.java
@@ -74,7 +74,6 @@ public class ReactiveRemoteJWKSourceTests {
 	public void setup() {
 		this.server = new MockWebServer();
 		this.source = new ReactiveRemoteJWKSource(this.server.url("/").toString());
-
 		this.server.enqueue(new MockResponse().setBody(this.keys));
 		this.selector = new JWKSelector(this.matcher);
 	}
@@ -82,17 +81,14 @@ public class ReactiveRemoteJWKSourceTests {
 	@Test
 	public void getWhenMultipleRequestThenCached() {
 		given(this.matcher.matches(any())).willReturn(true);
-
 		this.source.get(this.selector).block();
 		this.source.get(this.selector).block();
-
 		assertThat(this.server.getRequestCount()).isEqualTo(1);
 	}
 
 	@Test
 	public void getWhenMatchThenCreatesKeys() {
 		given(this.matcher.matches(any())).willReturn(true);
-
 		List<JWK> keys = this.source.get(this.selector).block();
 		assertThat(keys).hasSize(2);
 		JWK key1 = keys.get(0);
@@ -100,7 +96,6 @@ public class ReactiveRemoteJWKSourceTests {
 		assertThat(key1.getAlgorithm().getName()).isEqualTo("RS256");
 		assertThat(key1.getKeyType()).isEqualTo(KeyType.RSA);
 		assertThat(key1.getKeyUse()).isEqualTo(KeyUse.SIGNATURE);
-
 		JWK key2 = keys.get(1);
 		assertThat(key2.getKeyID()).isEqualTo("7ddf54d3032d1f0d48c3618892ca74c1ac30ad77");
 		assertThat(key2.getAlgorithm().getName()).isEqualTo("RS256");
@@ -112,7 +107,6 @@ public class ReactiveRemoteJWKSourceTests {
 	public void getWhenNoMatchAndNoKeyIdThenEmpty() {
 		given(this.matcher.matches(any())).willReturn(false);
 		given(this.matcher.getKeyIDs()).willReturn(Collections.emptySet());
-
 		assertThat(this.source.get(this.selector).block()).isEmpty();
 	}
 
@@ -121,9 +115,7 @@ public class ReactiveRemoteJWKSourceTests {
 		this.server.enqueue(new MockResponse().setBody(this.keys2));
 		given(this.matcher.matches(any())).willReturn(false, false, true);
 		given(this.matcher.getKeyIDs()).willReturn(Collections.singleton("rotated"));
-
 		List<JWK> keys = this.source.get(this.selector).block();
-
 		assertThat(keys).hasSize(1);
 		assertThat(keys.get(0).getKeyID()).isEqualTo("rotated");
 	}
@@ -133,9 +125,7 @@ public class ReactiveRemoteJWKSourceTests {
 		this.server.enqueue(new MockResponse().setBody(this.keys2));
 		given(this.matcher.matches(any())).willReturn(false, false, false);
 		given(this.matcher.getKeyIDs()).willReturn(Collections.singleton("rotated"));
-
 		List<JWK> keys = this.source.get(this.selector).block();
-
 		assertThat(keys).isEmpty();
 	}
 
@@ -143,7 +133,6 @@ public class ReactiveRemoteJWKSourceTests {
 	public void getWhenNoMatchAndKeyIdMatchThenEmpty() {
 		given(this.matcher.matches(any())).willReturn(false);
 		given(this.matcher.getKeyIDs()).willReturn(Collections.singleton("7ddf54d3032d1f0d48c3618892ca74c1ac30ad77"));
-
 		assertThat(this.source.get(this.selector).block()).isEmpty();
 	}
 
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/core/TestOAuth2AuthenticatedPrincipals.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/core/TestOAuth2AuthenticatedPrincipals.java
index 3a7e07471c..11cfb3bcc7 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/core/TestOAuth2AuthenticatedPrincipals.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/core/TestOAuth2AuthenticatedPrincipals.java
@@ -58,7 +58,6 @@ public final class TestOAuth2AuthenticatedPrincipals {
 		attributes.put(OAuth2IntrospectionClaimNames.SUBJECT, "Z5O3upPC88QrAjx00dis");
 		attributes.put(OAuth2IntrospectionClaimNames.USERNAME, "jdoe");
 		attributesConsumer.accept(attributes);
-
 		Collection<GrantedAuthority> authorities = Arrays.asList(new SimpleGrantedAuthority("SCOPE_read"),
 				new SimpleGrantedAuthority("SCOPE_write"), new SimpleGrantedAuthority("SCOPE_dolphin"));
 		return new OAuth2IntrospectionAuthenticatedPrincipal(attributes, authorities);
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/BearerTokenAuthenticationTokenTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/BearerTokenAuthenticationTokenTests.java
index a85e43d25b..e8c520ed09 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/BearerTokenAuthenticationTokenTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/BearerTokenAuthenticationTokenTests.java
@@ -43,7 +43,6 @@ public class BearerTokenAuthenticationTokenTests {
 	@Test
 	public void constructorWhenTokenHasValueThenConstructedCorrectly() {
 		BearerTokenAuthenticationToken token = new BearerTokenAuthenticationToken("token");
-
 		assertThat(token.getToken()).isEqualTo("token");
 		assertThat(token.getPrincipal()).isEqualTo("token");
 		assertThat(token.getCredentials()).isEqualTo("token");
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/BearerTokenErrorTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/BearerTokenErrorTests.java
index ca7c70e5b3..b095788d94 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/BearerTokenErrorTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/BearerTokenErrorTests.java
@@ -44,7 +44,6 @@ public class BearerTokenErrorTests {
 	@Test
 	public void constructorWithErrorCodeWhenErrorCodeIsValidThenCreated() {
 		BearerTokenError error = new BearerTokenError(TEST_ERROR_CODE, TEST_HTTP_STATUS, null, null);
-
 		assertThat(error.getErrorCode()).isEqualTo(TEST_ERROR_CODE);
 		assertThat(error.getHttpStatus()).isEqualTo(TEST_HTTP_STATUS);
 		assertThat(error.getDescription()).isNull();
@@ -74,7 +73,6 @@ public class BearerTokenErrorTests {
 	public void constructorWithAllParametersWhenAllParametersAreValidThenCreated() {
 		BearerTokenError error = new BearerTokenError(TEST_ERROR_CODE, TEST_HTTP_STATUS, TEST_DESCRIPTION, TEST_URI,
 				TEST_SCOPE);
-
 		assertThat(error.getErrorCode()).isEqualTo(TEST_ERROR_CODE);
 		assertThat(error.getHttpStatus()).isEqualTo(TEST_HTTP_STATUS);
 		assertThat(error.getDescription()).isEqualTo(TEST_DESCRIPTION);
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationConverterTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationConverterTests.java
index 64e14fd6e2..f4fb711430 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationConverterTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationConverterTests.java
@@ -44,10 +44,8 @@ public class JwtAuthenticationConverterTests {
 	@Test
 	public void convertWhenDefaultGrantedAuthoritiesConverterSet() {
 		Jwt jwt = TestJwts.jwt().claim("scope", "message:read message:write").build();
-
 		AbstractAuthenticationToken authentication = this.jwtAuthenticationConverter.convert(jwt);
 		Collection<GrantedAuthority> authorities = authentication.getAuthorities();
-
 		assertThat(authorities).containsExactly(new SimpleGrantedAuthority("SCOPE_message:read"),
 				new SimpleGrantedAuthority("SCOPE_message:write"));
 	}
@@ -62,15 +60,11 @@ public class JwtAuthenticationConverterTests {
 	@Test
 	public void convertWithOverriddenGrantedAuthoritiesConverter() {
 		Jwt jwt = TestJwts.jwt().claim("scope", "message:read message:write").build();
-
 		Converter<Jwt, Collection<GrantedAuthority>> grantedAuthoritiesConverter = (token) -> Arrays
 				.asList(new SimpleGrantedAuthority("blah"));
-
 		this.jwtAuthenticationConverter.setJwtGrantedAuthoritiesConverter(grantedAuthoritiesConverter);
-
 		AbstractAuthenticationToken authentication = this.jwtAuthenticationConverter.convert(jwt);
 		Collection<GrantedAuthority> authorities = authentication.getAuthorities();
-
 		assertThat(authorities).containsExactly(new SimpleGrantedAuthority("blah"));
 	}
 
@@ -97,10 +91,8 @@ public class JwtAuthenticationConverterTests {
 	@Test
 	public void convertWhenPrincipalClaimNameSet() {
 		this.jwtAuthenticationConverter.setPrincipalClaimName("user_id");
-
 		Jwt jwt = TestJwts.jwt().claim("user_id", "100").build();
 		AbstractAuthenticationToken authentication = this.jwtAuthenticationConverter.convert(jwt);
-
 		assertThat(authentication.getName()).isEqualTo("100");
 	}
 
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationProviderTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationProviderTests.java
index abbb3be03b..2501d67a4a 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationProviderTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationProviderTests.java
@@ -65,23 +65,17 @@ public class JwtAuthenticationProviderTests {
 	@Test
 	public void authenticateWhenJwtDecodesThenAuthenticationHasAttributesContainedInJwt() {
 		BearerTokenAuthenticationToken token = this.authentication();
-
 		Jwt jwt = TestJwts.jwt().claim("name", "value").build();
-
 		given(this.jwtDecoder.decode("token")).willReturn(jwt);
 		given(this.jwtAuthenticationConverter.convert(jwt)).willReturn(new JwtAuthenticationToken(jwt));
-
 		JwtAuthenticationToken authentication = (JwtAuthenticationToken) this.provider.authenticate(token);
-
 		assertThat(authentication.getTokenAttributes()).containsEntry("name", "value");
 	}
 
 	@Test
 	public void authenticateWhenJwtDecodeFailsThenRespondsWithInvalidToken() {
 		BearerTokenAuthenticationToken token = this.authentication();
-
 		given(this.jwtDecoder.decode("token")).willThrow(BadJwtException.class);
-
 		assertThatCode(() -> this.provider.authenticate(token))
 				.matches((failed) -> failed instanceof OAuth2AuthenticationException)
 				.matches(errorCode(BearerTokenErrorCodes.INVALID_TOKEN));
@@ -90,9 +84,7 @@ public class JwtAuthenticationProviderTests {
 	@Test
 	public void authenticateWhenDecoderThrowsIncompatibleErrorMessageThenWrapsWithGenericOne() {
 		BearerTokenAuthenticationToken token = this.authentication();
-
 		given(this.jwtDecoder.decode(token.getToken())).willThrow(new BadJwtException("with \"invalid\" chars"));
-
 		assertThatCode(() -> this.provider.authenticate(token)).isInstanceOf(OAuth2AuthenticationException.class)
 				.hasFieldOrPropertyWithValue("error.description", "Invalid token");
 	}
@@ -101,9 +93,7 @@ public class JwtAuthenticationProviderTests {
 	@Test
 	public void authenticateWhenDecoderFailsGenericallyThenThrowsGenericException() {
 		BearerTokenAuthenticationToken token = this.authentication();
-
 		given(this.jwtDecoder.decode(token.getToken())).willThrow(new JwtException("no jwk set"));
-
 		assertThatCode(() -> this.provider.authenticate(token)).isInstanceOf(AuthenticationException.class)
 				.isNotInstanceOf(OAuth2AuthenticationException.class);
 	}
@@ -113,13 +103,10 @@ public class JwtAuthenticationProviderTests {
 		BearerTokenAuthenticationToken token = this.authentication();
 		Object details = mock(Object.class);
 		token.setDetails(details);
-
 		Jwt jwt = TestJwts.jwt().build();
 		JwtAuthenticationToken authentication = new JwtAuthenticationToken(jwt);
-
 		given(this.jwtDecoder.decode(token.getToken())).willReturn(jwt);
 		given(this.jwtAuthenticationConverter.convert(jwt)).willReturn(authentication);
-
 		assertThat(this.provider.authenticate(token)).isEqualTo(authentication).hasFieldOrPropertyWithValue("details",
 				details);
 	}
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationTokenTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationTokenTests.java
index b47ae58732..417c2354b3 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationTokenTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationTokenTests.java
@@ -42,7 +42,6 @@ public class JwtAuthenticationTokenTests {
 	public void getNameWhenJwtHasSubjectThenReturnsSubject() {
 		Jwt jwt = builder().subject("Carl").build();
 		JwtAuthenticationToken token = new JwtAuthenticationToken(jwt);
-
 		assertThat(token.getName()).isEqualTo("Carl");
 	}
 
@@ -50,7 +49,6 @@ public class JwtAuthenticationTokenTests {
 	public void getNameWhenJwtHasNoSubjectThenReturnsNull() {
 		Jwt jwt = builder().claim("claim", "value").build();
 		JwtAuthenticationToken token = new JwtAuthenticationToken(jwt);
-
 		assertThat(token.getName()).isNull();
 	}
 
@@ -65,7 +63,6 @@ public class JwtAuthenticationTokenTests {
 		Collection<GrantedAuthority> authorities = AuthorityUtils.createAuthorityList("test");
 		Jwt jwt = builder().claim("claim", "value").build();
 		JwtAuthenticationToken token = new JwtAuthenticationToken(jwt, authorities);
-
 		assertThat(token.getAuthorities()).isEqualTo(authorities);
 		assertThat(token.getPrincipal()).isEqualTo(jwt);
 		assertThat(token.getCredentials()).isEqualTo(jwt);
@@ -78,7 +75,6 @@ public class JwtAuthenticationTokenTests {
 	public void constructorWhenUsingOnlyJwtThenConstructedCorrectly() {
 		Jwt jwt = builder().claim("claim", "value").build();
 		JwtAuthenticationToken token = new JwtAuthenticationToken(jwt);
-
 		assertThat(token.getAuthorities()).isEmpty();
 		assertThat(token.getPrincipal()).isEqualTo(jwt);
 		assertThat(token.getCredentials()).isEqualTo(jwt);
@@ -91,7 +87,6 @@ public class JwtAuthenticationTokenTests {
 	public void getNameWhenConstructedWithJwtThenReturnsSubject() {
 		Jwt jwt = builder().subject("Hayden").build();
 		JwtAuthenticationToken token = new JwtAuthenticationToken(jwt);
-
 		assertThat(token.getName()).isEqualTo("Hayden");
 	}
 
@@ -100,7 +95,6 @@ public class JwtAuthenticationTokenTests {
 		Collection<GrantedAuthority> authorities = AuthorityUtils.createAuthorityList("test");
 		Jwt jwt = builder().subject("Hayden").build();
 		JwtAuthenticationToken token = new JwtAuthenticationToken(jwt, authorities);
-
 		assertThat(token.getName()).isEqualTo("Hayden");
 	}
 
@@ -109,7 +103,6 @@ public class JwtAuthenticationTokenTests {
 		Collection<GrantedAuthority> authorities = AuthorityUtils.createAuthorityList("test");
 		Jwt jwt = builder().claim("claim", "value").build();
 		JwtAuthenticationToken token = new JwtAuthenticationToken(jwt, authorities, "Hayden");
-
 		assertThat(token.getName()).isEqualTo("Hayden");
 	}
 
@@ -117,7 +110,6 @@ public class JwtAuthenticationTokenTests {
 	public void getNameWhenConstructedWithNoSubjectThenReturnsNull() {
 		Collection<GrantedAuthority> authorities = AuthorityUtils.createAuthorityList("test");
 		Jwt jwt = builder().claim("claim", "value").build();
-
 		assertThat(new JwtAuthenticationToken(jwt, authorities, null).getName()).isNull();
 		assertThat(new JwtAuthenticationToken(jwt, authorities).getName()).isNull();
 		assertThat(new JwtAuthenticationToken(jwt).getName()).isNull();
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtBearerTokenAuthenticationConverterTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtBearerTokenAuthenticationConverterTests.java
index db485936f7..4d24f499e1 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtBearerTokenAuthenticationConverterTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtBearerTokenAuthenticationConverterTests.java
@@ -38,9 +38,7 @@ public class JwtBearerTokenAuthenticationConverterTests {
 	@Test
 	public void convertWhenJwtThenBearerTokenAuthentication() {
 		Jwt jwt = Jwt.withTokenValue("token-value").claim("claim", "value").header("header", "value").build();
-
 		AbstractAuthenticationToken token = this.converter.convert(jwt);
-
 		assertThat(token).isInstanceOf(BearerTokenAuthentication.class);
 		BearerTokenAuthentication bearerToken = (BearerTokenAuthentication) token;
 		assertThat(bearerToken.getToken().getTokenValue()).isEqualTo("token-value");
@@ -52,9 +50,7 @@ public class JwtBearerTokenAuthenticationConverterTests {
 	public void convertWhenJwtWithScopeAttributeThenBearerTokenAuthentication() {
 		Jwt jwt = Jwt.withTokenValue("token-value").claim("scope", "message:read message:write")
 				.header("header", "value").build();
-
 		AbstractAuthenticationToken token = this.converter.convert(jwt);
-
 		assertThat(token).isInstanceOf(BearerTokenAuthentication.class);
 		BearerTokenAuthentication bearerToken = (BearerTokenAuthentication) token;
 		assertThat(bearerToken.getAuthorities()).containsExactly(new SimpleGrantedAuthority("SCOPE_message:read"),
@@ -65,9 +61,7 @@ public class JwtBearerTokenAuthenticationConverterTests {
 	public void convertWhenJwtWithScpAttributeThenBearerTokenAuthentication() {
 		Jwt jwt = Jwt.withTokenValue("token-value").claim("scp", Arrays.asList("message:read", "message:write"))
 				.header("header", "value").build();
-
 		AbstractAuthenticationToken token = this.converter.convert(jwt);
-
 		assertThat(token).isInstanceOf(BearerTokenAuthentication.class);
 		BearerTokenAuthentication bearerToken = (BearerTokenAuthentication) token;
 		assertThat(bearerToken.getAuthorities()).containsExactly(new SimpleGrantedAuthority("SCOPE_message:read"),
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtGrantedAuthoritiesConverterTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtGrantedAuthoritiesConverterTests.java
index f304c0dc67..e3a2ed91ca 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtGrantedAuthoritiesConverterTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtGrantedAuthoritiesConverterTests.java
@@ -46,10 +46,8 @@ public class JwtGrantedAuthoritiesConverterTests {
 	@Test
 	public void convertWhenTokenHasScopeAttributeThenTranslatedToAuthorities() {
 		Jwt jwt = TestJwts.jwt().claim("scope", "message:read message:write").build();
-
 		JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
 		Collection<GrantedAuthority> authorities = jwtGrantedAuthoritiesConverter.convert(jwt);
-
 		assertThat(authorities).containsExactly(new SimpleGrantedAuthority("SCOPE_message:read"),
 				new SimpleGrantedAuthority("SCOPE_message:write"));
 	}
@@ -57,11 +55,9 @@ public class JwtGrantedAuthoritiesConverterTests {
 	@Test
 	public void convertWithCustomAuthorityPrefixWhenTokenHasScopeAttributeThenTranslatedToAuthorities() {
 		Jwt jwt = TestJwts.jwt().claim("scope", "message:read message:write").build();
-
 		JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
 		jwtGrantedAuthoritiesConverter.setAuthorityPrefix("ROLE_");
 		Collection<GrantedAuthority> authorities = jwtGrantedAuthoritiesConverter.convert(jwt);
-
 		assertThat(authorities).containsExactly(new SimpleGrantedAuthority("ROLE_message:read"),
 				new SimpleGrantedAuthority("ROLE_message:write"));
 	}
@@ -69,11 +65,9 @@ public class JwtGrantedAuthoritiesConverterTests {
 	@Test
 	public void convertWithBlankAsCustomAuthorityPrefixWhenTokenHasScopeAttributeThenTranslatedToAuthorities() {
 		Jwt jwt = TestJwts.jwt().claim("scope", "message:read message:write").build();
-
 		JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
 		jwtGrantedAuthoritiesConverter.setAuthorityPrefix("");
 		Collection<GrantedAuthority> authorities = jwtGrantedAuthoritiesConverter.convert(jwt);
-
 		assertThat(authorities).containsExactly(new SimpleGrantedAuthority("message:read"),
 				new SimpleGrantedAuthority("message:write"));
 	}
@@ -81,20 +75,16 @@ public class JwtGrantedAuthoritiesConverterTests {
 	@Test
 	public void convertWhenTokenHasEmptyScopeAttributeThenTranslatedToNoAuthorities() {
 		Jwt jwt = TestJwts.jwt().claim("scope", "").build();
-
 		JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
 		Collection<GrantedAuthority> authorities = jwtGrantedAuthoritiesConverter.convert(jwt);
-
 		assertThat(authorities).isEmpty();
 	}
 
 	@Test
 	public void convertWhenTokenHasScpAttributeThenTranslatedToAuthorities() {
 		Jwt jwt = TestJwts.jwt().claim("scp", Arrays.asList("message:read", "message:write")).build();
-
 		JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
 		Collection<GrantedAuthority> authorities = jwtGrantedAuthoritiesConverter.convert(jwt);
-
 		assertThat(authorities).containsExactly(new SimpleGrantedAuthority("SCOPE_message:read"),
 				new SimpleGrantedAuthority("SCOPE_message:write"));
 	}
@@ -102,11 +92,9 @@ public class JwtGrantedAuthoritiesConverterTests {
 	@Test
 	public void convertWithCustomAuthorityPrefixWhenTokenHasScpAttributeThenTranslatedToAuthorities() {
 		Jwt jwt = TestJwts.jwt().claim("scp", Arrays.asList("message:read", "message:write")).build();
-
 		JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
 		jwtGrantedAuthoritiesConverter.setAuthorityPrefix("ROLE_");
 		Collection<GrantedAuthority> authorities = jwtGrantedAuthoritiesConverter.convert(jwt);
-
 		assertThat(authorities).containsExactly(new SimpleGrantedAuthority("ROLE_message:read"),
 				new SimpleGrantedAuthority("ROLE_message:write"));
 	}
@@ -114,11 +102,9 @@ public class JwtGrantedAuthoritiesConverterTests {
 	@Test
 	public void convertWithBlankAsCustomAuthorityPrefixWhenTokenHasScpAttributeThenTranslatedToAuthorities() {
 		Jwt jwt = TestJwts.jwt().claim("scp", "message:read message:write").build();
-
 		JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
 		jwtGrantedAuthoritiesConverter.setAuthorityPrefix("");
 		Collection<GrantedAuthority> authorities = jwtGrantedAuthoritiesConverter.convert(jwt);
-
 		assertThat(authorities).containsExactly(new SimpleGrantedAuthority("message:read"),
 				new SimpleGrantedAuthority("message:write"));
 	}
@@ -126,10 +112,8 @@ public class JwtGrantedAuthoritiesConverterTests {
 	@Test
 	public void convertWhenTokenHasEmptyScpAttributeThenTranslatedToNoAuthorities() {
 		Jwt jwt = TestJwts.jwt().claim("scp", Collections.emptyList()).build();
-
 		JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
 		Collection<GrantedAuthority> authorities = jwtGrantedAuthoritiesConverter.convert(jwt);
-
 		assertThat(authorities).isEmpty();
 	}
 
@@ -137,10 +121,8 @@ public class JwtGrantedAuthoritiesConverterTests {
 	public void convertWhenTokenHasBothScopeAndScpThenScopeAttributeIsTranslatedToAuthorities() {
 		Jwt jwt = TestJwts.jwt().claim("scp", Arrays.asList("message:read", "message:write"))
 				.claim("scope", "missive:read missive:write").build();
-
 		JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
 		Collection<GrantedAuthority> authorities = jwtGrantedAuthoritiesConverter.convert(jwt);
-
 		assertThat(authorities).containsExactly(new SimpleGrantedAuthority("SCOPE_missive:read"),
 				new SimpleGrantedAuthority("SCOPE_missive:write"));
 	}
@@ -149,40 +131,32 @@ public class JwtGrantedAuthoritiesConverterTests {
 	public void convertWhenTokenHasEmptyScopeAndNonEmptyScpThenScopeAttributeIsTranslatedToNoAuthorities() {
 		Jwt jwt = TestJwts.jwt().claim("scp", Arrays.asList("message:read", "message:write")).claim("scope", "")
 				.build();
-
 		JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
 		Collection<GrantedAuthority> authorities = jwtGrantedAuthoritiesConverter.convert(jwt);
-
 		assertThat(authorities).isEmpty();
 	}
 
 	@Test
 	public void convertWhenTokenHasEmptyScopeAndEmptyScpAttributeThenTranslatesToNoAuthorities() {
 		Jwt jwt = TestJwts.jwt().claim("scp", Collections.emptyList()).claim("scope", Collections.emptyList()).build();
-
 		JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
 		Collection<GrantedAuthority> authorities = jwtGrantedAuthoritiesConverter.convert(jwt);
-
 		assertThat(authorities).isEmpty();
 	}
 
 	@Test
 	public void convertWhenTokenHasNoScopeAndNoScpAttributeThenTranslatesToNoAuthorities() {
 		Jwt jwt = TestJwts.jwt().claim("roles", Arrays.asList("message:read", "message:write")).build();
-
 		JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
 		Collection<GrantedAuthority> authorities = jwtGrantedAuthoritiesConverter.convert(jwt);
-
 		assertThat(authorities).isEmpty();
 	}
 
 	@Test
 	public void convertWhenTokenHasUnsupportedTypeForScopeThenTranslatesToNoAuthorities() {
 		Jwt jwt = TestJwts.jwt().claim("scope", new String[] { "message:read", "message:write" }).build();
-
 		JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
 		Collection<GrantedAuthority> authorities = jwtGrantedAuthoritiesConverter.convert(jwt);
-
 		assertThat(authorities).isEmpty();
 	}
 
@@ -190,11 +164,9 @@ public class JwtGrantedAuthoritiesConverterTests {
 	public void convertWhenTokenHasCustomClaimNameThenCustomClaimNameAttributeIsTranslatedToAuthorities() {
 		Jwt jwt = TestJwts.jwt().claim("roles", Arrays.asList("message:read", "message:write"))
 				.claim("scope", "missive:read missive:write").build();
-
 		JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
 		jwtGrantedAuthoritiesConverter.setAuthoritiesClaimName("roles");
 		Collection<GrantedAuthority> authorities = jwtGrantedAuthoritiesConverter.convert(jwt);
-
 		assertThat(authorities).containsExactly(new SimpleGrantedAuthority("SCOPE_message:read"),
 				new SimpleGrantedAuthority("SCOPE_message:write"));
 	}
@@ -203,22 +175,18 @@ public class JwtGrantedAuthoritiesConverterTests {
 	public void convertWhenTokenHasEmptyCustomClaimNameThenCustomClaimNameAttributeIsTranslatedToNoAuthorities() {
 		Jwt jwt = TestJwts.jwt().claim("roles", Collections.emptyList()).claim("scope", "missive:read missive:write")
 				.build();
-
 		JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
 		jwtGrantedAuthoritiesConverter.setAuthoritiesClaimName("roles");
 		Collection<GrantedAuthority> authorities = jwtGrantedAuthoritiesConverter.convert(jwt);
-
 		assertThat(authorities).isEmpty();
 	}
 
 	@Test
 	public void convertWhenTokenHasNoCustomClaimNameThenCustomClaimNameAttributeIsTranslatedToNoAuthorities() {
 		Jwt jwt = TestJwts.jwt().claim("scope", "missive:read missive:write").build();
-
 		JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
 		jwtGrantedAuthoritiesConverter.setAuthoritiesClaimName("roles");
 		Collection<GrantedAuthority> authorities = jwtGrantedAuthoritiesConverter.convert(jwt);
-
 		assertThat(authorities).isEmpty();
 	}
 
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerAuthenticationManagerResolverTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerAuthenticationManagerResolverTests.java
index 8a4e57e1b4..bd793b0f14 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerAuthenticationManagerResolverTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerAuthenticationManagerResolverTests.java
@@ -68,15 +68,12 @@ public class JwtIssuerAuthenticationManagerResolverTests {
 			JWSObject jws = new JWSObject(new JWSHeader(JWSAlgorithm.RS256),
 					new Payload(new JSONObject(Collections.singletonMap(JwtClaimNames.ISS, issuer))));
 			jws.sign(new RSASSASigner(TestKeys.DEFAULT_PRIVATE_KEY));
-
 			JwtIssuerAuthenticationManagerResolver authenticationManagerResolver = new JwtIssuerAuthenticationManagerResolver(
 					issuer);
 			MockHttpServletRequest request = new MockHttpServletRequest();
 			request.addHeader("Authorization", "Bearer " + jws.serialize());
-
 			AuthenticationManager authenticationManager = authenticationManagerResolver.resolve(request);
 			assertThat(authenticationManager).isNotNull();
-
 			AuthenticationManager cachedAuthenticationManager = authenticationManagerResolver.resolve(request);
 			assertThat(authenticationManager).isSameAs(cachedAuthenticationManager);
 		}
@@ -88,7 +85,6 @@ public class JwtIssuerAuthenticationManagerResolverTests {
 				"other", "issuers");
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.addHeader("Authorization", "Bearer " + this.jwt);
-
 		assertThatCode(() -> authenticationManagerResolver.resolve(request))
 				.isInstanceOf(OAuth2AuthenticationException.class).hasMessageContaining("Invalid issuer");
 	}
@@ -100,7 +96,6 @@ public class JwtIssuerAuthenticationManagerResolverTests {
 				(issuer) -> authenticationManager);
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.addHeader("Authorization", "Bearer " + this.jwt);
-
 		assertThat(authenticationManagerResolver.resolve(request)).isSameAs(authenticationManager);
 	}
 
@@ -108,17 +103,14 @@ public class JwtIssuerAuthenticationManagerResolverTests {
 	public void resolveWhenUsingExternalSourceThenRespondsToChanges() {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.addHeader("Authorization", "Bearer " + this.jwt);
-
 		Map<String, AuthenticationManager> authenticationManagers = new HashMap<>();
 		JwtIssuerAuthenticationManagerResolver authenticationManagerResolver = new JwtIssuerAuthenticationManagerResolver(
 				authenticationManagers::get);
 		assertThatCode(() -> authenticationManagerResolver.resolve(request))
 				.isInstanceOf(OAuth2AuthenticationException.class).hasMessageContaining("Invalid issuer");
-
 		AuthenticationManager authenticationManager = mock(AuthenticationManager.class);
 		authenticationManagers.put("trusted", authenticationManager);
 		assertThat(authenticationManagerResolver.resolve(request)).isSameAs(authenticationManager);
-
 		authenticationManagers.clear();
 		assertThatCode(() -> authenticationManagerResolver.resolve(request))
 				.isInstanceOf(OAuth2AuthenticationException.class).hasMessageContaining("Invalid issuer");
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerReactiveAuthenticationManagerResolverTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerReactiveAuthenticationManagerResolverTests.java
index d0dc716d5c..12df1edc95 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerReactiveAuthenticationManagerResolverTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerReactiveAuthenticationManagerResolverTests.java
@@ -69,15 +69,12 @@ public class JwtIssuerReactiveAuthenticationManagerResolverTests {
 			JWSObject jws = new JWSObject(new JWSHeader(JWSAlgorithm.RS256),
 					new Payload(new JSONObject(Collections.singletonMap(JwtClaimNames.ISS, issuer))));
 			jws.sign(new RSASSASigner(TestKeys.DEFAULT_PRIVATE_KEY));
-
 			JwtIssuerReactiveAuthenticationManagerResolver authenticationManagerResolver = new JwtIssuerReactiveAuthenticationManagerResolver(
 					issuer);
 			MockServerWebExchange exchange = withBearerToken(jws.serialize());
-
 			ReactiveAuthenticationManager authenticationManager = authenticationManagerResolver.resolve(exchange)
 					.block();
 			assertThat(authenticationManager).isNotNull();
-
 			ReactiveAuthenticationManager cachedAuthenticationManager = authenticationManagerResolver.resolve(exchange)
 					.block();
 			assertThat(authenticationManager).isSameAs(cachedAuthenticationManager);
@@ -89,7 +86,6 @@ public class JwtIssuerReactiveAuthenticationManagerResolverTests {
 		JwtIssuerReactiveAuthenticationManagerResolver authenticationManagerResolver = new JwtIssuerReactiveAuthenticationManagerResolver(
 				"other", "issuers");
 		MockServerWebExchange exchange = withBearerToken(this.jwt);
-
 		assertThatCode(() -> authenticationManagerResolver.resolve(exchange).block())
 				.isInstanceOf(OAuth2AuthenticationException.class).hasMessageContaining("Invalid issuer");
 	}
@@ -100,24 +96,20 @@ public class JwtIssuerReactiveAuthenticationManagerResolverTests {
 		JwtIssuerReactiveAuthenticationManagerResolver authenticationManagerResolver = new JwtIssuerReactiveAuthenticationManagerResolver(
 				(issuer) -> Mono.just(authenticationManager));
 		MockServerWebExchange exchange = withBearerToken(this.jwt);
-
 		assertThat(authenticationManagerResolver.resolve(exchange).block()).isSameAs(authenticationManager);
 	}
 
 	@Test
 	public void resolveWhenUsingExternalSourceThenRespondsToChanges() {
 		MockServerWebExchange exchange = withBearerToken(this.jwt);
-
 		Map<String, ReactiveAuthenticationManager> authenticationManagers = new HashMap<>();
 		JwtIssuerReactiveAuthenticationManagerResolver authenticationManagerResolver = new JwtIssuerReactiveAuthenticationManagerResolver(
 				(issuer) -> Mono.justOrEmpty(authenticationManagers.get(issuer)));
 		assertThatCode(() -> authenticationManagerResolver.resolve(exchange).block())
 				.isInstanceOf(OAuth2AuthenticationException.class).hasMessageContaining("Invalid issuer");
-
 		ReactiveAuthenticationManager authenticationManager = mock(ReactiveAuthenticationManager.class);
 		authenticationManagers.put("trusted", authenticationManager);
 		assertThat(authenticationManagerResolver.resolve(exchange).block()).isSameAs(authenticationManager);
-
 		authenticationManagers.clear();
 		assertThatCode(() -> authenticationManagerResolver.resolve(exchange).block())
 				.isInstanceOf(OAuth2AuthenticationException.class).hasMessageContaining("Invalid issuer");
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtReactiveAuthenticationManagerTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtReactiveAuthenticationManagerTests.java
index e0e34f1cc3..cb1dddb456 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtReactiveAuthenticationManagerTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtReactiveAuthenticationManagerTests.java
@@ -70,7 +70,6 @@ public class JwtReactiveAuthenticationManagerTests {
 	@Test
 	public void authenticateWhenWrongTypeThenEmpty() {
 		TestingAuthenticationToken token = new TestingAuthenticationToken("foo", "bar");
-
 		assertThat(this.manager.authenticate(token).block()).isNull();
 	}
 
@@ -78,7 +77,6 @@ public class JwtReactiveAuthenticationManagerTests {
 	public void authenticateWhenEmptyJwtThenEmpty() {
 		BearerTokenAuthenticationToken token = new BearerTokenAuthenticationToken("token-1");
 		given(this.jwtDecoder.decode(token.getToken())).willReturn(Mono.empty());
-
 		assertThat(this.manager.authenticate(token).block()).isNull();
 	}
 
@@ -86,7 +84,6 @@ public class JwtReactiveAuthenticationManagerTests {
 	public void authenticateWhenJwtExceptionThenOAuth2AuthenticationException() {
 		BearerTokenAuthenticationToken token = new BearerTokenAuthenticationToken("token-1");
 		given(this.jwtDecoder.decode(any())).willReturn(Mono.error(new BadJwtException("Oops")));
-
 		assertThatCode(() -> this.manager.authenticate(token).block())
 				.isInstanceOf(OAuth2AuthenticationException.class);
 	}
@@ -96,7 +93,6 @@ public class JwtReactiveAuthenticationManagerTests {
 	public void authenticateWhenDecoderThrowsIncompatibleErrorMessageThenWrapsWithGenericOne() {
 		BearerTokenAuthenticationToken token = new BearerTokenAuthenticationToken("token-1");
 		given(this.jwtDecoder.decode(token.getToken())).willThrow(new BadJwtException("with \"invalid\" chars"));
-
 		assertThatCode(() -> this.manager.authenticate(token).block()).isInstanceOf(OAuth2AuthenticationException.class)
 				.hasFieldOrPropertyWithValue("error.description", "Invalid token");
 	}
@@ -106,7 +102,6 @@ public class JwtReactiveAuthenticationManagerTests {
 	public void authenticateWhenDecoderFailsGenericallyThenThrowsGenericException() {
 		BearerTokenAuthenticationToken token = new BearerTokenAuthenticationToken("token-1");
 		given(this.jwtDecoder.decode(token.getToken())).willThrow(new JwtException("no jwk set"));
-
 		assertThatCode(() -> this.manager.authenticate(token).block()).isInstanceOf(AuthenticationException.class)
 				.isNotInstanceOf(OAuth2AuthenticationException.class);
 	}
@@ -115,7 +110,6 @@ public class JwtReactiveAuthenticationManagerTests {
 	public void authenticateWhenNotJwtExceptionThenPropagates() {
 		BearerTokenAuthenticationToken token = new BearerTokenAuthenticationToken("token-1");
 		given(this.jwtDecoder.decode(any())).willReturn(Mono.error(new RuntimeException("Oops")));
-
 		assertThatCode(() -> this.manager.authenticate(token).block()).isInstanceOf(RuntimeException.class);
 	}
 
@@ -123,9 +117,7 @@ public class JwtReactiveAuthenticationManagerTests {
 	public void authenticateWhenJwtThenSuccess() {
 		BearerTokenAuthenticationToken token = new BearerTokenAuthenticationToken("token-1");
 		given(this.jwtDecoder.decode(token.getToken())).willReturn(Mono.just(this.jwt));
-
 		Authentication authentication = this.manager.authenticate(token).block();
-
 		assertThat(authentication).isNotNull();
 		assertThat(authentication.isAuthenticated()).isTrue();
 		assertThat(authentication.getAuthorities()).extracting(GrantedAuthority::getAuthority)
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenAuthenticationProviderTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenAuthenticationProviderTests.java
index dc4cb4bf45..85ec86bdb5 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenAuthenticationProviderTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenAuthenticationProviderTests.java
@@ -54,11 +54,8 @@ public class OpaqueTokenAuthenticationProviderTests {
 		OpaqueTokenIntrospector introspector = mock(OpaqueTokenIntrospector.class);
 		given(introspector.introspect(any())).willReturn(principal);
 		OpaqueTokenAuthenticationProvider provider = new OpaqueTokenAuthenticationProvider(introspector);
-
 		Authentication result = provider.authenticate(new BearerTokenAuthenticationToken("token"));
-
 		assertThat(result.getPrincipal()).isInstanceOf(OAuth2IntrospectionAuthenticatedPrincipal.class);
-
 		Map<String, Object> attributes = ((OAuth2AuthenticatedPrincipal) result.getPrincipal()).getAttributes();
 		assertThat(attributes).isNotNull().containsEntry(OAuth2IntrospectionClaimNames.ACTIVE, true)
 				.containsEntry(OAuth2IntrospectionClaimNames.AUDIENCE,
@@ -71,7 +68,6 @@ public class OpaqueTokenAuthenticationProviderTests {
 				.containsEntry(OAuth2IntrospectionClaimNames.SUBJECT, "Z5O3upPC88QrAjx00dis")
 				.containsEntry(OAuth2IntrospectionClaimNames.USERNAME, "jdoe")
 				.containsEntry("extension_field", "twenty-seven");
-
 		assertThat(result.getAuthorities()).extracting("authority").containsExactly("SCOPE_read", "SCOPE_write",
 				"SCOPE_dolphin");
 	}
@@ -83,13 +79,10 @@ public class OpaqueTokenAuthenticationProviderTests {
 		OpaqueTokenIntrospector introspector = mock(OpaqueTokenIntrospector.class);
 		given(introspector.introspect(any())).willReturn(principal);
 		OpaqueTokenAuthenticationProvider provider = new OpaqueTokenAuthenticationProvider(introspector);
-
 		Authentication result = provider.authenticate(new BearerTokenAuthenticationToken("token"));
 		assertThat(result.getPrincipal()).isInstanceOf(OAuth2AuthenticatedPrincipal.class);
-
 		Map<String, Object> attributes = ((OAuth2AuthenticatedPrincipal) result.getPrincipal()).getAttributes();
 		assertThat(attributes).isNotNull().doesNotContainKey(OAuth2IntrospectionClaimNames.SCOPE);
-
 		assertThat(result.getAuthorities()).isEmpty();
 	}
 
@@ -98,7 +91,6 @@ public class OpaqueTokenAuthenticationProviderTests {
 		OpaqueTokenIntrospector introspector = mock(OpaqueTokenIntrospector.class);
 		given(introspector.introspect(any())).willThrow(new OAuth2IntrospectionException("with \"invalid\" chars"));
 		OpaqueTokenAuthenticationProvider provider = new OpaqueTokenAuthenticationProvider(introspector);
-
 		assertThatCode(() -> provider.authenticate(new BearerTokenAuthenticationToken("token")))
 				.isInstanceOf(AuthenticationServiceException.class);
 	}
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenReactiveAuthenticationManagerTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenReactiveAuthenticationManagerTests.java
index 2e1782bfd0..a0fb423835 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenReactiveAuthenticationManagerTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenReactiveAuthenticationManagerTests.java
@@ -55,11 +55,8 @@ public class OpaqueTokenReactiveAuthenticationManagerTests {
 		ReactiveOpaqueTokenIntrospector introspector = mock(ReactiveOpaqueTokenIntrospector.class);
 		given(introspector.introspect(any())).willReturn(Mono.just(authority));
 		OpaqueTokenReactiveAuthenticationManager provider = new OpaqueTokenReactiveAuthenticationManager(introspector);
-
 		Authentication result = provider.authenticate(new BearerTokenAuthenticationToken("token")).block();
-
 		assertThat(result.getPrincipal()).isInstanceOf(OAuth2IntrospectionAuthenticatedPrincipal.class);
-
 		Map<String, Object> attributes = ((OAuth2AuthenticatedPrincipal) result.getPrincipal()).getAttributes();
 		assertThat(attributes).isNotNull().containsEntry(OAuth2IntrospectionClaimNames.ACTIVE, true)
 				.containsEntry(OAuth2IntrospectionClaimNames.AUDIENCE,
@@ -72,7 +69,6 @@ public class OpaqueTokenReactiveAuthenticationManagerTests {
 				.containsEntry(OAuth2IntrospectionClaimNames.SUBJECT, "Z5O3upPC88QrAjx00dis")
 				.containsEntry(OAuth2IntrospectionClaimNames.USERNAME, "jdoe")
 				.containsEntry("extension_field", "twenty-seven");
-
 		assertThat(result.getAuthorities()).extracting("authority").containsExactly("SCOPE_read", "SCOPE_write",
 				"SCOPE_dolphin");
 	}
@@ -84,13 +80,10 @@ public class OpaqueTokenReactiveAuthenticationManagerTests {
 		ReactiveOpaqueTokenIntrospector introspector = mock(ReactiveOpaqueTokenIntrospector.class);
 		given(introspector.introspect(any())).willReturn(Mono.just(authority));
 		OpaqueTokenReactiveAuthenticationManager provider = new OpaqueTokenReactiveAuthenticationManager(introspector);
-
 		Authentication result = provider.authenticate(new BearerTokenAuthenticationToken("token")).block();
 		assertThat(result.getPrincipal()).isInstanceOf(OAuth2IntrospectionAuthenticatedPrincipal.class);
-
 		Map<String, Object> attributes = ((OAuth2AuthenticatedPrincipal) result.getPrincipal()).getAttributes();
 		assertThat(attributes).isNotNull().doesNotContainKey(OAuth2IntrospectionClaimNames.SCOPE);
-
 		assertThat(result.getAuthorities()).isEmpty();
 	}
 
@@ -100,7 +93,6 @@ public class OpaqueTokenReactiveAuthenticationManagerTests {
 		given(introspector.introspect(any()))
 				.willReturn(Mono.error(new OAuth2IntrospectionException("with \"invalid\" chars")));
 		OpaqueTokenReactiveAuthenticationManager provider = new OpaqueTokenReactiveAuthenticationManager(introspector);
-
 		assertThatCode(() -> provider.authenticate(new BearerTokenAuthenticationToken("token")).block())
 				.isInstanceOf(AuthenticationServiceException.class);
 	}
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtAuthenticationConverterAdapterTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtAuthenticationConverterAdapterTests.java
index fdb39984ca..5a33768ea7 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtAuthenticationConverterAdapterTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtAuthenticationConverterAdapterTests.java
@@ -45,10 +45,8 @@ public class ReactiveJwtAuthenticationConverterAdapterTests {
 	@Test
 	public void convertWhenTokenHasScopeAttributeThenTranslatedToAuthorities() {
 		Jwt jwt = TestJwts.jwt().claim("scope", "message:read message:write").build();
-
 		AbstractAuthenticationToken authentication = this.jwtAuthenticationConverter.convert(jwt).block();
 		Collection<GrantedAuthority> authorities = authentication.getAuthorities();
-
 		assertThat(authorities).containsExactly(new SimpleGrantedAuthority("SCOPE_message:read"),
 				new SimpleGrantedAuthority("SCOPE_message:write"));
 	}
@@ -56,22 +54,16 @@ public class ReactiveJwtAuthenticationConverterAdapterTests {
 	@Test
 	public void convertWhenTokenHasEmptyScopeAttributeThenTranslatedToNoAuthorities() {
 		Jwt jwt = TestJwts.jwt().claim("scope", "").build();
-
 		AbstractAuthenticationToken authentication = this.jwtAuthenticationConverter.convert(jwt).block();
-
 		Collection<GrantedAuthority> authorities = authentication.getAuthorities();
-
 		assertThat(authorities).containsExactly();
 	}
 
 	@Test
 	public void convertWhenTokenHasScpAttributeThenTranslatedToAuthorities() {
 		Jwt jwt = TestJwts.jwt().claim("scp", Arrays.asList("message:read", "message:write")).build();
-
 		AbstractAuthenticationToken authentication = this.jwtAuthenticationConverter.convert(jwt).block();
-
 		Collection<GrantedAuthority> authorities = authentication.getAuthorities();
-
 		assertThat(authorities).containsExactly(new SimpleGrantedAuthority("SCOPE_message:read"),
 				new SimpleGrantedAuthority("SCOPE_message:write"));
 	}
@@ -79,11 +71,8 @@ public class ReactiveJwtAuthenticationConverterAdapterTests {
 	@Test
 	public void convertWhenTokenHasEmptyScpAttributeThenTranslatedToNoAuthorities() {
 		Jwt jwt = TestJwts.jwt().claim("scp", Arrays.asList()).build();
-
 		AbstractAuthenticationToken authentication = this.jwtAuthenticationConverter.convert(jwt).block();
-
 		Collection<GrantedAuthority> authorities = authentication.getAuthorities();
-
 		assertThat(authorities).containsExactly();
 	}
 
@@ -91,11 +80,8 @@ public class ReactiveJwtAuthenticationConverterAdapterTests {
 	public void convertWhenTokenHasBothScopeAndScpThenScopeAttributeIsTranslatedToAuthorities() {
 		Jwt jwt = TestJwts.jwt().claim("scp", Arrays.asList("message:read", "message:write"))
 				.claim("scope", "missive:read missive:write").build();
-
 		AbstractAuthenticationToken authentication = this.jwtAuthenticationConverter.convert(jwt).block();
-
 		Collection<GrantedAuthority> authorities = authentication.getAuthorities();
-
 		assertThat(authorities).containsExactly(new SimpleGrantedAuthority("SCOPE_missive:read"),
 				new SimpleGrantedAuthority("SCOPE_missive:write"));
 	}
@@ -104,11 +90,8 @@ public class ReactiveJwtAuthenticationConverterAdapterTests {
 	public void convertWhenTokenHasEmptyScopeAndNonEmptyScpThenScopeAttributeIsTranslatedToNoAuthorities() {
 		Jwt jwt = TestJwts.jwt().claim("scp", Arrays.asList("message:read", "message:write")).claim("scope", "")
 				.build();
-
 		AbstractAuthenticationToken authentication = this.jwtAuthenticationConverter.convert(jwt).block();
-
 		Collection<GrantedAuthority> authorities = authentication.getAuthorities();
-
 		assertThat(authorities).containsExactly();
 	}
 
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtAuthenticationConverterTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtAuthenticationConverterTests.java
index 0c7b24be76..7022bb254c 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtAuthenticationConverterTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtAuthenticationConverterTests.java
@@ -44,10 +44,8 @@ public class ReactiveJwtAuthenticationConverterTests {
 	@Test
 	public void convertWhenDefaultGrantedAuthoritiesConverterSet() {
 		Jwt jwt = TestJwts.jwt().claim("scope", "message:read message:write").build();
-
 		AbstractAuthenticationToken authentication = this.jwtAuthenticationConverter.convert(jwt).block();
 		Collection<GrantedAuthority> authorities = authentication.getAuthorities();
-
 		assertThat(authorities).containsExactly(new SimpleGrantedAuthority("SCOPE_message:read"),
 				new SimpleGrantedAuthority("SCOPE_message:write"));
 	}
@@ -62,15 +60,11 @@ public class ReactiveJwtAuthenticationConverterTests {
 	@Test
 	public void convertWithOverriddenGrantedAuthoritiesConverter() {
 		Jwt jwt = TestJwts.jwt().claim("scope", "message:read message:write").build();
-
 		Converter<Jwt, Flux<GrantedAuthority>> grantedAuthoritiesConverter = (token) -> Flux
 				.just(new SimpleGrantedAuthority("blah"));
-
 		this.jwtAuthenticationConverter.setJwtGrantedAuthoritiesConverter(grantedAuthoritiesConverter);
-
 		AbstractAuthenticationToken authentication = this.jwtAuthenticationConverter.convert(jwt).block();
 		Collection<GrantedAuthority> authorities = authentication.getAuthorities();
-
 		assertThat(authorities).containsExactly(new SimpleGrantedAuthority("blah"));
 	}
 
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtGrantedAuthoritiesConverterAdapterTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtGrantedAuthoritiesConverterAdapterTests.java
index bfda0ea627..dd151e6774 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtGrantedAuthoritiesConverterAdapterTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtGrantedAuthoritiesConverterAdapterTests.java
@@ -42,13 +42,10 @@ public class ReactiveJwtGrantedAuthoritiesConverterAdapterTests {
 	@Test
 	public void convertWithGrantedAuthoritiesConverter() {
 		Jwt jwt = TestJwts.jwt().claim("scope", "message:read message:write").build();
-
 		Converter<Jwt, Collection<GrantedAuthority>> grantedAuthoritiesConverter = (token) -> Arrays
 				.asList(new SimpleGrantedAuthority("blah"));
-
 		Collection<GrantedAuthority> authorities = new ReactiveJwtGrantedAuthoritiesConverterAdapter(
 				grantedAuthoritiesConverter).convert(jwt).toStream().collect(Collectors.toList());
-
 		assertThat(authorities).containsExactly(new SimpleGrantedAuthority("blah"));
 	}
 
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/TestBearerTokenAuthentications.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/TestBearerTokenAuthentications.java
index 01d1dec49c..2ef4b005a6 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/TestBearerTokenAuthentications.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/TestBearerTokenAuthentications.java
@@ -44,7 +44,6 @@ public final class TestBearerTokenAuthentications {
 				Collections.singletonMap("sub", "user"), authorities);
 		OAuth2AccessToken token = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, "token", Instant.now(),
 				Instant.now().plusSeconds(86400), new HashSet<>(Arrays.asList("USER")));
-
 		return new BearerTokenAuthentication(principal, token, authorities);
 	}
 
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusOpaqueTokenIntrospectorTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusOpaqueTokenIntrospectorTests.java
index 1e3a601581..4e858e8c7d 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusOpaqueTokenIntrospectorTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusOpaqueTokenIntrospectorTests.java
@@ -102,11 +102,9 @@ public class NimbusOpaqueTokenIntrospectorTests {
 	public void introspectWhenActiveTokenThenOk() throws Exception {
 		try (MockWebServer server = new MockWebServer()) {
 			server.setDispatcher(requiresAuth(CLIENT_ID, CLIENT_SECRET, ACTIVE_RESPONSE));
-
 			String introspectUri = server.url("/introspect").toString();
 			OpaqueTokenIntrospector introspectionClient = new NimbusOpaqueTokenIntrospector(introspectUri, CLIENT_ID,
 					CLIENT_SECRET);
-
 			OAuth2AuthenticatedPrincipal authority = introspectionClient.introspect("token");
 			assertThat(authority.getAttributes()).isNotNull().containsEntry(OAuth2IntrospectionClaimNames.ACTIVE, true)
 					.containsEntry(OAuth2IntrospectionClaimNames.AUDIENCE,
@@ -125,11 +123,9 @@ public class NimbusOpaqueTokenIntrospectorTests {
 	public void introspectWhenBadClientCredentialsThenError() throws IOException {
 		try (MockWebServer server = new MockWebServer()) {
 			server.setDispatcher(requiresAuth(CLIENT_ID, CLIENT_SECRET, ACTIVE_RESPONSE));
-
 			String introspectUri = server.url("/introspect").toString();
 			OpaqueTokenIntrospector introspectionClient = new NimbusOpaqueTokenIntrospector(introspectUri, CLIENT_ID,
 					"wrong");
-
 			assertThatCode(() -> introspectionClient.introspect("token"))
 					.isInstanceOf(OAuth2IntrospectionException.class);
 		}
@@ -141,7 +137,6 @@ public class NimbusOpaqueTokenIntrospectorTests {
 		OpaqueTokenIntrospector introspectionClient = new NimbusOpaqueTokenIntrospector(INTROSPECTION_URL,
 				restOperations);
 		given(restOperations.exchange(any(RequestEntity.class), eq(String.class))).willReturn(INACTIVE);
-
 		assertThatCode(() -> introspectionClient.introspect("token")).isInstanceOf(OAuth2IntrospectionException.class)
 				.extracting("message").isEqualTo("Provided token isn't active");
 	}
@@ -152,13 +147,11 @@ public class NimbusOpaqueTokenIntrospectorTests {
 		introspectedValues.put(OAuth2IntrospectionClaimNames.ACTIVE, true);
 		introspectedValues.put(OAuth2IntrospectionClaimNames.AUDIENCE, Arrays.asList("aud"));
 		introspectedValues.put(OAuth2IntrospectionClaimNames.NOT_BEFORE, 29348723984L);
-
 		RestOperations restOperations = mock(RestOperations.class);
 		OpaqueTokenIntrospector introspectionClient = new NimbusOpaqueTokenIntrospector(INTROSPECTION_URL,
 				restOperations);
 		given(restOperations.exchange(any(RequestEntity.class), eq(String.class)))
 				.willReturn(response(new JSONObject(introspectedValues).toJSONString()));
-
 		OAuth2AuthenticatedPrincipal authority = introspectionClient.introspect("token");
 		assertThat(authority.getAttributes()).isNotNull().containsEntry(OAuth2IntrospectionClaimNames.ACTIVE, true)
 				.containsEntry(OAuth2IntrospectionClaimNames.AUDIENCE, Arrays.asList("aud"))
@@ -174,7 +167,6 @@ public class NimbusOpaqueTokenIntrospectorTests {
 				restOperations);
 		given(restOperations.exchange(any(RequestEntity.class), eq(String.class)))
 				.willThrow(new IllegalStateException("server was unresponsive"));
-
 		assertThatCode(() -> introspectionClient.introspect("token")).isInstanceOf(OAuth2IntrospectionException.class)
 				.extracting("message").isEqualTo("server was unresponsive");
 	}
@@ -185,7 +177,6 @@ public class NimbusOpaqueTokenIntrospectorTests {
 		OpaqueTokenIntrospector introspectionClient = new NimbusOpaqueTokenIntrospector(INTROSPECTION_URL,
 				restOperations);
 		given(restOperations.exchange(any(RequestEntity.class), eq(String.class))).willReturn(response("malformed"));
-
 		assertThatCode(() -> introspectionClient.introspect("token")).isInstanceOf(OAuth2IntrospectionException.class);
 	}
 
@@ -195,7 +186,6 @@ public class NimbusOpaqueTokenIntrospectorTests {
 		OpaqueTokenIntrospector introspectionClient = new NimbusOpaqueTokenIntrospector(INTROSPECTION_URL,
 				restOperations);
 		given(restOperations.exchange(any(RequestEntity.class), eq(String.class))).willReturn(INVALID);
-
 		assertThatCode(() -> introspectionClient.introspect("token")).isInstanceOf(OAuth2IntrospectionException.class);
 	}
 
@@ -205,7 +195,6 @@ public class NimbusOpaqueTokenIntrospectorTests {
 		OpaqueTokenIntrospector introspectionClient = new NimbusOpaqueTokenIntrospector(INTROSPECTION_URL,
 				restOperations);
 		given(restOperations.exchange(any(RequestEntity.class), eq(String.class))).willReturn(MALFORMED_ISSUER);
-
 		assertThatCode(() -> introspectionClient.introspect("token")).isInstanceOf(OAuth2IntrospectionException.class);
 	}
 
@@ -216,7 +205,6 @@ public class NimbusOpaqueTokenIntrospectorTests {
 		OpaqueTokenIntrospector introspectionClient = new NimbusOpaqueTokenIntrospector(INTROSPECTION_URL,
 				restOperations);
 		given(restOperations.exchange(any(RequestEntity.class), eq(String.class))).willReturn(MALFORMED_SCOPE);
-
 		OAuth2AuthenticatedPrincipal principal = introspectionClient.introspect("token");
 		assertThat(principal.getAuthorities()).isEmpty();
 		JSONArray scope = principal.getAttribute("scope");
@@ -250,10 +238,8 @@ public class NimbusOpaqueTokenIntrospectorTests {
 	@Test
 	public void setRequestEntityConverterWhenConverterIsNullThenExceptionIsThrown() {
 		RestOperations restOperations = mock(RestOperations.class);
-
 		NimbusOpaqueTokenIntrospector introspectionClient = new NimbusOpaqueTokenIntrospector(INTROSPECTION_URL,
 				restOperations);
-
 		assertThatExceptionOfType(IllegalArgumentException.class)
 				.isThrownBy(() -> introspectionClient.setRequestEntityConverter(null));
 	}
@@ -270,9 +256,7 @@ public class NimbusOpaqueTokenIntrospectorTests {
 		NimbusOpaqueTokenIntrospector introspectionClient = new NimbusOpaqueTokenIntrospector(INTROSPECTION_URL,
 				restOperations);
 		introspectionClient.setRequestEntityConverter(requestEntityConverter);
-
 		introspectionClient.introspect(tokenToIntrospect);
-
 		verify(requestEntityConverter).convert(tokenToIntrospect);
 	}
 
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusReactiveOpaqueTokenIntrospectorTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusReactiveOpaqueTokenIntrospectorTests.java
index 51ffbbf947..8d452e608c 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusReactiveOpaqueTokenIntrospectorTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusReactiveOpaqueTokenIntrospectorTests.java
@@ -80,11 +80,9 @@ public class NimbusReactiveOpaqueTokenIntrospectorTests {
 	public void authenticateWhenActiveTokenThenOk() throws Exception {
 		try (MockWebServer server = new MockWebServer()) {
 			server.setDispatcher(requiresAuth(CLIENT_ID, CLIENT_SECRET, ACTIVE_RESPONSE));
-
 			String introspectUri = server.url("/introspect").toString();
 			NimbusReactiveOpaqueTokenIntrospector introspectionClient = new NimbusReactiveOpaqueTokenIntrospector(
 					introspectUri, CLIENT_ID, CLIENT_SECRET);
-
 			OAuth2AuthenticatedPrincipal authority = introspectionClient.introspect("token").block();
 			assertThat(authority.getAttributes()).isNotNull().containsEntry(OAuth2IntrospectionClaimNames.ACTIVE, true)
 					.containsEntry(OAuth2IntrospectionClaimNames.AUDIENCE,
@@ -103,11 +101,9 @@ public class NimbusReactiveOpaqueTokenIntrospectorTests {
 	public void authenticateWhenBadClientCredentialsThenAuthenticationException() throws IOException {
 		try (MockWebServer server = new MockWebServer()) {
 			server.setDispatcher(requiresAuth(CLIENT_ID, CLIENT_SECRET, ACTIVE_RESPONSE));
-
 			String introspectUri = server.url("/introspect").toString();
 			NimbusReactiveOpaqueTokenIntrospector introspectionClient = new NimbusReactiveOpaqueTokenIntrospector(
 					introspectUri, CLIENT_ID, "wrong");
-
 			assertThatCode(() -> introspectionClient.introspect("token").block())
 					.isInstanceOf(OAuth2IntrospectionException.class);
 		}
@@ -118,7 +114,6 @@ public class NimbusReactiveOpaqueTokenIntrospectorTests {
 		WebClient webClient = mockResponse(INACTIVE_RESPONSE);
 		NimbusReactiveOpaqueTokenIntrospector introspectionClient = new NimbusReactiveOpaqueTokenIntrospector(
 				INTROSPECTION_URL, webClient);
-
 		assertThatCode(() -> introspectionClient.introspect("token").block())
 				.isInstanceOf(BadOpaqueTokenException.class).extracting("message")
 				.isEqualTo("Provided token isn't active");
@@ -130,11 +125,9 @@ public class NimbusReactiveOpaqueTokenIntrospectorTests {
 		introspectedValues.put(OAuth2IntrospectionClaimNames.ACTIVE, true);
 		introspectedValues.put(OAuth2IntrospectionClaimNames.AUDIENCE, Arrays.asList("aud"));
 		introspectedValues.put(OAuth2IntrospectionClaimNames.NOT_BEFORE, 29348723984L);
-
 		WebClient webClient = mockResponse(new JSONObject(introspectedValues).toJSONString());
 		NimbusReactiveOpaqueTokenIntrospector introspectionClient = new NimbusReactiveOpaqueTokenIntrospector(
 				INTROSPECTION_URL, webClient);
-
 		OAuth2AuthenticatedPrincipal authority = introspectionClient.introspect("token").block();
 		assertThat(authority.getAttributes()).isNotNull().containsEntry(OAuth2IntrospectionClaimNames.ACTIVE, true)
 				.containsEntry(OAuth2IntrospectionClaimNames.AUDIENCE, Arrays.asList("aud"))
@@ -148,7 +141,6 @@ public class NimbusReactiveOpaqueTokenIntrospectorTests {
 		WebClient webClient = mockResponse(new IllegalStateException("server was unresponsive"));
 		NimbusReactiveOpaqueTokenIntrospector introspectionClient = new NimbusReactiveOpaqueTokenIntrospector(
 				INTROSPECTION_URL, webClient);
-
 		assertThatCode(() -> introspectionClient.introspect("token").block())
 				.isInstanceOf(OAuth2IntrospectionException.class).extracting("message")
 				.isEqualTo("server was unresponsive");
@@ -159,7 +151,6 @@ public class NimbusReactiveOpaqueTokenIntrospectorTests {
 		WebClient webClient = mockResponse("malformed");
 		NimbusReactiveOpaqueTokenIntrospector introspectionClient = new NimbusReactiveOpaqueTokenIntrospector(
 				INTROSPECTION_URL, webClient);
-
 		assertThatCode(() -> introspectionClient.introspect("token").block())
 				.isInstanceOf(OAuth2IntrospectionException.class);
 	}
@@ -169,7 +160,6 @@ public class NimbusReactiveOpaqueTokenIntrospectorTests {
 		WebClient webClient = mockResponse(INVALID_RESPONSE);
 		NimbusReactiveOpaqueTokenIntrospector introspectionClient = new NimbusReactiveOpaqueTokenIntrospector(
 				INTROSPECTION_URL, webClient);
-
 		assertThatCode(() -> introspectionClient.introspect("token").block())
 				.isInstanceOf(OAuth2IntrospectionException.class);
 	}
@@ -179,7 +169,6 @@ public class NimbusReactiveOpaqueTokenIntrospectorTests {
 		WebClient webClient = mockResponse(MALFORMED_ISSUER_RESPONSE);
 		NimbusReactiveOpaqueTokenIntrospector introspectionClient = new NimbusReactiveOpaqueTokenIntrospector(
 				INTROSPECTION_URL, webClient);
-
 		assertThatCode(() -> introspectionClient.introspect("token").block())
 				.isInstanceOf(OAuth2IntrospectionException.class);
 	}
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/OAuth2IntrospectionAuthenticatedPrincipalTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/OAuth2IntrospectionAuthenticatedPrincipalTests.java
index 0a49e6691a..705683350d 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/OAuth2IntrospectionAuthenticatedPrincipalTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/OAuth2IntrospectionAuthenticatedPrincipalTests.java
@@ -91,7 +91,6 @@ public class OAuth2IntrospectionAuthenticatedPrincipalTests {
 	private static final String JTI_VALUE = "jwt-id-1";
 
 	private static final Map<String, Object> CLAIMS;
-
 	static {
 		CLAIMS = new HashMap<>();
 		CLAIMS.put(ACTIVE_CLAIM, ACTIVE_VALUE);
@@ -111,7 +110,6 @@ public class OAuth2IntrospectionAuthenticatedPrincipalTests {
 	public void constructorWhenAttributesIsNullOrEmptyThenIllegalArgumentException() {
 		assertThatCode(() -> new OAuth2IntrospectionAuthenticatedPrincipal(null, AUTHORITIES))
 				.isInstanceOf(IllegalArgumentException.class);
-
 		assertThatCode(() -> new OAuth2IntrospectionAuthenticatedPrincipal(Collections.emptyMap(), AUTHORITIES))
 				.isInstanceOf(IllegalArgumentException.class);
 	}
@@ -121,7 +119,6 @@ public class OAuth2IntrospectionAuthenticatedPrincipalTests {
 		Collection<? extends GrantedAuthority> authorities = new OAuth2IntrospectionAuthenticatedPrincipal(CLAIMS, null)
 				.getAuthorities();
 		assertThat(authorities).isEmpty();
-
 		authorities = new OAuth2IntrospectionAuthenticatedPrincipal(CLAIMS, Collections.emptyList()).getAuthorities();
 		assertThat(authorities).isEmpty();
 	}
@@ -137,7 +134,6 @@ public class OAuth2IntrospectionAuthenticatedPrincipalTests {
 	public void constructorWhenAttributesAuthoritiesProvidedThenCreated() {
 		OAuth2IntrospectionAuthenticatedPrincipal principal = new OAuth2IntrospectionAuthenticatedPrincipal(CLAIMS,
 				AUTHORITIES);
-
 		assertThat(principal.getName()).isEqualTo(CLAIMS.get(SUB_CLAIM));
 		assertThat(principal.getAttributes()).isEqualTo(CLAIMS);
 		assertThat(principal.getClaims()).isEqualTo(CLAIMS);
@@ -160,7 +156,6 @@ public class OAuth2IntrospectionAuthenticatedPrincipalTests {
 	public void constructorWhenAllParametersProvidedAndValidThenCreated() {
 		OAuth2IntrospectionAuthenticatedPrincipal principal = new OAuth2IntrospectionAuthenticatedPrincipal(SUBJECT,
 				CLAIMS, AUTHORITIES);
-
 		assertThat(principal.getName()).isEqualTo(SUBJECT);
 		assertThat(principal.getAttributes()).isEqualTo(CLAIMS);
 		assertThat(principal.getClaims()).isEqualTo(CLAIMS);
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationEntryPointTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationEntryPointTests.java
index 1dbe257e5e..9b7d1b474b 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationEntryPointTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationEntryPointTests.java
@@ -47,53 +47,41 @@ public class BearerTokenAuthenticationEntryPointTests {
 
 	@Test
 	public void commenceWhenNoBearerTokenErrorThenStatus401AndAuthHeader() throws Exception {
-
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		this.authenticationEntryPoint.commence(request, response, new BadCredentialsException("test"));
-
 		assertThat(response.getStatus()).isEqualTo(401);
 		assertThat(response.getHeader("WWW-Authenticate")).isEqualTo("Bearer");
 	}
 
 	@Test
 	public void commenceWhenNoBearerTokenErrorAndRealmSetThenStatus401AndAuthHeaderWithRealm() throws Exception {
-
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		this.authenticationEntryPoint.setRealmName("test");
 		this.authenticationEntryPoint.commence(request, response, new BadCredentialsException("test"));
-
 		assertThat(response.getStatus()).isEqualTo(401);
 		assertThat(response.getHeader("WWW-Authenticate")).isEqualTo("Bearer realm=\"test\"");
 	}
 
 	@Test
 	public void commenceWhenInvalidRequestErrorThenStatus400AndHeaderWithError() throws Exception {
-
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		BearerTokenError error = new BearerTokenError(BearerTokenErrorCodes.INVALID_REQUEST, HttpStatus.BAD_REQUEST,
 				null, null);
-
 		this.authenticationEntryPoint.commence(request, response, new OAuth2AuthenticationException(error));
-
 		assertThat(response.getStatus()).isEqualTo(400);
 		assertThat(response.getHeader("WWW-Authenticate")).isEqualTo("Bearer error=\"invalid_request\"");
 	}
 
 	@Test
 	public void commenceWhenInvalidRequestErrorThenStatus400AndHeaderWithErrorDetails() throws Exception {
-
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		BearerTokenError error = new BearerTokenError(BearerTokenErrorCodes.INVALID_REQUEST, HttpStatus.BAD_REQUEST,
 				"The access token expired", null, null);
-
 		this.authenticationEntryPoint.commence(request, response, new OAuth2AuthenticationException(error));
-
 		assertThat(response.getStatus()).isEqualTo(400);
 		assertThat(response.getHeader("WWW-Authenticate"))
 				.isEqualTo("Bearer error=\"invalid_request\", error_description=\"The access token expired\"");
@@ -101,14 +89,11 @@ public class BearerTokenAuthenticationEntryPointTests {
 
 	@Test
 	public void commenceWhenInvalidRequestErrorThenStatus400AndHeaderWithErrorUri() throws Exception {
-
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		BearerTokenError error = new BearerTokenError(BearerTokenErrorCodes.INVALID_REQUEST, HttpStatus.BAD_REQUEST,
 				null, "https://example.com", null);
-
 		this.authenticationEntryPoint.commence(request, response, new OAuth2AuthenticationException(error));
-
 		assertThat(response.getStatus()).isEqualTo(400);
 		assertThat(response.getHeader("WWW-Authenticate"))
 				.isEqualTo("Bearer error=\"invalid_request\", error_uri=\"https://example.com\"");
@@ -116,42 +101,33 @@ public class BearerTokenAuthenticationEntryPointTests {
 
 	@Test
 	public void commenceWhenInvalidTokenErrorThenStatus401AndHeaderWithError() throws Exception {
-
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		BearerTokenError error = new BearerTokenError(BearerTokenErrorCodes.INVALID_TOKEN, HttpStatus.UNAUTHORIZED,
 				null, null);
-
 		this.authenticationEntryPoint.commence(request, response, new OAuth2AuthenticationException(error));
-
 		assertThat(response.getStatus()).isEqualTo(401);
 		assertThat(response.getHeader("WWW-Authenticate")).isEqualTo("Bearer error=\"invalid_token\"");
 	}
 
 	@Test
 	public void commenceWhenInsufficientScopeErrorThenStatus403AndHeaderWithError() throws Exception {
-
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		BearerTokenError error = new BearerTokenError(BearerTokenErrorCodes.INSUFFICIENT_SCOPE, HttpStatus.FORBIDDEN,
 				null, null);
-
 		this.authenticationEntryPoint.commence(request, response, new OAuth2AuthenticationException(error));
-
 		assertThat(response.getStatus()).isEqualTo(403);
 		assertThat(response.getHeader("WWW-Authenticate")).isEqualTo("Bearer error=\"insufficient_scope\"");
 	}
 
 	@Test
 	public void commenceWhenInsufficientScopeErrorThenStatus403AndHeaderWithErrorAndScope() throws Exception {
-
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		BearerTokenError error = new BearerTokenError(BearerTokenErrorCodes.INSUFFICIENT_SCOPE, HttpStatus.FORBIDDEN,
 				null, null, "test.read test.write");
-
 		this.authenticationEntryPoint.commence(request, response, new OAuth2AuthenticationException(error));
-
 		assertThat(response.getStatus()).isEqualTo(403);
 		assertThat(response.getHeader("WWW-Authenticate"))
 				.isEqualTo("Bearer error=\"insufficient_scope\", scope=\"test.read test.write\"");
@@ -160,15 +136,12 @@ public class BearerTokenAuthenticationEntryPointTests {
 	@Test
 	public void commenceWhenInsufficientScopeAndRealmSetThenStatus403AndHeaderWithErrorAndAllDetails()
 			throws Exception {
-
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		BearerTokenError error = new BearerTokenError(BearerTokenErrorCodes.INSUFFICIENT_SCOPE, HttpStatus.FORBIDDEN,
 				"Insufficient scope", "https://example.com", "test.read test.write");
-
 		this.authenticationEntryPoint.setRealmName("test");
 		this.authenticationEntryPoint.commence(request, response, new OAuth2AuthenticationException(error));
-
 		assertThat(response.getStatus()).isEqualTo(403);
 		assertThat(response.getHeader("WWW-Authenticate")).isEqualTo(
 				"Bearer realm=\"test\", error=\"insufficient_scope\", error_description=\"Insufficient scope\", "
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationFilterTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationFilterTests.java
index 1eff735717..8607a3b41f 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationFilterTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationFilterTests.java
@@ -87,16 +87,12 @@ public class BearerTokenAuthenticationFilterTests {
 	@Test
 	public void doFilterWhenBearerTokenPresentThenAuthenticates() throws ServletException, IOException {
 		given(this.bearerTokenResolver.resolve(this.request)).willReturn("token");
-
 		BearerTokenAuthenticationFilter filter = addMocks(
 				new BearerTokenAuthenticationFilter(this.authenticationManager));
 		filter.doFilter(this.request, this.response, this.filterChain);
-
 		ArgumentCaptor<BearerTokenAuthenticationToken> captor = ArgumentCaptor
 				.forClass(BearerTokenAuthenticationToken.class);
-
 		verify(this.authenticationManager).authenticate(captor.capture());
-
 		assertThat(captor.getValue().getPrincipal()).isEqualTo("token");
 	}
 
@@ -104,25 +100,18 @@ public class BearerTokenAuthenticationFilterTests {
 	public void doFilterWhenUsingAuthenticationManagerResolverThenAuthenticates() throws Exception {
 		BearerTokenAuthenticationFilter filter = addMocks(
 				new BearerTokenAuthenticationFilter(this.authenticationManagerResolver));
-
 		given(this.bearerTokenResolver.resolve(this.request)).willReturn("token");
 		given(this.authenticationManagerResolver.resolve(any())).willReturn(this.authenticationManager);
-
 		filter.doFilter(this.request, this.response, this.filterChain);
-
 		ArgumentCaptor<BearerTokenAuthenticationToken> captor = ArgumentCaptor
 				.forClass(BearerTokenAuthenticationToken.class);
-
 		verify(this.authenticationManager).authenticate(captor.capture());
-
 		assertThat(captor.getValue().getPrincipal()).isEqualTo("token");
 	}
 
 	@Test
 	public void doFilterWhenNoBearerTokenPresentThenDoesNotAuthenticate() throws ServletException, IOException {
-
 		given(this.bearerTokenResolver.resolve(this.request)).willReturn(null);
-
 		dontAuthenticate();
 	}
 
@@ -130,13 +119,9 @@ public class BearerTokenAuthenticationFilterTests {
 	public void doFilterWhenMalformedBearerTokenThenPropagatesError() throws ServletException, IOException {
 		BearerTokenError error = new BearerTokenError(BearerTokenErrorCodes.INVALID_REQUEST, HttpStatus.BAD_REQUEST,
 				"description", "uri");
-
 		OAuth2AuthenticationException exception = new OAuth2AuthenticationException(error);
-
 		given(this.bearerTokenResolver.resolve(this.request)).willThrow(exception);
-
 		dontAuthenticate();
-
 		verify(this.authenticationEntryPoint).commence(this.request, this.response, exception);
 	}
 
@@ -145,16 +130,12 @@ public class BearerTokenAuthenticationFilterTests {
 			throws ServletException, IOException {
 		BearerTokenError error = new BearerTokenError(BearerTokenErrorCodes.INVALID_TOKEN, HttpStatus.UNAUTHORIZED,
 				"description", "uri");
-
 		OAuth2AuthenticationException exception = new OAuth2AuthenticationException(error);
-
 		given(this.bearerTokenResolver.resolve(this.request)).willReturn("token");
 		given(this.authenticationManager.authenticate(any(BearerTokenAuthenticationToken.class))).willThrow(exception);
-
 		BearerTokenAuthenticationFilter filter = addMocks(
 				new BearerTokenAuthenticationFilter(this.authenticationManager));
 		filter.doFilter(this.request, this.response, this.filterChain);
-
 		verify(this.authenticationEntryPoint).commence(this.request, this.response, exception);
 	}
 
@@ -163,17 +144,13 @@ public class BearerTokenAuthenticationFilterTests {
 			throws ServletException, IOException {
 		BearerTokenError error = new BearerTokenError(BearerTokenErrorCodes.INVALID_TOKEN, HttpStatus.UNAUTHORIZED,
 				"description", "uri");
-
 		OAuth2AuthenticationException exception = new OAuth2AuthenticationException(error);
-
 		given(this.bearerTokenResolver.resolve(this.request)).willReturn("token");
 		given(this.authenticationManager.authenticate(any(BearerTokenAuthenticationToken.class))).willThrow(exception);
-
 		BearerTokenAuthenticationFilter filter = addMocks(
 				new BearerTokenAuthenticationFilter(this.authenticationManager));
 		filter.setAuthenticationFailureHandler(this.authenticationFailureHandler);
 		filter.doFilter(this.request, this.response, this.filterChain);
-
 		verify(this.authenticationFailureHandler).onAuthenticationFailure(this.request, this.response, exception);
 	}
 
@@ -213,11 +190,9 @@ public class BearerTokenAuthenticationFilterTests {
 	}
 
 	private void dontAuthenticate() throws ServletException, IOException {
-
 		BearerTokenAuthenticationFilter filter = addMocks(
 				new BearerTokenAuthenticationFilter(this.authenticationManager));
 		filter.doFilter(this.request, this.response, this.filterChain);
-
 		verifyNoMoreInteractions(this.authenticationManager);
 	}
 
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/DefaultBearerTokenResolverTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/DefaultBearerTokenResolverTests.java
index 568df3dd14..f1e0d6621f 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/DefaultBearerTokenResolverTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/DefaultBearerTokenResolverTests.java
@@ -49,7 +49,6 @@ public class DefaultBearerTokenResolverTests {
 	public void resolveWhenValidHeaderIsPresentThenTokenIsResolved() {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.addHeader("Authorization", "Bearer " + TEST_TOKEN);
-
 		assertThat(this.resolver.resolve(request)).isEqualTo(TEST_TOKEN);
 	}
 
@@ -59,7 +58,6 @@ public class DefaultBearerTokenResolverTests {
 		String token = TEST_TOKEN + "==";
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.addHeader("Authorization", "Bearer " + token);
-
 		assertThat(this.resolver.resolve(request)).isEqualTo(token);
 	}
 
@@ -68,7 +66,6 @@ public class DefaultBearerTokenResolverTests {
 		this.resolver.setBearerTokenHeaderName(CUSTOM_HEADER);
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.addHeader(CUSTOM_HEADER, "Bearer " + TEST_TOKEN);
-
 		assertThat(this.resolver.resolve(request)).isEqualTo(TEST_TOKEN);
 	}
 
@@ -76,14 +73,12 @@ public class DefaultBearerTokenResolverTests {
 	public void resolveWhenLowercaseHeaderIsPresentThenTokenIsResolved() {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.addHeader("authorization", "bearer " + TEST_TOKEN);
-
 		assertThat(this.resolver.resolve(request)).isEqualTo(TEST_TOKEN);
 	}
 
 	@Test
 	public void resolveWhenNoHeaderIsPresentThenTokenIsNotResolved() {
 		MockHttpServletRequest request = new MockHttpServletRequest();
-
 		assertThat(this.resolver.resolve(request)).isNull();
 	}
 
@@ -91,7 +86,6 @@ public class DefaultBearerTokenResolverTests {
 	public void resolveWhenHeaderWithWrongSchemeIsPresentThenTokenIsNotResolved() {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.addHeader("Authorization", "Basic " + Base64.getEncoder().encodeToString("test:test".getBytes()));
-
 		assertThat(this.resolver.resolve(request)).isNull();
 	}
 
@@ -99,7 +93,6 @@ public class DefaultBearerTokenResolverTests {
 	public void resolveWhenHeaderWithMissingTokenIsPresentThenAuthenticationExceptionIsThrown() {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.addHeader("Authorization", "Bearer ");
-
 		assertThatCode(() -> this.resolver.resolve(request)).isInstanceOf(OAuth2AuthenticationException.class)
 				.hasMessageContaining(("Bearer token is malformed"));
 	}
@@ -108,7 +101,6 @@ public class DefaultBearerTokenResolverTests {
 	public void resolveWhenHeaderWithInvalidCharactersIsPresentThenAuthenticationExceptionIsThrown() {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.addHeader("Authorization", "Bearer an\"invalid\"token");
-
 		assertThatCode(() -> this.resolver.resolve(request)).isInstanceOf(OAuth2AuthenticationException.class)
 				.hasMessageContaining(("Bearer token is malformed"));
 	}
@@ -120,7 +112,6 @@ public class DefaultBearerTokenResolverTests {
 		request.setMethod("POST");
 		request.setContentType("application/x-www-form-urlencoded");
 		request.addParameter("access_token", TEST_TOKEN);
-
 		assertThatCode(() -> this.resolver.resolve(request)).isInstanceOf(OAuth2AuthenticationException.class)
 				.hasMessageContaining("Found multiple bearer tokens in the request");
 	}
@@ -131,7 +122,6 @@ public class DefaultBearerTokenResolverTests {
 		request.addHeader("Authorization", "Bearer " + TEST_TOKEN);
 		request.setMethod("GET");
 		request.addParameter("access_token", TEST_TOKEN);
-
 		assertThatCode(() -> this.resolver.resolve(request)).isInstanceOf(OAuth2AuthenticationException.class)
 				.hasMessageContaining("Found multiple bearer tokens in the request");
 	}
@@ -140,7 +130,6 @@ public class DefaultBearerTokenResolverTests {
 	public void resolveWhenRequestContainsTwoAccessTokenParametersThenAuthenticationExceptionIsThrown() {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.addParameter("access_token", "token1", "token2");
-
 		assertThatCode(() -> this.resolver.resolve(request)).isInstanceOf(OAuth2AuthenticationException.class)
 				.hasMessageContaining("Found multiple bearer tokens in the request");
 	}
@@ -148,12 +137,10 @@ public class DefaultBearerTokenResolverTests {
 	@Test
 	public void resolveWhenFormParameterIsPresentAndSupportedThenTokenIsResolved() {
 		this.resolver.setAllowFormEncodedBodyParameter(true);
-
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setMethod("POST");
 		request.setContentType("application/x-www-form-urlencoded");
 		request.addParameter("access_token", TEST_TOKEN);
-
 		assertThat(this.resolver.resolve(request)).isEqualTo(TEST_TOKEN);
 	}
 
@@ -163,18 +150,15 @@ public class DefaultBearerTokenResolverTests {
 		request.setMethod("POST");
 		request.setContentType("application/x-www-form-urlencoded");
 		request.addParameter("access_token", TEST_TOKEN);
-
 		assertThat(this.resolver.resolve(request)).isNull();
 	}
 
 	@Test
 	public void resolveWhenQueryParameterIsPresentAndSupportedThenTokenIsResolved() {
 		this.resolver.setAllowUriQueryParameter(true);
-
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setMethod("GET");
 		request.addParameter("access_token", TEST_TOKEN);
-
 		assertThat(this.resolver.resolve(request)).isEqualTo(TEST_TOKEN);
 	}
 
@@ -183,7 +167,6 @@ public class DefaultBearerTokenResolverTests {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setMethod("GET");
 		request.addParameter("access_token", TEST_TOKEN);
-
 		assertThat(this.resolver.resolve(request)).isNull();
 	}
 
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/HeaderBearerTokenResolverTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/HeaderBearerTokenResolverTests.java
index 5be30212f0..69365fb879 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/HeaderBearerTokenResolverTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/HeaderBearerTokenResolverTests.java
@@ -52,14 +52,12 @@ public class HeaderBearerTokenResolverTests {
 	public void resolveWhenTokenPresentThenTokenIsResolved() {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.addHeader(CORRECT_HEADER, TEST_TOKEN);
-
 		assertThat(this.resolver.resolve(request)).isEqualTo(TEST_TOKEN);
 	}
 
 	@Test
 	public void resolveWhenTokenNotPresentThenTokenIsNotResolved() {
 		MockHttpServletRequest request = new MockHttpServletRequest();
-
 		assertThat(this.resolver.resolve(request)).isNull();
 	}
 
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/access/BearerTokenAccessDeniedHandlerTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/access/BearerTokenAccessDeniedHandlerTests.java
index 6e8c63769d..cbfc5e942b 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/access/BearerTokenAccessDeniedHandlerTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/access/BearerTokenAccessDeniedHandlerTests.java
@@ -48,31 +48,23 @@ public class BearerTokenAccessDeniedHandlerTests {
 
 	@Test
 	public void handleWhenNotOAuth2AuthenticatedThenStatus403() throws Exception {
-
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		Authentication authentication = new TestingAuthenticationToken("user", "pass");
 		request.setUserPrincipal(authentication);
-
 		this.accessDeniedHandler.handle(request, response, null);
-
 		assertThat(response.getStatus()).isEqualTo(403);
 		assertThat(response.getHeader("WWW-Authenticate")).isEqualTo("Bearer");
 	}
 
 	@Test
 	public void handleWhenNotOAuth2AuthenticatedAndRealmSetThenStatus403AndAuthHeaderWithRealm() throws Exception {
-
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		Authentication authentication = new TestingAuthenticationToken("user", "pass");
 		request.setUserPrincipal(authentication);
-
 		this.accessDeniedHandler.setRealmName("test");
 		this.accessDeniedHandler.handle(request, response, null);
-
 		assertThat(response.getStatus()).isEqualTo(403);
 		assertThat(response.getHeader("WWW-Authenticate")).isEqualTo("Bearer realm=\"test\"");
 	}
@@ -80,15 +72,11 @@ public class BearerTokenAccessDeniedHandlerTests {
 	@Test
 	public void handleWhenOAuth2AuthenticatedThenStatus403AndAuthHeaderWithInsufficientScopeErrorAttribute()
 			throws Exception {
-
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		Authentication token = new TestingOAuth2TokenAuthenticationToken(Collections.emptyMap());
 		request.setUserPrincipal(token);
-
 		this.accessDeniedHandler.handle(request, response, null);
-
 		assertThat(response.getStatus()).isEqualTo(403);
 		assertThat(response.getHeader("WWW-Authenticate")).isEqualTo("Bearer error=\"insufficient_scope\", "
 				+ "error_description=\"The request requires higher privileges than provided by the access token.\", "
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/access/server/BearerTokenServerAccessDeniedHandlerTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/access/server/BearerTokenServerAccessDeniedHandlerTests.java
index 272d7b9bbc..79980fb63c 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/access/server/BearerTokenServerAccessDeniedHandlerTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/access/server/BearerTokenServerAccessDeniedHandlerTests.java
@@ -48,29 +48,23 @@ public class BearerTokenServerAccessDeniedHandlerTests {
 
 	@Test
 	public void handleWhenNotOAuth2AuthenticatedThenStatus403() {
-
 		Authentication token = new TestingAuthenticationToken("user", "pass");
 		ServerWebExchange exchange = mock(ServerWebExchange.class);
 		given(exchange.getPrincipal()).willReturn(Mono.just(token));
 		given(exchange.getResponse()).willReturn(new MockServerHttpResponse());
-
 		this.accessDeniedHandler.handle(exchange, null).block();
-
 		assertThat(exchange.getResponse().getStatusCode()).isEqualTo(HttpStatus.FORBIDDEN);
 		assertThat(exchange.getResponse().getHeaders().get("WWW-Authenticate")).isEqualTo(Arrays.asList("Bearer"));
 	}
 
 	@Test
 	public void handleWhenNotOAuth2AuthenticatedAndRealmSetThenStatus403AndAuthHeaderWithRealm() {
-
 		Authentication token = new TestingAuthenticationToken("user", "pass");
 		ServerWebExchange exchange = mock(ServerWebExchange.class);
 		given(exchange.getPrincipal()).willReturn(Mono.just(token));
 		given(exchange.getResponse()).willReturn(new MockServerHttpResponse());
-
 		this.accessDeniedHandler.setRealmName("test");
 		this.accessDeniedHandler.handle(exchange, null).block();
-
 		assertThat(exchange.getResponse().getStatusCode()).isEqualTo(HttpStatus.FORBIDDEN);
 		assertThat(exchange.getResponse().getHeaders().get("WWW-Authenticate"))
 				.isEqualTo(Arrays.asList("Bearer realm=\"test\""));
@@ -78,14 +72,11 @@ public class BearerTokenServerAccessDeniedHandlerTests {
 
 	@Test
 	public void handleWhenOAuth2AuthenticatedThenStatus403AndAuthHeaderWithInsufficientScopeErrorAttribute() {
-
 		Authentication token = new TestingOAuth2TokenAuthenticationToken(Collections.emptyMap());
 		ServerWebExchange exchange = mock(ServerWebExchange.class);
 		given(exchange.getPrincipal()).willReturn(Mono.just(token));
 		given(exchange.getResponse()).willReturn(new MockServerHttpResponse());
-
 		this.accessDeniedHandler.handle(exchange, null).block();
-
 		assertThat(exchange.getResponse().getStatusCode()).isEqualTo(HttpStatus.FORBIDDEN);
 		assertThat(exchange.getResponse().getHeaders().get("WWW-Authenticate"))
 				.isEqualTo(Arrays.asList("Bearer error=\"insufficient_scope\", "
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServerBearerExchangeFilterFunctionTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServerBearerExchangeFilterFunctionTests.java
index 788598a31f..bafa9ed4c8 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServerBearerExchangeFilterFunctionTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServerBearerExchangeFilterFunctionTests.java
@@ -61,19 +61,15 @@ public class ServerBearerExchangeFilterFunctionTests {
 	@Test
 	public void filterWhenUnauthenticatedThenAuthorizationHeaderNull() {
 		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")).build();
-
 		this.function.filter(request, this.exchange).block();
-
 		assertThat(this.exchange.getRequest().headers().getFirst(HttpHeaders.AUTHORIZATION)).isNull();
 	}
 
 	@Test
 	public void filterWhenAuthenticatedThenAuthorizationHeaderNull() throws Exception {
 		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")).build();
-
 		this.function.filter(request, this.exchange)
 				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication)).block();
-
 		assertThat(this.exchange.getRequest().headers().getFirst(HttpHeaders.AUTHORIZATION))
 				.isEqualTo("Bearer " + this.accessToken.getTokenValue());
 	}
@@ -82,11 +78,9 @@ public class ServerBearerExchangeFilterFunctionTests {
 	@Test
 	public void filterWhenAuthenticatedWithOtherTokenThenAuthorizationHeaderNull() throws Exception {
 		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")).build();
-
 		TestingAuthenticationToken token = new TestingAuthenticationToken("user", "pass");
 		this.function.filter(request, this.exchange)
 				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(token)).block();
-
 		assertThat(this.exchange.getRequest().headers().getFirst(HttpHeaders.AUTHORIZATION)).isNull();
 	}
 
@@ -94,10 +88,8 @@ public class ServerBearerExchangeFilterFunctionTests {
 	public void filterWhenExistingAuthorizationThenSingleAuthorizationHeader() {
 		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com"))
 				.header(HttpHeaders.AUTHORIZATION, "Existing").build();
-
 		this.function.filter(request, this.exchange)
 				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication)).block();
-
 		HttpHeaders headers = this.exchange.getRequest().headers();
 		assertThat(headers.get(HttpHeaders.AUTHORIZATION)).containsOnly("Bearer " + this.accessToken.getTokenValue());
 	}
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServletBearerExchangeFilterFunctionTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServletBearerExchangeFilterFunctionTests.java
index 645173d860..54b4f164d8 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServletBearerExchangeFilterFunctionTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServletBearerExchangeFilterFunctionTests.java
@@ -65,9 +65,7 @@ public class ServletBearerExchangeFilterFunctionTests {
 	@Test
 	public void filterWhenUnauthenticatedThenAuthorizationHeaderNull() {
 		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")).build();
-
 		this.function.filter(request, this.exchange).block();
-
 		assertThat(this.exchange.getRequest().headers().getFirst(HttpHeaders.AUTHORIZATION)).isNull();
 	}
 
@@ -76,18 +74,14 @@ public class ServletBearerExchangeFilterFunctionTests {
 	public void filterWhenAuthenticatedWithOtherTokenThenAuthorizationHeaderNull() {
 		TestingAuthenticationToken token = new TestingAuthenticationToken("user", "pass");
 		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")).build();
-
 		this.function.filter(request, this.exchange).subscriberContext(context(token)).block();
-
 		assertThat(this.exchange.getRequest().headers().getFirst(HttpHeaders.AUTHORIZATION)).isNull();
 	}
 
 	@Test
 	public void filterWhenAuthenticatedThenAuthorizationHeader() {
 		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")).build();
-
 		this.function.filter(request, this.exchange).subscriberContext(context(this.authentication)).block();
-
 		assertThat(this.exchange.getRequest().headers().getFirst(HttpHeaders.AUTHORIZATION))
 				.isEqualTo("Bearer " + this.accessToken.getTokenValue());
 	}
@@ -96,9 +90,7 @@ public class ServletBearerExchangeFilterFunctionTests {
 	public void filterWhenExistingAuthorizationThenSingleAuthorizationHeader() {
 		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com"))
 				.header(HttpHeaders.AUTHORIZATION, "Existing").build();
-
 		this.function.filter(request, this.exchange).subscriberContext(context(this.authentication)).block();
-
 		HttpHeaders headers = this.exchange.getRequest().headers();
 		assertThat(headers.get(HttpHeaders.AUTHORIZATION)).containsOnly("Bearer " + this.accessToken.getTokenValue());
 	}
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/server/BearerTokenServerAuthenticationEntryPointTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/server/BearerTokenServerAuthenticationEntryPointTests.java
index 9b93b9236e..b3d76dca21 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/server/BearerTokenServerAuthenticationEntryPointTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/server/BearerTokenServerAuthenticationEntryPointTests.java
@@ -44,7 +44,6 @@ public class BearerTokenServerAuthenticationEntryPointTests {
 	@Test
 	public void commenceWhenNotOAuth2AuthenticationExceptionThenBearer() {
 		this.entryPoint.commence(this.exchange, new BadCredentialsException("")).block();
-
 		assertThat(getResponse().getHeaders().getFirst(HttpHeaders.WWW_AUTHENTICATE)).isEqualTo("Bearer");
 		assertThat(getResponse().getStatusCode()).isEqualTo(HttpStatus.UNAUTHORIZED);
 	}
@@ -52,9 +51,7 @@ public class BearerTokenServerAuthenticationEntryPointTests {
 	@Test
 	public void commenceWhenRealmNameThenHasRealmName() {
 		this.entryPoint.setRealmName("Realm");
-
 		this.entryPoint.commence(this.exchange, new BadCredentialsException("")).block();
-
 		assertThat(getResponse().getHeaders().getFirst(HttpHeaders.WWW_AUTHENTICATE))
 				.isEqualTo("Bearer realm=\"Realm\"");
 		assertThat(getResponse().getStatusCode()).isEqualTo(HttpStatus.UNAUTHORIZED);
@@ -64,9 +61,7 @@ public class BearerTokenServerAuthenticationEntryPointTests {
 	public void commenceWhenOAuth2AuthenticationExceptionThenContainsErrorInformation() {
 		OAuth2Error oauthError = new OAuth2Error(OAuth2ErrorCodes.INVALID_REQUEST);
 		OAuth2AuthenticationException exception = new OAuth2AuthenticationException(oauthError);
-
 		this.entryPoint.commence(this.exchange, exception).block();
-
 		assertThat(getResponse().getHeaders().getFirst(HttpHeaders.WWW_AUTHENTICATE))
 				.isEqualTo("Bearer error=\"invalid_request\"");
 		assertThat(getResponse().getStatusCode()).isEqualTo(HttpStatus.UNAUTHORIZED);
@@ -76,9 +71,7 @@ public class BearerTokenServerAuthenticationEntryPointTests {
 	public void commenceWhenOAuth2ErrorCompleteThenContainsErrorInformation() {
 		OAuth2Error oauthError = new OAuth2Error(OAuth2ErrorCodes.INVALID_REQUEST, "Oops", "https://example.com");
 		OAuth2AuthenticationException exception = new OAuth2AuthenticationException(oauthError);
-
 		this.entryPoint.commence(this.exchange, exception).block();
-
 		assertThat(getResponse().getHeaders().getFirst(HttpHeaders.WWW_AUTHENTICATE)).isEqualTo(
 				"Bearer error=\"invalid_request\", error_description=\"Oops\", error_uri=\"https://example.com\"");
 		assertThat(getResponse().getStatusCode()).isEqualTo(HttpStatus.UNAUTHORIZED);
@@ -89,9 +82,7 @@ public class BearerTokenServerAuthenticationEntryPointTests {
 		OAuth2Error oauthError = new BearerTokenError(OAuth2ErrorCodes.INVALID_REQUEST, HttpStatus.BAD_REQUEST, "Oops",
 				"https://example.com");
 		OAuth2AuthenticationException exception = new OAuth2AuthenticationException(oauthError);
-
 		this.entryPoint.commence(this.exchange, exception).block();
-
 		assertThat(getResponse().getHeaders().getFirst(HttpHeaders.WWW_AUTHENTICATE)).isEqualTo(
 				"Bearer error=\"invalid_request\", error_description=\"Oops\", error_uri=\"https://example.com\"");
 		assertThat(getResponse().getStatusCode()).isEqualTo(HttpStatus.BAD_REQUEST);
@@ -100,7 +91,6 @@ public class BearerTokenServerAuthenticationEntryPointTests {
 	@Test
 	public void commenceWhenNoSubscriberThenNothingHappens() {
 		this.entryPoint.commence(this.exchange, new BadCredentialsException(""));
-
 		assertThat(getResponse().getHeaders()).isEmpty();
 		assertThat(getResponse().getStatusCode()).isNull();
 	}
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/server/ServerBearerTokenAuthenticationConverterTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/server/ServerBearerTokenAuthenticationConverterTests.java
index 939c418daa..21e6bbd4dd 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/server/ServerBearerTokenAuthenticationConverterTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/server/ServerBearerTokenAuthenticationConverterTests.java
@@ -55,7 +55,6 @@ public class ServerBearerTokenAuthenticationConverterTests {
 	public void resolveWhenValidHeaderIsPresentThenTokenIsResolved() {
 		MockServerHttpRequest.BaseBuilder<?> request = MockServerHttpRequest.get("/").header(HttpHeaders.AUTHORIZATION,
 				"Bearer " + TEST_TOKEN);
-
 		assertThat(convertToToken(request).getToken()).isEqualTo(TEST_TOKEN);
 	}
 
@@ -65,7 +64,6 @@ public class ServerBearerTokenAuthenticationConverterTests {
 		String token = TEST_TOKEN + "==";
 		MockServerHttpRequest.BaseBuilder<?> request = MockServerHttpRequest.get("/").header(HttpHeaders.AUTHORIZATION,
 				"Bearer " + token);
-
 		assertThat(convertToToken(request).getToken()).isEqualTo(token);
 	}
 
@@ -74,7 +72,6 @@ public class ServerBearerTokenAuthenticationConverterTests {
 		this.converter.setBearerTokenHeaderName(CUSTOM_HEADER);
 		MockServerHttpRequest.BaseBuilder<?> request = MockServerHttpRequest.get("/").header(CUSTOM_HEADER,
 				"Bearer " + TEST_TOKEN);
-
 		assertThat(convertToToken(request).getToken()).isEqualTo(TEST_TOKEN);
 	}
 
@@ -83,7 +80,6 @@ public class ServerBearerTokenAuthenticationConverterTests {
 	public void resolveWhenValidHeaderIsEmptyStringThenTokenIsResolved() {
 		MockServerHttpRequest.BaseBuilder<?> request = MockServerHttpRequest.get("/").header(HttpHeaders.AUTHORIZATION,
 				"Bearer ");
-
 		OAuth2AuthenticationException expected = catchThrowableOfType(() -> convertToToken(request),
 				OAuth2AuthenticationException.class);
 		BearerTokenError error = (BearerTokenError) expected.getError();
@@ -96,14 +92,12 @@ public class ServerBearerTokenAuthenticationConverterTests {
 	public void resolveWhenLowercaseHeaderIsPresentThenTokenIsResolved() {
 		MockServerHttpRequest.BaseBuilder<?> request = MockServerHttpRequest.get("/").header(HttpHeaders.AUTHORIZATION,
 				"bearer " + TEST_TOKEN);
-
 		assertThat(convertToToken(request).getToken()).isEqualTo(TEST_TOKEN);
 	}
 
 	@Test
 	public void resolveWhenNoHeaderIsPresentThenTokenIsNotResolved() {
 		MockServerHttpRequest.BaseBuilder<?> request = MockServerHttpRequest.get("/");
-
 		assertThat(convertToToken(request)).isNull();
 	}
 
@@ -111,7 +105,6 @@ public class ServerBearerTokenAuthenticationConverterTests {
 	public void resolveWhenHeaderWithWrongSchemeIsPresentThenTokenIsNotResolved() {
 		MockServerHttpRequest.BaseBuilder<?> request = MockServerHttpRequest.get("/").header(HttpHeaders.AUTHORIZATION,
 				"Basic " + Base64.getEncoder().encodeToString("test:test".getBytes()));
-
 		assertThat(convertToToken(request)).isNull();
 	}
 
@@ -119,7 +112,6 @@ public class ServerBearerTokenAuthenticationConverterTests {
 	public void resolveWhenHeaderWithMissingTokenIsPresentThenAuthenticationExceptionIsThrown() {
 		MockServerHttpRequest.BaseBuilder<?> request = MockServerHttpRequest.get("/").header(HttpHeaders.AUTHORIZATION,
 				"Bearer ");
-
 		assertThatCode(() -> convertToToken(request)).isInstanceOf(OAuth2AuthenticationException.class)
 				.hasMessageContaining(("Bearer token is malformed"));
 	}
@@ -128,7 +120,6 @@ public class ServerBearerTokenAuthenticationConverterTests {
 	public void resolveWhenHeaderWithInvalidCharactersIsPresentThenAuthenticationExceptionIsThrown() {
 		MockServerHttpRequest.BaseBuilder<?> request = MockServerHttpRequest.get("/").header(HttpHeaders.AUTHORIZATION,
 				"Bearer an\"invalid\"token");
-
 		assertThatCode(() -> convertToToken(request)).isInstanceOf(OAuth2AuthenticationException.class)
 				.hasMessageContaining(("Bearer token is malformed"));
 	}
@@ -138,7 +129,6 @@ public class ServerBearerTokenAuthenticationConverterTests {
 	public void resolveWhenHeaderWithInvalidCharactersIsPresentAndNotSubscribedThenNoneExceptionIsThrown() {
 		MockServerHttpRequest.BaseBuilder<?> request = MockServerHttpRequest.get("/").header(HttpHeaders.AUTHORIZATION,
 				"Bearer an\"invalid\"token");
-
 		assertThatCode(() -> this.converter.convert(MockServerWebExchange.from(request))).doesNotThrowAnyException();
 	}
 
@@ -146,7 +136,6 @@ public class ServerBearerTokenAuthenticationConverterTests {
 	public void resolveWhenValidHeaderIsPresentTogetherWithQueryParameterThenAuthenticationExceptionIsThrown() {
 		MockServerHttpRequest.BaseBuilder<?> request = MockServerHttpRequest.get("/")
 				.queryParam("access_token", TEST_TOKEN).header(HttpHeaders.AUTHORIZATION, "Bearer " + TEST_TOKEN);
-
 		assertThatCode(() -> convertToToken(request)).isInstanceOf(OAuth2AuthenticationException.class)
 				.hasMessageContaining("Found multiple bearer tokens in the request");
 	}
@@ -154,10 +143,8 @@ public class ServerBearerTokenAuthenticationConverterTests {
 	@Test
 	public void resolveWhenQueryParameterIsPresentAndSupportedThenTokenIsResolved() {
 		this.converter.setAllowUriQueryParameter(true);
-
 		MockServerHttpRequest.BaseBuilder<?> request = MockServerHttpRequest.get("/").queryParam("access_token",
 				TEST_TOKEN);
-
 		assertThat(convertToToken(request).getToken()).isEqualTo(TEST_TOKEN);
 	}
 
@@ -165,9 +152,7 @@ public class ServerBearerTokenAuthenticationConverterTests {
 	@Test
 	public void resolveWhenQueryParameterIsEmptyAndSupportedThenOAuth2AuthenticationException() {
 		this.converter.setAllowUriQueryParameter(true);
-
 		MockServerHttpRequest.BaseBuilder<?> request = MockServerHttpRequest.get("/").queryParam("access_token", "");
-
 		OAuth2AuthenticationException expected = catchThrowableOfType(() -> convertToToken(request),
 				OAuth2AuthenticationException.class);
 		BearerTokenError error = (BearerTokenError) expected.getError();
@@ -180,7 +165,6 @@ public class ServerBearerTokenAuthenticationConverterTests {
 	public void resolveWhenQueryParameterIsPresentAndNotSupportedThenTokenIsNotResolved() {
 		MockServerHttpRequest.BaseBuilder<?> request = MockServerHttpRequest.get("/").queryParam("access_token",
 				TEST_TOKEN);
-
 		assertThat(convertToToken(request)).isNull();
 	}
 
diff --git a/openid/src/test/java/org/springframework/security/openid/OpenID4JavaConsumerTests.java b/openid/src/test/java/org/springframework/security/openid/OpenID4JavaConsumerTests.java
index 96bc08cfee..2b9887d8e7 100644
--- a/openid/src/test/java/org/springframework/security/openid/OpenID4JavaConsumerTests.java
+++ b/openid/src/test/java/org/springframework/security/openid/OpenID4JavaConsumerTests.java
@@ -62,22 +62,16 @@ public class OpenID4JavaConsumerTests {
 		ConsumerManager mgr = mock(ConsumerManager.class);
 		AuthRequest authReq = mock(AuthRequest.class);
 		DiscoveryInformation di = mock(DiscoveryInformation.class);
-
 		given(mgr.authenticate(any(DiscoveryInformation.class), any(), any())).willReturn(authReq);
 		given(mgr.associate(any())).willReturn(di);
-
 		OpenID4JavaConsumer consumer = new OpenID4JavaConsumer(mgr, new MockAttributesFactory());
-
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		consumer.beginConsumption(request, "", "", "");
-
 		assertThat(request.getSession().getAttribute("SPRING_SECURITY_OPEN_ID_ATTRIBUTES_FETCH_LIST"))
 				.isEqualTo(this.attributes);
 		assertThat(request.getSession().getAttribute(DiscoveryInformation.class.getName())).isEqualTo(di);
-
 		// Check with empty attribute fetch list
 		consumer = new OpenID4JavaConsumer(mgr, new NullAxFetchListFactory());
-
 		request = new MockHttpServletRequest();
 		consumer.beginConsumption(request, "", "", "");
 	}
@@ -94,7 +88,6 @@ public class OpenID4JavaConsumerTests {
 	public void messageOrConsumerAuthenticationExceptionRaisesOpenIDException() throws Exception {
 		ConsumerManager mgr = mock(ConsumerManager.class);
 		OpenID4JavaConsumer consumer = new OpenID4JavaConsumer(mgr, new NullAxFetchListFactory());
-
 		given(mgr.authenticate(ArgumentMatchers.<DiscoveryInformation>any(), any(), any()))
 				.willThrow(new MessageException("msg"), new ConsumerException("msg"));
 		try {
@@ -103,7 +96,6 @@ public class OpenID4JavaConsumerTests {
 		}
 		catch (OpenIDConsumerException expected) {
 		}
-
 		try {
 			consumer.beginConsumption(new MockHttpServletRequest(), "", "", "");
 			fail("OpenIDConsumerException was not thrown");
@@ -118,15 +110,10 @@ public class OpenID4JavaConsumerTests {
 		OpenID4JavaConsumer consumer = new OpenID4JavaConsumer(mgr, new NullAxFetchListFactory());
 		VerificationResult vr = mock(VerificationResult.class);
 		DiscoveryInformation di = mock(DiscoveryInformation.class);
-
 		given(mgr.verify(any(), any(ParameterList.class), any(DiscoveryInformation.class))).willReturn(vr);
-
 		MockHttpServletRequest request = new MockHttpServletRequest();
-
 		request.getSession().setAttribute(DiscoveryInformation.class.getName(), di);
-
 		OpenIDAuthenticationToken auth = consumer.endConsumption(request);
-
 		assertThat(auth.getStatus()).isEqualTo(OpenIDAuthenticationStatus.FAILURE);
 	}
 
@@ -134,34 +121,28 @@ public class OpenID4JavaConsumerTests {
 	public void verificationExceptionsRaiseOpenIDException() throws Exception {
 		ConsumerManager mgr = mock(ConsumerManager.class);
 		OpenID4JavaConsumer consumer = new OpenID4JavaConsumer(mgr, new NullAxFetchListFactory());
-
 		given(mgr.verify(any(), any(ParameterList.class), any(DiscoveryInformation.class)))
 				.willThrow(new MessageException(""), new AssociationException(""), new DiscoveryException(""));
-
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setQueryString("x=5");
-
 		try {
 			consumer.endConsumption(request);
 			fail("OpenIDConsumerException was not thrown");
 		}
 		catch (OpenIDConsumerException expected) {
 		}
-
 		try {
 			consumer.endConsumption(request);
 			fail("OpenIDConsumerException was not thrown");
 		}
 		catch (OpenIDConsumerException expected) {
 		}
-
 		try {
 			consumer.endConsumption(request);
 			fail("OpenIDConsumerException was not thrown");
 		}
 		catch (OpenIDConsumerException expected) {
 		}
-
 	}
 
 	@SuppressWarnings("serial")
@@ -173,18 +154,13 @@ public class OpenID4JavaConsumerTests {
 		DiscoveryInformation di = mock(DiscoveryInformation.class);
 		Identifier id = (Identifier) () -> "id";
 		Message msg = mock(Message.class);
-
 		given(mgr.verify(any(), any(ParameterList.class), any(DiscoveryInformation.class))).willReturn(vr);
 		given(vr.getVerifiedId()).willReturn(id);
 		given(vr.getAuthResponse()).willReturn(msg);
-
 		MockHttpServletRequest request = new MockHttpServletRequest();
-
 		request.getSession().setAttribute(DiscoveryInformation.class.getName(), di);
 		request.getSession().setAttribute("SPRING_SECURITY_OPEN_ID_ATTRIBUTES_FETCH_LIST", this.attributes);
-
 		OpenIDAuthenticationToken auth = consumer.endConsumption(request);
-
 		assertThat(auth.getStatus()).isEqualTo(OpenIDAuthenticationStatus.SUCCESS);
 	}
 
@@ -196,9 +172,7 @@ public class OpenID4JavaConsumerTests {
 		given(msg.hasExtension(AxMessage.OPENID_NS_AX)).willReturn(true);
 		given(msg.getExtension(AxMessage.OPENID_NS_AX)).willReturn(fr);
 		given(fr.getAttributeValues("a")).willReturn(Arrays.asList("x", "y"));
-
 		List<OpenIDAttribute> fetched = consumer.fetchAxAttributes(msg, this.attributes);
-
 		assertThat(fetched).hasSize(1);
 		assertThat(fetched.get(0).getValues()).hasSize(2);
 	}
@@ -211,7 +185,6 @@ public class OpenID4JavaConsumerTests {
 		given(msg.hasExtension(AxMessage.OPENID_NS_AX)).willReturn(true);
 		given(msg.getExtension(AxMessage.OPENID_NS_AX)).willThrow(new MessageException(""));
 		given(fr.getAttributeValues("a")).willReturn(Arrays.asList("x", "y"));
-
 		consumer.fetchAxAttributes(msg, this.attributes);
 	}
 
diff --git a/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationFilterTests.java b/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationFilterTests.java
index d114122f43..546bb81a4e 100644
--- a/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationFilterTests.java
+++ b/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationFilterTests.java
@@ -75,10 +75,8 @@ public class OpenIDAuthenticationFilterTests {
 		req.setRequestURI(REQUEST_PATH);
 		req.setServerPort(8080);
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		req.setParameter("openid_identifier", " " + CLAIMED_IDENTITY_URL);
 		req.setRemoteHost("www.example.com");
-
 		this.filter.setConsumer(new MockOpenIDConsumer() {
 			@Override
 			public String beginConsumption(HttpServletRequest req, String claimedIdentity, String returnToUrl,
@@ -89,7 +87,6 @@ public class OpenIDAuthenticationFilterTests {
 				return REDIRECT_URL;
 			}
 		});
-
 		FilterChain fc = mock(FilterChain.class);
 		this.filter.doFilter(req, response, fc);
 		assertThat(response.getRedirectedUrl()).isEqualTo(REDIRECT_URL);
@@ -108,7 +105,6 @@ public class OpenIDAuthenticationFilterTests {
 		MockHttpServletRequest req = new MockHttpServletRequest("GET", REQUEST_PATH);
 		req.addParameter(paramName, paramValue);
 		this.filter.setReturnToUrlParameters(Collections.singleton(paramName));
-
 		URI returnTo = new URI(this.filter.buildReturnToUrl(req));
 		String query = returnTo.getRawQuery();
 		assertThat(count(query, '=')).isEqualTo(1);
diff --git a/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationProviderTests.java b/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationProviderTests.java
index aac025770f..65ad76bf72 100644
--- a/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationProviderTests.java
+++ b/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationProviderTests.java
@@ -57,12 +57,9 @@ public class OpenIDAuthenticationProviderTests {
 		OpenIDAuthenticationProvider provider = new OpenIDAuthenticationProvider();
 		provider.setUserDetailsService(new MockUserDetailsService());
 		provider.setAuthoritiesMapper(new NullAuthoritiesMapper());
-
 		Authentication preAuth = new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.CANCELLED, USERNAME, "",
 				null);
-
 		assertThat(preAuth.isAuthenticated()).isFalse();
-
 		try {
 			provider.authenticate(preAuth);
 			fail("Should throw an AuthenticationException");
@@ -81,11 +78,8 @@ public class OpenIDAuthenticationProviderTests {
 	public void testAuthenticateError() {
 		OpenIDAuthenticationProvider provider = new OpenIDAuthenticationProvider();
 		provider.setUserDetailsService(new MockUserDetailsService());
-
 		Authentication preAuth = new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.ERROR, USERNAME, "", null);
-
 		assertThat(preAuth.isAuthenticated()).isFalse();
-
 		try {
 			provider.authenticate(preAuth);
 			fail("Should throw an AuthenticationException");
@@ -105,11 +99,8 @@ public class OpenIDAuthenticationProviderTests {
 		OpenIDAuthenticationProvider provider = new OpenIDAuthenticationProvider();
 		provider.setAuthenticationUserDetailsService(
 				new UserDetailsByNameServiceWrapper<>(new MockUserDetailsService()));
-
 		Authentication preAuth = new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.FAILURE, USERNAME, "", null);
-
 		assertThat(preAuth.isAuthenticated()).isFalse();
-
 		try {
 			provider.authenticate(preAuth);
 			fail("Should throw an AuthenticationException");
@@ -128,12 +119,9 @@ public class OpenIDAuthenticationProviderTests {
 	public void testAuthenticateSetupNeeded() {
 		OpenIDAuthenticationProvider provider = new OpenIDAuthenticationProvider();
 		provider.setUserDetailsService(new MockUserDetailsService());
-
 		Authentication preAuth = new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.SETUP_NEEDED, USERNAME, "",
 				null);
-
 		assertThat(preAuth.isAuthenticated()).isFalse();
-
 		try {
 			provider.authenticate(preAuth);
 			fail("Should throw an AuthenticationException");
@@ -153,13 +141,9 @@ public class OpenIDAuthenticationProviderTests {
 	public void testAuthenticateSuccess() {
 		OpenIDAuthenticationProvider provider = new OpenIDAuthenticationProvider();
 		provider.setUserDetailsService(new MockUserDetailsService());
-
 		Authentication preAuth = new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.SUCCESS, USERNAME, "", null);
-
 		assertThat(preAuth.isAuthenticated()).isFalse();
-
 		Authentication postAuth = provider.authenticate(preAuth);
-
 		assertThat(postAuth).isNotNull();
 		assertThat(postAuth instanceof OpenIDAuthenticationToken).isTrue();
 		assertThat(postAuth.isAuthenticated()).isTrue();
@@ -174,7 +158,6 @@ public class OpenIDAuthenticationProviderTests {
 	@Test
 	public void testDetectsMissingAuthoritiesPopulator() throws Exception {
 		OpenIDAuthenticationProvider provider = new OpenIDAuthenticationProvider();
-
 		try {
 			provider.afterPropertiesSet();
 			fail("Should have thrown Exception");
@@ -193,7 +176,6 @@ public class OpenIDAuthenticationProviderTests {
 	public void testDoesntSupport() {
 		OpenIDAuthenticationProvider provider = new OpenIDAuthenticationProvider();
 		provider.setUserDetailsService(new MockUserDetailsService());
-
 		assertThat(provider.supports(UsernamePasswordAuthenticationToken.class)).isFalse();
 	}
 
@@ -206,7 +188,6 @@ public class OpenIDAuthenticationProviderTests {
 	public void testIgnoresUserPassAuthToken() {
 		OpenIDAuthenticationProvider provider = new OpenIDAuthenticationProvider();
 		provider.setUserDetailsService(new MockUserDetailsService());
-
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(USERNAME, "password");
 		assertThat(provider.authenticate(token)).isNull();
 	}
@@ -220,7 +201,6 @@ public class OpenIDAuthenticationProviderTests {
 	public void testSupports() {
 		OpenIDAuthenticationProvider provider = new OpenIDAuthenticationProvider();
 		provider.setUserDetailsService(new MockUserDetailsService());
-
 		assertThat(provider.supports(OpenIDAuthenticationToken.class)).isTrue();
 	}
 
@@ -234,7 +214,6 @@ public class OpenIDAuthenticationProviderTests {
 		catch (IllegalArgumentException ex) {
 			// expected
 		}
-
 		provider = new OpenIDAuthenticationProvider();
 		provider.setUserDetailsService(new MockUserDetailsService());
 		provider.afterPropertiesSet();
diff --git a/remoting/src/test/java/org/springframework/security/remoting/dns/JndiDnsResolverTests.java b/remoting/src/test/java/org/springframework/security/remoting/dns/JndiDnsResolverTests.java
index 470429ec38..9dc14e37e9 100644
--- a/remoting/src/test/java/org/springframework/security/remoting/dns/JndiDnsResolverTests.java
+++ b/remoting/src/test/java/org/springframework/security/remoting/dns/JndiDnsResolverTests.java
@@ -55,9 +55,7 @@ public class JndiDnsResolverTests {
 	@Test
 	public void testResolveIpAddress() throws Exception {
 		Attributes records = new BasicAttributes("A", "63.246.7.80");
-
 		given(this.context.getAttributes("www.springsource.com", new String[] { "A" })).willReturn(records);
-
 		String ipAddress = this.dnsResolver.resolveIpAddress("www.springsource.com");
 		assertThat(ipAddress).isEqualTo("63.246.7.80");
 	}
@@ -66,16 +64,13 @@ public class JndiDnsResolverTests {
 	public void testResolveIpAddressNotExisting() throws Exception {
 		given(this.context.getAttributes(any(String.class), any(String[].class)))
 				.willThrow(new NameNotFoundException("not found"));
-
 		this.dnsResolver.resolveIpAddress("notexisting.ansdansdugiuzgguzgioansdiandwq.foo");
 	}
 
 	@Test
 	public void testResolveServiceEntry() throws Exception {
 		BasicAttributes records = createSrvRecords();
-
 		given(this.context.getAttributes("_ldap._tcp.springsource.com", new String[] { "SRV" })).willReturn(records);
-
 		String hostname = this.dnsResolver.resolveServiceEntry("ldap", "springsource.com");
 		assertThat(hostname).isEqualTo("kdc.springsource.com");
 	}
@@ -84,7 +79,6 @@ public class JndiDnsResolverTests {
 	public void testResolveServiceEntryNotExisting() throws Exception {
 		given(this.context.getAttributes(any(String.class), any(String[].class)))
 				.willThrow(new NameNotFoundException("not found"));
-
 		this.dnsResolver.resolveServiceEntry("wrong", "secpod.de");
 	}
 
@@ -94,7 +88,6 @@ public class JndiDnsResolverTests {
 		BasicAttributes aRecords = new BasicAttributes("A", "63.246.7.80");
 		given(this.context.getAttributes("_ldap._tcp.springsource.com", new String[] { "SRV" })).willReturn(srvRecords);
 		given(this.context.getAttributes("kdc.springsource.com", new String[] { "A" })).willReturn(aRecords);
-
 		String ipAddress = this.dnsResolver.resolveServiceIpAddress("ldap", "springsource.com");
 		assertThat(ipAddress).isEqualTo("63.246.7.80");
 	}
diff --git a/remoting/src/test/java/org/springframework/security/remoting/httpinvoker/AuthenticationSimpleHttpInvokerRequestExecutorTests.java b/remoting/src/test/java/org/springframework/security/remoting/httpinvoker/AuthenticationSimpleHttpInvokerRequestExecutorTests.java
index e6b75ac958..4bc006bcd9 100644
--- a/remoting/src/test/java/org/springframework/security/remoting/httpinvoker/AuthenticationSimpleHttpInvokerRequestExecutorTests.java
+++ b/remoting/src/test/java/org/springframework/security/remoting/httpinvoker/AuthenticationSimpleHttpInvokerRequestExecutorTests.java
@@ -50,13 +50,11 @@ public class AuthenticationSimpleHttpInvokerRequestExecutorTests {
 		// Setup client-side context
 		Authentication clientSideAuthentication = new UsernamePasswordAuthenticationToken("Aladdin", "open sesame");
 		SecurityContextHolder.getContext().setAuthentication(clientSideAuthentication);
-
 		// Create a connection and ensure our executor sets its
 		// properties correctly
 		AuthenticationSimpleHttpInvokerRequestExecutor executor = new AuthenticationSimpleHttpInvokerRequestExecutor();
 		HttpURLConnection conn = new MockHttpURLConnection(new URL("https://localhost/"));
 		executor.prepareConnection(conn, 10);
-
 		// Check connection properties
 		// See https://tools.ietf.org/html/rfc1945 section 11.1 for example
 		// we are comparing against
@@ -66,13 +64,11 @@ public class AuthenticationSimpleHttpInvokerRequestExecutorTests {
 	@Test
 	public void testNullContextHolderIsNull() throws Exception {
 		SecurityContextHolder.getContext().setAuthentication(null);
-
 		// Create a connection and ensure our executor sets its
 		// properties correctly
 		AuthenticationSimpleHttpInvokerRequestExecutor executor = new AuthenticationSimpleHttpInvokerRequestExecutor();
 		HttpURLConnection conn = new MockHttpURLConnection(new URL("https://localhost/"));
 		executor.prepareConnection(conn, 10);
-
 		// Check connection properties (shouldn't be an Authorization header)
 		assertThat(conn.getRequestProperty("Authorization")).isNull();
 	}
@@ -83,13 +79,11 @@ public class AuthenticationSimpleHttpInvokerRequestExecutorTests {
 		AnonymousAuthenticationToken anonymous = new AnonymousAuthenticationToken("key", "principal",
 				AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS"));
 		SecurityContextHolder.getContext().setAuthentication(anonymous);
-
 		// Create a connection and ensure our executor sets its
 		// properties correctly
 		AuthenticationSimpleHttpInvokerRequestExecutor executor = new AuthenticationSimpleHttpInvokerRequestExecutor();
 		HttpURLConnection conn = new MockHttpURLConnection(new URL("https://localhost/"));
 		executor.prepareConnection(conn, 10);
-
 		// Check connection properties (shouldn't be an Authorization header)
 		assertThat(conn.getRequestProperty("Authorization")).isNull();
 	}
diff --git a/remoting/src/test/java/org/springframework/security/remoting/rmi/ContextPropagatingRemoteInvocationTests.java b/remoting/src/test/java/org/springframework/security/remoting/rmi/ContextPropagatingRemoteInvocationTests.java
index bfb1143fe6..b7512c245e 100644
--- a/remoting/src/test/java/org/springframework/security/remoting/rmi/ContextPropagatingRemoteInvocationTests.java
+++ b/remoting/src/test/java/org/springframework/security/remoting/rmi/ContextPropagatingRemoteInvocationTests.java
@@ -49,9 +49,7 @@ public class ContextPropagatingRemoteInvocationTests {
 		Class<TargetObject> clazz = TargetObject.class;
 		Method method = clazz.getMethod("makeLowerCase", new Class[] { String.class });
 		MethodInvocation mi = new SimpleMethodInvocation(new TargetObject(), method, "SOME_STRING");
-
 		ContextPropagatingRemoteInvocationFactory factory = new ContextPropagatingRemoteInvocationFactory();
-
 		return (ContextPropagatingRemoteInvocation) factory.createRemoteInvocation(mi);
 	}
 
@@ -60,9 +58,7 @@ public class ContextPropagatingRemoteInvocationTests {
 		// Setup client-side context
 		Authentication clientSideAuthentication = new UsernamePasswordAuthenticationToken("rod", "koala");
 		SecurityContextHolder.getContext().setAuthentication(clientSideAuthentication);
-
 		ContextPropagatingRemoteInvocation remoteInvocation = getRemoteInvocation();
-
 		try {
 			// Set up the wrong arguments.
 			remoteInvocation.setArguments(new Object[] {});
@@ -72,7 +68,6 @@ public class ContextPropagatingRemoteInvocationTests {
 		catch (IllegalArgumentException ex) {
 			// expected
 		}
-
 		assertThat(SecurityContextHolder.getContext().getAuthentication())
 				.withFailMessage("Authentication must be null").isNull();
 	}
@@ -82,14 +77,11 @@ public class ContextPropagatingRemoteInvocationTests {
 		// Setup client-side context
 		Authentication clientSideAuthentication = new UsernamePasswordAuthenticationToken("rod", "koala");
 		SecurityContextHolder.getContext().setAuthentication(clientSideAuthentication);
-
 		ContextPropagatingRemoteInvocation remoteInvocation = getRemoteInvocation();
-
 		// Set to null, as ContextPropagatingRemoteInvocation already obtained
 		// a copy and nulling is necessary to ensure the Context delivered by
 		// ContextPropagatingRemoteInvocation is used on server-side
 		SecurityContextHolder.clearContext();
-
 		// The result from invoking the TargetObject should contain the
 		// Authentication class delivered via the SecurityContextHolder
 		assertThat(remoteInvocation.invoke(new TargetObject())).isEqualTo(
@@ -99,11 +91,9 @@ public class ContextPropagatingRemoteInvocationTests {
 	@Test
 	public void testNullContextHolderDoesNotCauseInvocationProblems() throws Exception {
 		SecurityContextHolder.clearContext(); // just to be explicit
-
 		ContextPropagatingRemoteInvocation remoteInvocation = getRemoteInvocation();
 		SecurityContextHolder.clearContext(); // unnecessary, but for
 												// explicitness
-
 		assertThat(remoteInvocation.invoke(new TargetObject())).isEqualTo("some_string Authentication empty");
 	}
 
@@ -112,7 +102,6 @@ public class ContextPropagatingRemoteInvocationTests {
 	public void testNullCredentials() throws Exception {
 		Authentication clientSideAuthentication = new UsernamePasswordAuthenticationToken("rod", null);
 		SecurityContextHolder.getContext().setAuthentication(clientSideAuthentication);
-
 		ContextPropagatingRemoteInvocation remoteInvocation = getRemoteInvocation();
 		assertThat(ReflectionTestUtils.getField(remoteInvocation, "credentials")).isNull();
 	}
diff --git a/rsocket/src/test/java/org/springframework/security/rsocket/authentication/AnonymousPayloadInterceptorTests.java b/rsocket/src/test/java/org/springframework/security/rsocket/authentication/AnonymousPayloadInterceptorTests.java
index 5c6c5f8d14..d6a5dbe45d 100644
--- a/rsocket/src/test/java/org/springframework/security/rsocket/authentication/AnonymousPayloadInterceptorTests.java
+++ b/rsocket/src/test/java/org/springframework/security/rsocket/authentication/AnonymousPayloadInterceptorTests.java
@@ -81,11 +81,8 @@ public class AnonymousPayloadInterceptorTests {
 	@Test
 	public void interceptWhenNoAuthenticationThenAnonymousAuthentication() {
 		AuthenticationPayloadInterceptorChain chain = new AuthenticationPayloadInterceptorChain();
-
 		this.interceptor.intercept(this.exchange, chain).block();
-
 		Authentication authentication = chain.getAuthentication();
-
 		assertThat(authentication).isInstanceOf(AnonymousAuthenticationToken.class);
 	}
 
@@ -93,12 +90,9 @@ public class AnonymousPayloadInterceptorTests {
 	public void interceptWhenAuthenticationThenOriginalAuthentication() {
 		AuthenticationPayloadInterceptorChain chain = new AuthenticationPayloadInterceptorChain();
 		TestingAuthenticationToken expected = new TestingAuthenticationToken("test", "password");
-
 		this.interceptor.intercept(this.exchange, chain)
 				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(expected)).block();
-
 		Authentication authentication = chain.getAuthentication();
-
 		assertThat(authentication).isEqualTo(expected);
 	}
 
diff --git a/rsocket/src/test/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadInterceptorTests.java b/rsocket/src/test/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadInterceptorTests.java
index 061d590faf..684b3442be 100644
--- a/rsocket/src/test/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadInterceptorTests.java
+++ b/rsocket/src/test/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadInterceptorTests.java
@@ -85,12 +85,9 @@ public class AuthenticationPayloadInterceptorTests {
 		PayloadExchange exchange = createExchange();
 		TestingAuthenticationToken expectedAuthentication = new TestingAuthenticationToken("user", "password");
 		given(this.authenticationManager.authenticate(any())).willReturn(Mono.just(expectedAuthentication));
-
 		AuthenticationPayloadInterceptorChain authenticationPayloadChain = new AuthenticationPayloadInterceptorChain();
 		interceptor.intercept(exchange, authenticationPayloadChain).block();
-
 		Authentication authentication = authenticationPayloadChain.getAuthentication();
-
 		verify(this.authenticationManager).authenticate(this.authenticationArg.capture());
 		assertThat(this.authenticationArg.getValue())
 				.isEqualToComparingFieldByField(new UsernamePasswordAuthenticationToken("user", "password"));
@@ -100,21 +97,17 @@ public class AuthenticationPayloadInterceptorTests {
 	@Test
 	public void interceptWhenAuthenticationSuccessThenChainSubscribedOnce() {
 		AuthenticationPayloadInterceptor interceptor = new AuthenticationPayloadInterceptor(this.authenticationManager);
-
 		PayloadExchange exchange = createExchange();
 		TestingAuthenticationToken expectedAuthentication = new TestingAuthenticationToken("user", "password");
 		given(this.authenticationManager.authenticate(any())).willReturn(Mono.just(expectedAuthentication));
-
 		PublisherProbe<Void> voidResult = PublisherProbe.empty();
 		PayloadInterceptorChain chain = mock(PayloadInterceptorChain.class);
 		given(chain.next(any())).willReturn(voidResult.mono());
-
 		StepVerifier.create(interceptor.intercept(exchange, chain))
 				.then(() -> assertThat(voidResult.subscribeCount()).isEqualTo(1)).verifyComplete();
 	}
 
 	private Payload createRequestPayload() {
-
 		UsernamePasswordMetadata credentials = new UsernamePasswordMetadata("user", "password");
 		BasicAuthenticationEncoder encoder = new BasicAuthenticationEncoder();
 		DefaultDataBufferFactory factory = new DefaultDataBufferFactory();
@@ -122,12 +115,10 @@ public class AuthenticationPayloadInterceptorTests {
 		MimeType mimeType = UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE;
 		Map<String, Object> hints = null;
 		DataBuffer dataBuffer = encoder.encodeValue(credentials, factory, elementType, mimeType, hints);
-
 		ByteBufAllocator allocator = ByteBufAllocator.DEFAULT;
 		CompositeByteBuf metadata = allocator.compositeBuffer();
 		CompositeMetadataCodec.encodeAndAddMetadata(metadata, allocator, mimeType.toString(),
 				NettyDataBufferFactory.toByteBuf(dataBuffer));
-
 		return DefaultPayload.create(allocator.buffer(), metadata);
 	}
 
diff --git a/rsocket/src/test/java/org/springframework/security/rsocket/authorization/AuthorizationPayloadInterceptorTests.java b/rsocket/src/test/java/org/springframework/security/rsocket/authorization/AuthorizationPayloadInterceptorTests.java
index edaac04759..a4bbd99bd9 100644
--- a/rsocket/src/test/java/org/springframework/security/rsocket/authorization/AuthorizationPayloadInterceptorTests.java
+++ b/rsocket/src/test/java/org/springframework/security/rsocket/authorization/AuthorizationPayloadInterceptorTests.java
@@ -60,10 +60,8 @@ public class AuthorizationPayloadInterceptorTests {
 	@Test
 	public void interceptWhenAuthenticationEmptyAndSubscribedThenException() {
 		given(this.chain.next(any())).willReturn(this.chainResult.mono());
-
 		AuthorizationPayloadInterceptor interceptor = new AuthorizationPayloadInterceptor(
 				AuthenticatedReactiveAuthorizationManager.authenticated());
-
 		StepVerifier.create(interceptor.intercept(this.exchange, this.chain))
 				.then(() -> this.chainResult.assertWasNotSubscribed())
 				.verifyError(AuthenticationCredentialsNotFoundException.class);
@@ -73,9 +71,7 @@ public class AuthorizationPayloadInterceptorTests {
 	public void interceptWhenAuthenticationNotSubscribedAndEmptyThenCompletes() {
 		given(this.chain.next(any())).willReturn(this.chainResult.mono());
 		given(this.authorizationManager.verify(any(), any())).willReturn(this.managerResult.mono());
-
 		AuthorizationPayloadInterceptor interceptor = new AuthorizationPayloadInterceptor(this.authorizationManager);
-
 		StepVerifier.create(interceptor.intercept(this.exchange, this.chain))
 				.then(() -> this.chainResult.assertWasSubscribed()).verifyComplete();
 	}
@@ -83,14 +79,11 @@ public class AuthorizationPayloadInterceptorTests {
 	@Test
 	public void interceptWhenNotAuthorizedThenException() {
 		given(this.chain.next(any())).willReturn(this.chainResult.mono());
-
 		AuthorizationPayloadInterceptor interceptor = new AuthorizationPayloadInterceptor(
 				AuthorityReactiveAuthorizationManager.hasRole("USER"));
 		Context userContext = ReactiveSecurityContextHolder
 				.withAuthentication(new TestingAuthenticationToken("user", "password"));
-
 		Mono<Void> intercept = interceptor.intercept(this.exchange, this.chain).subscriberContext(userContext);
-
 		StepVerifier.create(intercept).then(() -> this.chainResult.assertWasNotSubscribed())
 				.verifyError(AccessDeniedException.class);
 	}
@@ -98,14 +91,11 @@ public class AuthorizationPayloadInterceptorTests {
 	@Test
 	public void interceptWhenAuthorizedThenContinues() {
 		given(this.chain.next(any())).willReturn(this.chainResult.mono());
-
 		AuthorizationPayloadInterceptor interceptor = new AuthorizationPayloadInterceptor(
 				AuthenticatedReactiveAuthorizationManager.authenticated());
 		Context userContext = ReactiveSecurityContextHolder
 				.withAuthentication(new TestingAuthenticationToken("user", "password", "ROLE_USER"));
-
 		Mono<Void> intercept = interceptor.intercept(this.exchange, this.chain).subscriberContext(userContext);
-
 		StepVerifier.create(intercept).then(() -> this.chainResult.assertWasSubscribed()).verifyComplete();
 	}
 
diff --git a/rsocket/src/test/java/org/springframework/security/rsocket/authorization/PayloadExchangeMatcherReactiveAuthorizationManagerTests.java b/rsocket/src/test/java/org/springframework/security/rsocket/authorization/PayloadExchangeMatcherReactiveAuthorizationManagerTests.java
index ba65b66254..395c528108 100644
--- a/rsocket/src/test/java/org/springframework/security/rsocket/authorization/PayloadExchangeMatcherReactiveAuthorizationManagerTests.java
+++ b/rsocket/src/test/java/org/springframework/security/rsocket/authorization/PayloadExchangeMatcherReactiveAuthorizationManagerTests.java
@@ -56,7 +56,6 @@ public class PayloadExchangeMatcherReactiveAuthorizationManagerTests {
 		PayloadExchangeMatcherReactiveAuthorizationManager manager = PayloadExchangeMatcherReactiveAuthorizationManager
 				.builder().add(new PayloadExchangeMatcherEntry<>(PayloadExchangeMatchers.anyExchange(), this.authz))
 				.build();
-
 		assertThat(manager.check(Mono.empty(), this.exchange).block()).isEqualTo(expected);
 	}
 
@@ -67,7 +66,6 @@ public class PayloadExchangeMatcherReactiveAuthorizationManagerTests {
 		PayloadExchangeMatcherReactiveAuthorizationManager manager = PayloadExchangeMatcherReactiveAuthorizationManager
 				.builder().add(new PayloadExchangeMatcherEntry<>(PayloadExchangeMatchers.anyExchange(), this.authz))
 				.build();
-
 		assertThat(manager.check(Mono.empty(), this.exchange).block()).isEqualTo(expected);
 	}
 
@@ -80,7 +78,6 @@ public class PayloadExchangeMatcherReactiveAuthorizationManagerTests {
 				.add(new PayloadExchangeMatcherEntry<>((e) -> PayloadExchangeMatcher.MatchResult.notMatch(),
 						this.authz2))
 				.build();
-
 		assertThat(manager.check(Mono.empty(), this.exchange).block()).isEqualTo(expected);
 	}
 
@@ -93,7 +90,6 @@ public class PayloadExchangeMatcherReactiveAuthorizationManagerTests {
 				.add(new PayloadExchangeMatcherEntry<>((e) -> PayloadExchangeMatcher.MatchResult.notMatch(),
 						this.authz))
 				.add(new PayloadExchangeMatcherEntry<>(PayloadExchangeMatchers.anyExchange(), this.authz2)).build();
-
 		assertThat(manager.check(Mono.empty(), this.exchange).block()).isEqualTo(expected);
 	}
 
diff --git a/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadInterceptorRSocketTests.java b/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadInterceptorRSocketTests.java
index d41d5b2541..bae021271c 100644
--- a/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadInterceptorRSocketTests.java
+++ b/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadInterceptorRSocketTests.java
@@ -113,18 +113,14 @@ public class PayloadInterceptorRSocketTests {
 	}
 
 	// single interceptor
-
 	@Test
 	public void fireAndForgetWhenInterceptorCompletesThenDelegateSubscribed() {
 		given(this.interceptor.intercept(any(), any())).willAnswer(withChainNext());
 		given(this.delegate.fireAndForget(any())).willReturn(this.voidResult.mono());
-
 		PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(this.delegate,
 				Arrays.asList(this.interceptor), this.metadataMimeType, this.dataMimeType);
-
 		StepVerifier.create(interceptor.fireAndForget(this.payload)).then(() -> this.voidResult.assertWasSubscribed())
 				.verifyComplete();
-
 		verify(this.interceptor).intercept(this.exchange.capture(), any());
 		assertThat(this.exchange.getValue().getPayload()).isEqualTo(this.payload);
 	}
@@ -133,14 +129,11 @@ public class PayloadInterceptorRSocketTests {
 	public void fireAndForgetWhenInterceptorErrorsThenDelegateNotSubscribed() {
 		RuntimeException expected = new RuntimeException("Oops");
 		given(this.interceptor.intercept(any(), any())).willReturn(Mono.error(expected));
-
 		PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(this.delegate,
 				Arrays.asList(this.interceptor), this.metadataMimeType, this.dataMimeType);
-
 		StepVerifier.create(interceptor.fireAndForget(this.payload))
 				.then(() -> this.voidResult.assertWasNotSubscribed())
 				.verifyErrorSatisfies((e) -> assertThat(e).isEqualTo(expected));
-
 		verify(this.interceptor).intercept(this.exchange.capture(), any());
 		assertThat(this.exchange.getValue().getPayload()).isEqualTo(this.payload);
 	}
@@ -150,7 +143,6 @@ public class PayloadInterceptorRSocketTests {
 		TestingAuthenticationToken authentication = new TestingAuthenticationToken("user", "password");
 		given(this.interceptor.intercept(any(), any())).willAnswer(withAuthenticated(authentication));
 		given(this.delegate.fireAndForget(any())).willReturn(Mono.empty());
-
 		RSocket assertAuthentication = new RSocketProxy(this.delegate) {
 			@Override
 			public Mono<Void> fireAndForget(Payload payload) {
@@ -159,9 +151,7 @@ public class PayloadInterceptorRSocketTests {
 		};
 		PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(assertAuthentication,
 				Arrays.asList(this.interceptor), this.metadataMimeType, this.dataMimeType);
-
 		interceptor.fireAndForget(this.payload).block();
-
 		verify(this.interceptor).intercept(this.exchange.capture(), any());
 		assertThat(this.exchange.getValue().getPayload()).isEqualTo(this.payload);
 		verify(this.delegate).fireAndForget(this.payload);
@@ -171,14 +161,11 @@ public class PayloadInterceptorRSocketTests {
 	public void requestResponseWhenInterceptorCompletesThenDelegateSubscribed() {
 		given(this.interceptor.intercept(any(), any())).willReturn(Mono.empty());
 		given(this.delegate.requestResponse(any())).willReturn(this.payloadResult.mono());
-
 		PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(this.delegate,
 				Arrays.asList(this.interceptor), this.metadataMimeType, this.dataMimeType);
-
 		StepVerifier.create(interceptor.requestResponse(this.payload))
 				.then(() -> this.payloadResult.assertSubscribers()).then(() -> this.payloadResult.emit(this.payload))
 				.expectNext(this.payload).verifyComplete();
-
 		verify(this.interceptor).intercept(this.exchange.capture(), any());
 		assertThat(this.exchange.getValue().getPayload()).isEqualTo(this.payload);
 		verify(this.delegate).requestResponse(this.payload);
@@ -188,12 +175,9 @@ public class PayloadInterceptorRSocketTests {
 	public void requestResponseWhenInterceptorErrorsThenDelegateNotInvoked() {
 		RuntimeException expected = new RuntimeException("Oops");
 		given(this.interceptor.intercept(any(), any())).willReturn(Mono.error(expected));
-
 		PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(this.delegate,
 				Arrays.asList(this.interceptor), this.metadataMimeType, this.dataMimeType);
-
 		assertThatCode(() -> interceptor.requestResponse(this.payload).block()).isEqualTo(expected);
-
 		verify(this.interceptor).intercept(this.exchange.capture(), any());
 		assertThat(this.exchange.getValue().getPayload()).isEqualTo(this.payload);
 		verifyZeroInteractions(this.delegate);
@@ -204,7 +188,6 @@ public class PayloadInterceptorRSocketTests {
 		TestingAuthenticationToken authentication = new TestingAuthenticationToken("user", "password");
 		given(this.interceptor.intercept(any(), any())).willAnswer(withAuthenticated(authentication));
 		given(this.delegate.requestResponse(any())).willReturn(this.payloadResult.mono());
-
 		RSocket assertAuthentication = new RSocketProxy(this.delegate) {
 			@Override
 			public Mono<Payload> requestResponse(Payload payload) {
@@ -213,11 +196,9 @@ public class PayloadInterceptorRSocketTests {
 		};
 		PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(assertAuthentication,
 				Arrays.asList(this.interceptor), this.metadataMimeType, this.dataMimeType);
-
 		StepVerifier.create(interceptor.requestResponse(this.payload))
 				.then(() -> this.payloadResult.assertSubscribers()).then(() -> this.payloadResult.emit(this.payload))
 				.expectNext(this.payload).verifyComplete();
-
 		verify(this.interceptor).intercept(this.exchange.capture(), any());
 		assertThat(this.exchange.getValue().getPayload()).isEqualTo(this.payload);
 		verify(this.delegate).requestResponse(this.payload);
@@ -227,13 +208,10 @@ public class PayloadInterceptorRSocketTests {
 	public void requestStreamWhenInterceptorCompletesThenDelegateSubscribed() {
 		given(this.interceptor.intercept(any(), any())).willReturn(Mono.empty());
 		given(this.delegate.requestStream(any())).willReturn(this.payloadResult.flux());
-
 		PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(this.delegate,
 				Arrays.asList(this.interceptor), this.metadataMimeType, this.dataMimeType);
-
 		StepVerifier.create(interceptor.requestStream(this.payload)).then(() -> this.payloadResult.assertSubscribers())
 				.then(() -> this.payloadResult.emit(this.payload)).expectNext(this.payload).verifyComplete();
-
 		verify(this.interceptor).intercept(this.exchange.capture(), any());
 		assertThat(this.exchange.getValue().getPayload()).isEqualTo(this.payload);
 	}
@@ -242,14 +220,11 @@ public class PayloadInterceptorRSocketTests {
 	public void requestStreamWhenInterceptorErrorsThenDelegateNotSubscribed() {
 		RuntimeException expected = new RuntimeException("Oops");
 		given(this.interceptor.intercept(any(), any())).willReturn(Mono.error(expected));
-
 		PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(this.delegate,
 				Arrays.asList(this.interceptor), this.metadataMimeType, this.dataMimeType);
-
 		StepVerifier.create(interceptor.requestStream(this.payload))
 				.then(() -> this.payloadResult.assertNoSubscribers())
 				.verifyErrorSatisfies((e) -> assertThat(e).isEqualTo(expected));
-
 		verify(this.interceptor).intercept(this.exchange.capture(), any());
 		assertThat(this.exchange.getValue().getPayload()).isEqualTo(this.payload);
 	}
@@ -259,7 +234,6 @@ public class PayloadInterceptorRSocketTests {
 		TestingAuthenticationToken authentication = new TestingAuthenticationToken("user", "password");
 		given(this.interceptor.intercept(any(), any())).willAnswer(withAuthenticated(authentication));
 		given(this.delegate.requestStream(any())).willReturn(this.payloadResult.flux());
-
 		RSocket assertAuthentication = new RSocketProxy(this.delegate) {
 			@Override
 			public Flux<Payload> requestStream(Payload payload) {
@@ -268,10 +242,8 @@ public class PayloadInterceptorRSocketTests {
 		};
 		PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(assertAuthentication,
 				Arrays.asList(this.interceptor), this.metadataMimeType, this.dataMimeType);
-
 		StepVerifier.create(interceptor.requestStream(this.payload)).then(() -> this.payloadResult.assertSubscribers())
 				.then(() -> this.payloadResult.emit(this.payload)).expectNext(this.payload).verifyComplete();
-
 		verify(this.interceptor).intercept(this.exchange.capture(), any());
 		assertThat(this.exchange.getValue().getPayload()).isEqualTo(this.payload);
 		verify(this.delegate).requestStream(this.payload);
@@ -281,14 +253,11 @@ public class PayloadInterceptorRSocketTests {
 	public void requestChannelWhenInterceptorCompletesThenDelegateSubscribed() {
 		given(this.interceptor.intercept(any(), any())).willReturn(Mono.empty());
 		given(this.delegate.requestChannel(any())).willReturn(this.payloadResult.flux());
-
 		PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(this.delegate,
 				Arrays.asList(this.interceptor), this.metadataMimeType, this.dataMimeType);
-
 		StepVerifier.create(interceptor.requestChannel(Flux.just(this.payload)))
 				.then(() -> this.payloadResult.assertSubscribers()).then(() -> this.payloadResult.emit(this.payload))
 				.expectNext(this.payload).verifyComplete();
-
 		verify(this.interceptor).intercept(this.exchange.capture(), any());
 		assertThat(this.exchange.getValue().getPayload()).isEqualTo(this.payload);
 		verify(this.delegate).requestChannel(any());
@@ -298,14 +267,11 @@ public class PayloadInterceptorRSocketTests {
 	public void requestChannelWhenInterceptorErrorsThenDelegateNotSubscribed() {
 		RuntimeException expected = new RuntimeException("Oops");
 		given(this.interceptor.intercept(any(), any())).willReturn(Mono.error(expected));
-
 		PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(this.delegate,
 				Arrays.asList(this.interceptor), this.metadataMimeType, this.dataMimeType);
-
 		StepVerifier.create(interceptor.requestChannel(Flux.just(this.payload)))
 				.then(() -> this.payloadResult.assertNoSubscribers())
 				.verifyErrorSatisfies((e) -> assertThat(e).isEqualTo(expected));
-
 		verify(this.interceptor).intercept(this.exchange.capture(), any());
 		assertThat(this.exchange.getValue().getPayload()).isEqualTo(this.payload);
 	}
@@ -316,7 +282,6 @@ public class PayloadInterceptorRSocketTests {
 		TestingAuthenticationToken authentication = new TestingAuthenticationToken("user", "password");
 		given(this.interceptor.intercept(any(), any())).willAnswer(withAuthenticated(authentication));
 		given(this.delegate.requestChannel(any())).willReturn(this.payloadResult.flux());
-
 		RSocket assertAuthentication = new RSocketProxy(this.delegate) {
 			@Override
 			public Flux<Payload> requestChannel(Publisher<Payload> payload) {
@@ -325,10 +290,8 @@ public class PayloadInterceptorRSocketTests {
 		};
 		PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(assertAuthentication,
 				Arrays.asList(this.interceptor), this.metadataMimeType, this.dataMimeType);
-
 		StepVerifier.create(interceptor.requestChannel(payload)).then(() -> this.payloadResult.assertSubscribers())
 				.then(() -> this.payloadResult.emit(this.payload)).expectNext(this.payload).verifyComplete();
-
 		verify(this.interceptor).intercept(this.exchange.capture(), any());
 		assertThat(this.exchange.getValue().getPayload()).isEqualTo(this.payload);
 		verify(this.delegate).requestChannel(any());
@@ -338,13 +301,10 @@ public class PayloadInterceptorRSocketTests {
 	public void metadataPushWhenInterceptorCompletesThenDelegateSubscribed() {
 		given(this.interceptor.intercept(any(), any())).willReturn(Mono.empty());
 		given(this.delegate.metadataPush(any())).willReturn(this.voidResult.mono());
-
 		PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(this.delegate,
 				Arrays.asList(this.interceptor), this.metadataMimeType, this.dataMimeType);
-
 		StepVerifier.create(interceptor.metadataPush(this.payload)).then(() -> this.voidResult.assertWasSubscribed())
 				.verifyComplete();
-
 		verify(this.interceptor).intercept(this.exchange.capture(), any());
 		assertThat(this.exchange.getValue().getPayload()).isEqualTo(this.payload);
 	}
@@ -353,13 +313,10 @@ public class PayloadInterceptorRSocketTests {
 	public void metadataPushWhenInterceptorErrorsThenDelegateNotSubscribed() {
 		RuntimeException expected = new RuntimeException("Oops");
 		given(this.interceptor.intercept(any(), any())).willReturn(Mono.error(expected));
-
 		PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(this.delegate,
 				Arrays.asList(this.interceptor), this.metadataMimeType, this.dataMimeType);
-
 		StepVerifier.create(interceptor.metadataPush(this.payload)).then(() -> this.voidResult.assertWasNotSubscribed())
 				.verifyErrorSatisfies((e) -> assertThat(e).isEqualTo(expected));
-
 		verify(this.interceptor).intercept(this.exchange.capture(), any());
 		assertThat(this.exchange.getValue().getPayload()).isEqualTo(this.payload);
 	}
@@ -369,7 +326,6 @@ public class PayloadInterceptorRSocketTests {
 		TestingAuthenticationToken authentication = new TestingAuthenticationToken("user", "password");
 		given(this.interceptor.intercept(any(), any())).willAnswer(withAuthenticated(authentication));
 		given(this.delegate.metadataPush(any())).willReturn(this.voidResult.mono());
-
 		RSocket assertAuthentication = new RSocketProxy(this.delegate) {
 			@Override
 			public Mono<Void> metadataPush(Payload payload) {
@@ -378,9 +334,7 @@ public class PayloadInterceptorRSocketTests {
 		};
 		PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(assertAuthentication,
 				Arrays.asList(this.interceptor), this.metadataMimeType, this.dataMimeType);
-
 		StepVerifier.create(interceptor.metadataPush(this.payload)).verifyComplete();
-
 		verify(this.interceptor).intercept(this.exchange.capture(), any());
 		assertThat(this.exchange.getValue().getPayload()).isEqualTo(this.payload);
 		verify(this.delegate).metadataPush(this.payload);
@@ -388,18 +342,14 @@ public class PayloadInterceptorRSocketTests {
 	}
 
 	// multiple interceptors
-
 	@Test
 	public void fireAndForgetWhenInterceptorsCompleteThenDelegateInvoked() {
 		given(this.interceptor.intercept(any(), any())).willAnswer(withChainNext());
 		given(this.interceptor2.intercept(any(), any())).willAnswer(withChainNext());
 		given(this.delegate.fireAndForget(any())).willReturn(this.voidResult.mono());
-
 		PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(this.delegate,
 				Arrays.asList(this.interceptor, this.interceptor2), this.metadataMimeType, this.dataMimeType);
-
 		interceptor.fireAndForget(this.payload).block();
-
 		verify(this.interceptor).intercept(this.exchange.capture(), any());
 		assertThat(this.exchange.getValue().getPayload()).isEqualTo(this.payload);
 		this.voidResult.assertWasSubscribed();
@@ -410,12 +360,9 @@ public class PayloadInterceptorRSocketTests {
 		given(this.interceptor.intercept(any(), any())).willAnswer(withChainNext());
 		given(this.interceptor2.intercept(any(), any())).willAnswer(withChainNext());
 		given(this.delegate.fireAndForget(any())).willReturn(this.voidResult.mono());
-
 		PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(this.delegate,
 				Arrays.asList(this.interceptor, this.interceptor2), this.metadataMimeType, this.dataMimeType);
-
 		interceptor.fireAndForget(this.payload).block();
-
 		verify(this.interceptor).intercept(this.exchange.capture(), any());
 		assertThat(this.exchange.getValue().getPayload()).isEqualTo(this.payload);
 		verify(this.interceptor2).intercept(any(), any());
@@ -427,12 +374,9 @@ public class PayloadInterceptorRSocketTests {
 	public void fireAndForgetWhenInterceptor1ErrorsThenInterceptor2AndDelegateNotInvoked() {
 		RuntimeException expected = new RuntimeException("Oops");
 		given(this.interceptor.intercept(any(), any())).willReturn(Mono.error(expected));
-
 		PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(this.delegate,
 				Arrays.asList(this.interceptor, this.interceptor2), this.metadataMimeType, this.dataMimeType);
-
 		assertThatCode(() -> interceptor.fireAndForget(this.payload).block()).isEqualTo(expected);
-
 		verify(this.interceptor).intercept(this.exchange.capture(), any());
 		assertThat(this.exchange.getValue().getPayload()).isEqualTo(this.payload);
 		verifyZeroInteractions(this.interceptor2);
@@ -444,12 +388,9 @@ public class PayloadInterceptorRSocketTests {
 		RuntimeException expected = new RuntimeException("Oops");
 		given(this.interceptor.intercept(any(), any())).willAnswer(withChainNext());
 		given(this.interceptor2.intercept(any(), any())).willReturn(Mono.error(expected));
-
 		PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(this.delegate,
 				Arrays.asList(this.interceptor, this.interceptor2), this.metadataMimeType, this.dataMimeType);
-
 		assertThatCode(() -> interceptor.fireAndForget(this.payload).block()).isEqualTo(expected);
-
 		verify(this.interceptor).intercept(this.exchange.capture(), any());
 		assertThat(this.exchange.getValue().getPayload()).isEqualTo(this.payload);
 		verify(this.interceptor2).intercept(any(), any());
diff --git a/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadSocketAcceptorInterceptorTests.java b/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadSocketAcceptorInterceptorTests.java
index a20686ba3e..1727033cee 100644
--- a/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadSocketAcceptorInterceptorTests.java
+++ b/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadSocketAcceptorInterceptorTests.java
@@ -76,9 +76,7 @@ public class PayloadSocketAcceptorInterceptorTests {
 	@Test
 	public void applyWhenDefaultMetadataMimeTypeThenDefaulted() {
 		given(this.setupPayload.dataMimeType()).willReturn(MediaType.APPLICATION_JSON_VALUE);
-
 		PayloadExchange exchange = captureExchange();
-
 		assertThat(exchange.getMetadataMimeType().toString())
 				.isEqualTo(WellKnownMimeType.MESSAGE_RSOCKET_COMPOSITE_METADATA.getString());
 		assertThat(exchange.getDataMimeType()).isEqualTo(MediaType.APPLICATION_JSON);
@@ -88,9 +86,7 @@ public class PayloadSocketAcceptorInterceptorTests {
 	public void acceptWhenDefaultMetadataMimeTypeOverrideThenDefaulted() {
 		this.acceptorInterceptor.setDefaultMetadataMimeType(MediaType.APPLICATION_JSON);
 		given(this.setupPayload.dataMimeType()).willReturn(MediaType.APPLICATION_JSON_VALUE);
-
 		PayloadExchange exchange = captureExchange();
-
 		assertThat(exchange.getMetadataMimeType()).isEqualTo(MediaType.APPLICATION_JSON);
 		assertThat(exchange.getDataMimeType()).isEqualTo(MediaType.APPLICATION_JSON);
 	}
@@ -98,9 +94,7 @@ public class PayloadSocketAcceptorInterceptorTests {
 	@Test
 	public void acceptWhenDefaultDataMimeTypeThenDefaulted() {
 		this.acceptorInterceptor.setDefaultDataMimeType(MediaType.APPLICATION_JSON);
-
 		PayloadExchange exchange = captureExchange();
-
 		assertThat(exchange.getMetadataMimeType().toString())
 				.isEqualTo(WellKnownMimeType.MESSAGE_RSOCKET_COMPOSITE_METADATA.getString());
 		assertThat(exchange.getDataMimeType()).isEqualTo(MediaType.APPLICATION_JSON);
@@ -109,16 +103,11 @@ public class PayloadSocketAcceptorInterceptorTests {
 	private PayloadExchange captureExchange() {
 		given(this.socketAcceptor.accept(any(), any())).willReturn(Mono.just(this.rSocket));
 		given(this.interceptor.intercept(any(), any())).willReturn(Mono.empty());
-
 		SocketAcceptor wrappedAcceptor = this.acceptorInterceptor.apply(this.socketAcceptor);
 		RSocket result = wrappedAcceptor.accept(this.setupPayload, this.rSocket).block();
-
 		assertThat(result).isInstanceOf(PayloadInterceptorRSocket.class);
-
 		given(this.rSocket.fireAndForget(any())).willReturn(Mono.empty());
-
 		result.fireAndForget(this.payload).block();
-
 		ArgumentCaptor<PayloadExchange> exchangeArg = ArgumentCaptor.forClass(PayloadExchange.class);
 		verify(this.interceptor, times(2)).intercept(exchangeArg.capture(), any());
 		return exchangeArg.getValue();
diff --git a/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadSocketAcceptorTests.java b/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadSocketAcceptorTests.java
index 0f61bf4853..13a2e87b02 100644
--- a/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadSocketAcceptorTests.java
+++ b/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadSocketAcceptorTests.java
@@ -107,9 +107,7 @@ public class PayloadSocketAcceptorTests {
 	@Test
 	public void acceptWhenDefaultMetadataMimeTypeThenDefaulted() {
 		given(this.setupPayload.dataMimeType()).willReturn(MediaType.APPLICATION_JSON_VALUE);
-
 		PayloadExchange exchange = captureExchange();
-
 		assertThat(exchange.getMetadataMimeType().toString())
 				.isEqualTo(WellKnownMimeType.MESSAGE_RSOCKET_COMPOSITE_METADATA.getString());
 		assertThat(exchange.getDataMimeType()).isEqualTo(MediaType.APPLICATION_JSON);
@@ -119,9 +117,7 @@ public class PayloadSocketAcceptorTests {
 	public void acceptWhenDefaultMetadataMimeTypeOverrideThenDefaulted() {
 		this.acceptor.setDefaultMetadataMimeType(MediaType.APPLICATION_JSON);
 		given(this.setupPayload.dataMimeType()).willReturn(MediaType.APPLICATION_JSON_VALUE);
-
 		PayloadExchange exchange = captureExchange();
-
 		assertThat(exchange.getMetadataMimeType()).isEqualTo(MediaType.APPLICATION_JSON);
 		assertThat(exchange.getDataMimeType()).isEqualTo(MediaType.APPLICATION_JSON);
 	}
@@ -129,9 +125,7 @@ public class PayloadSocketAcceptorTests {
 	@Test
 	public void acceptWhenDefaultDataMimeTypeThenDefaulted() {
 		this.acceptor.setDefaultDataMimeType(MediaType.APPLICATION_JSON);
-
 		PayloadExchange exchange = captureExchange();
-
 		assertThat(exchange.getMetadataMimeType().toString())
 				.isEqualTo(WellKnownMimeType.MESSAGE_RSOCKET_COMPOSITE_METADATA.getString());
 		assertThat(exchange.getDataMimeType()).isEqualTo(MediaType.APPLICATION_JSON);
@@ -141,9 +135,7 @@ public class PayloadSocketAcceptorTests {
 	public void acceptWhenExplicitMimeTypeThenThenOverrideDefault() {
 		given(this.setupPayload.metadataMimeType()).willReturn(MediaType.TEXT_PLAIN_VALUE);
 		given(this.setupPayload.dataMimeType()).willReturn(MediaType.APPLICATION_JSON_VALUE);
-
 		PayloadExchange exchange = captureExchange();
-
 		assertThat(exchange.getMetadataMimeType()).isEqualTo(MediaType.TEXT_PLAIN);
 		assertThat(exchange.getDataMimeType()).isEqualTo(MediaType.APPLICATION_JSON);
 	}
@@ -164,24 +156,17 @@ public class PayloadSocketAcceptorTests {
 		};
 		List<PayloadInterceptor> interceptors = Arrays.asList(authenticateInterceptor);
 		this.acceptor = new PayloadSocketAcceptor(captureSecurityContext, interceptors);
-
 		this.acceptor.accept(this.setupPayload, this.rSocket).block();
-
 		assertThat(captureSecurityContext.getSecurityContext()).isEqualTo(expectedSecurityContext);
 	}
 
 	private PayloadExchange captureExchange() {
 		given(this.delegate.accept(any(), any())).willReturn(Mono.just(this.rSocket));
 		given(this.interceptor.intercept(any(), any())).willReturn(Mono.empty());
-
 		RSocket result = this.acceptor.accept(this.setupPayload, this.rSocket).block();
-
 		assertThat(result).isInstanceOf(PayloadInterceptorRSocket.class);
-
 		given(this.rSocket.fireAndForget(any())).willReturn(Mono.empty());
-
 		result.fireAndForget(this.payload).block();
-
 		ArgumentCaptor<PayloadExchange> exchangeArg = ArgumentCaptor.forClass(PayloadExchange.class);
 		verify(this.interceptor, times(2)).intercept(exchangeArg.capture(), any());
 		return exchangeArg.getValue();
diff --git a/rsocket/src/test/java/org/springframework/security/rsocket/metadata/BasicAuthenticationDecoderTests.java b/rsocket/src/test/java/org/springframework/security/rsocket/metadata/BasicAuthenticationDecoderTests.java
index 844747152d..df8aa2c1be 100644
--- a/rsocket/src/test/java/org/springframework/security/rsocket/metadata/BasicAuthenticationDecoderTests.java
+++ b/rsocket/src/test/java/org/springframework/security/rsocket/metadata/BasicAuthenticationDecoderTests.java
@@ -42,11 +42,9 @@ public class BasicAuthenticationDecoderTests {
 		ResolvableType elementType = ResolvableType.forClass(UsernamePasswordMetadata.class);
 		MimeType mimeType = UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE;
 		Map<String, Object> hints = null;
-
 		DataBuffer dataBuffer = encoder.encodeValue(expectedCredentials, factory, elementType, mimeType, hints);
 		UsernamePasswordMetadata actualCredentials = decoder
 				.decodeToMono(Mono.just(dataBuffer), elementType, mimeType, hints).block();
-
 		assertThat(actualCredentials).isEqualToComparingFieldByField(expectedCredentials);
 	}
 
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/core/TestSaml2X509Credentials.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/core/TestSaml2X509Credentials.java
index 9f77a72e41..55cd6b53b9 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/core/TestSaml2X509Credentials.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/core/TestSaml2X509Credentials.java
@@ -135,7 +135,6 @@ public final class TestSaml2X509Credentials {
 	}
 
 	private static X509Certificate spCertificate() {
-
 		return certificate(
 				"-----BEGIN CERTIFICATE-----\n" + "MIICgTCCAeoCCQCuVzyqFgMSyDANBgkqhkiG9w0BAQsFADCBhDELMAkGA1UEBhMC\n"
 						+ "VVMxEzARBgNVBAgMCldhc2hpbmd0b24xEjAQBgNVBAcMCVZhbmNvdXZlcjEdMBsG\n"
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/credentials/TestSaml2X509Credentials.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/credentials/TestSaml2X509Credentials.java
index e4991ef64b..87c8c2a57d 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/credentials/TestSaml2X509Credentials.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/credentials/TestSaml2X509Credentials.java
@@ -135,7 +135,6 @@ public final class TestSaml2X509Credentials {
 	}
 
 	private static X509Certificate spCertificate() {
-
 		return certificate(
 				"-----BEGIN CERTIFICATE-----\n" + "MIICgTCCAeoCCQCuVzyqFgMSyDANBgkqhkiG9w0BAQsFADCBhDELMAkGA1UEBhMC\n"
 						+ "VVMxEzARBgNVBAgMCldhc2hpbmd0b24xEjAQBgNVBAcMCVZhbmNvdXZlcjEdMBsG\n"
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/DefaultSaml2AuthenticatedPrincipalTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/DefaultSaml2AuthenticatedPrincipalTests.java
index 73d1bee9db..8cd0297599 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/DefaultSaml2AuthenticatedPrincipalTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/DefaultSaml2AuthenticatedPrincipalTests.java
@@ -73,14 +73,10 @@ public class DefaultSaml2AuthenticatedPrincipalTests {
 	public void getAttributeWhenDistinctValuesThenReturnsValues() {
 		final Boolean registered = true;
 		final Instant registeredDate = Instant.ofEpochMilli(DateTime.parse("1970-01-01T00:00:00Z").getMillis());
-
 		Map<String, List<Object>> attributes = new LinkedHashMap<>();
 		attributes.put("registration", Arrays.asList(registered, registeredDate));
-
 		DefaultSaml2AuthenticatedPrincipal principal = new DefaultSaml2AuthenticatedPrincipal("user", attributes);
-
 		List<Object> registrationInfo = principal.getAttribute("registration");
-
 		assertThat(registrationInfo).isNotNull();
 		assertThat((Boolean) registrationInfo.get(0)).isEqualTo(registered);
 		assertThat((Instant) registrationInfo.get(1)).isEqualTo(registeredDate);
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProviderTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProviderTests.java
index 02a3be00ad..a0095ca7a9 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProviderTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProviderTests.java
@@ -97,7 +97,6 @@ public class OpenSamlAuthenticationProviderTests {
 
 	@Test
 	public void supportsWhenSaml2AuthenticationTokenThenReturnTrue() {
-
 		assertThat(this.provider.supports(Saml2AuthenticationToken.class))
 				.withFailMessage(
 						OpenSamlAuthenticationProvider.class + "should support " + Saml2AuthenticationToken.class)
@@ -114,7 +113,6 @@ public class OpenSamlAuthenticationProviderTests {
 	@Test
 	public void authenticateWhenUnknownDataClassThenThrowAuthenticationException() {
 		this.exception.expect(authenticationMatcher(Saml2ErrorCodes.MALFORMED_RESPONSE_DATA));
-
 		Assertion assertion = (Assertion) XMLObjectProviderRegistrySupport.getBuilderFactory()
 				.getBuilder(Assertion.DEFAULT_ELEMENT_NAME).buildObject(Assertion.DEFAULT_ELEMENT_NAME);
 		this.provider
@@ -124,7 +122,6 @@ public class OpenSamlAuthenticationProviderTests {
 	@Test
 	public void authenticateWhenXmlErrorThenThrowAuthenticationException() {
 		this.exception.expect(authenticationMatcher(Saml2ErrorCodes.MALFORMED_RESPONSE_DATA));
-
 		Saml2AuthenticationToken token = token("invalid xml",
 				TestSaml2X509Credentials.relyingPartyVerifyingCredential());
 		this.provider.authenticate(token);
@@ -133,7 +130,6 @@ public class OpenSamlAuthenticationProviderTests {
 	@Test
 	public void authenticateWhenInvalidDestinationThenThrowAuthenticationException() {
 		this.exception.expect(authenticationMatcher(Saml2ErrorCodes.INVALID_DESTINATION));
-
 		Response response = TestOpenSamlObjects.response(DESTINATION + "invalid", ASSERTING_PARTY_ENTITY_ID);
 		response.getAssertions().add(TestOpenSamlObjects.assertion());
 		TestOpenSamlObjects.signed(response, TestSaml2X509Credentials.assertingPartySigningCredential(),
@@ -146,7 +142,6 @@ public class OpenSamlAuthenticationProviderTests {
 	public void authenticateWhenNoAssertionsPresentThenThrowAuthenticationException() {
 		this.exception.expect(
 				authenticationMatcher(Saml2ErrorCodes.MALFORMED_RESPONSE_DATA, "No assertions found in response."));
-
 		Saml2AuthenticationToken token = token(TestOpenSamlObjects.response(),
 				TestSaml2X509Credentials.assertingPartySigningCredential());
 		this.provider.authenticate(token);
@@ -155,7 +150,6 @@ public class OpenSamlAuthenticationProviderTests {
 	@Test
 	public void authenticateWhenInvalidSignatureOnAssertionThenThrowAuthenticationException() {
 		this.exception.expect(authenticationMatcher(Saml2ErrorCodes.INVALID_SIGNATURE));
-
 		Response response = TestOpenSamlObjects.response();
 		response.getAssertions().add(TestOpenSamlObjects.assertion());
 		Saml2AuthenticationToken token = token(response, TestSaml2X509Credentials.relyingPartyVerifyingCredential());
@@ -165,7 +159,6 @@ public class OpenSamlAuthenticationProviderTests {
 	@Test
 	public void authenticateWhenOpenSAMLValidationErrorThenThrowAuthenticationException() throws Exception {
 		this.exception.expect(authenticationMatcher(Saml2ErrorCodes.INVALID_ASSERTION));
-
 		Response response = TestOpenSamlObjects.response();
 		Assertion assertion = TestOpenSamlObjects.assertion();
 		assertion.getSubject().getSubjectConfirmations().get(0).getSubjectConfirmationData()
@@ -180,7 +173,6 @@ public class OpenSamlAuthenticationProviderTests {
 	@Test
 	public void authenticateWhenMissingSubjectThenThrowAuthenticationException() {
 		this.exception.expect(authenticationMatcher(Saml2ErrorCodes.SUBJECT_NOT_FOUND));
-
 		Response response = TestOpenSamlObjects.response();
 		Assertion assertion = TestOpenSamlObjects.assertion();
 		assertion.setSubject(null);
@@ -194,7 +186,6 @@ public class OpenSamlAuthenticationProviderTests {
 	@Test
 	public void authenticateWhenUsernameMissingThenThrowAuthenticationException() throws Exception {
 		this.exception.expect(authenticationMatcher(Saml2ErrorCodes.SUBJECT_NOT_FOUND));
-
 		Response response = TestOpenSamlObjects.response();
 		Assertion assertion = TestOpenSamlObjects.assertion();
 		assertion.getSubject().getNameID().setValue(null);
@@ -230,7 +221,6 @@ public class OpenSamlAuthenticationProviderTests {
 		Saml2AuthenticationToken token = token(response, TestSaml2X509Credentials.relyingPartyVerifyingCredential());
 		Authentication authentication = this.provider.authenticate(token);
 		Saml2AuthenticatedPrincipal principal = (Saml2AuthenticatedPrincipal) authentication.getPrincipal();
-
 		Map<String, Object> expected = new LinkedHashMap<>();
 		expected.put("email", Arrays.asList("john.doe@example.com", "doe.john@example.com"));
 		expected.put("name", Collections.singletonList("John Doe"));
@@ -239,7 +229,6 @@ public class OpenSamlAuthenticationProviderTests {
 		expected.put("registered", Collections.singletonList(true));
 		Instant registeredDate = Instant.ofEpochMilli(DateTime.parse("1970-01-01T00:00:00Z").getMillis());
 		expected.put("registeredDate", Collections.singletonList(registeredDate));
-
 		assertThat((String) principal.getFirstAttribute("name")).isEqualTo("John Doe");
 		assertThat(principal.getAttributes()).isEqualTo(expected);
 	}
@@ -254,11 +243,9 @@ public class OpenSamlAuthenticationProviderTests {
 				RELYING_PARTY_ENTITY_ID);
 		response.getAssertions().add(assertion);
 		Saml2AuthenticationToken token = token(response, TestSaml2X509Credentials.relyingPartyVerifyingCredential());
-
 		Element attributeElement = element("<element>value</element>");
 		Marshaller marshaller = mock(Marshaller.class);
 		given(marshaller.marshall(any(XMLObject.class))).willReturn(attributeElement);
-
 		try {
 			XMLObjectProviderRegistrySupport.getMarshallerFactory()
 					.registerMarshaller(AttributeValue.DEFAULT_ELEMENT_NAME, marshaller);
@@ -274,7 +261,6 @@ public class OpenSamlAuthenticationProviderTests {
 	@Test
 	public void authenticateWhenEncryptedAssertionWithoutSignatureThenItFails() throws Exception {
 		this.exception.expect(authenticationMatcher(Saml2ErrorCodes.INVALID_SIGNATURE));
-
 		Response response = TestOpenSamlObjects.response();
 		EncryptedAssertion encryptedAssertion = TestOpenSamlObjects.encrypted(TestOpenSamlObjects.assertion(),
 				TestSaml2X509Credentials.assertingPartyEncryptingCredential());
@@ -330,7 +316,6 @@ public class OpenSamlAuthenticationProviderTests {
 	public void authenticateWhenDecryptionKeysAreMissingThenThrowAuthenticationException() throws Exception {
 		this.exception
 				.expect(authenticationMatcher(Saml2ErrorCodes.DECRYPTION_ERROR, "Failed to decrypt EncryptedData"));
-
 		Response response = TestOpenSamlObjects.response();
 		EncryptedAssertion encryptedAssertion = TestOpenSamlObjects.encrypted(TestOpenSamlObjects.assertion(),
 				TestSaml2X509Credentials.assertingPartyEncryptingCredential());
@@ -344,7 +329,6 @@ public class OpenSamlAuthenticationProviderTests {
 	public void authenticateWhenDecryptionKeysAreWrongThenThrowAuthenticationException() throws Exception {
 		this.exception
 				.expect(authenticationMatcher(Saml2ErrorCodes.DECRYPTION_ERROR, "Failed to decrypt EncryptedData"));
-
 		Response response = TestOpenSamlObjects.response();
 		EncryptedAssertion encryptedAssertion = TestOpenSamlObjects.encrypted(TestOpenSamlObjects.assertion(),
 				TestSaml2X509Credentials.assertingPartyEncryptingCredential());
@@ -365,7 +349,6 @@ public class OpenSamlAuthenticationProviderTests {
 		Saml2AuthenticationToken token = token(response, TestSaml2X509Credentials.relyingPartyVerifyingCredential(),
 				TestSaml2X509Credentials.relyingPartyDecryptingCredential());
 		Saml2Authentication authentication = (Saml2Authentication) this.provider.authenticate(token);
-
 		// the following code will throw an exception if authentication isn't serializable
 		ByteArrayOutputStream byteStream = new ByteArrayOutputStream(1024);
 		ObjectOutputStream objectOutputStream = new ObjectOutputStream(byteStream);
@@ -468,7 +451,6 @@ public class OpenSamlAuthenticationProviderTests {
 			public void describeTo(Description desc) {
 				String excepting = "Saml2AuthenticationException[code=" + code + "; description=" + description + "]";
 				desc.appendText(excepting);
-
 			}
 		};
 	}
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationRequestFactoryTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationRequestFactoryTests.java
index 1d17a31016..7884be64e3 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationRequestFactoryTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationRequestFactoryTests.java
@@ -103,7 +103,6 @@ public class OpenSamlAuthenticationRequestFactoryTests {
 
 	@Test
 	public void createRedirectAuthenticationRequestWhenNotSignRequestThenNoSignatureIsPresent() {
-
 		this.context = this.contextBuilder.relayState("Relay State Value")
 				.relyingPartyRegistration(
 						RelyingPartyRegistration.withRelyingPartyRegistration(this.relyingPartyRegistration)
@@ -173,7 +172,6 @@ public class OpenSamlAuthenticationRequestFactoryTests {
 		given(authnRequestConsumerResolver.apply(this.context)).willReturn((authnRequest) -> {
 		});
 		this.factory.setAuthnRequestConsumerResolver(authnRequestConsumerResolver);
-
 		this.factory.createPostAuthenticationRequest(this.context);
 		verify(authnRequestConsumerResolver).apply(this.context);
 	}
@@ -185,7 +183,6 @@ public class OpenSamlAuthenticationRequestFactoryTests {
 		given(authnRequestConsumerResolver.apply(this.context)).willReturn((authnRequest) -> {
 		});
 		this.factory.setAuthnRequestConsumerResolver(authnRequestConsumerResolver);
-
 		this.factory.createRedirectAuthenticationRequest(this.context);
 		verify(authnRequestConsumerResolver).apply(this.context);
 	}
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/TestOpenSamlObjects.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/TestOpenSamlObjects.java
index ac309a7547..4fbd188559 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/TestOpenSamlObjects.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/TestOpenSamlObjects.java
@@ -85,7 +85,6 @@ final class TestOpenSamlObjects {
 	static {
 		OpenSamlInitializationService.initialize();
 	}
-
 	private static String USERNAME = "test@saml.user";
 
 	private static String DESTINATION = "https://localhost/login/saml2/sso/idp-alias";
@@ -128,7 +127,6 @@ final class TestOpenSamlObjects {
 		assertion.setIssuer(issuer(issuerEntityId));
 		assertion.setSubject(subject(username));
 		assertion.setConditions(conditions());
-
 		SubjectConfirmation subjectConfirmation = subjectConfirmation();
 		subjectConfirmation.setMethod(SubjectConfirmation.METHOD_BEARER);
 		SubjectConfirmationData confirmationData = subjectConfirmationData(recipientEntityId);
@@ -146,11 +144,9 @@ final class TestOpenSamlObjects {
 
 	static Subject subject(String principalName) {
 		Subject subject = build(Subject.DEFAULT_ELEMENT_NAME);
-
 		if (principalName != null) {
 			subject.setNameID(nameId(principalName));
 		}
-
 		return subject;
 	}
 
@@ -216,7 +212,6 @@ final class TestOpenSamlObjects {
 		catch (MarshallingException | SignatureException | SecurityException ex) {
 			throw new Saml2Exception(ex);
 		}
-
 		return signable;
 	}
 
@@ -234,7 +229,6 @@ final class TestOpenSamlObjects {
 		catch (MarshallingException | SignatureException | SecurityException ex) {
 			throw new Saml2Exception(ex);
 		}
-
 		return signable;
 	}
 
@@ -287,32 +281,25 @@ final class TestOpenSamlObjects {
 	private static Encrypter getEncrypter(X509Certificate certificate) {
 		String dataAlgorithm = XMLCipherParameters.AES_256;
 		String keyAlgorithm = XMLCipherParameters.RSA_1_5;
-
 		BasicCredential dataCredential = new BasicCredential(SECRET_KEY);
 		DataEncryptionParameters dataEncryptionParameters = new DataEncryptionParameters();
 		dataEncryptionParameters.setEncryptionCredential(dataCredential);
 		dataEncryptionParameters.setAlgorithm(dataAlgorithm);
-
 		Credential credential = CredentialSupport.getSimpleCredential(certificate, null);
 		KeyEncryptionParameters keyEncryptionParameters = new KeyEncryptionParameters();
 		keyEncryptionParameters.setEncryptionCredential(credential);
 		keyEncryptionParameters.setAlgorithm(keyAlgorithm);
-
 		Encrypter encrypter = new Encrypter(dataEncryptionParameters, keyEncryptionParameters);
 		Encrypter.KeyPlacement keyPlacement = Encrypter.KeyPlacement.valueOf("PEER");
 		encrypter.setKeyPlacement(keyPlacement);
-
 		return encrypter;
 	}
 
 	static List<AttributeStatement> attributeStatements() {
 		List<AttributeStatement> attributeStatements = new ArrayList<>();
-
 		AttributeStatementBuilder attributeStatementBuilder = new AttributeStatementBuilder();
 		AttributeBuilder attributeBuilder = new AttributeBuilder();
-
 		AttributeStatement attrStmt1 = attributeStatementBuilder.buildObject();
-
 		Attribute emailAttr = attributeBuilder.buildObject();
 		emailAttr.setName("email");
 		XSAny email1 = new XSAnyBuilder().buildObject(AttributeValue.DEFAULT_ELEMENT_NAME);
@@ -322,32 +309,26 @@ final class TestOpenSamlObjects {
 		email2.setTextContent("doe.john@example.com");
 		emailAttr.getAttributeValues().add(email2);
 		attrStmt1.getAttributes().add(emailAttr);
-
 		Attribute nameAttr = attributeBuilder.buildObject();
 		nameAttr.setName("name");
 		XSString name = new XSStringBuilder().buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSString.TYPE_NAME);
 		name.setValue("John Doe");
 		nameAttr.getAttributeValues().add(name);
 		attrStmt1.getAttributes().add(nameAttr);
-
 		Attribute ageAttr = attributeBuilder.buildObject();
 		ageAttr.setName("age");
 		XSInteger age = new XSIntegerBuilder().buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSInteger.TYPE_NAME);
 		age.setValue(21);
 		ageAttr.getAttributeValues().add(age);
 		attrStmt1.getAttributes().add(ageAttr);
-
 		attributeStatements.add(attrStmt1);
-
 		AttributeStatement attrStmt2 = attributeStatementBuilder.buildObject();
-
 		Attribute websiteAttr = attributeBuilder.buildObject();
 		websiteAttr.setName("website");
 		XSURI uri = new XSURIBuilder().buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSURI.TYPE_NAME);
 		uri.setValue("https://johndoe.com/");
 		websiteAttr.getAttributeValues().add(uri);
 		attrStmt2.getAttributes().add(websiteAttr);
-
 		Attribute registeredAttr = attributeBuilder.buildObject();
 		registeredAttr.setName("registered");
 		XSBoolean registered = new XSBooleanBuilder().buildObject(AttributeValue.DEFAULT_ELEMENT_NAME,
@@ -355,7 +336,6 @@ final class TestOpenSamlObjects {
 		registered.setValue(new XSBooleanValue(true, false));
 		registeredAttr.getAttributeValues().add(registered);
 		attrStmt2.getAttributes().add(registeredAttr);
-
 		Attribute registeredDateAttr = attributeBuilder.buildObject();
 		registeredDateAttr.setName("registeredDate");
 		XSDateTime registeredDate = new XSDateTimeBuilder().buildObject(AttributeValue.DEFAULT_ELEMENT_NAME,
@@ -363,9 +343,7 @@ final class TestOpenSamlObjects {
 		registeredDate.setValue(DateTime.parse("1970-01-01T00:00:00Z"));
 		registeredDateAttr.getAttributeValues().add(registeredDate);
 		attrStmt2.getAttributes().add(registeredDateAttr);
-
 		attributeStatements.add(attrStmt2);
-
 		return attributeStatements;
 	}
 
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/metadata/OpenSamlMetadataResolverTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/metadata/OpenSamlMetadataResolverTests.java
index 3d7344705d..2613e452b3 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/metadata/OpenSamlMetadataResolverTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/metadata/OpenSamlMetadataResolverTests.java
@@ -32,15 +32,10 @@ public class OpenSamlMetadataResolverTests {
 
 	@Test
 	public void resolveWhenRelyingPartyThenMetadataMatches() {
-		// given
 		RelyingPartyRegistration relyingPartyRegistration = TestRelyingPartyRegistrations.full()
 				.assertionConsumerServiceBinding(Saml2MessageBinding.REDIRECT).build();
 		OpenSamlMetadataResolver openSamlMetadataResolver = new OpenSamlMetadataResolver();
-
-		// when
 		String metadata = openSamlMetadataResolver.resolve(relyingPartyRegistration);
-
-		// then
 		assertThat(metadata).contains("<EntityDescriptor").contains("entityID=\"rp-entity-id\"")
 				.contains("WantAssertionsSigned=\"true\"").contains("<md:KeyDescriptor use=\"signing\">")
 				.contains("<md:KeyDescriptor use=\"encryption\">")
@@ -51,17 +46,12 @@ public class OpenSamlMetadataResolverTests {
 
 	@Test
 	public void resolveWhenRelyingPartyNoCredentialsThenMetadataMatches() {
-		// given
 		RelyingPartyRegistration relyingPartyRegistration = TestRelyingPartyRegistrations.noCredentials()
 				.assertingPartyDetails((party) -> party.verificationX509Credentials(
 						(c) -> c.add(TestSaml2X509Credentials.relyingPartyVerifyingCredential())))
 				.build();
 		OpenSamlMetadataResolver openSamlMetadataResolver = new OpenSamlMetadataResolver();
-
-		// when
 		String metadata = openSamlMetadataResolver.resolve(relyingPartyRegistration);
-
-		// then
 		assertThat(metadata).contains("<EntityDescriptor").contains("entityID=\"rp-entity-id\"")
 				.contains("WantAssertionsSigned=\"true\"").doesNotContain("<md:KeyDescriptor use=\"signing\">")
 				.doesNotContain("<md:KeyDescriptor use=\"encryption\">")
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistrationTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistrationTests.java
index 2c6fd22f4d..8f6c444913 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistrationTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistrationTests.java
@@ -80,7 +80,6 @@ public class RelyingPartyRegistrationTests {
 				.assertingPartyDetails((assertingParty) -> assertingParty.entityId("entity-id")
 						.singleSignOnServiceLocation("location"))
 				.credentials((c) -> c.add(TestSaml2X509Credentials.relyingPartyVerifyingCredential())).build();
-
 		assertThat(relyingPartyRegistration.getAssertionConsumerServiceBinding()).isEqualTo(Saml2MessageBinding.POST);
 	}
 
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/TestRelyingPartyRegistrations.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/TestRelyingPartyRegistrations.java
index 4a1b693f49..a0e6aa8a0c 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/TestRelyingPartyRegistrations.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/TestRelyingPartyRegistrations.java
@@ -30,16 +30,13 @@ public final class TestRelyingPartyRegistrations {
 
 	public static RelyingPartyRegistration.Builder relyingPartyRegistration() {
 		String registrationId = "simplesamlphp";
-
 		String rpEntityId = "{baseUrl}/saml2/service-provider-metadata/{registrationId}";
 		Saml2X509Credential signingCredential = TestSaml2X509Credentials.relyingPartySigningCredential();
 		String assertionConsumerServiceLocation = "{baseUrl}"
 				+ Saml2WebSsoAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI;
-
 		String apEntityId = "https://simplesaml-for-spring-saml.cfapps.io/saml2/idp/metadata.php";
 		Saml2X509Credential verificationCertificate = TestSaml2X509Credentials.relyingPartyVerifyingCredential();
 		String singleSignOnServiceLocation = "https://simplesaml-for-spring-saml.cfapps.io/saml2/idp/SSOService.php";
-
 		return RelyingPartyRegistration.withRegistrationId(registrationId).entityId(rpEntityId)
 				.assertionConsumerServiceLocation(assertionConsumerServiceLocation)
 				.credentials((c) -> c.add(signingCredential))
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationFilterTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationFilterTests.java
index c88a00b68b..6ebb014b51 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationFilterTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationFilterTests.java
@@ -82,12 +82,9 @@ public class Saml2WebSsoAuthenticationFilterTests {
 	@Test
 	public void attemptAuthenticationWhenRegistrationIdDoesNotExistThenThrowsException() {
 		given(this.repository.findByRegistrationId("non-existent-id")).willReturn(null);
-
 		this.filter = new Saml2WebSsoAuthenticationFilter(this.repository, "/some/other/path/{registrationId}");
-
 		this.request.setPathInfo("/some/other/path/non-existent-id");
 		this.request.setParameter("SAMLResponse", "response");
-
 		try {
 			this.filter.attemptAuthentication(this.request, this.response);
 			failBecauseExceptionWasNotThrown(Saml2AuthenticationException.class);
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationRequestFilterTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationRequestFilterTests.java
index fa3c2774de..a5eac420d2 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationRequestFilterTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationRequestFilterTests.java
@@ -72,9 +72,7 @@ public class Saml2WebSsoAuthenticationRequestFilterTests {
 		this.request = new MockHttpServletRequest();
 		this.response = new MockHttpServletResponse();
 		this.request.setPathInfo("/saml2/authenticate/registration-id");
-
 		this.filterChain = new MockFilterChain();
-
 		this.rpBuilder = RelyingPartyRegistration.withRegistrationId("registration-id")
 				.providerDetails((c) -> c.entityId("idp-entity-id")).providerDetails((c) -> c.webSsoUrl(IDP_SSO_URL))
 				.assertionConsumerServiceUrlTemplate("template")
@@ -155,7 +153,6 @@ public class Saml2WebSsoAuthenticationRequestFilterTests {
 		given(authenticationRequest.getSamlRequest()).willReturn("saml");
 		given(this.repository.findByRegistrationId("registration-id")).willReturn(relyingParty);
 		given(this.factory.createPostAuthenticationRequest(any())).willReturn(authenticationRequest);
-
 		Saml2WebSsoAuthenticationRequestFilter filter = new Saml2WebSsoAuthenticationRequestFilter(this.repository);
 		filter.setAuthenticationRequestFactory(this.factory);
 		filter.doFilterInternal(this.request, this.response, this.filterChain);
@@ -176,7 +173,6 @@ public class Saml2WebSsoAuthenticationRequestFilterTests {
 		given(this.resolver.resolve(this.request)).willReturn(TestSaml2AuthenticationRequestContexts
 				.authenticationRequestContext().relyingPartyRegistration(relyingParty).build());
 		given(this.factory.createPostAuthenticationRequest(any())).willReturn(authenticationRequest);
-
 		Saml2WebSsoAuthenticationRequestFilter filter = new Saml2WebSsoAuthenticationRequestFilter(this.resolver,
 				this.factory);
 		filter.doFilterInternal(this.request, this.response, this.filterChain);
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/DefaultSaml2AuthenticationRequestContextResolverTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/DefaultSaml2AuthenticationRequestContextResolverTests.java
index dbd7eecadc..f39b50ff4e 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/DefaultSaml2AuthenticationRequestContextResolverTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/DefaultSaml2AuthenticationRequestContextResolverTests.java
@@ -68,7 +68,6 @@ public class DefaultSaml2AuthenticationRequestContextResolverTests {
 	public void resolveWhenRequestAndRelyingPartyNotNullThenCreateSaml2AuthenticationRequestContext() {
 		this.request.addParameter("RelayState", "relay-state");
 		Saml2AuthenticationRequestContext context = this.authenticationRequestContextResolver.resolve(this.request);
-
 		assertThat(context).isNotNull();
 		assertThat(context.getAssertionConsumerServiceUrl()).isEqualTo(RELYING_PARTY_SSO_URL);
 		assertThat(context.getRelayState()).isEqualTo("relay-state");
@@ -82,7 +81,6 @@ public class DefaultSaml2AuthenticationRequestContextResolverTests {
 	public void resolveWhenAssertionConsumerServiceUrlTemplateContainsRegistrationIdThenResolves() {
 		this.relyingPartyBuilder.assertionConsumerServiceLocation("/saml2/authenticate/{registrationId}");
 		Saml2AuthenticationRequestContext context = this.authenticationRequestContextResolver.resolve(this.request);
-
 		assertThat(context.getAssertionConsumerServiceUrl()).isEqualTo("/saml2/authenticate/registration-id");
 	}
 
@@ -90,7 +88,6 @@ public class DefaultSaml2AuthenticationRequestContextResolverTests {
 	public void resolveWhenAssertionConsumerServiceUrlTemplateContainsBaseUrlThenResolves() {
 		this.relyingPartyBuilder.assertionConsumerServiceLocation("{baseUrl}/saml2/authenticate/{registrationId}");
 		Saml2AuthenticationRequestContext context = this.authenticationRequestContextResolver.resolve(this.request);
-
 		assertThat(context.getAssertionConsumerServiceUrl())
 				.isEqualTo("http://localhost/saml2/authenticate/registration-id");
 	}
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilterTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilterTests.java
index 3cb5214a36..602e3dba48 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilterTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilterTests.java
@@ -67,61 +67,39 @@ public class Saml2MetadataFilterTests {
 
 	@Test
 	public void doFilterWhenMatcherSucceedsThenResolverInvoked() throws Exception {
-		// given
 		this.request.setPathInfo("/saml2/service-provider-metadata/registration-id");
-
-		// when
 		this.filter.doFilter(this.request, this.response, this.chain);
-
-		// then
 		verifyNoInteractions(this.chain);
 		verify(this.repository).findByRegistrationId("registration-id");
 	}
 
 	@Test
 	public void doFilterWhenMatcherFailsThenProcessesFilterChain() throws Exception {
-		// given
 		this.request.setPathInfo("/saml2/authenticate/registration-id");
-
-		// when
 		this.filter.doFilter(this.request, this.response, this.chain);
-
-		// then
 		verify(this.chain).doFilter(this.request, this.response);
 	}
 
 	@Test
 	public void doFilterWhenNoRelyingPartyRegistrationThenUnauthorized() throws Exception {
-		// given
 		this.request.setPathInfo("/saml2/service-provider-metadata/invalidRegistration");
 		given(this.repository.findByRegistrationId("invalidRegistration")).willReturn(null);
-
-		// when
 		this.filter.doFilter(this.request, this.response, this.chain);
-
-		// then
 		verifyNoInteractions(this.chain);
 		assertThat(this.response.getStatus()).isEqualTo(401);
 	}
 
 	@Test
 	public void doFilterWhenRelyingPartyRegistrationFoundThenInvokesMetadataResolver() throws Exception {
-		// given
 		this.request.setPathInfo("/saml2/service-provider-metadata/validRegistration");
 		RelyingPartyRegistration validRegistration = TestRelyingPartyRegistrations.noCredentials()
 				.assertingPartyDetails((party) -> party.verificationX509Credentials(
 						(c) -> c.add(TestSaml2X509Credentials.relyingPartyVerifyingCredential())))
 				.build();
-
 		String generatedMetadata = "<xml>test</xml>";
 		given(this.resolver.resolve(validRegistration)).willReturn(generatedMetadata);
-
 		this.filter = new Saml2MetadataFilter((request) -> validRegistration, this.resolver);
-
-		// when
 		this.filter.doFilter(this.request, this.response, this.chain);
-
-		// then
 		verifyNoInteractions(this.chain);
 		assertThat(this.response.getStatus()).isEqualTo(200);
 		assertThat(this.response.getContentAsString()).isEqualTo(generatedMetadata);
@@ -130,14 +108,9 @@ public class Saml2MetadataFilterTests {
 
 	@Test
 	public void doFilterWhenCustomRequestMatcherThenUses() throws Exception {
-		// given
 		this.request.setPathInfo("/path");
 		this.filter.setRequestMatcher(new AntPathRequestMatcher("/path"));
-
-		// when
 		this.filter.doFilter(this.request, this.response, this.chain);
-
-		// then
 		verifyNoInteractions(this.chain);
 		verify(this.repository).findByRegistrationId("path");
 	}
diff --git a/taglibs/src/test/java/org/springframework/security/taglibs/TldTests.java b/taglibs/src/test/java/org/springframework/security/taglibs/TldTests.java
index 038907f71f..37fad7c6c3 100644
--- a/taglibs/src/test/java/org/springframework/security/taglibs/TldTests.java
+++ b/taglibs/src/test/java/org/springframework/security/taglibs/TldTests.java
@@ -32,17 +32,12 @@ public class TldTests {
 	@Test
 	public void testTldVersionIsCorrect() throws Exception {
 		String SPRING_SECURITY_VERSION = "springSecurityVersion";
-
 		String version = System.getProperty(SPRING_SECURITY_VERSION);
-
 		File securityTld = new File("src/main/resources/META-INF/security.tld");
-
 		DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();
 		DocumentBuilder documentBuilder = documentBuilderFactory.newDocumentBuilder();
 		Document document = documentBuilder.parse(securityTld);
-
 		String tlibVersion = document.getElementsByTagName("tlib-version").item(0).getTextContent();
-
 		assertThat(version).startsWith(tlibVersion);
 	}
 
diff --git a/taglibs/src/test/java/org/springframework/security/taglibs/authz/AbstractAuthorizeTagTests.java b/taglibs/src/test/java/org/springframework/security/taglibs/authz/AbstractAuthorizeTagTests.java
index 8e6750d31e..d203c3b017 100644
--- a/taglibs/src/test/java/org/springframework/security/taglibs/authz/AbstractAuthorizeTagTests.java
+++ b/taglibs/src/test/java/org/springframework/security/taglibs/authz/AbstractAuthorizeTagTests.java
@@ -78,9 +78,7 @@ public class AbstractAuthorizeTagTests {
 		WebInvocationPrivilegeEvaluator expected = mock(WebInvocationPrivilegeEvaluator.class);
 		this.tag.setUrl(uri);
 		this.request.setAttribute(WebAttributes.WEB_INVOCATION_PRIVILEGE_EVALUATOR_ATTRIBUTE, expected);
-
 		this.tag.authorizeUsingUrlCheck();
-
 		verify(expected).isAllowed(eq(""), eq(uri), eq("GET"), any());
 	}
 
@@ -93,9 +91,7 @@ public class AbstractAuthorizeTagTests {
 		given(wac.getBeansOfType(WebInvocationPrivilegeEvaluator.class))
 				.willReturn(Collections.singletonMap("wipe", expected));
 		this.servletContext.setAttribute("org.springframework.web.servlet.FrameworkServlet.CONTEXT.dispatcher", wac);
-
 		this.tag.authorizeUsingUrlCheck();
-
 		verify(expected).isAllowed(eq(""), eq(uri), eq("GET"), any());
 	}
 
@@ -109,7 +105,6 @@ public class AbstractAuthorizeTagTests {
 		given(wac.getBeansOfType(SecurityExpressionHandler.class))
 				.willReturn(Collections.<String, SecurityExpressionHandler>singletonMap("wipe", expected));
 		this.servletContext.setAttribute("org.springframework.web.servlet.FrameworkServlet.CONTEXT.dispatcher", wac);
-
 		assertThat(this.tag.authorize()).isTrue();
 	}
 
diff --git a/taglibs/src/test/java/org/springframework/security/taglibs/authz/AccessControlListTagTests.java b/taglibs/src/test/java/org/springframework/security/taglibs/authz/AccessControlListTagTests.java
index cc52e670d1..84d562ddb9 100644
--- a/taglibs/src/test/java/org/springframework/security/taglibs/authz/AccessControlListTagTests.java
+++ b/taglibs/src/test/java/org/springframework/security/taglibs/authz/AccessControlListTagTests.java
@@ -64,13 +64,10 @@ public class AccessControlListTagTests {
 		SecurityContextHolder.getContext().setAuthentication(this.bob);
 		this.tag = new AccessControlListTag();
 		WebApplicationContext ctx = mock(WebApplicationContext.class);
-
 		this.pe = mock(PermissionEvaluator.class);
-
 		Map beanMap = new HashMap();
 		beanMap.put("pe", this.pe);
 		given(ctx.getBeansOfType(PermissionEvaluator.class)).willReturn(beanMap);
-
 		MockServletContext servletCtx = new MockServletContext();
 		servletCtx.setAttribute(WebApplicationContext.ROOT_WEB_APPLICATION_CONTEXT_ATTRIBUTE, ctx);
 		this.pageContext = new MockPageContext(servletCtx, new MockHttpServletRequest(), new MockHttpServletResponse());
@@ -86,13 +83,11 @@ public class AccessControlListTagTests {
 	public void bodyIsEvaluatedIfAclGrantsAccess() throws Exception {
 		Object domainObject = new Object();
 		given(this.pe.hasPermission(this.bob, domainObject, "READ")).willReturn(true);
-
 		this.tag.setDomainObject(domainObject);
 		this.tag.setHasPermission("READ");
 		this.tag.setVar("allowed");
 		assertThat(this.tag.getDomainObject()).isSameAs(domainObject);
 		assertThat(this.tag.getHasPermission()).isEqualTo("READ");
-
 		assertThat(this.tag.doStartTag()).isEqualTo(Tag.EVAL_BODY_INCLUDE);
 		assertThat((Boolean) this.pageContext.getAttribute("allowed")).isTrue();
 	}
@@ -104,16 +99,13 @@ public class AccessControlListTagTests {
 				.getAttribute(WebApplicationContext.ROOT_WEB_APPLICATION_CONTEXT_ATTRIBUTE);
 		servletContext.removeAttribute(WebApplicationContext.ROOT_WEB_APPLICATION_CONTEXT_ATTRIBUTE);
 		servletContext.setAttribute("org.springframework.web.servlet.FrameworkServlet.CONTEXT.dispatcher", wac);
-
 		Object domainObject = new Object();
 		given(this.pe.hasPermission(this.bob, domainObject, "READ")).willReturn(true);
-
 		this.tag.setDomainObject(domainObject);
 		this.tag.setHasPermission("READ");
 		this.tag.setVar("allowed");
 		assertThat(this.tag.getDomainObject()).isSameAs(domainObject);
 		assertThat(this.tag.getHasPermission()).isEqualTo("READ");
-
 		assertThat(this.tag.doStartTag()).isEqualTo(Tag.EVAL_BODY_INCLUDE);
 		assertThat((Boolean) this.pageContext.getAttribute("allowed")).isTrue();
 	}
@@ -124,13 +116,11 @@ public class AccessControlListTagTests {
 		Object domainObject = new Object();
 		given(this.pe.hasPermission(this.bob, domainObject, "READ")).willReturn(true);
 		given(this.pe.hasPermission(this.bob, domainObject, "WRITE")).willReturn(true);
-
 		this.tag.setDomainObject(domainObject);
 		this.tag.setHasPermission("READ,WRITE");
 		this.tag.setVar("allowed");
 		assertThat(this.tag.getDomainObject()).isSameAs(domainObject);
 		assertThat(this.tag.getHasPermission()).isEqualTo("READ,WRITE");
-
 		assertThat(this.tag.doStartTag()).isEqualTo(Tag.EVAL_BODY_INCLUDE);
 		assertThat((Boolean) this.pageContext.getAttribute("allowed")).isTrue();
 		verify(this.pe).hasPermission(this.bob, domainObject, "READ");
@@ -144,13 +134,11 @@ public class AccessControlListTagTests {
 		Object domainObject = new Object();
 		given(this.pe.hasPermission(this.bob, domainObject, 1)).willReturn(true);
 		given(this.pe.hasPermission(this.bob, domainObject, 2)).willReturn(true);
-
 		this.tag.setDomainObject(domainObject);
 		this.tag.setHasPermission("1,2");
 		this.tag.setVar("allowed");
 		assertThat(this.tag.getDomainObject()).isSameAs(domainObject);
 		assertThat(this.tag.getHasPermission()).isEqualTo("1,2");
-
 		assertThat(this.tag.doStartTag()).isEqualTo(Tag.EVAL_BODY_INCLUDE);
 		assertThat((Boolean) this.pageContext.getAttribute("allowed")).isTrue();
 		verify(this.pe).hasPermission(this.bob, domainObject, 1);
@@ -163,13 +151,11 @@ public class AccessControlListTagTests {
 		Object domainObject = new Object();
 		given(this.pe.hasPermission(this.bob, domainObject, 1)).willReturn(true);
 		given(this.pe.hasPermission(this.bob, domainObject, "WRITE")).willReturn(true);
-
 		this.tag.setDomainObject(domainObject);
 		this.tag.setHasPermission("1,WRITE");
 		this.tag.setVar("allowed");
 		assertThat(this.tag.getDomainObject()).isSameAs(domainObject);
 		assertThat(this.tag.getHasPermission()).isEqualTo("1,WRITE");
-
 		assertThat(this.tag.doStartTag()).isEqualTo(Tag.EVAL_BODY_INCLUDE);
 		assertThat((Boolean) this.pageContext.getAttribute("allowed")).isTrue();
 		verify(this.pe).hasPermission(this.bob, domainObject, 1);
@@ -181,11 +167,9 @@ public class AccessControlListTagTests {
 	public void bodyIsSkippedIfAclDeniesAccess() throws Exception {
 		Object domainObject = new Object();
 		given(this.pe.hasPermission(this.bob, domainObject, "READ")).willReturn(false);
-
 		this.tag.setDomainObject(domainObject);
 		this.tag.setHasPermission("READ");
 		this.tag.setVar("allowed");
-
 		assertThat(this.tag.doStartTag()).isEqualTo(Tag.SKIP_BODY);
 		assertThat((Boolean) this.pageContext.getAttribute("allowed")).isFalse();
 	}
diff --git a/taglibs/src/test/java/org/springframework/security/taglibs/authz/AuthenticationTagTests.java b/taglibs/src/test/java/org/springframework/security/taglibs/authz/AuthenticationTagTests.java
index 779d9e340e..555052ff36 100644
--- a/taglibs/src/test/java/org/springframework/security/taglibs/authz/AuthenticationTagTests.java
+++ b/taglibs/src/test/java/org/springframework/security/taglibs/authz/AuthenticationTagTests.java
@@ -52,7 +52,6 @@ public class AuthenticationTagTests {
 	@Test
 	public void testOperationWhenPrincipalIsAUserDetailsInstance() throws JspException {
 		SecurityContextHolder.getContext().setAuthentication(this.auth);
-
 		this.authenticationTag.setProperty("name");
 		assertThat(this.authenticationTag.doStartTag()).isEqualTo(Tag.SKIP_BODY);
 		assertThat(this.authenticationTag.doEndTag()).isEqualTo(Tag.EVAL_PAGE);
@@ -63,7 +62,6 @@ public class AuthenticationTagTests {
 	public void testOperationWhenPrincipalIsAString() throws JspException {
 		SecurityContextHolder.getContext().setAuthentication(
 				new TestingAuthenticationToken("rodAsString", "koala", AuthorityUtils.NO_AUTHORITIES));
-
 		this.authenticationTag.setProperty("principal");
 		assertThat(this.authenticationTag.doStartTag()).isEqualTo(Tag.SKIP_BODY);
 		assertThat(this.authenticationTag.doEndTag()).isEqualTo(Tag.EVAL_PAGE);
@@ -73,7 +71,6 @@ public class AuthenticationTagTests {
 	@Test
 	public void testNestedPropertyIsReadCorrectly() throws JspException {
 		SecurityContextHolder.getContext().setAuthentication(this.auth);
-
 		this.authenticationTag.setProperty("principal.username");
 		assertThat(this.authenticationTag.doStartTag()).isEqualTo(Tag.SKIP_BODY);
 		assertThat(this.authenticationTag.doEndTag()).isEqualTo(Tag.EVAL_PAGE);
@@ -84,7 +81,6 @@ public class AuthenticationTagTests {
 	public void testOperationWhenPrincipalIsNull() throws JspException {
 		SecurityContextHolder.getContext()
 				.setAuthentication(new TestingAuthenticationToken(null, "koala", AuthorityUtils.NO_AUTHORITIES));
-
 		this.authenticationTag.setProperty("principal");
 		assertThat(this.authenticationTag.doStartTag()).isEqualTo(Tag.SKIP_BODY);
 		assertThat(this.authenticationTag.doEndTag()).isEqualTo(Tag.EVAL_PAGE);
@@ -93,7 +89,6 @@ public class AuthenticationTagTests {
 	@Test
 	public void testOperationWhenSecurityContextIsNull() throws Exception {
 		SecurityContextHolder.getContext().setAuthentication(null);
-
 		this.authenticationTag.setProperty("principal");
 		assertThat(this.authenticationTag.doStartTag()).isEqualTo(Tag.SKIP_BODY);
 		assertThat(this.authenticationTag.doEndTag()).isEqualTo(Tag.EVAL_PAGE);
@@ -111,7 +106,6 @@ public class AuthenticationTagTests {
 	public void testThrowsExceptionForUnrecognisedProperty() {
 		SecurityContextHolder.getContext().setAuthentication(this.auth);
 		this.authenticationTag.setProperty("qsq");
-
 		try {
 			this.authenticationTag.doStartTag();
 			this.authenticationTag.doEndTag();
diff --git a/taglibs/src/test/java/org/springframework/security/taglibs/authz/AuthorizeTagTests.java b/taglibs/src/test/java/org/springframework/security/taglibs/authz/AuthorizeTagTests.java
index 7f7f54ee36..5111ff448b 100644
--- a/taglibs/src/test/java/org/springframework/security/taglibs/authz/AuthorizeTagTests.java
+++ b/taglibs/src/test/java/org/springframework/security/taglibs/authz/AuthorizeTagTests.java
@@ -66,11 +66,9 @@ public class AuthorizeTagTests {
 	public void setUp() {
 		SecurityContextHolder.getContext().setAuthentication(this.currentUser);
 		StaticWebApplicationContext ctx = new StaticWebApplicationContext();
-
 		BeanDefinitionBuilder webExpressionHandler = BeanDefinitionBuilder
 				.rootBeanDefinition(DefaultWebSecurityExpressionHandler.class);
 		webExpressionHandler.addPropertyValue("permissionEvaluator", this.permissionEvaluator);
-
 		ctx.registerBeanDefinition("expressionHandler", webExpressionHandler.getBeanDefinition());
 		ctx.registerSingleton("wipe", MockWebInvocationPrivilegeEvaluator.class);
 		MockServletContext servletCtx = new MockServletContext();
@@ -85,14 +83,12 @@ public class AuthorizeTagTests {
 	}
 
 	// access attribute tests
-
 	@Test
 	public void taglibsDocumentationHasPermissionOr() throws Exception {
 		Object domain = new Object();
 		this.request.setAttribute("domain", domain);
 		this.authorizeTag.setAccess("hasPermission(#domain,'read') or hasPermission(#domain,'write')");
 		given(this.permissionEvaluator.hasPermission(eq(this.currentUser), eq(domain), anyString())).willReturn(true);
-
 		assertThat(this.authorizeTag.doStartTag()).isEqualTo(Tag.EVAL_BODY_INCLUDE);
 	}
 
diff --git a/taglibs/src/test/java/org/springframework/security/taglibs/csrf/AbstractCsrfTagTests.java b/taglibs/src/test/java/org/springframework/security/taglibs/csrf/AbstractCsrfTagTests.java
index ecc26b9987..51727e71dd 100644
--- a/taglibs/src/test/java/org/springframework/security/taglibs/csrf/AbstractCsrfTagTests.java
+++ b/taglibs/src/test/java/org/springframework/security/taglibs/csrf/AbstractCsrfTagTests.java
@@ -56,11 +56,8 @@ public class AbstractCsrfTagTests {
 
 	@Test
 	public void noCsrfDoesNotRender() throws JspException, UnsupportedEncodingException {
-
 		this.tag.handleReturn = "shouldNotBeRendered";
-
 		int returned = this.tag.doEndTag();
-
 		assertThat(returned).as("The returned value is not correct.").isEqualTo(Tag.EVAL_PAGE);
 		assertThat(this.response.getContentAsString()).withFailMessage("The output value is not correct.")
 				.isEqualTo("");
@@ -68,14 +65,10 @@ public class AbstractCsrfTagTests {
 
 	@Test
 	public void hasCsrfRendersReturnedValue() throws JspException, UnsupportedEncodingException {
-
 		CsrfToken token = new DefaultCsrfToken("X-Csrf-Token", "_csrf", "abc123def456ghi789");
 		this.request.setAttribute(CsrfToken.class.getName(), token);
-
 		this.tag.handleReturn = "fooBarBazQux";
-
 		int returned = this.tag.doEndTag();
-
 		assertThat(returned).as("The returned value is not correct.").isEqualTo(Tag.EVAL_PAGE);
 		assertThat(this.response.getContentAsString()).withFailMessage("The output value is not correct.")
 				.isEqualTo("fooBarBazQux");
@@ -84,14 +77,10 @@ public class AbstractCsrfTagTests {
 
 	@Test
 	public void hasCsrfRendersDifferentValue() throws JspException, UnsupportedEncodingException {
-
 		CsrfToken token = new DefaultCsrfToken("X-Csrf-Token", "_csrf", "abc123def456ghi789");
 		this.request.setAttribute(CsrfToken.class.getName(), token);
-
 		this.tag.handleReturn = "<input type=\"hidden\" />";
-
 		int returned = this.tag.doEndTag();
-
 		assertThat(returned).as("The returned value is not correct.").isEqualTo(Tag.EVAL_PAGE);
 		assertThat(this.response.getContentAsString()).withFailMessage("The output value is not correct.")
 				.isEqualTo("<input type=\"hidden\" />");
diff --git a/taglibs/src/test/java/org/springframework/security/taglibs/csrf/CsrfInputTagTests.java b/taglibs/src/test/java/org/springframework/security/taglibs/csrf/CsrfInputTagTests.java
index ff28f7631a..aa9b84251a 100644
--- a/taglibs/src/test/java/org/springframework/security/taglibs/csrf/CsrfInputTagTests.java
+++ b/taglibs/src/test/java/org/springframework/security/taglibs/csrf/CsrfInputTagTests.java
@@ -39,9 +39,7 @@ public class CsrfInputTagTests {
 	@Test
 	public void handleTokenReturnsHiddenInput() {
 		CsrfToken token = new DefaultCsrfToken("X-Csrf-Token", "_csrf", "abc123def456ghi789");
-
 		String value = this.tag.handleToken(token);
-
 		assertThat(value).as("The returned value should not be null.").isNotNull();
 		assertThat(value).withFailMessage("The output is not correct.")
 				.isEqualTo("<input type=\"hidden\" name=\"_csrf\" value=\"abc123def456ghi789\" />");
@@ -50,9 +48,7 @@ public class CsrfInputTagTests {
 	@Test
 	public void handleTokenReturnsHiddenInputDifferentTokenValue() {
 		CsrfToken token = new DefaultCsrfToken("X-Csrf-Token", "csrfParameter", "fooBarBazQux");
-
 		String value = this.tag.handleToken(token);
-
 		assertThat(value).as("The returned value should not be null.").isNotNull();
 		assertThat(value).withFailMessage("The output is not correct.")
 				.isEqualTo("<input type=\"hidden\" name=\"csrfParameter\" value=\"fooBarBazQux\" />");
diff --git a/taglibs/src/test/java/org/springframework/security/taglibs/csrf/CsrfMetaTagsTagTests.java b/taglibs/src/test/java/org/springframework/security/taglibs/csrf/CsrfMetaTagsTagTests.java
index bc19a1dc98..6e07a33e72 100644
--- a/taglibs/src/test/java/org/springframework/security/taglibs/csrf/CsrfMetaTagsTagTests.java
+++ b/taglibs/src/test/java/org/springframework/security/taglibs/csrf/CsrfMetaTagsTagTests.java
@@ -39,9 +39,7 @@ public class CsrfMetaTagsTagTests {
 	@Test
 	public void handleTokenRendersTags() {
 		CsrfToken token = new DefaultCsrfToken("X-Csrf-Token", "_csrf", "abc123def456ghi789");
-
 		String value = this.tag.handleToken(token);
-
 		assertThat(value).as("The returned value should not be null.").isNotNull();
 		assertThat(value).withFailMessage("The output is not correct.")
 				.isEqualTo("<meta name=\"_csrf_parameter\" content=\"_csrf\" />"
@@ -52,9 +50,7 @@ public class CsrfMetaTagsTagTests {
 	@Test
 	public void handleTokenRendersTagsDifferentToken() {
 		CsrfToken token = new DefaultCsrfToken("csrfHeader", "csrfParameter", "fooBarBazQux");
-
 		String value = this.tag.handleToken(token);
-
 		assertThat(value).as("The returned value should not be null.").isNotNull();
 		assertThat(value).withFailMessage("The output is not correct.")
 				.isEqualTo("<meta name=\"_csrf_parameter\" content=\"csrfParameter\" />"
diff --git a/test/src/test/java/org/springframework/security/test/context/TestSecurityContextHolderTests.java b/test/src/test/java/org/springframework/security/test/context/TestSecurityContextHolderTests.java
index 580ae98979..28362616aa 100644
--- a/test/src/test/java/org/springframework/security/test/context/TestSecurityContextHolderTests.java
+++ b/test/src/test/java/org/springframework/security/test/context/TestSecurityContextHolderTests.java
@@ -45,9 +45,7 @@ public class TestSecurityContextHolderTests {
 	public void clearContextClearsBoth() {
 		SecurityContextHolder.setContext(this.context);
 		TestSecurityContextHolder.setContext(this.context);
-
 		TestSecurityContextHolder.clearContext();
-
 		assertThat(SecurityContextHolder.getContext()).isNotSameAs(this.context);
 		assertThat(TestSecurityContextHolder.getContext()).isNotSameAs(this.context);
 	}
@@ -61,7 +59,6 @@ public class TestSecurityContextHolderTests {
 	@Test
 	public void setContextSetsBoth() {
 		TestSecurityContextHolder.setContext(this.context);
-
 		assertThat(TestSecurityContextHolder.getContext()).isSameAs(this.context);
 		assertThat(SecurityContextHolder.getContext()).isSameAs(this.context);
 	}
@@ -69,9 +66,7 @@ public class TestSecurityContextHolderTests {
 	@Test
 	public void setContextWithAuthentication() {
 		Authentication authentication = mock(Authentication.class);
-
 		TestSecurityContextHolder.setAuthentication(authentication);
-
 		assertThat(TestSecurityContextHolder.getContext().getAuthentication()).isSameAs(authentication);
 	}
 
diff --git a/test/src/test/java/org/springframework/security/test/context/annotation/SecurityTestExecutionListenerTests.java b/test/src/test/java/org/springframework/security/test/context/annotation/SecurityTestExecutionListenerTests.java
index ee400999be..5bd5b512b8 100644
--- a/test/src/test/java/org/springframework/security/test/context/annotation/SecurityTestExecutionListenerTests.java
+++ b/test/src/test/java/org/springframework/security/test/context/annotation/SecurityTestExecutionListenerTests.java
@@ -46,7 +46,6 @@ public class SecurityTestExecutionListenerTests {
 	public void reactorContextTestSecurityContextHolderExecutionListenerTestIsRegistered() {
 		Mono<String> name = ReactiveSecurityContextHolder.getContext().map(SecurityContext::getAuthentication)
 				.map(Principal::getName);
-
 		StepVerifier.create(name).expectNext("user").verifyComplete();
 	}
 
diff --git a/test/src/test/java/org/springframework/security/test/context/showcase/WithMockCustomUserSecurityContextFactory.java b/test/src/test/java/org/springframework/security/test/context/showcase/WithMockCustomUserSecurityContextFactory.java
index b3c8737b4c..d174584cb1 100644
--- a/test/src/test/java/org/springframework/security/test/context/showcase/WithMockCustomUserSecurityContextFactory.java
+++ b/test/src/test/java/org/springframework/security/test/context/showcase/WithMockCustomUserSecurityContextFactory.java
@@ -30,7 +30,6 @@ public class WithMockCustomUserSecurityContextFactory implements WithSecurityCon
 	@Override
 	public SecurityContext createSecurityContext(WithMockCustomUser customUser) {
 		SecurityContext context = SecurityContextHolder.createEmptyContext();
-
 		CustomUserDetails principal = new CustomUserDetails(customUser.name(), customUser.username());
 		Authentication auth = new UsernamePasswordAuthenticationToken(principal, "password",
 				principal.getAuthorities());
diff --git a/test/src/test/java/org/springframework/security/test/context/showcase/WithMockUserTests.java b/test/src/test/java/org/springframework/security/test/context/showcase/WithMockUserTests.java
index f4655f8718..b14a95a33f 100644
--- a/test/src/test/java/org/springframework/security/test/context/showcase/WithMockUserTests.java
+++ b/test/src/test/java/org/springframework/security/test/context/showcase/WithMockUserTests.java
@@ -35,7 +35,6 @@ import static org.assertj.core.api.Assertions.assertThat;
 /**
  * @author Rob Winch
  */
-
 @RunWith(SpringJUnit4ClassRunner.class)
 @ContextConfiguration(classes = WithMockUserTests.Config.class)
 public class WithMockUserTests {
diff --git a/test/src/test/java/org/springframework/security/test/context/showcase/WithUserDetailsTests.java b/test/src/test/java/org/springframework/security/test/context/showcase/WithUserDetailsTests.java
index d279434416..cfd2a040c7 100644
--- a/test/src/test/java/org/springframework/security/test/context/showcase/WithUserDetailsTests.java
+++ b/test/src/test/java/org/springframework/security/test/context/showcase/WithUserDetailsTests.java
@@ -40,7 +40,6 @@ import static org.assertj.core.api.Assertions.assertThat;
 /**
  * @author Rob Winch
  */
-
 @RunWith(SpringJUnit4ClassRunner.class)
 @ContextConfiguration(classes = WithUserDetailsTests.Config.class)
 public class WithUserDetailsTests {
diff --git a/test/src/test/java/org/springframework/security/test/context/support/ReactorContextTestExecutionListenerTests.java b/test/src/test/java/org/springframework/security/test/context/support/ReactorContextTestExecutionListenerTests.java
index cb5f960882..b9e88381ad 100644
--- a/test/src/test/java/org/springframework/security/test/context/support/ReactorContextTestExecutionListenerTests.java
+++ b/test/src/test/java/org/springframework/security/test/context/support/ReactorContextTestExecutionListenerTests.java
@@ -20,7 +20,6 @@ package org.springframework.security.test.context.support;
  * @author Rob Winch
  * @since 5.0
  */
-
 import java.util.concurrent.ForkJoinPool;
 
 import org.junit.After;
@@ -60,20 +59,15 @@ public class ReactorContextTestExecutionListenerTests {
 	@Test
 	public void beforeTestMethodWhenSecurityContextEmptyThenReactorContextNull() throws Exception {
 		this.listener.beforeTestMethod(this.testContext);
-
 		Mono<?> result = ReactiveSecurityContextHolder.getContext();
-
 		StepVerifier.create(result).verifyComplete();
 	}
 
 	@Test
 	public void beforeTestMethodWhenNullAuthenticationThenReactorContextNull() throws Exception {
 		TestSecurityContextHolder.setContext(new SecurityContextImpl());
-
 		this.listener.beforeTestMethod(this.testContext);
-
 		Mono<?> result = ReactiveSecurityContextHolder.getContext();
-
 		StepVerifier.create(result).verifyComplete();
 	}
 
@@ -82,9 +76,7 @@ public class ReactorContextTestExecutionListenerTests {
 		TestingAuthenticationToken expectedAuthentication = new TestingAuthenticationToken("user", "password",
 				"ROLE_USER");
 		TestSecurityContextHolder.setAuthentication(expectedAuthentication);
-
 		this.listener.beforeTestMethod(this.testContext);
-
 		assertAuthentication(expectedAuthentication);
 	}
 
@@ -94,9 +86,7 @@ public class ReactorContextTestExecutionListenerTests {
 				"ROLE_USER");
 		SecurityContext context = new CustomContext(expectedAuthentication);
 		TestSecurityContextHolder.setContext(context);
-
 		this.listener.beforeTestMethod(this.testContext);
-
 		assertSecurityContext(context);
 	}
 
@@ -108,13 +98,10 @@ public class ReactorContextTestExecutionListenerTests {
 		TestingAuthenticationToken contextHolder = new TestingAuthenticationToken("contextHolder", "password",
 				"ROLE_USER");
 		TestSecurityContextHolder.setAuthentication(contextHolder);
-
 		this.listener.beforeTestMethod(this.testContext);
-
 		Mono<Authentication> authentication = Mono.just("any")
 				.flatMap((s) -> ReactiveSecurityContextHolder.getContext().map(SecurityContext::getAuthentication))
 				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(expectedAuthentication));
-
 		StepVerifier.create(authentication).expectNext(expectedAuthentication).verifyComplete();
 	}
 
@@ -125,39 +112,31 @@ public class ReactorContextTestExecutionListenerTests {
 		TestingAuthenticationToken contextHolder = new TestingAuthenticationToken("contextHolder", "password",
 				"ROLE_USER");
 		TestSecurityContextHolder.setAuthentication(contextHolder);
-
 		this.listener.beforeTestMethod(this.testContext);
-
 		Mono<Authentication> authentication = Mono.just("any")
 				.flatMap((s) -> ReactiveSecurityContextHolder.getContext().map(SecurityContext::getAuthentication))
 				.subscriberContext(ReactiveSecurityContextHolder.clearContext());
-
 		StepVerifier.create(authentication).verifyComplete();
 	}
 
 	@Test
 	public void afterTestMethodWhenSecurityContextEmptyThenNoError() throws Exception {
 		this.listener.beforeTestMethod(this.testContext);
-
 		this.listener.afterTestMethod(this.testContext);
 	}
 
 	@Test
 	public void afterTestMethodWhenSetupThenReactorContextNull() throws Exception {
 		beforeTestMethodWhenAuthenticationThenReactorContextHasAuthentication();
-
 		this.listener.afterTestMethod(this.testContext);
-
 		assertThat(Mono.subscriberContext().block().isEmpty()).isTrue();
 	}
 
 	@Test
 	public void afterTestMethodWhenDifferentHookIsRegistered() throws Exception {
 		Object obj = new Object();
-
 		Hooks.onLastOperator("CUSTOM_HOOK", (p) -> Mono.just(obj));
 		this.listener.afterTestMethod(this.testContext);
-
 		Object result = Mono.subscriberContext().block();
 		assertThat(result).isEqualTo(obj);
 	}
@@ -176,22 +155,18 @@ public class ReactorContextTestExecutionListenerTests {
 		TestingAuthenticationToken contextHolder = new TestingAuthenticationToken("contextHolder", "password",
 				"ROLE_USER");
 		TestSecurityContextHolder.setAuthentication(contextHolder);
-
 		this.listener.beforeTestMethod(this.testContext);
-
 		ForkJoinPool.commonPool().submit(() -> assertAuthentication(contextHolder)).join();
 	}
 
 	public void assertAuthentication(Authentication expected) {
 		Mono<Authentication> authentication = ReactiveSecurityContextHolder.getContext()
 				.map(SecurityContext::getAuthentication);
-
 		StepVerifier.create(authentication).expectNext(expected).verifyComplete();
 	}
 
 	private void assertSecurityContext(SecurityContext expected) {
 		Mono<SecurityContext> securityContext = ReactiveSecurityContextHolder.getContext();
-
 		StepVerifier.create(securityContext).expectNext(expected).verifyComplete();
 	}
 
diff --git a/test/src/test/java/org/springframework/security/test/context/support/WithAnonymousUserTests.java b/test/src/test/java/org/springframework/security/test/context/support/WithAnonymousUserTests.java
index 451d0be461..94780c93db 100644
--- a/test/src/test/java/org/springframework/security/test/context/support/WithAnonymousUserTests.java
+++ b/test/src/test/java/org/springframework/security/test/context/support/WithAnonymousUserTests.java
@@ -32,7 +32,6 @@ public class WithAnonymousUserTests {
 	public void defaults() {
 		WithSecurityContext context = AnnotatedElementUtils.findMergedAnnotation(Annotated.class,
 				WithSecurityContext.class);
-
 		assertThat(context.setupBefore()).isEqualTo(TestExecutionEvent.TEST_METHOD);
 	}
 
@@ -40,7 +39,6 @@ public class WithAnonymousUserTests {
 	public void findMergedAnnotationWhenSetupExplicitThenOverridden() {
 		WithSecurityContext context = AnnotatedElementUtils.findMergedAnnotation(SetupExplicit.class,
 				WithSecurityContext.class);
-
 		assertThat(context.setupBefore()).isEqualTo(TestExecutionEvent.TEST_METHOD);
 	}
 
@@ -48,7 +46,6 @@ public class WithAnonymousUserTests {
 	public void findMergedAnnotationWhenSetupOverriddenThenOverridden() {
 		WithSecurityContext context = AnnotatedElementUtils.findMergedAnnotation(SetupOverridden.class,
 				WithSecurityContext.class);
-
 		assertThat(context.setupBefore()).isEqualTo(TestExecutionEvent.TEST_EXECUTION);
 	}
 
diff --git a/test/src/test/java/org/springframework/security/test/context/support/WithMockUserSecurityContextFactoryTests.java b/test/src/test/java/org/springframework/security/test/context/support/WithMockUserSecurityContextFactoryTests.java
index d1750ba6ca..56b90ca9fe 100644
--- a/test/src/test/java/org/springframework/security/test/context/support/WithMockUserSecurityContextFactoryTests.java
+++ b/test/src/test/java/org/springframework/security/test/context/support/WithMockUserSecurityContextFactoryTests.java
@@ -49,7 +49,6 @@ public class WithMockUserSecurityContextFactoryTests {
 		given(this.withUser.password()).willReturn("password");
 		given(this.withUser.roles()).willReturn(new String[] { "USER" });
 		given(this.withUser.authorities()).willReturn(new String[] {});
-
 		assertThat(this.factory.createSecurityContext(this.withUser).getAuthentication().getName())
 				.isEqualTo(this.withUser.value());
 	}
@@ -60,7 +59,6 @@ public class WithMockUserSecurityContextFactoryTests {
 		given(this.withUser.password()).willReturn("password");
 		given(this.withUser.roles()).willReturn(new String[] { "USER" });
 		given(this.withUser.authorities()).willReturn(new String[] {});
-
 		assertThat(this.factory.createSecurityContext(this.withUser).getAuthentication().getName())
 				.isEqualTo(this.withUser.username());
 	}
@@ -71,7 +69,6 @@ public class WithMockUserSecurityContextFactoryTests {
 		given(this.withUser.password()).willReturn("password");
 		given(this.withUser.roles()).willReturn(new String[] { "USER", "CUSTOM" });
 		given(this.withUser.authorities()).willReturn(new String[] {});
-
 		assertThat(this.factory.createSecurityContext(this.withUser).getAuthentication().getAuthorities())
 				.extracting("authority").containsOnly("ROLE_USER", "ROLE_CUSTOM");
 	}
@@ -82,7 +79,6 @@ public class WithMockUserSecurityContextFactoryTests {
 		given(this.withUser.password()).willReturn("password");
 		given(this.withUser.roles()).willReturn(new String[] { "USER" });
 		given(this.withUser.authorities()).willReturn(new String[] { "USER", "CUSTOM" });
-
 		assertThat(this.factory.createSecurityContext(this.withUser).getAuthentication().getAuthorities())
 				.extracting("authority").containsOnly("USER", "CUSTOM");
 	}
@@ -92,7 +88,6 @@ public class WithMockUserSecurityContextFactoryTests {
 		given(this.withUser.value()).willReturn("valueUser");
 		given(this.withUser.roles()).willReturn(new String[] { "CUSTOM" });
 		given(this.withUser.authorities()).willReturn(new String[] { "USER", "CUSTOM" });
-
 		this.factory.createSecurityContext(this.withUser);
 	}
 
@@ -101,7 +96,6 @@ public class WithMockUserSecurityContextFactoryTests {
 		given(this.withUser.value()).willReturn("valueUser");
 		given(this.withUser.roles()).willReturn(new String[] { "ROLE_FAIL" });
 		given(this.withUser.authorities()).willReturn(new String[] {});
-
 		this.factory.createSecurityContext(this.withUser);
 	}
 
diff --git a/test/src/test/java/org/springframework/security/test/context/support/WithMockUserTests.java b/test/src/test/java/org/springframework/security/test/context/support/WithMockUserTests.java
index b64c85ef7a..763cfdf9b2 100644
--- a/test/src/test/java/org/springframework/security/test/context/support/WithMockUserTests.java
+++ b/test/src/test/java/org/springframework/security/test/context/support/WithMockUserTests.java
@@ -32,10 +32,8 @@ public class WithMockUserTests {
 		assertThat(mockUser.password()).isEqualTo("password");
 		assertThat(mockUser.roles()).containsOnly("USER");
 		assertThat(mockUser.setupBefore()).isEqualByComparingTo(TestExecutionEvent.TEST_METHOD);
-
 		WithSecurityContext context = AnnotatedElementUtils.findMergedAnnotation(Annotated.class,
 				WithSecurityContext.class);
-
 		assertThat(context.setupBefore()).isEqualTo(TestExecutionEvent.TEST_METHOD);
 	}
 
@@ -43,7 +41,6 @@ public class WithMockUserTests {
 	public void findMergedAnnotationWhenSetupExplicitThenOverridden() {
 		WithSecurityContext context = AnnotatedElementUtils.findMergedAnnotation(SetupExplicit.class,
 				WithSecurityContext.class);
-
 		assertThat(context.setupBefore()).isEqualTo(TestExecutionEvent.TEST_METHOD);
 	}
 
@@ -51,7 +48,6 @@ public class WithMockUserTests {
 	public void findMergedAnnotationWhenSetupOverriddenThenOverridden() {
 		WithSecurityContext context = AnnotatedElementUtils.findMergedAnnotation(SetupOverridden.class,
 				WithSecurityContext.class);
-
 		assertThat(context.setupBefore()).isEqualTo(TestExecutionEvent.TEST_EXECUTION);
 	}
 
diff --git a/test/src/test/java/org/springframework/security/test/context/support/WithSecurityContextTestExcecutionListenerTests.java b/test/src/test/java/org/springframework/security/test/context/support/WithSecurityContextTestExcecutionListenerTests.java
index 975b8b1ba2..e4849015f3 100644
--- a/test/src/test/java/org/springframework/security/test/context/support/WithSecurityContextTestExcecutionListenerTests.java
+++ b/test/src/test/java/org/springframework/security/test/context/support/WithSecurityContextTestExcecutionListenerTests.java
@@ -79,7 +79,6 @@ public class WithSecurityContextTestExcecutionListenerTests {
 		Class testClass = FakeTest.class;
 		given(this.testContext.getTestClass()).willReturn(testClass);
 		given(this.testContext.getTestMethod()).willReturn(ReflectionUtils.findMethod(testClass, "testNoAnnotation"));
-
 		this.listener.beforeTestMethod(this.testContext);
 	}
 
@@ -89,9 +88,7 @@ public class WithSecurityContextTestExcecutionListenerTests {
 		Class testClass = FakeTest.class;
 		given(this.testContext.getApplicationContext()).willThrow(new IllegalStateException());
 		given(this.testContext.getTestMethod()).willReturn(ReflectionUtils.findMethod(testClass, "testWithMockUser"));
-
 		this.listener.beforeTestMethod(this.testContext);
-
 		assertThat(TestSecurityContextHolder.getContext().getAuthentication().getName()).isEqualTo("user");
 	}
 
@@ -100,11 +97,8 @@ public class WithSecurityContextTestExcecutionListenerTests {
 	public void withSecurityContextAfterSqlScripts() {
 		SqlScriptsTestExecutionListener sql = new SqlScriptsTestExecutionListener();
 		WithSecurityContextTestExecutionListener security = new WithSecurityContextTestExecutionListener();
-
 		List<TestExecutionListener> listeners = Arrays.asList(security, sql);
-
 		AnnotationAwareOrderComparator.sort(listeners);
-
 		assertThat(listeners).containsExactly(sql, security);
 	}
 
@@ -113,13 +107,10 @@ public class WithSecurityContextTestExcecutionListenerTests {
 	public void orderOverridden() {
 		AbstractTestExecutionListener otherListener = new AbstractTestExecutionListener() {
 		};
-
 		List<TestExecutionListener> listeners = new ArrayList<>();
 		listeners.add(otherListener);
 		listeners.add(this.listener);
-
 		AnnotationAwareOrderComparator.sort(listeners);
-
 		assertThat(listeners).containsSequence(this.listener, otherListener);
 	}
 
@@ -131,9 +122,7 @@ public class WithSecurityContextTestExcecutionListenerTests {
 		TestContext testContext = mock(TestContext.class);
 		given(testContext.getTestMethod()).willReturn(method);
 		given(testContext.getApplicationContext()).willThrow(new IllegalStateException(""));
-
 		this.listener.beforeTestMethod(testContext);
-
 		assertThat(SecurityContextHolder.getContext().getAuthentication().getPrincipal())
 				.isInstanceOf(WithSuperClassWithSecurityContext.class);
 	}
diff --git a/test/src/test/java/org/springframework/security/test/context/support/WithSecurityContextTestExecutionListenerTests.java b/test/src/test/java/org/springframework/security/test/context/support/WithSecurityContextTestExecutionListenerTests.java
index 10bc6fd566..64186a5b96 100644
--- a/test/src/test/java/org/springframework/security/test/context/support/WithSecurityContextTestExecutionListenerTests.java
+++ b/test/src/test/java/org/springframework/security/test/context/support/WithSecurityContextTestExecutionListenerTests.java
@@ -80,9 +80,7 @@ public class WithSecurityContextTestExecutionListenerTests {
 		Method testMethod = TheTest.class.getMethod("withMockUserDefault");
 		given(this.testContext.getApplicationContext()).willReturn(this.applicationContext);
 		given(this.testContext.getTestMethod()).willReturn(testMethod);
-
 		this.listener.beforeTestMethod(this.testContext);
-
 		assertThat(TestSecurityContextHolder.getContext().getAuthentication()).isNotNull();
 		verify(this.testContext, never()).setAttribute(
 				eq(WithSecurityContextTestExecutionListener.SECURITY_CONTEXT_ATTR_NAME), any(SecurityContext.class));
@@ -93,9 +91,7 @@ public class WithSecurityContextTestExecutionListenerTests {
 		Method testMethod = TheTest.class.getMethod("withMockUserTestMethod");
 		given(this.testContext.getApplicationContext()).willReturn(this.applicationContext);
 		given(this.testContext.getTestMethod()).willReturn(testMethod);
-
 		this.listener.beforeTestMethod(this.testContext);
-
 		assertThat(TestSecurityContextHolder.getContext().getAuthentication()).isNotNull();
 		verify(this.testContext, never()).setAttribute(
 				eq(WithSecurityContextTestExecutionListener.SECURITY_CONTEXT_ATTR_NAME), any(SecurityContext.class));
@@ -106,9 +102,7 @@ public class WithSecurityContextTestExecutionListenerTests {
 		Method testMethod = TheTest.class.getMethod("withMockUserTestExecution");
 		given(this.testContext.getApplicationContext()).willReturn(this.applicationContext);
 		given(this.testContext.getTestMethod()).willReturn(testMethod);
-
 		this.listener.beforeTestMethod(this.testContext);
-
 		assertThat(TestSecurityContextHolder.getContext().getAuthentication()).isNull();
 		verify(this.testContext).setAttribute(eq(WithSecurityContextTestExecutionListener.SECURITY_CONTEXT_ATTR_NAME),
 				ArgumentMatchers.<Supplier<SecurityContext>>any());
@@ -120,9 +114,7 @@ public class WithSecurityContextTestExecutionListenerTests {
 		Method testMethod = TheTest.class.getMethod("withMockUserTestExecution");
 		given(this.testContext.getApplicationContext()).willReturn(this.applicationContext);
 		given(this.testContext.getTestMethod()).willReturn(testMethod);
-
 		this.listener.beforeTestMethod(this.testContext);
-
 		ArgumentCaptor<Supplier<SecurityContext>> supplierCaptor = ArgumentCaptor.forClass(Supplier.class);
 		verify(this.testContext).setAttribute(eq(WithSecurityContextTestExecutionListener.SECURITY_CONTEXT_ATTR_NAME),
 				supplierCaptor.capture());
@@ -136,7 +128,6 @@ public class WithSecurityContextTestExecutionListenerTests {
 		given(this.testContext.getApplicationContext()).willReturn(this.applicationContext);
 		// do not set a UserDetailsService Bean so it would fail if looked up
 		given(this.testContext.getTestMethod()).willReturn(testMethod);
-
 		this.listener.beforeTestMethod(this.testContext);
 		// bean lookup of UserDetailsService would fail if it has already been looked up
 	}
@@ -144,7 +135,6 @@ public class WithSecurityContextTestExecutionListenerTests {
 	@Test
 	public void beforeTestExecutionWhenTestContextNullThenSecurityContextNotSet() {
 		this.listener.beforeTestExecution(this.testContext);
-
 		assertThat(TestSecurityContextHolder.getContext().getAuthentication()).isNull();
 	}
 
@@ -155,9 +145,7 @@ public class WithSecurityContextTestExecutionListenerTests {
 		Supplier<SecurityContext> supplier = () -> securityContext;
 		given(this.testContext.removeAttribute(WithSecurityContextTestExecutionListener.SECURITY_CONTEXT_ATTR_NAME))
 				.willReturn(supplier);
-
 		this.listener.beforeTestExecution(this.testContext);
-
 		assertThat(TestSecurityContextHolder.getContext().getAuthentication())
 				.isEqualTo(securityContext.getAuthentication());
 	}
diff --git a/test/src/test/java/org/springframework/security/test/context/support/WithUserDetailsSecurityContextFactoryTests.java b/test/src/test/java/org/springframework/security/test/context/support/WithUserDetailsSecurityContextFactoryTests.java
index 56a4812de6..5a2d710699 100644
--- a/test/src/test/java/org/springframework/security/test/context/support/WithUserDetailsSecurityContextFactoryTests.java
+++ b/test/src/test/java/org/springframework/security/test/context/support/WithUserDetailsSecurityContextFactoryTests.java
@@ -68,7 +68,6 @@ public class WithUserDetailsSecurityContextFactoryTests {
 
 	@Test(expected = IllegalArgumentException.class)
 	public void createSecurityContextEmptyValue() {
-
 		given(this.withUserDetails.value()).willReturn("");
 		this.factory.createSecurityContext(this.withUserDetails);
 	}
@@ -80,7 +79,6 @@ public class WithUserDetailsSecurityContextFactoryTests {
 		given(this.beans.getBean(UserDetailsService.class)).willReturn(this.userDetailsService);
 		given(this.withUserDetails.value()).willReturn(username);
 		given(this.userDetailsService.loadUserByUsername(username)).willReturn(this.userDetails);
-
 		SecurityContext context = this.factory.createSecurityContext(this.withUserDetails);
 		assertThat(context.getAuthentication()).isInstanceOf(UsernamePasswordAuthenticationToken.class);
 		assertThat(context.getAuthentication().getPrincipal()).isEqualTo(this.userDetails);
@@ -98,7 +96,6 @@ public class WithUserDetailsSecurityContextFactoryTests {
 		given(this.withUserDetails.userDetailsServiceBeanName()).willReturn(beanName);
 		given(this.userDetailsService.loadUserByUsername(username)).willReturn(this.userDetails);
 		given(this.beans.getBean(beanName, UserDetailsService.class)).willReturn(this.userDetailsService);
-
 		SecurityContext context = this.factory.createSecurityContext(this.withUserDetails);
 		assertThat(context.getAuthentication()).isInstanceOf(UsernamePasswordAuthenticationToken.class);
 		assertThat(context.getAuthentication().getPrincipal()).isEqualTo(this.userDetails);
@@ -111,7 +108,6 @@ public class WithUserDetailsSecurityContextFactoryTests {
 		given(this.withUserDetails.value()).willReturn(username);
 		given(this.beans.getBean(ReactiveUserDetailsService.class)).willReturn(this.reactiveUserDetailsService);
 		given(this.reactiveUserDetailsService.findByUsername(username)).willReturn(Mono.just(this.userDetails));
-
 		SecurityContext context = this.factory.createSecurityContext(this.withUserDetails);
 		assertThat(context.getAuthentication()).isInstanceOf(UsernamePasswordAuthenticationToken.class);
 		assertThat(context.getAuthentication().getPrincipal()).isEqualTo(this.userDetails);
@@ -127,7 +123,6 @@ public class WithUserDetailsSecurityContextFactoryTests {
 		given(this.beans.getBean(beanName, ReactiveUserDetailsService.class))
 				.willReturn(this.reactiveUserDetailsService);
 		given(this.reactiveUserDetailsService.findByUsername(username)).willReturn(Mono.just(this.userDetails));
-
 		SecurityContext context = this.factory.createSecurityContext(this.withUserDetails);
 		assertThat(context.getAuthentication()).isInstanceOf(UsernamePasswordAuthenticationToken.class);
 		assertThat(context.getAuthentication().getPrincipal()).isEqualTo(this.userDetails);
diff --git a/test/src/test/java/org/springframework/security/test/context/support/WithUserDetailsTests.java b/test/src/test/java/org/springframework/security/test/context/support/WithUserDetailsTests.java
index abc94bff08..b2d041d980 100644
--- a/test/src/test/java/org/springframework/security/test/context/support/WithUserDetailsTests.java
+++ b/test/src/test/java/org/springframework/security/test/context/support/WithUserDetailsTests.java
@@ -29,10 +29,8 @@ public class WithUserDetailsTests {
 	public void defaults() {
 		WithUserDetails userDetails = AnnotationUtils.findAnnotation(Annotated.class, WithUserDetails.class);
 		assertThat(userDetails.value()).isEqualTo("user");
-
 		WithSecurityContext context = AnnotatedElementUtils.findMergedAnnotation(Annotated.class,
 				WithSecurityContext.class);
-
 		assertThat(context.setupBefore()).isEqualTo(TestExecutionEvent.TEST_METHOD);
 	}
 
@@ -40,7 +38,6 @@ public class WithUserDetailsTests {
 	public void findMergedAnnotationWhenSetupExplicitThenOverridden() {
 		WithSecurityContext context = AnnotatedElementUtils.findMergedAnnotation(SetupExplicit.class,
 				WithSecurityContext.class);
-
 		assertThat(context.setupBefore()).isEqualTo(TestExecutionEvent.TEST_METHOD);
 	}
 
@@ -48,7 +45,6 @@ public class WithUserDetailsTests {
 	public void findMergedAnnotationWhenSetupOverriddenThenOverridden() {
 		WithSecurityContext context = AnnotatedElementUtils.findMergedAnnotation(SetupOverridden.class,
 				WithSecurityContext.class);
-
 		assertThat(context.setupBefore()).isEqualTo(TestExecutionEvent.TEST_EXECUTION);
 	}
 
diff --git a/test/src/test/java/org/springframework/security/test/web/reactive/server/AbstractMockServerConfigurersTests.java b/test/src/test/java/org/springframework/security/test/web/reactive/server/AbstractMockServerConfigurersTests.java
index e984952640..5389b138f2 100644
--- a/test/src/test/java/org/springframework/security/test/web/reactive/server/AbstractMockServerConfigurersTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/reactive/server/AbstractMockServerConfigurersTests.java
@@ -43,11 +43,9 @@ abstract class AbstractMockServerConfigurersTests {
 
 	protected void assertPrincipalCreatedFromUserDetails(Principal principal, UserDetails originalUserDetails) {
 		assertThat(principal).isInstanceOf(UsernamePasswordAuthenticationToken.class);
-
 		UsernamePasswordAuthenticationToken authentication = (UsernamePasswordAuthenticationToken) principal;
 		assertThat(authentication.getCredentials()).isEqualTo(originalUserDetails.getPassword());
 		assertThat(authentication.getAuthorities()).containsOnlyElementsOf(originalUserDetails.getAuthorities());
-
 		UserDetails userDetails = (UserDetails) authentication.getPrincipal();
 		assertThat(userDetails.getPassword()).isEqualTo(authentication.getCredentials());
 		assertThat(authentication.getAuthorities()).containsOnlyElementsOf(userDetails.getAuthorities());
diff --git a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurerOpaqueTokenTests.java b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurerOpaqueTokenTests.java
index 022a7a7ba0..4ddd34771d 100644
--- a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurerOpaqueTokenTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurerOpaqueTokenTests.java
@@ -59,7 +59,6 @@ public class SecurityMockServerConfigurerOpaqueTokenTests extends AbstractMockSe
 	@Test
 	public void mockOpaqueTokenWhenUsingDefaultsThenBearerTokenAuthentication() {
 		this.client.mutateWith(SecurityMockServerConfigurers.mockOpaqueToken()).get().exchange().expectStatus().isOk();
-
 		SecurityContext context = this.securityContextController.removeSecurityContext();
 		assertThat(context.getAuthentication()).isInstanceOf(BearerTokenAuthentication.class);
 		BearerTokenAuthentication token = (BearerTokenAuthentication) context.getAuthentication();
@@ -74,7 +73,6 @@ public class SecurityMockServerConfigurerOpaqueTokenTests extends AbstractMockSe
 				.mutateWith(
 						SecurityMockServerConfigurers.mockOpaqueToken().authorities(this.authority1, this.authority2))
 				.get().exchange().expectStatus().isOk();
-
 		SecurityContext context = this.securityContextController.removeSecurityContext();
 		assertThat((List<GrantedAuthority>) context.getAuthentication().getAuthorities()).containsOnly(this.authority1,
 				this.authority2);
@@ -87,7 +85,6 @@ public class SecurityMockServerConfigurerOpaqueTokenTests extends AbstractMockSe
 				.mutateWith(SecurityMockServerConfigurers.mockOpaqueToken()
 						.attributes((attributes) -> attributes.put(OAuth2IntrospectionClaimNames.SUBJECT, sub)))
 				.get().exchange().expectStatus().isOk();
-
 		SecurityContext context = this.securityContextController.removeSecurityContext();
 		assertThat(context.getAuthentication()).isInstanceOf(BearerTokenAuthentication.class);
 		BearerTokenAuthentication token = (BearerTokenAuthentication) context.getAuthentication();
@@ -99,7 +96,6 @@ public class SecurityMockServerConfigurerOpaqueTokenTests extends AbstractMockSe
 		OAuth2AuthenticatedPrincipal principal = TestOAuth2AuthenticatedPrincipals.active();
 		this.client.mutateWith(SecurityMockServerConfigurers.mockOpaqueToken().principal(principal)).get().exchange()
 				.expectStatus().isOk();
-
 		SecurityContext context = this.securityContextController.removeSecurityContext();
 		assertThat(context.getAuthentication()).isInstanceOf(BearerTokenAuthentication.class);
 		BearerTokenAuthentication token = (BearerTokenAuthentication) context.getAuthentication();
@@ -110,24 +106,20 @@ public class SecurityMockServerConfigurerOpaqueTokenTests extends AbstractMockSe
 	public void mockOpaqueTokenWhenPrincipalSpecifiedThenLastCalledTakesPrecedence() {
 		OAuth2AuthenticatedPrincipal principal = TestOAuth2AuthenticatedPrincipals
 				.active((a) -> a.put("scope", "user"));
-
 		this.client
 				.mutateWith(SecurityMockServerConfigurers.mockOpaqueToken()
 						.attributes((a) -> a.put(OAuth2IntrospectionClaimNames.SUBJECT, "foo")).principal(principal))
 				.get().exchange().expectStatus().isOk();
-
 		SecurityContext context = this.securityContextController.removeSecurityContext();
 		assertThat(context.getAuthentication()).isInstanceOf(BearerTokenAuthentication.class);
 		BearerTokenAuthentication token = (BearerTokenAuthentication) context.getAuthentication();
 		assertThat((String) ((OAuth2AuthenticatedPrincipal) token.getPrincipal())
 				.getAttribute(OAuth2IntrospectionClaimNames.SUBJECT))
 						.isEqualTo(principal.getAttribute(OAuth2IntrospectionClaimNames.SUBJECT));
-
 		this.client
 				.mutateWith(SecurityMockServerConfigurers.mockOpaqueToken().principal(principal)
 						.attributes((a) -> a.put(OAuth2IntrospectionClaimNames.SUBJECT, "bar")))
 				.get().exchange().expectStatus().isOk();
-
 		context = this.securityContextController.removeSecurityContext();
 		assertThat(context.getAuthentication()).isInstanceOf(BearerTokenAuthentication.class);
 		token = (BearerTokenAuthentication) context.getAuthentication();
diff --git a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersAnnotatedTests.java b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersAnnotatedTests.java
index f5e4425ec6..97735c1ab9 100644
--- a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersAnnotatedTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersAnnotatedTests.java
@@ -49,7 +49,6 @@ public class SecurityMockServerConfigurersAnnotatedTests extends AbstractMockSer
 	@WithMockUser
 	public void withMockUserWhenOnMethodThenSuccess() {
 		this.client.get().exchange().expectStatus().isOk();
-
 		Authentication authentication = TestSecurityContextHolder.getContext().getAuthentication();
 		this.controller.assertPrincipalIsEqualTo(authentication);
 	}
@@ -64,9 +63,7 @@ public class SecurityMockServerConfigurersAnnotatedTests extends AbstractMockSer
 				.apply(SecurityMockServerConfigurers.springSecurity())
 				.apply(SecurityMockServerConfigurers.mockAuthentication(authentication)).configureClient()
 				.defaultHeader(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_VALUE).build();
-
 		this.client.get().exchange().expectStatus().isOk();
-
 		this.controller.assertPrincipalIsEqualTo(authentication);
 	}
 
@@ -77,7 +74,6 @@ public class SecurityMockServerConfigurersAnnotatedTests extends AbstractMockSer
 				"ROLE_USER");
 		this.client.mutateWith(SecurityMockServerConfigurers.mockAuthentication(authentication)).get().exchange()
 				.expectStatus().isOk();
-
 		this.controller.assertPrincipalIsEqualTo(authentication);
 	}
 
@@ -88,11 +84,8 @@ public class SecurityMockServerConfigurersAnnotatedTests extends AbstractMockSer
 				"ROLE_USER");
 		this.client.mutateWith(SecurityMockServerConfigurers.mockAuthentication(authentication)).get().exchange()
 				.expectStatus().isOk();
-
 		this.controller.assertPrincipalIsEqualTo(authentication);
-
 		this.client.get().exchange().expectStatus().isOk();
-
 		assertPrincipalCreatedFromUserDetails(this.controller.removePrincipal(), this.userBuilder.build());
 	}
 
@@ -101,7 +94,6 @@ public class SecurityMockServerConfigurersAnnotatedTests extends AbstractMockSer
 	public void withMockUserWhenOnMethodAndRequestIsExecutedOnDifferentThreadThenSuccess() {
 		Authentication authentication = TestSecurityContextHolder.getContext().getAuthentication();
 		ForkJoinPool.commonPool().submit(() -> this.client.get().exchange().expectStatus().isOk()).join();
-
 		this.controller.assertPrincipalIsEqualTo(authentication);
 	}
 
@@ -110,16 +102,12 @@ public class SecurityMockServerConfigurersAnnotatedTests extends AbstractMockSer
 	public void withMockUserAndWithCallOnSeparateThreadWhenMutateWithMockPrincipalAndNoMutateThenOverridesAnnotationAndUsesAnnotation() {
 		TestingAuthenticationToken authentication = new TestingAuthenticationToken("authentication", "secret",
 				"ROLE_USER");
-
 		ForkJoinPool.commonPool()
 				.submit(() -> this.client.mutateWith(SecurityMockServerConfigurers.mockAuthentication(authentication))
 						.get().exchange().expectStatus().isOk())
 				.join();
-
 		this.controller.assertPrincipalIsEqualTo(authentication);
-
 		ForkJoinPool.commonPool().submit(() -> this.client.get().exchange().expectStatus().isOk()).join();
-
 		assertPrincipalCreatedFromUserDetails(this.controller.removePrincipal(), this.userBuilder.build());
 	}
 
diff --git a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersClassAnnotatedTests.java b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersClassAnnotatedTests.java
index 433f8b3483..a96f00493a 100644
--- a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersClassAnnotatedTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersClassAnnotatedTests.java
@@ -51,7 +51,6 @@ public class SecurityMockServerConfigurersClassAnnotatedTests extends AbstractMo
 	public void wheMockUserWhenClassAnnotatedThenSuccess() {
 		this.client.get().exchange().expectStatus().isOk().expectBody(String.class)
 				.consumeWith((response) -> assertThat(response.getResponseBody()).contains("\"username\":\"user\""));
-
 		Authentication authentication = TestSecurityContextHolder.getContext().getAuthentication();
 		this.controller.assertPrincipalIsEqualTo(authentication);
 	}
@@ -61,7 +60,6 @@ public class SecurityMockServerConfigurersClassAnnotatedTests extends AbstractMo
 	public void withMockUserWhenClassAndMethodAnnotationThenMethodOverrides() {
 		this.client.get().exchange().expectStatus().isOk().expectBody(String.class).consumeWith(
 				(response) -> assertThat(response.getResponseBody()).contains("\"username\":\"method-user\""));
-
 		Authentication authentication = TestSecurityContextHolder.getContext().getAuthentication();
 		this.controller.assertPrincipalIsEqualTo(authentication);
 	}
@@ -72,7 +70,6 @@ public class SecurityMockServerConfigurersClassAnnotatedTests extends AbstractMo
 				.expectStatus().isOk().expectBody(String.class)
 				.consumeWith((response) -> assertThat(response.getResponseBody())
 						.contains("\"username\":\"mutateWith-mockUser\""));
-
 		Principal principal = this.controller.removePrincipal();
 		assertPrincipalCreatedFromUserDetails(principal, this.userBuilder.username("mutateWith-mockUser").build());
 	}
diff --git a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersJwtTests.java b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersJwtTests.java
index f11b965214..7a0aa28c8b 100644
--- a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersJwtTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersJwtTests.java
@@ -63,7 +63,6 @@ public class SecurityMockServerConfigurersJwtTests extends AbstractMockServerCon
 	@Test
 	public void mockJwtWhenUsingDefaultsTheCreatesJwtAuthentication() {
 		this.client.mutateWith(SecurityMockServerConfigurers.mockJwt()).get().exchange().expectStatus().isOk();
-
 		SecurityContext context = this.securityContextController.removeSecurityContext();
 		assertThat(context.getAuthentication()).isInstanceOf(JwtAuthenticationToken.class);
 		JwtAuthenticationToken token = (JwtAuthenticationToken) context.getAuthentication();
@@ -78,7 +77,6 @@ public class SecurityMockServerConfigurersJwtTests extends AbstractMockServerCon
 		String name = new String("user");
 		this.client.mutateWith(SecurityMockServerConfigurers.mockJwt().jwt((jwt) -> jwt.subject(name))).get().exchange()
 				.expectStatus().isOk();
-
 		SecurityContext context = this.securityContextController.removeSecurityContext();
 		assertThat(context.getAuthentication()).isInstanceOf(JwtAuthenticationToken.class);
 		JwtAuthenticationToken token = (JwtAuthenticationToken) context.getAuthentication();
@@ -90,7 +88,6 @@ public class SecurityMockServerConfigurersJwtTests extends AbstractMockServerCon
 		this.client.mutateWith(SecurityMockServerConfigurers.mockJwt()
 				.jwt((jwt) -> jwt.claim("scope", "ignored authorities")).authorities(this.authority1, this.authority2))
 				.get().exchange().expectStatus().isOk();
-
 		SecurityContext context = this.securityContextController.removeSecurityContext();
 		assertThat((List<GrantedAuthority>) context.getAuthentication().getAuthorities()).containsOnly(this.authority1,
 				this.authority2);
@@ -102,7 +99,6 @@ public class SecurityMockServerConfigurersJwtTests extends AbstractMockServerCon
 				.mutateWith(
 						SecurityMockServerConfigurers.mockJwt().jwt((jwt) -> jwt.claim("scope", "scoped authorities")))
 				.get().exchange().expectStatus().isOk();
-
 		SecurityContext context = this.securityContextController.removeSecurityContext();
 		assertThat((List<GrantedAuthority>) context.getAuthentication().getAuthorities()).containsOnly(
 				new SimpleGrantedAuthority("SCOPE_scoped"), new SimpleGrantedAuthority("SCOPE_authorities"));
@@ -115,7 +111,6 @@ public class SecurityMockServerConfigurersJwtTests extends AbstractMockServerCon
 						SecurityMockServerConfigurers.mockJwt().jwt((jwt) -> jwt.claim("scope", "ignored authorities"))
 								.authorities((jwt) -> Arrays.asList(this.authority1)))
 				.get().exchange().expectStatus().isOk();
-
 		SecurityContext context = this.securityContextController.removeSecurityContext();
 		assertThat((List<GrantedAuthority>) context.getAuthentication().getAuthorities()).containsOnly(this.authority1);
 	}
@@ -125,7 +120,6 @@ public class SecurityMockServerConfigurersJwtTests extends AbstractMockServerCon
 		Jwt originalToken = TestJwts.jwt().header("header1", "value1").subject("some_user").build();
 		this.client.mutateWith(SecurityMockServerConfigurers.mockJwt().jwt(originalToken)).get().exchange()
 				.expectStatus().isOk();
-
 		SecurityContext context = this.securityContextController.removeSecurityContext();
 		assertThat(context.getAuthentication()).isInstanceOf(JwtAuthenticationToken.class);
 		JwtAuthenticationToken retrievedToken = (JwtAuthenticationToken) context.getAuthentication();
diff --git a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersOAuth2ClientTests.java b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersOAuth2ClientTests.java
index 2bdaf7367c..902ea2a0fa 100644
--- a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersOAuth2ClientTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersOAuth2ClientTests.java
@@ -75,7 +75,6 @@ public class SecurityMockServerConfigurersOAuth2ClientTests extends AbstractMock
 
 	@Test
 	public void oauth2ClientWhenUsingDefaultsThenException() throws Exception {
-
 		WebHttpHandlerBuilder builder = WebHttpHandlerBuilder.webHandler(new DispatcherHandler());
 		assertThatCode(() -> SecurityMockServerConfigurers.mockOAuth2Client().beforeServerCreated(builder))
 				.isInstanceOf(IllegalArgumentException.class).hasMessageContaining("ClientRegistration");
@@ -83,10 +82,8 @@ public class SecurityMockServerConfigurersOAuth2ClientTests extends AbstractMock
 
 	@Test
 	public void oauth2ClientWhenUsingRegistrationIdThenProducesAuthorizedClient() throws Exception {
-
 		this.client.mutateWith(SecurityMockServerConfigurers.mockOAuth2Client("registration-id")).get().uri("/client")
 				.exchange().expectStatus().isOk();
-
 		OAuth2AuthorizedClient client = this.controller.authorizedClient;
 		assertThat(client).isNotNull();
 		assertThat(client.getClientRegistration().getRegistrationId()).isEqualTo("registration-id");
@@ -96,12 +93,10 @@ public class SecurityMockServerConfigurersOAuth2ClientTests extends AbstractMock
 
 	@Test
 	public void oauth2ClientWhenClientRegistrationThenUses() throws Exception {
-
 		ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration()
 				.registrationId("registration-id").clientId("client-id").build();
 		this.client.mutateWith(SecurityMockServerConfigurers.mockOAuth2Client().clientRegistration(clientRegistration))
 				.get().uri("/client").exchange().expectStatus().isOk();
-
 		OAuth2AuthorizedClient client = this.controller.authorizedClient;
 		assertThat(client).isNotNull();
 		assertThat(client.getClientRegistration().getRegistrationId()).isEqualTo("registration-id");
@@ -111,12 +106,10 @@ public class SecurityMockServerConfigurersOAuth2ClientTests extends AbstractMock
 
 	@Test
 	public void oauth2ClientWhenClientRegistrationConsumerThenUses() throws Exception {
-
 		this.client
 				.mutateWith(SecurityMockServerConfigurers.mockOAuth2Client("registration-id")
 						.clientRegistration((c) -> c.clientId("client-id")))
 				.get().uri("/client").exchange().expectStatus().isOk();
-
 		OAuth2AuthorizedClient client = this.controller.authorizedClient;
 		assertThat(client).isNotNull();
 		assertThat(client.getClientRegistration().getRegistrationId()).isEqualTo("registration-id");
@@ -136,12 +129,10 @@ public class SecurityMockServerConfigurersOAuth2ClientTests extends AbstractMock
 
 	@Test
 	public void oauth2ClientWhenAccessTokenThenUses() throws Exception {
-
 		OAuth2AccessToken accessToken = TestOAuth2AccessTokens.noScopes();
 		this.client
 				.mutateWith(SecurityMockServerConfigurers.mockOAuth2Client("registration-id").accessToken(accessToken))
 				.get().uri("/client").exchange().expectStatus().isOk();
-
 		OAuth2AuthorizedClient client = this.controller.authorizedClient;
 		assertThat(client).isNotNull();
 		assertThat(client.getClientRegistration().getRegistrationId()).isEqualTo("registration-id");
@@ -153,11 +144,9 @@ public class SecurityMockServerConfigurersOAuth2ClientTests extends AbstractMock
 	public void oauth2ClientWhenUsedOnceThenDoesNotAffectRemainingTests() throws Exception {
 		this.client.mutateWith(SecurityMockServerConfigurers.mockOAuth2Client("registration-id")).get().uri("/client")
 				.exchange().expectStatus().isOk();
-
 		OAuth2AuthorizedClient client = this.controller.authorizedClient;
 		assertThat(client).isNotNull();
 		assertThat(client.getClientRegistration().getClientId()).isEqualTo("test-client");
-
 		client = new OAuth2AuthorizedClient(TestClientRegistrations.clientRegistration().build(), "sub",
 				TestOAuth2AccessTokens.noScopes());
 		given(this.authorizedClientRepository.loadAuthorizedClient(eq("registration-id"), any(Authentication.class),
diff --git a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersOAuth2LoginTests.java b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersOAuth2LoginTests.java
index 8028d88803..0820d65d50 100644
--- a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersOAuth2LoginTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersOAuth2LoginTests.java
@@ -72,7 +72,6 @@ public class SecurityMockServerConfigurersOAuth2LoginTests extends AbstractMockS
 	public void oauth2LoginWhenUsingDefaultsThenProducesDefaultAuthentication() {
 		this.client.mutateWith(SecurityMockServerConfigurers.mockOAuth2Login()).get().uri("/token").exchange()
 				.expectStatus().isOk();
-
 		OAuth2AuthenticationToken token = this.controller.token;
 		assertThat(token).isNotNull();
 		assertThat(token.getAuthorizedClientRegistrationId()).isEqualTo("test");
@@ -86,7 +85,6 @@ public class SecurityMockServerConfigurersOAuth2LoginTests extends AbstractMockS
 	public void oauth2LoginWhenUsingDefaultsThenProducesDefaultAuthorizedClient() {
 		this.client.mutateWith(SecurityMockServerConfigurers.mockOAuth2Login()).get().uri("/client").exchange()
 				.expectStatus().isOk();
-
 		OAuth2AuthorizedClient client = this.controller.authorizedClient;
 		assertThat(client).isNotNull();
 		assertThat(client.getClientRegistration().getRegistrationId()).isEqualTo("test");
@@ -100,7 +98,6 @@ public class SecurityMockServerConfigurersOAuth2LoginTests extends AbstractMockS
 				.mutateWith(SecurityMockServerConfigurers.mockOAuth2Login()
 						.authorities(new SimpleGrantedAuthority("SCOPE_admin")))
 				.get().uri("/token").exchange().expectStatus().isOk();
-
 		OAuth2AuthenticationToken token = this.controller.token;
 		assertThat((Collection<GrantedAuthority>) token.getPrincipal().getAuthorities())
 				.contains(new SimpleGrantedAuthority("SCOPE_admin"));
@@ -112,7 +109,6 @@ public class SecurityMockServerConfigurersOAuth2LoginTests extends AbstractMockS
 				.mutateWith(SecurityMockServerConfigurers.mockOAuth2Login()
 						.attributes((a) -> a.put("iss", "https://idp.example.org")))
 				.get().uri("/token").exchange().expectStatus().isOk();
-
 		OAuth2AuthenticationToken token = this.controller.token;
 		assertThat(token.getPrincipal().getAttributes()).containsEntry("iss", "https://idp.example.org");
 	}
@@ -121,16 +117,12 @@ public class SecurityMockServerConfigurersOAuth2LoginTests extends AbstractMockS
 	public void oauth2LoginWhenNameSpecifiedThenUserHasName() throws Exception {
 		OAuth2User oauth2User = new DefaultOAuth2User(AuthorityUtils.commaSeparatedStringToAuthorityList("SCOPE_read"),
 				Collections.singletonMap("custom-attribute", "test-subject"), "custom-attribute");
-
 		this.client.mutateWith(SecurityMockServerConfigurers.mockOAuth2Login().oauth2User(oauth2User)).get()
 				.uri("/token").exchange().expectStatus().isOk();
-
 		OAuth2AuthenticationToken token = this.controller.token;
 		assertThat(token.getPrincipal().getName()).isEqualTo("test-subject");
-
 		this.client.mutateWith(SecurityMockServerConfigurers.mockOAuth2Login().oauth2User(oauth2User)).get()
 				.uri("/client").exchange().expectStatus().isOk();
-
 		OAuth2AuthorizedClient client = this.controller.authorizedClient;
 		assertThat(client.getPrincipalName()).isEqualTo("test-subject");
 	}
@@ -139,17 +131,13 @@ public class SecurityMockServerConfigurersOAuth2LoginTests extends AbstractMockS
 	public void oauth2LoginWhenOAuth2UserSpecifiedThenLastCalledTakesPrecedence() throws Exception {
 		OAuth2User oauth2User = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("SCOPE_read"),
 				Collections.singletonMap("sub", "subject"), "sub");
-
 		this.client.mutateWith(SecurityMockServerConfigurers.mockOAuth2Login()
 				.attributes((a) -> a.put("subject", "foo")).oauth2User(oauth2User)).get().uri("/token").exchange()
 				.expectStatus().isOk();
-
 		OAuth2AuthenticationToken token = this.controller.token;
 		assertThat(token.getPrincipal().getAttributes()).containsEntry("sub", "subject");
-
 		this.client.mutateWith(SecurityMockServerConfigurers.mockOAuth2Login().oauth2User(oauth2User)
 				.attributes((a) -> a.put("sub", "bar"))).get().uri("/token").exchange().expectStatus().isOk();
-
 		token = this.controller.token;
 		assertThat(token.getPrincipal().getAttributes()).containsEntry("sub", "bar");
 	}
diff --git a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersOidcLoginTests.java b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersOidcLoginTests.java
index 8f7927893f..b9361bfbdd 100644
--- a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersOidcLoginTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersOidcLoginTests.java
@@ -73,7 +73,6 @@ public class SecurityMockServerConfigurersOidcLoginTests extends AbstractMockSer
 	public void oidcLoginWhenUsingDefaultsThenProducesDefaultAuthentication() {
 		this.client.mutateWith(SecurityMockServerConfigurers.mockOidcLogin()).get().uri("/token").exchange()
 				.expectStatus().isOk();
-
 		OAuth2AuthenticationToken token = this.controller.token;
 		assertThat(token).isNotNull();
 		assertThat(token.getAuthorizedClientRegistrationId()).isEqualTo("test");
@@ -88,7 +87,6 @@ public class SecurityMockServerConfigurersOidcLoginTests extends AbstractMockSer
 	public void oidcLoginWhenUsingDefaultsThenProducesDefaultAuthorizedClient() {
 		this.client.mutateWith(SecurityMockServerConfigurers.mockOidcLogin()).get().uri("/client").exchange()
 				.expectStatus().isOk();
-
 		OAuth2AuthorizedClient client = this.controller.authorizedClient;
 		assertThat(client).isNotNull();
 		assertThat(client.getClientRegistration().getRegistrationId()).isEqualTo("test");
@@ -102,7 +100,6 @@ public class SecurityMockServerConfigurersOidcLoginTests extends AbstractMockSer
 				.mutateWith(SecurityMockServerConfigurers.mockOidcLogin()
 						.authorities(new SimpleGrantedAuthority("SCOPE_admin")))
 				.get().uri("/token").exchange().expectStatus().isOk();
-
 		OAuth2AuthenticationToken token = this.controller.token;
 		assertThat((Collection<GrantedAuthority>) token.getPrincipal().getAuthorities())
 				.contains(new SimpleGrantedAuthority("SCOPE_admin"));
@@ -114,7 +111,6 @@ public class SecurityMockServerConfigurersOidcLoginTests extends AbstractMockSer
 				.mutateWith(SecurityMockServerConfigurers.mockOidcLogin()
 						.idToken((i) -> i.issuer("https://idp.example.org")))
 				.get().uri("/token").exchange().expectStatus().isOk();
-
 		OAuth2AuthenticationToken token = this.controller.token;
 		assertThat(token.getPrincipal().getAttributes()).containsEntry("iss", "https://idp.example.org");
 	}
@@ -124,7 +120,6 @@ public class SecurityMockServerConfigurersOidcLoginTests extends AbstractMockSer
 		this.client
 				.mutateWith(SecurityMockServerConfigurers.mockOidcLogin().userInfoToken((u) -> u.email("email@email")))
 				.get().uri("/token").exchange().expectStatus().isOk();
-
 		OAuth2AuthenticationToken token = this.controller.token;
 		assertThat(token.getPrincipal().getAttributes()).containsEntry("email", "email@email");
 	}
@@ -134,16 +129,12 @@ public class SecurityMockServerConfigurersOidcLoginTests extends AbstractMockSer
 		OidcUser oidcUser = new DefaultOidcUser(AuthorityUtils.commaSeparatedStringToAuthorityList("SCOPE_read"),
 				OidcIdToken.withTokenValue("id-token").claim("custom-attribute", "test-subject").build(),
 				"custom-attribute");
-
 		this.client.mutateWith(SecurityMockServerConfigurers.mockOAuth2Login().oauth2User(oidcUser)).get().uri("/token")
 				.exchange().expectStatus().isOk();
-
 		OAuth2AuthenticationToken token = this.controller.token;
 		assertThat(token.getPrincipal().getName()).isEqualTo("test-subject");
-
 		this.client.mutateWith(SecurityMockServerConfigurers.mockOAuth2Login().oauth2User(oidcUser)).get()
 				.uri("/client").exchange().expectStatus().isOk();
-
 		OAuth2AuthorizedClient client = this.controller.authorizedClient;
 		assertThat(client.getPrincipalName()).isEqualTo("test-subject");
 	}
@@ -153,18 +144,14 @@ public class SecurityMockServerConfigurersOidcLoginTests extends AbstractMockSer
 	public void oidcLoginWhenOidcUserSpecifiedThenLastCalledTakesPrecedence() throws Exception {
 		OidcUser oidcUser = new DefaultOidcUser(AuthorityUtils.createAuthorityList("SCOPE_read"),
 				TestOidcIdTokens.idToken().build());
-
 		this.client.mutateWith(
 				SecurityMockServerConfigurers.mockOidcLogin().idToken((i) -> i.subject("foo")).oidcUser(oidcUser)).get()
 				.uri("/token").exchange().expectStatus().isOk();
-
 		OAuth2AuthenticationToken token = this.controller.token;
 		assertThat(token.getPrincipal().getAttributes()).containsEntry("sub", "subject");
-
 		this.client.mutateWith(
 				SecurityMockServerConfigurers.mockOidcLogin().oidcUser(oidcUser).idToken((i) -> i.subject("bar"))).get()
 				.uri("/token").exchange().expectStatus().isOk();
-
 		token = this.controller.token;
 		assertThat(token.getPrincipal().getAttributes()).containsEntry("sub", "bar");
 	}
diff --git a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersTests.java b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersTests.java
index fd5ccb3699..3b11ff0c73 100644
--- a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersTests.java
@@ -68,9 +68,7 @@ public class SecurityMockServerConfigurersTests extends AbstractMockServerConfig
 	@Test
 	public void mockUserWhenDefaultsThenSuccess() {
 		this.client.mutateWith(SecurityMockServerConfigurers.mockUser()).get().exchange().expectStatus().isOk();
-
 		Principal actual = this.controller.removePrincipal();
-
 		assertPrincipalCreatedFromUserDetails(actual, this.userBuilder.build());
 	}
 
@@ -81,9 +79,7 @@ public class SecurityMockServerConfigurersTests extends AbstractMockServerConfig
 				.apply(SecurityMockServerConfigurers.springSecurity()).apply(SecurityMockServerConfigurers.mockUser())
 				.configureClient().defaultHeader(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_VALUE).build();
 		this.client.get().exchange().expectStatus().isOk();
-
 		Principal actual = this.controller.removePrincipal();
-
 		assertPrincipalCreatedFromUserDetails(actual, this.userBuilder.build());
 	}
 
@@ -91,9 +87,7 @@ public class SecurityMockServerConfigurersTests extends AbstractMockServerConfig
 	public void mockUserStringWhenLocalThenSuccess() {
 		this.client.mutateWith(SecurityMockServerConfigurers.mockUser(this.userBuilder.build().getUsername())).get()
 				.exchange().expectStatus().isOk();
-
 		Principal actual = this.controller.removePrincipal();
-
 		assertPrincipalCreatedFromUserDetails(actual, this.userBuilder.build());
 	}
 
@@ -103,9 +97,7 @@ public class SecurityMockServerConfigurersTests extends AbstractMockServerConfig
 		this.client
 				.mutateWith(SecurityMockServerConfigurers.mockUser("admin").password("secret").roles("USER", "ADMIN"))
 				.get().exchange().expectStatus().isOk();
-
 		Principal actual = this.controller.removePrincipal();
-
 		assertPrincipalCreatedFromUserDetails(actual, this.userBuilder.build());
 	}
 
@@ -114,9 +106,7 @@ public class SecurityMockServerConfigurersTests extends AbstractMockServerConfig
 		UserDetails userDetails = this.userBuilder.build();
 		this.client.mutateWith(SecurityMockServerConfigurers.mockUser(userDetails)).get().exchange().expectStatus()
 				.isOk();
-
 		Principal actual = this.controller.removePrincipal();
-
 		assertPrincipalCreatedFromUserDetails(actual, this.userBuilder.build());
 	}
 
@@ -124,9 +114,7 @@ public class SecurityMockServerConfigurersTests extends AbstractMockServerConfig
 	public void csrfWhenMutateWithThenDisablesCsrf() {
 		this.client.post().exchange().expectStatus().isEqualTo(HttpStatus.FORBIDDEN).expectBody()
 				.consumeWith((b) -> assertThat(new String(b.getResponseBody())).contains("CSRF"));
-
 		this.client.mutateWith(SecurityMockServerConfigurers.csrf()).post().exchange().expectStatus().isOk();
-
 	}
 
 	@Test
@@ -134,9 +122,7 @@ public class SecurityMockServerConfigurersTests extends AbstractMockServerConfig
 		this.client = WebTestClient.bindToController(this.controller).webFilter(new CsrfWebFilter())
 				.apply(SecurityMockServerConfigurers.springSecurity()).apply(SecurityMockServerConfigurers.csrf())
 				.configureClient().build();
-
 		this.client.get().exchange().expectStatus().isOk();
-
 	}
 
 }
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/Sec2935Tests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/Sec2935Tests.java
index 397f04b404..ebca73b566 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/Sec2935Tests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/Sec2935Tests.java
@@ -45,7 +45,6 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
 /**
  * @author Rob Winch
  */
-
 @RunWith(SpringJUnit4ClassRunner.class)
 @ContextConfiguration
 @WebAppConfiguration
@@ -66,7 +65,6 @@ public class Sec2935Tests {
 	public void postProcessorUserNoUser() throws Exception {
 		this.mvc.perform(get("/admin/abc").with(user("user").roles("ADMIN", "USER"))).andExpect(status().isNotFound())
 				.andExpect(authenticated().withUsername("user"));
-
 		this.mvc.perform(get("/admin/abc")).andExpect(status().isUnauthorized()).andExpect(unauthenticated());
 	}
 
@@ -74,7 +72,6 @@ public class Sec2935Tests {
 	public void postProcessorUserOtherUser() throws Exception {
 		this.mvc.perform(get("/admin/abc").with(user("user1").roles("ADMIN", "USER"))).andExpect(status().isNotFound())
 				.andExpect(authenticated().withUsername("user1"));
-
 		this.mvc.perform(get("/admin/abc").with(user("user2").roles("USER"))).andExpect(status().isForbidden())
 				.andExpect(authenticated().withUsername("user2"));
 	}
@@ -84,7 +81,6 @@ public class Sec2935Tests {
 	public void postProcessorUserWithMockUser() throws Exception {
 		this.mvc.perform(get("/admin/abc").with(user("user1").roles("ADMIN", "USER"))).andExpect(status().isNotFound())
 				.andExpect(authenticated().withUsername("user1"));
-
 		this.mvc.perform(get("/admin/abc")).andExpect(status().isForbidden())
 				.andExpect(authenticated().withUsername("user"));
 	}
@@ -94,10 +90,8 @@ public class Sec2935Tests {
 	public void defaultRequest() throws Exception {
 		this.mvc = MockMvcBuilders.webAppContextSetup(this.context).apply(springSecurity())
 				.defaultRequest(get("/").with(user("default"))).build();
-
 		this.mvc.perform(get("/admin/abc").with(user("user1").roles("ADMIN", "USER"))).andExpect(status().isNotFound())
 				.andExpect(authenticated().withUsername("user1"));
-
 		this.mvc.perform(get("/admin/abc")).andExpect(status().isForbidden())
 				.andExpect(authenticated().withUsername("default"));
 	}
@@ -108,10 +102,8 @@ public class Sec2935Tests {
 	public void defaultRequestOverridesWithMockUser() throws Exception {
 		this.mvc = MockMvcBuilders.webAppContextSetup(this.context).apply(springSecurity())
 				.defaultRequest(get("/").with(user("default"))).build();
-
 		this.mvc.perform(get("/admin/abc").with(user("user1").roles("ADMIN", "USER"))).andExpect(status().isNotFound())
 				.andExpect(authenticated().withUsername("user1"));
-
 		this.mvc.perform(get("/admin/abc")).andExpect(status().isForbidden())
 				.andExpect(authenticated().withUsername("default"));
 	}
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestBuildersFormLoginTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestBuildersFormLoginTests.java
index 0337afee88..e236a9295f 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestBuildersFormLoginTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestBuildersFormLoginTests.java
@@ -54,7 +54,6 @@ public class SecurityMockMvcRequestBuildersFormLoginTests {
 		MockHttpServletRequest request = formLogin().buildRequest(this.servletContext);
 		CsrfToken token = (CsrfToken) request
 				.getAttribute(CsrfRequestPostProcessor.TestCsrfTokenRepository.TOKEN_ATTR_NAME);
-
 		assertThat(request.getParameter("username")).isEqualTo("user");
 		assertThat(request.getParameter("password")).isEqualTo("password");
 		assertThat(request.getMethod()).isEqualTo("POST");
@@ -67,10 +66,8 @@ public class SecurityMockMvcRequestBuildersFormLoginTests {
 	public void custom() {
 		MockHttpServletRequest request = formLogin("/login").user("username", "admin").password("password", "secret")
 				.buildRequest(this.servletContext);
-
 		CsrfToken token = (CsrfToken) request
 				.getAttribute(CsrfRequestPostProcessor.TestCsrfTokenRepository.TOKEN_ATTR_NAME);
-
 		assertThat(request.getParameter("username")).isEqualTo("admin");
 		assertThat(request.getParameter("password")).isEqualTo("secret");
 		assertThat(request.getMethod()).isEqualTo("POST");
@@ -82,10 +79,8 @@ public class SecurityMockMvcRequestBuildersFormLoginTests {
 	public void customWithUriVars() {
 		MockHttpServletRequest request = formLogin().loginProcessingUrl("/uri-login/{var1}/{var2}", "val1", "val2")
 				.user("username", "admin").password("password", "secret").buildRequest(this.servletContext);
-
 		CsrfToken token = (CsrfToken) request
 				.getAttribute(CsrfRequestPostProcessor.TestCsrfTokenRepository.TOKEN_ATTR_NAME);
-
 		assertThat(request.getParameter("username")).isEqualTo("admin");
 		assertThat(request.getParameter("password")).isEqualTo("secret");
 		assertThat(request.getMethod()).isEqualTo("POST");
@@ -104,7 +99,6 @@ public class SecurityMockMvcRequestBuildersFormLoginTests {
 		given(postProcessor.postProcessRequest(any())).willAnswer((i) -> i.getArgument(0));
 		MockMvc mockMvc = MockMvcBuilders.standaloneSetup(new Object())
 				.defaultRequest(MockMvcRequestBuilders.get("/").with(postProcessor)).build();
-
 		MvcResult mvcResult = mockMvc.perform(formLogin()).andReturn();
 		assertThat(mvcResult.getRequest().getMethod()).isEqualTo(HttpMethod.POST.name());
 		assertThat(mvcResult.getRequest().getHeader("Accept"))
@@ -121,7 +115,6 @@ public class SecurityMockMvcRequestBuildersFormLoginTests {
 	public void usesAcceptMediaForContentNegotiation() {
 		MockHttpServletRequest request = formLogin("/login").user("username", "admin").password("password", "secret")
 				.buildRequest(this.servletContext);
-
 		assertThat(request.getHeader("Accept")).isEqualTo(MediaType.APPLICATION_FORM_URLENCODED_VALUE);
 	}
 
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestBuildersFormLogoutTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestBuildersFormLogoutTests.java
index 438f3d19c3..dfdcd71507 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestBuildersFormLogoutTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestBuildersFormLogoutTests.java
@@ -52,10 +52,8 @@ public class SecurityMockMvcRequestBuildersFormLogoutTests {
 	@Test
 	public void defaults() {
 		MockHttpServletRequest request = logout().buildRequest(this.servletContext);
-
 		CsrfToken token = (CsrfToken) request
 				.getAttribute(CsrfRequestPostProcessor.TestCsrfTokenRepository.TOKEN_ATTR_NAME);
-
 		assertThat(request.getMethod()).isEqualTo("POST");
 		assertThat(request.getParameter(token.getParameterName())).isEqualTo(token.getToken());
 		assertThat(request.getRequestURI()).isEqualTo("/logout");
@@ -64,10 +62,8 @@ public class SecurityMockMvcRequestBuildersFormLogoutTests {
 	@Test
 	public void custom() {
 		MockHttpServletRequest request = logout("/admin/logout").buildRequest(this.servletContext);
-
 		CsrfToken token = (CsrfToken) request
 				.getAttribute(CsrfRequestPostProcessor.TestCsrfTokenRepository.TOKEN_ATTR_NAME);
-
 		assertThat(request.getMethod()).isEqualTo("POST");
 		assertThat(request.getParameter(token.getParameterName())).isEqualTo(token.getToken());
 		assertThat(request.getRequestURI()).isEqualTo("/admin/logout");
@@ -77,10 +73,8 @@ public class SecurityMockMvcRequestBuildersFormLogoutTests {
 	public void customWithUriVars() {
 		MockHttpServletRequest request = logout().logoutUrl("/uri-logout/{var1}/{var2}", "val1", "val2")
 				.buildRequest(this.servletContext);
-
 		CsrfToken token = (CsrfToken) request
 				.getAttribute(CsrfRequestPostProcessor.TestCsrfTokenRepository.TOKEN_ATTR_NAME);
-
 		assertThat(request.getMethod()).isEqualTo("POST");
 		assertThat(request.getParameter(token.getParameterName())).isEqualTo(token.getToken());
 		assertThat(request.getRequestURI()).isEqualTo("/uri-logout/val1/val2");
@@ -97,7 +91,6 @@ public class SecurityMockMvcRequestBuildersFormLogoutTests {
 		given(postProcessor.postProcessRequest(any())).willAnswer((i) -> i.getArgument(0));
 		MockMvc mockMvc = MockMvcBuilders.standaloneSetup(new Object())
 				.defaultRequest(MockMvcRequestBuilders.get("/").with(postProcessor)).build();
-
 		MvcResult mvcResult = mockMvc.perform(logout()).andReturn();
 		assertThat(mvcResult.getRequest().getMethod()).isEqualTo(HttpMethod.POST.name());
 		assertThat(mvcResult.getRequest().getHeader("Accept"))
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsAuthenticationTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsAuthenticationTests.java
index a6aaf08a74..b73620e033 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsAuthenticationTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsAuthenticationTests.java
@@ -74,7 +74,6 @@ public class SecurityMockMvcRequestPostProcessorsAuthenticationTests {
 	@Test
 	public void userDetails() {
 		authentication(this.authentication).postProcessRequest(this.request);
-
 		verify(this.repository).saveContext(this.contextCaptor.capture(), eq(this.request),
 				any(HttpServletResponse.class));
 		SecurityContext context = this.contextCaptor.getValue();
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCertificateTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCertificateTests.java
index 827bd15101..22b3ccb895 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCertificateTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCertificateTests.java
@@ -45,20 +45,16 @@ public class SecurityMockMvcRequestPostProcessorsCertificateTests {
 	@Test
 	public void x509SingleCertificate() {
 		MockHttpServletRequest postProcessedRequest = x509(this.certificate).postProcessRequest(this.request);
-
 		X509Certificate[] certificates = (X509Certificate[]) postProcessedRequest
 				.getAttribute("javax.servlet.request.X509Certificate");
-
 		assertThat(certificates).containsOnly(this.certificate);
 	}
 
 	@Test
 	public void x509ResourceName() throws Exception {
 		MockHttpServletRequest postProcessedRequest = x509("rod.cer").postProcessRequest(this.request);
-
 		X509Certificate[] certificates = (X509Certificate[]) postProcessedRequest
 				.getAttribute("javax.servlet.request.X509Certificate");
-
 		assertThat(certificates).hasSize(1);
 		assertThat(certificates[0].getSubjectDN().getName())
 				.isEqualTo("CN=rod, OU=Spring Security, O=Spring Framework");
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCsrfTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCsrfTests.java
index 3c09347f52..7118bf8889 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCsrfTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCsrfTests.java
@@ -155,12 +155,10 @@ public class SecurityMockMvcRequestPostProcessorsCsrfTests {
 	public void csrfWhenUsedThenDoesNotImpactOriginalRepository() throws Exception {
 		// @formatter:off
 		this.mockMvc.perform(post("/").with(csrf()));
-
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		HttpSessionCsrfTokenRepository repo = new HttpSessionCsrfTokenRepository();
 		CsrfToken token = repo.generateToken(request);
 		repo.saveToken(token, request, new MockHttpServletResponse());
-
 		MockHttpServletRequestBuilder requestWithCsrf = post("/")
 			.param(token.getParameterName(), token.getToken())
 			.session((MockHttpSession) request.getSession());
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsDigestTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsDigestTests.java
index 9f9653ff25..5c06373a90 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsDigestTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsDigestTests.java
@@ -55,7 +55,6 @@ public class SecurityMockMvcRequestPostProcessorsDigestTests {
 	public void setup() {
 		this.password = "password";
 		this.request = new MockHttpServletRequest();
-
 		this.entryPoint = new DigestAuthenticationEntryPoint();
 		this.entryPoint.setKey("key");
 		this.entryPoint.setRealmName("Spring Security");
@@ -74,7 +73,6 @@ public class SecurityMockMvcRequestPostProcessorsDigestTests {
 	@Test
 	public void digestWithFilter() throws Exception {
 		MockHttpServletRequest postProcessedRequest = digest().postProcessRequest(this.request);
-
 		assertThat(extractUser()).isEqualTo("user");
 	}
 
@@ -82,7 +80,6 @@ public class SecurityMockMvcRequestPostProcessorsDigestTests {
 	public void digestWithFilterCustomUsername() throws Exception {
 		String username = "admin";
 		MockHttpServletRequest postProcessedRequest = digest(username).postProcessRequest(this.request);
-
 		assertThat(extractUser()).isEqualTo(username);
 	}
 
@@ -92,7 +89,6 @@ public class SecurityMockMvcRequestPostProcessorsDigestTests {
 		this.password = "secret";
 		MockHttpServletRequest postProcessedRequest = digest(username).password(this.password)
 				.postProcessRequest(this.request);
-
 		assertThat(extractUser()).isEqualTo(username);
 	}
 
@@ -102,7 +98,6 @@ public class SecurityMockMvcRequestPostProcessorsDigestTests {
 		this.entryPoint.setRealmName("Custom");
 		MockHttpServletRequest postProcessedRequest = digest(username).realm(this.entryPoint.getRealmName())
 				.postProcessRequest(this.request);
-
 		assertThat(extractUser()).isEqualTo(username);
 	}
 
@@ -111,7 +106,6 @@ public class SecurityMockMvcRequestPostProcessorsDigestTests {
 		String username = "admin";
 		MockHttpServletRequest postProcessedRequest = digest(username).realm("Invalid")
 				.postProcessRequest(this.request);
-
 		assertThat(extractUser()).isNull();
 	}
 
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsJwtTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsJwtTests.java
index dfa8792001..5b7dd1a042 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsJwtTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsJwtTests.java
@@ -95,7 +95,6 @@ public class SecurityMockMvcRequestPostProcessorsJwtTests {
 	@Test
 	public void jwtWhenUsingDefaultsThenProducesDefaultJwtAuthentication() {
 		jwt().postProcessRequest(this.request);
-
 		verify(this.repository).saveContext(this.contextCaptor.capture(), eq(this.request),
 				any(HttpServletResponse.class));
 		SecurityContext context = this.contextCaptor.getValue();
@@ -111,7 +110,6 @@ public class SecurityMockMvcRequestPostProcessorsJwtTests {
 	public void jwtWhenProvidingBuilderConsumerThenProducesJwtAuthentication() {
 		String name = new String("user");
 		jwt().jwt((jwt) -> jwt.subject(name)).postProcessRequest(this.request);
-
 		verify(this.repository).saveContext(this.contextCaptor.capture(), eq(this.request),
 				any(HttpServletResponse.class));
 		SecurityContext context = this.contextCaptor.getValue();
@@ -124,7 +122,6 @@ public class SecurityMockMvcRequestPostProcessorsJwtTests {
 	public void jwtWhenProvidingCustomAuthoritiesThenProducesJwtAuthentication() {
 		jwt().jwt((jwt) -> jwt.claim("scope", "ignored authorities")).authorities(this.authority1, this.authority2)
 				.postProcessRequest(this.request);
-
 		verify(this.repository).saveContext(this.contextCaptor.capture(), eq(this.request),
 				any(HttpServletResponse.class));
 		SecurityContext context = this.contextCaptor.getValue();
@@ -135,7 +132,6 @@ public class SecurityMockMvcRequestPostProcessorsJwtTests {
 	@Test
 	public void jwtWhenProvidingScopedAuthoritiesThenProducesJwtAuthentication() {
 		jwt().jwt((jwt) -> jwt.claim("scope", "scoped authorities")).postProcessRequest(this.request);
-
 		verify(this.repository).saveContext(this.contextCaptor.capture(), eq(this.request),
 				any(HttpServletResponse.class));
 		SecurityContext context = this.contextCaptor.getValue();
@@ -147,7 +143,6 @@ public class SecurityMockMvcRequestPostProcessorsJwtTests {
 	public void jwtWhenProvidingGrantedAuthoritiesThenProducesJwtAuthentication() {
 		jwt().jwt((jwt) -> jwt.claim("scope", "ignored authorities"))
 				.authorities((jwt) -> Arrays.asList(this.authority1)).postProcessRequest(this.request);
-
 		verify(this.repository).saveContext(this.contextCaptor.capture(), eq(this.request),
 				any(HttpServletResponse.class));
 		SecurityContext context = this.contextCaptor.getValue();
@@ -158,7 +153,6 @@ public class SecurityMockMvcRequestPostProcessorsJwtTests {
 	public void jwtWhenProvidingPreparedJwtThenUsesItForAuthentication() {
 		Jwt originalToken = TestJwts.jwt().header("header1", "value1").subject("some_user").build();
 		jwt().jwt(originalToken).postProcessRequest(this.request);
-
 		verify(this.repository).saveContext(this.contextCaptor.capture(), eq(this.request),
 				any(HttpServletResponse.class));
 		SecurityContext context = this.contextCaptor.getValue();
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOAuth2ClientTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOAuth2ClientTests.java
index 7e17a95223..3483c3105c 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOAuth2ClientTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOAuth2ClientTests.java
@@ -93,14 +93,12 @@ public class SecurityMockMvcRequestPostProcessorsOAuth2ClientTests {
 
 	@Test
 	public void oauth2ClientWhenUsingDefaultsThenException() throws Exception {
-
 		assertThatCode(() -> oauth2Client().postProcessRequest(new MockHttpServletRequest()))
 				.isInstanceOf(IllegalArgumentException.class).hasMessageContaining("ClientRegistration");
 	}
 
 	@Test
 	public void oauth2ClientWhenUsingDefaultsThenProducesDefaultAuthorizedClient() throws Exception {
-
 		this.mvc.perform(get("/access-token").with(oauth2Client("registration-id")))
 				.andExpect(content().string("access-token"));
 		this.mvc.perform(get("/client-id").with(oauth2Client("registration-id")))
@@ -109,7 +107,6 @@ public class SecurityMockMvcRequestPostProcessorsOAuth2ClientTests {
 
 	@Test
 	public void oauth2ClientWhenClientRegistrationThenUses() throws Exception {
-
 		ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration()
 				.registrationId("registration-id").clientId("client-id").build();
 		this.mvc.perform(get("/client-id").with(oauth2Client().clientRegistration(clientRegistration)))
@@ -118,7 +115,6 @@ public class SecurityMockMvcRequestPostProcessorsOAuth2ClientTests {
 
 	@Test
 	public void oauth2ClientWhenClientRegistrationConsumerThenUses() throws Exception {
-
 		this.mvc.perform(get("/client-id")
 				.with(oauth2Client("registration-id").clientRegistration((c) -> c.clientId("client-id"))))
 				.andExpect(content().string("client-id"));
@@ -141,7 +137,6 @@ public class SecurityMockMvcRequestPostProcessorsOAuth2ClientTests {
 	public void oauth2ClientWhenUsedOnceThenDoesNotAffectRemainingTests() throws Exception {
 		this.mvc.perform(get("/client-id").with(oauth2Client("registration-id")))
 				.andExpect(content().string("test-client"));
-
 		OAuth2AuthorizedClient client = new OAuth2AuthorizedClient(TestClientRegistrations.clientRegistration().build(),
 				"sub", TestOAuth2AccessTokens.noScopes());
 		OAuth2AuthorizedClientRepository repository = this.context.getBean(OAuth2AuthorizedClientRepository.class);
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOAuth2LoginTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOAuth2LoginTests.java
index d92b97c398..f5307845af 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOAuth2LoginTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOAuth2LoginTests.java
@@ -88,14 +88,12 @@ public class SecurityMockMvcRequestPostProcessorsOAuth2LoginTests {
 
 	@Test
 	public void oauth2LoginWhenUsingDefaultsThenProducesDefaultAuthentication() throws Exception {
-
 		this.mvc.perform(get("/name").with(oauth2Login())).andExpect(content().string("user"));
 		this.mvc.perform(get("/admin/id-token/name").with(oauth2Login())).andExpect(status().isForbidden());
 	}
 
 	@Test
 	public void oauth2LoginWhenUsingDefaultsThenProducesDefaultAuthorizedClient() throws Exception {
-
 		this.mvc.perform(get("/client-id").with(oauth2Login())).andExpect(content().string("test-client"));
 	}
 
@@ -119,10 +117,8 @@ public class SecurityMockMvcRequestPostProcessorsOAuth2LoginTests {
 				Collections.singletonMap("custom-attribute", "test-subject"), "custom-attribute");
 		this.mvc.perform(get("/attributes/custom-attribute").with(oauth2Login().oauth2User(oauth2User)))
 				.andExpect(content().string("test-subject"));
-
 		this.mvc.perform(get("/name").with(oauth2Login().oauth2User(oauth2User)))
 				.andExpect(content().string("test-subject"));
-
 		this.mvc.perform(get("/client-name").with(oauth2Login().oauth2User(oauth2User)))
 				.andExpect(content().string("test-subject"));
 	}
@@ -138,7 +134,6 @@ public class SecurityMockMvcRequestPostProcessorsOAuth2LoginTests {
 	public void oauth2LoginWhenOAuth2UserSpecifiedThenLastCalledTakesPrecedence() throws Exception {
 		OAuth2User oauth2User = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("SCOPE_read"),
 				Collections.singletonMap("username", "user"), "username");
-
 		this.mvc.perform(get("/attributes/sub")
 				.with(oauth2Login().attributes((a) -> a.put("sub", "bar")).oauth2User(oauth2User)))
 				.andExpect(status().isOk()).andExpect(content().string("no-attribute"));
@@ -193,14 +188,12 @@ public class SecurityMockMvcRequestPostProcessorsOAuth2LoginTests {
 			@GetMapping("/attributes/{attribute}")
 			String attributes(@AuthenticationPrincipal OAuth2User oauth2User,
 					@PathVariable("attribute") String attribute) {
-
 				return Optional.ofNullable((String) oauth2User.getAttribute(attribute)).orElse("no-attribute");
 			}
 
 			@GetMapping("/admin/scopes")
 			List<String> scopes(
 					@AuthenticationPrincipal(expression = "authorities") Collection<GrantedAuthority> authorities) {
-
 				return authorities.stream().map(GrantedAuthority::getAuthority).collect(Collectors.toList());
 			}
 
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOidcLoginTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOidcLoginTests.java
index 7de780a095..91fa711355 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOidcLoginTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOidcLoginTests.java
@@ -94,14 +94,12 @@ public class SecurityMockMvcRequestPostProcessorsOidcLoginTests {
 
 	@Test
 	public void oidcLoginWhenUsingDefaultsThenProducesDefaultAuthentication() throws Exception {
-
 		this.mvc.perform(get("/name").with(oidcLogin())).andExpect(content().string("user"));
 		this.mvc.perform(get("/admin/id-token/name").with(oidcLogin())).andExpect(status().isForbidden());
 	}
 
 	@Test
 	public void oidcLoginWhenUsingDefaultsThenProducesDefaultAuthorizedClient() throws Exception {
-
 		this.mvc.perform(get("/access-token").with(oidcLogin())).andExpect(content().string("access-token"));
 	}
 
@@ -128,12 +126,9 @@ public class SecurityMockMvcRequestPostProcessorsOidcLoginTests {
 		OidcUser oidcUser = new DefaultOidcUser(AuthorityUtils.commaSeparatedStringToAuthorityList("SCOPE_read"),
 				OidcIdToken.withTokenValue("id-token").claim("custom-attribute", "test-subject").build(),
 				"custom-attribute");
-
 		this.mvc.perform(get("/id-token/custom-attribute").with(oidcLogin().oidcUser(oidcUser)))
 				.andExpect(content().string("test-subject"));
-
 		this.mvc.perform(get("/name").with(oidcLogin().oidcUser(oidcUser))).andExpect(content().string("test-subject"));
-
 		this.mvc.perform(get("/client-name").with(oidcLogin().oidcUser(oidcUser)))
 				.andExpect(content().string("test-subject"));
 	}
@@ -143,7 +138,6 @@ public class SecurityMockMvcRequestPostProcessorsOidcLoginTests {
 	public void oidcLoginWhenOidcUserSpecifiedThenLastCalledTakesPrecedence() throws Exception {
 		OidcUser oidcUser = new DefaultOidcUser(AuthorityUtils.createAuthorityList("SCOPE_read"),
 				TestOidcIdTokens.idToken().build());
-
 		this.mvc.perform(get("/id-token/sub").with(oidcLogin().idToken((i) -> i.subject("foo")).oidcUser(oidcUser)))
 				.andExpect(status().isOk()).andExpect(content().string("subject"));
 		this.mvc.perform(get("/id-token/sub").with(oidcLogin().oidcUser(oidcUser).idToken((i) -> i.subject("bar"))))
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOpaqueTokenTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOpaqueTokenTests.java
index 46f9b54f37..764f51ec1c 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOpaqueTokenTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOpaqueTokenTests.java
@@ -82,7 +82,6 @@ public class SecurityMockMvcRequestPostProcessorsOpaqueTokenTests {
 
 	@Test
 	public void opaqueTokenWhenUsingDefaultsThenProducesDefaultAuthentication() throws Exception {
-
 		this.mvc.perform(get("/name").with(opaqueToken())).andExpect(content().string("user"));
 		this.mvc.perform(get("/admin/scopes").with(opaqueToken())).andExpect(status().isForbidden());
 	}
@@ -100,7 +99,6 @@ public class SecurityMockMvcRequestPostProcessorsOpaqueTokenTests {
 		OAuth2AuthenticatedPrincipal principal = mock(OAuth2AuthenticatedPrincipal.class);
 		given(principal.getName()).willReturn("ben");
 		given(principal.getAuthorities()).willReturn(authorities);
-
 		this.mvc.perform(get("/name").with(opaqueToken().principal(principal))).andExpect(content().string("ben"));
 	}
 
@@ -109,7 +107,6 @@ public class SecurityMockMvcRequestPostProcessorsOpaqueTokenTests {
 	public void opaqueTokenWhenPrincipalSpecifiedThenLastCalledTakesPrecedence() throws Exception {
 		OAuth2AuthenticatedPrincipal principal = TestOAuth2AuthenticatedPrincipals
 				.active((a) -> a.put("scope", "user"));
-
 		this.mvc.perform(get("/opaque-token/sub")
 				.with(opaqueToken().attributes((a) -> a.put("sub", "foo")).principal(principal)))
 				.andExpect(status().isOk()).andExpect(content().string((String) principal.getAttribute("sub")));
@@ -147,14 +144,12 @@ public class SecurityMockMvcRequestPostProcessorsOpaqueTokenTests {
 			@GetMapping("/opaque-token/{attribute}")
 			String tokenAttribute(@AuthenticationPrincipal OAuth2AuthenticatedPrincipal principal,
 					@PathVariable("attribute") String attribute) {
-
 				return principal.getAttribute(attribute);
 			}
 
 			@GetMapping("/admin/scopes")
 			List<String> scopes(
 					@AuthenticationPrincipal(expression = "authorities") Collection<GrantedAuthority> authorities) {
-
 				return authorities.stream().map(GrantedAuthority::getAuthority).collect(Collectors.toList());
 			}
 
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsSecurityContextTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsSecurityContextTests.java
index 8e3e099300..6f2521f37c 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsSecurityContextTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsSecurityContextTests.java
@@ -73,7 +73,6 @@ public class SecurityMockMvcRequestPostProcessorsSecurityContextTests {
 	@Test
 	public void userDetails() {
 		securityContext(this.expectedContext).postProcessRequest(this.request);
-
 		verify(this.repository).saveContext(this.contextCaptor.capture(), eq(this.request),
 				any(HttpServletResponse.class));
 		SecurityContext context = this.contextCaptor.getValue();
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsTestSecurityContextTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsTestSecurityContextTests.java
index 0472d593aa..0eb7913127 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsTestSecurityContextTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsTestSecurityContextTests.java
@@ -68,9 +68,7 @@ public class SecurityMockMvcRequestPostProcessorsTestSecurityContextTests {
 	@Test
 	public void testSecurityContextSaves() {
 		TestSecurityContextHolder.setContext(this.context);
-
 		testSecurityContext().postProcessRequest(this.request);
-
 		verify(this.repository).saveContext(eq(this.context), eq(this.request), any(HttpServletResponse.class));
 	}
 
@@ -78,7 +76,6 @@ public class SecurityMockMvcRequestPostProcessorsTestSecurityContextTests {
 	@Test
 	public void testSecurityContextNoContext() {
 		testSecurityContext().postProcessRequest(this.request);
-
 		verify(this.repository, never()).saveContext(any(SecurityContext.class), eq(this.request),
 				any(HttpServletResponse.class));
 	}
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsUserDetailsTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsUserDetailsTests.java
index c471fdc396..0f05f727c9 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsUserDetailsTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsUserDetailsTests.java
@@ -75,7 +75,6 @@ public class SecurityMockMvcRequestPostProcessorsUserDetailsTests {
 	@Test
 	public void userDetails() {
 		user(this.userDetails).postProcessRequest(this.request);
-
 		verify(this.repository).saveContext(this.contextCaptor.capture(), eq(this.request),
 				any(HttpServletResponse.class));
 		SecurityContext context = this.contextCaptor.getValue();
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsUserTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsUserTests.java
index 37c3457c02..1c6fb34678 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsUserTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsUserTests.java
@@ -81,9 +81,7 @@ public class SecurityMockMvcRequestPostProcessorsUserTests {
 	@Test
 	public void userWithDefaults() {
 		String username = "userabc";
-
 		user(username).postProcessRequest(this.request);
-
 		verify(this.repository).saveContext(this.contextCaptor.capture(), eq(this.request),
 				any(HttpServletResponse.class));
 		SecurityContext context = this.contextCaptor.getValue();
@@ -96,9 +94,7 @@ public class SecurityMockMvcRequestPostProcessorsUserTests {
 	@Test
 	public void userWithCustom() {
 		String username = "customuser";
-
 		user(username).roles("CUSTOM", "ADMIN").password("newpass").postProcessRequest(this.request);
-
 		verify(this.repository).saveContext(this.contextCaptor.capture(), eq(this.request),
 				any(HttpServletResponse.class));
 		SecurityContext context = this.contextCaptor.getValue();
@@ -112,9 +108,7 @@ public class SecurityMockMvcRequestPostProcessorsUserTests {
 	@Test
 	public void userCustomAuthoritiesVarargs() {
 		String username = "customuser";
-
 		user(username).authorities(this.authority1, this.authority2).postProcessRequest(this.request);
-
 		verify(this.repository).saveContext(this.contextCaptor.capture(), eq(this.request),
 				any(HttpServletResponse.class));
 		SecurityContext context = this.contextCaptor.getValue();
@@ -130,9 +124,7 @@ public class SecurityMockMvcRequestPostProcessorsUserTests {
 	@Test
 	public void userCustomAuthoritiesList() {
 		String username = "customuser";
-
 		user(username).authorities(Arrays.asList(this.authority1, this.authority2)).postProcessRequest(this.request);
-
 		verify(this.repository).saveContext(this.contextCaptor.capture(), eq(this.request),
 				any(HttpServletResponse.class));
 		SecurityContext context = this.contextCaptor.getValue();
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/response/Gh3409Tests.java b/test/src/test/java/org/springframework/security/test/web/servlet/response/Gh3409Tests.java
index 6e2857091b..a4c3f8869c 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/response/Gh3409Tests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/response/Gh3409Tests.java
@@ -69,7 +69,6 @@ public class Gh3409Tests {
 		this.mockMvc
 			.perform(get("/public/")
 			.with(securityContext(new SecurityContextImpl())));
-
 		this.mockMvc
 			.perform(get("/public/"))
 			.andExpect(unauthenticated());
@@ -82,7 +81,6 @@ public class Gh3409Tests {
 		this.mockMvc
 			.perform(get("/")
 			.with(securityContext(new SecurityContextImpl())));
-
 		this.mockMvc
 			.perform(get("/"))
 			.andExpect(unauthenticated());
@@ -104,7 +102,6 @@ public class Gh3409Tests {
 				.formLogin().and()
 				.httpBasic();
 			// @formatter:on
-
 		}
 
 	}
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurerTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurerTests.java
index 9c27fd80c2..675a57dba2 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurerTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurerTests.java
@@ -63,10 +63,8 @@ public class SecurityMockMvcConfigurerTests {
 	public void beforeMockMvcCreatedOverrideBean() throws Exception {
 		returnFilterBean();
 		SecurityMockMvcConfigurer configurer = new SecurityMockMvcConfigurer(this.filter);
-
 		configurer.afterConfigurerAdded(this.builder);
 		configurer.beforeMockMvcCreated(this.builder, this.context);
-
 		assertFilterAdded(this.filter);
 		verify(this.servletContext).setAttribute(BeanIds.SPRING_SECURITY_FILTER_CHAIN, this.filter);
 	}
@@ -75,27 +73,22 @@ public class SecurityMockMvcConfigurerTests {
 	public void beforeMockMvcCreatedBean() throws Exception {
 		returnFilterBean();
 		SecurityMockMvcConfigurer configurer = new SecurityMockMvcConfigurer();
-
 		configurer.afterConfigurerAdded(this.builder);
 		configurer.beforeMockMvcCreated(this.builder, this.context);
-
 		assertFilterAdded(this.beanFilter);
 	}
 
 	@Test
 	public void beforeMockMvcCreatedNoBean() throws Exception {
 		SecurityMockMvcConfigurer configurer = new SecurityMockMvcConfigurer(this.filter);
-
 		configurer.afterConfigurerAdded(this.builder);
 		configurer.beforeMockMvcCreated(this.builder, this.context);
-
 		assertFilterAdded(this.filter);
 	}
 
 	@Test(expected = IllegalStateException.class)
 	public void beforeMockMvcCreatedNoFilter() {
 		SecurityMockMvcConfigurer configurer = new SecurityMockMvcConfigurer();
-
 		configurer.afterConfigurerAdded(this.builder);
 		configurer.beforeMockMvcCreated(this.builder, this.context);
 	}
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurersTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurersTests.java
index 8e62492aa7..089e5dc8b1 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurersTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurersTests.java
@@ -59,7 +59,6 @@ public class SecurityMockMvcConfigurersTests {
 	public void applySpringSecurityWhenAddFilterFirstThenFilterFirst() throws Exception {
 		MockMvc mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).addFilters(this.noOpFilter)
 				.apply(springSecurity()).build();
-
 		mockMvc.perform(get("/")).andExpect(status().isOk());
 	}
 
@@ -73,7 +72,6 @@ public class SecurityMockMvcConfigurersTests {
 	public void applySpringSecurityWhenAddFilterSecondThenSecurityFirst() throws Exception {
 		MockMvc mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).apply(springSecurity())
 				.addFilters(this.noOpFilter).build();
-
 		mockMvc.perform(get("/")).andExpect(status().is4xxClientError());
 	}
 
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomConfigAuthenticationTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomConfigAuthenticationTests.java
index ecc20e3f92..d58e832673 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomConfigAuthenticationTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomConfigAuthenticationTests.java
@@ -115,7 +115,6 @@ public class CustomConfigAuthenticationTests {
 			return new InMemoryUserDetailsManager(user);
 		}
 		// @formatter:on
-
 		@Bean
 		SecurityContextRepository securityContextRepository() {
 			HttpSessionSecurityContextRepository repo = new HttpSessionSecurityContextRepository();
diff --git a/test/src/test/java/org/springframework/security/test/web/support/WebTestUtilsTests.java b/test/src/test/java/org/springframework/security/test/web/support/WebTestUtilsTests.java
index a469d38530..874e6c9f1c 100644
--- a/test/src/test/java/org/springframework/security/test/web/support/WebTestUtilsTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/support/WebTestUtilsTests.java
@@ -98,7 +98,6 @@ public class WebTestUtilsTests {
 	}
 
 	// getSecurityContextRepository
-
 	@Test
 	public void getSecurityContextRepositoryNoWac() {
 		assertThat(WebTestUtils.getSecurityContextRepository(this.request))
@@ -131,31 +130,26 @@ public class WebTestUtilsTests {
 	@Test
 	public void findFilterNoMatchingFilters() {
 		loadConfig(PartialSecurityConfig.class);
-
 		assertThat(WebTestUtils.findFilter(this.request, SecurityContextPersistenceFilter.class)).isNull();
 	}
 
 	@Test
 	public void findFilterNoSpringSecurityFilterChainInContext() {
 		loadConfig(NoSecurityConfig.class);
-
 		CsrfFilter toFind = new CsrfFilter(new HttpSessionCsrfTokenRepository());
 		FilterChainProxy springSecurityFilterChain = new FilterChainProxy(
 				new DefaultSecurityFilterChain(AnyRequestMatcher.INSTANCE, toFind));
 		this.request.getServletContext().setAttribute(BeanIds.SPRING_SECURITY_FILTER_CHAIN, springSecurityFilterChain);
-
 		assertThat(WebTestUtils.findFilter(this.request, toFind.getClass())).isEqualTo(toFind);
 	}
 
 	@Test
 	public void findFilterExplicitWithSecurityFilterInContext() {
 		loadConfig(SecurityConfigWithDefaults.class);
-
 		CsrfFilter toFind = new CsrfFilter(new HttpSessionCsrfTokenRepository());
 		FilterChainProxy springSecurityFilterChain = new FilterChainProxy(
 				new DefaultSecurityFilterChain(AnyRequestMatcher.INSTANCE, toFind));
 		this.request.getServletContext().setAttribute(BeanIds.SPRING_SECURITY_FILTER_CHAIN, springSecurityFilterChain);
-
 		assertThat(WebTestUtils.findFilter(this.request, toFind.getClass())).isSameAs(toFind);
 	}
 
diff --git a/web/src/test/java/org/springframework/security/MockFilterConfig.java b/web/src/test/java/org/springframework/security/MockFilterConfig.java
index c9eedad606..5a2e9b0a32 100644
--- a/web/src/test/java/org/springframework/security/MockFilterConfig.java
+++ b/web/src/test/java/org/springframework/security/MockFilterConfig.java
@@ -39,7 +39,6 @@ public class MockFilterConfig implements FilterConfig {
 	@Override
 	public String getInitParameter(String arg0) {
 		Object result = this.map.get(arg0);
-
 		if (result != null) {
 			return (String) result;
 		}
diff --git a/web/src/test/java/org/springframework/security/web/DefaultRedirectStrategyTests.java b/web/src/test/java/org/springframework/security/web/DefaultRedirectStrategyTests.java
index 32971f6513..ff368d2d49 100644
--- a/web/src/test/java/org/springframework/security/web/DefaultRedirectStrategyTests.java
+++ b/web/src/test/java/org/springframework/security/web/DefaultRedirectStrategyTests.java
@@ -36,9 +36,7 @@ public class DefaultRedirectStrategyTests {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setContextPath("/context");
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		rds.sendRedirect(request, response, "https://context.blah.com/context/remainder");
-
 		assertThat(response.getRedirectedUrl()).isEqualTo("remainder");
 	}
 
@@ -50,9 +48,7 @@ public class DefaultRedirectStrategyTests {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setContextPath("/context");
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		rds.sendRedirect(request, response, "https://https://context.blah.com/context/remainder");
-
 		assertThat(response.getRedirectedUrl()).isEqualTo("remainder");
 	}
 
@@ -63,7 +59,6 @@ public class DefaultRedirectStrategyTests {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setContextPath("/context");
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		rds.sendRedirect(request, response, "https://redirectme.somewhere.else");
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/FilterChainProxyTests.java b/web/src/test/java/org/springframework/security/web/FilterChainProxyTests.java
index 56a21a1dc8..c5586308dc 100644
--- a/web/src/test/java/org/springframework/security/web/FilterChainProxyTests.java
+++ b/web/src/test/java/org/springframework/security/web/FilterChainProxyTests.java
@@ -106,7 +106,6 @@ public class FilterChainProxyTests {
 		this.fcp.doFilter(this.request, this.response, this.chain);
 		assertThat(this.fcp.getFilterChains()).hasSize(1);
 		assertThat(this.fcp.getFilterChains().get(0).getFilters().get(0)).isSameAs(this.filter);
-
 		verifyZeroInteractions(this.filter);
 		// The actual filter chain should be invoked though
 		verify(this.chain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
@@ -116,7 +115,6 @@ public class FilterChainProxyTests {
 	public void originalChainIsInvokedAfterSecurityChainIfMatchSucceeds() throws Exception {
 		given(this.matcher.matches(any(HttpServletRequest.class))).willReturn(true);
 		this.fcp.doFilter(this.request, this.response, this.chain);
-
 		verify(this.filter).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class),
 				any(FilterChain.class));
 		verify(this.chain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
@@ -126,10 +124,8 @@ public class FilterChainProxyTests {
 	public void originalFilterChainIsInvokedIfMatchingSecurityChainIsEmpty() throws Exception {
 		List<Filter> noFilters = Collections.emptyList();
 		this.fcp = new FilterChainProxy(new DefaultSecurityFilterChain(this.matcher, noFilters));
-
 		given(this.matcher.matches(any(HttpServletRequest.class))).willReturn(true);
 		this.fcp.doFilter(this.request, this.response, this.chain);
-
 		verify(this.chain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
 	}
 
@@ -197,9 +193,7 @@ public class FilterChainProxyTests {
 			return null;
 		}).given(this.filter).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class),
 				any(FilterChain.class));
-
 		this.fcp.doFilter(this.request, this.response, this.chain);
-
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
 	}
 
@@ -212,14 +206,12 @@ public class FilterChainProxyTests {
 			throw new ServletException("oops");
 		}).given(this.filter).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class),
 				any(FilterChain.class));
-
 		try {
 			this.fcp.doFilter(this.request, this.response, this.chain);
 			fail("Expected Exception");
 		}
 		catch (ServletException success) {
 		}
-
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
 	}
 
@@ -236,15 +228,12 @@ public class FilterChainProxyTests {
 				return null;
 			}).given(this.filter).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class),
 					any(FilterChain.class));
-
 			this.fcp.doFilter(this.request, this.response, innerChain);
 			assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(expected);
 			return null;
 		}).given(this.filter).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class),
 				any(FilterChain.class));
-
 		this.fcp.doFilter(this.request, this.response, this.chain);
-
 		verify(innerChain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
 	}
diff --git a/web/src/test/java/org/springframework/security/web/FilterInvocationTests.java b/web/src/test/java/org/springframework/security/web/FilterInvocationTests.java
index 046d52fb7b..bd3bb1f5fa 100644
--- a/web/src/test/java/org/springframework/security/web/FilterInvocationTests.java
+++ b/web/src/test/java/org/springframework/security/web/FilterInvocationTests.java
@@ -48,7 +48,6 @@ public class FilterInvocationTests {
 		request.setServerPort(80);
 		request.setContextPath("/mycontext");
 		request.setRequestURI("/mycontext/HelloWorld/some/more/segments.html");
-
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		FilterChain chain = mock(FilterChain.class);
 		FilterInvocation fi = new FilterInvocation(request, response, chain);
@@ -66,21 +65,18 @@ public class FilterInvocationTests {
 	public void testRejectsNullFilterChain() {
 		MockHttpServletRequest request = new MockHttpServletRequest(null, null);
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		new FilterInvocation(request, response, null);
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void testRejectsNullServletRequest() {
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		new FilterInvocation(null, response, mock(FilterChain.class));
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void testRejectsNullServletResponse() {
 		MockHttpServletRequest request = new MockHttpServletRequest(null, null);
-
 		new FilterInvocation(request, null, mock(FilterChain.class));
 	}
 
@@ -94,7 +90,6 @@ public class FilterInvocationTests {
 		request.setServerPort(80);
 		request.setContextPath("/mycontext");
 		request.setRequestURI("/mycontext/HelloWorld");
-
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		FilterInvocation fi = new FilterInvocation(request, response, mock(FilterChain.class));
 		assertThat(fi.getRequestUrl()).isEqualTo("/HelloWorld?foo=bar");
@@ -111,7 +106,6 @@ public class FilterInvocationTests {
 		request.setServerPort(80);
 		request.setContextPath("/mycontext");
 		request.setRequestURI("/mycontext/HelloWorld");
-
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		FilterInvocation fi = new FilterInvocation(request, response, mock(FilterChain.class));
 		assertThat(fi.getRequestUrl()).isEqualTo("/HelloWorld");
diff --git a/web/src/test/java/org/springframework/security/web/PortMapperImplTests.java b/web/src/test/java/org/springframework/security/web/PortMapperImplTests.java
index 326a889de8..aad10c3947 100644
--- a/web/src/test/java/org/springframework/security/web/PortMapperImplTests.java
+++ b/web/src/test/java/org/springframework/security/web/PortMapperImplTests.java
@@ -43,26 +43,22 @@ public class PortMapperImplTests {
 	@Test
 	public void testDetectsEmptyMap() {
 		PortMapperImpl portMapper = new PortMapperImpl();
-
 		try {
 			portMapper.setPortMappings(new HashMap<>());
 			fail("Should have thrown IllegalArgumentException");
 		}
 		catch (IllegalArgumentException expected) {
-
 		}
 	}
 
 	@Test
 	public void testDetectsNullMap() {
 		PortMapperImpl portMapper = new PortMapperImpl();
-
 		try {
 			portMapper.setPortMappings(null);
 			fail("Should have thrown IllegalArgumentException");
 		}
 		catch (IllegalArgumentException expected) {
-
 		}
 	}
 
@@ -77,13 +73,11 @@ public class PortMapperImplTests {
 		PortMapperImpl portMapper = new PortMapperImpl();
 		Map<String, String> map = new HashMap<>();
 		map.put("79", "80559");
-
 		try {
 			portMapper.setPortMappings(map);
 			fail("Should have thrown IllegalArgumentException");
 		}
 		catch (IllegalArgumentException expected) {
-
 		}
 	}
 
@@ -98,9 +92,7 @@ public class PortMapperImplTests {
 		PortMapperImpl portMapper = new PortMapperImpl();
 		Map<String, String> map = new HashMap<>();
 		map.put("79", "442");
-
 		portMapper.setPortMappings(map);
-
 		assertThat(portMapper.lookupHttpPort(442)).isEqualTo(Integer.valueOf(79));
 		assertThat(Integer.valueOf(442)).isEqualTo(portMapper.lookupHttpsPort(79));
 	}
diff --git a/web/src/test/java/org/springframework/security/web/PortResolverImplTests.java b/web/src/test/java/org/springframework/security/web/PortResolverImplTests.java
index 80240082a7..db99268419 100644
--- a/web/src/test/java/org/springframework/security/web/PortResolverImplTests.java
+++ b/web/src/test/java/org/springframework/security/web/PortResolverImplTests.java
@@ -33,7 +33,6 @@ public class PortResolverImplTests {
 	@Test
 	public void testDetectsBuggyIeHttpRequest() {
 		PortResolverImpl pr = new PortResolverImpl();
-
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setServerPort(8443);
 		request.setScheme("HTtP"); // proves case insensitive handling
@@ -43,7 +42,6 @@ public class PortResolverImplTests {
 	@Test
 	public void testDetectsBuggyIeHttpsRequest() {
 		PortResolverImpl pr = new PortResolverImpl();
-
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setServerPort(8080);
 		request.setScheme("HTtPs"); // proves case insensitive handling
@@ -53,13 +51,11 @@ public class PortResolverImplTests {
 	@Test
 	public void testDetectsEmptyPortMapper() {
 		PortResolverImpl pr = new PortResolverImpl();
-
 		try {
 			pr.setPortMapper(null);
 			fail("Should have thrown IllegalArgumentException");
 		}
 		catch (IllegalArgumentException expected) {
-
 		}
 	}
 
@@ -74,7 +70,6 @@ public class PortResolverImplTests {
 	@Test
 	public void testNormalOperation() {
 		PortResolverImpl pr = new PortResolverImpl();
-
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setScheme("http");
 		request.setServerPort(1021);
diff --git a/web/src/test/java/org/springframework/security/web/access/DefaultWebInvocationPrivilegeEvaluatorTests.java b/web/src/test/java/org/springframework/security/web/access/DefaultWebInvocationPrivilegeEvaluatorTests.java
index 438ece3d85..54dcc2b891 100644
--- a/web/src/test/java/org/springframework/security/web/access/DefaultWebInvocationPrivilegeEvaluatorTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/DefaultWebInvocationPrivilegeEvaluatorTests.java
@@ -101,10 +101,8 @@ public class DefaultWebInvocationPrivilegeEvaluatorTests {
 	public void deniesAccessIfAccessDecisionManagerDoes() {
 		Authentication token = new TestingAuthenticationToken("test", "Password", "MOCK_INDEX");
 		DefaultWebInvocationPrivilegeEvaluator wipe = new DefaultWebInvocationPrivilegeEvaluator(this.interceptor);
-
 		willThrow(new AccessDeniedException("")).given(this.adm).decide(any(Authentication.class), anyObject(),
 				anyList());
-
 		assertThat(wipe.isAllowed("/foo/index.jsp", token)).isFalse();
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/access/DelegatingAccessDeniedHandlerTests.java b/web/src/test/java/org/springframework/security/web/access/DelegatingAccessDeniedHandlerTests.java
index 6063aab348..cc97879021 100644
--- a/web/src/test/java/org/springframework/security/web/access/DelegatingAccessDeniedHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/DelegatingAccessDeniedHandlerTests.java
@@ -67,10 +67,8 @@ public class DelegatingAccessDeniedHandlerTests {
 	public void moreSpecificDoesNotInvokeLessSpecific() throws Exception {
 		this.handlers.put(CsrfException.class, this.handler1);
 		this.handler = new DelegatingAccessDeniedHandler(this.handlers, this.handler3);
-
 		AccessDeniedException accessDeniedException = new AccessDeniedException("");
 		this.handler.handle(this.request, this.response, accessDeniedException);
-
 		verify(this.handler1, never()).handle(any(HttpServletRequest.class), any(HttpServletResponse.class),
 				any(AccessDeniedException.class));
 		verify(this.handler3).handle(this.request, this.response, accessDeniedException);
@@ -81,10 +79,8 @@ public class DelegatingAccessDeniedHandlerTests {
 		this.handlers.put(InvalidCsrfTokenException.class, this.handler1);
 		this.handlers.put(MissingCsrfTokenException.class, this.handler2);
 		this.handler = new DelegatingAccessDeniedHandler(this.handlers, this.handler3);
-
 		AccessDeniedException accessDeniedException = new MissingCsrfTokenException("123");
 		this.handler.handle(this.request, this.response, accessDeniedException);
-
 		verify(this.handler1, never()).handle(any(HttpServletRequest.class), any(HttpServletResponse.class),
 				any(AccessDeniedException.class));
 		verify(this.handler2).handle(this.request, this.response, accessDeniedException);
diff --git a/web/src/test/java/org/springframework/security/web/access/ExceptionTranslationFilterTests.java b/web/src/test/java/org/springframework/security/web/access/ExceptionTranslationFilterTests.java
index 1506d493ce..62a9a127ff 100644
--- a/web/src/test/java/org/springframework/security/web/access/ExceptionTranslationFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/ExceptionTranslationFilterTests.java
@@ -69,14 +69,11 @@ public class ExceptionTranslationFilterTests {
 
 	private static String getSavedRequestUrl(HttpServletRequest request) {
 		HttpSession session = request.getSession(false);
-
 		if (session == null) {
 			return null;
 		}
-
 		HttpSessionRequestCache rc = new HttpSessionRequestCache();
 		SavedRequest sr = rc.getRequest(request, new MockHttpServletResponse());
-
 		return sr.getRedirectUrl();
 	}
 
@@ -90,22 +87,18 @@ public class ExceptionTranslationFilterTests {
 		request.setServerName("localhost");
 		request.setContextPath("/mycontext");
 		request.setRequestURI("/mycontext/secure/page.html");
-
 		// Setup the FilterChain to thrown an access denied exception
 		FilterChain fc = mock(FilterChain.class);
 		willThrow(new AccessDeniedException("")).given(fc).doFilter(any(HttpServletRequest.class),
 				any(HttpServletResponse.class));
-
 		// Setup SecurityContextHolder, as filter needs to check if user is
 		// anonymous
 		SecurityContextHolder.getContext().setAuthentication(
 				new AnonymousAuthenticationToken("ignored", "ignored", AuthorityUtils.createAuthorityList("IGNORED")));
-
 		// Test
 		ExceptionTranslationFilter filter = new ExceptionTranslationFilter(this.mockEntryPoint);
 		filter.setAuthenticationTrustResolver(new AuthenticationTrustResolverImpl());
 		assertThat(filter.getAuthenticationTrustResolver()).isNotNull();
-
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		filter.doFilter(request, response, fc);
 		assertThat(response.getRedirectedUrl()).isEqualTo("/mycontext/login.jsp");
@@ -122,18 +115,15 @@ public class ExceptionTranslationFilterTests {
 		request.setServerName("localhost");
 		request.setContextPath("/mycontext");
 		request.setRequestURI("/mycontext/secure/page.html");
-
 		// Setup the FilterChain to thrown an access denied exception
 		FilterChain fc = mock(FilterChain.class);
 		willThrow(new AccessDeniedException("")).given(fc).doFilter(any(HttpServletRequest.class),
 				any(HttpServletResponse.class));
-
 		// Setup SecurityContextHolder, as filter needs to check if user is remembered
 		SecurityContext securityContext = SecurityContextHolder.createEmptyContext();
 		securityContext.setAuthentication(
 				new RememberMeAuthenticationToken("ignored", "ignored", AuthorityUtils.createAuthorityList("IGNORED")));
 		SecurityContextHolder.setContext(securityContext);
-
 		// Test
 		ExceptionTranslationFilter filter = new ExceptionTranslationFilter(this.mockEntryPoint);
 		MockHttpServletResponse response = new MockHttpServletResponse();
@@ -147,24 +137,19 @@ public class ExceptionTranslationFilterTests {
 		// Setup our HTTP request
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setServletPath("/secure/page.html");
-
 		// Setup the FilterChain to thrown an access denied exception
 		FilterChain fc = mock(FilterChain.class);
 		willThrow(new AccessDeniedException("")).given(fc).doFilter(any(HttpServletRequest.class),
 				any(HttpServletResponse.class));
-
 		// Setup SecurityContextHolder, as filter needs to check if user is
 		// anonymous
 		SecurityContextHolder.clearContext();
-
 		// Setup a new AccessDeniedHandlerImpl that will do a "forward"
 		AccessDeniedHandlerImpl adh = new AccessDeniedHandlerImpl();
 		adh.setErrorPage("/error.jsp");
-
 		// Test
 		ExceptionTranslationFilter filter = new ExceptionTranslationFilter(this.mockEntryPoint);
 		filter.setAccessDeniedHandler(adh);
-
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		filter.doFilter(request, response, fc);
 		assertThat(response.getStatus()).isEqualTo(403);
@@ -177,23 +162,19 @@ public class ExceptionTranslationFilterTests {
 		// Setup our HTTP request
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setServletPath("/secure/page.html");
-
 		// Setup the FilterChain to thrown an access denied exception
 		FilterChain fc = mock(FilterChain.class);
 		willThrow(new AccessDeniedException("")).given(fc).doFilter(any(HttpServletRequest.class),
 				any(HttpServletResponse.class));
-
 		// Setup SecurityContextHolder, as filter needs to check if user is
 		// anonymous
 		SecurityContextHolder.getContext().setAuthentication(
 				new AnonymousAuthenticationToken("ignored", "ignored", AuthorityUtils.createAuthorityList("IGNORED")));
-
 		// Test
 		ExceptionTranslationFilter filter = new ExceptionTranslationFilter(
 				(req, res, ae) -> res.sendError(403, ae.getMessage()));
 		filter.setAuthenticationTrustResolver(new AuthenticationTrustResolverImpl());
 		assertThat(filter.getAuthenticationTrustResolver()).isNotNull();
-
 		LocaleContextHolder.setDefaultLocale(Locale.GERMAN);
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		filter.doFilter(request, response, fc);
@@ -211,12 +192,10 @@ public class ExceptionTranslationFilterTests {
 		request.setServerName("localhost");
 		request.setContextPath("/mycontext");
 		request.setRequestURI("/mycontext/secure/page.html");
-
 		// Setup the FilterChain to thrown an authentication failure exception
 		FilterChain fc = mock(FilterChain.class);
 		willThrow(new BadCredentialsException("")).given(fc).doFilter(any(HttpServletRequest.class),
 				any(HttpServletResponse.class));
-
 		// Test
 		ExceptionTranslationFilter filter = new ExceptionTranslationFilter(this.mockEntryPoint);
 		filter.afterPropertiesSet();
@@ -237,12 +216,10 @@ public class ExceptionTranslationFilterTests {
 		request.setServerName("localhost");
 		request.setContextPath("/mycontext");
 		request.setRequestURI("/mycontext/secure/page.html");
-
 		// Setup the FilterChain to thrown an authentication failure exception
 		FilterChain fc = mock(FilterChain.class);
 		willThrow(new BadCredentialsException("")).given(fc).doFilter(any(HttpServletRequest.class),
 				any(HttpServletResponse.class));
-
 		// Test
 		HttpSessionRequestCache requestCache = new HttpSessionRequestCache();
 		ExceptionTranslationFilter filter = new ExceptionTranslationFilter(this.mockEntryPoint, requestCache);
@@ -269,11 +246,9 @@ public class ExceptionTranslationFilterTests {
 		// Setup our HTTP request
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setServletPath("/secure/page.html");
-
 		// Test
 		ExceptionTranslationFilter filter = new ExceptionTranslationFilter(this.mockEntryPoint);
 		assertThat(filter.getAuthenticationEntryPoint()).isSameAs(this.mockEntryPoint);
-
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		filter.doFilter(request, response, mock(FilterChain.class));
 	}
@@ -281,12 +256,10 @@ public class ExceptionTranslationFilterTests {
 	@Test
 	public void thrownIOExceptionServletExceptionAndRuntimeExceptionsAreRethrown() throws Exception {
 		ExceptionTranslationFilter filter = new ExceptionTranslationFilter(this.mockEntryPoint);
-
 		filter.afterPropertiesSet();
 		Exception[] exceptions = { new IOException(), new ServletException(), new RuntimeException() };
 		for (Exception e : exceptions) {
 			FilterChain fc = mock(FilterChain.class);
-
 			willThrow(e).given(fc).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
 			try {
 				filter.doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(), fc);
@@ -309,10 +282,8 @@ public class ExceptionTranslationFilterTests {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		ExceptionTranslationFilter filter = new ExceptionTranslationFilter(this.mockEntryPoint);
-
 		assertThatThrownBy(() -> filter.doFilter(request, response, chain)).isInstanceOf(ServletException.class)
 				.hasCauseInstanceOf(AccessDeniedException.class);
-
 		verifyZeroInteractions(this.mockEntryPoint);
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/access/RequestMatcherDelegatingAccessDeniedHandlerTests.java b/web/src/test/java/org/springframework/security/web/access/RequestMatcherDelegatingAccessDeniedHandlerTests.java
index f5e160c855..c3bfbd4c7e 100644
--- a/web/src/test/java/org/springframework/security/web/access/RequestMatcherDelegatingAccessDeniedHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/RequestMatcherDelegatingAccessDeniedHandlerTests.java
@@ -58,9 +58,7 @@ public class RequestMatcherDelegatingAccessDeniedHandlerTests {
 		given(matcher.matches(this.request)).willReturn(false);
 		this.deniedHandlers.put(matcher, handler);
 		this.delegator = new RequestMatcherDelegatingAccessDeniedHandler(this.deniedHandlers, this.accessDeniedHandler);
-
 		this.delegator.handle(this.request, null, null);
-
 		verify(this.accessDeniedHandler).handle(this.request, null, null);
 		verify(handler, never()).handle(this.request, null, null);
 	}
@@ -75,9 +73,7 @@ public class RequestMatcherDelegatingAccessDeniedHandlerTests {
 		this.deniedHandlers.put(firstMatcher, firstHandler);
 		this.deniedHandlers.put(secondMatcher, secondHandler);
 		this.delegator = new RequestMatcherDelegatingAccessDeniedHandler(this.deniedHandlers, this.accessDeniedHandler);
-
 		this.delegator.handle(this.request, null, null);
-
 		verify(firstHandler).handle(this.request, null, null);
 		verify(secondHandler, never()).handle(this.request, null, null);
 		verify(this.accessDeniedHandler, never()).handle(this.request, null, null);
@@ -95,9 +91,7 @@ public class RequestMatcherDelegatingAccessDeniedHandlerTests {
 		this.deniedHandlers.put(firstMatcher, firstHandler);
 		this.deniedHandlers.put(secondMatcher, secondHandler);
 		this.delegator = new RequestMatcherDelegatingAccessDeniedHandler(this.deniedHandlers, this.accessDeniedHandler);
-
 		this.delegator.handle(this.request, null, null);
-
 		verify(secondHandler).handle(this.request, null, null);
 		verify(firstHandler, never()).handle(this.request, null, null);
 		verify(this.accessDeniedHandler, never()).handle(this.request, null, null);
diff --git a/web/src/test/java/org/springframework/security/web/access/channel/ChannelDecisionManagerImplTests.java b/web/src/test/java/org/springframework/security/web/access/channel/ChannelDecisionManagerImplTests.java
index 41d60e69c7..b31987dec3 100644
--- a/web/src/test/java/org/springframework/security/web/access/channel/ChannelDecisionManagerImplTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/channel/ChannelDecisionManagerImplTests.java
@@ -47,7 +47,6 @@ public class ChannelDecisionManagerImplTests {
 	@Test
 	public void testCannotSetEmptyChannelProcessorsList() throws Exception {
 		ChannelDecisionManagerImpl cdm = new ChannelDecisionManagerImpl();
-
 		try {
 			cdm.setChannelProcessors(new Vector());
 			cdm.afterPropertiesSet();
@@ -63,20 +62,17 @@ public class ChannelDecisionManagerImplTests {
 		ChannelDecisionManagerImpl cdm = new ChannelDecisionManagerImpl();
 		List list = new Vector();
 		list.add("THIS IS NOT A CHANNELPROCESSOR");
-
 		try {
 			cdm.setChannelProcessors(list);
 			fail("Should have thrown IllegalArgumentException");
 		}
 		catch (IllegalArgumentException expected) {
-
 		}
 	}
 
 	@Test
 	public void testCannotSetNullChannelProcessorsList() throws Exception {
 		ChannelDecisionManagerImpl cdm = new ChannelDecisionManagerImpl();
-
 		try {
 			cdm.setChannelProcessors(null);
 			cdm.afterPropertiesSet();
@@ -97,13 +93,10 @@ public class ChannelDecisionManagerImplTests {
 		list.add(cpAbc);
 		cdm.setChannelProcessors(list);
 		cdm.afterPropertiesSet();
-
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		FilterInvocation fi = new FilterInvocation(request, response, mock(FilterChain.class));
-
 		List<ConfigAttribute> cad = SecurityConfig.createList("xyz");
-
 		cdm.decide(fi, cad);
 		assertThat(fi.getResponse().isCommitted()).isTrue();
 	}
@@ -116,11 +109,9 @@ public class ChannelDecisionManagerImplTests {
 		list.add(cpAbc);
 		cdm.setChannelProcessors(list);
 		cdm.afterPropertiesSet();
-
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		FilterInvocation fi = new FilterInvocation(request, response, mock(FilterChain.class));
-
 		cdm.decide(fi, SecurityConfig.createList(new String[] { "abc", "ANY_CHANNEL" }));
 		assertThat(fi.getResponse().isCommitted()).isFalse();
 	}
@@ -135,11 +126,9 @@ public class ChannelDecisionManagerImplTests {
 		list.add(cpAbc);
 		cdm.setChannelProcessors(list);
 		cdm.afterPropertiesSet();
-
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		FilterInvocation fi = new FilterInvocation(request, response, mock(FilterChain.class));
-
 		cdm.decide(fi, SecurityConfig.createList("SOME_ATTRIBUTE_NO_PROCESSORS_SUPPORT"));
 		assertThat(fi.getResponse().isCommitted()).isFalse();
 	}
@@ -154,7 +143,6 @@ public class ChannelDecisionManagerImplTests {
 		list.add(cpAbc);
 		cdm.setChannelProcessors(list);
 		cdm.afterPropertiesSet();
-
 		assertThat(cdm.supports(new SecurityConfig("xyz"))).isTrue();
 		assertThat(cdm.supports(new SecurityConfig("abc"))).isTrue();
 		assertThat(cdm.supports(new SecurityConfig("UNSUPPORTED"))).isFalse();
@@ -164,21 +152,18 @@ public class ChannelDecisionManagerImplTests {
 	public void testGettersSetters() {
 		ChannelDecisionManagerImpl cdm = new ChannelDecisionManagerImpl();
 		assertThat(cdm.getChannelProcessors()).isNull();
-
 		MockChannelProcessor cpXyz = new MockChannelProcessor("xyz", false);
 		MockChannelProcessor cpAbc = new MockChannelProcessor("abc", false);
 		List list = new Vector();
 		list.add(cpXyz);
 		list.add(cpAbc);
 		cdm.setChannelProcessors(list);
-
 		assertThat(cdm.getChannelProcessors()).isEqualTo(list);
 	}
 
 	@Test
 	public void testStartupFailsWithEmptyChannelProcessorsList() throws Exception {
 		ChannelDecisionManagerImpl cdm = new ChannelDecisionManagerImpl();
-
 		try {
 			cdm.afterPropertiesSet();
 			fail("Should have thrown IllegalArgumentException");
@@ -202,17 +187,13 @@ public class ChannelDecisionManagerImplTests {
 		@Override
 		public void decide(FilterInvocation invocation, Collection<ConfigAttribute> config) throws IOException {
 			Iterator iter = config.iterator();
-
 			if (this.failIfCalled) {
 				fail("Should not have called this channel processor: " + this.configAttribute);
 			}
-
 			while (iter.hasNext()) {
 				ConfigAttribute attr = (ConfigAttribute) iter.next();
-
 				if (attr.getAttribute().equals(this.configAttribute)) {
 					invocation.getHttpResponse().sendRedirect("/redirected");
-
 					return;
 				}
 			}
diff --git a/web/src/test/java/org/springframework/security/web/access/channel/ChannelProcessingFilterTests.java b/web/src/test/java/org/springframework/security/web/access/channel/ChannelProcessingFilterTests.java
index f539e6eafe..76ff193adf 100644
--- a/web/src/test/java/org/springframework/security/web/access/channel/ChannelProcessingFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/channel/ChannelProcessingFilterTests.java
@@ -43,10 +43,8 @@ public class ChannelProcessingFilterTests {
 	@Test(expected = IllegalArgumentException.class)
 	public void testDetectsMissingChannelDecisionManager() {
 		ChannelProcessingFilter filter = new ChannelProcessingFilter();
-
 		MockFilterInvocationDefinitionMap fids = new MockFilterInvocationDefinitionMap("/path", true, "MOCK");
 		filter.setSecurityMetadataSource(fids);
-
 		filter.afterPropertiesSet();
 	}
 
@@ -61,12 +59,9 @@ public class ChannelProcessingFilterTests {
 	public void testDetectsSupportedConfigAttribute() {
 		ChannelProcessingFilter filter = new ChannelProcessingFilter();
 		filter.setChannelDecisionManager(new MockChannelDecisionManager(false, "SUPPORTS_MOCK_ONLY"));
-
 		MockFilterInvocationDefinitionMap fids = new MockFilterInvocationDefinitionMap("/path", true,
 				"SUPPORTS_MOCK_ONLY");
-
 		filter.setSecurityMetadataSource(fids);
-
 		filter.afterPropertiesSet();
 	}
 
@@ -74,10 +69,8 @@ public class ChannelProcessingFilterTests {
 	public void testDetectsUnsupportedConfigAttribute() {
 		ChannelProcessingFilter filter = new ChannelProcessingFilter();
 		filter.setChannelDecisionManager(new MockChannelDecisionManager(false, "SUPPORTS_MOCK_ONLY"));
-
 		MockFilterInvocationDefinitionMap fids = new MockFilterInvocationDefinitionMap("/path", true,
 				"SUPPORTS_MOCK_ONLY", "INVALID_ATTRIBUTE");
-
 		filter.setSecurityMetadataSource(fids);
 		filter.afterPropertiesSet();
 	}
@@ -86,17 +79,12 @@ public class ChannelProcessingFilterTests {
 	public void testDoFilterWhenManagerDoesCommitResponse() throws Exception {
 		ChannelProcessingFilter filter = new ChannelProcessingFilter();
 		filter.setChannelDecisionManager(new MockChannelDecisionManager(true, "SOME_ATTRIBUTE"));
-
 		MockFilterInvocationDefinitionMap fids = new MockFilterInvocationDefinitionMap("/path", true, "SOME_ATTRIBUTE");
-
 		filter.setSecurityMetadataSource(fids);
-
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setQueryString("info=now");
 		request.setServletPath("/path");
-
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		filter.doFilter(request, response, mock(FilterChain.class));
 	}
 
@@ -104,17 +92,12 @@ public class ChannelProcessingFilterTests {
 	public void testDoFilterWhenManagerDoesNotCommitResponse() throws Exception {
 		ChannelProcessingFilter filter = new ChannelProcessingFilter();
 		filter.setChannelDecisionManager(new MockChannelDecisionManager(false, "SOME_ATTRIBUTE"));
-
 		MockFilterInvocationDefinitionMap fids = new MockFilterInvocationDefinitionMap("/path", true, "SOME_ATTRIBUTE");
-
 		filter.setSecurityMetadataSource(fids);
-
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setQueryString("info=now");
 		request.setServletPath("/path");
-
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		filter.doFilter(request, response, mock(FilterChain.class));
 	}
 
@@ -122,17 +105,12 @@ public class ChannelProcessingFilterTests {
 	public void testDoFilterWhenNullConfigAttributeReturned() throws Exception {
 		ChannelProcessingFilter filter = new ChannelProcessingFilter();
 		filter.setChannelDecisionManager(new MockChannelDecisionManager(false, "NOT_USED"));
-
 		MockFilterInvocationDefinitionMap fids = new MockFilterInvocationDefinitionMap("/path", true, "NOT_USED");
-
 		filter.setSecurityMetadataSource(fids);
-
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setQueryString("info=now");
 		request.setServletPath("/PATH_NOT_MATCHING_CONFIG_ATTRIBUTE");
-
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		filter.doFilter(request, response, mock(FilterChain.class));
 	}
 
@@ -141,12 +119,9 @@ public class ChannelProcessingFilterTests {
 		ChannelProcessingFilter filter = new ChannelProcessingFilter();
 		filter.setChannelDecisionManager(new MockChannelDecisionManager(false, "MOCK"));
 		assertThat(filter.getChannelDecisionManager() != null).isTrue();
-
 		MockFilterInvocationDefinitionMap fids = new MockFilterInvocationDefinitionMap("/path", false, "MOCK");
-
 		filter.setSecurityMetadataSource(fids);
 		assertThat(filter.getSecurityMetadataSource()).isSameAs(fids);
-
 		filter.afterPropertiesSet();
 	}
 
@@ -192,7 +167,6 @@ public class ChannelProcessingFilterTests {
 		@Override
 		public Collection<ConfigAttribute> getAttributes(Object object) throws IllegalArgumentException {
 			FilterInvocation fi = (FilterInvocation) object;
-
 			if (this.servletPath.equals(fi.getHttpRequest().getServletPath())) {
 				return this.toReturn;
 			}
@@ -206,7 +180,6 @@ public class ChannelProcessingFilterTests {
 			if (!this.provideIterator) {
 				return null;
 			}
-
 			return this.toReturn;
 		}
 
diff --git a/web/src/test/java/org/springframework/security/web/access/channel/InsecureChannelProcessorTests.java b/web/src/test/java/org/springframework/security/web/access/channel/InsecureChannelProcessorTests.java
index e9752b8f57..487e1a5cf9 100644
--- a/web/src/test/java/org/springframework/security/web/access/channel/InsecureChannelProcessorTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/channel/InsecureChannelProcessorTests.java
@@ -45,13 +45,10 @@ public class InsecureChannelProcessorTests {
 		request.setServletPath("/servlet");
 		request.setScheme("http");
 		request.setServerPort(8080);
-
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		FilterInvocation fi = new FilterInvocation(request, response, mock(FilterChain.class));
-
 		InsecureChannelProcessor processor = new InsecureChannelProcessor();
 		processor.decide(fi, SecurityConfig.createList("SOME_IGNORED_ATTRIBUTE", "REQUIRES_INSECURE_CHANNEL"));
-
 		assertThat(fi.getResponse().isCommitted()).isFalse();
 	}
 
@@ -65,14 +62,11 @@ public class InsecureChannelProcessorTests {
 		request.setScheme("https");
 		request.setSecure(true);
 		request.setServerPort(8443);
-
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		FilterInvocation fi = new FilterInvocation(request, response, mock(FilterChain.class));
-
 		InsecureChannelProcessor processor = new InsecureChannelProcessor();
 		processor.decide(fi,
 				SecurityConfig.createList(new String[] { "SOME_IGNORED_ATTRIBUTE", "REQUIRES_INSECURE_CHANNEL" }));
-
 		assertThat(fi.getResponse().isCommitted()).isTrue();
 	}
 
@@ -80,13 +74,11 @@ public class InsecureChannelProcessorTests {
 	public void testDecideRejectsNulls() throws Exception {
 		InsecureChannelProcessor processor = new InsecureChannelProcessor();
 		processor.afterPropertiesSet();
-
 		try {
 			processor.decide(null, null);
 			fail("Should have thrown IllegalArgumentException");
 		}
 		catch (IllegalArgumentException expected) {
-
 		}
 	}
 
@@ -96,7 +88,6 @@ public class InsecureChannelProcessorTests {
 		assertThat(processor.getInsecureKeyword()).isEqualTo("REQUIRES_INSECURE_CHANNEL");
 		processor.setInsecureKeyword("X");
 		assertThat(processor.getInsecureKeyword()).isEqualTo("X");
-
 		assertThat(processor.getEntryPoint() != null).isTrue();
 		processor.setEntryPoint(null);
 		assertThat(processor.getEntryPoint() == null).isTrue();
@@ -106,7 +97,6 @@ public class InsecureChannelProcessorTests {
 	public void testMissingEntryPoint() throws Exception {
 		InsecureChannelProcessor processor = new InsecureChannelProcessor();
 		processor.setEntryPoint(null);
-
 		try {
 			processor.afterPropertiesSet();
 			fail("Should have thrown IllegalArgumentException");
@@ -120,7 +110,6 @@ public class InsecureChannelProcessorTests {
 	public void testMissingSecureChannelKeyword() throws Exception {
 		InsecureChannelProcessor processor = new InsecureChannelProcessor();
 		processor.setInsecureKeyword(null);
-
 		try {
 			processor.afterPropertiesSet();
 			fail("Should have thrown IllegalArgumentException");
@@ -128,9 +117,7 @@ public class InsecureChannelProcessorTests {
 		catch (IllegalArgumentException expected) {
 			assertThat(expected.getMessage()).isEqualTo("insecureKeyword required");
 		}
-
 		processor.setInsecureKeyword("");
-
 		try {
 			processor.afterPropertiesSet();
 			fail("Should have thrown IllegalArgumentException");
diff --git a/web/src/test/java/org/springframework/security/web/access/channel/RetryWithHttpEntryPointTests.java b/web/src/test/java/org/springframework/security/web/access/channel/RetryWithHttpEntryPointTests.java
index bf67247ff3..f858d11c5b 100644
--- a/web/src/test/java/org/springframework/security/web/access/channel/RetryWithHttpEntryPointTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/channel/RetryWithHttpEntryPointTests.java
@@ -43,7 +43,6 @@ public class RetryWithHttpEntryPointTests {
 	@Test
 	public void testDetectsMissingPortMapper() {
 		RetryWithHttpEntryPoint ep = new RetryWithHttpEntryPoint();
-
 		try {
 			ep.setPortMapper(null);
 			fail("Should have thrown IllegalArgumentException");
@@ -55,7 +54,6 @@ public class RetryWithHttpEntryPointTests {
 	@Test
 	public void testDetectsMissingPortResolver() {
 		RetryWithHttpEntryPoint ep = new RetryWithHttpEntryPoint();
-
 		try {
 			ep.setPortResolver(null);
 			fail("Should have thrown IllegalArgumentException");
@@ -85,13 +83,10 @@ public class RetryWithHttpEntryPointTests {
 		request.setScheme("https");
 		request.setServerName("localhost");
 		request.setServerPort(443);
-
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		RetryWithHttpEntryPoint ep = new RetryWithHttpEntryPoint();
 		ep.setPortMapper(new PortMapperImpl());
 		ep.setPortResolver(new MockPortResolver(80, 443));
-
 		ep.commence(request, response);
 		assertThat(response.getRedirectedUrl()).isEqualTo("http://localhost/bigWebApp/hello/pathInfo.html?open=true");
 	}
@@ -102,13 +97,10 @@ public class RetryWithHttpEntryPointTests {
 		request.setScheme("https");
 		request.setServerName("localhost");
 		request.setServerPort(443);
-
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		RetryWithHttpEntryPoint ep = new RetryWithHttpEntryPoint();
 		ep.setPortMapper(new PortMapperImpl());
 		ep.setPortResolver(new MockPortResolver(80, 443));
-
 		ep.commence(request, response);
 		assertThat(response.getRedirectedUrl()).isEqualTo("http://localhost/bigWebApp/hello");
 	}
@@ -120,13 +112,10 @@ public class RetryWithHttpEntryPointTests {
 		request.setScheme("https");
 		request.setServerName("www.example.com");
 		request.setServerPort(8768);
-
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		RetryWithHttpEntryPoint ep = new RetryWithHttpEntryPoint();
 		ep.setPortMapper(new PortMapperImpl());
 		ep.setPortResolver(new MockPortResolver(8768, 1234));
-
 		ep.commence(request, response);
 		assertThat(response.getRedirectedUrl()).isEqualTo("/bigWebApp?open=true");
 	}
@@ -138,18 +127,14 @@ public class RetryWithHttpEntryPointTests {
 		request.setScheme("https");
 		request.setServerName("localhost");
 		request.setServerPort(9999);
-
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		PortMapperImpl portMapper = new PortMapperImpl();
 		Map<String, String> map = new HashMap<>();
 		map.put("8888", "9999");
 		portMapper.setPortMappings(map);
-
 		RetryWithHttpEntryPoint ep = new RetryWithHttpEntryPoint();
 		ep.setPortResolver(new MockPortResolver(8888, 9999));
 		ep.setPortMapper(portMapper);
-
 		ep.commence(request, response);
 		assertThat(response.getRedirectedUrl())
 				.isEqualTo("http://localhost:8888/bigWebApp/hello/pathInfo.html?open=true");
diff --git a/web/src/test/java/org/springframework/security/web/access/channel/RetryWithHttpsEntryPointTests.java b/web/src/test/java/org/springframework/security/web/access/channel/RetryWithHttpsEntryPointTests.java
index 3fdf255079..29274cb3ea 100644
--- a/web/src/test/java/org/springframework/security/web/access/channel/RetryWithHttpsEntryPointTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/channel/RetryWithHttpsEntryPointTests.java
@@ -39,7 +39,6 @@ public class RetryWithHttpsEntryPointTests {
 	@Test
 	public void testDetectsMissingPortMapper() {
 		RetryWithHttpsEntryPoint ep = new RetryWithHttpsEntryPoint();
-
 		try {
 			ep.setPortMapper(null);
 			fail("Should have thrown IllegalArgumentException");
@@ -51,7 +50,6 @@ public class RetryWithHttpsEntryPointTests {
 	@Test
 	public void testDetectsMissingPortResolver() {
 		RetryWithHttpsEntryPoint ep = new RetryWithHttpsEntryPoint();
-
 		try {
 			ep.setPortResolver(null);
 			fail("Should have thrown IllegalArgumentException");
@@ -76,13 +74,10 @@ public class RetryWithHttpsEntryPointTests {
 		request.setScheme("http");
 		request.setServerName("www.example.com");
 		request.setServerPort(80);
-
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		RetryWithHttpsEntryPoint ep = new RetryWithHttpsEntryPoint();
 		ep.setPortMapper(new PortMapperImpl());
 		ep.setPortResolver(new MockPortResolver(80, 443));
-
 		ep.commence(request, response);
 		assertThat(response.getRedirectedUrl())
 				.isEqualTo("https://www.example.com/bigWebApp/hello/pathInfo.html?open=true");
@@ -94,13 +89,10 @@ public class RetryWithHttpsEntryPointTests {
 		request.setScheme("http");
 		request.setServerName("www.example.com");
 		request.setServerPort(80);
-
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		RetryWithHttpsEntryPoint ep = new RetryWithHttpsEntryPoint();
 		ep.setPortMapper(new PortMapperImpl());
 		ep.setPortResolver(new MockPortResolver(80, 443));
-
 		ep.commence(request, response);
 		assertThat(response.getRedirectedUrl()).isEqualTo("https://www.example.com/bigWebApp/hello");
 	}
@@ -112,13 +104,10 @@ public class RetryWithHttpsEntryPointTests {
 		request.setScheme("http");
 		request.setServerName("www.example.com");
 		request.setServerPort(8768);
-
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		RetryWithHttpsEntryPoint ep = new RetryWithHttpsEntryPoint();
 		ep.setPortMapper(new PortMapperImpl());
 		ep.setPortResolver(new MockPortResolver(8768, 1234));
-
 		ep.commence(request, response);
 		assertThat(response.getRedirectedUrl()).isEqualTo("/bigWebApp?open=true");
 	}
@@ -130,18 +119,14 @@ public class RetryWithHttpsEntryPointTests {
 		request.setScheme("http");
 		request.setServerName("www.example.com");
 		request.setServerPort(8888);
-
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		PortMapperImpl portMapper = new PortMapperImpl();
 		Map<String, String> map = new HashMap<>();
 		map.put("8888", "9999");
 		portMapper.setPortMappings(map);
-
 		RetryWithHttpsEntryPoint ep = new RetryWithHttpsEntryPoint();
 		ep.setPortResolver(new MockPortResolver(8888, 9999));
 		ep.setPortMapper(portMapper);
-
 		ep.commence(request, response);
 		assertThat(response.getRedirectedUrl())
 				.isEqualTo("https://www.example.com:9999/bigWebApp/hello/pathInfo.html?open=true");
diff --git a/web/src/test/java/org/springframework/security/web/access/channel/SecureChannelProcessorTests.java b/web/src/test/java/org/springframework/security/web/access/channel/SecureChannelProcessorTests.java
index 9c472da817..e66b411c55 100644
--- a/web/src/test/java/org/springframework/security/web/access/channel/SecureChannelProcessorTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/channel/SecureChannelProcessorTests.java
@@ -46,13 +46,10 @@ public class SecureChannelProcessorTests {
 		request.setScheme("https");
 		request.setSecure(true);
 		request.setServerPort(8443);
-
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		FilterInvocation fi = new FilterInvocation(request, response, mock(FilterChain.class));
-
 		SecureChannelProcessor processor = new SecureChannelProcessor();
 		processor.decide(fi, SecurityConfig.createList("SOME_IGNORED_ATTRIBUTE", "REQUIRES_SECURE_CHANNEL"));
-
 		assertThat(fi.getResponse().isCommitted()).isFalse();
 	}
 
@@ -65,14 +62,11 @@ public class SecureChannelProcessorTests {
 		request.setServletPath("/servlet");
 		request.setScheme("http");
 		request.setServerPort(8080);
-
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		FilterInvocation fi = new FilterInvocation(request, response, mock(FilterChain.class));
-
 		SecureChannelProcessor processor = new SecureChannelProcessor();
 		processor.decide(fi,
 				SecurityConfig.createList(new String[] { "SOME_IGNORED_ATTRIBUTE", "REQUIRES_SECURE_CHANNEL" }));
-
 		assertThat(fi.getResponse().isCommitted()).isTrue();
 	}
 
@@ -80,13 +74,11 @@ public class SecureChannelProcessorTests {
 	public void testDecideRejectsNulls() throws Exception {
 		SecureChannelProcessor processor = new SecureChannelProcessor();
 		processor.afterPropertiesSet();
-
 		try {
 			processor.decide(null, null);
 			fail("Should have thrown IllegalArgumentException");
 		}
 		catch (IllegalArgumentException expected) {
-
 		}
 	}
 
@@ -96,7 +88,6 @@ public class SecureChannelProcessorTests {
 		assertThat(processor.getSecureKeyword()).isEqualTo("REQUIRES_SECURE_CHANNEL");
 		processor.setSecureKeyword("X");
 		assertThat(processor.getSecureKeyword()).isEqualTo("X");
-
 		assertThat(processor.getEntryPoint() != null).isTrue();
 		processor.setEntryPoint(null);
 		assertThat(processor.getEntryPoint() == null).isTrue();
@@ -106,7 +97,6 @@ public class SecureChannelProcessorTests {
 	public void testMissingEntryPoint() throws Exception {
 		SecureChannelProcessor processor = new SecureChannelProcessor();
 		processor.setEntryPoint(null);
-
 		try {
 			processor.afterPropertiesSet();
 			fail("Should have thrown IllegalArgumentException");
@@ -120,7 +110,6 @@ public class SecureChannelProcessorTests {
 	public void testMissingSecureChannelKeyword() throws Exception {
 		SecureChannelProcessor processor = new SecureChannelProcessor();
 		processor.setSecureKeyword(null);
-
 		try {
 			processor.afterPropertiesSet();
 			fail("Should have thrown IllegalArgumentException");
@@ -128,9 +117,7 @@ public class SecureChannelProcessorTests {
 		catch (IllegalArgumentException expected) {
 			assertThat(expected.getMessage()).isEqualTo("secureKeyword required");
 		}
-
 		processor.setSecureKeyword("");
-
 		try {
 			processor.afterPropertiesSet();
 			fail("Should have thrown IllegalArgumentException");
diff --git a/web/src/test/java/org/springframework/security/web/access/expression/AbstractVariableEvaluationContextPostProcessorTests.java b/web/src/test/java/org/springframework/security/web/access/expression/AbstractVariableEvaluationContextPostProcessorTests.java
index 0244b48aa6..0e1dec1d1b 100644
--- a/web/src/test/java/org/springframework/security/web/access/expression/AbstractVariableEvaluationContextPostProcessorTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/expression/AbstractVariableEvaluationContextPostProcessorTests.java
@@ -65,14 +65,12 @@ public class AbstractVariableEvaluationContextPostProcessorTests {
 	@Test
 	public void extractVariables() {
 		this.context = this.processor.postProcess(this.context, this.invocation);
-
 		assertThat(this.context.lookupVariable(KEY)).isEqualTo(VALUE);
 	}
 
 	@Test
 	public void extractVariablesOnlyUsedOnce() {
 		this.context = this.processor.postProcess(this.context, this.invocation);
-
 		assertThat(this.context.lookupVariable(KEY)).isEqualTo(VALUE);
 		this.processor.results = Collections.emptyMap();
 		assertThat(this.context.lookupVariable(KEY)).isEqualTo(VALUE);
diff --git a/web/src/test/java/org/springframework/security/web/access/expression/DefaultWebSecurityExpressionHandlerTests.java b/web/src/test/java/org/springframework/security/web/access/expression/DefaultWebSecurityExpressionHandlerTests.java
index 16a5f0e164..b23e67c89f 100644
--- a/web/src/test/java/org/springframework/security/web/access/expression/DefaultWebSecurityExpressionHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/expression/DefaultWebSecurityExpressionHandlerTests.java
@@ -69,7 +69,6 @@ public class DefaultWebSecurityExpressionHandlerTests {
 		bean.getConstructorArgumentValues().addGenericArgumentValue("ROLE_A");
 		appContext.registerBeanDefinition("role", bean);
 		this.handler.setApplicationContext(appContext);
-
 		EvaluationContext ctx = this.handler.createEvaluationContext(mock(Authentication.class),
 				mock(FilterInvocation.class));
 		ExpressionParser parser = this.handler.getExpressionParser();
@@ -85,11 +84,9 @@ public class DefaultWebSecurityExpressionHandlerTests {
 	@Test
 	public void createEvaluationContextCustomTrustResolver() {
 		this.handler.setTrustResolver(this.trustResolver);
-
 		Expression expression = this.handler.getExpressionParser().parseExpression("anonymous");
 		EvaluationContext context = this.handler.createEvaluationContext(this.authentication, this.invocation);
 		assertThat(expression.getValue(context, Boolean.class)).isFalse();
-
 		verify(this.trustResolver).isAnonymous(this.authentication);
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/access/expression/DelegatingEvaluationContextTests.java b/web/src/test/java/org/springframework/security/web/access/expression/DelegatingEvaluationContextTests.java
index bb9a8e6734..355dd768df 100644
--- a/web/src/test/java/org/springframework/security/web/access/expression/DelegatingEvaluationContextTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/expression/DelegatingEvaluationContextTests.java
@@ -56,7 +56,6 @@ public class DelegatingEvaluationContextTests {
 	public void getRootObject() {
 		TypedValue expected = mock(TypedValue.class);
 		given(this.delegate.getRootObject()).willReturn(expected);
-
 		assertThat(this.context.getRootObject()).isEqualTo(expected);
 	}
 
@@ -64,7 +63,6 @@ public class DelegatingEvaluationContextTests {
 	public void getConstructorResolvers() {
 		List<ConstructorResolver> expected = new ArrayList<>();
 		given(this.delegate.getConstructorResolvers()).willReturn(expected);
-
 		assertThat(this.context.getConstructorResolvers()).isEqualTo(expected);
 	}
 
@@ -72,7 +70,6 @@ public class DelegatingEvaluationContextTests {
 	public void getMethodResolvers() {
 		List<MethodResolver> expected = new ArrayList<>();
 		given(this.delegate.getMethodResolvers()).willReturn(expected);
-
 		assertThat(this.context.getMethodResolvers()).isEqualTo(expected);
 	}
 
@@ -80,16 +77,13 @@ public class DelegatingEvaluationContextTests {
 	public void getPropertyAccessors() {
 		List<PropertyAccessor> expected = new ArrayList<>();
 		given(this.delegate.getPropertyAccessors()).willReturn(expected);
-
 		assertThat(this.context.getPropertyAccessors()).isEqualTo(expected);
 	}
 
 	@Test
 	public void getTypeLocator() {
-
 		TypeLocator expected = mock(TypeLocator.class);
 		given(this.delegate.getTypeLocator()).willReturn(expected);
-
 		assertThat(this.context.getTypeLocator()).isEqualTo(expected);
 	}
 
@@ -97,7 +91,6 @@ public class DelegatingEvaluationContextTests {
 	public void getTypeConverter() {
 		TypeConverter expected = mock(TypeConverter.class);
 		given(this.delegate.getTypeConverter()).willReturn(expected);
-
 		assertThat(this.context.getTypeConverter()).isEqualTo(expected);
 	}
 
@@ -105,7 +98,6 @@ public class DelegatingEvaluationContextTests {
 	public void getTypeComparator() {
 		TypeComparator expected = mock(TypeComparator.class);
 		given(this.delegate.getTypeComparator()).willReturn(expected);
-
 		assertThat(this.context.getTypeComparator()).isEqualTo(expected);
 	}
 
@@ -113,7 +105,6 @@ public class DelegatingEvaluationContextTests {
 	public void getOperatorOverloader() {
 		OperatorOverloader expected = mock(OperatorOverloader.class);
 		given(this.delegate.getOperatorOverloader()).willReturn(expected);
-
 		assertThat(this.context.getOperatorOverloader()).isEqualTo(expected);
 	}
 
@@ -121,7 +112,6 @@ public class DelegatingEvaluationContextTests {
 	public void getBeanResolver() {
 		BeanResolver expected = mock(BeanResolver.class);
 		given(this.delegate.getBeanResolver()).willReturn(expected);
-
 		assertThat(this.context.getBeanResolver()).isEqualTo(expected);
 	}
 
@@ -129,9 +119,7 @@ public class DelegatingEvaluationContextTests {
 	public void setVariable() {
 		String name = "name";
 		String value = "value";
-
 		this.context.setVariable(name, value);
-
 		verify(this.delegate).setVariable(name, value);
 	}
 
@@ -140,7 +128,6 @@ public class DelegatingEvaluationContextTests {
 		String name = "name";
 		String expected = "expected";
 		given(this.delegate.lookupVariable(name)).willReturn(expected);
-
 		assertThat(this.context.lookupVariable(name)).isEqualTo(expected);
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/access/expression/WebExpressionVoterTests.java b/web/src/test/java/org/springframework/security/web/access/expression/WebExpressionVoterTests.java
index fdca0484e6..8f8a5ab887 100644
--- a/web/src/test/java/org/springframework/security/web/access/expression/WebExpressionVoterTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/expression/WebExpressionVoterTests.java
@@ -55,7 +55,6 @@ public class WebExpressionVoterTests {
 						.isTrue();
 		assertThat(voter.supports(FilterInvocation.class)).isTrue();
 		assertThat(voter.supports(MethodInvocation.class)).isFalse();
-
 	}
 
 	@Test
@@ -83,9 +82,7 @@ public class WebExpressionVoterTests {
 		ArrayList attributes = new ArrayList();
 		attributes.addAll(SecurityConfig.createList("A", "B", "C"));
 		attributes.add(weca);
-
 		assertThat(voter.vote(this.user, fi, attributes)).isEqualTo(AccessDecisionVoter.ACCESS_GRANTED);
-
 		// Second time false
 		assertThat(voter.vote(this.user, fi, attributes)).isEqualTo(AccessDecisionVoter.ACCESS_DENIED);
 	}
diff --git a/web/src/test/java/org/springframework/security/web/access/expression/WebSecurityExpressionRootTests.java b/web/src/test/java/org/springframework/security/web/access/expression/WebSecurityExpressionRootTests.java
index 0e973ade90..f6394360fc 100644
--- a/web/src/test/java/org/springframework/security/web/access/expression/WebSecurityExpressionRootTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/expression/WebSecurityExpressionRootTests.java
@@ -44,9 +44,7 @@ public class WebSecurityExpressionRootTests {
 		request.setRemoteAddr("192.168.1.1");
 		WebSecurityExpressionRoot root = new WebSecurityExpressionRoot(mock(Authentication.class),
 				new FilterInvocation(request, mock(HttpServletResponse.class), mock(FilterChain.class)));
-
 		assertThat(root.hasIpAddress("192.168.1.1")).isTrue();
-
 		// IPv6 Address
 		request.setRemoteAddr("fa:db8:85a3::8a2e:370:7334");
 		assertThat(root.hasIpAddress("fa:db8:85a3::8a2e:370:7334")).isTrue();
@@ -62,7 +60,6 @@ public class WebSecurityExpressionRootTests {
 			request.setRemoteAddr("192.168.1." + i);
 			assertThat(root.hasIpAddress("192.168.1.0/24")).isTrue();
 		}
-
 		request.setRemoteAddr("192.168.1.127");
 		// 25 = FF FF FF 80
 		assertThat(root.hasIpAddress("192.168.1.0/25")).isTrue();
@@ -75,7 +72,6 @@ public class WebSecurityExpressionRootTests {
 		assertThat(root.hasIpAddress("192.168.1.224/27")).isTrue();
 		assertThat(root.hasIpAddress("192.168.1.240/27")).isTrue();
 		assertThat(root.hasIpAddress("192.168.1.255/32")).isTrue();
-
 		request.setRemoteAddr("202.24.199.127");
 		assertThat(root.hasIpAddress("202.24.0.0/14")).isTrue();
 		request.setRemoteAddr("202.25.179.135");
diff --git a/web/src/test/java/org/springframework/security/web/access/intercept/DefaultFilterInvocationSecurityMetadataSourceTests.java b/web/src/test/java/org/springframework/security/web/access/intercept/DefaultFilterInvocationSecurityMetadataSourceTests.java
index 5f207669bc..c054e9a483 100644
--- a/web/src/test/java/org/springframework/security/web/access/intercept/DefaultFilterInvocationSecurityMetadataSourceTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/intercept/DefaultFilterInvocationSecurityMetadataSourceTests.java
@@ -54,9 +54,7 @@ public class DefaultFilterInvocationSecurityMetadataSourceTests {
 	@Test
 	public void lookupNotRequiringExactMatchSucceedsIfNotMatching() {
 		createFids("/secure/super/**", null);
-
 		FilterInvocation fi = createFilterInvocation("/secure/super/somefile.html", null, null, null);
-
 		assertThat(this.fids.getAttributes(fi)).isEqualTo(this.def);
 	}
 
@@ -67,9 +65,7 @@ public class DefaultFilterInvocationSecurityMetadataSourceTests {
 	@Test
 	public void lookupNotRequiringExactMatchSucceedsIfSecureUrlPathContainsUpperCase() {
 		createFids("/secure/super/**", null);
-
 		FilterInvocation fi = createFilterInvocation("/secure", "/super/somefile.html", null, null);
-
 		Collection<ConfigAttribute> response = this.fids.getAttributes(fi);
 		assertThat(response).isEqualTo(this.def);
 	}
@@ -77,9 +73,7 @@ public class DefaultFilterInvocationSecurityMetadataSourceTests {
 	@Test
 	public void lookupRequiringExactMatchIsSuccessful() {
 		createFids("/SeCurE/super/**", null);
-
 		FilterInvocation fi = createFilterInvocation("/SeCurE/super/somefile.html", null, null, null);
-
 		Collection<ConfigAttribute> response = this.fids.getAttributes(fi);
 		assertThat(response).isEqualTo(this.def);
 	}
@@ -87,9 +81,7 @@ public class DefaultFilterInvocationSecurityMetadataSourceTests {
 	@Test
 	public void lookupRequiringExactMatchWithAdditionalSlashesIsSuccessful() {
 		createFids("/someAdminPage.html**", null);
-
 		FilterInvocation fi = createFilterInvocation("/someAdminPage.html", null, "a=/test", null);
-
 		Collection<ConfigAttribute> response = this.fids.getAttributes(fi);
 		assertThat(response); // see SEC-161 (it should truncate after ?
 								// sign).isEqualTo(def)
@@ -103,7 +95,6 @@ public class DefaultFilterInvocationSecurityMetadataSourceTests {
 	@Test
 	public void httpMethodLookupSucceeds() {
 		createFids("/somepage**", "GET");
-
 		FilterInvocation fi = createFilterInvocation("/somepage", null, null, "GET");
 		Collection<ConfigAttribute> attrs = this.fids.getAttributes(fi);
 		assertThat(attrs).isEqualTo(this.def);
@@ -112,7 +103,6 @@ public class DefaultFilterInvocationSecurityMetadataSourceTests {
 	@Test
 	public void generalMatchIsUsedIfNoMethodSpecificMatchExists() {
 		createFids("/somepage**", null);
-
 		FilterInvocation fi = createFilterInvocation("/somepage", null, null, "GET");
 		Collection<ConfigAttribute> attrs = this.fids.getAttributes(fi);
 		assertThat(attrs).isEqualTo(this.def);
@@ -121,7 +111,6 @@ public class DefaultFilterInvocationSecurityMetadataSourceTests {
 	@Test
 	public void requestWithDifferentHttpMethodDoesntMatch() {
 		createFids("/somepage**", "GET");
-
 		FilterInvocation fi = createFilterInvocation("/somepage", null, null, "POST");
 		Collection<ConfigAttribute> attrs = this.fids.getAttributes(fi);
 		assertThat(attrs).isNull();
@@ -132,11 +121,9 @@ public class DefaultFilterInvocationSecurityMetadataSourceTests {
 	public void mixingPatternsWithAndWithoutHttpMethodsIsSupported() {
 		LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>> requestMap = new LinkedHashMap<>();
 		Collection<ConfigAttribute> userAttrs = SecurityConfig.createList("A");
-
 		requestMap.put(new AntPathRequestMatcher("/user/**", null), userAttrs);
 		requestMap.put(new AntPathRequestMatcher("/teller/**", "GET"), SecurityConfig.createList("B"));
 		this.fids = new DefaultFilterInvocationSecurityMetadataSource(requestMap);
-
 		FilterInvocation fi = createFilterInvocation("/user", null, null, "GET");
 		Collection<ConfigAttribute> attrs = this.fids.getAttributes(fi);
 		assertThat(attrs).isEqualTo(userAttrs);
@@ -148,14 +135,10 @@ public class DefaultFilterInvocationSecurityMetadataSourceTests {
 	@Test
 	public void extraQuestionMarkStillMatches() {
 		createFids("/someAdminPage.html*", null);
-
 		FilterInvocation fi = createFilterInvocation("/someAdminPage.html", null, null, null);
-
 		Collection<ConfigAttribute> response = this.fids.getAttributes(fi);
 		assertThat(response).isEqualTo(this.def);
-
 		fi = createFilterInvocation("/someAdminPage.html", null, "?", null);
-
 		response = this.fids.getAttributes(fi);
 		assertThat(response).isEqualTo(this.def);
 	}
@@ -168,7 +151,6 @@ public class DefaultFilterInvocationSecurityMetadataSourceTests {
 		request.setServletPath(servletPath);
 		request.setPathInfo(pathInfo);
 		request.setQueryString(queryString);
-
 		return new FilterInvocation(request, new MockHttpServletResponse(), mock(FilterChain.class));
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/access/intercept/FilterSecurityInterceptorTests.java b/web/src/test/java/org/springframework/security/web/access/intercept/FilterSecurityInterceptorTests.java
index 37199a0c8f..dcd759048a 100644
--- a/web/src/test/java/org/springframework/security/web/access/intercept/FilterSecurityInterceptorTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/intercept/FilterSecurityInterceptorTests.java
@@ -117,13 +117,9 @@ public class FilterSecurityInterceptorTests {
 		// Setup a Context
 		Authentication token = new TestingAuthenticationToken("Test", "Password", "NOT_USED");
 		SecurityContextHolder.getContext().setAuthentication(token);
-
 		FilterInvocation fi = createinvocation();
-
 		given(this.ods.getAttributes(fi)).willReturn(SecurityConfig.createList("MOCK_OK"));
-
 		this.interceptor.invoke(fi);
-
 		// SEC-1697
 		verify(this.publisher, never()).publishEvent(any(AuthorizedEvent.class));
 	}
@@ -132,24 +128,19 @@ public class FilterSecurityInterceptorTests {
 	public void afterInvocationIsNotInvokedIfExceptionThrown() throws Exception {
 		Authentication token = new TestingAuthenticationToken("Test", "Password", "NOT_USED");
 		SecurityContextHolder.getContext().setAuthentication(token);
-
 		FilterInvocation fi = createinvocation();
 		FilterChain chain = fi.getChain();
-
 		willThrow(new RuntimeException()).given(chain).doFilter(any(HttpServletRequest.class),
 				any(HttpServletResponse.class));
 		given(this.ods.getAttributes(fi)).willReturn(SecurityConfig.createList("MOCK_OK"));
-
 		AfterInvocationManager aim = mock(AfterInvocationManager.class);
 		this.interceptor.setAfterInvocationManager(aim);
-
 		try {
 			this.interceptor.invoke(fi);
 			fail("Expected exception");
 		}
 		catch (RuntimeException expected) {
 		}
-
 		verifyZeroInteractions(aim);
 	}
 
@@ -161,29 +152,23 @@ public class FilterSecurityInterceptorTests {
 		Authentication token = new TestingAuthenticationToken("Test", "Password", "NOT_USED");
 		token.setAuthenticated(true);
 		ctx.setAuthentication(token);
-
 		RunAsManager runAsManager = mock(RunAsManager.class);
 		given(runAsManager.buildRunAs(eq(token), any(), anyCollection()))
 				.willReturn(new RunAsUserToken("key", "someone", "creds", token.getAuthorities(), token.getClass()));
 		this.interceptor.setRunAsManager(runAsManager);
-
 		FilterInvocation fi = createinvocation();
 		FilterChain chain = fi.getChain();
-
 		willThrow(new RuntimeException()).given(chain).doFilter(any(HttpServletRequest.class),
 				any(HttpServletResponse.class));
 		given(this.ods.getAttributes(fi)).willReturn(SecurityConfig.createList("MOCK_OK"));
-
 		AfterInvocationManager aim = mock(AfterInvocationManager.class);
 		this.interceptor.setAfterInvocationManager(aim);
-
 		try {
 			this.interceptor.invoke(fi);
 			fail("Expected exception");
 		}
 		catch (RuntimeException expected) {
 		}
-
 		// Check we've changed back
 		assertThat(SecurityContextHolder.getContext()).isSameAs(ctx);
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(token);
@@ -195,9 +180,7 @@ public class FilterSecurityInterceptorTests {
 		this.interceptor.setObserveOncePerRequest(false);
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		MockHttpServletRequest request = new MockHttpServletRequest();
-
 		this.interceptor.doFilter(request, response, new MockFilterChain());
-
 		assertThat(request.getAttributeNames().hasMoreElements()).isFalse();
 	}
 
@@ -205,10 +188,8 @@ public class FilterSecurityInterceptorTests {
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setServletPath("/secure/page.html");
-
 		FilterChain chain = mock(FilterChain.class);
 		FilterInvocation fi = new FilterInvocation(request, response, chain);
-
 		return fi;
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/access/intercept/RequestKeyTests.java b/web/src/test/java/org/springframework/security/web/access/intercept/RequestKeyTests.java
index 40576c0a41..37211f6fa2 100644
--- a/web/src/test/java/org/springframework/security/web/access/intercept/RequestKeyTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/intercept/RequestKeyTests.java
@@ -31,7 +31,6 @@ public class RequestKeyTests {
 	public void equalsWorksWithNullHttpMethod() {
 		RequestKey key1 = new RequestKey("/someurl");
 		RequestKey key2 = new RequestKey("/someurl");
-
 		assertThat(key2).isEqualTo(key1);
 		key1 = new RequestKey("/someurl", "GET");
 		assertThat(key1.equals(key2)).isFalse();
@@ -42,7 +41,6 @@ public class RequestKeyTests {
 	public void keysWithSameUrlAndHttpMethodAreEqual() {
 		RequestKey key1 = new RequestKey("/someurl", "GET");
 		RequestKey key2 = new RequestKey("/someurl", "GET");
-
 		assertThat(key2).isEqualTo(key1);
 	}
 
@@ -50,7 +48,6 @@ public class RequestKeyTests {
 	public void keysWithSameUrlAndDifferentHttpMethodAreNotEqual() {
 		RequestKey key1 = new RequestKey("/someurl", "GET");
 		RequestKey key2 = new RequestKey("/someurl", "POST");
-
 		assertThat(key1.equals(key2)).isFalse();
 		assertThat(key2.equals(key1)).isFalse();
 	}
@@ -59,7 +56,6 @@ public class RequestKeyTests {
 	public void keysWithDifferentUrlsAreNotEquals() {
 		RequestKey key1 = new RequestKey("/someurl", "GET");
 		RequestKey key2 = new RequestKey("/anotherurl", "GET");
-
 		assertThat(key1.equals(key2)).isFalse();
 		assertThat(key2.equals(key1)).isFalse();
 	}
diff --git a/web/src/test/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilterTests.java
index d815881514..0cdee2f548 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilterTests.java
@@ -71,13 +71,11 @@ public class AbstractAuthenticationProcessingFilterTests {
 
 	private MockHttpServletRequest createMockAuthenticationRequest() {
 		MockHttpServletRequest request = new MockHttpServletRequest();
-
 		request.setServletPath("/j_mock_post");
 		request.setScheme("http");
 		request.setServerName("www.example.com");
 		request.setRequestURI("/mycontext/j_mock_post");
 		request.setContextPath("/mycontext");
-
 		return request;
 	}
 
@@ -101,10 +99,8 @@ public class AbstractAuthenticationProcessingFilterTests {
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		MockAuthenticationFilter filter = new MockAuthenticationFilter();
 		filter.setFilterProcessesUrl("/login");
-
 		DefaultHttpFirewall firewall = new DefaultHttpFirewall();
 		request.setServletPath("/login;jsessionid=I8MIONOSTHOR");
-
 		// the firewall ensures that path parameters are ignored
 		HttpServletRequest firewallRequest = firewall.getFirewalledRequest(request);
 		assertThat(filter.requiresAuthentication(firewallRequest, response)).isTrue();
@@ -116,20 +112,16 @@ public class AbstractAuthenticationProcessingFilterTests {
 		MockHttpServletRequest request = createMockAuthenticationRequest();
 		request.setServletPath("/j_OTHER_LOCATION");
 		request.setRequestURI("/mycontext/j_OTHER_LOCATION");
-
 		// Setup our filter configuration
 		MockFilterConfig config = new MockFilterConfig(null, null);
-
 		// Setup our expectation that the filter chain will not be invoked, as we redirect
 		// to defaultTargetUrl
 		MockFilterChain chain = new MockFilterChain(false);
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		// Setup our test object, to grant access
 		MockAuthenticationFilter filter = new MockAuthenticationFilter(true);
 		filter.setFilterProcessesUrl("/j_OTHER_LOCATION");
 		filter.setAuthenticationSuccessHandler(this.successHandler);
-
 		// Test
 		filter.doFilter(request, response, chain);
 		assertThat(response.getRedirectedUrl()).isEqualTo("/mycontext/logged_in.jsp");
@@ -143,7 +135,6 @@ public class AbstractAuthenticationProcessingFilterTests {
 		filter.setAuthenticationManager(mock(AuthenticationManager.class));
 		filter.setFilterProcessesUrl("/p");
 		filter.afterPropertiesSet();
-
 		assertThat(filter.getRememberMeServices()).isNotNull();
 		filter.setRememberMeServices(
 				new TokenBasedRememberMeServices("key", new AbstractRememberMeServicesTests.MockUserDetailsService()));
@@ -157,18 +148,14 @@ public class AbstractAuthenticationProcessingFilterTests {
 		MockHttpServletRequest request = createMockAuthenticationRequest();
 		request.setServletPath("/some.file.html");
 		request.setRequestURI("/mycontext/some.file.html");
-
 		// Setup our filter configuration
 		MockFilterConfig config = new MockFilterConfig(null, null);
-
 		// Setup our expectation that the filter chain will be invoked, as our request is
 		// for a page the filter isn't monitoring
 		MockFilterChain chain = new MockFilterChain(true);
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		// Setup our test object, to deny access
 		MockAuthenticationFilter filter = new MockAuthenticationFilter(false);
-
 		// Test
 		filter.doFilter(request, response, chain);
 	}
@@ -178,25 +165,20 @@ public class AbstractAuthenticationProcessingFilterTests {
 		// Setup our HTTP request
 		MockHttpServletRequest request = createMockAuthenticationRequest();
 		HttpSession sessionPreAuth = request.getSession();
-
 		// Setup our filter configuration
 		MockFilterConfig config = new MockFilterConfig(null, null);
-
 		// Setup our expectation that the filter chain will not be invoked, as we redirect
 		// to defaultTargetUrl
 		MockFilterChain chain = new MockFilterChain(false);
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		// Setup our test object, to grant access
 		MockAuthenticationFilter filter = new MockAuthenticationFilter(true);
-
 		filter.setFilterProcessesUrl("/j_mock_post");
 		filter.setSessionAuthenticationStrategy(mock(SessionAuthenticationStrategy.class));
 		filter.setAuthenticationSuccessHandler(this.successHandler);
 		filter.setAuthenticationFailureHandler(this.failureHandler);
 		filter.setAuthenticationManager(mock(AuthenticationManager.class));
 		filter.afterPropertiesSet();
-
 		// Test
 		filter.doFilter(request, response, chain);
 		assertThat(response.getRedirectedUrl()).isEqualTo("/mycontext/logged_in.jsp");
@@ -211,24 +193,19 @@ public class AbstractAuthenticationProcessingFilterTests {
 		// Setup our HTTP request
 		MockHttpServletRequest request = createMockAuthenticationRequest();
 		HttpSession sessionPreAuth = request.getSession();
-
 		// Setup our filter configuration
 		MockFilterConfig config = new MockFilterConfig(null, null);
-
 		// Setup our expectation that the filter chain will not be invoked, as we redirect
 		// to defaultTargetUrl
 		MockFilterChain chain = new MockFilterChain(false);
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		// Setup our test object, to grant access
 		MockAuthenticationFilter filter = new MockAuthenticationFilter("/j_mock_post",
 				mock(AuthenticationManager.class));
-
 		filter.setSessionAuthenticationStrategy(mock(SessionAuthenticationStrategy.class));
 		filter.setAuthenticationSuccessHandler(this.successHandler);
 		filter.setAuthenticationFailureHandler(this.failureHandler);
 		filter.afterPropertiesSet();
-
 		// Test
 		filter.doFilter(request, response, chain);
 		assertThat(response.getRedirectedUrl()).isEqualTo("/mycontext/logged_in.jsp");
@@ -245,24 +222,19 @@ public class AbstractAuthenticationProcessingFilterTests {
 		request.setServletPath("/j_eradicate_corona_virus");
 		request.setRequestURI("/mycontext/j_eradicate_corona_virus");
 		HttpSession sessionPreAuth = request.getSession();
-
 		// Setup our filter configuration
 		MockFilterConfig config = new MockFilterConfig(null, null);
-
 		// Setup our expectation that the filter chain will not be invoked, as we redirect
 		// to defaultTargetUrl
 		MockFilterChain chain = new MockFilterChain(false);
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		// Setup our test object, to grant access
 		MockAuthenticationFilter filter = new MockAuthenticationFilter(
 				new AntPathRequestMatcher("/j_eradicate_corona_virus"), mock(AuthenticationManager.class));
-
 		filter.setSessionAuthenticationStrategy(mock(SessionAuthenticationStrategy.class));
 		filter.setAuthenticationSuccessHandler(this.successHandler);
 		filter.setAuthenticationFailureHandler(this.failureHandler);
 		filter.afterPropertiesSet();
-
 		// Test
 		filter.doFilter(request, response, chain);
 		assertThat(response.getRedirectedUrl()).isEqualTo("/mycontext/logged_in.jsp");
@@ -279,7 +251,6 @@ public class AbstractAuthenticationProcessingFilterTests {
 		this.successHandler.setDefaultTargetUrl("/");
 		filter.setAuthenticationSuccessHandler(this.successHandler);
 		filter.setFilterProcessesUrl("/login");
-
 		try {
 			filter.afterPropertiesSet();
 			fail("Should have thrown IllegalArgumentException");
@@ -295,7 +266,6 @@ public class AbstractAuthenticationProcessingFilterTests {
 		filter.setAuthenticationFailureHandler(this.failureHandler);
 		filter.setAuthenticationManager(mock(AuthenticationManager.class));
 		filter.setAuthenticationSuccessHandler(this.successHandler);
-
 		try {
 			filter.setFilterProcessesUrl(null);
 			fail("Should have thrown IllegalArgumentException");
@@ -309,38 +279,31 @@ public class AbstractAuthenticationProcessingFilterTests {
 	public void testSuccessLoginThenFailureLoginResultsInSessionLosingToken() throws Exception {
 		// Setup our HTTP request
 		MockHttpServletRequest request = createMockAuthenticationRequest();
-
 		// Setup our filter configuration
 		MockFilterConfig config = new MockFilterConfig(null, null);
-
 		// Setup our expectation that the filter chain will not be invoked, as we redirect
 		// to defaultTargetUrl
 		MockFilterChain chain = new MockFilterChain(false);
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		// Setup our test object, to grant access
 		MockAuthenticationFilter filter = new MockAuthenticationFilter(true);
 		filter.setFilterProcessesUrl("/j_mock_post");
 		filter.setAuthenticationSuccessHandler(this.successHandler);
-
 		// Test
 		filter.doFilter(request, response, chain);
 		assertThat(response.getRedirectedUrl()).isEqualTo("/mycontext/logged_in.jsp");
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull();
 		assertThat(SecurityContextHolder.getContext().getAuthentication().getPrincipal().toString()).isEqualTo("test");
-
 		// Now try again but this time have filter deny access
 		// Setup our HTTP request
 		// Setup our expectation that the filter chain will not be invoked, as we redirect
 		// to authenticationFailureUrl
 		chain = new MockFilterChain(false);
 		response = new MockHttpServletResponse();
-
 		// Setup our test object, to deny access
 		filter = new MockAuthenticationFilter(false);
 		filter.setFilterProcessesUrl("/j_mock_post");
 		filter.setAuthenticationFailureHandler(this.failureHandler);
-
 		// Test
 		filter.doFilter(request, response, chain);
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
@@ -350,27 +313,21 @@ public class AbstractAuthenticationProcessingFilterTests {
 	public void testSuccessfulAuthenticationInvokesSuccessHandlerAndSetsContext() throws Exception {
 		// Setup our HTTP request
 		MockHttpServletRequest request = createMockAuthenticationRequest();
-
 		// Setup our filter configuration
 		MockFilterConfig config = new MockFilterConfig(null, null);
-
 		// Setup our expectation that the filter chain will be invoked, as we want to go
 		// to the location requested in the session
 		MockFilterChain chain = new MockFilterChain(true);
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		// Setup our test object, to grant access
 		MockAuthenticationFilter filter = new MockAuthenticationFilter(true);
 		filter.setFilterProcessesUrl("/j_mock_post");
 		AuthenticationSuccessHandler successHandler = mock(AuthenticationSuccessHandler.class);
 		filter.setAuthenticationSuccessHandler(successHandler);
-
 		// Test
 		filter.doFilter(request, response, chain);
-
 		verify(successHandler).onAuthenticationSuccess(any(HttpServletRequest.class), any(HttpServletResponse.class),
 				any(Authentication.class));
-
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull();
 	}
 
@@ -378,26 +335,20 @@ public class AbstractAuthenticationProcessingFilterTests {
 	public void testFailedAuthenticationInvokesFailureHandler() throws Exception {
 		// Setup our HTTP request
 		MockHttpServletRequest request = createMockAuthenticationRequest();
-
 		// Setup our filter configuration
 		MockFilterConfig config = new MockFilterConfig(null, null);
-
 		// Setup our expectation that the filter chain will not be invoked, as we redirect
 		// to authenticationFailureUrl
 		MockFilterChain chain = new MockFilterChain(false);
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		// Setup our test object, to deny access
 		MockAuthenticationFilter filter = new MockAuthenticationFilter(false);
 		AuthenticationFailureHandler failureHandler = mock(AuthenticationFailureHandler.class);
 		filter.setAuthenticationFailureHandler(failureHandler);
-
 		// Test
 		filter.doFilter(request, response, chain);
-
 		verify(failureHandler).onAuthenticationFailure(any(HttpServletRequest.class), any(HttpServletResponse.class),
 				any(AuthenticationException.class));
-
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
 	}
 
@@ -407,18 +358,14 @@ public class AbstractAuthenticationProcessingFilterTests {
 	@Test
 	public void testNoSessionIsCreatedIfAllowSessionCreationIsFalse() throws Exception {
 		MockHttpServletRequest request = createMockAuthenticationRequest();
-
 		MockFilterConfig config = new MockFilterConfig(null, null);
 		MockFilterChain chain = new MockFilterChain(true);
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		// Reject authentication, so exception would normally be stored in session
 		MockAuthenticationFilter filter = new MockAuthenticationFilter(false);
 		this.failureHandler.setAllowSessionCreation(false);
 		filter.setAuthenticationFailureHandler(this.failureHandler);
-
 		filter.doFilter(request, response, chain);
-
 		assertThat(request.getSession(false)).isNull();
 	}
 
@@ -428,17 +375,13 @@ public class AbstractAuthenticationProcessingFilterTests {
 	@Test
 	public void testLoginErrorWithNoFailureUrlSendsUnauthorizedStatus() throws Exception {
 		MockHttpServletRequest request = createMockAuthenticationRequest();
-
 		MockFilterConfig config = new MockFilterConfig(null, null);
 		MockFilterChain chain = new MockFilterChain(true);
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		MockAuthenticationFilter filter = new MockAuthenticationFilter(false);
 		this.successHandler.setDefaultTargetUrl("https://monkeymachine.co.uk/");
 		filter.setAuthenticationSuccessHandler(this.successHandler);
-
 		filter.doFilter(request, response, chain);
-
 		assertThat(response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
 	}
 
@@ -448,19 +391,15 @@ public class AbstractAuthenticationProcessingFilterTests {
 	@Test
 	public void loginErrorWithInternAuthenticationServiceExceptionLogsError() throws Exception {
 		MockHttpServletRequest request = createMockAuthenticationRequest();
-
 		MockFilterChain chain = new MockFilterChain(true);
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		Log logger = mock(Log.class);
 		MockAuthenticationFilter filter = new MockAuthenticationFilter(false);
 		ReflectionTestUtils.setField(filter, "logger", logger);
 		filter.exceptionToThrow = new InternalAuthenticationServiceException("Mock requested to do so");
 		this.successHandler.setDefaultTargetUrl("https://monkeymachine.co.uk/");
 		filter.setAuthenticationSuccessHandler(this.successHandler);
-
 		filter.doFilter(request, response, chain);
-
 		verify(logger).error(anyString(), eq(filter.exceptionToThrow));
 		assertThat(response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
 	}
diff --git a/web/src/test/java/org/springframework/security/web/authentication/AnonymousAuthenticationFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/AnonymousAuthenticationFilterTests.java
index cf5985a017..e0e18ff2c5 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/AnonymousAuthenticationFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/AnonymousAuthenticationFilterTests.java
@@ -74,16 +74,13 @@ public class AnonymousAuthenticationFilterTests {
 		// Put an Authentication object into the SecurityContextHolder
 		Authentication originalAuth = new TestingAuthenticationToken("user", "password", "ROLE_A");
 		SecurityContextHolder.getContext().setAuthentication(originalAuth);
-
 		AnonymousAuthenticationFilter filter = new AnonymousAuthenticationFilter("qwerty", "anonymousUsername",
 				AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS"));
-
 		// Test
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setRequestURI("x");
 		executeFilterInContainerSimulator(mock(FilterConfig.class), filter, request, new MockHttpServletResponse(),
 				new MockFilterChain(true));
-
 		// Ensure filter didn't change our original object
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isEqualTo(originalAuth);
 	}
@@ -93,12 +90,10 @@ public class AnonymousAuthenticationFilterTests {
 		AnonymousAuthenticationFilter filter = new AnonymousAuthenticationFilter("qwerty", "anonymousUsername",
 				AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS"));
 		filter.afterPropertiesSet();
-
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setRequestURI("x");
 		executeFilterInContainerSimulator(mock(FilterConfig.class), filter, request, new MockHttpServletResponse(),
 				new MockFilterChain(true));
-
 		Authentication auth = SecurityContextHolder.getContext().getAuthentication();
 		assertThat(auth.getPrincipal()).isEqualTo("anonymousUsername");
 		assertThat(AuthorityUtils.authorityListToSet(auth.getAuthorities())).contains("ROLE_ANONYMOUS");
diff --git a/web/src/test/java/org/springframework/security/web/authentication/AuthenticationFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/AuthenticationFilterTests.java
index 8a36219287..36a439e57e 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/AuthenticationFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/AuthenticationFilterTests.java
@@ -89,12 +89,10 @@ public class AuthenticationFilterTests {
 	public void filterWhenDefaultsAndNoAuthenticationThenContinues() throws Exception {
 		AuthenticationFilter filter = new AuthenticationFilter(this.authenticationManager,
 				this.authenticationConverter);
-
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", "/");
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		FilterChain chain = mock(FilterChain.class);
 		filter.doFilter(request, response, chain);
-
 		verifyZeroInteractions(this.authenticationManager);
 		verify(chain).doFilter(any(ServletRequest.class), any(ServletResponse.class));
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
@@ -104,12 +102,10 @@ public class AuthenticationFilterTests {
 	public void filterWhenAuthenticationManagerResolverDefaultsAndNoAuthenticationThenContinues() throws Exception {
 		AuthenticationFilter filter = new AuthenticationFilter(this.authenticationManagerResolver,
 				this.authenticationConverter);
-
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", "/");
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		FilterChain chain = mock(FilterChain.class);
 		filter.doFilter(request, response, chain);
-
 		verifyZeroInteractions(this.authenticationManagerResolver);
 		verify(chain).doFilter(any(ServletRequest.class), any(ServletResponse.class));
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
@@ -122,12 +118,10 @@ public class AuthenticationFilterTests {
 		given(this.authenticationManager.authenticate(any())).willReturn(authentication);
 		AuthenticationFilter filter = new AuthenticationFilter(this.authenticationManager,
 				this.authenticationConverter);
-
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", "/");
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		FilterChain chain = mock(FilterChain.class);
 		filter.doFilter(request, response, chain);
-
 		verify(this.authenticationManager).authenticate(any(Authentication.class));
 		verify(chain).doFilter(any(ServletRequest.class), any(ServletResponse.class));
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull();
@@ -139,15 +133,12 @@ public class AuthenticationFilterTests {
 		Authentication authentication = new TestingAuthenticationToken("test", "this", "ROLE");
 		given(this.authenticationConverter.convert(any())).willReturn(authentication);
 		given(this.authenticationManager.authenticate(any())).willReturn(authentication);
-
 		AuthenticationFilter filter = new AuthenticationFilter(this.authenticationManagerResolver,
 				this.authenticationConverter);
-
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", "/");
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		FilterChain chain = mock(FilterChain.class);
 		filter.doFilter(request, response, chain);
-
 		verify(this.authenticationManager).authenticate(any(Authentication.class));
 		verify(chain).doFilter(any(ServletRequest.class), any(ServletResponse.class));
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull();
@@ -158,15 +149,12 @@ public class AuthenticationFilterTests {
 		Authentication authentication = new TestingAuthenticationToken("test", "this", "ROLE");
 		given(this.authenticationConverter.convert(any())).willReturn(authentication);
 		given(this.authenticationManager.authenticate(any())).willThrow(new BadCredentialsException("failed"));
-
 		AuthenticationFilter filter = new AuthenticationFilter(this.authenticationManager,
 				this.authenticationConverter);
-
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", "/");
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		FilterChain chain = mock(FilterChain.class);
 		filter.doFilter(request, response, chain);
-
 		assertThat(response.getStatus()).isEqualTo(HttpStatus.UNAUTHORIZED.value());
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
 	}
@@ -177,15 +165,12 @@ public class AuthenticationFilterTests {
 		Authentication authentication = new TestingAuthenticationToken("test", "this", "ROLE");
 		given(this.authenticationConverter.convert(any())).willReturn(authentication);
 		given(this.authenticationManager.authenticate(any())).willThrow(new BadCredentialsException("failed"));
-
 		AuthenticationFilter filter = new AuthenticationFilter(this.authenticationManagerResolver,
 				this.authenticationConverter);
-
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", "/");
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		FilterChain chain = mock(FilterChain.class);
 		filter.doFilter(request, response, chain);
-
 		assertThat(response.getStatus()).isEqualTo(HttpStatus.UNAUTHORIZED.value());
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
 	}
@@ -195,11 +180,9 @@ public class AuthenticationFilterTests {
 		given(this.authenticationConverter.convert(any())).willReturn(null);
 		AuthenticationFilter filter = new AuthenticationFilter(this.authenticationManagerResolver,
 				this.authenticationConverter);
-
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", "/");
 		FilterChain chain = mock(FilterChain.class);
 		filter.doFilter(request, new MockHttpServletResponse(), chain);
-
 		verifyZeroInteractions(this.authenticationManagerResolver);
 		verify(chain).doFilter(any(ServletRequest.class), any(ServletResponse.class));
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
@@ -210,16 +193,13 @@ public class AuthenticationFilterTests {
 		Authentication authentication = new TestingAuthenticationToken("test", "this", "ROLE_USER");
 		given(this.authenticationConverter.convert(any())).willReturn(authentication);
 		given(this.authenticationManager.authenticate(any())).willReturn(authentication);
-
 		AuthenticationFilter filter = new AuthenticationFilter(this.authenticationManagerResolver,
 				this.authenticationConverter);
 		filter.setSuccessHandler(this.successHandler);
-
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", "/");
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		FilterChain chain = mock(FilterChain.class);
 		filter.doFilter(request, response, chain);
-
 		verify(this.successHandler).onAuthenticationSuccess(any(), any(), any(), eq(authentication));
 		verifyZeroInteractions(this.failureHandler);
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull();
@@ -230,11 +210,9 @@ public class AuthenticationFilterTests {
 		Authentication authentication = new TestingAuthenticationToken("test", "this", "ROLE_USER");
 		given(this.authenticationConverter.convert(any())).willReturn(authentication);
 		given(this.authenticationManager.authenticate(any())).willReturn(null);
-
 		AuthenticationFilter filter = new AuthenticationFilter(this.authenticationManagerResolver,
 				this.authenticationConverter);
 		filter.setSuccessHandler(this.successHandler);
-
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", "/");
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		FilterChain chain = mock(FilterChain.class);
@@ -244,7 +222,6 @@ public class AuthenticationFilterTests {
 		catch (ServletException ex) {
 			verifyZeroInteractions(this.successHandler);
 			assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
-
 			throw ex;
 		}
 	}
@@ -252,16 +229,13 @@ public class AuthenticationFilterTests {
 	@Test
 	public void filterWhenNotMatchAndConvertAndAuthenticationSuccessThenContinues() throws Exception {
 		given(this.requestMatcher.matches(any())).willReturn(false);
-
 		AuthenticationFilter filter = new AuthenticationFilter(this.authenticationManagerResolver,
 				this.authenticationConverter);
 		filter.setRequestMatcher(this.requestMatcher);
-
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", "/");
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		FilterChain chain = mock(FilterChain.class);
 		filter.doFilter(request, response, chain);
-
 		verifyZeroInteractions(this.authenticationConverter, this.authenticationManagerResolver, this.successHandler);
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
 	}
@@ -272,18 +246,15 @@ public class AuthenticationFilterTests {
 		Authentication authentication = new TestingAuthenticationToken("test", "this", "ROLE_USER");
 		given(this.authenticationConverter.convert(any())).willReturn(authentication);
 		given(this.authenticationManager.authenticate(any())).willReturn(authentication);
-
 		MockHttpSession session = new MockHttpSession();
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", "/");
 		request.setSession(session);
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		FilterChain chain = new MockFilterChain();
-
 		String sessionId = session.getId();
 		AuthenticationFilter filter = new AuthenticationFilter(this.authenticationManager,
 				this.authenticationConverter);
 		filter.doFilter(request, response, chain);
-
 		assertThat(session.getId()).isNotEqualTo(sessionId);
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/authentication/DefaultLoginPageGeneratingFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/DefaultLoginPageGeneratingFilterTests.java
index 2a3293e94a..825c9ca6b4 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/DefaultLoginPageGeneratingFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/DefaultLoginPageGeneratingFilterTests.java
@@ -60,9 +60,7 @@ public class DefaultLoginPageGeneratingFilterTests {
 		DefaultLoginPageGeneratingFilter filter = new DefaultLoginPageGeneratingFilter(
 				new UsernamePasswordAuthenticationFilter());
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		filter.doFilter(new MockHttpServletRequest("GET", "/login"), response, this.chain);
-
 		assertThat(response.getContentAsString()).isNotEmpty();
 	}
 
@@ -71,10 +69,8 @@ public class DefaultLoginPageGeneratingFilterTests {
 		DefaultLoginPageGeneratingFilter filter = new DefaultLoginPageGeneratingFilter(
 				new UsernamePasswordAuthenticationFilter());
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		MockHttpServletRequest request = new MockHttpServletRequest("POST", "/login");
 		filter.doFilter(request, response, this.chain);
-
 		assertThat(response.getContentAsString()).isEmpty();
 	}
 
@@ -83,11 +79,9 @@ public class DefaultLoginPageGeneratingFilterTests {
 		DefaultLoginPageGeneratingFilter filter = new DefaultLoginPageGeneratingFilter(
 				new UsernamePasswordAuthenticationFilter());
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", "/context/login");
 		request.setContextPath("/context");
 		filter.doFilter(request, response, this.chain);
-
 		assertThat(response.getContentAsString()).isNotEmpty();
 	}
 
@@ -96,9 +90,7 @@ public class DefaultLoginPageGeneratingFilterTests {
 		DefaultLoginPageGeneratingFilter filter = new DefaultLoginPageGeneratingFilter(
 				new UsernamePasswordAuthenticationFilter());
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		filter.doFilter(new MockHttpServletRequest("GET", "/api/login"), response, this.chain);
-
 		assertThat(response.getContentAsString()).isEmpty();
 	}
 
@@ -107,12 +99,9 @@ public class DefaultLoginPageGeneratingFilterTests {
 		DefaultLoginPageGeneratingFilter filter = new DefaultLoginPageGeneratingFilter(
 				new UsernamePasswordAuthenticationFilter());
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", "/login");
 		request.setQueryString("error");
-
 		filter.doFilter(request, response, this.chain);
-
 		assertThat(response.getContentAsString()).isNotEmpty();
 	}
 
@@ -136,12 +125,9 @@ public class DefaultLoginPageGeneratingFilterTests {
 		DefaultLoginPageGeneratingFilter filter = new DefaultLoginPageGeneratingFilter(
 				new UsernamePasswordAuthenticationFilter());
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", "/login");
 		request.setQueryString("not");
-
 		filter.doFilter(request, response, this.chain);
-
 		assertThat(response.getContentAsString()).isEmpty();
 	}
 
@@ -162,7 +148,6 @@ public class DefaultLoginPageGeneratingFilterTests {
 		String message = messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials",
 				"Bad credentials", Locale.KOREA);
 		request.getSession().setAttribute(WebAttributes.AUTHENTICATION_EXCEPTION, new BadCredentialsException(message));
-
 		filter.doFilter(request, new MockHttpServletResponse(), this.chain);
 	}
 
@@ -172,14 +157,11 @@ public class DefaultLoginPageGeneratingFilterTests {
 		DefaultLoginPageGeneratingFilter filter = new DefaultLoginPageGeneratingFilter();
 		filter.setLoginPageUrl(DefaultLoginPageGeneratingFilter.DEFAULT_LOGIN_PAGE_URL);
 		filter.setOauth2LoginEnabled(true);
-
 		String clientName = "Google < > \" \' &";
 		filter.setOauth2AuthenticationUrlToClientName(
 				Collections.singletonMap("/oauth2/authorization/google", clientName));
-
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		filter.doFilter(new MockHttpServletRequest("GET", "/login"), response, this.chain);
-
 		assertThat(response.getContentAsString())
 				.contains("<a href=\"/oauth2/authorization/google\">Google &lt; &gt; &quot; &#39; &amp;</a>");
 	}
@@ -189,13 +171,10 @@ public class DefaultLoginPageGeneratingFilterTests {
 		DefaultLoginPageGeneratingFilter filter = new DefaultLoginPageGeneratingFilter();
 		filter.setLoginPageUrl(DefaultLoginPageGeneratingFilter.DEFAULT_LOGIN_PAGE_URL);
 		filter.setSaml2LoginEnabled(true);
-
 		String clientName = "Google < > \" \' &";
 		filter.setSaml2AuthenticationUrlToProviderName(Collections.singletonMap("/saml/sso/google", clientName));
-
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		filter.doFilter(new MockHttpServletRequest("GET", "/login"), response, this.chain);
-
 		assertThat(response.getContentAsString()).contains("Login with SAML 2.0");
 		assertThat(response.getContentAsString())
 				.contains("<a href=\"/saml/sso/google\">Google &lt; &gt; &quot; &#39; &amp;</a>");
diff --git a/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPointContextTests.java b/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPointContextTests.java
index 0033fa13f1..c2abbe1a44 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPointContextTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPointContextTests.java
@@ -61,7 +61,6 @@ public class DelegatingAuthenticationEntryPointContextTests {
 		verify(this.firstAEP).commence(request, null, null);
 		verify(this.defaultAEP, never()).commence(any(HttpServletRequest.class), any(HttpServletResponse.class),
 				any(AuthenticationException.class));
-
 	}
 
 	@Test
@@ -73,7 +72,6 @@ public class DelegatingAuthenticationEntryPointContextTests {
 		verify(this.defaultAEP).commence(request, null, null);
 		verify(this.firstAEP, never()).commence(any(HttpServletRequest.class), any(HttpServletResponse.class),
 				any(AuthenticationException.class));
-
 	}
 
 }
diff --git a/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPointTests.java b/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPointTests.java
index ff9068b8f6..fa93a45b63 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPointTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPointTests.java
@@ -63,9 +63,7 @@ public class DelegatingAuthenticationEntryPointTests {
 		RequestMatcher firstRM = mock(RequestMatcher.class);
 		given(firstRM.matches(this.request)).willReturn(false);
 		this.entryPoints.put(firstRM, firstAEP);
-
 		this.daep.commence(this.request, null, null);
-
 		verify(this.defaultEntryPoint).commence(this.request, null, null);
 		verify(firstAEP, never()).commence(this.request, null, null);
 	}
@@ -79,9 +77,7 @@ public class DelegatingAuthenticationEntryPointTests {
 		given(firstRM.matches(this.request)).willReturn(true);
 		this.entryPoints.put(firstRM, firstAEP);
 		this.entryPoints.put(secondRM, secondAEP);
-
 		this.daep.commence(this.request, null, null);
-
 		verify(firstAEP).commence(this.request, null, null);
 		verify(secondAEP, never()).commence(this.request, null, null);
 		verify(this.defaultEntryPoint, never()).commence(this.request, null, null);
@@ -98,9 +94,7 @@ public class DelegatingAuthenticationEntryPointTests {
 		given(secondRM.matches(this.request)).willReturn(true);
 		this.entryPoints.put(firstRM, firstAEP);
 		this.entryPoints.put(secondRM, secondAEP);
-
 		this.daep.commence(this.request, null, null);
-
 		verify(secondAEP).commence(this.request, null, null);
 		verify(firstAEP, never()).commence(this.request, null, null);
 		verify(this.defaultEntryPoint, never()).commence(this.request, null, null);
diff --git a/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationFailureHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationFailureHandlerTests.java
index e896523bb6..196028a094 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationFailureHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationFailureHandlerTests.java
@@ -79,10 +79,8 @@ public class DelegatingAuthenticationFailureHandlerTests {
 	public void handleByDefaultHandler() throws Exception {
 		this.handlers.put(BadCredentialsException.class, this.handler1);
 		this.handler = new DelegatingAuthenticationFailureHandler(this.handlers, this.defaultHandler);
-
 		AuthenticationException exception = new AccountExpiredException("");
 		this.handler.onAuthenticationFailure(this.request, this.response, exception);
-
 		verifyZeroInteractions(this.handler1, this.handler2);
 		verify(this.defaultHandler).onAuthenticationFailure(this.request, this.response, exception);
 	}
@@ -92,10 +90,8 @@ public class DelegatingAuthenticationFailureHandlerTests {
 		this.handlers.put(BadCredentialsException.class, this.handler1); // same type
 		this.handlers.put(AccountStatusException.class, this.handler2);
 		this.handler = new DelegatingAuthenticationFailureHandler(this.handlers, this.defaultHandler);
-
 		AuthenticationException exception = new BadCredentialsException("");
 		this.handler.onAuthenticationFailure(this.request, this.response, exception);
-
 		verifyZeroInteractions(this.handler2, this.defaultHandler);
 		verify(this.handler1).onAuthenticationFailure(this.request, this.response, exception);
 	}
@@ -106,43 +102,32 @@ public class DelegatingAuthenticationFailureHandlerTests {
 		this.handlers.put(AccountStatusException.class, this.handler2); // super type of
 		// CredentialsExpiredException
 		this.handler = new DelegatingAuthenticationFailureHandler(this.handlers, this.defaultHandler);
-
 		AuthenticationException exception = new CredentialsExpiredException("");
 		this.handler.onAuthenticationFailure(this.request, this.response, exception);
-
 		verifyZeroInteractions(this.handler1, this.defaultHandler);
 		verify(this.handler2).onAuthenticationFailure(this.request, this.response, exception);
 	}
 
 	@Test
 	public void handlersIsNull() {
-
 		this.thrown.expect(IllegalArgumentException.class);
 		this.thrown.expectMessage("handlers cannot be null or empty");
-
 		new DelegatingAuthenticationFailureHandler(null, this.defaultHandler);
-
 	}
 
 	@Test
 	public void handlersIsEmpty() {
-
 		this.thrown.expect(IllegalArgumentException.class);
 		this.thrown.expectMessage("handlers cannot be null or empty");
-
 		new DelegatingAuthenticationFailureHandler(this.handlers, this.defaultHandler);
-
 	}
 
 	@Test
 	public void defaultHandlerIsNull() {
-
 		this.thrown.expect(IllegalArgumentException.class);
 		this.thrown.expectMessage("defaultHandler cannot be null");
-
 		this.handlers.put(BadCredentialsException.class, this.handler1);
 		new DelegatingAuthenticationFailureHandler(this.handlers, null);
-
 	}
 
 }
diff --git a/web/src/test/java/org/springframework/security/web/authentication/ExceptionMappingAuthenticationFailureHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/ExceptionMappingAuthenticationFailureHandlerTests.java
index bbcc57781a..d1bd83afc0 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/ExceptionMappingAuthenticationFailureHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/ExceptionMappingAuthenticationFailureHandlerTests.java
@@ -37,7 +37,6 @@ public class ExceptionMappingAuthenticationFailureHandlerTests {
 		fh.setDefaultFailureUrl("/failed");
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		fh.onAuthenticationFailure(new MockHttpServletRequest(), response, new BadCredentialsException(""));
-
 		assertThat(response.getRedirectedUrl()).isEqualTo("/failed");
 	}
 
@@ -50,7 +49,6 @@ public class ExceptionMappingAuthenticationFailureHandlerTests {
 		fh.setDefaultFailureUrl("/failed");
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		fh.onAuthenticationFailure(new MockHttpServletRequest(), response, new BadCredentialsException(""));
-
 		assertThat(response.getRedirectedUrl()).isEqualTo("/badcreds");
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/authentication/ForwardAuthenticaionSuccessHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/ForwardAuthenticaionSuccessHandlerTests.java
index 8102ea6e5f..7fa410ecbb 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/ForwardAuthenticaionSuccessHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/ForwardAuthenticaionSuccessHandlerTests.java
@@ -48,13 +48,10 @@ public class ForwardAuthenticaionSuccessHandlerTests {
 	@Test
 	public void responseIsForwarded() throws Exception {
 		ForwardAuthenticationSuccessHandler fash = new ForwardAuthenticationSuccessHandler("/forwardUrl");
-
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		Authentication authentication = mock(Authentication.class);
-
 		fash.onAuthenticationSuccess(request, response, authentication);
-
 		assertThat(response.getForwardedUrl()).isEqualTo("/forwardUrl");
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/authentication/ForwardAuthenticationFailureHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/ForwardAuthenticationFailureHandlerTests.java
index 4701fe1ad5..343726228a 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/ForwardAuthenticationFailureHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/ForwardAuthenticationFailureHandlerTests.java
@@ -48,13 +48,10 @@ public class ForwardAuthenticationFailureHandlerTests {
 	@Test
 	public void responseIsForwarded() throws Exception {
 		ForwardAuthenticationFailureHandler fafh = new ForwardAuthenticationFailureHandler("/forwardUrl");
-
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		AuthenticationException e = mock(AuthenticationException.class);
-
 		fafh.onAuthenticationFailure(request, response, e);
-
 		assertThat(response.getForwardedUrl()).isEqualTo("/forwardUrl");
 		assertThat(request.getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION)).isEqualTo(e);
 	}
diff --git a/web/src/test/java/org/springframework/security/web/authentication/HttpStatusEntryPointTests.java b/web/src/test/java/org/springframework/security/web/authentication/HttpStatusEntryPointTests.java
index f3ec882629..150c4e1951 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/HttpStatusEntryPointTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/HttpStatusEntryPointTests.java
@@ -58,7 +58,6 @@ public class HttpStatusEntryPointTests {
 	@Test
 	public void unauthorized() throws Exception {
 		this.entryPoint.commence(this.request, this.response, this.authException);
-
 		assertThat(this.response.getStatus()).isEqualTo(HttpStatus.UNAUTHORIZED.value());
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/authentication/LoginUrlAuthenticationEntryPointTests.java b/web/src/test/java/org/springframework/security/web/authentication/LoginUrlAuthenticationEntryPointTests.java
index 0754b7803c..72d6942ac3 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/LoginUrlAuthenticationEntryPointTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/LoginUrlAuthenticationEntryPointTests.java
@@ -61,7 +61,6 @@ public class LoginUrlAuthenticationEntryPointTests {
 		assertThat(ep.getLoginFormUrl()).isEqualTo("/hello");
 		assertThat(ep.getPortMapper() != null).isTrue();
 		assertThat(ep.getPortResolver() != null).isTrue();
-
 		ep.setForceHttps(false);
 		assertThat(ep.isForceHttps()).isFalse();
 		ep.setForceHttps(true);
@@ -79,44 +78,36 @@ public class LoginUrlAuthenticationEntryPointTests {
 		request.setServerName("www.example.com");
 		request.setContextPath("/bigWebApp");
 		request.setServerPort(80);
-
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		LoginUrlAuthenticationEntryPoint ep = new LoginUrlAuthenticationEntryPoint("/hello");
 		ep.setPortMapper(new PortMapperImpl());
 		ep.setForceHttps(true);
 		ep.setPortMapper(new PortMapperImpl());
 		ep.setPortResolver(new MockPortResolver(80, 443));
 		ep.afterPropertiesSet();
-
 		ep.commence(request, response, null);
 		assertThat(response.getRedirectedUrl()).isEqualTo("https://www.example.com/bigWebApp/hello");
-
 		request.setServerPort(8080);
 		response = new MockHttpServletResponse();
 		ep.setPortResolver(new MockPortResolver(8080, 8443));
 		ep.commence(request, response, null);
 		assertThat(response.getRedirectedUrl()).isEqualTo("https://www.example.com:8443/bigWebApp/hello");
-
 		// Now test an unusual custom HTTP:HTTPS is handled properly
 		request.setServerPort(8888);
 		response = new MockHttpServletResponse();
 		ep.commence(request, response, null);
 		assertThat(response.getRedirectedUrl()).isEqualTo("https://www.example.com:8443/bigWebApp/hello");
-
 		PortMapperImpl portMapper = new PortMapperImpl();
 		Map<String, String> map = new HashMap<>();
 		map.put("8888", "9999");
 		portMapper.setPortMappings(map);
 		response = new MockHttpServletResponse();
-
 		ep = new LoginUrlAuthenticationEntryPoint("/hello");
 		ep.setPortMapper(new PortMapperImpl());
 		ep.setForceHttps(true);
 		ep.setPortMapper(portMapper);
 		ep.setPortResolver(new MockPortResolver(8888, 9999));
 		ep.afterPropertiesSet();
-
 		ep.commence(request, response, null);
 		assertThat(response.getRedirectedUrl()).isEqualTo("https://www.example.com:9999/bigWebApp/hello");
 	}
@@ -129,19 +120,15 @@ public class LoginUrlAuthenticationEntryPointTests {
 		request.setServerName("www.example.com");
 		request.setContextPath("/bigWebApp");
 		request.setServerPort(443);
-
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		LoginUrlAuthenticationEntryPoint ep = new LoginUrlAuthenticationEntryPoint("/hello");
 		ep.setPortMapper(new PortMapperImpl());
 		ep.setForceHttps(true);
 		ep.setPortMapper(new PortMapperImpl());
 		ep.setPortResolver(new MockPortResolver(80, 443));
 		ep.afterPropertiesSet();
-
 		ep.commence(request, response, null);
 		assertThat(response.getRedirectedUrl()).isEqualTo("https://www.example.com/bigWebApp/hello");
-
 		request.setServerPort(8443);
 		response = new MockHttpServletResponse();
 		ep.setPortResolver(new MockPortResolver(8080, 8443));
@@ -155,7 +142,6 @@ public class LoginUrlAuthenticationEntryPointTests {
 		ep.setPortMapper(new PortMapperImpl());
 		ep.setPortResolver(new MockPortResolver(80, 443));
 		ep.afterPropertiesSet();
-
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setRequestURI("/some_path");
 		request.setContextPath("/bigWebApp");
@@ -163,9 +149,7 @@ public class LoginUrlAuthenticationEntryPointTests {
 		request.setServerName("localhost");
 		request.setContextPath("/bigWebApp");
 		request.setServerPort(80);
-
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		ep.commence(request, response, null);
 		assertThat(response.getRedirectedUrl()).isEqualTo("http://localhost/bigWebApp/hello");
 	}
@@ -176,7 +160,6 @@ public class LoginUrlAuthenticationEntryPointTests {
 		ep.setPortResolver(new MockPortResolver(8888, 1234));
 		ep.setForceHttps(true);
 		ep.afterPropertiesSet();
-
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setRequestURI("/some_path");
 		request.setContextPath("/bigWebApp");
@@ -184,11 +167,8 @@ public class LoginUrlAuthenticationEntryPointTests {
 		request.setServerName("localhost");
 		request.setContextPath("/bigWebApp");
 		request.setServerPort(8888); // NB: Port we can't resolve
-
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		ep.commence(request, response, null);
-
 		// Response doesn't switch to HTTPS, as we didn't know HTTP port 8888 to HTTP port
 		// mapping
 		assertThat(response.getRedirectedUrl()).isEqualTo("http://localhost:8888/bigWebApp/hello");
@@ -207,9 +187,7 @@ public class LoginUrlAuthenticationEntryPointTests {
 		request.setServerName("www.example.com");
 		request.setContextPath("/bigWebApp");
 		request.setServerPort(80);
-
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		ep.commence(request, response, null);
 		assertThat(response.getForwardedUrl()).isEqualTo("/hello");
 	}
@@ -228,9 +206,7 @@ public class LoginUrlAuthenticationEntryPointTests {
 		request.setServerName("www.example.com");
 		request.setContextPath("/bigWebApp");
 		request.setServerPort(80);
-
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		ep.commence(request, response, null);
 		assertThat(response.getRedirectedUrl()).isEqualTo("https://www.example.com/bigWebApp/some_path");
 	}
diff --git a/web/src/test/java/org/springframework/security/web/authentication/SavedRequestAwareAuthenticationSuccessHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/SavedRequestAwareAuthenticationSuccessHandlerTests.java
index b8e50844d9..61bfc56446 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/SavedRequestAwareAuthenticationSuccessHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/SavedRequestAwareAuthenticationSuccessHandlerTests.java
@@ -35,11 +35,9 @@ public class SavedRequestAwareAuthenticationSuccessHandlerTests {
 	@Test
 	public void defaultUrlMuststartWithSlashOrHttpScheme() {
 		SavedRequestAwareAuthenticationSuccessHandler handler = new SavedRequestAwareAuthenticationSuccessHandler();
-
 		handler.setDefaultTargetUrl("/acceptableRelativeUrl");
 		handler.setDefaultTargetUrl("https://some.site.org/index.html");
 		handler.setDefaultTargetUrl("https://some.site.org/index.html");
-
 		try {
 			handler.setDefaultTargetUrl("missingSlash");
 			fail("Shouldn't accept default target without leading slash");
@@ -58,12 +56,10 @@ public class SavedRequestAwareAuthenticationSuccessHandlerTests {
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		given(savedRequest.getRedirectUrl()).willReturn(redirectUrl);
 		given(requestCache.getRequest(request, response)).willReturn(savedRequest);
-
 		SavedRequestAwareAuthenticationSuccessHandler handler = new SavedRequestAwareAuthenticationSuccessHandler();
 		handler.setRequestCache(requestCache);
 		handler.setRedirectStrategy(redirectStrategy);
 		handler.onAuthenticationSuccess(request, response, mock(Authentication.class));
-
 		verify(redirectStrategy).sendRedirect(request, response, redirectUrl);
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationFailureHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationFailureHandlerTests.java
index ad536450f6..732ecc0f41 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationFailureHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationFailureHandlerTests.java
@@ -40,7 +40,6 @@ public class SimpleUrlAuthenticationFailureHandlerTests {
 		assertThat(afh.getRedirectStrategy()).isSameAs(rs);
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		afh.onAuthenticationFailure(request, response, mock(AuthenticationException.class));
 		assertThat(response.getStatus()).isEqualTo(401);
 	}
@@ -51,9 +50,7 @@ public class SimpleUrlAuthenticationFailureHandlerTests {
 		afh.setDefaultFailureUrl("/target");
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		AuthenticationException e = mock(AuthenticationException.class);
-
 		afh.onAuthenticationFailure(request, response, e);
 		assertThat(request.getSession().getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION)).isSameAs(e);
 		assertThat(response.getRedirectedUrl()).isEqualTo("/target");
@@ -66,7 +63,6 @@ public class SimpleUrlAuthenticationFailureHandlerTests {
 		assertThat(afh.isAllowSessionCreation()).isFalse();
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		afh.onAuthenticationFailure(request, response, mock(AuthenticationException.class));
 		assertThat(request.getSession(false)).isNull();
 	}
@@ -77,11 +73,9 @@ public class SimpleUrlAuthenticationFailureHandlerTests {
 		SimpleUrlAuthenticationFailureHandler afh = new SimpleUrlAuthenticationFailureHandler("/target");
 		afh.setUseForward(true);
 		assertThat(afh.isUseForward()).isTrue();
-
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		AuthenticationException e = mock(AuthenticationException.class);
-
 		afh.onAuthenticationFailure(request, response, e);
 		assertThat(request.getSession(false)).isNull();
 		assertThat(response.getRedirectedUrl()).isNull();
diff --git a/web/src/test/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationSuccessHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationSuccessHandlerTests.java
index d4e54686d2..1088261612 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationSuccessHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationSuccessHandlerTests.java
@@ -34,12 +34,9 @@ public class SimpleUrlAuthenticationSuccessHandlerTests {
 	@Test
 	public void defaultTargetUrlIsUsedIfNoOtherInformationSet() throws Exception {
 		SimpleUrlAuthenticationSuccessHandler ash = new SimpleUrlAuthenticationSuccessHandler();
-
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		ash.onAuthenticationSuccess(request, response, mock(Authentication.class));
-
 		assertThat(response.getRedirectedUrl()).isEqualTo("/");
 	}
 
@@ -50,7 +47,6 @@ public class SimpleUrlAuthenticationSuccessHandlerTests {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		response.setCommitted(true);
-
 		ash.onAuthenticationSuccess(request, response, mock(Authentication.class));
 		assertThat(response.getRedirectedUrl()).isNull();
 	}
@@ -64,10 +60,8 @@ public class SimpleUrlAuthenticationSuccessHandlerTests {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		request.setParameter("targetUrl", "/target");
-
 		ash.onAuthenticationSuccess(request, response, mock(Authentication.class));
 		assertThat(response.getRedirectedUrl()).isEqualTo("/defaultTarget");
-
 		// Try with parameter set
 		ash.setTargetUrlParameter("targetUrl");
 		response = new MockHttpServletResponse();
@@ -82,7 +76,6 @@ public class SimpleUrlAuthenticationSuccessHandlerTests {
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		ash.setUseReferer(true);
 		request.addHeader("Referer", "https://www.springsource.com/");
-
 		ash.onAuthenticationSuccess(request, response, mock(Authentication.class));
 		assertThat(response.getRedirectedUrl()).isEqualTo("https://www.springsource.com/");
 	}
@@ -96,9 +89,7 @@ public class SimpleUrlAuthenticationSuccessHandlerTests {
 		ash.setDefaultTargetUrl("https://monkeymachine.co.uk/");
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		ash.onAuthenticationSuccess(request, response, mock(Authentication.class));
-
 		assertThat(response.getRedirectedUrl()).isEqualTo("https://monkeymachine.co.uk/");
 	}
 
@@ -113,14 +104,12 @@ public class SimpleUrlAuthenticationSuccessHandlerTests {
 	@Test
 	public void setTargetUrlParameterEmptyTargetUrlParameter() {
 		SimpleUrlAuthenticationSuccessHandler ash = new SimpleUrlAuthenticationSuccessHandler();
-
 		try {
 			ash.setTargetUrlParameter("");
 			fail("Expected Exception");
 		}
 		catch (IllegalArgumentException success) {
 		}
-
 		try {
 			ash.setTargetUrlParameter("   ");
 			fail("Expected Exception");
diff --git a/web/src/test/java/org/springframework/security/web/authentication/UsernamePasswordAuthenticationFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/UsernamePasswordAuthenticationFilterTests.java
index 157e42fb12..cfc5c35666 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/UsernamePasswordAuthenticationFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/UsernamePasswordAuthenticationFilterTests.java
@@ -44,11 +44,9 @@ public class UsernamePasswordAuthenticationFilterTests {
 		MockHttpServletRequest request = new MockHttpServletRequest("POST", "/");
 		request.addParameter(UsernamePasswordAuthenticationFilter.SPRING_SECURITY_FORM_USERNAME_KEY, "rod");
 		request.addParameter(UsernamePasswordAuthenticationFilter.SPRING_SECURITY_FORM_PASSWORD_KEY, "koala");
-
 		UsernamePasswordAuthenticationFilter filter = new UsernamePasswordAuthenticationFilter();
 		filter.setAuthenticationManager(createAuthenticationManager());
 		// filter.init(null);
-
 		Authentication result = filter.attemptAuthentication(request, new MockHttpServletResponse());
 		assertThat(result != null).isTrue();
 		assertThat(((WebAuthenticationDetails) result.getDetails()).getRemoteAddress()).isEqualTo("127.0.0.1");
@@ -59,10 +57,8 @@ public class UsernamePasswordAuthenticationFilterTests {
 		MockHttpServletRequest request = new MockHttpServletRequest("POST", "/");
 		request.addParameter(UsernamePasswordAuthenticationFilter.SPRING_SECURITY_FORM_USERNAME_KEY, "rod");
 		request.addParameter(UsernamePasswordAuthenticationFilter.SPRING_SECURITY_FORM_PASSWORD_KEY, "dokdo");
-
 		UsernamePasswordAuthenticationFilter filter = new UsernamePasswordAuthenticationFilter(
 				createAuthenticationManager());
-
 		Authentication result = filter.attemptAuthentication(request, new MockHttpServletResponse());
 		assertThat(result).isNotNull();
 	}
@@ -71,7 +67,6 @@ public class UsernamePasswordAuthenticationFilterTests {
 	public void testNullPasswordHandledGracefully() {
 		MockHttpServletRequest request = new MockHttpServletRequest("POST", "/");
 		request.addParameter(UsernamePasswordAuthenticationFilter.SPRING_SECURITY_FORM_USERNAME_KEY, "rod");
-
 		UsernamePasswordAuthenticationFilter filter = new UsernamePasswordAuthenticationFilter();
 		filter.setAuthenticationManager(createAuthenticationManager());
 		assertThat(filter.attemptAuthentication(request, new MockHttpServletResponse())).isNotNull();
@@ -81,7 +76,6 @@ public class UsernamePasswordAuthenticationFilterTests {
 	public void testNullUsernameHandledGracefully() {
 		MockHttpServletRequest request = new MockHttpServletRequest("POST", "/");
 		request.addParameter(UsernamePasswordAuthenticationFilter.SPRING_SECURITY_FORM_PASSWORD_KEY, "koala");
-
 		UsernamePasswordAuthenticationFilter filter = new UsernamePasswordAuthenticationFilter();
 		filter.setAuthenticationManager(createAuthenticationManager());
 		assertThat(filter.attemptAuthentication(request, new MockHttpServletResponse())).isNotNull();
@@ -93,11 +87,9 @@ public class UsernamePasswordAuthenticationFilterTests {
 		filter.setAuthenticationManager(createAuthenticationManager());
 		filter.setUsernameParameter("x");
 		filter.setPasswordParameter("y");
-
 		MockHttpServletRequest request = new MockHttpServletRequest("POST", "/");
 		request.addParameter("x", "rod");
 		request.addParameter("y", "koala");
-
 		Authentication result = filter.attemptAuthentication(request, new MockHttpServletResponse());
 		assertThat(result).isNotNull();
 		assertThat(((WebAuthenticationDetails) result.getDetails()).getRemoteAddress()).isEqualTo("127.0.0.1");
@@ -108,10 +100,8 @@ public class UsernamePasswordAuthenticationFilterTests {
 		MockHttpServletRequest request = new MockHttpServletRequest("POST", "/");
 		request.addParameter(UsernamePasswordAuthenticationFilter.SPRING_SECURITY_FORM_USERNAME_KEY, " rod ");
 		request.addParameter(UsernamePasswordAuthenticationFilter.SPRING_SECURITY_FORM_PASSWORD_KEY, "koala");
-
 		UsernamePasswordAuthenticationFilter filter = new UsernamePasswordAuthenticationFilter();
 		filter.setAuthenticationManager(createAuthenticationManager());
-
 		Authentication result = filter.attemptAuthentication(request, new MockHttpServletResponse());
 		assertThat(result.getName()).isEqualTo("rod");
 	}
@@ -124,7 +114,6 @@ public class UsernamePasswordAuthenticationFilterTests {
 		AuthenticationManager am = mock(AuthenticationManager.class);
 		given(am.authenticate(any(Authentication.class))).willThrow(new BadCredentialsException(""));
 		filter.setAuthenticationManager(am);
-
 		try {
 			filter.attemptAuthentication(request, new MockHttpServletResponse());
 			fail("Expected AuthenticationException");
@@ -140,13 +129,10 @@ public class UsernamePasswordAuthenticationFilterTests {
 	public void noSessionIsCreatedIfAllowSessionCreationIsFalse() {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setMethod("POST");
-
 		UsernamePasswordAuthenticationFilter filter = new UsernamePasswordAuthenticationFilter();
 		filter.setAllowSessionCreation(false);
 		filter.setAuthenticationManager(createAuthenticationManager());
-
 		filter.attemptAuthentication(request, new MockHttpServletResponse());
-
 		assertThat(request.getSession(false)).isNull();
 	}
 
@@ -154,7 +140,6 @@ public class UsernamePasswordAuthenticationFilterTests {
 		AuthenticationManager am = mock(AuthenticationManager.class);
 		given(am.authenticate(any(Authentication.class)))
 				.willAnswer((Answer<Authentication>) (invocation) -> (Authentication) invocation.getArguments()[0]);
-
 		return am;
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/authentication/logout/CompositeLogoutHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/logout/CompositeLogoutHandlerTests.java
index 5db6228a6d..422311985a 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/logout/CompositeLogoutHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/logout/CompositeLogoutHandlerTests.java
@@ -59,11 +59,8 @@ public class CompositeLogoutHandlerTests {
 	public void callLogoutHandlersSuccessfullyWithArray() {
 		LogoutHandler securityContextLogoutHandler = mock(SecurityContextLogoutHandler.class);
 		LogoutHandler csrfLogoutHandler = mock(SecurityContextLogoutHandler.class);
-
 		LogoutHandler handler = new CompositeLogoutHandler(securityContextLogoutHandler, csrfLogoutHandler);
-
 		handler.logout(mock(HttpServletRequest.class), mock(HttpServletResponse.class), mock(Authentication.class));
-
 		verify(securityContextLogoutHandler, times(1)).logout(any(HttpServletRequest.class),
 				any(HttpServletResponse.class), any(Authentication.class));
 		verify(csrfLogoutHandler, times(1)).logout(any(HttpServletRequest.class), any(HttpServletResponse.class),
@@ -74,12 +71,9 @@ public class CompositeLogoutHandlerTests {
 	public void callLogoutHandlersSuccessfully() {
 		LogoutHandler securityContextLogoutHandler = mock(SecurityContextLogoutHandler.class);
 		LogoutHandler csrfLogoutHandler = mock(SecurityContextLogoutHandler.class);
-
 		List<LogoutHandler> logoutHandlers = Arrays.asList(securityContextLogoutHandler, csrfLogoutHandler);
 		LogoutHandler handler = new CompositeLogoutHandler(logoutHandlers);
-
 		handler.logout(mock(HttpServletRequest.class), mock(HttpServletResponse.class), mock(Authentication.class));
-
 		verify(securityContextLogoutHandler, times(1)).logout(any(HttpServletRequest.class),
 				any(HttpServletResponse.class), any(Authentication.class));
 		verify(csrfLogoutHandler, times(1)).logout(any(HttpServletRequest.class), any(HttpServletResponse.class),
@@ -90,22 +84,17 @@ public class CompositeLogoutHandlerTests {
 	public void callLogoutHandlersThrowException() {
 		LogoutHandler firstLogoutHandler = mock(LogoutHandler.class);
 		LogoutHandler secondLogoutHandler = mock(LogoutHandler.class);
-
 		willThrow(new IllegalArgumentException()).given(firstLogoutHandler).logout(any(HttpServletRequest.class),
 				any(HttpServletResponse.class), any(Authentication.class));
-
 		List<LogoutHandler> logoutHandlers = Arrays.asList(firstLogoutHandler, secondLogoutHandler);
 		LogoutHandler handler = new CompositeLogoutHandler(logoutHandlers);
-
 		try {
 			handler.logout(mock(HttpServletRequest.class), mock(HttpServletResponse.class), mock(Authentication.class));
 			fail("Expected Exception");
 		}
 		catch (IllegalArgumentException success) {
 		}
-
 		InOrder logoutHandlersInOrder = inOrder(firstLogoutHandler, secondLogoutHandler);
-
 		logoutHandlersInOrder.verify(firstLogoutHandler, times(1)).logout(any(HttpServletRequest.class),
 				any(HttpServletResponse.class), any(Authentication.class));
 		logoutHandlersInOrder.verify(secondLogoutHandler, never()).logout(any(HttpServletRequest.class),
diff --git a/web/src/test/java/org/springframework/security/web/authentication/logout/DelegatingLogoutSuccessHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/logout/DelegatingLogoutSuccessHandlerTests.java
index 288edf36de..82e547d356 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/logout/DelegatingLogoutSuccessHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/logout/DelegatingLogoutSuccessHandlerTests.java
@@ -81,9 +81,7 @@ public class DelegatingLogoutSuccessHandlerTests {
 	public void onLogoutSuccessFirstMatches() throws Exception {
 		this.delegatingHandler.setDefaultLogoutSuccessHandler(this.defaultHandler);
 		given(this.matcher.matches(this.request)).willReturn(true);
-
 		this.delegatingHandler.onLogoutSuccess(this.request, this.response, this.authentication);
-
 		verify(this.handler).onLogoutSuccess(this.request, this.response, this.authentication);
 		verifyZeroInteractions(this.matcher2, this.handler2, this.defaultHandler);
 	}
@@ -92,9 +90,7 @@ public class DelegatingLogoutSuccessHandlerTests {
 	public void onLogoutSuccessSecondMatches() throws Exception {
 		this.delegatingHandler.setDefaultLogoutSuccessHandler(this.defaultHandler);
 		given(this.matcher2.matches(this.request)).willReturn(true);
-
 		this.delegatingHandler.onLogoutSuccess(this.request, this.response, this.authentication);
-
 		verify(this.handler2).onLogoutSuccess(this.request, this.response, this.authentication);
 		verifyZeroInteractions(this.handler, this.defaultHandler);
 	}
@@ -102,18 +98,14 @@ public class DelegatingLogoutSuccessHandlerTests {
 	@Test
 	public void onLogoutSuccessDefault() throws Exception {
 		this.delegatingHandler.setDefaultLogoutSuccessHandler(this.defaultHandler);
-
 		this.delegatingHandler.onLogoutSuccess(this.request, this.response, this.authentication);
-
 		verify(this.defaultHandler).onLogoutSuccess(this.request, this.response, this.authentication);
 		verifyZeroInteractions(this.handler, this.handler2);
 	}
 
 	@Test
 	public void onLogoutSuccessNoMatchDefaultNull() throws Exception {
-
 		this.delegatingHandler.onLogoutSuccess(this.request, this.response, this.authentication);
-
 		verifyZeroInteractions(this.handler, this.handler2, this.defaultHandler);
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/authentication/logout/ForwardLogoutSuccessHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/logout/ForwardLogoutSuccessHandlerTests.java
index d4a95a3b71..4dfc0d8c73 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/logout/ForwardLogoutSuccessHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/logout/ForwardLogoutSuccessHandlerTests.java
@@ -40,20 +40,16 @@ public class ForwardLogoutSuccessHandlerTests {
 	@Test
 	public void invalidTargetUrl() {
 		String targetUrl = "not.valid";
-
 		this.thrown.expect(IllegalArgumentException.class);
 		this.thrown.expectMessage("'" + targetUrl + "' is not a valid target URL");
-
 		new ForwardLogoutSuccessHandler(targetUrl);
 	}
 
 	@Test
 	public void emptyTargetUrl() {
 		String targetUrl = " ";
-
 		this.thrown.expect(IllegalArgumentException.class);
 		this.thrown.expectMessage("'" + targetUrl + "' is not a valid target URL");
-
 		new ForwardLogoutSuccessHandler(targetUrl);
 	}
 
@@ -61,13 +57,10 @@ public class ForwardLogoutSuccessHandlerTests {
 	public void logoutSuccessIsHandled() throws Exception {
 		String targetUrl = "/login?logout";
 		ForwardLogoutSuccessHandler handler = new ForwardLogoutSuccessHandler(targetUrl);
-
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		Authentication authentication = mock(Authentication.class);
-
 		handler.onLogoutSuccess(request, response, authentication);
-
 		assertThat(response.getForwardedUrl()).isEqualTo(targetUrl);
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/authentication/logout/HeaderWriterLogoutHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/logout/HeaderWriterLogoutHandlerTests.java
index 716c164db1..da1211f284 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/logout/HeaderWriterLogoutHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/logout/HeaderWriterLogoutHandlerTests.java
@@ -53,7 +53,6 @@ public class HeaderWriterLogoutHandlerTests {
 	public void constructorWhenHeaderWriterIsNullThenThrowsException() {
 		this.thrown.expect(IllegalArgumentException.class);
 		this.thrown.expectMessage("headerWriter cannot be null");
-
 		new HeaderWriterLogoutHandler(null);
 	}
 
@@ -62,7 +61,6 @@ public class HeaderWriterLogoutHandlerTests {
 		HeaderWriter headerWriter = mock(HeaderWriter.class);
 		HeaderWriterLogoutHandler handler = new HeaderWriterLogoutHandler(headerWriter);
 		handler.logout(this.request, this.response, mock(Authentication.class));
-
 		verify(headerWriter).writeHeaders(this.request, this.response);
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/authentication/logout/HttpStatusReturningLogoutSuccessHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/logout/HttpStatusReturningLogoutSuccessHandlerTests.java
index d4e399c6b7..2065a83fed 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/logout/HttpStatusReturningLogoutSuccessHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/logout/HttpStatusReturningLogoutSuccessHandlerTests.java
@@ -35,12 +35,9 @@ public class HttpStatusReturningLogoutSuccessHandlerTests {
 	@Test
 	public void testDefaultHttpStatusBeingReturned() throws Exception {
 		final HttpStatusReturningLogoutSuccessHandler lsh = new HttpStatusReturningLogoutSuccessHandler();
-
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		lsh.onLogoutSuccess(request, response, mock(Authentication.class));
-
 		assertThat(request.getSession(false)).isNull();
 		assertThat(response.getRedirectedUrl()).isNull();
 		assertThat(response.getForwardedUrl()).isNull();
@@ -51,12 +48,9 @@ public class HttpStatusReturningLogoutSuccessHandlerTests {
 	public void testCustomHttpStatusBeingReturned() throws Exception {
 		final HttpStatusReturningLogoutSuccessHandler lsh = new HttpStatusReturningLogoutSuccessHandler(
 				HttpStatus.NO_CONTENT);
-
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		lsh.onLogoutSuccess(request, response, mock(Authentication.class));
-
 		assertThat(request.getSession(false)).isNull();
 		assertThat(response.getRedirectedUrl()).isNull();
 		assertThat(response.getForwardedUrl()).isNull();
@@ -65,7 +59,6 @@ public class HttpStatusReturningLogoutSuccessHandlerTests {
 
 	@Test
 	public void testThatSettNullHttpStatusThrowsException() {
-
 		try {
 			new HttpStatusReturningLogoutSuccessHandler(null);
 		}
@@ -73,7 +66,6 @@ public class HttpStatusReturningLogoutSuccessHandlerTests {
 			assertThat(ex).hasMessage("The provided HttpStatus must not be null.");
 			return;
 		}
-
 		fail("Expected an IllegalArgumentException to be thrown.");
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/authentication/logout/LogoutHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/logout/LogoutHandlerTests.java
index cc0067351f..814b009fff 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/logout/LogoutHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/logout/LogoutHandlerTests.java
@@ -41,11 +41,9 @@ public class LogoutHandlerTests {
 	public void testRequiresLogoutUrlWorksWithPathParams() {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		request.setRequestURI("/context/logout;someparam=blah?param=blah");
 		request.setServletPath("/logout;someparam=blah");
 		request.setQueryString("otherparam=blah");
-
 		DefaultHttpFirewall fw = new DefaultHttpFirewall();
 		assertThat(this.filter.requiresLogout(fw.getFirewalledRequest(request), response)).isTrue();
 	}
@@ -55,11 +53,9 @@ public class LogoutHandlerTests {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setContextPath("/context");
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		request.setServletPath("/logout");
 		request.setRequestURI("/context/logout?param=blah");
 		request.setQueryString("otherparam=blah");
-
 		assertThat(this.filter.requiresLogout(request, response)).isTrue();
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/authentication/logout/LogoutSuccessEventPublishingLogoutHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/logout/LogoutSuccessEventPublishingLogoutHandlerTests.java
index 31c2b4372d..69ecf1ccf6 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/logout/LogoutSuccessEventPublishingLogoutHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/logout/LogoutSuccessEventPublishingLogoutHandlerTests.java
@@ -37,9 +37,7 @@ public class LogoutSuccessEventPublishingLogoutHandlerTests {
 		LogoutSuccessEventPublishingLogoutHandler handler = new LogoutSuccessEventPublishingLogoutHandler();
 		LogoutAwareEventPublisher eventPublisher = new LogoutAwareEventPublisher();
 		handler.setApplicationEventPublisher(eventPublisher);
-
 		handler.logout(new MockHttpServletRequest(), new MockHttpServletResponse(), mock(Authentication.class));
-
 		assertThat(eventPublisher.flag).isTrue();
 	}
 
@@ -48,9 +46,7 @@ public class LogoutSuccessEventPublishingLogoutHandlerTests {
 		LogoutSuccessEventPublishingLogoutHandler handler = new LogoutSuccessEventPublishingLogoutHandler();
 		LogoutAwareEventPublisher eventPublisher = new LogoutAwareEventPublisher();
 		handler.setApplicationEventPublisher(eventPublisher);
-
 		handler.logout(new MockHttpServletRequest(), new MockHttpServletResponse(), null);
-
 		assertThat(eventPublisher.flag).isFalse();
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/authentication/logout/SecurityContextLogoutHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/logout/SecurityContextLogoutHandlerTests.java
index 34b73a69bf..c5a0024de5 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/logout/SecurityContextLogoutHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/logout/SecurityContextLogoutHandlerTests.java
@@ -46,9 +46,7 @@ public class SecurityContextLogoutHandlerTests {
 	public void setUp() {
 		this.request = new MockHttpServletRequest();
 		this.response = new MockHttpServletResponse();
-
 		this.handler = new SecurityContextLogoutHandler();
-
 		SecurityContext context = SecurityContextHolder.createEmptyContext();
 		context.setAuthentication(
 				new TestingAuthenticationToken("user", "password", AuthorityUtils.createAuthorityList("ROLE_USER")));
@@ -74,7 +72,6 @@ public class SecurityContextLogoutHandlerTests {
 		SecurityContext beforeContext = SecurityContextHolder.getContext();
 		Authentication beforeAuthentication = beforeContext.getAuthentication();
 		this.handler.logout(this.request, this.response, SecurityContextHolder.getContext().getAuthentication());
-
 		assertThat(beforeContext.getAuthentication()).isNotNull();
 		assertThat(beforeContext.getAuthentication()).isSameAs(beforeAuthentication);
 	}
diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilterTests.java
index ec318a9f33..d305e844e5 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilterTests.java
@@ -144,9 +144,7 @@ public class AbstractPreAuthenticatedProcessingFilterTests {
 		ConcretePreAuthenticatedProcessingFilter filter = new ConcretePreAuthenticatedProcessingFilter();
 		filter.principal = null;
 		filter.setCheckForPrincipalChanges(true);
-
 		filter.doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(), new MockFilterChain());
-
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
 	}
 
@@ -156,9 +154,7 @@ public class AbstractPreAuthenticatedProcessingFilterTests {
 		SecurityContextHolder.getContext().setAuthentication(authentication);
 		ConcretePreAuthenticatedProcessingFilter filter = new ConcretePreAuthenticatedProcessingFilter();
 		filter.principal = null;
-
 		filter.doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(), new MockFilterChain());
-
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isEqualTo(authentication);
 	}
 
@@ -170,16 +166,13 @@ public class AbstractPreAuthenticatedProcessingFilterTests {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		MockFilterChain chain = new MockFilterChain();
-
 		ConcretePreAuthenticatedProcessingFilter filter = new ConcretePreAuthenticatedProcessingFilter();
 		filter.setCheckForPrincipalChanges(true);
 		filter.principal = principal;
 		AuthenticationManager am = mock(AuthenticationManager.class);
 		filter.setAuthenticationManager(am);
 		filter.afterPropertiesSet();
-
 		filter.doFilter(request, response, chain);
-
 		verifyZeroInteractions(am);
 	}
 
@@ -192,16 +185,13 @@ public class AbstractPreAuthenticatedProcessingFilterTests {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		MockFilterChain chain = new MockFilterChain();
-
 		ConcretePreAuthenticatedProcessingFilter filter = new ConcretePreAuthenticatedProcessingFilter();
 		filter.setCheckForPrincipalChanges(true);
 		filter.principal = "newUser";
 		AuthenticationManager am = mock(AuthenticationManager.class);
 		filter.setAuthenticationManager(am);
 		filter.afterPropertiesSet();
-
 		filter.doFilter(request, response, chain);
-
 		verify(am).authenticate(any(PreAuthenticatedAuthenticationToken.class));
 	}
 
@@ -214,7 +204,6 @@ public class AbstractPreAuthenticatedProcessingFilterTests {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		MockFilterChain chain = new MockFilterChain();
-
 		ConcretePreAuthenticatedProcessingFilter filter = new ConcretePreAuthenticatedProcessingFilter();
 		filter.setAuthenticationSuccessHandler(new ForwardAuthenticationSuccessHandler("/forwardUrl"));
 		filter.setCheckForPrincipalChanges(true);
@@ -222,9 +211,7 @@ public class AbstractPreAuthenticatedProcessingFilterTests {
 		AuthenticationManager am = mock(AuthenticationManager.class);
 		filter.setAuthenticationManager(am);
 		filter.afterPropertiesSet();
-
 		filter.doFilter(request, response, chain);
-
 		verify(am).authenticate(any(PreAuthenticatedAuthenticationToken.class));
 		assertThat(response.getForwardedUrl()).isEqualTo("/forwardUrl");
 	}
@@ -234,7 +221,6 @@ public class AbstractPreAuthenticatedProcessingFilterTests {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		MockFilterChain chain = new MockFilterChain();
-
 		ConcretePreAuthenticatedProcessingFilter filter = new ConcretePreAuthenticatedProcessingFilter();
 		filter.setAuthenticationFailureHandler(new ForwardAuthenticationFailureHandler("/forwardUrl"));
 		filter.setCheckForPrincipalChanges(true);
@@ -243,9 +229,7 @@ public class AbstractPreAuthenticatedProcessingFilterTests {
 				.willThrow(new PreAuthenticatedCredentialsNotFoundException("invalid"));
 		filter.setAuthenticationManager(am);
 		filter.afterPropertiesSet();
-
 		filter.doFilter(request, response, chain);
-
 		verify(am).authenticate(any(PreAuthenticatedAuthenticationToken.class));
 		assertThat(response.getForwardedUrl()).isEqualTo("/forwardUrl");
 		assertThat(request.getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION)).isNotNull();
@@ -260,16 +244,13 @@ public class AbstractPreAuthenticatedProcessingFilterTests {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		MockFilterChain chain = new MockFilterChain();
-
 		ConcretePreAuthenticatedProcessingFilter filter = new ConcretePreAuthenticatedProcessingFilter();
 		filter.setCheckForPrincipalChanges(true);
 		filter.principal = principal;
 		AuthenticationManager am = mock(AuthenticationManager.class);
 		filter.setAuthenticationManager(am);
 		filter.afterPropertiesSet();
-
 		filter.doFilter(request, response, chain);
-
 		verifyZeroInteractions(am);
 	}
 
@@ -282,7 +263,6 @@ public class AbstractPreAuthenticatedProcessingFilterTests {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		MockFilterChain chain = new MockFilterChain();
-
 		ConcretePreAuthenticatedProcessingFilter filter = new ConcretePreAuthenticatedProcessingFilter();
 		filter.setCheckForPrincipalChanges(true);
 		filter.principal = new User(currentPrincipal.getUsername(), currentPrincipal.getPassword(),
@@ -290,9 +270,7 @@ public class AbstractPreAuthenticatedProcessingFilterTests {
 		AuthenticationManager am = mock(AuthenticationManager.class);
 		filter.setAuthenticationManager(am);
 		filter.afterPropertiesSet();
-
 		filter.doFilter(request, response, chain);
-
 		verifyZeroInteractions(am);
 	}
 
@@ -305,16 +283,13 @@ public class AbstractPreAuthenticatedProcessingFilterTests {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		MockFilterChain chain = new MockFilterChain();
-
 		ConcretePreAuthenticatedProcessingFilter filter = new ConcretePreAuthenticatedProcessingFilter();
 		filter.setCheckForPrincipalChanges(true);
 		filter.principal = new Object();
 		AuthenticationManager am = mock(AuthenticationManager.class);
 		filter.setAuthenticationManager(am);
 		filter.afterPropertiesSet();
-
 		filter.doFilter(request, response, chain);
-
 		verify(am).authenticate(any(PreAuthenticatedAuthenticationToken.class));
 	}
 
@@ -326,7 +301,6 @@ public class AbstractPreAuthenticatedProcessingFilterTests {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		MockFilterChain chain = new MockFilterChain();
-
 		ConcretePreAuthenticatedProcessingFilter filter = new ConcretePreAuthenticatedProcessingFilter() {
 			@Override
 			protected boolean principalChanged(HttpServletRequest request, Authentication currentAuthentication) {
@@ -338,9 +312,7 @@ public class AbstractPreAuthenticatedProcessingFilterTests {
 		AuthenticationManager am = mock(AuthenticationManager.class);
 		filter.setAuthenticationManager(am);
 		filter.afterPropertiesSet();
-
 		filter.doFilter(request, response, chain);
-
 		verify(am).authenticate(any(PreAuthenticatedAuthenticationToken.class));
 	}
 
@@ -352,7 +324,6 @@ public class AbstractPreAuthenticatedProcessingFilterTests {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		MockFilterChain chain = new MockFilterChain();
-
 		ConcretePreAuthenticatedProcessingFilter filter = new ConcretePreAuthenticatedProcessingFilter() {
 			@Override
 			protected boolean principalChanged(HttpServletRequest request, Authentication currentAuthentication) {
@@ -364,9 +335,7 @@ public class AbstractPreAuthenticatedProcessingFilterTests {
 		AuthenticationManager am = mock(AuthenticationManager.class);
 		filter.setAuthenticationManager(am);
 		filter.afterPropertiesSet();
-
 		filter.doFilter(request, response, chain);
-
 		verifyZeroInteractions(am);
 	}
 
@@ -375,16 +344,12 @@ public class AbstractPreAuthenticatedProcessingFilterTests {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		MockFilterChain chain = new MockFilterChain();
-
 		ConcretePreAuthenticatedProcessingFilter filter = new ConcretePreAuthenticatedProcessingFilter();
 		filter.setRequiresAuthenticationRequestMatcher(new AntPathRequestMatcher("/no-matching"));
-
 		AuthenticationManager am = mock(AuthenticationManager.class);
 		filter.setAuthenticationManager(am);
 		filter.afterPropertiesSet();
-
 		filter.doFilter(request, response, chain);
-
 		verifyZeroInteractions(am);
 	}
 
@@ -393,18 +358,13 @@ public class AbstractPreAuthenticatedProcessingFilterTests {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		MockFilterChain chain = new MockFilterChain();
-
 		ConcretePreAuthenticatedProcessingFilter filter = new ConcretePreAuthenticatedProcessingFilter();
 		filter.setRequiresAuthenticationRequestMatcher(new AntPathRequestMatcher("/**"));
-
 		AuthenticationManager am = mock(AuthenticationManager.class);
 		filter.setAuthenticationManager(am);
 		filter.afterPropertiesSet();
-
 		filter.doFilter(request, response, chain);
-
 		verify(am).authenticate(any(PreAuthenticatedAuthenticationToken.class));
-
 	}
 
 	private void testDoFilter(boolean grantAccess) throws Exception {
@@ -417,7 +377,6 @@ public class AbstractPreAuthenticatedProcessingFilterTests {
 	private static ConcretePreAuthenticatedProcessingFilter getFilter(boolean grantAccess) {
 		ConcretePreAuthenticatedProcessingFilter filter = new ConcretePreAuthenticatedProcessingFilter();
 		AuthenticationManager am = mock(AuthenticationManager.class);
-
 		if (!grantAccess) {
 			given(am.authenticate(any(Authentication.class))).willThrow(new BadCredentialsException(""));
 		}
@@ -425,7 +384,6 @@ public class AbstractPreAuthenticatedProcessingFilterTests {
 			given(am.authenticate(any(Authentication.class)))
 					.willAnswer((Answer<Authentication>) (invocation) -> (Authentication) invocation.getArguments()[0]);
 		}
-
 		filter.setAuthenticationManager(am);
 		filter.afterPropertiesSet();
 		return filter;
diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationProviderTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationProviderTests.java
index cac4b9c717..19d682a852 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationProviderTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationProviderTests.java
@@ -37,7 +37,6 @@ public class PreAuthenticatedAuthenticationProviderTests {
 	@Test(expected = IllegalArgumentException.class)
 	public final void afterPropertiesSet() {
 		PreAuthenticatedAuthenticationProvider provider = new PreAuthenticatedAuthenticationProvider();
-
 		provider.afterPropertiesSet();
 	}
 
@@ -120,7 +119,6 @@ public class PreAuthenticatedAuthenticationProviderTests {
 			if (aUserDetails != null && aUserDetails.getUsername().equals(token.getName())) {
 				return aUserDetails;
 			}
-
 			throw new UsernameNotFoundException("notfound");
 		};
 	}
diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationTokenTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationTokenTests.java
index ae98ada53d..36089ccd66 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationTokenTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationTokenTests.java
@@ -68,12 +68,10 @@ public class PreAuthenticatedAuthenticationTokenTests {
 		assertThat(token.getDetails()).isNull();
 		assertThat(token.getAuthorities()).isNotNull();
 		Collection<GrantedAuthority> resultColl = token.getAuthorities();
-		assertThat(
-
-				gas.containsAll(resultColl) && resultColl.containsAll(gas)).withFailMessage(
+		assertThat(gas.containsAll(resultColl) && resultColl.containsAll(gas))
+				.withFailMessage(
 						"GrantedAuthority collections do not match; result: " + resultColl + ", expected: " + gas)
-						.isTrue();
-
+				.isTrue();
 	}
 
 }
diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesUserDetailsServiceTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesUserDetailsServiceTests.java
index 0faaa7393e..6f66962c71 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesUserDetailsServiceTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesUserDetailsServiceTests.java
@@ -71,11 +71,9 @@ public class PreAuthenticatedGrantedAuthoritiesUserDetailsServiceTests {
 		assertThat(ud.isCredentialsNonExpired()).isTrue();
 		assertThat(ud.isEnabled()).isTrue();
 		assertThat(userName).isEqualTo(ud.getUsername());
-
 		// Password is not saved by
 		// PreAuthenticatedGrantedAuthoritiesUserDetailsService
 		// assertThat(password).isEqualTo(ud.getPassword());
-
 		assertThat(gas.containsAll(ud.getAuthorities()) && ud.getAuthorities().containsAll(gas)).withFailMessage(
 				"GrantedAuthority collections do not match; result: " + ud.getAuthorities() + ", expected: " + gas)
 				.isTrue();
diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/RequestAttributeAuthenticationFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/RequestAttributeAuthenticationFilterTests.java
index d5e8c7778f..be8e7da266 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/preauth/RequestAttributeAuthenticationFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/RequestAttributeAuthenticationFilterTests.java
@@ -50,7 +50,6 @@ public class RequestAttributeAuthenticationFilterTests {
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		MockFilterChain chain = new MockFilterChain();
 		RequestAttributeAuthenticationFilter filter = new RequestAttributeAuthenticationFilter();
-
 		filter.doFilter(request, response, chain);
 	}
 
@@ -62,7 +61,6 @@ public class RequestAttributeAuthenticationFilterTests {
 		MockFilterChain chain = new MockFilterChain();
 		RequestAttributeAuthenticationFilter filter = new RequestAttributeAuthenticationFilter();
 		filter.setAuthenticationManager(createAuthenticationManager());
-
 		filter.doFilter(request, response, chain);
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull();
 		assertThat(SecurityContextHolder.getContext().getAuthentication().getName()).isEqualTo("cat");
@@ -78,7 +76,6 @@ public class RequestAttributeAuthenticationFilterTests {
 		RequestAttributeAuthenticationFilter filter = new RequestAttributeAuthenticationFilter();
 		filter.setAuthenticationManager(createAuthenticationManager());
 		filter.setPrincipalEnvironmentVariable("myUsernameVariable");
-
 		filter.doFilter(request, response, chain);
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull();
 		assertThat(SecurityContextHolder.getContext().getAuthentication().getName()).isEqualTo("wolfman");
@@ -94,7 +91,6 @@ public class RequestAttributeAuthenticationFilterTests {
 		filter.setCredentialsEnvironmentVariable("myCredentialsVariable");
 		request.setAttribute("REMOTE_USER", "cat");
 		request.setAttribute("myCredentialsVariable", "catspassword");
-
 		filter.doFilter(request, response, chain);
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull();
 		assertThat(SecurityContextHolder.getContext().getAuthentication().getCredentials()).isEqualTo("catspassword");
@@ -130,7 +126,6 @@ public class RequestAttributeAuthenticationFilterTests {
 		MockFilterChain chain = new MockFilterChain();
 		RequestAttributeAuthenticationFilter filter = new RequestAttributeAuthenticationFilter();
 		filter.setAuthenticationManager(createAuthenticationManager());
-
 		filter.doFilter(request, response, chain);
 	}
 
@@ -152,7 +147,6 @@ public class RequestAttributeAuthenticationFilterTests {
 		AuthenticationManager am = mock(AuthenticationManager.class);
 		given(am.authenticate(any(Authentication.class)))
 				.willAnswer((Answer<Authentication>) (invocation) -> (Authentication) invocation.getArguments()[0]);
-
 		return am;
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/header/RequestHeaderAuthenticationFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/header/RequestHeaderAuthenticationFilterTests.java
index feff5b00fb..9742f2675b 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/preauth/header/RequestHeaderAuthenticationFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/header/RequestHeaderAuthenticationFilterTests.java
@@ -52,7 +52,6 @@ public class RequestHeaderAuthenticationFilterTests {
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		MockFilterChain chain = new MockFilterChain();
 		RequestHeaderAuthenticationFilter filter = new RequestHeaderAuthenticationFilter();
-
 		filter.doFilter(request, response, chain);
 	}
 
@@ -64,7 +63,6 @@ public class RequestHeaderAuthenticationFilterTests {
 		MockFilterChain chain = new MockFilterChain();
 		RequestHeaderAuthenticationFilter filter = new RequestHeaderAuthenticationFilter();
 		filter.setAuthenticationManager(createAuthenticationManager());
-
 		filter.doFilter(request, response, chain);
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull();
 		assertThat(SecurityContextHolder.getContext().getAuthentication().getName()).isEqualTo("cat");
@@ -80,7 +78,6 @@ public class RequestHeaderAuthenticationFilterTests {
 		RequestHeaderAuthenticationFilter filter = new RequestHeaderAuthenticationFilter();
 		filter.setAuthenticationManager(createAuthenticationManager());
 		filter.setPrincipalRequestHeader("myUsernameHeader");
-
 		filter.doFilter(request, response, chain);
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull();
 		assertThat(SecurityContextHolder.getContext().getAuthentication().getName()).isEqualTo("wolfman");
@@ -96,7 +93,6 @@ public class RequestHeaderAuthenticationFilterTests {
 		filter.setCredentialsRequestHeader("myCredentialsHeader");
 		request.addHeader("SM_USER", "cat");
 		request.addHeader("myCredentialsHeader", "catspassword");
-
 		filter.doFilter(request, response, chain);
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull();
 		assertThat(SecurityContextHolder.getContext().getAuthentication().getCredentials()).isEqualTo("catspassword");
@@ -131,7 +127,6 @@ public class RequestHeaderAuthenticationFilterTests {
 		MockFilterChain chain = new MockFilterChain();
 		RequestHeaderAuthenticationFilter filter = new RequestHeaderAuthenticationFilter();
 		filter.setAuthenticationManager(createAuthenticationManager());
-
 		filter.doFilter(request, response, chain);
 	}
 
@@ -153,7 +148,6 @@ public class RequestHeaderAuthenticationFilterTests {
 		AuthenticationManager am = mock(AuthenticationManager.class);
 		given(am.authenticate(any(Authentication.class)))
 				.willAnswer((Answer<Authentication>) (invocation) -> (Authentication) invocation.getArguments()[0]);
-
 		return am;
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/J2eeBasedPreAuthenticatedWebAuthenticationDetailsSourceTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/J2eeBasedPreAuthenticatedWebAuthenticationDetailsSourceTests.java
index 13cab85518..694827cc1e 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/J2eeBasedPreAuthenticatedWebAuthenticationDetailsSourceTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/J2eeBasedPreAuthenticatedWebAuthenticationDetailsSourceTests.java
@@ -125,7 +125,6 @@ public class J2eeBasedPreAuthenticatedWebAuthenticationDetailsSourceTests {
 		List<GrantedAuthority> gas = details.getGrantedAuthorities();
 		assertThat(gas).as("Granted authorities should not be null").isNotNull();
 		assertThat(gas).hasSize(expectedRoles.length);
-
 		Collection<String> expectedRolesColl = Arrays.asList(expectedRoles);
 		Collection<String> gasRolesSet = new HashSet<>();
 		for (GrantedAuthority grantedAuthority : gas) {
@@ -140,7 +139,6 @@ public class J2eeBasedPreAuthenticatedWebAuthenticationDetailsSourceTests {
 		J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource result = new J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource();
 		result.setMappableRolesRetriever(getMappableRolesRetriever(mappedRoles));
 		result.setUserRoles2GrantedAuthoritiesMapper(getJ2eeUserRoles2GrantedAuthoritiesMapper());
-
 		try {
 			result.afterPropertiesSet();
 		}
@@ -167,7 +165,6 @@ public class J2eeBasedPreAuthenticatedWebAuthenticationDetailsSourceTests {
 
 	private HttpServletRequest getRequest(final String userName, final String[] aRoles) {
 		MockHttpServletRequest req = new MockHttpServletRequest() {
-
 			private Set<String> roles = new HashSet<>(Arrays.asList(aRoles));
 
 			@Override
diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/J2eePreAuthenticatedProcessingFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/J2eePreAuthenticatedProcessingFilterTests.java
index e5e5fd9343..fcc462dfb8 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/J2eePreAuthenticatedProcessingFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/J2eePreAuthenticatedProcessingFilterTests.java
@@ -49,7 +49,6 @@ public class J2eePreAuthenticatedProcessingFilterTests {
 
 	private HttpServletRequest getRequest(final String aUserName, final String[] aRoles) {
 		MockHttpServletRequest req = new MockHttpServletRequest() {
-
 			private Set<String> roles = new HashSet<>(Arrays.asList(aRoles));
 
 			@Override
diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/WebXmlJ2eeDefinedRolesRetrieverTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/WebXmlJ2eeDefinedRolesRetrieverTests.java
index fc2dd00f04..55c8b8fab4 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/WebXmlJ2eeDefinedRolesRetrieverTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/WebXmlJ2eeDefinedRolesRetrieverTests.java
@@ -35,7 +35,6 @@ public class WebXmlJ2eeDefinedRolesRetrieverTests {
 		List<String> ROLE1TO4_EXPECTED_ROLES = Arrays.asList("Role1", "Role2", "Role3", "Role4");
 		final Resource webXml = new ClassPathResource("webxml/Role1-4.web.xml");
 		WebXmlMappableAttributesRetriever rolesRetriever = new WebXmlMappableAttributesRetriever();
-
 		rolesRetriever.setResourceLoader(new ResourceLoader() {
 			@Override
 			public ClassLoader getClassLoader() {
@@ -47,7 +46,6 @@ public class WebXmlJ2eeDefinedRolesRetrieverTests {
 				return webXml;
 			}
 		});
-
 		rolesRetriever.afterPropertiesSet();
 		Set<String> j2eeRoles = rolesRetriever.getMappableAttributes();
 		assertThat(j2eeRoles).containsAll(ROLE1TO4_EXPECTED_ROLES);
diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedProcessingFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedProcessingFilterTests.java
index 54a3ade07f..87b2e2e7bb 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedProcessingFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedProcessingFilterTests.java
@@ -52,17 +52,14 @@ public class WebSpherePreAuthenticatedProcessingFilterTests {
 		WebSpherePreAuthenticatedProcessingFilter filter = new WebSpherePreAuthenticatedProcessingFilter(helper);
 		assertThat(filter.getPreAuthenticatedPrincipal(new MockHttpServletRequest())).isEqualTo("jerry");
 		assertThat(filter.getPreAuthenticatedCredentials(new MockHttpServletRequest())).isEqualTo("N/A");
-
 		AuthenticationManager am = mock(AuthenticationManager.class);
 		given(am.authenticate(any(Authentication.class)))
 				.willAnswer((Answer<Authentication>) (invocation) -> (Authentication) invocation.getArguments()[0]);
-
 		filter.setAuthenticationManager(am);
 		WebSpherePreAuthenticatedWebAuthenticationDetailsSource ads = new WebSpherePreAuthenticatedWebAuthenticationDetailsSource(
 				helper);
 		ads.setWebSphereGroups2GrantedAuthoritiesMapper(new SimpleAttributes2GrantedAuthoritiesMapper());
 		filter.setAuthenticationDetailsSource(ads);
-
 		filter.doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(), mock(FilterChain.class));
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/x509/X509TestUtils.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/x509/X509TestUtils.java
index f290fc34a6..3c9c844424 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/preauth/x509/X509TestUtils.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/x509/X509TestUtils.java
@@ -94,10 +94,8 @@ public final class X509TestUtils {
 				+ "lcKwXuDRBWciODK/xWhvQbaegGJ1BtXcEHtvNjrUJLwSMDSr+U5oUYdMohG0h1iJ\n"
 				+ "R+JQc49I33o2cTc77wfEWLtVdXAyYY4GSJR6VfgvV40x85ItaNS3HHfT/aXU1x4m\n"
 				+ "W9YQkWlA6t0blGlC+ghTOY1JbgWnEfXMmVgg9a9cWaYQ+NQwqA==\n" + "-----END CERTIFICATE-----";
-
 		ByteArrayInputStream in = new ByteArrayInputStream(cert.getBytes());
 		CertificateFactory cf = CertificateFactory.getInstance("X.509");
-
 		return (X509Certificate) cf.generateCertificate(in);
 	}
 
@@ -134,7 +132,6 @@ public final class X509TestUtils {
 				+ "-----END CERTIFICATE-----\n";
 		ByteArrayInputStream in = new ByteArrayInputStream(cert.getBytes());
 		CertificateFactory cf = CertificateFactory.getInstance("X.509");
-
 		return (X509Certificate) cf.generateCertificate(in);
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServicesTests.java b/web/src/test/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServicesTests.java
index 2556a59e57..91607d8d6d 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServicesTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServicesTests.java
@@ -90,12 +90,10 @@ public class AbstractRememberMeServicesTests {
 	public void cookieShouldBeCorrectlyEncodedAndDecoded() {
 		String[] cookie = new String[] { "name:with:colon", "cookie", "tokens", "blah" };
 		MockRememberMeServices services = new MockRememberMeServices(this.uds);
-
 		String encoded = services.encodeCookie(cookie);
 		// '=' aren't allowed in version 0 cookies.
 		assertThat(encoded).doesNotEndWith("=");
 		String[] decoded = services.decodeCookie(encoded);
-
 		assertThat(decoded).containsExactly("name:with:colon", "cookie", "tokens", "blah");
 	}
 
@@ -103,11 +101,9 @@ public class AbstractRememberMeServicesTests {
 	public void cookieWithOpenIDidentifierAsNameIsEncodedAndDecoded() {
 		String[] cookie = new String[] { "https://id.openid.zz", "cookie", "tokens", "blah" };
 		MockRememberMeServices services = new MockRememberMeServices(this.uds);
-
 		String[] decoded = services.decodeCookie(services.encodeCookie(cookie));
 		assertThat(decoded).hasSize(4);
 		assertThat(decoded[0]).isEqualTo("https://id.openid.zz");
-
 		// Check https (SEC-1410)
 		cookie[0] = "https://id.openid.zz";
 		decoded = services.decodeCookie(services.encodeCookie(cookie));
@@ -120,12 +116,9 @@ public class AbstractRememberMeServicesTests {
 		MockRememberMeServices services = new MockRememberMeServices(this.uds);
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		assertThat(services.autoLogin(request, response)).isNull();
-
 		// shouldn't try to invalidate our cookie
 		assertThat(response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY)).isNull();
-
 		request = new MockHttpServletRequest();
 		response = new MockHttpServletResponse();
 		// set non-login cookie
@@ -139,14 +132,10 @@ public class AbstractRememberMeServicesTests {
 		MockRememberMeServices services = new MockRememberMeServices(this.uds);
 		services.afterPropertiesSet();
 		assertThat(services.getUserDetailsService()).isNotNull();
-
 		MockHttpServletRequest request = new MockHttpServletRequest();
-
 		request.setCookies(createLoginCookie("cookie:1:2"));
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		Authentication result = services.autoLogin(request, response);
-
 		assertThat(result).isNotNull();
 	}
 
@@ -155,7 +144,6 @@ public class AbstractRememberMeServicesTests {
 		MockRememberMeServices services = new MockRememberMeServices(this.uds);
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		request.setCookies(new Cookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, "ZZZ"));
 		Authentication result = services.autoLogin(request, response);
 		assertThat(result).isNull();
@@ -167,7 +155,6 @@ public class AbstractRememberMeServicesTests {
 		MockRememberMeServices services = new MockRememberMeServices(this.uds);
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		request.setCookies(new Cookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, ""));
 		Authentication result = services.autoLogin(request, response);
 		assertThat(result).isNull();
@@ -177,16 +164,12 @@ public class AbstractRememberMeServicesTests {
 	@Test
 	public void autoLoginShouldFailIfInvalidCookieExceptionIsRaised() {
 		MockRememberMeServices services = new MockRememberMeServices(new MockUserDetailsService(joe, true));
-
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		// Wrong number of tokens
 		request.setCookies(createLoginCookie("cookie:1"));
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		Authentication result = services.autoLogin(request, response);
-
 		assertThat(result).isNull();
-
 		assertCookieCancelled(response);
 	}
 
@@ -194,15 +177,11 @@ public class AbstractRememberMeServicesTests {
 	public void autoLoginShouldFailIfUserNotFound() {
 		this.uds.setThrowException(true);
 		MockRememberMeServices services = new MockRememberMeServices(this.uds);
-
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setCookies(createLoginCookie("cookie:1:2"));
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		Authentication result = services.autoLogin(request, response);
-
 		assertThat(result).isNull();
-
 		assertCookieCancelled(response);
 	}
 
@@ -211,15 +190,11 @@ public class AbstractRememberMeServicesTests {
 		MockRememberMeServices services = new MockRememberMeServices(this.uds);
 		services.setUserDetailsChecker(new AccountStatusUserDetailsChecker());
 		this.uds.toReturn = new User("joe", "password", false, true, true, true, joe.getAuthorities());
-
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setCookies(createLoginCookie("cookie:1:2"));
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		Authentication result = services.autoLogin(request, response);
-
 		assertThat(result).isNull();
-
 		assertCookieCancelled(response);
 	}
 
@@ -227,14 +202,11 @@ public class AbstractRememberMeServicesTests {
 	public void loginFailShouldCancelCookie() {
 		this.uds.setThrowException(true);
 		MockRememberMeServices services = new MockRememberMeServices(this.uds);
-
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setContextPath("contextpath");
 		request.setCookies(createLoginCookie("cookie:1:2"));
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		services.loginFail(request, response);
-
 		assertCookieCancelled(response);
 	}
 
@@ -242,20 +214,15 @@ public class AbstractRememberMeServicesTests {
 	public void logoutShouldCancelCookie() {
 		MockRememberMeServices services = new MockRememberMeServices(this.uds);
 		services.setCookieDomain("spring.io");
-
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setContextPath("contextpath");
 		request.setCookies(createLoginCookie("cookie:1:2"));
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		services.logout(request, response, Mockito.mock(Authentication.class));
 		// Try again with null Authentication
 		response = new MockHttpServletResponse();
-
 		services.logout(request, response, null);
-
 		assertCookieCancelled(response);
-
 		Cookie returnedCookie = response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
 		assertThat(returnedCookie.getDomain()).isEqualTo("spring.io");
 	}
@@ -265,20 +232,15 @@ public class AbstractRememberMeServicesTests {
 		MockRememberMeServices services = new MockRememberMeServices(this.uds);
 		services.setCookieDomain("spring.io");
 		services.setUseSecureCookie(true);
-
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setContextPath("contextpath");
 		request.setCookies(createLoginCookie("cookie:1:2"));
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		services.logout(request, response, Mockito.mock(Authentication.class));
 		// Try again with null Authentication
 		response = new MockHttpServletResponse();
-
 		services.logout(request, response, null);
-
 		assertCookieCancelled(response);
-
 		Cookie returnedCookie = response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
 		assertThat(returnedCookie.getDomain()).isEqualTo("spring.io");
 		assertThat(returnedCookie.getSecure()).isEqualTo(true);
@@ -288,21 +250,16 @@ public class AbstractRememberMeServicesTests {
 	public void cancelledCookieShouldUseRequestIsSecure() {
 		MockRememberMeServices services = new MockRememberMeServices(this.uds);
 		services.setCookieDomain("spring.io");
-
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setContextPath("contextpath");
 		request.setCookies(createLoginCookie("cookie:1:2"));
 		request.setSecure(true);
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		services.logout(request, response, Mockito.mock(Authentication.class));
 		// Try again with null Authentication
 		response = new MockHttpServletResponse();
-
 		services.logout(request, response, null);
-
 		assertCookieCancelled(response);
-
 		Cookie returnedCookie = response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
 		assertThat(returnedCookie.getDomain()).isEqualTo("spring.io");
 		assertThat(returnedCookie.getSecure()).isEqualTo(true);
@@ -311,53 +268,43 @@ public class AbstractRememberMeServicesTests {
 	@Test(expected = CookieTheftException.class)
 	public void cookieTheftExceptionShouldBeRethrown() {
 		MockRememberMeServices services = new MockRememberMeServices(this.uds) {
-
 			@Override
 			protected UserDetails processAutoLoginCookie(String[] cookieTokens, HttpServletRequest request,
 					HttpServletResponse response) {
 				throw new CookieTheftException("Pretending cookie was stolen");
 			}
 		};
-
 		MockHttpServletRequest request = new MockHttpServletRequest();
-
 		request.setCookies(createLoginCookie("cookie:1:2"));
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		services.autoLogin(request, response);
 	}
 
 	@Test
 	public void loginSuccessCallsOnLoginSuccessCorrectly() {
 		MockRememberMeServices services = new MockRememberMeServices(this.uds);
-
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		Authentication auth = new UsernamePasswordAuthenticationToken("joe", "password");
-
 		// No parameter set
 		services.loginSuccess(request, response, auth);
 		assertThat(services.loginSuccessCalled).isFalse();
-
 		// Parameter set to true
 		services = new MockRememberMeServices(this.uds);
 		request.setParameter(AbstractRememberMeServices.DEFAULT_PARAMETER, "true");
 		services.loginSuccess(request, response, auth);
 		assertThat(services.loginSuccessCalled).isTrue();
-
 		// Different parameter name, set to true
 		services = new MockRememberMeServices(this.uds);
 		services.setParameter("my_parameter");
 		request.setParameter("my_parameter", "true");
 		services.loginSuccess(request, response, auth);
 		assertThat(services.loginSuccessCalled).isTrue();
-
 		// Parameter set to false
 		services = new MockRememberMeServices(this.uds);
 		request.setParameter(AbstractRememberMeServices.DEFAULT_PARAMETER, "false");
 		services.loginSuccess(request, response, auth);
 		assertThat(services.loginSuccessCalled).isFalse();
-
 		// alwaysRemember set to true
 		services = new MockRememberMeServices(this.uds);
 		services.setAlwaysRemember(true);
@@ -371,7 +318,6 @@ public class AbstractRememberMeServicesTests {
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		request.setContextPath("contextpath");
 		MockRememberMeServices services = new MockRememberMeServices(this.uds) {
-
 			@Override
 			protected String encodeCookie(String[] cookieTokens) {
 				return cookieTokens[0];
@@ -380,7 +326,6 @@ public class AbstractRememberMeServicesTests {
 		services.setCookieName("mycookiename");
 		services.setCookie(new String[] { "mycookie" }, 1000, request, response);
 		Cookie cookie = response.getCookie("mycookiename");
-
 		assertThat(cookie).isNotNull();
 		assertThat(cookie.getValue()).isEqualTo("mycookie");
 		assertThat(cookie.getName()).isEqualTo("mycookiename");
@@ -393,9 +338,7 @@ public class AbstractRememberMeServicesTests {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		request.setContextPath("contextpath");
-
 		MockRememberMeServices services = new MockRememberMeServices(this.uds) {
-
 			@Override
 			protected String encodeCookie(String[] cookieTokens) {
 				return cookieTokens[0];
@@ -412,7 +355,6 @@ public class AbstractRememberMeServicesTests {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		request.setContextPath("contextpath");
-
 		MockRememberMeServices services = new MockRememberMeServices(this.uds);
 		services.setCookie(new String[] { "mycookie" }, 1000, request, response);
 		Cookie cookie = response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
@@ -425,9 +367,7 @@ public class AbstractRememberMeServicesTests {
 		MockRememberMeServices services = new MockRememberMeServices();
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		services.setCookie(new String[] { "value" }, 0, request, response);
-
 		Cookie cookie = response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
 		assertThat(cookie.getVersion()).isEqualTo(1);
 	}
@@ -438,9 +378,7 @@ public class AbstractRememberMeServicesTests {
 		MockRememberMeServices services = new MockRememberMeServices();
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		services.setCookie(new String[] { "value" }, -1, request, response);
-
 		Cookie cookie = response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
 		assertThat(cookie.getVersion()).isEqualTo(1);
 	}
@@ -451,9 +389,7 @@ public class AbstractRememberMeServicesTests {
 		MockRememberMeServices services = new MockRememberMeServices();
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		services.setCookie(new String[] { "value" }, 1, request, response);
-
 		Cookie cookie = response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
 		assertThat(cookie.getVersion()).isZero();
 	}
@@ -463,12 +399,10 @@ public class AbstractRememberMeServicesTests {
 		MockRememberMeServices services = new MockRememberMeServices();
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		services.setCookieName("mycookiename");
 		services.setCookieDomain("spring.io");
 		services.setCookie(new String[] { "mycookie" }, 1000, request, response);
 		Cookie cookie = response.getCookie("mycookiename");
-
 		assertThat(cookie).isNotNull();
 		assertThat(cookie.getDomain()).isEqualTo("spring.io");
 	}
@@ -477,7 +411,6 @@ public class AbstractRememberMeServicesTests {
 		MockRememberMeServices services = new MockRememberMeServices(this.uds);
 		Cookie cookie = new Cookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY,
 				services.encodeCookie(StringUtils.delimitedListToStringArray(cookieToken, ":")));
-
 		return new Cookie[] { cookie };
 	}
 
@@ -515,9 +448,7 @@ public class AbstractRememberMeServicesTests {
 			if (cookieTokens.length != 3) {
 				throw new InvalidCookieException("deliberate exception");
 			}
-
 			UserDetails user = getUserDetailsService().loadUserByUsername("joe");
-
 			return user;
 		}
 
@@ -543,7 +474,6 @@ public class AbstractRememberMeServicesTests {
 			if (this.throwException) {
 				throw new UsernameNotFoundException("as requested by mock");
 			}
-
 			return this.toReturn;
 		}
 
diff --git a/web/src/test/java/org/springframework/security/web/authentication/rememberme/JdbcTokenRepositoryImplTests.java b/web/src/test/java/org/springframework/security/web/authentication/rememberme/JdbcTokenRepositoryImplTests.java
index 6aaa1617cb..97546514d0 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/rememberme/JdbcTokenRepositoryImplTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/rememberme/JdbcTokenRepositoryImplTests.java
@@ -94,9 +94,7 @@ public class JdbcTokenRepositoryImplTests {
 		Timestamp currentDate = new Timestamp(Calendar.getInstance().getTimeInMillis());
 		PersistentRememberMeToken token = new PersistentRememberMeToken("joeuser", "joesseries", "atoken", currentDate);
 		this.repo.createNewToken(token);
-
 		Map<String, Object> results = this.template.queryForMap("select * from persistent_logins");
-
 		assertThat(results.get("last_used")).isEqualTo(currentDate);
 		assertThat(results.get("username")).isEqualTo("joeuser");
 		assertThat(results.get("series")).isEqualTo("joesseries");
@@ -105,11 +103,9 @@ public class JdbcTokenRepositoryImplTests {
 
 	@Test
 	public void retrievingTokenReturnsCorrectData() {
-
 		this.template.execute("insert into persistent_logins (series, username, token, last_used) values "
 				+ "('joesseries', 'joeuser', 'atoken', '2007-10-09 18:19:25.000000000')");
 		PersistentRememberMeToken token = this.repo.getTokenForSeries("joesseries");
-
 		assertThat(token.getUsername()).isEqualTo("joeuser");
 		assertThat(token.getSeries()).isEqualTo("joesseries");
 		assertThat(token.getTokenValue()).isEqualTo("atoken");
@@ -122,11 +118,9 @@ public class JdbcTokenRepositoryImplTests {
 				+ "('joesseries', 'joeuser', 'atoken2', '2007-10-19 18:19:25.000000000')");
 		this.template.execute("insert into persistent_logins (series, username, token, last_used) values "
 				+ "('joesseries', 'joeuser', 'atoken', '2007-10-09 18:19:25.000000000')");
-
 		// List results =
 		// template.queryForList("select * from persistent_logins where series =
 		// 'joesseries'");
-
 		assertThat(this.repo.getTokenForSeries("joesseries")).isNull();
 	}
 
@@ -146,16 +140,12 @@ public class JdbcTokenRepositoryImplTests {
 				+ "('joesseries2', 'joeuser', 'atoken2', '2007-10-19 18:19:25.000000000')");
 		this.template.execute("insert into persistent_logins (series, username, token, last_used) values "
 				+ "('joesseries', 'joeuser', 'atoken', '2007-10-09 18:19:25.000000000')");
-
 		// List results =
 		// template.queryForList("select * from persistent_logins where series =
 		// 'joesseries'");
-
 		this.repo.removeUserTokens("joeuser");
-
 		List<Map<String, Object>> results = this.template
 				.queryForList("select * from persistent_logins where username = 'joeuser'");
-
 		assertThat(results).isEmpty();
 	}
 
@@ -165,10 +155,8 @@ public class JdbcTokenRepositoryImplTests {
 		this.template.execute("insert into persistent_logins (series, username, token, last_used) values "
 				+ "('joesseries', 'joeuser', 'atoken', '" + ts.toString() + "')");
 		this.repo.updateToken("joesseries", "newtoken", new Date());
-
 		Map<String, Object> results = this.template
 				.queryForMap("select * from persistent_logins where series = 'joesseries'");
-
 		assertThat(results.get("username")).isEqualTo("joeuser");
 		assertThat(results.get("series")).isEqualTo("joesseries");
 		assertThat(results.get("token")).isEqualTo("newtoken");
@@ -183,7 +171,6 @@ public class JdbcTokenRepositoryImplTests {
 		this.repo.setDataSource(dataSource);
 		this.repo.setCreateTableOnStartup(true);
 		this.repo.initDao();
-
 		this.template.queryForList("select username,series,token,last_used from persistent_logins");
 	}
 
@@ -194,9 +181,7 @@ public class JdbcTokenRepositoryImplTests {
 		Date lastUsed = new Date(1424841314059L);
 		JdbcTokenRepositoryImpl repository = new JdbcTokenRepositoryImpl();
 		repository.setJdbcTemplate(template);
-
 		repository.updateToken("series", "token", lastUsed);
-
 		verify(template).update(anyString(), anyString(), eq(lastUsed), anyString());
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/authentication/rememberme/NullRememberMeServicesTests.java b/web/src/test/java/org/springframework/security/web/authentication/rememberme/NullRememberMeServicesTests.java
index 2ad5f33561..aa73bc10e6 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/rememberme/NullRememberMeServicesTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/rememberme/NullRememberMeServicesTests.java
@@ -35,7 +35,6 @@ public class NullRememberMeServicesTests {
 		assertThat(services.autoLogin(null, null)).isNull();
 		services.loginFail(null, null);
 		services.loginSuccess(null, null, null);
-
 	}
 
 }
diff --git a/web/src/test/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServicesTests.java b/web/src/test/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServicesTests.java
index 6d0bbd2371..d9796b9089 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServicesTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServicesTests.java
@@ -69,7 +69,6 @@ public class PersistentTokenBasedRememberMeServicesTests {
 		this.services = create(new PersistentRememberMeToken("joe", "series", "token",
 				new Date(System.currentTimeMillis() - TimeUnit.SECONDS.toMillis(1) - 100)));
 		this.services.setTokenValiditySeconds(1);
-
 		this.services.processAutoLoginCookie(new String[] { "series", "token" }, new MockHttpServletRequest(),
 				new MockHttpServletResponse());
 	}
@@ -107,9 +106,7 @@ public class PersistentTokenBasedRememberMeServicesTests {
 				new UsernamePasswordAuthenticationToken("joe", "password"));
 		assertThat(this.repo.getStoredToken().getSeries().length()).isEqualTo(16);
 		assertThat(this.repo.getStoredToken().getTokenValue().length()).isEqualTo(16);
-
 		String[] cookie = this.services.decodeCookie(response.getCookie("mycookiename").getValue());
-
 		assertThat(cookie[0]).isEqualTo(this.repo.getStoredToken().getSeries());
 		assertThat(cookie[1]).isEqualTo(this.repo.getStoredToken().getTokenValue());
 	}
@@ -125,7 +122,6 @@ public class PersistentTokenBasedRememberMeServicesTests {
 		Cookie returnedCookie = response.getCookie("mycookiename");
 		assertThat(returnedCookie).isNotNull();
 		assertThat(returnedCookie.getMaxAge()).isZero();
-
 		// SEC-1280
 		this.services.logout(request, response, null);
 	}
@@ -135,7 +131,6 @@ public class PersistentTokenBasedRememberMeServicesTests {
 		PersistentTokenBasedRememberMeServices services = new PersistentTokenBasedRememberMeServices("key",
 				new AbstractRememberMeServicesTests.MockUserDetailsService(AbstractRememberMeServicesTests.joe, false),
 				this.repo);
-
 		services.setCookieName("mycookiename");
 		return services;
 	}
diff --git a/web/src/test/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationFilterTests.java
index 595a5c8353..124ff6ecba 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationFilterTests.java
@@ -78,18 +78,15 @@ public class RememberMeAuthenticationFilterTests {
 		// Put an Authentication object into the SecurityContextHolder
 		Authentication originalAuth = new TestingAuthenticationToken("user", "password", "ROLE_A");
 		SecurityContextHolder.getContext().setAuthentication(originalAuth);
-
 		// Setup our filter correctly
 		RememberMeAuthenticationFilter filter = new RememberMeAuthenticationFilter(mock(AuthenticationManager.class),
 				new MockRememberMeServices(this.remembered));
 		filter.afterPropertiesSet();
-
 		// Test
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		FilterChain fc = mock(FilterChain.class);
 		request.setRequestURI("x");
 		filter.doFilter(request, new MockHttpServletResponse(), fc);
-
 		// Ensure filter didn't change our original object
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(originalAuth);
 		verify(fc).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
@@ -99,16 +96,13 @@ public class RememberMeAuthenticationFilterTests {
 	public void testOperationWhenNoAuthenticationInContextHolder() throws Exception {
 		AuthenticationManager am = mock(AuthenticationManager.class);
 		given(am.authenticate(this.remembered)).willReturn(this.remembered);
-
 		RememberMeAuthenticationFilter filter = new RememberMeAuthenticationFilter(am,
 				new MockRememberMeServices(this.remembered));
 		filter.afterPropertiesSet();
-
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		FilterChain fc = mock(FilterChain.class);
 		request.setRequestURI("x");
 		filter.doFilter(request, new MockHttpServletResponse(), fc);
-
 		// Ensure filter setup with our remembered authentication object
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(this.remembered);
 		verify(fc).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
@@ -119,7 +113,6 @@ public class RememberMeAuthenticationFilterTests {
 		final Authentication failedAuth = new TestingAuthenticationToken("failed", "");
 		AuthenticationManager am = mock(AuthenticationManager.class);
 		given(am.authenticate(any(Authentication.class))).willThrow(new BadCredentialsException(""));
-
 		RememberMeAuthenticationFilter filter = new RememberMeAuthenticationFilter(am,
 				new MockRememberMeServices(this.remembered)) {
 			@Override
@@ -131,12 +124,10 @@ public class RememberMeAuthenticationFilterTests {
 		};
 		filter.setApplicationEventPublisher(mock(ApplicationEventPublisher.class));
 		filter.afterPropertiesSet();
-
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		FilterChain fc = mock(FilterChain.class);
 		request.setRequestURI("x");
 		filter.doFilter(request, new MockHttpServletResponse(), fc);
-
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(failedAuth);
 		verify(fc).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
 	}
@@ -153,9 +144,7 @@ public class RememberMeAuthenticationFilterTests {
 		FilterChain fc = mock(FilterChain.class);
 		request.setRequestURI("x");
 		filter.doFilter(request, response, fc);
-
 		assertThat(response.getRedirectedUrl()).isEqualTo("/target");
-
 		// Should return after success handler is invoked, so chain should not proceed
 		verifyZeroInteractions(fc);
 	}
diff --git a/web/src/test/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServicesTests.java b/web/src/test/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServicesTests.java
index 516dba5a08..d6b32b0ae4 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServicesTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServicesTests.java
@@ -78,7 +78,6 @@ public class TokenBasedRememberMeServicesTests {
 	private long determineExpiryTimeFromBased64EncodedToken(String validToken) {
 		String cookieAsPlainText = new String(Base64.decodeBase64(validToken.getBytes()));
 		String[] cookieTokens = StringUtils.delimitedListToStringArray(cookieAsPlainText, ":");
-
 		if (cookieTokens.length == 3) {
 			try {
 				return Long.parseLong(cookieTokens[1]);
@@ -86,7 +85,6 @@ public class TokenBasedRememberMeServicesTests {
 			catch (NumberFormatException ignored) {
 			}
 		}
-
 		return -1;
 	}
 
@@ -96,14 +94,12 @@ public class TokenBasedRememberMeServicesTests {
 		// password + ":" + key)
 		String signatureValue = DigestUtils.md5Hex(username + ":" + expiryTime + ":" + password + ":" + key);
 		String tokenValue = username + ":" + expiryTime + ":" + signatureValue;
-
 		return new String(Base64.encodeBase64(tokenValue.getBytes()));
 	}
 
 	@Test
 	public void autoLoginReturnsNullIfNoCookiePresented() {
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		Authentication result = this.services.autoLogin(new MockHttpServletRequest(), response);
 		assertThat(result).isNull();
 		// No cookie set
@@ -116,9 +112,7 @@ public class TokenBasedRememberMeServicesTests {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setCookies(cookie);
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		Authentication result = this.services.autoLogin(request, response);
-
 		assertThat(result).isNull();
 		assertThat(response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY)).isNull();
 	}
@@ -130,9 +124,7 @@ public class TokenBasedRememberMeServicesTests {
 						"key"));
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setCookies(cookie);
-
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		assertThat(this.services.autoLogin(request, response)).isNull();
 		Cookie returnedCookie = response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
 		assertThat(returnedCookie).isNotNull();
@@ -145,10 +137,8 @@ public class TokenBasedRememberMeServicesTests {
 				new String(Base64.encodeBase64("x".getBytes())));
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setCookies(cookie);
-
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		assertThat(this.services.autoLogin(request, response)).isNull();
-
 		Cookie returnedCookie = response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
 		assertThat(returnedCookie).isNotNull();
 		assertThat(returnedCookie.getMaxAge()).isZero();
@@ -160,10 +150,8 @@ public class TokenBasedRememberMeServicesTests {
 				"NOT_BASE_64_ENCODED");
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setCookies(cookie);
-
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		assertThat(this.services.autoLogin(request, response)).isNull();
-
 		Cookie returnedCookie = response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
 		assertThat(returnedCookie).isNotNull();
 		assertThat(returnedCookie.getMaxAge()).isZero();
@@ -177,11 +165,8 @@ public class TokenBasedRememberMeServicesTests {
 						"WRONG_KEY"));
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setCookies(cookie);
-
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		assertThat(this.services.autoLogin(request, response)).isNull();
-
 		Cookie returnedCookie = response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
 		assertThat(returnedCookie).isNotNull();
 		assertThat(returnedCookie.getMaxAge()).isZero();
@@ -193,10 +178,8 @@ public class TokenBasedRememberMeServicesTests {
 				new String(Base64.encodeBase64("username:NOT_A_NUMBER:signature".getBytes())));
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setCookies(cookie);
-
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		assertThat(this.services.autoLogin(request, response)).isNull();
-
 		Cookie returnedCookie = response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
 		assertThat(returnedCookie).isNotNull();
 		assertThat(returnedCookie.getMaxAge()).isZero();
@@ -210,11 +193,8 @@ public class TokenBasedRememberMeServicesTests {
 						"key"));
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setCookies(cookie);
-
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		assertThat(this.services.autoLogin(request, response)).isNull();
-
 		Cookie returnedCookie = response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
 		assertThat(returnedCookie).isNotNull();
 		assertThat(returnedCookie.getMaxAge()).isZero();
@@ -228,9 +208,7 @@ public class TokenBasedRememberMeServicesTests {
 						"key"));
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setCookies(cookie);
-
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		this.services.autoLogin(request, response);
 	}
 
@@ -242,11 +220,8 @@ public class TokenBasedRememberMeServicesTests {
 						"key"));
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setCookies(cookie);
-
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		Authentication result = this.services.autoLogin(request, response);
-
 		assertThat(result).isNotNull();
 		assertThat(result.getPrincipal()).isEqualTo(this.user);
 	}
@@ -254,13 +229,10 @@ public class TokenBasedRememberMeServicesTests {
 	@Test
 	public void testGettersSetters() {
 		assertThat(this.services.getUserDetailsService()).isEqualTo(this.uds);
-
 		assertThat(this.services.getKey()).isEqualTo("key");
-
 		assertThat(this.services.getParameter()).isEqualTo(AbstractRememberMeServices.DEFAULT_PARAMETER);
 		this.services.setParameter("some_param");
 		assertThat(this.services.getParameter()).isEqualTo("some_param");
-
 		this.services.setTokenValiditySeconds(12);
 		assertThat(this.services.getTokenValiditySeconds()).isEqualTo(12);
 	}
@@ -270,7 +242,6 @@ public class TokenBasedRememberMeServicesTests {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		this.services.loginFail(request, response);
-
 		Cookie cookie = response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
 		assertThat(cookie).isNotNull();
 		assertThat(cookie.getMaxAge()).isZero();
@@ -282,10 +253,8 @@ public class TokenBasedRememberMeServicesTests {
 				new AbstractRememberMeServicesTests.MockUserDetailsService(null, false));
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.addParameter(AbstractRememberMeServices.DEFAULT_PARAMETER, "false");
-
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		services.loginSuccess(request, response, new TestingAuthenticationToken("someone", "password", "ROLE_ABC"));
-
 		Cookie cookie = response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
 		assertThat(cookie).isNull();
 	}
@@ -296,11 +265,9 @@ public class TokenBasedRememberMeServicesTests {
 		this.services.setTokenValiditySeconds(500000000);
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.addParameter(AbstractRememberMeServices.DEFAULT_PARAMETER, "true");
-
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		this.services.loginSuccess(request, response,
 				new TestingAuthenticationToken("someone", "password", "ROLE_ABC"));
-
 		Cookie cookie = response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
 		String expiryTime = this.services.decodeCookie(cookie.getValue())[1];
 		long expectedExpiryTime = 1000L * 500000000;
@@ -316,11 +283,9 @@ public class TokenBasedRememberMeServicesTests {
 	public void loginSuccessNormalWithUserDetailsBasedPrincipalSetsExpectedCookie() {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.addParameter(AbstractRememberMeServices.DEFAULT_PARAMETER, "true");
-
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		this.services.loginSuccess(request, response,
 				new TestingAuthenticationToken("someone", "password", "ROLE_ABC"));
-
 		Cookie cookie = response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
 		assertThat(cookie).isNotNull();
 		assertThat(cookie.getMaxAge()).isEqualTo(this.services.getTokenValiditySeconds());
@@ -340,12 +305,10 @@ public class TokenBasedRememberMeServicesTests {
 	public void negativeValidityPeriodIsSetOnCookieButExpiryTimeRemainsAtTwoWeeks() {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.addParameter(AbstractRememberMeServices.DEFAULT_PARAMETER, "true");
-
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		this.services.setTokenValiditySeconds(-1);
 		this.services.loginSuccess(request, response,
 				new TestingAuthenticationToken("someone", "password", "ROLE_ABC"));
-
 		Cookie cookie = response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
 		assertThat(cookie).isNotNull();
 		// Check the expiry time is within 50ms of two weeks from current time
diff --git a/web/src/test/java/org/springframework/security/web/authentication/session/CompositeSessionAuthenticationStrategyTests.java b/web/src/test/java/org/springframework/security/web/authentication/session/CompositeSessionAuthenticationStrategyTests.java
index 087c6bc578..5c75c28c8e 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/session/CompositeSessionAuthenticationStrategyTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/session/CompositeSessionAuthenticationStrategyTests.java
@@ -76,7 +76,6 @@ public class CompositeSessionAuthenticationStrategyTests {
 		CompositeSessionAuthenticationStrategy strategy = new CompositeSessionAuthenticationStrategy(
 				Arrays.asList(this.strategy1, this.strategy2));
 		strategy.onAuthentication(this.authentication, this.request, this.response);
-
 		verify(this.strategy1).onAuthentication(this.authentication, this.request, this.response);
 		verify(this.strategy2).onAuthentication(this.authentication, this.request, this.response);
 	}
@@ -85,17 +84,14 @@ public class CompositeSessionAuthenticationStrategyTests {
 	public void delegateShortCircuits() {
 		willThrow(new SessionAuthenticationException("oops")).given(this.strategy1)
 				.onAuthentication(this.authentication, this.request, this.response);
-
 		CompositeSessionAuthenticationStrategy strategy = new CompositeSessionAuthenticationStrategy(
 				Arrays.asList(this.strategy1, this.strategy2));
-
 		try {
 			strategy.onAuthentication(this.authentication, this.request, this.response);
 			fail("Expected Exception");
 		}
 		catch (SessionAuthenticationException success) {
 		}
-
 		verify(this.strategy1).onAuthentication(this.authentication, this.request, this.response);
 		verify(this.strategy2, times(0)).onAuthentication(this.authentication, this.request, this.response);
 	}
diff --git a/web/src/test/java/org/springframework/security/web/authentication/session/ConcurrentSessionControlAuthenticationStrategyTests.java b/web/src/test/java/org/springframework/security/web/authentication/session/ConcurrentSessionControlAuthenticationStrategyTests.java
index 0f10d0e19c..7e69cbfd5d 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/session/ConcurrentSessionControlAuthenticationStrategyTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/session/ConcurrentSessionControlAuthenticationStrategyTests.java
@@ -67,7 +67,6 @@ public class ConcurrentSessionControlAuthenticationStrategyTests {
 		this.response = new MockHttpServletResponse();
 		this.sessionInformation = new SessionInformation(this.authentication.getPrincipal(), "unique",
 				new Date(1374766134216L));
-
 		this.strategy = new ConcurrentSessionControlAuthenticationStrategy(this.sessionRegistry);
 	}
 
@@ -82,9 +81,7 @@ public class ConcurrentSessionControlAuthenticationStrategyTests {
 				.willReturn(Collections.<SessionInformation>emptyList());
 		this.strategy.setMaximumSessions(1);
 		this.strategy.setExceptionIfMaximumExceeded(true);
-
 		this.strategy.onAuthentication(this.authentication, this.request, this.response);
-
 		// no exception
 	}
 
@@ -96,9 +93,7 @@ public class ConcurrentSessionControlAuthenticationStrategyTests {
 				.willReturn(Collections.<SessionInformation>singletonList(this.sessionInformation));
 		this.strategy.setMaximumSessions(1);
 		this.strategy.setExceptionIfMaximumExceeded(true);
-
 		this.strategy.onAuthentication(this.authentication, this.request, this.response);
-
 		// no exception
 	}
 
@@ -108,7 +103,6 @@ public class ConcurrentSessionControlAuthenticationStrategyTests {
 				.willReturn(Collections.<SessionInformation>singletonList(this.sessionInformation));
 		this.strategy.setMaximumSessions(1);
 		this.strategy.setExceptionIfMaximumExceeded(true);
-
 		this.strategy.onAuthentication(this.authentication, this.request, this.response);
 	}
 
@@ -117,9 +111,7 @@ public class ConcurrentSessionControlAuthenticationStrategyTests {
 		given(this.sessionRegistry.getAllSessions(any(), anyBoolean()))
 				.willReturn(Collections.<SessionInformation>singletonList(this.sessionInformation));
 		this.strategy.setMaximumSessions(1);
-
 		this.strategy.onAuthentication(this.authentication, this.request, this.response);
-
 		assertThat(this.sessionInformation.isExpired()).isTrue();
 	}
 
@@ -130,9 +122,7 @@ public class ConcurrentSessionControlAuthenticationStrategyTests {
 		given(this.sessionRegistry.getAllSessions(any(), anyBoolean()))
 				.willReturn(Arrays.<SessionInformation>asList(moreRecentSessionInfo, this.sessionInformation));
 		this.strategy.setMaximumSessions(2);
-
 		this.strategy.onAuthentication(this.authentication, this.request, this.response);
-
 		assertThat(this.sessionInformation.isExpired()).isTrue();
 	}
 
@@ -145,9 +135,7 @@ public class ConcurrentSessionControlAuthenticationStrategyTests {
 		given(this.sessionRegistry.getAllSessions(any(), anyBoolean())).willReturn(
 				Arrays.<SessionInformation>asList(oldestSessionInfo, secondOldestSessionInfo, this.sessionInformation));
 		this.strategy.setMaximumSessions(2);
-
 		this.strategy.onAuthentication(this.authentication, this.request, this.response);
-
 		assertThat(oldestSessionInfo.isExpired()).isTrue();
 		assertThat(secondOldestSessionInfo.isExpired()).isTrue();
 		assertThat(this.sessionInformation.isExpired()).isFalse();
diff --git a/web/src/test/java/org/springframework/security/web/authentication/session/RegisterSessionAuthenticationStrategyTests.java b/web/src/test/java/org/springframework/security/web/authentication/session/RegisterSessionAuthenticationStrategyTests.java
index 668b651805..34d88f80ae 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/session/RegisterSessionAuthenticationStrategyTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/session/RegisterSessionAuthenticationStrategyTests.java
@@ -64,7 +64,6 @@ public class RegisterSessionAuthenticationStrategyTests {
 	@Test
 	public void onAuthenticationRegistersSession() {
 		this.authenticationStrategy.onAuthentication(this.authentication, this.request, this.response);
-
 		verify(this.registry).registerNewSession(this.request.getSession().getId(), this.authentication.getPrincipal());
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilterTests.java
index 71401bf5ad..55a43482a9 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilterTests.java
@@ -84,30 +84,24 @@ public class SwitchUserFilterTests {
 		request.setServerName("localhost");
 		request.setRequestURI("/login/impersonate");
 		request.setMethod("POST");
-
 		return request;
 	}
 
 	private Authentication switchToUser(String name) {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.addParameter("myUsernameParameter", name);
-
 		SwitchUserFilter filter = new SwitchUserFilter();
 		filter.setUsernameParameter("myUsernameParameter");
 		filter.setUserDetailsService(new MockUserDetailsService());
-
 		return filter.attemptSwitchUser(request);
-
 	}
 
 	private Authentication switchToUserWithAuthorityRole(String name, String switchAuthorityRole) {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.addParameter(SwitchUserFilter.SPRING_SECURITY_SWITCH_USERNAME_KEY, name);
-
 		SwitchUserFilter filter = new SwitchUserFilter();
 		filter.setUserDetailsService(new MockUserDetailsService());
 		filter.setSwitchAuthorityRole(switchAuthorityRole);
-
 		return filter.attemptSwitchUser(request);
 	}
 
@@ -115,10 +109,8 @@ public class SwitchUserFilterTests {
 	public void requiresExitUserMatchesCorrectly() {
 		SwitchUserFilter filter = new SwitchUserFilter();
 		filter.setExitUserUrl("/j_spring_security_my_exit_user");
-
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setRequestURI("/j_spring_security_my_exit_user");
-
 		assertThat(filter.requiresExitUser(request)).isTrue();
 	}
 
@@ -127,10 +119,8 @@ public class SwitchUserFilterTests {
 	public void requiresExitUserWhenEndsWithThenDoesNotMatch() {
 		SwitchUserFilter filter = new SwitchUserFilter();
 		filter.setExitUserUrl("/j_spring_security_my_exit_user");
-
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setRequestURI("/foo/bar/j_spring_security_my_exit_user");
-
 		assertThat(filter.requiresExitUser(request)).isFalse();
 	}
 
@@ -138,13 +128,11 @@ public class SwitchUserFilterTests {
 	// gh-4183
 	public void requiresExitUserWhenGetThenDoesNotMatch() {
 		SwitchUserFilter filter = new SwitchUserFilter();
-
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setScheme("http");
 		request.setServerName("localhost");
 		request.setRequestURI("/login/impersonate");
 		request.setMethod("GET");
-
 		assertThat(filter.requiresExitUser(request)).isFalse();
 	}
 
@@ -152,10 +140,8 @@ public class SwitchUserFilterTests {
 	public void requiresExitUserWhenMatcherThenWorks() {
 		SwitchUserFilter filter = new SwitchUserFilter();
 		filter.setExitUserMatcher(AnyRequestMatcher.INSTANCE);
-
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setRequestURI("/foo/bar/j_spring_security_my_exit_user");
-
 		assertThat(filter.requiresExitUser(request)).isTrue();
 	}
 
@@ -163,10 +149,8 @@ public class SwitchUserFilterTests {
 	public void requiresSwitchMatchesCorrectly() {
 		SwitchUserFilter filter = new SwitchUserFilter();
 		filter.setSwitchUserUrl("/j_spring_security_my_switch_user");
-
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setRequestURI("/j_spring_security_my_switch_user");
-
 		assertThat(filter.requiresSwitchUser(request)).isTrue();
 	}
 
@@ -175,10 +159,8 @@ public class SwitchUserFilterTests {
 	public void requiresSwitchUserWhenEndsWithThenDoesNotMatch() {
 		SwitchUserFilter filter = new SwitchUserFilter();
 		filter.setSwitchUserUrl("/j_spring_security_my_exit_user");
-
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setRequestURI("/foo/bar/j_spring_security_my_exit_user");
-
 		assertThat(filter.requiresSwitchUser(request)).isFalse();
 	}
 
@@ -186,13 +168,11 @@ public class SwitchUserFilterTests {
 	// gh-4183
 	public void requiresSwitchUserWhenGetThenDoesNotMatch() {
 		SwitchUserFilter filter = new SwitchUserFilter();
-
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setScheme("http");
 		request.setServerName("localhost");
 		request.setRequestURI("/login/impersonate");
 		request.setMethod("GET");
-
 		assertThat(filter.requiresSwitchUser(request)).isFalse();
 	}
 
@@ -200,19 +180,15 @@ public class SwitchUserFilterTests {
 	public void requiresSwitchUserWhenMatcherThenWorks() {
 		SwitchUserFilter filter = new SwitchUserFilter();
 		filter.setSwitchUserMatcher(AnyRequestMatcher.INSTANCE);
-
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setRequestURI("/foo/bar/j_spring_security_my_exit_user");
-
 		assertThat(filter.requiresSwitchUser(request)).isTrue();
 	}
 
 	@Test(expected = UsernameNotFoundException.class)
 	public void attemptSwitchToUnknownUserFails() {
-
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.addParameter(SwitchUserFilter.SPRING_SECURITY_SWITCH_USERNAME_KEY, "user-that-doesnt-exist");
-
 		SwitchUserFilter filter = new SwitchUserFilter();
 		filter.setUserDetailsService(new MockUserDetailsService());
 		filter.attemptSwitchUser(request);
@@ -253,14 +229,11 @@ public class SwitchUserFilterTests {
 		filter.setTargetUrl("/target");
 		filter.setUserDetailsService(new MockUserDetailsService());
 		filter.afterPropertiesSet();
-
 		// Check it with no url set (should get a text response)
 		FilterChain chain = mock(FilterChain.class);
 		filter.doFilter(request, response, chain);
 		verify(chain, never()).doFilter(request, response);
-
 		assertThat(response.getErrorMessage()).isNotNull();
-
 		// Now check for the redirect
 		request.setContextPath("/mywebapp");
 		request.setRequestURI("/mywebapp/login/impersonate");
@@ -270,11 +243,9 @@ public class SwitchUserFilterTests {
 		filter.setSwitchFailureUrl("/switchfailed");
 		filter.afterPropertiesSet();
 		response = new MockHttpServletResponse();
-
 		chain = mock(FilterChain.class);
 		filter.doFilter(request, response, chain);
 		verify(chain, never()).doFilter(request, response);
-
 		assertThat(response.getRedirectedUrl()).isEqualTo("/mywebapp/switchfailed");
 		assertThat(FieldUtils.getFieldValue(filter, "switchFailureUrl")).isEqualTo("/switchfailed");
 	}
@@ -303,7 +274,6 @@ public class SwitchUserFilterTests {
 		request.setContextPath("/webapp");
 		SwitchUserFilter filter = new SwitchUserFilter();
 		filter.setSwitchUserUrl("/login/impersonate");
-
 		request.setRequestURI("/webapp/login/impersonate;jsessionid=8JHDUD723J8");
 		assertThat(filter.requiresSwitchUser(request)).isTrue();
 	}
@@ -313,32 +283,25 @@ public class SwitchUserFilterTests {
 		// original user
 		UsernamePasswordAuthenticationToken source = new UsernamePasswordAuthenticationToken("dano", "hawaii50",
 				ROLES_12);
-
 		// set current user (Admin)
 		List<GrantedAuthority> adminAuths = new ArrayList<>();
 		adminAuths.addAll(ROLES_12);
 		adminAuths.add(new SwitchUserGrantedAuthority("PREVIOUS_ADMINISTRATOR", source));
 		UsernamePasswordAuthenticationToken admin = new UsernamePasswordAuthenticationToken("jacklord", "hawaii50",
 				adminAuths);
-
 		SecurityContextHolder.getContext().setAuthentication(admin);
-
 		MockHttpServletRequest request = createMockSwitchRequest();
 		request.setRequestURI("/logout/impersonate");
-
 		// setup filter
 		SwitchUserFilter filter = new SwitchUserFilter();
 		filter.setUserDetailsService(new MockUserDetailsService());
 		filter.setExitUserUrl("/logout/impersonate");
 		filter.setSuccessHandler(new SimpleUrlAuthenticationSuccessHandler("/webapp/someOtherUrl"));
-
 		// run 'exit'
 		FilterChain chain = mock(FilterChain.class);
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		filter.doFilter(request, response, chain);
-
 		verify(chain, never()).doFilter(request, response);
-
 		// check current user, should be back to original user (dano)
 		Authentication targetAuth = SecurityContextHolder.getContext().getAuthentication();
 		assertThat(targetAuth).isNotNull();
@@ -349,20 +312,16 @@ public class SwitchUserFilterTests {
 	public void exitUserWithNoCurrentUserFails() throws Exception {
 		// no current user in secure context
 		SecurityContextHolder.clearContext();
-
 		MockHttpServletRequest request = createMockSwitchRequest();
 		request.setRequestURI("/logout/impersonate");
-
 		// setup filter
 		SwitchUserFilter filter = new SwitchUserFilter();
 		filter.setUserDetailsService(new MockUserDetailsService());
 		filter.setExitUserUrl("/logout/impersonate");
-
 		// run 'exit', expect fail due to no current user
 		FilterChain chain = mock(FilterChain.class);
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		filter.doFilter(request, response, chain);
-
 		verify(chain, never()).doFilter(request, response);
 	}
 
@@ -372,18 +331,14 @@ public class SwitchUserFilterTests {
 		request.setContextPath("/webapp");
 		request.addParameter(SwitchUserFilter.SPRING_SECURITY_SWITCH_USERNAME_KEY, "jacklord");
 		request.setRequestURI("/webapp/login/impersonate");
-
 		SwitchUserFilter filter = new SwitchUserFilter();
 		filter.setSwitchUserUrl("/login/impersonate");
 		filter.setSuccessHandler(new SimpleUrlAuthenticationSuccessHandler("/someOtherUrl"));
 		filter.setUserDetailsService(new MockUserDetailsService());
-
 		FilterChain chain = mock(FilterChain.class);
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		filter.doFilter(request, response, chain);
-
 		verify(chain, never()).doFilter(request, response);
-
 		assertThat(response.getRedirectedUrl()).isEqualTo("/webapp/someOtherUrl");
 	}
 
@@ -392,12 +347,10 @@ public class SwitchUserFilterTests {
 		// set current user
 		UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("dano", "hawaii50");
 		SecurityContextHolder.getContext().setAuthentication(auth);
-
 		MockHttpServletRequest request = createMockSwitchRequest();
 		request.setContextPath("/webapp");
 		request.addParameter(SwitchUserFilter.SPRING_SECURITY_SWITCH_USERNAME_KEY, "jacklord");
 		request.setRequestURI("/webapp/login/impersonate");
-
 		SwitchUserFilter filter = new SwitchUserFilter();
 		filter.setSwitchUserUrl("/login/impersonate");
 		SimpleUrlAuthenticationSuccessHandler switchSuccessHandler = new SimpleUrlAuthenticationSuccessHandler(
@@ -407,14 +360,10 @@ public class SwitchUserFilterTests {
 		switchSuccessHandler.setRedirectStrategy(contextRelativeRedirector);
 		filter.setSuccessHandler(switchSuccessHandler);
 		filter.setUserDetailsService(new MockUserDetailsService());
-
 		FilterChain chain = mock(FilterChain.class);
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		filter.doFilter(request, response, chain);
-
 		verify(chain, never()).doFilter(request, response);
-
 		assertThat(response.getRedirectedUrl()).isEqualTo("/someOtherUrl");
 	}
 
@@ -423,28 +372,22 @@ public class SwitchUserFilterTests {
 		// set current user
 		UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("dano", "hawaii50");
 		SecurityContextHolder.getContext().setAuthentication(auth);
-
 		// http request
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setRequestURI("/webapp/login/impersonate");
 		request.setContextPath("/webapp");
 		request.addParameter(SwitchUserFilter.SPRING_SECURITY_SWITCH_USERNAME_KEY, "jacklord");
-
 		// http response
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		// setup filter
 		SwitchUserFilter filter = new SwitchUserFilter();
 		filter.setUserDetailsService(new MockUserDetailsService());
 		filter.setSwitchUserUrl("/login/impersonate");
 		filter.setSuccessHandler(new SimpleUrlAuthenticationSuccessHandler("/webapp/someOtherUrl"));
-
 		FilterChain chain = mock(FilterChain.class);
-
 		// test updates user token and context
 		filter.doFilter(request, response, chain);
 		verify(chain, never()).doFilter(request, response);
-
 		// check current user
 		Authentication targetAuth = SecurityContextHolder.getContext().getAuthentication();
 		assertThat(targetAuth).isNotNull();
@@ -456,10 +399,8 @@ public class SwitchUserFilterTests {
 	public void modificationOfAuthoritiesWorks() {
 		UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("dano", "hawaii50");
 		SecurityContextHolder.getContext().setAuthentication(auth);
-
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.addParameter(SwitchUserFilter.SPRING_SECURITY_SWITCH_USERNAME_KEY, "jacklord");
-
 		SwitchUserFilter filter = new SwitchUserFilter();
 		filter.setUserDetailsService(new MockUserDetailsService());
 		filter.setSwitchUserAuthorityChanger((targetUser, currentAuthentication, authoritiesToBeGranted) -> {
@@ -467,7 +408,6 @@ public class SwitchUserFilterTests {
 			auths.add(new SimpleGrantedAuthority("ROLE_NEW"));
 			return auths;
 		});
-
 		Authentication result = filter.attemptSwitchUser(request);
 		assertThat(result != null).isTrue();
 		assertThat(result.getAuthorities()).hasSize(2);
@@ -483,16 +423,13 @@ public class SwitchUserFilterTests {
 		SecurityContextHolder.getContext().setAuthentication(source);
 		SecurityContextHolder.getContext().setAuthentication(switchToUser("jacklord"));
 		Authentication switched = switchToUser("dano");
-
 		SwitchUserGrantedAuthority switchedFrom = null;
-
 		for (GrantedAuthority ga : switched.getAuthorities()) {
 			if (ga instanceof SwitchUserGrantedAuthority) {
 				switchedFrom = (SwitchUserGrantedAuthority) ga;
 				break;
 			}
 		}
-
 		assertThat(switchedFrom).isNotNull();
 		assertThat(source).isSameAs(switchedFrom.getSource());
 	}
@@ -509,23 +446,19 @@ public class SwitchUserFilterTests {
 	@Test
 	public void switchAuthorityRoleCanBeChanged() {
 		String switchAuthorityRole = "PREVIOUS_ADMINISTRATOR";
-
 		// original user
 		UsernamePasswordAuthenticationToken source = new UsernamePasswordAuthenticationToken("orig", "hawaii50",
 				ROLES_12);
 		SecurityContextHolder.getContext().setAuthentication(source);
 		SecurityContextHolder.getContext().setAuthentication(switchToUser("jacklord"));
 		Authentication switched = switchToUserWithAuthorityRole("dano", switchAuthorityRole);
-
 		SwitchUserGrantedAuthority switchedFrom = null;
-
 		for (GrantedAuthority ga : switched.getAuthorities()) {
 			if (ga instanceof SwitchUserGrantedAuthority) {
 				switchedFrom = (SwitchUserGrantedAuthority) ga;
 				break;
 			}
 		}
-
 		assertThat(switchedFrom).isNotNull();
 		assertThat(switchedFrom.getSource()).isSameAs(source);
 		assertThat(switchAuthorityRole).isEqualTo(switchedFrom.getAuthority());
diff --git a/web/src/test/java/org/springframework/security/web/authentication/ui/DefaultLogoutPageGeneratingFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/ui/DefaultLogoutPageGeneratingFilterTests.java
index f8c1de66a8..7e93bd73ab 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/ui/DefaultLogoutPageGeneratingFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/ui/DefaultLogoutPageGeneratingFilterTests.java
@@ -38,7 +38,6 @@ public class DefaultLogoutPageGeneratingFilterTests {
 	@Test
 	public void doFilterWhenNoHiddenInputsThenPageRendered() throws Exception {
 		MockMvc mockMvc = MockMvcBuilders.standaloneSetup(new Object()).addFilter(this.filter).build();
-
 		mockMvc.perform(get("/logout")).andExpect(content().string("<!DOCTYPE html>\n" + "<html lang=\"en\">\n"
 				+ "  <head>\n" + "    <meta charset=\"utf-8\">\n"
 				+ "    <meta name=\"viewport\" content=\"width=device-width, initial-scale=1, shrink-to-fit=no\">\n"
@@ -58,7 +57,6 @@ public class DefaultLogoutPageGeneratingFilterTests {
 	public void doFilterWhenHiddenInputsSetThenHiddenInputsRendered() throws Exception {
 		this.filter.setResolveHiddenInputs((r) -> Collections.singletonMap("_csrf", "csrf-token-1"));
 		MockMvc mockMvc = MockMvcBuilders.standaloneSetup(new Object()).addFilters(this.filter).build();
-
 		mockMvc.perform(get("/logout")).andExpect(
 				content().string(containsString("<input name=\"_csrf\" type=\"hidden\" value=\"csrf-token-1\" />")));
 	}
@@ -66,7 +64,6 @@ public class DefaultLogoutPageGeneratingFilterTests {
 	@Test
 	public void doFilterWhenRequestContextThenActionContainsRequestContext() throws Exception {
 		MockMvc mockMvc = MockMvcBuilders.standaloneSetup(new Object()).addFilters(this.filter).build();
-
 		mockMvc.perform(get("/context/logout").contextPath("/context"))
 				.andExpect(content().string(containsString("action=\"/context/logout\"")));
 	}
diff --git a/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationConverterTests.java b/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationConverterTests.java
index a06829f66b..ab86511eb7 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationConverterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationConverterTests.java
@@ -58,7 +58,6 @@ public class BasicAuthenticationConverterTests {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.addHeader("Authorization", "Basic " + new String(Base64.encodeBase64(token.getBytes())));
 		UsernamePasswordAuthenticationToken authentication = this.converter.convert(request);
-
 		verify(this.authenticationDetailsSource).buildDetails(any());
 		assertThat(authentication).isNotNull();
 		assertThat(authentication.getName()).isEqualTo("rod");
@@ -70,7 +69,6 @@ public class BasicAuthenticationConverterTests {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.addHeader("Authorization", "BaSiC " + new String(Base64.encodeBase64(token.getBytes())));
 		UsernamePasswordAuthenticationToken authentication = this.converter.convert(request);
-
 		verify(this.authenticationDetailsSource).buildDetails(any());
 		assertThat(authentication).isNotNull();
 		assertThat(authentication.getName()).isEqualTo("rod");
@@ -81,7 +79,6 @@ public class BasicAuthenticationConverterTests {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.addHeader("Authorization", "Bearer someOtherToken");
 		UsernamePasswordAuthenticationToken authentication = this.converter.convert(request);
-
 		verifyZeroInteractions(this.authenticationDetailsSource);
 		assertThat(authentication).isNull();
 	}
@@ -98,7 +95,6 @@ public class BasicAuthenticationConverterTests {
 	public void testWhenInvalidBase64ThenError() {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.addHeader("Authorization", "Basic NOT_VALID_BASE64");
-
 		this.converter.convert(request);
 	}
 
@@ -108,7 +104,6 @@ public class BasicAuthenticationConverterTests {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.addHeader("Authorization", "Basic " + new String(Base64.encodeBase64(token.getBytes())));
 		UsernamePasswordAuthenticationToken authentication = this.converter.convert(request);
-
 		verify(this.authenticationDetailsSource).buildDetails(any());
 		assertThat(authentication).isNotNull();
 		assertThat(authentication.getName()).isEqualTo("rod");
diff --git a/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationEntryPointTests.java b/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationEntryPointTests.java
index 91cf5cf819..2050d9267f 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationEntryPointTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationEntryPointTests.java
@@ -36,7 +36,6 @@ public class BasicAuthenticationEntryPointTests {
 	@Test
 	public void testDetectsMissingRealmName() {
 		BasicAuthenticationEntryPoint ep = new BasicAuthenticationEntryPoint();
-
 		try {
 			ep.afterPropertiesSet();
 			fail("Should have thrown IllegalArgumentException");
@@ -56,21 +55,14 @@ public class BasicAuthenticationEntryPointTests {
 	@Test
 	public void testNormalOperation() throws Exception {
 		BasicAuthenticationEntryPoint ep = new BasicAuthenticationEntryPoint();
-
 		ep.setRealmName("hello");
-
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setRequestURI("/some_path");
-
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		// ep.afterPropertiesSet();
-
 		ep.commence(request, response, new DisabledException("These are the jokes kid"));
-
 		assertThat(response.getStatus()).isEqualTo(401);
 		assertThat(response.getErrorMessage()).isEqualTo(HttpStatus.UNAUTHORIZED.getReasonPhrase());
-
 		assertThat(response.getHeader("WWW-Authenticate")).isEqualTo("Basic realm=\"hello\"");
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilterTests.java
index 39a7ac7655..d31d44ffe9 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilterTests.java
@@ -67,11 +67,9 @@ public class BasicAuthenticationFilterTests {
 		rodRequest.setDetails(new WebAuthenticationDetails(new MockHttpServletRequest()));
 		Authentication rod = new UsernamePasswordAuthenticationToken("rod", "koala",
 				AuthorityUtils.createAuthorityList("ROLE_1"));
-
 		this.manager = mock(AuthenticationManager.class);
 		given(this.manager.authenticate(rodRequest)).willReturn(rod);
 		given(this.manager.authenticate(not(eq(rodRequest)))).willThrow(new BadCredentialsException(""));
-
 		this.filter = new BasicAuthenticationFilter(this.manager, new BasicAuthenticationEntryPoint());
 	}
 
@@ -82,16 +80,12 @@ public class BasicAuthenticationFilterTests {
 
 	@Test
 	public void testFilterIgnoresRequestsContainingNoAuthorizationHeader() throws Exception {
-
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setServletPath("/some_file.html");
 		final MockHttpServletResponse response = new MockHttpServletResponse();
-
 		FilterChain chain = mock(FilterChain.class);
 		this.filter.doFilter(request, response, chain);
-
 		verify(chain).doFilter(any(ServletRequest.class), any(ServletResponse.class));
-
 		// Test
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
 	}
@@ -110,10 +104,8 @@ public class BasicAuthenticationFilterTests {
 		request.setServletPath("/some_file.html");
 		request.setSession(new MockHttpSession());
 		final MockHttpServletResponse response = new MockHttpServletResponse();
-
 		FilterChain chain = mock(FilterChain.class);
 		this.filter.doFilter(request, response, chain);
-
 		verify(chain, never()).doFilter(any(ServletRequest.class), any(ServletResponse.class));
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
 		assertThat(response.getStatus()).isEqualTo(401);
@@ -126,7 +118,6 @@ public class BasicAuthenticationFilterTests {
 		request.setServletPath("/some_file.html");
 		request.setSession(new MockHttpSession());
 		final MockHttpServletResponse response = new MockHttpServletResponse();
-
 		FilterChain chain = mock(FilterChain.class);
 		this.filter.doFilter(request, response, chain);
 		// The filter chain shouldn't proceed
@@ -141,12 +132,10 @@ public class BasicAuthenticationFilterTests {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.addHeader("Authorization", "Basic " + new String(Base64.encodeBase64(token.getBytes())));
 		request.setServletPath("/some_file.html");
-
 		// Test
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
 		FilterChain chain = mock(FilterChain.class);
 		this.filter.doFilter(request, new MockHttpServletResponse(), chain);
-
 		verify(chain).doFilter(any(ServletRequest.class), any(ServletResponse.class));
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull();
 		assertThat(SecurityContextHolder.getContext().getAuthentication().getName()).isEqualTo("rod");
@@ -159,12 +148,10 @@ public class BasicAuthenticationFilterTests {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.addHeader("Authorization", "basic " + new String(Base64.encodeBase64(token.getBytes())));
 		request.setServletPath("/some_file.html");
-
 		// Test
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
 		FilterChain chain = mock(FilterChain.class);
 		this.filter.doFilter(request, new MockHttpServletResponse(), chain);
-
 		verify(chain).doFilter(any(ServletRequest.class), any(ServletResponse.class));
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull();
 		assertThat(SecurityContextHolder.getContext().getAuthentication().getName()).isEqualTo("rod");
@@ -176,11 +163,9 @@ public class BasicAuthenticationFilterTests {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.addHeader("Authorization", "BaSiC " + new String(Base64.encodeBase64(token.getBytes())));
 		request.setServletPath("/some_file.html");
-
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
 		FilterChain chain = mock(FilterChain.class);
 		this.filter.doFilter(request, new MockHttpServletResponse(), chain);
-
 		verify(chain).doFilter(any(ServletRequest.class), any(ServletResponse.class));
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull();
 		assertThat(SecurityContextHolder.getContext().getAuthentication().getName()).isEqualTo("rod");
@@ -188,13 +173,11 @@ public class BasicAuthenticationFilterTests {
 
 	@Test
 	public void testOtherAuthorizationSchemeIsIgnored() throws Exception {
-
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.addHeader("Authorization", "SOME_OTHER_AUTHENTICATION_SCHEME");
 		request.setServletPath("/some_file.html");
 		FilterChain chain = mock(FilterChain.class);
 		this.filter.doFilter(request, new MockHttpServletResponse(), chain);
-
 		verify(chain).doFilter(any(ServletRequest.class), any(ServletResponse.class));
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
 	}
@@ -216,32 +199,23 @@ public class BasicAuthenticationFilterTests {
 		request.addHeader("Authorization", "Basic " + new String(Base64.encodeBase64(token.getBytes())));
 		request.setServletPath("/some_file.html");
 		final MockHttpServletResponse response1 = new MockHttpServletResponse();
-
 		FilterChain chain = mock(FilterChain.class);
 		this.filter.doFilter(request, response1, chain);
-
 		verify(chain).doFilter(any(ServletRequest.class), any(ServletResponse.class));
-
 		// Test
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull();
 		assertThat(SecurityContextHolder.getContext().getAuthentication().getName()).isEqualTo("rod");
-
 		// NOW PERFORM FAILED AUTHENTICATION
-
 		token = "otherUser:WRONG_PASSWORD";
 		request = new MockHttpServletRequest();
 		request.addHeader("Authorization", "Basic " + new String(Base64.encodeBase64(token.getBytes())));
 		final MockHttpServletResponse response2 = new MockHttpServletResponse();
-
 		chain = mock(FilterChain.class);
 		this.filter.doFilter(request, response2, chain);
-
 		verify(chain, never()).doFilter(any(ServletRequest.class), any(ServletResponse.class));
 		request.setServletPath("/some_file.html");
-
 		// Test - the filter chain will not be invoked, as we get a 401 forbidden response
 		MockHttpServletResponse response = response2;
-
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
 		assertThat(response.getStatus()).isEqualTo(401);
 	}
@@ -253,14 +227,11 @@ public class BasicAuthenticationFilterTests {
 		request.addHeader("Authorization", "Basic " + new String(Base64.encodeBase64(token.getBytes())));
 		request.setServletPath("/some_file.html");
 		request.setSession(new MockHttpSession());
-
 		this.filter = new BasicAuthenticationFilter(this.manager);
 		assertThat(this.filter.isIgnoreFailure()).isTrue();
 		FilterChain chain = mock(FilterChain.class);
 		this.filter.doFilter(request, new MockHttpServletResponse(), chain);
-
 		verify(chain).doFilter(any(ServletRequest.class), any(ServletResponse.class));
-
 		// Test - the filter chain will be invoked, as we've set ignoreFailure = true
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
 	}
@@ -274,10 +245,8 @@ public class BasicAuthenticationFilterTests {
 		request.setSession(new MockHttpSession());
 		assertThat(this.filter.isIgnoreFailure()).isFalse();
 		final MockHttpServletResponse response = new MockHttpServletResponse();
-
 		FilterChain chain = mock(FilterChain.class);
 		this.filter.doFilter(request, response, chain);
-
 		// Test - the filter chain will not be invoked, as we get a 401 forbidden response
 		verify(chain, never()).doFilter(any(ServletRequest.class), any(ServletResponse.class));
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
@@ -287,50 +256,38 @@ public class BasicAuthenticationFilterTests {
 	// SEC-2054
 	@Test
 	public void skippedOnErrorDispatch() throws Exception {
-
 		String token = "bad:credentials";
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.addHeader("Authorization", "Basic " + new String(Base64.encodeBase64(token.getBytes())));
 		request.setServletPath("/some_file.html");
 		request.setAttribute(WebUtils.ERROR_REQUEST_URI_ATTRIBUTE, "/error");
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		FilterChain chain = mock(FilterChain.class);
-
 		this.filter.doFilter(request, response, chain);
-
 		assertThat(response.getStatus()).isEqualTo(200);
 	}
 
 	@Test
 	public void doFilterWhenTokenAndFilterCharsetMatchDefaultThenAuthenticated() throws Exception {
 		SecurityContextHolder.clearContext();
-
 		UsernamePasswordAuthenticationToken rodRequest = new UsernamePasswordAuthenticationToken("rod", "äöü");
 		rodRequest.setDetails(new WebAuthenticationDetails(new MockHttpServletRequest()));
 		Authentication rod = new UsernamePasswordAuthenticationToken("rod", "äöü",
 				AuthorityUtils.createAuthorityList("ROLE_1"));
-
 		this.manager = mock(AuthenticationManager.class);
 		given(this.manager.authenticate(rodRequest)).willReturn(rod);
 		given(this.manager.authenticate(not(eq(rodRequest)))).willThrow(new BadCredentialsException(""));
-
 		this.filter = new BasicAuthenticationFilter(this.manager, new BasicAuthenticationEntryPoint());
-
 		String token = "rod:äöü";
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.addHeader("Authorization",
 				"Basic " + new String(Base64.encodeBase64(token.getBytes(StandardCharsets.UTF_8))));
 		request.setServletPath("/some_file.html");
-
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		// Test
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
 		FilterChain chain = mock(FilterChain.class);
-
 		this.filter.doFilter(request, response, chain);
-
 		assertThat(response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
 		verify(chain).doFilter(any(ServletRequest.class), any(ServletResponse.class));
 		assertThat(SecurityContextHolder.getContext().getAuthentication().getName()).isEqualTo("rod");
@@ -340,33 +297,25 @@ public class BasicAuthenticationFilterTests {
 	@Test
 	public void doFilterWhenTokenAndFilterCharsetMatchNonDefaultThenAuthenticated() throws Exception {
 		SecurityContextHolder.clearContext();
-
 		UsernamePasswordAuthenticationToken rodRequest = new UsernamePasswordAuthenticationToken("rod", "äöü");
 		rodRequest.setDetails(new WebAuthenticationDetails(new MockHttpServletRequest()));
 		Authentication rod = new UsernamePasswordAuthenticationToken("rod", "äöü",
 				AuthorityUtils.createAuthorityList("ROLE_1"));
-
 		this.manager = mock(AuthenticationManager.class);
 		given(this.manager.authenticate(rodRequest)).willReturn(rod);
 		given(this.manager.authenticate(not(eq(rodRequest)))).willThrow(new BadCredentialsException(""));
-
 		this.filter = new BasicAuthenticationFilter(this.manager, new BasicAuthenticationEntryPoint());
 		this.filter.setCredentialsCharset("ISO-8859-1");
-
 		String token = "rod:äöü";
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.addHeader("Authorization",
 				"Basic " + new String(Base64.encodeBase64(token.getBytes(StandardCharsets.ISO_8859_1))));
 		request.setServletPath("/some_file.html");
-
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		// Test
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
 		FilterChain chain = mock(FilterChain.class);
-
 		this.filter.doFilter(request, response, chain);
-
 		assertThat(response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
 		verify(chain).doFilter(any(ServletRequest.class), any(ServletResponse.class));
 		assertThat(SecurityContextHolder.getContext().getAuthentication().getName()).isEqualTo("rod");
@@ -376,33 +325,25 @@ public class BasicAuthenticationFilterTests {
 	@Test
 	public void doFilterWhenTokenAndFilterCharsetDoNotMatchThenUnauthorized() throws Exception {
 		SecurityContextHolder.clearContext();
-
 		UsernamePasswordAuthenticationToken rodRequest = new UsernamePasswordAuthenticationToken("rod", "äöü");
 		rodRequest.setDetails(new WebAuthenticationDetails(new MockHttpServletRequest()));
 		Authentication rod = new UsernamePasswordAuthenticationToken("rod", "äöü",
 				AuthorityUtils.createAuthorityList("ROLE_1"));
-
 		this.manager = mock(AuthenticationManager.class);
 		given(this.manager.authenticate(rodRequest)).willReturn(rod);
 		given(this.manager.authenticate(not(eq(rodRequest)))).willThrow(new BadCredentialsException(""));
-
 		this.filter = new BasicAuthenticationFilter(this.manager, new BasicAuthenticationEntryPoint());
 		this.filter.setCredentialsCharset("ISO-8859-1");
-
 		String token = "rod:äöü";
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.addHeader("Authorization",
 				"Basic " + new String(Base64.encodeBase64(token.getBytes(StandardCharsets.UTF_8))));
 		request.setServletPath("/some_file.html");
-
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		// Test
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
 		FilterChain chain = mock(FilterChain.class);
-
 		this.filter.doFilter(request, response, chain);
-
 		assertThat(response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
 		verify(chain, never()).doFilter(any(ServletRequest.class), any(ServletResponse.class));
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
@@ -415,7 +356,6 @@ public class BasicAuthenticationFilterTests {
 		request.setServletPath("/some_file.html");
 		request.setSession(new MockHttpSession());
 		final MockHttpServletResponse response = new MockHttpServletResponse();
-
 		FilterChain chain = mock(FilterChain.class);
 		this.filter.doFilter(request, response, chain);
 		verify(chain, never()).doFilter(any(ServletRequest.class), any(ServletResponse.class));
diff --git a/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthUtilsTests.java b/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthUtilsTests.java
index 4d13ededfd..f2731df602 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthUtilsTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthUtilsTests.java
@@ -38,7 +38,6 @@ public class DigestAuthUtilsTests {
 		String unsplit = "username=\"rod\", invalidEntryThatHasNoEqualsSign, realm=\"Contacts Realm\", nonce=\"MTEwOTAyMzU1MTQ4NDo1YzY3OWViYWM5NDNmZWUwM2UwY2NmMDBiNDQzMTQ0OQ==\", uri=\"/spring-security-sample-contacts-filter/secure/adminPermission.htm?contactId=4\", response=\"38644211cf9ac3da63ab639807e2baff\", qop=auth, nc=00000004, cnonce=\"2b8d329a8571b99a\"";
 		String[] headerEntries = StringUtils.commaDelimitedListToStringArray(unsplit);
 		Map<String, String> headerMap = DigestAuthUtils.splitEachArrayElementAndCreateMap(headerEntries, "=", "\"");
-
 		assertThat(headerMap.get("username")).isEqualTo("rod");
 		assertThat(headerMap.get("realm")).isEqualTo("Contacts Realm");
 		assertThat(headerMap.get("nonce"))
@@ -57,7 +56,6 @@ public class DigestAuthUtilsTests {
 		String unsplit = "username=\"rod\", realm=\"Contacts Realm\", nonce=\"MTEwOTAyMzU1MTQ4NDo1YzY3OWViYWM5NDNmZWUwM2UwY2NmMDBiNDQzMTQ0OQ==\", uri=\"/spring-security-sample-contacts-filter/secure/adminPermission.htm?contactId=4\", response=\"38644211cf9ac3da63ab639807e2baff\", qop=auth, nc=00000004, cnonce=\"2b8d329a8571b99a\"";
 		String[] headerEntries = StringUtils.commaDelimitedListToStringArray(unsplit);
 		Map<String, String> headerMap = DigestAuthUtils.splitEachArrayElementAndCreateMap(headerEntries, "=", null);
-
 		assertThat(headerMap.get("username")).isEqualTo("\"rod\"");
 		assertThat(headerMap.get("realm")).isEqualTo("\"Contacts Realm\"");
 		assertThat(headerMap.get("nonce"))
@@ -97,39 +95,30 @@ public class DigestAuthUtilsTests {
 			fail("Should have thrown IllegalArgumentException");
 		}
 		catch (IllegalArgumentException expected) {
-
 		}
-
 		try {
 			DigestAuthUtils.split("", "="); // empty string
 			fail("Should have thrown IllegalArgumentException");
 		}
 		catch (IllegalArgumentException expected) {
-
 		}
-
 		try {
 			DigestAuthUtils.split("sdch=dfgf", null); // null
 			fail("Should have thrown IllegalArgumentException");
 		}
 		catch (IllegalArgumentException expected) {
-
 		}
-
 		try {
 			DigestAuthUtils.split("fvfv=dcdc", ""); // empty string
 			fail("Should have thrown IllegalArgumentException");
 		}
 		catch (IllegalArgumentException expected) {
-
 		}
-
 		try {
 			DigestAuthUtils.split("dfdc=dcdc", "BIGGER_THAN_ONE_CHARACTER");
 			fail("Should have thrown IllegalArgumentException");
 		}
 		catch (IllegalArgumentException expected) {
-
 		}
 	}
 
@@ -137,7 +126,6 @@ public class DigestAuthUtilsTests {
 	public void testSplitWorksWithDifferentDelimiters() {
 		assertThat(DigestAuthUtils.split("18/rod", "/")).hasSize(2);
 		assertThat(DigestAuthUtils.split("18/rod", "!")).isNull();
-
 		// only guarantees to split at FIRST delimiter, not EACH delimiter
 		assertThat(DigestAuthUtils.split("18|rod|foo|bar", "|")).hasSize(2);
 	}
@@ -145,9 +133,7 @@ public class DigestAuthUtilsTests {
 	public void testAuthorizationHeaderWithCommasIsSplitCorrectly() {
 		String header = "Digest username=\"hamilton,bob\", realm=\"bobs,ok,realm\", nonce=\"the,nonce\", "
 				+ "uri=\"the,Uri\", response=\"the,response,Digest\", qop=theqop, nc=thenc, cnonce=\"the,cnonce\"";
-
 		String[] parts = DigestAuthUtils.splitIgnoringQuotes(header, ',');
-
 		assertThat(parts).hasSize(8);
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthenticationEntryPointTests.java b/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthenticationEntryPointTests.java
index adfe482442..3f6b2c61f9 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthenticationEntryPointTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthenticationEntryPointTests.java
@@ -42,11 +42,9 @@ public class DigestAuthenticationEntryPointTests {
 		// format of nonce is:
 		// base64(expirationTime + ":" + md5Hex(expirationTime + ":" + key))
 		assertThat(Base64.isArrayByteBase64(nonce.getBytes())).isTrue();
-
 		String decodedNonce = new String(Base64.decodeBase64(nonce.getBytes()));
 		String[] nonceTokens = StringUtils.delimitedListToStringArray(decodedNonce, ":");
 		assertThat(nonceTokens).hasSize(2);
-
 		String expectedNonceSignature = DigestUtils.md5Hex(nonceTokens[0] + ":" + "key");
 		assertThat(nonceTokens[1]).isEqualTo(expectedNonceSignature);
 	}
@@ -55,7 +53,6 @@ public class DigestAuthenticationEntryPointTests {
 	public void testDetectsMissingKey() throws Exception {
 		DigestAuthenticationEntryPoint ep = new DigestAuthenticationEntryPoint();
 		ep.setRealmName("realm");
-
 		try {
 			ep.afterPropertiesSet();
 			fail("Should have thrown IllegalArgumentException");
@@ -70,7 +67,6 @@ public class DigestAuthenticationEntryPointTests {
 		DigestAuthenticationEntryPoint ep = new DigestAuthenticationEntryPoint();
 		ep.setKey("dcdc");
 		ep.setNonceValiditySeconds(12);
-
 		try {
 			ep.afterPropertiesSet();
 			fail("Should have thrown IllegalArgumentException");
@@ -97,29 +93,21 @@ public class DigestAuthenticationEntryPointTests {
 		DigestAuthenticationEntryPoint ep = new DigestAuthenticationEntryPoint();
 		ep.setRealmName("hello");
 		ep.setKey("key");
-
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setRequestURI("/some_path");
-
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		ep.afterPropertiesSet();
-
 		ep.commence(request, response, new DisabledException("foobar"));
-
 		// Check response is properly formed
 		assertThat(response.getStatus()).isEqualTo(401);
 		assertThat(response.getHeader("WWW-Authenticate").toString()).startsWith("Digest ");
-
 		// Break up response header
 		String header = response.getHeader("WWW-Authenticate").toString().substring(7);
 		String[] headerEntries = StringUtils.commaDelimitedListToStringArray(header);
 		Map<String, String> headerMap = DigestAuthUtils.splitEachArrayElementAndCreateMap(headerEntries, "=", "\"");
-
 		assertThat(headerMap.get("realm")).isEqualTo("hello");
 		assertThat(headerMap.get("qop")).isEqualTo("auth");
 		assertThat(headerMap.get("stale")).isNull();
-
 		checkNonceValid(headerMap.get("nonce"));
 	}
 
@@ -128,29 +116,21 @@ public class DigestAuthenticationEntryPointTests {
 		DigestAuthenticationEntryPoint ep = new DigestAuthenticationEntryPoint();
 		ep.setRealmName("hello");
 		ep.setKey("key");
-
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setRequestURI("/some_path");
-
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		ep.afterPropertiesSet();
-
 		ep.commence(request, response, new NonceExpiredException("expired nonce"));
-
 		// Check response is properly formed
 		assertThat(response.getStatus()).isEqualTo(401);
 		assertThat(response.getHeader("WWW-Authenticate").toString()).startsWith("Digest ");
-
 		// Break up response header
 		String header = response.getHeader("WWW-Authenticate").toString().substring(7);
 		String[] headerEntries = StringUtils.commaDelimitedListToStringArray(header);
 		Map<String, String> headerMap = DigestAuthUtils.splitEachArrayElementAndCreateMap(headerEntries, "=", "\"");
-
 		assertThat(headerMap.get("realm")).isEqualTo("hello");
 		assertThat(headerMap.get("qop")).isEqualTo("auth");
 		assertThat(headerMap.get("stale")).isEqualTo("true");
-
 		checkNonceValid(headerMap.get("nonce"));
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilterTests.java
index f3bef133b8..f716b3991d 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilterTests.java
@@ -90,11 +90,8 @@ public class DigestAuthenticationFilterTests {
 	private MockHttpServletResponse executeFilterInContainerSimulator(Filter filter, final ServletRequest request,
 			final boolean expectChainToProceed) throws ServletException, IOException {
 		final MockHttpServletResponse response = new MockHttpServletResponse();
-
 		final FilterChain chain = mock(FilterChain.class);
-
 		filter.doFilter(request, response, chain);
-
 		verify(chain, times(expectChainToProceed ? 1 : 0)).doFilter(request, response);
 		return response;
 	}
@@ -107,7 +104,6 @@ public class DigestAuthenticationFilterTests {
 		long expiryTime = System.currentTimeMillis() + (validitySeconds * 1000);
 		String signatureValue = DigestUtils.md5Hex(expiryTime + ":" + key);
 		String nonceValue = expiryTime + ":" + signatureValue;
-
 		return new String(Base64.encodeBase64(nonceValue.getBytes()));
 	}
 
@@ -119,19 +115,15 @@ public class DigestAuthenticationFilterTests {
 	@Before
 	public void setUp() {
 		SecurityContextHolder.clearContext();
-
 		// Create User Details Service
 		UserDetailsService uds = (username) -> new User("rod,ok", "koala",
 				AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO"));
-
 		DigestAuthenticationEntryPoint ep = new DigestAuthenticationEntryPoint();
 		ep.setRealmName(REALM);
 		ep.setKey(KEY);
-
 		this.filter = new DigestAuthenticationFilter();
 		this.filter.setUserDetailsService(uds);
 		this.filter.setAuthenticationEntryPoint(ep);
-
 		this.request = new MockHttpServletRequest("GET", REQUEST_URI);
 		this.request.setServletPath(REQUEST_URI);
 	}
@@ -141,17 +133,12 @@ public class DigestAuthenticationFilterTests {
 		String nonce = generateNonce(0);
 		String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM, PASSWORD, "GET", REQUEST_URI,
 				QOP, nonce, NC, CNONCE);
-
 		this.request.addHeader("Authorization",
 				createAuthorizationHeader(USERNAME, REALM, nonce, REQUEST_URI, responseDigest, QOP, NC, CNONCE));
-
 		Thread.sleep(1000); // ensures token expired
-
 		MockHttpServletResponse response = executeFilterInContainerSimulator(this.filter, this.request, false);
-
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
 		assertThat(response.getStatus()).isEqualTo(401);
-
 		String header = response.getHeader("WWW-Authenticate").toString().substring(7);
 		String[] headerEntries = StringUtils.commaDelimitedListToStringArray(header);
 		Map<String, String> headerMap = DigestAuthUtils.splitEachArrayElementAndCreateMap(headerEntries, "=", "\"");
@@ -163,12 +150,9 @@ public class DigestAuthenticationFilterTests {
 		String badNonce = generateNonce(60, "badkey");
 		String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM, PASSWORD, "GET", REQUEST_URI,
 				QOP, badNonce, NC, CNONCE);
-
 		this.request.addHeader("Authorization",
 				createAuthorizationHeader(USERNAME, REALM, badNonce, REQUEST_URI, responseDigest, QOP, NC, CNONCE));
-
 		MockHttpServletResponse response = executeFilterInContainerSimulator(this.filter, this.request, false);
-
 		assertThat(response.getStatus()).isEqualTo(401);
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
 	}
@@ -176,7 +160,6 @@ public class DigestAuthenticationFilterTests {
 	@Test
 	public void testFilterIgnoresRequestsContainingNoAuthorizationHeader() throws Exception {
 		executeFilterInContainerSimulator(this.filter, this.request, true);
-
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
 	}
 
@@ -185,10 +168,8 @@ public class DigestAuthenticationFilterTests {
 		DigestAuthenticationFilter filter = new DigestAuthenticationFilter();
 		filter.setUserDetailsService(mock(UserDetailsService.class));
 		assertThat(filter.getUserDetailsService() != null).isTrue();
-
 		filter.setAuthenticationEntryPoint(new DigestAuthenticationEntryPoint());
 		assertThat(filter.getAuthenticationEntryPoint() != null).isTrue();
-
 		filter.setUserCache(null);
 		assertThat(filter.getUserCache()).isNull();
 		filter.setUserCache(new NullUserCache());
@@ -198,11 +179,8 @@ public class DigestAuthenticationFilterTests {
 	@Test
 	public void testInvalidDigestAuthorizationTokenGeneratesError() throws Exception {
 		String token = "NOT_A_VALID_TOKEN_AS_MISSING_COLON";
-
 		this.request.addHeader("Authorization", "Digest " + new String(Base64.encodeBase64(token.getBytes())));
-
 		MockHttpServletResponse response = executeFilterInContainerSimulator(this.filter, this.request, false);
-
 		assertThat(response.getStatus()).isEqualTo(401);
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
 	}
@@ -210,9 +188,7 @@ public class DigestAuthenticationFilterTests {
 	@Test
 	public void testMalformedHeaderReturnsForbidden() throws Exception {
 		this.request.addHeader("Authorization", "Digest scsdcsdc");
-
 		MockHttpServletResponse response = executeFilterInContainerSimulator(this.filter, this.request, false);
-
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
 		assertThat(response.getStatus()).isEqualTo(401);
 	}
@@ -220,15 +196,11 @@ public class DigestAuthenticationFilterTests {
 	@Test
 	public void testNonBase64EncodedNonceReturnsForbidden() throws Exception {
 		String nonce = "NOT_BASE_64_ENCODED";
-
 		String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM, PASSWORD, "GET", REQUEST_URI,
 				QOP, nonce, NC, CNONCE);
-
 		this.request.addHeader("Authorization",
 				createAuthorizationHeader(USERNAME, REALM, nonce, REQUEST_URI, responseDigest, QOP, NC, CNONCE));
-
 		MockHttpServletResponse response = executeFilterInContainerSimulator(this.filter, this.request, false);
-
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
 		assertThat(response.getStatus()).isEqualTo(401);
 	}
@@ -238,12 +210,9 @@ public class DigestAuthenticationFilterTests {
 		String nonce = new String(Base64.encodeBase64("123456:incorrectStringPassword".getBytes()));
 		String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM, PASSWORD, "GET", REQUEST_URI,
 				QOP, nonce, NC, CNONCE);
-
 		this.request.addHeader("Authorization",
 				createAuthorizationHeader(USERNAME, REALM, nonce, REQUEST_URI, responseDigest, QOP, NC, CNONCE));
-
 		MockHttpServletResponse response = executeFilterInContainerSimulator(this.filter, this.request, false);
-
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
 		assertThat(response.getStatus()).isEqualTo(401);
 	}
@@ -253,12 +222,9 @@ public class DigestAuthenticationFilterTests {
 		String nonce = new String(Base64.encodeBase64("hello:ignoredSecondElement".getBytes()));
 		String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM, PASSWORD, "GET", REQUEST_URI,
 				QOP, nonce, NC, CNONCE);
-
 		this.request.addHeader("Authorization",
 				createAuthorizationHeader(USERNAME, REALM, nonce, REQUEST_URI, responseDigest, QOP, NC, CNONCE));
-
 		MockHttpServletResponse response = executeFilterInContainerSimulator(this.filter, this.request, false);
-
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
 		assertThat(response.getStatus()).isEqualTo(401);
 	}
@@ -268,12 +234,9 @@ public class DigestAuthenticationFilterTests {
 		String nonce = new String(Base64.encodeBase64("a base 64 string without a colon".getBytes()));
 		String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM, PASSWORD, "GET", REQUEST_URI,
 				QOP, nonce, NC, CNONCE);
-
 		this.request.addHeader("Authorization",
 				createAuthorizationHeader(USERNAME, REALM, nonce, REQUEST_URI, responseDigest, QOP, NC, CNONCE));
-
 		MockHttpServletResponse response = executeFilterInContainerSimulator(this.filter, this.request, false);
-
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
 		assertThat(response.getStatus()).isEqualTo(401);
 	}
@@ -283,12 +246,9 @@ public class DigestAuthenticationFilterTests {
 		String encodedPassword = DigestAuthUtils.encodePasswordInA1Format(USERNAME, REALM, PASSWORD);
 		String responseDigest = DigestAuthUtils.generateDigest(true, USERNAME, REALM, encodedPassword, "GET",
 				REQUEST_URI, QOP, NONCE, NC, CNONCE);
-
 		this.request.addHeader("Authorization",
 				createAuthorizationHeader(USERNAME, REALM, NONCE, REQUEST_URI, responseDigest, QOP, NC, CNONCE));
-
 		executeFilterInContainerSimulator(this.filter, this.request, true);
-
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull();
 		assertThat(((UserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getUsername())
 				.isEqualTo(USERNAME);
@@ -298,12 +258,9 @@ public class DigestAuthenticationFilterTests {
 	public void testNormalOperationWhenPasswordNotAlreadyEncoded() throws Exception {
 		String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM, PASSWORD, "GET", REQUEST_URI,
 				QOP, NONCE, NC, CNONCE);
-
 		this.request.addHeader("Authorization",
 				createAuthorizationHeader(USERNAME, REALM, NONCE, REQUEST_URI, responseDigest, QOP, NC, CNONCE));
-
 		executeFilterInContainerSimulator(this.filter, this.request, true);
-
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull();
 		assertThat(((UserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getUsername())
 				.isEqualTo(USERNAME);
@@ -314,13 +271,10 @@ public class DigestAuthenticationFilterTests {
 	public void testNormalOperationWhenPasswordNotAlreadyEncodedAndWithoutReAuthentication() throws Exception {
 		String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM, PASSWORD, "GET", REQUEST_URI,
 				QOP, NONCE, NC, CNONCE);
-
 		this.request.addHeader("Authorization",
 				createAuthorizationHeader(USERNAME, REALM, NONCE, REQUEST_URI, responseDigest, QOP, NC, CNONCE));
-
 		this.filter.setCreateAuthenticatedToken(true);
 		executeFilterInContainerSimulator(this.filter, this.request, true);
-
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull();
 		assertThat(((UserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getUsername())
 				.isEqualTo(USERNAME);
@@ -332,9 +286,7 @@ public class DigestAuthenticationFilterTests {
 	@Test
 	public void otherAuthorizationSchemeIsIgnored() throws Exception {
 		this.request.addHeader("Authorization", "SOME_OTHER_AUTHENTICATION_SCHEME");
-
 		executeFilterInContainerSimulator(this.filter, this.request, true);
-
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
 	}
 
@@ -356,24 +308,17 @@ public class DigestAuthenticationFilterTests {
 	public void successfulLoginThenFailedLoginResultsInSessionLosingToken() throws Exception {
 		String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM, PASSWORD, "GET", REQUEST_URI,
 				QOP, NONCE, NC, CNONCE);
-
 		this.request.addHeader("Authorization",
 				createAuthorizationHeader(USERNAME, REALM, NONCE, REQUEST_URI, responseDigest, QOP, NC, CNONCE));
-
 		executeFilterInContainerSimulator(this.filter, this.request, true);
-
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull();
-
 		// Now retry, giving an invalid nonce
 		responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM, "WRONG_PASSWORD", "GET", REQUEST_URI,
 				QOP, NONCE, NC, CNONCE);
-
 		this.request = new MockHttpServletRequest();
 		this.request.addHeader("Authorization",
 				createAuthorizationHeader(USERNAME, REALM, NONCE, REQUEST_URI, responseDigest, QOP, NC, CNONCE));
-
 		MockHttpServletResponse response = executeFilterInContainerSimulator(this.filter, this.request, false);
-
 		// Check we lost our previous authentication
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
 		assertThat(response.getStatus()).isEqualTo(401);
@@ -382,15 +327,11 @@ public class DigestAuthenticationFilterTests {
 	@Test
 	public void wrongCnonceBasedOnDigestReturnsForbidden() throws Exception {
 		String cnonce = "NOT_SAME_AS_USED_FOR_DIGEST_COMPUTATION";
-
 		String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM, PASSWORD, "GET", REQUEST_URI,
 				QOP, NONCE, NC, "DIFFERENT_CNONCE");
-
 		this.request.addHeader("Authorization",
 				createAuthorizationHeader(USERNAME, REALM, NONCE, REQUEST_URI, responseDigest, QOP, NC, cnonce));
-
 		MockHttpServletResponse response = executeFilterInContainerSimulator(this.filter, this.request, false);
-
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
 		assertThat(response.getStatus()).isEqualTo(401);
 	}
@@ -400,12 +341,9 @@ public class DigestAuthenticationFilterTests {
 		String password = "WRONG_PASSWORD";
 		String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM, password, "GET", REQUEST_URI,
 				QOP, NONCE, NC, CNONCE);
-
 		this.request.addHeader("Authorization",
 				createAuthorizationHeader(USERNAME, REALM, NONCE, REQUEST_URI, responseDigest, QOP, NC, CNONCE));
-
 		MockHttpServletResponse response = executeFilterInContainerSimulator(this.filter, this.request, false);
-
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
 		assertThat(response.getStatus()).isEqualTo(401);
 	}
@@ -415,12 +353,9 @@ public class DigestAuthenticationFilterTests {
 		String realm = "WRONG_REALM";
 		String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, realm, PASSWORD, "GET", REQUEST_URI,
 				QOP, NONCE, NC, CNONCE);
-
 		this.request.addHeader("Authorization",
 				createAuthorizationHeader(USERNAME, realm, NONCE, REQUEST_URI, responseDigest, QOP, NC, CNONCE));
-
 		MockHttpServletResponse response = executeFilterInContainerSimulator(this.filter, this.request, false);
-
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
 		assertThat(response.getStatus()).isEqualTo(401);
 	}
@@ -429,12 +364,9 @@ public class DigestAuthenticationFilterTests {
 	public void wrongUsernameReturnsForbidden() throws Exception {
 		String responseDigest = DigestAuthUtils.generateDigest(false, "NOT_A_KNOWN_USER", REALM, PASSWORD, "GET",
 				REQUEST_URI, QOP, NONCE, NC, CNONCE);
-
 		this.request.addHeader("Authorization",
 				createAuthorizationHeader(USERNAME, REALM, NONCE, REQUEST_URI, responseDigest, QOP, NC, CNONCE));
-
 		MockHttpServletResponse response = executeFilterInContainerSimulator(this.filter, this.request, false);
-
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
 		assertThat(response.getStatus()).isEqualTo(401);
 	}
@@ -446,18 +378,13 @@ public class DigestAuthenticationFilterTests {
 		TestingAuthenticationToken existingAuthentication = new TestingAuthenticationToken("existingauthenitcated",
 				"pass", "ROLE_USER");
 		existingContext.setAuthentication(existingAuthentication);
-
 		SecurityContextHolder.setContext(existingContext);
-
 		String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM, PASSWORD, "GET", REQUEST_URI,
 				QOP, NONCE, NC, CNONCE);
-
 		this.request.addHeader("Authorization",
 				createAuthorizationHeader(USERNAME, REALM, NONCE, REQUEST_URI, responseDigest, QOP, NC, CNONCE));
-
 		this.filter.setCreateAuthenticatedToken(true);
 		executeFilterInContainerSimulator(this.filter, this.request, true);
-
 		assertThat(existingAuthentication).isSameAs(existingContext.getAuthentication());
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/concurrent/ConcurrentSessionFilterTests.java b/web/src/test/java/org/springframework/security/web/concurrent/ConcurrentSessionFilterTests.java
index e6bd2892d6..fef74d42e1 100644
--- a/web/src/test/java/org/springframework/security/web/concurrent/ConcurrentSessionFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/concurrent/ConcurrentSessionFilterTests.java
@@ -91,26 +91,20 @@ public class ConcurrentSessionFilterTests {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpSession session = new MockHttpSession();
 		request.setSession(session);
-
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		SessionRegistry registry = new SessionRegistryImpl();
 		registry.registerNewSession(session.getId(), "principal");
 		registry.getSessionInformation(session.getId()).expireNow();
-
 		// Setup our test fixture and registry to want this session to be expired
-
 		SimpleRedirectSessionInformationExpiredStrategy expiredSessionStrategy = new SimpleRedirectSessionInformationExpiredStrategy(
 				"/expired.jsp");
 		ConcurrentSessionFilter filter = new ConcurrentSessionFilter(registry, expiredSessionStrategy);
 		filter.setLogoutHandlers(new LogoutHandler[] { new SecurityContextLogoutHandler() });
 		filter.afterPropertiesSet();
-
 		FilterChain fc = mock(FilterChain.class);
 		filter.doFilter(request, response, fc);
 		// Expect that the filter chain will not be invoked, as we redirect to expiredUrl
 		verifyZeroInteractions(fc);
-
 		assertThat(response.getRedirectedUrl()).isEqualTo("/expired.jsp");
 	}
 
@@ -120,18 +114,14 @@ public class ConcurrentSessionFilterTests {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpSession session = new MockHttpSession();
 		request.setSession(session);
-
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		SessionRegistry registry = new SessionRegistryImpl();
 		registry.registerNewSession(session.getId(), "principal");
 		registry.getSessionInformation(session.getId()).expireNow();
 		ConcurrentSessionFilter filter = new ConcurrentSessionFilter(registry);
-
 		FilterChain fc = mock(FilterChain.class);
 		filter.doFilter(request, response, fc);
 		verifyZeroInteractions(fc);
-
 		assertThat(response.getContentAsString())
 				.isEqualTo("This session has been expired (possibly due to multiple concurrent logins being "
 						+ "attempted as the same user).");
@@ -148,23 +138,17 @@ public class ConcurrentSessionFilterTests {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpSession session = new MockHttpSession();
 		request.setSession(session);
-
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		FilterChain fc = mock(FilterChain.class);
-
 		// Setup our test fixture
 		SessionRegistry registry = new SessionRegistryImpl();
 		registry.registerNewSession(session.getId(), "principal");
 		SimpleRedirectSessionInformationExpiredStrategy expiredSessionStrategy = new SimpleRedirectSessionInformationExpiredStrategy(
 				"/expired.jsp");
 		ConcurrentSessionFilter filter = new ConcurrentSessionFilter(registry, expiredSessionStrategy);
-
 		Date lastRequest = registry.getSessionInformation(session.getId()).getLastRequest();
-
 		Thread.sleep(1000);
-
 		filter.doFilter(request, response, fc);
-
 		verify(fc).doFilter(request, response);
 		assertThat(registry.getSessionInformation(session.getId()).getLastRequest().after(lastRequest)).isTrue();
 	}
@@ -173,22 +157,17 @@ public class ConcurrentSessionFilterTests {
 	public void doFilterWhenNoSessionThenChainIsContinued() throws Exception {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		RedirectStrategy redirect = mock(RedirectStrategy.class);
 		SessionRegistry registry = mock(SessionRegistry.class);
 		SessionInformation information = new SessionInformation("user", "sessionId",
 				new Date(System.currentTimeMillis() - 1000));
 		information.expireNow();
 		given(registry.getSessionInformation(anyString())).willReturn(information);
-
 		String expiredUrl = "/expired";
 		ConcurrentSessionFilter filter = new ConcurrentSessionFilter(registry, expiredUrl);
 		filter.setRedirectStrategy(redirect);
-
 		MockFilterChain chain = new MockFilterChain();
-
 		filter.doFilter(request, response, chain);
-
 		assertThat(chain.getRequest()).isNotNull();
 	}
 
@@ -197,18 +176,13 @@ public class ConcurrentSessionFilterTests {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setSession(new MockHttpSession());
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		RedirectStrategy redirect = mock(RedirectStrategy.class);
 		SessionRegistry registry = mock(SessionRegistry.class);
-
 		String expiredUrl = "/expired";
 		ConcurrentSessionFilter filter = new ConcurrentSessionFilter(registry, expiredUrl);
 		filter.setRedirectStrategy(redirect);
-
 		MockFilterChain chain = new MockFilterChain();
-
 		filter.doFilter(request, response, chain);
-
 		assertThat(chain.getRequest()).isNotNull();
 	}
 
@@ -218,20 +192,16 @@ public class ConcurrentSessionFilterTests {
 		MockHttpSession session = new MockHttpSession();
 		request.setSession(session);
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		RedirectStrategy redirect = mock(RedirectStrategy.class);
 		SessionRegistry registry = mock(SessionRegistry.class);
 		SessionInformation information = new SessionInformation("user", "sessionId",
 				new Date(System.currentTimeMillis() - 1000));
 		information.expireNow();
 		given(registry.getSessionInformation(anyString())).willReturn(information);
-
 		String expiredUrl = "/expired";
 		ConcurrentSessionFilter filter = new ConcurrentSessionFilter(registry, expiredUrl);
 		filter.setRedirectStrategy(redirect);
-
 		filter.doFilter(request, response, new MockFilterChain());
-
 		verify(redirect).sendRedirect(request, response, expiredUrl);
 	}
 
@@ -241,27 +211,21 @@ public class ConcurrentSessionFilterTests {
 		MockHttpSession session = new MockHttpSession();
 		request.setSession(session);
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		RedirectStrategy redirect = mock(RedirectStrategy.class);
 		SessionRegistry registry = mock(SessionRegistry.class);
 		SessionInformation information = new SessionInformation("user", "sessionId",
 				new Date(System.currentTimeMillis() - 1000));
 		information.expireNow();
 		given(registry.getSessionInformation(anyString())).willReturn(information);
-
 		final String expiredUrl = "/expired";
 		ConcurrentSessionFilter filter = new ConcurrentSessionFilter(registry, expiredUrl + "will-be-overrridden") {
-
 			@Override
 			protected String determineExpiredUrl(HttpServletRequest request, SessionInformation info) {
 				return expiredUrl;
 			}
-
 		};
 		filter.setRedirectStrategy(redirect);
-
 		filter.doFilter(request, response, new MockFilterChain());
-
 		verify(redirect).sendRedirect(request, response, expiredUrl);
 	}
 
@@ -271,17 +235,13 @@ public class ConcurrentSessionFilterTests {
 		MockHttpSession session = new MockHttpSession();
 		request.setSession(session);
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		SessionRegistry registry = mock(SessionRegistry.class);
 		SessionInformation information = new SessionInformation("user", "sessionId",
 				new Date(System.currentTimeMillis() - 1000));
 		information.expireNow();
 		given(registry.getSessionInformation(anyString())).willReturn(information);
-
 		ConcurrentSessionFilter filter = new ConcurrentSessionFilter(registry);
-
 		filter.doFilter(request, response, new MockFilterChain());
-
 		assertThat(response.getContentAsString()).contains(
 				"This session has been expired (possibly due to multiple concurrent logins being attempted as the same user).");
 	}
@@ -293,32 +253,26 @@ public class ConcurrentSessionFilterTests {
 		MockHttpSession session = new MockHttpSession();
 		request.setSession(session);
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		SessionRegistry registry = mock(SessionRegistry.class);
 		SessionInformation information = new SessionInformation("user", "sessionId",
 				new Date(System.currentTimeMillis() - 1000));
 		information.expireNow();
 		given(registry.getSessionInformation(anyString())).willReturn(information);
-
 		ConcurrentSessionFilter filter = new ConcurrentSessionFilter(registry);
 		filter.setLogoutHandlers(new LogoutHandler[] { handler });
-
 		filter.doFilter(request, response, new MockFilterChain());
-
 		verify(handler).logout(eq(request), eq(response), any());
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void setLogoutHandlersWhenNullThenThrowsException() {
 		ConcurrentSessionFilter filter = new ConcurrentSessionFilter(new SessionRegistryImpl());
-
 		filter.setLogoutHandlers((List<LogoutHandler>) null);
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void setLogoutHandlersWhenEmptyThenThrowsException() {
 		ConcurrentSessionFilter filter = new ConcurrentSessionFilter(new SessionRegistryImpl());
-
 		filter.setLogoutHandlers(new LogoutHandler[0]);
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/context/AbstractSecurityWebApplicationInitializerTests.java b/web/src/test/java/org/springframework/security/web/context/AbstractSecurityWebApplicationInitializerTests.java
index 1eac035d61..93a753af16 100644
--- a/web/src/test/java/org/springframework/security/web/context/AbstractSecurityWebApplicationInitializerTests.java
+++ b/web/src/test/java/org/springframework/security/web/context/AbstractSecurityWebApplicationInitializerTests.java
@@ -60,15 +60,11 @@ public class AbstractSecurityWebApplicationInitializerTests {
 	public void onStartupWhenDefaultContextThenRegistersSpringSecurityFilterChain() {
 		ServletContext context = mock(ServletContext.class);
 		FilterRegistration.Dynamic registration = mock(FilterRegistration.Dynamic.class);
-
 		ArgumentCaptor<DelegatingFilterProxy> proxyCaptor = ArgumentCaptor.forClass(DelegatingFilterProxy.class);
 		given(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).willReturn(registration);
-
 		new AbstractSecurityWebApplicationInitializer() {
 		}.onStartup(context);
-
 		assertProxyDefaults(proxyCaptor.getValue());
-
 		verify(registration).addMappingForUrlPatterns(DEFAULT_DISPATCH, false, "/*");
 		verify(registration).setAsyncSupported(true);
 		verifyNoAddListener(context);
@@ -78,16 +74,11 @@ public class AbstractSecurityWebApplicationInitializerTests {
 	public void onStartupWhenConfigurationClassThenAddsContextLoaderListener() {
 		ServletContext context = mock(ServletContext.class);
 		FilterRegistration.Dynamic registration = mock(FilterRegistration.Dynamic.class);
-
 		ArgumentCaptor<DelegatingFilterProxy> proxyCaptor = ArgumentCaptor.forClass(DelegatingFilterProxy.class);
-
 		given(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).willReturn(registration);
-
 		new AbstractSecurityWebApplicationInitializer(MyRootConfiguration.class) {
 		}.onStartup(context);
-
 		assertProxyDefaults(proxyCaptor.getValue());
-
 		verify(registration).addMappingForUrlPatterns(DEFAULT_DISPATCH, false, "/*");
 		verify(registration).setAsyncSupported(true);
 		verify(context).addListener(any(ContextLoaderListener.class));
@@ -97,20 +88,15 @@ public class AbstractSecurityWebApplicationInitializerTests {
 	public void onStartupWhenEnableHttpSessionEventPublisherIsTrueThenAddsHttpSessionEventPublisher() {
 		ServletContext context = mock(ServletContext.class);
 		FilterRegistration.Dynamic registration = mock(FilterRegistration.Dynamic.class);
-
 		ArgumentCaptor<DelegatingFilterProxy> proxyCaptor = ArgumentCaptor.forClass(DelegatingFilterProxy.class);
-
 		given(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).willReturn(registration);
-
 		new AbstractSecurityWebApplicationInitializer() {
 			@Override
 			protected boolean enableHttpSessionEventPublisher() {
 				return true;
 			}
 		}.onStartup(context);
-
 		assertProxyDefaults(proxyCaptor.getValue());
-
 		verify(registration).addMappingForUrlPatterns(DEFAULT_DISPATCH, false, "/*");
 		verify(registration).setAsyncSupported(true);
 		verify(context).addListener(HttpSessionEventPublisher.class.getName());
@@ -120,20 +106,15 @@ public class AbstractSecurityWebApplicationInitializerTests {
 	public void onStartupWhenCustomSecurityDispatcherTypesThenUses() {
 		ServletContext context = mock(ServletContext.class);
 		FilterRegistration.Dynamic registration = mock(FilterRegistration.Dynamic.class);
-
 		ArgumentCaptor<DelegatingFilterProxy> proxyCaptor = ArgumentCaptor.forClass(DelegatingFilterProxy.class);
-
 		given(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).willReturn(registration);
-
 		new AbstractSecurityWebApplicationInitializer() {
 			@Override
 			protected EnumSet<DispatcherType> getSecurityDispatcherTypes() {
 				return EnumSet.of(DispatcherType.REQUEST, DispatcherType.ERROR, DispatcherType.FORWARD);
 			}
 		}.onStartup(context);
-
 		assertProxyDefaults(proxyCaptor.getValue());
-
 		verify(registration).addMappingForUrlPatterns(
 				EnumSet.of(DispatcherType.REQUEST, DispatcherType.ERROR, DispatcherType.FORWARD), false, "/*");
 		verify(registration).setAsyncSupported(true);
@@ -144,23 +125,18 @@ public class AbstractSecurityWebApplicationInitializerTests {
 	public void onStartupWhenCustomDispatcherWebApplicationContextSuffixThenUses() {
 		ServletContext context = mock(ServletContext.class);
 		FilterRegistration.Dynamic registration = mock(FilterRegistration.Dynamic.class);
-
 		ArgumentCaptor<DelegatingFilterProxy> proxyCaptor = ArgumentCaptor.forClass(DelegatingFilterProxy.class);
-
 		given(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).willReturn(registration);
-
 		new AbstractSecurityWebApplicationInitializer() {
 			@Override
 			protected String getDispatcherWebApplicationContextSuffix() {
 				return "dispatcher";
 			}
 		}.onStartup(context);
-
 		DelegatingFilterProxy proxy = proxyCaptor.getValue();
 		assertThat(proxy.getContextAttribute())
 				.isEqualTo("org.springframework.web.servlet.FrameworkServlet.CONTEXT.dispatcher");
 		assertThat(proxy).hasFieldOrPropertyWithValue("targetBeanName", "springSecurityFilterChain");
-
 		verify(registration).addMappingForUrlPatterns(DEFAULT_DISPATCH, false, "/*");
 		verify(registration).setAsyncSupported(true);
 		verifyNoAddListener(context);
@@ -169,7 +145,6 @@ public class AbstractSecurityWebApplicationInitializerTests {
 	@Test
 	public void onStartupWhenSpringSecurityFilterChainAlreadyRegisteredThenException() {
 		ServletContext context = mock(ServletContext.class);
-
 		assertThatCode(() -> new AbstractSecurityWebApplicationInitializer() {
 		}.onStartup(context)).isInstanceOf(IllegalStateException.class)
 				.hasMessage("Duplicate Filter registration for 'springSecurityFilterChain'. "
@@ -182,22 +157,17 @@ public class AbstractSecurityWebApplicationInitializerTests {
 		Filter filter2 = mock(Filter.class);
 		ServletContext context = mock(ServletContext.class);
 		FilterRegistration.Dynamic registration = mock(FilterRegistration.Dynamic.class);
-
 		ArgumentCaptor<DelegatingFilterProxy> proxyCaptor = ArgumentCaptor.forClass(DelegatingFilterProxy.class);
-
 		given(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).willReturn(registration);
 		given(context.addFilter(anyString(), eq(filter1))).willReturn(registration);
 		given(context.addFilter(anyString(), eq(filter2))).willReturn(registration);
-
 		new AbstractSecurityWebApplicationInitializer() {
 			@Override
 			protected void afterSpringSecurityFilterChain(ServletContext servletContext) {
 				insertFilters(context, filter1, filter2);
 			}
 		}.onStartup(context);
-
 		assertProxyDefaults(proxyCaptor.getValue());
-
 		verify(registration, times(3)).addMappingForUrlPatterns(DEFAULT_DISPATCH, false, "/*");
 		verify(registration, times(3)).setAsyncSupported(true);
 		verifyNoAddListener(context);
@@ -210,11 +180,8 @@ public class AbstractSecurityWebApplicationInitializerTests {
 		Filter filter1 = mock(Filter.class);
 		ServletContext context = mock(ServletContext.class);
 		FilterRegistration.Dynamic registration = mock(FilterRegistration.Dynamic.class);
-
 		ArgumentCaptor<DelegatingFilterProxy> proxyCaptor = ArgumentCaptor.forClass(DelegatingFilterProxy.class);
-
 		given(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).willReturn(registration);
-
 		assertThatCode(() -> new AbstractSecurityWebApplicationInitializer() {
 			@Override
 			protected void afterSpringSecurityFilterChain(ServletContext servletContext) {
@@ -222,9 +189,7 @@ public class AbstractSecurityWebApplicationInitializerTests {
 			}
 		}.onStartup(context)).isInstanceOf(IllegalStateException.class).hasMessage(
 				"Duplicate Filter registration for 'object'. " + "Check to ensure the Filter is only configured once.");
-
 		assertProxyDefaults(proxyCaptor.getValue());
-
 		verify(registration).addMappingForUrlPatterns(DEFAULT_DISPATCH, false, "/*");
 		verify(context).addFilter(anyString(), eq(filter1));
 	}
@@ -233,11 +198,8 @@ public class AbstractSecurityWebApplicationInitializerTests {
 	public void onStartupWhenInsertFiltersEmptyThenException() {
 		ServletContext context = mock(ServletContext.class);
 		FilterRegistration.Dynamic registration = mock(FilterRegistration.Dynamic.class);
-
 		ArgumentCaptor<DelegatingFilterProxy> proxyCaptor = ArgumentCaptor.forClass(DelegatingFilterProxy.class);
-
 		given(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).willReturn(registration);
-
 		assertThatCode(() -> new AbstractSecurityWebApplicationInitializer() {
 			@Override
 			protected void afterSpringSecurityFilterChain(ServletContext servletContext) {
@@ -245,7 +207,6 @@ public class AbstractSecurityWebApplicationInitializerTests {
 			}
 		}.onStartup(context)).isInstanceOf(IllegalArgumentException.class)
 				.hasMessage("filters cannot be null or empty");
-
 		assertProxyDefaults(proxyCaptor.getValue());
 	}
 
@@ -254,12 +215,9 @@ public class AbstractSecurityWebApplicationInitializerTests {
 		Filter filter = mock(Filter.class);
 		ServletContext context = mock(ServletContext.class);
 		FilterRegistration.Dynamic registration = mock(FilterRegistration.Dynamic.class);
-
 		ArgumentCaptor<DelegatingFilterProxy> proxyCaptor = ArgumentCaptor.forClass(DelegatingFilterProxy.class);
-
 		given(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).willReturn(registration);
 		given(context.addFilter(anyString(), eq(filter))).willReturn(registration);
-
 		assertThatCode(() -> new AbstractSecurityWebApplicationInitializer() {
 			@Override
 			protected void afterSpringSecurityFilterChain(ServletContext servletContext) {
@@ -267,7 +225,6 @@ public class AbstractSecurityWebApplicationInitializerTests {
 			}
 		}.onStartup(context)).isInstanceOf(IllegalArgumentException.class)
 				.hasMessageContaining("filters cannot contain null values");
-
 		verify(context, times(2)).addFilter(anyString(), any(Filter.class));
 	}
 
@@ -277,20 +234,16 @@ public class AbstractSecurityWebApplicationInitializerTests {
 		Filter filter2 = mock(Filter.class);
 		ServletContext context = mock(ServletContext.class);
 		FilterRegistration.Dynamic registration = mock(FilterRegistration.Dynamic.class);
-
 		ArgumentCaptor<DelegatingFilterProxy> proxyCaptor = ArgumentCaptor.forClass(DelegatingFilterProxy.class);
-
 		given(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).willReturn(registration);
 		given(context.addFilter(anyString(), eq(filter1))).willReturn(registration);
 		given(context.addFilter(anyString(), eq(filter2))).willReturn(registration);
-
 		new AbstractSecurityWebApplicationInitializer() {
 			@Override
 			protected void afterSpringSecurityFilterChain(ServletContext servletContext) {
 				appendFilters(context, filter1, filter2);
 			}
 		}.onStartup(context);
-
 		verify(registration, times(1)).addMappingForUrlPatterns(DEFAULT_DISPATCH, false, "/*");
 		verify(registration, times(2)).addMappingForUrlPatterns(DEFAULT_DISPATCH, true, "/*");
 		verify(registration, times(3)).setAsyncSupported(true);
@@ -303,11 +256,8 @@ public class AbstractSecurityWebApplicationInitializerTests {
 		Filter filter1 = mock(Filter.class);
 		ServletContext context = mock(ServletContext.class);
 		FilterRegistration.Dynamic registration = mock(FilterRegistration.Dynamic.class);
-
 		ArgumentCaptor<DelegatingFilterProxy> proxyCaptor = ArgumentCaptor.forClass(DelegatingFilterProxy.class);
-
 		given(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).willReturn(registration);
-
 		assertThatCode(() -> new AbstractSecurityWebApplicationInitializer() {
 			@Override
 			protected void afterSpringSecurityFilterChain(ServletContext servletContext) {
@@ -315,9 +265,7 @@ public class AbstractSecurityWebApplicationInitializerTests {
 			}
 		}.onStartup(context)).isInstanceOf(IllegalStateException.class).hasMessage(
 				"Duplicate Filter registration for 'object'. " + "Check to ensure the Filter is only configured once.");
-
 		assertProxyDefaults(proxyCaptor.getValue());
-
 		verify(registration).addMappingForUrlPatterns(DEFAULT_DISPATCH, false, "/*");
 		verify(context).addFilter(anyString(), eq(filter1));
 	}
@@ -326,11 +274,8 @@ public class AbstractSecurityWebApplicationInitializerTests {
 	public void onStartupWhenAppendFiltersEmptyThenException() {
 		ServletContext context = mock(ServletContext.class);
 		FilterRegistration.Dynamic registration = mock(FilterRegistration.Dynamic.class);
-
 		ArgumentCaptor<DelegatingFilterProxy> proxyCaptor = ArgumentCaptor.forClass(DelegatingFilterProxy.class);
-
 		given(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).willReturn(registration);
-
 		assertThatCode(() -> new AbstractSecurityWebApplicationInitializer() {
 			@Override
 			protected void afterSpringSecurityFilterChain(ServletContext servletContext) {
@@ -338,7 +283,6 @@ public class AbstractSecurityWebApplicationInitializerTests {
 			}
 		}.onStartup(context)).isInstanceOf(IllegalArgumentException.class)
 				.hasMessage("filters cannot be null or empty");
-
 		assertProxyDefaults(proxyCaptor.getValue());
 	}
 
@@ -347,12 +291,9 @@ public class AbstractSecurityWebApplicationInitializerTests {
 		Filter filter = mock(Filter.class);
 		ServletContext context = mock(ServletContext.class);
 		FilterRegistration.Dynamic registration = mock(FilterRegistration.Dynamic.class);
-
 		ArgumentCaptor<DelegatingFilterProxy> proxyCaptor = ArgumentCaptor.forClass(DelegatingFilterProxy.class);
-
 		given(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).willReturn(registration);
 		given(context.addFilter(anyString(), eq(filter))).willReturn(registration);
-
 		assertThatCode(() -> new AbstractSecurityWebApplicationInitializer() {
 			@Override
 			protected void afterSpringSecurityFilterChain(ServletContext servletContext) {
@@ -360,7 +301,6 @@ public class AbstractSecurityWebApplicationInitializerTests {
 			}
 		}.onStartup(context)).isInstanceOf(IllegalArgumentException.class)
 				.hasMessageContaining("filters cannot contain null values");
-
 		verify(context, times(2)).addFilter(anyString(), any(Filter.class));
 	}
 
@@ -368,20 +308,15 @@ public class AbstractSecurityWebApplicationInitializerTests {
 	public void onStartupWhenDefaultsThenSessionTrackingModes() {
 		ServletContext context = mock(ServletContext.class);
 		FilterRegistration.Dynamic registration = mock(FilterRegistration.Dynamic.class);
-
 		ArgumentCaptor<DelegatingFilterProxy> proxyCaptor = ArgumentCaptor.forClass(DelegatingFilterProxy.class);
 		given(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).willReturn(registration);
-
 		ArgumentCaptor<Set<SessionTrackingMode>> modesCaptor = ArgumentCaptor
 				.forClass(new HashSet<SessionTrackingMode>() {
 				}.getClass());
 		willDoNothing().given(context).setSessionTrackingModes(modesCaptor.capture());
-
 		new AbstractSecurityWebApplicationInitializer() {
 		}.onStartup(context);
-
 		assertProxyDefaults(proxyCaptor.getValue());
-
 		Set<SessionTrackingMode> modes = modesCaptor.getValue();
 		assertThat(modes).hasSize(1);
 		assertThat(modes).containsExactly(SessionTrackingMode.COOKIE);
@@ -391,24 +326,19 @@ public class AbstractSecurityWebApplicationInitializerTests {
 	public void onStartupWhenSessionTrackingModesConfiguredThenUsed() {
 		ServletContext context = mock(ServletContext.class);
 		FilterRegistration.Dynamic registration = mock(FilterRegistration.Dynamic.class);
-
 		ArgumentCaptor<DelegatingFilterProxy> proxyCaptor = ArgumentCaptor.forClass(DelegatingFilterProxy.class);
 		given(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).willReturn(registration);
-
 		ArgumentCaptor<Set<SessionTrackingMode>> modesCaptor = ArgumentCaptor
 				.forClass(new HashSet<SessionTrackingMode>() {
 				}.getClass());
 		willDoNothing().given(context).setSessionTrackingModes(modesCaptor.capture());
-
 		new AbstractSecurityWebApplicationInitializer() {
 			@Override
 			public Set<SessionTrackingMode> getSessionTrackingModes() {
 				return Collections.singleton(SessionTrackingMode.SSL);
 			}
 		}.onStartup(context);
-
 		assertProxyDefaults(proxyCaptor.getValue());
-
 		Set<SessionTrackingMode> modes = modesCaptor.getValue();
 		assertThat(modes).hasSize(1);
 		assertThat(modes).containsExactly(SessionTrackingMode.SSL);
diff --git a/web/src/test/java/org/springframework/security/web/context/HttpSessionSecurityContextRepositoryTests.java b/web/src/test/java/org/springframework/security/web/context/HttpSessionSecurityContextRepositoryTests.java
index f8e06e9c5e..c3ef02ed5f 100644
--- a/web/src/test/java/org/springframework/security/web/context/HttpSessionSecurityContextRepositoryTests.java
+++ b/web/src/test/java/org/springframework/security/web/context/HttpSessionSecurityContextRepositoryTests.java
@@ -71,11 +71,9 @@ public class HttpSessionSecurityContextRepositoryTests {
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, response);
 		repo.loadContext(holder);
-
 		reset(request);
 		holder.getRequest().startAsync();
 		holder.getResponse().sendError(HttpServletResponse.SC_BAD_REQUEST);
-
 		// ensure that sendError did cause interaction with the HttpSession
 		verify(request, never()).getSession(anyBoolean());
 		verify(request, never()).getSession();
@@ -88,11 +86,9 @@ public class HttpSessionSecurityContextRepositoryTests {
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, response);
 		repo.loadContext(holder);
-
 		reset(request);
 		holder.getRequest().startAsync(request, response);
 		holder.getResponse().sendError(HttpServletResponse.SC_BAD_REQUEST);
-
 		// ensure that sendError did cause interaction with the HttpSession
 		verify(request, never()).getSession(anyBoolean());
 		verify(request, never()).getSession();
@@ -156,12 +152,10 @@ public class HttpSessionSecurityContextRepositoryTests {
 		request.setSession(session);
 		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, new MockHttpServletResponse());
 		assertThat(repo.loadContext(holder)).isSameAs(ctx);
-
 		// Modify context contents. Same user, different role
 		SecurityContextHolder.getContext()
 				.setAuthentication(new TestingAuthenticationToken("someone", "passwd", "ROLE_B"));
 		repo.saveContext(ctx, holder.getRequest(), holder.getResponse());
-
 		// Must be called even though the value in the local VM is already the same
 		verify(session).setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, ctx);
 	}
@@ -224,7 +218,6 @@ public class HttpSessionSecurityContextRepositoryTests {
 		SecurityContextHolder.getContext().setAuthentication(this.testToken);
 		holder.getResponse().sendError(404);
 		assertThat(request.getSession().getAttribute("imTheContext")).isEqualTo(SecurityContextHolder.getContext());
-
 		assertThat(((SaveContextOnUpdateOrErrorResponseWrapper) holder.getResponse()).isContextSaved()).isTrue();
 		repo.saveContext(SecurityContextHolder.getContext(), holder.getRequest(), holder.getResponse());
 		// Check it's still the same
@@ -441,13 +434,10 @@ public class HttpSessionSecurityContextRepositoryTests {
 		ctxInSession.setAuthentication(this.testToken);
 		request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY,
 				ctxInSession);
-
 		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, new MockHttpServletResponse());
 		repo.loadContext(holder);
-
 		ctxInSession.setAuthentication(null);
 		repo.saveContext(ctxInSession, holder.getRequest(), holder.getResponse());
-
 		assertThat(request.getSession().getAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY))
 				.isNull();
 	}
@@ -459,7 +449,6 @@ public class HttpSessionSecurityContextRepositoryTests {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		final String sessionId = ";jsessionid=id";
 		MockHttpServletResponse response = new MockHttpServletResponse() {
-
 			@Override
 			public String encodeRedirectUrl(String url) {
 				return url + sessionId;
@@ -506,9 +495,7 @@ public class HttpSessionSecurityContextRepositoryTests {
 		repo.loadContext(holder);
 		AuthenticationTrustResolver trustResolver = mock(AuthenticationTrustResolver.class);
 		repo.setTrustResolver(trustResolver);
-
 		repo.saveContext(contextToSave, holder.getRequest(), holder.getResponse());
-
 		verify(trustResolver).isAnonymous(contextToSave.getAuthentication());
 	}
 
@@ -529,10 +516,8 @@ public class HttpSessionSecurityContextRepositoryTests {
 		assertThat(request.getSession(false)).isNull();
 		// Simulate authentication during the request
 		context.setAuthentication(this.testToken);
-
 		repo.saveContext(context, new HttpServletRequestWrapper(holder.getRequest()),
 				new HttpServletResponseWrapper(holder.getResponse()));
-
 		assertThat(request.getSession(false)).isNotNull();
 		assertThat(request.getSession().getAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY))
 				.isEqualTo(context);
@@ -545,7 +530,6 @@ public class HttpSessionSecurityContextRepositoryTests {
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		SecurityContext context = SecurityContextHolder.createEmptyContext();
 		context.setAuthentication(this.testToken);
-
 		repo.saveContext(context, request, response);
 	}
 
@@ -556,12 +540,9 @@ public class HttpSessionSecurityContextRepositoryTests {
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, response);
 		SecurityContext context = repo.loadContext(holder);
-
 		SomeTransientAuthentication authentication = new SomeTransientAuthentication();
 		context.setAuthentication(authentication);
-
 		repo.saveContext(context, holder.getRequest(), holder.getResponse());
-
 		MockHttpSession session = (MockHttpSession) request.getSession(false);
 		assertThat(session).isNull();
 	}
@@ -573,12 +554,9 @@ public class HttpSessionSecurityContextRepositoryTests {
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, response);
 		SecurityContext context = repo.loadContext(holder);
-
 		SomeTransientAuthenticationSubclass authentication = new SomeTransientAuthenticationSubclass();
 		context.setAuthentication(authentication);
-
 		repo.saveContext(context, holder.getRequest(), holder.getResponse());
-
 		MockHttpSession session = (MockHttpSession) request.getSession(false);
 		assertThat(session).isNull();
 	}
@@ -590,12 +568,9 @@ public class HttpSessionSecurityContextRepositoryTests {
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, response);
 		SecurityContext context = repo.loadContext(holder);
-
 		SomeOtherTransientAuthentication authentication = new SomeOtherTransientAuthentication();
 		context.setAuthentication(authentication);
-
 		repo.saveContext(context, holder.getRequest(), holder.getResponse());
-
 		MockHttpSession session = (MockHttpSession) request.getSession(false);
 		assertThat(session).isNull();
 	}
diff --git a/web/src/test/java/org/springframework/security/web/context/SaveContextOnUpdateOrErrorResponseWrapperTests.java b/web/src/test/java/org/springframework/security/web/context/SaveContextOnUpdateOrErrorResponseWrapperTests.java
index 611e221817..4a30bf3f89 100644
--- a/web/src/test/java/org/springframework/security/web/context/SaveContextOnUpdateOrErrorResponseWrapperTests.java
+++ b/web/src/test/java/org/springframework/security/web/context/SaveContextOnUpdateOrErrorResponseWrapperTests.java
@@ -35,7 +35,6 @@ import static org.assertj.core.api.Assertions.assertThat;
  * @author Rob Winch
  *
  */
-
 @RunWith(MockitoJUnitRunner.class)
 public class SaveContextOnUpdateOrErrorResponseWrapperTests {
 
diff --git a/web/src/test/java/org/springframework/security/web/context/SecurityContextPersistenceFilterTests.java b/web/src/test/java/org/springframework/security/web/context/SecurityContextPersistenceFilterTests.java
index 7dea43d79a..2bbfe08032 100644
--- a/web/src/test/java/org/springframework/security/web/context/SecurityContextPersistenceFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/context/SecurityContextPersistenceFilterTests.java
@@ -56,7 +56,6 @@ public class SecurityContextPersistenceFilterTests {
 		final MockHttpServletResponse response = new MockHttpServletResponse();
 		SecurityContextPersistenceFilter filter = new SecurityContextPersistenceFilter();
 		SecurityContextHolder.getContext().setAuthentication(this.testToken);
-
 		filter.doFilter(request, response, chain);
 		verify(chain).doFilter(any(ServletRequest.class), any(ServletResponse.class));
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
@@ -76,7 +75,6 @@ public class SecurityContextPersistenceFilterTests {
 		}
 		catch (IOException expected) {
 		}
-
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
 	}
 
@@ -91,17 +89,13 @@ public class SecurityContextPersistenceFilterTests {
 		scBefore.setAuthentication(beforeAuth);
 		final SecurityContextRepository repo = mock(SecurityContextRepository.class);
 		SecurityContextPersistenceFilter filter = new SecurityContextPersistenceFilter(repo);
-
 		given(repo.loadContext(any(HttpRequestResponseHolder.class))).willReturn(scBefore);
-
 		final FilterChain chain = (request1, response1) -> {
 			assertThat(SecurityContextHolder.getContext().getAuthentication()).isEqualTo(beforeAuth);
 			// Change the context here
 			SecurityContextHolder.setContext(scExpectedAfter);
 		};
-
 		filter.doFilter(request, response, chain);
-
 		verify(repo).saveContext(scExpectedAfter, request, response);
 	}
 
@@ -112,7 +106,6 @@ public class SecurityContextPersistenceFilterTests {
 		final MockHttpServletResponse response = new MockHttpServletResponse();
 		SecurityContextPersistenceFilter filter = new SecurityContextPersistenceFilter(
 				mock(SecurityContextRepository.class));
-
 		request.setAttribute(SecurityContextPersistenceFilter.FILTER_APPLIED, Boolean.TRUE);
 		filter.doFilter(request, response, chain);
 		verify(chain).doFilter(request, response);
diff --git a/web/src/test/java/org/springframework/security/web/context/request/async/SecurityContextCallableProcessingInterceptorTests.java b/web/src/test/java/org/springframework/security/web/context/request/async/SecurityContextCallableProcessingInterceptorTests.java
index 88681cca87..7a27f811b3 100644
--- a/web/src/test/java/org/springframework/security/web/context/request/async/SecurityContextCallableProcessingInterceptorTests.java
+++ b/web/src/test/java/org/springframework/security/web/context/request/async/SecurityContextCallableProcessingInterceptorTests.java
@@ -62,10 +62,8 @@ public class SecurityContextCallableProcessingInterceptorTests {
 		SecurityContextHolder.setContext(this.securityContext);
 		interceptor.beforeConcurrentHandling(this.webRequest, this.callable);
 		SecurityContextHolder.clearContext();
-
 		interceptor.preProcess(this.webRequest, this.callable);
 		assertThat(SecurityContextHolder.getContext()).isSameAs(this.securityContext);
-
 		interceptor.postProcess(this.webRequest, this.callable, null);
 		assertThat(SecurityContextHolder.getContext()).isNotSameAs(this.securityContext);
 	}
@@ -74,10 +72,8 @@ public class SecurityContextCallableProcessingInterceptorTests {
 	public void specificSecurityContext() throws Exception {
 		SecurityContextCallableProcessingInterceptor interceptor = new SecurityContextCallableProcessingInterceptor(
 				this.securityContext);
-
 		interceptor.preProcess(this.webRequest, this.callable);
 		assertThat(SecurityContextHolder.getContext()).isSameAs(this.securityContext);
-
 		interceptor.postProcess(this.webRequest, this.callable, null);
 		assertThat(SecurityContextHolder.getContext()).isNotSameAs(this.securityContext);
 	}
diff --git a/web/src/test/java/org/springframework/security/web/context/request/async/WebAsyncManagerIntegrationFilterTests.java b/web/src/test/java/org/springframework/security/web/context/request/async/WebAsyncManagerIntegrationFilterTests.java
index 2f35a7e449..09fc283ec3 100644
--- a/web/src/test/java/org/springframework/security/web/context/request/async/WebAsyncManagerIntegrationFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/context/request/async/WebAsyncManagerIntegrationFilterTests.java
@@ -72,16 +72,13 @@ public class WebAsyncManagerIntegrationFilterTests {
 	@Before
 	public void setUp() {
 		this.filterChain = new MockFilterChain();
-
 		this.threadFactory = new JoinableThreadFactory();
 		SimpleAsyncTaskExecutor executor = new SimpleAsyncTaskExecutor();
 		executor.setThreadFactory(this.threadFactory);
-
 		this.asyncManager = WebAsyncUtils.getAsyncManager(this.request);
 		this.asyncManager.setAsyncWebRequest(this.asyncWebRequest);
 		this.asyncManager.setTaskExecutor(executor);
 		given(this.request.getAttribute(WebAsyncUtils.WEB_ASYNC_MANAGER_ATTRIBUTE)).willReturn(this.asyncManager);
-
 		this.filter = new WebAsyncManagerIntegrationFilter();
 	}
 
@@ -101,7 +98,6 @@ public class WebAsyncManagerIntegrationFilterTests {
 			}
 		});
 		this.filter.doFilterInternal(this.request, this.response, this.filterChain);
-
 		VerifyingCallable verifyingCallable = new VerifyingCallable();
 		this.asyncManager.startCallableProcessing(verifyingCallable);
 		this.threadFactory.join();
@@ -120,7 +116,6 @@ public class WebAsyncManagerIntegrationFilterTests {
 		});
 		this.filter.doFilterInternal(this.request, this.response, this.filterChain);
 		SecurityContextHolder.setContext(this.securityContext);
-
 		VerifyingCallable verifyingCallable = new VerifyingCallable();
 		this.asyncManager.startCallableProcessing(verifyingCallable);
 		this.threadFactory.join();
diff --git a/web/src/test/java/org/springframework/security/web/csrf/CookieCsrfTokenRepositoryTests.java b/web/src/test/java/org/springframework/security/web/csrf/CookieCsrfTokenRepositoryTests.java
index 6f0aa4fddf..ffd64a0ff3 100644
--- a/web/src/test/java/org/springframework/security/web/csrf/CookieCsrfTokenRepositoryTests.java
+++ b/web/src/test/java/org/springframework/security/web/csrf/CookieCsrfTokenRepositoryTests.java
@@ -49,7 +49,6 @@ public class CookieCsrfTokenRepositoryTests {
 	@Test
 	public void generateToken() {
 		CsrfToken generateToken = this.repository.generateToken(this.request);
-
 		assertThat(generateToken).isNotNull();
 		assertThat(generateToken.getHeaderName()).isEqualTo(CookieCsrfTokenRepository.DEFAULT_CSRF_HEADER_NAME);
 		assertThat(generateToken.getParameterName()).isEqualTo(CookieCsrfTokenRepository.DEFAULT_CSRF_PARAMETER_NAME);
@@ -62,9 +61,7 @@ public class CookieCsrfTokenRepositoryTests {
 		String parameterName = "paramName";
 		this.repository.setHeaderName(headerName);
 		this.repository.setParameterName(parameterName);
-
 		CsrfToken generateToken = this.repository.generateToken(this.request);
-
 		assertThat(generateToken).isNotNull();
 		assertThat(generateToken.getHeaderName()).isEqualTo(headerName);
 		assertThat(generateToken.getParameterName()).isEqualTo(parameterName);
@@ -75,9 +72,7 @@ public class CookieCsrfTokenRepositoryTests {
 	public void saveToken() {
 		CsrfToken token = this.repository.generateToken(this.request);
 		this.repository.saveToken(token, this.request, this.response);
-
 		Cookie tokenCookie = this.response.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME);
-
 		assertThat(tokenCookie.getMaxAge()).isEqualTo(-1);
 		assertThat(tokenCookie.getName()).isEqualTo(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME);
 		assertThat(tokenCookie.getPath()).isEqualTo(this.request.getContextPath());
@@ -91,9 +86,7 @@ public class CookieCsrfTokenRepositoryTests {
 		this.request.setSecure(true);
 		CsrfToken token = this.repository.generateToken(this.request);
 		this.repository.saveToken(token, this.request, this.response);
-
 		Cookie tokenCookie = this.response.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME);
-
 		assertThat(tokenCookie.getSecure()).isTrue();
 	}
 
@@ -103,9 +96,7 @@ public class CookieCsrfTokenRepositoryTests {
 		this.repository.setSecure(Boolean.TRUE);
 		CsrfToken token = this.repository.generateToken(this.request);
 		this.repository.saveToken(token, this.request, this.response);
-
 		Cookie tokenCookie = this.response.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME);
-
 		assertThat(tokenCookie.getSecure()).isTrue();
 	}
 
@@ -115,9 +106,7 @@ public class CookieCsrfTokenRepositoryTests {
 		this.repository.setSecure(Boolean.FALSE);
 		CsrfToken token = this.repository.generateToken(this.request);
 		this.repository.saveToken(token, this.request, this.response);
-
 		Cookie tokenCookie = this.response.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME);
-
 		assertThat(tokenCookie.getSecure()).isFalse();
 	}
 
@@ -125,9 +114,7 @@ public class CookieCsrfTokenRepositoryTests {
 	public void saveTokenNull() {
 		this.request.setSecure(true);
 		this.repository.saveToken(null, this.request, this.response);
-
 		Cookie tokenCookie = this.response.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME);
-
 		assertThat(tokenCookie.getMaxAge()).isZero();
 		assertThat(tokenCookie.getName()).isEqualTo(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME);
 		assertThat(tokenCookie.getPath()).isEqualTo(this.request.getContextPath());
@@ -140,9 +127,7 @@ public class CookieCsrfTokenRepositoryTests {
 		this.repository.setCookieHttpOnly(true);
 		CsrfToken token = this.repository.generateToken(this.request);
 		this.repository.saveToken(token, this.request, this.response);
-
 		Cookie tokenCookie = this.response.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME);
-
 		assertThat(tokenCookie.isHttpOnly()).isTrue();
 	}
 
@@ -151,9 +136,7 @@ public class CookieCsrfTokenRepositoryTests {
 		this.repository.setCookieHttpOnly(false);
 		CsrfToken token = this.repository.generateToken(this.request);
 		this.repository.saveToken(token, this.request, this.response);
-
 		Cookie tokenCookie = this.response.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME);
-
 		assertThat(tokenCookie.isHttpOnly()).isFalse();
 	}
 
@@ -162,9 +145,7 @@ public class CookieCsrfTokenRepositoryTests {
 		this.repository = CookieCsrfTokenRepository.withHttpOnlyFalse();
 		CsrfToken token = this.repository.generateToken(this.request);
 		this.repository.saveToken(token, this.request, this.response);
-
 		Cookie tokenCookie = this.response.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME);
-
 		assertThat(tokenCookie.isHttpOnly()).isFalse();
 	}
 
@@ -174,9 +155,7 @@ public class CookieCsrfTokenRepositoryTests {
 		this.repository.setCookiePath(customPath);
 		CsrfToken token = this.repository.generateToken(this.request);
 		this.repository.saveToken(token, this.request, this.response);
-
 		Cookie tokenCookie = this.response.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME);
-
 		assertThat(tokenCookie.getPath()).isEqualTo(this.repository.getCookiePath());
 	}
 
@@ -186,9 +165,7 @@ public class CookieCsrfTokenRepositoryTests {
 		this.repository.setCookiePath(customPath);
 		CsrfToken token = this.repository.generateToken(this.request);
 		this.repository.saveToken(token, this.request, this.response);
-
 		Cookie tokenCookie = this.response.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME);
-
 		assertThat(tokenCookie.getPath()).isEqualTo(this.request.getContextPath());
 	}
 
@@ -198,9 +175,7 @@ public class CookieCsrfTokenRepositoryTests {
 		this.repository.setCookiePath(customPath);
 		CsrfToken token = this.repository.generateToken(this.request);
 		this.repository.saveToken(token, this.request, this.response);
-
 		Cookie tokenCookie = this.response.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME);
-
 		assertThat(tokenCookie.getPath()).isEqualTo(this.request.getContextPath());
 	}
 
@@ -208,12 +183,9 @@ public class CookieCsrfTokenRepositoryTests {
 	public void saveTokenWithCookieDomain() {
 		String domainName = "example.com";
 		this.repository.setCookieDomain(domainName);
-
 		CsrfToken token = this.repository.generateToken(this.request);
 		this.repository.saveToken(token, this.request, this.response);
-
 		Cookie tokenCookie = this.response.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME);
-
 		assertThat(tokenCookie.getDomain()).isEqualTo(domainName);
 	}
 
@@ -225,26 +197,21 @@ public class CookieCsrfTokenRepositoryTests {
 	@Test
 	public void loadTokenCookieIncorrectNameNull() {
 		this.request.setCookies(new Cookie("other", "name"));
-
 		assertThat(this.repository.loadToken(this.request)).isNull();
 	}
 
 	@Test
 	public void loadTokenCookieValueEmptyString() {
 		this.request.setCookies(new Cookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME, ""));
-
 		assertThat(this.repository.loadToken(this.request)).isNull();
 	}
 
 	@Test
 	public void loadToken() {
 		CsrfToken generateToken = this.repository.generateToken(this.request);
-
 		this.request
 				.setCookies(new Cookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME, generateToken.getToken()));
-
 		CsrfToken loadToken = this.repository.loadToken(this.request);
-
 		assertThat(loadToken).isNotNull();
 		assertThat(loadToken.getHeaderName()).isEqualTo(generateToken.getHeaderName());
 		assertThat(loadToken.getParameterName()).isEqualTo(generateToken.getParameterName());
@@ -260,11 +227,8 @@ public class CookieCsrfTokenRepositoryTests {
 		this.repository.setHeaderName(headerName);
 		this.repository.setParameterName(parameterName);
 		this.repository.setCookieName(cookieName);
-
 		this.request.setCookies(new Cookie(cookieName, value));
-
 		CsrfToken loadToken = this.repository.loadToken(this.request);
-
 		assertThat(loadToken).isNotNull();
 		assertThat(loadToken.getHeaderName()).isEqualTo(headerName);
 		assertThat(loadToken.getParameterName()).isEqualTo(parameterName);
diff --git a/web/src/test/java/org/springframework/security/web/csrf/CsrfAuthenticationStrategyTests.java b/web/src/test/java/org/springframework/security/web/csrf/CsrfAuthenticationStrategyTests.java
index 9a848bf0c9..d8057e2d9e 100644
--- a/web/src/test/java/org/springframework/security/web/csrf/CsrfAuthenticationStrategyTests.java
+++ b/web/src/test/java/org/springframework/security/web/csrf/CsrfAuthenticationStrategyTests.java
@@ -77,7 +77,6 @@ public class CsrfAuthenticationStrategyTests {
 		given(this.csrfTokenRepository.generateToken(this.request)).willReturn(this.generatedToken);
 		this.strategy.onAuthentication(new TestingAuthenticationToken("user", "password", "ROLE_USER"), this.request,
 				this.response);
-
 		verify(this.csrfTokenRepository).saveToken(null, this.request, this.response);
 		verify(this.csrfTokenRepository).saveToken(eq(this.generatedToken), any(HttpServletRequest.class),
 				any(HttpServletResponse.class));
@@ -93,16 +92,13 @@ public class CsrfAuthenticationStrategyTests {
 	@Test
 	public void delaySavingCsrf() {
 		this.strategy = new CsrfAuthenticationStrategy(new LazyCsrfTokenRepository(this.csrfTokenRepository));
-
 		given(this.csrfTokenRepository.loadToken(this.request)).willReturn(this.existingToken);
 		given(this.csrfTokenRepository.generateToken(this.request)).willReturn(this.generatedToken);
 		this.strategy.onAuthentication(new TestingAuthenticationToken("user", "password", "ROLE_USER"), this.request,
 				this.response);
-
 		verify(this.csrfTokenRepository).saveToken(null, this.request, this.response);
 		verify(this.csrfTokenRepository, never()).saveToken(eq(this.generatedToken), any(HttpServletRequest.class),
 				any(HttpServletResponse.class));
-
 		CsrfToken tokenInRequest = (CsrfToken) this.request.getAttribute(CsrfToken.class.getName());
 		tokenInRequest.getToken();
 		verify(this.csrfTokenRepository).saveToken(eq(this.generatedToken), any(HttpServletRequest.class),
@@ -113,7 +109,6 @@ public class CsrfAuthenticationStrategyTests {
 	public void logoutRemovesNoActionIfNullToken() {
 		this.strategy.onAuthentication(new TestingAuthenticationToken("user", "password", "ROLE_USER"), this.request,
 				this.response);
-
 		verify(this.csrfTokenRepository, never()).saveToken(any(CsrfToken.class), any(HttpServletRequest.class),
 				any(HttpServletResponse.class));
 	}
diff --git a/web/src/test/java/org/springframework/security/web/csrf/CsrfFilterTests.java b/web/src/test/java/org/springframework/security/web/csrf/CsrfFilterTests.java
index 0f3c2edc97..a0b619209f 100644
--- a/web/src/test/java/org/springframework/security/web/csrf/CsrfFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/csrf/CsrfFilterTests.java
@@ -106,18 +106,14 @@ public class CsrfFilterTests {
 		this.filter = createCsrfFilter(new LazyCsrfTokenRepository(this.tokenRepository));
 		given(this.requestMatcher.matches(this.request)).willReturn(false);
 		given(this.tokenRepository.generateToken(this.request)).willReturn(this.token);
-
 		this.filter.doFilter(this.request, this.response, this.filterChain);
 		CsrfToken attrToken = (CsrfToken) this.request.getAttribute(this.token.getParameterName());
-
 		// no CsrfToken should have been saved yet
 		verify(this.tokenRepository, times(0)).saveToken(any(CsrfToken.class), any(HttpServletRequest.class),
 				any(HttpServletResponse.class));
 		verify(this.filterChain).doFilter(this.request, this.response);
-
 		// access the token
 		attrToken.getToken();
-
 		// now the CsrfToken should have been saved
 		verify(this.tokenRepository).saveToken(eq(this.token), any(HttpServletRequest.class),
 				any(HttpServletResponse.class));
@@ -127,12 +123,9 @@ public class CsrfFilterTests {
 	public void doFilterAccessDeniedNoTokenPresent() throws ServletException, IOException {
 		given(this.requestMatcher.matches(this.request)).willReturn(true);
 		given(this.tokenRepository.loadToken(this.request)).willReturn(this.token);
-
 		this.filter.doFilter(this.request, this.response, this.filterChain);
-
 		assertThat(this.request.getAttribute(this.token.getParameterName())).isEqualTo(this.token);
 		assertThat(this.request.getAttribute(CsrfToken.class.getName())).isEqualTo(this.token);
-
 		verify(this.deniedHandler).handle(eq(this.request), eq(this.response), any(InvalidCsrfTokenException.class));
 		verifyZeroInteractions(this.filterChain);
 	}
@@ -142,12 +135,9 @@ public class CsrfFilterTests {
 		given(this.requestMatcher.matches(this.request)).willReturn(true);
 		given(this.tokenRepository.loadToken(this.request)).willReturn(this.token);
 		this.request.setParameter(this.token.getParameterName(), this.token.getToken() + " INVALID");
-
 		this.filter.doFilter(this.request, this.response, this.filterChain);
-
 		assertThat(this.request.getAttribute(this.token.getParameterName())).isEqualTo(this.token);
 		assertThat(this.request.getAttribute(CsrfToken.class.getName())).isEqualTo(this.token);
-
 		verify(this.deniedHandler).handle(eq(this.request), eq(this.response), any(InvalidCsrfTokenException.class));
 		verifyZeroInteractions(this.filterChain);
 	}
@@ -157,12 +147,9 @@ public class CsrfFilterTests {
 		given(this.requestMatcher.matches(this.request)).willReturn(true);
 		given(this.tokenRepository.loadToken(this.request)).willReturn(this.token);
 		this.request.addHeader(this.token.getHeaderName(), this.token.getToken() + " INVALID");
-
 		this.filter.doFilter(this.request, this.response, this.filterChain);
-
 		assertThat(this.request.getAttribute(this.token.getParameterName())).isEqualTo(this.token);
 		assertThat(this.request.getAttribute(CsrfToken.class.getName())).isEqualTo(this.token);
-
 		verify(this.deniedHandler).handle(eq(this.request), eq(this.response), any(InvalidCsrfTokenException.class));
 		verifyZeroInteractions(this.filterChain);
 	}
@@ -174,12 +161,9 @@ public class CsrfFilterTests {
 		given(this.tokenRepository.loadToken(this.request)).willReturn(this.token);
 		this.request.setParameter(this.token.getParameterName(), this.token.getToken());
 		this.request.addHeader(this.token.getHeaderName(), this.token.getToken() + " INVALID");
-
 		this.filter.doFilter(this.request, this.response, this.filterChain);
-
 		assertThat(this.request.getAttribute(this.token.getParameterName())).isEqualTo(this.token);
 		assertThat(this.request.getAttribute(CsrfToken.class.getName())).isEqualTo(this.token);
-
 		verify(this.deniedHandler).handle(eq(this.request), eq(this.response), any(InvalidCsrfTokenException.class));
 		verifyZeroInteractions(this.filterChain);
 	}
@@ -188,12 +172,9 @@ public class CsrfFilterTests {
 	public void doFilterNotCsrfRequestExistingToken() throws ServletException, IOException {
 		given(this.requestMatcher.matches(this.request)).willReturn(false);
 		given(this.tokenRepository.loadToken(this.request)).willReturn(this.token);
-
 		this.filter.doFilter(this.request, this.response, this.filterChain);
-
 		assertThat(this.request.getAttribute(this.token.getParameterName())).isEqualTo(this.token);
 		assertThat(this.request.getAttribute(CsrfToken.class.getName())).isEqualTo(this.token);
-
 		verify(this.filterChain).doFilter(this.request, this.response);
 		verifyZeroInteractions(this.deniedHandler);
 	}
@@ -202,12 +183,9 @@ public class CsrfFilterTests {
 	public void doFilterNotCsrfRequestGenerateToken() throws ServletException, IOException {
 		given(this.requestMatcher.matches(this.request)).willReturn(false);
 		given(this.tokenRepository.generateToken(this.request)).willReturn(this.token);
-
 		this.filter.doFilter(this.request, this.response, this.filterChain);
-
 		assertToken(this.request.getAttribute(this.token.getParameterName())).isEqualTo(this.token);
 		assertToken(this.request.getAttribute(CsrfToken.class.getName())).isEqualTo(this.token);
-
 		verify(this.filterChain).doFilter(this.request, this.response);
 		verifyZeroInteractions(this.deniedHandler);
 	}
@@ -217,12 +195,9 @@ public class CsrfFilterTests {
 		given(this.requestMatcher.matches(this.request)).willReturn(true);
 		given(this.tokenRepository.loadToken(this.request)).willReturn(this.token);
 		this.request.addHeader(this.token.getHeaderName(), this.token.getToken());
-
 		this.filter.doFilter(this.request, this.response, this.filterChain);
-
 		assertThat(this.request.getAttribute(this.token.getParameterName())).isEqualTo(this.token);
 		assertThat(this.request.getAttribute(CsrfToken.class.getName())).isEqualTo(this.token);
-
 		verify(this.filterChain).doFilter(this.request, this.response);
 		verifyZeroInteractions(this.deniedHandler);
 	}
@@ -234,12 +209,9 @@ public class CsrfFilterTests {
 		given(this.tokenRepository.loadToken(this.request)).willReturn(this.token);
 		this.request.setParameter(this.token.getParameterName(), this.token.getToken() + " INVALID");
 		this.request.addHeader(this.token.getHeaderName(), this.token.getToken());
-
 		this.filter.doFilter(this.request, this.response, this.filterChain);
-
 		assertThat(this.request.getAttribute(this.token.getParameterName())).isEqualTo(this.token);
 		assertThat(this.request.getAttribute(CsrfToken.class.getName())).isEqualTo(this.token);
-
 		verify(this.filterChain).doFilter(this.request, this.response);
 		verifyZeroInteractions(this.deniedHandler);
 	}
@@ -249,12 +221,9 @@ public class CsrfFilterTests {
 		given(this.requestMatcher.matches(this.request)).willReturn(true);
 		given(this.tokenRepository.loadToken(this.request)).willReturn(this.token);
 		this.request.setParameter(this.token.getParameterName(), this.token.getToken());
-
 		this.filter.doFilter(this.request, this.response, this.filterChain);
-
 		assertThat(this.request.getAttribute(this.token.getParameterName())).isEqualTo(this.token);
 		assertThat(this.request.getAttribute(CsrfToken.class.getName())).isEqualTo(this.token);
-
 		verify(this.filterChain).doFilter(this.request, this.response);
 		verifyZeroInteractions(this.deniedHandler);
 		verify(this.tokenRepository, never()).saveToken(any(CsrfToken.class), any(HttpServletRequest.class),
@@ -266,15 +235,11 @@ public class CsrfFilterTests {
 		given(this.requestMatcher.matches(this.request)).willReturn(true);
 		given(this.tokenRepository.generateToken(this.request)).willReturn(this.token);
 		this.request.setParameter(this.token.getParameterName(), this.token.getToken());
-
 		this.filter.doFilter(this.request, this.response, this.filterChain);
-
 		assertToken(this.request.getAttribute(this.token.getParameterName())).isEqualTo(this.token);
 		assertToken(this.request.getAttribute(CsrfToken.class.getName())).isEqualTo(this.token);
-
 		// LazyCsrfTokenRepository requires the response as an attribute
 		assertThat(this.request.getAttribute(HttpServletResponse.class.getName())).isEqualTo(this.response);
-
 		verify(this.filterChain).doFilter(this.request, this.response);
 		verify(this.tokenRepository).saveToken(this.token, this.request, this.response);
 		verifyZeroInteractions(this.deniedHandler);
@@ -284,14 +249,11 @@ public class CsrfFilterTests {
 	public void doFilterDefaultRequireCsrfProtectionMatcherAllowedMethods() throws ServletException, IOException {
 		this.filter = new CsrfFilter(this.tokenRepository);
 		this.filter.setAccessDeniedHandler(this.deniedHandler);
-
 		for (String method : Arrays.asList("GET", "TRACE", "OPTIONS", "HEAD")) {
 			resetRequestResponse();
 			given(this.tokenRepository.loadToken(this.request)).willReturn(this.token);
 			this.request.setMethod(method);
-
 			this.filter.doFilter(this.request, this.response, this.filterChain);
-
 			verify(this.filterChain).doFilter(this.request, this.response);
 			verifyZeroInteractions(this.deniedHandler);
 		}
@@ -307,14 +269,11 @@ public class CsrfFilterTests {
 	public void doFilterDefaultRequireCsrfProtectionMatcherAllowedMethodsCaseSensitive() throws Exception {
 		this.filter = new CsrfFilter(this.tokenRepository);
 		this.filter.setAccessDeniedHandler(this.deniedHandler);
-
 		for (String method : Arrays.asList("get", "TrAcE", "oPTIOnS", "hEaD")) {
 			resetRequestResponse();
 			given(this.tokenRepository.loadToken(this.request)).willReturn(this.token);
 			this.request.setMethod(method);
-
 			this.filter.doFilter(this.request, this.response, this.filterChain);
-
 			verify(this.deniedHandler).handle(eq(this.request), eq(this.response),
 					any(InvalidCsrfTokenException.class));
 			verifyZeroInteractions(this.filterChain);
@@ -325,14 +284,11 @@ public class CsrfFilterTests {
 	public void doFilterDefaultRequireCsrfProtectionMatcherDeniedMethods() throws ServletException, IOException {
 		this.filter = new CsrfFilter(this.tokenRepository);
 		this.filter.setAccessDeniedHandler(this.deniedHandler);
-
 		for (String method : Arrays.asList("POST", "PUT", "PATCH", "DELETE", "INVALID")) {
 			resetRequestResponse();
 			given(this.tokenRepository.loadToken(this.request)).willReturn(this.token);
 			this.request.setMethod(method);
-
 			this.filter.doFilter(this.request, this.response, this.filterChain);
-
 			verify(this.deniedHandler).handle(eq(this.request), eq(this.response),
 					any(InvalidCsrfTokenException.class));
 			verifyZeroInteractions(this.filterChain);
@@ -345,28 +301,21 @@ public class CsrfFilterTests {
 		this.filter.setRequireCsrfProtectionMatcher(this.requestMatcher);
 		given(this.requestMatcher.matches(this.request)).willReturn(true);
 		given(this.tokenRepository.loadToken(this.request)).willReturn(this.token);
-
 		this.filter.doFilter(this.request, this.response, this.filterChain);
-
 		assertThat(this.request.getAttribute(this.token.getParameterName())).isEqualTo(this.token);
 		assertThat(this.request.getAttribute(CsrfToken.class.getName())).isEqualTo(this.token);
-
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_FORBIDDEN);
 		verifyZeroInteractions(this.filterChain);
 	}
 
 	@Test
 	public void doFilterWhenSkipRequestInvokedThenSkips() throws Exception {
-
 		CsrfTokenRepository repository = mock(CsrfTokenRepository.class);
 		CsrfFilter filter = new CsrfFilter(repository);
-
 		lenient().when(repository.loadToken(any(HttpServletRequest.class))).thenReturn(this.token);
-
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		CsrfFilter.skipRequest(request);
 		filter.doFilter(request, new MockHttpServletResponse(), new MockFilterChain());
-
 		verifyZeroInteractions(repository);
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/csrf/CsrfLogoutHandlerTests.java b/web/src/test/java/org/springframework/security/web/csrf/CsrfLogoutHandlerTests.java
index 64be6dad9d..3e187126d4 100644
--- a/web/src/test/java/org/springframework/security/web/csrf/CsrfLogoutHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/csrf/CsrfLogoutHandlerTests.java
@@ -60,7 +60,6 @@ public class CsrfLogoutHandlerTests {
 	public void logoutRemovesCsrfToken() {
 		this.handler.logout(this.request, this.response,
 				new TestingAuthenticationToken("user", "password", "ROLE_USER"));
-
 		verify(this.csrfTokenRepository).saveToken(null, this.request, this.response);
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/csrf/HttpSessionCsrfTokenRepositoryTests.java b/web/src/test/java/org/springframework/security/web/csrf/HttpSessionCsrfTokenRepositoryTests.java
index 52f89da077..7470c04727 100644
--- a/web/src/test/java/org/springframework/security/web/csrf/HttpSessionCsrfTokenRepositoryTests.java
+++ b/web/src/test/java/org/springframework/security/web/csrf/HttpSessionCsrfTokenRepositoryTests.java
@@ -48,12 +48,9 @@ public class HttpSessionCsrfTokenRepositoryTests {
 	@Test
 	public void generateToken() {
 		this.token = this.repo.generateToken(this.request);
-
 		assertThat(this.token.getParameterName()).isEqualTo("_csrf");
 		assertThat(this.token.getToken()).isNotEmpty();
-
 		CsrfToken loadedToken = this.repo.loadToken(this.request);
-
 		assertThat(loadedToken).isNull();
 	}
 
@@ -61,9 +58,7 @@ public class HttpSessionCsrfTokenRepositoryTests {
 	public void generateCustomParameter() {
 		String paramName = "_csrf";
 		this.repo.setParameterName(paramName);
-
 		this.token = this.repo.generateToken(this.request);
-
 		assertThat(this.token.getParameterName()).isEqualTo(paramName);
 		assertThat(this.token.getToken()).isNotEmpty();
 	}
@@ -72,9 +67,7 @@ public class HttpSessionCsrfTokenRepositoryTests {
 	public void generateCustomHeader() {
 		String headerName = "CSRF";
 		this.repo.setHeaderName(headerName);
-
 		this.token = this.repo.generateToken(this.request);
-
 		assertThat(this.token.getHeaderName()).isEqualTo(headerName);
 		assertThat(this.token.getToken()).isNotEmpty();
 	}
@@ -95,10 +88,8 @@ public class HttpSessionCsrfTokenRepositoryTests {
 	public void saveToken() {
 		CsrfToken tokenToSave = new DefaultCsrfToken("123", "abc", "def");
 		this.repo.saveToken(tokenToSave, this.request, this.response);
-
 		String attrName = this.request.getSession().getAttributeNames().nextElement();
 		CsrfToken loadedToken = (CsrfToken) this.request.getSession().getAttribute(attrName);
-
 		assertThat(loadedToken).isEqualTo(tokenToSave);
 	}
 
@@ -108,26 +99,20 @@ public class HttpSessionCsrfTokenRepositoryTests {
 		String sessionAttributeName = "custom";
 		this.repo.setSessionAttributeName(sessionAttributeName);
 		this.repo.saveToken(tokenToSave, this.request, this.response);
-
 		CsrfToken loadedToken = (CsrfToken) this.request.getSession().getAttribute(sessionAttributeName);
-
 		assertThat(loadedToken).isEqualTo(tokenToSave);
 	}
 
 	@Test
 	public void saveTokenNullToken() {
 		saveToken();
-
 		this.repo.saveToken(null, this.request, this.response);
-
 		assertThat(this.request.getSession().getAttributeNames().hasMoreElements()).isFalse();
 	}
 
 	@Test
 	public void saveTokenNullTokenWhenSessionNotExists() {
-
 		this.repo.saveToken(null, this.request, this.response);
-
 		assertThat(this.request.getSession(false)).isNull();
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/csrf/LazyCsrfTokenRepositoryTests.java b/web/src/test/java/org/springframework/security/web/csrf/LazyCsrfTokenRepositoryTests.java
index 36bc4b0284..f7dc6895ec 100644
--- a/web/src/test/java/org/springframework/security/web/csrf/LazyCsrfTokenRepositoryTests.java
+++ b/web/src/test/java/org/springframework/security/web/csrf/LazyCsrfTokenRepositoryTests.java
@@ -72,33 +72,27 @@ public class LazyCsrfTokenRepositoryTests {
 	@Test
 	public void generateTokenGetTokenSavesToken() {
 		CsrfToken newToken = this.repository.generateToken(this.request);
-
 		newToken.getToken();
-
 		verify(this.delegate).saveToken(this.token, this.request, this.response);
 	}
 
 	@Test
 	public void saveNonNullDoesNothing() {
 		this.repository.saveToken(this.token, this.request, this.response);
-
 		verifyZeroInteractions(this.delegate);
 	}
 
 	@Test
 	public void saveNullDelegates() {
 		this.repository.saveToken(null, this.request, this.response);
-
 		verify(this.delegate).saveToken(null, this.request, this.response);
 	}
 
 	@Test
 	public void loadTokenDelegates() {
 		given(this.delegate.loadToken(this.request)).willReturn(this.token);
-
 		CsrfToken loadToken = this.repository.loadToken(this.request);
 		assertThat(loadToken).isSameAs(this.token);
-
 		verify(this.delegate).loadToken(this.request);
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/debug/DebugFilterTests.java b/web/src/test/java/org/springframework/security/web/debug/DebugFilterTests.java
index 7d5316e497..eae9715712 100644
--- a/web/src/test/java/org/springframework/security/web/debug/DebugFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/debug/DebugFilterTests.java
@@ -89,7 +89,6 @@ public class DebugFilterTests {
 	@Test
 	public void doFilterProcessesRequests() throws Exception {
 		this.filter.doFilter(this.request, this.response, this.filterChain);
-
 		verify(this.logger).info(anyString());
 		verify(this.request).setAttribute(this.requestAttr, Boolean.TRUE);
 		verify(this.fcp).doFilter(this.requestCaptor.capture(), eq(this.response), eq(this.filterChain));
@@ -102,9 +101,7 @@ public class DebugFilterTests {
 	public void doFilterProcessesForwardedRequests() throws Exception {
 		given(this.request.getAttribute(this.requestAttr)).willReturn(Boolean.TRUE);
 		HttpServletRequest request = new DebugRequestWrapper(this.request);
-
 		this.filter.doFilter(request, this.response, this.filterChain);
-
 		verify(this.logger).info(anyString());
 		verify(this.fcp).doFilter(request, this.response, this.filterChain);
 		verify(this.request, never()).removeAttribute(this.requestAttr);
@@ -114,9 +111,7 @@ public class DebugFilterTests {
 	public void doFilterDoesNotWrapWithDebugRequestWrapperAgain() throws Exception {
 		given(this.request.getAttribute(this.requestAttr)).willReturn(Boolean.TRUE);
 		HttpServletRequest fireWalledRequest = new HttpServletRequestWrapper(new DebugRequestWrapper(this.request));
-
 		this.filter.doFilter(fireWalledRequest, this.response, this.filterChain);
-
 		verify(this.fcp).doFilter(fireWalledRequest, this.response, this.filterChain);
 	}
 
@@ -129,11 +124,8 @@ public class DebugFilterTests {
 		request.addHeader("A", "A Value");
 		request.addHeader("A", "Another Value");
 		request.addHeader("B", "B Value");
-
 		this.filter.doFilter(request, this.response, this.filterChain);
-
 		verify(this.logger).info(this.logCaptor.capture());
-
 		assertThat(this.logCaptor.getValue()).isEqualTo("Request received for GET '/path/':\n" + "\n" + request + "\n"
 				+ "\n" + "servletPath:/path\n" + "pathInfo:/\n" + "headers: \n" + "A: A Value, Another Value\n"
 				+ "B: B Value\n" + "\n" + "\n" + "Security filter chain: no match");
diff --git a/web/src/test/java/org/springframework/security/web/firewall/DefaultHttpFirewallTests.java b/web/src/test/java/org/springframework/security/web/firewall/DefaultHttpFirewallTests.java
index aa36573226..ef2b49258a 100644
--- a/web/src/test/java/org/springframework/security/web/firewall/DefaultHttpFirewallTests.java
+++ b/web/src/test/java/org/springframework/security/web/firewall/DefaultHttpFirewallTests.java
@@ -33,7 +33,6 @@ public class DefaultHttpFirewallTests {
 	@Test
 	public void unnormalizedPathsAreRejected() {
 		DefaultHttpFirewall fw = new DefaultHttpFirewall();
-
 		MockHttpServletRequest request;
 		for (String path : this.unnormalizedPaths) {
 			request = new MockHttpServletRequest();
@@ -78,7 +77,6 @@ public class DefaultHttpFirewallTests {
 		request.setContextPath("/context-root");
 		request.setServletPath("");
 		request.setPathInfo("/a/b;/1/c"); // URL decoded requestURI
-
 		fw.getFirewalledRequest(request);
 	}
 
@@ -91,7 +89,6 @@ public class DefaultHttpFirewallTests {
 		request.setContextPath("/context-root");
 		request.setServletPath("");
 		request.setPathInfo("/a/b;/1/c"); // URL decoded requestURI
-
 		fw.getFirewalledRequest(request);
 	}
 
@@ -104,7 +101,6 @@ public class DefaultHttpFirewallTests {
 		request.setContextPath("/context-root");
 		request.setServletPath("");
 		request.setPathInfo("/a/b;/1/c"); // URL decoded requestURI
-
 		fw.getFirewalledRequest(request);
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/firewall/FirewalledResponseTests.java b/web/src/test/java/org/springframework/security/web/firewall/FirewalledResponseTests.java
index 3b7fb9a846..6628070350 100644
--- a/web/src/test/java/org/springframework/security/web/firewall/FirewalledResponseTests.java
+++ b/web/src/test/java/org/springframework/security/web/firewall/FirewalledResponseTests.java
@@ -51,49 +51,42 @@ public class FirewalledResponseTests {
 	@Test
 	public void sendRedirectWhenValidThenNoException() throws Exception {
 		this.fwResponse.sendRedirect("/theURL");
-
 		verify(this.response).sendRedirect("/theURL");
 	}
 
 	@Test
 	public void sendRedirectWhenNullThenDelegateInvoked() throws Exception {
 		this.fwResponse.sendRedirect(null);
-
 		verify(this.response).sendRedirect(null);
 	}
 
 	@Test
 	public void sendRedirectWhenHasCrlfThenThrowsException() throws Exception {
 		expectCrlfValidationException();
-
 		this.fwResponse.sendRedirect("/theURL\r\nsomething");
 	}
 
 	@Test
 	public void addHeaderWhenValidThenDelegateInvoked() {
 		this.fwResponse.addHeader("foo", "bar");
-
 		verify(this.response).addHeader("foo", "bar");
 	}
 
 	@Test
 	public void addHeaderWhenNullValueThenDelegateInvoked() {
 		this.fwResponse.addHeader("foo", null);
-
 		verify(this.response).addHeader("foo", null);
 	}
 
 	@Test
 	public void addHeaderWhenHeaderValueHasCrlfThenException() {
 		expectCrlfValidationException();
-
 		this.fwResponse.addHeader("foo", "abc\r\nContent-Length:100");
 	}
 
 	@Test
 	public void addHeaderWhenHeaderNameHasCrlfThenException() {
 		expectCrlfValidationException();
-
 		this.fwResponse.addHeader("abc\r\nContent-Length:100", "bar");
 	}
 
@@ -103,16 +96,13 @@ public class FirewalledResponseTests {
 		cookie.setPath("/foobar");
 		cookie.setDomain("foobar");
 		cookie.setComment("foobar");
-
 		this.fwResponse.addCookie(cookie);
-
 		verify(this.response).addCookie(cookie);
 	}
 
 	@Test
 	public void addCookieWhenNullThenDelegateInvoked() {
 		this.fwResponse.addCookie(null);
-
 		verify(this.response).addCookie(null);
 	}
 
@@ -124,10 +114,8 @@ public class FirewalledResponseTests {
 			public String getName() {
 				return "foo\r\nbar";
 			}
-
 		};
 		expectCrlfValidationException();
-
 		this.fwResponse.addCookie(cookie);
 	}
 
@@ -135,7 +123,6 @@ public class FirewalledResponseTests {
 	public void addCookieWhenCookieValueContainsCrlfThenException() {
 		Cookie cookie = new Cookie("foo", "foo\r\nbar");
 		expectCrlfValidationException();
-
 		this.fwResponse.addCookie(cookie);
 	}
 
@@ -144,7 +131,6 @@ public class FirewalledResponseTests {
 		Cookie cookie = new Cookie("foo", "bar");
 		cookie.setPath("/foo\r\nbar");
 		expectCrlfValidationException();
-
 		this.fwResponse.addCookie(cookie);
 	}
 
@@ -153,7 +139,6 @@ public class FirewalledResponseTests {
 		Cookie cookie = new Cookie("foo", "bar");
 		cookie.setDomain("foo\r\nbar");
 		expectCrlfValidationException();
-
 		this.fwResponse.addCookie(cookie);
 	}
 
@@ -162,7 +147,6 @@ public class FirewalledResponseTests {
 		Cookie cookie = new Cookie("foo", "bar");
 		cookie.setComment("foo\r\nbar");
 		expectCrlfValidationException();
-
 		this.fwResponse.addCookie(cookie);
 	}
 
@@ -171,7 +155,6 @@ public class FirewalledResponseTests {
 		validateLineEnding("foo", "foo\rbar");
 		validateLineEnding("foo", "foo\r\nbar");
 		validateLineEnding("foo", "foo\nbar");
-
 		validateLineEnding("foo\rbar", "bar");
 		validateLineEnding("foo\r\nbar", "bar");
 		validateLineEnding("foo\nbar", "bar");
diff --git a/web/src/test/java/org/springframework/security/web/firewall/RequestWrapperTests.java b/web/src/test/java/org/springframework/security/web/firewall/RequestWrapperTests.java
index 36169d418d..247d0e963f 100644
--- a/web/src/test/java/org/springframework/security/web/firewall/RequestWrapperTests.java
+++ b/web/src/test/java/org/springframework/security/web/firewall/RequestWrapperTests.java
@@ -56,7 +56,6 @@ public class RequestWrapperTests {
 	@Test
 	public void pathParametersAreRemovedFromServletPath() {
 		MockHttpServletRequest request = new MockHttpServletRequest();
-
 		for (Map.Entry<String, String> entry : testPaths.entrySet()) {
 			String path = entry.getKey();
 			String expectedResult = entry.getValue();
@@ -71,7 +70,6 @@ public class RequestWrapperTests {
 	@Test
 	public void pathParametersAreRemovedFromPathInfo() {
 		MockHttpServletRequest request = new MockHttpServletRequest();
-
 		for (Map.Entry<String, String> entry : testPaths.entrySet()) {
 			String path = entry.getKey();
 			String expectedResult = entry.getValue();
@@ -97,11 +95,9 @@ public class RequestWrapperTests {
 		given(mockRequest.getServletPath()).willReturn("");
 		given(mockRequest.getPathInfo()).willReturn(denormalizedPath);
 		given(mockRequest.getRequestDispatcher(forwardPath)).willReturn(mockDispatcher);
-
 		RequestWrapper wrapper = new RequestWrapper(mockRequest);
 		RequestDispatcher dispatcher = wrapper.getRequestDispatcher(forwardPath);
 		dispatcher.forward(mockRequest, mockResponse);
-
 		verify(mockRequest).getRequestDispatcher(forwardPath);
 		verify(mockDispatcher).forward(mockRequest, mockResponse);
 		assertThat(wrapper.getPathInfo()).isEqualTo(denormalizedPath);
diff --git a/web/src/test/java/org/springframework/security/web/firewall/StrictHttpFirewallTests.java b/web/src/test/java/org/springframework/security/web/firewall/StrictHttpFirewallTests.java
index 9146827284..a09c7a9e2e 100644
--- a/web/src/test/java/org/springframework/security/web/firewall/StrictHttpFirewallTests.java
+++ b/web/src/test/java/org/springframework/security/web/firewall/StrictHttpFirewallTests.java
@@ -149,84 +149,72 @@ public class StrictHttpFirewallTests {
 	@Test(expected = RequestRejectedException.class)
 	public void getFirewalledRequestWhenSemicolonInContextPathThenThrowsRequestRejectedException() {
 		this.request.setContextPath(";/context");
-
 		this.firewall.getFirewalledRequest(this.request);
 	}
 
 	@Test(expected = RequestRejectedException.class)
 	public void getFirewalledRequestWhenSemicolonInServletPathThenThrowsRequestRejectedException() {
 		this.request.setServletPath("/spring;/");
-
 		this.firewall.getFirewalledRequest(this.request);
 	}
 
 	@Test(expected = RequestRejectedException.class)
 	public void getFirewalledRequestWhenSemicolonInPathInfoThenThrowsRequestRejectedException() {
 		this.request.setPathInfo("/path;/");
-
 		this.firewall.getFirewalledRequest(this.request);
 	}
 
 	@Test(expected = RequestRejectedException.class)
 	public void getFirewalledRequestWhenSemicolonInRequestUriThenThrowsRequestRejectedException() {
 		this.request.setRequestURI("/path;/");
-
 		this.firewall.getFirewalledRequest(this.request);
 	}
 
 	@Test(expected = RequestRejectedException.class)
 	public void getFirewalledRequestWhenEncodedSemicolonInContextPathThenThrowsRequestRejectedException() {
 		this.request.setContextPath("%3B/context");
-
 		this.firewall.getFirewalledRequest(this.request);
 	}
 
 	@Test(expected = RequestRejectedException.class)
 	public void getFirewalledRequestWhenEncodedSemicolonInServletPathThenThrowsRequestRejectedException() {
 		this.request.setServletPath("/spring%3B/");
-
 		this.firewall.getFirewalledRequest(this.request);
 	}
 
 	@Test(expected = RequestRejectedException.class)
 	public void getFirewalledRequestWhenEncodedSemicolonInPathInfoThenThrowsRequestRejectedException() {
 		this.request.setPathInfo("/path%3B/");
-
 		this.firewall.getFirewalledRequest(this.request);
 	}
 
 	@Test(expected = RequestRejectedException.class)
 	public void getFirewalledRequestWhenEncodedSemicolonInRequestUriThenThrowsRequestRejectedException() {
 		this.request.setRequestURI("/path%3B/");
-
 		this.firewall.getFirewalledRequest(this.request);
 	}
 
 	@Test(expected = RequestRejectedException.class)
 	public void getFirewalledRequestWhenLowercaseEncodedSemicolonInContextPathThenThrowsRequestRejectedException() {
 		this.request.setContextPath("%3b/context");
-
 		this.firewall.getFirewalledRequest(this.request);
 	}
 
 	@Test(expected = RequestRejectedException.class)
 	public void getFirewalledRequestWhenLowercaseEncodedSemicolonInServletPathThenThrowsRequestRejectedException() {
 		this.request.setServletPath("/spring%3b/");
-
 		this.firewall.getFirewalledRequest(this.request);
 	}
 
 	@Test(expected = RequestRejectedException.class)
 	public void getFirewalledRequestWhenLowercaseEncodedSemicolonInPathInfoThenThrowsRequestRejectedException() {
 		this.request.setPathInfo("/path%3b/");
-
 		this.firewall.getFirewalledRequest(this.request);
 	}
 
 	@Test(expected = RequestRejectedException.class)
 	public void getFirewalledRequestWhenLowercaseEncodedSemicolonInRequestUriThenThrowsRequestRejectedException() {
 		this.request.setRequestURI("/path%3b/");
-
 		this.firewall.getFirewalledRequest(this.request);
 	}
 
@@ -234,7 +222,6 @@ public class StrictHttpFirewallTests {
 	public void getFirewalledRequestWhenSemicolonInContextPathAndAllowSemicolonThenNoException() {
 		this.firewall.setAllowSemicolon(true);
 		this.request.setContextPath(";/context");
-
 		this.firewall.getFirewalledRequest(this.request);
 	}
 
@@ -242,7 +229,6 @@ public class StrictHttpFirewallTests {
 	public void getFirewalledRequestWhenSemicolonInServletPathAndAllowSemicolonThenNoException() {
 		this.firewall.setAllowSemicolon(true);
 		this.request.setServletPath("/spring;/");
-
 		this.firewall.getFirewalledRequest(this.request);
 	}
 
@@ -250,7 +236,6 @@ public class StrictHttpFirewallTests {
 	public void getFirewalledRequestWhenSemicolonInPathInfoAndAllowSemicolonThenNoException() {
 		this.firewall.setAllowSemicolon(true);
 		this.request.setPathInfo("/path;/");
-
 		this.firewall.getFirewalledRequest(this.request);
 	}
 
@@ -258,7 +243,6 @@ public class StrictHttpFirewallTests {
 	public void getFirewalledRequestWhenSemicolonInRequestUriAndAllowSemicolonThenNoException() {
 		this.firewall.setAllowSemicolon(true);
 		this.request.setRequestURI("/path;/");
-
 		this.firewall.getFirewalledRequest(this.request);
 	}
 
@@ -267,7 +251,6 @@ public class StrictHttpFirewallTests {
 		this.firewall.setAllowUrlEncodedPercent(true);
 		this.firewall.setAllowSemicolon(true);
 		this.request.setContextPath("%3B/context");
-
 		this.firewall.getFirewalledRequest(this.request);
 	}
 
@@ -276,7 +259,6 @@ public class StrictHttpFirewallTests {
 		this.firewall.setAllowUrlEncodedPercent(true);
 		this.firewall.setAllowSemicolon(true);
 		this.request.setServletPath("/spring%3B/");
-
 		this.firewall.getFirewalledRequest(this.request);
 	}
 
@@ -285,7 +267,6 @@ public class StrictHttpFirewallTests {
 		this.firewall.setAllowUrlEncodedPercent(true);
 		this.firewall.setAllowSemicolon(true);
 		this.request.setPathInfo("/path%3B/");
-
 		this.firewall.getFirewalledRequest(this.request);
 	}
 
@@ -293,7 +274,6 @@ public class StrictHttpFirewallTests {
 	public void getFirewalledRequestWhenEncodedSemicolonInRequestUriAndAllowSemicolonThenNoException() {
 		this.firewall.setAllowSemicolon(true);
 		this.request.setRequestURI("/path%3B/");
-
 		this.firewall.getFirewalledRequest(this.request);
 	}
 
@@ -302,7 +282,6 @@ public class StrictHttpFirewallTests {
 		this.firewall.setAllowUrlEncodedPercent(true);
 		this.firewall.setAllowSemicolon(true);
 		this.request.setContextPath("%3b/context");
-
 		this.firewall.getFirewalledRequest(this.request);
 	}
 
@@ -311,7 +290,6 @@ public class StrictHttpFirewallTests {
 		this.firewall.setAllowUrlEncodedPercent(true);
 		this.firewall.setAllowSemicolon(true);
 		this.request.setServletPath("/spring%3b/");
-
 		this.firewall.getFirewalledRequest(this.request);
 	}
 
@@ -320,7 +298,6 @@ public class StrictHttpFirewallTests {
 		this.firewall.setAllowUrlEncodedPercent(true);
 		this.firewall.setAllowSemicolon(true);
 		this.request.setPathInfo("/path%3b/");
-
 		this.firewall.getFirewalledRequest(this.request);
 	}
 
@@ -328,21 +305,18 @@ public class StrictHttpFirewallTests {
 	public void getFirewalledRequestWhenLowercaseEncodedSemicolonInRequestUriAndAllowSemicolonThenNoException() {
 		this.firewall.setAllowSemicolon(true);
 		this.request.setRequestURI("/path%3b/");
-
 		this.firewall.getFirewalledRequest(this.request);
 	}
 
 	@Test(expected = RequestRejectedException.class)
 	public void getFirewalledRequestWhenEncodedPeriodInThenThrowsRequestRejectedException() {
 		this.request.setRequestURI("/%2E/");
-
 		this.firewall.getFirewalledRequest(this.request);
 	}
 
 	@Test(expected = RequestRejectedException.class)
 	public void getFirewalledRequestWhenLowercaseEncodedPeriodInThenThrowsRequestRejectedException() {
 		this.request.setRequestURI("/%2e/");
-
 		this.firewall.getFirewalledRequest(this.request);
 	}
 
@@ -350,7 +324,6 @@ public class StrictHttpFirewallTests {
 	public void getFirewalledRequestWhenAllowEncodedPeriodAndEncodedPeriodInThenNoException() {
 		this.firewall.setAllowUrlEncodedPeriod(true);
 		this.request.setRequestURI("/%2E/");
-
 		this.firewall.getFirewalledRequest(this.request);
 	}
 
@@ -410,7 +383,6 @@ public class StrictHttpFirewallTests {
 		this.request.setContextPath("/context-root");
 		this.request.setServletPath("");
 		this.request.setPathInfo("/a/b;/1/c"); // URL decoded requestURI
-
 		this.firewall.getFirewalledRequest(this.request);
 	}
 
@@ -423,7 +395,6 @@ public class StrictHttpFirewallTests {
 		request.setContextPath("/context-root");
 		request.setServletPath("");
 		request.setPathInfo("/a/b;/1/c"); // URL decoded requestURI
-
 		this.firewall.getFirewalledRequest(request);
 	}
 
@@ -436,7 +407,6 @@ public class StrictHttpFirewallTests {
 		request.setContextPath("/context-root");
 		request.setServletPath("");
 		request.setPathInfo("/a/b;/1/c"); // URL decoded requestURI
-
 		this.firewall.getFirewalledRequest(request);
 	}
 
@@ -533,7 +503,6 @@ public class StrictHttpFirewallTests {
 	}
 
 	// blocklist
-
 	@Test
 	public void getFirewalledRequestWhenRemoveFromUpperCaseEncodedUrlBlocklistThenNoException() {
 		this.firewall.setAllowUrlEncodedSlash(true);
@@ -582,7 +551,6 @@ public class StrictHttpFirewallTests {
 	public void getFirewalledRequestWhenTrustedDomainThenNoException() {
 		this.request.addHeader("Host", "example.org");
 		this.firewall.setAllowedHostnames((hostname) -> hostname.equals("example.org"));
-
 		assertThatCode(() -> this.firewall.getFirewalledRequest(this.request)).doesNotThrowAnyException();
 	}
 
@@ -590,14 +558,12 @@ public class StrictHttpFirewallTests {
 	public void getFirewalledRequestWhenUntrustedDomainThenException() {
 		this.request.addHeader("Host", "example.org");
 		this.firewall.setAllowedHostnames((hostname) -> hostname.equals("myexample.org"));
-
 		this.firewall.getFirewalledRequest(this.request);
 	}
 
 	@Test(expected = RequestRejectedException.class)
 	public void getFirewalledRequestGetHeaderWhenNotAllowedHeaderNameThenException() {
 		this.firewall.setAllowedHeaderNames((name) -> !name.equals("bad name"));
-
 		HttpServletRequest request = this.firewall.getFirewalledRequest(this.request);
 		request.getHeader("bad name");
 	}
@@ -606,7 +572,6 @@ public class StrictHttpFirewallTests {
 	public void getFirewalledRequestGetHeaderWhenNotAllowedHeaderValueThenException() {
 		this.request.addHeader("good name", "bad value");
 		this.firewall.setAllowedHeaderValues((value) -> !value.equals("bad value"));
-
 		HttpServletRequest request = this.firewall.getFirewalledRequest(this.request);
 		request.getHeader("good name");
 	}
@@ -614,7 +579,6 @@ public class StrictHttpFirewallTests {
 	@Test(expected = RequestRejectedException.class)
 	public void getFirewalledRequestGetDateHeaderWhenControlCharacterInHeaderNameThenException() {
 		this.request.addHeader("Bad\0Name", "some value");
-
 		HttpServletRequest request = this.firewall.getFirewalledRequest(this.request);
 		request.getDateHeader("Bad\0Name");
 	}
@@ -622,7 +586,6 @@ public class StrictHttpFirewallTests {
 	@Test(expected = RequestRejectedException.class)
 	public void getFirewalledRequestGetIntHeaderWhenControlCharacterInHeaderNameThenException() {
 		this.request.addHeader("Bad\0Name", "some value");
-
 		HttpServletRequest request = this.firewall.getFirewalledRequest(this.request);
 		request.getIntHeader("Bad\0Name");
 	}
@@ -630,7 +593,6 @@ public class StrictHttpFirewallTests {
 	@Test(expected = RequestRejectedException.class)
 	public void getFirewalledRequestGetHeaderWhenControlCharacterInHeaderNameThenException() {
 		this.request.addHeader("Bad\0Name", "some value");
-
 		HttpServletRequest request = this.firewall.getFirewalledRequest(this.request);
 		request.getHeader("Bad\0Name");
 	}
@@ -638,7 +600,6 @@ public class StrictHttpFirewallTests {
 	@Test(expected = RequestRejectedException.class)
 	public void getFirewalledRequestGetHeaderWhenUndefinedCharacterInHeaderNameThenException() {
 		this.request.addHeader("Bad\uFFFEName", "some value");
-
 		HttpServletRequest request = this.firewall.getFirewalledRequest(this.request);
 		request.getHeader("Bad\uFFFEName");
 	}
@@ -646,7 +607,6 @@ public class StrictHttpFirewallTests {
 	@Test(expected = RequestRejectedException.class)
 	public void getFirewalledRequestGetHeadersWhenControlCharacterInHeaderNameThenException() {
 		this.request.addHeader("Bad\0Name", "some value");
-
 		HttpServletRequest request = this.firewall.getFirewalledRequest(this.request);
 		request.getHeaders("Bad\0Name");
 	}
@@ -654,7 +614,6 @@ public class StrictHttpFirewallTests {
 	@Test(expected = RequestRejectedException.class)
 	public void getFirewalledRequestGetHeaderNamesWhenControlCharacterInHeaderNameThenException() {
 		this.request.addHeader("Bad\0Name", "some value");
-
 		HttpServletRequest request = this.firewall.getFirewalledRequest(this.request);
 		request.getHeaderNames().nextElement();
 	}
@@ -662,7 +621,6 @@ public class StrictHttpFirewallTests {
 	@Test(expected = RequestRejectedException.class)
 	public void getFirewalledRequestGetHeaderWhenControlCharacterInHeaderValueThenException() {
 		this.request.addHeader("Something", "bad\0value");
-
 		HttpServletRequest request = this.firewall.getFirewalledRequest(this.request);
 		request.getHeader("Something");
 	}
@@ -670,7 +628,6 @@ public class StrictHttpFirewallTests {
 	@Test(expected = RequestRejectedException.class)
 	public void getFirewalledRequestGetHeaderWhenUndefinedCharacterInHeaderValueThenException() {
 		this.request.addHeader("Something", "bad\uFFFEvalue");
-
 		HttpServletRequest request = this.firewall.getFirewalledRequest(this.request);
 		request.getHeader("Something");
 	}
@@ -678,7 +635,6 @@ public class StrictHttpFirewallTests {
 	@Test(expected = RequestRejectedException.class)
 	public void getFirewalledRequestGetHeadersWhenControlCharacterInHeaderValueThenException() {
 		this.request.addHeader("Something", "bad\0value");
-
 		HttpServletRequest request = this.firewall.getFirewalledRequest(this.request);
 		request.getHeaders("Something").nextElement();
 	}
@@ -686,7 +642,6 @@ public class StrictHttpFirewallTests {
 	@Test(expected = RequestRejectedException.class)
 	public void getFirewalledRequestGetParameterWhenControlCharacterInParameterNameThenException() {
 		this.request.addParameter("Bad\0Name", "some value");
-
 		HttpServletRequest request = this.firewall.getFirewalledRequest(this.request);
 		request.getParameter("Bad\0Name");
 	}
@@ -694,7 +649,6 @@ public class StrictHttpFirewallTests {
 	@Test(expected = RequestRejectedException.class)
 	public void getFirewalledRequestGetParameterMapWhenControlCharacterInParameterNameThenException() {
 		this.request.addParameter("Bad\0Name", "some value");
-
 		HttpServletRequest request = this.firewall.getFirewalledRequest(this.request);
 		request.getParameterMap();
 	}
@@ -702,7 +656,6 @@ public class StrictHttpFirewallTests {
 	@Test(expected = RequestRejectedException.class)
 	public void getFirewalledRequestGetParameterNamesWhenControlCharacterInParameterNameThenException() {
 		this.request.addParameter("Bad\0Name", "some value");
-
 		HttpServletRequest request = this.firewall.getFirewalledRequest(this.request);
 		request.getParameterNames().nextElement();
 	}
@@ -710,7 +663,6 @@ public class StrictHttpFirewallTests {
 	@Test(expected = RequestRejectedException.class)
 	public void getFirewalledRequestGetParameterNamesWhenUndefinedCharacterInParameterNameThenException() {
 		this.request.addParameter("Bad\uFFFEName", "some value");
-
 		HttpServletRequest request = this.firewall.getFirewalledRequest(this.request);
 		request.getParameterNames().nextElement();
 	}
@@ -718,9 +670,7 @@ public class StrictHttpFirewallTests {
 	@Test(expected = RequestRejectedException.class)
 	public void getFirewalledRequestGetParameterValuesWhenNotAllowedInParameterValueThenException() {
 		this.firewall.setAllowedParameterValues((value) -> !value.equals("bad value"));
-
 		this.request.addParameter("Something", "bad value");
-
 		HttpServletRequest request = this.firewall.getFirewalledRequest(this.request);
 		request.getParameterValues("Something");
 	}
@@ -728,9 +678,7 @@ public class StrictHttpFirewallTests {
 	@Test(expected = RequestRejectedException.class)
 	public void getFirewalledRequestGetParameterValuesWhenNotAllowedInParameterNameThenException() {
 		this.firewall.setAllowedParameterNames((value) -> !value.equals("bad name"));
-
 		this.request.addParameter("bad name", "good value");
-
 		HttpServletRequest request = this.firewall.getFirewalledRequest(this.request);
 		request.getParameterValues("bad name");
 	}
diff --git a/web/src/test/java/org/springframework/security/web/header/HeaderWriterFilterTests.java b/web/src/test/java/org/springframework/security/web/header/HeaderWriterFilterTests.java
index 2bf8744e3e..6da7e6a2b7 100644
--- a/web/src/test/java/org/springframework/security/web/header/HeaderWriterFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/HeaderWriterFilterTests.java
@@ -71,15 +71,11 @@ public class HeaderWriterFilterTests {
 		List<HeaderWriter> headerWriters = new ArrayList<>();
 		headerWriters.add(this.writer1);
 		headerWriters.add(this.writer2);
-
 		HeaderWriterFilter filter = new HeaderWriterFilter(headerWriters);
-
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		MockFilterChain filterChain = new MockFilterChain();
-
 		filter.doFilter(request, response, filterChain);
-
 		verify(this.writer1).writeHeaders(request, response);
 		verify(this.writer2).writeHeaders(request, response);
 		HeaderWriterFilter.HeaderWriterRequest wrappedRequest = (HeaderWriterFilter.HeaderWriterRequest) filterChain
@@ -93,19 +89,14 @@ public class HeaderWriterFilterTests {
 	@Test
 	public void headersDelayed() throws Exception {
 		HeaderWriterFilter filter = new HeaderWriterFilter(Arrays.<HeaderWriter>asList(this.writer1));
-
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		filter.doFilter(request, response, (request1, response1) -> {
 			verifyZeroInteractions(HeaderWriterFilterTests.this.writer1);
-
 			response1.flushBuffer();
-
 			verify(HeaderWriterFilterTests.this.writer1).writeHeaders(any(HttpServletRequest.class),
 					any(HttpServletResponse.class));
 		});
-
 		verifyNoMoreInteractions(this.writer1);
 	}
 
@@ -113,19 +104,14 @@ public class HeaderWriterFilterTests {
 	@Test
 	public void doFilterWhenRequestContainsIncludeThenHeadersStillWritten() throws Exception {
 		HeaderWriterFilter filter = new HeaderWriterFilter(Collections.singletonList(this.writer1));
-
 		MockHttpServletRequest mockRequest = new MockHttpServletRequest();
 		MockHttpServletResponse mockResponse = new MockHttpServletResponse();
-
 		filter.doFilter(mockRequest, mockResponse, (request, response) -> {
 			verifyZeroInteractions(HeaderWriterFilterTests.this.writer1);
-
 			request.getRequestDispatcher("/").include(request, response);
-
 			verify(HeaderWriterFilterTests.this.writer1).writeHeaders(any(HttpServletRequest.class),
 					any(HttpServletResponse.class));
 		});
-
 		verifyNoMoreInteractions(this.writer1);
 	}
 
@@ -133,13 +119,10 @@ public class HeaderWriterFilterTests {
 	public void headersWrittenAtBeginningOfRequest() throws Exception {
 		HeaderWriterFilter filter = new HeaderWriterFilter(Collections.singletonList(this.writer1));
 		filter.setShouldWriteHeadersEagerly(true);
-
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		filter.doFilter(request, response, (request1, response1) -> verify(HeaderWriterFilterTests.this.writer1)
 				.writeHeaders(any(HttpServletRequest.class), any(HttpServletResponse.class)));
-
 		verifyNoMoreInteractions(this.writer1);
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/CacheControlHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/CacheControlHeadersWriterTests.java
index c21b93e29d..398a844f53 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/CacheControlHeadersWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/CacheControlHeadersWriterTests.java
@@ -53,7 +53,6 @@ public class CacheControlHeadersWriterTests {
 	@Test
 	public void writeHeaders() {
 		this.writer.writeHeaders(this.request, this.response);
-
 		assertThat(this.response.getHeaderNames().size()).isEqualTo(3);
 		assertThat(this.response.getHeaderValues("Cache-Control"))
 				.containsOnly("no-cache, no-store, max-age=0, must-revalidate");
@@ -65,9 +64,7 @@ public class CacheControlHeadersWriterTests {
 	@Test
 	public void writeHeadersDisabledIfCacheControl() {
 		this.response.setHeader("Cache-Control", "max-age: 123");
-
 		this.writer.writeHeaders(this.request, this.response);
-
 		assertThat(this.response.getHeaderNames()).hasSize(1);
 		assertThat(this.response.getHeaderValues("Cache-Control")).containsOnly("max-age: 123");
 		assertThat(this.response.getHeaderValue("Pragma")).isNull();
@@ -77,9 +74,7 @@ public class CacheControlHeadersWriterTests {
 	@Test
 	public void writeHeadersDisabledIfPragma() {
 		this.response.setHeader("Pragma", "mock");
-
 		this.writer.writeHeaders(this.request, this.response);
-
 		assertThat(this.response.getHeaderNames()).hasSize(1);
 		assertThat(this.response.getHeaderValues("Pragma")).containsOnly("mock");
 		assertThat(this.response.getHeaderValue("Expires")).isNull();
@@ -89,9 +84,7 @@ public class CacheControlHeadersWriterTests {
 	@Test
 	public void writeHeadersDisabledIfExpires() {
 		this.response.setHeader("Expires", "mock");
-
 		this.writer.writeHeaders(this.request, this.response);
-
 		assertThat(this.response.getHeaderNames()).hasSize(1);
 		assertThat(this.response.getHeaderValues("Expires")).containsOnly("mock");
 		assertThat(this.response.getHeaderValue("Cache-Control")).isNull();
@@ -102,9 +95,7 @@ public class CacheControlHeadersWriterTests {
 	// gh-5534
 	public void writeHeadersDisabledIfNotModified() {
 		this.response.setStatus(HttpStatus.NOT_MODIFIED.value());
-
 		this.writer.writeHeaders(this.request, this.response);
-
 		assertThat(this.response.getHeaderNames()).isEmpty();
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/ClearSiteDataHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/ClearSiteDataHeaderWriterTests.java
index 4b9b83589b..a559c13282 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/ClearSiteDataHeaderWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/ClearSiteDataHeaderWriterTests.java
@@ -54,7 +54,6 @@ public class ClearSiteDataHeaderWriterTests {
 	public void createInstanceWhenMissingSourceThenThrowsException() {
 		this.thrown.expect(Exception.class);
 		this.thrown.expectMessage("directives cannot be empty or null");
-
 		new ClearSiteDataHeaderWriter();
 	}
 
@@ -63,7 +62,6 @@ public class ClearSiteDataHeaderWriterTests {
 		this.request.setSecure(false);
 		ClearSiteDataHeaderWriter headerWriter = new ClearSiteDataHeaderWriter(Directive.CACHE);
 		headerWriter.writeHeaders(this.request, this.response);
-
 		assertThat(this.response.getHeader(HEADER_NAME)).isNull();
 	}
 
@@ -71,7 +69,6 @@ public class ClearSiteDataHeaderWriterTests {
 	public void writeHeaderWhenRequestIsSecureThenHeaderValueMatchesPassedSource() {
 		ClearSiteDataHeaderWriter headerWriter = new ClearSiteDataHeaderWriter(Directive.STORAGE);
 		headerWriter.writeHeaders(this.request, this.response);
-
 		assertThat(this.response.getHeader(HEADER_NAME)).isEqualTo("\"storage\"");
 	}
 
@@ -80,7 +77,6 @@ public class ClearSiteDataHeaderWriterTests {
 		ClearSiteDataHeaderWriter headerWriter = new ClearSiteDataHeaderWriter(Directive.CACHE, Directive.COOKIES,
 				Directive.STORAGE, Directive.EXECUTION_CONTEXTS);
 		headerWriter.writeHeaders(this.request, this.response);
-
 		assertThat(this.response.getHeader(HEADER_NAME))
 				.isEqualTo("\"cache\", \"cookies\", \"storage\", \"executionContexts\"");
 	}
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/CompositeHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/CompositeHeaderWriterTests.java
index fe3c26097a..52f69284ab 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/CompositeHeaderWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/CompositeHeaderWriterTests.java
@@ -44,9 +44,7 @@ public class CompositeHeaderWriterTests {
 		HttpServletResponse response = mock(HttpServletResponse.class);
 		HeaderWriter one = mock(HeaderWriter.class);
 		HeaderWriter two = mock(HeaderWriter.class);
-
 		CompositeHeaderWriter headerWriter = new CompositeHeaderWriter(Arrays.asList(one, two));
-
 		headerWriter.writeHeaders(request, response);
 		verify(one).writeHeaders(request, response);
 		verify(two).writeHeaders(request, response);
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/ContentSecurityPolicyHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/ContentSecurityPolicyHeaderWriterTests.java
index 5946ac1105..2aebd2af5b 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/ContentSecurityPolicyHeaderWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/ContentSecurityPolicyHeaderWriterTests.java
@@ -54,7 +54,6 @@ public class ContentSecurityPolicyHeaderWriterTests {
 	public void writeHeadersWhenNoPolicyDirectivesThenUsesDefault() {
 		ContentSecurityPolicyHeaderWriter noPolicyWriter = new ContentSecurityPolicyHeaderWriter();
 		noPolicyWriter.writeHeaders(this.request, this.response);
-
 		assertThat(this.response.getHeaderNames()).hasSize(1);
 		assertThat(this.response.getHeader("Content-Security-Policy")).isEqualTo(DEFAULT_POLICY_DIRECTIVES);
 	}
@@ -62,7 +61,6 @@ public class ContentSecurityPolicyHeaderWriterTests {
 	@Test
 	public void writeHeadersContentSecurityPolicyDefault() {
 		this.writer.writeHeaders(this.request, this.response);
-
 		assertThat(this.response.getHeaderNames()).hasSize(1);
 		assertThat(this.response.getHeader("Content-Security-Policy")).isEqualTo(DEFAULT_POLICY_DIRECTIVES);
 	}
@@ -71,10 +69,8 @@ public class ContentSecurityPolicyHeaderWriterTests {
 	public void writeHeadersContentSecurityPolicyCustom() {
 		String policyDirectives = "default-src 'self'; " + "object-src plugins1.example.com plugins2.example.com; "
 				+ "script-src trustedscripts.example.com";
-
 		this.writer = new ContentSecurityPolicyHeaderWriter(policyDirectives);
 		this.writer.writeHeaders(this.request, this.response);
-
 		assertThat(this.response.getHeaderNames()).hasSize(1);
 		assertThat(this.response.getHeader("Content-Security-Policy")).isEqualTo(policyDirectives);
 	}
@@ -84,7 +80,6 @@ public class ContentSecurityPolicyHeaderWriterTests {
 		ContentSecurityPolicyHeaderWriter noPolicyWriter = new ContentSecurityPolicyHeaderWriter();
 		this.writer.setReportOnly(true);
 		noPolicyWriter.writeHeaders(this.request, this.response);
-
 		assertThat(this.response.getHeaderNames()).hasSize(1);
 		assertThat(this.response.getHeader("Content-Security-Policy")).isEqualTo(DEFAULT_POLICY_DIRECTIVES);
 	}
@@ -93,7 +88,6 @@ public class ContentSecurityPolicyHeaderWriterTests {
 	public void writeHeadersContentSecurityPolicyReportOnlyDefault() {
 		this.writer.setReportOnly(true);
 		this.writer.writeHeaders(this.request, this.response);
-
 		assertThat(this.response.getHeaderNames()).hasSize(1);
 		assertThat(this.response.getHeader("Content-Security-Policy-Report-Only")).isEqualTo(DEFAULT_POLICY_DIRECTIVES);
 	}
@@ -101,11 +95,9 @@ public class ContentSecurityPolicyHeaderWriterTests {
 	@Test
 	public void writeHeadersContentSecurityPolicyReportOnlyCustom() {
 		String policyDirectives = "default-src https:; report-uri https://example.com/";
-
 		this.writer = new ContentSecurityPolicyHeaderWriter(policyDirectives);
 		this.writer.setReportOnly(true);
 		this.writer.writeHeaders(this.request, this.response);
-
 		assertThat(this.response.getHeaderNames()).hasSize(1);
 		assertThat(this.response.getHeader("Content-Security-Policy-Report-Only")).isEqualTo(policyDirectives);
 	}
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/DelegatingRequestMatcherHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/DelegatingRequestMatcherHeaderWriterTests.java
index aca16eb1ae..8e4124f983 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/DelegatingRequestMatcherHeaderWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/DelegatingRequestMatcherHeaderWriterTests.java
@@ -70,18 +70,14 @@ public class DelegatingRequestMatcherHeaderWriterTests {
 	@Test
 	public void writeHeadersOnMatch() {
 		given(this.matcher.matches(this.request)).willReturn(true);
-
 		this.headerWriter.writeHeaders(this.request, this.response);
-
 		verify(this.delegate).writeHeaders(this.request, this.response);
 	}
 
 	@Test
 	public void writeHeadersOnNoMatch() {
 		given(this.matcher.matches(this.request)).willReturn(false);
-
 		this.headerWriter.writeHeaders(this.request, this.response);
-
 		verify(this.delegate, times(0)).writeHeaders(this.request, this.response);
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/FeaturePolicyHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/FeaturePolicyHeaderWriterTests.java
index 00454d0459..8c62dbd1c5 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/FeaturePolicyHeaderWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/FeaturePolicyHeaderWriterTests.java
@@ -53,7 +53,6 @@ public class FeaturePolicyHeaderWriterTests {
 	@Test
 	public void writeHeadersFeaturePolicyDefault() {
 		this.writer.writeHeaders(this.request, this.response);
-
 		assertThat(this.response.getHeaderNames()).hasSize(1);
 		assertThat(this.response.getHeader("Feature-Policy")).isEqualTo(DEFAULT_POLICY_DIRECTIVES);
 	}
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/HpkpHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/HpkpHeaderWriterTests.java
index c92dfc09d8..537a65a2b8 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/HpkpHeaderWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/HpkpHeaderWriterTests.java
@@ -43,7 +43,6 @@ public class HpkpHeaderWriterTests {
 		defaultPins.put("d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=", "sha256");
 		DEFAULT_PINS = Collections.unmodifiableMap(defaultPins);
 	}
-
 	private MockHttpServletRequest request;
 
 	private MockHttpServletResponse response;
@@ -58,21 +57,16 @@ public class HpkpHeaderWriterTests {
 	public void setup() {
 		this.request = new MockHttpServletRequest();
 		this.response = new MockHttpServletResponse();
-
 		this.writer = new HpkpHeaderWriter();
-
 		Map<String, String> defaultPins = new LinkedHashMap<>();
 		defaultPins.put("d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=", "sha256");
-
 		this.writer.setPins(defaultPins);
-
 		this.request.setSecure(true);
 	}
 
 	@Test
 	public void writeHeadersDefaultValues() {
 		this.writer.writeHeaders(this.request, this.response);
-
 		assertThat(this.response.getHeaderNames()).hasSize(1);
 		assertThat(this.response.getHeader("Public-Key-Pins-Report-Only"))
 				.isEqualTo("max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\"");
@@ -82,9 +76,7 @@ public class HpkpHeaderWriterTests {
 	public void maxAgeCustomConstructorWriteHeaders() {
 		this.writer = new HpkpHeaderWriter(2592000);
 		this.writer.setPins(DEFAULT_PINS);
-
 		this.writer.writeHeaders(this.request, this.response);
-
 		assertThat(this.response.getHeaderNames()).hasSize(1);
 		assertThat(this.response.getHeader("Public-Key-Pins-Report-Only"))
 				.isEqualTo("max-age=2592000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\"");
@@ -94,9 +86,7 @@ public class HpkpHeaderWriterTests {
 	public void maxAgeAndIncludeSubdomainsCustomConstructorWriteHeaders() {
 		this.writer = new HpkpHeaderWriter(2592000, true);
 		this.writer.setPins(DEFAULT_PINS);
-
 		this.writer.writeHeaders(this.request, this.response);
-
 		assertThat(this.response.getHeaderNames()).hasSize(1);
 		assertThat(this.response.getHeader("Public-Key-Pins-Report-Only")).isEqualTo(
 				"max-age=2592000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\" ; includeSubDomains");
@@ -106,9 +96,7 @@ public class HpkpHeaderWriterTests {
 	public void allArgsCustomConstructorWriteHeaders() {
 		this.writer = new HpkpHeaderWriter(2592000, true, false);
 		this.writer.setPins(DEFAULT_PINS);
-
 		this.writer.writeHeaders(this.request, this.response);
-
 		assertThat(this.response.getHeaderNames()).hasSize(1);
 		assertThat(this.response.getHeader("Public-Key-Pins")).isEqualTo(
 				"max-age=2592000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\" ; includeSubDomains");
@@ -117,9 +105,7 @@ public class HpkpHeaderWriterTests {
 	@Test
 	public void writeHeadersCustomMaxAgeInSeconds() {
 		this.writer.setMaxAgeInSeconds(2592000);
-
 		this.writer.writeHeaders(this.request, this.response);
-
 		assertThat(this.response.getHeaderNames()).hasSize(1);
 		assertThat(this.response.getHeader("Public-Key-Pins-Report-Only"))
 				.isEqualTo("max-age=2592000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\"");
@@ -128,9 +114,7 @@ public class HpkpHeaderWriterTests {
 	@Test
 	public void writeHeadersIncludeSubDomains() {
 		this.writer.setIncludeSubDomains(true);
-
 		this.writer.writeHeaders(this.request, this.response);
-
 		assertThat(this.response.getHeaderNames()).hasSize(1);
 		assertThat(this.response.getHeader("Public-Key-Pins-Report-Only")).isEqualTo(
 				"max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\" ; includeSubDomains");
@@ -139,9 +123,7 @@ public class HpkpHeaderWriterTests {
 	@Test
 	public void writeHeadersTerminateConnection() {
 		this.writer.setReportOnly(false);
-
 		this.writer.writeHeaders(this.request, this.response);
-
 		assertThat(this.response.getHeaderNames()).hasSize(1);
 		assertThat(this.response.getHeader("Public-Key-Pins"))
 				.isEqualTo("max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\"");
@@ -151,9 +133,7 @@ public class HpkpHeaderWriterTests {
 	public void writeHeadersTerminateConnectionWithURI() throws URISyntaxException {
 		this.writer.setReportOnly(false);
 		this.writer.setReportUri(new URI("https://example.com/pkp-report"));
-
 		this.writer.writeHeaders(this.request, this.response);
-
 		assertThat(this.response.getHeaderNames()).hasSize(1);
 		assertThat(this.response.getHeader("Public-Key-Pins")).isEqualTo(
 				"max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\" ; report-uri=\"https://example.com/pkp-report\"");
@@ -163,9 +143,7 @@ public class HpkpHeaderWriterTests {
 	public void writeHeadersTerminateConnectionWithURIAsString() {
 		this.writer.setReportOnly(false);
 		this.writer.setReportUri("https://example.com/pkp-report");
-
 		this.writer.writeHeaders(this.request, this.response);
-
 		assertThat(this.response.getHeaderNames()).hasSize(1);
 		assertThat(this.response.getHeader("Public-Key-Pins")).isEqualTo(
 				"max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\" ; report-uri=\"https://example.com/pkp-report\"");
@@ -176,7 +154,6 @@ public class HpkpHeaderWriterTests {
 		this.writer.addSha256Pins("d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=",
 				"E9CZ9INDbd+2eRQozYqqbQ2yXLVKB9+xcprMF+44U1g=");
 		this.writer.writeHeaders(this.request, this.response);
-
 		assertThat(this.response.getHeaderNames()).hasSize(1);
 		assertThat(this.response.getHeader("Public-Key-Pins-Report-Only")).isEqualTo(
 				"max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\" ; pin-sha256=\"E9CZ9INDbd+2eRQozYqqbQ2yXLVKB9+xcprMF+44U1g=\"");
@@ -185,9 +162,7 @@ public class HpkpHeaderWriterTests {
 	@Test
 	public void writeHeadersInsecureRequestDoesNotWriteHeader() {
 		this.request.setSecure(false);
-
 		this.writer.writeHeaders(this.request, this.response);
-
 		assertThat(this.response.getHeaderNames()).isEmpty();
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/HstsHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/HstsHeaderWriterTests.java
index 1ac7ea3b6c..dd006b845d 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/HstsHeaderWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/HstsHeaderWriterTests.java
@@ -45,7 +45,6 @@ public class HstsHeaderWriterTests {
 		this.request = new MockHttpServletRequest();
 		this.request.setSecure(true);
 		this.response = new MockHttpServletResponse();
-
 		this.writer = new HstsHeaderWriter();
 	}
 
@@ -53,9 +52,7 @@ public class HstsHeaderWriterTests {
 	public void allArgsCustomConstructorWriteHeaders() {
 		this.request.setSecure(false);
 		this.writer = new HstsHeaderWriter(AnyRequestMatcher.INSTANCE, 15768000, false);
-
 		this.writer.writeHeaders(this.request, this.response);
-
 		assertThat(this.response.getHeaderNames()).hasSize(1);
 		assertThat(this.response.getHeader("Strict-Transport-Security")).isEqualTo("max-age=15768000");
 	}
@@ -64,9 +61,7 @@ public class HstsHeaderWriterTests {
 	public void maxAgeAndIncludeSubdomainsCustomConstructorWriteHeaders() {
 		this.request.setSecure(false);
 		this.writer = new HstsHeaderWriter(AnyRequestMatcher.INSTANCE, 15768000, false);
-
 		this.writer.writeHeaders(this.request, this.response);
-
 		assertThat(this.response.getHeaderNames()).hasSize(1);
 		assertThat(this.response.getHeader("Strict-Transport-Security")).isEqualTo("max-age=15768000");
 	}
@@ -74,9 +69,7 @@ public class HstsHeaderWriterTests {
 	@Test
 	public void maxAgeCustomConstructorWriteHeaders() {
 		this.writer = new HstsHeaderWriter(15768000);
-
 		this.writer.writeHeaders(this.request, this.response);
-
 		assertThat(this.response.getHeaderNames()).hasSize(1);
 		assertThat(this.response.getHeader("Strict-Transport-Security"))
 				.isEqualTo("max-age=15768000 ; includeSubDomains");
@@ -85,9 +78,7 @@ public class HstsHeaderWriterTests {
 	@Test
 	public void includeSubDomainsCustomConstructorWriteHeaders() {
 		this.writer = new HstsHeaderWriter(false);
-
 		this.writer.writeHeaders(this.request, this.response);
-
 		assertThat(this.response.getHeaderNames()).hasSize(1);
 		assertThat(this.response.getHeader("Strict-Transport-Security")).isEqualTo("max-age=31536000");
 	}
@@ -95,7 +86,6 @@ public class HstsHeaderWriterTests {
 	@Test
 	public void writeHeadersDefaultValues() {
 		this.writer.writeHeaders(this.request, this.response);
-
 		assertThat(this.response.getHeaderNames()).hasSize(1);
 		assertThat(this.response.getHeader("Strict-Transport-Security"))
 				.isEqualTo("max-age=31536000 ; includeSubDomains");
@@ -104,9 +94,7 @@ public class HstsHeaderWriterTests {
 	@Test
 	public void writeHeadersIncludeSubDomainsFalse() {
 		this.writer.setIncludeSubDomains(false);
-
 		this.writer.writeHeaders(this.request, this.response);
-
 		assertThat(this.response.getHeaderNames()).hasSize(1);
 		assertThat(this.response.getHeader("Strict-Transport-Security")).isEqualTo("max-age=31536000");
 	}
@@ -114,9 +102,7 @@ public class HstsHeaderWriterTests {
 	@Test
 	public void writeHeadersCustomMaxAgeInSeconds() {
 		this.writer.setMaxAgeInSeconds(1);
-
 		this.writer.writeHeaders(this.request, this.response);
-
 		assertThat(this.response.getHeaderNames()).hasSize(1);
 		assertThat(this.response.getHeader("Strict-Transport-Security")).isEqualTo("max-age=1 ; includeSubDomains");
 	}
@@ -124,9 +110,7 @@ public class HstsHeaderWriterTests {
 	@Test
 	public void writeHeadersInsecureRequestDoesNotWriteHeader() {
 		this.request.setSecure(false);
-
 		this.writer.writeHeaders(this.request, this.response);
-
 		assertThat(this.response.getHeaderNames().isEmpty()).isTrue();
 	}
 
@@ -134,9 +118,7 @@ public class HstsHeaderWriterTests {
 	public void writeHeadersAnyRequestMatcher() {
 		this.writer.setRequestMatcher(AnyRequestMatcher.INSTANCE);
 		this.request.setSecure(false);
-
 		this.writer.writeHeaders(this.request, this.response);
-
 		assertThat(this.response.getHeaderNames()).hasSize(1);
 		assertThat(this.response.getHeader("Strict-Transport-Security"))
 				.isEqualTo("max-age=31536000 ; includeSubDomains");
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/ReferrerPolicyHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/ReferrerPolicyHeaderWriterTests.java
index 95d06305e8..b11c344fc3 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/ReferrerPolicyHeaderWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/ReferrerPolicyHeaderWriterTests.java
@@ -52,7 +52,6 @@ public class ReferrerPolicyHeaderWriterTests {
 	@Test
 	public void writeHeadersReferrerPolicyDefault() {
 		this.writer.writeHeaders(this.request, this.response);
-
 		assertThat(this.response.getHeaderNames()).hasSize(1);
 		assertThat(this.response.getHeader("Referrer-Policy")).isEqualTo(this.DEFAULT_REFERRER_POLICY);
 	}
@@ -60,9 +59,7 @@ public class ReferrerPolicyHeaderWriterTests {
 	@Test
 	public void writeHeadersReferrerPolicyCustom() {
 		this.writer = new ReferrerPolicyHeaderWriter(ReferrerPolicy.SAME_ORIGIN);
-
 		this.writer.writeHeaders(this.request, this.response);
-
 		assertThat(this.response.getHeaderNames()).hasSize(1);
 		assertThat(this.response.getHeader("Referrer-Policy")).isEqualTo("same-origin");
 	}
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/StaticHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/StaticHeaderWriterTests.java
index ca82d20848..33c077d51d 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/StaticHeaderWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/StaticHeaderWriterTests.java
@@ -78,7 +78,6 @@ public class StaticHeaderWriterTests {
 		String headerName = "X-header";
 		String headerValue = "foo";
 		StaticHeadersWriter factory = new StaticHeadersWriter(headerName, headerValue);
-
 		factory.writeHeaders(this.request, this.response);
 		assertThat(this.response.getHeaderValues(headerName)).isEqualTo(Arrays.asList(headerValue));
 	}
@@ -88,9 +87,7 @@ public class StaticHeaderWriterTests {
 		Header pragma = new Header("Pragma", "no-cache");
 		Header cacheControl = new Header("Cache-Control", "no-cache", "no-store", "must-revalidate");
 		StaticHeadersWriter factory = new StaticHeadersWriter(Arrays.asList(pragma, cacheControl));
-
 		factory.writeHeaders(this.request, this.response);
-
 		assertThat(this.response.getHeaderNames()).hasSize(2);
 		assertThat(this.response.getHeaderValues(pragma.getName())).isEqualTo(pragma.getValues());
 		assertThat(this.response.getHeaderValues(cacheControl.getName())).isEqualTo(cacheControl.getValues());
@@ -106,11 +103,9 @@ public class StaticHeaderWriterTests {
 		Header cacheControl = new Header("Cache-Control", "no-cache", "no-store", "must-revalidate");
 		StaticHeadersWriter factory = new StaticHeadersWriter(Arrays.asList(pragma, cacheControl));
 		factory.writeHeaders(this.request, this.response);
-
 		assertThat(this.response.getHeaderNames()).hasSize(2);
 		assertThat(this.response.getHeader("Pragma")).isSameAs(pragmaValue);
 		assertThat(this.response.getHeader("Cache-Control")).isSameAs(cacheControlValue);
-
 	}
 
 }
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/XContentTypeOptionsHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/XContentTypeOptionsHeaderWriterTests.java
index 10288251a9..fac153df1e 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/XContentTypeOptionsHeaderWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/XContentTypeOptionsHeaderWriterTests.java
@@ -46,7 +46,6 @@ public class XContentTypeOptionsHeaderWriterTests {
 	@Test
 	public void writeHeaders() {
 		this.writer.writeHeaders(this.request, this.response);
-
 		assertThat(this.response.getHeaderNames()).hasSize(1);
 		assertThat(this.response.getHeaderValues("X-Content-Type-Options")).containsExactly("nosniff");
 	}
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/XXssProtectionHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/XXssProtectionHeaderWriterTests.java
index 775e9058a1..c4525989d4 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/XXssProtectionHeaderWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/XXssProtectionHeaderWriterTests.java
@@ -49,7 +49,6 @@ public class XXssProtectionHeaderWriterTests {
 	@Test
 	public void writeHeaders() {
 		this.writer.writeHeaders(this.request, this.response);
-
 		assertThat(this.response.getHeaderNames()).hasSize(1);
 		assertThat(this.response.getHeaderValues("X-XSS-Protection")).containsOnly("1; mode=block");
 	}
@@ -57,9 +56,7 @@ public class XXssProtectionHeaderWriterTests {
 	@Test
 	public void writeHeadersNoBlock() {
 		this.writer.setBlock(false);
-
 		this.writer.writeHeaders(this.request, this.response);
-
 		assertThat(this.response.getHeaderNames()).hasSize(1);
 		assertThat(this.response.getHeaderValues("X-XSS-Protection")).containsOnly("1");
 	}
@@ -68,9 +65,7 @@ public class XXssProtectionHeaderWriterTests {
 	public void writeHeadersDisabled() {
 		this.writer.setBlock(false);
 		this.writer.setEnabled(false);
-
 		this.writer.writeHeaders(this.request, this.response);
-
 		assertThat(this.response.getHeaderNames()).hasSize(1);
 		assertThat(this.response.getHeaderValues("X-XSS-Protection")).containsOnly("0");
 	}
@@ -78,9 +73,7 @@ public class XXssProtectionHeaderWriterTests {
 	@Test
 	public void setEnabledFalseWithBlockTrue() {
 		this.writer.setEnabled(false);
-
 		this.writer.writeHeaders(this.request, this.response);
-
 		assertThat(this.response.getHeaderNames()).hasSize(1);
 		assertThat(this.response.getHeaderValues("X-XSS-Protection")).containsOnly("0");
 	}
@@ -89,7 +82,6 @@ public class XXssProtectionHeaderWriterTests {
 	public void setBlockTrueWithEnabledFalse() {
 		this.writer.setBlock(false);
 		this.writer.setEnabled(false);
-
 		this.writer.setBlock(true);
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/AbstractRequestParameterAllowFromStrategyTests.java b/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/AbstractRequestParameterAllowFromStrategyTests.java
index b853d1dcbf..10599ea34d 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/AbstractRequestParameterAllowFromStrategyTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/AbstractRequestParameterAllowFromStrategyTests.java
@@ -39,7 +39,6 @@ public class AbstractRequestParameterAllowFromStrategyTests {
 	@Test
 	public void nullAllowFromParameterValue() {
 		RequestParameterAllowFromStrategyStub strategy = new RequestParameterAllowFromStrategyStub(true);
-
 		assertThat(strategy.getAllowFromValue(this.request)).isEqualTo("DENY");
 	}
 
@@ -47,7 +46,6 @@ public class AbstractRequestParameterAllowFromStrategyTests {
 	public void emptyAllowFromParameterValue() {
 		this.request.setParameter("x-frames-allow-from", "");
 		RequestParameterAllowFromStrategyStub strategy = new RequestParameterAllowFromStrategyStub(true);
-
 		assertThat(strategy.getAllowFromValue(this.request)).isEqualTo("DENY");
 	}
 
@@ -57,7 +55,6 @@ public class AbstractRequestParameterAllowFromStrategyTests {
 		this.request.setParameter(customParam, "");
 		RequestParameterAllowFromStrategyStub strategy = new RequestParameterAllowFromStrategyStub(true);
 		strategy.setAllowFromParameterName(customParam);
-
 		assertThat(strategy.getAllowFromValue(this.request)).isEqualTo("DENY");
 	}
 
@@ -66,7 +63,6 @@ public class AbstractRequestParameterAllowFromStrategyTests {
 		String value = "https://example.com";
 		this.request.setParameter("x-frames-allow-from", value);
 		RequestParameterAllowFromStrategyStub strategy = new RequestParameterAllowFromStrategyStub(true);
-
 		assertThat(strategy.getAllowFromValue(this.request)).isEqualTo(value);
 	}
 
@@ -75,7 +71,6 @@ public class AbstractRequestParameterAllowFromStrategyTests {
 		String value = "https://example.com";
 		this.request.setParameter("x-frames-allow-from", value);
 		RequestParameterAllowFromStrategyStub strategy = new RequestParameterAllowFromStrategyStub(false);
-
 		assertThat(strategy.getAllowFromValue(this.request)).isEqualTo("DENY");
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/FrameOptionsHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/FrameOptionsHeaderWriterTests.java
index fdc33bee9c..2bf5e2abdb 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/FrameOptionsHeaderWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/FrameOptionsHeaderWriterTests.java
@@ -69,9 +69,7 @@ public class FrameOptionsHeaderWriterTests {
 	@Test
 	public void writeHeadersAllowFromReturnsNull() {
 		this.writer = new XFrameOptionsHeaderWriter(this.strategy);
-
 		this.writer.writeHeaders(this.request, this.response);
-
 		assertThat(this.response.getHeaderNames().isEmpty()).isTrue();
 	}
 
@@ -80,9 +78,7 @@ public class FrameOptionsHeaderWriterTests {
 		String allowFromValue = "https://example.com/";
 		given(this.strategy.getAllowFromValue(this.request)).willReturn(allowFromValue);
 		this.writer = new XFrameOptionsHeaderWriter(this.strategy);
-
 		this.writer.writeHeaders(this.request, this.response);
-
 		assertThat(this.response.getHeaderNames()).hasSize(1);
 		assertThat(this.response.getHeader(XFrameOptionsHeaderWriter.XFRAME_OPTIONS_HEADER))
 				.isEqualTo("ALLOW-FROM " + allowFromValue);
@@ -91,9 +87,7 @@ public class FrameOptionsHeaderWriterTests {
 	@Test
 	public void writeHeadersDeny() {
 		this.writer = new XFrameOptionsHeaderWriter(XFrameOptionsMode.DENY);
-
 		this.writer.writeHeaders(this.request, this.response);
-
 		assertThat(this.response.getHeaderNames()).hasSize(1);
 		assertThat(this.response.getHeader(XFrameOptionsHeaderWriter.XFRAME_OPTIONS_HEADER)).isEqualTo("DENY");
 	}
@@ -101,9 +95,7 @@ public class FrameOptionsHeaderWriterTests {
 	@Test
 	public void writeHeadersSameOrigin() {
 		this.writer = new XFrameOptionsHeaderWriter(XFrameOptionsMode.SAMEORIGIN);
-
 		this.writer.writeHeaders(this.request, this.response);
-
 		assertThat(this.response.getHeaderNames()).hasSize(1);
 		assertThat(this.response.getHeader(XFrameOptionsHeaderWriter.XFRAME_OPTIONS_HEADER)).isEqualTo("SAMEORIGIN");
 	}
@@ -112,10 +104,8 @@ public class FrameOptionsHeaderWriterTests {
 	public void writeHeadersTwiceLastWins() {
 		this.writer = new XFrameOptionsHeaderWriter(XFrameOptionsMode.SAMEORIGIN);
 		this.writer.writeHeaders(this.request, this.response);
-
 		this.writer = new XFrameOptionsHeaderWriter(XFrameOptionsMode.DENY);
 		this.writer.writeHeaders(this.request, this.response);
-
 		assertThat(this.response.getHeaderNames()).hasSize(1);
 		assertThat(this.response.getHeader(XFrameOptionsHeaderWriter.XFRAME_OPTIONS_HEADER)).isEqualTo("DENY");
 	}
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/RegExpAllowFromStrategyTests.java b/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/RegExpAllowFromStrategyTests.java
index 3eb1ab512a..95dc5791c9 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/RegExpAllowFromStrategyTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/RegExpAllowFromStrategyTests.java
@@ -44,15 +44,12 @@ public class RegExpAllowFromStrategyTests {
 		RegExpAllowFromStrategy strategy = new RegExpAllowFromStrategy("^https://([a-z0-9]*?\\.)test\\.com");
 		strategy.setAllowFromParameterName("from");
 		MockHttpServletRequest request = new MockHttpServletRequest();
-
 		request.setParameter("from", "https://www.test.com");
 		String result1 = strategy.getAllowFromValue(request);
 		assertThat(result1).isEqualTo("https://www.test.com");
-
 		request.setParameter("from", "https://www.test.com");
 		String result2 = strategy.getAllowFromValue(request);
 		assertThat(result2).isEqualTo("https://www.test.com");
-
 		request.setParameter("from", "https://test.foobar.com");
 		String result3 = strategy.getAllowFromValue(request);
 		assertThat(result3).isEqualTo("DENY");
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/WhiteListedAllowFromStrategyTests.java b/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/WhiteListedAllowFromStrategyTests.java
index 1d088d6c34..3ccc08ed73 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/WhiteListedAllowFromStrategyTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/WhiteListedAllowFromStrategyTests.java
@@ -51,7 +51,6 @@ public class WhiteListedAllowFromStrategyTests {
 		strategy.setAllowFromParameterName("from");
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setParameter("from", "https://www.test.com");
-
 		String result = strategy.getAllowFromValue(request);
 		assertThat(result).isEqualTo("https://www.test.com");
 	}
@@ -65,7 +64,6 @@ public class WhiteListedAllowFromStrategyTests {
 		strategy.setAllowFromParameterName("from");
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setParameter("from", "https://www.test.com");
-
 		String result = strategy.getAllowFromValue(request);
 		assertThat(result).isEqualTo("https://www.test.com");
 	}
@@ -78,7 +76,6 @@ public class WhiteListedAllowFromStrategyTests {
 		strategy.setAllowFromParameterName("from");
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setParameter("from", "https://www.test123.com");
-
 		String result = strategy.getAllowFromValue(request);
 		assertThat(result).isEqualTo("DENY");
 	}
@@ -90,10 +87,8 @@ public class WhiteListedAllowFromStrategyTests {
 		WhiteListedAllowFromStrategy strategy = new WhiteListedAllowFromStrategy(allowed);
 		strategy.setAllowFromParameterName("from");
 		MockHttpServletRequest request = new MockHttpServletRequest();
-
 		String result = strategy.getAllowFromValue(request);
 		assertThat(result).isEqualTo("DENY");
-
 	}
 
 }
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/XFrameOptionsHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/XFrameOptionsHeaderWriterTests.java
index 9c8eb1e38d..d2974bc865 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/XFrameOptionsHeaderWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/XFrameOptionsHeaderWriterTests.java
@@ -43,9 +43,7 @@ public class XFrameOptionsHeaderWriterTests {
 	public void writeHeadersWhenWhiteList() {
 		WhiteListedAllowFromStrategy whitelist = new WhiteListedAllowFromStrategy(Arrays.asList("example.com"));
 		XFrameOptionsHeaderWriter writer = new XFrameOptionsHeaderWriter(whitelist);
-
 		writer.writeHeaders(this.request, this.response);
-
 		assertThat(this.response.getHeaderValue(XFrameOptionsHeaderWriter.XFRAME_OPTIONS_HEADER)).isEqualTo("DENY");
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/jaasapi/JaasApiIntegrationFilterTests.java b/web/src/test/java/org/springframework/security/web/jaasapi/JaasApiIntegrationFilterTests.java
index 2d6d4e3da5..d8412b2e8c 100644
--- a/web/src/test/java/org/springframework/security/web/jaasapi/JaasApiIntegrationFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/jaasapi/JaasApiIntegrationFilterTests.java
@@ -77,7 +77,6 @@ public class JaasApiIntegrationFilterTests {
 		this.filter = new JaasApiIntegrationFilter();
 		this.request = new MockHttpServletRequest();
 		this.response = new MockHttpServletResponse();
-
 		this.authenticatedSubject = new Subject();
 		this.authenticatedSubject.getPrincipals().add(() -> "principal");
 		this.authenticatedSubject.getPrivateCredentials().add("password");
@@ -99,7 +98,6 @@ public class JaasApiIntegrationFilterTests {
 			}
 		};
 		this.testConfiguration = new Configuration() {
-
 			@Override
 			public void refresh() {
 			}
@@ -115,7 +113,6 @@ public class JaasApiIntegrationFilterTests {
 		ctx.login();
 		this.token = new JaasAuthenticationToken("username", "password",
 				AuthorityUtils.createAuthorityList("ROLE_ADMIN"), ctx);
-
 		// just in case someone forgot to clear the context
 		SecurityContextHolder.clearContext();
 	}
@@ -194,14 +191,12 @@ public class JaasApiIntegrationFilterTests {
 
 	private void assertJaasSubjectEquals(final Subject expectedValue) throws Exception {
 		MockFilterChain chain = new MockFilterChain() {
-
 			@Override
 			public void doFilter(ServletRequest request, ServletResponse response)
 					throws IOException, ServletException {
 				// See if the subject was updated
 				Subject currentSubject = Subject.getSubject(AccessController.getContext());
 				assertThat(currentSubject).isEqualTo(expectedValue);
-
 				// run so we know the chain was executed
 				super.doFilter(request, response);
 			}
diff --git a/web/src/test/java/org/springframework/security/web/jackson2/CookieMixinTests.java b/web/src/test/java/org/springframework/security/web/jackson2/CookieMixinTests.java
index 7a6b00d6e3..15c202283a 100644
--- a/web/src/test/java/org/springframework/security/web/jackson2/CookieMixinTests.java
+++ b/web/src/test/java/org/springframework/security/web/jackson2/CookieMixinTests.java
@@ -47,7 +47,6 @@ public class CookieMixinTests extends AbstractMixinTests {
 		+ "\"domain\": null"
 	+ "}";
 	// @formatter:on
-
 	@Test
 	public void serializeCookie() throws JsonProcessingException, JSONException {
 		Cookie cookie = new Cookie("demo", "cookie1");
diff --git a/web/src/test/java/org/springframework/security/web/jackson2/DefaultCsrfTokenMixinTests.java b/web/src/test/java/org/springframework/security/web/jackson2/DefaultCsrfTokenMixinTests.java
index 0130cc3b9e..f6ec0dedc5 100644
--- a/web/src/test/java/org/springframework/security/web/jackson2/DefaultCsrfTokenMixinTests.java
+++ b/web/src/test/java/org/springframework/security/web/jackson2/DefaultCsrfTokenMixinTests.java
@@ -42,7 +42,6 @@ public class DefaultCsrfTokenMixinTests extends AbstractMixinTests {
 		+ "\"token\": \"1\""
 	+ "}";
 	// @formatter:on
-
 	@Test
 	public void defaultCsrfTokenSerializedTest() throws JsonProcessingException, JSONException {
 		DefaultCsrfToken token = new DefaultCsrfToken("csrf-header", "_csrf", "1");
diff --git a/web/src/test/java/org/springframework/security/web/jackson2/DefaultSavedRequestMixinTests.java b/web/src/test/java/org/springframework/security/web/jackson2/DefaultSavedRequestMixinTests.java
index d5cff45f45..ba7104fd37 100644
--- a/web/src/test/java/org/springframework/security/web/jackson2/DefaultSavedRequestMixinTests.java
+++ b/web/src/test/java/org/springframework/security/web/jackson2/DefaultSavedRequestMixinTests.java
@@ -54,7 +54,6 @@ public class DefaultSavedRequestMixinTests extends AbstractMixinTests {
 		+ "\"domain\": null"
 	+ "}]]";
 	// @formatter:on
-
 	// @formatter:off
 	private static final String REQUEST_JSON = "{" +
 		"\"@class\": \"org.springframework.security.web.savedrequest.DefaultSavedRequest\", "
@@ -74,7 +73,6 @@ public class DefaultSavedRequestMixinTests extends AbstractMixinTests {
 		+ "\"serverPort\": 80"
 	+ "}";
 	// @formatter:on
-
 	@Test
 	public void matchRequestBuildWithConstructorAndBuilder() {
 		DefaultSavedRequest request = new DefaultSavedRequest.Builder()
@@ -86,7 +84,6 @@ public class DefaultSavedRequestMixinTests extends AbstractMixinTests {
 		MockHttpServletRequest mockRequest = new MockHttpServletRequest();
 		mockRequest.setCookies(new Cookie("SESSION", "123456789"));
 		mockRequest.addHeader("x-auth-token", "12");
-
 		assert request.doesRequestMatch(mockRequest, new PortResolverImpl());
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/jackson2/PreAuthenticatedAuthenticationTokenMixinTests.java b/web/src/test/java/org/springframework/security/web/jackson2/PreAuthenticatedAuthenticationTokenMixinTests.java
index a4a79d5e6d..7be1a9514e 100644
--- a/web/src/test/java/org/springframework/security/web/jackson2/PreAuthenticatedAuthenticationTokenMixinTests.java
+++ b/web/src/test/java/org/springframework/security/web/jackson2/PreAuthenticatedAuthenticationTokenMixinTests.java
@@ -44,7 +44,6 @@ public class PreAuthenticatedAuthenticationTokenMixinTests extends AbstractMixin
 		+ "\"authorities\": " + SimpleGrantedAuthorityMixinTests.AUTHORITIES_ARRAYLIST_JSON
 	+ "}";
 	// @formatter:on
-
 	PreAuthenticatedAuthenticationToken expected;
 
 	@Before
diff --git a/web/src/test/java/org/springframework/security/web/jackson2/SavedCookieMixinTests.java b/web/src/test/java/org/springframework/security/web/jackson2/SavedCookieMixinTests.java
index 597357a8ca..8fc97e5db1 100644
--- a/web/src/test/java/org/springframework/security/web/jackson2/SavedCookieMixinTests.java
+++ b/web/src/test/java/org/springframework/security/web/jackson2/SavedCookieMixinTests.java
@@ -51,13 +51,11 @@ public class SavedCookieMixinTests extends AbstractMixinTests {
 		+ "\"domain\": null"
 	+ "}";
 	// @formatter:on
-
 	// @formatter:off
 	private static final String COOKIES_JSON = "[\"java.util.ArrayList\", ["
 		+ COOKIE_JSON
 	+ "]]";
 	// @formatter:on
-
 	@Test
 	public void serializeWithDefaultConfigurationTest() throws JsonProcessingException, JSONException {
 		SavedCookie savedCookie = new SavedCookie(new Cookie("SESSION", "123456789"));
diff --git a/web/src/test/java/org/springframework/security/web/jackson2/WebAuthenticationDetailsMixinTests.java b/web/src/test/java/org/springframework/security/web/jackson2/WebAuthenticationDetailsMixinTests.java
index 2a821f308a..4b353a4cb8 100644
--- a/web/src/test/java/org/springframework/security/web/jackson2/WebAuthenticationDetailsMixinTests.java
+++ b/web/src/test/java/org/springframework/security/web/jackson2/WebAuthenticationDetailsMixinTests.java
@@ -43,15 +43,12 @@ public class WebAuthenticationDetailsMixinTests extends AbstractMixinTests {
 		+ "\"/localhost\""
 	+ "}";
 	// @formatter:on
-
 	@Test
 	public void buildWebAuthenticationDetailsUsingDifferentConstructors() throws IOException {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setRemoteAddr("localhost");
 		request.setSession(new MockHttpSession(null, "1"));
-
 		WebAuthenticationDetails details = new WebAuthenticationDetails(request);
-
 		WebAuthenticationDetails authenticationDetails = this.mapper.readValue(AUTHENTICATION_DETAILS_JSON,
 				WebAuthenticationDetails.class);
 		assertThat(details.equals(authenticationDetails));
diff --git a/web/src/test/java/org/springframework/security/web/method/ResolvableMethod.java b/web/src/test/java/org/springframework/security/web/method/ResolvableMethod.java
index 0e8f447630..00ad5c7657 100644
--- a/web/src/test/java/org/springframework/security/web/method/ResolvableMethod.java
+++ b/web/src/test/java/org/springframework/security/web/method/ResolvableMethod.java
@@ -260,17 +260,14 @@ public final class ResolvableMethod {
 			factory.addAdvice(interceptor);
 			return (T) factory.getProxy();
 		}
-
 		else {
 			Enhancer enhancer = new Enhancer();
 			enhancer.setSuperclass(type);
 			enhancer.setInterfaces(new Class<?>[] { Supplier.class });
 			enhancer.setNamingPolicy(SpringNamingPolicy.INSTANCE);
 			enhancer.setCallbackType(org.springframework.cglib.proxy.MethodInterceptor.class);
-
 			Class<?> proxyClass = enhancer.createClass();
 			Object proxy = null;
-
 			if (objenesis.isWorthTrying()) {
 				try {
 					proxy = objenesis.newInstance(proxyClass, enhancer.getUseCache());
@@ -279,7 +276,6 @@ public final class ResolvableMethod {
 					logger.debug("Objenesis failed, falling back to default constructor", ex);
 				}
 			}
-
 			if (proxy == null) {
 				try {
 					proxy = ReflectionUtils.accessibleConstructor(proxyClass).newInstance();
@@ -290,7 +286,6 @@ public final class ResolvableMethod {
 							ex);
 				}
 			}
-
 			((Factory) proxy).setCallbacks(new Callback[] { interceptor });
 			return (T) proxy;
 		}
@@ -426,7 +421,6 @@ public final class ResolvableMethod {
 		}
 
 		// Build & resolve shortcuts...
-
 		/**
 		 * Resolve and return the {@code Method} equivalent to:
 		 * <p>
@@ -475,7 +469,6 @@ public final class ResolvableMethod {
 		 */
 		public MethodParameter resolveReturnType(Class<?> returnType, ResolvableType generic,
 				ResolvableType... generics) {
-
 			return returning(returnType, generic, generics).build().returnType();
 		}
 
diff --git a/web/src/test/java/org/springframework/security/web/method/annotation/CsrfTokenArgumentResolverTests.java b/web/src/test/java/org/springframework/security/web/method/annotation/CsrfTokenArgumentResolverTests.java
index 3e78d79014..745902a800 100644
--- a/web/src/test/java/org/springframework/security/web/method/annotation/CsrfTokenArgumentResolverTests.java
+++ b/web/src/test/java/org/springframework/security/web/method/annotation/CsrfTokenArgumentResolverTests.java
@@ -84,7 +84,6 @@ public class CsrfTokenArgumentResolverTests {
 	@Test
 	public void resolveArgumentFound() throws Exception {
 		this.request.setAttribute(CsrfToken.class.getName(), this.token);
-
 		assertThat(this.resolver.resolveArgument(token(), this.mavContainer, this.webRequest, this.binderFactory))
 				.isSameAs(this.token);
 	}
diff --git a/web/src/test/java/org/springframework/security/web/method/annotation/CurrentSecurityContextArgumentResolverTests.java b/web/src/test/java/org/springframework/security/web/method/annotation/CurrentSecurityContextArgumentResolverTests.java
index 7dfb2df30c..71d6687f9d 100644
--- a/web/src/test/java/org/springframework/security/web/method/annotation/CurrentSecurityContextArgumentResolverTests.java
+++ b/web/src/test/java/org/springframework/security/web/method/annotation/CurrentSecurityContextArgumentResolverTests.java
@@ -139,7 +139,6 @@ public class CurrentSecurityContextArgumentResolverTests {
 	@Test
 	public void resolveArgumentUserDetails() {
 		setAuthenticationDetail(new User("my_user", "my_password", AuthorityUtils.createAuthorityList("ROLE_USER")));
-
 		User u = (User) this.resolver.resolveArgument(showSecurityContextWithUserDetail(), null, null, null);
 		assertThat(u.getUsername()).isEqualTo("my_user");
 	}
diff --git a/web/src/test/java/org/springframework/security/web/reactive/result/method/annotation/AuthenticationPrincipalArgumentResolverTests.java b/web/src/test/java/org/springframework/security/web/reactive/result/method/annotation/AuthenticationPrincipalArgumentResolverTests.java
index 6bfabe3794..d7d5a915cd 100644
--- a/web/src/test/java/org/springframework/security/web/reactive/result/method/annotation/AuthenticationPrincipalArgumentResolverTests.java
+++ b/web/src/test/java/org/springframework/security/web/reactive/result/method/annotation/AuthenticationPrincipalArgumentResolverTests.java
@@ -94,19 +94,15 @@ public class AuthenticationPrincipalArgumentResolverTests {
 	public void resolveArgumentWhenIsAuthenticationThenObtainsPrincipal() {
 		MethodParameter parameter = this.authenticationPrincipal.arg(String.class);
 		given(this.authentication.getPrincipal()).willReturn("user");
-
 		Mono<Object> argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange)
 				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication));
-
 		assertThat(argument.block()).isEqualTo(this.authentication.getPrincipal());
 	}
 
 	@Test
 	public void resolveArgumentWhenIsEmptyThenMonoEmpty() {
 		MethodParameter parameter = this.authenticationPrincipal.arg(String.class);
-
 		Mono<Object> argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange);
-
 		assertThat(argument).isNotNull();
 		assertThat(argument.block()).isNull();
 	}
@@ -115,10 +111,8 @@ public class AuthenticationPrincipalArgumentResolverTests {
 	public void resolveArgumentWhenMonoIsAuthenticationThenObtainsPrincipal() {
 		MethodParameter parameter = this.authenticationPrincipal.arg(Mono.class, String.class);
 		given(this.authentication.getPrincipal()).willReturn("user");
-
 		Mono<Object> argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange)
 				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication));
-
 		assertThat(argument.cast(Mono.class).block().block()).isEqualTo(this.authentication.getPrincipal());
 	}
 
@@ -127,10 +121,8 @@ public class AuthenticationPrincipalArgumentResolverTests {
 		MethodParameter parameter = ResolvableMethod.on(getClass()).named("authenticationPrincipalNoGeneric").build()
 				.arg(Mono.class);
 		given(this.authentication.getPrincipal()).willReturn("user");
-
 		Mono<Object> argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange)
 				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication));
-
 		assertThat(argument.cast(Mono.class).block().block()).isEqualTo(this.authentication.getPrincipal());
 	}
 
@@ -139,10 +131,8 @@ public class AuthenticationPrincipalArgumentResolverTests {
 		MyUser user = new MyUser(3L);
 		MethodParameter parameter = this.spel.arg(Long.class);
 		given(this.authentication.getPrincipal()).willReturn(user);
-
 		Mono<Object> argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange)
 				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication));
-
 		assertThat(argument.block()).isEqualTo(user.getId());
 	}
 
@@ -152,10 +142,8 @@ public class AuthenticationPrincipalArgumentResolverTests {
 		MethodParameter parameter = this.bean.arg(Long.class);
 		given(this.authentication.getPrincipal()).willReturn(user);
 		given(this.beanResolver.resolve(any(), eq("beanName"))).willReturn(new Bean());
-
 		Mono<Object> argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange)
 				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication));
-
 		assertThat(argument.block()).isEqualTo(user.getId());
 	}
 
@@ -163,10 +151,8 @@ public class AuthenticationPrincipalArgumentResolverTests {
 	public void resolveArgumentWhenMetaThenObtainsPrincipal() {
 		MethodParameter parameter = this.meta.arg(String.class);
 		given(this.authentication.getPrincipal()).willReturn("user");
-
 		Mono<Object> argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange)
 				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication));
-
 		assertThat(argument.block()).isEqualTo("user");
 	}
 
@@ -175,10 +161,8 @@ public class AuthenticationPrincipalArgumentResolverTests {
 		MethodParameter parameter = ResolvableMethod.on(getClass()).named("errorOnInvalidTypeWhenImplicit").build()
 				.arg(Integer.class);
 		given(this.authentication.getPrincipal()).willReturn("user");
-
 		Mono<Object> argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange)
 				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication));
-
 		assertThat(argument.block()).isNull();
 	}
 
@@ -187,10 +171,8 @@ public class AuthenticationPrincipalArgumentResolverTests {
 		MethodParameter parameter = ResolvableMethod.on(getClass()).named("errorOnInvalidTypeWhenExplicitFalse").build()
 				.arg(Integer.class);
 		given(this.authentication.getPrincipal()).willReturn("user");
-
 		Mono<Object> argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange)
 				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication));
-
 		assertThat(argument.block()).isNull();
 	}
 
@@ -199,10 +181,8 @@ public class AuthenticationPrincipalArgumentResolverTests {
 		MethodParameter parameter = ResolvableMethod.on(getClass()).named("errorOnInvalidTypeWhenExplicitTrue").build()
 				.arg(Integer.class);
 		given(this.authentication.getPrincipal()).willReturn("user");
-
 		Mono<Object> argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange)
 				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication));
-
 		assertThatThrownBy(() -> argument.block()).isInstanceOf(ClassCastException.class);
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/reactive/result/view/CsrfRequestDataValueProcessorTests.java b/web/src/test/java/org/springframework/security/web/reactive/result/view/CsrfRequestDataValueProcessorTests.java
index fbaf87fa7f..874b565652 100644
--- a/web/src/test/java/org/springframework/security/web/reactive/result/view/CsrfRequestDataValueProcessorTests.java
+++ b/web/src/test/java/org/springframework/security/web/reactive/result/view/CsrfRequestDataValueProcessorTests.java
@@ -122,7 +122,6 @@ public class CsrfRequestDataValueProcessorTests {
 		this.exchange.getAttributes().put(CsrfRequestDataValueProcessor.DEFAULT_CSRF_ATTR_NAME, token);
 		Map<String, String> expected = new HashMap<>();
 		expected.put(token.getParameterName(), token.getToken());
-
 		CsrfRequestDataValueProcessor processor = new CsrfRequestDataValueProcessor();
 		assertThat(this.processor.getExtraHiddenFields(this.exchange)).isEqualTo(expected);
 	}
diff --git a/web/src/test/java/org/springframework/security/web/savedrequest/CookieRequestCacheTests.java b/web/src/test/java/org/springframework/security/web/savedrequest/CookieRequestCacheTests.java
index b6a8596640..4b24012da9 100644
--- a/web/src/test/java/org/springframework/security/web/savedrequest/CookieRequestCacheTests.java
+++ b/web/src/test/java/org/springframework/security/web/savedrequest/CookieRequestCacheTests.java
@@ -39,7 +39,6 @@ public class CookieRequestCacheTests {
 	@Test
 	public void saveRequestWhenMatchesThenSavedRequestInACookieOnResponse() {
 		CookieRequestCache cookieRequestCache = new CookieRequestCache();
-
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setServerPort(443);
 		request.setSecure(true);
@@ -48,15 +47,11 @@ public class CookieRequestCacheTests {
 		request.setRequestURI("/destination");
 		request.setQueryString("param1=a&param2=b&param3=1122");
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		cookieRequestCache.saveRequest(request, response);
-
 		Cookie savedCookie = response.getCookie(DEFAULT_COOKIE_NAME);
 		assertThat(savedCookie).isNotNull();
-
 		String redirectUrl = decodeCookie(savedCookie.getValue());
 		assertThat(redirectUrl).isEqualTo("https://abc.com/destination?param1=a&param2=b&param3=1122");
-
 		assertThat(savedCookie.getMaxAge()).isEqualTo(-1);
 		assertThat(savedCookie.getPath()).isEqualTo("/");
 		assertThat(savedCookie.isHttpOnly()).isTrue();
@@ -74,14 +69,11 @@ public class CookieRequestCacheTests {
 	public void getMatchingRequestWhenRequestMatcherDefinedThenReturnsCorrectSubsetOfCachedRequests() {
 		CookieRequestCache cookieRequestCache = new CookieRequestCache();
 		cookieRequestCache.setRequestMatcher((request) -> request.getRequestURI().equals("/expected-destination"));
-
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", "/destination");
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		cookieRequestCache.saveRequest(request, response);
-
 		SavedRequest savedRequest = cookieRequestCache.getRequest(request, response);
 		assertThat(savedRequest).isNull();
-
 		HttpServletRequest matchingRequest = cookieRequestCache.getMatchingRequest(request, response);
 		assertThat(matchingRequest).isNull();
 	}
@@ -105,12 +97,10 @@ public class CookieRequestCacheTests {
 
 	@Test
 	public void getRequestWhenRequestContainsSavedRequestCookieThenReturnsSaveRequest() {
-
 		CookieRequestCache cookieRequestCache = new CookieRequestCache();
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		String redirectUrl = "https://abc.com/destination?param1=a&param2=b&param3=1122";
 		request.setCookies(new Cookie(DEFAULT_COOKIE_NAME, encodeCookie(redirectUrl)));
-
 		SavedRequest savedRequest = cookieRequestCache.getRequest(request, new MockHttpServletResponse());
 		assertThat(savedRequest).isNotNull();
 		assertThat(savedRequest.getRedirectUrl()).isEqualTo(redirectUrl);
@@ -118,10 +108,8 @@ public class CookieRequestCacheTests {
 
 	@Test
 	public void matchingRequestWhenRequestDoesNotContainSavedRequestCookieThenReturnsNull() {
-
 		CookieRequestCache cookieRequestCache = new CookieRequestCache();
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		HttpServletRequest matchingRequest = cookieRequestCache.getMatchingRequest(new MockHttpServletRequest(),
 				response);
 		assertThat(matchingRequest).isNull();
@@ -138,11 +126,9 @@ public class CookieRequestCacheTests {
 		request.setServerName("abc.com");
 		request.setRequestURI("/destination");
 		request.setQueryString("param1=a&param2=b&param3=1122");
-
 		String redirectUrl = "https://abc.com/destination?param1=a&param2=b&param3=1122";
 		request.setCookies(new Cookie(DEFAULT_COOKIE_NAME, encodeCookie(redirectUrl)));
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		cookieRequestCache.getMatchingRequest(request, response);
 		Cookie expiredCookie = response.getCookie(DEFAULT_COOKIE_NAME);
 		assertThat(expiredCookie).isNotNull();
@@ -159,11 +145,9 @@ public class CookieRequestCacheTests {
 		request.setScheme("https");
 		request.setServerName("abc.com");
 		request.setRequestURI("/destination");
-
 		String redirectUrl = "https://abc.com/api";
 		request.setCookies(new Cookie(DEFAULT_COOKIE_NAME, encodeCookie(redirectUrl)));
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		final HttpServletRequest matchingRequest = cookieRequestCache.getMatchingRequest(request, response);
 		assertThat(matchingRequest).isNull();
 		Cookie expiredCookie = response.getCookie(DEFAULT_COOKIE_NAME);
diff --git a/web/src/test/java/org/springframework/security/web/savedrequest/HttpSessionRequestCacheTests.java b/web/src/test/java/org/springframework/security/web/savedrequest/HttpSessionRequestCacheTests.java
index d352f5242a..83a9499f60 100644
--- a/web/src/test/java/org/springframework/security/web/savedrequest/HttpSessionRequestCacheTests.java
+++ b/web/src/test/java/org/springframework/security/web/savedrequest/HttpSessionRequestCacheTests.java
@@ -43,24 +43,20 @@ public class HttpSessionRequestCacheTests {
 	@Test
 	public void originalGetRequestDoesntMatchIncomingPost() {
 		HttpSessionRequestCache cache = new HttpSessionRequestCache();
-
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", "/destination");
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		cache.saveRequest(request, response);
 		assertThat(request.getSession().getAttribute(HttpSessionRequestCache.SAVED_REQUEST)).isNotNull();
 		assertThat(cache.getRequest(request, response)).isNotNull();
-
 		MockHttpServletRequest newRequest = new MockHttpServletRequest("POST", "/destination");
 		newRequest.setSession(request.getSession());
 		assertThat(cache.getMatchingRequest(newRequest, response)).isNull();
-
 	}
 
 	@Test
 	public void requestMatcherDefinesCorrectSubsetOfCachedRequests() {
 		HttpSessionRequestCache cache = new HttpSessionRequestCache();
 		cache.setRequestMatcher((request) -> request.getMethod().equals("GET"));
-
 		MockHttpServletRequest request = new MockHttpServletRequest("POST", "/destination");
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		cache.saveRequest(request, response);
@@ -75,16 +71,13 @@ public class HttpSessionRequestCacheTests {
 		MockHttpServletRequest request = new MockHttpServletRequest("POST", "/destination");
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		HttpSessionRequestCache cache = new HttpSessionRequestCache() {
-
 			@Override
 			public void saveRequest(HttpServletRequest request, HttpServletResponse response) {
 				request.getSession().setAttribute(SAVED_REQUEST,
 						new CustomSavedRequest(new DefaultSavedRequest(request, new PortResolverImpl())));
 			}
-
 		};
 		cache.saveRequest(request, response);
-
 		cache.saveRequest(request, response);
 		assertThat(cache.getRequest(request, response)).isInstanceOf(CustomSavedRequest.class);
 	}
@@ -93,14 +86,11 @@ public class HttpSessionRequestCacheTests {
 	public void testCustomSessionAttrName() {
 		HttpSessionRequestCache cache = new HttpSessionRequestCache();
 		cache.setSessionAttrName("CUSTOM_SAVED_REQUEST");
-
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", "/destination");
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		cache.saveRequest(request, response);
-
 		assertThat(request.getSession().getAttribute(HttpSessionRequestCache.SAVED_REQUEST)).isNull();
 		assertThat(request.getSession().getAttribute("CUSTOM_SAVED_REQUEST")).isNotNull();
-
 	}
 
 	private static final class CustomSavedRequest implements SavedRequest {
diff --git a/web/src/test/java/org/springframework/security/web/savedrequest/RequestCacheAwareFilterTests.java b/web/src/test/java/org/springframework/security/web/savedrequest/RequestCacheAwareFilterTests.java
index 6457a22d6d..08414bf576 100644
--- a/web/src/test/java/org/springframework/security/web/savedrequest/RequestCacheAwareFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/savedrequest/RequestCacheAwareFilterTests.java
@@ -34,12 +34,10 @@ public class RequestCacheAwareFilterTests {
 	public void doFilterWhenHttpSessionRequestCacheConfiguredThenSavedRequestRemovedAfterMatch() throws Exception {
 		RequestCacheAwareFilter filter = new RequestCacheAwareFilter();
 		HttpSessionRequestCache cache = new HttpSessionRequestCache();
-
 		MockHttpServletRequest request = new MockHttpServletRequest("POST", "/destination");
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		cache.saveRequest(request, response);
 		assertThat(request.getSession().getAttribute(HttpSessionRequestCache.SAVED_REQUEST)).isNotNull();
-
 		filter.doFilter(request, response, new MockFilterChain());
 		assertThat(request.getSession().getAttribute(HttpSessionRequestCache.SAVED_REQUEST)).isNull();
 	}
@@ -48,14 +46,12 @@ public class RequestCacheAwareFilterTests {
 	public void doFilterWhenCookieRequestCacheConfiguredThenExpiredSavedRequestCookieSetAfterMatch() throws Exception {
 		CookieRequestCache cache = new CookieRequestCache();
 		RequestCacheAwareFilter filter = new RequestCacheAwareFilter(cache);
-
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setServerName("abc.com");
 		request.setRequestURI("/destination");
 		request.setScheme("https");
 		request.setServerPort(443);
 		request.setSecure(true);
-
 		String encodedRedirectUrl = Base64.getEncoder().encodeToString("https://abc.com/destination".getBytes());
 		Cookie savedRequest = new Cookie("REDIRECT_URI", encodedRedirectUrl);
 		savedRequest.setMaxAge(-1);
@@ -63,11 +59,8 @@ public class RequestCacheAwareFilterTests {
 		savedRequest.setPath("/");
 		savedRequest.setHttpOnly(true);
 		request.setCookies(savedRequest);
-
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		filter.doFilter(request, response, new MockFilterChain());
-
 		Cookie expiredCookie = response.getCookie("REDIRECT_URI");
 		assertThat(expiredCookie).isNotNull();
 		assertThat(expiredCookie.getValue()).isEmpty();
diff --git a/web/src/test/java/org/springframework/security/web/savedrequest/SavedRequestAwareWrapperTests.java b/web/src/test/java/org/springframework/security/web/savedrequest/SavedRequestAwareWrapperTests.java
index 6a3ba4987c..b1d0d23a45 100644
--- a/web/src/test/java/org/springframework/security/web/savedrequest/SavedRequestAwareWrapperTests.java
+++ b/web/src/test/java/org/springframework/security/web/savedrequest/SavedRequestAwareWrapperTests.java
@@ -56,11 +56,9 @@ public class SavedRequestAwareWrapperTests {
 		MockHttpServletRequest savedRequest = new MockHttpServletRequest();
 		savedRequest.addHeader("header", "savedheader");
 		SavedRequestAwareWrapper wrapper = createWrapper(savedRequest, new MockHttpServletRequest());
-
 		assertThat(wrapper.getHeader("nonexistent")).isNull();
 		Enumeration headers = wrapper.getHeaders("nonexistent");
 		assertThat(headers.hasMoreElements()).isFalse();
-
 		assertThat(wrapper.getHeader("Header")).isEqualTo("savedheader");
 		headers = wrapper.getHeaders("heaDer");
 		assertThat(headers.hasMoreElements()).isTrue();
@@ -125,7 +123,6 @@ public class SavedRequestAwareWrapperTests {
 		savedRequest.setParameter("action", "foo");
 		MockHttpServletRequest wrappedRequest = new MockHttpServletRequest();
 		SavedRequestAwareWrapper wrapper = createWrapper(savedRequest, wrappedRequest);
-
 		assertThat(wrapper.getParameterValues("action")).isEqualTo(new Object[] { "foo" });
 		wrappedRequest.setParameter("action", "bar");
 		assertThat(wrapper.getParameterValues("action")).isEqualTo(new Object[] { "bar", "foo" });
@@ -144,7 +141,6 @@ public class SavedRequestAwareWrapperTests {
 		request.addHeader("header", nowString);
 		SavedRequestAwareWrapper wrapper = createWrapper(request, new MockHttpServletRequest());
 		assertThat(wrapper.getDateHeader("header")).isEqualTo(now.getTime());
-
 		assertThat(wrapper.getDateHeader("nonexistent")).isEqualTo(-1L);
 	}
 
@@ -169,7 +165,6 @@ public class SavedRequestAwareWrapperTests {
 		request.addHeader("header", "999");
 		request.addHeader("header", "1000");
 		SavedRequestAwareWrapper wrapper = createWrapper(request, new MockHttpServletRequest());
-
 		assertThat(wrapper.getIntHeader("header")).isEqualTo(999);
 		assertThat(wrapper.getIntHeader("nonexistent")).isEqualTo(-1);
 	}
diff --git a/web/src/test/java/org/springframework/security/web/savedrequest/SimpleSavedRequestTests.java b/web/src/test/java/org/springframework/security/web/savedrequest/SimpleSavedRequestTests.java
index 24aa5ecb80..45afe5fa6a 100644
--- a/web/src/test/java/org/springframework/security/web/savedrequest/SimpleSavedRequestTests.java
+++ b/web/src/test/java/org/springframework/security/web/savedrequest/SimpleSavedRequestTests.java
@@ -33,30 +33,24 @@ public class SimpleSavedRequestTests {
 	@Test
 	public void constructorWhenGivenSavedRequestThenCopies() {
 		SavedRequest savedRequest = new SimpleSavedRequest(prepareSavedRequest());
-
 		assertThat(savedRequest.getMethod()).isEqualTo("POST");
-
 		List<Cookie> cookies = savedRequest.getCookies();
 		assertThat(cookies).hasSize(1);
 		Cookie cookie = cookies.get(0);
 		assertThat(cookie.getName()).isEqualTo("cookiename");
 		assertThat(cookie.getValue()).isEqualTo("cookievalue");
-
 		Collection<String> headerNames = savedRequest.getHeaderNames();
 		assertThat(headerNames).hasSize(1);
 		String headerName = headerNames.iterator().next();
 		assertThat(headerName).isEqualTo("headername");
-
 		List<String> headerValues = savedRequest.getHeaderValues("headername");
 		assertThat(headerValues).hasSize(1);
 		String headerValue = headerValues.get(0);
 		assertThat(headerValue).isEqualTo("headervalue");
-
 		List<Locale> locales = savedRequest.getLocales();
 		assertThat(locales).hasSize(1);
 		Locale locale = locales.get(0);
 		assertThat(locale).isEqualTo(Locale.ENGLISH);
-
 		Map<String, String[]> parameterMap = savedRequest.getParameterMap();
 		assertThat(parameterMap).hasSize(1);
 		String[] values = parameterMap.get("key");
@@ -67,7 +61,6 @@ public class SimpleSavedRequestTests {
 	@Test
 	public void constructorWhenGivenRedirectUrlThenDefaultValues() {
 		SavedRequest savedRequest = new SimpleSavedRequest("redirectUrl");
-
 		assertThat(savedRequest.getMethod()).isEqualTo("GET");
 		assertThat(savedRequest.getCookies()).isEmpty();
 		assertThat(savedRequest.getHeaderNames()).isEmpty();
diff --git a/web/src/test/java/org/springframework/security/web/server/DefaultServerRedirectStrategyTests.java b/web/src/test/java/org/springframework/security/web/server/DefaultServerRedirectStrategyTests.java
index 634f0704dc..eaf5c1ece7 100644
--- a/web/src/test/java/org/springframework/security/web/server/DefaultServerRedirectStrategyTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/DefaultServerRedirectStrategyTests.java
@@ -58,16 +58,13 @@ public class DefaultServerRedirectStrategyTests {
 	@Test
 	public void sendRedirectWhenNoSubscribersThenNoActions() {
 		this.strategy.sendRedirect(this.exchange, this.location);
-
 		verifyZeroInteractions(this.exchange);
 	}
 
 	@Test
 	public void sendRedirectWhenNoContextPathThenStatusAndLocationSet() {
 		this.exchange = exchange(MockServerHttpRequest.get("/"));
-
 		this.strategy.sendRedirect(this.exchange, this.location).block();
-
 		assertThat(this.exchange.getResponse().getStatusCode()).isEqualTo(HttpStatus.FOUND);
 		assertThat(this.exchange.getResponse().getHeaders().getLocation()).hasPath(this.location.getPath());
 	}
@@ -75,9 +72,7 @@ public class DefaultServerRedirectStrategyTests {
 	@Test
 	public void sendRedirectWhenContextPathSetThenStatusAndLocationSet() {
 		this.exchange = exchange(MockServerHttpRequest.get("/context/foo").contextPath("/context"));
-
 		this.strategy.sendRedirect(this.exchange, this.location).block();
-
 		assertThat(this.exchange.getResponse().getStatusCode()).isEqualTo(HttpStatus.FOUND);
 		assertThat(this.exchange.getResponse().getHeaders().getLocation())
 				.hasPath("/context" + this.location.getPath());
@@ -87,9 +82,7 @@ public class DefaultServerRedirectStrategyTests {
 	public void sendRedirectWhenContextPathSetAndAbsoluteURLThenStatusAndLocationSet() {
 		this.location = URI.create("https://example.com/foo/bar");
 		this.exchange = exchange(MockServerHttpRequest.get("/context/foo").contextPath("/context"));
-
 		this.strategy.sendRedirect(this.exchange, this.location).block();
-
 		assertThat(this.exchange.getResponse().getStatusCode()).isEqualTo(HttpStatus.FOUND);
 		assertThat(this.exchange.getResponse().getHeaders().getLocation()).hasPath(this.location.getPath());
 	}
@@ -98,9 +91,7 @@ public class DefaultServerRedirectStrategyTests {
 	public void sendRedirectWhenContextPathSetAndDisabledThenStatusAndLocationSet() {
 		this.strategy.setContextRelative(false);
 		this.exchange = exchange(MockServerHttpRequest.get("/context/foo").contextPath("/context"));
-
 		this.strategy.sendRedirect(this.exchange, this.location).block();
-
 		assertThat(this.exchange.getResponse().getStatusCode()).isEqualTo(HttpStatus.FOUND);
 		assertThat(this.exchange.getResponse().getHeaders().getLocation()).hasPath(this.location.getPath());
 	}
@@ -110,9 +101,7 @@ public class DefaultServerRedirectStrategyTests {
 		HttpStatus status = HttpStatus.MOVED_PERMANENTLY;
 		this.strategy.setHttpStatus(status);
 		this.exchange = exchange(MockServerHttpRequest.get("/"));
-
 		this.strategy.sendRedirect(this.exchange, this.location).block();
-
 		assertThat(this.exchange.getResponse().getStatusCode()).isEqualTo(status);
 		assertThat(this.exchange.getResponse().getHeaders().getLocation()).hasPath(this.location.getPath());
 	}
diff --git a/web/src/test/java/org/springframework/security/web/server/DelegatingServerAuthenticationEntryPointTests.java b/web/src/test/java/org/springframework/security/web/server/DelegatingServerAuthenticationEntryPointTests.java
index 924a940fd4..d80795a937 100644
--- a/web/src/test/java/org/springframework/security/web/server/DelegatingServerAuthenticationEntryPointTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/DelegatingServerAuthenticationEntryPointTests.java
@@ -69,10 +69,8 @@ public class DelegatingServerAuthenticationEntryPointTests {
 		given(this.delegate2.commence(this.exchange, this.e)).willReturn(expectedResult);
 		this.entryPoint = new DelegatingServerAuthenticationEntryPoint(new DelegateEntry(this.matcher1, this.delegate1),
 				new DelegateEntry(this.matcher2, this.delegate2));
-
 		Mono<Void> actualResult = this.entryPoint.commence(this.exchange, this.e);
 		actualResult.block();
-
 		verifyZeroInteractions(this.delegate1);
 		verify(this.delegate2).commence(this.exchange, this.e);
 	}
@@ -82,9 +80,7 @@ public class DelegatingServerAuthenticationEntryPointTests {
 		given(this.matcher1.matches(this.exchange)).willReturn(ServerWebExchangeMatcher.MatchResult.notMatch());
 		this.entryPoint = new DelegatingServerAuthenticationEntryPoint(
 				new DelegateEntry(this.matcher1, this.delegate1));
-
 		this.entryPoint.commence(this.exchange, this.e).block();
-
 		assertThat(this.exchange.getResponse().getStatusCode()).isEqualTo(HttpStatus.UNAUTHORIZED);
 		verifyZeroInteractions(this.delegate1);
 	}
diff --git a/web/src/test/java/org/springframework/security/web/server/WebFilterChainProxyTests.java b/web/src/test/java/org/springframework/security/web/server/WebFilterChainProxyTests.java
index a0b4bf8b3a..cb60a158bf 100644
--- a/web/src/test/java/org/springframework/security/web/server/WebFilterChainProxyTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/WebFilterChainProxyTests.java
@@ -34,7 +34,6 @@ import org.springframework.web.server.WebFilterChain;
  * @author Rob Winch
  * @since 5.0
  */
-
 public class WebFilterChainProxyTests {
 
 	// gh-4668
@@ -44,7 +43,6 @@ public class WebFilterChainProxyTests {
 		ServerWebExchangeMatcher notMatch = (exchange) -> MatchResult.notMatch();
 		MatcherSecurityWebFilterChain chain = new MatcherSecurityWebFilterChain(notMatch, filters);
 		WebFilterChainProxy filter = new WebFilterChainProxy(chain);
-
 		WebTestClient.bindToController(new Object()).webFilter(filter).build().get().exchange().expectStatus()
 				.isNotFound();
 	}
diff --git a/web/src/test/java/org/springframework/security/web/server/WebFilterExchangeTests.java b/web/src/test/java/org/springframework/security/web/server/WebFilterExchangeTests.java
index f5e67ca78c..b896310add 100644
--- a/web/src/test/java/org/springframework/security/web/server/WebFilterExchangeTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/WebFilterExchangeTests.java
@@ -54,14 +54,12 @@ public class WebFilterExchangeTests {
 	@Test
 	public void getExchange() {
 		WebFilterExchange filterExchange = new WebFilterExchange(this.exchange, this.chain);
-
 		assertThat(filterExchange.getExchange()).isEqualTo(this.exchange);
 	}
 
 	@Test
 	public void getChain() {
 		WebFilterExchange filterExchange = new WebFilterExchange(this.exchange, this.chain);
-
 		assertThat(filterExchange.getChain()).isEqualTo(this.chain);
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/AnonymousAuthenticationWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/AnonymousAuthenticationWebFilterTests.java
index 41c965d4f5..7bbbcc9985 100644
--- a/web/src/test/java/org/springframework/security/web/server/authentication/AnonymousAuthenticationWebFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authentication/AnonymousAuthenticationWebFilterTests.java
@@ -42,10 +42,8 @@ public class AnonymousAuthenticationWebFilterTests {
 
 	@Test
 	public void anonymousAuthenticationFilterWorking() {
-
 		WebTestClient client = WebTestClientBuilder.bindToControllerAndWebFilters(HttpMeController.class,
 				new AnonymousAuthenticationWebFilter(UUID.randomUUID().toString())).build();
-
 		client.get().uri("/me").exchange().expectStatus().isOk().expectBody(String.class).isEqualTo("anonymousUser");
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/AuthenticationConverterServerWebExchangeMatcherTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/AuthenticationConverterServerWebExchangeMatcherTests.java
index 9cee39d0d9..6addc3d8ad 100644
--- a/web/src/test/java/org/springframework/security/web/server/authentication/AuthenticationConverterServerWebExchangeMatcherTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authentication/AuthenticationConverterServerWebExchangeMatcherTests.java
@@ -64,35 +64,30 @@ public class AuthenticationConverterServerWebExchangeMatcherTests {
 	@Test
 	public void matchesWhenNotEmptyThenReturnTrue() {
 		given(this.converter.convert(any())).willReturn(Mono.just(this.authentication));
-
 		assertThat(this.matcher.matches(this.exchange).block().isMatch()).isTrue();
 	}
 
 	@Test
 	public void matchesWhenEmptyThenReturnFalse() {
 		given(this.converter.convert(any())).willReturn(Mono.empty());
-
 		assertThat(this.matcher.matches(this.exchange).block().isMatch()).isFalse();
 	}
 
 	@Test
 	public void matchesWhenErrorThenReturnFalse() {
 		given(this.converter.convert(any())).willReturn(Mono.error(new RuntimeException()));
-
 		assertThat(this.matcher.matches(this.exchange).block().isMatch()).isFalse();
 	}
 
 	@Test
 	public void matchesWhenNullThenThrowsException() {
 		given(this.converter.convert(any())).willReturn(null);
-
 		assertThatCode(() -> this.matcher.matches(this.exchange).block()).isInstanceOf(NullPointerException.class);
 	}
 
 	@Test
 	public void matchesWhenExceptionThenPropagates() {
 		given(this.converter.convert(any())).willThrow(RuntimeException.class);
-
 		assertThatCode(() -> this.matcher.matches(this.exchange).block()).isInstanceOf(RuntimeException.class);
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/AuthenticationWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/AuthenticationWebFilterTests.java
index 4c935b969d..863cc1183a 100644
--- a/web/src/test/java/org/springframework/security/web/server/authentication/AuthenticationWebFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authentication/AuthenticationWebFilterTests.java
@@ -83,13 +83,10 @@ public class AuthenticationWebFilterTests {
 	@Test
 	public void filterWhenDefaultsAndNoAuthenticationThenContinues() {
 		this.filter = new AuthenticationWebFilter(this.authenticationManager);
-
 		WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.filter).build();
-
 		EntityExchangeResult<String> result = client.get().uri("/").exchange().expectStatus().isOk()
 				.expectBody(String.class).consumeWith((b) -> assertThat(b.getResponseBody()).isEqualTo("ok"))
 				.returnResult();
-
 		verifyZeroInteractions(this.authenticationManager);
 		assertThat(result.getResponseCookies()).isEmpty();
 	}
@@ -97,13 +94,10 @@ public class AuthenticationWebFilterTests {
 	@Test
 	public void filterWhenAuthenticationManagerResolverDefaultsAndNoAuthenticationThenContinues() {
 		this.filter = new AuthenticationWebFilter(this.authenticationManagerResolver);
-
 		WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.filter).build();
-
 		EntityExchangeResult<String> result = client.get().uri("/").exchange().expectStatus().isOk()
 				.expectBody(String.class).consumeWith((b) -> assertThat(b.getResponseBody()).isEqualTo("ok"))
 				.returnResult();
-
 		verifyZeroInteractions(this.authenticationManagerResolver);
 		assertThat(result.getResponseCookies()).isEmpty();
 	}
@@ -113,14 +107,11 @@ public class AuthenticationWebFilterTests {
 		given(this.authenticationManager.authenticate(any()))
 				.willReturn(Mono.just(new TestingAuthenticationToken("test", "this", "ROLE")));
 		this.filter = new AuthenticationWebFilter(this.authenticationManager);
-
 		WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.filter).build();
-
 		EntityExchangeResult<String> result = client.get().uri("/")
 				.headers((headers) -> headers.setBasicAuth("test", "this")).exchange().expectStatus().isOk()
 				.expectBody(String.class).consumeWith((b) -> assertThat(b.getResponseBody()).isEqualTo("ok"))
 				.returnResult();
-
 		assertThat(result.getResponseCookies()).isEmpty();
 	}
 
@@ -129,16 +120,12 @@ public class AuthenticationWebFilterTests {
 		given(this.authenticationManager.authenticate(any()))
 				.willReturn(Mono.just(new TestingAuthenticationToken("test", "this", "ROLE")));
 		given(this.authenticationManagerResolver.resolve(any())).willReturn(Mono.just(this.authenticationManager));
-
 		this.filter = new AuthenticationWebFilter(this.authenticationManagerResolver);
-
 		WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.filter).build();
-
 		EntityExchangeResult<String> result = client.get().uri("/")
 				.headers((headers) -> headers.setBasicAuth("test", "this")).exchange().expectStatus().isOk()
 				.expectBody(String.class).consumeWith((b) -> assertThat(b.getResponseBody()).isEqualTo("ok"))
 				.returnResult();
-
 		assertThat(result.getResponseCookies()).isEmpty();
 	}
 
@@ -147,13 +134,10 @@ public class AuthenticationWebFilterTests {
 		given(this.authenticationManager.authenticate(any()))
 				.willReturn(Mono.error(new BadCredentialsException("failed")));
 		this.filter = new AuthenticationWebFilter(this.authenticationManager);
-
 		WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.filter).build();
-
 		EntityExchangeResult<Void> result = client.get().uri("/")
 				.headers((headers) -> headers.setBasicAuth("test", "this")).exchange().expectStatus().isUnauthorized()
 				.expectHeader().valueMatches("WWW-Authenticate", "Basic realm=\"Realm\"").expectBody().isEmpty();
-
 		assertThat(result.getResponseCookies()).isEmpty();
 	}
 
@@ -162,27 +146,20 @@ public class AuthenticationWebFilterTests {
 		given(this.authenticationManager.authenticate(any()))
 				.willReturn(Mono.error(new BadCredentialsException("failed")));
 		given(this.authenticationManagerResolver.resolve(any())).willReturn(Mono.just(this.authenticationManager));
-
 		this.filter = new AuthenticationWebFilter(this.authenticationManagerResolver);
-
 		WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.filter).build();
-
 		EntityExchangeResult<Void> result = client.get().uri("/")
 				.headers((headers) -> headers.setBasicAuth("test", "this")).exchange().expectStatus().isUnauthorized()
 				.expectHeader().valueMatches("WWW-Authenticate", "Basic realm=\"Realm\"").expectBody().isEmpty();
-
 		assertThat(result.getResponseCookies()).isEmpty();
 	}
 
 	@Test
 	public void filterWhenConvertEmptyThenOk() {
 		given(this.authenticationConverter.convert(any())).willReturn(Mono.empty());
-
 		WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.filter).build();
-
 		client.get().uri("/").exchange().expectStatus().isOk().expectBody(String.class)
 				.consumeWith((b) -> assertThat(b.getResponseBody()).isEqualTo("ok")).returnResult();
-
 		verify(this.securityContextRepository, never()).save(any(), any());
 		verifyZeroInteractions(this.authenticationManager, this.successHandler, this.failureHandler);
 	}
@@ -190,11 +167,8 @@ public class AuthenticationWebFilterTests {
 	@Test
 	public void filterWhenConvertErrorThenServerError() {
 		given(this.authenticationConverter.convert(any())).willReturn(Mono.error(new RuntimeException("Unexpected")));
-
 		WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.filter).build();
-
 		client.get().uri("/").exchange().expectStatus().is5xxServerError().expectBody().isEmpty();
-
 		verify(this.securityContextRepository, never()).save(any(), any());
 		verifyZeroInteractions(this.authenticationManager, this.successHandler, this.failureHandler);
 	}
@@ -206,11 +180,8 @@ public class AuthenticationWebFilterTests {
 		given(this.authenticationManager.authenticate(any())).willReturn(authentication);
 		given(this.successHandler.onAuthenticationSuccess(any(), any())).willReturn(Mono.empty());
 		given(this.securityContextRepository.save(any(), any())).willAnswer((a) -> Mono.just(a.getArguments()[0]));
-
 		WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.filter).build();
-
 		client.get().uri("/").exchange().expectStatus().isOk().expectBody().isEmpty();
-
 		verify(this.successHandler).onAuthenticationSuccess(any(), eq(authentication.block()));
 		verify(this.securityContextRepository).save(any(), any());
 		verifyZeroInteractions(this.failureHandler);
@@ -221,11 +192,8 @@ public class AuthenticationWebFilterTests {
 		Mono<Authentication> authentication = Mono.just(new TestingAuthenticationToken("test", "this", "ROLE_USER"));
 		given(this.authenticationConverter.convert(any())).willReturn(authentication);
 		given(this.authenticationManager.authenticate(any())).willReturn(Mono.empty());
-
 		WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.filter).build();
-
 		client.get().uri("/").exchange().expectStatus().is5xxServerError().expectBody().isEmpty();
-
 		verify(this.securityContextRepository, never()).save(any(), any());
 		verifyZeroInteractions(this.successHandler, this.failureHandler);
 	}
@@ -233,14 +201,11 @@ public class AuthenticationWebFilterTests {
 	@Test
 	public void filterWhenNotMatchAndConvertAndAuthenticationSuccessThenContinues() {
 		this.filter.setRequiresAuthenticationMatcher((e) -> ServerWebExchangeMatcher.MatchResult.notMatch());
-
 		WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.filter).build();
-
 		EntityExchangeResult<String> result = client.get().uri("/")
 				.headers((headers) -> headers.setBasicAuth("test", "this")).exchange().expectStatus().isOk()
 				.expectBody(String.class).consumeWith((b) -> assertThat(b.getResponseBody()).isEqualTo("ok"))
 				.returnResult();
-
 		assertThat(result.getResponseCookies()).isEmpty();
 		verifyZeroInteractions(this.authenticationConverter, this.authenticationManager, this.successHandler);
 	}
@@ -252,11 +217,8 @@ public class AuthenticationWebFilterTests {
 		given(this.authenticationManager.authenticate(any()))
 				.willReturn(Mono.error(new BadCredentialsException("Failed")));
 		given(this.failureHandler.onAuthenticationFailure(any(), any())).willReturn(Mono.empty());
-
 		WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.filter).build();
-
 		client.get().uri("/").exchange().expectStatus().isOk().expectBody().isEmpty();
-
 		verify(this.failureHandler).onAuthenticationFailure(any(), any());
 		verify(this.securityContextRepository, never()).save(any(), any());
 		verifyZeroInteractions(this.successHandler);
@@ -267,11 +229,8 @@ public class AuthenticationWebFilterTests {
 		Mono<Authentication> authentication = Mono.just(new TestingAuthenticationToken("test", "this", "ROLE_USER"));
 		given(this.authenticationConverter.convert(any())).willReturn(authentication);
 		given(this.authenticationManager.authenticate(any())).willReturn(Mono.error(new RuntimeException("Failed")));
-
 		WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.filter).build();
-
 		client.get().uri("/").exchange().expectStatus().is5xxServerError().expectBody().isEmpty();
-
 		verify(this.securityContextRepository, never()).save(any(), any());
 		verifyZeroInteractions(this.successHandler, this.failureHandler);
 	}
diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/DelegatingServerAuthenticationSuccessHandlerTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/DelegatingServerAuthenticationSuccessHandlerTests.java
index 179ae25eba..5c3e1a6319 100644
--- a/web/src/test/java/org/springframework/security/web/server/authentication/DelegatingServerAuthenticationSuccessHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authentication/DelegatingServerAuthenticationSuccessHandlerTests.java
@@ -84,9 +84,7 @@ public class DelegatingServerAuthenticationSuccessHandlerTests {
 	public void onAuthenticationSuccessWhenSingleThenExecuted() {
 		DelegatingServerAuthenticationSuccessHandler handler = new DelegatingServerAuthenticationSuccessHandler(
 				this.delegate1);
-
 		handler.onAuthenticationSuccess(this.exchange, this.authentication).block();
-
 		this.delegate1Result.assertWasSubscribed();
 	}
 
@@ -94,9 +92,7 @@ public class DelegatingServerAuthenticationSuccessHandlerTests {
 	public void onAuthenticationSuccessWhenMultipleThenExecuted() {
 		DelegatingServerAuthenticationSuccessHandler handler = new DelegatingServerAuthenticationSuccessHandler(
 				this.delegate1, this.delegate2);
-
 		handler.onAuthenticationSuccess(this.exchange, this.authentication).block();
-
 		this.delegate1Result.assertWasSubscribed();
 		this.delegate2Result.assertWasSubscribed();
 	}
@@ -114,9 +110,7 @@ public class DelegatingServerAuthenticationSuccessHandlerTests {
 		});
 		DelegatingServerAuthenticationSuccessHandler handler = new DelegatingServerAuthenticationSuccessHandler(slow,
 				second);
-
 		handler.onAuthenticationSuccess(this.exchange, this.authentication).block();
-
 		assertThat(latch.await(3, TimeUnit.SECONDS)).isTrue();
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/HttpBasicServerAuthenticationEntryPointTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/HttpBasicServerAuthenticationEntryPointTests.java
index b40e6b5d06..43c8828e48 100644
--- a/web/src/test/java/org/springframework/security/web/server/authentication/HttpBasicServerAuthenticationEntryPointTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authentication/HttpBasicServerAuthenticationEntryPointTests.java
@@ -48,16 +48,13 @@ public class HttpBasicServerAuthenticationEntryPointTests {
 	@Test
 	public void commenceWhenNoSubscribersThenNoActions() {
 		this.entryPoint.commence(this.exchange, this.exception);
-
 		verifyZeroInteractions(this.exchange);
 	}
 
 	@Test
 	public void commenceWhenSubscribeThenStatusAndHeaderSet() {
 		this.exchange = exchange(MockServerHttpRequest.get("/"));
-
 		this.entryPoint.commence(this.exchange, this.exception).block();
-
 		assertThat(this.exchange.getResponse().getStatusCode()).isEqualTo(HttpStatus.UNAUTHORIZED);
 		assertThat(this.exchange.getResponse().getHeaders().get("WWW-Authenticate"))
 				.containsOnly("Basic realm=\"Realm\"");
@@ -67,9 +64,7 @@ public class HttpBasicServerAuthenticationEntryPointTests {
 	public void commenceWhenCustomRealmThenStatusAndHeaderSet() {
 		this.entryPoint.setRealm("Custom");
 		this.exchange = exchange(MockServerHttpRequest.get("/"));
-
 		this.entryPoint.commence(this.exchange, this.exception).block();
-
 		assertThat(this.exchange.getResponse().getStatusCode()).isEqualTo(HttpStatus.UNAUTHORIZED);
 		assertThat(this.exchange.getResponse().getHeaders().get("WWW-Authenticate"))
 				.containsOnly("Basic realm=\"Custom\"");
diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/ReactivePreAuthenticatedAuthenticationManagerTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/ReactivePreAuthenticatedAuthenticationManagerTests.java
index f5e40368dd..2fb7ea2f87 100644
--- a/web/src/test/java/org/springframework/security/web/server/authentication/ReactivePreAuthenticatedAuthenticationManagerTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authentication/ReactivePreAuthenticatedAuthenticationManagerTests.java
@@ -63,7 +63,6 @@ public class ReactivePreAuthenticatedAuthenticationManagerTests {
 	@Test
 	public void returnsAuthenticatedTokenForValidAccount() {
 		given(this.mockUserDetailsService.findByUsername(anyString())).willReturn(Mono.just(this.validAccount));
-
 		Authentication authentication = this.manager.authenticate(tokenForUser(this.validAccount.getUsername()))
 				.block();
 		assertThat(authentication.isAuthenticated()).isEqualTo(true);
@@ -72,28 +71,24 @@ public class ReactivePreAuthenticatedAuthenticationManagerTests {
 	@Test(expected = UsernameNotFoundException.class)
 	public void returnsNullForNonExistingAccount() {
 		given(this.mockUserDetailsService.findByUsername(anyString())).willReturn(Mono.empty());
-
 		this.manager.authenticate(tokenForUser(this.nonExistingAccount.getUsername())).block();
 	}
 
 	@Test(expected = LockedException.class)
 	public void throwsExceptionForLockedAccount() {
 		given(this.mockUserDetailsService.findByUsername(anyString())).willReturn(Mono.just(this.lockedAccount));
-
 		this.manager.authenticate(tokenForUser(this.lockedAccount.getUsername())).block();
 	}
 
 	@Test(expected = DisabledException.class)
 	public void throwsExceptionForDisabledAccount() {
 		given(this.mockUserDetailsService.findByUsername(anyString())).willReturn(Mono.just(this.disabledAccount));
-
 		this.manager.authenticate(tokenForUser(this.disabledAccount.getUsername())).block();
 	}
 
 	@Test(expected = AccountExpiredException.class)
 	public void throwsExceptionForExpiredAccount() {
 		given(this.mockUserDetailsService.findByUsername(anyString())).willReturn(Mono.just(this.expiredAccount));
-
 		this.manager.authenticate(tokenForUser(this.expiredAccount.getUsername())).block();
 	}
 
@@ -101,7 +96,6 @@ public class ReactivePreAuthenticatedAuthenticationManagerTests {
 	public void throwsExceptionForAccountWithExpiredCredentials() {
 		given(this.mockUserDetailsService.findByUsername(anyString()))
 				.willReturn(Mono.just(this.accountWithExpiredCredentials));
-
 		this.manager.authenticate(tokenForUser(this.accountWithExpiredCredentials.getUsername())).block();
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationEntryPointTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationEntryPointTests.java
index e6b075f2ad..d48160c43f 100644
--- a/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationEntryPointTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationEntryPointTests.java
@@ -64,7 +64,6 @@ public class RedirectServerAuthenticationEntryPointTests {
 	public void commenceWhenNoSubscribersThenNoActions() {
 		this.exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/").build());
 		this.entryPoint.commence(this.exchange, this.exception);
-
 		assertThat(this.exchange.getResponse().getHeaders().getLocation()).isNull();
 		assertThat(this.exchange.getSession().block().isStarted()).isFalse();
 	}
@@ -72,9 +71,7 @@ public class RedirectServerAuthenticationEntryPointTests {
 	@Test
 	public void commenceWhenSubscribeThenStatusAndLocationSet() {
 		this.exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/").build());
-
 		this.entryPoint.commence(this.exchange, this.exception).block();
-
 		assertThat(this.exchange.getResponse().getStatusCode()).isEqualTo(HttpStatus.FOUND);
 		assertThat(this.exchange.getResponse().getHeaders().getLocation()).hasPath(this.location);
 	}
@@ -85,9 +82,7 @@ public class RedirectServerAuthenticationEntryPointTests {
 		given(this.redirectStrategy.sendRedirect(any(), any())).willReturn(redirectResult.mono());
 		this.entryPoint.setRedirectStrategy(this.redirectStrategy);
 		this.exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/").build());
-
 		this.entryPoint.commence(this.exchange, this.exception).block();
-
 		redirectResult.assertWasSubscribed();
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationFailureHandlerTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationFailureHandlerTests.java
index 25cba86938..6f0cb185a0 100644
--- a/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationFailureHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationFailureHandlerTests.java
@@ -65,7 +65,6 @@ public class RedirectServerAuthenticationFailureHandlerTests {
 	public void commenceWhenNoSubscribersThenNoActions() {
 		this.exchange = createExchange();
 		this.handler.onAuthenticationFailure(this.exchange, this.exception);
-
 		assertThat(this.exchange.getExchange().getResponse().getHeaders().getLocation()).isNull();
 		assertThat(this.exchange.getExchange().getSession().block().isStarted()).isFalse();
 	}
@@ -73,9 +72,7 @@ public class RedirectServerAuthenticationFailureHandlerTests {
 	@Test
 	public void commenceWhenSubscribeThenStatusAndLocationSet() {
 		this.exchange = createExchange();
-
 		this.handler.onAuthenticationFailure(this.exchange, this.exception).block();
-
 		assertThat(this.exchange.getExchange().getResponse().getStatusCode()).isEqualTo(HttpStatus.FOUND);
 		assertThat(this.exchange.getExchange().getResponse().getHeaders().getLocation()).hasPath(this.location);
 	}
@@ -86,9 +83,7 @@ public class RedirectServerAuthenticationFailureHandlerTests {
 		given(this.redirectStrategy.sendRedirect(any(), any())).willReturn(redirectResult.mono());
 		this.handler.setRedirectStrategy(this.redirectStrategy);
 		this.exchange = createExchange();
-
 		this.handler.onAuthenticationFailure(this.exchange, this.exception).block();
-
 		redirectResult.assertWasSubscribed();
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationSuccessHandlerTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationSuccessHandlerTests.java
index 8fe06ccb91..6a4054b620 100644
--- a/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationSuccessHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationSuccessHandlerTests.java
@@ -70,9 +70,7 @@ public class RedirectServerAuthenticationSuccessHandlerTests {
 	@Test
 	public void successWhenNoSubscribersThenNoActions() {
 		this.exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/").build());
-
 		this.handler.onAuthenticationSuccess(new WebFilterExchange(this.exchange, this.chain), this.authentication);
-
 		assertThat(this.exchange.getResponse().getHeaders().getLocation()).isNull();
 		assertThat(this.exchange.getSession().block().isStarted()).isFalse();
 	}
@@ -80,10 +78,8 @@ public class RedirectServerAuthenticationSuccessHandlerTests {
 	@Test
 	public void successWhenSubscribeThenStatusAndLocationSet() {
 		this.exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/").build());
-
 		this.handler.onAuthenticationSuccess(new WebFilterExchange(this.exchange, this.chain), this.authentication)
 				.block();
-
 		assertThat(this.exchange.getResponse().getStatusCode()).isEqualTo(HttpStatus.FOUND);
 		assertThat(this.exchange.getResponse().getHeaders().getLocation()).isEqualTo(this.location);
 	}
@@ -94,7 +90,6 @@ public class RedirectServerAuthenticationSuccessHandlerTests {
 		given(this.redirectStrategy.sendRedirect(any(), any())).willReturn(redirectResult.mono());
 		this.handler.setRedirectStrategy(this.redirectStrategy);
 		this.exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/").build());
-
 		this.handler.onAuthenticationSuccess(new WebFilterExchange(this.exchange, this.chain), this.authentication)
 				.block();
 		redirectResult.assertWasSubscribed();
diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/ServerAuthenticationEntryPointFailureHandlerTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/ServerAuthenticationEntryPointFailureHandlerTests.java
index 23d0288917..ffa96d4e38 100644
--- a/web/src/test/java/org/springframework/security/web/server/authentication/ServerAuthenticationEntryPointFailureHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authentication/ServerAuthenticationEntryPointFailureHandlerTests.java
@@ -65,7 +65,6 @@ public class ServerAuthenticationEntryPointFailureHandlerTests {
 		Mono<Void> result = Mono.empty();
 		BadCredentialsException e = new BadCredentialsException("Failed");
 		given(this.authenticationEntryPoint.commence(this.exchange, e)).willReturn(result);
-
 		assertThat(this.handler.onAuthenticationFailure(this.filterExchange, e)).isEqualTo(result);
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/ServerFormLoginAuthenticationConverterTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/ServerFormLoginAuthenticationConverterTests.java
index 0088aa89b8..49d6866fde 100644
--- a/web/src/test/java/org/springframework/security/web/server/authentication/ServerFormLoginAuthenticationConverterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authentication/ServerFormLoginAuthenticationConverterTests.java
@@ -56,9 +56,7 @@ public class ServerFormLoginAuthenticationConverterTests {
 		String password = "password";
 		this.data.add("username", username);
 		this.data.add("password", password);
-
 		Authentication authentication = this.converter.convert(this.exchange).block();
-
 		assertThat(authentication.getName()).isEqualTo(username);
 		assertThat(authentication.getCredentials()).isEqualTo(password);
 		assertThat(authentication.getAuthorities()).isEmpty();
@@ -74,9 +72,7 @@ public class ServerFormLoginAuthenticationConverterTests {
 		this.converter.setPasswordParameter(passwordParameter);
 		this.data.add(usernameParameter, username);
 		this.data.add(passwordParameter, password);
-
 		Authentication authentication = this.converter.convert(this.exchange).block();
-
 		assertThat(authentication.getName()).isEqualTo(username);
 		assertThat(authentication.getCredentials()).isEqualTo(password);
 		assertThat(authentication.getAuthorities()).isEmpty();
@@ -85,7 +81,6 @@ public class ServerFormLoginAuthenticationConverterTests {
 	@Test
 	public void applyWhenNoDataThenCreatesTokenSuccess() {
 		Authentication authentication = this.converter.convert(this.exchange).block();
-
 		assertThat(authentication.getName()).isNullOrEmpty();
 		assertThat(authentication.getCredentials()).isNull();
 		assertThat(authentication.getAuthorities()).isEmpty();
diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/ServerHttpBasicAuthenticationConverterTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/ServerHttpBasicAuthenticationConverterTests.java
index da1500df3b..b00b308031 100644
--- a/web/src/test/java/org/springframework/security/web/server/authentication/ServerHttpBasicAuthenticationConverterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authentication/ServerHttpBasicAuthenticationConverterTests.java
@@ -40,35 +40,30 @@ public class ServerHttpBasicAuthenticationConverterTests {
 	@Test
 	public void applyWhenNoAuthorizationHeaderThenEmpty() {
 		Mono<Authentication> result = apply(this.request);
-
 		assertThat(result.block()).isNull();
 	}
 
 	@Test
 	public void applyWhenEmptyAuthorizationHeaderThenEmpty() {
 		Mono<Authentication> result = apply(this.request.header(HttpHeaders.AUTHORIZATION, ""));
-
 		assertThat(result.block()).isNull();
 	}
 
 	@Test
 	public void applyWhenOnlyBasicAuthorizationHeaderThenEmpty() {
 		Mono<Authentication> result = apply(this.request.header(HttpHeaders.AUTHORIZATION, "Basic "));
-
 		assertThat(result.block()).isNull();
 	}
 
 	@Test
 	public void applyWhenNotBase64ThenEmpty() {
 		Mono<Authentication> result = apply(this.request.header(HttpHeaders.AUTHORIZATION, "Basic z"));
-
 		assertThat(result.block()).isNull();
 	}
 
 	@Test
 	public void applyWhenNoSemicolonThenEmpty() {
 		Mono<Authentication> result = apply(this.request.header(HttpHeaders.AUTHORIZATION, "Basic dXNlcg=="));
-
 		assertThat(result.block()).isNull();
 	}
 
@@ -76,7 +71,6 @@ public class ServerHttpBasicAuthenticationConverterTests {
 	public void applyWhenUserPasswordThenAuthentication() {
 		Mono<Authentication> result = apply(
 				this.request.header(HttpHeaders.AUTHORIZATION, "Basic dXNlcjpwYXNzd29yZA=="));
-
 		UsernamePasswordAuthenticationToken authentication = result.cast(UsernamePasswordAuthenticationToken.class)
 				.block();
 		assertThat(authentication.getPrincipal()).isEqualTo("user");
@@ -87,7 +81,6 @@ public class ServerHttpBasicAuthenticationConverterTests {
 	public void applyWhenUserPasswordHasColonThenAuthentication() {
 		Mono<Authentication> result = apply(
 				this.request.header(HttpHeaders.AUTHORIZATION, "Basic dXNlcjpwYXNzOndvcmQ="));
-
 		UsernamePasswordAuthenticationToken authentication = result.cast(UsernamePasswordAuthenticationToken.class)
 				.block();
 		assertThat(authentication.getPrincipal()).isEqualTo("user");
@@ -98,7 +91,6 @@ public class ServerHttpBasicAuthenticationConverterTests {
 	public void applyWhenLowercaseSchemeThenAuthentication() {
 		Mono<Authentication> result = apply(
 				this.request.header(HttpHeaders.AUTHORIZATION, "basic dXNlcjpwYXNzd29yZA=="));
-
 		UsernamePasswordAuthenticationToken authentication = result.cast(UsernamePasswordAuthenticationToken.class)
 				.block();
 		assertThat(authentication.getPrincipal()).isEqualTo("user");
@@ -109,7 +101,6 @@ public class ServerHttpBasicAuthenticationConverterTests {
 	public void applyWhenWrongSchemeThenEmpty() {
 		Mono<Authentication> result = apply(
 				this.request.header(HttpHeaders.AUTHORIZATION, "token dXNlcjpwYXNzd29yZA=="));
-
 		assertThat(result.block()).isNull();
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/ServerX509AuthenticationConverterTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/ServerX509AuthenticationConverterTests.java
index 6e5d2e83db..f94d6aeb33 100644
--- a/web/src/test/java/org/springframework/security/web/server/authentication/ServerX509AuthenticationConverterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authentication/ServerX509AuthenticationConverterTests.java
@@ -52,7 +52,6 @@ public class ServerX509AuthenticationConverterTests {
 	@Before
 	public void setUp() throws Exception {
 		this.request = MockServerHttpRequest.get("/");
-
 		this.certificate = X509TestUtils.buildTestCertificate();
 		given(this.principalExtractor.extractPrincipal(any())).willReturn("Luke Taylor");
 	}
@@ -61,17 +60,14 @@ public class ServerX509AuthenticationConverterTests {
 	public void shouldReturnNullForInvalidCertificate() {
 		Authentication authentication = this.converter.convert(MockServerWebExchange.from(this.request.build()))
 				.block();
-
 		assertThat(authentication).isNull();
 	}
 
 	@Test
 	public void shouldReturnAuthenticationForValidCertificate() {
 		this.request.sslInfo(new MockSslInfo(this.certificate));
-
 		Authentication authentication = this.converter.convert(MockServerWebExchange.from(this.request.build()))
 				.block();
-
 		assertThat(authentication.getName()).isEqualTo("Luke Taylor");
 		assertThat(authentication.getCredentials()).isEqualTo(this.certificate);
 	}
diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/SwitchUserWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/SwitchUserWebFilterTests.java
index ae7e5531fb..2161e8660c 100644
--- a/web/src/test/java/org/springframework/security/web/server/authentication/SwitchUserWebFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authentication/SwitchUserWebFilterTests.java
@@ -103,7 +103,6 @@ public class SwitchUserWebFilterTests {
 		verifyNoInteractions(this.successHandler);
 		verifyNoInteractions(this.failureHandler);
 		verifyNoInteractions(this.serverSecurityContextRepository);
-
 		verify(chain).filter(exchange);
 	}
 
@@ -111,39 +110,29 @@ public class SwitchUserWebFilterTests {
 	public void switchUser() {
 		final String targetUsername = "TEST_USERNAME";
 		final UserDetails switchUserDetails = switchUserDetails(targetUsername, true);
-
 		final MockServerWebExchange exchange = MockServerWebExchange
 				.from(MockServerHttpRequest.post("/login/impersonate?username={targetUser}", targetUsername));
-
 		final WebFilterChain chain = mock(WebFilterChain.class);
-
 		final Authentication originalAuthentication = new UsernamePasswordAuthenticationToken("principal",
 				"credentials");
 		final SecurityContextImpl securityContext = new SecurityContextImpl(originalAuthentication);
-
 		given(this.userDetailsService.findByUsername(targetUsername)).willReturn(Mono.just(switchUserDetails));
 		given(this.serverSecurityContextRepository.save(eq(exchange), any(SecurityContext.class)))
 				.willReturn(Mono.empty());
 		given(this.successHandler.onAuthenticationSuccess(any(WebFilterExchange.class), any(Authentication.class)))
 				.willReturn(Mono.empty());
-
 		this.switchUserWebFilter.filter(exchange, chain)
 				.subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(securityContext)))
 				.block();
-
 		verifyNoInteractions(chain);
 		verify(this.userDetailsService).findByUsername(targetUsername);
-
 		final ArgumentCaptor<SecurityContext> securityContextCaptor = ArgumentCaptor.forClass(SecurityContext.class);
 		verify(this.serverSecurityContextRepository).save(eq(exchange), securityContextCaptor.capture());
 		final SecurityContext savedSecurityContext = securityContextCaptor.getValue();
-
 		final ArgumentCaptor<Authentication> authenticationCaptor = ArgumentCaptor.forClass(Authentication.class);
 		verify(this.successHandler).onAuthenticationSuccess(any(WebFilterExchange.class),
 				authenticationCaptor.capture());
-
 		final Authentication switchUserAuthentication = authenticationCaptor.getValue();
-
 		assertThat(switchUserAuthentication).isSameAs(savedSecurityContext.getAuthentication());
 		assertThat(switchUserAuthentication.getName()).isEqualTo(targetUsername);
 		assertThat(switchUserAuthentication.getAuthorities()).anyMatch(SwitchUserGrantedAuthority.class::isInstance);
@@ -159,37 +148,28 @@ public class SwitchUserWebFilterTests {
 	public void switchUserWhenUserAlreadySwitchedThenExitSwitchAndSwitchAgain() {
 		final Authentication originalAuthentication = new UsernamePasswordAuthenticationToken("origPrincipal",
 				"origCredentials");
-
 		final GrantedAuthority switchAuthority = new SwitchUserGrantedAuthority(
 				SwitchUserWebFilter.ROLE_PREVIOUS_ADMINISTRATOR, originalAuthentication);
 		final Authentication switchUserAuthentication = new UsernamePasswordAuthenticationToken("switchPrincipal",
 				"switchCredentials", Collections.singleton(switchAuthority));
-
 		final SecurityContextImpl securityContext = new SecurityContextImpl(switchUserAuthentication);
-
 		final String targetUsername = "newSwitchPrincipal";
 		final MockServerWebExchange exchange = MockServerWebExchange
 				.from(MockServerHttpRequest.post("/login/impersonate?username={targetUser}", targetUsername));
-
 		final WebFilterChain chain = mock(WebFilterChain.class);
-
 		given(this.serverSecurityContextRepository.save(eq(exchange), any(SecurityContext.class)))
 				.willReturn(Mono.empty());
 		given(this.successHandler.onAuthenticationSuccess(any(WebFilterExchange.class), any(Authentication.class)))
 				.willReturn(Mono.empty());
 		given(this.userDetailsService.findByUsername(targetUsername))
 				.willReturn(Mono.just(switchUserDetails(targetUsername, true)));
-
 		this.switchUserWebFilter.filter(exchange, chain)
 				.subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(securityContext)))
 				.block();
-
 		final ArgumentCaptor<Authentication> authenticationCaptor = ArgumentCaptor.forClass(Authentication.class);
 		verify(this.successHandler).onAuthenticationSuccess(any(WebFilterExchange.class),
 				authenticationCaptor.capture());
-
 		final Authentication secondSwitchUserAuthentication = authenticationCaptor.getValue();
-
 		assertThat(secondSwitchUserAuthentication.getName()).isEqualTo(targetUsername);
 		assertThat(secondSwitchUserAuthentication.getAuthorities().stream()
 				.filter((a) -> a instanceof SwitchUserGrantedAuthority)
@@ -201,13 +181,10 @@ public class SwitchUserWebFilterTests {
 	public void switchUserWhenUsernameIsMissingThenThrowException() {
 		final MockServerWebExchange exchange = MockServerWebExchange
 				.from(MockServerHttpRequest.post("/login/impersonate"));
-
 		final WebFilterChain chain = mock(WebFilterChain.class);
 		final SecurityContextImpl securityContext = new SecurityContextImpl(mock(Authentication.class));
-
 		this.exceptionRule.expect(IllegalArgumentException.class);
 		this.exceptionRule.expectMessage("The userName can not be null.");
-
 		this.switchUserWebFilter.filter(exchange, chain)
 				.subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(securityContext)))
 				.block();
@@ -219,19 +196,15 @@ public class SwitchUserWebFilterTests {
 		final String targetUsername = "TEST_USERNAME";
 		final MockServerWebExchange exchange = MockServerWebExchange
 				.from(MockServerHttpRequest.post("/login/impersonate?username={targetUser}", targetUsername));
-
 		final WebFilterChain chain = mock(WebFilterChain.class);
 		final SecurityContextImpl securityContext = new SecurityContextImpl(mock(Authentication.class));
-
 		final UserDetails switchUserDetails = switchUserDetails(targetUsername, false);
 		given(this.userDetailsService.findByUsername(any(String.class))).willReturn(Mono.just(switchUserDetails));
 		given(this.failureHandler.onAuthenticationFailure(any(WebFilterExchange.class), any(DisabledException.class)))
 				.willReturn(Mono.empty());
-
 		this.switchUserWebFilter.filter(exchange, chain)
 				.subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(securityContext)))
 				.block();
-
 		verify(this.failureHandler).onAuthenticationFailure(any(WebFilterExchange.class), any(DisabledException.class));
 		verifyNoInteractions(chain);
 	}
@@ -239,19 +212,14 @@ public class SwitchUserWebFilterTests {
 	@Test
 	public void switchUserWhenFailureHandlerNotDefinedThenReturnError() {
 		this.switchUserWebFilter = new SwitchUserWebFilter(this.userDetailsService, this.successHandler, null);
-
 		final String targetUsername = "TEST_USERNAME";
 		final MockServerWebExchange exchange = MockServerWebExchange
 				.from(MockServerHttpRequest.post("/login/impersonate?username={targetUser}", targetUsername));
-
 		final WebFilterChain chain = mock(WebFilterChain.class);
 		final SecurityContextImpl securityContext = new SecurityContextImpl(mock(Authentication.class));
-
 		final UserDetails switchUserDetails = switchUserDetails(targetUsername, false);
 		given(this.userDetailsService.findByUsername(any(String.class))).willReturn(Mono.just(switchUserDetails));
-
 		this.exceptionRule.expect(DisabledException.class);
-
 		this.switchUserWebFilter.filter(exchange, chain)
 				.subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(securityContext)))
 				.block();
@@ -262,37 +230,28 @@ public class SwitchUserWebFilterTests {
 	public void exitSwitchThenReturnToOriginalAuthentication() {
 		final MockServerWebExchange exchange = MockServerWebExchange
 				.from(MockServerHttpRequest.post("/logout/impersonate"));
-
 		final Authentication originalAuthentication = new UsernamePasswordAuthenticationToken("origPrincipal",
 				"origCredentials");
-
 		final GrantedAuthority switchAuthority = new SwitchUserGrantedAuthority(
 				SwitchUserWebFilter.ROLE_PREVIOUS_ADMINISTRATOR, originalAuthentication);
 		final Authentication switchUserAuthentication = new UsernamePasswordAuthenticationToken("switchPrincipal",
 				"switchCredentials", Collections.singleton(switchAuthority));
-
 		final WebFilterChain chain = mock(WebFilterChain.class);
 		final SecurityContextImpl securityContext = new SecurityContextImpl(switchUserAuthentication);
-
 		given(this.serverSecurityContextRepository.save(eq(exchange), any(SecurityContext.class)))
 				.willReturn(Mono.empty());
 		given(this.successHandler.onAuthenticationSuccess(any(WebFilterExchange.class), any(Authentication.class)))
 				.willReturn(Mono.empty());
-
 		this.switchUserWebFilter.filter(exchange, chain)
 				.subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(securityContext)))
 				.block();
-
 		final ArgumentCaptor<SecurityContext> securityContextCaptor = ArgumentCaptor.forClass(SecurityContext.class);
 		verify(this.serverSecurityContextRepository).save(eq(exchange), securityContextCaptor.capture());
 		final SecurityContext savedSecurityContext = securityContextCaptor.getValue();
-
 		final ArgumentCaptor<Authentication> authenticationCaptor = ArgumentCaptor.forClass(Authentication.class);
 		verify(this.successHandler).onAuthenticationSuccess(any(WebFilterExchange.class),
 				authenticationCaptor.capture());
-
 		final Authentication originalAuthenticationValue = authenticationCaptor.getValue();
-
 		assertThat(savedSecurityContext.getAuthentication()).isSameAs(originalAuthentication);
 		assertThat(originalAuthenticationValue).isSameAs(originalAuthentication);
 		verifyNoInteractions(chain);
@@ -302,16 +261,12 @@ public class SwitchUserWebFilterTests {
 	public void exitSwitchWhenUserNotSwitchedThenThrowError() {
 		final MockServerWebExchange exchange = MockServerWebExchange
 				.from(MockServerHttpRequest.post("/logout/impersonate"));
-
 		final Authentication originalAuthentication = new UsernamePasswordAuthenticationToken("origPrincipal",
 				"origCredentials");
-
 		final WebFilterChain chain = mock(WebFilterChain.class);
 		final SecurityContextImpl securityContext = new SecurityContextImpl(originalAuthentication);
-
 		this.exceptionRule.expect(AuthenticationCredentialsNotFoundException.class);
 		this.exceptionRule.expectMessage("Could not find original Authentication object");
-
 		this.switchUserWebFilter.filter(exchange, chain)
 				.subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(securityContext)))
 				.block();
@@ -322,12 +277,9 @@ public class SwitchUserWebFilterTests {
 	public void exitSwitchWhenNoCurrentUserThenThrowError() {
 		final MockServerWebExchange exchange = MockServerWebExchange
 				.from(MockServerHttpRequest.post("/logout/impersonate"));
-
 		final WebFilterChain chain = mock(WebFilterChain.class);
-
 		this.exceptionRule.expect(AuthenticationCredentialsNotFoundException.class);
 		this.exceptionRule.expectMessage("No current user associated with this request");
-
 		this.switchUserWebFilter.filter(exchange, chain).block();
 		verifyNoInteractions(chain);
 	}
@@ -373,14 +325,11 @@ public class SwitchUserWebFilterTests {
 				"failure/target/url");
 		final Object successHandler = ReflectionTestUtils.getField(this.switchUserWebFilter, "successHandler");
 		assertThat(successHandler).isInstanceOf(RedirectServerAuthenticationSuccessHandler.class);
-
 		final Object failureHandler = ReflectionTestUtils.getField(this.switchUserWebFilter, "failureHandler");
 		assertThat(failureHandler).isInstanceOf(RedirectServerAuthenticationFailureHandler.class);
-
 		final Object securityContextRepository = ReflectionTestUtils.getField(this.switchUserWebFilter,
 				"securityContextRepository");
 		assertThat(securityContextRepository).isInstanceOf(WebSessionServerSecurityContextRepository.class);
-
 		final Object userDetailsChecker = ReflectionTestUtils.getField(this.switchUserWebFilter, "userDetailsChecker");
 		assertThat(userDetailsChecker instanceof AccountStatusUserDetailsChecker).isTrue();
 	}
@@ -426,16 +375,13 @@ public class SwitchUserWebFilterTests {
 	public void setExitUserUrlWhenDefinedThenChangeDefaultValue() {
 		final MockServerWebExchange exchange = MockServerWebExchange
 				.from(MockServerHttpRequest.post("/logout/impersonate"));
-
 		final ServerWebExchangeMatcher oldExitUserMatcher = (ServerWebExchangeMatcher) ReflectionTestUtils
 				.getField(this.switchUserWebFilter, "exitUserMatcher");
-
 		assertThat(oldExitUserMatcher.matches(exchange).block().isMatch()).isTrue();
 		this.switchUserWebFilter.setExitUserUrl("/exit-url");
 		final MockServerWebExchange newExchange = MockServerWebExchange.from(MockServerHttpRequest.post("/exit-url"));
 		final ServerWebExchangeMatcher newExitUserMatcher = (ServerWebExchangeMatcher) ReflectionTestUtils
 				.getField(this.switchUserWebFilter, "exitUserMatcher");
-
 		assertThat(newExitUserMatcher.matches(newExchange).block().isMatch()).isTrue();
 	}
 
@@ -451,20 +397,14 @@ public class SwitchUserWebFilterTests {
 	public void setExitUserMatcherWhenDefinedThenChangeDefaultValue() {
 		final MockServerWebExchange exchange = MockServerWebExchange
 				.from(MockServerHttpRequest.post("/logout/impersonate"));
-
 		final ServerWebExchangeMatcher oldExitUserMatcher = (ServerWebExchangeMatcher) ReflectionTestUtils
 				.getField(this.switchUserWebFilter, "exitUserMatcher");
-
 		assertThat(oldExitUserMatcher.matches(exchange).block().isMatch()).isTrue();
-
 		final ServerWebExchangeMatcher newExitUserMatcher = ServerWebExchangeMatchers.pathMatchers(HttpMethod.POST,
 				"/exit-url");
-
 		this.switchUserWebFilter.setExitUserMatcher(newExitUserMatcher);
-
 		final ServerWebExchangeMatcher currentExitUserMatcher = (ServerWebExchangeMatcher) ReflectionTestUtils
 				.getField(this.switchUserWebFilter, "exitUserMatcher");
-
 		assertThat(currentExitUserMatcher).isSameAs(newExitUserMatcher);
 	}
 
@@ -488,14 +428,10 @@ public class SwitchUserWebFilterTests {
 	public void setSwitchUserUrlWhenDefinedThenChangeDefaultValue() {
 		final MockServerWebExchange exchange = MockServerWebExchange
 				.from(MockServerHttpRequest.post("/login/impersonate"));
-
 		final ServerWebExchangeMatcher oldSwitchUserMatcher = (ServerWebExchangeMatcher) ReflectionTestUtils
 				.getField(this.switchUserWebFilter, "switchUserMatcher");
-
 		assertThat(oldSwitchUserMatcher.matches(exchange).block().isMatch()).isTrue();
-
 		this.switchUserWebFilter.setSwitchUserUrl("/switch-url");
-
 		final MockServerWebExchange newExchange = MockServerWebExchange.from(MockServerHttpRequest.post("/switch-url"));
 		final ServerWebExchangeMatcher newSwitchUserMatcher = (ServerWebExchangeMatcher) ReflectionTestUtils
 				.getField(this.switchUserWebFilter, "switchUserMatcher");
@@ -514,17 +450,12 @@ public class SwitchUserWebFilterTests {
 	public void setSwitchUserMatcherWhenDefinedThenChangeDefaultValue() {
 		final MockServerWebExchange exchange = MockServerWebExchange
 				.from(MockServerHttpRequest.post("/login/impersonate"));
-
 		final ServerWebExchangeMatcher oldSwitchUserMatcher = (ServerWebExchangeMatcher) ReflectionTestUtils
 				.getField(this.switchUserWebFilter, "switchUserMatcher");
-
 		assertThat(oldSwitchUserMatcher.matches(exchange).block().isMatch()).isTrue();
-
 		final ServerWebExchangeMatcher newSwitchUserMatcher = ServerWebExchangeMatchers.pathMatchers(HttpMethod.POST,
 				"/switch-url");
-
 		this.switchUserWebFilter.setSwitchUserMatcher(newSwitchUserMatcher);
-
 		final ServerWebExchangeMatcher currentExitUserMatcher = (ServerWebExchangeMatcher) ReflectionTestUtils
 				.getField(this.switchUserWebFilter, "switchUserMatcher");
 		assertThat(currentExitUserMatcher).isSameAs(newSwitchUserMatcher);
diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/logout/DelegatingServerLogoutHandlerTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/logout/DelegatingServerLogoutHandlerTests.java
index 9414b01363..0f42d12f4d 100644
--- a/web/src/test/java/org/springframework/security/web/server/authentication/logout/DelegatingServerLogoutHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authentication/logout/DelegatingServerLogoutHandlerTests.java
@@ -94,7 +94,6 @@ public class DelegatingServerLogoutHandlerTests {
 	public void logoutWhenSingleThenExecuted() {
 		DelegatingServerLogoutHandler handler = new DelegatingServerLogoutHandler(this.delegate1);
 		handler.logout(this.exchange, this.authentication).block();
-
 		this.delegate1Result.assertWasSubscribed();
 	}
 
@@ -102,7 +101,6 @@ public class DelegatingServerLogoutHandlerTests {
 	public void logoutWhenMultipleThenExecuted() {
 		DelegatingServerLogoutHandler handler = new DelegatingServerLogoutHandler(this.delegate1, this.delegate2);
 		handler.logout(this.exchange, this.authentication).block();
-
 		this.delegate1Result.assertWasSubscribed();
 		this.delegate2Result.assertWasSubscribed();
 	}
@@ -118,9 +116,7 @@ public class DelegatingServerLogoutHandlerTests {
 			assertThat(slowDone.get()).describedAs("ServerLogoutHandler should be executed sequentially").isTrue();
 		});
 		DelegatingServerLogoutHandler handler = new DelegatingServerLogoutHandler(slow, second);
-
 		handler.logout(this.exchange, this.authentication).block();
-
 		assertThat(latch.await(3, TimeUnit.SECONDS)).isTrue();
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/logout/HeaderWriterServerLogoutHandlerTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/logout/HeaderWriterServerLogoutHandlerTests.java
index 0cb532a837..af8cad8e6b 100644
--- a/web/src/test/java/org/springframework/security/web/server/authentication/logout/HeaderWriterServerLogoutHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authentication/logout/HeaderWriterServerLogoutHandlerTests.java
@@ -48,9 +48,7 @@ public class HeaderWriterServerLogoutHandlerTests {
 		WebFilterExchange filterExchange = mock(WebFilterExchange.class);
 		given(filterExchange.getExchange()).willReturn(serverWebExchange);
 		Authentication authentication = mock(Authentication.class);
-
 		handler.logout(filterExchange, authentication);
-
 		verify(headersWriter).writeHttpHeaders(serverWebExchange);
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/logout/HttpStatusReturningServerLogoutSuccessHandlerTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/logout/HttpStatusReturningServerLogoutSuccessHandlerTests.java
index 09065c9dd7..d26a9b345f 100644
--- a/web/src/test/java/org/springframework/security/web/server/authentication/logout/HttpStatusReturningServerLogoutSuccessHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authentication/logout/HttpStatusReturningServerLogoutSuccessHandlerTests.java
@@ -40,7 +40,6 @@ public class HttpStatusReturningServerLogoutSuccessHandlerTests {
 		WebFilterExchange filterExchange = buildFilterExchange();
 		new HttpStatusReturningServerLogoutSuccessHandler().onLogoutSuccess(filterExchange, mock(Authentication.class))
 				.block();
-
 		assertThat(filterExchange.getExchange().getResponse().getStatusCode()).isEqualTo(HttpStatus.OK);
 	}
 
@@ -49,7 +48,6 @@ public class HttpStatusReturningServerLogoutSuccessHandlerTests {
 		WebFilterExchange filterExchange = buildFilterExchange();
 		new HttpStatusReturningServerLogoutSuccessHandler(HttpStatus.NO_CONTENT)
 				.onLogoutSuccess(filterExchange, mock(Authentication.class)).block();
-
 		assertThat(filterExchange.getExchange().getResponse().getStatusCode()).isEqualTo(HttpStatus.NO_CONTENT);
 	}
 
@@ -63,7 +61,6 @@ public class HttpStatusReturningServerLogoutSuccessHandlerTests {
 	private static WebFilterExchange buildFilterExchange() {
 		MockServerHttpRequest request = MockServerHttpRequest.get("/").build();
 		MockServerWebExchange exchange = MockServerWebExchange.from(request);
-
 		return new WebFilterExchange(exchange, mock(WebFilterChain.class));
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/logout/LogoutWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/logout/LogoutWebFilterTests.java
index 4439a68961..d87fdeb9fb 100644
--- a/web/src/test/java/org/springframework/security/web/server/authentication/logout/LogoutWebFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authentication/logout/LogoutWebFilterTests.java
@@ -56,7 +56,6 @@ public class LogoutWebFilterTests {
 	public void singleLogoutHandler() {
 		this.logoutWebFilter.setLogoutHandler(this.handler1);
 		this.logoutWebFilter.setLogoutHandler(this.handler2);
-
 		assertThat(getLogoutHandler()).isNotNull().isInstanceOf(ServerLogoutHandler.class)
 				.isNotInstanceOf(SecurityContextServerLogoutHandler.class).extracting(ServerLogoutHandler::getClass)
 				.isEqualTo(this.handler2.getClass());
@@ -66,7 +65,6 @@ public class LogoutWebFilterTests {
 	public void multipleLogoutHandlers() {
 		this.logoutWebFilter
 				.setLogoutHandler(new DelegatingServerLogoutHandler(this.handler1, this.handler2, this.handler3));
-
 		assertThat(getLogoutHandler()).isNotNull().isExactlyInstanceOf(DelegatingServerLogoutHandler.class)
 				.extracting((delegatingLogoutHandler) -> ((Collection<ServerLogoutHandler>) ReflectionTestUtils
 						.getField(delegatingLogoutHandler, DelegatingServerLogoutHandler.class, "delegates")).stream()
diff --git a/web/src/test/java/org/springframework/security/web/server/authorization/AuthorizationWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/authorization/AuthorizationWebFilterTests.java
index 0bcbcb5edc..0afc768ed2 100644
--- a/web/src/test/java/org/springframework/security/web/server/authorization/AuthorizationWebFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authorization/AuthorizationWebFilterTests.java
@@ -55,9 +55,7 @@ public class AuthorizationWebFilterTests {
 		given(this.chain.filter(this.exchange)).willReturn(this.chainResult.mono());
 		AuthorizationWebFilter filter = new AuthorizationWebFilter(
 				(a, e) -> Mono.error(new AccessDeniedException("Denied")));
-
 		Mono<Void> result = filter.filter(this.exchange, this.chain);
-
 		StepVerifier.create(result).expectError(AccessDeniedException.class).verify();
 		this.chainResult.assertWasNotSubscribed();
 	}
@@ -67,10 +65,8 @@ public class AuthorizationWebFilterTests {
 		given(this.chain.filter(this.exchange)).willReturn(this.chainResult.mono());
 		AuthorizationWebFilter filter = new AuthorizationWebFilter(
 				(a, e) -> a.flatMap((auth) -> Mono.error(new AccessDeniedException("Denied"))));
-
 		Mono<Void> result = filter.filter(this.exchange, this.chain).subscriberContext(
 				ReactiveSecurityContextHolder.withSecurityContext(Mono.just(new SecurityContextImpl())));
-
 		StepVerifier.create(result).expectError(AccessDeniedException.class).verify();
 		this.chainResult.assertWasNotSubscribed();
 	}
@@ -80,10 +76,8 @@ public class AuthorizationWebFilterTests {
 		given(this.chain.filter(this.exchange)).willReturn(this.chainResult.mono());
 		AuthorizationWebFilter filter = new AuthorizationWebFilter(
 				(a, e) -> Mono.error(new AccessDeniedException("Denied")));
-
 		Mono<Void> result = filter.filter(this.exchange, this.chain).subscriberContext(
 				ReactiveSecurityContextHolder.withAuthentication(new TestingAuthenticationToken("a", "b", "R")));
-
 		StepVerifier.create(result).expectError(AccessDeniedException.class).verify();
 		this.chainResult.assertWasNotSubscribed();
 	}
@@ -94,10 +88,8 @@ public class AuthorizationWebFilterTests {
 		given(this.chain.filter(this.exchange)).willReturn(this.chainResult.mono());
 		AuthorizationWebFilter filter = new AuthorizationWebFilter(
 				(a, e) -> Mono.error(new AccessDeniedException("Denied")));
-
 		Mono<Void> result = filter.filter(this.exchange, this.chain)
 				.subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(context.mono()));
-
 		StepVerifier.create(result).expectError(AccessDeniedException.class).verify();
 		this.chainResult.assertWasNotSubscribed();
 		context.assertWasNotSubscribed();
@@ -109,10 +101,8 @@ public class AuthorizationWebFilterTests {
 		given(this.chain.filter(this.exchange)).willReturn(this.chainResult.mono());
 		AuthorizationWebFilter filter = new AuthorizationWebFilter(
 				(a, e) -> Mono.just(new AuthorizationDecision(true)));
-
 		Mono<Void> result = filter.filter(this.exchange, this.chain)
 				.subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(context.mono()));
-
 		StepVerifier.create(result).verifyComplete();
 		this.chainResult.assertWasSubscribed();
 		context.assertWasNotSubscribed();
@@ -124,10 +114,8 @@ public class AuthorizationWebFilterTests {
 		given(this.chain.filter(this.exchange)).willReturn(this.chainResult.mono());
 		AuthorizationWebFilter filter = new AuthorizationWebFilter((a, e) -> a
 				.map((auth) -> new AuthorizationDecision(true)).defaultIfEmpty(new AuthorizationDecision(true)));
-
 		Mono<Void> result = filter.filter(this.exchange, this.chain)
 				.subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(context.mono()));
-
 		StepVerifier.create(result).verifyComplete();
 		this.chainResult.assertWasSubscribed();
 		context.assertWasSubscribed();
diff --git a/web/src/test/java/org/springframework/security/web/server/authorization/DelegatingReactiveAuthorizationManagerTests.java b/web/src/test/java/org/springframework/security/web/server/authorization/DelegatingReactiveAuthorizationManagerTests.java
index c052bf2b2c..ae9e0bbc8f 100644
--- a/web/src/test/java/org/springframework/security/web/server/authorization/DelegatingReactiveAuthorizationManagerTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authorization/DelegatingReactiveAuthorizationManagerTests.java
@@ -80,9 +80,7 @@ public class DelegatingReactiveAuthorizationManagerTests {
 		given(this.match1.matches(any())).willReturn(ServerWebExchangeMatcher.MatchResult.match());
 		given(this.delegate1.check(eq(this.authentication), any(AuthorizationContext.class)))
 				.willReturn(Mono.just(this.decision));
-
 		assertThat(this.manager.check(this.authentication, this.exchange).block()).isEqualTo(this.decision);
-
 		verifyZeroInteractions(this.match2, this.delegate2);
 	}
 
@@ -92,9 +90,7 @@ public class DelegatingReactiveAuthorizationManagerTests {
 		given(this.match2.matches(any())).willReturn(ServerWebExchangeMatcher.MatchResult.match());
 		given(this.delegate2.check(eq(this.authentication), any(AuthorizationContext.class)))
 				.willReturn(Mono.just(this.decision));
-
 		assertThat(this.manager.check(this.authentication, this.exchange).block()).isEqualTo(this.decision);
-
 		verifyZeroInteractions(this.delegate1);
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/server/authorization/ExceptionTranslationWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/authorization/ExceptionTranslationWebFilterTests.java
index 79ae02cbc2..4e6a9c7285 100644
--- a/web/src/test/java/org/springframework/security/web/server/authorization/ExceptionTranslationWebFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authorization/ExceptionTranslationWebFilterTests.java
@@ -71,7 +71,6 @@ public class ExceptionTranslationWebFilterTests {
 		given(this.exchange.getResponse()).willReturn(new MockServerHttpResponse());
 		given(this.deniedHandler.handle(any(), any())).willReturn(this.deniedPublisher.mono());
 		given(this.entryPoint.commence(any(), any())).willReturn(this.entryPointPublisher.mono());
-
 		this.filter.setAuthenticationEntryPoint(this.entryPoint);
 		this.filter.setAccessDeniedHandler(this.deniedHandler);
 	}
@@ -79,9 +78,7 @@ public class ExceptionTranslationWebFilterTests {
 	@Test
 	public void filterWhenNoExceptionThenNotHandled() {
 		given(this.chain.filter(this.exchange)).willReturn(Mono.empty());
-
 		StepVerifier.create(this.filter.filter(this.exchange, this.chain)).expectComplete().verify();
-
 		this.deniedPublisher.assertWasNotSubscribed();
 		this.entryPointPublisher.assertWasNotSubscribed();
 	}
@@ -89,10 +86,8 @@ public class ExceptionTranslationWebFilterTests {
 	@Test
 	public void filterWhenNotAccessDeniedExceptionThenNotHandled() {
 		given(this.chain.filter(this.exchange)).willReturn(Mono.error(new IllegalArgumentException("oops")));
-
 		StepVerifier.create(this.filter.filter(this.exchange, this.chain)).expectError(IllegalArgumentException.class)
 				.verify();
-
 		this.deniedPublisher.assertWasNotSubscribed();
 		this.entryPointPublisher.assertWasNotSubscribed();
 	}
@@ -101,9 +96,7 @@ public class ExceptionTranslationWebFilterTests {
 	public void filterWhenAccessDeniedExceptionAndNotAuthenticatedThenHandled() {
 		given(this.exchange.getPrincipal()).willReturn(Mono.empty());
 		given(this.chain.filter(this.exchange)).willReturn(Mono.error(new AccessDeniedException("Not Authorized")));
-
 		StepVerifier.create(this.filter.filter(this.exchange, this.chain)).verifyComplete();
-
 		this.deniedPublisher.assertWasNotSubscribed();
 		this.entryPointPublisher.assertWasSubscribed();
 	}
@@ -113,9 +106,7 @@ public class ExceptionTranslationWebFilterTests {
 		this.filter = new ExceptionTranslationWebFilter();
 		given(this.exchange.getPrincipal()).willReturn(Mono.just(this.principal));
 		given(this.chain.filter(this.exchange)).willReturn(Mono.error(new AccessDeniedException("Not Authorized")));
-
 		StepVerifier.create(this.filter.filter(this.exchange, this.chain)).expectComplete().verify();
-
 		assertThat(this.exchange.getResponse().getStatusCode()).isEqualTo(HttpStatus.FORBIDDEN);
 	}
 
@@ -124,9 +115,7 @@ public class ExceptionTranslationWebFilterTests {
 		this.filter = new ExceptionTranslationWebFilter();
 		given(this.exchange.getPrincipal()).willReturn(Mono.empty());
 		given(this.chain.filter(this.exchange)).willReturn(Mono.error(new AccessDeniedException("Not Authorized")));
-
 		StepVerifier.create(this.filter.filter(this.exchange, this.chain)).expectComplete().verify();
-
 		assertThat(this.exchange.getResponse().getStatusCode()).isEqualTo(HttpStatus.UNAUTHORIZED);
 	}
 
@@ -134,9 +123,7 @@ public class ExceptionTranslationWebFilterTests {
 	public void filterWhenAccessDeniedExceptionAndAuthenticatedThenHandled() {
 		given(this.exchange.getPrincipal()).willReturn(Mono.just(this.principal));
 		given(this.chain.filter(this.exchange)).willReturn(Mono.error(new AccessDeniedException("Not Authorized")));
-
 		StepVerifier.create(this.filter.filter(this.exchange, this.chain)).expectComplete().verify();
-
 		this.deniedPublisher.assertWasSubscribed();
 		this.entryPointPublisher.assertWasNotSubscribed();
 	}
diff --git a/web/src/test/java/org/springframework/security/web/server/authorization/HttpStatusServerAccessDeniedHandlerTests.java b/web/src/test/java/org/springframework/security/web/server/authorization/HttpStatusServerAccessDeniedHandlerTests.java
index 599bbd842b..08cde18541 100644
--- a/web/src/test/java/org/springframework/security/web/server/authorization/HttpStatusServerAccessDeniedHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authorization/HttpStatusServerAccessDeniedHandlerTests.java
@@ -54,16 +54,13 @@ public class HttpStatusServerAccessDeniedHandlerTests {
 	@Test
 	public void commenceWhenNoSubscribersThenNoActions() {
 		this.handler.handle(this.exchange, this.exception);
-
 		verifyZeroInteractions(this.exchange);
 	}
 
 	@Test
 	public void commenceWhenSubscribeThenStatusSet() {
 		this.exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/").build());
-
 		this.handler.handle(this.exchange, this.exception).block();
-
 		assertThat(this.exchange.getResponse().getStatusCode()).isEqualTo(this.httpStatus);
 	}
 
@@ -72,9 +69,7 @@ public class HttpStatusServerAccessDeniedHandlerTests {
 		this.httpStatus = HttpStatus.NOT_FOUND;
 		this.handler = new HttpStatusServerAccessDeniedHandler(this.httpStatus);
 		this.exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/").build());
-
 		this.handler.handle(this.exchange, this.exception).block();
-
 		assertThat(this.exchange.getResponse().getStatusCode()).isEqualTo(this.httpStatus);
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/server/authorization/ServerWebExchangeDelegatingServerAccessDeniedHandlerTests.java b/web/src/test/java/org/springframework/security/web/server/authorization/ServerWebExchangeDelegatingServerAccessDeniedHandlerTests.java
index 0467943bf2..896f8d20f3 100644
--- a/web/src/test/java/org/springframework/security/web/server/authorization/ServerWebExchangeDelegatingServerAccessDeniedHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authorization/ServerWebExchangeDelegatingServerAccessDeniedHandlerTests.java
@@ -57,13 +57,10 @@ public class ServerWebExchangeDelegatingServerAccessDeniedHandlerTests {
 		given(matcher.matches(this.exchange)).willReturn(MatchResult.notMatch());
 		given(handler.handle(this.exchange, null)).willReturn(Mono.empty());
 		given(this.accessDeniedHandler.handle(this.exchange, null)).willReturn(Mono.empty());
-
 		this.entries.add(new DelegateEntry(matcher, handler));
 		this.delegator = new ServerWebExchangeDelegatingServerAccessDeniedHandler(this.entries);
 		this.delegator.setDefaultAccessDeniedHandler(this.accessDeniedHandler);
-
 		this.delegator.handle(this.exchange, null).block();
-
 		verify(this.accessDeniedHandler).handle(this.exchange, null);
 		verify(handler, never()).handle(this.exchange, null);
 	}
@@ -77,14 +74,11 @@ public class ServerWebExchangeDelegatingServerAccessDeniedHandlerTests {
 		given(firstMatcher.matches(this.exchange)).willReturn(MatchResult.match());
 		given(firstHandler.handle(this.exchange, null)).willReturn(Mono.empty());
 		given(secondHandler.handle(this.exchange, null)).willReturn(Mono.empty());
-
 		this.entries.add(new DelegateEntry(firstMatcher, firstHandler));
 		this.entries.add(new DelegateEntry(secondMatcher, secondHandler));
 		this.delegator = new ServerWebExchangeDelegatingServerAccessDeniedHandler(this.entries);
 		this.delegator.setDefaultAccessDeniedHandler(this.accessDeniedHandler);
-
 		this.delegator.handle(this.exchange, null).block();
-
 		verify(firstHandler).handle(this.exchange, null);
 		verify(secondHandler, never()).handle(this.exchange, null);
 		verify(this.accessDeniedHandler, never()).handle(this.exchange, null);
@@ -101,13 +95,10 @@ public class ServerWebExchangeDelegatingServerAccessDeniedHandlerTests {
 		given(secondMatcher.matches(this.exchange)).willReturn(MatchResult.match());
 		given(firstHandler.handle(this.exchange, null)).willReturn(Mono.empty());
 		given(secondHandler.handle(this.exchange, null)).willReturn(Mono.empty());
-
 		this.entries.add(new DelegateEntry(firstMatcher, firstHandler));
 		this.entries.add(new DelegateEntry(secondMatcher, secondHandler));
 		this.delegator = new ServerWebExchangeDelegatingServerAccessDeniedHandler(this.entries);
-
 		this.delegator.handle(this.exchange, null).block();
-
 		verify(secondHandler).handle(this.exchange, null);
 		verify(firstHandler, never()).handle(this.exchange, null);
 		verify(this.accessDeniedHandler, never()).handle(this.exchange, null);
diff --git a/web/src/test/java/org/springframework/security/web/server/context/NoOpServerSecurityContextRepositoryTests.java b/web/src/test/java/org/springframework/security/web/server/context/NoOpServerSecurityContextRepositoryTests.java
index 1c216cfcde..fd2c7c08d9 100644
--- a/web/src/test/java/org/springframework/security/web/server/context/NoOpServerSecurityContextRepositoryTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/context/NoOpServerSecurityContextRepositoryTests.java
@@ -39,10 +39,8 @@ public class NoOpServerSecurityContextRepositoryTests {
 	@Test
 	public void saveAndLoad() {
 		SecurityContext context = new SecurityContextImpl();
-
 		Mono<SecurityContext> result = this.repository.save(this.exchange, context)
 				.then(this.repository.load(this.exchange));
-
 		StepVerifier.create(result).verifyComplete();
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/server/context/ReactorContextWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/context/ReactorContextWebFilterTests.java
index f74e15e195..ccc686bf6c 100644
--- a/web/src/test/java/org/springframework/security/web/server/context/ReactorContextWebFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/context/ReactorContextWebFilterTests.java
@@ -78,7 +78,6 @@ public class ReactorContextWebFilterTests {
 	@Test
 	public void filterWhenNoPrincipalAccessThenNoInteractions() {
 		this.handler.exchange(this.exchange);
-
 		this.securityContext.assertWasNotSubscribed();
 	}
 
@@ -88,9 +87,7 @@ public class ReactorContextWebFilterTests {
 			ReactiveSecurityContextHolder.getContext();
 			return c.filter(e);
 		});
-
 		this.handler.exchange(this.exchange);
-
 		this.securityContext.assertWasNotSubscribed();
 	}
 
@@ -101,9 +98,7 @@ public class ReactorContextWebFilterTests {
 		this.handler = WebTestHandler.bindToWebFilters(this.filter,
 				(e, c) -> ReactiveSecurityContextHolder.getContext().map(SecurityContext::getAuthentication)
 						.doOnSuccess((p) -> assertThat(p).isSameAs(this.principal)).flatMap((p) -> c.filter(e)));
-
 		WebTestHandler.WebHandlerResult result = this.handler.exchange(this.exchange);
-
 		this.securityContext.assertWasNotSubscribed();
 	}
 
@@ -112,7 +107,6 @@ public class ReactorContextWebFilterTests {
 	public void filterWhenMainContextThenDoesNotOverride() {
 		String contextKey = "main";
 		WebFilter mainContextWebFilter = (e, c) -> c.filter(e).subscriberContext(Context.of(contextKey, true));
-
 		WebFilterChain chain = new DefaultWebFilterChain((e) -> Mono.empty(), mainContextWebFilter, this.filter);
 		Mono<Void> filter = chain.filter(MockServerWebExchange.from(this.exchange.build()));
 		StepVerifier.create(filter).expectAccessibleContext().hasKey(contextKey).then().verifyComplete();
diff --git a/web/src/test/java/org/springframework/security/web/server/context/SecurityContextServerWebExchangeWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/context/SecurityContextServerWebExchangeWebFilterTests.java
index 63cb704adc..e6cdb78402 100644
--- a/web/src/test/java/org/springframework/security/web/server/context/SecurityContextServerWebExchangeWebFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/context/SecurityContextServerWebExchangeWebFilterTests.java
@@ -51,7 +51,6 @@ public class SecurityContextServerWebExchangeWebFilterTests {
 						.doOnSuccess((context) -> assertThat(context.<String>get("foo")).isEqualTo("bar")).then()))
 				.subscriberContext((context) -> context.put("foo", "bar"))
 				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.principal));
-
 		StepVerifier.create(result).verifyComplete();
 	}
 
@@ -64,7 +63,6 @@ public class SecurityContextServerWebExchangeWebFilterTests {
 										(contextPrincipal) -> assertThat(contextPrincipal).isEqualTo(this.principal))
 								.then()))
 				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.principal));
-
 		StepVerifier.create(result).verifyComplete();
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/server/context/WebSessionServerSecurityContextRepositoryTests.java b/web/src/test/java/org/springframework/security/web/server/context/WebSessionServerSecurityContextRepositoryTests.java
index 1ecf1e7fdf..4d5dc45ac0 100644
--- a/web/src/test/java/org/springframework/security/web/server/context/WebSessionServerSecurityContextRepositoryTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/context/WebSessionServerSecurityContextRepositoryTests.java
@@ -40,9 +40,7 @@ public class WebSessionServerSecurityContextRepositoryTests {
 	public void saveAndLoadWhenDefaultsThenFound() {
 		SecurityContext expected = new SecurityContextImpl();
 		this.repository.save(this.exchange, expected).block();
-
 		SecurityContext actual = this.repository.load(this.exchange).block();
-
 		assertThat(actual).isEqualTo(expected);
 	}
 
@@ -51,14 +49,10 @@ public class WebSessionServerSecurityContextRepositoryTests {
 		String attrName = "attr";
 		this.repository.setSpringSecurityContextAttrName(attrName);
 		SecurityContext expected = new SecurityContextImpl();
-
 		this.repository.save(this.exchange, expected).block();
-
 		WebSession session = this.exchange.getSession().block();
 		assertThat(session.<SecurityContext>getAttribute(attrName)).isEqualTo(expected);
-
 		SecurityContext actual = this.repository.load(this.exchange).block();
-
 		assertThat(actual).isEqualTo(expected);
 	}
 
@@ -67,9 +61,7 @@ public class WebSessionServerSecurityContextRepositoryTests {
 		SecurityContext context = new SecurityContextImpl();
 		this.repository.save(this.exchange, context).block();
 		this.repository.save(this.exchange, null).block();
-
 		SecurityContext actual = this.repository.load(this.exchange).block();
-
 		assertThat(actual).isNull();
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/server/csrf/CookieServerCsrfTokenRepositoryTests.java b/web/src/test/java/org/springframework/security/web/server/csrf/CookieServerCsrfTokenRepositoryTests.java
index e03083109b..d16f131920 100644
--- a/web/src/test/java/org/springframework/security/web/server/csrf/CookieServerCsrfTokenRepositoryTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/csrf/CookieServerCsrfTokenRepositoryTests.java
@@ -64,14 +64,12 @@ public class CookieServerCsrfTokenRepositoryTests {
 	@Test
 	public void generateTokenWhenCustomHeaderThenCustomHeader() {
 		setExpectedHeaderName("someHeader");
-
 		generateTokenAndAssertExpectedValues();
 	}
 
 	@Test
 	public void generateTokenWhenCustomParameterThenCustomParameter() {
 		setExpectedParameterName("someParam");
-
 		generateTokenAndAssertExpectedValues();
 	}
 
@@ -79,14 +77,12 @@ public class CookieServerCsrfTokenRepositoryTests {
 	public void generateTokenWhenCustomHeaderAndParameterThenCustomHeaderAndParameter() {
 		setExpectedHeaderName("someHeader");
 		setExpectedParameterName("someParam");
-
 		generateTokenAndAssertExpectedValues();
 	}
 
 	@Test
 	public void saveTokenWhenNoSubscriptionThenNotWritten() {
 		this.csrfTokenRepository.saveToken(this.exchange, createToken());
-
 		assertThat(this.exchange.getResponse().getCookies().getFirst(this.expectedCookieName)).isNull();
 	}
 
@@ -103,7 +99,6 @@ public class CookieServerCsrfTokenRepositoryTests {
 	@Test
 	public void saveTokenWhenHttpOnlyFalseThenHttpOnlyFalse() {
 		setExpectedHttpOnly(false);
-
 		saveAndAssertExpectedValues(createToken());
 	}
 
@@ -114,7 +109,6 @@ public class CookieServerCsrfTokenRepositoryTests {
 		setExpectedPath("/some/path");
 		setExpectedHeaderName("headerName");
 		setExpectedParameterName("paramName");
-
 		saveAndAssertExpectedValues(createToken());
 	}
 
@@ -128,7 +122,6 @@ public class CookieServerCsrfTokenRepositoryTests {
 		setExpectedParameterName("paramName");
 		setExpectedHeaderName("headerName");
 		setExpectedCookieName("csrfCookie");
-
 		saveAndAssertExpectedValues(createToken());
 	}
 
@@ -141,14 +134,12 @@ public class CookieServerCsrfTokenRepositoryTests {
 	@Test
 	public void loadTokenWhenCookieExistsWithNoValue() {
 		setExpectedCookieValue("");
-
 		loadAndAssertExpectedValues();
 	}
 
 	@Test
 	public void loadTokenWhenCookieExistsWithNullValue() {
 		setExpectedCookieValue(null);
-
 		loadAndAssertExpectedValues();
 	}
 
@@ -190,9 +181,7 @@ public class CookieServerCsrfTokenRepositoryTests {
 		MockServerHttpRequest.BodyBuilder request = MockServerHttpRequest.post("/someUri")
 				.cookie(new HttpCookie(this.expectedCookieName, this.expectedCookieValue));
 		this.exchange = MockServerWebExchange.from(request);
-
 		CsrfToken csrfToken = this.csrfTokenRepository.loadToken(this.exchange).block();
-
 		if (StringUtils.hasText(this.expectedCookieValue)) {
 			assertThat(csrfToken).isNotNull();
 			assertThat(csrfToken.getHeaderName()).isEqualTo(this.expectedHeaderName);
@@ -209,11 +198,8 @@ public class CookieServerCsrfTokenRepositoryTests {
 			this.expectedMaxAge = Duration.ofSeconds(0);
 			this.expectedCookieValue = "";
 		}
-
 		this.csrfTokenRepository.saveToken(this.exchange, token).block();
-
 		ResponseCookie cookie = this.exchange.getResponse().getCookies().getFirst(this.expectedCookieName);
-
 		assertThat(cookie).isNotNull();
 		assertThat(cookie.getMaxAge()).isEqualTo(this.expectedMaxAge);
 		assertThat(cookie.getDomain()).isEqualTo(this.expectedDomain);
@@ -226,7 +212,6 @@ public class CookieServerCsrfTokenRepositoryTests {
 
 	private void generateTokenAndAssertExpectedValues() {
 		CsrfToken csrfToken = this.csrfTokenRepository.generateToken(this.exchange).block();
-
 		assertThat(csrfToken).isNotNull();
 		assertThat(csrfToken.getHeaderName()).isEqualTo(this.expectedHeaderName);
 		assertThat(csrfToken.getParameterName()).isEqualTo(this.expectedParameterName);
diff --git a/web/src/test/java/org/springframework/security/web/server/csrf/CsrfServerLogoutHandlerTests.java b/web/src/test/java/org/springframework/security/web/server/csrf/CsrfServerLogoutHandlerTests.java
index 5acdbd3569..60ced8c233 100644
--- a/web/src/test/java/org/springframework/security/web/server/csrf/CsrfServerLogoutHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/csrf/CsrfServerLogoutHandlerTests.java
@@ -70,7 +70,6 @@ public class CsrfServerLogoutHandlerTests {
 	public void logoutRemovesCsrfToken() {
 		this.handler.logout(this.filterExchange, new TestingAuthenticationToken("user", "password", "ROLE_USER"))
 				.block();
-
 		verify(this.csrfTokenRepository).saveToken(this.exchange, null);
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/server/csrf/CsrfWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/csrf/CsrfWebFilterTests.java
index 564a3d2e62..3d26430c07 100644
--- a/web/src/test/java/org/springframework/security/web/server/csrf/CsrfWebFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/csrf/CsrfWebFilterTests.java
@@ -70,23 +70,17 @@ public class CsrfWebFilterTests {
 	public void filterWhenGetThenSessionNotCreatedAndChainContinues() {
 		PublisherProbe<Void> chainResult = PublisherProbe.empty();
 		given(this.chain.filter(this.get)).willReturn(chainResult.mono());
-
 		Mono<Void> result = this.csrfFilter.filter(this.get, this.chain);
-
 		StepVerifier.create(result).verifyComplete();
-
 		Mono<Boolean> isSessionStarted = this.get.getSession().map(WebSession::isStarted);
 		StepVerifier.create(isSessionStarted).expectNext(false).verifyComplete();
-
 		chainResult.assertWasSubscribed();
 	}
 
 	@Test
 	public void filterWhenPostAndNoTokenThenCsrfException() {
 		Mono<Void> result = this.csrfFilter.filter(this.post, this.chain);
-
 		StepVerifier.create(result).verifyComplete();
-
 		assertThat(this.post.getResponse().getStatusCode()).isEqualTo(HttpStatus.FORBIDDEN);
 	}
 
@@ -94,11 +88,8 @@ public class CsrfWebFilterTests {
 	public void filterWhenPostAndEstablishedCsrfTokenAndRequestMissingTokenThenCsrfException() {
 		this.csrfFilter.setCsrfTokenRepository(this.repository);
 		given(this.repository.loadToken(any())).willReturn(Mono.just(this.token));
-
 		Mono<Void> result = this.csrfFilter.filter(this.post, this.chain);
-
 		StepVerifier.create(result).verifyComplete();
-
 		assertThat(this.post.getResponse().getStatusCode()).isEqualTo(HttpStatus.FORBIDDEN);
 	}
 
@@ -108,11 +99,8 @@ public class CsrfWebFilterTests {
 		given(this.repository.loadToken(any())).willReturn(Mono.just(this.token));
 		this.post = MockServerWebExchange.from(MockServerHttpRequest.post("/")
 				.body(this.token.getParameterName() + "=" + this.token.getToken() + "INVALID"));
-
 		Mono<Void> result = this.csrfFilter.filter(this.post, this.chain);
-
 		StepVerifier.create(result).verifyComplete();
-
 		assertThat(this.post.getResponse().getStatusCode()).isEqualTo(HttpStatus.FORBIDDEN);
 	}
 
@@ -120,18 +108,14 @@ public class CsrfWebFilterTests {
 	public void filterWhenPostAndEstablishedCsrfTokenAndRequestParamValidTokenThenContinues() {
 		PublisherProbe<Void> chainResult = PublisherProbe.empty();
 		given(this.chain.filter(any())).willReturn(chainResult.mono());
-
 		this.csrfFilter.setCsrfTokenRepository(this.repository);
 		given(this.repository.loadToken(any())).willReturn(Mono.just(this.token));
 		given(this.repository.generateToken(any())).willReturn(Mono.just(this.token));
 		this.post = MockServerWebExchange
 				.from(MockServerHttpRequest.post("/").contentType(MediaType.APPLICATION_FORM_URLENCODED)
 						.body(this.token.getParameterName() + "=" + this.token.getToken()));
-
 		Mono<Void> result = this.csrfFilter.filter(this.post, this.chain);
-
 		StepVerifier.create(result).verifyComplete();
-
 		chainResult.assertWasSubscribed();
 	}
 
@@ -141,11 +125,8 @@ public class CsrfWebFilterTests {
 		given(this.repository.loadToken(any())).willReturn(Mono.just(this.token));
 		this.post = MockServerWebExchange.from(
 				MockServerHttpRequest.post("/").header(this.token.getHeaderName(), this.token.getToken() + "INVALID"));
-
 		Mono<Void> result = this.csrfFilter.filter(this.post, this.chain);
-
 		StepVerifier.create(result).verifyComplete();
-
 		assertThat(this.post.getResponse().getStatusCode()).isEqualTo(HttpStatus.FORBIDDEN);
 	}
 
@@ -153,17 +134,13 @@ public class CsrfWebFilterTests {
 	public void filterWhenPostAndEstablishedCsrfTokenAndHeaderValidTokenThenContinues() {
 		PublisherProbe<Void> chainResult = PublisherProbe.empty();
 		given(this.chain.filter(any())).willReturn(chainResult.mono());
-
 		this.csrfFilter.setCsrfTokenRepository(this.repository);
 		given(this.repository.loadToken(any())).willReturn(Mono.just(this.token));
 		given(this.repository.generateToken(any())).willReturn(Mono.just(this.token));
 		this.post = MockServerWebExchange
 				.from(MockServerHttpRequest.post("/").header(this.token.getHeaderName(), this.token.getToken()));
-
 		Mono<Void> result = this.csrfFilter.filter(this.post, this.chain);
-
 		StepVerifier.create(result).verifyComplete();
-
 		chainResult.assertWasSubscribed();
 	}
 
@@ -172,7 +149,6 @@ public class CsrfWebFilterTests {
 	public void matchesRequireCsrfProtectionWhenNonStandardHTTPMethodIsUsed() {
 		MockServerWebExchange nonStandardHttpExchange = MockServerWebExchange
 				.from(MockServerHttpRequest.method("non-standard-http-method", "/"));
-
 		ServerWebExchangeMatcher serverWebExchangeMatcher = CsrfWebFilter.DEFAULT_CSRF_MATCHER;
 		assertThat(serverWebExchangeMatcher.matches(nonStandardHttpExchange).map(MatchResult::isMatch).block())
 				.isTrue();
@@ -182,14 +158,11 @@ public class CsrfWebFilterTests {
 	public void doFilterWhenSkipExchangeInvokedThenSkips() {
 		PublisherProbe<Void> chainResult = PublisherProbe.empty();
 		given(this.chain.filter(any())).willReturn(chainResult.mono());
-
 		ServerWebExchangeMatcher matcher = mock(ServerWebExchangeMatcher.class);
 		this.csrfFilter.setRequireCsrfProtectionMatcher(matcher);
-
 		MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.post("/post").build());
 		CsrfWebFilter.skipExchange(exchange);
 		this.csrfFilter.filter(exchange, this.chain).block();
-
 		verifyZeroInteractions(matcher);
 	}
 
@@ -197,9 +170,7 @@ public class CsrfWebFilterTests {
 	public void filterWhenMultipartFormDataAndNotEnabledThenDenied() {
 		this.csrfFilter.setCsrfTokenRepository(this.repository);
 		given(this.repository.loadToken(any())).willReturn(Mono.just(this.token));
-
 		WebTestClient client = WebTestClient.bindToController(new OkController()).webFilter(this.csrfFilter).build();
-
 		client.post().uri("/").contentType(MediaType.MULTIPART_FORM_DATA)
 				.body(BodyInserters.fromMultipartData(this.token.getParameterName(), this.token.getToken())).exchange()
 				.expectStatus().isForbidden();
@@ -211,9 +182,7 @@ public class CsrfWebFilterTests {
 		this.csrfFilter.setTokenFromMultipartDataEnabled(true);
 		given(this.repository.loadToken(any())).willReturn(Mono.just(this.token));
 		given(this.repository.generateToken(any())).willReturn(Mono.just(this.token));
-
 		WebTestClient client = WebTestClient.bindToController(new OkController()).webFilter(this.csrfFilter).build();
-
 		client.post().uri("/").contentType(MediaType.MULTIPART_FORM_DATA)
 				.body(BodyInserters.fromMultipartData(this.token.getParameterName(), this.token.getToken())).exchange()
 				.expectStatus().is2xxSuccessful();
@@ -225,9 +194,7 @@ public class CsrfWebFilterTests {
 		this.csrfFilter.setTokenFromMultipartDataEnabled(true);
 		given(this.repository.loadToken(any())).willReturn(Mono.just(this.token));
 		given(this.repository.generateToken(any())).willReturn(Mono.just(this.token));
-
 		WebTestClient client = WebTestClient.bindToController(new OkController()).webFilter(this.csrfFilter).build();
-
 		client.post().uri("/").contentType(MediaType.APPLICATION_FORM_URLENCODED)
 				.bodyValue(this.token.getParameterName() + "=" + this.token.getToken()).exchange().expectStatus()
 				.is2xxSuccessful();
@@ -238,9 +205,7 @@ public class CsrfWebFilterTests {
 		this.csrfFilter.setCsrfTokenRepository(this.repository);
 		this.csrfFilter.setTokenFromMultipartDataEnabled(true);
 		given(this.repository.loadToken(any())).willReturn(Mono.just(this.token));
-
 		WebTestClient client = WebTestClient.bindToController(new OkController()).webFilter(this.csrfFilter).build();
-
 		client.post().uri("/").contentType(MediaType.MULTIPART_MIXED)
 				.bodyValue(this.token.getParameterName() + "=" + this.token.getToken()).exchange().expectStatus()
 				.isForbidden();
diff --git a/web/src/test/java/org/springframework/security/web/server/csrf/WebSessionServerCsrfTokenRepositoryTests.java b/web/src/test/java/org/springframework/security/web/server/csrf/WebSessionServerCsrfTokenRepositoryTests.java
index ba2cd59a9e..97adcbaece 100644
--- a/web/src/test/java/org/springframework/security/web/server/csrf/WebSessionServerCsrfTokenRepositoryTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/csrf/WebSessionServerCsrfTokenRepositoryTests.java
@@ -41,18 +41,14 @@ public class WebSessionServerCsrfTokenRepositoryTests {
 	@Test
 	public void generateTokenThenNoSession() {
 		Mono<CsrfToken> result = this.repository.generateToken(this.exchange);
-
 		Mono<Boolean> isSessionStarted = this.exchange.getSession().map(WebSession::isStarted);
-
 		StepVerifier.create(isSessionStarted).expectNext(false).verifyComplete();
 	}
 
 	@Test
 	public void generateTokenWhenSubscriptionThenNoSession() {
 		Mono<CsrfToken> result = this.repository.generateToken(this.exchange);
-
 		Mono<Boolean> isSessionStarted = this.exchange.getSession().map(WebSession::isStarted);
-
 		StepVerifier.create(isSessionStarted).expectNext(false).verifyComplete();
 	}
 
@@ -61,10 +57,8 @@ public class WebSessionServerCsrfTokenRepositoryTests {
 		Mono<CsrfToken> result = this.repository.generateToken(this.exchange)
 				.delayUntil((t) -> this.repository.saveToken(this.exchange, t));
 		result.block();
-
 		WebSession session = this.exchange.getSession().block();
 		Map<String, Object> attributes = session.getAttributes();
-
 		assertThat(session.isStarted()).isTrue();
 		assertThat(attributes).hasSize(1);
 		assertThat(attributes.values().iterator().next()).isInstanceOf(CsrfToken.class);
@@ -73,12 +67,9 @@ public class WebSessionServerCsrfTokenRepositoryTests {
 	@Test
 	public void saveTokenWhenNullThenDeletes() {
 		CsrfToken token = this.repository.generateToken(this.exchange).block();
-
 		Mono<Void> result = this.repository.saveToken(this.exchange, null);
 		StepVerifier.create(result).verifyComplete();
-
 		WebSession session = this.exchange.getSession().block();
-
 		assertThat(session.getAttributes()).isEmpty();
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/server/header/CacheControlServerHttpHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/server/header/CacheControlServerHttpHeadersWriterTests.java
index 4b7db815ec..6ff6384f58 100644
--- a/web/src/test/java/org/springframework/security/web/server/header/CacheControlServerHttpHeadersWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/header/CacheControlServerHttpHeadersWriterTests.java
@@ -42,7 +42,6 @@ public class CacheControlServerHttpHeadersWriterTests {
 	@Test
 	public void writeHeadersWhenCacheHeadersThenWritesAllCacheControl() {
 		this.writer.writeHttpHeaders(this.exchange);
-
 		assertThat(this.headers).hasSize(3);
 		assertThat(this.headers.get(HttpHeaders.CACHE_CONTROL))
 				.containsOnly(CacheControlServerHttpHeadersWriter.CACHE_CONTRTOL_VALUE);
@@ -54,11 +53,8 @@ public class CacheControlServerHttpHeadersWriterTests {
 	@Test
 	public void writeHeadersWhenCacheControlThenNoCacheControlHeaders() {
 		String cacheControl = "max-age=1234";
-
 		this.headers.set(HttpHeaders.CACHE_CONTROL, cacheControl);
-
 		this.writer.writeHttpHeaders(this.exchange);
-
 		assertThat(this.headers.get(HttpHeaders.CACHE_CONTROL)).containsOnly(cacheControl);
 	}
 
@@ -66,9 +62,7 @@ public class CacheControlServerHttpHeadersWriterTests {
 	public void writeHeadersWhenPragmaThenNoCacheControlHeaders() {
 		String pragma = "1";
 		this.headers.set(HttpHeaders.PRAGMA, pragma);
-
 		this.writer.writeHttpHeaders(this.exchange);
-
 		assertThat(this.headers).hasSize(1);
 		assertThat(this.headers.get(HttpHeaders.PRAGMA)).containsOnly(pragma);
 	}
@@ -77,9 +71,7 @@ public class CacheControlServerHttpHeadersWriterTests {
 	public void writeHeadersWhenExpiresThenNoCacheControlHeaders() {
 		String expires = "1";
 		this.headers.set(HttpHeaders.EXPIRES, expires);
-
 		this.writer.writeHttpHeaders(this.exchange);
-
 		assertThat(this.headers).hasSize(1);
 		assertThat(this.headers.get(HttpHeaders.EXPIRES)).containsOnly(expires);
 	}
@@ -88,9 +80,7 @@ public class CacheControlServerHttpHeadersWriterTests {
 	// gh-5534
 	public void writeHeadersWhenNotModifiedThenNoCacheControlHeaders() {
 		this.exchange.getResponse().setStatusCode(HttpStatus.NOT_MODIFIED);
-
 		this.writer.writeHttpHeaders(this.exchange);
-
 		assertThat(this.headers).isEmpty();
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/server/header/ClearSiteDataServerHttpHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/server/header/ClearSiteDataServerHttpHeadersWriterTests.java
index ff8a0c0020..fb2a9ec540 100644
--- a/web/src/test/java/org/springframework/security/web/server/header/ClearSiteDataServerHttpHeadersWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/header/ClearSiteDataServerHttpHeadersWriterTests.java
@@ -48,9 +48,7 @@ public class ClearSiteDataServerHttpHeadersWriterTests {
 		ClearSiteDataServerHttpHeadersWriter writer = new ClearSiteDataServerHttpHeadersWriter(Directive.ALL);
 		ServerWebExchange secureExchange = MockServerWebExchange
 				.from(MockServerHttpRequest.get("https://localhost").build());
-
 		writer.writeHttpHeaders(secureExchange);
-
 		assertThat(secureExchange.getResponse()).hasClearSiteDataHeaderDirectives(Directive.ALL);
 	}
 
@@ -58,9 +56,7 @@ public class ClearSiteDataServerHttpHeadersWriterTests {
 	public void writeHttpHeadersWhenInsecureConnectionThenHeaderNotWritten() {
 		ClearSiteDataServerHttpHeadersWriter writer = new ClearSiteDataServerHttpHeadersWriter(Directive.ALL);
 		ServerWebExchange insecureExchange = MockServerWebExchange.from(MockServerHttpRequest.get("/").build());
-
 		writer.writeHttpHeaders(insecureExchange);
-
 		assertThat(insecureExchange.getResponse()).doesNotHaveClearSiteDataHeaderSet();
 	}
 
@@ -70,9 +66,7 @@ public class ClearSiteDataServerHttpHeadersWriterTests {
 				Directive.COOKIES);
 		ServerWebExchange secureExchange = MockServerWebExchange
 				.from(MockServerHttpRequest.get("https://localhost").build());
-
 		writer.writeHttpHeaders(secureExchange);
-
 		assertThat(secureExchange.getResponse()).hasClearSiteDataHeaderDirectives(Directive.CACHE, Directive.COOKIES);
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/server/header/CompositeServerHttpHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/server/header/CompositeServerHttpHeadersWriterTests.java
index 9a72024092..c400c13a21 100644
--- a/web/src/test/java/org/springframework/security/web/server/header/CompositeServerHttpHeadersWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/header/CompositeServerHttpHeadersWriterTests.java
@@ -63,22 +63,16 @@ public class CompositeServerHttpHeadersWriterTests {
 	@Test
 	public void writeHttpHeadersWhenErrorNoErrorThenError() {
 		given(this.writer1.writeHttpHeaders(this.exchange)).willReturn(Mono.error(new RuntimeException()));
-
 		Mono<Void> result = this.writer.writeHttpHeaders(this.exchange);
-
 		StepVerifier.create(result).expectError().verify();
-
 		verify(this.writer1).writeHttpHeaders(this.exchange);
 	}
 
 	@Test
 	public void writeHttpHeadersWhenErrorErrorThenError() {
 		given(this.writer1.writeHttpHeaders(this.exchange)).willReturn(Mono.error(new RuntimeException()));
-
 		Mono<Void> result = this.writer.writeHttpHeaders(this.exchange);
-
 		StepVerifier.create(result).expectError().verify();
-
 		verify(this.writer1).writeHttpHeaders(this.exchange);
 	}
 
@@ -86,11 +80,8 @@ public class CompositeServerHttpHeadersWriterTests {
 	public void writeHttpHeadersWhenNoErrorThenNoError() {
 		given(this.writer1.writeHttpHeaders(this.exchange)).willReturn(Mono.empty());
 		given(this.writer2.writeHttpHeaders(this.exchange)).willReturn(Mono.empty());
-
 		Mono<Void> result = this.writer.writeHttpHeaders(this.exchange);
-
 		StepVerifier.create(result).expectComplete().verify();
-
 		verify(this.writer1).writeHttpHeaders(this.exchange);
 		verify(this.writer2).writeHttpHeaders(this.exchange);
 	}
@@ -106,9 +97,7 @@ public class CompositeServerHttpHeadersWriterTests {
 			assertThat(slowDone.get()).describedAs("ServerLogoutHandler should be executed sequentially").isTrue();
 		});
 		CompositeServerHttpHeadersWriter writer = new CompositeServerHttpHeadersWriter(slow, second);
-
 		writer.writeHttpHeaders(this.exchange).block();
-
 		assertThat(latch.await(3, TimeUnit.SECONDS)).isTrue();
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/server/header/ContentSecurityPolicyServerHttpHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/server/header/ContentSecurityPolicyServerHttpHeadersWriterTests.java
index 4c844d54cd..bc4a007c6b 100644
--- a/web/src/test/java/org/springframework/security/web/server/header/ContentSecurityPolicyServerHttpHeadersWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/header/ContentSecurityPolicyServerHttpHeadersWriterTests.java
@@ -48,7 +48,6 @@ public class ContentSecurityPolicyServerHttpHeadersWriterTests {
 	@Test
 	public void writeHeadersWhenUsingDefaultsThenDoesNotWrite() {
 		this.writer.writeHttpHeaders(this.exchange);
-
 		HttpHeaders headers = this.exchange.getResponse().getHeaders();
 		assertThat(headers).isEmpty();
 	}
@@ -57,7 +56,6 @@ public class ContentSecurityPolicyServerHttpHeadersWriterTests {
 	public void writeHeadersWhenUsingPolicyThenWritesPolicy() {
 		this.writer.setPolicyDirectives(DEFAULT_POLICY_DIRECTIVES);
 		this.writer.writeHttpHeaders(this.exchange);
-
 		HttpHeaders headers = this.exchange.getResponse().getHeaders();
 		assertThat(headers).hasSize(1);
 		assertThat(headers.get(ContentSecurityPolicyServerHttpHeadersWriter.CONTENT_SECURITY_POLICY))
@@ -69,7 +67,6 @@ public class ContentSecurityPolicyServerHttpHeadersWriterTests {
 		this.writer.setPolicyDirectives(DEFAULT_POLICY_DIRECTIVES);
 		this.writer.setReportOnly(true);
 		this.writer.writeHttpHeaders(this.exchange);
-
 		HttpHeaders headers = this.exchange.getResponse().getHeaders();
 		assertThat(headers).hasSize(1);
 		assertThat(headers.get(ContentSecurityPolicyServerHttpHeadersWriter.CONTENT_SECURITY_POLICY_REPORT_ONLY))
@@ -80,7 +77,6 @@ public class ContentSecurityPolicyServerHttpHeadersWriterTests {
 	public void writeHeadersWhenOnlyReportOnlySetThenDoesNotWrite() {
 		this.writer.setReportOnly(true);
 		this.writer.writeHttpHeaders(this.exchange);
-
 		HttpHeaders headers = this.exchange.getResponse().getHeaders();
 		assertThat(headers).isEmpty();
 	}
@@ -91,7 +87,6 @@ public class ContentSecurityPolicyServerHttpHeadersWriterTests {
 		this.exchange.getResponse().getHeaders()
 				.set(ContentSecurityPolicyServerHttpHeadersWriter.CONTENT_SECURITY_POLICY, headerValue);
 		this.writer.writeHttpHeaders(this.exchange);
-
 		HttpHeaders headers = this.exchange.getResponse().getHeaders();
 		assertThat(headers).hasSize(1);
 		assertThat(headers.get(ContentSecurityPolicyServerHttpHeadersWriter.CONTENT_SECURITY_POLICY))
diff --git a/web/src/test/java/org/springframework/security/web/server/header/FeaturePolicyServerHttpHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/server/header/FeaturePolicyServerHttpHeadersWriterTests.java
index 9195a1ad68..a0fd03f3ce 100644
--- a/web/src/test/java/org/springframework/security/web/server/header/FeaturePolicyServerHttpHeadersWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/header/FeaturePolicyServerHttpHeadersWriterTests.java
@@ -48,7 +48,6 @@ public class FeaturePolicyServerHttpHeadersWriterTests {
 	@Test
 	public void writeHeadersWhenUsingDefaultsThenDoesNotWrite() {
 		this.writer.writeHttpHeaders(this.exchange);
-
 		HttpHeaders headers = this.exchange.getResponse().getHeaders();
 		assertThat(headers).isEmpty();
 	}
@@ -57,7 +56,6 @@ public class FeaturePolicyServerHttpHeadersWriterTests {
 	public void writeHeadersWhenUsingPolicyThenWritesPolicy() {
 		this.writer.setPolicyDirectives(DEFAULT_POLICY_DIRECTIVES);
 		this.writer.writeHttpHeaders(this.exchange);
-
 		HttpHeaders headers = this.exchange.getResponse().getHeaders();
 		assertThat(headers).hasSize(1);
 		assertThat(headers.get(FeaturePolicyServerHttpHeadersWriter.FEATURE_POLICY))
@@ -70,7 +68,6 @@ public class FeaturePolicyServerHttpHeadersWriterTests {
 		String headerValue = "camera: 'self'";
 		this.exchange.getResponse().getHeaders().set(FeaturePolicyServerHttpHeadersWriter.FEATURE_POLICY, headerValue);
 		this.writer.writeHttpHeaders(this.exchange);
-
 		HttpHeaders headers = this.exchange.getResponse().getHeaders();
 		assertThat(headers).hasSize(1);
 		assertThat(headers.get(FeaturePolicyServerHttpHeadersWriter.FEATURE_POLICY)).containsOnly(headerValue);
diff --git a/web/src/test/java/org/springframework/security/web/server/header/HttpHeaderWriterWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/header/HttpHeaderWriterWebFilterTests.java
index 094f329b3b..b953e78c2f 100644
--- a/web/src/test/java/org/springframework/security/web/server/header/HttpHeaderWriterWebFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/header/HttpHeaderWriterWebFilterTests.java
@@ -55,22 +55,16 @@ public class HttpHeaderWriterWebFilterTests {
 	@Test
 	public void filterWhenCompleteThenWritten() {
 		WebTestClient rest = WebTestClientBuilder.bindToWebFilters(this.filter).build();
-
 		rest.get().uri("/foo").exchange();
-
 		verify(this.writer).writeHttpHeaders(any());
 	}
 
 	@Test
 	public void filterWhenNotCompleteThenNotWritten() {
 		WebTestHandler handler = WebTestHandler.bindToWebFilters(this.filter);
-
 		WebHandlerResult result = handler.exchange(MockServerHttpRequest.get("/foo"));
-
 		verify(this.writer, never()).writeHttpHeaders(any());
-
 		result.getExchange().getResponse().setComplete().block();
-
 		verify(this.writer).writeHttpHeaders(any());
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/server/header/ReferrerPolicyServerHttpHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/server/header/ReferrerPolicyServerHttpHeadersWriterTests.java
index 1f6a0a88a7..8502d1192a 100644
--- a/web/src/test/java/org/springframework/security/web/server/header/ReferrerPolicyServerHttpHeadersWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/header/ReferrerPolicyServerHttpHeadersWriterTests.java
@@ -47,7 +47,6 @@ public class ReferrerPolicyServerHttpHeadersWriterTests {
 	@Test
 	public void writeHeadersWhenUsingDefaultsThenDoesNotWrite() {
 		this.writer.writeHttpHeaders(this.exchange);
-
 		HttpHeaders headers = this.exchange.getResponse().getHeaders();
 		assertThat(headers).hasSize(1);
 		assertThat(headers.get(ReferrerPolicyServerHttpHeadersWriter.REFERRER_POLICY))
@@ -58,7 +57,6 @@ public class ReferrerPolicyServerHttpHeadersWriterTests {
 	public void writeHeadersWhenUsingPolicyThenWritesPolicy() {
 		this.writer.setPolicy(ReferrerPolicy.SAME_ORIGIN);
 		this.writer.writeHttpHeaders(this.exchange);
-
 		HttpHeaders headers = this.exchange.getResponse().getHeaders();
 		assertThat(headers).hasSize(1);
 		assertThat(headers.get(ReferrerPolicyServerHttpHeadersWriter.REFERRER_POLICY))
@@ -71,7 +69,6 @@ public class ReferrerPolicyServerHttpHeadersWriterTests {
 		this.exchange.getResponse().getHeaders().set(ReferrerPolicyServerHttpHeadersWriter.REFERRER_POLICY,
 				headerValue);
 		this.writer.writeHttpHeaders(this.exchange);
-
 		HttpHeaders headers = this.exchange.getResponse().getHeaders();
 		assertThat(headers).hasSize(1);
 		assertThat(headers.get(ReferrerPolicyServerHttpHeadersWriter.REFERRER_POLICY)).containsOnly(headerValue);
diff --git a/web/src/test/java/org/springframework/security/web/server/header/StaticServerHttpHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/server/header/StaticServerHttpHeadersWriterTests.java
index 94e98b9d7a..86809627fc 100644
--- a/web/src/test/java/org/springframework/security/web/server/header/StaticServerHttpHeadersWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/header/StaticServerHttpHeadersWriterTests.java
@@ -43,7 +43,6 @@ public class StaticServerHttpHeadersWriterTests {
 	@Test
 	public void writeHeadersWhenSingleHeaderThenWritesHeader() {
 		this.writer.writeHttpHeaders(this.exchange);
-
 		assertThat(this.headers.get(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS))
 				.containsOnly(ContentTypeOptionsServerHttpHeadersWriter.NOSNIFF);
 	}
@@ -52,9 +51,7 @@ public class StaticServerHttpHeadersWriterTests {
 	public void writeHeadersWhenSingleHeaderAndHeaderWrittenThenSuccess() {
 		String headerValue = "other";
 		this.headers.set(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS, headerValue);
-
 		this.writer.writeHttpHeaders(this.exchange);
-
 		assertThat(this.headers.get(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS))
 				.containsOnly(headerValue);
 	}
@@ -65,9 +62,7 @@ public class StaticServerHttpHeadersWriterTests {
 				.header(HttpHeaders.CACHE_CONTROL, CacheControlServerHttpHeadersWriter.CACHE_CONTRTOL_VALUE)
 				.header(HttpHeaders.PRAGMA, CacheControlServerHttpHeadersWriter.PRAGMA_VALUE)
 				.header(HttpHeaders.EXPIRES, CacheControlServerHttpHeadersWriter.EXPIRES_VALUE).build();
-
 		this.writer.writeHttpHeaders(this.exchange);
-
 		assertThat(this.headers.get(HttpHeaders.CACHE_CONTROL))
 				.containsOnly(CacheControlServerHttpHeadersWriter.CACHE_CONTRTOL_VALUE);
 		assertThat(this.headers.get(HttpHeaders.PRAGMA)).containsOnly(CacheControlServerHttpHeadersWriter.PRAGMA_VALUE);
@@ -79,14 +74,11 @@ public class StaticServerHttpHeadersWriterTests {
 	public void writeHeadersWhenMultiHeaderAndSingleWrittenThenNoHeadersOverridden() {
 		String headerValue = "other";
 		this.headers.set(HttpHeaders.CACHE_CONTROL, headerValue);
-
 		this.writer = StaticServerHttpHeadersWriter.builder()
 				.header(HttpHeaders.CACHE_CONTROL, CacheControlServerHttpHeadersWriter.CACHE_CONTRTOL_VALUE)
 				.header(HttpHeaders.PRAGMA, CacheControlServerHttpHeadersWriter.PRAGMA_VALUE)
 				.header(HttpHeaders.EXPIRES, CacheControlServerHttpHeadersWriter.EXPIRES_VALUE).build();
-
 		this.writer.writeHttpHeaders(this.exchange);
-
 		assertThat(this.headers).hasSize(1);
 		assertThat(this.headers.get(HttpHeaders.CACHE_CONTROL)).containsOnly(headerValue);
 	}
diff --git a/web/src/test/java/org/springframework/security/web/server/header/StrictTransportSecurityServerHttpHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/server/header/StrictTransportSecurityServerHttpHeadersWriterTests.java
index 351e3515c3..6f61d730d7 100644
--- a/web/src/test/java/org/springframework/security/web/server/header/StrictTransportSecurityServerHttpHeadersWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/header/StrictTransportSecurityServerHttpHeadersWriterTests.java
@@ -41,9 +41,7 @@ public class StrictTransportSecurityServerHttpHeadersWriterTests {
 	@Test
 	public void writeHttpHeadersWhenHttpsThenWrites() {
 		this.exchange = exchange(MockServerHttpRequest.get("https://example.com/"));
-
 		this.hsts.writeHttpHeaders(this.exchange);
-
 		HttpHeaders headers = this.exchange.getResponse().getHeaders();
 		assertThat(headers).hasSize(1);
 		assertThat(headers).containsEntry(StrictTransportSecurityServerHttpHeadersWriter.STRICT_TRANSPORT_SECURITY,
@@ -55,9 +53,7 @@ public class StrictTransportSecurityServerHttpHeadersWriterTests {
 		Duration maxAge = Duration.ofDays(1);
 		this.hsts.setMaxAge(maxAge);
 		this.exchange = exchange(MockServerHttpRequest.get("https://example.com/"));
-
 		this.hsts.writeHttpHeaders(this.exchange);
-
 		HttpHeaders headers = this.exchange.getResponse().getHeaders();
 		assertThat(headers).hasSize(1);
 		assertThat(headers).containsEntry(StrictTransportSecurityServerHttpHeadersWriter.STRICT_TRANSPORT_SECURITY,
@@ -68,9 +64,7 @@ public class StrictTransportSecurityServerHttpHeadersWriterTests {
 	public void writeHttpHeadersWhenCustomIncludeSubDomainsThenWrites() {
 		this.hsts.setIncludeSubDomains(false);
 		this.exchange = exchange(MockServerHttpRequest.get("https://example.com/"));
-
 		this.hsts.writeHttpHeaders(this.exchange);
-
 		HttpHeaders headers = this.exchange.getResponse().getHeaders();
 		assertThat(headers).hasSize(1);
 		assertThat(headers).containsEntry(StrictTransportSecurityServerHttpHeadersWriter.STRICT_TRANSPORT_SECURITY,
@@ -80,9 +74,7 @@ public class StrictTransportSecurityServerHttpHeadersWriterTests {
 	@Test
 	public void writeHttpHeadersWhenNullSchemeThenNoHeaders() {
 		this.exchange = exchange(MockServerHttpRequest.get("/"));
-
 		this.hsts.writeHttpHeaders(this.exchange);
-
 		HttpHeaders headers = this.exchange.getResponse().getHeaders();
 		assertThat(headers).isEmpty();
 	}
@@ -90,9 +82,7 @@ public class StrictTransportSecurityServerHttpHeadersWriterTests {
 	@Test
 	public void writeHttpHeadersWhenHttpThenNoHeaders() {
 		this.exchange = exchange(MockServerHttpRequest.get("http://localhost/"));
-
 		this.hsts.writeHttpHeaders(this.exchange);
-
 		HttpHeaders headers = this.exchange.getResponse().getHeaders();
 		assertThat(headers).isEmpty();
 	}
diff --git a/web/src/test/java/org/springframework/security/web/server/header/XContentTypeOptionsServerHttpHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/server/header/XContentTypeOptionsServerHttpHeadersWriterTests.java
index a6765baa97..15dcbd9892 100644
--- a/web/src/test/java/org/springframework/security/web/server/header/XContentTypeOptionsServerHttpHeadersWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/header/XContentTypeOptionsServerHttpHeadersWriterTests.java
@@ -40,7 +40,6 @@ public class XContentTypeOptionsServerHttpHeadersWriterTests {
 	@Test
 	public void writeHeadersWhenNoHeadersThenWriteHeaders() {
 		this.writer.writeHttpHeaders(this.exchange);
-
 		assertThat(this.headers).hasSize(1);
 		assertThat(this.headers.get(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS))
 				.containsOnly(ContentTypeOptionsServerHttpHeadersWriter.NOSNIFF);
@@ -50,9 +49,7 @@ public class XContentTypeOptionsServerHttpHeadersWriterTests {
 	public void writeHeadersWhenHeaderWrittenThenDoesNotOverrride() {
 		String headerValue = "value";
 		this.headers.set(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS, headerValue);
-
 		this.writer.writeHttpHeaders(this.exchange);
-
 		assertThat(this.headers).hasSize(1);
 		assertThat(this.headers.get(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS))
 				.containsOnly(headerValue);
diff --git a/web/src/test/java/org/springframework/security/web/server/header/XFrameOptionsServerHttpHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/server/header/XFrameOptionsServerHttpHeadersWriterTests.java
index 4c078b24ac..48e50ebae8 100644
--- a/web/src/test/java/org/springframework/security/web/server/header/XFrameOptionsServerHttpHeadersWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/header/XFrameOptionsServerHttpHeadersWriterTests.java
@@ -44,7 +44,6 @@ public class XFrameOptionsServerHttpHeadersWriterTests {
 	@Test
 	public void writeHeadersWhenUsingDefaultsThenWritesDeny() {
 		this.writer.writeHttpHeaders(this.exchange);
-
 		HttpHeaders headers = this.exchange.getResponse().getHeaders();
 		assertThat(headers).hasSize(1);
 		assertThat(headers.get(XFrameOptionsServerHttpHeadersWriter.X_FRAME_OPTIONS)).containsOnly("DENY");
@@ -53,9 +52,7 @@ public class XFrameOptionsServerHttpHeadersWriterTests {
 	@Test
 	public void writeHeadersWhenUsingExplicitDenyThenWritesDeny() {
 		this.writer.setMode(XFrameOptionsServerHttpHeadersWriter.Mode.DENY);
-
 		this.writer.writeHttpHeaders(this.exchange);
-
 		HttpHeaders headers = this.exchange.getResponse().getHeaders();
 		assertThat(headers).hasSize(1);
 		assertThat(headers.get(XFrameOptionsServerHttpHeadersWriter.X_FRAME_OPTIONS)).containsOnly("DENY");
@@ -64,9 +61,7 @@ public class XFrameOptionsServerHttpHeadersWriterTests {
 	@Test
 	public void writeHeadersWhenUsingSameOriginThenWritesSameOrigin() {
 		this.writer.setMode(XFrameOptionsServerHttpHeadersWriter.Mode.SAMEORIGIN);
-
 		this.writer.writeHttpHeaders(this.exchange);
-
 		HttpHeaders headers = this.exchange.getResponse().getHeaders();
 		assertThat(headers).hasSize(1);
 		assertThat(headers.get(XFrameOptionsServerHttpHeadersWriter.X_FRAME_OPTIONS)).containsOnly("SAMEORIGIN");
@@ -76,9 +71,7 @@ public class XFrameOptionsServerHttpHeadersWriterTests {
 	public void writeHeadersWhenAlreadyWrittenThenWritesHeader() {
 		String headerValue = "other";
 		this.exchange.getResponse().getHeaders().set(XFrameOptionsServerHttpHeadersWriter.X_FRAME_OPTIONS, headerValue);
-
 		this.writer.writeHttpHeaders(this.exchange);
-
 		HttpHeaders headers = this.exchange.getResponse().getHeaders();
 		assertThat(headers).hasSize(1);
 		assertThat(headers.get(XFrameOptionsServerHttpHeadersWriter.X_FRAME_OPTIONS)).containsOnly(headerValue);
diff --git a/web/src/test/java/org/springframework/security/web/server/header/XXssProtectionServerHttpHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/server/header/XXssProtectionServerHttpHeadersWriterTests.java
index 8e012d0721..f29a3397d7 100644
--- a/web/src/test/java/org/springframework/security/web/server/header/XXssProtectionServerHttpHeadersWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/header/XXssProtectionServerHttpHeadersWriterTests.java
@@ -40,7 +40,6 @@ public class XXssProtectionServerHttpHeadersWriterTests {
 	@Test
 	public void writeHeadersWhenNoHeadersThenWriteHeaders() {
 		this.writer.writeHttpHeaders(this.exchange);
-
 		assertThat(this.headers).hasSize(1);
 		assertThat(this.headers.get(XXssProtectionServerHttpHeadersWriter.X_XSS_PROTECTION))
 				.containsOnly("1 ; mode=block");
@@ -49,9 +48,7 @@ public class XXssProtectionServerHttpHeadersWriterTests {
 	@Test
 	public void writeHeadersWhenBlockFalseThenWriteHeaders() {
 		this.writer.setBlock(false);
-
 		this.writer.writeHttpHeaders(this.exchange);
-
 		assertThat(this.headers).hasSize(1);
 		assertThat(this.headers.get(XXssProtectionServerHttpHeadersWriter.X_XSS_PROTECTION)).containsOnly("1");
 	}
@@ -59,9 +56,7 @@ public class XXssProtectionServerHttpHeadersWriterTests {
 	@Test
 	public void writeHeadersWhenEnabledFalseThenWriteHeaders() {
 		this.writer.setEnabled(false);
-
 		this.writer.writeHttpHeaders(this.exchange);
-
 		assertThat(this.headers).hasSize(1);
 		assertThat(this.headers.get(XXssProtectionServerHttpHeadersWriter.X_XSS_PROTECTION)).containsOnly("0");
 	}
@@ -70,9 +65,7 @@ public class XXssProtectionServerHttpHeadersWriterTests {
 	public void writeHeadersWhenHeaderWrittenThenDoesNotOverrride() {
 		String headerValue = "value";
 		this.headers.set(XXssProtectionServerHttpHeadersWriter.X_XSS_PROTECTION, headerValue);
-
 		this.writer.writeHttpHeaders(this.exchange);
-
 		assertThat(this.headers).hasSize(1);
 		assertThat(this.headers.get(XXssProtectionServerHttpHeadersWriter.X_XSS_PROTECTION)).containsOnly(headerValue);
 	}
diff --git a/web/src/test/java/org/springframework/security/web/server/jackson2/DefaultCsrfServerTokenMixinTests.java b/web/src/test/java/org/springframework/security/web/server/jackson2/DefaultCsrfServerTokenMixinTests.java
index e5aaaa6d70..3a1a9f246e 100644
--- a/web/src/test/java/org/springframework/security/web/server/jackson2/DefaultCsrfServerTokenMixinTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/jackson2/DefaultCsrfServerTokenMixinTests.java
@@ -43,7 +43,6 @@ public class DefaultCsrfServerTokenMixinTests extends AbstractMixinTests {
 			+ "\"token\": \"1\""
 			+ "}";
 	// @formatter:on
-
 	@Test
 	public void defaultCsrfTokenSerializedTest() throws JsonProcessingException, JSONException {
 		DefaultCsrfToken token = new DefaultCsrfToken("csrf-header", "_csrf", "1");
diff --git a/web/src/test/java/org/springframework/security/web/server/savedrequest/CookieServerRequestCacheTests.java b/web/src/test/java/org/springframework/security/web/server/savedrequest/CookieServerRequestCacheTests.java
index 7bd21e0963..a80359be8e 100644
--- a/web/src/test/java/org/springframework/security/web/server/savedrequest/CookieServerRequestCacheTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/savedrequest/CookieServerRequestCacheTests.java
@@ -45,7 +45,6 @@ public class CookieServerRequestCacheTests {
 		MockServerWebExchange exchange = MockServerWebExchange
 				.from(MockServerHttpRequest.get("/secured/").accept(MediaType.TEXT_HTML));
 		this.cache.saveRequest(exchange).block();
-
 		MultiValueMap<String, ResponseCookie> cookies = exchange.getResponse().getCookies();
 		assertThat(cookies.size()).isEqualTo(1);
 		ResponseCookie cookie = cookies.getFirst("REDIRECT_URI");
@@ -60,7 +59,6 @@ public class CookieServerRequestCacheTests {
 		MockServerWebExchange exchange = MockServerWebExchange
 				.from(MockServerHttpRequest.get("/secured/").queryParam("key", "value").accept(MediaType.TEXT_HTML));
 		this.cache.saveRequest(exchange).block();
-
 		MultiValueMap<String, ResponseCookie> cookies = exchange.getResponse().getCookies();
 		assertThat(cookies.size()).isEqualTo(1);
 		ResponseCookie cookie = cookies.getFirst("REDIRECT_URI");
@@ -75,7 +73,6 @@ public class CookieServerRequestCacheTests {
 		MockServerWebExchange exchange = MockServerWebExchange
 				.from(MockServerHttpRequest.get("/favicon.png").accept(MediaType.TEXT_HTML));
 		this.cache.saveRequest(exchange).block();
-
 		MultiValueMap<String, ResponseCookie> cookies = exchange.getResponse().getCookies();
 		assertThat(cookies).isEmpty();
 	}
@@ -84,7 +81,6 @@ public class CookieServerRequestCacheTests {
 	public void saveRequestWhenPostRequestThenNoCookie() {
 		MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.post("/secured/"));
 		this.cache.saveRequest(exchange).block();
-
 		MultiValueMap<String, ResponseCookie> cookies = exchange.getResponse().getCookies();
 		assertThat(cookies).isEmpty();
 	}
@@ -94,11 +90,9 @@ public class CookieServerRequestCacheTests {
 		this.cache.setSaveRequestMatcher((e) -> ServerWebExchangeMatcher.MatchResult.match());
 		MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.post("/secured/"));
 		this.cache.saveRequest(exchange).block();
-
 		MultiValueMap<String, ResponseCookie> cookies = exchange.getResponse().getCookies();
 		ResponseCookie cookie = cookies.getFirst("REDIRECT_URI");
 		assertThat(cookie).isNotNull();
-
 		String encodedRedirectUrl = Base64.getEncoder().encodeToString("/secured/".getBytes());
 		assertThat(cookie.toString())
 				.isEqualTo("REDIRECT_URI=" + encodedRedirectUrl + "; Path=/; HttpOnly; SameSite=Lax");
@@ -109,9 +103,7 @@ public class CookieServerRequestCacheTests {
 		String encodedRedirectUrl = Base64.getEncoder().encodeToString("/secured/".getBytes());
 		MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/secured/")
 				.accept(MediaType.TEXT_HTML).cookie(new HttpCookie("REDIRECT_URI", encodedRedirectUrl)));
-
 		URI redirectUri = this.cache.getRedirectUri(exchange).block();
-
 		assertThat(redirectUri).isEqualTo(URI.create("/secured/"));
 	}
 
@@ -119,9 +111,7 @@ public class CookieServerRequestCacheTests {
 	public void getRedirectUriWhenCookieValueNotEncodedThenRedirectUriIsNull() {
 		MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/secured/")
 				.accept(MediaType.TEXT_HTML).cookie(new HttpCookie("REDIRECT_URI", "/secured/")));
-
 		URI redirectUri = this.cache.getRedirectUri(exchange).block();
-
 		assertThat(redirectUri).isNull();
 	}
 
@@ -129,9 +119,7 @@ public class CookieServerRequestCacheTests {
 	public void getRedirectUriWhenNoCookieThenRedirectUriIsNull() {
 		MockServerWebExchange exchange = MockServerWebExchange
 				.from(MockServerHttpRequest.get("/secured/").accept(MediaType.TEXT_HTML));
-
 		URI redirectUri = this.cache.getRedirectUri(exchange).block();
-
 		assertThat(redirectUri).isNull();
 	}
 
@@ -139,9 +127,7 @@ public class CookieServerRequestCacheTests {
 	public void removeMatchingRequestThenRedirectUriCookieExpired() {
 		MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/secured/")
 				.accept(MediaType.TEXT_HTML).cookie(new HttpCookie("REDIRECT_URI", "/secured/")));
-
 		this.cache.removeMatchingRequest(exchange).block();
-
 		MultiValueMap<String, ResponseCookie> cookies = exchange.getResponse().getCookies();
 		ResponseCookie cookie = cookies.getFirst("REDIRECT_URI");
 		assertThat(cookie).isNotNull();
diff --git a/web/src/test/java/org/springframework/security/web/server/savedrequest/ServerRequestCacheWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/savedrequest/ServerRequestCacheWebFilterTests.java
index 5652b680f0..82224c5432 100644
--- a/web/src/test/java/org/springframework/security/web/server/savedrequest/ServerRequestCacheWebFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/savedrequest/ServerRequestCacheWebFilterTests.java
@@ -70,9 +70,7 @@ public class ServerRequestCacheWebFilterTests {
 		ServerHttpRequest savedRequest = MockServerHttpRequest.get("/")
 				.header(HttpHeaders.ACCEPT, MediaType.TEXT_HTML.getType()).build();
 		given(this.requestCache.removeMatchingRequest(any())).willReturn(Mono.just(savedRequest));
-
 		this.requestCacheFilter.filter(exchange, this.chain).block();
-
 		verify(this.chain).filter(this.exchangeCaptor.capture());
 		ServerWebExchange updatedExchange = this.exchangeCaptor.getValue();
 		assertThat(updatedExchange.getRequest()).isEqualTo(savedRequest);
@@ -83,9 +81,7 @@ public class ServerRequestCacheWebFilterTests {
 		MockServerHttpRequest initialRequest = MockServerHttpRequest.get("/").build();
 		ServerWebExchange exchange = MockServerWebExchange.from(initialRequest);
 		given(this.requestCache.removeMatchingRequest(any())).willReturn(Mono.empty());
-
 		this.requestCacheFilter.filter(exchange, this.chain).block();
-
 		verify(this.chain).filter(this.exchangeCaptor.capture());
 		ServerWebExchange updatedExchange = this.exchangeCaptor.getValue();
 		assertThat(updatedExchange.getRequest()).isEqualTo(initialRequest);
diff --git a/web/src/test/java/org/springframework/security/web/server/savedrequest/WebSessionServerRequestCacheTests.java b/web/src/test/java/org/springframework/security/web/server/savedrequest/WebSessionServerRequestCacheTests.java
index 4f1c45a04b..35b2a95082 100644
--- a/web/src/test/java/org/springframework/security/web/server/savedrequest/WebSessionServerRequestCacheTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/savedrequest/WebSessionServerRequestCacheTests.java
@@ -41,9 +41,7 @@ public class WebSessionServerRequestCacheTests {
 		MockServerWebExchange exchange = MockServerWebExchange
 				.from(MockServerHttpRequest.get("/secured/").accept(MediaType.TEXT_HTML));
 		this.cache.saveRequest(exchange).block();
-
 		URI saved = this.cache.getRedirectUri(exchange).block();
-
 		assertThat(saved).isEqualTo(exchange.getRequest().getURI());
 	}
 
@@ -52,9 +50,7 @@ public class WebSessionServerRequestCacheTests {
 		MockServerWebExchange exchange = MockServerWebExchange
 				.from(MockServerHttpRequest.get("/secured/").queryParam("key", "value").accept(MediaType.TEXT_HTML));
 		this.cache.saveRequest(exchange).block();
-
 		URI saved = this.cache.getRedirectUri(exchange).block();
-
 		assertThat(saved).isEqualTo(exchange.getRequest().getURI());
 	}
 
@@ -63,9 +59,7 @@ public class WebSessionServerRequestCacheTests {
 		MockServerWebExchange exchange = MockServerWebExchange
 				.from(MockServerHttpRequest.get("/favicon.png").accept(MediaType.TEXT_HTML));
 		this.cache.saveRequest(exchange).block();
-
 		URI saved = this.cache.getRedirectUri(exchange).block();
-
 		assertThat(saved).isNull();
 	}
 
@@ -73,7 +67,6 @@ public class WebSessionServerRequestCacheTests {
 	public void saveRequestGetRequestWhenPostThenNotFound() {
 		MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.post("/secured/"));
 		this.cache.saveRequest(exchange).block();
-
 		assertThat(this.cache.getRedirectUri(exchange).block()).isNull();
 	}
 
@@ -82,9 +75,7 @@ public class WebSessionServerRequestCacheTests {
 		this.cache.setSaveRequestMatcher((e) -> ServerWebExchangeMatcher.MatchResult.match());
 		MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.post("/secured/"));
 		this.cache.saveRequest(exchange).block();
-
 		URI saved = this.cache.getRedirectUri(exchange).block();
-
 		assertThat(saved).isEqualTo(exchange.getRequest().getURI());
 	}
 
@@ -93,9 +84,7 @@ public class WebSessionServerRequestCacheTests {
 		MockServerWebExchange exchange = MockServerWebExchange
 				.from(MockServerHttpRequest.get("/secured/").accept(MediaType.TEXT_HTML));
 		this.cache.saveRequest(exchange).block();
-
 		ServerHttpRequest saved = this.cache.removeMatchingRequest(exchange).block();
-
 		assertThat(saved.getURI()).isEqualTo(exchange.getRequest().getURI());
 	}
 
@@ -103,9 +92,7 @@ public class WebSessionServerRequestCacheTests {
 	public void removeRequestGetRequestWhenDefaultThenNotFound() {
 		MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/secured/"));
 		this.cache.saveRequest(exchange).block();
-
 		this.cache.removeMatchingRequest(exchange).block();
-
 		assertThat(this.cache.getRedirectUri(exchange).block()).isNull();
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/server/transport/HttpsRedirectWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/transport/HttpsRedirectWebFilterTests.java
index dfff77d0a2..38cf2bf214 100644
--- a/web/src/test/java/org/springframework/security/web/server/transport/HttpsRedirectWebFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/transport/HttpsRedirectWebFilterTests.java
@@ -78,7 +78,6 @@ public class HttpsRedirectWebFilterTests {
 		given(matcher.matches(any(ServerWebExchange.class)))
 				.willReturn(ServerWebExchangeMatcher.MatchResult.notMatch());
 		this.filter.setRequiresHttpsRedirectMatcher(matcher);
-
 		ServerWebExchange exchange = get("http://localhost:8080");
 		this.filter.filter(exchange, this.chain).block();
 		assertThat(exchange.getResponse().getStatusCode()).isNull();
@@ -89,12 +88,10 @@ public class HttpsRedirectWebFilterTests {
 		ServerWebExchangeMatcher matcher = mock(ServerWebExchangeMatcher.class);
 		given(matcher.matches(any(ServerWebExchange.class))).willReturn(ServerWebExchangeMatcher.MatchResult.match());
 		this.filter.setRequiresHttpsRedirectMatcher(matcher);
-
 		ServerWebExchange exchange = get("http://localhost:8080");
 		this.filter.filter(exchange, this.chain).block();
 		assertThat(statusCode(exchange)).isEqualTo(302);
 		assertThat(redirectedUrl(exchange)).isEqualTo("https://localhost:8443");
-
 		verify(matcher).matches(any(ServerWebExchange.class));
 	}
 
@@ -103,12 +100,10 @@ public class HttpsRedirectWebFilterTests {
 		PortMapper portMapper = mock(PortMapper.class);
 		given(portMapper.lookupHttpsPort(314)).willReturn(159);
 		this.filter.setPortMapper(portMapper);
-
 		ServerWebExchange exchange = get("http://localhost:314");
 		this.filter.filter(exchange, this.chain).block();
 		assertThat(statusCode(exchange)).isEqualTo(302);
 		assertThat(redirectedUrl(exchange)).isEqualTo("https://localhost:159");
-
 		verify(portMapper).lookupHttpsPort(314);
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/server/ui/LoginPageGeneratingWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/ui/LoginPageGeneratingWebFilterTests.java
index 6bedbadcc9..ccade95ad8 100644
--- a/web/src/test/java/org/springframework/security/web/server/ui/LoginPageGeneratingWebFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/ui/LoginPageGeneratingWebFilterTests.java
@@ -30,12 +30,9 @@ public class LoginPageGeneratingWebFilterTests {
 	public void filterWhenLoginWithContextPathThenActionContainsContextPath() throws Exception {
 		LoginPageGeneratingWebFilter filter = new LoginPageGeneratingWebFilter();
 		filter.setFormLoginEnabled(true);
-
 		MockServerWebExchange exchange = MockServerWebExchange
 				.from(MockServerHttpRequest.get("/test/login").contextPath("/test"));
-
 		filter.filter(exchange, (e) -> Mono.empty()).block();
-
 		assertThat(exchange.getResponse().getBodyAsString().block()).contains("action=\"/test/login\"");
 	}
 
@@ -43,11 +40,8 @@ public class LoginPageGeneratingWebFilterTests {
 	public void filterWhenLoginWithNoContextPathThenActionDoesNotContainsContextPath() throws Exception {
 		LoginPageGeneratingWebFilter filter = new LoginPageGeneratingWebFilter();
 		filter.setFormLoginEnabled(true);
-
 		MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/login"));
-
 		filter.filter(exchange, (e) -> Mono.empty()).block();
-
 		assertThat(exchange.getResponse().getBodyAsString().block()).contains("action=\"/login\"");
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/server/util/matcher/AndServerWebExchangeMatcherTests.java b/web/src/test/java/org/springframework/security/web/server/util/matcher/AndServerWebExchangeMatcherTests.java
index 4c94122877..ab34e4928c 100644
--- a/web/src/test/java/org/springframework/security/web/server/util/matcher/AndServerWebExchangeMatcherTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/util/matcher/AndServerWebExchangeMatcherTests.java
@@ -61,14 +61,11 @@ public class AndServerWebExchangeMatcherTests {
 		Map<String, Object> params2 = Collections.singletonMap("x", "y");
 		given(this.matcher1.matches(this.exchange)).willReturn(ServerWebExchangeMatcher.MatchResult.match(params1));
 		given(this.matcher2.matches(this.exchange)).willReturn(ServerWebExchangeMatcher.MatchResult.match(params2));
-
 		ServerWebExchangeMatcher.MatchResult matches = this.matcher.matches(this.exchange).block();
-
 		assertThat(matches.isMatch()).isTrue();
 		assertThat(matches.getVariables()).hasSize(2);
 		assertThat(matches.getVariables()).containsAllEntriesOf(params1);
 		assertThat(matches.getVariables()).containsAllEntriesOf(params2);
-
 		verify(this.matcher1).matches(this.exchange);
 		verify(this.matcher2).matches(this.exchange);
 	}
@@ -76,12 +73,9 @@ public class AndServerWebExchangeMatcherTests {
 	@Test
 	public void matchesWhenFalseFalseThenFalseAndMatcher2NotInvoked() {
 		given(this.matcher1.matches(this.exchange)).willReturn(ServerWebExchangeMatcher.MatchResult.notMatch());
-
 		ServerWebExchangeMatcher.MatchResult matches = this.matcher.matches(this.exchange).block();
-
 		assertThat(matches.isMatch()).isFalse();
 		assertThat(matches.getVariables()).isEmpty();
-
 		verify(this.matcher1).matches(this.exchange);
 		verify(this.matcher2, never()).matches(this.exchange);
 	}
@@ -91,12 +85,9 @@ public class AndServerWebExchangeMatcherTests {
 		Map<String, Object> params = Collections.singletonMap("foo", "bar");
 		given(this.matcher1.matches(this.exchange)).willReturn(ServerWebExchangeMatcher.MatchResult.match(params));
 		given(this.matcher2.matches(this.exchange)).willReturn(ServerWebExchangeMatcher.MatchResult.notMatch());
-
 		ServerWebExchangeMatcher.MatchResult matches = this.matcher.matches(this.exchange).block();
-
 		assertThat(matches.isMatch()).isFalse();
 		assertThat(matches.getVariables()).isEmpty();
-
 		verify(this.matcher1).matches(this.exchange);
 		verify(this.matcher2).matches(this.exchange);
 	}
@@ -104,12 +95,9 @@ public class AndServerWebExchangeMatcherTests {
 	@Test
 	public void matchesWhenFalseTrueThenFalse() {
 		given(this.matcher1.matches(this.exchange)).willReturn(ServerWebExchangeMatcher.MatchResult.notMatch());
-
 		ServerWebExchangeMatcher.MatchResult matches = this.matcher.matches(this.exchange).block();
-
 		assertThat(matches.isMatch()).isFalse();
 		assertThat(matches.getVariables()).isEmpty();
-
 		verify(this.matcher1).matches(this.exchange);
 		verify(this.matcher2, never()).matches(this.exchange);
 	}
diff --git a/web/src/test/java/org/springframework/security/web/server/util/matcher/MediaTypeServerWebExchangeMatcherTests.java b/web/src/test/java/org/springframework/security/web/server/util/matcher/MediaTypeServerWebExchangeMatcherTests.java
index b01d0bd778..57b0fa3ba1 100644
--- a/web/src/test/java/org/springframework/security/web/server/util/matcher/MediaTypeServerWebExchangeMatcherTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/util/matcher/MediaTypeServerWebExchangeMatcherTests.java
@@ -64,7 +64,6 @@ public class MediaTypeServerWebExchangeMatcherTests {
 	public void matchWhenDefaultResolverAndAcceptEqualThenMatch() {
 		MediaType acceptType = MediaType.TEXT_HTML;
 		MediaTypeServerWebExchangeMatcher matcher = new MediaTypeServerWebExchangeMatcher(acceptType);
-
 		assertThat(matcher.matches(exchange(acceptType)).block().isMatch()).isTrue();
 	}
 
@@ -73,7 +72,6 @@ public class MediaTypeServerWebExchangeMatcherTests {
 		MediaType acceptType = MediaType.TEXT_HTML;
 		MediaTypeServerWebExchangeMatcher matcher = new MediaTypeServerWebExchangeMatcher(acceptType);
 		matcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL));
-
 		assertThat(matcher.matches(exchange(acceptType)).block().isMatch()).isTrue();
 	}
 
@@ -82,7 +80,6 @@ public class MediaTypeServerWebExchangeMatcherTests {
 		MediaType acceptType = MediaType.TEXT_HTML;
 		MediaTypeServerWebExchangeMatcher matcher = new MediaTypeServerWebExchangeMatcher(acceptType);
 		matcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL));
-
 		assertThat(matcher.matches(exchange(MediaType.ALL)).block().isMatch()).isFalse();
 	}
 
@@ -90,7 +87,6 @@ public class MediaTypeServerWebExchangeMatcherTests {
 	public void matchWhenDefaultResolverAndAcceptImpliedThenMatch() {
 		MediaTypeServerWebExchangeMatcher matcher = new MediaTypeServerWebExchangeMatcher(
 				MediaType.parseMediaTypes("text/*"));
-
 		assertThat(matcher.matches(exchange(MediaType.TEXT_HTML)).block().isMatch()).isTrue();
 	}
 
@@ -98,7 +94,6 @@ public class MediaTypeServerWebExchangeMatcherTests {
 	public void matchWhenDefaultResolverAndAcceptImpliedAndUseEqualsThenNotMatch() {
 		MediaTypeServerWebExchangeMatcher matcher = new MediaTypeServerWebExchangeMatcher(MediaType.ALL);
 		matcher.setUseEquals(true);
-
 		assertThat(matcher.matches(exchange(MediaType.TEXT_HTML)).block().isMatch()).isFalse();
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/server/util/matcher/NegatedServerWebExchangeMatcherTests.java b/web/src/test/java/org/springframework/security/web/server/util/matcher/NegatedServerWebExchangeMatcherTests.java
index 56684e0e01..8636ed1b1d 100644
--- a/web/src/test/java/org/springframework/security/web/server/util/matcher/NegatedServerWebExchangeMatcherTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/util/matcher/NegatedServerWebExchangeMatcherTests.java
@@ -51,24 +51,18 @@ public class NegatedServerWebExchangeMatcherTests {
 	@Test
 	public void matchesWhenFalseThenTrue() {
 		given(this.matcher1.matches(this.exchange)).willReturn(ServerWebExchangeMatcher.MatchResult.notMatch());
-
 		ServerWebExchangeMatcher.MatchResult matches = this.matcher.matches(this.exchange).block();
-
 		assertThat(matches.isMatch()).isTrue();
 		assertThat(matches.getVariables()).isEmpty();
-
 		verify(this.matcher1).matches(this.exchange);
 	}
 
 	@Test
 	public void matchesWhenTrueThenFalse() {
 		given(this.matcher1.matches(this.exchange)).willReturn(ServerWebExchangeMatcher.MatchResult.match());
-
 		ServerWebExchangeMatcher.MatchResult matches = this.matcher.matches(this.exchange).block();
-
 		assertThat(matches.isMatch()).isFalse();
 		assertThat(matches.getVariables()).isEmpty();
-
 		verify(this.matcher1).matches(this.exchange);
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/server/util/matcher/OrServerWebExchangeMatcherTests.java b/web/src/test/java/org/springframework/security/web/server/util/matcher/OrServerWebExchangeMatcherTests.java
index 2bdc51806a..ee9b08d81c 100644
--- a/web/src/test/java/org/springframework/security/web/server/util/matcher/OrServerWebExchangeMatcherTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/util/matcher/OrServerWebExchangeMatcherTests.java
@@ -59,12 +59,9 @@ public class OrServerWebExchangeMatcherTests {
 	public void matchesWhenFalseFalseThenFalse() {
 		given(this.matcher1.matches(this.exchange)).willReturn(ServerWebExchangeMatcher.MatchResult.notMatch());
 		given(this.matcher2.matches(this.exchange)).willReturn(ServerWebExchangeMatcher.MatchResult.notMatch());
-
 		ServerWebExchangeMatcher.MatchResult matches = this.matcher.matches(this.exchange).block();
-
 		assertThat(matches.isMatch()).isFalse();
 		assertThat(matches.getVariables()).isEmpty();
-
 		verify(this.matcher1).matches(this.exchange);
 		verify(this.matcher2).matches(this.exchange);
 	}
@@ -73,12 +70,9 @@ public class OrServerWebExchangeMatcherTests {
 	public void matchesWhenTrueFalseThenTrueAndMatcher2NotInvoked() {
 		Map<String, Object> params = Collections.singletonMap("foo", "bar");
 		given(this.matcher1.matches(this.exchange)).willReturn(ServerWebExchangeMatcher.MatchResult.match(params));
-
 		ServerWebExchangeMatcher.MatchResult matches = this.matcher.matches(this.exchange).block();
-
 		assertThat(matches.isMatch()).isTrue();
 		assertThat(matches.getVariables()).isEqualTo(params);
-
 		verify(this.matcher1).matches(this.exchange);
 		verify(this.matcher2, never()).matches(this.exchange);
 	}
@@ -88,12 +82,9 @@ public class OrServerWebExchangeMatcherTests {
 		Map<String, Object> params = Collections.singletonMap("foo", "bar");
 		given(this.matcher1.matches(this.exchange)).willReturn(ServerWebExchangeMatcher.MatchResult.notMatch());
 		given(this.matcher2.matches(this.exchange)).willReturn(ServerWebExchangeMatcher.MatchResult.match(params));
-
 		ServerWebExchangeMatcher.MatchResult matches = this.matcher.matches(this.exchange).block();
-
 		assertThat(matches.isMatch()).isTrue();
 		assertThat(matches.getVariables()).isEqualTo(params);
-
 		verify(this.matcher1).matches(this.exchange);
 		verify(this.matcher2).matches(this.exchange);
 	}
diff --git a/web/src/test/java/org/springframework/security/web/server/util/matcher/PathMatcherServerWebExchangeMatcherTests.java b/web/src/test/java/org/springframework/security/web/server/util/matcher/PathMatcherServerWebExchangeMatcherTests.java
index b44fa173bb..3bf61f4487 100644
--- a/web/src/test/java/org/springframework/security/web/server/util/matcher/PathMatcherServerWebExchangeMatcherTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/util/matcher/PathMatcherServerWebExchangeMatcherTests.java
@@ -62,7 +62,6 @@ public class PathMatcherServerWebExchangeMatcherTests {
 		DefaultWebSessionManager sessionManager = new DefaultWebSessionManager();
 		this.exchange = MockServerWebExchange.from(request);
 		this.path = "/path";
-
 		this.matcher = new PathPatternParserServerWebExchangeMatcher(this.pattern);
 	}
 
@@ -81,14 +80,12 @@ public class PathMatcherServerWebExchangeMatcherTests {
 		given(this.pattern.matches(any())).willReturn(true);
 		given(this.pattern.matchAndExtract(any())).willReturn(this.pathMatchInfo);
 		given(this.pathMatchInfo.getUriVariables()).willReturn(new HashMap<>());
-
 		assertThat(this.matcher.matches(this.exchange).block().isMatch()).isTrue();
 	}
 
 	@Test
 	public void matchesWhenPathMatcherFalseThenReturnFalse() {
 		given(this.pattern.matches(any())).willReturn(false);
-
 		assertThat(this.matcher.matches(this.exchange).block().isMatch()).isFalse();
 	}
 
@@ -99,7 +96,6 @@ public class PathMatcherServerWebExchangeMatcherTests {
 		given(this.pattern.matches(any())).willReturn(true);
 		given(this.pattern.matchAndExtract(any())).willReturn(this.pathMatchInfo);
 		given(this.pathMatchInfo.getUriVariables()).willReturn(new HashMap<>());
-
 		assertThat(this.matcher.matches(this.exchange).block().isMatch()).isTrue();
 	}
 
@@ -108,9 +104,7 @@ public class PathMatcherServerWebExchangeMatcherTests {
 		HttpMethod method = HttpMethod.OPTIONS;
 		assertThat(this.exchange.getRequest().getMethod()).isNotEqualTo(method);
 		this.matcher = new PathPatternParserServerWebExchangeMatcher(this.pattern, method);
-
 		assertThat(this.matcher.matches(this.exchange).block().isMatch()).isFalse();
-
 		verifyZeroInteractions(this.pattern);
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/server/util/matcher/ServerWebExchangeMatchersTests.java b/web/src/test/java/org/springframework/security/web/server/util/matcher/ServerWebExchangeMatchersTests.java
index 80f9430b94..62ceb878c2 100644
--- a/web/src/test/java/org/springframework/security/web/server/util/matcher/ServerWebExchangeMatchersTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/util/matcher/ServerWebExchangeMatchersTests.java
@@ -68,9 +68,7 @@ public class ServerWebExchangeMatchersTests {
 	@Test
 	public void anyExchangeWhenMockThenMatches() {
 		ServerWebExchange mockExchange = mock(ServerWebExchange.class);
-
 		assertThat(ServerWebExchangeMatchers.anyExchange().matches(mockExchange).block().isMatch()).isTrue();
-
 		verifyZeroInteractions(mockExchange);
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/servlet/support/csrf/CsrfRequestDataValueProcessorTests.java b/web/src/test/java/org/springframework/security/web/servlet/support/csrf/CsrfRequestDataValueProcessorTests.java
index b227f2ed86..4e97fec869 100644
--- a/web/src/test/java/org/springframework/security/web/servlet/support/csrf/CsrfRequestDataValueProcessorTests.java
+++ b/web/src/test/java/org/springframework/security/web/servlet/support/csrf/CsrfRequestDataValueProcessorTests.java
@@ -49,10 +49,8 @@ public class CsrfRequestDataValueProcessorTests {
 	public void setup() {
 		this.request = new MockHttpServletRequest();
 		this.processor = new CsrfRequestDataValueProcessor();
-
 		this.token = new DefaultCsrfToken("1", "a", "b");
 		this.request.setAttribute(CsrfToken.class.getName(), this.token);
-
 		this.expected.put(this.token.getParameterName(), this.token.getToken());
 	}
 
@@ -132,7 +130,6 @@ public class CsrfRequestDataValueProcessorTests {
 		this.request.setAttribute(CsrfToken.class.getName(), token);
 		Map<String, String> expected = new HashMap<>();
 		expected.put(token.getParameterName(), token.getToken());
-
 		RequestDataValueProcessor processor = new CsrfRequestDataValueProcessor();
 		assertThat(processor.getExtraHiddenFields(this.request)).isEqualTo(expected);
 	}
diff --git a/web/src/test/java/org/springframework/security/web/servlet/util/matcher/MvcRequestMatcherTests.java b/web/src/test/java/org/springframework/security/web/servlet/util/matcher/MvcRequestMatcherTests.java
index 867d3ff476..d579003787 100644
--- a/web/src/test/java/org/springframework/security/web/servlet/util/matcher/MvcRequestMatcherTests.java
+++ b/web/src/test/java/org/springframework/security/web/servlet/util/matcher/MvcRequestMatcherTests.java
@@ -73,7 +73,6 @@ public class MvcRequestMatcherTests {
 	public void extractUriTemplateVariablesSuccess() throws Exception {
 		this.matcher = new MvcRequestMatcher(this.introspector, "/{p}");
 		given(this.introspector.getMatchableHandlerMapping(this.request)).willReturn(null);
-
 		assertThat(this.matcher.extractUriTemplateVariables(this.request)).containsEntry("p", "path");
 		assertThat(this.matcher.matcher(this.request).getVariables()).containsEntry("p", "path");
 	}
@@ -83,7 +82,6 @@ public class MvcRequestMatcherTests {
 		given(this.result.extractUriTemplateVariables()).willReturn(Collections.<String, String>emptyMap());
 		given(this.introspector.getMatchableHandlerMapping(this.request)).willReturn(this.mapping);
 		given(this.mapping.match(eq(this.request), this.pattern.capture())).willReturn(this.result);
-
 		assertThat(this.matcher.extractUriTemplateVariables(this.request)).isEmpty();
 		assertThat(this.matcher.matcher(this.request).getVariables()).isEmpty();
 	}
@@ -92,7 +90,6 @@ public class MvcRequestMatcherTests {
 	public void extractUriTemplateVariablesDefaultSuccess() throws Exception {
 		this.matcher = new MvcRequestMatcher(this.introspector, "/{p}");
 		given(this.introspector.getMatchableHandlerMapping(this.request)).willReturn(null);
-
 		assertThat(this.matcher.extractUriTemplateVariables(this.request)).containsEntry("p", "path");
 		assertThat(this.matcher.matcher(this.request).getVariables()).containsEntry("p", "path");
 	}
@@ -101,7 +98,6 @@ public class MvcRequestMatcherTests {
 	public void extractUriTemplateVariablesDefaultFail() throws Exception {
 		this.matcher = new MvcRequestMatcher(this.introspector, "/nomatch/{p}");
 		given(this.introspector.getMatchableHandlerMapping(this.request)).willReturn(null);
-
 		assertThat(this.matcher.extractUriTemplateVariables(this.request)).isEmpty();
 		assertThat(this.matcher.matcher(this.request).getVariables()).isEmpty();
 	}
@@ -112,7 +108,6 @@ public class MvcRequestMatcherTests {
 		given(this.mapping.match(eq(this.request), this.pattern.capture())).willReturn(this.result);
 		this.matcher.setServletPath("/spring");
 		this.request.setServletPath("/spring");
-
 		assertThat(this.matcher.matches(this.request)).isTrue();
 		assertThat(this.pattern.getValue()).isEqualTo("/path");
 	}
@@ -121,7 +116,6 @@ public class MvcRequestMatcherTests {
 	public void matchesServletPathFalse() {
 		this.matcher.setServletPath("/spring");
 		this.request.setServletPath("/");
-
 		assertThat(this.matcher.matches(this.request)).isFalse();
 	}
 
@@ -129,7 +123,6 @@ public class MvcRequestMatcherTests {
 	public void matchesPathOnlyTrue() throws Exception {
 		given(this.introspector.getMatchableHandlerMapping(this.request)).willReturn(this.mapping);
 		given(this.mapping.match(eq(this.request), this.pattern.capture())).willReturn(this.result);
-
 		assertThat(this.matcher.matches(this.request)).isTrue();
 		assertThat(this.pattern.getValue()).isEqualTo("/path");
 	}
@@ -137,7 +130,6 @@ public class MvcRequestMatcherTests {
 	@Test
 	public void matchesDefaultMatches() throws Exception {
 		given(this.introspector.getMatchableHandlerMapping(this.request)).willReturn(null);
-
 		assertThat(this.matcher.matches(this.request)).isTrue();
 	}
 
@@ -145,14 +137,12 @@ public class MvcRequestMatcherTests {
 	public void matchesDefaultDoesNotMatch() throws Exception {
 		this.request.setServletPath("/other");
 		given(this.introspector.getMatchableHandlerMapping(this.request)).willReturn(null);
-
 		assertThat(this.matcher.matches(this.request)).isFalse();
 	}
 
 	@Test
 	public void matchesPathOnlyFalse() throws Exception {
 		given(this.introspector.getMatchableHandlerMapping(this.request)).willReturn(this.mapping);
-
 		assertThat(this.matcher.matches(this.request)).isFalse();
 	}
 
@@ -161,7 +151,6 @@ public class MvcRequestMatcherTests {
 		this.matcher.setMethod(HttpMethod.GET);
 		given(this.introspector.getMatchableHandlerMapping(this.request)).willReturn(this.mapping);
 		given(this.mapping.match(eq(this.request), this.pattern.capture())).willReturn(this.result);
-
 		assertThat(this.matcher.matches(this.request)).isTrue();
 		assertThat(this.pattern.getValue()).isEqualTo("/path");
 	}
@@ -169,7 +158,6 @@ public class MvcRequestMatcherTests {
 	@Test
 	public void matchesMethodAndPathFalseMethod() {
 		this.matcher.setMethod(HttpMethod.POST);
-
 		assertThat(this.matcher.matches(this.request)).isFalse();
 		// method compare should be done first since faster
 		verifyZeroInteractions(this.introspector);
@@ -184,7 +172,6 @@ public class MvcRequestMatcherTests {
 	public void matchesInvalidMethodOnRequest() {
 		this.matcher.setMethod(HttpMethod.GET);
 		this.request.setMethod("invalid");
-
 		assertThat(this.matcher.matches(this.request)).isFalse();
 		// method compare should be done first since faster
 		verifyZeroInteractions(this.introspector);
@@ -194,7 +181,6 @@ public class MvcRequestMatcherTests {
 	public void matchesMethodAndPathFalsePath() throws Exception {
 		this.matcher.setMethod(HttpMethod.GET);
 		given(this.introspector.getMatchableHandlerMapping(this.request)).willReturn(this.mapping);
-
 		assertThat(this.matcher.matches(this.request)).isFalse();
 	}
 
@@ -214,21 +200,18 @@ public class MvcRequestMatcherTests {
 	public void toStringWhenAll() {
 		this.matcher.setMethod(HttpMethod.GET);
 		this.matcher.setServletPath("/spring");
-
 		assertThat(this.matcher.toString()).isEqualTo("Mvc [pattern='/path', servletPath='/spring', GET]");
 	}
 
 	@Test
 	public void toStringWhenHttpMethod() {
 		this.matcher.setMethod(HttpMethod.GET);
-
 		assertThat(this.matcher.toString()).isEqualTo("Mvc [pattern='/path', GET]");
 	}
 
 	@Test
 	public void toStringWhenServletPath() {
 		this.matcher.setServletPath("/spring");
-
 		assertThat(this.matcher.toString()).isEqualTo("Mvc [pattern='/path', servletPath='/spring']");
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestFilterTests.java b/web/src/test/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestFilterTests.java
index 8721b35d2e..0f59497165 100644
--- a/web/src/test/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestFilterTests.java
@@ -116,15 +116,11 @@ public class SecurityContextHolderAwareRequestFilterTests {
 	@Test
 	public void expectedRequestWrapperClassIsUsed() throws Exception {
 		this.filter.setRolePrefix("ROLE_");
-
 		this.filter.doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(), this.filterChain);
-
 		// Now re-execute the filter, ensuring our replacement wrapper is still used
 		this.filter.doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(), this.filterChain);
-
 		verify(this.filterChain, times(2)).doFilter(any(SecurityContextHolderAwareRequestWrapper.class),
 				any(HttpServletResponse.class));
-
 		this.filter.destroy();
 	}
 
@@ -141,7 +137,6 @@ public class SecurityContextHolderAwareRequestFilterTests {
 	public void authenticateTrue() throws Exception {
 		SecurityContextHolder.getContext()
 				.setAuthentication(new TestingAuthenticationToken("test", "password", "ROLE_USER"));
-
 		assertThat(wrappedRequest().authenticate(this.response)).isTrue();
 		verifyZeroInteractions(this.authenticationEntryPoint, this.authenticationManager, this.logoutHandler);
 		verify(this.request, times(0)).authenticate(any(HttpServletResponse.class));
@@ -151,7 +146,6 @@ public class SecurityContextHolderAwareRequestFilterTests {
 	public void authenticateNullEntryPointFalse() throws Exception {
 		this.filter.setAuthenticationEntryPoint(null);
 		this.filter.afterPropertiesSet();
-
 		assertThat(wrappedRequest().authenticate(this.response)).isFalse();
 		verify(this.request).authenticate(this.response);
 		verifyZeroInteractions(this.authenticationEntryPoint, this.authenticationManager, this.logoutHandler);
@@ -162,7 +156,6 @@ public class SecurityContextHolderAwareRequestFilterTests {
 		given(this.request.authenticate(this.response)).willReturn(true);
 		this.filter.setAuthenticationEntryPoint(null);
 		this.filter.afterPropertiesSet();
-
 		assertThat(wrappedRequest().authenticate(this.response)).isTrue();
 		verify(this.request).authenticate(this.response);
 		verifyZeroInteractions(this.authenticationEntryPoint, this.authenticationManager, this.logoutHandler);
@@ -173,9 +166,7 @@ public class SecurityContextHolderAwareRequestFilterTests {
 		TestingAuthenticationToken expectedAuth = new TestingAuthenticationToken("user", "password", "ROLE_USER");
 		given(this.authenticationManager.authenticate(any(UsernamePasswordAuthenticationToken.class)))
 				.willReturn(expectedAuth);
-
 		wrappedRequest().login(expectedAuth.getName(), String.valueOf(expectedAuth.getCredentials()));
-
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(expectedAuth);
 		verifyZeroInteractions(this.authenticationEntryPoint, this.logoutHandler);
 		verify(this.request, times(0)).login(anyString(), anyString());
@@ -188,7 +179,6 @@ public class SecurityContextHolderAwareRequestFilterTests {
 		given(this.authenticationManager.authenticate(any(UsernamePasswordAuthenticationToken.class)))
 				.willReturn(new TestingAuthenticationToken("newuser", "not be found", "ROLE_USER"));
 		SecurityContextHolder.getContext().setAuthentication(expectedAuth);
-
 		try {
 			wrappedRequest().login(expectedAuth.getName(), String.valueOf(expectedAuth.getCredentials()));
 			fail("Expected Exception");
@@ -205,7 +195,6 @@ public class SecurityContextHolderAwareRequestFilterTests {
 		AuthenticationException authException = new BadCredentialsException("Invalid");
 		given(this.authenticationManager.authenticate(any(UsernamePasswordAuthenticationToken.class)))
 				.willThrow(authException);
-
 		try {
 			wrappedRequest().login("invalid", "credentials");
 			fail("Expected Exception");
@@ -214,7 +203,6 @@ public class SecurityContextHolderAwareRequestFilterTests {
 			assertThat(success.getCause()).isEqualTo(authException);
 		}
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
-
 		verifyZeroInteractions(this.authenticationEntryPoint, this.logoutHandler);
 		verify(this.request, times(0)).login(anyString(), anyString());
 	}
@@ -223,12 +211,9 @@ public class SecurityContextHolderAwareRequestFilterTests {
 	public void loginNullAuthenticationManager() throws Exception {
 		this.filter.setAuthenticationManager(null);
 		this.filter.afterPropertiesSet();
-
 		String username = "username";
 		String password = "password";
-
 		wrappedRequest().login(username, password);
-
 		verify(this.request).login(username, password);
 		verifyZeroInteractions(this.authenticationEntryPoint, this.authenticationManager, this.logoutHandler);
 	}
@@ -237,12 +222,10 @@ public class SecurityContextHolderAwareRequestFilterTests {
 	public void loginNullAuthenticationManagerFail() throws Exception {
 		this.filter.setAuthenticationManager(null);
 		this.filter.afterPropertiesSet();
-
 		String username = "username";
 		String password = "password";
 		ServletException authException = new ServletException("Failed Login");
 		willThrow(authException).given(this.request).login(username, password);
-
 		try {
 			wrappedRequest().login(username, password);
 			fail("Expected Exception");
@@ -250,7 +233,6 @@ public class SecurityContextHolderAwareRequestFilterTests {
 		catch (ServletException success) {
 			assertThat(success).isEqualTo(authException);
 		}
-
 		verifyZeroInteractions(this.authenticationEntryPoint, this.authenticationManager, this.logoutHandler);
 	}
 
@@ -258,10 +240,8 @@ public class SecurityContextHolderAwareRequestFilterTests {
 	public void logout() throws Exception {
 		TestingAuthenticationToken expectedAuth = new TestingAuthenticationToken("user", "password", "ROLE_USER");
 		SecurityContextHolder.getContext().setAuthentication(expectedAuth);
-
 		HttpServletRequest wrappedRequest = wrappedRequest();
 		wrappedRequest.logout();
-
 		verify(this.logoutHandler).logout(wrappedRequest, this.response, expectedAuth);
 		verifyZeroInteractions(this.authenticationManager, this.logoutHandler);
 		verify(this.request, times(0)).logout();
@@ -271,9 +251,7 @@ public class SecurityContextHolderAwareRequestFilterTests {
 	public void logoutNullLogoutHandler() throws Exception {
 		this.filter.setLogoutHandlers(null);
 		this.filter.afterPropertiesSet();
-
 		wrappedRequest().logout();
-
 		verify(this.request).logout();
 		verifyZeroInteractions(this.authenticationEntryPoint, this.authenticationManager, this.logoutHandler);
 	}
@@ -295,9 +273,7 @@ public class SecurityContextHolderAwareRequestFilterTests {
 		given(this.request.getAsyncContext()).willReturn(asyncContext);
 		Runnable runnable = () -> {
 		};
-
 		wrappedRequest().getAsyncContext().start(runnable);
-
 		verifyZeroInteractions(this.authenticationManager, this.logoutHandler);
 		verify(asyncContext).start(runnableCaptor.capture());
 		DelegatingSecurityContextRunnable wrappedRunnable = (DelegatingSecurityContextRunnable) runnableCaptor
@@ -317,9 +293,7 @@ public class SecurityContextHolderAwareRequestFilterTests {
 		given(this.request.startAsync()).willReturn(asyncContext);
 		Runnable runnable = () -> {
 		};
-
 		wrappedRequest().startAsync().start(runnable);
-
 		verifyZeroInteractions(this.authenticationManager, this.logoutHandler);
 		verify(asyncContext).start(runnableCaptor.capture());
 		DelegatingSecurityContextRunnable wrappedRunnable = (DelegatingSecurityContextRunnable) runnableCaptor
@@ -339,9 +313,7 @@ public class SecurityContextHolderAwareRequestFilterTests {
 		given(this.request.startAsync(this.request, this.response)).willReturn(asyncContext);
 		Runnable runnable = () -> {
 		};
-
 		wrappedRequest().startAsync(this.request, this.response).start(runnable);
-
 		verifyZeroInteractions(this.authenticationManager, this.logoutHandler);
 		verify(asyncContext).start(runnableCaptor.capture());
 		DelegatingSecurityContextRunnable wrappedRunnable = (DelegatingSecurityContextRunnable) runnableCaptor
@@ -356,14 +328,12 @@ public class SecurityContextHolderAwareRequestFilterTests {
 		SecurityContextHolder.getContext()
 				.setAuthentication(new TestingAuthenticationToken("user", "password", "PREFIX_USER"));
 		this.filter.setRolePrefix("PREFIX_");
-
 		assertThat(wrappedRequest().isUserInRole("PREFIX_USER")).isTrue();
 	}
 
 	private HttpServletRequest wrappedRequest() throws Exception {
 		this.filter.doFilter(this.request, this.response, this.filterChain);
 		verify(this.filterChain).doFilter(this.requestCaptor.capture(), any(HttpServletResponse.class));
-
 		return this.requestCaptor.getValue();
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestWrapperTests.java b/web/src/test/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestWrapperTests.java
index d15db55802..f7df38e78b 100644
--- a/web/src/test/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestWrapperTests.java
+++ b/web/src/test/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestWrapperTests.java
@@ -44,12 +44,9 @@ public class SecurityContextHolderAwareRequestWrapperTests {
 	public void testCorrectOperationWithStringBasedPrincipal() {
 		Authentication auth = new TestingAuthenticationToken("rod", "koala", "ROLE_FOO");
 		SecurityContextHolder.getContext().setAuthentication(auth);
-
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setRequestURI("/");
-
 		SecurityContextHolderAwareRequestWrapper wrapper = new SecurityContextHolderAwareRequestWrapper(request, "");
-
 		assertThat(wrapper.getRemoteUser()).isEqualTo("rod");
 		assertThat(wrapper.isUserInRole("ROLE_FOO")).isTrue();
 		assertThat(wrapper.isUserInRole("ROLE_NOT_GRANTED")).isFalse();
@@ -60,13 +57,10 @@ public class SecurityContextHolderAwareRequestWrapperTests {
 	public void testUseOfRolePrefixMeansItIsntNeededWhenCallngIsUserInRole() {
 		Authentication auth = new TestingAuthenticationToken("rod", "koala", "ROLE_FOO");
 		SecurityContextHolder.getContext().setAuthentication(auth);
-
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setRequestURI("/");
-
 		SecurityContextHolderAwareRequestWrapper wrapper = new SecurityContextHolderAwareRequestWrapper(request,
 				"ROLE_");
-
 		assertThat(wrapper.isUserInRole("FOO")).isTrue();
 	}
 
@@ -76,12 +70,9 @@ public class SecurityContextHolderAwareRequestWrapperTests {
 				new User("rodAsUserDetails", "koala", true, true, true, true, AuthorityUtils.NO_AUTHORITIES), "koala",
 				"ROLE_HELLO", "ROLE_FOOBAR");
 		SecurityContextHolder.getContext().setAuthentication(auth);
-
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setRequestURI("/");
-
 		SecurityContextHolderAwareRequestWrapper wrapper = new SecurityContextHolderAwareRequestWrapper(request, "");
-
 		assertThat(wrapper.getRemoteUser()).isEqualTo("rodAsUserDetails");
 		assertThat(wrapper.isUserInRole("ROLE_FOO")).isFalse();
 		assertThat(wrapper.isUserInRole("ROLE_NOT_GRANTED")).isFalse();
@@ -93,10 +84,8 @@ public class SecurityContextHolderAwareRequestWrapperTests {
 	@Test
 	public void testRoleIsntHeldIfAuthenticationIsNull() {
 		SecurityContextHolder.getContext().setAuthentication(null);
-
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setRequestURI("/");
-
 		SecurityContextHolderAwareRequestWrapper wrapper = new SecurityContextHolderAwareRequestWrapper(request, "");
 		assertThat(wrapper.getRemoteUser()).isNull();
 		assertThat(wrapper.isUserInRole("ROLE_ANY")).isFalse();
@@ -107,12 +96,9 @@ public class SecurityContextHolderAwareRequestWrapperTests {
 	public void testRolesArentHeldIfAuthenticationPrincipalIsNull() {
 		Authentication auth = new TestingAuthenticationToken(null, "koala", "ROLE_HELLO", "ROLE_FOOBAR");
 		SecurityContextHolder.getContext().setAuthentication(auth);
-
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setRequestURI("/");
-
 		SecurityContextHolderAwareRequestWrapper wrapper = new SecurityContextHolderAwareRequestWrapper(request, "");
-
 		assertThat(wrapper.getRemoteUser()).isNull();
 		assertThat(wrapper.isUserInRole("ROLE_HELLO")).isFalse(); // principal is null, so
 																	// reject
@@ -125,12 +111,9 @@ public class SecurityContextHolderAwareRequestWrapperTests {
 	public void testRolePrefix() {
 		Authentication auth = new TestingAuthenticationToken("user", "koala", "ROLE_HELLO", "ROLE_FOOBAR");
 		SecurityContextHolder.getContext().setAuthentication(auth);
-
 		MockHttpServletRequest request = new MockHttpServletRequest();
-
 		SecurityContextHolderAwareRequestWrapper wrapper = new SecurityContextHolderAwareRequestWrapper(request,
 				"ROLE_");
-
 		assertThat(wrapper.isUserInRole("HELLO")).isTrue();
 		assertThat(wrapper.isUserInRole("FOOBAR")).isTrue();
 	}
@@ -140,12 +123,9 @@ public class SecurityContextHolderAwareRequestWrapperTests {
 	public void testRolePrefixNotAppliedIfRoleStartsWith() {
 		Authentication auth = new TestingAuthenticationToken("user", "koala", "ROLE_HELLO", "ROLE_FOOBAR");
 		SecurityContextHolder.getContext().setAuthentication(auth);
-
 		MockHttpServletRequest request = new MockHttpServletRequest();
-
 		SecurityContextHolderAwareRequestWrapper wrapper = new SecurityContextHolderAwareRequestWrapper(request,
 				"ROLE_");
-
 		assertThat(wrapper.isUserInRole("ROLE_HELLO")).isTrue();
 		assertThat(wrapper.isUserInRole("ROLE_FOOBAR")).isTrue();
 	}
diff --git a/web/src/test/java/org/springframework/security/web/session/DefaultSessionAuthenticationStrategyTests.java b/web/src/test/java/org/springframework/security/web/session/DefaultSessionAuthenticationStrategyTests.java
index 6754bc5701..558fdce2c5 100644
--- a/web/src/test/java/org/springframework/security/web/session/DefaultSessionAuthenticationStrategyTests.java
+++ b/web/src/test/java/org/springframework/security/web/session/DefaultSessionAuthenticationStrategyTests.java
@@ -43,9 +43,7 @@ public class DefaultSessionAuthenticationStrategyTests {
 	public void newSessionShouldNotBeCreatedIfNoSessionExistsAndAlwaysCreateIsFalse() {
 		SessionFixationProtectionStrategy strategy = new SessionFixationProtectionStrategy();
 		HttpServletRequest request = new MockHttpServletRequest();
-
 		strategy.onAuthentication(mock(Authentication.class), request, new MockHttpServletResponse());
-
 		assertThat(request.getSession(false)).isNull();
 	}
 
@@ -54,9 +52,7 @@ public class DefaultSessionAuthenticationStrategyTests {
 		SessionFixationProtectionStrategy strategy = new SessionFixationProtectionStrategy();
 		HttpServletRequest request = new MockHttpServletRequest();
 		String sessionId = request.getSession().getId();
-
 		strategy.onAuthentication(mock(Authentication.class), request, new MockHttpServletResponse());
-
 		assertThat(sessionId.equals(request.getSession().getId())).isFalse();
 	}
 
@@ -69,21 +65,15 @@ public class DefaultSessionAuthenticationStrategyTests {
 		session.setAttribute("blah", "blah");
 		session.setAttribute("SPRING_SECURITY_SAVED_REQUEST_KEY", "DefaultSavedRequest");
 		String oldSessionId = session.getId();
-
 		ApplicationEventPublisher eventPublisher = mock(ApplicationEventPublisher.class);
 		strategy.setApplicationEventPublisher(eventPublisher);
-
 		Authentication mockAuthentication = mock(Authentication.class);
-
 		strategy.onAuthentication(mockAuthentication, request, new MockHttpServletResponse());
-
 		ArgumentCaptor<ApplicationEvent> eventArgumentCaptor = ArgumentCaptor.forClass(ApplicationEvent.class);
 		verify(eventPublisher).publishEvent(eventArgumentCaptor.capture());
-
 		assertThat(oldSessionId.equals(request.getSession().getId())).isFalse();
 		assertThat(request.getSession().getAttribute("blah")).isNotNull();
 		assertThat(request.getSession().getAttribute("SPRING_SECURITY_SAVED_REQUEST_KEY")).isNotNull();
-
 		assertThat(eventArgumentCaptor.getValue()).isNotNull();
 		assertThat(eventArgumentCaptor.getValue() instanceof SessionFixationProtectionEvent).isTrue();
 		SessionFixationProtectionEvent event = (SessionFixationProtectionEvent) eventArgumentCaptor.getValue();
@@ -101,9 +91,7 @@ public class DefaultSessionAuthenticationStrategyTests {
 		HttpSession session = request.getSession();
 		session.setAttribute("blah", "blah");
 		session.setAttribute("SPRING_SECURITY_SAVED_REQUEST_KEY", "DefaultSavedRequest");
-
 		strategy.onAuthentication(mock(Authentication.class), request, new MockHttpServletResponse());
-
 		assertThat(request.getSession().getAttribute("blah")).isNull();
 		assertThat(request.getSession().getAttribute("SPRING_SECURITY_SAVED_REQUEST_KEY")).isNotNull();
 	}
@@ -118,20 +106,14 @@ public class DefaultSessionAuthenticationStrategyTests {
 		session.setAttribute("blah", "blah");
 		session.setAttribute("SPRING_SECURITY_SAVED_REQUEST_KEY", "DefaultSavedRequest");
 		String oldSessionId = session.getId();
-
 		ApplicationEventPublisher eventPublisher = mock(ApplicationEventPublisher.class);
 		strategy.setApplicationEventPublisher(eventPublisher);
-
 		Authentication mockAuthentication = mock(Authentication.class);
-
 		strategy.onAuthentication(mockAuthentication, request, new MockHttpServletResponse());
-
 		ArgumentCaptor<ApplicationEvent> eventArgumentCaptor = ArgumentCaptor.forClass(ApplicationEvent.class);
 		verify(eventPublisher).publishEvent(eventArgumentCaptor.capture());
-
 		assertThat(request.getSession().getAttribute("blah")).isNull();
 		assertThat(request.getSession().getAttribute("SPRING_SECURITY_SAVED_REQUEST_KEY")).isNotNull();
-
 		assertThat(eventArgumentCaptor.getValue()).isNotNull();
 		assertThat(eventArgumentCaptor.getValue() instanceof SessionFixationProtectionEvent).isTrue();
 		SessionFixationProtectionEvent event = (SessionFixationProtectionEvent) eventArgumentCaptor.getValue();
@@ -155,11 +137,8 @@ public class DefaultSessionAuthenticationStrategyTests {
 		HttpServletRequest request = new MockHttpServletRequest();
 		HttpSession session = request.getSession();
 		session.setMaxInactiveInterval(1);
-
 		Authentication mockAuthentication = mock(Authentication.class);
-
 		strategy.onAuthentication(mockAuthentication, request, new MockHttpServletResponse());
-
 		assertThat(request.getSession().getMaxInactiveInterval()).isEqualTo(1);
 	}
 
@@ -170,11 +149,8 @@ public class DefaultSessionAuthenticationStrategyTests {
 		HttpServletRequest request = new MockHttpServletRequest();
 		HttpSession session = request.getSession();
 		session.setMaxInactiveInterval(1);
-
 		Authentication mockAuthentication = mock(Authentication.class);
-
 		strategy.onAuthentication(mockAuthentication, request, new MockHttpServletResponse());
-
 		assertThat(request.getSession().getMaxInactiveInterval()).isNotEqualTo(1);
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/session/HttpSessionEventPublisherTests.java b/web/src/test/java/org/springframework/security/web/session/HttpSessionEventPublisherTests.java
index 1ddf4f5cec..be04e536eb 100644
--- a/web/src/test/java/org/springframework/security/web/session/HttpSessionEventPublisherTests.java
+++ b/web/src/test/java/org/springframework/security/web/session/HttpSessionEventPublisherTests.java
@@ -40,35 +40,25 @@ public class HttpSessionEventPublisherTests {
 	@Test
 	public void publishedEventIsReceivedbyListener() {
 		HttpSessionEventPublisher publisher = new HttpSessionEventPublisher();
-
 		StaticWebApplicationContext context = new StaticWebApplicationContext();
-
 		MockServletContext servletContext = new MockServletContext();
 		servletContext.setAttribute(WebApplicationContext.ROOT_WEB_APPLICATION_CONTEXT_ATTRIBUTE, context);
-
 		context.setServletContext(servletContext);
 		context.registerSingleton("listener", MockApplicationListener.class, null);
 		context.refresh();
-
 		MockHttpSession session = new MockHttpSession(servletContext);
 		MockApplicationListener listener = (MockApplicationListener) context.getBean("listener");
-
 		HttpSessionEvent event = new HttpSessionEvent(session);
-
 		publisher.sessionCreated(event);
-
 		assertThat(listener.getCreatedEvent()).isNotNull();
 		assertThat(listener.getDestroyedEvent()).isNull();
 		assertThat(listener.getCreatedEvent().getSession()).isEqualTo(session);
-
 		listener.setCreatedEvent(null);
 		listener.setDestroyedEvent(null);
-
 		publisher.sessionDestroyed(event);
 		assertThat(listener.getDestroyedEvent()).isNotNull();
 		assertThat(listener.getCreatedEvent()).isNull();
 		assertThat(listener.getDestroyedEvent().getSession()).isEqualTo(session);
-
 		publisher.sessionIdChanged(event, "oldSessionId");
 		assertThat(listener.getSessionIdChangedEvent()).isNotNull();
 		assertThat(listener.getSessionIdChangedEvent().getOldSessionId()).isEqualTo("oldSessionId");
@@ -78,35 +68,25 @@ public class HttpSessionEventPublisherTests {
 	@Test
 	public void publishedEventIsReceivedbyListenerChildContext() {
 		HttpSessionEventPublisher publisher = new HttpSessionEventPublisher();
-
 		StaticWebApplicationContext context = new StaticWebApplicationContext();
-
 		MockServletContext servletContext = new MockServletContext();
 		servletContext.setAttribute("org.springframework.web.servlet.FrameworkServlet.CONTEXT.dispatcher", context);
-
 		context.setServletContext(servletContext);
 		context.registerSingleton("listener", MockApplicationListener.class, null);
 		context.refresh();
-
 		MockHttpSession session = new MockHttpSession(servletContext);
 		MockApplicationListener listener = (MockApplicationListener) context.getBean("listener");
-
 		HttpSessionEvent event = new HttpSessionEvent(session);
-
 		publisher.sessionCreated(event);
-
 		assertThat(listener.getCreatedEvent()).isNotNull();
 		assertThat(listener.getDestroyedEvent()).isNull();
 		assertThat(listener.getCreatedEvent().getSession()).isEqualTo(session);
-
 		listener.setCreatedEvent(null);
 		listener.setDestroyedEvent(null);
-
 		publisher.sessionDestroyed(event);
 		assertThat(listener.getDestroyedEvent()).isNotNull();
 		assertThat(listener.getCreatedEvent()).isNull();
 		assertThat(listener.getDestroyedEvent().getSession()).isEqualTo(session);
-
 		publisher.sessionIdChanged(event, "oldSessionId");
 		assertThat(listener.getSessionIdChangedEvent()).isNotNull();
 		assertThat(listener.getSessionIdChangedEvent().getOldSessionId()).isEqualTo("oldSessionId");
@@ -120,7 +100,6 @@ public class HttpSessionEventPublisherTests {
 		MockServletContext servletContext = new MockServletContext();
 		MockHttpSession session = new MockHttpSession(servletContext);
 		HttpSessionEvent event = new HttpSessionEvent(session);
-
 		publisher.sessionCreated(event);
 	}
 
@@ -131,7 +110,6 @@ public class HttpSessionEventPublisherTests {
 		MockServletContext servletContext = new MockServletContext();
 		MockHttpSession session = new MockHttpSession(servletContext);
 		HttpSessionEvent event = new HttpSessionEvent(session);
-
 		publisher.sessionDestroyed(event);
 	}
 
@@ -141,7 +119,6 @@ public class HttpSessionEventPublisherTests {
 		MockServletContext servletContext = new MockServletContext();
 		MockHttpSession session = new MockHttpSession(servletContext);
 		HttpSessionEvent event = new HttpSessionEvent(session);
-
 		publisher.sessionIdChanged(event, "oldSessionId");
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/session/SessionManagementFilterTests.java b/web/src/test/java/org/springframework/security/web/session/SessionManagementFilterTests.java
index bb5f535ba9..ad25c72ab3 100644
--- a/web/src/test/java/org/springframework/security/web/session/SessionManagementFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/session/SessionManagementFilterTests.java
@@ -61,9 +61,7 @@ public class SessionManagementFilterTests {
 		SessionManagementFilter filter = new SessionManagementFilter(repo);
 		HttpServletRequest request = new MockHttpServletRequest();
 		String sessionId = request.getSession().getId();
-
 		filter.doFilter(request, new MockHttpServletResponse(), new MockFilterChain());
-
 		assertThat(request.getSession().getId()).isEqualTo(sessionId);
 	}
 
@@ -76,9 +74,7 @@ public class SessionManagementFilterTests {
 		SessionManagementFilter filter = new SessionManagementFilter(repo, strategy);
 		HttpServletRequest request = new MockHttpServletRequest();
 		authenticateUser();
-
 		filter.doFilter(request, new MockHttpServletResponse(), new MockFilterChain());
-
 		verifyZeroInteractions(strategy);
 	}
 
@@ -88,9 +84,7 @@ public class SessionManagementFilterTests {
 		SessionAuthenticationStrategy strategy = mock(SessionAuthenticationStrategy.class);
 		SessionManagementFilter filter = new SessionManagementFilter(repo, strategy);
 		HttpServletRequest request = new MockHttpServletRequest();
-
 		filter.doFilter(request, new MockHttpServletResponse(), new MockFilterChain());
-
 		verifyZeroInteractions(strategy);
 	}
 
@@ -102,9 +96,7 @@ public class SessionManagementFilterTests {
 		SessionManagementFilter filter = new SessionManagementFilter(repo, strategy);
 		HttpServletRequest request = new MockHttpServletRequest();
 		authenticateUser();
-
 		filter.doFilter(request, new MockHttpServletResponse(), new MockFilterChain());
-
 		verify(strategy).onAuthentication(any(Authentication.class), any(HttpServletRequest.class),
 				any(HttpServletResponse.class));
 		// Check that it is only applied once to the request
@@ -117,7 +109,6 @@ public class SessionManagementFilterTests {
 		SecurityContextRepository repo = mock(SecurityContextRepository.class);
 		// repo will return false to containsContext()
 		SessionAuthenticationStrategy strategy = mock(SessionAuthenticationStrategy.class);
-
 		AuthenticationFailureHandler failureHandler = mock(AuthenticationFailureHandler.class);
 		SessionManagementFilter filter = new SessionManagementFilter(repo, strategy);
 		filter.setAuthenticationFailureHandler(failureHandler);
@@ -128,7 +119,6 @@ public class SessionManagementFilterTests {
 		SessionAuthenticationException exception = new SessionAuthenticationException("Failure");
 		willThrow(exception).given(strategy).onAuthentication(SecurityContextHolder.getContext().getAuthentication(),
 				request, response);
-
 		filter.doFilter(request, response, fc);
 		verifyZeroInteractions(fc);
 		verify(failureHandler).onAuthenticationFailure(request, response, exception);
@@ -144,10 +134,8 @@ public class SessionManagementFilterTests {
 		request.setRequestedSessionId("xxx");
 		request.setRequestedSessionIdValid(false);
 		MockHttpServletResponse response = new MockHttpServletResponse();
-
 		filter.doFilter(request, response, new MockFilterChain());
 		assertThat(response.getRedirectedUrl()).isNull();
-
 		// Now set a redirect URL
 		request = new MockHttpServletRequest();
 		request.setRequestedSessionId("xxx");
@@ -158,7 +146,6 @@ public class SessionManagementFilterTests {
 		FilterChain fc = mock(FilterChain.class);
 		filter.doFilter(request, response, fc);
 		verifyZeroInteractions(fc);
-
 		assertThat(response.getRedirectedUrl()).isEqualTo("/timedOut");
 	}
 
@@ -170,9 +157,7 @@ public class SessionManagementFilterTests {
 		filter.setTrustResolver(trustResolver);
 		HttpServletRequest request = new MockHttpServletRequest();
 		authenticateUser();
-
 		filter.doFilter(request, new MockHttpServletResponse(), new MockFilterChain());
-
 		verify(trustResolver).isAnonymous(any(Authentication.class));
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/util/OnCommittedResponseWrapperTests.java b/web/src/test/java/org/springframework/security/web/util/OnCommittedResponseWrapperTests.java
index 778b5bcb92..e234ca1bb3 100644
--- a/web/src/test/java/org/springframework/security/web/util/OnCommittedResponseWrapperTests.java
+++ b/web/src/test/java/org/springframework/security/web/util/OnCommittedResponseWrapperTests.java
@@ -66,7 +66,6 @@ public class OnCommittedResponseWrapperTests {
 	@Test
 	public void printWriterHashCode() throws Exception {
 		int expected = this.writer.hashCode();
-
 		assertThat(this.response.getWriter().hashCode()).isEqualTo(expected);
 	}
 
@@ -74,16 +73,13 @@ public class OnCommittedResponseWrapperTests {
 	public void printWriterCheckError() throws Exception {
 		boolean expected = true;
 		given(this.writer.checkError()).willReturn(expected);
-
 		assertThat(this.response.getWriter().checkError()).isEqualTo(expected);
 	}
 
 	@Test
 	public void printWriterWriteInt() throws Exception {
 		int expected = 1;
-
 		this.response.getWriter().write(expected);
-
 		verify(this.writer).write(expected);
 	}
 
@@ -92,18 +88,14 @@ public class OnCommittedResponseWrapperTests {
 		char[] buff = new char[0];
 		int off = 2;
 		int len = 3;
-
 		this.response.getWriter().write(buff, off, len);
-
 		verify(this.writer).write(buff, off, len);
 	}
 
 	@Test
 	public void printWriterWriteChar() throws Exception {
 		char[] buff = new char[0];
-
 		this.response.getWriter().write(buff);
-
 		verify(this.writer).write(buff);
 	}
 
@@ -112,187 +104,146 @@ public class OnCommittedResponseWrapperTests {
 		String s = "";
 		int off = 2;
 		int len = 3;
-
 		this.response.getWriter().write(s, off, len);
-
 		verify(this.writer).write(s, off, len);
 	}
 
 	@Test
 	public void printWriterWriteString() throws Exception {
 		String s = "";
-
 		this.response.getWriter().write(s);
-
 		verify(this.writer).write(s);
 	}
 
 	@Test
 	public void printWriterPrintBoolean() throws Exception {
 		boolean b = true;
-
 		this.response.getWriter().print(b);
-
 		verify(this.writer).print(b);
 	}
 
 	@Test
 	public void printWriterPrintChar() throws Exception {
 		char c = 1;
-
 		this.response.getWriter().print(c);
-
 		verify(this.writer).print(c);
 	}
 
 	@Test
 	public void printWriterPrintInt() throws Exception {
 		int i = 1;
-
 		this.response.getWriter().print(i);
-
 		verify(this.writer).print(i);
 	}
 
 	@Test
 	public void printWriterPrintLong() throws Exception {
 		long l = 1;
-
 		this.response.getWriter().print(l);
-
 		verify(this.writer).print(l);
 	}
 
 	@Test
 	public void printWriterPrintFloat() throws Exception {
 		float f = 1;
-
 		this.response.getWriter().print(f);
-
 		verify(this.writer).print(f);
 	}
 
 	@Test
 	public void printWriterPrintDouble() throws Exception {
 		double x = 1;
-
 		this.response.getWriter().print(x);
-
 		verify(this.writer).print(x);
 	}
 
 	@Test
 	public void printWriterPrintCharArray() throws Exception {
 		char[] x = new char[0];
-
 		this.response.getWriter().print(x);
-
 		verify(this.writer).print(x);
 	}
 
 	@Test
 	public void printWriterPrintString() throws Exception {
 		String x = "1";
-
 		this.response.getWriter().print(x);
-
 		verify(this.writer).print(x);
 	}
 
 	@Test
 	public void printWriterPrintObject() throws Exception {
 		Object x = "1";
-
 		this.response.getWriter().print(x);
-
 		verify(this.writer).print(x);
 	}
 
 	@Test
 	public void printWriterPrintln() throws Exception {
 		this.response.getWriter().println();
-
 		verify(this.writer).println();
 	}
 
 	@Test
 	public void printWriterPrintlnBoolean() throws Exception {
 		boolean b = true;
-
 		this.response.getWriter().println(b);
-
 		verify(this.writer).println(b);
 	}
 
 	@Test
 	public void printWriterPrintlnChar() throws Exception {
 		char c = 1;
-
 		this.response.getWriter().println(c);
-
 		verify(this.writer).println(c);
 	}
 
 	@Test
 	public void printWriterPrintlnInt() throws Exception {
 		int i = 1;
-
 		this.response.getWriter().println(i);
-
 		verify(this.writer).println(i);
 	}
 
 	@Test
 	public void printWriterPrintlnLong() throws Exception {
 		long l = 1;
-
 		this.response.getWriter().println(l);
-
 		verify(this.writer).println(l);
 	}
 
 	@Test
 	public void printWriterPrintlnFloat() throws Exception {
 		float f = 1;
-
 		this.response.getWriter().println(f);
-
 		verify(this.writer).println(f);
 	}
 
 	@Test
 	public void printWriterPrintlnDouble() throws Exception {
 		double x = 1;
-
 		this.response.getWriter().println(x);
-
 		verify(this.writer).println(x);
 	}
 
 	@Test
 	public void printWriterPrintlnCharArray() throws Exception {
 		char[] x = new char[0];
-
 		this.response.getWriter().println(x);
-
 		verify(this.writer).println(x);
 	}
 
 	@Test
 	public void printWriterPrintlnString() throws Exception {
 		String x = "1";
-
 		this.response.getWriter().println(x);
-
 		verify(this.writer).println(x);
 	}
 
 	@Test
 	public void printWriterPrintlnObject() throws Exception {
 		Object x = "1";
-
 		this.response.getWriter().println(x);
-
 		verify(this.writer).println(x);
 	}
 
@@ -300,9 +251,7 @@ public class OnCommittedResponseWrapperTests {
 	public void printWriterPrintfStringObjectVargs() throws Exception {
 		String format = "format";
 		Object[] args = new Object[] { "1" };
-
 		this.response.getWriter().printf(format, args);
-
 		verify(this.writer).printf(format, args);
 	}
 
@@ -311,9 +260,7 @@ public class OnCommittedResponseWrapperTests {
 		Locale l = Locale.US;
 		String format = "format";
 		Object[] args = new Object[] { "1" };
-
 		this.response.getWriter().printf(l, format, args);
-
 		verify(this.writer).printf(l, format, args);
 	}
 
@@ -321,9 +268,7 @@ public class OnCommittedResponseWrapperTests {
 	public void printWriterFormatStringObjectVargs() throws Exception {
 		String format = "format";
 		Object[] args = new Object[] { "1" };
-
 		this.response.getWriter().format(format, args);
-
 		verify(this.writer).format(format, args);
 	}
 
@@ -332,18 +277,14 @@ public class OnCommittedResponseWrapperTests {
 		Locale l = Locale.US;
 		String format = "format";
 		Object[] args = new Object[] { "1" };
-
 		this.response.getWriter().format(l, format, args);
-
 		verify(this.writer).format(l, format, args);
 	}
 
 	@Test
 	public void printWriterAppendCharSequence() throws Exception {
 		String x = "a";
-
 		this.response.getWriter().append(x);
-
 		verify(this.writer).append(x);
 	}
 
@@ -352,45 +293,35 @@ public class OnCommittedResponseWrapperTests {
 		String x = "abcdef";
 		int start = 1;
 		int end = 3;
-
 		this.response.getWriter().append(x, start, end);
-
 		verify(this.writer).append(x, start, end);
 	}
 
 	@Test
 	public void printWriterAppendChar() throws Exception {
 		char x = 1;
-
 		this.response.getWriter().append(x);
-
 		verify(this.writer).append(x);
 	}
 
 	// servletoutputstream
-
 	@Test
 	public void outputStreamHashCode() throws Exception {
 		int expected = this.out.hashCode();
-
 		assertThat(this.response.getOutputStream().hashCode()).isEqualTo(expected);
 	}
 
 	@Test
 	public void outputStreamWriteInt() throws Exception {
 		int expected = 1;
-
 		this.response.getOutputStream().write(expected);
-
 		verify(this.out).write(expected);
 	}
 
 	@Test
 	public void outputStreamWriteByte() throws Exception {
 		byte[] expected = new byte[0];
-
 		this.response.getOutputStream().write(expected);
-
 		verify(this.out).write(expected);
 	}
 
@@ -399,160 +330,124 @@ public class OnCommittedResponseWrapperTests {
 		int start = 1;
 		int end = 2;
 		byte[] expected = new byte[0];
-
 		this.response.getOutputStream().write(expected, start, end);
-
 		verify(this.out).write(expected, start, end);
 	}
 
 	@Test
 	public void outputStreamPrintBoolean() throws Exception {
 		boolean b = true;
-
 		this.response.getOutputStream().print(b);
-
 		verify(this.out).print(b);
 	}
 
 	@Test
 	public void outputStreamPrintChar() throws Exception {
 		char c = 1;
-
 		this.response.getOutputStream().print(c);
-
 		verify(this.out).print(c);
 	}
 
 	@Test
 	public void outputStreamPrintInt() throws Exception {
 		int i = 1;
-
 		this.response.getOutputStream().print(i);
-
 		verify(this.out).print(i);
 	}
 
 	@Test
 	public void outputStreamPrintLong() throws Exception {
 		long l = 1;
-
 		this.response.getOutputStream().print(l);
-
 		verify(this.out).print(l);
 	}
 
 	@Test
 	public void outputStreamPrintFloat() throws Exception {
 		float f = 1;
-
 		this.response.getOutputStream().print(f);
-
 		verify(this.out).print(f);
 	}
 
 	@Test
 	public void outputStreamPrintDouble() throws Exception {
 		double x = 1;
-
 		this.response.getOutputStream().print(x);
-
 		verify(this.out).print(x);
 	}
 
 	@Test
 	public void outputStreamPrintString() throws Exception {
 		String x = "1";
-
 		this.response.getOutputStream().print(x);
-
 		verify(this.out).print(x);
 	}
 
 	@Test
 	public void outputStreamPrintln() throws Exception {
 		this.response.getOutputStream().println();
-
 		verify(this.out).println();
 	}
 
 	@Test
 	public void outputStreamPrintlnBoolean() throws Exception {
 		boolean b = true;
-
 		this.response.getOutputStream().println(b);
-
 		verify(this.out).println(b);
 	}
 
 	@Test
 	public void outputStreamPrintlnChar() throws Exception {
 		char c = 1;
-
 		this.response.getOutputStream().println(c);
-
 		verify(this.out).println(c);
 	}
 
 	@Test
 	public void outputStreamPrintlnInt() throws Exception {
 		int i = 1;
-
 		this.response.getOutputStream().println(i);
-
 		verify(this.out).println(i);
 	}
 
 	@Test
 	public void outputStreamPrintlnLong() throws Exception {
 		long l = 1;
-
 		this.response.getOutputStream().println(l);
-
 		verify(this.out).println(l);
 	}
 
 	@Test
 	public void outputStreamPrintlnFloat() throws Exception {
 		float f = 1;
-
 		this.response.getOutputStream().println(f);
-
 		verify(this.out).println(f);
 	}
 
 	@Test
 	public void outputStreamPrintlnDouble() throws Exception {
 		double x = 1;
-
 		this.response.getOutputStream().println(x);
-
 		verify(this.out).println(x);
 	}
 
 	@Test
 	public void outputStreamPrintlnString() throws Exception {
 		String x = "1";
-
 		this.response.getOutputStream().println(x);
-
 		verify(this.out).println(x);
 	}
 
 	// The amount of content specified in the setContentLength method of the response
 	// has been greater than zero and has been written to the response.
-
 	// gh-3823
 	@Test
 	public void contentLengthPrintWriterWriteNullCommits() throws Exception {
 		String expected = null;
 		this.response.setContentLength(String.valueOf(expected).length() + 1);
-
 		this.response.getWriter().write(expected);
-
 		assertThat(this.committed).isFalse();
-
 		this.response.getWriter().write("a");
-
 		assertThat(this.committed).isTrue();
 	}
 
@@ -560,9 +455,7 @@ public class OnCommittedResponseWrapperTests {
 	public void contentLengthPrintWriterWriteIntCommits() throws Exception {
 		int expected = 1;
 		this.response.setContentLength(String.valueOf(expected).length());
-
 		this.response.getWriter().write(expected);
-
 		assertThat(this.committed).isTrue();
 	}
 
@@ -570,9 +463,7 @@ public class OnCommittedResponseWrapperTests {
 	public void contentLengthPrintWriterWriteIntMultiDigitCommits() throws Exception {
 		int expected = 10000;
 		this.response.setContentLength(String.valueOf(expected).length());
-
 		this.response.getWriter().write(expected);
-
 		assertThat(this.committed).isTrue();
 	}
 
@@ -580,13 +471,9 @@ public class OnCommittedResponseWrapperTests {
 	public void contentLengthPlus1PrintWriterWriteIntMultiDigitCommits() throws Exception {
 		int expected = 10000;
 		this.response.setContentLength(String.valueOf(expected).length() + 1);
-
 		this.response.getWriter().write(expected);
-
 		assertThat(this.committed).isFalse();
-
 		this.response.getWriter().write(1);
-
 		assertThat(this.committed).isTrue();
 	}
 
@@ -596,9 +483,7 @@ public class OnCommittedResponseWrapperTests {
 		int off = 2;
 		int len = 3;
 		this.response.setContentLength(3);
-
 		this.response.getWriter().write(buff, off, len);
-
 		assertThat(this.committed).isTrue();
 	}
 
@@ -606,9 +491,7 @@ public class OnCommittedResponseWrapperTests {
 	public void contentLengthPrintWriterWriteCharCommits() throws Exception {
 		char[] buff = new char[4];
 		this.response.setContentLength(buff.length);
-
 		this.response.getWriter().write(buff);
-
 		assertThat(this.committed).isTrue();
 	}
 
@@ -618,9 +501,7 @@ public class OnCommittedResponseWrapperTests {
 		int off = 2;
 		int len = 3;
 		this.response.setContentLength(3);
-
 		this.response.getWriter().write(s, off, len);
-
 		assertThat(this.committed).isTrue();
 	}
 
@@ -628,9 +509,7 @@ public class OnCommittedResponseWrapperTests {
 	public void contentLengthPrintWriterWriteStringCommits() throws IOException {
 		String body = "something";
 		this.response.setContentLength(body.length());
-
 		this.response.getWriter().write(body);
-
 		assertThat(this.committed).isTrue();
 	}
 
@@ -638,18 +517,14 @@ public class OnCommittedResponseWrapperTests {
 	public void printWriterWriteStringContentLengthCommits() throws IOException {
 		String body = "something";
 		this.response.getWriter().write(body);
-
 		this.response.setContentLength(body.length());
-
 		assertThat(this.committed).isTrue();
 	}
 
 	@Test
 	public void printWriterWriteStringDoesNotCommit() throws IOException {
 		String body = "something";
-
 		this.response.getWriter().write(body);
-
 		assertThat(this.committed).isFalse();
 	}
 
@@ -657,9 +532,7 @@ public class OnCommittedResponseWrapperTests {
 	public void contentLengthPrintWriterPrintBooleanCommits() throws Exception {
 		boolean b = true;
 		this.response.setContentLength(1);
-
 		this.response.getWriter().print(b);
-
 		assertThat(this.committed).isTrue();
 	}
 
@@ -667,9 +540,7 @@ public class OnCommittedResponseWrapperTests {
 	public void contentLengthPrintWriterPrintCharCommits() throws Exception {
 		char c = 1;
 		this.response.setContentLength(1);
-
 		this.response.getWriter().print(c);
-
 		assertThat(this.committed).isTrue();
 	}
 
@@ -677,9 +548,7 @@ public class OnCommittedResponseWrapperTests {
 	public void contentLengthPrintWriterPrintIntCommits() throws Exception {
 		int i = 1234;
 		this.response.setContentLength(String.valueOf(i).length());
-
 		this.response.getWriter().print(i);
-
 		assertThat(this.committed).isTrue();
 	}
 
@@ -687,9 +556,7 @@ public class OnCommittedResponseWrapperTests {
 	public void contentLengthPrintWriterPrintLongCommits() throws Exception {
 		long l = 12345;
 		this.response.setContentLength(String.valueOf(l).length());
-
 		this.response.getWriter().print(l);
-
 		assertThat(this.committed).isTrue();
 	}
 
@@ -697,9 +564,7 @@ public class OnCommittedResponseWrapperTests {
 	public void contentLengthPrintWriterPrintFloatCommits() throws Exception {
 		float f = 12345;
 		this.response.setContentLength(String.valueOf(f).length());
-
 		this.response.getWriter().print(f);
-
 		assertThat(this.committed).isTrue();
 	}
 
@@ -707,9 +572,7 @@ public class OnCommittedResponseWrapperTests {
 	public void contentLengthPrintWriterPrintDoubleCommits() throws Exception {
 		double x = 1.2345;
 		this.response.setContentLength(String.valueOf(x).length());
-
 		this.response.getWriter().print(x);
-
 		assertThat(this.committed).isTrue();
 	}
 
@@ -717,9 +580,7 @@ public class OnCommittedResponseWrapperTests {
 	public void contentLengthPrintWriterPrintCharArrayCommits() throws Exception {
 		char[] x = new char[10];
 		this.response.setContentLength(x.length);
-
 		this.response.getWriter().print(x);
-
 		assertThat(this.committed).isTrue();
 	}
 
@@ -727,9 +588,7 @@ public class OnCommittedResponseWrapperTests {
 	public void contentLengthPrintWriterPrintStringCommits() throws Exception {
 		String x = "12345";
 		this.response.setContentLength(x.length());
-
 		this.response.getWriter().print(x);
-
 		assertThat(this.committed).isTrue();
 	}
 
@@ -737,18 +596,14 @@ public class OnCommittedResponseWrapperTests {
 	public void contentLengthPrintWriterPrintObjectCommits() throws Exception {
 		Object x = "12345";
 		this.response.setContentLength(String.valueOf(x).length());
-
 		this.response.getWriter().print(x);
-
 		assertThat(this.committed).isTrue();
 	}
 
 	@Test
 	public void contentLengthPrintWriterPrintlnCommits() throws Exception {
 		this.response.setContentLength(NL.length());
-
 		this.response.getWriter().println();
-
 		assertThat(this.committed).isTrue();
 	}
 
@@ -756,9 +611,7 @@ public class OnCommittedResponseWrapperTests {
 	public void contentLengthPrintWriterPrintlnBooleanCommits() throws Exception {
 		boolean b = true;
 		this.response.setContentLength(1);
-
 		this.response.getWriter().println(b);
-
 		assertThat(this.committed).isTrue();
 	}
 
@@ -766,9 +619,7 @@ public class OnCommittedResponseWrapperTests {
 	public void contentLengthPrintWriterPrintlnCharCommits() throws Exception {
 		char c = 1;
 		this.response.setContentLength(1);
-
 		this.response.getWriter().println(c);
-
 		assertThat(this.committed).isTrue();
 	}
 
@@ -776,9 +627,7 @@ public class OnCommittedResponseWrapperTests {
 	public void contentLengthPrintWriterPrintlnIntCommits() throws Exception {
 		int i = 12345;
 		this.response.setContentLength(String.valueOf(i).length());
-
 		this.response.getWriter().println(i);
-
 		assertThat(this.committed).isTrue();
 	}
 
@@ -786,9 +635,7 @@ public class OnCommittedResponseWrapperTests {
 	public void contentLengthPrintWriterPrintlnLongCommits() throws Exception {
 		long l = 12345678;
 		this.response.setContentLength(String.valueOf(l).length());
-
 		this.response.getWriter().println(l);
-
 		assertThat(this.committed).isTrue();
 	}
 
@@ -796,9 +643,7 @@ public class OnCommittedResponseWrapperTests {
 	public void contentLengthPrintWriterPrintlnFloatCommits() throws Exception {
 		float f = 1234;
 		this.response.setContentLength(String.valueOf(f).length());
-
 		this.response.getWriter().println(f);
-
 		assertThat(this.committed).isTrue();
 	}
 
@@ -806,9 +651,7 @@ public class OnCommittedResponseWrapperTests {
 	public void contentLengthPrintWriterPrintlnDoubleCommits() throws Exception {
 		double x = 1;
 		this.response.setContentLength(String.valueOf(x).length());
-
 		this.response.getWriter().println(x);
-
 		assertThat(this.committed).isTrue();
 	}
 
@@ -816,9 +659,7 @@ public class OnCommittedResponseWrapperTests {
 	public void contentLengthPrintWriterPrintlnCharArrayCommits() throws Exception {
 		char[] x = new char[20];
 		this.response.setContentLength(x.length);
-
 		this.response.getWriter().println(x);
-
 		assertThat(this.committed).isTrue();
 	}
 
@@ -826,9 +667,7 @@ public class OnCommittedResponseWrapperTests {
 	public void contentLengthPrintWriterPrintlnStringCommits() throws Exception {
 		String x = "1";
 		this.response.setContentLength(String.valueOf(x).length());
-
 		this.response.getWriter().println(x);
-
 		assertThat(this.committed).isTrue();
 	}
 
@@ -836,9 +675,7 @@ public class OnCommittedResponseWrapperTests {
 	public void contentLengthPrintWriterPrintlnObjectCommits() throws Exception {
 		Object x = "1";
 		this.response.setContentLength(String.valueOf(x).length());
-
 		this.response.getWriter().println(x);
-
 		assertThat(this.committed).isTrue();
 	}
 
@@ -846,9 +683,7 @@ public class OnCommittedResponseWrapperTests {
 	public void contentLengthPrintWriterAppendCharSequenceCommits() throws Exception {
 		String x = "a";
 		this.response.setContentLength(String.valueOf(x).length());
-
 		this.response.getWriter().append(x);
-
 		assertThat(this.committed).isTrue();
 	}
 
@@ -858,9 +693,7 @@ public class OnCommittedResponseWrapperTests {
 		int start = 1;
 		int end = 3;
 		this.response.setContentLength(end - start);
-
 		this.response.getWriter().append(x, start, end);
-
 		assertThat(this.committed).isTrue();
 	}
 
@@ -868,9 +701,7 @@ public class OnCommittedResponseWrapperTests {
 	public void contentLengthPrintWriterAppendCharCommits() throws Exception {
 		char x = 1;
 		this.response.setContentLength(1);
-
 		this.response.getWriter().append(x);
-
 		assertThat(this.committed).isTrue();
 	}
 
@@ -878,9 +709,7 @@ public class OnCommittedResponseWrapperTests {
 	public void contentLengthOutputStreamWriteIntCommits() throws Exception {
 		int expected = 1;
 		this.response.setContentLength(String.valueOf(expected).length());
-
 		this.response.getOutputStream().write(expected);
-
 		assertThat(this.committed).isTrue();
 	}
 
@@ -888,9 +717,7 @@ public class OnCommittedResponseWrapperTests {
 	public void contentLengthOutputStreamWriteIntMultiDigitCommits() throws Exception {
 		int expected = 10000;
 		this.response.setContentLength(String.valueOf(expected).length());
-
 		this.response.getOutputStream().write(expected);
-
 		assertThat(this.committed).isTrue();
 	}
 
@@ -898,13 +725,9 @@ public class OnCommittedResponseWrapperTests {
 	public void contentLengthPlus1OutputStreamWriteIntMultiDigitCommits() throws Exception {
 		int expected = 10000;
 		this.response.setContentLength(String.valueOf(expected).length() + 1);
-
 		this.response.getOutputStream().write(expected);
-
 		assertThat(this.committed).isFalse();
-
 		this.response.getOutputStream().write(1);
-
 		assertThat(this.committed).isTrue();
 	}
 
@@ -915,13 +738,9 @@ public class OnCommittedResponseWrapperTests {
 				+ "  \"token\" : \"06300b65-c4aa-4c8f-8cda-39ee17f545a0\",\n" + "  \"headerName\" : \"X-CSRF-TOKEN\"\n"
 				+ "}";
 		this.response.setContentLength(expected.length() + 1);
-
 		this.response.getOutputStream().write(expected.getBytes());
-
 		assertThat(this.committed).isFalse();
-
 		this.response.getOutputStream().write("1".getBytes("UTF-8"));
-
 		assertThat(this.committed).isTrue();
 	}
 
@@ -929,9 +748,7 @@ public class OnCommittedResponseWrapperTests {
 	public void contentLengthOutputStreamPrintBooleanCommits() throws Exception {
 		boolean b = true;
 		this.response.setContentLength(1);
-
 		this.response.getOutputStream().print(b);
-
 		assertThat(this.committed).isTrue();
 	}
 
@@ -939,9 +756,7 @@ public class OnCommittedResponseWrapperTests {
 	public void contentLengthOutputStreamPrintCharCommits() throws Exception {
 		char c = 1;
 		this.response.setContentLength(1);
-
 		this.response.getOutputStream().print(c);
-
 		assertThat(this.committed).isTrue();
 	}
 
@@ -949,9 +764,7 @@ public class OnCommittedResponseWrapperTests {
 	public void contentLengthOutputStreamPrintIntCommits() throws Exception {
 		int i = 1234;
 		this.response.setContentLength(String.valueOf(i).length());
-
 		this.response.getOutputStream().print(i);
-
 		assertThat(this.committed).isTrue();
 	}
 
@@ -959,9 +772,7 @@ public class OnCommittedResponseWrapperTests {
 	public void contentLengthOutputStreamPrintLongCommits() throws Exception {
 		long l = 12345;
 		this.response.setContentLength(String.valueOf(l).length());
-
 		this.response.getOutputStream().print(l);
-
 		assertThat(this.committed).isTrue();
 	}
 
@@ -969,9 +780,7 @@ public class OnCommittedResponseWrapperTests {
 	public void contentLengthOutputStreamPrintFloatCommits() throws Exception {
 		float f = 12345;
 		this.response.setContentLength(String.valueOf(f).length());
-
 		this.response.getOutputStream().print(f);
-
 		assertThat(this.committed).isTrue();
 	}
 
@@ -979,9 +788,7 @@ public class OnCommittedResponseWrapperTests {
 	public void contentLengthOutputStreamPrintDoubleCommits() throws Exception {
 		double x = 1.2345;
 		this.response.setContentLength(String.valueOf(x).length());
-
 		this.response.getOutputStream().print(x);
-
 		assertThat(this.committed).isTrue();
 	}
 
@@ -989,18 +796,14 @@ public class OnCommittedResponseWrapperTests {
 	public void contentLengthOutputStreamPrintStringCommits() throws Exception {
 		String x = "12345";
 		this.response.setContentLength(x.length());
-
 		this.response.getOutputStream().print(x);
-
 		assertThat(this.committed).isTrue();
 	}
 
 	@Test
 	public void contentLengthOutputStreamPrintlnCommits() throws Exception {
 		this.response.setContentLength(NL.length());
-
 		this.response.getOutputStream().println();
-
 		assertThat(this.committed).isTrue();
 	}
 
@@ -1008,9 +811,7 @@ public class OnCommittedResponseWrapperTests {
 	public void contentLengthOutputStreamPrintlnBooleanCommits() throws Exception {
 		boolean b = true;
 		this.response.setContentLength(1);
-
 		this.response.getOutputStream().println(b);
-
 		assertThat(this.committed).isTrue();
 	}
 
@@ -1018,9 +819,7 @@ public class OnCommittedResponseWrapperTests {
 	public void contentLengthOutputStreamPrintlnCharCommits() throws Exception {
 		char c = 1;
 		this.response.setContentLength(1);
-
 		this.response.getOutputStream().println(c);
-
 		assertThat(this.committed).isTrue();
 	}
 
@@ -1028,9 +827,7 @@ public class OnCommittedResponseWrapperTests {
 	public void contentLengthOutputStreamPrintlnIntCommits() throws Exception {
 		int i = 12345;
 		this.response.setContentLength(String.valueOf(i).length());
-
 		this.response.getOutputStream().println(i);
-
 		assertThat(this.committed).isTrue();
 	}
 
@@ -1038,9 +835,7 @@ public class OnCommittedResponseWrapperTests {
 	public void contentLengthOutputStreamPrintlnLongCommits() throws Exception {
 		long l = 12345678;
 		this.response.setContentLength(String.valueOf(l).length());
-
 		this.response.getOutputStream().println(l);
-
 		assertThat(this.committed).isTrue();
 	}
 
@@ -1048,9 +843,7 @@ public class OnCommittedResponseWrapperTests {
 	public void contentLengthOutputStreamPrintlnFloatCommits() throws Exception {
 		float f = 1234;
 		this.response.setContentLength(String.valueOf(f).length());
-
 		this.response.getOutputStream().println(f);
-
 		assertThat(this.committed).isTrue();
 	}
 
@@ -1058,9 +851,7 @@ public class OnCommittedResponseWrapperTests {
 	public void contentLengthOutputStreamPrintlnDoubleCommits() throws Exception {
 		double x = 1;
 		this.response.setContentLength(String.valueOf(x).length());
-
 		this.response.getOutputStream().println(x);
-
 		assertThat(this.committed).isTrue();
 	}
 
@@ -1068,18 +859,14 @@ public class OnCommittedResponseWrapperTests {
 	public void contentLengthOutputStreamPrintlnStringCommits() throws Exception {
 		String x = "1";
 		this.response.setContentLength(String.valueOf(x).length());
-
 		this.response.getOutputStream().println(x);
-
 		assertThat(this.committed).isTrue();
 	}
 
 	@Test
 	public void contentLengthDoesNotCommit() {
 		String body = "something";
-
 		this.response.setContentLength(body.length());
-
 		assertThat(this.committed).isFalse();
 	}
 
@@ -1087,9 +874,7 @@ public class OnCommittedResponseWrapperTests {
 	public void contentLengthOutputStreamWriteStringCommits() throws IOException {
 		String body = "something";
 		this.response.setContentLength(body.length());
-
 		this.response.getOutputStream().print(body);
-
 		assertThat(this.committed).isTrue();
 	}
 
@@ -1098,9 +883,7 @@ public class OnCommittedResponseWrapperTests {
 	public void contentLengthLongOutputStreamWriteStringCommits() throws IOException {
 		String body = "something";
 		this.response.setContentLengthLong(body.length());
-
 		this.response.getOutputStream().print(body);
-
 		assertThat(this.committed).isTrue();
 	}
 
@@ -1108,9 +891,7 @@ public class OnCommittedResponseWrapperTests {
 	public void addHeaderContentLengthPrintWriterWriteStringCommits() throws Exception {
 		int expected = 1234;
 		this.response.addHeader("Content-Length", String.valueOf(String.valueOf(expected).length()));
-
 		this.response.getWriter().write(expected);
-
 		assertThat(this.committed).isTrue();
 	}
 
@@ -1118,9 +899,7 @@ public class OnCommittedResponseWrapperTests {
 	public void bufferSizePrintWriterWriteCommits() throws Exception {
 		String expected = "1234567890";
 		given(this.response.getBufferSize()).willReturn(expected.length());
-
 		this.response.getWriter().write(expected);
-
 		assertThat(this.committed).isTrue();
 	}
 
@@ -1128,15 +907,10 @@ public class OnCommittedResponseWrapperTests {
 	public void bufferSizeCommitsOnce() throws Exception {
 		String expected = "1234567890";
 		given(this.response.getBufferSize()).willReturn(expected.length());
-
 		this.response.getWriter().write(expected);
-
 		assertThat(this.committed).isTrue();
-
 		this.committed = false;
-
 		this.response.getWriter().write(expected);
-
 		assertThat(this.committed).isFalse();
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/util/ThrowableAnalyzerTests.java b/web/src/test/java/org/springframework/security/web/util/ThrowableAnalyzerTests.java
index 10a76b0f6c..893d8db75a 100644
--- a/web/src/test/java/org/springframework/security/web/util/ThrowableAnalyzerTests.java
+++ b/web/src/test/java/org/springframework/security/web/util/ThrowableAnalyzerTests.java
@@ -51,7 +51,6 @@ public class ThrowableAnalyzerTests {
 
 	@Before
 	public void setUp() {
-
 		// Set up test trace
 		this.testTrace = new Throwable[7];
 		this.testTrace[6] = new IllegalArgumentException("Test_6");
@@ -61,13 +60,10 @@ public class ThrowableAnalyzerTests {
 		this.testTrace[2] = new NonStandardException("Test_2", this.testTrace[3]);
 		this.testTrace[1] = new RuntimeException("Test_1", this.testTrace[2]);
 		this.testTrace[0] = new Exception("Test_0", this.testTrace[1]);
-
 		// Set up standard analyzer
 		this.standardAnalyzer = new ThrowableAnalyzer();
-
 		// Set up nonstandard analyzer
 		this.nonstandardAnalyzer = new ThrowableAnalyzer() {
-
 			/**
 			 * @see org.springframework.security.web.util.ThrowableAnalyzer#initExtractorMap()
 			 */
@@ -84,7 +80,6 @@ public class ThrowableAnalyzerTests {
 	public void testRegisterExtractorWithInvalidExtractor() {
 		try {
 			new ThrowableAnalyzer() {
-
 				/**
 				 * @see org.springframework.security.web.util.ThrowableAnalyzer#initExtractorMap()
 				 */
@@ -94,7 +89,6 @@ public class ThrowableAnalyzerTests {
 					super.registerExtractor(Exception.class, null);
 				}
 			};
-
 			fail("IllegalArgumentExpected");
 		}
 		catch (IllegalArgumentException ex) {
@@ -104,16 +98,12 @@ public class ThrowableAnalyzerTests {
 
 	@Test
 	public void testGetRegisteredTypes() {
-
 		Class[] registeredTypes = this.nonstandardAnalyzer.getRegisteredTypes();
-
 		for (int i = 0; i < registeredTypes.length; ++i) {
 			Class clazz = registeredTypes[i];
-
 			// The most specific types have to occur first.
 			for (int j = 0; j < i; ++j) {
 				Class prevClazz = registeredTypes[j];
-
 				assertThat(prevClazz.isAssignableFrom(clazz))
 						.withFailMessage(
 								"Unexpected order of registered classes: " + prevClazz + " is assignable from " + clazz)
@@ -125,7 +115,6 @@ public class ThrowableAnalyzerTests {
 	@Test
 	public void testDetermineCauseChainWithNoExtractors() {
 		ThrowableAnalyzer analyzer = new ThrowableAnalyzer() {
-
 			/**
 			 * @see org.springframework.security.web.util.ThrowableAnalyzer#initExtractorMap()
 			 */
@@ -134,10 +123,8 @@ public class ThrowableAnalyzerTests {
 				// skip default initialization
 			}
 		};
-
 		assertThat(analyzer.getRegisteredTypes().length).withFailMessage("Unexpected number of registered types")
 				.isZero();
-
 		Throwable t = this.testTrace[0];
 		Throwable[] chain = analyzer.determineCauseChain(t);
 		// Without extractors only the root throwable is available
@@ -148,12 +135,9 @@ public class ThrowableAnalyzerTests {
 	@Test
 	public void testDetermineCauseChainWithDefaultExtractors() {
 		ThrowableAnalyzer analyzer = this.standardAnalyzer;
-
 		assertThat(analyzer.getRegisteredTypes().length).withFailMessage("Unexpected number of registered types")
 				.isEqualTo(2);
-
 		Throwable[] chain = analyzer.determineCauseChain(this.testTrace[0]);
-
 		// Element at index 2 is a NonStandardException which cannot be analyzed further
 		// by default
 		assertThat(chain.length).as("Unexpected chain size").isEqualTo(3);
@@ -165,9 +149,7 @@ public class ThrowableAnalyzerTests {
 	@Test
 	public void testDetermineCauseChainWithCustomExtractors() {
 		ThrowableAnalyzer analyzer = this.nonstandardAnalyzer;
-
 		Throwable[] chain = analyzer.determineCauseChain(this.testTrace[0]);
-
 		assertThat(chain.length).as("Unexpected chain size").isEqualTo(this.testTrace.length);
 		for (int i = 0; i < chain.length; ++i) {
 			assertThat(chain[i]).withFailMessage("Unexpected chain entry: " + i).isEqualTo(this.testTrace[i]);
@@ -177,11 +159,8 @@ public class ThrowableAnalyzerTests {
 	@Test
 	public void testGetFirstThrowableOfTypeWithSuccess1() {
 		ThrowableAnalyzer analyzer = this.nonstandardAnalyzer;
-
 		Throwable[] chain = analyzer.determineCauseChain(this.testTrace[0]);
-
 		Throwable result = analyzer.getFirstThrowableOfType(Exception.class, chain);
-
 		assertThat(result).as("null not expected").isNotNull();
 		assertThat(result).as("Unexpected throwable found").isEqualTo(this.testTrace[0]);
 	}
@@ -189,11 +168,8 @@ public class ThrowableAnalyzerTests {
 	@Test
 	public void testGetFirstThrowableOfTypeWithSuccess2() {
 		ThrowableAnalyzer analyzer = this.nonstandardAnalyzer;
-
 		Throwable[] chain = analyzer.determineCauseChain(this.testTrace[0]);
-
 		Throwable result = analyzer.getFirstThrowableOfType(NonStandardException.class, chain);
-
 		assertThat(result).as("null not expected").isNotNull();
 		assertThat(result).as("Unexpected throwable found").isEqualTo(this.testTrace[2]);
 	}
@@ -201,18 +177,14 @@ public class ThrowableAnalyzerTests {
 	@Test
 	public void testGetFirstThrowableOfTypeWithFailure() {
 		ThrowableAnalyzer analyzer = this.nonstandardAnalyzer;
-
 		Throwable[] chain = analyzer.determineCauseChain(this.testTrace[0]);
-
 		// IllegalStateException not in trace
 		Throwable result = analyzer.getFirstThrowableOfType(IllegalStateException.class, chain);
-
 		assertThat(result).as("null expected").isNull();
 	}
 
 	@Test
 	public void testVerifyThrowableHierarchyWithExactType() {
-
 		Throwable throwable = new IllegalStateException("Test");
 		ThrowableAnalyzer.verifyThrowableHierarchy(throwable, IllegalStateException.class);
 		// No exception expected
@@ -220,7 +192,6 @@ public class ThrowableAnalyzerTests {
 
 	@Test
 	public void testVerifyThrowableHierarchyWithCompatibleType() {
-
 		Throwable throwable = new IllegalStateException("Test");
 		ThrowableAnalyzer.verifyThrowableHierarchy(throwable, Exception.class);
 		// No exception expected
@@ -239,7 +210,6 @@ public class ThrowableAnalyzerTests {
 
 	@Test
 	public void testVerifyThrowableHierarchyWithNonmatchingType() {
-
 		Throwable throwable = new IllegalStateException("Test");
 		try {
 			ThrowableAnalyzer.verifyThrowableHierarchy(throwable, InvocationTargetException.class);
diff --git a/web/src/test/java/org/springframework/security/web/util/matcher/AndRequestMatcherTests.java b/web/src/test/java/org/springframework/security/web/util/matcher/AndRequestMatcherTests.java
index f3a7671d50..a10b26b3e4 100644
--- a/web/src/test/java/org/springframework/security/web/util/matcher/AndRequestMatcherTests.java
+++ b/web/src/test/java/org/springframework/security/web/util/matcher/AndRequestMatcherTests.java
@@ -82,7 +82,6 @@ public class AndRequestMatcherTests {
 	public void matchesSingleTrue() {
 		given(this.delegate.matches(this.request)).willReturn(true);
 		this.matcher = new AndRequestMatcher(this.delegate);
-
 		assertThat(this.matcher.matches(this.request)).isTrue();
 	}
 
@@ -91,7 +90,6 @@ public class AndRequestMatcherTests {
 		given(this.delegate.matches(this.request)).willReturn(true);
 		given(this.delegate2.matches(this.request)).willReturn(true);
 		this.matcher = new AndRequestMatcher(this.delegate, this.delegate2);
-
 		assertThat(this.matcher.matches(this.request)).isTrue();
 	}
 
@@ -99,7 +97,6 @@ public class AndRequestMatcherTests {
 	public void matchesSingleFalse() {
 		given(this.delegate.matches(this.request)).willReturn(false);
 		this.matcher = new AndRequestMatcher(this.delegate);
-
 		assertThat(this.matcher.matches(this.request)).isFalse();
 	}
 
@@ -107,7 +104,6 @@ public class AndRequestMatcherTests {
 	public void matchesMultiBothFalse() {
 		given(this.delegate.matches(this.request)).willReturn(false);
 		this.matcher = new AndRequestMatcher(this.delegate, this.delegate2);
-
 		assertThat(this.matcher.matches(this.request)).isFalse();
 	}
 
@@ -116,7 +112,6 @@ public class AndRequestMatcherTests {
 		given(this.delegate.matches(this.request)).willReturn(true);
 		given(this.delegate2.matches(this.request)).willReturn(false);
 		this.matcher = new AndRequestMatcher(this.delegate, this.delegate2);
-
 		assertThat(this.matcher.matches(this.request)).isFalse();
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/util/matcher/AntPathRequestMatcherTests.java b/web/src/test/java/org/springframework/security/web/util/matcher/AntPathRequestMatcherTests.java
index 80696a0735..58398adfa8 100644
--- a/web/src/test/java/org/springframework/security/web/util/matcher/AntPathRequestMatcherTests.java
+++ b/web/src/test/java/org/springframework/security/web/util/matcher/AntPathRequestMatcherTests.java
@@ -43,7 +43,6 @@ public class AntPathRequestMatcherTests {
 	public void matchesWhenUrlPathHelperThenMatchesOnRequestUri() {
 		AntPathRequestMatcher matcher = new AntPathRequestMatcher("/foo/bar", null, true, new UrlPathHelper());
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", "/foo/bar");
-
 		assertThat(matcher.matches(request)).isTrue();
 	}
 
@@ -51,9 +50,7 @@ public class AntPathRequestMatcherTests {
 	public void singleWildcardMatchesAnyPath() {
 		AntPathRequestMatcher matcher = new AntPathRequestMatcher("/**");
 		assertThat(matcher.getPattern()).isEqualTo("/**");
-
 		assertThat(matcher.matches(createRequest("/blah"))).isTrue();
-
 		matcher = new AntPathRequestMatcher("**");
 		assertThat(matcher.matches(createRequest("/blah"))).isTrue();
 		assertThat(matcher.matches(createRequest(""))).isTrue();
@@ -69,14 +66,11 @@ public class AntPathRequestMatcherTests {
 		assertThat(matcher.matches(createRequest("/blah/blaha"))).isFalse();
 		assertThat(matcher.matches(createRequest("/blah/bleh/"))).isFalse();
 		MockHttpServletRequest request = createRequest("/blah/");
-
 		request.setPathInfo("blah/bleh");
 		assertThat(matcher.matches(request)).isTrue();
-
 		matcher = new AntPathRequestMatcher("/bl?h/blAh/**", null, false);
 		assertThat(matcher.matches(createRequest("/BLAH/Blah/aaa/"))).isTrue();
 		assertThat(matcher.matches(createRequest("/bleh/Blah"))).isTrue();
-
 		matcher = new AntPathRequestMatcher("/blAh/**/blah/**", null, false);
 		assertThat(matcher.matches(createRequest("/blah/blah"))).isTrue();
 		assertThat(matcher.matches(createRequest("/blah/bleh"))).isFalse();
@@ -160,7 +154,6 @@ public class AntPathRequestMatcherTests {
 		assertThat(new AntPathRequestMatcher("/upper", null, true).matches(request)).isFalse();
 		assertThat(new AntPathRequestMatcher("/upper", "POST", true).matches(request)).isFalse();
 		assertThat(new AntPathRequestMatcher("/upper", "GET", true).matches(request)).isFalse();
-
 		assertThat(new AntPathRequestMatcher("/upper", null, false).matches(request)).isTrue();
 		assertThat(new AntPathRequestMatcher("/upper", "POST", false).matches(request)).isTrue();
 	}
@@ -170,7 +163,6 @@ public class AntPathRequestMatcherTests {
 		AntPathRequestMatcher matcher = new AntPathRequestMatcher("/path/*/bar");
 		MockHttpServletRequest request = createRequest("/path /foo/bar");
 		assertThat(matcher.matches(request)).isFalse();
-
 		matcher = new AntPathRequestMatcher("/path/foo");
 		request = createRequest("/path /foo");
 		assertThat(matcher.matches(request)).isFalse();
@@ -201,7 +193,6 @@ public class AntPathRequestMatcherTests {
 		AntPathRequestMatcher matcher = new AntPathRequestMatcher("/blah", "GET");
 		MockHttpServletRequest request = createRequest("/blah");
 		request.setMethod("INVALID");
-
 		assertThat(matcher.matches(request)).isFalse();
 	}
 
@@ -215,7 +206,6 @@ public class AntPathRequestMatcherTests {
 		request.setQueryString("doesntMatter");
 		request.setServletPath(path);
 		request.setMethod("POST");
-
 		return request;
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/util/matcher/ELRequestMatcherTests.java b/web/src/test/java/org/springframework/security/web/util/matcher/ELRequestMatcherTests.java
index 4a71218ce9..d445c5c510 100644
--- a/web/src/test/java/org/springframework/security/web/util/matcher/ELRequestMatcherTests.java
+++ b/web/src/test/java/org/springframework/security/web/util/matcher/ELRequestMatcherTests.java
@@ -33,7 +33,6 @@ public class ELRequestMatcherTests {
 		ELRequestMatcher requestMatcher = new ELRequestMatcher("hasIpAddress('1.1.1.1')");
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setRemoteAddr("1.1.1.1");
-
 		assertThat(requestMatcher.matches(request)).isTrue();
 	}
 
@@ -42,7 +41,6 @@ public class ELRequestMatcherTests {
 		ELRequestMatcher requestMatcher = new ELRequestMatcher("hasIpAddress('1.1.1.1')");
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setRemoteAddr("1.1.1.2");
-
 		assertThat(requestMatcher.matches(request)).isFalse();
 	}
 
@@ -51,7 +49,6 @@ public class ELRequestMatcherTests {
 		ELRequestMatcher requestMatcher = new ELRequestMatcher("hasHeader('User-Agent','MSIE')");
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.addHeader("User-Agent", "MSIE");
-
 		assertThat(requestMatcher.matches(request)).isTrue();
 	}
 
@@ -61,14 +58,10 @@ public class ELRequestMatcherTests {
 				"hasHeader('User-Agent','MSIE') or hasHeader('User-Agent','Mozilla')");
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.addHeader("User-Agent", "MSIE");
-
 		assertThat(requestMatcher.matches(request)).isTrue();
-
 		request = new MockHttpServletRequest();
 		request.addHeader("User-Agent", "Mozilla");
-
 		assertThat(requestMatcher.matches(request)).isTrue();
-
 	}
 
 	@Test
@@ -76,7 +69,6 @@ public class ELRequestMatcherTests {
 		ELRequestMatcher requestMatcher = new ELRequestMatcher("hasHeader('User-Agent','MSIE')");
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.addHeader("User-Agent", "wrong");
-
 		assertThat(requestMatcher.matches(request)).isFalse();
 	}
 
@@ -84,7 +76,6 @@ public class ELRequestMatcherTests {
 	public void testHasHeaderNull() {
 		ELRequestMatcher requestMatcher = new ELRequestMatcher("hasHeader('User-Agent','MSIE')");
 		MockHttpServletRequest request = new MockHttpServletRequest();
-
 		assertThat(requestMatcher.matches(request)).isFalse();
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/util/matcher/IpAddressMatcherTests.java b/web/src/test/java/org/springframework/security/web/util/matcher/IpAddressMatcherTests.java
index b0f2594cf6..1ef1c66f2e 100644
--- a/web/src/test/java/org/springframework/security/web/util/matcher/IpAddressMatcherTests.java
+++ b/web/src/test/java/org/springframework/security/web/util/matcher/IpAddressMatcherTests.java
@@ -71,7 +71,6 @@ public class IpAddressMatcherTests {
 	@Test
 	public void ipv6RangeMatches() {
 		IpAddressMatcher matcher = new IpAddressMatcher("2001:DB8::/48");
-
 		assertThat(matcher.matches("2001:DB8:0:0:0:0:0:0")).isTrue();
 		assertThat(matcher.matches("2001:DB8:0:0:0:0:0:1")).isTrue();
 		assertThat(matcher.matches("2001:DB8:0:FFFF:FFFF:FFFF:FFFF:FFFF")).isTrue();
@@ -82,10 +81,8 @@ public class IpAddressMatcherTests {
 	@Test
 	public void zeroMaskMatchesAnything() {
 		IpAddressMatcher matcher = new IpAddressMatcher("0.0.0.0/0");
-
 		assertThat(matcher.matches("123.4.5.6")).isTrue();
 		assertThat(matcher.matches("192.168.0.159")).isTrue();
-
 		matcher = new IpAddressMatcher("192.168.0.159/0");
 		assertThat(matcher.matches("123.4.5.6")).isTrue();
 		assertThat(matcher.matches("192.168.0.159")).isTrue();
diff --git a/web/src/test/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcherRequestHCNSTests.java b/web/src/test/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcherRequestHCNSTests.java
index df88943b00..39b210cb76 100644
--- a/web/src/test/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcherRequestHCNSTests.java
+++ b/web/src/test/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcherRequestHCNSTests.java
@@ -52,21 +52,17 @@ public class MediaTypeRequestMatcherRequestHCNSTests {
 	public void mediaAllMatches() {
 		this.request.addHeader("Accept", MediaType.ALL_VALUE);
 		this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, MediaType.TEXT_HTML);
-
 		assertThat(this.matcher.matches(this.request)).isTrue();
-
 		this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, MediaType.APPLICATION_XHTML_XML);
 		assertThat(this.matcher.matches(this.request)).isTrue();
 	}
 
 	// ignoreMediaTypeAll
-
 	@Test
 	public void mediaAllIgnoreMediaTypeAll() {
 		this.request.addHeader("Accept", MediaType.ALL_VALUE);
 		this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, MediaType.TEXT_HTML);
 		this.matcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL));
-
 		assertThat(this.matcher.matches(this.request)).isFalse();
 	}
 
@@ -75,18 +71,15 @@ public class MediaTypeRequestMatcherRequestHCNSTests {
 		this.request.addHeader("Accept", MediaType.ALL_VALUE + "," + MediaType.TEXT_HTML_VALUE);
 		this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, MediaType.TEXT_HTML);
 		this.matcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL));
-
 		assertThat(this.matcher.matches(this.request)).isTrue();
 	}
 
 	// JavaDoc
-
 	@Test
 	public void javadocJsonJson() {
 		this.request.addHeader("Accept", MediaType.APPLICATION_JSON_VALUE);
 		MediaTypeRequestMatcher matcher = new MediaTypeRequestMatcher(this.negotiationStrategy,
 				MediaType.APPLICATION_JSON);
-
 		assertThat(matcher.matches(this.request)).isTrue();
 	}
 
@@ -95,7 +88,6 @@ public class MediaTypeRequestMatcherRequestHCNSTests {
 		this.request.addHeader("Accept", MediaType.ALL_VALUE);
 		MediaTypeRequestMatcher matcher = new MediaTypeRequestMatcher(this.negotiationStrategy,
 				MediaType.APPLICATION_JSON);
-
 		assertThat(matcher.matches(this.request)).isTrue();
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcherTests.java b/web/src/test/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcherTests.java
index 77567eb379..7a9fe12bfa 100644
--- a/web/src/test/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcherTests.java
+++ b/web/src/test/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcherTests.java
@@ -96,20 +96,16 @@ public class MediaTypeRequestMatcherTests {
 	public void negotiationStrategyThrowsHMTNAE() throws HttpMediaTypeNotAcceptableException {
 		given(this.negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class)))
 				.willThrow(new HttpMediaTypeNotAcceptableException("oops"));
-
 		this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, MediaType.ALL);
 		assertThat(this.matcher.matches(this.request)).isFalse();
 	}
 
 	@Test
 	public void mediaAllMatches() throws Exception {
-
 		given(this.negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class)))
 				.willReturn(Arrays.asList(MediaType.ALL));
-
 		this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, MediaType.TEXT_HTML);
 		assertThat(this.matcher.matches(this.request)).isTrue();
-
 		this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, MediaType.APPLICATION_XHTML_XML);
 		assertThat(this.matcher.matches(this.request)).isTrue();
 	}
@@ -190,15 +186,12 @@ public class MediaTypeRequestMatcherTests {
 	public void multipleMediaType() throws HttpMediaTypeNotAcceptableException {
 		given(this.negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class)))
 				.willReturn(Arrays.asList(MediaType.TEXT_PLAIN, MediaType.APPLICATION_XHTML_XML, MediaType.TEXT_HTML));
-
 		this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, MediaType.APPLICATION_ATOM_XML,
 				MediaType.TEXT_HTML);
 		assertThat(this.matcher.matches(this.request)).isTrue();
-
 		this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, MediaType.APPLICATION_XHTML_XML,
 				MediaType.APPLICATION_JSON);
 		assertThat(this.matcher.matches(this.request)).isTrue();
-
 		this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, MediaType.APPLICATION_FORM_URLENCODED,
 				MediaType.APPLICATION_JSON);
 		assertThat(this.matcher.matches(this.request)).isFalse();
@@ -208,7 +201,6 @@ public class MediaTypeRequestMatcherTests {
 	public void resolveTextPlainMatchesTextAll() throws HttpMediaTypeNotAcceptableException {
 		given(this.negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class)))
 				.willReturn(Arrays.asList(MediaType.TEXT_PLAIN));
-
 		this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, new MediaType("text", "*"));
 		assertThat(this.matcher.matches(this.request)).isTrue();
 	}
@@ -216,7 +208,6 @@ public class MediaTypeRequestMatcherTests {
 	@Test
 	public void matchWhenAcceptHeaderIsTextThenMediaTypeAllIsMatched() {
 		this.request.addHeader("Accept", MediaType.TEXT_PLAIN_VALUE);
-
 		this.matcher = new MediaTypeRequestMatcher(new MediaType("text", "*"));
 		assertThat(this.matcher.matches(this.request)).isTrue();
 	}
@@ -225,7 +216,6 @@ public class MediaTypeRequestMatcherTests {
 	public void resolveTextAllMatchesTextPlain() throws HttpMediaTypeNotAcceptableException {
 		given(this.negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class)))
 				.willReturn(Arrays.asList(new MediaType("text", "*")));
-
 		this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, MediaType.TEXT_PLAIN);
 		assertThat(this.matcher.matches(this.request)).isTrue();
 	}
@@ -233,18 +223,15 @@ public class MediaTypeRequestMatcherTests {
 	@Test
 	public void matchWhenAcceptHeaderIsTextWildcardThenMediaTypeTextIsMatched() {
 		this.request.addHeader("Accept", "text/*");
-
 		this.matcher = new MediaTypeRequestMatcher(MediaType.TEXT_PLAIN);
 		assertThat(this.matcher.matches(this.request)).isTrue();
 	}
 
 	// useEquals
-
 	@Test
 	public void useEqualsResolveTextAllMatchesTextPlain() throws HttpMediaTypeNotAcceptableException {
 		given(this.negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class)))
 				.willReturn(Arrays.asList(new MediaType("text", "*")));
-
 		this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, MediaType.TEXT_PLAIN);
 		this.matcher.setUseEquals(true);
 		assertThat(this.matcher.matches(this.request)).isFalse();
@@ -253,7 +240,6 @@ public class MediaTypeRequestMatcherTests {
 	@Test
 	public void useEqualsWhenTrueThenMediaTypeTextIsNotMatched() {
 		this.request.addHeader("Accept", "text/*");
-
 		this.matcher = new MediaTypeRequestMatcher(MediaType.TEXT_PLAIN);
 		this.matcher.setUseEquals(true);
 		assertThat(this.matcher.matches(this.request)).isFalse();
@@ -263,7 +249,6 @@ public class MediaTypeRequestMatcherTests {
 	public void useEqualsResolveTextPlainMatchesTextAll() throws HttpMediaTypeNotAcceptableException {
 		given(this.negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class)))
 				.willReturn(Arrays.asList(MediaType.TEXT_PLAIN));
-
 		this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, new MediaType("text", "*"));
 		this.matcher.setUseEquals(true);
 		assertThat(this.matcher.matches(this.request)).isFalse();
@@ -272,7 +257,6 @@ public class MediaTypeRequestMatcherTests {
 	@Test
 	public void useEqualsWhenTrueThenMediaTypeTextAllIsNotMatched() {
 		this.request.addHeader("Accept", MediaType.TEXT_PLAIN_VALUE);
-
 		this.matcher = new MediaTypeRequestMatcher(new MediaType("text", "*"));
 		this.matcher.setUseEquals(true);
 		assertThat(this.matcher.matches(this.request)).isFalse();
@@ -282,7 +266,6 @@ public class MediaTypeRequestMatcherTests {
 	public void useEqualsSame() throws HttpMediaTypeNotAcceptableException {
 		given(this.negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class)))
 				.willReturn(Arrays.asList(MediaType.TEXT_PLAIN));
-
 		this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, MediaType.TEXT_PLAIN);
 		this.matcher.setUseEquals(true);
 		assertThat(this.matcher.matches(this.request)).isTrue();
@@ -291,7 +274,6 @@ public class MediaTypeRequestMatcherTests {
 	@Test
 	public void useEqualsWhenTrueThenMediaTypeIsMatchedWithEqualString() {
 		this.request.addHeader("Accept", MediaType.TEXT_PLAIN_VALUE);
-
 		this.matcher = new MediaTypeRequestMatcher(MediaType.TEXT_PLAIN);
 		this.matcher.setUseEquals(true);
 		assertThat(this.matcher.matches(this.request)).isTrue();
@@ -301,7 +283,6 @@ public class MediaTypeRequestMatcherTests {
 	public void useEqualsWithCustomMediaType() throws HttpMediaTypeNotAcceptableException {
 		given(this.negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class)))
 				.willReturn(Arrays.asList(new MediaType("text", "unique")));
-
 		this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, new MediaType("text", "unique"));
 		this.matcher.setUseEquals(true);
 		assertThat(this.matcher.matches(this.request)).isTrue();
@@ -310,21 +291,18 @@ public class MediaTypeRequestMatcherTests {
 	@Test
 	public void useEqualsWhenTrueThenCustomMediaTypeIsMatched() {
 		this.request.addHeader("Accept", "text/unique");
-
 		this.matcher = new MediaTypeRequestMatcher(new MediaType("text", "unique"));
 		this.matcher.setUseEquals(true);
 		assertThat(this.matcher.matches(this.request)).isTrue();
 	}
 
 	// ignoreMediaTypeAll
-
 	@Test
 	public void mediaAllIgnoreMediaTypeAll() throws HttpMediaTypeNotAcceptableException {
 		given(this.negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class)))
 				.willReturn(Arrays.asList(MediaType.ALL));
 		this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, MediaType.TEXT_HTML);
 		this.matcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL));
-
 		assertThat(this.matcher.matches(this.request)).isFalse();
 	}
 
@@ -333,7 +311,6 @@ public class MediaTypeRequestMatcherTests {
 		this.request.addHeader("Accept", MediaType.ALL_VALUE);
 		this.matcher = new MediaTypeRequestMatcher(MediaType.TEXT_HTML);
 		this.matcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL));
-
 		assertThat(this.matcher.matches(this.request)).isFalse();
 	}
 
@@ -343,7 +320,6 @@ public class MediaTypeRequestMatcherTests {
 				.willReturn(Arrays.asList(MediaType.ALL, MediaType.TEXT_HTML));
 		this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, MediaType.TEXT_HTML);
 		this.matcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL));
-
 		assertThat(this.matcher.matches(this.request)).isTrue();
 	}
 
@@ -352,7 +328,6 @@ public class MediaTypeRequestMatcherTests {
 		this.request.addHeader("Accept", MediaType.ALL_VALUE + ", " + MediaType.TEXT_HTML_VALUE);
 		this.matcher = new MediaTypeRequestMatcher(MediaType.TEXT_HTML);
 		this.matcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL));
-
 		assertThat(this.matcher.matches(this.request)).isTrue();
 	}
 
@@ -362,7 +337,6 @@ public class MediaTypeRequestMatcherTests {
 				.willReturn(Arrays.asList(MediaType.TEXT_PLAIN, MediaType.parseMediaType("*/*;q=0.8")));
 		this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, MediaType.TEXT_HTML);
 		this.matcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL));
-
 		assertThat(this.matcher.matches(this.request)).isFalse();
 	}
 
@@ -371,7 +345,6 @@ public class MediaTypeRequestMatcherTests {
 		this.request.addHeader("Accept", MediaType.TEXT_PLAIN + ", */*;q=0.8");
 		this.matcher = new MediaTypeRequestMatcher(MediaType.TEXT_HTML);
 		this.matcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL));
-
 		assertThat(this.matcher.matches(this.request)).isFalse();
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/util/matcher/NegatedRequestMatcherTests.java b/web/src/test/java/org/springframework/security/web/util/matcher/NegatedRequestMatcherTests.java
index 7c9cbbae36..1a738c4a42 100644
--- a/web/src/test/java/org/springframework/security/web/util/matcher/NegatedRequestMatcherTests.java
+++ b/web/src/test/java/org/springframework/security/web/util/matcher/NegatedRequestMatcherTests.java
@@ -50,7 +50,6 @@ public class NegatedRequestMatcherTests {
 	public void matchesDelegateFalse() {
 		given(this.delegate.matches(this.request)).willReturn(false);
 		this.matcher = new NegatedRequestMatcher(this.delegate);
-
 		assertThat(this.matcher.matches(this.request)).isTrue();
 	}
 
@@ -58,7 +57,6 @@ public class NegatedRequestMatcherTests {
 	public void matchesDelegateTrue() {
 		given(this.delegate.matches(this.request)).willReturn(true);
 		this.matcher = new NegatedRequestMatcher(this.delegate);
-
 		assertThat(this.matcher.matches(this.request)).isFalse();
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/util/matcher/OrRequestMatcherTests.java b/web/src/test/java/org/springframework/security/web/util/matcher/OrRequestMatcherTests.java
index 6783abef41..291b97c2fb 100644
--- a/web/src/test/java/org/springframework/security/web/util/matcher/OrRequestMatcherTests.java
+++ b/web/src/test/java/org/springframework/security/web/util/matcher/OrRequestMatcherTests.java
@@ -82,7 +82,6 @@ public class OrRequestMatcherTests {
 	public void matchesSingleTrue() {
 		given(this.delegate.matches(this.request)).willReturn(true);
 		this.matcher = new OrRequestMatcher(this.delegate);
-
 		assertThat(this.matcher.matches(this.request)).isTrue();
 	}
 
@@ -90,7 +89,6 @@ public class OrRequestMatcherTests {
 	public void matchesMultiTrue() {
 		given(this.delegate.matches(this.request)).willReturn(true);
 		this.matcher = new OrRequestMatcher(this.delegate, this.delegate2);
-
 		assertThat(this.matcher.matches(this.request)).isTrue();
 	}
 
@@ -98,7 +96,6 @@ public class OrRequestMatcherTests {
 	public void matchesSingleFalse() {
 		given(this.delegate.matches(this.request)).willReturn(false);
 		this.matcher = new OrRequestMatcher(this.delegate);
-
 		assertThat(this.matcher.matches(this.request)).isFalse();
 	}
 
@@ -107,7 +104,6 @@ public class OrRequestMatcherTests {
 		given(this.delegate.matches(this.request)).willReturn(false);
 		given(this.delegate2.matches(this.request)).willReturn(false);
 		this.matcher = new OrRequestMatcher(this.delegate, this.delegate2);
-
 		assertThat(this.matcher.matches(this.request)).isFalse();
 	}
 
@@ -115,7 +111,6 @@ public class OrRequestMatcherTests {
 	public void matchesMultiSingleFalse() {
 		given(this.delegate.matches(this.request)).willReturn(true);
 		this.matcher = new OrRequestMatcher(this.delegate, this.delegate2);
-
 		assertThat(this.matcher.matches(this.request)).isTrue();
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/util/matcher/RegexRequestMatcherTests.java b/web/src/test/java/org/springframework/security/web/util/matcher/RegexRequestMatcherTests.java
index 37d2b2fca4..24f686c28b 100644
--- a/web/src/test/java/org/springframework/security/web/util/matcher/RegexRequestMatcherTests.java
+++ b/web/src/test/java/org/springframework/security/web/util/matcher/RegexRequestMatcherTests.java
@@ -41,31 +41,25 @@ public class RegexRequestMatcherTests {
 	@Test
 	public void doesntMatchIfHttpMethodIsDifferent() {
 		RegexRequestMatcher matcher = new RegexRequestMatcher(".*", "GET");
-
 		MockHttpServletRequest request = new MockHttpServletRequest("POST", "/anything");
-
 		assertThat(matcher.matches(request)).isFalse();
 	}
 
 	@Test
 	public void matchesIfHttpMethodAndPathMatch() {
 		RegexRequestMatcher matcher = new RegexRequestMatcher(".*", "GET");
-
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", "/anything");
 		request.setServletPath("/anything");
-
 		assertThat(matcher.matches(request)).isTrue();
 	}
 
 	@Test
 	public void queryStringIsMatcherCorrectly() {
 		RegexRequestMatcher matcher = new RegexRequestMatcher(".*\\?x=y", "GET");
-
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", "/any/path?x=y");
 		request.setServletPath("/any");
 		request.setPathInfo("/path");
 		request.setQueryString("x=y");
-
 		assertThat(matcher.matches(request)).isTrue();
 	}
 
@@ -104,7 +98,6 @@ public class RegexRequestMatcherTests {
 		RegexRequestMatcher matcher = new RegexRequestMatcher("/blah", "GET");
 		MockHttpServletRequest request = new MockHttpServletRequest("INVALID", "/blah");
 		request.setMethod("INVALID");
-
 		assertThat(matcher.matches(request)).isFalse();
 	}
 

From 0a3eeb9c80b134cf9bdc51e9defdd5c56684b642 Mon Sep 17 00:00:00 2001
From: Phillip Webb <pwebb@vmware.com>
Date: Tue, 4 Aug 2020 10:49:27 -0700
Subject: [PATCH 69/84] Remove incorrect AssertJ imports

Fix a few tests that were accidentally importing incorrect AssertJ
classes.

Issue gh-8945
---
 .../configuration/EnableReactiveMethodSecurityTests.java  | 8 +++-----
 .../security/converter/RsaKeyConvertersTests.java         | 7 ++++---
 .../oauth2/jwt/NimbusReactiveJwtDecoderTests.java         | 3 +--
 3 files changed, 8 insertions(+), 10 deletions(-)

diff --git a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/EnableReactiveMethodSecurityTests.java b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/EnableReactiveMethodSecurityTests.java
index 44e6e6a0d3..4a905ebe88 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/EnableReactiveMethodSecurityTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/EnableReactiveMethodSecurityTests.java
@@ -16,7 +16,6 @@
 
 package org.springframework.security.config.annotation.method.configuration;
 
-import org.assertj.core.api.AssertionsForClassTypes;
 import org.junit.After;
 import org.junit.Test;
 import org.junit.runner.RunWith;
@@ -35,6 +34,7 @@ import org.springframework.security.core.context.ReactiveSecurityContextHolder;
 import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.junit4.SpringRunner;
 
+import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
@@ -200,8 +200,7 @@ public class EnableReactiveMethodSecurityTests {
 		given(this.delegate.fluxPreAuthorizeHasRoleFindById(1L)).willReturn(Flux.just("result"));
 		Flux<String> findById = this.messageService.fluxPreAuthorizeHasRoleFindById(1L)
 				.subscriberContext(this.withAdmin);
-		StepVerifier.create(findById).consumeNextWith((s) -> AssertionsForClassTypes.assertThat(s).isEqualTo("result"))
-				.verifyComplete();
+		StepVerifier.create(findById).consumeNextWith((s) -> assertThat(s).isEqualTo("result")).verifyComplete();
 	}
 
 	@Test
@@ -305,8 +304,7 @@ public class EnableReactiveMethodSecurityTests {
 		given(this.delegate.publisherPreAuthorizeHasRoleFindById(1L)).willReturn(publisherJust("result"));
 		Publisher<String> findById = Flux.from(this.messageService.publisherPreAuthorizeHasRoleFindById(1L))
 				.subscriberContext(this.withAdmin);
-		StepVerifier.create(findById).consumeNextWith((s) -> AssertionsForClassTypes.assertThat(s).isEqualTo("result"))
-				.verifyComplete();
+		StepVerifier.create(findById).consumeNextWith((s) -> assertThat(s).isEqualTo("result")).verifyComplete();
 	}
 
 	@Test
diff --git a/core/src/test/java/org/springframework/security/converter/RsaKeyConvertersTests.java b/core/src/test/java/org/springframework/security/converter/RsaKeyConvertersTests.java
index 62017aa038..17019a626f 100644
--- a/core/src/test/java/org/springframework/security/converter/RsaKeyConvertersTests.java
+++ b/core/src/test/java/org/springframework/security/converter/RsaKeyConvertersTests.java
@@ -24,11 +24,12 @@ import java.security.interfaces.RSAPrivateKey;
 import java.security.interfaces.RSAPublicKey;
 
 import org.assertj.core.api.Assertions;
-import org.assertj.core.api.AssertionsForClassTypes;
 import org.junit.Test;
 
 import org.springframework.core.convert.converter.Converter;
 
+import static org.assertj.core.api.Assertions.assertThatCode;
+
 /**
  * Tests for {@link RsaKeyConverters}
  */
@@ -98,7 +99,7 @@ public class RsaKeyConvertersTests {
 
 	@Test
 	public void pkcs8WhenConvertingPkcs1PrivateKeyThenIllegalArgumentException() {
-		AssertionsForClassTypes.assertThatCode(() -> this.pkcs8.convert(toInputStream(PKCS1_PRIVATE_KEY)))
+		assertThatCode(() -> this.pkcs8.convert(toInputStream(PKCS1_PRIVATE_KEY)))
 				.isInstanceOf(IllegalArgumentException.class);
 	}
 
@@ -110,7 +111,7 @@ public class RsaKeyConvertersTests {
 
 	@Test
 	public void x509WhenConvertingDerEncodedX509PublicKeyThenIllegalArgumentException() {
-		AssertionsForClassTypes.assertThatCode(() -> this.x509.convert(toInputStream(MALFORMED_X509_KEY)))
+		assertThatCode(() -> this.x509.convert(toInputStream(MALFORMED_X509_KEY)))
 				.isInstanceOf(IllegalArgumentException.class);
 	}
 
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoderTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoderTests.java
index 237e3ba2c4..164877f904 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoderTests.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoderTests.java
@@ -47,7 +47,6 @@ import com.nimbusds.jwt.JWTClaimsSet;
 import com.nimbusds.jwt.SignedJWT;
 import okhttp3.mockwebserver.MockResponse;
 import okhttp3.mockwebserver.MockWebServer;
-import org.assertj.core.api.AssertionsForClassTypes;
 import org.junit.After;
 import org.junit.Before;
 import org.junit.BeforeClass;
@@ -345,7 +344,7 @@ public class NimbusReactiveJwtDecoderTests {
 				.jwtProcessorCustomizer(
 						(p) -> p.setJWSTypeVerifier(new DefaultJOSEObjectTypeVerifier<>(new JOSEObjectType("JWS"))))
 				.build();
-		AssertionsForClassTypes.assertThatCode(() -> decoder.decode(this.rsa256).block())
+		assertThatCode(() -> decoder.decode(this.rsa256).block())
 				.isInstanceOf(BadJwtException.class)
 				.hasRootCauseMessage("Required JOSE header \"typ\" (type) parameter is missing");
 	}

From 2f8e835b111b7a887d589b16270af5ed0956ff8f Mon Sep 17 00:00:00 2001
From: Phillip Webb <pwebb@vmware.com>
Date: Tue, 4 Aug 2020 10:51:17 -0700
Subject: [PATCH 70/84] Use assertThatObject to save casting

Update tests that use `assertThat((Object) ...)` to use the convenience
`assertThatObject(...)` method instead.

Issue gh-8945
---
 .../config/annotation/ObjectPostProcessorTests.java    |  4 ++--
 ...ngSecurityContextScheduledExecutorServiceTests.java | 10 +++++-----
 .../InMemoryOAuth2AuthorizedClientServiceTests.java    |  4 ++--
 3 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/config/src/test/java/org/springframework/security/config/annotation/ObjectPostProcessorTests.java b/config/src/test/java/org/springframework/security/config/annotation/ObjectPostProcessorTests.java
index 5df8bf1433..03da3c1814 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/ObjectPostProcessorTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/ObjectPostProcessorTests.java
@@ -22,7 +22,7 @@ import java.util.List;
 
 import org.junit.Test;
 
-import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatObject;
 
 /**
  * @author Rob Winch
@@ -33,7 +33,7 @@ public class ObjectPostProcessorTests {
 
 	@Test
 	public void convertTypes() {
-		assertThat((Object) PerformConversion.perform(new ArrayList<>())).isInstanceOf(LinkedList.class);
+		assertThatObject(PerformConversion.perform(new ArrayList<>())).isInstanceOf(LinkedList.class);
 	}
 
 	static class ListToLinkedListObjectPostProcessor implements ObjectPostProcessor<List<?>> {
diff --git a/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextScheduledExecutorServiceTests.java b/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextScheduledExecutorServiceTests.java
index 0530ce8a67..25dc94c333 100644
--- a/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextScheduledExecutorServiceTests.java
+++ b/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextScheduledExecutorServiceTests.java
@@ -23,7 +23,7 @@ import org.junit.Before;
 import org.junit.Test;
 import org.mockito.Mock;
 
-import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatObject;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.verify;
 
@@ -56,7 +56,7 @@ public abstract class AbstractDelegatingSecurityContextScheduledExecutorServiceT
 		given((ScheduledFuture<Object>) this.delegate.schedule(this.wrappedRunnable, 1, TimeUnit.SECONDS))
 				.willReturn(this.expectedResult);
 		ScheduledFuture<?> result = this.executor.schedule(this.runnable, 1, TimeUnit.SECONDS);
-		assertThat((Object) result).isEqualTo(this.expectedResult);
+		assertThatObject(result).isEqualTo(this.expectedResult);
 		verify(this.delegate).schedule(this.wrappedRunnable, 1, TimeUnit.SECONDS);
 	}
 
@@ -64,7 +64,7 @@ public abstract class AbstractDelegatingSecurityContextScheduledExecutorServiceT
 	public void scheduleCallable() {
 		given(this.delegate.schedule(this.wrappedCallable, 1, TimeUnit.SECONDS)).willReturn(this.expectedResult);
 		ScheduledFuture<Object> result = this.executor.schedule(this.callable, 1, TimeUnit.SECONDS);
-		assertThat((Object) result).isEqualTo(this.expectedResult);
+		assertThatObject(result).isEqualTo(this.expectedResult);
 		verify(this.delegate).schedule(this.wrappedCallable, 1, TimeUnit.SECONDS);
 	}
 
@@ -74,7 +74,7 @@ public abstract class AbstractDelegatingSecurityContextScheduledExecutorServiceT
 		given((ScheduledFuture<Object>) this.delegate.scheduleAtFixedRate(this.wrappedRunnable, 1, 2, TimeUnit.SECONDS))
 				.willReturn(this.expectedResult);
 		ScheduledFuture<?> result = this.executor.scheduleAtFixedRate(this.runnable, 1, 2, TimeUnit.SECONDS);
-		assertThat((Object) result).isEqualTo(this.expectedResult);
+		assertThatObject(result).isEqualTo(this.expectedResult);
 		verify(this.delegate).scheduleAtFixedRate(this.wrappedRunnable, 1, 2, TimeUnit.SECONDS);
 	}
 
@@ -84,7 +84,7 @@ public abstract class AbstractDelegatingSecurityContextScheduledExecutorServiceT
 		given((ScheduledFuture<Object>) this.delegate.scheduleWithFixedDelay(this.wrappedRunnable, 1, 2,
 				TimeUnit.SECONDS)).willReturn(this.expectedResult);
 		ScheduledFuture<?> result = this.executor.scheduleWithFixedDelay(this.runnable, 1, 2, TimeUnit.SECONDS);
-		assertThat((Object) result).isEqualTo(this.expectedResult);
+		assertThatObject(result).isEqualTo(this.expectedResult);
 		verify(this.delegate).scheduleWithFixedDelay(this.wrappedRunnable, 1, 2, TimeUnit.SECONDS);
 	}
 
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryOAuth2AuthorizedClientServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryOAuth2AuthorizedClientServiceTests.java
index 17288536a1..0c7b2c5be9 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryOAuth2AuthorizedClientServiceTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryOAuth2AuthorizedClientServiceTests.java
@@ -29,6 +29,7 @@ import org.springframework.security.oauth2.client.registration.TestClientRegistr
 import org.springframework.security.oauth2.core.OAuth2AccessToken;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatObject;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.BDDMockito.given;
@@ -80,8 +81,7 @@ public class InMemoryOAuth2AuthorizedClientServiceTests {
 		given(clientRegistrationRepository.findByRegistrationId(eq(registrationId))).willReturn(this.registration3);
 		InMemoryOAuth2AuthorizedClientService authorizedClientService = new InMemoryOAuth2AuthorizedClientService(
 				clientRegistrationRepository, authorizedClients);
-		assertThat((Object) authorizedClientService.loadAuthorizedClient(registrationId, this.principalName1))
-				.isNotNull();
+		assertThatObject(authorizedClientService.loadAuthorizedClient(registrationId, this.principalName1)).isNotNull();
 	}
 
 	@Test(expected = IllegalArgumentException.class)

From 1e840cc854e3a22d70513903d993df16ad4f38be Mon Sep 17 00:00:00 2001
From: Phillip Webb <pwebb@vmware.com>
Date: Tue, 4 Aug 2020 00:23:01 -0700
Subject: [PATCH 71/84] Move @Mock annotations

Update a couple of tests to use the more traditional `@Mock` annotation
placement.

Issue gh-8945
---
 .../aspect/AnnotationSecurityAspectTests.java        |  3 ++-
 .../AspectJMethodSecurityInterceptorTests.java       | 12 ++++++++----
 2 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/aspects/src/test/java/org/springframework/security/access/intercept/aspectj/aspect/AnnotationSecurityAspectTests.java b/aspects/src/test/java/org/springframework/security/access/intercept/aspectj/aspect/AnnotationSecurityAspectTests.java
index 9c0923a18a..4296c72cec 100644
--- a/aspects/src/test/java/org/springframework/security/access/intercept/aspectj/aspect/AnnotationSecurityAspectTests.java
+++ b/aspects/src/test/java/org/springframework/security/access/intercept/aspectj/aspect/AnnotationSecurityAspectTests.java
@@ -59,7 +59,8 @@ public class AnnotationSecurityAspectTests {
 
 	private AffirmativeBased adm;
 
-	private @Mock AuthenticationManager authman;
+	@Mock
+	private AuthenticationManager authman;
 
 	private TestingAuthenticationToken anne = new TestingAuthenticationToken("anne", "", "ROLE_A");
 
diff --git a/core/src/test/java/org/springframework/security/access/intercept/aspectj/AspectJMethodSecurityInterceptorTests.java b/core/src/test/java/org/springframework/security/access/intercept/aspectj/AspectJMethodSecurityInterceptorTests.java
index 6ea44ac332..08ef48c501 100644
--- a/core/src/test/java/org/springframework/security/access/intercept/aspectj/AspectJMethodSecurityInterceptorTests.java
+++ b/core/src/test/java/org/springframework/security/access/intercept/aspectj/AspectJMethodSecurityInterceptorTests.java
@@ -68,13 +68,17 @@ public class AspectJMethodSecurityInterceptorTests {
 
 	private AspectJMethodSecurityInterceptor interceptor;
 
-	private @Mock AccessDecisionManager adm;
+	@Mock
+	private AccessDecisionManager adm;
 
-	private @Mock MethodSecurityMetadataSource mds;
+	@Mock
+	private MethodSecurityMetadataSource mds;
 
-	private @Mock AuthenticationManager authman;
+	@Mock
+	private AuthenticationManager authman;
 
-	private @Mock AspectJCallback aspectJCallback;
+	@Mock
+	private AspectJCallback aspectJCallback;
 
 	private ProceedingJoinPoint joinPoint;
 

From ef8f11361912a0888d084be9b67136519f6aba3c Mon Sep 17 00:00:00 2001
From: Phillip Webb <pwebb@vmware.com>
Date: Tue, 4 Aug 2020 15:10:55 -0700
Subject: [PATCH 72/84] Use assertThat instead of Java assert

Fix `DefaultSavedRequestMixinTests` so that `assertThat` is used rather
than Java's `assert` keyword.

Issue gh-8945
---
 .../security/web/jackson2/DefaultSavedRequestMixinTests.java    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/src/test/java/org/springframework/security/web/jackson2/DefaultSavedRequestMixinTests.java b/web/src/test/java/org/springframework/security/web/jackson2/DefaultSavedRequestMixinTests.java
index ba7104fd37..c289e87387 100644
--- a/web/src/test/java/org/springframework/security/web/jackson2/DefaultSavedRequestMixinTests.java
+++ b/web/src/test/java/org/springframework/security/web/jackson2/DefaultSavedRequestMixinTests.java
@@ -84,7 +84,7 @@ public class DefaultSavedRequestMixinTests extends AbstractMixinTests {
 		MockHttpServletRequest mockRequest = new MockHttpServletRequest();
 		mockRequest.setCookies(new Cookie("SESSION", "123456789"));
 		mockRequest.addHeader("x-auth-token", "12");
-		assert request.doesRequestMatch(mockRequest, new PortResolverImpl());
+		assertThat(request.doesRequestMatch(mockRequest, new PortResolverImpl())).isTrue();
 	}
 
 	@Test

From 319d3364aa24773ec040110664c66b6f9e158aca Mon Sep 17 00:00:00 2001
From: Phillip Webb <pwebb@vmware.com>
Date: Tue, 4 Aug 2020 14:20:45 -0700
Subject: [PATCH 73/84] Migrate to assertThatExceptionOfType

Consistently use `assertThatExceptionOfType(...).isThrownBy(...)`
rather than `assertThatCode` or `assertThatThrownBy`. This aligns with
Spring Boot and Spring Cloud. It also allows the convenience
`assertThatIllegalArgument` and `assertThatIllegalState` methods to
be used.

Issue gh-8945
---
 .../rsocket/HelloRSocketITests.java           |  10 +-
 ...RSocketMessageHandlerConnectionITests.java |  25 ++--
 .../rsocket/RSocketMessageHandlerITests.java  |  27 ++--
 .../rsocket/SimpleAuthenticationITests.java   |   6 +-
 .../AuthenticationConfigurationTests.java     |  17 ++-
 .../EnableReactiveMethodSecurityTests.java    |  10 +-
 ...lobalMethodSecurityConfigurationTests.java |  24 ++--
 ...lMethodSecurityExpressionHandlerTests.java |  13 +-
 .../NamespaceGlobalMethodSecurityTests.java   |  66 +++++-----
 ...SampleEnableGlobalMethodSecurityTests.java |   9 +-
 .../annotation/sec2758/Sec2758Tests.java      |   5 +-
 .../WebSecurityConfigurerAdapterTests.java    |   3 +-
 .../OAuth2ClientConfigurationTests.java       |  30 +++--
 .../WebSecurityConfigurationTests.java        |  27 ++--
 .../web/configurers/CorsConfigurerTests.java  |   6 +-
 .../web/configurers/CsrfConfigurerTests.java  |  12 +-
 ...essionUrlAuthorizationConfigurerTests.java |  17 +--
 .../configurers/HeadersConfigurerTests.java   |  17 ++-
 .../configurers/LogoutConfigurerTests.java    |  32 +++--
 .../NamespaceHttpFirewallTests.java           |  13 +-
 .../configurers/PermitAllSupportTests.java    |   8 +-
 .../RememberMeConfigurerTests.java            |  17 ++-
 .../client/OAuth2LoginConfigurerTests.java    |  10 +-
 .../OAuth2ResourceServerConfigurerTests.java  |  46 ++++---
 .../UserDetailsResourceFactoryBeanTests.java  |  15 ++-
 ...eyConversionServicePostProcessorTests.java |   6 +-
 .../config/http/AccessDeniedConfigTests.java  |  10 +-
 .../config/http/FormLoginConfigTests.java     |  10 +-
 .../config/http/HttpCorsConfigTests.java      |   7 +-
 .../config/http/HttpHeadersConfigTests.java   | 101 +++++++--------
 .../config/http/InterceptUrlConfigTests.java  |  18 +--
 .../config/http/MiscHttpConfigTests.java      |  15 +--
 .../http/MultiHttpBlockConfigTests.java       |  12 +-
 ...sourceServerBeanDefinitionParserTests.java |  30 ++---
 .../config/http/OpenIDConfigTests.java        |   6 +-
 .../config/http/RememberMeConfigTests.java    |  25 ++--
 .../config/web/server/FormLoginTests.java     |   7 +-
 .../server/OAuth2ResourceServerSpecTests.java |  11 +-
 .../WebSocketMessageBrokerConfigTests.java    |  91 +++++++------
 ...oryReactiveAuthenticationManagerTests.java |   7 +-
 .../dao/DaoAuthenticationProviderTests.java   |   4 +-
 .../jaas/JaasGrantedAuthorityTests.java       |  14 +-
 .../converter/RsaKeyConvertersTests.java      |   8 +-
 .../SecurityJackson2ModulesTests.java         |   5 +-
 .../DelegatingPasswordEncoderTests.java       |  38 +++---
 etc/checkstyle/checkstyle.xml                 |   8 ++
 .../ldap/server/ApacheDSContainerTests.java   |  12 +-
 ...UserDetailsManagerModifyPasswordTests.java |   6 +-
 ...deOAuth2AuthorizedClientProviderTests.java |  10 +-
 ...veOAuth2AuthorizedClientProviderTests.java |  10 +-
 ...iceOAuth2AuthorizedClientManagerTests.java |  49 +++----
 ...iveOAuth2AuthorizedClientManagerTests.java |  62 +++++----
 ...lsOAuth2AuthorizedClientProviderTests.java |  24 ++--
 ...veOAuth2AuthorizedClientProviderTests.java |  24 ++--
 ...ngOAuth2AuthorizedClientProviderTests.java |  14 +-
 ...veOAuth2AuthorizedClientProviderTests.java |  14 +-
 ...oryOAuth2AuthorizedClientServiceTests.java |   7 +-
 ...iveOAuth2AuthorizedClientServiceTests.java |  52 ++++----
 ...dbcOAuth2AuthorizedClientServiceTests.java |  68 +++++-----
 .../OAuth2AuthorizationContextTests.java      |  17 ++-
 .../client/OAuth2AuthorizeRequestTests.java   |  21 +--
 .../client/OAuth2AuthorizedClientIdTests.java |  10 +-
 ...2AuthorizedClientProviderBuilderTests.java |  15 ++-
 ...rdOAuth2AuthorizedClientProviderTests.java |  24 ++--
 ...veOAuth2AuthorizedClientProviderTests.java |  24 ++--
 ...2AuthorizedClientProviderBuilderTests.java |  15 ++-
 ...enOAuth2AuthorizedClientProviderTests.java |  30 +++--
 ...veOAuth2AuthorizedClientProviderTests.java |  30 +++--
 ...zationCodeAuthenticationProviderTests.java |  22 ++--
 ...orizationCodeAuthenticationTokenTests.java |  24 ++--
 ...odeReactiveAuthenticationManagerTests.java |   8 +-
 ...ginReactiveAuthenticationManagerTests.java |  28 ++--
 ...orizationCodeTokenResponseClientTests.java |  50 +++----
 ...ntCredentialsTokenResponseClientTests.java |  48 +++----
 ...faultPasswordTokenResponseClientTests.java |  32 ++---
 ...tRefreshTokenTokenResponseClientTests.java |  34 ++---
 ...th2ClientCredentialsGrantRequestTests.java |   9 +-
 .../OAuth2PasswordGrantRequestTests.java      |  33 +++--
 .../OAuth2RefreshTokenGrantRequestTests.java  |  17 ++-
 ...orizationCodeTokenResponseClientTests.java |  20 +--
 ...ntCredentialsTokenResponseClientTests.java |  12 +-
 ...ctivePasswordTokenResponseClientTests.java |  39 +++---
 ...eRefreshTokenTokenResponseClientTests.java |  36 +++---
 .../OAuth2ErrorResponseErrorHandlerTests.java |  14 +-
 ...uth2AuthenticationExceptionMixinTests.java |   6 +-
 .../OAuth2AuthenticationTokenMixinTests.java  |   6 +-
 .../OAuth2AuthorizationRequestMixinTests.java |  11 +-
 .../OAuth2AuthorizedClientMixinTests.java     |   6 +-
 ...odeReactiveAuthenticationManagerTests.java |  41 +++---
 .../OidcIdTokenDecoderFactoryTests.java       |  41 +++---
 .../OidcIdTokenValidatorTests.java            |   9 +-
 ...eactiveOidcIdTokenDecoderFactoryTests.java |  41 +++---
 .../OidcReactiveOAuth2UserServiceTests.java   |  15 +--
 .../oidc/userinfo/OidcUserRequestTests.java   |  14 +-
 .../oidc/userinfo/OidcUserServiceTests.java   |  11 +-
 ...entInitiatedLogoutSuccessHandlerTests.java |   8 +-
 ...tiatedServerLogoutSuccessHandlerTests.java |   8 +-
 .../registration/ClientRegistrationTests.java |  56 ++++----
 .../ClientRegistrationsTests.java             |  55 ++++----
 ...tiveClientRegistrationRepositoryTests.java |  17 ++-
 ...DefaultReactiveOAuth2UserServiceTests.java |  30 +++--
 .../userinfo/OAuth2UserRequestTests.java      |   8 +-
 ...OAuth2AuthorizedClientRepositoryTests.java |  10 +-
 ...uth2AuthorizationRequestResolverTests.java |  18 ++-
 ...ultOAuth2AuthorizedClientManagerTests.java |  57 ++++----
 ...iveOAuth2AuthorizedClientManagerTests.java |  74 ++++++-----
 ...h2AuthorizationRequestRepositoryTests.java |  25 ++--
 ...OAuth2AuthorizedClientRepositoryTests.java |  34 +++--
 ...uth2AuthorizationCodeGrantFilterTests.java |  21 +--
 ...thorizationRequestRedirectFilterTests.java |  15 +--
 .../OAuth2LoginAuthenticationFilterTests.java |  25 ++--
 ...AuthorizedClientArgumentResolverTests.java |  53 ++++----
 ...zedClientExchangeFilterFunctionITests.java |   6 +-
 ...izedClientExchangeFilterFunctionTests.java |  99 +++++++-------
 ...izedClientExchangeFilterFunctionTests.java |  87 +++++++------
 ...AuthorizedClientArgumentResolverTests.java |  22 ++--
 ...OAuth2AuthorizedClientRepositoryTests.java |  10 +-
 ...uth2AuthorizationRequestResolverTests.java |  13 +-
 ...2AuthorizationCodeGrantWebFilterTests.java |  39 +++---
 ...rizationRequestRedirectWebFilterTests.java |   6 +-
 ...CodeAuthenticationTokenConverterTests.java |  12 +-
 ...OAuth2AuthorizedClientRepositoryTests.java |  47 +++----
 ...erAuthorizationRequestRepositoryTests.java |  17 ++-
 ...OAuth2AuthorizedClientRepositoryTests.java |  31 ++---
 .../core/AuthenticationMethodTests.java       |   5 +-
 ...aultOAuth2AuthenticatedPrincipalTests.java |  10 +-
 .../DelegatingOAuth2TokenValidatorTests.java  |   7 +-
 .../converter/ClaimTypeConverterTests.java    |   7 +-
 .../OAuth2AuthorizationRequestTests.java      |  42 +++---
 .../OAuth2AuthorizationResponseTests.java     |   9 +-
 ...okenResponseHttpMessageConverterTests.java |  22 ++--
 .../OAuth2ErrorHttpMessageConverterTests.java |  21 ++-
 .../core/oidc/OidcIdTokenBuilderTests.java    |  10 +-
 .../oidc/user/OidcUserAuthorityTests.java     |   3 +-
 .../function/OAuth2BodyExtractorsTests.java   |  10 +-
 .../security/oauth2/jwt/JwtBuilderTests.java  |  10 +-
 .../oauth2/jwt/JwtClaimValidatorTests.java    |   9 +-
 .../security/oauth2/jwt/JwtDecodersTests.java |  54 ++++----
 .../oauth2/jwt/JwtIssuerValidatorTests.java   |   6 +-
 .../jwt/JwtTimestampValidatorTests.java       |   6 +-
 .../jwt/MappedJwtClaimSetConverterTests.java  |  16 +--
 .../jwt/NimbusJwtDecoderJwkSupportTests.java  |  50 ++++---
 .../oauth2/jwt/NimbusJwtDecoderTests.java     | 103 ++++++++-------
 .../jwt/NimbusReactiveJwtDecoderTests.java    | 122 +++++++++---------
 .../oauth2/jwt/ReactiveJwtDecodersTests.java  |  67 +++++-----
 .../BearerTokenAuthenticationTokenTests.java  |  10 +-
 .../resource/BearerTokenErrorTests.java       |  54 ++++----
 .../BearerTokenAuthenticationTests.java       |  12 +-
 .../JwtAuthenticationProviderTests.java       |  13 +-
 .../JwtAuthenticationTokenTests.java          |   6 +-
 ...uerAuthenticationManagerResolverTests.java |  44 ++++---
 ...iveAuthenticationManagerResolverTests.java |  45 ++++---
 ...JwtReactiveAuthenticationManagerTests.java |  20 +--
 ...paqueTokenAuthenticationProviderTests.java |   9 +-
 ...kenReactiveAuthenticationManagerTests.java |  10 +-
 .../NimbusOpaqueTokenIntrospectorTests.java   |  39 +++---
 ...sReactiveOpaqueTokenIntrospectorTests.java |  48 +++----
 ...rospectionAuthenticatedPrincipalTests.java |  10 +-
 ...rerTokenAuthenticationEntryPointTests.java |   3 +-
 .../BearerTokenAuthenticationFilterTests.java |  21 ++-
 .../web/DefaultBearerTokenResolverTests.java  |  22 ++--
 .../web/HeaderBearerTokenResolverTests.java   |  10 +-
 .../BearerTokenAccessDeniedHandlerTests.java  |   3 +-
 ...erTokenServerAccessDeniedHandlerTests.java |   3 +-
 ...arerTokenAuthenticationConverterTests.java |  43 +++---
 .../AnonymousPayloadInterceptorTests.java     |  16 +--
 ...AuthenticationPayloadInterceptorTests.java |   4 +-
 .../core/PayloadInterceptorRSocketTests.java  |  24 ++--
 .../core/PayloadSocketAcceptorTests.java      |  15 ++-
 .../OpenSamlInitializationServiceTests.java   |   7 +-
 ...faultSaml2AuthenticatedPrincipalTests.java |  10 +-
 .../OpenSamlAuthenticationProviderTests.java  |  12 +-
 ...SamlAuthenticationRequestFactoryTests.java |   5 +-
 ...ationBuilderHttpMessageConverterTests.java |  18 +--
 .../RelyingPartyRegistrationsTests.java       |  10 +-
 ...ebSsoAuthenticationRequestFilterTests.java |   6 +-
 ...RelyingPartyRegistrationResolverTests.java |   5 +-
 ...enticationRequestContextResolverTests.java |   5 +-
 ...aml2AuthenticationTokenConverterTests.java |   4 +-
 .../service/web/Saml2MetadataFilterTests.java |   4 +-
 ...ockServerConfigurersOAuth2ClientTests.java |   7 +-
 ...equestPostProcessorsOAuth2ClientTests.java |   7 +-
 .../ExceptionTranslationFilterTests.java      |   6 +-
 .../web/access/intercept/RequestKeyTests.java |   6 +-
 .../SwitchUserGrantedAuthorityTests.java      |  14 +-
 ...ecurityWebApplicationInitializerTests.java |  52 ++++----
 .../web/firewall/StrictHttpFirewallTests.java |  53 ++++----
 .../writers/CompositeHeaderWriterTests.java   |   5 +-
 .../FeaturePolicyHeaderWriterTests.java       |  10 +-
 ...icationPrincipalArgumentResolverTests.java |   4 +-
 .../savedrequest/CookieRequestCacheTests.java |   5 +-
 ...onverterServerWebExchangeMatcherTests.java |   7 +-
 ...rverAuthenticationSuccessHandlerTests.java |  12 +-
 .../DelegatingServerLogoutHandlerTests.java   |  20 +--
 .../HttpsRedirectWebFilterTests.java          |  11 +-
 .../util/matcher/IpAddressMatcherTests.java   |  13 +-
 196 files changed, 2241 insertions(+), 2116 deletions(-)

diff --git a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/HelloRSocketITests.java b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/HelloRSocketITests.java
index 7262646c80..1277074e20 100644
--- a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/HelloRSocketITests.java
+++ b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/HelloRSocketITests.java
@@ -20,6 +20,7 @@ import java.util.ArrayList;
 import java.util.List;
 
 import io.rsocket.RSocketFactory;
+import io.rsocket.exceptions.RejectedSetupException;
 import io.rsocket.frame.decoder.PayloadDecoder;
 import io.rsocket.transport.netty.server.CloseableChannel;
 import io.rsocket.transport.netty.server.TcpServerTransport;
@@ -46,7 +47,7 @@ import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.junit4.SpringRunner;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatCode;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 
 /**
  * @author Rob Winch
@@ -87,10 +88,11 @@ public class HelloRSocketITests {
 		this.requester = RSocketRequester.builder().rsocketStrategies(this.handler.getRSocketStrategies())
 				.connectTcp("localhost", this.server.address().getPort()).block();
 		String data = "rob";
-		assertThatCode(() -> this.requester.route("secure.retrieve-mono").data(data).retrieveMono(String.class).block())
-				.isNotNull();
+		assertThatExceptionOfType(Exception.class).isThrownBy(
+				() -> this.requester.route("secure.retrieve-mono").data(data).retrieveMono(String.class).block())
+				.matches((ex) -> ex instanceof RejectedSetupException
+						|| ex.getClass().toString().contains("ReactiveException"));
 		// FIXME: https://github.com/rsocket/rsocket-java/issues/686
-		// .isInstanceOf(RejectedSetupException.class);
 		assertThat(this.controller.payloads).isEmpty();
 	}
 
diff --git a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerConnectionITests.java b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerConnectionITests.java
index ecacae6b21..2c3c603838 100644
--- a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerConnectionITests.java
+++ b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerConnectionITests.java
@@ -21,6 +21,7 @@ import java.util.List;
 
 import io.rsocket.RSocketFactory;
 import io.rsocket.exceptions.ApplicationErrorException;
+import io.rsocket.exceptions.RejectedSetupException;
 import io.rsocket.frame.decoder.PayloadDecoder;
 import io.rsocket.transport.netty.server.CloseableChannel;
 import io.rsocket.transport.netty.server.TcpServerTransport;
@@ -49,7 +50,7 @@ import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.junit4.SpringRunner;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatCode;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 
 /**
  * @author Rob Winch
@@ -103,8 +104,8 @@ public class RSocketMessageHandlerConnectionITests {
 		UsernamePasswordMetadata credentials = new UsernamePasswordMetadata("user", "password");
 		this.requester = requester().setupMetadata(credentials, UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE)
 				.connectTcp(this.server.address().getHostName(), this.server.address().getPort()).block();
-		assertThatCode(() -> this.requester.route("secure.admin.retrieve-mono").data("data").retrieveMono(String.class)
-				.block()).isInstanceOf(ApplicationErrorException.class);
+		assertThatExceptionOfType(ApplicationErrorException.class).isThrownBy(() -> this.requester
+				.route("secure.admin.retrieve-mono").data("data").retrieveMono(String.class).block());
 	}
 
 	@Test
@@ -137,10 +138,11 @@ public class RSocketMessageHandlerConnectionITests {
 	public void connectWhenNotAuthenticated() {
 		this.requester = requester().connectTcp(this.server.address().getHostName(), this.server.address().getPort())
 				.block();
-		assertThatCode(() -> this.requester.route("retrieve-mono").data("data").retrieveMono(String.class).block())
-				.isNotNull();
+		assertThatExceptionOfType(Exception.class)
+				.isThrownBy(() -> this.requester.route("retrieve-mono").data("data").retrieveMono(String.class).block())
+				.matches((ex) -> ex instanceof RejectedSetupException
+						|| ex.getClass().toString().contains("ReactiveException"));
 		// FIXME: https://github.com/rsocket/rsocket-java/issues/686
-		// .isInstanceOf(RejectedSetupException.class);
 	}
 
 	@Test
@@ -148,10 +150,11 @@ public class RSocketMessageHandlerConnectionITests {
 		UsernamePasswordMetadata credentials = new UsernamePasswordMetadata("evil", "password");
 		this.requester = requester().setupMetadata(credentials, UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE)
 				.connectTcp(this.server.address().getHostName(), this.server.address().getPort()).block();
-		assertThatCode(() -> this.requester.route("retrieve-mono").data("data").retrieveMono(String.class).block())
-				.isNotNull();
+		assertThatExceptionOfType(Exception.class)
+				.isThrownBy(() -> this.requester.route("retrieve-mono").data("data").retrieveMono(String.class).block())
+				.matches((ex) -> ex instanceof RejectedSetupException
+						|| ex.getClass().toString().contains("ReactiveException"));
 		// FIXME: https://github.com/rsocket/rsocket-java/issues/686
-		// .isInstanceOf(RejectedSetupException.class);
 	}
 
 	@Test
@@ -159,8 +162,8 @@ public class RSocketMessageHandlerConnectionITests {
 		UsernamePasswordMetadata credentials = new UsernamePasswordMetadata("user", "password");
 		this.requester = requester().setupMetadata(credentials, UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE)
 				.connectTcp(this.server.address().getHostName(), this.server.address().getPort()).block();
-		assertThatCode(() -> this.requester.route("prohibit").data("data").retrieveMono(String.class).block())
-				.isInstanceOf(ApplicationErrorException.class);
+		assertThatExceptionOfType(ApplicationErrorException.class)
+				.isThrownBy(() -> this.requester.route("prohibit").data("data").retrieveMono(String.class).block());
 	}
 
 	@Test
diff --git a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerITests.java b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerITests.java
index 9b4f37a09d..ee91c97f30 100644
--- a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerITests.java
+++ b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerITests.java
@@ -52,7 +52,7 @@ import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.junit4.SpringRunner;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatCode;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 
 /**
  * @author Rob Winch
@@ -96,8 +96,9 @@ public class RSocketMessageHandlerITests {
 	@Test
 	public void retrieveMonoWhenSecureThenDenied() throws Exception {
 		String data = "rob";
-		assertThatCode(() -> this.requester.route("secure.retrieve-mono").data(data).retrieveMono(String.class).block())
-				.isInstanceOf(ApplicationErrorException.class).hasMessageContaining("Access Denied");
+		assertThatExceptionOfType(ApplicationErrorException.class).isThrownBy(
+				() -> this.requester.route("secure.retrieve-mono").data(data).retrieveMono(String.class).block())
+				.withMessageContaining("Access Denied");
 		assertThat(this.controller.payloads).isEmpty();
 	}
 
@@ -105,10 +106,11 @@ public class RSocketMessageHandlerITests {
 	public void retrieveMonoWhenAuthenticationFailedThenException() throws Exception {
 		String data = "rob";
 		UsernamePasswordMetadata credentials = new UsernamePasswordMetadata("invalid", "password");
-		assertThatCode(() -> this.requester.route("secure.retrieve-mono")
-				.metadata(credentials, UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE).data(data)
-				.retrieveMono(String.class).block()).isInstanceOf(ApplicationErrorException.class)
-						.hasMessageContaining("Invalid Credentials");
+		assertThatExceptionOfType(ApplicationErrorException.class)
+				.isThrownBy(() -> this.requester.route("secure.retrieve-mono")
+						.metadata(credentials, UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE).data(data)
+						.retrieveMono(String.class).block())
+				.withMessageContaining("Invalid Credentials");
 		assertThat(this.controller.payloads).isEmpty();
 	}
 
@@ -134,9 +136,10 @@ public class RSocketMessageHandlerITests {
 	@Test
 	public void retrieveFluxWhenDataFluxAndSecureThenDenied() throws Exception {
 		Flux<String> data = Flux.just("a", "b", "c");
-		assertThatCode(() -> this.requester.route("secure.retrieve-flux").data(data, String.class)
-				.retrieveFlux(String.class).collectList().block()).isInstanceOf(ApplicationErrorException.class)
-						.hasMessageContaining("Access Denied");
+		assertThatExceptionOfType(ApplicationErrorException.class)
+				.isThrownBy(() -> this.requester.route("secure.retrieve-flux").data(data, String.class)
+						.retrieveFlux(String.class).collectList().block())
+				.withMessageContaining("Access Denied");
 		assertThat(this.controller.payloads).isEmpty();
 	}
 
@@ -152,9 +155,9 @@ public class RSocketMessageHandlerITests {
 	@Test
 	public void retrieveFluxWhenDataStringAndSecureThenDenied() throws Exception {
 		String data = "a";
-		assertThatCode(
+		assertThatExceptionOfType(ApplicationErrorException.class).isThrownBy(
 				() -> this.requester.route("secure.hello").data(data).retrieveFlux(String.class).collectList().block())
-						.isInstanceOf(ApplicationErrorException.class).hasMessageContaining("Access Denied");
+				.withMessageContaining("Access Denied");
 		assertThat(this.controller.payloads).isEmpty();
 	}
 
diff --git a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/SimpleAuthenticationITests.java b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/SimpleAuthenticationITests.java
index 29f1c3b495..370e1786ce 100644
--- a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/SimpleAuthenticationITests.java
+++ b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/SimpleAuthenticationITests.java
@@ -52,7 +52,7 @@ import org.springframework.util.MimeType;
 import org.springframework.util.MimeTypeUtils;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatCode;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 
 /**
  * @author Rob Winch
@@ -93,8 +93,8 @@ public class SimpleAuthenticationITests {
 		this.requester = RSocketRequester.builder().rsocketStrategies(this.handler.getRSocketStrategies())
 				.connectTcp("localhost", this.server.address().getPort()).block();
 		String data = "rob";
-		assertThatCode(() -> this.requester.route("secure.retrieve-mono").data(data).retrieveMono(String.class).block())
-				.isInstanceOf(ApplicationErrorException.class);
+		assertThatExceptionOfType(ApplicationErrorException.class).isThrownBy(
+				() -> this.requester.route("secure.retrieve-mono").data(data).retrieveMono(String.class).block());
 		assertThat(this.controller.payloads).isEmpty();
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationTests.java
index 9c5c153200..d410060767 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationTests.java
@@ -63,7 +63,7 @@ import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.provisioning.InMemoryUserDetailsManager;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.ArgumentMatchers.startsWith;
@@ -165,9 +165,8 @@ public class AuthenticationConfigurationTests {
 				new BootGlobalAuthenticationConfigurerAdapter()));
 		AuthenticationManager authenticationManager = config.getAuthenticationManager();
 		authenticationManager.authenticate(new UsernamePasswordAuthenticationToken("user", "password"));
-		assertThatThrownBy(
-				() -> authenticationManager.authenticate(new UsernamePasswordAuthenticationToken("boot", "password")))
-						.isInstanceOf(AuthenticationException.class);
+		assertThatExceptionOfType(AuthenticationException.class).isThrownBy(
+				() -> authenticationManager.authenticate(new UsernamePasswordAuthenticationToken("boot", "password")));
 	}
 
 	@Test
@@ -207,8 +206,8 @@ public class AuthenticationConfigurationTests {
 				.getAuthenticationManager();
 		given(uds.loadUserByUsername("user")).willReturn(PasswordEncodedUser.user(), PasswordEncodedUser.user());
 		am.authenticate(new UsernamePasswordAuthenticationToken("user", "password"));
-		assertThatThrownBy(() -> am.authenticate(new UsernamePasswordAuthenticationToken("user", "invalid")))
-				.isInstanceOf(AuthenticationException.class);
+		assertThatExceptionOfType(AuthenticationException.class)
+				.isThrownBy(() -> am.authenticate(new UsernamePasswordAuthenticationToken("user", "invalid")));
 	}
 
 	@Test
@@ -222,8 +221,8 @@ public class AuthenticationConfigurationTests {
 		given(uds.loadUserByUsername("user")).willReturn(User.withUserDetails(user).build(),
 				User.withUserDetails(user).build());
 		am.authenticate(new UsernamePasswordAuthenticationToken("user", "password"));
-		assertThatThrownBy(() -> am.authenticate(new UsernamePasswordAuthenticationToken("user", "invalid")))
-				.isInstanceOf(AuthenticationException.class);
+		assertThatExceptionOfType(AuthenticationException.class)
+				.isThrownBy(() -> am.authenticate(new UsernamePasswordAuthenticationToken("user", "invalid")));
 	}
 
 	@Test
@@ -291,7 +290,7 @@ public class AuthenticationConfigurationTests {
 		this.spring.register(AuthenticationConfigurationSubclass.class).autowire();
 		AuthenticationManagerBuilder ap = this.spring.getContext().getBean(AuthenticationManagerBuilder.class);
 		this.spring.getContext().getBean(AuthenticationConfiguration.class).getAuthenticationManager();
-		assertThatThrownBy(ap::build).isInstanceOf(AlreadyBuiltException.class);
+		assertThatExceptionOfType(AlreadyBuiltException.class).isThrownBy(ap::build);
 	}
 
 	@EnableGlobalMethodSecurity(securedEnabled = true)
diff --git a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/EnableReactiveMethodSecurityTests.java b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/EnableReactiveMethodSecurityTests.java
index 4a905ebe88..83ff811ce7 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/EnableReactiveMethodSecurityTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/EnableReactiveMethodSecurityTests.java
@@ -35,7 +35,7 @@ import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.junit4.SpringRunner;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatIllegalStateException;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.reset;
@@ -73,9 +73,11 @@ public class EnableReactiveMethodSecurityTests {
 
 	@Test
 	public void notPublisherPreAuthorizeFindByIdThenThrowsIllegalStateException() {
-		assertThatThrownBy(() -> this.messageService.notPublisherPreAuthorizeFindById(1L))
-				.isInstanceOf(IllegalStateException.class).extracting(Throwable::getMessage).isEqualTo(
-						"The returnType class java.lang.String on public abstract java.lang.String org.springframework.security.config.annotation.method.configuration.ReactiveMessageService.notPublisherPreAuthorizeFindById(long) must return an instance of org.reactivestreams.Publisher (i.e. Mono / Flux) in order to support Reactor Context");
+		assertThatIllegalStateException().isThrownBy(() -> this.messageService.notPublisherPreAuthorizeFindById(1L))
+				.withMessage("The returnType class java.lang.String on public abstract java.lang.String "
+						+ "org.springframework.security.config.annotation.method.configuration.ReactiveMessageService"
+						+ ".notPublisherPreAuthorizeFindById(long) must return an instance of org.reactivestreams"
+						+ ".Publisher (i.e. Mono / Flux) in order to support Reactor Context");
 	}
 
 	@Test
diff --git a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfigurationTests.java
index 713839542b..5b4ce0106e 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfigurationTests.java
@@ -61,7 +61,7 @@ import org.springframework.transaction.annotation.EnableTransactionManagement;
 import org.springframework.web.context.support.AnnotationConfigWebApplicationContext;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.BDDMockito.given;
@@ -125,7 +125,8 @@ public class GlobalMethodSecurityConfigurationTests {
 		this.spring.register(CustomTrustResolverConfig.class).autowire();
 		AuthenticationTrustResolver trustResolver = this.spring.getContext().getBean(AuthenticationTrustResolver.class);
 		given(trustResolver.isAnonymous(any())).willReturn(true, false);
-		assertThatThrownBy(() -> this.service.preAuthorizeNotAnonymous()).isInstanceOf(AccessDeniedException.class);
+		assertThatExceptionOfType(AccessDeniedException.class)
+				.isThrownBy(() -> this.service.preAuthorizeNotAnonymous());
 		this.service.preAuthorizeNotAnonymous();
 		verify(trustResolver, atLeastOnce()).isAnonymous(any());
 	}
@@ -136,7 +137,7 @@ public class GlobalMethodSecurityConfigurationTests {
 	public void defaultWebSecurityExpressionHandlerHasBeanResolverSet() {
 		this.spring.register(ExpressionHandlerHasBeanResolverSetConfig.class).autowire();
 		Authz authz = this.spring.getContext().getBean(Authz.class);
-		assertThatThrownBy(() -> this.service.preAuthorizeBean(false)).isInstanceOf(AccessDeniedException.class);
+		assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(() -> this.service.preAuthorizeBean(false));
 		this.service.preAuthorizeBean(true);
 	}
 
@@ -144,7 +145,7 @@ public class GlobalMethodSecurityConfigurationTests {
 	@WithMockUser
 	public void methodSecuritySupportsAnnotaitonsOnInterfaceParamerNames() {
 		this.spring.register(MethodSecurityServiceConfig.class).autowire();
-		assertThatThrownBy(() -> this.service.postAnnotation("deny")).isInstanceOf(AccessDeniedException.class);
+		assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(() -> this.service.postAnnotation("deny"));
 		this.service.postAnnotation("grant");
 		// no exception
 	}
@@ -157,7 +158,8 @@ public class GlobalMethodSecurityConfigurationTests {
 		given(permission.hasPermission(any(), eq("something"), eq("read"))).willReturn(true, false);
 		this.service.hasPermission("something");
 		// no exception
-		assertThatThrownBy(() -> this.service.hasPermission("something")).isInstanceOf(AccessDeniedException.class);
+		assertThatExceptionOfType(AccessDeniedException.class)
+				.isThrownBy(() -> this.service.hasPermission("something"));
 	}
 
 	@Test
@@ -171,7 +173,7 @@ public class GlobalMethodSecurityConfigurationTests {
 	@WithMockUser
 	public void enableGlobalMethodSecurityWorksOnSuperclass() {
 		this.spring.register(ChildConfig.class).autowire();
-		assertThatThrownBy(() -> this.service.preAuthorize()).isInstanceOf(AccessDeniedException.class);
+		assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(() -> this.service.preAuthorize());
 	}
 
 	// SEC-2479
@@ -186,7 +188,7 @@ public class GlobalMethodSecurityConfigurationTests {
 				child.register(Sec2479ChildConfig.class);
 				child.refresh();
 				this.spring.context(child).autowire();
-				assertThatThrownBy(() -> this.service.preAuthorize()).isInstanceOf(AccessDeniedException.class);
+				assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(() -> this.service.preAuthorize());
 			}
 		}
 	}
@@ -228,7 +230,7 @@ public class GlobalMethodSecurityConfigurationTests {
 	@WithMockUser
 	public void preAuthorizeBeanSpel() {
 		this.spring.register(PreAuthorizeBeanSpelConfig.class).autowire();
-		assertThatThrownBy(() -> this.service.preAuthorizeBean(false)).isInstanceOf(AccessDeniedException.class);
+		assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(() -> this.service.preAuthorizeBean(false));
 		this.service.preAuthorizeBean(true);
 	}
 
@@ -237,7 +239,7 @@ public class GlobalMethodSecurityConfigurationTests {
 	@WithMockUser
 	public void roleHierarchy() {
 		this.spring.register(RoleHierarchyConfig.class).autowire();
-		assertThatThrownBy(() -> this.service.preAuthorize()).isInstanceOf(AccessDeniedException.class);
+		assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(() -> this.service.preAuthorize());
 		this.service.preAuthorizeAdmin();
 	}
 
@@ -247,7 +249,7 @@ public class GlobalMethodSecurityConfigurationTests {
 		this.spring.register(CustomGrantedAuthorityConfig.class).autowire();
 		CustomGrantedAuthorityConfig.CustomAuthorityService customService = this.spring.getContext()
 				.getBean(CustomGrantedAuthorityConfig.CustomAuthorityService.class);
-		assertThatThrownBy(() -> this.service.preAuthorize()).isInstanceOf(AccessDeniedException.class);
+		assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(() -> this.service.preAuthorize());
 		customService.customPrefixRoleUser();
 		// no exception
 	}
@@ -258,7 +260,7 @@ public class GlobalMethodSecurityConfigurationTests {
 		this.spring.register(EmptyRolePrefixGrantedAuthorityConfig.class).autowire();
 		EmptyRolePrefixGrantedAuthorityConfig.CustomAuthorityService customService = this.spring.getContext()
 				.getBean(EmptyRolePrefixGrantedAuthorityConfig.CustomAuthorityService.class);
-		assertThatThrownBy(() -> this.service.securedUser()).isInstanceOf(AccessDeniedException.class);
+		assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(() -> this.service.securedUser());
 		customService.emptyPrefixRoleUser();
 		// no exception
 	}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/NamespaceGlobalMethodSecurityExpressionHandlerTests.java b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/NamespaceGlobalMethodSecurityExpressionHandlerTests.java
index 90d0d45f08..b9bf7080b8 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/NamespaceGlobalMethodSecurityExpressionHandlerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/NamespaceGlobalMethodSecurityExpressionHandlerTests.java
@@ -33,8 +33,8 @@ import org.springframework.security.test.context.annotation.SecurityTestExecutio
 import org.springframework.security.test.context.support.WithMockUser;
 import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 
-import static org.assertj.core.api.Assertions.assertThatCode;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 
 /**
  * @author Rob Winch
@@ -54,16 +54,17 @@ public class NamespaceGlobalMethodSecurityExpressionHandlerTests {
 	@WithMockUser
 	public void methodSecurityWhenUsingCustomPermissionEvaluatorThenPreAuthorizesAccordingly() {
 		this.spring.register(CustomAccessDecisionManagerConfig.class, MethodSecurityServiceConfig.class).autowire();
-		assertThatCode(() -> this.service.hasPermission("granted")).doesNotThrowAnyException();
-		assertThatThrownBy(() -> this.service.hasPermission("denied")).isInstanceOf(AccessDeniedException.class);
+		assertThat(this.service.hasPermission("granted")).isNull();
+		assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(() -> this.service.hasPermission("denied"));
 	}
 
 	@Test
 	@WithMockUser
 	public void methodSecurityWhenUsingCustomPermissionEvaluatorThenPostAuthorizesAccordingly() {
 		this.spring.register(CustomAccessDecisionManagerConfig.class, MethodSecurityServiceConfig.class).autowire();
-		assertThatCode(() -> this.service.postHasPermission("granted")).doesNotThrowAnyException();
-		assertThatThrownBy(() -> this.service.postHasPermission("denied")).isInstanceOf(AccessDeniedException.class);
+		assertThat(this.service.postHasPermission("granted")).isNull();
+		assertThatExceptionOfType(AccessDeniedException.class)
+				.isThrownBy(() -> this.service.postHasPermission("denied"));
 	}
 
 	@EnableGlobalMethodSecurity(prePostEnabled = true)
diff --git a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/NamespaceGlobalMethodSecurityTests.java b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/NamespaceGlobalMethodSecurityTests.java
index e61d475da5..fd46256b4b 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/NamespaceGlobalMethodSecurityTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/NamespaceGlobalMethodSecurityTests.java
@@ -57,8 +57,7 @@ import org.springframework.security.test.context.support.WithMockUser;
 import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatCode;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 
 /**
  * @author Rob Winch
@@ -78,32 +77,32 @@ public class NamespaceGlobalMethodSecurityTests {
 	@WithMockUser
 	public void methodSecurityWhenCustomAccessDecisionManagerThenAuthorizes() {
 		this.spring.register(CustomAccessDecisionManagerConfig.class, MethodSecurityServiceConfig.class).autowire();
-		assertThatThrownBy(() -> this.service.preAuthorize()).isInstanceOf(AccessDeniedException.class);
-		assertThatThrownBy(() -> this.service.secured()).isInstanceOf(AccessDeniedException.class);
+		assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(() -> this.service.preAuthorize());
+		assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(() -> this.service.secured());
 	}
 
 	@Test
 	@WithMockUser
 	public void methodSecurityWhenCustomAfterInvocationManagerThenAuthorizes() {
 		this.spring.register(CustomAfterInvocationManagerConfig.class, MethodSecurityServiceConfig.class).autowire();
-		assertThatThrownBy(() -> this.service.preAuthorizePermitAll()).isInstanceOf(AccessDeniedException.class);
+		assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(() -> this.service.preAuthorizePermitAll());
 	}
 
 	@Test
 	@WithMockUser
 	public void methodSecurityWhenCustomAuthenticationManagerThenAuthorizes() {
 		this.spring.register(CustomAuthenticationConfig.class, MethodSecurityServiceConfig.class).autowire();
-		assertThatThrownBy(() -> this.service.preAuthorize()).isInstanceOf(UnsupportedOperationException.class);
+		assertThatExceptionOfType(UnsupportedOperationException.class).isThrownBy(() -> this.service.preAuthorize());
 	}
 
 	@Test
 	@WithMockUser
 	public void methodSecurityWhenJsr250EnabledThenAuthorizes() {
 		this.spring.register(Jsr250Config.class, MethodSecurityServiceConfig.class).autowire();
-		assertThatCode(() -> this.service.preAuthorize()).doesNotThrowAnyException();
-		assertThatCode(() -> this.service.secured()).doesNotThrowAnyException();
-		assertThatThrownBy(() -> this.service.jsr250()).isInstanceOf(AccessDeniedException.class);
-		assertThatCode(() -> this.service.jsr250PermitAll()).doesNotThrowAnyException();
+		this.service.preAuthorize();
+		this.service.secured();
+		this.service.jsr250PermitAll();
+		assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(() -> this.service.jsr250());
 	}
 
 	@Test
@@ -111,9 +110,9 @@ public class NamespaceGlobalMethodSecurityTests {
 	public void methodSecurityWhenCustomMethodSecurityMetadataSourceThenAuthorizes() {
 		this.spring.register(CustomMethodSecurityMetadataSourceConfig.class, MethodSecurityServiceConfig.class)
 				.autowire();
-		assertThatThrownBy(() -> this.service.preAuthorize()).isInstanceOf(AccessDeniedException.class);
-		assertThatThrownBy(() -> this.service.secured()).isInstanceOf(AccessDeniedException.class);
-		assertThatThrownBy(() -> this.service.jsr250()).isInstanceOf(AccessDeniedException.class);
+		assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(() -> this.service.preAuthorize());
+		assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(() -> this.service.secured());
+		assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(() -> this.service.jsr250());
 	}
 
 	@Test
@@ -144,7 +143,7 @@ public class NamespaceGlobalMethodSecurityTests {
 		this.spring.register(CustomOrderConfig.class, MethodSecurityServiceConfig.class).autowire();
 		assertThat(this.spring.getContext().getBean("metaDataSourceAdvisor", MethodSecurityMetadataSourceAdvisor.class)
 				.getOrder()).isEqualTo(-135);
-		assertThatThrownBy(() -> this.service.jsr250()).isInstanceOf(AccessDeniedException.class);
+		assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(() -> this.service.jsr250());
 	}
 
 	@Test
@@ -153,7 +152,7 @@ public class NamespaceGlobalMethodSecurityTests {
 		this.spring.register(DefaultOrderConfig.class, MethodSecurityServiceConfig.class).autowire();
 		assertThat(this.spring.getContext().getBean("metaDataSourceAdvisor", MethodSecurityMetadataSourceAdvisor.class)
 				.getOrder()).isEqualTo(Ordered.LOWEST_PRECEDENCE);
-		assertThatThrownBy(() -> this.service.jsr250()).isInstanceOf(UnsupportedOperationException.class);
+		assertThatExceptionOfType(UnsupportedOperationException.class).isThrownBy(() -> this.service.jsr250());
 	}
 
 	@Test
@@ -163,25 +162,25 @@ public class NamespaceGlobalMethodSecurityTests {
 				.autowire();
 		assertThat(this.spring.getContext().getBean("metaDataSourceAdvisor", MethodSecurityMetadataSourceAdvisor.class)
 				.getOrder()).isEqualTo(Ordered.LOWEST_PRECEDENCE);
-		assertThatThrownBy(() -> this.service.jsr250()).isInstanceOf(UnsupportedOperationException.class);
+		assertThatExceptionOfType(UnsupportedOperationException.class).isThrownBy(() -> this.service.jsr250());
 	}
 
 	@Test
 	@WithMockUser
 	public void methodSecurityWhenPrePostEnabledThenPreAuthorizes() {
 		this.spring.register(PreAuthorizeConfig.class, MethodSecurityServiceConfig.class).autowire();
-		assertThatCode(() -> this.service.secured()).doesNotThrowAnyException();
-		assertThatCode(() -> this.service.jsr250()).doesNotThrowAnyException();
-		assertThatThrownBy(() -> this.service.preAuthorize()).isInstanceOf(AccessDeniedException.class);
+		this.service.secured();
+		this.service.jsr250();
+		assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(() -> this.service.preAuthorize());
 	}
 
 	@Test
 	@WithMockUser
 	public void methodSecurityWhenPrePostEnabledAndCustomGlobalMethodSecurityConfigurationThenPreAuthorizes() {
 		this.spring.register(PreAuthorizeExtendsGMSCConfig.class, MethodSecurityServiceConfig.class).autowire();
-		assertThatCode(() -> this.service.secured()).doesNotThrowAnyException();
-		assertThatCode(() -> this.service.jsr250()).doesNotThrowAnyException();
-		assertThatThrownBy(() -> this.service.preAuthorize()).isInstanceOf(AccessDeniedException.class);
+		this.service.secured();
+		this.service.jsr250();
+		assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(() -> this.service.preAuthorize());
 	}
 
 	@Test
@@ -190,7 +189,7 @@ public class NamespaceGlobalMethodSecurityTests {
 		this.spring.register(ProxyTargetClassConfig.class, MethodSecurityServiceConfig.class).autowire();
 		// make sure service was actually proxied
 		assertThat(this.service.getClass().getInterfaces()).doesNotContain(MethodSecurityService.class);
-		assertThatThrownBy(() -> this.service.preAuthorize()).isInstanceOf(AccessDeniedException.class);
+		assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(() -> this.service.preAuthorize());
 	}
 
 	@Test
@@ -198,7 +197,7 @@ public class NamespaceGlobalMethodSecurityTests {
 	public void methodSecurityWhenDefaultProxyThenWiresToInterface() {
 		this.spring.register(DefaultProxyConfig.class, MethodSecurityServiceConfig.class).autowire();
 		assertThat(this.service.getClass().getInterfaces()).contains(MethodSecurityService.class);
-		assertThatThrownBy(() -> this.service.preAuthorize()).isInstanceOf(AccessDeniedException.class);
+		assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(() -> this.service.preAuthorize());
 	}
 
 	@Test
@@ -213,26 +212,27 @@ public class NamespaceGlobalMethodSecurityTests {
 	@WithMockUser
 	public void methodSecurityWhenSecuredEnabledThenSecures() {
 		this.spring.register(SecuredConfig.class, MethodSecurityServiceConfig.class).autowire();
-		assertThatThrownBy(() -> this.service.secured()).isInstanceOf(AccessDeniedException.class);
-		assertThatCode(() -> this.service.securedUser()).doesNotThrowAnyException();
-		assertThatCode(() -> this.service.preAuthorize()).doesNotThrowAnyException();
-		assertThatCode(() -> this.service.jsr250()).doesNotThrowAnyException();
+		assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(() -> this.service.secured());
+		this.service.securedUser();
+		this.service.preAuthorize();
+		this.service.jsr250();
 	}
 
 	@Test
 	@WithMockUser
 	public void methodSecurityWhenMissingEnableAnnotationThenShowsHelpfulError() {
-		assertThatThrownBy(() -> this.spring.register(ExtendsNoEnableAnntotationConfig.class).autowire())
-				.hasStackTraceContaining(EnableGlobalMethodSecurity.class.getName() + " is required");
+		assertThatExceptionOfType(Exception.class)
+				.isThrownBy(() -> this.spring.register(ExtendsNoEnableAnntotationConfig.class).autowire())
+				.withStackTraceContaining(EnableGlobalMethodSecurity.class.getName() + " is required");
 	}
 
 	@Test
 	@WithMockUser
 	public void methodSecurityWhenImportingGlobalMethodSecurityConfigurationSubclassThenAuthorizes() {
 		this.spring.register(ImportSubclassGMSCConfig.class, MethodSecurityServiceConfig.class).autowire();
-		assertThatCode(() -> this.service.secured()).doesNotThrowAnyException();
-		assertThatCode(() -> this.service.jsr250()).doesNotThrowAnyException();
-		assertThatThrownBy(() -> this.service.preAuthorize()).isInstanceOf(AccessDeniedException.class);
+		this.service.secured();
+		this.service.jsr250();
+		assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(() -> this.service.preAuthorize());
 	}
 
 	@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
diff --git a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/SampleEnableGlobalMethodSecurityTests.java b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/SampleEnableGlobalMethodSecurityTests.java
index 4984b241eb..bf2bf1ae6c 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/SampleEnableGlobalMethodSecurityTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/SampleEnableGlobalMethodSecurityTests.java
@@ -35,7 +35,7 @@ import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 
 /**
  * Demonstrate the samples
@@ -62,15 +62,16 @@ public class SampleEnableGlobalMethodSecurityTests {
 		this.spring.register(SampleWebSecurityConfig.class).autowire();
 		assertThat(this.methodSecurityService.secured()).isNull();
 		assertThat(this.methodSecurityService.jsr250()).isNull();
-		assertThatThrownBy(() -> this.methodSecurityService.preAuthorize()).isInstanceOf(AccessDeniedException.class);
+		assertThatExceptionOfType(AccessDeniedException.class)
+				.isThrownBy(() -> this.methodSecurityService.preAuthorize());
 	}
 
 	@Test
 	public void customPermissionHandler() {
 		this.spring.register(CustomPermissionEvaluatorWebSecurityConfig.class).autowire();
 		assertThat(this.methodSecurityService.hasPermission("allowed")).isNull();
-		assertThatThrownBy(() -> this.methodSecurityService.hasPermission("denied"))
-				.isInstanceOf(AccessDeniedException.class);
+		assertThatExceptionOfType(AccessDeniedException.class)
+				.isThrownBy(() -> this.methodSecurityService.hasPermission("denied"));
 	}
 
 	@EnableGlobalMethodSecurity(prePostEnabled = true)
diff --git a/config/src/test/java/org/springframework/security/config/annotation/sec2758/Sec2758Tests.java b/config/src/test/java/org/springframework/security/config/annotation/sec2758/Sec2758Tests.java
index bbca9375c7..bd94e55f45 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/sec2758/Sec2758Tests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/sec2758/Sec2758Tests.java
@@ -44,7 +44,6 @@ import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RestController;
 
-import static org.assertj.core.api.Assertions.assertThatCode;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
 
@@ -76,8 +75,8 @@ public class Sec2758Tests {
 	@Test
 	public void methodSecurityWhenNullifyingRolePrefixThenPassivityRestored() {
 		this.spring.register(SecurityConfig.class).autowire();
-		assertThatCode(() -> this.service.doJsr250()).doesNotThrowAnyException();
-		assertThatCode(() -> this.service.doPreAuthorize()).doesNotThrowAnyException();
+		this.service.doJsr250();
+		this.service.doPreAuthorize();
 	}
 
 	@EnableWebSecurity
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterTests.java
index 68b3b22b1e..1c2ad19eb2 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterTests.java
@@ -56,7 +56,6 @@ import org.springframework.web.accept.HeaderContentNegotiationStrategy;
 import org.springframework.web.filter.OncePerRequestFilter;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatCode;
 import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.mock;
@@ -142,7 +141,7 @@ public class WebSecurityConfigurerAdapterTests {
 	public void loadConfigWhenUserDetailsServiceHasCircularReferenceThenStillLoads() {
 		this.spring.register(RequiresUserDetailsServiceConfig.class, UserDetailsServiceConfig.class).autowire();
 		MyFilter myFilter = this.spring.getContext().getBean(MyFilter.class);
-		assertThatCode(() -> myFilter.userDetailsService.loadUserByUsername("user")).doesNotThrowAnyException();
+		myFilter.userDetailsService.loadUserByUsername("user");
 		assertThatExceptionOfType(UsernameNotFoundException.class)
 				.isThrownBy(() -> myFilter.userDetailsService.loadUserByUsername("admin"));
 	}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfigurationTests.java
index 815317885a..a8fca5db6d 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfigurationTests.java
@@ -21,6 +21,7 @@ import javax.servlet.http.HttpServletRequest;
 import org.junit.Rule;
 import org.junit.Test;
 
+import org.springframework.beans.factory.BeanCreationException;
 import org.springframework.beans.factory.NoSuchBeanDefinitionException;
 import org.springframework.beans.factory.NoUniqueBeanDefinitionException;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -46,7 +47,7 @@ import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RestController;
 import org.springframework.web.servlet.config.annotation.EnableWebMvc;
 
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.BDDMockito.given;
@@ -131,32 +132,37 @@ public class OAuth2ClientConfigurationTests {
 	// gh-5321
 	@Test
 	public void loadContextWhenOAuth2AuthorizedClientRepositoryRegisteredTwiceThenThrowNoUniqueBeanDefinitionException() {
-		assertThatThrownBy(
+		assertThatExceptionOfType(BeanCreationException.class).isThrownBy(
 				() -> this.spring.register(OAuth2AuthorizedClientRepositoryRegisteredTwiceConfig.class).autowire())
-						.hasRootCauseInstanceOf(NoUniqueBeanDefinitionException.class)
-						.hasMessageContaining("Expected single matching bean of type '"
-								+ OAuth2AuthorizedClientRepository.class.getName()
+				.withRootCauseInstanceOf(NoUniqueBeanDefinitionException.class).withMessageContaining(
+						"Expected single matching bean of type '" + OAuth2AuthorizedClientRepository.class.getName()
 								+ "' but found 2: authorizedClientRepository1,authorizedClientRepository2");
 	}
 
 	@Test
 	public void loadContextWhenClientRegistrationRepositoryNotRegisteredThenThrowNoSuchBeanDefinitionException() {
-		assertThatThrownBy(() -> this.spring.register(ClientRegistrationRepositoryNotRegisteredConfig.class).autowire())
-				.hasRootCauseInstanceOf(NoSuchBeanDefinitionException.class).hasMessageContaining(
+		assertThatExceptionOfType(Exception.class)
+				.isThrownBy(
+						() -> this.spring.register(ClientRegistrationRepositoryNotRegisteredConfig.class).autowire())
+				.withRootCauseInstanceOf(NoSuchBeanDefinitionException.class).withMessageContaining(
 						"No qualifying bean of type '" + ClientRegistrationRepository.class.getName() + "' available");
 	}
 
 	@Test
 	public void loadContextWhenClientRegistrationRepositoryRegisteredTwiceThenThrowNoUniqueBeanDefinitionException() {
-		assertThatThrownBy(() -> this.spring.register(ClientRegistrationRepositoryRegisteredTwiceConfig.class)
-				.autowire()).hasRootCauseInstanceOf(NoUniqueBeanDefinitionException.class).hasMessageContaining(
-						"expected single matching bean but found 2: clientRegistrationRepository1,clientRegistrationRepository2");
+		assertThatExceptionOfType(Exception.class)
+				.isThrownBy(
+						() -> this.spring.register(ClientRegistrationRepositoryRegisteredTwiceConfig.class).autowire())
+				.withMessageContaining(
+						"expected single matching bean but found 2: clientRegistrationRepository1,clientRegistrationRepository2")
+				.withRootCauseInstanceOf(NoUniqueBeanDefinitionException.class);
 	}
 
 	@Test
 	public void loadContextWhenAccessTokenResponseClientRegisteredTwiceThenThrowNoUniqueBeanDefinitionException() {
-		assertThatThrownBy(() -> this.spring.register(AccessTokenResponseClientRegisteredTwiceConfig.class).autowire())
-				.hasRootCauseInstanceOf(NoUniqueBeanDefinitionException.class).hasMessageContaining(
+		assertThatExceptionOfType(Exception.class)
+				.isThrownBy(() -> this.spring.register(AccessTokenResponseClientRegisteredTwiceConfig.class).autowire())
+				.withRootCauseInstanceOf(NoUniqueBeanDefinitionException.class).withMessageContaining(
 						"expected single matching bean but found 2: accessTokenResponseClient1,accessTokenResponseClient2");
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurationTests.java
index 5950691cc5..ad3bcb3408 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurationTests.java
@@ -61,7 +61,7 @@ import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RestController;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.catchThrowable;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
@@ -128,11 +128,11 @@ public class WebSecurityConfigurationTests {
 
 	@Test
 	public void loadConfigWhenWebSecurityConfigurersHaveSameOrderThenThrowBeanCreationException() {
-		Throwable thrown = catchThrowable(() -> this.spring.register(DuplicateOrderConfig.class).autowire());
-		assertThat(thrown).isInstanceOf(BeanCreationException.class)
-				.hasMessageContaining("@Order on WebSecurityConfigurers must be unique")
-				.hasMessageContaining(DuplicateOrderConfig.WebConfigurer1.class.getName())
-				.hasMessageContaining(DuplicateOrderConfig.WebConfigurer2.class.getName());
+		assertThatExceptionOfType(BeanCreationException.class)
+				.isThrownBy(() -> this.spring.register(DuplicateOrderConfig.class).autowire())
+				.withMessageContaining("@Order on WebSecurityConfigurers must be unique")
+				.withMessageContaining(DuplicateOrderConfig.WebConfigurer1.class.getName())
+				.withMessageContaining(DuplicateOrderConfig.WebConfigurer2.class.getName());
 	}
 
 	@Test
@@ -155,10 +155,9 @@ public class WebSecurityConfigurationTests {
 
 	@Test
 	public void loadConfigWhenSecurityExpressionHandlerIsNullThenException() {
-		Throwable thrown = catchThrowable(
-				() -> this.spring.register(NullWebSecurityExpressionHandlerConfig.class).autowire());
-		assertThat(thrown).isInstanceOf(BeanCreationException.class);
-		assertThat(thrown).hasRootCauseExactlyInstanceOf(IllegalArgumentException.class);
+		assertThatExceptionOfType(BeanCreationException.class)
+				.isThrownBy(() -> this.spring.register(NullWebSecurityExpressionHandlerConfig.class).autowire())
+				.havingRootCause().isExactlyInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
@@ -250,10 +249,10 @@ public class WebSecurityConfigurationTests {
 
 	@Test
 	public void loadConfigWhenBothAdapterAndFilterChainConfiguredThenException() {
-		Throwable thrown = catchThrowable(() -> this.spring.register(AdapterAndFilterChainConfig.class).autowire());
-		assertThat(thrown).isInstanceOf(BeanCreationException.class)
-				.hasRootCauseExactlyInstanceOf(IllegalStateException.class)
-				.hasMessageContaining("Found WebSecurityConfigurerAdapter as well as SecurityFilterChain.");
+		assertThatExceptionOfType(BeanCreationException.class)
+				.isThrownBy(() -> this.spring.register(AdapterAndFilterChainConfig.class).autowire())
+				.withRootCauseExactlyInstanceOf(IllegalStateException.class)
+				.withMessageContaining("Found WebSecurityConfigurerAdapter as well as SecurityFilterChain.");
 
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CorsConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CorsConfigurerTests.java
index 0530f29de3..a13bb2af4f 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CorsConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CorsConfigurerTests.java
@@ -42,7 +42,7 @@ import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
 import org.springframework.web.filter.CorsFilter;
 import org.springframework.web.servlet.config.annotation.EnableWebMvc;
 
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.springframework.security.config.Customizer.withDefaults;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.options;
@@ -65,8 +65,8 @@ public class CorsConfigurerTests {
 
 	@Test
 	public void configureWhenNoMvcThenException() {
-		assertThatThrownBy(() -> this.spring.register(DefaultCorsConfig.class).autowire())
-				.isInstanceOf(BeanCreationException.class).hasMessageContaining(
+		assertThatExceptionOfType(BeanCreationException.class)
+				.isThrownBy(() -> this.spring.register(DefaultCorsConfig.class).autowire()).withMessageContaining(
 						"Please ensure Spring Security & Spring MVC are configured in a shared ApplicationContext");
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerTests.java
index dbdc70f79e..a3629ab9bd 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerTests.java
@@ -52,7 +52,7 @@ import org.springframework.web.bind.annotation.RestController;
 import org.springframework.web.servlet.support.RequestDataValueProcessor;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.isNull;
 import static org.mockito.BDDMockito.given;
@@ -343,8 +343,9 @@ public class CsrfConfigurerTests {
 	// SEC-2749
 	@Test
 	public void configureWhenRequireCsrfProtectionMatcherNullThenException() {
-		assertThatThrownBy(() -> this.spring.register(NullRequireCsrfProtectionMatcherConfig.class).autowire())
-				.isInstanceOf(BeanCreationException.class).hasRootCauseInstanceOf(IllegalArgumentException.class);
+		assertThatExceptionOfType(BeanCreationException.class)
+				.isThrownBy(() -> this.spring.register(NullRequireCsrfProtectionMatcherConfig.class).autowire())
+				.withRootCauseInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
@@ -356,8 +357,9 @@ public class CsrfConfigurerTests {
 
 	@Test
 	public void getWhenNullAuthenticationStrategyThenException() {
-		assertThatThrownBy(() -> this.spring.register(NullAuthenticationStrategy.class).autowire())
-				.isInstanceOf(BeanCreationException.class).hasRootCauseInstanceOf(IllegalArgumentException.class);
+		assertThatExceptionOfType(BeanCreationException.class)
+				.isThrownBy(() -> this.spring.register(NullAuthenticationStrategy.class).autowire())
+				.withRootCauseInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurerTests.java
index f1abe4e97a..95097349e9 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurerTests.java
@@ -56,7 +56,7 @@ import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RestController;
 
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.spy;
@@ -84,9 +84,9 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 
 	@Test
 	public void configureWhenHasRoleStartingWithStringRoleThenException() {
-		assertThatThrownBy(() -> this.spring.register(HasRoleStartingWithRoleConfig.class).autowire())
-				.isInstanceOf(BeanCreationException.class).hasRootCauseInstanceOf(IllegalArgumentException.class)
-				.hasMessageContaining(
+		assertThatExceptionOfType(BeanCreationException.class)
+				.isThrownBy(() -> this.spring.register(HasRoleStartingWithRoleConfig.class).autowire())
+				.withRootCauseInstanceOf(IllegalArgumentException.class).withMessageContaining(
 						"role should not start with 'ROLE_' since it is automatically inserted. Got 'ROLE_USER'");
 	}
 
@@ -98,15 +98,16 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 
 	@Test
 	public void configureWhenAuthorizedRequestsAndNoRequestsThenException() {
-		assertThatThrownBy(() -> this.spring.register(NoRequestsConfig.class).autowire())
-				.isInstanceOf(BeanCreationException.class).hasMessageContaining(
+		assertThatExceptionOfType(BeanCreationException.class)
+				.isThrownBy(() -> this.spring.register(NoRequestsConfig.class).autowire()).withMessageContaining(
 						"At least one mapping is required (i.e. authorizeRequests().anyRequest().authenticated())");
 	}
 
 	@Test
 	public void configureWhenAnyRequestIncompleteMappingThenException() {
-		assertThatThrownBy(() -> this.spring.register(IncompleteMappingConfig.class).autowire())
-				.isInstanceOf(BeanCreationException.class).hasMessageContaining("An incomplete mapping was found for ");
+		assertThatExceptionOfType(BeanCreationException.class)
+				.isThrownBy(() -> this.spring.register(IncompleteMappingConfig.class).autowire())
+				.withMessageContaining("An incomplete mapping was found for ");
 	}
 
 	@Test
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerTests.java
index c4da0f5809..a806075a0e 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerTests.java
@@ -36,7 +36,7 @@ import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.test.web.servlet.MvcResult;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.springframework.security.config.Customizer.withDefaults;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.header;
@@ -320,14 +320,16 @@ public class HeadersConfigurerTests {
 
 	@Test
 	public void configureWhenContentSecurityPolicyEmptyThenException() {
-		assertThatThrownBy(() -> this.spring.register(ContentSecurityPolicyInvalidConfig.class).autowire())
-				.isInstanceOf(BeanCreationException.class).hasRootCauseInstanceOf(IllegalArgumentException.class);
+		assertThatExceptionOfType(BeanCreationException.class)
+				.isThrownBy(() -> this.spring.register(ContentSecurityPolicyInvalidConfig.class).autowire())
+				.withRootCauseInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
 	public void configureWhenContentSecurityPolicyEmptyInLambdaThenException() {
-		assertThatThrownBy(() -> this.spring.register(ContentSecurityPolicyInvalidInLambdaConfig.class).autowire())
-				.isInstanceOf(BeanCreationException.class).hasRootCauseInstanceOf(IllegalArgumentException.class);
+		assertThatExceptionOfType(BeanCreationException.class)
+				.isThrownBy(() -> this.spring.register(ContentSecurityPolicyInvalidInLambdaConfig.class).autowire())
+				.withRootCauseInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
@@ -381,8 +383,9 @@ public class HeadersConfigurerTests {
 
 	@Test
 	public void configureWhenFeaturePolicyEmptyThenException() {
-		assertThatThrownBy(() -> this.spring.register(FeaturePolicyInvalidConfig.class).autowire())
-				.isInstanceOf(BeanCreationException.class).hasRootCauseInstanceOf(IllegalArgumentException.class);
+		assertThatExceptionOfType(BeanCreationException.class)
+				.isThrownBy(() -> this.spring.register(FeaturePolicyInvalidConfig.class).autowire())
+				.withRootCauseInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurerTests.java
index 45bf708553..c960699756 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurerTests.java
@@ -36,7 +36,7 @@ import org.springframework.security.web.authentication.logout.LogoutSuccessHandl
 import org.springframework.security.web.util.matcher.RequestMatcher;
 import org.springframework.test.web.servlet.MockMvc;
 
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.spy;
@@ -66,26 +66,30 @@ public class LogoutConfigurerTests {
 
 	@Test
 	public void configureWhenDefaultLogoutSuccessHandlerForHasNullLogoutHandlerThenException() {
-		assertThatThrownBy(() -> this.spring.register(NullLogoutSuccessHandlerConfig.class).autowire())
-				.isInstanceOf(BeanCreationException.class).hasRootCauseInstanceOf(IllegalArgumentException.class);
+		assertThatExceptionOfType(BeanCreationException.class)
+				.isThrownBy(() -> this.spring.register(NullLogoutSuccessHandlerConfig.class).autowire())
+				.withRootCauseInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
 	public void configureWhenDefaultLogoutSuccessHandlerForHasNullLogoutHandlerInLambdaThenException() {
-		assertThatThrownBy(() -> this.spring.register(NullLogoutSuccessHandlerInLambdaConfig.class).autowire())
-				.isInstanceOf(BeanCreationException.class).hasRootCauseInstanceOf(IllegalArgumentException.class);
+		assertThatExceptionOfType(BeanCreationException.class)
+				.isThrownBy(() -> this.spring.register(NullLogoutSuccessHandlerInLambdaConfig.class).autowire())
+				.withRootCauseInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
 	public void configureWhenDefaultLogoutSuccessHandlerForHasNullMatcherThenException() {
-		assertThatThrownBy(() -> this.spring.register(NullMatcherConfig.class).autowire())
-				.isInstanceOf(BeanCreationException.class).hasRootCauseInstanceOf(IllegalArgumentException.class);
+		assertThatExceptionOfType(BeanCreationException.class)
+				.isThrownBy(() -> this.spring.register(NullMatcherConfig.class).autowire())
+				.withRootCauseInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
 	public void configureWhenDefaultLogoutSuccessHandlerForHasNullMatcherInLambdaThenException() {
-		assertThatThrownBy(() -> this.spring.register(NullMatcherInLambdaConfig.class).autowire())
-				.isInstanceOf(BeanCreationException.class).hasRootCauseInstanceOf(IllegalArgumentException.class);
+		assertThatExceptionOfType(BeanCreationException.class)
+				.isThrownBy(() -> this.spring.register(NullMatcherInLambdaConfig.class).autowire())
+				.withRootCauseInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
@@ -161,14 +165,16 @@ public class LogoutConfigurerTests {
 	// SEC-3170
 	@Test
 	public void configureWhenLogoutHandlerNullThenException() {
-		assertThatThrownBy(() -> this.spring.register(NullLogoutHandlerConfig.class).autowire())
-				.isInstanceOf(BeanCreationException.class).hasRootCauseInstanceOf(IllegalArgumentException.class);
+		assertThatExceptionOfType(BeanCreationException.class)
+				.isThrownBy(() -> this.spring.register(NullLogoutHandlerConfig.class).autowire())
+				.withRootCauseInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
 	public void configureWhenLogoutHandlerNullInLambdaThenException() {
-		assertThatThrownBy(() -> this.spring.register(NullLogoutHandlerInLambdaConfig.class).autowire())
-				.isInstanceOf(BeanCreationException.class).hasRootCauseInstanceOf(IllegalArgumentException.class);
+		assertThatExceptionOfType(BeanCreationException.class)
+				.isThrownBy(() -> this.spring.register(NullLogoutHandlerInLambdaConfig.class).autowire())
+				.withRootCauseInstanceOf(IllegalArgumentException.class);
 	}
 
 	// SEC-3170
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFirewallTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFirewallTests.java
index 3802251c4d..61b7b91598 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFirewallTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFirewallTests.java
@@ -33,7 +33,7 @@ import org.springframework.security.web.firewall.HttpFirewall;
 import org.springframework.security.web.firewall.RequestRejectedException;
 import org.springframework.test.web.servlet.MockMvc;
 
-import static org.assertj.core.api.Assertions.assertThatCode;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 
 /**
@@ -54,21 +54,22 @@ public class NamespaceHttpFirewallTests {
 	@Test
 	public void requestWhenPathContainsDoubleDotsThenBehaviorMatchesNamespace() {
 		this.rule.register(HttpFirewallConfig.class).autowire();
-		assertThatCode(() -> this.mvc.perform(get("/public/../private/"))).isInstanceOf(RequestRejectedException.class);
+		assertThatExceptionOfType(RequestRejectedException.class)
+				.isThrownBy(() -> this.mvc.perform(get("/public/../private/")));
 	}
 
 	@Test
 	public void requestWithCustomFirewallThenBehaviorMatchesNamespace() {
 		this.rule.register(CustomHttpFirewallConfig.class).autowire();
-		assertThatCode(() -> this.mvc.perform(get("/").param("deny", "true")))
-				.isInstanceOf(RequestRejectedException.class);
+		assertThatExceptionOfType(RequestRejectedException.class)
+				.isThrownBy(() -> this.mvc.perform(get("/").param("deny", "true")));
 	}
 
 	@Test
 	public void requestWithCustomFirewallBeanThenBehaviorMatchesNamespace() {
 		this.rule.register(CustomHttpFirewallBeanConfig.class).autowire();
-		assertThatCode(() -> this.mvc.perform(get("/").param("deny", "true")))
-				.isInstanceOf(RequestRejectedException.class);
+		assertThatExceptionOfType(RequestRejectedException.class)
+				.isThrownBy(() -> this.mvc.perform(get("/").param("deny", "true")));
 	}
 
 	@EnableWebSecurity
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/PermitAllSupportTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/PermitAllSupportTests.java
index ce7a15b331..79d4d121dc 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/PermitAllSupportTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/PermitAllSupportTests.java
@@ -27,7 +27,7 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
 import org.springframework.security.config.test.SpringTestRule;
 import org.springframework.test.web.servlet.MockMvc;
 
-import static org.assertj.core.api.Assertions.assertThatCode;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
@@ -57,9 +57,9 @@ public class PermitAllSupportTests {
 
 	@Test
 	public void configureWhenNotAuthorizeRequestsThenException() {
-		assertThatCode(() -> this.spring.register(NoAuthorizedUrlsConfig.class).autowire())
-				.isInstanceOf(BeanCreationException.class)
-				.hasMessageContaining("permitAll only works with HttpSecurity.authorizeRequests");
+		assertThatExceptionOfType(BeanCreationException.class)
+				.isThrownBy(() -> this.spring.register(NoAuthorizedUrlsConfig.class).autowire())
+				.withMessageContaining("permitAll only works with HttpSecurity.authorizeRequests");
 	}
 
 	@EnableWebSecurity
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurerTests.java
index 54bc6ee582..b64e772290 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurerTests.java
@@ -47,7 +47,8 @@ import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.test.web.servlet.MvcResult;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+import static org.assertj.core.api.Assertions.assertThatIllegalStateException;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyString;
 import static org.mockito.BDDMockito.given;
@@ -81,8 +82,10 @@ public class RememberMeConfigurerTests {
 	@Test
 	public void postWhenNoUserDetailsServiceThenException() {
 		this.spring.register(NullUserDetailsConfig.class).autowire();
-		assertThatThrownBy(() -> this.mvc.perform(post("/login").param("username", "user").param("password", "password")
-				.param("remember-me", "true").with(csrf()))).hasMessageContaining("UserDetailsService is required");
+		assertThatIllegalStateException()
+				.isThrownBy(() -> this.mvc.perform(post("/login").param("username", "user")
+						.param("password", "password").param("remember-me", "true").with(csrf())))
+				.withMessageContaining("UserDetailsService is required");
 	}
 
 	@Test
@@ -168,9 +171,11 @@ public class RememberMeConfigurerTests {
 
 	@Test
 	public void configureWhenRememberMeCookieNameAndRememberMeServicesThenException() {
-		assertThatThrownBy(() -> this.spring.register(RememberMeCookieNameAndRememberMeServicesConfig.class).autowire())
-				.isInstanceOf(BeanCreationException.class).hasRootCauseInstanceOf(IllegalArgumentException.class)
-				.hasMessageContaining("Can not set rememberMeCookieName and custom rememberMeServices.");
+		assertThatExceptionOfType(BeanCreationException.class)
+				.isThrownBy(
+						() -> this.spring.register(RememberMeCookieNameAndRememberMeServicesConfig.class).autowire())
+				.withRootCauseInstanceOf(IllegalArgumentException.class)
+				.withMessageContaining("Can not set rememberMeCookieName and custom rememberMeServices.");
 	}
 
 	@Test
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurerTests.java
index 6845659dce..09bbc43e6c 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurerTests.java
@@ -29,6 +29,7 @@ import org.junit.Before;
 import org.junit.Rule;
 import org.junit.Test;
 
+import org.springframework.beans.factory.BeanCreationException;
 import org.springframework.beans.factory.NoUniqueBeanDefinitionException;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.ApplicationListener;
@@ -91,7 +92,7 @@ import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.web.context.support.AnnotationConfigWebApplicationContext;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
@@ -479,9 +480,10 @@ public class OAuth2LoginConfigurerTests {
 
 	@Test
 	public void oidcLoginCustomWithNoUniqueJwtDecoderFactory() {
-		assertThatThrownBy(() -> loadConfig(OAuth2LoginConfig.class, NoUniqueJwtDecoderFactoryConfig.class))
-				.hasRootCauseInstanceOf(NoUniqueBeanDefinitionException.class)
-				.hasMessageContaining("No qualifying bean of type "
+		assertThatExceptionOfType(BeanCreationException.class)
+				.isThrownBy(() -> loadConfig(OAuth2LoginConfig.class, NoUniqueJwtDecoderFactoryConfig.class))
+				.withRootCauseInstanceOf(NoUniqueBeanDefinitionException.class)
+				.withMessageContaining("No qualifying bean of type "
 						+ "'org.springframework.security.oauth2.jwt.JwtDecoderFactory<org.springframework.security.oauth2.client.registration.ClientRegistration>' "
 						+ "available: expected single matching bean but found 2: jwtDecoderFactory1,jwtDecoderFactory2");
 	}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java
index 47540c3e06..5709642668 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java
@@ -133,7 +133,8 @@ import org.springframework.web.client.RestOperations;
 import org.springframework.web.context.support.GenericWebApplicationContext;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatCode;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.hamcrest.CoreMatchers.containsString;
 import static org.hamcrest.CoreMatchers.startsWith;
 import static org.mockito.ArgumentMatchers.any;
@@ -565,9 +566,10 @@ public class OAuth2ResourceServerConfigurerTests {
 
 	@Test
 	public void getBearerTokenResolverWhenDuplicateResolverBeansThenWiringException() {
-		assertThatCode(() -> this.spring.register(MultipleBearerTokenResolverBeansConfig.class, JwtDecoderConfig.class)
-				.autowire()).isInstanceOf(BeanCreationException.class)
-						.hasRootCauseInstanceOf(NoUniqueBeanDefinitionException.class);
+		assertThatExceptionOfType(BeanCreationException.class)
+				.isThrownBy(() -> this.spring
+						.register(MultipleBearerTokenResolverBeansConfig.class, JwtDecoderConfig.class).autowire())
+				.withRootCauseInstanceOf(NoUniqueBeanDefinitionException.class);
 	}
 
 	@Test
@@ -675,7 +677,8 @@ public class OAuth2ResourceServerConfigurerTests {
 		context.registerBean("decoderTwo", JwtDecoder.class, () -> decoder);
 		this.spring.context(context).autowire();
 		OAuth2ResourceServerConfigurer.JwtConfigurer jwtConfigurer = new OAuth2ResourceServerConfigurer(context).jwt();
-		assertThatCode(() -> jwtConfigurer.getJwtDecoder()).isInstanceOf(NoUniqueBeanDefinitionException.class);
+		assertThatExceptionOfType(NoUniqueBeanDefinitionException.class)
+				.isThrownBy(() -> jwtConfigurer.getJwtDecoder());
 	}
 
 	@Test
@@ -701,14 +704,14 @@ public class OAuth2ResourceServerConfigurerTests {
 	public void authenticationEntryPointWhenGivenNullThenThrowsException() {
 		ApplicationContext context = mock(ApplicationContext.class);
 		OAuth2ResourceServerConfigurer configurer = new OAuth2ResourceServerConfigurer(context);
-		assertThatCode(() -> configurer.authenticationEntryPoint(null)).isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> configurer.authenticationEntryPoint(null));
 	}
 
 	@Test
 	public void accessDeniedHandlerWhenGivenNullThenThrowsException() {
 		ApplicationContext context = mock(ApplicationContext.class);
 		OAuth2ResourceServerConfigurer configurer = new OAuth2ResourceServerConfigurer(context);
-		assertThatCode(() -> configurer.accessDeniedHandler(null)).isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> configurer.accessDeniedHandler(null));
 	}
 
 	@Test
@@ -862,8 +865,8 @@ public class OAuth2ResourceServerConfigurerTests {
 
 	@Test
 	public void configureWhenOnlyIntrospectionUrlThenException() {
-		assertThatCode(() -> this.spring.register(OpaqueTokenHalfConfiguredConfig.class).autowire())
-				.isInstanceOf(BeanCreationException.class);
+		assertThatExceptionOfType(BeanCreationException.class)
+				.isThrownBy(() -> this.spring.register(OpaqueTokenHalfConfiguredConfig.class).autowire());
 	}
 
 	@Test
@@ -991,27 +994,30 @@ public class OAuth2ResourceServerConfigurerTests {
 
 	@Test
 	public void configuredWhenMissingJwtAuthenticationProviderThenWiringException() {
-		assertThatCode(() -> this.spring.register(JwtlessConfig.class).autowire())
-				.isInstanceOf(BeanCreationException.class).hasMessageContaining("neither was found");
+		assertThatExceptionOfType(BeanCreationException.class)
+				.isThrownBy(() -> this.spring.register(JwtlessConfig.class).autowire())
+				.withMessageContaining("neither was found");
 	}
 
 	@Test
 	public void configureWhenMissingJwkSetUriThenWiringException() {
-		assertThatCode(() -> this.spring.register(JwtHalfConfiguredConfig.class).autowire())
-				.isInstanceOf(BeanCreationException.class).hasMessageContaining("No qualifying bean of type");
+		assertThatExceptionOfType(BeanCreationException.class)
+				.isThrownBy(() -> this.spring.register(JwtHalfConfiguredConfig.class).autowire())
+				.withMessageContaining("No qualifying bean of type");
 	}
 
 	@Test
 	public void configureWhenUsingBothJwtAndOpaqueThenWiringException() {
-		assertThatCode(() -> this.spring.register(OpaqueAndJwtConfig.class).autowire())
-				.isInstanceOf(BeanCreationException.class)
-				.hasMessageContaining("Spring Security only supports JWTs or Opaque Tokens");
+		assertThatExceptionOfType(BeanCreationException.class)
+				.isThrownBy(() -> this.spring.register(OpaqueAndJwtConfig.class).autowire())
+				.withMessageContaining("Spring Security only supports JWTs or Opaque Tokens");
 	}
 
 	@Test
 	public void configureWhenUsingBothAuthenticationManagerResolverAndOpaqueThenWiringException() {
-		assertThatCode(() -> this.spring.register(AuthenticationManagerResolverPlusOtherConfig.class).autowire())
-				.isInstanceOf(BeanCreationException.class).hasMessageContaining("authenticationManagerResolver");
+		assertThatExceptionOfType(BeanCreationException.class)
+				.isThrownBy(() -> this.spring.register(AuthenticationManagerResolverPlusOtherConfig.class).autowire())
+				.withMessageContaining("authenticationManagerResolver");
 	}
 
 	@Test
@@ -1064,8 +1070,8 @@ public class OAuth2ResourceServerConfigurerTests {
 		context.registerBean("converterTwo", JwtAuthenticationConverter.class, () -> converterBean);
 		this.spring.context(context).autowire();
 		OAuth2ResourceServerConfigurer.JwtConfigurer jwtConfigurer = new OAuth2ResourceServerConfigurer(context).jwt();
-		assertThatCode(jwtConfigurer::getJwtAuthenticationConverter)
-				.isInstanceOf(NoUniqueBeanDefinitionException.class);
+		assertThatExceptionOfType(NoUniqueBeanDefinitionException.class)
+				.isThrownBy(jwtConfigurer::getJwtAuthenticationConverter);
 	}
 
 	private static <T> void registerMockBean(GenericApplicationContext context, String name, Class<T> clazz) {
diff --git a/config/src/test/java/org/springframework/security/config/core/userdetails/UserDetailsResourceFactoryBeanTests.java b/config/src/test/java/org/springframework/security/config/core/userdetails/UserDetailsResourceFactoryBeanTests.java
index 223f082498..f3e77d4464 100644
--- a/config/src/test/java/org/springframework/security/config/core/userdetails/UserDetailsResourceFactoryBeanTests.java
+++ b/config/src/test/java/org/springframework/security/config/core/userdetails/UserDetailsResourceFactoryBeanTests.java
@@ -29,7 +29,8 @@ import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.util.InMemoryResource;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
+import static org.assertj.core.api.Assertions.assertThatIllegalStateException;
 
 /**
  * @author Rob Winch
@@ -45,15 +46,15 @@ public class UserDetailsResourceFactoryBeanTests {
 
 	@Test
 	public void setResourceLoaderWhenNullThenThrowsException() {
-		assertThatThrownBy(() -> this.factory.setResourceLoader(null)).isInstanceOf(IllegalArgumentException.class)
-				.hasStackTraceContaining("resourceLoader cannot be null");
+		assertThatIllegalArgumentException().isThrownBy(() -> this.factory.setResourceLoader(null))
+				.withStackTraceContaining("resourceLoader cannot be null");
 	}
 
 	@Test
 	public void getObjectWhenPropertiesResourceLocationNullThenThrowsIllegalStateException() {
 		this.factory.setResourceLoader(this.resourceLoader);
-		assertThatThrownBy(() -> this.factory.getObject()).isInstanceOf(IllegalArgumentException.class)
-				.hasStackTraceContaining("resource cannot be null if resourceLocation is null");
+		assertThatIllegalArgumentException().isThrownBy(() -> this.factory.getObject())
+				.withStackTraceContaining("resource cannot be null if resourceLocation is null");
 	}
 
 	@Test
@@ -72,8 +73,8 @@ public class UserDetailsResourceFactoryBeanTests {
 	@Test
 	public void getObjectWhenInvalidUserThenThrowsMeaningfulException() {
 		this.factory.setResource(new InMemoryResource("user=invalidFormatHere"));
-		assertThatThrownBy(() -> this.factory.getObject()).isInstanceOf(IllegalStateException.class)
-				.hasStackTraceContaining("user").hasStackTraceContaining("invalidFormatHere");
+		assertThatIllegalStateException().isThrownBy(() -> this.factory.getObject()).withStackTraceContaining("user")
+				.withStackTraceContaining("invalidFormatHere");
 	}
 
 	@Test
diff --git a/config/src/test/java/org/springframework/security/config/crypto/RsaKeyConversionServicePostProcessorTests.java b/config/src/test/java/org/springframework/security/config/crypto/RsaKeyConversionServicePostProcessorTests.java
index dfa8399e66..07f30bde9b 100644
--- a/config/src/test/java/org/springframework/security/config/crypto/RsaKeyConversionServicePostProcessorTests.java
+++ b/config/src/test/java/org/springframework/security/config/crypto/RsaKeyConversionServicePostProcessorTests.java
@@ -38,7 +38,7 @@ import org.springframework.security.config.annotation.web.configuration.EnableWe
 import org.springframework.security.config.test.SpringTestRule;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatCode;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 
 /**
  * Tests for {@link RsaKeyConversionServicePostProcessor}
@@ -131,9 +131,9 @@ public class RsaKeyConversionServicePostProcessorTests {
 
 	@Test
 	public void valueWhenOverridingConversionServiceThenUsed() {
-		assertThatCode(
+		assertThatExceptionOfType(Exception.class).isThrownBy(
 				() -> this.spring.register(OverrideConversionServiceConfig.class, DefaultConfig.class).autowire())
-						.hasRootCauseInstanceOf(IllegalArgumentException.class);
+				.withRootCauseInstanceOf(IllegalArgumentException.class);
 	}
 
 	@EnableWebSecurity
diff --git a/config/src/test/java/org/springframework/security/config/http/AccessDeniedConfigTests.java b/config/src/test/java/org/springframework/security/config/http/AccessDeniedConfigTests.java
index 3535309aa8..1344c1b3a5 100644
--- a/config/src/test/java/org/springframework/security/config/http/AccessDeniedConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/AccessDeniedConfigTests.java
@@ -36,7 +36,7 @@ import org.springframework.security.web.access.AccessDeniedHandler;
 import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 import org.springframework.test.web.servlet.MockMvc;
 
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
 
@@ -59,8 +59,8 @@ public class AccessDeniedConfigTests {
 	@Test
 	public void configureWhenAccessDeniedHandlerIsMissingLeadingSlashThenException() {
 		SpringTestContext context = this.spring.configLocations(this.xml("NoLeadingSlash"));
-		assertThatThrownBy(() -> context.autowire()).isInstanceOf(BeanCreationException.class)
-				.hasMessageContaining("errorPage must begin with '/'");
+		assertThatExceptionOfType(BeanCreationException.class).isThrownBy(() -> context.autowire())
+				.withMessageContaining("errorPage must begin with '/'");
 	}
 
 	@Test
@@ -73,8 +73,8 @@ public class AccessDeniedConfigTests {
 	@Test
 	public void configureWhenAccessDeniedHandlerUsesPathAndRefThenException() {
 		SpringTestContext context = this.spring.configLocations(this.xml("UsesPathAndRef"));
-		assertThatThrownBy(() -> context.autowire()).isInstanceOf(BeanDefinitionParsingException.class)
-				.hasMessageContaining("attribute error-page cannot be used together with the 'ref' attribute");
+		assertThatExceptionOfType(BeanDefinitionParsingException.class).isThrownBy(() -> context.autowire())
+				.withMessageContaining("attribute error-page cannot be used together with the 'ref' attribute");
 	}
 
 	private String xml(String configName) {
diff --git a/config/src/test/java/org/springframework/security/config/http/FormLoginConfigTests.java b/config/src/test/java/org/springframework/security/config/http/FormLoginConfigTests.java
index faa60c2bc5..dec1dc1515 100644
--- a/config/src/test/java/org/springframework/security/config/http/FormLoginConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/FormLoginConfigTests.java
@@ -42,7 +42,7 @@ import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RestController;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
@@ -89,14 +89,14 @@ public class FormLoginConfigTests {
 
 	@Test
 	public void autowireWhenLoginPageIsMisconfiguredThenDetects() {
-		assertThatThrownBy(() -> this.spring.configLocations(this.xml("NoLeadingSlashLoginPage")).autowire())
-				.isInstanceOf(BeanCreationException.class);
+		assertThatExceptionOfType(BeanCreationException.class)
+				.isThrownBy(() -> this.spring.configLocations(this.xml("NoLeadingSlashLoginPage")).autowire());
 	}
 
 	@Test
 	public void autowireWhenDefaultTargetUrlIsMisconfiguredThenDetects() {
-		assertThatThrownBy(() -> this.spring.configLocations(this.xml("NoLeadingSlashDefaultTargetUrl")).autowire())
-				.isInstanceOf(BeanCreationException.class);
+		assertThatExceptionOfType(BeanCreationException.class)
+				.isThrownBy(() -> this.spring.configLocations(this.xml("NoLeadingSlashDefaultTargetUrl")).autowire());
 	}
 
 	@Test
diff --git a/config/src/test/java/org/springframework/security/config/http/HttpCorsConfigTests.java b/config/src/test/java/org/springframework/security/config/http/HttpCorsConfigTests.java
index 6f3b20db83..6dcbab2f18 100644
--- a/config/src/test/java/org/springframework/security/config/http/HttpCorsConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/HttpCorsConfigTests.java
@@ -36,7 +36,7 @@ import org.springframework.web.bind.annotation.RestController;
 import org.springframework.web.cors.CorsConfiguration;
 import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
 
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.options;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.header;
@@ -59,8 +59,9 @@ public class HttpCorsConfigTests {
 
 	@Test
 	public void autowireWhenMissingMvcThenGivesInformativeError() {
-		assertThatThrownBy(() -> this.spring.configLocations(this.xml("RequiresMvc")).autowire())
-				.isInstanceOf(BeanCreationException.class).hasMessageContaining(
+		assertThatExceptionOfType(BeanCreationException.class)
+				.isThrownBy(() -> this.spring.configLocations(this.xml("RequiresMvc")).autowire())
+				.withMessageContaining(
 						"Please ensure Spring Security & Spring MVC are configured in a shared ApplicationContext");
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/http/HttpHeadersConfigTests.java b/config/src/test/java/org/springframework/security/config/http/HttpHeadersConfigTests.java
index da112ae731..a8ea026488 100644
--- a/config/src/test/java/org/springframework/security/config/http/HttpHeadersConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/HttpHeadersConfigTests.java
@@ -37,7 +37,7 @@ import org.springframework.test.web.servlet.ResultMatcher;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RestController;
 
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.header;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
@@ -92,9 +92,9 @@ public class HttpHeadersConfigTests {
 
 	@Test
 	public void configureWhenHeadersDisabledHavingChildElementThenAutowireFails() {
-		assertThatThrownBy(() -> this.spring.configLocations(this.xml("HeadersDisabledHavingChildElement")).autowire())
-				.isInstanceOf(BeanDefinitionParsingException.class)
-				.hasMessageContaining("Cannot specify <headers disabled=\"true\"> with child elements");
+		assertThatExceptionOfType(BeanDefinitionParsingException.class)
+				.isThrownBy(() -> this.spring.configLocations(this.xml("HeadersDisabledHavingChildElement")).autowire())
+				.withMessageContaining("Cannot specify <headers disabled=\"true\"> with child elements");
 	}
 
 	@Test
@@ -185,24 +185,20 @@ public class HttpHeadersConfigTests {
 
 	@Test
 	public void configureWhenUsingFrameOptionsAllowFromNoOriginThenAutowireFails() {
-		assertThatThrownBy(() -> this.spring
-				.configLocations(this.xml("DefaultsDisabledWithFrameOptionsAllowFromNoOrigin")).autowire())
-						.isInstanceOf(BeanDefinitionParsingException.class)
-						.hasMessageContaining("Strategy requires a 'value' to be set."); // FIXME
-																							// better
-																							// error
-																							// message?
+		assertThatExceptionOfType(BeanDefinitionParsingException.class)
+				.isThrownBy(() -> this.spring
+						.configLocations(this.xml("DefaultsDisabledWithFrameOptionsAllowFromNoOrigin")).autowire())
+				.withMessageContaining("Strategy requires a 'value' to be set.");
+		// FIXME better error message?
 	}
 
 	@Test
 	public void configureWhenUsingFrameOptionsAllowFromBlankOriginThenAutowireFails() {
-		assertThatThrownBy(() -> this.spring
-				.configLocations(this.xml("DefaultsDisabledWithFrameOptionsAllowFromBlankOrigin")).autowire())
-						.isInstanceOf(BeanDefinitionParsingException.class)
-						.hasMessageContaining("Strategy requires a 'value' to be set."); // FIXME
-																							// better
-																							// error
-																							// message?
+		assertThatExceptionOfType(BeanDefinitionParsingException.class)
+				.isThrownBy(() -> this.spring
+						.configLocations(this.xml("DefaultsDisabledWithFrameOptionsAllowFromBlankOrigin")).autowire())
+				.withMessageContaining("Strategy requires a 'value' to be set.");
+		// FIXME better error message?
 	}
 
 	@Test
@@ -243,15 +239,14 @@ public class HttpHeadersConfigTests {
 
 	@Test
 	public void configureWhenUsingCustomHeaderNameOnlyThenAutowireFails() {
-		assertThatThrownBy(() -> this.spring.configLocations(this.xml("DefaultsDisabledWithOnlyHeaderName")).autowire())
-				.isInstanceOf(BeanCreationException.class);
+		assertThatExceptionOfType(BeanCreationException.class).isThrownBy(
+				() -> this.spring.configLocations(this.xml("DefaultsDisabledWithOnlyHeaderName")).autowire());
 	}
 
 	@Test
 	public void configureWhenUsingCustomHeaderValueOnlyThenAutowireFails() {
-		assertThatThrownBy(
-				() -> this.spring.configLocations(this.xml("DefaultsDisabledWithOnlyHeaderValue")).autowire())
-						.isInstanceOf(BeanCreationException.class);
+		assertThatExceptionOfType(BeanCreationException.class).isThrownBy(
+				() -> this.spring.configLocations(this.xml("DefaultsDisabledWithOnlyHeaderValue")).autowire());
 	}
 
 	@Test
@@ -283,10 +278,10 @@ public class HttpHeadersConfigTests {
 
 	@Test
 	public void configureWhenXssProtectionDisabledAndBlockSetThenAutowireFails() {
-		assertThatThrownBy(() -> this.spring
-				.configLocations(this.xml("DefaultsDisabledWithXssProtectionDisabledAndBlockSet")).autowire())
-						.isInstanceOf(BeanCreationException.class)
-						.hasMessageContaining("Cannot set block to true with enabled false");
+		assertThatExceptionOfType(BeanCreationException.class)
+				.isThrownBy(() -> this.spring
+						.configLocations(this.xml("DefaultsDisabledWithXssProtectionDisabledAndBlockSet")).autowire())
+				.withMessageContaining("Cannot set block to true with enabled false");
 	}
 
 	@Test
@@ -326,16 +321,16 @@ public class HttpHeadersConfigTests {
 
 	@Test
 	public void configureWhenUsingHpkpWithoutPinsThenAutowireFails() {
-		assertThatThrownBy(() -> this.spring.configLocations(this.xml("DefaultsDisabledWithEmptyHpkp")).autowire())
-				.isInstanceOf(XmlBeanDefinitionStoreException.class)
-				.hasMessageContaining("The content of element 'hpkp' is not complete");
+		assertThatExceptionOfType(XmlBeanDefinitionStoreException.class)
+				.isThrownBy(() -> this.spring.configLocations(this.xml("DefaultsDisabledWithEmptyHpkp")).autowire())
+				.withMessageContaining("The content of element 'hpkp' is not complete");
 	}
 
 	@Test
 	public void configureWhenUsingHpkpWithEmptyPinsThenAutowireFails() {
-		assertThatThrownBy(() -> this.spring.configLocations(this.xml("DefaultsDisabledWithEmptyPins")).autowire())
-				.isInstanceOf(XmlBeanDefinitionStoreException.class)
-				.hasMessageContaining("The content of element 'pins' is not complete");
+		assertThatExceptionOfType(XmlBeanDefinitionStoreException.class)
+				.isThrownBy(() -> this.spring.configLocations(this.xml("DefaultsDisabledWithEmptyPins")).autowire())
+				.withMessageContaining("The content of element 'pins' is not complete");
 	}
 
 	@Test
@@ -452,42 +447,47 @@ public class HttpHeadersConfigTests {
 
 	@Test
 	public void configureWhenHstsDisabledAndIncludeSubdomainsSpecifiedThenAutowireFails() {
-		assertThatThrownBy(
+		assertThatExceptionOfType(BeanDefinitionParsingException.class).isThrownBy(
 				() -> this.spring.configLocations(this.xml("HstsDisabledSpecifyingIncludeSubdomains")).autowire())
-						.isInstanceOf(BeanDefinitionParsingException.class).hasMessageContaining("include-subdomains");
+				.withMessageContaining("include-subdomains");
 	}
 
 	@Test
 	public void configureWhenHstsDisabledAndMaxAgeSpecifiedThenAutowireFails() {
-		assertThatThrownBy(() -> this.spring.configLocations(this.xml("HstsDisabledSpecifyingMaxAge")).autowire())
-				.isInstanceOf(BeanDefinitionParsingException.class).hasMessageContaining("max-age");
+		assertThatExceptionOfType(BeanDefinitionParsingException.class)
+				.isThrownBy(() -> this.spring.configLocations(this.xml("HstsDisabledSpecifyingMaxAge")).autowire())
+				.withMessageContaining("max-age");
 	}
 
 	@Test
 	public void configureWhenHstsDisabledAndRequestMatcherSpecifiedThenAutowireFails() {
-		assertThatThrownBy(
-				() -> this.spring.configLocations(this.xml("HstsDisabledSpecifyingRequestMatcher")).autowire())
-						.isInstanceOf(BeanDefinitionParsingException.class).hasMessageContaining("request-matcher-ref");
+		assertThatExceptionOfType(BeanDefinitionParsingException.class)
+				.isThrownBy(
+						() -> this.spring.configLocations(this.xml("HstsDisabledSpecifyingRequestMatcher")).autowire())
+				.withMessageContaining("request-matcher-ref");
 	}
 
 	@Test
 	public void configureWhenXssProtectionDisabledAndEnabledThenAutowireFails() {
-		assertThatThrownBy(() -> this.spring.configLocations(this.xml("XssProtectionDisabledAndEnabled")).autowire())
-				.isInstanceOf(BeanDefinitionParsingException.class).hasMessageContaining("enabled");
+		assertThatExceptionOfType(BeanDefinitionParsingException.class)
+				.isThrownBy(() -> this.spring.configLocations(this.xml("XssProtectionDisabledAndEnabled")).autowire())
+				.withMessageContaining("enabled");
 	}
 
 	@Test
 	public void configureWhenXssProtectionDisabledAndBlockSpecifiedThenAutowireFails() {
-		assertThatThrownBy(
-				() -> this.spring.configLocations(this.xml("XssProtectionDisabledSpecifyingBlock")).autowire())
-						.isInstanceOf(BeanDefinitionParsingException.class).hasMessageContaining("block");
+		assertThatExceptionOfType(BeanDefinitionParsingException.class)
+				.isThrownBy(
+						() -> this.spring.configLocations(this.xml("XssProtectionDisabledSpecifyingBlock")).autowire())
+				.withMessageContaining("block");
 	}
 
 	@Test
 	public void configureWhenFrameOptionsDisabledAndPolicySpecifiedThenAutowireFails() {
-		assertThatThrownBy(
-				() -> this.spring.configLocations(this.xml("FrameOptionsDisabledSpecifyingPolicy")).autowire())
-						.isInstanceOf(BeanDefinitionParsingException.class).hasMessageContaining("policy");
+		assertThatExceptionOfType(BeanDefinitionParsingException.class)
+				.isThrownBy(
+						() -> this.spring.configLocations(this.xml("FrameOptionsDisabledSpecifyingPolicy")).autowire())
+				.withMessageContaining("policy");
 	}
 
 	@Test
@@ -514,9 +514,8 @@ public class HttpHeadersConfigTests {
 
 	@Test
 	public void configureWhenContentSecurityPolicyConfiguredWithEmptyDirectivesThenAutowireFails() {
-		assertThatThrownBy(
-				() -> this.spring.configLocations(this.xml("ContentSecurityPolicyWithEmptyDirectives")).autowire())
-						.isInstanceOf(BeanDefinitionParsingException.class);
+		assertThatExceptionOfType(BeanDefinitionParsingException.class).isThrownBy(
+				() -> this.spring.configLocations(this.xml("ContentSecurityPolicyWithEmptyDirectives")).autowire());
 	}
 
 	@Test
diff --git a/config/src/test/java/org/springframework/security/config/http/InterceptUrlConfigTests.java b/config/src/test/java/org/springframework/security/config/http/InterceptUrlConfigTests.java
index 1b7d40c339..4985cd0cc6 100644
--- a/config/src/test/java/org/springframework/security/config/http/InterceptUrlConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/InterceptUrlConfigTests.java
@@ -35,7 +35,7 @@ import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 import org.springframework.web.context.ConfigurableWebApplicationContext;
 
-import static org.assertj.core.api.Assertions.assertThatCode;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.spy;
@@ -151,26 +151,26 @@ public class InterceptUrlConfigTests {
 
 	@Test
 	public void configureWhenUsingAntMatcherAndServletPathThenThrowsException() {
-		assertThatCode(() -> this.spring.configLocations(this.xml("AntMatcherServletPath")).autowire())
-				.isInstanceOf(BeanDefinitionParsingException.class);
+		assertThatExceptionOfType(BeanDefinitionParsingException.class)
+				.isThrownBy(() -> this.spring.configLocations(this.xml("AntMatcherServletPath")).autowire());
 	}
 
 	@Test
 	public void configureWhenUsingRegexMatcherAndServletPathThenThrowsException() {
-		assertThatCode(() -> this.spring.configLocations(this.xml("RegexMatcherServletPath")).autowire())
-				.isInstanceOf(BeanDefinitionParsingException.class);
+		assertThatExceptionOfType(BeanDefinitionParsingException.class)
+				.isThrownBy(() -> this.spring.configLocations(this.xml("RegexMatcherServletPath")).autowire());
 	}
 
 	@Test
 	public void configureWhenUsingCiRegexMatcherAndServletPathThenThrowsException() {
-		assertThatCode(() -> this.spring.configLocations(this.xml("CiRegexMatcherServletPath")).autowire())
-				.isInstanceOf(BeanDefinitionParsingException.class);
+		assertThatExceptionOfType(BeanDefinitionParsingException.class)
+				.isThrownBy(() -> this.spring.configLocations(this.xml("CiRegexMatcherServletPath")).autowire());
 	}
 
 	@Test
 	public void configureWhenUsingDefaultMatcherAndServletPathThenThrowsException() {
-		assertThatCode(() -> this.spring.configLocations(this.xml("DefaultMatcherServletPath")).autowire())
-				.isInstanceOf(BeanDefinitionParsingException.class);
+		assertThatExceptionOfType(BeanDefinitionParsingException.class)
+				.isThrownBy(() -> this.spring.configLocations(this.xml("DefaultMatcherServletPath")).autowire());
 	}
 
 	private MockServletContext mockServletContext(String servletPath) {
diff --git a/config/src/test/java/org/springframework/security/config/http/MiscHttpConfigTests.java b/config/src/test/java/org/springframework/security/config/http/MiscHttpConfigTests.java
index 1438a39056..de7537b92f 100644
--- a/config/src/test/java/org/springframework/security/config/http/MiscHttpConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/MiscHttpConfigTests.java
@@ -111,7 +111,7 @@ import org.springframework.web.bind.annotation.RestController;
 import org.springframework.web.context.support.XmlWebApplicationContext;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatCode;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.BDDMockito.willAnswer;
@@ -296,8 +296,8 @@ public class MiscHttpConfigTests {
 
 	@Test
 	public void configureWhenTwoFiltersWithSameOrderThenException() {
-		assertThatCode(() -> this.spring.configLocations(xml("CollidingFilters")).autowire())
-				.isInstanceOf(BeanDefinitionParsingException.class);
+		assertThatExceptionOfType(BeanDefinitionParsingException.class)
+				.isThrownBy(() -> this.spring.configLocations(xml("CollidingFilters")).autowire());
 	}
 
 	@Test
@@ -319,8 +319,8 @@ public class MiscHttpConfigTests {
 
 	@Test
 	public void configureWhenUsingInvalidLogoutSuccessUrlThenThrowsException() {
-		assertThatCode(() -> this.spring.configLocations(xml("InvalidLogoutSuccessUrl")).autowire())
-				.isInstanceOf(BeanCreationException.class);
+		assertThatExceptionOfType(BeanCreationException.class)
+				.isThrownBy(() -> this.spring.configLocations(xml("InvalidLogoutSuccessUrl")).autowire());
 	}
 
 	@Test
@@ -432,9 +432,8 @@ public class MiscHttpConfigTests {
 
 	@Test
 	public void configureWhenUserDetailsServiceInParentContextThenLocatesSuccessfully() {
-		assertThatCode(
-				() -> this.spring.configLocations(MiscHttpConfigTests.xml("MissingUserDetailsService")).autowire())
-						.isInstanceOf(BeansException.class);
+		assertThatExceptionOfType(BeansException.class).isThrownBy(
+				() -> this.spring.configLocations(MiscHttpConfigTests.xml("MissingUserDetailsService")).autowire());
 		try (XmlWebApplicationContext parent = new XmlWebApplicationContext()) {
 			parent.setConfigLocations(MiscHttpConfigTests.xml("AutoConfig"));
 			parent.refresh();
diff --git a/config/src/test/java/org/springframework/security/config/http/MultiHttpBlockConfigTests.java b/config/src/test/java/org/springframework/security/config/http/MultiHttpBlockConfigTests.java
index 4c19f1d5d2..07ddc0303c 100644
--- a/config/src/test/java/org/springframework/security/config/http/MultiHttpBlockConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/MultiHttpBlockConfigTests.java
@@ -27,7 +27,7 @@ import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
 import org.springframework.web.bind.annotation.GetMapping;
 
-import static org.assertj.core.api.Assertions.assertThatCode;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.httpBasic;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
@@ -61,14 +61,16 @@ public class MultiHttpBlockConfigTests {
 
 	@Test
 	public void configureWhenUsingDuplicateHttpElementsThenThrowsWiringException() {
-		assertThatCode(() -> this.spring.configLocations(this.xml("IdenticalHttpElements")).autowire())
-				.isInstanceOf(BeanCreationException.class).hasCauseInstanceOf(IllegalArgumentException.class);
+		assertThatExceptionOfType(BeanCreationException.class)
+				.isThrownBy(() -> this.spring.configLocations(this.xml("IdenticalHttpElements")).autowire())
+				.withCauseInstanceOf(IllegalArgumentException.class);
 	}
 
 	@Test
 	public void configureWhenUsingIndenticallyPatternedHttpElementsThenThrowsWiringException() {
-		assertThatCode(() -> this.spring.configLocations(this.xml("IdenticallyPatternedHttpElements")).autowire())
-				.isInstanceOf(BeanCreationException.class).hasCauseInstanceOf(IllegalArgumentException.class);
+		assertThatExceptionOfType(BeanCreationException.class)
+				.isThrownBy(() -> this.spring.configLocations(this.xml("IdenticallyPatternedHttpElements")).autowire())
+				.withCauseInstanceOf(IllegalArgumentException.class);
 	}
 
 	/**
diff --git a/config/src/test/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParserTests.java
index 9ba660ea3a..84a77ed204 100644
--- a/config/src/test/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParserTests.java
@@ -96,8 +96,7 @@ import org.springframework.util.MultiValueMap;
 import org.springframework.web.client.RestOperations;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatCode;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.hamcrest.CoreMatchers.containsString;
 import static org.hamcrest.CoreMatchers.startsWith;
 import static org.mockito.ArgumentMatchers.any;
@@ -436,8 +435,8 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 
 	@Test
 	public void configureWhenDecoderAndJwkSetUriThenException() {
-		assertThatThrownBy(() -> this.spring.configLocations(xml("JwtDecoderAndJwkSetUri")).autowire())
-				.isInstanceOf(BeanDefinitionParsingException.class);
+		assertThatExceptionOfType(BeanDefinitionParsingException.class)
+				.isThrownBy(() -> this.spring.configLocations(xml("JwtDecoderAndJwkSetUri")).autowire());
 	}
 
 	@Test
@@ -554,14 +553,14 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 
 	@Test
 	public void configureWhenOnlyIntrospectionUrlThenException() {
-		assertThatCode(() -> this.spring.configLocations(xml("OpaqueTokenHalfConfigured")).autowire())
-				.isInstanceOf(BeanDefinitionParsingException.class);
+		assertThatExceptionOfType(BeanDefinitionParsingException.class)
+				.isThrownBy(() -> this.spring.configLocations(xml("OpaqueTokenHalfConfigured")).autowire());
 	}
 
 	@Test
 	public void configureWhenIntrospectorAndIntrospectionUriThenError() {
-		assertThatCode(() -> this.spring.configLocations(xml("OpaqueTokenAndIntrospectionUri")).autowire())
-				.isInstanceOf(BeanDefinitionParsingException.class);
+		assertThatExceptionOfType(BeanDefinitionParsingException.class)
+				.isThrownBy(() -> this.spring.configLocations(xml("OpaqueTokenAndIntrospectionUri")).autowire());
 	}
 
 	@Test
@@ -642,22 +641,23 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 
 	@Test
 	public void configuredWhenMissingJwtAuthenticationProviderThenWiringException() {
-		assertThatCode(() -> this.spring.configLocations(xml("Jwtless")).autowire())
-				.isInstanceOf(BeanDefinitionParsingException.class).hasMessageContaining("Please select one");
+		assertThatExceptionOfType(BeanDefinitionParsingException.class)
+				.isThrownBy(() -> this.spring.configLocations(xml("Jwtless")).autowire())
+				.withMessageContaining("Please select one");
 	}
 
 	@Test
 	public void configureWhenMissingJwkSetUriThenWiringException() {
-		assertThatCode(() -> this.spring.configLocations(xml("JwtHalfConfigured")).autowire())
-				.isInstanceOf(BeanDefinitionParsingException.class).hasMessageContaining("Please specify either");
+		assertThatExceptionOfType(BeanDefinitionParsingException.class)
+				.isThrownBy(() -> this.spring.configLocations(xml("JwtHalfConfigured")).autowire())
+				.withMessageContaining("Please specify either");
 	}
 
 	@Test
 	public void configureWhenUsingBothAuthenticationManagerResolverAndJwtThenException() {
-		assertThatCode(
+		assertThatExceptionOfType(BeanDefinitionParsingException.class).isThrownBy(
 				() -> this.spring.configLocations(xml("AuthenticationManagerResolverPlusOtherConfig")).autowire())
-						.isInstanceOf(BeanDefinitionParsingException.class)
-						.hasMessageContaining("authentication-manager-resolver-ref");
+				.withMessageContaining("authentication-manager-resolver-ref");
 	}
 
 	@Test
diff --git a/config/src/test/java/org/springframework/security/config/http/OpenIDConfigTests.java b/config/src/test/java/org/springframework/security/config/http/OpenIDConfigTests.java
index 7017e60822..904b3e6a28 100644
--- a/config/src/test/java/org/springframework/security/config/http/OpenIDConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/OpenIDConfigTests.java
@@ -44,7 +44,7 @@ import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RestController;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatCode;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.hamcrest.CoreMatchers.containsString;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyString;
@@ -92,8 +92,8 @@ public class OpenIDConfigTests {
 
 	@Test
 	public void configureWhenOpenIDAndFormLoginBothConfigureLoginPagesThenWiringException() {
-		assertThatCode(() -> this.spring.configLocations(this.xml("WithFormLoginAndOpenIDLoginPages")).autowire())
-				.isInstanceOf(BeanDefinitionParsingException.class);
+		assertThatExceptionOfType(BeanDefinitionParsingException.class)
+				.isThrownBy(() -> this.spring.configLocations(this.xml("WithFormLoginAndOpenIDLoginPages")).autowire());
 	}
 
 	@Test
diff --git a/config/src/test/java/org/springframework/security/config/http/RememberMeConfigTests.java b/config/src/test/java/org/springframework/security/config/http/RememberMeConfigTests.java
index 46fc53c570..d0067d06c9 100644
--- a/config/src/test/java/org/springframework/security/config/http/RememberMeConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/RememberMeConfigTests.java
@@ -41,7 +41,7 @@ import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RestController;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatCode;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.atLeastOnce;
 import static org.mockito.Mockito.verify;
@@ -155,8 +155,8 @@ public class RememberMeConfigTests {
 
 	@Test
 	public void configureWhenUsingDataSourceAndANegativeTokenValidityThenThrowsWiringException() {
-		assertThatCode(() -> this.spring.configLocations(this.xml("NegativeTokenValidityWithDataSource")).autowire())
-				.isInstanceOf(FatalBeanException.class);
+		assertThatExceptionOfType(FatalBeanException.class).isThrownBy(
+				() -> this.spring.configLocations(this.xml("NegativeTokenValidityWithDataSource")).autowire());
 	}
 
 	@Test
@@ -186,9 +186,8 @@ public class RememberMeConfigTests {
 
 	@Test
 	public void configureWhenUsingPersistentTokenRepositoryAndANegativeTokenValidityThenThrowsWiringException() {
-		assertThatCode(
-				() -> this.spring.configLocations(this.xml("NegativeTokenValidityWithPersistentRepository")).autowire())
-						.isInstanceOf(BeanDefinitionParsingException.class);
+		assertThatExceptionOfType(BeanDefinitionParsingException.class).isThrownBy(() -> this.spring
+				.configLocations(this.xml("NegativeTokenValidityWithPersistentRepository")).autowire());
 	}
 
 	@Test
@@ -231,8 +230,8 @@ public class RememberMeConfigTests {
 
 	@Test
 	public void configureWhenUsingRememberMeParameterAndServicesRefThenThrowsWiringException() {
-		assertThatCode(() -> this.spring.configLocations(this.xml("WithRememberMeParameterAndServicesRef")).autowire())
-				.isInstanceOf(BeanDefinitionParsingException.class);
+		assertThatExceptionOfType(BeanDefinitionParsingException.class).isThrownBy(
+				() -> this.spring.configLocations(this.xml("WithRememberMeParameterAndServicesRef")).autowire());
 	}
 
 	/**
@@ -249,11 +248,13 @@ public class RememberMeConfigTests {
 	 */
 	@Test
 	public void configureWhenUsingRememberMeCookieAndServicesRefThenThrowsWiringException() {
-		assertThatCode(() -> this.spring.configLocations(this.xml("WithRememberMeCookieAndServicesRef")).autowire())
-				.isInstanceOf(BeanDefinitionParsingException.class).hasMessageContaining(
+		assertThatExceptionOfType(BeanDefinitionParsingException.class)
+				.isThrownBy(
+						() -> this.spring.configLocations(this.xml("WithRememberMeCookieAndServicesRef")).autowire())
+				.withMessageContaining(
 						"Configuration problem: services-ref can't be used in combination with attributes "
-								+ "token-repository-ref,data-source-ref, user-service-ref, token-validity-seconds, use-secure-cookie, "
-								+ "remember-me-parameter or remember-me-cookie");
+								+ "token-repository-ref,data-source-ref, user-service-ref, token-validity-seconds, "
+								+ "use-secure-cookie, remember-me-parameter or remember-me-cookie");
 	}
 
 	private ResultActions rememberAuthentication(String username, String password) throws Exception {
diff --git a/config/src/test/java/org/springframework/security/config/web/server/FormLoginTests.java b/config/src/test/java/org/springframework/security/config/web/server/FormLoginTests.java
index cf96b628a1..b53176c4ae 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/FormLoginTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/FormLoginTests.java
@@ -47,8 +47,7 @@ import org.springframework.web.bind.annotation.ResponseBody;
 import org.springframework.web.server.ServerWebExchange;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatCode;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.atLeastOnce;
@@ -294,7 +293,7 @@ public class FormLoginTests {
 		}
 
 		public DefaultLoginPage assertLoginFormNotPresent() {
-			assertThatThrownBy(() -> loginForm().username("")).isInstanceOf(NoSuchElementException.class);
+			assertThatExceptionOfType(NoSuchElementException.class).isThrownBy(() -> loginForm().username(""));
 			return this;
 		}
 
@@ -353,7 +352,7 @@ public class FormLoginTests {
 			}
 
 			public OAuth2Login assertClientRegistrationByName(String clientName) {
-				assertThatCode(() -> findClientRegistrationByName(clientName)).doesNotThrowAnyException();
+				findClientRegistrationByName(clientName);
 				return this;
 			}
 
diff --git a/config/src/test/java/org/springframework/security/config/web/server/OAuth2ResourceServerSpecTests.java b/config/src/test/java/org/springframework/security/config/web/server/OAuth2ResourceServerSpecTests.java
index 301644ccd1..a6918809a9 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/OAuth2ResourceServerSpecTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/OAuth2ResourceServerSpecTests.java
@@ -80,7 +80,7 @@ import org.springframework.web.reactive.config.EnableWebFlux;
 import org.springframework.web.server.ServerWebExchange;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatCode;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.hamcrest.CoreMatchers.startsWith;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyString;
@@ -334,7 +334,7 @@ public class OAuth2ResourceServerSpecTests {
 		context.registerBean("firstJwtDecoder", ReactiveJwtDecoder.class, () -> beanWiredJwtDecoder);
 		context.registerBean("secondJwtDecoder", ReactiveJwtDecoder.class, () -> beanWiredJwtDecoder);
 		ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec jwt = http.oauth2ResourceServer().jwt();
-		assertThatCode(() -> jwt.getJwtDecoder()).isInstanceOf(NoUniqueBeanDefinitionException.class);
+		assertThatExceptionOfType(NoUniqueBeanDefinitionException.class).isThrownBy(() -> jwt.getJwtDecoder());
 	}
 
 	@Test
@@ -343,7 +343,7 @@ public class OAuth2ResourceServerSpecTests {
 		ServerHttpSecurity http = new ServerHttpSecurity();
 		http.setApplicationContext(context);
 		ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec jwt = http.oauth2ResourceServer().jwt();
-		assertThatCode(() -> jwt.getJwtDecoder()).isInstanceOf(NoSuchBeanDefinitionException.class);
+		assertThatExceptionOfType(NoSuchBeanDefinitionException.class).isThrownBy(() -> jwt.getJwtDecoder());
 	}
 
 	@Test
@@ -366,8 +366,9 @@ public class OAuth2ResourceServerSpecTests {
 
 	@Test
 	public void configureWhenUsingBothAuthenticationManagerResolverAndOpaqueThenWiringException() {
-		assertThatCode(() -> this.spring.register(AuthenticationManagerResolverPlusOtherConfig.class).autowire())
-				.isInstanceOf(BeanCreationException.class).hasMessageContaining("authenticationManagerResolver");
+		assertThatExceptionOfType(BeanCreationException.class)
+				.isThrownBy(() -> this.spring.register(AuthenticationManagerResolverPlusOtherConfig.class).autowire())
+				.withMessageContaining("authenticationManagerResolver");
 	}
 
 	private static Dispatcher requiresAuth(String username, String password, String response) {
diff --git a/config/src/test/java/org/springframework/security/config/websocket/WebSocketMessageBrokerConfigTests.java b/config/src/test/java/org/springframework/security/config/websocket/WebSocketMessageBrokerConfigTests.java
index 8d760858d5..3e72669f57 100644
--- a/config/src/test/java/org/springframework/security/config/websocket/WebSocketMessageBrokerConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/websocket/WebSocketMessageBrokerConfigTests.java
@@ -20,7 +20,6 @@ import java.util.HashMap;
 import java.util.Map;
 
 import org.assertj.core.api.ThrowableAssert;
-import org.assertj.core.api.ThrowableAssert.ThrowingCallable;
 import org.junit.Rule;
 import org.junit.Test;
 import org.junit.runner.RunWith;
@@ -68,8 +67,7 @@ import org.springframework.web.socket.server.HandshakeFailureException;
 import org.springframework.web.socket.server.HandshakeHandler;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatCode;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 
 /**
@@ -103,8 +101,8 @@ public class WebSocketMessageBrokerConfigTests {
 	public void sendWhenNoIdSpecifiedThenIntegratesWithClientInboundChannel() {
 		this.spring.configLocations(xml("NoIdConfig")).autowire();
 		this.clientInboundChannel.send(message("/permitAll"));
-		assertThatThrownBy(() -> this.clientInboundChannel.send(message("/denyAll")))
-				.hasCauseInstanceOf(AccessDeniedException.class);
+		assertThatExceptionOfType(Exception.class).isThrownBy(() -> this.clientInboundChannel.send(message("/denyAll")))
+				.withCauseInstanceOf(AccessDeniedException.class);
 	}
 
 	@Test
@@ -112,141 +110,146 @@ public class WebSocketMessageBrokerConfigTests {
 		this.spring.configLocations(xml("NoIdConfig")).autowire();
 		SimpMessageHeaderAccessor headers = SimpMessageHeaderAccessor.create(SimpMessageType.CONNECT);
 		headers.setNativeHeader(this.token.getHeaderName(), this.token.getToken());
-		assertThatCode(() -> this.clientInboundChannel.send(message("/permitAll", headers))).doesNotThrowAnyException();
+		this.clientInboundChannel.send(message("/permitAll", headers));
 	}
 
 	@Test
 	public void sendWhenAnonymousMessageWithConnectAckMessageTypeThenPermitted() {
 		this.spring.configLocations(xml("NoIdConfig")).autowire();
 		Message<?> message = message("/permitAll", SimpMessageType.CONNECT_ACK);
-		assertThatCode(send(message)).doesNotThrowAnyException();
+		send(message);
 	}
 
 	@Test
 	public void sendWhenAnonymousMessageWithDisconnectMessageTypeThenPermitted() {
 		this.spring.configLocations(xml("NoIdConfig")).autowire();
 		Message<?> message = message("/permitAll", SimpMessageType.DISCONNECT);
-		assertThatCode(send(message)).doesNotThrowAnyException();
+		send(message);
 	}
 
 	@Test
 	public void sendWhenAnonymousMessageWithDisconnectAckMessageTypeThenPermitted() {
 		this.spring.configLocations(xml("NoIdConfig")).autowire();
 		Message<?> message = message("/permitAll", SimpMessageType.DISCONNECT_ACK);
-		assertThatCode(send(message)).doesNotThrowAnyException();
+		send(message);
 	}
 
 	@Test
 	public void sendWhenAnonymousMessageWithHeartbeatMessageTypeThenPermitted() {
 		this.spring.configLocations(xml("NoIdConfig")).autowire();
 		Message<?> message = message("/permitAll", SimpMessageType.HEARTBEAT);
-		assertThatCode(send(message)).doesNotThrowAnyException();
+		send(message);
 	}
 
 	@Test
 	public void sendWhenAnonymousMessageWithMessageMessageTypeThenPermitted() {
 		this.spring.configLocations(xml("NoIdConfig")).autowire();
 		Message<?> message = message("/permitAll", SimpMessageType.MESSAGE);
-		assertThatCode(send(message)).doesNotThrowAnyException();
+		send(message);
 	}
 
 	@Test
 	public void sendWhenAnonymousMessageWithOtherMessageTypeThenPermitted() {
 		this.spring.configLocations(xml("NoIdConfig")).autowire();
 		Message<?> message = message("/permitAll", SimpMessageType.OTHER);
-		assertThatCode(send(message)).doesNotThrowAnyException();
+		send(message);
 	}
 
 	@Test
 	public void sendWhenAnonymousMessageWithSubscribeMessageTypeThenPermitted() {
 		this.spring.configLocations(xml("NoIdConfig")).autowire();
 		Message<?> message = message("/permitAll", SimpMessageType.SUBSCRIBE);
-		assertThatCode(send(message)).doesNotThrowAnyException();
+		send(message);
 	}
 
 	@Test
 	public void sendWhenAnonymousMessageWithUnsubscribeMessageTypeThenPermitted() {
 		this.spring.configLocations(xml("NoIdConfig")).autowire();
 		Message<?> message = message("/permitAll", SimpMessageType.UNSUBSCRIBE);
-		assertThatCode(send(message)).doesNotThrowAnyException();
+		send(message);
 	}
 
 	@Test
 	public void sendWhenConnectWithoutCsrfTokenThenDenied() {
 		this.spring.configLocations(xml("SyncConfig")).autowire();
 		Message<?> message = message("/message", SimpMessageType.CONNECT);
-		assertThatThrownBy(send(message)).hasCauseInstanceOf(InvalidCsrfTokenException.class);
+		assertThatExceptionOfType(Exception.class).isThrownBy(send(message))
+				.withCauseInstanceOf(InvalidCsrfTokenException.class);
 	}
 
 	@Test
 	public void sendWhenConnectWithSameOriginDisabledThenCsrfTokenNotRequired() {
 		this.spring.configLocations(xml("SyncSameOriginDisabledConfig")).autowire();
 		Message<?> message = message("/message", SimpMessageType.CONNECT);
-		assertThatCode(send(message)).doesNotThrowAnyException();
+		send(message);
 	}
 
 	@Test
 	public void sendWhenInterceptWiredForMessageTypeThenDeniesOnTypeMismatch() {
 		this.spring.configLocations(xml("MessageInterceptTypeConfig")).autowire();
 		Message<?> message = message("/permitAll", SimpMessageType.MESSAGE);
-		assertThatCode(send(message)).doesNotThrowAnyException();
+		send(message);
 		message = message("/permitAll", SimpMessageType.UNSUBSCRIBE);
-		assertThatThrownBy(send(message)).hasCauseInstanceOf(AccessDeniedException.class);
+		assertThatExceptionOfType(Exception.class).isThrownBy(send(message))
+				.withCauseInstanceOf(AccessDeniedException.class);
 		message = message("/anyOther", SimpMessageType.MESSAGE);
-		assertThatThrownBy(send(message)).hasCauseInstanceOf(AccessDeniedException.class);
+		assertThatExceptionOfType(Exception.class).isThrownBy(send(message))
+				.withCauseInstanceOf(AccessDeniedException.class);
 	}
 
 	@Test
 	public void sendWhenInterceptWiredForSubscribeTypeThenDeniesOnTypeMismatch() {
 		this.spring.configLocations(xml("SubscribeInterceptTypeConfig")).autowire();
 		Message<?> message = message("/permitAll", SimpMessageType.SUBSCRIBE);
-		assertThatCode(send(message)).doesNotThrowAnyException();
+		send(message);
 		message = message("/permitAll", SimpMessageType.UNSUBSCRIBE);
-		assertThatThrownBy(send(message)).hasCauseInstanceOf(AccessDeniedException.class);
+		assertThatExceptionOfType(Exception.class).isThrownBy(send(message))
+				.withCauseInstanceOf(AccessDeniedException.class);
 		message = message("/anyOther", SimpMessageType.SUBSCRIBE);
-		assertThatThrownBy(send(message)).hasCauseInstanceOf(AccessDeniedException.class);
+		assertThatExceptionOfType(Exception.class).isThrownBy(send(message))
+				.withCauseInstanceOf(AccessDeniedException.class);
 	}
 
 	@Test
 	public void configureWhenUsingConnectMessageTypeThenAutowireFails() {
-		ThrowingCallable bad = () -> this.spring.configLocations(xml("ConnectInterceptTypeConfig")).autowire();
-		assertThatThrownBy(bad).isInstanceOf(BeanDefinitionParsingException.class);
+		assertThatExceptionOfType(BeanDefinitionParsingException.class)
+				.isThrownBy(() -> this.spring.configLocations(xml("ConnectInterceptTypeConfig")).autowire());
 	}
 
 	@Test
 	public void configureWhenUsingConnectAckMessageTypeThenAutowireFails() {
-		ThrowingCallable bad = () -> this.spring.configLocations(xml("ConnectAckInterceptTypeConfig")).autowire();
-		assertThatThrownBy(bad).isInstanceOf(BeanDefinitionParsingException.class);
+		assertThatExceptionOfType(BeanDefinitionParsingException.class)
+				.isThrownBy(() -> this.spring.configLocations(xml("ConnectAckInterceptTypeConfig")).autowire());
 	}
 
 	@Test
 	public void configureWhenUsingDisconnectMessageTypeThenAutowireFails() {
-		ThrowingCallable bad = () -> this.spring.configLocations(xml("DisconnectInterceptTypeConfig")).autowire();
-		assertThatThrownBy(bad).isInstanceOf(BeanDefinitionParsingException.class);
+		assertThatExceptionOfType(BeanDefinitionParsingException.class)
+				.isThrownBy(() -> this.spring.configLocations(xml("DisconnectInterceptTypeConfig")).autowire());
 	}
 
 	@Test
 	public void configureWhenUsingDisconnectAckMessageTypeThenAutowireFails() {
-		ThrowingCallable bad = () -> this.spring.configLocations(xml("DisconnectAckInterceptTypeConfig")).autowire();
-		assertThatThrownBy(bad).isInstanceOf(BeanDefinitionParsingException.class);
+		assertThatExceptionOfType(BeanDefinitionParsingException.class)
+				.isThrownBy(() -> this.spring.configLocations(xml("DisconnectAckInterceptTypeConfig")).autowire());
 	}
 
 	@Test
 	public void configureWhenUsingHeartbeatMessageTypeThenAutowireFails() {
-		ThrowingCallable bad = () -> this.spring.configLocations(xml("HeartbeatInterceptTypeConfig")).autowire();
-		assertThatThrownBy(bad).isInstanceOf(BeanDefinitionParsingException.class);
+		assertThatExceptionOfType(BeanDefinitionParsingException.class)
+				.isThrownBy(() -> this.spring.configLocations(xml("HeartbeatInterceptTypeConfig")).autowire());
 	}
 
 	@Test
 	public void configureWhenUsingOtherMessageTypeThenAutowireFails() {
-		ThrowingCallable bad = () -> this.spring.configLocations(xml("OtherInterceptTypeConfig")).autowire();
-		assertThatThrownBy(bad).isInstanceOf(BeanDefinitionParsingException.class);
+		assertThatExceptionOfType(BeanDefinitionParsingException.class)
+				.isThrownBy(() -> this.spring.configLocations(xml("OtherInterceptTypeConfig")).autowire());
 	}
 
 	@Test
 	public void configureWhenUsingUnsubscribeMessageTypeThenAutowireFails() {
-		ThrowingCallable bad = () -> this.spring.configLocations(xml("UnsubscribeInterceptTypeConfig")).autowire();
-		assertThatThrownBy(bad).isInstanceOf(BeanDefinitionParsingException.class);
+		assertThatExceptionOfType(BeanDefinitionParsingException.class)
+				.isThrownBy(() -> this.spring.configLocations(xml("UnsubscribeInterceptTypeConfig")).autowire());
 	}
 
 	@Test
@@ -301,16 +304,17 @@ public class WebSocketMessageBrokerConfigTests {
 	public void sendWhenUsingCustomPathMatcherThenSecurityAppliesIt() {
 		this.spring.configLocations(xml("CustomPathMatcherConfig")).autowire();
 		Message<?> message = message("/denyAll.a");
-		assertThatThrownBy(send(message)).hasCauseInstanceOf(AccessDeniedException.class);
+		assertThatExceptionOfType(Exception.class).isThrownBy(send(message))
+				.withCauseInstanceOf(AccessDeniedException.class);
 		message = message("/denyAll.a.b");
-		assertThatCode(send(message)).doesNotThrowAnyException();
+		send(message);
 	}
 
 	@Test
 	public void sendWhenIdSpecifiedThenSecurityDoesNotIntegrateWithClientInboundChannel() {
 		this.spring.configLocations(xml("IdConfig")).autowire();
 		Message<?> message = message("/denyAll");
-		assertThatCode(send(message)).doesNotThrowAnyException();
+		send(message);
 	}
 
 	@Test
@@ -318,14 +322,16 @@ public class WebSocketMessageBrokerConfigTests {
 	public void sendWhenIdSpecifiedAndExplicitlyIntegratedWhenBrokerUsesClientInboundChannel() {
 		this.spring.configLocations(xml("IdIntegratedConfig")).autowire();
 		Message<?> message = message("/denyAll");
-		assertThatThrownBy(send(message)).hasCauseInstanceOf(AccessDeniedException.class);
+		assertThatExceptionOfType(Exception.class).isThrownBy(send(message))
+				.withCauseInstanceOf(AccessDeniedException.class);
 	}
 
 	@Test
 	public void sendWhenNoIdSpecifiedThenSecurityDoesntOverrideCustomInterceptors() {
 		this.spring.configLocations(xml("CustomInterceptorConfig")).autowire();
 		Message<?> message = message("/throwAll");
-		assertThatThrownBy(send(message)).hasCauseInstanceOf(UnsupportedOperationException.class);
+		assertThatExceptionOfType(Exception.class).isThrownBy(send(message))
+				.withCauseInstanceOf(UnsupportedOperationException.class);
 	}
 
 	@Test
@@ -333,7 +339,8 @@ public class WebSocketMessageBrokerConfigTests {
 	public void sendWhenCustomExpressionHandlerThenAuthorizesAccordingly() {
 		this.spring.configLocations(xml("CustomExpressionHandlerConfig")).autowire();
 		Message<?> message = message("/denyNile");
-		assertThatThrownBy(send(message)).hasCauseInstanceOf(AccessDeniedException.class);
+		assertThatExceptionOfType(Exception.class).isThrownBy(send(message))
+				.withCauseInstanceOf(AccessDeniedException.class);
 	}
 
 	private String xml(String configName) {
diff --git a/core/src/test/java/org/springframework/security/authentication/UserDetailsRepositoryReactiveAuthenticationManagerTests.java b/core/src/test/java/org/springframework/security/authentication/UserDetailsRepositoryReactiveAuthenticationManagerTests.java
index 8c6362b14e..7cd80768dc 100644
--- a/core/src/test/java/org/springframework/security/authentication/UserDetailsRepositoryReactiveAuthenticationManagerTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/UserDetailsRepositoryReactiveAuthenticationManagerTests.java
@@ -33,9 +33,7 @@ import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsChecker;
 import org.springframework.security.crypto.password.PasswordEncoder;
 
-import static org.assertj.core.api.Assertions.assertThatCode;
 import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.BDDMockito.given;
@@ -85,7 +83,7 @@ public class UserDetailsRepositoryReactiveAuthenticationManagerTests {
 
 	@Test
 	public void setSchedulerWhenNullThenIllegalArgumentException() {
-		assertThatCode(() -> this.manager.setScheduler(null)).isInstanceOf(IllegalArgumentException.class);
+		assertThatExceptionOfType(IllegalArgumentException.class).isThrownBy(() -> this.manager.setScheduler(null));
 	}
 
 	@Test
@@ -125,7 +123,8 @@ public class UserDetailsRepositoryReactiveAuthenticationManagerTests {
 		this.manager.setUserDetailsPasswordService(this.userDetailsPasswordService);
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(this.user,
 				this.user.getPassword());
-		assertThatThrownBy(() -> this.manager.authenticate(token).block()).isInstanceOf(BadCredentialsException.class);
+		assertThatExceptionOfType(BadCredentialsException.class)
+				.isThrownBy(() -> this.manager.authenticate(token).block());
 		verifyZeroInteractions(this.userDetailsPasswordService);
 	}
 
diff --git a/core/src/test/java/org/springframework/security/authentication/dao/DaoAuthenticationProviderTests.java b/core/src/test/java/org/springframework/security/authentication/dao/DaoAuthenticationProviderTests.java
index 8429503319..b045b798bb 100644
--- a/core/src/test/java/org/springframework/security/authentication/dao/DaoAuthenticationProviderTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/dao/DaoAuthenticationProviderTests.java
@@ -49,7 +49,7 @@ import org.springframework.security.crypto.password.NoOpPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.assertj.core.api.Assertions.fail;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyString;
@@ -362,7 +362,7 @@ public class DaoAuthenticationProviderTests {
 		UserDetails user = PasswordEncodedUser.user();
 		given(encoder.matches(any(), any())).willReturn(false);
 		given(userDetailsService.loadUserByUsername(any())).willReturn(user);
-		assertThatThrownBy(() -> provider.authenticate(token)).isInstanceOf(BadCredentialsException.class);
+		assertThatExceptionOfType(BadCredentialsException.class).isThrownBy(() -> provider.authenticate(token));
 		verifyZeroInteractions(passwordManager);
 	}
 
diff --git a/core/src/test/java/org/springframework/security/authentication/jaas/JaasGrantedAuthorityTests.java b/core/src/test/java/org/springframework/security/authentication/jaas/JaasGrantedAuthorityTests.java
index 09f2441ba1..8310693337 100644
--- a/core/src/test/java/org/springframework/security/authentication/jaas/JaasGrantedAuthorityTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/jaas/JaasGrantedAuthorityTests.java
@@ -18,7 +18,7 @@ package org.springframework.security.authentication.jaas;
 
 import org.junit.Test;
 
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * @author Clement Ng
@@ -26,20 +26,16 @@ import static org.assertj.core.api.Assertions.assertThatThrownBy;
  */
 public class JaasGrantedAuthorityTests {
 
-	/**
-	 */
 	@Test
 	public void authorityWithNullRoleFailsAssertion() {
-		assertThatThrownBy(() -> new JaasGrantedAuthority(null, null)).isInstanceOf(IllegalArgumentException.class)
-				.hasMessageContaining("role cannot be null");
+		assertThatIllegalArgumentException().isThrownBy(() -> new JaasGrantedAuthority(null, null))
+				.withMessageContaining("role cannot be null");
 	}
 
-	/**
-	 */
 	@Test
 	public void authorityWithNullPrincipleFailsAssertion() {
-		assertThatThrownBy(() -> new JaasGrantedAuthority("role", null)).isInstanceOf(IllegalArgumentException.class)
-				.hasMessageContaining("principal cannot be null");
+		assertThatIllegalArgumentException().isThrownBy(() -> new JaasGrantedAuthority("role", null))
+				.withMessageContaining("principal cannot be null");
 	}
 
 }
diff --git a/core/src/test/java/org/springframework/security/converter/RsaKeyConvertersTests.java b/core/src/test/java/org/springframework/security/converter/RsaKeyConvertersTests.java
index 17019a626f..f37fb4c5bf 100644
--- a/core/src/test/java/org/springframework/security/converter/RsaKeyConvertersTests.java
+++ b/core/src/test/java/org/springframework/security/converter/RsaKeyConvertersTests.java
@@ -28,7 +28,7 @@ import org.junit.Test;
 
 import org.springframework.core.convert.converter.Converter;
 
-import static org.assertj.core.api.Assertions.assertThatCode;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * Tests for {@link RsaKeyConverters}
@@ -99,8 +99,7 @@ public class RsaKeyConvertersTests {
 
 	@Test
 	public void pkcs8WhenConvertingPkcs1PrivateKeyThenIllegalArgumentException() {
-		assertThatCode(() -> this.pkcs8.convert(toInputStream(PKCS1_PRIVATE_KEY)))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.pkcs8.convert(toInputStream(PKCS1_PRIVATE_KEY)));
 	}
 
 	@Test
@@ -111,8 +110,7 @@ public class RsaKeyConvertersTests {
 
 	@Test
 	public void x509WhenConvertingDerEncodedX509PublicKeyThenIllegalArgumentException() {
-		assertThatCode(() -> this.x509.convert(toInputStream(MALFORMED_X509_KEY)))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.x509.convert(toInputStream(MALFORMED_X509_KEY)));
 	}
 
 	private static InputStream toInputStream(String string) {
diff --git a/core/src/test/java/org/springframework/security/jackson2/SecurityJackson2ModulesTests.java b/core/src/test/java/org/springframework/security/jackson2/SecurityJackson2ModulesTests.java
index 106750a1e6..81b78f6b78 100644
--- a/core/src/test/java/org/springframework/security/jackson2/SecurityJackson2ModulesTests.java
+++ b/core/src/test/java/org/springframework/security/jackson2/SecurityJackson2ModulesTests.java
@@ -32,7 +32,7 @@ import org.junit.Before;
 import org.junit.Test;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 
 /**
  * @author Rob Winch
@@ -51,7 +51,8 @@ public class SecurityJackson2ModulesTests {
 	@Test
 	public void readValueWhenNotAllowedOrMappedThenThrowsException() {
 		String content = "{\"@class\":\"org.springframework.security.jackson2.SecurityJackson2ModulesTests$NotAllowlisted\",\"property\":\"bar\"}";
-		assertThatThrownBy(() -> this.mapper.readValue(content, Object.class)).hasStackTraceContaining("allowlist");
+		assertThatExceptionOfType(Exception.class).isThrownBy(() -> this.mapper.readValue(content, Object.class))
+				.withStackTraceContaining("allowlist");
 	}
 
 	@Test
diff --git a/crypto/src/test/java/org/springframework/security/crypto/password/DelegatingPasswordEncoderTests.java b/crypto/src/test/java/org/springframework/security/crypto/password/DelegatingPasswordEncoderTests.java
index c98fd1016b..e123f27c5f 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/password/DelegatingPasswordEncoderTests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/password/DelegatingPasswordEncoderTests.java
@@ -27,7 +27,7 @@ import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.verify;
@@ -120,41 +120,43 @@ public class DelegatingPasswordEncoderTests {
 
 	@Test
 	public void matchesWhenUnMappedThenIllegalArgumentException() {
-		assertThatThrownBy(() -> this.passwordEncoder.matches(this.rawPassword, "{unmapped}" + this.rawPassword))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("There is no PasswordEncoder mapped for the id \"unmapped\"");
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.passwordEncoder.matches(this.rawPassword, "{unmapped}" + this.rawPassword))
+				.withMessage("There is no PasswordEncoder mapped for the id \"unmapped\"");
 		verifyZeroInteractions(this.bcrypt, this.noop);
 	}
 
 	@Test
 	public void matchesWhenNoClosingPrefixStringThenIllegalArgumentExcetion() {
-		assertThatThrownBy(() -> this.passwordEncoder.matches(this.rawPassword, "{bcrypt" + this.rawPassword))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("There is no PasswordEncoder mapped for the id \"null\"");
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.passwordEncoder.matches(this.rawPassword, "{bcrypt" + this.rawPassword))
+				.withMessage("There is no PasswordEncoder mapped for the id \"null\"");
 		verifyZeroInteractions(this.bcrypt, this.noop);
 	}
 
 	@Test
 	public void matchesWhenNoStartingPrefixStringThenFalse() {
-		assertThatThrownBy(() -> this.passwordEncoder.matches(this.rawPassword, "bcrypt}" + this.rawPassword))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("There is no PasswordEncoder mapped for the id \"null\"");
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.passwordEncoder.matches(this.rawPassword, "bcrypt}" + this.rawPassword))
+				.withMessage("There is no PasswordEncoder mapped for the id \"null\"");
 		verifyZeroInteractions(this.bcrypt, this.noop);
 	}
 
 	@Test
 	public void matchesWhenNoIdStringThenFalse() {
-		assertThatThrownBy(() -> this.passwordEncoder.matches(this.rawPassword, "{}" + this.rawPassword))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("There is no PasswordEncoder mapped for the id \"\"");
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.passwordEncoder.matches(this.rawPassword, "{}" + this.rawPassword))
+				.withMessage("There is no PasswordEncoder mapped for the id \"\"");
 		verifyZeroInteractions(this.bcrypt, this.noop);
 	}
 
 	@Test
 	public void matchesWhenPrefixInMiddleThenFalse() {
-		assertThatThrownBy(() -> this.passwordEncoder.matches(this.rawPassword, "invalid" + this.bcryptEncodedPassword))
+		assertThatIllegalArgumentException()
+				.isThrownBy(
+						() -> this.passwordEncoder.matches(this.rawPassword, "invalid" + this.bcryptEncodedPassword))
 				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("There is no PasswordEncoder mapped for the id \"null\"");
+				.withMessage("There is no PasswordEncoder mapped for the id \"null\"");
 		verifyZeroInteractions(this.bcrypt, this.noop);
 	}
 
@@ -162,9 +164,9 @@ public class DelegatingPasswordEncoderTests {
 	public void matchesWhenIdIsNullThenFalse() {
 		this.delegates = new Hashtable<>(this.delegates);
 		DelegatingPasswordEncoder passwordEncoder = new DelegatingPasswordEncoder(this.bcryptId, this.delegates);
-		assertThatThrownBy(() -> passwordEncoder.matches(this.rawPassword, this.rawPassword))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("There is no PasswordEncoder mapped for the id \"null\"");
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> passwordEncoder.matches(this.rawPassword, this.rawPassword))
+				.withMessage("There is no PasswordEncoder mapped for the id \"null\"");
 		verifyZeroInteractions(this.bcrypt, this.noop);
 	}
 
diff --git a/etc/checkstyle/checkstyle.xml b/etc/checkstyle/checkstyle.xml
index e2c3704a5a..83028dcf7a 100644
--- a/etc/checkstyle/checkstyle.xml
+++ b/etc/checkstyle/checkstyle.xml
@@ -14,4 +14,12 @@
 	<module name="io.spring.javaformat.checkstyle.SpringChecks">
 		<property name="excludes" value="io.spring.javaformat.checkstyle.check.SpringHeaderCheck" />
 	</module>
+	<module name="com.puppycrawl.tools.checkstyle.TreeWalker">
+ 		<module name="com.puppycrawl.tools.checkstyle.checks.regexp.RegexpSinglelineJavaCheck">
+ 			<property name="maximum" value="0"/>
+			<property name="format" value="org\.assertj\.core\.api\.Assertions\.(catchThrowable|catchThrowableOfType|assertThatThrownBy|assertThatCode)" />
+			<property name="message" value="Please use assertThatExceptionOfType." />
+			<property name="ignoreComments" value="true" />
+		</module>
+	</module>
 </module>
\ No newline at end of file
diff --git a/ldap/src/integration-test/java/org/springframework/security/ldap/server/ApacheDSContainerTests.java b/ldap/src/integration-test/java/org/springframework/security/ldap/server/ApacheDSContainerTests.java
index b297fe66cd..8a14656709 100644
--- a/ldap/src/integration-test/java/org/springframework/security/ldap/server/ApacheDSContainerTests.java
+++ b/ldap/src/integration-test/java/org/springframework/security/ldap/server/ApacheDSContainerTests.java
@@ -32,6 +32,7 @@ import org.springframework.core.io.ClassPathResource;
 import org.springframework.util.FileCopyUtils;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.assertj.core.api.Assertions.fail;
 
 /**
@@ -138,15 +139,8 @@ public class ApacheDSContainerTests {
 		server.setLdapOverSslEnabled(true);
 		server.setKeyStoreFile(temporaryKeyStoreFile);
 		server.setCertificatePassord("incorrect-password");
-
-		try {
-			server.afterPropertiesSet();
-			fail("Expected a RuntimeException to be thrown.");
-		}
-		catch (RuntimeException ex) {
-			assertThat(ex).hasMessage("Server startup failed");
-			assertThat(ex).hasRootCauseInstanceOf(UnrecoverableKeyException.class);
-		}
+		assertThatExceptionOfType(RuntimeException.class).isThrownBy(server::afterPropertiesSet)
+				.withMessage("Server startup failed").withRootCauseInstanceOf(UnrecoverableKeyException.class);
 	}
 
 	/**
diff --git a/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsManagerModifyPasswordTests.java b/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsManagerModifyPasswordTests.java
index 275cd0cb02..ab2e6e3992 100644
--- a/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsManagerModifyPasswordTests.java
+++ b/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsManagerModifyPasswordTests.java
@@ -36,7 +36,7 @@ import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.junit4.SpringRunner;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatCode;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 
 /**
  * Tests for {@link LdapUserDetailsManager#changePassword}, specifically relating to the
@@ -63,8 +63,8 @@ public class LdapUserDetailsManagerModifyPasswordTests {
 	@Test
 	@WithMockUser(username = "bob", password = "bobspassword", authorities = "ROLE_USER")
 	public void changePasswordWhenOldPasswordIsIncorrectThenThrowsException() {
-		assertThatCode(() -> this.userDetailsManager.changePassword("wrongoldpassword", "bobsnewpassword"))
-				.isInstanceOf(BadCredentialsException.class);
+		assertThatExceptionOfType(BadCredentialsException.class)
+				.isThrownBy(() -> this.userDetailsManager.changePassword("wrongoldpassword", "bobsnewpassword"));
 	}
 
 	@Test
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizationCodeOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizationCodeOAuth2AuthorizedClientProviderTests.java
index bb777ce820..88e52dbf4d 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizationCodeOAuth2AuthorizedClientProviderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizationCodeOAuth2AuthorizedClientProviderTests.java
@@ -26,7 +26,8 @@ import org.springframework.security.oauth2.client.registration.TestClientRegistr
 import org.springframework.security.oauth2.core.TestOAuth2AccessTokens;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * Tests for {@link AuthorizationCodeOAuth2AuthorizedClientProvider}.
@@ -54,8 +55,7 @@ public class AuthorizationCodeOAuth2AuthorizedClientProviderTests {
 
 	@Test
 	public void authorizeWhenContextIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.authorizedClientProvider.authorize(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.authorizedClientProvider.authorize(null));
 	}
 
 	@Test
@@ -77,8 +77,8 @@ public class AuthorizationCodeOAuth2AuthorizedClientProviderTests {
 	public void authorizeWhenAuthorizationCodeAndNotAuthorizedThenAuthorize() {
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
 				.withClientRegistration(this.clientRegistration).principal(this.principal).build();
-		assertThatThrownBy(() -> this.authorizedClientProvider.authorize(authorizationContext))
-				.isInstanceOf(ClientAuthorizationRequiredException.class);
+		assertThatExceptionOfType(ClientAuthorizationRequiredException.class)
+				.isThrownBy(() -> this.authorizedClientProvider.authorize(authorizationContext));
 	}
 
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizationCodeReactiveOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizationCodeReactiveOAuth2AuthorizedClientProviderTests.java
index 190af59bc3..8f6c25abd1 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizationCodeReactiveOAuth2AuthorizedClientProviderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizationCodeReactiveOAuth2AuthorizedClientProviderTests.java
@@ -26,7 +26,8 @@ import org.springframework.security.oauth2.client.registration.TestClientRegistr
 import org.springframework.security.oauth2.core.TestOAuth2AccessTokens;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * Tests for {@link AuthorizationCodeReactiveOAuth2AuthorizedClientProvider}.
@@ -54,8 +55,7 @@ public class AuthorizationCodeReactiveOAuth2AuthorizedClientProviderTests {
 
 	@Test
 	public void authorizeWhenContextIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.authorizedClientProvider.authorize(null).block())
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.authorizedClientProvider.authorize(null).block());
 	}
 
 	@Test
@@ -77,8 +77,8 @@ public class AuthorizationCodeReactiveOAuth2AuthorizedClientProviderTests {
 	public void authorizeWhenAuthorizationCodeAndNotAuthorizedThenAuthorize() {
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
 				.withClientRegistration(this.clientRegistration).principal(this.principal).build();
-		assertThatThrownBy(() -> this.authorizedClientProvider.authorize(authorizationContext).block())
-				.isInstanceOf(ClientAuthorizationRequiredException.class);
+		assertThatExceptionOfType(ClientAuthorizationRequiredException.class)
+				.isThrownBy(() -> this.authorizedClientProvider.authorize(authorizationContext).block());
 	}
 
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceOAuth2AuthorizedClientManagerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceOAuth2AuthorizedClientManagerTests.java
index 8de4368877..6aa17a1365 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceOAuth2AuthorizedClientManagerTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceOAuth2AuthorizedClientManagerTests.java
@@ -35,8 +35,8 @@ import org.springframework.security.oauth2.core.TestOAuth2RefreshTokens;
 import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatCode;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.BDDMockito.given;
@@ -108,57 +108,58 @@ public class AuthorizedClientServiceOAuth2AuthorizedClientManagerTests {
 
 	@Test
 	public void constructorWhenClientRegistrationRepositoryIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(
+		assertThatIllegalArgumentException().isThrownBy(
 				() -> new AuthorizedClientServiceOAuth2AuthorizedClientManager(null, this.authorizedClientService))
-						.isInstanceOf(IllegalArgumentException.class)
-						.hasMessage("clientRegistrationRepository cannot be null");
+				.withMessage("clientRegistrationRepository cannot be null");
 	}
 
 	@Test
 	public void constructorWhenOAuth2AuthorizedClientServiceIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(
+		assertThatIllegalArgumentException().isThrownBy(
 				() -> new AuthorizedClientServiceOAuth2AuthorizedClientManager(this.clientRegistrationRepository, null))
-						.isInstanceOf(IllegalArgumentException.class)
-						.hasMessage("authorizedClientService cannot be null");
+				.withMessage("authorizedClientService cannot be null");
 	}
 
 	@Test
 	public void setAuthorizedClientProviderWhenNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.authorizedClientManager.setAuthorizedClientProvider(null))
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("authorizedClientProvider cannot be null");
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.authorizedClientManager.setAuthorizedClientProvider(null))
+				.withMessage("authorizedClientProvider cannot be null");
 	}
 
 	@Test
 	public void setContextAttributesMapperWhenNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.authorizedClientManager.setContextAttributesMapper(null))
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("contextAttributesMapper cannot be null");
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.authorizedClientManager.setContextAttributesMapper(null))
+				.withMessage("contextAttributesMapper cannot be null");
 	}
 
 	@Test
 	public void setAuthorizationSuccessHandlerWhenNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.authorizedClientManager.setAuthorizationSuccessHandler(null))
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("authorizationSuccessHandler cannot be null");
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.authorizedClientManager.setAuthorizationSuccessHandler(null))
+				.withMessage("authorizationSuccessHandler cannot be null");
 	}
 
 	@Test
 	public void setAuthorizationFailureHandlerWhenNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.authorizedClientManager.setAuthorizationFailureHandler(null))
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("authorizationFailureHandler cannot be null");
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.authorizedClientManager.setAuthorizationFailureHandler(null))
+				.withMessage("authorizationFailureHandler cannot be null");
 	}
 
 	@Test
 	public void authorizeWhenRequestIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.authorizedClientManager.authorize(null))
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("authorizeRequest cannot be null");
+		assertThatIllegalArgumentException().isThrownBy(() -> this.authorizedClientManager.authorize(null))
+				.withMessage("authorizeRequest cannot be null");
 	}
 
 	@Test
 	public void authorizeWhenClientRegistrationNotFoundThenThrowIllegalArgumentException() {
 		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
 				.withClientRegistrationId("invalid-registration-id").principal(this.principal).build();
-		assertThatThrownBy(() -> this.authorizedClientManager.authorize(authorizeRequest))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("Could not find ClientRegistration with id 'invalid-registration-id'");
+		assertThatIllegalArgumentException().isThrownBy(() -> this.authorizedClientManager.authorize(authorizeRequest))
+				.withMessage("Could not find ClientRegistration with id 'invalid-registration-id'");
 	}
 
 	@SuppressWarnings("unchecked")
@@ -308,7 +309,8 @@ public class AuthorizedClientServiceOAuth2AuthorizedClientManagerTests {
 				.willThrow(authorizationException);
 		OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient)
 				.principal(this.principal).build();
-		assertThatCode(() -> this.authorizedClientManager.authorize(reauthorizeRequest))
+		assertThatExceptionOfType(ClientAuthorizationException.class)
+				.isThrownBy(() -> this.authorizedClientManager.authorize(reauthorizeRequest))
 				.isEqualTo(authorizationException);
 		verify(this.authorizationFailureHandler).onAuthorizationFailure(eq(authorizationException), eq(this.principal),
 				any());
@@ -324,7 +326,8 @@ public class AuthorizedClientServiceOAuth2AuthorizedClientManagerTests {
 				.willThrow(authorizationException);
 		OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient)
 				.principal(this.principal).build();
-		assertThatCode(() -> this.authorizedClientManager.authorize(reauthorizeRequest))
+		assertThatExceptionOfType(ClientAuthorizationException.class)
+				.isThrownBy(() -> this.authorizedClientManager.authorize(reauthorizeRequest))
 				.isEqualTo(authorizationException);
 		verify(this.authorizationFailureHandler).onAuthorizationFailure(eq(authorizationException), eq(this.principal),
 				any());
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests.java
index aafb30ec73..4edf481052 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests.java
@@ -39,8 +39,8 @@ import org.springframework.security.oauth2.core.TestOAuth2RefreshTokens;
 import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatCode;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.BDDMockito.given;
@@ -105,46 +105,52 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests {
 
 	@Test
 	public void constructorWhenClientRegistrationRepositoryIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> new AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager(null,
-				this.authorizedClientService)).isInstanceOf(IllegalArgumentException.class)
-						.hasMessage("clientRegistrationRepository cannot be null");
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager(null,
+						this.authorizedClientService))
+				.withMessage("clientRegistrationRepository cannot be null");
 	}
 
 	@Test
 	public void constructorWhenOAuth2AuthorizedClientServiceIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> new AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager(
-				this.clientRegistrationRepository, null)).isInstanceOf(IllegalArgumentException.class)
-						.hasMessage("authorizedClientService cannot be null");
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager(
+						this.clientRegistrationRepository, null))
+				.withMessage("authorizedClientService cannot be null");
 	}
 
 	@Test
 	public void setAuthorizedClientProviderWhenNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.authorizedClientManager.setAuthorizedClientProvider(null))
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("authorizedClientProvider cannot be null");
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.authorizedClientManager.setAuthorizedClientProvider(null))
+				.withMessage("authorizedClientProvider cannot be null");
 	}
 
 	@Test
 	public void setContextAttributesMapperWhenNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.authorizedClientManager.setContextAttributesMapper(null))
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("contextAttributesMapper cannot be null");
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.authorizedClientManager.setContextAttributesMapper(null))
+				.withMessage("contextAttributesMapper cannot be null");
 	}
 
 	@Test
 	public void setAuthorizationSuccessHandlerWhenNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.authorizedClientManager.setAuthorizationSuccessHandler(null))
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("authorizationSuccessHandler cannot be null");
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.authorizedClientManager.setAuthorizationSuccessHandler(null))
+				.withMessage("authorizationSuccessHandler cannot be null");
 	}
 
 	@Test
 	public void setAuthorizationFailureHandlerWhenNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.authorizedClientManager.setAuthorizationFailureHandler(null))
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("authorizationFailureHandler cannot be null");
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.authorizedClientManager.setAuthorizationFailureHandler(null))
+				.withMessage("authorizationFailureHandler cannot be null");
 	}
 
 	@Test
 	public void authorizeWhenRequestIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.authorizedClientManager.authorize(null))
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("authorizeRequest cannot be null");
+		assertThatIllegalArgumentException().isThrownBy(() -> this.authorizedClientManager.authorize(null))
+				.withMessage("authorizeRequest cannot be null");
 	}
 
 	@Test
@@ -243,7 +249,9 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests {
 				this.clientRegistration.getRegistrationId());
 		given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
 				.willReturn(Mono.error(exception));
-		assertThatCode(() -> this.authorizedClientManager.authorize(authorizeRequest).block()).isEqualTo(exception);
+		assertThatExceptionOfType(ClientAuthorizationException.class)
+				.isThrownBy(() -> this.authorizedClientManager.authorize(authorizeRequest).block())
+				.isEqualTo(exception);
 		verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture());
 		verify(this.contextAttributesMapper).apply(eq(authorizeRequest));
 		OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue();
@@ -269,7 +277,9 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests {
 				this.clientRegistration.getRegistrationId());
 		given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
 				.willReturn(Mono.error(exception));
-		assertThatCode(() -> this.authorizedClientManager.authorize(authorizeRequest).block()).isEqualTo(exception);
+		assertThatExceptionOfType(ClientAuthorizationException.class)
+				.isThrownBy(() -> this.authorizedClientManager.authorize(authorizeRequest).block())
+				.isEqualTo(exception);
 		verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture());
 		verify(this.contextAttributesMapper).apply(eq(authorizeRequest));
 		OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue();
@@ -295,7 +305,9 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests {
 				this.clientRegistration.getRegistrationId());
 		given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
 				.willReturn(Mono.error(exception));
-		assertThatCode(() -> this.authorizedClientManager.authorize(authorizeRequest).block()).isEqualTo(exception);
+		assertThatExceptionOfType(ClientAuthorizationException.class)
+				.isThrownBy(() -> this.authorizedClientManager.authorize(authorizeRequest).block())
+				.isEqualTo(exception);
 		verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture());
 		verify(this.contextAttributesMapper).apply(eq(authorizeRequest));
 		OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue();
@@ -318,7 +330,9 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests {
 				new OAuth2Error(OAuth2ErrorCodes.INVALID_GRANT, null, null));
 		given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
 				.willReturn(Mono.error(exception));
-		assertThatCode(() -> this.authorizedClientManager.authorize(authorizeRequest).block()).isEqualTo(exception);
+		assertThatExceptionOfType(OAuth2AuthorizationException.class)
+				.isThrownBy(() -> this.authorizedClientManager.authorize(authorizeRequest).block())
+				.isEqualTo(exception);
 		verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture());
 		verify(this.contextAttributesMapper).apply(eq(authorizeRequest));
 		OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue();
@@ -344,7 +358,9 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests {
 		PublisherProbe<Void> authorizationFailureHandlerProbe = PublisherProbe.empty();
 		this.authorizedClientManager.setAuthorizationFailureHandler(
 				(client, principal, attributes) -> authorizationFailureHandlerProbe.mono());
-		assertThatCode(() -> this.authorizedClientManager.authorize(authorizeRequest).block()).isEqualTo(exception);
+		assertThatExceptionOfType(OAuth2AuthorizationException.class)
+				.isThrownBy(() -> this.authorizedClientManager.authorize(authorizeRequest).block())
+				.isEqualTo(exception);
 		verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture());
 		verify(this.contextAttributesMapper).apply(eq(authorizeRequest));
 		OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue();
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ClientCredentialsOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ClientCredentialsOAuth2AuthorizedClientProviderTests.java
index 3fd7402466..4264a4718c 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ClientCredentialsOAuth2AuthorizedClientProviderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ClientCredentialsOAuth2AuthorizedClientProviderTests.java
@@ -34,7 +34,7 @@ import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenRespon
 import org.springframework.security.oauth2.core.endpoint.TestOAuth2AccessTokenResponses;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
@@ -65,32 +65,34 @@ public class ClientCredentialsOAuth2AuthorizedClientProviderTests {
 
 	@Test
 	public void setAccessTokenResponseClientWhenClientIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.authorizedClientProvider.setAccessTokenResponseClient(null))
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("accessTokenResponseClient cannot be null");
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.authorizedClientProvider.setAccessTokenResponseClient(null))
+				.isInstanceOf(IllegalArgumentException.class).withMessage("accessTokenResponseClient cannot be null");
 	}
 
 	@Test
 	public void setClockSkewWhenNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.authorizedClientProvider.setClockSkew(null))
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("clockSkew cannot be null");
+		assertThatIllegalArgumentException().isThrownBy(() -> this.authorizedClientProvider.setClockSkew(null))
+				.withMessage("clockSkew cannot be null");
 	}
 
 	@Test
 	public void setClockSkewWhenNegativeSecondsThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.authorizedClientProvider.setClockSkew(Duration.ofSeconds(-1)))
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("clockSkew must be >= 0");
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.authorizedClientProvider.setClockSkew(Duration.ofSeconds(-1)))
+				.withMessage("clockSkew must be >= 0");
 	}
 
 	@Test
 	public void setClockWhenNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.authorizedClientProvider.setClock(null))
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("clock cannot be null");
+		assertThatIllegalArgumentException().isThrownBy(() -> this.authorizedClientProvider.setClock(null))
+				.withMessage("clock cannot be null");
 	}
 
 	@Test
 	public void authorizeWhenContextIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.authorizedClientProvider.authorize(null))
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("context cannot be null");
+		assertThatIllegalArgumentException().isThrownBy(() -> this.authorizedClientProvider.authorize(null))
+				.withMessage("context cannot be null");
 	}
 
 	@Test
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ClientCredentialsReactiveOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ClientCredentialsReactiveOAuth2AuthorizedClientProviderTests.java
index b6014bf6c4..91ca2c2b94 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ClientCredentialsReactiveOAuth2AuthorizedClientProviderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ClientCredentialsReactiveOAuth2AuthorizedClientProviderTests.java
@@ -35,7 +35,7 @@ import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenRespon
 import org.springframework.security.oauth2.core.endpoint.TestOAuth2AccessTokenResponses;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
@@ -66,32 +66,34 @@ public class ClientCredentialsReactiveOAuth2AuthorizedClientProviderTests {
 
 	@Test
 	public void setAccessTokenResponseClientWhenClientIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.authorizedClientProvider.setAccessTokenResponseClient(null))
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("accessTokenResponseClient cannot be null");
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.authorizedClientProvider.setAccessTokenResponseClient(null))
+				.withMessage("accessTokenResponseClient cannot be null");
 	}
 
 	@Test
 	public void setClockSkewWhenNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.authorizedClientProvider.setClockSkew(null))
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("clockSkew cannot be null");
+		assertThatIllegalArgumentException().isThrownBy(() -> this.authorizedClientProvider.setClockSkew(null))
+				.withMessage("clockSkew cannot be null");
 	}
 
 	@Test
 	public void setClockSkewWhenNegativeSecondsThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.authorizedClientProvider.setClockSkew(Duration.ofSeconds(-1)))
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("clockSkew must be >= 0");
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.authorizedClientProvider.setClockSkew(Duration.ofSeconds(-1)))
+				.withMessage("clockSkew must be >= 0");
 	}
 
 	@Test
 	public void setClockWhenNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.authorizedClientProvider.setClock(null))
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("clock cannot be null");
+		assertThatIllegalArgumentException().isThrownBy(() -> this.authorizedClientProvider.setClock(null))
+				.withMessage("clock cannot be null");
 	}
 
 	@Test
 	public void authorizeWhenContextIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.authorizedClientProvider.authorize(null).block())
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("context cannot be null");
+		assertThatIllegalArgumentException().isThrownBy(() -> this.authorizedClientProvider.authorize(null).block())
+				.withMessage("context cannot be null");
 	}
 
 	@Test
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/DelegatingOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/DelegatingOAuth2AuthorizedClientProviderTests.java
index cd86c5d416..f595fa571c 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/DelegatingOAuth2AuthorizedClientProviderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/DelegatingOAuth2AuthorizedClientProviderTests.java
@@ -27,7 +27,7 @@ import org.springframework.security.oauth2.client.registration.TestClientRegistr
 import org.springframework.security.oauth2.core.TestOAuth2AccessTokens;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
@@ -41,18 +41,18 @@ public class DelegatingOAuth2AuthorizedClientProviderTests {
 
 	@Test
 	public void constructorWhenProvidersIsEmptyThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> new DelegatingOAuth2AuthorizedClientProvider(new OAuth2AuthorizedClientProvider[0]))
-				.isInstanceOf(IllegalArgumentException.class);
-		assertThatThrownBy(() -> new DelegatingOAuth2AuthorizedClientProvider(Collections.emptyList()))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new DelegatingOAuth2AuthorizedClientProvider(new OAuth2AuthorizedClientProvider[0]));
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new DelegatingOAuth2AuthorizedClientProvider(Collections.emptyList()));
 	}
 
 	@Test
 	public void authorizeWhenContextIsNullThenThrowIllegalArgumentException() {
 		DelegatingOAuth2AuthorizedClientProvider delegate = new DelegatingOAuth2AuthorizedClientProvider(
 				mock(OAuth2AuthorizedClientProvider.class));
-		assertThatThrownBy(() -> delegate.authorize(null)).isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("context cannot be null");
+		assertThatIllegalArgumentException().isThrownBy(() -> delegate.authorize(null))
+				.withMessage("context cannot be null");
 	}
 
 	@Test
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/DelegatingReactiveOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/DelegatingReactiveOAuth2AuthorizedClientProviderTests.java
index 802465922c..5619fd4be2 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/DelegatingReactiveOAuth2AuthorizedClientProviderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/DelegatingReactiveOAuth2AuthorizedClientProviderTests.java
@@ -28,7 +28,7 @@ import org.springframework.security.oauth2.client.registration.TestClientRegistr
 import org.springframework.security.oauth2.core.TestOAuth2AccessTokens;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
@@ -42,18 +42,18 @@ public class DelegatingReactiveOAuth2AuthorizedClientProviderTests {
 
 	@Test
 	public void constructorWhenProvidersIsEmptyThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> new DelegatingReactiveOAuth2AuthorizedClientProvider(
-				new ReactiveOAuth2AuthorizedClientProvider[0])).isInstanceOf(IllegalArgumentException.class);
-		assertThatThrownBy(() -> new DelegatingReactiveOAuth2AuthorizedClientProvider(Collections.emptyList()))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> new DelegatingReactiveOAuth2AuthorizedClientProvider(
+				new ReactiveOAuth2AuthorizedClientProvider[0]));
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new DelegatingReactiveOAuth2AuthorizedClientProvider(Collections.emptyList()));
 	}
 
 	@Test
 	public void authorizeWhenContextIsNullThenThrowIllegalArgumentException() {
 		DelegatingReactiveOAuth2AuthorizedClientProvider delegate = new DelegatingReactiveOAuth2AuthorizedClientProvider(
 				mock(ReactiveOAuth2AuthorizedClientProvider.class));
-		assertThatThrownBy(() -> delegate.authorize(null).block()).isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("context cannot be null");
+		assertThatIllegalArgumentException().isThrownBy(() -> delegate.authorize(null).block())
+				.withMessage("context cannot be null");
 	}
 
 	@Test
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryOAuth2AuthorizedClientServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryOAuth2AuthorizedClientServiceTests.java
index 0c7b2c5be9..42b141468f 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryOAuth2AuthorizedClientServiceTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryOAuth2AuthorizedClientServiceTests.java
@@ -29,8 +29,8 @@ import org.springframework.security.oauth2.client.registration.TestClientRegistr
 import org.springframework.security.oauth2.core.OAuth2AccessToken;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.assertj.core.api.Assertions.assertThatObject;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
@@ -67,8 +67,9 @@ public class InMemoryOAuth2AuthorizedClientServiceTests {
 
 	@Test
 	public void constructorWhenAuthorizedClientsIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> new InMemoryOAuth2AuthorizedClientService(this.clientRegistrationRepository, null))
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("authorizedClients cannot be empty");
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new InMemoryOAuth2AuthorizedClientService(this.clientRegistrationRepository, null))
+				.withMessage("authorizedClients cannot be empty");
 	}
 
 	@Test
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryReactiveOAuth2AuthorizedClientServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryReactiveOAuth2AuthorizedClientServiceTests.java
index 6855cd5846..a972dfa8e0 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryReactiveOAuth2AuthorizedClientServiceTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryReactiveOAuth2AuthorizedClientServiceTests.java
@@ -35,7 +35,7 @@ import org.springframework.security.oauth2.core.AuthorizationGrantType;
 import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
 import org.springframework.security.oauth2.core.OAuth2AccessToken;
 
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.BDDMockito.given;
 
 /**
@@ -76,40 +76,36 @@ public class InMemoryReactiveOAuth2AuthorizedClientServiceTests {
 	@Test
 	public void constructorNullClientRegistrationRepositoryThenThrowsIllegalArgumentException() {
 		this.clientRegistrationRepository = null;
-		assertThatThrownBy(() -> new InMemoryReactiveOAuth2AuthorizedClientService(this.clientRegistrationRepository))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new InMemoryReactiveOAuth2AuthorizedClientService(this.clientRegistrationRepository));
 	}
 
 	@Test
 	public void loadAuthorizedClientWhenClientRegistrationIdNullThenIllegalArgumentException() {
 		this.clientRegistrationId = null;
-		assertThatThrownBy(
-				() -> this.authorizedClientService.loadAuthorizedClient(this.clientRegistrationId, this.principalName))
-						.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(
+				() -> this.authorizedClientService.loadAuthorizedClient(this.clientRegistrationId, this.principalName));
 	}
 
 	@Test
 	public void loadAuthorizedClientWhenClientRegistrationIdEmptyThenIllegalArgumentException() {
 		this.clientRegistrationId = "";
-		assertThatThrownBy(
-				() -> this.authorizedClientService.loadAuthorizedClient(this.clientRegistrationId, this.principalName))
-						.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(
+				() -> this.authorizedClientService.loadAuthorizedClient(this.clientRegistrationId, this.principalName));
 	}
 
 	@Test
 	public void loadAuthorizedClientWhenPrincipalNameNullThenIllegalArgumentException() {
 		this.principalName = null;
-		assertThatThrownBy(
-				() -> this.authorizedClientService.loadAuthorizedClient(this.clientRegistrationId, this.principalName))
-						.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(
+				() -> this.authorizedClientService.loadAuthorizedClient(this.clientRegistrationId, this.principalName));
 	}
 
 	@Test
 	public void loadAuthorizedClientWhenPrincipalNameEmptyThenIllegalArgumentException() {
 		this.principalName = "";
-		assertThatThrownBy(
-				() -> this.authorizedClientService.loadAuthorizedClient(this.clientRegistrationId, this.principalName))
-						.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(
+				() -> this.authorizedClientService.loadAuthorizedClient(this.clientRegistrationId, this.principalName));
 	}
 
 	@Test
@@ -145,8 +141,8 @@ public class InMemoryReactiveOAuth2AuthorizedClientServiceTests {
 	@Test
 	public void saveAuthorizedClientWhenAuthorizedClientNullThenIllegalArgumentException() {
 		OAuth2AuthorizedClient authorizedClient = null;
-		assertThatThrownBy(() -> this.authorizedClientService.saveAuthorizedClient(authorizedClient, this.principal))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.authorizedClientService.saveAuthorizedClient(authorizedClient, this.principal));
 	}
 
 	@Test
@@ -154,38 +150,36 @@ public class InMemoryReactiveOAuth2AuthorizedClientServiceTests {
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration,
 				this.principalName, this.accessToken);
 		this.principal = null;
-		assertThatThrownBy(() -> this.authorizedClientService.saveAuthorizedClient(authorizedClient, this.principal))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.authorizedClientService.saveAuthorizedClient(authorizedClient, this.principal));
 	}
 
 	@Test
 	public void removeAuthorizedClientWhenClientRegistrationIdNullThenIllegalArgumentException() {
 		this.clientRegistrationId = null;
-		assertThatThrownBy(
-				() -> this.authorizedClientService.loadAuthorizedClient(this.clientRegistrationId, this.principalName))
-						.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(
+				() -> this.authorizedClientService.loadAuthorizedClient(this.clientRegistrationId, this.principalName));
 	}
 
 	@Test
 	public void removeAuthorizedClientWhenClientRegistrationIdEmptyThenIllegalArgumentException() {
 		this.clientRegistrationId = "";
-		assertThatThrownBy(
-				() -> this.authorizedClientService.loadAuthorizedClient(this.clientRegistrationId, this.principalName))
-						.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(
+				() -> this.authorizedClientService.loadAuthorizedClient(this.clientRegistrationId, this.principalName));
 	}
 
 	@Test
 	public void removeAuthorizedClientWhenPrincipalNameNullThenIllegalArgumentException() {
 		this.principalName = null;
-		assertThatThrownBy(() -> this.authorizedClientService.removeAuthorizedClient(this.clientRegistrationId,
-				this.principalName)).isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.authorizedClientService
+				.removeAuthorizedClient(this.clientRegistrationId, this.principalName));
 	}
 
 	@Test
 	public void removeAuthorizedClientWhenPrincipalNameEmptyThenIllegalArgumentException() {
 		this.principalName = "";
-		assertThatThrownBy(() -> this.authorizedClientService.removeAuthorizedClient(this.clientRegistrationId,
-				this.principalName)).isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.authorizedClientService
+				.removeAuthorizedClient(this.clientRegistrationId, this.principalName));
 	}
 
 	@Test
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/JdbcOAuth2AuthorizedClientServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/JdbcOAuth2AuthorizedClientServiceTests.java
index 49b7fbb3fa..684f0bd59c 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/JdbcOAuth2AuthorizedClientServiceTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/JdbcOAuth2AuthorizedClientServiceTests.java
@@ -54,7 +54,8 @@ import org.springframework.util.Assert;
 import org.springframework.util.StringUtils;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.assertj.core.api.Assertions.within;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyInt;
@@ -103,40 +104,45 @@ public class JdbcOAuth2AuthorizedClientServiceTests {
 
 	@Test
 	public void constructorWhenJdbcOperationsIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> new JdbcOAuth2AuthorizedClientService(null, this.clientRegistrationRepository))
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("jdbcOperations cannot be null");
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new JdbcOAuth2AuthorizedClientService(null, this.clientRegistrationRepository))
+				.withMessage("jdbcOperations cannot be null");
 	}
 
 	@Test
 	public void constructorWhenClientRegistrationRepositoryIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> new JdbcOAuth2AuthorizedClientService(this.jdbcOperations, null))
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("clientRegistrationRepository cannot be null");
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new JdbcOAuth2AuthorizedClientService(this.jdbcOperations, null))
+				.withMessage("clientRegistrationRepository cannot be null");
 	}
 
 	@Test
 	public void setAuthorizedClientRowMapperWhenNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.authorizedClientService.setAuthorizedClientRowMapper(null))
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("authorizedClientRowMapper cannot be null");
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.authorizedClientService.setAuthorizedClientRowMapper(null))
+				.withMessage("authorizedClientRowMapper cannot be null");
 	}
 
 	@Test
 	public void setAuthorizedClientParametersMapperWhenNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.authorizedClientService.setAuthorizedClientParametersMapper(null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("authorizedClientParametersMapper cannot be null");
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.authorizedClientService.setAuthorizedClientParametersMapper(null))
+				.withMessage("authorizedClientParametersMapper cannot be null");
 	}
 
 	@Test
 	public void loadAuthorizedClientWhenClientRegistrationIdIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.authorizedClientService.loadAuthorizedClient(null, "principalName"))
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("clientRegistrationId cannot be empty");
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.authorizedClientService.loadAuthorizedClient(null, "principalName"))
+				.withMessage("clientRegistrationId cannot be empty");
 	}
 
 	@Test
 	public void loadAuthorizedClientWhenPrincipalNameIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.authorizedClientService
-				.loadAuthorizedClient(this.clientRegistration.getRegistrationId(), null))
-						.isInstanceOf(IllegalArgumentException.class).hasMessage("principalName cannot be empty");
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.authorizedClientService
+						.loadAuthorizedClient(this.clientRegistration.getRegistrationId(), null))
+				.withMessage("principalName cannot be empty");
 	}
 
 	@Test
@@ -177,26 +183,28 @@ public class JdbcOAuth2AuthorizedClientServiceTests {
 		Authentication principal = createPrincipal();
 		OAuth2AuthorizedClient expected = createAuthorizedClient(principal, this.clientRegistration);
 		this.authorizedClientService.saveAuthorizedClient(expected, principal);
-		assertThatThrownBy(() -> this.authorizedClientService
-				.loadAuthorizedClient(this.clientRegistration.getRegistrationId(), principal.getName()))
-						.isInstanceOf(DataRetrievalFailureException.class)
-						.hasMessage("The ClientRegistration with id '" + this.clientRegistration.getRegistrationId()
-								+ "' exists in the data source, however, it was not found in the ClientRegistrationRepository.");
+		assertThatExceptionOfType(DataRetrievalFailureException.class)
+				.isThrownBy(() -> this.authorizedClientService
+						.loadAuthorizedClient(this.clientRegistration.getRegistrationId(), principal.getName()))
+				.withMessage("The ClientRegistration with id '" + this.clientRegistration.getRegistrationId()
+						+ "' exists in the data source, however, it was not found in the ClientRegistrationRepository.");
 	}
 
 	@Test
 	public void saveAuthorizedClientWhenAuthorizedClientIsNullThenThrowIllegalArgumentException() {
 		Authentication principal = createPrincipal();
-		assertThatThrownBy(() -> this.authorizedClientService.saveAuthorizedClient(null, principal))
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("authorizedClient cannot be null");
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.authorizedClientService.saveAuthorizedClient(null, principal))
+				.withMessage("authorizedClient cannot be null");
 	}
 
 	@Test
 	public void saveAuthorizedClientWhenPrincipalIsNullThenThrowIllegalArgumentException() {
 		Authentication principal = createPrincipal();
 		OAuth2AuthorizedClient authorizedClient = createAuthorizedClient(principal, this.clientRegistration);
-		assertThatThrownBy(() -> this.authorizedClientService.saveAuthorizedClient(authorizedClient, null))
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("principal cannot be null");
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.authorizedClientService.saveAuthorizedClient(authorizedClient, null))
+				.withMessage("principal cannot be null");
 	}
 
 	@Test
@@ -293,15 +301,17 @@ public class JdbcOAuth2AuthorizedClientServiceTests {
 
 	@Test
 	public void removeAuthorizedClientWhenClientRegistrationIdIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.authorizedClientService.removeAuthorizedClient(null, "principalName"))
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("clientRegistrationId cannot be empty");
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.authorizedClientService.removeAuthorizedClient(null, "principalName"))
+				.withMessage("clientRegistrationId cannot be empty");
 	}
 
 	@Test
 	public void removeAuthorizedClientWhenPrincipalNameIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.authorizedClientService
-				.removeAuthorizedClient(this.clientRegistration.getRegistrationId(), null))
-						.isInstanceOf(IllegalArgumentException.class).hasMessage("principalName cannot be empty");
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.authorizedClientService
+						.removeAuthorizedClient(this.clientRegistration.getRegistrationId(), null))
+				.withMessage("principalName cannot be empty");
 	}
 
 	@Test
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizationContextTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizationContextTests.java
index 103fe77dce..b2bcab54ab 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizationContextTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizationContextTests.java
@@ -26,7 +26,7 @@ import org.springframework.security.oauth2.client.registration.TestClientRegistr
 import org.springframework.security.oauth2.core.TestOAuth2AccessTokens;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.assertj.core.api.Assertions.entry;
 
 /**
@@ -52,20 +52,23 @@ public class OAuth2AuthorizationContextTests {
 
 	@Test
 	public void withClientRegistrationWhenNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> OAuth2AuthorizationContext.withClientRegistration(null).build())
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("clientRegistration cannot be null");
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> OAuth2AuthorizationContext.withClientRegistration(null).build())
+				.withMessage("clientRegistration cannot be null");
 	}
 
 	@Test
 	public void withAuthorizedClientWhenNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> OAuth2AuthorizationContext.withAuthorizedClient(null).build())
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("authorizedClient cannot be null");
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> OAuth2AuthorizationContext.withAuthorizedClient(null).build())
+				.withMessage("authorizedClient cannot be null");
 	}
 
 	@Test
 	public void withClientRegistrationWhenPrincipalIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> OAuth2AuthorizationContext.withClientRegistration(this.clientRegistration).build())
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("principal cannot be null");
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> OAuth2AuthorizationContext.withClientRegistration(this.clientRegistration).build())
+				.withMessage("principal cannot be null");
 	}
 
 	@Test
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizeRequestTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizeRequestTests.java
index cf348d52cd..588f6283f5 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizeRequestTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizeRequestTests.java
@@ -26,7 +26,7 @@ import org.springframework.security.oauth2.core.TestOAuth2AccessTokens;
 import org.springframework.security.oauth2.core.TestOAuth2RefreshTokens;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.assertj.core.api.Assertions.entry;
 
 /**
@@ -46,28 +46,29 @@ public class OAuth2AuthorizeRequestTests {
 
 	@Test
 	public void withClientRegistrationIdWhenClientRegistrationIdIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> OAuth2AuthorizeRequest.withClientRegistrationId(null))
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("clientRegistrationId cannot be empty");
+		assertThatIllegalArgumentException().isThrownBy(() -> OAuth2AuthorizeRequest.withClientRegistrationId(null))
+				.withMessage("clientRegistrationId cannot be empty");
 	}
 
 	@Test
 	public void withAuthorizedClientWhenAuthorizedClientIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> OAuth2AuthorizeRequest.withAuthorizedClient(null))
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("authorizedClient cannot be null");
+		assertThatIllegalArgumentException().isThrownBy(() -> OAuth2AuthorizeRequest.withAuthorizedClient(null))
+				.withMessage("authorizedClient cannot be null");
 	}
 
 	@Test
 	public void withClientRegistrationIdWhenPrincipalIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> OAuth2AuthorizeRequest
-				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).build())
-						.isInstanceOf(IllegalArgumentException.class).hasMessage("principal cannot be null");
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> OAuth2AuthorizeRequest
+						.withClientRegistrationId(this.clientRegistration.getRegistrationId()).build())
+				.withMessage("principal cannot be null");
 	}
 
 	@Test
 	public void withClientRegistrationIdWhenPrincipalNameIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> OAuth2AuthorizeRequest
+		assertThatIllegalArgumentException().isThrownBy(() -> OAuth2AuthorizeRequest
 				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal((String) null).build())
-						.isInstanceOf(IllegalArgumentException.class).hasMessage("principalName cannot be empty");
+				.withMessage("principalName cannot be empty");
 	}
 
 	@Test
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientIdTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientIdTests.java
index 5a14d45854..f8a9cdf4de 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientIdTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientIdTests.java
@@ -19,7 +19,7 @@ package org.springframework.security.oauth2.client;
 import org.junit.Test;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * Tests for {@link OAuth2AuthorizedClientId}.
@@ -30,14 +30,14 @@ public class OAuth2AuthorizedClientIdTests {
 
 	@Test
 	public void constructorWhenRegistrationIdNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> new OAuth2AuthorizedClientId(null, "test-principal"))
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("clientRegistrationId cannot be empty");
+		assertThatIllegalArgumentException().isThrownBy(() -> new OAuth2AuthorizedClientId(null, "test-principal"))
+				.withMessage("clientRegistrationId cannot be empty");
 	}
 
 	@Test
 	public void constructorWhenPrincipalNameNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> new OAuth2AuthorizedClientId("test-client", null))
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("principalName cannot be empty");
+		assertThatIllegalArgumentException().isThrownBy(() -> new OAuth2AuthorizedClientId("test-client", null))
+				.withMessage("principalName cannot be empty");
 	}
 
 	@Test
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientProviderBuilderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientProviderBuilderTests.java
index c1639e420c..a9ad963963 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientProviderBuilderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientProviderBuilderTests.java
@@ -39,7 +39,8 @@ import org.springframework.security.oauth2.core.endpoint.TestOAuth2AccessTokenRe
 import org.springframework.web.client.RestOperations;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.BDDMockito.given;
@@ -82,8 +83,8 @@ public class OAuth2AuthorizedClientProviderBuilderTests {
 
 	@Test
 	public void providerWhenNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> OAuth2AuthorizedClientProviderBuilder.builder().provider(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> OAuth2AuthorizedClientProviderBuilder.builder().provider(null));
 	}
 
 	@Test
@@ -93,8 +94,8 @@ public class OAuth2AuthorizedClientProviderBuilderTests {
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
 				.withClientRegistration(TestClientRegistrations.clientRegistration().build()).principal(this.principal)
 				.build();
-		assertThatThrownBy(() -> authorizedClientProvider.authorize(authorizationContext))
-				.isInstanceOf(ClientAuthorizationRequiredException.class);
+		assertThatExceptionOfType(ClientAuthorizationRequiredException.class)
+				.isThrownBy(() -> authorizedClientProvider.authorize(authorizationContext));
 	}
 
 	@Test
@@ -155,8 +156,8 @@ public class OAuth2AuthorizedClientProviderBuilderTests {
 		// authorization_code
 		OAuth2AuthorizationContext authorizationCodeContext = OAuth2AuthorizationContext
 				.withClientRegistration(clientRegistration).principal(this.principal).build();
-		assertThatThrownBy(() -> authorizedClientProvider.authorize(authorizationCodeContext))
-				.isInstanceOf(ClientAuthorizationRequiredException.class);
+		assertThatExceptionOfType(ClientAuthorizationRequiredException.class)
+				.isThrownBy(() -> authorizedClientProvider.authorize(authorizationCodeContext));
 		// refresh_token
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(clientRegistration,
 				this.principal.getName(), expiredAccessToken(), TestOAuth2RefreshTokens.refreshToken());
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/PasswordOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/PasswordOAuth2AuthorizedClientProviderTests.java
index 8ded488091..e172c65b1c 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/PasswordOAuth2AuthorizedClientProviderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/PasswordOAuth2AuthorizedClientProviderTests.java
@@ -34,7 +34,7 @@ import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenRespon
 import org.springframework.security.oauth2.core.endpoint.TestOAuth2AccessTokenResponses;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
@@ -65,32 +65,34 @@ public class PasswordOAuth2AuthorizedClientProviderTests {
 
 	@Test
 	public void setAccessTokenResponseClientWhenClientIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.authorizedClientProvider.setAccessTokenResponseClient(null))
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("accessTokenResponseClient cannot be null");
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.authorizedClientProvider.setAccessTokenResponseClient(null))
+				.withMessage("accessTokenResponseClient cannot be null");
 	}
 
 	@Test
 	public void setClockSkewWhenNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.authorizedClientProvider.setClockSkew(null))
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("clockSkew cannot be null");
+		assertThatIllegalArgumentException().isThrownBy(() -> this.authorizedClientProvider.setClockSkew(null))
+				.withMessage("clockSkew cannot be null");
 	}
 
 	@Test
 	public void setClockSkewWhenNegativeSecondsThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.authorizedClientProvider.setClockSkew(Duration.ofSeconds(-1)))
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("clockSkew must be >= 0");
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.authorizedClientProvider.setClockSkew(Duration.ofSeconds(-1)))
+				.withMessage("clockSkew must be >= 0");
 	}
 
 	@Test
 	public void setClockWhenNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.authorizedClientProvider.setClock(null))
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("clock cannot be null");
+		assertThatIllegalArgumentException().isThrownBy(() -> this.authorizedClientProvider.setClock(null))
+				.withMessage("clock cannot be null");
 	}
 
 	@Test
 	public void authorizeWhenContextIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.authorizedClientProvider.authorize(null))
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("context cannot be null");
+		assertThatIllegalArgumentException().isThrownBy(() -> this.authorizedClientProvider.authorize(null))
+				.withMessage("context cannot be null");
 	}
 
 	@Test
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/PasswordReactiveOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/PasswordReactiveOAuth2AuthorizedClientProviderTests.java
index 53f11ad2db..e54dc285fc 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/PasswordReactiveOAuth2AuthorizedClientProviderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/PasswordReactiveOAuth2AuthorizedClientProviderTests.java
@@ -35,7 +35,7 @@ import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenRespon
 import org.springframework.security.oauth2.core.endpoint.TestOAuth2AccessTokenResponses;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
@@ -66,32 +66,34 @@ public class PasswordReactiveOAuth2AuthorizedClientProviderTests {
 
 	@Test
 	public void setAccessTokenResponseClientWhenClientIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.authorizedClientProvider.setAccessTokenResponseClient(null))
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("accessTokenResponseClient cannot be null");
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.authorizedClientProvider.setAccessTokenResponseClient(null))
+				.withMessage("accessTokenResponseClient cannot be null");
 	}
 
 	@Test
 	public void setClockSkewWhenNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.authorizedClientProvider.setClockSkew(null))
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("clockSkew cannot be null");
+		assertThatIllegalArgumentException().isThrownBy(() -> this.authorizedClientProvider.setClockSkew(null))
+				.withMessage("clockSkew cannot be null");
 	}
 
 	@Test
 	public void setClockSkewWhenNegativeSecondsThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.authorizedClientProvider.setClockSkew(Duration.ofSeconds(-1)))
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("clockSkew must be >= 0");
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.authorizedClientProvider.setClockSkew(Duration.ofSeconds(-1)))
+				.withMessage("clockSkew must be >= 0");
 	}
 
 	@Test
 	public void setClockWhenNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.authorizedClientProvider.setClock(null))
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("clock cannot be null");
+		assertThatIllegalArgumentException().isThrownBy(() -> this.authorizedClientProvider.setClock(null))
+				.withMessage("clock cannot be null");
 	}
 
 	@Test
 	public void authorizeWhenContextIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.authorizedClientProvider.authorize(null).block())
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("context cannot be null");
+		assertThatIllegalArgumentException().isThrownBy(() -> this.authorizedClientProvider.authorize(null).block())
+				.withMessage("context cannot be null");
 	}
 
 	@Test
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientProviderBuilderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientProviderBuilderTests.java
index a43dba1211..b555ffc3e3 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientProviderBuilderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientProviderBuilderTests.java
@@ -38,7 +38,8 @@ import org.springframework.security.oauth2.core.OAuth2AccessToken;
 import org.springframework.security.oauth2.core.TestOAuth2RefreshTokens;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
@@ -73,8 +74,8 @@ public class ReactiveOAuth2AuthorizedClientProviderBuilderTests {
 
 	@Test
 	public void providerWhenNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> ReactiveOAuth2AuthorizedClientProviderBuilder.builder().provider(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> ReactiveOAuth2AuthorizedClientProviderBuilder.builder().provider(null));
 	}
 
 	@Test
@@ -83,8 +84,8 @@ public class ReactiveOAuth2AuthorizedClientProviderBuilderTests {
 				.builder().authorizationCode().build();
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
 				.withClientRegistration(this.clientRegistrationBuilder.build()).principal(this.principal).build();
-		assertThatThrownBy(() -> authorizedClientProvider.authorize(authorizationContext).block())
-				.isInstanceOf(ClientAuthorizationRequiredException.class);
+		assertThatExceptionOfType(ClientAuthorizationRequiredException.class)
+				.isThrownBy(() -> authorizedClientProvider.authorize(authorizationContext).block());
 	}
 
 	@Test
@@ -157,8 +158,8 @@ public class ReactiveOAuth2AuthorizedClientProviderBuilderTests {
 		// authorization_code
 		OAuth2AuthorizationContext authorizationCodeContext = OAuth2AuthorizationContext
 				.withClientRegistration(this.clientRegistrationBuilder.build()).principal(this.principal).build();
-		assertThatThrownBy(() -> authorizedClientProvider.authorize(authorizationCodeContext).block())
-				.isInstanceOf(ClientAuthorizationRequiredException.class);
+		assertThatExceptionOfType(ClientAuthorizationRequiredException.class)
+				.isThrownBy(() -> authorizedClientProvider.authorize(authorizationCodeContext).block());
 		// refresh_token
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistrationBuilder.build(),
 				this.principal.getName(), expiredAccessToken(), TestOAuth2RefreshTokens.refreshToken());
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/RefreshTokenOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/RefreshTokenOAuth2AuthorizedClientProviderTests.java
index ee63d83c36..8451e115cb 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/RefreshTokenOAuth2AuthorizedClientProviderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/RefreshTokenOAuth2AuthorizedClientProviderTests.java
@@ -38,7 +38,7 @@ import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenRespon
 import org.springframework.security.oauth2.core.endpoint.TestOAuth2AccessTokenResponses;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
@@ -78,32 +78,34 @@ public class RefreshTokenOAuth2AuthorizedClientProviderTests {
 
 	@Test
 	public void setAccessTokenResponseClientWhenClientIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.authorizedClientProvider.setAccessTokenResponseClient(null))
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("accessTokenResponseClient cannot be null");
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.authorizedClientProvider.setAccessTokenResponseClient(null))
+				.withMessage("accessTokenResponseClient cannot be null");
 	}
 
 	@Test
 	public void setClockSkewWhenNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.authorizedClientProvider.setClockSkew(null))
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("clockSkew cannot be null");
+		assertThatIllegalArgumentException().isThrownBy(() -> this.authorizedClientProvider.setClockSkew(null))
+				.withMessage("clockSkew cannot be null");
 	}
 
 	@Test
 	public void setClockSkewWhenNegativeSecondsThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.authorizedClientProvider.setClockSkew(Duration.ofSeconds(-1)))
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("clockSkew must be >= 0");
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.authorizedClientProvider.setClockSkew(Duration.ofSeconds(-1)))
+				.withMessage("clockSkew must be >= 0");
 	}
 
 	@Test
 	public void setClockWhenNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.authorizedClientProvider.setClock(null))
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("clock cannot be null");
+		assertThatIllegalArgumentException().isThrownBy(() -> this.authorizedClientProvider.setClock(null))
+				.withMessage("clock cannot be null");
 	}
 
 	@Test
 	public void authorizeWhenContextIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.authorizedClientProvider.authorize(null))
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("context cannot be null");
+		assertThatIllegalArgumentException().isThrownBy(() -> this.authorizedClientProvider.authorize(null))
+				.withMessage("context cannot be null");
 	}
 
 	@Test
@@ -193,9 +195,9 @@ public class RefreshTokenOAuth2AuthorizedClientProviderTests {
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
 				.withAuthorizedClient(this.authorizedClient).principal(this.principal)
 				.attribute(OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME, invalidRequestScope).build();
-		assertThatThrownBy(() -> this.authorizedClientProvider.authorize(authorizationContext))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessageStartingWith("The context attribute must be of type String[] '"
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.authorizedClientProvider.authorize(authorizationContext))
+				.withMessageStartingWith("The context attribute must be of type String[] '"
 						+ OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME + "'");
 	}
 
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/RefreshTokenReactiveOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/RefreshTokenReactiveOAuth2AuthorizedClientProviderTests.java
index 07dcd2b7a1..3b62858747 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/RefreshTokenReactiveOAuth2AuthorizedClientProviderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/RefreshTokenReactiveOAuth2AuthorizedClientProviderTests.java
@@ -39,7 +39,7 @@ import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenRespon
 import org.springframework.security.oauth2.core.endpoint.TestOAuth2AccessTokenResponses;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
@@ -79,32 +79,34 @@ public class RefreshTokenReactiveOAuth2AuthorizedClientProviderTests {
 
 	@Test
 	public void setAccessTokenResponseClientWhenClientIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.authorizedClientProvider.setAccessTokenResponseClient(null))
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("accessTokenResponseClient cannot be null");
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.authorizedClientProvider.setAccessTokenResponseClient(null))
+				.withMessage("accessTokenResponseClient cannot be null");
 	}
 
 	@Test
 	public void setClockSkewWhenNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.authorizedClientProvider.setClockSkew(null))
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("clockSkew cannot be null");
+		assertThatIllegalArgumentException().isThrownBy(() -> this.authorizedClientProvider.setClockSkew(null))
+				.withMessage("clockSkew cannot be null");
 	}
 
 	@Test
 	public void setClockSkewWhenNegativeSecondsThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.authorizedClientProvider.setClockSkew(Duration.ofSeconds(-1)))
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("clockSkew must be >= 0");
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.authorizedClientProvider.setClockSkew(Duration.ofSeconds(-1)))
+				.withMessage("clockSkew must be >= 0");
 	}
 
 	@Test
 	public void setClockWhenNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.authorizedClientProvider.setClock(null))
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("clock cannot be null");
+		assertThatIllegalArgumentException().isThrownBy(() -> this.authorizedClientProvider.setClock(null))
+				.withMessage("clock cannot be null");
 	}
 
 	@Test
 	public void authorizeWhenContextIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.authorizedClientProvider.authorize(null).block())
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("context cannot be null");
+		assertThatIllegalArgumentException().isThrownBy(() -> this.authorizedClientProvider.authorize(null).block())
+				.withMessage("context cannot be null");
 	}
 
 	@Test
@@ -196,9 +198,9 @@ public class RefreshTokenReactiveOAuth2AuthorizedClientProviderTests {
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
 				.withAuthorizedClient(this.authorizedClient).principal(this.principal)
 				.attribute(OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME, invalidRequestScope).build();
-		assertThatThrownBy(() -> this.authorizedClientProvider.authorize(authorizationContext).block())
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessageStartingWith("The context attribute must be of type String[] '"
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.authorizedClientProvider.authorize(authorizationContext).block())
+				.withMessageStartingWith("The context attribute must be of type String[] '"
 						+ OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME + "'");
 	}
 
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationProviderTests.java
index 251dbb8fc9..2ff9683ef4 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationProviderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationProviderTests.java
@@ -38,7 +38,8 @@ import org.springframework.security.oauth2.core.endpoint.TestOAuth2Authorization
 import org.springframework.security.oauth2.core.endpoint.TestOAuth2AuthorizationResponses;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
@@ -69,8 +70,7 @@ public class OAuth2AuthorizationCodeAuthenticationProviderTests {
 
 	@Test
 	public void constructorWhenAccessTokenResponseClientIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> new OAuth2AuthorizationCodeAuthenticationProvider(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> new OAuth2AuthorizationCodeAuthenticationProvider(null));
 	}
 
 	@Test
@@ -84,10 +84,10 @@ public class OAuth2AuthorizationCodeAuthenticationProviderTests {
 				.errorCode(OAuth2ErrorCodes.INVALID_REQUEST).build();
 		OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(this.authorizationRequest,
 				authorizationResponse);
-		assertThatThrownBy(() -> this.authenticationProvider.authenticate(
-				new OAuth2AuthorizationCodeAuthenticationToken(this.clientRegistration, authorizationExchange)))
-						.isInstanceOf(OAuth2AuthorizationException.class)
-						.hasMessageContaining(OAuth2ErrorCodes.INVALID_REQUEST);
+		assertThatExceptionOfType(OAuth2AuthorizationException.class)
+				.isThrownBy(() -> this.authenticationProvider.authenticate(
+						new OAuth2AuthorizationCodeAuthenticationToken(this.clientRegistration, authorizationExchange)))
+				.withMessageContaining(OAuth2ErrorCodes.INVALID_REQUEST);
 	}
 
 	@Test
@@ -96,10 +96,10 @@ public class OAuth2AuthorizationCodeAuthenticationProviderTests {
 				.build();
 		OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(this.authorizationRequest,
 				authorizationResponse);
-		assertThatThrownBy(() -> this.authenticationProvider.authenticate(
-				new OAuth2AuthorizationCodeAuthenticationToken(this.clientRegistration, authorizationExchange)))
-						.isInstanceOf(OAuth2AuthorizationException.class)
-						.hasMessageContaining("invalid_state_parameter");
+		assertThatExceptionOfType(OAuth2AuthorizationException.class)
+				.isThrownBy(() -> this.authenticationProvider.authenticate(
+						new OAuth2AuthorizationCodeAuthenticationToken(this.clientRegistration, authorizationExchange)))
+				.withMessageContaining("invalid_state_parameter");
 	}
 
 	@Test
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationTokenTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationTokenTests.java
index c93b774a3c..b96992ea85 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationTokenTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationTokenTests.java
@@ -30,7 +30,7 @@ import org.springframework.security.oauth2.core.endpoint.TestOAuth2Authorization
 import org.springframework.security.oauth2.core.endpoint.TestOAuth2AuthorizationResponses;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * Tests for {@link OAuth2AuthorizationCodeAuthenticationToken}.
@@ -55,14 +55,14 @@ public class OAuth2AuthorizationCodeAuthenticationTokenTests {
 
 	@Test
 	public void constructorAuthorizationRequestResponseWhenClientRegistrationIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> new OAuth2AuthorizationCodeAuthenticationToken(null, this.authorizationExchange))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new OAuth2AuthorizationCodeAuthenticationToken(null, this.authorizationExchange));
 	}
 
 	@Test
 	public void constructorAuthorizationRequestResponseWhenAuthorizationExchangeIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> new OAuth2AuthorizationCodeAuthenticationToken(this.clientRegistration, null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new OAuth2AuthorizationCodeAuthenticationToken(this.clientRegistration, null));
 	}
 
 	@Test
@@ -81,21 +81,21 @@ public class OAuth2AuthorizationCodeAuthenticationTokenTests {
 
 	@Test
 	public void constructorTokenRequestResponseWhenClientRegistrationIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> new OAuth2AuthorizationCodeAuthenticationToken(null, this.authorizationExchange,
-				this.accessToken)).isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> new OAuth2AuthorizationCodeAuthenticationToken(null,
+				this.authorizationExchange, this.accessToken));
 	}
 
 	@Test
 	public void constructorTokenRequestResponseWhenAuthorizationExchangeIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(
-				() -> new OAuth2AuthorizationCodeAuthenticationToken(this.clientRegistration, null, this.accessToken))
-						.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(
+				() -> new OAuth2AuthorizationCodeAuthenticationToken(this.clientRegistration, null, this.accessToken));
 	}
 
 	@Test
 	public void constructorTokenRequestResponseWhenAccessTokenIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> new OAuth2AuthorizationCodeAuthenticationToken(this.clientRegistration,
-				this.authorizationExchange, null)).isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new OAuth2AuthorizationCodeAuthenticationToken(this.clientRegistration,
+						this.authorizationExchange, null));
 	}
 
 	@Test
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeReactiveAuthenticationManagerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeReactiveAuthenticationManagerTests.java
index 459ac5c5b9..91731b0642 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeReactiveAuthenticationManagerTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeReactiveAuthenticationManagerTests.java
@@ -38,7 +38,7 @@ import org.springframework.security.oauth2.core.endpoint.TestOAuth2Authorization
 import org.springframework.security.oauth2.core.endpoint.TestOAuth2AuthorizationResponses;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatCode;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.BDDMockito.given;
 
@@ -70,13 +70,13 @@ public class OAuth2AuthorizationCodeReactiveAuthenticationManagerTests {
 	@Test
 	public void authenticateWhenErrorThenOAuth2AuthorizationException() {
 		this.authorizationResponse = TestOAuth2AuthorizationResponses.error();
-		assertThatCode(() -> authenticate()).isInstanceOf(OAuth2AuthorizationException.class);
+		assertThatExceptionOfType(OAuth2AuthorizationException.class).isThrownBy(() -> authenticate());
 	}
 
 	@Test
 	public void authenticateWhenStateNotEqualThenOAuth2AuthorizationException() {
 		this.authorizationRequest.state("notequal");
-		assertThatCode(() -> authenticate()).isInstanceOf(OAuth2AuthorizationException.class);
+		assertThatExceptionOfType(OAuth2AuthorizationException.class).isThrownBy(() -> authenticate());
 	}
 
 	@Test
@@ -97,7 +97,7 @@ public class OAuth2AuthorizationCodeReactiveAuthenticationManagerTests {
 	public void authenticateWhenOAuth2AuthorizationExceptionThenOAuth2AuthorizationException() {
 		given(this.accessTokenResponseClient.getTokenResponse(any()))
 				.willReturn(Mono.error(() -> new OAuth2AuthorizationException(new OAuth2Error("error"))));
-		assertThatCode(() -> authenticate()).isInstanceOf(OAuth2AuthorizationException.class);
+		assertThatExceptionOfType(OAuth2AuthorizationException.class).isThrownBy(() -> authenticate());
 	}
 
 	private OAuth2AuthorizationCodeAuthenticationToken authenticate() {
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginReactiveAuthenticationManagerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginReactiveAuthenticationManagerTests.java
index 9309ba2db3..d6e5acd127 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginReactiveAuthenticationManagerTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginReactiveAuthenticationManagerTests.java
@@ -52,8 +52,8 @@ import org.springframework.security.oauth2.core.user.DefaultOAuth2User;
 import org.springframework.security.oauth2.core.user.OAuth2User;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatCode;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyCollection;
 import static org.mockito.BDDMockito.given;
@@ -90,22 +90,20 @@ public class OAuth2LoginReactiveAuthenticationManagerTests {
 	@Test
 	public void constructorWhenNullAccessTokenResponseClientThenIllegalArgumentException() {
 		this.accessTokenResponseClient = null;
-		assertThatThrownBy(
-				() -> new OAuth2LoginReactiveAuthenticationManager(this.accessTokenResponseClient, this.userService))
-						.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(
+				() -> new OAuth2LoginReactiveAuthenticationManager(this.accessTokenResponseClient, this.userService));
 	}
 
 	@Test
 	public void constructorWhenNullUserServiceThenIllegalArgumentException() {
 		this.userService = null;
-		assertThatThrownBy(
-				() -> new OAuth2LoginReactiveAuthenticationManager(this.accessTokenResponseClient, this.userService))
-						.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(
+				() -> new OAuth2LoginReactiveAuthenticationManager(this.accessTokenResponseClient, this.userService));
 	}
 
 	@Test
 	public void setAuthoritiesMapperWhenAuthoritiesMapperIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.manager.setAuthoritiesMapper(null)).isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.manager.setAuthoritiesMapper(null));
 	}
 
 	@Test
@@ -113,8 +111,8 @@ public class OAuth2LoginReactiveAuthenticationManagerTests {
 		// we didn't do anything because it should cause a ClassCastException (as verified
 		// below)
 		TestingAuthenticationToken token = new TestingAuthenticationToken("a", "b");
-		assertThatCode(() -> this.manager.authenticate(token)).doesNotThrowAnyException();
-		assertThatThrownBy(() -> this.manager.authenticate(token).block()).isInstanceOf(Throwable.class);
+		this.manager.authenticate(token);
+		assertThatExceptionOfType(Throwable.class).isThrownBy(() -> this.manager.authenticate(token).block());
 	}
 
 	@Test
@@ -127,15 +125,15 @@ public class OAuth2LoginReactiveAuthenticationManagerTests {
 	@Test
 	public void authenticationWhenErrorThenOAuth2AuthenticationException() {
 		this.authorizationResponseBldr = OAuth2AuthorizationResponse.error("error").state("state");
-		assertThatThrownBy(() -> this.manager.authenticate(loginToken()).block())
-				.isInstanceOf(OAuth2AuthenticationException.class);
+		assertThatExceptionOfType(OAuth2AuthenticationException.class)
+				.isThrownBy(() -> this.manager.authenticate(loginToken()).block());
 	}
 
 	@Test
 	public void authenticationWhenStateDoesNotMatchThenOAuth2AuthenticationException() {
 		this.authorizationResponseBldr.state("notmatch");
-		assertThatThrownBy(() -> this.manager.authenticate(loginToken()).block())
-				.isInstanceOf(OAuth2AuthenticationException.class);
+		assertThatExceptionOfType(OAuth2AuthenticationException.class)
+				.isThrownBy(() -> this.manager.authenticate(loginToken()).block());
 	}
 
 	@Test
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultAuthorizationCodeTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultAuthorizationCodeTokenResponseClientTests.java
index 9338e165b5..70d488ae33 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultAuthorizationCodeTokenResponseClientTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultAuthorizationCodeTokenResponseClientTests.java
@@ -39,7 +39,8 @@ import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequ
 import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * Tests for {@link DefaultAuthorizationCodeTokenResponseClient}.
@@ -74,20 +75,17 @@ public class DefaultAuthorizationCodeTokenResponseClientTests {
 
 	@Test
 	public void setRequestEntityConverterWhenConverterIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.tokenResponseClient.setRequestEntityConverter(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.tokenResponseClient.setRequestEntityConverter(null));
 	}
 
 	@Test
 	public void setRestOperationsWhenRestOperationsIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.tokenResponseClient.setRestOperations(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.tokenResponseClient.setRestOperations(null));
 	}
 
 	@Test
 	public void getTokenResponseWhenRequestIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.tokenResponseClient.getTokenResponse(null));
 	}
 
 	@Test
@@ -151,22 +149,22 @@ public class DefaultAuthorizationCodeTokenResponseClientTests {
 		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
 				+ "   \"token_type\": \"not-bearer\",\n" + "   \"expires_in\": \"3600\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
-		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(this.authorizationCodeGrantRequest()))
-				.isInstanceOf(OAuth2AuthorizationException.class)
-				.hasMessageContaining(
+		assertThatExceptionOfType(OAuth2AuthorizationException.class)
+				.isThrownBy(() -> this.tokenResponseClient.getTokenResponse(this.authorizationCodeGrantRequest()))
+				.withMessageContaining(
 						"[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response")
-				.hasMessageContaining("tokenType cannot be null");
+				.withMessageContaining("tokenType cannot be null");
 	}
 
 	@Test
 	public void getTokenResponseWhenSuccessResponseAndMissingTokenTypeParameterThenThrowOAuth2AuthorizationException() {
 		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
-		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(this.authorizationCodeGrantRequest()))
-				.isInstanceOf(OAuth2AuthorizationException.class)
-				.hasMessageContaining(
+		assertThatExceptionOfType(OAuth2AuthorizationException.class)
+				.isThrownBy(() -> this.tokenResponseClient.getTokenResponse(this.authorizationCodeGrantRequest()))
+				.withMessageContaining(
 						"[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response")
-				.hasMessageContaining("tokenType cannot be null");
+				.withMessageContaining("tokenType cannot be null");
 	}
 
 	@Test
@@ -195,8 +193,9 @@ public class DefaultAuthorizationCodeTokenResponseClientTests {
 	public void getTokenResponseWhenTokenUriInvalidThenThrowOAuth2AuthorizationException() {
 		String invalidTokenUri = "https://invalid-provider.com/oauth2/token";
 		ClientRegistration clientRegistration = this.from(this.clientRegistration).tokenUri(invalidTokenUri).build();
-		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(this.authorizationCodeGrantRequest(
-				clientRegistration))).isInstanceOf(OAuth2AuthorizationException.class).hasMessageContaining(
+		assertThatExceptionOfType(OAuth2AuthorizationException.class).isThrownBy(
+				() -> this.tokenResponseClient.getTokenResponse(this.authorizationCodeGrantRequest(clientRegistration)))
+				.withMessageContaining(
 						"[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response");
 	}
 
@@ -209,8 +208,9 @@ public class DefaultAuthorizationCodeTokenResponseClientTests {
 				+ "   \"custom_parameter_2\": \"custom-value-2\"\n";
 		// "}\n"; // Make the JSON invalid/malformed
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
-		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(this.authorizationCodeGrantRequest()))
-				.isInstanceOf(OAuth2AuthorizationException.class).hasMessageContaining(
+		assertThatExceptionOfType(OAuth2AuthorizationException.class)
+				.isThrownBy(() -> this.tokenResponseClient.getTokenResponse(this.authorizationCodeGrantRequest()))
+				.withMessageContaining(
 						"[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response");
 	}
 
@@ -218,16 +218,18 @@ public class DefaultAuthorizationCodeTokenResponseClientTests {
 	public void getTokenResponseWhenErrorResponseThenThrowOAuth2AuthorizationException() {
 		String accessTokenErrorResponse = "{\n" + "   \"error\": \"unauthorized_client\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(accessTokenErrorResponse).setResponseCode(400));
-		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(this.authorizationCodeGrantRequest()))
-				.isInstanceOf(OAuth2AuthorizationException.class).hasMessageContaining("[unauthorized_client]");
+		assertThatExceptionOfType(OAuth2AuthorizationException.class)
+				.isThrownBy(() -> this.tokenResponseClient.getTokenResponse(this.authorizationCodeGrantRequest()))
+				.withMessageContaining("[unauthorized_client]");
 	}
 
 	@Test
 	public void getTokenResponseWhenServerErrorResponseThenThrowOAuth2AuthorizationException() {
 		this.server.enqueue(new MockResponse().setResponseCode(500));
-		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(this.authorizationCodeGrantRequest()))
-				.isInstanceOf(OAuth2AuthorizationException.class).hasMessageContaining(
-						"[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response");
+		assertThatExceptionOfType(OAuth2AuthorizationException.class)
+				.isThrownBy(() -> this.tokenResponseClient.getTokenResponse(this.authorizationCodeGrantRequest()))
+				.withMessageContaining("[invalid_token_response] An error occurred while attempting to retrieve "
+						+ "the OAuth 2.0 Access Token Response");
 	}
 
 	private OAuth2AuthorizationCodeGrantRequest authorizationCodeGrantRequest() {
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultClientCredentialsTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultClientCredentialsTokenResponseClientTests.java
index a7e28cf954..6e0875ec79 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultClientCredentialsTokenResponseClientTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultClientCredentialsTokenResponseClientTests.java
@@ -36,7 +36,8 @@ import org.springframework.security.oauth2.core.OAuth2AuthorizationException;
 import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * Tests for {@link DefaultClientCredentialsTokenResponseClient}.
@@ -69,20 +70,17 @@ public class DefaultClientCredentialsTokenResponseClientTests {
 
 	@Test
 	public void setRequestEntityConverterWhenConverterIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.tokenResponseClient.setRequestEntityConverter(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.tokenResponseClient.setRequestEntityConverter(null));
 	}
 
 	@Test
 	public void setRestOperationsWhenRestOperationsIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.tokenResponseClient.setRestOperations(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.tokenResponseClient.setRestOperations(null));
 	}
 
 	@Test
 	public void getTokenResponseWhenRequestIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.tokenResponseClient.getTokenResponse(null));
 	}
 
 	@Test
@@ -152,11 +150,11 @@ public class DefaultClientCredentialsTokenResponseClientTests {
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
 		OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest = new OAuth2ClientCredentialsGrantRequest(
 				this.clientRegistration);
-		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(clientCredentialsGrantRequest))
-				.isInstanceOf(OAuth2AuthorizationException.class)
-				.hasMessageContaining(
+		assertThatExceptionOfType(OAuth2AuthorizationException.class)
+				.isThrownBy(() -> this.tokenResponseClient.getTokenResponse(clientCredentialsGrantRequest))
+				.withMessageContaining(
 						"[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response")
-				.hasMessageContaining("tokenType cannot be null");
+				.withMessageContaining("tokenType cannot be null");
 	}
 
 	@Test
@@ -165,11 +163,11 @@ public class DefaultClientCredentialsTokenResponseClientTests {
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
 		OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest = new OAuth2ClientCredentialsGrantRequest(
 				this.clientRegistration);
-		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(clientCredentialsGrantRequest))
-				.isInstanceOf(OAuth2AuthorizationException.class)
-				.hasMessageContaining(
+		assertThatExceptionOfType(OAuth2AuthorizationException.class)
+				.isThrownBy(() -> this.tokenResponseClient.getTokenResponse(clientCredentialsGrantRequest))
+				.withMessageContaining(
 						"[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response")
-				.hasMessageContaining("tokenType cannot be null");
+				.withMessageContaining("tokenType cannot be null");
 	}
 
 	@Test
@@ -203,8 +201,9 @@ public class DefaultClientCredentialsTokenResponseClientTests {
 		ClientRegistration clientRegistration = this.from(this.clientRegistration).tokenUri(invalidTokenUri).build();
 		OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest = new OAuth2ClientCredentialsGrantRequest(
 				clientRegistration);
-		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(clientCredentialsGrantRequest))
-				.isInstanceOf(OAuth2AuthorizationException.class).hasMessageContaining(
+		assertThatExceptionOfType(OAuth2AuthorizationException.class)
+				.isThrownBy(() -> this.tokenResponseClient.getTokenResponse(clientCredentialsGrantRequest))
+				.withMessageContaining(
 						"[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response");
 	}
 
@@ -218,8 +217,9 @@ public class DefaultClientCredentialsTokenResponseClientTests {
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
 		OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest = new OAuth2ClientCredentialsGrantRequest(
 				this.clientRegistration);
-		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(clientCredentialsGrantRequest))
-				.isInstanceOf(OAuth2AuthorizationException.class).hasMessageContaining(
+		assertThatExceptionOfType(OAuth2AuthorizationException.class)
+				.isThrownBy(() -> this.tokenResponseClient.getTokenResponse(clientCredentialsGrantRequest))
+				.withMessageContaining(
 						"[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response");
 	}
 
@@ -229,8 +229,9 @@ public class DefaultClientCredentialsTokenResponseClientTests {
 		this.server.enqueue(jsonResponse(accessTokenErrorResponse).setResponseCode(400));
 		OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest = new OAuth2ClientCredentialsGrantRequest(
 				this.clientRegistration);
-		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(clientCredentialsGrantRequest))
-				.isInstanceOf(OAuth2AuthorizationException.class).hasMessageContaining("[unauthorized_client]");
+		assertThatExceptionOfType(OAuth2AuthorizationException.class)
+				.isThrownBy(() -> this.tokenResponseClient.getTokenResponse(clientCredentialsGrantRequest))
+				.withMessageContaining("[unauthorized_client]");
 	}
 
 	@Test
@@ -238,8 +239,9 @@ public class DefaultClientCredentialsTokenResponseClientTests {
 		this.server.enqueue(new MockResponse().setResponseCode(500));
 		OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest = new OAuth2ClientCredentialsGrantRequest(
 				this.clientRegistration);
-		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(clientCredentialsGrantRequest))
-				.isInstanceOf(OAuth2AuthorizationException.class).hasMessageContaining(
+		assertThatExceptionOfType(OAuth2AuthorizationException.class)
+				.isThrownBy(() -> this.tokenResponseClient.getTokenResponse(clientCredentialsGrantRequest))
+				.withMessageContaining(
 						"[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response");
 	}
 
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultPasswordTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultPasswordTokenResponseClientTests.java
index 31e196cf00..e838ef4701 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultPasswordTokenResponseClientTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultPasswordTokenResponseClientTests.java
@@ -37,7 +37,8 @@ import org.springframework.security.oauth2.core.OAuth2AuthorizationException;
 import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * Tests for {@link DefaultPasswordTokenResponseClient}.
@@ -72,20 +73,17 @@ public class DefaultPasswordTokenResponseClientTests {
 
 	@Test
 	public void setRequestEntityConverterWhenConverterIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.tokenResponseClient.setRequestEntityConverter(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.tokenResponseClient.setRequestEntityConverter(null));
 	}
 
 	@Test
 	public void setRestOperationsWhenRestOperationsIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.tokenResponseClient.setRestOperations(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.tokenResponseClient.setRestOperations(null));
 	}
 
 	@Test
 	public void getTokenResponseWhenRequestIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.tokenResponseClient.getTokenResponse(null));
 	}
 
 	@Test
@@ -141,11 +139,11 @@ public class DefaultPasswordTokenResponseClientTests {
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
 		OAuth2PasswordGrantRequest passwordGrantRequest = new OAuth2PasswordGrantRequest(
 				this.clientRegistrationBuilder.build(), this.username, this.password);
-		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(passwordGrantRequest))
-				.isInstanceOf(OAuth2AuthorizationException.class)
-				.hasMessageContaining(
+		assertThatExceptionOfType(OAuth2AuthorizationException.class)
+				.isThrownBy(() -> this.tokenResponseClient.getTokenResponse(passwordGrantRequest))
+				.withMessageContaining(
 						"[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response")
-				.hasMessageContaining("tokenType cannot be null");
+				.withMessageContaining("tokenType cannot be null");
 	}
 
 	@Test
@@ -169,8 +167,9 @@ public class DefaultPasswordTokenResponseClientTests {
 		this.server.enqueue(jsonResponse(accessTokenErrorResponse).setResponseCode(400));
 		OAuth2PasswordGrantRequest passwordGrantRequest = new OAuth2PasswordGrantRequest(
 				this.clientRegistrationBuilder.build(), this.username, this.password);
-		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(passwordGrantRequest))
-				.isInstanceOf(OAuth2AuthorizationException.class).hasMessageContaining("[unauthorized_client]");
+		assertThatExceptionOfType(OAuth2AuthorizationException.class)
+				.isThrownBy(() -> this.tokenResponseClient.getTokenResponse(passwordGrantRequest))
+				.withMessageContaining("[unauthorized_client]");
 	}
 
 	@Test
@@ -178,9 +177,10 @@ public class DefaultPasswordTokenResponseClientTests {
 		this.server.enqueue(new MockResponse().setResponseCode(500));
 		OAuth2PasswordGrantRequest passwordGrantRequest = new OAuth2PasswordGrantRequest(
 				this.clientRegistrationBuilder.build(), this.username, this.password);
-		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(passwordGrantRequest))
-				.isInstanceOf(OAuth2AuthorizationException.class).hasMessageContaining(
-						"[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response");
+		assertThatExceptionOfType(OAuth2AuthorizationException.class)
+				.isThrownBy(() -> this.tokenResponseClient.getTokenResponse(passwordGrantRequest))
+				.withMessageContaining("[invalid_token_response] An error occurred while attempting to "
+						+ "retrieve the OAuth 2.0 Access Token Response");
 	}
 
 	private MockResponse jsonResponse(String json) {
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultRefreshTokenTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultRefreshTokenTokenResponseClientTests.java
index a4cd6dd27d..474e627de2 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultRefreshTokenTokenResponseClientTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultRefreshTokenTokenResponseClientTests.java
@@ -40,7 +40,8 @@ import org.springframework.security.oauth2.core.TestOAuth2RefreshTokens;
 import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * Tests for {@link DefaultRefreshTokenTokenResponseClient}.
@@ -76,20 +77,17 @@ public class DefaultRefreshTokenTokenResponseClientTests {
 
 	@Test
 	public void setRequestEntityConverterWhenConverterIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.tokenResponseClient.setRequestEntityConverter(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.tokenResponseClient.setRequestEntityConverter(null));
 	}
 
 	@Test
 	public void setRestOperationsWhenRestOperationsIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.tokenResponseClient.setRestOperations(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.tokenResponseClient.setRestOperations(null));
 	}
 
 	@Test
 	public void getTokenResponseWhenRequestIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.tokenResponseClient.getTokenResponse(null));
 	}
 
 	@Test
@@ -144,11 +142,11 @@ public class DefaultRefreshTokenTokenResponseClientTests {
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
 		OAuth2RefreshTokenGrantRequest refreshTokenGrantRequest = new OAuth2RefreshTokenGrantRequest(
 				this.clientRegistrationBuilder.build(), this.accessToken, this.refreshToken);
-		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(refreshTokenGrantRequest))
-				.isInstanceOf(OAuth2AuthorizationException.class)
-				.hasMessageContaining(
-						"[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response")
-				.hasMessageContaining("tokenType cannot be null");
+		assertThatExceptionOfType(OAuth2AuthorizationException.class)
+				.isThrownBy(() -> this.tokenResponseClient.getTokenResponse(refreshTokenGrantRequest))
+				.withMessageContaining("[invalid_token_response] An error occurred while attempting to "
+						+ "retrieve the OAuth 2.0 Access Token Response")
+				.withMessageContaining("tokenType cannot be null");
 	}
 
 	@Test
@@ -174,8 +172,9 @@ public class DefaultRefreshTokenTokenResponseClientTests {
 		this.server.enqueue(jsonResponse(accessTokenErrorResponse).setResponseCode(400));
 		OAuth2RefreshTokenGrantRequest refreshTokenGrantRequest = new OAuth2RefreshTokenGrantRequest(
 				this.clientRegistrationBuilder.build(), this.accessToken, this.refreshToken);
-		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(refreshTokenGrantRequest))
-				.isInstanceOf(OAuth2AuthorizationException.class).hasMessageContaining("[unauthorized_client]");
+		assertThatExceptionOfType(OAuth2AuthorizationException.class)
+				.isThrownBy(() -> this.tokenResponseClient.getTokenResponse(refreshTokenGrantRequest))
+				.withMessageContaining("[unauthorized_client]");
 	}
 
 	@Test
@@ -183,9 +182,10 @@ public class DefaultRefreshTokenTokenResponseClientTests {
 		this.server.enqueue(new MockResponse().setResponseCode(500));
 		OAuth2RefreshTokenGrantRequest refreshTokenGrantRequest = new OAuth2RefreshTokenGrantRequest(
 				this.clientRegistrationBuilder.build(), this.accessToken, this.refreshToken);
-		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(refreshTokenGrantRequest))
-				.isInstanceOf(OAuth2AuthorizationException.class).hasMessageContaining(
-						"[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response");
+		assertThatExceptionOfType(OAuth2AuthorizationException.class)
+				.isThrownBy(() -> this.tokenResponseClient.getTokenResponse(refreshTokenGrantRequest))
+				.withMessageContaining("[invalid_token_response] An error occurred while attempting to "
+						+ "retrieve the OAuth 2.0 Access Token Response");
 	}
 
 	private MockResponse jsonResponse(String json) {
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestTests.java
index 1bb619e9b1..676ca8957a 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestTests.java
@@ -24,7 +24,7 @@ import org.springframework.security.oauth2.core.AuthorizationGrantType;
 import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * Tests for {@link OAuth2ClientCredentialsGrantRequest}.
@@ -45,8 +45,7 @@ public class OAuth2ClientCredentialsGrantRequestTests {
 
 	@Test
 	public void constructorWhenClientRegistrationIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> new OAuth2ClientCredentialsGrantRequest(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> new OAuth2ClientCredentialsGrantRequest(null));
 	}
 
 	@Test
@@ -55,8 +54,8 @@ public class OAuth2ClientCredentialsGrantRequestTests {
 				.clientId("client-1").authorizationGrantType(AuthorizationGrantType.IMPLICIT)
 				.redirectUri("https://localhost:8080/redirect-uri").authorizationUri("https://provider.com/oauth2/auth")
 				.clientName("Client 1").build();
-		assertThatThrownBy(() -> new OAuth2ClientCredentialsGrantRequest(clientRegistration))
-				.isInstanceOf(IllegalArgumentException.class).hasMessage(
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new OAuth2ClientCredentialsGrantRequest(clientRegistration)).withMessage(
 						"clientRegistration.authorizationGrantType must be AuthorizationGrantType.CLIENT_CREDENTIALS");
 	}
 
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2PasswordGrantRequestTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2PasswordGrantRequestTests.java
index 38e88cee94..dfcfe69841 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2PasswordGrantRequestTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2PasswordGrantRequestTests.java
@@ -23,7 +23,7 @@ import org.springframework.security.oauth2.client.registration.TestClientRegistr
 import org.springframework.security.oauth2.core.AuthorizationGrantType;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * Tests for {@link OAuth2PasswordGrantRequest}.
@@ -41,32 +41,37 @@ public class OAuth2PasswordGrantRequestTests {
 
 	@Test
 	public void constructorWhenClientRegistrationIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> new OAuth2PasswordGrantRequest(null, this.username, this.password))
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("clientRegistration cannot be null");
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new OAuth2PasswordGrantRequest(null, this.username, this.password))
+				.withMessage("clientRegistration cannot be null");
 	}
 
 	@Test
 	public void constructorWhenUsernameIsEmptyThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> new OAuth2PasswordGrantRequest(this.clientRegistration, null, this.password))
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("username cannot be empty");
-		assertThatThrownBy(() -> new OAuth2PasswordGrantRequest(this.clientRegistration, "", this.password))
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("username cannot be empty");
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new OAuth2PasswordGrantRequest(this.clientRegistration, null, this.password))
+				.withMessage("username cannot be empty");
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new OAuth2PasswordGrantRequest(this.clientRegistration, "", this.password))
+				.withMessage("username cannot be empty");
 	}
 
 	@Test
 	public void constructorWhenPasswordIsEmptyThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> new OAuth2PasswordGrantRequest(this.clientRegistration, this.username, null))
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("password cannot be empty");
-		assertThatThrownBy(() -> new OAuth2PasswordGrantRequest(this.clientRegistration, this.username, ""))
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("password cannot be empty");
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new OAuth2PasswordGrantRequest(this.clientRegistration, this.username, null))
+				.withMessage("password cannot be empty");
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new OAuth2PasswordGrantRequest(this.clientRegistration, this.username, ""))
+				.withMessage("password cannot be empty");
 	}
 
 	@Test
 	public void constructorWhenClientRegistrationInvalidGrantTypeThenThrowIllegalArgumentException() {
 		ClientRegistration registration = TestClientRegistrations.clientCredentials().build();
-		assertThatThrownBy(() -> new OAuth2PasswordGrantRequest(registration, this.username, this.password))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("clientRegistration.authorizationGrantType must be AuthorizationGrantType.PASSWORD");
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new OAuth2PasswordGrantRequest(registration, this.username, this.password))
+				.withMessage("clientRegistration.authorizationGrantType must be AuthorizationGrantType.PASSWORD");
 	}
 
 	@Test
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2RefreshTokenGrantRequestTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2RefreshTokenGrantRequestTests.java
index f9f7fffe8e..8b51a22e04 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2RefreshTokenGrantRequestTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2RefreshTokenGrantRequestTests.java
@@ -31,7 +31,7 @@ import org.springframework.security.oauth2.core.TestOAuth2AccessTokens;
 import org.springframework.security.oauth2.core.TestOAuth2RefreshTokens;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * Tests for {@link OAuth2RefreshTokenGrantRequest}.
@@ -55,20 +55,23 @@ public class OAuth2RefreshTokenGrantRequestTests {
 
 	@Test
 	public void constructorWhenClientRegistrationIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> new OAuth2RefreshTokenGrantRequest(null, this.accessToken, this.refreshToken))
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("clientRegistration cannot be null");
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new OAuth2RefreshTokenGrantRequest(null, this.accessToken, this.refreshToken))
+				.withMessage("clientRegistration cannot be null");
 	}
 
 	@Test
 	public void constructorWhenAccessTokenIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> new OAuth2RefreshTokenGrantRequest(this.clientRegistration, null, this.refreshToken))
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("accessToken cannot be null");
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new OAuth2RefreshTokenGrantRequest(this.clientRegistration, null, this.refreshToken))
+				.withMessage("accessToken cannot be null");
 	}
 
 	@Test
 	public void constructorWhenRefreshTokenIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> new OAuth2RefreshTokenGrantRequest(this.clientRegistration, this.accessToken, null))
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("refreshToken cannot be null");
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new OAuth2RefreshTokenGrantRequest(this.clientRegistration, this.accessToken, null))
+				.withMessage("refreshToken cannot be null");
 	}
 
 	@Test
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveAuthorizationCodeTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveAuthorizationCodeTokenResponseClientTests.java
index f614700b0f..7291f83a29 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveAuthorizationCodeTokenResponseClientTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveAuthorizationCodeTokenResponseClientTests.java
@@ -41,7 +41,7 @@ import org.springframework.security.oauth2.core.endpoint.PkceParameterNames;
 import org.springframework.web.reactive.function.client.WebClient;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.atLeastOnce;
 import static org.mockito.Mockito.mock;
@@ -179,10 +179,10 @@ public class WebClientReactiveAuthorizationCodeTokenResponseClientTests {
 		String accessTokenErrorResponse = "{\n" + "   \"error\": \"unauthorized_client\"\n" + "}\n";
 		this.server.enqueue(
 				jsonResponse(accessTokenErrorResponse).setResponseCode(HttpStatus.INTERNAL_SERVER_ERROR.value()));
-		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(authorizationCodeGrantRequest()).block())
-				.isInstanceOfSatisfying(OAuth2AuthorizationException.class,
-						(e) -> assertThat(e.getError().getErrorCode()).isEqualTo("unauthorized_client"))
-				.hasMessageContaining("unauthorized_client");
+		assertThatExceptionOfType(OAuth2AuthorizationException.class)
+				.isThrownBy(() -> this.tokenResponseClient.getTokenResponse(authorizationCodeGrantRequest()).block())
+				.satisfies((ex) -> assertThat(ex.getError().getErrorCode()).isEqualTo("unauthorized_client"))
+				.withMessageContaining("unauthorized_client");
 	}
 
 	// gh-5594
@@ -191,8 +191,9 @@ public class WebClientReactiveAuthorizationCodeTokenResponseClientTests {
 		String accessTokenErrorResponse = "{}";
 		this.server.enqueue(
 				jsonResponse(accessTokenErrorResponse).setResponseCode(HttpStatus.INTERNAL_SERVER_ERROR.value()));
-		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(authorizationCodeGrantRequest()).block())
-				.isInstanceOf(OAuth2AuthorizationException.class).hasMessageContaining("server_error");
+		assertThatExceptionOfType(OAuth2AuthorizationException.class)
+				.isThrownBy(() -> this.tokenResponseClient.getTokenResponse(authorizationCodeGrantRequest()).block())
+				.withMessageContaining("server_error");
 	}
 
 	@Test
@@ -200,8 +201,9 @@ public class WebClientReactiveAuthorizationCodeTokenResponseClientTests {
 		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
 				+ "   \"token_type\": \"not-bearer\",\n" + "   \"expires_in\": \"3600\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
-		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(authorizationCodeGrantRequest()).block())
-				.isInstanceOf(OAuth2AuthorizationException.class).hasMessageContaining("invalid_token_response");
+		assertThatExceptionOfType(OAuth2AuthorizationException.class)
+				.isThrownBy(() -> this.tokenResponseClient.getTokenResponse(authorizationCodeGrantRequest()).block())
+				.withMessageContaining("invalid_token_response");
 	}
 
 	@Test
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveClientCredentialsTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveClientCredentialsTokenResponseClientTests.java
index 7e47b19533..85de9ebff8 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveClientCredentialsTokenResponseClientTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveClientCredentialsTokenResponseClientTests.java
@@ -34,7 +34,7 @@ import org.springframework.web.reactive.function.client.WebClient;
 import org.springframework.web.reactive.function.client.WebClientResponseException;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.atLeastOnce;
 import static org.mockito.Mockito.mock;
@@ -134,11 +134,11 @@ public class WebClientReactiveClientCredentialsTokenResponseClientTests {
 		ClientRegistration registration = this.clientRegistration.build();
 		enqueueUnexpectedResponse();
 		OAuth2ClientCredentialsGrantRequest request = new OAuth2ClientCredentialsGrantRequest(registration);
-		assertThatThrownBy(() -> this.client.getTokenResponse(request).block())
-				.isInstanceOfSatisfying(OAuth2AuthorizationException.class,
-						(e) -> assertThat(e.getError().getErrorCode()).isEqualTo("invalid_token_response"))
-				.hasMessageContaining("[invalid_token_response]")
-				.hasMessageContaining("Empty OAuth 2.0 Access Token Response");
+		assertThatExceptionOfType(OAuth2AuthorizationException.class)
+				.isThrownBy(() -> this.client.getTokenResponse(request).block())
+				.satisfies((ex) -> assertThat(ex.getError().getErrorCode()).isEqualTo("invalid_token_response"))
+				.withMessageContaining("[invalid_token_response]")
+				.withMessageContaining("Empty OAuth 2.0 Access Token Response");
 	}
 
 	private void enqueueUnexpectedResponse() {
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactivePasswordTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactivePasswordTokenResponseClientTests.java
index a48a48505c..07eb3bf3b6 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactivePasswordTokenResponseClientTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactivePasswordTokenResponseClientTests.java
@@ -36,7 +36,8 @@ import org.springframework.security.oauth2.core.OAuth2AuthorizationException;
 import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * Tests for {@link WebClientReactivePasswordTokenResponseClient}.
@@ -70,14 +71,12 @@ public class WebClientReactivePasswordTokenResponseClientTests {
 
 	@Test
 	public void setWebClientWhenClientIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.tokenResponseClient.setWebClient(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.tokenResponseClient.setWebClient(null));
 	}
 
 	@Test
 	public void getTokenResponseWhenRequestIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(null).block())
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.tokenResponseClient.getTokenResponse(null).block());
 	}
 
 	@Test
@@ -134,12 +133,12 @@ public class WebClientReactivePasswordTokenResponseClientTests {
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
 		OAuth2PasswordGrantRequest passwordGrantRequest = new OAuth2PasswordGrantRequest(
 				this.clientRegistrationBuilder.build(), this.username, this.password);
-		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(passwordGrantRequest).block())
-				.isInstanceOfSatisfying(OAuth2AuthorizationException.class,
-						(e) -> assertThat(e.getError().getErrorCode()).isEqualTo("invalid_token_response"))
-				.hasMessageContaining("[invalid_token_response]")
-				.hasMessageContaining("An error occurred parsing the Access Token response")
-				.hasCauseInstanceOf(Throwable.class);
+		assertThatExceptionOfType(OAuth2AuthorizationException.class)
+				.isThrownBy(() -> this.tokenResponseClient.getTokenResponse(passwordGrantRequest).block())
+				.satisfies((ex) -> assertThat(ex.getError().getErrorCode()).isEqualTo("invalid_token_response"))
+				.withMessageContaining("[invalid_token_response]")
+				.withMessageContaining("An error occurred parsing the Access Token response")
+				.withCauseInstanceOf(Throwable.class);
 	}
 
 	@Test
@@ -164,10 +163,10 @@ public class WebClientReactivePasswordTokenResponseClientTests {
 		this.server.enqueue(jsonResponse(accessTokenErrorResponse).setResponseCode(400));
 		OAuth2PasswordGrantRequest passwordGrantRequest = new OAuth2PasswordGrantRequest(
 				this.clientRegistrationBuilder.build(), this.username, this.password);
-		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(passwordGrantRequest).block())
-				.isInstanceOfSatisfying(OAuth2AuthorizationException.class,
-						(e) -> assertThat(e.getError().getErrorCode()).isEqualTo("unauthorized_client"))
-				.hasMessageContaining("[unauthorized_client]");
+		assertThatExceptionOfType(OAuth2AuthorizationException.class)
+				.isThrownBy(() -> this.tokenResponseClient.getTokenResponse(passwordGrantRequest).block())
+				.satisfies((ex) -> assertThat(ex.getError().getErrorCode()).isEqualTo("unauthorized_client"))
+				.withMessageContaining("[unauthorized_client]");
 	}
 
 	@Test
@@ -175,11 +174,11 @@ public class WebClientReactivePasswordTokenResponseClientTests {
 		this.server.enqueue(new MockResponse().setResponseCode(500));
 		OAuth2PasswordGrantRequest passwordGrantRequest = new OAuth2PasswordGrantRequest(
 				this.clientRegistrationBuilder.build(), this.username, this.password);
-		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(passwordGrantRequest).block())
-				.isInstanceOfSatisfying(OAuth2AuthorizationException.class,
-						(e) -> assertThat(e.getError().getErrorCode()).isEqualTo("invalid_token_response"))
-				.hasMessageContaining("[invalid_token_response]")
-				.hasMessageContaining("Empty OAuth 2.0 Access Token Response");
+		assertThatExceptionOfType(OAuth2AuthorizationException.class)
+				.isThrownBy(() -> this.tokenResponseClient.getTokenResponse(passwordGrantRequest).block())
+				.satisfies((ex) -> assertThat(ex.getError().getErrorCode()).isEqualTo("invalid_token_response"))
+				.withMessageContaining("[invalid_token_response]")
+				.withMessageContaining("Empty OAuth 2.0 Access Token Response");
 	}
 
 	private MockResponse jsonResponse(String json) {
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveRefreshTokenTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveRefreshTokenTokenResponseClientTests.java
index 47a5cdcd24..dd9262271b 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveRefreshTokenTokenResponseClientTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveRefreshTokenTokenResponseClientTests.java
@@ -40,7 +40,8 @@ import org.springframework.security.oauth2.core.TestOAuth2RefreshTokens;
 import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * Tests for {@link WebClientReactiveRefreshTokenTokenResponseClient}.
@@ -76,14 +77,12 @@ public class WebClientReactiveRefreshTokenTokenResponseClientTests {
 
 	@Test
 	public void setWebClientWhenClientIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.tokenResponseClient.setWebClient(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.tokenResponseClient.setWebClient(null));
 	}
 
 	@Test
 	public void getTokenResponseWhenRequestIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(null).block())
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.tokenResponseClient.getTokenResponse(null).block());
 	}
 
 	@Test
@@ -138,10 +137,11 @@ public class WebClientReactiveRefreshTokenTokenResponseClientTests {
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
 		OAuth2RefreshTokenGrantRequest refreshTokenGrantRequest = new OAuth2RefreshTokenGrantRequest(
 				this.clientRegistrationBuilder.build(), this.accessToken, this.refreshToken);
-		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(refreshTokenGrantRequest).block())
-				.isInstanceOf(OAuth2AuthorizationException.class).hasMessageContaining("[invalid_token_response]")
-				.hasMessageContaining("An error occurred parsing the Access Token response")
-				.hasCauseInstanceOf(Throwable.class);
+		assertThatExceptionOfType(OAuth2AuthorizationException.class)
+				.isThrownBy(() -> this.tokenResponseClient.getTokenResponse(refreshTokenGrantRequest).block())
+				.withMessageContaining("[invalid_token_response]")
+				.withMessageContaining("An error occurred parsing the Access Token response")
+				.withCauseInstanceOf(Throwable.class);
 	}
 
 	@Test
@@ -167,10 +167,10 @@ public class WebClientReactiveRefreshTokenTokenResponseClientTests {
 		this.server.enqueue(jsonResponse(accessTokenErrorResponse).setResponseCode(400));
 		OAuth2RefreshTokenGrantRequest refreshTokenGrantRequest = new OAuth2RefreshTokenGrantRequest(
 				this.clientRegistrationBuilder.build(), this.accessToken, this.refreshToken);
-		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(refreshTokenGrantRequest).block())
-				.isInstanceOfSatisfying(OAuth2AuthorizationException.class,
-						(e) -> assertThat(e.getError().getErrorCode()).isEqualTo("unauthorized_client"))
-				.hasMessageContaining("[unauthorized_client]");
+		assertThatExceptionOfType(OAuth2AuthorizationException.class)
+				.isThrownBy(() -> this.tokenResponseClient.getTokenResponse(refreshTokenGrantRequest).block())
+				.satisfies((ex) -> assertThat(ex.getError().getErrorCode()).isEqualTo("unauthorized_client"))
+				.withMessageContaining("[unauthorized_client]");
 	}
 
 	@Test
@@ -178,11 +178,11 @@ public class WebClientReactiveRefreshTokenTokenResponseClientTests {
 		this.server.enqueue(new MockResponse().setResponseCode(500));
 		OAuth2RefreshTokenGrantRequest refreshTokenGrantRequest = new OAuth2RefreshTokenGrantRequest(
 				this.clientRegistrationBuilder.build(), this.accessToken, this.refreshToken);
-		assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(refreshTokenGrantRequest).block())
-				.isInstanceOfSatisfying(OAuth2AuthorizationException.class,
-						(e) -> assertThat(e.getError().getErrorCode()).isEqualTo("invalid_token_response"))
-				.hasMessageContaining("[invalid_token_response]")
-				.hasMessageContaining("Empty OAuth 2.0 Access Token Response");
+		assertThatExceptionOfType(OAuth2AuthorizationException.class)
+				.isThrownBy(() -> this.tokenResponseClient.getTokenResponse(refreshTokenGrantRequest).block())
+				.satisfies((ex) -> assertThat(ex.getError().getErrorCode()).isEqualTo("invalid_token_response"))
+				.withMessageContaining("[invalid_token_response]")
+				.withMessageContaining("Empty OAuth 2.0 Access Token Response");
 	}
 
 	private MockResponse jsonResponse(String json) {
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/http/OAuth2ErrorResponseErrorHandlerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/http/OAuth2ErrorResponseErrorHandlerTests.java
index 6eeade77ca..d4c1c909a3 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/http/OAuth2ErrorResponseErrorHandlerTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/http/OAuth2ErrorResponseErrorHandlerTests.java
@@ -23,7 +23,7 @@ import org.springframework.http.HttpStatus;
 import org.springframework.mock.http.client.MockClientHttpResponse;
 import org.springframework.security.oauth2.core.OAuth2AuthorizationException;
 
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 
 /**
  * Tests for {@link OAuth2ErrorResponseErrorHandler}.
@@ -39,9 +39,9 @@ public class OAuth2ErrorResponseErrorHandlerTests {
 		String errorResponse = "{\n" + "	\"error\": \"unauthorized_client\",\n"
 				+ "   \"error_description\": \"The client is not authorized\"\n" + "}\n";
 		MockClientHttpResponse response = new MockClientHttpResponse(errorResponse.getBytes(), HttpStatus.BAD_REQUEST);
-		assertThatThrownBy(() -> this.errorHandler.handleError(response))
-				.isInstanceOf(OAuth2AuthorizationException.class)
-				.hasMessage("[unauthorized_client] The client is not authorized");
+		assertThatExceptionOfType(OAuth2AuthorizationException.class)
+				.isThrownBy(() -> this.errorHandler.handleError(response))
+				.withMessage("[unauthorized_client] The client is not authorized");
 	}
 
 	@Test
@@ -49,9 +49,9 @@ public class OAuth2ErrorResponseErrorHandlerTests {
 		String wwwAuthenticateHeader = "Bearer realm=\"auth-realm\" error=\"insufficient_scope\" error_description=\"The access token expired\"";
 		MockClientHttpResponse response = new MockClientHttpResponse(new byte[0], HttpStatus.BAD_REQUEST);
 		response.getHeaders().add(HttpHeaders.WWW_AUTHENTICATE, wwwAuthenticateHeader);
-		assertThatThrownBy(() -> this.errorHandler.handleError(response))
-				.isInstanceOf(OAuth2AuthorizationException.class)
-				.hasMessage("[insufficient_scope] The access token expired");
+		assertThatExceptionOfType(OAuth2AuthorizationException.class)
+				.isThrownBy(() -> this.errorHandler.handleError(response))
+				.withMessage("[insufficient_scope] The access token expired");
 	}
 
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationExceptionMixinTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationExceptionMixinTests.java
index e47de4a0a4..5052f98a07 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationExceptionMixinTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationExceptionMixinTests.java
@@ -27,7 +27,7 @@ import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
 import org.springframework.security.oauth2.core.OAuth2Error;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 
 /**
  * Tests for {@link OAuth2AuthenticationExceptionMixin}.
@@ -68,8 +68,8 @@ public class OAuth2AuthenticationExceptionMixinTests {
 	@Test
 	public void deserializeWhenMixinNotRegisteredThenThrowJsonProcessingException() {
 		String json = asJson(new OAuth2AuthenticationException(new OAuth2Error("[authorization_request_not_found]")));
-		assertThatThrownBy(() -> new ObjectMapper().readValue(json, OAuth2AuthenticationException.class))
-				.isInstanceOf(JsonProcessingException.class);
+		assertThatExceptionOfType(JsonProcessingException.class)
+				.isThrownBy(() -> new ObjectMapper().readValue(json, OAuth2AuthenticationException.class));
 	}
 
 	@Test
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationTokenMixinTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationTokenMixinTests.java
index ad7e4f5752..e394254109 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationTokenMixinTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationTokenMixinTests.java
@@ -48,7 +48,7 @@ import org.springframework.util.CollectionUtils;
 import org.springframework.util.StringUtils;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 
 /**
  * Tests for {@link OAuth2AuthenticationTokenMixin}.
@@ -95,8 +95,8 @@ public class OAuth2AuthenticationTokenMixinTests {
 	public void deserializeWhenMixinNotRegisteredThenThrowJsonProcessingException() {
 		OAuth2AuthenticationToken authentication = TestOAuth2AuthenticationTokens.oidcAuthenticated();
 		String json = asJson(authentication);
-		assertThatThrownBy(() -> new ObjectMapper().readValue(json, OAuth2AuthenticationToken.class))
-				.isInstanceOf(JsonProcessingException.class);
+		assertThatExceptionOfType(JsonProcessingException.class)
+				.isThrownBy(() -> new ObjectMapper().readValue(json, OAuth2AuthenticationToken.class));
 	}
 
 	@Test
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizationRequestMixinTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizationRequestMixinTests.java
index 326a56c3fa..569e584349 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizationRequestMixinTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizationRequestMixinTests.java
@@ -34,7 +34,7 @@ import org.springframework.util.CollectionUtils;
 import org.springframework.util.StringUtils;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 
 /**
  * Tests for {@link OAuth2AuthorizationRequestMixin}.
@@ -79,8 +79,8 @@ public class OAuth2AuthorizationRequestMixinTests {
 	@Test
 	public void deserializeWhenMixinNotRegisteredThenThrowJsonProcessingException() {
 		String json = asJson(this.authorizationRequestBuilder.build());
-		assertThatThrownBy(() -> new ObjectMapper().readValue(json, OAuth2AuthorizationRequest.class))
-				.isInstanceOf(JsonProcessingException.class);
+		assertThatExceptionOfType(JsonProcessingException.class)
+				.isThrownBy(() -> new ObjectMapper().readValue(json, OAuth2AuthorizationRequest.class));
 	}
 
 	@Test
@@ -128,8 +128,9 @@ public class OAuth2AuthorizationRequestMixinTests {
 	public void deserializeWhenInvalidAuthorizationGrantTypeThenThrowJsonParseException() {
 		OAuth2AuthorizationRequest authorizationRequest = this.authorizationRequestBuilder.build();
 		String json = asJson(authorizationRequest).replace("authorization_code", "client_credentials");
-		assertThatThrownBy(() -> this.mapper.readValue(json, OAuth2AuthorizationRequest.class))
-				.isInstanceOf(JsonParseException.class).hasMessageContaining("Invalid authorizationGrantType");
+		assertThatExceptionOfType(JsonParseException.class)
+				.isThrownBy(() -> this.mapper.readValue(json, OAuth2AuthorizationRequest.class))
+				.withMessageContaining("Invalid authorizationGrantType");
 	}
 
 	private static String asJson(OAuth2AuthorizationRequest authorizationRequest) {
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizedClientMixinTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizedClientMixinTests.java
index b829abc651..02b40783d0 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizedClientMixinTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizedClientMixinTests.java
@@ -40,7 +40,7 @@ import org.springframework.util.CollectionUtils;
 import org.springframework.util.StringUtils;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 
 /**
  * Tests for {@link OAuth2AuthorizedClientMixin}.
@@ -99,8 +99,8 @@ public class OAuth2AuthorizedClientMixinTests {
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistrationBuilder.build(),
 				this.principalName, this.accessToken);
 		String json = asJson(authorizedClient);
-		assertThatThrownBy(() -> new ObjectMapper().readValue(json, OAuth2AuthorizedClient.class))
-				.isInstanceOf(JsonProcessingException.class);
+		assertThatExceptionOfType(JsonProcessingException.class)
+				.isThrownBy(() -> new ObjectMapper().readValue(json, OAuth2AuthorizedClient.class));
 	}
 
 	@Test
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManagerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManagerTests.java
index cd1157c53b..0913435795 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManagerTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManagerTests.java
@@ -66,8 +66,8 @@ import org.springframework.security.oauth2.jwt.ReactiveJwtDecoder;
 import org.springframework.security.oauth2.jwt.TestJwts;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatCode;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyCollection;
 import static org.mockito.BDDMockito.given;
@@ -113,25 +113,27 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests {
 	@Test
 	public void constructorWhenNullAccessTokenResponseClientThenIllegalArgumentException() {
 		this.accessTokenResponseClient = null;
-		assertThatThrownBy(() -> new OidcAuthorizationCodeReactiveAuthenticationManager(this.accessTokenResponseClient,
-				this.userService)).isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new OidcAuthorizationCodeReactiveAuthenticationManager(this.accessTokenResponseClient,
+						this.userService));
 	}
 
 	@Test
 	public void constructorWhenNullUserServiceThenIllegalArgumentException() {
 		this.userService = null;
-		assertThatThrownBy(() -> new OidcAuthorizationCodeReactiveAuthenticationManager(this.accessTokenResponseClient,
-				this.userService)).isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new OidcAuthorizationCodeReactiveAuthenticationManager(this.accessTokenResponseClient,
+						this.userService));
 	}
 
 	@Test
 	public void setJwtDecoderFactoryWhenNullThenIllegalArgumentException() {
-		assertThatThrownBy(() -> this.manager.setJwtDecoderFactory(null)).isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.manager.setJwtDecoderFactory(null));
 	}
 
 	@Test
 	public void setAuthoritiesMapperWhenAuthoritiesMapperIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.manager.setAuthoritiesMapper(null)).isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.manager.setAuthoritiesMapper(null));
 	}
 
 	@Test
@@ -139,8 +141,8 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests {
 		// we didn't do anything because it should cause a ClassCastException (as verified
 		// below)
 		TestingAuthenticationToken token = new TestingAuthenticationToken("a", "b");
-		assertThatCode(() -> this.manager.authenticate(token)).doesNotThrowAnyException();
-		assertThatThrownBy(() -> this.manager.authenticate(token).block()).isInstanceOf(Throwable.class);
+		this.manager.authenticate(token);
+		assertThatExceptionOfType(Throwable.class).isThrownBy(() -> this.manager.authenticate(token).block());
 	}
 
 	@Test
@@ -152,15 +154,15 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests {
 	@Test
 	public void authenticationWhenErrorThenOAuth2AuthenticationException() {
 		this.authorizationResponseBldr = OAuth2AuthorizationResponse.error("error").state("state");
-		assertThatThrownBy(() -> this.manager.authenticate(loginToken()).block())
-				.isInstanceOf(OAuth2AuthenticationException.class);
+		assertThatExceptionOfType(OAuth2AuthenticationException.class)
+				.isThrownBy(() -> this.manager.authenticate(loginToken()).block());
 	}
 
 	@Test
 	public void authenticationWhenStateDoesNotMatchThenOAuth2AuthenticationException() {
 		this.authorizationResponseBldr.state("notmatch");
-		assertThatThrownBy(() -> this.manager.authenticate(loginToken()).block())
-				.isInstanceOf(OAuth2AuthenticationException.class);
+		assertThatExceptionOfType(OAuth2AuthenticationException.class)
+				.isThrownBy(() -> this.manager.authenticate(loginToken()).block());
 	}
 
 	@Test
@@ -172,9 +174,9 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests {
 		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse));
 		given(this.jwtDecoder.decode(any())).willThrow(new JwtException("ID Token Validation Error"));
 		this.manager.setJwtDecoderFactory((c) -> this.jwtDecoder);
-		assertThatThrownBy(() -> this.manager.authenticate(loginToken()).block())
-				.isInstanceOf(OAuth2AuthenticationException.class)
-				.hasMessageContaining("[invalid_id_token] ID Token Validation Error");
+		assertThatExceptionOfType(OAuth2AuthenticationException.class)
+				.isThrownBy(() -> this.manager.authenticate(loginToken()).block())
+				.withMessageContaining("[invalid_id_token] ID Token Validation Error");
 	}
 
 	@Test
@@ -193,8 +195,9 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests {
 		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse));
 		given(this.jwtDecoder.decode(any())).willReturn(Mono.just(idToken));
 		this.manager.setJwtDecoderFactory((c) -> this.jwtDecoder);
-		assertThatThrownBy(() -> this.manager.authenticate(authorizationCodeAuthentication).block())
-				.isInstanceOf(OAuth2AuthenticationException.class).hasMessageContaining("[invalid_nonce]");
+		assertThatExceptionOfType(OAuth2AuthenticationException.class)
+				.isThrownBy(() -> this.manager.authenticate(authorizationCodeAuthentication).block())
+				.withMessageContaining("[invalid_nonce]");
 	}
 
 	@Test
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenDecoderFactoryTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenDecoderFactoryTests.java
index c74a5fc23e..224d49fe71 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenDecoderFactoryTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenDecoderFactoryTests.java
@@ -36,7 +36,8 @@ import org.springframework.security.oauth2.jose.jws.SignatureAlgorithm;
 import org.springframework.security.oauth2.jwt.Jwt;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.ArgumentMatchers.same;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
@@ -76,33 +77,30 @@ public class OidcIdTokenDecoderFactoryTests {
 
 	@Test
 	public void setJwtValidatorFactoryWhenNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.idTokenDecoderFactory.setJwtValidatorFactory(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.idTokenDecoderFactory.setJwtValidatorFactory(null));
 	}
 
 	@Test
 	public void setJwsAlgorithmResolverWhenNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.idTokenDecoderFactory.setJwsAlgorithmResolver(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.idTokenDecoderFactory.setJwsAlgorithmResolver(null));
 	}
 
 	@Test
 	public void setClaimTypeConverterFactoryWhenNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.idTokenDecoderFactory.setClaimTypeConverterFactory(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.idTokenDecoderFactory.setClaimTypeConverterFactory(null));
 	}
 
 	@Test
 	public void createDecoderWhenClientRegistrationNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.idTokenDecoderFactory.createDecoder(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.idTokenDecoderFactory.createDecoder(null));
 	}
 
 	@Test
 	public void createDecoderWhenJwsAlgorithmDefaultAndJwkSetUriEmptyThenThrowOAuth2AuthenticationException() {
-		assertThatThrownBy(() -> this.idTokenDecoderFactory.createDecoder(this.registration.jwkSetUri(null).build()))
-				.isInstanceOf(OAuth2AuthenticationException.class)
-				.hasMessage("[missing_signature_verifier] Failed to find a Signature Verifier "
+		assertThatExceptionOfType(OAuth2AuthenticationException.class)
+				.isThrownBy(() -> this.idTokenDecoderFactory.createDecoder(this.registration.jwkSetUri(null).build()))
+				.withMessage("[missing_signature_verifier] Failed to find a Signature Verifier "
 						+ "for Client Registration: 'registration-id'. "
 						+ "Check to ensure you have configured the JwkSet URI.");
 	}
@@ -110,9 +108,9 @@ public class OidcIdTokenDecoderFactoryTests {
 	@Test
 	public void createDecoderWhenJwsAlgorithmEcAndJwkSetUriEmptyThenThrowOAuth2AuthenticationException() {
 		this.idTokenDecoderFactory.setJwsAlgorithmResolver((clientRegistration) -> SignatureAlgorithm.ES256);
-		assertThatThrownBy(() -> this.idTokenDecoderFactory.createDecoder(this.registration.jwkSetUri(null).build()))
-				.isInstanceOf(OAuth2AuthenticationException.class)
-				.hasMessage("[missing_signature_verifier] Failed to find a Signature Verifier "
+		assertThatExceptionOfType(OAuth2AuthenticationException.class)
+				.isThrownBy(() -> this.idTokenDecoderFactory.createDecoder(this.registration.jwkSetUri(null).build()))
+				.withMessage("[missing_signature_verifier] Failed to find a Signature Verifier "
 						+ "for Client Registration: 'registration-id'. "
 						+ "Check to ensure you have configured the JwkSet URI.");
 	}
@@ -120,9 +118,10 @@ public class OidcIdTokenDecoderFactoryTests {
 	@Test
 	public void createDecoderWhenJwsAlgorithmHmacAndClientSecretNullThenThrowOAuth2AuthenticationException() {
 		this.idTokenDecoderFactory.setJwsAlgorithmResolver((clientRegistration) -> MacAlgorithm.HS256);
-		assertThatThrownBy(() -> this.idTokenDecoderFactory.createDecoder(this.registration.clientSecret(null).build()))
-				.isInstanceOf(OAuth2AuthenticationException.class)
-				.hasMessage("[missing_signature_verifier] Failed to find a Signature Verifier "
+		assertThatExceptionOfType(OAuth2AuthenticationException.class)
+				.isThrownBy(
+						() -> this.idTokenDecoderFactory.createDecoder(this.registration.clientSecret(null).build()))
+				.withMessage("[missing_signature_verifier] Failed to find a Signature Verifier "
 						+ "for Client Registration: 'registration-id'. "
 						+ "Check to ensure you have configured the client secret.");
 	}
@@ -130,9 +129,9 @@ public class OidcIdTokenDecoderFactoryTests {
 	@Test
 	public void createDecoderWhenJwsAlgorithmNullThenThrowOAuth2AuthenticationException() {
 		this.idTokenDecoderFactory.setJwsAlgorithmResolver((clientRegistration) -> null);
-		assertThatThrownBy(() -> this.idTokenDecoderFactory.createDecoder(this.registration.build()))
-				.isInstanceOf(OAuth2AuthenticationException.class)
-				.hasMessage("[missing_signature_verifier] Failed to find a Signature Verifier "
+		assertThatExceptionOfType(OAuth2AuthenticationException.class)
+				.isThrownBy(() -> this.idTokenDecoderFactory.createDecoder(this.registration.build()))
+				.withMessage("[missing_signature_verifier] Failed to find a Signature Verifier "
 						+ "for Client Registration: 'registration-id'. "
 						+ "Check to ensure you have configured a valid JWS Algorithm: 'null'");
 	}
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenValidatorTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenValidatorTests.java
index 9c6aa401ec..f0a555b4ba 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenValidatorTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenValidatorTests.java
@@ -35,7 +35,7 @@ import org.springframework.security.oauth2.jose.jws.JwsAlgorithms;
 import org.springframework.security.oauth2.jwt.Jwt;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * @author Rob Winch
@@ -72,20 +72,19 @@ public class OidcIdTokenValidatorTests {
 	@Test
 	public void setClockSkewWhenNullThenThrowIllegalArgumentException() {
 		OidcIdTokenValidator idTokenValidator = new OidcIdTokenValidator(this.registration.build());
-		assertThatThrownBy(() -> idTokenValidator.setClockSkew(null)).isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> idTokenValidator.setClockSkew(null));
 	}
 
 	@Test
 	public void setClockSkewWhenNegativeSecondsThenThrowIllegalArgumentException() {
 		OidcIdTokenValidator idTokenValidator = new OidcIdTokenValidator(this.registration.build());
-		assertThatThrownBy(() -> idTokenValidator.setClockSkew(Duration.ofSeconds(-1)))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> idTokenValidator.setClockSkew(Duration.ofSeconds(-1)));
 	}
 
 	@Test
 	public void setClockWhenNullThenThrowIllegalArgumentException() {
 		OidcIdTokenValidator idTokenValidator = new OidcIdTokenValidator(this.registration.build());
-		assertThatThrownBy(() -> idTokenValidator.setClock(null)).isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> idTokenValidator.setClock(null));
 	}
 
 	@Test
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/ReactiveOidcIdTokenDecoderFactoryTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/ReactiveOidcIdTokenDecoderFactoryTests.java
index 10a57382c1..736866d4d9 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/ReactiveOidcIdTokenDecoderFactoryTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/ReactiveOidcIdTokenDecoderFactoryTests.java
@@ -36,7 +36,8 @@ import org.springframework.security.oauth2.jose.jws.SignatureAlgorithm;
 import org.springframework.security.oauth2.jwt.Jwt;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.ArgumentMatchers.same;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
@@ -76,33 +77,30 @@ public class ReactiveOidcIdTokenDecoderFactoryTests {
 
 	@Test
 	public void setJwtValidatorFactoryWhenNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.idTokenDecoderFactory.setJwtValidatorFactory(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.idTokenDecoderFactory.setJwtValidatorFactory(null));
 	}
 
 	@Test
 	public void setJwsAlgorithmResolverWhenNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.idTokenDecoderFactory.setJwsAlgorithmResolver(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.idTokenDecoderFactory.setJwsAlgorithmResolver(null));
 	}
 
 	@Test
 	public void setClaimTypeConverterFactoryWhenNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.idTokenDecoderFactory.setClaimTypeConverterFactory(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.idTokenDecoderFactory.setClaimTypeConverterFactory(null));
 	}
 
 	@Test
 	public void createDecoderWhenClientRegistrationNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.idTokenDecoderFactory.createDecoder(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.idTokenDecoderFactory.createDecoder(null));
 	}
 
 	@Test
 	public void createDecoderWhenJwsAlgorithmDefaultAndJwkSetUriEmptyThenThrowOAuth2AuthenticationException() {
-		assertThatThrownBy(() -> this.idTokenDecoderFactory.createDecoder(this.registration.jwkSetUri(null).build()))
-				.isInstanceOf(OAuth2AuthenticationException.class)
-				.hasMessage("[missing_signature_verifier] Failed to find a Signature Verifier "
+		assertThatExceptionOfType(OAuth2AuthenticationException.class)
+				.isThrownBy(() -> this.idTokenDecoderFactory.createDecoder(this.registration.jwkSetUri(null).build()))
+				.withMessage("[missing_signature_verifier] Failed to find a Signature Verifier "
 						+ "for Client Registration: 'registration-id'. "
 						+ "Check to ensure you have configured the JwkSet URI.");
 	}
@@ -110,9 +108,9 @@ public class ReactiveOidcIdTokenDecoderFactoryTests {
 	@Test
 	public void createDecoderWhenJwsAlgorithmEcAndJwkSetUriEmptyThenThrowOAuth2AuthenticationException() {
 		this.idTokenDecoderFactory.setJwsAlgorithmResolver((clientRegistration) -> SignatureAlgorithm.ES256);
-		assertThatThrownBy(() -> this.idTokenDecoderFactory.createDecoder(this.registration.jwkSetUri(null).build()))
-				.isInstanceOf(OAuth2AuthenticationException.class)
-				.hasMessage("[missing_signature_verifier] Failed to find a Signature Verifier "
+		assertThatExceptionOfType(OAuth2AuthenticationException.class)
+				.isThrownBy(() -> this.idTokenDecoderFactory.createDecoder(this.registration.jwkSetUri(null).build()))
+				.withMessage("[missing_signature_verifier] Failed to find a Signature Verifier "
 						+ "for Client Registration: 'registration-id'. "
 						+ "Check to ensure you have configured the JwkSet URI.");
 	}
@@ -120,9 +118,10 @@ public class ReactiveOidcIdTokenDecoderFactoryTests {
 	@Test
 	public void createDecoderWhenJwsAlgorithmHmacAndClientSecretNullThenThrowOAuth2AuthenticationException() {
 		this.idTokenDecoderFactory.setJwsAlgorithmResolver((clientRegistration) -> MacAlgorithm.HS256);
-		assertThatThrownBy(() -> this.idTokenDecoderFactory.createDecoder(this.registration.clientSecret(null).build()))
-				.isInstanceOf(OAuth2AuthenticationException.class)
-				.hasMessage("[missing_signature_verifier] Failed to find a Signature Verifier "
+		assertThatExceptionOfType(OAuth2AuthenticationException.class)
+				.isThrownBy(
+						() -> this.idTokenDecoderFactory.createDecoder(this.registration.clientSecret(null).build()))
+				.withMessage("[missing_signature_verifier] Failed to find a Signature Verifier "
 						+ "for Client Registration: 'registration-id'. "
 						+ "Check to ensure you have configured the client secret.");
 	}
@@ -130,9 +129,9 @@ public class ReactiveOidcIdTokenDecoderFactoryTests {
 	@Test
 	public void createDecoderWhenJwsAlgorithmNullThenThrowOAuth2AuthenticationException() {
 		this.idTokenDecoderFactory.setJwsAlgorithmResolver((clientRegistration) -> null);
-		assertThatThrownBy(() -> this.idTokenDecoderFactory.createDecoder(this.registration.build()))
-				.isInstanceOf(OAuth2AuthenticationException.class)
-				.hasMessage("[missing_signature_verifier] Failed to find a Signature Verifier "
+		assertThatExceptionOfType(OAuth2AuthenticationException.class)
+				.isThrownBy(() -> this.idTokenDecoderFactory.createDecoder(this.registration.build()))
+				.withMessage("[missing_signature_verifier] Failed to find a Signature Verifier "
 						+ "for Client Registration: 'registration-id'. "
 						+ "Check to ensure you have configured a valid JWS Algorithm: 'null'");
 	}
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcReactiveOAuth2UserServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcReactiveOAuth2UserServiceTests.java
index 0289684cc6..e41eafe700 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcReactiveOAuth2UserServiceTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcReactiveOAuth2UserServiceTests.java
@@ -53,8 +53,8 @@ import org.springframework.security.oauth2.core.user.OAuth2User;
 import org.springframework.security.oauth2.core.user.OAuth2UserAuthority;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatCode;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.same;
 import static org.mockito.BDDMockito.given;
@@ -97,8 +97,7 @@ public class OidcReactiveOAuth2UserServiceTests {
 
 	@Test
 	public void setClaimTypeConverterFactoryWhenNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.userService.setClaimTypeConverterFactory(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.userService.setClaimTypeConverterFactory(null));
 	}
 
 	@Test
@@ -120,8 +119,8 @@ public class OidcReactiveOAuth2UserServiceTests {
 		OAuth2User oauth2User = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("ROLE_USER"),
 				Collections.singletonMap("user", "rob"), "user");
 		given(this.oauth2UserService.loadUser(any())).willReturn(Mono.just(oauth2User));
-		assertThatCode(() -> this.userService.loadUser(userRequest()).block())
-				.isInstanceOf(OAuth2AuthenticationException.class);
+		assertThatExceptionOfType(OAuth2AuthenticationException.class)
+				.isThrownBy(() -> this.userService.loadUser(userRequest()).block());
 	}
 
 	@Test
@@ -132,8 +131,8 @@ public class OidcReactiveOAuth2UserServiceTests {
 		OAuth2User oauth2User = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("ROLE_USER"), attributes,
 				"user");
 		given(this.oauth2UserService.loadUser(any())).willReturn(Mono.just(oauth2User));
-		assertThatCode(() -> this.userService.loadUser(userRequest()).block())
-				.isInstanceOf(OAuth2AuthenticationException.class);
+		assertThatExceptionOfType(OAuth2AuthenticationException.class)
+				.isThrownBy(() -> this.userService.loadUser(userRequest()).block());
 	}
 
 	@Test
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestTests.java
index 412a1ed786..af20f2c911 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestTests.java
@@ -32,7 +32,7 @@ import org.springframework.security.oauth2.core.oidc.OidcIdToken;
 import org.springframework.security.oauth2.core.oidc.TestOidcIdTokens;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * Tests for {@link OidcUserRequest}.
@@ -62,20 +62,20 @@ public class OidcUserRequestTests {
 
 	@Test
 	public void constructorWhenClientRegistrationIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> new OidcUserRequest(null, this.accessToken, this.idToken))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new OidcUserRequest(null, this.accessToken, this.idToken));
 	}
 
 	@Test
 	public void constructorWhenAccessTokenIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> new OidcUserRequest(this.clientRegistration, null, this.idToken))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new OidcUserRequest(this.clientRegistration, null, this.idToken));
 	}
 
 	@Test
 	public void constructorWhenIdTokenIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> new OidcUserRequest(this.clientRegistration, this.accessToken, null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new OidcUserRequest(this.clientRegistration, this.accessToken, null));
 	}
 
 	@Test
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserServiceTests.java
index 73b0e8c68b..602cf47e32 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserServiceTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserServiceTests.java
@@ -56,7 +56,7 @@ import org.springframework.security.oauth2.core.oidc.user.OidcUser;
 import org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.hamcrest.CoreMatchers.containsString;
 import static org.mockito.ArgumentMatchers.same;
 import static org.mockito.BDDMockito.given;
@@ -113,20 +113,17 @@ public class OidcUserServiceTests {
 
 	@Test
 	public void setOauth2UserServiceWhenNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.userService.setOauth2UserService(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.userService.setOauth2UserService(null));
 	}
 
 	@Test
 	public void setClaimTypeConverterFactoryWhenNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.userService.setClaimTypeConverterFactory(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.userService.setClaimTypeConverterFactory(null));
 	}
 
 	@Test
 	public void setAccessibleScopesWhenNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.userService.setAccessibleScopes(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.userService.setAccessibleScopes(null));
 	}
 
 	@Test
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/logout/OidcClientInitiatedLogoutSuccessHandlerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/logout/OidcClientInitiatedLogoutSuccessHandlerTests.java
index a72c9059d6..f1b461e556 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/logout/OidcClientInitiatedLogoutSuccessHandlerTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/logout/OidcClientInitiatedLogoutSuccessHandlerTests.java
@@ -40,7 +40,7 @@ import org.springframework.security.oauth2.core.oidc.user.TestOidcUsers;
 import org.springframework.security.oauth2.core.user.TestOAuth2Users;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.Mockito.mock;
 
 /**
@@ -137,14 +137,12 @@ public class OidcClientInitiatedLogoutSuccessHandlerTests {
 
 	@Test
 	public void setPostLogoutRedirectUriWhenGivenNullThenThrowsException() {
-		assertThatThrownBy(() -> this.handler.setPostLogoutRedirectUri((URI) null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.handler.setPostLogoutRedirectUri((URI) null));
 	}
 
 	@Test
 	public void setPostLogoutRedirectUriTemplateWhenGivenNullThenThrowsException() {
-		assertThatThrownBy(() -> this.handler.setPostLogoutRedirectUri((String) null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.handler.setPostLogoutRedirectUri((String) null));
 	}
 
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/server/logout/OidcClientInitiatedServerLogoutSuccessHandlerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/server/logout/OidcClientInitiatedServerLogoutSuccessHandlerTests.java
index b0465c0dc6..ba32753428 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/server/logout/OidcClientInitiatedServerLogoutSuccessHandlerTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/server/logout/OidcClientInitiatedServerLogoutSuccessHandlerTests.java
@@ -42,7 +42,7 @@ import org.springframework.web.server.ServerWebExchange;
 import org.springframework.web.server.WebFilterChain;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 
@@ -149,14 +149,12 @@ public class OidcClientInitiatedServerLogoutSuccessHandlerTests {
 
 	@Test
 	public void setPostLogoutRedirectUriWhenGivenNullThenThrowsException() {
-		assertThatThrownBy(() -> this.handler.setPostLogoutRedirectUri((URI) null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.handler.setPostLogoutRedirectUri((URI) null));
 	}
 
 	@Test
 	public void setPostLogoutRedirectUriTemplateWhenGivenNullThenThrowsException() {
-		assertThatThrownBy(() -> this.handler.setPostLogoutRedirectUri((String) null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.handler.setPostLogoutRedirectUri((String) null));
 	}
 
 	private String redirectedUrl(ServerWebExchange exchange) {
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationTests.java
index f419a9c07f..e2d37065be 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationTests.java
@@ -30,7 +30,7 @@ import org.springframework.security.oauth2.core.AuthorizationGrantType;
 import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * Tests for {@link ClientRegistration}.
@@ -364,18 +364,17 @@ public class ClientRegistrationTests {
 
 	@Test
 	public void buildWhenClientCredentialsGrantRegistrationIdIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> ClientRegistration.withRegistrationId(null).clientId(CLIENT_ID)
-				.clientSecret(CLIENT_SECRET).clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
-				.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS).tokenUri(TOKEN_URI).build())
-						.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> ClientRegistration.withRegistrationId(null).clientId(CLIENT_ID)
+						.clientSecret(CLIENT_SECRET).clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
+						.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS).tokenUri(TOKEN_URI).build());
 	}
 
 	@Test
 	public void buildWhenClientCredentialsGrantClientIdIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> ClientRegistration.withRegistrationId(REGISTRATION_ID).clientId(null)
-				.clientSecret(CLIENT_SECRET).clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
-				.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS).tokenUri(TOKEN_URI).build())
-						.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> ClientRegistration.withRegistrationId(REGISTRATION_ID)
+				.clientId(null).clientSecret(CLIENT_SECRET).clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
+				.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS).tokenUri(TOKEN_URI).build());
 	}
 
 	@Test
@@ -396,23 +395,23 @@ public class ClientRegistrationTests {
 
 	@Test
 	public void buildWhenClientCredentialsGrantTokenUriIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> ClientRegistration.withRegistrationId(REGISTRATION_ID).clientId(CLIENT_ID)
-				.clientSecret(CLIENT_SECRET).clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
-				.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS).tokenUri(null).build())
-						.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> ClientRegistration.withRegistrationId(REGISTRATION_ID).clientId(CLIENT_ID)
+						.clientSecret(CLIENT_SECRET).clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
+						.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS).tokenUri(null).build());
 	}
 
 	// gh-6256
 	@Test
 	public void buildWhenScopesContainASpaceThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> TestClientRegistrations.clientCredentials().scope("openid profile email").build())
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> TestClientRegistrations.clientCredentials().scope("openid profile email").build());
 	}
 
 	@Test
 	public void buildWhenScopesContainAnInvalidCharacterThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> TestClientRegistrations.clientCredentials().scope("an\"invalid\"scope").build())
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> TestClientRegistrations.clientCredentials().scope("an\"invalid\"scope").build());
 	}
 
 	@Test
@@ -433,18 +432,17 @@ public class ClientRegistrationTests {
 
 	@Test
 	public void buildWhenPasswordGrantRegistrationIdIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> ClientRegistration.withRegistrationId(null).clientId(CLIENT_ID)
-				.clientSecret(CLIENT_SECRET).clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
-				.authorizationGrantType(AuthorizationGrantType.PASSWORD).tokenUri(TOKEN_URI).build())
-						.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> ClientRegistration.withRegistrationId(null).clientId(CLIENT_ID)
+						.clientSecret(CLIENT_SECRET).clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
+						.authorizationGrantType(AuthorizationGrantType.PASSWORD).tokenUri(TOKEN_URI).build());
 	}
 
 	@Test
 	public void buildWhenPasswordGrantClientIdIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> ClientRegistration.withRegistrationId(REGISTRATION_ID).clientId(null)
-				.clientSecret(CLIENT_SECRET).clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
-				.authorizationGrantType(AuthorizationGrantType.PASSWORD).tokenUri(TOKEN_URI).build())
-						.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> ClientRegistration.withRegistrationId(REGISTRATION_ID)
+				.clientId(null).clientSecret(CLIENT_SECRET).clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
+				.authorizationGrantType(AuthorizationGrantType.PASSWORD).tokenUri(TOKEN_URI).build());
 	}
 
 	@Test
@@ -465,10 +463,10 @@ public class ClientRegistrationTests {
 
 	@Test
 	public void buildWhenPasswordGrantTokenUriIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> ClientRegistration.withRegistrationId(REGISTRATION_ID).clientId(CLIENT_ID)
-				.clientSecret(CLIENT_SECRET).clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
-				.authorizationGrantType(AuthorizationGrantType.PASSWORD).tokenUri(null).build())
-						.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> ClientRegistration.withRegistrationId(REGISTRATION_ID).clientId(CLIENT_ID)
+						.clientSecret(CLIENT_SECRET).clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
+						.authorizationGrantType(AuthorizationGrantType.PASSWORD).tokenUri(null).build());
 	}
 
 	@Test
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationsTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationsTests.java
index 4fa404c5e6..9510deb6d0 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationsTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationsTests.java
@@ -35,7 +35,8 @@ import org.springframework.security.oauth2.core.AuthorizationGrantType;
 import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
+import static org.assertj.core.api.Assertions.assertThatIllegalStateException;
 
 /**
  * @author Rob Winch
@@ -142,17 +143,16 @@ public class ClientRegistrationsTests {
 	@Test
 	public void issuerWhenResponseMissingJwksUriThenThrowsIllegalArgumentException() throws Exception {
 		this.response.remove("jwks_uri");
-		assertThatThrownBy(() -> registration("").build()).isInstanceOf(IllegalArgumentException.class)
-				.hasMessageContaining("The public JWK set URI must not be null");
+		assertThatIllegalArgumentException().isThrownBy(() -> registration("").build())
+				.withMessageContaining("The public JWK set URI must not be null");
 	}
 
 	// gh-7512
 	@Test
 	public void issuerWhenOidcFallbackResponseMissingJwksUriThenThrowsIllegalArgumentException() throws Exception {
 		this.response.remove("jwks_uri");
-		assertThatThrownBy(() -> registrationOidcFallback("issuer1", null).build())
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessageContaining("The public JWK set URI must not be null");
+		assertThatIllegalArgumentException().isThrownBy(() -> registrationOidcFallback("issuer1", null).build())
+				.withMessageContaining("The public JWK set URI must not be null");
 	}
 
 	// gh-7512
@@ -239,16 +239,16 @@ public class ClientRegistrationsTests {
 	@Test
 	public void issuerWhenGrantTypesSupportedInvalidThenException() {
 		this.response.put("grant_types_supported", Arrays.asList("implicit"));
-		assertThatThrownBy(() -> registration("")).isInstanceOf(IllegalArgumentException.class)
-				.hasMessageContaining("Only AuthorizationGrantType.AUTHORIZATION_CODE is supported. The issuer \""
+		assertThatIllegalArgumentException().isThrownBy(() -> registration(""))
+				.withMessageContaining("Only AuthorizationGrantType.AUTHORIZATION_CODE is supported. The issuer \""
 						+ this.issuer + "\" returned a configuration of [implicit]");
 	}
 
 	@Test
 	public void issuerWhenOAuth2GrantTypesSupportedInvalidThenException() {
 		this.response.put("grant_types_supported", Arrays.asList("implicit"));
-		assertThatThrownBy(() -> registrationOAuth2("", null)).isInstanceOf(IllegalArgumentException.class)
-				.hasMessageContaining("Only AuthorizationGrantType.AUTHORIZATION_CODE is supported. The issuer \""
+		assertThatIllegalArgumentException().isThrownBy(() -> registrationOAuth2("", null))
+				.withMessageContaining("Only AuthorizationGrantType.AUTHORIZATION_CODE is supported. The issuer \""
 						+ this.issuer + "\" returned a configuration of [implicit]");
 	}
 
@@ -301,30 +301,31 @@ public class ClientRegistrationsTests {
 	@Test
 	public void issuerWhenTokenEndpointAuthMethodsInvalidThenException() {
 		this.response.put("token_endpoint_auth_methods_supported", Arrays.asList("tls_client_auth"));
-		assertThatThrownBy(() -> registration("")).isInstanceOf(IllegalArgumentException.class).hasMessageContaining(
-				"Only ClientAuthenticationMethod.BASIC, ClientAuthenticationMethod.POST and ClientAuthenticationMethod.NONE are supported. The issuer \""
-						+ this.issuer + "\" returned a configuration of [tls_client_auth]");
+		assertThatIllegalArgumentException().isThrownBy(() -> registration(""))
+				.withMessageContaining("Only ClientAuthenticationMethod.BASIC, ClientAuthenticationMethod.POST and "
+						+ "ClientAuthenticationMethod.NONE are supported. The issuer \"" + this.issuer
+						+ "\" returned a configuration of [tls_client_auth]");
 	}
 
 	@Test
 	public void issuerWhenOAuth2TokenEndpointAuthMethodsInvalidThenException() {
 		this.response.put("token_endpoint_auth_methods_supported", Arrays.asList("tls_client_auth"));
-		assertThatThrownBy(() -> registrationOAuth2("", null)).isInstanceOf(IllegalArgumentException.class)
-				.hasMessageContaining(
-						"Only ClientAuthenticationMethod.BASIC, ClientAuthenticationMethod.POST and ClientAuthenticationMethod.NONE are supported. The issuer \""
-								+ this.issuer + "\" returned a configuration of [tls_client_auth]");
+		assertThatIllegalArgumentException().isThrownBy(() -> registrationOAuth2("", null))
+				.withMessageContaining("Only ClientAuthenticationMethod.BASIC, ClientAuthenticationMethod.POST and "
+						+ "ClientAuthenticationMethod.NONE are supported. The issuer \"" + this.issuer
+						+ "\" returned a configuration of [tls_client_auth]");
 	}
 
 	@Test
 	public void issuerWhenOAuth2EmptyStringThenMeaningfulErrorMessage() {
-		assertThatThrownBy(() -> ClientRegistrations.fromIssuerLocation(""))
-				.hasMessageContaining("issuer cannot be empty");
+		assertThatIllegalArgumentException().isThrownBy(() -> ClientRegistrations.fromIssuerLocation(""))
+				.withMessageContaining("issuer cannot be empty");
 	}
 
 	@Test
 	public void issuerWhenEmptyStringThenMeaningfulErrorMessage() {
-		assertThatThrownBy(() -> ClientRegistrations.fromOidcIssuerLocation(""))
-				.hasMessageContaining("issuer cannot be empty");
+		assertThatIllegalArgumentException().isThrownBy(() -> ClientRegistrations.fromOidcIssuerLocation(""))
+				.withMessageContaining("issuer cannot be empty");
 	}
 
 	@Test
@@ -334,9 +335,9 @@ public class ClientRegistrationsTests {
 		MockResponse mockResponse = new MockResponse().setBody(body).setHeader(HttpHeaders.CONTENT_TYPE,
 				MediaType.APPLICATION_JSON_VALUE);
 		this.server.enqueue(mockResponse);
-		assertThatThrownBy(() -> ClientRegistrations.fromOidcIssuerLocation(this.issuer)).hasMessageContaining(
-				"The Issuer \"https://example.com\" provided in the configuration metadata did not match the requested issuer \""
-						+ this.issuer + "\"");
+		assertThatIllegalStateException().isThrownBy(() -> ClientRegistrations.fromOidcIssuerLocation(this.issuer))
+				.withMessageContaining("The Issuer \"https://example.com\" provided in the configuration metadata did "
+						+ "not match the requested issuer \"" + this.issuer + "\"");
 	}
 
 	@Test
@@ -346,9 +347,9 @@ public class ClientRegistrationsTests {
 		MockResponse mockResponse = new MockResponse().setBody(body).setHeader(HttpHeaders.CONTENT_TYPE,
 				MediaType.APPLICATION_JSON_VALUE);
 		this.server.enqueue(mockResponse);
-		assertThatThrownBy(() -> ClientRegistrations.fromIssuerLocation(this.issuer)).hasMessageContaining(
-				"The Issuer \"https://example.com\" provided in the configuration metadata did not match the requested issuer \""
-						+ this.issuer + "\"");
+		assertThatIllegalStateException().isThrownBy(() -> ClientRegistrations.fromIssuerLocation(this.issuer))
+				.withMessageContaining("The Issuer \"https://example.com\" provided in the configuration metadata "
+						+ "did not match the requested issuer \"" + this.issuer + "\"");
 	}
 
 	private ClientRegistration.Builder registration(String path) throws Exception {
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/InMemoryReactiveClientRegistrationRepositoryTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/InMemoryReactiveClientRegistrationRepositoryTests.java
index 92fccfc27f..9f82055804 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/InMemoryReactiveClientRegistrationRepositoryTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/InMemoryReactiveClientRegistrationRepositoryTests.java
@@ -24,7 +24,7 @@ import org.junit.Test;
 import reactor.test.StepVerifier;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * @author Rob Winch
@@ -43,22 +43,21 @@ public class InMemoryReactiveClientRegistrationRepositoryTests {
 
 	@Test
 	public void constructorWhenZeroVarArgsThenIllegalArgumentException() {
-		assertThatThrownBy(() -> new InMemoryReactiveClientRegistrationRepository())
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> new InMemoryReactiveClientRegistrationRepository());
 	}
 
 	@Test
 	public void constructorWhenClientRegistrationArrayThenIllegalArgumentException() {
 		ClientRegistration[] registrations = null;
-		assertThatThrownBy(() -> new InMemoryReactiveClientRegistrationRepository(registrations))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new InMemoryReactiveClientRegistrationRepository(registrations));
 	}
 
 	@Test
 	public void constructorWhenClientRegistrationListThenIllegalArgumentException() {
 		List<ClientRegistration> registrations = null;
-		assertThatThrownBy(() -> new InMemoryReactiveClientRegistrationRepository(registrations))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new InMemoryReactiveClientRegistrationRepository(registrations));
 	}
 
 	@Test(expected = IllegalStateException.class)
@@ -70,8 +69,8 @@ public class InMemoryReactiveClientRegistrationRepositoryTests {
 	@Test
 	public void constructorWhenClientRegistrationIsNullThenIllegalArgumentException() {
 		ClientRegistration registration = null;
-		assertThatThrownBy(() -> new InMemoryReactiveClientRegistrationRepository(registration))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new InMemoryReactiveClientRegistrationRepository(registration));
 	}
 
 	@Test
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserServiceTests.java
index fec781af6f..0190997101 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserServiceTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserServiceTests.java
@@ -51,7 +51,7 @@ import org.springframework.security.oauth2.core.user.OAuth2UserAuthority;
 import org.springframework.web.reactive.function.client.WebClient;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
@@ -95,7 +95,7 @@ public class DefaultReactiveOAuth2UserServiceTests {
 	@Test
 	public void loadUserWhenUserInfoUriIsNullThenThrowOAuth2AuthenticationException() {
 		this.clientRegistration.userInfoUri(null);
-		StepVerifier.create(this.userService.loadUser(oauth2UserRequest())).expectErrorSatisfies((t) -> assertThat(t)
+		StepVerifier.create(this.userService.loadUser(oauth2UserRequest())).expectErrorSatisfies((ex) -> assertThat(ex)
 				.isInstanceOf(OAuth2AuthenticationException.class).hasMessageContaining("missing_user_info_uri"))
 				.verify();
 	}
@@ -103,7 +103,7 @@ public class DefaultReactiveOAuth2UserServiceTests {
 	@Test
 	public void loadUserWhenUserNameAttributeNameIsNullThenThrowOAuth2AuthenticationException() {
 		this.clientRegistration.userNameAttributeName(null);
-		StepVerifier.create(this.userService.loadUser(oauth2UserRequest())).expectErrorSatisfies((t) -> assertThat(t)
+		StepVerifier.create(this.userService.loadUser(oauth2UserRequest())).expectErrorSatisfies((ex) -> assertThat(ex)
 				.isInstanceOf(OAuth2AuthenticationException.class).hasMessageContaining("missing_user_name_attribute"))
 				.verify();
 	}
@@ -169,23 +169,25 @@ public class DefaultReactiveOAuth2UserServiceTests {
 				+ "   \"address\": \"address\",\n" + "   \"email\": \"user1@example.com\"\n";
 		// "}\n"; // Make the JSON invalid/malformed
 		enqueueApplicationJsonBody(userInfoResponse);
-		assertThatThrownBy(() -> this.userService.loadUser(oauth2UserRequest()).block())
-				.isInstanceOf(OAuth2AuthenticationException.class).hasMessageContaining("invalid_user_info_response");
+		assertThatExceptionOfType(OAuth2AuthenticationException.class)
+				.isThrownBy(() -> this.userService.loadUser(oauth2UserRequest()).block())
+				.withMessageContaining("invalid_user_info_response");
 	}
 
 	@Test
 	public void loadUserWhenUserInfoErrorResponseThenThrowOAuth2AuthenticationException() {
 		this.server.enqueue(new MockResponse().setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE)
 				.setResponseCode(500).setBody("{}"));
-		assertThatThrownBy(() -> this.userService.loadUser(oauth2UserRequest()).block())
-				.isInstanceOf(OAuth2AuthenticationException.class).hasMessageContaining("invalid_user_info_response");
+		assertThatExceptionOfType(OAuth2AuthenticationException.class)
+				.isThrownBy(() -> this.userService.loadUser(oauth2UserRequest()).block())
+				.withMessageContaining("invalid_user_info_response");
 	}
 
 	@Test
 	public void loadUserWhenUserInfoUriInvalidThenThrowAuthenticationServiceException() {
 		this.clientRegistration.userInfoUri("https://invalid-provider.com/user");
-		assertThatThrownBy(() -> this.userService.loadUser(oauth2UserRequest()).block())
-				.isInstanceOf(AuthenticationServiceException.class);
+		assertThatExceptionOfType(AuthenticationServiceException.class)
+				.isThrownBy(() -> this.userService.loadUser(oauth2UserRequest()).block());
 	}
 
 	@Test
@@ -224,11 +226,11 @@ public class DefaultReactiveOAuth2UserServiceTests {
 		response.setBody("invalid content type");
 		this.server.enqueue(response);
 		OAuth2UserRequest userRequest = oauth2UserRequest();
-		assertThatThrownBy(() -> this.userService.loadUser(userRequest).block())
-				.isInstanceOf(OAuth2AuthenticationException.class).hasMessageContaining(
-						"[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource from '"
-								+ userRequest.getClientRegistration().getProviderDetails().getUserInfoEndpoint()
-										.getUri()
+		assertThatExceptionOfType(OAuth2AuthenticationException.class)
+				.isThrownBy(() -> this.userService.loadUser(userRequest).block()).withMessageContaining(
+						"[invalid_user_info_response] An error occurred while attempting to "
+								+ "retrieve the UserInfo Resource from '" + userRequest.getClientRegistration()
+										.getProviderDetails().getUserInfoEndpoint().getUri()
 								+ "': " + "response contains invalid content type 'text/plain'");
 	}
 
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequestTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequestTests.java
index 85b13b8d83..c6fa99ae3e 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequestTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequestTests.java
@@ -31,7 +31,7 @@ import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
 import org.springframework.security.oauth2.core.OAuth2AccessToken;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * Tests for {@link OAuth2UserRequest}.
@@ -63,14 +63,12 @@ public class OAuth2UserRequestTests {
 
 	@Test
 	public void constructorWhenClientRegistrationIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> new OAuth2UserRequest(null, this.accessToken))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> new OAuth2UserRequest(null, this.accessToken));
 	}
 
 	@Test
 	public void constructorWhenAccessTokenIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> new OAuth2UserRequest(this.clientRegistration, null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> new OAuth2UserRequest(this.clientRegistration, null));
 	}
 
 	@Test
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/AuthenticatedPrincipalOAuth2AuthorizedClientRepositoryTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/AuthenticatedPrincipalOAuth2AuthorizedClientRepositoryTests.java
index 3266a7d653..88e7c57ade 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/AuthenticatedPrincipalOAuth2AuthorizedClientRepositoryTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/AuthenticatedPrincipalOAuth2AuthorizedClientRepositoryTests.java
@@ -28,7 +28,7 @@ import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
 import org.springframework.security.oauth2.client.OAuth2AuthorizedClientService;
 
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
 
@@ -67,14 +67,14 @@ public class AuthenticatedPrincipalOAuth2AuthorizedClientRepositoryTests {
 
 	@Test
 	public void constructorWhenAuthorizedClientServiceIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> new AuthenticatedPrincipalOAuth2AuthorizedClientRepository(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new AuthenticatedPrincipalOAuth2AuthorizedClientRepository(null));
 	}
 
 	@Test
 	public void setAuthorizedClientRepositoryWhenAuthorizedClientRepositoryIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.authorizedClientRepository.setAnonymousAuthorizedClientRepository(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.authorizedClientRepository.setAnonymousAuthorizedClientRepository(null));
 	}
 
 	@Test
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolverTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolverTests.java
index ddcc33cc29..0c2e2b70f9 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolverTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolverTests.java
@@ -41,7 +41,7 @@ import org.springframework.security.oauth2.core.oidc.OidcScopes;
 import org.springframework.security.oauth2.core.oidc.endpoint.OidcParameterNames;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.assertj.core.api.Assertions.entry;
 
 /**
@@ -86,20 +86,19 @@ public class DefaultOAuth2AuthorizationRequestResolverTests {
 
 	@Test
 	public void constructorWhenClientRegistrationRepositoryIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> new DefaultOAuth2AuthorizationRequestResolver(null, this.authorizationRequestBaseUri))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(
+				() -> new DefaultOAuth2AuthorizationRequestResolver(null, this.authorizationRequestBaseUri));
 	}
 
 	@Test
 	public void constructorWhenAuthorizationRequestBaseUriIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> new DefaultOAuth2AuthorizationRequestResolver(this.clientRegistrationRepository, null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(
+				() -> new DefaultOAuth2AuthorizationRequestResolver(this.clientRegistrationRepository, null));
 	}
 
 	@Test
 	public void setAuthorizationRequestCustomizerWhenNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.resolver.setAuthorizationRequestCustomizer(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.resolver.setAuthorizationRequestCustomizer(null));
 	}
 
 	@Test
@@ -135,9 +134,8 @@ public class DefaultOAuth2AuthorizationRequestResolverTests {
 				+ "-invalid";
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri);
 		request.setServletPath(requestUri);
-		assertThatThrownBy(() -> this.resolver.resolve(request)).isInstanceOf(IllegalArgumentException.class)
-				.hasMessage(
-						"Invalid Client Registration with Id: " + clientRegistration.getRegistrationId() + "-invalid");
+		assertThatIllegalArgumentException().isThrownBy(() -> this.resolver.resolve(request)).withMessage(
+				"Invalid Client Registration with Id: " + clientRegistration.getRegistrationId() + "-invalid");
 	}
 
 	@Test
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManagerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManagerTests.java
index 4610f688c2..565795fb68 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManagerTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManagerTests.java
@@ -50,8 +50,8 @@ import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
 import org.springframework.util.StringUtils;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatCode;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.BDDMockito.given;
@@ -133,44 +133,50 @@ public class DefaultOAuth2AuthorizedClientManagerTests {
 
 	@Test
 	public void constructorWhenClientRegistrationRepositoryIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> new DefaultOAuth2AuthorizedClientManager(null, this.authorizedClientRepository))
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("clientRegistrationRepository cannot be null");
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new DefaultOAuth2AuthorizedClientManager(null, this.authorizedClientRepository))
+				.withMessage("clientRegistrationRepository cannot be null");
 	}
 
 	@Test
 	public void constructorWhenOAuth2AuthorizedClientRepositoryIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> new DefaultOAuth2AuthorizedClientManager(this.clientRegistrationRepository, null))
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("authorizedClientRepository cannot be null");
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new DefaultOAuth2AuthorizedClientManager(this.clientRegistrationRepository, null))
+				.withMessage("authorizedClientRepository cannot be null");
 	}
 
 	@Test
 	public void setAuthorizedClientProviderWhenNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.authorizedClientManager.setAuthorizedClientProvider(null))
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("authorizedClientProvider cannot be null");
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.authorizedClientManager.setAuthorizedClientProvider(null))
+				.withMessage("authorizedClientProvider cannot be null");
 	}
 
 	@Test
 	public void setContextAttributesMapperWhenNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.authorizedClientManager.setContextAttributesMapper(null))
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("contextAttributesMapper cannot be null");
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.authorizedClientManager.setContextAttributesMapper(null))
+				.withMessage("contextAttributesMapper cannot be null");
 	}
 
 	@Test
 	public void setAuthorizationSuccessHandlerWhenNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.authorizedClientManager.setAuthorizationSuccessHandler(null))
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("authorizationSuccessHandler cannot be null");
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.authorizedClientManager.setAuthorizationSuccessHandler(null))
+				.withMessage("authorizationSuccessHandler cannot be null");
 	}
 
 	@Test
 	public void setAuthorizationFailureHandlerWhenNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.authorizedClientManager.setAuthorizationFailureHandler(null))
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("authorizationFailureHandler cannot be null");
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.authorizedClientManager.setAuthorizationFailureHandler(null))
+				.withMessage("authorizationFailureHandler cannot be null");
 	}
 
 	@Test
 	public void authorizeWhenRequestIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.authorizedClientManager.authorize(null))
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("authorizeRequest cannot be null");
+		assertThatIllegalArgumentException().isThrownBy(() -> this.authorizedClientManager.authorize(null))
+				.withMessage("authorizeRequest cannot be null");
 	}
 
 	@Test
@@ -178,8 +184,8 @@ public class DefaultOAuth2AuthorizedClientManagerTests {
 		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
 				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
 				.build();
-		assertThatThrownBy(() -> this.authorizedClientManager.authorize(authorizeRequest))
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("servletRequest cannot be null");
+		assertThatIllegalArgumentException().isThrownBy(() -> this.authorizedClientManager.authorize(authorizeRequest))
+				.withMessage("servletRequest cannot be null");
 	}
 
 	@Test
@@ -187,8 +193,8 @@ public class DefaultOAuth2AuthorizedClientManagerTests {
 		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
 				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
 				.attribute(HttpServletRequest.class.getName(), this.request).build();
-		assertThatThrownBy(() -> this.authorizedClientManager.authorize(authorizeRequest))
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("servletResponse cannot be null");
+		assertThatIllegalArgumentException().isThrownBy(() -> this.authorizedClientManager.authorize(authorizeRequest))
+				.withMessage("servletResponse cannot be null");
 	}
 
 	@Test
@@ -198,9 +204,8 @@ public class DefaultOAuth2AuthorizedClientManagerTests {
 					attrs.put(HttpServletRequest.class.getName(), this.request);
 					attrs.put(HttpServletResponse.class.getName(), this.response);
 				}).build();
-		assertThatThrownBy(() -> this.authorizedClientManager.authorize(authorizeRequest))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("Could not find ClientRegistration with id 'invalid-registration-id'");
+		assertThatIllegalArgumentException().isThrownBy(() -> this.authorizedClientManager.authorize(authorizeRequest))
+				.withMessage("Could not find ClientRegistration with id 'invalid-registration-id'");
 	}
 
 	@SuppressWarnings("unchecked")
@@ -401,7 +406,8 @@ public class DefaultOAuth2AuthorizedClientManagerTests {
 					attrs.put(HttpServletRequest.class.getName(), this.request);
 					attrs.put(HttpServletResponse.class.getName(), this.response);
 				}).build();
-		assertThatCode(() -> this.authorizedClientManager.authorize(reauthorizeRequest))
+		assertThatExceptionOfType(ClientAuthorizationException.class)
+				.isThrownBy(() -> this.authorizedClientManager.authorize(reauthorizeRequest))
 				.isEqualTo(authorizationException);
 		verify(this.authorizationFailureHandler).onAuthorizationFailure(eq(authorizationException), eq(this.principal),
 				any());
@@ -420,7 +426,8 @@ public class DefaultOAuth2AuthorizedClientManagerTests {
 					attrs.put(HttpServletRequest.class.getName(), this.request);
 					attrs.put(HttpServletResponse.class.getName(), this.response);
 				}).build();
-		assertThatCode(() -> this.authorizedClientManager.authorize(reauthorizeRequest))
+		assertThatExceptionOfType(ClientAuthorizationException.class)
+				.isThrownBy(() -> this.authorizedClientManager.authorize(reauthorizeRequest))
 				.isEqualTo(authorizationException);
 		verify(this.authorizationFailureHandler).onAuthorizationFailure(eq(authorizationException), eq(this.principal),
 				any());
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultReactiveOAuth2AuthorizedClientManagerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultReactiveOAuth2AuthorizedClientManagerTests.java
index a80ca4ee9d..b41e196ba8 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultReactiveOAuth2AuthorizedClientManagerTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultReactiveOAuth2AuthorizedClientManagerTests.java
@@ -51,8 +51,8 @@ import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
 import org.springframework.web.server.ServerWebExchange;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatCode;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyString;
 import static org.mockito.ArgumentMatchers.eq;
@@ -131,48 +131,52 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests {
 
 	@Test
 	public void constructorWhenClientRegistrationRepositoryIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(
-				() -> new DefaultReactiveOAuth2AuthorizedClientManager(null, this.authorizedClientRepository))
-						.isInstanceOf(IllegalArgumentException.class)
-						.hasMessage("clientRegistrationRepository cannot be null");
+		assertThatIllegalArgumentException()
+				.isThrownBy(
+						() -> new DefaultReactiveOAuth2AuthorizedClientManager(null, this.authorizedClientRepository))
+				.withMessage("clientRegistrationRepository cannot be null");
 	}
 
 	@Test
 	public void constructorWhenOAuth2AuthorizedClientRepositoryIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(
-				() -> new DefaultReactiveOAuth2AuthorizedClientManager(this.clientRegistrationRepository, null))
-						.isInstanceOf(IllegalArgumentException.class)
-						.hasMessage("authorizedClientRepository cannot be null");
+		assertThatIllegalArgumentException()
+				.isThrownBy(
+						() -> new DefaultReactiveOAuth2AuthorizedClientManager(this.clientRegistrationRepository, null))
+				.withMessage("authorizedClientRepository cannot be null");
 	}
 
 	@Test
 	public void setAuthorizedClientProviderWhenNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.authorizedClientManager.setAuthorizedClientProvider(null))
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("authorizedClientProvider cannot be null");
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.authorizedClientManager.setAuthorizedClientProvider(null))
+				.withMessage("authorizedClientProvider cannot be null");
 	}
 
 	@Test
 	public void setAuthorizationSuccessHandlerWhenNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.authorizedClientManager.setAuthorizationSuccessHandler(null))
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("authorizationSuccessHandler cannot be null");
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.authorizedClientManager.setAuthorizationSuccessHandler(null))
+				.withMessage("authorizationSuccessHandler cannot be null");
 	}
 
 	@Test
 	public void setAuthorizationFailureHandlerWhenNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.authorizedClientManager.setAuthorizationFailureHandler(null))
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("authorizationFailureHandler cannot be null");
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.authorizedClientManager.setAuthorizationFailureHandler(null))
+				.withMessage("authorizationFailureHandler cannot be null");
 	}
 
 	@Test
 	public void setContextAttributesMapperWhenNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.authorizedClientManager.setContextAttributesMapper(null))
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("contextAttributesMapper cannot be null");
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.authorizedClientManager.setContextAttributesMapper(null))
+				.withMessage("contextAttributesMapper cannot be null");
 	}
 
 	@Test
 	public void authorizeWhenRequestIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.authorizedClientManager.authorize(null).block())
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("authorizeRequest cannot be null");
+		assertThatIllegalArgumentException().isThrownBy(() -> this.authorizedClientManager.authorize(null).block())
+				.withMessage("authorizeRequest cannot be null");
 	}
 
 	@Test
@@ -180,18 +184,18 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests {
 		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
 				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
 				.build();
-		assertThatThrownBy(() -> this.authorizedClientManager.authorize(authorizeRequest).block())
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("serverWebExchange cannot be null");
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.authorizedClientManager.authorize(authorizeRequest).block())
+				.withMessage("serverWebExchange cannot be null");
 	}
 
 	@Test
 	public void authorizeWhenClientRegistrationNotFoundThenThrowIllegalArgumentException() {
 		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
 				.withClientRegistrationId("invalid-registration-id").principal(this.principal).build();
-		assertThatThrownBy(
+		assertThatIllegalArgumentException().isThrownBy(
 				() -> this.authorizedClientManager.authorize(authorizeRequest).subscriberContext(this.context).block())
-						.isInstanceOf(IllegalArgumentException.class)
-						.hasMessage("Could not find ClientRegistration with id 'invalid-registration-id'");
+				.withMessage("Could not find ClientRegistration with id 'invalid-registration-id'");
 	}
 
 	@SuppressWarnings("unchecked")
@@ -280,9 +284,9 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests {
 				this.clientRegistration.getRegistrationId());
 		given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
 				.willReturn(Mono.error(exception));
-		assertThatCode(
+		assertThatExceptionOfType(ClientAuthorizationException.class).isThrownBy(
 				() -> this.authorizedClientManager.authorize(authorizeRequest).subscriberContext(this.context).block())
-						.isEqualTo(exception);
+				.isEqualTo(exception);
 		verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture());
 		verify(this.contextAttributesMapper).apply(eq(authorizeRequest));
 		OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue();
@@ -308,9 +312,9 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests {
 				this.clientRegistration.getRegistrationId());
 		given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
 				.willReturn(Mono.error(exception));
-		assertThatCode(
+		assertThatExceptionOfType(ClientAuthorizationException.class).isThrownBy(
 				() -> this.authorizedClientManager.authorize(authorizeRequest).subscriberContext(this.context).block())
-						.isEqualTo(exception);
+				.isEqualTo(exception);
 		verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture());
 		verify(this.contextAttributesMapper).apply(eq(authorizeRequest));
 		OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue();
@@ -336,9 +340,9 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests {
 				this.clientRegistration.getRegistrationId());
 		given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
 				.willReturn(Mono.error(exception));
-		assertThatCode(
+		assertThatExceptionOfType(ClientAuthorizationException.class).isThrownBy(
 				() -> this.authorizedClientManager.authorize(authorizeRequest).subscriberContext(this.context).block())
-						.isEqualTo(exception);
+				.isEqualTo(exception);
 		verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture());
 		verify(this.contextAttributesMapper).apply(eq(authorizeRequest));
 		OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue();
@@ -361,9 +365,9 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests {
 				new OAuth2Error(OAuth2ErrorCodes.INVALID_GRANT, null, null));
 		given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
 				.willReturn(Mono.error(exception));
-		assertThatCode(
+		assertThatExceptionOfType(OAuth2AuthorizationException.class).isThrownBy(
 				() -> this.authorizedClientManager.authorize(authorizeRequest).subscriberContext(this.context).block())
-						.isEqualTo(exception);
+				.isEqualTo(exception);
 		verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture());
 		verify(this.contextAttributesMapper).apply(eq(authorizeRequest));
 		OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue();
@@ -389,9 +393,9 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests {
 		PublisherProbe<Void> authorizationFailureHandlerProbe = PublisherProbe.empty();
 		this.authorizedClientManager.setAuthorizationFailureHandler(
 				(client, principal, attributes) -> authorizationFailureHandlerProbe.mono());
-		assertThatCode(
+		assertThatExceptionOfType(OAuth2AuthorizationException.class).isThrownBy(
 				() -> this.authorizedClientManager.authorize(authorizeRequest).subscriberContext(this.context).block())
-						.isEqualTo(exception);
+				.isEqualTo(exception);
 		verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture());
 		verify(this.contextAttributesMapper).apply(eq(authorizeRequest));
 		OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue();
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizationRequestRepositoryTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizationRequestRepositoryTests.java
index c28af93daa..ba329f42e9 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizationRequestRepositoryTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizationRequestRepositoryTests.java
@@ -30,7 +30,7 @@ import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequ
 import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * Tests for {@link HttpSessionOAuth2AuthorizationRequestRepository}.
@@ -110,23 +110,23 @@ public class HttpSessionOAuth2AuthorizationRequestRepositoryTests {
 	@Test
 	public void saveAuthorizationRequestWhenHttpServletRequestIsNullThenThrowIllegalArgumentException() {
 		OAuth2AuthorizationRequest authorizationRequest = createAuthorizationRequest().build();
-		assertThatThrownBy(() -> this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest,
-				null, new MockHttpServletResponse())).isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.authorizationRequestRepository
+				.saveAuthorizationRequest(authorizationRequest, null, new MockHttpServletResponse()));
 	}
 
 	@Test
 	public void saveAuthorizationRequestWhenHttpServletResponseIsNullThenThrowIllegalArgumentException() {
 		OAuth2AuthorizationRequest authorizationRequest = createAuthorizationRequest().build();
-		assertThatThrownBy(() -> this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest,
-				new MockHttpServletRequest(), null)).isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.authorizationRequestRepository
+				.saveAuthorizationRequest(authorizationRequest, new MockHttpServletRequest(), null));
 	}
 
 	@Test
 	public void saveAuthorizationRequestWhenStateNullThenThrowIllegalArgumentException() {
 		OAuth2AuthorizationRequest authorizationRequest = createAuthorizationRequest().state(null).build();
-		assertThatThrownBy(() -> this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest,
-				new MockHttpServletRequest(), new MockHttpServletResponse()))
-						.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest,
+						new MockHttpServletRequest(), new MockHttpServletResponse()));
 	}
 
 	@Test
@@ -185,15 +185,14 @@ public class HttpSessionOAuth2AuthorizationRequestRepositoryTests {
 
 	@Test
 	public void removeAuthorizationRequestWhenHttpServletRequestIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.authorizationRequestRepository.removeAuthorizationRequest(null,
-				new MockHttpServletResponse())).isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.authorizationRequestRepository
+				.removeAuthorizationRequest(null, new MockHttpServletResponse()));
 	}
 
 	@Test
 	public void removeAuthorizationRequestWhenHttpServletResponseIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.authorizationRequestRepository
-				.removeAuthorizationRequest(new MockHttpServletRequest(), null))
-						.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.authorizationRequestRepository
+				.removeAuthorizationRequest(new MockHttpServletRequest(), null));
 	}
 
 	@Test
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizedClientRepositoryTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizedClientRepositoryTests.java
index 7cf152bdbd..42db859732 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizedClientRepositoryTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizedClientRepositoryTests.java
@@ -31,7 +31,7 @@ import org.springframework.security.oauth2.client.registration.TestClientRegistr
 import org.springframework.security.oauth2.core.OAuth2AccessToken;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.Mockito.mock;
 
 /**
@@ -65,8 +65,8 @@ public class HttpSessionOAuth2AuthorizedClientRepositoryTests {
 
 	@Test
 	public void loadAuthorizedClientWhenClientRegistrationIdIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.authorizedClientRepository.loadAuthorizedClient(null, null, this.request))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.authorizedClientRepository.loadAuthorizedClient(null, null, this.request));
 	}
 
 	@Test
@@ -76,8 +76,8 @@ public class HttpSessionOAuth2AuthorizedClientRepositoryTests {
 
 	@Test
 	public void loadAuthorizedClientWhenRequestIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.authorizedClientRepository.loadAuthorizedClient(this.registrationId1, null, null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(
+				() -> this.authorizedClientRepository.loadAuthorizedClient(this.registrationId1, null, null));
 	}
 
 	@Test
@@ -99,9 +99,8 @@ public class HttpSessionOAuth2AuthorizedClientRepositoryTests {
 
 	@Test
 	public void saveAuthorizedClientWhenAuthorizedClientIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(
-				() -> this.authorizedClientRepository.saveAuthorizedClient(null, null, this.request, this.response))
-						.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(
+				() -> this.authorizedClientRepository.saveAuthorizedClient(null, null, this.request, this.response));
 	}
 
 	@Test
@@ -115,18 +114,16 @@ public class HttpSessionOAuth2AuthorizedClientRepositoryTests {
 	public void saveAuthorizedClientWhenRequestIsNullThenThrowIllegalArgumentException() {
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration2, this.principalName1,
 				mock(OAuth2AccessToken.class));
-		assertThatThrownBy(
-				() -> this.authorizedClientRepository.saveAuthorizedClient(authorizedClient, null, null, this.response))
-						.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.authorizedClientRepository
+				.saveAuthorizedClient(authorizedClient, null, null, this.response));
 	}
 
 	@Test
 	public void saveAuthorizedClientWhenResponseIsNullThenThrowIllegalArgumentException() {
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration2, this.principalName1,
 				mock(OAuth2AccessToken.class));
-		assertThatThrownBy(
-				() -> this.authorizedClientRepository.saveAuthorizedClient(authorizedClient, null, this.request, null))
-						.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(
+				() -> this.authorizedClientRepository.saveAuthorizedClient(authorizedClient, null, this.request, null));
 	}
 
 	@Test
@@ -146,9 +143,8 @@ public class HttpSessionOAuth2AuthorizedClientRepositoryTests {
 
 	@Test
 	public void removeAuthorizedClientWhenClientRegistrationIdIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(
-				() -> this.authorizedClientRepository.removeAuthorizedClient(null, null, this.request, this.response))
-						.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(
+				() -> this.authorizedClientRepository.removeAuthorizedClient(null, null, this.request, this.response));
 	}
 
 	@Test
@@ -158,8 +154,8 @@ public class HttpSessionOAuth2AuthorizedClientRepositoryTests {
 
 	@Test
 	public void removeAuthorizedClientWhenRequestIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.authorizedClientRepository.removeAuthorizedClient(this.registrationId1, null,
-				null, this.response)).isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.authorizedClientRepository
+				.removeAuthorizedClient(this.registrationId1, null, null, this.response));
 	}
 
 	@Test
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilterTests.java
index b77b743985..20666fa15e 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilterTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilterTests.java
@@ -62,7 +62,7 @@ import org.springframework.security.web.util.UrlUtils;
 import org.springframework.util.CollectionUtils;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
@@ -121,31 +121,32 @@ public class OAuth2AuthorizationCodeGrantFilterTests {
 
 	@Test
 	public void constructorWhenClientRegistrationRepositoryIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> new OAuth2AuthorizationCodeGrantFilter(null, this.authorizedClientRepository,
-				this.authenticationManager)).isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> new OAuth2AuthorizationCodeGrantFilter(null,
+				this.authorizedClientRepository, this.authenticationManager));
 	}
 
 	@Test
 	public void constructorWhenAuthorizedClientRepositoryIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> new OAuth2AuthorizationCodeGrantFilter(this.clientRegistrationRepository, null,
-				this.authenticationManager)).isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new OAuth2AuthorizationCodeGrantFilter(this.clientRegistrationRepository, null,
+						this.authenticationManager));
 	}
 
 	@Test
 	public void constructorWhenAuthenticationManagerIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> new OAuth2AuthorizationCodeGrantFilter(this.clientRegistrationRepository,
-				this.authorizedClientRepository, null)).isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new OAuth2AuthorizationCodeGrantFilter(this.clientRegistrationRepository,
+						this.authorizedClientRepository, null));
 	}
 
 	@Test
 	public void setAuthorizationRequestRepositoryWhenAuthorizationRequestRepositoryIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.filter.setAuthorizationRequestRepository(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.filter.setAuthorizationRequestRepository(null));
 	}
 
 	@Test
 	public void setRequestCacheWhenRequestCacheIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.filter.setRequestCache(null)).isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.filter.setRequestCache(null));
 	}
 
 	@Test
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilterTests.java
index 26020004c6..2827d04e72 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilterTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilterTests.java
@@ -45,7 +45,7 @@ import org.springframework.util.ClassUtils;
 import org.springframework.web.util.UriComponentsBuilder;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.BDDMockito.willThrow;
@@ -91,31 +91,30 @@ public class OAuth2AuthorizationRequestRedirectFilterTests {
 	public void constructorWhenClientRegistrationRepositoryIsNullThenThrowIllegalArgumentException() {
 		Constructor<OAuth2AuthorizationRequestRedirectFilter> constructor = ClassUtils.getConstructorIfAvailable(
 				OAuth2AuthorizationRequestRedirectFilter.class, ClientRegistrationRepository.class);
-		assertThatThrownBy(() -> constructor.newInstance(null)).isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> constructor.newInstance(null));
 	}
 
 	@Test
 	public void constructorWhenAuthorizationRequestBaseUriIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> new OAuth2AuthorizationRequestRedirectFilter(this.clientRegistrationRepository, null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(
+				() -> new OAuth2AuthorizationRequestRedirectFilter(this.clientRegistrationRepository, null));
 	}
 
 	@Test
 	public void constructorWhenAuthorizationRequestResolverIsNullThenThrowIllegalArgumentException() {
 		Constructor<OAuth2AuthorizationRequestRedirectFilter> constructor = ClassUtils.getConstructorIfAvailable(
 				OAuth2AuthorizationRequestRedirectFilter.class, OAuth2AuthorizationRequestResolver.class);
-		assertThatThrownBy(() -> constructor.newInstance(null)).isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> constructor.newInstance(null));
 	}
 
 	@Test
 	public void setAuthorizationRequestRepositoryWhenAuthorizationRequestRepositoryIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.filter.setAuthorizationRequestRepository(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.filter.setAuthorizationRequestRepository(null));
 	}
 
 	@Test
 	public void setRequestCacheWhenRequestCacheIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.filter.setRequestCache(null)).isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.filter.setRequestCache(null));
 	}
 
 	@Test
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilterTests.java
index 2a783cc03e..3ad39a3877 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilterTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilterTests.java
@@ -59,7 +59,7 @@ import org.springframework.security.web.util.UrlUtils;
 import org.springframework.web.util.UriComponentsBuilder;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
@@ -122,33 +122,34 @@ public class OAuth2LoginAuthenticationFilterTests {
 
 	@Test
 	public void constructorWhenClientRegistrationRepositoryIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> new OAuth2LoginAuthenticationFilter(null, this.authorizedClientService))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new OAuth2LoginAuthenticationFilter(null, this.authorizedClientService));
 	}
 
 	@Test
 	public void constructorWhenAuthorizedClientServiceIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> new OAuth2LoginAuthenticationFilter(this.clientRegistrationRepository, null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new OAuth2LoginAuthenticationFilter(this.clientRegistrationRepository, null));
 	}
 
 	@Test
 	public void constructorWhenAuthorizedClientRepositoryIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> new OAuth2LoginAuthenticationFilter(this.clientRegistrationRepository,
-				(OAuth2AuthorizedClientRepository) null, OAuth2LoginAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI))
-						.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new OAuth2LoginAuthenticationFilter(this.clientRegistrationRepository,
+						(OAuth2AuthorizedClientRepository) null,
+						OAuth2LoginAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI));
 	}
 
 	@Test
 	public void constructorWhenFilterProcessesUrlIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> new OAuth2LoginAuthenticationFilter(this.clientRegistrationRepository,
-				this.authorizedClientRepository, null)).isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new OAuth2LoginAuthenticationFilter(this.clientRegistrationRepository,
+						this.authorizedClientRepository, null));
 	}
 
 	@Test
 	public void setAuthorizationRequestRepositoryWhenAuthorizationRequestRepositoryIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.filter.setAuthorizationRequestRepository(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.filter.setAuthorizationRequestRepository(null));
 	}
 
 	@Test
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolverTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolverTests.java
index 73cb3d8cff..7c43ee1260 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolverTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolverTests.java
@@ -63,7 +63,9 @@ import org.springframework.util.StringUtils;
 import org.springframework.web.context.request.ServletWebRequest;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
+import static org.assertj.core.api.Assertions.assertThatIllegalStateException;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyString;
 import static org.mockito.ArgumentMatchers.eq;
@@ -148,36 +150,37 @@ public class OAuth2AuthorizedClientArgumentResolverTests {
 
 	@Test
 	public void constructorWhenClientRegistrationRepositoryIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> new OAuth2AuthorizedClientArgumentResolver(null, this.authorizedClientRepository))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new OAuth2AuthorizedClientArgumentResolver(null, this.authorizedClientRepository));
 	}
 
 	@Test
 	public void constructorWhenOAuth2AuthorizedClientRepositoryIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> new OAuth2AuthorizedClientArgumentResolver(this.clientRegistrationRepository, null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new OAuth2AuthorizedClientArgumentResolver(this.clientRegistrationRepository, null));
 	}
 
 	@Test
 	public void constructorWhenAuthorizedClientManagerIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> new OAuth2AuthorizedClientArgumentResolver(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> new OAuth2AuthorizedClientArgumentResolver(null));
 	}
 
 	@Test
 	public void setClientCredentialsTokenResponseClientWhenClientIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.argumentResolver.setClientCredentialsTokenResponseClient(null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("clientCredentialsTokenResponseClient cannot be null");
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.argumentResolver.setClientCredentialsTokenResponseClient(null))
+				.withMessage("clientCredentialsTokenResponseClient cannot be null");
 	}
 
 	@Test
 	public void setClientCredentialsTokenResponseClientWhenNotDefaultAuthorizedClientManagerThenThrowIllegalStateException() {
-		assertThatThrownBy(() -> this.argumentResolver
-				.setClientCredentialsTokenResponseClient(new DefaultClientCredentialsTokenResponseClient()))
-						.isInstanceOf(IllegalStateException.class).hasMessage(
-								"The client cannot be set when the constructor used is \"OAuth2AuthorizedClientArgumentResolver(OAuth2AuthorizedClientManager)\". "
-										+ "Instead, use the constructor \"OAuth2AuthorizedClientArgumentResolver(ClientRegistrationRepository, OAuth2AuthorizedClientRepository)\".");
+		assertThatIllegalStateException()
+				.isThrownBy(() -> this.argumentResolver
+						.setClientCredentialsTokenResponseClient(new DefaultClientCredentialsTokenResponseClient()))
+				.withMessage("The client cannot be set when the constructor used is "
+						+ "\"OAuth2AuthorizedClientArgumentResolver(OAuth2AuthorizedClientManager)\". "
+						+ "Instead, use the constructor \"OAuth2AuthorizedClientArgumentResolver(ClientRegistrationRepository, "
+						+ "OAuth2AuthorizedClientRepository)\".");
 	}
 
 	@Test
@@ -210,9 +213,11 @@ public class OAuth2AuthorizedClientArgumentResolverTests {
 	@Test
 	public void resolveArgumentWhenRegistrationIdEmptyAndNotOAuth2AuthenticationThenThrowIllegalArgumentException() {
 		MethodParameter methodParameter = this.getMethodParameter("registrationIdEmpty", OAuth2AuthorizedClient.class);
-		assertThatThrownBy(() -> this.argumentResolver.resolveArgument(methodParameter, null, null, null))
-				.isInstanceOf(IllegalArgumentException.class).hasMessage(
-						"Unable to resolve the Client Registration Identifier. It must be provided via @RegisteredOAuth2AuthorizedClient(\"client1\") or @RegisteredOAuth2AuthorizedClient(registrationId = \"client1\").");
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.argumentResolver.resolveArgument(methodParameter, null, null, null))
+				.withMessage("Unable to resolve the Client Registration Identifier. It must be provided via "
+						+ "@RegisteredOAuth2AuthorizedClient(\"client1\") or "
+						+ "@RegisteredOAuth2AuthorizedClient(registrationId = \"client1\").");
 	}
 
 	@Test
@@ -239,9 +244,10 @@ public class OAuth2AuthorizedClientArgumentResolverTests {
 	public void resolveArgumentWhenRegistrationIdInvalidThenThrowIllegalArgumentException() {
 		MethodParameter methodParameter = this.getMethodParameter("registrationIdInvalid",
 				OAuth2AuthorizedClient.class);
-		assertThatThrownBy(() -> this.argumentResolver.resolveArgument(methodParameter, null,
-				new ServletWebRequest(this.request, this.response), null)).isInstanceOf(IllegalArgumentException.class)
-						.hasMessage("Could not find ClientRegistration with id 'invalid'");
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.argumentResolver.resolveArgument(methodParameter, null,
+						new ServletWebRequest(this.request, this.response), null))
+				.withMessage("Could not find ClientRegistration with id 'invalid'");
 	}
 
 	@Test
@@ -250,9 +256,8 @@ public class OAuth2AuthorizedClientArgumentResolverTests {
 				.willReturn(null);
 		MethodParameter methodParameter = this.getMethodParameter("paramTypeAuthorizedClient",
 				OAuth2AuthorizedClient.class);
-		assertThatThrownBy(() -> this.argumentResolver.resolveArgument(methodParameter, null,
-				new ServletWebRequest(this.request, this.response), null))
-						.isInstanceOf(ClientAuthorizationRequiredException.class);
+		assertThatExceptionOfType(ClientAuthorizationRequiredException.class).isThrownBy(() -> this.argumentResolver
+				.resolveArgument(methodParameter, null, new ServletWebRequest(this.request, this.response), null));
 	}
 
 	@SuppressWarnings("unchecked")
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionITests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionITests.java
index 4d80f56666..f7599856f4 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionITests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionITests.java
@@ -54,7 +54,7 @@ import org.springframework.web.reactive.function.client.WebClientResponseExcepti
 import org.springframework.web.server.ServerWebExchange;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatCode;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.BDDMockito.given;
@@ -257,8 +257,8 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionITests {
 				.subscriberContext(Context.of(ServerWebExchange.class, this.exchange))
 				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication));
 		// first try should fail, and remove the cached authorized client
-		assertThatCode(requestMono::block).isInstanceOfSatisfying(WebClientResponseException.class,
-				(e) -> assertThat(e.getStatusCode()).isEqualTo(HttpStatus.UNAUTHORIZED));
+		assertThatExceptionOfType(WebClientResponseException.class).isThrownBy(requestMono::block)
+				.satisfies((ex) -> assertThat(ex.getStatusCode()).isEqualTo(HttpStatus.UNAUTHORIZED));
 		assertThat(this.server.getRequestCount()).isEqualTo(1);
 		verify(this.authorizedClientRepository, never()).saveAuthorizedClient(any(), any(), any());
 		verify(this.authorizedClientRepository).removeAuthorizedClient(eq(clientRegistration.getRegistrationId()),
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionTests.java
index 4f1905c770..48e4bc2981 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionTests.java
@@ -96,8 +96,9 @@ import org.springframework.web.reactive.function.client.WebClientResponseExcepti
 import org.springframework.web.server.ServerWebExchange;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatCode;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
+import static org.assertj.core.api.Assertions.assertThatIllegalStateException;
 import static org.assertj.core.api.Assertions.entry;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
@@ -178,30 +179,31 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 
 	@Test
 	public void constructorWhenAuthorizedClientManagerIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> new ServerOAuth2AuthorizedClientExchangeFilterFunction(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new ServerOAuth2AuthorizedClientExchangeFilterFunction(null));
 	}
 
 	@Test
 	public void setClientCredentialsTokenResponseClientWhenClientIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.function.setClientCredentialsTokenResponseClient(null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("clientCredentialsTokenResponseClient cannot be null");
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.function.setClientCredentialsTokenResponseClient(null))
+				.withMessage("clientCredentialsTokenResponseClient cannot be null");
 	}
 
 	@Test
 	public void setClientCredentialsTokenResponseClientWhenNotDefaultAuthorizedClientManagerThenThrowIllegalStateException() {
-		assertThatThrownBy(() -> this.function
-				.setClientCredentialsTokenResponseClient(new WebClientReactiveClientCredentialsTokenResponseClient()))
-						.isInstanceOf(IllegalStateException.class).hasMessage(
-								"The client cannot be set when the constructor used is \"ServerOAuth2AuthorizedClientExchangeFilterFunction(ReactiveOAuth2AuthorizedClientManager)\". "
-										+ "Instead, use the constructor \"ServerOAuth2AuthorizedClientExchangeFilterFunction(ClientRegistrationRepository, OAuth2AuthorizedClientRepository)\".");
+		assertThatIllegalStateException()
+				.isThrownBy(() -> this.function.setClientCredentialsTokenResponseClient(
+						new WebClientReactiveClientCredentialsTokenResponseClient()))
+				.withMessage(
+						"The client cannot be set when the constructor used is \"ServerOAuth2AuthorizedClientExchangeFilterFunction(ReactiveOAuth2AuthorizedClientManager)\". "
+								+ "Instead, use the constructor \"ServerOAuth2AuthorizedClientExchangeFilterFunction(ClientRegistrationRepository, OAuth2AuthorizedClientRepository)\".");
 	}
 
 	@Test
 	public void setAccessTokenExpiresSkewWhenNotDefaultAuthorizedClientManagerThenThrowIllegalStateException() {
-		assertThatThrownBy(() -> this.function.setAccessTokenExpiresSkew(Duration.ofSeconds(30)))
-				.isInstanceOf(IllegalStateException.class).hasMessage(
+		assertThatIllegalStateException()
+				.isThrownBy(() -> this.function.setAccessTokenExpiresSkew(Duration.ofSeconds(30))).withMessage(
 						"The accessTokenExpiresSkew cannot be set when the constructor used is \"ServerOAuth2AuthorizedClientExchangeFilterFunction(ReactiveOAuth2AuthorizedClientManager)\". "
 								+ "Instead, use the constructor \"ServerOAuth2AuthorizedClientExchangeFilterFunction(ClientRegistrationRepository, OAuth2AuthorizedClientRepository)\".");
 	}
@@ -405,11 +407,11 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		verify(this.authorizationFailureHandler).onAuthorizationFailure(this.authorizationExceptionCaptor.capture(),
 				this.authenticationCaptor.capture(), this.attributesCaptor.capture());
 		assertThat(this.authorizationExceptionCaptor.getValue())
-				.isInstanceOfSatisfying(ClientAuthorizationException.class, (e) -> {
-					assertThat(e.getClientRegistrationId()).isEqualTo(this.registration.getRegistrationId());
-					assertThat(e.getError().getErrorCode()).isEqualTo("invalid_token");
-					assertThat(e).hasNoCause();
-					assertThat(e).hasMessageContaining("[invalid_token]");
+				.isInstanceOfSatisfying(ClientAuthorizationException.class, (ex) -> {
+					assertThat(ex.getClientRegistrationId()).isEqualTo(this.registration.getRegistrationId());
+					assertThat(ex.getError().getErrorCode()).isEqualTo("invalid_token");
+					assertThat(ex).hasNoCause();
+					assertThat(ex).hasMessageContaining("[invalid_token]");
 				});
 		assertThat(this.authenticationCaptor.getValue()).isInstanceOf(AnonymousAuthenticationToken.class);
 		assertThat(this.attributesCaptor.getValue())
@@ -431,17 +433,18 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		WebClientResponseException exception = WebClientResponseException.create(HttpStatus.UNAUTHORIZED.value(),
 				HttpStatus.UNAUTHORIZED.getReasonPhrase(), HttpHeaders.EMPTY, new byte[0], StandardCharsets.UTF_8);
 		ExchangeFunction throwingExchangeFunction = (r) -> Mono.error(exception);
-		assertThatCode(() -> this.function.filter(request, throwingExchangeFunction)
-				.subscriberContext(serverWebExchange()).block()).isEqualTo(exception);
+		assertThatExceptionOfType(WebClientResponseException.class).isThrownBy(() -> this.function
+				.filter(request, throwingExchangeFunction).subscriberContext(serverWebExchange()).block())
+				.isEqualTo(exception);
 		assertThat(publisherProbe.wasSubscribed()).isTrue();
 		verify(this.authorizationFailureHandler).onAuthorizationFailure(this.authorizationExceptionCaptor.capture(),
 				this.authenticationCaptor.capture(), this.attributesCaptor.capture());
 		assertThat(this.authorizationExceptionCaptor.getValue())
-				.isInstanceOfSatisfying(ClientAuthorizationException.class, (e) -> {
-					assertThat(e.getClientRegistrationId()).isEqualTo(this.registration.getRegistrationId());
-					assertThat(e.getError().getErrorCode()).isEqualTo("invalid_token");
-					assertThat(e).hasCause(exception);
-					assertThat(e).hasMessageContaining("[invalid_token]");
+				.isInstanceOfSatisfying(ClientAuthorizationException.class, (ex) -> {
+					assertThat(ex.getClientRegistrationId()).isEqualTo(this.registration.getRegistrationId());
+					assertThat(ex.getError().getErrorCode()).isEqualTo("invalid_token");
+					assertThat(ex).hasCause(exception);
+					assertThat(ex).hasMessageContaining("[invalid_token]");
 				});
 		assertThat(this.authenticationCaptor.getValue()).isInstanceOf(AnonymousAuthenticationToken.class);
 		assertThat(this.attributesCaptor.getValue())
@@ -466,11 +469,11 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		verify(this.authorizationFailureHandler).onAuthorizationFailure(this.authorizationExceptionCaptor.capture(),
 				this.authenticationCaptor.capture(), this.attributesCaptor.capture());
 		assertThat(this.authorizationExceptionCaptor.getValue())
-				.isInstanceOfSatisfying(ClientAuthorizationException.class, (e) -> {
-					assertThat(e.getClientRegistrationId()).isEqualTo(this.registration.getRegistrationId());
-					assertThat(e.getError().getErrorCode()).isEqualTo("insufficient_scope");
-					assertThat(e).hasNoCause();
-					assertThat(e).hasMessageContaining("[insufficient_scope]");
+				.isInstanceOfSatisfying(ClientAuthorizationException.class, (ex) -> {
+					assertThat(ex.getClientRegistrationId()).isEqualTo(this.registration.getRegistrationId());
+					assertThat(ex.getError().getErrorCode()).isEqualTo("insufficient_scope");
+					assertThat(ex).hasNoCause();
+					assertThat(ex).hasMessageContaining("[insufficient_scope]");
 				});
 		assertThat(this.authenticationCaptor.getValue()).isInstanceOf(AnonymousAuthenticationToken.class);
 		assertThat(this.attributesCaptor.getValue())
@@ -492,17 +495,18 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		WebClientResponseException exception = WebClientResponseException.create(HttpStatus.FORBIDDEN.value(),
 				HttpStatus.FORBIDDEN.getReasonPhrase(), HttpHeaders.EMPTY, new byte[0], StandardCharsets.UTF_8);
 		ExchangeFunction throwingExchangeFunction = (r) -> Mono.error(exception);
-		assertThatCode(() -> this.function.filter(request, throwingExchangeFunction)
-				.subscriberContext(serverWebExchange()).block()).isEqualTo(exception);
+		assertThatExceptionOfType(WebClientResponseException.class).isThrownBy(() -> this.function
+				.filter(request, throwingExchangeFunction).subscriberContext(serverWebExchange()).block())
+				.isEqualTo(exception);
 		assertThat(publisherProbe.wasSubscribed()).isTrue();
 		verify(this.authorizationFailureHandler).onAuthorizationFailure(this.authorizationExceptionCaptor.capture(),
 				this.authenticationCaptor.capture(), this.attributesCaptor.capture());
 		assertThat(this.authorizationExceptionCaptor.getValue())
-				.isInstanceOfSatisfying(ClientAuthorizationException.class, (e) -> {
-					assertThat(e.getClientRegistrationId()).isEqualTo(this.registration.getRegistrationId());
-					assertThat(e.getError().getErrorCode()).isEqualTo("insufficient_scope");
-					assertThat(e).hasCause(exception);
-					assertThat(e).hasMessageContaining("[insufficient_scope]");
+				.isInstanceOfSatisfying(ClientAuthorizationException.class, (ex) -> {
+					assertThat(ex.getClientRegistrationId()).isEqualTo(this.registration.getRegistrationId());
+					assertThat(ex.getError().getErrorCode()).isEqualTo("insufficient_scope");
+					assertThat(ex).hasCause(exception);
+					assertThat(ex).hasMessageContaining("[insufficient_scope]");
 				});
 		assertThat(this.authenticationCaptor.getValue()).isInstanceOf(AnonymousAuthenticationToken.class);
 		assertThat(this.attributesCaptor.getValue())
@@ -533,14 +537,14 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		verify(this.authorizationFailureHandler).onAuthorizationFailure(this.authorizationExceptionCaptor.capture(),
 				this.authenticationCaptor.capture(), this.attributesCaptor.capture());
 		assertThat(this.authorizationExceptionCaptor.getValue())
-				.isInstanceOfSatisfying(ClientAuthorizationException.class, (e) -> {
-					assertThat(e.getClientRegistrationId()).isEqualTo(this.registration.getRegistrationId());
-					assertThat(e.getError().getErrorCode()).isEqualTo(OAuth2ErrorCodes.INSUFFICIENT_SCOPE);
-					assertThat(e.getError().getDescription())
+				.isInstanceOfSatisfying(ClientAuthorizationException.class, (ex) -> {
+					assertThat(ex.getClientRegistrationId()).isEqualTo(this.registration.getRegistrationId());
+					assertThat(ex.getError().getErrorCode()).isEqualTo(OAuth2ErrorCodes.INSUFFICIENT_SCOPE);
+					assertThat(ex.getError().getDescription())
 							.isEqualTo("The request requires higher privileges than provided by the access token.");
-					assertThat(e.getError().getUri()).isEqualTo("https://tools.ietf.org/html/rfc6750#section-3.1");
-					assertThat(e).hasNoCause();
-					assertThat(e).hasMessageContaining(OAuth2ErrorCodes.INSUFFICIENT_SCOPE);
+					assertThat(ex.getError().getUri()).isEqualTo("https://tools.ietf.org/html/rfc6750#section-3.1");
+					assertThat(ex).hasNoCause();
+					assertThat(ex).hasMessageContaining(OAuth2ErrorCodes.INSUFFICIENT_SCOPE);
 				});
 		assertThat(this.authenticationCaptor.getValue()).isInstanceOf(AnonymousAuthenticationToken.class);
 		assertThat(this.attributesCaptor.getValue())
@@ -562,8 +566,9 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		OAuth2AuthorizationException exception = new OAuth2AuthorizationException(
 				new OAuth2Error(OAuth2ErrorCodes.INVALID_TOKEN, null, null));
 		ExchangeFunction throwingExchangeFunction = (r) -> Mono.error(exception);
-		assertThatCode(() -> this.function.filter(request, throwingExchangeFunction)
-				.subscriberContext(serverWebExchange()).block()).isEqualTo(exception);
+		assertThatExceptionOfType(OAuth2AuthorizationException.class).isThrownBy(() -> this.function
+				.filter(request, throwingExchangeFunction).subscriberContext(serverWebExchange()).block())
+				.isEqualTo(exception);
 		assertThat(publisherProbe.wasSubscribed()).isTrue();
 		verify(this.authorizationFailureHandler).onAuthorizationFailure(this.authorizationExceptionCaptor.capture(),
 				this.authenticationCaptor.capture(), this.attributesCaptor.capture());
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionTests.java
index 1cdd07b662..2e3a793462 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionTests.java
@@ -105,8 +105,9 @@ import org.springframework.web.reactive.function.client.WebClient;
 import org.springframework.web.reactive.function.client.WebClientResponseException;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatCode;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
+import static org.assertj.core.api.Assertions.assertThatIllegalStateException;
 import static org.assertj.core.api.Assertions.entry;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
@@ -202,32 +203,37 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 
 	@Test
 	public void constructorWhenAuthorizedClientManagerIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> new ServletOAuth2AuthorizedClientExchangeFilterFunction(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new ServletOAuth2AuthorizedClientExchangeFilterFunction(null));
 	}
 
 	@Test
 	public void setClientCredentialsTokenResponseClientWhenClientIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.function.setClientCredentialsTokenResponseClient(null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("clientCredentialsTokenResponseClient cannot be null");
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.function.setClientCredentialsTokenResponseClient(null))
+				.withMessage("clientCredentialsTokenResponseClient cannot be null");
 	}
 
 	@Test
 	public void setClientCredentialsTokenResponseClientWhenNotDefaultAuthorizedClientManagerThenThrowIllegalStateException() {
-		assertThatThrownBy(() -> this.function
-				.setClientCredentialsTokenResponseClient(new DefaultClientCredentialsTokenResponseClient()))
-						.isInstanceOf(IllegalStateException.class).hasMessage(
-								"The client cannot be set when the constructor used is \"ServletOAuth2AuthorizedClientExchangeFilterFunction(OAuth2AuthorizedClientManager)\". "
-										+ "Instead, use the constructor \"ServletOAuth2AuthorizedClientExchangeFilterFunction(ClientRegistrationRepository, OAuth2AuthorizedClientRepository)\".");
+		assertThatIllegalStateException()
+				.isThrownBy(() -> this.function
+						.setClientCredentialsTokenResponseClient(new DefaultClientCredentialsTokenResponseClient()))
+				.withMessage("The client cannot be set when the constructor used is "
+						+ "\"ServletOAuth2AuthorizedClientExchangeFilterFunction(OAuth2AuthorizedClientManager)\". "
+						+ "Instead, use the constructor \"ServletOAuth2AuthorizedClientExchangeFilterFunction(ClientRegistrationRepository, "
+						+ "OAuth2AuthorizedClientRepository)\".");
 	}
 
 	@Test
 	public void setAccessTokenExpiresSkewWhenNotDefaultAuthorizedClientManagerThenThrowIllegalStateException() {
-		assertThatThrownBy(() -> this.function.setAccessTokenExpiresSkew(Duration.ofSeconds(30)))
-				.isInstanceOf(IllegalStateException.class).hasMessage(
-						"The accessTokenExpiresSkew cannot be set when the constructor used is \"ServletOAuth2AuthorizedClientExchangeFilterFunction(OAuth2AuthorizedClientManager)\". "
-								+ "Instead, use the constructor \"ServletOAuth2AuthorizedClientExchangeFilterFunction(ClientRegistrationRepository, OAuth2AuthorizedClientRepository)\".");
+		assertThatIllegalStateException()
+				.isThrownBy(() -> this.function.setAccessTokenExpiresSkew(Duration.ofSeconds(30)))
+				.isInstanceOf(IllegalStateException.class)
+				.withMessage("The accessTokenExpiresSkew cannot be set when the constructor used is "
+						+ "\"ServletOAuth2AuthorizedClientExchangeFilterFunction(OAuth2AuthorizedClientManager)\". "
+						+ "Instead, use the constructor \"ServletOAuth2AuthorizedClientExchangeFilterFunction(ClientRegistrationRepository, "
+						+ "OAuth2AuthorizedClientRepository)\".");
 	}
 
 	@Test
@@ -642,11 +648,11 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		verify(this.authorizationFailureHandler).onAuthorizationFailure(this.authorizationExceptionCaptor.capture(),
 				this.authenticationCaptor.capture(), this.attributesCaptor.capture());
 		assertThat(this.authorizationExceptionCaptor.getValue())
-				.isInstanceOfSatisfying(ClientAuthorizationException.class, (e) -> {
-					assertThat(e.getClientRegistrationId()).isEqualTo(this.registration.getRegistrationId());
-					assertThat(e.getError().getErrorCode()).isEqualTo(expectedErrorCode);
-					assertThat(e).hasNoCause();
-					assertThat(e).hasMessageContaining(expectedErrorCode);
+				.isInstanceOfSatisfying(ClientAuthorizationException.class, (ex) -> {
+					assertThat(ex.getClientRegistrationId()).isEqualTo(this.registration.getRegistrationId());
+					assertThat(ex.getError().getErrorCode()).isEqualTo(expectedErrorCode);
+					assertThat(ex).hasNoCause();
+					assertThat(ex).hasMessageContaining(expectedErrorCode);
 				});
 		assertThat(this.authenticationCaptor.getValue().getName()).isEqualTo(authorizedClient.getPrincipalName());
 		assertThat(this.attributesCaptor.getValue()).containsExactly(
@@ -678,14 +684,14 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		verify(this.authorizationFailureHandler).onAuthorizationFailure(this.authorizationExceptionCaptor.capture(),
 				this.authenticationCaptor.capture(), this.attributesCaptor.capture());
 		assertThat(this.authorizationExceptionCaptor.getValue())
-				.isInstanceOfSatisfying(ClientAuthorizationException.class, (e) -> {
-					assertThat(e.getClientRegistrationId()).isEqualTo(this.registration.getRegistrationId());
-					assertThat(e.getError().getErrorCode()).isEqualTo(OAuth2ErrorCodes.INSUFFICIENT_SCOPE);
-					assertThat(e.getError().getDescription())
+				.isInstanceOfSatisfying(ClientAuthorizationException.class, (ex) -> {
+					assertThat(ex.getClientRegistrationId()).isEqualTo(this.registration.getRegistrationId());
+					assertThat(ex.getError().getErrorCode()).isEqualTo(OAuth2ErrorCodes.INSUFFICIENT_SCOPE);
+					assertThat(ex.getError().getDescription())
 							.isEqualTo("The request requires higher privileges than provided by the access token.");
-					assertThat(e.getError().getUri()).isEqualTo("https://tools.ietf.org/html/rfc6750#section-3.1");
-					assertThat(e).hasNoCause();
-					assertThat(e).hasMessageContaining(OAuth2ErrorCodes.INSUFFICIENT_SCOPE);
+					assertThat(ex.getError().getUri()).isEqualTo("https://tools.ietf.org/html/rfc6750#section-3.1");
+					assertThat(ex).hasNoCause();
+					assertThat(ex).hasMessageContaining(OAuth2ErrorCodes.INSUFFICIENT_SCOPE);
 				});
 		assertThat(this.authenticationCaptor.getValue().getName()).isEqualTo(authorizedClient.getPrincipalName());
 		assertThat(this.attributesCaptor.getValue()).containsExactly(
@@ -721,15 +727,16 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 				httpStatus.getReasonPhrase(), HttpHeaders.EMPTY, new byte[0], StandardCharsets.UTF_8);
 		ExchangeFunction throwingExchangeFunction = (r) -> Mono.error(exception);
 		this.function.setAuthorizationFailureHandler(this.authorizationFailureHandler);
-		assertThatCode(() -> this.function.filter(request, throwingExchangeFunction).block()).isEqualTo(exception);
+		assertThatExceptionOfType(WebClientResponseException.class)
+				.isThrownBy(() -> this.function.filter(request, throwingExchangeFunction).block()).isEqualTo(exception);
 		verify(this.authorizationFailureHandler).onAuthorizationFailure(this.authorizationExceptionCaptor.capture(),
 				this.authenticationCaptor.capture(), this.attributesCaptor.capture());
 		assertThat(this.authorizationExceptionCaptor.getValue())
-				.isInstanceOfSatisfying(ClientAuthorizationException.class, (e) -> {
-					assertThat(e.getClientRegistrationId()).isEqualTo(this.registration.getRegistrationId());
-					assertThat(e.getError().getErrorCode()).isEqualTo(expectedErrorCode);
-					assertThat(e).hasCause(exception);
-					assertThat(e).hasMessageContaining(expectedErrorCode);
+				.isInstanceOfSatisfying(ClientAuthorizationException.class, (ex) -> {
+					assertThat(ex.getClientRegistrationId()).isEqualTo(this.registration.getRegistrationId());
+					assertThat(ex.getError().getErrorCode()).isEqualTo(expectedErrorCode);
+					assertThat(ex).hasCause(exception);
+					assertThat(ex).hasMessageContaining(expectedErrorCode);
 				});
 		assertThat(this.authenticationCaptor.getValue().getName()).isEqualTo(authorizedClient.getPrincipalName());
 		assertThat(this.attributesCaptor.getValue()).containsExactly(
@@ -753,15 +760,17 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
 				new OAuth2Error(OAuth2ErrorCodes.INVALID_TOKEN));
 		ExchangeFunction throwingExchangeFunction = (r) -> Mono.error(authorizationException);
 		this.function.setAuthorizationFailureHandler(this.authorizationFailureHandler);
-		assertThatCode(() -> this.function.filter(request, throwingExchangeFunction).block())
+		assertThatExceptionOfType(OAuth2AuthorizationException.class)
+				.isThrownBy(() -> this.function.filter(request, throwingExchangeFunction).block())
 				.isEqualTo(authorizationException);
 		verify(this.authorizationFailureHandler).onAuthorizationFailure(this.authorizationExceptionCaptor.capture(),
 				this.authenticationCaptor.capture(), this.attributesCaptor.capture());
 		assertThat(this.authorizationExceptionCaptor.getValue())
-				.isInstanceOfSatisfying(OAuth2AuthorizationException.class, (e) -> {
-					assertThat(e.getError().getErrorCode()).isEqualTo(authorizationException.getError().getErrorCode());
-					assertThat(e).hasNoCause();
-					assertThat(e).hasMessageContaining(OAuth2ErrorCodes.INVALID_TOKEN);
+				.isInstanceOfSatisfying(OAuth2AuthorizationException.class, (ex) -> {
+					assertThat(ex.getError().getErrorCode())
+							.isEqualTo(authorizationException.getError().getErrorCode());
+					assertThat(ex).hasNoCause();
+					assertThat(ex).hasMessageContaining(OAuth2ErrorCodes.INVALID_TOKEN);
 				});
 		assertThat(this.authenticationCaptor.getValue().getName()).isEqualTo(authorizedClient.getPrincipalName());
 		assertThat(this.attributesCaptor.getValue()).containsExactly(
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/result/method/annotation/OAuth2AuthorizedClientArgumentResolverTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/result/method/annotation/OAuth2AuthorizedClientArgumentResolverTests.java
index f92100222f..16a7cd5c5f 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/result/method/annotation/OAuth2AuthorizedClientArgumentResolverTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/result/method/annotation/OAuth2AuthorizedClientArgumentResolverTests.java
@@ -48,7 +48,8 @@ import org.springframework.util.ReflectionUtils;
 import org.springframework.web.server.ServerWebExchange;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyString;
 import static org.mockito.BDDMockito.given;
@@ -94,20 +95,19 @@ public class OAuth2AuthorizedClientArgumentResolverTests {
 
 	@Test
 	public void constructorWhenClientRegistrationRepositoryIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> new OAuth2AuthorizedClientArgumentResolver(null, this.authorizedClientRepository))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new OAuth2AuthorizedClientArgumentResolver(null, this.authorizedClientRepository));
 	}
 
 	@Test
 	public void constructorWhenOAuth2AuthorizedClientRepositoryIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> new OAuth2AuthorizedClientArgumentResolver(this.clientRegistrationRepository, null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new OAuth2AuthorizedClientArgumentResolver(this.clientRegistrationRepository, null));
 	}
 
 	@Test
 	public void constructorWhenAuthorizedClientManagerIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> new OAuth2AuthorizedClientArgumentResolver(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> new OAuth2AuthorizedClientArgumentResolver(null));
 	}
 
 	@Test
@@ -134,8 +134,8 @@ public class OAuth2AuthorizedClientArgumentResolverTests {
 	@Test
 	public void resolveArgumentWhenRegistrationIdEmptyAndNotOAuth2AuthenticationThenThrowIllegalArgumentException() {
 		MethodParameter methodParameter = this.getMethodParameter("registrationIdEmpty", OAuth2AuthorizedClient.class);
-		assertThatThrownBy(() -> resolveArgument(methodParameter)).isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("The clientRegistrationId could not be resolved. Please provide one");
+		assertThatIllegalArgumentException().isThrownBy(() -> resolveArgument(methodParameter))
+				.withMessage("The clientRegistrationId could not be resolved. Please provide one");
 	}
 
 	@Test
@@ -169,8 +169,8 @@ public class OAuth2AuthorizedClientArgumentResolverTests {
 		given(this.authorizedClientRepository.loadAuthorizedClient(anyString(), any(), any())).willReturn(Mono.empty());
 		MethodParameter methodParameter = this.getMethodParameter("paramTypeAuthorizedClient",
 				OAuth2AuthorizedClient.class);
-		assertThatThrownBy(() -> resolveArgument(methodParameter))
-				.isInstanceOf(ClientAuthorizationRequiredException.class);
+		assertThatExceptionOfType(ClientAuthorizationRequiredException.class)
+				.isThrownBy(() -> resolveArgument(methodParameter));
 	}
 
 	private Object resolveArgument(MethodParameter methodParameter) {
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/AuthenticatedPrincipalServerOAuth2AuthorizedClientRepositoryTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/AuthenticatedPrincipalServerOAuth2AuthorizedClientRepositoryTests.java
index 3e8bbdc757..9693d71749 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/AuthenticatedPrincipalServerOAuth2AuthorizedClientRepositoryTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/AuthenticatedPrincipalServerOAuth2AuthorizedClientRepositoryTests.java
@@ -30,7 +30,7 @@ import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
 import org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientService;
 import org.springframework.security.oauth2.client.web.AuthenticatedPrincipalOAuth2AuthorizedClientRepository;
 
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
@@ -65,14 +65,14 @@ public class AuthenticatedPrincipalServerOAuth2AuthorizedClientRepositoryTests {
 
 	@Test
 	public void constructorWhenAuthorizedClientServiceIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> new AuthenticatedPrincipalOAuth2AuthorizedClientRepository(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new AuthenticatedPrincipalOAuth2AuthorizedClientRepository(null));
 	}
 
 	@Test
 	public void setAuthorizedClientRepositoryWhenAuthorizedClientRepositoryIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.authorizedClientRepository.setAnonymousAuthorizedClientRepository(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.authorizedClientRepository.setAnonymousAuthorizedClientRepository(null));
 	}
 
 	@Test
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolverTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolverTests.java
index 54967496b5..a48ffbb194 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolverTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolverTests.java
@@ -39,8 +39,8 @@ import org.springframework.web.server.ResponseStatusException;
 import org.springframework.web.server.ServerWebExchange;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
-import static org.assertj.core.api.Assertions.catchThrowableOfType;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.BDDMockito.given;
 
@@ -65,8 +65,7 @@ public class DefaultServerOAuth2AuthorizationRequestResolverTests {
 
 	@Test
 	public void setAuthorizationRequestCustomizerWhenNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.resolver.setAuthorizationRequestCustomizer(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.resolver.setAuthorizationRequestCustomizer(null));
 	}
 
 	@Test
@@ -77,9 +76,9 @@ public class DefaultServerOAuth2AuthorizationRequestResolverTests {
 	@Test
 	public void resolveWhenClientRegistrationNotFoundMatchThenBadRequest() {
 		given(this.clientRegistrationRepository.findByRegistrationId(any())).willReturn(Mono.empty());
-		ResponseStatusException expected = catchThrowableOfType(() -> resolve("/oauth2/authorization/not-found-id"),
-				ResponseStatusException.class);
-		assertThat(expected.getStatus()).isEqualTo(HttpStatus.BAD_REQUEST);
+		assertThatExceptionOfType(ResponseStatusException.class)
+				.isThrownBy(() -> resolve("/oauth2/authorization/not-found-id"))
+				.satisfies((ex) -> assertThat(ex.getStatus()).isEqualTo(HttpStatus.BAD_REQUEST));
 	}
 
 	@Test
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationCodeGrantWebFilterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationCodeGrantWebFilterTests.java
index 56f527b658..b5a1f5c5e7 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationCodeGrantWebFilterTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationCodeGrantWebFilterTests.java
@@ -49,8 +49,8 @@ import org.springframework.web.server.ServerWebExchange;
 import org.springframework.web.server.handler.DefaultWebFilterChain;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatCode;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
@@ -90,30 +90,30 @@ public class OAuth2AuthorizationCodeGrantWebFilterTests {
 	@Test
 	public void constructorWhenAuthenticationManagerNullThenIllegalArgumentException() {
 		this.authenticationManager = null;
-		assertThatCode(() -> new OAuth2AuthorizationCodeGrantWebFilter(this.authenticationManager,
-				this.clientRegistrationRepository, this.authorizedClientRepository))
-						.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new OAuth2AuthorizationCodeGrantWebFilter(this.authenticationManager,
+						this.clientRegistrationRepository, this.authorizedClientRepository));
 	}
 
 	@Test
 	public void constructorWhenClientRegistrationRepositoryNullThenIllegalArgumentException() {
 		this.clientRegistrationRepository = null;
-		assertThatCode(() -> new OAuth2AuthorizationCodeGrantWebFilter(this.authenticationManager,
-				this.clientRegistrationRepository, this.authorizedClientRepository))
-						.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new OAuth2AuthorizationCodeGrantWebFilter(this.authenticationManager,
+						this.clientRegistrationRepository, this.authorizedClientRepository));
 	}
 
 	@Test
 	public void constructorWhenAuthorizedClientRepositoryNullThenIllegalArgumentException() {
 		this.authorizedClientRepository = null;
-		assertThatCode(() -> new OAuth2AuthorizationCodeGrantWebFilter(this.authenticationManager,
-				this.clientRegistrationRepository, this.authorizedClientRepository))
-						.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new OAuth2AuthorizationCodeGrantWebFilter(this.authenticationManager,
+						this.clientRegistrationRepository, this.authorizedClientRepository));
 	}
 
 	@Test
 	public void setRequestCacheWhenRequestCacheIsNullThenThrowIllegalArgumentException() {
-		assertThatCode(() -> this.filter.setRequestCache(null)).isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.filter.setRequestCache(null));
 	}
 
 	@Test
@@ -267,10 +267,10 @@ public class OAuth2AuthorizationCodeGrantWebFilterTests {
 		MockServerWebExchange exchange = MockServerWebExchange.from(authorizationResponse);
 		DefaultWebFilterChain chain = new DefaultWebFilterChain((e) -> e.getResponse().setComplete(),
 				Collections.emptyList());
-		assertThatThrownBy(() -> this.filter.filter(exchange, chain).block())
-				.isInstanceOf(OAuth2AuthenticationException.class)
-				.extracting((ex) -> ((OAuth2AuthenticationException) ex).getError()).extracting("errorCode")
-				.isEqualTo("client_registration_not_found");
+		assertThatExceptionOfType(OAuth2AuthenticationException.class)
+				.isThrownBy(() -> this.filter.filter(exchange, chain).block())
+				.satisfies((ex) -> assertThat(ex.getError()).extracting("errorCode")
+						.isEqualTo("client_registration_not_found"));
 		verifyNoInteractions(this.authenticationManager);
 	}
 
@@ -292,10 +292,9 @@ public class OAuth2AuthorizationCodeGrantWebFilterTests {
 		MockServerWebExchange exchange = MockServerWebExchange.from(authorizationResponse);
 		DefaultWebFilterChain chain = new DefaultWebFilterChain((e) -> e.getResponse().setComplete(),
 				Collections.emptyList());
-		assertThatThrownBy(() -> this.filter.filter(exchange, chain).block())
-				.isInstanceOf(OAuth2AuthenticationException.class)
-				.extracting((ex) -> ((OAuth2AuthenticationException) ex).getError()).extracting("errorCode")
-				.isEqualTo("authorization_error");
+		assertThatExceptionOfType(OAuth2AuthenticationException.class)
+				.isThrownBy(() -> this.filter.filter(exchange, chain).block())
+				.satisfies((ex) -> assertThat(ex.getError()).extracting("errorCode").isEqualTo("authorization_error"));
 	}
 
 	private static OAuth2AuthorizationRequest createOAuth2AuthorizationRequest(
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationRequestRedirectWebFilterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationRequestRedirectWebFilterTests.java
index f5c6f0c5f8..a1a7f9e657 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationRequestRedirectWebFilterTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationRequestRedirectWebFilterTests.java
@@ -37,7 +37,7 @@ import org.springframework.test.web.reactive.server.WebTestClient;
 import org.springframework.web.server.handler.FilteringWebHandler;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.verify;
@@ -80,8 +80,8 @@ public class OAuth2AuthorizationRequestRedirectWebFilterTests {
 	@Test
 	public void constructorWhenClientRegistrationRepositoryNullThenIllegalArgumentException() {
 		this.clientRepository = null;
-		assertThatThrownBy(() -> new OAuth2AuthorizationRequestRedirectWebFilter(this.clientRepository))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new OAuth2AuthorizationRequestRedirectWebFilter(this.clientRepository));
 	}
 
 	@Test
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizationCodeAuthenticationTokenConverterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizationCodeAuthenticationTokenConverterTests.java
index aed902381d..a1dfa74248 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizationCodeAuthenticationTokenConverterTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizationCodeAuthenticationTokenConverterTests.java
@@ -39,7 +39,7 @@ import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResp
 import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.BDDMockito.given;
 
@@ -85,7 +85,7 @@ public class ServerOAuth2AuthorizationCodeAuthenticationTokenConverterTests {
 	@Test
 	public void applyWhenAuthorizationRequestEmptyThenOAuth2AuthorizationException() {
 		given(this.authorizationRequestRepository.removeAuthorizationRequest(any())).willReturn(Mono.empty());
-		assertThatThrownBy(() -> applyConverter()).isInstanceOf(OAuth2AuthorizationException.class);
+		assertThatExceptionOfType(OAuth2AuthorizationException.class).isThrownBy(() -> applyConverter());
 	}
 
 	@Test
@@ -93,8 +93,8 @@ public class ServerOAuth2AuthorizationCodeAuthenticationTokenConverterTests {
 		this.authorizationRequest.attributes(Map::clear);
 		given(this.authorizationRequestRepository.removeAuthorizationRequest(any()))
 				.willReturn(Mono.just(this.authorizationRequest.build()));
-		assertThatThrownBy(() -> applyConverter()).isInstanceOf(OAuth2AuthorizationException.class)
-				.hasMessageContaining(
+		assertThatExceptionOfType(OAuth2AuthorizationException.class).isThrownBy(() -> applyConverter())
+				.withMessageContaining(
 						ServerOAuth2AuthorizationCodeAuthenticationTokenConverter.CLIENT_REGISTRATION_NOT_FOUND_ERROR_CODE);
 	}
 
@@ -103,8 +103,8 @@ public class ServerOAuth2AuthorizationCodeAuthenticationTokenConverterTests {
 		given(this.authorizationRequestRepository.removeAuthorizationRequest(any()))
 				.willReturn(Mono.just(this.authorizationRequest.build()));
 		given(this.clientRegistrationRepository.findByRegistrationId(any())).willReturn(Mono.empty());
-		assertThatThrownBy(() -> applyConverter()).isInstanceOf(OAuth2AuthorizationException.class)
-				.hasMessageContaining(
+		assertThatExceptionOfType(OAuth2AuthorizationException.class).isThrownBy(() -> applyConverter())
+				.withMessageContaining(
 						ServerOAuth2AuthorizationCodeAuthenticationTokenConverter.CLIENT_REGISTRATION_NOT_FOUND_ERROR_CODE);
 	}
 
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/UnAuthenticatedServerOAuth2AuthorizedClientRepositoryTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/UnAuthenticatedServerOAuth2AuthorizedClientRepositoryTests.java
index 23c526bdf3..308c5f03db 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/UnAuthenticatedServerOAuth2AuthorizedClientRepositoryTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/UnAuthenticatedServerOAuth2AuthorizedClientRepositoryTests.java
@@ -33,7 +33,7 @@ import org.springframework.security.oauth2.core.TestOAuth2AccessTokens;
 import org.springframework.web.server.ServerWebExchange;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * @author Rob Winch
@@ -65,25 +65,22 @@ public class UnAuthenticatedServerOAuth2AuthorizedClientRepositoryTests {
 	@Test
 	public void loadAuthorizedClientWhenClientRegistrationIdNullThenIllegalArgumentException() {
 		this.clientRegistrationId = null;
-		assertThatThrownBy(() -> this.repository
-				.loadAuthorizedClient(this.clientRegistrationId, this.authentication, this.exchange).block())
-						.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.repository
+				.loadAuthorizedClient(this.clientRegistrationId, this.authentication, this.exchange).block());
 	}
 
 	@Test
 	public void loadAuthorizedClientWhenAuthenticationNotNullThenIllegalArgumentException() {
 		this.authentication = new TestingAuthenticationToken("a", "b", "ROLE_USER");
-		assertThatThrownBy(() -> this.repository
-				.loadAuthorizedClient(this.clientRegistrationId, this.authentication, this.exchange).block())
-						.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.repository
+				.loadAuthorizedClient(this.clientRegistrationId, this.authentication, this.exchange).block());
 	}
 
 	@Test
 	public void loadAuthorizedClientWhenServerWebExchangeNotNullThenIllegalArgumentException() {
 		this.exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/").build());
-		assertThatThrownBy(() -> this.repository
-				.loadAuthorizedClient(this.clientRegistrationId, this.authentication, this.exchange).block())
-						.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.repository
+				.loadAuthorizedClient(this.clientRegistrationId, this.authentication, this.exchange).block());
 	}
 
 	@Test
@@ -123,50 +120,44 @@ public class UnAuthenticatedServerOAuth2AuthorizedClientRepositoryTests {
 	@Test
 	public void saveAuthorizedClientWhenAuthorizedClientNullThenIllegalArgumentException() {
 		this.authorizedClient = null;
-		assertThatThrownBy(() -> this.repository
-				.saveAuthorizedClient(this.authorizedClient, this.authentication, this.exchange).block())
-						.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.repository
+				.saveAuthorizedClient(this.authorizedClient, this.authentication, this.exchange).block());
 	}
 
 	@Test
 	public void saveAuthorizedClientWhenAuthenticationNotNullThenIllegalArgumentException() {
 		this.authentication = new TestingAuthenticationToken("a", "b", "ROLE_USER");
-		assertThatThrownBy(() -> this.repository
-				.saveAuthorizedClient(this.authorizedClient, this.authentication, this.exchange).block())
-						.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.repository
+				.saveAuthorizedClient(this.authorizedClient, this.authentication, this.exchange).block());
 	}
 
 	@Test
 	public void saveAuthorizedClientWhenServerWebExchangeNotNullThenIllegalArgumentException() {
 		this.exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/").build());
-		assertThatThrownBy(() -> this.repository
-				.saveAuthorizedClient(this.authorizedClient, this.authentication, this.exchange).block())
-						.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.repository
+				.saveAuthorizedClient(this.authorizedClient, this.authentication, this.exchange).block());
 	}
 
 	// removeAuthorizedClient
 	@Test
 	public void removeAuthorizedClientWhenClientRegistrationIdNullThenIllegalArgumentException() {
 		this.clientRegistrationId = null;
-		assertThatThrownBy(() -> this.repository
-				.removeAuthorizedClient(this.clientRegistrationId, this.authentication, this.exchange).block())
-						.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.repository
+				.removeAuthorizedClient(this.clientRegistrationId, this.authentication, this.exchange).block());
 	}
 
 	@Test
 	public void removeAuthorizedClientWhenAuthenticationNotNullThenIllegalArgumentException() {
 		this.authentication = new TestingAuthenticationToken("a", "b", "ROLE_USER");
-		assertThatThrownBy(() -> this.repository
-				.removeAuthorizedClient(this.clientRegistrationId, this.authentication, this.exchange).block())
-						.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.repository
+				.removeAuthorizedClient(this.clientRegistrationId, this.authentication, this.exchange).block());
 	}
 
 	@Test
 	public void removeAuthorizedClientWhenServerWebExchangeNotNullThenIllegalArgumentException() {
 		this.exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/").build());
-		assertThatThrownBy(() -> this.repository
-				.removeAuthorizedClient(this.clientRegistrationId, this.authentication, this.exchange).block())
-						.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.repository
+				.removeAuthorizedClient(this.clientRegistrationId, this.authentication, this.exchange).block());
 	}
 
 	@Test
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/WebSessionOAuth2ServerAuthorizationRequestRepositoryTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/WebSessionOAuth2ServerAuthorizationRequestRepositoryTests.java
index 13a50ed5ab..c2be0f46bf 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/WebSessionOAuth2ServerAuthorizationRequestRepositoryTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/WebSessionOAuth2ServerAuthorizationRequestRepositoryTests.java
@@ -35,7 +35,7 @@ import org.springframework.web.server.adapter.DefaultServerWebExchange;
 import org.springframework.web.server.i18n.AcceptHeaderLocaleContextResolver;
 import org.springframework.web.server.session.WebSessionManager;
 
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
@@ -61,8 +61,7 @@ public class WebSessionOAuth2ServerAuthorizationRequestRepositoryTests {
 	@Test
 	public void loadAuthorizationRequestWhenNullExchangeThenIllegalArgumentException() {
 		this.exchange = null;
-		assertThatThrownBy(() -> this.repository.loadAuthorizationRequest(this.exchange))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.repository.loadAuthorizationRequest(this.exchange));
 	}
 
 	@Test
@@ -121,23 +120,23 @@ public class WebSessionOAuth2ServerAuthorizationRequestRepositoryTests {
 	@Test
 	public void saveAuthorizationRequestWhenAuthorizationRequestNullThenThrowsIllegalArgumentException() {
 		this.authorizationRequest = null;
-		assertThatThrownBy(() -> this.repository.saveAuthorizationRequest(this.authorizationRequest, this.exchange))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.repository.saveAuthorizationRequest(this.authorizationRequest, this.exchange));
 		assertSessionStartedIs(false);
 	}
 
 	@Test
 	public void saveAuthorizationRequestWhenExchangeNullThenThrowsIllegalArgumentException() {
 		this.exchange = null;
-		assertThatThrownBy(() -> this.repository.saveAuthorizationRequest(this.authorizationRequest, this.exchange))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.repository.saveAuthorizationRequest(this.authorizationRequest, this.exchange));
 	}
 
 	@Test
 	public void removeAuthorizationRequestWhenExchangeNullThenThrowsIllegalArgumentException() {
 		this.exchange = null;
-		assertThatThrownBy(() -> this.repository.removeAuthorizationRequest(this.exchange))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.repository.removeAuthorizationRequest(this.exchange));
 	}
 
 	@Test
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/WebSessionServerOAuth2AuthorizedClientRepositoryTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/WebSessionServerOAuth2AuthorizedClientRepositoryTests.java
index e24d86bb86..d0bd471407 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/WebSessionServerOAuth2AuthorizedClientRepositoryTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/WebSessionServerOAuth2AuthorizedClientRepositoryTests.java
@@ -27,7 +27,7 @@ import org.springframework.security.oauth2.core.OAuth2AccessToken;
 import org.springframework.web.server.WebSession;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.Mockito.mock;
 
 /**
@@ -52,9 +52,8 @@ public class WebSessionServerOAuth2AuthorizedClientRepositoryTests {
 
 	@Test
 	public void loadAuthorizedClientWhenClientRegistrationIdIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(
-				() -> this.authorizedClientRepository.loadAuthorizedClient(null, null, this.exchange).block())
-						.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(
+				() -> this.authorizedClientRepository.loadAuthorizedClient(null, null, this.exchange).block());
 	}
 
 	@Test
@@ -64,9 +63,8 @@ public class WebSessionServerOAuth2AuthorizedClientRepositoryTests {
 
 	@Test
 	public void loadAuthorizedClientWhenRequestIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(
-				() -> this.authorizedClientRepository.loadAuthorizedClient(this.registrationId1, null, null).block())
-						.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(
+				() -> this.authorizedClientRepository.loadAuthorizedClient(this.registrationId1, null, null).block());
 	}
 
 	@Test
@@ -88,9 +86,8 @@ public class WebSessionServerOAuth2AuthorizedClientRepositoryTests {
 
 	@Test
 	public void saveAuthorizedClientWhenAuthorizedClientIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(
-				() -> this.authorizedClientRepository.saveAuthorizedClient(null, null, this.exchange).block())
-						.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(
+				() -> this.authorizedClientRepository.saveAuthorizedClient(null, null, this.exchange).block());
 	}
 
 	@Test
@@ -104,9 +101,8 @@ public class WebSessionServerOAuth2AuthorizedClientRepositoryTests {
 	public void saveAuthorizedClientWhenRequestIsNullThenThrowIllegalArgumentException() {
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration2, this.principalName1,
 				mock(OAuth2AccessToken.class));
-		assertThatThrownBy(
-				() -> this.authorizedClientRepository.saveAuthorizedClient(authorizedClient, null, null).block())
-						.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(
+				() -> this.authorizedClientRepository.saveAuthorizedClient(authorizedClient, null, null).block());
 	}
 
 	@Test
@@ -121,8 +117,8 @@ public class WebSessionServerOAuth2AuthorizedClientRepositoryTests {
 
 	@Test
 	public void removeAuthorizedClientWhenClientRegistrationIdIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.authorizedClientRepository.removeAuthorizedClient(null, null, this.exchange))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.authorizedClientRepository.removeAuthorizedClient(null, null, this.exchange));
 	}
 
 	@Test
@@ -132,9 +128,8 @@ public class WebSessionServerOAuth2AuthorizedClientRepositoryTests {
 
 	@Test
 	public void removeAuthorizedClientWhenRequestIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(
-				() -> this.authorizedClientRepository.removeAuthorizedClient(this.registrationId1, null, null))
-						.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(
+				() -> this.authorizedClientRepository.removeAuthorizedClient(this.registrationId1, null, null));
 	}
 
 	@Test
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/AuthenticationMethodTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/AuthenticationMethodTests.java
index f49f14cbae..2b4af49903 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/AuthenticationMethodTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/AuthenticationMethodTests.java
@@ -19,7 +19,7 @@ package org.springframework.security.oauth2.core;
 import org.junit.Test;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * Tests for {@link AuthenticationMethod}.
@@ -30,7 +30,8 @@ public class AuthenticationMethodTests {
 
 	@Test
 	public void constructorWhenValueIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> new AuthenticationMethod(null)).hasMessage("value cannot be empty");
+		assertThatIllegalArgumentException().isThrownBy(() -> new AuthenticationMethod(null))
+				.withMessage("value cannot be empty");
 	}
 
 	@Test
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/DefaultOAuth2AuthenticatedPrincipalTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/DefaultOAuth2AuthenticatedPrincipalTests.java
index 642d1217d0..5a1940c945 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/DefaultOAuth2AuthenticatedPrincipalTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/DefaultOAuth2AuthenticatedPrincipalTests.java
@@ -26,7 +26,7 @@ import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.AuthorityUtils;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatCode;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * Tests for {@link DefaultOAuth2AuthenticatedPrincipal}
@@ -43,10 +43,10 @@ public class DefaultOAuth2AuthenticatedPrincipalTests {
 
 	@Test
 	public void constructorWhenAttributesIsNullOrEmptyThenIllegalArgumentException() {
-		assertThatCode(() -> new DefaultOAuth2AuthenticatedPrincipal(null, this.authorities))
-				.isInstanceOf(IllegalArgumentException.class);
-		assertThatCode(() -> new DefaultOAuth2AuthenticatedPrincipal(Collections.emptyMap(), this.authorities))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new DefaultOAuth2AuthenticatedPrincipal(null, this.authorities));
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new DefaultOAuth2AuthenticatedPrincipal(Collections.emptyMap(), this.authorities));
 	}
 
 	@Test
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/DelegatingOAuth2TokenValidatorTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/DelegatingOAuth2TokenValidatorTests.java
index 5e23cec5d9..ce4fa6b365 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/DelegatingOAuth2TokenValidatorTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/DelegatingOAuth2TokenValidatorTests.java
@@ -22,7 +22,7 @@ import java.util.Collection;
 import org.junit.Test;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatCode;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
@@ -92,9 +92,8 @@ public class DelegatingOAuth2TokenValidatorTests {
 
 	@Test
 	public void constructorWhenInvokedWithNullValidatorListThenThrowsIllegalArgumentException() {
-		assertThatCode(() -> new DelegatingOAuth2TokenValidator<>(
-				(Collection<OAuth2TokenValidator<AbstractOAuth2Token>>) null))
-						.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> new DelegatingOAuth2TokenValidator<>(
+				(Collection<OAuth2TokenValidator<AbstractOAuth2Token>>) null));
 	}
 
 	@Test
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/converter/ClaimTypeConverterTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/converter/ClaimTypeConverterTests.java
index d09bff9892..0b0d9f0acd 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/converter/ClaimTypeConverterTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/converter/ClaimTypeConverterTests.java
@@ -31,7 +31,7 @@ import org.springframework.core.convert.TypeDescriptor;
 import org.springframework.core.convert.converter.Converter;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * Tests for {@link ClaimTypeConverter}.
@@ -89,15 +89,14 @@ public class ClaimTypeConverterTests {
 
 	@Test
 	public void constructorWhenConvertersNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> new ClaimTypeConverter(null)).isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> new ClaimTypeConverter(null));
 	}
 
 	@Test
 	public void constructorWhenConvertersHasNullConverterThenThrowIllegalArgumentException() {
 		Map<String, Converter<Object, ?>> claimTypeConverters = new HashMap<>();
 		claimTypeConverters.put("claim1", null);
-		assertThatThrownBy(() -> new ClaimTypeConverter(claimTypeConverters))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> new ClaimTypeConverter(claimTypeConverters));
 	}
 
 	@Test
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequestTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequestTests.java
index 3855e1eae8..c823500f34 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequestTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequestTests.java
@@ -28,8 +28,7 @@ import org.junit.Test;
 import org.springframework.security.oauth2.core.AuthorizationGrantType;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatCode;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * Tests for {@link OAuth2AuthorizationRequest}.
@@ -51,50 +50,47 @@ public class OAuth2AuthorizationRequestTests {
 
 	@Test
 	public void buildWhenAuthorizationUriIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> OAuth2AuthorizationRequest.authorizationCode().authorizationUri(null)
-				.clientId(CLIENT_ID).redirectUri(REDIRECT_URI).scopes(SCOPES).state(STATE).build())
-						.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> OAuth2AuthorizationRequest.authorizationCode().authorizationUri(null)
+						.clientId(CLIENT_ID).redirectUri(REDIRECT_URI).scopes(SCOPES).state(STATE).build());
 	}
 
 	@Test
 	public void buildWhenClientIdIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> OAuth2AuthorizationRequest.authorizationCode().authorizationUri(AUTHORIZATION_URI)
-				.clientId(null).redirectUri(REDIRECT_URI).scopes(SCOPES).state(STATE).build())
-						.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> OAuth2AuthorizationRequest.authorizationCode().authorizationUri(AUTHORIZATION_URI)
+						.clientId(null).redirectUri(REDIRECT_URI).scopes(SCOPES).state(STATE).build());
 	}
 
 	@Test
 	public void buildWhenRedirectUriIsNullForImplicitThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> OAuth2AuthorizationRequest.implicit().authorizationUri(AUTHORIZATION_URI)
-				.clientId(CLIENT_ID).redirectUri(null).scopes(SCOPES).state(STATE).build())
-						.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> OAuth2AuthorizationRequest.implicit().authorizationUri(AUTHORIZATION_URI)
+						.clientId(CLIENT_ID).redirectUri(null).scopes(SCOPES).state(STATE).build());
 	}
 
 	@Test
 	public void buildWhenRedirectUriIsNullForAuthorizationCodeThenDoesNotThrowAnyException() {
-		assertThatCode(() -> OAuth2AuthorizationRequest.authorizationCode().authorizationUri(AUTHORIZATION_URI)
-				.clientId(CLIENT_ID).redirectUri(null).scopes(SCOPES).state(STATE).build()).doesNotThrowAnyException();
+		OAuth2AuthorizationRequest.authorizationCode().authorizationUri(AUTHORIZATION_URI).clientId(CLIENT_ID)
+				.redirectUri(null).scopes(SCOPES).state(STATE).build();
 	}
 
 	@Test
 	public void buildWhenScopesIsNullThenDoesNotThrowAnyException() {
-		assertThatCode(() -> OAuth2AuthorizationRequest.authorizationCode().authorizationUri(AUTHORIZATION_URI)
-				.clientId(CLIENT_ID).redirectUri(REDIRECT_URI).scopes(null).state(STATE).build())
-						.doesNotThrowAnyException();
+		OAuth2AuthorizationRequest.authorizationCode().authorizationUri(AUTHORIZATION_URI).clientId(CLIENT_ID)
+				.redirectUri(REDIRECT_URI).scopes(null).state(STATE).build();
 	}
 
 	@Test
 	public void buildWhenStateIsNullThenDoesNotThrowAnyException() {
-		assertThatCode(() -> OAuth2AuthorizationRequest.authorizationCode().authorizationUri(AUTHORIZATION_URI)
-				.clientId(CLIENT_ID).redirectUri(REDIRECT_URI).scopes(SCOPES).state(null).build())
-						.doesNotThrowAnyException();
+		OAuth2AuthorizationRequest.authorizationCode().authorizationUri(AUTHORIZATION_URI).clientId(CLIENT_ID)
+				.redirectUri(REDIRECT_URI).scopes(SCOPES).state(null).build();
 	}
 
 	@Test
 	public void buildWhenAdditionalParametersEmptyThenDoesNotThrowAnyException() {
-		assertThatCode(() -> OAuth2AuthorizationRequest.authorizationCode().authorizationUri(AUTHORIZATION_URI)
-				.clientId(CLIENT_ID).redirectUri(REDIRECT_URI).scopes(SCOPES).state(STATE)
-				.additionalParameters(Map::clear).build()).doesNotThrowAnyException();
+		OAuth2AuthorizationRequest.authorizationCode().authorizationUri(AUTHORIZATION_URI).clientId(CLIENT_ID)
+				.redirectUri(REDIRECT_URI).scopes(SCOPES).state(STATE).additionalParameters(Map::clear).build();
 	}
 
 	@Test
@@ -189,7 +185,7 @@ public class OAuth2AuthorizationRequestTests {
 
 	@Test
 	public void fromWhenAuthorizationRequestIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> OAuth2AuthorizationRequest.from(null)).isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> OAuth2AuthorizationRequest.from(null));
 	}
 
 	@Test
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationResponseTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationResponseTests.java
index d7ba2d2d28..dd7c5e1d9d 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationResponseTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationResponseTests.java
@@ -19,7 +19,6 @@ package org.springframework.security.oauth2.core.endpoint;
 import org.junit.Test;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatCode;
 
 /**
  * Tests for {@link OAuth2AuthorizationResponse}.
@@ -52,9 +51,7 @@ public class OAuth2AuthorizationResponseTests {
 
 	@Test
 	public void buildSuccessResponseWhenStateIsNullThenDoesNotThrowAnyException() {
-		assertThatCode(
-				() -> OAuth2AuthorizationResponse.success(AUTH_CODE).redirectUri(REDIRECT_URI).state(null).build())
-						.doesNotThrowAnyException();
+		OAuth2AuthorizationResponse.success(AUTH_CODE).redirectUri(REDIRECT_URI).state(null).build();
 	}
 
 	@Test
@@ -84,9 +81,7 @@ public class OAuth2AuthorizationResponseTests {
 
 	@Test
 	public void buildErrorResponseWhenStateIsNullThenDoesNotThrowAnyException() {
-		assertThatCode(
-				() -> OAuth2AuthorizationResponse.error(ERROR_CODE).redirectUri(REDIRECT_URI).state(null).build())
-						.doesNotThrowAnyException();
+		OAuth2AuthorizationResponse.error(ERROR_CODE).redirectUri(REDIRECT_URI).state(null).build();
 	}
 
 	@Test
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/http/converter/OAuth2AccessTokenResponseHttpMessageConverterTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/http/converter/OAuth2AccessTokenResponseHttpMessageConverterTests.java
index 3a6f98a92f..0fc466a072 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/http/converter/OAuth2AccessTokenResponseHttpMessageConverterTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/http/converter/OAuth2AccessTokenResponseHttpMessageConverterTests.java
@@ -36,7 +36,8 @@ import org.springframework.security.oauth2.core.OAuth2AccessToken;
 import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.assertj.core.api.Assertions.entry;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.BDDMockito.given;
@@ -63,14 +64,13 @@ public class OAuth2AccessTokenResponseHttpMessageConverterTests {
 
 	@Test
 	public void setTokenResponseConverterWhenConverterIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.messageConverter.setTokenResponseConverter(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.messageConverter.setTokenResponseConverter(null));
 	}
 
 	@Test
 	public void setTokenResponseParametersConverterWhenConverterIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.messageConverter.setTokenResponseParametersConverter(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.messageConverter.setTokenResponseParametersConverter(null));
 	}
 
 	@Test
@@ -141,9 +141,9 @@ public class OAuth2AccessTokenResponseHttpMessageConverterTests {
 		this.messageConverter.setTokenResponseConverter(tokenResponseConverter);
 		String tokenResponse = "{}";
 		MockClientHttpResponse response = new MockClientHttpResponse(tokenResponse.getBytes(), HttpStatus.OK);
-		assertThatThrownBy(() -> this.messageConverter.readInternal(OAuth2AccessTokenResponse.class, response))
-				.isInstanceOf(HttpMessageNotReadableException.class)
-				.hasMessageContaining("An error occurred reading the OAuth 2.0 Access Token Response");
+		assertThatExceptionOfType(HttpMessageNotReadableException.class)
+				.isThrownBy(() -> this.messageConverter.readInternal(OAuth2AccessTokenResponse.class, response))
+				.withMessageContaining("An error occurred reading the OAuth 2.0 Access Token Response");
 	}
 
 	@Test
@@ -177,9 +177,9 @@ public class OAuth2AccessTokenResponseHttpMessageConverterTests {
 				.tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(Instant.now().plusSeconds(3600).toEpochMilli())
 				.build();
 		MockHttpOutputMessage outputMessage = new MockHttpOutputMessage();
-		assertThatThrownBy(() -> this.messageConverter.writeInternal(accessTokenResponse, outputMessage))
-				.isInstanceOf(HttpMessageNotWritableException.class)
-				.hasMessageContaining("An error occurred writing the OAuth 2.0 Access Token Response");
+		assertThatExceptionOfType(HttpMessageNotWritableException.class)
+				.isThrownBy(() -> this.messageConverter.writeInternal(accessTokenResponse, outputMessage))
+				.withMessageContaining("An error occurred writing the OAuth 2.0 Access Token Response");
 	}
 
 }
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/http/converter/OAuth2ErrorHttpMessageConverterTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/http/converter/OAuth2ErrorHttpMessageConverterTests.java
index 0e9dc1ad14..a28b1d890e 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/http/converter/OAuth2ErrorHttpMessageConverterTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/http/converter/OAuth2ErrorHttpMessageConverterTests.java
@@ -28,7 +28,8 @@ import org.springframework.mock.http.client.MockClientHttpResponse;
 import org.springframework.security.oauth2.core.OAuth2Error;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
@@ -54,14 +55,12 @@ public class OAuth2ErrorHttpMessageConverterTests {
 
 	@Test
 	public void setErrorConverterWhenConverterIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.messageConverter.setErrorConverter(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.messageConverter.setErrorConverter(null));
 	}
 
 	@Test
 	public void setErrorParametersConverterWhenConverterIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> this.messageConverter.setErrorParametersConverter(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.messageConverter.setErrorParametersConverter(null));
 	}
 
 	@Test
@@ -96,9 +95,9 @@ public class OAuth2ErrorHttpMessageConverterTests {
 		this.messageConverter.setErrorConverter(errorConverter);
 		String errorResponse = "{}";
 		MockClientHttpResponse response = new MockClientHttpResponse(errorResponse.getBytes(), HttpStatus.BAD_REQUEST);
-		assertThatThrownBy(() -> this.messageConverter.readInternal(OAuth2Error.class, response))
-				.isInstanceOf(HttpMessageNotReadableException.class)
-				.hasMessageContaining("An error occurred reading the OAuth 2.0 Error");
+		assertThatExceptionOfType(HttpMessageNotReadableException.class)
+				.isThrownBy(() -> this.messageConverter.readInternal(OAuth2Error.class, response))
+				.withMessageContaining("An error occurred reading the OAuth 2.0 Error");
 	}
 
 	@Test
@@ -121,9 +120,9 @@ public class OAuth2ErrorHttpMessageConverterTests {
 		OAuth2Error oauth2Error = new OAuth2Error("unauthorized_client", "The client is not authorized",
 				"https://tools.ietf.org/html/rfc6749#section-5.2");
 		MockHttpOutputMessage outputMessage = new MockHttpOutputMessage();
-		assertThatThrownBy(() -> this.messageConverter.writeInternal(oauth2Error, outputMessage))
-				.isInstanceOf(HttpMessageNotWritableException.class)
-				.hasMessageContaining("An error occurred writing the OAuth 2.0 Error");
+		assertThatExceptionOfType(HttpMessageNotWritableException.class)
+				.isThrownBy(() -> this.messageConverter.writeInternal(oauth2Error, outputMessage))
+				.withMessageContaining("An error occurred writing the OAuth 2.0 Error");
 	}
 
 }
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcIdTokenBuilderTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcIdTokenBuilderTests.java
index adcce05236..0b62a74f9b 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcIdTokenBuilderTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcIdTokenBuilderTests.java
@@ -21,7 +21,7 @@ import java.time.Instant;
 import org.junit.Test;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatCode;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * Tests for {@link OidcUserInfo}
@@ -51,8 +51,8 @@ public class OidcIdTokenBuilderTests {
 		assertThat(idToken.getExpiresAt()).isSameAs(now);
 		idToken = idTokenBuilder.expiresAt(now).build();
 		assertThat(idToken.getExpiresAt()).isSameAs(now);
-		assertThatCode(() -> idTokenBuilder.claim(IdTokenClaimNames.EXP, "not an instant").build())
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> idTokenBuilder.claim(IdTokenClaimNames.EXP, "not an instant").build());
 	}
 
 	@Test
@@ -63,8 +63,8 @@ public class OidcIdTokenBuilderTests {
 		assertThat(idToken.getIssuedAt()).isSameAs(now);
 		idToken = idTokenBuilder.issuedAt(now).build();
 		assertThat(idToken.getIssuedAt()).isSameAs(now);
-		assertThatCode(() -> idTokenBuilder.claim(IdTokenClaimNames.IAT, "not an instant").build())
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> idTokenBuilder.claim(IdTokenClaimNames.IAT, "not an instant").build());
 	}
 
 	@Test
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/user/OidcUserAuthorityTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/user/OidcUserAuthorityTests.java
index d086c3eb99..f139e6c167 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/user/OidcUserAuthorityTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/user/OidcUserAuthorityTests.java
@@ -28,7 +28,6 @@ import org.springframework.security.oauth2.core.oidc.OidcUserInfo;
 import org.springframework.security.oauth2.core.oidc.StandardClaimNames;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatCode;
 
 /**
  * Tests for {@link OidcUserAuthority}.
@@ -66,7 +65,7 @@ public class OidcUserAuthorityTests {
 
 	@Test
 	public void constructorWhenUserInfoIsNullThenDoesNotThrowAnyException() {
-		assertThatCode(() -> new OidcUserAuthority(ID_TOKEN, null)).doesNotThrowAnyException();
+		new OidcUserAuthority(ID_TOKEN, null);
 	}
 
 	@Test(expected = IllegalArgumentException.class)
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/web/reactive/function/OAuth2BodyExtractorsTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/web/reactive/function/OAuth2BodyExtractorsTests.java
index abe976ecc8..754592cf41 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/web/reactive/function/OAuth2BodyExtractorsTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/web/reactive/function/OAuth2BodyExtractorsTests.java
@@ -44,7 +44,7 @@ import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenRespon
 import org.springframework.web.reactive.function.BodyExtractor;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatCode;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 
 /**
  * @author Rob Winch
@@ -90,8 +90,8 @@ public class OAuth2BodyExtractorsTests {
 		response.getHeaders().setContentType(MediaType.APPLICATION_JSON);
 		response.setBody("{");
 		Mono<OAuth2AccessTokenResponse> result = extractor.extract(response, this.context);
-		assertThatCode(result::block).isInstanceOf(OAuth2AuthorizationException.class)
-				.hasMessageContaining("An error occurred parsing the Access Token response");
+		assertThatExceptionOfType(OAuth2AuthorizationException.class).isThrownBy(result::block)
+				.withMessageContaining("An error occurred parsing the Access Token response");
 	}
 
 	@Test
@@ -100,8 +100,8 @@ public class OAuth2BodyExtractorsTests {
 				.oauth2AccessTokenResponse();
 		MockClientHttpResponse response = new MockClientHttpResponse(HttpStatus.OK);
 		Mono<OAuth2AccessTokenResponse> result = extractor.extract(response, this.context);
-		assertThatCode(result::block).isInstanceOf(OAuth2AuthorizationException.class)
-				.hasMessageContaining("Empty OAuth 2.0 Access Token Response");
+		assertThatExceptionOfType(OAuth2AuthorizationException.class).isThrownBy(result::block)
+				.withMessageContaining("Empty OAuth 2.0 Access Token Response");
 	}
 
 	@Test
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtBuilderTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtBuilderTests.java
index efac7719f7..4aab4d0e2d 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtBuilderTests.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtBuilderTests.java
@@ -21,7 +21,7 @@ import java.time.Instant;
 import org.junit.Test;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatCode;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * Tests for {@link Jwt.Builder}.
@@ -59,8 +59,8 @@ public class JwtBuilderTests {
 		assertThat(jwt.getExpiresAt()).isSameAs(now);
 		jwt = jwtBuilder.expiresAt(now).build();
 		assertThat(jwt.getExpiresAt()).isSameAs(now);
-		assertThatCode(() -> jwtBuilder.claim(JwtClaimNames.EXP, "not an instant").build())
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> jwtBuilder.claim(JwtClaimNames.EXP, "not an instant").build());
 	}
 
 	@Test
@@ -71,8 +71,8 @@ public class JwtBuilderTests {
 		assertThat(jwt.getIssuedAt()).isSameAs(now);
 		jwt = jwtBuilder.issuedAt(now).build();
 		assertThat(jwt.getIssuedAt()).isSameAs(now);
-		assertThatCode(() -> jwtBuilder.claim(JwtClaimNames.IAT, "not an instant").build())
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> jwtBuilder.claim(JwtClaimNames.IAT, "not an instant").build());
 	}
 
 	@Test
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtClaimValidatorTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtClaimValidatorTests.java
index 26e60fed35..820d73e322 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtClaimValidatorTests.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtClaimValidatorTests.java
@@ -23,7 +23,7 @@ import org.junit.Test;
 import org.springframework.security.oauth2.core.OAuth2TokenValidatorResult;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * Tests for {@link JwtClaimValidator}.
@@ -50,18 +50,17 @@ public class JwtClaimValidatorTests {
 
 	@Test
 	public void validateWhenClaimIsNullThenThrowsIllegalArgumentException() {
-		assertThatThrownBy(() -> new JwtClaimValidator<>(null, test)).isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> new JwtClaimValidator<>(null, test));
 	}
 
 	@Test
 	public void validateWhenTestIsNullThenThrowsIllegalArgumentException() {
-		assertThatThrownBy(() -> new JwtClaimValidator<>(JwtClaimNames.ISS, null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> new JwtClaimValidator<>(JwtClaimNames.ISS, null));
 	}
 
 	@Test
 	public void validateWhenJwtIsNullThenThrowsIllegalArgumentException() {
-		assertThatThrownBy(() -> this.validator.validate(null)).isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.validator.validate(null));
 	}
 
 }
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtDecodersTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtDecodersTests.java
index c3206a37f3..7f6b4da77e 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtDecodersTests.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtDecodersTests.java
@@ -39,7 +39,9 @@ import org.springframework.http.MediaType;
 import org.springframework.web.util.UriComponentsBuilder;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatCode;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
+import static org.assertj.core.api.Assertions.assertThatIllegalStateException;
 
 /**
  * Tests for {@link JwtDecoders}
@@ -91,24 +93,24 @@ public class JwtDecodersTests {
 	public void issuerWhenResponseIsTypicalThenReturnedDecoderValidatesIssuer() {
 		prepareConfigurationResponse();
 		JwtDecoder decoder = JwtDecoders.fromOidcIssuerLocation(this.issuer);
-		assertThatCode(() -> decoder.decode(ISSUER_MISMATCH)).isInstanceOf(JwtValidationException.class)
-				.hasMessageContaining("The iss claim is not valid");
+		assertThatExceptionOfType(JwtValidationException.class).isThrownBy(() -> decoder.decode(ISSUER_MISMATCH))
+				.withMessageContaining("The iss claim is not valid");
 	}
 
 	@Test
 	public void issuerWhenOidcFallbackResponseIsTypicalThenReturnedDecoderValidatesIssuer() {
 		prepareConfigurationResponseOidc();
 		JwtDecoder decoder = JwtDecoders.fromIssuerLocation(this.issuer);
-		assertThatCode(() -> decoder.decode(ISSUER_MISMATCH)).isInstanceOf(JwtValidationException.class)
-				.hasMessageContaining("The iss claim is not valid");
+		assertThatExceptionOfType(JwtValidationException.class).isThrownBy(() -> decoder.decode(ISSUER_MISMATCH))
+				.withMessageContaining("The iss claim is not valid");
 	}
 
 	@Test
 	public void issuerWhenOAuth2ResponseIsTypicalThenReturnedDecoderValidatesIssuer() {
 		prepareConfigurationResponseOAuth2();
 		JwtDecoder decoder = JwtDecoders.fromIssuerLocation(this.issuer);
-		assertThatCode(() -> decoder.decode(ISSUER_MISMATCH)).isInstanceOf(JwtValidationException.class)
-				.hasMessageContaining("The iss claim is not valid");
+		assertThatExceptionOfType(JwtValidationException.class).isThrownBy(() -> decoder.decode(ISSUER_MISMATCH))
+				.withMessageContaining("The iss claim is not valid");
 	}
 
 	@Test
@@ -138,19 +140,20 @@ public class JwtDecodersTests {
 	@Test
 	public void issuerWhenResponseIsNonCompliantThenThrowsRuntimeException() {
 		prepareConfigurationResponse("{ \"missing_required_keys\" : \"and_values\" }");
-		assertThatCode(() -> JwtDecoders.fromOidcIssuerLocation(this.issuer)).isInstanceOf(RuntimeException.class);
+		assertThatExceptionOfType(RuntimeException.class)
+				.isThrownBy(() -> JwtDecoders.fromOidcIssuerLocation(this.issuer));
 	}
 
 	@Test
 	public void issuerWhenOidcFallbackResponseIsNonCompliantThenThrowsRuntimeException() {
 		prepareConfigurationResponseOidc("{ \"missing_required_keys\" : \"and_values\" }");
-		assertThatCode(() -> JwtDecoders.fromIssuerLocation(this.issuer)).isInstanceOf(RuntimeException.class);
+		assertThatExceptionOfType(RuntimeException.class).isThrownBy(() -> JwtDecoders.fromIssuerLocation(this.issuer));
 	}
 
 	@Test
 	public void issuerWhenOAuth2ResponseIsNonCompliantThenThrowsRuntimeException() {
 		prepareConfigurationResponseOAuth2("{ \"missing_required_keys\" : \"and_values\" }");
-		assertThatCode(() -> JwtDecoders.fromIssuerLocation(this.issuer)).isInstanceOf(RuntimeException.class);
+		assertThatExceptionOfType(RuntimeException.class).isThrownBy(() -> JwtDecoders.fromIssuerLocation(this.issuer));
 	}
 
 	// gh-7512
@@ -158,8 +161,8 @@ public class JwtDecodersTests {
 	public void issuerWhenResponseDoesNotContainJwksUriThenThrowsIllegalArgumentException()
 			throws JsonMappingException, JsonProcessingException {
 		prepareConfigurationResponse(this.buildResponseWithMissingJwksUri());
-		assertThatCode(() -> JwtDecoders.fromOidcIssuerLocation(this.issuer))
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("The public JWK set URI must not be null");
+		assertThatIllegalArgumentException().isThrownBy(() -> JwtDecoders.fromOidcIssuerLocation(this.issuer))
+				.withMessage("The public JWK set URI must not be null");
 	}
 
 	// gh-7512
@@ -167,8 +170,8 @@ public class JwtDecodersTests {
 	public void issuerWhenOidcFallbackResponseDoesNotContainJwksUriThenThrowsIllegalArgumentException()
 			throws JsonMappingException, JsonProcessingException {
 		prepareConfigurationResponseOidc(this.buildResponseWithMissingJwksUri());
-		assertThatCode(() -> JwtDecoders.fromIssuerLocation(this.issuer)).isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("The public JWK set URI must not be null");
+		assertThatIllegalArgumentException().isThrownBy(() -> JwtDecoders.fromIssuerLocation(this.issuer))
+				.isInstanceOf(IllegalArgumentException.class).withMessage("The public JWK set URI must not be null");
 	}
 
 	// gh-7512
@@ -176,60 +179,59 @@ public class JwtDecodersTests {
 	public void issuerWhenOAuth2ResponseDoesNotContainJwksUriThenThrowsIllegalArgumentException()
 			throws JsonMappingException, JsonProcessingException {
 		prepareConfigurationResponseOAuth2(this.buildResponseWithMissingJwksUri());
-		assertThatCode(() -> JwtDecoders.fromIssuerLocation(this.issuer)).isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("The public JWK set URI must not be null");
+		assertThatIllegalArgumentException().isThrownBy(() -> JwtDecoders.fromIssuerLocation(this.issuer))
+				.withMessage("The public JWK set URI must not be null");
 	}
 
 	@Test
 	public void issuerWhenResponseIsMalformedThenThrowsRuntimeException() {
 		prepareConfigurationResponse("malformed");
-		assertThatCode(() -> JwtDecoders.fromOidcIssuerLocation(this.issuer)).isInstanceOf(RuntimeException.class);
+		assertThatExceptionOfType(RuntimeException.class)
+				.isThrownBy(() -> JwtDecoders.fromOidcIssuerLocation(this.issuer));
 	}
 
 	@Test
 	public void issuerWhenOidcFallbackResponseIsMalformedThenThrowsRuntimeException() {
 		prepareConfigurationResponseOidc("malformed");
-		assertThatCode(() -> JwtDecoders.fromIssuerLocation(this.issuer)).isInstanceOf(RuntimeException.class);
+		assertThatExceptionOfType(RuntimeException.class).isThrownBy(() -> JwtDecoders.fromIssuerLocation(this.issuer));
 	}
 
 	@Test
 	public void issuerWhenOAuth2ResponseIsMalformedThenThrowsRuntimeException() {
 		prepareConfigurationResponseOAuth2("malformed");
-		assertThatCode(() -> JwtDecoders.fromIssuerLocation(this.issuer)).isInstanceOf(RuntimeException.class);
+		assertThatExceptionOfType(RuntimeException.class).isThrownBy(() -> JwtDecoders.fromIssuerLocation(this.issuer));
 	}
 
 	@Test
 	public void issuerWhenRespondingIssuerMismatchesRequestedIssuerThenThrowsIllegalStateException() {
 		prepareConfigurationResponse(String.format(DEFAULT_RESPONSE_TEMPLATE, this.issuer + "/wrong", this.issuer));
-		assertThatCode(() -> JwtDecoders.fromOidcIssuerLocation(this.issuer)).isInstanceOf(IllegalStateException.class);
+		assertThatIllegalStateException().isThrownBy(() -> JwtDecoders.fromOidcIssuerLocation(this.issuer));
 	}
 
 	@Test
 	public void issuerWhenOidcFallbackRespondingIssuerMismatchesRequestedIssuerThenThrowsIllegalStateException() {
 		prepareConfigurationResponseOidc(String.format(DEFAULT_RESPONSE_TEMPLATE, this.issuer + "/wrong", this.issuer));
-		assertThatCode(() -> JwtDecoders.fromIssuerLocation(this.issuer)).isInstanceOf(IllegalStateException.class);
+		assertThatIllegalStateException().isThrownBy(() -> JwtDecoders.fromIssuerLocation(this.issuer));
 	}
 
 	@Test
 	public void issuerWhenOAuth2RespondingIssuerMismatchesRequestedIssuerThenThrowsIllegalStateException() {
 		prepareConfigurationResponseOAuth2(
 				String.format(DEFAULT_RESPONSE_TEMPLATE, this.issuer + "/wrong", this.issuer));
-		assertThatCode(() -> JwtDecoders.fromIssuerLocation(this.issuer)).isInstanceOf(IllegalStateException.class);
+		assertThatIllegalStateException().isThrownBy(() -> JwtDecoders.fromIssuerLocation(this.issuer));
 	}
 
 	@Test
 	public void issuerWhenRequestedIssuerIsUnresponsiveThenThrowsIllegalArgumentException() throws Exception {
 		this.server.shutdown();
-		assertThatCode(() -> JwtDecoders.fromOidcIssuerLocation("https://issuer"))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> JwtDecoders.fromOidcIssuerLocation("https://issuer"));
 	}
 
 	@Test
 	public void issuerWhenOidcFallbackRequestedIssuerIsUnresponsiveThenThrowsIllegalArgumentException()
 			throws Exception {
 		this.server.shutdown();
-		assertThatCode(() -> JwtDecoders.fromIssuerLocation("https://issuer"))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> JwtDecoders.fromIssuerLocation("https://issuer"));
 	}
 
 	private void prepareConfigurationResponse() {
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtIssuerValidatorTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtIssuerValidatorTests.java
index 501beb5fb9..5127b086a6 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtIssuerValidatorTests.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtIssuerValidatorTests.java
@@ -21,7 +21,7 @@ import org.junit.Test;
 import org.springframework.security.oauth2.core.OAuth2TokenValidatorResult;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatCode;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * @author Josh Cummings
@@ -63,12 +63,12 @@ public class JwtIssuerValidatorTests {
 
 	@Test
 	public void validateWhenJwtIsNullThenThrowsIllegalArgumentException() {
-		assertThatCode(() -> this.validator.validate(null)).isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.validator.validate(null));
 	}
 
 	@Test
 	public void constructorWhenNullIssuerIsGivenThenThrowsIllegalArgumentException() {
-		assertThatCode(() -> new JwtIssuerValidator(null)).isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> new JwtIssuerValidator(null));
 	}
 
 }
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtTimestampValidatorTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtTimestampValidatorTests.java
index 8cac7c007c..7f17fb761b 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtTimestampValidatorTests.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtTimestampValidatorTests.java
@@ -32,7 +32,7 @@ import org.springframework.security.oauth2.core.OAuth2TokenValidatorResult;
 import org.springframework.security.oauth2.jose.jws.JwsAlgorithms;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatCode;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * Tests verifying {@link JwtTimestampValidator}
@@ -137,12 +137,12 @@ public class JwtTimestampValidatorTests {
 	@Test
 	public void setClockWhenInvokedWithNullThenThrowsIllegalArgumentException() {
 		JwtTimestampValidator jwtValidator = new JwtTimestampValidator();
-		assertThatCode(() -> jwtValidator.setClock(null)).isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> jwtValidator.setClock(null));
 	}
 
 	@Test
 	public void constructorWhenInvokedWithNullDurationThenThrowsIllegalArgumentException() {
-		assertThatCode(() -> new JwtTimestampValidator(null)).isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> new JwtTimestampValidator(null));
 	}
 
 }
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/MappedJwtClaimSetConverterTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/MappedJwtClaimSetConverterTests.java
index d27b08df2a..403d5692ea 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/MappedJwtClaimSetConverterTests.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/MappedJwtClaimSetConverterTests.java
@@ -31,7 +31,8 @@ import org.junit.Test;
 import org.springframework.core.convert.converter.Converter;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatCode;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
+import static org.assertj.core.api.Assertions.assertThatIllegalStateException;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
@@ -169,13 +170,13 @@ public class MappedJwtClaimSetConverterTests {
 	public void convertWhenUsingDefaultsThenFailedConversionThrowsIllegalStateException() {
 		MappedJwtClaimSetConverter converter = MappedJwtClaimSetConverter.withDefaults(Collections.emptyMap());
 		Map<String, Object> badIssuer = Collections.singletonMap(JwtClaimNames.ISS, "https://badly formed iss");
-		assertThatCode(() -> converter.convert(badIssuer)).isInstanceOf(IllegalStateException.class);
+		assertThatIllegalStateException().isThrownBy(() -> converter.convert(badIssuer));
 		Map<String, Object> badIssuedAt = Collections.singletonMap(JwtClaimNames.IAT, "badly-formed-iat");
-		assertThatCode(() -> converter.convert(badIssuedAt)).isInstanceOf(IllegalStateException.class);
+		assertThatIllegalStateException().isThrownBy(() -> converter.convert(badIssuedAt));
 		Map<String, Object> badExpiresAt = Collections.singletonMap(JwtClaimNames.EXP, "badly-formed-exp");
-		assertThatCode(() -> converter.convert(badExpiresAt)).isInstanceOf(IllegalStateException.class);
+		assertThatIllegalStateException().isThrownBy(() -> converter.convert(badExpiresAt));
 		Map<String, Object> badNotBefore = Collections.singletonMap(JwtClaimNames.NBF, "badly-formed-nbf");
-		assertThatCode(() -> converter.convert(badNotBefore)).isInstanceOf(IllegalStateException.class);
+		assertThatIllegalStateException().isThrownBy(() -> converter.convert(badNotBefore));
 	}
 
 	// gh-6073
@@ -198,13 +199,12 @@ public class MappedJwtClaimSetConverterTests {
 
 	@Test
 	public void constructWhenAnyParameterIsNullThenIllegalArgumentException() {
-		assertThatCode(() -> new MappedJwtClaimSetConverter(null)).isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> new MappedJwtClaimSetConverter(null));
 	}
 
 	@Test
 	public void withDefaultsWhenAnyParameterIsNullThenIllegalArgumentException() {
-		assertThatCode(() -> MappedJwtClaimSetConverter.withDefaults(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> MappedJwtClaimSetConverter.withDefaults(null));
 	}
 
 }
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderJwkSupportTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderJwkSupportTests.java
index b0b848f875..26d7c5f9c9 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderJwkSupportTests.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderJwkSupportTests.java
@@ -23,7 +23,6 @@ import java.util.Map;
 
 import okhttp3.mockwebserver.MockResponse;
 import okhttp3.mockwebserver.MockWebServer;
-import org.assertj.core.api.Assertions;
 import org.junit.Test;
 
 import org.springframework.core.convert.converter.Converter;
@@ -38,8 +37,8 @@ import org.springframework.web.client.RestOperations;
 import org.springframework.web.client.RestTemplate;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatCode;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.BDDMockito.given;
@@ -73,30 +72,27 @@ public class NimbusJwtDecoderJwkSupportTests {
 
 	@Test
 	public void constructorWhenJwkSetUrlIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> new NimbusJwtDecoderJwkSupport(null)).isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> new NimbusJwtDecoderJwkSupport(null));
 	}
 
 	@Test
 	public void constructorWhenJwkSetUrlInvalidThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> new NimbusJwtDecoderJwkSupport("invalid.com"))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> new NimbusJwtDecoderJwkSupport("invalid.com"));
 	}
 
 	@Test
 	public void constructorWhenJwsAlgorithmIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> new NimbusJwtDecoderJwkSupport(JWK_SET_URL, null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> new NimbusJwtDecoderJwkSupport(JWK_SET_URL, null));
 	}
 
 	@Test
 	public void setRestOperationsWhenNullThenThrowIllegalArgumentException() {
-		Assertions.assertThatThrownBy(() -> this.jwtDecoder.setRestOperations(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.jwtDecoder.setRestOperations(null));
 	}
 
 	@Test
 	public void decodeWhenJwtInvalidThenThrowJwtException() {
-		assertThatThrownBy(() -> this.jwtDecoder.decode("invalid")).isInstanceOf(JwtException.class);
+		assertThatExceptionOfType(JwtException.class).isThrownBy(() -> this.jwtDecoder.decode("invalid"));
 	}
 
 	// gh-5168
@@ -109,14 +105,14 @@ public class NimbusJwtDecoderJwkSupportTests {
 			claims.remove(JwtClaimNames.EXP);
 			return claims;
 		});
-		assertThatCode(() -> jwtDecoder.decode(SIGNED_JWT)).doesNotThrowAnyException();
+		jwtDecoder.decode(SIGNED_JWT);
 	}
 
 	// gh-5457
 	@Test
 	public void decodeWhenPlainJwtThenExceptionDoesNotMentionClass() {
-		assertThatCode(() -> this.jwtDecoder.decode(UNSIGNED_JWT)).isInstanceOf(JwtException.class)
-				.hasMessageContaining("Unsupported algorithm of none");
+		assertThatExceptionOfType(JwtException.class).isThrownBy(() -> this.jwtDecoder.decode(UNSIGNED_JWT))
+				.withMessageContaining("Unsupported algorithm of none");
 	}
 
 	@Test
@@ -125,8 +121,8 @@ public class NimbusJwtDecoderJwkSupportTests {
 			server.enqueue(new MockResponse().setBody(JWK_SET));
 			String jwkSetUrl = server.url("/.well-known/jwks.json").toString();
 			NimbusJwtDecoderJwkSupport jwtDecoder = new NimbusJwtDecoderJwkSupport(jwkSetUrl);
-			assertThatCode(() -> jwtDecoder.decode(MALFORMED_JWT)).isInstanceOf(JwtException.class)
-					.hasMessage("An error occurred while attempting to decode the Jwt: Malformed payload");
+			assertThatExceptionOfType(JwtException.class).isThrownBy(() -> jwtDecoder.decode(MALFORMED_JWT))
+					.withMessage("An error occurred while attempting to decode the Jwt: Malformed payload");
 			server.shutdown();
 		}
 	}
@@ -137,8 +133,8 @@ public class NimbusJwtDecoderJwkSupportTests {
 			server.enqueue(new MockResponse().setBody(MALFORMED_JWK_SET));
 			String jwkSetUrl = server.url("/.well-known/jwks.json").toString();
 			NimbusJwtDecoderJwkSupport jwtDecoder = new NimbusJwtDecoderJwkSupport(jwkSetUrl);
-			assertThatCode(() -> jwtDecoder.decode(SIGNED_JWT)).isInstanceOf(JwtException.class)
-					.hasMessage("An error occurred while attempting to decode the Jwt: Malformed Jwk set");
+			assertThatExceptionOfType(JwtException.class).isThrownBy(() -> jwtDecoder.decode(SIGNED_JWT))
+					.withMessage("An error occurred while attempting to decode the Jwt: Malformed Jwk set");
 			server.shutdown();
 		}
 	}
@@ -149,8 +145,8 @@ public class NimbusJwtDecoderJwkSupportTests {
 			server.enqueue(new MockResponse().setBody(MALFORMED_JWK_SET));
 			String jwkSetUrl = server.url("/.well-known/jwks.json").toString();
 			NimbusJwtDecoderJwkSupport jwtDecoder = new NimbusJwtDecoderJwkSupport(jwkSetUrl);
-			assertThatCode(() -> jwtDecoder.decode(SIGNED_JWT)).isInstanceOf(JwtException.class)
-					.hasMessageContaining("An error occurred while attempting to decode the Jwt");
+			assertThatExceptionOfType(JwtException.class).isThrownBy(() -> jwtDecoder.decode(SIGNED_JWT))
+					.withMessageContaining("An error occurred while attempting to decode the Jwt");
 			server.shutdown();
 		}
 	}
@@ -164,7 +160,7 @@ public class NimbusJwtDecoderJwkSupportTests {
 			NimbusJwtDecoderJwkSupport jwtDecoder = new NimbusJwtDecoderJwkSupport(jwkSetUrl);
 			RestTemplate restTemplate = spy(new RestTemplate());
 			jwtDecoder.setRestOperations(restTemplate);
-			assertThatCode(() -> jwtDecoder.decode(SIGNED_JWT)).doesNotThrowAnyException();
+			jwtDecoder.decode(SIGNED_JWT);
 			verify(restTemplate).exchange(any(RequestEntity.class), eq(String.class));
 			server.shutdown();
 		}
@@ -180,8 +176,8 @@ public class NimbusJwtDecoderJwkSupportTests {
 			OAuth2TokenValidator<Jwt> jwtValidator = mock(OAuth2TokenValidator.class);
 			given(jwtValidator.validate(any(Jwt.class))).willReturn(OAuth2TokenValidatorResult.failure(failure));
 			decoder.setJwtValidator(jwtValidator);
-			assertThatCode(() -> decoder.decode(SIGNED_JWT)).isInstanceOf(JwtValidationException.class)
-					.hasMessageContaining("mock-description");
+			assertThatExceptionOfType(JwtValidationException.class).isThrownBy(() -> decoder.decode(SIGNED_JWT))
+					.withMessageContaining("mock-description");
 		}
 	}
 
@@ -197,9 +193,9 @@ public class NimbusJwtDecoderJwkSupportTests {
 			OAuth2TokenValidator<Jwt> jwtValidator = mock(OAuth2TokenValidator.class);
 			given(jwtValidator.validate(any(Jwt.class))).willReturn(result);
 			decoder.setJwtValidator(jwtValidator);
-			assertThatCode(() -> decoder.decode(SIGNED_JWT)).isInstanceOf(JwtValidationException.class)
-					.hasMessageContaining("mock-description")
-					.hasFieldOrPropertyWithValue("errors", Arrays.asList(firstFailure, secondFailure));
+			assertThatExceptionOfType(JwtValidationException.class).isThrownBy(() -> decoder.decode(SIGNED_JWT))
+					.withMessageContaining("mock-description").satisfies((ex) -> assertThat(ex)
+							.hasFieldOrPropertyWithValue("errors", Arrays.asList(firstFailure, secondFailure)));
 		}
 	}
 
@@ -220,7 +216,7 @@ public class NimbusJwtDecoderJwkSupportTests {
 
 	@Test
 	public void setClaimSetConverterWhenIsNullThenThrowsIllegalArgumentException() {
-		assertThatCode(() -> this.jwtDecoder.setClaimSetConverter(null)).isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.jwtDecoder.setClaimSetConverter(null));
 	}
 
 	private static RestOperations mockJwkSetResponse(String response) {
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderTests.java
index fcdd0e2c84..2c2154e997 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderTests.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderTests.java
@@ -76,8 +76,8 @@ import org.springframework.web.client.RestClientException;
 import org.springframework.web.client.RestOperations;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatCode;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.BDDMockito.given;
@@ -128,47 +128,46 @@ public class NimbusJwtDecoderTests {
 
 	@Test
 	public void constructorWhenJwtProcessorIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> new NimbusJwtDecoder(null)).isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> new NimbusJwtDecoder(null));
 	}
 
 	@Test
 	public void setClaimSetConverterWhenIsNullThenThrowsIllegalArgumentException() {
-		assertThatCode(() -> this.jwtDecoder.setClaimSetConverter(null)).isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.jwtDecoder.setClaimSetConverter(null));
 	}
 
 	@Test
 	public void setJwtValidatorWhenNullThenThrowIllegalArgumentException() {
-		Assertions.assertThatThrownBy(() -> this.jwtDecoder.setJwtValidator(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.jwtDecoder.setJwtValidator(null));
 	}
 
 	@Test
 	public void decodeWhenJwtInvalidThenThrowJwtException() {
-		assertThatThrownBy(() -> this.jwtDecoder.decode("invalid")).isInstanceOf(BadJwtException.class);
+		assertThatExceptionOfType(JwtException.class).isThrownBy(() -> this.jwtDecoder.decode("invalid"));
 	}
 
 	// gh-5168
 	@Test
 	public void decodeWhenExpClaimNullThenDoesNotThrowException() {
-		assertThatCode(() -> this.jwtDecoder.decode(EMPTY_EXP_CLAIM_JWT)).doesNotThrowAnyException();
+		this.jwtDecoder.decode(EMPTY_EXP_CLAIM_JWT);
 	}
 
 	@Test
 	public void decodeWhenIatClaimNullThenDoesNotThrowException() {
-		assertThatCode(() -> this.jwtDecoder.decode(SIGNED_JWT)).doesNotThrowAnyException();
+		this.jwtDecoder.decode(SIGNED_JWT);
 	}
 
 	// gh-5457
 	@Test
 	public void decodeWhenPlainJwtThenExceptionDoesNotMentionClass() {
-		assertThatCode(() -> this.jwtDecoder.decode(UNSIGNED_JWT)).isInstanceOf(BadJwtException.class)
-				.hasMessageContaining("Unsupported algorithm of none");
+		assertThatExceptionOfType(BadJwtException.class).isThrownBy(() -> this.jwtDecoder.decode(UNSIGNED_JWT))
+				.withMessageContaining("Unsupported algorithm of none");
 	}
 
 	@Test
 	public void decodeWhenJwtIsMalformedThenReturnsStockException() {
-		assertThatCode(() -> this.jwtDecoder.decode(MALFORMED_JWT)).isInstanceOf(BadJwtException.class)
-				.hasMessage("An error occurred while attempting to decode the Jwt: Malformed payload");
+		assertThatExceptionOfType(BadJwtException.class).isThrownBy(() -> this.jwtDecoder.decode(MALFORMED_JWT))
+				.withMessage("An error occurred while attempting to decode the Jwt: Malformed payload");
 	}
 
 	@Test
@@ -177,8 +176,8 @@ public class NimbusJwtDecoderTests {
 		OAuth2TokenValidator<Jwt> jwtValidator = mock(OAuth2TokenValidator.class);
 		given(jwtValidator.validate(any(Jwt.class))).willReturn(OAuth2TokenValidatorResult.failure(failure));
 		this.jwtDecoder.setJwtValidator(jwtValidator);
-		assertThatCode(() -> this.jwtDecoder.decode(SIGNED_JWT)).isInstanceOf(JwtValidationException.class)
-				.hasMessageContaining("mock-description");
+		assertThatExceptionOfType(JwtValidationException.class).isThrownBy(() -> this.jwtDecoder.decode(SIGNED_JWT))
+				.withMessageContaining("mock-description");
 	}
 
 	@Test
@@ -189,9 +188,9 @@ public class NimbusJwtDecoderTests {
 		OAuth2TokenValidator<Jwt> jwtValidator = mock(OAuth2TokenValidator.class);
 		given(jwtValidator.validate(any(Jwt.class))).willReturn(result);
 		this.jwtDecoder.setJwtValidator(jwtValidator);
-		assertThatCode(() -> this.jwtDecoder.decode(SIGNED_JWT)).isInstanceOf(JwtValidationException.class)
-				.hasMessageContaining("mock-description")
-				.hasFieldOrPropertyWithValue("errors", Arrays.asList(firstFailure, secondFailure));
+		assertThatExceptionOfType(JwtValidationException.class).isThrownBy(() -> this.jwtDecoder.decode(SIGNED_JWT))
+				.withMessageContaining("mock-description").satisfies((ex) -> assertThat(ex)
+						.hasFieldOrPropertyWithValue("errors", Arrays.asList(firstFailure, secondFailure)));
 	}
 
 	@Test
@@ -203,8 +202,8 @@ public class NimbusJwtDecoderTests {
 		OAuth2Error error2 = new OAuth2Error("mock-error-second", "mock-description-second", "mock-uri-second");
 		OAuth2TokenValidatorResult result = OAuth2TokenValidatorResult.failure(errorEmpty, error, error2);
 		given(jwtValidator.validate(any(Jwt.class))).willReturn(result);
-		Assertions.assertThatCode(() -> this.jwtDecoder.decode(SIGNED_JWT)).isInstanceOf(JwtValidationException.class)
-				.hasMessageContaining("mock-description");
+		Assertions.assertThatExceptionOfType(JwtValidationException.class)
+				.isThrownBy(() -> this.jwtDecoder.decode(SIGNED_JWT)).withMessageContaining("mock-description");
 	}
 
 	@Test
@@ -223,7 +222,7 @@ public class NimbusJwtDecoderTests {
 		Converter<Map<String, Object>, Map<String, Object>> claimSetConverter = mock(Converter.class);
 		this.jwtDecoder.setClaimSetConverter(claimSetConverter);
 		given(claimSetConverter.convert(any(Map.class))).willThrow(new IllegalArgumentException("bad conversion"));
-		assertThatCode(() -> this.jwtDecoder.decode(SIGNED_JWT)).isInstanceOf(BadJwtException.class);
+		assertThatExceptionOfType(BadJwtException.class).isThrownBy(() -> this.jwtDecoder.decode(SIGNED_JWT));
 	}
 
 	@Test
@@ -236,9 +235,9 @@ public class NimbusJwtDecoderTests {
 	@Test
 	public void decodeWhenJwkResponseIsMalformedThenReturnsStockException() {
 		NimbusJwtDecoder jwtDecoder = new NimbusJwtDecoder(withSigning(MALFORMED_JWK_SET));
-		assertThatCode(() -> jwtDecoder.decode(SIGNED_JWT)).isInstanceOf(JwtException.class)
+		assertThatExceptionOfType(JwtException.class).isThrownBy(() -> jwtDecoder.decode(SIGNED_JWT))
 				.isNotInstanceOf(BadJwtException.class)
-				.hasMessage("An error occurred while attempting to decode the Jwt: Malformed Jwk set");
+				.withMessage("An error occurred while attempting to decode the Jwt: Malformed Jwk set");
 	}
 
 	@Test
@@ -247,9 +246,9 @@ public class NimbusJwtDecoderTests {
 			String jwkSetUri = server.url("/.well-known/jwks.json").toString();
 			NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder.withJwkSetUri(jwkSetUri).build();
 			server.shutdown();
-			assertThatCode(() -> jwtDecoder.decode(SIGNED_JWT)).isInstanceOf(JwtException.class)
+			assertThatExceptionOfType(JwtException.class).isThrownBy(() -> jwtDecoder.decode(SIGNED_JWT))
 					.isNotInstanceOf(BadJwtException.class)
-					.hasMessageContaining("An error occurred while attempting to decode the Jwt");
+					.withMessageContaining("An error occurred while attempting to decode the Jwt");
 		}
 	}
 
@@ -260,39 +259,38 @@ public class NimbusJwtDecoderTests {
 			String jwkSetUri = server.url("/.well-known/jwks.json").toString();
 			NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder.withJwkSetUri(jwkSetUri).cache(cache).build();
 			server.shutdown();
-			assertThatCode(() -> jwtDecoder.decode(SIGNED_JWT)).isInstanceOf(JwtException.class)
+			assertThatExceptionOfType(JwtException.class).isThrownBy(() -> jwtDecoder.decode(SIGNED_JWT))
 					.isNotInstanceOf(BadJwtException.class)
-					.hasMessageContaining("An error occurred while attempting to decode the Jwt");
+					.withMessageContaining("An error occurred while attempting to decode the Jwt");
 		}
 	}
 
 	@Test
 	public void withJwkSetUriWhenNullOrEmptyThenThrowsException() {
-		Assertions.assertThatCode(() -> NimbusJwtDecoder.withJwkSetUri(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> NimbusJwtDecoder.withJwkSetUri(null));
 	}
 
 	@Test
 	public void jwsAlgorithmWhenNullThenThrowsException() {
 		NimbusJwtDecoder.JwkSetUriJwtDecoderBuilder builder = NimbusJwtDecoder.withJwkSetUri(JWK_SET_URI);
-		Assertions.assertThatCode(() -> builder.jwsAlgorithm(null)).isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> builder.jwsAlgorithm(null));
 	}
 
 	@Test
 	public void restOperationsWhenNullThenThrowsException() {
 		NimbusJwtDecoder.JwkSetUriJwtDecoderBuilder builder = NimbusJwtDecoder.withJwkSetUri(JWK_SET_URI);
-		Assertions.assertThatCode(() -> builder.restOperations(null)).isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> builder.restOperations(null));
 	}
 
 	@Test
 	public void cacheWhenNullThenThrowsException() {
 		NimbusJwtDecoder.JwkSetUriJwtDecoderBuilder builder = NimbusJwtDecoder.withJwkSetUri(JWK_SET_URI);
-		Assertions.assertThatCode(() -> builder.cache(null)).isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> builder.cache(null));
 	}
 
 	@Test
 	public void withPublicKeyWhenNullThenThrowsException() {
-		assertThatThrownBy(() -> NimbusJwtDecoder.withPublicKey(null)).isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> NimbusJwtDecoder.withPublicKey(null));
 	}
 
 	@Test
@@ -333,7 +331,7 @@ public class NimbusJwtDecoderTests {
 	public void decodeWhenSignatureMismatchesAlgorithmThenThrowsException() throws Exception {
 		NimbusJwtDecoder decoder = NimbusJwtDecoder.withPublicKey(key()).signatureAlgorithm(SignatureAlgorithm.RS512)
 				.build();
-		Assertions.assertThatCode(() -> decoder.decode(RS256_SIGNED_JWT)).isInstanceOf(BadJwtException.class);
+		assertThatExceptionOfType(BadJwtException.class).isThrownBy(() -> decoder.decode(RS256_SIGNED_JWT));
 	}
 
 	// gh-8730
@@ -355,21 +353,23 @@ public class NimbusJwtDecoderTests {
 
 	@Test
 	public void withPublicKeyWhenJwtProcessorCustomizerNullThenThrowsIllegalArgumentException() {
-		assertThatThrownBy(() -> NimbusJwtDecoder.withPublicKey(key()).jwtProcessorCustomizer(null))
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("jwtProcessorCustomizer cannot be null");
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> NimbusJwtDecoder.withPublicKey(key()).jwtProcessorCustomizer(null))
+				.withMessage("jwtProcessorCustomizer cannot be null");
 	}
 
 	@Test
 	public void withSecretKeyWhenNullThenThrowsIllegalArgumentException() {
-		assertThatThrownBy(() -> NimbusJwtDecoder.withSecretKey(null)).isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("secretKey cannot be null");
+		assertThatIllegalArgumentException().isThrownBy(() -> NimbusJwtDecoder.withSecretKey(null))
+				.withMessage("secretKey cannot be null");
 	}
 
 	@Test
 	public void withSecretKeyWhenMacAlgorithmNullThenThrowsIllegalArgumentException() {
 		SecretKey secretKey = TestKeys.DEFAULT_SECRET_KEY;
-		assertThatThrownBy(() -> NimbusJwtDecoder.withSecretKey(secretKey).macAlgorithm(null))
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("macAlgorithm cannot be null");
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> NimbusJwtDecoder.withSecretKey(secretKey).macAlgorithm(null))
+				.withMessage("macAlgorithm cannot be null");
 	}
 
 	@Test
@@ -391,8 +391,8 @@ public class NimbusJwtDecoderTests {
 				.expirationTime(Date.from(Instant.now().plusSeconds(60))).build();
 		SignedJWT signedJWT = signedJwt(secretKey, macAlgorithm, claimsSet);
 		NimbusJwtDecoder decoder = NimbusJwtDecoder.withSecretKey(secretKey).macAlgorithm(MacAlgorithm.HS512).build();
-		assertThatThrownBy(() -> decoder.decode(signedJWT.serialize())).isInstanceOf(BadJwtException.class)
-				.hasMessageContaining("Unsupported algorithm of HS256");
+		assertThatExceptionOfType(BadJwtException.class).isThrownBy(() -> decoder.decode(signedJWT.serialize()))
+				.withMessageContaining("Unsupported algorithm of HS256");
 	}
 
 	// gh-7056
@@ -425,8 +425,9 @@ public class NimbusJwtDecoderTests {
 	@Test
 	public void withSecretKeyWhenJwtProcessorCustomizerNullThenThrowsIllegalArgumentException() {
 		SecretKey secretKey = TestKeys.DEFAULT_SECRET_KEY;
-		assertThatThrownBy(() -> NimbusJwtDecoder.withSecretKey(secretKey).jwtProcessorCustomizer(null))
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("jwtProcessorCustomizer cannot be null");
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> NimbusJwtDecoder.withSecretKey(secretKey).jwtProcessorCustomizer(null))
+				.withMessage("jwtProcessorCustomizer cannot be null");
 	}
 
 	@Test
@@ -515,9 +516,9 @@ public class NimbusJwtDecoderTests {
 				.willThrow(new RestClientException("Cannot retrieve JWK Set"));
 		NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder.withJwkSetUri(JWK_SET_URI).restOperations(restOperations)
 				.cache(cache).build();
-		assertThatCode(() -> jwtDecoder.decode(SIGNED_JWT)).isInstanceOf(JwtException.class)
+		assertThatExceptionOfType(JwtException.class).isThrownBy(() -> jwtDecoder.decode(SIGNED_JWT))
 				.isNotInstanceOf(BadJwtException.class)
-				.hasMessageContaining("An error occurred while attempting to decode the Jwt");
+				.withMessageContaining("An error occurred while attempting to decode the Jwt");
 	}
 
 	// gh-8730
@@ -530,14 +531,16 @@ public class NimbusJwtDecoderTests {
 				.jwtProcessorCustomizer(
 						(p) -> p.setJWSTypeVerifier(new DefaultJOSEObjectTypeVerifier<>(new JOSEObjectType("JWS"))))
 				.build();
-		assertThatCode(() -> jwtDecoder.decode(SIGNED_JWT)).isInstanceOf(BadJwtException.class).hasMessageContaining(
-				"An error occurred while attempting to decode the Jwt: Required JOSE header \"typ\" (type) parameter is missing");
+		assertThatExceptionOfType(BadJwtException.class).isThrownBy(() -> jwtDecoder.decode(SIGNED_JWT))
+				.withMessageContaining("An error occurred while attempting to decode the Jwt: "
+						+ "Required JOSE header \"typ\" (type) parameter is missing");
 	}
 
 	@Test
 	public void withJwkSetUriWhenJwtProcessorCustomizerNullThenThrowsIllegalArgumentException() {
-		assertThatThrownBy(() -> NimbusJwtDecoder.withJwkSetUri(JWK_SET_URI).jwtProcessorCustomizer(null))
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("jwtProcessorCustomizer cannot be null");
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> NimbusJwtDecoder.withJwkSetUri(JWK_SET_URI).jwtProcessorCustomizer(null))
+				.withMessage("jwtProcessorCustomizer cannot be null");
 	}
 
 	private RSAPublicKey key() throws InvalidKeySpecException {
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoderTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoderTests.java
index 164877f904..a33eb0af3e 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoderTests.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoderTests.java
@@ -64,8 +64,9 @@ import org.springframework.security.oauth2.jose.jws.SignatureAlgorithm;
 import org.springframework.web.reactive.function.client.WebClient;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatCode;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
+import static org.assertj.core.api.Assertions.assertThatIllegalStateException;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
@@ -125,8 +126,8 @@ public class NimbusReactiveJwtDecoderTests {
 	@Test
 	public void decodeWhenInvalidUrl() {
 		this.decoder = new NimbusReactiveJwtDecoder("https://s");
-		assertThatCode(() -> this.decoder.decode(this.messageReadToken).block())
-				.isInstanceOf(IllegalStateException.class).hasCauseInstanceOf(UnknownHostException.class);
+		assertThatIllegalStateException().isThrownBy(() -> this.decoder.decode(this.messageReadToken).block())
+				.withCauseInstanceOf(UnknownHostException.class);
 	}
 
 	@Test
@@ -143,7 +144,7 @@ public class NimbusReactiveJwtDecoderTests {
 				.generatePublic(new X509EncodedKeySpec(bytes));
 		this.decoder = new NimbusReactiveJwtDecoder(publicKey);
 		String noKeyId = "eyJhbGciOiJSUzI1NiJ9.eyJzY29wZSI6IiIsImV4cCI6OTIyMzM3MjAwNjA5NjM3NX0.hNVuHSUkxdLZrDfqdmKcOi0ggmNaDuB4ZPxPtJl1gwBiXzIGN6Hwl24O2BfBZiHFKUTQDs4_RvzD71mEG3DvUrcKmdYWqIB1l8KNmxQLUDG-cAPIpJmRJgCh50tf8OhOE_Cb9E1HcsOUb47kT9iz-VayNBcmo6BmyZLdEGhsdGBrc3Mkz2dd_0PF38I2Hf_cuSjn9gBjFGtiPEXJvob3PEjVTSx_zvodT8D9p3An1R3YBZf5JSd1cQisrXgDX2k1Jmf7UKKWzgfyCgnEtRWWbsUdPqo3rSEY9GDC1iSQXsFTTC1FT_JJDkwzGf011fsU5O_Ko28TARibmKTCxAKNRQ";
-		assertThatCode(() -> this.decoder.decode(noKeyId).block()).doesNotThrowAnyException();
+		this.decoder.decode(noKeyId).block();
 	}
 
 	@Test
@@ -155,45 +156,46 @@ public class NimbusReactiveJwtDecoderTests {
 
 	@Test
 	public void decodeWhenExpiredThenFail() {
-		assertThatCode(() -> this.decoder.decode(this.expired).block()).isInstanceOf(JwtValidationException.class);
+		assertThatExceptionOfType(JwtValidationException.class)
+				.isThrownBy(() -> this.decoder.decode(this.expired).block());
 	}
 
 	@Test
 	public void decodeWhenNoPeriodThenFail() {
-		assertThatCode(() -> this.decoder.decode("").block()).isInstanceOf(BadJwtException.class);
+		assertThatExceptionOfType(BadJwtException.class).isThrownBy(() -> this.decoder.decode("").block());
 	}
 
 	@Test
 	public void decodeWhenInvalidJwkSetUrlThenFail() {
 		this.decoder = new NimbusReactiveJwtDecoder("http://localhost:1280/certs");
-		assertThatCode(() -> this.decoder.decode(this.messageReadToken).block())
-				.isInstanceOf(IllegalStateException.class);
+		assertThatIllegalStateException().isThrownBy(() -> this.decoder.decode(this.messageReadToken).block());
 	}
 
 	@Test
 	public void decodeWhenInvalidSignatureThenFail() {
-		assertThatCode(() -> this.decoder.decode(this.messageReadToken.substring(0, this.messageReadToken.length() - 2))
-				.block()).isInstanceOf(BadJwtException.class);
+		assertThatExceptionOfType(BadJwtException.class).isThrownBy(() -> this.decoder
+				.decode(this.messageReadToken.substring(0, this.messageReadToken.length() - 2)).block());
 	}
 
 	@Test
 	public void decodeWhenAlgNoneThenFail() {
-		assertThatCode(() -> this.decoder.decode(
+		assertThatExceptionOfType(BadJwtException.class).isThrownBy(() -> this.decoder.decode(
 				"ew0KICAiYWxnIjogIm5vbmUiLA0KICAidHlwIjogIkpXVCINCn0.ew0KICAic3ViIjogIjEyMzQ1Njc4OTAiLA0KICAibmFtZSI6ICJKb2huIERvZSIsDQogICJpYXQiOiAxNTE2MjM5MDIyDQp9.")
-				.block()).isInstanceOf(BadJwtException.class).hasMessage("Unsupported algorithm of none");
+				.block()).withMessage("Unsupported algorithm of none");
 	}
 
 	@Test
 	public void decodeWhenInvalidAlgMismatchThenFail() {
-		assertThatCode(() -> this.decoder.decode(
+		assertThatExceptionOfType(BadJwtException.class).isThrownBy(() -> this.decoder.decode(
 				"ew0KICAiYWxnIjogIkVTMjU2IiwNCiAgInR5cCI6ICJKV1QiDQp9.ew0KICAic3ViIjogIjEyMzQ1Njc4OTAiLA0KICAibmFtZSI6ICJKb2huIERvZSIsDQogICJpYXQiOiAxNTE2MjM5MDIyDQp9.")
-				.block()).isInstanceOf(BadJwtException.class);
+				.block());
 	}
 
 	@Test
 	public void decodeWhenUnsignedTokenThenMessageDoesNotMentionClass() {
-		assertThatCode(() -> this.decoder.decode(this.unsignedToken).block()).isInstanceOf(BadJwtException.class)
-				.hasMessage("Unsupported algorithm of none");
+		assertThatExceptionOfType(BadJwtException.class)
+				.isThrownBy(() -> this.decoder.decode(this.unsignedToken).block())
+				.withMessage("Unsupported algorithm of none");
 	}
 
 	@Test
@@ -203,8 +205,9 @@ public class NimbusReactiveJwtDecoderTests {
 		OAuth2Error error = new OAuth2Error("mock-error", "mock-description", "mock-uri");
 		OAuth2TokenValidatorResult result = OAuth2TokenValidatorResult.failure(error);
 		given(jwtValidator.validate(any(Jwt.class))).willReturn(result);
-		assertThatCode(() -> this.decoder.decode(this.messageReadToken).block())
-				.isInstanceOf(JwtValidationException.class).hasMessageContaining("mock-description");
+		assertThatExceptionOfType(JwtValidationException.class)
+				.isThrownBy(() -> this.decoder.decode(this.messageReadToken).block())
+				.withMessageContaining("mock-description");
 	}
 
 	@Test
@@ -216,8 +219,9 @@ public class NimbusReactiveJwtDecoderTests {
 		OAuth2Error error2 = new OAuth2Error("mock-error-second", "mock-description-second", "mock-uri-second");
 		OAuth2TokenValidatorResult result = OAuth2TokenValidatorResult.failure(errorEmpty, error, error2);
 		given(jwtValidator.validate(any(Jwt.class))).willReturn(result);
-		assertThatCode(() -> this.decoder.decode(this.messageReadToken).block())
-				.isInstanceOf(JwtValidationException.class).hasMessageContaining("mock-description");
+		assertThatExceptionOfType(JwtValidationException.class)
+				.isThrownBy(() -> this.decoder.decode(this.messageReadToken).block())
+				.withMessageContaining("mock-description");
 	}
 
 	@Test
@@ -237,44 +241,44 @@ public class NimbusReactiveJwtDecoderTests {
 		Converter<Map<String, Object>, Map<String, Object>> claimSetConverter = mock(Converter.class);
 		this.decoder.setClaimSetConverter(claimSetConverter);
 		given(claimSetConverter.convert(any(Map.class))).willThrow(new IllegalArgumentException("bad conversion"));
-		assertThatCode(() -> this.decoder.decode(this.messageReadToken).block()).isInstanceOf(BadJwtException.class);
+		assertThatExceptionOfType(BadJwtException.class)
+				.isThrownBy(() -> this.decoder.decode(this.messageReadToken).block());
 	}
 
 	@Test
 	public void setJwtValidatorWhenGivenNullThrowsIllegalArgumentException() {
-		assertThatCode(() -> this.decoder.setJwtValidator(null)).isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.decoder.setJwtValidator(null));
 	}
 
 	@Test
 	public void setClaimSetConverterWhenNullThrowsIllegalArgumentException() {
-		assertThatCode(() -> this.decoder.setClaimSetConverter(null)).isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.decoder.setClaimSetConverter(null));
 	}
 
 	@Test
 	public void withJwkSetUriWhenNullOrEmptyThenThrowsException() {
-		assertThatCode(() -> NimbusReactiveJwtDecoder.withJwkSetUri(null)).isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> NimbusReactiveJwtDecoder.withJwkSetUri(null));
 	}
 
 	@Test
 	public void jwsAlgorithmWhenNullThenThrowsException() {
 		NimbusReactiveJwtDecoder.JwkSetUriReactiveJwtDecoderBuilder builder = NimbusReactiveJwtDecoder
 				.withJwkSetUri(this.jwkSetUri);
-		assertThatCode(() -> builder.jwsAlgorithm(null)).isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> builder.jwsAlgorithm(null));
 	}
 
 	@Test
 	public void withJwkSetUriWhenJwtProcessorCustomizerNullThenThrowsIllegalArgumentException() {
-		assertThatCode(
+		assertThatIllegalArgumentException().isThrownBy(
 				() -> NimbusReactiveJwtDecoder.withJwkSetUri(this.jwkSetUri).jwtProcessorCustomizer(null).build())
-						.isInstanceOf(IllegalArgumentException.class)
-						.hasMessage("jwtProcessorCustomizer cannot be null");
+				.withMessage("jwtProcessorCustomizer cannot be null");
 	}
 
 	@Test
 	public void restOperationsWhenNullThenThrowsException() {
 		NimbusReactiveJwtDecoder.JwkSetUriReactiveJwtDecoderBuilder builder = NimbusReactiveJwtDecoder
 				.withJwkSetUri(this.jwkSetUri);
-		assertThatCode(() -> builder.webClient(null)).isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> builder.webClient(null));
 	}
 
 	// gh-5603
@@ -295,26 +299,26 @@ public class NimbusReactiveJwtDecoderTests {
 				.jwtProcessorCustomizer(
 						(p) -> p.setJWSTypeVerifier(new DefaultJOSEObjectTypeVerifier<>(new JOSEObjectType("JWS"))))
 				.build();
-		assertThatCode(() -> decoder.decode(this.messageReadToken).block()).isInstanceOf(BadJwtException.class)
-				.hasRootCauseMessage("Required JOSE header \"typ\" (type) parameter is missing");
+		assertThatExceptionOfType(BadJwtException.class).isThrownBy(() -> decoder.decode(this.messageReadToken).block())
+				.havingRootCause().withMessage("Required JOSE header \"typ\" (type) parameter is missing");
 	}
 
 	@Test
 	public void withPublicKeyWhenNullThenThrowsException() {
-		assertThatThrownBy(() -> NimbusReactiveJwtDecoder.withPublicKey(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> NimbusReactiveJwtDecoder.withPublicKey(null));
 	}
 
 	@Test
 	public void buildWhenSignatureAlgorithmMismatchesKeyTypeThenThrowsException() {
-		assertThatCode(() -> NimbusReactiveJwtDecoder.withPublicKey(key()).signatureAlgorithm(SignatureAlgorithm.ES256)
-				.build()).isInstanceOf(IllegalStateException.class);
+		assertThatIllegalStateException().isThrownBy(() -> NimbusReactiveJwtDecoder.withPublicKey(key())
+				.signatureAlgorithm(SignatureAlgorithm.ES256).build());
 	}
 
 	@Test
 	public void buildWhenJwtProcessorCustomizerNullThenThrowsIllegalArgumentException() {
-		assertThatCode(() -> NimbusReactiveJwtDecoder.withPublicKey(key()).jwtProcessorCustomizer(null).build())
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("jwtProcessorCustomizer cannot be null");
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> NimbusReactiveJwtDecoder.withPublicKey(key()).jwtProcessorCustomizer(null).build())
+				.withMessage("jwtProcessorCustomizer cannot be null");
 	}
 
 	@Test
@@ -334,7 +338,7 @@ public class NimbusReactiveJwtDecoderTests {
 	public void decodeWhenSignatureMismatchesAlgorithmThenThrowsException() throws Exception {
 		NimbusReactiveJwtDecoder decoder = NimbusReactiveJwtDecoder.withPublicKey(key())
 				.signatureAlgorithm(SignatureAlgorithm.RS512).build();
-		assertThatCode(() -> decoder.decode(this.rsa256).block()).isInstanceOf(BadJwtException.class);
+		assertThatExceptionOfType(BadJwtException.class).isThrownBy(() -> decoder.decode(this.rsa256).block());
 	}
 
 	// gh-8730
@@ -344,21 +348,20 @@ public class NimbusReactiveJwtDecoderTests {
 				.jwtProcessorCustomizer(
 						(p) -> p.setJWSTypeVerifier(new DefaultJOSEObjectTypeVerifier<>(new JOSEObjectType("JWS"))))
 				.build();
-		assertThatCode(() -> decoder.decode(this.rsa256).block())
-				.isInstanceOf(BadJwtException.class)
-				.hasRootCauseMessage("Required JOSE header \"typ\" (type) parameter is missing");
+		assertThatExceptionOfType(BadJwtException.class).isThrownBy(() -> decoder.decode(this.rsa256).block())
+				.havingRootCause().withMessage("Required JOSE header \"typ\" (type) parameter is missing");
 	}
 
 	@Test
 	public void withJwkSourceWhenNullThenThrowsException() {
-		assertThatCode(() -> NimbusReactiveJwtDecoder.withJwkSource(null)).isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> NimbusReactiveJwtDecoder.withJwkSource(null));
 	}
 
 	@Test
 	public void withJwkSourceWhenJwtProcessorCustomizerNullThenThrowsIllegalArgumentException() {
-		assertThatCode(() -> NimbusReactiveJwtDecoder.withJwkSource((jwt) -> Flux.empty()).jwtProcessorCustomizer(null)
-				.build()).isInstanceOf(IllegalArgumentException.class)
-						.hasMessage("jwtProcessorCustomizer cannot be null");
+		assertThatIllegalArgumentException().isThrownBy(() -> NimbusReactiveJwtDecoder
+				.withJwkSource((jwt) -> Flux.empty()).jwtProcessorCustomizer(null).build())
+				.withMessage("jwtProcessorCustomizer cannot be null");
 	}
 
 	@Test
@@ -375,28 +378,31 @@ public class NimbusReactiveJwtDecoderTests {
 				.jwtProcessorCustomizer(
 						(p) -> p.setJWSTypeVerifier(new DefaultJOSEObjectTypeVerifier<>(new JOSEObjectType("JWS"))))
 				.build();
-		assertThatCode(() -> decoder.decode(this.messageReadToken).block()).isInstanceOf(BadJwtException.class)
-				.hasRootCauseMessage("Required JOSE header \"typ\" (type) parameter is missing");
+		assertThatExceptionOfType(BadJwtException.class).isThrownBy(() -> decoder.decode(this.messageReadToken).block())
+				.havingRootCause().withMessage("Required JOSE header \"typ\" (type) parameter is missing");
 	}
 
 	@Test
 	public void withSecretKeyWhenSecretKeyNullThenThrowsIllegalArgumentException() {
-		assertThatThrownBy(() -> NimbusReactiveJwtDecoder.withSecretKey(null))
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("secretKey cannot be null");
+		assertThatIllegalArgumentException().isThrownBy(() -> NimbusReactiveJwtDecoder.withSecretKey(null))
+				.withMessage("secretKey cannot be null");
 	}
 
 	@Test
 	public void withSecretKeyWhenJwtProcessorCustomizerNullThenThrowsIllegalArgumentException() {
 		SecretKey secretKey = TestKeys.DEFAULT_SECRET_KEY;
-		assertThatThrownBy(() -> NimbusReactiveJwtDecoder.withSecretKey(secretKey).jwtProcessorCustomizer(null).build())
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("jwtProcessorCustomizer cannot be null");
+		assertThatIllegalArgumentException()
+				.isThrownBy(
+						() -> NimbusReactiveJwtDecoder.withSecretKey(secretKey).jwtProcessorCustomizer(null).build())
+				.withMessage("jwtProcessorCustomizer cannot be null");
 	}
 
 	@Test
 	public void withSecretKeyWhenMacAlgorithmNullThenThrowsIllegalArgumentException() {
 		SecretKey secretKey = TestKeys.DEFAULT_SECRET_KEY;
-		assertThatThrownBy(() -> NimbusReactiveJwtDecoder.withSecretKey(secretKey).macAlgorithm(null))
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("macAlgorithm cannot be null");
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> NimbusReactiveJwtDecoder.withSecretKey(secretKey).macAlgorithm(null))
+				.withMessage("macAlgorithm cannot be null");
 	}
 
 	@Test
@@ -419,8 +425,8 @@ public class NimbusReactiveJwtDecoderTests {
 				.jwtProcessorCustomizer(
 						(p) -> p.setJWSTypeVerifier(new DefaultJOSEObjectTypeVerifier<>(new JOSEObjectType("JWS"))))
 				.build();
-		assertThatCode(() -> decoder.decode(this.messageReadToken).block()).isInstanceOf(BadJwtException.class)
-				.hasRootCauseMessage("Required JOSE header \"typ\" (type) parameter is missing");
+		assertThatExceptionOfType(BadJwtException.class).isThrownBy(() -> decoder.decode(this.messageReadToken).block())
+				.havingRootCause().withMessage("Required JOSE header \"typ\" (type) parameter is missing");
 	}
 
 	@Test
@@ -431,8 +437,8 @@ public class NimbusReactiveJwtDecoderTests {
 				.expirationTime(Date.from(Instant.now().plusSeconds(60))).build();
 		SignedJWT signedJWT = signedJwt(secretKey, macAlgorithm, claimsSet);
 		this.decoder = NimbusReactiveJwtDecoder.withSecretKey(secretKey).macAlgorithm(MacAlgorithm.HS512).build();
-		assertThatThrownBy(() -> this.decoder.decode(signedJWT.serialize()).block())
-				.isInstanceOf(BadJwtException.class);
+		assertThatExceptionOfType(BadJwtException.class)
+				.isThrownBy(() -> this.decoder.decode(signedJWT.serialize()).block());
 	}
 
 	@Test
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/ReactiveJwtDecodersTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/ReactiveJwtDecodersTests.java
index bd106ef99a..57a7c37c63 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/ReactiveJwtDecodersTests.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/ReactiveJwtDecodersTests.java
@@ -38,7 +38,9 @@ import org.springframework.http.HttpHeaders;
 import org.springframework.http.MediaType;
 import org.springframework.web.util.UriComponentsBuilder;
 
-import static org.assertj.core.api.Assertions.assertThatCode;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
+import static org.assertj.core.api.Assertions.assertThatIllegalStateException;
 
 /**
  * Tests for {@link ReactiveJwtDecoders}
@@ -91,43 +93,48 @@ public class ReactiveJwtDecodersTests {
 	public void issuerWhenResponseIsTypicalThenReturnedDecoderValidatesIssuer() {
 		prepareConfigurationResponse();
 		ReactiveJwtDecoder decoder = ReactiveJwtDecoders.fromOidcIssuerLocation(this.issuer);
-		assertThatCode(() -> decoder.decode(ISSUER_MISMATCH).block()).isInstanceOf(JwtValidationException.class)
-				.hasMessageContaining("The iss claim is not valid");
+		assertThatExceptionOfType(JwtValidationException.class)
+				.isThrownBy(() -> decoder.decode(ISSUER_MISMATCH).block())
+				.withMessageContaining("The iss claim is not valid");
 	}
 
 	@Test
 	public void issuerWhenOidcFallbackResponseIsTypicalThenReturnedDecoderValidatesIssuer() {
 		prepareConfigurationResponseOidc();
 		ReactiveJwtDecoder decoder = ReactiveJwtDecoders.fromIssuerLocation(this.issuer);
-		assertThatCode(() -> decoder.decode(ISSUER_MISMATCH).block()).isInstanceOf(JwtValidationException.class)
-				.hasMessageContaining("The iss claim is not valid");
+		assertThatExceptionOfType(JwtValidationException.class)
+				.isThrownBy(() -> decoder.decode(ISSUER_MISMATCH).block())
+				.withMessageContaining("The iss claim is not valid");
 	}
 
 	@Test
 	public void issuerWhenOAuth2ResponseIsTypicalThenReturnedDecoderValidatesIssuer() {
 		prepareConfigurationResponseOAuth2();
 		ReactiveJwtDecoder decoder = ReactiveJwtDecoders.fromIssuerLocation(this.issuer);
-		assertThatCode(() -> decoder.decode(ISSUER_MISMATCH).block()).isInstanceOf(JwtValidationException.class)
-				.hasMessageContaining("The iss claim is not valid");
+		assertThatExceptionOfType(JwtValidationException.class)
+				.isThrownBy(() -> decoder.decode(ISSUER_MISMATCH).block())
+				.withMessageContaining("The iss claim is not valid");
 	}
 
 	@Test
 	public void issuerWhenResponseIsNonCompliantThenThrowsRuntimeException() {
 		prepareConfigurationResponse("{ \"missing_required_keys\" : \"and_values\" }");
-		assertThatCode(() -> ReactiveJwtDecoders.fromOidcIssuerLocation(this.issuer))
-				.isInstanceOf(RuntimeException.class);
+		assertThatExceptionOfType(RuntimeException.class)
+				.isThrownBy(() -> ReactiveJwtDecoders.fromOidcIssuerLocation(this.issuer));
 	}
 
 	@Test
 	public void issuerWhenOidcFallbackResponseIsNonCompliantThenThrowsRuntimeException() {
 		prepareConfigurationResponseOidc("{ \"missing_required_keys\" : \"and_values\" }");
-		assertThatCode(() -> ReactiveJwtDecoders.fromIssuerLocation(this.issuer)).isInstanceOf(RuntimeException.class);
+		assertThatExceptionOfType(RuntimeException.class)
+				.isThrownBy(() -> ReactiveJwtDecoders.fromIssuerLocation(this.issuer));
 	}
 
 	@Test
 	public void issuerWhenOAuth2ResponseIsNonCompliantThenThrowsRuntimeException() {
 		prepareConfigurationResponseOAuth2("{ \"missing_required_keys\" : \"and_values\" }");
-		assertThatCode(() -> ReactiveJwtDecoders.fromIssuerLocation(this.issuer)).isInstanceOf(RuntimeException.class);
+		assertThatExceptionOfType(RuntimeException.class)
+				.isThrownBy(() -> ReactiveJwtDecoders.fromIssuerLocation(this.issuer));
 	}
 
 	// gh-7512
@@ -135,8 +142,8 @@ public class ReactiveJwtDecodersTests {
 	public void issuerWhenResponseDoesNotContainJwksUriThenThrowsIllegalArgumentException()
 			throws JsonMappingException, JsonProcessingException {
 		prepareConfigurationResponse(this.buildResponseWithMissingJwksUri());
-		assertThatCode(() -> ReactiveJwtDecoders.fromOidcIssuerLocation(this.issuer))
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("The public JWK set URI must not be null");
+		assertThatIllegalArgumentException().isThrownBy(() -> ReactiveJwtDecoders.fromOidcIssuerLocation(this.issuer))
+				.withMessage("The public JWK set URI must not be null");
 	}
 
 	// gh-7512
@@ -144,8 +151,8 @@ public class ReactiveJwtDecodersTests {
 	public void issuerWhenOidcFallbackResponseDoesNotContainJwksUriThenThrowsIllegalArgumentException()
 			throws JsonMappingException, JsonProcessingException {
 		prepareConfigurationResponseOidc(this.buildResponseWithMissingJwksUri());
-		assertThatCode(() -> ReactiveJwtDecoders.fromIssuerLocation(this.issuer))
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("The public JWK set URI must not be null");
+		assertThatIllegalArgumentException().isThrownBy(() -> ReactiveJwtDecoders.fromIssuerLocation(this.issuer))
+				.withMessage("The public JWK set URI must not be null");
 	}
 
 	// gh-7512
@@ -153,64 +160,62 @@ public class ReactiveJwtDecodersTests {
 	public void issuerWhenOAuth2ResponseDoesNotContainJwksUriThenThrowsIllegalArgumentException()
 			throws JsonMappingException, JsonProcessingException {
 		prepareConfigurationResponseOAuth2(this.buildResponseWithMissingJwksUri());
-		assertThatCode(() -> ReactiveJwtDecoders.fromIssuerLocation(this.issuer))
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("The public JWK set URI must not be null");
+		assertThatIllegalArgumentException().isThrownBy(() -> ReactiveJwtDecoders.fromIssuerLocation(this.issuer))
+				.withMessage("The public JWK set URI must not be null");
 	}
 
 	@Test
 	public void issuerWhenResponseIsMalformedThenThrowsRuntimeException() {
 		prepareConfigurationResponse("malformed");
-		assertThatCode(() -> ReactiveJwtDecoders.fromOidcIssuerLocation(this.issuer))
-				.isInstanceOf(RuntimeException.class);
+		assertThatExceptionOfType(RuntimeException.class)
+				.isThrownBy(() -> ReactiveJwtDecoders.fromOidcIssuerLocation(this.issuer));
 	}
 
 	@Test
 	public void issuerWhenOidcFallbackResponseIsMalformedThenThrowsRuntimeException() {
 		prepareConfigurationResponseOidc("malformed");
-		assertThatCode(() -> ReactiveJwtDecoders.fromIssuerLocation(this.issuer)).isInstanceOf(RuntimeException.class);
+		assertThatExceptionOfType(RuntimeException.class)
+				.isThrownBy(() -> ReactiveJwtDecoders.fromIssuerLocation(this.issuer));
 	}
 
 	@Test
 	public void issuerWhenOAuth2ResponseIsMalformedThenThrowsRuntimeException() {
 		prepareConfigurationResponseOAuth2("malformed");
-		assertThatCode(() -> ReactiveJwtDecoders.fromIssuerLocation(this.issuer)).isInstanceOf(RuntimeException.class);
+		assertThatExceptionOfType(RuntimeException.class)
+				.isThrownBy(() -> ReactiveJwtDecoders.fromIssuerLocation(this.issuer));
 	}
 
 	@Test
 	public void issuerWhenRespondingIssuerMismatchesRequestedIssuerThenThrowsIllegalStateException() {
 		prepareConfigurationResponse(String.format(DEFAULT_RESPONSE_TEMPLATE, this.issuer + "/wrong", this.issuer));
-		assertThatCode(() -> ReactiveJwtDecoders.fromOidcIssuerLocation(this.issuer))
-				.isInstanceOf(IllegalStateException.class);
+		assertThatIllegalStateException().isThrownBy(() -> ReactiveJwtDecoders.fromOidcIssuerLocation(this.issuer));
 	}
 
 	@Test
 	public void issuerWhenOidcFallbackRespondingIssuerMismatchesRequestedIssuerThenThrowsIllegalStateException() {
 		prepareConfigurationResponseOidc(String.format(DEFAULT_RESPONSE_TEMPLATE, this.issuer + "/wrong", this.issuer));
-		assertThatCode(() -> ReactiveJwtDecoders.fromIssuerLocation(this.issuer))
-				.isInstanceOf(IllegalStateException.class);
+		assertThatIllegalStateException().isThrownBy(() -> ReactiveJwtDecoders.fromIssuerLocation(this.issuer));
 	}
 
 	@Test
 	public void issuerWhenOAuth2RespondingIssuerMismatchesRequestedIssuerThenThrowsIllegalStateException() {
 		prepareConfigurationResponseOAuth2(
 				String.format(DEFAULT_RESPONSE_TEMPLATE, this.issuer + "/wrong", this.issuer));
-		assertThatCode(() -> ReactiveJwtDecoders.fromIssuerLocation(this.issuer))
-				.isInstanceOf(IllegalStateException.class);
+		assertThatIllegalStateException().isThrownBy(() -> ReactiveJwtDecoders.fromIssuerLocation(this.issuer));
 	}
 
 	@Test
 	public void issuerWhenRequestedIssuerIsUnresponsiveThenThrowsIllegalArgumentException() throws Exception {
 		this.server.shutdown();
-		assertThatCode(() -> ReactiveJwtDecoders.fromOidcIssuerLocation("https://issuer"))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> ReactiveJwtDecoders.fromOidcIssuerLocation("https://issuer"));
 	}
 
 	@Test
 	public void issuerWhenOidcFallbackRequestedIssuerIsUnresponsiveThenThrowsIllegalArgumentException()
 			throws Exception {
 		this.server.shutdown();
-		assertThatCode(() -> ReactiveJwtDecoders.fromIssuerLocation("https://issuer"))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> ReactiveJwtDecoders.fromIssuerLocation("https://issuer"));
 	}
 
 	private void prepareConfigurationResponse() {
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/BearerTokenAuthenticationTokenTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/BearerTokenAuthenticationTokenTests.java
index e8c520ed09..edc5a8077c 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/BearerTokenAuthenticationTokenTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/BearerTokenAuthenticationTokenTests.java
@@ -19,7 +19,7 @@ package org.springframework.security.oauth2.server.resource;
 import org.junit.Test;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatCode;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * Tests for {@link BearerTokenAuthenticationToken}
@@ -30,14 +30,14 @@ public class BearerTokenAuthenticationTokenTests {
 
 	@Test
 	public void constructorWhenTokenIsNullThenThrowsException() {
-		assertThatCode(() -> new BearerTokenAuthenticationToken(null)).isInstanceOf(IllegalArgumentException.class)
-				.hasMessageContaining("token cannot be empty");
+		assertThatIllegalArgumentException().isThrownBy(() -> new BearerTokenAuthenticationToken(null))
+				.withMessageContaining("token cannot be empty");
 	}
 
 	@Test
 	public void constructorWhenTokenIsEmptyThenThrowsException() {
-		assertThatCode(() -> new BearerTokenAuthenticationToken("")).isInstanceOf(IllegalArgumentException.class)
-				.hasMessageContaining("token cannot be empty");
+		assertThatIllegalArgumentException().isThrownBy(() -> new BearerTokenAuthenticationToken(""))
+				.withMessageContaining("token cannot be empty");
 	}
 
 	@Test
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/BearerTokenErrorTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/BearerTokenErrorTests.java
index b095788d94..2eb36f38bf 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/BearerTokenErrorTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/BearerTokenErrorTests.java
@@ -21,7 +21,7 @@ import org.junit.Test;
 import org.springframework.http.HttpStatus;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatCode;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * Tests for {@link BearerTokenError}
@@ -53,20 +53,20 @@ public class BearerTokenErrorTests {
 
 	@Test
 	public void constructorWithErrorCodeAndHttpStatusWhenErrorCodeIsNullThenThrowIllegalArgumentException() {
-		assertThatCode(() -> new BearerTokenError(null, TEST_HTTP_STATUS, null, null))
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("errorCode cannot be empty");
+		assertThatIllegalArgumentException().isThrownBy(() -> new BearerTokenError(null, TEST_HTTP_STATUS, null, null))
+				.withMessage("errorCode cannot be empty");
 	}
 
 	@Test
 	public void constructorWithErrorCodeAndHttpStatusWhenErrorCodeIsEmptyThenThrowIllegalArgumentException() {
-		assertThatCode(() -> new BearerTokenError("", TEST_HTTP_STATUS, null, null))
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("errorCode cannot be empty");
+		assertThatIllegalArgumentException().isThrownBy(() -> new BearerTokenError("", TEST_HTTP_STATUS, null, null))
+				.withMessage("errorCode cannot be empty");
 	}
 
 	@Test
 	public void constructorWithErrorCodeAndHttpStatusWhenHttpStatusIsNullThenThrowIllegalArgumentException() {
-		assertThatCode(() -> new BearerTokenError(TEST_ERROR_CODE, null, null, null))
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("httpStatus cannot be null");
+		assertThatIllegalArgumentException().isThrownBy(() -> new BearerTokenError(TEST_ERROR_CODE, null, null, null))
+				.withMessage("httpStatus cannot be null");
 	}
 
 	@Test
@@ -82,48 +82,52 @@ public class BearerTokenErrorTests {
 
 	@Test
 	public void constructorWithAllParametersWhenErrorCodeIsNullThenThrowIllegalArgumentException() {
-		assertThatCode(() -> new BearerTokenError(null, TEST_HTTP_STATUS, TEST_DESCRIPTION, TEST_URI, TEST_SCOPE))
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("errorCode cannot be empty");
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new BearerTokenError(null, TEST_HTTP_STATUS, TEST_DESCRIPTION, TEST_URI, TEST_SCOPE))
+				.withMessage("errorCode cannot be empty");
 	}
 
 	@Test
 	public void constructorWithAllParametersWhenErrorCodeIsEmptyThenThrowIllegalArgumentException() {
-		assertThatCode(() -> new BearerTokenError("", TEST_HTTP_STATUS, TEST_DESCRIPTION, TEST_URI, TEST_SCOPE))
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("errorCode cannot be empty");
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new BearerTokenError("", TEST_HTTP_STATUS, TEST_DESCRIPTION, TEST_URI, TEST_SCOPE))
+				.withMessage("errorCode cannot be empty");
 	}
 
 	@Test
 	public void constructorWithAllParametersWhenHttpStatusIsNullThenThrowIllegalArgumentException() {
-		assertThatCode(() -> new BearerTokenError(TEST_ERROR_CODE, null, TEST_DESCRIPTION, TEST_URI, TEST_SCOPE))
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("httpStatus cannot be null");
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new BearerTokenError(TEST_ERROR_CODE, null, TEST_DESCRIPTION, TEST_URI, TEST_SCOPE))
+				.withMessage("httpStatus cannot be null");
 	}
 
 	@Test
 	public void constructorWithAllParametersWhenErrorCodeIsInvalidThenThrowIllegalArgumentException() {
-		assertThatCode(() -> new BearerTokenError(TEST_ERROR_CODE + "\"", TEST_HTTP_STATUS, TEST_DESCRIPTION, TEST_URI,
-				TEST_SCOPE)).isInstanceOf(IllegalArgumentException.class).hasMessageContaining("errorCode")
-						.hasMessageContaining("RFC 6750");
+		assertThatIllegalArgumentException().isThrownBy(() -> new BearerTokenError(TEST_ERROR_CODE + "\"",
+				TEST_HTTP_STATUS, TEST_DESCRIPTION, TEST_URI, TEST_SCOPE)).withMessageContaining("errorCode")
+				.withMessageContaining("RFC 6750");
 	}
 
 	@Test
 	public void constructorWithAllParametersWhenDescriptionIsInvalidThenThrowIllegalArgumentException() {
-		assertThatCode(() -> new BearerTokenError(TEST_ERROR_CODE, TEST_HTTP_STATUS, TEST_DESCRIPTION + "\"", TEST_URI,
-				TEST_SCOPE)).isInstanceOf(IllegalArgumentException.class).hasMessageContaining("description")
-						.hasMessageContaining("RFC 6750");
+		assertThatIllegalArgumentException().isThrownBy(() -> new BearerTokenError(TEST_ERROR_CODE, TEST_HTTP_STATUS,
+				TEST_DESCRIPTION + "\"", TEST_URI, TEST_SCOPE)).withMessageContaining("description")
+				.withMessageContaining("RFC 6750");
 	}
 
 	@Test
 	public void constructorWithAllParametersWhenErrorUriIsInvalidThenThrowIllegalArgumentException() {
-		assertThatCode(() -> new BearerTokenError(TEST_ERROR_CODE, TEST_HTTP_STATUS, TEST_DESCRIPTION, TEST_URI + "\"",
-				TEST_SCOPE)).isInstanceOf(IllegalArgumentException.class).hasMessageContaining("errorUri")
-						.hasMessageContaining("RFC 6750");
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new BearerTokenError(TEST_ERROR_CODE, TEST_HTTP_STATUS, TEST_DESCRIPTION,
+						TEST_URI + "\"", TEST_SCOPE))
+				.withMessageContaining("errorUri").withMessageContaining("RFC 6750");
 	}
 
 	@Test
 	public void constructorWithAllParametersWhenScopeIsInvalidThenThrowIllegalArgumentException() {
-		assertThatCode(() -> new BearerTokenError(TEST_ERROR_CODE, TEST_HTTP_STATUS, TEST_DESCRIPTION, TEST_URI,
-				TEST_SCOPE + "\"")).isInstanceOf(IllegalArgumentException.class).hasMessageContaining("scope")
-						.hasMessageContaining("RFC 6750");
+		assertThatIllegalArgumentException().isThrownBy(() -> new BearerTokenError(TEST_ERROR_CODE, TEST_HTTP_STATUS,
+				TEST_DESCRIPTION, TEST_URI, TEST_SCOPE + "\"")).withMessageContaining("scope")
+				.withMessageContaining("RFC 6750");
 	}
 
 }
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/BearerTokenAuthenticationTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/BearerTokenAuthenticationTests.java
index 3a77bbb899..9808b19d5b 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/BearerTokenAuthenticationTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/BearerTokenAuthenticationTests.java
@@ -36,7 +36,7 @@ import org.springframework.security.oauth2.core.OAuth2AuthenticatedPrincipal;
 import org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionClaimNames;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatCode;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * Tests for {@link BearerTokenAuthentication}
@@ -90,14 +90,14 @@ public class BearerTokenAuthenticationTests {
 
 	@Test
 	public void constructorWhenTokenIsNullThenThrowsException() {
-		assertThatCode(() -> new BearerTokenAuthentication(this.principal, null, null))
-				.isInstanceOf(IllegalArgumentException.class).hasMessageContaining("token cannot be null");
+		assertThatIllegalArgumentException().isThrownBy(() -> new BearerTokenAuthentication(this.principal, null, null))
+				.withMessageContaining("token cannot be null");
 	}
 
 	@Test
 	public void constructorWhenCredentialIsNullThenThrowsException() {
-		assertThatCode(() -> new BearerTokenAuthentication(null, this.token, null))
-				.isInstanceOf(IllegalArgumentException.class).hasMessageContaining("principal cannot be null");
+		assertThatIllegalArgumentException().isThrownBy(() -> new BearerTokenAuthentication(null, this.token, null))
+				.withMessageContaining("principal cannot be null");
 	}
 
 	@Test
@@ -140,7 +140,7 @@ public class BearerTokenAuthenticationTests {
 		JSONObject attributes = new JSONObject(Collections.singletonMap("iss", new URL("https://idp.example.com")));
 		OAuth2AuthenticatedPrincipal principal = new DefaultOAuth2AuthenticatedPrincipal(attributes, null);
 		BearerTokenAuthentication token = new BearerTokenAuthentication(principal, this.token, null);
-		assertThatCode(token::toString).doesNotThrowAnyException();
+		token.toString();
 	}
 
 }
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationProviderTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationProviderTests.java
index 2501d67a4a..5c6e9c78a9 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationProviderTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationProviderTests.java
@@ -36,7 +36,7 @@ import org.springframework.security.oauth2.server.resource.BearerTokenAuthentica
 import org.springframework.security.oauth2.server.resource.BearerTokenErrorCodes;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatCode;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 
@@ -76,8 +76,8 @@ public class JwtAuthenticationProviderTests {
 	public void authenticateWhenJwtDecodeFailsThenRespondsWithInvalidToken() {
 		BearerTokenAuthenticationToken token = this.authentication();
 		given(this.jwtDecoder.decode("token")).willThrow(BadJwtException.class);
-		assertThatCode(() -> this.provider.authenticate(token))
-				.matches((failed) -> failed instanceof OAuth2AuthenticationException)
+		assertThatExceptionOfType(OAuth2AuthenticationException.class)
+				.isThrownBy(() -> this.provider.authenticate(token))
 				.matches(errorCode(BearerTokenErrorCodes.INVALID_TOKEN));
 	}
 
@@ -85,8 +85,9 @@ public class JwtAuthenticationProviderTests {
 	public void authenticateWhenDecoderThrowsIncompatibleErrorMessageThenWrapsWithGenericOne() {
 		BearerTokenAuthenticationToken token = this.authentication();
 		given(this.jwtDecoder.decode(token.getToken())).willThrow(new BadJwtException("with \"invalid\" chars"));
-		assertThatCode(() -> this.provider.authenticate(token)).isInstanceOf(OAuth2AuthenticationException.class)
-				.hasFieldOrPropertyWithValue("error.description", "Invalid token");
+		assertThatExceptionOfType(OAuth2AuthenticationException.class)
+				.isThrownBy(() -> this.provider.authenticate(token))
+				.satisfies((ex) -> assertThat(ex).hasFieldOrPropertyWithValue("error.description", "Invalid token"));
 	}
 
 	// gh-7785
@@ -94,7 +95,7 @@ public class JwtAuthenticationProviderTests {
 	public void authenticateWhenDecoderFailsGenericallyThenThrowsGenericException() {
 		BearerTokenAuthenticationToken token = this.authentication();
 		given(this.jwtDecoder.decode(token.getToken())).willThrow(new JwtException("no jwk set"));
-		assertThatCode(() -> this.provider.authenticate(token)).isInstanceOf(AuthenticationException.class)
+		assertThatExceptionOfType(AuthenticationException.class).isThrownBy(() -> this.provider.authenticate(token))
 				.isNotInstanceOf(OAuth2AuthenticationException.class);
 	}
 
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationTokenTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationTokenTests.java
index 417c2354b3..dcd487b2d3 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationTokenTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationTokenTests.java
@@ -28,7 +28,7 @@ import org.springframework.security.oauth2.jose.jws.JwsAlgorithms;
 import org.springframework.security.oauth2.jwt.Jwt;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatCode;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * Tests for {@link JwtAuthenticationToken}
@@ -54,8 +54,8 @@ public class JwtAuthenticationTokenTests {
 
 	@Test
 	public void constructorWhenJwtIsNullThenThrowsException() {
-		assertThatCode(() -> new JwtAuthenticationToken(null)).isInstanceOf(IllegalArgumentException.class)
-				.hasMessageContaining("token cannot be null");
+		assertThatIllegalArgumentException().isThrownBy(() -> new JwtAuthenticationToken(null))
+				.withMessageContaining("token cannot be null");
 	}
 
 	@Test
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerAuthenticationManagerResolverTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerAuthenticationManagerResolverTests.java
index bd793b0f14..dbfeedbf42 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerAuthenticationManagerResolverTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerAuthenticationManagerResolverTests.java
@@ -41,7 +41,8 @@ import org.springframework.security.oauth2.jose.TestKeys;
 import org.springframework.security.oauth2.jwt.JwtClaimNames;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatCode;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.Mockito.mock;
 
 /**
@@ -85,8 +86,9 @@ public class JwtIssuerAuthenticationManagerResolverTests {
 				"other", "issuers");
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.addHeader("Authorization", "Bearer " + this.jwt);
-		assertThatCode(() -> authenticationManagerResolver.resolve(request))
-				.isInstanceOf(OAuth2AuthenticationException.class).hasMessageContaining("Invalid issuer");
+		assertThatExceptionOfType(OAuth2AuthenticationException.class)
+				.isThrownBy(() -> authenticationManagerResolver.resolve(request))
+				.withMessageContaining("Invalid issuer");
 	}
 
 	@Test
@@ -106,14 +108,16 @@ public class JwtIssuerAuthenticationManagerResolverTests {
 		Map<String, AuthenticationManager> authenticationManagers = new HashMap<>();
 		JwtIssuerAuthenticationManagerResolver authenticationManagerResolver = new JwtIssuerAuthenticationManagerResolver(
 				authenticationManagers::get);
-		assertThatCode(() -> authenticationManagerResolver.resolve(request))
-				.isInstanceOf(OAuth2AuthenticationException.class).hasMessageContaining("Invalid issuer");
+		assertThatExceptionOfType(OAuth2AuthenticationException.class)
+				.isThrownBy(() -> authenticationManagerResolver.resolve(request))
+				.withMessageContaining("Invalid issuer");
 		AuthenticationManager authenticationManager = mock(AuthenticationManager.class);
 		authenticationManagers.put("trusted", authenticationManager);
 		assertThat(authenticationManagerResolver.resolve(request)).isSameAs(authenticationManager);
 		authenticationManagers.clear();
-		assertThatCode(() -> authenticationManagerResolver.resolve(request))
-				.isInstanceOf(OAuth2AuthenticationException.class).hasMessageContaining("Invalid issuer");
+		assertThatExceptionOfType(OAuth2AuthenticationException.class)
+				.isThrownBy(() -> authenticationManagerResolver.resolve(request))
+				.withMessageContaining("Invalid issuer");
 	}
 
 	@Test
@@ -122,8 +126,9 @@ public class JwtIssuerAuthenticationManagerResolverTests {
 				"trusted");
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.addHeader("Authorization", "Bearer jwt");
-		assertThatCode(() -> authenticationManagerResolver.resolve(request))
-				.isInstanceOf(OAuth2AuthenticationException.class).hasMessageNotContaining("Invalid issuer");
+		assertThatExceptionOfType(OAuth2AuthenticationException.class)
+				.isThrownBy(() -> authenticationManagerResolver.resolve(request))
+				.withMessageNotContaining("Invalid issuer");
 	}
 
 	@Test
@@ -132,8 +137,9 @@ public class JwtIssuerAuthenticationManagerResolverTests {
 				"trusted");
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.addHeader("Authorization", "Bearer " + this.noIssuer);
-		assertThatCode(() -> authenticationManagerResolver.resolve(request))
-				.isInstanceOf(OAuth2AuthenticationException.class).hasMessageContaining("Missing issuer");
+		assertThatExceptionOfType(OAuth2AuthenticationException.class)
+				.isThrownBy(() -> authenticationManagerResolver.resolve(request))
+				.withMessageContaining("Missing issuer");
 	}
 
 	@Test
@@ -142,22 +148,22 @@ public class JwtIssuerAuthenticationManagerResolverTests {
 				"trusted");
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.addHeader("Authorization", "Bearer " + this.evil);
-		assertThatCode(() -> authenticationManagerResolver.resolve(request))
-				.isInstanceOf(OAuth2AuthenticationException.class).hasMessage("Invalid issuer");
+		assertThatExceptionOfType(OAuth2AuthenticationException.class)
+				.isThrownBy(() -> authenticationManagerResolver.resolve(request)).withMessage("Invalid issuer");
 	}
 
 	@Test
 	public void constructorWhenNullOrEmptyIssuersThenException() {
-		assertThatCode(() -> new JwtIssuerAuthenticationManagerResolver((Collection) null))
-				.isInstanceOf(IllegalArgumentException.class);
-		assertThatCode(() -> new JwtIssuerAuthenticationManagerResolver(Collections.emptyList()))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new JwtIssuerAuthenticationManagerResolver((Collection) null));
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new JwtIssuerAuthenticationManagerResolver(Collections.emptyList()));
 	}
 
 	@Test
 	public void constructorWhenNullAuthenticationManagerResolverThenException() {
-		assertThatCode(() -> new JwtIssuerAuthenticationManagerResolver((AuthenticationManagerResolver) null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new JwtIssuerAuthenticationManagerResolver((AuthenticationManagerResolver) null));
 	}
 
 	private String jwt(String claim, String value) {
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerReactiveAuthenticationManagerResolverTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerReactiveAuthenticationManagerResolverTests.java
index 12df1edc95..7d290b39e2 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerReactiveAuthenticationManagerResolverTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerReactiveAuthenticationManagerResolverTests.java
@@ -43,7 +43,8 @@ import org.springframework.security.oauth2.jose.TestKeys;
 import org.springframework.security.oauth2.jwt.JwtClaimNames;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatCode;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.Mockito.mock;
 
 /**
@@ -86,8 +87,9 @@ public class JwtIssuerReactiveAuthenticationManagerResolverTests {
 		JwtIssuerReactiveAuthenticationManagerResolver authenticationManagerResolver = new JwtIssuerReactiveAuthenticationManagerResolver(
 				"other", "issuers");
 		MockServerWebExchange exchange = withBearerToken(this.jwt);
-		assertThatCode(() -> authenticationManagerResolver.resolve(exchange).block())
-				.isInstanceOf(OAuth2AuthenticationException.class).hasMessageContaining("Invalid issuer");
+		assertThatExceptionOfType(OAuth2AuthenticationException.class)
+				.isThrownBy(() -> authenticationManagerResolver.resolve(exchange).block())
+				.withMessageContaining("Invalid issuer");
 	}
 
 	@Test
@@ -105,14 +107,16 @@ public class JwtIssuerReactiveAuthenticationManagerResolverTests {
 		Map<String, ReactiveAuthenticationManager> authenticationManagers = new HashMap<>();
 		JwtIssuerReactiveAuthenticationManagerResolver authenticationManagerResolver = new JwtIssuerReactiveAuthenticationManagerResolver(
 				(issuer) -> Mono.justOrEmpty(authenticationManagers.get(issuer)));
-		assertThatCode(() -> authenticationManagerResolver.resolve(exchange).block())
-				.isInstanceOf(OAuth2AuthenticationException.class).hasMessageContaining("Invalid issuer");
+		assertThatExceptionOfType(OAuth2AuthenticationException.class)
+				.isThrownBy(() -> authenticationManagerResolver.resolve(exchange).block())
+				.withMessageContaining("Invalid issuer");
 		ReactiveAuthenticationManager authenticationManager = mock(ReactiveAuthenticationManager.class);
 		authenticationManagers.put("trusted", authenticationManager);
 		assertThat(authenticationManagerResolver.resolve(exchange).block()).isSameAs(authenticationManager);
 		authenticationManagers.clear();
-		assertThatCode(() -> authenticationManagerResolver.resolve(exchange).block())
-				.isInstanceOf(OAuth2AuthenticationException.class).hasMessageContaining("Invalid issuer");
+		assertThatExceptionOfType(OAuth2AuthenticationException.class)
+				.isThrownBy(() -> authenticationManagerResolver.resolve(exchange).block())
+				.withMessageContaining("Invalid issuer");
 	}
 
 	@Test
@@ -120,8 +124,9 @@ public class JwtIssuerReactiveAuthenticationManagerResolverTests {
 		JwtIssuerReactiveAuthenticationManagerResolver authenticationManagerResolver = new JwtIssuerReactiveAuthenticationManagerResolver(
 				"trusted");
 		MockServerWebExchange exchange = withBearerToken("jwt");
-		assertThatCode(() -> authenticationManagerResolver.resolve(exchange).block())
-				.isInstanceOf(OAuth2AuthenticationException.class).hasMessageNotContaining("Invalid issuer");
+		assertThatExceptionOfType(OAuth2AuthenticationException.class)
+				.isThrownBy(() -> authenticationManagerResolver.resolve(exchange).block())
+				.withMessageNotContaining("Invalid issuer");
 	}
 
 	@Test
@@ -129,8 +134,9 @@ public class JwtIssuerReactiveAuthenticationManagerResolverTests {
 		JwtIssuerReactiveAuthenticationManagerResolver authenticationManagerResolver = new JwtIssuerReactiveAuthenticationManagerResolver(
 				"trusted");
 		MockServerWebExchange exchange = withBearerToken(this.noIssuer);
-		assertThatCode(() -> authenticationManagerResolver.resolve(exchange).block())
-				.isInstanceOf(OAuth2AuthenticationException.class).hasMessageContaining("Missing issuer");
+		assertThatExceptionOfType(OAuth2AuthenticationException.class)
+				.isThrownBy(() -> authenticationManagerResolver.resolve(exchange).block())
+				.withMessageContaining("Missing issuer");
 	}
 
 	@Test
@@ -138,23 +144,22 @@ public class JwtIssuerReactiveAuthenticationManagerResolverTests {
 		JwtIssuerReactiveAuthenticationManagerResolver authenticationManagerResolver = new JwtIssuerReactiveAuthenticationManagerResolver(
 				"trusted");
 		MockServerWebExchange exchange = withBearerToken(this.evil);
-		assertThatCode(() -> authenticationManagerResolver.resolve(exchange).block())
-				.isInstanceOf(OAuth2AuthenticationException.class).hasMessage("Invalid token");
+		assertThatExceptionOfType(OAuth2AuthenticationException.class)
+				.isThrownBy(() -> authenticationManagerResolver.resolve(exchange).block()).withMessage("Invalid token");
 	}
 
 	@Test
 	public void constructorWhenNullOrEmptyIssuersThenException() {
-		assertThatCode(() -> new JwtIssuerReactiveAuthenticationManagerResolver((Collection) null))
-				.isInstanceOf(IllegalArgumentException.class);
-		assertThatCode(() -> new JwtIssuerReactiveAuthenticationManagerResolver(Collections.emptyList()))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new JwtIssuerReactiveAuthenticationManagerResolver((Collection) null));
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new JwtIssuerReactiveAuthenticationManagerResolver(Collections.emptyList()));
 	}
 
 	@Test
 	public void constructorWhenNullAuthenticationManagerResolverThenException() {
-		assertThatCode(
-				() -> new JwtIssuerReactiveAuthenticationManagerResolver((ReactiveAuthenticationManagerResolver) null))
-						.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(
+				() -> new JwtIssuerReactiveAuthenticationManagerResolver((ReactiveAuthenticationManagerResolver) null));
 	}
 
 	private String jwt(String claim, String value) {
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtReactiveAuthenticationManagerTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtReactiveAuthenticationManagerTests.java
index cb1dddb456..bfafa2cfc3 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtReactiveAuthenticationManagerTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtReactiveAuthenticationManagerTests.java
@@ -36,7 +36,8 @@ import org.springframework.security.oauth2.jwt.TestJwts;
 import org.springframework.security.oauth2.server.resource.BearerTokenAuthenticationToken;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatCode;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.BDDMockito.given;
 
@@ -63,8 +64,7 @@ public class JwtReactiveAuthenticationManagerTests {
 	@Test
 	public void constructorWhenJwtDecoderNullThenIllegalArgumentException() {
 		this.jwtDecoder = null;
-		assertThatCode(() -> new JwtReactiveAuthenticationManager(this.jwtDecoder))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> new JwtReactiveAuthenticationManager(this.jwtDecoder));
 	}
 
 	@Test
@@ -84,8 +84,8 @@ public class JwtReactiveAuthenticationManagerTests {
 	public void authenticateWhenJwtExceptionThenOAuth2AuthenticationException() {
 		BearerTokenAuthenticationToken token = new BearerTokenAuthenticationToken("token-1");
 		given(this.jwtDecoder.decode(any())).willReturn(Mono.error(new BadJwtException("Oops")));
-		assertThatCode(() -> this.manager.authenticate(token).block())
-				.isInstanceOf(OAuth2AuthenticationException.class);
+		assertThatExceptionOfType(OAuth2AuthenticationException.class)
+				.isThrownBy(() -> this.manager.authenticate(token).block());
 	}
 
 	// gh-7549
@@ -93,8 +93,9 @@ public class JwtReactiveAuthenticationManagerTests {
 	public void authenticateWhenDecoderThrowsIncompatibleErrorMessageThenWrapsWithGenericOne() {
 		BearerTokenAuthenticationToken token = new BearerTokenAuthenticationToken("token-1");
 		given(this.jwtDecoder.decode(token.getToken())).willThrow(new BadJwtException("with \"invalid\" chars"));
-		assertThatCode(() -> this.manager.authenticate(token).block()).isInstanceOf(OAuth2AuthenticationException.class)
-				.hasFieldOrPropertyWithValue("error.description", "Invalid token");
+		assertThatExceptionOfType(OAuth2AuthenticationException.class)
+				.isThrownBy(() -> this.manager.authenticate(token).block())
+				.satisfies((ex) -> assertThat(ex).hasFieldOrPropertyWithValue("error.description", "Invalid token"));
 	}
 
 	// gh-7785
@@ -102,7 +103,8 @@ public class JwtReactiveAuthenticationManagerTests {
 	public void authenticateWhenDecoderFailsGenericallyThenThrowsGenericException() {
 		BearerTokenAuthenticationToken token = new BearerTokenAuthenticationToken("token-1");
 		given(this.jwtDecoder.decode(token.getToken())).willThrow(new JwtException("no jwk set"));
-		assertThatCode(() -> this.manager.authenticate(token).block()).isInstanceOf(AuthenticationException.class)
+		assertThatExceptionOfType(AuthenticationException.class)
+				.isThrownBy(() -> this.manager.authenticate(token).block())
 				.isNotInstanceOf(OAuth2AuthenticationException.class);
 	}
 
@@ -110,7 +112,7 @@ public class JwtReactiveAuthenticationManagerTests {
 	public void authenticateWhenNotJwtExceptionThenPropagates() {
 		BearerTokenAuthenticationToken token = new BearerTokenAuthenticationToken("token-1");
 		given(this.jwtDecoder.decode(any())).willReturn(Mono.error(new RuntimeException("Oops")));
-		assertThatCode(() -> this.manager.authenticate(token).block()).isInstanceOf(RuntimeException.class);
+		assertThatExceptionOfType(RuntimeException.class).isThrownBy(() -> this.manager.authenticate(token).block());
 	}
 
 	@Test
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenAuthenticationProviderTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenAuthenticationProviderTests.java
index 85ec86bdb5..950dbd1579 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenAuthenticationProviderTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenAuthenticationProviderTests.java
@@ -35,7 +35,8 @@ import org.springframework.security.oauth2.server.resource.introspection.OAuth2I
 import org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenIntrospector;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatCode;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
@@ -91,13 +92,13 @@ public class OpaqueTokenAuthenticationProviderTests {
 		OpaqueTokenIntrospector introspector = mock(OpaqueTokenIntrospector.class);
 		given(introspector.introspect(any())).willThrow(new OAuth2IntrospectionException("with \"invalid\" chars"));
 		OpaqueTokenAuthenticationProvider provider = new OpaqueTokenAuthenticationProvider(introspector);
-		assertThatCode(() -> provider.authenticate(new BearerTokenAuthenticationToken("token")))
-				.isInstanceOf(AuthenticationServiceException.class);
+		assertThatExceptionOfType(AuthenticationServiceException.class)
+				.isThrownBy(() -> provider.authenticate(new BearerTokenAuthenticationToken("token")));
 	}
 
 	@Test
 	public void constructorWhenIntrospectionClientIsNullThenIllegalArgumentException() {
-		assertThatCode(() -> new OpaqueTokenAuthenticationProvider(null)).isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> new OpaqueTokenAuthenticationProvider(null));
 	}
 
 }
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenReactiveAuthenticationManagerTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenReactiveAuthenticationManagerTests.java
index a0fb423835..b5417853ea 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenReactiveAuthenticationManagerTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenReactiveAuthenticationManagerTests.java
@@ -36,7 +36,8 @@ import org.springframework.security.oauth2.server.resource.introspection.OAuth2I
 import org.springframework.security.oauth2.server.resource.introspection.ReactiveOpaqueTokenIntrospector;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatCode;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
@@ -93,14 +94,13 @@ public class OpaqueTokenReactiveAuthenticationManagerTests {
 		given(introspector.introspect(any()))
 				.willReturn(Mono.error(new OAuth2IntrospectionException("with \"invalid\" chars")));
 		OpaqueTokenReactiveAuthenticationManager provider = new OpaqueTokenReactiveAuthenticationManager(introspector);
-		assertThatCode(() -> provider.authenticate(new BearerTokenAuthenticationToken("token")).block())
-				.isInstanceOf(AuthenticationServiceException.class);
+		assertThatExceptionOfType(AuthenticationServiceException.class)
+				.isThrownBy(() -> provider.authenticate(new BearerTokenAuthenticationToken("token")).block());
 	}
 
 	@Test
 	public void constructorWhenIntrospectionClientIsNullThenIllegalArgumentException() {
-		assertThatCode(() -> new OpaqueTokenReactiveAuthenticationManager(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> new OpaqueTokenReactiveAuthenticationManager(null));
 	}
 
 }
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusOpaqueTokenIntrospectorTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusOpaqueTokenIntrospectorTests.java
index 4e858e8c7d..be83779eed 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusOpaqueTokenIntrospectorTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusOpaqueTokenIntrospectorTests.java
@@ -43,8 +43,8 @@ import org.springframework.security.oauth2.core.OAuth2AuthenticatedPrincipal;
 import org.springframework.web.client.RestOperations;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatCode;
 import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.BDDMockito.given;
@@ -126,8 +126,8 @@ public class NimbusOpaqueTokenIntrospectorTests {
 			String introspectUri = server.url("/introspect").toString();
 			OpaqueTokenIntrospector introspectionClient = new NimbusOpaqueTokenIntrospector(introspectUri, CLIENT_ID,
 					"wrong");
-			assertThatCode(() -> introspectionClient.introspect("token"))
-					.isInstanceOf(OAuth2IntrospectionException.class);
+			assertThatExceptionOfType(OAuth2IntrospectionException.class)
+					.isThrownBy(() -> introspectionClient.introspect("token"));
 		}
 	}
 
@@ -137,8 +137,8 @@ public class NimbusOpaqueTokenIntrospectorTests {
 		OpaqueTokenIntrospector introspectionClient = new NimbusOpaqueTokenIntrospector(INTROSPECTION_URL,
 				restOperations);
 		given(restOperations.exchange(any(RequestEntity.class), eq(String.class))).willReturn(INACTIVE);
-		assertThatCode(() -> introspectionClient.introspect("token")).isInstanceOf(OAuth2IntrospectionException.class)
-				.extracting("message").isEqualTo("Provided token isn't active");
+		assertThatExceptionOfType(OAuth2IntrospectionException.class)
+				.isThrownBy(() -> introspectionClient.introspect("token")).withMessage("Provided token isn't active");
 	}
 
 	@Test
@@ -167,8 +167,8 @@ public class NimbusOpaqueTokenIntrospectorTests {
 				restOperations);
 		given(restOperations.exchange(any(RequestEntity.class), eq(String.class)))
 				.willThrow(new IllegalStateException("server was unresponsive"));
-		assertThatCode(() -> introspectionClient.introspect("token")).isInstanceOf(OAuth2IntrospectionException.class)
-				.extracting("message").isEqualTo("server was unresponsive");
+		assertThatExceptionOfType(OAuth2IntrospectionException.class)
+				.isThrownBy(() -> introspectionClient.introspect("token")).withMessage("server was unresponsive");
 	}
 
 	@Test
@@ -177,7 +177,8 @@ public class NimbusOpaqueTokenIntrospectorTests {
 		OpaqueTokenIntrospector introspectionClient = new NimbusOpaqueTokenIntrospector(INTROSPECTION_URL,
 				restOperations);
 		given(restOperations.exchange(any(RequestEntity.class), eq(String.class))).willReturn(response("malformed"));
-		assertThatCode(() -> introspectionClient.introspect("token")).isInstanceOf(OAuth2IntrospectionException.class);
+		assertThatExceptionOfType(OAuth2IntrospectionException.class)
+				.isThrownBy(() -> introspectionClient.introspect("token"));
 	}
 
 	@Test
@@ -186,7 +187,8 @@ public class NimbusOpaqueTokenIntrospectorTests {
 		OpaqueTokenIntrospector introspectionClient = new NimbusOpaqueTokenIntrospector(INTROSPECTION_URL,
 				restOperations);
 		given(restOperations.exchange(any(RequestEntity.class), eq(String.class))).willReturn(INVALID);
-		assertThatCode(() -> introspectionClient.introspect("token")).isInstanceOf(OAuth2IntrospectionException.class);
+		assertThatExceptionOfType(OAuth2IntrospectionException.class)
+				.isThrownBy(() -> introspectionClient.introspect("token"));
 	}
 
 	@Test
@@ -195,7 +197,8 @@ public class NimbusOpaqueTokenIntrospectorTests {
 		OpaqueTokenIntrospector introspectionClient = new NimbusOpaqueTokenIntrospector(INTROSPECTION_URL,
 				restOperations);
 		given(restOperations.exchange(any(RequestEntity.class), eq(String.class))).willReturn(MALFORMED_ISSUER);
-		assertThatCode(() -> introspectionClient.introspect("token")).isInstanceOf(OAuth2IntrospectionException.class);
+		assertThatExceptionOfType(OAuth2IntrospectionException.class)
+				.isThrownBy(() -> introspectionClient.introspect("token"));
 	}
 
 	// gh-7563
@@ -213,26 +216,26 @@ public class NimbusOpaqueTokenIntrospectorTests {
 
 	@Test
 	public void constructorWhenIntrospectionUriIsNullThenIllegalArgumentException() {
-		assertThatCode(() -> new NimbusOpaqueTokenIntrospector(null, CLIENT_ID, CLIENT_SECRET))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new NimbusOpaqueTokenIntrospector(null, CLIENT_ID, CLIENT_SECRET));
 	}
 
 	@Test
 	public void constructorWhenClientIdIsNullThenIllegalArgumentException() {
-		assertThatCode(() -> new NimbusOpaqueTokenIntrospector(INTROSPECTION_URL, null, CLIENT_SECRET))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new NimbusOpaqueTokenIntrospector(INTROSPECTION_URL, null, CLIENT_SECRET));
 	}
 
 	@Test
 	public void constructorWhenClientSecretIsNullThenIllegalArgumentException() {
-		assertThatCode(() -> new NimbusOpaqueTokenIntrospector(INTROSPECTION_URL, CLIENT_ID, null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new NimbusOpaqueTokenIntrospector(INTROSPECTION_URL, CLIENT_ID, null));
 	}
 
 	@Test
 	public void constructorWhenRestOperationsIsNullThenIllegalArgumentException() {
-		assertThatCode(() -> new NimbusOpaqueTokenIntrospector(INTROSPECTION_URL, null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new NimbusOpaqueTokenIntrospector(INTROSPECTION_URL, null));
 	}
 
 	@Test
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusReactiveOpaqueTokenIntrospectorTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusReactiveOpaqueTokenIntrospectorTests.java
index 8d452e608c..9e9036a964 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusReactiveOpaqueTokenIntrospectorTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusReactiveOpaqueTokenIntrospectorTests.java
@@ -41,7 +41,8 @@ import org.springframework.web.reactive.function.client.ClientResponse;
 import org.springframework.web.reactive.function.client.WebClient;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatCode;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.spy;
@@ -104,8 +105,9 @@ public class NimbusReactiveOpaqueTokenIntrospectorTests {
 			String introspectUri = server.url("/introspect").toString();
 			NimbusReactiveOpaqueTokenIntrospector introspectionClient = new NimbusReactiveOpaqueTokenIntrospector(
 					introspectUri, CLIENT_ID, "wrong");
-			assertThatCode(() -> introspectionClient.introspect("token").block())
-					.isInstanceOf(OAuth2IntrospectionException.class);
+			assertThatExceptionOfType(OAuth2IntrospectionException.class)
+					.isThrownBy(() -> introspectionClient.introspect("token").block());
+
 		}
 	}
 
@@ -114,9 +116,9 @@ public class NimbusReactiveOpaqueTokenIntrospectorTests {
 		WebClient webClient = mockResponse(INACTIVE_RESPONSE);
 		NimbusReactiveOpaqueTokenIntrospector introspectionClient = new NimbusReactiveOpaqueTokenIntrospector(
 				INTROSPECTION_URL, webClient);
-		assertThatCode(() -> introspectionClient.introspect("token").block())
-				.isInstanceOf(BadOpaqueTokenException.class).extracting("message")
-				.isEqualTo("Provided token isn't active");
+		assertThatExceptionOfType(BadOpaqueTokenException.class)
+				.isThrownBy(() -> introspectionClient.introspect("token").block())
+				.withMessage("Provided token isn't active");
 	}
 
 	@Test
@@ -141,9 +143,9 @@ public class NimbusReactiveOpaqueTokenIntrospectorTests {
 		WebClient webClient = mockResponse(new IllegalStateException("server was unresponsive"));
 		NimbusReactiveOpaqueTokenIntrospector introspectionClient = new NimbusReactiveOpaqueTokenIntrospector(
 				INTROSPECTION_URL, webClient);
-		assertThatCode(() -> introspectionClient.introspect("token").block())
-				.isInstanceOf(OAuth2IntrospectionException.class).extracting("message")
-				.isEqualTo("server was unresponsive");
+		assertThatExceptionOfType(OAuth2IntrospectionException.class)
+				.isThrownBy(() -> introspectionClient.introspect("token").block())
+				.withMessage("server was unresponsive");
 	}
 
 	@Test
@@ -151,8 +153,8 @@ public class NimbusReactiveOpaqueTokenIntrospectorTests {
 		WebClient webClient = mockResponse("malformed");
 		NimbusReactiveOpaqueTokenIntrospector introspectionClient = new NimbusReactiveOpaqueTokenIntrospector(
 				INTROSPECTION_URL, webClient);
-		assertThatCode(() -> introspectionClient.introspect("token").block())
-				.isInstanceOf(OAuth2IntrospectionException.class);
+		assertThatExceptionOfType(OAuth2IntrospectionException.class)
+				.isThrownBy(() -> introspectionClient.introspect("token").block());
 	}
 
 	@Test
@@ -160,8 +162,8 @@ public class NimbusReactiveOpaqueTokenIntrospectorTests {
 		WebClient webClient = mockResponse(INVALID_RESPONSE);
 		NimbusReactiveOpaqueTokenIntrospector introspectionClient = new NimbusReactiveOpaqueTokenIntrospector(
 				INTROSPECTION_URL, webClient);
-		assertThatCode(() -> introspectionClient.introspect("token").block())
-				.isInstanceOf(OAuth2IntrospectionException.class);
+		assertThatExceptionOfType(OAuth2IntrospectionException.class)
+				.isThrownBy(() -> introspectionClient.introspect("token").block());
 	}
 
 	@Test
@@ -169,32 +171,32 @@ public class NimbusReactiveOpaqueTokenIntrospectorTests {
 		WebClient webClient = mockResponse(MALFORMED_ISSUER_RESPONSE);
 		NimbusReactiveOpaqueTokenIntrospector introspectionClient = new NimbusReactiveOpaqueTokenIntrospector(
 				INTROSPECTION_URL, webClient);
-		assertThatCode(() -> introspectionClient.introspect("token").block())
-				.isInstanceOf(OAuth2IntrospectionException.class);
+		assertThatExceptionOfType(OAuth2IntrospectionException.class)
+				.isThrownBy(() -> introspectionClient.introspect("token").block());
 	}
 
 	@Test
 	public void constructorWhenIntrospectionUriIsEmptyThenIllegalArgumentException() {
-		assertThatCode(() -> new NimbusReactiveOpaqueTokenIntrospector("", CLIENT_ID, CLIENT_SECRET))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new NimbusReactiveOpaqueTokenIntrospector("", CLIENT_ID, CLIENT_SECRET));
 	}
 
 	@Test
 	public void constructorWhenClientIdIsEmptyThenIllegalArgumentException() {
-		assertThatCode(() -> new NimbusReactiveOpaqueTokenIntrospector(INTROSPECTION_URL, "", CLIENT_SECRET))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new NimbusReactiveOpaqueTokenIntrospector(INTROSPECTION_URL, "", CLIENT_SECRET));
 	}
 
 	@Test
 	public void constructorWhenClientSecretIsNullThenIllegalArgumentException() {
-		assertThatCode(() -> new NimbusReactiveOpaqueTokenIntrospector(INTROSPECTION_URL, CLIENT_ID, null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new NimbusReactiveOpaqueTokenIntrospector(INTROSPECTION_URL, CLIENT_ID, null));
 	}
 
 	@Test
 	public void constructorWhenRestOperationsIsNullThenIllegalArgumentException() {
-		assertThatCode(() -> new NimbusReactiveOpaqueTokenIntrospector(INTROSPECTION_URL, null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new NimbusReactiveOpaqueTokenIntrospector(INTROSPECTION_URL, null));
 	}
 
 	private WebClient mockResponse(String response) {
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/OAuth2IntrospectionAuthenticatedPrincipalTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/OAuth2IntrospectionAuthenticatedPrincipalTests.java
index 705683350d..bb96cb17ec 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/OAuth2IntrospectionAuthenticatedPrincipalTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/OAuth2IntrospectionAuthenticatedPrincipalTests.java
@@ -31,7 +31,7 @@ import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.oauth2.core.OAuth2AuthenticatedPrincipal;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatCode;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * Tests for {@link OAuth2IntrospectionAuthenticatedPrincipal}
@@ -108,10 +108,10 @@ public class OAuth2IntrospectionAuthenticatedPrincipalTests {
 
 	@Test
 	public void constructorWhenAttributesIsNullOrEmptyThenIllegalArgumentException() {
-		assertThatCode(() -> new OAuth2IntrospectionAuthenticatedPrincipal(null, AUTHORITIES))
-				.isInstanceOf(IllegalArgumentException.class);
-		assertThatCode(() -> new OAuth2IntrospectionAuthenticatedPrincipal(Collections.emptyMap(), AUTHORITIES))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new OAuth2IntrospectionAuthenticatedPrincipal(null, AUTHORITIES));
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new OAuth2IntrospectionAuthenticatedPrincipal(Collections.emptyMap(), AUTHORITIES));
 	}
 
 	@Test
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationEntryPointTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationEntryPointTests.java
index 9b7d1b474b..93e112e268 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationEntryPointTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationEntryPointTests.java
@@ -28,7 +28,6 @@ import org.springframework.security.oauth2.server.resource.BearerTokenError;
 import org.springframework.security.oauth2.server.resource.BearerTokenErrorCodes;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatCode;
 
 /**
  * Tests for {@link BearerTokenAuthenticationEntryPoint}.
@@ -150,7 +149,7 @@ public class BearerTokenAuthenticationEntryPointTests {
 
 	@Test
 	public void setRealmNameWhenNullRealmNameThenNoExceptionThrown() {
-		assertThatCode(() -> this.authenticationEntryPoint.setRealmName(null)).doesNotThrowAnyException();
+		this.authenticationEntryPoint.setRealmName(null);
 	}
 
 }
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationFilterTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationFilterTests.java
index 8607a3b41f..d7fd4a091c 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationFilterTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationFilterTests.java
@@ -42,7 +42,7 @@ import org.springframework.security.web.AuthenticationEntryPoint;
 import org.springframework.security.web.authentication.AuthenticationFailureHandler;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatCode;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.verify;
@@ -157,30 +157,29 @@ public class BearerTokenAuthenticationFilterTests {
 	@Test
 	public void setAuthenticationEntryPointWhenNullThenThrowsException() {
 		BearerTokenAuthenticationFilter filter = new BearerTokenAuthenticationFilter(this.authenticationManager);
-		assertThatCode(() -> filter.setAuthenticationEntryPoint(null)).isInstanceOf(IllegalArgumentException.class)
-				.hasMessageContaining("authenticationEntryPoint cannot be null");
+		assertThatIllegalArgumentException().isThrownBy(() -> filter.setAuthenticationEntryPoint(null))
+				.withMessageContaining("authenticationEntryPoint cannot be null");
 	}
 
 	@Test
 	public void setBearerTokenResolverWhenNullThenThrowsException() {
 		BearerTokenAuthenticationFilter filter = new BearerTokenAuthenticationFilter(this.authenticationManager);
-		assertThatCode(() -> filter.setBearerTokenResolver(null)).isInstanceOf(IllegalArgumentException.class)
-				.hasMessageContaining("bearerTokenResolver cannot be null");
+		assertThatIllegalArgumentException().isThrownBy(() -> filter.setBearerTokenResolver(null))
+				.withMessageContaining("bearerTokenResolver cannot be null");
 	}
 
 	@Test
 	public void constructorWhenNullAuthenticationManagerThenThrowsException() {
-		assertThatCode(() -> new BearerTokenAuthenticationFilter((AuthenticationManager) null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessageContaining("authenticationManager cannot be null");
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new BearerTokenAuthenticationFilter((AuthenticationManager) null))
+				.withMessageContaining("authenticationManager cannot be null");
 	}
 
 	@Test
 	public void constructorWhenNullAuthenticationManagerResolverThenThrowsException() {
-		assertThatCode(
+		assertThatIllegalArgumentException().isThrownBy(
 				() -> new BearerTokenAuthenticationFilter((AuthenticationManagerResolver<HttpServletRequest>) null))
-						.isInstanceOf(IllegalArgumentException.class)
-						.hasMessageContaining("authenticationManagerResolver cannot be null");
+				.withMessageContaining("authenticationManagerResolver cannot be null");
 	}
 
 	private BearerTokenAuthenticationFilter addMocks(BearerTokenAuthenticationFilter filter) {
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/DefaultBearerTokenResolverTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/DefaultBearerTokenResolverTests.java
index f1e0d6621f..e80ec201af 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/DefaultBearerTokenResolverTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/DefaultBearerTokenResolverTests.java
@@ -25,7 +25,7 @@ import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatCode;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 
 /**
  * Tests for {@link DefaultBearerTokenResolver}.
@@ -93,16 +93,16 @@ public class DefaultBearerTokenResolverTests {
 	public void resolveWhenHeaderWithMissingTokenIsPresentThenAuthenticationExceptionIsThrown() {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.addHeader("Authorization", "Bearer ");
-		assertThatCode(() -> this.resolver.resolve(request)).isInstanceOf(OAuth2AuthenticationException.class)
-				.hasMessageContaining(("Bearer token is malformed"));
+		assertThatExceptionOfType(OAuth2AuthenticationException.class).isThrownBy(() -> this.resolver.resolve(request))
+				.withMessageContaining(("Bearer token is malformed"));
 	}
 
 	@Test
 	public void resolveWhenHeaderWithInvalidCharactersIsPresentThenAuthenticationExceptionIsThrown() {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.addHeader("Authorization", "Bearer an\"invalid\"token");
-		assertThatCode(() -> this.resolver.resolve(request)).isInstanceOf(OAuth2AuthenticationException.class)
-				.hasMessageContaining(("Bearer token is malformed"));
+		assertThatExceptionOfType(OAuth2AuthenticationException.class).isThrownBy(() -> this.resolver.resolve(request))
+				.withMessageContaining(("Bearer token is malformed"));
 	}
 
 	@Test
@@ -112,8 +112,8 @@ public class DefaultBearerTokenResolverTests {
 		request.setMethod("POST");
 		request.setContentType("application/x-www-form-urlencoded");
 		request.addParameter("access_token", TEST_TOKEN);
-		assertThatCode(() -> this.resolver.resolve(request)).isInstanceOf(OAuth2AuthenticationException.class)
-				.hasMessageContaining("Found multiple bearer tokens in the request");
+		assertThatExceptionOfType(OAuth2AuthenticationException.class).isThrownBy(() -> this.resolver.resolve(request))
+				.withMessageContaining("Found multiple bearer tokens in the request");
 	}
 
 	@Test
@@ -122,16 +122,16 @@ public class DefaultBearerTokenResolverTests {
 		request.addHeader("Authorization", "Bearer " + TEST_TOKEN);
 		request.setMethod("GET");
 		request.addParameter("access_token", TEST_TOKEN);
-		assertThatCode(() -> this.resolver.resolve(request)).isInstanceOf(OAuth2AuthenticationException.class)
-				.hasMessageContaining("Found multiple bearer tokens in the request");
+		assertThatExceptionOfType(OAuth2AuthenticationException.class).isThrownBy(() -> this.resolver.resolve(request))
+				.withMessageContaining("Found multiple bearer tokens in the request");
 	}
 
 	@Test
 	public void resolveWhenRequestContainsTwoAccessTokenParametersThenAuthenticationExceptionIsThrown() {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.addParameter("access_token", "token1", "token2");
-		assertThatCode(() -> this.resolver.resolve(request)).isInstanceOf(OAuth2AuthenticationException.class)
-				.hasMessageContaining("Found multiple bearer tokens in the request");
+		assertThatExceptionOfType(OAuth2AuthenticationException.class).isThrownBy(() -> this.resolver.resolve(request))
+				.withMessageContaining("Found multiple bearer tokens in the request");
 	}
 
 	@Test
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/HeaderBearerTokenResolverTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/HeaderBearerTokenResolverTests.java
index 69365fb879..3db97ecd6d 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/HeaderBearerTokenResolverTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/HeaderBearerTokenResolverTests.java
@@ -21,7 +21,7 @@ import org.junit.Test;
 import org.springframework.mock.web.MockHttpServletRequest;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatCode;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * Tests for {@link HeaderBearerTokenResolver}
@@ -38,14 +38,14 @@ public class HeaderBearerTokenResolverTests {
 
 	@Test
 	public void constructorWhenHeaderNullThenThrowIllegalArgumentException() {
-		assertThatCode(() -> new HeaderBearerTokenResolver(null)).isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("header cannot be empty");
+		assertThatIllegalArgumentException().isThrownBy(() -> new HeaderBearerTokenResolver(null))
+				.withMessage("header cannot be empty");
 	}
 
 	@Test
 	public void constructorWhenHeaderEmptyThenThrowIllegalArgumentException() {
-		assertThatCode(() -> new HeaderBearerTokenResolver("")).isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("header cannot be empty");
+		assertThatIllegalArgumentException().isThrownBy(() -> new HeaderBearerTokenResolver(""))
+				.withMessage("header cannot be empty");
 	}
 
 	@Test
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/access/BearerTokenAccessDeniedHandlerTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/access/BearerTokenAccessDeniedHandlerTests.java
index cbfc5e942b..04686c3409 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/access/BearerTokenAccessDeniedHandlerTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/access/BearerTokenAccessDeniedHandlerTests.java
@@ -30,7 +30,6 @@ import org.springframework.security.oauth2.core.AbstractOAuth2Token;
 import org.springframework.security.oauth2.server.resource.authentication.AbstractOAuth2TokenAuthenticationToken;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatCode;
 
 /**
  * Tests for {@link BearerTokenAccessDeniedHandlerTests}
@@ -85,7 +84,7 @@ public class BearerTokenAccessDeniedHandlerTests {
 
 	@Test
 	public void setRealmNameWhenNullRealmNameThenNoExceptionThrown() {
-		assertThatCode(() -> this.accessDeniedHandler.setRealmName(null)).doesNotThrowAnyException();
+		this.accessDeniedHandler.setRealmName(null);
 	}
 
 	static class TestingOAuth2TokenAuthenticationToken
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/access/server/BearerTokenServerAccessDeniedHandlerTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/access/server/BearerTokenServerAccessDeniedHandlerTests.java
index 79980fb63c..1b6ce1662c 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/access/server/BearerTokenServerAccessDeniedHandlerTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/access/server/BearerTokenServerAccessDeniedHandlerTests.java
@@ -33,7 +33,6 @@ import org.springframework.security.oauth2.server.resource.authentication.Abstra
 import org.springframework.web.server.ServerWebExchange;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatCode;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 
@@ -86,7 +85,7 @@ public class BearerTokenServerAccessDeniedHandlerTests {
 
 	@Test
 	public void setRealmNameWhenNullRealmNameThenNoExceptionThrown() {
-		assertThatCode(() -> this.accessDeniedHandler.setRealmName(null)).doesNotThrowAnyException();
+		this.accessDeniedHandler.setRealmName(null);
 	}
 
 	static class TestingOAuth2TokenAuthenticationToken
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/server/ServerBearerTokenAuthenticationConverterTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/server/ServerBearerTokenAuthenticationConverterTests.java
index 21e6bbd4dd..c050bf5772 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/server/ServerBearerTokenAuthenticationConverterTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/server/ServerBearerTokenAuthenticationConverterTests.java
@@ -31,8 +31,7 @@ import org.springframework.security.oauth2.server.resource.BearerTokenError;
 import org.springframework.security.oauth2.server.resource.BearerTokenErrorCodes;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatCode;
-import static org.assertj.core.api.Assertions.catchThrowableOfType;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 
 /**
  * @author Rob Winch
@@ -80,12 +79,13 @@ public class ServerBearerTokenAuthenticationConverterTests {
 	public void resolveWhenValidHeaderIsEmptyStringThenTokenIsResolved() {
 		MockServerHttpRequest.BaseBuilder<?> request = MockServerHttpRequest.get("/").header(HttpHeaders.AUTHORIZATION,
 				"Bearer ");
-		OAuth2AuthenticationException expected = catchThrowableOfType(() -> convertToToken(request),
-				OAuth2AuthenticationException.class);
-		BearerTokenError error = (BearerTokenError) expected.getError();
-		assertThat(error.getErrorCode()).isEqualTo(BearerTokenErrorCodes.INVALID_TOKEN);
-		assertThat(error.getUri()).isEqualTo("https://tools.ietf.org/html/rfc6750#section-3.1");
-		assertThat(error.getHttpStatus()).isEqualTo(HttpStatus.UNAUTHORIZED);
+		assertThatExceptionOfType(OAuth2AuthenticationException.class).isThrownBy(() -> convertToToken(request))
+				.satisfies((ex) -> {
+					BearerTokenError error = (BearerTokenError) ex.getError();
+					assertThat(error.getErrorCode()).isEqualTo(BearerTokenErrorCodes.INVALID_TOKEN);
+					assertThat(error.getUri()).isEqualTo("https://tools.ietf.org/html/rfc6750#section-3.1");
+					assertThat(error.getHttpStatus()).isEqualTo(HttpStatus.UNAUTHORIZED);
+				});
 	}
 
 	@Test
@@ -112,16 +112,16 @@ public class ServerBearerTokenAuthenticationConverterTests {
 	public void resolveWhenHeaderWithMissingTokenIsPresentThenAuthenticationExceptionIsThrown() {
 		MockServerHttpRequest.BaseBuilder<?> request = MockServerHttpRequest.get("/").header(HttpHeaders.AUTHORIZATION,
 				"Bearer ");
-		assertThatCode(() -> convertToToken(request)).isInstanceOf(OAuth2AuthenticationException.class)
-				.hasMessageContaining(("Bearer token is malformed"));
+		assertThatExceptionOfType(OAuth2AuthenticationException.class).isThrownBy(() -> convertToToken(request))
+				.withMessageContaining(("Bearer token is malformed"));
 	}
 
 	@Test
 	public void resolveWhenHeaderWithInvalidCharactersIsPresentThenAuthenticationExceptionIsThrown() {
 		MockServerHttpRequest.BaseBuilder<?> request = MockServerHttpRequest.get("/").header(HttpHeaders.AUTHORIZATION,
 				"Bearer an\"invalid\"token");
-		assertThatCode(() -> convertToToken(request)).isInstanceOf(OAuth2AuthenticationException.class)
-				.hasMessageContaining(("Bearer token is malformed"));
+		assertThatExceptionOfType(OAuth2AuthenticationException.class).isThrownBy(() -> convertToToken(request))
+				.withMessageContaining(("Bearer token is malformed"));
 	}
 
 	// gh-8865
@@ -129,15 +129,15 @@ public class ServerBearerTokenAuthenticationConverterTests {
 	public void resolveWhenHeaderWithInvalidCharactersIsPresentAndNotSubscribedThenNoneExceptionIsThrown() {
 		MockServerHttpRequest.BaseBuilder<?> request = MockServerHttpRequest.get("/").header(HttpHeaders.AUTHORIZATION,
 				"Bearer an\"invalid\"token");
-		assertThatCode(() -> this.converter.convert(MockServerWebExchange.from(request))).doesNotThrowAnyException();
+		this.converter.convert(MockServerWebExchange.from(request));
 	}
 
 	@Test
 	public void resolveWhenValidHeaderIsPresentTogetherWithQueryParameterThenAuthenticationExceptionIsThrown() {
 		MockServerHttpRequest.BaseBuilder<?> request = MockServerHttpRequest.get("/")
 				.queryParam("access_token", TEST_TOKEN).header(HttpHeaders.AUTHORIZATION, "Bearer " + TEST_TOKEN);
-		assertThatCode(() -> convertToToken(request)).isInstanceOf(OAuth2AuthenticationException.class)
-				.hasMessageContaining("Found multiple bearer tokens in the request");
+		assertThatExceptionOfType(OAuth2AuthenticationException.class).isThrownBy(() -> convertToToken(request))
+				.withMessageContaining("Found multiple bearer tokens in the request");
 	}
 
 	@Test
@@ -153,12 +153,13 @@ public class ServerBearerTokenAuthenticationConverterTests {
 	public void resolveWhenQueryParameterIsEmptyAndSupportedThenOAuth2AuthenticationException() {
 		this.converter.setAllowUriQueryParameter(true);
 		MockServerHttpRequest.BaseBuilder<?> request = MockServerHttpRequest.get("/").queryParam("access_token", "");
-		OAuth2AuthenticationException expected = catchThrowableOfType(() -> convertToToken(request),
-				OAuth2AuthenticationException.class);
-		BearerTokenError error = (BearerTokenError) expected.getError();
-		assertThat(error.getErrorCode()).isEqualTo(BearerTokenErrorCodes.INVALID_TOKEN);
-		assertThat(error.getUri()).isEqualTo("https://tools.ietf.org/html/rfc6750#section-3.1");
-		assertThat(error.getHttpStatus()).isEqualTo(HttpStatus.UNAUTHORIZED);
+		assertThatExceptionOfType(OAuth2AuthenticationException.class).isThrownBy(() -> convertToToken(request))
+				.satisfies((ex) -> {
+					BearerTokenError error = (BearerTokenError) ex.getError();
+					assertThat(error.getErrorCode()).isEqualTo(BearerTokenErrorCodes.INVALID_TOKEN);
+					assertThat(error.getUri()).isEqualTo("https://tools.ietf.org/html/rfc6750#section-3.1");
+					assertThat(error.getHttpStatus()).isEqualTo(HttpStatus.UNAUTHORIZED);
+				});
 	}
 
 	@Test
diff --git a/rsocket/src/test/java/org/springframework/security/rsocket/authentication/AnonymousPayloadInterceptorTests.java b/rsocket/src/test/java/org/springframework/security/rsocket/authentication/AnonymousPayloadInterceptorTests.java
index d6a5dbe45d..67465ccc21 100644
--- a/rsocket/src/test/java/org/springframework/security/rsocket/authentication/AnonymousPayloadInterceptorTests.java
+++ b/rsocket/src/test/java/org/springframework/security/rsocket/authentication/AnonymousPayloadInterceptorTests.java
@@ -33,7 +33,7 @@ import org.springframework.security.core.context.ReactiveSecurityContextHolder;
 import org.springframework.security.rsocket.api.PayloadExchange;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatCode;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * @author Rob Winch
@@ -54,28 +54,28 @@ public class AnonymousPayloadInterceptorTests {
 	@Test
 	public void constructorKeyWhenKeyNullThenException() {
 		String key = null;
-		assertThatCode(() -> new AnonymousPayloadInterceptor(key)).isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> new AnonymousPayloadInterceptor(key));
 	}
 
 	@Test
 	public void constructorKeyPrincipalAuthoritiesWhenKeyNullThenException() {
 		String key = null;
-		assertThatCode(() -> new AnonymousPayloadInterceptor(key, "principal",
-				AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS"))).isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> new AnonymousPayloadInterceptor(key, "principal",
+				AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS")));
 	}
 
 	@Test
 	public void constructorKeyPrincipalAuthoritiesWhenPrincipalNullThenException() {
 		Object principal = null;
-		assertThatCode(() -> new AnonymousPayloadInterceptor("key", principal,
-				AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS"))).isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> new AnonymousPayloadInterceptor("key", principal,
+				AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS")));
 	}
 
 	@Test
 	public void constructorKeyPrincipalAuthoritiesWhenAuthoritiesNullThenException() {
 		List<GrantedAuthority> authorities = null;
-		assertThatCode(() -> new AnonymousPayloadInterceptor("key", "principal", authorities))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new AnonymousPayloadInterceptor("key", "principal", authorities));
 	}
 
 	@Test
diff --git a/rsocket/src/test/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadInterceptorTests.java b/rsocket/src/test/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadInterceptorTests.java
index 684b3442be..474d6afe49 100644
--- a/rsocket/src/test/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadInterceptorTests.java
+++ b/rsocket/src/test/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadInterceptorTests.java
@@ -53,7 +53,7 @@ import org.springframework.util.MimeType;
 import org.springframework.util.MimeTypeUtils;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatCode;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
@@ -76,7 +76,7 @@ public class AuthenticationPayloadInterceptorTests {
 
 	@Test
 	public void constructorWhenAuthenticationManagerNullThenException() {
-		assertThatCode(() -> new AuthenticationPayloadInterceptor(null)).isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> new AuthenticationPayloadInterceptor(null));
 	}
 
 	@Test
diff --git a/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadInterceptorRSocketTests.java b/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadInterceptorRSocketTests.java
index bae021271c..3a153b8c61 100644
--- a/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadInterceptorRSocketTests.java
+++ b/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadInterceptorRSocketTests.java
@@ -51,7 +51,8 @@ import org.springframework.util.MimeType;
 import org.springframework.util.MimeTypeUtils;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatCode;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.BDDMockito.given;
@@ -94,22 +95,22 @@ public class PayloadInterceptorRSocketTests {
 	public void constructorWhenNullDelegateThenException() {
 		this.delegate = null;
 		List<PayloadInterceptor> interceptors = Arrays.asList(this.interceptor);
-		assertThatCode(() -> new PayloadInterceptorRSocket(this.delegate, interceptors, this.metadataMimeType,
-				this.dataMimeType)).isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> new PayloadInterceptorRSocket(this.delegate, interceptors,
+				this.metadataMimeType, this.dataMimeType));
 	}
 
 	@Test
 	public void constructorWhenNullInterceptorsThenException() {
 		List<PayloadInterceptor> interceptors = null;
-		assertThatCode(() -> new PayloadInterceptorRSocket(this.delegate, interceptors, this.metadataMimeType,
-				this.dataMimeType)).isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> new PayloadInterceptorRSocket(this.delegate, interceptors,
+				this.metadataMimeType, this.dataMimeType));
 	}
 
 	@Test
 	public void constructorWhenEmptyInterceptorsThenException() {
 		List<PayloadInterceptor> interceptors = Collections.emptyList();
-		assertThatCode(() -> new PayloadInterceptorRSocket(this.delegate, interceptors, this.metadataMimeType,
-				this.dataMimeType)).isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> new PayloadInterceptorRSocket(this.delegate, interceptors,
+				this.metadataMimeType, this.dataMimeType));
 	}
 
 	// single interceptor
@@ -177,7 +178,8 @@ public class PayloadInterceptorRSocketTests {
 		given(this.interceptor.intercept(any(), any())).willReturn(Mono.error(expected));
 		PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(this.delegate,
 				Arrays.asList(this.interceptor), this.metadataMimeType, this.dataMimeType);
-		assertThatCode(() -> interceptor.requestResponse(this.payload).block()).isEqualTo(expected);
+		assertThatExceptionOfType(RuntimeException.class)
+				.isThrownBy(() -> interceptor.requestResponse(this.payload).block()).isEqualTo(expected);
 		verify(this.interceptor).intercept(this.exchange.capture(), any());
 		assertThat(this.exchange.getValue().getPayload()).isEqualTo(this.payload);
 		verifyZeroInteractions(this.delegate);
@@ -376,7 +378,8 @@ public class PayloadInterceptorRSocketTests {
 		given(this.interceptor.intercept(any(), any())).willReturn(Mono.error(expected));
 		PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(this.delegate,
 				Arrays.asList(this.interceptor, this.interceptor2), this.metadataMimeType, this.dataMimeType);
-		assertThatCode(() -> interceptor.fireAndForget(this.payload).block()).isEqualTo(expected);
+		assertThatExceptionOfType(RuntimeException.class)
+				.isThrownBy(() -> interceptor.fireAndForget(this.payload).block()).isEqualTo(expected);
 		verify(this.interceptor).intercept(this.exchange.capture(), any());
 		assertThat(this.exchange.getValue().getPayload()).isEqualTo(this.payload);
 		verifyZeroInteractions(this.interceptor2);
@@ -390,7 +393,8 @@ public class PayloadInterceptorRSocketTests {
 		given(this.interceptor2.intercept(any(), any())).willReturn(Mono.error(expected));
 		PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(this.delegate,
 				Arrays.asList(this.interceptor, this.interceptor2), this.metadataMimeType, this.dataMimeType);
-		assertThatCode(() -> interceptor.fireAndForget(this.payload).block()).isEqualTo(expected);
+		assertThatExceptionOfType(RuntimeException.class)
+				.isThrownBy(() -> interceptor.fireAndForget(this.payload).block()).isEqualTo(expected);
 		verify(this.interceptor).intercept(this.exchange.capture(), any());
 		assertThat(this.exchange.getValue().getPayload()).isEqualTo(this.payload);
 		verify(this.interceptor2).intercept(any(), any());
diff --git a/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadSocketAcceptorTests.java b/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadSocketAcceptorTests.java
index 13a2e87b02..4c3722a1e9 100644
--- a/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadSocketAcceptorTests.java
+++ b/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadSocketAcceptorTests.java
@@ -43,7 +43,7 @@ import org.springframework.security.rsocket.api.PayloadExchange;
 import org.springframework.security.rsocket.api.PayloadInterceptor;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatCode;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.times;
@@ -83,25 +83,28 @@ public class PayloadSocketAcceptorTests {
 	@Test
 	public void constructorWhenNullDelegateThenException() {
 		this.delegate = null;
-		assertThatCode(() -> new PayloadSocketAcceptor(this.delegate, this.interceptors));
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new PayloadSocketAcceptor(this.delegate, this.interceptors));
 	}
 
 	@Test
 	public void constructorWhenNullInterceptorsThenException() {
 		this.interceptors = null;
-		assertThatCode(() -> new PayloadSocketAcceptor(this.delegate, this.interceptors));
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new PayloadSocketAcceptor(this.delegate, this.interceptors));
 	}
 
 	@Test
 	public void constructorWhenEmptyInterceptorsThenException() {
 		this.interceptors = Collections.emptyList();
-		assertThatCode(() -> new PayloadSocketAcceptor(this.delegate, this.interceptors));
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new PayloadSocketAcceptor(this.delegate, this.interceptors));
 	}
 
 	@Test
 	public void acceptWhenDataMimeTypeNullThenException() {
-		assertThatCode(() -> this.acceptor.accept(this.setupPayload, this.rSocket).block())
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.acceptor.accept(this.setupPayload, this.rSocket).block());
 	}
 
 	@Test
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/core/OpenSamlInitializationServiceTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/core/OpenSamlInitializationServiceTests.java
index 85bb9bbb48..7e7cb5a0d1 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/core/OpenSamlInitializationServiceTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/core/OpenSamlInitializationServiceTests.java
@@ -23,7 +23,7 @@ import org.opensaml.core.xml.config.XMLObjectProviderRegistry;
 import org.springframework.security.saml2.Saml2Exception;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatCode;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 
 /**
  * Tests for {@link OpenSamlInitializationService}
@@ -37,8 +37,9 @@ public class OpenSamlInitializationServiceTests {
 		OpenSamlInitializationService.initialize();
 		XMLObjectProviderRegistry registry = ConfigurationService.get(XMLObjectProviderRegistry.class);
 		assertThat(registry.getParserPool()).isNotNull();
-		assertThatCode(() -> OpenSamlInitializationService.requireInitialize((r) -> {
-		})).isInstanceOf(Saml2Exception.class).hasMessageContaining("OpenSAML was already initialized previously");
+		assertThatExceptionOfType(Saml2Exception.class)
+				.isThrownBy(() -> OpenSamlInitializationService.requireInitialize((r) -> {
+				})).withMessageContaining("OpenSAML was already initialized previously");
 	}
 
 }
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/DefaultSaml2AuthenticatedPrincipalTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/DefaultSaml2AuthenticatedPrincipalTests.java
index 8cd0297599..c91651ef24 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/DefaultSaml2AuthenticatedPrincipalTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/DefaultSaml2AuthenticatedPrincipalTests.java
@@ -26,7 +26,7 @@ import org.joda.time.DateTime;
 import org.junit.Test;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatCode;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 public class DefaultSaml2AuthenticatedPrincipalTests {
 
@@ -43,14 +43,14 @@ public class DefaultSaml2AuthenticatedPrincipalTests {
 	public void createDefaultSaml2AuthenticatedPrincipalWhenNameNullThenException() {
 		Map<String, List<Object>> attributes = new LinkedHashMap<>();
 		attributes.put("email", Arrays.asList("john.doe@example.com", "doe.john@example.com"));
-		assertThatCode(() -> new DefaultSaml2AuthenticatedPrincipal(null, attributes))
-				.isInstanceOf(IllegalArgumentException.class).hasMessageContaining("name cannot be null");
+		assertThatIllegalArgumentException().isThrownBy(() -> new DefaultSaml2AuthenticatedPrincipal(null, attributes))
+				.withMessageContaining("name cannot be null");
 	}
 
 	@Test
 	public void createDefaultSaml2AuthenticatedPrincipalWhenAttributesNullThenException() {
-		assertThatCode(() -> new DefaultSaml2AuthenticatedPrincipal("user", null))
-				.isInstanceOf(IllegalArgumentException.class).hasMessageContaining("attributes cannot be null");
+		assertThatIllegalArgumentException().isThrownBy(() -> new DefaultSaml2AuthenticatedPrincipal("user", null))
+				.withMessageContaining("attributes cannot be null");
 	}
 
 	@Test
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProviderTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProviderTests.java
index a0095ca7a9..6669b6af47 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProviderTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProviderTests.java
@@ -69,7 +69,7 @@ import org.springframework.security.saml2.credentials.TestSaml2X509Credentials;
 import org.springframework.util.StringUtils;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatCode;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.atLeastOnce;
@@ -397,16 +397,14 @@ public class OpenSamlAuthenticationProviderTests {
 
 	@Test
 	public void setValidationContextConverterWhenNullThenIllegalArgument() {
-		assertThatCode(() -> this.provider.setValidationContextConverter(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.provider.setValidationContextConverter(null));
 	}
 
 	@Test
 	public void setConditionValidatorsWhenNullOrEmptyThenIllegalArgument() {
-		assertThatCode(() -> this.provider.setConditionValidators(null)).isInstanceOf(IllegalArgumentException.class);
-
-		assertThatCode(() -> this.provider.setConditionValidators(Collections.emptyList()))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.provider.setConditionValidators(null));
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.provider.setConditionValidators(Collections.emptyList()));
 	}
 
 	private <T extends XMLObject> T build(QName qName) {
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationRequestFactoryTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationRequestFactoryTests.java
index 7884be64e3..f3fe17c471 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationRequestFactoryTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationRequestFactoryTests.java
@@ -39,7 +39,7 @@ import org.springframework.security.saml2.provider.service.registration.RelyingP
 import org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatCode;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.hamcrest.CoreMatchers.containsString;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
@@ -189,8 +189,7 @@ public class OpenSamlAuthenticationRequestFactoryTests {
 
 	@Test
 	public void setAuthnRequestConsumerResolverWhenNullThenException() {
-		assertThatCode(() -> this.factory.setAuthnRequestConsumerResolver(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.factory.setAuthnRequestConsumerResolver(null));
 	}
 
 	@Test
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverterTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverterTests.java
index c0c1051882..30ce7e3261 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverterTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverterTests.java
@@ -30,7 +30,7 @@ import org.springframework.mock.http.client.MockClientHttpResponse;
 import org.springframework.security.saml2.Saml2Exception;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatCode;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 
 public class OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverterTests {
 
@@ -63,17 +63,18 @@ public class OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverterTests {
 	public void readWhenMissingIDPSSODescriptorThenException() {
 		MockClientHttpResponse response = new MockClientHttpResponse(
 				(String.format(ENTITY_DESCRIPTOR_TEMPLATE, "")).getBytes(), HttpStatus.OK);
-		assertThatCode(() -> this.converter.read(RelyingPartyRegistration.Builder.class, response))
-				.isInstanceOf(Saml2Exception.class)
-				.hasMessageContaining("Metadata response is missing the necessary IDPSSODescriptor element");
+		assertThatExceptionOfType(Saml2Exception.class)
+				.isThrownBy(() -> this.converter.read(RelyingPartyRegistration.Builder.class, response))
+				.withMessageContaining("Metadata response is missing the necessary IDPSSODescriptor element");
 	}
 
 	@Test
 	public void readWhenMissingVerificationKeyThenException() {
 		String payload = String.format(ENTITY_DESCRIPTOR_TEMPLATE, String.format(IDP_SSO_DESCRIPTOR_TEMPLATE, ""));
 		MockClientHttpResponse response = new MockClientHttpResponse(payload.getBytes(), HttpStatus.OK);
-		assertThatCode(() -> this.converter.read(RelyingPartyRegistration.Builder.class, response))
-				.isInstanceOf(Saml2Exception.class).hasMessageContaining(
+		assertThatExceptionOfType(Saml2Exception.class)
+				.isThrownBy(() -> this.converter.read(RelyingPartyRegistration.Builder.class, response))
+				.withMessageContaining(
 						"Metadata response is missing verification certificates, necessary for verifying SAML assertions");
 	}
 
@@ -82,8 +83,9 @@ public class OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverterTests {
 		String payload = String.format(ENTITY_DESCRIPTOR_TEMPLATE,
 				String.format(IDP_SSO_DESCRIPTOR_TEMPLATE, String.format(KEY_DESCRIPTOR_TEMPLATE, "use=\"signing\"")));
 		MockClientHttpResponse response = new MockClientHttpResponse(payload.getBytes(), HttpStatus.OK);
-		assertThatCode(() -> this.converter.read(RelyingPartyRegistration.Builder.class, response))
-				.isInstanceOf(Saml2Exception.class).hasMessageContaining(
+		assertThatExceptionOfType(Saml2Exception.class)
+				.isThrownBy(() -> this.converter.read(RelyingPartyRegistration.Builder.class, response))
+				.withMessageContaining(
 						"Metadata response is missing a SingleSignOnService, necessary for sending AuthnRequests");
 	}
 
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistrationsTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistrationsTests.java
index 52c08c80ae..3c64c8e653 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistrationsTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistrationsTests.java
@@ -23,7 +23,7 @@ import org.junit.Test;
 import org.springframework.security.saml2.Saml2Exception;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatCode;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 
 /**
  * Tests for {@link RelyingPartyRegistration}
@@ -106,8 +106,8 @@ public class RelyingPartyRegistrationsTests {
 			server.enqueue(new MockResponse().setBody(IDP_SSO_DESCRIPTOR_PAYLOAD).setResponseCode(200));
 			String url = server.url("/").toString();
 			server.shutdown();
-			assertThatCode(() -> RelyingPartyRegistrations.fromMetadataLocation(url))
-					.isInstanceOf(Saml2Exception.class);
+			assertThatExceptionOfType(Saml2Exception.class)
+					.isThrownBy(() -> RelyingPartyRegistrations.fromMetadataLocation(url));
 		}
 	}
 
@@ -116,8 +116,8 @@ public class RelyingPartyRegistrationsTests {
 		try (MockWebServer server = new MockWebServer()) {
 			server.enqueue(new MockResponse().setBody("malformed").setResponseCode(200));
 			String url = server.url("/").toString();
-			assertThatCode(() -> RelyingPartyRegistrations.fromMetadataLocation(url))
-					.isInstanceOf(Saml2Exception.class);
+			assertThatExceptionOfType(Saml2Exception.class)
+					.isThrownBy(() -> RelyingPartyRegistrations.fromMetadataLocation(url));
 		}
 	}
 
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationRequestFilterTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationRequestFilterTests.java
index a5eac420d2..6079de5bcb 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationRequestFilterTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationRequestFilterTests.java
@@ -39,7 +39,7 @@ import org.springframework.web.util.HtmlUtils;
 import org.springframework.web.util.UriUtils;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatCode;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
@@ -185,13 +185,13 @@ public class Saml2WebSsoAuthenticationRequestFilterTests {
 	@Test
 	public void setRequestMatcherWhenNullThenException() {
 		Saml2WebSsoAuthenticationRequestFilter filter = new Saml2WebSsoAuthenticationRequestFilter(this.repository);
-		assertThatCode(() -> filter.setRedirectMatcher(null)).isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> filter.setRedirectMatcher(null));
 	}
 
 	@Test
 	public void setAuthenticationRequestFactoryWhenNullThenException() {
 		Saml2WebSsoAuthenticationRequestFilter filter = new Saml2WebSsoAuthenticationRequestFilter(this.repository);
-		assertThatCode(() -> filter.setAuthenticationRequestFactory(null)).isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> filter.setAuthenticationRequestFactory(null));
 	}
 
 	@Test
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/DefaultRelyingPartyRegistrationResolverTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/DefaultRelyingPartyRegistrationResolverTests.java
index 9f916f5974..41418978c4 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/DefaultRelyingPartyRegistrationResolverTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/DefaultRelyingPartyRegistrationResolverTests.java
@@ -25,7 +25,7 @@ import org.springframework.security.saml2.provider.service.registration.RelyingP
 import org.springframework.security.saml2.provider.service.registration.TestRelyingPartyRegistrations;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatCode;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * Tests for {@link DefaultRelyingPartyRegistrationResolver}
@@ -71,8 +71,7 @@ public class DefaultRelyingPartyRegistrationResolverTests {
 
 	@Test
 	public void constructorWhenNullRelyingPartyRegistrationThenIllegalArgument() {
-		assertThatCode(() -> new DefaultRelyingPartyRegistrationResolver(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> new DefaultRelyingPartyRegistrationResolver(null));
 	}
 
 }
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/DefaultSaml2AuthenticationRequestContextResolverTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/DefaultSaml2AuthenticationRequestContextResolverTests.java
index f39b50ff4e..1905a0db3b 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/DefaultSaml2AuthenticationRequestContextResolverTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/DefaultSaml2AuthenticationRequestContextResolverTests.java
@@ -25,7 +25,7 @@ import org.springframework.security.saml2.provider.service.authentication.Saml2A
 import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatCode;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * Tests for {@link DefaultSaml2AuthenticationRequestContextResolver}
@@ -94,8 +94,7 @@ public class DefaultSaml2AuthenticationRequestContextResolverTests {
 
 	@Test
 	public void resolveWhenRelyingPartyNullThenException() {
-		assertThatCode(() -> this.authenticationRequestContextResolver.resolve(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.authenticationRequestContextResolver.resolve(null));
 	}
 
 }
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationTokenConverterTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationTokenConverterTests.java
index a3a969b2f7..91038de6ae 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationTokenConverterTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationTokenConverterTests.java
@@ -37,7 +37,7 @@ import org.springframework.util.StreamUtils;
 import org.springframework.web.util.UriUtils;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatCode;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.BDDMockito.given;
 
@@ -102,7 +102,7 @@ public class Saml2AuthenticationTokenConverterTests {
 
 	@Test
 	public void constructorWhenResolverIsNullThenIllegalArgument() {
-		assertThatCode(() -> new Saml2AuthenticationTokenConverter(null)).isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> new Saml2AuthenticationTokenConverter(null));
 	}
 
 	@Test
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilterTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilterTests.java
index 602e3dba48..12e024a3a1 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilterTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilterTests.java
@@ -31,7 +31,7 @@ import org.springframework.security.saml2.provider.service.registration.TestRely
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatCode;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
@@ -117,7 +117,7 @@ public class Saml2MetadataFilterTests {
 
 	@Test
 	public void setRequestMatcherWhenNullThenIllegalArgument() {
-		assertThatCode(() -> this.filter.setRequestMatcher(null)).isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.filter.setRequestMatcher(null));
 	}
 
 }
diff --git a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersOAuth2ClientTests.java b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersOAuth2ClientTests.java
index 902ea2a0fa..8990a7101e 100644
--- a/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersOAuth2ClientTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersOAuth2ClientTests.java
@@ -44,7 +44,7 @@ import org.springframework.web.server.ServerWebExchange;
 import org.springframework.web.server.adapter.WebHttpHandlerBuilder;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatCode;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.BDDMockito.given;
@@ -76,8 +76,9 @@ public class SecurityMockServerConfigurersOAuth2ClientTests extends AbstractMock
 	@Test
 	public void oauth2ClientWhenUsingDefaultsThenException() throws Exception {
 		WebHttpHandlerBuilder builder = WebHttpHandlerBuilder.webHandler(new DispatcherHandler());
-		assertThatCode(() -> SecurityMockServerConfigurers.mockOAuth2Client().beforeServerCreated(builder))
-				.isInstanceOf(IllegalArgumentException.class).hasMessageContaining("ClientRegistration");
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> SecurityMockServerConfigurers.mockOAuth2Client().beforeServerCreated(builder))
+				.withMessageContaining("ClientRegistration");
 	}
 
 	@Test
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOAuth2ClientTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOAuth2ClientTests.java
index 3483c3105c..ce6557f374 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOAuth2ClientTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOAuth2ClientTests.java
@@ -49,7 +49,7 @@ import org.springframework.web.bind.annotation.RestController;
 import org.springframework.web.context.WebApplicationContext;
 import org.springframework.web.servlet.config.annotation.EnableWebMvc;
 
-import static org.assertj.core.api.Assertions.assertThatCode;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.BDDMockito.given;
@@ -93,8 +93,9 @@ public class SecurityMockMvcRequestPostProcessorsOAuth2ClientTests {
 
 	@Test
 	public void oauth2ClientWhenUsingDefaultsThenException() throws Exception {
-		assertThatCode(() -> oauth2Client().postProcessRequest(new MockHttpServletRequest()))
-				.isInstanceOf(IllegalArgumentException.class).hasMessageContaining("ClientRegistration");
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> oauth2Client().postProcessRequest(new MockHttpServletRequest()))
+				.withMessageContaining("ClientRegistration");
 	}
 
 	@Test
diff --git a/web/src/test/java/org/springframework/security/web/access/ExceptionTranslationFilterTests.java b/web/src/test/java/org/springframework/security/web/access/ExceptionTranslationFilterTests.java
index 62a9a127ff..29fa3d9447 100644
--- a/web/src/test/java/org/springframework/security/web/access/ExceptionTranslationFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/ExceptionTranslationFilterTests.java
@@ -47,7 +47,7 @@ import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
 import org.springframework.security.web.savedrequest.SavedRequest;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.assertj.core.api.Assertions.fail;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.BDDMockito.willThrow;
@@ -282,8 +282,8 @@ public class ExceptionTranslationFilterTests {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		ExceptionTranslationFilter filter = new ExceptionTranslationFilter(this.mockEntryPoint);
-		assertThatThrownBy(() -> filter.doFilter(request, response, chain)).isInstanceOf(ServletException.class)
-				.hasCauseInstanceOf(AccessDeniedException.class);
+		assertThatExceptionOfType(ServletException.class).isThrownBy(() -> filter.doFilter(request, response, chain))
+				.withCauseInstanceOf(AccessDeniedException.class);
 		verifyZeroInteractions(this.mockEntryPoint);
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/access/intercept/RequestKeyTests.java b/web/src/test/java/org/springframework/security/web/access/intercept/RequestKeyTests.java
index 37211f6fa2..a311caa459 100644
--- a/web/src/test/java/org/springframework/security/web/access/intercept/RequestKeyTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/intercept/RequestKeyTests.java
@@ -19,7 +19,7 @@ package org.springframework.security.web.access.intercept;
 import org.junit.Test;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * @author Luke Taylor
@@ -64,8 +64,8 @@ public class RequestKeyTests {
 	 */
 	@Test
 	public void keysWithNullUrlFailsAssertion() {
-		assertThatThrownBy(() -> new RequestKey(null, null)).isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("url cannot be null");
+		assertThatIllegalArgumentException().isThrownBy(() -> new RequestKey(null, null))
+				.withMessage("url cannot be null");
 	}
 
 }
diff --git a/web/src/test/java/org/springframework/security/web/authentication/switchuser/SwitchUserGrantedAuthorityTests.java b/web/src/test/java/org/springframework/security/web/authentication/switchuser/SwitchUserGrantedAuthorityTests.java
index 0ccd0937cb..b1e5752b09 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/switchuser/SwitchUserGrantedAuthorityTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/switchuser/SwitchUserGrantedAuthorityTests.java
@@ -18,7 +18,7 @@ package org.springframework.security.web.authentication.switchuser;
 
 import org.junit.Test;
 
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * @author Clement Ng
@@ -26,20 +26,16 @@ import static org.assertj.core.api.Assertions.assertThatThrownBy;
  */
 public class SwitchUserGrantedAuthorityTests {
 
-	/**
-	 */
 	@Test
 	public void authorityWithNullRoleFailsAssertion() {
-		assertThatThrownBy(() -> new SwitchUserGrantedAuthority(null, null))
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("role cannot be null");
+		assertThatIllegalArgumentException().isThrownBy(() -> new SwitchUserGrantedAuthority(null, null))
+				.withMessage("role cannot be null");
 	}
 
-	/**
-	 */
 	@Test
 	public void authorityWithNullSourceFailsAssertion() {
-		assertThatThrownBy(() -> new SwitchUserGrantedAuthority("role", null))
-				.isInstanceOf(IllegalArgumentException.class).hasMessage("source cannot be null");
+		assertThatIllegalArgumentException().isThrownBy(() -> new SwitchUserGrantedAuthority("role", null))
+				.withMessage("source cannot be null");
 	}
 
 }
diff --git a/web/src/test/java/org/springframework/security/web/context/AbstractSecurityWebApplicationInitializerTests.java b/web/src/test/java/org/springframework/security/web/context/AbstractSecurityWebApplicationInitializerTests.java
index 93a753af16..7d82c0b7c7 100644
--- a/web/src/test/java/org/springframework/security/web/context/AbstractSecurityWebApplicationInitializerTests.java
+++ b/web/src/test/java/org/springframework/security/web/context/AbstractSecurityWebApplicationInitializerTests.java
@@ -37,7 +37,8 @@ import org.springframework.web.context.ContextLoaderListener;
 import org.springframework.web.filter.DelegatingFilterProxy;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatCode;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
+import static org.assertj.core.api.Assertions.assertThatIllegalStateException;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyString;
 import static org.mockito.ArgumentMatchers.eq;
@@ -145,10 +146,9 @@ public class AbstractSecurityWebApplicationInitializerTests {
 	@Test
 	public void onStartupWhenSpringSecurityFilterChainAlreadyRegisteredThenException() {
 		ServletContext context = mock(ServletContext.class);
-		assertThatCode(() -> new AbstractSecurityWebApplicationInitializer() {
-		}.onStartup(context)).isInstanceOf(IllegalStateException.class)
-				.hasMessage("Duplicate Filter registration for 'springSecurityFilterChain'. "
-						+ "Check to ensure the Filter is only configured once.");
+		assertThatIllegalStateException().isThrownBy(() -> new AbstractSecurityWebApplicationInitializer() {
+		}.onStartup(context)).withMessage("Duplicate Filter registration for 'springSecurityFilterChain'. "
+				+ "Check to ensure the Filter is only configured once.");
 	}
 
 	@Test
@@ -182,13 +182,15 @@ public class AbstractSecurityWebApplicationInitializerTests {
 		FilterRegistration.Dynamic registration = mock(FilterRegistration.Dynamic.class);
 		ArgumentCaptor<DelegatingFilterProxy> proxyCaptor = ArgumentCaptor.forClass(DelegatingFilterProxy.class);
 		given(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).willReturn(registration);
-		assertThatCode(() -> new AbstractSecurityWebApplicationInitializer() {
+		assertThatIllegalStateException().isThrownBy(() -> new AbstractSecurityWebApplicationInitializer() {
+
 			@Override
 			protected void afterSpringSecurityFilterChain(ServletContext servletContext) {
 				insertFilters(context, filter1);
 			}
-		}.onStartup(context)).isInstanceOf(IllegalStateException.class).hasMessage(
-				"Duplicate Filter registration for 'object'. " + "Check to ensure the Filter is only configured once.");
+
+		}.onStartup(context)).withMessage(
+				"Duplicate Filter registration for 'object'. Check to ensure the Filter is only configured once.");
 		assertProxyDefaults(proxyCaptor.getValue());
 		verify(registration).addMappingForUrlPatterns(DEFAULT_DISPATCH, false, "/*");
 		verify(context).addFilter(anyString(), eq(filter1));
@@ -200,13 +202,14 @@ public class AbstractSecurityWebApplicationInitializerTests {
 		FilterRegistration.Dynamic registration = mock(FilterRegistration.Dynamic.class);
 		ArgumentCaptor<DelegatingFilterProxy> proxyCaptor = ArgumentCaptor.forClass(DelegatingFilterProxy.class);
 		given(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).willReturn(registration);
-		assertThatCode(() -> new AbstractSecurityWebApplicationInitializer() {
+		assertThatIllegalArgumentException().isThrownBy(() -> new AbstractSecurityWebApplicationInitializer() {
+
 			@Override
 			protected void afterSpringSecurityFilterChain(ServletContext servletContext) {
 				insertFilters(context);
 			}
-		}.onStartup(context)).isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("filters cannot be null or empty");
+
+		}.onStartup(context)).withMessage("filters cannot be null or empty");
 		assertProxyDefaults(proxyCaptor.getValue());
 	}
 
@@ -218,13 +221,14 @@ public class AbstractSecurityWebApplicationInitializerTests {
 		ArgumentCaptor<DelegatingFilterProxy> proxyCaptor = ArgumentCaptor.forClass(DelegatingFilterProxy.class);
 		given(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).willReturn(registration);
 		given(context.addFilter(anyString(), eq(filter))).willReturn(registration);
-		assertThatCode(() -> new AbstractSecurityWebApplicationInitializer() {
+		assertThatIllegalArgumentException().isThrownBy(() -> new AbstractSecurityWebApplicationInitializer() {
+
 			@Override
 			protected void afterSpringSecurityFilterChain(ServletContext servletContext) {
 				insertFilters(context, filter, null);
 			}
-		}.onStartup(context)).isInstanceOf(IllegalArgumentException.class)
-				.hasMessageContaining("filters cannot contain null values");
+
+		}.onStartup(context)).withMessageContaining("filters cannot contain null values");
 		verify(context, times(2)).addFilter(anyString(), any(Filter.class));
 	}
 
@@ -258,12 +262,14 @@ public class AbstractSecurityWebApplicationInitializerTests {
 		FilterRegistration.Dynamic registration = mock(FilterRegistration.Dynamic.class);
 		ArgumentCaptor<DelegatingFilterProxy> proxyCaptor = ArgumentCaptor.forClass(DelegatingFilterProxy.class);
 		given(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).willReturn(registration);
-		assertThatCode(() -> new AbstractSecurityWebApplicationInitializer() {
+		assertThatIllegalStateException().isThrownBy(() -> new AbstractSecurityWebApplicationInitializer() {
+
 			@Override
 			protected void afterSpringSecurityFilterChain(ServletContext servletContext) {
 				appendFilters(context, filter1);
 			}
-		}.onStartup(context)).isInstanceOf(IllegalStateException.class).hasMessage(
+
+		}.onStartup(context)).withMessage(
 				"Duplicate Filter registration for 'object'. " + "Check to ensure the Filter is only configured once.");
 		assertProxyDefaults(proxyCaptor.getValue());
 		verify(registration).addMappingForUrlPatterns(DEFAULT_DISPATCH, false, "/*");
@@ -276,13 +282,14 @@ public class AbstractSecurityWebApplicationInitializerTests {
 		FilterRegistration.Dynamic registration = mock(FilterRegistration.Dynamic.class);
 		ArgumentCaptor<DelegatingFilterProxy> proxyCaptor = ArgumentCaptor.forClass(DelegatingFilterProxy.class);
 		given(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).willReturn(registration);
-		assertThatCode(() -> new AbstractSecurityWebApplicationInitializer() {
+		assertThatIllegalArgumentException().isThrownBy(() -> new AbstractSecurityWebApplicationInitializer() {
+
 			@Override
 			protected void afterSpringSecurityFilterChain(ServletContext servletContext) {
 				appendFilters(context);
 			}
-		}.onStartup(context)).isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("filters cannot be null or empty");
+
+		}.onStartup(context)).withMessage("filters cannot be null or empty");
 		assertProxyDefaults(proxyCaptor.getValue());
 	}
 
@@ -294,13 +301,14 @@ public class AbstractSecurityWebApplicationInitializerTests {
 		ArgumentCaptor<DelegatingFilterProxy> proxyCaptor = ArgumentCaptor.forClass(DelegatingFilterProxy.class);
 		given(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).willReturn(registration);
 		given(context.addFilter(anyString(), eq(filter))).willReturn(registration);
-		assertThatCode(() -> new AbstractSecurityWebApplicationInitializer() {
+		assertThatIllegalArgumentException().isThrownBy(() -> new AbstractSecurityWebApplicationInitializer() {
+
 			@Override
 			protected void afterSpringSecurityFilterChain(ServletContext servletContext) {
 				appendFilters(context, filter, null);
 			}
-		}.onStartup(context)).isInstanceOf(IllegalArgumentException.class)
-				.hasMessageContaining("filters cannot contain null values");
+
+		}.onStartup(context)).withMessageContaining("filters cannot contain null values");
 		verify(context, times(2)).addFilter(anyString(), any(Filter.class));
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/firewall/StrictHttpFirewallTests.java b/web/src/test/java/org/springframework/security/web/firewall/StrictHttpFirewallTests.java
index a09c7a9e2e..eb38bdabd2 100644
--- a/web/src/test/java/org/springframework/security/web/firewall/StrictHttpFirewallTests.java
+++ b/web/src/test/java/org/springframework/security/web/firewall/StrictHttpFirewallTests.java
@@ -26,8 +26,7 @@ import org.junit.Test;
 import org.springframework.http.HttpMethod;
 import org.springframework.mock.web.MockHttpServletRequest;
 
-import static org.assertj.core.api.Assertions.assertThatCode;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.assertj.core.api.Assertions.fail;
 
 /**
@@ -46,32 +45,32 @@ public class StrictHttpFirewallTests {
 	@Test
 	public void getFirewalledRequestWhenInvalidMethodThenThrowsRequestRejectedException() {
 		this.request.setMethod("INVALID");
-		assertThatThrownBy(() -> this.firewall.getFirewalledRequest(this.request))
-				.isInstanceOf(RequestRejectedException.class);
+		assertThatExceptionOfType(RequestRejectedException.class)
+				.isThrownBy(() -> this.firewall.getFirewalledRequest(this.request));
 	}
 
 	// blocks XST attacks
 	@Test
 	public void getFirewalledRequestWhenTraceMethodThenThrowsRequestRejectedException() {
 		this.request.setMethod(HttpMethod.TRACE.name());
-		assertThatThrownBy(() -> this.firewall.getFirewalledRequest(this.request))
-				.isInstanceOf(RequestRejectedException.class);
+		assertThatExceptionOfType(RequestRejectedException.class)
+				.isThrownBy(() -> this.firewall.getFirewalledRequest(this.request));
 	}
 
 	@Test
 	// blocks XST attack if request is forwarded to a Microsoft IIS web server
 	public void getFirewalledRequestWhenTrackMethodThenThrowsRequestRejectedException() {
 		this.request.setMethod("TRACK");
-		assertThatThrownBy(() -> this.firewall.getFirewalledRequest(this.request))
-				.isInstanceOf(RequestRejectedException.class);
+		assertThatExceptionOfType(RequestRejectedException.class)
+				.isThrownBy(() -> this.firewall.getFirewalledRequest(this.request));
 	}
 
 	@Test
 	// HTTP methods are case sensitive
 	public void getFirewalledRequestWhenLowercaseGetThenThrowsRequestRejectedException() {
 		this.request.setMethod("get");
-		assertThatThrownBy(() -> this.firewall.getFirewalledRequest(this.request))
-				.isInstanceOf(RequestRejectedException.class);
+		assertThatExceptionOfType(RequestRejectedException.class)
+				.isThrownBy(() -> this.firewall.getFirewalledRequest(this.request));
 	}
 
 	@Test
@@ -79,7 +78,7 @@ public class StrictHttpFirewallTests {
 		List<String> allowedMethods = Arrays.asList("DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT");
 		for (String allowedMethod : allowedMethods) {
 			this.request = new MockHttpServletRequest(allowedMethod, "");
-			assertThatCode(() -> this.firewall.getFirewalledRequest(this.request)).doesNotThrowAnyException();
+			this.firewall.getFirewalledRequest(this.request);
 		}
 	}
 
@@ -87,7 +86,7 @@ public class StrictHttpFirewallTests {
 	public void getFirewalledRequestWhenInvalidMethodAndAnyMethodThenNoException() {
 		this.firewall.setUnsafeAllowAnyHttpMethod(true);
 		this.request.setMethod("INVALID");
-		assertThatCode(() -> this.firewall.getFirewalledRequest(this.request)).doesNotThrowAnyException();
+		this.firewall.getFirewalledRequest(this.request);
 	}
 
 	@Test
@@ -419,7 +418,7 @@ public class StrictHttpFirewallTests {
 		request.setContextPath("/context-root");
 		request.setServletPath("");
 		request.setPathInfo("/a/b//c");
-		assertThatCode(() -> this.firewall.getFirewalledRequest(request)).doesNotThrowAnyException();
+		this.firewall.getFirewalledRequest(request);
 	}
 
 	@Test
@@ -431,7 +430,7 @@ public class StrictHttpFirewallTests {
 		request.setContextPath("/context-root");
 		request.setServletPath("");
 		request.setPathInfo("/a/b//c");
-		assertThatCode(() -> this.firewall.getFirewalledRequest(request)).doesNotThrowAnyException();
+		this.firewall.getFirewalledRequest(request);
 	}
 
 	@Test
@@ -443,7 +442,7 @@ public class StrictHttpFirewallTests {
 		request.setContextPath("/context-root");
 		request.setServletPath("");
 		request.setPathInfo("/a/b//c");
-		assertThatCode(() -> this.firewall.getFirewalledRequest(request)).doesNotThrowAnyException();
+		this.firewall.getFirewalledRequest(request);
 	}
 
 	@Test
@@ -455,7 +454,7 @@ public class StrictHttpFirewallTests {
 		request.setContextPath("/context-root");
 		request.setServletPath("");
 		request.setPathInfo("/a/b//c");
-		assertThatCode(() -> this.firewall.getFirewalledRequest(request)).doesNotThrowAnyException();
+		this.firewall.getFirewalledRequest(request);
 	}
 
 	@Test
@@ -464,7 +463,7 @@ public class StrictHttpFirewallTests {
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", "");
 		request.setRequestURI("/context-root/a/b%2F%2Fc");
 		this.firewall.getEncodedUrlBlacklist().removeAll(Arrays.asList("%2F%2F"));
-		assertThatCode(() -> this.firewall.getFirewalledRequest(request)).doesNotThrowAnyException();
+		this.firewall.getFirewalledRequest(request);
 	}
 
 	@Test
@@ -473,7 +472,7 @@ public class StrictHttpFirewallTests {
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", "");
 		request.setRequestURI("/context-root/a/b%2f%2fc");
 		this.firewall.getEncodedUrlBlacklist().removeAll(Arrays.asList("%2f%2f"));
-		assertThatCode(() -> this.firewall.getFirewalledRequest(request)).doesNotThrowAnyException();
+		this.firewall.getFirewalledRequest(request);
 	}
 
 	@Test
@@ -482,7 +481,7 @@ public class StrictHttpFirewallTests {
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", "");
 		request.setRequestURI("/context-root/a/b%2f%2Fc");
 		this.firewall.getEncodedUrlBlacklist().removeAll(Arrays.asList("%2f%2F"));
-		assertThatCode(() -> this.firewall.getFirewalledRequest(request)).doesNotThrowAnyException();
+		this.firewall.getFirewalledRequest(request);
 	}
 
 	@Test
@@ -491,7 +490,7 @@ public class StrictHttpFirewallTests {
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", "");
 		request.setRequestURI("/context-root/a/b%2F%2fc");
 		this.firewall.getEncodedUrlBlacklist().removeAll(Arrays.asList("%2F%2f"));
-		assertThatCode(() -> this.firewall.getFirewalledRequest(request)).doesNotThrowAnyException();
+		this.firewall.getFirewalledRequest(request);
 	}
 
 	@Test
@@ -499,7 +498,7 @@ public class StrictHttpFirewallTests {
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", "");
 		request.setPathInfo("/a/b//c");
 		this.firewall.getDecodedUrlBlacklist().removeAll(Arrays.asList("//"));
-		assertThatCode(() -> this.firewall.getFirewalledRequest(request)).doesNotThrowAnyException();
+		this.firewall.getFirewalledRequest(request);
 	}
 
 	// blocklist
@@ -509,7 +508,7 @@ public class StrictHttpFirewallTests {
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", "");
 		request.setRequestURI("/context-root/a/b%2F%2Fc");
 		this.firewall.getEncodedUrlBlocklist().removeAll(Arrays.asList("%2F%2F"));
-		assertThatCode(() -> this.firewall.getFirewalledRequest(request)).doesNotThrowAnyException();
+		this.firewall.getFirewalledRequest(request);
 	}
 
 	@Test
@@ -518,7 +517,7 @@ public class StrictHttpFirewallTests {
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", "");
 		request.setRequestURI("/context-root/a/b%2f%2fc");
 		this.firewall.getEncodedUrlBlocklist().removeAll(Arrays.asList("%2f%2f"));
-		assertThatCode(() -> this.firewall.getFirewalledRequest(request)).doesNotThrowAnyException();
+		this.firewall.getFirewalledRequest(request);
 	}
 
 	@Test
@@ -527,7 +526,7 @@ public class StrictHttpFirewallTests {
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", "");
 		request.setRequestURI("/context-root/a/b%2f%2Fc");
 		this.firewall.getEncodedUrlBlocklist().removeAll(Arrays.asList("%2f%2F"));
-		assertThatCode(() -> this.firewall.getFirewalledRequest(request)).doesNotThrowAnyException();
+		this.firewall.getFirewalledRequest(request);
 	}
 
 	@Test
@@ -536,7 +535,7 @@ public class StrictHttpFirewallTests {
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", "");
 		request.setRequestURI("/context-root/a/b%2F%2fc");
 		this.firewall.getEncodedUrlBlocklist().removeAll(Arrays.asList("%2F%2f"));
-		assertThatCode(() -> this.firewall.getFirewalledRequest(request)).doesNotThrowAnyException();
+		this.firewall.getFirewalledRequest(request);
 	}
 
 	@Test
@@ -544,14 +543,14 @@ public class StrictHttpFirewallTests {
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", "");
 		request.setPathInfo("/a/b//c");
 		this.firewall.getDecodedUrlBlocklist().removeAll(Arrays.asList("//"));
-		assertThatCode(() -> this.firewall.getFirewalledRequest(request)).doesNotThrowAnyException();
+		this.firewall.getFirewalledRequest(request);
 	}
 
 	@Test
 	public void getFirewalledRequestWhenTrustedDomainThenNoException() {
 		this.request.addHeader("Host", "example.org");
 		this.firewall.setAllowedHostnames((hostname) -> hostname.equals("example.org"));
-		assertThatCode(() -> this.firewall.getFirewalledRequest(this.request)).doesNotThrowAnyException();
+		this.firewall.getFirewalledRequest(this.request);
 	}
 
 	@Test(expected = RequestRejectedException.class)
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/CompositeHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/CompositeHeaderWriterTests.java
index 52f69284ab..3f57db42ac 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/CompositeHeaderWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/CompositeHeaderWriterTests.java
@@ -26,7 +26,7 @@ import org.junit.Test;
 
 import org.springframework.security.web.header.HeaderWriter;
 
-import static org.assertj.core.api.Assertions.assertThatCode;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
 
@@ -52,8 +52,7 @@ public class CompositeHeaderWriterTests {
 
 	@Test
 	public void constructorWhenPassingEmptyListThenThrowsException() {
-		assertThatCode(() -> new CompositeHeaderWriter(Collections.emptyList()))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> new CompositeHeaderWriter(Collections.emptyList()));
 	}
 
 }
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/FeaturePolicyHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/FeaturePolicyHeaderWriterTests.java
index 8c62dbd1c5..5a88698962 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/FeaturePolicyHeaderWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/FeaturePolicyHeaderWriterTests.java
@@ -23,7 +23,7 @@ import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * Tests for {@link FeaturePolicyHeaderWriter}.
@@ -59,14 +59,14 @@ public class FeaturePolicyHeaderWriterTests {
 
 	@Test
 	public void createWriterWithNullDirectivesShouldThrowException() {
-		assertThatThrownBy(() -> new FeaturePolicyHeaderWriter(null)).isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("policyDirectives must not be null or empty");
+		assertThatIllegalArgumentException().isThrownBy(() -> new FeaturePolicyHeaderWriter(null))
+				.withMessage("policyDirectives must not be null or empty");
 	}
 
 	@Test
 	public void createWriterWithEmptyDirectivesShouldThrowException() {
-		assertThatThrownBy(() -> new FeaturePolicyHeaderWriter("")).isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("policyDirectives must not be null or empty");
+		assertThatIllegalArgumentException().isThrownBy(() -> new FeaturePolicyHeaderWriter(""))
+				.withMessage("policyDirectives must not be null or empty");
 	}
 
 	@Test
diff --git a/web/src/test/java/org/springframework/security/web/reactive/result/method/annotation/AuthenticationPrincipalArgumentResolverTests.java b/web/src/test/java/org/springframework/security/web/reactive/result/method/annotation/AuthenticationPrincipalArgumentResolverTests.java
index d7d5a915cd..ccbdb47b56 100644
--- a/web/src/test/java/org/springframework/security/web/reactive/result/method/annotation/AuthenticationPrincipalArgumentResolverTests.java
+++ b/web/src/test/java/org/springframework/security/web/reactive/result/method/annotation/AuthenticationPrincipalArgumentResolverTests.java
@@ -40,7 +40,7 @@ import org.springframework.web.reactive.BindingContext;
 import org.springframework.web.server.ServerWebExchange;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.BDDMockito.given;
@@ -183,7 +183,7 @@ public class AuthenticationPrincipalArgumentResolverTests {
 		given(this.authentication.getPrincipal()).willReturn("user");
 		Mono<Object> argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange)
 				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication));
-		assertThatThrownBy(() -> argument.block()).isInstanceOf(ClassCastException.class);
+		assertThatExceptionOfType(ClassCastException.class).isThrownBy(() -> argument.block());
 	}
 
 	void authenticationPrincipal(@AuthenticationPrincipal String principal,
diff --git a/web/src/test/java/org/springframework/security/web/savedrequest/CookieRequestCacheTests.java b/web/src/test/java/org/springframework/security/web/savedrequest/CookieRequestCacheTests.java
index 4b24012da9..9572f9e012 100644
--- a/web/src/test/java/org/springframework/security/web/savedrequest/CookieRequestCacheTests.java
+++ b/web/src/test/java/org/springframework/security/web/savedrequest/CookieRequestCacheTests.java
@@ -27,7 +27,7 @@ import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * @author Zeeshan Adnan
@@ -61,8 +61,7 @@ public class CookieRequestCacheTests {
 	@Test
 	public void setRequestMatcherWhenRequestMatcherIsSetNullThenThrowsIllegalArgumentException() {
 		CookieRequestCache cookieRequestCache = new CookieRequestCache();
-		assertThatThrownBy(() -> cookieRequestCache.setRequestMatcher(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> cookieRequestCache.setRequestMatcher(null));
 	}
 
 	@Test
diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/AuthenticationConverterServerWebExchangeMatcherTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/AuthenticationConverterServerWebExchangeMatcherTests.java
index 6addc3d8ad..314dff7107 100644
--- a/web/src/test/java/org/springframework/security/web/server/authentication/AuthenticationConverterServerWebExchangeMatcherTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authentication/AuthenticationConverterServerWebExchangeMatcherTests.java
@@ -29,7 +29,8 @@ import org.springframework.security.authentication.TestingAuthenticationToken;
 import org.springframework.security.core.Authentication;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatCode;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+import static org.assertj.core.api.Assertions.assertThatNullPointerException;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.BDDMockito.given;
 
@@ -82,13 +83,13 @@ public class AuthenticationConverterServerWebExchangeMatcherTests {
 	@Test
 	public void matchesWhenNullThenThrowsException() {
 		given(this.converter.convert(any())).willReturn(null);
-		assertThatCode(() -> this.matcher.matches(this.exchange).block()).isInstanceOf(NullPointerException.class);
+		assertThatNullPointerException().isThrownBy(() -> this.matcher.matches(this.exchange).block());
 	}
 
 	@Test
 	public void matchesWhenExceptionThenPropagates() {
 		given(this.converter.convert(any())).willThrow(RuntimeException.class);
-		assertThatCode(() -> this.matcher.matches(this.exchange).block()).isInstanceOf(RuntimeException.class);
+		assertThatExceptionOfType(RuntimeException.class).isThrownBy(() -> this.matcher.matches(this.exchange).block());
 	}
 
 }
diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/DelegatingServerAuthenticationSuccessHandlerTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/DelegatingServerAuthenticationSuccessHandlerTests.java
index 5c3e1a6319..744289b5a9 100644
--- a/web/src/test/java/org/springframework/security/web/server/authentication/DelegatingServerAuthenticationSuccessHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authentication/DelegatingServerAuthenticationSuccessHandlerTests.java
@@ -33,7 +33,7 @@ import org.springframework.security.core.Authentication;
 import org.springframework.security.web.server.WebFilterExchange;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.BDDMockito.given;
 
@@ -68,16 +68,14 @@ public class DelegatingServerAuthenticationSuccessHandlerTests {
 
 	@Test
 	public void constructorWhenNullThenIllegalArgumentException() {
-		assertThatThrownBy(
-				() -> new DelegatingServerAuthenticationSuccessHandler((ServerAuthenticationSuccessHandler[]) null))
-						.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(
+				() -> new DelegatingServerAuthenticationSuccessHandler((ServerAuthenticationSuccessHandler[]) null));
 	}
 
 	@Test
 	public void constructorWhenEmptyThenIllegalArgumentException() {
-		assertThatThrownBy(
-				() -> new DelegatingServerAuthenticationSuccessHandler(new ServerAuthenticationSuccessHandler[0]))
-						.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(
+				() -> new DelegatingServerAuthenticationSuccessHandler(new ServerAuthenticationSuccessHandler[0]));
 	}
 
 	@Test
diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/logout/DelegatingServerLogoutHandlerTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/logout/DelegatingServerLogoutHandlerTests.java
index 0f42d12f4d..81a0d2f1fe 100644
--- a/web/src/test/java/org/springframework/security/web/server/authentication/logout/DelegatingServerLogoutHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authentication/logout/DelegatingServerLogoutHandlerTests.java
@@ -34,7 +34,7 @@ import org.springframework.security.core.Authentication;
 import org.springframework.security.web.server.WebFilterExchange;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.BDDMockito.given;
 
@@ -71,23 +71,23 @@ public class DelegatingServerLogoutHandlerTests {
 
 	@Test
 	public void constructorWhenNullVargsThenIllegalArgumentException() {
-		assertThatThrownBy(() -> new DelegatingServerLogoutHandler((ServerLogoutHandler[]) null))
-				.isExactlyInstanceOf(IllegalArgumentException.class).hasMessage("delegates cannot be null or empty")
-				.hasNoCause();
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new DelegatingServerLogoutHandler((ServerLogoutHandler[]) null))
+				.withMessage("delegates cannot be null or empty").withNoCause();
 	}
 
 	@Test
 	public void constructorWhenNullListThenIllegalArgumentException() {
-		assertThatThrownBy(() -> new DelegatingServerLogoutHandler((List<ServerLogoutHandler>) null))
-				.isExactlyInstanceOf(IllegalArgumentException.class).hasMessage("delegates cannot be null or empty")
-				.hasNoCause();
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new DelegatingServerLogoutHandler((List<ServerLogoutHandler>) null))
+				.withMessage("delegates cannot be null or empty").withNoCause();
 	}
 
 	@Test
 	public void constructorWhenEmptyThenIllegalArgumentException() {
-		assertThatThrownBy(() -> new DelegatingServerLogoutHandler(new ServerLogoutHandler[0]))
-				.isExactlyInstanceOf(IllegalArgumentException.class).hasMessage("delegates cannot be null or empty")
-				.hasNoCause();
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new DelegatingServerLogoutHandler(new ServerLogoutHandler[0]))
+				.withMessage("delegates cannot be null or empty").withNoCause();
 	}
 
 	@Test
diff --git a/web/src/test/java/org/springframework/security/web/server/transport/HttpsRedirectWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/transport/HttpsRedirectWebFilterTests.java
index 38cf2bf214..e7d0617268 100644
--- a/web/src/test/java/org/springframework/security/web/server/transport/HttpsRedirectWebFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/transport/HttpsRedirectWebFilterTests.java
@@ -32,7 +32,8 @@ import org.springframework.web.server.ServerWebExchange;
 import org.springframework.web.server.WebFilterChain;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatCode;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
+import static org.assertj.core.api.Assertions.assertThatIllegalStateException;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
@@ -110,8 +111,7 @@ public class HttpsRedirectWebFilterTests {
 	@Test
 	public void filterWhenRequestIsInsecureAndNoPortMappingThenThrowsIllegalState() {
 		ServerWebExchange exchange = get("http://localhost:1234");
-		assertThatCode(() -> this.filter.filter(exchange, this.chain).block())
-				.isInstanceOf(IllegalStateException.class);
+		assertThatIllegalStateException().isThrownBy(() -> this.filter.filter(exchange, this.chain).block());
 	}
 
 	@Test
@@ -124,13 +124,12 @@ public class HttpsRedirectWebFilterTests {
 
 	@Test
 	public void setRequiresTransportSecurityMatcherWhenSetWithNullValueThenThrowsIllegalArgument() {
-		assertThatCode(() -> this.filter.setRequiresHttpsRedirectMatcher(null))
-				.isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.filter.setRequiresHttpsRedirectMatcher(null));
 	}
 
 	@Test
 	public void setPortMapperWhenSetWithNullValueThenThrowsIllegalArgument() {
-		assertThatCode(() -> this.filter.setPortMapper(null)).isInstanceOf(IllegalArgumentException.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.filter.setPortMapper(null));
 	}
 
 	private String redirectedUrl(ServerWebExchange exchange) {
diff --git a/web/src/test/java/org/springframework/security/web/util/matcher/IpAddressMatcherTests.java b/web/src/test/java/org/springframework/security/web/util/matcher/IpAddressMatcherTests.java
index 1ef1c66f2e..281661e02c 100644
--- a/web/src/test/java/org/springframework/security/web/util/matcher/IpAddressMatcherTests.java
+++ b/web/src/test/java/org/springframework/security/web/util/matcher/IpAddressMatcherTests.java
@@ -22,7 +22,7 @@ import org.junit.Test;
 import org.springframework.mock.web.MockHttpServletRequest;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatCode;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * @author Luke Taylor
@@ -92,18 +92,17 @@ public class IpAddressMatcherTests {
 	@Test
 	public void ipv4RequiredAddressMaskTooLongThenIllegalArgumentException() {
 		String ipv4AddressWithTooLongMask = "192.168.1.104/33";
-		assertThatCode(() -> new IpAddressMatcher(ipv4AddressWithTooLongMask))
-				.isInstanceOf(IllegalArgumentException.class).hasMessage(
-						String.format("IP address %s is too short for bitmask of " + "length %d", "192.168.1.104", 33));
+		assertThatIllegalArgumentException().isThrownBy(() -> new IpAddressMatcher(ipv4AddressWithTooLongMask))
+				.withMessage(String.format("IP address %s is too short for bitmask of length %d", "192.168.1.104", 33));
 	}
 
 	// SEC-2576
 	@Test
 	public void ipv6RequiredAddressMaskTooLongThenIllegalArgumentException() {
 		String ipv6AddressWithTooLongMask = "fe80::21f:5bff:fe33:bd68/129";
-		assertThatCode(() -> new IpAddressMatcher(ipv6AddressWithTooLongMask))
-				.isInstanceOf(IllegalArgumentException.class).hasMessage(String.format(
-						"IP address %s is too short for bitmask of " + "length %d", "fe80::21f:5bff:fe33:bd68", 129));
+		assertThatIllegalArgumentException().isThrownBy(() -> new IpAddressMatcher(ipv6AddressWithTooLongMask))
+				.withMessage(String.format("IP address %s is too short for bitmask of length %d",
+						"fe80::21f:5bff:fe33:bd68", 129));
 	}
 
 }

From 28817e62ef4b283df9d948455c71cd97e9cdd061 Mon Sep 17 00:00:00 2001
From: Rob Winch <rwinch@users.noreply.github.com>
Date: Mon, 10 Aug 2020 16:58:36 -0500
Subject: [PATCH 74/84] Fix imports of AuthenticationPayloadExchangeConverter

Issue gh-8945
---
 .../AuthenticationPayloadExchangeConverter.java               | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadExchangeConverter.java b/rsocket/src/main/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadExchangeConverter.java
index 25e3d82611..096c1bb179 100644
--- a/rsocket/src/main/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadExchangeConverter.java
+++ b/rsocket/src/main/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadExchangeConverter.java
@@ -21,9 +21,9 @@ import java.util.Map;
 
 import io.netty.buffer.ByteBuf;
 import io.netty.buffer.ByteBufAllocator;
-import io.rsocket.metadata.WellKnownMimeType;
 import io.rsocket.metadata.AuthMetadataCodec;
-import io.rsocket.metadata.security.WellKnownAuthType;
+import io.rsocket.metadata.WellKnownAuthType;
+import io.rsocket.metadata.WellKnownMimeType;
 import reactor.core.publisher.Mono;
 
 import org.springframework.core.codec.ByteArrayDecoder;

From e3dd8d2530e0e321f5273d2ac6f5b33e8df7db1b Mon Sep 17 00:00:00 2001
From: Rob Winch <rwinch@users.noreply.github.com>
Date: Mon, 24 Aug 2020 09:47:39 -0500
Subject: [PATCH 75/84] Polish acl format

Issue gh-8945
---
 .../security/acls/jdbc/JdbcAclServiceTests.java           | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcAclServiceTests.java b/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcAclServiceTests.java
index a4ff652ef1..49985c2d2e 100644
--- a/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcAclServiceTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcAclServiceTests.java
@@ -81,8 +81,12 @@ public class JdbcAclServiceTests {
 
 	@Before
 	public void setUpEmbeddedDatabase() {
-		this.embeddedDatabase = new EmbeddedDatabaseBuilder()//
-				.addScript("createAclSchemaWithAclClassIdType.sql").addScript("db/sql/test_data_hierarchy.sql").build();
+		// @formatter:off
+		this.embeddedDatabase = new EmbeddedDatabaseBuilder()
+			.addScript("createAclSchemaWithAclClassIdType.sql")
+			.addScript("db/sql/test_data_hierarchy.sql")
+			.build();
+		// @formatter:on
 	}
 
 	@After

From 254f2e2aec14f1b51b07886f0c212fe28cbf91ea Mon Sep 17 00:00:00 2001
From: Rob Winch <rwinch@users.noreply.github.com>
Date: Mon, 24 Aug 2020 09:47:59 -0500
Subject: [PATCH 76/84] Polish config format

Issue gh-8945
---
 ...AuthenticationProviderConfigurerTests.java |  28 +-
 ...espaceLdapAuthenticationProviderTests.java |  23 +-
 .../rsocket/HelloRSocketITests.java           |  45 ++-
 .../config/annotation/rsocket/JwtITests.java  |  21 +-
 ...RSocketMessageHandlerConnectionITests.java | 131 +++++--
 .../rsocket/RSocketMessageHandlerITests.java  |  96 +++--
 .../rsocket/SimpleAuthenticationITests.java   |  47 ++-
 ...ocketAcceptorInterceptorConfiguration.java |  12 +-
 .../HttpSecurityConfiguration.java            |  25 +-
 .../OAuth2ClientConfiguration.java            |  11 +-
 .../ServerHttpSecurityConfiguration.java      |   6 +-
 .../security/config/ConfigTestUtils.java      |   9 +-
 .../config/SecurityNamespaceHandlerTests.java |  12 +-
 .../AuthenticationManagerBuilderTests.java    |  16 +-
 .../NamespaceAuthenticationManagerTests.java  |  18 +-
 .../NamespaceJdbcUserServiceTests.java        |   7 +-
 .../UserDetailsManagerConfigurerTests.java    |  45 ++-
 .../web/HttpSecurityHeadersTests.java         |  12 +-
 .../WebSecurityConfigurerAdapterTests.java    |  13 +-
 .../web/builders/NamespaceHttpTests.java      |  10 +-
 ...icationPrincipalArgumentResolverTests.java |   6 +-
 .../HttpSecurityConfigurationTests.java       |  86 +++-
 .../OAuth2ClientConfigurationTests.java       |  41 +-
 ...ntextConfigurationResourceServerTests.java |  32 +-
 ...urityReactorContextConfigurationTests.java |  14 +-
 .../WebSecurityConfigurationTests.java        |  58 ++-
 .../web/configurers/CsrfConfigurerTests.java  |  41 +-
 .../DefaultLoginPageConfigurerTests.java      | 162 +++++---
 .../ExceptionHandlingConfigurerTests.java     |  10 +-
 ...essionUrlAuthorizationConfigurerTests.java | 161 ++++++--
 .../configurers/FormLoginConfigurerTests.java | 104 ++++-
 .../HeadersConfigurerEagerHeadersTests.java   |  20 +-
 .../configurers/HeadersConfigurerTests.java   | 134 +++++--
 .../configurers/HttpBasicConfigurerTests.java |  15 +-
 .../web/configurers/JeeConfigurerTests.java   |  63 ++-
 .../LogoutConfigurerClearSiteDataTests.java   |  15 +-
 .../configurers/LogoutConfigurerTests.java    | 113 ++++--
 .../configurers/NamespaceHttpBasicTests.java  |  31 +-
 .../NamespaceHttpCustomFilterTests.java       |  11 +-
 .../NamespaceHttpFormLoginTests.java          |  28 +-
 .../NamespaceHttpInterceptUrlTests.java       |  17 +-
 .../configurers/NamespaceHttpLogoutTests.java |  45 ++-
 .../NamespaceHttpOpenIDLoginTests.java        |  16 +-
 ...aceHttpServerAccessDeniedHandlerTests.java |  10 +-
 .../configurers/NamespaceHttpX509Tests.java   |   6 +-
 .../configurers/NamespaceRememberMeTests.java |  95 ++++-
 .../NamespaceSessionManagementTests.java      |  78 +++-
 .../configurers/PermitAllSupportTests.java    |  13 +-
 .../RememberMeConfigurerTests.java            | 138 +++++--
 .../RequestCacheConfigurerTests.java          | 157 ++++++--
 .../RequestMatcherConfigurerTests.java        |  16 +-
 .../ServletApiConfigurerTests.java            |  36 +-
 ...tConfigurerSessionCreationPolicyTests.java |   6 +-
 .../SessionManagementConfigurerTests.java     |  80 +++-
 .../configurers/UrlAuthorizationsTests.java   |  48 ++-
 .../web/configurers/X509ConfigurerTests.java  |  15 +-
 .../client/OAuth2ClientConfigurerTests.java   |  72 +++-
 .../client/OAuth2LoginConfigurerTests.java    |  35 +-
 .../OAuth2ResourceServerConfigurerTests.java  | 368 ++++++++++++++----
 .../openid/OpenIDLoginConfigurerTests.java    |  21 +-
 .../saml2/Saml2LoginConfigurerTests.java      |   8 +-
 .../saml2/TestSaml2Credentials.java           |  15 +-
 ...geSecurityMetadataSourceRegistryTests.java | 147 +++++--
 .../reactive/EnableWebFluxSecurityTests.java  | 161 +++++---
 ...WebSocketMessageBrokerConfigurerTests.java |  33 +-
 ...ationManagerBeanDefinitionParserTests.java |  26 +-
 ...tionProviderBeanDefinitionParserTests.java |  72 +++-
 ...cUserServiceBeanDefinitionParserTests.java |  37 +-
 .../PasswordEncoderParserTests.java           |  10 +-
 .../UserServiceBeanDefinitionParserTests.java |  25 +-
 .../UserDetailsResourceFactoryBeanTests.java  |  16 +-
 ...eyConversionServicePostProcessorTests.java |   5 +-
 .../config/doc/SpringSecurityXsdParser.java   |  11 +-
 .../security/config/doc/XmlNode.java          |  23 +-
 .../config/doc/XsdDocumentedTests.java        | 129 ++++--
 .../security/config/http/CsrfConfigTests.java | 203 ++++++++--
 ...tadataSourceBeanDefinitionParserTests.java |  15 +-
 .../FormLoginBeanDefinitionParserTests.java   | 122 ++++--
 .../config/http/FormLoginConfigTests.java     |  67 +++-
 .../security/config/http/HttpConfigTests.java |   6 +-
 .../config/http/HttpCorsConfigTests.java      |  24 +-
 .../config/http/HttpHeadersConfigTests.java   | 294 +++++++++++---
 .../config/http/HttpInterceptUrlTests.java    |  11 +-
 .../config/http/InterceptUrlConfigTests.java  |  94 +++--
 .../config/http/MiscHttpConfigTests.java      | 275 +++++++++----
 .../http/MultiHttpBlockConfigTests.java       |  29 +-
 .../config/http/NamespaceHttpBasicTests.java  |  47 ++-
 ...OAuth2ClientBeanDefinitionParserTests.java |  41 +-
 .../OAuth2LoginBeanDefinitionParserTests.java |  67 +++-
 ...sourceServerBeanDefinitionParserTests.java | 223 +++++++++--
 .../config/http/OpenIDConfigTests.java        |  42 +-
 .../http/PlaceHolderAndELConfigTests.java     |  38 +-
 .../config/http/RememberMeConfigTests.java    | 147 ++++---
 ...yContextHolderAwareRequestConfigTests.java |  87 ++++-
 ...SessionManagementConfigServlet31Tests.java |  31 +-
 .../http/SessionManagementConfigTests.java    | 198 +++++++---
 ...thodSecurityBeanDefinitionParserTests.java |  94 +++--
 ...tationDrivenBeanDefinitionParserTests.java |   5 +-
 ...egistrationsBeanDefinitionParserTests.java | 102 +++--
 .../config/test/SpringTestContext.java        |   8 +-
 .../server/AuthorizeExchangeSpecTests.java    |  72 +++-
 .../config/web/server/CorsSpecTests.java      |  14 +-
 .../server/ExceptionHandlingSpecTests.java    | 172 ++++++--
 .../config/web/server/FormLoginTests.java     | 277 ++++++++++---
 .../config/web/server/HeaderSpecTests.java    | 150 +++++--
 .../web/server/HttpsRedirectSpecTests.java    |  77 +++-
 .../config/web/server/LogoutSpecTests.java    | 149 +++++--
 .../web/server/OAuth2ClientSpecTests.java     |  48 ++-
 .../config/web/server/OAuth2LoginTests.java   | 176 +++++++--
 .../server/OAuth2ResourceServerSpecTests.java | 258 +++++++++---
 .../config/web/server/RequestCacheTests.java  |  88 ++++-
 .../web/server/ServerHttpSecurityTests.java   | 188 +++++++--
 .../server/HtmlUnitWebTestClient.java         |  18 +-
 ...bTestClientHtmlUnitDriverBuilderTests.java |  42 +-
 ...SecurityInterceptorWithAopConfigTests.java |  61 ++-
 115 files changed, 5971 insertions(+), 1811 deletions(-)

diff --git a/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/LdapAuthenticationProviderConfigurerTests.java b/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/LdapAuthenticationProviderConfigurerTests.java
index 328dbc4a3b..ad38a083cd 100644
--- a/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/LdapAuthenticationProviderConfigurerTests.java
+++ b/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/LdapAuthenticationProviderConfigurerTests.java
@@ -29,6 +29,8 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
 import org.springframework.security.config.test.SpringTestRule;
 import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders;
+import org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers;
 import org.springframework.test.web.servlet.MockMvc;
 
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.formLogin;
@@ -55,35 +57,39 @@ public class LdapAuthenticationProviderConfigurerTests {
 	public void authenticationManagerSupportMultipleLdapContextWithDefaultRolePrefix() throws Exception {
 		this.spring.register(MultiLdapAuthenticationProvidersConfig.class).autowire();
 
-		this.mockMvc.perform(formLogin().user("bob").password("bobspassword"))
-				.andExpect(authenticated().withUsername("bob")
-						.withAuthorities(Collections.singleton(new SimpleGrantedAuthority("ROLE_DEVELOPERS"))));
+		SecurityMockMvcRequestBuilders.FormLoginRequestBuilder request = formLogin().user("bob").password("bobspassword");
+		SecurityMockMvcResultMatchers.AuthenticatedMatcher expectedUser = authenticated().withUsername("bob")
+				.withAuthorities(Collections.singleton(new SimpleGrantedAuthority("ROLE_DEVELOPERS")));
+		this.mockMvc.perform(request).andExpect(expectedUser);
 	}
 
 	@Test
 	public void authenticationManagerSupportMultipleLdapContextWithCustomRolePrefix() throws Exception {
 		this.spring.register(MultiLdapWithCustomRolePrefixAuthenticationProvidersConfig.class).autowire();
 
-		this.mockMvc.perform(formLogin().user("bob").password("bobspassword"))
-				.andExpect(authenticated().withUsername("bob")
-						.withAuthorities(Collections.singleton(new SimpleGrantedAuthority("ROL_DEVELOPERS"))));
+		SecurityMockMvcRequestBuilders.FormLoginRequestBuilder request = formLogin().user("bob").password("bobspassword");
+		SecurityMockMvcResultMatchers.AuthenticatedMatcher expectedUser = authenticated().withUsername("bob")
+				.withAuthorities(Collections.singleton(new SimpleGrantedAuthority("ROL_DEVELOPERS")));
+		this.mockMvc.perform(request).andExpect(expectedUser);
 	}
 
 	@Test
 	public void authenticationManagerWhenPortZeroThenAuthenticates() throws Exception {
 		this.spring.register(LdapWithRandomPortConfig.class).autowire();
 
-		this.mockMvc.perform(formLogin().user("bob").password("bobspassword"))
-				.andExpect(authenticated().withUsername("bob"));
+		SecurityMockMvcRequestBuilders.FormLoginRequestBuilder request = formLogin().user("bob").password("bobspassword");
+		SecurityMockMvcResultMatchers.AuthenticatedMatcher expectedUser = authenticated().withUsername("bob");
+		this.mockMvc.perform(request).andExpect(expectedUser);
 	}
 
 	@Test
 	public void authenticationManagerWhenSearchSubtreeThenNestedGroupFound() throws Exception {
 		this.spring.register(GroupSubtreeSearchConfig.class).autowire();
 
-		this.mockMvc.perform(formLogin().user("ben").password("benspassword"))
-				.andExpect(authenticated().withUsername("ben").withAuthorities(
-						AuthorityUtils.createAuthorityList("ROLE_SUBMANAGERS", "ROLE_MANAGERS", "ROLE_DEVELOPERS")));
+		SecurityMockMvcRequestBuilders.FormLoginRequestBuilder request = formLogin().user("ben").password("benspassword");
+		SecurityMockMvcResultMatchers.AuthenticatedMatcher expectedUser = authenticated().withUsername("ben").withAuthorities(
+				AuthorityUtils.createAuthorityList("ROLE_SUBMANAGERS", "ROLE_MANAGERS", "ROLE_DEVELOPERS"));
+		this.mockMvc.perform(request).andExpect(expectedUser);
 	}
 
 	@EnableWebSecurity
diff --git a/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/NamespaceLdapAuthenticationProviderTests.java b/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/NamespaceLdapAuthenticationProviderTests.java
index 7d4c9a610d..de439c648e 100644
--- a/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/NamespaceLdapAuthenticationProviderTests.java
+++ b/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/NamespaceLdapAuthenticationProviderTests.java
@@ -36,6 +36,8 @@ import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.ldap.DefaultSpringSecurityContextSource;
 import org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator;
+import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders;
+import org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers;
 import org.springframework.security.web.FilterChainProxy;
 import org.springframework.test.web.servlet.MockMvc;
 
@@ -57,16 +59,19 @@ public class NamespaceLdapAuthenticationProviderTests {
 	public void ldapAuthenticationProvider() throws Exception {
 		this.spring.register(LdapAuthenticationProviderConfig.class).autowire();
 
-		this.mockMvc.perform(formLogin().user("bob").password("bobspassword"))
-				.andExpect(authenticated().withUsername("bob"));
+		SecurityMockMvcRequestBuilders.FormLoginRequestBuilder request = formLogin().user("bob").password("bobspassword");
+		SecurityMockMvcResultMatchers.AuthenticatedMatcher user = authenticated().withUsername("bob");
+		this.mockMvc.perform(request).andExpect(user);
 	}
 
 	@Test
 	public void ldapAuthenticationProviderCustom() throws Exception {
 		this.spring.register(CustomLdapAuthenticationProviderConfig.class).autowire();
 
-		this.mockMvc.perform(formLogin().user("bob").password("bobspassword")).andExpect(authenticated()
-				.withAuthorities(Collections.singleton(new SimpleGrantedAuthority("PREFIX_DEVELOPERS"))));
+		SecurityMockMvcRequestBuilders.FormLoginRequestBuilder request = formLogin().user("bob").password("bobspassword");
+		SecurityMockMvcResultMatchers.AuthenticatedMatcher user = authenticated()
+				.withAuthorities(Collections.singleton(new SimpleGrantedAuthority("PREFIX_DEVELOPERS")));
+		this.mockMvc.perform(request).andExpect(user);
 	}
 
 	// SEC-2490
@@ -83,16 +88,18 @@ public class NamespaceLdapAuthenticationProviderTests {
 
 		this.spring.register(CustomAuthoritiesPopulatorConfig.class).autowire();
 
-		this.mockMvc.perform(formLogin().user("bob").password("bobspassword")).andExpect(
-				authenticated().withAuthorities(Collections.singleton(new SimpleGrantedAuthority("ROLE_EXTRA"))));
+		SecurityMockMvcRequestBuilders.FormLoginRequestBuilder request = formLogin().user("bob").password("bobspassword");
+		SecurityMockMvcResultMatchers.AuthenticatedMatcher user = authenticated().withAuthorities(Collections.singleton(new SimpleGrantedAuthority("ROLE_EXTRA")));
+		this.mockMvc.perform(request).andExpect(user);
 	}
 
 	@Test
 	public void ldapAuthenticationProviderPasswordCompare() throws Exception {
 		this.spring.register(PasswordCompareLdapConfig.class).autowire();
 
-		this.mockMvc.perform(formLogin().user("bcrypt").password("password"))
-				.andExpect(authenticated().withUsername("bcrypt"));
+		SecurityMockMvcRequestBuilders.FormLoginRequestBuilder request = formLogin().user("bcrypt").password("password");
+		SecurityMockMvcResultMatchers.AuthenticatedMatcher user = authenticated().withUsername("bcrypt");
+		this.mockMvc.perform(request).andExpect(user);
 	}
 
 }
diff --git a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/HelloRSocketITests.java b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/HelloRSocketITests.java
index 1277074e20..e14ca36591 100644
--- a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/HelloRSocketITests.java
+++ b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/HelloRSocketITests.java
@@ -71,9 +71,15 @@ public class HelloRSocketITests {
 
 	@Before
 	public void setup() {
-		this.server = RSocketFactory.receive().frameDecoder(PayloadDecoder.ZERO_COPY)
-				.addSocketAcceptorPlugin(this.interceptor).acceptor(this.handler.responder())
-				.transport(TcpServerTransport.create("localhost", 0)).start().block();
+		// @formatter:off
+		this.server = RSocketFactory.receive()
+			.frameDecoder(PayloadDecoder.ZERO_COPY)
+			.addSocketAcceptorPlugin(this.interceptor)
+			.acceptor(this.handler.responder())
+			.transport(TcpServerTransport.create("localhost", 0))
+			.start()
+			.block();
+		// @formatter:on
 	}
 
 	@After
@@ -85,13 +91,23 @@ public class HelloRSocketITests {
 
 	@Test
 	public void retrieveMonoWhenSecureThenDenied() throws Exception {
-		this.requester = RSocketRequester.builder().rsocketStrategies(this.handler.getRSocketStrategies())
-				.connectTcp("localhost", this.server.address().getPort()).block();
+		// @formatter:off
+		this.requester = RSocketRequester.builder()
+			.rsocketStrategies(this.handler.getRSocketStrategies())
+			.connectTcp("localhost", this.server.address().getPort())
+			.block();
+		// @formatter:on
 		String data = "rob";
+		// @formatter:off
 		assertThatExceptionOfType(Exception.class).isThrownBy(
-				() -> this.requester.route("secure.retrieve-mono").data(data).retrieveMono(String.class).block())
+				() -> this.requester.route("secure.retrieve-mono")
+						.data(data)
+						.retrieveMono(String.class)
+						.block()
+				)
 				.matches((ex) -> ex instanceof RejectedSetupException
 						|| ex.getClass().toString().contains("ReactiveException"));
+		// @formatter:on
 		// FIXME: https://github.com/rsocket/rsocket-java/issues/686
 		assertThat(this.controller.payloads).isEmpty();
 	}
@@ -99,14 +115,21 @@ public class HelloRSocketITests {
 	@Test
 	public void retrieveMonoWhenAuthorizedThenGranted() throws Exception {
 		UsernamePasswordMetadata credentials = new UsernamePasswordMetadata("rob", "password");
+		// @formatter:off
 		this.requester = RSocketRequester.builder()
-				.setupMetadata(credentials, UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE)
-				.rsocketStrategies(this.handler.getRSocketStrategies())
-				.connectTcp("localhost", this.server.address().getPort()).block();
+			.setupMetadata(credentials, UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE)
+			.rsocketStrategies(this.handler.getRSocketStrategies())
+			.connectTcp("localhost", this.server.address().getPort())
+			.block();
+		// @formatter:on
 		String data = "rob";
+		// @formatter:off
 		String hiRob = this.requester.route("secure.retrieve-mono")
-				.metadata(credentials, UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE).data(data)
-				.retrieveMono(String.class).block();
+			.metadata(credentials, UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE)
+			.data(data)
+			.retrieveMono(String.class)
+			.block();
+		// @formatter:on
 		assertThat(hiRob).isEqualTo("Hi rob");
 		assertThat(this.controller.payloads).containsOnly(data);
 	}
diff --git a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/JwtITests.java b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/JwtITests.java
index f8b30d7e51..6548030a17 100644
--- a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/JwtITests.java
+++ b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/JwtITests.java
@@ -99,10 +99,16 @@ public class JwtITests {
 	public void routeWhenBearerThenAuthorized() {
 		BearerTokenMetadata credentials = new BearerTokenMetadata("token");
 		given(this.decoder.decode(any())).willReturn(Mono.just(jwt()));
+		// @formatter:off
 		this.requester = requester()
-				.setupMetadata(credentials.getToken(), BearerTokenMetadata.BEARER_AUTHENTICATION_MIME_TYPE)
-				.connectTcp(this.server.address().getHostName(), this.server.address().getPort()).block();
-		String hiRob = this.requester.route("secure.retrieve-mono").data("rob").retrieveMono(String.class).block();
+			.setupMetadata(credentials.getToken(), BearerTokenMetadata.BEARER_AUTHENTICATION_MIME_TYPE)
+			.connectTcp(this.server.address().getHostName(), this.server.address().getPort())
+			.block();
+		String hiRob = this.requester.route("secure.retrieve-mono")
+			.data("rob")
+			.retrieveMono(String.class)
+			.block();
+		// @formatter:on
 		assertThat(hiRob).isEqualTo("Hi rob");
 	}
 
@@ -112,9 +118,14 @@ public class JwtITests {
 				.parseMimeType(WellKnownMimeType.MESSAGE_RSOCKET_AUTHENTICATION.getString());
 		BearerTokenMetadata credentials = new BearerTokenMetadata("token");
 		given(this.decoder.decode(any())).willReturn(Mono.just(jwt()));
+		// @formatter:off
 		this.requester = requester().setupMetadata(credentials, authenticationMimeType)
-				.connectTcp(this.server.address().getHostName(), this.server.address().getPort()).block();
-		String hiRob = this.requester.route("secure.retrieve-mono").data("rob").retrieveMono(String.class).block();
+				.connectTcp(this.server.address().getHostName(), this.server.address().getPort())
+				.block();
+		String hiRob = this.requester.route("secure.retrieve-mono")
+				.data("rob")
+				.retrieveMono(String.class).block();
+		// @formatter:on
 		assertThat(hiRob).isEqualTo("Hi rob");
 	}
 
diff --git a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerConnectionITests.java b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerConnectionITests.java
index 2c3c603838..8b86b4f456 100644
--- a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerConnectionITests.java
+++ b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerConnectionITests.java
@@ -78,9 +78,15 @@ public class RSocketMessageHandlerConnectionITests {
 
 	@Before
 	public void setup() {
-		this.server = RSocketFactory.receive().frameDecoder(PayloadDecoder.ZERO_COPY)
-				.addSocketAcceptorPlugin(this.interceptor).acceptor(this.handler.responder())
-				.transport(TcpServerTransport.create("localhost", 0)).start().block();
+		// @formatter:off
+		this.server = RSocketFactory.receive()
+			.frameDecoder(PayloadDecoder.ZERO_COPY)
+			.addSocketAcceptorPlugin(this.interceptor)
+			.acceptor(this.handler.responder())
+			.transport(TcpServerTransport.create("localhost", 0))
+			.start()
+			.block();
+		// @formatter:on
 	}
 
 	@After
@@ -93,94 +99,147 @@ public class RSocketMessageHandlerConnectionITests {
 	@Test
 	public void routeWhenAuthorized() {
 		UsernamePasswordMetadata credentials = new UsernamePasswordMetadata("user", "password");
+		// @formatter:off
 		this.requester = requester().setupMetadata(credentials, UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE)
-				.connectTcp(this.server.address().getHostName(), this.server.address().getPort()).block();
-		String hiRob = this.requester.route("secure.retrieve-mono").data("rob").retrieveMono(String.class).block();
+			.connectTcp(this.server.address().getHostName(), this.server.address().getPort())
+			.block();
+		String hiRob = this.requester.route("secure.retrieve-mono")
+			.data("rob")
+			.retrieveMono(String.class)
+			.block();
+		// @formatter:on
 		assertThat(hiRob).isEqualTo("Hi rob");
 	}
 
 	@Test
 	public void routeWhenNotAuthorized() {
 		UsernamePasswordMetadata credentials = new UsernamePasswordMetadata("user", "password");
+		// @formatter:off
 		this.requester = requester().setupMetadata(credentials, UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE)
-				.connectTcp(this.server.address().getHostName(), this.server.address().getPort()).block();
+			.connectTcp(this.server.address().getHostName(), this.server.address().getPort())
+			.block();
 		assertThatExceptionOfType(ApplicationErrorException.class).isThrownBy(() -> this.requester
-				.route("secure.admin.retrieve-mono").data("data").retrieveMono(String.class).block());
+				.route("secure.admin.retrieve-mono")
+				.data("data")
+				.retrieveMono(String.class)
+				.block()
+		);
+		// @formatter:on
 	}
 
 	@Test
 	public void routeWhenStreamCredentialsAuthorized() {
 		UsernamePasswordMetadata connectCredentials = new UsernamePasswordMetadata("user", "password");
-		this.requester = requester()
-				.setupMetadata(connectCredentials, UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE)
-				.connectTcp(this.server.address().getHostName(), this.server.address().getPort()).block();
+		// @formatter:off
+		this.requester = requester().setupMetadata(connectCredentials, UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE)
+			.connectTcp(this.server.address().getHostName(), this.server.address().getPort())
+			.block();
 		String hiRob = this.requester.route("secure.admin.retrieve-mono")
-				.metadata(new UsernamePasswordMetadata("admin", "password"),
-						UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE)
-				.data("rob").retrieveMono(String.class).block();
+			.metadata(new UsernamePasswordMetadata("admin", "password"),
+					UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE)
+			.data("rob")
+			.retrieveMono(String.class)
+			.block();
+		// @formatter:on
 		assertThat(hiRob).isEqualTo("Hi rob");
 	}
 
 	@Test
 	public void routeWhenStreamCredentialsHaveAuthority() {
 		UsernamePasswordMetadata connectCredentials = new UsernamePasswordMetadata("user", "password");
-		this.requester = requester()
-				.setupMetadata(connectCredentials, UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE)
-				.connectTcp(this.server.address().getHostName(), this.server.address().getPort()).block();
+		// @formatter:off
+		this.requester = requester().setupMetadata(connectCredentials, UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE)
+			.connectTcp(this.server.address().getHostName(), this.server.address().getPort())
+			.block();
 		String hiUser = this.requester.route("secure.authority.retrieve-mono")
-				.metadata(new UsernamePasswordMetadata("admin", "password"),
-						UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE)
-				.data("Felipe").retrieveMono(String.class).block();
+			.metadata(new UsernamePasswordMetadata("admin", "password"),
+					UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE)
+			.data("Felipe")
+			.retrieveMono(String.class)
+			.block();
+		// @formatter:on
 		assertThat(hiUser).isEqualTo("Hi Felipe");
 	}
 
 	@Test
 	public void connectWhenNotAuthenticated() {
+		// @formatter:off
 		this.requester = requester().connectTcp(this.server.address().getHostName(), this.server.address().getPort())
 				.block();
 		assertThatExceptionOfType(Exception.class)
-				.isThrownBy(() -> this.requester.route("retrieve-mono").data("data").retrieveMono(String.class).block())
+				.isThrownBy(() -> this.requester.route("retrieve-mono")
+						.data("data")
+						.retrieveMono(String.class)
+						.block()
+				)
 				.matches((ex) -> ex instanceof RejectedSetupException
 						|| ex.getClass().toString().contains("ReactiveException"));
+		// @formatter:on
 		// FIXME: https://github.com/rsocket/rsocket-java/issues/686
 	}
 
 	@Test
 	public void connectWhenNotAuthorized() {
 		UsernamePasswordMetadata credentials = new UsernamePasswordMetadata("evil", "password");
+		// @formatter:off
 		this.requester = requester().setupMetadata(credentials, UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE)
-				.connectTcp(this.server.address().getHostName(), this.server.address().getPort()).block();
+				.connectTcp(this.server.address().getHostName(), this.server.address().getPort())
+				.block();
 		assertThatExceptionOfType(Exception.class)
-				.isThrownBy(() -> this.requester.route("retrieve-mono").data("data").retrieveMono(String.class).block())
+				.isThrownBy(() -> this.requester.route("retrieve-mono")
+						.data("data")
+						.retrieveMono(String.class)
+						.block()
+				)
 				.matches((ex) -> ex instanceof RejectedSetupException
 						|| ex.getClass().toString().contains("ReactiveException"));
+		// @formatter:on
 		// FIXME: https://github.com/rsocket/rsocket-java/issues/686
 	}
 
 	@Test
 	public void connectionDenied() {
 		UsernamePasswordMetadata credentials = new UsernamePasswordMetadata("user", "password");
+		// @formatter:off
 		this.requester = requester().setupMetadata(credentials, UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE)
-				.connectTcp(this.server.address().getHostName(), this.server.address().getPort()).block();
+				.connectTcp(this.server.address().getHostName(), this.server.address().getPort())
+				.block();
 		assertThatExceptionOfType(ApplicationErrorException.class)
-				.isThrownBy(() -> this.requester.route("prohibit").data("data").retrieveMono(String.class).block());
+				.isThrownBy(() -> this.requester.route("prohibit")
+						.data("data")
+						.retrieveMono(String.class)
+						.block()
+				);
+		// @formatter:on
 	}
 
 	@Test
 	public void connectWithAnyRole() {
 		UsernamePasswordMetadata credentials = new UsernamePasswordMetadata("user", "password");
+		// @formatter:off
 		this.requester = requester().setupMetadata(credentials, UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE)
-				.connectTcp(this.server.address().getHostName(), this.server.address().getPort()).block();
-		String hiRob = this.requester.route("anyroute").data("rob").retrieveMono(String.class).block();
+				.connectTcp(this.server.address().getHostName(), this.server.address().getPort())
+				.block();
+		String hiRob = this.requester.route("anyroute")
+				.data("rob")
+				.retrieveMono(String.class)
+				.block();
+		// @formatter:on
 		assertThat(hiRob).isEqualTo("Hi rob");
 	}
 
 	@Test
 	public void connectWithAnyAuthority() {
 		UsernamePasswordMetadata credentials = new UsernamePasswordMetadata("admin", "password");
+		// @formatter:off
 		this.requester = requester().setupMetadata(credentials, UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE)
-				.connectTcp(this.server.address().getHostName(), this.server.address().getPort()).block();
-		String hiEbert = this.requester.route("management.users").data("admin").retrieveMono(String.class).block();
+				.connectTcp(this.server.address().getHostName(), this.server.address().getPort())
+				.block();
+		String hiEbert = this.requester.route("management.users")
+				.data("admin")
+				.retrieveMono(String.class)
+				.block();
+		// @formatter:on
 		assertThat(hiEbert).isEqualTo("Hi admin");
 	}
 
@@ -233,10 +292,18 @@ public class RSocketMessageHandlerConnectionITests {
 
 		@Bean
 		PayloadSocketAcceptorInterceptor rsocketInterceptor(RSocketSecurity rsocket) {
-			rsocket.authorizePayload((authorize) -> authorize.setup().hasRole("SETUP").route("secure.admin.*")
-					.hasRole("ADMIN").route("secure.**").hasRole("USER").route("secure.authority.*")
-					.hasAuthority("ROLE_USER").route("management.*").hasAnyAuthority("ROLE_ADMIN").route("prohibit")
-					.denyAll().anyRequest().permitAll()).basicAuthentication(Customizer.withDefaults());
+			// @formatter:off
+			rsocket.authorizePayload((authorize) -> authorize
+					.setup().hasRole("SETUP")
+					.route("secure.admin.*").hasRole("ADMIN")
+					.route("secure.**").hasRole("USER")
+					.route("secure.authority.*").hasAuthority("ROLE_USER")
+					.route("management.*").hasAnyAuthority("ROLE_ADMIN")
+					.route("prohibit").denyAll()
+					.anyRequest().permitAll()
+			)
+			.basicAuthentication(Customizer.withDefaults());
+			// @formatter:on
 			return rsocket.build();
 		}
 
diff --git a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerITests.java b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerITests.java
index ee91c97f30..8a02fd9dd2 100644
--- a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerITests.java
+++ b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerITests.java
@@ -76,14 +76,21 @@ public class RSocketMessageHandlerITests {
 
 	@Before
 	public void setup() {
-		this.server = RSocketFactory.receive().frameDecoder(PayloadDecoder.ZERO_COPY)
-				.addSocketAcceptorPlugin(this.interceptor).acceptor(this.handler.responder())
-				.transport(TcpServerTransport.create("localhost", 0)).start().block();
+		// @formatter:off
+		this.server = RSocketFactory.receive()
+				.frameDecoder(PayloadDecoder.ZERO_COPY)
+				.addSocketAcceptorPlugin(this.interceptor)
+				.acceptor(this.handler.responder())
+				.transport(TcpServerTransport.create("localhost", 0))
+				.start()
+				.block();
 		this.requester = RSocketRequester.builder()
 				// .rsocketFactory((factory) ->
 				// factory.addRequesterPlugin(payloadInterceptor))
 				.rsocketStrategies(this.handler.getRSocketStrategies())
-				.connectTcp("localhost", this.server.address().getPort()).block();
+				.connectTcp("localhost", this.server.address().getPort())
+				.block();
+		// @formatter:on
 	}
 
 	@After
@@ -96,9 +103,15 @@ public class RSocketMessageHandlerITests {
 	@Test
 	public void retrieveMonoWhenSecureThenDenied() throws Exception {
 		String data = "rob";
+		// @formatter:off
 		assertThatExceptionOfType(ApplicationErrorException.class).isThrownBy(
-				() -> this.requester.route("secure.retrieve-mono").data(data).retrieveMono(String.class).block())
-				.withMessageContaining("Access Denied");
+				() -> this.requester.route("secure.retrieve-mono")
+					.data(data)
+					.retrieveMono(String.class)
+					.block()
+			)
+			.withMessageContaining("Access Denied");
+		// @formatter:on
 		assertThat(this.controller.payloads).isEmpty();
 	}
 
@@ -106,11 +119,15 @@ public class RSocketMessageHandlerITests {
 	public void retrieveMonoWhenAuthenticationFailedThenException() throws Exception {
 		String data = "rob";
 		UsernamePasswordMetadata credentials = new UsernamePasswordMetadata("invalid", "password");
+		// @formatter:off
 		assertThatExceptionOfType(ApplicationErrorException.class)
-				.isThrownBy(() -> this.requester.route("secure.retrieve-mono")
-						.metadata(credentials, UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE).data(data)
-						.retrieveMono(String.class).block())
-				.withMessageContaining("Invalid Credentials");
+			.isThrownBy(() -> this.requester.route("secure.retrieve-mono")
+				.metadata(credentials, UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE).data(data)
+				.retrieveMono(String.class)
+				.block()
+			)
+			.withMessageContaining("Invalid Credentials");
+		// @formatter:on
 		assertThat(this.controller.payloads).isEmpty();
 	}
 
@@ -118,9 +135,13 @@ public class RSocketMessageHandlerITests {
 	public void retrieveMonoWhenAuthorizedThenGranted() throws Exception {
 		String data = "rob";
 		UsernamePasswordMetadata credentials = new UsernamePasswordMetadata("rob", "password");
+		// @formatter:off
 		String hiRob = this.requester.route("secure.retrieve-mono")
-				.metadata(credentials, UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE).data(data)
-				.retrieveMono(String.class).block();
+			.metadata(credentials, UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE)
+			.data(data)
+			.retrieveMono(String.class)
+			.block();
+		// @formatter:on
 		assertThat(hiRob).isEqualTo("Hi rob");
 		assertThat(this.controller.payloads).containsOnly(data);
 	}
@@ -128,7 +149,12 @@ public class RSocketMessageHandlerITests {
 	@Test
 	public void retrieveMonoWhenPublicThenGranted() throws Exception {
 		String data = "rob";
-		String hiRob = this.requester.route("retrieve-mono").data(data).retrieveMono(String.class).block();
+		// @formatter:off
+		String hiRob = this.requester.route("retrieve-mono")
+			.data(data)
+			.retrieveMono(String.class)
+			.block();
+		// @formatter:on
 		assertThat(hiRob).isEqualTo("Hi rob");
 		assertThat(this.controller.payloads).containsOnly(data);
 	}
@@ -136,18 +162,29 @@ public class RSocketMessageHandlerITests {
 	@Test
 	public void retrieveFluxWhenDataFluxAndSecureThenDenied() throws Exception {
 		Flux<String> data = Flux.just("a", "b", "c");
+		// @formatter:off
 		assertThatExceptionOfType(ApplicationErrorException.class)
-				.isThrownBy(() -> this.requester.route("secure.retrieve-flux").data(data, String.class)
-						.retrieveFlux(String.class).collectList().block())
-				.withMessageContaining("Access Denied");
+			.isThrownBy(() -> this.requester.route("secure.retrieve-flux")
+				.data(data, String.class)
+				.retrieveFlux(String.class)
+				.collectList()
+				.block()
+			)
+			.withMessageContaining("Access Denied");
+		// @formatter:on
 		assertThat(this.controller.payloads).isEmpty();
 	}
 
 	@Test
 	public void retrieveFluxWhenDataFluxAndPublicThenGranted() throws Exception {
 		Flux<String> data = Flux.just("a", "b", "c");
-		List<String> hi = this.requester.route("retrieve-flux").data(data, String.class).retrieveFlux(String.class)
-				.collectList().block();
+		// @formatter:off
+		List<String> hi = this.requester.route("retrieve-flux")
+			.data(data, String.class)
+			.retrieveFlux(String.class)
+			.collectList()
+			.block();
+		// @formatter:on
 		assertThat(hi).containsOnly("hello a", "hello b", "hello c");
 		assertThat(this.controller.payloads).containsOnlyElementsOf(data.collectList().block());
 	}
@@ -164,14 +201,24 @@ public class RSocketMessageHandlerITests {
 	@Test
 	public void sendWhenSecureThenDenied() throws Exception {
 		String data = "hi";
-		this.requester.route("secure.send").data(data).send().block();
+		// @formatter:off
+		this.requester.route("secure.send")
+			.data(data)
+			.send()
+			.block();
+		// @formatter:on
 		assertThat(this.controller.payloads).isEmpty();
 	}
 
 	@Test
 	public void sendWhenPublicThenGranted() throws Exception {
 		String data = "hi";
-		this.requester.route("send").data(data).send().block();
+		// @formatter:off
+		this.requester.route("send")
+			.data(data)
+			.send()
+			.block();
+		// @formatter:on
 		assertThat(this.controller.awaitPayloads()).containsOnly("hi");
 	}
 
@@ -215,9 +262,14 @@ public class RSocketMessageHandlerITests {
 
 		@Bean
 		PayloadSocketAcceptorInterceptor rsocketInterceptor(RSocketSecurity rsocket) {
+			// @formatter:off
 			rsocket.authorizePayload(
-					(authorize) -> authorize.route("secure.*").authenticated().anyExchange().permitAll())
-					.basicAuthentication(Customizer.withDefaults());
+				(authorize) -> authorize
+					.route("secure.*").authenticated()
+					.anyExchange().permitAll()
+				)
+				.basicAuthentication(Customizer.withDefaults());
+			// @formatter:on
 			return rsocket.build();
 		}
 
diff --git a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/SimpleAuthenticationITests.java b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/SimpleAuthenticationITests.java
index 370e1786ce..72658a5bac 100644
--- a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/SimpleAuthenticationITests.java
+++ b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/SimpleAuthenticationITests.java
@@ -76,9 +76,15 @@ public class SimpleAuthenticationITests {
 
 	@Before
 	public void setup() {
-		this.server = RSocketFactory.receive().frameDecoder(PayloadDecoder.ZERO_COPY)
-				.addSocketAcceptorPlugin(this.interceptor).acceptor(this.handler.responder())
-				.transport(TcpServerTransport.create("localhost", 0)).start().block();
+		// @formatter:off
+		this.server = RSocketFactory.receive()
+			.frameDecoder(PayloadDecoder.ZERO_COPY)
+			.addSocketAcceptorPlugin(this.interceptor)
+			.acceptor(this.handler.responder())
+			.transport(TcpServerTransport.create("localhost", 0))
+			.start()
+			.block();
+		// @formatter:on
 	}
 
 	@After
@@ -90,11 +96,20 @@ public class SimpleAuthenticationITests {
 
 	@Test
 	public void retrieveMonoWhenSecureThenDenied() throws Exception {
-		this.requester = RSocketRequester.builder().rsocketStrategies(this.handler.getRSocketStrategies())
-				.connectTcp("localhost", this.server.address().getPort()).block();
+		// @formatter:off
+		this.requester = RSocketRequester.builder()
+			.rsocketStrategies(this.handler.getRSocketStrategies())
+			.connectTcp("localhost", this.server.address().getPort())
+			.block();
+		// @formatter:on
 		String data = "rob";
-		assertThatExceptionOfType(ApplicationErrorException.class).isThrownBy(
-				() -> this.requester.route("secure.retrieve-mono").data(data).retrieveMono(String.class).block());
+		// @formatter:off
+		assertThatExceptionOfType(ApplicationErrorException.class)
+			.isThrownBy(() -> this.requester.route("secure.retrieve-mono")
+				.data(data).retrieveMono(String.class)
+				.block()
+			);
+		// @formatter:on
 		assertThat(this.controller.payloads).isEmpty();
 	}
 
@@ -103,12 +118,20 @@ public class SimpleAuthenticationITests {
 		MimeType authenticationMimeType = MimeTypeUtils
 				.parseMimeType(WellKnownMimeType.MESSAGE_RSOCKET_AUTHENTICATION.getString());
 		UsernamePasswordMetadata credentials = new UsernamePasswordMetadata("rob", "password");
-		this.requester = RSocketRequester.builder().setupMetadata(credentials, authenticationMimeType)
-				.rsocketStrategies(this.handler.getRSocketStrategies())
-				.connectTcp("localhost", this.server.address().getPort()).block();
+		// @formatter:off
+		this.requester = RSocketRequester.builder()
+			.setupMetadata(credentials, authenticationMimeType)
+			.rsocketStrategies(this.handler.getRSocketStrategies())
+			.connectTcp("localhost", this.server.address().getPort())
+			.block();
+		// @formatter:on
 		String data = "rob";
-		String hiRob = this.requester.route("secure.retrieve-mono").metadata(credentials, authenticationMimeType)
-				.data(data).retrieveMono(String.class).block();
+		// @formatter:off
+		String hiRob = this.requester.route("secure.retrieve-mono")
+			.metadata(credentials, authenticationMimeType)
+			.data(data).retrieveMono(String.class)
+			.block();
+		// @formatter:on
 		assertThat(hiRob).isEqualTo("Hi rob");
 		assertThat(this.controller.payloads).containsOnly(data);
 	}
diff --git a/config/src/main/java/org/springframework/security/config/annotation/rsocket/SecuritySocketAcceptorInterceptorConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/rsocket/SecuritySocketAcceptorInterceptorConfiguration.java
index 7e36fbfcde..00019ba782 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/rsocket/SecuritySocketAcceptorInterceptorConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/rsocket/SecuritySocketAcceptorInterceptorConfiguration.java
@@ -46,9 +46,15 @@ class SecuritySocketAcceptorInterceptorConfiguration {
 		if (rsocket == null) {
 			throw new NoSuchBeanDefinitionException("No RSocketSecurity defined");
 		}
-		rsocket.basicAuthentication(Customizer.withDefaults()).simpleAuthentication(Customizer.withDefaults())
-				.authorizePayload((authz) -> authz.setup().authenticated().anyRequest().authenticated()
-						.matcher((e) -> MatchResult.match()).permitAll());
+		// @formatter:off
+		rsocket.basicAuthentication(Customizer.withDefaults())
+			.simpleAuthentication(Customizer.withDefaults())
+			.authorizePayload((authz) -> authz
+				.setup().authenticated()
+				.anyRequest().authenticated()
+				.matcher((e) -> MatchResult.match()).permitAll()
+			);
+		// @formatter:on
 		return rsocket.build();
 	}
 
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfiguration.java
index c6c45f8472..69acc39631 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfiguration.java
@@ -84,17 +84,20 @@ class HttpSecurityConfiguration {
 				this.objectPostProcessor, passwordEncoder);
 		authenticationBuilder.parentAuthenticationManager(authenticationManager());
 		HttpSecurity http = new HttpSecurity(this.objectPostProcessor, authenticationBuilder, createSharedObjects());
-		http.csrf(withDefaults());
-		http.addFilter(new WebAsyncManagerIntegrationFilter());
-		http.exceptionHandling(withDefaults());
-		http.headers(withDefaults());
-		http.sessionManagement(withDefaults());
-		http.securityContext(withDefaults());
-		http.requestCache(withDefaults());
-		http.anonymous(withDefaults());
-		http.servletApi(withDefaults());
-		http.logout(withDefaults());
-		http.apply(new DefaultLoginPageConfigurer<>());
+		// @formatter:off
+		http
+			.csrf(withDefaults())
+			.addFilter(new WebAsyncManagerIntegrationFilter())
+			.exceptionHandling(withDefaults())
+			.headers(withDefaults())
+			.sessionManagement(withDefaults())
+			.securityContext(withDefaults())
+			.requestCache(withDefaults())
+			.anonymous(withDefaults())
+			.servletApi(withDefaults())
+			.logout(withDefaults())
+			.apply(new DefaultLoginPageConfigurer<>());
+		// @formatter:on
 		return http;
 	}
 
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfiguration.java
index 80f4ffa6b6..b48c565a51 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfiguration.java
@@ -117,10 +117,15 @@ final class OAuth2ClientConfiguration {
 			OAuth2AuthorizedClientManager authorizedClientManager = null;
 			if (this.clientRegistrationRepository != null && this.authorizedClientRepository != null) {
 				if (this.accessTokenResponseClient != null) {
+					// @formatter:off
 					OAuth2AuthorizedClientProvider authorizedClientProvider = OAuth2AuthorizedClientProviderBuilder
-							.builder().authorizationCode().refreshToken().clientCredentials((configurer) -> configurer
-									.accessTokenResponseClient(this.accessTokenResponseClient))
-							.password().build();
+						.builder()
+						.authorizationCode()
+						.refreshToken()
+						.clientCredentials((configurer) -> configurer.accessTokenResponseClient(this.accessTokenResponseClient))
+						.password()
+						.build();
+					// @formatter:on
 					DefaultOAuth2AuthorizedClientManager defaultAuthorizedClientManager = new DefaultOAuth2AuthorizedClientManager(
 							this.clientRegistrationRepository, this.authorizedClientRepository);
 					defaultAuthorizedClientManager.setAuthorizedClientProvider(authorizedClientProvider);
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfiguration.java
index 728b893475..676bfa5161 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfiguration.java
@@ -125,7 +125,11 @@ class ServerHttpSecurityConfiguration {
 	@Scope("prototype")
 	ServerHttpSecurity httpSecurity() {
 		ContextAwareServerHttpSecurity http = new ContextAwareServerHttpSecurity();
-		return http.authenticationManager(authenticationManager()).headers().and().logout().and();
+		// @formatter:off
+		return http.authenticationManager(authenticationManager())
+			.headers().and()
+			.logout().and();
+		// @formatter:on
 	}
 
 	private ReactiveAuthenticationManager authenticationManager() {
diff --git a/config/src/test/java/org/springframework/security/config/ConfigTestUtils.java b/config/src/test/java/org/springframework/security/config/ConfigTestUtils.java
index c27107c156..92075d6649 100644
--- a/config/src/test/java/org/springframework/security/config/ConfigTestUtils.java
+++ b/config/src/test/java/org/springframework/security/config/ConfigTestUtils.java
@@ -18,12 +18,17 @@ package org.springframework.security.config;
 
 public abstract class ConfigTestUtils {
 
+	// @formatter:off
 	public static final String AUTH_PROVIDER_XML = "<authentication-manager alias='authManager'>"
-			+ "    <authentication-provider>" + "        <user-service id='us'>"
+			+ "    <authentication-provider>"
+			+ "        <user-service id='us'>"
 			+ "            <user name='bob' password='{noop}bobspassword' authorities='ROLE_A,ROLE_B' />"
 			+ "            <user name='bill' password='{noop}billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />"
 			+ "            <user name='admin' password='{noop}password' authorities='ROLE_ADMIN,ROLE_USER' />"
 			+ "            <user name='user' password='{noop}password' authorities='ROLE_USER' />"
-			+ "        </user-service>" + "    </authentication-provider>" + "</authentication-manager>";
+			+ "        </user-service>"
+			+ "    </authentication-provider>"
+			+ "</authentication-manager>";
+	// @formatter:on
 
 }
diff --git a/config/src/test/java/org/springframework/security/config/SecurityNamespaceHandlerTests.java b/config/src/test/java/org/springframework/security/config/SecurityNamespaceHandlerTests.java
index 454209e4f0..c80bcc308c 100644
--- a/config/src/test/java/org/springframework/security/config/SecurityNamespaceHandlerTests.java
+++ b/config/src/test/java/org/springframework/security/config/SecurityNamespaceHandlerTests.java
@@ -52,9 +52,15 @@ public class SecurityNamespaceHandlerTests {
 	@Rule
 	public ExpectedException thrown = ExpectedException.none();
 
-	private static final String XML_AUTHENTICATION_MANAGER = "<authentication-manager>" + "  <authentication-provider>"
-			+ "    <user-service id='us'>" + "      <user name='bob' password='bobspassword' authorities='ROLE_A' />"
-			+ "    </user-service>" + "  </authentication-provider>" + "</authentication-manager>";
+	// @formatter:off
+	private static final String XML_AUTHENTICATION_MANAGER = "<authentication-manager>"
+			+ "  <authentication-provider>"
+			+ "    <user-service id='us'>"
+			+ "      <user name='bob' password='bobspassword' authorities='ROLE_A' />"
+			+ "    </user-service>"
+			+ "  </authentication-provider>"
+			+ "</authentication-manager>";
+	// @formatter:on
 
 	private static final String XML_HTTP_BLOCK = "<http auto-config='true'/>";
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/AuthenticationManagerBuilderTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/AuthenticationManagerBuilderTests.java
index 2c3a719c01..2a7b2dea32 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/authentication/AuthenticationManagerBuilderTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/AuthenticationManagerBuilderTests.java
@@ -50,6 +50,7 @@ import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.crypto.password.NoOpPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.provisioning.InMemoryUserDetailsManager;
+import org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers;
 import org.springframework.test.web.servlet.MockMvc;
 
 import static org.assertj.core.api.Assertions.assertThat;
@@ -121,9 +122,10 @@ public class AuthenticationManagerBuilderTests {
 	@Test
 	public void authenticationManagerWhenMultipleProvidersThenWorks() throws Exception {
 		this.spring.register(MultiAuthenticationProvidersConfig.class).autowire();
-		this.mockMvc.perform(formLogin()).andExpect(authenticated().withUsername("user").withRoles("USER"));
-		this.mockMvc.perform(formLogin().user("admin"))
-				.andExpect(authenticated().withUsername("admin").withRoles("USER", "ADMIN"));
+		SecurityMockMvcResultMatchers.AuthenticatedMatcher user = authenticated().withUsername("user").withRoles("USER");
+		this.mockMvc.perform(formLogin()).andExpect(user);
+		SecurityMockMvcResultMatchers.AuthenticatedMatcher admin = authenticated().withUsername("admin").withRoles("USER", "ADMIN");
+		this.mockMvc.perform(formLogin().user("admin")).andExpect(admin);
 	}
 
 	@Test
@@ -165,8 +167,14 @@ public class AuthenticationManagerBuilderTests {
 
 		@Override
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
-			auth.inMemoryAuthentication().withUser(PasswordEncodedUser.user()).and().inMemoryAuthentication()
+			// @formatter:off
+			auth
+				.inMemoryAuthentication()
+					.withUser(PasswordEncodedUser.user())
+					.and()
+				.inMemoryAuthentication()
 					.withUser(PasswordEncodedUser.admin());
+			// @formatter:on
 		}
 
 	}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationManagerTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationManagerTests.java
index d21faea9ea..f68aa5042f 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationManagerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationManagerTests.java
@@ -47,20 +47,18 @@ public class NamespaceAuthenticationManagerTests {
 	@Test
 	public void authenticationMangerWhenDefaultThenEraseCredentialsIsTrue() throws Exception {
 		this.spring.register(EraseCredentialsTrueDefaultConfig.class).autowire();
-		this.mockMvc.perform(formLogin())
-				.andExpect(authenticated().withAuthentication((a) -> assertThat(a.getCredentials()).isNull()));
-		this.mockMvc.perform(formLogin())
-				.andExpect(authenticated().withAuthentication((a) -> assertThat(a.getCredentials()).isNull()));
+		SecurityMockMvcResultMatchers.AuthenticatedMatcher nullCredentials = authenticated().withAuthentication((a) -> assertThat(a.getCredentials()).isNull());
+		this.mockMvc.perform(formLogin()).andExpect(nullCredentials);
+		this.mockMvc.perform(formLogin()).andExpect(nullCredentials);
 		// no exception due to username being cleared out
 	}
 
 	@Test
 	public void authenticationMangerWhenEraseCredentialsIsFalseThenCredentialsNotNull() throws Exception {
 		this.spring.register(EraseCredentialsFalseConfig.class).autowire();
-		this.mockMvc.perform(formLogin())
-				.andExpect(authenticated().withAuthentication((a) -> assertThat(a.getCredentials()).isNotNull()));
-		this.mockMvc.perform(formLogin())
-				.andExpect(authenticated().withAuthentication((a) -> assertThat(a.getCredentials()).isNotNull()));
+		SecurityMockMvcResultMatchers.AuthenticatedMatcher notNullCredentials = authenticated().withAuthentication((a) -> assertThat(a.getCredentials()).isNotNull());
+		this.mockMvc.perform(formLogin()).andExpect(notNullCredentials);
+		this.mockMvc.perform(formLogin()).andExpect(notNullCredentials);
 		// no exception due to username being cleared out
 	}
 
@@ -68,8 +66,8 @@ public class NamespaceAuthenticationManagerTests {
 	// SEC-2533
 	public void authenticationManagerWhenGlobalAndEraseCredentialsIsFalseThenCredentialsNotNull() throws Exception {
 		this.spring.register(GlobalEraseCredentialsFalseConfig.class).autowire();
-		this.mockMvc.perform(SecurityMockMvcRequestBuilders.formLogin()).andExpect(SecurityMockMvcResultMatchers
-				.authenticated().withAuthentication((a) -> assertThat(a.getCredentials()).isNotNull()));
+		SecurityMockMvcResultMatchers.AuthenticatedMatcher notNullCredentials = authenticated().withAuthentication((a) -> assertThat(a.getCredentials()).isNotNull());
+		this.mockMvc.perform(formLogin()).andExpect(notNullCredentials);
 	}
 
 	@EnableWebSecurity
diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceJdbcUserServiceTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceJdbcUserServiceTests.java
index 58556a7463..3709963073 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceJdbcUserServiceTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceJdbcUserServiceTests.java
@@ -34,6 +34,7 @@ import org.springframework.security.core.userdetails.PasswordEncodedUser;
 import org.springframework.security.core.userdetails.UserCache;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl;
+import org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers;
 import org.springframework.test.web.servlet.MockMvc;
 
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.formLogin;
@@ -53,13 +54,15 @@ public class NamespaceJdbcUserServiceTests {
 	@Test
 	public void jdbcUserService() throws Exception {
 		this.spring.register(DataSourceConfig.class, JdbcUserServiceConfig.class).autowire();
-		this.mockMvc.perform(formLogin()).andExpect(authenticated().withUsername("user"));
+		SecurityMockMvcResultMatchers.AuthenticatedMatcher user = authenticated().withUsername("user");
+		this.mockMvc.perform(formLogin()).andExpect(user);
 	}
 
 	@Test
 	public void jdbcUserServiceCustom() throws Exception {
 		this.spring.register(CustomDataSourceConfig.class, CustomJdbcUserServiceSampleConfig.class).autowire();
-		this.mockMvc.perform(formLogin()).andExpect(authenticated().withUsername("user").withRoles("DBA", "USER"));
+		SecurityMockMvcResultMatchers.AuthenticatedMatcher dba = authenticated().withUsername("user").withRoles("DBA", "USER");
+		this.mockMvc.perform(formLogin()).andExpect(dba);
 	}
 
 	@EnableWebSecurity
diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/configurers/provisioning/UserDetailsManagerConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/configurers/provisioning/UserDetailsManagerConfigurerTests.java
index 67a8747c78..b02e4393b1 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/authentication/configurers/provisioning/UserDetailsManagerConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/configurers/provisioning/UserDetailsManagerConfigurerTests.java
@@ -43,9 +43,17 @@ public class UserDetailsManagerConfigurerTests {
 
 	@Test
 	public void allAttributesSupported() {
-		UserDetails userDetails = new UserDetailsManagerConfigurer<AuthenticationManagerBuilder, InMemoryUserDetailsManagerConfigurer<AuthenticationManagerBuilder>>(
-				this.userDetailsManager).withUser("user").password("password").roles("USER").disabled(true)
-						.accountExpired(true).accountLocked(true).credentialsExpired(true).build();
+		// @formatter:off
+		UserDetails userDetails = configurer()
+				.withUser("user")
+				.password("password")
+				.roles("USER")
+				.disabled(true)
+				.accountExpired(true)
+				.accountLocked(true)
+				.credentialsExpired(true)
+				.build();
+		// @formatter:on
 		assertThat(userDetails.getUsername()).isEqualTo("user");
 		assertThat(userDetails.getPassword()).isEqualTo("password");
 		assertThat(userDetails.getAuthorities().stream().findFirst().get().getAuthority()).isEqualTo("ROLE_USER");
@@ -58,26 +66,43 @@ public class UserDetailsManagerConfigurerTests {
 	@Test
 	public void authoritiesWithGrantedAuthorityWorks() {
 		SimpleGrantedAuthority authority = new SimpleGrantedAuthority("ROLE_USER");
-		UserDetails userDetails = new UserDetailsManagerConfigurer<AuthenticationManagerBuilder, InMemoryUserDetailsManagerConfigurer<AuthenticationManagerBuilder>>(
-				this.userDetailsManager).withUser("user").password("password").authorities(authority).build();
+		// @formatter:off
+		UserDetails userDetails = configurer()
+				.withUser("user")
+				.password("password")
+				.authorities(authority)
+				.build();
+		// @formatter:on
 		assertThat(userDetails.getAuthorities().stream().findFirst().get()).isEqualTo(authority);
 	}
 
 	@Test
 	public void authoritiesWithStringAuthorityWorks() {
 		String authority = "ROLE_USER";
-		UserDetails userDetails = new UserDetailsManagerConfigurer<AuthenticationManagerBuilder, InMemoryUserDetailsManagerConfigurer<AuthenticationManagerBuilder>>(
-				this.userDetailsManager).withUser("user").password("password").authorities(authority).build();
+		// @formatter:off
+		UserDetails userDetails = configurer()
+				.withUser("user")
+				.password("password")
+				.authorities(authority)
+				.build();
+		// @formatter:on
 		assertThat(userDetails.getAuthorities().stream().findFirst().get().getAuthority()).isEqualTo(authority);
 	}
 
 	@Test
 	public void authoritiesWithAListOfGrantedAuthorityWorks() {
 		SimpleGrantedAuthority authority = new SimpleGrantedAuthority("ROLE_USER");
-		UserDetails userDetails = new UserDetailsManagerConfigurer<AuthenticationManagerBuilder, InMemoryUserDetailsManagerConfigurer<AuthenticationManagerBuilder>>(
-				this.userDetailsManager).withUser("user").password("password").authorities(Arrays.asList(authority))
-						.build();
+		// @formatter:off
+		UserDetails userDetails = configurer()
+				.withUser("user")
+				.password("password")
+				.authorities(Arrays.asList(authority))
+				.build();
+		// @formatter:on
 		assertThat(userDetails.getAuthorities().stream().findFirst().get()).isEqualTo(authority);
 	}
 
+	private UserDetailsManagerConfigurer<AuthenticationManagerBuilder, InMemoryUserDetailsManagerConfigurer<AuthenticationManagerBuilder>> configurer() {
+		return new UserDetailsManagerConfigurer<AuthenticationManagerBuilder, InMemoryUserDetailsManagerConfigurer<AuthenticationManagerBuilder>>(this.userDetailsManager);
+	}
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/HttpSecurityHeadersTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/HttpSecurityHeadersTests.java
index 60d7e6b866..5cb55181c3 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/HttpSecurityHeadersTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/HttpSecurityHeadersTests.java
@@ -68,18 +68,23 @@ public class HttpSecurityHeadersTests {
 	// gh-3975
 	@Test
 	public void headerWhenSpringMvcResourceThenCacheRelatedHeadersReset() throws Exception {
-		this.mockMvc.perform(get("/resources/file.js")).andExpect(status().isOk())
+		// @formatter:off
+		this.mockMvc.perform(get("/resources/file.js"))
+				.andExpect(status().isOk())
 				.andExpect(header().string(HttpHeaders.CACHE_CONTROL, "max-age=12345"))
 				.andExpect(header().doesNotExist(HttpHeaders.PRAGMA))
 				.andExpect(header().doesNotExist(HttpHeaders.EXPIRES));
+		// @formatter:on
 	}
 
 	@Test
 	public void headerWhenNotSpringResourceThenCacheRelatedHeadersSet() throws Exception {
+		// @formatter:off
 		this.mockMvc.perform(get("/notresource"))
 				.andExpect(header().string(HttpHeaders.CACHE_CONTROL, "no-cache, no-store, max-age=0, must-revalidate"))
 				.andExpect(header().string(HttpHeaders.PRAGMA, "no-cache"))
 				.andExpect(header().string(HttpHeaders.EXPIRES, "0"));
+		// @formatter:on
 	}
 
 	@EnableWebSecurity
@@ -97,8 +102,11 @@ public class HttpSecurityHeadersTests {
 
 		@Override
 		public void addResourceHandlers(ResourceHandlerRegistry registry) {
-			registry.addResourceHandler("/resources/**").addResourceLocations("classpath:/resources/")
+			// @formatter:off
+			registry.addResourceHandler("/resources/**")
+					.addResourceLocations("classpath:/resources/")
 					.setCachePeriod(12345);
+			// @formatter:on
 		}
 
 	}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterTests.java
index 1c2ad19eb2..f23d730292 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterTests.java
@@ -51,6 +51,7 @@ import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.security.provisioning.InMemoryUserDetailsManager;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 import org.springframework.test.web.servlet.MockMvc;
+import org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder;
 import org.springframework.web.accept.ContentNegotiationStrategy;
 import org.springframework.web.accept.HeaderContentNegotiationStrategy;
 import org.springframework.web.filter.OncePerRequestFilter;
@@ -83,12 +84,15 @@ public class WebSecurityConfigurerAdapterTests {
 	@Test
 	public void loadConfigWhenRequestSecureThenDefaultSecurityHeadersReturned() throws Exception {
 		this.spring.register(HeadersArePopulatedByDefaultConfig.class).autowire();
-		this.mockMvc.perform(get("/").secure(true)).andExpect(header().string("X-Content-Type-Options", "nosniff"))
+		// @formatter:off
+		this.mockMvc.perform(get("/").secure(true))
+				.andExpect(header().string("X-Content-Type-Options", "nosniff"))
 				.andExpect(header().string("X-Frame-Options", "DENY"))
 				.andExpect(header().string("Strict-Transport-Security", "max-age=31536000 ; includeSubDomains"))
 				.andExpect(header().string("Cache-Control", "no-cache, no-store, max-age=0, must-revalidate"))
 				.andExpect(header().string("Pragma", "no-cache")).andExpect(header().string("Expires", "0"))
 				.andExpect(header().string("X-XSS-Protection", "1; mode=block"));
+		// @formatter:on
 	}
 
 	@Test
@@ -188,10 +192,9 @@ public class WebSecurityConfigurerAdapterTests {
 	public void performWhenUsingAuthenticationEventPublisherInDslThenUses() throws Exception {
 		this.spring.register(CustomAuthenticationEventPublisherDsl.class).autowire();
 		AuthenticationEventPublisher authenticationEventPublisher = CustomAuthenticationEventPublisherDsl.EVENT_PUBLISHER;
-		this.mockMvc.perform(get("/").with(httpBasic("user", "password"))); // fails since
-																			// no
-																			// providers
-																			// configured
+		MockHttpServletRequestBuilder userRequest = get("/").with(httpBasic("user", "password"));
+		// fails since no providers configured
+		this.mockMvc.perform(userRequest);
 		verify(authenticationEventPublisher).publishAuthenticationFailure(any(AuthenticationException.class),
 				any(Authentication.class));
 	}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/builders/NamespaceHttpTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/builders/NamespaceHttpTests.java
index 4dbdf6dd1b..45478c3a56 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/builders/NamespaceHttpTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/builders/NamespaceHttpTests.java
@@ -155,8 +155,11 @@ public class NamespaceHttpTests {
 	public void configureWhenAuthenticationEntryPointSetAndRequestUnauthorizedThenRedirectedToAuthenticationEntryPoint()
 			throws Exception {
 		this.spring.register(EntryPointRefConfig.class).autowire();
-		this.mockMvc.perform(get("/")).andExpect(status().is3xxRedirection())
+		// @formatter:off
+		this.mockMvc.perform(get("/"))
+				.andExpect(status().is3xxRedirection())
 				.andExpect(redirectedUrlPattern("**/entry-point"));
+		// @formatter:on
 	}
 
 	@Test // http@jaas-api-provision
@@ -174,8 +177,11 @@ public class NamespaceHttpTests {
 	@Test // http@realm
 	public void configureWhenHttpBasicAndRequestUnauthorizedThenReturnWWWAuthenticateWithRealm() throws Exception {
 		this.spring.register(RealmConfig.class).autowire();
-		this.mockMvc.perform(get("/")).andExpect(status().isUnauthorized())
+		// @formatter:off
+		this.mockMvc.perform(get("/"))
+				.andExpect(status().isUnauthorized())
 				.andExpect(header().string("WWW-Authenticate", "Basic realm=\"RealmConfig\""));
+		// @formatter:on
 	}
 
 	@Test // http@request-matcher-ref ant
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/AuthenticationPrincipalArgumentResolverTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/AuthenticationPrincipalArgumentResolverTests.java
index f66ab12ebd..a03eb8650b 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/AuthenticationPrincipalArgumentResolverTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/AuthenticationPrincipalArgumentResolverTests.java
@@ -68,7 +68,11 @@ public class AuthenticationPrincipalArgumentResolverTests {
 				new UsernamePasswordAuthenticationToken(user, user.getPassword(), user.getAuthorities()));
 		SecurityContextHolder.setContext(context);
 		MockMvc mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build();
-		mockMvc.perform(get("/users/self")).andExpect(status().isOk()).andExpect(content().string("extracted-user"));
+		// @formatter:off
+		mockMvc.perform(get("/users/self"))
+				.andExpect(status().isOk())
+				.andExpect(content().string("extracted-user"));
+		// @formatter:on
 	}
 
 	@EnableWebSecurity
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfigurationTests.java
index 12818336b9..56a0909c47 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfigurationTests.java
@@ -41,6 +41,7 @@ import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter;
 import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.test.web.servlet.MvcResult;
+import org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RestController;
 
@@ -81,6 +82,7 @@ public class HttpSecurityConfigurationTests {
 	@Test
 	public void getWhenDefaultFilterChainBeanThenDefaultHeadersInResponse() throws Exception {
 		this.spring.register(DefaultWithFilterChainConfig.class).autowire();
+		// @formatter:off
 		MvcResult mvcResult = this.mockMvc.perform(get("/").secure(true))
 				.andExpect(header().string(HttpHeaders.X_CONTENT_TYPE_OPTIONS, "nosniff"))
 				.andExpect(header().string(HttpHeaders.X_FRAME_OPTIONS,
@@ -90,7 +92,9 @@ public class HttpSecurityConfigurationTests {
 				.andExpect(header().string(HttpHeaders.CACHE_CONTROL, "no-cache, no-store, max-age=0, must-revalidate"))
 				.andExpect(header().string(HttpHeaders.EXPIRES, "0"))
 				.andExpect(header().string(HttpHeaders.PRAGMA, "no-cache"))
-				.andExpect(header().string(HttpHeaders.X_XSS_PROTECTION, "1; mode=block")).andReturn();
+				.andExpect(header().string(HttpHeaders.X_XSS_PROTECTION, "1; mode=block"))
+				.andReturn();
+		// @formatter:on
 		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactlyInAnyOrder(
 				HttpHeaders.X_CONTENT_TYPE_OPTIONS, HttpHeaders.X_FRAME_OPTIONS, HttpHeaders.STRICT_TRANSPORT_SECURITY,
 				HttpHeaders.CACHE_CONTROL, HttpHeaders.EXPIRES, HttpHeaders.PRAGMA, HttpHeaders.X_XSS_PROTECTION);
@@ -99,21 +103,33 @@ public class HttpSecurityConfigurationTests {
 	@Test
 	public void logoutWhenDefaultFilterChainBeanThenCreatesDefaultLogoutEndpoint() throws Exception {
 		this.spring.register(DefaultWithFilterChainConfig.class).autowire();
-		this.mockMvc.perform(post("/logout").with(csrf())).andExpect(redirectedUrl("/login?logout"));
+		// @formatter:off
+		this.mockMvc.perform(post("/logout").with(csrf()))
+				.andExpect(redirectedUrl("/login?logout"));
+		// @formatter:on
 	}
 
 	@Test
 	public void loadConfigWhenDefaultConfigThenWebAsyncManagerIntegrationFilterAdded() throws Exception {
 		this.spring.register(DefaultWithFilterChainConfig.class, NameController.class).autowire();
-		MvcResult mvcResult = this.mockMvc.perform(get("/name").with(user("Bob"))).andExpect(request().asyncStarted())
+		// @formatter:off
+		MockHttpServletRequestBuilder requestWithBob = get("/name").with(user("Bob"));
+		MvcResult mvcResult = this.mockMvc.perform(requestWithBob)
+				.andExpect(request().asyncStarted())
 				.andReturn();
-		this.mockMvc.perform(asyncDispatch(mvcResult)).andExpect(status().isOk()).andExpect(content().string("Bob"));
+		this.mockMvc.perform(asyncDispatch(mvcResult))
+				.andExpect(status().isOk())
+				.andExpect(content().string("Bob"));
+		// @formatter:on
 	}
 
 	@Test
 	public void getWhenDefaultFilterChainBeanThenAnonymousPermitted() throws Exception {
 		this.spring.register(AuthorizeRequestsConfig.class, UserDetailsConfig.class, BaseController.class).autowire();
-		this.mockMvc.perform(get("/")).andExpect(status().isOk());
+		// @formatter:off
+		this.mockMvc.perform(get("/"))
+				.andExpect(status().isOk());
+		// @formatter:on
 	}
 
 	@Test
@@ -121,29 +137,48 @@ public class HttpSecurityConfigurationTests {
 		this.spring.register(SecurityEnabledConfig.class, UserDetailsConfig.class).autowire();
 		MockHttpSession session = new MockHttpSession();
 		String sessionId = session.getId();
-		MvcResult result = this.mockMvc.perform(
-				post("/login").param("username", "user").param("password", "password").session(session).with(csrf()))
-				.andReturn();
+		// @formatter:off
+		MockHttpServletRequestBuilder loginRequest = post("/login")
+				.param("username", "user")
+				.param("password", "password")
+				.session(session)
+				.with(csrf());
+		// @formatter:on
+		MvcResult result = this.mockMvc.perform(loginRequest).andReturn();
 		assertThat(result.getRequest().getSession(false).getId()).isNotEqualTo(sessionId);
 	}
 
 	@Test
 	public void authenticateWhenDefaultFilterChainBeanThenRedirectsToSavedRequest() throws Exception {
 		this.spring.register(SecurityEnabledConfig.class, UserDetailsConfig.class).autowire();
-		MockHttpSession session = (MockHttpSession) this.mockMvc.perform(get("/messages")).andReturn().getRequest()
+		// @formatter:off
+		MockHttpSession session = (MockHttpSession) this.mockMvc.perform(get("/messages"))
+				.andReturn()
+				.getRequest()
 				.getSession();
-		this.mockMvc.perform(
-				post("/login").param("username", "user").param("password", "password").session(session).with(csrf()))
+		// @formatter:on
+		// @formatter:off
+		MockHttpServletRequestBuilder loginRequest = post("/login")
+				.param("username", "user")
+				.param("password", "password")
+				.session(session)
+				.with(csrf());
+		// @formatter:on
+		// @formatter:off
+		this.mockMvc.perform(loginRequest)
 				.andExpect(redirectedUrl("http://localhost/messages"));
+		// @formatter:on
 	}
 
 	@Test
 	public void authenticateWhenDefaultFilterChainBeanThenRolePrefixIsSet() throws Exception {
 		this.spring.register(SecurityEnabledConfig.class, UserDetailsConfig.class, UserController.class).autowire();
+		TestingAuthenticationToken user = new TestingAuthenticationToken("user", "password", "ROLE_USER");
+		// @formatter:off
 		this.mockMvc
-				.perform(get("/user")
-						.with(authentication(new TestingAuthenticationToken("user", "password", "ROLE_USER"))))
+				.perform(get("/user").with(authentication(user)))
 				.andExpect(status().isOk());
+		// @formatter:on
 	}
 
 	@Test
@@ -177,7 +212,13 @@ public class HttpSecurityConfigurationTests {
 
 		@Bean
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
-			return http.authorizeRequests((authorize) -> authorize.anyRequest().permitAll()).build();
+			// @formatter:off
+			return http
+					.authorizeRequests((authorize) -> authorize
+						.anyRequest().permitAll()
+					)
+					.build();
+			// @formatter:on
 		}
 
 	}
@@ -187,8 +228,14 @@ public class HttpSecurityConfigurationTests {
 
 		@Bean
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
-			return http.authorizeRequests((authorize) -> authorize.anyRequest().authenticated())
-					.formLogin(withDefaults()).build();
+			// @formatter:off
+			return http
+					.authorizeRequests((authorize) -> authorize
+						.anyRequest().authenticated()
+					)
+					.formLogin(withDefaults())
+					.build();
+			// @formatter:on
 		}
 
 	}
@@ -198,8 +245,13 @@ public class HttpSecurityConfigurationTests {
 
 		@Bean
 		UserDetailsService userDetailsService() {
-			UserDetails user = User.withDefaultPasswordEncoder().username("user").password("password").roles("USER")
+			// @formatter:off
+			UserDetails user = User.withDefaultPasswordEncoder()
+					.username("user")
+					.password("password")
+					.roles("USER")
 					.build();
+			// @formatter:on
 			return new InMemoryUserDetailsManager(user);
 		}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfigurationTests.java
index a8fca5db6d..efdfdfef28 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfigurationTests.java
@@ -43,6 +43,7 @@ import org.springframework.security.oauth2.core.TestOAuth2AccessTokens;
 import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
 import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors;
 import org.springframework.test.web.servlet.MockMvc;
+import org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RestController;
 import org.springframework.web.servlet.config.annotation.EnableWebMvc;
@@ -56,6 +57,7 @@ import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.verifyNoInteractions;
 import static org.mockito.Mockito.verifyZeroInteractions;
+import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.authentication;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
@@ -97,7 +99,7 @@ public class OAuth2ClientConfigurationTests {
 		this.spring.register(OAuth2AuthorizedClientArgumentResolverConfig.class).autowire();
 		this.mockMvc
 				.perform(get("/authorized-client")
-						.with(SecurityMockMvcRequestPostProcessors.authentication(authentication)))
+						.with(authentication(authentication)))
 				.andExpect(status().isOk()).andExpect(content().string("resolved"));
 		verifyZeroInteractions(accessTokenResponseClient);
 	}
@@ -114,18 +116,26 @@ public class OAuth2ClientConfigurationTests {
 		ClientRegistration clientRegistration = TestClientRegistrations.clientCredentials()
 				.registrationId(clientRegistrationId).build();
 		given(clientRegistrationRepository.findByRegistrationId(clientRegistrationId)).willReturn(clientRegistration);
-		OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("access-token-1234")
-				.tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(300).build();
+		// @formatter:off
+		OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse
+				.withToken("access-token-1234")
+				.tokenType(OAuth2AccessToken.TokenType.BEARER)
+				.expiresIn(300)
+				.build();
+		// @formatter:on
 		given(accessTokenResponseClient.getTokenResponse(any(OAuth2ClientCredentialsGrantRequest.class)))
 				.willReturn(accessTokenResponse);
 		OAuth2AuthorizedClientArgumentResolverConfig.CLIENT_REGISTRATION_REPOSITORY = clientRegistrationRepository;
 		OAuth2AuthorizedClientArgumentResolverConfig.AUTHORIZED_CLIENT_REPOSITORY = authorizedClientRepository;
 		OAuth2AuthorizedClientArgumentResolverConfig.ACCESS_TOKEN_RESPONSE_CLIENT = accessTokenResponseClient;
 		this.spring.register(OAuth2AuthorizedClientArgumentResolverConfig.class).autowire();
-		this.mockMvc
-				.perform(get("/authorized-client")
-						.with(SecurityMockMvcRequestPostProcessors.authentication(authentication)))
-				.andExpect(status().isOk()).andExpect(content().string("resolved"));
+		MockHttpServletRequestBuilder authenticatedRequest = get("/authorized-client")
+				.with(authentication(authentication));
+		// @formatter:off
+		this.mockMvc.perform(authenticatedRequest)
+				.andExpect(status().isOk())
+				.andExpect(content().string("resolved"));
+		// @formatter:on
 		verify(accessTokenResponseClient, times(1)).getTokenResponse(any(OAuth2ClientCredentialsGrantRequest.class));
 	}
 
@@ -150,20 +160,25 @@ public class OAuth2ClientConfigurationTests {
 
 	@Test
 	public void loadContextWhenClientRegistrationRepositoryRegisteredTwiceThenThrowNoUniqueBeanDefinitionException() {
+		// @formatter:off
 		assertThatExceptionOfType(Exception.class)
 				.isThrownBy(
 						() -> this.spring.register(ClientRegistrationRepositoryRegisteredTwiceConfig.class).autowire())
 				.withMessageContaining(
 						"expected single matching bean but found 2: clientRegistrationRepository1,clientRegistrationRepository2")
 				.withRootCauseInstanceOf(NoUniqueBeanDefinitionException.class);
+		// @formatter:on
 	}
 
 	@Test
 	public void loadContextWhenAccessTokenResponseClientRegisteredTwiceThenThrowNoUniqueBeanDefinitionException() {
+		// @formatter:off
 		assertThatExceptionOfType(Exception.class)
 				.isThrownBy(() -> this.spring.register(AccessTokenResponseClientRegisteredTwiceConfig.class).autowire())
-				.withRootCauseInstanceOf(NoUniqueBeanDefinitionException.class).withMessageContaining(
+				.withRootCauseInstanceOf(NoUniqueBeanDefinitionException.class)
+				.withMessageContaining(
 						"expected single matching bean but found 2: accessTokenResponseClient1,accessTokenResponseClient2");
+		// @formatter:on
 	}
 
 	// gh-8700
@@ -184,10 +199,14 @@ public class OAuth2ClientConfigurationTests {
 		OAuth2AuthorizedClientManagerRegisteredConfig.AUTHORIZED_CLIENT_REPOSITORY = authorizedClientRepository;
 		OAuth2AuthorizedClientManagerRegisteredConfig.AUTHORIZED_CLIENT_MANAGER = authorizedClientManager;
 		this.spring.register(OAuth2AuthorizedClientManagerRegisteredConfig.class).autowire();
+		MockHttpServletRequestBuilder authenticatedRequest = get("/authorized-client")
+				.with(authentication(authentication));
+		// @formatter:off
 		this.mockMvc
-				.perform(get("/authorized-client")
-						.with(SecurityMockMvcRequestPostProcessors.authentication(authentication)))
-				.andExpect(status().isOk()).andExpect(content().string("resolved"));
+				.perform(authenticatedRequest)
+				.andExpect(status().isOk())
+				.andExpect(content().string("resolved"));
+		// @formatter:on
 		verify(authorizedClientManager).authorize(any());
 		verifyNoInteractions(clientRegistrationRepository);
 		verifyNoInteractions(authorizedClientRepository);
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfigurationResourceServerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfigurationResourceServerTests.java
index 9f63464d12..2c69e21e96 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfigurationResourceServerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfigurationResourceServerTests.java
@@ -36,10 +36,12 @@ import org.springframework.security.oauth2.server.resource.authentication.TestBe
 import org.springframework.security.oauth2.server.resource.web.reactive.function.client.ServletBearerExchangeFilterFunction;
 import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors;
 import org.springframework.test.web.servlet.MockMvc;
+import org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RestController;
 import org.springframework.web.reactive.function.client.WebClient;
 
+import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.authentication;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
@@ -63,8 +65,12 @@ public class SecurityReactorContextConfigurationResourceServerTests {
 	public void requestWhenUsingFilterThenBearerTokenPropagated() throws Exception {
 		BearerTokenAuthentication authentication = TestBearerTokenAuthentications.bearer();
 		this.spring.register(BearerFilterConfig.class, WebServerConfig.class, Controller.class).autowire();
-		this.mockMvc.perform(get("/token").with(SecurityMockMvcRequestPostProcessors.authentication(authentication)))
-				.andExpect(status().isOk()).andExpect(content().string("Bearer token"));
+		MockHttpServletRequestBuilder authenticatedRequest = get("/token").with(authentication(authentication));
+		// @formatter:off
+		this.mockMvc.perform(authenticatedRequest)
+				.andExpect(status().isOk())
+				.andExpect(content().string("Bearer token"));
+		// @formatter:on
 	}
 
 	// gh-7418
@@ -72,8 +78,12 @@ public class SecurityReactorContextConfigurationResourceServerTests {
 	public void requestWhenNotUsingFilterThenBearerTokenNotPropagated() throws Exception {
 		BearerTokenAuthentication authentication = TestBearerTokenAuthentications.bearer();
 		this.spring.register(BearerFilterlessConfig.class, WebServerConfig.class, Controller.class).autowire();
-		this.mockMvc.perform(get("/token").with(SecurityMockMvcRequestPostProcessors.authentication(authentication)))
-				.andExpect(status().isOk()).andExpect(content().string(""));
+		MockHttpServletRequestBuilder authenticatedRequest = get("/token").with(authentication(authentication));
+		// @formatter:off
+		this.mockMvc.perform(authenticatedRequest)
+				.andExpect(status().isOk())
+				.andExpect(content().string(""));
+		// @formatter:on
 	}
 
 	@EnableWebSecurity
@@ -120,8 +130,18 @@ public class SecurityReactorContextConfigurationResourceServerTests {
 
 		@GetMapping("/token")
 		String token() {
-			return this.rest.get().uri(this.uri).retrieve().bodyToMono(String.class)
-					.flatMap((result) -> this.rest.get().uri(this.uri).retrieve().bodyToMono(String.class)).block();
+			// @formatter:off
+			return this.rest.get()
+					.uri(this.uri)
+					.retrieve()
+					.bodyToMono(String.class)
+					.flatMap((result) -> this.rest.get()
+							.uri(this.uri)
+							.retrieve()
+							.bodyToMono(String.class)
+					)
+					.block();
+			// @formatter:on
 		}
 
 	}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfigurationTests.java
index 60e719b57a..f7cfa89a12 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfigurationTests.java
@@ -198,9 +198,11 @@ public class SecurityReactorContextConfigurationTests {
 				.setRequestAttributes(new ServletRequestAttributes(this.servletRequest, this.servletResponse));
 		SecurityContextHolder.getContext().setAuthentication(this.authentication);
 		ClientResponse clientResponseOk = ClientResponse.create(HttpStatus.OK).build();
+		// @formatter:off
 		ExchangeFilterFunction filter = (req, next) -> Mono.subscriberContext()
 				.filter((ctx) -> ctx.hasKey(SecurityReactorContextSubscriber.SECURITY_CONTEXT_ATTRIBUTES))
-				.map((ctx) -> ctx.get(SecurityReactorContextSubscriber.SECURITY_CONTEXT_ATTRIBUTES)).cast(Map.class)
+				.map((ctx) -> ctx.get(SecurityReactorContextSubscriber.SECURITY_CONTEXT_ATTRIBUTES))
+				.cast(Map.class)
 				.map((attributes) -> {
 					if (attributes.containsKey(HttpServletRequest.class)
 							&& attributes.containsKey(HttpServletResponse.class)
@@ -211,6 +213,7 @@ public class SecurityReactorContextConfigurationTests {
 						return ClientResponse.create(HttpStatus.NOT_FOUND).build();
 					}
 				});
+		// @formatter:on
 		ClientRequest clientRequest = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")).build();
 		MockExchangeFunction exchange = new MockExchangeFunction();
 		Map<Object, Object> expectedContextAttributes = new HashMap<>();
@@ -219,9 +222,14 @@ public class SecurityReactorContextConfigurationTests {
 		expectedContextAttributes.put(Authentication.class, this.authentication);
 		Mono<ClientResponse> clientResponseMono = filter.filter(clientRequest, exchange)
 				.flatMap((response) -> filter.filter(clientRequest, exchange));
-		StepVerifier.create(clientResponseMono).expectAccessibleContext()
+		// @formatter:off
+		StepVerifier.create(clientResponseMono)
+				.expectAccessibleContext()
 				.contains(SecurityReactorContextSubscriber.SECURITY_CONTEXT_ATTRIBUTES, expectedContextAttributes)
-				.then().expectNext(clientResponseOk).verifyComplete();
+				.then()
+				.expectNext(clientResponseOk)
+				.verifyComplete();
+		// @formatter:on
 	}
 
 	@EnableWebSecurity
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurationTests.java
index ad3bcb3408..9f8527e3a4 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurationTests.java
@@ -336,27 +336,51 @@ public class WebSecurityConfigurationTests {
 		@Order(1)
 		@Bean
 		SecurityFilterChain filterChain1(HttpSecurity http) throws Exception {
-			return http.antMatcher("/role1/**").authorizeRequests((authorize) -> authorize.anyRequest().hasRole("1"))
+			// @formatter:off
+			return http
+					.antMatcher("/role1/**")
+					.authorizeRequests((authorize) -> authorize
+							.anyRequest().hasRole("1")
+					)
 					.build();
+			// @formatter:on
 		}
 
 		@Order(2)
 		@Bean
 		SecurityFilterChain filterChain2(HttpSecurity http) throws Exception {
-			return http.antMatcher("/role2/**").authorizeRequests((authorize) -> authorize.anyRequest().hasRole("2"))
+			// @formatter:off
+			return http
+					.antMatcher("/role2/**")
+					.authorizeRequests((authorize) -> authorize
+							.anyRequest().hasRole("2")
+					)
 					.build();
+			// @formatter:on
 		}
 
 		@Order(3)
 		@Bean
 		SecurityFilterChain filterChain3(HttpSecurity http) throws Exception {
-			return http.antMatcher("/role3/**").authorizeRequests((authorize) -> authorize.anyRequest().hasRole("3"))
+			// @formatter:off
+			return http
+					.antMatcher("/role3/**")
+					.authorizeRequests((authorize) -> authorize
+							.anyRequest().hasRole("3")
+					)
 					.build();
+			// @formatter:on
 		}
 
 		@Bean
 		SecurityFilterChain filterChain4(HttpSecurity http) throws Exception {
-			return http.authorizeRequests((authorize) -> authorize.anyRequest().hasRole("4")).build();
+			// @formatter:off
+			return http
+					.authorizeRequests((authorize) -> authorize
+						.anyRequest().hasRole("4")
+					)
+					.build();
+			// @formatter:on
 		}
 
 	}
@@ -509,7 +533,13 @@ public class WebSecurityConfigurationTests {
 
 		@Bean
 		public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
-			return http.authorizeRequests((authorize) -> authorize.anyRequest().authenticated()).build();
+			// @formatter:off
+			return http
+					.authorizeRequests((authorize) -> authorize
+						.anyRequest().authenticated()
+					)
+					.build();
+			// @formatter:on
 		}
 
 	}
@@ -623,8 +653,14 @@ public class WebSecurityConfigurationTests {
 		@Order(2)
 		@Bean
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
-			return http.antMatcher("/filter/**")
-					.authorizeRequests((authorize) -> authorize.anyRequest().authenticated()).build();
+			// @formatter:off
+			return http
+					.antMatcher("/filter/**")
+					.authorizeRequests((authorize) -> authorize
+							.anyRequest().authenticated()
+					)
+					.build();
+			// @formatter:on
 		}
 
 		@Order(1)
@@ -633,7 +669,13 @@ public class WebSecurityConfigurationTests {
 
 			@Override
 			protected void configure(HttpSecurity http) throws Exception {
-				http.antMatcher("/config/**").authorizeRequests((authorize) -> authorize.anyRequest().permitAll());
+				// @formatter:off
+				http
+					.antMatcher("/config/**")
+					.authorizeRequests((authorize) -> authorize
+							.anyRequest().permitAll()
+					);
+				// @formatter:on
 			}
 
 		}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerTests.java
index a3629ab9bd..a533dd62d8 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerTests.java
@@ -46,6 +46,7 @@ import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 import org.springframework.security.web.util.matcher.RequestMatcher;
 import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.test.web.servlet.MvcResult;
+import org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RestController;
@@ -288,8 +289,13 @@ public class CsrfConfigurerTests {
 		given(CsrfTokenRepositoryConfig.REPO.loadToken(any())).willReturn(csrfToken);
 		given(CsrfTokenRepositoryConfig.REPO.generateToken(any())).willReturn(csrfToken);
 		this.spring.register(CsrfTokenRepositoryConfig.class, BasicController.class).autowire();
-		this.mvc.perform(post("/login").with(csrf()).param("username", "user").param("password", "password"))
-				.andExpect(redirectedUrl("/"));
+		// @formatter:off
+		MockHttpServletRequestBuilder loginRequest = post("/login")
+				.with(csrf())
+				.param("username", "user")
+				.param("password", "password");
+		// @formatter:on
+		this.mvc.perform(loginRequest).andExpect(redirectedUrl("/"));
 		verify(CsrfTokenRepositoryConfig.REPO).saveToken(isNull(), any(HttpServletRequest.class),
 				any(HttpServletResponse.class));
 	}
@@ -316,28 +322,40 @@ public class CsrfConfigurerTests {
 	@Test
 	public void loginWhenNoCsrfTokenThenRespondsWithForbidden() throws Exception {
 		this.spring.register(FormLoginConfig.class).autowire();
-		this.mvc.perform(post("/login").param("username", "user").param("password", "password"))
-				.andExpect(status().isForbidden()).andExpect(unauthenticated());
+		// @formatter:off
+		MockHttpServletRequestBuilder loginRequest = post("/login")
+				.param("username", "user")
+				.param("password", "password");
+		this.mvc.perform(loginRequest)
+				.andExpect(status().isForbidden())
+				.andExpect(unauthenticated());
+		// @formatter:on
 	}
 
 	@Test
 	public void logoutWhenNoCsrfTokenThenRespondsWithForbidden() throws Exception {
 		this.spring.register(FormLoginConfig.class).autowire();
-		this.mvc.perform(post("/logout").with(user("username"))).andExpect(status().isForbidden())
+		MockHttpServletRequestBuilder logoutRequest = post("/logout").with(user("username"));
+		// @formatter:off
+		this.mvc.perform(logoutRequest)
+				.andExpect(status().isForbidden())
 				.andExpect(authenticated());
+		// @formatter:on
 	}
 
 	// SEC-2543
 	@Test
 	public void logoutWhenCsrfEnabledAndGetRequestThenDoesNotLogout() throws Exception {
 		this.spring.register(FormLoginConfig.class).autowire();
-		this.mvc.perform(get("/logout").with(user("username"))).andExpect(authenticated());
+		MockHttpServletRequestBuilder logoutRequest = get("/logout").with(user("username"));
+		this.mvc.perform(logoutRequest).andExpect(authenticated());
 	}
 
 	@Test
 	public void logoutWhenGetRequestAndGetEnabledForLogoutThenLogsOut() throws Exception {
 		this.spring.register(LogoutAllowsGetConfig.class).autowire();
-		this.mvc.perform(get("/logout").with(user("username"))).andExpect(unauthenticated());
+		MockHttpServletRequestBuilder logoutRequest = get("/logout").with(user("username"));
+		this.mvc.perform(logoutRequest).andExpect(unauthenticated());
 	}
 
 	// SEC-2749
@@ -366,8 +384,13 @@ public class CsrfConfigurerTests {
 	public void csrfAuthenticationStrategyConfiguredThenStrategyUsed() throws Exception {
 		CsrfAuthenticationStrategyConfig.STRATEGY = mock(SessionAuthenticationStrategy.class);
 		this.spring.register(CsrfAuthenticationStrategyConfig.class).autowire();
-		this.mvc.perform(post("/login").with(csrf()).param("username", "user").param("password", "password"))
-				.andExpect(redirectedUrl("/"));
+		// @formatter:off
+		MockHttpServletRequestBuilder loginRequest = post("/login")
+				.with(csrf())
+				.param("username", "user")
+				.param("password", "password");
+		// @formatter:on
+		this.mvc.perform(loginRequest).andExpect(redirectedUrl("/"));
 		verify(CsrfAuthenticationStrategyConfig.STRATEGY, atLeastOnce()).onAuthentication(any(Authentication.class),
 				any(HttpServletRequest.class), any(HttpServletResponse.class));
 	}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/DefaultLoginPageConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/DefaultLoginPageConfigurerTests.java
index 3b7ff75b02..e971abeb57 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/DefaultLoginPageConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/DefaultLoginPageConfigurerTests.java
@@ -40,6 +40,7 @@ import org.springframework.security.web.csrf.DefaultCsrfToken;
 import org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository;
 import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.test.web.servlet.MvcResult;
+import org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
@@ -76,26 +77,37 @@ public class DefaultLoginPageConfigurerTests {
 		this.spring.register(DefaultLoginPageConfig.class).autowire();
 		CsrfToken csrfToken = new DefaultCsrfToken("X-CSRF-TOKEN", "_csrf", "BaseSpringSpec_CSRFTOKEN");
 		String csrfAttributeName = HttpSessionCsrfTokenRepository.class.getName().concat(".CSRF_TOKEN");
+		// @formatter:off
 		this.mvc.perform(get("/login").sessionAttr(csrfAttributeName, csrfToken))
-				.andExpect(content().string("<!DOCTYPE html>\n" + "<html lang=\"en\">\n" + "  <head>\n"
+				.andExpect(content().string("<!DOCTYPE html>\n"
+						+ "<html lang=\"en\">\n"
+						+ "  <head>\n"
 						+ "    <meta charset=\"utf-8\">\n"
 						+ "    <meta name=\"viewport\" content=\"width=device-width, initial-scale=1, shrink-to-fit=no\">\n"
-						+ "    <meta name=\"description\" content=\"\">\n" + "    <meta name=\"author\" content=\"\">\n"
+						+ "    <meta name=\"description\" content=\"\">\n"
+						+ "    <meta name=\"author\" content=\"\">\n"
 						+ "    <title>Please sign in</title>\n"
 						+ "    <link href=\"https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-/Y6pD6FV/Vv2HJnA6t+vslU6fwYXjCFtcEpHbNJ0lyAFsXTsjBbfaDjzALeQsN6M\" crossorigin=\"anonymous\">\n"
 						+ "    <link href=\"https://getbootstrap.com/docs/4.0/examples/signin/signin.css\" rel=\"stylesheet\" crossorigin=\"anonymous\"/>\n"
-						+ "  </head>\n" + "  <body>\n" + "     <div class=\"container\">\n"
+						+ "  </head>\n"
+						+ "  <body>\n"
+						+ "     <div class=\"container\">\n"
 						+ "      <form class=\"form-signin\" method=\"post\" action=\"/login\">\n"
-						+ "        <h2 class=\"form-signin-heading\">Please sign in</h2>\n" + "        <p>\n"
+						+ "        <h2 class=\"form-signin-heading\">Please sign in</h2>\n"
+						+ "        <p>\n"
 						+ "          <label for=\"username\" class=\"sr-only\">Username</label>\n"
 						+ "          <input type=\"text\" id=\"username\" name=\"username\" class=\"form-control\" placeholder=\"Username\" required autofocus>\n"
-						+ "        </p>\n" + "        <p>\n"
+						+ "        </p>\n"
+						+ "        <p>\n"
 						+ "          <label for=\"password\" class=\"sr-only\">Password</label>\n"
 						+ "          <input type=\"password\" id=\"password\" name=\"password\" class=\"form-control\" placeholder=\"Password\" required>\n"
-						+ "        </p>\n" + "<input name=\"" + csrfToken.getParameterName()
-						+ "\" type=\"hidden\" value=\"" + csrfToken.getToken() + "\" />\n"
+						+ "        </p>\n"
+						+ "<input name=\""+ csrfToken.getParameterName() + "\" type=\"hidden\" value=\"" + csrfToken.getToken() + "\" />\n"
 						+ "        <button class=\"btn btn-lg btn-primary btn-block\" type=\"submit\">Sign in</button>\n"
-						+ "      </form>\n" + "</div>\n" + "</body></html>"));
+						+ "      </form>\n"
+						+ "</div>\n"
+						+ "</body></html>"));
+		// @formatter:on
 	}
 
 	@Test
@@ -110,16 +122,22 @@ public class DefaultLoginPageConfigurerTests {
 		CsrfToken csrfToken = new DefaultCsrfToken("X-CSRF-TOKEN", "_csrf", "BaseSpringSpec_CSRFTOKEN");
 		String csrfAttributeName = HttpSessionCsrfTokenRepository.class.getName().concat(".CSRF_TOKEN");
 		MvcResult mvcResult = this.mvc.perform(post("/login").with(csrf())).andReturn();
+		// @formatter:off
 		this.mvc.perform(get("/login?error").session((MockHttpSession) mvcResult.getRequest().getSession())
 				.sessionAttr(csrfAttributeName, csrfToken))
-				.andExpect(content().string("<!DOCTYPE html>\n" + "<html lang=\"en\">\n" + "  <head>\n"
+				.andExpect(content().string("<!DOCTYPE html>\n"
+						+ "<html lang=\"en\">\n"
+						+ "  <head>\n"
 						+ "    <meta charset=\"utf-8\">\n"
 						+ "    <meta name=\"viewport\" content=\"width=device-width, initial-scale=1, shrink-to-fit=no\">\n"
-						+ "    <meta name=\"description\" content=\"\">\n" + "    <meta name=\"author\" content=\"\">\n"
+						+ "    <meta name=\"description\" content=\"\">\n"
+						+ "    <meta name=\"author\" content=\"\">\n"
 						+ "    <title>Please sign in</title>\n"
 						+ "    <link href=\"https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-/Y6pD6FV/Vv2HJnA6t+vslU6fwYXjCFtcEpHbNJ0lyAFsXTsjBbfaDjzALeQsN6M\" crossorigin=\"anonymous\">\n"
 						+ "    <link href=\"https://getbootstrap.com/docs/4.0/examples/signin/signin.css\" rel=\"stylesheet\" crossorigin=\"anonymous\"/>\n"
-						+ "  </head>\n" + "  <body>\n" + "     <div class=\"container\">\n"
+						+ "  </head>\n"
+						+ "  <body>\n"
+						+ "     <div class=\"container\">\n"
 						+ "      <form class=\"form-signin\" method=\"post\" action=\"/login\">\n"
 						+ "        <h2 class=\"form-signin-heading\">Please sign in</h2>\n"
 						+ "<div class=\"alert alert-danger\" role=\"alert\">Bad credentials</div>        <p>\n"
@@ -128,17 +146,25 @@ public class DefaultLoginPageConfigurerTests {
 						+ "        </p>\n" + "        <p>\n"
 						+ "          <label for=\"password\" class=\"sr-only\">Password</label>\n"
 						+ "          <input type=\"password\" id=\"password\" name=\"password\" class=\"form-control\" placeholder=\"Password\" required>\n"
-						+ "        </p>\n" + "<input name=\"" + csrfToken.getParameterName()
-						+ "\" type=\"hidden\" value=\"" + csrfToken.getToken() + "\" />\n"
+						+ "        </p>\n"
+						+ "<input name=\"" + csrfToken.getParameterName() + "\" type=\"hidden\" value=\"" + csrfToken.getToken() + "\" />\n"
 						+ "        <button class=\"btn btn-lg btn-primary btn-block\" type=\"submit\">Sign in</button>\n"
-						+ "      </form>\n" + "</div>\n" + "</body></html>"));
+						+ "      </form>\n"
+						+ "</div>\n"
+						+ "</body></html>"));
+		// @formatter:on
 	}
 
 	@Test
 	public void loginWhenValidCredentialsThenRedirectsToDefaultSuccessPage() throws Exception {
 		this.spring.register(DefaultLoginPageConfig.class).autowire();
-		this.mvc.perform(post("/login").with(csrf()).param("username", "user").param("password", "password"))
-				.andExpect(redirectedUrl("/"));
+		// @formatter:off
+		MockHttpServletRequestBuilder loginRequest = post("/login")
+				.with(csrf())
+				.param("username", "user")
+				.param("password", "password");
+		// @formatter:on
+		this.mvc.perform(loginRequest).andExpect(redirectedUrl("/"));
 	}
 
 	@Test
@@ -146,27 +172,37 @@ public class DefaultLoginPageConfigurerTests {
 		this.spring.register(DefaultLoginPageConfig.class).autowire();
 		CsrfToken csrfToken = new DefaultCsrfToken("X-CSRF-TOKEN", "_csrf", "BaseSpringSpec_CSRFTOKEN");
 		String csrfAttributeName = HttpSessionCsrfTokenRepository.class.getName().concat(".CSRF_TOKEN");
+		// @formatter:off
 		this.mvc.perform(get("/login?logout").sessionAttr(csrfAttributeName, csrfToken))
-				.andExpect(content().string("<!DOCTYPE html>\n" + "<html lang=\"en\">\n" + "  <head>\n"
+				.andExpect(content().string("<!DOCTYPE html>\n"
+						+ "<html lang=\"en\">\n"
+						+ "  <head>\n"
 						+ "    <meta charset=\"utf-8\">\n"
 						+ "    <meta name=\"viewport\" content=\"width=device-width, initial-scale=1, shrink-to-fit=no\">\n"
-						+ "    <meta name=\"description\" content=\"\">\n" + "    <meta name=\"author\" content=\"\">\n"
+						+ "    <meta name=\"description\" content=\"\">\n"
+						+ "    <meta name=\"author\" content=\"\">\n"
 						+ "    <title>Please sign in</title>\n"
 						+ "    <link href=\"https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-/Y6pD6FV/Vv2HJnA6t+vslU6fwYXjCFtcEpHbNJ0lyAFsXTsjBbfaDjzALeQsN6M\" crossorigin=\"anonymous\">\n"
 						+ "    <link href=\"https://getbootstrap.com/docs/4.0/examples/signin/signin.css\" rel=\"stylesheet\" crossorigin=\"anonymous\"/>\n"
-						+ "  </head>\n" + "  <body>\n" + "     <div class=\"container\">\n"
+						+ "  </head>\n"
+						+ "  <body>\n"
+						+ "     <div class=\"container\">\n"
 						+ "      <form class=\"form-signin\" method=\"post\" action=\"/login\">\n"
 						+ "        <h2 class=\"form-signin-heading\">Please sign in</h2>\n"
 						+ "<div class=\"alert alert-success\" role=\"alert\">You have been signed out</div>        <p>\n"
 						+ "          <label for=\"username\" class=\"sr-only\">Username</label>\n"
 						+ "          <input type=\"text\" id=\"username\" name=\"username\" class=\"form-control\" placeholder=\"Username\" required autofocus>\n"
-						+ "        </p>\n" + "        <p>\n"
+						+ "        </p>\n"
+						+ "        <p>\n"
 						+ "          <label for=\"password\" class=\"sr-only\">Password</label>\n"
 						+ "          <input type=\"password\" id=\"password\" name=\"password\" class=\"form-control\" placeholder=\"Password\" required>\n"
-						+ "        </p>\n" + "<input name=\"" + csrfToken.getParameterName()
-						+ "\" type=\"hidden\" value=\"" + csrfToken.getToken() + "\" />\n"
+						+ "        </p>\n"
+						+ "<input name=\"" + csrfToken.getParameterName() + "\" type=\"hidden\" value=\"" + csrfToken.getToken() + "\" />\n"
 						+ "        <button class=\"btn btn-lg btn-primary btn-block\" type=\"submit\">Sign in</button>\n"
-						+ "      </form>\n" + "</div>\n" + "</body></html>"));
+						+ "      </form>\n"
+						+ "</div>\n"
+						+ "</body></html>"));
+		// @formatter:on
 	}
 
 	@Test
@@ -186,28 +222,38 @@ public class DefaultLoginPageConfigurerTests {
 		this.spring.register(DefaultLoginPageWithRememberMeConfig.class).autowire();
 		CsrfToken csrfToken = new DefaultCsrfToken("X-CSRF-TOKEN", "_csrf", "BaseSpringSpec_CSRFTOKEN");
 		String csrfAttributeName = HttpSessionCsrfTokenRepository.class.getName().concat(".CSRF_TOKEN");
+		// @formatter:off
 		this.mvc.perform(get("/login").sessionAttr(csrfAttributeName, csrfToken))
-				.andExpect(content().string("<!DOCTYPE html>\n" + "<html lang=\"en\">\n" + "  <head>\n"
+				.andExpect(content().string("<!DOCTYPE html>\n"
+						+ "<html lang=\"en\">\n"
+						+ "  <head>\n"
 						+ "    <meta charset=\"utf-8\">\n"
 						+ "    <meta name=\"viewport\" content=\"width=device-width, initial-scale=1, shrink-to-fit=no\">\n"
-						+ "    <meta name=\"description\" content=\"\">\n" + "    <meta name=\"author\" content=\"\">\n"
+						+ "    <meta name=\"description\" content=\"\">\n"
+						+ "    <meta name=\"author\" content=\"\">\n"
 						+ "    <title>Please sign in</title>\n"
 						+ "    <link href=\"https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-/Y6pD6FV/Vv2HJnA6t+vslU6fwYXjCFtcEpHbNJ0lyAFsXTsjBbfaDjzALeQsN6M\" crossorigin=\"anonymous\">\n"
 						+ "    <link href=\"https://getbootstrap.com/docs/4.0/examples/signin/signin.css\" rel=\"stylesheet\" crossorigin=\"anonymous\"/>\n"
-						+ "  </head>\n" + "  <body>\n" + "     <div class=\"container\">\n"
+						+ "  </head>\n"
+						+ "  <body>\n"
+						+ "     <div class=\"container\">\n"
 						+ "      <form class=\"form-signin\" method=\"post\" action=\"/login\">\n"
-						+ "        <h2 class=\"form-signin-heading\">Please sign in</h2>\n" + "        <p>\n"
+						+ "        <h2 class=\"form-signin-heading\">Please sign in</h2>\n"
+						+ "        <p>\n"
 						+ "          <label for=\"username\" class=\"sr-only\">Username</label>\n"
 						+ "          <input type=\"text\" id=\"username\" name=\"username\" class=\"form-control\" placeholder=\"Username\" required autofocus>\n"
-						+ "        </p>\n" + "        <p>\n"
+						+ "        </p>\n"
+						+ "        <p>\n"
 						+ "          <label for=\"password\" class=\"sr-only\">Password</label>\n"
 						+ "          <input type=\"password\" id=\"password\" name=\"password\" class=\"form-control\" placeholder=\"Password\" required>\n"
 						+ "        </p>\n"
 						+ "<p><input type='checkbox' name='remember-me'/> Remember me on this computer.</p>\n"
-						+ "<input name=\"" + csrfToken.getParameterName() + "\" type=\"hidden\" value=\""
-						+ csrfToken.getToken() + "\" />\n"
+						+ "<input name=\"" + csrfToken.getParameterName() + "\" type=\"hidden\" value=\"" + csrfToken.getToken() + "\" />\n"
 						+ "        <button class=\"btn btn-lg btn-primary btn-block\" type=\"submit\">Sign in</button>\n"
-						+ "      </form>\n" + "</div>\n" + "</body></html>"));
+						+ "      </form>\n"
+						+ "</div>\n"
+						+ "</body></html>"));
+		// @formatter:on
 	}
 
 	@Test
@@ -215,23 +261,33 @@ public class DefaultLoginPageConfigurerTests {
 		this.spring.register(DefaultLoginPageWithOpenIDConfig.class).autowire();
 		CsrfToken csrfToken = new DefaultCsrfToken("X-CSRF-TOKEN", "_csrf", "BaseSpringSpec_CSRFTOKEN");
 		String csrfAttributeName = HttpSessionCsrfTokenRepository.class.getName().concat(".CSRF_TOKEN");
+		// @formatter:off
 		this.mvc.perform(get("/login").sessionAttr(csrfAttributeName, csrfToken))
-				.andExpect(content().string("<!DOCTYPE html>\n" + "<html lang=\"en\">\n" + "  <head>\n"
+				.andExpect(content().string("<!DOCTYPE html>\n"
+						+ "<html lang=\"en\">\n"
+						+ "  <head>\n"
 						+ "    <meta charset=\"utf-8\">\n"
 						+ "    <meta name=\"viewport\" content=\"width=device-width, initial-scale=1, shrink-to-fit=no\">\n"
-						+ "    <meta name=\"description\" content=\"\">\n" + "    <meta name=\"author\" content=\"\">\n"
+						+ "    <meta name=\"description\" content=\"\">\n"
+						+ "    <meta name=\"author\" content=\"\">\n"
 						+ "    <title>Please sign in</title>\n"
 						+ "    <link href=\"https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-/Y6pD6FV/Vv2HJnA6t+vslU6fwYXjCFtcEpHbNJ0lyAFsXTsjBbfaDjzALeQsN6M\" crossorigin=\"anonymous\">\n"
 						+ "    <link href=\"https://getbootstrap.com/docs/4.0/examples/signin/signin.css\" rel=\"stylesheet\" crossorigin=\"anonymous\"/>\n"
-						+ "  </head>\n" + "  <body>\n" + "     <div class=\"container\">\n"
+						+ "  </head>\n"
+						+ "  <body>\n"
+						+ "     <div class=\"container\">\n"
 						+ "      <form name=\"oidf\" class=\"form-signin\" method=\"post\" action=\"/login/openid\">\n"
 						+ "        <h2 class=\"form-signin-heading\">Login with OpenID Identity</h2>\n"
-						+ "        <p>\n" + "          <label for=\"username\" class=\"sr-only\">Identity</label>\n"
+						+ "        <p>\n"
+						+ "          <label for=\"username\" class=\"sr-only\">Identity</label>\n"
 						+ "          <input type=\"text\" id=\"username\" name=\"openid_identifier\" class=\"form-control\" placeholder=\"Username\" required autofocus>\n"
-						+ "        </p>\n" + "<input name=\"" + csrfToken.getParameterName()
-						+ "\" type=\"hidden\" value=\"" + csrfToken.getToken() + "\" />\n"
+						+ "        </p>\n"
+						+ "<input name=\"" + csrfToken.getParameterName() + "\" type=\"hidden\" value=\"" + csrfToken.getToken() + "\" />\n"
 						+ "        <button class=\"btn btn-lg btn-primary btn-block\" type=\"submit\">Sign in</button>\n"
-						+ "      </form>\n" + "</div>\n" + "</body></html>"));
+						+ "      </form>\n"
+						+ "</div>\n"
+						+ "</body></html>"));
+		// @formatter:on
 	}
 
 	@Test
@@ -240,37 +296,45 @@ public class DefaultLoginPageConfigurerTests {
 		CsrfToken csrfToken = new DefaultCsrfToken("X-CSRF-TOKEN", "_csrf", "BaseSpringSpec_CSRFTOKEN");
 		String csrfAttributeName = HttpSessionCsrfTokenRepository.class.getName().concat(".CSRF_TOKEN");
 		this.mvc.perform(get("/login").sessionAttr(csrfAttributeName, csrfToken))
-				.andExpect(content().string("<!DOCTYPE html>\n" + "<html lang=\"en\">\n" + "  <head>\n"
+				.andExpect(content().string("<!DOCTYPE html>\n"
+						+ "<html lang=\"en\">\n"
+						+ "  <head>\n"
 						+ "    <meta charset=\"utf-8\">\n"
 						+ "    <meta name=\"viewport\" content=\"width=device-width, initial-scale=1, shrink-to-fit=no\">\n"
-						+ "    <meta name=\"description\" content=\"\">\n" + "    <meta name=\"author\" content=\"\">\n"
+						+ "    <meta name=\"description\" content=\"\">\n"
+						+ "    <meta name=\"author\" content=\"\">\n"
 						+ "    <title>Please sign in</title>\n"
 						+ "    <link href=\"https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-/Y6pD6FV/Vv2HJnA6t+vslU6fwYXjCFtcEpHbNJ0lyAFsXTsjBbfaDjzALeQsN6M\" crossorigin=\"anonymous\">\n"
 						+ "    <link href=\"https://getbootstrap.com/docs/4.0/examples/signin/signin.css\" rel=\"stylesheet\" crossorigin=\"anonymous\"/>\n"
-						+ "  </head>\n" + "  <body>\n" + "     <div class=\"container\">\n"
+						+ "  </head>\n"
+						+ "  <body>\n"
+						+ "     <div class=\"container\">\n"
 						+ "      <form class=\"form-signin\" method=\"post\" action=\"/login\">\n"
-						+ "        <h2 class=\"form-signin-heading\">Please sign in</h2>\n" + "        <p>\n"
+						+ "        <h2 class=\"form-signin-heading\">Please sign in</h2>\n"
+						+ "        <p>\n"
 						+ "          <label for=\"username\" class=\"sr-only\">Username</label>\n"
 						+ "          <input type=\"text\" id=\"username\" name=\"username\" class=\"form-control\" placeholder=\"Username\" required autofocus>\n"
-						+ "        </p>\n" + "        <p>\n"
+						+ "        </p>\n"
+						+ "        <p>\n"
 						+ "          <label for=\"password\" class=\"sr-only\">Password</label>\n"
 						+ "          <input type=\"password\" id=\"password\" name=\"password\" class=\"form-control\" placeholder=\"Password\" required>\n"
 						+ "        </p>\n"
 						+ "<p><input type='checkbox' name='remember-me'/> Remember me on this computer.</p>\n"
-						+ "<input name=\"" + csrfToken.getParameterName() + "\" type=\"hidden\" value=\""
-						+ csrfToken.getToken() + "\" />\n"
+						+ "<input name=\"" + csrfToken.getParameterName() + "\" type=\"hidden\" value=\"" + csrfToken.getToken() + "\" />\n"
 						+ "        <button class=\"btn btn-lg btn-primary btn-block\" type=\"submit\">Sign in</button>\n"
 						+ "      </form>\n"
 						+ "      <form name=\"oidf\" class=\"form-signin\" method=\"post\" action=\"/login/openid\">\n"
 						+ "        <h2 class=\"form-signin-heading\">Login with OpenID Identity</h2>\n"
-						+ "        <p>\n" + "          <label for=\"username\" class=\"sr-only\">Identity</label>\n"
+						+ "        <p>\n"
+						+ "          <label for=\"username\" class=\"sr-only\">Identity</label>\n"
 						+ "          <input type=\"text\" id=\"username\" name=\"openid_identifier\" class=\"form-control\" placeholder=\"Username\" required autofocus>\n"
 						+ "        </p>\n"
 						+ "<p><input type='checkbox' name='remember-me'/> Remember me on this computer.</p>\n"
-						+ "<input name=\"" + csrfToken.getParameterName() + "\" type=\"hidden\" value=\""
-						+ csrfToken.getToken() + "\" />\n"
+						+ "<input name=\"" + csrfToken.getParameterName() + "\" type=\"hidden\" value=\"" + csrfToken.getToken() + "\" />\n"
 						+ "        <button class=\"btn btn-lg btn-primary btn-block\" type=\"submit\">Sign in</button>\n"
-						+ "      </form>\n" + "</div>\n" + "</body></html>"));
+						+ "      </form>\n"
+						+ "</div>\n"
+						+ "</body></html>"));
 	}
 
 	@Test
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurerTests.java
index 594083644f..cff6633e1c 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurerTests.java
@@ -322,8 +322,14 @@ public class ExceptionHandlingConfigurerTests {
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:on
-			http.authorizeRequests().anyRequest().authenticated().and().exceptionHandling()
-					.authenticationEntryPoint(AEP).and().exceptionHandling();
+			http
+				.authorizeRequests()
+					.anyRequest().authenticated()
+					.and()
+				.exceptionHandling()
+					.authenticationEntryPoint(AEP)
+					.and()
+				.exceptionHandling();
 			// @formatter:off
 		}
 	}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurerTests.java
index 95097349e9..31402bbbf6 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurerTests.java
@@ -51,6 +51,7 @@ import org.springframework.security.web.access.expression.WebExpressionVoter;
 import org.springframework.security.web.access.expression.WebSecurityExpressionRoot;
 import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
 import org.springframework.test.web.servlet.MockMvc;
+import org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PostMapping;
@@ -113,16 +114,24 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 	@Test
 	public void getWhenHasAnyAuthorityRoleUserConfiguredAndAuthorityIsRoleUserThenRespondsWithOk() throws Exception {
 		this.spring.register(RoleUserAnyAuthorityConfig.class, BasicController.class).autowire();
-		this.mvc.perform(get("/").with(user("user").authorities(new SimpleGrantedAuthority("ROLE_USER"))))
-				.andExpect(status().isOk());
+		// @formatter:off
+		MockHttpServletRequestBuilder requestWithUser = get("/")
+				.with(user("user")
+				.authorities(new SimpleGrantedAuthority("ROLE_USER")));
+		// @formatter:on
+		this.mvc.perform(requestWithUser).andExpect(status().isOk());
 	}
 
 	@Test
 	public void getWhenHasAnyAuthorityRoleUserConfiguredAndAuthorityIsRoleAdminThenRespondsWithForbidden()
 			throws Exception {
 		this.spring.register(RoleUserAnyAuthorityConfig.class, BasicController.class).autowire();
-		this.mvc.perform(get("/").with(user("user").authorities(new SimpleGrantedAuthority("ROLE_ADMIN"))))
-				.andExpect(status().isForbidden());
+		// @formatter:off
+		MockHttpServletRequestBuilder requestWithAdmin = get("/")
+				.with(user("user")
+				.authorities(new SimpleGrantedAuthority("ROLE_ADMIN")));
+		// @formatter:on
+		this.mvc.perform(requestWithAdmin).andExpect(status().isForbidden());
 	}
 
 	@Test
@@ -134,16 +143,24 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 	@Test
 	public void getWhenHasAuthorityRoleUserConfiguredAndAuthorityIsRoleUserThenRespondsWithOk() throws Exception {
 		this.spring.register(RoleUserAuthorityConfig.class, BasicController.class).autowire();
-		this.mvc.perform(get("/").with(user("user").authorities(new SimpleGrantedAuthority("ROLE_USER"))))
-				.andExpect(status().isOk());
+		// @formatter:off
+		MockHttpServletRequestBuilder requestWithUser = get("/")
+				.with(user("user")
+				.authorities(new SimpleGrantedAuthority("ROLE_USER")));
+		// @formatter:on
+		this.mvc.perform(requestWithUser).andExpect(status().isOk());
 	}
 
 	@Test
 	public void getWhenHasAuthorityRoleUserConfiguredAndAuthorityIsRoleAdminThenRespondsWithForbidden()
 			throws Exception {
 		this.spring.register(RoleUserAuthorityConfig.class, BasicController.class).autowire();
-		this.mvc.perform(get("/").with(user("user").authorities(new SimpleGrantedAuthority("ROLE_ADMIN"))))
-				.andExpect(status().isForbidden());
+		// @formatter:off
+		MockHttpServletRequestBuilder requestWithAdmin = get("/")
+				.with(user("user")
+				.authorities(new SimpleGrantedAuthority("ROLE_ADMIN")));
+		// @formatter:on
+		this.mvc.perform(requestWithAdmin).andExpect(status().isForbidden());
 	}
 
 	@Test
@@ -155,22 +172,35 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 	@Test
 	public void getWhenAuthorityRoleUserOrAdminRequiredAndAuthorityIsRoleUserThenRespondsWithOk() throws Exception {
 		this.spring.register(RoleUserOrRoleAdminAuthorityConfig.class, BasicController.class).autowire();
-		this.mvc.perform(get("/").with(user("user").authorities(new SimpleGrantedAuthority("ROLE_USER"))))
-				.andExpect(status().isOk());
+		// @formatter:off
+		MockHttpServletRequestBuilder requestWithUser = get("/")
+				.with(user("user")
+				.authorities(new SimpleGrantedAuthority("ROLE_USER")));
+		// @formatter:on
+		this.mvc.perform(requestWithUser).andExpect(status().isOk());
 	}
 
 	@Test
 	public void getWhenAuthorityRoleUserOrAdminRequiredAndAuthorityIsRoleAdminThenRespondsWithOk() throws Exception {
 		this.spring.register(RoleUserOrRoleAdminAuthorityConfig.class, BasicController.class).autowire();
-		this.mvc.perform(get("/").with(user("user").authorities(new SimpleGrantedAuthority("ROLE_ADMIN"))))
-				.andExpect(status().isOk());
+		// @formatter:off
+		MockHttpServletRequestBuilder requestWithUser = get("/")
+				.with(user("user")
+				.authorities(new SimpleGrantedAuthority("ROLE_ADMIN")));
+		// @formatter:on
+		this.mvc.perform(requestWithUser).andExpect(status().isOk());
 	}
 
 	@Test
 	public void getWhenAuthorityRoleUserOrAdminRequiredAndAuthorityIsRoleOtherThenRespondsWithForbidden()
 			throws Exception {
 		this.spring.register(RoleUserOrRoleAdminAuthorityConfig.class, BasicController.class).autowire();
-		this.mvc.perform(get("/").with(user("user").authorities(new SimpleGrantedAuthority("ROLE_OTHER"))))
+		// @formatter:off
+		MockHttpServletRequestBuilder requestWithUser = get("/")
+				.with(user("user")
+				.authorities(new SimpleGrantedAuthority("ROLE_OTHER")));
+		// @formatter:on
+		this.mvc.perform(requestWithUser)
 				.andExpect(status().isForbidden());
 	}
 
@@ -183,31 +213,56 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 	@Test
 	public void getWhenHasAnyRoleUserConfiguredAndRoleIsUserThenRespondsWithOk() throws Exception {
 		this.spring.register(RoleUserConfig.class, BasicController.class).autowire();
-		this.mvc.perform(get("/").with(user("user").roles("USER"))).andExpect(status().isOk());
+		// @formatter:off
+		MockHttpServletRequestBuilder requestWithUser = get("/")
+				.with(user("user")
+				.roles("USER"));
+		// @formatter:on
+		this.mvc.perform(requestWithUser).andExpect(status().isOk());
 	}
 
 	@Test
 	public void getWhenHasAnyRoleUserConfiguredAndRoleIsAdminThenRespondsWithForbidden() throws Exception {
 		this.spring.register(RoleUserConfig.class, BasicController.class).autowire();
-		this.mvc.perform(get("/").with(user("user").roles("ADMIN"))).andExpect(status().isForbidden());
+		// @formatter:off
+		MockHttpServletRequestBuilder requestWithAdmin = get("/")
+				.with(user("user")
+				.roles("ADMIN"));
+		// @formatter:on
+		this.mvc.perform(requestWithAdmin).andExpect(status().isForbidden());
 	}
 
 	@Test
 	public void getWhenRoleUserOrAdminConfiguredAndRoleIsUserThenRespondsWithOk() throws Exception {
 		this.spring.register(RoleUserOrAdminConfig.class, BasicController.class).autowire();
-		this.mvc.perform(get("/").with(user("user").roles("USER"))).andExpect(status().isOk());
+		// @formatter:off
+		MockHttpServletRequestBuilder requestWithUser = get("/")
+			.with(user("user")
+			.roles("USER"));
+		// @formatter:on
+		this.mvc.perform(requestWithUser).andExpect(status().isOk());
 	}
 
 	@Test
 	public void getWhenRoleUserOrAdminConfiguredAndRoleIsAdminThenRespondsWithOk() throws Exception {
 		this.spring.register(RoleUserOrAdminConfig.class, BasicController.class).autowire();
-		this.mvc.perform(get("/").with(user("user").roles("ADMIN"))).andExpect(status().isOk());
+		// @formatter:off
+		MockHttpServletRequestBuilder requestWithAdmin = get("/")
+			.with(user("user")
+			.roles("ADMIN"));
+		// @formatter:on
+		this.mvc.perform(requestWithAdmin).andExpect(status().isOk());
 	}
 
 	@Test
 	public void getWhenRoleUserOrAdminConfiguredAndRoleIsOtherThenRespondsWithForbidden() throws Exception {
 		this.spring.register(RoleUserOrAdminConfig.class, BasicController.class).autowire();
-		this.mvc.perform(get("/").with(user("user").roles("OTHER"))).andExpect(status().isForbidden());
+		//<editor-fold desc="Description">
+		MockHttpServletRequestBuilder requestWithRoleOther = get("/")
+			.with(user("user")
+			.roles("OTHER"));
+		//</editor-fold>
+		this.mvc.perform(requestWithRoleOther).andExpect(status().isForbidden());
 	}
 
 	@Test
@@ -237,7 +292,8 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 	@Test
 	public void getWhenAnonymousConfiguredAndLoggedInUserThenRespondsWithForbidden() throws Exception {
 		this.spring.register(AnonymousConfig.class, BasicController.class).autowire();
-		this.mvc.perform(get("/").with(user("user"))).andExpect(status().isForbidden());
+		MockHttpServletRequestBuilder requestWithUser = get("/").with(user("user"));
+		this.mvc.perform(requestWithUser).andExpect(status().isForbidden());
 	}
 
 	@Test
@@ -249,9 +305,9 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 	@Test
 	public void getWhenRememberMeConfiguredAndRememberMeTokenThenRespondsWithOk() throws Exception {
 		this.spring.register(RememberMeConfig.class, BasicController.class).autowire();
-		this.mvc.perform(get("/").with(authentication(
-				new RememberMeAuthenticationToken("key", "user", AuthorityUtils.createAuthorityList("ROLE_USER")))))
-				.andExpect(status().isOk());
+		RememberMeAuthenticationToken rememberme = new RememberMeAuthenticationToken("key", "user", AuthorityUtils.createAuthorityList("ROLE_USER"));
+		MockHttpServletRequestBuilder requestWithRememberme = get("/").with(authentication(rememberme));
+		this.mvc.perform(requestWithRememberme).andExpect(status().isOk());
 	}
 
 	@Test
@@ -263,7 +319,8 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 	@Test
 	public void getWheDenyAllConfiguredAndUserLoggedInThenRespondsWithForbidden() throws Exception {
 		this.spring.register(DenyAllConfig.class, BasicController.class).autowire();
-		this.mvc.perform(get("/").with(user("user").roles("USER"))).andExpect(status().isForbidden());
+		MockHttpServletRequestBuilder requestWithUser = get("/").with(user("user").roles("USER"));
+		this.mvc.perform(requestWithUser).andExpect(status().isForbidden());
 	}
 
 	@Test
@@ -275,23 +332,24 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 	@Test
 	public void getWhenNotDenyAllConfiguredAndRememberMeTokenThenRespondsWithOk() throws Exception {
 		this.spring.register(NotDenyAllConfig.class, BasicController.class).autowire();
-		this.mvc.perform(get("/").with(authentication(
-				new RememberMeAuthenticationToken("key", "user", AuthorityUtils.createAuthorityList("ROLE_USER")))))
-				.andExpect(status().isOk());
+		RememberMeAuthenticationToken rememberme = new RememberMeAuthenticationToken("key", "user", AuthorityUtils.createAuthorityList("ROLE_USER"));
+		MockHttpServletRequestBuilder requestWithRememberme = get("/").with(authentication(rememberme));
+		this.mvc.perform(requestWithRememberme).andExpect(status().isOk());
 	}
 
 	@Test
 	public void getWhenFullyAuthenticatedConfiguredAndRememberMeTokenThenRespondsWithUnauthorized() throws Exception {
 		this.spring.register(FullyAuthenticatedConfig.class, BasicController.class).autowire();
-		this.mvc.perform(get("/").with(authentication(
-				new RememberMeAuthenticationToken("key", "user", AuthorityUtils.createAuthorityList("ROLE_USER")))))
-				.andExpect(status().isUnauthorized());
+		RememberMeAuthenticationToken rememberme = new RememberMeAuthenticationToken("key", "user", AuthorityUtils.createAuthorityList("ROLE_USER"));
+		MockHttpServletRequestBuilder requestWithRememberme = get("/").with(authentication(rememberme));
+		this.mvc.perform(requestWithRememberme).andExpect(status().isUnauthorized());
 	}
 
 	@Test
 	public void getWhenFullyAuthenticatedConfiguredAndUserThenRespondsWithOk() throws Exception {
 		this.spring.register(FullyAuthenticatedConfig.class, BasicController.class).autowire();
-		this.mvc.perform(get("/").with(user("user").roles("USER"))).andExpect(status().isOk());
+		MockHttpServletRequestBuilder requestWithUser = get("/").with(user("user").roles("USER"));
+		this.mvc.perform(requestWithUser).andExpect(status().isOk());
 	}
 
 	@Test
@@ -303,19 +361,26 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 	@Test
 	public void postWhenAccessRoleUserOrGetRequestConfiguredAndRoleUserThenRespondsWithOk() throws Exception {
 		this.spring.register(AccessConfig.class, BasicController.class).autowire();
-		this.mvc.perform(post("/").with(csrf()).with(user("user").roles("USER"))).andExpect(status().isOk());
+		// @formatter:off
+		MockHttpServletRequestBuilder requestWithUser = post("/")
+				.with(csrf())
+				.with(user("user").roles("USER"));
+		// @formatter:on
+		this.mvc.perform(requestWithUser).andExpect(status().isOk());
 	}
 
 	@Test
 	public void postWhenAccessRoleUserOrGetRequestConfiguredThenRespondsWithUnauthorized() throws Exception {
 		this.spring.register(AccessConfig.class, BasicController.class).autowire();
-		this.mvc.perform(post("/").with(csrf())).andExpect(status().isUnauthorized());
+		MockHttpServletRequestBuilder requestWithCsrf = post("/").with(csrf());
+		this.mvc.perform(requestWithCsrf).andExpect(status().isUnauthorized());
 	}
 
 	@Test
 	public void authorizeRequestsWhenInvokedTwiceThenUsesOriginalConfiguration() throws Exception {
 		this.spring.register(InvokeTwiceDoesNotResetConfig.class, BasicController.class).autowire();
-		this.mvc.perform(post("/").with(csrf())).andExpect(status().isUnauthorized());
+		MockHttpServletRequestBuilder requestWithCsrf = post("/").with(csrf());
+		this.mvc.perform(requestWithCsrf).andExpect(status().isUnauthorized());
 	}
 
 	@Test
@@ -334,50 +399,58 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 	@Test
 	public void getWhenPermissionCheckAndRoleDoesNotMatchThenRespondsWithForbidden() throws Exception {
 		this.spring.register(UseBeansInExpressions.class, WildcardController.class).autowire();
-		this.mvc.perform(get("/admin").with(user("user").roles("USER"))).andExpect(status().isForbidden());
+		MockHttpServletRequestBuilder requestWithUser = get("/admin").with(user("user").roles("USER"));
+		this.mvc.perform(requestWithUser).andExpect(status().isForbidden());
 	}
 
 	@Test
 	public void getWhenPermissionCheckAndRoleMatchesThenRespondsWithOk() throws Exception {
 		this.spring.register(UseBeansInExpressions.class, WildcardController.class).autowire();
-		this.mvc.perform(get("/user").with(user("user").roles("USER"))).andExpect(status().isOk());
+		MockHttpServletRequestBuilder requestWithUser = get("/user").with(user("user").roles("USER"));
+		this.mvc.perform(requestWithUser).andExpect(status().isOk());
 	}
 
 	@Test
 	public void getWhenPermissionCheckAndAuthenticationNameMatchesThenRespondsWithOk() throws Exception {
 		this.spring.register(UseBeansInExpressions.class, WildcardController.class).autowire();
-		this.mvc.perform(get("/allow").with(user("user").roles("USER"))).andExpect(status().isOk());
+		MockHttpServletRequestBuilder requestWithUser = get("/allow").with(user("user").roles("USER"));
+		this.mvc.perform(requestWithUser).andExpect(status().isOk());
 	}
 
 	@Test
 	public void getWhenPermissionCheckAndAuthenticationNameDoesNotMatchThenRespondsWithForbidden() throws Exception {
 		this.spring.register(UseBeansInExpressions.class, WildcardController.class).autowire();
-		this.mvc.perform(get("/deny").with(user("user").roles("USER"))).andExpect(status().isForbidden());
+		MockHttpServletRequestBuilder requestWithUser = get("/deny").with(user("user").roles("USER"));
+		this.mvc.perform(requestWithUser).andExpect(status().isForbidden());
 	}
 
 	@Test
 	public void getWhenCustomExpressionHandlerAndRoleDoesNotMatchThenRespondsWithForbidden() throws Exception {
 		this.spring.register(CustomExpressionRootConfig.class, WildcardController.class).autowire();
-		this.mvc.perform(get("/admin").with(user("user").roles("USER"))).andExpect(status().isForbidden());
+		MockHttpServletRequestBuilder requestWithUser = get("/admin").with(user("user").roles("USER"));
+		this.mvc.perform(requestWithUser).andExpect(status().isForbidden());
 	}
 
 	@Test
 	public void getWhenCustomExpressionHandlerAndRoleMatchesThenRespondsWithOk() throws Exception {
 		this.spring.register(CustomExpressionRootConfig.class, WildcardController.class).autowire();
-		this.mvc.perform(get("/user").with(user("user").roles("USER"))).andExpect(status().isOk());
+		MockHttpServletRequestBuilder requestWithUser = get("/user").with(user("user").roles("USER"));
+		this.mvc.perform(requestWithUser).andExpect(status().isOk());
 	}
 
 	@Test
 	public void getWhenCustomExpressionHandlerAndAuthenticationNameMatchesThenRespondsWithOk() throws Exception {
 		this.spring.register(CustomExpressionRootConfig.class, WildcardController.class).autowire();
-		this.mvc.perform(get("/allow").with(user("user").roles("USER"))).andExpect(status().isOk());
+		MockHttpServletRequestBuilder requestWithUser = get("/allow").with(user("user").roles("USER"));
+		this.mvc.perform(requestWithUser).andExpect(status().isOk());
 	}
 
 	@Test
 	public void getWhenCustomExpressionHandlerAndAuthenticationNameDoesNotMatchThenRespondsWithForbidden()
 			throws Exception {
 		this.spring.register(CustomExpressionRootConfig.class, WildcardController.class).autowire();
-		this.mvc.perform(get("/deny").with(user("user").roles("USER"))).andExpect(status().isForbidden());
+		MockHttpServletRequestBuilder requestWithUser = get("/deny").with(user("user").roles("USER"));
+		this.mvc.perform(requestWithUser).andExpect(status().isForbidden());
 	}
 
 	// SEC-3011
@@ -418,13 +491,15 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 	@Test
 	public void getWhenRegisteringRoleHierarchyAndRelatedRoleAllowedThenRespondsWithOk() throws Exception {
 		this.spring.register(RoleHierarchyConfig.class, WildcardController.class).autowire();
-		this.mvc.perform(get("/allow").with(user("user").roles("USER"))).andExpect(status().isOk());
+		MockHttpServletRequestBuilder requestWithUser = get("/allow").with(user("user").roles("USER"));
+		this.mvc.perform(requestWithUser).andExpect(status().isOk());
 	}
 
 	@Test
 	public void getWhenRegisteringRoleHierarchyAndNoRelatedRolesAllowedThenRespondsWithForbidden() throws Exception {
 		this.spring.register(RoleHierarchyConfig.class, WildcardController.class).autowire();
-		this.mvc.perform(get("/deny").with(user("user").roles("USER"))).andExpect(status().isForbidden());
+		MockHttpServletRequestBuilder requestWithUser = get("/deny").with(user("user").roles("USER"));
+		this.mvc.perform(requestWithUser).andExpect(status().isForbidden());
 	}
 
 	@EnableWebSecurity
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/FormLoginConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/FormLoginConfigurerTests.java
index af6618b1fa..aebf6187b9 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/FormLoginConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/FormLoginConfigurerTests.java
@@ -30,6 +30,7 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
 import org.springframework.security.config.test.SpringTestRule;
 import org.springframework.security.config.users.AuthenticationTestConfiguration;
 import org.springframework.security.core.userdetails.PasswordEncodedUser;
+import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders;
 import org.springframework.security.web.PortMapper;
 import org.springframework.security.web.access.ExceptionTranslationFilter;
 import org.springframework.security.web.authentication.AuthenticationFailureHandler;
@@ -85,21 +86,34 @@ public class FormLoginConfigurerTests {
 	@Test
 	public void loginWhenFormLoginConfiguredThenHasDefaultUsernameAndPasswordParameterNames() throws Exception {
 		this.spring.register(FormLoginConfig.class).autowire();
-		this.mockMvc.perform(formLogin().user("username", "user").password("password", "password"))
-				.andExpect(status().isFound()).andExpect(redirectedUrl("/"));
+		// @formatter:off
+		SecurityMockMvcRequestBuilders.FormLoginRequestBuilder loginRequest = formLogin()
+				.user("username", "user")
+				.password("password", "password");
+		this.mockMvc.perform(loginRequest)
+				.andExpect(status().isFound())
+				.andExpect(redirectedUrl("/"));
+		// @formatter:on
 	}
 
 	@Test
 	public void loginWhenFormLoginConfiguredThenHasDefaultFailureUrl() throws Exception {
 		this.spring.register(FormLoginConfig.class).autowire();
-		this.mockMvc.perform(formLogin().user("invalid")).andExpect(status().isFound())
+		// @formatter:off
+		this.mockMvc.perform(formLogin().user("invalid"))
+				.andExpect(status().isFound())
 				.andExpect(redirectedUrl("/login?error"));
+		// @formatter:on
 	}
 
 	@Test
 	public void loginWhenFormLoginConfiguredThenHasDefaultSuccessUrl() throws Exception {
 		this.spring.register(FormLoginConfig.class).autowire();
-		this.mockMvc.perform(formLogin()).andExpect(status().isFound()).andExpect(redirectedUrl("/"));
+		// @formatter:off
+		this.mockMvc.perform(formLogin())
+				.andExpect(status().isFound())
+				.andExpect(redirectedUrl("/"));
+		// @formatter:on
 	}
 
 	@Test
@@ -117,28 +131,44 @@ public class FormLoginConfigurerTests {
 	@Test
 	public void requestProtectedWhenFormLoginConfiguredThenRedirectsToLogin() throws Exception {
 		this.spring.register(FormLoginConfig.class).autowire();
-		this.mockMvc.perform(get("/private")).andExpect(status().isFound())
+		// @formatter:off
+		this.mockMvc.perform(get("/private"))
+				.andExpect(status().isFound())
 				.andExpect(redirectedUrl("http://localhost/login"));
+		// @formatter:on
 	}
 
 	@Test
 	public void loginWhenFormLoginDefaultsInLambdaThenHasDefaultUsernameAndPasswordParameterNames() throws Exception {
 		this.spring.register(FormLoginInLambdaConfig.class).autowire();
-		this.mockMvc.perform(formLogin().user("username", "user").password("password", "password"))
-				.andExpect(status().isFound()).andExpect(redirectedUrl("/"));
+		// @formatter:off
+		SecurityMockMvcRequestBuilders.FormLoginRequestBuilder loginRequest = formLogin()
+				.user("username", "user")
+				.password("password", "password");
+		this.mockMvc.perform(loginRequest)
+				.andExpect(status().isFound())
+				.andExpect(redirectedUrl("/"));
+		// @formatter:on
 	}
 
 	@Test
 	public void loginWhenFormLoginDefaultsInLambdaThenHasDefaultFailureUrl() throws Exception {
 		this.spring.register(FormLoginInLambdaConfig.class).autowire();
-		this.mockMvc.perform(formLogin().user("invalid")).andExpect(status().isFound())
+		// @formatter:off
+		this.mockMvc.perform(formLogin().user("invalid"))
+				.andExpect(status().isFound())
 				.andExpect(redirectedUrl("/login?error"));
+		// @formatter:on
 	}
 
 	@Test
 	public void loginWhenFormLoginDefaultsInLambdaThenHasDefaultSuccessUrl() throws Exception {
 		this.spring.register(FormLoginInLambdaConfig.class).autowire();
-		this.mockMvc.perform(formLogin()).andExpect(status().isFound()).andExpect(redirectedUrl("/"));
+		// @formatter:off
+		this.mockMvc.perform(formLogin())
+				.andExpect(status().isFound())
+				.andExpect(redirectedUrl("/"));
+		// @formatter:on
 	}
 
 	@Test
@@ -156,27 +186,41 @@ public class FormLoginConfigurerTests {
 	@Test
 	public void requestProtectedWhenFormLoginDefaultsInLambdaThenRedirectsToLogin() throws Exception {
 		this.spring.register(FormLoginInLambdaConfig.class).autowire();
-		this.mockMvc.perform(get("/private")).andExpect(status().isFound())
+		// @formatter:off
+		this.mockMvc.perform(get("/private"))
+				.andExpect(status().isFound())
 				.andExpect(redirectedUrl("http://localhost/login"));
+		// @formatter:on
 	}
 
 	@Test
 	public void getLoginPageWhenFormLoginPermitAllThenPermittedAndNoRedirect() throws Exception {
 		this.spring.register(FormLoginConfigPermitAll.class).autowire();
-		this.mockMvc.perform(get("/login")).andExpect(status().isOk()).andExpect(redirectedUrl(null));
+		// @formatter:off
+		this.mockMvc.perform(get("/login"))
+				.andExpect(status().isOk())
+				.andExpect(redirectedUrl(null));
+		// @formatter:on
 	}
 
 	@Test
 	public void getLoginPageWithErrorQueryWhenFormLoginPermitAllThenPermittedAndNoRedirect() throws Exception {
 		this.spring.register(FormLoginConfigPermitAll.class).autowire();
-		this.mockMvc.perform(get("/login?error")).andExpect(status().isOk()).andExpect(redirectedUrl(null));
+		// @formatter:off
+		this.mockMvc.perform(get("/login?error"))
+				.andExpect(status().isOk())
+				.andExpect(redirectedUrl(null));
+		// @formatter:on
 	}
 
 	@Test
 	public void loginWhenFormLoginPermitAllAndInvalidUserThenRedirectsToLoginPageWithError() throws Exception {
 		this.spring.register(FormLoginConfigPermitAll.class).autowire();
-		this.mockMvc.perform(formLogin().user("invalid")).andExpect(status().isFound())
+		// @formatter:off
+		this.mockMvc.perform(formLogin().user("invalid"))
+				.andExpect(status().isFound())
 				.andExpect(redirectedUrl("/login?error"));
+		// @formatter:on
 	}
 
 	@Test
@@ -194,8 +238,12 @@ public class FormLoginConfigurerTests {
 	@Test
 	public void loginWhenCustomLoginPageAndInvalidUserThenRedirectsToCustomLoginPageWithError() throws Exception {
 		this.spring.register(FormLoginDefaultsConfig.class).autowire();
-		this.mockMvc.perform(formLogin("/authenticate").user("invalid")).andExpect(status().isFound())
+		SecurityMockMvcRequestBuilders.FormLoginRequestBuilder request = formLogin("/authenticate").user("invalid");
+		// @formatter:off
+		this.mockMvc.perform(request)
+				.andExpect(status().isFound())
 				.andExpect(redirectedUrl("/authenticate?error"));
+		// @formatter:on
 	}
 
 	@Test
@@ -219,13 +267,21 @@ public class FormLoginConfigurerTests {
 	@Test
 	public void loginWhenCustomLoginProcessingUrlThenRedirectsToHome() throws Exception {
 		this.spring.register(FormLoginLoginProcessingUrlConfig.class).autowire();
-		this.mockMvc.perform(formLogin("/loginCheck")).andExpect(status().isFound()).andExpect(redirectedUrl("/"));
+		// @formatter:off
+		this.mockMvc.perform(formLogin("/loginCheck"))
+				.andExpect(status().isFound())
+				.andExpect(redirectedUrl("/"));
+		// @formatter:on
 	}
 
 	@Test
 	public void loginWhenCustomLoginProcessingUrlInLambdaThenRedirectsToHome() throws Exception {
 		this.spring.register(FormLoginLoginProcessingUrlInLambdaConfig.class).autowire();
-		this.mockMvc.perform(formLogin("/loginCheck")).andExpect(status().isFound()).andExpect(redirectedUrl("/"));
+		// @formatter:off
+		this.mockMvc.perform(formLogin("/loginCheck"))
+				.andExpect(status().isFound())
+				.andExpect(redirectedUrl("/"));
+		// @formatter:on
 	}
 
 	@Test
@@ -233,28 +289,36 @@ public class FormLoginConfigurerTests {
 		FormLoginUsesPortMapperConfig.PORT_MAPPER = mock(PortMapper.class);
 		given(FormLoginUsesPortMapperConfig.PORT_MAPPER.lookupHttpsPort(any())).willReturn(9443);
 		this.spring.register(FormLoginUsesPortMapperConfig.class).autowire();
-		this.mockMvc.perform(get("http://localhost:9090")).andExpect(status().isFound())
+		// @formatter:off
+		this.mockMvc.perform(get("http://localhost:9090"))
+				.andExpect(status().isFound())
 				.andExpect(redirectedUrl("https://localhost:9443/login"));
+		// @formatter:on
 		verify(FormLoginUsesPortMapperConfig.PORT_MAPPER).lookupHttpsPort(any());
 	}
 
 	@Test
 	public void failureUrlWhenPermitAllAndFailureHandlerThenSecured() throws Exception {
 		this.spring.register(PermitAllIgnoresFailureHandlerConfig.class).autowire();
-		this.mockMvc.perform(get("/login?error")).andExpect(status().isFound())
+		// @formatter:off
+		this.mockMvc.perform(get("/login?error"))
+				.andExpect(status().isFound())
 				.andExpect(redirectedUrl("http://localhost/login"));
+		// @formatter:on
 	}
 
 	@Test
 	public void formLoginWhenInvokedTwiceThenUsesOriginalUsernameParameter() throws Exception {
 		this.spring.register(DuplicateInvocationsDoesNotOverrideConfig.class).autowire();
-		this.mockMvc.perform(formLogin().user("custom-username", "user")).andExpect(authenticated());
+		SecurityMockMvcRequestBuilders.FormLoginRequestBuilder loginRequest = formLogin().user("custom-username", "user");
+		this.mockMvc.perform(loginRequest).andExpect(authenticated());
 	}
 
 	@Test
 	public void loginWhenInvalidLoginAndFailureForwardUrlThenForwardsToFailureForwardUrl() throws Exception {
 		this.spring.register(FormLoginUserForwardAuthenticationSuccessAndFailureConfig.class).autowire();
-		this.mockMvc.perform(formLogin().user("invalid")).andExpect(forwardedUrl("/failure_forward_url"));
+		SecurityMockMvcRequestBuilders.FormLoginRequestBuilder loginRequest = formLogin().user("invalid");
+		this.mockMvc.perform(loginRequest).andExpect(forwardedUrl("/failure_forward_url"));
 	}
 
 	@Test
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerEagerHeadersTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerEagerHeadersTests.java
index 6dd607e894..86163e04c8 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerEagerHeadersTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerEagerHeadersTests.java
@@ -62,15 +62,17 @@ public class HeadersConfigurerEagerHeadersTests {
 
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
-			// @ formatter:off
-			http.headers().addObjectPostProcessor(new ObjectPostProcessor<HeaderWriterFilter>() {
-				@Override
-				public HeaderWriterFilter postProcess(HeaderWriterFilter filter) {
-					filter.setShouldWriteHeadersEagerly(true);
-					return filter;
-				}
-			});
-			// @ formatter:on
+			// @formatter:off
+			http
+				.headers()
+					.addObjectPostProcessor(new ObjectPostProcessor<HeaderWriterFilter>() {
+						@Override
+						public HeaderWriterFilter postProcess(HeaderWriterFilter filter) {
+							filter.setShouldWriteHeadersEagerly(true);
+							return filter;
+						}
+					});
+			// @formatter:on
 		}
 
 	}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerTests.java
index a806075a0e..262c3f5909 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerTests.java
@@ -34,6 +34,7 @@ import org.springframework.security.web.header.writers.ReferrerPolicyHeaderWrite
 import org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter.XFrameOptionsMode;
 import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.test.web.servlet.MvcResult;
+import org.springframework.test.web.servlet.ResultMatcher;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
@@ -198,10 +199,13 @@ public class HeadersConfigurerTests {
 	@Test
 	public void getWhenSecureRequestAndHpkpWithPinThenPublicKeyPinsReportOnlyHeaderInResponse() throws Exception {
 		this.spring.register(HpkpConfig.class).autowire();
+		ResultMatcher pinsReportOnly = header().string(HttpHeaders.PUBLIC_KEY_PINS_REPORT_ONLY,
+				"max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\"");
+		// @formatter:off
 		MvcResult mvcResult = this.mvc.perform(get("/").secure(true))
-				.andExpect(header().string(HttpHeaders.PUBLIC_KEY_PINS_REPORT_ONLY,
-						"max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\""))
+				.andExpect(pinsReportOnly)
 				.andReturn();
+		// @formatter:on
 		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly(HttpHeaders.PUBLIC_KEY_PINS_REPORT_ONLY);
 	}
 
@@ -216,30 +220,40 @@ public class HeadersConfigurerTests {
 	public void getWhenHpkpWithMultiplePinsThenPublicKeyPinsReportOnlyHeaderWithMultiplePinsInResponse()
 			throws Exception {
 		this.spring.register(HpkpConfigWithPins.class).autowire();
-		MvcResult mvcResult = this.mvc.perform(get("/").secure(true)).andExpect(header().string(
+		ResultMatcher pinsReportOnly = header().string(
 				HttpHeaders.PUBLIC_KEY_PINS_REPORT_ONLY,
-				"max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\" ; pin-sha256=\"E9CZ9INDbd+2eRQozYqqbQ2yXLVKB9+xcprMF+44U1g=\""))
+				"max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\" ; pin-sha256=\"E9CZ9INDbd+2eRQozYqqbQ2yXLVKB9+xcprMF+44U1g=\"");
+		// @formatter:off
+		MvcResult mvcResult = this.mvc.perform(get("/").secure(true))
+				.andExpect(pinsReportOnly)
 				.andReturn();
+		// @formatter:on
 		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly(HttpHeaders.PUBLIC_KEY_PINS_REPORT_ONLY);
 	}
 
 	@Test
 	public void getWhenHpkpWithCustomAgeThenPublicKeyPinsReportOnlyHeaderWithCustomAgeInResponse() throws Exception {
 		this.spring.register(HpkpConfigCustomAge.class).autowire();
+		ResultMatcher pinsReportOnly = header().string(HttpHeaders.PUBLIC_KEY_PINS_REPORT_ONLY,
+				"max-age=604800 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\"");
+		// @formatter:off
 		MvcResult mvcResult = this.mvc.perform(get("/").secure(true))
-				.andExpect(header().string(HttpHeaders.PUBLIC_KEY_PINS_REPORT_ONLY,
-						"max-age=604800 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\""))
+				.andExpect(pinsReportOnly)
 				.andReturn();
+		// @formatter:on
 		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly(HttpHeaders.PUBLIC_KEY_PINS_REPORT_ONLY);
 	}
 
 	@Test
 	public void getWhenHpkpWithReportOnlyFalseThenPublicKeyPinsHeaderInResponse() throws Exception {
 		this.spring.register(HpkpConfigTerminateConnection.class).autowire();
+		ResultMatcher pins = header().string(HttpHeaders.PUBLIC_KEY_PINS,
+				"max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\"");
+		// @formatter:off
 		MvcResult mvcResult = this.mvc.perform(get("/").secure(true))
-				.andExpect(header().string(HttpHeaders.PUBLIC_KEY_PINS,
-						"max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\""))
+				.andExpect(pins)
 				.andReturn();
+		// @formatter:on
 		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly(HttpHeaders.PUBLIC_KEY_PINS);
 	}
 
@@ -247,20 +261,28 @@ public class HeadersConfigurerTests {
 	public void getWhenHpkpIncludeSubdomainThenPublicKeyPinsReportOnlyHeaderWithIncludeSubDomainsInResponse()
 			throws Exception {
 		this.spring.register(HpkpConfigIncludeSubDomains.class).autowire();
-		MvcResult mvcResult = this.mvc.perform(get("/").secure(true)).andExpect(header().string(
+		ResultMatcher pinsReportOnly = header().string(
 				HttpHeaders.PUBLIC_KEY_PINS_REPORT_ONLY,
-				"max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\" ; includeSubDomains"))
+				"max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\" ; includeSubDomains");
+		// @formatter:off
+		MvcResult mvcResult = this.mvc.perform(get("/").secure(true))
+				.andExpect(pinsReportOnly)
 				.andReturn();
+		// @formatter:on
 		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly(HttpHeaders.PUBLIC_KEY_PINS_REPORT_ONLY);
 	}
 
 	@Test
 	public void getWhenHpkpWithReportUriThenPublicKeyPinsReportOnlyHeaderWithReportUriInResponse() throws Exception {
 		this.spring.register(HpkpConfigWithReportURI.class).autowire();
-		MvcResult mvcResult = this.mvc.perform(get("/").secure(true)).andExpect(header().string(
+		ResultMatcher pinsReportOnly = header().string(
 				HttpHeaders.PUBLIC_KEY_PINS_REPORT_ONLY,
-				"max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\" ; report-uri=\"https://example.net/pkp-report\""))
+				"max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\" ; report-uri=\"https://example.net/pkp-report\"");
+		// @formatter:off
+		MvcResult mvcResult = this.mvc.perform(get("/").secure(true))
+				.andExpect(pinsReportOnly)
 				.andReturn();
+		// @formatter:on
 		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly(HttpHeaders.PUBLIC_KEY_PINS_REPORT_ONLY);
 	}
 
@@ -268,10 +290,14 @@ public class HeadersConfigurerTests {
 	public void getWhenHpkpWithReportUriAsStringThenPublicKeyPinsReportOnlyHeaderWithReportUriInResponse()
 			throws Exception {
 		this.spring.register(HpkpConfigWithReportURIAsString.class).autowire();
-		MvcResult mvcResult = this.mvc.perform(get("/").secure(true)).andExpect(header().string(
+		ResultMatcher pinsReportOnly = header().string(
 				HttpHeaders.PUBLIC_KEY_PINS_REPORT_ONLY,
-				"max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\" ; report-uri=\"https://example.net/pkp-report\""))
+				"max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\" ; report-uri=\"https://example.net/pkp-report\"");
+		// @formatter:off
+		MvcResult mvcResult = this.mvc.perform(get("/").secure(true))
+				.andExpect(pinsReportOnly)
 				.andReturn();
+		// @formatter:on
 		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly(HttpHeaders.PUBLIC_KEY_PINS_REPORT_ONLY);
 	}
 
@@ -279,18 +305,26 @@ public class HeadersConfigurerTests {
 	public void getWhenHpkpWithReportUriInLambdaThenPublicKeyPinsReportOnlyHeaderWithReportUriInResponse()
 			throws Exception {
 		this.spring.register(HpkpWithReportUriInLambdaConfig.class).autowire();
-		MvcResult mvcResult = this.mvc.perform(get("/").secure(true)).andExpect(header().string(
+		ResultMatcher pinsReportOnly = header().string(
 				HttpHeaders.PUBLIC_KEY_PINS_REPORT_ONLY,
-				"max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\" ; report-uri=\"https://example.net/pkp-report\""))
+				"max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\" ; report-uri=\"https://example.net/pkp-report\"");
+		// @formatter:off
+		MvcResult mvcResult = this.mvc.perform(get("/").secure(true))
+				.andExpect(pinsReportOnly)
 				.andReturn();
+		// @formatter:on
 		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly(HttpHeaders.PUBLIC_KEY_PINS_REPORT_ONLY);
 	}
 
 	@Test
 	public void getWhenContentSecurityPolicyConfiguredThenContentSecurityPolicyHeaderInResponse() throws Exception {
 		this.spring.register(ContentSecurityPolicyDefaultConfig.class).autowire();
+		ResultMatcher csp = header().string(HttpHeaders.CONTENT_SECURITY_POLICY, "default-src 'self'");
+		// @formatter:off
 		MvcResult mvcResult = this.mvc.perform(get("/").secure(true))
-				.andExpect(header().string(HttpHeaders.CONTENT_SECURITY_POLICY, "default-src 'self'")).andReturn();
+				.andExpect(csp)
+				.andReturn();
+		// @formatter:on
 		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly(HttpHeaders.CONTENT_SECURITY_POLICY);
 	}
 
@@ -298,10 +332,13 @@ public class HeadersConfigurerTests {
 	public void getWhenContentSecurityPolicyWithReportOnlyThenContentSecurityPolicyReportOnlyHeaderInResponse()
 			throws Exception {
 		this.spring.register(ContentSecurityPolicyReportOnlyConfig.class).autowire();
+		ResultMatcher cspReportOnly = header().string(HttpHeaders.CONTENT_SECURITY_POLICY_REPORT_ONLY,
+				"default-src 'self'; script-src trustedscripts.example.com");
+		// @formatter:off
 		MvcResult mvcResult = this.mvc.perform(get("/").secure(true))
-				.andExpect(header().string(HttpHeaders.CONTENT_SECURITY_POLICY_REPORT_ONLY,
-						"default-src 'self'; script-src trustedscripts.example.com"))
+				.andExpect(cspReportOnly)
 				.andReturn();
+		// @formatter:on
 		assertThat(mvcResult.getResponse().getHeaderNames())
 				.containsExactly(HttpHeaders.CONTENT_SECURITY_POLICY_REPORT_ONLY);
 	}
@@ -310,10 +347,13 @@ public class HeadersConfigurerTests {
 	public void getWhenContentSecurityPolicyWithReportOnlyInLambdaThenContentSecurityPolicyReportOnlyHeaderInResponse()
 			throws Exception {
 		this.spring.register(ContentSecurityPolicyReportOnlyInLambdaConfig.class).autowire();
+		ResultMatcher csp = header().string(HttpHeaders.CONTENT_SECURITY_POLICY_REPORT_ONLY,
+				"default-src 'self'; script-src trustedscripts.example.com");
+		// @formatter:off
 		MvcResult mvcResult = this.mvc.perform(get("/").secure(true))
-				.andExpect(header().string(HttpHeaders.CONTENT_SECURITY_POLICY_REPORT_ONLY,
-						"default-src 'self'; script-src trustedscripts.example.com"))
+				.andExpect(csp)
 				.andReturn();
+		// @formatter:on
 		assertThat(mvcResult.getResponse().getHeaderNames())
 				.containsExactly(HttpHeaders.CONTENT_SECURITY_POLICY_REPORT_ONLY);
 	}
@@ -335,24 +375,36 @@ public class HeadersConfigurerTests {
 	@Test
 	public void configureWhenContentSecurityPolicyNoPolicyDirectivesInLambdaThenDefaultHeaderValue() throws Exception {
 		this.spring.register(ContentSecurityPolicyNoDirectivesInLambdaConfig.class).autowire();
+		ResultMatcher csp = header().string(HttpHeaders.CONTENT_SECURITY_POLICY, "default-src 'self'");
+		// @formatter:off
 		MvcResult mvcResult = this.mvc.perform(get("/").secure(true))
-				.andExpect(header().string(HttpHeaders.CONTENT_SECURITY_POLICY, "default-src 'self'")).andReturn();
+				.andExpect(csp)
+				.andReturn();
+		// @formatter:on
 		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly(HttpHeaders.CONTENT_SECURITY_POLICY);
 	}
 
 	@Test
 	public void getWhenReferrerPolicyConfiguredThenReferrerPolicyHeaderInResponse() throws Exception {
 		this.spring.register(ReferrerPolicyDefaultConfig.class).autowire();
+		ResultMatcher referrerPolicy = header().string("Referrer-Policy", ReferrerPolicy.NO_REFERRER.getPolicy());
+		// @formatter:off
 		MvcResult mvcResult = this.mvc.perform(get("/").secure(true))
-				.andExpect(header().string("Referrer-Policy", ReferrerPolicy.NO_REFERRER.getPolicy())).andReturn();
+				.andExpect(referrerPolicy)
+				.andReturn();
+		// @formatter:on
 		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly("Referrer-Policy");
 	}
 
 	@Test
 	public void getWhenReferrerPolicyInLambdaThenReferrerPolicyHeaderInResponse() throws Exception {
 		this.spring.register(ReferrerPolicyDefaultInLambdaConfig.class).autowire();
+		ResultMatcher referrerPolicy = header().string("Referrer-Policy", ReferrerPolicy.NO_REFERRER.getPolicy());
+		// @formatter:off
 		MvcResult mvcResult = this.mvc.perform(get("/").secure(true))
-				.andExpect(header().string("Referrer-Policy", ReferrerPolicy.NO_REFERRER.getPolicy())).andReturn();
+				.andExpect(referrerPolicy)
+				.andReturn();
+		// @formatter:on
 		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly("Referrer-Policy");
 	}
 
@@ -360,24 +412,36 @@ public class HeadersConfigurerTests {
 	public void getWhenReferrerPolicyConfiguredWithCustomValueThenReferrerPolicyHeaderWithCustomValueInResponse()
 			throws Exception {
 		this.spring.register(ReferrerPolicyCustomConfig.class).autowire();
+		ResultMatcher referrerPolicy = header().string("Referrer-Policy", ReferrerPolicy.SAME_ORIGIN.getPolicy());
+		// @formatter:off
 		MvcResult mvcResult = this.mvc.perform(get("/").secure(true))
-				.andExpect(header().string("Referrer-Policy", ReferrerPolicy.SAME_ORIGIN.getPolicy())).andReturn();
+				.andExpect(referrerPolicy)
+				.andReturn();
+		// @formatter:on
 		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly("Referrer-Policy");
 	}
 
 	@Test
 	public void getWhenReferrerPolicyConfiguredWithCustomValueInLambdaThenCustomValueInResponse() throws Exception {
 		this.spring.register(ReferrerPolicyCustomInLambdaConfig.class).autowire();
+		ResultMatcher referrerPolicy = header().string("Referrer-Policy", ReferrerPolicy.SAME_ORIGIN.getPolicy());
+		// @formatter:off
 		MvcResult mvcResult = this.mvc.perform(get("/").secure(true))
-				.andExpect(header().string("Referrer-Policy", ReferrerPolicy.SAME_ORIGIN.getPolicy())).andReturn();
+				.andExpect(referrerPolicy)
+				.andReturn();
+		// @formatter:on
 		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly("Referrer-Policy");
 	}
 
 	@Test
 	public void getWhenFeaturePolicyConfiguredThenFeaturePolicyHeaderInResponse() throws Exception {
 		this.spring.register(FeaturePolicyConfig.class).autowire();
+		ResultMatcher featurePolicy = header().string("Feature-Policy", "geolocation 'self'");
+		// @formatter:off
 		MvcResult mvcResult = this.mvc.perform(get("/").secure(true))
-				.andExpect(header().string("Feature-Policy", "geolocation 'self'")).andReturn();
+				.andExpect(featurePolicy)
+				.andReturn();
+		// @formatter:on
 		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly("Feature-Policy");
 	}
 
@@ -392,9 +456,13 @@ public class HeadersConfigurerTests {
 	public void getWhenHstsConfiguredWithPreloadThenStrictTransportSecurityHeaderWithPreloadInResponse()
 			throws Exception {
 		this.spring.register(HstsWithPreloadConfig.class).autowire();
-		MvcResult mvcResult = this.mvc.perform(get("/").secure(true)).andExpect(header()
-				.string(HttpHeaders.STRICT_TRANSPORT_SECURITY, "max-age=31536000 ; includeSubDomains ; preload"))
+		ResultMatcher hsts = header()
+				.string(HttpHeaders.STRICT_TRANSPORT_SECURITY, "max-age=31536000 ; includeSubDomains ; preload");
+		// @formatter:off
+		MvcResult mvcResult = this.mvc.perform(get("/").secure(true))
+				.andExpect(hsts)
 				.andReturn();
+		// @formatter:on
 		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly(HttpHeaders.STRICT_TRANSPORT_SECURITY);
 	}
 
@@ -402,9 +470,13 @@ public class HeadersConfigurerTests {
 	public void getWhenHstsConfiguredWithPreloadInLambdaThenStrictTransportSecurityHeaderWithPreloadInResponse()
 			throws Exception {
 		this.spring.register(HstsWithPreloadInLambdaConfig.class).autowire();
-		MvcResult mvcResult = this.mvc.perform(get("/").secure(true)).andExpect(header()
-				.string(HttpHeaders.STRICT_TRANSPORT_SECURITY, "max-age=31536000 ; includeSubDomains ; preload"))
+		ResultMatcher hsts = header()
+				.string(HttpHeaders.STRICT_TRANSPORT_SECURITY, "max-age=31536000 ; includeSubDomains ; preload");
+		// @formatter:off
+		MvcResult mvcResult = this.mvc.perform(get("/").secure(true))
+				.andExpect(hsts)
 				.andReturn();
+		// @formatter:on
 		assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly(HttpHeaders.STRICT_TRANSPORT_SECURITY);
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpBasicConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpBasicConfigurerTests.java
index 2626139e22..5cb58b4a6e 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpBasicConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpBasicConfigurerTests.java
@@ -38,6 +38,7 @@ import org.springframework.security.provisioning.InMemoryUserDetailsManager;
 import org.springframework.security.web.AuthenticationEntryPoint;
 import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
 import org.springframework.test.web.servlet.MockMvc;
+import org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder;
 
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.mock;
@@ -73,16 +74,22 @@ public class HttpBasicConfigurerTests {
 	@Test
 	public void httpBasicWhenUsingDefaultsInLambdaThenResponseIncludesBasicChallenge() throws Exception {
 		this.spring.register(DefaultsLambdaEntryPointConfig.class).autowire();
-		this.mvc.perform(get("/")).andExpect(status().isUnauthorized())
+		// @formatter:off
+		this.mvc.perform(get("/"))
+				.andExpect(status().isUnauthorized())
 				.andExpect(header().string("WWW-Authenticate", "Basic realm=\"Realm\""));
+		// @formatter:on
 	}
 
 	// SEC-2198
 	@Test
 	public void httpBasicWhenUsingDefaultsThenResponseIncludesBasicChallenge() throws Exception {
 		this.spring.register(DefaultsEntryPointConfig.class).autowire();
-		this.mvc.perform(get("/")).andExpect(status().isUnauthorized())
+		// @formatter:off
+		this.mvc.perform(get("/"))
+				.andExpect(status().isUnauthorized())
 				.andExpect(header().string("WWW-Authenticate", "Basic realm=\"Realm\""));
+		// @formatter:on
 	}
 
 	@Test
@@ -105,8 +112,8 @@ public class HttpBasicConfigurerTests {
 	@Test
 	public void httpBasicWhenRememberMeConfiguredThenSetsRememberMeCookie() throws Exception {
 		this.spring.register(BasicUsesRememberMeConfig.class).autowire();
-		this.mvc.perform(get("/").with(httpBasic("user", "password")).param("remember-me", "true"))
-				.andExpect(cookie().exists("remember-me"));
+		MockHttpServletRequestBuilder rememberMeRequest = get("/").with(httpBasic("user", "password")).param("remember-me", "true");
+		this.mvc.perform(rememberMeRequest).andExpect(cookie().exists("remember-me"));
 	}
 
 	@EnableWebSecurity
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/JeeConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/JeeConfigurerTests.java
index 88e80b78bb..11f62f480a 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/JeeConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/JeeConfigurerTests.java
@@ -31,9 +31,11 @@ import org.springframework.security.config.test.SpringTestRule;
 import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.core.userdetails.AuthenticationUserDetailsService;
 import org.springframework.security.core.userdetails.User;
+import org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers;
 import org.springframework.security.web.authentication.preauth.j2ee.J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource;
 import org.springframework.security.web.authentication.preauth.j2ee.J2eePreAuthenticatedProcessingFilter;
 import org.springframework.test.web.servlet.MockMvc;
+import org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder;
 
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.BDDMockito.given;
@@ -78,11 +80,16 @@ public class JeeConfigurerTests {
 		this.spring.register(InvokeTwiceDoesNotOverride.class).autowire();
 		Principal user = mock(Principal.class);
 		given(user.getName()).willReturn("user");
-		this.mvc.perform(get("/").principal(user).with((request) -> {
-			request.addUserRole("ROLE_ADMIN");
-			request.addUserRole("ROLE_USER");
-			return request;
-		})).andExpect(authenticated().withRoles("USER"));
+		// @formatter:off
+		MockHttpServletRequestBuilder request = get("/")
+				.principal(user)
+				.with((request) -> {
+					request.addUserRole("ROLE_ADMIN");
+					request.addUserRole("ROLE_USER");
+					return request;
+				});
+		// @formatter:on
+		this.mvc.perform(request).andExpect(authenticated().withRoles("USER"));
 	}
 
 	@Test
@@ -90,11 +97,16 @@ public class JeeConfigurerTests {
 		this.spring.register(JeeMappableRolesConfig.class).autowire();
 		Principal user = mock(Principal.class);
 		given(user.getName()).willReturn("user");
-		this.mvc.perform(get("/").principal(user).with((request) -> {
-			request.addUserRole("ROLE_ADMIN");
-			request.addUserRole("ROLE_USER");
-			return request;
-		})).andExpect(authenticated().withRoles("USER"));
+		// @formatter:off
+		MockHttpServletRequestBuilder request = get("/")
+				.principal(user)
+				.with((request) -> {
+					request.addUserRole("ROLE_ADMIN");
+					request.addUserRole("ROLE_USER");
+					return request;
+				});
+		// @formatter:on
+		this.mvc.perform(request).andExpect(authenticated().withRoles("USER"));
 	}
 
 	@Test
@@ -102,11 +114,17 @@ public class JeeConfigurerTests {
 		this.spring.register(JeeMappableAuthoritiesConfig.class).autowire();
 		Principal user = mock(Principal.class);
 		given(user.getName()).willReturn("user");
-		this.mvc.perform(get("/").principal(user).with((request) -> {
-			request.addUserRole("ROLE_ADMIN");
-			request.addUserRole("ROLE_USER");
-			return request;
-		})).andExpect(authenticated().withAuthorities(AuthorityUtils.createAuthorityList("ROLE_USER")));
+		// @formatter:off
+		MockHttpServletRequestBuilder request = get("/")
+				.principal(user)
+				.with((request) -> {
+					request.addUserRole("ROLE_ADMIN");
+					request.addUserRole("ROLE_USER");
+					return request;
+				});
+		// @formatter:on
+		SecurityMockMvcResultMatchers.AuthenticatedMatcher authenticatedAsUser = authenticated().withAuthorities(AuthorityUtils.createAuthorityList("ROLE_USER"));
+		this.mvc.perform(request).andExpect(authenticatedAsUser);
 	}
 
 	@Test
@@ -119,11 +137,16 @@ public class JeeConfigurerTests {
 		given(user.getName()).willReturn("user");
 		given(JeeCustomAuthenticatedUserDetailsServiceConfig.authenticationUserDetailsService.loadUserDetails(any()))
 				.willReturn(userDetails);
-		this.mvc.perform(get("/").principal(user).with((request) -> {
-			request.addUserRole("ROLE_ADMIN");
-			request.addUserRole("ROLE_USER");
-			return request;
-		})).andExpect(authenticated().withRoles("USER"));
+		// @formatter:off
+		MockHttpServletRequestBuilder request = get("/")
+				.principal(user)
+				.with((request) -> {
+					request.addUserRole("ROLE_ADMIN");
+					request.addUserRole("ROLE_USER");
+					return request;
+				});
+		// @formatter:on
+		this.mvc.perform(request).andExpect(authenticated().withRoles("USER"));
 	}
 
 	@EnableWebSecurity
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurerClearSiteDataTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurerClearSiteDataTests.java
index 42b88900f7..0587442d9f 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurerClearSiteDataTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurerClearSiteDataTests.java
@@ -27,13 +27,14 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
 import org.springframework.security.config.test.SpringTestRule;
 import org.springframework.security.test.context.annotation.SecurityTestExecutionListeners;
 import org.springframework.security.test.context.support.WithMockUser;
-import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors;
 import org.springframework.security.web.authentication.logout.HeaderWriterLogoutHandler;
 import org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter;
 import org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter.Directive;
 import org.springframework.test.context.junit4.SpringRunner;
 import org.springframework.test.web.servlet.MockMvc;
+import org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder;
 
+import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.header;
@@ -67,24 +68,24 @@ public class LogoutConfigurerClearSiteDataTests {
 	@WithMockUser
 	public void logoutWhenRequestTypeGetThenHeaderNotPresentt() throws Exception {
 		this.spring.register(HttpLogoutConfig.class).autowire();
-		this.mvc.perform(get("/logout").secure(true).with(SecurityMockMvcRequestPostProcessors.csrf()))
-				.andExpect(header().doesNotExist(CLEAR_SITE_DATA_HEADER));
+		MockHttpServletRequestBuilder logoutRequest = get("/logout").secure(true).with(csrf());
+		this.mvc.perform(logoutRequest).andExpect(header().doesNotExist(CLEAR_SITE_DATA_HEADER));
 	}
 
 	@Test
 	@WithMockUser
 	public void logoutWhenRequestTypePostAndNotSecureThenHeaderNotPresent() throws Exception {
 		this.spring.register(HttpLogoutConfig.class).autowire();
-		this.mvc.perform(post("/logout").with(SecurityMockMvcRequestPostProcessors.csrf()))
-				.andExpect(header().doesNotExist(CLEAR_SITE_DATA_HEADER));
+		MockHttpServletRequestBuilder logoutRequest = post("/logout").with(csrf());
+		this.mvc.perform(logoutRequest).andExpect(header().doesNotExist(CLEAR_SITE_DATA_HEADER));
 	}
 
 	@Test
 	@WithMockUser
 	public void logoutWhenRequestTypePostAndSecureThenHeaderIsPresent() throws Exception {
 		this.spring.register(HttpLogoutConfig.class).autowire();
-		this.mvc.perform(post("/logout").secure(true).with(SecurityMockMvcRequestPostProcessors.csrf()))
-				.andExpect(header().stringValues(CLEAR_SITE_DATA_HEADER, HEADER_VALUE));
+		MockHttpServletRequestBuilder logoutRequest = post("/logout").secure(true).with(csrf());
+		this.mvc.perform(logoutRequest).andExpect(header().stringValues(CLEAR_SITE_DATA_HEADER, HEADER_VALUE));
 	}
 
 	@EnableWebSecurity
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurerTests.java
index c960699756..610005145d 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurerTests.java
@@ -35,6 +35,7 @@ import org.springframework.security.web.authentication.logout.LogoutFilter;
 import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
 import org.springframework.security.web.util.matcher.RequestMatcher;
 import org.springframework.test.web.servlet.MockMvc;
+import org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder;
 
 import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.mockito.ArgumentMatchers.any;
@@ -101,65 +102,103 @@ public class LogoutConfigurerTests {
 	@Test
 	public void logoutWhenInvokedTwiceThenUsesOriginalLogoutUrl() throws Exception {
 		this.spring.register(DuplicateDoesNotOverrideConfig.class).autowire();
-		this.mvc.perform(post("/custom/logout").with(csrf())).andExpect(status().isFound())
+		MockHttpServletRequestBuilder logoutRequest = post("/custom/logout").with(csrf());
+		// @formatter:off
+		this.mvc.perform(logoutRequest)
+				.andExpect(status().isFound())
 				.andExpect(redirectedUrl("/login?logout"));
+		// @formatter:on
 	}
 
 	// SEC-2311
 	@Test
 	public void logoutWhenGetRequestAndCsrfDisabledThenRedirectsToLogin() throws Exception {
 		this.spring.register(CsrfDisabledConfig.class).autowire();
-		this.mvc.perform(get("/logout")).andExpect(status().isFound()).andExpect(redirectedUrl("/login?logout"));
+		// @formatter:off
+		this.mvc.perform(get("/logout"))
+				.andExpect(status().isFound())
+				.andExpect(redirectedUrl("/login?logout"));
+		// @formatter:on
 	}
 
 	@Test
 	public void logoutWhenPostRequestAndCsrfDisabledThenRedirectsToLogin() throws Exception {
 		this.spring.register(CsrfDisabledConfig.class).autowire();
-		this.mvc.perform(post("/logout")).andExpect(status().isFound()).andExpect(redirectedUrl("/login?logout"));
+		// @formatter:off
+		this.mvc.perform(post("/logout"))
+				.andExpect(status().isFound())
+				.andExpect(redirectedUrl("/login?logout"));
+		// @formatter:on
 	}
 
 	@Test
 	public void logoutWhenPutRequestAndCsrfDisabledThenRedirectsToLogin() throws Exception {
 		this.spring.register(CsrfDisabledConfig.class).autowire();
-		this.mvc.perform(put("/logout")).andExpect(status().isFound()).andExpect(redirectedUrl("/login?logout"));
+		// @formatter:off
+		this.mvc.perform(put("/logout"))
+				.andExpect(status().isFound())
+				.andExpect(redirectedUrl("/login?logout"));
+		// @formatter:on
 	}
 
 	@Test
 	public void logoutWhenDeleteRequestAndCsrfDisabledThenRedirectsToLogin() throws Exception {
 		this.spring.register(CsrfDisabledConfig.class).autowire();
-		this.mvc.perform(delete("/logout")).andExpect(status().isFound()).andExpect(redirectedUrl("/login?logout"));
+		// @formatter:off
+		this.mvc.perform(delete("/logout"))
+				.andExpect(status().isFound())
+				.andExpect(redirectedUrl("/login?logout"));
+		// @formatter:on
 	}
 
 	@Test
 	public void logoutWhenGetRequestAndCsrfDisabledAndCustomLogoutUrlThenRedirectsToLogin() throws Exception {
 		this.spring.register(CsrfDisabledAndCustomLogoutConfig.class).autowire();
-		this.mvc.perform(get("/custom/logout")).andExpect(status().isFound()).andExpect(redirectedUrl("/login?logout"));
+		// @formatter:off
+		this.mvc.perform(get("/custom/logout"))
+				.andExpect(status().isFound())
+				.andExpect(redirectedUrl("/login?logout"));
+		// @formatter:on
 	}
 
 	@Test
 	public void logoutWhenPostRequestAndCsrfDisabledAndCustomLogoutUrlThenRedirectsToLogin() throws Exception {
 		this.spring.register(CsrfDisabledAndCustomLogoutConfig.class).autowire();
-		this.mvc.perform(post("/custom/logout")).andExpect(status().isFound())
+		// @formatter:off
+		this.mvc.perform(post("/custom/logout"))
+				.andExpect(status().isFound())
 				.andExpect(redirectedUrl("/login?logout"));
+		// @formatter:on
 	}
 
 	@Test
 	public void logoutWhenPutRequestAndCsrfDisabledAndCustomLogoutUrlThenRedirectsToLogin() throws Exception {
 		this.spring.register(CsrfDisabledAndCustomLogoutConfig.class).autowire();
-		this.mvc.perform(put("/custom/logout")).andExpect(status().isFound()).andExpect(redirectedUrl("/login?logout"));
+		// @formatter:off
+		this.mvc.perform(put("/custom/logout"))
+				.andExpect(status().isFound())
+				.andExpect(redirectedUrl("/login?logout"));
+		// @formatter:on
 	}
 
 	@Test
 	public void logoutWhenDeleteRequestAndCsrfDisabledAndCustomLogoutUrlThenRedirectsToLogin() throws Exception {
 		this.spring.register(CsrfDisabledAndCustomLogoutConfig.class).autowire();
-		this.mvc.perform(delete("/custom/logout")).andExpect(status().isFound())
+		// @formatter:off
+		this.mvc.perform(delete("/custom/logout"))
+				.andExpect(status().isFound())
 				.andExpect(redirectedUrl("/login?logout"));
+		// @formatter:on
 	}
 
 	@Test
 	public void logoutWhenCustomLogoutUrlInLambdaThenRedirectsToLogin() throws Exception {
 		this.spring.register(CsrfDisabledAndCustomLogoutInLambdaConfig.class).autowire();
-		this.mvc.perform(get("/custom/logout")).andExpect(status().isFound()).andExpect(redirectedUrl("/login?logout"));
+		// @formatter:off
+		this.mvc.perform(get("/custom/logout"))
+				.andExpect(status().isFound())
+				.andExpect(redirectedUrl("/login?logout"));
+		// @formatter:on
 	}
 
 	// SEC-3170
@@ -188,44 +227,70 @@ public class LogoutConfigurerTests {
 	@Test
 	public void logoutWhenAcceptTextHtmlThenRedirectsToLogin() throws Exception {
 		this.spring.register(BasicSecurityConfig.class).autowire();
-		this.mvc.perform(
-				post("/logout").with(csrf()).with(user("user")).header(HttpHeaders.ACCEPT, MediaType.TEXT_HTML_VALUE))
-				.andExpect(status().isFound()).andExpect(redirectedUrl("/login?logout"));
+		// @formatter:off
+		MockHttpServletRequestBuilder logoutRequest = post("/logout")
+				.with(csrf())
+				.with(user("user"))
+				.header(HttpHeaders.ACCEPT, MediaType.TEXT_HTML_VALUE);
+		this.mvc.perform(logoutRequest)
+				.andExpect(status().isFound())
+				.andExpect(redirectedUrl("/login?logout"));
+		// @formatter:on
 	}
 
 	// gh-3282
 	@Test
 	public void logoutWhenAcceptApplicationJsonThenReturnsStatusNoContent() throws Exception {
 		this.spring.register(BasicSecurityConfig.class).autowire();
-		this.mvc.perform(post("/logout").with(csrf()).with(user("user")).header(HttpHeaders.ACCEPT,
-				MediaType.APPLICATION_JSON_VALUE)).andExpect(status().isNoContent());
+		// @formatter:off
+		MockHttpServletRequestBuilder request = post("/logout")
+				.with(csrf())
+				.with(user("user"))
+				.header(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_VALUE);
+		// @formatter:on
+		this.mvc.perform(request).andExpect(status().isNoContent());
 	}
 
 	// gh-4831
 	@Test
 	public void logoutWhenAcceptAllThenReturnsStatusNoContent() throws Exception {
 		this.spring.register(BasicSecurityConfig.class).autowire();
-		this.mvc.perform(
-				post("/logout").with(csrf()).with(user("user")).header(HttpHeaders.ACCEPT, MediaType.ALL_VALUE))
-				.andExpect(status().isNoContent());
+		// @formatter:off
+		MockHttpServletRequestBuilder logoutRequest = post("/logout")
+				.with(csrf())
+				.with(user("user"))
+				.header(HttpHeaders.ACCEPT, MediaType.ALL_VALUE);
+		// @formatter:on
+		this.mvc.perform(logoutRequest).andExpect(status().isNoContent());
 	}
 
 	// gh-3902
 	@Test
 	public void logoutWhenAcceptFromChromeThenRedirectsToLogin() throws Exception {
 		this.spring.register(BasicSecurityConfig.class).autowire();
-		this.mvc.perform(post("/logout").with(csrf()).with(user("user")).header(HttpHeaders.ACCEPT,
-				"text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"))
-				.andExpect(status().isFound()).andExpect(redirectedUrl("/login?logout"));
+		// @formatter:off
+		MockHttpServletRequestBuilder request = post("/logout")
+				.with(csrf())
+				.with(user("user"))
+				.header(HttpHeaders.ACCEPT, "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8");
+		this.mvc.perform(request)
+				.andExpect(status().isFound())
+				.andExpect(redirectedUrl("/login?logout"));
+		// @formatter:on
 	}
 
 	// gh-3997
 	@Test
 	public void logoutWhenXMLHttpRequestThenReturnsStatusNoContent() throws Exception {
 		this.spring.register(BasicSecurityConfig.class).autowire();
-		this.mvc.perform(post("/logout").with(csrf()).with(user("user"))
-				.header(HttpHeaders.ACCEPT, "text/html,application/json").header("X-Requested-With", "XMLHttpRequest"))
-				.andExpect(status().isNoContent());
+		// @formatter:off
+		MockHttpServletRequestBuilder request = post("/logout")
+				.with(csrf())
+				.with(user("user"))
+				.header(HttpHeaders.ACCEPT, "text/html,application/json")
+				.header("X-Requested-With", "XMLHttpRequest");
+		// @formatter:on
+		this.mvc.perform(request).andExpect(status().isNoContent());
 	}
 
 	@Test
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpBasicTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpBasicTests.java
index 18e2fc89af..ac85f2b260 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpBasicTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpBasicTests.java
@@ -35,6 +35,7 @@ import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.provisioning.InMemoryUserDetailsManager;
 import org.springframework.security.web.AuthenticationEntryPoint;
 import org.springframework.test.web.servlet.MockMvc;
+import org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder;
 
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.mock;
@@ -66,18 +67,28 @@ public class NamespaceHttpBasicTests {
 	public void basicAuthenticationWhenUsingDefaultsThenMatchesNamespace() throws Exception {
 		this.spring.register(HttpBasicConfig.class, UserConfig.class).autowire();
 		this.mvc.perform(get("/")).andExpect(status().isUnauthorized());
-		this.mvc.perform(get("/").with(httpBasic("user", "invalid"))).andExpect(status().isUnauthorized())
+		MockHttpServletRequestBuilder requestWithInvalidPassword = get("/").with(httpBasic("user", "invalid"));
+		// @formatter:off
+		this.mvc.perform(requestWithInvalidPassword)
+				.andExpect(status().isUnauthorized())
 				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, "Basic realm=\"Realm\""));
-		this.mvc.perform(get("/").with(httpBasic("user", "password"))).andExpect(status().isNotFound());
+		// @formatter:on
+		MockHttpServletRequestBuilder requestWithValidPassword = get("/").with(httpBasic("user", "password"));
+		this.mvc.perform(requestWithValidPassword).andExpect(status().isNotFound());
 	}
 
 	@Test
 	public void basicAuthenticationWhenUsingDefaultsInLambdaThenMatchesNamespace() throws Exception {
 		this.spring.register(HttpBasicLambdaConfig.class, UserConfig.class).autowire();
 		this.mvc.perform(get("/")).andExpect(status().isUnauthorized());
-		this.mvc.perform(get("/").with(httpBasic("user", "invalid"))).andExpect(status().isUnauthorized())
+		MockHttpServletRequestBuilder requestWithInvalidPassword = get("/").with(httpBasic("user", "invalid"));
+		// @formatter:off
+		this.mvc.perform(requestWithInvalidPassword)
+				.andExpect(status().isUnauthorized())
 				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, "Basic realm=\"Realm\""));
-		this.mvc.perform(get("/").with(httpBasic("user", "password"))).andExpect(status().isNotFound());
+		// @formatter:on
+		MockHttpServletRequestBuilder requestWithValidPassword = get("/").with(httpBasic("user", "password"));
+		this.mvc.perform(requestWithValidPassword).andExpect(status().isNotFound());
 	}
 
 	/**
@@ -86,15 +97,23 @@ public class NamespaceHttpBasicTests {
 	@Test
 	public void basicAuthenticationWhenUsingCustomRealmThenMatchesNamespace() throws Exception {
 		this.spring.register(CustomHttpBasicConfig.class, UserConfig.class).autowire();
-		this.mvc.perform(get("/").with(httpBasic("user", "invalid"))).andExpect(status().isUnauthorized())
+		MockHttpServletRequestBuilder requestWithInvalidPassword = get("/").with(httpBasic("user", "invalid"));
+		// @formatter:off
+		this.mvc.perform(requestWithInvalidPassword)
+				.andExpect(status().isUnauthorized())
 				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, "Basic realm=\"Custom Realm\""));
+		// @formatter:on
 	}
 
 	@Test
 	public void basicAuthenticationWhenUsingCustomRealmInLambdaThenMatchesNamespace() throws Exception {
 		this.spring.register(CustomHttpBasicLambdaConfig.class, UserConfig.class).autowire();
-		this.mvc.perform(get("/").with(httpBasic("user", "invalid"))).andExpect(status().isUnauthorized())
+		MockHttpServletRequestBuilder requestWithInvalidPassword = get("/").with(httpBasic("user", "invalid"));
+		// @formatter:off
+		this.mvc.perform(requestWithInvalidPassword)
+				.andExpect(status().isUnauthorized())
 				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, "Basic realm=\"Custom Realm\""));
+		// @formatter:on
 	}
 
 	/**
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpCustomFilterTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpCustomFilterTests.java
index 817792742f..f3623fd1a0 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpCustomFilterTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpCustomFilterTests.java
@@ -39,6 +39,7 @@ import org.springframework.security.config.test.SpringTestRule;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.provisioning.InMemoryUserDetailsManager;
 import org.springframework.security.web.FilterChainProxy;
@@ -193,8 +194,14 @@ public class NamespaceHttpCustomFilterTests {
 
 		@Bean
 		UserDetailsService userDetailsService() {
-			return new InMemoryUserDetailsManager(
-					User.withDefaultPasswordEncoder().username("user").password("password").roles("USER").build());
+			// @formatter:off
+			UserDetails user = User.withDefaultPasswordEncoder()
+					.username("user")
+					.password("password")
+					.roles("USER")
+					.build();
+			// @formatter:on
+			return new InMemoryUserDetailsManager(user);
 		}
 
 	}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFormLoginTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFormLoginTests.java
index 074fa8a2ec..af53890e84 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFormLoginTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFormLoginTests.java
@@ -36,6 +36,7 @@ import org.springframework.security.web.authentication.SavedRequestAwareAuthenti
 import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
 import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
 import org.springframework.test.web.servlet.MockMvc;
+import org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder;
 
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.spy;
@@ -65,8 +66,13 @@ public class NamespaceHttpFormLoginTests {
 		this.spring.register(FormLoginConfig.class, UserDetailsServiceConfig.class).autowire();
 		this.mvc.perform(get("/")).andExpect(redirectedUrl("http://localhost/login"));
 		this.mvc.perform(post("/login").with(csrf())).andExpect(redirectedUrl("/login?error"));
-		this.mvc.perform(post("/login").param("username", "user").param("password", "password").with(csrf()))
-				.andExpect(redirectedUrl("/"));
+		// @formatter:off
+		MockHttpServletRequestBuilder loginRequest = post("/login")
+				.param("username", "user")
+				.param("password", "password")
+				.with(csrf());
+		// @formatter:on
+		this.mvc.perform(loginRequest).andExpect(redirectedUrl("/"));
 	}
 
 	@Test
@@ -75,8 +81,13 @@ public class NamespaceHttpFormLoginTests {
 		this.mvc.perform(get("/")).andExpect(redirectedUrl("http://localhost/authentication/login"));
 		this.mvc.perform(post("/authentication/login/process").with(csrf()))
 				.andExpect(redirectedUrl("/authentication/login?failed"));
-		this.mvc.perform(post("/authentication/login/process").param("username", "user").param("password", "password")
-				.with(csrf())).andExpect(redirectedUrl("/default"));
+		// @formatter:off
+		MockHttpServletRequestBuilder request = post("/authentication/login/process")
+				.param("username", "user")
+				.param("password", "password")
+				.with(csrf());
+		// @formatter:on
+		this.mvc.perform(request).andExpect(redirectedUrl("/default"));
 	}
 
 	@Test
@@ -85,8 +96,13 @@ public class NamespaceHttpFormLoginTests {
 		this.mvc.perform(get("/")).andExpect(redirectedUrl("http://localhost/login"));
 		this.mvc.perform(post("/login").with(csrf())).andExpect(redirectedUrl("/custom/failure"));
 		verifyBean(WebAuthenticationDetailsSource.class).buildDetails(any(HttpServletRequest.class));
-		this.mvc.perform(post("/login").param("username", "user").param("password", "password").with(csrf()))
-				.andExpect(redirectedUrl("/custom/targetUrl"));
+		// @formatter:off
+		MockHttpServletRequestBuilder loginRequest = post("/login")
+				.param("username", "user")
+				.param("password", "password")
+				.with(csrf());
+		// @formatter:on
+		this.mvc.perform(loginRequest).andExpect(redirectedUrl("/custom/targetUrl"));
 	}
 
 	private <T> T verifyBean(Class<T> beanClass) {
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpInterceptUrlTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpInterceptUrlTests.java
index bd4d5ac0a9..f48ccd1eb2 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpInterceptUrlTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpInterceptUrlTests.java
@@ -30,6 +30,7 @@ import org.springframework.security.config.test.SpringTestRule;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.test.web.servlet.MockMvc;
+import org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
@@ -66,22 +67,26 @@ public class NamespaceHttpInterceptUrlTests {
 	@Test
 	public void authenticatedRequestWhenUrlRequiresElevatedPrivilegesThenBehaviorMatchesNamespace() throws Exception {
 		this.spring.register(HttpInterceptUrlConfig.class).autowire();
-		this.mvc.perform(get("/users").with(authentication(user("ROLE_USER")))).andExpect(status().isForbidden());
+		MockHttpServletRequestBuilder requestWithUser = get("/users").with(authentication(user("ROLE_USER")));
+		this.mvc.perform(requestWithUser).andExpect(status().isForbidden());
 	}
 
 	@Test
 	public void authenticatedRequestWhenAuthorizedThenBehaviorMatchesNamespace() throws Exception {
 		this.spring.register(HttpInterceptUrlConfig.class, BaseController.class).autowire();
-		this.mvc.perform(get("/users").with(authentication(user("ROLE_ADMIN")))).andExpect(status().isOk()).andReturn();
+		MockHttpServletRequestBuilder requestWithAdmin = get("/users").with(authentication(user("ROLE_ADMIN")));
+		this.mvc.perform(requestWithAdmin).andExpect(status().isOk()).andReturn();
 	}
 
 	@Test
 	public void requestWhenMappedByPostInterceptUrlThenBehaviorMatchesNamespace() throws Exception {
 		this.spring.register(HttpInterceptUrlConfig.class, BaseController.class).autowire();
-		this.mvc.perform(get("/admin/post").with(authentication(user("ROLE_USER")))).andExpect(status().isOk());
-		this.mvc.perform(post("/admin/post").with(authentication(user("ROLE_USER")))).andExpect(status().isForbidden());
-		this.mvc.perform(post("/admin/post").with(csrf()).with(authentication(user("ROLE_ADMIN"))))
-				.andExpect(status().isOk());
+		MockHttpServletRequestBuilder getWithUser = get("/admin/post").with(authentication(user("ROLE_USER")));
+		this.mvc.perform(getWithUser).andExpect(status().isOk());
+		MockHttpServletRequestBuilder postWithUser = post("/admin/post").with(authentication(user("ROLE_USER")));
+		this.mvc.perform(postWithUser).andExpect(status().isForbidden());
+		MockHttpServletRequestBuilder requestWithAdmin = post("/admin/post").with(csrf()).with(authentication(user("ROLE_ADMIN")));
+		this.mvc.perform(requestWithAdmin).andExpect(status().isOk());
 	}
 
 	@Test
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpLogoutTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpLogoutTests.java
index 8b93855cb9..5b02de5f44 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpLogoutTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpLogoutTests.java
@@ -40,6 +40,7 @@ import org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuc
 import org.springframework.test.context.junit4.SpringRunner;
 import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.test.web.servlet.ResultMatcher;
+import org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf;
@@ -72,15 +73,21 @@ public class NamespaceHttpLogoutTests {
 	@WithMockUser
 	public void logoutWhenUsingDefaultsThenMatchesNamespace() throws Exception {
 		this.spring.register(HttpLogoutConfig.class).autowire();
-		this.mvc.perform(post("/logout").with(csrf())).andExpect(authenticated(false))
-				.andExpect(redirectedUrl("/login?logout")).andExpect(noCookies()).andExpect(session(Objects::isNull));
+		// @formatter:off
+		this.mvc.perform(post("/logout").with(csrf()))
+				.andExpect(authenticated(false))
+				.andExpect(redirectedUrl("/login?logout"))
+				.andExpect(noCookies())
+				.andExpect(session(Objects::isNull));
+		// @formatter:on
 	}
 
 	@Test
 	@WithMockUser
 	public void logoutWhenDisabledInLambdaThenRespondsWithNotFound() throws Exception {
 		this.spring.register(HttpLogoutDisabledInLambdaConfig.class).autowire();
-		this.mvc.perform(post("/logout").with(csrf()).with(user("user"))).andExpect(status().isNotFound());
+		MockHttpServletRequestBuilder logoutRequest = post("/logout").with(csrf()).with(user("user"));
+		this.mvc.perform(logoutRequest).andExpect(status().isNotFound());
 	}
 
 	/**
@@ -90,20 +97,28 @@ public class NamespaceHttpLogoutTests {
 	@WithMockUser
 	public void logoutWhenUsingVariousCustomizationsMatchesNamespace() throws Exception {
 		this.spring.register(CustomHttpLogoutConfig.class).autowire();
-		this.mvc.perform(post("/custom-logout").with(csrf())).andExpect(authenticated(false))
+		// @formatter:off
+		this.mvc.perform(post("/custom-logout").with(csrf()))
+				.andExpect(authenticated(false))
 				.andExpect(redirectedUrl("/logout-success"))
 				.andExpect((result) -> assertThat(result.getResponse().getCookies()).hasSize(1))
-				.andExpect(cookie().maxAge("remove", 0)).andExpect(session(Objects::nonNull));
+				.andExpect(cookie().maxAge("remove", 0))
+				.andExpect(session(Objects::nonNull));
+		// @formatter:on
 	}
 
 	@Test
 	@WithMockUser
 	public void logoutWhenUsingVariousCustomizationsInLambdaThenMatchesNamespace() throws Exception {
 		this.spring.register(CustomHttpLogoutInLambdaConfig.class).autowire();
-		this.mvc.perform(post("/custom-logout").with(csrf())).andExpect(authenticated(false))
+		// @formatter:off
+		this.mvc.perform(post("/custom-logout").with(csrf()))
+				.andExpect(authenticated(false))
 				.andExpect(redirectedUrl("/logout-success"))
 				.andExpect((result) -> assertThat(result.getResponse().getCookies()).hasSize(1))
-				.andExpect(cookie().maxAge("remove", 0)).andExpect(session(Objects::nonNull));
+				.andExpect(cookie().maxAge("remove", 0))
+				.andExpect(session(Objects::nonNull));
+		// @formatter:on
 	}
 
 	/**
@@ -113,18 +128,26 @@ public class NamespaceHttpLogoutTests {
 	@WithMockUser
 	public void logoutWhenUsingSuccessHandlerRefThenMatchesNamespace() throws Exception {
 		this.spring.register(SuccessHandlerRefHttpLogoutConfig.class).autowire();
-		this.mvc.perform(post("/logout").with(csrf())).andExpect(authenticated(false))
-				.andExpect(redirectedUrl("/SuccessHandlerRefHttpLogoutConfig")).andExpect(noCookies())
+		// @formatter:off
+		this.mvc.perform(post("/logout").with(csrf()))
+				.andExpect(authenticated(false))
+				.andExpect(redirectedUrl("/SuccessHandlerRefHttpLogoutConfig"))
+				.andExpect(noCookies())
 				.andExpect(session(Objects::isNull));
+		// @formatter:on
 	}
 
 	@Test
 	@WithMockUser
 	public void logoutWhenUsingSuccessHandlerRefInLambdaThenMatchesNamespace() throws Exception {
 		this.spring.register(SuccessHandlerRefHttpLogoutInLambdaConfig.class).autowire();
-		this.mvc.perform(post("/logout").with(csrf())).andExpect(authenticated(false))
-				.andExpect(redirectedUrl("/SuccessHandlerRefHttpLogoutConfig")).andExpect(noCookies())
+		// @formatter:off
+		this.mvc.perform(post("/logout").with(csrf()))
+				.andExpect(authenticated(false))
+				.andExpect(redirectedUrl("/SuccessHandlerRefHttpLogoutConfig"))
+				.andExpect(noCookies())
 				.andExpect(session(Objects::isNull));
+		// @formatter:on
 	}
 
 	ResultMatcher authenticated(boolean authenticated) {
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpOpenIDLoginTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpOpenIDLoginTests.java
index 26ad03f0de..273a528aef 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpOpenIDLoginTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpOpenIDLoginTests.java
@@ -56,6 +56,7 @@ import org.springframework.security.web.authentication.SimpleUrlAuthenticationFa
 import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
 import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.test.web.servlet.MvcResult;
+import org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
@@ -141,19 +142,22 @@ public class NamespaceHttpOpenIDLoginTests {
 		OpenIDAuthenticationToken token = new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.SUCCESS,
 				"identityUrl", "message", Arrays.asList(new OpenIDAttribute("name", "type")));
 		OpenIDLoginCustomRefsConfig.AUDS = mock(AuthenticationUserDetailsService.class);
-		given(OpenIDLoginCustomRefsConfig.AUDS.loadUserDetails(any(Authentication.class)))
-				.willReturn(new User("user", "password", AuthorityUtils.createAuthorityList("ROLE_USER")));
+		User user = new User("user", "password", AuthorityUtils.createAuthorityList("ROLE_USER"));
+		given(OpenIDLoginCustomRefsConfig.AUDS.loadUserDetails(any(Authentication.class))).willReturn(user);
 		OpenIDLoginCustomRefsConfig.ADS = spy(new WebAuthenticationDetailsSource());
 		OpenIDLoginCustomRefsConfig.CONSUMER = mock(OpenIDConsumer.class);
 		this.spring.register(OpenIDLoginCustomRefsConfig.class, UserDetailsServiceConfig.class).autowire();
 		given(OpenIDLoginCustomRefsConfig.CONSUMER.endConsumption(any(HttpServletRequest.class)))
 				.willThrow(new AuthenticationServiceException("boom"));
-		this.mvc.perform(post("/login/openid").with(csrf()).param("openid.identity", "identity"))
-				.andExpect(redirectedUrl("/custom/failure"));
+		// @formatter:off
+		MockHttpServletRequestBuilder login = post("/login/openid")
+				.with(csrf())
+				.param("openid.identity", "identity");
+		// @formatter:on
+		this.mvc.perform(login).andExpect(redirectedUrl("/custom/failure"));
 		reset(OpenIDLoginCustomRefsConfig.CONSUMER);
 		given(OpenIDLoginCustomRefsConfig.CONSUMER.endConsumption(any(HttpServletRequest.class))).willReturn(token);
-		this.mvc.perform(post("/login/openid").with(csrf()).param("openid.identity", "identity"))
-				.andExpect(redirectedUrl("/custom/targetUrl"));
+		this.mvc.perform(login).andExpect(redirectedUrl("/custom/targetUrl"));
 		verify(OpenIDLoginCustomRefsConfig.AUDS).loadUserDetails(any(Authentication.class));
 		verify(OpenIDLoginCustomRefsConfig.ADS).buildDetails(any(Object.class));
 	}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpServerAccessDeniedHandlerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpServerAccessDeniedHandlerTests.java
index 03c12efdb5..844058f8f4 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpServerAccessDeniedHandlerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpServerAccessDeniedHandlerTests.java
@@ -62,15 +62,21 @@ public class NamespaceHttpServerAccessDeniedHandlerTests {
 	@Test
 	public void requestWhenCustomAccessDeniedPageThenBehaviorMatchesNamespace() throws Exception {
 		this.spring.register(AccessDeniedPageConfig.class).autowire();
-		this.mvc.perform(get("/").with(authentication(user()))).andExpect(status().isForbidden())
+		// @formatter:off
+		this.mvc.perform(get("/").with(authentication(user())))
+				.andExpect(status().isForbidden())
 				.andExpect(forwardedUrl("/AccessDeniedPageConfig"));
+		// @formatter:on
 	}
 
 	@Test
 	public void requestWhenCustomAccessDeniedPageInLambdaThenForwardedToCustomPage() throws Exception {
 		this.spring.register(AccessDeniedPageInLambdaConfig.class).autowire();
-		this.mvc.perform(get("/").with(authentication(user()))).andExpect(status().isForbidden())
+		// @formatter:off
+		this.mvc.perform(get("/").with(authentication(user())))
+				.andExpect(status().isForbidden())
 				.andExpect(forwardedUrl("/AccessDeniedPageConfig"));
+		// @formatter:on
 	}
 
 	@Test
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpX509Tests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpX509Tests.java
index 5f30c3c7c8..06df9f2e0f 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpX509Tests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpX509Tests.java
@@ -282,7 +282,11 @@ public class NamespaceHttpX509Tests {
 
 		@Override
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
-			auth.inMemoryAuthentication().withUser("rod").password("password").roles("USER", "ADMIN");
+			// @formatter:off
+			auth
+				.inMemoryAuthentication()
+					.withUser("rod").password("password").roles("USER", "ADMIN");
+			// @formatter:on
 		}
 
 		@Override
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceRememberMeTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceRememberMeTests.java
index 5a5347c334..18e14dd477 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceRememberMeTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceRememberMeTests.java
@@ -46,6 +46,7 @@ import org.springframework.security.web.authentication.rememberme.PersistentReme
 import org.springframework.security.web.authentication.rememberme.PersistentTokenRepository;
 import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.test.web.servlet.MvcResult;
+import org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder;
 import org.springframework.test.web.servlet.request.RequestPostProcessor;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RestController;
@@ -87,12 +88,25 @@ public class NamespaceRememberMeTests {
 		assertThat(rememberMe).isNotNull();
 		this.mvc.perform(get("/authentication-class").cookie(rememberMe))
 				.andExpect(content().string(RememberMeAuthenticationToken.class.getName()));
-		result = this.mvc.perform(post("/logout").with(csrf()).session(session).cookie(rememberMe))
-				.andExpect(redirectedUrl("/login?logout")).andReturn();
+		// @formatter:off
+		MockHttpServletRequestBuilder logoutRequest = post("/logout")
+				.with(csrf())
+				.session(session)
+				.cookie(rememberMe);
+		result = this.mvc.perform(logoutRequest)
+				.andExpect(redirectedUrl("/login?logout"))
+				.andReturn();
+		// @formatter:on
 		rememberMe = result.getResponse().getCookie("remember-me");
 		assertThat(rememberMe).isNotNull().extracting(Cookie::getMaxAge).isEqualTo(0);
-		this.mvc.perform(post("/authentication-class").with(csrf()).cookie(rememberMe))
-				.andExpect(redirectedUrl("http://localhost/login")).andReturn();
+		// @formatter:off
+		MockHttpServletRequestBuilder authenticationClassRequest = post("/authentication-class")
+				.with(csrf())
+				.cookie(rememberMe);
+		this.mvc.perform(authenticationClassRequest)
+				.andExpect(redirectedUrl("http://localhost/login"))
+				.andReturn();
+		// @formatter:on
 	}
 
 	// SEC-3170 - RememberMeService implementations should not have to also implement
@@ -125,13 +139,27 @@ public class NamespaceRememberMeTests {
 	@Test
 	public void rememberMeLoginWhenKeyDeclaredThenMatchesNamespace() throws Exception {
 		this.spring.register(WithoutKeyConfig.class, KeyConfig.class, SecurityController.class).autowire();
-		Cookie withoutKey = this.mvc.perform(post("/without-key/login").with(rememberMeLogin()))
-				.andExpect(redirectedUrl("/")).andReturn().getResponse().getCookie("remember-me");
-		this.mvc.perform(get("/somewhere").cookie(withoutKey)).andExpect(status().isFound())
-				.andExpect(redirectedUrl("http://localhost/login"));
-		Cookie withKey = this.mvc.perform(post("/login").with(rememberMeLogin())).andReturn().getResponse()
+		MockHttpServletRequestBuilder requestWithRememberme = post("/without-key/login").with(rememberMeLogin());
+		// @formatter:off
+		Cookie withoutKey = this.mvc.perform(requestWithRememberme)
+				.andExpect(redirectedUrl("/"))
+				.andReturn()
+				.getResponse()
 				.getCookie("remember-me");
-		this.mvc.perform(get("/somewhere").cookie(withKey)).andExpect(status().isNotFound());
+		// @formatter:on
+		MockHttpServletRequestBuilder somewhereRequest = get("/somewhere").cookie(withoutKey);
+		// @formatter:off
+		this.mvc.perform(somewhereRequest)
+				.andExpect(status().isFound())
+				.andExpect(redirectedUrl("http://localhost/login"));
+		MockHttpServletRequestBuilder loginWithRememberme = post("/login").with(rememberMeLogin());
+		Cookie withKey = this.mvc.perform(loginWithRememberme)
+				.andReturn()
+				.getResponse()
+				.getCookie("remember-me");
+		this.mvc.perform(get("/somewhere").cookie(withKey))
+				.andExpect(status().isNotFound());
+		// @formatter:on
 	}
 
 	// http/remember-me@services-alias is not supported use standard aliasing instead
@@ -149,40 +177,61 @@ public class NamespaceRememberMeTests {
 	@Test
 	public void rememberMeLoginWhenTokenValidityDeclaredThenMatchesNamespace() throws Exception {
 		this.spring.register(TokenValiditySecondsConfig.class).autowire();
-		Cookie expiredRememberMe = this.mvc.perform(post("/login").with(rememberMeLogin())).andReturn().getResponse()
+		// @formatter:off
+		Cookie expiredRememberMe = this.mvc.perform(post("/login").with(rememberMeLogin()))
+				.andReturn()
+				.getResponse()
 				.getCookie("remember-me");
+		// @formatter:on
 		assertThat(expiredRememberMe).extracting(Cookie::getMaxAge).isEqualTo(314);
 	}
 
 	@Test
 	public void rememberMeLoginWhenUsingDefaultsThenCookieMaxAgeMatchesNamespace() throws Exception {
 		this.spring.register(RememberMeConfig.class).autowire();
-		Cookie expiredRememberMe = this.mvc.perform(post("/login").with(rememberMeLogin())).andReturn().getResponse()
+		// @formatter:off
+		Cookie expiredRememberMe = this.mvc.perform(post("/login").with(rememberMeLogin()))
+				.andReturn()
+				.getResponse()
 				.getCookie("remember-me");
+		// @formatter:on
 		assertThat(expiredRememberMe).extracting(Cookie::getMaxAge).isEqualTo(AbstractRememberMeServices.TWO_WEEKS_S);
 	}
 
 	@Test
 	public void rememberMeLoginWhenUsingSecureCookieThenMatchesNamespace() throws Exception {
 		this.spring.register(UseSecureCookieConfig.class).autowire();
-		Cookie secureCookie = this.mvc.perform(post("/login").with(rememberMeLogin())).andReturn().getResponse()
+		// @formatter:off
+		Cookie secureCookie = this.mvc.perform(post("/login").with(rememberMeLogin()))
+				.andReturn()
+				.getResponse()
 				.getCookie("remember-me");
+		// @formatter:on
 		assertThat(secureCookie).extracting(Cookie::getSecure).isEqualTo(true);
 	}
 
 	@Test
 	public void rememberMeLoginWhenUsingDefaultsThenCookieSecurityMatchesNamespace() throws Exception {
 		this.spring.register(RememberMeConfig.class).autowire();
-		Cookie secureCookie = this.mvc.perform(post("/login").with(rememberMeLogin()).secure(true)).andReturn()
-				.getResponse().getCookie("remember-me");
+		// @formatter:off
+		Cookie secureCookie = this.mvc.perform(post("/login").with(rememberMeLogin()).secure(true))
+				.andReturn()
+				.getResponse()
+				.getCookie("remember-me");
+		// @formatter:on
 		assertThat(secureCookie).extracting(Cookie::getSecure).isEqualTo(true);
 	}
 
 	@Test
 	public void rememberMeLoginWhenParameterSpecifiedThenMatchesNamespace() throws Exception {
 		this.spring.register(RememberMeParameterConfig.class).autowire();
-		Cookie rememberMe = this.mvc.perform(post("/login").with(rememberMeLogin("rememberMe", true))).andReturn()
-				.getResponse().getCookie("remember-me");
+		MockHttpServletRequestBuilder loginWithRememberme = post("/login").with(rememberMeLogin("rememberMe", true));
+		// @formatter:off
+		Cookie rememberMe = this.mvc.perform(loginWithRememberme)
+				.andReturn()
+				.getResponse()
+				.getCookie("remember-me");
+		// @formatter:on
 		assertThat(rememberMe).isNotNull();
 	}
 
@@ -190,8 +239,12 @@ public class NamespaceRememberMeTests {
 	@Test
 	public void rememberMeLoginWhenCookieNameDeclaredThenMatchesNamespace() throws Exception {
 		this.spring.register(RememberMeCookieNameConfig.class).autowire();
-		Cookie rememberMe = this.mvc.perform(post("/login").with(rememberMeLogin())).andReturn().getResponse()
+		// @formatter:off
+		Cookie rememberMe = this.mvc.perform(post("/login").with(rememberMeLogin()))
+				.andReturn()
+				.getResponse()
 				.getCookie("rememberMe");
+		// @formatter:on
 		assertThat(rememberMe).isNotNull();
 	}
 
@@ -207,8 +260,8 @@ public class NamespaceRememberMeTests {
 	public void rememberMeLoginWhenUserDetailsServiceDeclaredThenMatchesNamespace() throws Exception {
 		UserServiceRefConfig.USERDETAILS_SERVICE = mock(UserDetailsService.class);
 		this.spring.register(UserServiceRefConfig.class).autowire();
-		given(UserServiceRefConfig.USERDETAILS_SERVICE.loadUserByUsername("user"))
-				.willReturn(new User("user", "password", AuthorityUtils.createAuthorityList("ROLE_USER")));
+		User user = new User("user", "password", AuthorityUtils.createAuthorityList("ROLE_USER"));
+		given(UserServiceRefConfig.USERDETAILS_SERVICE.loadUserByUsername("user")).willReturn(user);
 		this.mvc.perform(post("/login").with(rememberMeLogin()));
 		verify(UserServiceRefConfig.USERDETAILS_SERVICE).loadUserByUsername("user");
 	}
@@ -470,7 +523,7 @@ public class NamespaceRememberMeTests {
 		@Bean
 		public UserDetailsService userDetailsService() {
 			return new InMemoryUserDetailsManager(
-			// @formatter:off
+					// @formatter:off
 					User.withDefaultPasswordEncoder()
 							.username("user")
 							.password("password")
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceSessionManagementTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceSessionManagementTests.java
index 8ddd312c45..16d0e2c90c 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceSessionManagementTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceSessionManagementTests.java
@@ -52,6 +52,7 @@ import org.springframework.security.web.session.InvalidSessionStrategy;
 import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.test.web.servlet.MvcResult;
 import org.springframework.test.web.servlet.ResultMatcher;
+import org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RestController;
 
@@ -84,19 +85,24 @@ public class NamespaceSessionManagementTests {
 				.autowire();
 		MockHttpSession session = new MockHttpSession();
 		String sessionId = session.getId();
-		MvcResult result = this.mvc.perform(get("/auth").session(session).with(httpBasic("user", "password")))
-				.andExpect(session()).andReturn();
+		MockHttpServletRequestBuilder request = get("/auth").session(session).with(httpBasic("user", "password"));
+		// @formatter:off
+		MvcResult result = this.mvc.perform(request)
+				.andExpect(session())
+				.andReturn();
+		// @formatter:on
 		assertThat(result.getRequest().getSession(false).getId()).isNotEqualTo(sessionId);
 	}
 
 	@Test
 	public void authenticateWhenUsingInvalidSessionUrlThenMatchesNamespace() throws Exception {
 		this.spring.register(CustomSessionManagementConfig.class).autowire();
-		this.mvc.perform(get("/auth").with((request) -> {
+		MockHttpServletRequestBuilder request = get("/auth").with((request) -> {
 			request.setRequestedSessionIdValid(false);
 			request.setRequestedSessionId("id");
 			return request;
-		})).andExpect(redirectedUrl("/invalid-session"));
+		});
+		this.mvc.perform(request).andExpect(redirectedUrl("/invalid-session"));
 	}
 
 	@Test
@@ -127,8 +133,12 @@ public class NamespaceSessionManagementTests {
 		mock.setSession(new MockHttpSession());
 		given(mock.changeSessionId()).willThrow(SessionAuthenticationException.class);
 		mock.setMethod("GET");
-		this.mvc.perform(get("/auth").with((request) -> mock).with(httpBasic("user", "password")))
-				.andExpect(redirectedUrl("/session-auth-error"));
+		// @formatter:off
+		MockHttpServletRequestBuilder request = get("/auth")
+				.with((request) -> mock)
+				.with(httpBasic("user", "password"));
+		// @formatter:on
+		this.mvc.perform(request).andExpect(redirectedUrl("/session-auth-error"));
 	}
 
 	@Test
@@ -136,7 +146,8 @@ public class NamespaceSessionManagementTests {
 		this.spring.register(CustomSessionManagementConfig.class, BasicController.class, UserDetailsServiceConfig.class)
 				.autowire();
 		SessionRegistry sessionRegistry = this.spring.getContext().getBean(SessionRegistry.class);
-		this.mvc.perform(get("/auth").with(httpBasic("user", "password"))).andExpect(status().isOk());
+		MockHttpServletRequestBuilder request = get("/auth").with(httpBasic("user", "password"));
+		this.mvc.perform(request).andExpect(status().isOk());
 		verify(sessionRegistry).registerNewSession(any(String.class), any(Object.class));
 	}
 
@@ -144,11 +155,12 @@ public class NamespaceSessionManagementTests {
 	@Test
 	public void authenticateWhenUsingCustomInvalidSessionStrategyThenMatchesNamespace() throws Exception {
 		this.spring.register(InvalidSessionStrategyConfig.class).autowire();
-		this.mvc.perform(get("/auth").with((request) -> {
+		MockHttpServletRequestBuilder request = get("/auth").with((request) -> {
 			request.setRequestedSessionIdValid(false);
 			request.setRequestedSessionId("id");
 			return request;
-		})).andExpect(status().isOk());
+		});
+		this.mvc.perform(request).andExpect(status().isOk());
 		verifyBean(InvalidSessionStrategy.class).onInvalidSessionDetected(any(HttpServletRequest.class),
 				any(HttpServletResponse.class));
 	}
@@ -157,7 +169,8 @@ public class NamespaceSessionManagementTests {
 	public void authenticateWhenUsingCustomSessionAuthenticationStrategyThenMatchesNamespace() throws Exception {
 		this.spring.register(RefsSessionManagementConfig.class, BasicController.class, UserDetailsServiceConfig.class)
 				.autowire();
-		this.mvc.perform(get("/auth").with(httpBasic("user", "password"))).andExpect(status().isOk());
+		MockHttpServletRequestBuilder request = get("/auth").with(httpBasic("user", "password"));
+		this.mvc.perform(request).andExpect(status().isOk());
 		verifyBean(SessionAuthenticationStrategy.class).onAuthentication(any(Authentication.class),
 				any(HttpServletRequest.class), any(HttpServletResponse.class));
 	}
@@ -169,9 +182,16 @@ public class NamespaceSessionManagementTests {
 				.autowire();
 		MockHttpSession givenSession = new MockHttpSession();
 		String givenSessionId = givenSession.getId();
-		MockHttpSession resultingSession = (MockHttpSession) this.mvc
-				.perform(get("/auth").session(givenSession).with(httpBasic("user", "password")))
-				.andExpect(status().isOk()).andReturn().getRequest().getSession(false);
+		// @formatter:off
+		MockHttpServletRequestBuilder request = get("/auth")
+				.session(givenSession)
+				.with(httpBasic("user", "password"));
+		MockHttpSession resultingSession = (MockHttpSession) this.mvc.perform(request)
+				.andExpect(status().isOk())
+				.andReturn()
+				.getRequest()
+				.getSession(false);
+		// @formatter:on
 		assertThat(givenSessionId).isEqualTo(resultingSession.getId());
 	}
 
@@ -182,9 +202,15 @@ public class NamespaceSessionManagementTests {
 		MockHttpSession givenSession = new MockHttpSession();
 		String givenSessionId = givenSession.getId();
 		givenSession.setAttribute("name", "value");
-		MockHttpSession resultingSession = (MockHttpSession) this.mvc
-				.perform(get("/auth").session(givenSession).with(httpBasic("user", "password")))
-				.andExpect(status().isOk()).andReturn().getRequest().getSession(false);
+		// @formatter:off
+		MockHttpSession resultingSession = (MockHttpSession) this.mvc.perform(get("/auth")
+				.session(givenSession)
+				.with(httpBasic("user", "password")))
+				.andExpect(status().isOk())
+				.andReturn()
+				.getRequest()
+				.getSession(false);
+		// @formatter:on
 		assertThat(givenSessionId).isNotEqualTo(resultingSession.getId());
 		assertThat(resultingSession.getAttribute("name")).isEqualTo("value");
 	}
@@ -193,8 +219,12 @@ public class NamespaceSessionManagementTests {
 	@Test
 	public void authenticateWhenUsingSessionFixationProtectionThenUsesNonNullEventPublisher() throws Exception {
 		this.spring.register(SFPPostProcessedConfig.class, UserDetailsServiceConfig.class).autowire();
-		this.mvc.perform(get("/auth").session(new MockHttpSession()).with(httpBasic("user", "password")))
-				.andExpect(status().isNotFound());
+		// @formatter:off
+		MockHttpServletRequestBuilder request = get("/auth")
+				.session(new MockHttpSession())
+				.with(httpBasic("user", "password"));
+		// @formatter:on
+		this.mvc.perform(request).andExpect(status().isNotFound());
 		verifyBean(MockEventListener.class).onApplicationEvent(any(SessionFixationProtectionEvent.class));
 	}
 
@@ -204,9 +234,15 @@ public class NamespaceSessionManagementTests {
 		MockHttpSession givenSession = new MockHttpSession();
 		String givenSessionId = givenSession.getId();
 		givenSession.setAttribute("name", "value");
-		MockHttpSession resultingSession = (MockHttpSession) this.mvc
-				.perform(get("/auth").session(givenSession).with(httpBasic("user", "password")))
-				.andExpect(status().isNotFound()).andReturn().getRequest().getSession(false);
+		MockHttpServletRequestBuilder request = get("/auth").session(givenSession)
+				.with(httpBasic("user", "password"));
+		// @formatter:off
+		MockHttpSession resultingSession = (MockHttpSession) this.mvc.perform(request)
+				.andExpect(status().isNotFound())
+				.andReturn()
+				.getRequest()
+				.getSession(false);
+		// @formatter:on
 		assertThat(givenSessionId).isNotEqualTo(resultingSession.getId());
 		assertThat(resultingSession.getAttribute("name")).isNull();
 	}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/PermitAllSupportTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/PermitAllSupportTests.java
index 79d4d121dc..35d1573329 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/PermitAllSupportTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/PermitAllSupportTests.java
@@ -26,6 +26,7 @@ import org.springframework.security.config.annotation.web.configuration.EnableWe
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.test.SpringTestRule;
 import org.springframework.test.web.servlet.MockMvc;
+import org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder;
 
 import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf;
@@ -49,10 +50,14 @@ public class PermitAllSupportTests {
 	@Test
 	public void performWhenUsingPermitAllExactUrlRequestMatcherThenMatchesExactUrl() throws Exception {
 		this.spring.register(PermitAllConfig.class).autowire();
-		this.mvc.perform(get("/app/xyz").contextPath("/app")).andExpect(status().isNotFound());
-		this.mvc.perform(get("/app/xyz?def").contextPath("/app")).andExpect(status().isFound());
-		this.mvc.perform(post("/app/abc?def").with(csrf()).contextPath("/app")).andExpect(status().isNotFound());
-		this.mvc.perform(get("/app/abc").with(csrf()).contextPath("/app")).andExpect(status().isFound());
+		MockHttpServletRequestBuilder request = get("/app/xyz").contextPath("/app");
+		this.mvc.perform(request).andExpect(status().isNotFound());
+		MockHttpServletRequestBuilder getWithQuery = get("/app/xyz?def").contextPath("/app");
+		this.mvc.perform(getWithQuery).andExpect(status().isFound());
+		MockHttpServletRequestBuilder postWithQueryAndCsrf = post("/app/abc?def").with(csrf()).contextPath("/app");
+		this.mvc.perform(postWithQueryAndCsrf).andExpect(status().isNotFound());
+		MockHttpServletRequestBuilder getWithCsrf = get("/app/abc").with(csrf()).contextPath("/app");
+		this.mvc.perform(getWithCsrf).andExpect(status().isFound());
 	}
 
 	@Test
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurerTests.java
index b64e772290..595cf60c83 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurerTests.java
@@ -40,11 +40,13 @@ import org.springframework.security.core.userdetails.PasswordEncodedUser;
 import org.springframework.security.core.userdetails.User;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.provisioning.InMemoryUserDetailsManager;
+import org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers;
 import org.springframework.security.web.authentication.RememberMeServices;
 import org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter;
 import org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices;
 import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.test.web.servlet.MvcResult;
+import org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
@@ -83,8 +85,16 @@ public class RememberMeConfigurerTests {
 	public void postWhenNoUserDetailsServiceThenException() {
 		this.spring.register(NullUserDetailsConfig.class).autowire();
 		assertThatIllegalStateException()
-				.isThrownBy(() -> this.mvc.perform(post("/login").param("username", "user")
-						.param("password", "password").param("remember-me", "true").with(csrf())))
+				.isThrownBy(() -> {
+					// @formatter:off
+					MockHttpServletRequestBuilder request = post("/login")
+							.param("username", "user")
+							.param("password", "password")
+							.param("remember-me", "true")
+							.with(csrf());
+					// @formatter:on
+					this.mvc.perform(request);
+				})
 				.withMessageContaining("UserDetailsService is required");
 	}
 
@@ -99,15 +109,26 @@ public class RememberMeConfigurerTests {
 		given(DuplicateDoesNotOverrideConfig.userDetailsService.loadUserByUsername(anyString()))
 				.willReturn(new User("user", "password", Collections.emptyList()));
 		this.spring.register(DuplicateDoesNotOverrideConfig.class).autowire();
-		this.mvc.perform(get("/").with(httpBasic("user", "password")).param("remember-me", "true"));
+		// @formatter:off
+		MockHttpServletRequestBuilder request = get("/")
+				.with(httpBasic("user", "password"))
+				.param("remember-me", "true");
+		// @formatter:on
+		this.mvc.perform(request);
 		verify(DuplicateDoesNotOverrideConfig.userDetailsService).loadUserByUsername("user");
 	}
 
 	@Test
 	public void loginWhenRememberMeTrueThenRespondsWithRememberMeCookie() throws Exception {
 		this.spring.register(RememberMeConfig.class).autowire();
-		this.mvc.perform(post("/login").with(csrf()).param("username", "user").param("password", "password")
-				.param("remember-me", "true")).andExpect(cookie().exists("remember-me"));
+		// @formatter:off
+		MockHttpServletRequestBuilder request = post("/login")
+				.with(csrf())
+				.param("username", "user")
+				.param("password", "password")
+				.param("remember-me", "true");
+		// @formatter:on
+		this.mvc.perform(request).andExpect(cookie().exists("remember-me"));
 	}
 
 	@Test
@@ -116,57 +137,108 @@ public class RememberMeConfigurerTests {
 		MvcResult mvcResult = this.mvc.perform(post("/login").with(csrf()).param("username", "user")
 				.param("password", "password").param("remember-me", "true")).andReturn();
 		Cookie rememberMeCookie = mvcResult.getResponse().getCookie("remember-me");
-		this.mvc.perform(get("/abc").cookie(rememberMeCookie)).andExpect(authenticated()
-				.withAuthentication((auth) -> assertThat(auth).isInstanceOf(RememberMeAuthenticationToken.class)));
+		// @formatter:off
+		MockHttpServletRequestBuilder request = get("/abc").cookie(rememberMeCookie);
+		SecurityMockMvcResultMatchers.AuthenticatedMatcher remembermeAuthentication = authenticated()
+				.withAuthentication((auth) -> assertThat(auth).isInstanceOf(RememberMeAuthenticationToken.class));
+		// @formatter:on
+		this.mvc.perform(request).andExpect(remembermeAuthentication);
 	}
 
 	@Test
 	public void logoutWhenRememberMeCookieThenAuthenticationIsRememberMeCookieExpired() throws Exception {
 		this.spring.register(RememberMeConfig.class).autowire();
-		MvcResult mvcResult = this.mvc.perform(post("/login").with(csrf()).param("username", "user")
-				.param("password", "password").param("remember-me", "true")).andReturn();
+		// @formatter:off
+		MockHttpServletRequestBuilder loginRequest = post("/login")
+				.with(csrf())
+				.param("username", "user")
+				.param("password", "password")
+				.param("remember-me", "true");
+		// @formatter:on
+		MvcResult mvcResult = this.mvc.perform(loginRequest).andReturn();
 		Cookie rememberMeCookie = mvcResult.getResponse().getCookie("remember-me");
 		HttpSession session = mvcResult.getRequest().getSession();
-		this.mvc.perform(post("/logout").with(csrf()).cookie(rememberMeCookie).session((MockHttpSession) session))
-				.andExpect(redirectedUrl("/login?logout")).andExpect(cookie().maxAge("remember-me", 0));
+		// @formatter:off
+		MockHttpServletRequestBuilder logoutRequest = post("/logout")
+				.with(csrf())
+				.cookie(rememberMeCookie)
+				.session((MockHttpSession) session);
+		this.mvc.perform(logoutRequest)
+				.andExpect(redirectedUrl("/login?logout"))
+				.andExpect(cookie().maxAge("remember-me", 0));
+		// @formatter:on
 	}
 
 	@Test
 	public void getWhenRememberMeCookieAndLoggedOutThenRedirectsToLogin() throws Exception {
 		this.spring.register(RememberMeConfig.class).autowire();
-		MvcResult loginMvcResult = this.mvc.perform(post("/login").with(csrf()).param("username", "user")
-				.param("password", "password").param("remember-me", "true")).andReturn();
+		// @formatter:off
+		MockHttpServletRequestBuilder loginRequest = post("/login")
+				.with(csrf())
+				.param("username", "user")
+				.param("password", "password")
+				.param("remember-me", "true");
+		// @formatter:on
+		MvcResult loginMvcResult = this.mvc.perform(loginRequest).andReturn();
 		Cookie rememberMeCookie = loginMvcResult.getResponse().getCookie("remember-me");
 		HttpSession session = loginMvcResult.getRequest().getSession();
-		MvcResult logoutMvcResult = this.mvc
-				.perform(post("/logout").with(csrf()).cookie(rememberMeCookie).session((MockHttpSession) session))
-				.andReturn();
+		// @formatter:off
+		MockHttpServletRequestBuilder logoutRequest = post("/logout")
+				.with(csrf())
+				.cookie(rememberMeCookie)
+				.session((MockHttpSession) session);
+		// @formatter:on
+		MvcResult logoutMvcResult = this.mvc.perform(logoutRequest).andReturn();
 		Cookie expiredRememberMeCookie = logoutMvcResult.getResponse().getCookie("remember-me");
-		this.mvc.perform(get("/abc").with(csrf()).cookie(expiredRememberMeCookie))
-				.andExpect(redirectedUrl("http://localhost/login"));
+		// @formatter:off
+		MockHttpServletRequestBuilder expiredRequest = get("/abc")
+				.with(csrf())
+				.cookie(expiredRememberMeCookie);
+		// @formatter:on
+		this.mvc.perform(expiredRequest).andExpect(redirectedUrl("http://localhost/login"));
 	}
 
 	@Test
 	public void loginWhenRememberMeConfiguredInLambdaThenRespondsWithRememberMeCookie() throws Exception {
 		this.spring.register(RememberMeInLambdaConfig.class).autowire();
-		this.mvc.perform(post("/login").with(csrf()).param("username", "user").param("password", "password")
-				.param("remember-me", "true")).andExpect(cookie().exists("remember-me"));
+		// @formatter:off
+		MockHttpServletRequestBuilder request = post("/login")
+				.with(csrf())
+				.param("username", "user")
+				.param("password", "password")
+				.param("remember-me", "true");
+		// @formatter:on
+		this.mvc.perform(request).andExpect(cookie().exists("remember-me"));
 	}
 
 	@Test
 	public void loginWhenRememberMeTrueAndCookieDomainThenRememberMeCookieHasDomain() throws Exception {
 		this.spring.register(RememberMeCookieDomainConfig.class).autowire();
-		this.mvc.perform(post("/login").with(csrf()).param("username", "user").param("password", "password")
-				.param("remember-me", "true")).andExpect(cookie().exists("remember-me"))
+		// @formatter:off
+		MockHttpServletRequestBuilder request = post("/login")
+				.with(csrf())
+				.param("username", "user")
+				.param("password", "password")
+				.param("remember-me", "true");
+		this.mvc.perform(request).
+				andExpect(cookie().exists("remember-me"))
 				.andExpect(cookie().domain("remember-me", "spring.io"));
+		// @formatter:on
 	}
 
 	@Test
 	public void loginWhenRememberMeTrueAndCookieDomainInLambdaThenRememberMeCookieHasDomain() throws Exception {
 		this.spring.register(RememberMeCookieDomainInLambdaConfig.class).autowire();
-		this.mvc.perform(post("/login").with(csrf()).param("username", "user").param("password", "password")
-				.param("remember-me", "true")).andExpect(cookie().exists("remember-me"))
+		// @formatter:off
+		MockHttpServletRequestBuilder loginRequest = post("/login")
+				.with(csrf())
+				.param("username", "user")
+				.param("password", "password")
+				.param("remember-me", "true");
+		this.mvc.perform(loginRequest)
+				.andExpect(cookie().exists("remember-me"))
 				.andExpect(cookie().domain("remember-me", "spring.io"));
+		// @formatter:on
 	}
 
 	@Test
@@ -181,11 +253,21 @@ public class RememberMeConfigurerTests {
 	@Test
 	public void getWhenRememberMeCookieAndNoKeyConfiguredThenKeyFromRememberMeServicesIsUsed() throws Exception {
 		this.spring.register(FallbackRememberMeKeyConfig.class).autowire();
-		MvcResult mvcResult = this.mvc.perform(post("/login").with(csrf()).param("username", "user")
-				.param("password", "password").param("remember-me", "true")).andReturn();
+		// @formatter:off
+		MockHttpServletRequestBuilder loginRequest = post("/login")
+				.with(csrf())
+				.param("username", "user")
+				.param("password", "password")
+				.param("remember-me", "true");
+		// @formatter:on
+		MvcResult mvcResult = this.mvc.perform(loginRequest).andReturn();
 		Cookie rememberMeCookie = mvcResult.getResponse().getCookie("remember-me");
-		this.mvc.perform(get("/abc").cookie(rememberMeCookie)).andExpect(authenticated()
-				.withAuthentication((auth) -> assertThat(auth).isInstanceOf(RememberMeAuthenticationToken.class)));
+		MockHttpServletRequestBuilder requestWithRememberme = get("/abc").cookie(rememberMeCookie);
+		// @formatter:off
+		SecurityMockMvcResultMatchers.AuthenticatedMatcher remembermeAuthentication = authenticated()
+				.withAuthentication((auth) -> assertThat(auth).isInstanceOf(RememberMeAuthenticationToken.class));
+		// @formatter:on
+		this.mvc.perform(requestWithRememberme).andExpect(remembermeAuthentication);
 	}
 
 	@EnableWebSecurity
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestCacheConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestCacheConfigurerTests.java
index 5079480e76..a8fdf1598a 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestCacheConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestCacheConfigurerTests.java
@@ -40,6 +40,8 @@ import org.springframework.security.web.savedrequest.RequestCache;
 import org.springframework.security.web.savedrequest.RequestCacheAwareFilter;
 import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.test.web.servlet.RequestBuilder;
+import org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder;
+import org.springframework.test.web.servlet.request.MockMultipartHttpServletRequestBuilder;
 
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.mock;
@@ -83,41 +85,63 @@ public class RequestCacheConfigurerTests {
 	@Test
 	public void getWhenBookmarkedUrlIsFaviconIcoThenPostAuthenticationRedirectsToRoot() throws Exception {
 		this.spring.register(RequestCacheDefaultsConfig.class, DefaultSecurityConfig.class).autowire();
+		// @formatter:off
 		MockHttpSession session = (MockHttpSession) this.mvc.perform(get("/favicon.ico"))
-				.andExpect(redirectedUrl("http://localhost/login")).andReturn().getRequest().getSession();
-		this.mvc.perform(formLogin(session)).andExpect(redirectedUrl("/")); // ignores
-																			// favicon.ico
+				.andExpect(redirectedUrl("http://localhost/login"))
+				.andReturn()
+				.getRequest()
+				.getSession();
+		// @formatter:on
+		// ignores favicon.ico
+		this.mvc.perform(formLogin(session)).andExpect(redirectedUrl("/"));
 	}
 
 	@Test
 	public void getWhenBookmarkedUrlIsFaviconPngThenPostAuthenticationRedirectsToRoot() throws Exception {
 		this.spring.register(RequestCacheDefaultsConfig.class, DefaultSecurityConfig.class).autowire();
+		// @formatter:off
 		MockHttpSession session = (MockHttpSession) this.mvc.perform(get("/favicon.png"))
-				.andExpect(redirectedUrl("http://localhost/login")).andReturn().getRequest().getSession();
-		this.mvc.perform(formLogin(session)).andExpect(redirectedUrl("/")); // ignores
-																			// favicon.png
+				.andExpect(redirectedUrl("http://localhost/login"))
+				.andReturn()
+				.getRequest()
+				.getSession();
+		// @formatter:on
+		// ignores favicon.png
+		this.mvc.perform(formLogin(session)).andExpect(redirectedUrl("/"));
 	}
 
 	// SEC-2321
 	@Test
 	public void getWhenBookmarkedRequestIsApplicationJsonThenPostAuthenticationRedirectsToRoot() throws Exception {
 		this.spring.register(RequestCacheDefaultsConfig.class, DefaultSecurityConfig.class).autowire();
-		MockHttpSession session = (MockHttpSession) this.mvc
-				.perform(get("/messages").header(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON))
-				.andExpect(redirectedUrl("http://localhost/login")).andReturn().getRequest().getSession();
-		this.mvc.perform(formLogin(session)).andExpect(redirectedUrl("/")); // ignores
-																			// application/json
+		MockHttpServletRequestBuilder request = get("/messages").header(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON);
+		// @formatter:off
+		MockHttpSession session = (MockHttpSession) this.mvc.perform(request)
+				.andExpect(redirectedUrl("http://localhost/login"))
+				.andReturn()
+				.getRequest()
+				.getSession();
+		// @formatter:on
+		// ignores application/json
 		// This is desirable since JSON requests are typically not invoked directly from
 		// the browser and we don't want the browser to replay them
+		this.mvc.perform(formLogin(session)).andExpect(redirectedUrl("/"));
 	}
 
 	// SEC-2321
 	@Test
 	public void getWhenBookmarkedRequestIsXRequestedWithThenPostAuthenticationRedirectsToRoot() throws Exception {
 		this.spring.register(RequestCacheDefaultsConfig.class, DefaultSecurityConfig.class).autowire();
+		// @formatter:off
+		MockHttpServletRequestBuilder xRequestedWith = get("/messages")
+				.header("X-Requested-With", "XMLHttpRequest");
 		MockHttpSession session = (MockHttpSession) this.mvc
-				.perform(get("/messages").header("X-Requested-With", "XMLHttpRequest"))
-				.andExpect(redirectedUrl("http://localhost/login")).andReturn().getRequest().getSession();
+				.perform(xRequestedWith)
+				.andExpect(redirectedUrl("http://localhost/login"))
+				.andReturn()
+				.getRequest()
+				.getSession();
+		// @formatter:on
 		this.mvc.perform(formLogin(session)).andExpect(redirectedUrl("/"));
 		// This is desirable since XHR requests are typically not invoked directly from
 		// the browser and we don't want the browser to replay them
@@ -126,49 +150,75 @@ public class RequestCacheConfigurerTests {
 	@Test
 	public void getWhenBookmarkedRequestIsTextEventStreamThenPostAuthenticationRedirectsToRoot() throws Exception {
 		this.spring.register(RequestCacheDefaultsConfig.class, DefaultSecurityConfig.class).autowire();
-		MockHttpSession session = (MockHttpSession) this.mvc
-				.perform(get("/messages").header(HttpHeaders.ACCEPT, MediaType.TEXT_EVENT_STREAM))
-				.andExpect(redirectedUrl("http://localhost/login")).andReturn().getRequest().getSession();
-		this.mvc.perform(formLogin(session)).andExpect(redirectedUrl("/")); // ignores
-																			// text/event-stream
+		MockHttpServletRequestBuilder request = get("/messages").header(HttpHeaders.ACCEPT, MediaType.TEXT_EVENT_STREAM);
+		// @formatter:off
+		MockHttpSession session = (MockHttpSession) this.mvc.perform(request)
+				.andExpect(redirectedUrl("http://localhost/login"))
+				.andReturn()
+				.getRequest()
+				.getSession();
+		// @formatter:on
+		// ignores text/event-stream
 		// This is desirable since event-stream requests are typically not invoked
 		// directly from the browser and we don't want the browser to replay them
+		this.mvc.perform(formLogin(session)).andExpect(redirectedUrl("/"));
 	}
 
 	@Test
 	public void getWhenBookmarkedRequestIsAllMediaTypeThenPostAuthenticationRemembers() throws Exception {
 		this.spring.register(RequestCacheDefaultsConfig.class, DefaultSecurityConfig.class).autowire();
-		MockHttpSession session = (MockHttpSession) this.mvc
-				.perform(get("/messages").header(HttpHeaders.ACCEPT, MediaType.ALL))
-				.andExpect(redirectedUrl("http://localhost/login")).andReturn().getRequest().getSession();
+		MockHttpServletRequestBuilder request = get("/messages").header(HttpHeaders.ACCEPT, MediaType.ALL);
+		// @formatter:off
+		MockHttpSession session = (MockHttpSession) this.mvc.perform(request)
+				.andExpect(redirectedUrl("http://localhost/login"))
+				.andReturn()
+				.getRequest()
+				.getSession();
+		// @formatter:on
 		this.mvc.perform(formLogin(session)).andExpect(redirectedUrl("http://localhost/messages"));
 	}
 
 	@Test
 	public void getWhenBookmarkedRequestIsTextHtmlThenPostAuthenticationRemembers() throws Exception {
 		this.spring.register(RequestCacheDefaultsConfig.class, DefaultSecurityConfig.class).autowire();
-		MockHttpSession session = (MockHttpSession) this.mvc
-				.perform(get("/messages").header(HttpHeaders.ACCEPT, MediaType.TEXT_HTML))
-				.andExpect(redirectedUrl("http://localhost/login")).andReturn().getRequest().getSession();
+		MockHttpServletRequestBuilder request = get("/messages").header(HttpHeaders.ACCEPT, MediaType.TEXT_HTML);
+		// @formatter:off
+		MockHttpSession session = (MockHttpSession) this.mvc.perform(request)
+				.andExpect(redirectedUrl("http://localhost/login"))
+				.andReturn()
+				.getRequest()
+				.getSession();
+		// @formatter:on
 		this.mvc.perform(formLogin(session)).andExpect(redirectedUrl("http://localhost/messages"));
 	}
 
 	@Test
 	public void getWhenBookmarkedRequestIsChromeThenPostAuthenticationRemembers() throws Exception {
 		this.spring.register(RequestCacheDefaultsConfig.class, DefaultSecurityConfig.class).autowire();
-		MockHttpSession session = (MockHttpSession) this.mvc
-				.perform(get("/messages").header(HttpHeaders.ACCEPT,
-						"text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"))
-				.andExpect(redirectedUrl("http://localhost/login")).andReturn().getRequest().getSession();
+		// @formatter:off
+		MockHttpServletRequestBuilder request = get("/messages")
+				.header(HttpHeaders.ACCEPT, "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8");
+		MockHttpSession session = (MockHttpSession) this.mvc.perform(request)
+				.andExpect(redirectedUrl("http://localhost/login"))
+				.andReturn()
+				.getRequest()
+				.getSession();
+		// @formatter:on
 		this.mvc.perform(formLogin(session)).andExpect(redirectedUrl("http://localhost/messages"));
 	}
 
 	@Test
 	public void getWhenBookmarkedRequestIsRequestedWithAndroidThenPostAuthenticationRemembers() throws Exception {
 		this.spring.register(RequestCacheDefaultsConfig.class, DefaultSecurityConfig.class).autowire();
-		MockHttpSession session = (MockHttpSession) this.mvc
-				.perform(get("/messages").header("X-Requested-With", "com.android"))
-				.andExpect(redirectedUrl("http://localhost/login")).andReturn().getRequest().getSession();
+		// @formatter:off
+		MockHttpServletRequestBuilder request = get("/messages")
+				.header("X-Requested-With", "com.android");
+		MockHttpSession session = (MockHttpSession) this.mvc.perform(request)
+				.andExpect(redirectedUrl("http://localhost/login"))
+				.andReturn()
+				.getRequest()
+				.getSession();
+		// @formatter:on
 		this.mvc.perform(formLogin(session)).andExpect(redirectedUrl("http://localhost/messages"));
 	}
 
@@ -177,7 +227,12 @@ public class RequestCacheConfigurerTests {
 	public void getWhenRequestCacheIsDisabledThenExceptionTranslationFilterDoesNotStoreRequest() throws Exception {
 		this.spring.register(RequestCacheDisabledConfig.class,
 				ExceptionHandlingConfigurerTests.DefaultSecurityConfig.class).autowire();
-		MockHttpSession session = (MockHttpSession) this.mvc.perform(get("/bob")).andReturn().getRequest().getSession();
+		// @formatter:off
+		MockHttpSession session = (MockHttpSession) this.mvc.perform(get("/bob"))
+				.andReturn()
+				.getRequest()
+				.getSession();
+		// @formatter:on
 		this.mvc.perform(formLogin(session)).andExpect(redirectedUrl("/"));
 	}
 
@@ -186,8 +241,13 @@ public class RequestCacheConfigurerTests {
 	public void postWhenRequestIsMultipartThenPostAuthenticationRedirectsToRoot() throws Exception {
 		this.spring.register(RequestCacheDefaultsConfig.class, DefaultSecurityConfig.class).autowire();
 		MockMultipartFile aFile = new MockMultipartFile("aFile", "A_FILE".getBytes());
-		MockHttpSession session = (MockHttpSession) this.mvc.perform(multipart("/upload").file(aFile)).andReturn()
-				.getRequest().getSession();
+		MockMultipartHttpServletRequestBuilder request = multipart("/upload").file(aFile);
+		// @formatter:off
+		MockHttpSession session = (MockHttpSession) this.mvc.perform(request)
+				.andReturn()
+				.getRequest()
+				.getSession();
+		// @formatter:on
 		this.mvc.perform(formLogin(session)).andExpect(redirectedUrl("/"));
 	}
 
@@ -195,26 +255,47 @@ public class RequestCacheConfigurerTests {
 	public void getWhenRequestCacheIsDisabledInLambdaThenExceptionTranslationFilterDoesNotStoreRequest()
 			throws Exception {
 		this.spring.register(RequestCacheDisabledInLambdaConfig.class, DefaultSecurityConfig.class).autowire();
-		MockHttpSession session = (MockHttpSession) this.mvc.perform(get("/bob")).andReturn().getRequest().getSession();
+		// @formatter:off
+		MockHttpSession session = (MockHttpSession) this.mvc.perform(get("/bob"))
+				.andReturn()
+				.getRequest()
+				.getSession();
+		// @formatter:on
 		this.mvc.perform(formLogin(session)).andExpect(redirectedUrl("/"));
 	}
 
 	@Test
 	public void getWhenRequestCacheInLambdaThenRedirectedToCachedPage() throws Exception {
 		this.spring.register(RequestCacheInLambdaConfig.class, DefaultSecurityConfig.class).autowire();
-		MockHttpSession session = (MockHttpSession) this.mvc.perform(get("/bob")).andReturn().getRequest().getSession();
+		// @formatter:off
+		MockHttpSession session = (MockHttpSession) this.mvc.perform(get("/bob"))
+				.andReturn()
+				.getRequest()
+				.getSession();
+		// @formatter:on
 		this.mvc.perform(formLogin(session)).andExpect(redirectedUrl("http://localhost/bob"));
 	}
 
 	@Test
 	public void getWhenCustomRequestCacheInLambdaThenCustomRequestCacheUsed() throws Exception {
 		this.spring.register(CustomRequestCacheInLambdaConfig.class, DefaultSecurityConfig.class).autowire();
-		MockHttpSession session = (MockHttpSession) this.mvc.perform(get("/bob")).andReturn().getRequest().getSession();
+		// @formatter:off
+		MockHttpSession session = (MockHttpSession) this.mvc.perform(get("/bob"))
+				.andReturn()
+				.getRequest()
+				.getSession();
+		// @formatter:on
 		this.mvc.perform(formLogin(session)).andExpect(redirectedUrl("/"));
 	}
 
 	private static RequestBuilder formLogin(MockHttpSession session) {
-		return post("/login").param("username", "user").param("password", "password").session(session).with(csrf());
+		// @formatter:off
+		return post("/login")
+				.param("username", "user")
+				.param("password", "password")
+				.session(session)
+				.with(csrf());
+		// @formatter:on
 	}
 
 	@EnableWebSecurity
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestMatcherConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestMatcherConfigurerTests.java
index f0c8500cc1..c5c6196869 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestMatcherConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestMatcherConfigurerTests.java
@@ -47,15 +47,23 @@ public class RequestMatcherConfigurerTests {
 	@Test
 	public void authorizeRequestsWhenInvokedMultipleTimesThenChainsPaths() throws Exception {
 		this.spring.register(Sec2908Config.class).autowire();
-		this.mvc.perform(get("/oauth/abc")).andExpect(status().isForbidden());
-		this.mvc.perform(get("/api/abc")).andExpect(status().isForbidden());
+		// @formatter:off
+		this.mvc.perform(get("/oauth/abc"))
+				.andExpect(status().isForbidden());
+		this.mvc.perform(get("/api/abc"))
+				.andExpect(status().isForbidden());
+		// @formatter:on
 	}
 
 	@Test
 	public void authorizeRequestsWhenInvokedMultipleTimesInLambdaThenChainsPaths() throws Exception {
 		this.spring.register(AuthorizeRequestInLambdaConfig.class).autowire();
-		this.mvc.perform(get("/oauth/abc")).andExpect(status().isForbidden());
-		this.mvc.perform(get("/api/abc")).andExpect(status().isForbidden());
+		// @formatter:off
+		this.mvc.perform(get("/oauth/abc"))
+				.andExpect(status().isForbidden());
+		this.mvc.perform(get("/api/abc"))
+				.andExpect(status().isForbidden());
+		// @formatter:on
 	}
 
 	@EnableWebSecurity
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ServletApiConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ServletApiConfigurerTests.java
index ed71acbf53..1c804c20bb 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ServletApiConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ServletApiConfigurerTests.java
@@ -42,6 +42,7 @@ import org.springframework.security.config.test.SpringTestRule;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.core.userdetails.PasswordEncodedUser;
+import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors;
 import org.springframework.security.util.FieldUtils;
 import org.springframework.security.web.AuthenticationEntryPoint;
 import org.springframework.security.web.FilterChainProxy;
@@ -52,6 +53,7 @@ import org.springframework.security.web.authentication.logout.LogoutSuccessEvent
 import org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter;
 import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.test.web.servlet.MvcResult;
+import org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder;
 import org.springframework.test.web.servlet.setup.MockMvcBuilders;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RestController;
@@ -109,9 +111,9 @@ public class ServletApiConfigurerTests {
 	@Test
 	public void configureWhenUsingDefaultsThenRolePrefixIsSet() throws Exception {
 		this.spring.register(ServletApiConfig.class, AdminController.class).autowire();
-		this.mvc.perform(
-				get("/admin").with(authentication(new TestingAuthenticationToken("user", "pass", "ROLE_ADMIN"))))
-				.andExpect(status().isOk());
+		TestingAuthenticationToken user = new TestingAuthenticationToken("user", "pass", "ROLE_ADMIN");
+		MockHttpServletRequestBuilder request = get("/admin").with(authentication(user));
+		this.mvc.perform(request).andExpect(status().isOk());
 	}
 
 	@Test
@@ -125,11 +127,18 @@ public class ServletApiConfigurerTests {
 	@Test
 	public void servletApiWhenInvokedTwiceThenUsesOriginalRole() throws Exception {
 		this.spring.register(DuplicateInvocationsDoesNotOverrideConfig.class, AdminController.class).autowire();
-		this.mvc.perform(
-				get("/admin").with(user("user").authorities(AuthorityUtils.createAuthorityList("PERMISSION_ADMIN"))))
+		// @formatter:off
+		MockHttpServletRequestBuilder request = get("/admin")
+				.with(user("user").authorities(AuthorityUtils.createAuthorityList("PERMISSION_ADMIN")));
+		this.mvc.perform(request)
 				.andExpect(status().isOk());
-		this.mvc.perform(get("/admin").with(user("user").authorities(AuthorityUtils.createAuthorityList("ROLE_ADMIN"))))
+		SecurityMockMvcRequestPostProcessors.UserRequestPostProcessor userWithRoleAdmin = user("user")
+				.authorities(AuthorityUtils.createAuthorityList("ROLE_ADMIN"));
+		MockHttpServletRequestBuilder requestWithRoleAdmin = get("/admin")
+				.with(userWithRoleAdmin);
+		this.mvc.perform(requestWithRoleAdmin)
 				.andExpect(status().isForbidden());
+		// @formatter:on
 	}
 
 	@Test
@@ -142,18 +151,25 @@ public class ServletApiConfigurerTests {
 	@Test
 	public void requestWhenServletApiWithDefaultsInLambdaThenUsesDefaultRolePrefix() throws Exception {
 		this.spring.register(ServletApiWithDefaultsInLambdaConfig.class, AdminController.class).autowire();
-		this.mvc.perform(get("/admin").with(user("user").authorities(AuthorityUtils.createAuthorityList("ROLE_ADMIN"))))
+		MockHttpServletRequestBuilder request = get("/admin")
+				.with(user("user").authorities(AuthorityUtils.createAuthorityList("ROLE_ADMIN")));
+		this.mvc.perform(request)
 				.andExpect(status().isOk());
 	}
 
 	@Test
 	public void requestWhenRolePrefixInLambdaThenUsesCustomRolePrefix() throws Exception {
 		this.spring.register(RolePrefixInLambdaConfig.class, AdminController.class).autowire();
-		this.mvc.perform(
-				get("/admin").with(user("user").authorities(AuthorityUtils.createAuthorityList("PERMISSION_ADMIN"))))
+		// @formatter:off
+		MockHttpServletRequestBuilder requestWithAdminPermission = get("/admin")
+				.with(user("user").authorities(AuthorityUtils.createAuthorityList("PERMISSION_ADMIN")));
+		this.mvc.perform(requestWithAdminPermission)
 				.andExpect(status().isOk());
-		this.mvc.perform(get("/admin").with(user("user").authorities(AuthorityUtils.createAuthorityList("ROLE_ADMIN"))))
+		MockHttpServletRequestBuilder requestWithAdminRole = get("/admin")
+				.with(user("user").authorities(AuthorityUtils.createAuthorityList("ROLE_ADMIN")));
+		this.mvc.perform(requestWithAdminRole)
 				.andExpect(status().isForbidden());
+		// @formatter:on
 	}
 
 	@Test
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerSessionCreationPolicyTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerSessionCreationPolicyTests.java
index d86e005146..562e344784 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerSessionCreationPolicyTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerSessionCreationPolicyTests.java
@@ -62,7 +62,11 @@ public class SessionManagementConfigurerSessionCreationPolicyTests {
 	@Test
 	public void getWhenDefaultsThenLoginChallengeCreatesSession() throws Exception {
 		this.spring.register(DefaultConfig.class, BasicController.class).autowire();
-		MvcResult result = this.mvc.perform(get("/")).andExpect(status().isUnauthorized()).andReturn();
+		// @formatter:off
+		MvcResult result = this.mvc.perform(get("/"))
+				.andExpect(status().isUnauthorized())
+				.andReturn();
+		// @formatter:on
 		assertThat(result.getRequest().getSession(false)).isNotNull();
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTests.java
index 0c66f6da6f..638391dd6e 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTests.java
@@ -49,6 +49,7 @@ import org.springframework.security.web.session.HttpSessionDestroyedEvent;
 import org.springframework.security.web.session.SessionManagementFilter;
 import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.test.web.servlet.MvcResult;
+import org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
@@ -114,8 +115,14 @@ public class SessionManagementConfigurerTests {
 		this.spring.register(DisableSessionFixationEnableConcurrencyControlConfig.class).autowire();
 		MockHttpSession session = new MockHttpSession();
 		String sessionId = session.getId();
-		MvcResult mvcResult = this.mvc.perform(get("/").with(httpBasic("user", "password")).session(session))
-				.andExpect(status().isNotFound()).andReturn();
+		// @formatter:off
+		MockHttpServletRequestBuilder request = get("/")
+				.with(httpBasic("user", "password"))
+				.session(session);
+		MvcResult mvcResult = this.mvc.perform(request)
+				.andExpect(status().isNotFound())
+				.andReturn();
+		// @formatter:on
 		assertThat(mvcResult.getRequest().getSession().getId()).isEqualTo(sessionId);
 	}
 
@@ -125,9 +132,16 @@ public class SessionManagementConfigurerTests {
 		MockHttpSession givenSession = new MockHttpSession();
 		String givenSessionId = givenSession.getId();
 		givenSession.setAttribute("name", "value");
-		MockHttpSession resultingSession = (MockHttpSession) this.mvc
-				.perform(get("/auth").session(givenSession).with(httpBasic("user", "password")))
-				.andExpect(status().isNotFound()).andReturn().getRequest().getSession(false);
+		// @formatter:off
+		MockHttpServletRequestBuilder request = get("/auth")
+				.session(givenSession)
+				.with(httpBasic("user", "password"));
+		MockHttpSession resultingSession = (MockHttpSession) this.mvc.perform(request)
+				.andExpect(status().isNotFound())
+				.andReturn()
+				.getRequest()
+				.getSession(false);
+		// @formatter:on
 		assertThat(givenSessionId).isNotEqualTo(resultingSession.getId());
 		assertThat(resultingSession.getAttribute("name")).isNull();
 	}
@@ -135,29 +149,65 @@ public class SessionManagementConfigurerTests {
 	@Test
 	public void loginWhenUserLoggedInAndMaxSessionsIsOneThenLoginPrevented() throws Exception {
 		this.spring.register(ConcurrencyControlConfig.class).autowire();
-		this.mvc.perform(post("/login").with(csrf()).param("username", "user").param("password", "password"));
-		this.mvc.perform(post("/login").with(csrf()).param("username", "user").param("password", "password"))
-				.andExpect(status().isFound()).andExpect(redirectedUrl("/login?error"));
+		// @formatter:off
+		MockHttpServletRequestBuilder firstRequest = post("/login")
+				.with(csrf())
+				.param("username", "user")
+				.param("password", "password");
+		this.mvc.perform(firstRequest);
+		MockHttpServletRequestBuilder secondRequest = post("/login")
+				.with(csrf())
+				.param("username", "user")
+				.param("password", "password");
+		this.mvc.perform(secondRequest)
+				.andExpect(status().isFound())
+				.andExpect(redirectedUrl("/login?error"));
+		// @formatter:on
 	}
 
 	@Test
 	public void loginWhenUserSessionExpiredAndMaxSessionsIsOneThenLoggedIn() throws Exception {
 		this.spring.register(ConcurrencyControlConfig.class).autowire();
-		MvcResult mvcResult = this.mvc
-				.perform(post("/login").with(csrf()).param("username", "user").param("password", "password"))
+		// @formatter:off
+		MockHttpServletRequestBuilder firstRequest = post("/login")
+				.with(csrf())
+				.param("username", "user")
+				.param("password", "password");
+		MvcResult mvcResult = this.mvc.perform(firstRequest)
 				.andReturn();
+		// @formatter:on
 		HttpSession authenticatedSession = mvcResult.getRequest().getSession();
 		this.spring.getContext().publishEvent(new HttpSessionDestroyedEvent(authenticatedSession));
-		this.mvc.perform(post("/login").with(csrf()).param("username", "user").param("password", "password"))
-				.andExpect(status().isFound()).andExpect(redirectedUrl("/"));
+		// @formatter:off
+		MockHttpServletRequestBuilder secondRequest = post("/login")
+				.with(csrf())
+				.param("username", "user")
+				.param("password", "password");
+		this.mvc.perform(secondRequest)
+				.andExpect(status().isFound())
+				.andExpect(redirectedUrl("/"));
+		// @formatter:on
 	}
 
 	@Test
 	public void loginWhenUserLoggedInAndMaxSessionsOneInLambdaThenLoginPrevented() throws Exception {
 		this.spring.register(ConcurrencyControlInLambdaConfig.class).autowire();
-		this.mvc.perform(post("/login").with(csrf()).param("username", "user").param("password", "password"));
-		this.mvc.perform(post("/login").with(csrf()).param("username", "user").param("password", "password"))
-				.andExpect(status().isFound()).andExpect(redirectedUrl("/login?error"));
+		// @formatter:off
+		MockHttpServletRequestBuilder firstRequest = post("/login")
+				.with(csrf())
+				.param("username", "user")
+				.param("password", "password");
+		// @formatter:on
+		this.mvc.perform(firstRequest);
+		// @formatter:off
+		MockHttpServletRequestBuilder secondRequest = post("/login")
+				.with(csrf())
+				.param("username", "user")
+				.param("password", "password");
+		this.mvc.perform(secondRequest)
+				.andExpect(status().isFound())
+				.andExpect(redirectedUrl("/login?error"));
+		// @formatter:on
 	}
 
 	@Test
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationsTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationsTests.java
index 110b468030..acdcfce177 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationsTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationsTests.java
@@ -61,42 +61,60 @@ public class UrlAuthorizationsTests {
 	@WithMockUser(authorities = "ROLE_USER")
 	public void hasAnyAuthorityWhenAuthoritySpecifiedThenMatchesAuthority() throws Exception {
 		this.spring.register(RoleConfig.class).autowire();
-		this.mvc.perform(get("/role-user-authority")).andExpect(status().isNotFound());
-		this.mvc.perform(get("/role-user")).andExpect(status().isNotFound());
-		this.mvc.perform(get("/role-admin-authority")).andExpect(status().isForbidden());
+		// @formatter:off
+		this.mvc.perform(get("/role-user-authority"))
+				.andExpect(status().isNotFound());
+		this.mvc.perform(get("/role-user"))
+				.andExpect(status().isNotFound());
+		this.mvc.perform(get("/role-admin-authority"))
+				.andExpect(status().isForbidden());
+		// @formatter:on
 	}
 
 	@Test
 	@WithMockUser(authorities = "ROLE_ADMIN")
 	public void hasAnyAuthorityWhenAuthoritiesSpecifiedThenMatchesAuthority() throws Exception {
 		this.spring.register(RoleConfig.class).autowire();
-		this.mvc.perform(get("/role-user-admin-authority")).andExpect(status().isNotFound());
-		this.mvc.perform(get("/role-user-admin")).andExpect(status().isNotFound());
-		this.mvc.perform(get("/role-user-authority")).andExpect(status().isForbidden());
+		this.mvc.perform(get("/role-user-admin-authority"))
+				.andExpect(status().isNotFound());
+		this.mvc.perform(get("/role-user-admin"))
+				.andExpect(status().isNotFound());
+		this.mvc.perform(get("/role-user-authority"))
+				.andExpect(status().isForbidden());
 	}
 
 	@Test
 	@WithMockUser(roles = "USER")
 	public void hasAnyRoleWhenRoleSpecifiedThenMatchesRole() throws Exception {
 		this.spring.register(RoleConfig.class).autowire();
-		this.mvc.perform(get("/role-user")).andExpect(status().isNotFound());
-		this.mvc.perform(get("/role-admin")).andExpect(status().isForbidden());
+		// @formatter:off
+		this.mvc.perform(get("/role-user"))
+				.andExpect(status().isNotFound());
+		this.mvc.perform(get("/role-admin"))
+				.andExpect(status().isForbidden());
+		// @formatter:on
 	}
 
 	@Test
 	@WithMockUser(roles = "ADMIN")
 	public void hasAnyRoleWhenRolesSpecifiedThenMatchesRole() throws Exception {
 		this.spring.register(RoleConfig.class).autowire();
-		this.mvc.perform(get("/role-admin-user")).andExpect(status().isNotFound());
-		this.mvc.perform(get("/role-user")).andExpect(status().isForbidden());
+		this.mvc.perform(get("/role-admin-user"))
+				.andExpect(status().isNotFound());
+		this.mvc.perform(get("/role-user"))
+				.andExpect(status().isForbidden());
 	}
 
 	@Test
 	@WithMockUser(authorities = "USER")
 	public void hasAnyRoleWhenRoleSpecifiedThenDoesNotMatchAuthority() throws Exception {
 		this.spring.register(RoleConfig.class).autowire();
-		this.mvc.perform(get("/role-user")).andExpect(status().isForbidden());
-		this.mvc.perform(get("/role-admin")).andExpect(status().isForbidden());
+		// @formatter:off
+		this.mvc.perform(get("/role-user"))
+				.andExpect(status().isForbidden());
+		this.mvc.perform(get("/role-admin"))
+				.andExpect(status().isForbidden());
+		// @formatter:on
 	}
 
 	@Test
@@ -145,7 +163,11 @@ public class UrlAuthorizationsTests {
 			ApplicationContext context = getApplicationContext();
 			UrlAuthorizationConfigurer<HttpSecurity>.StandardInterceptUrlRegistry registry = http
 					.apply(new UrlAuthorizationConfigurer(context)).getRegistry();
-			registry.antMatchers("/a").hasRole("ADMIN").anyRequest().hasRole("USER");
+			// @formatter:off
+			registry
+					.antMatchers("/a").hasRole("ADMIN")
+					.anyRequest().hasRole("USER");
+			// @formatter:on
 		}
 
 	}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/X509ConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/X509ConfigurerTests.java
index 655ed245be..e7ef36d356 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/X509ConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/X509ConfigurerTests.java
@@ -68,21 +68,30 @@ public class X509ConfigurerTests {
 	public void x509WhenInvokedTwiceThenUsesOriginalSubjectPrincipalRegex() throws Exception {
 		this.spring.register(DuplicateDoesNotOverrideConfig.class).autowire();
 		X509Certificate certificate = loadCert("rodatexampledotcom.cer");
-		this.mvc.perform(get("/").with(x509(certificate))).andExpect(authenticated().withUsername("rod"));
+		// @formatter:off
+		this.mvc.perform(get("/").with(x509(certificate)))
+				.andExpect(authenticated().withUsername("rod"));
+		// @formatter:on
 	}
 
 	@Test
 	public void x509WhenConfiguredInLambdaThenUsesDefaults() throws Exception {
 		this.spring.register(DefaultsInLambdaConfig.class).autowire();
 		X509Certificate certificate = loadCert("rod.cer");
-		this.mvc.perform(get("/").with(x509(certificate))).andExpect(authenticated().withUsername("rod"));
+		// @formatter:off
+		this.mvc.perform(get("/").with(x509(certificate)))
+				.andExpect(authenticated().withUsername("rod"));
+		// @formatter:on
 	}
 
 	@Test
 	public void x509WhenSubjectPrincipalRegexInLambdaThenUsesRegexToExtractPrincipal() throws Exception {
 		this.spring.register(SubjectPrincipalRegexInLambdaConfig.class).autowire();
 		X509Certificate certificate = loadCert("rodatexampledotcom.cer");
-		this.mvc.perform(get("/").with(x509(certificate))).andExpect(authenticated().withUsername("rod"));
+		// @formatter:off
+		this.mvc.perform(get("/").with(x509(certificate)))
+				.andExpect(authenticated().withUsername("rod"));
+		// @formatter:on
 	}
 
 	private <T extends Certificate> T loadCert(String location) {
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerTests.java
index f9a3df7356..a601bd90b9 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerTests.java
@@ -61,6 +61,7 @@ import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
 import org.springframework.security.web.savedrequest.RequestCache;
 import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.test.web.servlet.MvcResult;
+import org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RestController;
 import org.springframework.web.servlet.config.annotation.EnableWebMvc;
@@ -107,13 +108,22 @@ public class OAuth2ClientConfigurerTests {
 
 	@Before
 	public void setup() {
-		this.registration1 = TestClientRegistrations.clientRegistration().registrationId("registration-1")
-				.clientId("client-1").clientSecret("secret")
+		// @formatter:off
+		this.registration1 = TestClientRegistrations.clientRegistration()
+				.registrationId("registration-1")
+				.clientId("client-1")
+				.clientSecret("secret")
 				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
-				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).redirectUri("{baseUrl}/client-1")
-				.scope("user").authorizationUri("https://provider.com/oauth2/authorize")
-				.tokenUri("https://provider.com/oauth2/token").userInfoUri("https://provider.com/oauth2/user")
-				.userNameAttributeName("id").clientName("client-1").build();
+				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
+				.redirectUri("{baseUrl}/client-1")
+				.scope("user")
+				.authorizationUri("https://provider.com/oauth2/authorize")
+				.tokenUri("https://provider.com/oauth2/token")
+				.userInfoUri("https://provider.com/oauth2/user")
+				.userNameAttributeName("id")
+				.clientName("client-1")
+				.build();
+		// @formatter:on
 		clientRegistrationRepository = new InMemoryClientRegistrationRepository(this.registration1);
 		authorizedClientService = new InMemoryOAuth2AuthorizedClientService(clientRegistrationRepository);
 		authorizedClientRepository = new AuthenticatedPrincipalOAuth2AuthorizedClientRepository(
@@ -131,11 +141,13 @@ public class OAuth2ClientConfigurerTests {
 	@Test
 	public void configureWhenAuthorizationCodeRequestThenRedirectForAuthorization() throws Exception {
 		this.spring.register(OAuth2ClientConfig.class).autowire();
+		// @formatter:off
 		MvcResult mvcResult = this.mockMvc.perform(get("/oauth2/authorization/registration-1"))
 				.andExpect(status().is3xxRedirection()).andReturn();
 		assertThat(mvcResult.getResponse().getRedirectedUrl())
 				.matches("https://provider.com/oauth2/authorize\\?" + "response_type=code&client_id=client-1&"
 						+ "scope=user&state=.{15,}&" + "redirect_uri=http://localhost/client-1");
+		// @formatter:on
 	}
 
 	@Test
@@ -154,10 +166,15 @@ public class OAuth2ClientConfigurerTests {
 		// Setup the Authorization Request in the session
 		Map<String, Object> attributes = new HashMap<>();
 		attributes.put(OAuth2ParameterNames.REGISTRATION_ID, this.registration1.getRegistrationId());
+		// @formatter:off
 		OAuth2AuthorizationRequest authorizationRequest = OAuth2AuthorizationRequest.authorizationCode()
 				.authorizationUri(this.registration1.getProviderDetails().getAuthorizationUri())
-				.clientId(this.registration1.getClientId()).redirectUri("http://localhost/client-1").state("state")
-				.attributes(attributes).build();
+				.clientId(this.registration1.getClientId())
+				.redirectUri("http://localhost/client-1")
+				.state("state")
+				.attributes(attributes)
+				.build();
+		// @formatter:on
 		AuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository = new HttpSessionOAuth2AuthorizationRequestRepository();
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", "");
 		MockHttpServletResponse response = new MockHttpServletResponse();
@@ -165,9 +182,16 @@ public class OAuth2ClientConfigurerTests {
 		MockHttpSession session = (MockHttpSession) request.getSession();
 		String principalName = "user1";
 		TestingAuthenticationToken authentication = new TestingAuthenticationToken(principalName, "password");
-		this.mockMvc.perform(get("/client-1").param(OAuth2ParameterNames.CODE, "code")
-				.param(OAuth2ParameterNames.STATE, "state").with(authentication(authentication)).session(session))
-				.andExpect(status().is3xxRedirection()).andExpect(redirectedUrl("http://localhost/client-1"));
+		// @formatter:off
+		MockHttpServletRequestBuilder clientRequest = get("/client-1")
+				.param(OAuth2ParameterNames.CODE, "code")
+				.param(OAuth2ParameterNames.STATE, "state")
+				.with(authentication(authentication))
+				.session(session);
+		this.mockMvc.perform(clientRequest)
+				.andExpect(status().is3xxRedirection())
+				.andExpect(redirectedUrl("http://localhost/client-1"));
+		// @formatter:on
 		OAuth2AuthorizedClient authorizedClient = authorizedClientRepository
 				.loadAuthorizedClient(this.registration1.getRegistrationId(), authentication, request);
 		assertThat(authorizedClient).isNotNull();
@@ -191,10 +215,14 @@ public class OAuth2ClientConfigurerTests {
 		// Setup the Authorization Request in the session
 		Map<String, Object> attributes = new HashMap<>();
 		attributes.put(OAuth2ParameterNames.REGISTRATION_ID, this.registration1.getRegistrationId());
+		// @formatter:off
 		OAuth2AuthorizationRequest authorizationRequest = OAuth2AuthorizationRequest.authorizationCode()
 				.authorizationUri(this.registration1.getProviderDetails().getAuthorizationUri())
-				.clientId(this.registration1.getClientId()).redirectUri("http://localhost/client-1").state("state")
-				.attributes(attributes).build();
+				.clientId(this.registration1.getClientId()).redirectUri("http://localhost/client-1")
+				.state("state")
+				.attributes(attributes)
+				.build();
+		// @formatter:on
 		AuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository = new HttpSessionOAuth2AuthorizationRequestRepository();
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", "");
 		MockHttpServletResponse response = new MockHttpServletResponse();
@@ -202,9 +230,16 @@ public class OAuth2ClientConfigurerTests {
 		MockHttpSession session = (MockHttpSession) request.getSession();
 		String principalName = "user1";
 		TestingAuthenticationToken authentication = new TestingAuthenticationToken(principalName, "password");
-		this.mockMvc.perform(get("/client-1").param(OAuth2ParameterNames.CODE, "code")
-				.param(OAuth2ParameterNames.STATE, "state").with(authentication(authentication)).session(session))
-				.andExpect(status().is3xxRedirection()).andExpect(redirectedUrl("http://localhost/client-1"));
+		// @formatter:off
+		MockHttpServletRequestBuilder clientRequest = get("/client-1")
+				.param(OAuth2ParameterNames.CODE, "code")
+				.param(OAuth2ParameterNames.STATE, "state")
+				.with(authentication(authentication))
+				.session(session);
+		this.mockMvc.perform(clientRequest)
+				.andExpect(status().is3xxRedirection())
+				.andExpect(redirectedUrl("http://localhost/client-1"));
+		// @formatter:on
 		verify(requestCache).getRequest(any(HttpServletRequest.class), any(HttpServletResponse.class));
 	}
 
@@ -218,8 +253,11 @@ public class OAuth2ClientConfigurerTests {
 		given(authorizationRequestResolver.resolve(any()))
 				.willAnswer((invocation) -> defaultAuthorizationRequestResolver.resolve(invocation.getArgument(0)));
 		this.spring.register(OAuth2ClientConfig.class).autowire();
-		this.mockMvc.perform(get("/oauth2/authorization/registration-1")).andExpect(status().is3xxRedirection())
+		// @formatter:off
+		this.mockMvc.perform(get("/oauth2/authorization/registration-1"))
+				.andExpect(status().is3xxRedirection())
 				.andReturn();
+		// @formatter:on
 		verify(authorizationRequestResolver).resolve(any());
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurerTests.java
index 09bbc43e6c..5207bfd772 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurerTests.java
@@ -110,11 +110,21 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
  */
 public class OAuth2LoginConfigurerTests {
 
+	// @formatter:off
 	private static final ClientRegistration GOOGLE_CLIENT_REGISTRATION = CommonOAuth2Provider.GOOGLE
-			.getBuilder("google").clientId("clientId").clientSecret("clientSecret").build();
+			.getBuilder("google")
+			.clientId("clientId")
+			.clientSecret("clientSecret")
+			.build();
+	// @formatter:on
 
+	// @formatter:off
 	private static final ClientRegistration GITHUB_CLIENT_REGISTRATION = CommonOAuth2Provider.GITHUB
-			.getBuilder("github").clientId("clientId").clientSecret("clientSecret").build();
+			.getBuilder("github")
+			.clientId("clientId")
+			.clientSecret("clientSecret")
+			.build();
+	// @formatter:on
 
 	private ConfigurableApplicationContext context;
 
@@ -296,11 +306,15 @@ public class OAuth2LoginConfigurerTests {
 		loadConfig(OAuth2LoginConfigCustomAuthorizationRequestResolver.class);
 		OAuth2AuthorizationRequestResolver resolver = this.context
 				.getBean(OAuth2LoginConfigCustomAuthorizationRequestResolver.class).resolver;
+		// @formatter:off
 		OAuth2AuthorizationRequest result = OAuth2AuthorizationRequest.authorizationCode()
-				.authorizationUri("https://accounts.google.com/authorize").clientId("client-id").state("adsfa")
+				.authorizationUri("https://accounts.google.com/authorize")
+				.clientId("client-id")
+				.state("adsfa")
 				.authorizationRequestUri(
 						"https://accounts.google.com/o/oauth2/v2/auth?response_type=code&client_id=clientId&scope=openid+profile+email&state=state&redirect_uri=http%3A%2F%2Flocalhost%2Flogin%2Foauth2%2Fcode%2Fgoogle&custom-param1=custom-value1")
 				.build();
+		// @formatter:on
 		given(resolver.resolve(any())).willReturn(result);
 		String requestUri = "/oauth2/authorization/google";
 		this.request = new MockHttpServletRequest("GET", requestUri);
@@ -316,11 +330,15 @@ public class OAuth2LoginConfigurerTests {
 		loadConfig(OAuth2LoginConfigCustomAuthorizationRequestResolverInLambda.class);
 		OAuth2AuthorizationRequestResolver resolver = this.context
 				.getBean(OAuth2LoginConfigCustomAuthorizationRequestResolverInLambda.class).resolver;
+		// @formatter:off
 		OAuth2AuthorizationRequest result = OAuth2AuthorizationRequest.authorizationCode()
-				.authorizationUri("https://accounts.google.com/authorize").clientId("client-id").state("adsfa")
+				.authorizationUri("https://accounts.google.com/authorize")
+				.clientId("client-id")
+				.state("adsfa")
 				.authorizationRequestUri(
 						"https://accounts.google.com/o/oauth2/v2/auth?response_type=code&client_id=clientId&scope=openid+profile+email&state=state&redirect_uri=http%3A%2F%2Flocalhost%2Flogin%2Foauth2%2Fcode%2Fgoogle&custom-param1=custom-value1")
 				.build();
+		// @formatter:on
 		given(resolver.resolve(any())).willReturn(result);
 		String requestUri = "/oauth2/authorization/google";
 		this.request = new MockHttpServletRequest("GET", requestUri);
@@ -511,12 +529,17 @@ public class OAuth2LoginConfigurerTests {
 
 	private OAuth2AuthorizationRequest createOAuth2AuthorizationRequest(ClientRegistration registration,
 			String... scopes) {
+		// @formatter:off
 		return OAuth2AuthorizationRequest.authorizationCode()
 				.authorizationUri(registration.getProviderDetails().getAuthorizationUri())
-				.clientId(registration.getClientId()).state("state123").redirectUri("http://localhost")
+				.clientId(registration.getClientId())
+				.state("state123")
+				.redirectUri("http://localhost")
 				.attributes(Collections.singletonMap(OAuth2ParameterNames.REGISTRATION_ID,
 						registration.getRegistrationId()))
-				.scope(scopes).build();
+				.scope(scopes)
+				.build();
+		// @formatter:on
 	}
 
 	private static OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> createOauth2AccessTokenResponseClient() {
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java
index 5709642668..0057529010 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java
@@ -121,6 +121,7 @@ import org.springframework.security.web.access.AccessDeniedHandlerImpl;
 import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.test.web.servlet.MvcResult;
 import org.springframework.test.web.servlet.ResultMatcher;
+import org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder;
 import org.springframework.test.web.servlet.request.RequestPostProcessor;
 import org.springframework.util.LinkedMultiValueMap;
 import org.springframework.util.MultiValueMap;
@@ -199,8 +200,11 @@ public class OAuth2ResourceServerConfigurerTests {
 		this.spring.register(RestOperationsConfig.class, DefaultConfig.class, BasicController.class).autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("ValidNoScopes");
-		this.mvc.perform(get("/").with(bearerToken(token))).andExpect(status().isOk())
+		// @formatter:off
+		this.mvc.perform(get("/").with(bearerToken(token)))
+				.andExpect(status().isOk())
 				.andExpect(content().string("ok"));
+		// @formatter:on
 	}
 
 	@Test
@@ -208,8 +212,11 @@ public class OAuth2ResourceServerConfigurerTests {
 		this.spring.register(RestOperationsConfig.class, DefaultInLambdaConfig.class, BasicController.class).autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("ValidNoScopes");
-		this.mvc.perform(get("/").with(bearerToken(token))).andExpect(status().isOk())
+		// @formatter:off
+		this.mvc.perform(get("/").with(bearerToken(token)))
+				.andExpect(status().isOk())
 				.andExpect(content().string("ok"));
+		// @formatter:on
 	}
 
 	@Test
@@ -217,8 +224,11 @@ public class OAuth2ResourceServerConfigurerTests {
 		this.spring.register(WebServerConfig.class, JwkSetUriConfig.class, BasicController.class).autowire();
 		mockWebServer(jwks("Default"));
 		String token = this.token("ValidNoScopes");
-		this.mvc.perform(get("/").with(bearerToken(token))).andExpect(status().isOk())
+		// @formatter:off
+		this.mvc.perform(get("/").with(bearerToken(token)))
+				.andExpect(status().isOk())
 				.andExpect(content().string("ok"));
+		// @formatter:on
 	}
 
 	@Test
@@ -226,8 +236,11 @@ public class OAuth2ResourceServerConfigurerTests {
 		this.spring.register(WebServerConfig.class, JwkSetUriInLambdaConfig.class, BasicController.class).autowire();
 		mockWebServer(jwks("Default"));
 		String token = this.token("ValidNoScopes");
-		this.mvc.perform(get("/").with(bearerToken(token))).andExpect(status().isOk())
+		// @formatter:off
+		this.mvc.perform(get("/").with(bearerToken(token)))
+				.andExpect(status().isOk())
 				.andExpect(content().string("ok"));
+		// @formatter:on
 	}
 
 	@Test
@@ -235,8 +248,11 @@ public class OAuth2ResourceServerConfigurerTests {
 		this.spring.register(RestOperationsConfig.class, DefaultConfig.class, BasicController.class).autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("Expired");
-		this.mvc.perform(get("/").with(bearerToken(token))).andExpect(status().isUnauthorized())
+		// @formatter:off
+		this.mvc.perform(get("/").with(bearerToken(token)))
+				.andExpect(status().isUnauthorized())
 				.andExpect(invalidTokenHeader("An error occurred while attempting to decode the Jwt"));
+		// @formatter:on
 	}
 
 	@Test
@@ -244,8 +260,11 @@ public class OAuth2ResourceServerConfigurerTests {
 		this.spring.register(RestOperationsConfig.class, DefaultConfig.class).autowire();
 		mockRestOperations("malformed");
 		String token = this.token("ValidNoScopes");
-		this.mvc.perform(get("/").with(bearerToken(token))).andExpect(status().isUnauthorized())
+		// @formatter:off
+		this.mvc.perform(get("/").with(bearerToken(token)))
+				.andExpect(status().isUnauthorized())
 				.andExpect(header().string("WWW-Authenticate", "Bearer"));
+		// @formatter:on
 	}
 
 	@Test
@@ -253,15 +272,21 @@ public class OAuth2ResourceServerConfigurerTests {
 		this.spring.register(WebServerConfig.class, JwkSetUriConfig.class).autowire();
 		this.web.shutdown();
 		String token = this.token("ValidNoScopes");
-		this.mvc.perform(get("/").with(bearerToken(token))).andExpect(status().isUnauthorized())
+		// @formatter:off
+		this.mvc.perform(get("/").with(bearerToken(token)))
+				.andExpect(status().isUnauthorized())
 				.andExpect(header().string("WWW-Authenticate", "Bearer"));
+		// @formatter:on
 	}
 
 	@Test
 	public void getWhenUsingDefaultsWithMalformedBearerTokenThenInvalidToken() throws Exception {
 		this.spring.register(JwkSetUriConfig.class).autowire();
-		this.mvc.perform(get("/").with(bearerToken("an\"invalid\"token"))).andExpect(status().isUnauthorized())
+		// @formatter:off
+		this.mvc.perform(get("/").with(bearerToken("an\"invalid\"token")))
+				.andExpect(status().isUnauthorized())
 				.andExpect(invalidTokenHeader("Bearer token is malformed"));
+		// @formatter:on
 	}
 
 	@Test
@@ -269,16 +294,22 @@ public class OAuth2ResourceServerConfigurerTests {
 		this.spring.register(RestOperationsConfig.class, DefaultConfig.class).autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("MalformedPayload");
-		this.mvc.perform(get("/").with(bearerToken(token))).andExpect(status().isUnauthorized()).andExpect(
-				invalidTokenHeader("An error occurred while attempting to decode the Jwt: Malformed payload"));
+		// @formatter:off
+		this.mvc.perform(get("/").with(bearerToken(token)))
+				.andExpect(status().isUnauthorized())
+				.andExpect(invalidTokenHeader("An error occurred while attempting to decode the Jwt: Malformed payload"));
+		// @formatter:on
 	}
 
 	@Test
 	public void getWhenUsingDefaultsWithUnsignedBearerTokenThenInvalidToken() throws Exception {
 		this.spring.register(JwkSetUriConfig.class).autowire();
 		String token = this.token("Unsigned");
-		this.mvc.perform(get("/").with(bearerToken(token))).andExpect(status().isUnauthorized())
+		// @formatter:off
+		this.mvc.perform(get("/").with(bearerToken(token)))
+				.andExpect(status().isUnauthorized())
 				.andExpect(invalidTokenHeader("Unsupported algorithm of none"));
+		// @formatter:on
 	}
 
 	@Test
@@ -286,16 +317,21 @@ public class OAuth2ResourceServerConfigurerTests {
 		this.spring.register(RestOperationsConfig.class, DefaultConfig.class).autowire();
 		this.mockRestOperations(jwks("Default"));
 		String token = this.token("TooEarly");
-		this.mvc.perform(get("/").with(bearerToken(token))).andExpect(status().isUnauthorized())
+		// @formatter:off
+		this.mvc.perform(get("/").with(bearerToken(token)))
+				.andExpect(status().isUnauthorized())
 				.andExpect(invalidTokenHeader("An error occurred while attempting to decode the Jwt"));
+		// @formatter:on
 	}
 
 	@Test
 	public void getWhenUsingDefaultsWithBearerTokenInTwoPlacesThenInvalidRequest() throws Exception {
 		this.spring.register(JwkSetUriConfig.class).autowire();
+		// @formatter:off
 		this.mvc.perform(get("/").with(bearerToken("token")).with(bearerToken("token").asParam()))
 				.andExpect(status().isBadRequest())
 				.andExpect(invalidRequestHeader("Found multiple bearer tokens in the request"));
+		// @formatter:on
 	}
 
 	@Test
@@ -304,23 +340,32 @@ public class OAuth2ResourceServerConfigurerTests {
 		MultiValueMap<String, String> params = new LinkedMultiValueMap<>();
 		params.add("access_token", "token1");
 		params.add("access_token", "token2");
-		this.mvc.perform(get("/").params(params)).andExpect(status().isBadRequest())
+		// @formatter:off
+		this.mvc.perform(get("/").params(params))
+				.andExpect(status().isBadRequest())
 				.andExpect(invalidRequestHeader("Found multiple bearer tokens in the request"));
+		// @formatter:on
 	}
 
 	@Test
 	public void postWhenUsingDefaultsWithBearerTokenAsFormParameterThenIgnoresToken() throws Exception {
 		this.spring.register(JwkSetUriConfig.class).autowire();
-		this.mvc.perform(post("/") // engage csrf
-				.with(bearerToken("token").asParam())).andExpect(status().isForbidden())
+		// engage csrf
+		// @formatter:off
+		this.mvc.perform(post("/").with(bearerToken("token").asParam()))
+				.andExpect(status().isForbidden())
 				.andExpect(header().doesNotExist(HttpHeaders.WWW_AUTHENTICATE));
+		// @formatter:on
 	}
 
 	@Test
 	public void postWhenCsrfDisabledWithBearerTokenAsFormParameterThenIgnoresToken() throws Exception {
 		this.spring.register(CsrfDisabledConfig.class).autowire();
-		this.mvc.perform(post("/").with(bearerToken("token").asParam())).andExpect(status().isUnauthorized())
+		// @formatter:off
+		this.mvc.perform(post("/").with(bearerToken("token").asParam()))
+				.andExpect(status().isUnauthorized())
 				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, "Bearer"));
+		// @formatter:on
 	}
 
 	// gh-8031
@@ -329,14 +374,20 @@ public class OAuth2ResourceServerConfigurerTests {
 		this.spring.register(RestOperationsConfig.class, AnonymousDisabledConfig.class).autowire();
 		mockRestOperations(jwks("Default"));
 		String token = token("ValidNoScopes");
-		this.mvc.perform(get("/authenticated").with(bearerToken(token))).andExpect(status().isNotFound());
+		// @formatter:off
+		this.mvc.perform(get("/authenticated").with(bearerToken(token)))
+				.andExpect(status().isNotFound());
+		// @formatter:on
 	}
 
 	@Test
 	public void getWhenUsingDefaultsWithNoBearerTokenThenUnauthorized() throws Exception {
 		this.spring.register(JwkSetUriConfig.class).autowire();
-		this.mvc.perform(get("/")).andExpect(status().isUnauthorized())
+		// @formatter:off
+		this.mvc.perform(get("/"))
+				.andExpect(status().isUnauthorized())
 				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, "Bearer"));
+		// @formatter:on
 	}
 
 	@Test
@@ -344,8 +395,11 @@ public class OAuth2ResourceServerConfigurerTests {
 		this.spring.register(RestOperationsConfig.class, DefaultConfig.class, BasicController.class).autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("ValidMessageReadScope");
-		this.mvc.perform(get("/requires-read-scope").with(bearerToken(token))).andExpect(status().isOk())
+		// @formatter:off
+		this.mvc.perform(get("/requires-read-scope").with(bearerToken(token)))
+				.andExpect(status().isOk())
 				.andExpect(content().string("[SCOPE_message:read]"));
+		// @formatter:on
 	}
 
 	@Test
@@ -353,8 +407,11 @@ public class OAuth2ResourceServerConfigurerTests {
 		this.spring.register(RestOperationsConfig.class, DefaultConfig.class, BasicController.class).autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("ValidNoScopes");
-		this.mvc.perform(get("/requires-read-scope").with(bearerToken(token))).andExpect(status().isForbidden())
+		// @formatter:off
+		this.mvc.perform(get("/requires-read-scope").with(bearerToken(token)))
+				.andExpect(status().isForbidden())
 				.andExpect(insufficientScopeHeader());
+		// @formatter:on
 	}
 
 	@Test
@@ -362,8 +419,11 @@ public class OAuth2ResourceServerConfigurerTests {
 		this.spring.register(RestOperationsConfig.class, DefaultConfig.class, BasicController.class).autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("ValidMessageWriteScp");
-		this.mvc.perform(get("/requires-read-scope").with(bearerToken(token))).andExpect(status().isForbidden())
+		// @formatter:off
+		this.mvc.perform(get("/requires-read-scope").with(bearerToken(token)))
+				.andExpect(status().isForbidden())
 				.andExpect(insufficientScopeHeader());
+		// @formatter:on
 	}
 
 	@Test
@@ -371,8 +431,11 @@ public class OAuth2ResourceServerConfigurerTests {
 		this.spring.register(RestOperationsConfig.class, DefaultConfig.class).autowire();
 		mockRestOperations(jwks("Empty"));
 		String token = this.token("ValidNoScopes");
-		this.mvc.perform(get("/").with(bearerToken(token))).andExpect(status().isUnauthorized())
+		// @formatter:off
+		this.mvc.perform(get("/").with(bearerToken(token)))
+				.andExpect(status().isUnauthorized())
 				.andExpect(invalidTokenHeader("An error occurred while attempting to decode the Jwt"));
+		// @formatter:on
 	}
 
 	@Test
@@ -380,8 +443,11 @@ public class OAuth2ResourceServerConfigurerTests {
 		this.spring.register(RestOperationsConfig.class, DefaultConfig.class, BasicController.class).autowire();
 		mockRestOperations(jwks("TwoKeys"));
 		String token = this.token("ValidNoScopes");
-		this.mvc.perform(get("/authenticated").with(bearerToken(token))).andExpect(status().isOk())
+		// @formatter:off
+		this.mvc.perform(get("/authenticated").with(bearerToken(token)))
+				.andExpect(status().isOk())
 				.andExpect(content().string("test-subject"));
+		// @formatter:on
 	}
 
 	@Test
@@ -389,8 +455,11 @@ public class OAuth2ResourceServerConfigurerTests {
 		this.spring.register(RestOperationsConfig.class, DefaultConfig.class, BasicController.class).autowire();
 		mockRestOperations(jwks("TwoKeys"));
 		String token = this.token("Kid");
-		this.mvc.perform(get("/authenticated").with(bearerToken(token))).andExpect(status().isOk())
+		// @formatter:off
+		this.mvc.perform(get("/authenticated").with(bearerToken(token)))
+				.andExpect(status().isOk())
 				.andExpect(content().string("test-subject"));
+		// @formatter:on
 	}
 
 	@Test
@@ -398,8 +467,11 @@ public class OAuth2ResourceServerConfigurerTests {
 		this.spring.register(RestOperationsConfig.class, MethodSecurityConfig.class, BasicController.class).autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("ValidMessageReadScope");
-		this.mvc.perform(get("/ms-requires-read-scope").with(bearerToken(token))).andExpect(status().isOk())
+		// @formatter:off
+		this.mvc.perform(get("/ms-requires-read-scope").with(bearerToken(token)))
+				.andExpect(status().isOk())
 				.andExpect(content().string("[SCOPE_message:read]"));
+		// @formatter:on
 	}
 
 	@Test
@@ -407,8 +479,11 @@ public class OAuth2ResourceServerConfigurerTests {
 		this.spring.register(RestOperationsConfig.class, MethodSecurityConfig.class, BasicController.class).autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("ValidMessageReadScp");
-		this.mvc.perform(get("/ms-requires-read-scope").with(bearerToken(token))).andExpect(status().isOk())
+		// @formatter:off
+		this.mvc.perform(get("/ms-requires-read-scope").with(bearerToken(token)))
+				.andExpect(status().isOk())
 				.andExpect(content().string("[SCOPE_message:read]"));
+		// @formatter:on
 	}
 
 	@Test
@@ -416,8 +491,11 @@ public class OAuth2ResourceServerConfigurerTests {
 		this.spring.register(RestOperationsConfig.class, MethodSecurityConfig.class, BasicController.class).autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("ValidNoScopes");
-		this.mvc.perform(get("/ms-requires-read-scope").with(bearerToken(token))).andExpect(status().isForbidden())
+		// @formatter:off
+		this.mvc.perform(get("/ms-requires-read-scope").with(bearerToken(token)))
+				.andExpect(status().isForbidden())
 				.andExpect(insufficientScopeHeader());
+		// @formatter:on
 	}
 
 	@Test
@@ -425,8 +503,11 @@ public class OAuth2ResourceServerConfigurerTests {
 		this.spring.register(RestOperationsConfig.class, MethodSecurityConfig.class, BasicController.class).autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("ValidMessageWriteScp");
-		this.mvc.perform(get("/ms-requires-read-scope").with(bearerToken(token))).andExpect(status().isForbidden())
+		// @formatter:off
+		this.mvc.perform(get("/ms-requires-read-scope").with(bearerToken(token)))
+				.andExpect(status().isForbidden())
 				.andExpect(insufficientScopeHeader());
+		// @formatter:on
 	}
 
 	@Test
@@ -434,8 +515,11 @@ public class OAuth2ResourceServerConfigurerTests {
 		this.spring.register(RestOperationsConfig.class, MethodSecurityConfig.class, BasicController.class).autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("ValidMessageReadScope");
-		this.mvc.perform(get("/ms-deny").with(bearerToken(token))).andExpect(status().isForbidden())
+		// @formatter:off
+		this.mvc.perform(get("/ms-deny").with(bearerToken(token)))
+				.andExpect(status().isForbidden())
 				.andExpect(insufficientScopeHeader());
+		// @formatter:on
 	}
 
 	@Test
@@ -443,15 +527,21 @@ public class OAuth2ResourceServerConfigurerTests {
 		this.spring.register(RestOperationsConfig.class, DefaultConfig.class, BasicController.class).autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("ValidNoScopes");
-		this.mvc.perform(post("/authenticated").with(bearerToken(token))).andExpect(status().isOk())
+		// @formatter:off
+		this.mvc.perform(post("/authenticated").with(bearerToken(token)))
+				.andExpect(status().isOk())
 				.andExpect(content().string("test-subject"));
+		// @formatter:on
 	}
 
 	@Test
 	public void postWhenUsingDefaultsWithNoBearerTokenThenCsrfDenies() throws Exception {
 		this.spring.register(JwkSetUriConfig.class).autowire();
-		this.mvc.perform(post("/authenticated")).andExpect(status().isForbidden())
+		// @formatter:off
+		this.mvc.perform(post("/authenticated"))
+				.andExpect(status().isForbidden())
 				.andExpect(header().doesNotExist(HttpHeaders.WWW_AUTHENTICATE));
+		// @formatter:on
 	}
 
 	@Test
@@ -459,8 +549,11 @@ public class OAuth2ResourceServerConfigurerTests {
 		this.spring.register(RestOperationsConfig.class, DefaultConfig.class).autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("Expired");
-		this.mvc.perform(post("/authenticated").with(bearerToken(token))).andExpect(status().isUnauthorized())
+		// @formatter:off
+		this.mvc.perform(post("/authenticated").with(bearerToken(token)))
+				.andExpect(status().isUnauthorized())
 				.andExpect(invalidTokenHeader("An error occurred while attempting to decode the Jwt"));
+		// @formatter:on
 	}
 
 	@Test
@@ -468,7 +561,11 @@ public class OAuth2ResourceServerConfigurerTests {
 		this.spring.register(RestOperationsConfig.class, DefaultConfig.class, BasicController.class).autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("ValidNoScopes");
-		MvcResult result = this.mvc.perform(get("/").with(bearerToken(token))).andExpect(status().isOk()).andReturn();
+		// @formatter:off
+		MvcResult result = this.mvc.perform(get("/").with(bearerToken(token)))
+				.andExpect(status().isOk())
+				.andReturn();
+		// @formatter:on
 		assertThat(result.getRequest().getSession(false)).isNull();
 	}
 
@@ -476,15 +573,23 @@ public class OAuth2ResourceServerConfigurerTests {
 	public void requestWhenIntrospectionConfiguredThenSessionIsNotCreated() throws Exception {
 		this.spring.register(RestOperationsConfig.class, OpaqueTokenConfig.class, BasicController.class).autowire();
 		mockRestOperations(json("Active"));
-		MvcResult result = this.mvc.perform(get("/authenticated").with(bearerToken("token"))).andExpect(status().isOk())
-				.andExpect(content().string("test-subject")).andReturn();
+		// @formatter:off
+		MvcResult result = this.mvc.perform(get("/authenticated").with(bearerToken("token")))
+				.andExpect(status().isOk())
+				.andExpect(content().string("test-subject"))
+				.andReturn();
+		// @formatter:on
 		assertThat(result.getRequest().getSession(false)).isNull();
 	}
 
 	@Test
 	public void requestWhenUsingDefaultsAndNoBearerTokenThenSessionIsCreated() throws Exception {
 		this.spring.register(JwkSetUriConfig.class, BasicController.class).autowire();
-		MvcResult result = this.mvc.perform(get("/")).andExpect(status().isUnauthorized()).andReturn();
+		// @formatter:off
+		MvcResult result = this.mvc.perform(get("/"))
+				.andExpect(status().isUnauthorized())
+				.andReturn();
+		// @formatter:on
 		assertThat(result.getRequest().getSession(false)).isNotNull();
 	}
 
@@ -494,7 +599,11 @@ public class OAuth2ResourceServerConfigurerTests {
 				.autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("ValidNoScopes");
-		MvcResult result = this.mvc.perform(get("/").with(bearerToken(token))).andExpect(status().isOk()).andReturn();
+		// @formatter:off
+		MvcResult result = this.mvc.perform(get("/").with(bearerToken(token)))
+				.andExpect(status().isOk())
+				.andReturn();
+		// @formatter:on
 		assertThat(result.getRequest().getSession(false)).isNotNull();
 	}
 
@@ -505,10 +614,14 @@ public class OAuth2ResourceServerConfigurerTests {
 				.autowire();
 		JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class);
 		given(decoder.decode(anyString())).willReturn(JWT);
-		this.mvc.perform(get("/authenticated").with(bearerToken(JWT_TOKEN))).andExpect(status().isOk())
+		// @formatter:off
+		this.mvc.perform(get("/authenticated").with(bearerToken(JWT_TOKEN)))
+				.andExpect(status().isOk())
 				.andExpect(content().string(JWT_SUBJECT));
-		this.mvc.perform(post("/authenticated").param("access_token", JWT_TOKEN)).andExpect(status().isOk())
+		this.mvc.perform(post("/authenticated").param("access_token", JWT_TOKEN))
+				.andExpect(status().isOk())
 				.andExpect(content().string(JWT_SUBJECT));
+		// @formatter:on
 	}
 
 	@Test
@@ -519,10 +632,14 @@ public class OAuth2ResourceServerConfigurerTests {
 				.autowire();
 		JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class);
 		given(decoder.decode(anyString())).willReturn(JWT);
-		this.mvc.perform(get("/authenticated").with(bearerToken(JWT_TOKEN))).andExpect(status().isOk())
+		// @formatter:off
+		this.mvc.perform(get("/authenticated").with(bearerToken(JWT_TOKEN)))
+				.andExpect(status().isOk())
 				.andExpect(content().string(JWT_SUBJECT));
-		this.mvc.perform(get("/authenticated").param("access_token", JWT_TOKEN)).andExpect(status().isOk())
+		this.mvc.perform(get("/authenticated").param("access_token", JWT_TOKEN))
+				.andExpect(status().isOk())
 				.andExpect(content().string(JWT_SUBJECT));
+		// @formatter:on
 	}
 
 	@Test
@@ -532,10 +649,15 @@ public class OAuth2ResourceServerConfigurerTests {
 				.autowire();
 		JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class);
 		given(decoder.decode(anyString())).willReturn(JWT);
-		this.mvc.perform(
-				post("/authenticated").param("access_token", JWT_TOKEN).with(bearerToken(JWT_TOKEN)).with(csrf()))
+		// @formatter:off
+		MockHttpServletRequestBuilder request = post("/authenticated")
+				.param("access_token", JWT_TOKEN)
+				.with(bearerToken(JWT_TOKEN))
+				.with(csrf());
+		this.mvc.perform(request)
 				.andExpect(status().isBadRequest())
 				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, containsString("invalid_request")));
+		// @formatter:on
 	}
 
 	@Test
@@ -546,9 +668,14 @@ public class OAuth2ResourceServerConfigurerTests {
 				.autowire();
 		JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class);
 		given(decoder.decode(anyString())).willReturn(JWT);
-		this.mvc.perform(get("/authenticated").with(bearerToken(JWT_TOKEN)).param("access_token", JWT_TOKEN))
+		// @formatter:off
+		MockHttpServletRequestBuilder request = get("/authenticated")
+				.with(bearerToken(JWT_TOKEN))
+				.param("access_token", JWT_TOKEN);
+		this.mvc.perform(request)
 				.andExpect(status().isBadRequest())
 				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, containsString("invalid_request")));
+		// @formatter:on
 	}
 
 	@Test
@@ -597,8 +724,11 @@ public class OAuth2ResourceServerConfigurerTests {
 		CustomJwtDecoderOnDsl config = this.spring.getContext().getBean(CustomJwtDecoderOnDsl.class);
 		JwtDecoder decoder = config.decoder();
 		given(decoder.decode(anyString())).willReturn(JWT);
-		this.mvc.perform(get("/authenticated").with(bearerToken(JWT_TOKEN))).andExpect(status().isOk())
+		// @formatter:off
+		this.mvc.perform(get("/authenticated").with(bearerToken(JWT_TOKEN)))
+				.andExpect(status().isOk())
 				.andExpect(content().string(JWT_SUBJECT));
+		// @formatter:on
 	}
 
 	@Test
@@ -607,8 +737,11 @@ public class OAuth2ResourceServerConfigurerTests {
 		CustomJwtDecoderInLambdaOnDsl config = this.spring.getContext().getBean(CustomJwtDecoderInLambdaOnDsl.class);
 		JwtDecoder decoder = config.decoder();
 		given(decoder.decode(anyString())).willReturn(JWT);
-		this.mvc.perform(get("/authenticated").with(bearerToken(JWT_TOKEN))).andExpect(status().isOk())
+		// @formatter:off
+		this.mvc.perform(get("/authenticated").with(bearerToken(JWT_TOKEN)))
+				.andExpect(status().isOk())
 				.andExpect(content().string(JWT_SUBJECT));
+		// @formatter:on
 	}
 
 	@Test
@@ -616,8 +749,11 @@ public class OAuth2ResourceServerConfigurerTests {
 		this.spring.register(CustomJwtDecoderAsBean.class, BasicController.class).autowire();
 		JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class);
 		given(decoder.decode(anyString())).willReturn(JWT);
-		this.mvc.perform(get("/authenticated").with(bearerToken(JWT_TOKEN))).andExpect(status().isOk())
+		// @formatter:off
+		this.mvc.perform(get("/authenticated").with(bearerToken(JWT_TOKEN)))
+				.andExpect(status().isOk())
 				.andExpect(content().string(JWT_SUBJECT));
+		// @formatter:on
 	}
 
 	@Test
@@ -686,8 +822,11 @@ public class OAuth2ResourceServerConfigurerTests {
 		this.spring.register(RealmNameConfiguredOnEntryPoint.class, JwtDecoderConfig.class).autowire();
 		JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class);
 		given(decoder.decode(anyString())).willThrow(JwtException.class);
-		this.mvc.perform(get("/authenticated").with(bearerToken("invalid_token"))).andExpect(status().isUnauthorized())
+		// @formatter:off
+		this.mvc.perform(get("/authenticated").with(bearerToken("invalid_token")))
+				.andExpect(status().isUnauthorized())
 				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer realm=\"myRealm\"")));
+		// @formatter:on
 	}
 
 	@Test
@@ -695,9 +834,11 @@ public class OAuth2ResourceServerConfigurerTests {
 		this.spring.register(RealmNameConfiguredOnAccessDeniedHandler.class, JwtDecoderConfig.class).autowire();
 		JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class);
 		given(decoder.decode(anyString())).willReturn(JWT);
+		// @formatter:off
 		this.mvc.perform(get("/authenticated").with(bearerToken("insufficiently_scoped")))
 				.andExpect(status().isForbidden())
 				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer realm=\"myRealm\"")));
+		// @formatter:on
 	}
 
 	@Test
@@ -723,8 +864,11 @@ public class OAuth2ResourceServerConfigurerTests {
 				.getJwtValidator();
 		OAuth2Error error = new OAuth2Error("custom-error", "custom-description", "custom-uri");
 		given(jwtValidator.validate(any(Jwt.class))).willReturn(OAuth2TokenValidatorResult.failure(error));
-		this.mvc.perform(get("/").with(bearerToken(token))).andExpect(status().isUnauthorized())
+		// @formatter:off
+		this.mvc.perform(get("/").with(bearerToken(token)))
+				.andExpect(status().isUnauthorized())
 				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, containsString("custom-description")));
+		// @formatter:on
 	}
 
 	@Test
@@ -733,7 +877,10 @@ public class OAuth2ResourceServerConfigurerTests {
 				.autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("ExpiresAt4687177990");
-		this.mvc.perform(get("/").with(bearerToken(token))).andExpect(status().isOk());
+		// @formatter:off
+		this.mvc.perform(get("/").with(bearerToken(token)))
+				.andExpect(status().isOk());
+		// @formatter:on
 	}
 
 	@Test
@@ -742,8 +889,11 @@ public class OAuth2ResourceServerConfigurerTests {
 				.autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("ExpiresAt4687177990");
-		this.mvc.perform(get("/").with(bearerToken(token))).andExpect(status().isUnauthorized())
+		// @formatter:off
+		this.mvc.perform(get("/").with(bearerToken(token)))
+				.andExpect(status().isUnauthorized())
 				.andExpect(invalidTokenHeader("Jwt expired at"));
+		// @formatter:on
 	}
 
 	@Test
@@ -755,7 +905,10 @@ public class OAuth2ResourceServerConfigurerTests {
 		given(jwtAuthenticationConverter.convert(JWT)).willReturn(JWT_AUTHENTICATION_TOKEN);
 		JwtDecoder jwtDecoder = this.spring.getContext().getBean(JwtDecoder.class);
 		given(jwtDecoder.decode(anyString())).willReturn(JWT);
-		this.mvc.perform(get("/").with(bearerToken(JWT_TOKEN))).andExpect(status().isOk());
+		// @formatter:off
+		this.mvc.perform(get("/").with(bearerToken(JWT_TOKEN)))
+				.andExpect(status().isOk());
+		// @formatter:on
 		verify(jwtAuthenticationConverter).convert(JWT);
 	}
 
@@ -766,28 +919,40 @@ public class OAuth2ResourceServerConfigurerTests {
 				.autowire();
 		JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class);
 		given(decoder.decode(JWT_TOKEN)).willReturn(JWT);
-		this.mvc.perform(get("/requires-read-scope").with(bearerToken(JWT_TOKEN))).andExpect(status().isOk());
+		// @formatter:off
+		this.mvc.perform(get("/requires-read-scope").with(bearerToken(JWT_TOKEN)))
+				.andExpect(status().isOk());
+		// @formatter:on
 	}
 
 	@Test
 	public void requestWhenUsingPublicKeyAndValidTokenThenAuthenticates() throws Exception {
 		this.spring.register(SingleKeyConfig.class, BasicController.class).autowire();
 		String token = this.token("ValidNoScopes");
-		this.mvc.perform(get("/").with(bearerToken(token))).andExpect(status().isOk());
+		// @formatter:off
+		this.mvc.perform(get("/").with(bearerToken(token)))
+				.andExpect(status().isOk());
+		// @formatter:on
 	}
 
 	@Test
 	public void requestWhenUsingPublicKeyAndSignatureFailsThenReturnsInvalidToken() throws Exception {
 		this.spring.register(SingleKeyConfig.class).autowire();
 		String token = this.token("WrongSignature");
-		this.mvc.perform(get("/").with(bearerToken(token))).andExpect(invalidTokenHeader("signature"));
+		// @formatter:off
+		this.mvc.perform(get("/").with(bearerToken(token)))
+				.andExpect(invalidTokenHeader("signature"));
+		// @formatter:on
 	}
 
 	@Test
 	public void requestWhenUsingPublicKeyAlgorithmDoesNotMatchThenReturnsInvalidToken() throws Exception {
 		this.spring.register(SingleKeyConfig.class).autowire();
 		String token = this.token("WrongAlgorithm");
-		this.mvc.perform(get("/").with(bearerToken(token))).andExpect(invalidTokenHeader("algorithm"));
+		// @formatter:off
+		this.mvc.perform(get("/").with(bearerToken(token)))
+				.andExpect(invalidTokenHeader("algorithm"));
+		// @formatter:on
 	}
 
 	// gh-7793
@@ -805,8 +970,11 @@ public class OAuth2ResourceServerConfigurerTests {
 		this.spring.register(JwtAuthenticationManagerConfig.class, BasicController.class).autowire();
 		given(bean(AuthenticationProvider.class).authenticate(any(Authentication.class)))
 				.willReturn(JWT_AUTHENTICATION_TOKEN);
-		this.mvc.perform(get("/authenticated").with(bearerToken("token"))).andExpect(status().isOk())
+		// @formatter:off
+		this.mvc.perform(get("/authenticated").with(bearerToken("token")))
+				.andExpect(status().isOk())
 				.andExpect(content().string("mock-test-subject"));
+		// @formatter:on
 		verifyBean(AuthenticationProvider.class).authenticate(any(Authentication.class));
 	}
 
@@ -814,8 +982,11 @@ public class OAuth2ResourceServerConfigurerTests {
 	public void getWhenIntrospectingThenOk() throws Exception {
 		this.spring.register(RestOperationsConfig.class, OpaqueTokenConfig.class, BasicController.class).autowire();
 		mockRestOperations(json("Active"));
-		this.mvc.perform(get("/authenticated").with(bearerToken("token"))).andExpect(status().isOk())
+		// @formatter:off
+		this.mvc.perform(get("/authenticated").with(bearerToken("token")))
+				.andExpect(status().isOk())
 				.andExpect(content().string("test-subject"));
+		// @formatter:on
 	}
 
 	@Test
@@ -823,24 +994,33 @@ public class OAuth2ResourceServerConfigurerTests {
 		this.spring.register(RestOperationsConfig.class, OpaqueTokenInLambdaConfig.class, BasicController.class)
 				.autowire();
 		mockRestOperations(json("Active"));
-		this.mvc.perform(get("/authenticated").with(bearerToken("token"))).andExpect(status().isOk())
+		// @formatter:off
+		this.mvc.perform(get("/authenticated").with(bearerToken("token")))
+				.andExpect(status().isOk())
 				.andExpect(content().string("test-subject"));
+		// @formatter:on
 	}
 
 	@Test
 	public void getWhenIntrospectionFailsThenUnauthorized() throws Exception {
 		this.spring.register(RestOperationsConfig.class, OpaqueTokenConfig.class).autowire();
 		mockRestOperations(json("Inactive"));
-		this.mvc.perform(get("/").with(bearerToken("token"))).andExpect(status().isUnauthorized()).andExpect(
-				header().string(HttpHeaders.WWW_AUTHENTICATE, containsString("Provided token isn't active")));
+		// @formatter:off
+		this.mvc.perform(get("/").with(bearerToken("token")))
+				.andExpect(status().isUnauthorized())
+				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, containsString("Provided token isn't active")));
+		// @formatter:on
 	}
 
 	@Test
 	public void getWhenIntrospectionLacksScopeThenForbidden() throws Exception {
 		this.spring.register(RestOperationsConfig.class, OpaqueTokenConfig.class).autowire();
 		mockRestOperations(json("ActiveNoScopes"));
-		this.mvc.perform(get("/requires-read-scope").with(bearerToken("token"))).andExpect(status().isForbidden())
+		// @formatter:off
+		this.mvc.perform(get("/requires-read-scope").with(bearerToken("token")))
+				.andExpect(status().isForbidden())
 				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, containsString("scope")));
+		// @formatter:on
 	}
 
 	@Test
@@ -848,8 +1028,11 @@ public class OAuth2ResourceServerConfigurerTests {
 		this.spring.register(OpaqueTokenAuthenticationManagerConfig.class, BasicController.class).autowire();
 		given(bean(AuthenticationProvider.class).authenticate(any(Authentication.class)))
 				.willReturn(INTROSPECTION_AUTHENTICATION_TOKEN);
-		this.mvc.perform(get("/authenticated").with(bearerToken("token"))).andExpect(status().isOk())
+		// @formatter:off
+		this.mvc.perform(get("/authenticated").with(bearerToken("token")))
+				.andExpect(status().isOk())
 				.andExpect(content().string("mock-test-subject"));
+		// @formatter:on
 		verifyBean(AuthenticationProvider.class).authenticate(any(Authentication.class));
 	}
 
@@ -858,8 +1041,11 @@ public class OAuth2ResourceServerConfigurerTests {
 		this.spring.register(OpaqueTokenAuthenticationManagerInLambdaConfig.class, BasicController.class).autowire();
 		given(bean(AuthenticationProvider.class).authenticate(any(Authentication.class)))
 				.willReturn(INTROSPECTION_AUTHENTICATION_TOKEN);
-		this.mvc.perform(get("/authenticated").with(bearerToken("token"))).andExpect(status().isOk())
+		// @formatter:off
+		this.mvc.perform(get("/authenticated").with(bearerToken("token")))
+				.andExpect(status().isOk())
 				.andExpect(content().string("mock-test-subject"));
+		// @formatter:on
 		verifyBean(AuthenticationProvider.class).authenticate(any(Authentication.class));
 	}
 
@@ -903,12 +1089,17 @@ public class OAuth2ResourceServerConfigurerTests {
 		this.spring.register(BasicAndResourceServerConfig.class, JwtDecoderConfig.class).autowire();
 		JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class);
 		given(decoder.decode(anyString())).willThrow(JwtException.class);
-		this.mvc.perform(get("/authenticated").with(httpBasic("some", "user"))).andExpect(status().isUnauthorized())
+		// @formatter:off
+		this.mvc.perform(get("/authenticated").with(httpBasic("some", "user")))
+				.andExpect(status().isUnauthorized())
 				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, startsWith("Basic")));
-		this.mvc.perform(get("/authenticated")).andExpect(status().isUnauthorized())
+		this.mvc.perform(get("/authenticated"))
+				.andExpect(status().isUnauthorized())
 				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, startsWith("Basic")));
-		this.mvc.perform(get("/authenticated").with(bearerToken("invalid_token"))).andExpect(status().isUnauthorized())
+		this.mvc.perform(get("/authenticated").with(bearerToken("invalid_token")))
+				.andExpect(status().isUnauthorized())
 				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer")));
+		// @formatter:on
 	}
 
 	@Test
@@ -916,11 +1107,18 @@ public class OAuth2ResourceServerConfigurerTests {
 		this.spring.register(FormAndResourceServerConfig.class, JwtDecoderConfig.class).autowire();
 		JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class);
 		given(decoder.decode(anyString())).willThrow(JwtException.class);
-		MvcResult result = this.mvc.perform(get("/authenticated")).andExpect(status().isFound())
-				.andExpect(redirectedUrl("http://localhost/login")).andReturn();
-		assertThat(result.getRequest().getSession(false)).isNotNull();
-		result = this.mvc.perform(get("/authenticated").with(bearerToken("token"))).andExpect(status().isUnauthorized())
+		// @formatter:off
+		MvcResult result = this.mvc.perform(get("/authenticated"))
+				.andExpect(status().isFound())
+				.andExpect(redirectedUrl("http://localhost/login"))
 				.andReturn();
+		// @formatter:on
+		assertThat(result.getRequest().getSession(false)).isNotNull();
+		// @formatter:off
+		result = this.mvc.perform(get("/authenticated").with(bearerToken("token")))
+				.andExpect(status().isUnauthorized())
+				.andReturn();
+		// @formatter:on
 		assertThat(result.getRequest().getSession(false)).isNull();
 	}
 
@@ -931,11 +1129,14 @@ public class OAuth2ResourceServerConfigurerTests {
 				.autowire();
 		JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class);
 		given(decoder.decode(anyString())).willReturn(JWT);
+		// @formatter:off
 		this.mvc.perform(get("/authenticated").with(httpBasic("basic-user", "basic-password")))
-				.andExpect(status().isForbidden()).andExpect(header().doesNotExist(HttpHeaders.WWW_AUTHENTICATE));
+				.andExpect(status().isForbidden())
+				.andExpect(header().doesNotExist(HttpHeaders.WWW_AUTHENTICATE));
 		this.mvc.perform(get("/authenticated").with(bearerToken("insufficiently_scoped")))
 				.andExpect(status().isForbidden())
 				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer")));
+		// @formatter:on
 	}
 
 	@Test
@@ -944,10 +1145,14 @@ public class OAuth2ResourceServerConfigurerTests {
 				.autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("ValidNoScopes");
-		this.mvc.perform(get("/authenticated").with(bearerToken(token))).andExpect(status().isOk())
+		// @formatter:off
+		this.mvc.perform(get("/authenticated").with(bearerToken(token)))
+				.andExpect(status().isOk())
 				.andExpect(content().string("test-subject"));
 		this.mvc.perform(get("/authenticated").with(httpBasic("basic-user", "basic-password")))
-				.andExpect(status().isOk()).andExpect(content().string("basic-user"));
+				.andExpect(status().isOk())
+				.andExpect(content().string("basic-user"));
+		// @formatter:on
 	}
 
 	@Test
@@ -980,16 +1185,25 @@ public class OAuth2ResourceServerConfigurerTests {
 		String jwtThree = jwtFromIssuer(issuerThree);
 		mockWebServer(String.format(metadata, issuerOne, issuerOne));
 		mockWebServer(jwkSet);
-		this.mvc.perform(get("/authenticated").with(bearerToken(jwtOne))).andExpect(status().isOk())
+		// @formatter:off
+		this.mvc.perform(get("/authenticated").with(bearerToken(jwtOne)))
+				.andExpect(status().isOk())
 				.andExpect(content().string("test-subject"));
+		// @formatter:on
 		mockWebServer(String.format(metadata, issuerTwo, issuerTwo));
 		mockWebServer(jwkSet);
-		this.mvc.perform(get("/authenticated").with(bearerToken(jwtTwo))).andExpect(status().isOk())
+		// @formatter:off
+		this.mvc.perform(get("/authenticated").with(bearerToken(jwtTwo)))
+				.andExpect(status().isOk())
 				.andExpect(content().string("test-subject"));
+		// @formatter:on
 		mockWebServer(String.format(metadata, issuerThree, issuerThree));
 		mockWebServer(jwkSet);
-		this.mvc.perform(get("/authenticated").with(bearerToken(jwtThree))).andExpect(status().isUnauthorized())
+		// @formatter:off
+		this.mvc.perform(get("/authenticated").with(bearerToken(jwtThree)))
+				.andExpect(status().isUnauthorized())
 				.andExpect(invalidTokenHeader("Invalid issuer"));
+		// @formatter:on
 	}
 
 	@Test
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurerTests.java
index e4dfd717b0..420e8e1a0b 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurerTests.java
@@ -40,6 +40,7 @@ import org.springframework.security.openid.OpenIDAuthenticationFilter;
 import org.springframework.security.openid.OpenIDAuthenticationProvider;
 import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.test.web.servlet.MvcResult;
+import org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
@@ -84,15 +85,21 @@ public class OpenIDLoginConfigurerTests {
 	@Test
 	public void openidLoginWhenInvokedTwiceThenUsesOriginalLoginPage() throws Exception {
 		this.spring.register(InvokeTwiceDoesNotOverrideConfig.class).autowire();
-		this.mvc.perform(get("/")).andExpect(status().isFound())
+		// @formatter:off
+		this.mvc.perform(get("/"))
+				.andExpect(status().isFound())
 				.andExpect(redirectedUrl("http://localhost/login/custom"));
+		// @formatter:on
 	}
 
 	@Test
 	public void requestWhenOpenIdLoginPageInLambdaThenRedirectsToLoginPAge() throws Exception {
 		this.spring.register(OpenIdLoginPageInLambdaConfig.class).autowire();
-		this.mvc.perform(get("/")).andExpect(status().isFound())
+		// @formatter:off
+		this.mvc.perform(get("/"))
+				.andExpect(status().isFound())
 				.andExpect(redirectedUrl("http://localhost/login/custom"));
+		// @formatter:on
 	}
 
 	@Test
@@ -144,11 +151,15 @@ public class OpenIDLoginConfigurerTests {
 			server.enqueue(new MockResponse().addHeader(YadisResolver.YADIS_XRDS_LOCATION, endpoint));
 			server.enqueue(new MockResponse()
 					.setBody(String.format("<XRDS><XRD><Service><URI>%s</URI></Service></XRD></XRDS>", endpoint)));
-			MvcResult mvcResult = this.mvc.perform(
-					get("/login/openid").param(OpenIDAuthenticationFilter.DEFAULT_CLAIMED_IDENTITY_FIELD, endpoint))
-					.andExpect(status().isFound()).andReturn();
+			// @formatter:off
+			MockHttpServletRequestBuilder request = get("/login/openid")
+					.param(OpenIDAuthenticationFilter.DEFAULT_CLAIMED_IDENTITY_FIELD, endpoint);
+			MvcResult mvcResult = this.mvc.perform(request)
+					.andExpect(status().isFound())
+					.andReturn();
 			Object attributeObject = mvcResult.getRequest().getSession()
 					.getAttribute("SPRING_SECURITY_OPEN_ID_ATTRIBUTES_FETCH_LIST");
+			// @formatter:on
 			assertThat(attributeObject).isInstanceOf(List.class);
 			List<OpenIDAttribute> attributeList = (List<OpenIDAttribute>) attributeObject;
 			assertThat(attributeList).hasSize(1);
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurerTests.java
index 1b3462112e..a0d3893db7 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurerTests.java
@@ -82,6 +82,7 @@ import org.springframework.security.web.context.SecurityContextRepository;
 import org.springframework.test.util.ReflectionTestUtils;
 import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.test.web.servlet.MvcResult;
+import org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder;
 import org.springframework.web.util.UriComponents;
 import org.springframework.web.util.UriComponentsBuilder;
 
@@ -198,8 +199,11 @@ public class Saml2LoginConfigurerTests {
 		String response = new String(samlDecode(SIGNED_RESPONSE));
 		given(CustomAuthenticationConverter.authenticationConverter.convert(any(HttpServletRequest.class)))
 				.willReturn(new Saml2AuthenticationToken(relyingPartyRegistration, response));
-		this.mvc.perform(post("/login/saml2/sso/" + relyingPartyRegistration.getRegistrationId()).param("SAMLResponse",
-				SIGNED_RESPONSE)).andExpect(redirectedUrl("/"));
+		// @formatter:off
+		MockHttpServletRequestBuilder request = post("/login/saml2/sso/" + relyingPartyRegistration.getRegistrationId())
+				.param("SAMLResponse", SIGNED_RESPONSE);
+		// @formatter:on
+		this.mvc.perform(request).andExpect(redirectedUrl("/"));
 		verify(CustomAuthenticationConverter.authenticationConverter).convert(any(HttpServletRequest.class));
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/TestSaml2Credentials.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/TestSaml2Credentials.java
index 3952a19c1a..32d753450f 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/TestSaml2Credentials.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/TestSaml2Credentials.java
@@ -35,6 +35,7 @@ public final class TestSaml2Credentials {
 	}
 
 	static Saml2X509Credential verificationCertificate() {
+		// @formatter:off
 		String certificate = "-----BEGIN CERTIFICATE-----\n"
 				+ "MIIEEzCCAvugAwIBAgIJAIc1qzLrv+5nMA0GCSqGSIb3DQEBCwUAMIGfMQswCQYD\n"
 				+ "VQQGEwJVUzELMAkGA1UECAwCQ08xFDASBgNVBAcMC0Nhc3RsZSBSb2NrMRwwGgYD\n"
@@ -57,7 +58,9 @@ public final class TestSaml2Credentials {
 				+ "ZnrV+oc2zGD+no1/ySFOe3EiJCO5dehxKjYEmBRv5sU/LZFKZpozKN/BMEa6CqLu\n"
 				+ "xbzb7ykxVr7EVFXwltPxzE9TmL9OACNNyF5eJHWMRMllarUvkcXlh4pux4ks9e6z\n"
 				+ "V9DQBy2zds9f1I3qxg0eX6JnGrXi/ZiCT+lJgVe3ZFXiejiLAiKB04sXW3ti0LW3\n"
-				+ "lx13Y1YlQ4/tlpgTgfIJxKV6nyPiLoK0nywbMd+vpAirDt2Oc+hk\n" + "-----END CERTIFICATE-----";
+				+ "lx13Y1YlQ4/tlpgTgfIJxKV6nyPiLoK0nywbMd+vpAirDt2Oc+hk\n"
+				+ "-----END CERTIFICATE-----";
+		// @formatter:on
 		return new Saml2X509Credential(x509Certificate(certificate), Saml2X509CredentialType.VERIFICATION);
 	}
 
@@ -73,6 +76,7 @@ public final class TestSaml2Credentials {
 	}
 
 	static Saml2X509Credential signingCredential() {
+		// @formatter:off
 		String key = "-----BEGIN PRIVATE KEY-----\n"
 				+ "MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBANG7v8QjQGU3MwQE\n"
 				+ "VUBxvH6Uuiy/MhZT7TV0ZNjyAF2ExA1gpn3aUxx6jYK5UnrpxRRE/KbeLucYbOhK\n"
@@ -86,8 +90,11 @@ public final class TestSaml2Credentials {
 				+ "EGvYtQJBAMm/i9NR7IVyyNIgZUpz5q4LI21rl1r4gUQuD8vA36zM81i4ROeuCly0\n"
 				+ "KkfdxR4PUfnKcQCX11YnHjk9uTFj75ECQEFY/gBnxDjzqyF35hAzrYIiMPQVfznt\n"
 				+ "YX/sDTE2AdVBVGaMj1Cb51bPHnNC6Q5kXKQnj/YrLqRQND09Q7ParX0CQQC5NxZr\n"
-				+ "9jKqhHj8yQD6PlXTsY4Occ7DH6/IoDenfdEVD5qlet0zmd50HatN2Jiqm5ubN7CM\n" + "INrtuLp4YHbgk1mi\n"
+				+ "9jKqhHj8yQD6PlXTsY4Occ7DH6/IoDenfdEVD5qlet0zmd50HatN2Jiqm5ubN7CM\n"
+				+ "INrtuLp4YHbgk1mi\n"
 				+ "-----END PRIVATE KEY-----";
+		// @formatter:on
+		// @formatter:off
 		String certificate = "-----BEGIN CERTIFICATE-----\n"
 				+ "MIICgTCCAeoCCQCuVzyqFgMSyDANBgkqhkiG9w0BAQsFADCBhDELMAkGA1UEBhMC\n"
 				+ "VVMxEzARBgNVBAgMCldhc2hpbmd0b24xEjAQBgNVBAcMCVZhbmNvdXZlcjEdMBsG\n"
@@ -102,7 +109,9 @@ public final class TestSaml2Credentials {
 				+ "y3Q6x+I4qakY/9qhBQIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAAeViTvHOyQopWEi\n"
 				+ "XOfI2Z9eukwrSknDwq/zscR0YxwwqDBMt/QdAODfSwAfnciiYLkmEjlozWRtOeN+\n"
 				+ "qK7UFgP1bRl5qksrYX5S0z2iGJh0GvonLUt3e20Ssfl5tTEDDnAEUMLfBkyaxEHD\n"
-				+ "RZ/nbTJ7VTeZOSyRoVn5XHhpuJ0B\n" + "-----END CERTIFICATE-----";
+				+ "RZ/nbTJ7VTeZOSyRoVn5XHhpuJ0B\n"
+				+ "-----END CERTIFICATE-----";
+		// @formatter:on
 		PrivateKey pk = RsaKeyConverters.pkcs8().convert(new ByteArrayInputStream(key.getBytes()));
 		X509Certificate cert = x509Certificate(certificate);
 		return new Saml2X509Credential(pk, cert, Saml2X509CredentialType.SIGNING, Saml2X509CredentialType.DECRYPTION);
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistryTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistryTests.java
index 5c9908836c..68d23d130e 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistryTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistryTests.java
@@ -49,9 +49,12 @@ public class MessageSecurityMetadataSourceRegistryTests {
 	@Before
 	public void setup() {
 		this.messages = new MessageSecurityMetadataSourceRegistry();
+		// @formatter:off
 		this.message = MessageBuilder.withPayload("Hi")
 				.setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "location")
-				.setHeader(SimpMessageHeaderAccessor.MESSAGE_TYPE_HEADER, SimpMessageType.MESSAGE).build();
+				.setHeader(SimpMessageHeaderAccessor.MESSAGE_TYPE_HEADER, SimpMessageType.MESSAGE)
+				.build();
+		// @formatter:on
 	}
 
 	// See
@@ -59,24 +62,36 @@ public class MessageSecurityMetadataSourceRegistryTests {
 	// https://jira.spring.io/browse/SPR-11660
 	@Test
 	public void simpDestMatchersCustom() {
+		// @formatter:off
 		this.message = MessageBuilder.withPayload("Hi")
-				.setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "price.stock.1.2").build();
+				.setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "price.stock.1.2")
+				.build();
+		// @formatter:on
 		this.messages.simpDestPathMatcher(new AntPathMatcher(".")).simpDestMatchers("price.stock.*").permitAll();
 		assertThat(getAttribute()).isNull();
+		// @formatter:off
 		this.message = MessageBuilder.withPayload("Hi")
-				.setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "price.stock.1.2").build();
+				.setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "price.stock.1.2")
+				.build();
+		// @formatter:on
 		this.messages.simpDestPathMatcher(new AntPathMatcher(".")).simpDestMatchers("price.stock.**").permitAll();
 		assertThat(getAttribute()).isEqualTo("permitAll");
 	}
 
 	@Test
 	public void simpDestMatchersCustomSetAfterMatchersDoesNotMatter() {
+		// @formatter:off
 		this.message = MessageBuilder.withPayload("Hi")
-				.setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "price.stock.1.2").build();
+				.setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "price.stock.1.2")
+				.build();
+		// @formatter:on
 		this.messages.simpDestMatchers("price.stock.*").permitAll().simpDestPathMatcher(new AntPathMatcher("."));
 		assertThat(getAttribute()).isNull();
+		// @formatter:off
 		this.message = MessageBuilder.withPayload("Hi")
-				.setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "price.stock.1.2").build();
+				.setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "price.stock.1.2")
+				.build();
+		// @formatter:on
 		this.messages.simpDestMatchers("price.stock.**").permitAll().simpDestPathMatcher(new AntPathMatcher("."));
 		assertThat(getAttribute()).isEqualTo("permitAll");
 	}
@@ -107,26 +122,41 @@ public class MessageSecurityMetadataSourceRegistryTests {
 
 	@Test
 	public void simpDestMatchersMulti() {
-		this.messages.simpDestMatchers("admin/**", "api/**").hasRole("ADMIN").simpDestMatchers("location").permitAll();
+		// @formatter:off
+		this.messages
+				.simpDestMatchers("admin/**", "api/**").hasRole("ADMIN")
+				.simpDestMatchers("location").permitAll();
+		// @formatter:on
 		assertThat(getAttribute()).isEqualTo("permitAll");
 	}
 
 	@Test
 	public void simpDestMatchersRole() {
-		this.messages.simpDestMatchers("admin/**", "location/**").hasRole("ADMIN").anyMessage().denyAll();
+		// @formatter:off
+		this.messages
+				.simpDestMatchers("admin/**", "location/**").hasRole("ADMIN")
+				.anyMessage().denyAll();
+		// @formatter:on
 		assertThat(getAttribute()).isEqualTo("hasRole('ROLE_ADMIN')");
 	}
 
 	@Test
 	public void simpDestMatchersAnyRole() {
-		this.messages.simpDestMatchers("admin/**", "location/**").hasAnyRole("ADMIN", "ROOT").anyMessage().denyAll();
+		// @formatter:off
+		this.messages
+				.simpDestMatchers("admin/**", "location/**").hasAnyRole("ADMIN", "ROOT")
+				.anyMessage().denyAll();
+		// @formatter:on
 		assertThat(getAttribute()).isEqualTo("hasAnyRole('ROLE_ADMIN','ROLE_ROOT')");
 	}
 
 	@Test
 	public void simpDestMatchersAuthority() {
-		this.messages.simpDestMatchers("admin/**", "location/**").hasAuthority("ROLE_ADMIN").anyMessage()
-				.fullyAuthenticated();
+		// @formatter:off
+		this.messages
+				.simpDestMatchers("admin/**", "location/**").hasAuthority("ROLE_ADMIN")
+				.anyMessage().fullyAuthenticated();
+		// @formatter:on
 		assertThat(getAttribute()).isEqualTo("hasAuthority('ROLE_ADMIN')");
 	}
 
@@ -139,98 +169,157 @@ public class MessageSecurityMetadataSourceRegistryTests {
 
 	@Test
 	public void simpDestMatchersAnyAuthority() {
-		this.messages.simpDestMatchers("admin/**", "location/**").hasAnyAuthority("ROLE_ADMIN", "ROLE_ROOT")
+		// @formatter:off
+		this.messages
+				.simpDestMatchers("admin/**", "location/**").hasAnyAuthority("ROLE_ADMIN", "ROLE_ROOT")
 				.anyMessage().denyAll();
+		// @formatter:on
 		assertThat(getAttribute()).isEqualTo("hasAnyAuthority('ROLE_ADMIN','ROLE_ROOT')");
 	}
 
 	@Test
 	public void simpDestMatchersRememberMe() {
-		this.messages.simpDestMatchers("admin/**", "location/**").rememberMe().anyMessage().denyAll();
+		// @formatter:off
+		this.messages
+				.simpDestMatchers("admin/**", "location/**").rememberMe()
+				.anyMessage().denyAll();
+		// @formatter:on
 		assertThat(getAttribute()).isEqualTo("rememberMe");
 	}
 
 	@Test
 	public void simpDestMatchersAnonymous() {
-		this.messages.simpDestMatchers("admin/**", "location/**").anonymous().anyMessage().denyAll();
+		// @formatter:off
+		this.messages
+				.simpDestMatchers("admin/**", "location/**").anonymous()
+				.anyMessage().denyAll();
+		// @formatter:on
 		assertThat(getAttribute()).isEqualTo("anonymous");
 	}
 
 	@Test
 	public void simpDestMatchersFullyAuthenticated() {
-		this.messages.simpDestMatchers("admin/**", "location/**").fullyAuthenticated().anyMessage().denyAll();
+		// @formatter:off
+		this.messages
+				.simpDestMatchers("admin/**", "location/**").fullyAuthenticated()
+				.anyMessage().denyAll();
+		// @formatter:on
 		assertThat(getAttribute()).isEqualTo("fullyAuthenticated");
 	}
 
 	@Test
 	public void simpDestMatchersDenyAll() {
-		this.messages.simpDestMatchers("admin/**", "location/**").denyAll().anyMessage().permitAll();
+		// @formatter:off
+		this.messages
+				.simpDestMatchers("admin/**", "location/**").denyAll()
+				.anyMessage().permitAll();
+		// @formatter:on
 		assertThat(getAttribute()).isEqualTo("denyAll");
 	}
 
 	@Test
 	public void simpDestMessageMatchersNotMatch() {
-		this.messages.simpMessageDestMatchers("admin/**").denyAll().anyMessage().permitAll();
+		// @formatter:off
+		this.messages.
+				simpMessageDestMatchers("admin/**").denyAll()
+				.anyMessage().permitAll();
+		// @formatter:on
 		assertThat(getAttribute()).isEqualTo("permitAll");
 	}
 
 	@Test
 	public void simpDestMessageMatchersMatch() {
-		this.messages.simpMessageDestMatchers("location/**").denyAll().anyMessage().permitAll();
+		// @formatter:off
+		this.messages
+				.simpMessageDestMatchers("location/**").denyAll()
+				.anyMessage().permitAll();
+		// @formatter:on
 		assertThat(getAttribute()).isEqualTo("denyAll");
 	}
 
 	@Test
 	public void simpDestSubscribeMatchersNotMatch() {
-		this.messages.simpSubscribeDestMatchers("location/**").denyAll().anyMessage().permitAll();
+		// @formatter:off
+		this.messages
+				.simpSubscribeDestMatchers("location/**").denyAll()
+				.anyMessage().permitAll();
+		// @formatter:on
 		assertThat(getAttribute()).isEqualTo("permitAll");
 	}
 
 	@Test
 	public void simpDestSubscribeMatchersMatch() {
+		// @formatter:off
 		this.message = MessageBuilder.fromMessage(this.message)
-				.setHeader(SimpMessageHeaderAccessor.MESSAGE_TYPE_HEADER, SimpMessageType.SUBSCRIBE).build();
-		this.messages.simpSubscribeDestMatchers("location/**").denyAll().anyMessage().permitAll();
+				.setHeader(SimpMessageHeaderAccessor.MESSAGE_TYPE_HEADER, SimpMessageType.SUBSCRIBE)
+				.build();
+		this.messages
+				.simpSubscribeDestMatchers("location/**").denyAll()
+				.anyMessage().permitAll();
+		// @formatter:on
 		assertThat(getAttribute()).isEqualTo("denyAll");
 	}
 
 	@Test
 	public void nullDestMatcherNotMatches() {
-		this.messages.nullDestMatcher().denyAll().anyMessage().permitAll();
+		// @formatter:off
+		this.messages
+				.nullDestMatcher().denyAll()
+				.anyMessage().permitAll();
+		// @formatter:on
 		assertThat(getAttribute()).isEqualTo("permitAll");
 	}
 
 	@Test
 	public void nullDestMatcherMatch() {
+		// @formatter:off
 		this.message = MessageBuilder.withPayload("Hi")
-				.setHeader(SimpMessageHeaderAccessor.MESSAGE_TYPE_HEADER, SimpMessageType.CONNECT).build();
-		this.messages.nullDestMatcher().denyAll().anyMessage().permitAll();
+				.setHeader(SimpMessageHeaderAccessor.MESSAGE_TYPE_HEADER, SimpMessageType.CONNECT)
+				.build();
+		this.messages
+				.nullDestMatcher().denyAll()
+				.anyMessage().permitAll();
+		// @formatter:on
 		assertThat(getAttribute()).isEqualTo("denyAll");
 	}
 
 	@Test
 	public void simpTypeMatchersMatch() {
-		this.messages.simpTypeMatchers(SimpMessageType.MESSAGE).denyAll().anyMessage().permitAll();
+		// @formatter:off
+		this.messages
+				.simpTypeMatchers(SimpMessageType.MESSAGE).denyAll()
+				.anyMessage().permitAll();
+		// @formatter:on
 		assertThat(getAttribute()).isEqualTo("denyAll");
 	}
 
 	@Test
 	public void simpTypeMatchersMatchMulti() {
-		this.messages.simpTypeMatchers(SimpMessageType.CONNECT, SimpMessageType.MESSAGE).denyAll().anyMessage()
-				.permitAll();
+		// @formatter:off
+		this.messages
+				.simpTypeMatchers(SimpMessageType.CONNECT, SimpMessageType.MESSAGE).denyAll()
+				.anyMessage().permitAll();
+		// @formatter:on
 		assertThat(getAttribute()).isEqualTo("denyAll");
 	}
 
 	@Test
 	public void simpTypeMatchersNotMatch() {
-		this.messages.simpTypeMatchers(SimpMessageType.CONNECT).denyAll().anyMessage().permitAll();
+		// @formatter:off
+		this.messages
+				.simpTypeMatchers(SimpMessageType.CONNECT).denyAll()
+				.anyMessage().permitAll();
+		// @formatter:on
 		assertThat(getAttribute()).isEqualTo("permitAll");
 	}
 
 	@Test
 	public void simpTypeMatchersNotMatchMulti() {
-		this.messages.simpTypeMatchers(SimpMessageType.CONNECT, SimpMessageType.DISCONNECT).denyAll().anyMessage()
-				.permitAll();
+		// @formatter:off
+		this.messages
+				.simpTypeMatchers(SimpMessageType.CONNECT, SimpMessageType.DISCONNECT).denyAll()
+				.anyMessage().permitAll();
+		// @formatter:on
 		assertThat(getAttribute()).isEqualTo("permitAll");
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurityTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurityTests.java
index 683c35f2bd..41ddd977c1 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurityTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurityTests.java
@@ -22,6 +22,7 @@ import java.security.Principal;
 import org.junit.Rule;
 import org.junit.Test;
 import org.junit.runner.RunWith;
+import org.springframework.web.server.WebFilter;
 import reactor.core.publisher.Mono;
 
 import org.springframework.beans.factory.annotation.Autowired;
@@ -72,6 +73,7 @@ import org.springframework.web.reactive.function.BodyInserters;
 import org.springframework.web.reactive.result.view.AbstractView;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.csrf;
 
 /**
  * @author Rob Winch
@@ -90,24 +92,48 @@ public class EnableWebFluxSecurityTests {
 	@Test
 	public void defaultRequiresAuthentication() {
 		this.spring.register(Config.class).autowire();
-		WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.springSecurityFilterChain).build();
-		client.get().uri("/").exchange().expectStatus().isUnauthorized().expectBody().isEmpty();
+		// @formatter:off
+		WebTestClient client = WebTestClientBuilder
+				.bindToWebFilters(this.springSecurityFilterChain)
+				.build();
+		client.get()
+				.uri("/")
+				.exchange()
+				.expectStatus().isUnauthorized()
+				.expectBody().isEmpty();
+		// @formatter:on
 	}
 
 	// gh-4831
 	@Test
 	public void defaultMediaAllThenUnAuthorized() {
 		this.spring.register(Config.class).autowire();
-		WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.springSecurityFilterChain).build();
-		client.get().uri("/").accept(MediaType.ALL).exchange().expectStatus().isUnauthorized().expectBody().isEmpty();
+		// @formatter:off
+		WebTestClient client = WebTestClientBuilder
+				.bindToWebFilters(this.springSecurityFilterChain)
+				.build();
+		client.get()
+				.uri("/")
+				.accept(MediaType.ALL)
+				.exchange()
+				.expectStatus().isUnauthorized()
+				.expectBody().isEmpty();
+		// @formatter:on
 	}
 
 	@Test
 	public void authenticateWhenBasicThenNoSession() {
 		this.spring.register(Config.class).autowire();
-		WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.springSecurityFilterChain).build();
-		FluxExchangeResult<String> result = client.get().headers((headers) -> headers.setBasicAuth("user", "password"))
-				.exchange().expectStatus().isOk().returnResult(String.class);
+		// @formatter:off
+		WebTestClient client = WebTestClientBuilder
+				.bindToWebFilters(this.springSecurityFilterChain)
+				.build();
+		FluxExchangeResult<String> result = client.get()
+				.headers((headers) -> headers.setBasicAuth("user", "password"))
+				.exchange()
+				.expectStatus().isOk()
+				.returnResult(String.class);
+		// @formatter:on
 		result.assertWithDiagnostics(() -> assertThat(result.getResponseCookies().isEmpty()));
 	}
 
@@ -117,33 +143,45 @@ public class EnableWebFluxSecurityTests {
 		Authentication currentPrincipal = new TestingAuthenticationToken("user", "password", "ROLE_USER");
 		WebSessionServerSecurityContextRepository contextRepository = new WebSessionServerSecurityContextRepository();
 		SecurityContext context = new SecurityContextImpl(currentPrincipal);
+		// @formatter:off
+		WebFilter contextRepositoryWebFilter = (exchange, chain) -> contextRepository.save(exchange, context)
+				.switchIfEmpty(chain.filter(exchange))
+				.flatMap((e) -> chain.filter(exchange));
 		WebTestClient client = WebTestClientBuilder
-				.bindToWebFilters(
-						(exchange, chain) -> contextRepository.save(exchange, context)
-								.switchIfEmpty(chain.filter(exchange)).flatMap((e) -> chain.filter(exchange)),
-						this.springSecurityFilterChain,
-						(exchange,
-								chain) -> ReactiveSecurityContextHolder.getContext()
-										.map(SecurityContext::getAuthentication).flatMap((principal) -> exchange
-												.getResponse().writeWith(Mono.just(toDataBuffer(principal.getName())))))
+				.bindToWebFilters(contextRepositoryWebFilter, this.springSecurityFilterChain, writePrincipalWebFilter())
 				.build();
-		client.get().uri("/").exchange().expectStatus().isOk().expectBody(String.class)
-				.consumeWith((result) -> assertThat(result.getResponseBody()).isEqualTo(currentPrincipal.getName()));
+		client.get()
+				.uri("/")
+				.exchange()
+				.expectStatus().isOk()
+				.expectBody(String.class).consumeWith((result) -> assertThat(result.getResponseBody()).isEqualTo(currentPrincipal.getName()));
+		// @formatter:on
+	}
+
+	private WebFilter writePrincipalWebFilter() {
+		// @formatter:off
+		return (exchange, chain) -> ReactiveSecurityContextHolder.getContext()
+				.map(SecurityContext::getAuthentication)
+				.flatMap((principal) -> exchange.getResponse()
+						.writeWith(Mono.just(toDataBuffer(principal.getName())))
+				);
+		// @formatter:on
 	}
 
 	@Test
 	public void defaultPopulatesReactorContextWhenAuthenticating() {
 		this.spring.register(Config.class).autowire();
+		// @formatter:off
 		WebTestClient client = WebTestClientBuilder
-				.bindToWebFilters(this.springSecurityFilterChain,
-						(exchange,
-								chain) -> ReactiveSecurityContextHolder.getContext()
-										.map(SecurityContext::getAuthentication).flatMap((principal) -> exchange
-												.getResponse().writeWith(Mono.just(toDataBuffer(principal.getName())))))
+				.bindToWebFilters(this.springSecurityFilterChain, writePrincipalWebFilter())
 				.build();
-		client.get().uri("/").headers((headers) -> headers.setBasicAuth("user", "password")).exchange().expectStatus()
-				.isOk().expectBody(String.class)
-				.consumeWith((result) -> assertThat(result.getResponseBody()).isEqualTo("user"));
+		client.get()
+				.uri("/")
+				.headers((headers) -> headers.setBasicAuth("user", "password"))
+				.exchange()
+				.expectStatus().isOk()
+				.expectBody(String.class).consumeWith((result) -> assertThat(result.getResponseBody()).isEqualTo("user"));
+		// @formatter:on
 	}
 
 	@Test
@@ -158,23 +196,30 @@ public class EnableWebFluxSecurityTests {
 	@Test
 	public void passwordEncoderBeanIsUsed() {
 		this.spring.register(CustomPasswordEncoderConfig.class).autowire();
+		// @formatter:off
 		WebTestClient client = WebTestClientBuilder
-				.bindToWebFilters(this.springSecurityFilterChain,
-						(exchange,
-								chain) -> ReactiveSecurityContextHolder.getContext()
-										.map(SecurityContext::getAuthentication).flatMap((principal) -> exchange
-												.getResponse().writeWith(Mono.just(toDataBuffer(principal.getName())))))
+				.bindToWebFilters(this.springSecurityFilterChain, writePrincipalWebFilter())
 				.build();
-		client.get().uri("/").headers((headers) -> headers.setBasicAuth("user", "password")).exchange().expectStatus()
-				.isOk().expectBody(String.class)
+		client.get().uri("/").headers((headers) -> headers.setBasicAuth("user", "password"))
+				.exchange().expectStatus().isOk()
+				.expectBody(String.class)
 				.consumeWith((result) -> assertThat(result.getResponseBody()).isEqualTo("user"));
+		// @formatter:on
 	}
 
 	@Test
 	public void passwordUpdateManagerUsed() {
 		this.spring.register(MapReactiveUserDetailsServiceConfig.class).autowire();
-		WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.springSecurityFilterChain).build();
-		client.get().uri("/").headers((h) -> h.setBasicAuth("user", "password")).exchange().expectStatus().isOk();
+		// @formatter:off
+		WebTestClient client = WebTestClientBuilder
+				.bindToWebFilters(this.springSecurityFilterChain)
+				.build();
+		client.get()
+				.uri("/")
+				.headers((h) -> h.setBasicAuth("user", "password"))
+				.exchange()
+				.expectStatus().isOk();
+		// @formatter:on
 		ReactiveUserDetailsService users = this.spring.getContext().getBean(ReactiveUserDetailsService.class);
 		assertThat(users.findByUsername("user").block().getPassword()).startsWith("{bcrypt}");
 	}
@@ -182,32 +227,58 @@ public class EnableWebFluxSecurityTests {
 	@Test
 	public void formLoginWorks() {
 		this.spring.register(Config.class).autowire();
-		WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.springSecurityFilterChain, (exchange,
-				chain) -> Mono.subscriberContext().flatMap((c) -> c.<Mono<Principal>>get(Authentication.class)).flatMap(
-						(principal) -> exchange.getResponse().writeWith(Mono.just(toDataBuffer(principal.getName())))))
+		// @formatter:off
+		WebTestClient client = WebTestClientBuilder
+				.bindToWebFilters(this.springSecurityFilterChain, writePrincipalWebFilter())
 				.build();
+		// @formatter:on
 		MultiValueMap<String, String> data = new LinkedMultiValueMap<>();
 		data.add("username", "user");
 		data.add("password", "password");
-		client.mutateWith(SecurityMockServerConfigurers.csrf()).post().uri("/login")
-				.body(BodyInserters.fromFormData(data)).exchange().expectStatus().is3xxRedirection().expectHeader()
-				.valueMatches("Location", "/");
+		// @formatter:off
+		client.mutateWith(csrf())
+				.post()
+				.uri("/login")
+				.body(BodyInserters.fromFormData(data))
+				.exchange()
+				.expectStatus().is3xxRedirection()
+				.expectHeader().valueMatches("Location", "/");
+		// @formatter:on
 	}
 
 	@Test
 	public void multiWorks() {
 		this.spring.register(MultiSecurityHttpConfig.class).autowire();
-		WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.springSecurityFilterChain).build();
-		client.get().uri("/api/test").exchange().expectStatus().isUnauthorized().expectBody().isEmpty();
-		client.get().uri("/test").exchange().expectStatus().isOk();
+		// @formatter:off
+		WebTestClient client = WebTestClientBuilder
+				.bindToWebFilters(this.springSecurityFilterChain)
+				.build();
+		client.get()
+				.uri("/api/test")
+				.exchange()
+				.expectStatus().isUnauthorized()
+				.expectBody().isEmpty();
+		client.get()
+				.uri("/test")
+				.exchange()
+				.expectStatus().isOk();
+		// @formatter:on
 	}
 
 	@Test
 	@WithMockUser
 	public void authenticationPrincipalArgumentResolverWhenSpelThenWorks() {
 		this.spring.register(AuthenticationPrincipalConfig.class).autowire();
-		WebTestClient client = WebTestClient.bindToApplicationContext(this.spring.getContext()).build();
-		client.get().uri("/spel").exchange().expectStatus().isOk().expectBody(String.class).isEqualTo("user");
+		// @formatter:off
+		WebTestClient client = WebTestClient
+				.bindToApplicationContext(this.spring.getContext())
+				.build();
+		client.get()
+				.uri("/spel")
+				.exchange()
+				.expectStatus().isOk()
+				.expectBody(String.class).isEqualTo("user");
+		// @formatter:on
 	}
 
 	private static DataBuffer toDataBuffer(String body) {
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerTests.java
index 37a4687617..c44063c236 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerTests.java
@@ -590,10 +590,12 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
 
 		@Override
 		public void registerStompEndpoints(StompEndpointRegistry registry) {
-			registry.addEndpoint("/other").setHandshakeHandler(testHandshakeHandler()).withSockJS()
-					.setInterceptors(new HttpSessionHandshakeInterceptor());
-			registry.addEndpoint("/chat").setHandshakeHandler(testHandshakeHandler()).withSockJS()
-					.setInterceptors(new HttpSessionHandshakeInterceptor());
+			// @formatter:off
+			registry.addEndpoint("/other").setHandshakeHandler(testHandshakeHandler())
+					.withSockJS().setInterceptors(new HttpSessionHandshakeInterceptor());
+			registry.addEndpoint("/chat").setHandshakeHandler(testHandshakeHandler())
+					.withSockJS().setInterceptors(new HttpSessionHandshakeInterceptor());
+			// @formatter:on
 		}
 
 		// @formatter:off
@@ -646,8 +648,12 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
 
 		@Override
 		public void registerStompEndpoints(StompEndpointRegistry registry) {
-			registry.addEndpoint("/other").withSockJS().setInterceptors(new HttpSessionHandshakeInterceptor());
-			registry.addEndpoint("/chat").withSockJS().setInterceptors(new HttpSessionHandshakeInterceptor());
+			// @formatter:off
+			registry.addEndpoint("/other")
+					.withSockJS().setInterceptors(new HttpSessionHandshakeInterceptor());
+			registry.addEndpoint("/chat")
+					.withSockJS().setInterceptors(new HttpSessionHandshakeInterceptor());
+			// @formatter:on
 		}
 
 		@Override
@@ -684,19 +690,23 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
 
 		@Override
 		public void registerStompEndpoints(StompEndpointRegistry registry) {
-			registry.addEndpoint("/websocket").setHandshakeHandler(testHandshakeHandler())
+			// @formatter:off
+			registry.addEndpoint("/websocket")
+					.setHandshakeHandler(testHandshakeHandler())
 					.addInterceptors(new HttpSessionHandshakeInterceptor());
+			// @formatter:on
 		}
 
-		// @formatter:off
 		@Override
 		protected void configureInbound(MessageSecurityMetadataSourceRegistry messages) {
+			// @formatter:off
 			messages
 				.simpDestMatchers("/permitAll/**").permitAll()
 				.simpDestMatchers("/customExpression/**").access("denyRob")
 				.anyMessage().denyAll();
+			// @formatter:on
 		}
-		// @formatter:on
+
 		@Bean
 		public TestHandshakeHandler testHandshakeHandler() {
 			return new TestHandshakeHandler();
@@ -713,8 +723,11 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
 
 		@Override
 		public void registerStompEndpoints(StompEndpointRegistry registry) {
-			registry.addEndpoint("/chat").setHandshakeHandler(this.context.getBean(TestHandshakeHandler.class))
+			// @formatter:off
+			registry.addEndpoint("/chat")
+					.setHandshakeHandler(this.context.getBean(TestHandshakeHandler.class))
 					.withSockJS().setInterceptors(new HttpSessionHandshakeInterceptor());
+			// @formatter:on
 		}
 
 		@Autowired
diff --git a/config/src/test/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParserTests.java
index e47536021a..a7654277b1 100644
--- a/config/src/test/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParserTests.java
@@ -44,10 +44,15 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
  */
 public class AuthenticationManagerBeanDefinitionParserTests {
 
-	private static final String CONTEXT = "<authentication-manager id='am'>" + "    <authentication-provider>"
+	// @formatter:off
+	private static final String CONTEXT = "<authentication-manager id='am'>"
+			+ "    <authentication-provider>"
 			+ "        <user-service>"
 			+ "            <user name='bob' password='{noop}bobspassword' authorities='ROLE_A,ROLE_B' />"
-			+ "        </user-service>" + "    </authentication-provider>" + "</authentication-manager>";
+			+ "        </user-service>"
+			+ "    </authentication-provider>"
+			+ "</authentication-manager>";
+	// @formatter:on
 
 	@Rule
 	public final SpringTestRule spring = new SpringTestRule();
@@ -92,12 +97,17 @@ public class AuthenticationManagerBeanDefinitionParserTests {
 
 	@Test
 	public void passwordEncoderBeanUsed() throws Exception {
-		this.spring.context(
-				"<b:bean id='passwordEncoder' class='org.springframework.security.crypto.password.NoOpPasswordEncoder' factory-method='getInstance'/>"
-						+ "<user-service>" + "  <user name='user' password='password' authorities='ROLE_A,ROLE_B' />"
-						+ "</user-service>" + "<http/>")
-				.mockMvcAfterSpringSecurityOk().autowire();
-		this.mockMvc.perform(get("/").with(httpBasic("user", "password"))).andExpect(status().isOk());
+		// @formatter:off
+		this.spring.context("<b:bean id='passwordEncoder' class='org.springframework.security.crypto.password.NoOpPasswordEncoder' factory-method='getInstance'/>"
+				+ "<user-service>"
+				+ "  <user name='user' password='password' authorities='ROLE_A,ROLE_B' />"
+				+ "</user-service>"
+				+ "<http/>")
+				.mockMvcAfterSpringSecurityOk()
+				.autowire();
+		this.mockMvc.perform(get("/").with(httpBasic("user", "password")))
+				.andExpect(status().isOk());
+		// @formatter:on
 	}
 
 	private static class AuthListener implements ApplicationListener<AbstractAuthenticationEvent> {
diff --git a/config/src/test/java/org/springframework/security/config/authentication/AuthenticationProviderBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/authentication/AuthenticationProviderBeanDefinitionParserTests.java
index bfdf477d64..b1e453d708 100644
--- a/config/src/test/java/org/springframework/security/config/authentication/AuthenticationProviderBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/authentication/AuthenticationProviderBeanDefinitionParserTests.java
@@ -51,73 +51,107 @@ public class AuthenticationProviderBeanDefinitionParserTests {
 
 	@Test
 	public void worksWithEmbeddedUserService() {
-		setContext(" <authentication-provider>" + "        <user-service>"
+		// @formatter:off
+		setContext(" <authentication-provider>"
+				+ "        <user-service>"
 				+ "            <user name='bob' password='{noop}bobspassword' authorities='ROLE_A' />"
-				+ "        </user-service>" + "    </authentication-provider>");
+				+ "        </user-service>"
+				+ "    </authentication-provider>");
+		// @formatter:on
 		getProvider().authenticate(this.bob);
 	}
 
 	@Test
 	public void externalUserServiceRefWorks() {
+		// @formatter:off
 		this.appContext = new InMemoryXmlApplicationContext(
-				"    <authentication-manager>" + "        <authentication-provider user-service-ref='myUserService' />"
-						+ "    </authentication-manager>" + "    <user-service id='myUserService'>"
-						+ "       <user name='bob' password='{noop}bobspassword' authorities='ROLE_A' />"
-						+ "    </user-service>");
+				"    <authentication-manager>"
+				+ "        <authentication-provider user-service-ref='myUserService' />"
+				+ "    </authentication-manager>" + "    <user-service id='myUserService'>"
+				+ "       <user name='bob' password='{noop}bobspassword' authorities='ROLE_A' />"
+				+ "    </user-service>");
+		// @formatter:on
 		getProvider().authenticate(this.bob);
 	}
 
 	@Test
 	public void providerWithBCryptPasswordEncoderWorks() {
-		setContext(" <authentication-provider>" + "        <password-encoder hash='bcrypt'/>" + "        <user-service>"
+		// @formatter:off
+		setContext(" <authentication-provider>"
+				+ "        <password-encoder hash='bcrypt'/>"
+				+ "        <user-service>"
 				+ "            <user name='bob' password='$2a$05$dRmjl1T05J7rvCPD2NgsHesCEJHww3pdmesUhjM3PD4m/gaEYyx/G' authorities='ROLE_A' />"
-				+ "        </user-service>" + "    </authentication-provider>");
+				+ "        </user-service>"
+		// @formatter:on
+				+ "    </authentication-provider>");
 		getProvider().authenticate(this.bob);
 	}
 
 	@Test
 	public void providerWithMd5PasswordEncoderWorks() {
-		this.appContext = new InMemoryXmlApplicationContext(" <authentication-manager>" + " <authentication-provider>"
-				+ "        <password-encoder ref='passwordEncoder'/>" + "        <user-service>"
+		// @formatter:off
+		this.appContext = new InMemoryXmlApplicationContext(" <authentication-manager>"
+				+ " <authentication-provider>"
+				+ "        <password-encoder ref='passwordEncoder'/>"
+				+ "        <user-service>"
 				+ "            <user name='bob' password='12b141f35d58b8b3a46eea65e6ac179e' authorities='ROLE_A' />"
-				+ "        </user-service>" + "    </authentication-provider>" + " </authentication-manager>"
+				+ "        </user-service>"
+				+ "    </authentication-provider>"
+				+ " </authentication-manager>"
 				+ " <b:bean id='passwordEncoder'  class='" + MessageDigestPasswordEncoder.class.getName() + "'>"
-				+ "     <b:constructor-arg value='MD5'/>" + " </b:bean>");
+				+ "     <b:constructor-arg value='MD5'/>"
+				+ " </b:bean>");
+		// @formatter:on
 		getProvider().authenticate(this.bob);
 	}
 
 	@Test
 	public void providerWithShaPasswordEncoderWorks() {
-		this.appContext = new InMemoryXmlApplicationContext(" <authentication-manager>" + " <authentication-provider>"
-				+ "        <password-encoder ref='passwordEncoder'/>" + "        <user-service>"
+		// @formatter:off
+		this.appContext = new InMemoryXmlApplicationContext(" <authentication-manager>"
+				+ " <authentication-provider>"
+				+ "        <password-encoder ref='passwordEncoder'/>"
+				+ "        <user-service>"
 				+ "            <user name='bob' password='{SSHA}PpuEwfdj7M1rs0C2W4ssSM2XEN/Y6S5U' authorities='ROLE_A' />"
-				+ "        </user-service>" + "    </authentication-provider>" + " </authentication-manager>"
+				+ "        </user-service>"
+				+ "    </authentication-provider>"
+				+ " </authentication-manager>"
 				+ " <b:bean id='passwordEncoder'  class='" + LdapShaPasswordEncoder.class.getName() + "'/>");
+		// @formatter:on
 		getProvider().authenticate(this.bob);
 	}
 
 	@Test
 	public void passwordIsBase64EncodedWhenBase64IsEnabled() {
-		this.appContext = new InMemoryXmlApplicationContext(" <authentication-manager>" + " <authentication-provider>"
-				+ "        <password-encoder ref='passwordEncoder'/>" + "        <user-service>"
+		// @formatter:off
+		this.appContext = new InMemoryXmlApplicationContext(" <authentication-manager>"
+				+ " <authentication-provider>"
+				+ "        <password-encoder ref='passwordEncoder'/>"
+				+ "        <user-service>"
 				+ "            <user name='bob' password='ErFB811YuLOkbupl5qwXng==' authorities='ROLE_A' />"
-				+ "        </user-service>" + "    </authentication-provider>" + " </authentication-manager>"
+				+ "        </user-service>"
+				+ "    </authentication-provider>"
+				+ " </authentication-manager>"
 				+ " <b:bean id='passwordEncoder'  class='" + MessageDigestPasswordEncoder.class.getName() + "'>"
 				+ "     <b:constructor-arg value='MD5'/>" + "     <b:property name='encodeHashAsBase64' value='true'/>"
 				+ " </b:bean>");
+		// @formatter:on
 		getProvider().authenticate(this.bob);
 	}
 
 	// SEC-1466
 	@Test(expected = BeanDefinitionParsingException.class)
 	public void exernalProviderDoesNotSupportChildElements() {
+		// @formatter:off
 		this.appContext = new InMemoryXmlApplicationContext("    <authentication-manager>"
 				+ "      <authentication-provider ref='aProvider'> "
-				+ "        <password-encoder ref='customPasswordEncoder'/>" + "      </authentication-provider>"
+				+ "        <password-encoder ref='customPasswordEncoder'/>"
+				+ "      </authentication-provider>"
 				+ "    </authentication-manager>"
 				+ "    <b:bean id='aProvider' class='org.springframework.security.authentication.TestingAuthenticationProvider'/>"
 				+ "    <b:bean id='customPasswordEncoder' "
 				+ "        class='org.springframework.security.authentication.encoding.Md5PasswordEncoder'/>");
+		// @formatter:on
 	}
 
 	private AuthenticationProvider getProvider() {
diff --git a/config/src/test/java/org/springframework/security/config/authentication/JdbcUserServiceBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/authentication/JdbcUserServiceBeanDefinitionParserTests.java
index 38a41e0730..a8cd7ceb0b 100644
--- a/config/src/test/java/org/springframework/security/config/authentication/JdbcUserServiceBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/authentication/JdbcUserServiceBeanDefinitionParserTests.java
@@ -44,10 +44,14 @@ public class JdbcUserServiceBeanDefinitionParserTests {
 
 	private static String USER_CACHE_XML = "<b:bean id='userCache' class='org.springframework.security.authentication.dao.MockUserCache'/>";
 
+	// @formatter:off
 	private static String DATA_SOURCE = "    <b:bean id='populator' class='org.springframework.security.config.DataSourcePopulator'>"
-			+ "        <b:property name='dataSource' ref='dataSource'/>" + "    </b:bean>"
+			+ "        <b:property name='dataSource' ref='dataSource'/>"
+			+ "    </b:bean>"
 			+ "    <b:bean id='dataSource' class='org.springframework.security.TestDataSource'>"
-			+ "        <b:constructor-arg value='jdbcnamespaces'/>" + "    </b:bean>";
+			+ "        <b:constructor-arg value='jdbcnamespaces'/>"
+			+ "    </b:bean>";
+	// @formatter:on
 
 	private InMemoryXmlApplicationContext appContext;
 
@@ -81,9 +85,13 @@ public class JdbcUserServiceBeanDefinitionParserTests {
 	public void usernameAndAuthorityQueriesAreParsedCorrectly() throws Exception {
 		String userQuery = "select username, password, true from users where username = ?";
 		String authoritiesQuery = "select username, authority from authorities where username = ? and 1 = 1";
-		setContext("<jdbc-user-service id='myUserService' " + "data-source-ref='dataSource' "
-				+ "users-by-username-query='" + userQuery + "' " + "authorities-by-username-query='" + authoritiesQuery
+		// @formatter:off
+		setContext("<jdbc-user-service id='myUserService' "
+				+ "data-source-ref='dataSource' "
+				+ "users-by-username-query='" + userQuery + "' "
+				+ "authorities-by-username-query='" + authoritiesQuery
 				+ "'/>" + DATA_SOURCE);
+		// @formatter:on
 		JdbcUserDetailsManager mgr = (JdbcUserDetailsManager) this.appContext.getBean("myUserService");
 		assertThat(FieldUtils.getFieldValue(mgr, "usersByUsernameQuery")).isEqualTo(userQuery);
 		assertThat(FieldUtils.getFieldValue(mgr, "authoritiesByUsernameQuery")).isEqualTo(authoritiesQuery);
@@ -112,18 +120,29 @@ public class JdbcUserServiceBeanDefinitionParserTests {
 
 	@Test
 	public void isSupportedByAuthenticationProviderElement() {
-		setContext("<authentication-manager>" + "  <authentication-provider>"
-				+ "    <jdbc-user-service data-source-ref='dataSource'/>" + "  </authentication-provider>"
-				+ "</authentication-manager>" + DATA_SOURCE);
+		// @formatter:off
+		setContext("<authentication-manager>"
+				+ "  <authentication-provider>"
+				+ "    <jdbc-user-service data-source-ref='dataSource'/>"
+				+ "  </authentication-provider>"
+				+ "</authentication-manager>"
+				+ DATA_SOURCE);
+		// @formatter:on
 		AuthenticationManager mgr = (AuthenticationManager) this.appContext.getBean(BeanIds.AUTHENTICATION_MANAGER);
 		mgr.authenticate(new UsernamePasswordAuthenticationToken("rod", "koala"));
 	}
 
 	@Test
 	public void cacheIsInjectedIntoAuthenticationProvider() {
-		setContext("<authentication-manager>" + "  <authentication-provider>"
+		// @formatter:off
+		setContext("<authentication-manager>"
+				+ "  <authentication-provider>"
 				+ "    <jdbc-user-service cache-ref='userCache' data-source-ref='dataSource'/>"
-				+ "  </authentication-provider>" + "</authentication-manager>" + DATA_SOURCE + USER_CACHE_XML);
+				+ "  </authentication-provider>"
+				+ "</authentication-manager>"
+				+ DATA_SOURCE
+				+ USER_CACHE_XML);
+		// @formatter:on
 		ProviderManager mgr = (ProviderManager) this.appContext.getBean(BeanIds.AUTHENTICATION_MANAGER);
 		DaoAuthenticationProvider provider = (DaoAuthenticationProvider) mgr.getProviders().get(0);
 		assertThat(this.appContext.getBean("userCache")).isSameAs(provider.getUserCache());
diff --git a/config/src/test/java/org/springframework/security/config/authentication/PasswordEncoderParserTests.java b/config/src/test/java/org/springframework/security/config/authentication/PasswordEncoderParserTests.java
index 8820c19a7f..3a5be4981d 100644
--- a/config/src/test/java/org/springframework/security/config/authentication/PasswordEncoderParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/authentication/PasswordEncoderParserTests.java
@@ -44,7 +44,10 @@ public class PasswordEncoderParserTests {
 		this.spring.configLocations(
 				"classpath:org/springframework/security/config/authentication/PasswordEncoderParserTests-default.xml")
 				.mockMvcAfterSpringSecurityOk().autowire();
-		this.mockMvc.perform(get("/").with(httpBasic("user", "password"))).andExpect(status().isOk());
+		// @formatter:off
+		this.mockMvc.perform(get("/").with(httpBasic("user", "password")))
+				.andExpect(status().isOk());
+		// @formatter:on
 	}
 
 	@Test
@@ -52,7 +55,10 @@ public class PasswordEncoderParserTests {
 		this.spring.configLocations(
 				"classpath:org/springframework/security/config/authentication/PasswordEncoderParserTests-bean.xml")
 				.mockMvcAfterSpringSecurityOk().autowire();
-		this.mockMvc.perform(get("/").with(httpBasic("user", "password"))).andExpect(status().isOk());
+		// @formatter:off
+		this.mockMvc.perform(get("/").with(httpBasic("user", "password")))
+				.andExpect(status().isOk());
+		// @formatter:on
 	}
 
 }
diff --git a/config/src/test/java/org/springframework/security/config/authentication/UserServiceBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/authentication/UserServiceBeanDefinitionParserTests.java
index b86b6f9ed8..239f1145ce 100644
--- a/config/src/test/java/org/springframework/security/config/authentication/UserServiceBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/authentication/UserServiceBeanDefinitionParserTests.java
@@ -52,8 +52,11 @@ public class UserServiceBeanDefinitionParserTests {
 
 	@Test
 	public void userServiceWithEmbeddedUsersWorksSuccessfully() {
-		setContext("<user-service id='service'>" + "    <user name='joe' password='joespassword' authorities='ROLE_A'/>"
+		// @formatter:off
+		setContext("<user-service id='service'>"
+				+ "    <user name='joe' password='joespassword' authorities='ROLE_A'/>"
 				+ "</user-service>");
+		// @formatter:on
 		UserDetailsService userService = (UserDetailsService) this.appContext.getBean("service");
 		userService.loadUserByUsername("joe");
 	}
@@ -63,10 +66,12 @@ public class UserServiceBeanDefinitionParserTests {
 		System.setProperty("principal.name", "joe");
 		System.setProperty("principal.pass", "joespassword");
 		System.setProperty("principal.authorities", "ROLE_A,ROLE_B");
+		// @formatter:off
 		setContext("<b:bean class='org.springframework.beans.factory.config.PropertyPlaceholderConfigurer'/>"
 				+ "<user-service id='service'>"
 				+ "    <user name='${principal.name}' password='${principal.pass}' authorities='${principal.authorities}'/>"
 				+ "</user-service>");
+		// @formatter:on
 		UserDetailsService userService = (UserDetailsService) this.appContext.getBean("service");
 		UserDetails joe = userService.loadUserByUsername("joe");
 		assertThat(joe.getPassword()).isEqualTo("joespassword");
@@ -75,7 +80,11 @@ public class UserServiceBeanDefinitionParserTests {
 
 	@Test
 	public void embeddedUsersWithNoPasswordIsGivenGeneratedValue() {
-		setContext("<user-service id='service'>" + "    <user name='joe' authorities='ROLE_A'/>" + "</user-service>");
+		// @formatter:off
+		setContext("<user-service id='service'>"
+				+ "    <user name='joe' authorities='ROLE_A'/>"
+				+ "</user-service>");
+		// @formatter:on
 		UserDetailsService userService = (UserDetailsService) this.appContext.getBean("service");
 		UserDetails joe = userService.loadUserByUsername("joe");
 		assertThat(joe.getPassword().length() > 0).isTrue();
@@ -84,9 +93,12 @@ public class UserServiceBeanDefinitionParserTests {
 
 	@Test
 	public void worksWithOpenIDUrlsAsNames() {
-		setContext("<user-service id='service'>" + "    <user name='https://joe.myopenid.com/' authorities='ROLE_A'/>"
+		// @formatter:off
+		setContext("<user-service id='service'>"
+				+ "    <user name='https://joe.myopenid.com/' authorities='ROLE_A'/>"
 				+ "    <user name='https://www.google.com/accounts/o8/id?id=MPtOaenBIk5yzW9n7n9' authorities='ROLE_A'/>"
 				+ "</user-service>");
+		// @formatter:on
 		UserDetailsService userService = (UserDetailsService) this.appContext.getBean("service");
 		assertThat(userService.loadUserByUsername("https://joe.myopenid.com/").getUsername())
 				.isEqualTo("https://joe.myopenid.com/");
@@ -96,10 +108,12 @@ public class UserServiceBeanDefinitionParserTests {
 
 	@Test
 	public void disabledAndEmbeddedFlagsAreSupported() {
+		// @formatter:off
 		setContext("<user-service id='service'>"
 				+ "    <user name='joe' password='joespassword' authorities='ROLE_A' locked='true'/>"
 				+ "    <user name='Bob' password='bobspassword' authorities='ROLE_A' disabled='true'/>"
 				+ "</user-service>");
+		// @formatter:on
 		UserDetailsService userService = (UserDetailsService) this.appContext.getBean("service");
 		UserDetails joe = userService.loadUserByUsername("joe");
 		assertThat(joe.isAccountNonLocked()).isFalse();
@@ -110,8 +124,11 @@ public class UserServiceBeanDefinitionParserTests {
 
 	@Test(expected = FatalBeanException.class)
 	public void userWithBothPropertiesAndEmbeddedUsersThrowsException() {
+		// @formatter:off
 		setContext("<user-service id='service' properties='doesntmatter.props'>"
-				+ "    <user name='joe' password='joespassword' authorities='ROLE_A'/>" + "</user-service>");
+				+ "    <user name='joe' password='joespassword' authorities='ROLE_A'/>"
+				+ "</user-service>");
+		// @formatter:on
 		UserDetailsService userService = (UserDetailsService) this.appContext.getBean("service");
 		userService.loadUserByUsername("Joe");
 	}
diff --git a/config/src/test/java/org/springframework/security/config/core/userdetails/UserDetailsResourceFactoryBeanTests.java b/config/src/test/java/org/springframework/security/config/core/userdetails/UserDetailsResourceFactoryBeanTests.java
index f3e77d4464..03ceae7ded 100644
--- a/config/src/test/java/org/springframework/security/config/core/userdetails/UserDetailsResourceFactoryBeanTests.java
+++ b/config/src/test/java/org/springframework/security/config/core/userdetails/UserDetailsResourceFactoryBeanTests.java
@@ -46,15 +46,21 @@ public class UserDetailsResourceFactoryBeanTests {
 
 	@Test
 	public void setResourceLoaderWhenNullThenThrowsException() {
-		assertThatIllegalArgumentException().isThrownBy(() -> this.factory.setResourceLoader(null))
+		// @formatter:off
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.factory.setResourceLoader(null))
 				.withStackTraceContaining("resourceLoader cannot be null");
+		// @formatter:on
 	}
 
 	@Test
 	public void getObjectWhenPropertiesResourceLocationNullThenThrowsIllegalStateException() {
 		this.factory.setResourceLoader(this.resourceLoader);
-		assertThatIllegalArgumentException().isThrownBy(() -> this.factory.getObject())
+		// @formatter:off
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.factory.getObject())
 				.withStackTraceContaining("resource cannot be null if resourceLocation is null");
+		// @formatter:on
 	}
 
 	@Test
@@ -73,8 +79,12 @@ public class UserDetailsResourceFactoryBeanTests {
 	@Test
 	public void getObjectWhenInvalidUserThenThrowsMeaningfulException() {
 		this.factory.setResource(new InMemoryResource("user=invalidFormatHere"));
-		assertThatIllegalStateException().isThrownBy(() -> this.factory.getObject()).withStackTraceContaining("user")
+		// @formatter:off
+		assertThatIllegalStateException()
+				.isThrownBy(() -> this.factory.getObject())
+				.withStackTraceContaining("user")
 				.withStackTraceContaining("invalidFormatHere");
+		// @formatter:on
 	}
 
 	@Test
diff --git a/config/src/test/java/org/springframework/security/config/crypto/RsaKeyConversionServicePostProcessorTests.java b/config/src/test/java/org/springframework/security/config/crypto/RsaKeyConversionServicePostProcessorTests.java
index 07f30bde9b..84709eea8b 100644
--- a/config/src/test/java/org/springframework/security/config/crypto/RsaKeyConversionServicePostProcessorTests.java
+++ b/config/src/test/java/org/springframework/security/config/crypto/RsaKeyConversionServicePostProcessorTests.java
@@ -45,6 +45,7 @@ import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
  */
 public class RsaKeyConversionServicePostProcessorTests {
 
+	// @formatter:off
 	private static final String PKCS8_PRIVATE_KEY = "-----BEGIN PRIVATE KEY-----\n"
 			+ "MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCMk7CKSTfu3QoV\n"
 			+ "HoPVXxwZO+qweztd36cVWYqGOZinrOR2crWFu50AgR2CsdIH0+cqo7F4Vx7/3O8i\n"
@@ -70,8 +71,10 @@ public class RsaKeyConversionServicePostProcessorTests {
 			+ "OHjxffBM0hH+fySx8m53gFfr2BpaqDX5f6ZGBlly1SlsWZ4CchCVsc71nshipi7I\n"
 			+ "k8HL9F5/OpQdDNprJ5RMBNfkWE65Nrcsb1e6oPkCgYAxwgdiSOtNg8PjDVDmAhwT\n"
 			+ "Mxj0Dtwi2fAqQ76RVrrXpNp3uCOIAu4CfruIb5llcJ3uak0ZbnWri32AxSgk80y3\n"
-			+ "EWiRX/WEDu5znejF+5O3pI02atWWcnxifEKGGlxwkcMbQdA67MlrJLFaSnnGpNXo\n" + "yPfcul058SOqhafIZQMEKQ==\n"
+			+ "EWiRX/WEDu5znejF+5O3pI02atWWcnxifEKGGlxwkcMbQdA67MlrJLFaSnnGpNXo\n"
+			+ "yPfcul058SOqhafIZQMEKQ==\n"
 			+ "-----END PRIVATE KEY-----";
+	// @formatter:on
 
 	private static final String X509_PUBLIC_KEY_LOCATION = "classpath:org/springframework/security/config/annotation/web/configuration/simple.pub";
 
diff --git a/config/src/test/java/org/springframework/security/config/doc/SpringSecurityXsdParser.java b/config/src/test/java/org/springframework/security/config/doc/SpringSecurityXsdParser.java
index d30bcd0025..c58904745d 100644
--- a/config/src/test/java/org/springframework/security/config/doc/SpringSecurityXsdParser.java
+++ b/config/src/test/java/org/springframework/security/config/doc/SpringSecurityXsdParser.java
@@ -124,12 +124,19 @@ public class SpringSecurityXsdParser {
 		while (!"schema".equals(root.simpleName())) {
 			root = root.parent().get();
 		}
-		return expand(root).filter((node) -> name.equals(node.attribute("name"))).findFirst()
+		// @formatter:off
+		return expand(root)
+				.filter((node) -> name.equals(node.attribute("name")))
+				.findFirst()
 				.orElseThrow(IllegalArgumentException::new);
+		// @formatter:on
 	}
 
 	private Stream<XmlNode> expand(XmlNode root) {
-		return Stream.concat(Stream.of(root), root.children().flatMap(this::expand));
+		// @formatter:off
+		return Stream.concat(Stream.of(root), root.children()
+				.flatMap(this::expand));
+		// @formatter:on
 	}
 
 	/**
diff --git a/config/src/test/java/org/springframework/security/config/doc/XmlNode.java b/config/src/test/java/org/springframework/security/config/doc/XmlNode.java
index 2897c63b1d..fb1112ea9a 100644
--- a/config/src/test/java/org/springframework/security/config/doc/XmlNode.java
+++ b/config/src/test/java/org/springframework/security/config/doc/XmlNode.java
@@ -45,20 +45,33 @@ public class XmlNode {
 
 	public Stream<XmlNode> children() {
 		NodeList children = this.node.getChildNodes();
-		return IntStream.range(0, children.getLength()).mapToObj(children::item).map(XmlNode::new);
+		// @formatter:off
+		return IntStream.range(0, children.getLength())
+				.mapToObj(children::item)
+				.map(XmlNode::new);
+		// @formatter:on
 	}
 
 	public Optional<XmlNode> child(String name) {
-		return this.children().filter((child) -> name.equals(child.simpleName())).findFirst();
+		return this.children()
+				.filter((child) -> name.equals(child.simpleName()))
+				.findFirst();
 	}
 
 	public Optional<XmlNode> parent() {
-		return Optional.ofNullable(this.node.getParentNode()).map((parent) -> new XmlNode(parent));
+		// @formatter:off
+		return Optional.ofNullable(this.node.getParentNode())
+				.map((parent) -> new XmlNode(parent));
+		// @formatter:on
 	}
 
 	public String attribute(String name) {
-		return Optional.ofNullable(this.node.getAttributes()).map((attrs) -> attrs.getNamedItem(name))
-				.map((attr) -> attr.getTextContent()).orElse(null);
+		// @formatter:off
+		return Optional.ofNullable(this.node.getAttributes())
+				.map((attrs) -> attrs.getNamedItem(name))
+				.map((attr) -> attr.getTextContent())
+				.orElse(null);
+		// @formatter:on
 	}
 
 	public Node node() {
diff --git a/config/src/test/java/org/springframework/security/config/doc/XsdDocumentedTests.java b/config/src/test/java/org/springframework/security/config/doc/XsdDocumentedTests.java
index e845eb1f89..9201f09dde 100644
--- a/config/src/test/java/org/springframework/security/config/doc/XsdDocumentedTests.java
+++ b/config/src/test/java/org/springframework/security/config/doc/XsdDocumentedTests.java
@@ -46,11 +46,20 @@ import static org.assertj.core.api.Assertions.assertThat;
  */
 public class XsdDocumentedTests {
 
-	Collection<String> ignoredIds = Arrays.asList("nsa-any-user-service", "nsa-any-user-service-parents",
-			"nsa-authentication", "nsa-websocket-security", "nsa-ldap", "nsa-method-security", "nsa-web",
+	// @formatter:off
+	Collection<String> ignoredIds = Arrays.asList("nsa-any-user-service",
+			"nsa-any-user-service-parents",
+			"nsa-authentication",
+			"nsa-websocket-security",
+			"nsa-ldap",
+			"nsa-method-security",
+			"nsa-web",
 			// deprecated and for removal
-			"nsa-frame-options-strategy", "nsa-frame-options-ref", "nsa-frame-options-value",
+			"nsa-frame-options-strategy",
+			"nsa-frame-options-ref",
+			"nsa-frame-options-value",
 			"nsa-frame-options-from-parameter");
+	// @formatter:on
 
 	String referenceLocation = "../docs/manual/src/docs/asciidoc/_includes/servlet/appendix/namespace.adoc";
 
@@ -68,28 +77,61 @@ public class XsdDocumentedTests {
 	@Test
 	public void parseWhenLatestXsdThenAllNamedSecurityFiltersAreDefinedAndOrderedProperly() throws IOException {
 		XmlNode root = this.xml.parse(this.schemaDocumentLocation);
-		List<String> nodes = root.child("schema").map(XmlNode::children).orElse(Stream.empty())
+		// @formatter:off
+		List<String> nodes = root.child("schema")
+				.map(XmlNode::children)
+				.orElse(Stream.empty())
 				.filter((node) -> "simpleType".equals(node.simpleName())
 						&& "named-security-filter".equals(node.attribute("name")))
-				.flatMap(XmlNode::children).flatMap(XmlNode::children).map((node) -> node.attribute("value"))
-				.filter(StringUtils::isNotEmpty).collect(Collectors.toList());
+				.flatMap(XmlNode::children)
+				.flatMap(XmlNode::children)
+				.map((node) -> node.attribute("value"))
+				.filter(StringUtils::isNotEmpty)
+				.collect(Collectors.toList());
+		// @formatter:on
 		SecurityFiltersAssertions.assertEquals(nodes);
 	}
 
 	@Test
 	public void parseWhen31XsdThenAllNamedSecurityFiltersAreDefinedAndOrderedProperly() throws IOException {
-		List<String> expected = Arrays.asList("FIRST", "CHANNEL_FILTER", "SECURITY_CONTEXT_FILTER",
-				"CONCURRENT_SESSION_FILTER", "LOGOUT_FILTER", "X509_FILTER", "PRE_AUTH_FILTER", "CAS_FILTER",
-				"FORM_LOGIN_FILTER", "OPENID_FILTER", "LOGIN_PAGE_FILTER", "DIGEST_AUTH_FILTER", "BASIC_AUTH_FILTER",
-				"REQUEST_CACHE_FILTER", "SERVLET_API_SUPPORT_FILTER", "JAAS_API_SUPPORT_FILTER", "REMEMBER_ME_FILTER",
-				"ANONYMOUS_FILTER", "SESSION_MANAGEMENT_FILTER", "EXCEPTION_TRANSLATION_FILTER",
-				"FILTER_SECURITY_INTERCEPTOR", "SWITCH_USER_FILTER", "LAST");
+		// @formatter:off
+		List<String> expected = Arrays.asList("FIRST",
+				"CHANNEL_FILTER",
+				"SECURITY_CONTEXT_FILTER",
+				"CONCURRENT_SESSION_FILTER",
+				"LOGOUT_FILTER",
+				"X509_FILTER",
+				"PRE_AUTH_FILTER",
+				"CAS_FILTER",
+				"FORM_LOGIN_FILTER",
+				"OPENID_FILTER",
+				"LOGIN_PAGE_FILTER",
+				"DIGEST_AUTH_FILTER",
+				"BASIC_AUTH_FILTER",
+				"REQUEST_CACHE_FILTER",
+				"SERVLET_API_SUPPORT_FILTER",
+				"JAAS_API_SUPPORT_FILTER",
+				"REMEMBER_ME_FILTER",
+				"ANONYMOUS_FILTER",
+				"SESSION_MANAGEMENT_FILTER",
+				"EXCEPTION_TRANSLATION_FILTER",
+				"FILTER_SECURITY_INTERCEPTOR",
+				"SWITCH_USER_FILTER",
+				"LAST");
+		// @formatter:on
 		XmlNode root = this.xml.parse(this.schema31xDocumentLocation);
-		List<String> nodes = root.child("schema").map(XmlNode::children).orElse(Stream.empty())
+		// @formatter:off
+		List<String> nodes = root.child("schema")
+				.map(XmlNode::children)
+				.orElse(Stream.empty())
 				.filter((node) -> "simpleType".equals(node.simpleName())
 						&& "named-security-filter".equals(node.attribute("name")))
-				.flatMap(XmlNode::children).flatMap(XmlNode::children).map((node) -> node.attribute("value"))
-				.filter(StringUtils::isNotEmpty).collect(Collectors.toList());
+				.flatMap(XmlNode::children)
+				.flatMap(XmlNode::children)
+				.map((node) -> node.attribute("value"))
+				.filter(StringUtils::isNotEmpty)
+				.collect(Collectors.toList());
+		// @formatter:on
 		assertThat(nodes).isEqualTo(expected);
 	}
 
@@ -103,7 +145,11 @@ public class XsdDocumentedTests {
 	@Test
 	public void sizeWhenReadingFilesystemThenIsCorrectNumberOfSchemaFiles() throws IOException {
 		ClassPathResource resource = new ClassPathResource(this.schemaDocumentLocation);
-		String[] schemas = resource.getFile().getParentFile().list((dir, name) -> name.endsWith(".xsd"));
+		// @formatter:off
+		String[] schemas = resource.getFile()
+				.getParentFile()
+				.list((dir, name) -> name.endsWith(".xsd"));
+		// @formatter:on
 		assertThat(schemas.length).isEqualTo(16)
 				.withFailMessage("the count is equal to 16, if not then schemaDocument needs updating");
 	}
@@ -117,11 +163,16 @@ public class XsdDocumentedTests {
 	@Test
 	public void countReferencesWhenReviewingDocumentationThenEntireSchemaIsIncluded() throws IOException {
 		Map<String, Element> elementsByElementName = this.xml.elementsByElementName(this.schemaDocumentLocation);
+		// @formatter:off
 		List<String> documentIds = Files.lines(Paths.get(this.referenceLocation))
 				.filter((line) -> line.matches("\\[\\[(nsa-.*)\\]\\]"))
-				.map((line) -> line.substring(2, line.length() - 2)).collect(Collectors.toList());
-		Set<String> expectedIds = elementsByElementName.values().stream()
-				.flatMap((element) -> element.getIds().stream()).collect(Collectors.toSet());
+				.map((line) -> line.substring(2, line.length() - 2))
+				.collect(Collectors.toList());
+		Set<String> expectedIds = elementsByElementName.values()
+				.stream()
+				.flatMap((element) -> element.getIds().stream())
+				.collect(Collectors.toSet());
+		// @formatter:on
 		documentIds.removeAll(this.ignoredIds);
 		expectedIds.removeAll(this.ignoredIds);
 		assertThat(documentIds).containsAll(expectedIds);
@@ -172,15 +223,28 @@ public class XsdDocumentedTests {
 			if (this.ignoredIds.contains(key)) {
 				return;
 			}
-			List<String> parentIds = entry.getValue().getAllParentElmts().values().stream()
-					.filter((element) -> !this.ignoredIds.contains(element.getId())).map((element) -> element.getId())
-					.sorted().collect(Collectors.toList());
+			// @formatter:off
+			List<String> parentIds = entry.getValue()
+					.getAllParentElmts()
+					.values()
+					.stream()
+					.filter((element) -> !this.ignoredIds.contains(element.getId()))
+					.map((element) -> element.getId())
+					.sorted()
+					.collect(Collectors.toList());
+			// @formatter:on
 			if (!parentIds.isEmpty()) {
 				schemaAttrNameToParents.put(key, parentIds);
 			}
-			List<String> childIds = entry.getValue().getAllChildElmts().values().stream()
+			// @formatter:off
+			List<String> childIds = entry.getValue()
+					.getAllChildElmts()
+					.values()
+					.stream()
 					.filter((element) -> !this.ignoredIds.contains(element.getId())).map((element) -> element.getId())
-					.sorted().collect(Collectors.toList());
+					.sorted()
+					.collect(Collectors.toList());
+			// @formatter:on
 			if (!childIds.isEmpty()) {
 				schemaAttrNameToChildren.put(key, childIds);
 			}
@@ -196,14 +260,23 @@ public class XsdDocumentedTests {
 	@Test
 	public void countWhenReviewingDocumentationThenAllElementsDocumented() throws IOException {
 		Map<String, Element> elementNameToElement = this.xml.elementsByElementName(this.schemaDocumentLocation);
-		String notDocElmtIds = elementNameToElement.values().stream()
+		// @formatter:off
+		String notDocElmtIds = elementNameToElement.values()
+				.stream()
 				.filter((element) -> StringUtils.isEmpty(element.getDesc())
 						&& !this.ignoredIds.contains(element.getId()))
-				.map((element) -> element.getId()).sorted().collect(Collectors.joining("\n"));
-		String notDocAttrIds = elementNameToElement.values().stream().flatMap((element) -> element.getAttrs().stream())
+				.map((element) -> element.getId())
+				.sorted()
+				.collect(Collectors.joining("\n"));
+		String notDocAttrIds = elementNameToElement.values()
+				.stream()
+				.flatMap((element) -> element.getAttrs().stream())
 				.filter((element) -> StringUtils.isEmpty(element.getDesc())
 						&& !this.ignoredIds.contains(element.getId()))
-				.map((element) -> element.getId()).sorted().collect(Collectors.joining("\n"));
+				.map((element) -> element.getId())
+				.sorted()
+				.collect(Collectors.joining("\n"));
+		// @formatter:on
 		assertThat(notDocElmtIds).isEmpty();
 		assertThat(notDocAttrIds).isEmpty();
 	}
diff --git a/config/src/test/java/org/springframework/security/config/http/CsrfConfigTests.java b/config/src/test/java/org/springframework/security/config/http/CsrfConfigTests.java
index f9924f0c3b..7f4894f161 100644
--- a/config/src/test/java/org/springframework/security/config/http/CsrfConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/CsrfConfigTests.java
@@ -48,6 +48,7 @@ import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.test.web.servlet.MvcResult;
 import org.springframework.test.web.servlet.ResultMatcher;
+import org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder;
 import org.springframework.test.web.servlet.setup.MockMvcBuilders;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -90,124 +91,190 @@ public class CsrfConfigTests {
 	@Test
 	public void postWhenDefaultConfigurationThenForbiddenSinceCsrfIsEnabled() throws Exception {
 		this.spring.configLocations(this.xml("AutoConfig")).autowire();
-		this.mvc.perform(post("/csrf")).andExpect(status().isForbidden()).andExpect(csrfCreated());
+		// @formatter:off
+		this.mvc.perform(post("/csrf"))
+				.andExpect(status().isForbidden())
+				.andExpect(csrfCreated());
+		// @formatter:on
 	}
 
 	@Test
 	public void putWhenDefaultConfigurationThenForbiddenSinceCsrfIsEnabled() throws Exception {
 		this.spring.configLocations(this.xml("AutoConfig")).autowire();
-		this.mvc.perform(put("/csrf")).andExpect(status().isForbidden()).andExpect(csrfCreated());
+		// @formatter:off
+		this.mvc.perform(put("/csrf"))
+				.andExpect(status().isForbidden())
+				.andExpect(csrfCreated());
+		// @formatter:on
 	}
 
 	@Test
 	public void patchWhenDefaultConfigurationThenForbiddenSinceCsrfIsEnabled() throws Exception {
 		this.spring.configLocations(this.xml("AutoConfig")).autowire();
-		this.mvc.perform(patch("/csrf")).andExpect(status().isForbidden()).andExpect(csrfCreated());
+		// @formatter:off
+		this.mvc.perform(patch("/csrf"))
+				.andExpect(status().isForbidden())
+				.andExpect(csrfCreated());
+		// @formatter:on
 	}
 
 	@Test
 	public void deleteWhenDefaultConfigurationThenForbiddenSinceCsrfIsEnabled() throws Exception {
 		this.spring.configLocations(this.xml("AutoConfig")).autowire();
-		this.mvc.perform(delete("/csrf")).andExpect(status().isForbidden()).andExpect(csrfCreated());
+		// @formatter:off
+		this.mvc.perform(delete("/csrf"))
+				.andExpect(status().isForbidden())
+				.andExpect(csrfCreated());
+		// @formatter:on
 	}
 
 	@Test
 	public void invalidWhenDefaultConfigurationThenForbiddenSinceCsrfIsEnabled() throws Exception {
 		this.spring.configLocations(this.xml("AutoConfig")).autowire();
-		this.mvc.perform(request("INVALID", new URI("/csrf"))).andExpect(status().isForbidden())
+		// @formatter:off
+		this.mvc.perform(request("INVALID", new URI("/csrf")))
+				.andExpect(status().isForbidden())
 				.andExpect(csrfCreated());
+		// @formatter:on
 	}
 
 	@Test
 	public void getWhenDefaultConfigurationThenCsrfIsEnabled() throws Exception {
 		this.spring.configLocations(this.xml("shared-controllers"), this.xml("AutoConfig")).autowire();
-		this.mvc.perform(get("/csrf")).andExpect(csrfInBody());
+		// @formatter:off
+		this.mvc.perform(get("/csrf"))
+				.andExpect(csrfInBody());
+		// @formatter:on
 	}
 
 	@Test
 	public void headWhenDefaultConfigurationThenCsrfIsEnabled() throws Exception {
 		this.spring.configLocations(this.xml("shared-controllers"), this.xml("AutoConfig")).autowire();
-		this.mvc.perform(head("/csrf-in-header")).andExpect(csrfInHeader());
+		// @formatter:off
+		this.mvc.perform(head("/csrf-in-header"))
+				.andExpect(csrfInHeader());
+		// @formatter:on
 	}
 
 	@Test
 	public void traceWhenDefaultConfigurationThenCsrfIsEnabled() throws Exception {
 		this.spring.configLocations(this.xml("shared-controllers"), this.xml("AutoConfig")).autowire();
-		MockMvc traceEnabled = MockMvcBuilders.webAppContextSetup(this.spring.getContext()).apply(springSecurity())
+		// @formatter:off
+		MockMvc traceEnabled = MockMvcBuilders.webAppContextSetup(this.spring.getContext())
+				.apply(springSecurity())
 				.addDispatcherServletCustomizer((dispatcherServlet) -> dispatcherServlet.setDispatchTraceRequest(true))
 				.build();
-		traceEnabled.perform(request(HttpMethod.TRACE, "/csrf-in-header")).andExpect(csrfInHeader());
+		traceEnabled.perform(request(HttpMethod.TRACE, "/csrf-in-header"))
+				.andExpect(csrfInHeader());
+		// @formatter:on
 	}
 
 	@Test
 	public void optionsWhenDefaultConfigurationThenCsrfIsEnabled() throws Exception {
 		this.spring.configLocations(this.xml("shared-controllers"), this.xml("AutoConfig")).autowire();
-		this.mvc.perform(options("/csrf-in-header")).andExpect(csrfInHeader());
+		// @formatter:off
+		this.mvc.perform(options("/csrf-in-header"))
+				.andExpect(csrfInHeader());
+		// @formatter:on
 	}
 
 	@Test
 	public void postWhenCsrfDisabledThenRequestAllowed() throws Exception {
 		this.spring.configLocations(this.xml("shared-controllers"), this.xml("CsrfDisabled")).autowire();
-		this.mvc.perform(post("/ok")).andExpect(status().isOk());
+		// @formatter:off
+		this.mvc.perform(post("/ok"))
+				.andExpect(status().isOk());
+		// @formatter:on
 		assertThat(getFilter(this.spring, CsrfFilter.class)).isNull();
 	}
 
 	@Test
 	public void postWhenCsrfElementEnabledThenForbidden() throws Exception {
 		this.spring.configLocations(this.xml("CsrfEnabled")).autowire();
-		this.mvc.perform(post("/csrf")).andExpect(status().isForbidden()).andExpect(csrfCreated());
+		// @formatter:off
+		this.mvc.perform(post("/csrf"))
+				.andExpect(status().isForbidden())
+				.andExpect(csrfCreated());
+		// @formatter:on
 	}
 
 	@Test
 	public void putWhenCsrfElementEnabledThenForbidden() throws Exception {
 		this.spring.configLocations(this.xml("CsrfEnabled")).autowire();
-		this.mvc.perform(put("/csrf")).andExpect(status().isForbidden()).andExpect(csrfCreated());
+		// @formatter:off
+		this.mvc.perform(put("/csrf"))
+				.andExpect(status().isForbidden())
+				.andExpect(csrfCreated());
+		// @formatter:on
 	}
 
 	@Test
 	public void patchWhenCsrfElementEnabledThenForbidden() throws Exception {
 		this.spring.configLocations(this.xml("CsrfEnabled")).autowire();
-		this.mvc.perform(patch("/csrf")).andExpect(status().isForbidden()).andExpect(csrfCreated());
+		// @formatter:off
+		this.mvc.perform(patch("/csrf"))
+				.andExpect(status().isForbidden())
+				.andExpect(csrfCreated());
+		// @formatter:on
 	}
 
 	@Test
 	public void deleteWhenCsrfElementEnabledThenForbidden() throws Exception {
 		this.spring.configLocations(this.xml("CsrfEnabled")).autowire();
-		this.mvc.perform(delete("/csrf")).andExpect(status().isForbidden()).andExpect(csrfCreated());
+		// @formatter:off
+		this.mvc.perform(delete("/csrf"))
+				.andExpect(status().isForbidden())
+				.andExpect(csrfCreated());
+		// @formatter:on
 	}
 
 	@Test
 	public void invalidWhenCsrfElementEnabledThenForbidden() throws Exception {
 		this.spring.configLocations(this.xml("CsrfEnabled")).autowire();
-		this.mvc.perform(request("INVALID", new URI("/csrf"))).andExpect(status().isForbidden())
+		// @formatter:off
+		this.mvc.perform(request("INVALID", new URI("/csrf")))
+				.andExpect(status().isForbidden())
 				.andExpect(csrfCreated());
+		// @formatter:on
 	}
 
 	@Test
 	public void getWhenCsrfElementEnabledThenOk() throws Exception {
 		this.spring.configLocations(this.xml("shared-controllers"), this.xml("CsrfEnabled")).autowire();
-		this.mvc.perform(get("/csrf")).andExpect(csrfInBody());
+		// @formatter:off
+		this.mvc.perform(get("/csrf"))
+				.andExpect(csrfInBody());
+		// @formatter:on
 	}
 
 	@Test
 	public void headWhenCsrfElementEnabledThenOk() throws Exception {
 		this.spring.configLocations(this.xml("shared-controllers"), this.xml("CsrfEnabled")).autowire();
-		this.mvc.perform(head("/csrf-in-header")).andExpect(csrfInHeader());
+		// @formatter:off
+		this.mvc.perform(head("/csrf-in-header"))
+				.andExpect(csrfInHeader());
+		// @formatter:on
 	}
 
 	@Test
 	public void traceWhenCsrfElementEnabledThenOk() throws Exception {
 		this.spring.configLocations(this.xml("shared-controllers"), this.xml("CsrfEnabled")).autowire();
-		MockMvc traceEnabled = MockMvcBuilders.webAppContextSetup(this.spring.getContext()).apply(springSecurity())
+		// @formatter:off
+		MockMvc traceEnabled = MockMvcBuilders.webAppContextSetup(this.spring.getContext())
+				.apply(springSecurity())
 				.addDispatcherServletCustomizer((dispatcherServlet) -> dispatcherServlet.setDispatchTraceRequest(true))
 				.build();
+		// @formatter:on
 		traceEnabled.perform(request(HttpMethod.TRACE, "/csrf-in-header")).andExpect(csrfInHeader());
 	}
 
 	@Test
 	public void optionsWhenCsrfElementEnabledThenOk() throws Exception {
 		this.spring.configLocations(this.xml("shared-controllers"), this.xml("CsrfEnabled")).autowire();
-		this.mvc.perform(options("/csrf-in-header")).andExpect(csrfInHeader());
+		// @formatter:off
+		this.mvc.perform(options("/csrf-in-header"))
+				.andExpect(csrfInHeader());
+		// @formatter:on
 	}
 
 	@Test
@@ -220,7 +287,10 @@ public class CsrfConfigTests {
 	public void postWhenUsingCsrfAndCustomAccessDeniedHandlerThenTheHandlerIsAppropriatelyEngaged() throws Exception {
 		this.spring.configLocations(this.xml("WithAccessDeniedHandler"), this.xml("shared-access-denied-handler"))
 				.autowire();
-		this.mvc.perform(post("/ok")).andExpect(status().isIAmATeapot());
+		// @formatter:off
+		this.mvc.perform(post("/ok"))
+				.andExpect(status().isIAmATeapot());
+		// @formatter:on
 	}
 
 	@Test
@@ -233,9 +303,15 @@ public class CsrfConfigTests {
 		MockHttpSession session = (MockHttpSession) result.getRequest().getSession();
 		// if the request cache is consulted, then it will redirect back to /some-url,
 		// which we don't want
-		this.mvc.perform(
-				post("/login").param("username", "user").param("password", "password").session(session).with(csrf()))
+		// @formatter:off
+		MockHttpServletRequestBuilder login = post("/login")
+				.param("username", "user")
+				.param("password", "password")
+				.session(session)
+				.with(csrf());
+		this.mvc.perform(login)
 				.andExpect(redirectedUrl("/"));
+		// @formatter:on
 	}
 
 	@Test
@@ -248,9 +324,15 @@ public class CsrfConfigTests {
 		MockHttpSession session = (MockHttpSession) result.getRequest().getSession();
 		// if the request cache is consulted, then it will redirect back to /some-url,
 		// which we do want
-		this.mvc.perform(
-				post("/login").param("username", "user").param("password", "password").session(session).with(csrf()))
+		// @formatter:off
+		MockHttpServletRequestBuilder login = post("/login")
+				.param("username", "user")
+				.param("password", "password")
+				.session(session)
+				.with(csrf());
+		this.mvc.perform(login)
 				.andExpect(redirectedUrl("http://localhost/authenticated"));
+		// @formatter:on
 	}
 
 	/**
@@ -260,10 +342,16 @@ public class CsrfConfigTests {
 	public void postWhenUsingCsrfAndCustomSessionManagementAndNoSessionThenStillRedirectsToInvalidSessionUrl()
 			throws Exception {
 		this.spring.configLocations(this.xml("WithSessionManagement")).autowire();
-		MvcResult result = this.mvc.perform(post("/ok").param("_csrf", "abc"))
-				.andExpect(redirectedUrl("/error/sessionError")).andReturn();
+		// @formatter:off
+		MockHttpServletRequestBuilder postToOk = post("/ok")
+				.param("_csrf", "abc");
+		MvcResult result = this.mvc.perform(postToOk)
+				.andExpect(redirectedUrl("/error/sessionError"))
+				.andReturn();
 		MockHttpSession session = (MockHttpSession) result.getRequest().getSession();
-		this.mvc.perform(post("/csrf").session(session)).andExpect(status().isForbidden());
+		this.mvc.perform(post("/csrf").session(session))
+				.andExpect(status().isForbidden());
+		// @formatter:on
 	}
 
 	@Test
@@ -273,15 +361,24 @@ public class CsrfConfigTests {
 		context.autowire();
 		RequestMatcher matcher = context.getContext().getBean(RequestMatcher.class);
 		given(matcher.matches(any(HttpServletRequest.class))).willReturn(false);
-		this.mvc.perform(post("/ok")).andExpect(status().isOk());
+		// @formatter:off
+		this.mvc.perform(post("/ok"))
+				.andExpect(status().isOk());
+		// @formatter:on
 		given(matcher.matches(any(HttpServletRequest.class))).willReturn(true);
-		this.mvc.perform(get("/ok")).andExpect(status().isForbidden());
+		// @formatter:off
+		this.mvc.perform(get("/ok"))
+				.andExpect(status().isForbidden());
+		// @formatter:on
 	}
 
 	@Test
 	public void getWhenDefaultConfigurationThenSessionNotImmediatelyCreated() throws Exception {
 		this.spring.configLocations(this.xml("shared-controllers"), this.xml("AutoConfig")).autowire();
-		MvcResult result = this.mvc.perform(get("/ok")).andExpect(status().isOk()).andReturn();
+		// @formatter:off
+		MvcResult result = this.mvc.perform(get("/ok"))
+				.andExpect(status().isOk()).andReturn();
+		// @formatter:on
 		assertThat(result.getRequest().getSession(false)).isNull();
 	}
 
@@ -291,7 +388,13 @@ public class CsrfConfigTests {
 		this.spring.configLocations(this.xml("shared-controllers"), this.xml("AutoConfig")).autowire();
 		MvcResult result = this.mvc.perform(get("/ok")).andReturn();
 		MockHttpSession session = (MockHttpSession) result.getRequest().getSession();
-		this.mvc.perform(post("/ok").session(session).with(csrf().useInvalidToken())).andExpect(status().isForbidden());
+		// @formatter:off
+		MockHttpServletRequestBuilder postOk = post("/ok")
+				.session(session)
+				.with(csrf().useInvalidToken());
+		this.mvc.perform(postOk)
+				.andExpect(status().isForbidden());
+		// @formatter:on
 	}
 
 	@Test
@@ -299,10 +402,17 @@ public class CsrfConfigTests {
 		this.spring.configLocations(this.xml("shared-controllers"), this.xml("AutoConfig")).autowire();
 		MvcResult result = this.mvc.perform(get("/csrf")).andReturn();
 		MockHttpSession session = (MockHttpSession) result.getRequest().getSession();
-		this.mvc.perform(
-				post("/login").param("username", "user").param("password", "password").session(session).with(csrf()))
+		// @formatter:off
+		MockHttpServletRequestBuilder loginRequest = post("/login")
+				.param("username", "user")
+				.param("password", "password")
+				.session(session)
+				.with(csrf());
+		this.mvc.perform(loginRequest)
 				.andExpect(status().isFound());
-		this.mvc.perform(get("/csrf").session(session)).andExpect(csrfChanged(result));
+		this.mvc.perform(get("/csrf").session(session))
+				.andExpect(csrfChanged(result));
+		// @formatter:on
 	}
 
 	@Test
@@ -310,8 +420,12 @@ public class CsrfConfigTests {
 		this.spring.configLocations(this.xml("shared-controllers"), this.xml("AutoConfig")).autowire();
 		MvcResult result = this.mvc.perform(get("/csrf")).andReturn();
 		MockHttpSession session = (MockHttpSession) result.getRequest().getSession();
-		this.mvc.perform(post("/logout").session(session).with(csrf())).andExpect(status().isFound());
-		this.mvc.perform(get("/csrf").session(session)).andExpect(csrfChanged(result));
+		// @formatter:off
+		this.mvc.perform(post("/logout").session(session).with(csrf()))
+				.andExpect(status().isFound());
+		this.mvc.perform(get("/csrf").session(session))
+				.andExpect(csrfChanged(result));
+		// @formatter:on
 	}
 
 	/**
@@ -321,13 +435,16 @@ public class CsrfConfigTests {
 	@WithMockUser
 	public void logoutWhenDefaultConfigurationThenDisabled() throws Exception {
 		this.spring.configLocations(this.xml("shared-controllers"), this.xml("CsrfEnabled")).autowire();
-		this.mvc.perform(get("/logout")).andExpect(status().isOk()); // renders form to
-																		// log out but
-																		// does not
-																		// perform a
-																		// redirect
+		// renders form to log out but does not perform a redirect
+		// @formatter:off
+		this.mvc.perform(get("/logout"))
+				.andExpect(status().isOk());
+		// @formatter:on
 		// still logged in
-		this.mvc.perform(get("/authenticated")).andExpect(status().isOk());
+		// @formatter:off
+		this.mvc.perform(get("/authenticated"))
+				.andExpect(status().isOk());
+		// @formatter:on
 	}
 
 	private <T extends Filter> T getFilter(SpringTestContext context, Class<T> type) {
diff --git a/config/src/test/java/org/springframework/security/config/http/FilterSecurityMetadataSourceBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/http/FilterSecurityMetadataSourceBeanDefinitionParserTests.java
index ae8f77e96c..503e0bd803 100644
--- a/config/src/test/java/org/springframework/security/config/http/FilterSecurityMetadataSourceBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/FilterSecurityMetadataSourceBeanDefinitionParserTests.java
@@ -60,8 +60,11 @@ public class FilterSecurityMetadataSourceBeanDefinitionParserTests {
 
 	@Test
 	public void parsingMinimalConfigurationIsSuccessful() {
+		// @formatter:off
 		setContext("<filter-security-metadata-source id='fids' use-expressions='false'>"
-				+ "   <intercept-url pattern='/**' access='ROLE_A'/>" + "</filter-security-metadata-source>");
+				+ "   <intercept-url pattern='/**' access='ROLE_A'/>"
+				+ "</filter-security-metadata-source>");
+		// @formatter:on
 		DefaultFilterInvocationSecurityMetadataSource fids = (DefaultFilterInvocationSecurityMetadataSource) this.appContext
 				.getBean("fids");
 		Collection<ConfigAttribute> cad = fids.getAttributes(createFilterInvocation("/anything", "GET"));
@@ -70,9 +73,11 @@ public class FilterSecurityMetadataSourceBeanDefinitionParserTests {
 
 	@Test
 	public void expressionsAreSupported() {
+		// @formatter:off
 		setContext("<filter-security-metadata-source id='fids'>"
 				+ "   <intercept-url pattern='/**' access=\"hasRole('ROLE_A')\" />"
 				+ "</filter-security-metadata-source>");
+		// @formatter:on
 		ExpressionBasedFilterInvocationSecurityMetadataSource fids = (ExpressionBasedFilterInvocationSecurityMetadataSource) this.appContext
 				.getBean("fids");
 		ConfigAttribute[] cad = fids.getAttributes(createFilterInvocation("/anything", "GET"))
@@ -98,6 +103,7 @@ public class FilterSecurityMetadataSourceBeanDefinitionParserTests {
 
 	@Test
 	public void parsingWithinFilterSecurityInterceptorIsSuccessful() {
+		// @formatter:off
 		setContext("<http auto-config='true' use-expressions='false'/>"
 				+ "<b:bean id='fsi' class='org.springframework.security.web.access.intercept.FilterSecurityInterceptor' autowire='byType'>"
 				+ "   <b:property name='securityMetadataSource'>"
@@ -105,9 +111,12 @@ public class FilterSecurityMetadataSourceBeanDefinitionParserTests {
 				+ "           <intercept-url pattern='/secure/extreme/**' access='ROLE_SUPERVISOR'/>"
 				+ "           <intercept-url pattern='/secure/**' access='ROLE_USER'/>"
 				+ "           <intercept-url pattern='/**' access='ROLE_USER'/>"
-				+ "       </filter-security-metadata-source>" + "   </b:property>"
+				+ "       </filter-security-metadata-source>"
+				+ "   </b:property>"
 				+ "   <b:property name='authenticationManager' ref='" + BeanIds.AUTHENTICATION_MANAGER + "'/>"
-				+ "</b:bean>" + ConfigTestUtils.AUTH_PROVIDER_XML);
+				+ "</b:bean>"
+				+ ConfigTestUtils.AUTH_PROVIDER_XML);
+		// @formatter:on
 	}
 
 	@Test(expected = BeanDefinitionParsingException.class)
diff --git a/config/src/test/java/org/springframework/security/config/http/FormLoginBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/http/FormLoginBeanDefinitionParserTests.java
index dcde29317a..27bffb53d1 100644
--- a/config/src/test/java/org/springframework/security/config/http/FormLoginBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/FormLoginBeanDefinitionParserTests.java
@@ -23,6 +23,7 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.config.test.SpringTestRule;
 import org.springframework.security.web.WebAttributes;
 import org.springframework.test.web.servlet.MockMvc;
+import org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder;
 
 import static org.hamcrest.CoreMatchers.containsString;
 import static org.hamcrest.CoreMatchers.not;
@@ -51,24 +52,35 @@ public class FormLoginBeanDefinitionParserTests {
 	@Test
 	public void getLoginWhenAutoConfigThenShowsDefaultLoginPage() throws Exception {
 		this.spring.configLocations(this.xml("Simple")).autowire();
-		String expectedContent = "<!DOCTYPE html>\n" + "<html lang=\"en\">\n" + "  <head>\n"
+		// @formatter:off
+		String expectedContent = "<!DOCTYPE html>\n"
+				+ "<html lang=\"en\">\n"
+				+ "  <head>\n"
 				+ "    <meta charset=\"utf-8\">\n"
 				+ "    <meta name=\"viewport\" content=\"width=device-width, initial-scale=1, shrink-to-fit=no\">\n"
-				+ "    <meta name=\"description\" content=\"\">\n" + "    <meta name=\"author\" content=\"\">\n"
+				+ "    <meta name=\"description\" content=\"\">\n"
+				+ "    <meta name=\"author\" content=\"\">\n"
 				+ "    <title>Please sign in</title>\n"
 				+ "    <link href=\"https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-/Y6pD6FV/Vv2HJnA6t+vslU6fwYXjCFtcEpHbNJ0lyAFsXTsjBbfaDjzALeQsN6M\" crossorigin=\"anonymous\">\n"
 				+ "    <link href=\"https://getbootstrap.com/docs/4.0/examples/signin/signin.css\" rel=\"stylesheet\" crossorigin=\"anonymous\"/>\n"
-				+ "  </head>\n" + "  <body>\n" + "     <div class=\"container\">\n"
+				+ "  </head>\n"
+				+ "  <body>\n"
+				+ "     <div class=\"container\">\n"
 				+ "      <form class=\"form-signin\" method=\"post\" action=\"/login\">\n"
-				+ "        <h2 class=\"form-signin-heading\">Please sign in</h2>\n" + "        <p>\n"
+				+ "        <h2 class=\"form-signin-heading\">Please sign in</h2>\n"
+				+ "        <p>\n"
 				+ "          <label for=\"username\" class=\"sr-only\">Username</label>\n"
 				+ "          <input type=\"text\" id=\"username\" name=\"username\" class=\"form-control\" placeholder=\"Username\" required autofocus>\n"
-				+ "        </p>\n" + "        <p>\n"
+				+ "        </p>\n"
+				+ "        <p>\n"
 				+ "          <label for=\"password\" class=\"sr-only\">Password</label>\n"
 				+ "          <input type=\"password\" id=\"password\" name=\"password\" class=\"form-control\" placeholder=\"Password\" required>\n"
 				+ "        </p>\n"
 				+ "        <button class=\"btn btn-lg btn-primary btn-block\" type=\"submit\">Sign in</button>\n"
-				+ "      </form>\n" + "</div>\n" + "</body></html>";
+				+ "      </form>\n"
+				+ "</div>\n"
+				+ "</body></html>";
+		// @formatter:on
 		this.mvc.perform(get("/login")).andExpect(content().string(expectedContent));
 	}
 
@@ -81,75 +93,108 @@ public class FormLoginBeanDefinitionParserTests {
 	@Test
 	public void getLoginWhenConfiguredWithCustomAttributesThenLoginPageReflects() throws Exception {
 		this.spring.configLocations(this.xml("WithCustomAttributes")).autowire();
-		String expectedContent = "<!DOCTYPE html>\n" + "<html lang=\"en\">\n" + "  <head>\n"
+		// @formatter:off
+		String expectedContent = "<!DOCTYPE html>\n"
+				+ "<html lang=\"en\">\n"
+				+ "  <head>\n"
 				+ "    <meta charset=\"utf-8\">\n"
 				+ "    <meta name=\"viewport\" content=\"width=device-width, initial-scale=1, shrink-to-fit=no\">\n"
-				+ "    <meta name=\"description\" content=\"\">\n" + "    <meta name=\"author\" content=\"\">\n"
+				+ "    <meta name=\"description\" content=\"\">\n"
+				+ "    <meta name=\"author\" content=\"\">\n"
 				+ "    <title>Please sign in</title>\n"
 				+ "    <link href=\"https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-/Y6pD6FV/Vv2HJnA6t+vslU6fwYXjCFtcEpHbNJ0lyAFsXTsjBbfaDjzALeQsN6M\" crossorigin=\"anonymous\">\n"
 				+ "    <link href=\"https://getbootstrap.com/docs/4.0/examples/signin/signin.css\" rel=\"stylesheet\" crossorigin=\"anonymous\"/>\n"
-				+ "  </head>\n" + "  <body>\n" + "     <div class=\"container\">\n"
+				+ "  </head>\n"
+				+ "  <body>\n"
+				+ "     <div class=\"container\">\n"
 				+ "      <form class=\"form-signin\" method=\"post\" action=\"/signin\">\n"
-				+ "        <h2 class=\"form-signin-heading\">Please sign in</h2>\n" + "        <p>\n"
+				+ "        <h2 class=\"form-signin-heading\">Please sign in</h2>\n"
+				+ "        <p>\n"
 				+ "          <label for=\"username\" class=\"sr-only\">Username</label>\n"
 				+ "          <input type=\"text\" id=\"username\" name=\"custom_user\" class=\"form-control\" placeholder=\"Username\" required autofocus>\n"
-				+ "        </p>\n" + "        <p>\n"
+				+ "        </p>\n"
+				+ "        <p>\n"
 				+ "          <label for=\"password\" class=\"sr-only\">Password</label>\n"
 				+ "          <input type=\"password\" id=\"password\" name=\"custom_pass\" class=\"form-control\" placeholder=\"Password\" required>\n"
 				+ "        </p>\n"
 				+ "        <button class=\"btn btn-lg btn-primary btn-block\" type=\"submit\">Sign in</button>\n"
-				+ "      </form>\n" + "</div>\n" + "</body></html>";
-		this.mvc.perform(get("/login")).andExpect(content().string(expectedContent));
-		this.mvc.perform(get("/logout")).andExpect(status().is3xxRedirection());
+				+ "      </form>\n"
+				+ "</div>\n"
+				+ "</body></html>";
+		this.mvc.perform(get("/login"))
+				.andExpect(content().string(expectedContent));
+		this.mvc.perform(get("/logout"))
+				.andExpect(status().is3xxRedirection());
+		// @formatter:on
 	}
 
 	@Test
 	public void getLoginWhenConfiguredForOpenIdThenLoginPageReflects() throws Exception {
 		this.spring.configLocations(this.xml("WithOpenId")).autowire();
-		String expectedContent = "<!DOCTYPE html>\n" + "<html lang=\"en\">\n" + "  <head>\n"
+		// @formatter:off
+		String expectedContent = "<!DOCTYPE html>\n"
+				+ "<html lang=\"en\">\n"
+				+ "  <head>\n"
 				+ "    <meta charset=\"utf-8\">\n"
 				+ "    <meta name=\"viewport\" content=\"width=device-width, initial-scale=1, shrink-to-fit=no\">\n"
-				+ "    <meta name=\"description\" content=\"\">\n" + "    <meta name=\"author\" content=\"\">\n"
+				+ "    <meta name=\"description\" content=\"\">\n"
+				+ "    <meta name=\"author\" content=\"\">\n"
 				+ "    <title>Please sign in</title>\n"
 				+ "    <link href=\"https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-/Y6pD6FV/Vv2HJnA6t+vslU6fwYXjCFtcEpHbNJ0lyAFsXTsjBbfaDjzALeQsN6M\" crossorigin=\"anonymous\">\n"
 				+ "    <link href=\"https://getbootstrap.com/docs/4.0/examples/signin/signin.css\" rel=\"stylesheet\" crossorigin=\"anonymous\"/>\n"
-				+ "  </head>\n" + "  <body>\n" + "     <div class=\"container\">\n"
+				+ "  </head>\n"
+				+ "  <body>\n"
+				+ "     <div class=\"container\">\n"
 				+ "      <form class=\"form-signin\" method=\"post\" action=\"/login\">\n"
-				+ "        <h2 class=\"form-signin-heading\">Please sign in</h2>\n" + "        <p>\n"
+				+ "        <h2 class=\"form-signin-heading\">Please sign in</h2>\n"
+				+ "        <p>\n"
 				+ "          <label for=\"username\" class=\"sr-only\">Username</label>\n"
 				+ "          <input type=\"text\" id=\"username\" name=\"username\" class=\"form-control\" placeholder=\"Username\" required autofocus>\n"
-				+ "        </p>\n" + "        <p>\n"
+				+ "        </p>\n"
+				+ "        <p>\n"
 				+ "          <label for=\"password\" class=\"sr-only\">Password</label>\n"
 				+ "          <input type=\"password\" id=\"password\" name=\"password\" class=\"form-control\" placeholder=\"Password\" required>\n"
 				+ "        </p>\n"
 				+ "        <button class=\"btn btn-lg btn-primary btn-block\" type=\"submit\">Sign in</button>\n"
 				+ "      </form>\n"
 				+ "      <form name=\"oidf\" class=\"form-signin\" method=\"post\" action=\"/login/openid\">\n"
-				+ "        <h2 class=\"form-signin-heading\">Login with OpenID Identity</h2>\n" + "        <p>\n"
+				+ "        <h2 class=\"form-signin-heading\">Login with OpenID Identity</h2>\n"
+				+ "        <p>\n"
 				+ "          <label for=\"username\" class=\"sr-only\">Identity</label>\n"
 				+ "          <input type=\"text\" id=\"username\" name=\"openid_identifier\" class=\"form-control\" placeholder=\"Username\" required autofocus>\n"
 				+ "        </p>\n"
 				+ "        <button class=\"btn btn-lg btn-primary btn-block\" type=\"submit\">Sign in</button>\n"
-				+ "      </form>\n" + "</div>\n" + "</body></html>";
+				+ "      </form>\n"
+				+ "</div>\n"
+				+ "</body></html>";
+		// @formatter:on
 		this.mvc.perform(get("/login")).andExpect(content().string(expectedContent));
 	}
 
 	@Test
 	public void getLoginWhenConfiguredForOpenIdWithCustomAttributesThenLoginPageReflects() throws Exception {
 		this.spring.configLocations(this.xml("WithOpenIdCustomAttributes")).autowire();
-		String expectedContent = "<!DOCTYPE html>\n" + "<html lang=\"en\">\n" + "  <head>\n"
+		// @formatter:off
+		String expectedContent = "<!DOCTYPE html>\n"
+				+ "<html lang=\"en\">\n"
+				+ "  <head>\n"
 				+ "    <meta charset=\"utf-8\">\n"
 				+ "    <meta name=\"viewport\" content=\"width=device-width, initial-scale=1, shrink-to-fit=no\">\n"
-				+ "    <meta name=\"description\" content=\"\">\n" + "    <meta name=\"author\" content=\"\">\n"
+				+ "    <meta name=\"description\" content=\"\">\n"
+				+ "    <meta name=\"author\" content=\"\">\n"
 				+ "    <title>Please sign in</title>\n"
 				+ "    <link href=\"https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-/Y6pD6FV/Vv2HJnA6t+vslU6fwYXjCFtcEpHbNJ0lyAFsXTsjBbfaDjzALeQsN6M\" crossorigin=\"anonymous\">\n"
 				+ "    <link href=\"https://getbootstrap.com/docs/4.0/examples/signin/signin.css\" rel=\"stylesheet\" crossorigin=\"anonymous\"/>\n"
-				+ "  </head>\n" + "  <body>\n" + "     <div class=\"container\">\n"
+				+ "  </head>\n"
+				+ "  <body>\n"
+				+ "     <div class=\"container\">\n"
 				+ "      <form class=\"form-signin\" method=\"post\" action=\"/login\">\n"
-				+ "        <h2 class=\"form-signin-heading\">Please sign in</h2>\n" + "        <p>\n"
+				+ "        <h2 class=\"form-signin-heading\">Please sign in</h2>\n"
+				+ "        <p>\n"
 				+ "          <label for=\"username\" class=\"sr-only\">Username</label>\n"
 				+ "          <input type=\"text\" id=\"username\" name=\"username\" class=\"form-control\" placeholder=\"Username\" required autofocus>\n"
-				+ "        </p>\n" + "        <p>\n"
+				+ "        </p>\n"
+				+ "        <p>\n"
 				+ "          <label for=\"password\" class=\"sr-only\">Password</label>\n"
 				+ "          <input type=\"password\" id=\"password\" name=\"password\" class=\"form-control\" placeholder=\"Password\" required>\n"
 				+ "        </p>\n"
@@ -161,23 +206,38 @@ public class FormLoginBeanDefinitionParserTests {
 				+ "          <input type=\"text\" id=\"username\" name=\"openid_identifier\" class=\"form-control\" placeholder=\"Username\" required autofocus>\n"
 				+ "        </p>\n"
 				+ "        <button class=\"btn btn-lg btn-primary btn-block\" type=\"submit\">Sign in</button>\n"
-				+ "      </form>\n" + "</div>\n" + "</body></html>";
+				+ "      </form>\n"
+				+ "</div>\n"
+				+ "</body></html>";
+		// @formatter:on
 		this.mvc.perform(get("/login")).andExpect(content().string(expectedContent));
 	}
 
 	@Test
 	public void failedLoginWhenConfiguredWithCustomAuthenticationFailureThenForwardsAccordingly() throws Exception {
 		this.spring.configLocations(this.xml("WithAuthenticationFailureForwardUrl")).autowire();
-		this.mvc.perform(post("/login").param("username", "bob").param("password", "invalidpassword"))
-				.andExpect(status().isOk()).andExpect(forwardedUrl("/failure_forward_url"))
+		// @formatter:off
+		MockHttpServletRequestBuilder loginRequest = post("/login")
+				.param("username", "bob")
+				.param("password", "invalidpassword");
+		this.mvc.perform(loginRequest)
+				.andExpect(status().isOk())
+				.andExpect(forwardedUrl("/failure_forward_url"))
 				.andExpect(request().attribute(WebAttributes.AUTHENTICATION_EXCEPTION, not(nullValue())));
+		// @formatter:on
 	}
 
 	@Test
 	public void successfulLoginWhenConfiguredWithCustomAuthenticationSuccessThenForwardsAccordingly() throws Exception {
 		this.spring.configLocations(this.xml("WithAuthenticationSuccessForwardUrl")).autowire();
-		this.mvc.perform(post("/login").param("username", "user").param("password", "password"))
-				.andExpect(status().isOk()).andExpect(forwardedUrl("/success_forward_url"));
+		// @formatter:off
+		MockHttpServletRequestBuilder loginRequest = post("/login")
+				.param("username", "user")
+				.param("password", "password");
+		this.mvc.perform(loginRequest)
+				.andExpect(status().isOk())
+				.andExpect(forwardedUrl("/success_forward_url"));
+		// @formatter:on
 	}
 
 	private String xml(String configName) {
diff --git a/config/src/test/java/org/springframework/security/config/http/FormLoginConfigTests.java b/config/src/test/java/org/springframework/security/config/http/FormLoginConfigTests.java
index dec1dc1515..ca04337f27 100644
--- a/config/src/test/java/org/springframework/security/config/http/FormLoginConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/FormLoginConfigTests.java
@@ -38,6 +38,7 @@ import org.springframework.security.web.authentication.AuthenticationFailureHand
 import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
 import org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter;
 import org.springframework.test.web.servlet.MockMvc;
+import org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RestController;
 
@@ -67,24 +68,44 @@ public class FormLoginConfigTests {
 	@Test
 	public void getProtectedPageWhenFormLoginConfiguredThenRedirectsToDefaultLoginPage() throws Exception {
 		this.spring.configLocations(this.xml("WithAntRequestMatcher")).autowire();
-		this.mvc.perform(get("/")).andExpect(redirectedUrl("http://localhost/login"));
+		// @formatter:off
+		this.mvc.perform(get("/"))
+				.andExpect(redirectedUrl("http://localhost/login"));
+		// @formatter:on
 	}
 
 	@Test
 	public void authenticateWhenDefaultTargetUrlConfiguredThenRedirectsAccordingly() throws Exception {
 		this.spring.configLocations(this.xml("WithDefaultTargetUrl")).autowire();
-		this.mvc.perform(post("/login").param("username", "user").param("password", "password").with(csrf()))
+		// @formatter:off
+		MockHttpServletRequestBuilder loginRequest = post("/login")
+				.param("username", "user")
+				.param("password", "password")
+				.with(csrf());
+		this.mvc.perform(loginRequest)
 				.andExpect(redirectedUrl("/default"));
+		// @formatter:on
 	}
 
 	@Test
 	public void authenticateWhenConfiguredWithSpelThenRedirectsAccordingly() throws Exception {
 		this.spring.configLocations(this.xml("UsingSpel")).autowire();
-		this.mvc.perform(post("/login").param("username", "user").param("password", "password").with(csrf()))
+		// @formatter:off
+		MockHttpServletRequestBuilder loginRequest = post("/login")
+				.param("username", "user")
+				.param("password", "password")
+				.with(csrf());
+		this.mvc.perform(loginRequest)
 				.andExpect(redirectedUrl(WebConfigUtilsTests.URL + "/default"));
-		this.mvc.perform(post("/login").param("username", "user").param("password", "wrong").with(csrf()))
+		MockHttpServletRequestBuilder invalidPassword = post("/login")
+				.param("username", "user")
+				.param("password", "wrong")
+				.with(csrf());
+		this.mvc.perform(invalidPassword)
 				.andExpect(redirectedUrl(WebConfigUtilsTests.URL + "/failure"));
-		this.mvc.perform(get("/")).andExpect(redirectedUrl("http://localhost" + WebConfigUtilsTests.URL + "/login"));
+		this.mvc.perform(get("/"))
+				.andExpect(redirectedUrl("http://localhost" + WebConfigUtilsTests.URL + "/login"));
+		// @formatter:on
 	}
 
 	@Test
@@ -102,10 +123,20 @@ public class FormLoginConfigTests {
 	@Test
 	public void authenticateWhenCustomHandlerBeansConfiguredThenInvokesAccordingly() throws Exception {
 		this.spring.configLocations(this.xml("WithSuccessAndFailureHandlers")).autowire();
-		this.mvc.perform(post("/login").param("username", "user").param("password", "password").with(csrf()))
+		// @formatter:off
+		MockHttpServletRequestBuilder loginRequest = post("/login")
+				.param("username", "user")
+				.param("password", "password")
+				.with(csrf());
+		this.mvc.perform(loginRequest)
 				.andExpect(status().isIAmATeapot());
-		this.mvc.perform(post("/login").param("username", "user").param("password", "wrong").with(csrf()))
+		MockHttpServletRequestBuilder invalidPassword = post("/login")
+				.param("username", "user")
+				.param("password", "wrong")
+				.with(csrf());
+		this.mvc.perform(invalidPassword)
 				.andExpect(status().isIAmATeapot());
+		// @formatter:on
 	}
 
 	@Test
@@ -129,15 +160,25 @@ public class FormLoginConfigTests {
 	@Test
 	public void authenticateWhenCsrfIsEnabledThenRequiresToken() throws Exception {
 		this.spring.configLocations(this.xml("WithCsrfEnabled")).autowire();
-		this.mvc.perform(post("/login").param("username", "user").param("password", "password"))
+		// @formatter:off
+		MockHttpServletRequestBuilder loginRequest = post("/login")
+				.param("username", "user")
+				.param("password", "password");
+		this.mvc.perform(loginRequest)
 				.andExpect(status().isForbidden());
+		// @formatter:on
 	}
 
 	@Test
 	public void authenticateWhenCsrfIsDisabledThenDoesNotRequireToken() throws Exception {
 		this.spring.configLocations(this.xml("WithCsrfDisabled")).autowire();
-		this.mvc.perform(post("/login").param("username", "user").param("password", "password"))
+		// @formatter:off
+		MockHttpServletRequestBuilder loginRequest = post("/login")
+				.param("username", "user")
+				.param("password", "password");
+		this.mvc.perform(loginRequest)
 				.andExpect(status().isFound());
+		// @formatter:on
 	}
 
 	/**
@@ -148,8 +189,14 @@ public class FormLoginConfigTests {
 	public void authenticateWhenLoginPageIsSlashLoginAndAuthenticationFailsThenRedirectContainsErrorParameter()
 			throws Exception {
 		this.spring.configLocations(this.xml("ForSec3147")).autowire();
-		this.mvc.perform(post("/login").param("username", "user").param("password", "wrong").with(csrf()))
+		// @formatter:off
+		MockHttpServletRequestBuilder loginRequest = post("/login")
+				.param("username", "user")
+				.param("password", "wrong")
+				.with(csrf());
+		this.mvc.perform(loginRequest)
 				.andExpect(redirectedUrl("/login?error"));
+		// @formatter:on
 	}
 
 	private Filter getFilter(ApplicationContext context, Class<? extends Filter> filterClass) {
diff --git a/config/src/test/java/org/springframework/security/config/http/HttpConfigTests.java b/config/src/test/java/org/springframework/security/config/http/HttpConfigTests.java
index d3de9aab8d..5174dc331c 100644
--- a/config/src/test/java/org/springframework/security/config/http/HttpConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/HttpConfigTests.java
@@ -52,7 +52,11 @@ public class HttpConfigTests {
 	@Test
 	public void getWhenUsingMinimalConfigurationThenRedirectsToLogin() throws Exception {
 		this.spring.configLocations(this.xml("Minimal")).autowire();
-		this.mvc.perform(get("/")).andExpect(status().isFound()).andExpect(redirectedUrl("http://localhost/login"));
+		// @formatter:off
+		this.mvc.perform(get("/"))
+				.andExpect(status().isFound())
+				.andExpect(redirectedUrl("http://localhost/login"));
+		// @formatter:on
 	}
 
 	@Test
diff --git a/config/src/test/java/org/springframework/security/config/http/HttpCorsConfigTests.java b/config/src/test/java/org/springframework/security/config/http/HttpCorsConfigTests.java
index 6dcbab2f18..c1ad5415d1 100644
--- a/config/src/test/java/org/springframework/security/config/http/HttpCorsConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/HttpCorsConfigTests.java
@@ -68,28 +68,40 @@ public class HttpCorsConfigTests {
 	@Test
 	public void getWhenUsingCorsThenDoesSpringSecurityCorsHandshake() throws Exception {
 		this.spring.configLocations(this.xml("WithCors")).autowire();
-		this.mvc.perform(get("/").with(this.approved())).andExpect(corsResponseHeaders())
+		// @formatter:off
+		this.mvc.perform(get("/").with(this.approved()))
+				.andExpect(corsResponseHeaders())
 				.andExpect((status().isIAmATeapot()));
-		this.mvc.perform(options("/").with(this.preflight())).andExpect(corsResponseHeaders())
+		this.mvc.perform(options("/").with(this.preflight()))
+				.andExpect(corsResponseHeaders())
 				.andExpect(status().isOk());
+		// @formatter:on
 	}
 
 	@Test
 	public void getWhenUsingCustomCorsConfigurationSourceThenDoesSpringSecurityCorsHandshake() throws Exception {
 		this.spring.configLocations(this.xml("WithCorsConfigurationSource")).autowire();
-		this.mvc.perform(get("/").with(this.approved())).andExpect(corsResponseHeaders())
+		// @formatter:off
+		this.mvc.perform(get("/").with(this.approved()))
+				.andExpect(corsResponseHeaders())
 				.andExpect((status().isIAmATeapot()));
-		this.mvc.perform(options("/").with(this.preflight())).andExpect(corsResponseHeaders())
+		this.mvc.perform(options("/").with(this.preflight()))
+				.andExpect(corsResponseHeaders())
 				.andExpect(status().isOk());
+		// @formatter:on
 	}
 
 	@Test
 	public void getWhenUsingCustomCorsFilterThenDoesSPringSecurityCorsHandshake() throws Exception {
 		this.spring.configLocations(this.xml("WithCorsFilter")).autowire();
-		this.mvc.perform(get("/").with(this.approved())).andExpect(corsResponseHeaders())
+		// @formatter:off
+		this.mvc.perform(get("/").with(this.approved()))
+				.andExpect(corsResponseHeaders())
 				.andExpect((status().isIAmATeapot()));
-		this.mvc.perform(options("/").with(this.preflight())).andExpect(corsResponseHeaders())
+		this.mvc.perform(options("/").with(this.preflight()))
+				.andExpect(corsResponseHeaders())
 				.andExpect(status().isOk());
+		// @formatter:on
 	}
 
 	private String xml(String configName) {
diff --git a/config/src/test/java/org/springframework/security/config/http/HttpHeadersConfigTests.java b/config/src/test/java/org/springframework/security/config/http/HttpHeadersConfigTests.java
index a8ea026488..13b4a62e53 100644
--- a/config/src/test/java/org/springframework/security/config/http/HttpHeadersConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/HttpHeadersConfigTests.java
@@ -51,11 +51,16 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
 public class HttpHeadersConfigTests {
 
 	private static final String CONFIG_LOCATION_PREFIX = "classpath:org/springframework/security/config/http/HttpHeadersConfigTests";
+	// @formatter:off
 	static final Map<String, String> defaultHeaders = ImmutableMap.<String, String>builder()
 			.put("X-Content-Type-Options", "nosniff").put("X-Frame-Options", "DENY")
 			.put("Strict-Transport-Security", "max-age=31536000 ; includeSubDomains")
-			.put("Cache-Control", "no-cache, no-store, max-age=0, must-revalidate").put("Expires", "0")
-			.put("Pragma", "no-cache").put("X-XSS-Protection", "1; mode=block").build();
+			.put("Cache-Control", "no-cache, no-store, max-age=0, must-revalidate")
+			.put("Expires", "0")
+			.put("Pragma", "no-cache")
+			.put("X-XSS-Protection", "1; mode=block")
+			.build();
+	// @formatter:on
 
 	@Rule
 	public final SpringTestRule spring = new SpringTestRule();
@@ -66,28 +71,44 @@ public class HttpHeadersConfigTests {
 	@Test
 	public void requestWhenHeadersDisabledThenResponseExcludesAllSecureHeaders() throws Exception {
 		this.spring.configLocations(this.xml("HeadersDisabled")).autowire();
-		this.mvc.perform(get("/")).andExpect(status().isOk()).andExpect(excludesDefaults());
+		// @formatter:off
+		this.mvc.perform(get("/"))
+				.andExpect(status().isOk())
+				.andExpect(excludesDefaults());
+		// @formatter:on
 	}
 
 	@Test
 	public void requestWhenHeadersDisabledViaPlaceholderThenResponseExcludesAllSecureHeaders() throws Exception {
 		System.setProperty("security.headers.disabled", "true");
 		this.spring.configLocations(this.xml("DisabledWithPlaceholder")).autowire();
-		this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(excludesDefaults());
+		// @formatter:off
+		this.mvc.perform(get("/").secure(true))
+				.andExpect(status().isOk())
+				.andExpect(excludesDefaults());
+		// @formatter:on
 	}
 
 	@Test
 	public void requestWhenHeadersEnabledViaPlaceholderThenResponseIncludesAllSecureHeaders() throws Exception {
 		System.setProperty("security.headers.disabled", "false");
 		this.spring.configLocations(this.xml("DisabledWithPlaceholder")).autowire();
-		this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(includesDefaults());
+		// @formatter:off
+		this.mvc.perform(get("/").secure(true))
+				.andExpect(status().isOk())
+				.andExpect(includesDefaults());
+		// @formatter:on
 	}
 
 	@Test
 	public void requestWhenHeadersDisabledRefMissingPlaceholderThenResponseIncludesAllSecureHeaders() throws Exception {
 		System.clearProperty("security.headers.disabled");
 		this.spring.configLocations(this.xml("DisabledWithPlaceholder")).autowire();
-		this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(includesDefaults());
+		// @formatter:off
+		this.mvc.perform(get("/").secure(true))
+				.andExpect(status().isOk())
+				.andExpect(includesDefaults());
+		// @formatter:on
 	}
 
 	@Test
@@ -100,13 +121,21 @@ public class HttpHeadersConfigTests {
 	@Test
 	public void requestWhenHeadersEnabledThenResponseContainsAllSecureHeaders() throws Exception {
 		this.spring.configLocations(this.xml("DefaultConfig")).autowire();
-		this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(includesDefaults());
+		// @formatter:off
+		this.mvc.perform(get("/").secure(true))
+				.andExpect(status().isOk())
+				.andExpect(includesDefaults());
+		// @formatter:on
 	}
 
 	@Test
 	public void requestWhenHeadersElementUsedThenResponseContainsAllSecureHeaders() throws Exception {
 		this.spring.configLocations(this.xml("HeadersEnabled")).autowire();
-		this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(includesDefaults());
+		// @formatter:off
+		this.mvc.perform(get("/").secure(true))
+				.andExpect(status().isOk())
+				.andExpect(includesDefaults());
+		// @formatter:on
 	}
 
 	@Test
@@ -114,7 +143,11 @@ public class HttpHeadersConfigTests {
 		Map<String, String> headers = new HashMap(defaultHeaders);
 		headers.put("X-Frame-Options", "SAMEORIGIN");
 		this.spring.configLocations(this.xml("WithFrameOptions")).autowire();
-		this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(includes(headers));
+		// @formatter:off
+		this.mvc.perform(get("/").secure(true))
+				.andExpect(status().isOk())
+				.andExpect(includes(headers));
+		// @formatter:on
 	}
 
 	/**
@@ -123,28 +156,44 @@ public class HttpHeadersConfigTests {
 	@Test
 	public void requestWhenDefaultsDisabledWithNoOverrideThenExcludesAllSecureHeaders() throws Exception {
 		this.spring.configLocations(this.xml("DefaultsDisabledWithNoOverride")).autowire();
-		this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(excludesDefaults());
+		// @formatter:off
+		this.mvc.perform(get("/").secure(true))
+				.andExpect(status().isOk())
+				.andExpect(excludesDefaults());
+		// @formatter:on
 	}
 
 	@Test
 	public void requestWhenDefaultsDisabledWithPlaceholderTrueThenExcludesAllSecureHeaders() throws Exception {
 		System.setProperty("security.headers.defaults.disabled", "true");
 		this.spring.configLocations(this.xml("DefaultsDisabledWithPlaceholder")).autowire();
-		this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(excludesDefaults());
+		// @formatter:off
+		this.mvc.perform(get("/").secure(true))
+				.andExpect(status().isOk())
+				.andExpect(excludesDefaults());
+		// @formatter:on
 	}
 
 	@Test
 	public void requestWhenDefaultsDisabledWithPlaceholderFalseThenIncludeAllSecureHeaders() throws Exception {
 		System.setProperty("security.headers.defaults.disabled", "false");
 		this.spring.configLocations(this.xml("DefaultsDisabledWithPlaceholder")).autowire();
-		this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(includesDefaults());
+		// @formatter:off
+		this.mvc.perform(get("/").secure(true))
+				.andExpect(status().isOk())
+				.andExpect(includesDefaults());
+		// @formatter:on
 	}
 
 	@Test
 	public void requestWhenDefaultsDisabledWithPlaceholderMissingThenIncludeAllSecureHeaders() throws Exception {
 		System.clearProperty("security.headers.defaults.disabled");
 		this.spring.configLocations(this.xml("DefaultsDisabledWithPlaceholder")).autowire();
-		this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(includesDefaults());
+		// @formatter:off
+		this.mvc.perform(get("/").secure(true))
+				.andExpect(status().isOk())
+				.andExpect(includesDefaults());
+		// @formatter:on
 	}
 
 	@Test
@@ -152,8 +201,12 @@ public class HttpHeadersConfigTests {
 		Set<String> excludedHeaders = new HashSet<>(defaultHeaders.keySet());
 		excludedHeaders.remove("X-Content-Type-Options");
 		this.spring.configLocations(this.xml("DefaultsDisabledWithContentTypeOptions")).autowire();
-		this.mvc.perform(get("/")).andExpect(status().isOk())
-				.andExpect(header().string("X-Content-Type-Options", "nosniff")).andExpect(excludes(excludedHeaders));
+		// @formatter:off
+		this.mvc.perform(get("/"))
+				.andExpect(status().isOk())
+				.andExpect(header().string("X-Content-Type-Options", "nosniff"))
+				.andExpect(excludes(excludedHeaders));
+		// @formatter:on
 	}
 
 	@Test
@@ -161,8 +214,12 @@ public class HttpHeadersConfigTests {
 		Set<String> excludedHeaders = new HashSet<>(defaultHeaders.keySet());
 		excludedHeaders.remove("X-Frame-Options");
 		this.spring.configLocations(this.xml("DefaultsDisabledWithFrameOptions")).autowire();
-		this.mvc.perform(get("/")).andExpect(status().isOk()).andExpect(header().string("X-Frame-Options", "DENY"))
+		// @formatter:off
+		this.mvc.perform(get("/"))
+				.andExpect(status().isOk())
+				.andExpect(header().string("X-Frame-Options", "DENY"))
 				.andExpect(excludes(excludedHeaders));
+		// @formatter:on
 	}
 
 	@Test
@@ -170,8 +227,12 @@ public class HttpHeadersConfigTests {
 		Set<String> excludedHeaders = new HashSet<>(defaultHeaders.keySet());
 		excludedHeaders.remove("X-Frame-Options");
 		this.spring.configLocations(this.xml("DefaultsDisabledWithFrameOptionsDeny")).autowire();
-		this.mvc.perform(get("/")).andExpect(status().isOk()).andExpect(header().string("X-Frame-Options", "DENY"))
+		// @formatter:off
+		this.mvc.perform(get("/"))
+				.andExpect(status().isOk())
+				.andExpect(header().string("X-Frame-Options", "DENY"))
 				.andExpect(excludes(excludedHeaders));
+		// @formatter:on
 	}
 
 	@Test
@@ -179,8 +240,12 @@ public class HttpHeadersConfigTests {
 		Set<String> excludedHeaders = new HashSet<>(defaultHeaders.keySet());
 		excludedHeaders.remove("X-Frame-Options");
 		this.spring.configLocations(this.xml("DefaultsDisabledWithFrameOptionsSameOrigin")).autowire();
-		this.mvc.perform(get("/")).andExpect(status().isOk())
-				.andExpect(header().string("X-Frame-Options", "SAMEORIGIN")).andExpect(excludes(excludedHeaders));
+		// @formatter:off
+		this.mvc.perform(get("/"))
+				.andExpect(status().isOk())
+				.andExpect(header().string("X-Frame-Options", "SAMEORIGIN"))
+				.andExpect(excludes(excludedHeaders));
+		// @formatter:on
 	}
 
 	@Test
@@ -206,9 +271,12 @@ public class HttpHeadersConfigTests {
 		Set<String> excludedHeaders = new HashSet<>(defaultHeaders.keySet());
 		excludedHeaders.remove("X-Frame-Options");
 		this.spring.configLocations(this.xml("DefaultsDisabledWithFrameOptionsAllowFrom")).autowire();
-		this.mvc.perform(get("/")).andExpect(status().isOk())
+		// @formatter:off
+		this.mvc.perform(get("/"))
+				.andExpect(status().isOk())
 				.andExpect(header().string("X-Frame-Options", "ALLOW-FROM https://example.org"))
 				.andExpect(excludes(excludedHeaders));
+		// @formatter:on
 	}
 
 	@Test
@@ -216,25 +284,39 @@ public class HttpHeadersConfigTests {
 		Set<String> excludedHeaders = new HashSet<>(defaultHeaders.keySet());
 		excludedHeaders.remove("X-Frame-Options");
 		this.spring.configLocations(this.xml("DefaultsDisabledWithFrameOptionsAllowFromWhitelist")).autowire();
-		this.mvc.perform(get("/").param("from", "https://example.org")).andExpect(status().isOk())
+		// @formatter:off
+		this.mvc.perform(get("/").param("from", "https://example.org"))
+				.andExpect(status().isOk())
 				.andExpect(header().string("X-Frame-Options", "ALLOW-FROM https://example.org"))
 				.andExpect(excludes(excludedHeaders));
-		this.mvc.perform(get("/")).andExpect(status().isOk()).andExpect(header().string("X-Frame-Options", "DENY"))
+		this.mvc.perform(get("/"))
+				.andExpect(status().isOk())
+				.andExpect(header().string("X-Frame-Options", "DENY"))
 				.andExpect(excludes(excludedHeaders));
+		// @formatter:on
 	}
 
 	@Test
 	public void requestWhenUsingCustomHeaderThenRespondsWithThatHeader() throws Exception {
 		this.spring.configLocations(this.xml("DefaultsDisabledWithCustomHeader")).autowire();
-		this.mvc.perform(get("/")).andExpect(status().isOk()).andExpect(header().string("a", "b"))
-				.andExpect(header().string("c", "d")).andExpect(excludesDefaults());
+		// @formatter:off
+		this.mvc.perform(get("/"))
+				.andExpect(status().isOk())
+				.andExpect(header().string("a", "b"))
+				.andExpect(header().string("c", "d"))
+				.andExpect(excludesDefaults());
+		// @formatter:on
 	}
 
 	@Test
 	public void requestWhenUsingCustomHeaderWriterThenRespondsWithThatHeader() throws Exception {
 		this.spring.configLocations(this.xml("DefaultsDisabledWithCustomHeaderWriter")).autowire();
-		this.mvc.perform(get("/")).andExpect(status().isOk()).andExpect(header().string("abc", "def"))
+		// @formatter:off
+		this.mvc.perform(get("/"))
+				.andExpect(status().isOk())
+				.andExpect(header().string("abc", "def"))
 				.andExpect(excludesDefaults());
+		// @formatter:on
 	}
 
 	@Test
@@ -254,8 +336,12 @@ public class HttpHeadersConfigTests {
 		Set<String> excludedHeaders = new HashSet<>(defaultHeaders.keySet());
 		excludedHeaders.remove("X-XSS-Protection");
 		this.spring.configLocations(this.xml("DefaultsDisabledWithXssProtection")).autowire();
-		this.mvc.perform(get("/")).andExpect(status().isOk())
-				.andExpect(header().string("X-XSS-Protection", "1; mode=block")).andExpect(excludes(excludedHeaders));
+		// @formatter:off
+		this.mvc.perform(get("/"))
+				.andExpect(status().isOk())
+				.andExpect(header().string("X-XSS-Protection", "1; mode=block"))
+				.andExpect(excludes(excludedHeaders));
+		// @formatter:on
 	}
 
 	@Test
@@ -263,8 +349,12 @@ public class HttpHeadersConfigTests {
 		Set<String> excludedHeaders = new HashSet<>(defaultHeaders.keySet());
 		excludedHeaders.remove("X-XSS-Protection");
 		this.spring.configLocations(this.xml("DefaultsDisabledWithXssProtectionEnabled")).autowire();
-		this.mvc.perform(get("/")).andExpect(status().isOk())
-				.andExpect(header().string("X-XSS-Protection", "1; mode=block")).andExpect(excludes(excludedHeaders));
+		// @formatter:off
+		this.mvc.perform(get("/"))
+				.andExpect(status().isOk())
+				.andExpect(header().string("X-XSS-Protection", "1; mode=block"))
+				.andExpect(excludes(excludedHeaders));
+		// @formatter:on
 	}
 
 	@Test
@@ -272,8 +362,12 @@ public class HttpHeadersConfigTests {
 		Set<String> excludedHeaders = new HashSet<>(defaultHeaders.keySet());
 		excludedHeaders.remove("X-XSS-Protection");
 		this.spring.configLocations(this.xml("DefaultsDisabledWithXssProtectionDisabled")).autowire();
-		this.mvc.perform(get("/")).andExpect(status().isOk()).andExpect(header().string("X-XSS-Protection", "0"))
+		// @formatter:off
+		this.mvc.perform(get("/"))
+				.andExpect(status().isOk())
+				.andExpect(header().string("X-XSS-Protection", "0"))
 				.andExpect(excludes(excludedHeaders));
+		// @formatter:on
 	}
 
 	@Test
@@ -290,7 +384,11 @@ public class HttpHeadersConfigTests {
 				.put("Cache-Control", "no-cache, no-store, max-age=0, must-revalidate").put("Expires", "0")
 				.put("Pragma", "no-cache").build();
 		this.spring.configLocations(this.xml("DefaultsDisabledWithCacheControl")).autowire();
-		this.mvc.perform(get("/")).andExpect(status().isOk()).andExpect(includes(includedHeaders));
+		// @formatter:off
+		this.mvc.perform(get("/"))
+				.andExpect(status().isOk())
+				.andExpect(includes(includedHeaders));
+		// @formatter:on
 	}
 
 	@Test
@@ -298,15 +396,22 @@ public class HttpHeadersConfigTests {
 		Set<String> excludedHeaders = new HashSet<>(defaultHeaders.keySet());
 		excludedHeaders.remove("Strict-Transport-Security");
 		this.spring.configLocations(this.xml("DefaultsDisabledWithHsts")).autowire();
-		this.mvc.perform(get("/").secure(true)).andExpect(status().isOk())
+		// @formatter:off
+		this.mvc.perform(get("/").secure(true))
+				.andExpect(status().isOk())
 				.andExpect(header().string("Strict-Transport-Security", "max-age=31536000 ; includeSubDomains"))
 				.andExpect(excludes(excludedHeaders));
+		// @formatter:on
 	}
 
 	@Test
 	public void insecureRequestWhenUsingHstsThenExcludesHstsHeader() throws Exception {
 		this.spring.configLocations(this.xml("DefaultsDisabledWithHsts")).autowire();
-		this.mvc.perform(get("/")).andExpect(status().isOk()).andExpect(excludesDefaults());
+		// @formatter:off
+		this.mvc.perform(get("/"))
+				.andExpect(status().isOk())
+				.andExpect(excludesDefaults());
+		// @formatter:on
 	}
 
 	@Test
@@ -314,9 +419,12 @@ public class HttpHeadersConfigTests {
 		Set<String> excludedHeaders = new HashSet<>(defaultHeaders.keySet());
 		excludedHeaders.remove("Strict-Transport-Security");
 		this.spring.configLocations(this.xml("DefaultsDisabledWithCustomHstsRequestMatcher")).autowire();
-		this.mvc.perform(get("/")).andExpect(status().isOk())
+		// @formatter:off
+		this.mvc.perform(get("/"))
+				.andExpect(status().isOk())
 				.andExpect(header().string("Strict-Transport-Security", "max-age=1"))
 				.andExpect(excludes(excludedHeaders));
+		// @formatter:on
 	}
 
 	@Test
@@ -336,62 +444,84 @@ public class HttpHeadersConfigTests {
 	@Test
 	public void requestWhenUsingHpkpThenIncludesHpkpHeader() throws Exception {
 		this.spring.configLocations(this.xml("DefaultsDisabledWithHpkp")).autowire();
-		this.mvc.perform(get("/").secure(true)).andExpect(status().isOk())
+		// @formatter:off
+		this.mvc.perform(get("/").secure(true))
+				.andExpect(status().isOk())
 				.andExpect(header().string("Public-Key-Pins-Report-Only",
 						"max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\""))
 				.andExpect(excludesDefaults());
+		// @formatter:on
 	}
 
 	@Test
 	public void requestWhenUsingHpkpDefaultsThenIncludesHpkpHeaderUsingSha256() throws Exception {
 		this.spring.configLocations(this.xml("DefaultsDisabledWithHpkpDefaults")).autowire();
-		this.mvc.perform(get("/").secure(true)).andExpect(status().isOk())
+		// @formatter:off
+		this.mvc.perform(get("/").secure(true))
+				.andExpect(status().isOk())
 				.andExpect(header().string("Public-Key-Pins-Report-Only",
 						"max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\""))
 				.andExpect(excludesDefaults());
+		// @formatter:on
 	}
 
 	@Test
 	public void insecureRequestWhenUsingHpkpThenExcludesHpkpHeader() throws Exception {
 		this.spring.configLocations(this.xml("DefaultsDisabledWithHpkpDefaults")).autowire();
-		this.mvc.perform(get("/")).andExpect(status().isOk())
-				.andExpect(header().doesNotExist("Public-Key-Pins-Report-Only")).andExpect(excludesDefaults());
+		// @formatter:off
+		this.mvc.perform(get("/"))
+				.andExpect(status().isOk())
+				.andExpect(header().doesNotExist("Public-Key-Pins-Report-Only"))
+				.andExpect(excludesDefaults());
+		// @formatter:on
 	}
 
 	@Test
 	public void requestWhenUsingHpkpCustomMaxAgeThenIncludesHpkpHeaderAccordingly() throws Exception {
 		this.spring.configLocations(this.xml("DefaultsDisabledWithHpkpMaxAge")).autowire();
-		this.mvc.perform(get("/").secure(true)).andExpect(status().isOk())
+		// @formatter:off
+		this.mvc.perform(get("/").secure(true))
+				.andExpect(status().isOk())
 				.andExpect(header().string("Public-Key-Pins-Report-Only",
 						"max-age=604800 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\""))
 				.andExpect(excludesDefaults());
+		// @formatter:on
 	}
 
 	@Test
 	public void requestWhenUsingHpkpReportThenIncludesHpkpHeaderAccordingly() throws Exception {
 		this.spring.configLocations(this.xml("DefaultsDisabledWithHpkpReport")).autowire();
-		this.mvc.perform(get("/").secure(true)).andExpect(status().isOk())
+		// @formatter:off
+		this.mvc.perform(get("/").secure(true))
+				.andExpect(status().isOk())
 				.andExpect(header().string("Public-Key-Pins",
 						"max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\""))
 				.andExpect(excludesDefaults());
+		// @formatter:on
 	}
 
 	@Test
 	public void requestWhenUsingHpkpIncludeSubdomainsThenIncludesHpkpHeaderAccordingly() throws Exception {
 		this.spring.configLocations(this.xml("DefaultsDisabledWithHpkpIncludeSubdomains")).autowire();
-		this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(header().string(
-				"Public-Key-Pins-Report-Only",
-				"max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\" ; includeSubDomains"))
+		// @formatter:off
+		this.mvc.perform(get("/").secure(true))
+				.andExpect(status().isOk())
+				.andExpect(header().string("Public-Key-Pins-Report-Only",
+					"max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\" ; includeSubDomains"))
 				.andExpect(excludesDefaults());
+		// @formatter:on
 	}
 
 	@Test
 	public void requestWhenUsingHpkpReportUriThenIncludesHpkpHeaderAccordingly() throws Exception {
 		this.spring.configLocations(this.xml("DefaultsDisabledWithHpkpReportUri")).autowire();
-		this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(header().string(
-				"Public-Key-Pins-Report-Only",
-				"max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\" ; report-uri=\"https://example.net/pkp-report\""))
+		// @formatter:off
+		this.mvc.perform(get("/").secure(true))
+				.andExpect(status().isOk())
+				.andExpect(header().string("Public-Key-Pins-Report-Only",
+					"max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\" ; report-uri=\"https://example.net/pkp-report\""))
 				.andExpect(excludesDefaults());
+		// @formatter:on
 	}
 
 	@Test
@@ -399,8 +529,12 @@ public class HttpHeadersConfigTests {
 		Collection<String> cacheControl = Arrays.asList("Cache-Control", "Expires", "Pragma");
 		Map<String, String> allButCacheControl = remove(defaultHeaders, cacheControl);
 		this.spring.configLocations(this.xml("CacheControlDisabled")).autowire();
-		this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(includes(allButCacheControl))
+		// @formatter:off
+		this.mvc.perform(get("/").secure(true))
+				.andExpect(status().isOk())
+				.andExpect(includes(allButCacheControl))
 				.andExpect(excludes(cacheControl));
+		// @formatter:on
 	}
 
 	@Test
@@ -408,8 +542,12 @@ public class HttpHeadersConfigTests {
 		Collection<String> contentTypeOptions = Arrays.asList("X-Content-Type-Options");
 		Map<String, String> allButContentTypeOptions = remove(defaultHeaders, contentTypeOptions);
 		this.spring.configLocations(this.xml("ContentTypeOptionsDisabled")).autowire();
-		this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(includes(allButContentTypeOptions))
+		// @formatter:off
+		this.mvc.perform(get("/").secure(true))
+				.andExpect(status().isOk())
+				.andExpect(includes(allButContentTypeOptions))
 				.andExpect(excludes(contentTypeOptions));
+		// @formatter:on
 	}
 
 	@Test
@@ -417,14 +555,22 @@ public class HttpHeadersConfigTests {
 		Collection<String> hsts = Arrays.asList("Strict-Transport-Security");
 		Map<String, String> allButHsts = remove(defaultHeaders, hsts);
 		this.spring.configLocations(this.xml("HstsDisabled")).autowire();
-		this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(includes(allButHsts))
+		// @formatter:off
+		this.mvc.perform(get("/").secure(true))
+				.andExpect(status().isOk())
+				.andExpect(includes(allButHsts))
 				.andExpect(excludes(hsts));
+		// @formatter:on
 	}
 
 	@Test
 	public void requestWhenHpkpDisabledThenExcludesHeader() throws Exception {
 		this.spring.configLocations(this.xml("HpkpDisabled")).autowire();
-		this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(includesDefaults());
+		// @formatter:off
+		this.mvc.perform(get("/").secure(true))
+				.andExpect(status().isOk())
+				.andExpect(includesDefaults());
+		// @formatter:on
 	}
 
 	@Test
@@ -432,8 +578,12 @@ public class HttpHeadersConfigTests {
 		Collection<String> frameOptions = Arrays.asList("X-Frame-Options");
 		Map<String, String> allButFrameOptions = remove(defaultHeaders, frameOptions);
 		this.spring.configLocations(this.xml("FrameOptionsDisabled")).autowire();
-		this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(includes(allButFrameOptions))
+		// @formatter:off
+		this.mvc.perform(get("/").secure(true))
+				.andExpect(status().isOk())
+				.andExpect(includes(allButFrameOptions))
 				.andExpect(excludes(frameOptions));
+		// @formatter:on
 	}
 
 	@Test
@@ -441,8 +591,12 @@ public class HttpHeadersConfigTests {
 		Collection<String> xssProtection = Arrays.asList("X-XSS-Protection");
 		Map<String, String> allButXssProtection = remove(defaultHeaders, xssProtection);
 		this.spring.configLocations(this.xml("XssProtectionDisabled")).autowire();
-		this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(includes(allButXssProtection))
+		// @formatter:off
+		this.mvc.perform(get("/").secure(true))
+				.andExpect(status().isOk())
+				.andExpect(includes(allButXssProtection))
 				.andExpect(excludes(xssProtection));
+		// @formatter:on
 	}
 
 	@Test
@@ -495,21 +649,33 @@ public class HttpHeadersConfigTests {
 		Map<String, String> includedHeaders = new HashMap<>(defaultHeaders);
 		includedHeaders.put("Content-Security-Policy", "default-src 'self'");
 		this.spring.configLocations(this.xml("ContentSecurityPolicyWithPolicyDirectives")).autowire();
-		this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(includes(includedHeaders));
+		// @formatter:off
+		this.mvc.perform(get("/").secure(true))
+				.andExpect(status().isOk())
+				.andExpect(includes(includedHeaders));
+		// @formatter:on
 	}
 
 	@Test
 	public void requestWhenHeadersDisabledAndContentSecurityPolicyConfiguredThenExcludesHeader() throws Exception {
 		this.spring.configLocations(this.xml("HeadersDisabledWithContentSecurityPolicy")).autowire();
-		this.mvc.perform(get("/")).andExpect(status().isOk()).andExpect(excludesDefaults())
+		// @formatter:off
+		this.mvc.perform(get("/"))
+				.andExpect(status().isOk())
+				.andExpect(excludesDefaults())
 				.andExpect(excludes("Content-Security-Policy"));
+		// @formatter:on
 	}
 
 	@Test
 	public void requestWhenDefaultsDisabledAndContentSecurityPolicyConfiguredThenIncludesHeader() throws Exception {
 		this.spring.configLocations(this.xml("DefaultsDisabledWithContentSecurityPolicy")).autowire();
-		this.mvc.perform(get("/")).andExpect(status().isOk()).andExpect(excludesDefaults())
+		// @formatter:off
+		this.mvc.perform(get("/"))
+				.andExpect(status().isOk())
+				.andExpect(excludesDefaults())
 				.andExpect(header().string("Content-Security-Policy", "default-src 'self'"));
+		// @formatter:on
 	}
 
 	@Test
@@ -525,21 +691,33 @@ public class HttpHeadersConfigTests {
 		includedHeaders.put("Content-Security-Policy-Report-Only",
 				"default-src https:; report-uri https://example.org/");
 		this.spring.configLocations(this.xml("ContentSecurityPolicyWithReportOnly")).autowire();
-		this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(includes(includedHeaders));
+		// @formatter:off
+		this.mvc.perform(get("/").secure(true))
+				.andExpect(status().isOk())
+				.andExpect(includes(includedHeaders));
+		// @formatter:on
 	}
 
 	@Test
 	public void requestWhenReferrerPolicyConfiguredThenResponseDefaultsToNoReferrer() throws Exception {
 		this.spring.configLocations(this.xml("DefaultsDisabledWithReferrerPolicy")).autowire();
-		this.mvc.perform(get("/")).andExpect(status().isOk()).andExpect(excludesDefaults())
+		// @formatter:off
+		this.mvc.perform(get("/"))
+				.andExpect(status().isOk())
+				.andExpect(excludesDefaults())
 				.andExpect(header().string("Referrer-Policy", "no-referrer"));
+		// @formatter:on
 	}
 
 	@Test
 	public void requestWhenReferrerPolicyConfiguredWithSameOriginThenRespondsWithSameOrigin() throws Exception {
 		this.spring.configLocations(this.xml("DefaultsDisabledWithReferrerPolicySameOrigin")).autowire();
-		this.mvc.perform(get("/")).andExpect(status().isOk()).andExpect(excludesDefaults())
+		// @formatter:off
+		this.mvc.perform(get("/"))
+				.andExpect(status().isOk())
+				.andExpect(excludesDefaults())
 				.andExpect(header().string("Referrer-Policy", "same-origin"));
+		// @formatter:on
 	}
 
 	private static ResultMatcher includesDefaults() {
diff --git a/config/src/test/java/org/springframework/security/config/http/HttpInterceptUrlTests.java b/config/src/test/java/org/springframework/security/config/http/HttpInterceptUrlTests.java
index 671a392dae..2f226a45b5 100644
--- a/config/src/test/java/org/springframework/security/config/http/HttpInterceptUrlTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/HttpInterceptUrlTests.java
@@ -48,9 +48,14 @@ public class HttpInterceptUrlTests {
 	@Test
 	public void interceptUrlWhenRequestMatcherRefThenWorks() throws Exception {
 		loadConfig("interceptUrlWhenRequestMatcherRefThenWorks.xml");
-		this.mockMvc.perform(get("/foo")).andExpect(status().isUnauthorized());
-		this.mockMvc.perform(get("/FOO")).andExpect(status().isUnauthorized());
-		this.mockMvc.perform(get("/other")).andExpect(status().isOk());
+		// @formatter:off
+		this.mockMvc.perform(get("/foo"))
+				.andExpect(status().isUnauthorized());
+		this.mockMvc.perform(get("/FOO"))
+				.andExpect(status().isUnauthorized());
+		this.mockMvc.perform(get("/other"))
+				.andExpect(status().isOk());
+		// @formatter:on
 	}
 
 	private void loadConfig(String... configLocations) {
diff --git a/config/src/test/java/org/springframework/security/config/http/InterceptUrlConfigTests.java b/config/src/test/java/org/springframework/security/config/http/InterceptUrlConfigTests.java
index 4985cd0cc6..eaace9d36b 100644
--- a/config/src/test/java/org/springframework/security/config/http/InterceptUrlConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/InterceptUrlConfigTests.java
@@ -30,6 +30,7 @@ import org.springframework.beans.factory.parsing.BeanDefinitionParsingException;
 import org.springframework.mock.web.MockServletContext;
 import org.springframework.security.config.test.SpringTestRule;
 import org.springframework.test.web.servlet.MockMvc;
+import org.springframework.test.web.servlet.request.RequestPostProcessor;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
@@ -65,8 +66,12 @@ public class InterceptUrlConfigTests {
 	@Test
 	public void requestWhenMethodIsSpecifiedThenItIsNotGivenPriority() throws Exception {
 		this.spring.configLocations(this.xml("Sec2256")).autowire();
-		this.mvc.perform(post("/path").with(httpBasic("user", "password"))).andExpect(status().isOk());
-		this.mvc.perform(get("/path").with(httpBasic("user", "password"))).andExpect(status().isOk());
+		// @formatter:off
+		this.mvc.perform(post("/path").with(userCredentials()))
+				.andExpect(status().isOk());
+		this.mvc.perform(get("/path").with(userCredentials()))
+				.andExpect(status().isOk());
+		// @formatter:on
 	}
 
 	/**
@@ -75,16 +80,25 @@ public class InterceptUrlConfigTests {
 	@Test
 	public void requestWhenUsingPatchThenAuthorizesRequestsAccordingly() throws Exception {
 		this.spring.configLocations(this.xml("PatchMethod")).autowire();
-		this.mvc.perform(get("/path").with(httpBasic("user", "password"))).andExpect(status().isOk());
-		this.mvc.perform(patch("/path").with(httpBasic("user", "password"))).andExpect(status().isForbidden());
-		this.mvc.perform(patch("/path").with(httpBasic("admin", "password"))).andExpect(status().isOk());
+		// @formatter:off
+		this.mvc.perform(get("/path").with(userCredentials()))
+				.andExpect(status().isOk());
+		this.mvc.perform(patch("/path").with(userCredentials()))
+				.andExpect(status().isForbidden());
+		this.mvc.perform(patch("/path").with(adminCredentials()))
+				.andExpect(status().isOk());
+		// @formatter:on
 	}
 
 	@Test
 	public void requestWhenUsingHasAnyRoleThenAuthorizesRequestsAccordingly() throws Exception {
 		this.spring.configLocations(this.xml("HasAnyRole")).autowire();
-		this.mvc.perform(get("/path").with(httpBasic("user", "password"))).andExpect(status().isOk());
-		this.mvc.perform(get("/path").with(httpBasic("admin", "password"))).andExpect(status().isForbidden());
+		// @formatter:off
+		this.mvc.perform(get("/path").with(userCredentials()))
+				.andExpect(status().isOk());
+		this.mvc.perform(get("/path").with(adminCredentials()))
+				.andExpect(status().isForbidden());
+		// @formatter:on
 	}
 
 	/**
@@ -93,10 +107,14 @@ public class InterceptUrlConfigTests {
 	@Test
 	public void requestWhenUsingPathVariablesThenAuthorizesRequestsAccordingly() throws Exception {
 		this.spring.configLocations(this.xml("PathVariables")).autowire();
-		this.mvc.perform(get("/path/user/path").with(httpBasic("user", "password"))).andExpect(status().isOk());
-		this.mvc.perform(get("/path/otheruser/path").with(httpBasic("user", "password")))
+		// @formatter:off
+		this.mvc.perform(get("/path/user/path").with(userCredentials()))
+				.andExpect(status().isOk());
+		this.mvc.perform(get("/path/otheruser/path").with(userCredentials()))
 				.andExpect(status().isForbidden());
-		this.mvc.perform(get("/path").with(httpBasic("user", "password"))).andExpect(status().isForbidden());
+		this.mvc.perform(get("/path").with(userCredentials()))
+				.andExpect(status().isForbidden());
+		// @formatter:on
 	}
 
 	/**
@@ -105,10 +123,14 @@ public class InterceptUrlConfigTests {
 	@Test
 	public void requestWhenUsingCamelCasePathVariablesThenAuthorizesRequestsAccordingly() throws Exception {
 		this.spring.configLocations(this.xml("CamelCasePathVariables")).autowire();
-		this.mvc.perform(get("/path/user/path").with(httpBasic("user", "password"))).andExpect(status().isOk());
-		this.mvc.perform(get("/path/otheruser/path").with(httpBasic("user", "password")))
+		// @formatter:off
+		this.mvc.perform(get("/path/user/path").with(userCredentials()))
+				.andExpect(status().isOk());
+		this.mvc.perform(get("/path/otheruser/path").with(userCredentials()))
 				.andExpect(status().isForbidden());
-		this.mvc.perform(get("/PATH/user/path").with(httpBasic("user", "password"))).andExpect(status().isForbidden());
+		this.mvc.perform(get("/PATH/user/path").with(userCredentials()))
+				.andExpect(status().isForbidden());
+		// @formatter:on
 	}
 
 	/**
@@ -117,25 +139,36 @@ public class InterceptUrlConfigTests {
 	@Test
 	public void requestWhenUsingPathVariablesAndTypeConversionThenAuthorizesRequestsAccordingly() throws Exception {
 		this.spring.configLocations(this.xml("TypeConversionPathVariables")).autowire();
-		this.mvc.perform(get("/path/1/path").with(httpBasic("user", "password"))).andExpect(status().isOk());
-		this.mvc.perform(get("/path/2/path").with(httpBasic("user", "password"))).andExpect(status().isForbidden());
+		// @formatter:off
+		this.mvc.perform(get("/path/1/path").with(userCredentials()))
+				.andExpect(status().isOk());
+		this.mvc.perform(get("/path/2/path").with(userCredentials()))
+				.andExpect(status().isForbidden());
+		// @formatter:on
 	}
 
 	@Test
 	public void requestWhenUsingMvcMatchersThenAuthorizesRequestsAccordingly() throws Exception {
 		this.spring.configLocations(this.xml("MvcMatchers")).autowire();
-		this.mvc.perform(get("/path")).andExpect(status().isUnauthorized());
-		this.mvc.perform(get("/path.html")).andExpect(status().isUnauthorized());
-		this.mvc.perform(get("/path/")).andExpect(status().isUnauthorized());
+		this.mvc.perform(get("/path"))
+				.andExpect(status().isUnauthorized());
+		this.mvc.perform(get("/path.html"))
+				.andExpect(status().isUnauthorized());
+		this.mvc.perform(get("/path/"))
+				.andExpect(status().isUnauthorized());
 	}
 
 	@Test
 	public void requestWhenUsingMvcMatchersAndPathVariablesThenAuthorizesRequestsAccordingly() throws Exception {
 		this.spring.configLocations(this.xml("MvcMatchersPathVariables")).autowire();
-		this.mvc.perform(get("/path/user/path").with(httpBasic("user", "password"))).andExpect(status().isOk());
-		this.mvc.perform(get("/path/otheruser/path").with(httpBasic("user", "password")))
+		// @formatter:off
+		this.mvc.perform(get("/path/user/path").with(userCredentials()))
+				.andExpect(status().isOk());
+		this.mvc.perform(get("/path/otheruser/path").with(userCredentials()))
 				.andExpect(status().isForbidden());
-		this.mvc.perform(get("/PATH/user/path").with(httpBasic("user", "password"))).andExpect(status().isForbidden());
+		this.mvc.perform(get("/PATH/user/path").with(userCredentials()))
+				.andExpect(status().isForbidden());
+		// @formatter:on
 	}
 
 	@Test
@@ -144,9 +177,14 @@ public class InterceptUrlConfigTests {
 		MockServletContext servletContext = mockServletContext("/spring");
 		ConfigurableWebApplicationContext context = this.spring.getContext();
 		context.setServletContext(servletContext);
-		this.mvc.perform(get("/spring/path").servletPath("/spring")).andExpect(status().isUnauthorized());
-		this.mvc.perform(get("/spring/path.html").servletPath("/spring")).andExpect(status().isUnauthorized());
-		this.mvc.perform(get("/spring/path/").servletPath("/spring")).andExpect(status().isUnauthorized());
+		// @formatter:off
+		this.mvc.perform(get("/spring/path").servletPath("/spring"))
+				.andExpect(status().isUnauthorized());
+		this.mvc.perform(get("/spring/path.html").servletPath("/spring"))
+				.andExpect(status().isUnauthorized());
+		this.mvc.perform(get("/spring/path/").servletPath("/spring"))
+				.andExpect(status().isUnauthorized());
+		// @formatter:on
 	}
 
 	@Test
@@ -173,6 +211,14 @@ public class InterceptUrlConfigTests {
 				.isThrownBy(() -> this.spring.configLocations(this.xml("DefaultMatcherServletPath")).autowire());
 	}
 
+	private static RequestPostProcessor adminCredentials() {
+		return httpBasic("admin", "password");
+	}
+
+	private static RequestPostProcessor userCredentials() {
+		return httpBasic("user", "password");
+	}
+
 	private MockServletContext mockServletContext(String servletPath) {
 		MockServletContext servletContext = spy(new MockServletContext());
 		final ServletRegistration registration = mock(ServletRegistration.class);
diff --git a/config/src/test/java/org/springframework/security/config/http/MiscHttpConfigTests.java b/config/src/test/java/org/springframework/security/config/http/MiscHttpConfigTests.java
index de7537b92f..965e4e0ee7 100644
--- a/config/src/test/java/org/springframework/security/config/http/MiscHttpConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/MiscHttpConfigTests.java
@@ -43,6 +43,7 @@ import ch.qos.logback.classic.spi.ILoggingEvent;
 import ch.qos.logback.core.Appender;
 import org.apache.http.HttpStatus;
 import org.assertj.core.api.iterable.Extractor;
+import org.jetbrains.annotations.NotNull;
 import org.junit.Rule;
 import org.junit.Test;
 import org.mockito.stubbing.Answer;
@@ -105,6 +106,8 @@ import org.springframework.security.web.session.SessionManagementFilter;
 import org.springframework.test.util.ReflectionTestUtils;
 import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.test.web.servlet.MvcResult;
+import org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder;
+import org.springframework.test.web.servlet.request.RequestPostProcessor;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
@@ -162,29 +165,45 @@ public class MiscHttpConfigTests {
 	@Test
 	public void requestWhenUsingDebugFilterAndPatternIsNotConfigureForSecurityThenRespondsOk() throws Exception {
 		this.spring.configLocations(xml("NoSecurityForPattern")).autowire();
-		this.mvc.perform(get("/unprotected")).andExpect(status().isNotFound());
-		this.mvc.perform(get("/nomatch")).andExpect(status().isNotFound());
+		// @formatter:off
+		this.mvc.perform(get("/unprotected"))
+				.andExpect(status().isNotFound());
+		this.mvc.perform(get("/nomatch"))
+				.andExpect(status().isNotFound());
+		// @formatter:on
 	}
 
 	@Test
 	public void requestWhenHttpPatternUsesRegexMatchingThenMatchesAccordingly() throws Exception {
 		this.spring.configLocations(xml("RegexSecurityPattern")).autowire();
-		this.mvc.perform(get("/protected")).andExpect(status().isUnauthorized());
-		this.mvc.perform(get("/unprotected")).andExpect(status().isNotFound());
+		// @formatter:off
+		this.mvc.perform(get("/protected"))
+				.andExpect(status().isUnauthorized());
+		this.mvc.perform(get("/unprotected"))
+				.andExpect(status().isNotFound());
+		// @formatter:on
 	}
 
 	@Test
 	public void requestWhenHttpPatternUsesCiRegexMatchingThenMatchesAccordingly() throws Exception {
 		this.spring.configLocations(xml("CiRegexSecurityPattern")).autowire();
-		this.mvc.perform(get("/ProTectEd")).andExpect(status().isUnauthorized());
-		this.mvc.perform(get("/UnProTectEd")).andExpect(status().isNotFound());
+		// @formatter:off
+		this.mvc.perform(get("/ProTectEd"))
+				.andExpect(status().isUnauthorized());
+		this.mvc.perform(get("/UnProTectEd"))
+				.andExpect(status().isNotFound());
+		// @formatter:on
 	}
 
 	@Test
 	public void requestWhenHttpPatternUsesCustomRequestMatcherThenMatchesAccordingly() throws Exception {
 		this.spring.configLocations(xml("CustomRequestMatcher")).autowire();
-		this.mvc.perform(get("/protected")).andExpect(status().isUnauthorized());
-		this.mvc.perform(get("/unprotected")).andExpect(status().isNotFound());
+		// @formatter:off
+		this.mvc.perform(get("/protected"))
+				.andExpect(status().isUnauthorized());
+		this.mvc.perform(get("/unprotected"))
+				.andExpect(status().isNotFound());
+		// @formatter:on
 	}
 
 	/**
@@ -193,65 +212,98 @@ public class MiscHttpConfigTests {
 	@Test
 	public void requestWhenUsingMinimalConfigurationThenHonorsAnonymousEndpoints() throws Exception {
 		this.spring.configLocations(xml("AnonymousEndpoints")).autowire();
-		this.mvc.perform(get("/protected")).andExpect(status().isUnauthorized());
-		this.mvc.perform(get("/unprotected")).andExpect(status().isNotFound());
+		// @formatter:off
+		this.mvc.perform(get("/protected"))
+				.andExpect(status().isUnauthorized());
+		this.mvc.perform(get("/unprotected"))
+				.andExpect(status().isNotFound());
+		// @formatter:on
 		assertThat(getFilter(AnonymousAuthenticationFilter.class)).isNotNull();
 	}
 
 	@Test
 	public void requestWhenAnonymousIsDisabledThenRejectsAnonymousEndpoints() throws Exception {
 		this.spring.configLocations(xml("AnonymousDisabled")).autowire();
-		this.mvc.perform(get("/protected")).andExpect(status().isUnauthorized());
-		this.mvc.perform(get("/unprotected")).andExpect(status().isUnauthorized());
+		// @formatter:off
+		this.mvc.perform(get("/protected"))
+				.andExpect(status().isUnauthorized());
+		this.mvc.perform(get("/unprotected"))
+				.andExpect(status().isUnauthorized());
+		// @formatter:on
 		assertThat(getFilter(AnonymousAuthenticationFilter.class)).isNull();
 	}
 
 	@Test
 	public void requestWhenAnonymousUsesCustomAttributesThenRespondsWithThoseAttributes() throws Exception {
 		this.spring.configLocations(xml("AnonymousCustomAttributes")).autowire();
-		this.mvc.perform(get("/protected").with(httpBasic("user", "password"))).andExpect(status().isForbidden());
-		this.mvc.perform(get("/protected")).andExpect(status().isOk()).andExpect(content().string("josh"));
-		this.mvc.perform(get("/customKey")).andExpect(status().isOk())
+		// @formatter:off
+		this.mvc.perform(get("/protected").with(userCredentials()))
+				.andExpect(status().isForbidden());
+		this.mvc.perform(get("/protected"))
+				.andExpect(status().isOk())
+				.andExpect(content().string("josh"));
+		this.mvc.perform(get("/customKey"))
+				.andExpect(status().isOk())
 				.andExpect(content().string(String.valueOf("myCustomKey".hashCode())));
+		// @formatter:on
 	}
 
 	@Test
 	public void requestWhenAnonymousUsesMultipleGrantedAuthoritiesThenRespondsWithThoseAttributes() throws Exception {
 		this.spring.configLocations(xml("AnonymousMultipleAuthorities")).autowire();
-		this.mvc.perform(get("/protected").with(httpBasic("user", "password"))).andExpect(status().isForbidden());
-		this.mvc.perform(get("/protected")).andExpect(status().isOk()).andExpect(content().string("josh"));
-		this.mvc.perform(get("/customKey")).andExpect(status().isOk())
+		// @formatter:off
+		this.mvc.perform(get("/protected").with(userCredentials()))
+				.andExpect(status().isForbidden());
+		this.mvc.perform(get("/protected"))
+				.andExpect(status().isOk())
+				.andExpect(content().string("josh"));
+		this.mvc.perform(get("/customKey"))
+				.andExpect(status().isOk())
 				.andExpect(content().string(String.valueOf("myCustomKey".hashCode())));
+		// @formatter:on
 	}
 
 	@Test
 	public void requestWhenInterceptUrlMatchesMethodThenSecuresAccordingly() throws Exception {
 		this.spring.configLocations(xml("InterceptUrlMethod")).autowire();
-		this.mvc.perform(get("/protected").with(httpBasic("user", "password"))).andExpect(status().isOk());
-		this.mvc.perform(post("/protected").with(httpBasic("user", "password"))).andExpect(status().isForbidden());
-		this.mvc.perform(post("/protected").with(httpBasic("poster", "password"))).andExpect(status().isOk());
-		this.mvc.perform(delete("/protected").with(httpBasic("poster", "password"))).andExpect(status().isForbidden());
-		this.mvc.perform(delete("/protected").with(httpBasic("admin", "password"))).andExpect(status().isOk());
+		// @formatter:off
+		this.mvc.perform(get("/protected").with(userCredentials()))
+				.andExpect(status().isOk());
+		this.mvc.perform(post("/protected").with(userCredentials()))
+				.andExpect(status().isForbidden());
+		this.mvc.perform(post("/protected").with(postCredentials()))
+				.andExpect(status().isOk());
+		this.mvc.perform(delete("/protected").with(postCredentials()))
+				.andExpect(status().isForbidden());
+		this.mvc.perform(delete("/protected").with(adminCredentials()))
+				.andExpect(status().isOk());
+		// @formatter:on
 	}
 
 	@Test
 	public void requestWhenInterceptUrlMatchesMethodAndRequiresHttpsThenSecuresAccordingly() throws Exception {
 		this.spring.configLocations(xml("InterceptUrlMethodRequiresHttps")).autowire();
-		this.mvc.perform(post("/protected").with(csrf())).andExpect(status().isOk());
-		this.mvc.perform(get("/protected").secure(true).with(httpBasic("user", "password")))
-				.andExpect(status().isForbidden());
-		this.mvc.perform(get("/protected").secure(true).with(httpBasic("admin", "password")))
+		// @formatter:off
+		this.mvc.perform(post("/protected").with(csrf()))
 				.andExpect(status().isOk());
+		this.mvc.perform(get("/protected").secure(true).with(userCredentials()))
+				.andExpect(status().isForbidden());
+		this.mvc.perform(get("/protected").secure(true).with(adminCredentials()))
+				.andExpect(status().isOk());
+		// @formatter:on
 	}
 
 	@Test
 	public void requestWhenInterceptUrlMatchesAnyPatternAndRequiresHttpsThenSecuresAccordingly() throws Exception {
 		this.spring.configLocations(xml("InterceptUrlMethodRequiresHttpsAny")).autowire();
-		this.mvc.perform(post("/protected").with(csrf())).andExpect(status().isOk());
-		this.mvc.perform(get("/protected").secure(true).with(httpBasic("user", "password")))
-				.andExpect(status().isForbidden());
-		this.mvc.perform(get("/protected").secure(true).with(httpBasic("admin", "password")))
+		// @formatter:off
+		this.mvc.perform(post("/protected").with(csrf()))
 				.andExpect(status().isOk());
+		this.mvc.perform(get("/protected").secure(true).with(userCredentials()))
+				.andExpect(status().isForbidden());
+		this.mvc.perform(get("/protected").secure(true).with(adminCredentials()))
+				.andExpect(status().isOk());
+		// @formatter:on
 	}
 
 	@Test
@@ -265,7 +317,10 @@ public class MiscHttpConfigTests {
 	public void requestWhenCustomHttpBasicEntryPointRefThenInvokesOnCommence() throws Exception {
 		this.spring.configLocations(xml("CustomHttpBasicEntryPointRef")).autowire();
 		AuthenticationEntryPoint entryPoint = this.spring.getContext().getBean(AuthenticationEntryPoint.class);
-		this.mvc.perform(get("/protected")).andExpect(status().isOk());
+		// @formatter:off
+		this.mvc.perform(get("/protected"))
+				.andExpect(status().isOk());
+		// @formatter:on
 		verify(entryPoint).commence(any(HttpServletRequest.class), any(HttpServletResponse.class),
 				any(AuthenticationException.class));
 	}
@@ -279,8 +334,10 @@ public class MiscHttpConfigTests {
 	@Test
 	public void getWhenPortsMappedThenRedirectedAccordingly() throws Exception {
 		this.spring.configLocations(xml("PortsMappedInterceptUrlMethodRequiresAny")).autowire();
+		// @formatter:off
 		this.mvc.perform(get("http://localhost:9080/protected"))
 				.andExpect(redirectedUrl("https://localhost:9443/protected"));
+		// @formatter:on
 	}
 
 	@Test
@@ -312,9 +369,11 @@ public class MiscHttpConfigTests {
 	public void getWhenUsingX509AndPropertyPlaceholderThenSubjectPrincipalRegexIsConfigured() throws Exception {
 		System.setProperty("subject_principal_regex", "OU=(.*?)(?:,|$)");
 		this.spring.configLocations(xml("X509")).autowire();
-		this.mvc.perform(get("/protected")
-				.with(x509("classpath:org/springframework/security/config/http/MiscHttpConfigTests-certificate.pem")))
+		RequestPostProcessor x509 = x509("classpath:org/springframework/security/config/http/MiscHttpConfigTests-certificate.pem");
+		// @formatter:off
+		this.mvc.perform(get("/protected").with(x509))
 				.andExpect(status().isOk());
+		// @formatter:on
 	}
 
 	@Test
@@ -335,7 +394,10 @@ public class MiscHttpConfigTests {
 	@Test
 	public void logoutWhenSpecifyingSuccessHandlerRefThenResponseHandledAccordingly() throws Exception {
 		this.spring.configLocations(xml("LogoutSuccessHandlerRef")).autowire();
-		this.mvc.perform(post("/logout").with(csrf())).andExpect(redirectedUrl("/logoutSuccessEndpoint"));
+		// @formatter:off
+		this.mvc.perform(post("/logout").with(csrf()))
+				.andExpect(redirectedUrl("/logoutSuccessEndpoint"));
+		// @formatter:on
 	}
 
 	@Test
@@ -374,8 +436,12 @@ public class MiscHttpConfigTests {
 	@Test
 	public void getWhenUsingTwoIdenticalInterceptUrlsThenTheSecondTakesPrecedence() throws Exception {
 		this.spring.configLocations(xml("Sec934")).autowire();
-		this.mvc.perform(get("/protected").with(httpBasic("user", "password"))).andExpect(status().isOk());
-		this.mvc.perform(get("/protected").with(httpBasic("admin", "password"))).andExpect(status().isForbidden());
+		// @formatter:off
+		this.mvc.perform(get("/protected").with(userCredentials()))
+				.andExpect(status().isOk());
+		this.mvc.perform(get("/protected").with(adminCredentials()))
+				.andExpect(status().isForbidden());
+		// @formatter:on
 	}
 
 	@Test
@@ -384,8 +450,11 @@ public class MiscHttpConfigTests {
 		SecurityContextRepository repository = this.spring.getContext().getBean(SecurityContextRepository.class);
 		SecurityContext context = new SecurityContextImpl(new TestingAuthenticationToken("user", "password"));
 		given(repository.loadContext(any(HttpRequestResponseHolder.class))).willReturn(context);
-		MvcResult result = this.mvc.perform(get("/protected").with(httpBasic("user", "password")))
-				.andExpect(status().isOk()).andReturn();
+		// @formatter:off
+		MvcResult result = this.mvc.perform(get("/protected").with(userCredentials()))
+				.andExpect(status().isOk())
+				.andReturn();
+		// @formatter:on
 		assertThat(result.getRequest().getSession(false)).isNotNull();
 		verify(repository, atLeastOnce()).saveContext(any(SecurityContext.class), any(HttpServletRequest.class),
 				any(HttpServletResponse.class));
@@ -394,9 +463,14 @@ public class MiscHttpConfigTests {
 	@Test
 	public void getWhenUsingInterceptUrlExpressionsThenAuthorizesAccordingly() throws Exception {
 		this.spring.configLocations(xml("InterceptUrlExpressions")).autowire();
-		this.mvc.perform(get("/protected").with(httpBasic("admin", "password"))).andExpect(status().isOk());
-		this.mvc.perform(get("/protected").with(httpBasic("user", "password"))).andExpect(status().isForbidden());
-		this.mvc.perform(get("/unprotected").with(httpBasic("user", "password"))).andExpect(status().isOk());
+		// @formatter:off
+		this.mvc.perform(get("/protected").with(adminCredentials()))
+				.andExpect(status().isOk());
+		this.mvc.perform(get("/protected").with(userCredentials()))
+				.andExpect(status().isForbidden());
+		this.mvc.perform(get("/unprotected").with(userCredentials()))
+				.andExpect(status().isOk());
+		// @formatter:on
 	}
 
 	@Test
@@ -405,7 +479,10 @@ public class MiscHttpConfigTests {
 		PermissionEvaluator permissionEvaluator = this.spring.getContext().getBean(PermissionEvaluator.class);
 		given(permissionEvaluator.hasPermission(any(Authentication.class), any(Object.class), any(Object.class)))
 				.willReturn(false);
-		this.mvc.perform(get("/").with(httpBasic("user", "password"))).andExpect(status().isForbidden());
+		// @formatter:off
+		this.mvc.perform(get("/").with(userCredentials()))
+				.andExpect(status().isForbidden());
+		// @formatter:on
 		verify(permissionEvaluator).hasPermission(any(Authentication.class), any(Object.class), any(Object.class));
 	}
 
@@ -449,21 +526,32 @@ public class MiscHttpConfigTests {
 	public void loginWhenConfiguredWithNoInternalAuthenticationProvidersThenSuccessfullyAuthenticates()
 			throws Exception {
 		this.spring.configLocations(xml("NoInternalAuthenticationProviders")).autowire();
-		this.mvc.perform(post("/login").param("username", "user").param("password", "password"))
+		// @formatter:off
+		MockHttpServletRequestBuilder loginRequest = post("/login")
+				.param("username", "user")
+				.param("password", "password");
+		this.mvc.perform(loginRequest)
 				.andExpect(redirectedUrl("/"));
+		// @formatter:on
 	}
 
 	@Test
 	public void loginWhenUsingDefaultsThenErasesCredentialsAfterAuthentication() throws Exception {
 		this.spring.configLocations(xml("HttpBasic")).autowire();
-		this.mvc.perform(get("/password").with(httpBasic("user", "password"))).andExpect(content().string(""));
+		// @formatter:off
+		this.mvc.perform(get("/password").with(userCredentials()))
+				.andExpect(content().string(""));
+		// @formatter:on
 	}
 
 	@Test
 	public void loginWhenAuthenticationManagerConfiguredToEraseCredentialsThenErasesCredentialsAfterAuthentication()
 			throws Exception {
 		this.spring.configLocations(xml("AuthenticationManagerEraseCredentials")).autowire();
-		this.mvc.perform(get("/password").with(httpBasic("user", "password"))).andExpect(content().string(""));
+		// @formatter:off
+		this.mvc.perform(get("/password").with(userCredentials()))
+				.andExpect(content().string(""));
+		// @formatter:on
 	}
 
 	/**
@@ -473,14 +561,20 @@ public class MiscHttpConfigTests {
 	public void loginWhenAuthenticationManagerRefConfiguredToKeepCredentialsThenKeepsCredentialsAfterAuthentication()
 			throws Exception {
 		this.spring.configLocations(xml("AuthenticationManagerRefKeepCredentials")).autowire();
-		this.mvc.perform(get("/password").with(httpBasic("user", "password"))).andExpect(content().string("password"));
+		// @formatter:off
+		this.mvc.perform(get("/password").with(userCredentials()))
+				.andExpect(content().string("password"));
+		// @formatter:on
 	}
 
 	@Test
 	public void loginWhenAuthenticationManagerRefIsNotAProviderManagerThenKeepsCredentialsAccordingly()
 			throws Exception {
 		this.spring.configLocations(xml("AuthenticationManagerRefNotProviderManager")).autowire();
-		this.mvc.perform(get("/password").with(httpBasic("user", "password"))).andExpect(content().string("password"));
+		// @formatter:off
+		this.mvc.perform(get("/password").with(userCredentials()))
+				.andExpect(content().string("password"));
+		// @formatter:on
 	}
 
 	@Test
@@ -488,12 +582,18 @@ public class MiscHttpConfigTests {
 		this.spring.configLocations(xml("JeeFilter")).autowire();
 		Principal user = mock(Principal.class);
 		given(user.getName()).willReturn("joe");
-		this.mvc.perform(get("/roles").principal(user).with((request) -> {
-			request.addUserRole("admin");
-			request.addUserRole("user");
-			request.addUserRole("unmapped");
-			return request;
-		})).andExpect(content().string("ROLE_admin,ROLE_user"));
+		// @formatter:off
+		MockHttpServletRequestBuilder rolesRequest = get("/roles")
+				.principal(user)
+				.with((request) -> {
+					request.addUserRole("admin");
+					request.addUserRole("user");
+					request.addUserRole("unmapped");
+					return request;
+				});
+		this.mvc.perform(rolesRequest)
+				.andExpect(content().string("ROLE_admin,ROLE_user"));
+		// @formatter:on
 	}
 
 	@Test
@@ -503,15 +603,23 @@ public class MiscHttpConfigTests {
 		Object details = mock(Object.class);
 		AuthenticationDetailsSource source = this.spring.getContext().getBean(AuthenticationDetailsSource.class);
 		given(source.buildDetails(any(Object.class))).willReturn(details);
-		this.mvc.perform(get("/details").with(httpBasic("user", "password")))
+		RequestPostProcessor x509 = x509("classpath:org/springframework/security/config/http/MiscHttpConfigTests-certificate.pem");
+		// @formatter:off
+		this.mvc.perform(get("/details").with(userCredentials()))
 				.andExpect(content().string(details.getClass().getName()));
-		this.mvc.perform(get("/details")
-				.with(x509("classpath:org/springframework/security/config/http/MiscHttpConfigTests-certificate.pem")))
+		this.mvc.perform(get("/details").with(x509))
 				.andExpect(content().string(details.getClass().getName()));
-		MockHttpSession session = (MockHttpSession) this.mvc
-				.perform(post("/login").param("username", "user").param("password", "password").with(csrf()))
-				.andReturn().getRequest().getSession(false);
-		this.mvc.perform(get("/details").session(session)).andExpect(content().string(details.getClass().getName()));
+		MockHttpServletRequestBuilder loginRequest = post("/login")
+				.param("username", "user")
+				.param("password", "password")
+				.with(csrf());
+		MockHttpSession session = (MockHttpSession) this.mvc.perform(loginRequest)
+				.andReturn()
+				.getRequest()
+				.getSession(false);
+		this.mvc.perform(get("/details").session(session))
+				.andExpect(content().string(details.getClass().getName()));
+		// @formatter:on
 		assertThat(ReflectionTestUtils.getField(getFilter(OpenIDAuthenticationFilter.class),
 				"authenticationDetailsSource")).isEqualTo(source);
 	}
@@ -521,7 +629,10 @@ public class MiscHttpConfigTests {
 		this.spring.configLocations(xml("Jaas")).autowire();
 		AuthorityGranter granter = this.spring.getContext().getBean(AuthorityGranter.class);
 		given(granter.grant(any(Principal.class))).willReturn(new HashSet<>(Arrays.asList("USER")));
-		this.mvc.perform(get("/username").with(httpBasic("user", "password"))).andExpect(content().string("user"));
+		// @formatter:off
+		this.mvc.perform(get("/username").with(userCredentials()))
+				.andExpect(content().string("user"));
+		// @formatter:on
 	}
 
 	@Test
@@ -556,7 +667,10 @@ public class MiscHttpConfigTests {
 	@Test
 	public void getWhenUsingCustomAccessDecisionManagerThenAuthorizesAccordingly() throws Exception {
 		this.spring.configLocations(xml("CustomAccessDecisionManager")).autowire();
-		this.mvc.perform(get("/unprotected").with(httpBasic("user", "password"))).andExpect(status().isForbidden());
+		// @formatter:off
+		this.mvc.perform(get("/unprotected").with(userCredentials()))
+				.andExpect(status().isForbidden());
+		// @formatter:on
 	}
 
 	/**
@@ -565,15 +679,25 @@ public class MiscHttpConfigTests {
 	@Test
 	public void authenticateWhenUsingPortMapperThenRedirectsAppropriately() throws Exception {
 		this.spring.configLocations(xml("PortsMappedRequiresHttps")).autowire();
+		// @formatter:off
 		MockHttpSession session = (MockHttpSession) this.mvc.perform(get("https://localhost:9080/protected"))
-				.andExpect(redirectedUrl("https://localhost:9443/login")).andReturn().getRequest().getSession(false);
-		session = (MockHttpSession) this.mvc
-				.perform(post("/login").param("username", "user").param("password", "password").session(session)
-						.with(csrf()))
-				.andExpect(redirectedUrl("https://localhost:9443/protected")).andReturn().getRequest()
+				.andExpect(redirectedUrl("https://localhost:9443/login"))
+				.andReturn()
+				.getRequest()
+				.getSession(false);
+		MockHttpServletRequestBuilder loginRequest = post("/login")
+				.param("username", "user")
+				.param("password", "password")
+				.session(session)
+				.with(csrf());
+		session = (MockHttpSession) this.mvc.perform(loginRequest)
+				.andExpect(redirectedUrl("https://localhost:9443/protected"))
+				.andReturn()
+				.getRequest()
 				.getSession(false);
 		this.mvc.perform(get("http://localhost:9080/protected").session(session))
 				.andExpect(redirectedUrl("https://localhost:9443/protected"));
+		// @formatter:on
 	}
 
 	private void redirectLogsTo(OutputStream os, Class<?> clazz) {
@@ -624,6 +748,21 @@ public class MiscHttpConfigTests {
 		return proxy.getFilters(url);
 	}
 
+	@NotNull
+	private static RequestPostProcessor userCredentials() {
+		return httpBasic("user", "password");
+	}
+
+	@NotNull
+	private static RequestPostProcessor adminCredentials() {
+		return httpBasic("admin", "password");
+	}
+
+	@NotNull
+	private static RequestPostProcessor postCredentials() {
+		return httpBasic("poster", "password");
+	}
+
 	private static String xml(String configName) {
 		return CONFIG_LOCATION_PREFIX + "-" + configName + ".xml";
 	}
diff --git a/config/src/test/java/org/springframework/security/config/http/MultiHttpBlockConfigTests.java b/config/src/test/java/org/springframework/security/config/http/MultiHttpBlockConfigTests.java
index 07ddc0303c..38d42bd9b1 100644
--- a/config/src/test/java/org/springframework/security/config/http/MultiHttpBlockConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/MultiHttpBlockConfigTests.java
@@ -24,7 +24,7 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.config.test.SpringTestRule;
 import org.springframework.stereotype.Controller;
 import org.springframework.test.web.servlet.MockMvc;
-import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
+import org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder;
 import org.springframework.web.bind.annotation.GetMapping;
 
 import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
@@ -53,10 +53,17 @@ public class MultiHttpBlockConfigTests {
 	@Test
 	public void requestWhenUsingMutuallyExclusiveHttpElementsThenIsRoutedAccordingly() throws Exception {
 		this.spring.configLocations(this.xml("DistinctHttpElements")).autowire();
-		this.mvc.perform(MockMvcRequestBuilders.get("/first").with(httpBasic("user", "password")))
+		// @formatter:off
+		this.mvc.perform(get("/first").with(httpBasic("user", "password")))
 				.andExpect(status().isOk());
-		this.mvc.perform(post("/second/login").param("username", "user").param("password", "password").with(csrf()))
-				.andExpect(status().isFound()).andExpect(redirectedUrl("/"));
+		MockHttpServletRequestBuilder formLoginRequest = post("/second/login")
+				.param("username", "user")
+				.param("password", "password")
+				.with(csrf());
+		this.mvc.perform(formLoginRequest)
+				.andExpect(status().isFound())
+				.andExpect(redirectedUrl("/"));
+		// @formatter:on
 	}
 
 	@Test
@@ -80,9 +87,19 @@ public class MultiHttpBlockConfigTests {
 	public void requestWhenTargettingAuthenticationManagersToCorrespondingHttpElementsThenAuthenticationProceeds()
 			throws Exception {
 		this.spring.configLocations(this.xml("Sec1937")).autowire();
-		this.mvc.perform(get("/first").with(httpBasic("first", "password")).with(csrf())).andExpect(status().isOk());
-		this.mvc.perform(post("/second/login").param("username", "second").param("password", "password").with(csrf()))
+		// @formatter:off
+		MockHttpServletRequestBuilder basicLoginRequest = get("/first")
+				.with(httpBasic("first", "password"))
+				.with(csrf());
+		this.mvc.perform(basicLoginRequest)
+				.andExpect(status().isOk());
+		MockHttpServletRequestBuilder formLoginRequest = post("/second/login")
+				.param("username", "second")
+				.param("password", "password")
+				.with(csrf());
+		this.mvc.perform(formLoginRequest)
 				.andExpect(redirectedUrl("/"));
+		// @formatter:on
 	}
 
 	private String xml(String configName) {
diff --git a/config/src/test/java/org/springframework/security/config/http/NamespaceHttpBasicTests.java b/config/src/test/java/org/springframework/security/config/http/NamespaceHttpBasicTests.java
index 166757825d..85b09b0a7c 100644
--- a/config/src/test/java/org/springframework/security/config/http/NamespaceHttpBasicTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/NamespaceHttpBasicTests.java
@@ -72,24 +72,23 @@ public class NamespaceHttpBasicTests {
 	@Test
 	public void httpBasicWithPasswordEncoder() throws Exception {
 		// @formatter:off
-		loadContext("<http>\n" +
-			"		<intercept-url pattern=\"/**\" access=\"hasRole('USER')\" />\n" +
-			"		<http-basic />\n" +
-			"	</http>\n" +
-			"\n" +
-			"	<authentication-manager id=\"authenticationManager\">\n" +
-			"		<authentication-provider>\n" +
-			"			<password-encoder ref=\"passwordEncoder\" />\n" +
-			"			<user-service>\n" +
-			"				<user name=\"user\" password=\"$2a$10$Zk1MxFEt7YYji4Ccy9xlfuewWzUMsmHZfy4UcCmNKVV6z5i/JNGJW\" authorities=\"ROLE_USER\"/>\n" +
-			"			</user-service>\n" +
-			"		</authentication-provider>\n" +
-			"	</authentication-manager>\n" +
-			"	<b:bean id=\"passwordEncoder\"\n" +
-			"		class=\"org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder\" />");
-			// @formatter:on
-		this.request.addHeader("Authorization",
-				"Basic " + Base64.getEncoder().encodeToString("user:test".getBytes("UTF-8")));
+		loadContext("<http>\n"
+			+ "	<intercept-url pattern=\"/**\" access=\"hasRole('USER')\" />\n"
+			+ "	<http-basic />\n"
+			+ "</http>\n"
+			+  "\n"
+			+  "<authentication-manager id=\"authenticationManager\">\n"
+			+  "	<authentication-provider>\n"
+			+  "		<password-encoder ref=\"passwordEncoder\" />\n"
+			+  "		<user-service>\n"
+			+  "			<user name=\"user\" password=\"$2a$10$Zk1MxFEt7YYji4Ccy9xlfuewWzUMsmHZfy4UcCmNKVV6z5i/JNGJW\" authorities=\"ROLE_USER\"/>\n"
+			+  "		</user-service>\n"
+			+  "	</authentication-provider>\n"
+			+  "</authentication-manager>\n"
+			+  "<b:bean id=\"passwordEncoder\"\n"
+			+  "	class=\"org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder\" />");
+		// @formatter:on
+		this.request.addHeader("Authorization",  "Basic " + Base64.getEncoder().encodeToString("user:test".getBytes("UTF-8")));
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
 	}
@@ -98,12 +97,12 @@ public class NamespaceHttpBasicTests {
 	@Test
 	public void httpBasicUnauthorizedOnDefault() throws Exception {
 		// @formatter:off
-		loadContext("<http>\n" +
-			"		<intercept-url pattern=\"/**\" access=\"hasRole('USER')\" />\n" +
-			"		<http-basic />\n" +
-			"	</http>\n" +
-			"\n" +
-			"	<authentication-manager />");
+		loadContext("<http>\n"
+			+  "	<intercept-url pattern=\"/**\" access=\"hasRole('USER')\" />\n"
+			+  "	<http-basic />\n"
+			+  "</http>\n"
+			+  "\n"
+			+  "<authentication-manager />");
 		// @formatter:on
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
diff --git a/config/src/test/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserTests.java
index a6ade1e729..085ec83e68 100644
--- a/config/src/test/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserTests.java
@@ -100,8 +100,11 @@ public class OAuth2ClientBeanDefinitionParserTests {
 	@Test
 	public void requestWhenAuthorizeThenRedirect() throws Exception {
 		this.spring.configLocations(xml("Minimal")).autowire();
-		MvcResult result = this.mvc.perform(get("/oauth2/authorization/google")).andExpect(status().is3xxRedirection())
+		// @formatter:off
+		MvcResult result = this.mvc.perform(get("/oauth2/authorization/google"))
+				.andExpect(status().is3xxRedirection())
 				.andReturn();
+		// @formatter:on
 		assertThat(result.getResponse().getRedirectedUrl()).matches(
 				"https://accounts.google.com/o/oauth2/v2/auth\\?" + "response_type=code&client_id=google-client-id&"
 						+ "scope=scope1%20scope2&state=.{15,}&redirect_uri=http://localhost/callback/google");
@@ -110,12 +113,20 @@ public class OAuth2ClientBeanDefinitionParserTests {
 	@Test
 	public void requestWhenCustomClientRegistrationRepositoryThenCalled() throws Exception {
 		this.spring.configLocations(xml("CustomClientRegistrationRepository")).autowire();
+		// @formatter:off
 		ClientRegistration clientRegistration = CommonOAuth2Provider.GOOGLE.getBuilder("google")
-				.clientId("google-client-id").clientSecret("google-client-secret")
-				.redirectUri("http://localhost/callback/google").scope("scope1", "scope2").build();
+				.clientId("google-client-id")
+				.clientSecret("google-client-secret")
+				.redirectUri("http://localhost/callback/google")
+				.scope("scope1", "scope2")
+				.build();
+		// @formatter:on
 		given(this.clientRegistrationRepository.findByRegistrationId(any())).willReturn(clientRegistration);
-		MvcResult result = this.mvc.perform(get("/oauth2/authorization/google")).andExpect(status().is3xxRedirection())
+		// @formatter:off
+		MvcResult result = this.mvc.perform(get("/oauth2/authorization/google"))
+				.andExpect(status().is3xxRedirection())
 				.andReturn();
+		// @formatter:on
 		assertThat(result.getResponse().getRedirectedUrl()).matches(
 				"https://accounts.google.com/o/oauth2/v2/auth\\?" + "response_type=code&client_id=google-client-id&"
 						+ "scope=scope1%20scope2&state=.{15,}&redirect_uri=http://localhost/callback/google");
@@ -128,10 +139,13 @@ public class OAuth2ClientBeanDefinitionParserTests {
 		ClientRegistration clientRegistration = this.clientRegistrationRepository.findByRegistrationId("google");
 		OAuth2AuthorizationRequest authorizationRequest = createAuthorizationRequest(clientRegistration);
 		given(this.authorizationRequestResolver.resolve(any())).willReturn(authorizationRequest);
-		this.mvc.perform(get("/oauth2/authorization/google")).andExpect(status().is3xxRedirection())
+		// @formatter:off
+		this.mvc.perform(get("/oauth2/authorization/google"))
+				.andExpect(status().is3xxRedirection())
 				.andExpect(redirectedUrl("https://accounts.google.com/o/oauth2/v2/auth?"
 						+ "response_type=code&client_id=google-client-id&"
 						+ "scope=scope1%20scope2&state=state&redirect_uri=http://localhost/callback/google"));
+		// @formatter:on
 		verify(this.authorizationRequestResolver).resolve(any());
 	}
 
@@ -148,8 +162,11 @@ public class OAuth2ClientBeanDefinitionParserTests {
 		MultiValueMap<String, String> params = new LinkedMultiValueMap<>();
 		params.add("code", "code123");
 		params.add("state", authorizationRequest.getState());
+		// @formatter:off
 		this.mvc.perform(get(authorizationRequest.getRedirectUri()).params(params))
-				.andExpect(status().is3xxRedirection()).andExpect(redirectedUrl(authorizationRequest.getRedirectUri()));
+				.andExpect(status().is3xxRedirection())
+				.andExpect(redirectedUrl(authorizationRequest.getRedirectUri()));
+		// @formatter:on
 		ArgumentCaptor<OAuth2AuthorizedClient> authorizedClientCaptor = ArgumentCaptor
 				.forClass(OAuth2AuthorizedClient.class);
 		verify(this.authorizedClientRepository).saveAuthorizedClient(authorizedClientCaptor.capture(), any(), any(),
@@ -173,8 +190,11 @@ public class OAuth2ClientBeanDefinitionParserTests {
 		MultiValueMap<String, String> params = new LinkedMultiValueMap<>();
 		params.add("code", "code123");
 		params.add("state", authorizationRequest.getState());
+		// @formatter:off
 		this.mvc.perform(get(authorizationRequest.getRedirectUri()).params(params))
-				.andExpect(status().is3xxRedirection()).andExpect(redirectedUrl(authorizationRequest.getRedirectUri()));
+				.andExpect(status().is3xxRedirection())
+				.andExpect(redirectedUrl(authorizationRequest.getRedirectUri()));
+		// @formatter:on
 		verify(this.authorizedClientService).saveAuthorizedClient(any(), any());
 	}
 
@@ -192,10 +212,15 @@ public class OAuth2ClientBeanDefinitionParserTests {
 	private static OAuth2AuthorizationRequest createAuthorizationRequest(ClientRegistration clientRegistration) {
 		Map<String, Object> attributes = new HashMap<>();
 		attributes.put(OAuth2ParameterNames.REGISTRATION_ID, clientRegistration.getRegistrationId());
+		// @formatter:off
 		return OAuth2AuthorizationRequest.authorizationCode()
 				.authorizationUri(clientRegistration.getProviderDetails().getAuthorizationUri())
 				.clientId(clientRegistration.getClientId()).redirectUri(clientRegistration.getRedirectUri())
-				.scopes(clientRegistration.getScopes()).state("state").attributes(attributes).build();
+				.scopes(clientRegistration.getScopes())
+				.state("state")
+				.attributes(attributes)
+				.build();
+		// @formatter:on
 	}
 
 	private static String xml(String configName) {
diff --git a/config/src/test/java/org/springframework/security/config/http/OAuth2LoginBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/http/OAuth2LoginBeanDefinitionParserTests.java
index 50e77f770c..123f7d9093 100644
--- a/config/src/test/java/org/springframework/security/config/http/OAuth2LoginBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/OAuth2LoginBeanDefinitionParserTests.java
@@ -144,7 +144,11 @@ public class OAuth2LoginBeanDefinitionParserTests {
 	@Test
 	public void requestLoginWhenMultiClientRegistrationThenReturnLoginPageWithClients() throws Exception {
 		this.spring.configLocations(this.xml("MultiClientRegistration")).autowire();
-		MvcResult result = this.mvc.perform(get("/login")).andExpect(status().is2xxSuccessful()).andReturn();
+		// @formatter:off
+		MvcResult result = this.mvc.perform(get("/login"))
+				.andExpect(status().is2xxSuccessful())
+				.andReturn();
+		// @formatter:on
 		assertThat(result.getResponse().getContentAsString())
 				.contains("<a href=\"/oauth2/authorization/google-login\">Google</a>");
 		assertThat(result.getResponse().getContentAsString())
@@ -155,8 +159,11 @@ public class OAuth2LoginBeanDefinitionParserTests {
 	@Test
 	public void requestWhenSingleClientRegistrationThenAutoRedirect() throws Exception {
 		this.spring.configLocations(this.xml("SingleClientRegistration")).autowire();
-		this.mvc.perform(get("/")).andExpect(status().is3xxRedirection())
+		// @formatter:off
+		this.mvc.perform(get("/"))
+				.andExpect(status().is3xxRedirection())
 				.andExpect(redirectedUrl("http://localhost/oauth2/authorization/google-login"));
+		// @formatter:on
 		verify(this.requestCache).saveRequest(any(), any());
 	}
 
@@ -165,8 +172,11 @@ public class OAuth2LoginBeanDefinitionParserTests {
 	public void requestWhenSingleClientRegistrationAndRequestFaviconNotAuthenticatedThenRedirectDefaultLoginPage()
 			throws Exception {
 		this.spring.configLocations(this.xml("SingleClientRegistration")).autowire();
-		this.mvc.perform(get("/favicon.ico").accept(new MediaType("image", "*"))).andExpect(status().is3xxRedirection())
+		// @formatter:off
+		this.mvc.perform(get("/favicon.ico").accept(new MediaType("image", "*")))
+				.andExpect(status().is3xxRedirection())
 				.andExpect(redirectedUrl("http://localhost/login"));
+		// @formatter:on
 	}
 
 	// gh-6812
@@ -174,8 +184,11 @@ public class OAuth2LoginBeanDefinitionParserTests {
 	public void requestWhenSingleClientRegistrationAndRequestXHRNotAuthenticatedThenDoesNotRedirectForAuthorization()
 			throws Exception {
 		this.spring.configLocations(this.xml("SingleClientRegistration")).autowire();
-		this.mvc.perform(get("/").header("X-Requested-With", "XMLHttpRequest")).andExpect(status().is3xxRedirection())
+		// @formatter:off
+		this.mvc.perform(get("/").header("X-Requested-With", "XMLHttpRequest"))
+				.andExpect(status().is3xxRedirection())
 				.andExpect(redirectedUrl("http://localhost/login"));
+		// @formatter:on
 	}
 
 	@Test
@@ -211,7 +224,10 @@ public class OAuth2LoginBeanDefinitionParserTests {
 		MultiValueMap<String, String> params = new LinkedMultiValueMap<>();
 		params.add("code", "code123");
 		params.add("state", authorizationRequest.getState());
-		this.mvc.perform(get("/login/oauth2/code/github-login").params(params)).andExpect(status().is2xxSuccessful());
+		// @formatter:off
+		this.mvc.perform(get("/login/oauth2/code/github-login").params(params))
+				.andExpect(status().is2xxSuccessful());
+		// @formatter:on
 		ArgumentCaptor<Authentication> authenticationCaptor = ArgumentCaptor.forClass(Authentication.class);
 		verify(this.authenticationSuccessHandler).onAuthenticationSuccess(any(), any(), authenticationCaptor.capture());
 		Authentication authentication = authenticationCaptor.getValue();
@@ -257,8 +273,11 @@ public class OAuth2LoginBeanDefinitionParserTests {
 		MultiValueMap<String, String> params = new LinkedMultiValueMap<>();
 		params.add("code", "code123");
 		params.add("state", authorizationRequest.getState());
-		this.mvc.perform(get("/login/oauth2/code/google-login").params(params)).andExpect(status().is3xxRedirection())
+		// @formatter:off
+		this.mvc.perform(get("/login/oauth2/code/google-login").params(params))
+				.andExpect(status().is3xxRedirection())
 				.andExpect(redirectedUrl("/"));
+		// @formatter:on
 		verify(this.jwtDecoderFactory).createDecoder(any());
 		verify(this.requestCache).getRequest(any(), any());
 	}
@@ -302,7 +321,10 @@ public class OAuth2LoginBeanDefinitionParserTests {
 		given(this.jwtDecoderFactory.createDecoder(any())).willReturn((token) -> jwt);
 		given(this.userAuthoritiesMapper.mapAuthorities(any()))
 				.willReturn((Collection) AuthorityUtils.createAuthorityList("ROLE_OIDC_USER"));
-		this.mvc.perform(get("/login/oauth2/code/google-login").params(params)).andExpect(status().is2xxSuccessful());
+		// @formatter:off
+		this.mvc.perform(get("/login/oauth2/code/google-login").params(params))
+				.andExpect(status().is2xxSuccessful());
+		// @formatter:on
 		authenticationCaptor = ArgumentCaptor.forClass(Authentication.class);
 		verify(this.authenticationSuccessHandler, times(2)).onAuthenticationSuccess(any(), any(),
 				authenticationCaptor.capture());
@@ -330,7 +352,10 @@ public class OAuth2LoginBeanDefinitionParserTests {
 		MultiValueMap<String, String> params = new LinkedMultiValueMap<>();
 		params.add("code", "code123");
 		params.add("state", authorizationRequest.getState());
-		this.mvc.perform(get("/login/oauth2/github-login").params(params)).andExpect(status().is2xxSuccessful());
+		// @formatter:off
+		this.mvc.perform(get("/login/oauth2/github-login").params(params))
+				.andExpect(status().is2xxSuccessful());
+		// @formatter:on
 		ArgumentCaptor<Authentication> authenticationCaptor = ArgumentCaptor.forClass(Authentication.class);
 		verify(this.authenticationSuccessHandler).onAuthenticationSuccess(any(), any(), authenticationCaptor.capture());
 		Authentication authentication = authenticationCaptor.getValue();
@@ -342,7 +367,10 @@ public class OAuth2LoginBeanDefinitionParserTests {
 	public void requestWhenCustomAuthorizationRequestResolverThenCalled() throws Exception {
 		this.spring.configLocations(this.xml("SingleClientRegistration-WithCustomAuthorizationRequestResolver"))
 				.autowire();
-		this.mvc.perform(get("/oauth2/authorization/google-login")).andExpect(status().is3xxRedirection());
+		// @formatter:off
+		this.mvc.perform(get("/oauth2/authorization/google-login"))
+				.andExpect(status().is3xxRedirection());
+		// @formatter:on
 		verify(this.authorizationRequestResolver).resolve(any());
 	}
 
@@ -350,15 +378,21 @@ public class OAuth2LoginBeanDefinitionParserTests {
 	@Test
 	public void requestWhenMultiClientRegistrationThenRedirectDefaultLoginPage() throws Exception {
 		this.spring.configLocations(this.xml("MultiClientRegistration")).autowire();
-		this.mvc.perform(get("/")).andExpect(status().is3xxRedirection())
+		// @formatter:off
+		this.mvc.perform(get("/"))
+				.andExpect(status().is3xxRedirection())
 				.andExpect(redirectedUrl("http://localhost/login"));
+		// @formatter:on
 	}
 
 	@Test
 	public void requestWhenCustomLoginPageThenRedirectCustomLoginPage() throws Exception {
 		this.spring.configLocations(this.xml("SingleClientRegistration-WithCustomLoginPage")).autowire();
-		this.mvc.perform(get("/")).andExpect(status().is3xxRedirection())
+		// @formatter:off
+		this.mvc.perform(get("/"))
+				.andExpect(status().is3xxRedirection())
 				.andExpect(redirectedUrl("http://localhost/custom-login"));
+		// @formatter:on
 	}
 
 	// gh-6802
@@ -366,8 +400,11 @@ public class OAuth2LoginBeanDefinitionParserTests {
 	public void requestWhenSingleClientRegistrationAndFormLoginConfiguredThenRedirectDefaultLoginPage()
 			throws Exception {
 		this.spring.configLocations(this.xml("SingleClientRegistration-WithFormLogin")).autowire();
-		this.mvc.perform(get("/")).andExpect(status().is3xxRedirection())
+		// @formatter:off
+		this.mvc.perform(get("/"))
+				.andExpect(status().is3xxRedirection())
 				.andExpect(redirectedUrl("http://localhost/login"));
+		// @formatter:on
 	}
 
 	@Test
@@ -444,7 +481,11 @@ public class OAuth2LoginBeanDefinitionParserTests {
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(clientRegistration, "user",
 				TestOAuth2AccessTokens.noScopes());
 		given(this.authorizedClientRepository.loadAuthorizedClient(any(), any(), any())).willReturn(authorizedClient);
-		this.mvc.perform(get("/authorized-client")).andExpect(status().isOk()).andExpect(content().string("resolved"));
+		// @formatter:off
+		this.mvc.perform(get("/authorized-client"))
+				.andExpect(status().isOk())
+				.andExpect(content().string("resolved"));
+		// @formatter:on
 	}
 
 	private String xml(String configName) {
diff --git a/config/src/test/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParserTests.java
index 84a77ed204..8344c7df8e 100644
--- a/config/src/test/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParserTests.java
@@ -50,6 +50,7 @@ import org.junit.Rule;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mockito;
+import org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder;
 import org.w3c.dom.Element;
 
 import org.springframework.beans.factory.DisposableBean;
@@ -137,7 +138,10 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 		this.spring.configLocations(xml("JwtRestOperations"), xml("Jwt")).autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("ValidNoScopes");
-		this.mvc.perform(get("/").header("Authorization", "Bearer " + token)).andExpect(status().isNotFound());
+		// @formatter:off
+		this.mvc.perform(get("/").header("Authorization", "Bearer " + token))
+				.andExpect(status().isNotFound());
+		// @formatter:on
 	}
 
 	@Test
@@ -145,7 +149,10 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 		this.spring.configLocations(xml("WebServer"), xml("JwkSetUri")).autowire();
 		mockWebServer(jwks("Default"));
 		String token = this.token("ValidNoScopes");
-		this.mvc.perform(get("/").header("Authorization", "Bearer " + token)).andExpect(status().isNotFound());
+		// @formatter:off
+		this.mvc.perform(get("/").header("Authorization", "Bearer " + token))
+				.andExpect(status().isNotFound());
+		// @formatter:on
 	}
 
 	@Test
@@ -153,8 +160,11 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 		this.spring.configLocations(xml("JwtRestOperations"), xml("Jwt")).autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("Expired");
-		this.mvc.perform(get("/").header("Authorization", "Bearer " + token)).andExpect(status().isUnauthorized())
+		// @formatter:off
+		this.mvc.perform(get("/").header("Authorization", "Bearer " + token))
+				.andExpect(status().isUnauthorized())
 				.andExpect(invalidTokenHeader("An error occurred while attempting to decode the Jwt"));
+		// @formatter:on
 	}
 
 	@Test
@@ -162,8 +172,11 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 		this.spring.configLocations(xml("JwtRestOperations"), xml("Jwt")).autowire();
 		mockRestOperations("malformed");
 		String token = this.token("ValidNoScopes");
-		this.mvc.perform(get("/").header("Authorization", "Bearer " + token)).andExpect(status().isUnauthorized())
+		// @formatter:off
+		this.mvc.perform(get("/").header("Authorization", "Bearer " + token))
+				.andExpect(status().isUnauthorized())
 				.andExpect(header().string("WWW-Authenticate", "Bearer"));
+		// @formatter:on
 	}
 
 	@Test
@@ -171,15 +184,21 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 		this.spring.configLocations(xml("WebServer"), xml("JwkSetUri")).autowire();
 		this.web.shutdown();
 		String token = this.token("ValidNoScopes");
-		this.mvc.perform(get("/").header("Authorization", "Bearer " + token)).andExpect(status().isUnauthorized())
+		// @formatter:off
+		this.mvc.perform(get("/").header("Authorization", "Bearer " + token))
+				.andExpect(status().isUnauthorized())
 				.andExpect(header().string("WWW-Authenticate", "Bearer"));
+		// @formatter:on
 	}
 
 	@Test
 	public void getWhenMalformedBearerTokenThenInvalidToken() throws Exception {
 		this.spring.configLocations(xml("JwkSetUri")).autowire();
+		// @formatter:off
 		this.mvc.perform(get("/").header("Authorization", "Bearer an\"invalid\"token"))
-				.andExpect(status().isUnauthorized()).andExpect(invalidTokenHeader("Bearer token is malformed"));
+				.andExpect(status().isUnauthorized())
+				.andExpect(invalidTokenHeader("Bearer token is malformed"));
+		// @formatter:on
 	}
 
 	@Test
@@ -187,17 +206,22 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 		this.spring.configLocations(xml("JwtRestOperations"), xml("Jwt")).autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("MalformedPayload");
-		this.mvc.perform(get("/").header("Authorization", "Bearer " + token)).andExpect(status().isUnauthorized())
-				.andExpect(
-						invalidTokenHeader("An error occurred while attempting to decode the Jwt: Malformed payload"));
+		// @formatter:off
+		this.mvc.perform(get("/").header("Authorization", "Bearer " + token))
+				.andExpect(status().isUnauthorized())
+				.andExpect(invalidTokenHeader("An error occurred while attempting to decode the Jwt: Malformed payload"));
+		// @formatter:on
 	}
 
 	@Test
 	public void getWhenUnsignedBearerTokenThenInvalidToken() throws Exception {
 		this.spring.configLocations(xml("JwkSetUri")).autowire();
 		String token = this.token("Unsigned");
-		this.mvc.perform(get("/").header("Authorization", "Bearer " + token)).andExpect(status().isUnauthorized())
+		// @formatter:off
+		this.mvc.perform(get("/").header("Authorization", "Bearer " + token))
+				.andExpect(status().isUnauthorized())
 				.andExpect(invalidTokenHeader("Unsupported algorithm of none"));
+		// @formatter:on
 	}
 
 	@Test
@@ -205,16 +229,21 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 		this.spring.configLocations(xml("JwtRestOperations"), xml("Jwt")).autowire();
 		this.mockRestOperations(jwks("Default"));
 		String token = this.token("TooEarly");
-		this.mvc.perform(get("/").header("Authorization", "Bearer " + token)).andExpect(status().isUnauthorized())
+		// @formatter:off
+		this.mvc.perform(get("/").header("Authorization", "Bearer " + token))
+				.andExpect(status().isUnauthorized())
 				.andExpect(invalidTokenHeader("An error occurred while attempting to decode the Jwt"));
+		// @formatter:on
 	}
 
 	@Test
 	public void getWhenBearerTokenInTwoPlacesThenInvalidRequest() throws Exception {
 		this.spring.configLocations(xml("JwkSetUri")).autowire();
+		// @formatter:off
 		this.mvc.perform(get("/").header("Authorization", "Bearer token").param("access_token", "token"))
 				.andExpect(status().isBadRequest())
 				.andExpect(invalidRequestHeader("Found multiple bearer tokens in the request"));
+		// @formatter:on
 	}
 
 	@Test
@@ -223,8 +252,11 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 		MultiValueMap<String, String> params = new LinkedMultiValueMap<>();
 		params.add("access_token", "token1");
 		params.add("access_token", "token2");
-		this.mvc.perform(get("/").params(params)).andExpect(status().isBadRequest())
+		// @formatter:off
+		this.mvc.perform(get("/").params(params))
+				.andExpect(status().isBadRequest())
 				.andExpect(invalidRequestHeader("Found multiple bearer tokens in the request"));
+		// @formatter:on
 	}
 
 	@Test
@@ -240,8 +272,11 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 	@Test
 	public void getWhenNoBearerTokenThenUnauthorized() throws Exception {
 		this.spring.configLocations(xml("JwkSetUri")).autowire();
-		this.mvc.perform(get("/")).andExpect(status().isUnauthorized())
+		// @formatter:off
+		this.mvc.perform(get("/"))
+				.andExpect(status().isUnauthorized())
 				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, "Bearer"));
+		// @formatter:on
 	}
 
 	@Test
@@ -249,8 +284,10 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 		this.spring.configLocations(xml("JwtRestOperations"), xml("Jwt")).autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("ValidMessageReadScope");
+		// @formatter:off
 		this.mvc.perform(get("/requires-read-scope").header("Authorization", "Bearer " + token))
 				.andExpect(status().isNotFound());
+		// @formatter:on
 	}
 
 	@Test
@@ -258,8 +295,11 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 		this.spring.configLocations(xml("JwtRestOperations"), xml("Jwt")).autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("ValidNoScopes");
+		// @formatter:off
 		this.mvc.perform(get("/requires-read-scope").header("Authorization", "Bearer " + token))
-				.andExpect(status().isForbidden()).andExpect(insufficientScopeHeader());
+				.andExpect(status().isForbidden())
+				.andExpect(insufficientScopeHeader());
+		// @formatter:on
 	}
 
 	@Test
@@ -267,8 +307,11 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 		this.spring.configLocations(xml("JwtRestOperations"), xml("Jwt")).autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("ValidMessageWriteScp");
+		// @formatter:off
 		this.mvc.perform(get("/requires-read-scope").header("Authorization", "Bearer " + token))
-				.andExpect(status().isForbidden()).andExpect(insufficientScopeHeader());
+				.andExpect(status().isForbidden())
+				.andExpect(insufficientScopeHeader());
+		// @formatter:on
 	}
 
 	@Test
@@ -276,8 +319,11 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 		this.spring.configLocations(xml("JwtRestOperations"), xml("Jwt")).autowire();
 		mockRestOperations(jwks("Empty"));
 		String token = this.token("ValidNoScopes");
-		this.mvc.perform(get("/").header("Authorization", "Bearer " + token)).andExpect(status().isUnauthorized())
+		// @formatter:off
+		this.mvc.perform(get("/").header("Authorization", "Bearer " + token))
+				.andExpect(status().isUnauthorized())
 				.andExpect(invalidTokenHeader("An error occurred while attempting to decode the Jwt"));
+		// @formatter:on
 	}
 
 	@Test
@@ -285,8 +331,10 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 		this.spring.configLocations(xml("JwtRestOperations"), xml("Jwt")).autowire();
 		mockRestOperations(jwks("TwoKeys"));
 		String token = this.token("ValidNoScopes");
+		// @formatter:off
 		this.mvc.perform(get("/authenticated").header("Authorization", "Bearer " + token))
 				.andExpect(status().isNotFound());
+		// @formatter:on
 	}
 
 	@Test
@@ -294,8 +342,10 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 		this.spring.configLocations(xml("JwtRestOperations"), xml("Jwt")).autowire();
 		mockRestOperations(jwks("TwoKeys"));
 		String token = this.token("Kid");
+		// @formatter:off
 		this.mvc.perform(get("/authenticated").header("Authorization", "Bearer " + token))
 				.andExpect(status().isNotFound());
+		// @formatter:on
 	}
 
 	@Test
@@ -303,17 +353,21 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 		this.spring.configLocations(xml("JwtRestOperations"), xml("Jwt")).autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("ValidNoScopes");
+		// @formatter:off
 		this.mvc.perform(post("/authenticated").header("Authorization", "Bearer " + token))
 				.andExpect(status().isNotFound());
+		// @formatter:on
 	}
 
 	@Test
 	public void postWhenNoBearerTokenThenCsrfDenies() throws Exception {
 		this.spring.configLocations(xml("JwkSetUri")).autowire();
-		this.mvc.perform(post("/authenticated")).andExpect(status().isForbidden())
-				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, "Bearer")); // different
-																						// from
-																						// DSL
+		// @formatter:off
+		this.mvc.perform(post("/authenticated"))
+				.andExpect(status().isForbidden())
+				// different from DSL
+				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, "Bearer"));
+		// @formatter:on
 	}
 
 	@Test
@@ -321,9 +375,11 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 		this.spring.configLocations(xml("JwtRestOperations"), xml("Jwt")).autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("Expired");
+		// @formatter:off
 		this.mvc.perform(post("/authenticated").header("Authorization", "Bearer " + token))
 				.andExpect(status().isUnauthorized())
 				.andExpect(invalidTokenHeader("An error occurred while attempting to decode the Jwt"));
+		// @formatter:on
 	}
 
 	@Test
@@ -331,8 +387,11 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 		this.spring.configLocations(xml("JwtRestOperations"), xml("Jwt")).autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("ValidNoScopes");
+		// @formatter:off
 		MvcResult result = this.mvc.perform(get("/").header("Authorization", "Bearer " + token))
-				.andExpect(status().isNotFound()).andReturn();
+				.andExpect(status().isNotFound())
+				.andReturn();
+		// @formatter:on
 		assertThat(result.getRequest().getSession(false)).isNull();
 	}
 
@@ -340,15 +399,22 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 	public void requestWhenIntrospectionThenSessionIsNotCreated() throws Exception {
 		this.spring.configLocations(xml("WebServer"), xml("IntrospectionUri")).autowire();
 		mockWebServer(json("Active"));
+		// @formatter:off
 		MvcResult result = this.mvc.perform(get("/authenticated").header("Authorization", "Bearer token"))
-				.andExpect(status().isNotFound()).andReturn();
+				.andExpect(status().isNotFound())
+				.andReturn();
+		// @formatter:on
 		assertThat(result.getRequest().getSession(false)).isNull();
 	}
 
 	@Test
 	public void requestWhenNoBearerTokenThenSessionIsCreated() throws Exception {
 		this.spring.configLocations(xml("JwkSetUri")).autowire();
-		MvcResult result = this.mvc.perform(get("/")).andExpect(status().isUnauthorized()).andReturn();
+		// @formatter:off
+		MvcResult result = this.mvc.perform(get("/"))
+				.andExpect(status().isUnauthorized())
+				.andReturn();
+		// @formatter:on
 		assertThat(result.getRequest().getSession(false)).isNotNull();
 	}
 
@@ -357,8 +423,11 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 		this.spring.configLocations(xml("JwtRestOperations"), xml("AlwaysSessionCreation")).autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("ValidNoScopes");
+		// @formatter:off
 		MvcResult result = this.mvc.perform(get("/").header("Authorization", "Bearer " + token))
-				.andExpect(status().isNotFound()).andReturn();
+				.andExpect(status().isNotFound())
+				.andReturn();
+		// @formatter:on
 		assertThat(result.getRequest().getSession(false)).isNotNull();
 	}
 
@@ -381,9 +450,12 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 		this.spring.configLocations(xml("MockJwtDecoder"), xml("AllowBearerTokenInBody")).autowire();
 		JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class);
 		given(decoder.decode(anyString())).willReturn(TestJwts.jwt().build());
+		// @formatter:off
 		this.mvc.perform(get("/authenticated").header("Authorization", "Bearer token"))
 				.andExpect(status().isNotFound());
-		this.mvc.perform(post("/authenticated").param("access_token", "token")).andExpect(status().isNotFound());
+		this.mvc.perform(post("/authenticated").param("access_token", "token"))
+				.andExpect(status().isNotFound());
+		// @formatter:on
 	}
 
 	@Test
@@ -392,9 +464,12 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 		this.spring.configLocations(xml("MockJwtDecoder"), xml("AllowBearerTokenInQuery")).autowire();
 		JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class);
 		given(decoder.decode(anyString())).willReturn(TestJwts.jwt().build());
+		// @formatter:off
 		this.mvc.perform(get("/authenticated").header("Authorization", "Bearer token"))
 				.andExpect(status().isNotFound());
-		this.mvc.perform(get("/authenticated").param("access_token", "token")).andExpect(status().isNotFound());
+		this.mvc.perform(get("/authenticated").param("access_token", "token"))
+				.andExpect(status().isNotFound());
+		// @formatter:on
 		verify(decoder, times(2)).decode("token");
 	}
 
@@ -402,18 +477,29 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 	public void requestWhenBearerTokenResolverAllowsRequestBodyAndRequestContainsTwoTokensThenInvalidRequest()
 			throws Exception {
 		this.spring.configLocations(xml("MockJwtDecoder"), xml("AllowBearerTokenInBody")).autowire();
-		this.mvc.perform(post("/authenticated").param("access_token", "token").header("Authorization", "Bearer token")
-				.with(csrf())).andExpect(status().isBadRequest())
+		// @formatter:off
+		MockHttpServletRequestBuilder request = post("/authenticated")
+				.param("access_token", "token")
+				.header("Authorization", "Bearer token")
+				.with(csrf());
+		this.mvc.perform(request)
+				.andExpect(status().isBadRequest())
 				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, containsString("invalid_request")));
+		// @formatter:on
 	}
 
 	@Test
 	public void requestWhenBearerTokenResolverAllowsQueryParameterAndRequestContainsTwoTokensThenInvalidRequest()
 			throws Exception {
 		this.spring.configLocations(xml("MockJwtDecoder"), xml("AllowBearerTokenInQuery")).autowire();
-		this.mvc.perform(get("/authenticated").header("Authorization", "Bearer token").param("access_token", "token"))
+		// @formatter:off
+		MockHttpServletRequestBuilder request = get("/authenticated")
+				.header("Authorization", "Bearer token")
+				.param("access_token", "token");
+		this.mvc.perform(request)
 				.andExpect(status().isBadRequest())
 				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, containsString("invalid_request")));
+		// @formatter:on
 	}
 
 	@Test
@@ -444,9 +530,11 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 		this.spring.configLocations(xml("MockJwtDecoder"), xml("AuthenticationEntryPoint")).autowire();
 		JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class);
 		Mockito.when(decoder.decode(anyString())).thenThrow(JwtException.class);
+		// @formatter:off
 		this.mvc.perform(get("/authenticated").header("Authorization", "Bearer invalid_token"))
 				.andExpect(status().isUnauthorized())
 				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer realm=\"myRealm\"")));
+		// @formatter:on
 	}
 
 	@Test
@@ -454,9 +542,11 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 		this.spring.configLocations(xml("MockJwtDecoder"), xml("AccessDeniedHandler")).autowire();
 		JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class);
 		given(decoder.decode(anyString())).willReturn(TestJwts.jwt().build());
+		// @formatter:off
 		this.mvc.perform(get("/authenticated").header("Authorization", "Bearer insufficiently_scoped"))
 				.andExpect(status().isForbidden())
 				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer realm=\"myRealm\"")));
+		// @formatter:on
 	}
 
 	@Test
@@ -467,8 +557,11 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 		OAuth2TokenValidator<Jwt> jwtValidator = this.spring.getContext().getBean(OAuth2TokenValidator.class);
 		OAuth2Error error = new OAuth2Error("custom-error", "custom-description", "custom-uri");
 		given(jwtValidator.validate(any(Jwt.class))).willReturn(OAuth2TokenValidatorResult.failure(error));
-		this.mvc.perform(get("/").header("Authorization", "Bearer " + token)).andExpect(status().isUnauthorized())
+		// @formatter:off
+		this.mvc.perform(get("/").header("Authorization", "Bearer " + token))
+				.andExpect(status().isUnauthorized())
 				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, containsString("custom-description")));
+		// @formatter:on
 	}
 
 	@Test
@@ -476,7 +569,10 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 		this.spring.configLocations(xml("UnexpiredJwtClockSkew"), xml("Jwt")).autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("ExpiresAt4687177990");
-		this.mvc.perform(get("/").header("Authorization", "Bearer " + token)).andExpect(status().isNotFound());
+		// @formatter:off
+		this.mvc.perform(get("/").header("Authorization", "Bearer " + token))
+				.andExpect(status().isNotFound());
+		// @formatter:on
 	}
 
 	@Test
@@ -484,8 +580,11 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 		this.spring.configLocations(xml("ExpiredJwtClockSkew"), xml("Jwt")).autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("ExpiresAt4687177990");
-		this.mvc.perform(get("/").header("Authorization", "Bearer " + token)).andExpect(status().isUnauthorized())
+		// @formatter:off
+		this.mvc.perform(get("/").header("Authorization", "Bearer " + token))
+				.andExpect(status().isUnauthorized())
 				.andExpect(invalidTokenHeader("Jwt expired at"));
+		// @formatter:on
 	}
 
 	@Test
@@ -498,7 +597,10 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 				.willReturn(new JwtAuthenticationToken(TestJwts.jwt().build(), Collections.emptyList()));
 		JwtDecoder jwtDecoder = this.spring.getContext().getBean(JwtDecoder.class);
 		given(jwtDecoder.decode(anyString())).willReturn(TestJwts.jwt().build());
-		this.mvc.perform(get("/").header("Authorization", "Bearer token")).andExpect(status().isNotFound());
+		// @formatter:off
+		this.mvc.perform(get("/").header("Authorization", "Bearer token"))
+				.andExpect(status().isNotFound());
+		// @formatter:on
 		verify(jwtAuthenticationConverter).convert(any(Jwt.class));
 	}
 
@@ -506,49 +608,64 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 	public void requestWhenUsingPublicKeyAndValidTokenThenAuthenticates() throws Exception {
 		this.spring.configLocations(xml("SingleKey"), xml("Jwt")).autowire();
 		String token = this.token("ValidNoScopes");
-		this.mvc.perform(get("/").header("Authorization", "Bearer " + token)).andExpect(status().isNotFound());
+		// @formatter:off
+		this.mvc.perform(get("/").header("Authorization", "Bearer " + token))
+				.andExpect(status().isNotFound());
+		// @formatter:on
 	}
 
 	@Test
 	public void requestWhenUsingPublicKeyAndSignatureFailsThenReturnsInvalidToken() throws Exception {
 		this.spring.configLocations(xml("SingleKey"), xml("Jwt")).autowire();
 		String token = this.token("WrongSignature");
+		// @formatter:off
 		this.mvc.perform(get("/").header("Authorization", "Bearer " + token))
 				.andExpect(invalidTokenHeader("signature"));
+		// @formatter:on
 	}
 
 	@Test
 	public void requestWhenUsingPublicKeyAlgorithmDoesNotMatchThenReturnsInvalidToken() throws Exception {
 		this.spring.configLocations(xml("SingleKey"), xml("Jwt")).autowire();
 		String token = this.token("WrongAlgorithm");
+		// @formatter:off
 		this.mvc.perform(get("/").header("Authorization", "Bearer " + token))
 				.andExpect(invalidTokenHeader("algorithm"));
+		// @formatter:on
 	}
 
 	@Test
 	public void getWhenIntrospectingThenOk() throws Exception {
 		this.spring.configLocations(xml("OpaqueTokenRestOperations"), xml("OpaqueToken")).autowire();
 		mockRestOperations(json("Active"));
+		// @formatter:off
 		this.mvc.perform(get("/authenticated").header("Authorization", "Bearer token"))
 				.andExpect(status().isNotFound());
+		// @formatter:on
 	}
 
 	@Test
 	public void getWhenIntrospectionFailsThenUnauthorized() throws Exception {
 		this.spring.configLocations(xml("OpaqueTokenRestOperations"), xml("OpaqueToken")).autowire();
 		mockRestOperations(json("Inactive"));
-		this.mvc.perform(get("/").header("Authorization", "Bearer token")).andExpect(status().isUnauthorized())
-				.andExpect(
-						header().string(HttpHeaders.WWW_AUTHENTICATE, containsString("Provided token isn't active")));
+		// @formatter:off
+		MockHttpServletRequestBuilder request = get("/")
+				.header("Authorization", "Bearer token");
+		this.mvc.perform(request)
+				.andExpect(status().isUnauthorized())
+				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, containsString("Provided token isn't active")));
+		// @formatter:on
 	}
 
 	@Test
 	public void getWhenIntrospectionLacksScopeThenForbidden() throws Exception {
 		this.spring.configLocations(xml("OpaqueTokenRestOperations"), xml("OpaqueToken")).autowire();
 		mockRestOperations(json("ActiveNoScopes"));
+		// @formatter:off
 		this.mvc.perform(get("/requires-read-scope").header("Authorization", "Bearer token"))
 				.andExpect(status().isForbidden())
 				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, containsString("scope")));
+		// @formatter:on
 	}
 
 	@Test
@@ -570,7 +687,10 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 				.getBean(AuthenticationManagerResolver.class);
 		given(authenticationManagerResolver.resolve(any(HttpServletRequest.class))).willReturn(
 				(authentication) -> new JwtAuthenticationToken(TestJwts.jwt().build(), Collections.emptyList()));
-		this.mvc.perform(get("/").header("Authorization", "Bearer token")).andExpect(status().isNotFound());
+		// @formatter:off
+		this.mvc.perform(get("/").header("Authorization", "Bearer token"))
+				.andExpect(status().isNotFound());
+		// @formatter:on
 		verify(authenticationManagerResolver).resolve(any(HttpServletRequest.class));
 	}
 
@@ -589,16 +709,23 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 		String jwtThree = jwtFromIssuer(issuerThree);
 		mockWebServer(String.format(metadata, issuerOne, issuerOne));
 		mockWebServer(jwkSet);
+		// @formatter:off
 		this.mvc.perform(get("/authenticated").header("Authorization", "Bearer " + jwtOne))
 				.andExpect(status().isNotFound());
+		// @formatter:on
 		mockWebServer(String.format(metadata, issuerTwo, issuerTwo));
 		mockWebServer(jwkSet);
+		// @formatter:off
 		this.mvc.perform(get("/authenticated").header("Authorization", "Bearer " + jwtTwo))
 				.andExpect(status().isNotFound());
+		// @formatter:on
 		mockWebServer(String.format(metadata, issuerThree, issuerThree));
 		mockWebServer(jwkSet);
+		// @formatter:off
 		this.mvc.perform(get("/authenticated").header("Authorization", "Bearer " + jwtThree))
-				.andExpect(status().isUnauthorized()).andExpect(invalidTokenHeader("Invalid issuer"));
+				.andExpect(status().isUnauthorized())
+				.andExpect(invalidTokenHeader("Invalid issuer"));
+		// @formatter:on
 	}
 
 	@Test
@@ -607,13 +734,17 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 		this.spring.configLocations(xml("MockJwtDecoder"), xml("BasicAndResourceServer")).autowire();
 		JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class);
 		given(decoder.decode(anyString())).willThrow(JwtException.class);
-		this.mvc.perform(get("/authenticated").with(httpBasic("some", "user"))).andExpect(status().isUnauthorized())
+		// @formatter:off
+		this.mvc.perform(get("/authenticated").with(httpBasic("some", "user")))
+				.andExpect(status().isUnauthorized())
 				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, startsWith("Basic")));
-		this.mvc.perform(get("/authenticated")).andExpect(status().isUnauthorized())
+		this.mvc.perform(get("/authenticated"))
+				.andExpect(status().isUnauthorized())
 				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer")));
 		this.mvc.perform(get("/authenticated").header("Authorization", "Bearer invalid_token"))
 				.andExpect(status().isUnauthorized())
 				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer")));
+		// @formatter:on
 	}
 
 	@Test
@@ -624,8 +755,11 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 		given(decoder.decode(anyString())).willThrow(JwtException.class);
 		MvcResult result = this.mvc.perform(get("/authenticated")).andExpect(status().isUnauthorized()).andReturn();
 		assertThat(result.getRequest().getSession(false)).isNotNull();
+		// @formatter:off
 		result = this.mvc.perform(get("/authenticated").header("Authorization", "Bearer token"))
-				.andExpect(status().isUnauthorized()).andReturn();
+				.andExpect(status().isUnauthorized())
+				.andReturn();
+		// @formatter:on
 		assertThat(result.getRequest().getSession(false)).isNull();
 	}
 
@@ -634,9 +768,12 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 		this.spring.configLocations(xml("JwtRestOperations"), xml("BasicAndResourceServer")).autowire();
 		mockRestOperations(jwks("Default"));
 		String token = this.token("ValidNoScopes");
+		// @formatter:off
 		this.mvc.perform(get("/authenticated").header("Authorization", "Bearer " + token))
 				.andExpect(status().isNotFound());
-		this.mvc.perform(get("/authenticated").with(httpBasic("user", "password"))).andExpect(status().isNotFound());
+		this.mvc.perform(get("/authenticated").with(httpBasic("user", "password")))
+				.andExpect(status().isNotFound());
+		// @formatter:on
 	}
 
 	@Test
diff --git a/config/src/test/java/org/springframework/security/config/http/OpenIDConfigTests.java b/config/src/test/java/org/springframework/security/config/http/OpenIDConfigTests.java
index 904b3e6a28..2e0daeb96b 100644
--- a/config/src/test/java/org/springframework/security/config/http/OpenIDConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/OpenIDConfigTests.java
@@ -40,6 +40,7 @@ import org.springframework.security.web.FilterChainProxy;
 import org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices;
 import org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter;
 import org.springframework.test.web.servlet.MockMvc;
+import org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RestController;
 
@@ -73,21 +74,32 @@ public class OpenIDConfigTests {
 	@Test
 	public void requestWhenOpenIDAndFormLoginBothConfiguredThenRedirectsToGeneratedLoginPage() throws Exception {
 		this.spring.configLocations(this.xml("WithFormLogin")).autowire();
-		this.mvc.perform(get("/")).andExpect(status().isFound()).andExpect(redirectedUrl("http://localhost/login"));
+		// @formatter:off
+		this.mvc.perform(get("/"))
+				.andExpect(status().isFound())
+				.andExpect(redirectedUrl("http://localhost/login"));
+		// @formatter:on
 		assertThat(getFilter(DefaultLoginPageGeneratingFilter.class)).isNotNull();
 	}
 
 	@Test
 	public void requestWhenOpenIDAndFormLoginWithFormLoginPageConfiguredThenFormLoginPageWins() throws Exception {
 		this.spring.configLocations(this.xml("WithFormLoginPage")).autowire();
-		this.mvc.perform(get("/")).andExpect(status().isFound()).andExpect(redirectedUrl("http://localhost/form-page"));
+		// @formatter:off
+		this.mvc.perform(get("/"))
+				.andExpect(status().isFound())
+				.andExpect(redirectedUrl("http://localhost/form-page"));
+		// @formatter:on
 	}
 
 	@Test
 	public void requestWhenOpenIDAndFormLoginWithOpenIDLoginPageConfiguredThenOpenIDLoginPageWins() throws Exception {
 		this.spring.configLocations(this.xml("WithOpenIDLoginPageAndFormLogin")).autowire();
-		this.mvc.perform(get("/")).andExpect(status().isFound())
+		// @formatter:off
+		this.mvc.perform(get("/"))
+				.andExpect(status().isFound())
 				.andExpect(redirectedUrl("http://localhost/openid-page"));
+		// @formatter:on
 	}
 
 	@Test
@@ -110,13 +122,20 @@ public class OpenIDConfigTests {
 		openIDFilter.setConsumer(consumer);
 		String expectedReturnTo = new StringBuilder("http://localhost/login/openid").append("?")
 				.append(AbstractRememberMeServices.DEFAULT_PARAMETER).append("=").append("on").toString();
-		this.mvc.perform(get("/")).andExpect(status().isFound()).andExpect(redirectedUrl("http://localhost/login"));
-		this.mvc.perform(get("/login")).andExpect(status().isOk())
+		// @formatter:off
+		this.mvc.perform(get("/"))
+				.andExpect(status().isFound())
+				.andExpect(redirectedUrl("http://localhost/login"));
+		this.mvc.perform(get("/login"))
+				.andExpect(status().isOk())
 				.andExpect(content().string(containsString(AbstractRememberMeServices.DEFAULT_PARAMETER)));
-		this.mvc.perform(get("/login/openid")
+		MockHttpServletRequestBuilder openidLogin = get("/login/openid")
 				.param(OpenIDAuthenticationFilter.DEFAULT_CLAIMED_IDENTITY_FIELD, "https://ww1.openid.com")
-				.param(AbstractRememberMeServices.DEFAULT_PARAMETER, "on")).andExpect(status().isFound())
+				.param(AbstractRememberMeServices.DEFAULT_PARAMETER, "on");
+		this.mvc.perform(openidLogin)
+				.andExpect(status().isFound())
 				.andExpect(redirectedUrl(openIdEndpointUrl + expectedReturnTo));
+		// @formatter:on
 	}
 
 	@Test
@@ -131,8 +150,7 @@ public class OpenIDConfigTests {
 			server.enqueue(new MockResponse().addHeader(YadisResolver.YADIS_XRDS_LOCATION, endpoint));
 			server.enqueue(new MockResponse()
 					.setBody(String.format("<XRDS><XRD><Service><URI>%s</URI></Service></XRD></XRDS>", endpoint)));
-			this.mvc.perform(
-					get("/login/openid").param(OpenIDAuthenticationFilter.DEFAULT_CLAIMED_IDENTITY_FIELD, endpoint))
+			this.mvc.perform(get("/login/openid").param(OpenIDAuthenticationFilter.DEFAULT_CLAIMED_IDENTITY_FIELD, endpoint))
 					.andExpect(status().isFound())
 					.andExpect((result) -> result.getResponse().getRedirectedUrl().endsWith(
 							"openid.ext1.type.nickname=http%3A%2F%2Fschema.openid.net%2FnamePerson%2Ffriendly&"
@@ -150,7 +168,11 @@ public class OpenIDConfigTests {
 			throws Exception {
 		this.spring.configLocations(this.xml("Sec2919")).autowire();
 		assertThat(getFilter(DefaultLoginPageGeneratingFilter.class)).isNull();
-		this.mvc.perform(get("/login")).andExpect(status().isOk()).andExpect(content().string("a custom login page"));
+		// @formatter:off
+		this.mvc.perform(get("/login"))
+				.andExpect(status().isOk())
+				.andExpect(content().string("a custom login page"));
+		// @formatter:on
 	}
 
 	private <T extends Filter> T getFilter(Class<T> clazz) {
diff --git a/config/src/test/java/org/springframework/security/config/http/PlaceHolderAndELConfigTests.java b/config/src/test/java/org/springframework/security/config/http/PlaceHolderAndELConfigTests.java
index 13478ad795..10d289d8e4 100644
--- a/config/src/test/java/org/springframework/security/config/http/PlaceHolderAndELConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/PlaceHolderAndELConfigTests.java
@@ -54,7 +54,10 @@ public class PlaceHolderAndELConfigTests {
 	public void getWhenUsingPlaceholderThenUnsecuredPatternCorrectlyConfigured() throws Exception {
 		System.setProperty("pattern.nofilters", "/unsecured");
 		this.spring.configLocations(this.xml("UnsecuredPattern")).autowire();
-		this.mvc.perform(get("/unsecured")).andExpect(status().isOk());
+		// @formatter:off
+		this.mvc.perform(get("/unsecured"))
+				.andExpect(status().isOk());
+		// @formatter:on
 	}
 
 	/**
@@ -69,7 +72,9 @@ public class PlaceHolderAndELConfigTests {
 		System.setProperty("auth.failure", "/authFailure");
 		this.spring.configLocations(this.xml("InterceptUrlAndFormLogin")).autowire();
 		// login-page setting
-		this.mvc.perform(get("/secured")).andExpect(redirectedUrl("http://localhost/loginPage"));
+		// @formatter:off
+		this.mvc.perform(get("/secured"))
+				.andExpect(redirectedUrl("http://localhost/loginPage"));
 		// login-processing-url setting
 		// default-target-url setting
 		this.mvc.perform(post("/loginPage").param("username", "user").param("password", "password"))
@@ -77,6 +82,7 @@ public class PlaceHolderAndELConfigTests {
 		// authentication-failure-url setting
 		this.mvc.perform(post("/loginPage").param("username", "user").param("password", "wrong"))
 				.andExpect(redirectedUrl("/authFailure"));
+		// @formatter:on
 	}
 
 	/**
@@ -91,7 +97,9 @@ public class PlaceHolderAndELConfigTests {
 		System.setProperty("auth.failure", "/authFailure");
 		this.spring.configLocations(this.xml("InterceptUrlAndFormLoginWithSpEL")).autowire();
 		// login-page setting
-		this.mvc.perform(get("/secured")).andExpect(redirectedUrl("http://localhost/loginPage"));
+		// @formatter:off
+		this.mvc.perform(get("/secured"))
+				.andExpect(redirectedUrl("http://localhost/loginPage"));
 		// login-processing-url setting
 		// default-target-url setting
 		this.mvc.perform(post("/loginPage").param("username", "user").param("password", "password"))
@@ -99,6 +107,7 @@ public class PlaceHolderAndELConfigTests {
 		// authentication-failure-url setting
 		this.mvc.perform(post("/loginPage").param("username", "user").param("password", "wrong"))
 				.andExpect(redirectedUrl("/authFailure"));
+		// @formatter:on
 	}
 
 	@Test
@@ -107,10 +116,14 @@ public class PlaceHolderAndELConfigTests {
 		System.setProperty("http", "9080");
 		System.setProperty("https", "9443");
 		this.spring.configLocations(this.xml("PortMapping")).autowire();
-		this.mvc.perform(get("http://localhost:9080/secured")).andExpect(status().isFound())
+		// @formatter:off
+		this.mvc.perform(get("http://localhost:9080/secured"))
+				.andExpect(status().isFound())
 				.andExpect(redirectedUrl("https://localhost:9443/secured"));
-		this.mvc.perform(get("https://localhost:9443/unsecured")).andExpect(status().isFound())
+		this.mvc.perform(get("https://localhost:9443/unsecured"))
+				.andExpect(status().isFound())
 				.andExpect(redirectedUrl("http://localhost:9080/unsecured"));
+		// @formatter:on
 	}
 
 	@Test
@@ -119,8 +132,11 @@ public class PlaceHolderAndELConfigTests {
 		System.setProperty("secure.url", "/secured");
 		System.setProperty("required.channel", "https");
 		this.spring.configLocations(this.xml("RequiresChannel")).autowire();
-		this.mvc.perform(get("http://localhost/secured")).andExpect(status().isFound())
+		// @formatter:off
+		this.mvc.perform(get("http://localhost/secured"))
+				.andExpect(status().isFound())
 				.andExpect(redirectedUrl("https://localhost/secured"));
+		// @formatter:on
 	}
 
 	@Test
@@ -128,14 +144,20 @@ public class PlaceHolderAndELConfigTests {
 	public void requestWhenUsingPlaceholderThenAccessDeniedPageWorks() throws Exception {
 		System.setProperty("accessDenied", "/go-away");
 		this.spring.configLocations(this.xml("AccessDeniedPage")).autowire();
-		this.mvc.perform(get("/secured")).andExpect(forwardedUrl("/go-away"));
+		// @formatter:off
+		this.mvc.perform(get("/secured"))
+				.andExpect(forwardedUrl("/go-away"));
+		// @formatter:on
 	}
 
 	@Test
 	@WithMockUser
 	public void requestWhenUsingSpELThenAccessDeniedPageWorks() throws Exception {
 		this.spring.configLocations(this.xml("AccessDeniedPageWithSpEL")).autowire();
-		this.mvc.perform(get("/secured")).andExpect(forwardedUrl("/go-away"));
+		// @formatter:off
+		this.mvc.perform(get("/secured"))
+				.andExpect(forwardedUrl("/go-away"));
+		// @formatter:on
 	}
 
 	private String xml(String configName) {
diff --git a/config/src/test/java/org/springframework/security/config/http/RememberMeConfigTests.java b/config/src/test/java/org/springframework/security/config/http/RememberMeConfigTests.java
index d0067d06c9..37b2ee8aa4 100644
--- a/config/src/test/java/org/springframework/security/config/http/RememberMeConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/RememberMeConfigTests.java
@@ -69,12 +69,17 @@ public class RememberMeConfigTests {
 
 	@Test
 	public void requestWithRememberMeWhenUsingCustomTokenRepositoryThenAutomaticallyReauthenticates() throws Exception {
-		this.spring.configLocations(this.xml("WithTokenRepository")).autowire();
-		MvcResult result = this.rememberAuthentication("user", "password")
+		this.spring.configLocations(xml("WithTokenRepository")).autowire();
+		// @formatter:off
+		MvcResult result = rememberAuthentication("user", "password")
 				.andExpect(cookie().secure(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, false))
 				.andReturn();
+		// @formatter:on
 		Cookie cookie = rememberMeCookie(result);
-		this.mvc.perform(get("/authenticated").cookie(cookie)).andExpect(status().isOk());
+		// @formatter:off
+		this.mvc.perform(get("/authenticated").cookie(cookie))
+				.andExpect(status().isOk());
+		// @formatter:on
 		JdbcTemplate template = this.spring.getContext().getBean(JdbcTemplate.class);
 		int count = template.queryForObject("select count(*) from persistent_logins", int.class);
 		assertThat(count).isEqualTo(1);
@@ -82,30 +87,40 @@ public class RememberMeConfigTests {
 
 	@Test
 	public void requestWithRememberMeWhenUsingCustomDataSourceThenAutomaticallyReauthenticates() throws Exception {
-		this.spring.configLocations(this.xml("WithDataSource")).autowire();
+		this.spring.configLocations(xml("WithDataSource")).autowire();
 		TestDataSource dataSource = this.spring.getContext().getBean(TestDataSource.class);
 		JdbcTemplate template = new JdbcTemplate(dataSource);
 		template.execute(JdbcTokenRepositoryImpl.CREATE_TABLE_SQL);
-		MvcResult result = this.rememberAuthentication("user", "password")
+		// @formatter:off
+		MvcResult result = rememberAuthentication("user", "password")
 				.andExpect(cookie().secure(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, false))
 				.andReturn();
+		// @formatter:on
 		Cookie cookie = rememberMeCookie(result);
-		this.mvc.perform(get("/authenticated").cookie(cookie)).andExpect(status().isOk());
+		// @formatter:off
+		this.mvc.perform(get("/authenticated").cookie(cookie))
+				.andExpect(status().isOk());
+		// @formatter:on
 		int count = template.queryForObject("select count(*) from persistent_logins", int.class);
 		assertThat(count).isEqualTo(1);
 	}
 
 	@Test
 	public void requestWithRememberMeWhenUsingAuthenticationSuccessHandlerThenInvokesHandler() throws Exception {
-		this.spring.configLocations(this.xml("WithAuthenticationSuccessHandler")).autowire();
+		this.spring.configLocations(xml("WithAuthenticationSuccessHandler")).autowire();
 		TestDataSource dataSource = this.spring.getContext().getBean(TestDataSource.class);
 		JdbcTemplate template = new JdbcTemplate(dataSource);
 		template.execute(JdbcTokenRepositoryImpl.CREATE_TABLE_SQL);
-		MvcResult result = this.rememberAuthentication("user", "password")
+		// @formatter:off
+		MvcResult result = rememberAuthentication("user", "password")
 				.andExpect(cookie().secure(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, false))
 				.andReturn();
+		// @formatter:on
 		Cookie cookie = rememberMeCookie(result);
-		this.mvc.perform(get("/authenticated").cookie(cookie)).andExpect(redirectedUrl("/target"));
+		// @formatter:off
+		this.mvc.perform(get("/authenticated").cookie(cookie))
+				.andExpect(redirectedUrl("/target"));
+		// @formatter:on
 		int count = template.queryForObject("select count(*) from persistent_logins", int.class);
 		assertThat(count).isEqualTo(1);
 	}
@@ -113,64 +128,78 @@ public class RememberMeConfigTests {
 	@Test
 	public void requestWithRememberMeWhenUsingCustomRememberMeServicesThenAuthenticates() throws Exception {
 		// SEC-1281 - using key with external services
-		this.spring.configLocations(this.xml("WithServicesRef")).autowire();
-		MvcResult result = this.rememberAuthentication("user", "password")
+		this.spring.configLocations(xml("WithServicesRef")).autowire();
+		// @formatter:off
+		MvcResult result = rememberAuthentication("user", "password")
 				.andExpect(cookie().secure(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, false))
 				.andExpect(cookie().maxAge(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, 5000))
 				.andReturn();
+		// @formatter:on
 		Cookie cookie = rememberMeCookie(result);
-		this.mvc.perform(get("/authenticated").cookie(cookie)).andExpect(status().isOk());
+		// @formatter:off
+		this.mvc.perform(get("/authenticated").cookie(cookie))
+				.andExpect(status().isOk());
 		// SEC-909
 		this.mvc.perform(post("/logout").cookie(cookie).with(csrf()))
 				.andExpect(cookie().maxAge(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, 0))
 				.andReturn();
+		// @formatter:on
 	}
 
 	@Test
 	public void logoutWhenUsingRememberMeDefaultsThenCookieIsCancelled() throws Exception {
-		this.spring.configLocations(this.xml("DefaultConfig")).autowire();
-		MvcResult result = this.rememberAuthentication("user", "password").andReturn();
+		this.spring.configLocations(xml("DefaultConfig")).autowire();
+		MvcResult result = rememberAuthentication("user", "password").andReturn();
 		Cookie cookie = rememberMeCookie(result);
+		// @formatter:off
 		this.mvc.perform(post("/logout").cookie(cookie).with(csrf()))
 				.andExpect(cookie().maxAge(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, 0));
+		// @formatter:on
 	}
 
 	@Test
 	public void requestWithRememberMeWhenTokenValidityIsConfiguredThenCookieReflectsCorrectExpiration()
 			throws Exception {
-		this.spring.configLocations(this.xml("TokenValidity")).autowire();
-		MvcResult result = this.rememberAuthentication("user", "password")
+		this.spring.configLocations(xml("TokenValidity")).autowire();
+		// @formatter:off
+		MvcResult result = rememberAuthentication("user", "password")
 				.andExpect(cookie().maxAge(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, 10000))
 				.andReturn();
+		// @formatter:on
 		Cookie cookie = rememberMeCookie(result);
-		this.mvc.perform(get("/authenticated").cookie(cookie)).andExpect(status().isOk());
+		// @formatter:off
+		this.mvc.perform(get("/authenticated").cookie(cookie))
+				.andExpect(status().isOk());
+		// @formatter:on
 	}
 
 	@Test
 	public void requestWithRememberMeWhenTokenValidityIsNegativeThenCookieReflectsCorrectExpiration() throws Exception {
-		this.spring.configLocations(this.xml("NegativeTokenValidity")).autowire();
-		this.rememberAuthentication("user", "password")
+		this.spring.configLocations(xml("NegativeTokenValidity")).autowire();
+		// @formatter:off
+		rememberAuthentication("user", "password")
 				.andExpect(cookie().maxAge(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, -1));
+		// @formatter:on
 	}
 
 	@Test
 	public void configureWhenUsingDataSourceAndANegativeTokenValidityThenThrowsWiringException() {
 		assertThatExceptionOfType(FatalBeanException.class).isThrownBy(
-				() -> this.spring.configLocations(this.xml("NegativeTokenValidityWithDataSource")).autowire());
+				() -> this.spring.configLocations(xml("NegativeTokenValidityWithDataSource")).autowire());
 	}
 
 	@Test
 	public void requestWithRememberMeWhenTokenValidityIsResolvedByPropertyPlaceholderThenCookieReflectsCorrectExpiration()
 			throws Exception {
-		this.spring.configLocations(this.xml("Sec2165")).autowire();
-		this.rememberAuthentication("user", "password")
+		this.spring.configLocations(xml("Sec2165")).autowire();
+		rememberAuthentication("user", "password")
 				.andExpect(cookie().maxAge(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, 30));
 	}
 
 	@Test
 	public void requestWithRememberMeWhenUseSecureCookieIsTrueThenCookieIsSecure() throws Exception {
-		this.spring.configLocations(this.xml("SecureCookie")).autowire();
-		this.rememberAuthentication("user", "password")
+		this.spring.configLocations(xml("SecureCookie")).autowire();
+		rememberAuthentication("user", "password")
 				.andExpect(cookie().secure(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, true));
 	}
 
@@ -179,27 +208,30 @@ public class RememberMeConfigTests {
 	 */
 	@Test
 	public void requestWithRememberMeWhenUseSecureCookieIsFalseThenCookieIsNotSecure() throws Exception {
-		this.spring.configLocations(this.xml("Sec1827")).autowire();
-		this.rememberAuthentication("user", "password")
+		this.spring.configLocations(xml("Sec1827")).autowire();
+		rememberAuthentication("user", "password")
 				.andExpect(cookie().secure(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, false));
 	}
 
 	@Test
 	public void configureWhenUsingPersistentTokenRepositoryAndANegativeTokenValidityThenThrowsWiringException() {
 		assertThatExceptionOfType(BeanDefinitionParsingException.class).isThrownBy(() -> this.spring
-				.configLocations(this.xml("NegativeTokenValidityWithPersistentRepository")).autowire());
+				.configLocations(xml("NegativeTokenValidityWithPersistentRepository")).autowire());
 	}
 
 	@Test
 	public void requestWithRememberMeWhenUsingCustomUserDetailsServiceThenInvokesThisUserDetailsService()
 			throws Exception {
-		this.spring.configLocations(this.xml("WithUserDetailsService")).autowire();
+		this.spring.configLocations(xml("WithUserDetailsService")).autowire();
 		UserDetailsService userDetailsService = this.spring.getContext().getBean(UserDetailsService.class);
 		given(userDetailsService.loadUserByUsername("user"))
 				.willAnswer((invocation) -> new User("user", "{noop}password", Collections.emptyList()));
-		MvcResult result = this.rememberAuthentication("user", "password").andReturn();
+		MvcResult result = rememberAuthentication("user", "password").andReturn();
 		Cookie cookie = rememberMeCookie(result);
-		this.mvc.perform(get("/authenticated").cookie(cookie)).andExpect(status().isOk());
+		// @formatter:off
+		this.mvc.perform(get("/authenticated").cookie(cookie))
+				.andExpect(status().isOk());
+		// @formatter:on
 		verify(userDetailsService, atLeastOnce()).loadUserByUsername("user");
 	}
 
@@ -208,11 +240,17 @@ public class RememberMeConfigTests {
 	 */
 	@Test
 	public void requestWithRememberMeWhenExcludingBasicAuthenticationFilterThenStillReauthenticates() throws Exception {
-		this.spring.configLocations(this.xml("Sec742")).autowire();
+		this.spring.configLocations(xml("Sec742")).autowire();
+		// @formatter:off
 		MvcResult result = this.mvc.perform(login("user", "password").param("remember-me", "true").with(csrf()))
-				.andExpect(redirectedUrl("/messageList.html")).andReturn();
+				.andExpect(redirectedUrl("/messageList.html"))
+				.andReturn();
+		// @formatter:on
 		Cookie cookie = rememberMeCookie(result);
-		this.mvc.perform(get("/authenticated").cookie(cookie)).andExpect(status().isOk());
+		// @formatter:off
+		this.mvc.perform(get("/authenticated").cookie(cookie))
+				.andExpect(status().isOk());
+		// @formatter:on
 	}
 
 	/**
@@ -220,18 +258,26 @@ public class RememberMeConfigTests {
 	 */
 	@Test
 	public void requestWithRememberMeWhenUsingCustomRememberMeParameterThenReauthenticates() throws Exception {
-		this.spring.configLocations(this.xml("WithRememberMeParameter")).autowire();
-		MvcResult result = this.mvc
-				.perform(login("user", "password").param("custom-remember-me-parameter", "true").with(csrf()))
-				.andExpect(redirectedUrl("/")).andReturn();
+		this.spring.configLocations(xml("WithRememberMeParameter")).autowire();
+		// @formatter:off
+		MockHttpServletRequestBuilder request = login("user", "password")
+				.param("custom-remember-me-parameter", "true")
+				.with(csrf());
+		MvcResult result = this.mvc.perform(request)
+				.andExpect(redirectedUrl("/"))
+				.andReturn();
+		// @formatter:on
 		Cookie cookie = rememberMeCookie(result);
-		this.mvc.perform(get("/authenticated").cookie(cookie)).andExpect(status().isOk());
+		// @formatter:off
+		this.mvc.perform(get("/authenticated").cookie(cookie))
+				.andExpect(status().isOk());
+		// @formatter:on
 	}
 
 	@Test
 	public void configureWhenUsingRememberMeParameterAndServicesRefThenThrowsWiringException() {
 		assertThatExceptionOfType(BeanDefinitionParsingException.class).isThrownBy(
-				() -> this.spring.configLocations(this.xml("WithRememberMeParameterAndServicesRef")).autowire());
+				() -> this.spring.configLocations(xml("WithRememberMeParameterAndServicesRef")).autowire());
 	}
 
 	/**
@@ -239,8 +285,11 @@ public class RememberMeConfigTests {
 	 */
 	@Test
 	public void authenticateWhenUsingCustomRememberMeCookieNameThenIssuesCookieWithThatName() throws Exception {
-		this.spring.configLocations(this.xml("WithRememberMeCookie")).autowire();
-		this.rememberAuthentication("user", "password").andExpect(cookie().exists("custom-remember-me-cookie"));
+		this.spring.configLocations(xml("WithRememberMeCookie")).autowire();
+		// @formatter:off
+		rememberAuthentication("user", "password")
+				.andExpect(cookie().exists("custom-remember-me-cookie"));
+		// @formatter:on
 	}
 
 	/**
@@ -250,7 +299,7 @@ public class RememberMeConfigTests {
 	public void configureWhenUsingRememberMeCookieAndServicesRefThenThrowsWiringException() {
 		assertThatExceptionOfType(BeanDefinitionParsingException.class)
 				.isThrownBy(
-						() -> this.spring.configLocations(this.xml("WithRememberMeCookieAndServicesRef")).autowire())
+						() -> this.spring.configLocations(xml("WithRememberMeCookieAndServicesRef")).autowire())
 				.withMessageContaining(
 						"Configuration problem: services-ref can't be used in combination with attributes "
 								+ "token-repository-ref,data-source-ref, user-service-ref, token-validity-seconds, "
@@ -258,13 +307,21 @@ public class RememberMeConfigTests {
 	}
 
 	private ResultActions rememberAuthentication(String username, String password) throws Exception {
-		return this.mvc.perform(
-				login(username, password).param(AbstractRememberMeServices.DEFAULT_PARAMETER, "true").with(csrf()))
+		// @formatter:off
+		MockHttpServletRequestBuilder request = login(username, password)
+				.param(AbstractRememberMeServices.DEFAULT_PARAMETER, "true")
+				.with(csrf());
+		return this.mvc.perform(request)
 				.andExpect(redirectedUrl("/"));
+		// @formatter:on
 	}
 
 	private static MockHttpServletRequestBuilder login(String username, String password) {
-		return post("/login").param("username", username).param("password", password);
+		// @formatter:off
+		return post("/login")
+				.param("username", username)
+				.param("password", password);
+		// @formatter:on
 	}
 
 	private static Cookie rememberMeCookie(MvcResult result) {
diff --git a/config/src/test/java/org/springframework/security/config/http/SecurityContextHolderAwareRequestConfigTests.java b/config/src/test/java/org/springframework/security/config/http/SecurityContextHolderAwareRequestConfigTests.java
index d0ecc45474..0399d25cd1 100644
--- a/config/src/test/java/org/springframework/security/config/http/SecurityContextHolderAwareRequestConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/SecurityContextHolderAwareRequestConfigTests.java
@@ -67,14 +67,21 @@ public class SecurityContextHolderAwareRequestConfigTests {
 	@Test
 	public void servletLoginWhenUsingDefaultConfigurationThenUsesSpringSecurity() throws Exception {
 		this.spring.configLocations(this.xml("Simple")).autowire();
-		this.mvc.perform(get("/good-login")).andExpect(status().isOk()).andExpect(content().string("user"));
+		// @formatter:off
+		this.mvc.perform(get("/good-login"))
+				.andExpect(status().isOk())
+				.andExpect(content().string("user"));
+		// @formatter:on
 	}
 
 	@Test
 	public void servletAuthenticateWhenUsingDefaultConfigurationThenUsesSpringSecurity() throws Exception {
 		this.spring.configLocations(this.xml("Simple")).autowire();
-		this.mvc.perform(get("/authenticate")).andExpect(status().isFound())
+		// @formatter:off
+		this.mvc.perform(get("/authenticate"))
+				.andExpect(status().isFound())
 				.andExpect(redirectedUrl("http://localhost/login"));
+		// @formatter:on
 	}
 
 	@Test
@@ -83,8 +90,12 @@ public class SecurityContextHolderAwareRequestConfigTests {
 		MvcResult result = this.mvc.perform(get("/good-login")).andReturn();
 		MockHttpSession session = (MockHttpSession) result.getRequest().getSession(false);
 		assertThat(session).isNotNull();
-		result = this.mvc.perform(get("/do-logout").session(session)).andExpect(status().isOk())
-				.andExpect(content().string("")).andReturn();
+		// @formatter:off
+		result = this.mvc.perform(get("/do-logout").session(session))
+				.andExpect(status().isOk())
+				.andExpect(content().string(""))
+				.andReturn();
+		// @formatter:on
 		session = (MockHttpSession) result.getRequest().getSession(false);
 		assertThat(session).isNull();
 	}
@@ -92,31 +103,47 @@ public class SecurityContextHolderAwareRequestConfigTests {
 	@Test
 	public void servletAuthenticateWhenUsingHttpBasicThenUsesSpringSecurity() throws Exception {
 		this.spring.configLocations(this.xml("HttpBasic")).autowire();
-		this.mvc.perform(get("/authenticate")).andExpect(status().isUnauthorized())
+		// @formatter:off
+		this.mvc.perform(get("/authenticate"))
+				.andExpect(status().isUnauthorized())
 				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, containsString("discworld")));
+		// @formatter:on
 	}
 
 	@Test
 	public void servletAuthenticateWhenUsingFormLoginThenUsesSpringSecurity() throws Exception {
 		this.spring.configLocations(this.xml("FormLogin")).autowire();
-		this.mvc.perform(get("/authenticate")).andExpect(status().isFound())
+		// @formatter:off
+		this.mvc.perform(get("/authenticate"))
+				.andExpect(status().isFound())
 				.andExpect(redirectedUrl("http://localhost/login"));
+		// @formatter:on
 	}
 
 	@Test
 	public void servletLoginWhenUsingMultipleHttpConfigsThenUsesSpringSecurity() throws Exception {
 		this.spring.configLocations(this.xml("MultiHttp")).autowire();
-		this.mvc.perform(get("/good-login")).andExpect(status().isOk()).andExpect(content().string("user"));
-		this.mvc.perform(get("/v2/good-login")).andExpect(status().isOk()).andExpect(content().string("user2"));
+		// @formatter:off
+		this.mvc.perform(get("/good-login"))
+				.andExpect(status().isOk())
+				.andExpect(content().string("user"));
+		this.mvc.perform(get("/v2/good-login"))
+				.andExpect(status().isOk())
+				.andExpect(content().string("user2"));
+		// @formatter:on
 	}
 
 	@Test
 	public void servletAuthenticateWhenUsingMultipleHttpConfigsThenUsesSpringSecurity() throws Exception {
 		this.spring.configLocations(this.xml("MultiHttp")).autowire();
-		this.mvc.perform(get("/authenticate")).andExpect(status().isFound())
+		// @formatter:off
+		this.mvc.perform(get("/authenticate"))
+				.andExpect(status().isFound())
 				.andExpect(redirectedUrl("http://localhost/login"));
-		this.mvc.perform(get("/v2/authenticate")).andExpect(status().isFound())
+		this.mvc.perform(get("/v2/authenticate"))
+				.andExpect(status().isFound())
 				.andExpect(redirectedUrl("http://localhost/login2"));
+		// @formatter:on
 	}
 
 	@Test
@@ -125,15 +152,26 @@ public class SecurityContextHolderAwareRequestConfigTests {
 		MvcResult result = this.mvc.perform(get("/good-login")).andReturn();
 		MockHttpSession session = (MockHttpSession) result.getRequest().getSession(false);
 		assertThat(session).isNotNull();
-		result = this.mvc.perform(get("/do-logout").session(session)).andExpect(status().isOk())
-				.andExpect(content().string("")).andReturn();
+		// @formatter:off
+		result = this.mvc.perform(get("/do-logout").session(session))
+				.andExpect(status().isOk())
+				.andExpect(content().string(""))
+				.andReturn();
+		// @formatter:on
 		session = (MockHttpSession) result.getRequest().getSession(false);
 		assertThat(session).isNotNull();
-		result = this.mvc.perform(get("/v2/good-login")).andReturn();
+		// @formatter:off
+		result = this.mvc.perform(get("/v2/good-login"))
+				.andReturn();
+		// @formatter:on
 		session = (MockHttpSession) result.getRequest().getSession(false);
 		assertThat(session).isNotNull();
-		result = this.mvc.perform(get("/v2/do-logout").session(session)).andExpect(status().isOk())
-				.andExpect(content().string("")).andReturn();
+		// @formatter:off
+		result = this.mvc.perform(get("/v2/do-logout").session(session))
+				.andExpect(status().isOk())
+				.andExpect(content().string(""))
+				.andReturn();
+		// @formatter:on
 		session = (MockHttpSession) result.getRequest().getSession(false);
 		assertThat(session).isNull();
 	}
@@ -143,11 +181,19 @@ public class SecurityContextHolderAwareRequestConfigTests {
 		this.spring.configLocations(this.xml("Logout")).autowire();
 		this.mvc.perform(get("/authenticate")).andExpect(status().isFound())
 				.andExpect(redirectedUrl("http://localhost/signin"));
-		MvcResult result = this.mvc.perform(get("/good-login")).andReturn();
+		// @formatter:off
+		MvcResult result = this.mvc.perform(get("/good-login"))
+				.andReturn();
+		// @formatter:on
 		MockHttpSession session = (MockHttpSession) result.getRequest().getSession(false);
 		assertThat(session).isNotNull();
-		result = this.mvc.perform(get("/do-logout").session(session)).andExpect(status().isOk())
-				.andExpect(content().string("")).andExpect(cookie().maxAge("JSESSIONID", 0)).andReturn();
+		// @formatter:off
+		result = this.mvc.perform(get("/do-logout").session(session))
+				.andExpect(status().isOk())
+				.andExpect(content().string(""))
+				.andExpect(cookie().maxAge("JSESSIONID", 0))
+				.andReturn();
+		// @formatter:on
 		session = (MockHttpSession) result.getRequest().getSession(false);
 		assertThat(session).isNotNull();
 	}
@@ -159,7 +205,10 @@ public class SecurityContextHolderAwareRequestConfigTests {
 	@WithMockUser
 	public void servletIsUserInRoleWhenUsingDefaultConfigThenRoleIsSet() throws Exception {
 		this.spring.configLocations(this.xml("Simple")).autowire();
-		this.mvc.perform(get("/role")).andExpect(content().string("true"));
+		// @formatter:off
+		this.mvc.perform(get("/role"))
+				.andExpect(content().string("true"));
+		// @formatter:on
 	}
 
 	private String xml(String configName) {
diff --git a/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigServlet31Tests.java b/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigServlet31Tests.java
index 7995b13de2..b9e488cc11 100644
--- a/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigServlet31Tests.java
+++ b/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigServlet31Tests.java
@@ -51,9 +51,15 @@ import static org.assertj.core.api.Assertions.assertThat;
 @PowerMockIgnore({ "org.w3c.dom.*", "org.xml.sax.*", "org.apache.xerces.*", "javax.xml.parsers.*" })
 public class SessionManagementConfigServlet31Tests {
 
-	private static final String XML_AUTHENTICATION_MANAGER = "<authentication-manager>" + "  <authentication-provider>"
-			+ "    <user-service>" + "      <user name='user' password='{noop}password' authorities='ROLE_USER' />"
-			+ "    </user-service>" + "  </authentication-provider>" + "</authentication-manager>";
+	// @formatter:off
+	private static final String XML_AUTHENTICATION_MANAGER = "<authentication-manager>"
+			+ "  <authentication-provider>"
+			+ "    <user-service>"
+			+ "      <user name='user' password='{noop}password' authorities='ROLE_USER' />"
+			+ "    </user-service>"
+			+ "  </authentication-provider>"
+			+ "</authentication-manager>";
+	// @formatter:on
 
 	@Mock
 	Method method;
@@ -92,8 +98,14 @@ public class SessionManagementConfigServlet31Tests {
 		request.setParameter("password", "password");
 		request.getSession().setAttribute("attribute1", "value1");
 		String id = request.getSession().getId();
-		loadContext("<http>\n" + "        <form-login/>\n" + "        <session-management/>\n"
-				+ "        <csrf disabled='true'/>\n" + "    </http>" + XML_AUTHENTICATION_MANAGER);
+		// @formatter:off
+		loadContext("<http>\n"
+				+ "        <form-login/>\n"
+				+ "        <session-management/>\n"
+				+ "        <csrf disabled='true'/>\n"
+				+ "    </http>"
+				+ XML_AUTHENTICATION_MANAGER);
+		// @formatter:on
 		this.springSecurityFilterChain.doFilter(request, this.response, this.chain);
 		assertThat(request.getSession().getId()).isNotEqualTo(id);
 		assertThat(request.getSession().getAttribute("attribute1")).isEqualTo("value1");
@@ -108,9 +120,14 @@ public class SessionManagementConfigServlet31Tests {
 		request.setParameter("username", "user");
 		request.setParameter("password", "password");
 		String id = request.getSession().getId();
-		loadContext("<http>\n" + "        <form-login/>\n"
+		// @formatter:off
+		loadContext("<http>\n"
+				+ "        <form-login/>\n"
 				+ "        <session-management session-fixation-protection='changeSessionId'/>\n"
-				+ "        <csrf disabled='true'/>\n" + "    </http>" + XML_AUTHENTICATION_MANAGER);
+				+ "        <csrf disabled='true'/>\n"
+				+ "    </http>"
+				+ XML_AUTHENTICATION_MANAGER);
+		// @formatter:on
 		this.springSecurityFilterChain.doFilter(request, this.response, this.chain);
 		assertThat(request.getSession().getId()).isNotEqualTo(id);
 	}
diff --git a/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigTests.java b/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigTests.java
index cdd74a6916..7ff03030eb 100644
--- a/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigTests.java
@@ -55,6 +55,7 @@ import org.springframework.security.web.session.SessionManagementFilter;
 import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.test.web.servlet.MvcResult;
 import org.springframework.test.web.servlet.ResultMatcher;
+import org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RestController;
 import org.springframework.web.context.WebApplicationContext;
@@ -91,7 +92,7 @@ public class SessionManagementConfigTests {
 
 	@Test
 	public void requestWhenCreateSessionAlwaysThenAlwaysCreatesSession() throws Exception {
-		this.spring.configLocations(this.xml("CreateSessionAlways")).autowire();
+		this.spring.configLocations(xml("CreateSessionAlways")).autowire();
 		MockHttpServletRequest request = get("/").buildRequest(this.servletContext());
 		MockHttpServletResponse response = request(request, this.spring.getContext());
 		assertThat(response.getStatus()).isEqualTo(HttpStatus.SC_OK);
@@ -100,7 +101,7 @@ public class SessionManagementConfigTests {
 
 	@Test
 	public void requestWhenCreateSessionIsSetToNeverThenDoesNotCreateSessionOnLoginChallenge() throws Exception {
-		this.spring.configLocations(this.xml("CreateSessionNever")).autowire();
+		this.spring.configLocations(xml("CreateSessionNever")).autowire();
 		MockHttpServletRequest request = get("/auth").buildRequest(this.servletContext());
 		MockHttpServletResponse response = request(request, this.spring.getContext());
 		assertThat(response.getStatus()).isEqualTo(HttpStatus.SC_MOVED_TEMPORARILY);
@@ -109,9 +110,13 @@ public class SessionManagementConfigTests {
 
 	@Test
 	public void requestWhenCreateSessionIsSetToNeverThenDoesNotCreateSessionOnLogin() throws Exception {
-		this.spring.configLocations(this.xml("CreateSessionNever")).autowire();
-		MockHttpServletRequest request = post("/login").param("username", "user").param("password", "password")
+		this.spring.configLocations(xml("CreateSessionNever")).autowire();
+		// @formatter:off
+		MockHttpServletRequest request = post("/login")
+				.param("username", "user")
+				.param("password", "password")
 				.buildRequest(this.servletContext());
+		// @formatter:on
 		request = csrf().postProcessRequest(request);
 		MockHttpServletResponse response = request(request, this.spring.getContext());
 		assertThat(response.getStatus()).isEqualTo(HttpStatus.SC_MOVED_TEMPORARILY);
@@ -120,9 +125,13 @@ public class SessionManagementConfigTests {
 
 	@Test
 	public void requestWhenCreateSessionIsSetToNeverThenUsesExistingSession() throws Exception {
-		this.spring.configLocations(this.xml("CreateSessionNever")).autowire();
-		MockHttpServletRequest request = post("/login").param("username", "user").param("password", "password")
+		this.spring.configLocations(xml("CreateSessionNever")).autowire();
+		// @formatter:off
+		MockHttpServletRequest request = post("/login")
+				.param("username", "user")
+				.param("password", "password")
 				.buildRequest(this.servletContext());
+		// @formatter:on
 		request = csrf().postProcessRequest(request);
 		MockHttpSession session = new MockHttpSession();
 		request.setSession(session);
@@ -135,31 +144,48 @@ public class SessionManagementConfigTests {
 
 	@Test
 	public void requestWhenCreateSessionIsSetToStatelessThenDoesNotCreateSessionOnLoginChallenge() throws Exception {
-		this.spring.configLocations(this.xml("CreateSessionStateless")).autowire();
-		this.mvc.perform(get("/auth")).andExpect(status().isFound()).andExpect(session().exists(false));
+		this.spring.configLocations(xml("CreateSessionStateless")).autowire();
+		// @formatter:off
+		this.mvc.perform(get("/auth"))
+				.andExpect(status().isFound())
+				.andExpect(session().exists(false));
+		// @formatter:on
 	}
 
 	@Test
 	public void requestWhenCreateSessionIsSetToStatelessThenDoesNotCreateSessionOnLogin() throws Exception {
-		this.spring.configLocations(this.xml("CreateSessionStateless")).autowire();
-		this.mvc.perform(post("/login").param("username", "user").param("password", "password").with(csrf()))
-				.andExpect(status().isFound()).andExpect(session().exists(false));
+		this.spring.configLocations(xml("CreateSessionStateless")).autowire();
+		// @formatter:off
+		MockHttpServletRequestBuilder loginRequest = post("/login")
+				.param("username", "user")
+				.param("password", "password")
+				.with(csrf());
+		this.mvc.perform(loginRequest)
+				.andExpect(status().isFound())
+				.andExpect(session().exists(false));
+		// @formatter:on
 	}
 
 	@Test
 	public void requestWhenCreateSessionIsSetToStatelessThenIgnoresExistingSession() throws Exception {
-		this.spring.configLocations(this.xml("CreateSessionStateless")).autowire();
-		MvcResult result = this.mvc
-				.perform(post("/login").param("username", "user").param("password", "password")
-						.session(new MockHttpSession()).with(csrf()))
-				.andExpect(status().isFound()).andExpect(session()).andReturn();
+		this.spring.configLocations(xml("CreateSessionStateless")).autowire();
+		// @formatter:off
+		MockHttpServletRequestBuilder loginRequest = post("/login")
+				.param("username", "user")
+				.param("password", "password")
+				.session(new MockHttpSession())
+				.with(csrf());
+		MvcResult result = this.mvc.perform(loginRequest)
+				.andExpect(status().isFound())
+				.andExpect(session()).andReturn();
+		// @formatter:on
 		assertThat(result.getRequest().getSession(false)
 				.getAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY)).isNull();
 	}
 
 	@Test
 	public void requestWhenCreateSessionIsSetToIfRequiredThenDoesNotCreateSessionOnPublicInvocation() throws Exception {
-		this.spring.configLocations(this.xml("CreateSessionIfRequired")).autowire();
+		this.spring.configLocations(xml("CreateSessionIfRequired")).autowire();
 		ServletContext servletContext = this.mvc.getDispatcherServlet().getServletContext();
 		MockHttpServletRequest request = get("/").buildRequest(servletContext);
 		MockHttpServletResponse response = request(request, this.spring.getContext());
@@ -169,7 +195,7 @@ public class SessionManagementConfigTests {
 
 	@Test
 	public void requestWhenCreateSessionIsSetToIfRequiredThenCreatesSessionOnLoginChallenge() throws Exception {
-		this.spring.configLocations(this.xml("CreateSessionIfRequired")).autowire();
+		this.spring.configLocations(xml("CreateSessionIfRequired")).autowire();
 		ServletContext servletContext = this.mvc.getDispatcherServlet().getServletContext();
 		MockHttpServletRequest request = get("/auth").buildRequest(servletContext);
 		MockHttpServletResponse response = request(request, this.spring.getContext());
@@ -179,10 +205,14 @@ public class SessionManagementConfigTests {
 
 	@Test
 	public void requestWhenCreateSessionIsSetToIfRequiredThenCreatesSessionOnLogin() throws Exception {
-		this.spring.configLocations(this.xml("CreateSessionIfRequired")).autowire();
+		this.spring.configLocations(xml("CreateSessionIfRequired")).autowire();
 		ServletContext servletContext = this.mvc.getDispatcherServlet().getServletContext();
-		MockHttpServletRequest request = post("/login").param("username", "user").param("password", "password")
+		// @formatter:off
+		MockHttpServletRequest request = post("/login")
+				.param("username", "user")
+				.param("password", "password")
 				.buildRequest(servletContext);
+		// @formatter:on
 		request = csrf().postProcessRequest(request);
 		MockHttpServletResponse response = request(request, this.spring.getContext());
 		assertThat(response.getStatus()).isEqualTo(HttpStatus.SC_MOVED_TEMPORARILY);
@@ -194,11 +224,15 @@ public class SessionManagementConfigTests {
 	 */
 	@Test
 	public void requestWhenRejectingUserBasedOnMaxSessionsExceededThenDoesNotCreateSession() throws Exception {
-		this.spring.configLocations(this.xml("Sec1208")).autowire();
-		this.mvc.perform(get("/auth").with(httpBasic("user", "password"))).andExpect(status().isOk())
+		this.spring.configLocations(xml("Sec1208")).autowire();
+		// @formatter:off
+		this.mvc.perform(get("/auth").with(httpBasic("user", "password")))
+				.andExpect(status().isOk())
 				.andExpect(session());
-		this.mvc.perform(get("/auth").with(httpBasic("user", "password"))).andExpect(status().isUnauthorized())
+		this.mvc.perform(get("/auth").with(httpBasic("user", "password")))
+				.andExpect(status().isUnauthorized())
 				.andExpect(session().exists(false));
+		// @formatter:on
 	}
 
 	/**
@@ -207,40 +241,61 @@ public class SessionManagementConfigTests {
 	@Test
 	public void requestWhenSessionFixationProtectionDisabledAndConcurrencyControlEnabledThenSessionNotInvalidated()
 			throws Exception {
-		this.spring.configLocations(this.xml("Sec2137")).autowire();
+		this.spring.configLocations(xml("Sec2137")).autowire();
 		MockHttpSession session = new MockHttpSession();
-		this.mvc.perform(get("/auth").session(session).with(httpBasic("user", "password"))).andExpect(status().isOk())
+		// @formatter:off
+		this.mvc.perform(get("/auth").session(session).with(httpBasic("user", "password")))
+				.andExpect(status().isOk())
 				.andExpect(session().id(session.getId()));
+		// @formatter:on
 	}
 
 	@Test
 	public void autowireWhenExportingSessionRegistryBeanThenAvailableForWiring() {
-		this.spring.configLocations(this.xml("ConcurrencyControlSessionRegistryAlias")).autowire();
+		this.spring.configLocations(xml("ConcurrencyControlSessionRegistryAlias")).autowire();
 		this.sessionRegistryIsValid();
 	}
 
 	@Test
 	public void requestWhenExpiredUrlIsSetThenInvalidatesSessionAndRedirects() throws Exception {
-		this.spring.configLocations(this.xml("ConcurrencyControlExpiredUrl")).autowire();
-		this.mvc.perform(get("/auth").session(this.expiredSession()).with(httpBasic("user", "password")))
-				.andExpect(redirectedUrl("/expired")).andExpect(session().exists(false));
+		this.spring.configLocations(xml("ConcurrencyControlExpiredUrl")).autowire();
+		// @formatter:off
+		MockHttpServletRequestBuilder request = get("/auth")
+				.session(expiredSession())
+				.with(httpBasic("user", "password"));
+		this.mvc.perform(request)
+				.andExpect(redirectedUrl("/expired"))
+				.andExpect(session().exists(false));
+		// @formatter:on
 	}
 
 	@Test
 	public void requestWhenConcurrencyControlAndCustomLogoutHandlersAreSetThenAllAreInvokedWhenSessionExpires()
 			throws Exception {
-		this.spring.configLocations(this.xml("ConcurrencyControlLogoutAndRememberMeHandlers")).autowire();
-		this.mvc.perform(get("/auth").session(this.expiredSession()).with(httpBasic("user", "password")))
-				.andExpect(status().isOk()).andExpect(cookie().maxAge("testCookie", 0))
-				.andExpect(cookie().exists("rememberMeCookie")).andExpect(session().valid(true));
+		this.spring.configLocations(xml("ConcurrencyControlLogoutAndRememberMeHandlers")).autowire();
+		// @formatter:off
+		MockHttpServletRequestBuilder request = get("/auth")
+				.session(expiredSession())
+				.with(httpBasic("user", "password"));
+		this.mvc.perform(request)
+				.andExpect(status().isOk())
+				.andExpect(cookie().maxAge("testCookie", 0))
+				.andExpect(cookie().exists("rememberMeCookie"))
+				.andExpect(session().valid(true));
+		// @formatter:on
 	}
 
 	@Test
 	public void requestWhenConcurrencyControlAndRememberMeAreSetThenInvokedWhenSessionExpires() throws Exception {
-		this.spring.configLocations(this.xml("ConcurrencyControlRememberMeHandler")).autowire();
-		this.mvc.perform(get("/auth").session(this.expiredSession()).with(httpBasic("user", "password")))
+		this.spring.configLocations(xml("ConcurrencyControlRememberMeHandler")).autowire();
+		// @formatter:off
+		MockHttpServletRequestBuilder request = get("/auth")
+				.session(expiredSession())
+				.with(httpBasic("user", "password"));
+		this.mvc.perform(request)
 				.andExpect(status().isOk()).andExpect(cookie().exists("rememberMeCookie"))
 				.andExpect(session().exists(false));
+		// @formatter:on
 	}
 
 	/**
@@ -248,77 +303,104 @@ public class SessionManagementConfigTests {
 	 */
 	@Test
 	public void autowireWhenConcurrencyControlIsSetThenLogoutHandlersGetAuthenticationObject() throws Exception {
-		this.spring.configLocations(this.xml("ConcurrencyControlCustomLogoutHandler")).autowire();
-		MvcResult result = this.mvc.perform(get("/auth").with(httpBasic("user", "password"))).andExpect(session())
+		this.spring.configLocations(xml("ConcurrencyControlCustomLogoutHandler")).autowire();
+		MvcResult result = this.mvc.perform(get("/auth").with(httpBasic("user", "password")))
+				.andExpect(session())
 				.andReturn();
 		MockHttpSession session = (MockHttpSession) result.getRequest().getSession(false);
 		SessionRegistry sessionRegistry = this.spring.getContext().getBean(SessionRegistry.class);
 		sessionRegistry.getSessionInformation(session.getId()).expireNow();
-		this.mvc.perform(get("/auth").session(session)).andExpect(header().string("X-Username", "user"));
+		// @formatter:off
+		this.mvc.perform(get("/auth").session(session))
+				.andExpect(header().string("X-Username", "user"));
+		// @formatter:on
 	}
 
 	@Test
 	public void requestWhenConcurrencyControlIsSetThenDefaultsToResponseBodyExpirationResponse() throws Exception {
-		this.spring.configLocations(this.xml("ConcurrencyControlSessionRegistryAlias")).autowire();
-		this.mvc.perform(get("/auth").session(this.expiredSession()).with(httpBasic("user", "password")))
+		this.spring.configLocations(xml("ConcurrencyControlSessionRegistryAlias")).autowire();
+		// @formatter:off
+		MockHttpServletRequestBuilder request = get("/auth")
+				.session(expiredSession())
+				.with(httpBasic("user", "password"));
+		this.mvc.perform(request)
 				.andExpect(content().string("This session has been expired (possibly due to multiple concurrent "
 						+ "logins being attempted as the same user)."));
+		// @formatter:on
 	}
 
 	@Test
 	public void requestWhenCustomSessionAuthenticationStrategyThenInvokesOnAuthentication() throws Exception {
-		this.spring.configLocations(this.xml("SessionAuthenticationStrategyRef")).autowire();
-		this.mvc.perform(get("/auth").with(httpBasic("user", "password"))).andExpect(status().isIAmATeapot());
+		this.spring.configLocations(xml("SessionAuthenticationStrategyRef")).autowire();
+		// @formatter:off
+		this.mvc.perform(get("/auth").with(httpBasic("user", "password")))
+				.andExpect(status().isIAmATeapot());
+		// @formatter:on
 	}
 
 	@Test
 	public void autowireWhenSessionRegistryRefIsSetThenAvailableForWiring() {
-		this.spring.configLocations(this.xml("ConcurrencyControlSessionRegistryRef")).autowire();
+		this.spring.configLocations(xml("ConcurrencyControlSessionRegistryRef")).autowire();
 		this.sessionRegistryIsValid();
 	}
 
 	@Test
 	public void requestWhenMaxSessionsIsSetThenErrorsWhenExceeded() throws Exception {
-		this.spring.configLocations(this.xml("ConcurrencyControlMaxSessions")).autowire();
-		this.mvc.perform(get("/auth").with(httpBasic("user", "password"))).andExpect(status().isOk());
-		this.mvc.perform(get("/auth").with(httpBasic("user", "password"))).andExpect(status().isOk());
-		this.mvc.perform(get("/auth").with(httpBasic("user", "password"))).andExpect(redirectedUrl("/max-exceeded"));
+		this.spring.configLocations(xml("ConcurrencyControlMaxSessions")).autowire();
+		// @formatter:off
+		this.mvc.perform(get("/auth").with(httpBasic("user", "password")))
+				.andExpect(status().isOk());
+		this.mvc.perform(get("/auth").with(httpBasic("user", "password")))
+				.andExpect(status().isOk());
+		this.mvc.perform(get("/auth").with(httpBasic("user", "password")))
+				.andExpect(redirectedUrl("/max-exceeded"));
+		// @formatter:on
 	}
 
 	@Test
 	public void autowireWhenSessionFixationProtectionIsNoneAndCsrfDisabledThenSessionManagementFilterIsNotWired() {
-		this.spring.configLocations(this.xml("NoSessionManagementFilter")).autowire();
+		this.spring.configLocations(xml("NoSessionManagementFilter")).autowire();
 		assertThat(this.getFilter(SessionManagementFilter.class)).isNull();
 	}
 
 	@Test
 	public void requestWhenSessionFixationProtectionIsNoneThenSessionNotInvalidated() throws Exception {
-		this.spring.configLocations(this.xml("SessionFixationProtectionNone")).autowire();
+		this.spring.configLocations(xml("SessionFixationProtectionNone")).autowire();
 		MockHttpSession session = new MockHttpSession();
 		String sessionId = session.getId();
+		// @formatter:off
 		this.mvc.perform(get("/auth").session(session).with(httpBasic("user", "password")))
 				.andExpect(session().id(sessionId));
+		// @formatter:on
 	}
 
 	@Test
 	public void requestWhenSessionFixationProtectionIsMigrateSessionThenSessionIsReplaced() throws Exception {
-		this.spring.configLocations(this.xml("SessionFixationProtectionMigrateSession")).autowire();
+		this.spring.configLocations(xml("SessionFixationProtectionMigrateSession")).autowire();
 		MockHttpSession session = new MockHttpSession();
 		String sessionId = session.getId();
+		// @formatter:off
 		MvcResult result = this.mvc.perform(get("/auth").session(session).with(httpBasic("user", "password")))
-				.andExpect(session()).andReturn();
+				.andExpect(session())
+				.andReturn();
+		// @formatter:on
 		assertThat(result.getRequest().getSession(false).getId()).isNotEqualTo(sessionId);
 	}
 
 	@Test
 	public void requestWhenSessionFixationProtectionIsNoneAndInvalidSessionUrlIsSetThenStillRedirectsOnInvalidSession()
 			throws Exception {
-		this.spring.configLocations(this.xml("SessionFixationProtectionNoneWithInvalidSessionUrl")).autowire();
-		this.mvc.perform(get("/auth").with((request) -> {
-			request.setRequestedSessionId("1");
-			request.setRequestedSessionIdValid(false);
-			return request;
-		})).andExpect(redirectedUrl("/timeoutUrl"));
+		this.spring.configLocations(xml("SessionFixationProtectionNoneWithInvalidSessionUrl")).autowire();
+		// @formatter:off
+		MockHttpServletRequestBuilder request = get("/auth")
+				.with((request) -> {
+					request.setRequestedSessionId("1");
+					request.setRequestedSessionIdValid(false);
+					return request;
+				});
+		this.mvc.perform(request)
+				.andExpect(redirectedUrl("/timeoutUrl"));
+		// @formatter:on
 	}
 
 	private void sessionRegistryIsValid() {
@@ -367,7 +449,7 @@ public class SessionManagementConfigTests {
 	 */
 	@Test
 	public void checkConcurrencyAndLogoutFilterHasSameSizeAndHasLogoutSuccessEventPublishingLogoutHandler() {
-		this.spring.configLocations(this.xml("ConcurrencyControlLogoutAndRememberMeHandlers")).autowire();
+		this.spring.configLocations(xml("ConcurrencyControlLogoutAndRememberMeHandlers")).autowire();
 		ConcurrentSessionFilter concurrentSessionFilter = getFilter(ConcurrentSessionFilter.class);
 		LogoutFilter logoutFilter = getFilter(LogoutFilter.class);
 		LogoutHandler csfLogoutHandler = getFieldValue(concurrentSessionFilter, "handlers");
diff --git a/config/src/test/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParserTests.java
index f4f2fe7f62..0165eeb32c 100644
--- a/config/src/test/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParserTests.java
@@ -75,11 +75,14 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
 	private BusinessService target;
 
 	public void loadContext() {
+		// @formatter:off
 		setContext("<b:bean id='target' class='org.springframework.security.access.annotation.BusinessServiceImpl'/>"
 				+ "<global-method-security order='1001' proxy-target-class='false' >"
 				+ "    <protect-pointcut expression='execution(* *.someUser*(..))' access='ROLE_USER'/>"
 				+ "    <protect-pointcut expression='execution(* *.someAdmin*(..))' access='ROLE_ADMIN'/>"
-				+ "</global-method-security>" + ConfigTestUtils.AUTH_PROVIDER_XML);
+				+ "</global-method-security>"
+				+ ConfigTestUtils.AUTH_PROVIDER_XML);
+		// @formatter:on
 		this.target = (BusinessService) this.appContext.getBean("target");
 	}
 
@@ -122,11 +125,14 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
 
 	@Test
 	public void doesntInterfereWithBeanPostProcessing() {
-		setContext(
-				"<b:bean id='myUserService' class='org.springframework.security.config.PostProcessedMockUserDetailsService'/>"
-						+ "<global-method-security />" + "<authentication-manager>"
-						+ "   <authentication-provider user-service-ref='myUserService'/>" + "</authentication-manager>"
-						+ "<b:bean id='beanPostProcessor' class='org.springframework.security.config.MockUserServiceBeanPostProcessor'/>");
+		// @formatter:off
+		setContext("<b:bean id='myUserService' class='org.springframework.security.config.PostProcessedMockUserDetailsService'/>"
+				+ "<global-method-security />"
+				+ "<authentication-manager>"
+				+ "   <authentication-provider user-service-ref='myUserService'/>"
+				+ "</authentication-manager>"
+				+ "<b:bean id='beanPostProcessor' class='org.springframework.security.config.MockUserServiceBeanPostProcessor'/>");
+		// @formatter:on
 		PostProcessedMockUserDetailsService service = (PostProcessedMockUserDetailsService) this.appContext
 				.getBean("myUserService");
 		assertThat(service.getPostProcessorWasHere()).isEqualTo("Hello from the post processor!");
@@ -134,12 +140,17 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
 
 	@Test(expected = AccessDeniedException.class)
 	public void worksWithAspectJAutoproxy() {
+		// @formatter:off
 		setContext("<global-method-security>"
 				+ "  <protect-pointcut expression='execution(* org.springframework.security.config.*Service.*(..))'"
-				+ "       access='ROLE_SOMETHING' />" + "</global-method-security>"
+				+ "       access='ROLE_SOMETHING' />"
+				+ "</global-method-security>"
 				+ "<b:bean id='myUserService' class='org.springframework.security.config.PostProcessedMockUserDetailsService'/>"
-				+ "<aop:aspectj-autoproxy />" + "<authentication-manager>"
-				+ "   <authentication-provider user-service-ref='myUserService'/>" + "</authentication-manager>");
+				+ "<aop:aspectj-autoproxy />"
+				+ "<authentication-manager>"
+				+ "   <authentication-provider user-service-ref='myUserService'/>"
+				+ "</authentication-manager>");
+		// @formatter:on
 		UserDetailsService service = (UserDetailsService) this.appContext.getBean("myUserService");
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password",
 				AuthorityUtils.createAuthorityList("ROLE_SOMEOTHERROLE"));
@@ -149,11 +160,14 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
 
 	@Test
 	public void supportsMethodArgumentsInPointcut() {
+		// @formatter:off
 		setContext("<b:bean id='target' class='org.springframework.security.access.annotation.BusinessServiceImpl'/>"
 				+ "<global-method-security>"
 				+ "   <protect-pointcut expression='execution(* org.springframework.security.access.annotation.BusinessService.someOther(String))' access='ROLE_ADMIN'/>"
 				+ "   <protect-pointcut expression='execution(* org.springframework.security.access.annotation.BusinessService.*(..))' access='ROLE_USER'/>"
-				+ "</global-method-security>" + ConfigTestUtils.AUTH_PROVIDER_XML);
+				+ "</global-method-security>"
+				+ ConfigTestUtils.AUTH_PROVIDER_XML);
+		// @formatter:on
 		SecurityContextHolder.getContext()
 				.setAuthentication(new UsernamePasswordAuthenticationToken("user", "password"));
 		this.target = (BusinessService) this.appContext.getBean("target");
@@ -171,12 +185,16 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
 
 	@Test
 	public void supportsBooleanPointcutExpressions() {
+		// @formatter:off
 		setContext("<b:bean id='target' class='org.springframework.security.access.annotation.BusinessServiceImpl'/>"
-				+ "<global-method-security>" + "   <protect-pointcut expression="
+				+ "<global-method-security>"
+				+ "   <protect-pointcut expression="
 				+ "     'execution(* org.springframework.security.access.annotation.BusinessService.*(..)) "
 				+ "       and not execution(* org.springframework.security.access.annotation.BusinessService.someOther(String)))' "
-				+ "               access='ROLE_USER'/>" + "</global-method-security>"
+				+ "               access='ROLE_USER'/>"
+				+ "</global-method-security>"
 				+ ConfigTestUtils.AUTH_PROVIDER_XML);
+		// @formatter:on
 		this.target = (BusinessService) this.appContext.getBean("target");
 		// String method should not be protected
 		this.target.someOther("somestring");
@@ -200,11 +218,14 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
 	// SEC-936
 	@Test(expected = AccessDeniedException.class)
 	public void worksWithoutTargetOrClass() {
+		// @formatter:off
 		setContext("<global-method-security secured-annotations='enabled'/>"
 				+ "<b:bean id='businessService' class='org.springframework.remoting.httpinvoker.HttpInvokerProxyFactoryBean'>"
 				+ "    <b:property name='serviceUrl' value='http://localhost:8080/SomeService'/>"
 				+ "    <b:property name='serviceInterface' value='org.springframework.security.access.annotation.BusinessService'/>"
-				+ "</b:bean>" + ConfigTestUtils.AUTH_PROVIDER_XML);
+				+ "</b:bean>"
+				+ ConfigTestUtils.AUTH_PROVIDER_XML);
+		// @formatter:on
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password",
 				AuthorityUtils.createAuthorityList("ROLE_SOMEOTHERROLE"));
 		SecurityContextHolder.getContext().setAuthentication(token);
@@ -232,9 +253,11 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
 
 	@Test(expected = AccessDeniedException.class)
 	public void accessIsDeniedForHasRoleExpression() {
+		// @formatter:off
 		setContext("<global-method-security pre-post-annotations='enabled'/>"
 				+ "<b:bean id='target' class='org.springframework.security.access.annotation.ExpressionProtectedBusinessServiceImpl'/>"
 				+ ConfigTestUtils.AUTH_PROVIDER_XML);
+		// @formatter:on
 		SecurityContextHolder.getContext().setAuthentication(this.bob);
 		this.target = (BusinessService) this.appContext.getBean("target");
 		this.target.someAdminMethod();
@@ -242,11 +265,14 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
 
 	@Test
 	public void beanNameExpressionPropertyIsSupported() {
+		// @formatter:off
 		setContext("<global-method-security pre-post-annotations='enabled' proxy-target-class='true'/>"
-				+ "<b:bean id='number' class='java.lang.Integer'>" + "    <b:constructor-arg value='1294'/>"
+				+ "<b:bean id='number' class='java.lang.Integer'>"
+				+ "    <b:constructor-arg value='1294'/>"
 				+ "</b:bean>"
 				+ "<b:bean id='target' class='org.springframework.security.access.annotation.ExpressionProtectedBusinessServiceImpl'/>"
 				+ ConfigTestUtils.AUTH_PROVIDER_XML);
+		// @formatter:on
 		SecurityContextHolder.getContext().setAuthentication(this.bob);
 		ExpressionProtectedBusinessServiceImpl target = (ExpressionProtectedBusinessServiceImpl) this.appContext
 				.getBean("target");
@@ -255,9 +281,11 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
 
 	@Test
 	public void preAndPostFilterAnnotationsWorkWithLists() {
+		// @formatter:off
 		setContext("<global-method-security pre-post-annotations='enabled'/>"
 				+ "<b:bean id='target' class='org.springframework.security.access.annotation.ExpressionProtectedBusinessServiceImpl'/>"
 				+ ConfigTestUtils.AUTH_PROVIDER_XML);
+		// @formatter:on
 		SecurityContextHolder.getContext().setAuthentication(this.bob);
 		this.target = (BusinessService) this.appContext.getBean("target");
 		List<String> arg = new ArrayList<>();
@@ -274,9 +302,11 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
 
 	@Test
 	public void prePostFilterAnnotationWorksWithArrays() {
+		// @formatter:off
 		setContext("<global-method-security pre-post-annotations='enabled'/>"
 				+ "<b:bean id='target' class='org.springframework.security.access.annotation.ExpressionProtectedBusinessServiceImpl'/>"
 				+ ConfigTestUtils.AUTH_PROVIDER_XML);
+		// @formatter:on
 		SecurityContextHolder.getContext().setAuthentication(this.bob);
 		this.target = (BusinessService) this.appContext.getBean("target");
 		Object[] arg = new String[] { "joe", "bob", "sam" };
@@ -288,23 +318,30 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
 	// SEC-1392
 	@Test
 	public void customPermissionEvaluatorIsSupported() {
+		// @formatter:off
 		setContext("<global-method-security pre-post-annotations='enabled'>"
-				+ "   <expression-handler ref='expressionHandler'/>" + "</global-method-security>"
+				+ "   <expression-handler ref='expressionHandler'/>"
+				+ "</global-method-security>"
 				+ "<b:bean id='expressionHandler' class='org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler'>"
-				+ "   <b:property name='permissionEvaluator' ref='myPermissionEvaluator'/>" + "</b:bean>"
+				+ "   <b:property name='permissionEvaluator' ref='myPermissionEvaluator'/>"
+				+ "</b:bean>"
 				+ "<b:bean id='myPermissionEvaluator' class='org.springframework.security.config.method.TestPermissionEvaluator'/>"
 				+ ConfigTestUtils.AUTH_PROVIDER_XML);
+		// @formatter:on
 	}
 
 	// SEC-1450
 	@Test(expected = AuthenticationException.class)
 	@SuppressWarnings("unchecked")
 	public void genericsAreMatchedByProtectPointcut() {
+		// @formatter:off
 		setContext(
 				"<b:bean id='target' class='org.springframework.security.config.method.GlobalMethodSecurityBeanDefinitionParserTests$ConcreteFoo'/>"
 						+ "<global-method-security>"
 						+ "   <protect-pointcut expression='execution(* org..*Foo.foo(..))' access='ROLE_USER'/>"
-						+ "</global-method-security>" + ConfigTestUtils.AUTH_PROVIDER_XML);
+						+ "</global-method-security>"
+						+ ConfigTestUtils.AUTH_PROVIDER_XML);
+		// @formatter:on
 		Foo foo = (Foo) this.appContext.getBean("target");
 		foo.foo(new SecurityConfig("A"));
 	}
@@ -313,8 +350,11 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
 	@Test
 	@SuppressWarnings("unchecked")
 	public void genericsMethodArgumentNamesAreResolved() {
+		// @formatter:off
 		setContext("<b:bean id='target' class='" + ConcreteFoo.class.getName() + "'/>"
-				+ "<global-method-security pre-post-annotations='enabled'/>" + ConfigTestUtils.AUTH_PROVIDER_XML);
+				+ "<global-method-security pre-post-annotations='enabled'/>"
+				+ ConfigTestUtils.AUTH_PROVIDER_XML);
+		// @formatter:on
 		SecurityContextHolder.getContext().setAuthentication(this.bob);
 		Foo foo = (Foo) this.appContext.getBean("target");
 		foo.foo(new SecurityConfig("A"));
@@ -338,11 +378,14 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
 	@Test
 	@SuppressWarnings("unchecked")
 	public void supportsExternalMetadataSource() {
+		// @formatter:off
 		setContext("<b:bean id='target' class='" + ConcreteFoo.class.getName() + "'/>"
-				+ "<method-security-metadata-source id='mds'>" + "      <protect method='" + Foo.class.getName()
-				+ ".foo' access='ROLE_ADMIN'/>" + "</method-security-metadata-source>"
+				+ "<method-security-metadata-source id='mds'>"
+				+ "      <protect method='" + Foo.class.getName() + ".foo' access='ROLE_ADMIN'/>"
+				+ "</method-security-metadata-source>"
 				+ "<global-method-security pre-post-annotations='enabled' metadata-source-ref='mds'/>"
 				+ ConfigTestUtils.AUTH_PROVIDER_XML);
+		// @formatter:on
 		// External MDS should take precedence over PreAuthorize
 		SecurityContextHolder.getContext().setAuthentication(this.bob);
 		Foo foo = (Foo) this.appContext.getBean("target");
@@ -359,12 +402,17 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
 
 	@Test
 	public void supportsCustomAuthenticationManager() {
+		// @formatter:off
 		setContext("<b:bean id='target' class='" + ConcreteFoo.class.getName() + "'/>"
-				+ "<method-security-metadata-source id='mds'>" + "      <protect method='" + Foo.class.getName()
-				+ ".foo' access='ROLE_ADMIN'/>" + "</method-security-metadata-source>"
+				+ "<method-security-metadata-source id='mds'>"
+				+ "      <protect method='" + Foo.class.getName() + ".foo' access='ROLE_ADMIN'/>"
+				+ "</method-security-metadata-source>"
 				+ "<global-method-security pre-post-annotations='enabled' metadata-source-ref='mds' authentication-manager-ref='customAuthMgr'/>"
 				+ "<b:bean id='customAuthMgr' class='org.springframework.security.config.method.GlobalMethodSecurityBeanDefinitionParserTests$CustomAuthManager'>"
-				+ "      <b:constructor-arg value='authManager'/>" + "</b:bean>" + ConfigTestUtils.AUTH_PROVIDER_XML);
+				+ "      <b:constructor-arg value='authManager'/>"
+				+ "</b:bean>"
+				+ ConfigTestUtils.AUTH_PROVIDER_XML);
+		// @formatter:on
 		SecurityContextHolder.getContext().setAuthentication(this.bob);
 		Foo foo = (Foo) this.appContext.getBean("target");
 		try {
diff --git a/config/src/test/java/org/springframework/security/config/method/Jsr250AnnotationDrivenBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/method/Jsr250AnnotationDrivenBeanDefinitionParserTests.java
index 46ca86f261..571868f184 100644
--- a/config/src/test/java/org/springframework/security/config/method/Jsr250AnnotationDrivenBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/method/Jsr250AnnotationDrivenBeanDefinitionParserTests.java
@@ -40,9 +40,12 @@ public class Jsr250AnnotationDrivenBeanDefinitionParserTests {
 
 	@Before
 	public void loadContext() {
+		// @formatter:off
 		this.appContext = new InMemoryXmlApplicationContext(
 				"<b:bean id='target' class='org.springframework.security.access.annotation.Jsr250BusinessServiceImpl'/>"
-						+ "<global-method-security jsr250-annotations='enabled'/>" + ConfigTestUtils.AUTH_PROVIDER_XML);
+						+ "<global-method-security jsr250-annotations='enabled'/>"
+						+ ConfigTestUtils.AUTH_PROVIDER_XML);
+		// @formatter:on
 		this.target = (BusinessService) this.appContext.getBean("target");
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/oauth2/client/ClientRegistrationsBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/oauth2/client/ClientRegistrationsBeanDefinitionParserTests.java
index c20e3c7b59..1579ca4cc8 100644
--- a/config/src/test/java/org/springframework/security/config/oauth2/client/ClientRegistrationsBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/oauth2/client/ClientRegistrationsBeanDefinitionParserTests.java
@@ -46,39 +46,80 @@ public class ClientRegistrationsBeanDefinitionParserTests {
 
 	private static final String CONFIG_LOCATION_PREFIX = "classpath:org/springframework/security/config/oauth2/client/ClientRegistrationsBeanDefinitionParserTests";
 
+	// @formatter:off
 	private static final String ISSUER_URI_XML_CONFIG = "<b:beans xmlns:b=\"http://www.springframework.org/schema/beans\"\n"
-			+ "\t\txmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"\n"
-			+ "\t\txmlns=\"http://www.springframework.org/schema/security\"\n" + "\t\txsi:schemaLocation=\"\n"
-			+ "\t\t\thttp://www.springframework.org/schema/security\n"
-			+ "\t\t\thttps://www.springframework.org/schema/security/spring-security.xsd\n"
-			+ "\t\t\thttp://www.springframework.org/schema/beans\n"
-			+ "\t\t\thttps://www.springframework.org/schema/beans/spring-beans.xsd\">\n" + "\n"
-			+ "\t<client-registrations>\n"
-			+ "\t\t<client-registration registration-id=\"google-login\" client-id=\"google-client-id\" \n"
-			+ "\t\t\t\t\t\t\t client-secret=\"google-client-secret\" provider-id=\"google\"/>\n"
-			+ "\t\t<provider provider-id=\"google\" issuer-uri=\"${issuer-uri}\"/>\n" + "\t</client-registrations>\n"
-			+ "\n" + "</b:beans>\n";
+			+ "		xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"\n"
+			+ "		xmlns=\"http://www.springframework.org/schema/security\"\n"
+			+ "		xsi:schemaLocation=\"\n"
+			+ "			http://www.springframework.org/schema/security\n"
+			+ "			https://www.springframework.org/schema/security/spring-security.xsd\n"
+			+ "			http://www.springframework.org/schema/beans\n"
+			+ "			https://www.springframework.org/schema/beans/spring-beans.xsd\">\n"
+			+ "\n"
+			+ "	<client-registrations>\n"
+			+ "		<client-registration registration-id=\"google-login\" client-id=\"google-client-id\" \n"
+			+ "							 client-secret=\"google-client-secret\" provider-id=\"google\"/>\n"
+			+ "		<provider provider-id=\"google\" issuer-uri=\"${issuer-uri}\"/>\n"
+			+ "	</client-registrations>\n"
+			+ "\n"
+			+ "</b:beans>\n";
+	// @formatter:on
 
+	// @formatter:off
 	private static final String OIDC_DISCOVERY_RESPONSE = "{\n"
 			+ "    \"authorization_endpoint\": \"https://example.com/o/oauth2/v2/auth\", \n"
-			+ "    \"claims_supported\": [\n" + "        \"aud\", \n" + "        \"email\", \n"
-			+ "        \"email_verified\", \n" + "        \"exp\", \n" + "        \"family_name\", \n"
-			+ "        \"given_name\", \n" + "        \"iat\", \n" + "        \"iss\", \n" + "        \"locale\", \n"
-			+ "        \"name\", \n" + "        \"picture\", \n" + "        \"sub\"\n" + "    ], \n"
-			+ "    \"code_challenge_methods_supported\": [\n" + "        \"plain\", \n" + "        \"S256\"\n"
-			+ "    ], \n" + "    \"id_token_signing_alg_values_supported\": [\n" + "        \"RS256\"\n" + "    ], \n"
-			+ "    \"issuer\": \"${issuer-uri}\", \n" + "    \"jwks_uri\": \"https://example.com/oauth2/v3/certs\", \n"
-			+ "    \"response_types_supported\": [\n" + "        \"code\", \n" + "        \"token\", \n"
-			+ "        \"id_token\", \n" + "        \"code token\", \n" + "        \"code id_token\", \n"
-			+ "        \"token id_token\", \n" + "        \"code token id_token\", \n" + "        \"none\"\n"
-			+ "    ], \n" + "    \"revocation_endpoint\": \"https://example.com/o/oauth2/revoke\", \n"
-			+ "    \"scopes_supported\": [\n" + "        \"openid\", \n" + "        \"email\", \n"
-			+ "        \"profile\"\n" + "    ], \n" + "    \"subject_types_supported\": [\n" + "        \"public\"\n"
-			+ "    ], \n" + "    \"grant_types_supported\" : [\"authorization_code\"], \n"
+			+ "    \"claims_supported\": [\n"
+			+ "        \"aud\", \n"
+			+ "        \"email\", \n"
+			+ "        \"email_verified\", \n"
+			+ "        \"exp\", \n"
+			+ "        \"family_name\", \n"
+			+ "        \"given_name\", \n"
+			+ "        \"iat\", \n"
+			+ "        \"iss\", \n"
+			+ "        \"locale\", \n"
+			+ "        \"name\", \n"
+			+ "        \"picture\", \n"
+			+ "        \"sub\"\n"
+			+ "    ], \n"
+			+ "    \"code_challenge_methods_supported\": [\n"
+			+ "        \"plain\", \n"
+			+ "        \"S256\"\n"
+			+ "    ], \n"
+			+ "    \"id_token_signing_alg_values_supported\": [\n"
+			+ "        \"RS256\"\n"
+			+ "    ], \n"
+			+ "    \"issuer\": \"${issuer-uri}\", \n"
+			+ "    \"jwks_uri\": \"https://example.com/oauth2/v3/certs\", \n"
+			+ "    \"response_types_supported\": [\n"
+			+ "        \"code\", \n"
+			+ "        \"token\", \n"
+			+ "        \"id_token\", \n"
+			+ "        \"code token\", \n"
+			+ "        \"code id_token\", \n"
+			+ "        \"token id_token\", \n"
+			+ "        \"code token id_token\", \n"
+			+ "        \"none\"\n"
+			+ "    ], \n"
+			+ "    \"revocation_endpoint\": \"https://example.com/o/oauth2/revoke\", \n"
+			+ "    \"scopes_supported\": [\n"
+			+ "        \"openid\", \n"
+			+ "        \"email\", \n"
+			+ "        \"profile\"\n"
+			+ "    ], \n"
+			+ "    \"subject_types_supported\": [\n"
+			+ "        \"public\"\n"
+			+ "    ], \n"
+			+ "    \"grant_types_supported\" : [\"authorization_code\"], \n"
 			+ "    \"token_endpoint\": \"https://example.com/oauth2/v4/token\", \n"
-			+ "    \"token_endpoint_auth_methods_supported\": [\n" + "        \"client_secret_post\", \n"
-			+ "        \"client_secret_basic\", \n" + "        \"none\"\n" + "    ], \n"
-			+ "    \"userinfo_endpoint\": \"https://example.com/oauth2/v3/userinfo\"\n" + "}";
+			+ "    \"token_endpoint_auth_methods_supported\": [\n"
+			+ "        \"client_secret_post\", \n"
+			+ "        \"client_secret_basic\", \n"
+			+ "        \"none\"\n"
+			+ "    ], \n"
+			+ "    \"userinfo_endpoint\": \"https://example.com/oauth2/v3/userinfo\"\n"
+			+ "}";
+	// @formatter:on
 
 	@Autowired
 	private ClientRegistrationRepository clientRegistrationRepository;
@@ -183,7 +224,10 @@ public class ClientRegistrationsBeanDefinitionParserTests {
 	}
 
 	private static String xml(String configName) {
-		return CONFIG_LOCATION_PREFIX + "-" + configName + ".xml";
+		return CONFIG_LOCATION_PREFIX
+			+ "-"
+			+ configName
+			+ ".xml";
 	}
 
 }
diff --git a/config/src/test/java/org/springframework/security/config/test/SpringTestContext.java b/config/src/test/java/org/springframework/security/config/test/SpringTestContext.java
index dba5ac9173..fc4182deb0 100644
--- a/config/src/test/java/org/springframework/security/config/test/SpringTestContext.java
+++ b/config/src/test/java/org/springframework/security/config/test/SpringTestContext.java
@@ -129,8 +129,12 @@ public class SpringTestContext implements Closeable {
 		this.context.setServletConfig(new MockServletConfig());
 		this.context.refresh();
 		if (this.context.containsBean(BeanIds.SPRING_SECURITY_FILTER_CHAIN)) {
-			MockMvc mockMvc = MockMvcBuilders.webAppContextSetup(this.context).apply(springSecurity())
-					.apply(new AddFilter()).build();
+			// @formatter:off
+			MockMvc mockMvc = MockMvcBuilders.webAppContextSetup(this.context).
+					apply(springSecurity())
+					.apply(new AddFilter())
+					.build();
+			// @formatter:on
 			this.context.getBeanFactory().registerResolvableDependency(MockMvc.class, mockMvc);
 		}
 		AutowiredAnnotationBeanPostProcessor bpp = new AutowiredAnnotationBeanPostProcessor();
diff --git a/config/src/test/java/org/springframework/security/config/web/server/AuthorizeExchangeSpecTests.java b/config/src/test/java/org/springframework/security/config/web/server/AuthorizeExchangeSpecTests.java
index 22e87bbe62..99fe4a2c1a 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/AuthorizeExchangeSpecTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/AuthorizeExchangeSpecTests.java
@@ -36,20 +36,48 @@ public class AuthorizeExchangeSpecTests {
 		this.http.csrf().disable().authorizeExchange().pathMatchers(HttpMethod.POST, "/a", "/b").denyAll().anyExchange()
 				.permitAll();
 		WebTestClient client = buildClient();
-		client.get().uri("/a").exchange().expectStatus().isOk();
-		client.get().uri("/b").exchange().expectStatus().isOk();
-		client.post().uri("/a").exchange().expectStatus().isUnauthorized();
-		client.post().uri("/b").exchange().expectStatus().isUnauthorized();
+		// @formatter:off
+		client.get()
+				.uri("/a")
+				.exchange()
+				.expectStatus().isOk();
+		client.get()
+				.uri("/b")
+				.exchange()
+				.expectStatus().isOk();
+		client.post()
+				.uri("/a")
+				.exchange()
+				.expectStatus().isUnauthorized();
+		client.post()
+				.uri("/b")
+				.exchange()
+				.expectStatus().isUnauthorized();
+		// @formatter:on
 	}
 
 	@Test
 	public void antMatchersWhenPatternsThenAnyMethod() {
 		this.http.csrf().disable().authorizeExchange().pathMatchers("/a", "/b").denyAll().anyExchange().permitAll();
 		WebTestClient client = buildClient();
-		client.get().uri("/a").exchange().expectStatus().isUnauthorized();
-		client.get().uri("/b").exchange().expectStatus().isUnauthorized();
-		client.post().uri("/a").exchange().expectStatus().isUnauthorized();
-		client.post().uri("/b").exchange().expectStatus().isUnauthorized();
+		// @formatter:off
+		client.get()
+				.uri("/a")
+				.exchange()
+				.expectStatus().isUnauthorized();
+		client.get()
+				.uri("/b")
+				.exchange()
+				.expectStatus().isUnauthorized();
+		client.post()
+				.uri("/a")
+				.exchange()
+				.expectStatus().isUnauthorized();
+		client.post()
+				.uri("/b")
+				.exchange()
+				.expectStatus().isUnauthorized();
+		// @formatter:on
 	}
 
 	@Test
@@ -57,10 +85,24 @@ public class AuthorizeExchangeSpecTests {
 		this.http.csrf(ServerHttpSecurity.CsrfSpec::disable).authorizeExchange(
 				(exchanges) -> exchanges.pathMatchers("/a", "/b").denyAll().anyExchange().permitAll());
 		WebTestClient client = buildClient();
-		client.get().uri("/a").exchange().expectStatus().isUnauthorized();
-		client.get().uri("/b").exchange().expectStatus().isUnauthorized();
-		client.post().uri("/a").exchange().expectStatus().isUnauthorized();
-		client.post().uri("/b").exchange().expectStatus().isUnauthorized();
+		// @formatter:off
+		client.get()
+				.uri("/a")
+				.exchange()
+				.expectStatus().isUnauthorized();
+		client.get()
+				.uri("/b")
+				.exchange()
+				.expectStatus().isUnauthorized();
+		client.post()
+				.uri("/a")
+				.exchange()
+				.expectStatus().isUnauthorized();
+		client.post()
+				.uri("/b")
+				.exchange()
+				.expectStatus().isUnauthorized();
+		// @formatter:on
 	}
 
 	@Test(expected = IllegalStateException.class)
@@ -71,7 +113,11 @@ public class AuthorizeExchangeSpecTests {
 
 	@Test(expected = IllegalStateException.class)
 	public void anyExchangeWhenFollowedByMatcherThenThrowsException() {
-		this.http.authorizeExchange().anyExchange().denyAll().pathMatchers("/never-reached");
+		// @formatter:off
+		this.http.authorizeExchange()
+				.anyExchange().denyAll()
+				.pathMatchers("/never-reached");
+		// @formatter:on
 	}
 
 	@Test(expected = IllegalStateException.class)
diff --git a/config/src/test/java/org/springframework/security/config/web/server/CorsSpecTests.java b/config/src/test/java/org/springframework/security/config/web/server/CorsSpecTests.java
index 7499e9c240..71ee7b605b 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/CorsSpecTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/CorsSpecTests.java
@@ -103,8 +103,13 @@ public class CorsSpecTests {
 
 	private void assertHeaders() {
 		WebTestClient client = buildClient();
-		FluxExchangeResult<String> response = client.get().uri("https://example.com/")
-				.headers((h) -> h.setOrigin("https://origin.example.com")).exchange().returnResult(String.class);
+		// @formatter:off
+		FluxExchangeResult<String> response = client.get()
+				.uri("https://example.com/")
+				.headers((h) -> h.setOrigin("https://origin.example.com"))
+				.exchange()
+				.returnResult(String.class);
+		// @formatter:on
 		Map<String, List<String>> responseHeaders = response.getResponseHeaders();
 		if (!this.expectedHeaders.isEmpty()) {
 			assertThat(responseHeaders).describedAs(response.toString()).containsAllEntriesOf(this.expectedHeaders);
@@ -115,7 +120,10 @@ public class CorsSpecTests {
 	}
 
 	private WebTestClient buildClient() {
-		return WebTestClientBuilder.bindToWebFilters(this.http.build()).build();
+		// @formatter:off
+		return WebTestClientBuilder.bindToWebFilters(this.http.build())
+				.build();
+		// @formatter:on
 	}
 
 }
diff --git a/config/src/test/java/org/springframework/security/config/web/server/ExceptionHandlingSpecTests.java b/config/src/test/java/org/springframework/security/config/web/server/ExceptionHandlingSpecTests.java
index 4b3ffae2ce..c278be38f4 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/ExceptionHandlingSpecTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/ExceptionHandlingSpecTests.java
@@ -40,82 +40,178 @@ public class ExceptionHandlingSpecTests {
 
 	@Test
 	public void defaultAuthenticationEntryPoint() {
-		SecurityWebFilterChain securityWebFilter = this.http.csrf().disable().authorizeExchange().anyExchange()
-				.authenticated().and().exceptionHandling().and().build();
-		WebTestClient client = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build();
-		client.get().uri("/test").exchange().expectStatus().isUnauthorized().expectHeader()
-				.valueMatches("WWW-Authenticate", "Basic.*");
+		// @formatter:off
+		SecurityWebFilterChain securityWebFilter = this.http
+				.csrf().disable()
+				.authorizeExchange()
+					.anyExchange().authenticated()
+					.and()
+				.exceptionHandling().and()
+				.build();
+		WebTestClient client = WebTestClientBuilder
+				.bindToWebFilters(securityWebFilter)
+				.build();
+		client.get()
+				.uri("/test")
+				.exchange()
+				.expectStatus().isUnauthorized()
+				.expectHeader().valueMatches("WWW-Authenticate", "Basic.*");
+		// @formatter:on
 	}
 
 	@Test
 	public void requestWhenExceptionHandlingWithDefaultsInLambdaThenDefaultAuthenticationEntryPointUsed() {
+		// @formatter:off
 		SecurityWebFilterChain securityWebFilter = this.http
-				.authorizeExchange((exchanges) -> exchanges.anyExchange().authenticated())
-				.exceptionHandling(withDefaults()).build();
-		WebTestClient client = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build();
-		client.get().uri("/test").exchange().expectStatus().isUnauthorized().expectHeader()
-				.valueMatches("WWW-Authenticate", "Basic.*");
+				.authorizeExchange((exchanges) -> exchanges
+						.anyExchange().authenticated()
+				)
+				.exceptionHandling(withDefaults())
+				.build();
+		WebTestClient client = WebTestClientBuilder
+				.bindToWebFilters(securityWebFilter)
+				.build();
+		client.get()
+				.uri("/test")
+				.exchange()
+				.expectStatus().isUnauthorized()
+				.expectHeader().valueMatches("WWW-Authenticate", "Basic.*");
+		// @formatter:on
 	}
 
 	@Test
 	public void customAuthenticationEntryPoint() {
-		SecurityWebFilterChain securityWebFilter = this.http.csrf().disable().authorizeExchange().anyExchange()
-				.authenticated().and().exceptionHandling()
-				.authenticationEntryPoint(redirectServerAuthenticationEntryPoint("/auth")).and().build();
-		WebTestClient client = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build();
-		client.get().uri("/test").exchange().expectStatus().isFound().expectHeader().valueMatches("Location", ".*");
+		// @formatter:off
+		SecurityWebFilterChain securityWebFilter = this.http
+				.csrf().disable()
+				.authorizeExchange()
+					.anyExchange().authenticated()
+					.and()
+				.exceptionHandling()
+					.authenticationEntryPoint(redirectServerAuthenticationEntryPoint("/auth"))
+					.and()
+				.build();
+		WebTestClient client = WebTestClientBuilder
+				.bindToWebFilters(securityWebFilter)
+				.build();
+		client.get()
+				.uri("/test")
+				.exchange()
+				.expectStatus().isFound()
+				.expectHeader().valueMatches("Location", ".*");
+		// @formatter:on
 	}
 
 	@Test
 	public void requestWhenCustomAuthenticationEntryPointInLambdaThenCustomAuthenticationEntryPointUsed() {
+		// @formatter:off
 		SecurityWebFilterChain securityWebFilter = this.http
-				.authorizeExchange((exchanges) -> exchanges.anyExchange().authenticated())
+				.authorizeExchange((exchanges) -> exchanges
+						.anyExchange().authenticated()
+				)
 				.exceptionHandling((exceptionHandling) -> exceptionHandling
-						.authenticationEntryPoint(redirectServerAuthenticationEntryPoint("/auth")))
+						.authenticationEntryPoint(redirectServerAuthenticationEntryPoint("/auth"))
+				)
 				.build();
-		WebTestClient client = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build();
-		client.get().uri("/test").exchange().expectStatus().isFound().expectHeader().valueMatches("Location", ".*");
+		WebTestClient client = WebTestClientBuilder
+				.bindToWebFilters(securityWebFilter)
+				.build();
+		client.get()
+				.uri("/test")
+				.exchange()
+				.expectStatus().isFound()
+				.expectHeader().valueMatches("Location", ".*");
+		// @formatter:on
 	}
 
 	@Test
 	public void defaultAccessDeniedHandler() {
-		SecurityWebFilterChain securityWebFilter = this.http.csrf().disable().httpBasic().and().authorizeExchange()
-				.anyExchange().hasRole("ADMIN").and().exceptionHandling().and().build();
-		WebTestClient client = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build();
-		client.get().uri("/admin").headers((headers) -> headers.setBasicAuth("user", "password")).exchange()
+		// @formatter:off
+		SecurityWebFilterChain securityWebFilter = this.http
+				.csrf().disable()
+				.httpBasic().and()
+				.authorizeExchange()
+					.anyExchange().hasRole("ADMIN")
+					.and()
+				.exceptionHandling().and()
+				.build();
+		WebTestClient client = WebTestClientBuilder
+				.bindToWebFilters(securityWebFilter)
+				.build();
+		client.get()
+				.uri("/admin")
+				.headers((headers) -> headers.setBasicAuth("user", "password"))
+				.exchange()
 				.expectStatus().isForbidden();
+		// @formatter:on
 	}
 
 	@Test
 	public void requestWhenExceptionHandlingWithDefaultsInLambdaThenDefaultAccessDeniedHandlerUsed() {
-		SecurityWebFilterChain securityWebFilter = this.http.httpBasic(withDefaults())
-				.authorizeExchange((exchanges) -> exchanges.anyExchange().hasRole("ADMIN"))
-				.exceptionHandling(withDefaults()).build();
-		WebTestClient client = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build();
-		client.get().uri("/admin").headers((headers) -> headers.setBasicAuth("user", "password")).exchange()
+		// @formatter:off
+		SecurityWebFilterChain securityWebFilter = this.http
+				.httpBasic(withDefaults())
+				.authorizeExchange((exchanges) -> exchanges
+						.anyExchange().hasRole("ADMIN")
+				)
+				.exceptionHandling(withDefaults())
+				.build();
+		WebTestClient client = WebTestClientBuilder
+				.bindToWebFilters(securityWebFilter)
+				.build();
+		client.get()
+				.uri("/admin")
+				.headers((headers) -> headers.setBasicAuth("user", "password"))
+				.exchange()
 				.expectStatus().isForbidden();
+		// @formatter:on
 	}
 
 	@Test
 	public void customAccessDeniedHandler() {
-		SecurityWebFilterChain securityWebFilter = this.http.csrf().disable().httpBasic().and().authorizeExchange()
-				.anyExchange().hasRole("ADMIN").and().exceptionHandling()
-				.accessDeniedHandler(httpStatusServerAccessDeniedHandler(HttpStatus.BAD_REQUEST)).and().build();
-		WebTestClient client = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build();
-		client.get().uri("/admin").headers((headers) -> headers.setBasicAuth("user", "password")).exchange()
+		// @formatter:off
+		SecurityWebFilterChain securityWebFilter = this.http
+				.csrf().disable()
+				.httpBasic().and()
+				.authorizeExchange()
+					.anyExchange().hasRole("ADMIN")
+					.and()
+				.exceptionHandling()
+					.accessDeniedHandler(httpStatusServerAccessDeniedHandler(HttpStatus.BAD_REQUEST))
+					.and()
+				.build();
+		WebTestClient client = WebTestClientBuilder
+				.bindToWebFilters(securityWebFilter)
+				.build();
+		client.get()
+				.uri("/admin")
+				.headers((headers) -> headers.setBasicAuth("user", "password"))
+				.exchange()
 				.expectStatus().isBadRequest();
+		// @formatter:on
 	}
 
 	@Test
 	public void requestWhenCustomAccessDeniedHandlerInLambdaThenCustomAccessDeniedHandlerUsed() {
-		SecurityWebFilterChain securityWebFilter = this.http.httpBasic(withDefaults())
-				.authorizeExchange((exchanges) -> exchanges.anyExchange().hasRole("ADMIN"))
+		// @formatter:off
+		SecurityWebFilterChain securityWebFilter = this.http
+				.httpBasic(withDefaults())
+				.authorizeExchange((exchanges) -> exchanges
+						.anyExchange().hasRole("ADMIN")
+				)
 				.exceptionHandling((exceptionHandling) -> exceptionHandling
-						.accessDeniedHandler(httpStatusServerAccessDeniedHandler(HttpStatus.BAD_REQUEST)))
+						.accessDeniedHandler(httpStatusServerAccessDeniedHandler(HttpStatus.BAD_REQUEST))
+				)
 				.build();
-		WebTestClient client = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build();
-		client.get().uri("/admin").headers((headers) -> headers.setBasicAuth("user", "password")).exchange()
+		WebTestClient client = WebTestClientBuilder
+				.bindToWebFilters(securityWebFilter)
+				.build();
+		client.get()
+				.uri("/admin")
+				.headers((headers) -> headers.setBasicAuth("user", "password"))
+				.exchange()
 				.expectStatus().isBadRequest();
+		// @formatter:on
 	}
 
 	private ServerAuthenticationEntryPoint redirectServerAuthenticationEntryPoint(String location) {
diff --git a/config/src/test/java/org/springframework/security/config/web/server/FormLoginTests.java b/config/src/test/java/org/springframework/security/config/web/server/FormLoginTests.java
index b53176c4ae..3fa67d531a 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/FormLoginTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/FormLoginTests.java
@@ -67,14 +67,33 @@ public class FormLoginTests {
 
 	@Test
 	public void defaultLoginPage() {
-		SecurityWebFilterChain securityWebFilter = this.http.authorizeExchange().anyExchange().authenticated().and()
-				.formLogin().and().build();
-		WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build();
-		WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build();
+		// @formatter:off
+		SecurityWebFilterChain securityWebFilter = this.http
+				.authorizeExchange()
+					.anyExchange().authenticated()
+					.and()
+				.formLogin()
+					.and()
+				.build();
+		WebTestClient webTestClient = WebTestClientBuilder
+				.bindToWebFilters(securityWebFilter)
+				.build();
+		WebDriver driver = WebTestClientHtmlUnitDriverBuilder
+				.webTestClientSetup(webTestClient)
+				.build();
+		// @formatter:on
 		DefaultLoginPage loginPage = HomePage.to(driver, DefaultLoginPage.class).assertAt();
-		loginPage = loginPage.loginForm().username("user").password("invalid").submit(DefaultLoginPage.class)
+		// @formatter:off
+		loginPage = loginPage.loginForm()
+					.username("user")
+					.password("invalid")
+					.submit(DefaultLoginPage.class)
 				.assertError();
-		HomePage homePage = loginPage.loginForm().username("user").password("password").submit(HomePage.class);
+		HomePage homePage = loginPage.loginForm()
+				.username("user")
+				.password("password")
+				.submit(HomePage.class);
+		// @formatter:on
 		homePage.assertAt();
 		loginPage = DefaultLogoutPage.to(driver).assertAt().logout();
 		loginPage.assertAt().assertLogout();
@@ -83,14 +102,30 @@ public class FormLoginTests {
 	@Test
 	public void formLoginWhenDefaultsInLambdaThenCreatesDefaultLoginPage() {
 		SecurityWebFilterChain securityWebFilter = this.http
-				.authorizeExchange((exchanges) -> exchanges.anyExchange().authenticated()).formLogin(withDefaults())
+				.authorizeExchange((exchanges) -> exchanges
+						.anyExchange().authenticated()
+				)
+				.formLogin(withDefaults())
+				.build();
+		WebTestClient webTestClient = WebTestClientBuilder
+				.bindToWebFilters(securityWebFilter)
+				.build();
+		WebDriver driver = WebTestClientHtmlUnitDriverBuilder
+				.webTestClientSetup(webTestClient)
 				.build();
-		WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build();
-		WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build();
 		DefaultLoginPage loginPage = HomePage.to(driver, DefaultLoginPage.class).assertAt();
-		loginPage = loginPage.loginForm().username("user").password("invalid").submit(DefaultLoginPage.class)
+		// @formatter:off
+		loginPage = loginPage
+				.loginForm()
+					.username("user")
+					.password("invalid")
+					.submit(DefaultLoginPage.class)
 				.assertError();
-		HomePage homePage = loginPage.loginForm().username("user").password("password").submit(HomePage.class);
+		HomePage homePage = loginPage.loginForm()
+				.username("user")
+				.password("password")
+				.submit(HomePage.class);
+		// @formatter:on
 		homePage.assertAt();
 		loginPage = DefaultLogoutPage.to(driver).assertAt().logout();
 		loginPage.assertAt().assertLogout();
@@ -98,64 +133,141 @@ public class FormLoginTests {
 
 	@Test
 	public void customLoginPage() {
-		SecurityWebFilterChain securityWebFilter = this.http.authorizeExchange().pathMatchers("/login").permitAll()
-				.anyExchange().authenticated().and().formLogin().loginPage("/login").and().build();
+		// @formatter:off
+		SecurityWebFilterChain securityWebFilter = this.http
+				.authorizeExchange()
+					.pathMatchers("/login").permitAll()
+					.anyExchange().authenticated()
+					.and()
+				.formLogin()
+					.loginPage("/login")
+					.and()
+				.build();
 		WebTestClient webTestClient = WebTestClient
 				.bindToController(new CustomLoginPageController(), new WebTestClientBuilder.Http200RestController())
-				.webFilter(new WebFilterChainProxy(securityWebFilter)).build();
-		WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build();
+				.webFilter(new WebFilterChainProxy(securityWebFilter))
+				.build();
+		WebDriver driver = WebTestClientHtmlUnitDriverBuilder
+				.webTestClientSetup(webTestClient)
+				.build();
+		// @formatter:on
 		CustomLoginPage loginPage = HomePage.to(driver, CustomLoginPage.class).assertAt();
-		HomePage homePage = loginPage.loginForm().username("user").password("password").submit(HomePage.class);
+		// @formatter:off
+		HomePage homePage = loginPage.loginForm()
+				.username("user")
+				.password("password")
+				.submit(HomePage.class);
+		// @formatter:on
 		homePage.assertAt();
 	}
 
 	@Test
 	public void formLoginWhenCustomLoginPageInLambdaThenUsed() {
+		// @formatter:off
 		SecurityWebFilterChain securityWebFilter = this.http
-				.authorizeExchange(
-						(exchanges) -> exchanges.pathMatchers("/login").permitAll().anyExchange().authenticated())
-				.formLogin((formLogin) -> formLogin.loginPage("/login")).build();
+				.authorizeExchange((exchanges) -> exchanges
+						.pathMatchers("/login").permitAll()
+						.anyExchange().authenticated()
+				)
+				.formLogin((formLogin) -> formLogin
+						.loginPage("/login")
+				)
+				.build();
 		WebTestClient webTestClient = WebTestClient
 				.bindToController(new CustomLoginPageController(), new WebTestClientBuilder.Http200RestController())
-				.webFilter(new WebFilterChainProxy(securityWebFilter)).build();
-		WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build();
+				.webFilter(new WebFilterChainProxy(securityWebFilter))
+				.build();
+		WebDriver driver = WebTestClientHtmlUnitDriverBuilder
+				.webTestClientSetup(webTestClient)
+				.build();
+		// @formatter:on
 		CustomLoginPage loginPage = HomePage.to(driver, CustomLoginPage.class).assertAt();
-		HomePage homePage = loginPage.loginForm().username("user").password("password").submit(HomePage.class);
+		// @formatter:off
+		HomePage homePage = loginPage.loginForm()
+				.username("user")
+				.password("password")
+				.submit(HomePage.class);
+		// @formatter:on
 		homePage.assertAt();
 	}
 
 	@Test
 	public void formLoginWhenCustomAuthenticationFailureHandlerThenUsed() {
-		SecurityWebFilterChain securityWebFilter = this.http.authorizeExchange().pathMatchers("/login", "/failure")
-				.permitAll().anyExchange().authenticated().and().formLogin()
-				.authenticationFailureHandler(new RedirectServerAuthenticationFailureHandler("/failure")).and().build();
-		WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build();
-		WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build();
+		// @formatter:off
+		SecurityWebFilterChain securityWebFilter = this.http
+				.authorizeExchange()
+					.pathMatchers("/login", "/failure").permitAll()
+					.anyExchange().authenticated()
+					.and()
+				.formLogin()
+					.authenticationFailureHandler(new RedirectServerAuthenticationFailureHandler("/failure"))
+					.and()
+				.build();
+		WebTestClient webTestClient = WebTestClientBuilder
+				.bindToWebFilters(securityWebFilter)
+				.build();
+		WebDriver driver = WebTestClientHtmlUnitDriverBuilder
+				.webTestClientSetup(webTestClient)
+				.build();
+		// @formatter:on
 		DefaultLoginPage loginPage = HomePage.to(driver, DefaultLoginPage.class).assertAt();
-		loginPage.loginForm().username("invalid").password("invalid").submit(HomePage.class);
+		// @formatter:off
+		loginPage.loginForm()
+				.username("invalid")
+				.password("invalid")
+				.submit(HomePage.class);
+		// @formatter:on
 		assertThat(driver.getCurrentUrl()).endsWith("/failure");
 	}
 
 	@Test
 	public void formLoginWhenCustomRequiresAuthenticationMatcherThenUsed() {
-		SecurityWebFilterChain securityWebFilter = this.http.authorizeExchange().pathMatchers("/login", "/sign-in")
-				.permitAll().anyExchange().authenticated().and().formLogin()
-				.requiresAuthenticationMatcher(new PathPatternParserServerWebExchangeMatcher("/sign-in")).and().build();
-		WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build();
-		WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build();
+		// @formatter:off
+		SecurityWebFilterChain securityWebFilter = this.http
+				.authorizeExchange()
+					.pathMatchers("/login", "/sign-in").permitAll()
+					.anyExchange().authenticated()
+					.and()
+				.formLogin()
+					.requiresAuthenticationMatcher(new PathPatternParserServerWebExchangeMatcher("/sign-in"))
+					.and()
+				.build();
+		WebTestClient webTestClient = WebTestClientBuilder
+				.bindToWebFilters(securityWebFilter)
+				.build();
+		WebDriver driver = WebTestClientHtmlUnitDriverBuilder
+				.webTestClientSetup(webTestClient)
+				.build();
+		// @formatter:on
 		driver.get("http://localhost/sign-in");
 		assertThat(driver.getCurrentUrl()).endsWith("/login?error");
 	}
 
 	@Test
 	public void authenticationSuccess() {
-		SecurityWebFilterChain securityWebFilter = this.http.authorizeExchange().anyExchange().authenticated().and()
-				.formLogin().authenticationSuccessHandler(new RedirectServerAuthenticationSuccessHandler("/custom"))
-				.and().build();
-		WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build();
-		WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build();
+		// @formatter:off
+		SecurityWebFilterChain securityWebFilter = this.http
+				.authorizeExchange()
+					.anyExchange().authenticated()
+					.and()
+				.formLogin()
+					.authenticationSuccessHandler(new RedirectServerAuthenticationSuccessHandler("/custom"))
+					.and()
+				.build();
+		WebTestClient webTestClient = WebTestClientBuilder
+				.bindToWebFilters(securityWebFilter)
+				.build();
+		WebDriver driver = WebTestClientHtmlUnitDriverBuilder
+				.webTestClientSetup(webTestClient)
+				.build();
+		// @formatter:on
 		DefaultLoginPage loginPage = DefaultLoginPage.to(driver).assertAt();
-		HomePage homePage = loginPage.loginForm().username("user").password("password").submit(HomePage.class);
+		// @formatter:off
+		HomePage homePage = loginPage.loginForm()
+				.username("user")
+				.password("password")
+				.submit(HomePage.class);
+		// @formatter:on
 		assertThat(driver.getCurrentUrl()).endsWith("/custom");
 	}
 
@@ -167,12 +279,27 @@ public class FormLoginTests {
 				.willThrow(new RuntimeException("should not interact with default auth manager"));
 		given(customAuthenticationManager.authenticate(any()))
 				.willReturn(Mono.just(new TestingAuthenticationToken("user", "password", "ROLE_USER", "ROLE_ADMIN")));
-		SecurityWebFilterChain securityWebFilter = this.http.authenticationManager(defaultAuthenticationManager)
-				.formLogin().authenticationManager(customAuthenticationManager).and().build();
-		WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build();
-		WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build();
+		// @formatter:off
+		SecurityWebFilterChain securityWebFilter = this.http
+				.authenticationManager(defaultAuthenticationManager)
+				.formLogin()
+					.authenticationManager(customAuthenticationManager)
+					.and()
+				.build();
+		WebTestClient webTestClient = WebTestClientBuilder
+				.bindToWebFilters(securityWebFilter)
+				.build();
+		WebDriver driver = WebTestClientHtmlUnitDriverBuilder
+				.webTestClientSetup(webTestClient)
+				.build();
+		// @formatter:on
 		DefaultLoginPage loginPage = DefaultLoginPage.to(driver).assertAt();
-		HomePage homePage = loginPage.loginForm().username("user").password("password").submit(HomePage.class);
+		// @formatter:off
+		HomePage homePage = loginPage.loginForm()
+				.username("user")
+				.password("password")
+				.submit(HomePage.class);
+		// @formatter:on
 		homePage.assertAt();
 		verifyZeroInteractions(defaultAuthenticationManager);
 	}
@@ -186,13 +313,30 @@ public class FormLoginTests {
 		given(defaultSecContextRepository.load(any())).willReturn(authentication(token));
 		given(formLoginSecContextRepository.save(any(), any())).willReturn(Mono.empty());
 		given(formLoginSecContextRepository.load(any())).willReturn(authentication(token));
-		SecurityWebFilterChain securityWebFilter = this.http.authorizeExchange().anyExchange().authenticated().and()
-				.securityContextRepository(defaultSecContextRepository).formLogin()
-				.securityContextRepository(formLoginSecContextRepository).and().build();
-		WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build();
-		WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build();
+		// @formatter:off
+		SecurityWebFilterChain securityWebFilter = this.http
+				.authorizeExchange()
+					.anyExchange().authenticated()
+					.and()
+				.securityContextRepository(defaultSecContextRepository)
+				.formLogin()
+					.securityContextRepository(formLoginSecContextRepository)
+					.and()
+				.build();
+		WebTestClient webTestClient = WebTestClientBuilder
+				.bindToWebFilters(securityWebFilter)
+				.build();
+		WebDriver driver = WebTestClientHtmlUnitDriverBuilder
+				.webTestClientSetup(webTestClient)
+				.build();
+		// @formatter:on
 		DefaultLoginPage loginPage = DefaultLoginPage.to(driver).assertAt();
-		HomePage homePage = loginPage.loginForm().username("user").password("password").submit(HomePage.class);
+		// @formatter:off
+		HomePage homePage = loginPage.loginForm()
+				.username("user")
+				.password("password")
+				.submit(HomePage.class);
+		// @formatter:on
 		homePage.assertAt();
 		verify(defaultSecContextRepository, atLeastOnce()).load(any());
 		verify(formLoginSecContextRepository).save(any(), any());
@@ -421,20 +565,35 @@ public class FormLoginTests {
 		@GetMapping("/login")
 		public Mono<String> login(ServerWebExchange exchange) {
 			Mono<CsrfToken> token = exchange.getAttributeOrDefault(CsrfToken.class.getName(), Mono.empty());
-			return token.map((t) -> "<!DOCTYPE html>\n" + "<html lang=\"en\">\n" + "  <head>\n"
+			// @formatter:off
+			return token.map((t) -> "<!DOCTYPE html>\n"
+					+ "<html lang=\"en\">\n"
+					+ "  <head>\n"
 					+ "    <meta charset=\"utf-8\">\n"
 					+ "    <meta name=\"viewport\" content=\"width=device-width, initial-scale=1, shrink-to-fit=no\">\n"
-					+ "    <meta name=\"description\" content=\"\">\n" + "    <meta name=\"author\" content=\"\">\n"
-					+ "    <title>Custom Log In Page</title>\n" + "  </head>\n" + "  <body>\n" + "     <div>\n"
-					+ "      <form method=\"post\" action=\"/login\">\n" + "        <h2>Please sign in</h2>\n"
-					+ "        <p>\n" + "          <label for=\"username\">Username</label>\n"
+					+ "    <meta name=\"description\" content=\"\">\n"
+					+ "    <meta name=\"author\" content=\"\">\n"
+					+ "    <title>Custom Log In Page</title>\n"
+					+ "  </head>\n"
+					+ "  <body>\n"
+					+ "     <div>\n"
+					+ "      <form method=\"post\" action=\"/login\">\n"
+					+ "        <h2>Please sign in</h2>\n"
+					+ "        <p>\n"
+					+ "          <label for=\"username\">Username</label>\n"
 					+ "          <input type=\"text\" id=\"username\" name=\"username\" placeholder=\"Username\" required autofocus>\n"
-					+ "        </p>\n" + "        <p>\n"
+					+ "        </p>\n"
+					+ "        <p>\n"
 					+ "          <label for=\"password\" class=\"sr-only\">Password</label>\n"
 					+ "          <input type=\"password\" id=\"password\" name=\"password\" placeholder=\"Password\" required>\n"
-					+ "        </p>\n" + "        <input type=\"hidden\" name=\"" + t.getParameterName() + "\" value=\""
-					+ t.getToken() + "\">\n" + "        <button type=\"submit\">Sign in</button>\n" + "      </form>\n"
-					+ "    </div>\n" + "  </body>\n" + "</html>");
+					+ "        </p>\n"
+					+ "        <input type=\"hidden\" name=\"" + t.getParameterName() + "\" value=\"" + t.getToken() + "\">\n"
+					+ "        <button type=\"submit\">Sign in</button>\n"
+					+ "      </form>\n"
+					+ "    </div>\n"
+					+ "  </body>\n"
+					+ "</html>");
+			// @formatter:on
 		}
 
 	}
diff --git a/config/src/test/java/org/springframework/security/config/web/server/HeaderSpecTests.java b/config/src/test/java/org/springframework/security/config/web/server/HeaderSpecTests.java
index 5efabbd93e..6e51e7c6ec 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/HeaderSpecTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/HeaderSpecTests.java
@@ -116,7 +116,11 @@ public class HeaderSpecTests {
 	@Test
 	public void headersWhenCacheDisableInLambdaThenCacheNotWritten() {
 		expectHeaderNamesNotPresent(HttpHeaders.CACHE_CONTROL, HttpHeaders.PRAGMA, HttpHeaders.EXPIRES);
-		this.http.headers((headers) -> headers.cache((cache) -> cache.disable()));
+		// @formatter:off
+		this.http.headers((headers) -> headers
+				.cache((cache) -> cache.disable())
+		);
+		// @formatter:on
 		assertHeaders();
 	}
 
@@ -130,8 +134,12 @@ public class HeaderSpecTests {
 	@Test
 	public void headersWhenContentOptionsDisableInLambdaThenContentTypeOptionsNotWritten() {
 		expectHeaderNamesNotPresent(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS);
+		// @formatter:off
 		this.http
-				.headers((headers) -> headers.contentTypeOptions((contentTypeOptions) -> contentTypeOptions.disable()));
+				.headers((headers) -> headers
+						.contentTypeOptions((contentTypeOptions) -> contentTypeOptions.disable()
+				));
+		// @formatter:on
 		assertHeaders();
 	}
 
@@ -145,7 +153,11 @@ public class HeaderSpecTests {
 	@Test
 	public void headersWhenHstsDisableInLambdaThenHstsNotWritten() {
 		expectHeaderNamesNotPresent(StrictTransportSecurityServerHttpHeadersWriter.STRICT_TRANSPORT_SECURITY);
-		this.http.headers((headers) -> headers.hsts((hsts) -> hsts.disable()));
+		// @formatter:off
+		this.http.headers((headers) -> headers
+				.hsts((hsts) -> hsts.disable())
+		);
+		// @formatter:on
 		assertHeaders();
 	}
 
@@ -154,7 +166,12 @@ public class HeaderSpecTests {
 		this.expectedHeaders.remove(StrictTransportSecurityServerHttpHeadersWriter.STRICT_TRANSPORT_SECURITY);
 		this.expectedHeaders.add(StrictTransportSecurityServerHttpHeadersWriter.STRICT_TRANSPORT_SECURITY,
 				"max-age=60");
-		this.http.headers().hsts().maxAge(Duration.ofSeconds(60)).includeSubdomains(false);
+		// @formatter:off
+		this.http.headers()
+				.hsts()
+					.maxAge(Duration.ofSeconds(60))
+					.includeSubdomains(false);
+		// @formatter:on
 		assertHeaders();
 	}
 
@@ -163,8 +180,15 @@ public class HeaderSpecTests {
 		this.expectedHeaders.remove(StrictTransportSecurityServerHttpHeadersWriter.STRICT_TRANSPORT_SECURITY);
 		this.expectedHeaders.add(StrictTransportSecurityServerHttpHeadersWriter.STRICT_TRANSPORT_SECURITY,
 				"max-age=60");
+		// @formatter:off
 		this.http.headers(
-				(headers) -> headers.hsts((hsts) -> hsts.maxAge(Duration.ofSeconds(60)).includeSubdomains(false)));
+				(headers) -> headers
+						.hsts((hsts) -> hsts
+								.maxAge(Duration.ofSeconds(60))
+								.includeSubdomains(false)
+						)
+		);
+		// @formatter:on
 		assertHeaders();
 	}
 
@@ -173,7 +197,12 @@ public class HeaderSpecTests {
 		this.expectedHeaders.remove(StrictTransportSecurityServerHttpHeadersWriter.STRICT_TRANSPORT_SECURITY);
 		this.expectedHeaders.add(StrictTransportSecurityServerHttpHeadersWriter.STRICT_TRANSPORT_SECURITY,
 				"max-age=60 ; includeSubDomains ; preload");
-		this.http.headers().hsts().maxAge(Duration.ofSeconds(60)).preload(true);
+		// @formatter:off
+		this.http.headers()
+				.hsts()
+					.maxAge(Duration.ofSeconds(60))
+					.preload(true);
+		// @formatter:on
 		assertHeaders();
 	}
 
@@ -182,50 +211,84 @@ public class HeaderSpecTests {
 		this.expectedHeaders.remove(StrictTransportSecurityServerHttpHeadersWriter.STRICT_TRANSPORT_SECURITY);
 		this.expectedHeaders.add(StrictTransportSecurityServerHttpHeadersWriter.STRICT_TRANSPORT_SECURITY,
 				"max-age=60 ; includeSubDomains ; preload");
-		this.http.headers((headers) -> headers.hsts((hsts) -> hsts.maxAge(Duration.ofSeconds(60)).preload(true)));
+		// @formatter:off
+		this.http.headers((headers) -> headers
+				.hsts((hsts) -> hsts
+						.maxAge(Duration.ofSeconds(60))
+						.preload(true)
+				)
+		);
+		// @formatter:on
 		assertHeaders();
 	}
 
 	@Test
 	public void headersWhenFrameOptionsDisableThenFrameOptionsNotWritten() {
 		expectHeaderNamesNotPresent(XFrameOptionsServerHttpHeadersWriter.X_FRAME_OPTIONS);
-		this.http.headers().frameOptions().disable();
+		// @formatter:off
+		this.http.headers()
+				.frameOptions().disable();
+		// @formatter:on
 		assertHeaders();
 	}
 
 	@Test
 	public void headersWhenFrameOptionsDisableInLambdaThenFrameOptionsNotWritten() {
 		expectHeaderNamesNotPresent(XFrameOptionsServerHttpHeadersWriter.X_FRAME_OPTIONS);
-		this.http.headers((headers) -> headers.frameOptions((frameOptions) -> frameOptions.disable()));
+		// @formatter:off
+		this.http.headers((headers) -> headers
+				.frameOptions((frameOptions) -> frameOptions
+						.disable()
+				)
+		);
+		// @formatter:on
 		assertHeaders();
 	}
 
 	@Test
 	public void headersWhenFrameOptionsModeThenFrameOptionsCustomMode() {
 		this.expectedHeaders.set(XFrameOptionsServerHttpHeadersWriter.X_FRAME_OPTIONS, "SAMEORIGIN");
-		this.http.headers().frameOptions().mode(XFrameOptionsServerHttpHeadersWriter.Mode.SAMEORIGIN);
+		// @formatter:off
+		this.http.headers()
+				.frameOptions()
+					.mode(XFrameOptionsServerHttpHeadersWriter.Mode.SAMEORIGIN);
+		// @formatter:on
 		assertHeaders();
 	}
 
 	@Test
 	public void headersWhenFrameOptionsModeInLambdaThenFrameOptionsCustomMode() {
 		this.expectedHeaders.set(XFrameOptionsServerHttpHeadersWriter.X_FRAME_OPTIONS, "SAMEORIGIN");
-		this.http.headers((headers) -> headers.frameOptions(
-				(frameOptions) -> frameOptions.mode(XFrameOptionsServerHttpHeadersWriter.Mode.SAMEORIGIN)));
+		// @formatter:off
+		this.http.headers((headers) -> headers
+				.frameOptions((frameOptions) -> frameOptions
+						.mode(XFrameOptionsServerHttpHeadersWriter.Mode.SAMEORIGIN)
+				)
+		);
+		// @formatter:on
 		assertHeaders();
 	}
 
 	@Test
 	public void headersWhenXssProtectionDisableThenXssProtectionNotWritten() {
 		expectHeaderNamesNotPresent("X-Xss-Protection");
-		this.http.headers().xssProtection().disable();
+		// @formatter:off
+		this.http.headers()
+				.xssProtection().disable();
+		// @formatter:on
 		assertHeaders();
 	}
 
 	@Test
 	public void headersWhenXssProtectionDisableInLambdaThenXssProtectionNotWritten() {
 		expectHeaderNamesNotPresent("X-Xss-Protection");
-		this.http.headers((headers) -> headers.xssProtection((xssProtection) -> xssProtection.disable()));
+		// @formatter:off
+		this.http.headers((headers) -> headers
+				.xssProtection((xssProtection) -> xssProtection
+						.disable()
+				)
+		);
+		// @formatter:on
 		assertHeaders();
 	}
 
@@ -233,7 +296,10 @@ public class HeaderSpecTests {
 	public void headersWhenFeaturePolicyEnabledThenFeaturePolicyWritten() {
 		String policyDirectives = "Feature-Policy";
 		this.expectedHeaders.add(FeaturePolicyServerHttpHeadersWriter.FEATURE_POLICY, policyDirectives);
-		this.http.headers().featurePolicy(policyDirectives);
+		// @formatter:off
+		this.http.headers()
+				.featurePolicy(policyDirectives);
+		// @formatter:on
 		assertHeaders();
 	}
 
@@ -242,7 +308,10 @@ public class HeaderSpecTests {
 		String policyDirectives = "default-src 'self'";
 		this.expectedHeaders.add(ContentSecurityPolicyServerHttpHeadersWriter.CONTENT_SECURITY_POLICY,
 				policyDirectives);
-		this.http.headers().contentSecurityPolicy(policyDirectives);
+		// @formatter:off
+		this.http.headers()
+				.contentSecurityPolicy(policyDirectives);
+		// @formatter:on
 		assertHeaders();
 	}
 
@@ -251,7 +320,11 @@ public class HeaderSpecTests {
 		String expectedPolicyDirectives = "default-src 'self'";
 		this.expectedHeaders.add(ContentSecurityPolicyServerHttpHeadersWriter.CONTENT_SECURITY_POLICY,
 				expectedPolicyDirectives);
-		this.http.headers((headers) -> headers.contentSecurityPolicy(withDefaults()));
+		// @formatter:off
+		this.http.headers((headers) -> headers
+				.contentSecurityPolicy(withDefaults())
+		);
+		// @formatter:on
 		assertHeaders();
 	}
 
@@ -260,8 +333,13 @@ public class HeaderSpecTests {
 		String policyDirectives = "default-src 'self' *.trusted.com";
 		this.expectedHeaders.add(ContentSecurityPolicyServerHttpHeadersWriter.CONTENT_SECURITY_POLICY,
 				policyDirectives);
-		this.http.headers((headers) -> headers.contentSecurityPolicy(
-				(contentSecurityPolicy) -> contentSecurityPolicy.policyDirectives(policyDirectives)));
+		// @formatter:off
+		this.http.headers((headers) -> headers
+				.contentSecurityPolicy((csp) -> csp
+						.policyDirectives(policyDirectives)
+				)
+		);
+		// @formatter:on
 		assertHeaders();
 	}
 
@@ -269,7 +347,10 @@ public class HeaderSpecTests {
 	public void headersWhenReferrerPolicyEnabledThenFeaturePolicyWritten() {
 		this.expectedHeaders.add(ReferrerPolicyServerHttpHeadersWriter.REFERRER_POLICY,
 				ReferrerPolicy.NO_REFERRER.getPolicy());
-		this.http.headers().referrerPolicy();
+		// @formatter:off
+		this.http.headers()
+				.referrerPolicy();
+		// @formatter:on
 		assertHeaders();
 	}
 
@@ -277,7 +358,12 @@ public class HeaderSpecTests {
 	public void headersWhenReferrerPolicyEnabledInLambdaThenReferrerPolicyWritten() {
 		this.expectedHeaders.add(ReferrerPolicyServerHttpHeadersWriter.REFERRER_POLICY,
 				ReferrerPolicy.NO_REFERRER.getPolicy());
-		this.http.headers((headers) -> headers.referrerPolicy(withDefaults()));
+		// @formatter:off
+		this.http.headers((headers) -> headers
+				.referrerPolicy(withDefaults()
+				)
+		);
+		// @formatter:on
 		assertHeaders();
 	}
 
@@ -285,7 +371,10 @@ public class HeaderSpecTests {
 	public void headersWhenReferrerPolicyCustomEnabledThenFeaturePolicyCustomWritten() {
 		this.expectedHeaders.add(ReferrerPolicyServerHttpHeadersWriter.REFERRER_POLICY,
 				ReferrerPolicy.NO_REFERRER_WHEN_DOWNGRADE.getPolicy());
-		this.http.headers().referrerPolicy(ReferrerPolicy.NO_REFERRER_WHEN_DOWNGRADE);
+		// @formatter:off
+		this.http.headers()
+				.referrerPolicy(ReferrerPolicy.NO_REFERRER_WHEN_DOWNGRADE);
+		// @formatter:on
 		assertHeaders();
 	}
 
@@ -293,16 +382,27 @@ public class HeaderSpecTests {
 	public void headersWhenReferrerPolicyCustomEnabledInLambdaThenCustomReferrerPolicyWritten() {
 		this.expectedHeaders.add(ReferrerPolicyServerHttpHeadersWriter.REFERRER_POLICY,
 				ReferrerPolicy.NO_REFERRER_WHEN_DOWNGRADE.getPolicy());
+		// @formatter:off
 		this.http.headers((headers) -> headers
-				.referrerPolicy((referrerPolicy) -> referrerPolicy.policy(ReferrerPolicy.NO_REFERRER_WHEN_DOWNGRADE)));
+				.referrerPolicy((referrerPolicy) -> referrerPolicy
+						.policy(ReferrerPolicy.NO_REFERRER_WHEN_DOWNGRADE)
+				)
+		);
+		// @formatter:on
 		assertHeaders();
 	}
 
 	@Test
 	public void headersWhenCustomHeadersWriter() {
 		this.expectedHeaders.add(CUSTOM_HEADER, CUSTOM_VALUE);
-		this.http.headers((headers) -> headers.writer((exchange) -> Mono.just(exchange)
-				.doOnNext((it) -> it.getResponse().getHeaders().add(CUSTOM_HEADER, CUSTOM_VALUE)).then()));
+		// @formatter:off
+		this.http.headers((headers) -> headers
+				.writer((exchange) -> Mono.just(exchange)
+					.doOnNext((it) -> it.getResponse().getHeaders().add(CUSTOM_HEADER, CUSTOM_VALUE))
+					.then()
+				)
+		);
+		// @formatter:on
 		assertHeaders();
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/web/server/HttpsRedirectSpecTests.java b/config/src/test/java/org/springframework/security/config/web/server/HttpsRedirectSpecTests.java
index 9df6cc1c16..044d0820d0 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/HttpsRedirectSpecTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/HttpsRedirectSpecTests.java
@@ -49,43 +49,78 @@ public class HttpsRedirectSpecTests {
 
 	@Autowired
 	public void setApplicationContext(ApplicationContext context) {
-		this.client = WebTestClient.bindToApplicationContext(context).build();
+		// @formatter:off
+		this.client = WebTestClient
+				.bindToApplicationContext(context)
+				.build();
+		// @formatter:on
 	}
 
 	@Test
 	public void getWhenSecureThenDoesNotRedirect() {
 		this.spring.register(RedirectToHttpConfig.class).autowire();
-		this.client.get().uri("https://localhost").exchange().expectStatus().isNotFound();
+		// @formatter:off
+		this.client.get()
+				.uri("https://localhost")
+				.exchange()
+				.expectStatus().isNotFound();
+		// @formatter:on
 	}
 
 	@Test
 	public void getWhenInsecureThenRespondsWithRedirectToSecure() {
 		this.spring.register(RedirectToHttpConfig.class).autowire();
-		this.client.get().uri("http://localhost").exchange().expectStatus().isFound().expectHeader()
-				.valueEquals(HttpHeaders.LOCATION, "https://localhost");
+		// @formatter:off
+		this.client.get()
+				.uri("http://localhost")
+				.exchange()
+				.expectStatus().isFound()
+				.expectHeader().valueEquals(HttpHeaders.LOCATION, "https://localhost");
+		// @formatter:on
 	}
 
 	@Test
 	public void getWhenInsecureAndRedirectConfiguredInLambdaThenRespondsWithRedirectToSecure() {
 		this.spring.register(RedirectToHttpsInLambdaConfig.class).autowire();
-		this.client.get().uri("http://localhost").exchange().expectStatus().isFound().expectHeader()
-				.valueEquals(HttpHeaders.LOCATION, "https://localhost");
+		// @formatter:off
+		this.client.get()
+				.uri("http://localhost")
+				.exchange()
+				.expectStatus().isFound()
+				.expectHeader().valueEquals(HttpHeaders.LOCATION, "https://localhost");
+		// @formatter:on
 	}
 
 	@Test
 	public void getWhenInsecureAndPathRequiresTransportSecurityThenRedirects() {
 		this.spring.register(SometimesRedirectToHttpsConfig.class).autowire();
-		this.client.get().uri("http://localhost:8080").exchange().expectStatus().isNotFound();
-		this.client.get().uri("http://localhost:8080/secure").exchange().expectStatus().isFound().expectHeader()
-				.valueEquals(HttpHeaders.LOCATION, "https://localhost:8443/secure");
+		// @formatter:off
+		this.client.get()
+				.uri("http://localhost:8080")
+				.exchange()
+				.expectStatus().isNotFound();
+		this.client.get()
+				.uri("http://localhost:8080/secure")
+				.exchange()
+				.expectStatus().isFound()
+				.expectHeader().valueEquals(HttpHeaders.LOCATION, "https://localhost:8443/secure");
+		// @formatter:on
 	}
 
 	@Test
 	public void getWhenInsecureAndPathRequiresTransportSecurityInLambdaThenRedirects() {
 		this.spring.register(SometimesRedirectToHttpsInLambdaConfig.class).autowire();
-		this.client.get().uri("http://localhost:8080").exchange().expectStatus().isNotFound();
-		this.client.get().uri("http://localhost:8080/secure").exchange().expectStatus().isFound().expectHeader()
-				.valueEquals(HttpHeaders.LOCATION, "https://localhost:8443/secure");
+		// @formatter:off
+		this.client.get()
+				.uri("http://localhost:8080")
+				.exchange()
+				.expectStatus().isNotFound();
+		this.client.get()
+				.uri("http://localhost:8080/secure")
+				.exchange()
+				.expectStatus().isFound()
+				.expectHeader().valueEquals(HttpHeaders.LOCATION, "https://localhost:8443/secure");
+		// @formatter:on
 	}
 
 	@Test
@@ -93,8 +128,13 @@ public class HttpsRedirectSpecTests {
 		this.spring.register(RedirectToHttpsViaCustomPortsConfig.class).autowire();
 		PortMapper portMapper = this.spring.getContext().getBean(PortMapper.class);
 		given(portMapper.lookupHttpsPort(4080)).willReturn(4443);
-		this.client.get().uri("http://localhost:4080").exchange().expectStatus().isFound().expectHeader()
-				.valueEquals(HttpHeaders.LOCATION, "https://localhost:4443");
+		// @formatter:off
+		this.client.get()
+				.uri("http://localhost:4080")
+				.exchange()
+				.expectStatus().isFound()
+				.expectHeader().valueEquals(HttpHeaders.LOCATION, "https://localhost:4443");
+		// @formatter:on
 	}
 
 	@Test
@@ -102,8 +142,13 @@ public class HttpsRedirectSpecTests {
 		this.spring.register(RedirectToHttpsViaCustomPortsInLambdaConfig.class).autowire();
 		PortMapper portMapper = this.spring.getContext().getBean(PortMapper.class);
 		given(portMapper.lookupHttpsPort(4080)).willReturn(4443);
-		this.client.get().uri("http://localhost:4080").exchange().expectStatus().isFound().expectHeader()
-				.valueEquals(HttpHeaders.LOCATION, "https://localhost:4443");
+		// @formatter:off
+		this.client.get()
+				.uri("http://localhost:4080")
+				.exchange()
+				.expectStatus().isFound()
+				.expectHeader().valueEquals(HttpHeaders.LOCATION, "https://localhost:4443");
+		// @formatter:on
 	}
 
 	@EnableWebFlux
diff --git a/config/src/test/java/org/springframework/security/config/web/server/LogoutSpecTests.java b/config/src/test/java/org/springframework/security/config/web/server/LogoutSpecTests.java
index bd8822247d..fa55c952aa 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/LogoutSpecTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/LogoutSpecTests.java
@@ -28,6 +28,7 @@ import org.springframework.security.web.server.util.matcher.ServerWebExchangeMat
 import org.springframework.test.web.reactive.server.WebTestClient;
 
 import static org.springframework.security.config.Customizer.withDefaults;
+import static org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers.pathMatchers;
 
 /**
  * @author Shazin Sadakath
@@ -39,16 +40,34 @@ public class LogoutSpecTests {
 
 	@Test
 	public void defaultLogout() {
-		SecurityWebFilterChain securityWebFilter = this.http.authorizeExchange().anyExchange().authenticated().and()
-				.formLogin().and().build();
-		WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build();
-		WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build();
+		// @formatter:off
+		SecurityWebFilterChain securityWebFilter = this.http
+				.authorizeExchange()
+					.anyExchange().authenticated()
+					.and()
+				.formLogin()
+					.and()
+				.build();
+		WebTestClient webTestClient = WebTestClientBuilder
+				.bindToWebFilters(securityWebFilter)
+				.build();
+		WebDriver driver = WebTestClientHtmlUnitDriverBuilder
+				.webTestClientSetup(webTestClient)
+				.build();
+		// @formatter:on
 		FormLoginTests.DefaultLoginPage loginPage = FormLoginTests.HomePage
 				.to(driver, FormLoginTests.DefaultLoginPage.class).assertAt();
-		loginPage = loginPage.loginForm().username("user").password("invalid")
-				.submit(FormLoginTests.DefaultLoginPage.class).assertError();
-		FormLoginTests.HomePage homePage = loginPage.loginForm().username("user").password("password")
+		// @formatter:off
+		loginPage = loginPage.loginForm()
+				.username("user")
+				.password("invalid")
+				.submit(FormLoginTests.DefaultLoginPage.class)
+				.assertError();
+		FormLoginTests.HomePage homePage = loginPage.loginForm()
+				.username("user")
+				.password("password")
 				.submit(FormLoginTests.HomePage.class);
+		// @formatter:on
 		homePage.assertAt();
 		loginPage = FormLoginTests.DefaultLogoutPage.to(driver).assertAt().logout();
 		loginPage.assertAt().assertLogout();
@@ -56,37 +75,72 @@ public class LogoutSpecTests {
 
 	@Test
 	public void customLogout() {
-		SecurityWebFilterChain securityWebFilter = this.http.authorizeExchange().anyExchange().authenticated().and()
-				.formLogin().and().logout().requiresLogout(ServerWebExchangeMatchers.pathMatchers("/custom-logout"))
-				.and().build();
-		WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build();
-		WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build();
+		// @formatter:off
+		SecurityWebFilterChain securityWebFilter = this.http
+				.authorizeExchange()
+					.anyExchange().authenticated()
+					.and()
+				.formLogin().and()
+				.logout()
+					.requiresLogout(pathMatchers("/custom-logout"))
+				.and()
+				.build();
+		WebTestClient webTestClient = WebTestClientBuilder
+				.bindToWebFilters(securityWebFilter)
+				.build();
+		WebDriver driver = WebTestClientHtmlUnitDriverBuilder
+				.webTestClientSetup(webTestClient)
+				.build();
+		// @formatter:on
 		FormLoginTests.DefaultLoginPage loginPage = FormLoginTests.HomePage
 				.to(driver, FormLoginTests.DefaultLoginPage.class).assertAt();
-		loginPage = loginPage.loginForm().username("user").password("invalid")
-				.submit(FormLoginTests.DefaultLoginPage.class).assertError();
-		FormLoginTests.HomePage homePage = loginPage.loginForm().username("user").password("password")
+		// @formatter:off
+		loginPage = loginPage.loginForm()
+					.username("user")
+					.password("invalid")
+					.submit(FormLoginTests.DefaultLoginPage.class)
+				.assertError();
+		FormLoginTests.HomePage homePage = loginPage.loginForm()
+				.username("user")
+				.password("password")
 				.submit(FormLoginTests.HomePage.class);
 		homePage.assertAt();
+		// @formatter:on
 		driver.get("http://localhost/custom-logout");
 		FormLoginTests.DefaultLoginPage.create(driver).assertAt().assertLogout();
 	}
 
 	@Test
 	public void logoutWhenCustomLogoutInLambdaThenCustomLogoutUsed() {
+		// @formatter:off
 		SecurityWebFilterChain securityWebFilter = this.http
-				.authorizeExchange((authorizeExchange) -> authorizeExchange.anyExchange().authenticated())
+				.authorizeExchange((exchange) -> exchange
+						.anyExchange().authenticated()
+				)
 				.formLogin(withDefaults())
-				.logout((logout) -> logout.requiresLogout(ServerWebExchangeMatchers.pathMatchers("/custom-logout")))
+				.logout((logout) -> logout
+						.requiresLogout(pathMatchers("/custom-logout"))
+				)
 				.build();
-		WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build();
-		WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build();
+		WebTestClient webTestClient = WebTestClientBuilder
+				.bindToWebFilters(securityWebFilter)
+				.build();
+		WebDriver driver = WebTestClientHtmlUnitDriverBuilder
+				.webTestClientSetup(webTestClient)
+				.build();
+		// @formatter:on
 		FormLoginTests.DefaultLoginPage loginPage = FormLoginTests.HomePage
 				.to(driver, FormLoginTests.DefaultLoginPage.class).assertAt();
-		loginPage = loginPage.loginForm().username("user").password("invalid")
-				.submit(FormLoginTests.DefaultLoginPage.class).assertError();
-		FormLoginTests.HomePage homePage = loginPage.loginForm().username("user").password("password")
+		// @formatter:off
+		loginPage = loginPage.loginForm()
+				.username("user")
+				.password("invalid")
+				.submit(FormLoginTests.DefaultLoginPage.class)
+				.assertError();
+		FormLoginTests.HomePage homePage = loginPage.loginForm()
+				.username("user").password("password")
 				.submit(FormLoginTests.HomePage.class);
+		// @formatter:on
 		homePage.assertAt();
 		driver.get("http://localhost/custom-logout");
 		FormLoginTests.DefaultLoginPage.create(driver).assertAt().assertLogout();
@@ -94,14 +148,29 @@ public class LogoutSpecTests {
 
 	@Test
 	public void logoutWhenDisabledThenPostToLogoutDoesNothing() {
-		SecurityWebFilterChain securityWebFilter = this.http.authorizeExchange().anyExchange().authenticated().and()
-				.formLogin().and().logout().disable().build();
-		WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build();
-		WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build();
+		// @formatter:off
+		SecurityWebFilterChain securityWebFilter = this.http
+				.authorizeExchange()
+					.anyExchange().authenticated()
+					.and()
+				.formLogin().and()
+				.logout().disable()
+				.build();
+		WebTestClient webTestClient = WebTestClientBuilder
+				.bindToWebFilters(securityWebFilter)
+				.build();
+		WebDriver driver = WebTestClientHtmlUnitDriverBuilder
+				.webTestClientSetup(webTestClient)
+				.build();
+		// @formatter:on
 		FormLoginTests.DefaultLoginPage loginPage = FormLoginTests.HomePage
 				.to(driver, FormLoginTests.DefaultLoginPage.class).assertAt();
-		FormLoginTests.HomePage homePage = loginPage.loginForm().username("user").password("password")
+		// @formatter:off
+		FormLoginTests.HomePage homePage = loginPage.loginForm()
+				.username("user")
+				.password("password")
 				.submit(FormLoginTests.HomePage.class);
+		// @formatter:on
 		homePage.assertAt();
 		FormLoginTests.DefaultLogoutPage.to(driver).assertAt().logout();
 		homePage.assertAt();
@@ -111,14 +180,30 @@ public class LogoutSpecTests {
 	public void logoutWhenCustomSecurityContextRepositoryThenLogsOut() {
 		WebSessionServerSecurityContextRepository repository = new WebSessionServerSecurityContextRepository();
 		repository.setSpringSecurityContextAttrName("CUSTOM_CONTEXT_ATTR");
-		SecurityWebFilterChain securityWebFilter = this.http.securityContextRepository(repository).authorizeExchange()
-				.anyExchange().authenticated().and().formLogin().and().logout().and().build();
-		WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build();
-		WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build();
+		// @formatter:off
+		SecurityWebFilterChain securityWebFilter = this.http
+				.securityContextRepository(repository)
+				.authorizeExchange()
+					.anyExchange().authenticated()
+					.and()
+				.formLogin().and()
+				.logout().and()
+				.build();
+		WebTestClient webTestClient = WebTestClientBuilder
+				.bindToWebFilters(securityWebFilter)
+				.build();
+		WebDriver driver = WebTestClientHtmlUnitDriverBuilder
+				.webTestClientSetup(webTestClient)
+				.build();
+		// @formatter:on
 		FormLoginTests.DefaultLoginPage loginPage = FormLoginTests.HomePage
 				.to(driver, FormLoginTests.DefaultLoginPage.class).assertAt();
-		FormLoginTests.HomePage homePage = loginPage.loginForm().username("user").password("password")
+		// @formatter:off
+		FormLoginTests.HomePage homePage = loginPage.loginForm()
+				.username("user")
+				.password("password")
 				.submit(FormLoginTests.HomePage.class);
+		// @formatter:on
 		homePage.assertAt();
 		FormLoginTests.DefaultLogoutPage.to(driver).assertAt().logout();
 		FormLoginTests.HomePage.to(driver, FormLoginTests.DefaultLoginPage.class).assertAt();
diff --git a/config/src/test/java/org/springframework/security/config/web/server/OAuth2ClientSpecTests.java b/config/src/test/java/org/springframework/security/config/web/server/OAuth2ClientSpecTests.java
index b4f5599fad..171bcab955 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/OAuth2ClientSpecTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/OAuth2ClientSpecTests.java
@@ -82,7 +82,11 @@ public class OAuth2ClientSpecTests {
 
 	@Autowired
 	public void setApplicationContext(ApplicationContext context) {
-		this.client = WebTestClient.bindToApplicationContext(context).build();
+		// @formatter:off
+		this.client = WebTestClient
+				.bindToApplicationContext(context)
+				.build();
+		// @formatter:on
 	}
 
 	@Test
@@ -96,7 +100,12 @@ public class OAuth2ClientSpecTests {
 		given(repository.findByRegistrationId(any()))
 				.willReturn(Mono.just(TestClientRegistrations.clientRegistration().build()));
 		given(authorizedClientRepository.loadAuthorizedClient(any(), any(), any())).willReturn(Mono.empty());
-		this.client.get().uri("/").exchange().expectStatus().is3xxRedirection();
+		// @formatter:off
+		this.client.get()
+				.uri("/")
+				.exchange()
+				.expectStatus().is3xxRedirection();
+		// @formatter:on
 	}
 
 	@Test
@@ -109,7 +118,12 @@ public class OAuth2ClientSpecTests {
 		given(repository.findByRegistrationId(any()))
 				.willReturn(Mono.just(TestClientRegistrations.clientRegistration().build()));
 		given(authorizedClientRepository.loadAuthorizedClient(any(), any(), any())).willReturn(Mono.empty());
-		this.client.get().uri("/").exchange().expectStatus().is3xxRedirection();
+		// @formatter:off
+		this.client.get()
+				.uri("/")
+				.exchange()
+				.expectStatus().is3xxRedirection();
+		// @formatter:on
 	}
 
 	@Test
@@ -135,11 +149,17 @@ public class OAuth2ClientSpecTests {
 		given(converter.convert(any())).willReturn(Mono.just(new TestingAuthenticationToken("a", "b", "c")));
 		given(manager.authenticate(any())).willReturn(Mono.just(result));
 		given(requestCache.getRedirectUri(any())).willReturn(Mono.just(URI.create("/saved-request")));
+		// @formatter:off
 		this.client.get()
-				.uri((uriBuilder) -> uriBuilder.path("/authorize/oauth2/code/registration-id")
-						.queryParam(OAuth2ParameterNames.CODE, "code").queryParam(OAuth2ParameterNames.STATE, "state")
-						.build())
-				.exchange().expectStatus().is3xxRedirection();
+				.uri((uriBuilder) -> uriBuilder
+						.path("/authorize/oauth2/code/registration-id")
+						.queryParam(OAuth2ParameterNames.CODE, "code")
+						.queryParam(OAuth2ParameterNames.STATE, "state")
+						.build()
+				)
+				.exchange()
+				.expectStatus().is3xxRedirection();
+		// @formatter:on
 		verify(converter).convert(any());
 		verify(manager).authenticate(any());
 		verify(requestCache).getRedirectUri(any());
@@ -169,11 +189,17 @@ public class OAuth2ClientSpecTests {
 		given(converter.convert(any())).willReturn(Mono.just(new TestingAuthenticationToken("a", "b", "c")));
 		given(manager.authenticate(any())).willReturn(Mono.just(result));
 		given(requestCache.getRedirectUri(any())).willReturn(Mono.just(URI.create("/saved-request")));
+		// @formatter:off
 		this.client.get()
-				.uri((uriBuilder) -> uriBuilder.path("/authorize/oauth2/code/registration-id")
-						.queryParam(OAuth2ParameterNames.CODE, "code").queryParam(OAuth2ParameterNames.STATE, "state")
-						.build())
-				.exchange().expectStatus().is3xxRedirection();
+				.uri((uriBuilder) -> uriBuilder
+						.path("/authorize/oauth2/code/registration-id")
+						.queryParam(OAuth2ParameterNames.CODE, "code")
+						.queryParam(OAuth2ParameterNames.STATE, "state")
+						.build()
+				)
+				.exchange()
+				.expectStatus().is3xxRedirection();
+		// @formatter:on
 		verify(converter).convert(any());
 		verify(manager).authenticate(any());
 		verify(requestCache).getRedirectUri(any());
diff --git a/config/src/test/java/org/springframework/security/config/web/server/OAuth2LoginTests.java b/config/src/test/java/org/springframework/security/config/web/server/OAuth2LoginTests.java
index 94256acd27..211d353203 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/OAuth2LoginTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/OAuth2LoginTests.java
@@ -134,26 +134,44 @@ public class OAuth2LoginTests {
 	@Autowired
 	public void setApplicationContext(ApplicationContext context) {
 		if (context.getBeanNamesForType(WebHandler.class).length > 0) {
-			this.client = WebTestClient.bindToApplicationContext(context).build();
+			// @formatter:off
+			this.client = WebTestClient
+					.bindToApplicationContext(context)
+					.build();
+			// @formatter:on
 		}
 	}
 
 	@Test
 	public void defaultLoginPageWithMultipleClientRegistrationsThenLinks() {
 		this.spring.register(OAuth2LoginWithMultipleClientRegistrations.class).autowire();
-		WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(this.springSecurity).build();
-		WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build();
-		FormLoginTests.DefaultLoginPage loginPage = FormLoginTests.HomePage
-				.to(driver, FormLoginTests.DefaultLoginPage.class).assertAt().assertLoginFormNotPresent().oauth2Login()
-				.assertClientRegistrationByName(OAuth2LoginTests.github.getClientName()).and();
+		// @formatter:off
+		WebTestClient webTestClient = WebTestClientBuilder
+				.bindToWebFilters(this.springSecurity)
+				.build();
+		WebDriver driver = WebTestClientHtmlUnitDriverBuilder
+				.webTestClientSetup(webTestClient)
+				.build();
+		FormLoginTests.DefaultLoginPage loginPage = FormLoginTests.HomePage.to(driver, FormLoginTests.DefaultLoginPage.class)
+				.assertAt()
+				.assertLoginFormNotPresent()
+				.oauth2Login()
+					.assertClientRegistrationByName(OAuth2LoginTests.github.getClientName())
+					.and();
+		// @formatter:on
 	}
 
 	@Test
 	public void defaultLoginPageWithSingleClientRegistrationThenRedirect() {
 		this.spring.register(OAuth2LoginWithSingleClientRegistrations.class).autowire();
-		WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(new GitHubWebFilter(), this.springSecurity)
+		// @formatter:off
+		WebTestClient webTestClient = WebTestClientBuilder
+				.bindToWebFilters(new GitHubWebFilter(), this.springSecurity)
 				.build();
-		WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build();
+		WebDriver driver = WebTestClientHtmlUnitDriverBuilder
+				.webTestClientSetup(webTestClient)
+				.build();
+		// @formatter:on
 		driver.get("http://localhost/");
 		assertThat(driver.getCurrentUrl()).startsWith("https://github.com/login/oauth/authorize");
 	}
@@ -162,8 +180,14 @@ public class OAuth2LoginTests {
 	@Test
 	public void defaultLoginPageWithSingleClientRegistrationAndXhrRequestThenDoesNotRedirectForAuthorization() {
 		this.spring.register(OAuth2LoginWithSingleClientRegistrations.class, WebFluxConfig.class).autowire();
-		this.client.get().uri("/").header("X-Requested-With", "XMLHttpRequest").exchange().expectStatus()
-				.is3xxRedirection().expectHeader().valueEquals(HttpHeaders.LOCATION, "/login");
+		// @formatter:off
+		this.client.get()
+				.uri("/")
+				.header("X-Requested-With", "XMLHttpRequest")
+				.exchange()
+				.expectStatus().is3xxRedirection()
+				.expectHeader().valueEquals(HttpHeaders.LOCATION, "/login");
+		// @formatter:on
 	}
 
 	@Test
@@ -179,7 +203,12 @@ public class OAuth2LoginTests {
 		given(authorizationRequestRepository.saveAuthorizationRequest(any(), any())).willReturn(Mono.empty());
 		given(requestCache.removeMatchingRequest(any())).willReturn(Mono.empty());
 		given(requestCache.saveRequest(any())).willReturn(Mono.empty());
-		this.client.get().uri("/").exchange().expectStatus().is3xxRedirection();
+		// @formatter:off
+		this.client.get()
+				.uri("/")
+				.exchange()
+				.expectStatus().is3xxRedirection();
+		// @formatter:on
 		verify(authorizedClientRepository).loadAuthorizedClient(any(), any(), any());
 		verify(authorizationRequestRepository).saveAuthorizationRequest(any(), any());
 		verify(requestCache).saveRequest(any());
@@ -213,8 +242,13 @@ public class OAuth2LoginTests {
 			return new RedirectServerAuthenticationSuccessHandler(redirectLocation)
 					.onAuthenticationSuccess(webFilterExchange, authentication);
 		});
-		webTestClient.get().uri("/login/oauth2/code/github").exchange().expectStatus().is3xxRedirection().expectHeader()
-				.valueEquals("Location", redirectLocation);
+		// @formatter:off
+		webTestClient.get()
+				.uri("/login/oauth2/code/github")
+				.exchange()
+				.expectStatus().is3xxRedirection()
+				.expectHeader().valueEquals("Location", redirectLocation);
+		// @formatter:on
 		verify(converter).convert(any());
 		verify(manager).authenticate(any());
 		verify(matcher).matches(any());
@@ -228,7 +262,11 @@ public class OAuth2LoginTests {
 				OAuth2LoginMockAuthenticationManagerConfig.class).autowire();
 		String redirectLocation = "/custom-redirect-location";
 		String failureRedirectLocation = "/failure-redirect-location";
-		WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(this.springSecurity).build();
+		// @formatter:off
+		WebTestClient webTestClient = WebTestClientBuilder
+				.bindToWebFilters(this.springSecurity)
+				.build();
+		// @formatter:on
 		OAuth2LoginMockAuthenticationManagerConfig config = this.spring.getContext()
 				.getBean(OAuth2LoginMockAuthenticationManagerConfig.class);
 		ServerAuthenticationConverter converter = config.authenticationConverter;
@@ -254,8 +292,13 @@ public class OAuth2LoginTests {
 			return new RedirectServerAuthenticationFailureHandler(failureRedirectLocation)
 					.onAuthenticationFailure(webFilterExchange, authenticationException);
 		});
-		webTestClient.get().uri("/login/oauth2/code/github").exchange().expectStatus().is3xxRedirection().expectHeader()
-				.valueEquals("Location", failureRedirectLocation);
+		// @formatter:off
+		webTestClient.get()
+				.uri("/login/oauth2/code/github")
+				.exchange()
+				.expectStatus().is3xxRedirection()
+				.expectHeader().valueEquals("Location", failureRedirectLocation);
+		// @formatter:on
 		verify(converter).convert(any());
 		verify(manager).authenticate(any());
 		verify(matcher).matches(any());
@@ -291,8 +334,13 @@ public class OAuth2LoginTests {
 			return new RedirectServerAuthenticationSuccessHandler(redirectLocation)
 					.onAuthenticationSuccess(webFilterExchange, authentication);
 		});
-		webTestClient.get().uri("/login/oauth2/code/github").exchange().expectStatus().is3xxRedirection().expectHeader()
-				.valueEquals("Location", redirectLocation);
+		// @formatter:off
+		webTestClient.get()
+				.uri("/login/oauth2/code/github")
+				.exchange()
+				.expectStatus().is3xxRedirection()
+				.expectHeader().valueEquals("Location", redirectLocation);
+		// @formatter:on
 		verify(converter).convert(any());
 		verify(manager).authenticate(any());
 		verify(matcher).matches(any());
@@ -304,7 +352,11 @@ public class OAuth2LoginTests {
 	public void oauth2LoginWhenCustomBeansThenUsed() {
 		this.spring.register(OAuth2LoginWithMultipleClientRegistrations.class, OAuth2LoginWithCustomBeansConfig.class)
 				.autowire();
-		WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(this.springSecurity).build();
+		// @formatter:off
+		WebTestClient webTestClient = WebTestClientBuilder
+				.bindToWebFilters(this.springSecurity)
+				.build();
+		// @formatter:on
 		OAuth2LoginWithCustomBeansConfig config = this.spring.getContext()
 				.getBean(OAuth2LoginWithCustomBeansConfig.class);
 		OAuth2AuthorizationRequest request = TestOAuth2AuthorizationRequests.request().scope("openid").build();
@@ -320,15 +372,25 @@ public class OAuth2LoginTests {
 		given(securityContextRepository.load(any())).willReturn(authentication(token));
 		Map<String, Object> additionalParameters = new HashMap<>();
 		additionalParameters.put(OidcParameterNames.ID_TOKEN, "id-token");
-		OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken(accessToken.getTokenValue())
-				.tokenType(accessToken.getTokenType()).scopes(accessToken.getScopes())
-				.additionalParameters(additionalParameters).build();
+		// @formatter:off
+		OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse
+				.withToken(accessToken.getTokenValue())
+				.tokenType(accessToken.getTokenType())
+				.scopes(accessToken.getScopes())
+				.additionalParameters(additionalParameters)
+				.build();
+		// @formatter:on
 		ReactiveOAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> tokenResponseClient = config.tokenResponseClient;
 		given(tokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse));
 		OidcUser user = TestOidcUsers.create();
 		ReactiveOAuth2UserService<OidcUserRequest, OidcUser> userService = config.userService;
 		given(userService.loadUser(any())).willReturn(Mono.just(user));
-		webTestClient.get().uri("/login/oauth2/code/google").exchange().expectStatus().is3xxRedirection();
+		// @formatter:off
+		webTestClient.get()
+				.uri("/login/oauth2/code/google")
+				.exchange()
+				.expectStatus().is3xxRedirection();
+		// @formatter:on
 		verify(config.jwtDecoderFactory).createDecoder(any());
 		verify(tokenResponseClient).getTokenResponse(any());
 		verify(securityContextRepository).save(any(), any());
@@ -339,8 +401,15 @@ public class OAuth2LoginTests {
 	public void oauth2LoginWhenAccessTokenRequestFailsThenDefaultRedirectToLogin() {
 		this.spring.register(OAuth2LoginWithMultipleClientRegistrations.class, OAuth2LoginWithCustomBeansConfig.class)
 				.autowire();
-		WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(this.springSecurity).build();
-		OAuth2AuthorizationRequest request = TestOAuth2AuthorizationRequests.request().scope("openid").build();
+		// @formatter:off
+		WebTestClient webTestClient = WebTestClientBuilder
+				.bindToWebFilters(this.springSecurity)
+				.build();
+		OAuth2AuthorizationRequest request = TestOAuth2AuthorizationRequests
+				.request()
+				.scope("openid")
+				.build();
+		// @formatter:on
 		OAuth2AuthorizationResponse response = TestOAuth2AuthorizationResponses.success().build();
 		OAuth2AuthorizationExchange exchange = new OAuth2AuthorizationExchange(request, response);
 		OAuth2AccessToken accessToken = TestOAuth2AccessTokens.scopes("openid");
@@ -353,8 +422,13 @@ public class OAuth2LoginTests {
 		ReactiveOAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> tokenResponseClient = config.tokenResponseClient;
 		OAuth2Error oauth2Error = new OAuth2Error("invalid_request", "Invalid request", null);
 		given(tokenResponseClient.getTokenResponse(any())).willThrow(new OAuth2AuthenticationException(oauth2Error));
-		webTestClient.get().uri("/login/oauth2/code/google").exchange().expectStatus().is3xxRedirection().expectHeader()
-				.valueEquals("Location", "/login?error");
+		// @formatter:off
+		webTestClient.get()
+				.uri("/login/oauth2/code/google")
+				.exchange()
+				.expectStatus().is3xxRedirection()
+				.expectHeader().valueEquals("Location", "/login?error");
+		// @formatter:on
 	}
 
 	// gh-6484
@@ -365,8 +439,15 @@ public class OAuth2LoginTests {
 		WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(this.springSecurity).build();
 		OAuth2LoginWithCustomBeansConfig config = this.spring.getContext()
 				.getBean(OAuth2LoginWithCustomBeansConfig.class);
-		OAuth2AuthorizationRequest request = TestOAuth2AuthorizationRequests.request().scope("openid").build();
-		OAuth2AuthorizationResponse response = TestOAuth2AuthorizationResponses.success().build();
+		// @formatter:off
+		OAuth2AuthorizationRequest request = TestOAuth2AuthorizationRequests
+				.request()
+				.scope("openid")
+				.build();
+		OAuth2AuthorizationResponse response = TestOAuth2AuthorizationResponses
+				.success()
+				.build();
+		// @formatter:on
 		OAuth2AuthorizationExchange exchange = new OAuth2AuthorizationExchange(request, response);
 		OAuth2AccessToken accessToken = TestOAuth2AccessTokens.scopes("openid");
 		OAuth2AuthorizationCodeAuthenticationToken authenticationToken = new OAuth2AuthorizationCodeAuthenticationToken(
@@ -375,17 +456,27 @@ public class OAuth2LoginTests {
 		given(converter.convert(any())).willReturn(Mono.just(authenticationToken));
 		Map<String, Object> additionalParameters = new HashMap<>();
 		additionalParameters.put(OidcParameterNames.ID_TOKEN, "id-token");
-		OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken(accessToken.getTokenValue())
-				.tokenType(accessToken.getTokenType()).scopes(accessToken.getScopes())
-				.additionalParameters(additionalParameters).build();
+		// @formatter:off
+		OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse
+				.withToken(accessToken.getTokenValue())
+				.tokenType(accessToken.getTokenType())
+				.scopes(accessToken.getScopes())
+				.additionalParameters(additionalParameters)
+				.build();
+		// @formatter:on
 		ReactiveOAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> tokenResponseClient = config.tokenResponseClient;
 		given(tokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse));
 		ReactiveJwtDecoderFactory<ClientRegistration> jwtDecoderFactory = config.jwtDecoderFactory;
 		OAuth2Error oauth2Error = new OAuth2Error("invalid_id_token", "Invalid ID Token", null);
 		given(jwtDecoderFactory.createDecoder(any())).willReturn((token) -> Mono
 				.error(new JwtValidationException("ID Token validation failed", Collections.singleton(oauth2Error))));
-		webTestClient.get().uri("/login/oauth2/code/google").exchange().expectStatus().is3xxRedirection().expectHeader()
-				.valueEquals("Location", "/login?error");
+		// @formatter:off
+		webTestClient.get()
+				.uri("/login/oauth2/code/google")
+				.exchange()
+				.expectStatus().is3xxRedirection()
+				.expectHeader().valueEquals("Location", "/login?error");
+		// @formatter:on
 	}
 
 	@Test
@@ -395,8 +486,12 @@ public class OAuth2LoginTests {
 				AuthorityUtils.NO_AUTHORITIES, getBean(ClientRegistration.class).getRegistrationId());
 		ServerSecurityContextRepository repository = getBean(ServerSecurityContextRepository.class);
 		given(repository.load(any())).willReturn(authentication(token));
-		this.client.post().uri("/logout").exchange().expectHeader().valueEquals("Location",
-				"https://logout?id_token_hint=id-token");
+		// @formatter:off
+		this.client.post()
+				.uri("/logout")
+				.exchange()
+				.expectHeader().valueEquals("Location", "https://logout?id_token_hint=id-token");
+		// @formatter:on
 	}
 
 	// gh-8609
@@ -404,8 +499,13 @@ public class OAuth2LoginTests {
 	public void oauth2LoginWhenAuthenticationConverterFailsThenDefaultRedirectToLogin() {
 		this.spring.register(OAuth2LoginWithMultipleClientRegistrations.class).autowire();
 		WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(this.springSecurity).build();
-		webTestClient.get().uri("/login/oauth2/code/google").exchange().expectStatus().is3xxRedirection().expectHeader()
-				.valueEquals("Location", "/login?error");
+		// @formatter:off
+		webTestClient.get()
+				.uri("/login/oauth2/code/google")
+				.exchange()
+				.expectStatus().is3xxRedirection()
+				.expectHeader().valueEquals("Location", "/login?error");
+		// @formatter:on
 	}
 
 	Mono<SecurityContext> authentication(Authentication authentication) {
diff --git a/config/src/test/java/org/springframework/security/config/web/server/OAuth2ResourceServerSpecTests.java b/config/src/test/java/org/springframework/security/config/web/server/OAuth2ResourceServerSpecTests.java
index a6918809a9..09c8b4ae45 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/OAuth2ResourceServerSpecTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/OAuth2ResourceServerSpecTests.java
@@ -103,10 +103,19 @@ public class OAuth2ResourceServerSpecTests {
 
 	private String unsignedToken = "eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0.eyJleHAiOi0yMDMzMjI0OTcsImp0aSI6IjEyMyIsInR5cCI6IkpXVCJ9.";
 
-	private String jwkSet = "{\n" + "  \"keys\":[\n" + "    {\n" + "      \"kty\":\"RSA\",\n"
-			+ "      \"e\":\"AQAB\",\n" + "      \"use\":\"sig\",\n" + "      \"kid\":\"one\",\n"
+	// @formatter:off
+	private String jwkSet = "{\n"
+			+ "  \"keys\":[\n"
+			+ "    {\n"
+			+ "      \"kty\":\"RSA\",\n"
+			+ "      \"e\":\"AQAB\",\n"
+			+ "      \"use\":\"sig\",\n"
+			+ "      \"kid\":\"one\",\n"
 			+ "      \"n\":\"0IUjrPZDz-3z0UE4ppcKU36v7hnh8FJjhu3lbJYj0qj9eZiwEJxi9HHUfSK1DhUQG7mJBbYTK1tPYCgre5EkfKh-64VhYUa-vz17zYCmuB8fFj4XHE3MLkWIG-AUn8hNbPzYYmiBTjfGnMKxLHjsbdTiF4mtn-85w366916R6midnAuiPD4HjZaZ1PAsuY60gr8bhMEDtJ8unz81hoQrozpBZJ6r8aR1PrsWb1OqPMloK9kAIutJNvWYKacp8WYAp2WWy72PxQ7Fb0eIA1br3A5dnp-Cln6JROJcZUIRJ-QvS6QONWeS2407uQmS-i-lybsqaH0ldYC7NBEBA5inPQ\"\n"
-			+ "    }\n" + "  ]\n" + "}\n";
+			+ "    }\n"
+			+ "  ]\n"
+			+ "}\n";
+	// @formatter:on
 
 	private Jwt jwt = TestJwts.jwt().build();
 
@@ -114,12 +123,20 @@ public class OAuth2ResourceServerSpecTests {
 
 	private String clientSecret = "secret";
 
-	private String active = "{\n" + "      \"active\": true,\n" + "      \"client_id\": \"l238j323ds-23ij4\",\n"
-			+ "      \"username\": \"jdoe\",\n" + "      \"scope\": \"read write dolphin\",\n"
+	// @formatter:off
+	private String active = "{\n"
+			+ "      \"active\": true,\n"
+			+ "      \"client_id\": \"l238j323ds-23ij4\",\n"
+			+ "      \"username\": \"jdoe\",\n"
+			+ "      \"scope\": \"read write dolphin\",\n"
 			+ "      \"sub\": \"Z5O3upPC88QrAjx00dis\",\n"
 			+ "      \"aud\": \"https://protected.example.net/resource\",\n"
-			+ "      \"iss\": \"https://server.example.com/\",\n" + "      \"exp\": 1419356238,\n"
-			+ "      \"iat\": 1419350238,\n" + "      \"extension_field\": \"twenty-seven\"\n" + "     }";
+			+ "      \"iss\": \"https://server.example.com/\",\n"
+			+ "      \"exp\": 1419356238,\n"
+			+ "      \"iat\": 1419350238,\n"
+			+ "      \"extension_field\": \"twenty-seven\"\n"
+			+ "     }";
+	// @formatter:on
 
 	@Rule
 	public final SpringTestRule spring = new SpringTestRule();
@@ -134,54 +151,93 @@ public class OAuth2ResourceServerSpecTests {
 	@Test
 	public void getWhenValidThenReturnsOk() {
 		this.spring.register(PublicKeyConfig.class, RootController.class).autowire();
-		this.client.get().headers((headers) -> headers.setBearerAuth(this.messageReadToken)).exchange().expectStatus()
-				.isOk();
+		// @formatter:off
+		this.client.get()
+				.headers((headers) -> headers
+						.setBearerAuth(this.messageReadToken))
+				.exchange()
+				.expectStatus().isOk();
+		// @formatter:on
 	}
 
 	@Test
 	public void getWhenExpiredThenReturnsInvalidToken() {
 		this.spring.register(PublicKeyConfig.class).autowire();
-		this.client.get().headers((headers) -> headers.setBearerAuth(this.expired)).exchange().expectStatus()
-				.isUnauthorized().expectHeader()
-				.value(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer error=\"invalid_token\""));
+		// @formatter:off
+		this.client.get()
+				.headers((headers) -> headers
+						.setBearerAuth(this.expired))
+				.exchange()
+				.expectStatus().isUnauthorized()
+				.expectHeader().value(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer error=\"invalid_token\""));
+		// @formatter:on
 	}
 
 	@Test
 	public void getWhenUnsignedThenReturnsInvalidToken() {
 		this.spring.register(PublicKeyConfig.class).autowire();
-		this.client.get().headers((headers) -> headers.setBearerAuth(this.unsignedToken)).exchange().expectStatus()
-				.isUnauthorized().expectHeader()
-				.value(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer error=\"invalid_token\""));
+		// @formatter:off
+		this.client.get()
+				.headers((headers) -> headers
+						.setBearerAuth(this.unsignedToken))
+				.exchange()
+				.expectStatus().isUnauthorized()
+				.expectHeader().value(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer error=\"invalid_token\""));
+		// @formatter:on
 	}
 
 	@Test
 	public void getWhenEmptyBearerTokenThenReturnsInvalidToken() {
 		this.spring.register(PublicKeyConfig.class).autowire();
-		this.client.get().headers((headers) -> headers.add("Authorization", "Bearer ")).exchange().expectStatus()
-				.isUnauthorized().expectHeader()
-				.value(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer error=\"invalid_token\""));
+		// @formatter:off
+		this.client.get()
+				.headers((headers) -> headers
+						.add("Authorization", "Bearer ")
+				)
+				.exchange()
+				.expectStatus().isUnauthorized()
+				.expectHeader().value(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer error=\"invalid_token\""));
+		// @formatter:on
 	}
 
 	@Test
 	public void getWhenValidTokenAndPublicKeyInLambdaThenReturnsOk() {
 		this.spring.register(PublicKeyInLambdaConfig.class, RootController.class).autowire();
-		this.client.get().headers((headers) -> headers.setBearerAuth(this.messageReadToken)).exchange().expectStatus()
-				.isOk();
+		// @formatter:off
+		this.client.get()
+				.headers((headers) -> headers
+						.setBearerAuth(this.messageReadToken)
+				)
+				.exchange()
+				.expectStatus().isOk();
+		// @formatter:on
 	}
 
 	@Test
 	public void getWhenExpiredTokenAndPublicKeyInLambdaThenReturnsInvalidToken() {
 		this.spring.register(PublicKeyInLambdaConfig.class).autowire();
-		this.client.get().headers((headers) -> headers.setBearerAuth(this.expired)).exchange().expectStatus()
-				.isUnauthorized().expectHeader()
-				.value(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer error=\"invalid_token\""));
+		// @formatter:off
+		this.client.get()
+				.headers((headers) -> headers
+						.setBearerAuth(this.expired)
+				)
+				.exchange()
+				.expectStatus().isUnauthorized()
+				.expectHeader().value(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer error=\"invalid_token\""));
+		// @formatter:on
 	}
 
 	@Test
 	public void getWhenValidUsingPlaceholderThenReturnsOk() {
 		this.spring.register(PlaceholderConfig.class, RootController.class).autowire();
-		this.client.get().headers((headers) -> headers.setBearerAuth(this.messageReadToken)).exchange().expectStatus()
-				.isOk();
+		// @formatter:off
+		this.client.get()
+				.headers((headers) -> headers
+						.setBearerAuth(this.messageReadToken)
+				)
+				.exchange()
+				.expectStatus().isOk();
+		// @formatter:on
 	}
 
 	@Test
@@ -189,7 +245,14 @@ public class OAuth2ResourceServerSpecTests {
 		this.spring.register(CustomDecoderConfig.class, RootController.class).autowire();
 		ReactiveJwtDecoder jwtDecoder = this.spring.getContext().getBean(ReactiveJwtDecoder.class);
 		given(jwtDecoder.decode(anyString())).willReturn(Mono.just(this.jwt));
-		this.client.get().headers((headers) -> headers.setBearerAuth("token")).exchange().expectStatus().isOk();
+		// @formatter:off
+		this.client.get()
+				.headers((headers) -> headers
+						.setBearerAuth("token")
+				)
+				.exchange()
+				.expectStatus().isOk();
+		// @formatter:on
 		verify(jwtDecoder).decode(anyString());
 	}
 
@@ -198,8 +261,14 @@ public class OAuth2ResourceServerSpecTests {
 		this.spring.register(JwkSetUriConfig.class, RootController.class).autowire();
 		MockWebServer mockWebServer = this.spring.getContext().getBean(MockWebServer.class);
 		mockWebServer.enqueue(new MockResponse().setBody(this.jwkSet));
-		this.client.get().headers((headers) -> headers.setBearerAuth(this.messageReadTokenWithKid)).exchange()
+		// @formatter:off
+		this.client.get()
+				.headers((headers) -> headers
+						.setBearerAuth(this.messageReadTokenWithKid)
+				)
+				.exchange()
 				.expectStatus().isOk();
+		// @formatter:on
 	}
 
 	@Test
@@ -207,8 +276,14 @@ public class OAuth2ResourceServerSpecTests {
 		this.spring.register(JwkSetUriInLambdaConfig.class, RootController.class).autowire();
 		MockWebServer mockWebServer = this.spring.getContext().getBean(MockWebServer.class);
 		mockWebServer.enqueue(new MockResponse().setBody(this.jwkSet));
-		this.client.get().headers((headers) -> headers.setBearerAuth(this.messageReadTokenWithKid)).exchange()
+		// @formatter:off
+		this.client.get()
+				.headers((headers) -> headers
+						.setBearerAuth(this.messageReadTokenWithKid)
+				)
+				.exchange()
 				.expectStatus().isOk();
+		// @formatter:on
 	}
 
 	@Test
@@ -218,9 +293,15 @@ public class OAuth2ResourceServerSpecTests {
 				.getBean(ReactiveAuthenticationManager.class);
 		given(authenticationManager.authenticate(any(Authentication.class)))
 				.willReturn(Mono.error(new OAuth2AuthenticationException(new OAuth2Error("mock-failure"))));
-		this.client.get().headers((headers) -> headers.setBearerAuth(this.messageReadToken)).exchange().expectStatus()
-				.isUnauthorized().expectHeader()
-				.value(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer error=\"mock-failure\""));
+		// @formatter:off
+		this.client.get()
+				.headers((headers) -> headers
+						.setBearerAuth(this.messageReadToken)
+				)
+				.exchange()
+				.expectStatus().isUnauthorized()
+				.expectHeader().value(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer error=\"mock-failure\""));
+		// @formatter:on
 	}
 
 	@Test
@@ -230,9 +311,15 @@ public class OAuth2ResourceServerSpecTests {
 				.getBean(ReactiveAuthenticationManager.class);
 		given(authenticationManager.authenticate(any(Authentication.class)))
 				.willReturn(Mono.error(new OAuth2AuthenticationException(new OAuth2Error("mock-failure"))));
-		this.client.get().headers((headers) -> headers.setBearerAuth(this.messageReadToken)).exchange().expectStatus()
-				.isUnauthorized().expectHeader()
-				.value(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer error=\"mock-failure\""));
+		// @formatter:off
+		this.client.get()
+				.headers((headers) -> headers
+						.setBearerAuth(this.messageReadToken)
+				)
+				.exchange()
+				.expectStatus().isUnauthorized()
+				.expectHeader().value(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer error=\"mock-failure\""));
+		// @formatter:on
 	}
 
 	@Test
@@ -246,56 +333,101 @@ public class OAuth2ResourceServerSpecTests {
 				.willReturn(Mono.just(authenticationManager));
 		given(authenticationManager.authenticate(any(Authentication.class)))
 				.willReturn(Mono.error(new OAuth2AuthenticationException(new OAuth2Error("mock-failure"))));
-		this.client.get().headers((headers) -> headers.setBearerAuth(this.messageReadToken)).exchange().expectStatus()
-				.isUnauthorized().expectHeader()
-				.value(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer error=\"mock-failure\""));
+		// @formatter:off
+		this.client.get()
+				.headers((headers) -> headers
+						.setBearerAuth(this.messageReadToken)
+				)
+				.exchange()
+				.expectStatus().isUnauthorized()
+				.expectHeader().value(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer error=\"mock-failure\""));
+		// @formatter:on
 	}
 
 	@Test
 	public void postWhenSignedThenReturnsOk() {
 		this.spring.register(PublicKeyConfig.class, RootController.class).autowire();
-		this.client.post().headers((headers) -> headers.setBearerAuth(this.messageReadToken)).exchange().expectStatus()
-				.isOk();
+		// @formatter:off
+		this.client.post()
+				.headers((headers) -> headers
+						.setBearerAuth(this.messageReadToken)
+				)
+				.exchange()
+				.expectStatus().isOk();
+		// @formatter:on
 	}
 
 	@Test
 	public void getWhenTokenHasInsufficientScopeThenReturnsInsufficientScope() {
 		this.spring.register(DenyAllConfig.class, RootController.class).autowire();
-		this.client.get().headers((headers) -> headers.setBearerAuth(this.messageReadToken)).exchange().expectStatus()
-				.isForbidden().expectHeader()
-				.value(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer error=\"insufficient_scope\""));
+		// @formatter:off
+		this.client.get()
+				.headers((headers) -> headers
+						.setBearerAuth(this.messageReadToken)
+				)
+				.exchange()
+				.expectStatus().isForbidden()
+				.expectHeader().value(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer error=\"insufficient_scope\""));
+		// @formatter:on
 	}
 
 	@Test
 	public void postWhenMissingTokenThenReturnsForbidden() {
 		this.spring.register(PublicKeyConfig.class, RootController.class).autowire();
-		this.client.post().exchange().expectStatus().isForbidden();
+		// @formatter:off
+		this.client.post()
+				.exchange()
+				.expectStatus().isForbidden();
+		// @formatter:on
 	}
 
 	@Test
 	public void getWhenCustomBearerTokenServerAuthenticationConverterThenResponds() {
 		this.spring.register(CustomBearerTokenServerAuthenticationConverter.class, RootController.class).autowire();
-		this.client.get().cookie("TOKEN", this.messageReadToken).exchange().expectStatus().isOk();
+		// @formatter:off
+		this.client.get()
+				.cookie("TOKEN", this.messageReadToken)
+				.exchange()
+				.expectStatus().isOk();
+		// @formatter:on
 	}
 
 	@Test
 	public void getWhenSignedAndCustomConverterThenConverts() {
 		this.spring.register(CustomJwtAuthenticationConverterConfig.class, RootController.class).autowire();
-		this.client.get().headers((headers) -> headers.setBearerAuth(this.messageReadToken)).exchange().expectStatus()
-				.isOk();
+		// @formatter:off
+		this.client.get()
+				.headers((headers) -> headers
+						.setBearerAuth(this.messageReadToken)
+				)
+				.exchange()
+				.expectStatus().isOk();
+		// @formatter:on
 	}
 
 	@Test
 	public void getWhenCustomBearerTokenEntryPointThenResponds() {
 		this.spring.register(CustomErrorHandlingConfig.class).autowire();
-		this.client.get().uri("/authenticated").exchange().expectStatus().isEqualTo(HttpStatus.I_AM_A_TEAPOT);
+		// @formatter:off
+		this.client.get()
+				.uri("/authenticated")
+				.exchange()
+				.expectStatus().isEqualTo(HttpStatus.I_AM_A_TEAPOT);
+		// @formatter:on
 	}
 
 	@Test
 	public void getWhenCustomBearerTokenDeniedHandlerThenResponds() {
 		this.spring.register(CustomErrorHandlingConfig.class).autowire();
-		this.client.get().uri("/unobtainable").headers((headers) -> headers.setBearerAuth(this.messageReadToken))
-				.exchange().expectStatus().isEqualTo(HttpStatus.BANDWIDTH_LIMIT_EXCEEDED);
+		// @formatter:off
+		this.client.get()
+				.uri("/unobtainable")
+				.headers((headers) -> headers
+						.setBearerAuth(this.messageReadToken)
+				)
+				.exchange()
+				.expectStatus().isEqualTo(HttpStatus.BANDWIDTH_LIMIT_EXCEEDED);
+		// @formatter:on
 	}
 
 	@Test
@@ -351,8 +483,14 @@ public class OAuth2ResourceServerSpecTests {
 		this.spring.register(IntrospectionConfig.class, RootController.class).autowire();
 		this.spring.getContext().getBean(MockWebServer.class)
 				.setDispatcher(requiresAuth(this.clientId, this.clientSecret, this.active));
-		this.client.get().headers((headers) -> headers.setBearerAuth(this.messageReadToken)).exchange().expectStatus()
-				.isOk();
+		// @formatter:off
+		this.client.get()
+				.headers((headers) -> headers
+						.setBearerAuth(this.messageReadToken)
+				)
+				.exchange()
+				.expectStatus().isOk();
+		// @formatter:on
 	}
 
 	@Test
@@ -360,8 +498,14 @@ public class OAuth2ResourceServerSpecTests {
 		this.spring.register(IntrospectionInLambdaConfig.class, RootController.class).autowire();
 		this.spring.getContext().getBean(MockWebServer.class)
 				.setDispatcher(requiresAuth(this.clientId, this.clientSecret, this.active));
-		this.client.get().headers((headers) -> headers.setBearerAuth(this.messageReadToken)).exchange().expectStatus()
-				.isOk();
+		// @formatter:off
+		this.client.get()
+				.headers((headers) -> headers
+						.setBearerAuth(this.messageReadToken)
+				)
+				.exchange()
+				.expectStatus().isOk();
+		// @formatter:on
 	}
 
 	@Test
@@ -376,8 +520,12 @@ public class OAuth2ResourceServerSpecTests {
 			@Override
 			public MockResponse dispatch(RecordedRequest request) {
 				String authorization = request.getHeader(org.springframework.http.HttpHeaders.AUTHORIZATION);
-				return Optional.ofNullable(authorization).filter((a) -> isAuthorized(authorization, username, password))
-						.map((a) -> ok(response)).orElse(unauthorized());
+				// @formatter:off
+				return Optional.ofNullable(authorization)
+						.filter((a) -> isAuthorized(authorization, username, password))
+						.map((a) -> ok(response))
+						.orElse(unauthorized());
+				// @formatter:on
 			}
 		};
 	}
diff --git a/config/src/test/java/org/springframework/security/config/web/server/RequestCacheTests.java b/config/src/test/java/org/springframework/security/config/web/server/RequestCacheTests.java
index a9331c95e2..b8e39e02ab 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/RequestCacheTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/RequestCacheTests.java
@@ -47,43 +47,88 @@ public class RequestCacheTests {
 
 	@Test
 	public void defaultFormLoginRequestCache() {
-		SecurityWebFilterChain securityWebFilter = this.http.authorizeExchange().anyExchange().authenticated().and()
-				.formLogin().and().build();
+		// @formatter:off
+		SecurityWebFilterChain securityWebFilter = this.http
+				.authorizeExchange()
+					.anyExchange().authenticated()
+					.and()
+				.formLogin().and()
+				.build();
 		WebTestClient webTestClient = WebTestClient
 				.bindToController(new SecuredPageController(), new WebTestClientBuilder.Http200RestController())
-				.webFilter(new WebFilterChainProxy(securityWebFilter)).build();
-		WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build();
+				.webFilter(new WebFilterChainProxy(securityWebFilter))
+				.build();
+		WebDriver driver = WebTestClientHtmlUnitDriverBuilder
+				.webTestClientSetup(webTestClient)
+				.build();
+		// @formatter:on
 		DefaultLoginPage loginPage = SecuredPage.to(driver, DefaultLoginPage.class).assertAt();
-		SecuredPage securedPage = loginPage.loginForm().username("user").password("password").submit(SecuredPage.class);
+		// @formatter:off
+		SecuredPage securedPage = loginPage.loginForm()
+				.username("user")
+				.password("password")
+				.submit(SecuredPage.class);
+		// @formatter:on
 		securedPage.assertAt();
 	}
 
 	@Test
 	public void requestCacheNoOp() {
-		SecurityWebFilterChain securityWebFilter = this.http.authorizeExchange().anyExchange().authenticated().and()
-				.formLogin().and().requestCache().requestCache(NoOpServerRequestCache.getInstance()).and().build();
+		// @formatter:off
+		SecurityWebFilterChain securityWebFilter = this.http
+				.authorizeExchange()
+					.anyExchange().authenticated()
+					.and()
+				.formLogin().and()
+				.requestCache()
+					.requestCache(NoOpServerRequestCache.getInstance())
+					.and()
+				.build();
 		WebTestClient webTestClient = WebTestClient
 				.bindToController(new SecuredPageController(), new WebTestClientBuilder.Http200RestController())
-				.webFilter(new WebFilterChainProxy(securityWebFilter)).build();
-		WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build();
+				.webFilter(new WebFilterChainProxy(securityWebFilter))
+				.build();
+		WebDriver driver = WebTestClientHtmlUnitDriverBuilder
+				.webTestClientSetup(webTestClient)
+				.build();
+		// @formatter:on
 		DefaultLoginPage loginPage = SecuredPage.to(driver, DefaultLoginPage.class).assertAt();
-		HomePage securedPage = loginPage.loginForm().username("user").password("password").submit(HomePage.class);
+		// @formatter:off
+		HomePage securedPage = loginPage.loginForm()
+				.username("user")
+				.password("password")
+				.submit(HomePage.class);
+		// @formatter:on
 		securedPage.assertAt();
 	}
 
 	@Test
 	public void requestWhenCustomRequestCacheInLambdaThenCustomCacheUsed() {
+		// @formatter:off
 		SecurityWebFilterChain securityWebFilter = this.http
-				.authorizeExchange((authorizeExchange) -> authorizeExchange.anyExchange().authenticated())
+				.authorizeExchange((exchange) -> exchange
+						.anyExchange().authenticated()
+				)
 				.formLogin(withDefaults())
-				.requestCache((requestCache) -> requestCache.requestCache(NoOpServerRequestCache.getInstance()))
+				.requestCache((requestCache) -> requestCache
+						.requestCache(NoOpServerRequestCache.getInstance())
+				)
 				.build();
 		WebTestClient webTestClient = WebTestClient
 				.bindToController(new SecuredPageController(), new WebTestClientBuilder.Http200RestController())
-				.webFilter(new WebFilterChainProxy(securityWebFilter)).build();
-		WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build();
+				.webFilter(new WebFilterChainProxy(securityWebFilter))
+				.build();
+		WebDriver driver = WebTestClientHtmlUnitDriverBuilder
+				.webTestClientSetup(webTestClient)
+				.build();
+		// @formatter:on
 		DefaultLoginPage loginPage = SecuredPage.to(driver, DefaultLoginPage.class).assertAt();
-		HomePage securedPage = loginPage.loginForm().username("user").password("password").submit(HomePage.class);
+		// @formatter:off
+		HomePage securedPage = loginPage.loginForm()
+				.username("user")
+				.password("password")
+				.submit(HomePage.class);
+		// @formatter:on
 		securedPage.assertAt();
 	}
 
@@ -112,8 +157,17 @@ public class RequestCacheTests {
 		@ResponseBody
 		@GetMapping("/secured")
 		public String login(ServerWebExchange exchange) {
-			return "<!DOCTYPE html>\n" + "<html lang=\"en\">\n" + "  <head>\n" + "    <title>Secured</title>\n"
-					+ "  </head>\n" + "  <body>\n" + "    <h1>Secured</h1>\n" + "  </body>\n" + "</html>";
+			// @formatter:off
+			return "<!DOCTYPE html>\n"
+				+ "<html lang=\"en\">\n"
+				+ "  <head>\n"
+				+ "    <title>Secured</title>\n"
+				+ "  </head>\n"
+				+ "  <body>\n"
+				+ "    <h1>Secured</h1>\n"
+				+ "  </body>\n"
+				+ "</html>";
+			// @formatter:on
 		}
 
 	}
diff --git a/config/src/test/java/org/springframework/security/config/web/server/ServerHttpSecurityTests.java b/config/src/test/java/org/springframework/security/config/web/server/ServerHttpSecurityTests.java
index 521b17c3ee..315bcee924 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/ServerHttpSecurityTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/ServerHttpSecurityTests.java
@@ -110,8 +110,13 @@ public class ServerHttpSecurityTests {
 		given(this.contextRepository.load(any())).willReturn(securityContext.mono());
 		this.http.securityContextRepository(this.contextRepository);
 		WebTestClient client = buildClient();
-		FluxExchangeResult<String> result = client.get().uri("/").exchange().expectHeader()
-				.valueMatches(HttpHeaders.CACHE_CONTROL, ".+").returnResult(String.class);
+		// @formatter:off
+		FluxExchangeResult<String> result = client.get()
+				.uri("/")
+				.exchange()
+				.expectHeader().valueMatches(HttpHeaders.CACHE_CONTROL, ".+")
+				.returnResult(String.class);
+		// @formatter:on
 		assertThat(result.getResponseCookies()).isEmpty();
 		// there is no need to try and load the SecurityContext by default
 		securityContext.assertWasNotSubscribed();
@@ -126,10 +131,18 @@ public class ServerHttpSecurityTests {
 		ServerHttpSecurity.AuthorizeExchangeSpec authorize = this.http.authorizeExchange();
 		authorize.anyExchange().authenticated();
 		WebTestClient client = buildClient();
-		EntityExchangeResult<String> result = client.get().uri("/")
-				.headers((headers) -> headers.setBasicAuth("rob", "rob")).exchange().expectStatus().isOk()
-				.expectHeader().valueMatches(HttpHeaders.CACHE_CONTROL, ".+").expectBody(String.class)
-				.consumeWith((b) -> assertThat(b.getResponseBody()).isEqualTo("ok")).returnResult();
+		// @formatter:off
+		EntityExchangeResult<String> result = client.get()
+				.uri("/")
+				.headers((headers) -> headers
+						.setBasicAuth("rob", "rob")
+				)
+				.exchange()
+				.expectStatus().isOk()
+				.expectHeader().valueMatches(HttpHeaders.CACHE_CONTROL, ".+")
+				.expectBody(String.class).consumeWith((b) -> assertThat(b.getResponseBody()).isEqualTo("ok"))
+				.returnResult();
+		// @formatter:on
 		assertThat(result.getResponseCookies().getFirst("SESSION")).isNull();
 	}
 
@@ -143,27 +156,48 @@ public class ServerHttpSecurityTests {
 		ServerHttpSecurity.AuthorizeExchangeSpec authorize = this.http.authorizeExchange();
 		authorize.anyExchange().authenticated();
 		WebTestClient client = buildClient();
-		EntityExchangeResult<String> result = client.get().uri("/")
-				.headers((headers) -> headers.setBasicAuth("rob", "rob")).exchange().expectStatus().isOk()
-				.expectHeader().valueMatches(HttpHeaders.CACHE_CONTROL, ".+").expectBody(String.class)
-				.consumeWith((b) -> assertThat(b.getResponseBody()).isEqualTo("ok")).returnResult();
+		// @formatter:off
+		EntityExchangeResult<String> result = client.get()
+				.uri("/")
+				.headers((headers) -> headers
+						.setBasicAuth("rob", "rob")
+				)
+				.exchange()
+				.expectStatus().isOk()
+				.expectHeader().valueMatches(HttpHeaders.CACHE_CONTROL, ".+")
+				.expectBody(String.class).consumeWith((b) -> assertThat(b.getResponseBody()).isEqualTo("ok"))
+				.returnResult();
+		// @formatter:on
 		assertThat(result.getResponseCookies().getFirst("SESSION")).isNotNull();
 	}
 
 	@Test
 	public void basicWhenNoCredentialsThenUnauthorized() {
-		this.http.authorizeExchange().anyExchange().authenticated();
+		this.http.authorizeExchange()
+				.anyExchange().authenticated();
 		WebTestClient client = buildClient();
-		client.get().uri("/").exchange().expectStatus().isUnauthorized().expectHeader()
-				.valueMatches(HttpHeaders.CACHE_CONTROL, ".+").expectBody().isEmpty();
+		// @formatter:off
+		client.get().uri("/")
+				.exchange()
+				.expectStatus().isUnauthorized()
+				.expectHeader().valueMatches(HttpHeaders.CACHE_CONTROL, ".+")
+				.expectBody().isEmpty();
+		// @formatter:on
 	}
 
 	@Test
 	public void buildWhenServerWebExchangeFromContextThenFound() {
 		SecurityWebFilterChain filter = this.http.build();
-		WebTestClient client = WebTestClient.bindToController(new SubscriberContextController())
-				.webFilter(new WebFilterChainProxy(filter)).build();
-		client.get().uri("/foo/bar").exchange().expectBody(String.class).isEqualTo("/foo/bar");
+		// @formatter:off
+		WebTestClient client = WebTestClient
+				.bindToController(new SubscriberContextController())
+				.webFilter(new WebFilterChainProxy(filter))
+				.build();
+		client.get()
+				.uri("/foo/bar")
+				.exchange()
+				.expectBody(String.class).isEqualTo("/foo/bar");
+		// @formatter:on
 	}
 
 	@Test
@@ -199,7 +233,12 @@ public class ServerHttpSecurityTests {
 		SecurityWebFilterChain securityWebFilterChain = this.http
 				.addFilterAfter(new TestWebFilter(), SecurityWebFiltersOrder.SECURITY_CONTEXT_SERVER_WEB_EXCHANGE)
 				.build();
-		List filters = securityWebFilterChain.getWebFilters().map(WebFilter::getClass).collectList().block();
+		// @formatter:off
+		List filters = securityWebFilterChain.getWebFilters()
+				.map(WebFilter::getClass)
+				.collectList()
+				.block();
+		// @formatter:on
 		assertThat(filters).isNotNull().isNotEmpty().containsSequence(SecurityContextServerWebExchangeWebFilter.class,
 				TestWebFilter.class);
 	}
@@ -210,25 +249,46 @@ public class ServerHttpSecurityTests {
 		SecurityWebFilterChain securityWebFilterChain = this.http
 				.addFilterBefore(new TestWebFilter(), SecurityWebFiltersOrder.SECURITY_CONTEXT_SERVER_WEB_EXCHANGE)
 				.build();
-		List filters = securityWebFilterChain.getWebFilters().map(WebFilter::getClass).collectList().block();
+		// @formatter:off
+		List filters = securityWebFilterChain.getWebFilters()
+				.map(WebFilter::getClass)
+				.collectList()
+				.block();
+		// @formatter:on
 		assertThat(filters).isNotNull().isNotEmpty().containsSequence(TestWebFilter.class,
 				SecurityContextServerWebExchangeWebFilter.class);
 	}
 
 	@Test
 	public void anonymous() {
-		SecurityWebFilterChain securityFilterChain = this.http.anonymous().and().build();
-		WebTestClient client = WebTestClientBuilder.bindToControllerAndWebFilters(
-				AnonymousAuthenticationWebFilterTests.HttpMeController.class, securityFilterChain).build();
-		client.get().uri("/me").exchange().expectStatus().isOk().expectBody(String.class).isEqualTo("anonymousUser");
+		// @formatter:off
+		SecurityWebFilterChain securityFilterChain = this.http
+				.anonymous().and()
+				.build();
+		WebTestClient client = WebTestClientBuilder
+				.bindToControllerAndWebFilters(AnonymousAuthenticationWebFilterTests.HttpMeController.class, securityFilterChain)
+				.build();
+		client.get()
+				.uri("/me")
+				.exchange()
+				.expectStatus().isOk()
+				.expectBody(String.class).isEqualTo("anonymousUser");
+		// @formatter:on
 	}
 
 	@Test
 	public void getWhenAnonymousConfiguredThenAuthenticationIsAnonymous() {
 		SecurityWebFilterChain securityFilterChain = this.http.anonymous(withDefaults()).build();
-		WebTestClient client = WebTestClientBuilder.bindToControllerAndWebFilters(
-				AnonymousAuthenticationWebFilterTests.HttpMeController.class, securityFilterChain).build();
-		client.get().uri("/me").exchange().expectStatus().isOk().expectBody(String.class).isEqualTo("anonymousUser");
+		// @formatter:off
+		WebTestClient client = WebTestClientBuilder
+				.bindToControllerAndWebFilters(AnonymousAuthenticationWebFilterTests.HttpMeController.class, securityFilterChain)
+				.build();
+		client.get()
+				.uri("/me")
+				.exchange()
+				.expectStatus().isOk()
+				.expectBody(String.class).isEqualTo("anonymousUser");
+		// @formatter:on
 	}
 
 	@Test
@@ -240,10 +300,17 @@ public class ServerHttpSecurityTests {
 		ServerHttpSecurity.AuthorizeExchangeSpec authorize = this.http.authorizeExchange();
 		authorize.anyExchange().hasAuthority("ROLE_ADMIN");
 		WebTestClient client = buildClient();
-		EntityExchangeResult<String> result = client.get().uri("/")
-				.headers((headers) -> headers.setBasicAuth("rob", "rob")).exchange().expectStatus().isOk()
-				.expectHeader().valueMatches(HttpHeaders.CACHE_CONTROL, ".+").expectBody(String.class)
-				.consumeWith((b) -> assertThat(b.getResponseBody()).isEqualTo("ok")).returnResult();
+		// @formatter:off
+		EntityExchangeResult<String> result = client.get()
+				.uri("/")
+				.headers((headers) -> headers
+						.setBasicAuth("rob", "rob")
+				).exchange()
+				.expectStatus().isOk()
+				.expectHeader().valueMatches(HttpHeaders.CACHE_CONTROL, ".+")
+				.expectBody(String.class).consumeWith((b) -> assertThat(b.getResponseBody()).isEqualTo("ok"))
+				.returnResult();
+		// @formatter:on
 		assertThat(result.getResponseCookies().getFirst("SESSION")).isNull();
 	}
 
@@ -257,9 +324,15 @@ public class ServerHttpSecurityTests {
 		ServerHttpSecurity.AuthorizeExchangeSpec authorize = this.http.authorizeExchange();
 		authorize.anyExchange().authenticated();
 		WebTestClient client = buildClient();
-		EntityExchangeResult<String> result = client.get().uri("/").exchange().expectStatus().isUnauthorized()
+		// @formatter:off
+		EntityExchangeResult<String> result = client.get()
+				.uri("/")
+				.exchange()
+				.expectStatus().isUnauthorized()
 				.expectHeader().value(HttpHeaders.WWW_AUTHENTICATE, (value) -> assertThat(value).contains("myrealm"))
-				.expectBody(String.class).returnResult();
+				.expectBody(String.class)
+				.returnResult();
+		// @formatter:on
 		assertThat(result.getResponseCookies().getFirst("SESSION")).isNull();
 	}
 
@@ -273,9 +346,15 @@ public class ServerHttpSecurityTests {
 		ServerHttpSecurity.AuthorizeExchangeSpec authorize = this.http.authorizeExchange();
 		authorize.anyExchange().authenticated();
 		WebTestClient client = buildClient();
-		EntityExchangeResult<String> result = client.get().uri("/").exchange().expectStatus().isUnauthorized()
+		// @formatter:off
+		EntityExchangeResult<String> result = client.get()
+				.uri("/")
+				.exchange()
+				.expectStatus().isUnauthorized()
 				.expectHeader().value(HttpHeaders.WWW_AUTHENTICATE, (value) -> assertThat(value).contains("myrealm"))
-				.expectBody(String.class).returnResult();
+				.expectBody(String.class)
+				.returnResult();
+		// @formatter:on
 		assertThat(result.getResponseCookies().getFirst("SESSION")).isNull();
 	}
 
@@ -284,12 +363,26 @@ public class ServerHttpSecurityTests {
 		ReactiveAuthenticationManager customAuthenticationManager = mock(ReactiveAuthenticationManager.class);
 		given(customAuthenticationManager.authenticate(any()))
 				.willReturn(Mono.just(new TestingAuthenticationToken("rob", "rob", "ROLE_USER", "ROLE_ADMIN")));
-		SecurityWebFilterChain securityFilterChain = this.http.httpBasic()
-				.authenticationManager(customAuthenticationManager).and().build();
+		// @formatter:off
+		SecurityWebFilterChain securityFilterChain = this.http
+				.httpBasic()
+					.authenticationManager(customAuthenticationManager)
+					.and()
+				.build();
+		// @formatter:on
 		WebFilterChainProxy springSecurityFilterChain = new WebFilterChainProxy(securityFilterChain);
-		WebTestClient client = WebTestClientBuilder.bindToWebFilters(springSecurityFilterChain).build();
-		client.get().uri("/").headers((headers) -> headers.setBasicAuth("rob", "rob")).exchange().expectStatus().isOk()
+		// @formatter:off
+		WebTestClient client = WebTestClientBuilder
+				.bindToWebFilters(springSecurityFilterChain)
+				.build();
+		client.get()
+				.uri("/").headers((headers) -> headers
+						.setBasicAuth("rob", "rob")
+				)
+				.exchange()
+				.expectStatus().isOk()
 				.expectBody(String.class).consumeWith((b) -> assertThat(b.getResponseBody()).isEqualTo("ok"));
+		// @formatter:on
 		verifyZeroInteractions(this.authenticationManager);
 	}
 
@@ -298,12 +391,27 @@ public class ServerHttpSecurityTests {
 		ReactiveAuthenticationManager customAuthenticationManager = mock(ReactiveAuthenticationManager.class);
 		given(customAuthenticationManager.authenticate(any()))
 				.willReturn(Mono.just(new TestingAuthenticationToken("rob", "rob", "ROLE_USER", "ROLE_ADMIN")));
+		// @formatter:off
 		SecurityWebFilterChain securityFilterChain = this.http
-				.httpBasic((httpBasic) -> httpBasic.authenticationManager(customAuthenticationManager)).build();
+				.httpBasic((httpBasic) -> httpBasic
+						.authenticationManager(customAuthenticationManager)
+				)
+				.build();
+		// @formatter:on
 		WebFilterChainProxy springSecurityFilterChain = new WebFilterChainProxy(securityFilterChain);
-		WebTestClient client = WebTestClientBuilder.bindToWebFilters(springSecurityFilterChain).build();
-		client.get().uri("/").headers((headers) -> headers.setBasicAuth("rob", "rob")).exchange().expectStatus().isOk()
+		// @formatter:off
+		WebTestClient client = WebTestClientBuilder
+				.bindToWebFilters(springSecurityFilterChain)
+				.build();
+		client.get()
+				.uri("/")
+				.headers((headers) -> headers
+						.setBasicAuth("rob", "rob")
+				)
+				.exchange()
+				.expectStatus().isOk()
 				.expectBody(String.class).consumeWith((b) -> assertThat(b.getResponseBody()).isEqualTo("ok"));
+		// @formatter:on
 		verifyZeroInteractions(this.authenticationManager);
 		verify(customAuthenticationManager).authenticate(any(Authentication.class));
 	}
diff --git a/config/src/test/java/org/springframework/security/htmlunit/server/HtmlUnitWebTestClient.java b/config/src/test/java/org/springframework/security/htmlunit/server/HtmlUnitWebTestClient.java
index 9ac5684868..5efc812af0 100644
--- a/config/src/test/java/org/springframework/security/htmlunit/server/HtmlUnitWebTestClient.java
+++ b/config/src/test/java/org/springframework/security/htmlunit/server/HtmlUnitWebTestClient.java
@@ -55,11 +55,20 @@ final class HtmlUnitWebTestClient {
 		Assert.notNull(webClient, "WebClient must not be null");
 		Assert.notNull(webTestClient, "WebTestClient must not be null");
 		this.webClient = webClient;
-		this.webTestClient = webTestClient.mutate().filter(new FollowRedirects()).filter(new CookieManager()).build();
+		// @formatter:off
+		this.webTestClient = webTestClient.mutate()
+				.filter(new FollowRedirects())
+				.filter(new CookieManager())
+				.build();
+		// @formatter:on
 	}
 
 	FluxExchangeResult<String> getResponse(WebRequest webRequest) {
-		WebTestClient.RequestBodySpec request = this.webTestClient.method(httpMethod(webRequest)).uri(uri(webRequest));
+		// @formatter:off
+		WebTestClient.RequestBodySpec request = this.webTestClient
+				.method(httpMethod(webRequest))
+				.uri(uri(webRequest));
+		// @formatter:on
 		contentType(request, webRequest);
 		cookies(request, webRequest);
 		headers(request, webRequest);
@@ -150,10 +159,13 @@ final class HtmlUnitWebTestClient {
 				if (location.getHost() == null) {
 					redirectUrl = scheme + "://" + host + location.toASCIIString();
 				}
+				// @formatter:off
 				ClientRequest redirect = ClientRequest.method(HttpMethod.GET, URI.create(redirectUrl))
 						.headers((headers) -> headers.addAll(request.headers()))
 						.cookies((cookies) -> cookies.addAll(request.cookies()))
-						.attributes((attributes) -> attributes.putAll(request.attributes())).build();
+						.attributes((attributes) -> attributes.putAll(request.attributes()))
+						.build();
+				// @formatter:on
 				return next.exchange(redirect).flatMap((r) -> redirectIfNecessary(request, next, r));
 			}
 			return Mono.just(response);
diff --git a/config/src/test/java/org/springframework/security/htmlunit/server/WebTestClientHtmlUnitDriverBuilderTests.java b/config/src/test/java/org/springframework/security/htmlunit/server/WebTestClientHtmlUnitDriverBuilderTests.java
index 1c734077a8..e3f8bb4a13 100644
--- a/config/src/test/java/org/springframework/security/htmlunit/server/WebTestClientHtmlUnitDriverBuilderTests.java
+++ b/config/src/test/java/org/springframework/security/htmlunit/server/WebTestClientHtmlUnitDriverBuilderTests.java
@@ -45,15 +45,25 @@ public class WebTestClientHtmlUnitDriverBuilderTests {
 	@Test
 	public void helloWorld() {
 		WebTestClient webTestClient = WebTestClient.bindToController(new HelloWorldController()).build();
-		WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build();
+		// @formatter:off
+		WebDriver driver = WebTestClientHtmlUnitDriverBuilder
+				.webTestClientSetup(webTestClient)
+				.build();
+		// @formatter:on
 		driver.get("http://localhost/");
 		assertThat(driver.getPageSource()).contains("Hello World");
 	}
 
 	@Test
 	public void cookies() {
-		WebTestClient webTestClient = WebTestClient.bindToController(new CookieController()).build();
-		WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build();
+		// @formatter:off
+		WebTestClient webTestClient = WebTestClient
+				.bindToController(new CookieController())
+				.build();
+		WebDriver driver = WebTestClientHtmlUnitDriverBuilder
+				.webTestClientSetup(webTestClient)
+				.build();
+		// @formatter:on
 		driver.get("http://localhost/cookie");
 		assertThat(driver.getPageSource()).contains("theCookie");
 		driver.get("http://localhost/cookie/delete");
@@ -66,8 +76,16 @@ public class WebTestClientHtmlUnitDriverBuilderTests {
 		@ResponseBody
 		@GetMapping(produces = MediaType.TEXT_HTML_VALUE)
 		String index() {
-			return "<html>\n" + "<head>\n" + "<title>Hello World</title>\n" + "</head>\n" + "<body>\n"
-					+ "<h1>Hello World</h1>\n" + "</body>\n" + "</html>";
+			// @formatter:off
+			return "<html>\n"
+				+ "<head>\n"
+				+ "<title>Hello World</title>\n"
+				+ "</head>\n"
+				+ "<body>\n"
+				+ "<h1>Hello World</h1>\n"
+				+ "</body>\n"
+				+ "</html>";
+			// @formatter:on
 		}
 
 	}
@@ -78,8 +96,18 @@ public class WebTestClientHtmlUnitDriverBuilderTests {
 
 		@GetMapping(path = "/", produces = MediaType.TEXT_HTML_VALUE)
 		String view(@CookieValue(required = false) String cookieName) {
-			return "<html>\n" + "<head>\n" + "<title>Hello World</title>\n" + "</head>\n" + "<body>\n" + "<h1>"
-					+ TextEscapeUtils.escapeEntities(cookieName) + "</h1>\n" + "</body>\n" + "</html>";
+			// @formatter:off
+			return "<html>\n"
+				+ "<head>\n"
+				+ "<title>Hello World</title>\n"
+				+ "</head>\n"
+				+ "<body>\n"
+				+ "<h1>"
+				+ TextEscapeUtils.escapeEntities(cookieName)
+				+ "</h1>\n"
+				+ "</body>\n"
+				+ "</html>";
+			// @formatter:on
 		}
 
 		@GetMapping("/cookie")
diff --git a/config/src/test/java/org/springframework/security/intercept/method/aopalliance/MethodSecurityInterceptorWithAopConfigTests.java b/config/src/test/java/org/springframework/security/intercept/method/aopalliance/MethodSecurityInterceptorWithAopConfigTests.java
index 2710091266..309386fb82 100644
--- a/config/src/test/java/org/springframework/security/intercept/method/aopalliance/MethodSecurityInterceptorWithAopConfigTests.java
+++ b/config/src/test/java/org/springframework/security/intercept/method/aopalliance/MethodSecurityInterceptorWithAopConfigTests.java
@@ -36,22 +36,37 @@ import static org.assertj.core.api.Assertions.fail;
  */
 public class MethodSecurityInterceptorWithAopConfigTests {
 
-	static final String AUTH_PROVIDER_XML = "<authentication-manager>" + "    <authentication-provider>"
+	// @formatter:off
+	static final String AUTH_PROVIDER_XML = "<authentication-manager>"
+			+ "    <authentication-provider>"
 			+ "        <user-service>"
 			+ "            <user name='bob' password='bobspassword' authorities='ROLE_USER,ROLE_ADMIN' />"
 			+ "            <user name='bill' password='billspassword' authorities='ROLE_USER' />"
-			+ "        </user-service>" + "    </authentication-provider>" + "</authentication-manager>";
+			+ "        </user-service>"
+			+ "    </authentication-provider>"
+			+ "</authentication-manager>";
+	// @formatter:on
+
+	// @formatter:off
 	static final String ACCESS_MANAGER_XML = "<b:bean id='accessDecisionManager' class='org.springframework.security.access.vote.AffirmativeBased'>"
 			+ "   <b:constructor-arg>"
 			+ "       <b:list><b:bean class='org.springframework.security.access.vote.RoleVoter'/></b:list>"
-			+ "   </b:constructor-arg>" + "</b:bean>";
+			+ "   </b:constructor-arg>"
+			+ "</b:bean>";
+	// @formatter:on
+
+	// @formatter:off
 	static final String TARGET_BEAN_AND_INTERCEPTOR = "<b:bean id='target' class='org.springframework.security.TargetObject'/>"
 			+ "<b:bean id='securityInterceptor' class='org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor' autowire='byType' >"
-			+ "     <b:property name='securityMetadataSource'>" + "         <method-security-metadata-source>"
+			+ "     <b:property name='securityMetadataSource'>"
+			+ "         <method-security-metadata-source>"
 			+ "             <protect method='org.springframework.security.ITargetObject.makeLower*' access='ROLE_A'/>"
 			+ "             <protect method='org.springframework.security.ITargetObject.makeUpper*' access='ROLE_A'/>"
 			+ "             <protect method='org.springframework.security.ITargetObject.computeHashCode*' access='ROLE_B'/>"
-			+ "         </method-security-metadata-source>" + "     </b:property>" + "</b:bean>";
+			+ "         </method-security-metadata-source>"
+			+ "     </b:property>"
+			+ "</b:bean>";
+	// @formatter:on
 
 	private AbstractXmlApplicationContext appContext;
 
@@ -71,10 +86,15 @@ public class MethodSecurityInterceptorWithAopConfigTests {
 
 	@Test(expected = AuthenticationCredentialsNotFoundException.class)
 	public void securityInterceptorIsAppliedWhenUsedWithAopConfig() {
+		// @formatter:off
 		setContext("<aop:config>"
 				+ "     <aop:pointcut id='targetMethods' expression='execution(* org.springframework.security.TargetObject.*(..))'/>"
-				+ "     <aop:advisor advice-ref='securityInterceptor' pointcut-ref='targetMethods' />" + "</aop:config>"
-				+ TARGET_BEAN_AND_INTERCEPTOR + AUTH_PROVIDER_XML + ACCESS_MANAGER_XML);
+				+ "     <aop:advisor advice-ref='securityInterceptor' pointcut-ref='targetMethods' />"
+				+ "</aop:config>"
+				+ TARGET_BEAN_AND_INTERCEPTOR
+				+ AUTH_PROVIDER_XML
+				+ ACCESS_MANAGER_XML);
+		// @formatter:on
 		ITargetObject target = (ITargetObject) this.appContext.getBean("target");
 		// Check both against interface and class
 		try {
@@ -88,14 +108,25 @@ public class MethodSecurityInterceptorWithAopConfigTests {
 
 	@Test(expected = AuthenticationCredentialsNotFoundException.class)
 	public void securityInterceptorIsAppliedWhenUsedWithBeanNameAutoProxyCreator() {
-		setContext(
-				"<b:bean id='autoProxyCreator' class='org.springframework.aop.framework.autoproxy.BeanNameAutoProxyCreator'>"
-						+ "   <b:property name='interceptorNames'>" + "       <b:list>"
-						+ "          <b:value>securityInterceptor</b:value>" + "       </b:list>" + "   </b:property>"
-						+ "   <b:property name='beanNames'>" + "       <b:list>" + "          <b:value>target</b:value>"
-						+ "       </b:list>" + "   </b:property>"
-						+ "   <b:property name='proxyTargetClass' value='false'/>" + "</b:bean>"
-						+ TARGET_BEAN_AND_INTERCEPTOR + AUTH_PROVIDER_XML + ACCESS_MANAGER_XML);
+		// @formatter:off
+		setContext("<b:bean id='autoProxyCreator' class='org.springframework.aop.framework.autoproxy.BeanNameAutoProxyCreator'>"
+				+ "   <b:property name='interceptorNames'>"
+				+ "       <b:list>"
+				+ "          <b:value>securityInterceptor</b:value>"
+				+ "       </b:list>"
+				+ "   </b:property>"
+				+ "   <b:property name='beanNames'>"
+				+ "       <b:list>"
+				+ "          <b:value>target</b:value>"
+				+ "       </b:list>"
+				+ "   </b:property>"
+				+ "   <b:property name='proxyTargetClass' value='false'/>"
+				+ "</b:bean>"
+				+ TARGET_BEAN_AND_INTERCEPTOR
+				+ AUTH_PROVIDER_XML
+				+ ACCESS_MANAGER_XML);
+		// @formatter:on
+
 		ITargetObject target = (ITargetObject) this.appContext.getBean("target");
 		try {
 			target.makeLowerCase("TEST");

From 4fd67b48e0079979a8ff2bdd3788b362bb64aa34 Mon Sep 17 00:00:00 2001
From: Rob Winch <rwinch@users.noreply.github.com>
Date: Mon, 24 Aug 2020 09:48:12 -0500
Subject: [PATCH 77/84] Polish core format

Issue gh-8945
---
 ...rePostAdviceReactiveMethodInterceptor.java |  5 ++-
 ...rDetailsReactiveAuthenticationManager.java |  9 +++--
 ...legatingReactiveAuthenticationManager.java |  6 +++-
 .../ReactiveAuthenticationManagerAdapter.java |  6 +++-
 ...AuthorityReactiveAuthorizationManager.java |  9 +++--
 .../ReactiveAuthorizationManager.java         |  5 ++-
 .../ReactiveSecurityContextHolder.java        |  5 ++-
 .../MapReactiveUserDetailsService.java        | 11 ++++--
 .../security/core/userdetails/User.java       | 11 ++++--
 .../core/userdetails/jdbc/JdbcDaoImpl.java    | 24 +++++++++----
 .../provisioning/JdbcUserDetailsManager.java  |  2 +-
 ...tiveAuthenticationManagerAdapterTests.java |  6 +++-
 ...ailsServiceAuthenticationManagerTests.java | 18 ++++++++--
 ...atedReactiveAuthorizationManagerTests.java |  6 +++-
 ...rityReactiveAuthorizationManagerTests.java |  6 +++-
 .../converter/RsaKeyConvertersTests.java      | 15 ++++++--
 .../ReactiveSecurityContextHolderTests.java   | 34 +++++++++++++++----
 .../core/userdetails/PasswordEncodedUser.java |  6 +++-
 .../SecurityJackson2ModulesTests.java         |  5 ++-
 19 files changed, 150 insertions(+), 39 deletions(-)

diff --git a/core/src/main/java/org/springframework/security/access/prepost/PrePostAdviceReactiveMethodInterceptor.java b/core/src/main/java/org/springframework/security/access/prepost/PrePostAdviceReactiveMethodInterceptor.java
index b56a755edb..4ed5e039fc 100644
--- a/core/src/main/java/org/springframework/security/access/prepost/PrePostAdviceReactiveMethodInterceptor.java
+++ b/core/src/main/java/org/springframework/security/access/prepost/PrePostAdviceReactiveMethodInterceptor.java
@@ -82,10 +82,13 @@ public class PrePostAdviceReactiveMethodInterceptor implements MethodInterceptor
 		Class<?> targetClass = invocation.getThis().getClass();
 		Collection<ConfigAttribute> attributes = this.attributeSource.getAttributes(method, targetClass);
 		PreInvocationAttribute preAttr = findPreInvocationAttribute(attributes);
+		// @formatter:off
 		Mono<Authentication> toInvoke = ReactiveSecurityContextHolder.getContext()
-				.map(SecurityContext::getAuthentication).defaultIfEmpty(this.anonymous)
+				.map(SecurityContext::getAuthentication)
+				.defaultIfEmpty(this.anonymous)
 				.filter((auth) -> this.preInvocationAdvice.before(auth, invocation, preAttr))
 				.switchIfEmpty(Mono.defer(() -> Mono.error(new AccessDeniedException("Denied"))));
+		// @formatter:on
 		PostInvocationAttribute attr = findPostInvocationAttribute(attributes);
 		if (Mono.class.isAssignableFrom(returnType)) {
 			return toInvoke.flatMap((auth) -> PrePostAdviceReactiveMethodInterceptor.<Mono<?>>proceed(invocation)
diff --git a/core/src/main/java/org/springframework/security/authentication/AbstractUserDetailsReactiveAuthenticationManager.java b/core/src/main/java/org/springframework/security/authentication/AbstractUserDetailsReactiveAuthenticationManager.java
index 0c1b6daf5d..4864ea12ee 100644
--- a/core/src/main/java/org/springframework/security/authentication/AbstractUserDetailsReactiveAuthenticationManager.java
+++ b/core/src/main/java/org/springframework/security/authentication/AbstractUserDetailsReactiveAuthenticationManager.java
@@ -91,11 +91,16 @@ public abstract class AbstractUserDetailsReactiveAuthenticationManager implement
 	public Mono<Authentication> authenticate(Authentication authentication) {
 		String username = authentication.getName();
 		String presentedPassword = (String) authentication.getCredentials();
-		return retrieveUser(username).doOnNext(this.preAuthenticationChecks::check).publishOn(this.scheduler)
+		// @formatter:off
+		return retrieveUser(username)
+				.doOnNext(this.preAuthenticationChecks::check)
+				.publishOn(this.scheduler)
 				.filter((userDetails) -> this.passwordEncoder.matches(presentedPassword, userDetails.getPassword()))
 				.switchIfEmpty(Mono.defer(() -> Mono.error(new BadCredentialsException("Invalid Credentials"))))
 				.flatMap((userDetails) -> upgradeEncodingIfNecessary(userDetails, presentedPassword))
-				.doOnNext(this.postAuthenticationChecks::check).map(this::createUsernamePasswordAuthenticationToken);
+				.doOnNext(this.postAuthenticationChecks::check)
+				.map(this::createUsernamePasswordAuthenticationToken);
+		// @formatter:on
 	}
 
 	private Mono<UserDetails> upgradeEncodingIfNecessary(UserDetails userDetails, String presentedPassword) {
diff --git a/core/src/main/java/org/springframework/security/authentication/DelegatingReactiveAuthenticationManager.java b/core/src/main/java/org/springframework/security/authentication/DelegatingReactiveAuthenticationManager.java
index 8fd156a10d..7a06a0695b 100644
--- a/core/src/main/java/org/springframework/security/authentication/DelegatingReactiveAuthenticationManager.java
+++ b/core/src/main/java/org/springframework/security/authentication/DelegatingReactiveAuthenticationManager.java
@@ -48,7 +48,11 @@ public class DelegatingReactiveAuthenticationManager implements ReactiveAuthenti
 
 	@Override
 	public Mono<Authentication> authenticate(Authentication authentication) {
-		return Flux.fromIterable(this.delegates).concatMap((m) -> m.authenticate(authentication)).next();
+		// @formatter:off
+		return Flux.fromIterable(this.delegates)
+				.concatMap((m) -> m.authenticate(authentication))
+				.next();
+		// @formatter:on
 	}
 
 }
diff --git a/core/src/main/java/org/springframework/security/authentication/ReactiveAuthenticationManagerAdapter.java b/core/src/main/java/org/springframework/security/authentication/ReactiveAuthenticationManagerAdapter.java
index 01612df39c..9c163c4ef3 100644
--- a/core/src/main/java/org/springframework/security/authentication/ReactiveAuthenticationManagerAdapter.java
+++ b/core/src/main/java/org/springframework/security/authentication/ReactiveAuthenticationManagerAdapter.java
@@ -47,8 +47,12 @@ public class ReactiveAuthenticationManagerAdapter implements ReactiveAuthenticat
 
 	@Override
 	public Mono<Authentication> authenticate(Authentication token) {
-		return Mono.just(token).publishOn(this.scheduler).flatMap(this::doAuthenticate)
+		// @formatter:off
+		return Mono.just(token)
+				.publishOn(this.scheduler)
+				.flatMap(this::doAuthenticate)
 				.filter(Authentication::isAuthenticated);
+		// @formatter:on
 	}
 
 	private Mono<Authentication> doAuthenticate(Authentication authentication) {
diff --git a/core/src/main/java/org/springframework/security/authorization/AuthorityReactiveAuthorizationManager.java b/core/src/main/java/org/springframework/security/authorization/AuthorityReactiveAuthorizationManager.java
index 144904a000..9a8940ff0a 100644
--- a/core/src/main/java/org/springframework/security/authorization/AuthorityReactiveAuthorizationManager.java
+++ b/core/src/main/java/org/springframework/security/authorization/AuthorityReactiveAuthorizationManager.java
@@ -43,9 +43,14 @@ public class AuthorityReactiveAuthorizationManager<T> implements ReactiveAuthori
 
 	@Override
 	public Mono<AuthorizationDecision> check(Mono<Authentication> authentication, T object) {
-		return authentication.filter((a) -> a.isAuthenticated()).flatMapIterable(Authentication::getAuthorities)
-				.map(GrantedAuthority::getAuthority).any(this.authorities::contains).map(AuthorizationDecision::new)
+		// @formatter:off
+		return authentication.filter((a) -> a.isAuthenticated())
+				.flatMapIterable(Authentication::getAuthorities)
+				.map(GrantedAuthority::getAuthority)
+				.any(this.authorities::contains)
+				.map(AuthorizationDecision::new)
 				.defaultIfEmpty(new AuthorizationDecision(false));
+		// @formatter:on
 	}
 
 	/**
diff --git a/core/src/main/java/org/springframework/security/authorization/ReactiveAuthorizationManager.java b/core/src/main/java/org/springframework/security/authorization/ReactiveAuthorizationManager.java
index ff5c304794..667cecf5af 100644
--- a/core/src/main/java/org/springframework/security/authorization/ReactiveAuthorizationManager.java
+++ b/core/src/main/java/org/springframework/security/authorization/ReactiveAuthorizationManager.java
@@ -47,9 +47,12 @@ public interface ReactiveAuthorizationManager<T> {
 	 * denied
 	 */
 	default Mono<Void> verify(Mono<Authentication> authentication, T object) {
-		return check(authentication, object).filter(AuthorizationDecision::isGranted)
+		// @formatter:off
+		return check(authentication, object)
+				.filter(AuthorizationDecision::isGranted)
 				.switchIfEmpty(Mono.defer(() -> Mono.error(new AccessDeniedException("Access Denied"))))
 				.flatMap((decision) -> Mono.empty());
+		// @formatter:on
 	}
 
 }
diff --git a/core/src/main/java/org/springframework/security/core/context/ReactiveSecurityContextHolder.java b/core/src/main/java/org/springframework/security/core/context/ReactiveSecurityContextHolder.java
index 279ccfed8c..d94a5112b2 100644
--- a/core/src/main/java/org/springframework/security/core/context/ReactiveSecurityContextHolder.java
+++ b/core/src/main/java/org/springframework/security/core/context/ReactiveSecurityContextHolder.java
@@ -41,8 +41,11 @@ public final class ReactiveSecurityContextHolder {
 	 * @return the {@code Mono<SecurityContext>}
 	 */
 	public static Mono<SecurityContext> getContext() {
-		return Mono.subscriberContext().filter(ReactiveSecurityContextHolder::hasSecurityContext)
+		// @formatter:off
+		return Mono.subscriberContext()
+				.filter(ReactiveSecurityContextHolder::hasSecurityContext)
 				.flatMap(ReactiveSecurityContextHolder::getSecurityContext);
+		// @formatter:on
 	}
 
 	private static boolean hasSecurityContext(Context context) {
diff --git a/core/src/main/java/org/springframework/security/core/userdetails/MapReactiveUserDetailsService.java b/core/src/main/java/org/springframework/security/core/userdetails/MapReactiveUserDetailsService.java
index 430bdbe493..10712776a7 100644
--- a/core/src/main/java/org/springframework/security/core/userdetails/MapReactiveUserDetailsService.java
+++ b/core/src/main/java/org/springframework/security/core/userdetails/MapReactiveUserDetailsService.java
@@ -72,15 +72,22 @@ public class MapReactiveUserDetailsService implements ReactiveUserDetailsService
 
 	@Override
 	public Mono<UserDetails> updatePassword(UserDetails user, String newPassword) {
-		return Mono.just(user).map((userDetails) -> withNewPassword(userDetails, newPassword))
+		// @formatter:off
+		return Mono.just(user)
+				.map((userDetails) -> withNewPassword(userDetails, newPassword))
 				.doOnNext((userDetails) -> {
 					String key = getKey(user.getUsername());
 					this.users.put(key, userDetails);
 				});
+		// @formatter:on
 	}
 
 	private UserDetails withNewPassword(UserDetails userDetails, String newPassword) {
-		return User.withUserDetails(userDetails).password(newPassword).build();
+		// @formatter:off
+		return User.withUserDetails(userDetails)
+				.password(newPassword)
+				.build();
+		// @formatter:on
 	}
 
 	private String getKey(String username) {
diff --git a/core/src/main/java/org/springframework/security/core/userdetails/User.java b/core/src/main/java/org/springframework/security/core/userdetails/User.java
index 1b88028c8f..e716f64bd7 100644
--- a/core/src/main/java/org/springframework/security/core/userdetails/User.java
+++ b/core/src/main/java/org/springframework/security/core/userdetails/User.java
@@ -301,10 +301,15 @@ public class User implements UserDetails, CredentialsContainer {
 	}
 
 	public static UserBuilder withUserDetails(UserDetails userDetails) {
-		return withUsername(userDetails.getUsername()).password(userDetails.getPassword())
-				.accountExpired(!userDetails.isAccountNonExpired()).accountLocked(!userDetails.isAccountNonLocked())
-				.authorities(userDetails.getAuthorities()).credentialsExpired(!userDetails.isCredentialsNonExpired())
+		// @formatter:off
+		return withUsername(userDetails.getUsername())
+				.password(userDetails.getPassword())
+				.accountExpired(!userDetails.isAccountNonExpired())
+				.accountLocked(!userDetails.isAccountNonLocked())
+				.authorities(userDetails.getAuthorities())
+				.credentialsExpired(!userDetails.isCredentialsNonExpired())
 				.disabled(!userDetails.isEnabled());
+		// @formatter:on
 	}
 
 	private static class AuthorityComparator implements Comparator<GrantedAuthority>, Serializable {
diff --git a/core/src/main/java/org/springframework/security/core/userdetails/jdbc/JdbcDaoImpl.java b/core/src/main/java/org/springframework/security/core/userdetails/jdbc/JdbcDaoImpl.java
index de2f058080..a76d809bf7 100644
--- a/core/src/main/java/org/springframework/security/core/userdetails/jdbc/JdbcDaoImpl.java
+++ b/core/src/main/java/org/springframework/security/core/userdetails/jdbc/JdbcDaoImpl.java
@@ -25,6 +25,7 @@ import org.springframework.context.ApplicationContextException;
 import org.springframework.context.MessageSource;
 import org.springframework.context.MessageSourceAware;
 import org.springframework.context.support.MessageSourceAccessor;
+import org.springframework.jdbc.core.RowMapper;
 import org.springframework.jdbc.core.support.JdbcDaoSupport;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.SpringSecurityMessageSource;
@@ -109,15 +110,23 @@ import org.springframework.util.Assert;
  */
 public class JdbcDaoImpl extends JdbcDaoSupport implements UserDetailsService, MessageSourceAware {
 
-	public static final String DEF_USERS_BY_USERNAME_QUERY = "select username,password,enabled " + "from users "
+	// @formatter:off
+	public static final String DEF_USERS_BY_USERNAME_QUERY = "select username,password,enabled "
+			+ "from users "
 			+ "where username = ?";
+	// @formatter:on
 
-	public static final String DEF_AUTHORITIES_BY_USERNAME_QUERY = "select username,authority " + "from authorities "
+	// @formatter:off
+	public static final String DEF_AUTHORITIES_BY_USERNAME_QUERY = "select username,authority "
+			+ "from authorities "
 			+ "where username = ?";
+	// @formatter:on
 
+	// @formatter:off
 	public static final String DEF_GROUP_AUTHORITIES_BY_USERNAME_QUERY = "select g.id, g.group_name, ga.authority "
-			+ "from groups g, group_members gm, group_authorities ga " + "where gm.username = ? "
-			+ "and g.id = ga.group_id " + "and g.id = gm.group_id";
+			+ "from groups g, group_members gm, group_authorities ga "
+			+ "where gm.username = ? " + "and g.id = ga.group_id " + "and g.id = gm.group_id";
+	// @formatter:on
 
 	protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
 
@@ -199,12 +208,15 @@ public class JdbcDaoImpl extends JdbcDaoSupport implements UserDetailsService, M
 	 * objects. There should normally only be one matching user.
 	 */
 	protected List<UserDetails> loadUsersByUsername(String username) {
-		return getJdbcTemplate().query(this.usersByUsernameQuery, new String[] { username }, (rs, rowNum) -> {
+		// @formatter:off
+		RowMapper<UserDetails> mapper = (rs, rowNum) -> {
 			String username1 = rs.getString(1);
 			String password = rs.getString(2);
 			boolean enabled = rs.getBoolean(3);
 			return new User(username1, password, enabled, true, true, true, AuthorityUtils.NO_AUTHORITIES);
-		});
+		};
+		// @formatter:on
+		return getJdbcTemplate().query(this.usersByUsernameQuery, mapper, username);
 	}
 
 	/**
diff --git a/core/src/main/java/org/springframework/security/provisioning/JdbcUserDetailsManager.java b/core/src/main/java/org/springframework/security/provisioning/JdbcUserDetailsManager.java
index 070b0f3f13..75a96b478a 100644
--- a/core/src/main/java/org/springframework/security/provisioning/JdbcUserDetailsManager.java
+++ b/core/src/main/java/org/springframework/security/provisioning/JdbcUserDetailsManager.java
@@ -173,7 +173,7 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
 	 */
 	@Override
 	protected List<UserDetails> loadUsersByUsername(String username) {
-		return getJdbcTemplate().query(getUsersByUsernameQuery(), new String[] { username }, this::mapToUser);
+		return getJdbcTemplate().query(getUsersByUsernameQuery(), this::mapToUser, username);
 	}
 
 	private UserDetails mapToUser(ResultSet rs, int rowNum) throws SQLException {
diff --git a/core/src/test/java/org/springframework/security/authentication/ReactiveAuthenticationManagerAdapterTests.java b/core/src/test/java/org/springframework/security/authentication/ReactiveAuthenticationManagerAdapterTests.java
index 7a4bbb3740..7dc48107fc 100644
--- a/core/src/test/java/org/springframework/security/authentication/ReactiveAuthenticationManagerAdapterTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/ReactiveAuthenticationManagerAdapterTests.java
@@ -79,7 +79,11 @@ public class ReactiveAuthenticationManagerAdapterTests {
 	public void authenticateWhenBadCredentialsThenError() {
 		given(this.delegate.authenticate(any())).willThrow(new BadCredentialsException("Failed"));
 		Mono<Authentication> result = this.manager.authenticate(this.authentication);
-		StepVerifier.create(result).expectError(BadCredentialsException.class).verify();
+		// @formatter:off
+		StepVerifier.create(result)
+				.expectError(BadCredentialsException.class)
+				.verify();
+		// @formatter:on
 	}
 
 }
diff --git a/core/src/test/java/org/springframework/security/authentication/ReactiveUserDetailsServiceAuthenticationManagerTests.java b/core/src/test/java/org/springframework/security/authentication/ReactiveUserDetailsServiceAuthenticationManagerTests.java
index 1887df9bb3..7aaac05a44 100644
--- a/core/src/test/java/org/springframework/security/authentication/ReactiveUserDetailsServiceAuthenticationManagerTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/ReactiveUserDetailsServiceAuthenticationManagerTests.java
@@ -74,7 +74,11 @@ public class ReactiveUserDetailsServiceAuthenticationManagerTests {
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(this.username,
 				this.password);
 		Mono<Authentication> authentication = this.manager.authenticate(token);
-		StepVerifier.create(authentication).expectError(BadCredentialsException.class).verify();
+		// @formatter:off
+		StepVerifier.create(authentication)
+				.expectError(BadCredentialsException.class)
+				.verify();
+		// @formatter:on
 	}
 
 	@Test
@@ -89,7 +93,11 @@ public class ReactiveUserDetailsServiceAuthenticationManagerTests {
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(this.username,
 				this.password + "INVALID");
 		Mono<Authentication> authentication = this.manager.authenticate(token);
-		StepVerifier.create(authentication).expectError(BadCredentialsException.class).verify();
+		// @formatter:off
+		StepVerifier.create(authentication)
+				.expectError(BadCredentialsException.class)
+				.verify();
+		// @formatter:on
 	}
 
 	@Test
@@ -128,7 +136,11 @@ public class ReactiveUserDetailsServiceAuthenticationManagerTests {
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(this.username,
 				this.password);
 		Mono<Authentication> authentication = this.manager.authenticate(token);
-		StepVerifier.create(authentication).expectError(BadCredentialsException.class).verify();
+		// @formatter:off
+		StepVerifier.create(authentication)
+				.expectError(BadCredentialsException.class)
+				.verify();
+		// @formatter:on
 	}
 
 }
diff --git a/core/src/test/java/org/springframework/security/authorization/AuthenticatedReactiveAuthorizationManagerTests.java b/core/src/test/java/org/springframework/security/authorization/AuthenticatedReactiveAuthorizationManagerTests.java
index b9a333abbb..6f56f58518 100644
--- a/core/src/test/java/org/springframework/security/authorization/AuthenticatedReactiveAuthorizationManagerTests.java
+++ b/core/src/test/java/org/springframework/security/authorization/AuthenticatedReactiveAuthorizationManagerTests.java
@@ -72,7 +72,11 @@ public class AuthenticatedReactiveAuthorizationManagerTests {
 	@Test
 	public void checkWhenErrorThenError() {
 		Mono<AuthorizationDecision> result = this.manager.check(Mono.error(new RuntimeException("ooops")), null);
-		StepVerifier.create(result).expectError().verify();
+		// @formatter:off
+		StepVerifier.create(result)
+				.expectError()
+				.verify();
+		// @formatter:on
 	}
 
 }
diff --git a/core/src/test/java/org/springframework/security/authorization/AuthorityReactiveAuthorizationManagerTests.java b/core/src/test/java/org/springframework/security/authorization/AuthorityReactiveAuthorizationManagerTests.java
index 096e983924..1ed793a989 100644
--- a/core/src/test/java/org/springframework/security/authorization/AuthorityReactiveAuthorizationManagerTests.java
+++ b/core/src/test/java/org/springframework/security/authorization/AuthorityReactiveAuthorizationManagerTests.java
@@ -58,7 +58,11 @@ public class AuthorityReactiveAuthorizationManagerTests {
 	@Test
 	public void checkWhenHasAuthorityAndErrorThenError() {
 		Mono<AuthorizationDecision> result = this.manager.check(Mono.error(new RuntimeException("ooops")), null);
-		StepVerifier.create(result).expectError().verify();
+		// @formatter:off
+		StepVerifier.create(result)
+				.expectError()
+				.verify();
+		// @formatter:on
 	}
 
 	@Test
diff --git a/core/src/test/java/org/springframework/security/converter/RsaKeyConvertersTests.java b/core/src/test/java/org/springframework/security/converter/RsaKeyConvertersTests.java
index f37fb4c5bf..3d70a84d93 100644
--- a/core/src/test/java/org/springframework/security/converter/RsaKeyConvertersTests.java
+++ b/core/src/test/java/org/springframework/security/converter/RsaKeyConvertersTests.java
@@ -35,6 +35,7 @@ import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException
  */
 public class RsaKeyConvertersTests {
 
+	// @formatter:off
 	private static final String PKCS8_PRIVATE_KEY = "-----BEGIN PRIVATE KEY-----\n"
 			+ "MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCMk7CKSTfu3QoV\n"
 			+ "HoPVXxwZO+qweztd36cVWYqGOZinrOR2crWFu50AgR2CsdIH0+cqo7F4Vx7/3O8i\n"
@@ -60,9 +61,12 @@ public class RsaKeyConvertersTests {
 			+ "OHjxffBM0hH+fySx8m53gFfr2BpaqDX5f6ZGBlly1SlsWZ4CchCVsc71nshipi7I\n"
 			+ "k8HL9F5/OpQdDNprJ5RMBNfkWE65Nrcsb1e6oPkCgYAxwgdiSOtNg8PjDVDmAhwT\n"
 			+ "Mxj0Dtwi2fAqQ76RVrrXpNp3uCOIAu4CfruIb5llcJ3uak0ZbnWri32AxSgk80y3\n"
-			+ "EWiRX/WEDu5znejF+5O3pI02atWWcnxifEKGGlxwkcMbQdA67MlrJLFaSnnGpNXo\n" + "yPfcul058SOqhafIZQMEKQ==\n"
+			+ "EWiRX/WEDu5znejF+5O3pI02atWWcnxifEKGGlxwkcMbQdA67MlrJLFaSnnGpNXo\n"
+			+ "yPfcul058SOqhafIZQMEKQ==\n"
 			+ "-----END PRIVATE KEY-----";
+	// @formatter:on
 
+	// @formatter:off
 	private static final String PKCS1_PRIVATE_KEY = "-----BEGIN RSA PRIVATE KEY-----\n"
 			+ "MIICWwIBAAKBgQDdlatRjRjogo3WojgGHFHYLugdUWAY9iR3fy4arWNA1KoS8kVw\n"
 			+ "33cJibXr8bvwUAUparCwlvdbH6dvEOfou0/gCFQsHUfQrSDv+MuSUMAe8jzKE4qW\n"
@@ -76,13 +80,18 @@ public class RsaKeyConvertersTests {
 			+ "6Z8KWrfYzJoI/Q9FuBo6rKwl4BFoToD7WIUS+hpkagwWiz+6zLoX1dbOZwJACmH5\n"
 			+ "fSSjAkLRi54PKJ8TFUeOP15h9sQzydI8zJU+upvDEKZsZc/UhT/SySDOxQ4G/523\n"
 			+ "Y0sz/OZtSWcol/UMgQJALesy++GdvoIDLfJX5GBQpuFgFenRiRDabxrE9MNUZ2aP\n"
-			+ "FaFp+DyAe+b4nDwuJaW2LURbr8AEZga7oQj0uYxcYw==\n" + "-----END RSA PRIVATE KEY-----";
+			+ "FaFp+DyAe+b4nDwuJaW2LURbr8AEZga7oQj0uYxcYw==\n"
+			+ "-----END RSA PRIVATE KEY-----";
+	// @formatter:on
 
+	// @formatter:off
 	private static final String X509_PUBLIC_KEY = "-----BEGIN PUBLIC KEY-----\n"
 			+ "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDdlatRjRjogo3WojgGHFHYLugd\n"
 			+ "UWAY9iR3fy4arWNA1KoS8kVw33cJibXr8bvwUAUparCwlvdbH6dvEOfou0/gCFQs\n"
-			+ "HUfQrSDv+MuSUMAe8jzKE4qW+jK+xQU9a03GUnKHkkle+Q0pX/g6jXZ7r1/xAK5D\n" + "o2kQ+X5xK9cipRgEKwIDAQAB\n"
+			+ "HUfQrSDv+MuSUMAe8jzKE4qW+jK+xQU9a03GUnKHkkle+Q0pX/g6jXZ7r1/xAK5D\n"
+			+ "o2kQ+X5xK9cipRgEKwIDAQAB\n"
 			+ "-----END PUBLIC KEY-----";
+	// @formatter:on
 
 	private static final String MALFORMED_X509_KEY = "malformed";
 
diff --git a/core/src/test/java/org/springframework/security/core/context/ReactiveSecurityContextHolderTests.java b/core/src/test/java/org/springframework/security/core/context/ReactiveSecurityContextHolderTests.java
index 0cbad90105..df166b481b 100644
--- a/core/src/test/java/org/springframework/security/core/context/ReactiveSecurityContextHolderTests.java
+++ b/core/src/test/java/org/springframework/security/core/context/ReactiveSecurityContextHolderTests.java
@@ -32,7 +32,10 @@ public class ReactiveSecurityContextHolderTests {
 	@Test
 	public void getContextWhenEmpty() {
 		Mono<SecurityContext> context = ReactiveSecurityContextHolder.getContext();
-		StepVerifier.create(context).verifyComplete();
+		// @formatter:off
+		StepVerifier.create(context)
+				.verifyComplete();
+		// @formatter:on
 	}
 
 	@Test
@@ -42,17 +45,26 @@ public class ReactiveSecurityContextHolderTests {
 		Mono<SecurityContext> context = Mono.subscriberContext()
 				.flatMap((c) -> ReactiveSecurityContextHolder.getContext())
 				.subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(expectedContext)));
-		StepVerifier.create(context).expectNext(expectedContext).verifyComplete();
+		// @formatter:off
+		StepVerifier.create(context)
+				.expectNext(expectedContext)
+				.verifyComplete();
+		// @formatter:on
 	}
 
 	@Test
 	public void demo() {
 		Authentication authentication = new TestingAuthenticationToken("user", "password", "ROLE_USER");
+		// @formatter:off
 		Mono<String> messageByUsername = ReactiveSecurityContextHolder.getContext()
-				.map(SecurityContext::getAuthentication).map(Authentication::getName)
+				.map(SecurityContext::getAuthentication)
+				.map(Authentication::getName)
 				.flatMap(this::findMessageByUsername)
 				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication));
-		StepVerifier.create(messageByUsername).expectNext("Hi user").verifyComplete();
+		StepVerifier.create(messageByUsername)
+				.expectNext("Hi user")
+				.verifyComplete();
+		// @formatter:on
 	}
 
 	private Mono<String> findMessageByUsername(String username) {
@@ -63,20 +75,28 @@ public class ReactiveSecurityContextHolderTests {
 	public void setContextAndClearAndGetContextThenEmitsEmpty() {
 		SecurityContext expectedContext = new SecurityContextImpl(
 				new TestingAuthenticationToken("user", "password", "ROLE_USER"));
+		// @formatter:off
 		Mono<SecurityContext> context = Mono.subscriberContext()
 				.flatMap((c) -> ReactiveSecurityContextHolder.getContext())
 				.subscriberContext(ReactiveSecurityContextHolder.clearContext())
 				.subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(expectedContext)));
-		StepVerifier.create(context).verifyComplete();
+		StepVerifier.create(context)
+				.verifyComplete();
+		// @formatter:on
 	}
 
 	@Test
 	public void setAuthenticationAndGetContextThenEmitsContext() {
 		Authentication expectedAuthentication = new TestingAuthenticationToken("user", "password", "ROLE_USER");
+		// @formatter:off
 		Mono<Authentication> authentication = Mono.subscriberContext()
-				.flatMap((c) -> ReactiveSecurityContextHolder.getContext()).map(SecurityContext::getAuthentication)
+				.flatMap((c) -> ReactiveSecurityContextHolder.getContext())
+				.map(SecurityContext::getAuthentication)
 				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(expectedAuthentication));
-		StepVerifier.create(authentication).expectNext(expectedAuthentication).verifyComplete();
+		StepVerifier.create(authentication)
+				.expectNext(expectedAuthentication)
+				.verifyComplete();
+		// @formatter:on
 	}
 
 }
diff --git a/core/src/test/java/org/springframework/security/core/userdetails/PasswordEncodedUser.java b/core/src/test/java/org/springframework/security/core/userdetails/PasswordEncodedUser.java
index 869c0f3538..d273cb9e6d 100644
--- a/core/src/test/java/org/springframework/security/core/userdetails/PasswordEncodedUser.java
+++ b/core/src/test/java/org/springframework/security/core/userdetails/PasswordEncodedUser.java
@@ -45,7 +45,11 @@ public class PasswordEncodedUser {
 	}
 
 	public static User.UserBuilder withUserDetails(UserDetails userDetails) {
-		return User.withUserDetails(userDetails).passwordEncoder(passwordEncoder());
+		// @formatter:off
+		return User
+				.withUserDetails(userDetails)
+				.passwordEncoder(passwordEncoder());
+		// @formatter:on
 	}
 
 	private static Function<String, String> passwordEncoder() {
diff --git a/core/src/test/java/org/springframework/security/jackson2/SecurityJackson2ModulesTests.java b/core/src/test/java/org/springframework/security/jackson2/SecurityJackson2ModulesTests.java
index 81b78f6b78..cbbbddc130 100644
--- a/core/src/test/java/org/springframework/security/jackson2/SecurityJackson2ModulesTests.java
+++ b/core/src/test/java/org/springframework/security/jackson2/SecurityJackson2ModulesTests.java
@@ -51,8 +51,11 @@ public class SecurityJackson2ModulesTests {
 	@Test
 	public void readValueWhenNotAllowedOrMappedThenThrowsException() {
 		String content = "{\"@class\":\"org.springframework.security.jackson2.SecurityJackson2ModulesTests$NotAllowlisted\",\"property\":\"bar\"}";
-		assertThatExceptionOfType(Exception.class).isThrownBy(() -> this.mapper.readValue(content, Object.class))
+		// @formatter:off
+		assertThatExceptionOfType(Exception.class)
+				.isThrownBy(() -> this.mapper.readValue(content, Object.class))
 				.withStackTraceContaining("allowlist");
+		// @formatter:on
 	}
 
 	@Test

From a662a5593e2bf1a0b23feb7b9641dbb47e375041 Mon Sep 17 00:00:00 2001
From: Rob Winch <rwinch@users.noreply.github.com>
Date: Mon, 24 Aug 2020 09:48:23 -0500
Subject: [PATCH 78/84] Polish crypto format

Issue gh-8945
---
 .../security/crypto/argon2/Argon2PasswordEncoder.java | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/crypto/src/main/java/org/springframework/security/crypto/argon2/Argon2PasswordEncoder.java b/crypto/src/main/java/org/springframework/security/crypto/argon2/Argon2PasswordEncoder.java
index 9a87152cc4..b3991cb8c2 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/argon2/Argon2PasswordEncoder.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/argon2/Argon2PasswordEncoder.java
@@ -84,8 +84,15 @@ public class Argon2PasswordEncoder implements PasswordEncoder {
 	public String encode(CharSequence rawPassword) {
 		byte[] salt = this.saltGenerator.generateKey();
 		byte[] hash = new byte[this.hashLength];
-		Argon2Parameters params = new Argon2Parameters.Builder(Argon2Parameters.ARGON2_id).withSalt(salt)
-				.withParallelism(this.parallelism).withMemoryAsKB(this.memory).withIterations(this.iterations).build();
+		// @formatter:off
+		Argon2Parameters params = new Argon2Parameters
+				.Builder(Argon2Parameters.ARGON2_id)
+				.withSalt(salt)
+				.withParallelism(this.parallelism)
+				.withMemoryAsKB(this.memory)
+				.withIterations(this.iterations)
+				.build();
+		// @formatter:on
 		Argon2BytesGenerator generator = new Argon2BytesGenerator();
 		generator.init(params);
 		generator.generateBytes(rawPassword.toString().toCharArray(), hash);

From 95bc670dd5a67922f460cb61cf9868d3b0cf157d Mon Sep 17 00:00:00 2001
From: Rob Winch <rwinch@users.noreply.github.com>
Date: Mon, 24 Aug 2020 09:48:32 -0500
Subject: [PATCH 79/84] Polish itest format

Issue gh-8945
---
 .../AbstractWebServerIntegrationTests.java    |  6 +++-
 .../integration/BasicAuthenticationTests.java | 10 +++++--
 .../ConcurrentSessionManagementTests.java     | 29 +++++++++++++++----
 3 files changed, 37 insertions(+), 8 deletions(-)

diff --git a/itest/web/src/integration-test/java/org/springframework/security/integration/AbstractWebServerIntegrationTests.java b/itest/web/src/integration-test/java/org/springframework/security/integration/AbstractWebServerIntegrationTests.java
index 272e663ea1..8f1ef5b8e1 100644
--- a/itest/web/src/integration-test/java/org/springframework/security/integration/AbstractWebServerIntegrationTests.java
+++ b/itest/web/src/integration-test/java/org/springframework/security/integration/AbstractWebServerIntegrationTests.java
@@ -56,7 +56,11 @@ public abstract class AbstractWebServerIntegrationTests {
 		context.refresh();
 		this.context = context;
 
-		return MockMvcBuilders.webAppContextSetup(context).apply(springSecurity()).build();
+		// @formatter:off
+		return MockMvcBuilders.webAppContextSetup(context)
+				.apply(springSecurity())
+				.build();
+		// @formatter:on
 	}
 
 }
diff --git a/itest/web/src/integration-test/java/org/springframework/security/integration/BasicAuthenticationTests.java b/itest/web/src/integration-test/java/org/springframework/security/integration/BasicAuthenticationTests.java
index 583f91fb72..3b69dd4899 100644
--- a/itest/web/src/integration-test/java/org/springframework/security/integration/BasicAuthenticationTests.java
+++ b/itest/web/src/integration-test/java/org/springframework/security/integration/BasicAuthenticationTests.java
@@ -31,14 +31,20 @@ public class BasicAuthenticationTests extends AbstractWebServerIntegrationTests
 	public void httpBasicWhenAuthenticationRequiredAndNotAuthenticatedThen401() throws Exception {
 		MockMvc mockMvc = createMockMvc("classpath:/spring/http-security-basic.xml",
 				"classpath:/spring/in-memory-provider.xml", "classpath:/spring/testapp-servlet.xml");
-		mockMvc.perform(get("/secure/index")).andExpect(status().isUnauthorized());
+		// @formatter:off
+		mockMvc.perform(get("/secure/index"))
+				.andExpect(status().isUnauthorized());
+		// @formatter:on
 	}
 
 	@Test
 	public void httpBasicWhenProvidedThen200() throws Exception {
 		MockMvc mockMvc = createMockMvc("classpath:/spring/http-security-basic.xml",
 				"classpath:/spring/in-memory-provider.xml", "classpath:/spring/testapp-servlet.xml");
-		MockHttpServletRequestBuilder request = get("/secure/index").with(httpBasic("johnc", "johncspassword"));
+		// @formatter:off
+		MockHttpServletRequestBuilder request = get("/secure/index")
+				.with(httpBasic("johnc", "johncspassword"));
+		// @formatter:on
 		mockMvc.perform(request).andExpect(status().isOk());
 	}
 
diff --git a/itest/web/src/integration-test/java/org/springframework/security/integration/ConcurrentSessionManagementTests.java b/itest/web/src/integration-test/java/org/springframework/security/integration/ConcurrentSessionManagementTests.java
index 4f74d2b48f..6d93da3973 100644
--- a/itest/web/src/integration-test/java/org/springframework/security/integration/ConcurrentSessionManagementTests.java
+++ b/itest/web/src/integration-test/java/org/springframework/security/integration/ConcurrentSessionManagementTests.java
@@ -50,19 +50,27 @@ public class ConcurrentSessionManagementTests extends AbstractWebServerIntegrati
 		MockMvc mockMvc = createMockMvc("classpath:/spring/http-security-concurrency.xml",
 				"classpath:/spring/in-memory-provider.xml", "classpath:/spring/testapp-servlet.xml");
 
-		mockMvc.perform(get("/secure/index").session(session1)).andExpect(status().is3xxRedirection());
+		// @formatter:off
+		mockMvc.perform(get("/secure/index").session(session1))
+				.andExpect(status().is3xxRedirection());
+		// @formatter:on
 
 		MockHttpServletRequestBuilder login1 = login().session(session1);
 		mockMvc.perform(login1).andExpect(authenticated().withUsername("jimi"));
 
 		MockHttpServletRequestBuilder login2 = login().session(session2);
-		mockMvc.perform(login2).andExpect(redirectedUrl("/login.jsp?login_error=true"));
+		// @formatter:off
+		mockMvc.perform(login2)
+				.andExpect(redirectedUrl("/login.jsp?login_error=true"));
+		// @formatter:on
 		Exception exception = (Exception) session2.getAttribute("SPRING_SECURITY_LAST_EXCEPTION");
 		assertThat(exception).isNotNull();
 		assertThat(exception.getMessage()).contains("Maximum sessions of 1 for this principal exceeded");
 
 		// Now logout to kill first session
-		mockMvc.perform(post("/logout").with(csrf())).andExpect(status().is3xxRedirection())
+		// @formatter:off
+		mockMvc.perform(post("/logout").with(csrf()))
+				.andExpect(status().is3xxRedirection())
 				.andDo((result) -> this.context.publishEvent(new SessionDestroyedEvent(session1) {
 					@Override
 					public List<SecurityContext> getSecurityContexts() {
@@ -74,17 +82,28 @@ public class ConcurrentSessionManagementTests extends AbstractWebServerIntegrati
 						return session1.getId();
 					}
 				}));
+		// @formatter:on
 
 		// Try second session again
 		login2 = login().session(session2);
-		mockMvc.perform(login2).andExpect(authenticated().withUsername("jimi"));
+		// @formatter:off
+		mockMvc.perform(login2)
+				.andExpect(authenticated().withUsername("jimi"));
+		// @formatter:on
 
+		// @formatter:off
 		mockMvc.perform(get("/secure/index").session(session2))
 				.andExpect(content().string(containsString("A Secure Page")));
+		// @formatter:on
 	}
 
 	private MockHttpServletRequestBuilder login() {
-		return post("/login").param("username", "jimi").param("password", "jimispassword").with(csrf());
+		// @formatter:off
+		return post("/login")
+				.param("username", "jimi")
+				.param("password", "jimispassword")
+				.with(csrf());
+		// @formatter:on
 	}
 
 }

From 38aae7f0156d0916aae4cccd2fe36383f2db999e Mon Sep 17 00:00:00 2001
From: Rob Winch <rwinch@users.noreply.github.com>
Date: Mon, 24 Aug 2020 09:48:43 -0500
Subject: [PATCH 80/84] Polish messaging format

Issue gh-8945
---
 .../AuthenticationPrincipalArgumentResolver.java  | 14 +++++++++-----
 .../CurrentSecurityContextArgumentResolver.java   | 13 ++++++++-----
 .../MessageExpressionConfigAttributeTests.java    |  5 ++++-
 ...henticationPrincipalArgumentResolverTests.java | 15 ++++++++++++---
 .../util/matcher/SimpMessageTypeMatcherTests.java | 10 ++++++++--
 5 files changed, 41 insertions(+), 16 deletions(-)

diff --git a/messaging/src/main/java/org/springframework/security/messaging/handler/invocation/reactive/AuthenticationPrincipalArgumentResolver.java b/messaging/src/main/java/org/springframework/security/messaging/handler/invocation/reactive/AuthenticationPrincipalArgumentResolver.java
index a857232d44..2c83e97902 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/handler/invocation/reactive/AuthenticationPrincipalArgumentResolver.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/handler/invocation/reactive/AuthenticationPrincipalArgumentResolver.java
@@ -125,11 +125,15 @@ public class AuthenticationPrincipalArgumentResolver implements HandlerMethodArg
 	@Override
 	public Mono<Object> resolveArgument(MethodParameter parameter, Message<?> message) {
 		ReactiveAdapter adapter = this.adapterRegistry.getAdapter(parameter.getParameterType());
-		return ReactiveSecurityContextHolder.getContext().map(SecurityContext::getAuthentication).flatMap((a) -> {
-			Object p = resolvePrincipal(parameter, a.getPrincipal());
-			Mono<Object> principal = Mono.justOrEmpty(p);
-			return (adapter != null) ? Mono.just(adapter.fromPublisher(principal)) : principal;
-		});
+		// @formatter:off
+		return ReactiveSecurityContextHolder.getContext()
+				.map(SecurityContext::getAuthentication)
+				.flatMap((a) -> {
+					Object p = resolvePrincipal(parameter, a.getPrincipal());
+					Mono<Object> principal = Mono.justOrEmpty(p);
+					return (adapter != null) ? Mono.just(adapter.fromPublisher(principal)) : principal;
+				});
+		// @formatter:on
 	}
 
 	private Object resolvePrincipal(MethodParameter parameter, Object principal) {
diff --git a/messaging/src/main/java/org/springframework/security/messaging/handler/invocation/reactive/CurrentSecurityContextArgumentResolver.java b/messaging/src/main/java/org/springframework/security/messaging/handler/invocation/reactive/CurrentSecurityContextArgumentResolver.java
index 89491d2b17..3b67e85a43 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/handler/invocation/reactive/CurrentSecurityContextArgumentResolver.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/handler/invocation/reactive/CurrentSecurityContextArgumentResolver.java
@@ -124,11 +124,14 @@ public class CurrentSecurityContextArgumentResolver implements HandlerMethodArgu
 	@Override
 	public Mono<Object> resolveArgument(MethodParameter parameter, Message<?> message) {
 		ReactiveAdapter adapter = this.adapterRegistry.getAdapter(parameter.getParameterType());
-		return ReactiveSecurityContextHolder.getContext().flatMap((securityContext) -> {
-			Object sc = resolveSecurityContext(parameter, securityContext);
-			Mono<Object> result = Mono.justOrEmpty(sc);
-			return (adapter != null) ? Mono.just(adapter.fromPublisher(result)) : result;
-		});
+		// @formatter:off
+		return ReactiveSecurityContextHolder.getContext()
+				.flatMap((securityContext) -> {
+					Object sc = resolveSecurityContext(parameter, securityContext);
+					Mono<Object> result = Mono.justOrEmpty(sc);
+					return (adapter != null) ? Mono.just(adapter.fromPublisher(result)) : result;
+				});
+		// @formatter:on
 	}
 
 	private Object resolveSecurityContext(MethodParameter parameter, Object securityContext) {
diff --git a/messaging/src/test/java/org/springframework/security/messaging/access/expression/MessageExpressionConfigAttributeTests.java b/messaging/src/test/java/org/springframework/security/messaging/access/expression/MessageExpressionConfigAttributeTests.java
index 27918fa51a..5a12f89ea9 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/access/expression/MessageExpressionConfigAttributeTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/access/expression/MessageExpressionConfigAttributeTests.java
@@ -80,8 +80,11 @@ public class MessageExpressionConfigAttributeTests {
 	@Test
 	public void postProcessContext() {
 		SimpDestinationMessageMatcher matcher = new SimpDestinationMessageMatcher("/topics/{topic}/**");
+		// @formatter:off
 		Message<?> message = MessageBuilder.withPayload("M")
-				.setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "/topics/someTopic/sub1").build();
+				.setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "/topics/someTopic/sub1")
+				.build();
+		// @formatter:on
 		EvaluationContext context = mock(EvaluationContext.class);
 		this.attribute = new MessageExpressionConfigAttribute(this.expression, matcher);
 		this.attribute.postProcess(context, message);
diff --git a/messaging/src/test/java/org/springframework/security/messaging/handler/invocation/reactive/AuthenticationPrincipalArgumentResolverTests.java b/messaging/src/test/java/org/springframework/security/messaging/handler/invocation/reactive/AuthenticationPrincipalArgumentResolverTests.java
index 9032d1b8ee..ebc7fe9514 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/handler/invocation/reactive/AuthenticationPrincipalArgumentResolverTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/handler/invocation/reactive/AuthenticationPrincipalArgumentResolverTests.java
@@ -54,9 +54,12 @@ public class AuthenticationPrincipalArgumentResolverTests {
 	@Test
 	public void resolveArgumentWhenAuthenticationPrincipalThenFound() {
 		Authentication authentication = TestAuthentication.authenticatedUser();
+		// @formatter:off
 		Mono<UserDetails> result = (Mono<UserDetails>) this.resolver
 				.resolveArgument(arg0("authenticationPrincipalOnMonoUserDetails"), null)
-				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication)).block();
+				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication))
+				.block();
+		// @formatter:on
 		assertThat(result.block()).isEqualTo(authentication.getPrincipal());
 	}
 
@@ -72,9 +75,12 @@ public class AuthenticationPrincipalArgumentResolverTests {
 	@Test
 	public void resolveArgumentWhenMonoAndAuthenticationPrincipalThenFound() {
 		Authentication authentication = TestAuthentication.authenticatedUser();
+		// @formatter:off
 		Mono<UserDetails> result = (Mono<UserDetails>) this.resolver
 				.resolveArgument(arg0("currentUserOnMonoUserDetails"), null)
-				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication)).block();
+				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication))
+				.block();
+		// @formatter:on
 		assertThat(result.block()).isEqualTo(authentication.getPrincipal());
 	}
 
@@ -85,9 +91,12 @@ public class AuthenticationPrincipalArgumentResolverTests {
 	@Test
 	public void resolveArgumentWhenExpressionThenFound() {
 		Authentication authentication = TestAuthentication.authenticatedUser();
+		// @formatter:off
 		Mono<String> result = (Mono<String>) this.resolver
 				.resolveArgument(arg0("authenticationPrincipalExpression"), null)
-				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication)).block();
+				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication))
+				.block();
+		// @formatter:on
 		assertThat(result.block()).isEqualTo(authentication.getName());
 	}
 
diff --git a/messaging/src/test/java/org/springframework/security/messaging/util/matcher/SimpMessageTypeMatcherTests.java b/messaging/src/test/java/org/springframework/security/messaging/util/matcher/SimpMessageTypeMatcherTests.java
index c6f6b72b7d..1f7f9c562c 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/util/matcher/SimpMessageTypeMatcherTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/util/matcher/SimpMessageTypeMatcherTests.java
@@ -42,15 +42,21 @@ public class SimpMessageTypeMatcherTests {
 
 	@Test
 	public void matchesMessageMessageTrue() {
+		// @formatter:off
 		Message<String> message = MessageBuilder.withPayload("Hi")
-				.setHeader(SimpMessageHeaderAccessor.MESSAGE_TYPE_HEADER, SimpMessageType.MESSAGE).build();
+				.setHeader(SimpMessageHeaderAccessor.MESSAGE_TYPE_HEADER, SimpMessageType.MESSAGE)
+				.build();
+		// @formatter:on
 		assertThat(this.matcher.matches(message)).isTrue();
 	}
 
 	@Test
 	public void matchesMessageConnectFalse() {
+		// @formatter:off
 		Message<String> message = MessageBuilder.withPayload("Hi")
-				.setHeader(SimpMessageHeaderAccessor.MESSAGE_TYPE_HEADER, SimpMessageType.CONNECT).build();
+				.setHeader(SimpMessageHeaderAccessor.MESSAGE_TYPE_HEADER, SimpMessageType.CONNECT)
+				.build();
+		// @formatter:on
 		assertThat(this.matcher.matches(message)).isFalse();
 	}
 

From dc47a7575e2c4777f832ff3514ce7f9f088a13f6 Mon Sep 17 00:00:00 2001
From: Rob Winch <rwinch@users.noreply.github.com>
Date: Mon, 24 Aug 2020 09:49:04 -0500
Subject: [PATCH 81/84] Polish oauth-client format

Issue gh-8945
---
 ...tServiceOAuth2AuthorizedClientManager.java |   8 +-
 ...ReactiveOAuth2AuthorizedClientService.java |   5 +-
 .../JdbcOAuth2AuthorizedClientService.java    |  30 +-
 ...activeOAuth2AccessTokenResponseClient.java |  21 +-
 ...tAuthorizationCodeTokenResponseClient.java |   5 +-
 ...tClientCredentialsTokenResponseClient.java |   5 +-
 ...sAuthorizationCodeTokenResponseClient.java |  11 +-
 ...tionCodeReactiveAuthenticationManager.java |  13 +-
 .../OidcReactiveOAuth2UserService.java        |  19 +-
 ...dcClientInitiatedLogoutSuccessHandler.java |  19 +-
 ...ntInitiatedServerLogoutSuccessHandler.java |  21 +-
 .../registration/ClientRegistration.java      |  18 +-
 .../registration/ClientRegistrations.java     |  28 +-
 .../DefaultReactiveOAuth2UserService.java     |  81 ++-
 .../userinfo/DelegatingOAuth2UserService.java |   9 +-
 ...ultOAuth2AuthorizationRequestResolver.java |  15 +-
 .../DefaultOAuth2AuthorizedClientManager.java |  15 +-
 ...ReactiveOAuth2AuthorizedClientManager.java | 107 ++--
 .../web/OAuth2AuthorizationResponseUtils.java |  10 +-
 .../web/OAuth2LoginAuthenticationFilter.java  |   8 +-
 ...Auth2AuthorizedClientArgumentResolver.java |  24 +-
 ...uthorizedClientExchangeFilterFunction.java | 174 ++++--
 ...uthorizedClientExchangeFilterFunction.java |  71 ++-
 ...Auth2AuthorizedClientArgumentResolver.java |  10 +-
 ...verOAuth2AuthorizationRequestResolver.java |  35 +-
 ...OAuth2AuthorizationCodeGrantWebFilter.java |  38 +-
 ...AuthorizationRequestRedirectWebFilter.java |  10 +-
 .../OAuth2AuthorizationResponseUtils.java     |  10 +-
 ...ationCodeAuthenticationTokenConverter.java |  20 +-
 ...2ServerAuthorizationRequestRepository.java |  84 +--
 ...erverOAuth2AuthorizedClientRepository.java |  43 +-
 .../OAuth2LoginAuthenticationWebFilter.java   |   2 +
 ...deOAuth2AuthorizedClientProviderTests.java |  15 +-
 ...veOAuth2AuthorizedClientProviderTests.java |  18 +-
 ...iceOAuth2AuthorizedClientManagerTests.java |  52 +-
 ...iveOAuth2AuthorizedClientManagerTests.java |  57 +-
 ...lsOAuth2AuthorizedClientProviderTests.java |  49 +-
 ...veOAuth2AuthorizedClientProviderTests.java |  49 +-
 ...oryOAuth2AuthorizedClientServiceTests.java |   2 +
 ...iveOAuth2AuthorizedClientServiceTests.java |  92 ++-
 ...dbcOAuth2AuthorizedClientServiceTests.java |  20 +-
 .../OAuth2AuthorizationContextTests.java      |   9 +-
 ...2AuthorizedClientProviderBuilderTests.java |  58 +-
 ...rdOAuth2AuthorizedClientProviderTests.java |  62 +-
 ...veOAuth2AuthorizedClientProviderTests.java |  62 +-
 ...2AuthorizedClientProviderBuilderTests.java |  71 ++-
 ...enOAuth2AuthorizedClientProviderTests.java |  81 ++-
 ...veOAuth2AuthorizedClientProviderTests.java |  51 +-
 ...Auth2LoginAuthenticationProviderTests.java |  12 +-
 ...ginReactiveAuthenticationManagerTests.java |   6 +-
 ...orizationCodeTokenResponseClientTests.java | 113 +++-
 ...ntCredentialsTokenResponseClientTests.java | 114 +++-
 ...faultPasswordTokenResponseClientTests.java |  38 +-
 ...tRefreshTokenTokenResponseClientTests.java |  29 +-
 ...orizationCodeTokenResponseClientTests.java |  66 ++-
 ...nCodeGrantRequestEntityConverterTests.java |  35 +-
 ...tialsGrantRequestEntityConverterTests.java |  11 +-
 ...th2ClientCredentialsGrantRequestTests.java |  25 +-
 ...swordGrantRequestEntityConverterTests.java |   6 +-
 ...orizationCodeTokenResponseClientTests.java |  87 ++-
 ...ntCredentialsTokenResponseClientTests.java |  51 +-
 ...ctivePasswordTokenResponseClientTests.java |  50 +-
 ...eRefreshTokenTokenResponseClientTests.java |  50 +-
 .../OAuth2ErrorResponseErrorHandlerTests.java |   8 +-
 .../OAuth2AuthorizationRequestMixinTests.java |  22 +-
 .../OAuth2AuthorizedClientMixinTests.java     |  29 +-
 ...zationCodeAuthenticationProviderTests.java |  51 +-
 ...odeReactiveAuthenticationManagerTests.java |  69 ++-
 .../OidcIdTokenDecoderFactoryTests.java       |   6 +-
 .../OidcIdTokenValidatorTests.java            | 109 +++-
 ...eactiveOidcIdTokenDecoderFactoryTests.java |   5 +-
 .../oidc/userinfo/OidcUserServiceTests.java   | 143 +++--
 ...entInitiatedLogoutSuccessHandlerTests.java |   5 +-
 ...tiatedServerLogoutSuccessHandlerTests.java |   5 +-
 .../registration/ClientRegistrationTests.java | 555 +++++++++++++-----
 .../ClientRegistrationsTests.java             | 118 +++-
 ...tiveClientRegistrationRepositoryTests.java |   5 +-
 .../registration/TestClientRegistrations.java |  44 +-
 ...CustomUserTypesOAuth2UserServiceTests.java |  37 +-
 .../DefaultOAuth2UserServiceTests.java        |  80 ++-
 ...DefaultReactiveOAuth2UserServiceTests.java |  65 +-
 .../userinfo/OAuth2UserRequestTests.java      |  15 +-
 ...uth2AuthorizationRequestResolverTests.java |  36 +-
 ...ultOAuth2AuthorizedClientManagerTests.java |  81 ++-
 ...thorizationRequestRedirectFilterTests.java |  17 +-
 .../OAuth2LoginAuthenticationFilterTests.java |  15 +-
 ...AuthorizedClientArgumentResolverTests.java |  34 +-
 ...zedClientExchangeFilterFunctionITests.java | 116 +++-
 ...izedClientExchangeFilterFunctionTests.java | 141 +++--
 ...zedClientExchangeFilterFunctionITests.java |  90 ++-
 ...AuthorizedClientArgumentResolverTests.java |   8 +-
 ...uth2AuthorizationRequestResolverTests.java |   8 +-
 ...2AuthorizationCodeGrantWebFilterTests.java |   8 +-
 ...rizationRequestRedirectWebFilterTests.java |  64 +-
 ...CodeAuthenticationTokenConverterTests.java |  22 +-
 ...erAuthorizationRequestRepositoryTests.java | 130 +++-
 ...uth2LoginAuthenticationWebFilterTests.java |  15 +-
 97 files changed, 3421 insertions(+), 1145 deletions(-)

diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizedClientServiceOAuth2AuthorizedClientManager.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizedClientServiceOAuth2AuthorizedClientManager.java
index 2d8490a2da..4c55ac444d 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizedClientServiceOAuth2AuthorizedClientManager.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizedClientServiceOAuth2AuthorizedClientManager.java
@@ -163,14 +163,16 @@ public final class AuthorizedClientServiceOAuth2AuthorizedClientManager implemen
 
 	private OAuth2AuthorizationContext buildAuthorizationContext(OAuth2AuthorizeRequest authorizeRequest,
 			Authentication principal, OAuth2AuthorizationContext.Builder contextBuilder) {
-		OAuth2AuthorizationContext authorizationContext = contextBuilder.principal(principal)
+		// @formatter:off
+		return contextBuilder.principal(principal)
 				.attributes((attributes) -> {
 					Map<String, Object> contextAttributes = this.contextAttributesMapper.apply(authorizeRequest);
 					if (!CollectionUtils.isEmpty(contextAttributes)) {
 						attributes.putAll(contextAttributes);
 					}
-				}).build();
-		return authorizationContext;
+				})
+				.build();
+		// @formatter:on
 	}
 
 	/**
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/InMemoryReactiveOAuth2AuthorizedClientService.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/InMemoryReactiveOAuth2AuthorizedClientService.java
index 4d6161a936..c4058489b9 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/InMemoryReactiveOAuth2AuthorizedClientService.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/InMemoryReactiveOAuth2AuthorizedClientService.java
@@ -81,9 +81,12 @@ public final class InMemoryReactiveOAuth2AuthorizedClientService implements Reac
 	public Mono<Void> removeAuthorizedClient(String clientRegistrationId, String principalName) {
 		Assert.hasText(clientRegistrationId, "clientRegistrationId cannot be empty");
 		Assert.hasText(principalName, "principalName cannot be empty");
+		// @formatter:off
 		return this.clientRegistrationRepository.findByRegistrationId(clientRegistrationId)
 				.map((clientRegistration) -> new OAuth2AuthorizedClientId(clientRegistrationId, principalName))
-				.doOnNext(this.authorizedClients::remove).then(Mono.empty());
+				.doOnNext(this.authorizedClients::remove)
+				.then(Mono.empty());
+		// @formatter:on
 	}
 
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/JdbcOAuth2AuthorizedClientService.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/JdbcOAuth2AuthorizedClientService.java
index a31c655c4c..7d88ba7236 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/JdbcOAuth2AuthorizedClientService.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/JdbcOAuth2AuthorizedClientService.java
@@ -64,26 +64,42 @@ import org.springframework.util.StringUtils;
  */
 public class JdbcOAuth2AuthorizedClientService implements OAuth2AuthorizedClientService {
 
-	private static final String COLUMN_NAMES = "client_registration_id, " + "principal_name, " + "access_token_type, "
-			+ "access_token_value, " + "access_token_issued_at, " + "access_token_expires_at, "
-			+ "access_token_scopes, " + "refresh_token_value, " + "refresh_token_issued_at";
+	// @formatter:off
+	private static final String COLUMN_NAMES = "client_registration_id, "
+			+ "principal_name, "
+			+ "access_token_type, "
+			+ "access_token_value, "
+			+ "access_token_issued_at, "
+			+ "access_token_expires_at, "
+			+ "access_token_scopes, "
+			+ "refresh_token_value, "
+			+ "refresh_token_issued_at";
+	// @formatter:on
 
 	private static final String TABLE_NAME = "oauth2_authorized_client";
 
 	private static final String PK_FILTER = "client_registration_id = ? AND principal_name = ?";
 
-	private static final String LOAD_AUTHORIZED_CLIENT_SQL = "SELECT " + COLUMN_NAMES + " FROM " + TABLE_NAME
+	// @formatter:off
+	private static final String LOAD_AUTHORIZED_CLIENT_SQL = "SELECT " + COLUMN_NAMES
+			+ " FROM " + TABLE_NAME
 			+ " WHERE " + PK_FILTER;
+	// @formatter:on
 
-	private static final String SAVE_AUTHORIZED_CLIENT_SQL = "INSERT INTO " + TABLE_NAME + " (" + COLUMN_NAMES
-			+ ") VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)";
+	// @formatter:off
+	private static final String SAVE_AUTHORIZED_CLIENT_SQL = "INSERT INTO " + TABLE_NAME
+			+ " (" + COLUMN_NAMES + ") VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)";
+	// @formatter:on
 
 	private static final String REMOVE_AUTHORIZED_CLIENT_SQL = "DELETE FROM " + TABLE_NAME + " WHERE " + PK_FILTER;
 
+	// @formatter:off
 	private static final String UPDATE_AUTHORIZED_CLIENT_SQL = "UPDATE " + TABLE_NAME
 			+ " SET access_token_type = ?, access_token_value = ?, access_token_issued_at = ?,"
 			+ " access_token_expires_at = ?, access_token_scopes = ?,"
-			+ " refresh_token_value = ?, refresh_token_issued_at = ?" + " WHERE " + PK_FILTER;
+			+ " refresh_token_value = ?, refresh_token_issued_at = ?"
+			+ " WHERE " + PK_FILTER;
+	// @formatter:on
 
 	protected final JdbcOperations jdbcOperations;
 
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/AbstractWebClientReactiveOAuth2AccessTokenResponseClient.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/AbstractWebClientReactiveOAuth2AccessTokenResponseClient.java
index 27b49841c2..a97bd09c9a 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/AbstractWebClientReactiveOAuth2AccessTokenResponseClient.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/AbstractWebClientReactiveOAuth2AccessTokenResponseClient.java
@@ -68,11 +68,15 @@ public abstract class AbstractWebClientReactiveOAuth2AccessTokenResponseClient<T
 	@Override
 	public Mono<OAuth2AccessTokenResponse> getTokenResponse(T grantRequest) {
 		Assert.notNull(grantRequest, "grantRequest cannot be null");
-		return Mono.defer(
-				() -> this.webClient.post().uri(clientRegistration(grantRequest).getProviderDetails().getTokenUri())
-						.headers((headers) -> populateTokenRequestHeaders(grantRequest, headers))
-						.body(createTokenRequestBody(grantRequest)).exchange()
-						.flatMap((response) -> readTokenResponse(grantRequest, response)));
+		// @formatter:off
+		return Mono.defer(() -> this.webClient.post()
+				.uri(clientRegistration(grantRequest).getProviderDetails().getTokenUri())
+				.headers((headers) -> populateTokenRequestHeaders(grantRequest, headers))
+				.body(createTokenRequestBody(grantRequest))
+				.exchange()
+				.flatMap((response) -> readTokenResponse(grantRequest, response))
+		);
+		// @formatter:on
 	}
 
 	/**
@@ -187,7 +191,12 @@ public abstract class AbstractWebClientReactiveOAuth2AccessTokenResponseClient<T
 	OAuth2AccessTokenResponse populateTokenResponse(T grantRequest, OAuth2AccessTokenResponse tokenResponse) {
 		if (CollectionUtils.isEmpty(tokenResponse.getAccessToken().getScopes())) {
 			Set<String> defaultScopes = defaultScopes(grantRequest);
-			tokenResponse = OAuth2AccessTokenResponse.withResponse(tokenResponse).scopes(defaultScopes).build();
+			// @formatter:off
+			tokenResponse = OAuth2AccessTokenResponse
+					.withResponse(tokenResponse)
+					.scopes(defaultScopes)
+					.build();
+			// @formatter:on
 		}
 		return tokenResponse;
 	}
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/DefaultAuthorizationCodeTokenResponseClient.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/DefaultAuthorizationCodeTokenResponseClient.java
index 064c7362d6..db43cb47bf 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/DefaultAuthorizationCodeTokenResponseClient.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/DefaultAuthorizationCodeTokenResponseClient.java
@@ -82,8 +82,11 @@ public final class DefaultAuthorizationCodeTokenResponseClient
 			// https://tools.ietf.org/html/rfc6749#section-5.1
 			// If AccessTokenResponse.scope is empty, then default to the scope
 			// originally requested by the client in the Token Request
+			// @formatter:off
 			tokenResponse = OAuth2AccessTokenResponse.withResponse(tokenResponse)
-					.scopes(authorizationCodeGrantRequest.getClientRegistration().getScopes()).build();
+					.scopes(authorizationCodeGrantRequest.getClientRegistration().getScopes())
+					.build();
+			// @formatter:on
 		}
 		return tokenResponse;
 	}
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/DefaultClientCredentialsTokenResponseClient.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/DefaultClientCredentialsTokenResponseClient.java
index a216d75b09..168a85a9da 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/DefaultClientCredentialsTokenResponseClient.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/DefaultClientCredentialsTokenResponseClient.java
@@ -82,8 +82,11 @@ public final class DefaultClientCredentialsTokenResponseClient
 			// https://tools.ietf.org/html/rfc6749#section-5.1
 			// If AccessTokenResponse.scope is empty, then default to the scope
 			// originally requested by the client in the Token Request
+			// @formatter:off
 			tokenResponse = OAuth2AccessTokenResponse.withResponse(tokenResponse)
-					.scopes(clientCredentialsGrantRequest.getClientRegistration().getScopes()).build();
+					.scopes(clientCredentialsGrantRequest.getClientRegistration().getScopes())
+					.build();
+			// @formatter:on
 		}
 		return tokenResponse;
 	}
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/NimbusAuthorizationCodeTokenResponseClient.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/NimbusAuthorizationCodeTokenResponseClient.java
index 0f8b6a54ef..3165867cd2 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/NimbusAuthorizationCodeTokenResponseClient.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/NimbusAuthorizationCodeTokenResponseClient.java
@@ -119,8 +119,15 @@ public class NimbusAuthorizationCodeTokenResponseClient
 			refreshToken = accessTokenResponse.getTokens().getRefreshToken().getValue();
 		}
 		Map<String, Object> additionalParameters = new LinkedHashMap<>(accessTokenResponse.getCustomParameters());
-		return OAuth2AccessTokenResponse.withToken(accessToken).tokenType(accessTokenType).expiresIn(expiresIn)
-				.scopes(scopes).refreshToken(refreshToken).additionalParameters(additionalParameters).build();
+		// @formatter:off
+		return OAuth2AccessTokenResponse.withToken(accessToken)
+				.tokenType(accessTokenType)
+				.expiresIn(expiresIn)
+				.scopes(scopes)
+				.refreshToken(refreshToken)
+				.additionalParameters(additionalParameters)
+				.build();
+		// @formatter:on
 	}
 
 	private com.nimbusds.oauth2.sdk.TokenResponse getTokenResponse(AuthorizationGrant authorizationCodeGrant,
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManager.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManager.java
index a328b08b13..4d536afb5a 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManager.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManager.java
@@ -191,24 +191,31 @@ public class OidcAuthorizationCodeReactiveAuthenticationManager implements React
 					null);
 			return Mono.error(new OAuth2AuthenticationException(invalidIdTokenError, invalidIdTokenError.toString()));
 		}
+		// @formatter:off
 		return createOidcToken(clientRegistration, accessTokenResponse)
 				.doOnNext((idToken) -> validateNonce(authorizationCodeAuthentication, idToken))
 				.map((idToken) -> new OidcUserRequest(clientRegistration, accessToken, idToken, additionalParameters))
-				.flatMap(this.userService::loadUser).map((oauth2User) -> {
+				.flatMap(this.userService::loadUser)
+				.map((oauth2User) -> {
 					Collection<? extends GrantedAuthority> mappedAuthorities = this.authoritiesMapper
 							.mapAuthorities(oauth2User.getAuthorities());
 					return new OAuth2LoginAuthenticationToken(authorizationCodeAuthentication.getClientRegistration(),
 							authorizationCodeAuthentication.getAuthorizationExchange(), oauth2User, mappedAuthorities,
 							accessToken, accessTokenResponse.getRefreshToken());
 				});
+		// @formatter:on
 	}
 
 	private Mono<OidcIdToken> createOidcToken(ClientRegistration clientRegistration,
 			OAuth2AccessTokenResponse accessTokenResponse) {
 		ReactiveJwtDecoder jwtDecoder = this.jwtDecoderFactory.createDecoder(clientRegistration);
 		String rawIdToken = (String) accessTokenResponse.getAdditionalParameters().get(OidcParameterNames.ID_TOKEN);
-		return jwtDecoder.decode(rawIdToken).map(
-				(jwt) -> new OidcIdToken(jwt.getTokenValue(), jwt.getIssuedAt(), jwt.getExpiresAt(), jwt.getClaims()));
+		// @formatter:off
+		return jwtDecoder.decode(rawIdToken)
+				.map((jwt) ->
+						new OidcIdToken(jwt.getTokenValue(), jwt.getIssuedAt(), jwt.getExpiresAt(), jwt.getClaims())
+				);
+		// @formatter:on
 	}
 
 	private static Mono<OidcIdToken> validateNonce(
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcReactiveOAuth2UserService.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcReactiveOAuth2UserService.java
index 28a7f8c92c..1845ff0d11 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcReactiveOAuth2UserService.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcReactiveOAuth2UserService.java
@@ -97,8 +97,13 @@ public class OidcReactiveOAuth2UserService implements ReactiveOAuth2UserService<
 	@Override
 	public Mono<OidcUser> loadUser(OidcUserRequest userRequest) throws OAuth2AuthenticationException {
 		Assert.notNull(userRequest, "userRequest cannot be null");
-		return getUserInfo(userRequest).map((userInfo) -> new OidcUserAuthority(userRequest.getIdToken(), userInfo))
-				.defaultIfEmpty(new OidcUserAuthority(userRequest.getIdToken(), null)).map((authority) -> {
+		// @formatter:off
+		return getUserInfo(userRequest)
+				.map((userInfo) ->
+						new OidcUserAuthority(userRequest.getIdToken(), userInfo)
+				)
+				.defaultIfEmpty(new OidcUserAuthority(userRequest.getIdToken(), null))
+				.map((authority) -> {
 					OidcUserInfo userInfo = authority.getUserInfo();
 					Set<GrantedAuthority> authorities = new HashSet<>();
 					authorities.add(authority);
@@ -114,14 +119,19 @@ public class OidcReactiveOAuth2UserService implements ReactiveOAuth2UserService<
 					}
 					return new DefaultOidcUser(authorities, userRequest.getIdToken(), userInfo);
 				});
+		// @formatter:on
 	}
 
 	private Mono<OidcUserInfo> getUserInfo(OidcUserRequest userRequest) {
 		if (!OidcUserRequestUtils.shouldRetrieveUserInfo(userRequest)) {
 			return Mono.empty();
 		}
-		return this.oauth2UserService.loadUser(userRequest).map(OAuth2User::getAttributes)
-				.map((claims) -> convertClaims(claims, userRequest.getClientRegistration())).map(OidcUserInfo::new)
+		// @formatter:off
+		return this.oauth2UserService
+				.loadUser(userRequest)
+				.map(OAuth2User::getAttributes)
+				.map((claims) -> convertClaims(claims, userRequest.getClientRegistration()))
+				.map(OidcUserInfo::new)
 				.doOnNext((userInfo) -> {
 					String subject = userInfo.getSubject();
 					if (subject == null || !subject.equals(userRequest.getIdToken().getSubject())) {
@@ -129,6 +139,7 @@ public class OidcReactiveOAuth2UserService implements ReactiveOAuth2UserService<
 						throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
 					}
 				});
+		// @formatter:on
 	}
 
 	private Map<String, Object> convertClaims(Map<String, Object> claims, ClientRegistration clientRegistration) {
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/web/logout/OidcClientInitiatedLogoutSuccessHandler.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/web/logout/OidcClientInitiatedLogoutSuccessHandler.java
index bbca08f101..66abfe60d4 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/web/logout/OidcClientInitiatedLogoutSuccessHandler.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/web/logout/OidcClientInitiatedLogoutSuccessHandler.java
@@ -93,10 +93,17 @@ public final class OidcClientInitiatedLogoutSuccessHandler extends SimpleUrlLogo
 		if (this.postLogoutRedirectUri == null) {
 			return null;
 		}
-		UriComponents uriComponents = UriComponentsBuilder.fromHttpUrl(UrlUtils.buildFullRequestUrl(request))
-				.replacePath(request.getContextPath()).replaceQuery(null).fragment(null).build();
+		// @formatter:off
+		UriComponents uriComponents = UriComponentsBuilder
+				.fromHttpUrl(UrlUtils.buildFullRequestUrl(request))
+				.replacePath(request.getContextPath())
+				.replaceQuery(null)
+				.fragment(null)
+				.build();
 		return UriComponentsBuilder.fromUriString(this.postLogoutRedirectUri)
-				.buildAndExpand(Collections.singletonMap("baseUrl", uriComponents.toUriString())).toUri();
+				.buildAndExpand(Collections.singletonMap("baseUrl", uriComponents.toUriString()))
+				.toUri();
+		// @formatter:on
 	}
 
 	private String endpointUri(URI endSessionEndpoint, String idToken, URI postLogoutRedirectUri) {
@@ -105,7 +112,11 @@ public final class OidcClientInitiatedLogoutSuccessHandler extends SimpleUrlLogo
 		if (postLogoutRedirectUri != null) {
 			builder.queryParam("post_logout_redirect_uri", postLogoutRedirectUri);
 		}
-		return builder.encode(StandardCharsets.UTF_8).build().toUriString();
+		// @formatter:off
+		return builder.encode(StandardCharsets.UTF_8)
+				.build()
+				.toUriString();
+		// @formatter:on
 	}
 
 	/**
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/web/server/logout/OidcClientInitiatedServerLogoutSuccessHandler.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/web/server/logout/OidcClientInitiatedServerLogoutSuccessHandler.java
index b824847627..903bf7ea88 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/web/server/logout/OidcClientInitiatedServerLogoutSuccessHandler.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/web/server/logout/OidcClientInitiatedServerLogoutSuccessHandler.java
@@ -72,11 +72,14 @@ public class OidcClientInitiatedServerLogoutSuccessHandler implements ServerLogo
 
 	@Override
 	public Mono<Void> onLogoutSuccess(WebFilterExchange exchange, Authentication authentication) {
-		return Mono.just(authentication).filter(OAuth2AuthenticationToken.class::isInstance)
+		// @formatter:off
+		return Mono.just(authentication)
+				.filter(OAuth2AuthenticationToken.class::isInstance)
 				.filter((token) -> authentication.getPrincipal() instanceof OidcUser)
 				.map(OAuth2AuthenticationToken.class::cast)
 				.map(OAuth2AuthenticationToken::getAuthorizedClientRegistrationId)
-				.flatMap(this.clientRegistrationRepository::findByRegistrationId).flatMap((clientRegistration) -> {
+				.flatMap(this.clientRegistrationRepository::findByRegistrationId)
+				.flatMap((clientRegistration) -> {
 					URI endSessionEndpoint = endSessionEndpoint(clientRegistration);
 					if (endSessionEndpoint == null) {
 						return Mono.empty();
@@ -86,8 +89,10 @@ public class OidcClientInitiatedServerLogoutSuccessHandler implements ServerLogo
 					return Mono.just(endpointUri(endSessionEndpoint, idToken, postLogoutRedirectUri));
 				})
 				.switchIfEmpty(
-						this.serverLogoutSuccessHandler.onLogoutSuccess(exchange, authentication).then(Mono.empty()))
+						this.serverLogoutSuccessHandler.onLogoutSuccess(exchange, authentication).then(Mono.empty())
+				)
 				.flatMap((endpointUri) -> this.redirectStrategy.sendRedirect(exchange.getExchange(), endpointUri));
+		// @formatter:on
 	}
 
 	private URI endSessionEndpoint(ClientRegistration clientRegistration) {
@@ -118,10 +123,16 @@ public class OidcClientInitiatedServerLogoutSuccessHandler implements ServerLogo
 		if (this.postLogoutRedirectUri == null) {
 			return null;
 		}
+		// @formatter:off
 		UriComponents uriComponents = UriComponentsBuilder.fromUri(request.getURI())
-				.replacePath(request.getPath().contextPath().value()).replaceQuery(null).fragment(null).build();
+				.replacePath(request.getPath().contextPath().value())
+				.replaceQuery(null)
+				.fragment(null)
+				.build();
 		return UriComponentsBuilder.fromUriString(this.postLogoutRedirectUri)
-				.buildAndExpand(Collections.singletonMap("baseUrl", uriComponents.toUriString())).toUri();
+				.buildAndExpand(Collections.singletonMap("baseUrl", uriComponents.toUriString()))
+				.toUri();
+		// @formatter:on
 	}
 
 	/**
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistration.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistration.java
index 10815a03f4..97292842f9 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistration.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistration.java
@@ -168,11 +168,19 @@ public final class ClientRegistration implements Serializable {
 
 	@Override
 	public String toString() {
-		return "ClientRegistration{" + "registrationId='" + this.registrationId + '\'' + ", clientId='" + this.clientId
-				+ '\'' + ", clientSecret='" + this.clientSecret + '\'' + ", clientAuthenticationMethod="
-				+ this.clientAuthenticationMethod + ", authorizationGrantType=" + this.authorizationGrantType
-				+ ", redirectUri='" + this.redirectUri + '\'' + ", scopes=" + this.scopes + ", providerDetails="
-				+ this.providerDetails + ", clientName='" + this.clientName + '\'' + '}';
+		// @formatter:off
+		return "ClientRegistration{"
+				+ "registrationId='" + this.registrationId + '\''
+				+ ", clientId='" + this.clientId + '\''
+				+ ", clientSecret='" + this.clientSecret + '\''
+				+ ", clientAuthenticationMethod=" + this.clientAuthenticationMethod
+				+ ", authorizationGrantType=" + this.authorizationGrantType
+				+ ", redirectUri='" + this.redirectUri
+				+ '\'' + ", scopes=" + this.scopes
+				+ ", providerDetails=" + this.providerDetails
+				+ ", clientName='" + this.clientName + '\''
+				+ '}';
+		// @formatter:on
 	}
 
 	/**
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistrations.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistrations.java
index 95e817f0d3..5ef7aff539 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistrations.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistrations.java
@@ -148,8 +148,11 @@ public final class ClientRegistrations {
 	}
 
 	private static Supplier<ClientRegistration.Builder> oidc(URI issuer) {
-		URI uri = UriComponentsBuilder.fromUri(issuer).replacePath(issuer.getPath() + OIDC_METADATA_PATH)
+		// @formatter:off
+		URI uri = UriComponentsBuilder.fromUri(issuer)
+				.replacePath(issuer.getPath() + OIDC_METADATA_PATH)
 				.build(Collections.emptyMap());
+		// @formatter:on
 		return () -> {
 			RequestEntity<Void> request = RequestEntity.get(uri).build();
 			Map<String, Object> configuration = rest.exchange(request, typeReference).getBody();
@@ -164,14 +167,20 @@ public final class ClientRegistrations {
 	}
 
 	private static Supplier<ClientRegistration.Builder> oidcRfc8414(URI issuer) {
-		URI uri = UriComponentsBuilder.fromUri(issuer).replacePath(OIDC_METADATA_PATH + issuer.getPath())
+		// @formatter:off
+		URI uri = UriComponentsBuilder.fromUri(issuer)
+				.replacePath(OIDC_METADATA_PATH + issuer.getPath())
 				.build(Collections.emptyMap());
+		// @formatter:on
 		return getRfc8414Builder(issuer, uri);
 	}
 
 	private static Supplier<ClientRegistration.Builder> oauth(URI issuer) {
-		URI uri = UriComponentsBuilder.fromUri(issuer).replacePath(OAUTH_METADATA_PATH + issuer.getPath())
+		// @formatter:off
+		URI uri = UriComponentsBuilder.fromUri(issuer)
+				.replacePath(OAUTH_METADATA_PATH + issuer.getPath())
 				.build(Collections.emptyMap());
+		// @formatter:on
 		return getRfc8414Builder(issuer, uri);
 	}
 
@@ -242,12 +251,19 @@ public final class ClientRegistrations {
 						+ "\" returned a configuration of " + grantTypes);
 		List<String> scopes = getScopes(metadata);
 		Map<String, Object> configurationMetadata = new LinkedHashMap<>(metadata.toJSONObject());
-		return ClientRegistration.withRegistrationId(name).userNameAttributeName(IdTokenClaimNames.SUB).scope(scopes)
-				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).clientAuthenticationMethod(method)
+		// @formatter:off
+		return ClientRegistration.withRegistrationId(name)
+				.userNameAttributeName(IdTokenClaimNames.SUB)
+				.scope(scopes)
+				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
+				.clientAuthenticationMethod(method)
 				.redirectUri("{baseUrl}/{action}/oauth2/code/{registrationId}")
 				.authorizationUri(metadata.getAuthorizationEndpointURI().toASCIIString())
 				.providerConfigurationMetadata(configurationMetadata)
-				.tokenUri(metadata.getTokenEndpointURI().toASCIIString()).issuerUri(issuer).clientName(issuer);
+				.tokenUri(metadata.getTokenEndpointURI().toASCIIString())
+				.issuerUri(issuer)
+				.clientName(issuer);
+		// @formatter:on
 	}
 
 	private static ClientAuthenticationMethod getClientAuthenticationMethod(String issuer,
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserService.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserService.java
index cd195f29b6..6494135063 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserService.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserService.java
@@ -108,13 +108,18 @@ public class DefaultReactiveOAuth2UserService implements ReactiveOAuth2UserServi
 					.getUserInfoEndpoint().getAuthenticationMethod();
 			WebClient.RequestHeadersSpec<?> requestHeadersSpec = getRequestHeaderSpec(userRequest, userInfoUri,
 					authenticationMethod);
+			// @formatter:off
 			Mono<Map<String, Object>> userAttributes = requestHeadersSpec.retrieve()
-					.onStatus((s) -> s != HttpStatus.OK, (response) -> parse(response).map((userInfoErrorResponse) -> {
-						String description = userInfoErrorResponse.getErrorObject().getDescription();
-						OAuth2Error oauth2Error = new OAuth2Error(INVALID_USER_INFO_RESPONSE_ERROR_CODE, description,
-								null);
-						throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
-					})).bodyToMono(DefaultReactiveOAuth2UserService.STRING_OBJECT_MAP);
+					.onStatus((s) -> s != HttpStatus.OK, (response) ->
+						parse(response)
+							.map((userInfoErrorResponse) -> {
+								String description = userInfoErrorResponse.getErrorObject().getDescription();
+								OAuth2Error oauth2Error = new OAuth2Error(INVALID_USER_INFO_RESPONSE_ERROR_CODE, description,
+									null);
+								throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
+							})
+					)
+					.bodyToMono(DefaultReactiveOAuth2UserService.STRING_OBJECT_MAP);
 			return userAttributes.map((attrs) -> {
 				GrantedAuthority authority = new OAuth2UserAuthority(attrs);
 				Set<GrantedAuthority> authorities = new HashSet<>();
@@ -125,40 +130,54 @@ public class DefaultReactiveOAuth2UserService implements ReactiveOAuth2UserServi
 				}
 
 				return new DefaultOAuth2User(authorities, attrs, userNameAttributeName);
-			}).onErrorMap(IOException.class,
+			})
+			.onErrorMap(IOException.class,
 					(ex) -> new AuthenticationServiceException("Unable to access the userInfoEndpoint " + userInfoUri,
-							ex))
-					.onErrorMap(UnsupportedMediaTypeException.class, (ex) -> {
-						String errorMessage = "An error occurred while attempting to retrieve the UserInfo Resource from '"
-								+ userRequest.getClientRegistration().getProviderDetails().getUserInfoEndpoint()
-										.getUri()
-								+ "': response contains invalid content type '" + ex.getContentType().toString() + "'. "
-								+ "The UserInfo Response should return a JSON object (content type 'application/json') "
-								+ "that contains a collection of name and value pairs of the claims about the authenticated End-User. "
-								+ "Please ensure the UserInfo Uri in UserInfoEndpoint for Client Registration '"
-								+ userRequest.getClientRegistration().getRegistrationId()
-								+ "' conforms to the UserInfo Endpoint, "
-								+ "as defined in OpenID Connect 1.0: 'https://openid.net/specs/openid-connect-core-1_0.html#UserInfo'";
-						OAuth2Error oauth2Error = new OAuth2Error(INVALID_USER_INFO_RESPONSE_ERROR_CODE, errorMessage,
-								null);
-						throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString(), ex);
-					}).onErrorMap((t) -> !(t instanceof AuthenticationServiceException), (t) -> {
-						OAuth2Error oauth2Error = new OAuth2Error(INVALID_USER_INFO_RESPONSE_ERROR_CODE,
-								"An error occurred reading the UserInfo Success response: " + t.getMessage(), null);
-						return new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString(), t);
-					});
+							ex)
+			)
+			.onErrorMap(UnsupportedMediaTypeException.class, (ex) -> {
+				String errorMessage = "An error occurred while attempting to retrieve the UserInfo Resource from '"
+						+ userRequest.getClientRegistration().getProviderDetails().getUserInfoEndpoint()
+								.getUri()
+						+ "': response contains invalid content type '" + ex.getContentType().toString() + "'. "
+						+ "The UserInfo Response should return a JSON object (content type 'application/json') "
+						+ "that contains a collection of name and value pairs of the claims about the authenticated End-User. "
+						+ "Please ensure the UserInfo Uri in UserInfoEndpoint for Client Registration '"
+						+ userRequest.getClientRegistration().getRegistrationId()
+						+ "' conforms to the UserInfo Endpoint, "
+						+ "as defined in OpenID Connect 1.0: 'https://openid.net/specs/openid-connect-core-1_0.html#UserInfo'";
+				OAuth2Error oauth2Error = new OAuth2Error(INVALID_USER_INFO_RESPONSE_ERROR_CODE, errorMessage,
+						null);
+				throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString(), ex);
+			})
+			.onErrorMap((t) -> !(t instanceof AuthenticationServiceException), (t) -> {
+				OAuth2Error oauth2Error = new OAuth2Error(INVALID_USER_INFO_RESPONSE_ERROR_CODE,
+						"An error occurred reading the UserInfo Success response: " + t.getMessage(), null);
+				return new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString(), t);
+			});
 		});
+		// @formatter:on
 	}
 
 	private WebClient.RequestHeadersSpec<?> getRequestHeaderSpec(OAuth2UserRequest userRequest, String userInfoUri,
 			AuthenticationMethod authenticationMethod) {
 		if (AuthenticationMethod.FORM.equals(authenticationMethod)) {
-			return this.webClient.post().uri(userInfoUri).header(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_VALUE)
+			// @formatter:off
+			return this.webClient.post()
+					.uri(userInfoUri)
+					.header(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_VALUE)
 					.header(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_FORM_URLENCODED_VALUE)
-					.syncBody("access_token=" + userRequest.getAccessToken().getTokenValue());
+					.bodyValue("access_token=" + userRequest.getAccessToken().getTokenValue());
+			// @formatter:on
 		}
-		return this.webClient.get().uri(userInfoUri).header(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_VALUE)
-				.headers((headers) -> headers.setBearerAuth(userRequest.getAccessToken().getTokenValue()));
+		// @formatter:off
+		return this.webClient.get()
+				.uri(userInfoUri)
+				.header(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_VALUE)
+				.headers((headers) -> headers
+						.setBearerAuth(userRequest.getAccessToken().getTokenValue())
+				);
+		// @formatter:on
 	}
 
 	/**
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DelegatingOAuth2UserService.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DelegatingOAuth2UserService.java
index a0fe26adad..32e9ab81de 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DelegatingOAuth2UserService.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DelegatingOAuth2UserService.java
@@ -58,8 +58,13 @@ public class DelegatingOAuth2UserService<R extends OAuth2UserRequest, U extends
 	@Override
 	public U loadUser(R userRequest) throws OAuth2AuthenticationException {
 		Assert.notNull(userRequest, "userRequest cannot be null");
-		return this.userServices.stream().map((userService) -> userService.loadUser(userRequest))
-				.filter(Objects::nonNull).findFirst().orElse(null);
+		// @formatter:off
+		return this.userServices.stream()
+				.map((userService) -> userService.loadUser(userRequest))
+				.filter(Objects::nonNull)
+				.findFirst()
+				.orElse(null);
+		// @formatter:on
 	}
 
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolver.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolver.java
index 252c6f803d..7e606eae6b 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolver.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolver.java
@@ -153,10 +153,14 @@ public final class DefaultOAuth2AuthorizationRequestResolver implements OAuth2Au
 
 		String redirectUriStr = expandRedirectUri(request, clientRegistration, redirectUriAction);
 
+		// @formatter:off
 		builder.clientId(clientRegistration.getClientId())
 				.authorizationUri(clientRegistration.getProviderDetails().getAuthorizationUri())
-				.redirectUri(redirectUriStr).scopes(clientRegistration.getScopes())
-				.state(this.stateGenerator.generateKey()).attributes(attributes);
+				.redirectUri(redirectUriStr)
+				.scopes(clientRegistration.getScopes())
+				.state(this.stateGenerator.generateKey())
+				.attributes(attributes);
+		// @formatter:on
 
 		this.authorizationRequestCustomizer.accept(builder);
 
@@ -219,8 +223,13 @@ public final class DefaultOAuth2AuthorizationRequestResolver implements OAuth2Au
 			String action) {
 		Map<String, String> uriVariables = new HashMap<>();
 		uriVariables.put("registrationId", clientRegistration.getRegistrationId());
+		// @formatter:off
 		UriComponents uriComponents = UriComponentsBuilder.fromHttpUrl(UrlUtils.buildFullRequestUrl(request))
-				.replacePath(request.getContextPath()).replaceQuery(null).fragment(null).build();
+				.replacePath(request.getContextPath())
+				.replaceQuery(null)
+				.fragment(null)
+				.build();
+		// @formatter:on
 		String scheme = uriComponents.getScheme();
 		uriVariables.put("baseScheme", (scheme != null) ? scheme : "");
 		String host = uriComponents.getHost();
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManager.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManager.java
index 5f4b3111fe..02e41ab33f 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManager.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManager.java
@@ -87,8 +87,14 @@ import org.springframework.web.context.request.ServletRequestAttributes;
  */
 public final class DefaultOAuth2AuthorizedClientManager implements OAuth2AuthorizedClientManager {
 
-	private static final OAuth2AuthorizedClientProvider DEFAULT_AUTHORIZED_CLIENT_PROVIDER = OAuth2AuthorizedClientProviderBuilder
-			.builder().authorizationCode().refreshToken().clientCredentials().password().build();
+	// @formatter:off
+	private static final OAuth2AuthorizedClientProvider DEFAULT_AUTHORIZED_CLIENT_PROVIDER = OAuth2AuthorizedClientProviderBuilder.builder()
+			.authorizationCode()
+			.refreshToken()
+			.clientCredentials()
+			.password()
+			.build();
+	// @formatter:on
 
 	private final ClientRegistrationRepository clientRegistrationRepository;
 
@@ -156,13 +162,16 @@ public final class DefaultOAuth2AuthorizedClientManager implements OAuth2Authori
 				contextBuilder = OAuth2AuthorizationContext.withClientRegistration(clientRegistration);
 			}
 		}
+		// @formatter:off
 		OAuth2AuthorizationContext authorizationContext = contextBuilder.principal(principal)
 				.attributes((attributes) -> {
 					Map<String, Object> contextAttributes = this.contextAttributesMapper.apply(authorizeRequest);
 					if (!CollectionUtils.isEmpty(contextAttributes)) {
 						attributes.putAll(contextAttributes);
 					}
-				}).build();
+				})
+				.build();
+		// @formatter:on
 		try {
 			authorizedClient = this.authorizedClientProvider.authorize(authorizationContext);
 		}
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultReactiveOAuth2AuthorizedClientManager.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultReactiveOAuth2AuthorizedClientManager.java
index 69dbf4e9bc..82980c6544 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultReactiveOAuth2AuthorizedClientManager.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultReactiveOAuth2AuthorizedClientManager.java
@@ -93,11 +93,20 @@ import org.springframework.web.server.ServerWebExchange;
  */
 public final class DefaultReactiveOAuth2AuthorizedClientManager implements ReactiveOAuth2AuthorizedClientManager {
 
-	private static final ReactiveOAuth2AuthorizedClientProvider DEFAULT_AUTHORIZED_CLIENT_PROVIDER = ReactiveOAuth2AuthorizedClientProviderBuilder
-			.builder().authorizationCode().refreshToken().clientCredentials().password().build();
+	// @formatter:off
+	private static final ReactiveOAuth2AuthorizedClientProvider DEFAULT_AUTHORIZED_CLIENT_PROVIDER = ReactiveOAuth2AuthorizedClientProviderBuilder.builder()
+			.authorizationCode()
+			.refreshToken()
+			.clientCredentials()
+			.password()
+			.build();
+	// @formatter:on
 
+	// @formatter:off
 	private static final Mono<ServerWebExchange> currentServerWebExchangeMono = Mono.subscriberContext()
-			.filter((c) -> c.hasKey(ServerWebExchange.class)).map((c) -> c.get(ServerWebExchange.class));
+			.filter((c) -> c.hasKey(ServerWebExchange.class))
+			.map((c) -> c.get(ServerWebExchange.class));
+	// @formatter:on
 
 	private final ReactiveClientRegistrationRepository clientRegistrationRepository;
 
@@ -138,28 +147,32 @@ public final class DefaultReactiveOAuth2AuthorizedClientManager implements React
 		Assert.notNull(authorizeRequest, "authorizeRequest cannot be null");
 		String clientRegistrationId = authorizeRequest.getClientRegistrationId();
 		Authentication principal = authorizeRequest.getPrincipal();
+		// @formatter:off
 		return Mono.justOrEmpty(authorizeRequest.<ServerWebExchange>getAttribute(ServerWebExchange.class.getName()))
 				.switchIfEmpty(currentServerWebExchangeMono)
 				.switchIfEmpty(Mono.error(() -> new IllegalArgumentException("serverWebExchange cannot be null")))
-				.flatMap((serverWebExchange) -> Mono.justOrEmpty(authorizeRequest.getAuthorizedClient())
-						.switchIfEmpty(Mono
-								.defer(() -> loadAuthorizedClient(clientRegistrationId, principal, serverWebExchange)))
+				.flatMap((serverWebExchange) -> Mono
+						.justOrEmpty(authorizeRequest.getAuthorizedClient())
+						.switchIfEmpty(Mono.defer(() -> loadAuthorizedClient(clientRegistrationId, principal, serverWebExchange)))
 						.flatMap((authorizedClient) -> // Re-authorize
-						authorizationContext(authorizeRequest, authorizedClient).flatMap(
-								(authorizationContext) -> authorize(authorizationContext, principal, serverWebExchange))
-								// Default to the existing authorizedClient if the
-								// client was not re-authorized
-								.defaultIfEmpty((authorizeRequest.getAuthorizedClient() != null)
-										? authorizeRequest.getAuthorizedClient() : authorizedClient))
+							authorizationContext(authorizeRequest, authorizedClient)
+									.flatMap((authorizationContext) -> authorize(authorizationContext, principal, serverWebExchange))
+									// Default to the existing authorizedClient if the
+									// client was not re-authorized
+									.defaultIfEmpty((authorizeRequest.getAuthorizedClient() != null)
+											? authorizeRequest.getAuthorizedClient() : authorizedClient)
+						)
 						.switchIfEmpty(Mono.defer(() ->
-						// Authorize
-						this.clientRegistrationRepository.findByRegistrationId(clientRegistrationId)
-								.switchIfEmpty(Mono.error(() -> new IllegalArgumentException(
-										"Could not find ClientRegistration with id '" + clientRegistrationId + "'")))
-								.flatMap((clientRegistration) -> authorizationContext(authorizeRequest,
-										clientRegistration))
-								.flatMap((authorizationContext) -> authorize(authorizationContext, principal,
-										serverWebExchange)))));
+							// Authorize
+							this.clientRegistrationRepository.findByRegistrationId(clientRegistrationId)
+									.switchIfEmpty(Mono.error(() -> new IllegalArgumentException(
+											"Could not find ClientRegistration with id '" + clientRegistrationId + "'")))
+									.flatMap((clientRegistration) -> authorizationContext(authorizeRequest,
+											clientRegistration))
+									.flatMap((authorizationContext) -> authorize(authorizationContext, principal,
+											serverWebExchange))))
+						);
+		// @formatter:on
 	}
 
 	private Mono<OAuth2AuthorizedClient> loadAuthorizedClient(String clientRegistrationId, Authentication principal,
@@ -181,18 +194,22 @@ public final class DefaultReactiveOAuth2AuthorizedClientManager implements React
 	 */
 	private Mono<OAuth2AuthorizedClient> authorize(OAuth2AuthorizationContext authorizationContext,
 			Authentication principal, ServerWebExchange serverWebExchange) {
+		// @formatter:off
 		return this.authorizedClientProvider.authorize(authorizationContext)
 				// Delegate to the authorizationSuccessHandler of the successful
 				// authorization
-				.flatMap((authorizedClient) -> this.authorizationSuccessHandler
-						.onAuthorizationSuccess(authorizedClient, principal, createAttributes(serverWebExchange))
-						.thenReturn(authorizedClient))
+				.flatMap((authorizedClient) ->
+						this.authorizationSuccessHandler
+							.onAuthorizationSuccess(authorizedClient, principal, createAttributes(serverWebExchange))
+							.thenReturn(authorizedClient)
+				)
 				// Delegate to the authorizationFailureHandler of the failed authorization
-				.onErrorResume(OAuth2AuthorizationException.class,
-						(authorizationException) -> this.authorizationFailureHandler
-								.onAuthorizationFailure(authorizationException, principal,
-										createAttributes(serverWebExchange))
-								.then(Mono.error(authorizationException)));
+				.onErrorResume(OAuth2AuthorizationException.class, (authorizationException) ->
+						this.authorizationFailureHandler
+								.onAuthorizationFailure(authorizationException, principal, createAttributes(serverWebExchange))
+								.then(Mono.error(authorizationException))
+				);
+		// @formatter:on
 	}
 
 	private Map<String, Object> createAttributes(ServerWebExchange serverWebExchange) {
@@ -201,24 +218,36 @@ public final class DefaultReactiveOAuth2AuthorizedClientManager implements React
 
 	private Mono<OAuth2AuthorizationContext> authorizationContext(OAuth2AuthorizeRequest authorizeRequest,
 			OAuth2AuthorizedClient authorizedClient) {
-		return Mono.just(authorizeRequest).flatMap(this.contextAttributesMapper)
-				.map((attrs) -> OAuth2AuthorizationContext.withAuthorizedClient(authorizedClient)
-						.principal(authorizeRequest.getPrincipal()).attributes((attributes) -> {
+		// @formatter:off
+		return Mono.just(authorizeRequest)
+				.flatMap(this.contextAttributesMapper)
+				.map((attrs) -> OAuth2AuthorizationContext
+						.withAuthorizedClient(authorizedClient)
+						.principal(authorizeRequest.getPrincipal())
+						.attributes((attributes) -> {
 							if (!CollectionUtils.isEmpty(attrs)) {
 								attributes.putAll(attrs);
 							}
-						}).build());
+						})
+						.build());
+		// @formatter:on
 	}
 
 	private Mono<OAuth2AuthorizationContext> authorizationContext(OAuth2AuthorizeRequest authorizeRequest,
 			ClientRegistration clientRegistration) {
-		return Mono.just(authorizeRequest).flatMap(this.contextAttributesMapper)
+		// @formatter:off
+		return Mono.just(authorizeRequest)
+				.flatMap(this.contextAttributesMapper)
 				.map((attrs) -> OAuth2AuthorizationContext.withClientRegistration(clientRegistration)
-						.principal(authorizeRequest.getPrincipal()).attributes((attributes) -> {
+						.principal(authorizeRequest.getPrincipal())
+						.attributes((attributes) -> {
 							if (!CollectionUtils.isEmpty(attrs)) {
 								attributes.putAll(attrs);
 							}
-						}).build());
+						})
+						.build()
+				);
+		// @formatter:on
 	}
 
 	/**
@@ -286,7 +315,9 @@ public final class DefaultReactiveOAuth2AuthorizedClientManager implements React
 		@Override
 		public Mono<Map<String, Object>> apply(OAuth2AuthorizeRequest authorizeRequest) {
 			ServerWebExchange serverWebExchange = authorizeRequest.getAttribute(ServerWebExchange.class.getName());
-			return Mono.justOrEmpty(serverWebExchange).switchIfEmpty(currentServerWebExchangeMono)
+			// @formatter:off
+			return Mono.justOrEmpty(serverWebExchange)
+					.switchIfEmpty(currentServerWebExchangeMono)
 					.flatMap((exchange) -> {
 						Map<String, Object> contextAttributes = Collections.emptyMap();
 						String scope = exchange.getRequest().getQueryParams().getFirst(OAuth2ParameterNames.SCOPE);
@@ -296,7 +327,9 @@ public final class DefaultReactiveOAuth2AuthorizedClientManager implements React
 									StringUtils.delimitedListToStringArray(scope, " "));
 						}
 						return Mono.just(contextAttributes);
-					}).defaultIfEmpty(Collections.emptyMap());
+					})
+					.defaultIfEmpty(Collections.emptyMap());
+			// @formatter:on
 		}
 
 	}
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationResponseUtils.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationResponseUtils.java
index 8fdbf17b0f..6a0eec1321 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationResponseUtils.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationResponseUtils.java
@@ -71,8 +71,14 @@ final class OAuth2AuthorizationResponseUtils {
 		}
 		String errorDescription = request.getFirst(OAuth2ParameterNames.ERROR_DESCRIPTION);
 		String errorUri = request.getFirst(OAuth2ParameterNames.ERROR_URI);
-		return OAuth2AuthorizationResponse.error(errorCode).redirectUri(redirectUri).errorDescription(errorDescription)
-				.errorUri(errorUri).state(state).build();
+		// @formatter:off
+		return OAuth2AuthorizationResponse.error(errorCode)
+				.redirectUri(redirectUri)
+				.errorDescription(errorDescription)
+				.errorUri(errorUri)
+				.state(state)
+				.build();
+		// @formatter:on
 	}
 
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilter.java
index 2583b1a9a2..6943215ded 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilter.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilter.java
@@ -176,8 +176,12 @@ public class OAuth2LoginAuthenticationFilter extends AbstractAuthenticationProce
 					"Client Registration not found with Id: " + registrationId, null);
 			throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
 		}
-		String redirectUri = UriComponentsBuilder.fromHttpUrl(UrlUtils.buildFullRequestUrl(request)).replaceQuery(null)
-				.build().toUriString();
+		// @formatter:off
+		String redirectUri = UriComponentsBuilder.fromHttpUrl(UrlUtils.buildFullRequestUrl(request))
+				.replaceQuery(null)
+				.build()
+				.toUriString();
+		// @formatter:on
 		OAuth2AuthorizationResponse authorizationResponse = OAuth2AuthorizationResponseUtils.convert(params,
 				redirectUri);
 		Object authenticationDetails = this.authenticationDetailsSource.buildDetails(request);
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolver.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolver.java
index 66f81abc45..a50632a629 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolver.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolver.java
@@ -126,9 +126,14 @@ public final class OAuth2AuthorizedClientArgumentResolver implements HandlerMeth
 		}
 		HttpServletRequest servletRequest = webRequest.getNativeRequest(HttpServletRequest.class);
 		HttpServletResponse servletResponse = webRequest.getNativeResponse(HttpServletResponse.class);
-		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest.withClientRegistrationId(clientRegistrationId)
-				.principal(principal).attribute(HttpServletRequest.class.getName(), servletRequest)
-				.attribute(HttpServletResponse.class.getName(), servletResponse).build();
+		// @formatter:off
+		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
+				.withClientRegistrationId(clientRegistrationId)
+				.principal(principal)
+				.attribute(HttpServletRequest.class.getName(), servletRequest)
+				.attribute(HttpServletResponse.class.getName(), servletResponse)
+				.build();
+		// @formatter:on
 		return this.authorizedClientManager.authorize(authorizeRequest);
 	}
 
@@ -176,11 +181,16 @@ public final class OAuth2AuthorizedClientArgumentResolver implements HandlerMeth
 
 	private void updateDefaultAuthorizedClientManager(
 			OAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest> clientCredentialsTokenResponseClient) {
+		// @formatter:off
 		OAuth2AuthorizedClientProvider authorizedClientProvider = OAuth2AuthorizedClientProviderBuilder.builder()
-				.authorizationCode().refreshToken()
-				.clientCredentials(
-						(configurer) -> configurer.accessTokenResponseClient(clientCredentialsTokenResponseClient))
-				.password().build();
+				.authorizationCode()
+				.refreshToken()
+				.clientCredentials((configurer) ->
+						configurer.accessTokenResponseClient(clientCredentialsTokenResponseClient)
+				)
+				.password()
+				.build();
+		// @formatter:on
 		((DefaultOAuth2AuthorizedClientManager) this.authorizedClientManager)
 				.setAuthorizedClientProvider(authorizedClientProvider);
 	}
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunction.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunction.java
index 8cf8ae34b9..a2ce9962db 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunction.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunction.java
@@ -131,12 +131,18 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements
 	private final Mono<Authentication> currentAuthenticationMono = ReactiveSecurityContextHolder.getContext()
 			.map(SecurityContext::getAuthentication).defaultIfEmpty(ANONYMOUS_USER_TOKEN);
 
+	// @formatter:off
 	private final Mono<String> clientRegistrationIdMono = this.currentAuthenticationMono
 			.filter((t) -> this.defaultOAuth2AuthorizedClient && t instanceof OAuth2AuthenticationToken)
-			.cast(OAuth2AuthenticationToken.class).map(OAuth2AuthenticationToken::getAuthorizedClientRegistrationId);
+			.cast(OAuth2AuthenticationToken.class)
+			.map(OAuth2AuthenticationToken::getAuthorizedClientRegistrationId);
+	// @formatter:on
 
+	// @formatter:off
 	private final Mono<ServerWebExchange> currentServerWebExchangeMono = Mono.subscriberContext()
-			.filter((c) -> c.hasKey(ServerWebExchange.class)).map((c) -> c.get(ServerWebExchange.class));
+			.filter((c) -> c.hasKey(ServerWebExchange.class))
+			.map((c) -> c.get(ServerWebExchange.class));
+	// @formatter:on
 
 	private final ReactiveOAuth2AuthorizedClientManager authorizedClientManager;
 
@@ -372,11 +378,14 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements
 	}
 
 	private void updateDefaultAuthorizedClientManager() {
-		ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider = ReactiveOAuth2AuthorizedClientProviderBuilder
-				.builder().authorizationCode()
+		// @formatter:off
+		ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider = ReactiveOAuth2AuthorizedClientProviderBuilder.builder()
+				.authorizationCode()
 				.refreshToken((configurer) -> configurer.clockSkew(this.accessTokenExpiresSkew))
 				.clientCredentials(this::updateClientCredentialsProvider)
-				.password((configurer) -> configurer.clockSkew(this.accessTokenExpiresSkew)).build();
+				.password((configurer) -> configurer.clockSkew(this.accessTokenExpiresSkew))
+				.build();
+		// @formatter:on
 		if (this.authorizedClientManager instanceof UnAuthenticatedReactiveOAuth2AuthorizedClientManager) {
 			((UnAuthenticatedReactiveOAuth2AuthorizedClientManager) this.authorizedClientManager)
 					.setAuthorizedClientProvider(authorizedClientProvider);
@@ -418,9 +427,12 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements
 
 	@Override
 	public Mono<ClientResponse> filter(ClientRequest request, ExchangeFunction next) {
-		return authorizedClient(request).map((authorizedClient) -> bearer(request, authorizedClient))
+		// @formatter:off
+		return authorizedClient(request)
+				.map((authorizedClient) -> bearer(request, authorizedClient))
 				.flatMap((requestWithBearer) -> exchangeAndHandleResponse(requestWithBearer, next))
 				.switchIfEmpty(Mono.defer(() -> exchangeAndHandleResponse(request, next)));
+		// @formatter:on
 	}
 
 	private Mono<ClientResponse> exchangeAndHandleResponse(ClientRequest request, ExchangeFunction next) {
@@ -430,22 +442,30 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements
 
 	private Mono<OAuth2AuthorizedClient> authorizedClient(ClientRequest request) {
 		OAuth2AuthorizedClient authorizedClientFromAttrs = oauth2AuthorizedClient(request);
+		// @formatter:off
 		return Mono.justOrEmpty(authorizedClientFromAttrs)
-				.switchIfEmpty(
-						Mono.defer(() -> authorizeRequest(request).flatMap(this.authorizedClientManager::authorize)))
+				.switchIfEmpty(Mono.defer(() -> authorizeRequest(request)
+						.flatMap(this.authorizedClientManager::authorize))
+				)
 				.flatMap((authorizedClient) -> reauthorizeRequest(request, authorizedClient)
-						.flatMap(this.authorizedClientManager::authorize));
+						.flatMap(this.authorizedClientManager::authorize)
+				);
+		// @formatter:on
 	}
 
 	private Mono<OAuth2AuthorizeRequest> authorizeRequest(ClientRequest request) {
 		Mono<String> clientRegistrationId = effectiveClientRegistrationId(request);
 		Mono<Optional<ServerWebExchange>> serverWebExchange = effectiveServerWebExchange(request);
-		return Mono.zip(clientRegistrationId, this.currentAuthenticationMono, serverWebExchange).map((t3) -> {
-			OAuth2AuthorizeRequest.Builder builder = OAuth2AuthorizeRequest.withClientRegistrationId(t3.getT1())
-					.principal(t3.getT2());
-			t3.getT3().ifPresent((exchange) -> builder.attribute(ServerWebExchange.class.getName(), exchange));
-			return builder.build();
-		});
+		// @formatter:off
+		return Mono.zip(clientRegistrationId, this.currentAuthenticationMono, serverWebExchange)
+				.map((t3) -> {
+					OAuth2AuthorizeRequest.Builder builder = OAuth2AuthorizeRequest
+							.withClientRegistrationId(t3.getT1())
+							.principal(t3.getT2());
+					t3.getT3().ifPresent((exchange) -> builder.attribute(ServerWebExchange.class.getName(), exchange));
+					return builder.build();
+				});
+		// @formatter:on
 	}
 
 	/**
@@ -456,9 +476,11 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements
 	 * given request.
 	 */
 	private Mono<String> effectiveClientRegistrationId(ClientRequest request) {
+		// @formatter:off
 		return Mono.justOrEmpty(clientRegistrationId(request))
 				.switchIfEmpty(Mono.justOrEmpty(this.defaultClientRegistrationId))
 				.switchIfEmpty(this.clientRegistrationIdMono);
+		// @formatter:on
 	}
 
 	/**
@@ -474,24 +496,34 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements
 	 * {@link ServerWebExchange} that is active for the given request.
 	 */
 	private Mono<Optional<ServerWebExchange>> effectiveServerWebExchange(ClientRequest request) {
-		return Mono.justOrEmpty(serverWebExchange(request)).switchIfEmpty(this.currentServerWebExchangeMono)
-				.map(Optional::of).defaultIfEmpty(Optional.empty());
+		// @formatter:off
+		return Mono.justOrEmpty(serverWebExchange(request))
+				.switchIfEmpty(this.currentServerWebExchangeMono)
+				.map(Optional::of)
+				.defaultIfEmpty(Optional.empty());
+		// @formatter:on
 	}
 
 	private Mono<OAuth2AuthorizeRequest> reauthorizeRequest(ClientRequest request,
 			OAuth2AuthorizedClient authorizedClient) {
 		Mono<Optional<ServerWebExchange>> serverWebExchange = effectiveServerWebExchange(request);
-		return Mono.zip(this.currentAuthenticationMono, serverWebExchange).map((t2) -> {
-			OAuth2AuthorizeRequest.Builder builder = OAuth2AuthorizeRequest.withAuthorizedClient(authorizedClient)
-					.principal(t2.getT1());
-			t2.getT2().ifPresent((exchange) -> builder.attribute(ServerWebExchange.class.getName(), exchange));
-			return builder.build();
-		});
+		// @formatter:off
+		return Mono.zip(this.currentAuthenticationMono, serverWebExchange)
+				.map((t2) -> {
+					OAuth2AuthorizeRequest.Builder builder = OAuth2AuthorizeRequest.withAuthorizedClient(authorizedClient)
+							.principal(t2.getT1());
+					t2.getT2().ifPresent((exchange) -> builder.attribute(ServerWebExchange.class.getName(), exchange));
+					return builder.build();
+				});
+		// @formatter:on
 	}
 
 	private ClientRequest bearer(ClientRequest request, OAuth2AuthorizedClient authorizedClient) {
+		// @formatter:off
 		return ClientRequest.from(request)
-				.headers((headers) -> headers.setBearerAuth(authorizedClient.getAccessToken().getTokenValue())).build();
+				.headers((headers) -> headers.setBearerAuth(authorizedClient.getAccessToken().getTokenValue()))
+				.build();
+		// @formatter:on
 	}
 
 	/**
@@ -555,10 +587,12 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements
 			Assert.notNull(authorizeRequest, "authorizeRequest cannot be null");
 			String clientRegistrationId = authorizeRequest.getClientRegistrationId();
 			Authentication principal = authorizeRequest.getPrincipal();
+			// @formatter:off
 			return Mono.justOrEmpty(authorizeRequest.getAuthorizedClient())
 					.switchIfEmpty(loadAuthorizedClient(clientRegistrationId, principal))
 					.flatMap((authorizedClient) -> reauthorize(authorizedClient, authorizeRequest, principal))
 					.switchIfEmpty(findAndAuthorize(clientRegistrationId, principal));
+			// @formatter:on
 		}
 
 		private Mono<OAuth2AuthorizedClient> loadAuthorizedClient(String clientRegistrationId,
@@ -580,12 +614,18 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements
 		}
 
 		private Mono<OAuth2AuthorizedClient> findAndAuthorize(String clientRegistrationId, Authentication principal) {
-			return Mono.defer(() -> this.clientRegistrationRepository.findByRegistrationId(clientRegistrationId)
-					.switchIfEmpty(Mono.error(() -> new IllegalArgumentException(
-							"Could not find ClientRegistration with id '" + clientRegistrationId + "'")))
-					.flatMap((clientRegistration) -> Mono.just(OAuth2AuthorizationContext
-							.withClientRegistration(clientRegistration).principal(principal).build()))
-					.flatMap((authorizationContext) -> authorize(authorizationContext, principal)));
+			// @formatter:off
+			return Mono.defer(() ->
+					this.clientRegistrationRepository.findByRegistrationId(clientRegistrationId)
+						.switchIfEmpty(Mono.error(() ->
+								new IllegalArgumentException("Could not find ClientRegistration with id '" + clientRegistrationId + "'"))
+						)
+						.flatMap((clientRegistration) -> Mono.just(OAuth2AuthorizationContext
+							.withClientRegistration(clientRegistration).principal(principal).build())
+						)
+						.flatMap((authorizationContext) -> authorize(authorizationContext, principal))
+			);
+			// @formatter:on
 		}
 
 		/**
@@ -601,18 +641,22 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements
 		 */
 		private Mono<OAuth2AuthorizedClient> authorize(OAuth2AuthorizationContext authorizationContext,
 				Authentication principal) {
+			// @formatter:off
 			return this.authorizedClientProvider.authorize(authorizationContext)
 					// Delegates to the authorizationSuccessHandler of the successful
 					// authorization
 					.flatMap((authorizedClient) -> this.authorizationSuccessHandler
 							.onAuthorizationSuccess(authorizedClient, principal, Collections.emptyMap())
-							.thenReturn(authorizedClient))
+							.thenReturn(authorizedClient)
+					)
 					// Delegates to the authorizationFailureHandler of the failed
 					// authorization
-					.onErrorResume(OAuth2AuthorizationException.class,
-							(authorizationException) -> this.authorizationFailureHandler
+					.onErrorResume(OAuth2AuthorizationException.class, (authorizationException) ->
+							this.authorizationFailureHandler
 									.onAuthorizationFailure(authorizationException, principal, Collections.emptyMap())
-									.then(Mono.error(authorizationException)));
+									.then(Mono.error(authorizationException))
+					);
+			// @formatter:on
 		}
 
 		private void setAuthorizedClientProvider(ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider) {
@@ -653,23 +697,30 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements
 
 		@Override
 		public Mono<ClientResponse> handleResponse(ClientRequest request, Mono<ClientResponse> responseMono) {
-			return responseMono.flatMap((response) -> handleResponse(request, response).thenReturn(response))
+			// @formatter:off
+			return responseMono
+					.flatMap((response) -> handleResponse(request, response).thenReturn(response))
 					.onErrorResume(WebClientResponseException.class,
-							(e) -> handleWebClientResponseException(request, e).then(Mono.error(e)))
+							(e) -> handleWebClientResponseException(request, e).then(Mono.error(e))
+					)
 					.onErrorResume(OAuth2AuthorizationException.class,
 							(e) -> handleAuthorizationException(request, e).then(Mono.error(e)));
+			// @formatter:on
 		}
 
 		private Mono<Void> handleResponse(ClientRequest request, ClientResponse response) {
-			return Mono.justOrEmpty(resolveErrorIfPossible(response)).flatMap((oauth2Error) -> {
-				Mono<Optional<ServerWebExchange>> serverWebExchange = effectiveServerWebExchange(request);
-				Mono<String> clientRegistrationId = effectiveClientRegistrationId(request);
-				return Mono
-						.zip(ServerOAuth2AuthorizedClientExchangeFilterFunction.this.currentAuthenticationMono,
-								serverWebExchange, clientRegistrationId)
-						.flatMap((zipped) -> handleAuthorizationFailure(zipped.getT1(), zipped.getT2(),
-								new ClientAuthorizationException(oauth2Error, zipped.getT3())));
-			});
+			// @formatter:off
+			return Mono.justOrEmpty(resolveErrorIfPossible(response))
+					.flatMap((oauth2Error) -> {
+						Mono<Optional<ServerWebExchange>> serverWebExchange = effectiveServerWebExchange(request);
+						Mono<String> clientRegistrationId = effectiveClientRegistrationId(request);
+						return Mono
+								.zip(ServerOAuth2AuthorizedClientExchangeFilterFunction.this.currentAuthenticationMono,
+										serverWebExchange, clientRegistrationId)
+								.flatMap((zipped) -> handleAuthorizationFailure(zipped.getT1(), zipped.getT2(),
+										new ClientAuthorizationException(oauth2Error, zipped.getT3())));
+					});
+			// @formatter:on
 		}
 
 		private OAuth2Error resolveErrorIfPossible(ClientResponse response) {
@@ -695,13 +746,19 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements
 		}
 
 		private Map<String, String> parseAuthParameters(String wwwAuthenticateHeader) {
-			return Stream.of(wwwAuthenticateHeader).filter((header) -> !StringUtils.isEmpty(header))
+			// @formatter:off
+			return Stream.of(wwwAuthenticateHeader)
+					.filter((header) -> !StringUtils.isEmpty(header))
 					.filter((header) -> header.toLowerCase().startsWith("bearer"))
-					.map((header) -> header.substring("bearer".length())).map((header) -> header.split(","))
-					.flatMap(Stream::of).map((parameter) -> parameter.split("="))
+					.map((header) -> header.substring("bearer".length()))
+					.map((header) -> header.split(","))
+					.flatMap(Stream::of)
+					.map((parameter) -> parameter.split("="))
 					.filter((parameter) -> parameter.length > 1)
 					.collect(Collectors.toMap((parameters) -> parameters[0].trim(),
-							(parameters) -> parameters[1].trim().replace("\"", "")));
+							(parameters) -> parameters[1].trim().replace("\"", ""))
+					);
+			// @formatter:on
 		}
 
 		/**
@@ -715,15 +772,16 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements
 		 */
 		private Mono<Void> handleWebClientResponseException(ClientRequest request,
 				WebClientResponseException exception) {
-			return Mono.justOrEmpty(resolveErrorIfPossible(exception.getRawStatusCode())).flatMap((oauth2Error) -> {
-				Mono<Optional<ServerWebExchange>> serverWebExchange = effectiveServerWebExchange(request);
-				Mono<String> clientRegistrationId = effectiveClientRegistrationId(request);
-				return Mono
-						.zip(ServerOAuth2AuthorizedClientExchangeFilterFunction.this.currentAuthenticationMono,
-								serverWebExchange, clientRegistrationId)
-						.flatMap((zipped) -> handleAuthorizationFailure(zipped.getT1(), zipped.getT2(),
-								new ClientAuthorizationException(oauth2Error, zipped.getT3(), exception)));
-			});
+			return Mono.justOrEmpty(resolveErrorIfPossible(exception.getRawStatusCode()))
+					.flatMap((oauth2Error) -> {
+						Mono<Optional<ServerWebExchange>> serverWebExchange = effectiveServerWebExchange(request);
+						Mono<String> clientRegistrationId = effectiveClientRegistrationId(request);
+						return Mono
+								.zip(ServerOAuth2AuthorizedClientExchangeFilterFunction.this.currentAuthenticationMono,
+										serverWebExchange, clientRegistrationId)
+								.flatMap((zipped) -> handleAuthorizationFailure(zipped.getT1(), zipped.getT2(),
+										new ClientAuthorizationException(oauth2Error, zipped.getT3(), exception)));
+					});
 		}
 
 		/**
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunction.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunction.java
index 4fe3bf5fa3..7c470ec70f 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunction.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunction.java
@@ -262,10 +262,14 @@ public final class ServletOAuth2AuthorizedClientExchangeFilterFunction implement
 	}
 
 	private void updateDefaultAuthorizedClientManager() {
+		// @formatter:off
 		OAuth2AuthorizedClientProvider authorizedClientProvider = OAuth2AuthorizedClientProviderBuilder.builder()
-				.authorizationCode().refreshToken((configurer) -> configurer.clockSkew(this.accessTokenExpiresSkew))
+				.authorizationCode()
+				.refreshToken((configurer) -> configurer.clockSkew(this.accessTokenExpiresSkew))
 				.clientCredentials(this::updateClientCredentialsProvider)
-				.password((configurer) -> configurer.clockSkew(this.accessTokenExpiresSkew)).build();
+				.password((configurer) -> configurer.clockSkew(this.accessTokenExpiresSkew))
+				.build();
+		// @formatter:on
 		((DefaultOAuth2AuthorizedClientManager) this.authorizedClientManager)
 				.setAuthorizedClientProvider(authorizedClientProvider);
 	}
@@ -435,15 +439,21 @@ public final class ServletOAuth2AuthorizedClientExchangeFilterFunction implement
 
 	@Override
 	public Mono<ClientResponse> filter(ClientRequest request, ExchangeFunction next) {
+			// @formatter:off
 		return mergeRequestAttributesIfNecessary(request)
 				.filter((req) -> req.attribute(OAUTH2_AUTHORIZED_CLIENT_ATTR_NAME).isPresent())
 				.flatMap((req) -> reauthorizeClient(getOAuth2AuthorizedClient(req.attributes()), req))
-				.switchIfEmpty(Mono.defer(() -> mergeRequestAttributesIfNecessary(request)
-						.filter((req) -> resolveClientRegistrationId(req) != null)
-						.flatMap((req) -> authorizeClient(resolveClientRegistrationId(req), req))))
+				.switchIfEmpty(
+						Mono.defer(() ->
+							mergeRequestAttributesIfNecessary(request)
+								.filter((req) -> resolveClientRegistrationId(req) != null)
+								.flatMap((req) -> authorizeClient(resolveClientRegistrationId(req), req))
+						)
+				)
 				.map((authorizedClient) -> bearer(request, authorizedClient))
 				.flatMap((requestWithBearer) -> exchangeAndHandleResponse(requestWithBearer, next))
 				.switchIfEmpty(Mono.defer(() -> exchangeAndHandleResponse(request, next)));
+		// @formatter:on
 	}
 
 	private Mono<ClientResponse> exchangeAndHandleResponse(ClientRequest request, ExchangeFunction next) {
@@ -577,9 +587,12 @@ public final class ServletOAuth2AuthorizedClientExchangeFilterFunction implement
 	}
 
 	private ClientRequest bearer(ClientRequest request, OAuth2AuthorizedClient authorizedClient) {
+		// @formatter:off
 		return ClientRequest.from(request)
 				.headers((headers) -> headers.setBearerAuth(authorizedClient.getAccessToken().getTokenValue()))
-				.attributes(oauth2AuthorizedClient(authorizedClient)).build();
+				.attributes(oauth2AuthorizedClient(authorizedClient))
+				.build();
+		// @formatter:on
 	}
 
 	static OAuth2AuthorizedClient getOAuth2AuthorizedClient(Map<String, Object> attrs) {
@@ -664,19 +677,22 @@ public final class ServletOAuth2AuthorizedClientExchangeFilterFunction implement
 		}
 
 		private Mono<Void> handleResponse(ClientRequest request, ClientResponse response) {
-			return Mono.justOrEmpty(resolveErrorIfPossible(response)).flatMap((oauth2Error) -> {
-				Map<String, Object> attrs = request.attributes();
-				OAuth2AuthorizedClient authorizedClient = getOAuth2AuthorizedClient(attrs);
-				if (authorizedClient == null) {
-					return Mono.empty();
-				}
-				ClientAuthorizationException authorizationException = new ClientAuthorizationException(oauth2Error,
-						authorizedClient.getClientRegistration().getRegistrationId());
-				Authentication principal = createAuthentication(authorizedClient.getPrincipalName());
-				HttpServletRequest servletRequest = getRequest(attrs);
-				HttpServletResponse servletResponse = getResponse(attrs);
-				return handleAuthorizationFailure(authorizationException, principal, servletRequest, servletResponse);
-			});
+			// @formatter:off
+			return Mono.justOrEmpty(resolveErrorIfPossible(response))
+					.flatMap((oauth2Error) -> {
+						Map<String, Object> attrs = request.attributes();
+						OAuth2AuthorizedClient authorizedClient = getOAuth2AuthorizedClient(attrs);
+						if (authorizedClient == null) {
+							return Mono.empty();
+						}
+						ClientAuthorizationException authorizationException = new ClientAuthorizationException(oauth2Error,
+								authorizedClient.getClientRegistration().getRegistrationId());
+						Authentication principal = createAuthentication(authorizedClient.getPrincipalName());
+						HttpServletRequest servletRequest = getRequest(attrs);
+						HttpServletResponse servletResponse = getResponse(attrs);
+						return handleAuthorizationFailure(authorizationException, principal, servletRequest, servletResponse);
+					});
+			// @formatter:on
 		}
 
 		private OAuth2Error resolveErrorIfPossible(ClientResponse response) {
@@ -702,13 +718,18 @@ public final class ServletOAuth2AuthorizedClientExchangeFilterFunction implement
 		}
 
 		private Map<String, String> parseAuthParameters(String wwwAuthenticateHeader) {
+			// @formatter:off
 			return Stream.of(wwwAuthenticateHeader).filter((header) -> !StringUtils.isEmpty(header))
 					.filter((header) -> header.toLowerCase().startsWith("bearer"))
-					.map((header) -> header.substring("bearer".length())).map((header) -> header.split(","))
-					.flatMap(Stream::of).map((parameter) -> parameter.split("="))
+					.map((header) -> header.substring("bearer".length()))
+					.map((header) -> header.split(","))
+					.flatMap(Stream::of)
+					.map((parameter) -> parameter.split("="))
 					.filter((parameter) -> parameter.length > 1)
 					.collect(Collectors.toMap((parameters) -> parameters[0].trim(),
-							(parameters) -> parameters[1].trim().replace("\"", "")));
+							(parameters) -> parameters[1].trim().replace("\"", ""))
+					);
+			// @formatter:on
 		}
 
 		/**
@@ -776,7 +797,11 @@ public final class ServletOAuth2AuthorizedClientExchangeFilterFunction implement
 				HttpServletRequest servletRequest, HttpServletResponse servletResponse) {
 			Runnable runnable = () -> this.authorizationFailureHandler.onAuthorizationFailure(exception, principal,
 					createAttributes(servletRequest, servletResponse));
-			return Mono.fromRunnable(runnable).subscribeOn(Schedulers.boundedElastic()).then();
+			// @formatter:off
+			return Mono.fromRunnable(runnable)
+					.subscribeOn(Schedulers.boundedElastic())
+					.then();
+			// @formatter:on
 		}
 
 		private static Map<String, Object> createAttributes(HttpServletRequest servletRequest,
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/result/method/annotation/OAuth2AuthorizedClientArgumentResolver.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/result/method/annotation/OAuth2AuthorizedClientArgumentResolver.java
index eed58f7918..f828c82360 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/result/method/annotation/OAuth2AuthorizedClientArgumentResolver.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/result/method/annotation/OAuth2AuthorizedClientArgumentResolver.java
@@ -126,8 +126,11 @@ public final class OAuth2AuthorizedClientArgumentResolver implements HandlerMeth
 	}
 
 	private Mono<Authentication> currentAuthentication() {
-		return ReactiveSecurityContextHolder.getContext().map(SecurityContext::getAuthentication)
+		// @formatter:off
+		return ReactiveSecurityContextHolder.getContext()
+				.map(SecurityContext::getAuthentication)
 				.defaultIfEmpty(ANONYMOUS_USER_TOKEN);
+		// @formatter:on
 	}
 
 	private Mono<String> clientRegistrationId(Mono<Authentication> authentication) {
@@ -137,8 +140,11 @@ public final class OAuth2AuthorizedClientArgumentResolver implements HandlerMeth
 	}
 
 	private Mono<ServerWebExchange> currentServerWebExchange() {
-		return Mono.subscriberContext().filter((c) -> c.hasKey(ServerWebExchange.class))
+		// @formatter:off
+		return Mono.subscriberContext()
+				.filter((c) -> c.hasKey(ServerWebExchange.class))
 				.map((c) -> c.get(ServerWebExchange.class));
+		// @formatter:on
 	}
 
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolver.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolver.java
index e5a9e60362..a3a0169189 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolver.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolver.java
@@ -120,10 +120,15 @@ public class DefaultServerOAuth2AuthorizationRequestResolver implements ServerOA
 
 	@Override
 	public Mono<OAuth2AuthorizationRequest> resolve(ServerWebExchange exchange) {
-		return this.authorizationRequestMatcher.matches(exchange).filter((matchResult) -> matchResult.isMatch())
+		// @formatter:off
+		return this.authorizationRequestMatcher
+				.matches(exchange)
+				.filter((matchResult) -> matchResult.isMatch())
 				.map(ServerWebExchangeMatcher.MatchResult::getVariables)
-				.map((variables) -> variables.get(DEFAULT_REGISTRATION_ID_URI_VARIABLE_NAME)).cast(String.class)
+				.map((variables) -> variables.get(DEFAULT_REGISTRATION_ID_URI_VARIABLE_NAME))
+				.cast(String.class)
 				.flatMap((clientRegistrationId) -> resolve(exchange, clientRegistrationId));
+		// @formatter:on
 	}
 
 	@Override
@@ -146,8 +151,10 @@ public class DefaultServerOAuth2AuthorizationRequestResolver implements ServerOA
 	}
 
 	private Mono<ClientRegistration> findByRegistrationId(ServerWebExchange exchange, String clientRegistration) {
-		return this.clientRegistrationRepository.findByRegistrationId(clientRegistration).switchIfEmpty(Mono
-				.error(() -> new ResponseStatusException(HttpStatus.BAD_REQUEST, "Invalid client registration id")));
+		// @formatter:off
+		return this.clientRegistrationRepository.findByRegistrationId(clientRegistration)
+				.switchIfEmpty(Mono.error(() -> new ResponseStatusException(HttpStatus.BAD_REQUEST, "Invalid client registration id")));
+		// @formatter:on
 	}
 
 	private OAuth2AuthorizationRequest authorizationRequest(ServerWebExchange exchange,
@@ -156,10 +163,14 @@ public class DefaultServerOAuth2AuthorizationRequestResolver implements ServerOA
 		Map<String, Object> attributes = new HashMap<>();
 		attributes.put(OAuth2ParameterNames.REGISTRATION_ID, clientRegistration.getRegistrationId());
 		OAuth2AuthorizationRequest.Builder builder = getBuilder(clientRegistration, attributes);
+		// @formatter:off
 		builder.clientId(clientRegistration.getClientId())
 				.authorizationUri(clientRegistration.getProviderDetails().getAuthorizationUri())
-				.redirectUri(redirectUriStr).scopes(clientRegistration.getScopes())
-				.state(this.stateGenerator.generateKey()).attributes(attributes);
+				.redirectUri(redirectUriStr)
+				.scopes(clientRegistration.getScopes())
+				.state(this.stateGenerator.generateKey())
+				.attributes(attributes);
+		// @formatter:on
 
 		this.authorizationRequestCustomizer.accept(builder);
 
@@ -214,8 +225,13 @@ public class DefaultServerOAuth2AuthorizationRequestResolver implements ServerOA
 	private static String expandRedirectUri(ServerHttpRequest request, ClientRegistration clientRegistration) {
 		Map<String, String> uriVariables = new HashMap<>();
 		uriVariables.put("registrationId", clientRegistration.getRegistrationId());
+		// @formatter:off
 		UriComponents uriComponents = UriComponentsBuilder.fromUri(request.getURI())
-				.replacePath(request.getPath().contextPath().value()).replaceQuery(null).fragment(null).build();
+				.replacePath(request.getPath().contextPath().value())
+				.replaceQuery(null)
+				.fragment(null)
+				.build();
+		// @formatter:on
 		String scheme = uriComponents.getScheme();
 		uriVariables.put("baseScheme", (scheme != null) ? scheme : "");
 		String host = uriComponents.getHost();
@@ -236,8 +252,11 @@ public class DefaultServerOAuth2AuthorizationRequestResolver implements ServerOA
 			action = "login";
 		}
 		uriVariables.put("action", action);
-		return UriComponentsBuilder.fromUriString(clientRegistration.getRedirectUri()).buildAndExpand(uriVariables)
+		// @formatter:off
+		return UriComponentsBuilder.fromUriString(clientRegistration.getRedirectUri())
+				.buildAndExpand(uriVariables)
 				.toUriString();
+		// @formatter:on
 	}
 
 	/**
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationCodeGrantWebFilter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationCodeGrantWebFilter.java
index 7406bb76fe..a9659b1bde 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationCodeGrantWebFilter.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationCodeGrantWebFilter.java
@@ -202,15 +202,20 @@ public class OAuth2AuthorizationCodeGrantWebFilter implements WebFilter {
 
 	@Override
 	public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
+		// @formatter:off
 		return this.requiresAuthenticationMatcher.matches(exchange)
 				.filter(ServerWebExchangeMatcher.MatchResult::isMatch)
-				.flatMap((matchResult) -> this.authenticationConverter.convert(exchange).onErrorMap(
-						OAuth2AuthorizationException.class,
-						(ex) -> new OAuth2AuthenticationException(ex.getError(), ex.getError().toString())))
+				.flatMap((matchResult) -> this.authenticationConverter.convert(exchange)
+					.onErrorMap(OAuth2AuthorizationException.class,
+						(ex) -> new OAuth2AuthenticationException(ex.getError(), ex.getError().toString())
+					)
+				)
 				.switchIfEmpty(chain.filter(exchange).then(Mono.empty()))
 				.flatMap((token) -> authenticate(exchange, chain, token))
-				.onErrorResume(AuthenticationException.class, (e) -> this.authenticationFailureHandler
-						.onAuthenticationFailure(new WebFilterExchange(exchange, chain), e));
+				.onErrorResume(AuthenticationException.class, (e) ->
+					this.authenticationFailureHandler.onAuthenticationFailure(new WebFilterExchange(exchange, chain), e)
+				);
+		// @formatter:on
 	}
 
 	private Mono<Void> authenticate(ServerWebExchange exchange, WebFilterChain chain, Authentication token) {
@@ -230,19 +235,30 @@ public class OAuth2AuthorizationCodeGrantWebFilter implements WebFilter {
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(
 				authenticationResult.getClientRegistration(), authenticationResult.getName(),
 				authenticationResult.getAccessToken(), authenticationResult.getRefreshToken());
+		// @formatter:off
 		return this.authenticationSuccessHandler.onAuthenticationSuccess(webFilterExchange, authentication)
-				.then(ReactiveSecurityContextHolder.getContext().map(SecurityContext::getAuthentication)
-						.defaultIfEmpty(this.anonymousToken).flatMap((principal) -> this.authorizedClientRepository
-								.saveAuthorizedClient(authorizedClient, principal, webFilterExchange.getExchange())));
+				.then(ReactiveSecurityContextHolder.getContext()
+						.map(SecurityContext::getAuthentication)
+						.defaultIfEmpty(this.anonymousToken)
+						.flatMap((principal) -> this.authorizedClientRepository
+								.saveAuthorizedClient(authorizedClient, principal, webFilterExchange.getExchange())
+						)
+				);
+		// @formatter:on
 	}
 
 	private Mono<ServerWebExchangeMatcher.MatchResult> matchesAuthorizationResponse(ServerWebExchange exchange) {
-		return Mono.just(exchange).filter(
-				(exch) -> OAuth2AuthorizationResponseUtils.isAuthorizationResponse(exch.getRequest().getQueryParams()))
+		// @formatter:off
+		return Mono.just(exchange)
+				.filter((exch) ->
+						OAuth2AuthorizationResponseUtils.isAuthorizationResponse(exch.getRequest().getQueryParams())
+				)
 				.flatMap((exch) -> this.authorizationRequestRepository.loadAuthorizationRequest(exchange)
 						.flatMap((authorizationRequest) -> matchesRedirectUri(exch.getRequest().getURI(),
-								authorizationRequest.getRedirectUri())))
+								authorizationRequest.getRedirectUri()))
+				)
 				.switchIfEmpty(ServerWebExchangeMatcher.MatchResult.notMatch());
+		// @formatter:on
 	}
 
 	private static Mono<ServerWebExchangeMatcher.MatchResult> matchesRedirectUri(URI authorizationResponseUri,
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationRequestRedirectWebFilter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationRequestRedirectWebFilter.java
index f9f539d608..1b20821a56 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationRequestRedirectWebFilter.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationRequestRedirectWebFilter.java
@@ -127,12 +127,15 @@ public class OAuth2AuthorizationRequestRedirectWebFilter implements WebFilter {
 
 	@Override
 	public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
+		// @formatter:off
 		return this.authorizationRequestResolver.resolve(exchange)
 				.switchIfEmpty(chain.filter(exchange).then(Mono.empty()))
 				.onErrorResume(ClientAuthorizationRequiredException.class,
 						(ex) -> this.requestCache.saveRequest(exchange).then(
-								this.authorizationRequestResolver.resolve(exchange, ex.getClientRegistrationId())))
+								this.authorizationRequestResolver.resolve(exchange, ex.getClientRegistrationId()))
+				)
 				.flatMap((clientRegistration) -> sendRedirectForAuthorization(exchange, clientRegistration));
+		// @formatter:on
 	}
 
 	private Mono<Void> sendRedirectForAuthorization(ServerWebExchange exchange,
@@ -143,8 +146,11 @@ public class OAuth2AuthorizationRequestRedirectWebFilter implements WebFilter {
 				saveAuthorizationRequest = this.authorizationRequestRepository
 						.saveAuthorizationRequest(authorizationRequest, exchange);
 			}
+			// @formatter:off
 			URI redirectUri = UriComponentsBuilder.fromUriString(authorizationRequest.getAuthorizationRequestUri())
-					.build(true).toUri();
+					.build(true)
+					.toUri();
+			// @formatter:on
 			return saveAuthorizationRequest
 					.then(this.authorizationRedirectStrategy.sendRedirect(exchange, redirectUri));
 		});
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationResponseUtils.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationResponseUtils.java
index 1c3d3f9810..d47567026c 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationResponseUtils.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationResponseUtils.java
@@ -71,8 +71,14 @@ final class OAuth2AuthorizationResponseUtils {
 		}
 		String errorDescription = request.getFirst(OAuth2ParameterNames.ERROR_DESCRIPTION);
 		String errorUri = request.getFirst(OAuth2ParameterNames.ERROR_URI);
-		return OAuth2AuthorizationResponse.error(errorCode).redirectUri(redirectUri).errorDescription(errorDescription)
-				.errorUri(errorUri).state(state).build();
+		// @formatter:off
+		return OAuth2AuthorizationResponse.error(errorCode)
+				.redirectUri(redirectUri)
+				.errorDescription(errorDescription)
+				.errorUri(errorUri)
+				.state(state)
+				.build();
+		// @formatter:on
 	}
 
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizationCodeAuthenticationTokenConverter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizationCodeAuthenticationTokenConverter.java
index 5dd7a7ce49..b36ef33941 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizationCodeAuthenticationTokenConverter.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizationCodeAuthenticationTokenConverter.java
@@ -70,9 +70,11 @@ public class ServerOAuth2AuthorizationCodeAuthenticationTokenConverter implement
 
 	@Override
 	public Mono<Authentication> convert(ServerWebExchange serverWebExchange) {
+		// @formatter:off
 		return this.authorizationRequestRepository.removeAuthorizationRequest(serverWebExchange)
 				.switchIfEmpty(oauth2AuthorizationException(AUTHORIZATION_REQUEST_NOT_FOUND_ERROR_CODE))
 				.flatMap((authorizationRequest) -> authenticationRequest(serverWebExchange, authorizationRequest));
+		// @formatter:on
 	}
 
 	private <T> Mono<T> oauth2AuthorizationException(String errorCode) {
@@ -84,13 +86,16 @@ public class ServerOAuth2AuthorizationCodeAuthenticationTokenConverter implement
 
 	private Mono<OAuth2AuthorizationCodeAuthenticationToken> authenticationRequest(ServerWebExchange exchange,
 			OAuth2AuthorizationRequest authorizationRequest) {
-		return Mono.just(authorizationRequest).map(OAuth2AuthorizationRequest::getAttributes).flatMap((attributes) -> {
-			String id = (String) attributes.get(OAuth2ParameterNames.REGISTRATION_ID);
-			if (id == null) {
-				return oauth2AuthorizationException(CLIENT_REGISTRATION_NOT_FOUND_ERROR_CODE);
-			}
-			return this.clientRegistrationRepository.findByRegistrationId(id);
-		}).switchIfEmpty(oauth2AuthorizationException(CLIENT_REGISTRATION_NOT_FOUND_ERROR_CODE))
+		// @formatter:off
+		return Mono.just(authorizationRequest)
+				.map(OAuth2AuthorizationRequest::getAttributes).flatMap((attributes) -> {
+					String id = (String) attributes.get(OAuth2ParameterNames.REGISTRATION_ID);
+					if (id == null) {
+						return oauth2AuthorizationException(CLIENT_REGISTRATION_NOT_FOUND_ERROR_CODE);
+					}
+					return this.clientRegistrationRepository.findByRegistrationId(id);
+				})
+				.switchIfEmpty(oauth2AuthorizationException(CLIENT_REGISTRATION_NOT_FOUND_ERROR_CODE))
 				.map((clientRegistration) -> {
 					OAuth2AuthorizationResponse authorizationResponse = convertResponse(exchange);
 					OAuth2AuthorizationCodeAuthenticationToken authenticationRequest = new OAuth2AuthorizationCodeAuthenticationToken(
@@ -98,6 +103,7 @@ public class ServerOAuth2AuthorizationCodeAuthenticationTokenConverter implement
 							new OAuth2AuthorizationExchange(authorizationRequest, authorizationResponse));
 					return authenticationRequest;
 				});
+		// @formatter:on
 	}
 
 	private static OAuth2AuthorizationResponse convertResponse(ServerWebExchange exchange) {
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/WebSessionOAuth2ServerAuthorizationRequestRepository.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/WebSessionOAuth2ServerAuthorizationRequestRepository.java
index 0ed7126a85..f56953da55 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/WebSessionOAuth2ServerAuthorizationRequestRepository.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/WebSessionOAuth2ServerAuthorizationRequestRepository.java
@@ -52,19 +52,23 @@ public final class WebSessionOAuth2ServerAuthorizationRequestRepository
 		if (state == null) {
 			return Mono.empty();
 		}
+		// @formatter:off
 		return getStateToAuthorizationRequest(exchange)
 				.filter((stateToAuthorizationRequest) -> stateToAuthorizationRequest.containsKey(state))
 				.map((stateToAuthorizationRequest) -> stateToAuthorizationRequest.get(state));
+		// @formatter:on
 	}
 
 	@Override
 	public Mono<Void> saveAuthorizationRequest(OAuth2AuthorizationRequest authorizationRequest,
 			ServerWebExchange exchange) {
 		Assert.notNull(authorizationRequest, "authorizationRequest cannot be null");
+		// @formatter:off
 		return saveStateToAuthorizationRequest(exchange)
 				.doOnNext((stateToAuthorizationRequest) -> stateToAuthorizationRequest
 						.put(authorizationRequest.getState(), authorizationRequest))
 				.then();
+		// @formatter:on
 	}
 
 	@Override
@@ -73,29 +77,33 @@ public final class WebSessionOAuth2ServerAuthorizationRequestRepository
 		if (state == null) {
 			return Mono.empty();
 		}
-		return exchange.getSession().map(WebSession::getAttributes).handle((sessionAttrs, sink) -> {
-			Map<String, OAuth2AuthorizationRequest> stateToAuthzRequest = sessionAttrsMapStateToAuthorizationRequest(
-					sessionAttrs);
-			if (stateToAuthzRequest == null) {
-				sink.complete();
-				return;
-			}
-			OAuth2AuthorizationRequest removedValue = stateToAuthzRequest.remove(state);
-			if (stateToAuthzRequest.isEmpty()) {
-				sessionAttrs.remove(this.sessionAttributeName);
-			}
-			else if (removedValue != null) {
-				// gh-7327 Overwrite the existing Map to ensure the state is saved for
-				// distributed sessions
-				sessionAttrs.put(this.sessionAttributeName, stateToAuthzRequest);
-			}
-			if (removedValue == null) {
-				sink.complete();
-			}
-			else {
-				sink.next(removedValue);
-			}
-		});
+		// @formatter:off
+		return exchange.getSession()
+				.map(WebSession::getAttributes)
+				.handle((sessionAttrs, sink) -> {
+					Map<String, OAuth2AuthorizationRequest> stateToAuthzRequest = sessionAttrsMapStateToAuthorizationRequest(
+							sessionAttrs);
+					if (stateToAuthzRequest == null) {
+						sink.complete();
+						return;
+					}
+					OAuth2AuthorizationRequest removedValue = stateToAuthzRequest.remove(state);
+					if (stateToAuthzRequest.isEmpty()) {
+						sessionAttrs.remove(this.sessionAttributeName);
+					}
+					else if (removedValue != null) {
+						// gh-7327 Overwrite the existing Map to ensure the state is saved for
+						// distributed sessions
+						sessionAttrs.put(this.sessionAttributeName, stateToAuthzRequest);
+					}
+					if (removedValue == null) {
+						sink.complete();
+					}
+					else {
+						sink.next(removedValue);
+					}
+				});
+		// @formatter:on
 	}
 
 	/**
@@ -115,22 +123,28 @@ public final class WebSessionOAuth2ServerAuthorizationRequestRepository
 	private Mono<Map<String, OAuth2AuthorizationRequest>> getStateToAuthorizationRequest(ServerWebExchange exchange) {
 		Assert.notNull(exchange, "exchange cannot be null");
 
-		return getSessionAttributes(exchange).flatMap(
-				(sessionAttrs) -> Mono.justOrEmpty(this.sessionAttrsMapStateToAuthorizationRequest(sessionAttrs)));
+		// @formatter:off
+		return getSessionAttributes(exchange)
+				.flatMap((sessionAttrs) -> Mono.justOrEmpty(this.sessionAttrsMapStateToAuthorizationRequest(sessionAttrs)));
+		// @formatter:on
 	}
 
 	private Mono<Map<String, OAuth2AuthorizationRequest>> saveStateToAuthorizationRequest(ServerWebExchange exchange) {
 		Assert.notNull(exchange, "exchange cannot be null");
-		return getSessionAttributes(exchange).doOnNext((sessionAttrs) -> {
-			Object stateToAuthzRequest = sessionAttrs.get(this.sessionAttributeName);
-			if (stateToAuthzRequest == null) {
-				stateToAuthzRequest = new HashMap<String, OAuth2AuthorizationRequest>();
-			}
-			// No matter stateToAuthzRequest was in session or not, we should always put
-			// it into session again
-			// in case of redis or hazelcast session. #6215
-			sessionAttrs.put(this.sessionAttributeName, stateToAuthzRequest);
-		}).flatMap((sessionAttrs) -> Mono.justOrEmpty(this.sessionAttrsMapStateToAuthorizationRequest(sessionAttrs)));
+		// @formatter:off
+		return getSessionAttributes(exchange)
+				.doOnNext((sessionAttrs) -> {
+					Object stateToAuthzRequest = sessionAttrs.get(this.sessionAttributeName);
+					if (stateToAuthzRequest == null) {
+						stateToAuthzRequest = new HashMap<String, OAuth2AuthorizationRequest>();
+					}
+					// No matter stateToAuthzRequest was in session or not, we should always put
+					// it into session again
+					// in case of redis or hazelcast session. #6215
+					sessionAttrs.put(this.sessionAttributeName, stateToAuthzRequest);
+				})
+				.flatMap((sessionAttrs) -> Mono.justOrEmpty(this.sessionAttrsMapStateToAuthorizationRequest(sessionAttrs)));
+		// @formatter:on
 	}
 
 	private Map<String, OAuth2AuthorizationRequest> sessionAttrsMapStateToAuthorizationRequest(
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/WebSessionServerOAuth2AuthorizedClientRepository.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/WebSessionServerOAuth2AuthorizedClientRepository.java
index 040419a076..e8eb93f04c 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/WebSessionServerOAuth2AuthorizedClientRepository.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/WebSessionServerOAuth2AuthorizedClientRepository.java
@@ -50,8 +50,11 @@ public final class WebSessionServerOAuth2AuthorizedClientRepository implements S
 			Authentication principal, ServerWebExchange exchange) {
 		Assert.hasText(clientRegistrationId, "clientRegistrationId cannot be empty");
 		Assert.notNull(exchange, "exchange cannot be null");
-		return exchange.getSession().map(this::getAuthorizedClients)
+		// @formatter:off
+		return exchange.getSession()
+				.map(this::getAuthorizedClients)
 				.flatMap((clients) -> Mono.justOrEmpty((T) clients.get(clientRegistrationId)));
+		// @formatter:on
 	}
 
 	@Override
@@ -59,11 +62,15 @@ public final class WebSessionServerOAuth2AuthorizedClientRepository implements S
 			ServerWebExchange exchange) {
 		Assert.notNull(authorizedClient, "authorizedClient cannot be null");
 		Assert.notNull(exchange, "exchange cannot be null");
-		return exchange.getSession().doOnSuccess((session) -> {
-			Map<String, OAuth2AuthorizedClient> authorizedClients = getAuthorizedClients(session);
-			authorizedClients.put(authorizedClient.getClientRegistration().getRegistrationId(), authorizedClient);
-			session.getAttributes().put(this.sessionAttributeName, authorizedClients);
-		}).then(Mono.empty());
+		// @formatter:off
+		return exchange.getSession()
+				.doOnSuccess((session) -> {
+					Map<String, OAuth2AuthorizedClient> authorizedClients = getAuthorizedClients(session);
+					authorizedClients.put(authorizedClient.getClientRegistration().getRegistrationId(), authorizedClient);
+					session.getAttributes().put(this.sessionAttributeName, authorizedClients);
+				})
+				.then(Mono.empty());
+		// @formatter:on
 	}
 
 	@Override
@@ -71,16 +78,20 @@ public final class WebSessionServerOAuth2AuthorizedClientRepository implements S
 			ServerWebExchange exchange) {
 		Assert.hasText(clientRegistrationId, "clientRegistrationId cannot be empty");
 		Assert.notNull(exchange, "exchange cannot be null");
-		return exchange.getSession().doOnSuccess((session) -> {
-			Map<String, OAuth2AuthorizedClient> authorizedClients = getAuthorizedClients(session);
-			authorizedClients.remove(clientRegistrationId);
-			if (authorizedClients.isEmpty()) {
-				session.getAttributes().remove(this.sessionAttributeName);
-			}
-			else {
-				session.getAttributes().put(this.sessionAttributeName, authorizedClients);
-			}
-		}).then(Mono.empty());
+		// @formatter:off
+		return exchange.getSession()
+				.doOnSuccess((session) -> {
+					Map<String, OAuth2AuthorizedClient> authorizedClients = getAuthorizedClients(session);
+					authorizedClients.remove(clientRegistrationId);
+					if (authorizedClients.isEmpty()) {
+						session.getAttributes().remove(this.sessionAttributeName);
+					}
+					else {
+						session.getAttributes().put(this.sessionAttributeName, authorizedClients);
+					}
+				})
+				.then(Mono.empty());
+		// @formatter:on
 	}
 
 	@SuppressWarnings("unchecked")
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/authentication/OAuth2LoginAuthenticationWebFilter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/authentication/OAuth2LoginAuthenticationWebFilter.java
index 2656ec7a07..19d566bcf0 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/authentication/OAuth2LoginAuthenticationWebFilter.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/authentication/OAuth2LoginAuthenticationWebFilter.java
@@ -61,9 +61,11 @@ public class OAuth2LoginAuthenticationWebFilter extends AuthenticationWebFilter
 		OAuth2AuthenticationToken result = new OAuth2AuthenticationToken(authenticationResult.getPrincipal(),
 				authenticationResult.getAuthorities(),
 				authenticationResult.getClientRegistration().getRegistrationId());
+		// @formatter:off
 		return this.authorizedClientRepository
 				.saveAuthorizedClient(authorizedClient, authenticationResult, webFilterExchange.getExchange())
 				.then(super.onAuthenticationSuccess(result, webFilterExchange));
+		// @formatter:on
 	}
 
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizationCodeOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizationCodeOAuth2AuthorizedClientProviderTests.java
index 88e52dbf4d..e22e3d3491 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizationCodeOAuth2AuthorizedClientProviderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizationCodeOAuth2AuthorizedClientProviderTests.java
@@ -61,22 +61,31 @@ public class AuthorizationCodeOAuth2AuthorizedClientProviderTests {
 	@Test
 	public void authorizeWhenNotAuthorizationCodeThenUnableToAuthorize() {
 		ClientRegistration clientCredentialsClient = TestClientRegistrations.clientCredentials().build();
+		// @formatter:off
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
-				.withClientRegistration(clientCredentialsClient).principal(this.principal).build();
+				.withClientRegistration(clientCredentialsClient).principal(this.principal)
+				.build();
+		// @formatter:on
 		assertThat(this.authorizedClientProvider.authorize(authorizationContext)).isNull();
 	}
 
 	@Test
 	public void authorizeWhenAuthorizationCodeAndAuthorizedThenNotAuthorize() {
+		// @formatter:off
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
-				.withAuthorizedClient(this.authorizedClient).principal(this.principal).build();
+				.withAuthorizedClient(this.authorizedClient).principal(this.principal)
+				.build();
+		// @formatter:on
 		assertThat(this.authorizedClientProvider.authorize(authorizationContext)).isNull();
 	}
 
 	@Test
 	public void authorizeWhenAuthorizationCodeAndNotAuthorizedThenAuthorize() {
+		// @formatter:off
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
-				.withClientRegistration(this.clientRegistration).principal(this.principal).build();
+				.withClientRegistration(this.clientRegistration).principal(this.principal)
+				.build();
+		// @formatter:on
 		assertThatExceptionOfType(ClientAuthorizationRequiredException.class)
 				.isThrownBy(() -> this.authorizedClientProvider.authorize(authorizationContext));
 	}
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizationCodeReactiveOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizationCodeReactiveOAuth2AuthorizedClientProviderTests.java
index 8f6c25abd1..15b7d5740c 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizationCodeReactiveOAuth2AuthorizedClientProviderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizationCodeReactiveOAuth2AuthorizedClientProviderTests.java
@@ -61,22 +61,34 @@ public class AuthorizationCodeReactiveOAuth2AuthorizedClientProviderTests {
 	@Test
 	public void authorizeWhenNotAuthorizationCodeThenUnableToAuthorize() {
 		ClientRegistration clientCredentialsClient = TestClientRegistrations.clientCredentials().build();
+		// @formatter:off
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
-				.withClientRegistration(clientCredentialsClient).principal(this.principal).build();
+				.withClientRegistration(clientCredentialsClient)
+				.principal(this.principal)
+				.build();
+		// @formatter:on
 		assertThat(this.authorizedClientProvider.authorize(authorizationContext).block()).isNull();
 	}
 
 	@Test
 	public void authorizeWhenAuthorizationCodeAndAuthorizedThenNotAuthorize() {
+		// @formatter:off
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
-				.withAuthorizedClient(this.authorizedClient).principal(this.principal).build();
+				.withAuthorizedClient(this.authorizedClient)
+				.principal(this.principal)
+				.build();
+		// @formatter:on
 		assertThat(this.authorizedClientProvider.authorize(authorizationContext).block()).isNull();
 	}
 
 	@Test
 	public void authorizeWhenAuthorizationCodeAndNotAuthorizedThenAuthorize() {
+		// @formatter:off
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
-				.withClientRegistration(this.clientRegistration).principal(this.principal).build();
+				.withClientRegistration(this.clientRegistration)
+				.principal(this.principal)
+				.build();
+		// @formatter:on
 		assertThatExceptionOfType(ClientAuthorizationRequiredException.class)
 				.isThrownBy(() -> this.authorizedClientProvider.authorize(authorizationContext).block());
 	}
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceOAuth2AuthorizedClientManagerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceOAuth2AuthorizedClientManagerTests.java
index 6aa17a1365..e99ba59846 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceOAuth2AuthorizedClientManagerTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceOAuth2AuthorizedClientManagerTests.java
@@ -108,58 +108,78 @@ public class AuthorizedClientServiceOAuth2AuthorizedClientManagerTests {
 
 	@Test
 	public void constructorWhenClientRegistrationRepositoryIsNullThenThrowIllegalArgumentException() {
-		assertThatIllegalArgumentException().isThrownBy(
-				() -> new AuthorizedClientServiceOAuth2AuthorizedClientManager(null, this.authorizedClientService))
+		// @formatter:off
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new AuthorizedClientServiceOAuth2AuthorizedClientManager(null, this.authorizedClientService))
 				.withMessage("clientRegistrationRepository cannot be null");
+		// @formatter:on
 	}
 
 	@Test
 	public void constructorWhenOAuth2AuthorizedClientServiceIsNullThenThrowIllegalArgumentException() {
-		assertThatIllegalArgumentException().isThrownBy(
-				() -> new AuthorizedClientServiceOAuth2AuthorizedClientManager(this.clientRegistrationRepository, null))
+		// @formatter:off
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new AuthorizedClientServiceOAuth2AuthorizedClientManager(this.clientRegistrationRepository, null))
 				.withMessage("authorizedClientService cannot be null");
+		// @formatter:on
 	}
 
 	@Test
 	public void setAuthorizedClientProviderWhenNullThenThrowIllegalArgumentException() {
+		// @formatter:off
 		assertThatIllegalArgumentException()
 				.isThrownBy(() -> this.authorizedClientManager.setAuthorizedClientProvider(null))
 				.withMessage("authorizedClientProvider cannot be null");
+		// @formatter:on
 	}
 
 	@Test
 	public void setContextAttributesMapperWhenNullThenThrowIllegalArgumentException() {
+		// @formatter:off
 		assertThatIllegalArgumentException()
 				.isThrownBy(() -> this.authorizedClientManager.setContextAttributesMapper(null))
 				.withMessage("contextAttributesMapper cannot be null");
+		// @formatter:on
 	}
 
 	@Test
 	public void setAuthorizationSuccessHandlerWhenNullThenThrowIllegalArgumentException() {
+		// @formatter:off
 		assertThatIllegalArgumentException()
 				.isThrownBy(() -> this.authorizedClientManager.setAuthorizationSuccessHandler(null))
 				.withMessage("authorizationSuccessHandler cannot be null");
+		// @formatter:on
 	}
 
 	@Test
 	public void setAuthorizationFailureHandlerWhenNullThenThrowIllegalArgumentException() {
+		// @formatter:off
 		assertThatIllegalArgumentException()
 				.isThrownBy(() -> this.authorizedClientManager.setAuthorizationFailureHandler(null))
 				.withMessage("authorizationFailureHandler cannot be null");
+		// @formatter:on
 	}
 
 	@Test
 	public void authorizeWhenRequestIsNullThenThrowIllegalArgumentException() {
-		assertThatIllegalArgumentException().isThrownBy(() -> this.authorizedClientManager.authorize(null))
+		// @formatter:off
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.authorizedClientManager.authorize(null))
 				.withMessage("authorizeRequest cannot be null");
+		// @formatter:on
 	}
 
 	@Test
 	public void authorizeWhenClientRegistrationNotFoundThenThrowIllegalArgumentException() {
+		// @formatter:off
 		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
-				.withClientRegistrationId("invalid-registration-id").principal(this.principal).build();
-		assertThatIllegalArgumentException().isThrownBy(() -> this.authorizedClientManager.authorize(authorizeRequest))
+				.withClientRegistrationId("invalid-registration-id")
+
+				.principal(this.principal).build();
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.authorizedClientManager.authorize(authorizeRequest))
 				.withMessage("Could not find ClientRegistration with id 'invalid-registration-id'");
+		// @formatter:on
 	}
 
 	@SuppressWarnings("unchecked")
@@ -189,9 +209,12 @@ public class AuthorizedClientServiceOAuth2AuthorizedClientManagerTests {
 				.willReturn(this.clientRegistration);
 		given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
 				.willReturn(this.authorizedClient);
+		// @formatter:off
 		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
-				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
+				.withClientRegistrationId(this.clientRegistration.getRegistrationId())
+				.principal(this.principal)
 				.build();
+		// @formatter:on
 		OAuth2AuthorizedClient authorizedClient = this.authorizedClientManager.authorize(authorizeRequest);
 		verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture());
 		verify(this.contextAttributesMapper).apply(eq(authorizeRequest));
@@ -216,9 +239,12 @@ public class AuthorizedClientServiceOAuth2AuthorizedClientManagerTests {
 				this.principal.getName(), TestOAuth2AccessTokens.noScopes(), TestOAuth2RefreshTokens.refreshToken());
 		given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
 				.willReturn(reauthorizedClient);
+		// @formatter:off
 		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
-				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
+				.withClientRegistrationId(this.clientRegistration.getRegistrationId())
+				.principal(this.principal)
 				.build();
+		// @formatter:on
 		OAuth2AuthorizedClient authorizedClient = this.authorizedClientManager.authorize(authorizeRequest);
 		verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture());
 		verify(this.contextAttributesMapper).apply(eq(authorizeRequest));
@@ -324,11 +350,15 @@ public class AuthorizedClientServiceOAuth2AuthorizedClientManagerTests {
 				new OAuth2Error("non-matching-error-code", null, null), this.clientRegistration.getRegistrationId());
 		given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
 				.willThrow(authorizationException);
-		OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient)
-				.principal(this.principal).build();
+		// @formatter:off
+		OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest
+				.withAuthorizedClient(this.authorizedClient)
+				.principal(this.principal)
+				.build();
 		assertThatExceptionOfType(ClientAuthorizationException.class)
 				.isThrownBy(() -> this.authorizedClientManager.authorize(reauthorizeRequest))
 				.isEqualTo(authorizationException);
+		// @formatter:on
 		verify(this.authorizationFailureHandler).onAuthorizationFailure(eq(authorizationException), eq(this.principal),
 				any());
 		verifyNoInteractions(this.authorizedClientService);
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests.java
index 4edf481052..0ce1f0c675 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests.java
@@ -170,9 +170,12 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests {
 				.willReturn(Mono.just(this.clientRegistration));
 		given(this.authorizedClientService.loadAuthorizedClient(any(), any())).willReturn(Mono.empty());
 		given(this.authorizedClientProvider.authorize(any())).willReturn(Mono.empty());
+		// @formatter:off
 		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
-				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
+				.withClientRegistrationId(this.clientRegistration.getRegistrationId())
+				.principal(this.principal)
 				.build();
+		// @formatter:on
 		Mono<OAuth2AuthorizedClient> authorizedClient = this.authorizedClientManager.authorize(authorizeRequest);
 		StepVerifier.create(authorizedClient).verifyComplete();
 		verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture());
@@ -217,9 +220,12 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests {
 		given(this.authorizedClientService.loadAuthorizedClient(any(), any())).willReturn(Mono.empty());
 		given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
 				.willReturn(Mono.just(this.authorizedClient));
+		// @formatter:off
 		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
-				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
+				.withClientRegistrationId(this.clientRegistration.getRegistrationId())
+				.principal(this.principal)
 				.build();
+		// @formatter:on
 		PublisherProbe<Void> authorizationSuccessHandlerProbe = PublisherProbe.empty();
 		this.authorizedClientManager.setAuthorizationSuccessHandler(
 				(client, principal, attributes) -> authorizationSuccessHandlerProbe.mono());
@@ -241,9 +247,12 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests {
 		given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
 				.willReturn(Mono.just(this.clientRegistration));
 		given(this.authorizedClientService.loadAuthorizedClient(any(), any())).willReturn(Mono.empty());
+		// @formatter:off
 		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
-				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
+				.withClientRegistrationId(this.clientRegistration.getRegistrationId())
+				.principal(this.principal)
 				.build();
+		// @formatter:on
 		ClientAuthorizationException exception = new ClientAuthorizationException(
 				new OAuth2Error(OAuth2ErrorCodes.INVALID_TOKEN, null, null),
 				this.clientRegistration.getRegistrationId());
@@ -269,9 +278,12 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests {
 		given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
 				.willReturn(Mono.just(this.clientRegistration));
 		given(this.authorizedClientService.loadAuthorizedClient(any(), any())).willReturn(Mono.empty());
+		// @formatter:off
 		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
-				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
+				.withClientRegistrationId(this.clientRegistration.getRegistrationId())
+				.principal(this.principal)
 				.build();
+		// @formatter:on
 		ClientAuthorizationException exception = new ClientAuthorizationException(
 				new OAuth2Error(OAuth2ErrorCodes.INVALID_GRANT, null, null),
 				this.clientRegistration.getRegistrationId());
@@ -297,9 +309,12 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests {
 		given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
 				.willReturn(Mono.just(this.clientRegistration));
 		given(this.authorizedClientService.loadAuthorizedClient(any(), any())).willReturn(Mono.empty());
+		// @formatter:off
 		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
-				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
+				.withClientRegistrationId(this.clientRegistration.getRegistrationId())
+				.principal(this.principal)
 				.build();
+		// @formatter:on
 		ClientAuthorizationException exception = new ClientAuthorizationException(
 				new OAuth2Error(OAuth2ErrorCodes.SERVER_ERROR, null, null),
 				this.clientRegistration.getRegistrationId());
@@ -323,9 +338,12 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests {
 		given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
 				.willReturn(Mono.just(this.clientRegistration));
 		given(this.authorizedClientService.loadAuthorizedClient(any(), any())).willReturn(Mono.empty());
+		// @formatter:off
 		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
-				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
+				.withClientRegistrationId(this.clientRegistration.getRegistrationId())
+				.principal(this.principal)
 				.build();
+		// @formatter:on
 		OAuth2AuthorizationException exception = new OAuth2AuthorizationException(
 				new OAuth2Error(OAuth2ErrorCodes.INVALID_GRANT, null, null));
 		given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
@@ -348,9 +366,12 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests {
 		given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
 				.willReturn(Mono.just(this.clientRegistration));
 		given(this.authorizedClientService.loadAuthorizedClient(any(), any())).willReturn(Mono.empty());
+		// @formatter:off
 		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
-				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
+				.withClientRegistrationId(this.clientRegistration.getRegistrationId())
+				.principal(this.principal)
 				.build();
+		// @formatter:on
 		OAuth2AuthorizationException exception = new OAuth2AuthorizationException(
 				new OAuth2Error(OAuth2ErrorCodes.INVALID_GRANT, null, null));
 		given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
@@ -387,7 +408,11 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests {
 				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
 				.build();
 		Mono<OAuth2AuthorizedClient> authorizedClient = this.authorizedClientManager.authorize(authorizeRequest);
-		StepVerifier.create(authorizedClient).expectNext(reauthorizedClient).verifyComplete();
+		// @formatter:off
+		StepVerifier.create(authorizedClient)
+				.expectNext(reauthorizedClient)
+				.verifyComplete();
+		// @formatter:on
 		verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture());
 		verify(this.contextAttributesMapper).apply(eq(authorizeRequest));
 		OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue();
@@ -403,8 +428,11 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests {
 	@Test
 	public void reauthorizeWhenUnsupportedProviderThenNotReauthorized() {
 		given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))).willReturn(Mono.empty());
+		// @formatter:off
 		OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient)
-				.principal(this.principal).build();
+				.principal(this.principal)
+				.build();
+		// @formatter:on
 		Mono<OAuth2AuthorizedClient> authorizedClient = this.authorizedClientManager.authorize(reauthorizeRequest);
 		StepVerifier.create(authorizedClient).expectNext(this.authorizedClient).verifyComplete();
 		verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture());
@@ -424,8 +452,11 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests {
 				this.principal.getName(), TestOAuth2AccessTokens.noScopes(), TestOAuth2RefreshTokens.refreshToken());
 		given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
 				.willReturn(Mono.just(reauthorizedClient));
+		// @formatter:off
 		OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient)
-				.principal(this.principal).build();
+				.principal(this.principal)
+				.build();
+		// @formatter:on
 		Mono<OAuth2AuthorizedClient> authorizedClient = this.authorizedClientManager.authorize(reauthorizeRequest);
 		StepVerifier.create(authorizedClient).expectNext(reauthorizedClient).verifyComplete();
 		verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture());
@@ -451,7 +482,11 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests {
 		this.authorizedClientManager.setContextAttributesMapper(
 				new AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager.DefaultContextAttributesMapper());
 		Mono<OAuth2AuthorizedClient> authorizedClient = this.authorizedClientManager.authorize(reauthorizeRequest);
-		StepVerifier.create(authorizedClient).expectNext(reauthorizedClient).verifyComplete();
+		// @formatter:off
+		StepVerifier.create(authorizedClient)
+				.expectNext(reauthorizedClient)
+				.verifyComplete();
+		// @formatter:on
 		verify(this.authorizedClientService).saveAuthorizedClient(eq(reauthorizedClient), eq(this.principal));
 		this.saveAuthorizedClientProbe.assertWasSubscribed();
 		verify(this.authorizedClientService, never()).removeAuthorizedClient(any(), any());
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ClientCredentialsOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ClientCredentialsOAuth2AuthorizedClientProviderTests.java
index 4264a4718c..c69a285ad8 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ClientCredentialsOAuth2AuthorizedClientProviderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ClientCredentialsOAuth2AuthorizedClientProviderTests.java
@@ -65,41 +65,58 @@ public class ClientCredentialsOAuth2AuthorizedClientProviderTests {
 
 	@Test
 	public void setAccessTokenResponseClientWhenClientIsNullThenThrowIllegalArgumentException() {
+		// @formatter:off
 		assertThatIllegalArgumentException()
 				.isThrownBy(() -> this.authorizedClientProvider.setAccessTokenResponseClient(null))
 				.isInstanceOf(IllegalArgumentException.class).withMessage("accessTokenResponseClient cannot be null");
+		// @formatter:on
 	}
 
 	@Test
 	public void setClockSkewWhenNullThenThrowIllegalArgumentException() {
-		assertThatIllegalArgumentException().isThrownBy(() -> this.authorizedClientProvider.setClockSkew(null))
+		// @formatter:off
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.authorizedClientProvider.setClockSkew(null))
 				.withMessage("clockSkew cannot be null");
+		// @formatter:on
 	}
 
 	@Test
 	public void setClockSkewWhenNegativeSecondsThenThrowIllegalArgumentException() {
+		// @formatter:off
 		assertThatIllegalArgumentException()
 				.isThrownBy(() -> this.authorizedClientProvider.setClockSkew(Duration.ofSeconds(-1)))
 				.withMessage("clockSkew must be >= 0");
+		// @formatter:on
 	}
 
 	@Test
 	public void setClockWhenNullThenThrowIllegalArgumentException() {
-		assertThatIllegalArgumentException().isThrownBy(() -> this.authorizedClientProvider.setClock(null))
+		// @formatter:off
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.authorizedClientProvider.setClock(null))
 				.withMessage("clock cannot be null");
+		// @formatter:on
 	}
 
 	@Test
 	public void authorizeWhenContextIsNullThenThrowIllegalArgumentException() {
-		assertThatIllegalArgumentException().isThrownBy(() -> this.authorizedClientProvider.authorize(null))
+		// @formatter:off
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.authorizedClientProvider.authorize(null))
 				.withMessage("context cannot be null");
+		// @formatter:on
 	}
 
 	@Test
 	public void authorizeWhenNotClientCredentialsThenUnableToAuthorize() {
 		ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build();
+		// @formatter:off
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
-				.withClientRegistration(clientRegistration).principal(this.principal).build();
+				.withClientRegistration(clientRegistration)
+				.principal(this.principal)
+				.build();
+		// @formatter:on
 		assertThat(this.authorizedClientProvider.authorize(authorizationContext)).isNull();
 	}
 
@@ -107,8 +124,12 @@ public class ClientCredentialsOAuth2AuthorizedClientProviderTests {
 	public void authorizeWhenClientCredentialsAndNotAuthorizedThenAuthorize() {
 		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build();
 		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse);
+		// @formatter:off
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
-				.withClientRegistration(this.clientRegistration).principal(this.principal).build();
+				.withClientRegistration(this.clientRegistration)
+				.principal(this.principal)
+				.build();
+		// @formatter:on
 		OAuth2AuthorizedClient authorizedClient = this.authorizedClientProvider.authorize(authorizationContext);
 		assertThat(authorizedClient.getClientRegistration()).isSameAs(this.clientRegistration);
 		assertThat(authorizedClient.getPrincipalName()).isEqualTo(this.principal.getName());
@@ -125,8 +146,12 @@ public class ClientCredentialsOAuth2AuthorizedClientProviderTests {
 				this.principal.getName(), accessToken);
 		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build();
 		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse);
+		// @formatter:off
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
-				.withAuthorizedClient(authorizedClient).principal(this.principal).build();
+				.withAuthorizedClient(authorizedClient)
+				.principal(this.principal)
+				.build();
+		// @formatter:on
 		authorizedClient = this.authorizedClientProvider.authorize(authorizationContext);
 		assertThat(authorizedClient.getClientRegistration()).isSameAs(this.clientRegistration);
 		assertThat(authorizedClient.getPrincipalName()).isEqualTo(this.principal.getName());
@@ -137,8 +162,12 @@ public class ClientCredentialsOAuth2AuthorizedClientProviderTests {
 	public void authorizeWhenClientCredentialsAndTokenNotExpiredThenNotReauthorize() {
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration,
 				this.principal.getName(), TestOAuth2AccessTokens.noScopes());
+		// @formatter:off
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
-				.withAuthorizedClient(authorizedClient).principal(this.principal).build();
+				.withAuthorizedClient(authorizedClient)
+				.principal(this.principal)
+				.build();
+		// @formatter:on
 		assertThat(this.authorizedClientProvider.authorize(authorizationContext)).isNull();
 	}
 
@@ -157,8 +186,12 @@ public class ClientCredentialsOAuth2AuthorizedClientProviderTests {
 		this.authorizedClientProvider.setClockSkew(Duration.ofSeconds(90));
 		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build();
 		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse);
+		// @formatter:off
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
-				.withAuthorizedClient(authorizedClient).principal(this.principal).build();
+				.withAuthorizedClient(authorizedClient)
+				.principal(this.principal)
+				.build();
+		// @formatter:on
 		OAuth2AuthorizedClient reauthorizedClient = this.authorizedClientProvider.authorize(authorizationContext);
 		assertThat(reauthorizedClient.getClientRegistration()).isSameAs(this.clientRegistration);
 		assertThat(reauthorizedClient.getPrincipalName()).isEqualTo(this.principal.getName());
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ClientCredentialsReactiveOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ClientCredentialsReactiveOAuth2AuthorizedClientProviderTests.java
index 91ca2c2b94..2c11bb375f 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ClientCredentialsReactiveOAuth2AuthorizedClientProviderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ClientCredentialsReactiveOAuth2AuthorizedClientProviderTests.java
@@ -66,41 +66,58 @@ public class ClientCredentialsReactiveOAuth2AuthorizedClientProviderTests {
 
 	@Test
 	public void setAccessTokenResponseClientWhenClientIsNullThenThrowIllegalArgumentException() {
+		// @formatter:off
 		assertThatIllegalArgumentException()
 				.isThrownBy(() -> this.authorizedClientProvider.setAccessTokenResponseClient(null))
 				.withMessage("accessTokenResponseClient cannot be null");
+		// @formatter:on
 	}
 
 	@Test
 	public void setClockSkewWhenNullThenThrowIllegalArgumentException() {
-		assertThatIllegalArgumentException().isThrownBy(() -> this.authorizedClientProvider.setClockSkew(null))
+		// @formatter:off
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.authorizedClientProvider.setClockSkew(null))
 				.withMessage("clockSkew cannot be null");
+		// @formatter:on
 	}
 
 	@Test
 	public void setClockSkewWhenNegativeSecondsThenThrowIllegalArgumentException() {
+		// @formatter:off
 		assertThatIllegalArgumentException()
 				.isThrownBy(() -> this.authorizedClientProvider.setClockSkew(Duration.ofSeconds(-1)))
 				.withMessage("clockSkew must be >= 0");
+		// @formatter:on
 	}
 
 	@Test
 	public void setClockWhenNullThenThrowIllegalArgumentException() {
-		assertThatIllegalArgumentException().isThrownBy(() -> this.authorizedClientProvider.setClock(null))
+		// @formatter:off
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.authorizedClientProvider.setClock(null))
 				.withMessage("clock cannot be null");
+		// @formatter:on
 	}
 
 	@Test
 	public void authorizeWhenContextIsNullThenThrowIllegalArgumentException() {
-		assertThatIllegalArgumentException().isThrownBy(() -> this.authorizedClientProvider.authorize(null).block())
+		// @formatter:off
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.authorizedClientProvider.authorize(null).block())
 				.withMessage("context cannot be null");
+		// @formatter:on
 	}
 
 	@Test
 	public void authorizeWhenNotClientCredentialsThenUnableToAuthorize() {
 		ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build();
+		// @formatter:off
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
-				.withClientRegistration(clientRegistration).principal(this.principal).build();
+				.withClientRegistration(clientRegistration)
+				.principal(this.principal)
+				.build();
+		// @formatter:on
 		assertThat(this.authorizedClientProvider.authorize(authorizationContext).block()).isNull();
 	}
 
@@ -108,8 +125,12 @@ public class ClientCredentialsReactiveOAuth2AuthorizedClientProviderTests {
 	public void authorizeWhenClientCredentialsAndNotAuthorizedThenAuthorize() {
 		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build();
 		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse));
+		// @formatter:off
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
-				.withClientRegistration(this.clientRegistration).principal(this.principal).build();
+				.withClientRegistration(this.clientRegistration)
+				.principal(this.principal)
+				.build();
+		// @formatter:on
 		OAuth2AuthorizedClient authorizedClient = this.authorizedClientProvider.authorize(authorizationContext).block();
 		assertThat(authorizedClient.getClientRegistration()).isSameAs(this.clientRegistration);
 		assertThat(authorizedClient.getPrincipalName()).isEqualTo(this.principal.getName());
@@ -126,8 +147,12 @@ public class ClientCredentialsReactiveOAuth2AuthorizedClientProviderTests {
 				this.principal.getName(), accessToken);
 		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build();
 		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse));
+		// @formatter:off
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
-				.withAuthorizedClient(authorizedClient).principal(this.principal).build();
+				.withAuthorizedClient(authorizedClient)
+				.principal(this.principal)
+				.build();
+		// @formatter:on
 		authorizedClient = this.authorizedClientProvider.authorize(authorizationContext).block();
 		assertThat(authorizedClient.getClientRegistration()).isSameAs(this.clientRegistration);
 		assertThat(authorizedClient.getPrincipalName()).isEqualTo(this.principal.getName());
@@ -138,8 +163,12 @@ public class ClientCredentialsReactiveOAuth2AuthorizedClientProviderTests {
 	public void authorizeWhenClientCredentialsAndTokenNotExpiredThenNotReauthorize() {
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration,
 				this.principal.getName(), TestOAuth2AccessTokens.noScopes());
+		// @formatter:off
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
-				.withAuthorizedClient(authorizedClient).principal(this.principal).build();
+				.withAuthorizedClient(authorizedClient)
+				.principal(this.principal)
+				.build();
+		// @formatter:on
 		assertThat(this.authorizedClientProvider.authorize(authorizationContext).block()).isNull();
 	}
 
@@ -158,8 +187,12 @@ public class ClientCredentialsReactiveOAuth2AuthorizedClientProviderTests {
 		this.authorizedClientProvider.setClockSkew(Duration.ofSeconds(90));
 		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build();
 		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse));
+		// @formatter:off
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
-				.withAuthorizedClient(authorizedClient).principal(this.principal).build();
+				.withAuthorizedClient(authorizedClient)
+				.principal(this.principal)
+				.build();
+		// @formatter:on
 		OAuth2AuthorizedClient reauthorizedClient = this.authorizedClientProvider.authorize(authorizationContext)
 				.block();
 		assertThat(reauthorizedClient.getClientRegistration()).isSameAs(this.clientRegistration);
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryOAuth2AuthorizedClientServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryOAuth2AuthorizedClientServiceTests.java
index 42b141468f..6dbeffd490 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryOAuth2AuthorizedClientServiceTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryOAuth2AuthorizedClientServiceTests.java
@@ -67,9 +67,11 @@ public class InMemoryOAuth2AuthorizedClientServiceTests {
 
 	@Test
 	public void constructorWhenAuthorizedClientsIsNullThenThrowIllegalArgumentException() {
+		// @formatter:off
 		assertThatIllegalArgumentException()
 				.isThrownBy(() -> new InMemoryOAuth2AuthorizedClientService(this.clientRegistrationRepository, null))
 				.withMessage("authorizedClients cannot be empty");
+		// @formatter:on
 	}
 
 	@Test
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryReactiveOAuth2AuthorizedClientServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryReactiveOAuth2AuthorizedClientServiceTests.java
index a972dfa8e0..314aaa4fe3 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryReactiveOAuth2AuthorizedClientServiceTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryReactiveOAuth2AuthorizedClientServiceTests.java
@@ -59,13 +59,21 @@ public class InMemoryReactiveOAuth2AuthorizedClientServiceTests {
 	OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, "token", Instant.now(),
 			Instant.now().plus(Duration.ofDays(1)));
 
+	// @formatter:off
 	private ClientRegistration clientRegistration = ClientRegistration.withRegistrationId(this.clientRegistrationId)
 			.redirectUri("{baseUrl}/{action}/oauth2/code/{registrationId}")
 			.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
-			.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).scope("read:user")
+			.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
+			.scope("read:user")
 			.authorizationUri("https://github.com/login/oauth/authorize")
-			.tokenUri("https://github.com/login/oauth/access_token").userInfoUri("https://api.github.com/user")
-			.userNameAttributeName("id").clientName("GitHub").clientId("clientId").clientSecret("clientSecret").build();
+			.tokenUri("https://github.com/login/oauth/access_token")
+			.userInfoUri("https://api.github.com/user")
+			.userNameAttributeName("id")
+			.clientName("GitHub")
+			.clientId("clientId")
+			.clientSecret("clientSecret")
+			.build();
+	// @formatter:on
 
 	@Before
 	public void setup() {
@@ -83,29 +91,37 @@ public class InMemoryReactiveOAuth2AuthorizedClientServiceTests {
 	@Test
 	public void loadAuthorizedClientWhenClientRegistrationIdNullThenIllegalArgumentException() {
 		this.clientRegistrationId = null;
-		assertThatIllegalArgumentException().isThrownBy(
-				() -> this.authorizedClientService.loadAuthorizedClient(this.clientRegistrationId, this.principalName));
+		// @formatter:off
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.authorizedClientService.loadAuthorizedClient(this.clientRegistrationId, this.principalName));
+		// @formatter:on
 	}
 
 	@Test
 	public void loadAuthorizedClientWhenClientRegistrationIdEmptyThenIllegalArgumentException() {
 		this.clientRegistrationId = "";
-		assertThatIllegalArgumentException().isThrownBy(
-				() -> this.authorizedClientService.loadAuthorizedClient(this.clientRegistrationId, this.principalName));
+		// @formatter:off
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.authorizedClientService.loadAuthorizedClient(this.clientRegistrationId, this.principalName));
+		// @formatter:on
 	}
 
 	@Test
 	public void loadAuthorizedClientWhenPrincipalNameNullThenIllegalArgumentException() {
 		this.principalName = null;
-		assertThatIllegalArgumentException().isThrownBy(
-				() -> this.authorizedClientService.loadAuthorizedClient(this.clientRegistrationId, this.principalName));
+		// @formatter:off
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.authorizedClientService.loadAuthorizedClient(this.clientRegistrationId, this.principalName));
+		// @formatter:on
 	}
 
 	@Test
 	public void loadAuthorizedClientWhenPrincipalNameEmptyThenIllegalArgumentException() {
 		this.principalName = "";
-		assertThatIllegalArgumentException().isThrownBy(
-				() -> this.authorizedClientService.loadAuthorizedClient(this.clientRegistrationId, this.principalName));
+		// @formatter:off
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.authorizedClientService.loadAuthorizedClient(this.clientRegistrationId, this.principalName));
+		// @formatter:on
 	}
 
 	@Test
@@ -132,17 +148,23 @@ public class InMemoryReactiveOAuth2AuthorizedClientServiceTests {
 				.willReturn(Mono.just(this.clientRegistration));
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration,
 				this.principalName, this.accessToken);
+		// @formatter:off
 		Mono<OAuth2AuthorizedClient> saveAndLoad = this.authorizedClientService
 				.saveAuthorizedClient(authorizedClient, this.principal)
 				.then(this.authorizedClientService.loadAuthorizedClient(this.clientRegistrationId, this.principalName));
-		StepVerifier.create(saveAndLoad).expectNext(authorizedClient).verifyComplete();
+		StepVerifier.create(saveAndLoad)
+				.expectNext(authorizedClient)
+				.verifyComplete();
+		// @formatter:on
 	}
 
 	@Test
 	public void saveAuthorizedClientWhenAuthorizedClientNullThenIllegalArgumentException() {
 		OAuth2AuthorizedClient authorizedClient = null;
+		// @formatter:off
 		assertThatIllegalArgumentException()
 				.isThrownBy(() -> this.authorizedClientService.saveAuthorizedClient(authorizedClient, this.principal));
+		// @formatter:on
 	}
 
 	@Test
@@ -150,36 +172,46 @@ public class InMemoryReactiveOAuth2AuthorizedClientServiceTests {
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration,
 				this.principalName, this.accessToken);
 		this.principal = null;
+		// @formatter:off
 		assertThatIllegalArgumentException()
 				.isThrownBy(() -> this.authorizedClientService.saveAuthorizedClient(authorizedClient, this.principal));
+		// @formatter:on
 	}
 
 	@Test
 	public void removeAuthorizedClientWhenClientRegistrationIdNullThenIllegalArgumentException() {
 		this.clientRegistrationId = null;
-		assertThatIllegalArgumentException().isThrownBy(
-				() -> this.authorizedClientService.loadAuthorizedClient(this.clientRegistrationId, this.principalName));
+		// @formatter:off
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.authorizedClientService.loadAuthorizedClient(this.clientRegistrationId, this.principalName));
+		// @formatter:on
 	}
 
 	@Test
 	public void removeAuthorizedClientWhenClientRegistrationIdEmptyThenIllegalArgumentException() {
 		this.clientRegistrationId = "";
-		assertThatIllegalArgumentException().isThrownBy(
-				() -> this.authorizedClientService.loadAuthorizedClient(this.clientRegistrationId, this.principalName));
+		// @formatter:off
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.authorizedClientService.loadAuthorizedClient(this.clientRegistrationId, this.principalName));
+		// @formatter:on
 	}
 
 	@Test
 	public void removeAuthorizedClientWhenPrincipalNameNullThenIllegalArgumentException() {
 		this.principalName = null;
-		assertThatIllegalArgumentException().isThrownBy(() -> this.authorizedClientService
-				.removeAuthorizedClient(this.clientRegistrationId, this.principalName));
+		// @formatter:off
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.authorizedClientService.removeAuthorizedClient(this.clientRegistrationId, this.principalName));
+		// @formatter:on
 	}
 
 	@Test
 	public void removeAuthorizedClientWhenPrincipalNameEmptyThenIllegalArgumentException() {
 		this.principalName = "";
-		assertThatIllegalArgumentException().isThrownBy(() -> this.authorizedClientService
-				.removeAuthorizedClient(this.clientRegistrationId, this.principalName));
+		// @formatter:off
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.authorizedClientService.removeAuthorizedClient(this.clientRegistrationId, this.principalName));
+		// @formatter:on
 	}
 
 	@Test
@@ -188,10 +220,14 @@ public class InMemoryReactiveOAuth2AuthorizedClientServiceTests {
 				.willReturn(Mono.empty());
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration,
 				this.principalName, this.accessToken);
-		Mono<Void> saveAndDeleteAndLoad = this.authorizedClientService
-				.saveAuthorizedClient(authorizedClient, this.principal).then(this.authorizedClientService
-						.removeAuthorizedClient(this.clientRegistrationId, this.principalName));
-		StepVerifier.create(saveAndDeleteAndLoad).verifyComplete();
+		// @formatter:off
+		Mono<Void> saveAndDeleteAndLoad = this.authorizedClientService.saveAuthorizedClient(authorizedClient, this.principal)
+				.then(this.authorizedClientService
+						.removeAuthorizedClient(this.clientRegistrationId, this.principalName)
+				);
+		StepVerifier.create(saveAndDeleteAndLoad)
+				.verifyComplete();
+		// @formatter:on
 	}
 
 	@Test
@@ -200,12 +236,14 @@ public class InMemoryReactiveOAuth2AuthorizedClientServiceTests {
 				.willReturn(Mono.just(this.clientRegistration));
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration,
 				this.principalName, this.accessToken);
-		Mono<OAuth2AuthorizedClient> saveAndDeleteAndLoad = this.authorizedClientService
-				.saveAuthorizedClient(authorizedClient, this.principal)
+		// @formatter:off
+		Mono<OAuth2AuthorizedClient> saveAndDeleteAndLoad = this.authorizedClientService.saveAuthorizedClient(authorizedClient, this.principal)
 				.then(this.authorizedClientService.removeAuthorizedClient(this.clientRegistrationId,
 						this.principalName))
 				.then(this.authorizedClientService.loadAuthorizedClient(this.clientRegistrationId, this.principalName));
-		StepVerifier.create(saveAndDeleteAndLoad).verifyComplete();
+		StepVerifier.create(saveAndDeleteAndLoad)
+				.verifyComplete();
+		// @formatter:on
 	}
 
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/JdbcOAuth2AuthorizedClientServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/JdbcOAuth2AuthorizedClientServiceTests.java
index 684f0bd59c..cea664e166 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/JdbcOAuth2AuthorizedClientServiceTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/JdbcOAuth2AuthorizedClientServiceTests.java
@@ -104,9 +104,11 @@ public class JdbcOAuth2AuthorizedClientServiceTests {
 
 	@Test
 	public void constructorWhenJdbcOperationsIsNullThenThrowIllegalArgumentException() {
+		// @formatter:off
 		assertThatIllegalArgumentException()
 				.isThrownBy(() -> new JdbcOAuth2AuthorizedClientService(null, this.clientRegistrationRepository))
 				.withMessage("jdbcOperations cannot be null");
+		// @formatter:on
 	}
 
 	@Test
@@ -118,31 +120,39 @@ public class JdbcOAuth2AuthorizedClientServiceTests {
 
 	@Test
 	public void setAuthorizedClientRowMapperWhenNullThenThrowIllegalArgumentException() {
+		// @formatter:off
 		assertThatIllegalArgumentException()
 				.isThrownBy(() -> this.authorizedClientService.setAuthorizedClientRowMapper(null))
 				.withMessage("authorizedClientRowMapper cannot be null");
+		// @formatter:on
 	}
 
 	@Test
 	public void setAuthorizedClientParametersMapperWhenNullThenThrowIllegalArgumentException() {
+		// @formatter:off
 		assertThatIllegalArgumentException()
 				.isThrownBy(() -> this.authorizedClientService.setAuthorizedClientParametersMapper(null))
 				.withMessage("authorizedClientParametersMapper cannot be null");
+		// @formatter:on
 	}
 
 	@Test
 	public void loadAuthorizedClientWhenClientRegistrationIdIsNullThenThrowIllegalArgumentException() {
+		// @formatter:off
 		assertThatIllegalArgumentException()
 				.isThrownBy(() -> this.authorizedClientService.loadAuthorizedClient(null, "principalName"))
 				.withMessage("clientRegistrationId cannot be empty");
+		// @formatter:on
 	}
 
 	@Test
 	public void loadAuthorizedClientWhenPrincipalNameIsNullThenThrowIllegalArgumentException() {
+		// @formatter:off
 		assertThatIllegalArgumentException()
 				.isThrownBy(() -> this.authorizedClientService
 						.loadAuthorizedClient(this.clientRegistration.getRegistrationId(), null))
 				.withMessage("principalName cannot be empty");
+		// @formatter:on
 	}
 
 	@Test
@@ -351,8 +361,14 @@ public class JdbcOAuth2AuthorizedClientServiceTests {
 	}
 
 	private static EmbeddedDatabase createDb(String schema) {
-		return new EmbeddedDatabaseBuilder().generateUniqueName(true).setType(EmbeddedDatabaseType.HSQL)
-				.setScriptEncoding("UTF-8").addScript(schema).build();
+		// @formatter:off
+		return new EmbeddedDatabaseBuilder()
+				.generateUniqueName(true)
+				.setType(EmbeddedDatabaseType.HSQL)
+				.setScriptEncoding("UTF-8")
+				.addScript(schema)
+				.build();
+		// @formatter:on
 	}
 
 	private static Authentication createPrincipal() {
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizationContextTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizationContextTests.java
index b2bcab54ab..0a385dd806 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizationContextTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizationContextTests.java
@@ -73,11 +73,16 @@ public class OAuth2AuthorizationContextTests {
 
 	@Test
 	public void withAuthorizedClientWhenAllValuesProvidedThenAllValuesAreSet() {
+		// @formatter:off
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
-				.withAuthorizedClient(this.authorizedClient).principal(this.principal).attributes((attributes) -> {
+				.withAuthorizedClient(this.authorizedClient)
+				.principal(this.principal)
+				.attributes((attributes) -> {
 					attributes.put("attribute1", "value1");
 					attributes.put("attribute2", "value2");
-				}).build();
+				})
+				.build();
+		// @formatter:on
 		assertThat(authorizationContext.getClientRegistration()).isSameAs(this.clientRegistration);
 		assertThat(authorizationContext.getAuthorizedClient()).isSameAs(this.authorizedClient);
 		assertThat(authorizationContext.getPrincipal()).isSameAs(this.principal);
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientProviderBuilderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientProviderBuilderTests.java
index a9ad963963..3275de9195 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientProviderBuilderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientProviderBuilderTests.java
@@ -89,11 +89,15 @@ public class OAuth2AuthorizedClientProviderBuilderTests {
 
 	@Test
 	public void buildWhenAuthorizationCodeProviderThenProviderAuthorizes() {
+		// @formatter:off
 		OAuth2AuthorizedClientProvider authorizedClientProvider = OAuth2AuthorizedClientProviderBuilder.builder()
-				.authorizationCode().build();
-		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
-				.withClientRegistration(TestClientRegistrations.clientRegistration().build()).principal(this.principal)
+				.authorizationCode()
 				.build();
+		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
+				.withClientRegistration(TestClientRegistrations.clientRegistration().build())
+				.principal(this.principal)
+				.build();
+		// @formatter:on
 		assertThatExceptionOfType(ClientAuthorizationRequiredException.class)
 				.isThrownBy(() -> authorizedClientProvider.authorize(authorizationContext));
 	}
@@ -107,8 +111,12 @@ public class OAuth2AuthorizedClientProviderBuilderTests {
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(
 				TestClientRegistrations.clientRegistration().build(), this.principal.getName(), expiredAccessToken(),
 				TestOAuth2RefreshTokens.refreshToken());
+		// @formatter:off
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
-				.withAuthorizedClient(authorizedClient).principal(this.principal).build();
+				.withAuthorizedClient(authorizedClient)
+				.principal(this.principal)
+				.build();
+		// @formatter:on
 		OAuth2AuthorizedClient reauthorizedClient = authorizedClientProvider.authorize(authorizationContext);
 		assertThat(reauthorizedClient).isNotNull();
 		verify(this.accessTokenClient).exchange(any(RequestEntity.class), eq(OAuth2AccessTokenResponse.class));
@@ -120,9 +128,12 @@ public class OAuth2AuthorizedClientProviderBuilderTests {
 				.clientCredentials(
 						(configurer) -> configurer.accessTokenResponseClient(this.clientCredentialsTokenResponseClient))
 				.build();
+		// @formatter:off
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
-				.withClientRegistration(TestClientRegistrations.clientCredentials().build()).principal(this.principal)
+				.withClientRegistration(TestClientRegistrations.clientCredentials().build())
+				.principal(this.principal)
 				.build();
+		// @formatter:on
 		OAuth2AuthorizedClient authorizedClient = authorizedClientProvider.authorize(authorizationContext);
 		assertThat(authorizedClient).isNotNull();
 		verify(this.accessTokenClient).exchange(any(RequestEntity.class), eq(OAuth2AccessTokenResponse.class));
@@ -130,13 +141,17 @@ public class OAuth2AuthorizedClientProviderBuilderTests {
 
 	@Test
 	public void buildWhenPasswordProviderThenProviderAuthorizes() {
+		// @formatter:off
 		OAuth2AuthorizedClientProvider authorizedClientProvider = OAuth2AuthorizedClientProviderBuilder.builder()
 				.password((configurer) -> configurer.accessTokenResponseClient(this.passwordTokenResponseClient))
 				.build();
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
-				.withClientRegistration(TestClientRegistrations.password().build()).principal(this.principal)
+				.withClientRegistration(TestClientRegistrations.password().build())
+				.principal(this.principal)
 				.attribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, "username")
-				.attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, "password").build();
+				.attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, "password")
+				.build();
+		// @formatter:on
 		OAuth2AuthorizedClient authorizedClient = authorizedClientProvider.authorize(authorizationContext);
 		assertThat(authorizedClient).isNotNull();
 		verify(this.accessTokenClient).exchange(any(RequestEntity.class), eq(OAuth2AccessTokenResponse.class));
@@ -154,8 +169,12 @@ public class OAuth2AuthorizedClientProviderBuilderTests {
 				.build();
 		ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build();
 		// authorization_code
+		// @formatter:off
 		OAuth2AuthorizationContext authorizationCodeContext = OAuth2AuthorizationContext
-				.withClientRegistration(clientRegistration).principal(this.principal).build();
+				.withClientRegistration(clientRegistration)
+				.principal(this.principal)
+				.build();
+		// @formatter:on
 		assertThatExceptionOfType(ClientAuthorizationRequiredException.class)
 				.isThrownBy(() -> authorizedClientProvider.authorize(authorizationCodeContext));
 		// refresh_token
@@ -168,18 +187,25 @@ public class OAuth2AuthorizedClientProviderBuilderTests {
 		verify(this.accessTokenClient, times(1)).exchange(any(RequestEntity.class),
 				eq(OAuth2AccessTokenResponse.class));
 		// client_credentials
+		// @formatter:off
 		OAuth2AuthorizationContext clientCredentialsContext = OAuth2AuthorizationContext
-				.withClientRegistration(TestClientRegistrations.clientCredentials().build()).principal(this.principal)
+				.withClientRegistration(TestClientRegistrations.clientCredentials().build())
+				.principal(this.principal)
 				.build();
+		// @formatter:on
 		authorizedClient = authorizedClientProvider.authorize(clientCredentialsContext);
 		assertThat(authorizedClient).isNotNull();
 		verify(this.accessTokenClient, times(2)).exchange(any(RequestEntity.class),
 				eq(OAuth2AccessTokenResponse.class));
 		// password
+		// @formatter:off
 		OAuth2AuthorizationContext passwordContext = OAuth2AuthorizationContext
-				.withClientRegistration(TestClientRegistrations.password().build()).principal(this.principal)
+				.withClientRegistration(TestClientRegistrations.password().build())
+				.principal(this.principal)
 				.attribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, "username")
-				.attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, "password").build();
+				.attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, "password")
+				.build();
+		// @formatter:on
 		authorizedClient = authorizedClientProvider.authorize(passwordContext);
 		assertThat(authorizedClient).isNotNull();
 		verify(this.accessTokenClient, times(3)).exchange(any(RequestEntity.class),
@@ -189,11 +215,15 @@ public class OAuth2AuthorizedClientProviderBuilderTests {
 	@Test
 	public void buildWhenCustomProviderThenProviderCalled() {
 		OAuth2AuthorizedClientProvider customProvider = mock(OAuth2AuthorizedClientProvider.class);
+		// @formatter:off
 		OAuth2AuthorizedClientProvider authorizedClientProvider = OAuth2AuthorizedClientProviderBuilder.builder()
-				.provider(customProvider).build();
-		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
-				.withClientRegistration(TestClientRegistrations.clientRegistration().build()).principal(this.principal)
+				.provider(customProvider)
 				.build();
+		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
+				.withClientRegistration(TestClientRegistrations.clientRegistration().build())
+				.principal(this.principal)
+				.build();
+		// @formatter:on
 		authorizedClientProvider.authorize(authorizationContext);
 		verify(customProvider).authorize(any(OAuth2AuthorizationContext.class));
 	}
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/PasswordOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/PasswordOAuth2AuthorizedClientProviderTests.java
index e172c65b1c..10d375e4b6 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/PasswordOAuth2AuthorizedClientProviderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/PasswordOAuth2AuthorizedClientProviderTests.java
@@ -72,52 +72,75 @@ public class PasswordOAuth2AuthorizedClientProviderTests {
 
 	@Test
 	public void setClockSkewWhenNullThenThrowIllegalArgumentException() {
-		assertThatIllegalArgumentException().isThrownBy(() -> this.authorizedClientProvider.setClockSkew(null))
+		// @formatter:off
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.authorizedClientProvider.setClockSkew(null))
 				.withMessage("clockSkew cannot be null");
+		// @formatter:on
 	}
 
 	@Test
 	public void setClockSkewWhenNegativeSecondsThenThrowIllegalArgumentException() {
+		// @formatter:off
 		assertThatIllegalArgumentException()
 				.isThrownBy(() -> this.authorizedClientProvider.setClockSkew(Duration.ofSeconds(-1)))
 				.withMessage("clockSkew must be >= 0");
+		// @formatter:on
 	}
 
 	@Test
 	public void setClockWhenNullThenThrowIllegalArgumentException() {
-		assertThatIllegalArgumentException().isThrownBy(() -> this.authorizedClientProvider.setClock(null))
+		// @formatter:off
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.authorizedClientProvider.setClock(null))
 				.withMessage("clock cannot be null");
+		// @formatter:on
 	}
 
 	@Test
 	public void authorizeWhenContextIsNullThenThrowIllegalArgumentException() {
-		assertThatIllegalArgumentException().isThrownBy(() -> this.authorizedClientProvider.authorize(null))
+		// @formatter:off
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.authorizedClientProvider.authorize(null))
 				.withMessage("context cannot be null");
+		// @formatter:on
 	}
 
 	@Test
 	public void authorizeWhenNotPasswordThenUnableToAuthorize() {
 		ClientRegistration clientRegistration = TestClientRegistrations.clientCredentials().build();
+		// @formatter:off
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
-				.withClientRegistration(clientRegistration).principal(this.principal).build();
+				.withClientRegistration(clientRegistration)
+				.principal(this.principal)
+				.build();
+		// @formatter:on
 		assertThat(this.authorizedClientProvider.authorize(authorizationContext)).isNull();
 	}
 
 	@Test
 	public void authorizeWhenPasswordAndNotAuthorizedAndEmptyUsernameThenUnableToAuthorize() {
+		// @formatter:off
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
-				.withClientRegistration(this.clientRegistration).principal(this.principal)
+				.withClientRegistration(this.clientRegistration)
+				.principal(this.principal)
 				.attribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, null)
-				.attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, "password").build();
+				.attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, "password")
+				.build();
+		// @formatter:on
 		assertThat(this.authorizedClientProvider.authorize(authorizationContext)).isNull();
 	}
 
 	@Test
 	public void authorizeWhenPasswordAndNotAuthorizedAndEmptyPasswordThenUnableToAuthorize() {
+		// @formatter:off
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
-				.withClientRegistration(this.clientRegistration).principal(this.principal)
+				.withClientRegistration(this.clientRegistration)
+				.principal(this.principal)
 				.attribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, "username")
-				.attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, null).build();
+				.attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, null)
+				.build();
+		// @formatter:on
 		assertThat(this.authorizedClientProvider.authorize(authorizationContext)).isNull();
 	}
 
@@ -125,10 +148,14 @@ public class PasswordOAuth2AuthorizedClientProviderTests {
 	public void authorizeWhenPasswordAndNotAuthorizedThenAuthorize() {
 		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build();
 		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse);
+		// @formatter:off
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
-				.withClientRegistration(this.clientRegistration).principal(this.principal)
+				.withClientRegistration(this.clientRegistration)
+				.principal(this.principal)
 				.attribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, "username")
-				.attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, "password").build();
+				.attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, "password")
+				.build();
+		// @formatter:on
 		OAuth2AuthorizedClient authorizedClient = this.authorizedClientProvider.authorize(authorizationContext);
 		assertThat(authorizedClient.getClientRegistration()).isSameAs(this.clientRegistration);
 		assertThat(authorizedClient.getPrincipalName()).isEqualTo(this.principal.getName());
@@ -145,11 +172,14 @@ public class PasswordOAuth2AuthorizedClientProviderTests {
 				this.principal.getName(), accessToken); // without refresh token
 		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build();
 		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse);
+		// @formatter:off
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
 				.withAuthorizedClient(authorizedClient)
 				.attribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, "username")
-				.attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, "password").principal(this.principal)
+				.attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, "password")
+				.principal(this.principal)
 				.build();
+		// @formatter:on
 		authorizedClient = this.authorizedClientProvider.authorize(authorizationContext);
 		assertThat(authorizedClient.getClientRegistration()).isSameAs(this.clientRegistration);
 		assertThat(authorizedClient.getPrincipalName()).isEqualTo(this.principal.getName());
@@ -166,11 +196,14 @@ public class PasswordOAuth2AuthorizedClientProviderTests {
 				this.principal.getName(), accessToken, TestOAuth2RefreshTokens.refreshToken()); // with
 																								// refresh
 																								// token
+		// @formatter:off
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
 				.withAuthorizedClient(authorizedClient)
 				.attribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, "username")
-				.attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, "password").principal(this.principal)
+				.attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, "password")
+				.principal(this.principal)
 				.build();
+		// @formatter:on
 		assertThat(this.authorizedClientProvider.authorize(authorizationContext)).isNull();
 	}
 
@@ -190,11 +223,14 @@ public class PasswordOAuth2AuthorizedClientProviderTests {
 		this.authorizedClientProvider.setClockSkew(Duration.ofSeconds(90));
 		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build();
 		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse);
+		// @formatter:off
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
 				.withAuthorizedClient(authorizedClient)
 				.attribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, "username")
-				.attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, "password").principal(this.principal)
+				.attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, "password")
+				.principal(this.principal)
 				.build();
+		// @formatter:on
 		OAuth2AuthorizedClient reauthorizedClient = this.authorizedClientProvider.authorize(authorizationContext);
 		assertThat(reauthorizedClient.getClientRegistration()).isSameAs(this.clientRegistration);
 		assertThat(reauthorizedClient.getPrincipalName()).isEqualTo(this.principal.getName());
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/PasswordReactiveOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/PasswordReactiveOAuth2AuthorizedClientProviderTests.java
index e54dc285fc..184ce64851 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/PasswordReactiveOAuth2AuthorizedClientProviderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/PasswordReactiveOAuth2AuthorizedClientProviderTests.java
@@ -73,52 +73,75 @@ public class PasswordReactiveOAuth2AuthorizedClientProviderTests {
 
 	@Test
 	public void setClockSkewWhenNullThenThrowIllegalArgumentException() {
-		assertThatIllegalArgumentException().isThrownBy(() -> this.authorizedClientProvider.setClockSkew(null))
+		// @formatter:off
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.authorizedClientProvider.setClockSkew(null))
 				.withMessage("clockSkew cannot be null");
+		// @formatter:on
 	}
 
 	@Test
 	public void setClockSkewWhenNegativeSecondsThenThrowIllegalArgumentException() {
+		// @formatter:off
 		assertThatIllegalArgumentException()
 				.isThrownBy(() -> this.authorizedClientProvider.setClockSkew(Duration.ofSeconds(-1)))
 				.withMessage("clockSkew must be >= 0");
+		// @formatter:on
 	}
 
 	@Test
 	public void setClockWhenNullThenThrowIllegalArgumentException() {
-		assertThatIllegalArgumentException().isThrownBy(() -> this.authorizedClientProvider.setClock(null))
+		// @formatter:off
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.authorizedClientProvider.setClock(null))
 				.withMessage("clock cannot be null");
+		// @formatter:on
 	}
 
 	@Test
 	public void authorizeWhenContextIsNullThenThrowIllegalArgumentException() {
-		assertThatIllegalArgumentException().isThrownBy(() -> this.authorizedClientProvider.authorize(null).block())
+		// @formatter:off
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.authorizedClientProvider.authorize(null).block())
 				.withMessage("context cannot be null");
+		// @formatter:on
 	}
 
 	@Test
 	public void authorizeWhenNotPasswordThenUnableToAuthorize() {
 		ClientRegistration clientRegistration = TestClientRegistrations.clientCredentials().build();
+		// @formatter:off
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
-				.withClientRegistration(clientRegistration).principal(this.principal).build();
+				.withClientRegistration(clientRegistration)
+				.principal(this.principal).
+				build();
+		// @formatter:on
 		assertThat(this.authorizedClientProvider.authorize(authorizationContext).block()).isNull();
 	}
 
 	@Test
 	public void authorizeWhenPasswordAndNotAuthorizedAndEmptyUsernameThenUnableToAuthorize() {
+		// @formatter:off
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
-				.withClientRegistration(this.clientRegistration).principal(this.principal)
+				.withClientRegistration(this.clientRegistration)
+				.principal(this.principal)
 				.attribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, null)
-				.attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, "password").build();
+				.attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, "password")
+				.build();
+		// @formatter:on
 		assertThat(this.authorizedClientProvider.authorize(authorizationContext).block()).isNull();
 	}
 
 	@Test
 	public void authorizeWhenPasswordAndNotAuthorizedAndEmptyPasswordThenUnableToAuthorize() {
+		// @formatter:off
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
-				.withClientRegistration(this.clientRegistration).principal(this.principal)
+				.withClientRegistration(this.clientRegistration)
+				.principal(this.principal)
 				.attribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, "username")
-				.attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, null).build();
+				.attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, null)
+				.build();
+		// @formatter:on
 		assertThat(this.authorizedClientProvider.authorize(authorizationContext).block()).isNull();
 	}
 
@@ -126,10 +149,14 @@ public class PasswordReactiveOAuth2AuthorizedClientProviderTests {
 	public void authorizeWhenPasswordAndNotAuthorizedThenAuthorize() {
 		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build();
 		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse));
+		// @formatter:off
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
-				.withClientRegistration(this.clientRegistration).principal(this.principal)
+				.withClientRegistration(this.clientRegistration)
+				.principal(this.principal)
 				.attribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, "username")
-				.attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, "password").build();
+				.attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, "password")
+				.build();
+		// @formatter:on
 		OAuth2AuthorizedClient authorizedClient = this.authorizedClientProvider.authorize(authorizationContext).block();
 		assertThat(authorizedClient.getClientRegistration()).isSameAs(this.clientRegistration);
 		assertThat(authorizedClient.getPrincipalName()).isEqualTo(this.principal.getName());
@@ -146,11 +173,14 @@ public class PasswordReactiveOAuth2AuthorizedClientProviderTests {
 				this.principal.getName(), accessToken); // without refresh token
 		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build();
 		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse));
+		// @formatter:off
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
 				.withAuthorizedClient(authorizedClient)
 				.attribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, "username")
-				.attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, "password").principal(this.principal)
+				.attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, "password")
+				.principal(this.principal)
 				.build();
+		// @formatter:on
 		authorizedClient = this.authorizedClientProvider.authorize(authorizationContext).block();
 		assertThat(authorizedClient.getClientRegistration()).isSameAs(this.clientRegistration);
 		assertThat(authorizedClient.getPrincipalName()).isEqualTo(this.principal.getName());
@@ -167,11 +197,14 @@ public class PasswordReactiveOAuth2AuthorizedClientProviderTests {
 				this.principal.getName(), accessToken, TestOAuth2RefreshTokens.refreshToken()); // with
 																								// refresh
 																								// token
+		// @formatter:off
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
 				.withAuthorizedClient(authorizedClient)
 				.attribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, "username")
-				.attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, "password").principal(this.principal)
+				.attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, "password")
+				.principal(this.principal)
 				.build();
+		// @formatter:on
 		assertThat(this.authorizedClientProvider.authorize(authorizationContext).block()).isNull();
 	}
 
@@ -191,11 +224,14 @@ public class PasswordReactiveOAuth2AuthorizedClientProviderTests {
 		this.authorizedClientProvider.setClockSkew(Duration.ofSeconds(90));
 		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build();
 		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse));
+		// @formatter:off
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
 				.withAuthorizedClient(authorizedClient)
 				.attribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, "username")
-				.attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, "password").principal(this.principal)
+				.attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, "password")
+				.principal(this.principal)
 				.build();
+		// @formatter:on
 		OAuth2AuthorizedClient reauthorizedClient = this.authorizedClientProvider.authorize(authorizationContext)
 				.block();
 		assertThat(reauthorizedClient.getClientRegistration()).isSameAs(this.clientRegistration);
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientProviderBuilderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientProviderBuilderTests.java
index b555ffc3e3..71280097c5 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientProviderBuilderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientProviderBuilderTests.java
@@ -80,10 +80,16 @@ public class ReactiveOAuth2AuthorizedClientProviderBuilderTests {
 
 	@Test
 	public void buildWhenAuthorizationCodeProviderThenProviderAuthorizes() {
+		// @formatter:off
 		ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider = ReactiveOAuth2AuthorizedClientProviderBuilder
-				.builder().authorizationCode().build();
+				.builder()
+				.authorizationCode()
+				.build();
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
-				.withClientRegistration(this.clientRegistrationBuilder.build()).principal(this.principal).build();
+				.withClientRegistration(this.clientRegistrationBuilder.build())
+				.principal(this.principal)
+				.build();
+		// @formatter:on
 		assertThatExceptionOfType(ClientAuthorizationRequiredException.class)
 				.isThrownBy(() -> authorizedClientProvider.authorize(authorizationContext).block());
 	}
@@ -93,12 +99,20 @@ public class ReactiveOAuth2AuthorizedClientProviderBuilderTests {
 		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
 				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
+		// @formatter:off
 		ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider = ReactiveOAuth2AuthorizedClientProviderBuilder
-				.builder().refreshToken().build();
+				.builder()
+				.refreshToken()
+				.build();
+		// @formatter:on
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistrationBuilder.build(),
 				this.principal.getName(), expiredAccessToken(), TestOAuth2RefreshTokens.refreshToken());
+		// @formatter:off
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
-				.withAuthorizedClient(authorizedClient).principal(this.principal).build();
+				.withAuthorizedClient(authorizedClient)
+				.principal(this.principal)
+				.build();
+		// @formatter:on
 		OAuth2AuthorizedClient reauthorizedClient = authorizedClientProvider.authorize(authorizationContext).block();
 		assertThat(reauthorizedClient).isNotNull();
 		assertThat(this.server.getRequestCount()).isEqualTo(1);
@@ -112,12 +126,17 @@ public class ReactiveOAuth2AuthorizedClientProviderBuilderTests {
 		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
 				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\"\n" + "}\n";
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
+		// @formatter:off
 		ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider = ReactiveOAuth2AuthorizedClientProviderBuilder
-				.builder().clientCredentials().build();
+				.builder()
+				.clientCredentials()
+				.build();
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
 				.withClientRegistration(this.clientRegistrationBuilder
 						.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS).build())
-				.principal(this.principal).build();
+				.principal(this.principal)
+				.build();
+		// @formatter:on
 		OAuth2AuthorizedClient authorizedClient = authorizedClientProvider.authorize(authorizationContext).block();
 		assertThat(authorizedClient).isNotNull();
 		assertThat(this.server.getRequestCount()).isEqualTo(1);
@@ -133,12 +152,17 @@ public class ReactiveOAuth2AuthorizedClientProviderBuilderTests {
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
 		ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider = ReactiveOAuth2AuthorizedClientProviderBuilder
 				.builder().password().build();
+		// @formatter:off
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
 				.withClientRegistration(
 						this.clientRegistrationBuilder.authorizationGrantType(AuthorizationGrantType.PASSWORD).build())
-				.principal(this.principal).attribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, "username")
-				.attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, "password").build();
-		OAuth2AuthorizedClient authorizedClient = authorizedClientProvider.authorize(authorizationContext).block();
+				.principal(this.principal)
+				.attribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, "username")
+				.attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, "password")
+				.build();
+		OAuth2AuthorizedClient authorizedClient = authorizedClientProvider.authorize(authorizationContext)
+				.block();
+		// @formatter:on
 		assertThat(authorizedClient).isNotNull();
 		assertThat(this.server.getRequestCount()).isEqualTo(1);
 		RecordedRequest recordedRequest = this.server.takeRequest();
@@ -156,8 +180,12 @@ public class ReactiveOAuth2AuthorizedClientProviderBuilderTests {
 		ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider = ReactiveOAuth2AuthorizedClientProviderBuilder
 				.builder().authorizationCode().refreshToken().clientCredentials().password().build();
 		// authorization_code
+		// @formatter:off
 		OAuth2AuthorizationContext authorizationCodeContext = OAuth2AuthorizationContext
-				.withClientRegistration(this.clientRegistrationBuilder.build()).principal(this.principal).build();
+				.withClientRegistration(this.clientRegistrationBuilder.build())
+				.principal(this.principal)
+				.build();
+		// @formatter:on
 		assertThatExceptionOfType(ClientAuthorizationRequiredException.class)
 				.isThrownBy(() -> authorizedClientProvider.authorize(authorizationCodeContext).block());
 		// refresh_token
@@ -172,10 +200,13 @@ public class ReactiveOAuth2AuthorizedClientProviderBuilderTests {
 		String formParameters = recordedRequest.getBody().readUtf8();
 		assertThat(formParameters).contains("grant_type=refresh_token");
 		// client_credentials
+		// @formatter:off
 		OAuth2AuthorizationContext clientCredentialsContext = OAuth2AuthorizationContext
 				.withClientRegistration(this.clientRegistrationBuilder
 						.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS).build())
-				.principal(this.principal).build();
+				.principal(this.principal)
+				.build();
+		// @formatter:on
 		authorizedClient = authorizedClientProvider.authorize(clientCredentialsContext).block();
 		assertThat(authorizedClient).isNotNull();
 		assertThat(this.server.getRequestCount()).isEqualTo(2);
@@ -183,11 +214,15 @@ public class ReactiveOAuth2AuthorizedClientProviderBuilderTests {
 		formParameters = recordedRequest.getBody().readUtf8();
 		assertThat(formParameters).contains("grant_type=client_credentials");
 		// password
+		// @formatter:off
 		OAuth2AuthorizationContext passwordContext = OAuth2AuthorizationContext
 				.withClientRegistration(
 						this.clientRegistrationBuilder.authorizationGrantType(AuthorizationGrantType.PASSWORD).build())
-				.principal(this.principal).attribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, "username")
-				.attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, "password").build();
+				.principal(this.principal)
+				.attribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, "username")
+				.attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, "password")
+				.build();
+		// @formatter:on
 		authorizedClient = authorizedClientProvider.authorize(passwordContext).block();
 		assertThat(authorizedClient).isNotNull();
 		assertThat(this.server.getRequestCount()).isEqualTo(3);
@@ -200,10 +235,16 @@ public class ReactiveOAuth2AuthorizedClientProviderBuilderTests {
 	public void buildWhenCustomProviderThenProviderCalled() {
 		ReactiveOAuth2AuthorizedClientProvider customProvider = mock(ReactiveOAuth2AuthorizedClientProvider.class);
 		given(customProvider.authorize(any())).willReturn(Mono.empty());
+		// @formatter:off
 		ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider = ReactiveOAuth2AuthorizedClientProviderBuilder
-				.builder().provider(customProvider).build();
+				.builder()
+				.provider(customProvider)
+				.build();
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
-				.withClientRegistration(this.clientRegistrationBuilder.build()).principal(this.principal).build();
+				.withClientRegistration(this.clientRegistrationBuilder.build())
+				.principal(this.principal)
+				.build();
+		// @formatter:on
 		authorizedClientProvider.authorize(authorizationContext).block();
 		verify(customProvider).authorize(any(OAuth2AuthorizationContext.class));
 	}
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/RefreshTokenOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/RefreshTokenOAuth2AuthorizedClientProviderTests.java
index 8451e115cb..e1a63fc2d2 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/RefreshTokenOAuth2AuthorizedClientProviderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/RefreshTokenOAuth2AuthorizedClientProviderTests.java
@@ -78,40 +78,57 @@ public class RefreshTokenOAuth2AuthorizedClientProviderTests {
 
 	@Test
 	public void setAccessTokenResponseClientWhenClientIsNullThenThrowIllegalArgumentException() {
+		// @formatter:off
 		assertThatIllegalArgumentException()
 				.isThrownBy(() -> this.authorizedClientProvider.setAccessTokenResponseClient(null))
 				.withMessage("accessTokenResponseClient cannot be null");
+		// @formatter:on
 	}
 
 	@Test
 	public void setClockSkewWhenNullThenThrowIllegalArgumentException() {
-		assertThatIllegalArgumentException().isThrownBy(() -> this.authorizedClientProvider.setClockSkew(null))
+		// @formatter:off
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.authorizedClientProvider.setClockSkew(null))
 				.withMessage("clockSkew cannot be null");
+		// @formatter:on
 	}
 
 	@Test
 	public void setClockSkewWhenNegativeSecondsThenThrowIllegalArgumentException() {
+		// @formatter:off
 		assertThatIllegalArgumentException()
 				.isThrownBy(() -> this.authorizedClientProvider.setClockSkew(Duration.ofSeconds(-1)))
 				.withMessage("clockSkew must be >= 0");
+		// @formatter:on
 	}
 
 	@Test
 	public void setClockWhenNullThenThrowIllegalArgumentException() {
-		assertThatIllegalArgumentException().isThrownBy(() -> this.authorizedClientProvider.setClock(null))
+		// @formatter:off
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.authorizedClientProvider.setClock(null))
 				.withMessage("clock cannot be null");
+		// @formatter:on
 	}
 
 	@Test
 	public void authorizeWhenContextIsNullThenThrowIllegalArgumentException() {
-		assertThatIllegalArgumentException().isThrownBy(() -> this.authorizedClientProvider.authorize(null))
+		// @formatter:off
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.authorizedClientProvider.authorize(null))
 				.withMessage("context cannot be null");
+		// @formatter:on
 	}
 
 	@Test
 	public void authorizeWhenNotAuthorizedThenUnableToReauthorize() {
+		// @formatter:off
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
-				.withClientRegistration(this.clientRegistration).principal(this.principal).build();
+				.withClientRegistration(this.clientRegistration)
+				.principal(this.principal)
+				.build();
+		// @formatter:on
 		assertThat(this.authorizedClientProvider.authorize(authorizationContext)).isNull();
 	}
 
@@ -119,8 +136,12 @@ public class RefreshTokenOAuth2AuthorizedClientProviderTests {
 	public void authorizeWhenAuthorizedAndRefreshTokenIsNullThenUnableToReauthorize() {
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration,
 				this.principal.getName(), this.authorizedClient.getAccessToken());
+		// @formatter:off
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
-				.withAuthorizedClient(authorizedClient).principal(this.principal).build();
+				.withAuthorizedClient(authorizedClient)
+				.principal(this.principal)
+				.build();
+		// @formatter:on
 		assertThat(this.authorizedClientProvider.authorize(authorizationContext)).isNull();
 	}
 
@@ -128,8 +149,12 @@ public class RefreshTokenOAuth2AuthorizedClientProviderTests {
 	public void authorizeWhenAuthorizedAndAccessTokenNotExpiredThenNotReauthorize() {
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration,
 				this.principal.getName(), TestOAuth2AccessTokens.noScopes(), this.authorizedClient.getRefreshToken());
+		// @formatter:off
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
-				.withAuthorizedClient(authorizedClient).principal(this.principal).build();
+				.withAuthorizedClient(authorizedClient)
+				.principal(this.principal)
+				.build();
+		// @formatter:on
 		assertThat(this.authorizedClientProvider.authorize(authorizationContext)).isNull();
 	}
 
@@ -149,8 +174,12 @@ public class RefreshTokenOAuth2AuthorizedClientProviderTests {
 		// Shorten the lifespan of the access token by 90 seconds, which will ultimately
 		// force it to expire on the client
 		this.authorizedClientProvider.setClockSkew(Duration.ofSeconds(90));
+		// @formatter:off
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
-				.withAuthorizedClient(authorizedClient).principal(this.principal).build();
+				.withAuthorizedClient(authorizedClient)
+				.principal(this.principal)
+				.build();
+		// @formatter:on
 		OAuth2AuthorizedClient reauthorizedClient = this.authorizedClientProvider.authorize(authorizationContext);
 		assertThat(reauthorizedClient.getClientRegistration()).isSameAs(this.clientRegistration);
 		assertThat(reauthorizedClient.getPrincipalName()).isEqualTo(this.principal.getName());
@@ -160,11 +189,19 @@ public class RefreshTokenOAuth2AuthorizedClientProviderTests {
 
 	@Test
 	public void authorizeWhenAuthorizedAndAccessTokenExpiredThenReauthorize() {
-		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse()
-				.refreshToken("new-refresh-token").build();
+		// @formatter:off
+		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses
+				.accessTokenResponse()
+				.refreshToken("new-refresh-token")
+				.build();
+		// @formatter:on
 		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse);
+		// @formatter:off
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
-				.withAuthorizedClient(this.authorizedClient).principal(this.principal).build();
+				.withAuthorizedClient(this.authorizedClient)
+				.principal(this.principal)
+				.build();
+		// @formatter:on
 		OAuth2AuthorizedClient reauthorizedClient = this.authorizedClientProvider.authorize(authorizationContext);
 		assertThat(reauthorizedClient.getClientRegistration()).isSameAs(this.clientRegistration);
 		assertThat(reauthorizedClient.getPrincipalName()).isEqualTo(this.principal.getName());
@@ -174,13 +211,21 @@ public class RefreshTokenOAuth2AuthorizedClientProviderTests {
 
 	@Test
 	public void authorizeWhenAuthorizedAndRequestScopeProvidedThenScopeRequested() {
-		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse()
-				.refreshToken("new-refresh-token").build();
+		// @formatter:off
+		OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses
+				.accessTokenResponse()
+				.refreshToken("new-refresh-token")
+				.build();
+		// @formatter:on
 		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse);
 		String[] requestScope = new String[] { "read", "write" };
+		// @formatter:off
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
-				.withAuthorizedClient(this.authorizedClient).principal(this.principal)
-				.attribute(OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME, requestScope).build();
+				.withAuthorizedClient(this.authorizedClient)
+				.principal(this.principal)
+				.attribute(OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME, requestScope)
+				.build();
+		// @formatter:on
 		this.authorizedClientProvider.authorize(authorizationContext);
 		ArgumentCaptor<OAuth2RefreshTokenGrantRequest> refreshTokenGrantRequestArgCaptor = ArgumentCaptor
 				.forClass(OAuth2RefreshTokenGrantRequest.class);
@@ -192,9 +237,13 @@ public class RefreshTokenOAuth2AuthorizedClientProviderTests {
 	@Test
 	public void authorizeWhenAuthorizedAndInvalidRequestScopeProvidedThenThrowIllegalArgumentException() {
 		String invalidRequestScope = "read write";
+		// @formatter:off
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
-				.withAuthorizedClient(this.authorizedClient).principal(this.principal)
-				.attribute(OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME, invalidRequestScope).build();
+				.withAuthorizedClient(this.authorizedClient)
+				.principal(this.principal)
+				.attribute(OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME, invalidRequestScope)
+				.build();
+		// @formatter:on
 		assertThatIllegalArgumentException()
 				.isThrownBy(() -> this.authorizedClientProvider.authorize(authorizationContext))
 				.withMessageStartingWith("The context attribute must be of type String[] '"
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/RefreshTokenReactiveOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/RefreshTokenReactiveOAuth2AuthorizedClientProviderTests.java
index 3b62858747..504c9eac2e 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/RefreshTokenReactiveOAuth2AuthorizedClientProviderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/RefreshTokenReactiveOAuth2AuthorizedClientProviderTests.java
@@ -86,33 +86,48 @@ public class RefreshTokenReactiveOAuth2AuthorizedClientProviderTests {
 
 	@Test
 	public void setClockSkewWhenNullThenThrowIllegalArgumentException() {
-		assertThatIllegalArgumentException().isThrownBy(() -> this.authorizedClientProvider.setClockSkew(null))
+		// @formatter:off
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.authorizedClientProvider.setClockSkew(null))
 				.withMessage("clockSkew cannot be null");
+		// @formatter:on
 	}
 
 	@Test
 	public void setClockSkewWhenNegativeSecondsThenThrowIllegalArgumentException() {
+		// @formatter:off
 		assertThatIllegalArgumentException()
 				.isThrownBy(() -> this.authorizedClientProvider.setClockSkew(Duration.ofSeconds(-1)))
 				.withMessage("clockSkew must be >= 0");
+		// @formatter:on
 	}
 
 	@Test
 	public void setClockWhenNullThenThrowIllegalArgumentException() {
-		assertThatIllegalArgumentException().isThrownBy(() -> this.authorizedClientProvider.setClock(null))
+		// @formatter:off
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.authorizedClientProvider.setClock(null))
 				.withMessage("clock cannot be null");
+		// @formatter:on
 	}
 
 	@Test
 	public void authorizeWhenContextIsNullThenThrowIllegalArgumentException() {
-		assertThatIllegalArgumentException().isThrownBy(() -> this.authorizedClientProvider.authorize(null).block())
+		// @formatter:off
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.authorizedClientProvider.authorize(null).block())
 				.withMessage("context cannot be null");
+		// @formatter:on
 	}
 
 	@Test
 	public void authorizeWhenNotAuthorizedThenUnableToReauthorize() {
+		// @formatter:off
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
-				.withClientRegistration(this.clientRegistration).principal(this.principal).build();
+				.withClientRegistration(this.clientRegistration)
+				.principal(this.principal)
+				.build();
+		// @formatter:on
 		assertThat(this.authorizedClientProvider.authorize(authorizationContext).block()).isNull();
 	}
 
@@ -120,8 +135,12 @@ public class RefreshTokenReactiveOAuth2AuthorizedClientProviderTests {
 	public void authorizeWhenAuthorizedAndRefreshTokenIsNullThenUnableToReauthorize() {
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration,
 				this.principal.getName(), this.authorizedClient.getAccessToken());
+		// @formatter:off
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
-				.withAuthorizedClient(authorizedClient).principal(this.principal).build();
+				.withAuthorizedClient(authorizedClient)
+				.principal(this.principal)
+				.build();
+		// @formatter:on
 		assertThat(this.authorizedClientProvider.authorize(authorizationContext).block()).isNull();
 	}
 
@@ -129,8 +148,12 @@ public class RefreshTokenReactiveOAuth2AuthorizedClientProviderTests {
 	public void authorizeWhenAuthorizedAndAccessTokenNotExpiredThenNotReauthorize() {
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration,
 				this.principal.getName(), TestOAuth2AccessTokens.noScopes(), this.authorizedClient.getRefreshToken());
+		// @formatter:off
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
-				.withAuthorizedClient(authorizedClient).principal(this.principal).build();
+				.withAuthorizedClient(authorizedClient)
+				.principal(this.principal)
+				.build();
+		// @formatter:on
 		assertThat(this.authorizedClientProvider.authorize(authorizationContext).block()).isNull();
 	}
 
@@ -181,9 +204,13 @@ public class RefreshTokenReactiveOAuth2AuthorizedClientProviderTests {
 				.refreshToken("new-refresh-token").build();
 		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse));
 		String[] requestScope = new String[] { "read", "write" };
+		// @formatter:off
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
-				.withAuthorizedClient(this.authorizedClient).principal(this.principal)
-				.attribute(OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME, requestScope).build();
+				.withAuthorizedClient(this.authorizedClient)
+				.principal(this.principal)
+				.attribute(OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME, requestScope)
+				.build();
+		// @formatter:on
 		this.authorizedClientProvider.authorize(authorizationContext).block();
 		ArgumentCaptor<OAuth2RefreshTokenGrantRequest> refreshTokenGrantRequestArgCaptor = ArgumentCaptor
 				.forClass(OAuth2RefreshTokenGrantRequest.class);
@@ -195,9 +222,13 @@ public class RefreshTokenReactiveOAuth2AuthorizedClientProviderTests {
 	@Test
 	public void authorizeWhenAuthorizedAndInvalidRequestScopeProvidedThenThrowIllegalArgumentException() {
 		String invalidRequestScope = "read write";
+		// @formatter:off
 		OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext
-				.withAuthorizedClient(this.authorizedClient).principal(this.principal)
-				.attribute(OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME, invalidRequestScope).build();
+				.withAuthorizedClient(this.authorizedClient)
+				.principal(this.principal)
+				.attribute(OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME, invalidRequestScope)
+				.build();
+		// @formatter:on
 		assertThatIllegalArgumentException()
 				.isThrownBy(() -> this.authorizedClientProvider.authorize(authorizationContext).block())
 				.withMessageStartingWith("The context attribute must be of type String[] '"
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProviderTests.java
index 9d25859dfa..cbe7c6b05c 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProviderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProviderTests.java
@@ -214,9 +214,15 @@ public class OAuth2LoginAuthenticationProviderTests {
 		Map<String, Object> additionalParameters = new HashMap<>();
 		additionalParameters.put("param1", "value1");
 		additionalParameters.put("param2", "value2");
-		return OAuth2AccessTokenResponse.withToken("access-token-1234").tokenType(OAuth2AccessToken.TokenType.BEARER)
-				.expiresIn(expiresAt.getEpochSecond()).scopes(scopes).refreshToken("refresh-token-1234")
-				.additionalParameters(additionalParameters).build();
+		// @formatter:off
+		return OAuth2AccessTokenResponse.withToken("access-token-1234")
+				.tokenType(OAuth2AccessToken.TokenType.BEARER)
+				.expiresIn(expiresAt.getEpochSecond())
+				.scopes(scopes)
+				.refreshToken("refresh-token-1234")
+				.additionalParameters(additionalParameters)
+				.build();
+		// @formatter:on
 	}
 
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginReactiveAuthenticationManagerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginReactiveAuthenticationManagerTests.java
index d6e5acd127..06eb250723 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginReactiveAuthenticationManagerTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginReactiveAuthenticationManagerTests.java
@@ -124,7 +124,11 @@ public class OAuth2LoginReactiveAuthenticationManagerTests {
 
 	@Test
 	public void authenticationWhenErrorThenOAuth2AuthenticationException() {
-		this.authorizationResponseBldr = OAuth2AuthorizationResponse.error("error").state("state");
+		// @formatter:off
+		this.authorizationResponseBldr = OAuth2AuthorizationResponse
+				.error("error")
+				.state("state");
+		// @formatter:on
 		assertThatExceptionOfType(OAuth2AuthenticationException.class)
 				.isThrownBy(() -> this.manager.authenticate(loginToken()).block());
 	}
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultAuthorizationCodeTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultAuthorizationCodeTokenResponseClientTests.java
index 70d488ae33..5ec5c031c2 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultAuthorizationCodeTokenResponseClientTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultAuthorizationCodeTokenResponseClientTests.java
@@ -60,12 +60,22 @@ public class DefaultAuthorizationCodeTokenResponseClientTests {
 		this.server = new MockWebServer();
 		this.server.start();
 		String tokenUri = this.server.url("/oauth2/token").toString();
-		this.clientRegistration = ClientRegistration.withRegistrationId("registration-1").clientId("client-1")
-				.clientSecret("secret").clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
+		// @formatter:off
+		this.clientRegistration = ClientRegistration
+				.withRegistrationId("registration-1")
+				.clientId("client-1")
+				.clientSecret("secret")
+				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
 				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
-				.redirectUri("https://client.com/callback/client-1").scope("read", "write")
-				.authorizationUri("https://provider.com/oauth2/authorize").tokenUri(tokenUri)
-				.userInfoUri("https://provider.com/user").userNameAttributeName("id").clientName("client-1").build();
+				.redirectUri("https://client.com/callback/client-1")
+				.scope("read", "write")
+				.authorizationUri("https://provider.com/oauth2/authorize")
+				.tokenUri(tokenUri)
+				.userInfoUri("https://provider.com/user")
+				.userNameAttributeName("id")
+				.clientName("client-1")
+				.build();
+		// @formatter:on
 	}
 
 	@After
@@ -90,11 +100,17 @@ public class DefaultAuthorizationCodeTokenResponseClientTests {
 
 	@Test
 	public void getTokenResponseWhenSuccessResponseThenReturnAccessTokenResponse() throws Exception {
-		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
-				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\",\n"
-				+ "   \"scope\": \"read write\",\n" + "   \"refresh_token\": \"refresh-token-1234\",\n"
-				+ "   \"custom_parameter_1\": \"custom-value-1\",\n" + "   \"custom_parameter_2\": \"custom-value-2\"\n"
-				+ "}\n";
+		// @formatter:off
+		String accessTokenSuccessResponse = "{\n"
+			+ "	\"access_token\": \"access-token-1234\",\n"
+			+ "   \"token_type\": \"bearer\",\n"
+			+ "   \"expires_in\": \"3600\",\n"
+			+ "   \"scope\": \"read write\",\n"
+			+ "   \"refresh_token\": \"refresh-token-1234\",\n"
+			+ "   \"custom_parameter_1\": \"custom-value-1\",\n"
+			+ "   \"custom_parameter_2\": \"custom-value-2\"\n"
+			+ "}\n";
+		// @formatter:on
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
 		Instant expiresAtBefore = Instant.now().plusSeconds(3600);
 		OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient
@@ -121,8 +137,11 @@ public class DefaultAuthorizationCodeTokenResponseClientTests {
 
 	@Test
 	public void getTokenResponseWhenClientAuthenticationBasicThenAuthorizationHeaderIsSent() throws Exception {
-		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
-				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\"\n" + "}\n";
+		String accessTokenSuccessResponse = "{\n"
+			+ "   \"access_token\": \"access-token-1234\",\n"
+			+ "   \"token_type\": \"bearer\",\n"
+			+ "   \"expires_in\": \"3600\"\n"
+			+ "}\n";
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
 		this.tokenResponseClient.getTokenResponse(this.authorizationCodeGrantRequest());
 		RecordedRequest recordedRequest = this.server.takeRequest();
@@ -131,8 +150,13 @@ public class DefaultAuthorizationCodeTokenResponseClientTests {
 
 	@Test
 	public void getTokenResponseWhenClientAuthenticationPostThenFormParametersAreSent() throws Exception {
-		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
-				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\"\n" + "}\n";
+		// @formatter:off
+		String accessTokenSuccessResponse = "{\n"
+			+ "   \"access_token\": \"access-token-1234\",\n"
+			+ "   \"token_type\": \"bearer\",\n"
+			+ "   \"expires_in\": \"3600\"\n"
+			+ "}\n";
+		// @formatter:on
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
 		ClientRegistration clientRegistration = this.from(this.clientRegistration)
 				.clientAuthenticationMethod(ClientAuthenticationMethod.POST).build();
@@ -146,8 +170,13 @@ public class DefaultAuthorizationCodeTokenResponseClientTests {
 
 	@Test
 	public void getTokenResponseWhenSuccessResponseAndNotBearerTokenTypeThenThrowOAuth2AuthorizationException() {
-		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
-				+ "   \"token_type\": \"not-bearer\",\n" + "   \"expires_in\": \"3600\"\n" + "}\n";
+		// @formatter:off
+		String accessTokenSuccessResponse = "{\n"
+			+ "   \"access_token\": \"access-token-1234\",\n"
+			+ "   \"token_type\": \"not-bearer\",\n"
+			+ "   \"expires_in\": \"3600\"\n"
+			+ "}\n";
+		// @formatter:on
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
 		assertThatExceptionOfType(OAuth2AuthorizationException.class)
 				.isThrownBy(() -> this.tokenResponseClient.getTokenResponse(this.authorizationCodeGrantRequest()))
@@ -158,7 +187,11 @@ public class DefaultAuthorizationCodeTokenResponseClientTests {
 
 	@Test
 	public void getTokenResponseWhenSuccessResponseAndMissingTokenTypeParameterThenThrowOAuth2AuthorizationException() {
-		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\"\n" + "}\n";
+		// @formatter:off
+		String accessTokenSuccessResponse = "{\n"
+			+ "   \"access_token\": \"access-token-1234\"\n"
+			+ "}\n";
+		// @formatter:on
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
 		assertThatExceptionOfType(OAuth2AuthorizationException.class)
 				.isThrownBy(() -> this.tokenResponseClient.getTokenResponse(this.authorizationCodeGrantRequest()))
@@ -169,9 +202,15 @@ public class DefaultAuthorizationCodeTokenResponseClientTests {
 
 	@Test
 	public void getTokenResponseWhenSuccessResponseIncludesScopeThenAccessTokenHasResponseScope() {
-		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
-				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\",\n"
-				+ "   \"refresh_token\": \"refresh-token-1234\",\n" + "   \"scope\": \"read\"\n" + "}\n";
+		// @formatter:off
+		String accessTokenSuccessResponse = "{\n"
+			+ "   \"access_token\": \"access-token-1234\",\n"
+			+ "   \"token_type\": \"bearer\",\n"
+			+ "   \"expires_in\": \"3600\",\n"
+			+ "   \"refresh_token\": \"refresh-token-1234\",\n"
+			+ "   \"scope\": \"read\"\n"
+			+ "}\n";
+		// @formatter:on
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
 		OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient
 				.getTokenResponse(this.authorizationCodeGrantRequest());
@@ -180,9 +219,14 @@ public class DefaultAuthorizationCodeTokenResponseClientTests {
 
 	@Test
 	public void getTokenResponseWhenSuccessResponseDoesNotIncludeScopeThenAccessTokenHasDefaultScope() {
-		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
-				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\",\n"
-				+ "   \"refresh_token\": \"refresh-token-1234\"\n" + "}\n";
+		// @formatter:off
+		String accessTokenSuccessResponse = "{\n"
+			+ "   \"access_token\": \"access-token-1234\",\n"
+			+ "   \"token_type\": \"bearer\",\n"
+			+ "   \"expires_in\": \"3600\",\n"
+			+ "   \"refresh_token\": \"refresh-token-1234\"\n"
+			+ "}\n";
+		// @formatter:on
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
 		OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient
 				.getTokenResponse(this.authorizationCodeGrantRequest());
@@ -201,12 +245,17 @@ public class DefaultAuthorizationCodeTokenResponseClientTests {
 
 	@Test
 	public void getTokenResponseWhenMalformedResponseThenThrowOAuth2AuthorizationException() {
-		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
-				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\",\n"
-				+ "   \"scope\": \"read write\",\n" + "   \"refresh_token\": \"refresh-token-1234\",\n"
-				+ "   \"custom_parameter_1\": \"custom-value-1\",\n"
-				+ "   \"custom_parameter_2\": \"custom-value-2\"\n";
+		// @formatter:off
+		String accessTokenSuccessResponse = "{\n"
+			+ "   \"access_token\": \"access-token-1234\",\n"
+			+ "   \"token_type\": \"bearer\",\n"
+			+ "   \"expires_in\": \"3600\",\n"
+			+ "   \"scope\": \"read write\",\n"
+			+ "   \"refresh_token\": \"refresh-token-1234\",\n"
+			+ "   \"custom_parameter_1\": \"custom-value-1\",\n"
+			+ "   \"custom_parameter_2\": \"custom-value-2\"\n";
 		// "}\n"; // Make the JSON invalid/malformed
+		// @formatter:on
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
 		assertThatExceptionOfType(OAuth2AuthorizationException.class)
 				.isThrownBy(() -> this.tokenResponseClient.getTokenResponse(this.authorizationCodeGrantRequest()))
@@ -253,17 +302,21 @@ public class DefaultAuthorizationCodeTokenResponseClientTests {
 	}
 
 	private ClientRegistration.Builder from(ClientRegistration registration) {
+		// @formatter:off
 		return ClientRegistration.withRegistrationId(registration.getRegistrationId())
-				.clientId(registration.getClientId()).clientSecret(registration.getClientSecret())
+				.clientId(registration.getClientId())
+				.clientSecret(registration.getClientSecret())
 				.clientAuthenticationMethod(registration.getClientAuthenticationMethod())
 				.authorizationGrantType(registration.getAuthorizationGrantType())
-				.redirectUri(registration.getRedirectUri()).scope(registration.getScopes())
+				.redirectUri(registration.getRedirectUri())
+				.scope(registration.getScopes())
 				.authorizationUri(registration.getProviderDetails().getAuthorizationUri())
 				.tokenUri(registration.getProviderDetails().getTokenUri())
 				.userInfoUri(registration.getProviderDetails().getUserInfoEndpoint().getUri())
 				.userNameAttributeName(
 						registration.getProviderDetails().getUserInfoEndpoint().getUserNameAttributeName())
 				.clientName(registration.getClientName());
+		// @formatter:on
 	}
 
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultClientCredentialsTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultClientCredentialsTokenResponseClientTests.java
index 6e0875ec79..6c7dee1f87 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultClientCredentialsTokenResponseClientTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultClientCredentialsTokenResponseClientTests.java
@@ -57,10 +57,16 @@ public class DefaultClientCredentialsTokenResponseClientTests {
 		this.server = new MockWebServer();
 		this.server.start();
 		String tokenUri = this.server.url("/oauth2/token").toString();
-		this.clientRegistration = ClientRegistration.withRegistrationId("registration-1").clientId("client-1")
-				.clientSecret("secret").clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
-				.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS).scope("read", "write")
-				.tokenUri(tokenUri).build();
+		// @formatter:off
+		this.clientRegistration = ClientRegistration.withRegistrationId("registration-1")
+				.clientId("client-1")
+				.clientSecret("secret")
+				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
+				.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS)
+				.scope("read", "write")
+				.tokenUri(tokenUri)
+				.build();
+		// @formatter:on
 	}
 
 	@After
@@ -70,12 +76,18 @@ public class DefaultClientCredentialsTokenResponseClientTests {
 
 	@Test
 	public void setRequestEntityConverterWhenConverterIsNullThenThrowIllegalArgumentException() {
-		assertThatIllegalArgumentException().isThrownBy(() -> this.tokenResponseClient.setRequestEntityConverter(null));
+		// @formatter:off
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.tokenResponseClient.setRequestEntityConverter(null));
+		// @formatter:on
 	}
 
 	@Test
 	public void setRestOperationsWhenRestOperationsIsNullThenThrowIllegalArgumentException() {
-		assertThatIllegalArgumentException().isThrownBy(() -> this.tokenResponseClient.setRestOperations(null));
+		// @formatter:off
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.tokenResponseClient.setRestOperations(null));
+		// @formatter:on
 	}
 
 	@Test
@@ -85,10 +97,16 @@ public class DefaultClientCredentialsTokenResponseClientTests {
 
 	@Test
 	public void getTokenResponseWhenSuccessResponseThenReturnAccessTokenResponse() throws Exception {
-		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
-				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\",\n"
-				+ "   \"scope\": \"read write\",\n" + "   \"custom_parameter_1\": \"custom-value-1\",\n"
-				+ "   \"custom_parameter_2\": \"custom-value-2\"\n" + "}\n";
+		// @formatter:off
+		String accessTokenSuccessResponse = "{\n"
+			+ "   \"access_token\": \"access-token-1234\",\n"
+			+ "   \"token_type\": \"bearer\",\n"
+			+ "   \"expires_in\": \"3600\",\n"
+			+ "   \"scope\": \"read write\",\n"
+			+ "   \"custom_parameter_1\": \"custom-value-1\",\n"
+			+ "   \"custom_parameter_2\": \"custom-value-2\"\n"
+			+ "}\n";
+		// @formatter:on
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
 		Instant expiresAtBefore = Instant.now().plusSeconds(3600);
 		OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest = new OAuth2ClientCredentialsGrantRequest(
@@ -116,8 +134,13 @@ public class DefaultClientCredentialsTokenResponseClientTests {
 
 	@Test
 	public void getTokenResponseWhenClientAuthenticationBasicThenAuthorizationHeaderIsSent() throws Exception {
-		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
-				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\"\n" + "}\n";
+		// @formatter:off
+		String accessTokenSuccessResponse = "{\n"
+			+ "   \"access_token\": \"access-token-1234\",\n"
+			+ "   \"token_type\": \"bearer\",\n"
+			+ "   \"expires_in\": \"3600\"\n"
+			+ "}\n";
+		// @formatter:on
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
 		OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest = new OAuth2ClientCredentialsGrantRequest(
 				this.clientRegistration);
@@ -128,8 +151,13 @@ public class DefaultClientCredentialsTokenResponseClientTests {
 
 	@Test
 	public void getTokenResponseWhenClientAuthenticationPostThenFormParametersAreSent() throws Exception {
-		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
-				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\"\n" + "}\n";
+		// @formatter:off
+		String accessTokenSuccessResponse = "{\n"
+			+ "	\"access_token\": \"access-token-1234\",\n"
+			+ "   \"token_type\": \"bearer\",\n"
+			+ "   \"expires_in\": \"3600\"\n"
+			+ "}\n";
+		// @formatter:on
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
 		ClientRegistration clientRegistration = this.from(this.clientRegistration)
 				.clientAuthenticationMethod(ClientAuthenticationMethod.POST).build();
@@ -145,8 +173,13 @@ public class DefaultClientCredentialsTokenResponseClientTests {
 
 	@Test
 	public void getTokenResponseWhenSuccessResponseAndNotBearerTokenTypeThenThrowOAuth2AuthorizationException() {
-		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
-				+ "   \"token_type\": \"not-bearer\",\n" + "   \"expires_in\": \"3600\"\n" + "}\n";
+		// @formatter:off
+		String accessTokenSuccessResponse = "{\n"
+			+ "   \"access_token\": \"access-token-1234\",\n"
+			+ "   \"token_type\": \"not-bearer\",\n"
+			+ "   \"expires_in\": \"3600\"\n"
+			+ "}\n";
+		// @formatter:on
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
 		OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest = new OAuth2ClientCredentialsGrantRequest(
 				this.clientRegistration);
@@ -172,9 +205,14 @@ public class DefaultClientCredentialsTokenResponseClientTests {
 
 	@Test
 	public void getTokenResponseWhenSuccessResponseIncludesScopeThenAccessTokenHasResponseScope() {
-		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
-				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\",\n" + "   \"scope\": \"read\"\n"
-				+ "}\n";
+		// @formatter:off
+		String accessTokenSuccessResponse = "{\n"
+			+ "   \"access_token\": \"access-token-1234\",\n"
+			+ "   \"token_type\": \"bearer\",\n"
+			+ "   \"expires_in\": \"3600\",\n"
+			+ "   \"scope\": \"read\"\n"
+			+ "}\n";
+		// @formatter:on
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
 		OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest = new OAuth2ClientCredentialsGrantRequest(
 				this.clientRegistration);
@@ -185,8 +223,13 @@ public class DefaultClientCredentialsTokenResponseClientTests {
 
 	@Test
 	public void getTokenResponseWhenSuccessResponseDoesNotIncludeScopeThenAccessTokenHasDefaultScope() {
-		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
-				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\"\n" + "}\n";
+		// @formatter:off
+		String accessTokenSuccessResponse = "{\n"
+			+ "   \"access_token\": \"access-token-1234\",\n"
+			+ "   \"token_type\": \"bearer\",\n"
+			+ "   \"expires_in\": \"3600\"\n"
+			+ "}\n";
+		// @formatter:on
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
 		OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest = new OAuth2ClientCredentialsGrantRequest(
 				this.clientRegistration);
@@ -209,11 +252,16 @@ public class DefaultClientCredentialsTokenResponseClientTests {
 
 	@Test
 	public void getTokenResponseWhenMalformedResponseThenThrowOAuth2AuthorizationException() {
-		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
-				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\",\n"
-				+ "   \"scope\": \"read write\",\n" + "   \"custom_parameter_1\": \"custom-value-1\",\n"
-				+ "   \"custom_parameter_2\": \"custom-value-2\"\n";
-		// "}\n"; // Make the JSON invalid/malformed
+		// @formatter:off
+		String accessTokenSuccessResponse = "{\n"
+			+ "   \"access_token\": \"access-token-1234\",\n"
+			+ "   \"token_type\": \"bearer\",\n"
+			+ "   \"expires_in\": \"3600\",\n"
+			+ "   \"scope\": \"read write\",\n"
+			+ "   \"custom_parameter_1\": \"custom-value-1\",\n"
+			+ "   \"custom_parameter_2\": \"custom-value-2\"\n";
+				// "}\n"; // Make the JSON invalid/malformed
+		// @formatter:on
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
 		OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest = new OAuth2ClientCredentialsGrantRequest(
 				this.clientRegistration);
@@ -225,7 +273,11 @@ public class DefaultClientCredentialsTokenResponseClientTests {
 
 	@Test
 	public void getTokenResponseWhenErrorResponseThenThrowOAuth2AuthorizationException() {
-		String accessTokenErrorResponse = "{\n" + "   \"error\": \"unauthorized_client\"\n" + "}\n";
+		// @formatter:off
+		String accessTokenErrorResponse = "{\n"
+				+ "   \"error\": \"unauthorized_client\"\n"
+				+ "}\n";
+		// @formatter:on
 		this.server.enqueue(jsonResponse(accessTokenErrorResponse).setResponseCode(400));
 		OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest = new OAuth2ClientCredentialsGrantRequest(
 				this.clientRegistration);
@@ -250,11 +302,15 @@ public class DefaultClientCredentialsTokenResponseClientTests {
 	}
 
 	private ClientRegistration.Builder from(ClientRegistration registration) {
+		// @formatter:off
 		return ClientRegistration.withRegistrationId(registration.getRegistrationId())
-				.clientId(registration.getClientId()).clientSecret(registration.getClientSecret())
+				.clientId(registration.getClientId())
+				.clientSecret(registration.getClientSecret())
 				.clientAuthenticationMethod(registration.getClientAuthenticationMethod())
-				.authorizationGrantType(registration.getAuthorizationGrantType()).scope(registration.getScopes())
+				.authorizationGrantType(registration.getAuthorizationGrantType())
+				.scope(registration.getScopes())
 				.tokenUri(registration.getProviderDetails().getTokenUri());
+		// @formatter:on
 	}
 
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultPasswordTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultPasswordTokenResponseClientTests.java
index e838ef4701..bbe593a627 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultPasswordTokenResponseClientTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultPasswordTokenResponseClientTests.java
@@ -88,8 +88,13 @@ public class DefaultPasswordTokenResponseClientTests {
 
 	@Test
 	public void getTokenResponseWhenSuccessResponseThenReturnAccessTokenResponse() throws Exception {
-		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
-				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\"\n" + "}\n";
+		// @formatter:off
+		String accessTokenSuccessResponse = "{\n"
+			+ "   \"access_token\": \"access-token-1234\",\n"
+			+ "   \"token_type\": \"bearer\",\n"
+			+ "   \"expires_in\": \"3600\"\n"
+			+ "}\n";
+		// @formatter:on
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
 		Instant expiresAtBefore = Instant.now().plusSeconds(3600);
 		ClientRegistration clientRegistration = this.clientRegistrationBuilder.build();
@@ -117,8 +122,13 @@ public class DefaultPasswordTokenResponseClientTests {
 
 	@Test
 	public void getTokenResponseWhenClientAuthenticationPostThenFormParametersAreSent() throws Exception {
-		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
-				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\"\n" + "}\n";
+		// @formatter:off
+		String accessTokenSuccessResponse = "{\n"
+			+ "   \"access_token\": \"access-token-1234\",\n"
+			+ "   \"token_type\": \"bearer\",\n"
+			+ "   \"expires_in\": \"3600\"\n"
+			+ "}\n";
+		// @formatter:on
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
 		ClientRegistration clientRegistration = this.clientRegistrationBuilder
 				.clientAuthenticationMethod(ClientAuthenticationMethod.POST).build();
@@ -134,8 +144,13 @@ public class DefaultPasswordTokenResponseClientTests {
 
 	@Test
 	public void getTokenResponseWhenSuccessResponseAndNotBearerTokenTypeThenThrowOAuth2AuthorizationException() {
-		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
-				+ "   \"token_type\": \"not-bearer\",\n" + "   \"expires_in\": \"3600\"\n" + "}\n";
+		// @formatter:off
+		String accessTokenSuccessResponse = "{\n"
+			+ "   \"access_token\": \"access-token-1234\",\n"
+			+ "   \"token_type\": \"not-bearer\",\n"
+			+ "   \"expires_in\": \"3600\"\n"
+			+ "}\n";
+		// @formatter:on
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
 		OAuth2PasswordGrantRequest passwordGrantRequest = new OAuth2PasswordGrantRequest(
 				this.clientRegistrationBuilder.build(), this.username, this.password);
@@ -148,9 +163,14 @@ public class DefaultPasswordTokenResponseClientTests {
 
 	@Test
 	public void getTokenResponseWhenSuccessResponseIncludesScopeThenAccessTokenHasResponseScope() throws Exception {
-		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
-				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\",\n" + "   \"scope\": \"read\"\n"
-				+ "}\n";
+		// @formatter:off
+		String accessTokenSuccessResponse = "{\n"
+			+ "   \"access_token\": \"access-token-1234\",\n"
+			+ "   \"token_type\": \"bearer\",\n"
+			+ "   \"expires_in\": \"3600\",\n"
+			+ "   \"scope\": \"read\"\n"
+			+ "}\n";
+		// @formatter:on
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
 		OAuth2PasswordGrantRequest passwordGrantRequest = new OAuth2PasswordGrantRequest(
 				this.clientRegistrationBuilder.build(), this.username, this.password);
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultRefreshTokenTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultRefreshTokenTokenResponseClientTests.java
index 474e627de2..4909fffe49 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultRefreshTokenTokenResponseClientTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultRefreshTokenTokenResponseClientTests.java
@@ -92,8 +92,13 @@ public class DefaultRefreshTokenTokenResponseClientTests {
 
 	@Test
 	public void getTokenResponseWhenSuccessResponseThenReturnAccessTokenResponse() throws Exception {
-		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
-				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\"\n" + "}\n";
+		// @formatter:off
+		String accessTokenSuccessResponse = "{\n"
+			+ "   \"access_token\": \"access-token-1234\",\n"
+			+ "   \"token_type\": \"bearer\",\n"
+			+ "   \"expires_in\": \"3600\"\n"
+			+ "}\n";
+		// @formatter:on
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
 		Instant expiresAtBefore = Instant.now().plusSeconds(3600);
 		OAuth2RefreshTokenGrantRequest refreshTokenGrantRequest = new OAuth2RefreshTokenGrantRequest(
@@ -137,8 +142,13 @@ public class DefaultRefreshTokenTokenResponseClientTests {
 
 	@Test
 	public void getTokenResponseWhenSuccessResponseAndNotBearerTokenTypeThenThrowOAuth2AuthorizationException() {
-		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
-				+ "   \"token_type\": \"not-bearer\",\n" + "   \"expires_in\": \"3600\"\n" + "}\n";
+		// @formatter:off
+		String accessTokenSuccessResponse = "{\n"
+			+ "   \"access_token\": \"access-token-1234\",\n"
+			+ "   \"token_type\": \"not-bearer\",\n"
+			+ "   \"expires_in\": \"3600\"\n"
+			+ "}\n";
+		// @formatter:on
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
 		OAuth2RefreshTokenGrantRequest refreshTokenGrantRequest = new OAuth2RefreshTokenGrantRequest(
 				this.clientRegistrationBuilder.build(), this.accessToken, this.refreshToken);
@@ -151,9 +161,14 @@ public class DefaultRefreshTokenTokenResponseClientTests {
 
 	@Test
 	public void getTokenResponseWhenSuccessResponseIncludesScopeThenAccessTokenHasResponseScope() throws Exception {
-		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
-				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\",\n" + "   \"scope\": \"read\"\n"
-				+ "}\n";
+		// @formatter:off
+		String accessTokenSuccessResponse = "{\n"
+			+ "   \"access_token\": \"access-token-1234\",\n"
+			+ "   \"token_type\": \"bearer\",\n"
+			+ "   \"expires_in\": \"3600\",\n"
+			+ "   \"scope\": \"read\"\n"
+			+ "}\n";
+		// @formatter:on
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
 		OAuth2RefreshTokenGrantRequest refreshTokenGrantRequest = new OAuth2RefreshTokenGrantRequest(
 				this.clientRegistrationBuilder.build(), this.accessToken, this.refreshToken,
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/NimbusAuthorizationCodeTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/NimbusAuthorizationCodeTokenResponseClientTests.java
index a9bf107e9d..17fc44c706 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/NimbusAuthorizationCodeTokenResponseClientTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/NimbusAuthorizationCodeTokenResponseClientTests.java
@@ -75,11 +75,17 @@ public class NimbusAuthorizationCodeTokenResponseClientTests {
 	@Test
 	public void getTokenResponseWhenSuccessResponseThenReturnAccessTokenResponse() throws Exception {
 		MockWebServer server = new MockWebServer();
-		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
-				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\",\n"
-				+ "   \"scope\": \"openid profile\",\n" + "	\"refresh_token\": \"refresh-token-1234\",\n"
-				+ "   \"custom_parameter_1\": \"custom-value-1\",\n" + "   \"custom_parameter_2\": \"custom-value-2\"\n"
-				+ "}\n";
+		// @formatter:off
+		String accessTokenSuccessResponse = "{\n"
+			+ "   \"access_token\": \"access-token-1234\",\n"
+			+ "   \"token_type\": \"bearer\",\n"
+			+ "   \"expires_in\": \"3600\",\n"
+			+ "   \"scope\": \"openid profile\",\n"
+			+ "   \"refresh_token\": \"refresh-token-1234\",\n"
+			+ "   \"custom_parameter_1\": \"custom-value-1\",\n"
+			+ "   \"custom_parameter_2\": \"custom-value-2\"\n"
+			+ "}\n";
+		// @formatter:on
 		server.enqueue(new MockResponse().setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE)
 				.setBody(accessTokenSuccessResponse));
 		server.start();
@@ -127,11 +133,16 @@ public class NimbusAuthorizationCodeTokenResponseClientTests {
 		this.exception.expect(OAuth2AuthorizationException.class);
 		this.exception.expectMessage(containsString("invalid_token_response"));
 		MockWebServer server = new MockWebServer();
-		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
-				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\",\n"
-				+ "   \"scope\": \"openid profile\",\n" + "   \"custom_parameter_1\": \"custom-value-1\",\n"
-				+ "   \"custom_parameter_2\": \"custom-value-2\"\n";
-		// "}\n"; // Make the JSON invalid/malformed
+		// @formatter:off
+		String accessTokenSuccessResponse = "{\n"
+			+ "	\"access_token\": \"access-token-1234\",\n"
+			+ "   \"token_type\": \"bearer\",\n"
+			+ "   \"expires_in\": \"3600\",\n"
+			+ "   \"scope\": \"openid profile\",\n"
+			+ "   \"custom_parameter_1\": \"custom-value-1\",\n"
+			+ "   \"custom_parameter_2\": \"custom-value-2\"\n";
+				// "}\n"; // Make the JSON invalid/malformed
+		// @formatter:on
 		server.enqueue(new MockResponse().setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE)
 				.setBody(accessTokenSuccessResponse));
 		server.start();
@@ -160,7 +171,11 @@ public class NimbusAuthorizationCodeTokenResponseClientTests {
 		this.exception.expect(OAuth2AuthorizationException.class);
 		this.exception.expectMessage(containsString("unauthorized_client"));
 		MockWebServer server = new MockWebServer();
-		String accessTokenErrorResponse = "{\n" + "   \"error\": \"unauthorized_client\"\n" + "}\n";
+		// @formatter:off
+		String accessTokenErrorResponse = "{\n"
+				+ "   \"error\": \"unauthorized_client\"\n"
+				+ "}\n";
+		// @formatter:on
 		server.enqueue(new MockResponse().setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE)
 				.setResponseCode(500).setBody(accessTokenErrorResponse));
 		server.start();
@@ -200,8 +215,13 @@ public class NimbusAuthorizationCodeTokenResponseClientTests {
 		this.exception.expect(OAuth2AuthorizationException.class);
 		this.exception.expectMessage(containsString("invalid_token_response"));
 		MockWebServer server = new MockWebServer();
-		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
-				+ "   \"token_type\": \"not-bearer\",\n" + "   \"expires_in\": \"3600\"\n" + "}\n";
+		// @formatter:off
+		String accessTokenSuccessResponse = "{\n"
+			+ "   \"access_token\": \"access-token-1234\",\n"
+			+ "   \"token_type\": \"not-bearer\",\n"
+			+ "   \"expires_in\": \"3600\"\n"
+			+ "}\n";
+		// @formatter:on
 		server.enqueue(new MockResponse().setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE)
 				.setBody(accessTokenSuccessResponse));
 		server.start();
@@ -220,9 +240,14 @@ public class NimbusAuthorizationCodeTokenResponseClientTests {
 	public void getTokenResponseWhenSuccessResponseIncludesScopeThenReturnAccessTokenResponseUsingResponseScope()
 			throws Exception {
 		MockWebServer server = new MockWebServer();
-		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
-				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\",\n"
-				+ "   \"scope\": \"openid profile\"\n" + "}\n";
+		// @formatter:off
+		String accessTokenSuccessResponse = "{\n"
+			+ "   \"access_token\": \"access-token-1234\",\n"
+			+ "   \"token_type\": \"bearer\",\n"
+			+ "   \"expires_in\": \"3600\",\n"
+			+ "   \"scope\": \"openid profile\"\n"
+			+ "}\n";
+		// @formatter:on
 		server.enqueue(new MockResponse().setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE)
 				.setBody(accessTokenSuccessResponse));
 		server.start();
@@ -242,8 +267,13 @@ public class NimbusAuthorizationCodeTokenResponseClientTests {
 	public void getTokenResponseWhenSuccessResponseDoesNotIncludeScopeThenReturnAccessTokenResponseUsingRequestedScope()
 			throws Exception {
 		MockWebServer server = new MockWebServer();
-		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
-				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\"\n" + "}\n";
+		// @formatter:off
+		String accessTokenSuccessResponse = "{\n"
+			+ "   \"access_token\": \"access-token-1234\",\n"
+			+ "   \"token_type\": \"bearer\",\n"
+			+ "   \"expires_in\": \"3600\"\n"
+			+ "}\n";
+		// @formatter:on
 		server.enqueue(new MockResponse().setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE)
 				.setBody(accessTokenSuccessResponse));
 		server.start();
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestEntityConverterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestEntityConverterTests.java
index c75fc03315..53f6d724ad 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestEntityConverterTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestEntityConverterTests.java
@@ -48,21 +48,38 @@ public class OAuth2AuthorizationCodeGrantRequestEntityConverterTests {
 
 	private OAuth2AuthorizationCodeGrantRequestEntityConverter converter = new OAuth2AuthorizationCodeGrantRequestEntityConverter();
 
+	// @formatter:off
 	private ClientRegistration.Builder clientRegistrationBuilder = ClientRegistration
-			.withRegistrationId("registration-1").clientId("client-1").clientSecret("secret")
+			.withRegistrationId("registration-1")
+			.clientId("client-1")
+			.clientSecret("secret")
 			.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
 			.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
-			.redirectUri("https://client.com/callback/client-1").scope("read", "write")
-			.authorizationUri("https://provider.com/oauth2/authorize").tokenUri("https://provider.com/oauth2/token")
-			.userInfoUri("https://provider.com/user").userNameAttributeName("id").clientName("client-1");
-
-	private OAuth2AuthorizationRequest.Builder authorizationRequestBuilder = OAuth2AuthorizationRequest
-			.authorizationCode().clientId("client-1").state("state-1234")
+			.redirectUri("https://client.com/callback/client-1")
+			.scope("read", "write")
 			.authorizationUri("https://provider.com/oauth2/authorize")
-			.redirectUri("https://client.com/callback/client-1").scopes(new HashSet(Arrays.asList("read", "write")));
+			.tokenUri("https://provider.com/oauth2/token")
+			.userInfoUri("https://provider.com/user")
+			.userNameAttributeName("id")
+			.clientName("client-1");
+	// @formatter:on
 
+	// @formatter:off
+	private OAuth2AuthorizationRequest.Builder authorizationRequestBuilder = OAuth2AuthorizationRequest
+			.authorizationCode()
+			.clientId("client-1")
+			.state("state-1234")
+			.authorizationUri("https://provider.com/oauth2/authorize")
+			.redirectUri("https://client.com/callback/client-1")
+			.scopes(new HashSet(Arrays.asList("read", "write")));
+	// @formatter:on
+
+	// @formatter:off
 	private OAuth2AuthorizationResponse.Builder authorizationResponseBuilder = OAuth2AuthorizationResponse
-			.success("code-1234").state("state-1234").redirectUri("https://client.com/callback/client-1");
+			.success("code-1234")
+			.state("state-1234")
+			.redirectUri("https://client.com/callback/client-1");
+	// @formatter:on
 
 	@SuppressWarnings("unchecked")
 	@Test
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestEntityConverterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestEntityConverterTests.java
index f5b402ed3e..9f1a9b11fc 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestEntityConverterTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestEntityConverterTests.java
@@ -44,11 +44,16 @@ public class OAuth2ClientCredentialsGrantRequestEntityConverterTests {
 
 	@Before
 	public void setup() {
+		// @formatter:off
 		ClientRegistration clientRegistration = ClientRegistration.withRegistrationId("registration-1")
-				.clientId("client-1").clientSecret("secret")
+				.clientId("client-1")
+				.clientSecret("secret")
 				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
-				.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS).scope("read", "write")
-				.tokenUri("https://provider.com/oauth2/token").build();
+				.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS)
+				.scope("read", "write")
+				.tokenUri("https://provider.com/oauth2/token")
+				.build();
+		// @formatter:on
 		this.clientCredentialsGrantRequest = new OAuth2ClientCredentialsGrantRequest(clientRegistration);
 	}
 
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestTests.java
index 676ca8957a..095ab160d2 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestTests.java
@@ -37,10 +37,16 @@ public class OAuth2ClientCredentialsGrantRequestTests {
 
 	@Before
 	public void setup() {
-		this.clientRegistration = ClientRegistration.withRegistrationId("registration-1").clientId("client-1")
-				.clientSecret("secret").clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
-				.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS).scope("read", "write")
-				.tokenUri("https://provider.com/oauth2/token").build();
+		// @formatter:off
+		this.clientRegistration = ClientRegistration.withRegistrationId("registration-1")
+				.clientId("client-1")
+				.clientSecret("secret")
+				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
+				.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS)
+				.scope("read", "write")
+				.tokenUri("https://provider.com/oauth2/token")
+				.build();
+		// @formatter:on
 	}
 
 	@Test
@@ -50,10 +56,15 @@ public class OAuth2ClientCredentialsGrantRequestTests {
 
 	@Test
 	public void constructorWhenClientRegistrationInvalidGrantTypeThenThrowIllegalArgumentException() {
+		// @formatter:off
 		ClientRegistration clientRegistration = ClientRegistration.withRegistrationId("registration-1")
-				.clientId("client-1").authorizationGrantType(AuthorizationGrantType.IMPLICIT)
-				.redirectUri("https://localhost:8080/redirect-uri").authorizationUri("https://provider.com/oauth2/auth")
-				.clientName("Client 1").build();
+				.clientId("client-1")
+				.authorizationGrantType(AuthorizationGrantType.IMPLICIT)
+				.redirectUri("https://localhost:8080/redirect-uri")
+				.authorizationUri("https://provider.com/oauth2/auth")
+				.clientName("Client 1")
+				.build();
+		// @formatter:on
 		assertThatIllegalArgumentException()
 				.isThrownBy(() -> new OAuth2ClientCredentialsGrantRequest(clientRegistration)).withMessage(
 						"clientRegistration.authorizationGrantType must be AuthorizationGrantType.CLIENT_CREDENTIALS");
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2PasswordGrantRequestEntityConverterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2PasswordGrantRequestEntityConverterTests.java
index 2032c722b0..7e85dcc497 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2PasswordGrantRequestEntityConverterTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2PasswordGrantRequestEntityConverterTests.java
@@ -44,8 +44,12 @@ public class OAuth2PasswordGrantRequestEntityConverterTests {
 
 	@Before
 	public void setup() {
+		// @formatter:off
 		ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration()
-				.authorizationGrantType(AuthorizationGrantType.PASSWORD).scope("read", "write").build();
+				.authorizationGrantType(AuthorizationGrantType.PASSWORD)
+				.scope("read", "write")
+				.build();
+		// @formatter:on
 		this.passwordGrantRequest = new OAuth2PasswordGrantRequest(clientRegistration, "user1", "password");
 	}
 
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveAuthorizationCodeTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveAuthorizationCodeTokenResponseClientTests.java
index 7291f83a29..74dc6080d4 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveAuthorizationCodeTokenResponseClientTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveAuthorizationCodeTokenResponseClientTests.java
@@ -64,7 +64,8 @@ public class WebClientReactiveAuthorizationCodeTokenResponseClientTests {
 		this.server = new MockWebServer();
 		this.server.start();
 		String tokenUri = this.server.url("/oauth2/token").toString();
-		this.clientRegistration = TestClientRegistrations.clientRegistration().tokenUri(tokenUri);
+		this.clientRegistration = TestClientRegistrations.clientRegistration()
+				.tokenUri(tokenUri);
 	}
 
 	@After
@@ -74,11 +75,17 @@ public class WebClientReactiveAuthorizationCodeTokenResponseClientTests {
 
 	@Test
 	public void getTokenResponseWhenSuccessResponseThenReturnAccessTokenResponse() throws Exception {
-		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
-				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\",\n"
-				+ "   \"scope\": \"openid profile\",\n" + "	\"refresh_token\": \"refresh-token-1234\",\n"
-				+ "   \"custom_parameter_1\": \"custom-value-1\",\n" + "   \"custom_parameter_2\": \"custom-value-2\"\n"
-				+ "}\n";
+		// @formatter:off
+		String accessTokenSuccessResponse = "{\n"
+			+ "   \"access_token\": \"access-token-1234\",\n"
+			+ "   \"token_type\": \"bearer\",\n"
+			+ "   \"expires_in\": \"3600\",\n"
+			+ "   \"scope\": \"openid profile\",\n"
+			+ "   \"refresh_token\": \"refresh-token-1234\",\n"
+			+ "   \"custom_parameter_1\": \"custom-value-1\",\n"
+			+ "   \"custom_parameter_2\": \"custom-value-2\"\n"
+			+ "}\n";
+		// @formatter:on
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
 		Instant expiresAtBefore = Instant.now().plusSeconds(3600);
 		OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient
@@ -198,8 +205,13 @@ public class WebClientReactiveAuthorizationCodeTokenResponseClientTests {
 
 	@Test
 	public void getTokenResponseWhenSuccessResponseAndNotBearerTokenTypeThenThrowOAuth2AuthorizationException() {
-		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
-				+ "   \"token_type\": \"not-bearer\",\n" + "   \"expires_in\": \"3600\"\n" + "}\n";
+		// @formatter:off
+		String accessTokenSuccessResponse = "{\n"
+			+ "\"access_token\": \"access-token-1234\",\n"
+			+ "   \"token_type\": \"not-bearer\",\n"
+			+ "   \"expires_in\": \"3600\"\n"
+			+ "}\n";
+		// @formatter:on
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
 		assertThatExceptionOfType(OAuth2AuthorizationException.class)
 				.isThrownBy(() -> this.tokenResponseClient.getTokenResponse(authorizationCodeGrantRequest()).block())
@@ -208,9 +220,14 @@ public class WebClientReactiveAuthorizationCodeTokenResponseClientTests {
 
 	@Test
 	public void getTokenResponseWhenSuccessResponseIncludesScopeThenReturnAccessTokenResponseUsingResponseScope() {
-		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
-				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\",\n"
-				+ "   \"scope\": \"openid profile\"\n" + "}\n";
+		// @formatter:off
+		String accessTokenSuccessResponse = "{\n"
+			+ "\"access_token\": \"access-token-1234\",\n"
+			+ "   \"token_type\": \"bearer\",\n"
+			+ "   \"expires_in\": \"3600\",\n"
+			+ "   \"scope\": \"openid profile\"\n"
+			+ "}\n";
+		// @formatter:on
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
 		this.clientRegistration.scope("openid", "profile", "email", "address");
 		OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient
@@ -220,8 +237,13 @@ public class WebClientReactiveAuthorizationCodeTokenResponseClientTests {
 
 	@Test
 	public void getTokenResponseWhenSuccessResponseDoesNotIncludeScopeThenReturnAccessTokenResponseUsingRequestedScope() {
-		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
-				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\"\n" + "}\n";
+		// @formatter:off
+		String accessTokenSuccessResponse = "{\n"
+			+ "   \"access_token\": \"access-token-1234\",\n"
+			+ "   \"token_type\": \"bearer\",\n"
+			+ "   \"expires_in\": \"3600\"\n"
+			+ "}\n";
+		// @formatter:on
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
 		this.clientRegistration.scope("openid", "profile", "email", "address");
 		OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient
@@ -257,9 +279,14 @@ public class WebClientReactiveAuthorizationCodeTokenResponseClientTests {
 		WebClient customClient = mock(WebClient.class);
 		given(customClient.post()).willReturn(WebClient.builder().build().post());
 		this.tokenResponseClient.setWebClient(customClient);
-		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
-				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\",\n"
-				+ "   \"scope\": \"openid profile\"\n" + "}\n";
+		// @formatter:off
+		String accessTokenSuccessResponse = "{\n"
+			+ "   \"access_token\": \"access-token-1234\",\n"
+			+ "   \"token_type\": \"bearer\",\n"
+			+ "   \"expires_in\": \"3600\",\n"
+			+ "   \"scope\": \"openid profile\"\n"
+			+ "}\n";
+		// @formatter:on
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
 		this.clientRegistration.scope("openid", "profile", "email", "address");
 		OAuth2AccessTokenResponse response = this.tokenResponseClient.getTokenResponse(authorizationCodeGrantRequest())
@@ -270,8 +297,13 @@ public class WebClientReactiveAuthorizationCodeTokenResponseClientTests {
 	@Test
 	public void getTokenResponseWhenOAuth2AuthorizationRequestContainsPkceParametersThenTokenRequestBodyShouldContainCodeVerifier()
 			throws Exception {
-		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
-				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\"\n" + "}\n";
+		// @formatter:off
+		String accessTokenSuccessResponse = "{\n"
+			+ "   \"access_token\": \"access-token-1234\",\n"
+			+ "   \"token_type\": \"bearer\",\n"
+			+ "   \"expires_in\": \"3600\"\n"
+			+ "}\n";
+		// @formatter:on
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
 		this.tokenResponseClient.getTokenResponse(pkceAuthorizationCodeGrantRequest()).block();
 		String body = this.server.takeRequest().getBody().readUtf8();
@@ -287,13 +319,22 @@ public class WebClientReactiveAuthorizationCodeTokenResponseClientTests {
 		Map<String, Object> additionalParameters = new HashMap<>();
 		additionalParameters.put(PkceParameterNames.CODE_CHALLENGE, "code-challenge-1234");
 		additionalParameters.put(PkceParameterNames.CODE_CHALLENGE_METHOD, "S256");
+		// @formatter:off
 		OAuth2AuthorizationRequest authorizationRequest = OAuth2AuthorizationRequest.authorizationCode()
-				.clientId(registration.getClientId()).state("state")
+				.clientId(registration.getClientId())
+				.state("state")
 				.authorizationUri(registration.getProviderDetails().getAuthorizationUri())
-				.redirectUri(registration.getRedirectUri()).scopes(registration.getScopes()).attributes(attributes)
-				.additionalParameters(additionalParameters).build();
-		OAuth2AuthorizationResponse authorizationResponse = OAuth2AuthorizationResponse.success("code").state("state")
-				.redirectUri(registration.getRedirectUri()).build();
+				.redirectUri(registration.getRedirectUri())
+				.scopes(registration.getScopes())
+				.attributes(attributes)
+				.additionalParameters(additionalParameters)
+				.build();
+		OAuth2AuthorizationResponse authorizationResponse = OAuth2AuthorizationResponse
+				.success("code")
+				.state("state")
+				.redirectUri(registration.getRedirectUri())
+				.build();
+		// @formatter:on
 		OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(authorizationRequest,
 				authorizationResponse);
 		return new OAuth2AuthorizationCodeGrantRequest(registration, authorizationExchange);
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveClientCredentialsTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveClientCredentialsTokenResponseClientTests.java
index 85de9ebff8..a07e59979d 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveClientCredentialsTokenResponseClientTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveClientCredentialsTokenResponseClientTests.java
@@ -68,9 +68,15 @@ public class WebClientReactiveClientCredentialsTokenResponseClientTests {
 
 	@Test
 	public void getTokenResponseWhenHeaderThenSuccess() throws Exception {
-		enqueueJson("{\n" + "  \"access_token\":\"MTQ0NjJkZmQ5OTM2NDE1ZTZjNGZmZjI3\",\n"
-				+ "  \"token_type\":\"bearer\",\n" + "  \"expires_in\":3600,\n"
-				+ "  \"refresh_token\":\"IwOGYzYTlmM2YxOTQ5MGE3YmNmMDFkNTVk\",\n" + "  \"scope\":\"create\"\n" + "}");
+		// @formatter:off
+		enqueueJson("{\n"
+			+ "  \"access_token\":\"MTQ0NjJkZmQ5OTM2NDE1ZTZjNGZmZjI3\",\n"
+			+ "  \"token_type\":\"bearer\",\n"
+			+ "  \"expires_in\":3600,\n"
+			+ "  \"refresh_token\":\"IwOGYzYTlmM2YxOTQ5MGE3YmNmMDFkNTVk\",\n"
+			+ "  \"scope\":\"create\"\n"
+			+ "}");
+		// @formatter:on
 		OAuth2ClientCredentialsGrantRequest request = new OAuth2ClientCredentialsGrantRequest(
 				this.clientRegistration.build());
 		OAuth2AccessTokenResponse response = this.client.getTokenResponse(request).block();
@@ -86,9 +92,15 @@ public class WebClientReactiveClientCredentialsTokenResponseClientTests {
 	public void getTokenResponseWhenPostThenSuccess() throws Exception {
 		ClientRegistration registration = this.clientRegistration
 				.clientAuthenticationMethod(ClientAuthenticationMethod.POST).build();
-		enqueueJson("{\n" + "  \"access_token\":\"MTQ0NjJkZmQ5OTM2NDE1ZTZjNGZmZjI3\",\n"
-				+ "  \"token_type\":\"bearer\",\n" + "  \"expires_in\":3600,\n"
-				+ "  \"refresh_token\":\"IwOGYzYTlmM2YxOTQ5MGE3YmNmMDFkNTVk\",\n" + "  \"scope\":\"create\"\n" + "}");
+		// @formatter:off
+		enqueueJson("{\n"
+			+ "  \"access_token\":\"MTQ0NjJkZmQ5OTM2NDE1ZTZjNGZmZjI3\",\n"
+			+ "  \"token_type\":\"bearer\",\n"
+			+ "  \"expires_in\":3600,\n"
+			+ "  \"refresh_token\":\"IwOGYzYTlmM2YxOTQ5MGE3YmNmMDFkNTVk\",\n"
+			+ "  \"scope\":\"create\"\n"
+			+ "}");
+		// @formatter:on
 		OAuth2ClientCredentialsGrantRequest request = new OAuth2ClientCredentialsGrantRequest(registration);
 		OAuth2AccessTokenResponse response = this.client.getTokenResponse(request).block();
 		RecordedRequest actualRequest = this.server.takeRequest();
@@ -102,9 +114,14 @@ public class WebClientReactiveClientCredentialsTokenResponseClientTests {
 	@Test
 	public void getTokenResponseWhenNoScopeThenClientRegistrationScopesDefaulted() {
 		ClientRegistration registration = this.clientRegistration.build();
-		enqueueJson("{\n" + "  \"access_token\":\"MTQ0NjJkZmQ5OTM2NDE1ZTZjNGZmZjI3\",\n"
-				+ "  \"token_type\":\"bearer\",\n" + "  \"expires_in\":3600,\n"
-				+ "  \"refresh_token\":\"IwOGYzYTlmM2YxOTQ5MGE3YmNmMDFkNTVk\"\n" + "}");
+		// @formatter:off
+		enqueueJson("{\n"
+		+ "  \"access_token\":\"MTQ0NjJkZmQ5OTM2NDE1ZTZjNGZmZjI3\",\n"
+		+ "  \"token_type\":\"bearer\",\n"
+		+ "  \"expires_in\":3600,\n"
+		+ "  \"refresh_token\":\"IwOGYzYTlmM2YxOTQ5MGE3YmNmMDFkNTVk\"\n"
+		+ "}");
+		// @formatter:on
 		OAuth2ClientCredentialsGrantRequest request = new OAuth2ClientCredentialsGrantRequest(registration);
 		OAuth2AccessTokenResponse response = this.client.getTokenResponse(request).block();
 		assertThat(response.getAccessToken().getScopes()).isEqualTo(registration.getScopes());
@@ -121,9 +138,14 @@ public class WebClientReactiveClientCredentialsTokenResponseClientTests {
 		given(customClient.post()).willReturn(WebClient.builder().build().post());
 		this.client.setWebClient(customClient);
 		ClientRegistration registration = this.clientRegistration.build();
-		enqueueJson("{\n" + "  \"access_token\":\"MTQ0NjJkZmQ5OTM2NDE1ZTZjNGZmZjI3\",\n"
-				+ "  \"token_type\":\"bearer\",\n" + "  \"expires_in\":3600,\n"
-				+ "  \"refresh_token\":\"IwOGYzYTlmM2YxOTQ5MGE3YmNmMDFkNTVk\"\n" + "}");
+		// @formatter:off
+		enqueueJson("{\n"
+			+ "  \"access_token\":\"MTQ0NjJkZmQ5OTM2NDE1ZTZjNGZmZjI3\",\n"
+			+ "  \"token_type\":\"bearer\",\n"
+			+ "  \"expires_in\":3600,\n"
+			+ "  \"refresh_token\":\"IwOGYzYTlmM2YxOTQ5MGE3YmNmMDFkNTVk\"\n"
+			+ "}");
+		// @formatter:on
 		OAuth2ClientCredentialsGrantRequest request = new OAuth2ClientCredentialsGrantRequest(registration);
 		OAuth2AccessTokenResponse response = this.client.getTokenResponse(request).block();
 		verify(customClient, atLeastOnce()).post();
@@ -142,8 +164,11 @@ public class WebClientReactiveClientCredentialsTokenResponseClientTests {
 	}
 
 	private void enqueueUnexpectedResponse() {
-		MockResponse response = new MockResponse().setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE)
+		// @formatter:off
+		MockResponse response = new MockResponse()
+				.setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE)
 				.setResponseCode(301);
+		// @formatter:on
 		this.server.enqueue(response);
 	}
 
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactivePasswordTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactivePasswordTokenResponseClientTests.java
index 07eb3bf3b6..3f00b3b43f 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactivePasswordTokenResponseClientTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactivePasswordTokenResponseClientTests.java
@@ -81,8 +81,13 @@ public class WebClientReactivePasswordTokenResponseClientTests {
 
 	@Test
 	public void getTokenResponseWhenSuccessResponseThenReturnAccessTokenResponse() throws Exception {
-		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
-				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\"\n" + "}\n";
+		// @formatter:off
+		String accessTokenSuccessResponse = "{\n"
+			+ "   \"access_token\": \"access-token-1234\",\n"
+			+ "   \"token_type\": \"bearer\",\n"
+			+ "   \"expires_in\": \"3600\"\n"
+			+ "}\n";
+		// @formatter:on
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
 		Instant expiresAtBefore = Instant.now().plusSeconds(3600);
 		ClientRegistration clientRegistration = this.clientRegistrationBuilder.build();
@@ -111,8 +116,13 @@ public class WebClientReactivePasswordTokenResponseClientTests {
 
 	@Test
 	public void getTokenResponseWhenClientAuthenticationPostThenFormParametersAreSent() throws Exception {
-		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
-				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\"\n" + "}\n";
+		// @formatter:off
+		String accessTokenSuccessResponse = "{\n"
+			+ "   \"access_token\": \"access-token-1234\",\n"
+			+ "   \"token_type\": \"bearer\",\n"
+			+ "   \"expires_in\": \"3600\"\n"
+			+ "}\n";
+		// @formatter:on
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
 		ClientRegistration clientRegistration = this.clientRegistrationBuilder
 				.clientAuthenticationMethod(ClientAuthenticationMethod.POST).build();
@@ -128,8 +138,13 @@ public class WebClientReactivePasswordTokenResponseClientTests {
 
 	@Test
 	public void getTokenResponseWhenSuccessResponseAndNotBearerTokenTypeThenThrowOAuth2AuthorizationException() {
-		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
-				+ "   \"token_type\": \"not-bearer\",\n" + "   \"expires_in\": \"3600\"\n" + "}\n";
+		// @formatter:off
+		String accessTokenSuccessResponse = "{\n"
+			+ "   \"access_token\": \"access-token-1234\",\n"
+			+ "   \"token_type\": \"not-bearer\",\n"
+			+ "   \"expires_in\": \"3600\"\n"
+			+ "}\n";
+		// @formatter:on
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
 		OAuth2PasswordGrantRequest passwordGrantRequest = new OAuth2PasswordGrantRequest(
 				this.clientRegistrationBuilder.build(), this.username, this.password);
@@ -143,9 +158,14 @@ public class WebClientReactivePasswordTokenResponseClientTests {
 
 	@Test
 	public void getTokenResponseWhenSuccessResponseIncludesScopeThenAccessTokenHasResponseScope() throws Exception {
-		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
-				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\",\n" + "   \"scope\": \"read\"\n"
-				+ "}\n";
+		// @formatter:off
+		String accessTokenSuccessResponse = "{\n"
+			+ "   \"access_token\": \"access-token-1234\",\n"
+			+ "   \"token_type\": \"bearer\",\n"
+			+ "   \"expires_in\": \"3600\",\n"
+			+ "   \"scope\": \"read\"\n"
+			+ "}\n";
+		// @formatter:on
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
 		OAuth2PasswordGrantRequest passwordGrantRequest = new OAuth2PasswordGrantRequest(
 				this.clientRegistrationBuilder.build(), this.username, this.password);
@@ -159,7 +179,11 @@ public class WebClientReactivePasswordTokenResponseClientTests {
 
 	@Test
 	public void getTokenResponseWhenErrorResponseThenThrowOAuth2AuthorizationException() {
-		String accessTokenErrorResponse = "{\n" + "   \"error\": \"unauthorized_client\"\n" + "}\n";
+		// @formatter:off
+		String accessTokenErrorResponse = "{\n"
+				+ "   \"error\": \"unauthorized_client\"\n"
+				+ "}\n";
+		// @formatter:on
 		this.server.enqueue(jsonResponse(accessTokenErrorResponse).setResponseCode(400));
 		OAuth2PasswordGrantRequest passwordGrantRequest = new OAuth2PasswordGrantRequest(
 				this.clientRegistrationBuilder.build(), this.username, this.password);
@@ -182,7 +206,11 @@ public class WebClientReactivePasswordTokenResponseClientTests {
 	}
 
 	private MockResponse jsonResponse(String json) {
-		return new MockResponse().setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE).setBody(json);
+		// @formatter:off
+		return new MockResponse()
+				.setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE)
+				.setBody(json);
+		// @formatter:on
 	}
 
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveRefreshTokenTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveRefreshTokenTokenResponseClientTests.java
index dd9262271b..1aee3057fc 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveRefreshTokenTokenResponseClientTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveRefreshTokenTokenResponseClientTests.java
@@ -87,8 +87,13 @@ public class WebClientReactiveRefreshTokenTokenResponseClientTests {
 
 	@Test
 	public void getTokenResponseWhenSuccessResponseThenReturnAccessTokenResponse() throws Exception {
-		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
-				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\"\n" + "}\n";
+		// @formatter:off
+		String accessTokenSuccessResponse = "{\n"
+			+ "   \"access_token\": \"access-token-1234\",\n"
+			+ "   \"token_type\": \"bearer\",\n"
+			+ "   \"expires_in\": \"3600\"\n"
+			+ "}\n";
+		// @formatter:on
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
 		Instant expiresAtBefore = Instant.now().plusSeconds(3600);
 		OAuth2RefreshTokenGrantRequest refreshTokenGrantRequest = new OAuth2RefreshTokenGrantRequest(
@@ -115,8 +120,13 @@ public class WebClientReactiveRefreshTokenTokenResponseClientTests {
 
 	@Test
 	public void getTokenResponseWhenClientAuthenticationPostThenFormParametersAreSent() throws Exception {
-		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
-				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\"\n" + "}\n";
+		// @formatter:off
+		String accessTokenSuccessResponse = "{\n"
+			+ "	\"access_token\": \"access-token-1234\",\n"
+			+ "   \"token_type\": \"bearer\",\n"
+			+ "   \"expires_in\": \"3600\"\n"
+			+ "}\n";
+		// @formatter:on
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
 		ClientRegistration clientRegistration = this.clientRegistrationBuilder
 				.clientAuthenticationMethod(ClientAuthenticationMethod.POST).build();
@@ -132,8 +142,13 @@ public class WebClientReactiveRefreshTokenTokenResponseClientTests {
 
 	@Test
 	public void getTokenResponseWhenSuccessResponseAndNotBearerTokenTypeThenThrowOAuth2AuthorizationException() {
-		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
-				+ "   \"token_type\": \"not-bearer\",\n" + "   \"expires_in\": \"3600\"\n" + "}\n";
+		// @formatter:off
+		String accessTokenSuccessResponse = "{\n"
+			+ "   \"access_token\": \"access-token-1234\",\n"
+			+ "   \"token_type\": \"not-bearer\",\n"
+			+ "   \"expires_in\": \"3600\"\n"
+			+ "}\n";
+		// @formatter:on
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
 		OAuth2RefreshTokenGrantRequest refreshTokenGrantRequest = new OAuth2RefreshTokenGrantRequest(
 				this.clientRegistrationBuilder.build(), this.accessToken, this.refreshToken);
@@ -146,9 +161,14 @@ public class WebClientReactiveRefreshTokenTokenResponseClientTests {
 
 	@Test
 	public void getTokenResponseWhenSuccessResponseIncludesScopeThenAccessTokenHasResponseScope() throws Exception {
-		String accessTokenSuccessResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
-				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\",\n" + "   \"scope\": \"read\"\n"
-				+ "}\n";
+		// @formatter:off
+		String accessTokenSuccessResponse = "{\n"
+			+ "   \"access_token\": \"access-token-1234\",\n"
+			+ "   \"token_type\": \"bearer\",\n"
+			+ "   \"expires_in\": \"3600\",\n"
+			+ "   \"scope\": \"read\"\n"
+			+ "}\n";
+		// @formatter:on
 		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
 		OAuth2RefreshTokenGrantRequest refreshTokenGrantRequest = new OAuth2RefreshTokenGrantRequest(
 				this.clientRegistrationBuilder.build(), this.accessToken, this.refreshToken,
@@ -163,7 +183,11 @@ public class WebClientReactiveRefreshTokenTokenResponseClientTests {
 
 	@Test
 	public void getTokenResponseWhenErrorResponseThenThrowOAuth2AuthorizationException() {
-		String accessTokenErrorResponse = "{\n" + "   \"error\": \"unauthorized_client\"\n" + "}\n";
+		// @formatter:off
+		String accessTokenErrorResponse = "{\n"
+				+ "   \"error\": \"unauthorized_client\"\n"
+				+ "}\n";
+		// @formatter:on
 		this.server.enqueue(jsonResponse(accessTokenErrorResponse).setResponseCode(400));
 		OAuth2RefreshTokenGrantRequest refreshTokenGrantRequest = new OAuth2RefreshTokenGrantRequest(
 				this.clientRegistrationBuilder.build(), this.accessToken, this.refreshToken);
@@ -186,7 +210,11 @@ public class WebClientReactiveRefreshTokenTokenResponseClientTests {
 	}
 
 	private MockResponse jsonResponse(String json) {
-		return new MockResponse().setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE).setBody(json);
+		// @formatter:off
+		return new MockResponse()
+				.setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE)
+				.setBody(json);
+		// @formatter:on
 	}
 
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/http/OAuth2ErrorResponseErrorHandlerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/http/OAuth2ErrorResponseErrorHandlerTests.java
index d4c1c909a3..7f33e8e745 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/http/OAuth2ErrorResponseErrorHandlerTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/http/OAuth2ErrorResponseErrorHandlerTests.java
@@ -36,8 +36,12 @@ public class OAuth2ErrorResponseErrorHandlerTests {
 
 	@Test
 	public void handleErrorWhenErrorResponseBodyThenHandled() {
-		String errorResponse = "{\n" + "	\"error\": \"unauthorized_client\",\n"
-				+ "   \"error_description\": \"The client is not authorized\"\n" + "}\n";
+		// @formatter:off
+		String errorResponse = "{\n"
+				+ "   \"error\": \"unauthorized_client\",\n"
+				+ "   \"error_description\": \"The client is not authorized\"\n"
+				+ "}\n";
+		// @formatter:on
 		MockClientHttpResponse response = new MockClientHttpResponse(errorResponse.getBytes(), HttpStatus.BAD_REQUEST);
 		assertThatExceptionOfType(OAuth2AuthorizationException.class)
 				.isThrownBy(() -> this.errorHandler.handleError(response))
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizationRequestMixinTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizationRequestMixinTests.java
index 569e584349..66c1d149a9 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizationRequestMixinTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizationRequestMixinTests.java
@@ -55,8 +55,11 @@ public class OAuth2AuthorizationRequestMixinTests {
 		Map<String, Object> additionalParameters = new LinkedHashMap<>();
 		additionalParameters.put("param1", "value1");
 		additionalParameters.put("param2", "value2");
-		this.authorizationRequestBuilder = TestOAuth2AuthorizationRequests.request().scope("read", "write")
+		// @formatter:off
+		this.authorizationRequestBuilder = TestOAuth2AuthorizationRequests.request()
+				.scope("read", "write")
 				.additionalParameters(additionalParameters);
+		// @formatter:on
 	}
 
 	@Test
@@ -69,8 +72,14 @@ public class OAuth2AuthorizationRequestMixinTests {
 
 	@Test
 	public void serializeWhenRequiredAttributesOnlyThenSerializes() throws Exception {
-		OAuth2AuthorizationRequest authorizationRequest = this.authorizationRequestBuilder.scopes(null).state(null)
-				.additionalParameters(Map::clear).attributes(Map::clear).build();
+		// @formatter:off
+		OAuth2AuthorizationRequest authorizationRequest = this.authorizationRequestBuilder
+				.scopes(null)
+				.state(null)
+				.additionalParameters(Map::clear)
+				.attributes(Map::clear)
+				.build();
+		// @formatter:on
 		String expectedJson = asJson(authorizationRequest);
 		String json = this.mapper.writeValueAsString(authorizationRequest);
 		JSONAssert.assertEquals(expectedJson, json, true);
@@ -106,8 +115,13 @@ public class OAuth2AuthorizationRequestMixinTests {
 
 	@Test
 	public void deserializeWhenRequiredAttributesOnlyThenDeserializes() throws Exception {
+		// @formatter:off
 		OAuth2AuthorizationRequest expectedAuthorizationRequest = this.authorizationRequestBuilder.scopes(null)
-				.state(null).additionalParameters(Map::clear).attributes(Map::clear).build();
+				.state(null)
+				.additionalParameters(Map::clear)
+				.attributes(Map::clear)
+				.build();
+		// @formatter:on
 		String json = asJson(expectedAuthorizationRequest);
 		OAuth2AuthorizationRequest authorizationRequest = this.mapper.readValue(json, OAuth2AuthorizationRequest.class);
 		assertThat(authorizationRequest.getAuthorizationUri())
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizedClientMixinTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizedClientMixinTests.java
index 02b40783d0..13bfd8ed5b 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizedClientMixinTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizedClientMixinTests.java
@@ -67,8 +67,11 @@ public class OAuth2AuthorizedClientMixinTests {
 		Map<String, Object> providerConfigurationMetadata = new LinkedHashMap<>();
 		providerConfigurationMetadata.put("config1", "value1");
 		providerConfigurationMetadata.put("config2", "value2");
-		this.clientRegistrationBuilder = TestClientRegistrations.clientRegistration().scope("read", "write")
+		// @formatter:off
+		this.clientRegistrationBuilder = TestClientRegistrations.clientRegistration()
+				.scope("read", "write")
 				.providerConfigurationMetadata(providerConfigurationMetadata);
+		// @formatter:on
 		this.accessToken = TestOAuth2AccessTokens.scopes("read", "write");
 		this.refreshToken = TestOAuth2RefreshTokens.refreshToken();
 		this.principalName = "principal-name";
@@ -85,8 +88,16 @@ public class OAuth2AuthorizedClientMixinTests {
 
 	@Test
 	public void serializeWhenRequiredAttributesOnlyThenSerializes() throws Exception {
-		ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().clientSecret(null)
-				.clientName(null).userInfoUri(null).userNameAttributeName(null).jwkSetUri(null).issuerUri(null).build();
+		// @formatter:off
+		ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration()
+				.clientSecret(null)
+				.clientName(null)
+				.userInfoUri(null)
+				.userNameAttributeName(null)
+				.jwkSetUri(null)
+				.issuerUri(null)
+				.build();
+		// @formatter:on
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(clientRegistration, this.principalName,
 				TestOAuth2AccessTokens.noScopes());
 		String expectedJson = asJson(authorizedClient);
@@ -154,8 +165,16 @@ public class OAuth2AuthorizedClientMixinTests {
 
 	@Test
 	public void deserializeWhenRequiredAttributesOnlyThenDeserializes() throws Exception {
-		ClientRegistration expectedClientRegistration = TestClientRegistrations.clientRegistration().clientSecret(null)
-				.clientName(null).userInfoUri(null).userNameAttributeName(null).jwkSetUri(null).issuerUri(null).build();
+		// @formatter:off
+		ClientRegistration expectedClientRegistration = TestClientRegistrations.clientRegistration()
+				.clientSecret(null)
+				.clientName(null)
+				.userInfoUri(null)
+				.userNameAttributeName(null)
+				.jwkSetUri(null)
+				.issuerUri(null)
+				.build();
+		// @formatter:on
 		OAuth2AccessToken expectedAccessToken = TestOAuth2AccessTokens.noScopes();
 		OAuth2AuthorizedClient expectedAuthorizedClient = new OAuth2AuthorizedClient(expectedClientRegistration,
 				this.principalName, expectedAccessToken);
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProviderTests.java
index 531045c6e5..2b0e03fa6a 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProviderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProviderTests.java
@@ -117,9 +117,15 @@ public class OidcAuthorizationCodeAuthenticationProviderTests {
 		}
 		catch (NoSuchAlgorithmException ex) {
 		}
-		this.authorizationRequest = TestOAuth2AuthorizationRequests.request().scope("openid", "profile", "email")
-				.attributes(attributes).additionalParameters(additionalParameters).build();
-		this.authorizationResponse = TestOAuth2AuthorizationResponses.success().build();
+		// @formatter:off
+		this.authorizationRequest = TestOAuth2AuthorizationRequests.request()
+				.scope("openid", "profile", "email")
+				.attributes(attributes)
+				.additionalParameters(additionalParameters)
+				.build();
+		this.authorizationResponse = TestOAuth2AuthorizationResponses.success()
+				.build();
+		// @formatter:on
 		this.authorizationExchange = new OAuth2AuthorizationExchange(this.authorizationRequest,
 				this.authorizationResponse);
 		this.accessTokenResponseClient = mock(OAuth2AccessTokenResponseClient.class);
@@ -161,8 +167,11 @@ public class OidcAuthorizationCodeAuthenticationProviderTests {
 
 	@Test
 	public void authenticateWhenAuthorizationRequestDoesNotContainOpenidScopeThenReturnNull() {
-		OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request().scope("scope1")
+		// @formatter:off
+		OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request()
+				.scope("scope1")
 				.build();
+		// @formatter:on
 		OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(authorizationRequest,
 				this.authorizationResponse);
 		OAuth2LoginAuthenticationToken authentication = (OAuth2LoginAuthenticationToken) this.authenticationProvider
@@ -174,8 +183,11 @@ public class OidcAuthorizationCodeAuthenticationProviderTests {
 	public void authenticateWhenAuthorizationErrorResponseThenThrowOAuth2AuthenticationException() {
 		this.exception.expect(OAuth2AuthenticationException.class);
 		this.exception.expectMessage(containsString(OAuth2ErrorCodes.INVALID_SCOPE));
+		// @formatter:off
 		OAuth2AuthorizationResponse authorizationResponse = TestOAuth2AuthorizationResponses.error()
-				.errorCode(OAuth2ErrorCodes.INVALID_SCOPE).build();
+				.errorCode(OAuth2ErrorCodes.INVALID_SCOPE)
+				.build();
+		// @formatter:on
 		OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(this.authorizationRequest,
 				authorizationResponse);
 		this.authenticationProvider
@@ -186,8 +198,11 @@ public class OidcAuthorizationCodeAuthenticationProviderTests {
 	public void authenticateWhenAuthorizationResponseStateNotEqualAuthorizationRequestStateThenThrowOAuth2AuthenticationException() {
 		this.exception.expect(OAuth2AuthenticationException.class);
 		this.exception.expectMessage(containsString("invalid_state_parameter"));
-		OAuth2AuthorizationResponse authorizationResponse = TestOAuth2AuthorizationResponses.success().state("89012")
+		// @formatter:off
+		OAuth2AuthorizationResponse authorizationResponse = TestOAuth2AuthorizationResponses.success()
+				.state("89012")
 				.build();
+		// @formatter:on
 		OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(this.authorizationRequest,
 				authorizationResponse);
 		this.authenticationProvider
@@ -198,8 +213,12 @@ public class OidcAuthorizationCodeAuthenticationProviderTests {
 	public void authenticateWhenTokenResponseDoesNotContainIdTokenThenThrowOAuth2AuthenticationException() {
 		this.exception.expect(OAuth2AuthenticationException.class);
 		this.exception.expectMessage(containsString("invalid_id_token"));
+		// @formatter:off
 		OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse
-				.withResponse(this.accessTokenSuccessResponse()).additionalParameters(Collections.emptyMap()).build();
+				.withResponse(this.accessTokenSuccessResponse())
+				.additionalParameters(Collections.emptyMap())
+				.build();
+		// @formatter:on
 		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse);
 		this.authenticationProvider
 				.authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, this.authorizationExchange));
@@ -209,7 +228,11 @@ public class OidcAuthorizationCodeAuthenticationProviderTests {
 	public void authenticateWhenJwkSetUriNotSetThenThrowOAuth2AuthenticationException() {
 		this.exception.expect(OAuth2AuthenticationException.class);
 		this.exception.expectMessage(containsString("missing_signature_verifier"));
-		ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().jwkSetUri(null).build();
+		// @formatter:off
+		ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration()
+				.jwkSetUri(null)
+				.build();
+		// @formatter:on
 		this.authenticationProvider
 				.authenticate(new OAuth2LoginAuthenticationToken(clientRegistration, this.authorizationExchange));
 	}
@@ -323,9 +346,15 @@ public class OidcAuthorizationCodeAuthenticationProviderTests {
 		additionalParameters.put("param1", "value1");
 		additionalParameters.put("param2", "value2");
 		additionalParameters.put(OidcParameterNames.ID_TOKEN, "id-token");
-		return OAuth2AccessTokenResponse.withToken("access-token-1234").tokenType(OAuth2AccessToken.TokenType.BEARER)
-				.expiresIn(expiresAt.getEpochSecond()).scopes(scopes).refreshToken("refresh-token-1234")
-				.additionalParameters(additionalParameters).build();
+		// @formatter:off
+		return OAuth2AccessTokenResponse.withToken("access-token-1234")
+				.tokenType(OAuth2AccessToken.TokenType.BEARER)
+				.expiresIn(expiresAt.getEpochSecond())
+				.scopes(scopes)
+				.refreshToken("refresh-token-1234")
+				.additionalParameters(additionalParameters)
+				.build();
+		// @formatter:on
 	}
 
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManagerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManagerTests.java
index 0913435795..2c1dafdc86 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManagerTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManagerTests.java
@@ -90,10 +90,15 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests {
 	@Mock
 	private ReactiveJwtDecoder jwtDecoder;
 
-	private ClientRegistration.Builder registration = TestClientRegistrations.clientRegistration().scope("openid");
+	// @formatter:off
+	private ClientRegistration.Builder registration = TestClientRegistrations.clientRegistration()
+			.scope("openid");
+	// @formatter:on
 
+	// @formatter:off
 	private OAuth2AuthorizationResponse.Builder authorizationResponseBldr = OAuth2AuthorizationResponse.success("code")
 			.state("state");
+	// @formatter:on
 
 	private OidcIdToken idToken = TestOidcIdTokens.idToken().build();
 
@@ -153,7 +158,10 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests {
 
 	@Test
 	public void authenticationWhenErrorThenOAuth2AuthenticationException() {
-		this.authorizationResponseBldr = OAuth2AuthorizationResponse.error("error").state("state");
+		// @formatter:off
+		this.authorizationResponseBldr = OAuth2AuthorizationResponse.error("error")
+				.state("state");
+		// @formatter:on
 		assertThatExceptionOfType(OAuth2AuthenticationException.class)
 				.isThrownBy(() -> this.manager.authenticate(loginToken()).block());
 	}
@@ -167,10 +175,12 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests {
 
 	@Test
 	public void authenticateWhenIdTokenValidationErrorThenOAuth2AuthenticationException() {
+		// @formatter:off
 		OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("foo")
-				.tokenType(OAuth2AccessToken.TokenType.BEARER).additionalParameters(
-						Collections.singletonMap(OidcParameterNames.ID_TOKEN, this.idToken.getTokenValue()))
+				.tokenType(OAuth2AccessToken.TokenType.BEARER)
+				.additionalParameters(Collections.singletonMap(OidcParameterNames.ID_TOKEN, this.idToken.getTokenValue()))
 				.build();
+		// @formatter:on
 		given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse));
 		given(this.jwtDecoder.decode(any())).willThrow(new JwtException("ID Token Validation Error"));
 		this.manager.setJwtDecoderFactory((c) -> this.jwtDecoder);
@@ -181,10 +191,13 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests {
 
 	@Test
 	public void authenticateWhenIdTokenInvalidNonceThenOAuth2AuthenticationException() {
+		// @formatter:off
 		OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("foo")
-				.tokenType(OAuth2AccessToken.TokenType.BEARER).additionalParameters(
+				.tokenType(OAuth2AccessToken.TokenType.BEARER)
+				.additionalParameters(
 						Collections.singletonMap(OidcParameterNames.ID_TOKEN, this.idToken.getTokenValue()))
 				.build();
+		// @formatter:on
 		OAuth2AuthorizationCodeAuthenticationToken authorizationCodeAuthentication = loginToken();
 		Map<String, Object> claims = new HashMap<>();
 		claims.put(IdTokenClaimNames.ISS, "https://issuer.example.com");
@@ -202,11 +215,13 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests {
 
 	@Test
 	public void authenticationWhenOAuth2UserNotFoundThenEmpty() {
+		// @formatter:off
 		OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("foo")
 				.tokenType(OAuth2AccessToken.TokenType.BEARER)
 				.additionalParameters(Collections.singletonMap(OidcParameterNames.ID_TOKEN,
 						"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ."))
 				.build();
+		// @formatter:on
 		OAuth2AuthorizationCodeAuthenticationToken authorizationCodeAuthentication = loginToken();
 		Map<String, Object> claims = new HashMap<>();
 		claims.put(IdTokenClaimNames.ISS, "https://issuer.example.com");
@@ -223,10 +238,14 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests {
 
 	@Test
 	public void authenticationWhenOAuth2UserFoundThenSuccess() {
-		OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("foo")
-				.tokenType(OAuth2AccessToken.TokenType.BEARER).additionalParameters(
+		// @formatter:off
+		OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse
+				.withToken("foo")
+				.tokenType(OAuth2AccessToken.TokenType.BEARER)
+				.additionalParameters(
 						Collections.singletonMap(OidcParameterNames.ID_TOKEN, this.idToken.getTokenValue()))
 				.build();
+		// @formatter:on
 		OAuth2AuthorizationCodeAuthenticationToken authorizationCodeAuthentication = loginToken();
 		Map<String, Object> claims = new HashMap<>();
 		claims.put(IdTokenClaimNames.ISS, "https://issuer.example.com");
@@ -248,11 +267,15 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests {
 
 	@Test
 	public void authenticationWhenRefreshTokenThenRefreshTokenInAuthorizedClient() {
-		OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("foo")
+		// @formatter:off
+		OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse
+				.withToken("foo")
 				.tokenType(OAuth2AccessToken.TokenType.BEARER)
 				.additionalParameters(
 						Collections.singletonMap(OidcParameterNames.ID_TOKEN, this.idToken.getTokenValue()))
-				.refreshToken("refresh-token").build();
+				.refreshToken("refresh-token")
+				.build();
+		// @formatter:on
 		OAuth2AuthorizationCodeAuthenticationToken authorizationCodeAuthentication = loginToken();
 		Map<String, Object> claims = new HashMap<>();
 		claims.put(IdTokenClaimNames.ISS, "https://issuer.example.com");
@@ -281,8 +304,13 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests {
 		additionalParameters.put(OidcParameterNames.ID_TOKEN, this.idToken.getTokenValue());
 		additionalParameters.put("param1", "value1");
 		additionalParameters.put("param2", "value2");
-		OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("foo")
-				.tokenType(OAuth2AccessToken.TokenType.BEARER).additionalParameters(additionalParameters).build();
+		// @formatter:off
+		OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse
+				.withToken("foo")
+				.tokenType(OAuth2AccessToken.TokenType.BEARER)
+				.additionalParameters(additionalParameters)
+				.build();
+		// @formatter:on
 		OAuth2AuthorizationCodeAuthenticationToken authorizationCodeAuthentication = loginToken();
 		Map<String, Object> claims = new HashMap<>();
 		claims.put(IdTokenClaimNames.ISS, "https://issuer.example.com");
@@ -304,10 +332,13 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests {
 	@Test
 	public void authenticateWhenAuthoritiesMapperSetThenReturnMappedAuthorities() {
 		ClientRegistration clientRegistration = this.registration.build();
+		// @formatter:off
 		OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("foo")
-				.tokenType(OAuth2AccessToken.TokenType.BEARER).additionalParameters(
+				.tokenType(OAuth2AccessToken.TokenType.BEARER)
+				.additionalParameters(
 						Collections.singletonMap(OidcParameterNames.ID_TOKEN, this.idToken.getTokenValue()))
 				.build();
+		// @formatter:on
 		OAuth2AuthorizationCodeAuthenticationToken authorizationCodeAuthentication = loginToken();
 		Map<String, Object> claims = new HashMap<>();
 		claims.put(IdTokenClaimNames.ISS, "https://issuer.example.com");
@@ -342,13 +373,19 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests {
 		}
 		catch (NoSuchAlgorithmException ex) {
 		}
-		OAuth2AuthorizationRequest authorizationRequest = OAuth2AuthorizationRequest.authorizationCode().state("state")
+		// @formatter:off
+		OAuth2AuthorizationRequest authorizationRequest = OAuth2AuthorizationRequest.authorizationCode()
+				.state("state")
 				.clientId(clientRegistration.getClientId())
 				.authorizationUri(clientRegistration.getProviderDetails().getAuthorizationUri())
-				.redirectUri(clientRegistration.getRedirectUri()).scopes(clientRegistration.getScopes())
-				.additionalParameters(additionalParameters).attributes(attributes).build();
+				.redirectUri(clientRegistration.getRedirectUri())
+				.scopes(clientRegistration.getScopes())
+				.additionalParameters(additionalParameters)
+				.attributes(attributes).build();
 		OAuth2AuthorizationResponse authorizationResponse = this.authorizationResponseBldr
-				.redirectUri(clientRegistration.getRedirectUri()).build();
+				.redirectUri(clientRegistration.getRedirectUri())
+				.build();
+		// @formatter:on
 		OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(authorizationRequest,
 				authorizationResponse);
 		return new OAuth2AuthorizationCodeAuthenticationToken(clientRegistration, authorizationExchange);
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenDecoderFactoryTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenDecoderFactoryTests.java
index 224d49fe71..ef3e1df791 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenDecoderFactoryTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenDecoderFactoryTests.java
@@ -50,7 +50,11 @@ import static org.mockito.Mockito.verify;
  */
 public class OidcIdTokenDecoderFactoryTests {
 
-	private ClientRegistration.Builder registration = TestClientRegistrations.clientRegistration().scope("openid");
+	// @formatter:off
+	private ClientRegistration.Builder registration = TestClientRegistrations
+			.clientRegistration()
+			.scope("openid");
+	// @formatter:on
 
 	private OidcIdTokenDecoderFactory idTokenDecoderFactory;
 
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenValidatorTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenValidatorTests.java
index f0a555b4ba..99b32caac6 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenValidatorTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenValidatorTests.java
@@ -72,26 +72,39 @@ public class OidcIdTokenValidatorTests {
 	@Test
 	public void setClockSkewWhenNullThenThrowIllegalArgumentException() {
 		OidcIdTokenValidator idTokenValidator = new OidcIdTokenValidator(this.registration.build());
-		assertThatIllegalArgumentException().isThrownBy(() -> idTokenValidator.setClockSkew(null));
+		// @formatter:off
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> idTokenValidator.setClockSkew(null));
+		// @formatter:on
 	}
 
 	@Test
 	public void setClockSkewWhenNegativeSecondsThenThrowIllegalArgumentException() {
 		OidcIdTokenValidator idTokenValidator = new OidcIdTokenValidator(this.registration.build());
-		assertThatIllegalArgumentException().isThrownBy(() -> idTokenValidator.setClockSkew(Duration.ofSeconds(-1)));
+		// @formatter:off
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> idTokenValidator.setClockSkew(Duration.ofSeconds(-1)));
+		// @formatter:on
 	}
 
 	@Test
 	public void setClockWhenNullThenThrowIllegalArgumentException() {
 		OidcIdTokenValidator idTokenValidator = new OidcIdTokenValidator(this.registration.build());
-		assertThatIllegalArgumentException().isThrownBy(() -> idTokenValidator.setClock(null));
+		// @formatter:off
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> idTokenValidator.setClock(null));
+		// @formatter:on
 	}
 
 	@Test
 	public void validateWhenIssuerNullThenHasErrors() {
 		this.claims.remove(IdTokenClaimNames.ISS);
-		assertThat(this.validateIdToken()).hasSize(1).extracting(OAuth2Error::getDescription)
+		// @formatter:off
+		assertThat(this.validateIdToken())
+				.hasSize(1)
+				.extracting(OAuth2Error::getDescription)
 				.allMatch((msg) -> msg.contains(IdTokenClaimNames.ISS));
+		// @formatter:on
 	}
 
 	@Test
@@ -101,8 +114,12 @@ public class OidcIdTokenValidatorTests {
 		 * issuer in the ID Token, the validation must fail
 		 */
 		this.registration = this.registration.issuerUri("https://somethingelse.com");
-		assertThat(this.validateIdToken()).hasSize(1).extracting(OAuth2Error::getDescription)
+		// @formatter:off
+		assertThat(this.validateIdToken())
+				.hasSize(1)
+				.extracting(OAuth2Error::getDescription)
 				.allMatch((msg) -> msg.contains(IdTokenClaimNames.ISS));
+		// @formatter:on
 	}
 
 	@Test
@@ -118,22 +135,34 @@ public class OidcIdTokenValidatorTests {
 	@Test
 	public void validateWhenSubNullThenHasErrors() {
 		this.claims.remove(IdTokenClaimNames.SUB);
-		assertThat(this.validateIdToken()).hasSize(1).extracting(OAuth2Error::getDescription)
+		// @formatter:off
+		assertThat(this.validateIdToken())
+				.hasSize(1)
+				.extracting(OAuth2Error::getDescription)
 				.allMatch((msg) -> msg.contains(IdTokenClaimNames.SUB));
+		// @formatter:on
 	}
 
 	@Test
 	public void validateWhenAudNullThenHasErrors() {
 		this.claims.remove(IdTokenClaimNames.AUD);
-		assertThat(this.validateIdToken()).hasSize(1).extracting(OAuth2Error::getDescription)
+		// @formatter:off
+		assertThat(this.validateIdToken())
+				.hasSize(1)
+				.extracting(OAuth2Error::getDescription)
 				.allMatch((msg) -> msg.contains(IdTokenClaimNames.AUD));
+		// @formatter:on
 	}
 
 	@Test
 	public void validateWhenIssuedAtNullThenHasErrors() {
 		this.issuedAt = null;
-		assertThat(this.validateIdToken()).hasSize(1).extracting(OAuth2Error::getDescription)
+		// @formatter:off
+		assertThat(this.validateIdToken())
+				.hasSize(1)
+				.extracting(OAuth2Error::getDescription)
 				.allMatch((msg) -> msg.contains(IdTokenClaimNames.IAT));
+		// @formatter:on
 	}
 
 	@Test
@@ -146,15 +175,23 @@ public class OidcIdTokenValidatorTests {
 	@Test
 	public void validateWhenAudMultipleAndAzpNullThenHasErrors() {
 		this.claims.put(IdTokenClaimNames.AUD, Arrays.asList("client-id", "other"));
-		assertThat(this.validateIdToken()).hasSize(1).extracting(OAuth2Error::getDescription)
+		// @formatter:off
+		assertThat(this.validateIdToken())
+				.hasSize(1)
+				.extracting(OAuth2Error::getDescription)
 				.allMatch((msg) -> msg.contains(IdTokenClaimNames.AZP));
+		// @formatter:on
 	}
 
 	@Test
 	public void validateWhenAzpNotClientIdThenHasErrors() {
 		this.claims.put(IdTokenClaimNames.AZP, "other");
-		assertThat(this.validateIdToken()).hasSize(1).extracting(OAuth2Error::getDescription)
+		// @formatter:off
+		assertThat(this.validateIdToken())
+				.hasSize(1)
+				.extracting(OAuth2Error::getDescription)
 				.allMatch((msg) -> msg.contains(IdTokenClaimNames.AZP));
+		// @formatter:on
 	}
 
 	@Test
@@ -168,15 +205,23 @@ public class OidcIdTokenValidatorTests {
 	public void validateWhenMultipleAudAzpNotClientIdThenHasErrors() {
 		this.claims.put(IdTokenClaimNames.AUD, Arrays.asList("client-id-1", "client-id-2"));
 		this.claims.put(IdTokenClaimNames.AZP, "other-client");
-		assertThat(this.validateIdToken()).hasSize(1).extracting(OAuth2Error::getDescription)
+		// @formatter:off
+		assertThat(this.validateIdToken())
+				.hasSize(1)
+				.extracting(OAuth2Error::getDescription)
 				.allMatch((msg) -> msg.contains(IdTokenClaimNames.AZP));
+		// @formatter:on
 	}
 
 	@Test
 	public void validateWhenAudNotClientIdThenHasErrors() {
 		this.claims.put(IdTokenClaimNames.AUD, Collections.singletonList("other-client"));
-		assertThat(this.validateIdToken()).hasSize(1).extracting(OAuth2Error::getDescription)
+		// @formatter:off
+		assertThat(this.validateIdToken())
+				.hasSize(1)
+				.extracting(OAuth2Error::getDescription)
 				.allMatch((msg) -> msg.contains(IdTokenClaimNames.AUD));
+		// @formatter:on
 	}
 
 	@Test
@@ -192,8 +237,12 @@ public class OidcIdTokenValidatorTests {
 		this.issuedAt = Instant.now().minus(Duration.ofSeconds(60));
 		this.expiresAt = this.issuedAt.plus(Duration.ofSeconds(30));
 		this.clockSkew = Duration.ofSeconds(0);
-		assertThat(this.validateIdToken()).hasSize(1).extracting(OAuth2Error::getDescription)
+		// @formatter:off
+		assertThat(this.validateIdToken())
+				.hasSize(1)
+				.extracting(OAuth2Error::getDescription)
 				.allMatch((msg) -> msg.contains(IdTokenClaimNames.EXP));
+		// @formatter:on
 	}
 
 	@Test
@@ -209,8 +258,12 @@ public class OidcIdTokenValidatorTests {
 		this.issuedAt = Instant.now().plus(Duration.ofMinutes(1));
 		this.expiresAt = this.issuedAt.plus(Duration.ofSeconds(60));
 		this.clockSkew = Duration.ofMinutes(0);
-		assertThat(this.validateIdToken()).hasSize(1).extracting(OAuth2Error::getDescription)
+		// @formatter:off
+		assertThat(this.validateIdToken())
+				.hasSize(1)
+				.extracting(OAuth2Error::getDescription)
 				.allMatch((msg) -> msg.contains(IdTokenClaimNames.IAT));
+		// @formatter:on
 	}
 
 	@Test
@@ -218,8 +271,12 @@ public class OidcIdTokenValidatorTests {
 		this.issuedAt = Instant.now().minus(Duration.ofSeconds(10));
 		this.expiresAt = this.issuedAt.plus(Duration.ofSeconds(5));
 		this.clockSkew = Duration.ofSeconds(0);
-		assertThat(this.validateIdToken()).hasSize(1).extracting(OAuth2Error::getDescription)
+		// @formatter:off
+		assertThat(this.validateIdToken())
+				.hasSize(1)
+				.extracting(OAuth2Error::getDescription)
 				.allMatch((msg) -> msg.contains(IdTokenClaimNames.EXP));
+		// @formatter:on
 	}
 
 	@Test
@@ -228,24 +285,38 @@ public class OidcIdTokenValidatorTests {
 		this.claims.remove(IdTokenClaimNames.AUD);
 		this.issuedAt = null;
 		this.expiresAt = null;
-		assertThat(this.validateIdToken()).hasSize(1).extracting(OAuth2Error::getDescription)
+		// @formatter:off
+		assertThat(this.validateIdToken())
+				.hasSize(1)
+				.extracting(OAuth2Error::getDescription)
 				.allMatch((msg) -> msg.contains(IdTokenClaimNames.SUB))
 				.allMatch((msg) -> msg.contains(IdTokenClaimNames.AUD))
 				.allMatch((msg) -> msg.contains(IdTokenClaimNames.IAT))
 				.allMatch((msg) -> msg.contains(IdTokenClaimNames.EXP));
+		// @formatter:on
 	}
 
 	@Test
 	public void validateFormatError() {
 		this.claims.remove(IdTokenClaimNames.SUB);
 		this.claims.remove(IdTokenClaimNames.AUD);
-		assertThat(this.validateIdToken()).hasSize(1).extracting(OAuth2Error::getDescription)
+		// @formatter:off
+		assertThat(this.validateIdToken())
+				.hasSize(1)
+				.extracting(OAuth2Error::getDescription)
 				.allMatch((msg) -> msg.equals("The ID Token contains invalid claims: {sub=null, aud=null}"));
+		// @formatter:on
 	}
 
 	private Collection<OAuth2Error> validateIdToken() {
-		Jwt idToken = Jwt.withTokenValue("token").issuedAt(this.issuedAt).expiresAt(this.expiresAt)
-				.headers((h) -> h.putAll(this.headers)).claims((c) -> c.putAll(this.claims)).build();
+		// @formatter:off
+		Jwt idToken = Jwt.withTokenValue("token")
+				.issuedAt(this.issuedAt)
+				.expiresAt(this.expiresAt)
+				.headers((h) -> h.putAll(this.headers))
+				.claims((c) -> c.putAll(this.claims))
+				.build();
+		// @formatter:on
 		OidcIdTokenValidator validator = new OidcIdTokenValidator(this.registration.build());
 		validator.setClockSkew(this.clockSkew);
 		return validator.validate(idToken).getErrors();
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/ReactiveOidcIdTokenDecoderFactoryTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/ReactiveOidcIdTokenDecoderFactoryTests.java
index 736866d4d9..f5d694b549 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/ReactiveOidcIdTokenDecoderFactoryTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/ReactiveOidcIdTokenDecoderFactoryTests.java
@@ -50,7 +50,10 @@ import static org.mockito.Mockito.verify;
  */
 public class ReactiveOidcIdTokenDecoderFactoryTests {
 
-	private ClientRegistration.Builder registration = TestClientRegistrations.clientRegistration().scope("openid");
+	// @formatter:off
+	private ClientRegistration.Builder registration = TestClientRegistrations.clientRegistration()
+			.scope("openid");
+	// @formatter:on
 
 	private ReactiveOidcIdTokenDecoderFactory idTokenDecoderFactory;
 
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserServiceTests.java
index 602cf47e32..3693d635be 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserServiceTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserServiceTests.java
@@ -157,9 +157,16 @@ public class OidcUserServiceTests {
 	// gh-6886
 	@Test
 	public void loadUserWhenNonStandardScopesAuthorizedAndAccessibleScopesMatchThenUserInfoEndpointRequested() {
-		String userInfoResponse = "{\n" + "	\"sub\": \"subject1\",\n" + "   \"name\": \"first last\",\n"
-				+ "   \"given_name\": \"first\",\n" + "   \"family_name\": \"last\",\n"
-				+ "   \"preferred_username\": \"user1\",\n" + "   \"email\": \"user1@example.com\"\n" + "}\n";
+		// @formatter:off
+		String userInfoResponse = "{\n"
+			+ "   \"sub\": \"subject1\",\n"
+			+ "   \"name\": \"first last\",\n"
+			+ "   \"given_name\": \"first\",\n"
+			+ "   \"family_name\": \"last\",\n"
+			+ "   \"preferred_username\": \"user1\",\n"
+			+ "   \"email\": \"user1@example.com\"\n"
+			+ "}\n";
+		// @formatter:on
 		this.server.enqueue(jsonResponse(userInfoResponse));
 		String userInfoUri = this.server.url("/user").toString();
 		ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).build();
@@ -173,9 +180,16 @@ public class OidcUserServiceTests {
 	// gh-6886
 	@Test
 	public void loadUserWhenNonStandardScopesAuthorizedAndAccessibleScopesEmptyThenUserInfoEndpointRequested() {
-		String userInfoResponse = "{\n" + "	\"sub\": \"subject1\",\n" + "   \"name\": \"first last\",\n"
-				+ "   \"given_name\": \"first\",\n" + "   \"family_name\": \"last\",\n"
-				+ "   \"preferred_username\": \"user1\",\n" + "   \"email\": \"user1@example.com\"\n" + "}\n";
+		// @formatter:off
+		String userInfoResponse = "{\n"
+			+ "   \"sub\": \"subject1\",\n"
+			+ "   \"name\": \"first last\",\n"
+			+ "   \"given_name\": \"first\",\n"
+			+ "   \"family_name\": \"last\",\n"
+			+ "   \"preferred_username\": \"user1\",\n"
+			+ "   \"email\": \"user1@example.com\"\n"
+			+ "}\n";
+		// @formatter:on
 		this.server.enqueue(jsonResponse(userInfoResponse));
 		String userInfoUri = this.server.url("/user").toString();
 		ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).build();
@@ -189,9 +203,16 @@ public class OidcUserServiceTests {
 	// gh-6886
 	@Test
 	public void loadUserWhenStandardScopesAuthorizedThenUserInfoEndpointRequested() {
-		String userInfoResponse = "{\n" + "	\"sub\": \"subject1\",\n" + "   \"name\": \"first last\",\n"
-				+ "   \"given_name\": \"first\",\n" + "   \"family_name\": \"last\",\n"
-				+ "   \"preferred_username\": \"user1\",\n" + "   \"email\": \"user1@example.com\"\n" + "}\n";
+		// @formatter:off
+		String userInfoResponse = "{\n"
+			+ "	\"sub\": \"subject1\",\n"
+			+ "   \"name\": \"first last\",\n"
+			+ "   \"given_name\": \"first\",\n"
+			+ "   \"family_name\": \"last\",\n"
+			+ "   \"preferred_username\": \"user1\",\n"
+			+ "   \"email\": \"user1@example.com\"\n"
+			+ "}\n";
+		// @formatter:on
 		this.server.enqueue(jsonResponse(userInfoResponse));
 		String userInfoUri = this.server.url("/user").toString();
 		ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).build();
@@ -202,9 +223,16 @@ public class OidcUserServiceTests {
 
 	@Test
 	public void loadUserWhenUserInfoSuccessResponseThenReturnUser() {
-		String userInfoResponse = "{\n" + "	\"sub\": \"subject1\",\n" + "   \"name\": \"first last\",\n"
-				+ "   \"given_name\": \"first\",\n" + "   \"family_name\": \"last\",\n"
-				+ "   \"preferred_username\": \"user1\",\n" + "   \"email\": \"user1@example.com\"\n" + "}\n";
+		// @formatter:off
+		String userInfoResponse = "{\n"
+			+ "   \"sub\": \"subject1\",\n"
+			+ "   \"name\": \"first last\",\n"
+			+ "   \"given_name\": \"first\",\n"
+			+ "   \"family_name\": \"last\",\n"
+			+ "   \"preferred_username\": \"user1\",\n"
+			+ "   \"email\": \"user1@example.com\"\n"
+			+ "}\n";
+		// @formatter:on
 		this.server.enqueue(jsonResponse(userInfoResponse));
 		String userInfoUri = this.server.url("/user").toString();
 		ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).build();
@@ -234,8 +262,12 @@ public class OidcUserServiceTests {
 	public void loadUserWhenUserInfoSuccessResponseAndUserInfoSubjectIsNullThenThrowOAuth2AuthenticationException() {
 		this.exception.expect(OAuth2AuthenticationException.class);
 		this.exception.expectMessage(containsString("invalid_user_info_response"));
-		String userInfoResponse = "{\n" + "	\"email\": \"full_name@provider.com\",\n" + "	\"name\": \"full name\"\n"
+		// @formatter:off
+		String userInfoResponse = "{\n"
+				+ "   \"email\": \"full_name@provider.com\",\n"
+				+ "   \"name\": \"full name\"\n"
 				+ "}\n";
+		// @formatter:on
 		this.server.enqueue(jsonResponse(userInfoResponse));
 		String userInfoUri = this.server.url("/user").toString();
 		ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri)
@@ -259,10 +291,16 @@ public class OidcUserServiceTests {
 		this.exception.expect(OAuth2AuthenticationException.class);
 		this.exception.expectMessage(containsString(
 				"[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource"));
-		String userInfoResponse = "{\n" + "	\"sub\": \"subject1\",\n" + "   \"name\": \"first last\",\n"
-				+ "   \"given_name\": \"first\",\n" + "   \"family_name\": \"last\",\n"
-				+ "   \"preferred_username\": \"user1\",\n" + "   \"email\": \"user1@example.com\"\n";
-		// "}\n"; // Make the JSON invalid/malformed
+		// @formatter:off
+		String userInfoResponse = "{\n"
+			+ "   \"sub\": \"subject1\",\n"
+			+ "   \"name\": \"first last\",\n"
+			+ "   \"given_name\": \"first\",\n"
+			+ "   \"family_name\": \"last\",\n"
+			+ "   \"preferred_username\": \"user1\",\n"
+			+ "   \"email\": \"user1@example.com\"\n";
+			// "}\n"; // Make the JSON invalid/malformed
+		// @formatter:on
 		this.server.enqueue(jsonResponse(userInfoResponse));
 		String userInfoUri = this.server.url("/user").toString();
 		ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).build();
@@ -292,9 +330,16 @@ public class OidcUserServiceTests {
 
 	@Test
 	public void loadUserWhenCustomUserNameAttributeNameThenGetNameReturnsCustomUserName() {
-		String userInfoResponse = "{\n" + "	\"sub\": \"subject1\",\n" + "   \"name\": \"first last\",\n"
-				+ "   \"given_name\": \"first\",\n" + "   \"family_name\": \"last\",\n"
-				+ "   \"preferred_username\": \"user1\",\n" + "   \"email\": \"user1@example.com\"\n" + "}\n";
+		// @formatter:off
+		String userInfoResponse = "{\n"
+			+ "   \"sub\": \"subject1\",\n"
+			+ "   \"name\": \"first last\",\n"
+			+ "   \"given_name\": \"first\",\n"
+			+ "   \"family_name\": \"last\",\n"
+			+ "   \"preferred_username\": \"user1\",\n"
+			+ "   \"email\": \"user1@example.com\"\n"
+			+ "}\n";
+		// @formatter:on
 		this.server.enqueue(jsonResponse(userInfoResponse));
 		String userInfoUri = this.server.url("/user").toString();
 		ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri)
@@ -307,9 +352,16 @@ public class OidcUserServiceTests {
 	// gh-5294
 	@Test
 	public void loadUserWhenUserInfoSuccessResponseThenAcceptHeaderJson() throws Exception {
-		String userInfoResponse = "{\n" + "	\"sub\": \"subject1\",\n" + "   \"name\": \"first last\",\n"
-				+ "   \"given_name\": \"first\",\n" + "   \"family_name\": \"last\",\n"
-				+ "   \"preferred_username\": \"user1\",\n" + "   \"email\": \"user1@example.com\"\n" + "}\n";
+		// @formatter:off
+		String userInfoResponse = "{\n"
+			+ "   \"sub\": \"subject1\",\n"
+			+ "   \"name\": \"first last\",\n"
+			+ "   \"given_name\": \"first\",\n"
+			+ "   \"family_name\": \"last\",\n"
+			+ "   \"preferred_username\": \"user1\",\n"
+			+ "   \"email\": \"user1@example.com\"\n"
+			+ "}\n";
+		// @formatter:on
 		this.server.enqueue(jsonResponse(userInfoResponse));
 		String userInfoUri = this.server.url("/user").toString();
 		ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).build();
@@ -321,9 +373,16 @@ public class OidcUserServiceTests {
 	// gh-5500
 	@Test
 	public void loadUserWhenAuthenticationMethodHeaderSuccessResponseThenHttpMethodGet() throws Exception {
-		String userInfoResponse = "{\n" + "	\"sub\": \"subject1\",\n" + "   \"name\": \"first last\",\n"
-				+ "   \"given_name\": \"first\",\n" + "   \"family_name\": \"last\",\n"
-				+ "   \"preferred_username\": \"user1\",\n" + "   \"email\": \"user1@example.com\"\n" + "}\n";
+		// @formatter:off
+		String userInfoResponse = "{\n"
+			+ "   \"sub\": \"subject1\",\n"
+			+ "   \"name\": \"first last\",\n"
+			+ "   \"given_name\": \"first\",\n"
+			+ "   \"family_name\": \"last\",\n"
+			+ "   \"preferred_username\": \"user1\",\n"
+			+ "   \"email\": \"user1@example.com\"\n"
+			+ "}\n";
+		// @formatter:on
 		this.server.enqueue(jsonResponse(userInfoResponse));
 		String userInfoUri = this.server.url("/user").toString();
 		ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).build();
@@ -338,9 +397,16 @@ public class OidcUserServiceTests {
 	// gh-5500
 	@Test
 	public void loadUserWhenAuthenticationMethodFormSuccessResponseThenHttpMethodPost() throws Exception {
-		String userInfoResponse = "{\n" + "	\"sub\": \"subject1\",\n" + "   \"name\": \"first last\",\n"
-				+ "   \"given_name\": \"first\",\n" + "   \"family_name\": \"last\",\n"
-				+ "   \"preferred_username\": \"user1\",\n" + "   \"email\": \"user1@example.com\"\n" + "}\n";
+		// @formatter:off
+		String userInfoResponse = "{\n"
+			+ "   \"sub\": \"subject1\",\n"
+			+ "   \"name\": \"first last\",\n"
+			+ "   \"given_name\": \"first\",\n"
+			+ "   \"family_name\": \"last\",\n"
+			+ "   \"preferred_username\": \"user1\",\n"
+			+ "   \"email\": \"user1@example.com\"\n"
+			+ "}\n";
+		// @formatter:on
 		this.server.enqueue(jsonResponse(userInfoResponse));
 		String userInfoUri = this.server.url("/user").toString();
 		ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri)
@@ -355,9 +421,16 @@ public class OidcUserServiceTests {
 
 	@Test
 	public void loadUserWhenCustomClaimTypeConverterFactorySetThenApplied() {
-		String userInfoResponse = "{\n" + "	\"sub\": \"subject1\",\n" + "   \"name\": \"first last\",\n"
-				+ "   \"given_name\": \"first\",\n" + "   \"family_name\": \"last\",\n"
-				+ "   \"preferred_username\": \"user1\",\n" + "   \"email\": \"user1@example.com\"\n" + "}\n";
+		// @formatter:off
+		String userInfoResponse = "{\n"
+			+ "   \"sub\": \"subject1\",\n"
+			+ "   \"name\": \"first last\",\n"
+			+ "   \"given_name\": \"first\",\n"
+			+ "   \"family_name\": \"last\",\n"
+			+ "   \"preferred_username\": \"user1\",\n"
+			+ "   \"email\": \"user1@example.com\"\n"
+			+ "}\n";
+		// @formatter:on
 		this.server.enqueue(jsonResponse(userInfoResponse));
 		String userInfoUri = this.server.url("/user").toString();
 		ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).build();
@@ -395,7 +468,11 @@ public class OidcUserServiceTests {
 	}
 
 	private MockResponse jsonResponse(String json) {
-		return new MockResponse().setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE).setBody(json);
+		// @formatter:off
+		return new MockResponse()
+				.setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE)
+				.setBody(json);
+		// @formatter:on
 	}
 
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/logout/OidcClientInitiatedLogoutSuccessHandlerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/logout/OidcClientInitiatedLogoutSuccessHandlerTests.java
index f1b461e556..757ebd03b2 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/logout/OidcClientInitiatedLogoutSuccessHandlerTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/logout/OidcClientInitiatedLogoutSuccessHandlerTests.java
@@ -49,9 +49,12 @@ import static org.mockito.Mockito.mock;
 @RunWith(MockitoJUnitRunner.class)
 public class OidcClientInitiatedLogoutSuccessHandlerTests {
 
-	ClientRegistration registration = TestClientRegistrations.clientRegistration()
+	// @formatter:off
+	ClientRegistration registration = TestClientRegistrations
+			.clientRegistration()
 			.providerConfigurationMetadata(Collections.singletonMap("end_session_endpoint", "https://endpoint"))
 			.build();
+	// @formatter:on
 
 	ClientRegistrationRepository repository = new InMemoryClientRegistrationRepository(this.registration);
 
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/server/logout/OidcClientInitiatedServerLogoutSuccessHandlerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/server/logout/OidcClientInitiatedServerLogoutSuccessHandlerTests.java
index ba32753428..5714c5f4c1 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/server/logout/OidcClientInitiatedServerLogoutSuccessHandlerTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/server/logout/OidcClientInitiatedServerLogoutSuccessHandlerTests.java
@@ -51,9 +51,12 @@ import static org.mockito.Mockito.mock;
  */
 public class OidcClientInitiatedServerLogoutSuccessHandlerTests {
 
-	ClientRegistration registration = TestClientRegistrations.clientRegistration()
+	// @formatter:off
+	ClientRegistration registration = TestClientRegistrations
+			.clientRegistration()
 			.providerConfigurationMetadata(Collections.singletonMap("end_session_endpoint", "https://endpoint"))
 			.build();
+	// @formatter:on
 
 	ReactiveClientRegistrationRepository repository = new InMemoryReactiveClientRegistrationRepository(
 			this.registration);
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationTests.java
index e2d37065be..fba7dfd338 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationTests.java
@@ -72,21 +72,42 @@ public class ClientRegistrationTests {
 
 	@Test(expected = IllegalArgumentException.class)
 	public void buildWhenAuthorizationGrantTypeIsNullThenThrowIllegalArgumentException() {
-		ClientRegistration.withRegistrationId(REGISTRATION_ID).clientId(CLIENT_ID).clientSecret(CLIENT_SECRET)
-				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC).authorizationGrantType(null)
-				.redirectUri(REDIRECT_URI).scope(SCOPES.toArray(new String[0])).authorizationUri(AUTHORIZATION_URI)
-				.tokenUri(TOKEN_URI).userInfoAuthenticationMethod(AuthenticationMethod.FORM).jwkSetUri(JWK_SET_URI)
-				.clientName(CLIENT_NAME).build();
+		// @formatter:off
+		ClientRegistration.withRegistrationId(REGISTRATION_ID)
+				.clientId(CLIENT_ID)
+				.clientSecret(CLIENT_SECRET)
+				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
+				.authorizationGrantType(null)
+				.redirectUri(REDIRECT_URI)
+				.scope(SCOPES.toArray(new String[0]))
+				.authorizationUri(AUTHORIZATION_URI)
+				.tokenUri(TOKEN_URI)
+				.userInfoAuthenticationMethod(AuthenticationMethod.FORM)
+				.jwkSetUri(JWK_SET_URI)
+				.clientName(CLIENT_NAME)
+				.build();
+		// @formatter:on
 	}
 
 	@Test
 	public void buildWhenAuthorizationCodeGrantAllAttributesProvidedThenAllAttributesAreSet() {
-		ClientRegistration registration = ClientRegistration.withRegistrationId(REGISTRATION_ID).clientId(CLIENT_ID)
-				.clientSecret(CLIENT_SECRET).clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
-				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).redirectUri(REDIRECT_URI)
-				.scope(SCOPES.toArray(new String[0])).authorizationUri(AUTHORIZATION_URI).tokenUri(TOKEN_URI)
-				.userInfoAuthenticationMethod(AuthenticationMethod.FORM).jwkSetUri(JWK_SET_URI).issuerUri(ISSUER_URI)
-				.providerConfigurationMetadata(PROVIDER_CONFIGURATION_METADATA).clientName(CLIENT_NAME).build();
+		// @formatter:off
+		ClientRegistration registration = ClientRegistration.withRegistrationId(REGISTRATION_ID)
+				.clientId(CLIENT_ID)
+				.clientSecret(CLIENT_SECRET)
+				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
+				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
+				.redirectUri(REDIRECT_URI)
+				.scope(SCOPES.toArray(new String[0]))
+				.authorizationUri(AUTHORIZATION_URI)
+				.tokenUri(TOKEN_URI)
+				.userInfoAuthenticationMethod(AuthenticationMethod.FORM)
+				.jwkSetUri(JWK_SET_URI)
+				.issuerUri(ISSUER_URI)
+				.providerConfigurationMetadata(PROVIDER_CONFIGURATION_METADATA)
+				.clientName(CLIENT_NAME)
+				.build();
+		// @formatter:on
 		assertThat(registration.getRegistrationId()).isEqualTo(REGISTRATION_ID);
 		assertThat(registration.getClientId()).isEqualTo(CLIENT_ID);
 		assertThat(registration.getClientSecret()).isEqualTo(CLIENT_SECRET);
@@ -107,172 +128,308 @@ public class ClientRegistrationTests {
 
 	@Test(expected = IllegalArgumentException.class)
 	public void buildWhenAuthorizationCodeGrantRegistrationIdIsNullThenThrowIllegalArgumentException() {
-		ClientRegistration.withRegistrationId(null).clientId(CLIENT_ID).clientSecret(CLIENT_SECRET)
+		// @formatter:off
+		ClientRegistration.withRegistrationId(null)
+				.clientId(CLIENT_ID)
+				.clientSecret(CLIENT_SECRET)
 				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
-				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).redirectUri(REDIRECT_URI)
-				.scope(SCOPES.toArray(new String[0])).authorizationUri(AUTHORIZATION_URI).tokenUri(TOKEN_URI)
-				.userInfoAuthenticationMethod(AuthenticationMethod.FORM).jwkSetUri(JWK_SET_URI).clientName(CLIENT_NAME)
+				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
+				.redirectUri(REDIRECT_URI)
+				.scope(SCOPES.toArray(new String[0]))
+				.authorizationUri(AUTHORIZATION_URI)
+				.tokenUri(TOKEN_URI)
+				.userInfoAuthenticationMethod(AuthenticationMethod.FORM)
+				.jwkSetUri(JWK_SET_URI)
+				.clientName(CLIENT_NAME)
 				.build();
+		// @formatter:on
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void buildWhenAuthorizationCodeGrantClientIdIsNullThenThrowIllegalArgumentException() {
-		ClientRegistration.withRegistrationId(REGISTRATION_ID).clientId(null).clientSecret(CLIENT_SECRET)
+		// @formatter:off
+		ClientRegistration.withRegistrationId(REGISTRATION_ID)
+				.clientId(null)
+				.clientSecret(CLIENT_SECRET)
 				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
-				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).redirectUri(REDIRECT_URI)
-				.scope(SCOPES.toArray(new String[0])).authorizationUri(AUTHORIZATION_URI).tokenUri(TOKEN_URI)
-				.userInfoAuthenticationMethod(AuthenticationMethod.FORM).jwkSetUri(JWK_SET_URI).clientName(CLIENT_NAME)
+				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
+				.redirectUri(REDIRECT_URI)
+				.scope(SCOPES.toArray(new String[0]))
+				.authorizationUri(AUTHORIZATION_URI)
+				.tokenUri(TOKEN_URI)
+				.userInfoAuthenticationMethod(AuthenticationMethod.FORM)
+				.jwkSetUri(JWK_SET_URI)
+				.clientName(CLIENT_NAME)
 				.build();
+		// @formatter:on
 	}
 
 	@Test
 	public void buildWhenAuthorizationCodeGrantClientSecretIsNullThenDefaultToEmpty() {
+		// @formatter:off
 		ClientRegistration clientRegistration = ClientRegistration.withRegistrationId(REGISTRATION_ID)
-				.clientId(CLIENT_ID).clientSecret(null).clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
-				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).redirectUri(REDIRECT_URI)
-				.scope(SCOPES.toArray(new String[0])).authorizationUri(AUTHORIZATION_URI).tokenUri(TOKEN_URI)
-				.userInfoAuthenticationMethod(AuthenticationMethod.FORM).jwkSetUri(JWK_SET_URI).clientName(CLIENT_NAME)
+				.clientId(CLIENT_ID)
+				.clientSecret(null)
+				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
+				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
+				.redirectUri(REDIRECT_URI)
+				.scope(SCOPES.toArray(new String[0]))
+				.authorizationUri(AUTHORIZATION_URI)
+				.tokenUri(TOKEN_URI)
+				.userInfoAuthenticationMethod(AuthenticationMethod.FORM)
+				.jwkSetUri(JWK_SET_URI)
+				.clientName(CLIENT_NAME)
 				.build();
+		// @formatter:on
 		assertThat(clientRegistration.getClientSecret()).isEqualTo("");
 	}
 
 	@Test
 	public void buildWhenAuthorizationCodeGrantClientAuthenticationMethodNotProvidedThenDefaultToBasic() {
+		// @formatter:off
 		ClientRegistration clientRegistration = ClientRegistration.withRegistrationId(REGISTRATION_ID)
-				.clientId(CLIENT_ID).clientSecret(CLIENT_SECRET)
-				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).redirectUri(REDIRECT_URI)
-				.scope(SCOPES.toArray(new String[0])).authorizationUri(AUTHORIZATION_URI).tokenUri(TOKEN_URI)
-				.userInfoAuthenticationMethod(AuthenticationMethod.FORM).jwkSetUri(JWK_SET_URI).clientName(CLIENT_NAME)
+				.clientId(CLIENT_ID)
+				.clientSecret(CLIENT_SECRET)
+				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
+				.redirectUri(REDIRECT_URI)
+				.scope(SCOPES.toArray(new String[0]))
+				.authorizationUri(AUTHORIZATION_URI)
+				.tokenUri(TOKEN_URI)
+				.userInfoAuthenticationMethod(AuthenticationMethod.FORM)
+				.jwkSetUri(JWK_SET_URI)
+				.clientName(CLIENT_NAME)
 				.build();
+		// @formatter:on
 		assertThat(clientRegistration.getClientAuthenticationMethod()).isEqualTo(ClientAuthenticationMethod.BASIC);
 	}
 
 	@Test
 	public void buildWhenAuthorizationCodeGrantClientAuthenticationMethodNotProvidedAndClientSecretNullThenDefaultToNone() {
+		// @formatter:off
 		ClientRegistration clientRegistration = ClientRegistration.withRegistrationId(REGISTRATION_ID)
-				.clientId(CLIENT_ID).clientSecret(null)
-				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).redirectUri(REDIRECT_URI)
-				.scope(SCOPES.toArray(new String[0])).authorizationUri(AUTHORIZATION_URI).tokenUri(TOKEN_URI)
-				.userInfoAuthenticationMethod(AuthenticationMethod.FORM).jwkSetUri(JWK_SET_URI).clientName(CLIENT_NAME)
+				.clientId(CLIENT_ID)
+				.clientSecret(null)
+				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
+				.redirectUri(REDIRECT_URI)
+				.scope(SCOPES.toArray(new String[0]))
+				.authorizationUri(AUTHORIZATION_URI)
+				.tokenUri(TOKEN_URI)
+				.userInfoAuthenticationMethod(AuthenticationMethod.FORM)
+				.jwkSetUri(JWK_SET_URI)
+				.clientName(CLIENT_NAME)
 				.build();
+		// @formatter:on
 		assertThat(clientRegistration.getClientAuthenticationMethod()).isEqualTo(ClientAuthenticationMethod.NONE);
 	}
 
 	@Test
 	public void buildWhenAuthorizationCodeGrantClientAuthenticationMethodNotProvidedAndClientSecretBlankThenDefaultToNone() {
+		// @formatter:off
 		ClientRegistration clientRegistration = ClientRegistration.withRegistrationId(REGISTRATION_ID)
-				.clientId(CLIENT_ID).clientSecret(" ").authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
-				.redirectUri(REDIRECT_URI).scope(SCOPES.toArray(new String[0])).authorizationUri(AUTHORIZATION_URI)
-				.tokenUri(TOKEN_URI).userInfoAuthenticationMethod(AuthenticationMethod.FORM).jwkSetUri(JWK_SET_URI)
-				.clientName(CLIENT_NAME).build();
+				.clientId(CLIENT_ID)
+				.clientSecret(" ")
+				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
+				.redirectUri(REDIRECT_URI)
+				.scope(SCOPES.toArray(new String[0]))
+				.authorizationUri(AUTHORIZATION_URI)
+				.tokenUri(TOKEN_URI)
+				.userInfoAuthenticationMethod(AuthenticationMethod.FORM)
+				.jwkSetUri(JWK_SET_URI)
+				.clientName(CLIENT_NAME)
+				.build();
+		// @formatter:on
 		assertThat(clientRegistration.getClientAuthenticationMethod()).isEqualTo(ClientAuthenticationMethod.NONE);
 		assertThat(clientRegistration.getClientSecret()).isEqualTo("");
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void buildWhenAuthorizationCodeGrantRedirectUriIsNullThenThrowIllegalArgumentException() {
-		ClientRegistration.withRegistrationId(REGISTRATION_ID).clientId(CLIENT_ID).clientSecret(CLIENT_SECRET)
+		// @formatter:off
+		ClientRegistration.withRegistrationId(REGISTRATION_ID)
+				.clientId(CLIENT_ID)
+				.clientSecret(CLIENT_SECRET)
 				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
-				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).redirectUri(null)
-				.scope(SCOPES.toArray(new String[0])).authorizationUri(AUTHORIZATION_URI).tokenUri(TOKEN_URI)
-				.userInfoAuthenticationMethod(AuthenticationMethod.FORM).jwkSetUri(JWK_SET_URI).clientName(CLIENT_NAME)
+				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
+				.redirectUri(null)
+				.scope(SCOPES.toArray(new String[0]))
+				.authorizationUri(AUTHORIZATION_URI)
+				.tokenUri(TOKEN_URI)
+				.userInfoAuthenticationMethod(AuthenticationMethod.FORM)
+				.jwkSetUri(JWK_SET_URI)
+				.clientName(CLIENT_NAME)
 				.build();
+		// @formatter:on
 	}
 
 	// gh-5494
 	@Test
 	public void buildWhenAuthorizationCodeGrantScopeIsNullThenScopeNotRequired() {
-		ClientRegistration.withRegistrationId(REGISTRATION_ID).clientId(CLIENT_ID).clientSecret(CLIENT_SECRET)
+		// @formatter:off
+		ClientRegistration.withRegistrationId(REGISTRATION_ID)
+				.clientId(CLIENT_ID)
+				.clientSecret(CLIENT_SECRET)
 				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
-				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).redirectUri(REDIRECT_URI)
-				.scope((String[]) null).authorizationUri(AUTHORIZATION_URI).tokenUri(TOKEN_URI)
-				.userInfoAuthenticationMethod(AuthenticationMethod.FORM).jwkSetUri(JWK_SET_URI).clientName(CLIENT_NAME)
+				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
+				.redirectUri(REDIRECT_URI)
+				.scope((String[]) null)
+				.authorizationUri(AUTHORIZATION_URI)
+				.tokenUri(TOKEN_URI)
+				.userInfoAuthenticationMethod(AuthenticationMethod.FORM)
+				.jwkSetUri(JWK_SET_URI)
+				.clientName(CLIENT_NAME)
 				.build();
+		// @formatter:on
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void buildWhenAuthorizationCodeGrantAuthorizationUriIsNullThenThrowIllegalArgumentException() {
-		ClientRegistration.withRegistrationId(REGISTRATION_ID).clientId(CLIENT_ID).clientSecret(CLIENT_SECRET)
+		// @formatter:off
+		ClientRegistration.withRegistrationId(REGISTRATION_ID)
+				.clientId(CLIENT_ID)
+				.clientSecret(CLIENT_SECRET)
 				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
-				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).redirectUri(REDIRECT_URI)
-				.scope(SCOPES.toArray(new String[0])).authorizationUri(null).tokenUri(TOKEN_URI)
-				.userInfoAuthenticationMethod(AuthenticationMethod.FORM).jwkSetUri(JWK_SET_URI).clientName(CLIENT_NAME)
+				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
+				.redirectUri(REDIRECT_URI)
+				.scope(SCOPES.toArray(new String[0]))
+				.authorizationUri(null)
+				.tokenUri(TOKEN_URI)
+				.userInfoAuthenticationMethod(AuthenticationMethod.FORM)
+				.jwkSetUri(JWK_SET_URI)
+				.clientName(CLIENT_NAME)
 				.build();
+		// @formatter:on
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void buildWhenAuthorizationCodeGrantTokenUriIsNullThenThrowIllegalArgumentException() {
-		ClientRegistration.withRegistrationId(REGISTRATION_ID).clientId(CLIENT_ID).clientSecret(CLIENT_SECRET)
+		// @formatter:off
+		ClientRegistration.withRegistrationId(REGISTRATION_ID)
+				.clientId(CLIENT_ID)
+				.clientSecret(CLIENT_SECRET)
 				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
-				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).redirectUri(REDIRECT_URI)
-				.scope(SCOPES.toArray(new String[0])).authorizationUri(AUTHORIZATION_URI).tokenUri(null)
-				.userInfoAuthenticationMethod(AuthenticationMethod.FORM).jwkSetUri(JWK_SET_URI).clientName(CLIENT_NAME)
+				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
+				.redirectUri(REDIRECT_URI)
+				.scope(SCOPES.toArray(new String[0]))
+				.authorizationUri(AUTHORIZATION_URI)
+				.tokenUri(null)
+				.userInfoAuthenticationMethod(AuthenticationMethod.FORM)
+				.jwkSetUri(JWK_SET_URI)
+				.clientName(CLIENT_NAME)
 				.build();
+		// @formatter:on
 	}
 
 	@Test
 	public void buildWhenAuthorizationCodeGrantClientNameNotProvidedThenDefaultToRegistrationId() {
+		// @formatter:off
 		ClientRegistration clientRegistration = ClientRegistration.withRegistrationId(REGISTRATION_ID)
-				.clientId(CLIENT_ID).clientSecret(CLIENT_SECRET)
+				.clientId(CLIENT_ID)
+				.clientSecret(CLIENT_SECRET)
 				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
-				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).redirectUri(REDIRECT_URI)
-				.scope(SCOPES.toArray(new String[0])).authorizationUri(AUTHORIZATION_URI).tokenUri(TOKEN_URI)
-				.userInfoAuthenticationMethod(AuthenticationMethod.FORM).jwkSetUri(JWK_SET_URI).build();
+				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
+				.redirectUri(REDIRECT_URI)
+				.scope(SCOPES.toArray(new String[0]))
+				.authorizationUri(AUTHORIZATION_URI)
+				.tokenUri(TOKEN_URI)
+				.userInfoAuthenticationMethod(AuthenticationMethod.FORM)
+				.jwkSetUri(JWK_SET_URI)
+				.build();
+		// @formatter:on
 		assertThat(clientRegistration.getClientName()).isEqualTo(clientRegistration.getRegistrationId());
 	}
 
 	@Test
 	public void buildWhenAuthorizationCodeGrantScopeDoesNotContainOpenidThenJwkSetUriNotRequired() {
-		ClientRegistration.withRegistrationId(REGISTRATION_ID).clientId(CLIENT_ID).clientSecret(CLIENT_SECRET)
+		// @formatter:off
+		ClientRegistration.withRegistrationId(REGISTRATION_ID)
+				.clientId(CLIENT_ID)
+				.clientSecret(CLIENT_SECRET)
 				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
-				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).redirectUri(REDIRECT_URI)
-				.scope("scope1").authorizationUri(AUTHORIZATION_URI)
-				.userInfoAuthenticationMethod(AuthenticationMethod.FORM).tokenUri(TOKEN_URI).clientName(CLIENT_NAME)
+				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
+				.redirectUri(REDIRECT_URI)
+				.scope("scope1")
+				.authorizationUri(AUTHORIZATION_URI)
+				.userInfoAuthenticationMethod(AuthenticationMethod.FORM)
+				.tokenUri(TOKEN_URI)
+				.clientName(CLIENT_NAME)
 				.build();
+		// @formatter:on
 	}
 
 	// gh-5494
 	@Test
 	public void buildWhenAuthorizationCodeGrantScopeIsNullThenJwkSetUriNotRequired() {
-		ClientRegistration.withRegistrationId(REGISTRATION_ID).clientId(CLIENT_ID).clientSecret(CLIENT_SECRET)
+		// @formatter:off
+		ClientRegistration.withRegistrationId(REGISTRATION_ID)
+				.clientId(CLIENT_ID)
+				.clientSecret(CLIENT_SECRET)
 				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
-				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).redirectUri(REDIRECT_URI)
-				.authorizationUri(AUTHORIZATION_URI).tokenUri(TOKEN_URI).clientName(CLIENT_NAME).build();
+				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
+				.redirectUri(REDIRECT_URI)
+				.authorizationUri(AUTHORIZATION_URI)
+				.tokenUri(TOKEN_URI)
+				.clientName(CLIENT_NAME)
+				.build();
+		// @formatter:on
 	}
 
 	@Test
 	public void buildWhenAuthorizationCodeGrantProviderConfigurationMetadataIsNullThenDefaultToEmpty() {
+		// @formatter:off
 		ClientRegistration clientRegistration = ClientRegistration.withRegistrationId(REGISTRATION_ID)
-				.clientId(CLIENT_ID).clientSecret(CLIENT_SECRET)
+				.clientId(CLIENT_ID)
+				.clientSecret(CLIENT_SECRET)
 				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
-				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).redirectUri(REDIRECT_URI)
-				.scope(SCOPES.toArray(new String[0])).authorizationUri(AUTHORIZATION_URI).tokenUri(TOKEN_URI)
-				.userInfoAuthenticationMethod(AuthenticationMethod.HEADER).providerConfigurationMetadata(null)
-				.jwkSetUri(JWK_SET_URI).clientName(CLIENT_NAME).build();
+				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
+				.redirectUri(REDIRECT_URI)
+				.scope(SCOPES.toArray(new String[0]))
+				.authorizationUri(AUTHORIZATION_URI)
+				.tokenUri(TOKEN_URI)
+				.userInfoAuthenticationMethod(AuthenticationMethod.HEADER)
+				.providerConfigurationMetadata(null)
+				.jwkSetUri(JWK_SET_URI)
+				.clientName(CLIENT_NAME)
+				.build();
+		// @formatter:on
 		assertThat(clientRegistration.getProviderDetails().getConfigurationMetadata()).isNotNull();
 		assertThat(clientRegistration.getProviderDetails().getConfigurationMetadata()).isEmpty();
 	}
 
 	@Test
 	public void buildWhenAuthorizationCodeGrantProviderConfigurationMetadataEmptyThenIsEmpty() {
+		// @formatter:off
 		ClientRegistration clientRegistration = ClientRegistration.withRegistrationId(REGISTRATION_ID)
-				.clientId(CLIENT_ID).clientSecret(CLIENT_SECRET)
+				.clientId(CLIENT_ID)
+				.clientSecret(CLIENT_SECRET)
 				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
-				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).redirectUri(REDIRECT_URI)
-				.scope(SCOPES.toArray(new String[0])).authorizationUri(AUTHORIZATION_URI).tokenUri(TOKEN_URI)
+				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
+				.redirectUri(REDIRECT_URI)
+				.scope(SCOPES.toArray(new String[0]))
+				.authorizationUri(AUTHORIZATION_URI)
+				.tokenUri(TOKEN_URI)
 				.userInfoAuthenticationMethod(AuthenticationMethod.HEADER)
-				.providerConfigurationMetadata(Collections.emptyMap()).jwkSetUri(JWK_SET_URI).clientName(CLIENT_NAME)
+				.providerConfigurationMetadata(Collections.emptyMap())
+				.jwkSetUri(JWK_SET_URI)
+				.clientName(CLIENT_NAME)
 				.build();
+		// @formatter:on
 		assertThat(clientRegistration.getProviderDetails().getConfigurationMetadata()).isNotNull();
 		assertThat(clientRegistration.getProviderDetails().getConfigurationMetadata()).isEmpty();
 	}
 
 	@Test
 	public void buildWhenImplicitGrantAllAttributesProvidedThenAllAttributesAreSet() {
-		ClientRegistration registration = ClientRegistration.withRegistrationId(REGISTRATION_ID).clientId(CLIENT_ID)
-				.authorizationGrantType(AuthorizationGrantType.IMPLICIT).redirectUri(REDIRECT_URI)
-				.scope(SCOPES.toArray(new String[0])).authorizationUri(AUTHORIZATION_URI)
-				.userInfoAuthenticationMethod(AuthenticationMethod.FORM).clientName(CLIENT_NAME).build();
+		// @formatter:off
+		ClientRegistration registration = ClientRegistration.withRegistrationId(REGISTRATION_ID)
+				.clientId(CLIENT_ID)
+				.authorizationGrantType(AuthorizationGrantType.IMPLICIT)
+				.redirectUri(REDIRECT_URI)
+				.scope(SCOPES.toArray(new String[0]))
+				.authorizationUri(AUTHORIZATION_URI)
+				.userInfoAuthenticationMethod(AuthenticationMethod.FORM)
+				.clientName(CLIENT_NAME)
+				.build();
+		// @formatter:on
 		assertThat(registration.getRegistrationId()).isEqualTo(REGISTRATION_ID);
 		assertThat(registration.getClientId()).isEqualTo(CLIENT_ID);
 		assertThat(registration.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.IMPLICIT);
@@ -286,72 +443,129 @@ public class ClientRegistrationTests {
 
 	@Test(expected = IllegalArgumentException.class)
 	public void buildWhenImplicitGrantRegistrationIdIsNullThenThrowIllegalArgumentException() {
-		ClientRegistration.withRegistrationId(null).clientId(CLIENT_ID)
-				.authorizationGrantType(AuthorizationGrantType.IMPLICIT).redirectUri(REDIRECT_URI)
-				.scope(SCOPES.toArray(new String[0])).authorizationUri(AUTHORIZATION_URI)
-				.userInfoAuthenticationMethod(AuthenticationMethod.FORM).clientName(CLIENT_NAME).build();
+		// @formatter:off
+		ClientRegistration.withRegistrationId(null)
+				.clientId(CLIENT_ID)
+				.authorizationGrantType(AuthorizationGrantType.IMPLICIT)
+				.redirectUri(REDIRECT_URI)
+				.scope(SCOPES.toArray(new String[0]))
+				.authorizationUri(AUTHORIZATION_URI)
+				.userInfoAuthenticationMethod(AuthenticationMethod.FORM)
+				.clientName(CLIENT_NAME)
+				.build();
+		// @formatter:on
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void buildWhenImplicitGrantClientIdIsNullThenThrowIllegalArgumentException() {
-		ClientRegistration.withRegistrationId(REGISTRATION_ID).clientId(null)
-				.authorizationGrantType(AuthorizationGrantType.IMPLICIT).redirectUri(REDIRECT_URI)
-				.scope(SCOPES.toArray(new String[0])).authorizationUri(AUTHORIZATION_URI)
-				.userInfoAuthenticationMethod(AuthenticationMethod.FORM).clientName(CLIENT_NAME).build();
+		// @formatter:off
+		ClientRegistration.withRegistrationId(REGISTRATION_ID)
+				.clientId(null)
+				.authorizationGrantType(AuthorizationGrantType.IMPLICIT)
+				.redirectUri(REDIRECT_URI)
+				.scope(SCOPES.toArray(new String[0]))
+				.authorizationUri(AUTHORIZATION_URI)
+				.userInfoAuthenticationMethod(AuthenticationMethod.FORM)
+				.clientName(CLIENT_NAME)
+				.build();
+		// @formatter:on
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void buildWhenImplicitGrantRedirectUriIsNullThenThrowIllegalArgumentException() {
-		ClientRegistration.withRegistrationId(REGISTRATION_ID).clientId(CLIENT_ID)
-				.authorizationGrantType(AuthorizationGrantType.IMPLICIT).redirectUri(null)
-				.scope(SCOPES.toArray(new String[0])).authorizationUri(AUTHORIZATION_URI)
-				.userInfoAuthenticationMethod(AuthenticationMethod.FORM).clientName(CLIENT_NAME).build();
+		// @formatter:off
+		ClientRegistration.withRegistrationId(REGISTRATION_ID)
+				.clientId(CLIENT_ID)
+				.authorizationGrantType(AuthorizationGrantType.IMPLICIT)
+				.redirectUri(null)
+				.scope(SCOPES.toArray(new String[0]))
+				.authorizationUri(AUTHORIZATION_URI)
+				.userInfoAuthenticationMethod(AuthenticationMethod.FORM)
+				.clientName(CLIENT_NAME)
+				.build();
+		// @formatter:on
 	}
 
 	// gh-5494
 	@Test
 	public void buildWhenImplicitGrantScopeIsNullThenScopeNotRequired() {
-		ClientRegistration.withRegistrationId(REGISTRATION_ID).clientId(CLIENT_ID)
-				.authorizationGrantType(AuthorizationGrantType.IMPLICIT).redirectUri(REDIRECT_URI)
-				.scope((String[]) null).authorizationUri(AUTHORIZATION_URI)
-				.userInfoAuthenticationMethod(AuthenticationMethod.FORM).clientName(CLIENT_NAME).build();
+		// @formatter:off
+		ClientRegistration.withRegistrationId(REGISTRATION_ID)
+				.clientId(CLIENT_ID)
+				.authorizationGrantType(AuthorizationGrantType.IMPLICIT)
+				.redirectUri(REDIRECT_URI)
+				.scope((String[]) null)
+				.authorizationUri(AUTHORIZATION_URI)
+				.userInfoAuthenticationMethod(AuthenticationMethod.FORM)
+				.clientName(CLIENT_NAME)
+				.build();
+		// @formatter:on
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void buildWhenImplicitGrantAuthorizationUriIsNullThenThrowIllegalArgumentException() {
-		ClientRegistration.withRegistrationId(REGISTRATION_ID).clientId(CLIENT_ID)
-				.authorizationGrantType(AuthorizationGrantType.IMPLICIT).redirectUri(REDIRECT_URI)
-				.scope(SCOPES.toArray(new String[0])).authorizationUri(null)
-				.userInfoAuthenticationMethod(AuthenticationMethod.FORM).clientName(CLIENT_NAME).build();
+		// @formatter:off
+		ClientRegistration.withRegistrationId(REGISTRATION_ID)
+				.clientId(CLIENT_ID)
+				.authorizationGrantType(AuthorizationGrantType.IMPLICIT)
+				.redirectUri(REDIRECT_URI)
+				.scope(SCOPES.toArray(new String[0]))
+				.authorizationUri(null)
+				.userInfoAuthenticationMethod(AuthenticationMethod.FORM)
+				.clientName(CLIENT_NAME)
+				.build();
+		// @formatter:on
 	}
 
 	@Test
 	public void buildWhenImplicitGrantClientNameNotProvidedThenDefaultToRegistrationId() {
+		// @formatter:off
 		ClientRegistration clientRegistration = ClientRegistration.withRegistrationId(REGISTRATION_ID)
-				.clientId(CLIENT_ID).authorizationGrantType(AuthorizationGrantType.IMPLICIT).redirectUri(REDIRECT_URI)
-				.scope(SCOPES.toArray(new String[0])).authorizationUri(AUTHORIZATION_URI)
-				.userInfoAuthenticationMethod(AuthenticationMethod.FORM).build();
+				.clientId(CLIENT_ID)
+				.authorizationGrantType(AuthorizationGrantType.IMPLICIT)
+				.redirectUri(REDIRECT_URI)
+				.scope(SCOPES.toArray(new String[0]))
+				.authorizationUri(AUTHORIZATION_URI)
+				.userInfoAuthenticationMethod(AuthenticationMethod.FORM)
+				.build();
+		// @formatter:on
 		assertThat(clientRegistration.getClientName()).isEqualTo(clientRegistration.getRegistrationId());
 	}
 
 	@Test
 	public void buildWhenOverrideRegistrationIdThenOverridden() {
 		String overriddenId = "override";
+		// @formatter:off
 		ClientRegistration registration = ClientRegistration.withRegistrationId(REGISTRATION_ID)
-				.registrationId(overriddenId).clientId(CLIENT_ID).clientSecret(CLIENT_SECRET)
+				.registrationId(overriddenId)
+				.clientId(CLIENT_ID)
+				.clientSecret(CLIENT_SECRET)
 				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
-				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).redirectUri(REDIRECT_URI)
-				.scope(SCOPES.toArray(new String[0])).authorizationUri(AUTHORIZATION_URI).tokenUri(TOKEN_URI)
-				.jwkSetUri(JWK_SET_URI).clientName(CLIENT_NAME).build();
+				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
+				.redirectUri(REDIRECT_URI)
+				.scope(SCOPES.toArray(new String[0]))
+				.authorizationUri(AUTHORIZATION_URI)
+				.tokenUri(TOKEN_URI)
+				.jwkSetUri(JWK_SET_URI)
+				.clientName(CLIENT_NAME)
+				.build();
+		// @formatter:on
 		assertThat(registration.getRegistrationId()).isEqualTo(overriddenId);
 	}
 
 	@Test
 	public void buildWhenClientCredentialsGrantAllAttributesProvidedThenAllAttributesAreSet() {
-		ClientRegistration registration = ClientRegistration.withRegistrationId(REGISTRATION_ID).clientId(CLIENT_ID)
-				.clientSecret(CLIENT_SECRET).clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
-				.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS).scope(SCOPES.toArray(new String[0]))
-				.tokenUri(TOKEN_URI).clientName(CLIENT_NAME).build();
+		// @formatter:off
+		ClientRegistration registration = ClientRegistration.withRegistrationId(REGISTRATION_ID)
+				.clientId(CLIENT_ID)
+				.clientSecret(CLIENT_SECRET)
+				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
+				.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS)
+				.scope(SCOPES.toArray(new String[0]))
+				.tokenUri(TOKEN_URI)
+				.clientName(CLIENT_NAME)
+				.build();
+		// @formatter:on
 		assertThat(registration.getRegistrationId()).isEqualTo(REGISTRATION_ID);
 		assertThat(registration.getClientId()).isEqualTo(CLIENT_ID);
 		assertThat(registration.getClientSecret()).isEqualTo(CLIENT_SECRET);
@@ -379,17 +593,28 @@ public class ClientRegistrationTests {
 
 	@Test
 	public void buildWhenClientCredentialsGrantClientSecretIsNullThenDefaultToEmpty() {
+		// @formatter:off
 		ClientRegistration clientRegistration = ClientRegistration.withRegistrationId(REGISTRATION_ID)
-				.clientId(CLIENT_ID).clientSecret(null).clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
-				.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS).tokenUri(TOKEN_URI).build();
+				.clientId(CLIENT_ID)
+				.clientSecret(null)
+				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
+				.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS)
+				.tokenUri(TOKEN_URI)
+				.build();
+		// @formatter:on
 		assertThat(clientRegistration.getClientSecret()).isEqualTo("");
 	}
 
 	@Test
 	public void buildWhenClientCredentialsGrantClientAuthenticationMethodNotProvidedThenDefaultToBasic() {
+		// @formatter:off
 		ClientRegistration clientRegistration = ClientRegistration.withRegistrationId(REGISTRATION_ID)
-				.clientId(CLIENT_ID).clientSecret(CLIENT_SECRET)
-				.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS).tokenUri(TOKEN_URI).build();
+				.clientId(CLIENT_ID)
+				.clientSecret(CLIENT_SECRET)
+				.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS)
+				.tokenUri(TOKEN_URI)
+				.build();
+		// @formatter:on
 		assertThat(clientRegistration.getClientAuthenticationMethod()).isEqualTo(ClientAuthenticationMethod.BASIC);
 	}
 
@@ -416,10 +641,17 @@ public class ClientRegistrationTests {
 
 	@Test
 	public void buildWhenPasswordGrantAllAttributesProvidedThenAllAttributesAreSet() {
-		ClientRegistration registration = ClientRegistration.withRegistrationId(REGISTRATION_ID).clientId(CLIENT_ID)
-				.clientSecret(CLIENT_SECRET).clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
-				.authorizationGrantType(AuthorizationGrantType.PASSWORD).scope(SCOPES.toArray(new String[0]))
-				.tokenUri(TOKEN_URI).clientName(CLIENT_NAME).build();
+		// @formatter:off
+		ClientRegistration registration = ClientRegistration.withRegistrationId(REGISTRATION_ID)
+				.clientId(CLIENT_ID)
+				.clientSecret(CLIENT_SECRET)
+				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
+				.authorizationGrantType(AuthorizationGrantType.PASSWORD)
+				.scope(SCOPES.toArray(new String[0]))
+				.tokenUri(TOKEN_URI)
+				.clientName(CLIENT_NAME)
+				.build();
+		// @formatter:on
 		assertThat(registration.getRegistrationId()).isEqualTo(REGISTRATION_ID);
 		assertThat(registration.getClientId()).isEqualTo(CLIENT_ID);
 		assertThat(registration.getClientSecret()).isEqualTo(CLIENT_SECRET);
@@ -432,50 +664,91 @@ public class ClientRegistrationTests {
 
 	@Test
 	public void buildWhenPasswordGrantRegistrationIdIsNullThenThrowIllegalArgumentException() {
+		// @formatter:off
 		assertThatIllegalArgumentException()
-				.isThrownBy(() -> ClientRegistration.withRegistrationId(null).clientId(CLIENT_ID)
-						.clientSecret(CLIENT_SECRET).clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
-						.authorizationGrantType(AuthorizationGrantType.PASSWORD).tokenUri(TOKEN_URI).build());
+				.isThrownBy(() -> ClientRegistration.withRegistrationId(null)
+						.clientId(CLIENT_ID)
+						.clientSecret(CLIENT_SECRET)
+						.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
+						.authorizationGrantType(AuthorizationGrantType.PASSWORD)
+						.tokenUri(TOKEN_URI)
+						.build()
+				);
+		// @formatter:on
 	}
 
 	@Test
 	public void buildWhenPasswordGrantClientIdIsNullThenThrowIllegalArgumentException() {
-		assertThatIllegalArgumentException().isThrownBy(() -> ClientRegistration.withRegistrationId(REGISTRATION_ID)
-				.clientId(null).clientSecret(CLIENT_SECRET).clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
-				.authorizationGrantType(AuthorizationGrantType.PASSWORD).tokenUri(TOKEN_URI).build());
+		// @formatter:off
+		assertThatIllegalArgumentException().isThrownBy(() -> ClientRegistration
+				.withRegistrationId(REGISTRATION_ID)
+				.clientId(null)
+				.clientSecret(CLIENT_SECRET)
+				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
+				.authorizationGrantType(AuthorizationGrantType.PASSWORD)
+				.tokenUri(TOKEN_URI)
+				.build()
+		);
+		// @formatter:on
 	}
 
 	@Test
 	public void buildWhenPasswordGrantClientSecretIsNullThenDefaultToEmpty() {
+		// @formatter:off
 		ClientRegistration clientRegistration = ClientRegistration.withRegistrationId(REGISTRATION_ID)
-				.clientId(CLIENT_ID).clientSecret(null).clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
-				.authorizationGrantType(AuthorizationGrantType.PASSWORD).tokenUri(TOKEN_URI).build();
+				.clientId(CLIENT_ID)
+				.clientSecret(null)
+				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
+				.authorizationGrantType(AuthorizationGrantType.PASSWORD)
+				.tokenUri(TOKEN_URI)
+				.build();
+		// @formatter:on
 		assertThat(clientRegistration.getClientSecret()).isEqualTo("");
 	}
 
 	@Test
 	public void buildWhenPasswordGrantClientAuthenticationMethodNotProvidedThenDefaultToBasic() {
+		// @formatter:off
 		ClientRegistration clientRegistration = ClientRegistration.withRegistrationId(REGISTRATION_ID)
-				.clientId(CLIENT_ID).clientSecret(CLIENT_SECRET).authorizationGrantType(AuthorizationGrantType.PASSWORD)
-				.tokenUri(TOKEN_URI).build();
+				.clientId(CLIENT_ID)
+				.clientSecret(CLIENT_SECRET)
+				.authorizationGrantType(AuthorizationGrantType.PASSWORD)
+				.tokenUri(TOKEN_URI)
+				.build();
+		// @formatter:on
 		assertThat(clientRegistration.getClientAuthenticationMethod()).isEqualTo(ClientAuthenticationMethod.BASIC);
 	}
 
 	@Test
 	public void buildWhenPasswordGrantTokenUriIsNullThenThrowIllegalArgumentException() {
+		// @formatter:off
 		assertThatIllegalArgumentException()
-				.isThrownBy(() -> ClientRegistration.withRegistrationId(REGISTRATION_ID).clientId(CLIENT_ID)
-						.clientSecret(CLIENT_SECRET).clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
-						.authorizationGrantType(AuthorizationGrantType.PASSWORD).tokenUri(null).build());
+				.isThrownBy(() -> ClientRegistration.withRegistrationId(REGISTRATION_ID)
+						.clientId(CLIENT_ID)
+						.clientSecret(CLIENT_SECRET)
+						.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
+						.authorizationGrantType(AuthorizationGrantType.PASSWORD)
+						.tokenUri(null)
+						.build()
+				);
+		// @formatter:on
 	}
 
 	@Test
 	public void buildWhenCustomGrantAllAttributesProvidedThenAllAttributesAreSet() {
 		AuthorizationGrantType customGrantType = new AuthorizationGrantType("CUSTOM");
-		ClientRegistration registration = ClientRegistration.withRegistrationId(REGISTRATION_ID).clientId(CLIENT_ID)
-				.clientSecret(CLIENT_SECRET).clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
-				.authorizationGrantType(customGrantType).scope(SCOPES.toArray(new String[0])).tokenUri(TOKEN_URI)
-				.clientName(CLIENT_NAME).build();
+		// @formatter:off
+		ClientRegistration registration = ClientRegistration
+				.withRegistrationId(REGISTRATION_ID)
+				.clientId(CLIENT_ID)
+				.clientSecret(CLIENT_SECRET)
+				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
+				.authorizationGrantType(customGrantType)
+				.scope(SCOPES.toArray(new String[0]))
+				.tokenUri(TOKEN_URI)
+				.clientName(CLIENT_NAME)
+				.build();
+		// @formatter:on
 		assertThat(registration.getRegistrationId()).isEqualTo(REGISTRATION_ID);
 		assertThat(registration.getClientId()).isEqualTo(CLIENT_ID);
 		assertThat(registration.getClientSecret()).isEqualTo(CLIENT_SECRET);
@@ -532,9 +805,13 @@ public class ClientRegistrationTests {
 	@Test
 	public void buildWhenClientRegistrationValuesOverriddenThenPropagated() {
 		ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build();
+		// @formatter:off
 		ClientRegistration updated = ClientRegistration.withClientRegistration(clientRegistration)
-				.clientSecret("a-new-secret").scope("a-new-scope")
-				.providerConfigurationMetadata(Collections.singletonMap("a-new-config", "a-new-value")).build();
+				.clientSecret("a-new-secret")
+				.scope("a-new-scope")
+				.providerConfigurationMetadata(Collections.singletonMap("a-new-config", "a-new-value"))
+				.build();
+		// @formatter:on
 		assertThat(clientRegistration.getClientSecret()).isNotEqualTo(updated.getClientSecret());
 		assertThat(updated.getClientSecret()).isEqualTo("a-new-secret");
 		assertThat(clientRegistration.getScopes()).doesNotContain("a-new-scope");
@@ -549,10 +826,16 @@ public class ClientRegistrationTests {
 	@Test
 	public void buildWhenCustomClientAuthenticationMethodProvidedThenSet() {
 		ClientAuthenticationMethod clientAuthenticationMethod = new ClientAuthenticationMethod("tls_client_auth");
+		// @formatter:off
 		ClientRegistration clientRegistration = ClientRegistration.withRegistrationId(REGISTRATION_ID)
-				.clientId(CLIENT_ID).authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
-				.clientAuthenticationMethod(clientAuthenticationMethod).redirectUri(REDIRECT_URI)
-				.authorizationUri(AUTHORIZATION_URI).tokenUri(TOKEN_URI).build();
+				.clientId(CLIENT_ID)
+				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
+				.clientAuthenticationMethod(clientAuthenticationMethod)
+				.redirectUri(REDIRECT_URI)
+				.authorizationUri(AUTHORIZATION_URI)
+				.tokenUri(TOKEN_URI)
+				.build();
+		// @formatter:on
 		assertThat(clientRegistration.getClientAuthenticationMethod()).isEqualTo(clientAuthenticationMethod);
 	}
 
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationsTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationsTests.java
index 9510deb6d0..755e451e59 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationsTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationsTests.java
@@ -48,27 +48,61 @@ public class ClientRegistrationsTests {
 	/**
 	 * Contains all optional parameters that are found in ClientRegistration
 	 */
+	// @formatter:off
 	private static final String DEFAULT_RESPONSE = "{\n"
 			+ "    \"authorization_endpoint\": \"https://example.com/o/oauth2/v2/auth\", \n"
-			+ "    \"claims_supported\": [\n" + "        \"aud\", \n" + "        \"email\", \n"
-			+ "        \"email_verified\", \n" + "        \"exp\", \n" + "        \"family_name\", \n"
-			+ "        \"given_name\", \n" + "        \"iat\", \n" + "        \"iss\", \n" + "        \"locale\", \n"
-			+ "        \"name\", \n" + "        \"picture\", \n" + "        \"sub\"\n" + "    ], \n"
-			+ "    \"code_challenge_methods_supported\": [\n" + "        \"plain\", \n" + "        \"S256\"\n"
-			+ "    ], \n" + "    \"id_token_signing_alg_values_supported\": [\n" + "        \"RS256\"\n" + "    ], \n"
+			+ "    \"claims_supported\": [\n"
+			+ "        \"aud\", \n"
+			+ "        \"email\", \n"
+			+ "        \"email_verified\", \n"
+			+ "        \"exp\", \n"
+			+ "        \"family_name\", \n"
+			+ "        \"given_name\", \n"
+			+ "        \"iat\", \n"
+			+ "        \"iss\", \n"
+			+ "        \"locale\", \n"
+			+ "        \"name\", \n"
+			+ "        \"picture\", \n"
+			+ "        \"sub\"\n"
+			+ "    ], \n"
+			+ "    \"code_challenge_methods_supported\": [\n"
+			+ "        \"plain\", \n"
+			+ "        \"S256\"\n"
+			+ "    ], \n"
+			+ "    \"id_token_signing_alg_values_supported\": [\n"
+			+ "        \"RS256\"\n"
+			+ "    ], \n"
 			+ "    \"issuer\": \"https://example.com\", \n"
-			+ "    \"jwks_uri\": \"https://example.com/oauth2/v3/certs\", \n" + "    \"response_types_supported\": [\n"
-			+ "        \"code\", \n" + "        \"token\", \n" + "        \"id_token\", \n"
-			+ "        \"code token\", \n" + "        \"code id_token\", \n" + "        \"token id_token\", \n"
-			+ "        \"code token id_token\", \n" + "        \"none\"\n" + "    ], \n"
+			+ "    \"jwks_uri\": \"https://example.com/oauth2/v3/certs\", \n"
+			+ "    \"response_types_supported\": [\n"
+			+ "        \"code\", \n"
+			+ "        \"token\", \n"
+			+ "        \"id_token\", \n"
+			+ "        \"code token\", \n"
+			+ "        \"code id_token\", \n"
+			+ "        \"token id_token\", \n"
+			+ "        \"code token id_token\", \n"
+			+ "        \"none\"\n"
+			+ "    ], \n"
 			+ "    \"revocation_endpoint\": \"https://example.com/o/oauth2/revoke\", \n"
-			+ "    \"scopes_supported\": [\n" + "        \"openid\", \n" + "        \"email\", \n"
-			+ "        \"profile\"\n" + "    ], \n" + "    \"subject_types_supported\": [\n" + "        \"public\"\n"
-			+ "    ], \n" + "    \"grant_types_supported\" : [\"authorization_code\"], \n"
+			+ "    \"scopes_supported\": [\n"
+			+ "        \"openid\", \n"
+			+ "        \"email\", \n"
+			+ "        \"profile\"\n"
+			+ "    ], \n"
+			+ "    \"subject_types_supported\": [\n"
+			+ "        \"public\"\n"
+			+ "    ], \n"
+			+ "    \"grant_types_supported\" : [\"authorization_code\"], \n"
 			+ "    \"token_endpoint\": \"https://example.com/oauth2/v4/token\", \n"
-			+ "    \"token_endpoint_auth_methods_supported\": [\n" + "        \"client_secret_post\", \n"
-			+ "        \"client_secret_basic\", \n" + "        \"none\"\n" + "    ], \n"
-			+ "    \"userinfo_endpoint\": \"https://example.com/oauth2/v3/userinfo\"\n" + "}";
+			+ "    \"token_endpoint_auth_methods_supported\": [\n"
+			+ "        \"client_secret_post\", \n"
+			+ "        \"client_secret_basic\", \n"
+			+ "        \"none\"\n"
+			+ "    ], \n"
+			+ "    \"userinfo_endpoint\": \"https://example.com/oauth2/v3/userinfo\"\n"
+			+ "}";
+	// @formatter:on
 
 	private MockWebServer server;
 
@@ -301,31 +335,43 @@ public class ClientRegistrationsTests {
 	@Test
 	public void issuerWhenTokenEndpointAuthMethodsInvalidThenException() {
 		this.response.put("token_endpoint_auth_methods_supported", Arrays.asList("tls_client_auth"));
-		assertThatIllegalArgumentException().isThrownBy(() -> registration(""))
+		// @formatter:off
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> registration(""))
 				.withMessageContaining("Only ClientAuthenticationMethod.BASIC, ClientAuthenticationMethod.POST and "
 						+ "ClientAuthenticationMethod.NONE are supported. The issuer \"" + this.issuer
 						+ "\" returned a configuration of [tls_client_auth]");
+		// @formatter:on
 	}
 
 	@Test
 	public void issuerWhenOAuth2TokenEndpointAuthMethodsInvalidThenException() {
 		this.response.put("token_endpoint_auth_methods_supported", Arrays.asList("tls_client_auth"));
-		assertThatIllegalArgumentException().isThrownBy(() -> registrationOAuth2("", null))
+		// @formatter:off
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> registrationOAuth2("", null))
 				.withMessageContaining("Only ClientAuthenticationMethod.BASIC, ClientAuthenticationMethod.POST and "
 						+ "ClientAuthenticationMethod.NONE are supported. The issuer \"" + this.issuer
 						+ "\" returned a configuration of [tls_client_auth]");
+		// @formatter:on
 	}
 
 	@Test
 	public void issuerWhenOAuth2EmptyStringThenMeaningfulErrorMessage() {
-		assertThatIllegalArgumentException().isThrownBy(() -> ClientRegistrations.fromIssuerLocation(""))
+		// @formatter:off
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> ClientRegistrations.fromIssuerLocation(""))
 				.withMessageContaining("issuer cannot be empty");
+		// @formatter:on
 	}
 
 	@Test
 	public void issuerWhenEmptyStringThenMeaningfulErrorMessage() {
-		assertThatIllegalArgumentException().isThrownBy(() -> ClientRegistrations.fromOidcIssuerLocation(""))
+		// @formatter:off
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> ClientRegistrations.fromOidcIssuerLocation(""))
 				.withMessageContaining("issuer cannot be empty");
+		// @formatter:on
 	}
 
 	@Test
@@ -335,9 +381,12 @@ public class ClientRegistrationsTests {
 		MockResponse mockResponse = new MockResponse().setBody(body).setHeader(HttpHeaders.CONTENT_TYPE,
 				MediaType.APPLICATION_JSON_VALUE);
 		this.server.enqueue(mockResponse);
-		assertThatIllegalStateException().isThrownBy(() -> ClientRegistrations.fromOidcIssuerLocation(this.issuer))
+		// @formatter:off
+		assertThatIllegalStateException()
+				.isThrownBy(() -> ClientRegistrations.fromOidcIssuerLocation(this.issuer))
 				.withMessageContaining("The Issuer \"https://example.com\" provided in the configuration metadata did "
 						+ "not match the requested issuer \"" + this.issuer + "\"");
+		// @formatter:on
 	}
 
 	@Test
@@ -347,20 +396,28 @@ public class ClientRegistrationsTests {
 		MockResponse mockResponse = new MockResponse().setBody(body).setHeader(HttpHeaders.CONTENT_TYPE,
 				MediaType.APPLICATION_JSON_VALUE);
 		this.server.enqueue(mockResponse);
-		assertThatIllegalStateException().isThrownBy(() -> ClientRegistrations.fromIssuerLocation(this.issuer))
+		// @formatter:off
+		assertThatIllegalStateException()
+				.isThrownBy(() -> ClientRegistrations.fromIssuerLocation(this.issuer))
 				.withMessageContaining("The Issuer \"https://example.com\" provided in the configuration metadata "
 						+ "did not match the requested issuer \"" + this.issuer + "\"");
+		// @formatter:on
 	}
 
 	private ClientRegistration.Builder registration(String path) throws Exception {
 		this.issuer = createIssuerFromServer(path);
 		this.response.put("issuer", this.issuer);
 		String body = this.mapper.writeValueAsString(this.response);
-		MockResponse mockResponse = new MockResponse().setBody(body).setHeader(HttpHeaders.CONTENT_TYPE,
+		// @formatter:off
+		MockResponse mockResponse = new MockResponse()
+				.setBody(body)
+				.setHeader(HttpHeaders.CONTENT_TYPE,
 				MediaType.APPLICATION_JSON_VALUE);
 		this.server.enqueue(mockResponse);
-		return ClientRegistrations.fromOidcIssuerLocation(this.issuer).clientId("client-id")
+		return ClientRegistrations.fromOidcIssuerLocation(this.issuer)
+				.clientId("client-id")
 				.clientSecret("client-secret");
+		// @formatter:on
 	}
 
 	private ClientRegistration.Builder registrationOAuth2(String path, String body) throws Exception {
@@ -380,7 +437,11 @@ public class ClientRegistrationsTests {
 			}
 		};
 		this.server.setDispatcher(dispatcher);
-		return ClientRegistrations.fromIssuerLocation(this.issuer).clientId("client-id").clientSecret("client-secret");
+		// @formatter:off
+		return ClientRegistrations.fromIssuerLocation(this.issuer)
+				.clientId("client-id")
+				.clientSecret("client-secret");
+		// @formatter:on
 	}
 
 	private String createIssuerFromServer(String path) {
@@ -416,8 +477,11 @@ public class ClientRegistrationsTests {
 	}
 
 	private MockResponse buildSuccessMockResponse(String body) {
-		return new MockResponse().setResponseCode(200).setBody(body).setHeader(HttpHeaders.CONTENT_TYPE,
-				MediaType.APPLICATION_JSON_VALUE);
+		// @formatter:off
+		return new MockResponse().setResponseCode(200)
+				.setBody(body)
+				.setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE);
+		// @formatter:on
 	}
 
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/InMemoryReactiveClientRegistrationRepositoryTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/InMemoryReactiveClientRegistrationRepositoryTests.java
index 9f82055804..43dbefe782 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/InMemoryReactiveClientRegistrationRepositoryTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/InMemoryReactiveClientRegistrationRepositoryTests.java
@@ -75,8 +75,11 @@ public class InMemoryReactiveClientRegistrationRepositoryTests {
 
 	@Test
 	public void findByRegistrationIdWhenValidIdThenFound() {
+		// @formatter:off
 		StepVerifier.create(this.repository.findByRegistrationId(this.registration.getRegistrationId()))
-				.expectNext(this.registration).verifyComplete();
+				.expectNext(this.registration)
+				.verifyComplete();
+		// @formatter:on
 	}
 
 	@Test
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/TestClientRegistrations.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/TestClientRegistrations.java
index 2c579087d4..a219b779cb 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/TestClientRegistrations.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/TestClientRegistrations.java
@@ -29,39 +29,61 @@ public final class TestClientRegistrations {
 	}
 
 	public static ClientRegistration.Builder clientRegistration() {
+		// @formatter:off
 		return ClientRegistration.withRegistrationId("registration-id")
 				.redirectUri("{baseUrl}/{action}/oauth2/code/{registrationId}")
 				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
-				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).scope("read:user")
+				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
+				.scope("read:user")
 				.authorizationUri("https://example.com/login/oauth/authorize")
-				.tokenUri("https://example.com/login/oauth/access_token").jwkSetUri("https://example.com/oauth2/jwk")
-				.issuerUri("https://example.com").userInfoUri("https://api.example.com/user")
-				.userNameAttributeName("id").clientName("Client Name").clientId("client-id")
+				.tokenUri("https://example.com/login/oauth/access_token")
+				.jwkSetUri("https://example.com/oauth2/jwk")
+				.issuerUri("https://example.com")
+				.userInfoUri("https://api.example.com/user")
+				.userNameAttributeName("id")
+				.clientName("Client Name")
+				.clientId("client-id")
 				.clientSecret("client-secret");
+		// @formatter:on
 	}
 
 	public static ClientRegistration.Builder clientRegistration2() {
+		// @formatter:off
 		return ClientRegistration.withRegistrationId("registration-id-2")
 				.redirectUri("{baseUrl}/{action}/oauth2/code/{registrationId}")
 				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
-				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).scope("read:user")
+				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
+				.scope("read:user")
 				.authorizationUri("https://example.com/login/oauth/authorize")
-				.tokenUri("https://example.com/login/oauth/access_token").userInfoUri("https://api.example.com/user")
-				.userNameAttributeName("id").clientName("Client Name").clientId("client-id-2")
+				.tokenUri("https://example.com/login/oauth/access_token")
+				.userInfoUri("https://api.example.com/user")
+				.userNameAttributeName("id")
+				.clientName("Client Name")
+				.clientId("client-id-2")
 				.clientSecret("client-secret");
+		// @formatter:on
 	}
 
 	public static ClientRegistration.Builder clientCredentials() {
-		return clientRegistration().registrationId("client-credentials").clientId("client-id")
+		// @formatter:off
+		return clientRegistration()
+				.registrationId("client-credentials")
+				.clientId("client-id")
 				.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS);
+		// @formatter:on
 	}
 
 	public static ClientRegistration.Builder password() {
+		// @formatter:off
 		return ClientRegistration.withRegistrationId("password")
 				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
-				.authorizationGrantType(AuthorizationGrantType.PASSWORD).scope("read", "write")
-				.tokenUri("https://example.com/login/oauth/access_token").clientName("Client Name")
-				.clientId("client-id").clientSecret("client-secret");
+				.authorizationGrantType(AuthorizationGrantType.PASSWORD)
+				.scope("read", "write")
+				.tokenUri("https://example.com/login/oauth/access_token")
+				.clientName("Client Name")
+				.clientId("client-id")
+				.clientSecret("client-secret");
+		// @formatter:on
 	}
 
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/CustomUserTypesOAuth2UserServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/CustomUserTypesOAuth2UserServiceTests.java
index 9d5e3fdd3a..c1279db529 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/CustomUserTypesOAuth2UserServiceTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/CustomUserTypesOAuth2UserServiceTests.java
@@ -69,7 +69,10 @@ public class CustomUserTypesOAuth2UserServiceTests {
 		this.server = new MockWebServer();
 		this.server.start();
 		String registrationId = "client-registration-id-1";
-		this.clientRegistrationBuilder = TestClientRegistrations.clientRegistration().registrationId(registrationId);
+		// @formatter:off
+		this.clientRegistrationBuilder = TestClientRegistrations.clientRegistration()
+				.registrationId(registrationId);
+		// @formatter:on
 		this.accessToken = TestOAuth2AccessTokens.noScopes();
 		Map<String, Class<? extends OAuth2User>> customUserTypes = new HashMap<>();
 		customUserTypes.put(registrationId, CustomOAuth2User.class);
@@ -113,16 +116,25 @@ public class CustomUserTypesOAuth2UserServiceTests {
 
 	@Test
 	public void loadUserWhenCustomUserTypeNotFoundThenReturnNull() {
+		// @formatter:off
 		ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration()
-				.registrationId("other-client-registration-id-1").build();
+				.registrationId("other-client-registration-id-1")
+				.build();
+		// @formatter:on
 		OAuth2User user = this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken));
 		assertThat(user).isNull();
 	}
 
 	@Test
 	public void loadUserWhenUserInfoSuccessResponseThenReturnUser() {
-		String userInfoResponse = "{\n" + "	\"id\": \"12345\",\n" + "   \"name\": \"first last\",\n"
-				+ "   \"login\": \"user1\",\n" + "   \"email\": \"user1@example.com\"\n" + "}\n";
+		// @formatter:off
+		String userInfoResponse = "{\n"
+			+ "   \"id\": \"12345\",\n"
+			+ "   \"name\": \"first last\",\n"
+			+ "   \"login\": \"user1\",\n"
+			+ "   \"email\": \"user1@example.com\"\n"
+			+ "}\n";
+		// @formatter:on
 		this.server.enqueue(jsonResponse(userInfoResponse));
 		String userInfoUri = this.server.url("/user").toString();
 		ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).build();
@@ -142,9 +154,15 @@ public class CustomUserTypesOAuth2UserServiceTests {
 		this.exception.expect(OAuth2AuthenticationException.class);
 		this.exception.expectMessage(containsString(
 				"[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource"));
-		String userInfoResponse = "{\n" + "	\"id\": \"12345\",\n" + "   \"name\": \"first last\",\n"
-				+ "   \"login\": \"user1\",\n" + "   \"email\": \"user1@example.com\"\n";
-		// "}\n"; // Make the JSON invalid/malformed
+		// @formatter:off
+		String userInfoResponse = "{\n"
+			+ "   \"id\": \"12345\",\n"
+			+ "   \"name\": \"first last\",\n"
+
+			+ "   \"login\": \"user1\",\n"
+			+ "   \"email\": \"user1@example.com\"\n";
+			// "}\n"; // Make the JSON invalid/malformed
+		// @formatter:on
 		this.server.enqueue(jsonResponse(userInfoResponse));
 		String userInfoUri = this.server.url("/user").toString();
 		ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).build();
@@ -173,9 +191,12 @@ public class CustomUserTypesOAuth2UserServiceTests {
 	}
 
 	private ClientRegistration.Builder withRegistrationId(String registrationId) {
+		// @formatter:off
 		return ClientRegistration.withRegistrationId(registrationId)
-				.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS).clientId("client")
+				.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS)
+				.clientId("client")
 				.tokenUri("/token");
+		// @formatter:on
 	}
 
 	private MockResponse jsonResponse(String json) {
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultOAuth2UserServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultOAuth2UserServiceTests.java
index 43b8e3a7b0..cb6da9fa93 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultOAuth2UserServiceTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultOAuth2UserServiceTests.java
@@ -80,8 +80,11 @@ public class DefaultOAuth2UserServiceTests {
 	public void setup() throws Exception {
 		this.server = new MockWebServer();
 		this.server.start();
-		this.clientRegistrationBuilder = TestClientRegistrations.clientRegistration().userInfoUri(null)
+		// @formatter:off
+		this.clientRegistrationBuilder = TestClientRegistrations.clientRegistration()
+				.userInfoUri(null)
 				.userNameAttributeName(null);
+		// @formatter:on
 		this.accessToken = TestOAuth2AccessTokens.noScopes();
 	}
 
@@ -120,16 +123,26 @@ public class DefaultOAuth2UserServiceTests {
 	public void loadUserWhenUserNameAttributeNameIsNullThenThrowOAuth2AuthenticationException() {
 		this.exception.expect(OAuth2AuthenticationException.class);
 		this.exception.expectMessage(containsString("missing_user_name_attribute"));
-		ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri("https://provider.com/user")
+		// @formatter:off
+		ClientRegistration clientRegistration = this.clientRegistrationBuilder
+				.userInfoUri("https://provider.com/user")
 				.build();
+		// @formatter:on
 		this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken));
 	}
 
 	@Test
 	public void loadUserWhenUserInfoSuccessResponseThenReturnUser() {
-		String userInfoResponse = "{\n" + "	\"user-name\": \"user1\",\n" + "   \"first-name\": \"first\",\n"
-				+ "   \"last-name\": \"last\",\n" + "   \"middle-name\": \"middle\",\n"
-				+ "   \"address\": \"address\",\n" + "   \"email\": \"user1@example.com\"\n" + "}\n";
+		// @formatter:off
+		String userInfoResponse = "{\n"
+			+ "   \"user-name\": \"user1\",\n"
+			+ "   \"first-name\": \"first\",\n"
+			+ "   \"last-name\": \"last\",\n"
+			+ "   \"middle-name\": \"middle\",\n"
+			+ "   \"address\": \"address\",\n"
+			+ "   \"email\": \"user1@example.com\"\n"
+			+ "}\n";
+		// @formatter:on
 		this.server.enqueue(jsonResponse(userInfoResponse));
 		String userInfoUri = this.server.url("/user").toString();
 		ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri)
@@ -155,10 +168,16 @@ public class DefaultOAuth2UserServiceTests {
 		this.exception.expect(OAuth2AuthenticationException.class);
 		this.exception.expectMessage(containsString(
 				"[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource"));
-		String userInfoResponse = "{\n" + "	\"user-name\": \"user1\",\n" + "   \"first-name\": \"first\",\n"
-				+ "   \"last-name\": \"last\",\n" + "   \"middle-name\": \"middle\",\n"
-				+ "   \"address\": \"address\",\n" + "   \"email\": \"user1@example.com\"\n";
+		// @formatter:off
+		String userInfoResponse = "{\n"
+			+ "	\"user-name\": \"user1\",\n"
+			+ "   \"first-name\": \"first\",\n"
+			+ "   \"last-name\": \"last\",\n"
+			+ "   \"middle-name\": \"middle\",\n"
+			+ "   \"address\": \"address\",\n"
+			+ "   \"email\": \"user1@example.com\"\n";
 		// "}\n"; // Make the JSON invalid/malformed
+		// @formatter:on
 		this.server.enqueue(jsonResponse(userInfoResponse));
 		String userInfoUri = this.server.url("/user").toString();
 		ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri)
@@ -190,7 +209,11 @@ public class DefaultOAuth2UserServiceTests {
 		this.exception.expectMessage(containsString(
 				"[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource"));
 		this.exception.expectMessage(containsString("Error Code: invalid_token"));
-		String userInfoErrorResponse = "{\n" + "   \"error\": \"invalid_token\"\n" + "}\n";
+		// @formatter:off
+		String userInfoErrorResponse = "{\n"
+				+ "   \"error\": \"invalid_token\"\n"
+				+ "}\n";
+		// @formatter:on
 		this.server.enqueue(jsonResponse(userInfoErrorResponse).setResponseCode(400));
 		String userInfoUri = this.server.url("/user").toString();
 		ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri)
@@ -224,9 +247,16 @@ public class DefaultOAuth2UserServiceTests {
 	// gh-5294
 	@Test
 	public void loadUserWhenUserInfoSuccessResponseThenAcceptHeaderJson() throws Exception {
-		String userInfoResponse = "{\n" + "	\"user-name\": \"user1\",\n" + "   \"first-name\": \"first\",\n"
-				+ "   \"last-name\": \"last\",\n" + "   \"middle-name\": \"middle\",\n"
-				+ "   \"address\": \"address\",\n" + "   \"email\": \"user1@example.com\"\n" + "}\n";
+		// @formatter:off
+		String userInfoResponse = "{\n"
+			+ "   \"user-name\": \"user1\",\n"
+			+ "   \"first-name\": \"first\",\n"
+			+ "   \"last-name\": \"last\",\n"
+			+ "   \"middle-name\": \"middle\",\n"
+			+ "   \"address\": \"address\",\n"
+			+ "   \"email\": \"user1@example.com\"\n"
+			+ "}\n";
+		// @formatter:on
 		this.server.enqueue(jsonResponse(userInfoResponse));
 		String userInfoUri = this.server.url("/user").toString();
 		ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri)
@@ -239,9 +269,16 @@ public class DefaultOAuth2UserServiceTests {
 	// gh-5500
 	@Test
 	public void loadUserWhenAuthenticationMethodHeaderSuccessResponseThenHttpMethodGet() throws Exception {
-		String userInfoResponse = "{\n" + "	\"user-name\": \"user1\",\n" + "   \"first-name\": \"first\",\n"
-				+ "   \"last-name\": \"last\",\n" + "   \"middle-name\": \"middle\",\n"
-				+ "   \"address\": \"address\",\n" + "   \"email\": \"user1@example.com\"\n" + "}\n";
+		// @formatter:off
+		String userInfoResponse = "{\n"
+			+ "   \"user-name\": \"user1\",\n"
+			+ "   \"first-name\": \"first\",\n"
+			+ "   \"last-name\": \"last\",\n"
+			+ "   \"middle-name\": \"middle\",\n"
+			+ "   \"address\": \"address\",\n"
+			+ "   \"email\": \"user1@example.com\"\n"
+			+ "}\n";
+		// @formatter:on
 		this.server.enqueue(jsonResponse(userInfoResponse));
 		String userInfoUri = this.server.url("/user").toString();
 		ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri)
@@ -257,9 +294,16 @@ public class DefaultOAuth2UserServiceTests {
 	// gh-5500
 	@Test
 	public void loadUserWhenAuthenticationMethodFormSuccessResponseThenHttpMethodPost() throws Exception {
-		String userInfoResponse = "{\n" + "	\"user-name\": \"user1\",\n" + "   \"first-name\": \"first\",\n"
-				+ "   \"last-name\": \"last\",\n" + "   \"middle-name\": \"middle\",\n"
-				+ "   \"address\": \"address\",\n" + "   \"email\": \"user1@example.com\"\n" + "}\n";
+		// @formatter:off
+		String userInfoResponse = "{\n"
+			+ "   \"user-name\": \"user1\",\n"
+			+ "   \"first-name\": \"first\",\n"
+			+ "   \"last-name\": \"last\",\n"
+			+ "   \"middle-name\": \"middle\",\n"
+			+ "   \"address\": \"address\",\n"
+			+ "   \"email\": \"user1@example.com\"\n"
+			+ "}\n";
+		// @formatter:on
 		this.server.enqueue(jsonResponse(userInfoResponse));
 		String userInfoUri = this.server.url("/user").toString();
 		ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri)
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserServiceTests.java
index 0190997101..56822e60b9 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserServiceTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserServiceTests.java
@@ -78,7 +78,10 @@ public class DefaultReactiveOAuth2UserServiceTests {
 		this.server = new MockWebServer();
 		this.server.start();
 		String userInfoUri = this.server.url("/user").toString();
-		this.clientRegistration = TestClientRegistrations.clientRegistration().userInfoUri(userInfoUri);
+		// @formatter:off
+		this.clientRegistration = TestClientRegistrations.clientRegistration()
+				.userInfoUri(userInfoUri);
+		// @formatter:on
 	}
 
 	@After
@@ -103,16 +106,28 @@ public class DefaultReactiveOAuth2UserServiceTests {
 	@Test
 	public void loadUserWhenUserNameAttributeNameIsNullThenThrowOAuth2AuthenticationException() {
 		this.clientRegistration.userNameAttributeName(null);
-		StepVerifier.create(this.userService.loadUser(oauth2UserRequest())).expectErrorSatisfies((ex) -> assertThat(ex)
-				.isInstanceOf(OAuth2AuthenticationException.class).hasMessageContaining("missing_user_name_attribute"))
+		// @formatter:off
+		StepVerifier.create(this.userService.loadUser(oauth2UserRequest()))
+				.expectErrorSatisfies((ex) -> assertThat(ex)
+						.isInstanceOf(OAuth2AuthenticationException.class)
+						.hasMessageContaining("missing_user_name_attribute")
+				)
 				.verify();
+		// @formatter:on
 	}
 
 	@Test
 	public void loadUserWhenUserInfoSuccessResponseThenReturnUser() {
-		String userInfoResponse = "{\n" + "	\"id\": \"user1\",\n" + "   \"first-name\": \"first\",\n"
-				+ "   \"last-name\": \"last\",\n" + "   \"middle-name\": \"middle\",\n"
-				+ "   \"address\": \"address\",\n" + "   \"email\": \"user1@example.com\"\n" + "}\n";
+		// @formatter:off
+		String userInfoResponse = "{\n"
+			+ "   \"id\": \"user1\",\n"
+			+ "   \"first-name\": \"first\",\n"
+			+ "   \"last-name\": \"last\",\n"
+			+ "   \"middle-name\": \"middle\",\n"
+			+ "   \"address\": \"address\",\n"
+			+ "   \"email\": \"user1@example.com\"\n"
+			+ "}\n";
+		// @formatter:on
 		enqueueApplicationJsonBody(userInfoResponse);
 		OAuth2User user = this.userService.loadUser(oauth2UserRequest()).block();
 		assertThat(user.getName()).isEqualTo("user1");
@@ -134,9 +149,16 @@ public class DefaultReactiveOAuth2UserServiceTests {
 	@Test
 	public void loadUserWhenAuthenticationMethodHeaderSuccessResponseThenHttpMethodGet() throws Exception {
 		this.clientRegistration.userInfoAuthenticationMethod(AuthenticationMethod.HEADER);
-		String userInfoResponse = "{\n" + "	\"id\": \"user1\",\n" + "   \"first-name\": \"first\",\n"
-				+ "   \"last-name\": \"last\",\n" + "   \"middle-name\": \"middle\",\n"
-				+ "   \"address\": \"address\",\n" + "   \"email\": \"user1@example.com\"\n" + "}\n";
+		// @formatter:off
+		String userInfoResponse = "{\n"
+			+ "   \"id\": \"user1\",\n"
+			+ "   \"first-name\": \"first\",\n"
+			+ "   \"last-name\": \"last\",\n"
+			+ "   \"middle-name\": \"middle\",\n"
+			+ "   \"address\": \"address\",\n"
+			+ "   \"email\": \"user1@example.com\"\n"
+			+ "}\n";
+		// @formatter:on
 		enqueueApplicationJsonBody(userInfoResponse);
 		this.userService.loadUser(oauth2UserRequest()).block();
 		RecordedRequest request = this.server.takeRequest();
@@ -150,9 +172,16 @@ public class DefaultReactiveOAuth2UserServiceTests {
 	@Test
 	public void loadUserWhenAuthenticationMethodFormSuccessResponseThenHttpMethodPost() throws Exception {
 		this.clientRegistration.userInfoAuthenticationMethod(AuthenticationMethod.FORM);
-		String userInfoResponse = "{\n" + "	\"id\": \"user1\",\n" + "   \"first-name\": \"first\",\n"
-				+ "   \"last-name\": \"last\",\n" + "   \"middle-name\": \"middle\",\n"
-				+ "   \"address\": \"address\",\n" + "   \"email\": \"user1@example.com\"\n" + "}\n";
+		// @formatter:off
+		String userInfoResponse = "{\n"
+			+ "   \"id\": \"user1\",\n"
+			+ "   \"first-name\": \"first\",\n"
+			+ "   \"last-name\": \"last\",\n"
+			+ "   \"middle-name\": \"middle\",\n"
+			+ "   \"address\": \"address\",\n"
+			+ "   \"email\": \"user1@example.com\"\n"
+			+ "}\n";
+		// @formatter:on
 		enqueueApplicationJsonBody(userInfoResponse);
 		this.userService.loadUser(oauth2UserRequest()).block();
 		RecordedRequest request = this.server.takeRequest();
@@ -164,10 +193,16 @@ public class DefaultReactiveOAuth2UserServiceTests {
 
 	@Test
 	public void loadUserWhenUserInfoSuccessResponseInvalidThenThrowOAuth2AuthenticationException() {
-		String userInfoResponse = "{\n" + "	\"id\": \"user1\",\n" + "   \"first-name\": \"first\",\n"
-				+ "   \"last-name\": \"last\",\n" + "   \"middle-name\": \"middle\",\n"
-				+ "   \"address\": \"address\",\n" + "   \"email\": \"user1@example.com\"\n";
+		// @formatter:off
+		String userInfoResponse = "{\n"
+			+ "	\"id\": \"user1\",\n"
+			+ "   \"first-name\": \"first\",\n"
+			+ "   \"last-name\": \"last\",\n"
+			+ "   \"middle-name\": \"middle\",\n"
+			+ "   \"address\": \"address\",\n"
+			+ "   \"email\": \"user1@example.com\"\n";
 		// "}\n"; // Make the JSON invalid/malformed
+		// @formatter:on
 		enqueueApplicationJsonBody(userInfoResponse);
 		assertThatExceptionOfType(OAuth2AuthenticationException.class)
 				.isThrownBy(() -> this.userService.loadUser(oauth2UserRequest()).block())
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequestTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequestTests.java
index c6fa99ae3e..c341e72a2b 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequestTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequestTests.java
@@ -48,12 +48,19 @@ public class OAuth2UserRequestTests {
 
 	@Before
 	public void setUp() {
-		this.clientRegistration = ClientRegistration.withRegistrationId("registration-1").clientId("client-1")
-				.clientSecret("secret").clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
-				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).redirectUri("https://client.com")
+		// @formatter:off
+		this.clientRegistration = ClientRegistration.withRegistrationId("registration-1")
+				.clientId("client-1")
+				.clientSecret("secret")
+				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
+				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
+				.redirectUri("https://client.com")
 				.scope(new LinkedHashSet<>(Arrays.asList("scope1", "scope2")))
 				.authorizationUri("https://provider.com/oauth2/authorization")
-				.tokenUri("https://provider.com/oauth2/token").clientName("Client 1").build();
+				.tokenUri("https://provider.com/oauth2/token")
+				.clientName("Client 1")
+				.build();
+		// @formatter:on
 		this.accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, "access-token-1234", Instant.now(),
 				Instant.now().plusSeconds(60), new LinkedHashSet<>(Arrays.asList("scope1", "scope2")));
 		this.additionalParameters = new HashMap<>();
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolverTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolverTests.java
index 0c2e2b70f9..2c875115fd 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolverTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolverTests.java
@@ -72,11 +72,18 @@ public class DefaultOAuth2AuthorizationRequestResolverTests {
 		this.registration1 = TestClientRegistrations.clientRegistration().build();
 		this.registration2 = TestClientRegistrations.clientRegistration2().build();
 		this.fineRedirectUriTemplateRegistration = fineRedirectUriTemplateClientRegistration().build();
+		// @formatter:off
 		this.pkceRegistration = TestClientRegistrations.clientRegistration()
-				.registrationId("pkce-client-registration-id").clientId("pkce-client-id")
-				.clientAuthenticationMethod(ClientAuthenticationMethod.NONE).clientSecret(null).build();
-		this.oidcRegistration = TestClientRegistrations.clientRegistration().registrationId("oidc-registration-id")
-				.scope(OidcScopes.OPENID).build();
+				.registrationId("pkce-client-registration-id")
+				.clientId("pkce-client-id")
+				.clientAuthenticationMethod(ClientAuthenticationMethod.NONE)
+				.clientSecret(null)
+				.build();
+		this.oidcRegistration = TestClientRegistrations.clientRegistration()
+				.registrationId("oidc-registration-id")
+				.scope(OidcScopes.OPENID)
+				.build();
+		// @formatter:on
 		this.clientRegistrationRepository = new InMemoryClientRegistrationRepository(this.registration1,
 				this.registration2, this.fineRedirectUriTemplateRegistration, this.pkceRegistration,
 				this.oidcRegistration);
@@ -134,8 +141,11 @@ public class DefaultOAuth2AuthorizationRequestResolverTests {
 				+ "-invalid";
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri);
 		request.setServletPath(requestUri);
-		assertThatIllegalArgumentException().isThrownBy(() -> this.resolver.resolve(request)).withMessage(
-				"Invalid Client Registration with Id: " + clientRegistration.getRegistrationId() + "-invalid");
+		// @formatter:off
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.resolver.resolve(request))
+				.withMessage("Invalid Client Registration with Id: " + clientRegistration.getRegistrationId() + "-invalid");
+		// @formatter:on
 	}
 
 	@Test
@@ -483,14 +493,20 @@ public class DefaultOAuth2AuthorizationRequestResolverTests {
 	}
 
 	private static ClientRegistration.Builder fineRedirectUriTemplateClientRegistration() {
+		// @formatter:off
 		return ClientRegistration.withRegistrationId("fine-redirect-uri-template-client-registration")
 				.redirectUri("{baseScheme}://{baseHost}{basePort}{basePath}/{action}/oauth2/code/{registrationId}")
 				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
-				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).scope("read:user")
+				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
+				.scope("read:user")
 				.authorizationUri("https://example.com/login/oauth/authorize")
-				.tokenUri("https://example.com/login/oauth/access_token").userInfoUri("https://api.example.com/user")
-				.userNameAttributeName("id").clientName("Fine Redirect Uri Template Client")
-				.clientId("fine-redirect-uri-template-client").clientSecret("client-secret");
+				.tokenUri("https://example.com/login/oauth/access_token")
+				.userInfoUri("https://api.example.com/user")
+				.userNameAttributeName("id")
+				.clientName("Fine Redirect Uri Template Client")
+				.clientId("fine-redirect-uri-template-client")
+				.clientSecret("client-secret");
+		// @formatter:on
 	}
 
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManagerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManagerTests.java
index 565795fb68..74ec72f23b 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManagerTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManagerTests.java
@@ -199,11 +199,16 @@ public class DefaultOAuth2AuthorizedClientManagerTests {
 
 	@Test
 	public void authorizeWhenClientRegistrationNotFoundThenThrowIllegalArgumentException() {
+		// @formatter:off
 		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
-				.withClientRegistrationId("invalid-registration-id").principal(this.principal).attributes((attrs) -> {
+				.withClientRegistrationId("invalid-registration-id")
+				.principal(this.principal)
+				.attributes((attrs) -> {
 					attrs.put(HttpServletRequest.class.getName(), this.request);
 					attrs.put(HttpServletResponse.class.getName(), this.response);
-				}).build();
+				})
+				.build();
+		// @formatter:on
 		assertThatIllegalArgumentException().isThrownBy(() -> this.authorizedClientManager.authorize(authorizeRequest))
 				.withMessage("Could not find ClientRegistration with id 'invalid-registration-id'");
 	}
@@ -213,12 +218,16 @@ public class DefaultOAuth2AuthorizedClientManagerTests {
 	public void authorizeWhenNotAuthorizedAndUnsupportedProviderThenNotAuthorized() {
 		given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId())))
 				.willReturn(this.clientRegistration);
+		// @formatter:off
 		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
-				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
+				.withClientRegistrationId(this.clientRegistration.getRegistrationId())
+				.principal(this.principal)
 				.attributes((attrs) -> {
 					attrs.put(HttpServletRequest.class.getName(), this.request);
 					attrs.put(HttpServletResponse.class.getName(), this.response);
-				}).build();
+				})
+				.build();
+		// @formatter:on
 		OAuth2AuthorizedClient authorizedClient = this.authorizedClientManager.authorize(authorizeRequest);
 		verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture());
 		verify(this.contextAttributesMapper).apply(eq(authorizeRequest));
@@ -238,12 +247,16 @@ public class DefaultOAuth2AuthorizedClientManagerTests {
 				.willReturn(this.clientRegistration);
 		given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
 				.willReturn(this.authorizedClient);
+		// @formatter:off
 		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
-				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
+				.withClientRegistrationId(this.clientRegistration.getRegistrationId())
+				.principal(this.principal)
 				.attributes((attrs) -> {
 					attrs.put(HttpServletRequest.class.getName(), this.request);
 					attrs.put(HttpServletResponse.class.getName(), this.response);
-				}).build();
+				})
+				.build();
+		// @formatter:on
 		OAuth2AuthorizedClient authorizedClient = this.authorizedClientManager.authorize(authorizeRequest);
 		verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture());
 		verify(this.contextAttributesMapper).apply(eq(authorizeRequest));
@@ -269,12 +282,16 @@ public class DefaultOAuth2AuthorizedClientManagerTests {
 				this.principal.getName(), TestOAuth2AccessTokens.noScopes(), TestOAuth2RefreshTokens.refreshToken());
 		given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
 				.willReturn(reauthorizedClient);
+		// @formatter:off
 		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
-				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
+				.withClientRegistrationId(this.clientRegistration.getRegistrationId())
+				.principal(this.principal)
 				.attributes((attrs) -> {
 					attrs.put(HttpServletRequest.class.getName(), this.request);
 					attrs.put(HttpServletResponse.class.getName(), this.response);
-				}).build();
+				})
+				.build();
+		// @formatter:on
 		OAuth2AuthorizedClient authorizedClient = this.authorizedClientManager.authorize(authorizeRequest);
 		verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture());
 		verify(this.contextAttributesMapper).apply(any());
@@ -309,12 +326,16 @@ public class DefaultOAuth2AuthorizedClientManagerTests {
 		});
 		this.request.addParameter(OAuth2ParameterNames.USERNAME, "username");
 		this.request.addParameter(OAuth2ParameterNames.PASSWORD, "password");
+		// @formatter:off
 		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
-				.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal)
+				.withClientRegistrationId(this.clientRegistration.getRegistrationId())
+				.principal(this.principal)
 				.attributes((attrs) -> {
 					attrs.put(HttpServletRequest.class.getName(), this.request);
 					attrs.put(HttpServletResponse.class.getName(), this.response);
-				}).build();
+				})
+				.build();
+		// @formatter:on
 		this.authorizedClientManager.authorize(authorizeRequest);
 		verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture());
 		OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue();
@@ -327,11 +348,15 @@ public class DefaultOAuth2AuthorizedClientManagerTests {
 	@SuppressWarnings("unchecked")
 	@Test
 	public void reauthorizeWhenUnsupportedProviderThenNotReauthorized() {
+		// @formatter:off
 		OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient)
-				.principal(this.principal).attributes((attrs) -> {
+				.principal(this.principal)
+				.attributes((attrs) -> {
 					attrs.put(HttpServletRequest.class.getName(), this.request);
 					attrs.put(HttpServletResponse.class.getName(), this.response);
-				}).build();
+				})
+				.build();
+		// @formatter:on
 		OAuth2AuthorizedClient authorizedClient = this.authorizedClientManager.authorize(reauthorizeRequest);
 		verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture());
 		verify(this.contextAttributesMapper).apply(eq(reauthorizeRequest));
@@ -352,11 +377,15 @@ public class DefaultOAuth2AuthorizedClientManagerTests {
 				this.principal.getName(), TestOAuth2AccessTokens.noScopes(), TestOAuth2RefreshTokens.refreshToken());
 		given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
 				.willReturn(reauthorizedClient);
+		// @formatter:off
 		OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient)
-				.principal(this.principal).attributes((attrs) -> {
+				.principal(this.principal)
+				.attributes((attrs) -> {
 					attrs.put(HttpServletRequest.class.getName(), this.request);
 					attrs.put(HttpServletResponse.class.getName(), this.response);
-				}).build();
+				})
+				.build();
+		// @formatter:on
 		OAuth2AuthorizedClient authorizedClient = this.authorizedClientManager.authorize(reauthorizeRequest);
 		verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture());
 		verify(this.contextAttributesMapper).apply(eq(reauthorizeRequest));
@@ -381,11 +410,15 @@ public class DefaultOAuth2AuthorizedClientManagerTests {
 		this.authorizedClientManager
 				.setContextAttributesMapper(new DefaultOAuth2AuthorizedClientManager.DefaultContextAttributesMapper());
 		this.request.addParameter(OAuth2ParameterNames.SCOPE, "read write");
+		// @formatter:off
 		OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient)
-				.principal(this.principal).attributes((attrs) -> {
+				.principal(this.principal)
+				.attributes((attrs) -> {
 					attrs.put(HttpServletRequest.class.getName(), this.request);
 					attrs.put(HttpServletResponse.class.getName(), this.response);
-				}).build();
+				})
+				.build();
+		// @formatter:on
 		this.authorizedClientManager.authorize(reauthorizeRequest);
 		verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture());
 		OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue();
@@ -401,11 +434,15 @@ public class DefaultOAuth2AuthorizedClientManagerTests {
 				this.clientRegistration.getRegistrationId());
 		given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
 				.willThrow(authorizationException);
+		// @formatter:off
 		OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient)
-				.principal(this.principal).attributes((attrs) -> {
+				.principal(this.principal)
+				.attributes((attrs) -> {
 					attrs.put(HttpServletRequest.class.getName(), this.request);
 					attrs.put(HttpServletResponse.class.getName(), this.response);
-				}).build();
+				})
+				.build();
+		// @formatter:on
 		assertThatExceptionOfType(ClientAuthorizationException.class)
 				.isThrownBy(() -> this.authorizedClientManager.authorize(reauthorizeRequest))
 				.isEqualTo(authorizationException);
@@ -421,11 +458,15 @@ public class DefaultOAuth2AuthorizedClientManagerTests {
 				new OAuth2Error("non-matching-error-code", null, null), this.clientRegistration.getRegistrationId());
 		given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class)))
 				.willThrow(authorizationException);
+		// @formatter:off
 		OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient)
-				.principal(this.principal).attributes((attrs) -> {
+				.principal(this.principal)
+				.attributes((attrs) -> {
 					attrs.put(HttpServletRequest.class.getName(), this.request);
 					attrs.put(HttpServletResponse.class.getName(), this.response);
-				}).build();
+				})
+				.build();
+		// @formatter:on
 		assertThatExceptionOfType(ClientAuthorizationException.class)
 				.isThrownBy(() -> this.authorizedClientManager.authorize(reauthorizeRequest))
 				.isEqualTo(authorizationException);
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilterTests.java
index 2827d04e72..4d3dedacb4 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilterTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilterTests.java
@@ -77,9 +77,13 @@ public class OAuth2AuthorizationRequestRedirectFilterTests {
 	public void setUp() {
 		this.registration1 = TestClientRegistrations.clientRegistration().build();
 		this.registration2 = TestClientRegistrations.clientRegistration2().build();
-		this.registration3 = TestClientRegistrations.clientRegistration().registrationId("registration-3")
+		// @formatter:off
+		this.registration3 = TestClientRegistrations.clientRegistration()
+				.registrationId("registration-3")
 				.authorizationGrantType(AuthorizationGrantType.IMPLICIT)
-				.redirectUri("{baseUrl}/authorize/oauth2/implicit/{registrationId}").build();
+				.redirectUri("{baseUrl}/authorize/oauth2/implicit/{registrationId}")
+				.build();
+		// @formatter:on
 		this.clientRegistrationRepository = new InMemoryClientRegistrationRepository(this.registration1,
 				this.registration2, this.registration3);
 		this.filter = new OAuth2AuthorizationRequestRedirectFilter(this.clientRegistrationRepository);
@@ -307,13 +311,18 @@ public class OAuth2AuthorizationRequestRedirectFilterTests {
 		OAuth2AuthorizationRequest defaultAuthorizationRequest = defaultAuthorizationRequestResolver.resolve(request);
 		Map<String, Object> additionalParameters = new HashMap<>(defaultAuthorizationRequest.getAdditionalParameters());
 		additionalParameters.put(loginHintParamName, request.getParameter(loginHintParamName));
+		// @formatter:off
 		String customAuthorizationRequestUri = UriComponentsBuilder
 				.fromUriString(defaultAuthorizationRequest.getAuthorizationRequestUri())
-				.queryParam(loginHintParamName, additionalParameters.get(loginHintParamName)).build(true).toUriString();
+				.queryParam(loginHintParamName, additionalParameters.get(loginHintParamName))
+				.build(true)
+				.toUriString();
 		OAuth2AuthorizationRequest result = OAuth2AuthorizationRequest
 				.from(defaultAuthorizationRequestResolver.resolve(request))
 				.additionalParameters(Collections.singletonMap("idp", request.getParameter("idp")))
-				.authorizationRequestUri(customAuthorizationRequestUri).build();
+				.authorizationRequestUri(customAuthorizationRequestUri)
+				.build();
+		// @formatter:on
 		given(resolver.resolve(any())).willReturn(result);
 		OAuth2AuthorizationRequestRedirectFilter filter = new OAuth2AuthorizationRequestRedirectFilter(resolver);
 		filter.doFilter(request, response, filterChain);
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilterTests.java
index 3ad39a3877..7d50b6dda8 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilterTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilterTests.java
@@ -219,14 +219,21 @@ public class OAuth2LoginAuthenticationFilterTests {
 		request.addParameter(OAuth2ParameterNames.STATE, "state");
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		FilterChain filterChain = mock(FilterChain.class);
+		// @formatter:off
 		ClientRegistration registrationNotFound = ClientRegistration.withRegistrationId("registration-not-found")
-				.clientId("client-1").clientSecret("secret")
+				.clientId("client-1")
+				.clientSecret("secret")
 				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
 				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
-				.redirectUri("{baseUrl}/login/oauth2/code/{registrationId}").scope("user")
-				.authorizationUri("https://provider.com/oauth2/authorize").tokenUri("https://provider.com/oauth2/token")
-				.userInfoUri("https://provider.com/oauth2/user").userNameAttributeName("id").clientName("client-1")
+				.redirectUri("{baseUrl}/login/oauth2/code/{registrationId}")
+				.scope("user")
+				.authorizationUri("https://provider.com/oauth2/authorize")
+				.tokenUri("https://provider.com/oauth2/token")
+				.userInfoUri("https://provider.com/oauth2/user")
+				.userNameAttributeName("id")
+				.clientName("client-1")
 				.build();
+		// @formatter:on
 		this.setUpAuthorizationRequest(request, response, registrationNotFound, state);
 		this.filter.doFilter(request, response, filterChain);
 		ArgumentCaptor<AuthenticationException> authenticationExceptionArgCaptor = ArgumentCaptor
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolverTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolverTests.java
index 7c43ee1260..6cf546a2b6 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolverTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolverTests.java
@@ -110,18 +110,32 @@ public class OAuth2AuthorizedClientArgumentResolverTests {
 		SecurityContext securityContext = SecurityContextHolder.createEmptyContext();
 		securityContext.setAuthentication(this.authentication);
 		SecurityContextHolder.setContext(securityContext);
-		this.registration1 = ClientRegistration.withRegistrationId("client1").clientId("client-1")
-				.clientSecret("secret").clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
+		// @formatter:off
+		this.registration1 = ClientRegistration.withRegistrationId("client1")
+				.clientId("client-1")
+				.clientSecret("secret")
+				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
 				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
-				.redirectUri("{baseUrl}/login/oauth2/code/{registrationId}").scope("user")
-				.authorizationUri("https://provider.com/oauth2/authorize").tokenUri("https://provider.com/oauth2/token")
-				.userInfoUri("https://provider.com/oauth2/user").userNameAttributeName("id").clientName("client-1")
+				.redirectUri("{baseUrl}/login/oauth2/code/{registrationId}")
+				.scope("user")
+				.authorizationUri("https://provider.com/oauth2/authorize")
+				.tokenUri("https://provider.com/oauth2/token")
+				.userInfoUri("https://provider.com/oauth2/user")
+				.userNameAttributeName("id")
+				.clientName("client-1")
 				.build();
-		this.registration2 = ClientRegistration.withRegistrationId("client2").clientId("client-2")
-				.clientSecret("secret").clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
-				.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS).scope("read", "write")
-				.tokenUri("https://provider.com/oauth2/token").build();
-		this.registration3 = TestClientRegistrations.password().registrationId("client3").build();
+		this.registration2 = ClientRegistration.withRegistrationId("client2")
+				.clientId("client-2")
+				.clientSecret("secret")
+				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
+				.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS)
+				.scope("read", "write")
+				.tokenUri("https://provider.com/oauth2/token")
+				.build();
+		this.registration3 = TestClientRegistrations.password()
+				.registrationId("client3")
+				.build();
+		// @formatter:on
 		this.clientRegistrationRepository = new InMemoryClientRegistrationRepository(this.registration1,
 				this.registration2, this.registration3);
 		this.authorizedClientRepository = mock(OAuth2AuthorizedClientRepository.class);
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionITests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionITests.java
index f7599856f4..9b501a6e63 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionITests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionITests.java
@@ -115,7 +115,11 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionITests {
 		this.server = new MockWebServer();
 		this.server.start();
 		this.serverUrl = this.server.url("/").toString();
-		this.webClient = WebClient.builder().filter(this.authorizedClientFilter).build();
+		// @formatter:off
+		this.webClient = WebClient.builder()
+				.filter(this.authorizedClientFilter)
+				.build();
+		// @formatter:on
 		this.authentication = new TestingAuthenticationToken("principal", "password");
 		this.exchange = MockServerWebExchange.builder(MockServerHttpRequest.get("/").build()).build();
 	}
@@ -127,22 +131,35 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionITests {
 
 	@Test
 	public void requestWhenNotAuthorizedThenAuthorizeAndSendRequest() {
-		String accessTokenResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
-				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\",\n"
-				+ "   \"scope\": \"read write\"\n" + "}\n";
-		String clientResponse = "{\n" + "	\"attribute1\": \"value1\",\n" + "	\"attribute2\": \"value2\"\n" + "}\n";
+		// @formatter:off
+		String accessTokenResponse = "{\n"
+			+ "   \"access_token\": \"access-token-1234\",\n"
+			+ "   \"token_type\": \"bearer\",\n"
+			+ "   \"expires_in\": \"3600\",\n"
+			+ "   \"scope\": \"read write\"\n"
+			+ "}\n";
+		String clientResponse = "{\n"
+			+ "   \"attribute1\": \"value1\",\n"
+			+ "   \"attribute2\": \"value2\"\n"
+			+ "}\n";
+		// @formatter:on
 		this.server.enqueue(jsonResponse(accessTokenResponse));
 		this.server.enqueue(jsonResponse(clientResponse));
 		ClientRegistration clientRegistration = TestClientRegistrations.clientCredentials().tokenUri(this.serverUrl)
 				.build();
 		given(this.clientRegistrationRepository.findByRegistrationId(eq(clientRegistration.getRegistrationId())))
 				.willReturn(Mono.just(clientRegistration));
-		this.webClient.get().uri(this.serverUrl)
+		// @formatter:off
+		this.webClient.get()
+				.uri(this.serverUrl)
 				.attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction
 						.clientRegistrationId(clientRegistration.getRegistrationId()))
-				.retrieve().bodyToMono(String.class)
+				.retrieve()
+				.bodyToMono(String.class)
 				.subscriberContext(Context.of(ServerWebExchange.class, this.exchange))
-				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication)).block();
+				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication))
+				.block();
+		// @formatter:on
 		assertThat(this.server.getRequestCount()).isEqualTo(2);
 		ArgumentCaptor<OAuth2AuthorizedClient> authorizedClientCaptor = ArgumentCaptor
 				.forClass(OAuth2AuthorizedClient.class);
@@ -153,9 +170,17 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionITests {
 
 	@Test
 	public void requestWhenAuthorizedButExpiredThenRefreshAndSendRequest() {
-		String accessTokenResponse = "{\n" + "	\"access_token\": \"refreshed-access-token\",\n"
-				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\"\n" + "}\n";
-		String clientResponse = "{\n" + "	\"attribute1\": \"value1\",\n" + "	\"attribute2\": \"value2\"\n" + "}\n";
+		// @formatter:off
+		String accessTokenResponse = "{\n"
+			+ "	\"access_token\": \"refreshed-access-token\",\n"
+			+ "   \"token_type\": \"bearer\",\n"
+			+ "   \"expires_in\": \"3600\"\n"
+			+ "}\n";
+		String clientResponse = "{\n"
+			+ "	\"attribute1\": \"value1\",\n"
+			+ "	\"attribute2\": \"value2\"\n"
+			+ "}\n";
+		// @formatter:on
 		this.server.enqueue(jsonResponse(accessTokenResponse));
 		this.server.enqueue(jsonResponse(clientResponse));
 		ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().tokenUri(this.serverUrl)
@@ -189,10 +214,18 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionITests {
 
 	@Test
 	public void requestMultipleWhenNoneAuthorizedThenAuthorizeAndSendRequest() {
-		String accessTokenResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
-				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\",\n"
-				+ "   \"scope\": \"read write\"\n" + "}\n";
-		String clientResponse = "{\n" + "	\"attribute1\": \"value1\",\n" + "	\"attribute2\": \"value2\"\n" + "}\n";
+		// @formatter:off
+		String accessTokenResponse = "{\n"
+			+ "   \"access_token\": \"access-token-1234\",\n"
+			+ "   \"token_type\": \"bearer\",\n"
+			+ "   \"expires_in\": \"3600\",\n"
+			+ "   \"scope\": \"read write\"\n"
+			+ "}\n";
+		String clientResponse = "{\n"
+			+ "   \"attribute1\": \"value1\",\n"
+			+ "   \"attribute2\": \"value2\"\n"
+			+ "}\n";
+		// @formatter:on
 		// Client 1
 		this.server.enqueue(jsonResponse(accessTokenResponse));
 		this.server.enqueue(jsonResponse(clientResponse));
@@ -207,16 +240,24 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionITests {
 				.tokenUri(this.serverUrl).build();
 		given(this.clientRegistrationRepository.findByRegistrationId(eq(clientRegistration2.getRegistrationId())))
 				.willReturn(Mono.just(clientRegistration2));
-		this.webClient.get().uri(this.serverUrl)
+		// @formatter:off
+		this.webClient.get()
+				.uri(this.serverUrl)
 				.attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction
 						.clientRegistrationId(clientRegistration1.getRegistrationId()))
-				.retrieve().bodyToMono(String.class)
-				.flatMap((response) -> this.webClient.get().uri(this.serverUrl)
+				.retrieve()
+				.bodyToMono(String.class)
+				.flatMap((response) -> this.webClient.get()
+						.uri(this.serverUrl)
 						.attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction
 								.clientRegistrationId(clientRegistration2.getRegistrationId()))
-						.retrieve().bodyToMono(String.class))
+						.retrieve()
+						.bodyToMono(String.class)
+				)
 				.subscriberContext(Context.of(ServerWebExchange.class, this.exchange))
-				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication)).block();
+				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication))
+				.block();
+		// @formatter:on
 		assertThat(this.server.getRequestCount()).isEqualTo(4);
 		ArgumentCaptor<OAuth2AuthorizedClient> authorizedClientCaptor = ArgumentCaptor
 				.forClass(OAuth2AuthorizedClient.class);
@@ -232,10 +273,18 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionITests {
 	 */
 	@Test
 	public void requestWhenUnauthorizedThenReAuthorize() {
-		String accessTokenResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
-				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\",\n"
-				+ "   \"scope\": \"read write\"\n" + "}\n";
-		String clientResponse = "{\n" + "	\"attribute1\": \"value1\",\n" + "	\"attribute2\": \"value2\"\n" + "}\n";
+		// @formatter:off
+		String accessTokenResponse = "{\n"
+			+ "   \"access_token\": \"access-token-1234\",\n"
+			+ "   \"token_type\": \"bearer\",\n"
+			+ "   \"expires_in\": \"3600\",\n"
+			+ "   \"scope\": \"read write\"\n"
+			+ "}\n";
+		String clientResponse = "{\n"
+			+ "   \"attribute1\": \"value1\",\n"
+			+ "   \"attribute2\": \"value2\"\n"
+			+ "}\n";
+		// @formatter:on
 		this.server.enqueue(new MockResponse().setResponseCode(HttpStatus.UNAUTHORIZED.value()));
 		this.server.enqueue(jsonResponse(accessTokenResponse));
 		this.server.enqueue(jsonResponse(clientResponse));
@@ -250,15 +299,22 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionITests {
 		doReturn(Mono.just(authorizedClient)).doReturn(Mono.empty()).when(this.authorizedClientRepository)
 				.loadAuthorizedClient(eq(clientRegistration.getRegistrationId()), eq(this.authentication),
 						eq(this.exchange));
-		Mono<String> requestMono = this.webClient.get().uri(this.serverUrl)
+		// @formatter:off
+		Mono<String> requestMono = this.webClient.get()
+				.uri(this.serverUrl)
 				.attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction
 						.clientRegistrationId(clientRegistration.getRegistrationId()))
-				.retrieve().bodyToMono(String.class)
+				.retrieve()
+				.bodyToMono(String.class)
 				.subscriberContext(Context.of(ServerWebExchange.class, this.exchange))
 				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication));
+		// @formatter:on
 		// first try should fail, and remove the cached authorized client
-		assertThatExceptionOfType(WebClientResponseException.class).isThrownBy(requestMono::block)
+		// @formatter:off
+		assertThatExceptionOfType(WebClientResponseException.class)
+				.isThrownBy(requestMono::block)
 				.satisfies((ex) -> assertThat(ex.getStatusCode()).isEqualTo(HttpStatus.UNAUTHORIZED));
+		// @formatter:on
 		assertThat(this.server.getRequestCount()).isEqualTo(1);
 		verify(this.authorizedClientRepository, never()).saveAuthorizedClient(any(), any(), any());
 		verify(this.authorizedClientRepository).removeAuthorizedClient(eq(clientRegistration.getRegistrationId()),
@@ -274,7 +330,11 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionITests {
 	}
 
 	private MockResponse jsonResponse(String json) {
-		return new MockResponse().setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE).setBody(json);
+		// @formatter:off
+		return new MockResponse()
+				.setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE)
+				.setBody(json);
+		// @formatter:on
 	}
 
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionTests.java
index 48e4bc2981..1b80ee9517 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionTests.java
@@ -108,6 +108,8 @@ import static org.mockito.Mockito.never;
 import static org.mockito.Mockito.spy;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.verifyZeroInteractions;
+import static org.springframework.security.oauth2.client.web.reactive.function.client.ServerOAuth2AuthorizedClientExchangeFilterFunction.clientRegistrationId;
+import static org.springframework.security.oauth2.client.web.reactive.function.client.ServerOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient;
 
 /**
  * @author Rob Winch
@@ -161,14 +163,17 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 
 	@Before
 	public void setup() {
+		// @formatter:off
 		ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider = ReactiveOAuth2AuthorizedClientProviderBuilder
-				.builder().authorizationCode()
+				.builder()
+				.authorizationCode()
 				.refreshToken(
 						(configurer) -> configurer.accessTokenResponseClient(this.refreshTokenTokenResponseClient))
 				.clientCredentials(
 						(configurer) -> configurer.accessTokenResponseClient(this.clientCredentialsTokenResponseClient))
 				.password((configurer) -> configurer.accessTokenResponseClient(this.passwordTokenResponseClient))
 				.build();
+		// @formatter:on
 		this.authorizedClientManager = new DefaultReactiveOAuth2AuthorizedClientManager(
 				this.clientRegistrationRepository, this.authorizedClientRepository);
 		this.authorizedClientManager.setAuthorizedClientProvider(authorizedClientProvider);
@@ -220,9 +225,12 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
 				this.accessToken);
 		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com"))
-				.attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient))
+				.attributes(oauth2AuthorizedClient(authorizedClient))
 				.build();
-		this.function.filter(request, this.exchange).subscriberContext(serverWebExchange()).block();
+		// @formatter:off
+		this.function.filter(request, this.exchange).subscriberContext(serverWebExchange())
+				.block();
+		// @formatter:on
 		assertThat(this.exchange.getRequest().headers().getFirst(HttpHeaders.AUTHORIZATION))
 				.isEqualTo("Bearer " + this.accessToken.getTokenValue());
 	}
@@ -231,10 +239,12 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 	public void filterWhenExistingAuthorizationThenSingleAuthorizationHeader() {
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
 				this.accessToken);
+		// @formatter:off
 		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com"))
 				.header(HttpHeaders.AUTHORIZATION, "Existing")
-				.attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient))
+				.attributes(oauth2AuthorizedClient(authorizedClient))
 				.build();
+		// @formatter:on
 		this.function.filter(request, this.exchange).subscriberContext(serverWebExchange()).block();
 		HttpHeaders headers = this.exchange.getRequest().headers();
 		assertThat(headers.get(HttpHeaders.AUTHORIZATION)).containsOnly("Bearer " + this.accessToken.getTokenValue());
@@ -242,8 +252,13 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 
 	@Test
 	public void filterWhenClientCredentialsTokenExpiredThenGetNewToken() {
-		OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("new-token")
-				.tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(360).build();
+		// @formatter:off
+		OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse
+				.withToken("new-token")
+				.tokenType(OAuth2AccessToken.TokenType.BEARER)
+				.expiresIn(360)
+				.build();
+		// @formatter:on
 		given(this.clientCredentialsTokenResponseClient.getTokenResponse(any()))
 				.willReturn(Mono.just(accessTokenResponse));
 		ClientRegistration registration = TestClientRegistrations.clientCredentials().build();
@@ -254,12 +269,15 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(registration, "principalName", accessToken,
 				null);
 		TestingAuthenticationToken authentication = new TestingAuthenticationToken("test", "this");
+		// @formatter:off
 		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com"))
-				.attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient))
+				.attributes(oauth2AuthorizedClient(authorizedClient))
 				.build();
 		this.function.filter(request, this.exchange)
 				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication))
-				.subscriberContext(serverWebExchange()).block();
+				.subscriberContext(serverWebExchange())
+				.block();
+		// @formatter:on
 		verify(this.clientCredentialsTokenResponseClient).getTokenResponse(any());
 		verify(this.authorizedClientRepository).saveAuthorizedClient(any(), eq(authentication), any());
 		List<ClientRequest> requests = this.exchange.getRequests();
@@ -277,12 +295,15 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		ClientRegistration registration = TestClientRegistrations.clientCredentials().build();
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(registration, "principalName",
 				this.accessToken, null);
+		// @formatter:off
 		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com"))
-				.attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient))
+				.attributes(oauth2AuthorizedClient(authorizedClient))
 				.build();
 		this.function.filter(request, this.exchange)
 				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication))
-				.subscriberContext(serverWebExchange()).block();
+				.subscriberContext(serverWebExchange())
+				.block();
+		// @formatter:on
 		verify(this.clientCredentialsTokenResponseClient, never()).getTokenResponse(any());
 		List<ClientRequest> requests = this.exchange.getRequests();
 		assertThat(requests).hasSize(1);
@@ -305,13 +326,18 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", issuedAt);
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
 				this.accessToken, refreshToken);
+		// @formatter:off
 		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com"))
-				.attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient))
+				.attributes(oauth2AuthorizedClient(authorizedClient))
 				.build();
+		// @formatter:on
 		TestingAuthenticationToken authentication = new TestingAuthenticationToken("test", "this");
+		// @formatter:off
 		this.function.filter(request, this.exchange)
 				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication))
-				.subscriberContext(serverWebExchange()).block();
+				.subscriberContext(serverWebExchange())
+				.block();
+		// @formatter:on
 		verify(this.refreshTokenTokenResponseClient).getTokenResponse(any());
 		verify(this.authorizedClientRepository).saveAuthorizedClient(this.authorizedClientCaptor.capture(),
 				eq(authentication), any());
@@ -339,10 +365,14 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", issuedAt);
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
 				this.accessToken, refreshToken);
+		// @formatter:off
 		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com"))
-				.attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient))
+				.attributes(oauth2AuthorizedClient(authorizedClient))
 				.build();
-		this.function.filter(request, this.exchange).subscriberContext(serverWebExchange()).block();
+		this.function.filter(request, this.exchange)
+				.subscriberContext(serverWebExchange())
+				.block();
+		// @formatter:on
 		verify(this.refreshTokenTokenResponseClient).getTokenResponse(any());
 		verify(this.authorizedClientRepository).saveAuthorizedClient(any(), any(), any());
 		List<ClientRequest> requests = this.exchange.getRequests();
@@ -358,10 +388,14 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 	public void filterWhenRefreshTokenNullThenShouldRefreshFalse() {
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
 				this.accessToken);
+		// @formatter:off
 		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com"))
-				.attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient))
+				.attributes(oauth2AuthorizedClient(authorizedClient))
 				.build();
-		this.function.filter(request, this.exchange).subscriberContext(serverWebExchange()).block();
+		this.function.filter(request, this.exchange)
+				.subscriberContext(serverWebExchange())
+				.block();
+		// @formatter:on
 		List<ClientRequest> requests = this.exchange.getRequests();
 		assertThat(requests).hasSize(1);
 		ClientRequest request0 = requests.get(0);
@@ -376,10 +410,14 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", this.accessToken.getIssuedAt());
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
 				this.accessToken, refreshToken);
+		// @formatter:off
 		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com"))
-				.attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient))
+				.attributes(oauth2AuthorizedClient(authorizedClient))
 				.build();
-		this.function.filter(request, this.exchange).subscriberContext(serverWebExchange()).block();
+		this.function.filter(request, this.exchange)
+				.subscriberContext(serverWebExchange())
+				.block();
+		// @formatter:on
 		List<ClientRequest> requests = this.exchange.getRequests();
 		assertThat(requests).hasSize(1);
 		ClientRequest request0 = requests.get(0);
@@ -398,9 +436,11 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", this.accessToken.getIssuedAt());
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
 				this.accessToken, refreshToken);
+		// @formatter:off
 		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com"))
-				.attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient))
+				.attributes(oauth2AuthorizedClient(authorizedClient))
 				.build();
+		// @formatter:on
 		given(this.exchange.getResponse().rawStatusCode()).willReturn(HttpStatus.UNAUTHORIZED.value());
 		this.function.filter(request, this.exchange).subscriberContext(serverWebExchange()).block();
 		assertThat(publisherProbe.wasSubscribed()).isTrue();
@@ -427,18 +467,27 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", this.accessToken.getIssuedAt());
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
 				this.accessToken, refreshToken);
+		// @formatter:off
 		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com"))
-				.attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient))
+				.attributes(oauth2AuthorizedClient(authorizedClient))
 				.build();
+		// @formatter:on
 		WebClientResponseException exception = WebClientResponseException.create(HttpStatus.UNAUTHORIZED.value(),
 				HttpStatus.UNAUTHORIZED.getReasonPhrase(), HttpHeaders.EMPTY, new byte[0], StandardCharsets.UTF_8);
 		ExchangeFunction throwingExchangeFunction = (r) -> Mono.error(exception);
-		assertThatExceptionOfType(WebClientResponseException.class).isThrownBy(() -> this.function
-				.filter(request, throwingExchangeFunction).subscriberContext(serverWebExchange()).block())
+		// @formatter:off
+		assertThatExceptionOfType(WebClientResponseException.class)
+				.isThrownBy(() -> this.function
+					.filter(request, throwingExchangeFunction)
+						.subscriberContext(serverWebExchange())
+						.block()
+				)
 				.isEqualTo(exception);
+		// @formatter:on
 		assertThat(publisherProbe.wasSubscribed()).isTrue();
 		verify(this.authorizationFailureHandler).onAuthorizationFailure(this.authorizationExceptionCaptor.capture(),
 				this.authenticationCaptor.capture(), this.attributesCaptor.capture());
+		// @formatter:off
 		assertThat(this.authorizationExceptionCaptor.getValue())
 				.isInstanceOfSatisfying(ClientAuthorizationException.class, (ex) -> {
 					assertThat(ex.getClientRegistrationId()).isEqualTo(this.registration.getRegistrationId());
@@ -446,6 +495,7 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 					assertThat(ex).hasCause(exception);
 					assertThat(ex).hasMessageContaining("[invalid_token]");
 				});
+		// @formatter:on
 		assertThat(this.authenticationCaptor.getValue()).isInstanceOf(AnonymousAuthenticationToken.class);
 		assertThat(this.attributesCaptor.getValue())
 				.containsExactly(entry(ServerWebExchange.class.getName(), this.serverWebExchange));
@@ -460,9 +510,11 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", this.accessToken.getIssuedAt());
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
 				this.accessToken, refreshToken);
+		// @formatter:off
 		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com"))
-				.attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient))
+				.attributes(oauth2AuthorizedClient(authorizedClient))
 				.build();
+		// @formatter:on
 		given(this.exchange.getResponse().rawStatusCode()).willReturn(HttpStatus.FORBIDDEN.value());
 		this.function.filter(request, this.exchange).subscriberContext(serverWebExchange()).block();
 		assertThat(publisherProbe.wasSubscribed()).isTrue();
@@ -490,14 +542,20 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
 				this.accessToken, refreshToken);
 		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com"))
-				.attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient))
+				.attributes(oauth2AuthorizedClient(authorizedClient))
 				.build();
 		WebClientResponseException exception = WebClientResponseException.create(HttpStatus.FORBIDDEN.value(),
 				HttpStatus.FORBIDDEN.getReasonPhrase(), HttpHeaders.EMPTY, new byte[0], StandardCharsets.UTF_8);
 		ExchangeFunction throwingExchangeFunction = (r) -> Mono.error(exception);
-		assertThatExceptionOfType(WebClientResponseException.class).isThrownBy(() -> this.function
-				.filter(request, throwingExchangeFunction).subscriberContext(serverWebExchange()).block())
+		// @formatter:off
+		assertThatExceptionOfType(WebClientResponseException.class)
+				.isThrownBy(() -> this.function
+					.filter(request, throwingExchangeFunction)
+					.subscriberContext(serverWebExchange())
+					.block()
+				)
 				.isEqualTo(exception);
+		// @formatter:on
 		assertThat(publisherProbe.wasSubscribed()).isTrue();
 		verify(this.authorizationFailureHandler).onAuthorizationFailure(this.authorizationExceptionCaptor.capture(),
 				this.authenticationCaptor.capture(), this.attributesCaptor.capture());
@@ -523,7 +581,7 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
 				this.accessToken, refreshToken);
 		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com"))
-				.attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient))
+				.attributes(oauth2AuthorizedClient(authorizedClient))
 				.build();
 		String wwwAuthenticateHeader = "Bearer error=\"insufficient_scope\", "
 				+ "error_description=\"The request requires higher privileges than provided by the access token.\", "
@@ -561,7 +619,7 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
 				this.accessToken, refreshToken);
 		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com"))
-				.attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient))
+				.attributes(oauth2AuthorizedClient(authorizedClient))
 				.build();
 		OAuth2AuthorizationException exception = new OAuth2AuthorizationException(
 				new OAuth2Error(OAuth2ErrorCodes.INVALID_TOKEN, null, null));
@@ -585,7 +643,7 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName",
 				this.accessToken, refreshToken);
 		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com"))
-				.attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient))
+				.attributes(oauth2AuthorizedClient(authorizedClient))
 				.build();
 		given(this.exchange.getResponse().rawStatusCode()).willReturn(HttpStatus.BAD_REQUEST.value());
 		this.function.filter(request, this.exchange).subscriberContext(serverWebExchange()).block();
@@ -621,8 +679,7 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 				.contentType(MediaType.APPLICATION_FORM_URLENCODED).body("username=username&password=password"))
 				.build();
 		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com"))
-				.attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction
-						.clientRegistrationId(registration.getRegistrationId()))
+				.attributes(clientRegistrationId(registration.getRegistrationId()))
 				.build();
 		this.function.filter(request, this.exchange)
 				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication))
@@ -646,8 +703,7 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		given(this.authorizedClientRepository.loadAuthorizedClient(any(), any(), any()))
 				.willReturn(Mono.just(authorizedClient));
 		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com"))
-				.attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction
-						.clientRegistrationId(this.registration.getRegistrationId()))
+				.attributes(clientRegistrationId(this.registration.getRegistrationId()))
 				.build();
 		this.function.filter(request, this.exchange).subscriberContext(serverWebExchange()).block();
 		List<ClientRequest> requests = this.exchange.getRequests();
@@ -710,8 +766,11 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 				Collections.singletonMap("user", "rob"), "user");
 		OAuth2AuthenticationToken authentication = new OAuth2AuthenticationToken(user, user.getAuthorities(),
 				"client-id");
+		// @formatter:off
 		this.function.filter(request, this.exchange)
-				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication)).block();
+				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication))
+				.block();
+		// @formatter:on
 		List<ClientRequest> requests = this.exchange.getRequests();
 		assertThat(requests).hasSize(1);
 		verifyZeroInteractions(this.clientRegistrationRepository, this.authorizedClientRepository);
@@ -724,11 +783,14 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 				this.accessToken, refreshToken);
 		given(this.authorizedClientRepository.loadAuthorizedClient(any(), any(), any()))
 				.willReturn(Mono.just(authorizedClient));
+		// @formatter:off
 		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com"))
-				.attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction
-						.clientRegistrationId(this.registration.getRegistrationId()))
+				.attributes(clientRegistrationId(this.registration.getRegistrationId()))
 				.build();
-		this.function.filter(request, this.exchange).subscriberContext(serverWebExchange()).block();
+		this.function.filter(request, this.exchange)
+				.subscriberContext(serverWebExchange())
+				.block();
+		// @formatter:on
 		verify(this.authorizedClientRepository).loadAuthorizedClient(eq(this.registration.getRegistrationId()), any(),
 				eq(this.serverWebExchange));
 	}
@@ -750,10 +812,11 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
 		ClientRegistration registration = TestClientRegistrations.clientCredentials().build();
 		given(this.clientRegistrationRepository.findByRegistrationId(eq(registration.getRegistrationId())))
 				.willReturn(Mono.just(registration));
+		// @formatter:off
 		ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com"))
-				.attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction
-						.clientRegistrationId(registration.getRegistrationId()))
+				.attributes(clientRegistrationId(registration.getRegistrationId()))
 				.build();
+		// @formatter:on
 		this.function.filter(request, this.exchange).block();
 		verify(unauthenticatedAuthorizedClientRepository).loadAuthorizedClient(any(), any(), any());
 		verify(this.clientCredentialsTokenResponseClient).getTokenResponse(any());
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionITests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionITests.java
index 06d676acaa..b1b67e24ac 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionITests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionITests.java
@@ -65,6 +65,7 @@ import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.spy;
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
+import static org.springframework.security.oauth2.client.web.reactive.function.client.ServletOAuth2AuthorizedClientExchangeFilterFunction.clientRegistrationId;
 
 /**
  * @author Joe Grandja
@@ -99,7 +100,11 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionITests {
 		// BlockHound to error.
 		// NOTE: This is an issue with JDK 8. It's been tested on JDK 10 and works fine
 		// w/o this white-list.
-		BlockHound.builder().allowBlockingCallsInside(Class.class.getName(), "getPackage").install();
+		// @formatter:off
+		BlockHound.builder()
+				.allowBlockingCallsInside(Class.class.getName(), "getPackage")
+				.install();
+		// @formatter:on
 	}
 
 	@Before
@@ -148,10 +153,18 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionITests {
 
 	@Test
 	public void requestWhenNotAuthorizedThenAuthorizeAndSendRequest() {
-		String accessTokenResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
-				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\",\n"
-				+ "   \"scope\": \"read write\"\n" + "}\n";
-		String clientResponse = "{\n" + "	\"attribute1\": \"value1\",\n" + "	\"attribute2\": \"value2\"\n" + "}\n";
+		// @formatter:off
+		String accessTokenResponse = "{\n"
+			+ "   \"access_token\": \"access-token-1234\",\n"
+			+ "   \"token_type\": \"bearer\",\n"
+			+ "   \"expires_in\": \"3600\",\n"
+			+ "   \"scope\": \"read write\"\n"
+			+ "}\n";
+		String clientResponse = "{\n"
+			+ "	\"attribute1\": \"value1\",\n"
+			+ "	\"attribute2\": \"value2\"\n"
+			+ "}\n";
+		// @formatter:on
 		this.server.enqueue(jsonResponse(accessTokenResponse));
 		this.server.enqueue(jsonResponse(clientResponse));
 		ClientRegistration clientRegistration = TestClientRegistrations.clientCredentials().tokenUri(this.serverUrl)
@@ -159,8 +172,7 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionITests {
 		given(this.clientRegistrationRepository.findByRegistrationId(eq(clientRegistration.getRegistrationId())))
 				.willReturn(clientRegistration);
 		this.webClient.get().uri(this.serverUrl)
-				.attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction
-						.clientRegistrationId(clientRegistration.getRegistrationId()))
+				.attributes(clientRegistrationId(clientRegistration.getRegistrationId()))
 				.retrieve().bodyToMono(String.class).block();
 		assertThat(this.server.getRequestCount()).isEqualTo(2);
 		ArgumentCaptor<OAuth2AuthorizedClient> authorizedClientCaptor = ArgumentCaptor
@@ -172,9 +184,17 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionITests {
 
 	@Test
 	public void requestWhenAuthorizedButExpiredThenRefreshAndSendRequest() {
-		String accessTokenResponse = "{\n" + "	\"access_token\": \"refreshed-access-token\",\n"
-				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\"\n" + "}\n";
-		String clientResponse = "{\n" + "	\"attribute1\": \"value1\",\n" + "	\"attribute2\": \"value2\"\n" + "}\n";
+		// @formatter:off
+		String accessTokenResponse = "{\n"
+			+ "   \"access_token\": \"refreshed-access-token\",\n"
+			+ "   \"token_type\": \"bearer\",\n"
+			+ "   \"expires_in\": \"3600\"\n"
+			+ "}\n";
+		String clientResponse = "{\n"
+			+ "	\"attribute1\": \"value1\",\n"
+			+ "	\"attribute2\": \"value2\"\n"
+			+ "}\n";
+		// @formatter:on
 		this.server.enqueue(jsonResponse(accessTokenResponse));
 		this.server.enqueue(jsonResponse(clientResponse));
 		ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().tokenUri(this.serverUrl)
@@ -191,8 +211,7 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionITests {
 		doReturn(authorizedClient).when(this.authorizedClientRepository).loadAuthorizedClient(
 				eq(clientRegistration.getRegistrationId()), eq(this.authentication), eq(this.request));
 		this.webClient.get().uri(this.serverUrl)
-				.attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction
-						.clientRegistrationId(clientRegistration.getRegistrationId()))
+				.attributes(clientRegistrationId(clientRegistration.getRegistrationId()))
 				.retrieve().bodyToMono(String.class).block();
 		assertThat(this.server.getRequestCount()).isEqualTo(2);
 		ArgumentCaptor<OAuth2AuthorizedClient> authorizedClientCaptor = ArgumentCaptor
@@ -206,10 +225,18 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionITests {
 
 	@Test
 	public void requestMultipleWhenNoneAuthorizedThenAuthorizeAndSendRequest() {
-		String accessTokenResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
-				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\",\n"
-				+ "   \"scope\": \"read write\"\n" + "}\n";
-		String clientResponse = "{\n" + "	\"attribute1\": \"value1\",\n" + "	\"attribute2\": \"value2\"\n" + "}\n";
+		// @formatter:off
+		String accessTokenResponse = "{\n"
+			+ "   \"access_token\": \"access-token-1234\",\n"
+			+ "   \"token_type\": \"bearer\",\n"
+			+ "   \"expires_in\": \"3600\",\n"
+			+ "   \"scope\": \"read write\"\n"
+			+ "}\n";
+		String clientResponse = "{\n"
+			+ "   \"attribute1\": \"value1\",\n"
+			+ "   \"attribute2\": \"value2\"\n"
+			+ "}\n";
+		// @formatter:on
 		// Client 1
 		this.server.enqueue(jsonResponse(accessTokenResponse));
 		this.server.enqueue(jsonResponse(clientResponse));
@@ -224,15 +251,22 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionITests {
 				.tokenUri(this.serverUrl).build();
 		given(this.clientRegistrationRepository.findByRegistrationId(eq(clientRegistration2.getRegistrationId())))
 				.willReturn(clientRegistration2);
-		this.webClient.get().uri(this.serverUrl)
-				.attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction
-						.clientRegistrationId(clientRegistration1.getRegistrationId()))
-				.retrieve().bodyToMono(String.class)
-				.flatMap((response) -> this.webClient.get().uri(this.serverUrl)
-						.attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction
-								.clientRegistrationId(clientRegistration2.getRegistrationId()))
-						.retrieve().bodyToMono(String.class))
-				.subscriberContext(context()).block();
+		// @formatter:off
+		this.webClient.get()
+				.uri(this.serverUrl)
+				.attributes(clientRegistrationId(clientRegistration1.getRegistrationId()))
+				.retrieve()
+				.bodyToMono(String.class)
+				.flatMap((response) -> this.webClient
+					.get()
+					.uri(this.serverUrl)
+					.attributes(clientRegistrationId(clientRegistration2.getRegistrationId()))
+					.retrieve()
+					.bodyToMono(String.class)
+				)
+				.subscriberContext(context())
+				.block();
+		// @formatter:on
 		assertThat(this.server.getRequestCount()).isEqualTo(4);
 		ArgumentCaptor<OAuth2AuthorizedClient> authorizedClientCaptor = ArgumentCaptor
 				.forClass(OAuth2AuthorizedClient.class);
@@ -252,7 +286,11 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionITests {
 	}
 
 	private MockResponse jsonResponse(String json) {
-		return new MockResponse().setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE).setBody(json);
+		// @formatter:off
+		return new MockResponse()
+				.setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE)
+				.setBody(json);
+		// @formatter:on
 	}
 
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/result/method/annotation/OAuth2AuthorizedClientArgumentResolverTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/result/method/annotation/OAuth2AuthorizedClientArgumentResolverTests.java
index 16a7cd5c5f..cae90564be 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/result/method/annotation/OAuth2AuthorizedClientArgumentResolverTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/result/method/annotation/OAuth2AuthorizedClientArgumentResolverTests.java
@@ -80,8 +80,14 @@ public class OAuth2AuthorizedClientArgumentResolverTests {
 
 	@Before
 	public void setUp() {
+		// @formatter:off
 		ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider = ReactiveOAuth2AuthorizedClientProviderBuilder
-				.builder().authorizationCode().refreshToken().clientCredentials().build();
+				.builder()
+				.authorizationCode()
+				.refreshToken()
+				.clientCredentials()
+				.build();
+		// @formatter:on
 		DefaultReactiveOAuth2AuthorizedClientManager authorizedClientManager = new DefaultReactiveOAuth2AuthorizedClientManager(
 				this.clientRegistrationRepository, this.authorizedClientRepository);
 		authorizedClientManager.setAuthorizedClientProvider(authorizedClientProvider);
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolverTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolverTests.java
index a48ffbb194..ecccefbb43 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolverTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolverTests.java
@@ -93,8 +93,12 @@ public class DefaultServerOAuth2AuthorizationRequestResolverTests {
 	@Test
 	public void resolveWhenForwardedHeadersClientRegistrationFoundThenWorks() {
 		given(this.clientRegistrationRepository.findByRegistrationId(any())).willReturn(Mono.just(this.registration));
-		ServerWebExchange exchange = MockServerWebExchange
-				.from(MockServerHttpRequest.get("/oauth2/authorization/id").header("X-Forwarded-Host", "evil.com"));
+		// @formatter:off
+		MockServerHttpRequest.BaseBuilder<?> httpRequest = MockServerHttpRequest
+				.get("/oauth2/authorization/id")
+				.header("X-Forwarded-Host", "evil.com");
+		// @formatter:on
+		ServerWebExchange exchange = MockServerWebExchange.from(httpRequest);
 		OAuth2AuthorizationRequest request = this.resolver.resolve(exchange).block();
 		assertThat(request.getAuthorizationRequestUri())
 				.matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id&"
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationCodeGrantWebFilterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationCodeGrantWebFilterTests.java
index b5a1f5c5e7..b474ce8a9f 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationCodeGrantWebFilterTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationCodeGrantWebFilterTests.java
@@ -301,8 +301,12 @@ public class OAuth2AuthorizationCodeGrantWebFilterTests {
 			MockServerHttpRequest authorizationRequest, ClientRegistration registration) {
 		Map<String, Object> attributes = new HashMap<>();
 		attributes.put(OAuth2ParameterNames.REGISTRATION_ID, registration.getRegistrationId());
-		return TestOAuth2AuthorizationRequests.request().attributes(attributes)
-				.redirectUri(authorizationRequest.getURI().toString()).build();
+		// @formatter:off
+		return TestOAuth2AuthorizationRequests.request()
+				.attributes(attributes)
+				.redirectUri(authorizationRequest.getURI().toString())
+				.build();
+		// @formatter:on
 	}
 
 	private static MockServerHttpRequest createAuthorizationRequest(String requestUri) {
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationRequestRedirectWebFilterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationRequestRedirectWebFilterTests.java
index a1a7f9e657..448425169e 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationRequestRedirectWebFilterTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationRequestRedirectWebFilterTests.java
@@ -41,7 +41,7 @@ import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.verifyZeroInteractions;
+import static org.mockito.Mockito.verifyNoInteractions;
 
 /**
  * @author Rob Winch
@@ -86,15 +86,23 @@ public class OAuth2AuthorizationRequestRedirectWebFilterTests {
 
 	@Test
 	public void filterWhenDoesNotMatchThenClientRegistrationRepositoryNotSubscribed() {
-		this.client.get().exchange().expectStatus().isOk();
-		verifyZeroInteractions(this.clientRepository, this.authzRequestRepository);
+		// @formatter:off
+		this.client.get()
+				.exchange()
+				.expectStatus().isOk();
+		// @formatter:on
+		verifyNoInteractions(this.clientRepository, this.authzRequestRepository);
 	}
 
 	@Test
 	public void filterWhenDoesMatchThenClientRegistrationRepositoryNotSubscribed() {
+		// @formatter:off
 		FluxExchangeResult<String> result = this.client.get()
-				.uri("https://example.com/oauth2/authorization/registration-id").exchange().expectStatus()
-				.is3xxRedirection().returnResult(String.class);
+				.uri("https://example.com/oauth2/authorization/registration-id")
+				.exchange()
+				.expectStatus().is3xxRedirection()
+				.returnResult(String.class);
+		// @formatter:on
 		result.assertWithDiagnostics(() -> {
 			URI location = result.getResponseHeaders().getLocation();
 			assertThat(location).hasScheme("https").hasHost("example.com").hasPath("/login/oauth/authorize")
@@ -108,16 +116,23 @@ public class OAuth2AuthorizationRequestRedirectWebFilterTests {
 	// gh-5520
 	@Test
 	public void filterWhenDoesMatchThenResolveRedirectUriExpandedExcludesQueryString() {
+		// @formatter:off
 		FluxExchangeResult<String> result = this.client.get()
 				.uri("https://example.com/oauth2/authorization/registration-id?foo=bar").exchange().expectStatus()
 				.is3xxRedirection().returnResult(String.class);
 		result.assertWithDiagnostics(() -> {
 			URI location = result.getResponseHeaders().getLocation();
-			assertThat(location).hasScheme("https").hasHost("example.com").hasPath("/login/oauth/authorize")
-					.hasParameter("response_type", "code").hasParameter("client_id", "client-id")
-					.hasParameter("scope", "read:user").hasParameter("state")
+			assertThat(location)
+					.hasScheme("https")
+					.hasHost("example.com")
+					.hasPath("/login/oauth/authorize")
+					.hasParameter("response_type", "code")
+					.hasParameter("client_id", "client-id")
+					.hasParameter("scope", "read:user")
+					.hasParameter("state")
 					.hasParameter("redirect_uri", "https://example.com/login/oauth2/code/registration-id");
 		});
+		// @formatter:on
 	}
 
 	@Test
@@ -125,9 +140,15 @@ public class OAuth2AuthorizationRequestRedirectWebFilterTests {
 		FilteringWebHandler webHandler = new FilteringWebHandler(
 				(e) -> Mono.error(new ClientAuthorizationRequiredException(this.registration.getRegistrationId())),
 				Arrays.asList(this.filter));
-		this.client = WebTestClient.bindToWebHandler(webHandler).build();
-		FluxExchangeResult<String> result = this.client.get().uri("https://example.com/foo").exchange().expectStatus()
-				.is3xxRedirection().returnResult(String.class);
+		// @formatter:off
+		this.client = WebTestClient.bindToWebHandler(webHandler)
+				.build();
+		FluxExchangeResult<String> result = this.client.get()
+				.uri("https://example.com/foo")
+				.exchange()
+				.expectStatus().is3xxRedirection()
+				.returnResult(String.class);
+		// @formatter:on
 	}
 
 	@Test
@@ -137,18 +158,29 @@ public class OAuth2AuthorizationRequestRedirectWebFilterTests {
 		FilteringWebHandler webHandler = new FilteringWebHandler(
 				(e) -> Mono.error(new ClientAuthorizationRequiredException(this.registration.getRegistrationId())),
 				Arrays.asList(this.filter));
-		this.client = WebTestClient.bindToWebHandler(webHandler).build();
-		this.client.get().uri("https://example.com/foo").exchange().expectStatus().is3xxRedirection()
+		// @formatter:off
+		this.client = WebTestClient.bindToWebHandler(webHandler)
+				.build();
+		this.client.get()
+				.uri("https://example.com/foo")
+				.exchange()
+				.expectStatus().is3xxRedirection()
 				.returnResult(String.class);
+		// @formatter:on
 		verify(this.requestCache).saveRequest(any());
 	}
 
 	@Test
 	public void filterWhenPathMatchesThenRequestSessionAttributeNotSaved() {
 		this.filter.setRequestCache(this.requestCache);
-		this.client.get().uri("https://example.com/oauth2/authorization/registration-id").exchange().expectStatus()
-				.is3xxRedirection().returnResult(String.class);
-		verifyZeroInteractions(this.requestCache);
+		// @formatter:off
+		this.client.get()
+				.uri("https://example.com/oauth2/authorization/registration-id")
+				.exchange()
+				.expectStatus().is3xxRedirection()
+				.returnResult(String.class);
+		// @formatter:on
+		verifyNoInteractions(this.requestCache);
 	}
 
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizationCodeAuthenticationTokenConverterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizationCodeAuthenticationTokenConverterTests.java
index a1dfa74248..fad1584328 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizationCodeAuthenticationTokenConverterTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizationCodeAuthenticationTokenConverterTests.java
@@ -58,18 +58,30 @@ public class ServerOAuth2AuthorizationCodeAuthenticationTokenConverterTests {
 
 	private String clientRegistrationId = "github";
 
+	// @formatter:off
 	private ClientRegistration clientRegistration = ClientRegistration.withRegistrationId(this.clientRegistrationId)
 			.redirectUri("{baseUrl}/{action}/oauth2/code/{registrationId}")
 			.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
-			.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).scope("read:user")
+			.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
+			.scope("read:user")
 			.authorizationUri("https://github.com/login/oauth/authorize")
-			.tokenUri("https://github.com/login/oauth/access_token").userInfoUri("https://api.github.com/user")
-			.userNameAttributeName("id").clientName("GitHub").clientId("clientId").clientSecret("clientSecret").build();
+			.tokenUri("https://github.com/login/oauth/access_token")
+			.userInfoUri("https://api.github.com/user")
+			.userNameAttributeName("id")
+			.clientName("GitHub")
+			.clientId("clientId")
+			.clientSecret("clientSecret")
+			.build();
+	// @formatter:on
 
+	// @formatter:off
 	private OAuth2AuthorizationRequest.Builder authorizationRequest = OAuth2AuthorizationRequest.authorizationCode()
-			.authorizationUri("https://example.com/oauth2/authorize").clientId("client-id")
-			.redirectUri("http://localhost/client-1").state("state")
+			.authorizationUri("https://example.com/oauth2/authorize")
+			.clientId("client-id")
+			.redirectUri("http://localhost/client-1")
+			.state("state")
 			.attributes(Collections.singletonMap(OAuth2ParameterNames.REGISTRATION_ID, this.clientRegistrationId));
+	// @formatter:on
 
 	private final MockServerHttpRequest.BaseBuilder<?> request = MockServerHttpRequest.get("/");
 
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/WebSessionOAuth2ServerAuthorizationRequestRepositoryTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/WebSessionOAuth2ServerAuthorizationRequestRepositoryTests.java
index c2be0f46bf..adae7ac311 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/WebSessionOAuth2ServerAuthorizationRequestRepositoryTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/WebSessionOAuth2ServerAuthorizationRequestRepositoryTests.java
@@ -51,9 +51,14 @@ public class WebSessionOAuth2ServerAuthorizationRequestRepositoryTests {
 
 	private WebSessionOAuth2ServerAuthorizationRequestRepository repository = new WebSessionOAuth2ServerAuthorizationRequestRepository();
 
+	// @formatter:off
 	private OAuth2AuthorizationRequest authorizationRequest = OAuth2AuthorizationRequest.authorizationCode()
-			.authorizationUri("https://example.com/oauth2/authorize").clientId("client-id")
-			.redirectUri("http://localhost/client-1").state("state").build();
+			.authorizationUri("https://example.com/oauth2/authorize")
+			.clientId("client-id")
+			.redirectUri("http://localhost/client-1")
+			.state("state")
+			.build();
+	// @formatter:on
 
 	private ServerWebExchange exchange = MockServerWebExchange
 			.from(MockServerHttpRequest.get("/").queryParam(OAuth2ParameterNames.STATE, "state"));
@@ -66,55 +71,80 @@ public class WebSessionOAuth2ServerAuthorizationRequestRepositoryTests {
 
 	@Test
 	public void loadAuthorizationRequestWhenNoSessionThenEmpty() {
-		StepVerifier.create(this.repository.loadAuthorizationRequest(this.exchange)).verifyComplete();
+		// @formatter:off
+		StepVerifier.create(this.repository.loadAuthorizationRequest(this.exchange))
+				.verifyComplete();
+		// @formatter:on
 		assertSessionStartedIs(false);
 	}
 
 	@Test
 	public void loadAuthorizationRequestWhenSessionAndNoRequestThenEmpty() {
-		Mono<OAuth2AuthorizationRequest> setAttrThenLoad = this.exchange.getSession().map(WebSession::getAttributes)
+		// @formatter:off
+		Mono<OAuth2AuthorizationRequest> setAttrThenLoad = this.exchange.getSession()
+				.map(WebSession::getAttributes)
 				.doOnNext((attrs) -> attrs.put("foo", "bar"))
 				.then(this.repository.loadAuthorizationRequest(this.exchange));
-		StepVerifier.create(setAttrThenLoad).verifyComplete();
+		StepVerifier.create(setAttrThenLoad)
+				.verifyComplete();
+		// @formatter:on
 	}
 
 	@Test
 	public void loadAuthorizationRequestWhenNoStateParamThenEmpty() {
 		this.exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/"));
+		// @formatter:off
 		Mono<OAuth2AuthorizationRequest> saveAndLoad = this.repository
 				.saveAuthorizationRequest(this.authorizationRequest, this.exchange)
 				.then(this.repository.loadAuthorizationRequest(this.exchange));
-		StepVerifier.create(saveAndLoad).verifyComplete();
+		StepVerifier.create(saveAndLoad)
+				.verifyComplete();
+		// @formatter:on
 	}
 
 	@Test
 	public void loadAuthorizationRequestWhenSavedThenAuthorizationRequest() {
+		// @formatter:off
 		Mono<OAuth2AuthorizationRequest> saveAndLoad = this.repository
 				.saveAuthorizationRequest(this.authorizationRequest, this.exchange)
 				.then(this.repository.loadAuthorizationRequest(this.exchange));
-		StepVerifier.create(saveAndLoad).expectNext(this.authorizationRequest).verifyComplete();
+		StepVerifier.create(saveAndLoad)
+				.expectNext(this.authorizationRequest)
+				.verifyComplete();
+		// @formatter:on
 	}
 
 	@Test
 	public void loadAuthorizationRequestWhenMultipleSavedThenAuthorizationRequest() {
 		String oldState = "state0";
+		// @formatter:off
 		MockServerHttpRequest oldRequest = MockServerHttpRequest.get("/")
-				.queryParam(OAuth2ParameterNames.STATE, oldState).build();
+				.queryParam(OAuth2ParameterNames.STATE, oldState)
+				.build();
 		OAuth2AuthorizationRequest oldAuthorizationRequest = OAuth2AuthorizationRequest.authorizationCode()
-				.authorizationUri("https://example.com/oauth2/authorize").clientId("client-id")
-				.redirectUri("http://localhost/client-1").state(oldState).build();
+				.authorizationUri("https://example.com/oauth2/authorize")
+				.clientId("client-id")
+				.redirectUri("http://localhost/client-1")
+				.state(oldState)
+				.build();
+		// @formatter:on
 		WebSessionManager sessionManager = (e) -> this.exchange.getSession();
 		this.exchange = new DefaultServerWebExchange(this.exchange.getRequest(), new MockServerHttpResponse(),
 				sessionManager, ServerCodecConfigurer.create(), new AcceptHeaderLocaleContextResolver());
 		ServerWebExchange oldExchange = new DefaultServerWebExchange(oldRequest, new MockServerHttpResponse(),
 				sessionManager, ServerCodecConfigurer.create(), new AcceptHeaderLocaleContextResolver());
+		// @formatter:off
 		Mono<OAuth2AuthorizationRequest> saveAndSaveAndLoad = this.repository
 				.saveAuthorizationRequest(oldAuthorizationRequest, oldExchange)
 				.then(this.repository.saveAuthorizationRequest(this.authorizationRequest, this.exchange))
 				.then(this.repository.loadAuthorizationRequest(oldExchange));
-		StepVerifier.create(saveAndSaveAndLoad).expectNext(oldAuthorizationRequest).verifyComplete();
+		StepVerifier.create(saveAndSaveAndLoad)
+				.expectNext(oldAuthorizationRequest)
+				.verifyComplete();
 		StepVerifier.create(this.repository.loadAuthorizationRequest(this.exchange))
-				.expectNext(this.authorizationRequest).verifyComplete();
+				.expectNext(this.authorizationRequest)
+				.verifyComplete();
+		// @formatter:on
 	}
 
 	@Test
@@ -147,58 +177,89 @@ public class WebSessionOAuth2ServerAuthorizationRequestRepositoryTests {
 
 	@Test
 	public void removeAuthorizationRequestWhenPresentThenFoundAndRemoved() {
+		// @formatter:off
 		Mono<OAuth2AuthorizationRequest> saveAndRemove = this.repository
 				.saveAuthorizationRequest(this.authorizationRequest, this.exchange)
 				.then(this.repository.removeAuthorizationRequest(this.exchange));
-		StepVerifier.create(saveAndRemove).expectNext(this.authorizationRequest).verifyComplete();
-		StepVerifier.create(this.exchange.getSession().map(WebSession::getAttributes).map(Map::isEmpty))
+		StepVerifier.create(saveAndRemove)
+				.expectNext(this.authorizationRequest)
+				.verifyComplete();
+		StepVerifier.create(this.exchange
+					.getSession()
+					.map(WebSession::getAttributes)
+					.map(Map::isEmpty)
+				)
 				.expectNext(true).verifyComplete();
+		// @formatter:on
 	}
 
 	// gh-5599
 	@Test
 	public void removeAuthorizationRequestWhenStateMissingThenNoErrors() {
+		// @formatter:off
 		MockServerHttpRequest otherState = MockServerHttpRequest.get("/")
-				.queryParam(OAuth2ParameterNames.STATE, "other").build();
-		ServerWebExchange otherStateExchange = this.exchange.mutate().request(otherState).build();
+				.queryParam(OAuth2ParameterNames.STATE, "other")
+				.build();
+		ServerWebExchange otherStateExchange = this.exchange.mutate()
+				.request(otherState)
+				.build();
 		Mono<OAuth2AuthorizationRequest> saveAndRemove = this.repository
 				.saveAuthorizationRequest(this.authorizationRequest, this.exchange)
 				.then(this.repository.removeAuthorizationRequest(otherStateExchange));
-		StepVerifier.create(saveAndRemove).verifyComplete();
+		StepVerifier.create(saveAndRemove)
+				.verifyComplete();
+		// @formatter:on
 	}
 
 	@Test
 	public void removeAuthorizationRequestWhenMultipleThenOnlyOneRemoved() {
 		String oldState = "state0";
+		// @formatter:off
 		MockServerHttpRequest oldRequest = MockServerHttpRequest.get("/")
-				.queryParam(OAuth2ParameterNames.STATE, oldState).build();
+				.queryParam(OAuth2ParameterNames.STATE, oldState)
+				.build();
 		OAuth2AuthorizationRequest oldAuthorizationRequest = OAuth2AuthorizationRequest.authorizationCode()
-				.authorizationUri("https://example.com/oauth2/authorize").clientId("client-id")
-				.redirectUri("http://localhost/client-1").state(oldState).build();
+				.authorizationUri("https://example.com/oauth2/authorize")
+				.clientId("client-id")
+				.redirectUri("http://localhost/client-1")
+				.state(oldState)
+				.build();
+		// @formatter:on
 		WebSessionManager sessionManager = (e) -> this.exchange.getSession();
 		this.exchange = new DefaultServerWebExchange(this.exchange.getRequest(), new MockServerHttpResponse(),
 				sessionManager, ServerCodecConfigurer.create(), new AcceptHeaderLocaleContextResolver());
 		ServerWebExchange oldExchange = new DefaultServerWebExchange(oldRequest, new MockServerHttpResponse(),
 				sessionManager, ServerCodecConfigurer.create(), new AcceptHeaderLocaleContextResolver());
+		// @formatter:off
 		Mono<OAuth2AuthorizationRequest> saveAndSaveAndRemove = this.repository
 				.saveAuthorizationRequest(oldAuthorizationRequest, oldExchange)
 				.then(this.repository.saveAuthorizationRequest(this.authorizationRequest, this.exchange))
 				.then(this.repository.removeAuthorizationRequest(this.exchange));
-		StepVerifier.create(saveAndSaveAndRemove).expectNext(this.authorizationRequest).verifyComplete();
-		StepVerifier.create(this.repository.loadAuthorizationRequest(this.exchange)).verifyComplete();
-		StepVerifier.create(this.repository.loadAuthorizationRequest(oldExchange)).expectNext(oldAuthorizationRequest)
+		StepVerifier.create(saveAndSaveAndRemove).expectNext(this.authorizationRequest)
 				.verifyComplete();
+		StepVerifier.create(this.repository.loadAuthorizationRequest(this.exchange))
+				.verifyComplete();
+		StepVerifier.create(this.repository.loadAuthorizationRequest(oldExchange))
+				.expectNext(oldAuthorizationRequest)
+				.verifyComplete();
+		// @formatter:on
 	}
 
 	// gh-7327
 	@Test
 	public void removeAuthorizationRequestWhenMultipleThenRemovedAndSessionAttributeUpdated() {
 		String oldState = "state0";
+		// @formatter:off
 		MockServerHttpRequest oldRequest = MockServerHttpRequest.get("/")
-				.queryParam(OAuth2ParameterNames.STATE, oldState).build();
+				.queryParam(OAuth2ParameterNames.STATE, oldState)
+				.build();
 		OAuth2AuthorizationRequest oldAuthorizationRequest = OAuth2AuthorizationRequest.authorizationCode()
-				.authorizationUri("https://example.com/oauth2/authorize").clientId("client-id")
-				.redirectUri("http://localhost/client-1").state(oldState).build();
+				.authorizationUri("https://example.com/oauth2/authorize")
+				.clientId("client-id")
+				.redirectUri("http://localhost/client-1")
+				.state(oldState)
+				.build();
+		// @formatter:on
 		Map<String, Object> sessionAttrs = spy(new HashMap<>());
 		WebSession session = mock(WebSession.class);
 		given(session.getAttributes()).willReturn(sessionAttrs);
@@ -207,18 +268,27 @@ public class WebSessionOAuth2ServerAuthorizationRequestRepositoryTests {
 				sessionManager, ServerCodecConfigurer.create(), new AcceptHeaderLocaleContextResolver());
 		ServerWebExchange oldExchange = new DefaultServerWebExchange(oldRequest, new MockServerHttpResponse(),
 				sessionManager, ServerCodecConfigurer.create(), new AcceptHeaderLocaleContextResolver());
+		// @formatter:off
 		Mono<OAuth2AuthorizationRequest> saveAndSaveAndRemove = this.repository
 				.saveAuthorizationRequest(oldAuthorizationRequest, oldExchange)
 				.then(this.repository.saveAuthorizationRequest(this.authorizationRequest, this.exchange))
 				.then(this.repository.removeAuthorizationRequest(this.exchange));
-		StepVerifier.create(saveAndSaveAndRemove).expectNext(this.authorizationRequest).verifyComplete();
-		StepVerifier.create(this.repository.loadAuthorizationRequest(this.exchange)).verifyComplete();
+		StepVerifier.create(saveAndSaveAndRemove).expectNext(this.authorizationRequest)
+				.verifyComplete();
+		StepVerifier.create(this.repository.loadAuthorizationRequest(this.exchange))
+				.verifyComplete();
+		// @formatter:on
 		verify(sessionAttrs, times(3)).put(any(), any());
 	}
 
 	private void assertSessionStartedIs(boolean expected) {
-		Mono<Boolean> isStarted = this.exchange.getSession().map(WebSession::isStarted);
-		StepVerifier.create(isStarted).expectNext(expected).verifyComplete();
+		// @formatter:off
+		Mono<Boolean> isStarted = this.exchange.getSession()
+				.map(WebSession::isStarted);
+		StepVerifier.create(isStarted)
+				.expectNext(expected)
+				.verifyComplete();
+		// @formatter:on
 	}
 
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/authentication/OAuth2LoginAuthenticationWebFilterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/authentication/OAuth2LoginAuthenticationWebFilterTests.java
index 195d8edd7e..6c89588554 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/authentication/OAuth2LoginAuthenticationWebFilterTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/authentication/OAuth2LoginAuthenticationWebFilterTests.java
@@ -90,12 +90,19 @@ public class OAuth2LoginAuthenticationWebFilterTests {
 		DefaultOAuth2User user = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("ROLE_USER"),
 				Collections.singletonMap("user", "rob"), "user");
 		ClientRegistration clientRegistration = this.registration.build();
-		OAuth2AuthorizationRequest authorizationRequest = OAuth2AuthorizationRequest.authorizationCode().state("state")
+		// @formatter:off
+		OAuth2AuthorizationRequest authorizationRequest = OAuth2AuthorizationRequest.authorizationCode()
+				.state("state")
 				.clientId(clientRegistration.getClientId())
-				.authorizationUri(clientRegistration.getProviderDetails().getAuthorizationUri())
-				.redirectUri(clientRegistration.getRedirectUri()).scopes(clientRegistration.getScopes()).build();
+				.authorizationUri(clientRegistration.getProviderDetails()
+				.getAuthorizationUri())
+				.redirectUri(clientRegistration.getRedirectUri())
+				.scopes(clientRegistration.getScopes())
+				.build();
 		OAuth2AuthorizationResponse authorizationResponse = this.authorizationResponseBldr
-				.redirectUri(clientRegistration.getRedirectUri()).build();
+				.redirectUri(clientRegistration.getRedirectUri())
+				.build();
+		// @formatter:on
 		OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(authorizationRequest,
 				authorizationResponse);
 		return new OAuth2LoginAuthenticationToken(clientRegistration, authorizationExchange, user,

From a729d24d473d9fc2bc4627c9d4e76a466c3ee486 Mon Sep 17 00:00:00 2001
From: Rob Winch <rwinch@users.noreply.github.com>
Date: Mon, 24 Aug 2020 09:49:25 -0500
Subject: [PATCH 82/84] Polish oauth2-core format

Issue gh-8945
---
 ...MapOAuth2AccessTokenResponseConverter.java |  11 +-
 .../endpoint/OAuth2AuthorizationRequest.java  |   8 +-
 ...cessTokenResponseHttpMessageConverter.java |   6 +-
 ...Auth2AccessTokenResponseBodyExtractor.java |  12 +-
 ...2AccessTokenResponseMapConverterTests.java |  17 +-
 .../OAuth2AccessTokenResponseTests.java       |  59 +++++--
 .../OAuth2AuthorizationRequestTests.java      | 157 ++++++++++++++----
 .../OAuth2AuthorizationResponseTests.java     |  95 +++++++++--
 .../TestOAuth2AccessTokenResponses.java       |   6 +-
 .../TestOAuth2AuthorizationRequests.java      |   8 +-
 .../TestOAuth2AuthorizationResponses.java     |   7 +-
 ...okenResponseHttpMessageConverterTests.java |  70 +++++---
 .../OAuth2ErrorHttpMessageConverterTests.java |  21 ++-
 .../DefaultAddressStandardClaimTests.java     |  13 +-
 .../core/oidc/OidcIdTokenBuilderTests.java    |  31 +++-
 .../core/oidc/OidcUserInfoBuilderTests.java   |  39 ++++-
 .../oauth2/core/oidc/TestOidcIdTokens.java    |  11 +-
 .../oauth2/core/oidc/user/TestOidcUsers.java  |  10 +-
 .../function/OAuth2BodyExtractorsTests.java   |  35 +++-
 19 files changed, 489 insertions(+), 127 deletions(-)

diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/MapOAuth2AccessTokenResponseConverter.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/MapOAuth2AccessTokenResponseConverter.java
index fefa9eb7c3..ef5e138232 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/MapOAuth2AccessTokenResponseConverter.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/MapOAuth2AccessTokenResponseConverter.java
@@ -55,8 +55,15 @@ public final class MapOAuth2AccessTokenResponseConverter
 				additionalParameters.put(entry.getKey(), entry.getValue());
 			}
 		}
-		return OAuth2AccessTokenResponse.withToken(accessToken).tokenType(accessTokenType).expiresIn(expiresIn)
-				.scopes(scopes).refreshToken(refreshToken).additionalParameters(additionalParameters).build();
+		// @formatter:off
+		return OAuth2AccessTokenResponse.withToken(accessToken)
+				.tokenType(accessTokenType)
+				.expiresIn(expiresIn)
+				.scopes(scopes)
+				.refreshToken(refreshToken)
+				.additionalParameters(additionalParameters)
+				.build();
+		// @formatter:on
 	}
 
 	private OAuth2AccessToken.TokenType getAccessTokenType(Map<String, String> tokenResponseParameters) {
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequest.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequest.java
index ec04c68a55..9809ea6c1f 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequest.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequest.java
@@ -215,12 +215,16 @@ public final class OAuth2AuthorizationRequest implements Serializable {
 	 */
 	public static Builder from(OAuth2AuthorizationRequest authorizationRequest) {
 		Assert.notNull(authorizationRequest, "authorizationRequest cannot be null");
+		// @formatter:off
 		return new Builder(authorizationRequest.getGrantType())
 				.authorizationUri(authorizationRequest.getAuthorizationUri())
-				.clientId(authorizationRequest.getClientId()).redirectUri(authorizationRequest.getRedirectUri())
-				.scopes(authorizationRequest.getScopes()).state(authorizationRequest.getState())
+				.clientId(authorizationRequest.getClientId())
+				.redirectUri(authorizationRequest.getRedirectUri())
+				.scopes(authorizationRequest.getScopes())
+				.state(authorizationRequest.getState())
 				.additionalParameters(authorizationRequest.getAdditionalParameters())
 				.attributes(authorizationRequest.getAttributes());
+		// @formatter:on
 	}
 
 	/**
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/http/converter/OAuth2AccessTokenResponseHttpMessageConverter.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/http/converter/OAuth2AccessTokenResponseHttpMessageConverter.java
index 5203ce484c..513a14fc82 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/http/converter/OAuth2AccessTokenResponseHttpMessageConverter.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/http/converter/OAuth2AccessTokenResponseHttpMessageConverter.java
@@ -77,8 +77,12 @@ public class OAuth2AccessTokenResponseHttpMessageConverter
 			// Object and then convert values to String
 			Map<String, Object> tokenResponseParameters = (Map<String, Object>) this.jsonMessageConverter
 					.read(STRING_OBJECT_MAP.getType(), null, inputMessage);
-			return this.tokenResponseConverter.convert(tokenResponseParameters.entrySet().stream()
+			// @formatter:off
+			return this.tokenResponseConverter.convert(tokenResponseParameters
+					.entrySet()
+					.stream()
 					.collect(Collectors.toMap(Map.Entry::getKey, (entry) -> String.valueOf(entry.getValue()))));
+			// @formatter:on
 		}
 		catch (Exception ex) {
 			throw new HttpMessageNotReadableException(
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/web/reactive/function/OAuth2AccessTokenResponseBodyExtractor.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/web/reactive/function/OAuth2AccessTokenResponseBodyExtractor.java
index 5154cb07a8..6c3d93c1c0 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/web/reactive/function/OAuth2AccessTokenResponseBodyExtractor.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/web/reactive/function/OAuth2AccessTokenResponseBodyExtractor.java
@@ -123,9 +123,15 @@ class OAuth2AccessTokenResponseBodyExtractor
 			refreshToken = accessTokenResponse.getTokens().getRefreshToken().getValue();
 		}
 		Map<String, Object> additionalParameters = new LinkedHashMap<>(accessTokenResponse.getCustomParameters());
-		return OAuth2AccessTokenResponse.withToken(accessToken.getValue()).tokenType(accessTokenType)
-				.expiresIn(expiresIn).scopes(scopes).refreshToken(refreshToken)
-				.additionalParameters(additionalParameters).build();
+		// @formatter:off
+		return OAuth2AccessTokenResponse.withToken(accessToken.getValue())
+				.tokenType(accessTokenType)
+				.expiresIn(expiresIn)
+				.scopes(scopes)
+				.refreshToken(refreshToken)
+				.additionalParameters(additionalParameters)
+				.build();
+		// @formatter:on
 	}
 
 }
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseMapConverterTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseMapConverterTests.java
index 1fb64a63f6..ae4f4117b4 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseMapConverterTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseMapConverterTests.java
@@ -49,9 +49,15 @@ public class OAuth2AccessTokenResponseMapConverterTests {
 		Set<String> scopes = new HashSet<>();
 		scopes.add("read");
 		scopes.add("write");
-		OAuth2AccessTokenResponse build = OAuth2AccessTokenResponse.withToken("access-token-value-1234").expiresIn(3699)
-				.additionalParameters(additionalParameters).refreshToken("refresh-token-value-1234").scopes(scopes)
-				.tokenType(OAuth2AccessToken.TokenType.BEARER).build();
+		// @formatter:off
+		OAuth2AccessTokenResponse build = OAuth2AccessTokenResponse.withToken("access-token-value-1234")
+				.expiresIn(3699)
+				.additionalParameters(additionalParameters)
+				.refreshToken("refresh-token-value-1234")
+				.scopes(scopes)
+				.tokenType(OAuth2AccessToken.TokenType.BEARER)
+				.build();
+		// @formatter:on
 		Map<String, String> result = this.messageConverter.convert(build);
 		Assert.assertEquals(7, result.size());
 		Assert.assertEquals("access-token-value-1234", result.get("access_token"));
@@ -65,8 +71,11 @@ public class OAuth2AccessTokenResponseMapConverterTests {
 
 	@Test
 	public void convertMinimal() {
+		// @formatter:off
 		OAuth2AccessTokenResponse build = OAuth2AccessTokenResponse.withToken("access-token-value-1234")
-				.tokenType(OAuth2AccessToken.TokenType.BEARER).build();
+				.tokenType(OAuth2AccessToken.TokenType.BEARER)
+				.build();
+		// @formatter:on
 		Map<String, String> result = this.messageConverter.convert(build);
 		Assert.assertEquals(3, result.size());
 		Assert.assertEquals("access-token-value-1234", result.get("access_token"));
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseTests.java
index a9934d43b1..1d1974f8e4 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseTests.java
@@ -45,27 +45,44 @@ public class OAuth2AccessTokenResponseTests {
 
 	@Test(expected = IllegalArgumentException.class)
 	public void buildWhenTokenValueIsNullThenThrowIllegalArgumentException() {
-		OAuth2AccessTokenResponse.withToken(null).tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(EXPIRES_IN)
+		// @formatter:off
+		OAuth2AccessTokenResponse.withToken(null)
+				.tokenType(OAuth2AccessToken.TokenType.BEARER)
+				.expiresIn(EXPIRES_IN)
 				.build();
+		// @formatter:on
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void buildWhenTokenTypeIsNullThenThrowIllegalArgumentException() {
-		OAuth2AccessTokenResponse.withToken(TOKEN_VALUE).tokenType(null).expiresIn(EXPIRES_IN).build();
+		// @formatter:off
+		OAuth2AccessTokenResponse.withToken(TOKEN_VALUE)
+				.tokenType(null)
+				.expiresIn(EXPIRES_IN)
+				.build();
+		// @formatter:on
 	}
 
 	@Test
 	public void buildWhenExpiresInIsZeroThenExpiresAtOneSecondAfterIssueAt() {
+		// @formatter:off
 		OAuth2AccessTokenResponse tokenResponse = OAuth2AccessTokenResponse.withToken(TOKEN_VALUE)
-				.tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(0).build();
+				.tokenType(OAuth2AccessToken.TokenType.BEARER)
+				.expiresIn(0)
+				.build();
+		// @formatter:on
 		assertThat(tokenResponse.getAccessToken().getExpiresAt())
 				.isEqualTo(tokenResponse.getAccessToken().getIssuedAt().plusSeconds(1));
 	}
 
 	@Test
 	public void buildWhenExpiresInIsNegativeThenExpiresAtOneSecondAfterIssueAt() {
+		// @formatter:off
 		OAuth2AccessTokenResponse tokenResponse = OAuth2AccessTokenResponse.withToken(TOKEN_VALUE)
-				.tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(-1L).build();
+				.tokenType(OAuth2AccessToken.TokenType.BEARER)
+				.expiresIn(-1L)
+				.build();
+		// @formatter:on
 		assertThat(tokenResponse.getAccessToken().getExpiresAt())
 				.isEqualTo(tokenResponse.getAccessToken().getIssuedAt().plusSeconds(1));
 	}
@@ -77,9 +94,15 @@ public class OAuth2AccessTokenResponseTests {
 		Map<String, Object> additionalParameters = new HashMap<>();
 		additionalParameters.put("param1", "value1");
 		additionalParameters.put("param2", "value2");
+		// @formatter:off
 		OAuth2AccessTokenResponse tokenResponse = OAuth2AccessTokenResponse.withToken(TOKEN_VALUE)
-				.tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(expiresAt.toEpochMilli()).scopes(scopes)
-				.refreshToken(REFRESH_TOKEN_VALUE).additionalParameters(additionalParameters).build();
+				.tokenType(OAuth2AccessToken.TokenType.BEARER)
+				.expiresIn(expiresAt.toEpochMilli())
+				.scopes(scopes)
+				.refreshToken(REFRESH_TOKEN_VALUE)
+				.additionalParameters(additionalParameters)
+				.build();
+		// @formatter:on
 		assertThat(tokenResponse.getAccessToken()).isNotNull();
 		assertThat(tokenResponse.getAccessToken().getTokenValue()).isEqualTo(TOKEN_VALUE);
 		assertThat(tokenResponse.getAccessToken().getTokenType()).isEqualTo(OAuth2AccessToken.TokenType.BEARER);
@@ -97,9 +120,15 @@ public class OAuth2AccessTokenResponseTests {
 		Map<String, Object> additionalParameters = new HashMap<>();
 		additionalParameters.put("param1", "value1");
 		additionalParameters.put("param2", "value2");
+		// @formatter:off
 		OAuth2AccessTokenResponse tokenResponse = OAuth2AccessTokenResponse.withToken(TOKEN_VALUE)
-				.tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(expiresAt.toEpochMilli()).scopes(scopes)
-				.refreshToken(REFRESH_TOKEN_VALUE).additionalParameters(additionalParameters).build();
+				.tokenType(OAuth2AccessToken.TokenType.BEARER)
+				.expiresIn(expiresAt.toEpochMilli())
+				.scopes(scopes)
+				.refreshToken(REFRESH_TOKEN_VALUE)
+				.additionalParameters(additionalParameters)
+				.build();
+		// @formatter:on
 		OAuth2AccessTokenResponse withResponse = OAuth2AccessTokenResponse.withResponse(tokenResponse).build();
 		assertThat(withResponse.getAccessToken().getTokenValue())
 				.isEqualTo(tokenResponse.getAccessToken().getTokenValue());
@@ -120,17 +149,25 @@ public class OAuth2AccessTokenResponseTests {
 		Map<String, Object> additionalParameters = new HashMap<>();
 		additionalParameters.put("param1", "value1");
 		additionalParameters.put("param2", "value2");
+		// @formatter:off
 		OAuth2AccessTokenResponse tokenResponse = OAuth2AccessTokenResponse.withToken(TOKEN_VALUE)
-				.tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(expiresAt.toEpochMilli()).scopes(scopes)
-				.additionalParameters(additionalParameters).build();
+				.tokenType(OAuth2AccessToken.TokenType.BEARER)
+				.expiresIn(expiresAt.toEpochMilli())
+				.scopes(scopes)
+				.additionalParameters(additionalParameters)
+				.build();
+		// @formatter:on
 		OAuth2AccessTokenResponse withResponse = OAuth2AccessTokenResponse.withResponse(tokenResponse).build();
 		assertThat(withResponse.getRefreshToken()).isNull();
 	}
 
 	@Test
 	public void buildWhenResponseAndExpiresInThenExpiresAtEqualToIssuedAtPlusExpiresIn() {
+		// @formatter:off
 		OAuth2AccessTokenResponse tokenResponse = OAuth2AccessTokenResponse.withToken(TOKEN_VALUE)
-				.tokenType(OAuth2AccessToken.TokenType.BEARER).build();
+				.tokenType(OAuth2AccessToken.TokenType.BEARER)
+				.build();
+		// @formatter:on
 		long expiresIn = 30;
 		OAuth2AccessTokenResponse withResponse = OAuth2AccessTokenResponse.withResponse(tokenResponse)
 				.expiresIn(expiresIn).build();
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequestTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequestTests.java
index c823500f34..ddb69f6527 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequestTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequestTests.java
@@ -50,63 +50,128 @@ public class OAuth2AuthorizationRequestTests {
 
 	@Test
 	public void buildWhenAuthorizationUriIsNullThenThrowIllegalArgumentException() {
+		// @formatter:off
 		assertThatIllegalArgumentException()
-				.isThrownBy(() -> OAuth2AuthorizationRequest.authorizationCode().authorizationUri(null)
-						.clientId(CLIENT_ID).redirectUri(REDIRECT_URI).scopes(SCOPES).state(STATE).build());
+				.isThrownBy(() -> OAuth2AuthorizationRequest
+						.authorizationCode()
+						.authorizationUri(null)
+						.clientId(CLIENT_ID)
+						.redirectUri(REDIRECT_URI)
+						.scopes(SCOPES)
+						.state(STATE)
+						.build()
+				);
+		// @formatter:on
 	}
 
 	@Test
 	public void buildWhenClientIdIsNullThenThrowIllegalArgumentException() {
+		// @formatter:off
 		assertThatIllegalArgumentException()
-				.isThrownBy(() -> OAuth2AuthorizationRequest.authorizationCode().authorizationUri(AUTHORIZATION_URI)
-						.clientId(null).redirectUri(REDIRECT_URI).scopes(SCOPES).state(STATE).build());
+				.isThrownBy(() -> OAuth2AuthorizationRequest.authorizationCode()
+						.authorizationUri(AUTHORIZATION_URI)
+						.clientId(null)
+						.redirectUri(REDIRECT_URI)
+						.scopes(SCOPES)
+						.state(STATE)
+						.build()
+				);
+		// @formatter:on
 	}
 
 	@Test
 	public void buildWhenRedirectUriIsNullForImplicitThenThrowIllegalArgumentException() {
+		// @formatter:off
 		assertThatIllegalArgumentException()
-				.isThrownBy(() -> OAuth2AuthorizationRequest.implicit().authorizationUri(AUTHORIZATION_URI)
-						.clientId(CLIENT_ID).redirectUri(null).scopes(SCOPES).state(STATE).build());
+				.isThrownBy(() -> OAuth2AuthorizationRequest.implicit()
+						.authorizationUri(AUTHORIZATION_URI)
+						.clientId(CLIENT_ID)
+						.redirectUri(null)
+						.scopes(SCOPES)
+						.state(STATE).build()
+				);
+		// @formatter:on
 	}
 
 	@Test
 	public void buildWhenRedirectUriIsNullForAuthorizationCodeThenDoesNotThrowAnyException() {
-		OAuth2AuthorizationRequest.authorizationCode().authorizationUri(AUTHORIZATION_URI).clientId(CLIENT_ID)
-				.redirectUri(null).scopes(SCOPES).state(STATE).build();
+		// @formatter:off
+		OAuth2AuthorizationRequest.authorizationCode()
+				.authorizationUri(AUTHORIZATION_URI)
+				.clientId(CLIENT_ID)
+				.redirectUri(null)
+				.scopes(SCOPES)
+				.state(STATE)
+				.build();
+		// @formatter:on
 	}
 
 	@Test
 	public void buildWhenScopesIsNullThenDoesNotThrowAnyException() {
-		OAuth2AuthorizationRequest.authorizationCode().authorizationUri(AUTHORIZATION_URI).clientId(CLIENT_ID)
-				.redirectUri(REDIRECT_URI).scopes(null).state(STATE).build();
+		// @formatter:off
+		OAuth2AuthorizationRequest.authorizationCode()
+				.authorizationUri(AUTHORIZATION_URI)
+				.clientId(CLIENT_ID)
+				.redirectUri(REDIRECT_URI)
+				.scopes(null)
+				.state(STATE)
+				.build();
+		// @formatter:on
 	}
 
 	@Test
 	public void buildWhenStateIsNullThenDoesNotThrowAnyException() {
-		OAuth2AuthorizationRequest.authorizationCode().authorizationUri(AUTHORIZATION_URI).clientId(CLIENT_ID)
-				.redirectUri(REDIRECT_URI).scopes(SCOPES).state(null).build();
+		// @formatter:off
+		OAuth2AuthorizationRequest.authorizationCode()
+				.authorizationUri(AUTHORIZATION_URI)
+				.clientId(CLIENT_ID)
+				.redirectUri(REDIRECT_URI)
+				.scopes(SCOPES)
+				.state(null)
+				.build();
+		// @formatter:on
 	}
 
 	@Test
 	public void buildWhenAdditionalParametersEmptyThenDoesNotThrowAnyException() {
-		OAuth2AuthorizationRequest.authorizationCode().authorizationUri(AUTHORIZATION_URI).clientId(CLIENT_ID)
-				.redirectUri(REDIRECT_URI).scopes(SCOPES).state(STATE).additionalParameters(Map::clear).build();
+		// @formatter:off
+		OAuth2AuthorizationRequest.authorizationCode()
+				.authorizationUri(AUTHORIZATION_URI)
+				.clientId(CLIENT_ID)
+				.redirectUri(REDIRECT_URI)
+				.scopes(SCOPES)
+				.state(STATE)
+				.additionalParameters(Map::clear)
+				.build();
+		// @formatter:on
 	}
 
 	@Test
 	public void buildWhenImplicitThenGrantTypeResponseTypeIsSet() {
+		// @formatter:off
 		OAuth2AuthorizationRequest authorizationRequest = OAuth2AuthorizationRequest.implicit()
-				.authorizationUri(AUTHORIZATION_URI).clientId(CLIENT_ID).redirectUri(REDIRECT_URI).scopes(SCOPES)
-				.state(STATE).build();
+				.authorizationUri(AUTHORIZATION_URI)
+				.clientId(CLIENT_ID)
+				.redirectUri(REDIRECT_URI)
+				.scopes(SCOPES)
+				.state(STATE)
+				.build();
+		// @formatter:on
 		assertThat(authorizationRequest.getGrantType()).isEqualTo(AuthorizationGrantType.IMPLICIT);
 		assertThat(authorizationRequest.getResponseType()).isEqualTo(OAuth2AuthorizationResponseType.TOKEN);
 	}
 
 	@Test
 	public void buildWhenAuthorizationCodeThenGrantTypeResponseTypeIsSet() {
+		// @formatter:off
 		OAuth2AuthorizationRequest authorizationRequest = OAuth2AuthorizationRequest.authorizationCode()
-				.authorizationUri(AUTHORIZATION_URI).clientId(CLIENT_ID).redirectUri(null).scopes(SCOPES).state(STATE)
+				.authorizationUri(AUTHORIZATION_URI)
+				.clientId(CLIENT_ID)
+				.redirectUri(null)
+				.scopes(SCOPES)
+				.state(STATE)
 				.build();
+		// @formatter:on
 		assertThat(authorizationRequest.getGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
 		assertThat(authorizationRequest.getResponseType()).isEqualTo(OAuth2AuthorizationResponseType.CODE);
 	}
@@ -119,10 +184,18 @@ public class OAuth2AuthorizationRequestTests {
 		Map<String, Object> attributes = new HashMap<>();
 		attributes.put("attribute1", "value1");
 		attributes.put("attribute2", "value2");
+		// @formatter:off
 		OAuth2AuthorizationRequest authorizationRequest = OAuth2AuthorizationRequest.authorizationCode()
-				.authorizationUri(AUTHORIZATION_URI).clientId(CLIENT_ID).redirectUri(REDIRECT_URI).scopes(SCOPES)
-				.state(STATE).additionalParameters(additionalParameters).attributes(attributes)
-				.authorizationRequestUri(AUTHORIZATION_URI).build();
+				.authorizationUri(AUTHORIZATION_URI)
+				.clientId(CLIENT_ID)
+				.redirectUri(REDIRECT_URI)
+				.scopes(SCOPES)
+				.state(STATE)
+				.additionalParameters(additionalParameters)
+				.attributes(attributes)
+				.authorizationRequestUri(AUTHORIZATION_URI)
+				.build();
+		// @formatter:on
 		assertThat(authorizationRequest.getAuthorizationUri()).isEqualTo(AUTHORIZATION_URI);
 		assertThat(authorizationRequest.getGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
 		assertThat(authorizationRequest.getResponseType()).isEqualTo(OAuth2AuthorizationResponseType.CODE);
@@ -137,9 +210,15 @@ public class OAuth2AuthorizationRequestTests {
 
 	@Test
 	public void buildWhenScopesMultiThenSeparatedByEncodedSpace() {
+		// @formatter:off
 		OAuth2AuthorizationRequest authorizationRequest = OAuth2AuthorizationRequest.implicit()
-				.authorizationUri(AUTHORIZATION_URI).clientId(CLIENT_ID).redirectUri(REDIRECT_URI).scopes(SCOPES)
-				.state(STATE).build();
+				.authorizationUri(AUTHORIZATION_URI)
+				.clientId(CLIENT_ID)
+				.redirectUri(REDIRECT_URI)
+				.scopes(SCOPES)
+				.state(STATE)
+				.build();
+		// @formatter:on
 		assertThat(authorizationRequest.getAuthorizationRequestUri())
 				.isEqualTo("https://provider.com/oauth2/authorize?" + "response_type=token&client_id=client-id&"
 						+ "scope=scope1%20scope2&state=state&" + "redirect_uri=https://example.com");
@@ -147,17 +226,31 @@ public class OAuth2AuthorizationRequestTests {
 
 	@Test
 	public void buildWhenAuthorizationRequestUriSetThenOverridesDefault() {
+		// @formatter:off
 		OAuth2AuthorizationRequest authorizationRequest = OAuth2AuthorizationRequest.authorizationCode()
-				.authorizationUri(AUTHORIZATION_URI).clientId(CLIENT_ID).redirectUri(REDIRECT_URI).scopes(SCOPES)
-				.state(STATE).authorizationRequestUri(AUTHORIZATION_URI).build();
+				.authorizationUri(AUTHORIZATION_URI)
+				.clientId(CLIENT_ID)
+				.redirectUri(REDIRECT_URI)
+				.scopes(SCOPES)
+				.state(STATE)
+				.authorizationRequestUri(AUTHORIZATION_URI)
+				.build();
+		// @formatter:on
 		assertThat(authorizationRequest.getAuthorizationRequestUri()).isEqualTo(AUTHORIZATION_URI);
 	}
 
 	@Test
 	public void buildWhenAuthorizationRequestUriFunctionSetThenOverridesDefault() {
+		// @formatter:off
 		OAuth2AuthorizationRequest authorizationRequest = OAuth2AuthorizationRequest.authorizationCode()
-				.authorizationUri(AUTHORIZATION_URI).clientId(CLIENT_ID).redirectUri(REDIRECT_URI).scopes(SCOPES)
-				.state(STATE).authorizationRequestUri((uriBuilder) -> URI.create(AUTHORIZATION_URI)).build();
+				.authorizationUri(AUTHORIZATION_URI)
+				.clientId(CLIENT_ID)
+				.redirectUri(REDIRECT_URI)
+				.scopes(SCOPES)
+				.state(STATE)
+				.authorizationRequestUri((uriBuilder) -> URI.create(AUTHORIZATION_URI))
+				.build();
+		// @formatter:on
 		assertThat(authorizationRequest.getAuthorizationRequestUri()).isEqualTo(AUTHORIZATION_URI);
 	}
 
@@ -196,11 +289,19 @@ public class OAuth2AuthorizationRequestTests {
 		Map<String, Object> attributes = new HashMap<>();
 		attributes.put("attribute1", "value1");
 		attributes.put("attribute2", "value2");
+		// @formatter:off
 		OAuth2AuthorizationRequest authorizationRequest = OAuth2AuthorizationRequest.authorizationCode()
-				.authorizationUri(AUTHORIZATION_URI).clientId(CLIENT_ID).redirectUri(REDIRECT_URI).scopes(SCOPES)
-				.state(STATE).additionalParameters(additionalParameters).attributes(attributes).build();
+				.authorizationUri(AUTHORIZATION_URI)
+				.clientId(CLIENT_ID)
+				.redirectUri(REDIRECT_URI)
+				.scopes(SCOPES)
+				.state(STATE)
+				.additionalParameters(additionalParameters)
+				.attributes(attributes)
+				.build();
 		OAuth2AuthorizationRequest authorizationRequestCopy = OAuth2AuthorizationRequest.from(authorizationRequest)
 				.build();
+		// @formatter:on
 		assertThat(authorizationRequestCopy.getAuthorizationUri())
 				.isEqualTo(authorizationRequest.getAuthorizationUri());
 		assertThat(authorizationRequestCopy.getGrantType()).isEqualTo(authorizationRequest.getGrantType());
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationResponseTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationResponseTests.java
index dd7c5e1d9d..413fb236cd 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationResponseTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationResponseTests.java
@@ -41,63 +41,122 @@ public class OAuth2AuthorizationResponseTests {
 
 	@Test(expected = IllegalArgumentException.class)
 	public void buildSuccessResponseWhenAuthCodeIsNullThenThrowIllegalArgumentException() {
-		OAuth2AuthorizationResponse.success(null).redirectUri(REDIRECT_URI).state(STATE).build();
+		// @formatter:off
+		OAuth2AuthorizationResponse.success(null)
+				.redirectUri(REDIRECT_URI)
+				.state(STATE)
+				.build();
+		// @formatter:on
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void buildSuccessResponseWhenRedirectUriIsNullThenThrowIllegalArgumentException() {
-		OAuth2AuthorizationResponse.success(AUTH_CODE).redirectUri(null).state(STATE).build();
+		// @formatter:off
+		OAuth2AuthorizationResponse.success(AUTH_CODE)
+				.redirectUri(null)
+				.state(STATE)
+				.build();
+		// @formatter:on
 	}
 
 	@Test
 	public void buildSuccessResponseWhenStateIsNullThenDoesNotThrowAnyException() {
-		OAuth2AuthorizationResponse.success(AUTH_CODE).redirectUri(REDIRECT_URI).state(null).build();
+		// @formatter:off
+		OAuth2AuthorizationResponse.success(AUTH_CODE)
+				.redirectUri(REDIRECT_URI)
+				.state(null)
+				.build();
+		// @formatter:on
 	}
 
 	@Test
 	public void buildSuccessResponseWhenAllAttributesProvidedThenAllAttributesAreSet() {
+		// @formatter:off
 		OAuth2AuthorizationResponse authorizationResponse = OAuth2AuthorizationResponse.success(AUTH_CODE)
-				.redirectUri(REDIRECT_URI).state(STATE).build();
-		assertThat(authorizationResponse.getCode()).isEqualTo(AUTH_CODE);
-		assertThat(authorizationResponse.getRedirectUri()).isEqualTo(REDIRECT_URI);
-		assertThat(authorizationResponse.getState()).isEqualTo(STATE);
+				.redirectUri(REDIRECT_URI)
+				.state(STATE)
+				.build();
+		assertThat(authorizationResponse.getCode())
+				.isEqualTo(AUTH_CODE);
+		assertThat(authorizationResponse.getRedirectUri())
+				.isEqualTo(REDIRECT_URI);
+		assertThat(authorizationResponse.getState())
+				.isEqualTo(STATE);
+		// @formatter:on
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void buildSuccessResponseWhenErrorCodeIsSetThenThrowIllegalArgumentException() {
-		OAuth2AuthorizationResponse.success(AUTH_CODE).redirectUri(REDIRECT_URI).state(STATE).errorCode(ERROR_CODE)
+		// @formatter:off
+		OAuth2AuthorizationResponse.success(AUTH_CODE)
+				.redirectUri(REDIRECT_URI)
+				.state(STATE)
+				.errorCode(ERROR_CODE)
 				.build();
+		// @formatter:on
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void buildErrorResponseWhenErrorCodeIsNullThenThrowIllegalArgumentException() {
-		OAuth2AuthorizationResponse.error(null).redirectUri(REDIRECT_URI).state(STATE).build();
+		// @formatter:off
+		OAuth2AuthorizationResponse.error(null)
+				.redirectUri(REDIRECT_URI)
+				.state(STATE)
+				.build();
+		// @formatter:on
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void buildErrorResponseWhenRedirectUriIsNullThenThrowIllegalArgumentException() {
-		OAuth2AuthorizationResponse.error(ERROR_CODE).redirectUri(null).state(STATE).build();
+		// @formatter:off
+		OAuth2AuthorizationResponse.error(ERROR_CODE)
+				.redirectUri(null)
+				.state(STATE)
+				.build();
+		// @formatter:on
 	}
 
 	@Test
 	public void buildErrorResponseWhenStateIsNullThenDoesNotThrowAnyException() {
-		OAuth2AuthorizationResponse.error(ERROR_CODE).redirectUri(REDIRECT_URI).state(null).build();
+		// @formatter:off
+		OAuth2AuthorizationResponse.error(ERROR_CODE)
+				.redirectUri(REDIRECT_URI)
+				.state(null)
+				.build();
+		// @formatter:on
 	}
 
 	@Test
 	public void buildErrorResponseWhenAllAttributesProvidedThenAllAttributesAreSet() {
+		// @formatter:off
 		OAuth2AuthorizationResponse authorizationResponse = OAuth2AuthorizationResponse.error(ERROR_CODE)
-				.errorDescription(ERROR_DESCRIPTION).errorUri(ERROR_URI).redirectUri(REDIRECT_URI).state(STATE).build();
-		assertThat(authorizationResponse.getError().getErrorCode()).isEqualTo(ERROR_CODE);
-		assertThat(authorizationResponse.getError().getDescription()).isEqualTo(ERROR_DESCRIPTION);
-		assertThat(authorizationResponse.getError().getUri()).isEqualTo(ERROR_URI);
-		assertThat(authorizationResponse.getRedirectUri()).isEqualTo(REDIRECT_URI);
-		assertThat(authorizationResponse.getState()).isEqualTo(STATE);
+				.errorDescription(ERROR_DESCRIPTION)
+				.errorUri(ERROR_URI)
+				.redirectUri(REDIRECT_URI)
+				.state(STATE)
+				.build();
+		assertThat(authorizationResponse.getError().getErrorCode())
+				.isEqualTo(ERROR_CODE);
+		assertThat(authorizationResponse.getError().getDescription())
+				.isEqualTo(ERROR_DESCRIPTION);
+		assertThat(authorizationResponse.getError().getUri())
+				.isEqualTo(ERROR_URI);
+		assertThat(authorizationResponse.getRedirectUri())
+				.isEqualTo(REDIRECT_URI);
+		assertThat(authorizationResponse.getState())
+				.isEqualTo(STATE);
+		// @formatter:on
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void buildErrorResponseWhenAuthCodeIsSetThenThrowIllegalArgumentException() {
-		OAuth2AuthorizationResponse.error(ERROR_CODE).redirectUri(REDIRECT_URI).state(STATE).code(AUTH_CODE).build();
+		// @formatter:off
+		OAuth2AuthorizationResponse.error(ERROR_CODE)
+				.redirectUri(REDIRECT_URI)
+				.state(STATE)
+				.code(AUTH_CODE)
+				.build();
+		// @formatter:on
 	}
 
 }
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TestOAuth2AccessTokenResponses.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TestOAuth2AccessTokenResponses.java
index a2eebd66bd..f952ff4bd5 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TestOAuth2AccessTokenResponses.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TestOAuth2AccessTokenResponses.java
@@ -32,7 +32,11 @@ public final class TestOAuth2AccessTokenResponses {
 	}
 
 	public static OAuth2AccessTokenResponse.Builder accessTokenResponse() {
-		return OAuth2AccessTokenResponse.withToken("token").tokenType(OAuth2AccessToken.TokenType.BEARER);
+		// @formatter:off
+		return OAuth2AccessTokenResponse
+				.withToken("token")
+				.tokenType(OAuth2AccessToken.TokenType.BEARER);
+		// @formatter:on
 	}
 
 	public static OAuth2AccessTokenResponse.Builder oidcAccessTokenResponse() {
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TestOAuth2AuthorizationRequests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TestOAuth2AuthorizationRequests.java
index 41123de992..eaf559a28d 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TestOAuth2AuthorizationRequests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TestOAuth2AuthorizationRequests.java
@@ -33,10 +33,14 @@ public final class TestOAuth2AuthorizationRequests {
 		String clientId = "client-id";
 		Map<String, Object> attributes = new HashMap<>();
 		attributes.put(OAuth2ParameterNames.REGISTRATION_ID, registrationId);
+		// @formatter:off
 		return OAuth2AuthorizationRequest.authorizationCode()
-				.authorizationUri("https://example.com/login/oauth/authorize").clientId(clientId)
-				.redirectUri("https://example.com/authorize/oauth2/code/registration-id").state("state")
+				.authorizationUri("https://example.com/login/oauth/authorize")
+				.clientId(clientId)
+				.redirectUri("https://example.com/authorize/oauth2/code/registration-id")
+				.state("state")
 				.attributes(attributes);
+		// @formatter:on
 	}
 
 	public static OAuth2AuthorizationRequest.Builder oidcRequest() {
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TestOAuth2AuthorizationResponses.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TestOAuth2AuthorizationResponses.java
index 5dec72377f..b4c6db04bb 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TestOAuth2AuthorizationResponses.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TestOAuth2AuthorizationResponses.java
@@ -26,14 +26,19 @@ public final class TestOAuth2AuthorizationResponses {
 	}
 
 	public static OAuth2AuthorizationResponse.Builder success() {
-		return OAuth2AuthorizationResponse.success("authorization-code").state("state")
+		// @formatter:off
+		return OAuth2AuthorizationResponse.success("authorization-code")
+				.state("state")
 				.redirectUri("https://example.com/authorize/oauth2/code/registration-id");
+		// @formatter:on
 	}
 
 	public static OAuth2AuthorizationResponse.Builder error() {
+		// @formatter:off
 		return OAuth2AuthorizationResponse.error("error")
 				.redirectUri("https://example.com/authorize/oauth2/code/registration-id")
 				.errorUri("https://example.com/error");
+		// @formatter:on
 	}
 
 }
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/http/converter/OAuth2AccessTokenResponseHttpMessageConverterTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/http/converter/OAuth2AccessTokenResponseHttpMessageConverterTests.java
index 0fc466a072..8a714ad03b 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/http/converter/OAuth2AccessTokenResponseHttpMessageConverterTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/http/converter/OAuth2AccessTokenResponseHttpMessageConverterTests.java
@@ -64,7 +64,8 @@ public class OAuth2AccessTokenResponseHttpMessageConverterTests {
 
 	@Test
 	public void setTokenResponseConverterWhenConverterIsNullThenThrowIllegalArgumentException() {
-		assertThatIllegalArgumentException().isThrownBy(() -> this.messageConverter.setTokenResponseConverter(null));
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.messageConverter.setTokenResponseConverter(null));
 	}
 
 	@Test
@@ -75,11 +76,17 @@ public class OAuth2AccessTokenResponseHttpMessageConverterTests {
 
 	@Test
 	public void readInternalWhenSuccessfulTokenResponseThenReadOAuth2AccessTokenResponse() throws Exception {
-		String tokenResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
-				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\",\n"
-				+ "   \"scope\": \"read write\",\n" + "   \"refresh_token\": \"refresh-token-1234\",\n"
-				+ "   \"custom_parameter_1\": \"custom-value-1\",\n" + "   \"custom_parameter_2\": \"custom-value-2\"\n"
-				+ "}\n";
+		// @formatter:off
+		String tokenResponse = "{\n"
+			+ "   \"access_token\": \"access-token-1234\",\n"
+			+ "   \"token_type\": \"bearer\",\n"
+			+ "   \"expires_in\": \"3600\",\n"
+			+ "   \"scope\": \"read write\",\n"
+			+ "   \"refresh_token\": \"refresh-token-1234\",\n"
+			+ "   \"custom_parameter_1\": \"custom-value-1\",\n"
+			+ "   \"custom_parameter_2\": \"custom-value-2\"\n"
+			+ "}\n";
+		// @formatter:on
 		MockClientHttpResponse response = new MockClientHttpResponse(tokenResponse.getBytes(), HttpStatus.OK);
 		OAuth2AccessTokenResponse accessTokenResponse = this.messageConverter
 				.readInternal(OAuth2AccessTokenResponse.class, response);
@@ -96,13 +103,19 @@ public class OAuth2AccessTokenResponseHttpMessageConverterTests {
 	// gh-6463
 	@Test
 	public void readInternalWhenSuccessfulTokenResponseWithObjectThenReadOAuth2AccessTokenResponse() {
-		String tokenResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
-				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": 3600,\n" + "   \"scope\": \"read write\",\n"
-				+ "   \"refresh_token\": \"refresh-token-1234\",\n"
-				+ "   \"custom_object_1\": {\"name1\": \"value1\"},\n"
-				+ "   \"custom_object_2\": [\"value1\", \"value2\"],\n"
-				+ "   \"custom_parameter_1\": \"custom-value-1\",\n" + "   \"custom_parameter_2\": \"custom-value-2\"\n"
-				+ "}\n";
+		// @formatter:off
+		String tokenResponse = "{\n"
+			+ "   \"access_token\": \"access-token-1234\",\n"
+			+ "   \"token_type\": \"bearer\",\n"
+			+ "   \"expires_in\": 3600,\n"
+			+ "   \"scope\": \"read write\",\n"
+			+ "   \"refresh_token\": \"refresh-token-1234\",\n"
+			+ "   \"custom_object_1\": {\"name1\": \"value1\"},\n"
+			+ "   \"custom_object_2\": [\"value1\", \"value2\"],\n"
+			+ "   \"custom_parameter_1\": \"custom-value-1\",\n"
+			+ "   \"custom_parameter_2\": \"custom-value-2\"\n"
+			+ "}\n";
+		// @formatter:on
 		MockClientHttpResponse response = new MockClientHttpResponse(tokenResponse.getBytes(), HttpStatus.OK);
 		OAuth2AccessTokenResponse accessTokenResponse = this.messageConverter
 				.readInternal(OAuth2AccessTokenResponse.class, response);
@@ -120,9 +133,15 @@ public class OAuth2AccessTokenResponseHttpMessageConverterTests {
 	// gh-8108
 	@Test
 	public void readInternalWhenSuccessfulTokenResponseWithNullValueThenReadOAuth2AccessTokenResponse() {
-		String tokenResponse = "{\n" + "	\"access_token\": \"access-token-1234\",\n"
-				+ "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": 3600,\n" + "   \"scope\": null,\n"
-				+ "   \"refresh_token\": \"refresh-token-1234\"\n" + "}\n";
+		// @formatter:off
+		String tokenResponse = "{\n"
+			+ "   \"access_token\": \"access-token-1234\",\n"
+			+ "   \"token_type\": \"bearer\",\n"
+			+ "   \"expires_in\": 3600,\n"
+			+ "   \"scope\": null,\n"
+			+ "   \"refresh_token\": \"refresh-token-1234\"\n"
+			+ "}\n";
+		// @formatter:on
 		MockClientHttpResponse response = new MockClientHttpResponse(tokenResponse.getBytes(), HttpStatus.OK);
 		OAuth2AccessTokenResponse accessTokenResponse = this.messageConverter
 				.readInternal(OAuth2AccessTokenResponse.class, response);
@@ -153,9 +172,15 @@ public class OAuth2AccessTokenResponseHttpMessageConverterTests {
 		Map<String, Object> additionalParameters = new HashMap<>();
 		additionalParameters.put("custom_parameter_1", "custom-value-1");
 		additionalParameters.put("custom_parameter_2", "custom-value-2");
+		// @formatter:off
 		OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("access-token-1234")
-				.tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(expiresAt.toEpochMilli()).scopes(scopes)
-				.refreshToken("refresh-token-1234").additionalParameters(additionalParameters).build();
+				.tokenType(OAuth2AccessToken.TokenType.BEARER)
+				.expiresIn(expiresAt.toEpochMilli())
+				.scopes(scopes)
+				.refreshToken("refresh-token-1234")
+				.additionalParameters(additionalParameters)
+				.build();
+		// @formatter:on
 		MockHttpOutputMessage outputMessage = new MockHttpOutputMessage();
 		this.messageConverter.writeInternal(accessTokenResponse, outputMessage);
 		String tokenResponse = outputMessage.getBodyAsString();
@@ -173,9 +198,14 @@ public class OAuth2AccessTokenResponseHttpMessageConverterTests {
 		Converter tokenResponseParametersConverter = mock(Converter.class);
 		given(tokenResponseParametersConverter.convert(any())).willThrow(RuntimeException.class);
 		this.messageConverter.setTokenResponseParametersConverter(tokenResponseParametersConverter);
-		OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("access-token-1234")
-				.tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(Instant.now().plusSeconds(3600).toEpochMilli())
+		// @formatter:off
+		OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse
+				.withToken("access-token-1234")
+				.tokenType(OAuth2AccessToken.TokenType.BEARER)
+				.expiresIn(Instant.now().plusSeconds(3600)
+				.toEpochMilli())
 				.build();
+		// @formatter:on
 		MockHttpOutputMessage outputMessage = new MockHttpOutputMessage();
 		assertThatExceptionOfType(HttpMessageNotWritableException.class)
 				.isThrownBy(() -> this.messageConverter.writeInternal(accessTokenResponse, outputMessage))
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/http/converter/OAuth2ErrorHttpMessageConverterTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/http/converter/OAuth2ErrorHttpMessageConverterTests.java
index a28b1d890e..35e697fdf6 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/http/converter/OAuth2ErrorHttpMessageConverterTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/http/converter/OAuth2ErrorHttpMessageConverterTests.java
@@ -65,9 +65,13 @@ public class OAuth2ErrorHttpMessageConverterTests {
 
 	@Test
 	public void readInternalWhenErrorResponseThenReadOAuth2Error() throws Exception {
-		String errorResponse = "{\n" + "	\"error\": \"unauthorized_client\",\n"
-				+ "   \"error_description\": \"The client is not authorized\",\n"
-				+ "   \"error_uri\": \"https://tools.ietf.org/html/rfc6749#section-5.2\"\n" + "}\n";
+		// @formatter:off
+		String errorResponse = "{\n"
+			+ "   \"error\": \"unauthorized_client\",\n"
+			+ "   \"error_description\": \"The client is not authorized\",\n"
+			+ "   \"error_uri\": \"https://tools.ietf.org/html/rfc6749#section-5.2\"\n"
+			+ "}\n";
+		// @formatter:on
 		MockClientHttpResponse response = new MockClientHttpResponse(errorResponse.getBytes(), HttpStatus.BAD_REQUEST);
 		OAuth2Error oauth2Error = this.messageConverter.readInternal(OAuth2Error.class, response);
 		assertThat(oauth2Error.getErrorCode()).isEqualTo("unauthorized_client");
@@ -78,9 +82,14 @@ public class OAuth2ErrorHttpMessageConverterTests {
 	// gh-8157
 	@Test
 	public void readInternalWhenErrorResponseWithObjectThenReadOAuth2Error() throws Exception {
-		String errorResponse = "{\n" + "	\"error\": \"unauthorized_client\",\n"
-				+ "   \"error_description\": \"The client is not authorized\",\n" + "   \"error_codes\": [65001],\n"
-				+ "   \"error_uri\": \"https://tools.ietf.org/html/rfc6749#section-5.2\"\n" + "}\n";
+		// @formatter:off
+		String errorResponse = "{\n"
+			+ "   \"error\": \"unauthorized_client\",\n"
+			+ "   \"error_description\": \"The client is not authorized\",\n"
+			+ "   \"error_codes\": [65001],\n"
+			+ "   \"error_uri\": \"https://tools.ietf.org/html/rfc6749#section-5.2\"\n"
+			+ "}\n";
+		// @formatter:on
 		MockClientHttpResponse response = new MockClientHttpResponse(errorResponse.getBytes(), HttpStatus.BAD_REQUEST);
 		OAuth2Error oauth2Error = this.messageConverter.readInternal(OAuth2Error.class, response);
 		assertThat(oauth2Error.getErrorCode()).isEqualTo("unauthorized_client");
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/DefaultAddressStandardClaimTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/DefaultAddressStandardClaimTests.java
index ebe7aa9919..d85fd854af 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/DefaultAddressStandardClaimTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/DefaultAddressStandardClaimTests.java
@@ -45,9 +45,16 @@ public class DefaultAddressStandardClaimTests {
 
 	@Test
 	public void buildWhenAllAttributesProvidedThenAllAttributesAreSet() {
-		AddressStandardClaim addressStandardClaim = new DefaultAddressStandardClaim.Builder().formatted(FORMATTED)
-				.streetAddress(STREET_ADDRESS).locality(LOCALITY).region(REGION).postalCode(POSTAL_CODE)
-				.country(COUNTRY).build();
+		// @formatter:off
+		AddressStandardClaim addressStandardClaim = new DefaultAddressStandardClaim.Builder()
+				.formatted(FORMATTED)
+				.streetAddress(STREET_ADDRESS)
+				.locality(LOCALITY)
+				.region(REGION)
+				.postalCode(POSTAL_CODE)
+				.country(COUNTRY)
+				.build();
+		// @formatter:on
 		assertThat(addressStandardClaim.getFormatted()).isEqualTo(FORMATTED);
 		assertThat(addressStandardClaim.getStreetAddress()).isEqualTo(STREET_ADDRESS);
 		assertThat(addressStandardClaim.getLocality()).isEqualTo(LOCALITY);
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcIdTokenBuilderTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcIdTokenBuilderTests.java
index 0b62a74f9b..56d8f7e48c 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcIdTokenBuilderTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcIdTokenBuilderTests.java
@@ -31,9 +31,15 @@ public class OidcIdTokenBuilderTests {
 	@Test
 	public void buildWhenCalledTwiceThenGeneratesTwoOidcIdTokens() {
 		OidcIdToken.Builder idTokenBuilder = OidcIdToken.withTokenValue("token");
-		OidcIdToken first = idTokenBuilder.tokenValue("V1").claim("TEST_CLAIM_1", "C1").build();
-		OidcIdToken second = idTokenBuilder.tokenValue("V2").claim("TEST_CLAIM_1", "C2").claim("TEST_CLAIM_2", "C3")
+		// @formatter:off
+		OidcIdToken first = idTokenBuilder.tokenValue("V1")
+				.claim("TEST_CLAIM_1", "C1")
 				.build();
+		OidcIdToken second = idTokenBuilder.tokenValue("V2")
+				.claim("TEST_CLAIM_1", "C2")
+				.claim("TEST_CLAIM_2", "C3")
+				.build();
+		// @formatter:on
 		assertThat(first.getClaims()).hasSize(1);
 		assertThat(first.getClaims().get("TEST_CLAIM_1")).isEqualTo("C1");
 		assertThat(first.getTokenValue()).isEqualTo("V1");
@@ -72,7 +78,12 @@ public class OidcIdTokenBuilderTests {
 		OidcIdToken.Builder idTokenBuilder = OidcIdToken.withTokenValue("token");
 		String generic = new String("sub");
 		String named = new String("sub");
-		OidcIdToken idToken = idTokenBuilder.subject(named).claim(IdTokenClaimNames.SUB, generic).build();
+		// @formatter:off
+		OidcIdToken idToken = idTokenBuilder
+				.subject(named)
+				.claim(IdTokenClaimNames.SUB, generic)
+				.build();
+		// @formatter:on
 		assertThat(idToken.getSubject()).isSameAs(generic);
 		idToken = idTokenBuilder.claim(IdTokenClaimNames.SUB, generic).subject(named).build();
 		assertThat(idToken.getSubject()).isSameAs(named);
@@ -80,9 +91,13 @@ public class OidcIdTokenBuilderTests {
 
 	@Test
 	public void claimsWhenRemovingAClaimThenIsNotPresent() {
-		OidcIdToken.Builder idTokenBuilder = OidcIdToken.withTokenValue("token").claim("needs", "a claim");
-		OidcIdToken idToken = idTokenBuilder.subject("sub").claims((claims) -> claims.remove(IdTokenClaimNames.SUB))
+		// @formatter:off
+		OidcIdToken.Builder idTokenBuilder = OidcIdToken.withTokenValue("token")
+				.claim("needs", "a claim");
+		OidcIdToken idToken = idTokenBuilder.subject("sub")
+				.claims((claims) -> claims.remove(IdTokenClaimNames.SUB))
 				.build();
+		// @formatter:on
 		assertThat(idToken.getSubject()).isNull();
 	}
 
@@ -91,7 +106,11 @@ public class OidcIdTokenBuilderTests {
 		OidcIdToken.Builder idTokenBuilder = OidcIdToken.withTokenValue("token");
 		String name = new String("name");
 		String value = new String("value");
-		OidcIdToken idToken = idTokenBuilder.claims((claims) -> claims.put(name, value)).build();
+		// @formatter:off
+		OidcIdToken idToken = idTokenBuilder
+				.claims((claims) -> claims.put(name, value))
+				.build();
+		// @formatter:on
 		assertThat(idToken.getClaims()).hasSize(1);
 		assertThat(idToken.getClaims().get(name)).isSameAs(value);
 	}
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcUserInfoBuilderTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcUserInfoBuilderTests.java
index 8877139e0f..b7e02d0ed8 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcUserInfoBuilderTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcUserInfoBuilderTests.java
@@ -28,8 +28,15 @@ public class OidcUserInfoBuilderTests {
 	@Test
 	public void buildWhenCalledTwiceThenGeneratesTwoOidcUserInfos() {
 		OidcUserInfo.Builder userInfoBuilder = OidcUserInfo.builder();
-		OidcUserInfo first = userInfoBuilder.claim("TEST_CLAIM_1", "C1").build();
-		OidcUserInfo second = userInfoBuilder.claim("TEST_CLAIM_1", "C2").claim("TEST_CLAIM_2", "C3").build();
+		// @formatter:off
+		OidcUserInfo first = userInfoBuilder
+				.claim("TEST_CLAIM_1", "C1")
+				.build();
+		OidcUserInfo second = userInfoBuilder
+				.claim("TEST_CLAIM_1", "C2")
+				.claim("TEST_CLAIM_2", "C3")
+				.build();
+		// @formatter:on
 		assertThat(first.getClaims()).hasSize(1);
 		assertThat(first.getClaims().get("TEST_CLAIM_1")).isEqualTo("C1");
 		assertThat(second.getClaims()).hasSize(2);
@@ -42,17 +49,31 @@ public class OidcUserInfoBuilderTests {
 		OidcUserInfo.Builder userInfoBuilder = OidcUserInfo.builder();
 		String generic = new String("sub");
 		String named = new String("sub");
-		OidcUserInfo userInfo = userInfoBuilder.subject(named).claim(IdTokenClaimNames.SUB, generic).build();
+		// @formatter:off
+		OidcUserInfo userInfo = userInfoBuilder
+				.subject(named)
+				.claim(IdTokenClaimNames.SUB, generic)
+				.build();
+		// @formatter:on
 		assertThat(userInfo.getSubject()).isSameAs(generic);
-		userInfo = userInfoBuilder.claim(IdTokenClaimNames.SUB, generic).subject(named).build();
+		// @formatter:off
+		userInfo = userInfoBuilder
+				.claim(IdTokenClaimNames.SUB, generic)
+				.subject(named)
+				.build();
+		// @formatter:on
 		assertThat(userInfo.getSubject()).isSameAs(named);
 	}
 
 	@Test
 	public void claimsWhenRemovingAClaimThenIsNotPresent() {
-		OidcUserInfo.Builder userInfoBuilder = OidcUserInfo.builder().claim("needs", "a claim");
-		OidcUserInfo userInfo = userInfoBuilder.subject("sub").claims((claims) -> claims.remove(IdTokenClaimNames.SUB))
+		// @formatter:off
+		OidcUserInfo.Builder userInfoBuilder = OidcUserInfo.builder()
+				.claim("needs", "a claim");
+		OidcUserInfo userInfo = userInfoBuilder.subject("sub")
+				.claims((claims) -> claims.remove(IdTokenClaimNames.SUB))
 				.build();
+		// @formatter:on
 		assertThat(userInfo.getSubject()).isNull();
 	}
 
@@ -61,7 +82,11 @@ public class OidcUserInfoBuilderTests {
 		OidcUserInfo.Builder userInfoBuilder = OidcUserInfo.builder();
 		String name = new String("name");
 		String value = new String("value");
-		OidcUserInfo userInfo = userInfoBuilder.claims((claims) -> claims.put(name, value)).build();
+		// @formatter:off
+		OidcUserInfo userInfo = userInfoBuilder
+				.claims((claims) -> claims.put(name, value))
+				.build();
+		// @formatter:on
 		assertThat(userInfo.getClaims()).hasSize(1);
 		assertThat(userInfo.getClaims().get(name)).isSameAs(value);
 	}
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/TestOidcIdTokens.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/TestOidcIdTokens.java
index 0bcdcb48c8..ca859473d1 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/TestOidcIdTokens.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/TestOidcIdTokens.java
@@ -29,8 +29,15 @@ public final class TestOidcIdTokens {
 	}
 
 	public static OidcIdToken.Builder idToken() {
-		return OidcIdToken.withTokenValue("id-token").issuer("https://example.com").subject("subject")
-				.issuedAt(Instant.now()).expiresAt(Instant.now().plusSeconds(86400)).claim("id", "id");
+		// @formatter:off
+		return OidcIdToken.withTokenValue("id-token")
+				.issuer("https://example.com")
+				.subject("subject")
+				.issuedAt(Instant.now())
+				.expiresAt(Instant.now()
+				.plusSeconds(86400))
+				.claim("id", "id");
+		// @formatter:on
 	}
 
 }
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/user/TestOidcUsers.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/user/TestOidcUsers.java
index e7d872a6ad..3bda7ec32d 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/user/TestOidcUsers.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/user/TestOidcUsers.java
@@ -44,10 +44,16 @@ public final class TestOidcUsers {
 	private static OidcIdToken idToken() {
 		Instant issuedAt = Instant.now();
 		Instant expiresAt = issuedAt.plusSeconds(3600);
-		return OidcIdToken.withTokenValue("id-token").issuedAt(issuedAt).expiresAt(expiresAt).subject("subject")
+		// @formatter:off
+		return OidcIdToken.withTokenValue("id-token")
+				.issuedAt(issuedAt)
+				.expiresAt(expiresAt)
+				.subject("subject")
 				.issuer("http://localhost/issuer")
 				.audience(Collections.unmodifiableSet(new LinkedHashSet<>(Collections.singletonList("client"))))
-				.authorizedParty("client").build();
+				.authorizedParty("client")
+				.build();
+		// @formatter:on
 	}
 
 	private static OidcUserInfo userInfo() {
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/web/reactive/function/OAuth2BodyExtractorsTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/web/reactive/function/OAuth2BodyExtractorsTests.java
index 754592cf41..baf82a016b 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/web/reactive/function/OAuth2BodyExtractorsTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/web/reactive/function/OAuth2BodyExtractorsTests.java
@@ -90,8 +90,11 @@ public class OAuth2BodyExtractorsTests {
 		response.getHeaders().setContentType(MediaType.APPLICATION_JSON);
 		response.setBody("{");
 		Mono<OAuth2AccessTokenResponse> result = extractor.extract(response, this.context);
-		assertThatExceptionOfType(OAuth2AuthorizationException.class).isThrownBy(result::block)
+		// @formatter:off
+		assertThatExceptionOfType(OAuth2AuthorizationException.class)
+				.isThrownBy(result::block)
 				.withMessageContaining("An error occurred parsing the Access Token response");
+		// @formatter:on
 	}
 
 	@Test
@@ -100,8 +103,11 @@ public class OAuth2BodyExtractorsTests {
 				.oauth2AccessTokenResponse();
 		MockClientHttpResponse response = new MockClientHttpResponse(HttpStatus.OK);
 		Mono<OAuth2AccessTokenResponse> result = extractor.extract(response, this.context);
-		assertThatExceptionOfType(OAuth2AuthorizationException.class).isThrownBy(result::block)
+		// @formatter:off
+		assertThatExceptionOfType(OAuth2AuthorizationException.class)
+				.isThrownBy(result::block)
 				.withMessageContaining("Empty OAuth 2.0 Access Token Response");
+		// @formatter:on
 	}
 
 	@Test
@@ -110,10 +116,16 @@ public class OAuth2BodyExtractorsTests {
 				.oauth2AccessTokenResponse();
 		MockClientHttpResponse response = new MockClientHttpResponse(HttpStatus.OK);
 		response.getHeaders().setContentType(MediaType.APPLICATION_JSON);
+		// @formatter:off
 		response.setBody(
-				"{\n" + "       \"access_token\":\"2YotnFZFEjr1zCsicMWpAA\",\n" + "       \"token_type\":\"Bearer\",\n"
-						+ "       \"expires_in\":3600,\n" + "       \"refresh_token\":\"tGzv3JOkF0XG5Qx2TlKWIA\",\n"
-						+ "       \"example_parameter\":\"example_value\"\n" + "     }");
+				"{\n"
+			+ "       \"access_token\":\"2YotnFZFEjr1zCsicMWpAA\",\n"
+			+ "       \"token_type\":\"Bearer\",\n"
+			+ "       \"expires_in\":3600,\n"
+			+ "       \"refresh_token\":\"tGzv3JOkF0XG5Qx2TlKWIA\",\n"
+			+ "       \"example_parameter\":\"example_value\"\n"
+			+ "     }");
+		// @formatter:on
 		Instant now = Instant.now();
 		OAuth2AccessTokenResponse result = extractor.extract(response, this.context).block();
 		assertThat(result.getAccessToken().getTokenValue()).isEqualTo("2YotnFZFEjr1zCsicMWpAA");
@@ -130,10 +142,17 @@ public class OAuth2BodyExtractorsTests {
 				.oauth2AccessTokenResponse();
 		MockClientHttpResponse response = new MockClientHttpResponse(HttpStatus.OK);
 		response.getHeaders().setContentType(MediaType.APPLICATION_JSON);
+		// @formatter:off
 		response.setBody(
-				"{\n" + "       \"access_token\":\"2YotnFZFEjr1zCsicMWpAA\",\n" + "       \"token_type\":\"Bearer\",\n"
-						+ "       \"expires_in\":3600,\n" + "       \"refresh_token\":\"tGzv3JOkF0XG5Qx2TlKWIA\",\n"
-						+ "       \"subjson\":{}, \n" + "		  \"list\":[]  \n" + "     }");
+				"{\n"
+			+ "       \"access_token\":\"2YotnFZFEjr1zCsicMWpAA\",\n"
+			+ "       \"token_type\":\"Bearer\",\n"
+			+ "       \"expires_in\":3600,\n"
+			+ "       \"refresh_token\":\"tGzv3JOkF0XG5Qx2TlKWIA\",\n"
+			+ "       \"subjson\":{}, \n"
+			+ "		  \"list\":[]  \n"
+			+ "     }");
+		// @formatter:on
 		Instant now = Instant.now();
 		OAuth2AccessTokenResponse result = extractor.extract(response, this.context).block();
 		assertThat(result.getAccessToken().getTokenValue()).isEqualTo("2YotnFZFEjr1zCsicMWpAA");

From d5ae4337e391d18685a782bfe7245486423862f8 Mon Sep 17 00:00:00 2001
From: Rob Winch <rwinch@users.noreply.github.com>
Date: Mon, 24 Aug 2020 09:49:41 -0500
Subject: [PATCH 83/84] Polish oauth2-jose format

Issue gh-8945
---
 .../JwtDecoderProviderConfigurationUtils.java |  15 +-
 .../security/oauth2/jwt/NimbusJwtDecoder.java |   7 +-
 .../oauth2/jwt/NimbusReactiveJwtDecoder.java  |   5 +-
 .../oauth2/jwt/ReactiveRemoteJWKSource.java   |  22 +-
 .../security/oauth2/jose/TestKeys.java        |  11 +-
 .../security/oauth2/jwt/JwtBuilderTests.java  |  65 +++-
 .../security/oauth2/jwt/JwtDecodersTests.java | 136 ++++++--
 .../oauth2/jwt/JwtIssuerValidatorTests.java   |  20 +-
 .../jwt/JwtTimestampValidatorTests.java       |  25 +-
 .../jwt/NimbusJwtDecoderJwkSupportTests.java  |  36 +-
 .../oauth2/jwt/NimbusJwtDecoderTests.java     | 313 ++++++++++++++----
 .../jwt/NimbusReactiveJwtDecoderTests.java    | 261 +++++++++++----
 .../oauth2/jwt/ReactiveJwtDecodersTests.java  | 110 ++++--
 .../jwt/ReactiveRemoteJWKSourceTests.java     |  32 +-
 .../security/oauth2/jwt/TestJwts.java         |  20 +-
 15 files changed, 849 insertions(+), 229 deletions(-)

diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtDecoderProviderConfigurationUtils.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtDecoderProviderConfigurationUtils.java
index 3aba32e867..5cf7ace331 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtDecoderProviderConfigurationUtils.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtDecoderProviderConfigurationUtils.java
@@ -100,18 +100,27 @@ final class JwtDecoderProviderConfigurationUtils {
 	}
 
 	private static URI oidc(URI issuer) {
-		return UriComponentsBuilder.fromUri(issuer).replacePath(issuer.getPath() + OIDC_METADATA_PATH)
+		// @formatter:off
+		return UriComponentsBuilder.fromUri(issuer)
+				.replacePath(issuer.getPath() + OIDC_METADATA_PATH)
 				.build(Collections.emptyMap());
+		// @formatter:on
 	}
 
 	private static URI oidcRfc8414(URI issuer) {
-		return UriComponentsBuilder.fromUri(issuer).replacePath(OIDC_METADATA_PATH + issuer.getPath())
+		// @formatter:off
+		return UriComponentsBuilder.fromUri(issuer)
+				.replacePath(OIDC_METADATA_PATH + issuer.getPath())
 				.build(Collections.emptyMap());
+		// @formatter:on
 	}
 
 	private static URI oauth(URI issuer) {
-		return UriComponentsBuilder.fromUri(issuer).replacePath(OAUTH_METADATA_PATH + issuer.getPath())
+		// @formatter:off
+		return UriComponentsBuilder.fromUri(issuer)
+				.replacePath(OAUTH_METADATA_PATH + issuer.getPath())
 				.build(Collections.emptyMap());
+		// @formatter:on
 	}
 
 }
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoder.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoder.java
index 632d755cc7..97213b90c2 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoder.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoder.java
@@ -147,7 +147,12 @@ public final class NimbusJwtDecoder implements JwtDecoder {
 			JWTClaimsSet jwtClaimsSet = this.jwtProcessor.process(parsedJwt, null);
 			Map<String, Object> headers = new LinkedHashMap<>(parsedJwt.getHeader().toJSONObject());
 			Map<String, Object> claims = this.claimSetConverter.convert(jwtClaimsSet.getClaims());
-			return Jwt.withTokenValue(token).headers((h) -> h.putAll(headers)).claims((c) -> c.putAll(claims)).build();
+			// @formatter:off
+			return Jwt.withTokenValue(token)
+					.headers((h) -> h.putAll(headers))
+					.claims((c) -> c.putAll(claims))
+					.build();
+			// @formatter:on
 		}
 		catch (RemoteKeySourceException ex) {
 			if (ex.getCause() instanceof ParseException) {
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoder.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoder.java
index 95909265ac..122cf14c37 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoder.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoder.java
@@ -159,10 +159,13 @@ public final class NimbusReactiveJwtDecoder implements ReactiveJwtDecoder {
 
 	private Mono<Jwt> decode(JWT parsedToken) {
 		try {
-			return this.jwtProcessor.convert(parsedToken).map((set) -> createJwt(parsedToken, set))
+			// @formatter:off
+			return this.jwtProcessor.convert(parsedToken)
+					.map((set) -> createJwt(parsedToken, set))
 					.map(this::validateJwt)
 					.onErrorMap((ex) -> !(ex instanceof IllegalStateException) && !(ex instanceof JwtException),
 							(ex) -> new JwtException("An error occurred while attempting to decode the Jwt: ", ex));
+			// @formatter:on
 		}
 		catch (JwtException ex) {
 			throw ex;
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveRemoteJWKSource.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveRemoteJWKSource.java
index ec2bc3f901..498fa81a57 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveRemoteJWKSource.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveRemoteJWKSource.java
@@ -54,9 +54,14 @@ class ReactiveRemoteJWKSource implements ReactiveJWKSource {
 
 	@Override
 	public Mono<List<JWK>> get(JWKSelector jwkSelector) {
-		return this.cachedJWKSet.get().switchIfEmpty(Mono.defer(() -> getJWKSet()))
+		// @formatter:off
+		return this.cachedJWKSet.get()
+				.switchIfEmpty(Mono.defer(() -> getJWKSet()))
 				.flatMap((jwkSet) -> get(jwkSelector, jwkSet))
-				.switchIfEmpty(Mono.defer(() -> getJWKSet().map((jwkSet) -> jwkSelector.select(jwkSet))));
+				.switchIfEmpty(Mono.defer(() -> getJWKSet()
+						.map((jwkSet) -> jwkSelector.select(jwkSet)))
+				);
+		// @formatter:on
 	}
 
 	private Mono<List<JWK>> get(JWKSelector jwkSelector, JWKSet jwkSet) {
@@ -89,8 +94,17 @@ class ReactiveRemoteJWKSource implements ReactiveJWKSource {
 	 * @throws RemoteKeySourceException If JWK retrieval failed.
 	 */
 	private Mono<JWKSet> getJWKSet() {
-		return this.webClient.get().uri(this.jwkSetURL).retrieve().bodyToMono(String.class).map(this::parse)
-				.doOnNext((jwkSet) -> this.cachedJWKSet.set(Mono.just(jwkSet))).cache();
+		// @formatter:off
+		return this.webClient.get()
+				.uri(this.jwkSetURL)
+				.retrieve()
+				.bodyToMono(String.class)
+				.map(this::parse)
+				.doOnNext((jwkSet) -> this.cachedJWKSet
+						.set(Mono.just(jwkSet))
+				)
+				.cache();
+		// @formatter:on
 	}
 
 	private JWKSet parse(String body) {
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jose/TestKeys.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jose/TestKeys.java
index f0dba9b354..7a2b7fb70d 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jose/TestKeys.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jose/TestKeys.java
@@ -48,12 +48,15 @@ public final class TestKeys {
 	public static final SecretKey DEFAULT_SECRET_KEY = new SecretKeySpec(
 			Base64.getDecoder().decode(DEFAULT_ENCODED_SECRET_KEY), "AES");
 
+	// @formatter:off
 	public static final String DEFAULT_RSA_PUBLIC_KEY = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3FlqJr5TRskIQIgdE3Dd"
 			+ "7D9lboWdcTUT8a+fJR7MAvQm7XXNoYkm3v7MQL1NYtDvL2l8CAnc0WdSTINU6IRv"
 			+ "c5Kqo2Q4csNX9SHOmEfzoROjQqahEcve1jBXluoCXdYuYpx4/1tfRgG6ii4Uhxh6"
 			+ "iI8qNMJQX+fLfqhbfYfxBQVRPywBkAbIP4x1EAsbC6FSNmkhCxiMNqEgxaIpY8C2"
 			+ "kJdJ/ZIV+WW4noDdzpKqHcwmB8FsrumlVY/DNVvUSDIipiq9PbP4H99TXN1o746o"
-			+ "RaNa07rq1hoCgMSSy+85SagCoxlmyE+D+of9SsMY8Ol9t0rdzpobBuhyJ/o5dfvj" + "KwIDAQAB";
+			+ "RaNa07rq1hoCgMSSy+85SagCoxlmyE+D+of9SsMY8Ol9t0rdzpobBuhyJ/o5dfvj"
+			+ "KwIDAQAB";
+	// @formatter:on
 
 	public static final RSAPublicKey DEFAULT_PUBLIC_KEY;
 	static {
@@ -65,6 +68,8 @@ public final class TestKeys {
 			throw new IllegalArgumentException(ex);
 		}
 	}
+
+	// @formatter:off
 	public static final String DEFAULT_RSA_PRIVATE_KEY = "MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDcWWomvlNGyQhA"
 			+ "iB0TcN3sP2VuhZ1xNRPxr58lHswC9Cbtdc2hiSbe/sxAvU1i0O8vaXwICdzRZ1JM"
 			+ "g1TohG9zkqqjZDhyw1f1Ic6YR/OhE6NCpqERy97WMFeW6gJd1i5inHj/W19GAbqK"
@@ -89,7 +94,9 @@ public final class TestKeys {
 			+ "FiGm+mC/skFS0MWgW8evaHGDbWU180wheQ35hW6oKAb7myRHtr4q20ouEtQMdQIF"
 			+ "snV39G1iyqeeAsf7dxWElydXpRi2b68i3BIgzhzebQKBgQCdUQuTsqV9y/JFpu6H"
 			+ "c5TVvhG/ubfBspI5DhQqIGijnVBzFT//UfIYMSKJo75qqBEyP2EJSmCsunWsAFsM"
-			+ "TszuiGTkrKcZy9G0wJqPztZZl2F2+bJgnA6nBEV7g5PA4Af+QSmaIhRwqGDAuROR" + "47jndeyIaMTNETEmOnms+as17g==";
+			+ "TszuiGTkrKcZy9G0wJqPztZZl2F2+bJgnA6nBEV7g5PA4Af+QSmaIhRwqGDAuROR"
+			+ "47jndeyIaMTNETEmOnms+as17g==";
+	// @formatter:on
 
 	public static final RSAPrivateKey DEFAULT_PRIVATE_KEY;
 	static {
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtBuilderTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtBuilderTests.java
index 4aab4d0e2d..0aaf02945e 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtBuilderTests.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtBuilderTests.java
@@ -34,9 +34,18 @@ public class JwtBuilderTests {
 	@Test
 	public void buildWhenCalledTwiceThenGeneratesTwoJwts() {
 		Jwt.Builder jwtBuilder = Jwt.withTokenValue("token");
-		Jwt first = jwtBuilder.tokenValue("V1").header("TEST_HEADER_1", "H1").claim("TEST_CLAIM_1", "C1").build();
-		Jwt second = jwtBuilder.tokenValue("V2").header("TEST_HEADER_1", "H2").header("TEST_HEADER_2", "H3")
-				.claim("TEST_CLAIM_1", "C2").claim("TEST_CLAIM_2", "C3").build();
+		// @formatter:off
+		Jwt first = jwtBuilder.tokenValue("V1")
+				.header("TEST_HEADER_1", "H1")
+				.claim("TEST_CLAIM_1", "C1")
+				.build();
+		Jwt second = jwtBuilder.tokenValue("V2")
+				.header("TEST_HEADER_1", "H2")
+				.header("TEST_HEADER_2", "H3")
+				.claim("TEST_CLAIM_1", "C2")
+				.claim("TEST_CLAIM_2", "C3")
+				.build();
+		// @formatter:on
 		assertThat(first.getHeaders()).hasSize(1);
 		assertThat(first.getHeaders().get("TEST_HEADER_1")).isEqualTo("H1");
 		assertThat(first.getClaims()).hasSize(1);
@@ -53,7 +62,10 @@ public class JwtBuilderTests {
 
 	@Test
 	public void expiresAtWhenUsingGenericOrNamedClaimMethodRequiresInstant() {
-		Jwt.Builder jwtBuilder = Jwt.withTokenValue("token").header("needs", "a header");
+		// @formatter:off
+		Jwt.Builder jwtBuilder = Jwt.withTokenValue("token")
+				.header("needs", "a header");
+		// @formatter:on
 		Instant now = Instant.now();
 		Jwt jwt = jwtBuilder.expiresAt(now).build();
 		assertThat(jwt.getExpiresAt()).isSameAs(now);
@@ -65,7 +77,10 @@ public class JwtBuilderTests {
 
 	@Test
 	public void issuedAtWhenUsingGenericOrNamedClaimMethodRequiresInstant() {
-		Jwt.Builder jwtBuilder = Jwt.withTokenValue("token").header("needs", "a header");
+		// @formatter:off
+		Jwt.Builder jwtBuilder = Jwt.withTokenValue("token")
+				.header("needs", "a header");
+		// @formatter:on
 		Instant now = Instant.now();
 		Jwt jwt = jwtBuilder.issuedAt(now).build();
 		assertThat(jwt.getIssuedAt()).isSameAs(now);
@@ -77,7 +92,10 @@ public class JwtBuilderTests {
 
 	@Test
 	public void subjectWhenUsingGenericOrNamedClaimMethodThenLastOneWins() {
-		Jwt.Builder jwtBuilder = Jwt.withTokenValue("token").header("needs", "a header");
+		// @formatter:off
+		Jwt.Builder jwtBuilder = Jwt.withTokenValue("token")
+				.header("needs", "a header");
+		// @formatter:on
 		String generic = new String("sub");
 		String named = new String("sub");
 		Jwt jwt = jwtBuilder.subject(named).claim(JwtClaimNames.SUB, generic).build();
@@ -88,14 +106,23 @@ public class JwtBuilderTests {
 
 	@Test
 	public void claimsWhenRemovingAClaimThenIsNotPresent() {
-		Jwt.Builder jwtBuilder = Jwt.withTokenValue("token").claim("needs", "a claim").header("needs", "a header");
-		Jwt jwt = jwtBuilder.subject("sub").claims((claims) -> claims.remove(JwtClaimNames.SUB)).build();
+		// @formatter:off
+		Jwt.Builder jwtBuilder = Jwt.withTokenValue("token")
+				.claim("needs", "a claim")
+				.header("needs", "a header");
+		Jwt jwt = jwtBuilder.subject("sub")
+				.claims((claims) -> claims.remove(JwtClaimNames.SUB))
+				.build();
+		// @formatter:on
 		assertThat(jwt.getSubject()).isNull();
 	}
 
 	@Test
 	public void claimsWhenAddingAClaimThenIsPresent() {
-		Jwt.Builder jwtBuilder = Jwt.withTokenValue("token").header("needs", "a header");
+		// @formatter:off
+		Jwt.Builder jwtBuilder = Jwt.withTokenValue("token")
+				.header("needs", "a header");
+		// @formatter:on
 		String name = new String("name");
 		String value = new String("value");
 		Jwt jwt = jwtBuilder.claims((claims) -> claims.put(name, value)).build();
@@ -105,17 +132,29 @@ public class JwtBuilderTests {
 
 	@Test
 	public void headersWhenRemovingAClaimThenIsNotPresent() {
-		Jwt.Builder jwtBuilder = Jwt.withTokenValue("token").claim("needs", "a claim").header("needs", "a header");
-		Jwt jwt = jwtBuilder.header("alg", "none").headers((headers) -> headers.remove("alg")).build();
+		// @formatter:off
+		Jwt.Builder jwtBuilder = Jwt.withTokenValue("token")
+				.claim("needs", "a claim")
+				.header("needs", "a header");
+		Jwt jwt = jwtBuilder.header("alg", "none")
+				.headers((headers) -> headers.remove("alg"))
+				.build();
+		// @formatter:on
 		assertThat(jwt.getHeaders().get("alg")).isNull();
 	}
 
 	@Test
 	public void headersWhenAddingAClaimThenIsPresent() {
-		Jwt.Builder jwtBuilder = Jwt.withTokenValue("token").claim("needs", "a claim");
+		// @formatter:off
+		Jwt.Builder jwtBuilder = Jwt.withTokenValue("token")
+				.claim("needs", "a claim");
+		// @formatter:on
 		String name = new String("name");
 		String value = new String("value");
-		Jwt jwt = jwtBuilder.headers((headers) -> headers.put(name, value)).build();
+		// @formatter:off
+		Jwt jwt = jwtBuilder.headers((headers) -> headers.put(name, value))
+				.build();
+		// @formatter:on
 		assertThat(jwt.getHeaders()).hasSize(1);
 		assertThat(jwt.getHeaders().get(name)).isSameAs(value);
 	}
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtDecodersTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtDecodersTests.java
index 7f6b4da77e..868fe4713b 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtDecodersTests.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtDecodersTests.java
@@ -55,15 +55,30 @@ public class JwtDecodersTests {
 	 * Contains those parameters required to construct a JwtDecoder as well as any
 	 * required parameters
 	 */
+	// @formatter:off
 	private static final String DEFAULT_RESPONSE_TEMPLATE = "{\n"
 			+ "    \"authorization_endpoint\": \"https://example.com/o/oauth2/v2/auth\", \n"
-			+ "    \"id_token_signing_alg_values_supported\": [\n" + "        \"RS256\"\n" + "    ], \n"
-			+ "    \"issuer\": \"%s\", \n" + "    \"jwks_uri\": \"%s/.well-known/jwks.json\", \n"
-			+ "    \"response_types_supported\": [\n" + "        \"code\", \n" + "        \"token\", \n"
-			+ "        \"id_token\", \n" + "        \"code token\", \n" + "        \"code id_token\", \n"
-			+ "        \"token id_token\", \n" + "        \"code token id_token\", \n" + "        \"none\"\n"
-			+ "    ], \n" + "    \"subject_types_supported\": [\n" + "        \"public\"\n" + "    ], \n"
-			+ "    \"token_endpoint\": \"https://example.com/oauth2/v4/token\"\n" + "}";
+			+ "    \"id_token_signing_alg_values_supported\": [\n"
+			+ "        \"RS256\"\n"
+			+ "    ], \n"
+			+ "    \"issuer\": \"%s\", \n"
+			+ "    \"jwks_uri\": \"%s/.well-known/jwks.json\", \n"
+			+ "    \"response_types_supported\": [\n"
+			+ "        \"code\", \n"
+			+ "        \"token\", \n"
+			+ "        \"id_token\", \n"
+			+ "        \"code token\", \n"
+			+ "        \"code id_token\", \n"
+			+ "        \"token id_token\", \n"
+			+ "        \"code token id_token\", \n"
+			+ "        \"none\"\n"
+			+ "    ], \n"
+			+ "    \"subject_types_supported\": [\n"
+			+ "        \"public\"\n"
+			+ "    ], \n"
+			+ "    \"token_endpoint\": \"https://example.com/oauth2/v4/token\"\n"
+			+ "}";
+	// @formatter:on
 
 	private static final String JWK_SET = "{\"keys\":[{\"p\":\"49neceJFs8R6n7WamRGy45F5Tv0YM-R2ODK3eSBUSLOSH2tAqjEVKOkLE5fiNA3ygqq15NcKRadB2pTVf-Yb5ZIBuKzko8bzYIkIqYhSh_FAdEEr0vHF5fq_yWSvc6swsOJGqvBEtuqtJY027u-G2gAQasCQdhyejer68zsTn8M\",\"kty\":\"RSA\",\"q\":\"tWR-ysspjZ73B6p2vVRVyHwP3KQWL5KEQcdgcmMOE_P_cPs98vZJfLhxobXVmvzuEWBpRSiqiuyKlQnpstKt94Cy77iO8m8ISfF3C9VyLWXi9HUGAJb99irWABFl3sNDff5K2ODQ8CmuXLYM25OwN3ikbrhEJozlXg_NJFSGD4E\",\"d\":\"FkZHYZlw5KSoqQ1i2RA2kCUygSUOf1OqMt3uomtXuUmqKBm_bY7PCOhmwbvbn4xZYEeHuTR8Xix-0KpHe3NKyWrtRjkq1T_un49_1LLVUhJ0dL-9_x0xRquVjhl_XrsRXaGMEHs8G9pLTvXQ1uST585gxIfmCe0sxPZLvwoic-bXf64UZ9BGRV3lFexWJQqCZp2S21HfoU7wiz6kfLRNi-K4xiVNB1gswm_8o5lRuY7zB9bRARQ3TS2G4eW7p5sxT3CgsGiQD3_wPugU8iDplqAjgJ5ofNJXZezoj0t6JMB_qOpbrmAM1EnomIPebSLW7Ky9SugEd6KMdL5lW6AuAQ\",\"e\":\"AQAB\",\"use\":\"sig\",\"kid\":\"one\",\"qi\":\"wdkFu_tV2V1l_PWUUimG516Zvhqk2SWDw1F7uNDD-Lvrv_WNRIJVzuffZ8WYiPy8VvYQPJUrT2EXL8P0ocqwlaSTuXctrORcbjwgxDQDLsiZE0C23HYzgi0cofbScsJdhcBg7d07LAf7cdJWG0YVl1FkMCsxUlZ2wTwHfKWf-v4\",\"dp\":\"uwnPxqC-IxG4r33-SIT02kZC1IqC4aY7PWq0nePiDEQMQWpjjNH50rlq9EyLzbtdRdIouo-jyQXB01K15-XXJJ60dwrGLYNVqfsTd0eGqD1scYJGHUWG9IDgCsxyEnuG3s0AwbW2UolWVSsU2xMZGb9PurIUZECeD1XDZwMp2s0\",\"dq\":\"hra786AunB8TF35h8PpROzPoE9VJJMuLrc6Esm8eZXMwopf0yhxfN2FEAvUoTpLJu93-UH6DKenCgi16gnQ0_zt1qNNIVoRfg4rw_rjmsxCYHTVL3-RDeC8X_7TsEySxW0EgFTHh-nr6I6CQrAJjPM88T35KHtdFATZ7BCBB8AE\",\"n\":\"oXJ8OyOv_eRnce4akdanR4KYRfnC2zLV4uYNQpcFn6oHL0dj7D6kxQmsXoYgJV8ZVDn71KGmuLvolxsDncc2UrhyMBY6DVQVgMSVYaPCTgW76iYEKGgzTEw5IBRQL9w3SRJWd3VJTZZQjkXef48Ocz06PGF3lhbz4t5UEZtdF4rIe7u-977QwHuh7yRPBQ3sII-cVoOUMgaXB9SHcGF2iZCtPzL_IffDUcfhLQteGebhW8A6eUHgpD5A1PQ-JCw_G7UOzZAjjDjtNM2eqm8j-Ms_gqnm4MiCZ4E-9pDN77CAAPVN7kuX6ejs9KBXpk01z48i9fORYk9u7rAkh1HuQw\"}]}";
 
@@ -93,24 +108,33 @@ public class JwtDecodersTests {
 	public void issuerWhenResponseIsTypicalThenReturnedDecoderValidatesIssuer() {
 		prepareConfigurationResponse();
 		JwtDecoder decoder = JwtDecoders.fromOidcIssuerLocation(this.issuer);
-		assertThatExceptionOfType(JwtValidationException.class).isThrownBy(() -> decoder.decode(ISSUER_MISMATCH))
+		// @formatter:off
+		assertThatExceptionOfType(JwtValidationException.class)
+				.isThrownBy(() -> decoder.decode(ISSUER_MISMATCH))
 				.withMessageContaining("The iss claim is not valid");
+		// @formatter:on
 	}
 
 	@Test
 	public void issuerWhenOidcFallbackResponseIsTypicalThenReturnedDecoderValidatesIssuer() {
 		prepareConfigurationResponseOidc();
 		JwtDecoder decoder = JwtDecoders.fromIssuerLocation(this.issuer);
-		assertThatExceptionOfType(JwtValidationException.class).isThrownBy(() -> decoder.decode(ISSUER_MISMATCH))
+		// @formatter:off
+		assertThatExceptionOfType(JwtValidationException.class)
+				.isThrownBy(() -> decoder.decode(ISSUER_MISMATCH))
 				.withMessageContaining("The iss claim is not valid");
+		// @formatter:on
 	}
 
 	@Test
 	public void issuerWhenOAuth2ResponseIsTypicalThenReturnedDecoderValidatesIssuer() {
 		prepareConfigurationResponseOAuth2();
 		JwtDecoder decoder = JwtDecoders.fromIssuerLocation(this.issuer);
-		assertThatExceptionOfType(JwtValidationException.class).isThrownBy(() -> decoder.decode(ISSUER_MISMATCH))
+		// @formatter:off
+		assertThatExceptionOfType(JwtValidationException.class)
+				.isThrownBy(() -> decoder.decode(ISSUER_MISMATCH))
 				.withMessageContaining("The iss claim is not valid");
+		// @formatter:on
 	}
 
 	@Test
@@ -147,13 +171,19 @@ public class JwtDecodersTests {
 	@Test
 	public void issuerWhenOidcFallbackResponseIsNonCompliantThenThrowsRuntimeException() {
 		prepareConfigurationResponseOidc("{ \"missing_required_keys\" : \"and_values\" }");
-		assertThatExceptionOfType(RuntimeException.class).isThrownBy(() -> JwtDecoders.fromIssuerLocation(this.issuer));
+		// @formatter:off
+		assertThatExceptionOfType(RuntimeException.class)
+				.isThrownBy(() -> JwtDecoders.fromIssuerLocation(this.issuer));
+		// @formatter:on
 	}
 
 	@Test
 	public void issuerWhenOAuth2ResponseIsNonCompliantThenThrowsRuntimeException() {
 		prepareConfigurationResponseOAuth2("{ \"missing_required_keys\" : \"and_values\" }");
-		assertThatExceptionOfType(RuntimeException.class).isThrownBy(() -> JwtDecoders.fromIssuerLocation(this.issuer));
+		// @formatter:off
+		assertThatExceptionOfType(RuntimeException.class)
+				.isThrownBy(() -> JwtDecoders.fromIssuerLocation(this.issuer));
+		// @formatter:on
 	}
 
 	// gh-7512
@@ -161,8 +191,11 @@ public class JwtDecodersTests {
 	public void issuerWhenResponseDoesNotContainJwksUriThenThrowsIllegalArgumentException()
 			throws JsonMappingException, JsonProcessingException {
 		prepareConfigurationResponse(this.buildResponseWithMissingJwksUri());
-		assertThatIllegalArgumentException().isThrownBy(() -> JwtDecoders.fromOidcIssuerLocation(this.issuer))
+		// @formatter:off
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> JwtDecoders.fromOidcIssuerLocation(this.issuer))
 				.withMessage("The public JWK set URI must not be null");
+		// @formatter:on
 	}
 
 	// gh-7512
@@ -170,8 +203,12 @@ public class JwtDecodersTests {
 	public void issuerWhenOidcFallbackResponseDoesNotContainJwksUriThenThrowsIllegalArgumentException()
 			throws JsonMappingException, JsonProcessingException {
 		prepareConfigurationResponseOidc(this.buildResponseWithMissingJwksUri());
-		assertThatIllegalArgumentException().isThrownBy(() -> JwtDecoders.fromIssuerLocation(this.issuer))
-				.isInstanceOf(IllegalArgumentException.class).withMessage("The public JWK set URI must not be null");
+		// @formatter:off
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> JwtDecoders.fromIssuerLocation(this.issuer))
+				.isInstanceOf(IllegalArgumentException.class)
+				.withMessage("The public JWK set URI must not be null");
+		// @formatter:on
 	}
 
 	// gh-7512
@@ -179,59 +216,85 @@ public class JwtDecodersTests {
 	public void issuerWhenOAuth2ResponseDoesNotContainJwksUriThenThrowsIllegalArgumentException()
 			throws JsonMappingException, JsonProcessingException {
 		prepareConfigurationResponseOAuth2(this.buildResponseWithMissingJwksUri());
-		assertThatIllegalArgumentException().isThrownBy(() -> JwtDecoders.fromIssuerLocation(this.issuer))
+		// @formatter:off
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> JwtDecoders.fromIssuerLocation(this.issuer))
 				.withMessage("The public JWK set URI must not be null");
+		// @formatter:on
 	}
 
 	@Test
 	public void issuerWhenResponseIsMalformedThenThrowsRuntimeException() {
 		prepareConfigurationResponse("malformed");
+		// @formatter:off
 		assertThatExceptionOfType(RuntimeException.class)
 				.isThrownBy(() -> JwtDecoders.fromOidcIssuerLocation(this.issuer));
+		// @formatter:on
 	}
 
 	@Test
 	public void issuerWhenOidcFallbackResponseIsMalformedThenThrowsRuntimeException() {
 		prepareConfigurationResponseOidc("malformed");
-		assertThatExceptionOfType(RuntimeException.class).isThrownBy(() -> JwtDecoders.fromIssuerLocation(this.issuer));
+		// @formatter:off
+		assertThatExceptionOfType(RuntimeException.class)
+				.isThrownBy(() -> JwtDecoders.fromIssuerLocation(this.issuer));
+		// @formatter:on
 	}
 
 	@Test
 	public void issuerWhenOAuth2ResponseIsMalformedThenThrowsRuntimeException() {
 		prepareConfigurationResponseOAuth2("malformed");
-		assertThatExceptionOfType(RuntimeException.class).isThrownBy(() -> JwtDecoders.fromIssuerLocation(this.issuer));
+		// @formatter:off
+		assertThatExceptionOfType(RuntimeException.class)
+				.isThrownBy(() -> JwtDecoders.fromIssuerLocation(this.issuer));
+		// @formatter:on
 	}
 
 	@Test
 	public void issuerWhenRespondingIssuerMismatchesRequestedIssuerThenThrowsIllegalStateException() {
 		prepareConfigurationResponse(String.format(DEFAULT_RESPONSE_TEMPLATE, this.issuer + "/wrong", this.issuer));
-		assertThatIllegalStateException().isThrownBy(() -> JwtDecoders.fromOidcIssuerLocation(this.issuer));
+		// @formatter:off
+		assertThatIllegalStateException()
+				.isThrownBy(() -> JwtDecoders.fromOidcIssuerLocation(this.issuer));
+		// @formatter:on
 	}
 
 	@Test
 	public void issuerWhenOidcFallbackRespondingIssuerMismatchesRequestedIssuerThenThrowsIllegalStateException() {
 		prepareConfigurationResponseOidc(String.format(DEFAULT_RESPONSE_TEMPLATE, this.issuer + "/wrong", this.issuer));
-		assertThatIllegalStateException().isThrownBy(() -> JwtDecoders.fromIssuerLocation(this.issuer));
+		// @formatter:off
+		assertThatIllegalStateException()
+				.isThrownBy(() -> JwtDecoders.fromIssuerLocation(this.issuer));
+		// @formatter:on
 	}
 
 	@Test
 	public void issuerWhenOAuth2RespondingIssuerMismatchesRequestedIssuerThenThrowsIllegalStateException() {
 		prepareConfigurationResponseOAuth2(
 				String.format(DEFAULT_RESPONSE_TEMPLATE, this.issuer + "/wrong", this.issuer));
-		assertThatIllegalStateException().isThrownBy(() -> JwtDecoders.fromIssuerLocation(this.issuer));
+		// @formatter:off
+		assertThatIllegalStateException()
+				.isThrownBy(() -> JwtDecoders.fromIssuerLocation(this.issuer));
+		// @formatter:on
 	}
 
 	@Test
 	public void issuerWhenRequestedIssuerIsUnresponsiveThenThrowsIllegalArgumentException() throws Exception {
 		this.server.shutdown();
-		assertThatIllegalArgumentException().isThrownBy(() -> JwtDecoders.fromOidcIssuerLocation("https://issuer"));
+		// @formatter:off
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> JwtDecoders.fromOidcIssuerLocation("https://issuer"));
+		// @formatter:on
 	}
 
 	@Test
 	public void issuerWhenOidcFallbackRequestedIssuerIsUnresponsiveThenThrowsIllegalArgumentException()
 			throws Exception {
 		this.server.shutdown();
-		assertThatIllegalArgumentException().isThrownBy(() -> JwtDecoders.fromIssuerLocation("https://issuer"));
+		// @formatter:off
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> JwtDecoders.fromIssuerLocation("https://issuer"));
+		// @formatter:on
 	}
 
 	private void prepareConfigurationResponse() {
@@ -272,8 +335,13 @@ public class JwtDecodersTests {
 		Dispatcher dispatcher = new Dispatcher() {
 			@Override
 			public MockResponse dispatch(RecordedRequest request) {
-				return Optional.of(request).map(RecordedRequest::getRequestUrl).map(HttpUrl::toString)
-						.map(responses::get).orElse(new MockResponse().setResponseCode(404));
+				// @formatter:off
+				return Optional.of(request)
+					.map(RecordedRequest::getRequestUrl)
+					.map(HttpUrl::toString)
+					.map(responses::get)
+					.orElse(new MockResponse().setResponseCode(404));
+				// @formatter:on
 			}
 		};
 		this.server.setDispatcher(dispatcher);
@@ -285,12 +353,20 @@ public class JwtDecodersTests {
 
 	private String oidc() {
 		URI uri = URI.create(this.issuer);
-		return UriComponentsBuilder.fromUri(uri).replacePath(uri.getPath() + OIDC_METADATA_PATH).toUriString();
+		// @formatter:off
+		return UriComponentsBuilder.fromUri(uri)
+				.replacePath(uri.getPath() + OIDC_METADATA_PATH)
+				.toUriString();
+		// @formatter:on
 	}
 
 	private String oauth() {
 		URI uri = URI.create(this.issuer);
-		return UriComponentsBuilder.fromUri(uri).replacePath(OAUTH_METADATA_PATH + uri.getPath()).toUriString();
+		// @formatter:off
+		return UriComponentsBuilder.fromUri(uri)
+				.replacePath(OAUTH_METADATA_PATH + uri.getPath())
+				.toUriString();
+		// @formatter:on
 	}
 
 	private String jwks() {
@@ -298,7 +374,11 @@ public class JwtDecodersTests {
 	}
 
 	private MockResponse response(String body) {
-		return new MockResponse().setBody(body).setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE);
+		// @formatter:off
+		return new MockResponse()
+				.setBody(body)
+				.setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE);
+		// @formatter:on
 	}
 
 	public String buildResponseWithMissingJwksUri() throws JsonMappingException, JsonProcessingException {
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtIssuerValidatorTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtIssuerValidatorTests.java
index 5127b086a6..547c851c2b 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtIssuerValidatorTests.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtIssuerValidatorTests.java
@@ -36,7 +36,10 @@ public class JwtIssuerValidatorTests {
 	@Test
 	public void validateWhenIssuerMatchesThenReturnsSuccess() {
 		Jwt jwt = TestJwts.jwt().claim("iss", ISSUER).build();
-		assertThat(this.validator.validate(jwt)).isEqualTo(OAuth2TokenValidatorResult.success());
+		// @formatter:off
+		assertThat(this.validator.validate(jwt))
+				.isEqualTo(OAuth2TokenValidatorResult.success());
+		// @formatter:on
 	}
 
 	@Test
@@ -58,17 +61,26 @@ public class JwtIssuerValidatorTests {
 	public void validateWhenIssuerMatchesAndIsNotAUriThenReturnsSuccess() {
 		Jwt jwt = TestJwts.jwt().claim(JwtClaimNames.ISS, "issuer").build();
 		JwtIssuerValidator validator = new JwtIssuerValidator("issuer");
-		assertThat(validator.validate(jwt)).isEqualTo(OAuth2TokenValidatorResult.success());
+		// @formatter:off
+		assertThat(validator.validate(jwt))
+				.isEqualTo(OAuth2TokenValidatorResult.success());
+		// @formatter:on
 	}
 
 	@Test
 	public void validateWhenJwtIsNullThenThrowsIllegalArgumentException() {
-		assertThatIllegalArgumentException().isThrownBy(() -> this.validator.validate(null));
+		// @formatter:off
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.validator.validate(null));
+		// @formatter:on
 	}
 
 	@Test
 	public void constructorWhenNullIssuerIsGivenThenThrowsIllegalArgumentException() {
-		assertThatIllegalArgumentException().isThrownBy(() -> new JwtIssuerValidator(null));
+		// @formatter:off
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new JwtIssuerValidator(null));
+		// @formatter:on
 	}
 
 }
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtTimestampValidatorTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtTimestampValidatorTests.java
index 7f17fb761b..4f1708e85d 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtTimestampValidatorTests.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtTimestampValidatorTests.java
@@ -57,7 +57,11 @@ public class JwtTimestampValidatorTests {
 		Jwt jwt = TestJwts.jwt().expiresAt(oneHourAgo).build();
 		JwtTimestampValidator jwtValidator = new JwtTimestampValidator();
 		Collection<OAuth2Error> details = jwtValidator.validate(jwt).getErrors();
-		Collection<String> messages = details.stream().map(OAuth2Error::getDescription).collect(Collectors.toList());
+		// @formatter:off
+		Collection<String> messages = details.stream()
+				.map(OAuth2Error::getDescription)
+				.collect(Collectors.toList());
+		// @formatter:on
 		assertThat(messages).contains("Jwt expired at " + oneHourAgo);
 	}
 
@@ -67,7 +71,11 @@ public class JwtTimestampValidatorTests {
 		Jwt jwt = TestJwts.jwt().notBefore(oneHourFromNow).build();
 		JwtTimestampValidator jwtValidator = new JwtTimestampValidator();
 		Collection<OAuth2Error> details = jwtValidator.validate(jwt).getErrors();
-		Collection<String> messages = details.stream().map(OAuth2Error::getDescription).collect(Collectors.toList());
+		// @formatter:off
+		Collection<String> messages = details.stream()
+				.map(OAuth2Error::getDescription)
+				.collect(Collectors.toList());
+		// @formatter:on
 		assertThat(messages).contains("Jwt used before " + oneHourFromNow);
 	}
 
@@ -84,13 +92,22 @@ public class JwtTimestampValidatorTests {
 		assertThat(jwtValidator.validate(jwt).hasErrors()).isFalse();
 		jwt = TestJwts.jwt().expiresAt(justOverOneDayAgo).build();
 		OAuth2TokenValidatorResult result = jwtValidator.validate(jwt);
-		Collection<String> messages = result.getErrors().stream().map(OAuth2Error::getDescription)
+		// @formatter:off
+		Collection<String> messages = result.getErrors()
+				.stream()
+				.map(OAuth2Error::getDescription)
 				.collect(Collectors.toList());
+		// @formatter:on
 		assertThat(result.hasErrors()).isTrue();
 		assertThat(messages).contains("Jwt expired at " + justOverOneDayAgo);
 		jwt = TestJwts.jwt().notBefore(justOverOneDayFromNow).build();
 		result = jwtValidator.validate(jwt);
-		messages = result.getErrors().stream().map(OAuth2Error::getDescription).collect(Collectors.toList());
+		// @formatter:off
+		messages = result.getErrors()
+				.stream()
+				.map(OAuth2Error::getDescription)
+				.collect(Collectors.toList());
+		// @formatter:on
 		assertThat(result.hasErrors()).isTrue();
 		assertThat(messages).contains("Jwt used before " + justOverOneDayFromNow);
 	}
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderJwkSupportTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderJwkSupportTests.java
index 26d7c5f9c9..28f407ded2 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderJwkSupportTests.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderJwkSupportTests.java
@@ -111,8 +111,11 @@ public class NimbusJwtDecoderJwkSupportTests {
 	// gh-5457
 	@Test
 	public void decodeWhenPlainJwtThenExceptionDoesNotMentionClass() {
-		assertThatExceptionOfType(JwtException.class).isThrownBy(() -> this.jwtDecoder.decode(UNSIGNED_JWT))
+		// @formatter:off
+		assertThatExceptionOfType(JwtException.class)
+				.isThrownBy(() -> this.jwtDecoder.decode(UNSIGNED_JWT))
 				.withMessageContaining("Unsupported algorithm of none");
+		// @formatter:on
 	}
 
 	@Test
@@ -121,8 +124,11 @@ public class NimbusJwtDecoderJwkSupportTests {
 			server.enqueue(new MockResponse().setBody(JWK_SET));
 			String jwkSetUrl = server.url("/.well-known/jwks.json").toString();
 			NimbusJwtDecoderJwkSupport jwtDecoder = new NimbusJwtDecoderJwkSupport(jwkSetUrl);
-			assertThatExceptionOfType(JwtException.class).isThrownBy(() -> jwtDecoder.decode(MALFORMED_JWT))
+			// @formatter:off
+			assertThatExceptionOfType(JwtException.class)
+					.isThrownBy(() -> jwtDecoder.decode(MALFORMED_JWT))
 					.withMessage("An error occurred while attempting to decode the Jwt: Malformed payload");
+			// @formatter:on
 			server.shutdown();
 		}
 	}
@@ -133,8 +139,11 @@ public class NimbusJwtDecoderJwkSupportTests {
 			server.enqueue(new MockResponse().setBody(MALFORMED_JWK_SET));
 			String jwkSetUrl = server.url("/.well-known/jwks.json").toString();
 			NimbusJwtDecoderJwkSupport jwtDecoder = new NimbusJwtDecoderJwkSupport(jwkSetUrl);
-			assertThatExceptionOfType(JwtException.class).isThrownBy(() -> jwtDecoder.decode(SIGNED_JWT))
+			// @formatter:off
+			assertThatExceptionOfType(JwtException.class)
+					.isThrownBy(() -> jwtDecoder.decode(SIGNED_JWT))
 					.withMessage("An error occurred while attempting to decode the Jwt: Malformed Jwk set");
+			// @formatter:on
 			server.shutdown();
 		}
 	}
@@ -145,8 +154,11 @@ public class NimbusJwtDecoderJwkSupportTests {
 			server.enqueue(new MockResponse().setBody(MALFORMED_JWK_SET));
 			String jwkSetUrl = server.url("/.well-known/jwks.json").toString();
 			NimbusJwtDecoderJwkSupport jwtDecoder = new NimbusJwtDecoderJwkSupport(jwkSetUrl);
-			assertThatExceptionOfType(JwtException.class).isThrownBy(() -> jwtDecoder.decode(SIGNED_JWT))
+			// @formatter:off
+			assertThatExceptionOfType(JwtException.class)
+					.isThrownBy(() -> jwtDecoder.decode(SIGNED_JWT))
 					.withMessageContaining("An error occurred while attempting to decode the Jwt");
+			// @formatter:on
 			server.shutdown();
 		}
 	}
@@ -176,8 +188,11 @@ public class NimbusJwtDecoderJwkSupportTests {
 			OAuth2TokenValidator<Jwt> jwtValidator = mock(OAuth2TokenValidator.class);
 			given(jwtValidator.validate(any(Jwt.class))).willReturn(OAuth2TokenValidatorResult.failure(failure));
 			decoder.setJwtValidator(jwtValidator);
-			assertThatExceptionOfType(JwtValidationException.class).isThrownBy(() -> decoder.decode(SIGNED_JWT))
+			// @formatter:off
+			assertThatExceptionOfType(JwtValidationException.class)
+					.isThrownBy(() -> decoder.decode(SIGNED_JWT))
 					.withMessageContaining("mock-description");
+			// @formatter:on
 		}
 	}
 
@@ -193,9 +208,14 @@ public class NimbusJwtDecoderJwkSupportTests {
 			OAuth2TokenValidator<Jwt> jwtValidator = mock(OAuth2TokenValidator.class);
 			given(jwtValidator.validate(any(Jwt.class))).willReturn(result);
 			decoder.setJwtValidator(jwtValidator);
-			assertThatExceptionOfType(JwtValidationException.class).isThrownBy(() -> decoder.decode(SIGNED_JWT))
-					.withMessageContaining("mock-description").satisfies((ex) -> assertThat(ex)
-							.hasFieldOrPropertyWithValue("errors", Arrays.asList(firstFailure, secondFailure)));
+			// @formatter:off
+			assertThatExceptionOfType(JwtValidationException.class)
+					.isThrownBy(() -> decoder.decode(SIGNED_JWT))
+					.withMessageContaining("mock-description")
+					.satisfies((ex) -> assertThat(ex)
+							.hasFieldOrPropertyWithValue("errors", Arrays.asList(firstFailure, secondFailure))
+					);
+			// @formatter:on
 		}
 	}
 
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderTests.java
index 2c2154e997..5795786265 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderTests.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderTests.java
@@ -75,9 +75,7 @@ import org.springframework.security.oauth2.jose.jws.SignatureAlgorithm;
 import org.springframework.web.client.RestClientException;
 import org.springframework.web.client.RestOperations;
 
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
-import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
+import static org.assertj.core.api.Assertions.*;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.BDDMockito.given;
@@ -128,22 +126,34 @@ public class NimbusJwtDecoderTests {
 
 	@Test
 	public void constructorWhenJwtProcessorIsNullThenThrowIllegalArgumentException() {
-		assertThatIllegalArgumentException().isThrownBy(() -> new NimbusJwtDecoder(null));
+		// @formatter:off
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new NimbusJwtDecoder(null));
+		// @formatter:on
 	}
 
 	@Test
 	public void setClaimSetConverterWhenIsNullThenThrowsIllegalArgumentException() {
-		assertThatIllegalArgumentException().isThrownBy(() -> this.jwtDecoder.setClaimSetConverter(null));
+		// @formatter:off
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.jwtDecoder.setClaimSetConverter(null));
+		// @formatter:on
 	}
 
 	@Test
 	public void setJwtValidatorWhenNullThenThrowIllegalArgumentException() {
-		assertThatIllegalArgumentException().isThrownBy(() -> this.jwtDecoder.setJwtValidator(null));
+		// @formatter:off
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.jwtDecoder.setJwtValidator(null));
+		// @formatter:on
 	}
 
 	@Test
 	public void decodeWhenJwtInvalidThenThrowJwtException() {
-		assertThatExceptionOfType(JwtException.class).isThrownBy(() -> this.jwtDecoder.decode("invalid"));
+		// @formatter:off
+		assertThatExceptionOfType(JwtException.class)
+				.isThrownBy(() -> this.jwtDecoder.decode("invalid"));
+		// @formatter:on
 	}
 
 	// gh-5168
@@ -160,14 +170,20 @@ public class NimbusJwtDecoderTests {
 	// gh-5457
 	@Test
 	public void decodeWhenPlainJwtThenExceptionDoesNotMentionClass() {
-		assertThatExceptionOfType(BadJwtException.class).isThrownBy(() -> this.jwtDecoder.decode(UNSIGNED_JWT))
+		// @formatter:off
+		assertThatExceptionOfType(BadJwtException.class)
+				.isThrownBy(() -> this.jwtDecoder.decode(UNSIGNED_JWT))
 				.withMessageContaining("Unsupported algorithm of none");
+		// @formatter:on
 	}
 
 	@Test
 	public void decodeWhenJwtIsMalformedThenReturnsStockException() {
-		assertThatExceptionOfType(BadJwtException.class).isThrownBy(() -> this.jwtDecoder.decode(MALFORMED_JWT))
+		// @formatter:off
+		assertThatExceptionOfType(BadJwtException.class)
+				.isThrownBy(() -> this.jwtDecoder.decode(MALFORMED_JWT))
 				.withMessage("An error occurred while attempting to decode the Jwt: Malformed payload");
+		// @formatter:on
 	}
 
 	@Test
@@ -176,8 +192,11 @@ public class NimbusJwtDecoderTests {
 		OAuth2TokenValidator<Jwt> jwtValidator = mock(OAuth2TokenValidator.class);
 		given(jwtValidator.validate(any(Jwt.class))).willReturn(OAuth2TokenValidatorResult.failure(failure));
 		this.jwtDecoder.setJwtValidator(jwtValidator);
-		assertThatExceptionOfType(JwtValidationException.class).isThrownBy(() -> this.jwtDecoder.decode(SIGNED_JWT))
+		// @formatter:off
+		assertThatExceptionOfType(JwtValidationException.class)
+				.isThrownBy(() -> this.jwtDecoder.decode(SIGNED_JWT))
 				.withMessageContaining("mock-description");
+		// @formatter:on
 	}
 
 	@Test
@@ -188,9 +207,14 @@ public class NimbusJwtDecoderTests {
 		OAuth2TokenValidator<Jwt> jwtValidator = mock(OAuth2TokenValidator.class);
 		given(jwtValidator.validate(any(Jwt.class))).willReturn(result);
 		this.jwtDecoder.setJwtValidator(jwtValidator);
-		assertThatExceptionOfType(JwtValidationException.class).isThrownBy(() -> this.jwtDecoder.decode(SIGNED_JWT))
-				.withMessageContaining("mock-description").satisfies((ex) -> assertThat(ex)
-						.hasFieldOrPropertyWithValue("errors", Arrays.asList(firstFailure, secondFailure)));
+		// @formatter:off
+		assertThatExceptionOfType(JwtValidationException.class)
+				.isThrownBy(() -> this.jwtDecoder.decode(SIGNED_JWT))
+				.withMessageContaining("mock-description")
+				.satisfies((ex) -> assertThat(ex)
+						.hasFieldOrPropertyWithValue("errors", Arrays.asList(firstFailure, secondFailure))
+				);
+		// @formatter:on
 	}
 
 	@Test
@@ -202,8 +226,11 @@ public class NimbusJwtDecoderTests {
 		OAuth2Error error2 = new OAuth2Error("mock-error-second", "mock-description-second", "mock-uri-second");
 		OAuth2TokenValidatorResult result = OAuth2TokenValidatorResult.failure(errorEmpty, error, error2);
 		given(jwtValidator.validate(any(Jwt.class))).willReturn(result);
-		Assertions.assertThatExceptionOfType(JwtValidationException.class)
-				.isThrownBy(() -> this.jwtDecoder.decode(SIGNED_JWT)).withMessageContaining("mock-description");
+		// @formatter:off
+		assertThatExceptionOfType(JwtValidationException.class)
+				.isThrownBy(() -> this.jwtDecoder.decode(SIGNED_JWT))
+				.withMessageContaining("mock-description");
+		// @formatter:on
 	}
 
 	@Test
@@ -222,7 +249,10 @@ public class NimbusJwtDecoderTests {
 		Converter<Map<String, Object>, Map<String, Object>> claimSetConverter = mock(Converter.class);
 		this.jwtDecoder.setClaimSetConverter(claimSetConverter);
 		given(claimSetConverter.convert(any(Map.class))).willThrow(new IllegalArgumentException("bad conversion"));
-		assertThatExceptionOfType(BadJwtException.class).isThrownBy(() -> this.jwtDecoder.decode(SIGNED_JWT));
+		// @formatter:off
+		assertThatExceptionOfType(BadJwtException.class)
+				.isThrownBy(() -> this.jwtDecoder.decode(SIGNED_JWT));
+		// @formatter:on
 	}
 
 	@Test
@@ -235,9 +265,12 @@ public class NimbusJwtDecoderTests {
 	@Test
 	public void decodeWhenJwkResponseIsMalformedThenReturnsStockException() {
 		NimbusJwtDecoder jwtDecoder = new NimbusJwtDecoder(withSigning(MALFORMED_JWK_SET));
-		assertThatExceptionOfType(JwtException.class).isThrownBy(() -> jwtDecoder.decode(SIGNED_JWT))
+		// @formatter:off
+		assertThatExceptionOfType(JwtException.class)
+				.isThrownBy(() -> jwtDecoder.decode(SIGNED_JWT))
 				.isNotInstanceOf(BadJwtException.class)
 				.withMessage("An error occurred while attempting to decode the Jwt: Malformed Jwk set");
+		// @formatter:on
 	}
 
 	@Test
@@ -246,9 +279,12 @@ public class NimbusJwtDecoderTests {
 			String jwkSetUri = server.url("/.well-known/jwks.json").toString();
 			NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder.withJwkSetUri(jwkSetUri).build();
 			server.shutdown();
-			assertThatExceptionOfType(JwtException.class).isThrownBy(() -> jwtDecoder.decode(SIGNED_JWT))
+			// @formatter:off
+			assertThatExceptionOfType(JwtException.class)
+					.isThrownBy(() -> jwtDecoder.decode(SIGNED_JWT))
 					.isNotInstanceOf(BadJwtException.class)
 					.withMessageContaining("An error occurred while attempting to decode the Jwt");
+			// @formatter:on
 		}
 	}
 
@@ -259,58 +295,89 @@ public class NimbusJwtDecoderTests {
 			String jwkSetUri = server.url("/.well-known/jwks.json").toString();
 			NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder.withJwkSetUri(jwkSetUri).cache(cache).build();
 			server.shutdown();
-			assertThatExceptionOfType(JwtException.class).isThrownBy(() -> jwtDecoder.decode(SIGNED_JWT))
+			// @formatter:off
+			assertThatExceptionOfType(JwtException.class)
+					.isThrownBy(() -> jwtDecoder.decode(SIGNED_JWT))
 					.isNotInstanceOf(BadJwtException.class)
 					.withMessageContaining("An error occurred while attempting to decode the Jwt");
+			// @formatter:on
 		}
 	}
 
 	@Test
 	public void withJwkSetUriWhenNullOrEmptyThenThrowsException() {
-		assertThatIllegalArgumentException().isThrownBy(() -> NimbusJwtDecoder.withJwkSetUri(null));
+		// @formatter:off
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> NimbusJwtDecoder.withJwkSetUri(null));
+		// @formatter:on
 	}
 
 	@Test
 	public void jwsAlgorithmWhenNullThenThrowsException() {
 		NimbusJwtDecoder.JwkSetUriJwtDecoderBuilder builder = NimbusJwtDecoder.withJwkSetUri(JWK_SET_URI);
-		assertThatIllegalArgumentException().isThrownBy(() -> builder.jwsAlgorithm(null));
+		// @formatter:off
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> builder.jwsAlgorithm(null));
+		// @formatter:on
 	}
 
 	@Test
 	public void restOperationsWhenNullThenThrowsException() {
 		NimbusJwtDecoder.JwkSetUriJwtDecoderBuilder builder = NimbusJwtDecoder.withJwkSetUri(JWK_SET_URI);
-		assertThatIllegalArgumentException().isThrownBy(() -> builder.restOperations(null));
+		// @formatter:off
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> builder.restOperations(null));
+		// @formatter:on
 	}
 
 	@Test
 	public void cacheWhenNullThenThrowsException() {
 		NimbusJwtDecoder.JwkSetUriJwtDecoderBuilder builder = NimbusJwtDecoder.withJwkSetUri(JWK_SET_URI);
-		assertThatIllegalArgumentException().isThrownBy(() -> builder.cache(null));
+		// @formatter:off
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> builder.cache(null));
+		// @formatter:on
 	}
 
 	@Test
 	public void withPublicKeyWhenNullThenThrowsException() {
-		assertThatIllegalArgumentException().isThrownBy(() -> NimbusJwtDecoder.withPublicKey(null));
+		// @formatter:off
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> NimbusJwtDecoder.withPublicKey(null));
+		// @formatter:on
 	}
 
 	@Test
 	public void buildWhenSignatureAlgorithmMismatchesKeyTypeThenThrowsException() {
-		Assertions.assertThatCode(
-				() -> NimbusJwtDecoder.withPublicKey(key()).signatureAlgorithm(SignatureAlgorithm.ES256).build())
-				.isInstanceOf(IllegalStateException.class);
+		// @formatter:off
+		assertThatIllegalStateException()
+				.isThrownBy(() -> NimbusJwtDecoder.withPublicKey(key())
+						.signatureAlgorithm(SignatureAlgorithm.ES256)
+						.build()
+				);
+		// @formatter:on
 	}
 
 	@Test
 	public void decodeWhenUsingPublicKeyThenSuccessfullyDecodes() throws Exception {
 		NimbusJwtDecoder decoder = NimbusJwtDecoder.withPublicKey(key()).build();
-		assertThat(decoder.decode(RS256_SIGNED_JWT)).extracting(Jwt::getSubject).isEqualTo("test-subject");
+		// @formatter:off
+		assertThat(decoder.decode(RS256_SIGNED_JWT))
+				.extracting(Jwt::getSubject)
+				.isEqualTo("test-subject");
+		// @formatter:on
 	}
 
 	@Test
 	public void decodeWhenUsingPublicKeyWithRs512ThenSuccessfullyDecodes() throws Exception {
-		NimbusJwtDecoder decoder = NimbusJwtDecoder.withPublicKey(key()).signatureAlgorithm(SignatureAlgorithm.RS512)
+		// @formatter:off
+		NimbusJwtDecoder decoder = NimbusJwtDecoder.withPublicKey(key())
+				.signatureAlgorithm(SignatureAlgorithm.RS512)
 				.build();
-		assertThat(decoder.decode(RS512_SIGNED_JWT)).extracting(Jwt::getSubject).isEqualTo("test-subject");
+		assertThat(decoder.decode(RS512_SIGNED_JWT))
+				.extracting(Jwt::getSubject)
+				.isEqualTo("test-subject");
+		// @formatter:on
 	}
 
 	// gh-7049
@@ -318,20 +385,35 @@ public class NimbusJwtDecoderTests {
 	public void decodeWhenUsingPublicKeyWithKidThenStillUsesKey() throws Exception {
 		RSAPublicKey publicKey = TestKeys.DEFAULT_PUBLIC_KEY;
 		RSAPrivateKey privateKey = TestKeys.DEFAULT_PRIVATE_KEY;
-		JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.RS256).keyID("one").build();
-		JWTClaimsSet claimsSet = new JWTClaimsSet.Builder().subject("test-subject")
-				.expirationTime(Date.from(Instant.now().plusSeconds(60))).build();
+		// @formatter:off
+		JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.RS256)
+				.keyID("one")
+				.build();
+		JWTClaimsSet claimsSet = new JWTClaimsSet.Builder()
+				.subject("test-subject")
+				.expirationTime(Date.from(Instant.now().plusSeconds(60)))
+				.build();
+		// @formatter:on
 		SignedJWT signedJwt = signedJwt(privateKey, header, claimsSet);
-		NimbusJwtDecoder decoder = NimbusJwtDecoder.withPublicKey(publicKey)
-				.signatureAlgorithm(SignatureAlgorithm.RS256).build();
-		assertThat(decoder.decode(signedJwt.serialize())).extracting(Jwt::getSubject).isEqualTo("test-subject");
+		// @formatter:off
+		NimbusJwtDecoder decoder = NimbusJwtDecoder
+				.withPublicKey(publicKey)
+				.signatureAlgorithm(SignatureAlgorithm.RS256)
+				.build();
+		assertThat(decoder.decode(signedJwt.serialize()))
+				.extracting(Jwt::getSubject)
+				.isEqualTo("test-subject");
+		// @formatter:on
 	}
 
 	@Test
 	public void decodeWhenSignatureMismatchesAlgorithmThenThrowsException() throws Exception {
 		NimbusJwtDecoder decoder = NimbusJwtDecoder.withPublicKey(key()).signatureAlgorithm(SignatureAlgorithm.RS512)
 				.build();
-		assertThatExceptionOfType(BadJwtException.class).isThrownBy(() -> decoder.decode(RS256_SIGNED_JWT));
+		// @formatter:off
+		assertThatExceptionOfType(BadJwtException.class)
+				.isThrownBy(() -> decoder.decode(RS256_SIGNED_JWT));
+		// @formatter:on
 	}
 
 	// gh-8730
@@ -343,91 +425,143 @@ public class NimbusJwtDecoderTests {
 		JWTClaimsSet claimsSet = new JWTClaimsSet.Builder().expirationTime(Date.from(Instant.now().plusSeconds(60)))
 				.build();
 		SignedJWT signedJwt = signedJwt(privateKey, header, claimsSet);
+		// @formatter:off
 		NimbusJwtDecoder decoder = NimbusJwtDecoder.withPublicKey(publicKey)
 				.signatureAlgorithm(SignatureAlgorithm.RS256)
-				.jwtProcessorCustomizer(
-						(p) -> p.setJWSTypeVerifier(new DefaultJOSEObjectTypeVerifier<>(new JOSEObjectType("JWS"))))
+				.jwtProcessorCustomizer((p) -> p
+						.setJWSTypeVerifier(new DefaultJOSEObjectTypeVerifier<>(new JOSEObjectType("JWS")))
+				)
 				.build();
+		// @formatter:on
 		assertThat(decoder.decode(signedJwt.serialize()).containsClaim(JwtClaimNames.EXP)).isNotNull();
 	}
 
 	@Test
 	public void withPublicKeyWhenJwtProcessorCustomizerNullThenThrowsIllegalArgumentException() {
+		// @formatter:off
 		assertThatIllegalArgumentException()
 				.isThrownBy(() -> NimbusJwtDecoder.withPublicKey(key()).jwtProcessorCustomizer(null))
 				.withMessage("jwtProcessorCustomizer cannot be null");
+		// @formatter:on
 	}
 
 	@Test
 	public void withSecretKeyWhenNullThenThrowsIllegalArgumentException() {
-		assertThatIllegalArgumentException().isThrownBy(() -> NimbusJwtDecoder.withSecretKey(null))
+		// @formatter:off
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> NimbusJwtDecoder.withSecretKey(null))
 				.withMessage("secretKey cannot be null");
+		// @formatter:on
 	}
 
 	@Test
 	public void withSecretKeyWhenMacAlgorithmNullThenThrowsIllegalArgumentException() {
 		SecretKey secretKey = TestKeys.DEFAULT_SECRET_KEY;
+		// @formatter:off
 		assertThatIllegalArgumentException()
 				.isThrownBy(() -> NimbusJwtDecoder.withSecretKey(secretKey).macAlgorithm(null))
 				.withMessage("macAlgorithm cannot be null");
+		// @formatter:on
 	}
 
 	@Test
 	public void decodeWhenUsingSecretKeyThenSuccessfullyDecodes() throws Exception {
 		SecretKey secretKey = TestKeys.DEFAULT_SECRET_KEY;
 		MacAlgorithm macAlgorithm = MacAlgorithm.HS256;
-		JWTClaimsSet claimsSet = new JWTClaimsSet.Builder().subject("test-subject")
-				.expirationTime(Date.from(Instant.now().plusSeconds(60))).build();
+		// @formatter:off
+		JWTClaimsSet claimsSet = new JWTClaimsSet.Builder()
+				.subject("test-subject")
+				.expirationTime(Date.from(Instant.now().plusSeconds(60)))
+				.build();
+		// @formatter:on
 		SignedJWT signedJWT = signedJwt(secretKey, macAlgorithm, claimsSet);
-		NimbusJwtDecoder decoder = NimbusJwtDecoder.withSecretKey(secretKey).macAlgorithm(macAlgorithm).build();
-		assertThat(decoder.decode(signedJWT.serialize())).extracting(Jwt::getSubject).isEqualTo("test-subject");
+		// @formatter:off
+		NimbusJwtDecoder decoder = NimbusJwtDecoder.withSecretKey(secretKey)
+				.macAlgorithm(macAlgorithm)
+				.build();
+		assertThat(decoder.decode(signedJWT.serialize()))
+				.extracting(Jwt::getSubject)
+				.isEqualTo("test-subject");
+		// @formatter:on
 	}
 
 	@Test
 	public void decodeWhenUsingSecretKeyAndIncorrectAlgorithmThenThrowsJwtException() throws Exception {
 		SecretKey secretKey = TestKeys.DEFAULT_SECRET_KEY;
 		MacAlgorithm macAlgorithm = MacAlgorithm.HS256;
-		JWTClaimsSet claimsSet = new JWTClaimsSet.Builder().subject("test-subject")
-				.expirationTime(Date.from(Instant.now().plusSeconds(60))).build();
+		// @formatter:off
+		JWTClaimsSet claimsSet = new JWTClaimsSet.Builder()
+				.subject("test-subject")
+				.expirationTime(Date.from(Instant.now().plusSeconds(60)))
+				.build();
+		// @formatter:on
 		SignedJWT signedJWT = signedJwt(secretKey, macAlgorithm, claimsSet);
-		NimbusJwtDecoder decoder = NimbusJwtDecoder.withSecretKey(secretKey).macAlgorithm(MacAlgorithm.HS512).build();
-		assertThatExceptionOfType(BadJwtException.class).isThrownBy(() -> decoder.decode(signedJWT.serialize()))
+		// @formatter:off
+		NimbusJwtDecoder decoder = NimbusJwtDecoder.withSecretKey(secretKey)
+				.macAlgorithm(MacAlgorithm.HS512)
+				.build();
+		assertThatExceptionOfType(BadJwtException.class)
+				.isThrownBy(() -> decoder.decode(signedJWT.serialize()))
 				.withMessageContaining("Unsupported algorithm of HS256");
+		// @formatter:on
 	}
 
 	// gh-7056
 	@Test
 	public void decodeWhenUsingSecertKeyWithKidThenStillUsesKey() throws Exception {
 		SecretKey secretKey = TestKeys.DEFAULT_SECRET_KEY;
-		JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.HS256).keyID("one").build();
-		JWTClaimsSet claimsSet = new JWTClaimsSet.Builder().subject("test-subject")
-				.expirationTime(Date.from(Instant.now().plusSeconds(60))).build();
+		// @formatter:off
+		JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.HS256)
+				.keyID("one")
+				.build();
+		JWTClaimsSet claimsSet = new JWTClaimsSet.Builder()
+				.subject("test-subject")
+				.expirationTime(Date.from(Instant.now().plusSeconds(60)))
+				.build();
+		// @formatter:on
 		SignedJWT signedJwt = signedJwt(secretKey, header, claimsSet);
-		NimbusJwtDecoder decoder = NimbusJwtDecoder.withSecretKey(secretKey).macAlgorithm(MacAlgorithm.HS256).build();
-		assertThat(decoder.decode(signedJwt.serialize())).extracting(Jwt::getSubject).isEqualTo("test-subject");
+		// @formatter:off
+		NimbusJwtDecoder decoder = NimbusJwtDecoder.withSecretKey(secretKey)
+				.macAlgorithm(MacAlgorithm.HS256)
+				.build();
+		assertThat(decoder.decode(signedJwt.serialize()))
+				.extracting(Jwt::getSubject)
+				.isEqualTo("test-subject");
+		// @formatter:on
 	}
 
 	// gh-8730
 	@Test
 	public void withSecretKeyWhenUsingCustomTypeHeaderThenSuccessfullyDecodes() throws Exception {
 		SecretKey secretKey = TestKeys.DEFAULT_SECRET_KEY;
-		JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.HS256).type(new JOSEObjectType("JWS")).build();
-		JWTClaimsSet claimsSet = new JWTClaimsSet.Builder().expirationTime(Date.from(Instant.now().plusSeconds(60)))
+		// @formatter:off
+		JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.HS256)
+				.type(new JOSEObjectType("JWS"))
 				.build();
+		JWTClaimsSet claimsSet = new JWTClaimsSet.Builder()
+				.expirationTime(Date.from(Instant.now().plusSeconds(60)))
+				.build();
+		// @formatter:on
 		SignedJWT signedJwt = signedJwt(secretKey, header, claimsSet);
-		NimbusJwtDecoder decoder = NimbusJwtDecoder.withSecretKey(secretKey).macAlgorithm(MacAlgorithm.HS256)
-				.jwtProcessorCustomizer(
-						(p) -> p.setJWSTypeVerifier(new DefaultJOSEObjectTypeVerifier<>(new JOSEObjectType("JWS"))))
+		// @formatter:off
+		NimbusJwtDecoder decoder = NimbusJwtDecoder.withSecretKey(secretKey)
+				.macAlgorithm(MacAlgorithm.HS256)
+				.jwtProcessorCustomizer((p) -> p
+						.setJWSTypeVerifier(new DefaultJOSEObjectTypeVerifier<>(new JOSEObjectType("JWS")))
+				)
 				.build();
+		// @formatter:on
 		assertThat(decoder.decode(signedJwt.serialize()).containsClaim(JwtClaimNames.EXP)).isNotNull();
 	}
 
 	@Test
 	public void withSecretKeyWhenJwtProcessorCustomizerNullThenThrowsIllegalArgumentException() {
 		SecretKey secretKey = TestKeys.DEFAULT_SECRET_KEY;
+		// @formatter:off
 		assertThatIllegalArgumentException()
 				.isThrownBy(() -> NimbusJwtDecoder.withSecretKey(secretKey).jwtProcessorCustomizer(null))
 				.withMessage("jwtProcessorCustomizer cannot be null");
+		// @formatter:on
 	}
 
 	@Test
@@ -443,8 +577,11 @@ public class NimbusJwtDecoderTests {
 	@Test
 	public void jwsKeySelectorWhenOneAlgorithmThenReturnsSingleSelector() {
 		JWKSource<SecurityContext> jwkSource = mock(JWKSource.class);
+		// @formatter:off
 		JWSKeySelector<SecurityContext> jwsKeySelector = NimbusJwtDecoder.withJwkSetUri(JWK_SET_URI)
-				.jwsAlgorithm(SignatureAlgorithm.RS512).jwsKeySelector(jwkSource);
+				.jwsAlgorithm(SignatureAlgorithm.RS512)
+				.jwsKeySelector(jwkSource);
+		// @formatter:on
 		assertThat(jwsKeySelector instanceof JWSVerificationKeySelector);
 		JWSVerificationKeySelector<?> jwsVerificationKeySelector = (JWSVerificationKeySelector<?>) jwsKeySelector;
 		assertThat(jwsVerificationKeySelector.isAllowed(JWSAlgorithm.RS512)).isTrue();
@@ -453,9 +590,12 @@ public class NimbusJwtDecoderTests {
 	@Test
 	public void jwsKeySelectorWhenMultipleAlgorithmThenReturnsCompositeSelector() {
 		JWKSource<SecurityContext> jwkSource = mock(JWKSource.class);
+		// @formatter:off
 		JWSKeySelector<SecurityContext> jwsKeySelector = NimbusJwtDecoder.withJwkSetUri(JWK_SET_URI)
-				.jwsAlgorithm(SignatureAlgorithm.RS256).jwsAlgorithm(SignatureAlgorithm.RS512)
+				.jwsAlgorithm(SignatureAlgorithm.RS256)
+				.jwsAlgorithm(SignatureAlgorithm.RS512)
 				.jwsKeySelector(jwkSource);
+		// @formatter:on
 		assertThat(jwsKeySelector instanceof JWSVerificationKeySelector);
 		JWSVerificationKeySelector<?> jwsAlgorithmMapKeySelector = (JWSVerificationKeySelector<?>) jwsKeySelector;
 		assertThat(jwsAlgorithmMapKeySelector.isAllowed(JWSAlgorithm.RS256)).isTrue();
@@ -468,8 +608,11 @@ public class NimbusJwtDecoderTests {
 		RestOperations restOperations = mock(RestOperations.class);
 		given(restOperations.exchange(any(RequestEntity.class), eq(String.class)))
 				.willReturn(new ResponseEntity<>(JWK_SET, HttpStatus.OK));
+		// @formatter:off
 		JWTProcessor<SecurityContext> processor = NimbusJwtDecoder.withJwkSetUri(JWK_SET_URI)
-				.restOperations(restOperations).processor();
+				.restOperations(restOperations)
+				.processor();
+		// @formatter:on
 		NimbusJwtDecoder jwtDecoder = new NimbusJwtDecoder(processor);
 		jwtDecoder.decode(SIGNED_JWT);
 		ArgumentCaptor<RequestEntity> requestEntityCaptor = ArgumentCaptor.forClass(RequestEntity.class);
@@ -484,8 +627,12 @@ public class NimbusJwtDecoderTests {
 		RestOperations restOperations = mock(RestOperations.class);
 		given(restOperations.exchange(any(RequestEntity.class), eq(String.class)))
 				.willReturn(new ResponseEntity<>(JWK_SET, HttpStatus.OK));
-		NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder.withJwkSetUri(JWK_SET_URI).restOperations(restOperations)
-				.cache(cache).build();
+		// @formatter:off
+		NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder.withJwkSetUri(JWK_SET_URI)
+				.restOperations(restOperations)
+				.cache(cache)
+				.build();
+		// @formatter:on
 		jwtDecoder.decode(SIGNED_JWT);
 		assertThat(cache.get(JWK_SET_URI, String.class)).isEqualTo(JWK_SET);
 		ArgumentCaptor<RequestEntity> requestEntityCaptor = ArgumentCaptor.forClass(RequestEntity.class);
@@ -500,8 +647,12 @@ public class NimbusJwtDecoderTests {
 		RestOperations restOperations = mock(RestOperations.class);
 		Cache cache = mock(Cache.class);
 		given(cache.get(eq(JWK_SET_URI), any(Callable.class))).willReturn(JWK_SET);
-		NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder.withJwkSetUri(JWK_SET_URI).cache(cache)
-				.restOperations(restOperations).build();
+		// @formatter:off
+		NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder.withJwkSetUri(JWK_SET_URI)
+				.cache(cache)
+				.restOperations(restOperations)
+				.build();
+		// @formatter:on
 		jwtDecoder.decode(SIGNED_JWT);
 		verify(cache).get(eq(JWK_SET_URI), any(Callable.class));
 		verifyNoMoreInteractions(cache);
@@ -514,11 +665,16 @@ public class NimbusJwtDecoderTests {
 		RestOperations restOperations = mock(RestOperations.class);
 		given(restOperations.exchange(any(RequestEntity.class), eq(String.class)))
 				.willThrow(new RestClientException("Cannot retrieve JWK Set"));
-		NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder.withJwkSetUri(JWK_SET_URI).restOperations(restOperations)
-				.cache(cache).build();
-		assertThatExceptionOfType(JwtException.class).isThrownBy(() -> jwtDecoder.decode(SIGNED_JWT))
+		// @formatter:off
+		NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder.withJwkSetUri(JWK_SET_URI)
+				.restOperations(restOperations)
+				.cache(cache)
+				.build();
+		assertThatExceptionOfType(JwtException.class)
+				.isThrownBy(() -> jwtDecoder.decode(SIGNED_JWT))
 				.isNotInstanceOf(BadJwtException.class)
 				.withMessageContaining("An error occurred while attempting to decode the Jwt");
+		// @formatter:on
 	}
 
 	// gh-8730
@@ -527,20 +683,27 @@ public class NimbusJwtDecoderTests {
 		RestOperations restOperations = mock(RestOperations.class);
 		given(restOperations.exchange(any(RequestEntity.class), eq(String.class)))
 				.willReturn(new ResponseEntity<>(JWK_SET, HttpStatus.OK));
-		NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder.withJwkSetUri(JWK_SET_URI).restOperations(restOperations)
-				.jwtProcessorCustomizer(
-						(p) -> p.setJWSTypeVerifier(new DefaultJOSEObjectTypeVerifier<>(new JOSEObjectType("JWS"))))
+		// @formatter:off
+		NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder.withJwkSetUri(JWK_SET_URI)
+				.restOperations(restOperations)
+				.jwtProcessorCustomizer((p) -> p
+						.setJWSTypeVerifier(new DefaultJOSEObjectTypeVerifier<>(new JOSEObjectType("JWS")))
+				)
 				.build();
-		assertThatExceptionOfType(BadJwtException.class).isThrownBy(() -> jwtDecoder.decode(SIGNED_JWT))
+		assertThatExceptionOfType(BadJwtException.class)
+				.isThrownBy(() -> jwtDecoder.decode(SIGNED_JWT))
 				.withMessageContaining("An error occurred while attempting to decode the Jwt: "
 						+ "Required JOSE header \"typ\" (type) parameter is missing");
+		// @formatter:on
 	}
 
 	@Test
 	public void withJwkSetUriWhenJwtProcessorCustomizerNullThenThrowsIllegalArgumentException() {
+		// @formatter:off
 		assertThatIllegalArgumentException()
 				.isThrownBy(() -> NimbusJwtDecoder.withJwkSetUri(JWK_SET_URI).jwtProcessorCustomizer(null))
 				.withMessage("jwtProcessorCustomizer cannot be null");
+		// @formatter:on
 	}
 
 	private RSAPublicKey key() throws InvalidKeySpecException {
@@ -574,7 +737,11 @@ public class NimbusJwtDecoderTests {
 		RestOperations restOperations = mock(RestOperations.class);
 		given(restOperations.exchange(any(RequestEntity.class), eq(String.class)))
 				.willReturn(new ResponseEntity<>(jwkResponse, HttpStatus.OK));
-		return NimbusJwtDecoder.withJwkSetUri(JWK_SET_URI).restOperations(restOperations).processor();
+		// @formatter:off
+		return NimbusJwtDecoder.withJwkSetUri(JWK_SET_URI)
+				.restOperations(restOperations)
+				.processor();
+		// @formatter:on
 	}
 
 	private static JWTProcessor<SecurityContext> withoutSigning() {
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoderTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoderTests.java
index a33eb0af3e..f53f822c57 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoderTests.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoderTests.java
@@ -86,10 +86,19 @@ public class NimbusReactiveJwtDecoderTests {
 
 	private String unsignedToken = "eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0.eyJleHAiOi0yMDMzMjI0OTcsImp0aSI6IjEyMyIsInR5cCI6IkpXVCJ9.";
 
-	private String jwkSet = "{\n" + "   \"keys\":[\n" + "      {\n" + "         \"kty\":\"RSA\",\n"
-			+ "         \"e\":\"AQAB\",\n" + "         \"use\":\"sig\",\n" + "         \"kid\":\"key-id-1\",\n"
+	// @formatter:off
+	private String jwkSet = "{\n"
+			+ "   \"keys\":[\n"
+			+ "      {\n"
+			+ "         \"kty\":\"RSA\",\n"
+			+ "         \"e\":\"AQAB\",\n"
+			+ "         \"use\":\"sig\",\n"
+			+ "         \"kid\":\"key-id-1\",\n"
 			+ "         \"n\":\"qL48v1clgFw-Evm145pmh8nRYiNt72Gupsshn7Qs8dxEydCRp1DPOV_PahPk1y2nvldBNIhfNL13JOAiJ6BTiF-2ICuICAhDArLMnTH61oL1Hepq8W1xpa9gxsnL1P51thvfmiiT4RTW57koy4xIWmIp8ZXXfYgdH2uHJ9R0CQBuYKe7nEOObjxCFWC8S30huOfW2cYtv0iB23h6w5z2fDLjddX6v_FXM7ktcokgpm3_XmvT_-bL6_GGwz9k6kJOyMTubecr-WT__le8ikY66zlplYXRQh6roFfFCL21Pt8xN5zrk-0AMZUnmi8F2S2ztSBmAVJ7H71ELXsURBVZpw\"\n"
-			+ "      }\n" + "   ]\n" + "}";
+			+ "      }\n"
+			+ "   ]\n"
+			+ "}";
+	// @formatter:on
 
 	private String jwkSetUri = "https://issuer/certs";
 
@@ -126,8 +135,11 @@ public class NimbusReactiveJwtDecoderTests {
 	@Test
 	public void decodeWhenInvalidUrl() {
 		this.decoder = new NimbusReactiveJwtDecoder("https://s");
-		assertThatIllegalStateException().isThrownBy(() -> this.decoder.decode(this.messageReadToken).block())
+		// @formatter:off
+		assertThatIllegalStateException()
+				.isThrownBy(() -> this.decoder.decode(this.messageReadToken).block())
 				.withCauseInstanceOf(UnknownHostException.class);
+		// @formatter:on
 	}
 
 	@Test
@@ -162,13 +174,19 @@ public class NimbusReactiveJwtDecoderTests {
 
 	@Test
 	public void decodeWhenNoPeriodThenFail() {
-		assertThatExceptionOfType(BadJwtException.class).isThrownBy(() -> this.decoder.decode("").block());
+		// @formatter:off
+		assertThatExceptionOfType(BadJwtException.class)
+				.isThrownBy(() -> this.decoder.decode("").block());
+		// @formatter:on
 	}
 
 	@Test
 	public void decodeWhenInvalidJwkSetUrlThenFail() {
 		this.decoder = new NimbusReactiveJwtDecoder("http://localhost:1280/certs");
-		assertThatIllegalStateException().isThrownBy(() -> this.decoder.decode(this.messageReadToken).block());
+		// @formatter:off
+		assertThatIllegalStateException()
+				.isThrownBy(() -> this.decoder.decode(this.messageReadToken).block());
+		// @formatter:on
 	}
 
 	@Test
@@ -179,23 +197,34 @@ public class NimbusReactiveJwtDecoderTests {
 
 	@Test
 	public void decodeWhenAlgNoneThenFail() {
-		assertThatExceptionOfType(BadJwtException.class).isThrownBy(() -> this.decoder.decode(
-				"ew0KICAiYWxnIjogIm5vbmUiLA0KICAidHlwIjogIkpXVCINCn0.ew0KICAic3ViIjogIjEyMzQ1Njc4OTAiLA0KICAibmFtZSI6ICJKb2huIERvZSIsDQogICJpYXQiOiAxNTE2MjM5MDIyDQp9.")
-				.block()).withMessage("Unsupported algorithm of none");
+		// @formatter:off
+		assertThatExceptionOfType(BadJwtException.class)
+				.isThrownBy(() -> this.decoder
+						.decode("ew0KICAiYWxnIjogIm5vbmUiLA0KICAidHlwIjogIkpXVCINCn0.ew0KICAic3ViIjogIjEyMzQ1Njc4OTAiLA0KICAibmFtZSI6ICJKb2huIERvZSIsDQogICJpYXQiOiAxNTE2MjM5MDIyDQp9.")
+						.block()
+				)
+				.withMessage("Unsupported algorithm of none");
+		// @formatter:on
 	}
 
 	@Test
 	public void decodeWhenInvalidAlgMismatchThenFail() {
-		assertThatExceptionOfType(BadJwtException.class).isThrownBy(() -> this.decoder.decode(
-				"ew0KICAiYWxnIjogIkVTMjU2IiwNCiAgInR5cCI6ICJKV1QiDQp9.ew0KICAic3ViIjogIjEyMzQ1Njc4OTAiLA0KICAibmFtZSI6ICJKb2huIERvZSIsDQogICJpYXQiOiAxNTE2MjM5MDIyDQp9.")
-				.block());
+		// @formatter:off
+		assertThatExceptionOfType(BadJwtException.class)
+				.isThrownBy(() -> this.decoder
+						.decode("ew0KICAiYWxnIjogIkVTMjU2IiwNCiAgInR5cCI6ICJKV1QiDQp9.ew0KICAic3ViIjogIjEyMzQ1Njc4OTAiLA0KICAibmFtZSI6ICJKb2huIERvZSIsDQogICJpYXQiOiAxNTE2MjM5MDIyDQp9.")
+						.block()
+				);
+		// @formatter:on
 	}
 
 	@Test
 	public void decodeWhenUnsignedTokenThenMessageDoesNotMentionClass() {
+		// @formatter:off
 		assertThatExceptionOfType(BadJwtException.class)
 				.isThrownBy(() -> this.decoder.decode(this.unsignedToken).block())
 				.withMessage("Unsupported algorithm of none");
+		// @formatter:on
 	}
 
 	@Test
@@ -205,9 +234,11 @@ public class NimbusReactiveJwtDecoderTests {
 		OAuth2Error error = new OAuth2Error("mock-error", "mock-description", "mock-uri");
 		OAuth2TokenValidatorResult result = OAuth2TokenValidatorResult.failure(error);
 		given(jwtValidator.validate(any(Jwt.class))).willReturn(result);
+		// @formatter:off
 		assertThatExceptionOfType(JwtValidationException.class)
 				.isThrownBy(() -> this.decoder.decode(this.messageReadToken).block())
 				.withMessageContaining("mock-description");
+		// @formatter:on
 	}
 
 	@Test
@@ -219,9 +250,11 @@ public class NimbusReactiveJwtDecoderTests {
 		OAuth2Error error2 = new OAuth2Error("mock-error-second", "mock-description-second", "mock-uri-second");
 		OAuth2TokenValidatorResult result = OAuth2TokenValidatorResult.failure(errorEmpty, error, error2);
 		given(jwtValidator.validate(any(Jwt.class))).willReturn(result);
+		// @formatter:off
 		assertThatExceptionOfType(JwtValidationException.class)
 				.isThrownBy(() -> this.decoder.decode(this.messageReadToken).block())
 				.withMessageContaining("mock-description");
+		// @formatter:on
 	}
 
 	@Test
@@ -241,18 +274,26 @@ public class NimbusReactiveJwtDecoderTests {
 		Converter<Map<String, Object>, Map<String, Object>> claimSetConverter = mock(Converter.class);
 		this.decoder.setClaimSetConverter(claimSetConverter);
 		given(claimSetConverter.convert(any(Map.class))).willThrow(new IllegalArgumentException("bad conversion"));
+		// @formatter:off
 		assertThatExceptionOfType(BadJwtException.class)
 				.isThrownBy(() -> this.decoder.decode(this.messageReadToken).block());
+		// @formatter:on
 	}
 
 	@Test
 	public void setJwtValidatorWhenGivenNullThrowsIllegalArgumentException() {
-		assertThatIllegalArgumentException().isThrownBy(() -> this.decoder.setJwtValidator(null));
+		// @formatter:off
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.decoder.setJwtValidator(null));
+		// @formatter:on
 	}
 
 	@Test
 	public void setClaimSetConverterWhenNullThrowsIllegalArgumentException() {
-		assertThatIllegalArgumentException().isThrownBy(() -> this.decoder.setClaimSetConverter(null));
+		// @formatter:off
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.decoder.setClaimSetConverter(null));
+		// @formatter:on
 	}
 
 	@Test
@@ -269,25 +310,39 @@ public class NimbusReactiveJwtDecoderTests {
 
 	@Test
 	public void withJwkSetUriWhenJwtProcessorCustomizerNullThenThrowsIllegalArgumentException() {
-		assertThatIllegalArgumentException().isThrownBy(
-				() -> NimbusReactiveJwtDecoder.withJwkSetUri(this.jwkSetUri).jwtProcessorCustomizer(null).build())
+		// @formatter:off
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> NimbusReactiveJwtDecoder
+						.withJwkSetUri(this.jwkSetUri)
+						.jwtProcessorCustomizer(null)
+						.build()
+				)
 				.withMessage("jwtProcessorCustomizer cannot be null");
+		// @formatter:on
 	}
 
 	@Test
 	public void restOperationsWhenNullThenThrowsException() {
 		NimbusReactiveJwtDecoder.JwkSetUriReactiveJwtDecoderBuilder builder = NimbusReactiveJwtDecoder
 				.withJwkSetUri(this.jwkSetUri);
-		assertThatIllegalArgumentException().isThrownBy(() -> builder.webClient(null));
+		// @formatter:off
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> builder.webClient(null));
+		// @formatter:on
 	}
 
 	// gh-5603
 	@Test
 	public void decodeWhenSignedThenOk() {
 		WebClient webClient = mockJwkSetResponse(this.jwkSet);
-		NimbusReactiveJwtDecoder decoder = NimbusReactiveJwtDecoder.withJwkSetUri(this.jwkSetUri).webClient(webClient)
+		// @formatter:off
+		NimbusReactiveJwtDecoder decoder = NimbusReactiveJwtDecoder.withJwkSetUri(this.jwkSetUri)
+				.webClient(webClient)
 				.build();
-		assertThat(decoder.decode(this.messageReadToken).block()).extracting(Jwt::getExpiresAt).isNotNull();
+		assertThat(decoder.decode(this.messageReadToken).block())
+				.extracting(Jwt::getExpiresAt)
+				.isNotNull();
+		// @formatter:on
 		verify(webClient).get();
 	}
 
@@ -295,66 +350,108 @@ public class NimbusReactiveJwtDecoderTests {
 	@Test
 	public void withJwkSetUriWhenUsingCustomTypeHeaderThenRefuseOmittedType() {
 		WebClient webClient = mockJwkSetResponse(this.jwkSet);
-		NimbusReactiveJwtDecoder decoder = NimbusReactiveJwtDecoder.withJwkSetUri(this.jwkSetUri).webClient(webClient)
-				.jwtProcessorCustomizer(
-						(p) -> p.setJWSTypeVerifier(new DefaultJOSEObjectTypeVerifier<>(new JOSEObjectType("JWS"))))
+		// @formatter:off
+		NimbusReactiveJwtDecoder decoder = NimbusReactiveJwtDecoder.withJwkSetUri(this.jwkSetUri)
+				.webClient(webClient)
+				.jwtProcessorCustomizer((p) -> p
+						.setJWSTypeVerifier(new DefaultJOSEObjectTypeVerifier<>(new JOSEObjectType("JWS")))
+				)
 				.build();
-		assertThatExceptionOfType(BadJwtException.class).isThrownBy(() -> decoder.decode(this.messageReadToken).block())
+		assertThatExceptionOfType(BadJwtException.class)
+				.isThrownBy(() -> decoder.decode(this.messageReadToken).block())
 				.havingRootCause().withMessage("Required JOSE header \"typ\" (type) parameter is missing");
+		// @formatter:on
 	}
 
 	@Test
 	public void withPublicKeyWhenNullThenThrowsException() {
-		assertThatIllegalArgumentException().isThrownBy(() -> NimbusReactiveJwtDecoder.withPublicKey(null));
+		// @formatter:off
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> NimbusReactiveJwtDecoder.withPublicKey(null));
+		// @formatter:on
 	}
 
 	@Test
 	public void buildWhenSignatureAlgorithmMismatchesKeyTypeThenThrowsException() {
-		assertThatIllegalStateException().isThrownBy(() -> NimbusReactiveJwtDecoder.withPublicKey(key())
-				.signatureAlgorithm(SignatureAlgorithm.ES256).build());
+		// @formatter:off
+		assertThatIllegalStateException()
+				.isThrownBy(() -> NimbusReactiveJwtDecoder.withPublicKey(key())
+					.signatureAlgorithm(SignatureAlgorithm.ES256)
+					.build()
+				);
+		// @formatter:on
 	}
 
 	@Test
 	public void buildWhenJwtProcessorCustomizerNullThenThrowsIllegalArgumentException() {
+		// @formatter:off
 		assertThatIllegalArgumentException()
-				.isThrownBy(() -> NimbusReactiveJwtDecoder.withPublicKey(key()).jwtProcessorCustomizer(null).build())
+				.isThrownBy(() -> NimbusReactiveJwtDecoder.withPublicKey(key())
+						.jwtProcessorCustomizer(null)
+						.build()
+				)
 				.withMessage("jwtProcessorCustomizer cannot be null");
+		// @formatter:on
 	}
 
 	@Test
 	public void decodeWhenUsingPublicKeyThenSuccessfullyDecodes() throws Exception {
-		NimbusReactiveJwtDecoder decoder = NimbusReactiveJwtDecoder.withPublicKey(key()).build();
-		assertThat(decoder.decode(this.rsa256).block()).extracting(Jwt::getSubject).isEqualTo("test-subject");
+		// @formatter:off
+		NimbusReactiveJwtDecoder decoder = NimbusReactiveJwtDecoder.withPublicKey(key())
+				.build();
+		assertThat(decoder.decode(this.rsa256).block())
+				.extracting(Jwt::getSubject)
+				.isEqualTo("test-subject");
+		// @formatter:on
 	}
 
 	@Test
 	public void decodeWhenUsingPublicKeyWithRs512ThenSuccessfullyDecodes() throws Exception {
+		// @formatter:off
 		NimbusReactiveJwtDecoder decoder = NimbusReactiveJwtDecoder.withPublicKey(key())
-				.signatureAlgorithm(SignatureAlgorithm.RS512).build();
-		assertThat(decoder.decode(this.rsa512).block()).extracting(Jwt::getSubject).isEqualTo("test-subject");
+				.signatureAlgorithm(SignatureAlgorithm.RS512)
+				.build();
+		assertThat(decoder.decode(this.rsa512).block())
+				.extracting(Jwt::getSubject)
+				.isEqualTo("test-subject");
+		// @formatter:on
 	}
 
 	@Test
 	public void decodeWhenSignatureMismatchesAlgorithmThenThrowsException() throws Exception {
+		// @formatter:off
 		NimbusReactiveJwtDecoder decoder = NimbusReactiveJwtDecoder.withPublicKey(key())
-				.signatureAlgorithm(SignatureAlgorithm.RS512).build();
-		assertThatExceptionOfType(BadJwtException.class).isThrownBy(() -> decoder.decode(this.rsa256).block());
+				.signatureAlgorithm(SignatureAlgorithm.RS512)
+				.build();
+		assertThatExceptionOfType(BadJwtException.class)
+				.isThrownBy(() -> decoder
+						.decode(this.rsa256)
+						.block()
+				);
+		// @formatter:on
 	}
 
 	// gh-8730
 	@Test
 	public void withPublicKeyWhenUsingCustomTypeHeaderThenRefuseOmittedType() throws Exception {
+		// @formatter:off
 		NimbusReactiveJwtDecoder decoder = NimbusReactiveJwtDecoder.withPublicKey(key())
-				.jwtProcessorCustomizer(
-						(p) -> p.setJWSTypeVerifier(new DefaultJOSEObjectTypeVerifier<>(new JOSEObjectType("JWS"))))
+				.jwtProcessorCustomizer((p) -> p
+						.setJWSTypeVerifier(new DefaultJOSEObjectTypeVerifier<>(new JOSEObjectType("JWS")))
+				)
 				.build();
-		assertThatExceptionOfType(BadJwtException.class).isThrownBy(() -> decoder.decode(this.rsa256).block())
+		assertThatExceptionOfType(BadJwtException.class)
+				.isThrownBy(() -> decoder.decode(this.rsa256).block())
 				.havingRootCause().withMessage("Required JOSE header \"typ\" (type) parameter is missing");
+		// @formatter:on
 	}
 
 	@Test
 	public void withJwkSourceWhenNullThenThrowsException() {
-		assertThatIllegalArgumentException().isThrownBy(() -> NimbusReactiveJwtDecoder.withJwkSource(null));
+		// @formatter:off
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> NimbusReactiveJwtDecoder.withJwkSource(null));
+		// @formatter:on
 	}
 
 	@Test
@@ -366,54 +463,87 @@ public class NimbusReactiveJwtDecoderTests {
 
 	@Test
 	public void decodeWhenCustomJwkSourceResolutionThenDecodes() {
+		// @formatter:off
 		NimbusReactiveJwtDecoder decoder = NimbusReactiveJwtDecoder
-				.withJwkSource((jwt) -> Flux.fromIterable(parseJWKSet(this.jwkSet).getKeys())).build();
-		assertThat(decoder.decode(this.messageReadToken).block()).extracting(Jwt::getExpiresAt).isNotNull();
+				.withJwkSource((jwt) -> Flux.fromIterable(parseJWKSet(this.jwkSet).getKeys()))
+				.build();
+		assertThat(decoder.decode(this.messageReadToken).block())
+				.extracting(Jwt::getExpiresAt)
+				.isNotNull();
+		// @formatter:on
 	}
 
 	// gh-8730
 	@Test
 	public void withJwkSourceWhenUsingCustomTypeHeaderThenRefuseOmittedType() {
-		NimbusReactiveJwtDecoder decoder = NimbusReactiveJwtDecoder.withJwkSource((jwt) -> Flux.empty())
-				.jwtProcessorCustomizer(
-						(p) -> p.setJWSTypeVerifier(new DefaultJOSEObjectTypeVerifier<>(new JOSEObjectType("JWS"))))
+		// @formatter:off
+		NimbusReactiveJwtDecoder decoder = NimbusReactiveJwtDecoder
+				.withJwkSource((jwt) -> Flux.empty())
+				.jwtProcessorCustomizer((p) -> p
+						.setJWSTypeVerifier(new DefaultJOSEObjectTypeVerifier<>(new JOSEObjectType("JWS")))
+				)
 				.build();
-		assertThatExceptionOfType(BadJwtException.class).isThrownBy(() -> decoder.decode(this.messageReadToken).block())
-				.havingRootCause().withMessage("Required JOSE header \"typ\" (type) parameter is missing");
+		assertThatExceptionOfType(BadJwtException.class)
+				.isThrownBy(() -> decoder.decode(this.messageReadToken).block())
+				.havingRootCause()
+				.withMessage("Required JOSE header \"typ\" (type) parameter is missing");
+		// @formatter:on
 	}
 
 	@Test
 	public void withSecretKeyWhenSecretKeyNullThenThrowsIllegalArgumentException() {
-		assertThatIllegalArgumentException().isThrownBy(() -> NimbusReactiveJwtDecoder.withSecretKey(null))
+		// @formatter:off
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> NimbusReactiveJwtDecoder.withSecretKey(null))
 				.withMessage("secretKey cannot be null");
+		// @formatter:on
 	}
 
 	@Test
 	public void withSecretKeyWhenJwtProcessorCustomizerNullThenThrowsIllegalArgumentException() {
 		SecretKey secretKey = TestKeys.DEFAULT_SECRET_KEY;
+		// @formatter:off
 		assertThatIllegalArgumentException()
-				.isThrownBy(
-						() -> NimbusReactiveJwtDecoder.withSecretKey(secretKey).jwtProcessorCustomizer(null).build())
+				.isThrownBy(() -> NimbusReactiveJwtDecoder
+						.withSecretKey(secretKey)
+						.jwtProcessorCustomizer(null)
+						.build()
+				)
 				.withMessage("jwtProcessorCustomizer cannot be null");
+		// @formatter:on
 	}
 
 	@Test
 	public void withSecretKeyWhenMacAlgorithmNullThenThrowsIllegalArgumentException() {
 		SecretKey secretKey = TestKeys.DEFAULT_SECRET_KEY;
+		// @formatter:off
 		assertThatIllegalArgumentException()
-				.isThrownBy(() -> NimbusReactiveJwtDecoder.withSecretKey(secretKey).macAlgorithm(null))
+				.isThrownBy(() -> NimbusReactiveJwtDecoder
+						.withSecretKey(secretKey)
+						.macAlgorithm(null)
+				)
 				.withMessage("macAlgorithm cannot be null");
+		// @formatter:on
 	}
 
 	@Test
 	public void decodeWhenSecretKeyThenSuccess() throws Exception {
 		SecretKey secretKey = TestKeys.DEFAULT_SECRET_KEY;
 		MacAlgorithm macAlgorithm = MacAlgorithm.HS256;
-		JWTClaimsSet claimsSet = new JWTClaimsSet.Builder().subject("test-subject")
-				.expirationTime(Date.from(Instant.now().plusSeconds(60))).build();
+		// @formatter:off
+		JWTClaimsSet claimsSet = new JWTClaimsSet.Builder()
+				.subject("test-subject")
+				.expirationTime(Date.from(Instant.now().plusSeconds(60)))
+				.build();
+		// @formatter:on
 		SignedJWT signedJWT = signedJwt(secretKey, macAlgorithm, claimsSet);
-		this.decoder = NimbusReactiveJwtDecoder.withSecretKey(secretKey).macAlgorithm(macAlgorithm).build();
-		Jwt jwt = this.decoder.decode(signedJWT.serialize()).block();
+		// @formatter:off
+		this.decoder = NimbusReactiveJwtDecoder.withSecretKey(secretKey)
+				.macAlgorithm(macAlgorithm)
+				.build();
+		Jwt jwt = this.decoder.decode(signedJWT.serialize())
+				.block();
+		// @formatter:on
 		assertThat(jwt.getSubject()).isEqualTo("test-subject");
 	}
 
@@ -421,24 +551,34 @@ public class NimbusReactiveJwtDecoderTests {
 	@Test
 	public void withSecretKeyWhenUsingCustomTypeHeaderThenRefuseOmittedType() {
 		SecretKey secretKey = TestKeys.DEFAULT_SECRET_KEY;
+		// @formatter:off
 		NimbusReactiveJwtDecoder decoder = NimbusReactiveJwtDecoder.withSecretKey(secretKey)
-				.jwtProcessorCustomizer(
-						(p) -> p.setJWSTypeVerifier(new DefaultJOSEObjectTypeVerifier<>(new JOSEObjectType("JWS"))))
+				.jwtProcessorCustomizer((p) -> p
+						.setJWSTypeVerifier(new DefaultJOSEObjectTypeVerifier<>(new JOSEObjectType("JWS")))
+				)
 				.build();
-		assertThatExceptionOfType(BadJwtException.class).isThrownBy(() -> decoder.decode(this.messageReadToken).block())
+		assertThatExceptionOfType(BadJwtException.class)
+				.isThrownBy(() -> decoder.decode(this.messageReadToken).block())
 				.havingRootCause().withMessage("Required JOSE header \"typ\" (type) parameter is missing");
+		// @formatter:on
 	}
 
 	@Test
 	public void decodeWhenSecretKeyAndAlgorithmMismatchThenThrowsJwtException() throws Exception {
 		SecretKey secretKey = TestKeys.DEFAULT_SECRET_KEY;
 		MacAlgorithm macAlgorithm = MacAlgorithm.HS256;
-		JWTClaimsSet claimsSet = new JWTClaimsSet.Builder().subject("test-subject")
-				.expirationTime(Date.from(Instant.now().plusSeconds(60))).build();
+		JWTClaimsSet claimsSet = new JWTClaimsSet.Builder()
+				.subject("test-subject")
+				.expirationTime(Date.from(Instant.now().plusSeconds(60)))
+				.build();
 		SignedJWT signedJWT = signedJwt(secretKey, macAlgorithm, claimsSet);
-		this.decoder = NimbusReactiveJwtDecoder.withSecretKey(secretKey).macAlgorithm(MacAlgorithm.HS512).build();
+		// @formatter:off
+		this.decoder = NimbusReactiveJwtDecoder.withSecretKey(secretKey)
+				.macAlgorithm(MacAlgorithm.HS512)
+				.build();
 		assertThatExceptionOfType(BadJwtException.class)
 				.isThrownBy(() -> this.decoder.decode(signedJWT.serialize()).block());
+		// @formatter:on
 	}
 
 	@Test
@@ -464,9 +604,12 @@ public class NimbusReactiveJwtDecoderTests {
 	@Test
 	public void jwsKeySelectorWhenMultipleAlgorithmThenReturnsCompositeSelector() {
 		JWKSource<JWKSecurityContext> jwkSource = mock(JWKSource.class);
+		// @formatter:off
 		JWSKeySelector<JWKSecurityContext> jwsKeySelector = NimbusReactiveJwtDecoder.withJwkSetUri(this.jwkSetUri)
-				.jwsAlgorithm(SignatureAlgorithm.RS256).jwsAlgorithm(SignatureAlgorithm.RS512)
+				.jwsAlgorithm(SignatureAlgorithm.RS256)
+				.jwsAlgorithm(SignatureAlgorithm.RS512)
 				.jwsKeySelector(jwkSource);
+		// @formatter:on
 		assertThat(jwsKeySelector instanceof JWSVerificationKeySelector);
 		JWSVerificationKeySelector<?> jwsAlgorithmMapKeySelector = (JWSVerificationKeySelector<?>) jwsKeySelector;
 		assertThat(jwsAlgorithmMapKeySelector.isAllowed(JWSAlgorithm.RS256)).isTrue();
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/ReactiveJwtDecodersTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/ReactiveJwtDecodersTests.java
index 57a7c37c63..6c5d22ef30 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/ReactiveJwtDecodersTests.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/ReactiveJwtDecodersTests.java
@@ -54,15 +54,30 @@ public class ReactiveJwtDecodersTests {
 	 * Contains those parameters required to construct a ReactiveJwtDecoder as well as any
 	 * required parameters
 	 */
+	// @formatter:off
 	private static final String DEFAULT_RESPONSE_TEMPLATE = "{\n"
 			+ "    \"authorization_endpoint\": \"https://example.com/o/oauth2/v2/auth\", \n"
-			+ "    \"id_token_signing_alg_values_supported\": [\n" + "        \"RS256\"\n" + "    ], \n"
-			+ "    \"issuer\": \"%s\", \n" + "    \"jwks_uri\": \"%s/.well-known/jwks.json\", \n"
-			+ "    \"response_types_supported\": [\n" + "        \"code\", \n" + "        \"token\", \n"
-			+ "        \"id_token\", \n" + "        \"code token\", \n" + "        \"code id_token\", \n"
-			+ "        \"token id_token\", \n" + "        \"code token id_token\", \n" + "        \"none\"\n"
-			+ "    ], \n" + "    \"subject_types_supported\": [\n" + "        \"public\"\n" + "    ], \n"
-			+ "    \"token_endpoint\": \"https://example.com/oauth2/v4/token\"\n" + "}";
+			+ "    \"id_token_signing_alg_values_supported\": [\n"
+			+ "        \"RS256\"\n"
+			+ "    ], \n"
+			+ "    \"issuer\": \"%s\", \n"
+			+ "    \"jwks_uri\": \"%s/.well-known/jwks.json\", \n"
+			+ "    \"response_types_supported\": [\n"
+			+ "        \"code\", \n"
+			+ "        \"token\", \n"
+			+ "        \"id_token\", \n"
+			+ "        \"code token\", \n"
+			+ "        \"code id_token\", \n"
+			+ "        \"token id_token\", \n"
+			+ "        \"code token id_token\", \n"
+			+ "        \"none\"\n"
+			+ "    ], \n"
+			+ "    \"subject_types_supported\": [\n"
+			+ "        \"public\"\n"
+			+ "    ], \n"
+			+ "    \"token_endpoint\": \"https://example.com/oauth2/v4/token\"\n"
+			+ "}";
+	// @formatter:on
 
 	private static final String JWK_SET = "{\"keys\":[{\"p\":\"49neceJFs8R6n7WamRGy45F5Tv0YM-R2ODK3eSBUSLOSH2tAqjEVKOkLE5fiNA3ygqq15NcKRadB2pTVf-Yb5ZIBuKzko8bzYIkIqYhSh_FAdEEr0vHF5fq_yWSvc6swsOJGqvBEtuqtJY027u-G2gAQasCQdhyejer68zsTn8M\",\"kty\":\"RSA\",\"q\":\"tWR-ysspjZ73B6p2vVRVyHwP3KQWL5KEQcdgcmMOE_P_cPs98vZJfLhxobXVmvzuEWBpRSiqiuyKlQnpstKt94Cy77iO8m8ISfF3C9VyLWXi9HUGAJb99irWABFl3sNDff5K2ODQ8CmuXLYM25OwN3ikbrhEJozlXg_NJFSGD4E\",\"d\":\"FkZHYZlw5KSoqQ1i2RA2kCUygSUOf1OqMt3uomtXuUmqKBm_bY7PCOhmwbvbn4xZYEeHuTR8Xix-0KpHe3NKyWrtRjkq1T_un49_1LLVUhJ0dL-9_x0xRquVjhl_XrsRXaGMEHs8G9pLTvXQ1uST585gxIfmCe0sxPZLvwoic-bXf64UZ9BGRV3lFexWJQqCZp2S21HfoU7wiz6kfLRNi-K4xiVNB1gswm_8o5lRuY7zB9bRARQ3TS2G4eW7p5sxT3CgsGiQD3_wPugU8iDplqAjgJ5ofNJXZezoj0t6JMB_qOpbrmAM1EnomIPebSLW7Ky9SugEd6KMdL5lW6AuAQ\",\"e\":\"AQAB\",\"use\":\"sig\",\"kid\":\"one\",\"qi\":\"wdkFu_tV2V1l_PWUUimG516Zvhqk2SWDw1F7uNDD-Lvrv_WNRIJVzuffZ8WYiPy8VvYQPJUrT2EXL8P0ocqwlaSTuXctrORcbjwgxDQDLsiZE0C23HYzgi0cofbScsJdhcBg7d07LAf7cdJWG0YVl1FkMCsxUlZ2wTwHfKWf-v4\",\"dp\":\"uwnPxqC-IxG4r33-SIT02kZC1IqC4aY7PWq0nePiDEQMQWpjjNH50rlq9EyLzbtdRdIouo-jyQXB01K15-XXJJ60dwrGLYNVqfsTd0eGqD1scYJGHUWG9IDgCsxyEnuG3s0AwbW2UolWVSsU2xMZGb9PurIUZECeD1XDZwMp2s0\",\"dq\":\"hra786AunB8TF35h8PpROzPoE9VJJMuLrc6Esm8eZXMwopf0yhxfN2FEAvUoTpLJu93-UH6DKenCgi16gnQ0_zt1qNNIVoRfg4rw_rjmsxCYHTVL3-RDeC8X_7TsEySxW0EgFTHh-nr6I6CQrAJjPM88T35KHtdFATZ7BCBB8AE\",\"n\":\"oXJ8OyOv_eRnce4akdanR4KYRfnC2zLV4uYNQpcFn6oHL0dj7D6kxQmsXoYgJV8ZVDn71KGmuLvolxsDncc2UrhyMBY6DVQVgMSVYaPCTgW76iYEKGgzTEw5IBRQL9w3SRJWd3VJTZZQjkXef48Ocz06PGF3lhbz4t5UEZtdF4rIe7u-977QwHuh7yRPBQ3sII-cVoOUMgaXB9SHcGF2iZCtPzL_IffDUcfhLQteGebhW8A6eUHgpD5A1PQ-JCw_G7UOzZAjjDjtNM2eqm8j-Ms_gqnm4MiCZ4E-9pDN77CAAPVN7kuX6ejs9KBXpk01z48i9fORYk9u7rAkh1HuQw\"}]}";
 
@@ -93,48 +108,60 @@ public class ReactiveJwtDecodersTests {
 	public void issuerWhenResponseIsTypicalThenReturnedDecoderValidatesIssuer() {
 		prepareConfigurationResponse();
 		ReactiveJwtDecoder decoder = ReactiveJwtDecoders.fromOidcIssuerLocation(this.issuer);
+		// @formatter:off
 		assertThatExceptionOfType(JwtValidationException.class)
 				.isThrownBy(() -> decoder.decode(ISSUER_MISMATCH).block())
 				.withMessageContaining("The iss claim is not valid");
+		// @formatter:on
 	}
 
 	@Test
 	public void issuerWhenOidcFallbackResponseIsTypicalThenReturnedDecoderValidatesIssuer() {
 		prepareConfigurationResponseOidc();
 		ReactiveJwtDecoder decoder = ReactiveJwtDecoders.fromIssuerLocation(this.issuer);
+		// @formatter:off
 		assertThatExceptionOfType(JwtValidationException.class)
 				.isThrownBy(() -> decoder.decode(ISSUER_MISMATCH).block())
 				.withMessageContaining("The iss claim is not valid");
+		// @formatter:on
 	}
 
 	@Test
 	public void issuerWhenOAuth2ResponseIsTypicalThenReturnedDecoderValidatesIssuer() {
 		prepareConfigurationResponseOAuth2();
 		ReactiveJwtDecoder decoder = ReactiveJwtDecoders.fromIssuerLocation(this.issuer);
+		// @formatter:off
 		assertThatExceptionOfType(JwtValidationException.class)
 				.isThrownBy(() -> decoder.decode(ISSUER_MISMATCH).block())
 				.withMessageContaining("The iss claim is not valid");
+		// @formatter:on
 	}
 
 	@Test
 	public void issuerWhenResponseIsNonCompliantThenThrowsRuntimeException() {
 		prepareConfigurationResponse("{ \"missing_required_keys\" : \"and_values\" }");
+		// @formatter:off
 		assertThatExceptionOfType(RuntimeException.class)
 				.isThrownBy(() -> ReactiveJwtDecoders.fromOidcIssuerLocation(this.issuer));
+		// @formatter:on
 	}
 
 	@Test
 	public void issuerWhenOidcFallbackResponseIsNonCompliantThenThrowsRuntimeException() {
 		prepareConfigurationResponseOidc("{ \"missing_required_keys\" : \"and_values\" }");
+		// @formatter:off
 		assertThatExceptionOfType(RuntimeException.class)
 				.isThrownBy(() -> ReactiveJwtDecoders.fromIssuerLocation(this.issuer));
+		// @formatter:on
 	}
 
 	@Test
 	public void issuerWhenOAuth2ResponseIsNonCompliantThenThrowsRuntimeException() {
 		prepareConfigurationResponseOAuth2("{ \"missing_required_keys\" : \"and_values\" }");
+		// @formatter:off
 		assertThatExceptionOfType(RuntimeException.class)
 				.isThrownBy(() -> ReactiveJwtDecoders.fromIssuerLocation(this.issuer));
+		// @formatter:on
 	}
 
 	// gh-7512
@@ -142,8 +169,11 @@ public class ReactiveJwtDecodersTests {
 	public void issuerWhenResponseDoesNotContainJwksUriThenThrowsIllegalArgumentException()
 			throws JsonMappingException, JsonProcessingException {
 		prepareConfigurationResponse(this.buildResponseWithMissingJwksUri());
-		assertThatIllegalArgumentException().isThrownBy(() -> ReactiveJwtDecoders.fromOidcIssuerLocation(this.issuer))
+		// @formatter:off
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> ReactiveJwtDecoders.fromOidcIssuerLocation(this.issuer))
 				.withMessage("The public JWK set URI must not be null");
+		// @formatter:on
 	}
 
 	// gh-7512
@@ -151,8 +181,11 @@ public class ReactiveJwtDecodersTests {
 	public void issuerWhenOidcFallbackResponseDoesNotContainJwksUriThenThrowsIllegalArgumentException()
 			throws JsonMappingException, JsonProcessingException {
 		prepareConfigurationResponseOidc(this.buildResponseWithMissingJwksUri());
-		assertThatIllegalArgumentException().isThrownBy(() -> ReactiveJwtDecoders.fromIssuerLocation(this.issuer))
+		// @formatter:off
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> ReactiveJwtDecoders.fromIssuerLocation(this.issuer))
 				.withMessage("The public JWK set URI must not be null");
+		// @formatter:on
 	}
 
 	// gh-7512
@@ -160,62 +193,85 @@ public class ReactiveJwtDecodersTests {
 	public void issuerWhenOAuth2ResponseDoesNotContainJwksUriThenThrowsIllegalArgumentException()
 			throws JsonMappingException, JsonProcessingException {
 		prepareConfigurationResponseOAuth2(this.buildResponseWithMissingJwksUri());
-		assertThatIllegalArgumentException().isThrownBy(() -> ReactiveJwtDecoders.fromIssuerLocation(this.issuer))
+		// @formatter:off
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> ReactiveJwtDecoders.fromIssuerLocation(this.issuer))
 				.withMessage("The public JWK set URI must not be null");
+		// @formatter:on
 	}
 
 	@Test
 	public void issuerWhenResponseIsMalformedThenThrowsRuntimeException() {
 		prepareConfigurationResponse("malformed");
+		// @formatter:off
 		assertThatExceptionOfType(RuntimeException.class)
 				.isThrownBy(() -> ReactiveJwtDecoders.fromOidcIssuerLocation(this.issuer));
+		// @formatter:on
 	}
 
 	@Test
 	public void issuerWhenOidcFallbackResponseIsMalformedThenThrowsRuntimeException() {
 		prepareConfigurationResponseOidc("malformed");
+		// @formatter:off
 		assertThatExceptionOfType(RuntimeException.class)
 				.isThrownBy(() -> ReactiveJwtDecoders.fromIssuerLocation(this.issuer));
+		// @formatter:on
 	}
 
 	@Test
 	public void issuerWhenOAuth2ResponseIsMalformedThenThrowsRuntimeException() {
 		prepareConfigurationResponseOAuth2("malformed");
+		// @formatter:off
 		assertThatExceptionOfType(RuntimeException.class)
 				.isThrownBy(() -> ReactiveJwtDecoders.fromIssuerLocation(this.issuer));
+		// @formatter:on
 	}
 
 	@Test
 	public void issuerWhenRespondingIssuerMismatchesRequestedIssuerThenThrowsIllegalStateException() {
 		prepareConfigurationResponse(String.format(DEFAULT_RESPONSE_TEMPLATE, this.issuer + "/wrong", this.issuer));
-		assertThatIllegalStateException().isThrownBy(() -> ReactiveJwtDecoders.fromOidcIssuerLocation(this.issuer));
+		// @formatter:off
+		assertThatIllegalStateException()
+				.isThrownBy(() -> ReactiveJwtDecoders.fromOidcIssuerLocation(this.issuer));
+		// @formatter:on
 	}
 
 	@Test
 	public void issuerWhenOidcFallbackRespondingIssuerMismatchesRequestedIssuerThenThrowsIllegalStateException() {
 		prepareConfigurationResponseOidc(String.format(DEFAULT_RESPONSE_TEMPLATE, this.issuer + "/wrong", this.issuer));
-		assertThatIllegalStateException().isThrownBy(() -> ReactiveJwtDecoders.fromIssuerLocation(this.issuer));
+		// @formatter:off
+		assertThatIllegalStateException()
+				.isThrownBy(() -> ReactiveJwtDecoders.fromIssuerLocation(this.issuer));
+		// @formatter:on
 	}
 
 	@Test
 	public void issuerWhenOAuth2RespondingIssuerMismatchesRequestedIssuerThenThrowsIllegalStateException() {
 		prepareConfigurationResponseOAuth2(
 				String.format(DEFAULT_RESPONSE_TEMPLATE, this.issuer + "/wrong", this.issuer));
-		assertThatIllegalStateException().isThrownBy(() -> ReactiveJwtDecoders.fromIssuerLocation(this.issuer));
+		// @formatter:off
+		assertThatIllegalStateException()
+				.isThrownBy(() -> ReactiveJwtDecoders.fromIssuerLocation(this.issuer));
+		// @formatter:on
 	}
 
 	@Test
 	public void issuerWhenRequestedIssuerIsUnresponsiveThenThrowsIllegalArgumentException() throws Exception {
 		this.server.shutdown();
+		// @formatter:off
 		assertThatIllegalArgumentException()
 				.isThrownBy(() -> ReactiveJwtDecoders.fromOidcIssuerLocation("https://issuer"));
+		// @formatter:on
 	}
 
 	@Test
 	public void issuerWhenOidcFallbackRequestedIssuerIsUnresponsiveThenThrowsIllegalArgumentException()
 			throws Exception {
 		this.server.shutdown();
-		assertThatIllegalArgumentException().isThrownBy(() -> ReactiveJwtDecoders.fromIssuerLocation("https://issuer"));
+		// @formatter:off
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> ReactiveJwtDecoders.fromIssuerLocation("https://issuer"));
+		// @formatter:on
 	}
 
 	private void prepareConfigurationResponse() {
@@ -256,8 +312,13 @@ public class ReactiveJwtDecodersTests {
 		Dispatcher dispatcher = new Dispatcher() {
 			@Override
 			public MockResponse dispatch(RecordedRequest request) {
-				return Optional.of(request).map(RecordedRequest::getRequestUrl).map(HttpUrl::toString)
-						.map(responses::get).orElse(new MockResponse().setResponseCode(404));
+				// @formatter:off
+				return Optional.of(request)
+						.map(RecordedRequest::getRequestUrl)
+						.map(HttpUrl::toString)
+						.map(responses::get)
+						.orElse(new MockResponse().setResponseCode(404));
+				// @formatter:on
 			}
 		};
 		this.server.setDispatcher(dispatcher);
@@ -269,12 +330,20 @@ public class ReactiveJwtDecodersTests {
 
 	private String oidc() {
 		URI uri = URI.create(this.issuer);
-		return UriComponentsBuilder.fromUri(uri).replacePath(uri.getPath() + OIDC_METADATA_PATH).toUriString();
+		// @formatter:off
+		return UriComponentsBuilder.fromUri(uri)
+				.replacePath(uri.getPath() + OIDC_METADATA_PATH)
+				.toUriString();
+		// @formatter:on
 	}
 
 	private String oauth() {
 		URI uri = URI.create(this.issuer);
-		return UriComponentsBuilder.fromUri(uri).replacePath(OAUTH_METADATA_PATH + uri.getPath()).toUriString();
+		// @formatter:off
+		return UriComponentsBuilder.fromUri(uri)
+				.replacePath(OAUTH_METADATA_PATH + uri.getPath())
+				.toUriString();
+		// @formatter:on
 	}
 
 	private String jwks() {
@@ -282,7 +351,10 @@ public class ReactiveJwtDecodersTests {
 	}
 
 	private MockResponse response(String body) {
-		return new MockResponse().setBody(body).setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE);
+		// @formatter:off
+		return new MockResponse().setBody(body)
+				.setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE);
+		// @formatter:on
 	}
 
 	public String buildResponseWithMissingJwksUri() throws JsonMappingException, JsonProcessingException {
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/ReactiveRemoteJWKSourceTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/ReactiveRemoteJWKSourceTests.java
index 312d5bdc9c..7fecc4fc5e 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/ReactiveRemoteJWKSourceTests.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/ReactiveRemoteJWKSourceTests.java
@@ -52,23 +52,43 @@ public class ReactiveRemoteJWKSourceTests {
 
 	private MockWebServer server;
 
-	private String keys = "{\n" + "    \"keys\": [\n" + "        {\n" + "            \"alg\": \"RS256\", \n"
+	// @formatter:off
+	private String keys = "{\n"
+			+ "    \"keys\": [\n"
+			+ "        {\n"
+			+ "            \"alg\": \"RS256\", \n"
 			+ "            \"e\": \"AQAB\", \n"
 			+ "            \"kid\": \"1923397381d9574bb873202a90c32b7ceeaed027\", \n"
 			+ "            \"kty\": \"RSA\", \n"
 			+ "            \"n\": \"m4I5Dk5GnbzzUtqaljDVbpMONi1JLNJ8ZuXE8VvjCAVebDg5vTYhQ33jUwGgbn1wFmytUMgMmvK8A8Gpshl0sO2GBIZoh6_pwLrk657ZEtv-hx9fYKnzwyrfHqxtSswMAyr7XtKl8Ha1I03uFMSaYaaBTwVXCHByhzr4PVXfKAYJNbbcteUZfE8ODlBQkjQLI0IB78Nu8XIRrdzTF_5LCuM6rLUNtX6_KdzPpeX9KEtB7OBAfkdZEtBzGI-aYNLtIaL4qO6cVxBeVDLMoj9kVsRPylrwhEFQcGOjtJhwJwXFzTMZVhkiLFCHxZkkjoMrK5osSRlhduuGI9ot8XTUKQ\", \n"
-			+ "            \"use\": \"sig\"\n" + "        }, \n" + "        {\n" + "            \"alg\": \"RS256\", \n"
+			+ "            \"use\": \"sig\"\n"
+			+ "        }, \n"
+			+ "        {\n"
+			+ "            \"alg\": \"RS256\", \n"
 			+ "            \"e\": \"AQAB\", \n"
 			+ "            \"kid\": \"7ddf54d3032d1f0d48c3618892ca74c1ac30ad77\", \n"
 			+ "            \"kty\": \"RSA\", \n"
 			+ "            \"n\": \"yLlYyux949b7qS-DdqTNjdZb4NtqiNH-Jt7DtRxmfW9XZLOQ6Q2NYgmPe9hyy5GHG7W3zsd6Q-rzq5eGRNEUx1767K1dS5PtkVWPiPG_M7rDqCu3HsLmKQKhRjHYaCWl5NuiMB5mXoPhSwrHd2yeGE7QHIV7_CiQFc1xQsXeiC-nTeJohJO3HI97w0GXE8pHspLYq9oG87f5IHxFr89abmwRug-D7QWQyW5b4doe4ZL-52J-8WHd52kGrGfu4QyV83oAad3I_9Q-yiWOXUr_0GIrzz4_-u5HgqYexnodFhZZSaKuRSg_b5qCnPhW8gBDLAHkmQzQMaWsN14L0pokbQ\", \n"
-			+ "            \"use\": \"sig\"\n" + "        }\n" + "    ]\n" + "}\n";
+			+ "            \"use\": \"sig\"\n"
+			+ "        }\n"
+			+ "    ]\n"
+			+ "}\n";
+	// @formatter:on
 
-	private String keys2 = "{\n" + "    \"keys\": [\n" + "        {\n" + "            \"alg\": \"RS256\", \n"
-			+ "            \"e\": \"AQAB\", \n" + "            \"kid\": \"rotated\", \n"
+	// @formatter:off
+	private String keys2 = "{\n"
+			+ "    \"keys\": [\n"
+			+ "        {\n"
+			+ "            \"alg\": \"RS256\", \n"
+			+ "            \"e\": \"AQAB\", \n"
+			+ "            \"kid\": \"rotated\", \n"
 			+ "            \"kty\": \"RSA\", \n"
 			+ "            \"n\": \"m4I5Dk5GnbzzUtqaljDVbpMONi1JLNJ8ZuXE8VvjCAVebDg5vTYhQ33jUwGgbn1wFmytUMgMmvK8A8Gpshl0sO2GBIZoh6_pwLrk657ZEtv-hx9fYKnzwyrfHqxtSswMAyr7XtKl8Ha1I03uFMSaYaaBTwVXCHByhzr4PVXfKAYJNbbcteUZfE8ODlBQkjQLI0IB78Nu8XIRrdzTF_5LCuM6rLUNtX6_KdzPpeX9KEtB7OBAfkdZEtBzGI-aYNLtIaL4qO6cVxBeVDLMoj9kVsRPylrwhEFQcGOjtJhwJwXFzTMZVhkiLFCHxZkkjoMrK5osSRlhduuGI9ot8XTUKQ\", \n"
-			+ "            \"use\": \"sig\"\n" + "        }\n" + "    ]\n" + "}\n";
+			+ "            \"use\": \"sig\"\n"
+			+ "        }\n"
+			+ "    ]\n"
+			+ "}\n";
+	// @formatter:on
 
 	@Before
 	public void setup() {
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/TestJwts.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/TestJwts.java
index f975408bcc..f710d485e5 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/TestJwts.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/TestJwts.java
@@ -25,13 +25,25 @@ public final class TestJwts {
 	}
 
 	public static Jwt.Builder jwt() {
-		return Jwt.withTokenValue("token").header("alg", "none").audience(Arrays.asList("https://audience.example.org"))
-				.expiresAt(Instant.MAX).issuedAt(Instant.MIN).issuer("https://issuer.example.org").jti("jti")
-				.notBefore(Instant.MIN).subject("mock-test-subject");
+		// @formatter:off
+		return Jwt.withTokenValue("token")
+				.header("alg", "none")
+				.audience(Arrays.asList("https://audience.example.org"))
+				.expiresAt(Instant.MAX)
+				.issuedAt(Instant.MIN)
+				.issuer("https://issuer.example.org")
+				.jti("jti")
+				.notBefore(Instant.MIN)
+				.subject("mock-test-subject");
+		// @formatter:on
 	}
 
 	public static Jwt user() {
-		return jwt().claim("sub", "mock-test-subject").build();
+		// @formatter:off
+		return jwt()
+				.claim("sub", "mock-test-subject")
+				.build();
+		// @formatter:on
 	}
 
 }

From 36ae1fe3f975b43ec3ab1a2351228c65eb70eec1 Mon Sep 17 00:00:00 2001
From: Rob Winch <rwinch@users.noreply.github.com>
Date: Mon, 24 Aug 2020 09:49:58 -0500
Subject: [PATCH 84/84] Polish oauth2-resource-server format

Issue gh-8945
---
 .../server/resource/BearerTokenError.java     |  29 +++--
 ...ReactiveAuthenticationManagerResolver.java |  17 ++-
 .../JwtReactiveAuthenticationManager.java     |  14 ++-
 ...queTokenReactiveAuthenticationManager.java |  29 +++--
 .../ReactiveJwtAuthenticationConverter.java   |   5 +-
 ...NimbusReactiveOpaqueTokenIntrospector.java |  28 +++--
 .../BearerTokenServerAccessDeniedHandler.java |   8 +-
 .../ServerBearerExchangeFilterFunction.java   |  22 +++-
 .../ServletBearerExchangeFilterFunction.java  |  20 +++-
 .../BearerTokenAuthenticationTokenTests.java  |  10 +-
 .../resource/BearerTokenErrorTests.java       |  56 +++++++--
 .../BearerTokenAuthenticationTests.java       |  12 +-
 .../JwtAuthenticationConverterTests.java      |   9 +-
 .../JwtAuthenticationProviderTests.java       |  14 ++-
 ...arerTokenAuthenticationConverterTests.java |  23 +++-
 .../JwtGrantedAuthoritiesConverterTests.java  | 107 ++++++++++++++----
 ...uerAuthenticationManagerResolverTests.java |  25 +++-
 ...iveAuthenticationManagerResolverTests.java |  26 ++++-
 ...JwtReactiveAuthenticationManagerTests.java |  29 ++++-
 ...paqueTokenAuthenticationProviderTests.java |  21 +++-
 ...kenReactiveAuthenticationManagerTests.java |  15 ++-
 ...wtAuthenticationConverterAdapterTests.java |  27 +++--
 ...antedAuthoritiesConverterAdapterTests.java |   5 +-
 .../NimbusOpaqueTokenIntrospectorTests.java   | 107 +++++++++++++-----
 ...sReactiveOpaqueTokenIntrospectorTests.java |  83 ++++++++++----
 .../BearerTokenAuthenticationFilterTests.java |  18 ++-
 .../web/HeaderBearerTokenResolverTests.java   |  10 +-
 .../BearerTokenAccessDeniedHandlerTests.java  |   9 +-
 ...erTokenServerAccessDeniedHandlerTests.java |   2 +
 ...arerTokenAuthenticationConverterTests.java |  94 ++++++++++-----
 30 files changed, 673 insertions(+), 201 deletions(-)

diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/BearerTokenError.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/BearerTokenError.java
index ef97c711c0..e89adfe56d 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/BearerTokenError.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/BearerTokenError.java
@@ -87,23 +87,38 @@ public final class BearerTokenError extends OAuth2Error {
 	}
 
 	private static boolean isDescriptionValid(String description) {
-		return description == null || description.chars().allMatch((c) -> withinTheRangeOf(c, 0x20, 0x21)
-				|| withinTheRangeOf(c, 0x23, 0x5B) || withinTheRangeOf(c, 0x5D, 0x7E));
+		// @formatter:off
+		return description == null || description.chars().allMatch((c) ->
+				withinTheRangeOf(c, 0x20, 0x21) ||
+				withinTheRangeOf(c, 0x23, 0x5B) ||
+				withinTheRangeOf(c, 0x5D, 0x7E));
+		// @formatter:on
 	}
 
 	private static boolean isErrorCodeValid(String errorCode) {
-		return errorCode.chars().allMatch((c) -> withinTheRangeOf(c, 0x20, 0x21) || withinTheRangeOf(c, 0x23, 0x5B)
-				|| withinTheRangeOf(c, 0x5D, 0x7E));
+		// @formatter:off
+		return errorCode.chars().allMatch((c) ->
+				withinTheRangeOf(c, 0x20, 0x21) ||
+				withinTheRangeOf(c, 0x23, 0x5B) ||
+				withinTheRangeOf(c, 0x5D, 0x7E));
+		// @formatter:on
 	}
 
 	private static boolean isErrorUriValid(String errorUri) {
 		return errorUri == null || errorUri.chars()
-				.allMatch((c) -> c == 0x21 || withinTheRangeOf(c, 0x23, 0x5B) || withinTheRangeOf(c, 0x5D, 0x7E));
+				.allMatch((c) ->
+						c == 0x21 ||
+						withinTheRangeOf(c, 0x23, 0x5B) ||
+						withinTheRangeOf(c, 0x5D, 0x7E));
 	}
 
 	private static boolean isScopeValid(String scope) {
-		return scope == null || scope.chars().allMatch((c) -> withinTheRangeOf(c, 0x20, 0x21)
-				|| withinTheRangeOf(c, 0x23, 0x5B) || withinTheRangeOf(c, 0x5D, 0x7E));
+		// @formatter:off
+		return scope == null || scope.chars().allMatch((c) ->
+				withinTheRangeOf(c, 0x20, 0x21) ||
+				withinTheRangeOf(c, 0x23, 0x5B) ||
+				withinTheRangeOf(c, 0x5D, 0x7E));
+		// @formatter:on
 	}
 
 	private static boolean withinTheRangeOf(int c, int min, int max) {
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerReactiveAuthenticationManagerResolver.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerReactiveAuthenticationManagerResolver.java
index 701c9c4b34..e73635e887 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerReactiveAuthenticationManagerResolver.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerReactiveAuthenticationManagerResolver.java
@@ -122,9 +122,13 @@ public final class JwtIssuerReactiveAuthenticationManagerResolver
 	 */
 	@Override
 	public Mono<ReactiveAuthenticationManager> resolve(ServerWebExchange exchange) {
+		// @formatter:off
 		return this.issuerConverter.convert(exchange)
-				.flatMap((issuer) -> this.issuerAuthenticationManagerResolver.resolve(issuer)
-						.switchIfEmpty(Mono.error(() -> new InvalidBearerTokenException("Invalid issuer " + issuer))));
+				.flatMap((issuer) -> this.issuerAuthenticationManagerResolver
+						.resolve(issuer)
+						.switchIfEmpty(Mono.error(() -> new InvalidBearerTokenException("Invalid issuer " + issuer)))
+				);
+		// @formatter:on
 	}
 
 	private static class JwtClaimIssuerConverter implements Converter<ServerWebExchange, Mono<String>> {
@@ -166,10 +170,13 @@ public final class JwtIssuerReactiveAuthenticationManagerResolver
 			if (!this.trustedIssuer.test(issuer)) {
 				return Mono.empty();
 			}
+			// @formatter:off
 			return this.authenticationManagers.computeIfAbsent(issuer,
-					(k) -> Mono.<ReactiveAuthenticationManager>fromCallable(
-							() -> new JwtReactiveAuthenticationManager(ReactiveJwtDecoders.fromIssuerLocation(k)))
-							.subscribeOn(Schedulers.boundedElastic()).cache());
+					(k) -> Mono.<ReactiveAuthenticationManager>fromCallable(() -> new JwtReactiveAuthenticationManager(ReactiveJwtDecoders.fromIssuerLocation(k)))
+							.subscribeOn(Schedulers.boundedElastic())
+							.cache()
+			);
+			// @formatter:on
 		}
 
 	}
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtReactiveAuthenticationManager.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtReactiveAuthenticationManager.java
index 2cf613c783..50c0470bb4 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtReactiveAuthenticationManager.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtReactiveAuthenticationManager.java
@@ -52,10 +52,16 @@ public final class JwtReactiveAuthenticationManager implements ReactiveAuthentic
 
 	@Override
 	public Mono<Authentication> authenticate(Authentication authentication) {
-		return Mono.justOrEmpty(authentication).filter((a) -> a instanceof BearerTokenAuthenticationToken)
-				.cast(BearerTokenAuthenticationToken.class).map(BearerTokenAuthenticationToken::getToken)
-				.flatMap(this.jwtDecoder::decode).flatMap(this.jwtAuthenticationConverter::convert)
-				.cast(Authentication.class).onErrorMap(JwtException.class, this::onError);
+		// @formatter:off
+		return Mono.justOrEmpty(authentication)
+				.filter((a) -> a instanceof BearerTokenAuthenticationToken)
+				.cast(BearerTokenAuthenticationToken.class)
+				.map(BearerTokenAuthenticationToken::getToken)
+				.flatMap(this.jwtDecoder::decode)
+				.flatMap(this.jwtAuthenticationConverter::convert)
+				.cast(Authentication.class)
+				.onErrorMap(JwtException.class, this::onError);
+		// @formatter:on
 	}
 
 	/**
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenReactiveAuthenticationManager.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenReactiveAuthenticationManager.java
index 679e44fa2a..ad2d848241 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenReactiveAuthenticationManager.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenReactiveAuthenticationManager.java
@@ -75,19 +75,28 @@ public class OpaqueTokenReactiveAuthenticationManager implements ReactiveAuthent
 
 	@Override
 	public Mono<Authentication> authenticate(Authentication authentication) {
-		return Mono.justOrEmpty(authentication).filter(BearerTokenAuthenticationToken.class::isInstance)
-				.cast(BearerTokenAuthenticationToken.class).map(BearerTokenAuthenticationToken::getToken)
-				.flatMap(this::authenticate).cast(Authentication.class);
+		// @formatter:off
+		return Mono.justOrEmpty(authentication)
+				.filter(BearerTokenAuthenticationToken.class::isInstance)
+				.cast(BearerTokenAuthenticationToken.class)
+				.map(BearerTokenAuthenticationToken::getToken)
+				.flatMap(this::authenticate)
+				.cast(Authentication.class);
+		// @formatter:on
 	}
 
 	private Mono<BearerTokenAuthentication> authenticate(String token) {
-		return this.introspector.introspect(token).map((principal) -> {
-			Instant iat = principal.getAttribute(OAuth2IntrospectionClaimNames.ISSUED_AT);
-			Instant exp = principal.getAttribute(OAuth2IntrospectionClaimNames.EXPIRES_AT);
-			// construct token
-			OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, token, iat, exp);
-			return new BearerTokenAuthentication(principal, accessToken, principal.getAuthorities());
-		}).onErrorMap(OAuth2IntrospectionException.class, this::onError);
+		// @formatter:off
+		return this.introspector.introspect(token)
+				.map((principal) -> {
+					Instant iat = principal.getAttribute(OAuth2IntrospectionClaimNames.ISSUED_AT);
+					Instant exp = principal.getAttribute(OAuth2IntrospectionClaimNames.EXPIRES_AT);
+					// construct token
+					OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, token, iat, exp);
+					return new BearerTokenAuthentication(principal, accessToken, principal.getAuthorities());
+				})
+				.onErrorMap(OAuth2IntrospectionException.class, this::onError);
+		// @formatter:on
 	}
 
 	private AuthenticationException onError(OAuth2IntrospectionException ex) {
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtAuthenticationConverter.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtAuthenticationConverter.java
index d9730174e8..05e2f93a13 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtAuthenticationConverter.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtAuthenticationConverter.java
@@ -39,8 +39,11 @@ public final class ReactiveJwtAuthenticationConverter implements Converter<Jwt,
 
 	@Override
 	public Mono<AbstractAuthenticationToken> convert(Jwt jwt) {
-		return this.jwtGrantedAuthoritiesConverter.convert(jwt).collectList()
+		// @formatter:off
+		return this.jwtGrantedAuthoritiesConverter.convert(jwt)
+				.collectList()
 				.map((authorities) -> new JwtAuthenticationToken(jwt, authorities));
+		// @formatter:on
 	}
 
 	/**
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/NimbusReactiveOpaqueTokenIntrospector.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/NimbusReactiveOpaqueTokenIntrospector.java
index 28eca19b62..8b8dc9bd39 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/NimbusReactiveOpaqueTokenIntrospector.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/NimbusReactiveOpaqueTokenIntrospector.java
@@ -90,25 +90,39 @@ public class NimbusReactiveOpaqueTokenIntrospector implements ReactiveOpaqueToke
 
 	@Override
 	public Mono<OAuth2AuthenticatedPrincipal> introspect(String token) {
-		return Mono.just(token).flatMap(this::makeRequest).flatMap(this::adaptToNimbusResponse)
-				.map(this::parseNimbusResponse).map(this::castToNimbusSuccess)
-				.doOnNext((response) -> validate(token, response)).map(this::convertClaimsSet)
+		// @formatter:off
+		return Mono.just(token)
+				.flatMap(this::makeRequest)
+				.flatMap(this::adaptToNimbusResponse)
+				.map(this::parseNimbusResponse)
+				.map(this::castToNimbusSuccess)
+				.doOnNext((response) -> validate(token, response))
+				.map(this::convertClaimsSet)
 				.onErrorMap((e) -> !(e instanceof OAuth2IntrospectionException), this::onError);
+		// @formatter:on
 	}
 
 	private Mono<ClientResponse> makeRequest(String token) {
-		return this.webClient.post().uri(this.introspectionUri)
+		// @formatter:off
+		return this.webClient.post()
+				.uri(this.introspectionUri)
 				.header(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_UTF8_VALUE)
-				.body(BodyInserters.fromFormData("token", token)).exchange();
+				.body(BodyInserters.fromFormData("token", token))
+				.exchange();
+		// @formatter:on
 	}
 
 	private Mono<HTTPResponse> adaptToNimbusResponse(ClientResponse responseEntity) {
 		HTTPResponse response = new HTTPResponse(responseEntity.rawStatusCode());
 		response.setHeader(HttpHeaders.CONTENT_TYPE, responseEntity.headers().contentType().get().toString());
 		if (response.getStatusCode() != HTTPResponse.SC_OK) {
-			return responseEntity.bodyToFlux(DataBuffer.class).map(DataBufferUtils::release)
+			// @formatter:off
+			return responseEntity.bodyToFlux(DataBuffer.class)
+					.map(DataBufferUtils::release)
 					.then(Mono.error(new OAuth2IntrospectionException(
-							"Introspection endpoint responded with " + response.getStatusCode())));
+							"Introspection endpoint responded with " + response.getStatusCode()))
+					);
+			// @formatter:on
 		}
 		return responseEntity.bodyToMono(String.class).doOnNext(response::setContent).map((body) -> response);
 	}
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/access/server/BearerTokenServerAccessDeniedHandler.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/access/server/BearerTokenServerAccessDeniedHandler.java
index 3c07c3892a..ce74a6d0d1 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/access/server/BearerTokenServerAccessDeniedHandler.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/access/server/BearerTokenServerAccessDeniedHandler.java
@@ -59,9 +59,13 @@ public class BearerTokenServerAccessDeniedHandler implements ServerAccessDeniedH
 		if (this.realmName != null) {
 			parameters.put("realm", this.realmName);
 		}
-		return exchange.getPrincipal().filter(AbstractOAuth2TokenAuthenticationToken.class::isInstance)
-				.map((token) -> errorMessageParameters(parameters)).switchIfEmpty(Mono.just(parameters))
+		// @formatter:off
+		return exchange.getPrincipal()
+				.filter(AbstractOAuth2TokenAuthenticationToken.class::isInstance)
+				.map((token) -> errorMessageParameters(parameters))
+				.switchIfEmpty(Mono.just(parameters))
 				.flatMap((params) -> respond(exchange, params));
+		// @formatter:on
 	}
 
 	/**
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServerBearerExchangeFilterFunction.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServerBearerExchangeFilterFunction.java
index edb902bbee..9d39a3a590 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServerBearerExchangeFilterFunction.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServerBearerExchangeFilterFunction.java
@@ -53,21 +53,35 @@ public final class ServerBearerExchangeFilterFunction implements ExchangeFilterF
 
 	@Override
 	public Mono<ClientResponse> filter(ClientRequest request, ExchangeFunction next) {
-		return oauth2Token().map((token) -> bearer(request, token)).defaultIfEmpty(request).flatMap(next::exchange);
+		// @formatter:off
+		return oauth2Token().map((token) -> bearer(request, token))
+				.defaultIfEmpty(request)
+				.flatMap(next::exchange);
+		// @formatter:on
 	}
 
 	private Mono<AbstractOAuth2Token> oauth2Token() {
+		// @formatter:off
 		return currentAuthentication()
 				.filter((authentication) -> authentication.getCredentials() instanceof AbstractOAuth2Token)
-				.map(Authentication::getCredentials).cast(AbstractOAuth2Token.class);
+				.map(Authentication::getCredentials)
+				.cast(AbstractOAuth2Token.class);
+		// @formatter:on
 	}
 
 	private Mono<Authentication> currentAuthentication() {
-		return ReactiveSecurityContextHolder.getContext().map(SecurityContext::getAuthentication);
+		// @formatter:off
+		return ReactiveSecurityContextHolder.getContext()
+				.map(SecurityContext::getAuthentication);
+		// @formatter:on
 	}
 
 	private ClientRequest bearer(ClientRequest request, AbstractOAuth2Token token) {
-		return ClientRequest.from(request).headers((headers) -> headers.setBearerAuth(token.getTokenValue())).build();
+		// @formatter:off
+		return ClientRequest.from(request)
+				.headers((headers) -> headers.setBearerAuth(token.getTokenValue()))
+				.build();
+		// @formatter:on
 	}
 
 }
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServletBearerExchangeFilterFunction.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServletBearerExchangeFilterFunction.java
index f6a34f21c6..981bd2c2a1 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServletBearerExchangeFilterFunction.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServletBearerExchangeFilterFunction.java
@@ -64,13 +64,21 @@ public final class ServletBearerExchangeFilterFunction implements ExchangeFilter
 
 	@Override
 	public Mono<ClientResponse> filter(ClientRequest request, ExchangeFunction next) {
-		return oauth2Token().map((token) -> bearer(request, token)).defaultIfEmpty(request).flatMap(next::exchange);
+		// @formatter:off
+		return oauth2Token().map((token) -> bearer(request, token))
+				.defaultIfEmpty(request)
+				.flatMap(next::exchange);
+		// @formatter:on
 	}
 
 	private Mono<AbstractOAuth2Token> oauth2Token() {
-		return Mono.subscriberContext().flatMap(this::currentAuthentication)
+		// @formatter:off
+		return Mono.subscriberContext()
+				.flatMap(this::currentAuthentication)
 				.filter((authentication) -> authentication.getCredentials() instanceof AbstractOAuth2Token)
-				.map(Authentication::getCredentials).cast(AbstractOAuth2Token.class);
+				.map(Authentication::getCredentials)
+				.cast(AbstractOAuth2Token.class);
+		// @formatter:on
 	}
 
 	private Mono<Authentication> currentAuthentication(Context ctx) {
@@ -88,7 +96,11 @@ public final class ServletBearerExchangeFilterFunction implements ExchangeFilter
 	}
 
 	private ClientRequest bearer(ClientRequest request, AbstractOAuth2Token token) {
-		return ClientRequest.from(request).headers((headers) -> headers.setBearerAuth(token.getTokenValue())).build();
+		// @formatter:off
+		return ClientRequest.from(request)
+				.headers((headers) -> headers.setBearerAuth(token.getTokenValue()))
+				.build();
+		// @formatter:on
 	}
 
 }
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/BearerTokenAuthenticationTokenTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/BearerTokenAuthenticationTokenTests.java
index edc5a8077c..9669a52d77 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/BearerTokenAuthenticationTokenTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/BearerTokenAuthenticationTokenTests.java
@@ -30,14 +30,20 @@ public class BearerTokenAuthenticationTokenTests {
 
 	@Test
 	public void constructorWhenTokenIsNullThenThrowsException() {
-		assertThatIllegalArgumentException().isThrownBy(() -> new BearerTokenAuthenticationToken(null))
+		// @formatter:off
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new BearerTokenAuthenticationToken(null))
 				.withMessageContaining("token cannot be empty");
+		// @formatter:on
 	}
 
 	@Test
 	public void constructorWhenTokenIsEmptyThenThrowsException() {
-		assertThatIllegalArgumentException().isThrownBy(() -> new BearerTokenAuthenticationToken(""))
+		// @formatter:off
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new BearerTokenAuthenticationToken(""))
 				.withMessageContaining("token cannot be empty");
+		// @formatter:on
 	}
 
 	@Test
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/BearerTokenErrorTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/BearerTokenErrorTests.java
index 2eb36f38bf..63111e86ab 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/BearerTokenErrorTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/BearerTokenErrorTests.java
@@ -53,20 +53,29 @@ public class BearerTokenErrorTests {
 
 	@Test
 	public void constructorWithErrorCodeAndHttpStatusWhenErrorCodeIsNullThenThrowIllegalArgumentException() {
-		assertThatIllegalArgumentException().isThrownBy(() -> new BearerTokenError(null, TEST_HTTP_STATUS, null, null))
+		// @formatter:off
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new BearerTokenError(null, TEST_HTTP_STATUS, null, null))
 				.withMessage("errorCode cannot be empty");
+		// @formatter:on
 	}
 
 	@Test
 	public void constructorWithErrorCodeAndHttpStatusWhenErrorCodeIsEmptyThenThrowIllegalArgumentException() {
-		assertThatIllegalArgumentException().isThrownBy(() -> new BearerTokenError("", TEST_HTTP_STATUS, null, null))
+		// @formatter:off
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new BearerTokenError("", TEST_HTTP_STATUS, null, null))
 				.withMessage("errorCode cannot be empty");
+		// @formatter:on
 	}
 
 	@Test
 	public void constructorWithErrorCodeAndHttpStatusWhenHttpStatusIsNullThenThrowIllegalArgumentException() {
-		assertThatIllegalArgumentException().isThrownBy(() -> new BearerTokenError(TEST_ERROR_CODE, null, null, null))
+		// @formatter:off
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new BearerTokenError(TEST_ERROR_CODE, null, null, null))
 				.withMessage("httpStatus cannot be null");
+		// @formatter:on
 	}
 
 	@Test
@@ -82,52 +91,77 @@ public class BearerTokenErrorTests {
 
 	@Test
 	public void constructorWithAllParametersWhenErrorCodeIsNullThenThrowIllegalArgumentException() {
+		// @formatter:off
 		assertThatIllegalArgumentException()
 				.isThrownBy(() -> new BearerTokenError(null, TEST_HTTP_STATUS, TEST_DESCRIPTION, TEST_URI, TEST_SCOPE))
 				.withMessage("errorCode cannot be empty");
+		// @formatter:on
 	}
 
 	@Test
 	public void constructorWithAllParametersWhenErrorCodeIsEmptyThenThrowIllegalArgumentException() {
+		// @formatter:off
 		assertThatIllegalArgumentException()
 				.isThrownBy(() -> new BearerTokenError("", TEST_HTTP_STATUS, TEST_DESCRIPTION, TEST_URI, TEST_SCOPE))
 				.withMessage("errorCode cannot be empty");
+		// @formatter:on
 	}
 
 	@Test
 	public void constructorWithAllParametersWhenHttpStatusIsNullThenThrowIllegalArgumentException() {
+		// @formatter:off
 		assertThatIllegalArgumentException()
 				.isThrownBy(() -> new BearerTokenError(TEST_ERROR_CODE, null, TEST_DESCRIPTION, TEST_URI, TEST_SCOPE))
 				.withMessage("httpStatus cannot be null");
+		// @formatter:on
 	}
 
 	@Test
 	public void constructorWithAllParametersWhenErrorCodeIsInvalidThenThrowIllegalArgumentException() {
-		assertThatIllegalArgumentException().isThrownBy(() -> new BearerTokenError(TEST_ERROR_CODE + "\"",
-				TEST_HTTP_STATUS, TEST_DESCRIPTION, TEST_URI, TEST_SCOPE)).withMessageContaining("errorCode")
+		// @formatter:off
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new BearerTokenError(TEST_ERROR_CODE + "\"",
+					TEST_HTTP_STATUS, TEST_DESCRIPTION, TEST_URI, TEST_SCOPE)
+				)
+				.withMessageContaining("errorCode")
 				.withMessageContaining("RFC 6750");
+		// @formatter:on
 	}
 
 	@Test
 	public void constructorWithAllParametersWhenDescriptionIsInvalidThenThrowIllegalArgumentException() {
-		assertThatIllegalArgumentException().isThrownBy(() -> new BearerTokenError(TEST_ERROR_CODE, TEST_HTTP_STATUS,
-				TEST_DESCRIPTION + "\"", TEST_URI, TEST_SCOPE)).withMessageContaining("description")
+		// @formatter:off
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new BearerTokenError(TEST_ERROR_CODE, TEST_HTTP_STATUS,
+					TEST_DESCRIPTION + "\"", TEST_URI, TEST_SCOPE)
+				)
+				.withMessageContaining("description")
 				.withMessageContaining("RFC 6750");
+		// @formatter:on
 	}
 
 	@Test
 	public void constructorWithAllParametersWhenErrorUriIsInvalidThenThrowIllegalArgumentException() {
+		// @formatter:off
 		assertThatIllegalArgumentException()
 				.isThrownBy(() -> new BearerTokenError(TEST_ERROR_CODE, TEST_HTTP_STATUS, TEST_DESCRIPTION,
-						TEST_URI + "\"", TEST_SCOPE))
-				.withMessageContaining("errorUri").withMessageContaining("RFC 6750");
+						TEST_URI + "\"", TEST_SCOPE)
+				)
+				.withMessageContaining("errorUri")
+				.withMessageContaining("RFC 6750");
+		// @formatter:on
 	}
 
 	@Test
 	public void constructorWithAllParametersWhenScopeIsInvalidThenThrowIllegalArgumentException() {
-		assertThatIllegalArgumentException().isThrownBy(() -> new BearerTokenError(TEST_ERROR_CODE, TEST_HTTP_STATUS,
-				TEST_DESCRIPTION, TEST_URI, TEST_SCOPE + "\"")).withMessageContaining("scope")
+		// @formatter:off
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new BearerTokenError(TEST_ERROR_CODE, TEST_HTTP_STATUS,
+					TEST_DESCRIPTION, TEST_URI, TEST_SCOPE + "\"")
+				)
+				.withMessageContaining("scope")
 				.withMessageContaining("RFC 6750");
+		// @formatter:on
 	}
 
 }
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/BearerTokenAuthenticationTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/BearerTokenAuthenticationTests.java
index 9808b19d5b..1f4cfdf292 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/BearerTokenAuthenticationTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/BearerTokenAuthenticationTests.java
@@ -84,20 +84,28 @@ public class BearerTokenAuthenticationTests {
 	@Test
 	public void getNameWhenTokenHasUsernameThenReturnsUsernameAttribute() {
 		BearerTokenAuthentication authenticated = new BearerTokenAuthentication(this.principal, this.token, null);
+		// @formatter:off
 		assertThat(authenticated.getName())
 				.isEqualTo(this.principal.getAttribute(OAuth2IntrospectionClaimNames.SUBJECT));
+		// @formatter:on
 	}
 
 	@Test
 	public void constructorWhenTokenIsNullThenThrowsException() {
-		assertThatIllegalArgumentException().isThrownBy(() -> new BearerTokenAuthentication(this.principal, null, null))
+		// @formatter:off
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new BearerTokenAuthentication(this.principal, null, null))
 				.withMessageContaining("token cannot be null");
+		// @formatter:on
 	}
 
 	@Test
 	public void constructorWhenCredentialIsNullThenThrowsException() {
-		assertThatIllegalArgumentException().isThrownBy(() -> new BearerTokenAuthentication(null, this.token, null))
+		// @formatter:off
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new BearerTokenAuthentication(null, this.token, null))
 				.withMessageContaining("principal cannot be null");
+		// @formatter:on
 	}
 
 	@Test
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationConverterTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationConverterTests.java
index f4fb711430..037d1070ba 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationConverterTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationConverterTests.java
@@ -70,22 +70,29 @@ public class JwtAuthenticationConverterTests {
 
 	@Test
 	public void whenSettingNullPrincipalClaimName() {
+		// @formatter:off
 		assertThatIllegalArgumentException()
 				.isThrownBy(() -> this.jwtAuthenticationConverter.setPrincipalClaimName(null))
 				.withMessage("principalClaimName cannot be empty");
+		// @formatter:on
 	}
 
 	@Test
 	public void whenSettingEmptyPrincipalClaimName() {
-		assertThatIllegalArgumentException().isThrownBy(() -> this.jwtAuthenticationConverter.setPrincipalClaimName(""))
+		// @formatter:off
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.jwtAuthenticationConverter.setPrincipalClaimName(""))
 				.withMessage("principalClaimName cannot be empty");
+		// @formatter:on
 	}
 
 	@Test
 	public void whenSettingBlankPrincipalClaimName() {
+		// @formatter:off
 		assertThatIllegalArgumentException()
 				.isThrownBy(() -> this.jwtAuthenticationConverter.setPrincipalClaimName(" "))
 				.withMessage("principalClaimName cannot be empty");
+		// @formatter:on
 	}
 
 	@Test
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationProviderTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationProviderTests.java
index 5c6e9c78a9..9e92ce52e4 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationProviderTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationProviderTests.java
@@ -76,18 +76,22 @@ public class JwtAuthenticationProviderTests {
 	public void authenticateWhenJwtDecodeFailsThenRespondsWithInvalidToken() {
 		BearerTokenAuthenticationToken token = this.authentication();
 		given(this.jwtDecoder.decode("token")).willThrow(BadJwtException.class);
+		// @formatter:off
 		assertThatExceptionOfType(OAuth2AuthenticationException.class)
 				.isThrownBy(() -> this.provider.authenticate(token))
 				.matches(errorCode(BearerTokenErrorCodes.INVALID_TOKEN));
+		// @formatter:on
 	}
 
 	@Test
 	public void authenticateWhenDecoderThrowsIncompatibleErrorMessageThenWrapsWithGenericOne() {
 		BearerTokenAuthenticationToken token = this.authentication();
 		given(this.jwtDecoder.decode(token.getToken())).willThrow(new BadJwtException("with \"invalid\" chars"));
+		// @formatter:off
 		assertThatExceptionOfType(OAuth2AuthenticationException.class)
 				.isThrownBy(() -> this.provider.authenticate(token))
 				.satisfies((ex) -> assertThat(ex).hasFieldOrPropertyWithValue("error.description", "Invalid token"));
+		// @formatter:on
 	}
 
 	// gh-7785
@@ -95,8 +99,11 @@ public class JwtAuthenticationProviderTests {
 	public void authenticateWhenDecoderFailsGenericallyThenThrowsGenericException() {
 		BearerTokenAuthenticationToken token = this.authentication();
 		given(this.jwtDecoder.decode(token.getToken())).willThrow(new JwtException("no jwk set"));
-		assertThatExceptionOfType(AuthenticationException.class).isThrownBy(() -> this.provider.authenticate(token))
+		// @formatter:off
+		assertThatExceptionOfType(AuthenticationException.class)
+				.isThrownBy(() -> this.provider.authenticate(token))
 				.isNotInstanceOf(OAuth2AuthenticationException.class);
+		// @formatter:on
 	}
 
 	@Test
@@ -108,8 +115,11 @@ public class JwtAuthenticationProviderTests {
 		JwtAuthenticationToken authentication = new JwtAuthenticationToken(jwt);
 		given(this.jwtDecoder.decode(token.getToken())).willReturn(jwt);
 		given(this.jwtAuthenticationConverter.convert(jwt)).willReturn(authentication);
-		assertThat(this.provider.authenticate(token)).isEqualTo(authentication).hasFieldOrPropertyWithValue("details",
+		// @formatter:off
+		assertThat(this.provider.authenticate(token))
+				.isEqualTo(authentication).hasFieldOrPropertyWithValue("details",
 				details);
+		// @formatter:on
 	}
 
 	@Test
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtBearerTokenAuthenticationConverterTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtBearerTokenAuthenticationConverterTests.java
index 4d24f499e1..10d4744258 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtBearerTokenAuthenticationConverterTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtBearerTokenAuthenticationConverterTests.java
@@ -37,7 +37,12 @@ public class JwtBearerTokenAuthenticationConverterTests {
 
 	@Test
 	public void convertWhenJwtThenBearerTokenAuthentication() {
-		Jwt jwt = Jwt.withTokenValue("token-value").claim("claim", "value").header("header", "value").build();
+		// @formatter:off
+		Jwt jwt = Jwt.withTokenValue("token-value")
+				.claim("claim", "value")
+				.header("header", "value")
+				.build();
+		// @formatter:on
 		AbstractAuthenticationToken token = this.converter.convert(jwt);
 		assertThat(token).isInstanceOf(BearerTokenAuthentication.class);
 		BearerTokenAuthentication bearerToken = (BearerTokenAuthentication) token;
@@ -48,8 +53,12 @@ public class JwtBearerTokenAuthenticationConverterTests {
 
 	@Test
 	public void convertWhenJwtWithScopeAttributeThenBearerTokenAuthentication() {
-		Jwt jwt = Jwt.withTokenValue("token-value").claim("scope", "message:read message:write")
-				.header("header", "value").build();
+		// @formatter:off
+		Jwt jwt = Jwt.withTokenValue("token-value")
+				.claim("scope", "message:read message:write")
+				.header("header", "value")
+				.build();
+		// @formatter:on
 		AbstractAuthenticationToken token = this.converter.convert(jwt);
 		assertThat(token).isInstanceOf(BearerTokenAuthentication.class);
 		BearerTokenAuthentication bearerToken = (BearerTokenAuthentication) token;
@@ -59,8 +68,12 @@ public class JwtBearerTokenAuthenticationConverterTests {
 
 	@Test
 	public void convertWhenJwtWithScpAttributeThenBearerTokenAuthentication() {
-		Jwt jwt = Jwt.withTokenValue("token-value").claim("scp", Arrays.asList("message:read", "message:write"))
-				.header("header", "value").build();
+		// @formatter:off
+		Jwt jwt = Jwt.withTokenValue("token-value")
+				.claim("scp", Arrays.asList("message:read", "message:write"))
+				.header("header", "value")
+				.build();
+		// @formatter:on
 		AbstractAuthenticationToken token = this.converter.convert(jwt);
 		assertThat(token).isInstanceOf(BearerTokenAuthentication.class);
 		BearerTokenAuthentication bearerToken = (BearerTokenAuthentication) token;
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtGrantedAuthoritiesConverterTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtGrantedAuthoritiesConverterTests.java
index e3a2ed91ca..e35a589494 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtGrantedAuthoritiesConverterTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtGrantedAuthoritiesConverterTests.java
@@ -45,7 +45,11 @@ public class JwtGrantedAuthoritiesConverterTests {
 
 	@Test
 	public void convertWhenTokenHasScopeAttributeThenTranslatedToAuthorities() {
-		Jwt jwt = TestJwts.jwt().claim("scope", "message:read message:write").build();
+		// @formatter:off
+		Jwt jwt = TestJwts.jwt()
+				.claim("scope", "message:read message:write")
+				.build();
+		// @formatter:on
 		JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
 		Collection<GrantedAuthority> authorities = jwtGrantedAuthoritiesConverter.convert(jwt);
 		assertThat(authorities).containsExactly(new SimpleGrantedAuthority("SCOPE_message:read"),
@@ -54,7 +58,11 @@ public class JwtGrantedAuthoritiesConverterTests {
 
 	@Test
 	public void convertWithCustomAuthorityPrefixWhenTokenHasScopeAttributeThenTranslatedToAuthorities() {
-		Jwt jwt = TestJwts.jwt().claim("scope", "message:read message:write").build();
+		// @formatter:off
+		Jwt jwt = TestJwts.jwt()
+				.claim("scope", "message:read message:write")
+				.build();
+		// @formatter:on
 		JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
 		jwtGrantedAuthoritiesConverter.setAuthorityPrefix("ROLE_");
 		Collection<GrantedAuthority> authorities = jwtGrantedAuthoritiesConverter.convert(jwt);
@@ -64,7 +72,11 @@ public class JwtGrantedAuthoritiesConverterTests {
 
 	@Test
 	public void convertWithBlankAsCustomAuthorityPrefixWhenTokenHasScopeAttributeThenTranslatedToAuthorities() {
-		Jwt jwt = TestJwts.jwt().claim("scope", "message:read message:write").build();
+		// @formatter:off
+		Jwt jwt = TestJwts.jwt()
+				.claim("scope", "message:read message:write")
+				.build();
+		// @formatter:on
 		JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
 		jwtGrantedAuthoritiesConverter.setAuthorityPrefix("");
 		Collection<GrantedAuthority> authorities = jwtGrantedAuthoritiesConverter.convert(jwt);
@@ -74,7 +86,11 @@ public class JwtGrantedAuthoritiesConverterTests {
 
 	@Test
 	public void convertWhenTokenHasEmptyScopeAttributeThenTranslatedToNoAuthorities() {
-		Jwt jwt = TestJwts.jwt().claim("scope", "").build();
+		// @formatter:off
+		Jwt jwt = TestJwts.jwt()
+				.claim("scope", "")
+				.build();
+		// @formatter:on
 		JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
 		Collection<GrantedAuthority> authorities = jwtGrantedAuthoritiesConverter.convert(jwt);
 		assertThat(authorities).isEmpty();
@@ -82,7 +98,11 @@ public class JwtGrantedAuthoritiesConverterTests {
 
 	@Test
 	public void convertWhenTokenHasScpAttributeThenTranslatedToAuthorities() {
-		Jwt jwt = TestJwts.jwt().claim("scp", Arrays.asList("message:read", "message:write")).build();
+		// @formatter:off
+		Jwt jwt = TestJwts.jwt()
+				.claim("scp", Arrays.asList("message:read", "message:write"))
+				.build();
+		// @formatter:on
 		JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
 		Collection<GrantedAuthority> authorities = jwtGrantedAuthoritiesConverter.convert(jwt);
 		assertThat(authorities).containsExactly(new SimpleGrantedAuthority("SCOPE_message:read"),
@@ -91,7 +111,11 @@ public class JwtGrantedAuthoritiesConverterTests {
 
 	@Test
 	public void convertWithCustomAuthorityPrefixWhenTokenHasScpAttributeThenTranslatedToAuthorities() {
-		Jwt jwt = TestJwts.jwt().claim("scp", Arrays.asList("message:read", "message:write")).build();
+		// @formatter:off
+		Jwt jwt = TestJwts.jwt()
+				.claim("scp", Arrays.asList("message:read", "message:write"))
+				.build();
+		// @formatter:on
 		JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
 		jwtGrantedAuthoritiesConverter.setAuthorityPrefix("ROLE_");
 		Collection<GrantedAuthority> authorities = jwtGrantedAuthoritiesConverter.convert(jwt);
@@ -101,7 +125,11 @@ public class JwtGrantedAuthoritiesConverterTests {
 
 	@Test
 	public void convertWithBlankAsCustomAuthorityPrefixWhenTokenHasScpAttributeThenTranslatedToAuthorities() {
-		Jwt jwt = TestJwts.jwt().claim("scp", "message:read message:write").build();
+		// @formatter:off
+		Jwt jwt = TestJwts.jwt()
+				.claim("scp", "message:read message:write")
+				.build();
+		// @formatter:on
 		JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
 		jwtGrantedAuthoritiesConverter.setAuthorityPrefix("");
 		Collection<GrantedAuthority> authorities = jwtGrantedAuthoritiesConverter.convert(jwt);
@@ -111,7 +139,11 @@ public class JwtGrantedAuthoritiesConverterTests {
 
 	@Test
 	public void convertWhenTokenHasEmptyScpAttributeThenTranslatedToNoAuthorities() {
-		Jwt jwt = TestJwts.jwt().claim("scp", Collections.emptyList()).build();
+		// @formatter:off
+		Jwt jwt = TestJwts.jwt()
+				.claim("scp", Collections.emptyList())
+				.build();
+		// @formatter:on
 		JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
 		Collection<GrantedAuthority> authorities = jwtGrantedAuthoritiesConverter.convert(jwt);
 		assertThat(authorities).isEmpty();
@@ -119,8 +151,12 @@ public class JwtGrantedAuthoritiesConverterTests {
 
 	@Test
 	public void convertWhenTokenHasBothScopeAndScpThenScopeAttributeIsTranslatedToAuthorities() {
-		Jwt jwt = TestJwts.jwt().claim("scp", Arrays.asList("message:read", "message:write"))
-				.claim("scope", "missive:read missive:write").build();
+		// @formatter:off
+		Jwt jwt = TestJwts.jwt()
+				.claim("scp", Arrays.asList("message:read", "message:write"))
+				.claim("scope", "missive:read missive:write")
+				.build();
+		// @formatter:on
 		JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
 		Collection<GrantedAuthority> authorities = jwtGrantedAuthoritiesConverter.convert(jwt);
 		assertThat(authorities).containsExactly(new SimpleGrantedAuthority("SCOPE_missive:read"),
@@ -129,8 +165,12 @@ public class JwtGrantedAuthoritiesConverterTests {
 
 	@Test
 	public void convertWhenTokenHasEmptyScopeAndNonEmptyScpThenScopeAttributeIsTranslatedToNoAuthorities() {
-		Jwt jwt = TestJwts.jwt().claim("scp", Arrays.asList("message:read", "message:write")).claim("scope", "")
+		// @formatter:off
+		Jwt jwt = TestJwts.jwt()
+				.claim("scp", Arrays.asList("message:read", "message:write"))
+				.claim("scope", "")
 				.build();
+		// @formatter:on
 		JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
 		Collection<GrantedAuthority> authorities = jwtGrantedAuthoritiesConverter.convert(jwt);
 		assertThat(authorities).isEmpty();
@@ -138,15 +178,25 @@ public class JwtGrantedAuthoritiesConverterTests {
 
 	@Test
 	public void convertWhenTokenHasEmptyScopeAndEmptyScpAttributeThenTranslatesToNoAuthorities() {
-		Jwt jwt = TestJwts.jwt().claim("scp", Collections.emptyList()).claim("scope", Collections.emptyList()).build();
+		// @formatter:off
+		Jwt jwt = TestJwts.jwt()
+				.claim("scp", Collections.emptyList())
+				.claim("scope", Collections.emptyList())
+				.build();
+		// @formatter:on
 		JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
 		Collection<GrantedAuthority> authorities = jwtGrantedAuthoritiesConverter.convert(jwt);
-		assertThat(authorities).isEmpty();
+		assertThat(authorities)
+				.isEmpty();
 	}
 
 	@Test
 	public void convertWhenTokenHasNoScopeAndNoScpAttributeThenTranslatesToNoAuthorities() {
-		Jwt jwt = TestJwts.jwt().claim("roles", Arrays.asList("message:read", "message:write")).build();
+		// @formatter:off
+		Jwt jwt = TestJwts.jwt()
+				.claim("roles", Arrays.asList("message:read", "message:write"))
+				.build();
+		// @formatter:on
 		JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
 		Collection<GrantedAuthority> authorities = jwtGrantedAuthoritiesConverter.convert(jwt);
 		assertThat(authorities).isEmpty();
@@ -154,16 +204,25 @@ public class JwtGrantedAuthoritiesConverterTests {
 
 	@Test
 	public void convertWhenTokenHasUnsupportedTypeForScopeThenTranslatesToNoAuthorities() {
-		Jwt jwt = TestJwts.jwt().claim("scope", new String[] { "message:read", "message:write" }).build();
+		// @formatter:off
+		Jwt jwt = TestJwts.jwt()
+				.claim("scope", new String[] { "message:read", "message:write" })
+				.build();
+		// @formatter:on
 		JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
 		Collection<GrantedAuthority> authorities = jwtGrantedAuthoritiesConverter.convert(jwt);
-		assertThat(authorities).isEmpty();
+		assertThat(authorities)
+				.isEmpty();
 	}
 
 	@Test
 	public void convertWhenTokenHasCustomClaimNameThenCustomClaimNameAttributeIsTranslatedToAuthorities() {
-		Jwt jwt = TestJwts.jwt().claim("roles", Arrays.asList("message:read", "message:write"))
-				.claim("scope", "missive:read missive:write").build();
+		// @formatter:off
+		Jwt jwt = TestJwts.jwt()
+				.claim("roles", Arrays.asList("message:read", "message:write"))
+				.claim("scope", "missive:read missive:write")
+				.build();
+		// @formatter:on
 		JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
 		jwtGrantedAuthoritiesConverter.setAuthoritiesClaimName("roles");
 		Collection<GrantedAuthority> authorities = jwtGrantedAuthoritiesConverter.convert(jwt);
@@ -173,8 +232,12 @@ public class JwtGrantedAuthoritiesConverterTests {
 
 	@Test
 	public void convertWhenTokenHasEmptyCustomClaimNameThenCustomClaimNameAttributeIsTranslatedToNoAuthorities() {
-		Jwt jwt = TestJwts.jwt().claim("roles", Collections.emptyList()).claim("scope", "missive:read missive:write")
+		// @formatter:off
+		Jwt jwt = TestJwts.jwt()
+				.claim("roles", Collections.emptyList())
+				.claim("scope", "missive:read missive:write")
 				.build();
+		// @formatter:on
 		JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
 		jwtGrantedAuthoritiesConverter.setAuthoritiesClaimName("roles");
 		Collection<GrantedAuthority> authorities = jwtGrantedAuthoritiesConverter.convert(jwt);
@@ -183,7 +246,11 @@ public class JwtGrantedAuthoritiesConverterTests {
 
 	@Test
 	public void convertWhenTokenHasNoCustomClaimNameThenCustomClaimNameAttributeIsTranslatedToNoAuthorities() {
-		Jwt jwt = TestJwts.jwt().claim("scope", "missive:read missive:write").build();
+		// @formatter:off
+		Jwt jwt = TestJwts.jwt()
+				.claim("scope", "missive:read missive:write")
+				.build();
+		// @formatter:on
 		JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
 		jwtGrantedAuthoritiesConverter.setAuthoritiesClaimName("roles");
 		Collection<GrantedAuthority> authorities = jwtGrantedAuthoritiesConverter.convert(jwt);
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerAuthenticationManagerResolverTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerAuthenticationManagerResolverTests.java
index dbfeedbf42..354c551105 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerAuthenticationManagerResolverTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerAuthenticationManagerResolverTests.java
@@ -64,8 +64,12 @@ public class JwtIssuerAuthenticationManagerResolverTests {
 		try (MockWebServer server = new MockWebServer()) {
 			server.start();
 			String issuer = server.url("").toString();
-			server.enqueue(new MockResponse().setResponseCode(200).setHeader("Content-Type", "application/json")
-					.setBody(String.format(DEFAULT_RESPONSE_TEMPLATE, issuer, issuer)));
+			// @formatter:off
+			server.enqueue(new MockResponse().setResponseCode(200)
+					.setHeader("Content-Type", "application/json")
+					.setBody(String.format(DEFAULT_RESPONSE_TEMPLATE, issuer, issuer)
+			));
+			// @formatter:on
 			JWSObject jws = new JWSObject(new JWSHeader(JWSAlgorithm.RS256),
 					new Payload(new JSONObject(Collections.singletonMap(JwtClaimNames.ISS, issuer))));
 			jws.sign(new RSASSASigner(TestKeys.DEFAULT_PRIVATE_KEY));
@@ -86,9 +90,11 @@ public class JwtIssuerAuthenticationManagerResolverTests {
 				"other", "issuers");
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.addHeader("Authorization", "Bearer " + this.jwt);
+		// @formatter:off
 		assertThatExceptionOfType(OAuth2AuthenticationException.class)
 				.isThrownBy(() -> authenticationManagerResolver.resolve(request))
 				.withMessageContaining("Invalid issuer");
+		// @formatter:on
 	}
 
 	@Test
@@ -108,16 +114,20 @@ public class JwtIssuerAuthenticationManagerResolverTests {
 		Map<String, AuthenticationManager> authenticationManagers = new HashMap<>();
 		JwtIssuerAuthenticationManagerResolver authenticationManagerResolver = new JwtIssuerAuthenticationManagerResolver(
 				authenticationManagers::get);
+		// @formatter:off
 		assertThatExceptionOfType(OAuth2AuthenticationException.class)
 				.isThrownBy(() -> authenticationManagerResolver.resolve(request))
 				.withMessageContaining("Invalid issuer");
+		// @formatter:on
 		AuthenticationManager authenticationManager = mock(AuthenticationManager.class);
 		authenticationManagers.put("trusted", authenticationManager);
 		assertThat(authenticationManagerResolver.resolve(request)).isSameAs(authenticationManager);
 		authenticationManagers.clear();
+		// @formatter:off
 		assertThatExceptionOfType(OAuth2AuthenticationException.class)
 				.isThrownBy(() -> authenticationManagerResolver.resolve(request))
 				.withMessageContaining("Invalid issuer");
+		// @formatter:on
 	}
 
 	@Test
@@ -126,9 +136,11 @@ public class JwtIssuerAuthenticationManagerResolverTests {
 				"trusted");
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.addHeader("Authorization", "Bearer jwt");
+		// @formatter:off
 		assertThatExceptionOfType(OAuth2AuthenticationException.class)
 				.isThrownBy(() -> authenticationManagerResolver.resolve(request))
 				.withMessageNotContaining("Invalid issuer");
+		// @formatter:on
 	}
 
 	@Test
@@ -137,9 +149,11 @@ public class JwtIssuerAuthenticationManagerResolverTests {
 				"trusted");
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.addHeader("Authorization", "Bearer " + this.noIssuer);
+		// @formatter:off
 		assertThatExceptionOfType(OAuth2AuthenticationException.class)
 				.isThrownBy(() -> authenticationManagerResolver.resolve(request))
 				.withMessageContaining("Missing issuer");
+		// @formatter:on
 	}
 
 	@Test
@@ -148,8 +162,13 @@ public class JwtIssuerAuthenticationManagerResolverTests {
 				"trusted");
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.addHeader("Authorization", "Bearer " + this.evil);
+		// @formatter:off
 		assertThatExceptionOfType(OAuth2AuthenticationException.class)
-				.isThrownBy(() -> authenticationManagerResolver.resolve(request)).withMessage("Invalid issuer");
+				.isThrownBy(() -> authenticationManagerResolver
+						.resolve(request)
+				)
+				.withMessage("Invalid issuer");
+		// @formatter:on
 	}
 
 	@Test
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerReactiveAuthenticationManagerResolverTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerReactiveAuthenticationManagerResolverTests.java
index 7d290b39e2..a46100cd81 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerReactiveAuthenticationManagerResolverTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerReactiveAuthenticationManagerResolverTests.java
@@ -52,8 +52,12 @@ import static org.mockito.Mockito.mock;
  */
 public class JwtIssuerReactiveAuthenticationManagerResolverTests {
 
-	private static final String DEFAULT_RESPONSE_TEMPLATE = "{\n" + "    \"issuer\": \"%s\", \n"
-			+ "    \"jwks_uri\": \"%s/.well-known/jwks.json\" \n" + "}";
+	// @formatter:off
+	private static final String DEFAULT_RESPONSE_TEMPLATE = "{\n"
+			+ "    \"issuer\": \"%s\", \n"
+			+ "    \"jwks_uri\": \"%s/.well-known/jwks.json\" \n"
+			+ "}";
+	// @formatter:on
 
 	private String jwt = jwt("iss", "trusted");
 
@@ -87,9 +91,11 @@ public class JwtIssuerReactiveAuthenticationManagerResolverTests {
 		JwtIssuerReactiveAuthenticationManagerResolver authenticationManagerResolver = new JwtIssuerReactiveAuthenticationManagerResolver(
 				"other", "issuers");
 		MockServerWebExchange exchange = withBearerToken(this.jwt);
+		// @formatter:off
 		assertThatExceptionOfType(OAuth2AuthenticationException.class)
 				.isThrownBy(() -> authenticationManagerResolver.resolve(exchange).block())
 				.withMessageContaining("Invalid issuer");
+		// @formatter:on
 	}
 
 	@Test
@@ -114,9 +120,11 @@ public class JwtIssuerReactiveAuthenticationManagerResolverTests {
 		authenticationManagers.put("trusted", authenticationManager);
 		assertThat(authenticationManagerResolver.resolve(exchange).block()).isSameAs(authenticationManager);
 		authenticationManagers.clear();
+		// @formatter:off
 		assertThatExceptionOfType(OAuth2AuthenticationException.class)
 				.isThrownBy(() -> authenticationManagerResolver.resolve(exchange).block())
 				.withMessageContaining("Invalid issuer");
+		// @formatter:on
 	}
 
 	@Test
@@ -124,9 +132,11 @@ public class JwtIssuerReactiveAuthenticationManagerResolverTests {
 		JwtIssuerReactiveAuthenticationManagerResolver authenticationManagerResolver = new JwtIssuerReactiveAuthenticationManagerResolver(
 				"trusted");
 		MockServerWebExchange exchange = withBearerToken("jwt");
+		// @formatter:off
 		assertThatExceptionOfType(OAuth2AuthenticationException.class)
 				.isThrownBy(() -> authenticationManagerResolver.resolve(exchange).block())
 				.withMessageNotContaining("Invalid issuer");
+		// @formatter:on
 	}
 
 	@Test
@@ -144,8 +154,11 @@ public class JwtIssuerReactiveAuthenticationManagerResolverTests {
 		JwtIssuerReactiveAuthenticationManagerResolver authenticationManagerResolver = new JwtIssuerReactiveAuthenticationManagerResolver(
 				"trusted");
 		MockServerWebExchange exchange = withBearerToken(this.evil);
+		// @formatter:off
 		assertThatExceptionOfType(OAuth2AuthenticationException.class)
-				.isThrownBy(() -> authenticationManagerResolver.resolve(exchange).block()).withMessage("Invalid token");
+				.isThrownBy(() -> authenticationManagerResolver.resolve(exchange).block())
+				.withMessage("Invalid token");
+		// @formatter:on
 	}
 
 	@Test
@@ -159,7 +172,7 @@ public class JwtIssuerReactiveAuthenticationManagerResolverTests {
 	@Test
 	public void constructorWhenNullAuthenticationManagerResolverThenException() {
 		assertThatIllegalArgumentException().isThrownBy(
-				() -> new JwtIssuerReactiveAuthenticationManagerResolver((ReactiveAuthenticationManagerResolver) null));
+				() -> new JwtIssuerReactiveAuthenticationManagerResolver((ReactiveAuthenticationManagerResolver) null));JwtReactiveAuthenticationManagerTests
 	}
 
 	private String jwt(String claim, String value) {
@@ -168,8 +181,11 @@ public class JwtIssuerReactiveAuthenticationManagerResolverTests {
 	}
 
 	private MockServerWebExchange withBearerToken(String token) {
-		MockServerHttpRequest request = MockServerHttpRequest.get("/").header("Authorization", "Bearer " + token)
+		// @formatter:off
+		MockServerHttpRequest request = MockServerHttpRequest.get("/")
+				.header("Authorization", "Bearer " + token)
 				.build();
+		// @formatter:on
 		return MockServerWebExchange.from(request);
 	}
 
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtReactiveAuthenticationManagerTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtReactiveAuthenticationManagerTests.java
index bfafa2cfc3..989044a046 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtReactiveAuthenticationManagerTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtReactiveAuthenticationManagerTests.java
@@ -58,13 +58,20 @@ public class JwtReactiveAuthenticationManagerTests {
 	@Before
 	public void setup() {
 		this.manager = new JwtReactiveAuthenticationManager(this.jwtDecoder);
-		this.jwt = TestJwts.jwt().claim("scope", "message:read message:write").build();
+		// @formatter:off
+		this.jwt = TestJwts.jwt()
+				.claim("scope", "message:read message:write")
+				.build();
+		// @formatter:on
 	}
 
 	@Test
 	public void constructorWhenJwtDecoderNullThenIllegalArgumentException() {
 		this.jwtDecoder = null;
-		assertThatIllegalArgumentException().isThrownBy(() -> new JwtReactiveAuthenticationManager(this.jwtDecoder));
+		// @formatter:off
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new JwtReactiveAuthenticationManager(this.jwtDecoder));
+		// @formatter:on
 	}
 
 	@Test
@@ -93,9 +100,13 @@ public class JwtReactiveAuthenticationManagerTests {
 	public void authenticateWhenDecoderThrowsIncompatibleErrorMessageThenWrapsWithGenericOne() {
 		BearerTokenAuthenticationToken token = new BearerTokenAuthenticationToken("token-1");
 		given(this.jwtDecoder.decode(token.getToken())).willThrow(new BadJwtException("with \"invalid\" chars"));
+		// @formatter:off
 		assertThatExceptionOfType(OAuth2AuthenticationException.class)
 				.isThrownBy(() -> this.manager.authenticate(token).block())
-				.satisfies((ex) -> assertThat(ex).hasFieldOrPropertyWithValue("error.description", "Invalid token"));
+				.satisfies((ex) -> assertThat(ex)
+						.hasFieldOrPropertyWithValue("error.description", "Invalid token")
+				);
+		// @formatter:on
 	}
 
 	// gh-7785
@@ -103,16 +114,21 @@ public class JwtReactiveAuthenticationManagerTests {
 	public void authenticateWhenDecoderFailsGenericallyThenThrowsGenericException() {
 		BearerTokenAuthenticationToken token = new BearerTokenAuthenticationToken("token-1");
 		given(this.jwtDecoder.decode(token.getToken())).willThrow(new JwtException("no jwk set"));
+		// @formatter:off
 		assertThatExceptionOfType(AuthenticationException.class)
 				.isThrownBy(() -> this.manager.authenticate(token).block())
 				.isNotInstanceOf(OAuth2AuthenticationException.class);
+		// @formatter:on
 	}
 
 	@Test
 	public void authenticateWhenNotJwtExceptionThenPropagates() {
 		BearerTokenAuthenticationToken token = new BearerTokenAuthenticationToken("token-1");
 		given(this.jwtDecoder.decode(any())).willReturn(Mono.error(new RuntimeException("Oops")));
-		assertThatExceptionOfType(RuntimeException.class).isThrownBy(() -> this.manager.authenticate(token).block());
+		// @formatter:off
+		assertThatExceptionOfType(RuntimeException.class)
+				.isThrownBy(() -> this.manager.authenticate(token).block());
+		// @formatter:on
 	}
 
 	@Test
@@ -122,8 +138,11 @@ public class JwtReactiveAuthenticationManagerTests {
 		Authentication authentication = this.manager.authenticate(token).block();
 		assertThat(authentication).isNotNull();
 		assertThat(authentication.isAuthenticated()).isTrue();
-		assertThat(authentication.getAuthorities()).extracting(GrantedAuthority::getAuthority)
+		// @formatter:off
+		assertThat(authentication.getAuthorities())
+				.extracting(GrantedAuthority::getAuthority)
 				.containsOnly("SCOPE_message:read", "SCOPE_message:write");
+		// @formatter:on
 	}
 
 }
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenAuthenticationProviderTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenAuthenticationProviderTests.java
index 950dbd1579..9bf34998dd 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenAuthenticationProviderTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenAuthenticationProviderTests.java
@@ -58,7 +58,10 @@ public class OpaqueTokenAuthenticationProviderTests {
 		Authentication result = provider.authenticate(new BearerTokenAuthenticationToken("token"));
 		assertThat(result.getPrincipal()).isInstanceOf(OAuth2IntrospectionAuthenticatedPrincipal.class);
 		Map<String, Object> attributes = ((OAuth2AuthenticatedPrincipal) result.getPrincipal()).getAttributes();
-		assertThat(attributes).isNotNull().containsEntry(OAuth2IntrospectionClaimNames.ACTIVE, true)
+		// @formatter:off
+		assertThat(attributes)
+				.isNotNull()
+				.containsEntry(OAuth2IntrospectionClaimNames.ACTIVE, true)
 				.containsEntry(OAuth2IntrospectionClaimNames.AUDIENCE,
 						Arrays.asList("https://protected.example.net/resource"))
 				.containsEntry(OAuth2IntrospectionClaimNames.CLIENT_ID, "l238j323ds-23ij4")
@@ -69,8 +72,11 @@ public class OpaqueTokenAuthenticationProviderTests {
 				.containsEntry(OAuth2IntrospectionClaimNames.SUBJECT, "Z5O3upPC88QrAjx00dis")
 				.containsEntry(OAuth2IntrospectionClaimNames.USERNAME, "jdoe")
 				.containsEntry("extension_field", "twenty-seven");
-		assertThat(result.getAuthorities()).extracting("authority").containsExactly("SCOPE_read", "SCOPE_write",
+		assertThat(result.getAuthorities())
+				.extracting("authority")
+				.containsExactly("SCOPE_read", "SCOPE_write",
 				"SCOPE_dolphin");
+		// @formatter:on
 	}
 
 	@Test
@@ -83,7 +89,11 @@ public class OpaqueTokenAuthenticationProviderTests {
 		Authentication result = provider.authenticate(new BearerTokenAuthenticationToken("token"));
 		assertThat(result.getPrincipal()).isInstanceOf(OAuth2AuthenticatedPrincipal.class);
 		Map<String, Object> attributes = ((OAuth2AuthenticatedPrincipal) result.getPrincipal()).getAttributes();
-		assertThat(attributes).isNotNull().doesNotContainKey(OAuth2IntrospectionClaimNames.SCOPE);
+		// @formatter:off
+		assertThat(attributes)
+				.isNotNull()
+				.doesNotContainKey(OAuth2IntrospectionClaimNames.SCOPE);
+		// @formatter:on
 		assertThat(result.getAuthorities()).isEmpty();
 	}
 
@@ -98,7 +108,10 @@ public class OpaqueTokenAuthenticationProviderTests {
 
 	@Test
 	public void constructorWhenIntrospectionClientIsNullThenIllegalArgumentException() {
-		assertThatIllegalArgumentException().isThrownBy(() -> new OpaqueTokenAuthenticationProvider(null));
+		// @formatter:off
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new OpaqueTokenAuthenticationProvider(null));
+		// @formatter:on
 	}
 
 }
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenReactiveAuthenticationManagerTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenReactiveAuthenticationManagerTests.java
index b5417853ea..2dafb8f241 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenReactiveAuthenticationManagerTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenReactiveAuthenticationManagerTests.java
@@ -59,7 +59,10 @@ public class OpaqueTokenReactiveAuthenticationManagerTests {
 		Authentication result = provider.authenticate(new BearerTokenAuthenticationToken("token")).block();
 		assertThat(result.getPrincipal()).isInstanceOf(OAuth2IntrospectionAuthenticatedPrincipal.class);
 		Map<String, Object> attributes = ((OAuth2AuthenticatedPrincipal) result.getPrincipal()).getAttributes();
-		assertThat(attributes).isNotNull().containsEntry(OAuth2IntrospectionClaimNames.ACTIVE, true)
+		// @formatter:off
+		assertThat(attributes)
+				.isNotNull()
+				.containsEntry(OAuth2IntrospectionClaimNames.ACTIVE, true)
 				.containsEntry(OAuth2IntrospectionClaimNames.AUDIENCE,
 						Arrays.asList("https://protected.example.net/resource"))
 				.containsEntry(OAuth2IntrospectionClaimNames.CLIENT_ID, "l238j323ds-23ij4")
@@ -70,8 +73,11 @@ public class OpaqueTokenReactiveAuthenticationManagerTests {
 				.containsEntry(OAuth2IntrospectionClaimNames.SUBJECT, "Z5O3upPC88QrAjx00dis")
 				.containsEntry(OAuth2IntrospectionClaimNames.USERNAME, "jdoe")
 				.containsEntry("extension_field", "twenty-seven");
-		assertThat(result.getAuthorities()).extracting("authority").containsExactly("SCOPE_read", "SCOPE_write",
+		assertThat(result.getAuthorities())
+				.extracting("authority")
+				.containsExactly("SCOPE_read", "SCOPE_write",
 				"SCOPE_dolphin");
+		// @formatter:on
 	}
 
 	@Test
@@ -100,7 +106,10 @@ public class OpaqueTokenReactiveAuthenticationManagerTests {
 
 	@Test
 	public void constructorWhenIntrospectionClientIsNullThenIllegalArgumentException() {
-		assertThatIllegalArgumentException().isThrownBy(() -> new OpaqueTokenReactiveAuthenticationManager(null));
+		// @formatter:off
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new OpaqueTokenReactiveAuthenticationManager(null));
+		// @formatter:on
 	}
 
 }
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtAuthenticationConverterAdapterTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtAuthenticationConverterAdapterTests.java
index 5a33768ea7..292a49812f 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtAuthenticationConverterAdapterTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtAuthenticationConverterAdapterTests.java
@@ -47,8 +47,11 @@ public class ReactiveJwtAuthenticationConverterAdapterTests {
 		Jwt jwt = TestJwts.jwt().claim("scope", "message:read message:write").build();
 		AbstractAuthenticationToken authentication = this.jwtAuthenticationConverter.convert(jwt).block();
 		Collection<GrantedAuthority> authorities = authentication.getAuthorities();
-		assertThat(authorities).containsExactly(new SimpleGrantedAuthority("SCOPE_message:read"),
-				new SimpleGrantedAuthority("SCOPE_message:write"));
+		// @formatter:off
+		assertThat(authorities)
+				.containsExactly(new SimpleGrantedAuthority("SCOPE_message:read"),
+						new SimpleGrantedAuthority("SCOPE_message:write"));
+		// @formatter:on
 	}
 
 	@Test
@@ -64,8 +67,11 @@ public class ReactiveJwtAuthenticationConverterAdapterTests {
 		Jwt jwt = TestJwts.jwt().claim("scp", Arrays.asList("message:read", "message:write")).build();
 		AbstractAuthenticationToken authentication = this.jwtAuthenticationConverter.convert(jwt).block();
 		Collection<GrantedAuthority> authorities = authentication.getAuthorities();
-		assertThat(authorities).containsExactly(new SimpleGrantedAuthority("SCOPE_message:read"),
-				new SimpleGrantedAuthority("SCOPE_message:write"));
+		// @formatter:off
+		assertThat(authorities)
+				.containsExactly(new SimpleGrantedAuthority("SCOPE_message:read"),
+						new SimpleGrantedAuthority("SCOPE_message:write"));
+		// @formatter:on
 	}
 
 	@Test
@@ -82,14 +88,21 @@ public class ReactiveJwtAuthenticationConverterAdapterTests {
 				.claim("scope", "missive:read missive:write").build();
 		AbstractAuthenticationToken authentication = this.jwtAuthenticationConverter.convert(jwt).block();
 		Collection<GrantedAuthority> authorities = authentication.getAuthorities();
-		assertThat(authorities).containsExactly(new SimpleGrantedAuthority("SCOPE_missive:read"),
-				new SimpleGrantedAuthority("SCOPE_missive:write"));
+		// @formatter:off
+		assertThat(authorities)
+				.containsExactly(new SimpleGrantedAuthority("SCOPE_missive:read"),
+						new SimpleGrantedAuthority("SCOPE_missive:write"));
+		// @formatter:on
 	}
 
 	@Test
 	public void convertWhenTokenHasEmptyScopeAndNonEmptyScpThenScopeAttributeIsTranslatedToNoAuthorities() {
-		Jwt jwt = TestJwts.jwt().claim("scp", Arrays.asList("message:read", "message:write")).claim("scope", "")
+		// @formatter:off
+		Jwt jwt = TestJwts.jwt()
+				.claim("scp", Arrays.asList("message:read", "message:write"))
+				.claim("scope", "")
 				.build();
+		// @formatter:on
 		AbstractAuthenticationToken authentication = this.jwtAuthenticationConverter.convert(jwt).block();
 		Collection<GrantedAuthority> authorities = authentication.getAuthorities();
 		assertThat(authorities).containsExactly();
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtGrantedAuthoritiesConverterAdapterTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtGrantedAuthoritiesConverterAdapterTests.java
index dd151e6774..9c099c050b 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtGrantedAuthoritiesConverterAdapterTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtGrantedAuthoritiesConverterAdapterTests.java
@@ -51,8 +51,11 @@ public class ReactiveJwtGrantedAuthoritiesConverterAdapterTests {
 
 	@Test
 	public void whenConstructingWithInvalidConverter() {
-		assertThatIllegalArgumentException().isThrownBy(() -> new ReactiveJwtGrantedAuthoritiesConverterAdapter(null))
+		// @formatter:off
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new ReactiveJwtGrantedAuthoritiesConverterAdapter(null))
 				.withMessage("grantedAuthoritiesConverter cannot be null");
+		// @formatter:on
 	}
 
 }
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusOpaqueTokenIntrospectorTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusOpaqueTokenIntrospectorTests.java
index be83779eed..49ca325058 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusOpaqueTokenIntrospectorTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusOpaqueTokenIntrospectorTests.java
@@ -62,31 +62,62 @@ public class NimbusOpaqueTokenIntrospectorTests {
 
 	private static final String CLIENT_SECRET = "secret";
 
-	private static final String ACTIVE_RESPONSE = "{\n" + "      \"active\": true,\n"
-			+ "      \"client_id\": \"l238j323ds-23ij4\",\n" + "      \"username\": \"jdoe\",\n"
-			+ "      \"scope\": \"read write dolphin\",\n" + "      \"sub\": \"Z5O3upPC88QrAjx00dis\",\n"
-			+ "      \"aud\": \"https://protected.example.net/resource\",\n"
-			+ "      \"iss\": \"https://server.example.com/\",\n" + "      \"exp\": 1419356238,\n"
-			+ "      \"iat\": 1419350238,\n" + "      \"extension_field\": \"twenty-seven\"\n" + "     }";
-
-	private static final String INACTIVE_RESPONSE = "{\n" + "      \"active\": false\n" + "     }";
-
-	private static final String INVALID_RESPONSE = "{\n" + "      \"client_id\": \"l238j323ds-23ij4\",\n"
-			+ "      \"username\": \"jdoe\",\n" + "      \"scope\": \"read write dolphin\",\n"
+	// @formatter:off
+	private static final String ACTIVE_RESPONSE = "{\n"
+			+ "      \"active\": true,\n"
+			+ "      \"client_id\": \"l238j323ds-23ij4\",\n"
+			+ "      \"username\": \"jdoe\",\n"
+			+ "      \"scope\": \"read write dolphin\",\n"
 			+ "      \"sub\": \"Z5O3upPC88QrAjx00dis\",\n"
 			+ "      \"aud\": \"https://protected.example.net/resource\",\n"
-			+ "      \"iss\": \"https://server.example.com/\",\n" + "      \"exp\": 1419356238,\n"
-			+ "      \"iat\": 1419350238,\n" + "      \"extension_field\": \"twenty-seven\"\n" + "     }";
+			+ "      \"iss\": \"https://server.example.com/\",\n"
+			+ "      \"exp\": 1419356238,\n"
+			+ "      \"iat\": 1419350238,\n"
+			+ "      \"extension_field\": \"twenty-seven\"\n"
+			+ "     }";
+	// @formatter:on
 
-	private static final String MALFORMED_ISSUER_RESPONSE = "{\n" + "     \"active\" : \"true\",\n"
-			+ "     \"iss\" : \"badissuer\"\n" + "    }";
+	// @formatter:off
+	private static final String INACTIVE_RESPONSE = "{\n"
+			+ "      \"active\": false\n"
+			+ "     }";
+	// @formatter:on
 
-	private static final String MALFORMED_SCOPE_RESPONSE = "{\n" + "      \"active\": true,\n"
-			+ "      \"client_id\": \"l238j323ds-23ij4\",\n" + "      \"username\": \"jdoe\",\n"
-			+ "      \"scope\": [ \"read\", \"write\", \"dolphin\" ],\n" + "      \"sub\": \"Z5O3upPC88QrAjx00dis\",\n"
+	// @formatter:off
+	private static final String INVALID_RESPONSE = "{\n"
+			+ "      \"client_id\": \"l238j323ds-23ij4\",\n"
+			+ "      \"username\": \"jdoe\",\n"
+			+ "      \"scope\": \"read write dolphin\",\n"
+			+ "      \"sub\": \"Z5O3upPC88QrAjx00dis\",\n"
 			+ "      \"aud\": \"https://protected.example.net/resource\",\n"
-			+ "      \"iss\": \"https://server.example.com/\",\n" + "      \"exp\": 1419356238,\n"
-			+ "      \"iat\": 1419350238,\n" + "      \"extension_field\": \"twenty-seven\"\n" + "     }";
+			+ "      \"iss\": \"https://server.example.com/\",\n"
+			+ "      \"exp\": 1419356238,\n"
+			+ "      \"iat\": 1419350238,\n"
+			+ "      \"extension_field\": \"twenty-seven\"\n"
+			+ "     }";
+	// @formatter:on
+
+	// @formatter:off
+	private static final String MALFORMED_ISSUER_RESPONSE = "{\n"
+			+ "     \"active\" : \"true\",\n"
+			+ "     \"iss\" : \"badissuer\"\n"
+			+ "    }";
+	// @formatter:on
+
+	// @formatter:off
+	private static final String MALFORMED_SCOPE_RESPONSE = "{\n"
+			+ "      \"active\": true,\n"
+			+ "      \"client_id\": \"l238j323ds-23ij4\",\n"
+			+ "      \"username\": \"jdoe\",\n"
+			+ "      \"scope\": [ \"read\", \"write\", \"dolphin\" ],\n"
+			+ "      \"sub\": \"Z5O3upPC88QrAjx00dis\",\n"
+			+ "      \"aud\": \"https://protected.example.net/resource\",\n"
+			+ "      \"iss\": \"https://server.example.com/\",\n"
+			+ "      \"exp\": 1419356238,\n"
+			+ "      \"iat\": 1419350238,\n"
+			+ "      \"extension_field\": \"twenty-seven\"\n"
+			+ "     }";
+	// @formatter:on
 
 	private static final ResponseEntity<String> ACTIVE = response(ACTIVE_RESPONSE);
 
@@ -106,7 +137,10 @@ public class NimbusOpaqueTokenIntrospectorTests {
 			OpaqueTokenIntrospector introspectionClient = new NimbusOpaqueTokenIntrospector(introspectUri, CLIENT_ID,
 					CLIENT_SECRET);
 			OAuth2AuthenticatedPrincipal authority = introspectionClient.introspect("token");
-			assertThat(authority.getAttributes()).isNotNull().containsEntry(OAuth2IntrospectionClaimNames.ACTIVE, true)
+			// @formatter:off
+			assertThat(authority.getAttributes())
+					.isNotNull()
+					.containsEntry(OAuth2IntrospectionClaimNames.ACTIVE, true)
 					.containsEntry(OAuth2IntrospectionClaimNames.AUDIENCE,
 							Arrays.asList("https://protected.example.net/resource"))
 					.containsEntry(OAuth2IntrospectionClaimNames.CLIENT_ID, "l238j323ds-23ij4")
@@ -116,6 +150,7 @@ public class NimbusOpaqueTokenIntrospectorTests {
 					.containsEntry(OAuth2IntrospectionClaimNames.SUBJECT, "Z5O3upPC88QrAjx00dis")
 					.containsEntry(OAuth2IntrospectionClaimNames.USERNAME, "jdoe")
 					.containsEntry("extension_field", "twenty-seven");
+			// @formatter:on
 		}
 	}
 
@@ -137,8 +172,11 @@ public class NimbusOpaqueTokenIntrospectorTests {
 		OpaqueTokenIntrospector introspectionClient = new NimbusOpaqueTokenIntrospector(INTROSPECTION_URL,
 				restOperations);
 		given(restOperations.exchange(any(RequestEntity.class), eq(String.class))).willReturn(INACTIVE);
+		// @formatter:off
 		assertThatExceptionOfType(OAuth2IntrospectionException.class)
-				.isThrownBy(() -> introspectionClient.introspect("token")).withMessage("Provided token isn't active");
+				.isThrownBy(() -> introspectionClient.introspect("token"))
+				.withMessage("Provided token isn't active");
+		// @formatter:on
 	}
 
 	@Test
@@ -153,11 +191,15 @@ public class NimbusOpaqueTokenIntrospectorTests {
 		given(restOperations.exchange(any(RequestEntity.class), eq(String.class)))
 				.willReturn(response(new JSONObject(introspectedValues).toJSONString()));
 		OAuth2AuthenticatedPrincipal authority = introspectionClient.introspect("token");
-		assertThat(authority.getAttributes()).isNotNull().containsEntry(OAuth2IntrospectionClaimNames.ACTIVE, true)
+		// @formatter:off
+		assertThat(authority.getAttributes())
+				.isNotNull()
+				.containsEntry(OAuth2IntrospectionClaimNames.ACTIVE, true)
 				.containsEntry(OAuth2IntrospectionClaimNames.AUDIENCE, Arrays.asList("aud"))
 				.containsEntry(OAuth2IntrospectionClaimNames.NOT_BEFORE, Instant.ofEpochSecond(29348723984L))
 				.doesNotContainKey(OAuth2IntrospectionClaimNames.CLIENT_ID)
 				.doesNotContainKey(OAuth2IntrospectionClaimNames.SCOPE);
+		// @formatter:on
 	}
 
 	@Test
@@ -167,8 +209,11 @@ public class NimbusOpaqueTokenIntrospectorTests {
 				restOperations);
 		given(restOperations.exchange(any(RequestEntity.class), eq(String.class)))
 				.willThrow(new IllegalStateException("server was unresponsive"));
+		// @formatter:off
 		assertThatExceptionOfType(OAuth2IntrospectionException.class)
-				.isThrownBy(() -> introspectionClient.introspect("token")).withMessage("server was unresponsive");
+				.isThrownBy(() -> introspectionClient.introspect("token"))
+				.withMessage("server was unresponsive");
+		// @formatter:on
 	}
 
 	@Test
@@ -274,8 +319,12 @@ public class NimbusOpaqueTokenIntrospectorTests {
 			@Override
 			public MockResponse dispatch(RecordedRequest request) {
 				String authorization = request.getHeader(HttpHeaders.AUTHORIZATION);
-				return Optional.ofNullable(authorization).filter((a) -> isAuthorized(authorization, username, password))
-						.map((a) -> ok(response)).orElse(unauthorized());
+				// @formatter:off
+				return Optional.ofNullable(authorization)
+						.filter((a) -> isAuthorized(authorization, username, password))
+						.map((a) -> ok(response))
+						.orElse(unauthorized());
+				// @formatter:on
 			}
 		};
 	}
@@ -286,8 +335,10 @@ public class NimbusOpaqueTokenIntrospectorTests {
 	}
 
 	private static MockResponse ok(String response) {
-		return new MockResponse().setBody(response).setHeader(HttpHeaders.CONTENT_TYPE,
-				MediaType.APPLICATION_JSON_VALUE);
+		// @formatter:off
+		return new MockResponse().setBody(response)
+				.setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE);
+		// @formatter:on
 	}
 
 	private static MockResponse unauthorized() {
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusReactiveOpaqueTokenIntrospectorTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusReactiveOpaqueTokenIntrospectorTests.java
index 9e9036a964..666bf301ac 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusReactiveOpaqueTokenIntrospectorTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusReactiveOpaqueTokenIntrospectorTests.java
@@ -58,24 +58,47 @@ public class NimbusReactiveOpaqueTokenIntrospectorTests {
 
 	private static final String CLIENT_SECRET = "secret";
 
-	private static final String ACTIVE_RESPONSE = "{\n" + "      \"active\": true,\n"
-			+ "      \"client_id\": \"l238j323ds-23ij4\",\n" + "      \"username\": \"jdoe\",\n"
-			+ "      \"scope\": \"read write dolphin\",\n" + "      \"sub\": \"Z5O3upPC88QrAjx00dis\",\n"
-			+ "      \"aud\": \"https://protected.example.net/resource\",\n"
-			+ "      \"iss\": \"https://server.example.com/\",\n" + "      \"exp\": 1419356238,\n"
-			+ "      \"iat\": 1419350238,\n" + "      \"extension_field\": \"twenty-seven\"\n" + "     }";
-
-	private static final String INACTIVE_RESPONSE = "{\n" + "      \"active\": false\n" + "     }";
-
-	private static final String INVALID_RESPONSE = "{\n" + "      \"client_id\": \"l238j323ds-23ij4\",\n"
-			+ "      \"username\": \"jdoe\",\n" + "      \"scope\": \"read write dolphin\",\n"
+	// @formatter:off
+	private static final String ACTIVE_RESPONSE = "{\n"
+			+ "      \"active\": true,\n"
+			+ "      \"client_id\": \"l238j323ds-23ij4\",\n"
+			+ "      \"username\": \"jdoe\",\n"
+			+ "      \"scope\": \"read write dolphin\",\n"
 			+ "      \"sub\": \"Z5O3upPC88QrAjx00dis\",\n"
 			+ "      \"aud\": \"https://protected.example.net/resource\",\n"
-			+ "      \"iss\": \"https://server.example.com/\",\n" + "      \"exp\": 1419356238,\n"
-			+ "      \"iat\": 1419350238,\n" + "      \"extension_field\": \"twenty-seven\"\n" + "     }";
+			+ "      \"iss\": \"https://server.example.com/\",\n"
+			+ "      \"exp\": 1419356238,\n"
+			+ "      \"iat\": 1419350238,\n"
+			+ "      \"extension_field\": \"twenty-seven\"\n"
+			+ "     }";
+	// @formatter:on
 
-	private static final String MALFORMED_ISSUER_RESPONSE = "{\n" + "     \"active\" : \"true\",\n"
-			+ "     \"iss\" : \"badissuer\"\n" + "    }";
+	// @formatter:off
+	private static final String INACTIVE_RESPONSE = "{\n"
+			+ "      \"active\": false\n"
+			+ "     }";
+	// @formatter:on
+
+	// @formatter:off
+	private static final String INVALID_RESPONSE = "{\n"
+			+ "      \"client_id\": \"l238j323ds-23ij4\",\n"
+			+ "      \"username\": \"jdoe\",\n"
+			+ "      \"scope\": \"read write dolphin\",\n"
+			+ "      \"sub\": \"Z5O3upPC88QrAjx00dis\",\n"
+			+ "      \"aud\": \"https://protected.example.net/resource\",\n"
+			+ "      \"iss\": \"https://server.example.com/\",\n"
+			+ "      \"exp\": 1419356238,\n"
+			+ "      \"iat\": 1419350238,\n"
+			+ "      \"extension_field\": \"twenty-seven\"\n"
+			+ "     }";
+	// @formatter:on
+
+	// @formatter:off
+	private static final String MALFORMED_ISSUER_RESPONSE = "{\n"
+			+ "     \"active\" : \"true\",\n"
+			+ "     \"iss\" : \"badissuer\"\n"
+			+ "    }";
+	// @formatter:on
 
 	@Test
 	public void authenticateWhenActiveTokenThenOk() throws Exception {
@@ -85,7 +108,10 @@ public class NimbusReactiveOpaqueTokenIntrospectorTests {
 			NimbusReactiveOpaqueTokenIntrospector introspectionClient = new NimbusReactiveOpaqueTokenIntrospector(
 					introspectUri, CLIENT_ID, CLIENT_SECRET);
 			OAuth2AuthenticatedPrincipal authority = introspectionClient.introspect("token").block();
-			assertThat(authority.getAttributes()).isNotNull().containsEntry(OAuth2IntrospectionClaimNames.ACTIVE, true)
+			// @formatter:off
+			assertThat(authority.getAttributes())
+					.isNotNull()
+					.containsEntry(OAuth2IntrospectionClaimNames.ACTIVE, true)
 					.containsEntry(OAuth2IntrospectionClaimNames.AUDIENCE,
 							Arrays.asList("https://protected.example.net/resource"))
 					.containsEntry(OAuth2IntrospectionClaimNames.CLIENT_ID, "l238j323ds-23ij4")
@@ -95,6 +121,7 @@ public class NimbusReactiveOpaqueTokenIntrospectorTests {
 					.containsEntry(OAuth2IntrospectionClaimNames.SUBJECT, "Z5O3upPC88QrAjx00dis")
 					.containsEntry(OAuth2IntrospectionClaimNames.USERNAME, "jdoe")
 					.containsEntry("extension_field", "twenty-seven");
+			// @formatter:on
 		}
 	}
 
@@ -131,11 +158,15 @@ public class NimbusReactiveOpaqueTokenIntrospectorTests {
 		NimbusReactiveOpaqueTokenIntrospector introspectionClient = new NimbusReactiveOpaqueTokenIntrospector(
 				INTROSPECTION_URL, webClient);
 		OAuth2AuthenticatedPrincipal authority = introspectionClient.introspect("token").block();
-		assertThat(authority.getAttributes()).isNotNull().containsEntry(OAuth2IntrospectionClaimNames.ACTIVE, true)
+		// @formatter:off
+		assertThat(authority.getAttributes())
+				.isNotNull()
+				.containsEntry(OAuth2IntrospectionClaimNames.ACTIVE, true)
 				.containsEntry(OAuth2IntrospectionClaimNames.AUDIENCE, Arrays.asList("aud"))
 				.containsEntry(OAuth2IntrospectionClaimNames.NOT_BEFORE, Instant.ofEpochSecond(29348723984L))
 				.doesNotContainKey(OAuth2IntrospectionClaimNames.CLIENT_ID)
 				.doesNotContainKey(OAuth2IntrospectionClaimNames.SCOPE);
+		// @formatter:on
 	}
 
 	@Test
@@ -143,9 +174,11 @@ public class NimbusReactiveOpaqueTokenIntrospectorTests {
 		WebClient webClient = mockResponse(new IllegalStateException("server was unresponsive"));
 		NimbusReactiveOpaqueTokenIntrospector introspectionClient = new NimbusReactiveOpaqueTokenIntrospector(
 				INTROSPECTION_URL, webClient);
+		// @formatter:off
 		assertThatExceptionOfType(OAuth2IntrospectionException.class)
 				.isThrownBy(() -> introspectionClient.introspect("token").block())
 				.withMessage("server was unresponsive");
+		// @formatter:on
 	}
 
 	@Test
@@ -162,8 +195,10 @@ public class NimbusReactiveOpaqueTokenIntrospectorTests {
 		WebClient webClient = mockResponse(INVALID_RESPONSE);
 		NimbusReactiveOpaqueTokenIntrospector introspectionClient = new NimbusReactiveOpaqueTokenIntrospector(
 				INTROSPECTION_URL, webClient);
+		// @formatter:off
 		assertThatExceptionOfType(OAuth2IntrospectionException.class)
 				.isThrownBy(() -> introspectionClient.introspect("token").block());
+		// @formatter:on
 	}
 
 	@Test
@@ -229,8 +264,12 @@ public class NimbusReactiveOpaqueTokenIntrospectorTests {
 			@Override
 			public MockResponse dispatch(RecordedRequest request) {
 				String authorization = request.getHeader(HttpHeaders.AUTHORIZATION);
-				return Optional.ofNullable(authorization).filter((a) -> isAuthorized(authorization, username, password))
-						.map((a) -> ok(response)).orElse(unauthorized());
+				// @formatter:off
+				return Optional.ofNullable(authorization)
+						.filter((a) -> isAuthorized(authorization, username, password))
+						.map((a) -> ok(response))
+						.orElse(unauthorized());
+				// @formatter:on
 			}
 		};
 	}
@@ -241,8 +280,10 @@ public class NimbusReactiveOpaqueTokenIntrospectorTests {
 	}
 
 	private static MockResponse ok(String response) {
-		return new MockResponse().setBody(response).setHeader(HttpHeaders.CONTENT_TYPE,
-				MediaType.APPLICATION_JSON_VALUE);
+		// @formatter:off
+		return new MockResponse().setBody(response)
+				.setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE);
+		// @formatter:on
 	}
 
 	private static MockResponse unauthorized() {
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationFilterTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationFilterTests.java
index d7fd4a091c..90a04ac322 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationFilterTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationFilterTests.java
@@ -157,29 +157,39 @@ public class BearerTokenAuthenticationFilterTests {
 	@Test
 	public void setAuthenticationEntryPointWhenNullThenThrowsException() {
 		BearerTokenAuthenticationFilter filter = new BearerTokenAuthenticationFilter(this.authenticationManager);
-		assertThatIllegalArgumentException().isThrownBy(() -> filter.setAuthenticationEntryPoint(null))
+		// @formatter:off
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> filter.setAuthenticationEntryPoint(null))
 				.withMessageContaining("authenticationEntryPoint cannot be null");
+		// @formatter:on
 	}
 
 	@Test
 	public void setBearerTokenResolverWhenNullThenThrowsException() {
 		BearerTokenAuthenticationFilter filter = new BearerTokenAuthenticationFilter(this.authenticationManager);
-		assertThatIllegalArgumentException().isThrownBy(() -> filter.setBearerTokenResolver(null))
+		// @formatter:off
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> filter.setBearerTokenResolver(null))
 				.withMessageContaining("bearerTokenResolver cannot be null");
+		// @formatter:on
 	}
 
 	@Test
 	public void constructorWhenNullAuthenticationManagerThenThrowsException() {
+		// @formatter:off
 		assertThatIllegalArgumentException()
 				.isThrownBy(() -> new BearerTokenAuthenticationFilter((AuthenticationManager) null))
 				.withMessageContaining("authenticationManager cannot be null");
+		// @formatter:on
 	}
 
 	@Test
 	public void constructorWhenNullAuthenticationManagerResolverThenThrowsException() {
-		assertThatIllegalArgumentException().isThrownBy(
-				() -> new BearerTokenAuthenticationFilter((AuthenticationManagerResolver<HttpServletRequest>) null))
+		// @formatter:off
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new BearerTokenAuthenticationFilter((AuthenticationManagerResolver<HttpServletRequest>) null))
 				.withMessageContaining("authenticationManagerResolver cannot be null");
+		// @formatter:on
 	}
 
 	private BearerTokenAuthenticationFilter addMocks(BearerTokenAuthenticationFilter filter) {
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/HeaderBearerTokenResolverTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/HeaderBearerTokenResolverTests.java
index 3db97ecd6d..075af21b7b 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/HeaderBearerTokenResolverTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/HeaderBearerTokenResolverTests.java
@@ -38,14 +38,20 @@ public class HeaderBearerTokenResolverTests {
 
 	@Test
 	public void constructorWhenHeaderNullThenThrowIllegalArgumentException() {
-		assertThatIllegalArgumentException().isThrownBy(() -> new HeaderBearerTokenResolver(null))
+		// @formatter:off
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new HeaderBearerTokenResolver(null))
 				.withMessage("header cannot be empty");
+		// @formatter:on
 	}
 
 	@Test
 	public void constructorWhenHeaderEmptyThenThrowIllegalArgumentException() {
-		assertThatIllegalArgumentException().isThrownBy(() -> new HeaderBearerTokenResolver(""))
+		// @formatter:off
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new HeaderBearerTokenResolver(""))
 				.withMessage("header cannot be empty");
+		// @formatter:on
 	}
 
 	@Test
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/access/BearerTokenAccessDeniedHandlerTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/access/BearerTokenAccessDeniedHandlerTests.java
index 04686c3409..fd481e8f96 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/access/BearerTokenAccessDeniedHandlerTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/access/BearerTokenAccessDeniedHandlerTests.java
@@ -77,9 +77,12 @@ public class BearerTokenAccessDeniedHandlerTests {
 		request.setUserPrincipal(token);
 		this.accessDeniedHandler.handle(request, response, null);
 		assertThat(response.getStatus()).isEqualTo(403);
-		assertThat(response.getHeader("WWW-Authenticate")).isEqualTo("Bearer error=\"insufficient_scope\", "
-				+ "error_description=\"The request requires higher privileges than provided by the access token.\", "
-				+ "error_uri=\"https://tools.ietf.org/html/rfc6750#section-3.1\"");
+		// @formatter:off
+		assertThat(response.getHeader("WWW-Authenticate"))
+				.isEqualTo("Bearer error=\"insufficient_scope\", "
+						+ "error_description=\"The request requires higher privileges than provided by the access token.\", "
+						+ "error_uri=\"https://tools.ietf.org/html/rfc6750#section-3.1\"");
+		// @formatter:on
 	}
 
 	@Test
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/access/server/BearerTokenServerAccessDeniedHandlerTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/access/server/BearerTokenServerAccessDeniedHandlerTests.java
index 1b6ce1662c..20f9a47d5f 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/access/server/BearerTokenServerAccessDeniedHandlerTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/access/server/BearerTokenServerAccessDeniedHandlerTests.java
@@ -77,10 +77,12 @@ public class BearerTokenServerAccessDeniedHandlerTests {
 		given(exchange.getResponse()).willReturn(new MockServerHttpResponse());
 		this.accessDeniedHandler.handle(exchange, null).block();
 		assertThat(exchange.getResponse().getStatusCode()).isEqualTo(HttpStatus.FORBIDDEN);
+		// @formatter:off
 		assertThat(exchange.getResponse().getHeaders().get("WWW-Authenticate"))
 				.isEqualTo(Arrays.asList("Bearer error=\"insufficient_scope\", "
 						+ "error_description=\"The request requires higher privileges than provided by the access token.\", "
 						+ "error_uri=\"https://tools.ietf.org/html/rfc6750#section-3.1\""));
+		// @formatter:on
 	}
 
 	@Test
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/server/ServerBearerTokenAuthenticationConverterTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/server/ServerBearerTokenAuthenticationConverterTests.java
index c050bf5772..9a8cf9c1b3 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/server/ServerBearerTokenAuthenticationConverterTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/server/ServerBearerTokenAuthenticationConverterTests.java
@@ -52,8 +52,10 @@ public class ServerBearerTokenAuthenticationConverterTests {
 
 	@Test
 	public void resolveWhenValidHeaderIsPresentThenTokenIsResolved() {
-		MockServerHttpRequest.BaseBuilder<?> request = MockServerHttpRequest.get("/").header(HttpHeaders.AUTHORIZATION,
-				"Bearer " + TEST_TOKEN);
+		// @formatter:off
+		MockServerHttpRequest.BaseBuilder<?> request = MockServerHttpRequest.get("/")
+				.header(HttpHeaders.AUTHORIZATION, "Bearer " + TEST_TOKEN);
+		// @formatter:on
 		assertThat(convertToToken(request).getToken()).isEqualTo(TEST_TOKEN);
 	}
 
@@ -61,16 +63,20 @@ public class ServerBearerTokenAuthenticationConverterTests {
 	@Test
 	public void resolveWhenHeaderEndsWithPaddingIndicatorThenTokenIsResolved() {
 		String token = TEST_TOKEN + "==";
-		MockServerHttpRequest.BaseBuilder<?> request = MockServerHttpRequest.get("/").header(HttpHeaders.AUTHORIZATION,
-				"Bearer " + token);
+		// @formatter:off
+		MockServerHttpRequest.BaseBuilder<?> request = MockServerHttpRequest.get("/")
+				.header(HttpHeaders.AUTHORIZATION, "Bearer " + token);
+		// @formatter:on
 		assertThat(convertToToken(request).getToken()).isEqualTo(token);
 	}
 
 	@Test
 	public void resolveWhenCustomDefinedHeaderIsValidAndPresentThenTokenIsResolved() {
 		this.converter.setBearerTokenHeaderName(CUSTOM_HEADER);
-		MockServerHttpRequest.BaseBuilder<?> request = MockServerHttpRequest.get("/").header(CUSTOM_HEADER,
-				"Bearer " + TEST_TOKEN);
+		// @formatter:off
+		MockServerHttpRequest.BaseBuilder<?> request = MockServerHttpRequest.get("/")
+				.header(CUSTOM_HEADER, "Bearer " + TEST_TOKEN);
+		// @formatter:on
 		assertThat(convertToToken(request).getToken()).isEqualTo(TEST_TOKEN);
 	}
 
@@ -79,19 +85,24 @@ public class ServerBearerTokenAuthenticationConverterTests {
 	public void resolveWhenValidHeaderIsEmptyStringThenTokenIsResolved() {
 		MockServerHttpRequest.BaseBuilder<?> request = MockServerHttpRequest.get("/").header(HttpHeaders.AUTHORIZATION,
 				"Bearer ");
-		assertThatExceptionOfType(OAuth2AuthenticationException.class).isThrownBy(() -> convertToToken(request))
+		// @formatter:off
+		assertThatExceptionOfType(OAuth2AuthenticationException.class)
+				.isThrownBy(() -> convertToToken(request))
 				.satisfies((ex) -> {
 					BearerTokenError error = (BearerTokenError) ex.getError();
 					assertThat(error.getErrorCode()).isEqualTo(BearerTokenErrorCodes.INVALID_TOKEN);
 					assertThat(error.getUri()).isEqualTo("https://tools.ietf.org/html/rfc6750#section-3.1");
 					assertThat(error.getHttpStatus()).isEqualTo(HttpStatus.UNAUTHORIZED);
 				});
+		// @formatter:on
 	}
 
 	@Test
 	public void resolveWhenLowercaseHeaderIsPresentThenTokenIsResolved() {
-		MockServerHttpRequest.BaseBuilder<?> request = MockServerHttpRequest.get("/").header(HttpHeaders.AUTHORIZATION,
-				"bearer " + TEST_TOKEN);
+		// @formatter:off
+		MockServerHttpRequest.BaseBuilder<?> request = MockServerHttpRequest.get("/")
+				.header(HttpHeaders.AUTHORIZATION, "bearer " + TEST_TOKEN);
+		// @formatter:on
 		assertThat(convertToToken(request).getToken()).isEqualTo(TEST_TOKEN);
 	}
 
@@ -103,48 +114,65 @@ public class ServerBearerTokenAuthenticationConverterTests {
 
 	@Test
 	public void resolveWhenHeaderWithWrongSchemeIsPresentThenTokenIsNotResolved() {
-		MockServerHttpRequest.BaseBuilder<?> request = MockServerHttpRequest.get("/").header(HttpHeaders.AUTHORIZATION,
-				"Basic " + Base64.getEncoder().encodeToString("test:test".getBytes()));
+		// @formatter:off
+		MockServerHttpRequest.BaseBuilder<?> request = MockServerHttpRequest.get("/")
+				.header(HttpHeaders.AUTHORIZATION,
+						"Basic " + Base64.getEncoder().encodeToString("test:test".getBytes()));
+		// @formatter:on
 		assertThat(convertToToken(request)).isNull();
 	}
 
 	@Test
 	public void resolveWhenHeaderWithMissingTokenIsPresentThenAuthenticationExceptionIsThrown() {
-		MockServerHttpRequest.BaseBuilder<?> request = MockServerHttpRequest.get("/").header(HttpHeaders.AUTHORIZATION,
-				"Bearer ");
-		assertThatExceptionOfType(OAuth2AuthenticationException.class).isThrownBy(() -> convertToToken(request))
+		// @formatter:off
+		MockServerHttpRequest.BaseBuilder<?> request = MockServerHttpRequest.get("/")
+				.header(HttpHeaders.AUTHORIZATION, "Bearer ");
+		assertThatExceptionOfType(OAuth2AuthenticationException.class)
+				.isThrownBy(() -> convertToToken(request))
 				.withMessageContaining(("Bearer token is malformed"));
+		// @formatter:on
 	}
 
 	@Test
 	public void resolveWhenHeaderWithInvalidCharactersIsPresentThenAuthenticationExceptionIsThrown() {
-		MockServerHttpRequest.BaseBuilder<?> request = MockServerHttpRequest.get("/").header(HttpHeaders.AUTHORIZATION,
-				"Bearer an\"invalid\"token");
-		assertThatExceptionOfType(OAuth2AuthenticationException.class).isThrownBy(() -> convertToToken(request))
+		// @formatter:off
+		MockServerHttpRequest.BaseBuilder<?> request = MockServerHttpRequest.get("/")
+				.header(HttpHeaders.AUTHORIZATION, "Bearer an\"invalid\"token");
+		assertThatExceptionOfType(OAuth2AuthenticationException.class)
+				.isThrownBy(() -> convertToToken(request))
 				.withMessageContaining(("Bearer token is malformed"));
+		// @formatter:on
 	}
 
 	// gh-8865
 	@Test
 	public void resolveWhenHeaderWithInvalidCharactersIsPresentAndNotSubscribedThenNoneExceptionIsThrown() {
-		MockServerHttpRequest.BaseBuilder<?> request = MockServerHttpRequest.get("/").header(HttpHeaders.AUTHORIZATION,
-				"Bearer an\"invalid\"token");
+		// @formatter:off
+		MockServerHttpRequest.BaseBuilder<?> request = MockServerHttpRequest.get("/")
+				.header(HttpHeaders.AUTHORIZATION, "Bearer an\"invalid\"token");
+		// @formatter:on
 		this.converter.convert(MockServerWebExchange.from(request));
 	}
 
 	@Test
 	public void resolveWhenValidHeaderIsPresentTogetherWithQueryParameterThenAuthenticationExceptionIsThrown() {
+		// @formatter:off
 		MockServerHttpRequest.BaseBuilder<?> request = MockServerHttpRequest.get("/")
-				.queryParam("access_token", TEST_TOKEN).header(HttpHeaders.AUTHORIZATION, "Bearer " + TEST_TOKEN);
-		assertThatExceptionOfType(OAuth2AuthenticationException.class).isThrownBy(() -> convertToToken(request))
+				.queryParam("access_token", TEST_TOKEN)
+				.header(HttpHeaders.AUTHORIZATION, "Bearer " + TEST_TOKEN);
+		assertThatExceptionOfType(OAuth2AuthenticationException.class)
+				.isThrownBy(() -> convertToToken(request))
 				.withMessageContaining("Found multiple bearer tokens in the request");
+		// @formatter:on
 	}
 
 	@Test
 	public void resolveWhenQueryParameterIsPresentAndSupportedThenTokenIsResolved() {
 		this.converter.setAllowUriQueryParameter(true);
-		MockServerHttpRequest.BaseBuilder<?> request = MockServerHttpRequest.get("/").queryParam("access_token",
-				TEST_TOKEN);
+		// @formatter:off
+		MockServerHttpRequest.BaseBuilder<?> request = MockServerHttpRequest.get("/")
+				.queryParam("access_token", TEST_TOKEN);
+		// @formatter:on
 		assertThat(convertToToken(request).getToken()).isEqualTo(TEST_TOKEN);
 	}
 
@@ -152,20 +180,26 @@ public class ServerBearerTokenAuthenticationConverterTests {
 	@Test
 	public void resolveWhenQueryParameterIsEmptyAndSupportedThenOAuth2AuthenticationException() {
 		this.converter.setAllowUriQueryParameter(true);
-		MockServerHttpRequest.BaseBuilder<?> request = MockServerHttpRequest.get("/").queryParam("access_token", "");
-		assertThatExceptionOfType(OAuth2AuthenticationException.class).isThrownBy(() -> convertToToken(request))
+		// @formatter:off
+		MockServerHttpRequest.BaseBuilder<?> request = MockServerHttpRequest.get("/")
+				.queryParam("access_token", "");
+		assertThatExceptionOfType(OAuth2AuthenticationException.class)
+				.isThrownBy(() -> convertToToken(request))
 				.satisfies((ex) -> {
 					BearerTokenError error = (BearerTokenError) ex.getError();
 					assertThat(error.getErrorCode()).isEqualTo(BearerTokenErrorCodes.INVALID_TOKEN);
 					assertThat(error.getUri()).isEqualTo("https://tools.ietf.org/html/rfc6750#section-3.1");
 					assertThat(error.getHttpStatus()).isEqualTo(HttpStatus.UNAUTHORIZED);
 				});
+		// @formatter:on
 	}
 
 	@Test
 	public void resolveWhenQueryParameterIsPresentAndNotSupportedThenTokenIsNotResolved() {
-		MockServerHttpRequest.BaseBuilder<?> request = MockServerHttpRequest.get("/").queryParam("access_token",
-				TEST_TOKEN);
+		// @formatter:off
+		MockServerHttpRequest.BaseBuilder<?> request = MockServerHttpRequest.get("/")
+				.queryParam("access_token", TEST_TOKEN);
+		// @formatter:on
 		assertThat(convertToToken(request)).isNull();
 	}
 
@@ -175,7 +209,11 @@ public class ServerBearerTokenAuthenticationConverterTests {
 
 	private BearerTokenAuthenticationToken convertToToken(MockServerHttpRequest request) {
 		MockServerWebExchange exchange = MockServerWebExchange.from(request);
-		return this.converter.convert(exchange).cast(BearerTokenAuthenticationToken.class).block();
+		// @formatter:off
+		return this.converter.convert(exchange)
+				.cast(BearerTokenAuthenticationToken.class)
+				.block();
+		// @formatter:on
 	}
 
 }